From 2d396fe058897294f3bc309eb333c07c6b13bf18 Mon Sep 17 00:00:00 2001 From: Sam Roberts Date: Tue, 11 Dec 2018 12:57:05 -0800 Subject: [PATCH] deps: upgrade openssl sources to 1.1.1a This updates all sources in deps/openssl/openssl with openssl-1.1.1a. Backport-PR-URL: /~https://github.com/nodejs/node/pull/26270 PR-URL: /~https://github.com/nodejs/node/pull/25381 Reviewed-By: Daniel Bevenius Reviewed-By: Shigeki Ohtsu --- .../openssl/.github/PULL_REQUEST_TEMPLATE.md | 14 + deps/openssl/openssl/.gitignore | 185 + deps/openssl/openssl/.gitmodules | 11 + .../openssl/openssl/.travis-create-release.sh | 2 +- deps/openssl/openssl/.travis.yml | 188 +- deps/openssl/openssl/AUTHORS | 56 +- deps/openssl/openssl/CHANGES | 1011 +- deps/openssl/openssl/CONTRIBUTING | 5 +- .../Configurations/00-base-templates.conf | 121 +- .../openssl/Configurations/10-main.conf | 1392 +- .../openssl/Configurations/15-android.conf | 255 + .../openssl/Configurations/15-ios.conf | 62 + .../openssl/Configurations/50-djgpp.conf | 10 +- .../openssl/Configurations/50-haiku.conf | 13 +- .../openssl/Configurations/50-masm.conf | 14 +- .../Configurations/50-win-onecore.conf | 64 + deps/openssl/openssl/Configurations/README | 128 +- .../openssl/Configurations/README.design | 80 +- .../openssl/Configurations/common.tmpl | 134 +- .../openssl/Configurations/common0.tmpl | 31 + .../openssl/Configurations/descrip.mms.tmpl | 630 +- deps/openssl/openssl/Configurations/dist.conf | 6 +- .../openssl/Configurations/shared-info.pl | 82 + .../openssl/Configurations/unix-Makefile.tmpl | 826 +- .../Configurations/windows-makefile.tmpl | 458 +- deps/openssl/openssl/Configure | 1494 +- deps/openssl/openssl/INSTALL | 346 +- deps/openssl/openssl/Makefile.shared | 521 - deps/openssl/openssl/NEWS | 75 +- deps/openssl/openssl/NOTES.ANDROID | 76 + deps/openssl/openssl/NOTES.UNIX | 123 +- deps/openssl/openssl/NOTES.VMS | 26 + deps/openssl/openssl/NOTES.WIN | 146 +- deps/openssl/openssl/README | 7 +- deps/openssl/openssl/README.ECC | 61 - deps/openssl/openssl/README.ENGINE | 1 - deps/openssl/openssl/VMS/engine.opt | 3 +- .../openssl/VMS/openssl_shutdown.com.in | 2 +- .../openssl/VMS/openssl_startup.com.in | 2 +- deps/openssl/openssl/apps/CA.pl.in | 64 +- deps/openssl/openssl/apps/app_rand.c | 136 +- deps/openssl/openssl/apps/apps.c | 365 +- deps/openssl/openssl/apps/apps.h | 145 +- deps/openssl/openssl/apps/asn1pars.c | 69 +- deps/openssl/openssl/apps/bf_prefix.c | 177 + deps/openssl/openssl/apps/build.info | 40 +- deps/openssl/openssl/apps/ca.c | 468 +- deps/openssl/openssl/apps/ciphers.c | 48 +- deps/openssl/openssl/apps/cms.c | 237 +- deps/openssl/openssl/apps/crl.c | 19 +- deps/openssl/openssl/apps/crl2p7.c | 11 +- deps/openssl/openssl/apps/ct_log_list.cnf | 43 +- deps/openssl/openssl/apps/demoCA/cacert.pem | 14 - deps/openssl/openssl/apps/demoCA/index.txt | 39 - .../openssl/apps/demoCA/private/cakey.pem | 24 - deps/openssl/openssl/apps/demoCA/serial | 1 - deps/openssl/openssl/apps/dgst.c | 94 +- deps/openssl/openssl/apps/dhparam.c | 68 +- deps/openssl/openssl/apps/dsa.c | 22 +- deps/openssl/openssl/apps/dsaparam.c | 105 +- deps/openssl/openssl/apps/ec.c | 24 +- deps/openssl/openssl/apps/ecparam.c | 59 +- deps/openssl/openssl/apps/enc.c | 134 +- deps/openssl/openssl/apps/engine.c | 99 +- deps/openssl/openssl/apps/errstr.c | 12 +- deps/openssl/openssl/apps/gendsa.c | 35 +- deps/openssl/openssl/apps/genpkey.c | 16 +- deps/openssl/openssl/apps/genrsa.c | 51 +- deps/openssl/openssl/apps/nseq.c | 7 +- deps/openssl/openssl/apps/ocsp.c | 602 +- deps/openssl/openssl/apps/openssl-vms.cnf | 8 +- deps/openssl/openssl/apps/openssl.c | 275 +- deps/openssl/openssl/apps/openssl.cnf | 8 +- deps/openssl/openssl/apps/opt.c | 159 +- deps/openssl/openssl/apps/passwd.c | 593 +- deps/openssl/openssl/apps/pkcs12.c | 118 +- deps/openssl/openssl/apps/pkcs7.c | 9 +- deps/openssl/openssl/apps/pkcs8.c | 54 +- deps/openssl/openssl/apps/pkey.c | 53 +- deps/openssl/openssl/apps/pkeyparam.c | 48 +- deps/openssl/openssl/apps/pkeyutl.c | 49 +- deps/openssl/openssl/apps/prime.c | 5 +- deps/openssl/openssl/apps/progs.pl | 165 +- deps/openssl/openssl/apps/rand.c | 25 +- deps/openssl/openssl/apps/rehash.c | 57 +- deps/openssl/openssl/apps/req.c | 509 +- deps/openssl/openssl/apps/rsa.c | 32 +- deps/openssl/openssl/apps/rsautl.c | 26 +- deps/openssl/openssl/apps/s_apps.h | 51 +- deps/openssl/openssl/apps/s_cb.c | 386 +- deps/openssl/openssl/apps/s_client.c | 1120 +- deps/openssl/openssl/apps/s_server.c | 893 +- deps/openssl/openssl/apps/s_socket.c | 203 +- deps/openssl/openssl/apps/s_time.c | 74 +- deps/openssl/openssl/apps/sess_id.c | 29 +- deps/openssl/openssl/apps/smime.c | 123 +- deps/openssl/openssl/apps/speed.c | 1545 ++- deps/openssl/openssl/apps/spkac.c | 18 +- deps/openssl/openssl/apps/srp.c | 50 +- deps/openssl/openssl/apps/storeutl.c | 473 + deps/openssl/openssl/apps/testdsa.h | 134 +- deps/openssl/openssl/apps/ts.c | 61 +- deps/openssl/openssl/apps/tsget.in | 4 +- deps/openssl/openssl/apps/verify.c | 22 +- deps/openssl/openssl/apps/version.c | 65 +- deps/openssl/openssl/apps/vms_term_sock.c | 35 +- deps/openssl/openssl/apps/vms_term_sock.h | 1 + deps/openssl/openssl/apps/win32_init.c | 2 +- deps/openssl/openssl/apps/x509.c | 259 +- deps/openssl/openssl/appveyor.yml | 43 +- deps/openssl/openssl/build.info | 82 +- deps/openssl/openssl/config | 176 +- deps/openssl/openssl/crypto/LPdir_nyi.c | 3 + deps/openssl/openssl/crypto/LPdir_unix.c | 44 +- deps/openssl/openssl/crypto/LPdir_vms.c | 3 + deps/openssl/openssl/crypto/LPdir_win.c | 3 + deps/openssl/openssl/crypto/LPdir_win32.c | 3 + deps/openssl/openssl/crypto/LPdir_wince.c | 3 + deps/openssl/openssl/crypto/aes/aes_core.c | 6 +- deps/openssl/openssl/crypto/aes/aes_x86core.c | 23 +- .../openssl/openssl/crypto/aes/asm/aes-586.pl | 34 +- .../openssl/openssl/crypto/aes/asm/aes-ia64.S | 4 +- .../openssl/crypto/aes/asm/aes-mips.pl | 97 +- .../openssl/crypto/aes/asm/aes-parisc.pl | 15 +- .../openssl/openssl/crypto/aes/asm/aes-ppc.pl | 10 +- .../openssl/crypto/aes/asm/aes-s390x.pl | 100 +- .../openssl/crypto/aes/asm/aes-sparcv9.pl | 2 +- .../openssl/crypto/aes/asm/aes-x86_64.pl | 134 +- .../openssl/crypto/aes/asm/aesfx-sparcv9.pl | 2 +- .../openssl/crypto/aes/asm/aesni-mb-x86_64.pl | 108 +- .../crypto/aes/asm/aesni-sha1-x86_64.pl | 70 +- .../crypto/aes/asm/aesni-sha256-x86_64.pl | 113 +- .../openssl/crypto/aes/asm/aesni-x86.pl | 8 +- .../openssl/crypto/aes/asm/aesni-x86_64.pl | 369 +- .../openssl/crypto/aes/asm/aesp8-ppc.pl | 6 +- .../openssl/crypto/aes/asm/aest4-sparcv9.pl | 8 +- .../openssl/crypto/aes/asm/aesv8-armx.pl | 11 +- .../openssl/crypto/aes/asm/bsaes-armv7.pl | 10 +- .../openssl/crypto/aes/asm/bsaes-x86_64.pl | 272 +- .../openssl/crypto/aes/asm/vpaes-armv8.pl | 12 +- .../openssl/crypto/aes/asm/vpaes-ppc.pl | 8 +- .../openssl/crypto/aes/asm/vpaes-x86.pl | 10 +- .../openssl/crypto/aes/asm/vpaes-x86_64.pl | 20 +- deps/openssl/openssl/crypto/aes/build.info | 10 +- deps/openssl/openssl/crypto/aria/aria.c | 1212 ++ deps/openssl/openssl/crypto/aria/build.info | 3 + deps/openssl/openssl/crypto/arm64cpuid.pl | 23 +- deps/openssl/openssl/crypto/arm_arch.h | 3 +- deps/openssl/openssl/crypto/armcap.c | 25 +- deps/openssl/openssl/crypto/asn1/a_bitstr.c | 20 +- deps/openssl/openssl/crypto/asn1/a_d2i_fp.c | 17 +- deps/openssl/openssl/crypto/asn1/a_digest.c | 8 +- deps/openssl/openssl/crypto/asn1/a_dup.c | 12 +- deps/openssl/openssl/crypto/asn1/a_gentm.c | 231 +- deps/openssl/openssl/crypto/asn1/a_i2d_fp.c | 16 +- deps/openssl/openssl/crypto/asn1/a_int.c | 8 +- deps/openssl/openssl/crypto/asn1/a_mbstr.c | 70 +- deps/openssl/openssl/crypto/asn1/a_object.c | 34 +- deps/openssl/openssl/crypto/asn1/a_print.c | 46 +- deps/openssl/openssl/crypto/asn1/a_sign.c | 16 +- deps/openssl/openssl/crypto/asn1/a_strex.c | 27 +- deps/openssl/openssl/crypto/asn1/a_strnid.c | 112 +- deps/openssl/openssl/crypto/asn1/a_time.c | 505 +- deps/openssl/openssl/crypto/asn1/a_type.c | 4 +- deps/openssl/openssl/crypto/asn1/a_utctm.c | 204 +- deps/openssl/openssl/crypto/asn1/a_verify.c | 23 +- deps/openssl/openssl/crypto/asn1/ameth_lib.c | 108 +- deps/openssl/openssl/crypto/asn1/asn1_err.c | 561 +- .../openssl/crypto/asn1/asn1_item_list.c | 42 + .../openssl/crypto/asn1/asn1_item_list.h | 178 + deps/openssl/openssl/crypto/asn1/asn1_lib.c | 57 +- deps/openssl/openssl/crypto/asn1/asn1_locl.h | 6 +- deps/openssl/openssl/crypto/asn1/asn1_par.c | 12 +- deps/openssl/openssl/crypto/asn1/asn_mime.c | 48 +- deps/openssl/openssl/crypto/asn1/asn_moid.c | 45 +- deps/openssl/openssl/crypto/asn1/asn_mstbl.c | 3 +- deps/openssl/openssl/crypto/asn1/bio_asn1.c | 23 +- deps/openssl/openssl/crypto/asn1/bio_ndef.c | 12 +- deps/openssl/openssl/crypto/asn1/build.info | 2 +- deps/openssl/openssl/crypto/asn1/charmap.h | 2 +- deps/openssl/openssl/crypto/asn1/charmap.pl | 6 +- deps/openssl/openssl/crypto/asn1/d2i_pr.c | 6 +- deps/openssl/openssl/crypto/asn1/d2i_pu.c | 7 +- deps/openssl/openssl/crypto/asn1/evp_asn1.c | 12 +- deps/openssl/openssl/crypto/asn1/f_int.c | 23 +- deps/openssl/openssl/crypto/asn1/f_string.c | 26 +- deps/openssl/openssl/crypto/asn1/n_pkey.c | 4 +- deps/openssl/openssl/crypto/asn1/p5_pbev2.c | 4 +- deps/openssl/openssl/crypto/asn1/p5_scrypt.c | 15 +- .../openssl/crypto/asn1/standard_methods.h | 60 + deps/openssl/openssl/crypto/asn1/tasn_dec.c | 3 +- deps/openssl/openssl/crypto/asn1/tasn_enc.c | 6 +- deps/openssl/openssl/crypto/asn1/tasn_new.c | 7 +- deps/openssl/openssl/crypto/asn1/tasn_prn.c | 3 +- deps/openssl/openssl/crypto/asn1/tasn_utl.c | 43 +- .../openssl/crypto/asn1/tbl_standard.h | 60 + deps/openssl/openssl/crypto/asn1/x_algor.c | 11 +- deps/openssl/openssl/crypto/asn1/x_int64.c | 42 +- deps/openssl/openssl/crypto/asn1/x_long.c | 27 +- deps/openssl/openssl/crypto/asn1/x_spki.c | 5 - .../openssl/crypto/async/arch/async_posix.h | 1 - deps/openssl/openssl/crypto/async/async.c | 10 +- deps/openssl/openssl/crypto/async/async_err.c | 44 +- .../openssl/openssl/crypto/async/async_locl.h | 2 +- .../openssl/openssl/crypto/async/async_wait.c | 8 +- deps/openssl/openssl/crypto/bf/asm/bf-586.pl | 2 +- deps/openssl/openssl/crypto/bf/bf_cbc.c | 86 - deps/openssl/openssl/crypto/bf/bf_ecb.c | 2 +- deps/openssl/openssl/crypto/bf/bf_enc.c | 4 - deps/openssl/openssl/crypto/bf/build.info | 3 +- deps/openssl/openssl/crypto/bio/b_addr.c | 53 +- deps/openssl/openssl/crypto/bio/b_dump.c | 67 +- deps/openssl/openssl/crypto/bio/b_print.c | 88 +- deps/openssl/openssl/crypto/bio/b_sock.c | 37 +- deps/openssl/openssl/crypto/bio/b_sock2.c | 90 +- deps/openssl/openssl/crypto/bio/bf_buff.c | 84 +- deps/openssl/openssl/crypto/bio/bf_lbuf.c | 62 +- deps/openssl/openssl/crypto/bio/bf_nbio.c | 52 +- deps/openssl/openssl/crypto/bio/bf_null.c | 34 +- deps/openssl/openssl/crypto/bio/bio_cb.c | 39 +- deps/openssl/openssl/crypto/bio/bio_err.c | 211 +- deps/openssl/openssl/crypto/bio/bio_lcl.h | 10 +- deps/openssl/openssl/crypto/bio/bio_lib.c | 416 +- deps/openssl/openssl/crypto/bio/bio_meth.c | 77 +- deps/openssl/openssl/crypto/bio/bss_acpt.c | 48 +- deps/openssl/openssl/crypto/bio/bss_bio.c | 9 +- deps/openssl/openssl/crypto/bio/bss_conn.c | 57 +- deps/openssl/openssl/crypto/bio/bss_dgram.c | 120 +- deps/openssl/openssl/crypto/bio/bss_fd.c | 41 +- deps/openssl/openssl/crypto/bio/bss_file.c | 52 +- deps/openssl/openssl/crypto/bio/bss_log.c | 24 +- deps/openssl/openssl/crypto/bio/bss_mem.c | 60 +- deps/openssl/openssl/crypto/bio/bss_null.c | 18 +- deps/openssl/openssl/crypto/bio/bss_sock.c | 34 +- .../openssl/crypto/blake2/blake2_impl.h | 3 +- .../openssl/crypto/blake2/blake2_locl.h | 3 +- deps/openssl/openssl/crypto/blake2/blake2b.c | 3 +- deps/openssl/openssl/crypto/blake2/blake2s.c | 5 +- .../openssl/openssl/crypto/blake2/m_blake2b.c | 2 +- .../openssl/openssl/crypto/blake2/m_blake2s.c | 2 +- deps/openssl/openssl/crypto/bn/README.pod | 8 +- .../openssl/crypto/bn/asm/alpha-mont.pl | 2 +- .../openssl/crypto/bn/asm/armv4-gf2m.pl | 2 +- .../openssl/crypto/bn/asm/armv4-mont.pl | 2 +- deps/openssl/openssl/crypto/bn/asm/bn-586.pl | 26 +- .../openssl/crypto/bn/asm/c64xplus-gf2m.pl | 2 +- deps/openssl/openssl/crypto/bn/asm/co-586.pl | 14 +- .../openssl/crypto/bn/asm/ia64-mont.pl | 6 +- deps/openssl/openssl/crypto/bn/asm/ia64.S | 25 +- .../openssl/crypto/bn/asm/mips-mont.pl | 102 +- deps/openssl/openssl/crypto/bn/asm/mips.pl | 752 +- deps/openssl/openssl/crypto/bn/asm/pa-risc2.s | 1624 --- .../openssl/openssl/crypto/bn/asm/pa-risc2W.s | 1612 --- .../openssl/crypto/bn/asm/parisc-mont.pl | 16 +- .../openssl/openssl/crypto/bn/asm/ppc-mont.pl | 1697 ++- deps/openssl/openssl/crypto/bn/asm/ppc.pl | 275 +- .../openssl/crypto/bn/asm/ppc64-mont.pl | 4 +- .../openssl/crypto/bn/asm/rsaz-avx2.pl | 145 +- .../openssl/crypto/bn/asm/rsaz-x86_64.pl | 198 +- .../openssl/crypto/bn/asm/s390x-gf2m.pl | 4 +- .../openssl/crypto/bn/asm/s390x-mont.pl | 2 +- .../openssl/crypto/bn/asm/sparct4-mont.pl | 6 +- deps/openssl/openssl/crypto/bn/asm/sparcv8.S | 12 +- .../openssl/crypto/bn/asm/sparcv8plus.S | 16 +- .../openssl/crypto/bn/asm/sparcv9-mont.pl | 4 +- .../openssl/crypto/bn/asm/sparcv9a-mont.pl | 4 +- .../openssl/openssl/crypto/bn/asm/via-mont.pl | 6 +- .../openssl/crypto/bn/asm/vis3-mont.pl | 2 +- .../openssl/openssl/crypto/bn/asm/x86-gf2m.pl | 4 +- .../openssl/openssl/crypto/bn/asm/x86-mont.pl | 8 +- .../openssl/crypto/bn/asm/x86_64-gcc.c | 14 +- .../openssl/crypto/bn/asm/x86_64-gf2m.pl | 37 +- .../openssl/crypto/bn/asm/x86_64-mont.pl | 80 +- .../openssl/crypto/bn/asm/x86_64-mont5.pl | 129 +- deps/openssl/openssl/crypto/bn/bn_add.c | 132 +- deps/openssl/openssl/crypto/bn/bn_asm.c | 32 +- deps/openssl/openssl/crypto/bn/bn_blind.c | 11 +- deps/openssl/openssl/crypto/bn/bn_ctx.c | 16 +- deps/openssl/openssl/crypto/bn/bn_dh.c | 296 +- deps/openssl/openssl/crypto/bn/bn_div.c | 28 +- deps/openssl/openssl/crypto/bn/bn_err.c | 167 +- deps/openssl/openssl/crypto/bn/bn_exp.c | 186 +- deps/openssl/openssl/crypto/bn/bn_exp2.c | 8 +- deps/openssl/openssl/crypto/bn/bn_gcd.c | 12 +- deps/openssl/openssl/crypto/bn/bn_gf2m.c | 160 +- deps/openssl/openssl/crypto/bn/bn_intern.c | 15 - deps/openssl/openssl/crypto/bn/bn_lcl.h | 117 +- deps/openssl/openssl/crypto/bn/bn_lib.c | 195 +- deps/openssl/openssl/crypto/bn/bn_mod.c | 2 +- deps/openssl/openssl/crypto/bn/bn_mont.c | 44 +- deps/openssl/openssl/crypto/bn/bn_mul.c | 341 +- deps/openssl/openssl/crypto/bn/bn_nist.c | 4 +- deps/openssl/openssl/crypto/bn/bn_prime.c | 173 +- deps/openssl/openssl/crypto/bn/bn_prime.h | 515 +- deps/openssl/openssl/crypto/bn/bn_prime.pl | 12 +- deps/openssl/openssl/crypto/bn/bn_print.c | 106 +- deps/openssl/openssl/crypto/bn/bn_rand.c | 62 +- deps/openssl/openssl/crypto/bn/bn_recp.c | 37 +- deps/openssl/openssl/crypto/bn/bn_shift.c | 22 +- deps/openssl/openssl/crypto/bn/bn_sqr.c | 4 +- deps/openssl/openssl/crypto/bn/bn_sqrt.c | 6 +- deps/openssl/openssl/crypto/bn/bn_srp.c | 6 +- deps/openssl/openssl/crypto/bn/bn_word.c | 18 +- deps/openssl/openssl/crypto/bn/bn_x931p.c | 12 +- deps/openssl/openssl/crypto/bn/build.info | 35 +- deps/openssl/openssl/crypto/bn/rsaz_exp.c | 47 +- deps/openssl/openssl/crypto/bn/rsaz_exp.h | 51 +- deps/openssl/openssl/crypto/buffer/buf_err.c | 24 +- deps/openssl/openssl/crypto/buffer/buffer.c | 23 +- deps/openssl/openssl/crypto/build.info | 9 +- deps/openssl/openssl/crypto/c64xpluscpuid.pl | 2 +- .../openssl/crypto/camellia/asm/cmll-x86.pl | 8 +- .../crypto/camellia/asm/cmll-x86_64.pl | 57 + .../crypto/camellia/asm/cmllt4-sparcv9.pl | 8 +- .../openssl/crypto/camellia/build.info | 4 +- .../openssl/crypto/camellia/camellia.c | 52 +- .../openssl/crypto/cast/asm/cast-586.pl | 8 +- deps/openssl/openssl/crypto/cast/build.info | 3 +- deps/openssl/openssl/crypto/cast/cast_lcl.h | 4 +- deps/openssl/openssl/crypto/cast/cast_s.h | 16 +- .../openssl/crypto/chacha/asm/chacha-armv4.pl | 8 +- .../openssl/crypto/chacha/asm/chacha-armv8.pl | 5 +- .../crypto/chacha/asm/chacha-c64xplus.pl | 2 +- .../openssl/crypto/chacha/asm/chacha-ppc.pl | 561 +- .../openssl/crypto/chacha/asm/chacha-x86.pl | 3 +- .../crypto/chacha/asm/chacha-x86_64.pl | 2040 ++- deps/openssl/openssl/crypto/chacha/build.info | 5 +- deps/openssl/openssl/crypto/cmac/cmac.c | 8 +- deps/openssl/openssl/crypto/cms/cms_asn1.c | 26 +- deps/openssl/openssl/crypto/cms/cms_enc.c | 7 +- deps/openssl/openssl/crypto/cms/cms_env.c | 2 +- deps/openssl/openssl/crypto/cms/cms_err.c | 432 +- deps/openssl/openssl/crypto/cms/cms_lcl.h | 35 +- deps/openssl/openssl/crypto/cms/cms_lib.c | 2 +- deps/openssl/openssl/crypto/cms/cms_pwri.c | 9 +- deps/openssl/openssl/crypto/cms/cms_sd.c | 3 +- deps/openssl/openssl/crypto/comp/c_zlib.c | 9 +- deps/openssl/openssl/crypto/comp/comp_err.c | 36 +- deps/openssl/openssl/crypto/comp/comp_lib.c | 20 +- deps/openssl/openssl/crypto/conf/conf_api.c | 25 +- deps/openssl/openssl/crypto/conf/conf_def.c | 295 +- deps/openssl/openssl/crypto/conf/conf_def.h | 109 +- deps/openssl/openssl/crypto/conf/conf_err.c | 123 +- deps/openssl/openssl/crypto/conf/conf_lib.c | 49 +- deps/openssl/openssl/crypto/conf/conf_mod.c | 18 +- deps/openssl/openssl/crypto/conf/conf_sap.c | 6 +- deps/openssl/openssl/crypto/conf/conf_ssl.c | 1 + deps/openssl/openssl/crypto/conf/keysets.pl | 205 +- deps/openssl/openssl/crypto/cpt_err.c | 74 +- deps/openssl/openssl/crypto/cryptlib.c | 113 +- deps/openssl/openssl/crypto/ct/ct_b64.c | 12 +- deps/openssl/openssl/crypto/ct/ct_err.c | 125 +- deps/openssl/openssl/crypto/ct/ct_log.c | 4 +- deps/openssl/openssl/crypto/ct/ct_sct.c | 13 +- deps/openssl/openssl/crypto/ctype.c | 274 + deps/openssl/openssl/crypto/cversion.c | 45 +- .../openssl/crypto/des/asm/crypt586.pl | 8 +- .../openssl/openssl/crypto/des/asm/des-586.pl | 12 +- .../openssl/openssl/crypto/des/asm/des_enc.m4 | 26 +- .../openssl/openssl/crypto/des/asm/desboth.pl | 2 +- .../openssl/crypto/des/asm/dest4-sparcv9.pl | 4 +- deps/openssl/openssl/crypto/des/build.info | 8 +- deps/openssl/openssl/crypto/des/cbc_cksm.c | 3 +- deps/openssl/openssl/crypto/des/cfb64ede.c | 3 +- deps/openssl/openssl/crypto/des/cfb_enc.c | 2 +- deps/openssl/openssl/crypto/des/des_enc.c | 6 +- deps/openssl/openssl/crypto/des/des_locl.h | 7 +- deps/openssl/openssl/crypto/des/ecb_enc.c | 13 +- deps/openssl/openssl/crypto/des/fcrypt.c | 6 +- deps/openssl/openssl/crypto/des/qud_cksm.c | 3 +- deps/openssl/openssl/crypto/des/rand_key.c | 8 +- deps/openssl/openssl/crypto/des/rpc_des.h | 76 - deps/openssl/openssl/crypto/des/rpc_enc.c | 30 - deps/openssl/openssl/crypto/des/set_key.c | 39 +- deps/openssl/openssl/crypto/des/spr.h | 2 +- deps/openssl/openssl/crypto/des/str2key.c | 20 - deps/openssl/openssl/crypto/dh/build.info | 3 +- deps/openssl/openssl/crypto/dh/dh_ameth.c | 57 +- deps/openssl/openssl/crypto/dh/dh_asn1.c | 2 +- deps/openssl/openssl/crypto/dh/dh_check.c | 64 +- deps/openssl/openssl/crypto/dh/dh_err.c | 116 +- deps/openssl/openssl/crypto/dh/dh_gen.c | 6 +- deps/openssl/openssl/crypto/dh/dh_kdf.c | 2 +- deps/openssl/openssl/crypto/dh/dh_key.c | 12 +- deps/openssl/openssl/crypto/dh/dh_lib.c | 36 +- deps/openssl/openssl/crypto/dh/dh_locl.h | 5 +- deps/openssl/openssl/crypto/dh/dh_pmeth.c | 62 +- deps/openssl/openssl/crypto/dh/dh_prn.c | 4 +- deps/openssl/openssl/crypto/dh/dh_rfc7919.c | 74 + deps/openssl/openssl/crypto/dllmain.c | 20 +- deps/openssl/openssl/crypto/dsa/dsa_ameth.c | 4 +- deps/openssl/openssl/crypto/dsa/dsa_asn1.c | 12 +- deps/openssl/openssl/crypto/dsa/dsa_err.c | 93 +- deps/openssl/openssl/crypto/dsa/dsa_gen.c | 6 + deps/openssl/openssl/crypto/dsa/dsa_key.c | 4 +- deps/openssl/openssl/crypto/dsa/dsa_lib.c | 38 +- deps/openssl/openssl/crypto/dsa/dsa_locl.h | 5 +- deps/openssl/openssl/crypto/dsa/dsa_meth.c | 2 +- deps/openssl/openssl/crypto/dsa/dsa_ossl.c | 75 +- deps/openssl/openssl/crypto/dsa/dsa_pmeth.c | 8 +- deps/openssl/openssl/crypto/dsa/dsa_prn.c | 8 +- deps/openssl/openssl/crypto/dsa/dsa_sign.c | 6 +- deps/openssl/openssl/crypto/dsa/dsa_vrf.c | 2 - deps/openssl/openssl/crypto/dso/dso_dl.c | 36 +- deps/openssl/openssl/crypto/dso/dso_dlfcn.c | 73 +- deps/openssl/openssl/crypto/dso/dso_err.c | 135 +- deps/openssl/openssl/crypto/dso/dso_lib.c | 59 +- deps/openssl/openssl/crypto/dso/dso_locl.h | 3 +- deps/openssl/openssl/crypto/dso/dso_vms.c | 34 +- deps/openssl/openssl/crypto/dso/dso_win32.c | 71 +- deps/openssl/openssl/crypto/ebcdic.c | 5 - .../crypto/ec/asm/ecp_nistz256-armv4.pl | 4 +- .../crypto/ec/asm/ecp_nistz256-armv8.pl | 311 +- .../crypto/ec/asm/ecp_nistz256-avx2.pl | 42 +- .../crypto/ec/asm/ecp_nistz256-ppc64.pl | 2382 ++++ .../crypto/ec/asm/ecp_nistz256-sparcv9.pl | 8 +- .../openssl/crypto/ec/asm/ecp_nistz256-x86.pl | 4 +- .../crypto/ec/asm/ecp_nistz256-x86_64.pl | 1972 ++- .../openssl/crypto/ec/asm/x25519-ppc64.pl | 824 ++ .../openssl/crypto/ec/asm/x25519-x86_64.pl | 1117 ++ deps/openssl/openssl/crypto/ec/build.info | 18 +- deps/openssl/openssl/crypto/ec/curve25519.c | 2237 ++- .../ec/curve448/arch_32/arch_intrinsics.h | 27 + .../crypto/ec/curve448/arch_32/f_impl.c | 95 + .../crypto/ec/curve448/arch_32/f_impl.h | 60 + .../openssl/crypto/ec/curve448/curve448.c | 727 + .../openssl/crypto/ec/curve448/curve448_lcl.h | 38 + .../crypto/ec/curve448/curve448_tables.c | 475 + .../crypto/ec/curve448/curve448utils.h | 78 + .../openssl/crypto/ec/curve448/ed448.h | 195 + .../openssl/crypto/ec/curve448/eddsa.c | 346 + .../openssl/crypto/ec/curve448/f_generic.c | 204 + .../openssl/crypto/ec/curve448/field.h | 168 + .../openssl/crypto/ec/curve448/point_448.h | 301 + .../openssl/crypto/ec/curve448/scalar.c | 235 + .../openssl/openssl/crypto/ec/curve448/word.h | 81 + deps/openssl/openssl/crypto/ec/ec2_mult.c | 418 - deps/openssl/openssl/crypto/ec/ec2_oct.c | 29 +- deps/openssl/openssl/crypto/ec/ec2_smpl.c | 370 +- deps/openssl/openssl/crypto/ec/ec_ameth.c | 62 +- deps/openssl/openssl/crypto/ec/ec_asn1.c | 144 +- deps/openssl/openssl/crypto/ec/ec_curve.c | 64 +- deps/openssl/openssl/crypto/ec/ec_cvt.c | 21 +- deps/openssl/openssl/crypto/ec/ec_err.c | 543 +- deps/openssl/openssl/crypto/ec/ec_key.c | 57 +- deps/openssl/openssl/crypto/ec/ec_lcl.h | 159 +- deps/openssl/openssl/crypto/ec/ec_lib.c | 280 +- deps/openssl/openssl/crypto/ec/ec_mult.c | 205 +- deps/openssl/openssl/crypto/ec/ec_oct.c | 59 +- deps/openssl/openssl/crypto/ec/ec_pmeth.c | 81 +- deps/openssl/openssl/crypto/ec/ec_print.c | 8 +- deps/openssl/openssl/crypto/ec/ecdh_kdf.c | 19 +- deps/openssl/openssl/crypto/ec/ecdh_ossl.c | 40 +- deps/openssl/openssl/crypto/ec/ecdsa_ossl.c | 97 +- deps/openssl/openssl/crypto/ec/eck_prn.c | 40 +- deps/openssl/openssl/crypto/ec/ecp_mont.c | 13 +- deps/openssl/openssl/crypto/ec/ecp_nist.c | 13 +- deps/openssl/openssl/crypto/ec/ecp_nistp224.c | 77 +- deps/openssl/openssl/crypto/ec/ecp_nistp256.c | 48 +- deps/openssl/openssl/crypto/ec/ecp_nistp521.c | 67 +- deps/openssl/openssl/crypto/ec/ecp_nistz256.c | 274 +- deps/openssl/openssl/crypto/ec/ecp_oct.c | 22 +- deps/openssl/openssl/crypto/ec/ecp_smpl.c | 246 +- deps/openssl/openssl/crypto/ec/ecx_meth.c | 641 +- deps/openssl/openssl/crypto/engine/README | 8 +- deps/openssl/openssl/crypto/engine/build.info | 5 +- deps/openssl/openssl/crypto/engine/eng_all.c | 10 +- .../openssl/crypto/engine/eng_cryptodev.c | 1757 --- deps/openssl/openssl/crypto/engine/eng_ctrl.c | 36 +- .../openssl/crypto/engine/eng_devcrypto.c | 688 + deps/openssl/openssl/crypto/engine/eng_err.c | 211 +- deps/openssl/openssl/crypto/engine/eng_fat.c | 7 +- deps/openssl/openssl/crypto/engine/eng_init.c | 3 +- deps/openssl/openssl/crypto/engine/eng_int.h | 26 +- deps/openssl/openssl/crypto/engine/eng_lib.c | 22 +- deps/openssl/openssl/crypto/engine/eng_list.c | 13 +- .../openssl/crypto/engine/eng_openssl.c | 16 +- .../openssl/crypto/engine/eng_rdrand.c | 25 +- .../openssl/openssl/crypto/engine/tb_asnmth.c | 1 + .../openssl/openssl/crypto/engine/tb_cipher.c | 4 +- deps/openssl/openssl/crypto/engine/tb_dh.c | 4 +- .../openssl/openssl/crypto/engine/tb_digest.c | 4 +- deps/openssl/openssl/crypto/engine/tb_dsa.c | 4 +- deps/openssl/openssl/crypto/engine/tb_eckey.c | 4 +- .../openssl/openssl/crypto/engine/tb_pkmeth.c | 4 +- deps/openssl/openssl/crypto/engine/tb_rand.c | 4 +- deps/openssl/openssl/crypto/engine/tb_rsa.c | 4 +- deps/openssl/openssl/crypto/err/err.c | 281 +- deps/openssl/openssl/crypto/err/err_all.c | 68 +- deps/openssl/openssl/crypto/err/err_prn.c | 3 +- deps/openssl/openssl/crypto/err/openssl.ec | 167 +- deps/openssl/openssl/crypto/err/openssl.txt | 3026 +++++ deps/openssl/openssl/crypto/evp/bio_b64.c | 22 +- deps/openssl/openssl/crypto/evp/bio_enc.c | 53 +- deps/openssl/openssl/crypto/evp/bio_md.c | 27 +- deps/openssl/openssl/crypto/evp/bio_ok.c | 23 +- deps/openssl/openssl/crypto/evp/build.info | 9 +- deps/openssl/openssl/crypto/evp/c_allc.c | 50 +- deps/openssl/openssl/crypto/evp/c_alld.c | 15 +- deps/openssl/openssl/crypto/evp/digest.c | 33 +- deps/openssl/openssl/crypto/evp/e_aes.c | 1877 ++- .../openssl/crypto/evp/e_aes_cbc_hmac_sha1.c | 8 +- .../crypto/evp/e_aes_cbc_hmac_sha256.c | 8 +- deps/openssl/openssl/crypto/evp/e_aria.c | 756 ++ .../openssl/crypto/evp/e_chacha20_poly1305.c | 200 +- deps/openssl/openssl/crypto/evp/e_des.c | 4 +- deps/openssl/openssl/crypto/evp/e_des3.c | 4 +- deps/openssl/openssl/crypto/evp/e_null.c | 2 +- deps/openssl/openssl/crypto/evp/e_rc2.c | 26 +- deps/openssl/openssl/crypto/evp/e_rc4.c | 4 +- .../openssl/crypto/evp/e_rc4_hmac_md5.c | 2 +- deps/openssl/openssl/crypto/evp/e_rc5.c | 2 +- deps/openssl/openssl/crypto/evp/e_sm4.c | 100 + deps/openssl/openssl/crypto/evp/e_xcbc_d.c | 2 +- deps/openssl/openssl/crypto/evp/encode.c | 168 +- deps/openssl/openssl/crypto/evp/evp_cnf.c | 11 +- deps/openssl/openssl/crypto/evp/evp_enc.c | 14 +- deps/openssl/openssl/crypto/evp/evp_err.c | 406 +- deps/openssl/openssl/crypto/evp/evp_key.c | 8 +- deps/openssl/openssl/crypto/evp/evp_lib.c | 47 +- deps/openssl/openssl/crypto/evp/evp_locl.h | 4 +- deps/openssl/openssl/crypto/evp/evp_pbe.c | 11 +- deps/openssl/openssl/crypto/evp/evp_pkey.c | 1 - deps/openssl/openssl/crypto/evp/m_md4.c | 2 +- deps/openssl/openssl/crypto/evp/m_md5.c | 2 +- deps/openssl/openssl/crypto/evp/m_mdc2.c | 2 +- deps/openssl/openssl/crypto/evp/m_null.c | 2 +- deps/openssl/openssl/crypto/evp/m_ripemd.c | 2 +- deps/openssl/openssl/crypto/evp/m_sha1.c | 59 +- deps/openssl/openssl/crypto/evp/m_sha3.c | 406 + deps/openssl/openssl/crypto/evp/m_sigver.c | 55 +- deps/openssl/openssl/crypto/evp/m_wp.c | 2 +- deps/openssl/openssl/crypto/evp/names.c | 20 +- deps/openssl/openssl/crypto/evp/p5_crpt2.c | 17 +- deps/openssl/openssl/crypto/evp/p_dec.c | 2 +- deps/openssl/openssl/crypto/evp/p_enc.c | 2 +- deps/openssl/openssl/crypto/evp/p_lib.c | 206 +- deps/openssl/openssl/crypto/evp/p_open.c | 4 +- deps/openssl/openssl/crypto/evp/p_seal.c | 12 - .../crypto/evp/{scrypt.c => pbe_scrypt.c} | 33 +- deps/openssl/openssl/crypto/evp/pmeth_fn.c | 2 +- deps/openssl/openssl/crypto/evp/pmeth_gn.c | 70 + deps/openssl/openssl/crypto/evp/pmeth_lib.c | 161 +- deps/openssl/openssl/crypto/ex_data.c | 1 - deps/openssl/openssl/crypto/hmac/hm_ameth.c | 92 +- deps/openssl/openssl/crypto/hmac/hm_pmeth.c | 8 +- deps/openssl/openssl/crypto/hmac/hmac.c | 73 +- deps/openssl/openssl/crypto/hmac/hmac_lcl.h | 16 +- deps/openssl/openssl/crypto/idea/i_ecb.c | 2 +- deps/openssl/openssl/crypto/idea/i_skey.c | 2 +- deps/openssl/openssl/crypto/idea/idea_lcl.h | 15 - .../internal/__DECC_INCLUDE_EPILOGUE.H | 2 +- .../internal/__DECC_INCLUDE_PROLOGUE.H | 2 +- .../openssl/crypto/include/internal/aria.h | 50 + .../crypto/include/internal/asn1_int.h | 21 + .../openssl/crypto/include/internal/bn_conf.h | 1 - .../openssl/crypto/include/internal/bn_dh.h | 7 + .../openssl/crypto/include/internal/bn_int.h | 18 - .../openssl/crypto/include/internal/chacha.h | 9 +- .../crypto/include/internal/cryptlib_int.h | 5 +- .../openssl/crypto/include/internal/ctype.h | 80 + .../crypto/include/internal/dso_conf.h | 1 - .../crypto/include/internal/dso_conf.h.in | 19 +- .../openssl/crypto/include/internal/ec_int.h | 53 + .../openssl/crypto/include/internal/engine.h | 2 +- .../openssl/crypto/include/internal/evp_int.h | 56 +- .../crypto/include/internal/md32_common.h | 145 +- .../crypto/include/internal/poly1305.h | 4 +- .../openssl/crypto/include/internal/rand.h | 20 - .../crypto/include/internal/rand_int.h | 134 + .../openssl/crypto/include/internal/sha.h | 19 + .../openssl/crypto/include/internal/siphash.h | 25 + .../openssl/crypto/include/internal/sm2.h | 78 + .../openssl/crypto/include/internal/sm2err.h | 61 + .../openssl/crypto/include/internal/sm3.h | 39 + .../openssl/crypto/include/internal/sm4.h | 37 + .../include/internal/store.h} | 3 +- .../crypto/include/internal/store_int.h | 26 + .../crypto/include/internal/x509_int.h | 24 +- deps/openssl/openssl/crypto/init.c | 108 +- deps/openssl/openssl/crypto/kdf/build.info | 2 +- deps/openssl/openssl/crypto/kdf/hkdf.c | 83 +- deps/openssl/openssl/crypto/kdf/kdf_err.c | 55 +- deps/openssl/openssl/crypto/kdf/scrypt.c | 266 + deps/openssl/openssl/crypto/kdf/tls1_prf.c | 31 +- deps/openssl/openssl/crypto/lhash/lh_stats.c | 31 +- deps/openssl/openssl/crypto/lhash/lhash.c | 56 +- deps/openssl/openssl/crypto/lhash/lhash_lcl.h | 21 +- deps/openssl/openssl/crypto/lhash/num.pl | 23 - deps/openssl/openssl/crypto/md2/md2_dgst.c | 4 +- deps/openssl/openssl/crypto/md2/md2_one.c | 2 +- deps/openssl/openssl/crypto/md4/md4_locl.h | 6 +- deps/openssl/openssl/crypto/md4/md4_one.c | 2 +- .../openssl/openssl/crypto/md5/asm/md5-586.pl | 4 +- .../openssl/openssl/crypto/md5/asm/md5-ia64.S | 1002 -- .../openssl/crypto/md5/asm/md5-sparcv9.pl | 4 +- .../openssl/crypto/md5/asm/md5-x86_64.pl | 13 + deps/openssl/openssl/crypto/md5/build.info | 15 +- deps/openssl/openssl/crypto/md5/md5_locl.h | 4 +- deps/openssl/openssl/crypto/md5/md5_one.c | 2 +- deps/openssl/openssl/crypto/mdc2/mdc2_one.c | 2 +- deps/openssl/openssl/crypto/mdc2/mdc2dgst.c | 21 - deps/openssl/openssl/crypto/mem.c | 133 +- deps/openssl/openssl/crypto/mem_dbg.c | 189 +- deps/openssl/openssl/crypto/mem_sec.c | 94 +- deps/openssl/openssl/crypto/mips_arch.h | 40 + .../crypto/modes/asm/aesni-gcm-x86_64.pl | 75 +- .../openssl/crypto/modes/asm/ghash-armv4.pl | 4 +- .../openssl/crypto/modes/asm/ghash-ia64.pl | 2 +- .../openssl/crypto/modes/asm/ghash-parisc.pl | 16 +- .../openssl/crypto/modes/asm/ghash-s390x.pl | 14 +- .../openssl/crypto/modes/asm/ghash-x86.pl | 15 +- .../openssl/crypto/modes/asm/ghash-x86_64.pl | 80 +- .../openssl/crypto/modes/asm/ghashp8-ppc.pl | 5 +- .../openssl/crypto/modes/asm/ghashv8-armx.pl | 379 +- deps/openssl/openssl/crypto/modes/build.info | 5 +- deps/openssl/openssl/crypto/modes/cts128.c | 193 - deps/openssl/openssl/crypto/modes/gcm128.c | 1019 +- deps/openssl/openssl/crypto/modes/modes_lcl.h | 4 + deps/openssl/openssl/crypto/modes/ocb128.c | 33 +- deps/openssl/openssl/crypto/modes/wrap128.c | 16 +- deps/openssl/openssl/crypto/o_dir.c | 2 +- deps/openssl/openssl/crypto/o_fips.c | 12 +- deps/openssl/openssl/crypto/o_fopen.c | 11 +- deps/openssl/openssl/crypto/o_init.c | 21 +- deps/openssl/openssl/crypto/o_str.c | 11 +- deps/openssl/openssl/crypto/objects/README | 2 +- deps/openssl/openssl/crypto/objects/o_names.c | 28 +- deps/openssl/openssl/crypto/objects/obj_dat.c | 123 +- deps/openssl/openssl/crypto/objects/obj_dat.h | 1050 +- .../openssl/openssl/crypto/objects/obj_dat.pl | 53 +- deps/openssl/openssl/crypto/objects/obj_err.c | 38 +- deps/openssl/openssl/crypto/objects/obj_lib.c | 11 +- .../openssl/crypto/objects/obj_mac.num | 134 + .../openssl/openssl/crypto/objects/obj_xref.c | 42 +- .../openssl/openssl/crypto/objects/obj_xref.h | 12 +- .../openssl/crypto/objects/obj_xref.txt | 6 + .../openssl/openssl/crypto/objects/objects.pl | 44 +- .../openssl/crypto/objects/objects.txt | 214 +- .../openssl/openssl/crypto/objects/objxref.pl | 11 +- deps/openssl/openssl/crypto/ocsp/ocsp_cl.c | 23 +- deps/openssl/openssl/crypto/ocsp/ocsp_err.c | 134 +- deps/openssl/openssl/crypto/ocsp/ocsp_ext.c | 34 +- deps/openssl/openssl/crypto/ocsp/ocsp_ht.c | 16 +- deps/openssl/openssl/crypto/ocsp/ocsp_lcl.h | 6 +- deps/openssl/openssl/crypto/ocsp/ocsp_srv.c | 47 +- deps/openssl/openssl/crypto/pariscid.pl | 21 +- deps/openssl/openssl/crypto/pem/pem_err.c | 183 +- deps/openssl/openssl/crypto/pem/pem_info.c | 21 +- deps/openssl/openssl/crypto/pem/pem_lib.c | 554 +- deps/openssl/openssl/crypto/pem/pem_oth.c | 2 +- deps/openssl/openssl/crypto/pem/pem_pk8.c | 2 +- deps/openssl/openssl/crypto/pem/pem_pkey.c | 19 +- deps/openssl/openssl/crypto/pem/pem_sign.c | 2 +- deps/openssl/openssl/crypto/pem/pvkfmt.c | 5 +- deps/openssl/openssl/crypto/perlasm/README | 4 +- deps/openssl/openssl/crypto/perlasm/cbc.pl | 10 +- .../openssl/crypto/perlasm/ppc-xlate.pl | 137 +- .../openssl/crypto/perlasm/sparcv9_modes.pl | 16 +- .../openssl/crypto/perlasm/x86_64-xlate.pl | 392 +- deps/openssl/openssl/crypto/perlasm/x86asm.pl | 17 +- deps/openssl/openssl/crypto/perlasm/x86gas.pl | 2 +- .../openssl/openssl/crypto/perlasm/x86masm.pl | 1 - .../openssl/openssl/crypto/perlasm/x86nasm.pl | 6 +- deps/openssl/openssl/crypto/pkcs12/p12_key.c | 46 +- deps/openssl/openssl/crypto/pkcs12/p12_sbag.c | 14 +- deps/openssl/openssl/crypto/pkcs12/p12_utl.c | 23 +- deps/openssl/openssl/crypto/pkcs12/pk12err.c | 148 +- deps/openssl/openssl/crypto/pkcs7/pk7_doit.c | 28 +- deps/openssl/openssl/crypto/pkcs7/pk7_enc.c | 25 - deps/openssl/openssl/crypto/pkcs7/pk7_lib.c | 48 +- deps/openssl/openssl/crypto/pkcs7/pk7_mime.c | 3 +- deps/openssl/openssl/crypto/pkcs7/pkcs7err.c | 223 +- .../crypto/poly1305/asm/poly1305-armv8.pl | 1 + .../crypto/poly1305/asm/poly1305-mips.pl | 50 +- .../crypto/poly1305/asm/poly1305-ppc.pl | 3 +- .../crypto/poly1305/asm/poly1305-ppcfp.pl | 2 +- .../crypto/poly1305/asm/poly1305-x86.pl | 5 +- .../crypto/poly1305/asm/poly1305-x86_64.pl | 1983 ++- .../openssl/crypto/poly1305/build.info | 8 +- .../openssl/crypto/poly1305/poly1305.c | 516 +- .../openssl/crypto/poly1305/poly1305_ameth.c | 122 + .../crypto/poly1305/poly1305_base2_44.c | 171 + .../crypto/poly1305/poly1305_ieee754.c | 92 +- .../openssl/crypto/poly1305/poly1305_local.h | 27 + .../openssl/crypto/poly1305/poly1305_pmeth.c | 194 + deps/openssl/openssl/crypto/ppccap.c | 95 +- deps/openssl/openssl/crypto/rand/build.info | 4 +- deps/openssl/openssl/crypto/rand/drbg_ctr.c | 438 + deps/openssl/openssl/crypto/rand/drbg_lib.c | 1159 ++ deps/openssl/openssl/crypto/rand/md_rand.c | 665 - deps/openssl/openssl/crypto/rand/rand_egd.c | 233 +- deps/openssl/openssl/crypto/rand/rand_err.c | 120 +- deps/openssl/openssl/crypto/rand/rand_lcl.h | 309 +- deps/openssl/openssl/crypto/rand/rand_lib.c | 799 +- deps/openssl/openssl/crypto/rand/rand_unix.c | 814 +- deps/openssl/openssl/crypto/rand/rand_vms.c | 579 +- deps/openssl/openssl/crypto/rand/rand_win.c | 190 +- deps/openssl/openssl/crypto/rand/randfile.c | 351 +- deps/openssl/openssl/crypto/rc2/rc2_ecb.c | 1 - deps/openssl/openssl/crypto/rc2/tab.c | 93 - .../openssl/openssl/crypto/rc4/asm/rc4-586.pl | 8 +- .../openssl/crypto/rc4/asm/rc4-c64xplus.pl | 2 +- .../openssl/crypto/rc4/asm/rc4-ia64.pl | 767 -- .../openssl/crypto/rc4/asm/rc4-md5-x86_64.pl | 20 +- .../openssl/crypto/rc4/asm/rc4-parisc.pl | 28 +- .../openssl/crypto/rc4/asm/rc4-s390x.pl | 2 +- .../openssl/crypto/rc4/asm/rc4-x86_64.pl | 15 +- deps/openssl/openssl/crypto/rc4/build.info | 21 +- deps/openssl/openssl/crypto/rc4/rc4_enc.c | 1 - deps/openssl/openssl/crypto/rc4/rc4_skey.c | 5 +- .../openssl/openssl/crypto/rc5/asm/rc5-586.pl | 2 +- deps/openssl/openssl/crypto/rc5/build.info | 3 +- .../openssl/crypto/ripemd/asm/rmd-586.pl | 15 +- deps/openssl/openssl/crypto/ripemd/build.info | 3 +- deps/openssl/openssl/crypto/ripemd/rmd_locl.h | 3 +- deps/openssl/openssl/crypto/ripemd/rmd_one.c | 2 +- deps/openssl/openssl/crypto/rsa/build.info | 4 +- deps/openssl/openssl/crypto/rsa/rsa_ameth.c | 663 +- deps/openssl/openssl/crypto/rsa/rsa_asn1.c | 56 +- deps/openssl/openssl/crypto/rsa/rsa_chk.c | 84 +- deps/openssl/openssl/crypto/rsa/rsa_crpt.c | 33 +- deps/openssl/openssl/crypto/rsa/rsa_err.c | 351 +- deps/openssl/openssl/crypto/rsa/rsa_gen.c | 312 +- deps/openssl/openssl/crypto/rsa/rsa_lib.c | 223 +- deps/openssl/openssl/crypto/rsa/rsa_locl.h | 44 +- deps/openssl/openssl/crypto/rsa/rsa_meth.c | 14 + deps/openssl/openssl/crypto/rsa/rsa_mp.c | 115 + deps/openssl/openssl/crypto/rsa/rsa_none.c | 12 +- deps/openssl/openssl/crypto/rsa/rsa_null.c | 93 - deps/openssl/openssl/crypto/rsa/rsa_oaep.c | 6 - deps/openssl/openssl/crypto/rsa/rsa_ossl.c | 161 +- deps/openssl/openssl/crypto/rsa/rsa_pk1.c | 24 +- deps/openssl/openssl/crypto/rsa/rsa_pmeth.c | 296 +- deps/openssl/openssl/crypto/rsa/rsa_prn.c | 6 +- deps/openssl/openssl/crypto/rsa/rsa_pss.c | 30 +- deps/openssl/openssl/crypto/rsa/rsa_saos.c | 15 +- deps/openssl/openssl/crypto/rsa/rsa_ssl.c | 20 +- deps/openssl/openssl/crypto/rsa/rsa_x931.c | 13 +- deps/openssl/openssl/crypto/rsa/rsa_x931g.c | 5 +- deps/openssl/openssl/crypto/s390x_arch.h | 103 + deps/openssl/openssl/crypto/s390xcap.c | 29 +- deps/openssl/openssl/crypto/s390xcpuid.S | 178 - deps/openssl/openssl/crypto/s390xcpuid.pl | 421 + deps/openssl/openssl/crypto/seed/seed_locl.h | 10 +- .../crypto/sha/asm/keccak1600-armv4.pl | 1606 +++ .../crypto/sha/asm/keccak1600-armv8.pl | 866 ++ .../openssl/crypto/sha/asm/keccak1600-avx2.pl | 482 + .../crypto/sha/asm/keccak1600-avx512.pl | 551 + .../crypto/sha/asm/keccak1600-avx512vl.pl | 392 + .../openssl/crypto/sha/asm/keccak1600-c64x.pl | 885 ++ .../openssl/crypto/sha/asm/keccak1600-mmx.pl | 440 + .../crypto/sha/asm/keccak1600-ppc64.pl | 758 ++ .../crypto/sha/asm/keccak1600-s390x.pl | 560 + .../crypto/sha/asm/keccak1600-x86_64.pl | 607 + .../crypto/sha/asm/keccak1600p8-ppc.pl | 850 ++ .../openssl/crypto/sha/asm/sha1-586.pl | 13 +- .../openssl/crypto/sha/asm/sha1-alpha.pl | 2 +- .../openssl/crypto/sha/asm/sha1-armv8.pl | 1 + .../openssl/crypto/sha/asm/sha1-ia64.pl | 2 +- .../openssl/crypto/sha/asm/sha1-mb-x86_64.pl | 60 +- .../openssl/crypto/sha/asm/sha1-mips.pl | 34 +- .../openssl/crypto/sha/asm/sha1-parisc.pl | 24 +- .../openssl/crypto/sha/asm/sha1-ppc.pl | 2 +- .../openssl/crypto/sha/asm/sha1-s390x.pl | 6 +- .../openssl/crypto/sha/asm/sha1-sparcv9.pl | 6 +- .../openssl/crypto/sha/asm/sha1-sparcv9a.pl | 4 +- .../openssl/crypto/sha/asm/sha1-thumb.pl | 4 +- .../openssl/crypto/sha/asm/sha1-x86_64.pl | 197 +- .../openssl/crypto/sha/asm/sha256-586.pl | 13 +- .../crypto/sha/asm/sha256-mb-x86_64.pl | 56 +- .../openssl/crypto/sha/asm/sha512-586.pl | 7 +- .../openssl/crypto/sha/asm/sha512-armv8.pl | 513 +- .../openssl/crypto/sha/asm/sha512-mips.pl | 28 +- .../openssl/crypto/sha/asm/sha512-parisc.pl | 23 +- .../openssl/crypto/sha/asm/sha512-ppc.pl | 2 +- .../openssl/crypto/sha/asm/sha512-s390x.pl | 8 +- .../openssl/crypto/sha/asm/sha512-sparcv9.pl | 8 +- .../openssl/crypto/sha/asm/sha512-x86_64.pl | 187 +- .../openssl/crypto/sha/asm/sha512p8-ppc.pl | 149 +- deps/openssl/openssl/crypto/sha/build.info | 27 +- deps/openssl/openssl/crypto/sha/keccak1600.c | 1246 ++ deps/openssl/openssl/crypto/sha/sha1_one.c | 2 +- deps/openssl/openssl/crypto/sha/sha256.c | 4 +- deps/openssl/openssl/crypto/sha/sha512.c | 87 +- deps/openssl/openssl/crypto/sha/sha_locl.h | 12 +- .../openssl/openssl/crypto/siphash/build.info | 5 + deps/openssl/openssl/crypto/siphash/siphash.c | 260 + .../openssl/crypto/siphash/siphash_ameth.c | 123 + .../openssl/crypto/siphash/siphash_local.h | 23 + .../openssl/crypto/siphash/siphash_pmeth.c | 205 + deps/openssl/openssl/crypto/sm2/build.info | 3 + deps/openssl/openssl/crypto/sm2/sm2_crypt.c | 393 + deps/openssl/openssl/crypto/sm2/sm2_err.c | 69 + deps/openssl/openssl/crypto/sm2/sm2_pmeth.c | 325 + deps/openssl/openssl/crypto/sm2/sm2_sign.c | 479 + deps/openssl/openssl/crypto/sm3/build.info | 2 + deps/openssl/openssl/crypto/sm3/m_sm3.c | 52 + deps/openssl/openssl/crypto/sm3/sm3.c | 195 + deps/openssl/openssl/crypto/sm3/sm3_locl.h | 79 + deps/openssl/openssl/crypto/sm4/build.info | 3 + deps/openssl/openssl/crypto/sm4/sm4.c | 233 + deps/openssl/openssl/crypto/sparccpuid.S | 4 - deps/openssl/openssl/crypto/sparcv9cap.c | 3 +- deps/openssl/openssl/crypto/srp/srp_lib.c | 6 +- deps/openssl/openssl/crypto/srp/srp_vfy.c | 237 +- deps/openssl/openssl/crypto/stack/stack.c | 277 +- deps/openssl/openssl/crypto/store/build.info | 4 + .../openssl/crypto/store/loader_file.c | 1440 ++ deps/openssl/openssl/crypto/store/store_err.c | 146 + .../openssl/openssl/crypto/store/store_init.c | 33 + deps/openssl/openssl/crypto/store/store_lib.c | 681 + .../openssl/openssl/crypto/store/store_locl.h | 132 + .../openssl/crypto/store/store_register.c | 297 + .../openssl/crypto/store/store_strings.c | 28 + deps/openssl/openssl/crypto/threads_none.c | 24 +- deps/openssl/openssl/crypto/threads_pthread.c | 35 +- deps/openssl/openssl/crypto/threads_win.c | 12 +- deps/openssl/openssl/crypto/ts/ts_asn1.c | 17 + deps/openssl/openssl/crypto/ts/ts_conf.c | 25 + deps/openssl/openssl/crypto/ts/ts_err.c | 260 +- deps/openssl/openssl/crypto/ts/ts_lcl.h | 28 + deps/openssl/openssl/crypto/ts/ts_rsp_sign.c | 182 +- .../openssl/openssl/crypto/ts/ts_rsp_verify.c | 101 +- deps/openssl/openssl/crypto/txt_db/txt_db.c | 27 +- deps/openssl/openssl/crypto/ui/build.info | 2 +- deps/openssl/openssl/crypto/ui/ui_err.c | 92 +- deps/openssl/openssl/crypto/ui/ui_lib.c | 234 +- deps/openssl/openssl/crypto/ui/ui_locl.h | 12 + deps/openssl/openssl/crypto/ui/ui_null.c | 26 + deps/openssl/openssl/crypto/ui/ui_openssl.c | 439 +- deps/openssl/openssl/crypto/ui/ui_util.c | 115 +- deps/openssl/openssl/crypto/uid.c | 22 +- .../openssl/crypto/whrlpool/asm/wp-mmx.pl | 8 +- .../openssl/crypto/whrlpool/asm/wp-x86_64.pl | 39 +- .../openssl/crypto/whrlpool/build.info | 3 +- .../openssl/crypto/whrlpool/wp_block.c | 8 - .../openssl/openssl/crypto/whrlpool/wp_dgst.c | 18 +- deps/openssl/openssl/crypto/x509/by_dir.c | 85 +- deps/openssl/openssl/crypto/x509/by_file.c | 30 +- deps/openssl/openssl/crypto/x509/t_crl.c | 17 +- deps/openssl/openssl/crypto/x509/t_req.c | 50 +- deps/openssl/openssl/crypto/x509/t_x509.c | 13 +- deps/openssl/openssl/crypto/x509/x509_att.c | 44 +- deps/openssl/openssl/crypto/x509/x509_cmp.c | 37 +- deps/openssl/openssl/crypto/x509/x509_d2.c | 18 +- deps/openssl/openssl/crypto/x509/x509_def.c | 12 +- deps/openssl/openssl/crypto/x509/x509_err.c | 240 +- deps/openssl/openssl/crypto/x509/x509_ext.c | 37 +- deps/openssl/openssl/crypto/x509/x509_lcl.h | 7 +- deps/openssl/openssl/crypto/x509/x509_lu.c | 88 +- deps/openssl/openssl/crypto/x509/x509_obj.c | 7 +- deps/openssl/openssl/crypto/x509/x509_req.c | 14 +- deps/openssl/openssl/crypto/x509/x509_set.c | 102 +- deps/openssl/openssl/crypto/x509/x509_trs.c | 9 +- deps/openssl/openssl/crypto/x509/x509_txt.c | 157 +- deps/openssl/openssl/crypto/x509/x509_v3.c | 60 +- deps/openssl/openssl/crypto/x509/x509_vfy.c | 59 +- deps/openssl/openssl/crypto/x509/x509_vpm.c | 54 +- deps/openssl/openssl/crypto/x509/x509cset.c | 19 +- deps/openssl/openssl/crypto/x509/x509name.c | 80 +- deps/openssl/openssl/crypto/x509/x509rset.c | 12 +- deps/openssl/openssl/crypto/x509/x509spki.c | 8 +- deps/openssl/openssl/crypto/x509/x509type.c | 15 +- deps/openssl/openssl/crypto/x509/x_all.c | 3 +- deps/openssl/openssl/crypto/x509/x_attrib.c | 6 +- deps/openssl/openssl/crypto/x509/x_crl.c | 21 +- deps/openssl/openssl/crypto/x509/x_name.c | 60 +- deps/openssl/openssl/crypto/x509/x_pubkey.c | 24 +- deps/openssl/openssl/crypto/x509/x_x509.c | 14 +- deps/openssl/openssl/crypto/x509v3/build.info | 2 +- deps/openssl/openssl/crypto/x509v3/ext_dat.h | 3 +- .../openssl/openssl/crypto/x509v3/pcy_cache.c | 36 +- deps/openssl/openssl/crypto/x509v3/pcy_data.c | 14 +- deps/openssl/openssl/crypto/x509v3/pcy_node.c | 26 +- deps/openssl/openssl/crypto/x509v3/pcy_tree.c | 9 +- .../openssl/crypto/x509v3/standard_exts.h | 77 + deps/openssl/openssl/crypto/x509v3/tabtest.c | 42 - deps/openssl/openssl/crypto/x509v3/v3_addr.c | 30 +- deps/openssl/openssl/crypto/x509v3/v3_admis.c | 356 + deps/openssl/openssl/crypto/x509v3/v3_admis.h | 38 + deps/openssl/openssl/crypto/x509v3/v3_alt.c | 74 +- deps/openssl/openssl/crypto/x509v3/v3_asid.c | 92 +- deps/openssl/openssl/crypto/x509v3/v3_conf.c | 6 +- deps/openssl/openssl/crypto/x509v3/v3_cpols.c | 74 +- deps/openssl/openssl/crypto/x509v3/v3_crld.c | 23 +- deps/openssl/openssl/crypto/x509v3/v3_enum.c | 2 +- deps/openssl/openssl/crypto/x509v3/v3_extku.c | 9 +- deps/openssl/openssl/crypto/x509v3/v3_info.c | 18 +- deps/openssl/openssl/crypto/x509v3/v3_lib.c | 72 +- deps/openssl/openssl/crypto/x509v3/v3_ncons.c | 2 +- deps/openssl/openssl/crypto/x509v3/v3_pci.c | 6 +- deps/openssl/openssl/crypto/x509v3/v3_pcia.c | 6 +- deps/openssl/openssl/crypto/x509v3/v3_pku.c | 15 +- deps/openssl/openssl/crypto/x509v3/v3_pmaps.c | 10 +- deps/openssl/openssl/crypto/x509v3/v3_purp.c | 25 +- deps/openssl/openssl/crypto/x509v3/v3_skey.c | 2 +- deps/openssl/openssl/crypto/x509v3/v3_tlsf.c | 3 +- deps/openssl/openssl/crypto/x509v3/v3_utl.c | 17 +- deps/openssl/openssl/crypto/x509v3/v3conf.c | 79 - deps/openssl/openssl/crypto/x509v3/v3err.c | 377 +- deps/openssl/openssl/crypto/x509v3/v3prin.c | 50 - deps/openssl/openssl/crypto/x86_64cpuid.pl | 58 +- deps/openssl/openssl/crypto/x86cpuid.pl | 60 +- deps/openssl/openssl/demos/bio/Makefile | 2 +- deps/openssl/openssl/demos/bio/intca.pem | 44 +- deps/openssl/openssl/demos/bio/root.pem | 46 +- deps/openssl/openssl/demos/bio/saccept.c | 15 +- deps/openssl/openssl/demos/bio/sconnect.c | 18 +- deps/openssl/openssl/demos/bio/server-arg.c | 13 +- deps/openssl/openssl/demos/bio/server-cmod.c | 13 +- deps/openssl/openssl/demos/bio/server-conf.c | 13 +- deps/openssl/openssl/demos/bio/server-ec.pem | 26 +- deps/openssl/openssl/demos/bio/server.pem | 136 +- deps/openssl/openssl/demos/cms/cacert.pem | 43 +- deps/openssl/openssl/demos/cms/cakey.pem | 50 +- deps/openssl/openssl/demos/cms/signer.pem | 76 +- deps/openssl/openssl/demos/cms/signer2.pem | 76 +- deps/openssl/openssl/demos/engines/e_chil.txt | 12 + deps/openssl/openssl/demos/evp/Makefile | 7 +- deps/openssl/openssl/demos/evp/aesgcm.c | 2 +- deps/openssl/openssl/demos/pkcs12/README | 3 - deps/openssl/openssl/demos/pkcs12/pkread.c | 35 + deps/openssl/openssl/demos/smime/cacert.pem | 43 +- deps/openssl/openssl/demos/smime/cakey.pem | 50 +- deps/openssl/openssl/demos/smime/signer.pem | 76 +- deps/openssl/openssl/demos/smime/signer2.pem | 76 +- .../openssl/doc/HOWTO/certificates.txt | 2 +- deps/openssl/openssl/doc/HOWTO/keys.txt | 2 +- .../openssl/doc/HOWTO/proxy_certificates.txt | 2 +- deps/openssl/openssl/doc/README | 17 +- deps/openssl/openssl/doc/apps/speed.pod | 68 - .../openssl/doc/crypto/ASN1_TIME_set.pod | 138 - .../openssl/doc/crypto/ERR_remove_state.pod | 53 - .../openssl/doc/crypto/EVP_DigestInit.pod | 304 - .../openssl/doc/crypto/EVP_PKEY_CTX_ctrl.pod | 154 - .../openssl/doc/crypto/EVP_PKEY_new.pod | 61 - deps/openssl/openssl/doc/crypto/RAND_add.pod | 79 - .../openssl/openssl/doc/crypto/RAND_bytes.pod | 58 - deps/openssl/openssl/doc/crypto/RAND_egd.pod | 87 - .../doc/crypto/RAND_set_rand_method.pod | 81 - .../openssl/doc/crypto/RSA_generate_key.pod | 88 - .../openssl/doc/crypto/X509_cmp_time.pod | 39 - .../openssl/doc/crypto/d2i_Netscape_RSA.pod | 38 - .../openssl/doc/{apps => man1}/CA.pl.pod | 36 +- .../openssl/doc/{apps => man1}/asn1parse.pod | 32 +- .../openssl/openssl/doc/{apps => man1}/ca.pod | 167 +- .../openssl/doc/{apps => man1}/ciphers.pod | 143 +- .../openssl/doc/{apps => man1}/cms.pod | 133 +- .../openssl/doc/{apps => man1}/crl.pod | 30 +- .../openssl/doc/{apps => man1}/crl2pkcs7.pod | 12 +- .../openssl/doc/{apps => man1}/dgst.pod | 26 +- .../openssl/doc/{apps => man1}/dhparam.pod | 30 +- .../openssl/doc/{apps => man1}/dsa.pod | 27 +- .../openssl/doc/{apps => man1}/dsaparam.pod | 32 +- .../openssl/openssl/doc/{apps => man1}/ec.pod | 24 +- .../openssl/doc/{apps => man1}/ecparam.pod | 20 +- .../openssl/doc/{apps => man1}/enc.pod | 187 +- .../openssl/doc/{apps => man1}/engine.pod | 8 +- .../openssl/doc/{apps => man1}/errstr.pod | 0 .../openssl/doc/{apps => man1}/gendsa.pod | 23 +- .../openssl/doc/{apps => man1}/genpkey.pod | 54 +- .../openssl/doc/{apps => man1}/genrsa.pod | 57 +- .../openssl/doc/{apps => man1}/list.pod | 16 +- .../openssl/doc/{apps => man1}/nseq.pod | 8 +- .../openssl/doc/{apps => man1}/ocsp.pod | 119 +- .../openssl/doc/{apps => man1}/openssl.pod | 247 +- .../openssl/doc/{apps => man1}/passwd.pod | 45 +- .../openssl/doc/{apps => man1}/pkcs12.pod | 82 +- .../openssl/doc/{apps => man1}/pkcs7.pod | 16 +- .../openssl/doc/{apps => man1}/pkcs8.pod | 39 +- .../openssl/doc/{apps => man1}/pkey.pod | 42 +- .../openssl/doc/{apps => man1}/pkeyparam.pod | 17 +- .../openssl/doc/{apps => man1}/pkeyutl.pod | 135 +- deps/openssl/openssl/doc/man1/prime.pod | 68 + .../openssl/doc/{apps => man1}/rand.pod | 16 +- .../openssl/doc/{apps => man1}/rehash.pod | 0 .../openssl/doc/{apps => man1}/req.pod | 134 +- .../openssl/doc/{apps => man1}/rsa.pod | 56 +- .../openssl/doc/{apps => man1}/rsautl.pod | 41 +- .../openssl/doc/{apps => man1}/s_client.pod | 331 +- .../openssl/doc/{apps => man1}/s_server.pod | 792 +- .../openssl/doc/{apps => man1}/s_time.pod | 51 +- .../openssl/doc/{apps => man1}/sess_id.pod | 40 +- .../openssl/doc/{apps => man1}/smime.pod | 102 +- deps/openssl/openssl/doc/man1/speed.pod | 104 + .../openssl/doc/{apps => man1}/spkac.pod | 39 +- deps/openssl/openssl/doc/man1/srp.pod | 73 + deps/openssl/openssl/doc/man1/storeutl.pod | 133 + .../openssl/openssl/doc/{apps => man1}/ts.pod | 48 +- .../openssl/doc/{apps => man1}/tsget.pod | 2 + .../openssl/doc/{apps => man1}/verify.pod | 114 +- .../openssl/doc/{apps => man1}/version.pod | 14 +- .../openssl/doc/{apps => man1}/x509.pod | 243 +- deps/openssl/openssl/doc/man3/ADMISSIONS.pod | 179 + .../ASN1_INTEGER_get_int64.pod | 0 .../openssl/doc/man3/ASN1_ITEM_lookup.pod | 39 + .../doc/{crypto => man3}/ASN1_OBJECT_new.pod | 0 .../doc/man3/ASN1_STRING_TABLE_add.pod | 65 + .../{crypto => man3}/ASN1_STRING_length.pod | 20 + .../doc/{crypto => man3}/ASN1_STRING_new.pod | 0 .../{crypto => man3}/ASN1_STRING_print_ex.pod | 14 +- .../openssl/doc/man3/ASN1_TIME_set.pod | 258 + .../doc/{crypto => man3}/ASN1_TYPE_get.pod | 0 .../{crypto => man3}/ASN1_generate_nconf.pod | 0 .../{crypto => man3}/ASYNC_WAIT_CTX_new.pod | 4 +- .../doc/{crypto => man3}/ASYNC_start_job.pod | 17 +- .../doc/{crypto => man3}/BF_encrypt.pod | 12 +- .../openssl/doc/{crypto => man3}/BIO_ADDR.pod | 0 .../doc/{crypto => man3}/BIO_ADDRINFO.pod | 41 +- .../doc/{crypto => man3}/BIO_connect.pod | 17 +- .../openssl/doc/{crypto => man3}/BIO_ctrl.pod | 0 .../doc/{crypto => man3}/BIO_f_base64.pod | 8 +- .../doc/{crypto => man3}/BIO_f_buffer.pod | 4 +- .../doc/{crypto => man3}/BIO_f_cipher.pod | 6 +- .../openssl/doc/{crypto => man3}/BIO_f_md.pod | 38 +- .../doc/{crypto => man3}/BIO_f_null.pod | 2 +- .../doc/{crypto => man3}/BIO_f_ssl.pod | 44 +- .../doc/{crypto => man3}/BIO_find_type.pod | 13 +- .../doc/{crypto => man3}/BIO_get_data.pod | 0 .../{crypto => man3}/BIO_get_ex_new_index.pod | 22 +- .../doc/{crypto => man3}/BIO_meth_new.pod | 105 +- .../openssl/doc/{crypto => man3}/BIO_new.pod | 7 +- .../doc/{crypto => man3}/BIO_new_CMS.pod | 0 .../{crypto => man3}/BIO_parse_hostserv.pod | 6 +- .../doc/{crypto => man3}/BIO_printf.pod | 0 .../openssl/doc/{crypto => man3}/BIO_push.pod | 0 .../openssl/doc/{crypto => man3}/BIO_read.pod | 36 +- .../doc/{crypto => man3}/BIO_s_accept.pod | 20 +- .../doc/{crypto => man3}/BIO_s_bio.pod | 30 +- .../doc/{crypto => man3}/BIO_s_connect.pod | 55 +- .../openssl/doc/{crypto => man3}/BIO_s_fd.pod | 10 +- .../doc/{crypto => man3}/BIO_s_file.pod | 31 +- .../doc/{crypto => man3}/BIO_s_mem.pod | 20 +- .../doc/{crypto => man3}/BIO_s_null.pod | 2 +- .../doc/{crypto => man3}/BIO_s_socket.pod | 2 +- .../doc/{crypto => man3}/BIO_set_callback.pod | 35 +- .../doc/{crypto => man3}/BIO_should_retry.pod | 29 +- .../doc/{crypto => man3}/BN_BLINDING_new.pod | 18 +- .../doc/{crypto => man3}/BN_CTX_new.pod | 17 +- .../doc/{crypto => man3}/BN_CTX_start.pod | 0 .../openssl/doc/{crypto => man3}/BN_add.pod | 10 +- .../doc/{crypto => man3}/BN_add_word.pod | 0 .../doc/{crypto => man3}/BN_bn2bin.pod | 2 +- .../openssl/doc/{crypto => man3}/BN_cmp.pod | 0 .../openssl/doc/{crypto => man3}/BN_copy.pod | 0 .../{crypto => man3}/BN_generate_prime.pod | 46 +- .../doc/{crypto => man3}/BN_mod_inverse.pod | 2 +- .../BN_mod_mul_montgomery.pod | 6 +- .../BN_mod_mul_reciprocal.pod | 4 +- .../openssl/doc/{crypto => man3}/BN_new.pod | 0 .../doc/{crypto => man3}/BN_num_bytes.pod | 0 .../openssl/doc/{crypto => man3}/BN_rand.pod | 53 +- .../openssl/doc/man3/BN_security_bits.pod | 51 + .../doc/{crypto => man3}/BN_set_bit.pod | 0 .../openssl/doc/{crypto => man3}/BN_swap.pod | 6 +- .../openssl/doc/{crypto => man3}/BN_zero.pod | 22 +- .../doc/{crypto => man3}/BUF_MEM_new.pod | 4 +- .../doc/{crypto => man3}/CMS_add0_cert.pod | 1 - .../CMS_add1_recipient_cert.pod | 12 +- .../doc/{crypto => man3}/CMS_add1_signer.pod | 5 +- .../doc/{crypto => man3}/CMS_compress.pod | 0 .../doc/{crypto => man3}/CMS_decrypt.pod | 5 +- .../doc/{crypto => man3}/CMS_encrypt.pod | 3 +- .../doc/{crypto => man3}/CMS_final.pod | 0 .../CMS_get0_RecipientInfos.pod | 21 +- .../{crypto => man3}/CMS_get0_SignerInfos.pod | 3 +- .../doc/{crypto => man3}/CMS_get0_type.pod | 0 .../CMS_get1_ReceiptRequest.pod | 10 +- .../openssl/doc/{crypto => man3}/CMS_sign.pod | 3 +- .../doc/{crypto => man3}/CMS_sign_receipt.pod | 4 +- .../doc/{crypto => man3}/CMS_uncompress.pod | 0 .../doc/{crypto => man3}/CMS_verify.pod | 3 +- .../{crypto => man3}/CMS_verify_receipt.pod | 4 +- .../{crypto => man3}/CONF_modules_free.pod | 20 +- .../CONF_modules_load_file.pod | 51 +- .../CRYPTO_THREAD_run_once.pod | 87 +- .../CRYPTO_get_ex_new_index.pod | 31 +- .../CTLOG_STORE_get0_log_by_id.pod | 2 +- .../doc/{crypto => man3}/CTLOG_STORE_new.pod | 2 +- .../doc/{crypto => man3}/CTLOG_new.pod | 2 +- .../CT_POLICY_EVAL_CTX_new.pod | 39 +- .../doc/{crypto => man3}/DEFINE_STACK_OF.pod | 72 +- .../doc/{crypto => man3}/DES_random_key.pod | 141 +- .../doc/{crypto => man3}/DH_generate_key.pod | 2 +- .../DH_generate_parameters.pod | 47 +- .../doc/{crypto => man3}/DH_get0_pqg.pod | 28 +- .../doc/{crypto => man3}/DH_get_1024_160.pod | 0 .../doc/{crypto => man3}/DH_meth_new.pod | 37 +- .../openssl/doc/{crypto => man3}/DH_new.pod | 2 +- .../openssl/doc/man3/DH_new_by_nid.pod | 39 + .../doc/{crypto => man3}/DH_set_method.pod | 2 +- .../openssl/doc/{crypto => man3}/DH_size.pod | 28 +- .../doc/{crypto => man3}/DSA_SIG_new.pod | 2 +- .../doc/{crypto => man3}/DSA_do_sign.pod | 4 +- .../doc/{crypto => man3}/DSA_dup_DH.pod | 8 +- .../doc/{crypto => man3}/DSA_generate_key.pod | 8 +- .../DSA_generate_parameters.pod | 36 +- .../doc/{crypto => man3}/DSA_get0_pqg.pod | 20 +- .../doc/{crypto => man3}/DSA_meth_new.pod | 92 +- .../openssl/doc/{crypto => man3}/DSA_new.pod | 2 +- .../doc/{crypto => man3}/DSA_set_method.pod | 2 +- .../openssl/doc/{crypto => man3}/DSA_sign.pod | 11 +- .../openssl/doc/{crypto => man3}/DSA_size.pod | 14 +- .../openssl/doc/man3/DTLS_get_data_mtu.pod | 36 + .../openssl/doc/man3/DTLS_set_timer_cb.pod | 40 + .../openssl/doc/man3/DTLSv1_listen.pod | 134 + .../doc/{crypto => man3}/ECDSA_SIG_new.pod | 57 +- .../{crypto => man3}/ECPKParameters_print.pod | 0 .../{crypto => man3}/EC_GFp_simple_method.pod | 0 .../doc/{crypto => man3}/EC_GROUP_copy.pod | 5 +- .../doc/{crypto => man3}/EC_GROUP_new.pod | 68 +- .../{crypto => man3}/EC_KEY_get_enc_flags.pod | 0 .../doc/{crypto => man3}/EC_KEY_new.pod | 13 +- .../doc/{crypto => man3}/EC_POINT_add.pod | 22 +- .../doc/{crypto => man3}/EC_POINT_new.pod | 61 +- .../doc/{crypto => man3}/ENGINE_add.pod | 184 +- .../doc/{crypto => man3}/ERR_GET_LIB.pod | 0 .../doc/{crypto => man3}/ERR_clear_error.pod | 0 .../doc/{crypto => man3}/ERR_error_string.pod | 0 .../doc/{crypto => man3}/ERR_get_error.pod | 6 +- .../ERR_load_crypto_strings.pod | 10 +- .../doc/{crypto => man3}/ERR_load_strings.pod | 8 +- .../doc/{crypto => man3}/ERR_print_errors.pod | 3 +- .../doc/{crypto => man3}/ERR_put_error.pod | 7 +- .../openssl/doc/man3/ERR_remove_state.pod | 49 + .../doc/{crypto => man3}/ERR_set_mark.pod | 0 .../doc/{crypto => man3}/EVP_BytesToKey.pod | 2 +- .../EVP_CIPHER_CTX_get_cipher_data.pod | 0 .../{crypto => man3}/EVP_CIPHER_meth_new.pod | 40 +- .../openssl/doc/man3/EVP_DigestInit.pod | 391 + .../{crypto => man3}/EVP_DigestSignInit.pod | 55 +- .../{crypto => man3}/EVP_DigestVerifyInit.pod | 42 +- .../doc/{crypto => man3}/EVP_EncodeInit.pod | 5 +- .../doc/{crypto => man3}/EVP_EncryptInit.pod | 544 +- .../doc/{crypto => man3}/EVP_MD_meth_new.pod | 2 +- .../doc/{crypto => man3}/EVP_OpenInit.pod | 9 +- .../{crypto => man3}/EVP_PKEY_ASN1_METHOD.pod | 81 +- .../openssl/doc/man3/EVP_PKEY_CTX_ctrl.pod | 454 + .../doc/{crypto => man3}/EVP_PKEY_CTX_new.pod | 0 .../doc/man3/EVP_PKEY_CTX_set1_pbe_pass.pod | 70 + .../EVP_PKEY_CTX_set_hkdf_md.pod | 80 +- .../EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod | 94 + .../doc/man3/EVP_PKEY_CTX_set_scrypt_N.pod | 86 + .../EVP_PKEY_CTX_set_tls1_prf_md.pod | 13 +- .../EVP_PKEY_asn1_get_count.pod | 2 +- .../doc/{crypto => man3}/EVP_PKEY_cmp.pod | 0 .../doc/{crypto => man3}/EVP_PKEY_decrypt.pod | 25 +- .../doc/{crypto => man3}/EVP_PKEY_derive.pod | 19 +- .../doc/{crypto => man3}/EVP_PKEY_encrypt.pod | 22 +- .../EVP_PKEY_get_default_digest_nid.pod | 5 +- .../doc/{crypto => man3}/EVP_PKEY_keygen.pod | 81 +- .../doc/man3/EVP_PKEY_meth_get_count.pod | 50 + .../openssl/doc/man3/EVP_PKEY_meth_new.pod | 424 + .../openssl/openssl/doc/man3/EVP_PKEY_new.pod | 133 + .../EVP_PKEY_print_private.pod | 11 +- .../{crypto => man3}/EVP_PKEY_set1_RSA.pod | 51 +- .../doc/{crypto => man3}/EVP_PKEY_sign.pod | 18 +- .../doc/{crypto => man3}/EVP_PKEY_verify.pod | 25 +- .../EVP_PKEY_verify_recover.pod | 26 +- .../doc/{crypto => man3}/EVP_SealInit.pod | 7 +- .../doc/{crypto => man3}/EVP_SignInit.pod | 11 +- .../doc/{crypto => man3}/EVP_VerifyInit.pod | 5 +- deps/openssl/openssl/doc/man3/EVP_aes.pod | 186 + deps/openssl/openssl/doc/man3/EVP_aria.pod | 116 + deps/openssl/openssl/doc/man3/EVP_bf_cbc.pod | 61 + .../openssl/doc/man3/EVP_blake2b512.pod | 64 + .../openssl/openssl/doc/man3/EVP_camellia.pod | 99 + .../openssl/doc/man3/EVP_cast5_cbc.pod | 61 + .../openssl/openssl/doc/man3/EVP_chacha20.pod | 56 + deps/openssl/openssl/doc/man3/EVP_des.pod | 105 + .../openssl/openssl/doc/man3/EVP_desx_cbc.pod | 49 + .../openssl/openssl/doc/man3/EVP_idea_cbc.pod | 59 + deps/openssl/openssl/doc/man3/EVP_md2.pod | 52 + deps/openssl/openssl/doc/man3/EVP_md4.pod | 52 + deps/openssl/openssl/doc/man3/EVP_md5.pod | 64 + deps/openssl/openssl/doc/man3/EVP_mdc2.pod | 52 + deps/openssl/openssl/doc/man3/EVP_rc2_cbc.pod | 75 + deps/openssl/openssl/doc/man3/EVP_rc4.pod | 67 + .../openssl/doc/man3/EVP_rc5_32_12_16_cbc.pod | 66 + .../openssl/doc/man3/EVP_ripemd160.pod | 51 + .../openssl/openssl/doc/man3/EVP_seed_cbc.pod | 61 + deps/openssl/openssl/doc/man3/EVP_sha1.pod | 53 + deps/openssl/openssl/doc/man3/EVP_sha224.pod | 73 + .../openssl/openssl/doc/man3/EVP_sha3_224.pod | 78 + deps/openssl/openssl/doc/man3/EVP_sm3.pod | 53 + deps/openssl/openssl/doc/man3/EVP_sm4_cbc.pod | 66 + .../openssl/doc/man3/EVP_whirlpool.pod | 53 + .../openssl/doc/{crypto => man3}/HMAC.pod | 47 +- .../openssl/doc/{crypto => man3}/MD5.pod | 18 +- .../doc/{crypto => man3}/MDC2_Init.pod | 8 +- .../doc/{crypto => man3}/OBJ_nid2obj.pod | 25 +- .../doc/{crypto => man3}/OCSP_REQUEST_new.pod | 6 +- .../doc/{crypto => man3}/OCSP_cert_to_id.pod | 4 +- .../OCSP_request_add1_nonce.pod | 4 +- .../OCSP_resp_find_status.pod | 11 +- .../{crypto => man3}/OCSP_response_status.pod | 27 +- .../doc/{crypto => man3}/OCSP_sendreq_new.pod | 4 +- .../doc/{crypto => man3}/OPENSSL_Applink.pod | 6 +- .../{crypto => man3}/OPENSSL_LH_COMPFUNC.pod | 38 +- .../doc/{crypto => man3}/OPENSSL_LH_stats.pod | 14 +- .../OPENSSL_VERSION_NUMBER.pod | 8 +- .../doc/{crypto => man3}/OPENSSL_config.pod | 15 +- .../openssl/doc/man3/OPENSSL_fork_prepare.pod | 63 + .../doc/{crypto => man3}/OPENSSL_ia32cap.pod | 35 +- .../{crypto => man3}/OPENSSL_init_crypto.pod | 23 +- .../doc/{ssl => man3}/OPENSSL_init_ssl.pod | 0 .../OPENSSL_instrument_bus.pod | 6 +- .../OPENSSL_load_builtin_modules.pod | 8 +- .../doc/{crypto => man3}/OPENSSL_malloc.pod | 60 +- .../OPENSSL_secure_malloc.pod | 15 +- .../openssl/doc/man3/OSSL_STORE_INFO.pod | 204 + .../openssl/doc/man3/OSSL_STORE_LOADER.pod | 264 + .../openssl/doc/man3/OSSL_STORE_SEARCH.pod | 193 + .../openssl/doc/man3/OSSL_STORE_expect.pod | 79 + .../openssl/doc/man3/OSSL_STORE_open.pod | 161 + .../OpenSSL_add_all_algorithms.pod | 37 +- .../openssl/doc/man3/PEM_bytes_read_bio.pod | 86 + .../openssl/doc/{crypto => man3}/PEM_read.pod | 9 +- .../doc/{crypto => man3}/PEM_read_CMS.pod | 15 +- .../PEM_read_bio_PrivateKey.pod | 47 +- .../openssl/doc/man3/PEM_read_bio_ex.pod | 70 + .../PEM_write_bio_CMS_stream.pod | 0 .../PEM_write_bio_PKCS7_stream.pod | 0 .../doc/{crypto => man3}/PKCS12_create.pod | 16 +- .../doc/{crypto => man3}/PKCS12_newpass.pod | 70 +- .../doc/{crypto => man3}/PKCS12_parse.pod | 5 +- .../{crypto => man3}/PKCS5_PBKDF2_HMAC.pod | 16 +- .../doc/{crypto => man3}/PKCS7_decrypt.pod | 0 .../doc/{crypto => man3}/PKCS7_encrypt.pod | 3 +- .../doc/{crypto => man3}/PKCS7_sign.pod | 4 +- .../PKCS7_sign_add_signer.pod | 3 +- .../doc/{crypto => man3}/PKCS7_verify.pod | 3 +- .../openssl/doc/man3/RAND_DRBG_generate.pod | 88 + .../doc/man3/RAND_DRBG_get0_master.pod | 80 + .../openssl/doc/man3/RAND_DRBG_new.pod | 127 + .../openssl/doc/man3/RAND_DRBG_reseed.pod | 111 + .../doc/man3/RAND_DRBG_set_callbacks.pod | 147 + .../doc/man3/RAND_DRBG_set_ex_data.pod | 68 + deps/openssl/openssl/doc/man3/RAND_add.pod | 104 + deps/openssl/openssl/doc/man3/RAND_bytes.pod | 78 + .../doc/{crypto => man3}/RAND_cleanup.pod | 20 +- deps/openssl/openssl/doc/man3/RAND_egd.pod | 61 + .../doc/{crypto => man3}/RAND_load_file.pod | 48 +- .../openssl/doc/man3/RAND_set_rand_method.pod | 69 + .../doc/{crypto => man3}/RC4_set_key.pod | 0 .../doc/{crypto => man3}/RIPEMD160_Init.pod | 9 +- .../doc/{crypto => man3}/RSA_blinding_on.pod | 0 .../doc/{crypto => man3}/RSA_check_key.pod | 4 +- .../openssl/doc/man3/RSA_generate_key.pod | 107 + .../doc/{crypto => man3}/RSA_get0_key.pod | 81 +- .../doc/{crypto => man3}/RSA_meth_new.pod | 167 +- .../openssl/doc/{crypto => man3}/RSA_new.pod | 2 +- .../RSA_padding_add_PKCS1_type_1.pod | 21 +- .../doc/{crypto => man3}/RSA_print.pod | 0 .../{crypto => man3}/RSA_private_encrypt.pod | 8 +- .../{crypto => man3}/RSA_public_encrypt.pod | 10 +- .../doc/{crypto => man3}/RSA_set_method.pod | 56 +- .../openssl/doc/{crypto => man3}/RSA_sign.pod | 4 +- .../RSA_sign_ASN1_OCTET_STRING.pod | 10 +- .../openssl/doc/{crypto => man3}/RSA_size.pod | 23 +- .../openssl/doc/{crypto => man3}/SCT_new.pod | 73 +- .../doc/{crypto => man3}/SCT_print.pod | 11 +- .../doc/{crypto => man3}/SCT_validate.pod | 26 +- .../doc/{crypto => man3}/SHA256_Init.pod | 10 +- .../doc/{crypto => man3}/SMIME_read_CMS.pod | 4 +- .../doc/{crypto => man3}/SMIME_read_PKCS7.pod | 0 .../doc/{crypto => man3}/SMIME_write_CMS.pod | 0 .../{crypto => man3}/SMIME_write_PKCS7.pod | 0 .../openssl/doc/man3/SSL_CIPHER_get_name.pod | 210 + .../SSL_COMP_add_compression_method.pod | 19 +- .../doc/{ssl => man3}/SSL_CONF_CTX_new.pod | 0 .../SSL_CONF_CTX_set1_prefix.pod | 2 +- .../{ssl => man3}/SSL_CONF_CTX_set_flags.pod | 2 +- .../SSL_CONF_CTX_set_ssl_ctx.pod | 0 .../doc/{ssl => man3}/SSL_CONF_cmd.pod | 256 +- .../doc/{ssl => man3}/SSL_CONF_cmd_argv.pod | 2 +- .../{ssl => man3}/SSL_CTX_add1_chain_cert.pod | 4 +- .../SSL_CTX_add_extra_chain_cert.pod | 2 +- .../doc/{ssl => man3}/SSL_CTX_add_session.pod | 21 +- .../doc/{ssl => man3}/SSL_CTX_config.pod | 10 +- .../doc/{ssl => man3}/SSL_CTX_ctrl.pod | 2 +- .../doc/{ssl => man3}/SSL_CTX_dane_enable.pod | 266 +- .../{ssl => man3}/SSL_CTX_flush_sessions.pod | 15 +- .../doc/{ssl => man3}/SSL_CTX_free.pod | 2 +- .../doc/{ssl => man3}/SSL_CTX_get0_param.pod | 0 .../{ssl => man3}/SSL_CTX_get_verify_mode.pod | 2 +- .../SSL_CTX_has_client_custom_ext.pod | 2 +- .../SSL_CTX_load_verify_locations.pod | 4 +- .../openssl/doc/{ssl => man3}/SSL_CTX_new.pod | 21 +- .../doc/{ssl => man3}/SSL_CTX_sess_number.pod | 6 +- .../SSL_CTX_sess_set_cache_size.pod | 2 +- .../{ssl => man3}/SSL_CTX_sess_set_get_cb.pod | 52 +- .../doc/{ssl => man3}/SSL_CTX_sessions.pod | 12 +- .../openssl/doc/man3/SSL_CTX_set0_CA_list.pod | 188 + .../openssl/doc/man3/SSL_CTX_set1_curves.pod | 112 + .../{ssl => man3}/SSL_CTX_set1_sigalgs.pod | 23 +- .../SSL_CTX_set1_verify_cert_store.pod | 0 .../SSL_CTX_set_alpn_select_cb.pod | 0 .../doc/{ssl => man3}/SSL_CTX_set_cert_cb.pod | 17 +- .../{ssl => man3}/SSL_CTX_set_cert_store.pod | 20 +- .../SSL_CTX_set_cert_verify_callback.pod | 20 +- .../{ssl => man3}/SSL_CTX_set_cipher_list.pod | 54 +- .../SSL_CTX_set_client_cert_cb.pod | 16 +- .../doc/man3/SSL_CTX_set_client_hello_cb.pod | 130 + .../SSL_CTX_set_ct_validation_callback.pod | 2 +- .../SSL_CTX_set_ctlog_list_file.pod | 4 +- .../SSL_CTX_set_default_passwd_cb.pod | 8 +- .../doc/{ssl => man3}/SSL_CTX_set_ex_data.pod | 0 .../SSL_CTX_set_generate_session_id.pod | 41 +- .../SSL_CTX_set_info_callback.pod | 94 +- .../doc/man3/SSL_CTX_set_keylog_callback.pod | 52 + .../SSL_CTX_set_max_cert_list.pod | 2 +- .../SSL_CTX_set_min_proto_version.pod | 4 +- .../openssl/doc/man3/SSL_CTX_set_mode.pod | 138 + .../doc/man3/SSL_CTX_set_msg_callback.pod | 143 + .../doc/man3/SSL_CTX_set_num_tickets.pod | 68 + .../doc/{ssl => man3}/SSL_CTX_set_options.pod | 173 +- .../man3/SSL_CTX_set_psk_client_callback.pod | 176 + .../SSL_CTX_set_quiet_shutdown.pod | 8 +- .../{ssl => man3}/SSL_CTX_set_read_ahead.pod | 22 +- .../SSL_CTX_set_record_padding_callback.pod | 96 + .../SSL_CTX_set_security_level.pod | 61 +- .../SSL_CTX_set_session_cache_mode.pod | 2 +- .../SSL_CTX_set_session_id_context.pod | 2 +- .../man3/SSL_CTX_set_session_ticket_cb.pod | 192 + .../SSL_CTX_set_split_send_fragment.pod | 80 +- .../{ssl => man3}/SSL_CTX_set_ssl_version.pod | 2 +- ...L_CTX_set_stateless_cookie_generate_cb.pod | 58 + .../doc/{ssl => man3}/SSL_CTX_set_timeout.pod | 2 +- ...SSL_CTX_set_tlsext_servername_callback.pod | 77 + .../SSL_CTX_set_tlsext_status_cb.pod | 6 +- .../SSL_CTX_set_tlsext_ticket_key_cb.pod | 110 +- .../SSL_CTX_set_tlsext_use_srtp.pod | 4 +- .../SSL_CTX_set_tmp_dh_callback.pod | 38 +- .../doc/{ssl => man3}/SSL_CTX_set_verify.pod | 197 +- .../{ssl => man3}/SSL_CTX_use_certificate.pod | 23 +- .../man3/SSL_CTX_use_psk_identity_hint.pod | 155 + .../doc/man3/SSL_CTX_use_serverinfo.pod | 83 + .../doc/{ssl => man3}/SSL_SESSION_free.pod | 11 +- .../doc/man3/SSL_SESSION_get0_cipher.pod | 58 + .../doc/man3/SSL_SESSION_get0_hostname.pod | 74 + .../SSL_SESSION_get0_id_context.pod | 2 +- .../{ssl => man3}/SSL_SESSION_get0_peer.pod | 2 +- .../SSL_SESSION_get_compress_id.pod | 2 +- .../{ssl => man3}/SSL_SESSION_get_ex_data.pod | 2 +- .../SSL_SESSION_get_protocol_version.pod | 22 +- .../{ssl => man3}/SSL_SESSION_get_time.pod | 0 .../{ssl => man3}/SSL_SESSION_has_ticket.pod | 8 +- .../doc/man3/SSL_SESSION_is_resumable.pod | 44 + .../doc/{ssl => man3}/SSL_SESSION_print.pod | 2 +- .../doc/{ssl => man3}/SSL_SESSION_set1_id.pod | 4 +- .../openssl/doc/{ssl => man3}/SSL_accept.pod | 2 +- .../{ssl => man3}/SSL_alert_type_string.pod | 2 +- .../openssl/doc/man3/SSL_alloc_buffers.pod | 67 + .../doc/{ssl => man3}/SSL_check_chain.pod | 10 +- .../openssl/doc/{ssl => man3}/SSL_clear.pod | 2 +- .../openssl/doc/{ssl => man3}/SSL_connect.pod | 19 +- .../doc/{ssl => man3}/SSL_do_handshake.pod | 2 +- .../SSL_export_keying_material.pod | 39 +- .../doc/man3/SSL_extension_supported.pod | 291 + .../openssl/doc/{ssl => man3}/SSL_free.pod | 2 +- .../doc/{ssl => man3}/SSL_get0_peer_scts.pod | 2 +- .../doc/{ssl => man3}/SSL_get_SSL_CTX.pod | 2 +- .../{ssl => man3}/SSL_get_all_async_fds.pod | 4 +- .../doc/{ssl => man3}/SSL_get_ciphers.pod | 17 +- .../{ssl => man3}/SSL_get_client_random.pod | 34 +- .../{ssl => man3}/SSL_get_current_cipher.pod | 26 +- .../{ssl => man3}/SSL_get_default_timeout.pod | 2 +- .../doc/{ssl => man3}/SSL_get_error.pod | 76 +- .../{ssl => man3}/SSL_get_extms_support.pod | 2 +- .../openssl/doc/{ssl => man3}/SSL_get_fd.pod | 2 +- .../{ssl => man3}/SSL_get_peer_cert_chain.pod | 2 +- .../SSL_get_peer_certificate.pod | 2 +- .../doc/man3/SSL_get_peer_signature_nid.pod | 53 + .../openssl/doc/man3/SSL_get_peer_tmp_key.pod | 53 + .../{ssl => man3}/SSL_get_psk_identity.pod | 3 - .../doc/{ssl => man3}/SSL_get_rbio.pod | 2 +- .../doc/{ssl => man3}/SSL_get_session.pod | 27 +- .../{ssl => man3}/SSL_get_shared_sigalgs.pod | 12 +- .../{ssl => man3}/SSL_get_verify_result.pod | 2 +- .../openssl/doc/man3/SSL_get_version.pod | 111 + deps/openssl/openssl/doc/man3/SSL_in_init.pod | 110 + .../openssl/doc/man3/SSL_key_update.pod | 110 + .../doc/{ssl => man3}/SSL_library_init.pod | 0 .../{ssl => man3}/SSL_load_client_CA_file.pod | 6 +- .../openssl/doc/{ssl => man3}/SSL_new.pod | 16 +- .../openssl/doc/{ssl => man3}/SSL_pending.pod | 19 +- deps/openssl/openssl/doc/man3/SSL_read.pod | 152 + .../openssl/doc/man3/SSL_read_early_data.pod | 374 + .../doc/{ssl => man3}/SSL_rstate_string.pod | 2 +- .../doc/{ssl => man3}/SSL_session_reused.pod | 2 +- .../doc/{ssl => man3}/SSL_set1_host.pod | 31 +- .../openssl/doc/{ssl => man3}/SSL_set_bio.pod | 58 +- .../{ssl => man3}/SSL_set_connect_state.pod | 29 +- .../openssl/doc/{ssl => man3}/SSL_set_fd.pod | 2 +- .../doc/{ssl => man3}/SSL_set_session.pod | 2 +- .../doc/{ssl => man3}/SSL_set_shutdown.pod | 12 +- .../{ssl => man3}/SSL_set_verify_result.pod | 2 +- .../openssl/openssl/doc/man3/SSL_shutdown.pod | 163 + .../doc/{ssl => man3}/SSL_state_string.pod | 2 +- .../openssl/doc/{ssl => man3}/SSL_want.pod | 24 +- deps/openssl/openssl/doc/man3/SSL_write.pod | 128 + .../doc/{crypto => man3}/UI_STRING.pod | 30 +- .../openssl/doc/man3/UI_UTIL_read_pw.pod | 72 + .../doc/{crypto => man3}/UI_create_method.pod | 39 +- .../openssl/doc/{crypto => man3}/UI_new.pod | 91 +- .../doc/{crypto => man3}/X509V3_get_d2i.pod | 0 .../doc/{crypto => man3}/X509_ALGOR_dup.pod | 14 +- .../X509_CRL_get0_by_serial.pod | 0 .../X509_EXTENSION_set_object.pod | 0 .../{crypto => man3}/X509_LOOKUP_hash_dir.pod | 20 +- .../{crypto => man3}/X509_LOOKUP_meth_new.pod | 0 .../X509_NAME_ENTRY_get_object.pod | 38 +- .../X509_NAME_add_entry_by_txt.pod | 24 +- .../{crypto => man3}/X509_NAME_get0_der.pod | 0 .../X509_NAME_get_index_by_NID.pod | 31 +- .../{crypto => man3}/X509_NAME_print_ex.pod | 21 +- .../doc/{crypto => man3}/X509_PUBKEY_new.pod | 0 .../doc/{crypto => man3}/X509_SIG_get0.pod | 6 +- .../X509_STORE_CTX_get_error.pod | 2 +- .../{crypto => man3}/X509_STORE_CTX_new.pod | 0 .../X509_STORE_CTX_set_verify_cb.pod | 140 +- .../openssl/doc/man3/X509_STORE_add_cert.pod | 100 + .../X509_STORE_get0_param.pod | 0 .../doc/{crypto => man3}/X509_STORE_new.pod | 0 .../X509_STORE_set_verify_cb_func.pod | 0 .../X509_VERIFY_PARAM_set_flags.pod | 28 +- .../doc/{crypto => man3}/X509_check_ca.pod | 8 +- .../doc/{crypto => man3}/X509_check_host.pod | 2 +- .../{crypto => man3}/X509_check_issued.pod | 4 +- .../doc/man3/X509_check_private_key.pod | 54 + .../openssl/doc/man3/X509_cmp_time.pod | 61 + .../doc/{crypto => man3}/X509_digest.pod | 6 +- .../openssl/doc/{crypto => man3}/X509_dup.pod | 19 +- .../{crypto => man3}/X509_get0_notBefore.pod | 0 .../{crypto => man3}/X509_get0_signature.pod | 33 +- .../doc/{crypto => man3}/X509_get0_uids.pod | 0 .../X509_get_extension_flags.pod | 24 +- .../doc/{crypto => man3}/X509_get_pubkey.pod | 0 .../X509_get_serialNumber.pod | 0 .../X509_get_subject_name.pod | 2 +- .../doc/{crypto => man3}/X509_get_version.pod | 0 .../openssl/doc/{crypto => man3}/X509_new.pod | 0 .../doc/{crypto => man3}/X509_sign.pod | 0 .../doc/{crypto => man3}/X509_verify_cert.pod | 0 .../X509v3_get_ext_by_NID.pod | 10 +- .../doc/{crypto => man3}/d2i_DHparams.pod | 9 +- .../d2i_PKCS8PrivateKey_bio.pod | 33 +- .../doc/{crypto => man3}/d2i_PrivateKey.pod | 4 +- .../doc/{ssl => man3}/d2i_SSL_SESSION.pod | 5 +- .../openssl/doc/{crypto => man3}/d2i_X509.pod | 12 +- .../{crypto => man3}/i2d_CMS_bio_stream.pod | 0 .../{crypto => man3}/i2d_PKCS7_bio_stream.pod | 0 .../doc/{crypto => man3}/i2d_re_X509_tbs.pod | 11 +- .../doc/{crypto => man3}/o2i_SCT_LIST.pod | 5 +- .../openssl/doc/{apps => man5}/config.pod | 74 +- .../doc/{apps => man5}/x509v3_config.pod | 10 +- deps/openssl/openssl/doc/man7/Ed25519.pod | 87 + deps/openssl/openssl/doc/man7/RAND.pod | 81 + deps/openssl/openssl/doc/man7/RAND_DRBG.pod | 301 + deps/openssl/openssl/doc/man7/RSA-PSS.pod | 61 + deps/openssl/openssl/doc/man7/SM2.pod | 79 + deps/openssl/openssl/doc/man7/X25519.pod | 74 + .../openssl/doc/{crypto => man7}/bio.pod | 16 +- .../openssl/doc/{crypto => man7}/crypto.pod | 4 +- .../openssl/doc/{crypto => man7}/ct.pod | 2 - .../doc/{crypto => man7}/des_modes.pod | 15 +- .../openssl/doc/{crypto => man7}/evp.pod | 28 +- .../openssl/doc/man7/ossl_store-file.pod | 71 + deps/openssl/openssl/doc/man7/ossl_store.pod | 87 + .../openssl/doc/man7/passphrase-encoding.pod | 180 + deps/openssl/openssl/doc/man7/scrypt.pod | 115 + .../openssl/openssl/doc/{ssl => man7}/ssl.pod | 32 +- .../openssl/doc/{crypto => man7}/x509.pod | 20 +- deps/openssl/openssl/doc/openssl-c-indent.el | 2 +- .../openssl/openssl/doc/ssl/DTLSv1_listen.pod | 102 - .../openssl/doc/ssl/SSL_CIPHER_get_name.pod | 128 - .../openssl/doc/ssl/SSL_CTX_set1_curves.pod | 90 - .../doc/ssl/SSL_CTX_set_client_CA_list.pod | 103 - .../openssl/doc/ssl/SSL_CTX_set_mode.pod | 114 - .../doc/ssl/SSL_CTX_set_msg_callback.pod | 103 - .../ssl/SSL_CTX_set_psk_client_callback.pod | 63 - .../doc/ssl/SSL_CTX_use_psk_identity_hint.pod | 87 - .../doc/ssl/SSL_CTX_use_serverinfo.pod | 56 - .../doc/ssl/SSL_SESSION_get0_cipher.pod | 42 - .../doc/ssl/SSL_SESSION_get0_hostname.pod | 37 - .../doc/ssl/SSL_extension_supported.pod | 145 - .../doc/ssl/SSL_get_client_CA_list.pod | 62 - .../openssl/doc/ssl/SSL_get_version.pod | 69 - deps/openssl/openssl/doc/ssl/SSL_read.pod | 121 - deps/openssl/openssl/doc/ssl/SSL_shutdown.pod | 132 - deps/openssl/openssl/doc/ssl/SSL_write.pod | 111 - deps/openssl/openssl/e_os.h | 274 +- deps/openssl/openssl/engines/afalg/build.info | 13 - deps/openssl/openssl/engines/afalg/e_afalg.ec | 1 - .../openssl/engines/afalg/e_afalg_err.c | 111 - .../openssl/engines/afalg/e_afalg_err.h | 60 - .../openssl/engines/asm/e_padlock-x86.pl | 15 +- .../openssl/engines/asm/e_padlock-x86_64.pl | 15 +- deps/openssl/openssl/engines/build.info | 13 +- .../openssl/engines/{afalg => }/e_afalg.c | 184 +- deps/openssl/openssl/engines/e_afalg.ec | 3 + .../openssl/engines/{afalg => }/e_afalg.h | 15 + deps/openssl/openssl/engines/e_afalg.txt | 30 + deps/openssl/openssl/engines/e_afalg_err.c | 83 + deps/openssl/openssl/engines/e_afalg_err.h | 43 + deps/openssl/openssl/engines/e_capi.c | 16 +- deps/openssl/openssl/engines/e_capi.ec | 4 +- deps/openssl/openssl/engines/e_capi.txt | 62 + deps/openssl/openssl/engines/e_capi_err.c | 180 +- deps/openssl/openssl/engines/e_capi_err.h | 95 +- deps/openssl/openssl/engines/e_chil.c | 1285 -- deps/openssl/openssl/engines/e_chil.ec | 1 - deps/openssl/openssl/engines/e_chil_err.c | 111 - deps/openssl/openssl/engines/e_chil_err.h | 64 - deps/openssl/openssl/engines/e_dasync.c | 5 +- deps/openssl/openssl/engines/e_dasync.ec | 4 +- deps/openssl/openssl/engines/e_dasync.txt | 22 + deps/openssl/openssl/engines/e_dasync_err.c | 91 +- deps/openssl/openssl/engines/e_dasync_err.h | 39 +- deps/openssl/openssl/engines/e_ossltest.c | 140 +- deps/openssl/openssl/engines/e_ossltest.ec | 4 +- deps/openssl/openssl/engines/e_ossltest.txt | 13 + deps/openssl/openssl/engines/e_ossltest_err.c | 70 +- deps/openssl/openssl/engines/e_ossltest_err.h | 35 +- deps/openssl/openssl/engines/e_padlock.c | 6 +- deps/openssl/openssl/engines/e_padlock.ec | 1 - .../engines/vendor_defns/hwcryptohook.h | 509 - deps/openssl/openssl/fuzz/README.md | 79 +- deps/openssl/openssl/fuzz/asn1.c | 148 +- deps/openssl/openssl/fuzz/asn1parse.c | 24 +- deps/openssl/openssl/fuzz/bignum.c | 53 +- deps/openssl/openssl/fuzz/bndiv.c | 56 +- deps/openssl/openssl/fuzz/build.info | 16 +- deps/openssl/openssl/fuzz/client.c | 102 + deps/openssl/openssl/fuzz/cms.c | 33 +- deps/openssl/openssl/fuzz/conf.c | 14 +- deps/openssl/openssl/fuzz/crl.c | 16 +- deps/openssl/openssl/fuzz/ct.c | 15 +- deps/openssl/openssl/fuzz/driver.c | 17 +- deps/openssl/openssl/fuzz/fuzzer.h | 2 + deps/openssl/openssl/fuzz/helper.py | 4 +- deps/openssl/openssl/fuzz/mkfuzzoids.pl | 32 + deps/openssl/openssl/fuzz/oids.txt | 1065 ++ deps/openssl/openssl/fuzz/rand.inc | 38 + deps/openssl/openssl/fuzz/server.c | 442 +- deps/openssl/openssl/fuzz/test-corpus.c | 3 + deps/openssl/openssl/fuzz/x509.c | 19 +- .../internal/__DECC_INCLUDE_EPILOGUE.H | 2 +- .../internal/__DECC_INCLUDE_PROLOGUE.H | 2 +- deps/openssl/openssl/include/internal/bio.h | 11 +- deps/openssl/openssl/include/internal/conf.h | 11 +- .../include/internal/constant_time_locl.h | 224 +- .../{crypto => }/include/internal/cryptlib.h | 31 +- deps/openssl/openssl/include/internal/dso.h | 78 +- .../openssl/openssl/include/internal/dsoerr.h | 83 + .../include/internal/{asn1t.h => nelem.h} | 13 +- deps/openssl/openssl/include/internal/o_dir.h | 29 +- .../openssl/include/internal/refcount.h | 140 + .../openssl/include/internal/sockets.h | 159 + .../openssl/include/internal/tsan_assist.h | 144 + deps/openssl/openssl/include/openssl/asn1.h | 242 +- .../openssl/openssl/include/openssl/asn1err.h | 252 + deps/openssl/openssl/include/openssl/asn1t.h | 32 +- deps/openssl/openssl/include/openssl/async.h | 26 +- .../openssl/include/openssl/asyncerr.h | 38 + deps/openssl/openssl/include/openssl/bio.h | 196 +- deps/openssl/openssl/include/openssl/bioerr.h | 120 + deps/openssl/openssl/include/openssl/bn.h | 97 +- deps/openssl/openssl/include/openssl/bnerr.h | 96 + deps/openssl/openssl/include/openssl/buffer.h | 19 +- .../openssl/include/openssl/buffererr.h | 30 + deps/openssl/openssl/include/openssl/cms.h | 182 +- deps/openssl/openssl/include/openssl/cmserr.h | 196 + deps/openssl/openssl/include/openssl/comp.h | 23 +- .../openssl/openssl/include/openssl/comperr.h | 40 + deps/openssl/openssl/include/openssl/conf.h | 56 +- .../openssl/openssl/include/openssl/conferr.h | 72 + deps/openssl/openssl/include/openssl/crypto.h | 56 +- .../openssl/include/openssl/cryptoerr.h | 56 + deps/openssl/openssl/include/openssl/ct.h | 61 +- deps/openssl/openssl/include/openssl/cterr.h | 76 + deps/openssl/openssl/include/openssl/dh.h | 83 +- deps/openssl/openssl/include/openssl/dherr.h | 84 + deps/openssl/openssl/include/openssl/dsa.h | 64 +- deps/openssl/openssl/include/openssl/dsaerr.h | 67 + deps/openssl/openssl/include/openssl/dtls1.h | 13 +- deps/openssl/openssl/include/openssl/e_os2.h | 30 +- deps/openssl/openssl/include/openssl/ec.h | 465 +- deps/openssl/openssl/include/openssl/ecerr.h | 267 + deps/openssl/openssl/include/openssl/engine.h | 99 +- .../openssl/include/openssl/engineerr.h | 107 + deps/openssl/openssl/include/openssl/err.h | 23 +- deps/openssl/openssl/include/openssl/evp.h | 360 +- deps/openssl/openssl/include/openssl/evperr.h | 193 + deps/openssl/openssl/include/openssl/hmac.h | 6 +- deps/openssl/openssl/include/openssl/kdf.h | 80 +- deps/openssl/openssl/include/openssl/kdferr.h | 51 + deps/openssl/openssl/include/openssl/lhash.h | 2 +- deps/openssl/openssl/include/openssl/modes.h | 17 +- .../openssl/openssl/include/openssl/obj_mac.h | 639 +- .../openssl/openssl/include/openssl/objects.h | 928 +- .../openssl/include/openssl/objectserr.h | 38 + deps/openssl/openssl/include/openssl/ocsp.h | 73 +- .../openssl/openssl/include/openssl/ocsperr.h | 74 + .../openssl/include/openssl/opensslconf.h | 1 - .../openssl/include/openssl/opensslconf.h.in | 30 +- .../openssl/include/openssl/opensslv.h | 8 +- .../openssl/include/openssl/ossl_typ.h | 8 +- deps/openssl/openssl/include/openssl/pem.h | 144 +- deps/openssl/openssl/include/openssl/pem2.h | 15 +- deps/openssl/openssl/include/openssl/pemerr.h | 99 + deps/openssl/openssl/include/openssl/pkcs12.h | 61 +- .../openssl/include/openssl/pkcs12err.h | 77 + deps/openssl/openssl/include/openssl/pkcs7.h | 87 +- .../openssl/include/openssl/pkcs7err.h | 99 + deps/openssl/openssl/include/openssl/rand.h | 56 +- .../openssl/include/openssl/rand_drbg.h | 130 + .../openssl/openssl/include/openssl/randerr.h | 89 + deps/openssl/openssl/include/openssl/rsa.h | 256 +- deps/openssl/openssl/include/openssl/rsaerr.h | 162 + .../openssl/include/openssl/safestack.h | 10 +- deps/openssl/openssl/include/openssl/srp.h | 6 +- deps/openssl/openssl/include/openssl/ssl.h | 1448 +- deps/openssl/openssl/include/openssl/ssl3.h | 57 +- deps/openssl/openssl/include/openssl/sslerr.h | 767 ++ deps/openssl/openssl/include/openssl/stack.h | 11 +- deps/openssl/openssl/include/openssl/store.h | 266 + .../openssl/include/openssl/storeerr.h | 87 + deps/openssl/openssl/include/openssl/tls1.h | 423 +- deps/openssl/openssl/include/openssl/ts.h | 134 +- deps/openssl/openssl/include/openssl/tserr.h | 128 + deps/openssl/openssl/include/openssl/txt_db.h | 4 +- deps/openssl/openssl/include/openssl/ui.h | 122 +- deps/openssl/openssl/include/openssl/uierr.h | 61 + deps/openssl/openssl/include/openssl/x509.h | 147 +- .../openssl/include/openssl/x509_vfy.h | 4 + .../openssl/openssl/include/openssl/x509err.h | 125 + deps/openssl/openssl/include/openssl/x509v3.h | 205 +- .../openssl/include/openssl/x509v3err.h | 158 + deps/openssl/openssl/ms/segrenam.pl | 71 - deps/openssl/openssl/ms/tlhelp32.h | 136 - deps/openssl/openssl/ms/uplink-x86.pl | 2 +- deps/openssl/openssl/ssl/bio_ssl.c | 87 +- deps/openssl/openssl/ssl/build.info | 11 +- deps/openssl/openssl/ssl/d1_lib.c | 539 +- deps/openssl/openssl/ssl/d1_msg.c | 27 +- deps/openssl/openssl/ssl/d1_srtp.c | 196 +- deps/openssl/openssl/ssl/methods.c | 12 + deps/openssl/openssl/ssl/packet.c | 424 + deps/openssl/openssl/ssl/packet_locl.h | 335 +- deps/openssl/openssl/ssl/pqueue.c | 20 +- .../openssl/openssl/ssl/record/rec_layer_d1.c | 597 +- .../openssl/openssl/ssl/record/rec_layer_s3.c | 1062 +- deps/openssl/openssl/ssl/record/record.h | 85 +- deps/openssl/openssl/ssl/record/record_locl.h | 28 +- deps/openssl/openssl/ssl/record/ssl3_buffer.c | 54 +- deps/openssl/openssl/ssl/record/ssl3_record.c | 1026 +- .../openssl/ssl/record/ssl3_record_tls13.c | 196 + deps/openssl/openssl/ssl/s3_cbc.c | 102 +- deps/openssl/openssl/ssl/s3_enc.c | 301 +- deps/openssl/openssl/ssl/s3_lib.c | 1482 +- deps/openssl/openssl/ssl/s3_msg.c | 28 +- deps/openssl/openssl/ssl/ssl_asn1.c | 138 +- deps/openssl/openssl/ssl/ssl_cert.c | 357 +- deps/openssl/openssl/ssl/ssl_cert_table.h | 23 + deps/openssl/openssl/ssl/ssl_ciph.c | 644 +- deps/openssl/openssl/ssl/ssl_conf.c | 117 +- deps/openssl/openssl/ssl/ssl_err.c | 1788 ++- deps/openssl/openssl/ssl/ssl_init.c | 13 +- deps/openssl/openssl/ssl/ssl_lib.c | 2258 +++- deps/openssl/openssl/ssl/ssl_locl.h | 1510 ++- deps/openssl/openssl/ssl/ssl_mcnf.c | 26 +- deps/openssl/openssl/ssl/ssl_rsa.c | 470 +- deps/openssl/openssl/ssl/ssl_sess.c | 746 +- deps/openssl/openssl/ssl/ssl_stat.c | 80 +- deps/openssl/openssl/ssl/ssl_txt.c | 70 +- deps/openssl/openssl/ssl/ssl_utst.c | 4 - deps/openssl/openssl/ssl/statem/extensions.c | 1693 +++ .../openssl/ssl/statem/extensions_clnt.c | 1991 +++ .../openssl/ssl/statem/extensions_cust.c | 533 + .../openssl/ssl/statem/extensions_srvr.c | 1959 +++ deps/openssl/openssl/ssl/statem/statem.c | 330 +- deps/openssl/openssl/ssl/statem/statem.h | 51 +- deps/openssl/openssl/ssl/statem/statem_clnt.c | 3160 +++-- deps/openssl/openssl/ssl/statem/statem_dtls.c | 428 +- deps/openssl/openssl/ssl/statem/statem_lib.c | 1933 ++- deps/openssl/openssl/ssl/statem/statem_locl.h | 350 +- deps/openssl/openssl/ssl/statem/statem_srvr.c | 3755 +++-- deps/openssl/openssl/ssl/t1_enc.c | 364 +- deps/openssl/openssl/ssl/t1_ext.c | 283 - deps/openssl/openssl/ssl/t1_lib.c | 4609 +++---- deps/openssl/openssl/ssl/t1_reneg.c | 165 - deps/openssl/openssl/ssl/t1_trce.c | 651 +- deps/openssl/openssl/ssl/tls13_enc.c | 818 ++ deps/openssl/openssl/ssl/tls_srp.c | 80 +- deps/openssl/openssl/test/CAtsa.cnf | 2 + deps/openssl/openssl/test/README | 86 +- deps/openssl/openssl/test/README.external | 163 + deps/openssl/openssl/test/README.ssltest.md | 29 +- deps/openssl/openssl/test/afalgtest.c | 160 +- deps/openssl/openssl/test/asynciotest.c | 271 +- deps/openssl/openssl/test/asynctest.c | 12 +- deps/openssl/openssl/test/bad_dtls_test.c | 230 +- deps/openssl/openssl/test/bftest.c | 267 +- deps/openssl/openssl/test/bio_enc_test.c | 194 +- deps/openssl/openssl/test/bioprinttest.c | 319 +- deps/openssl/openssl/test/bntest.c | 3363 ++--- deps/openssl/openssl/test/bntests.pl | 156 + deps/openssl/openssl/test/build.info | 522 +- deps/openssl/openssl/test/casttest.c | 157 +- .../test/certs/client-ed25519-cert.pem | 32 + .../openssl/test/certs/client-ed25519-key.pem | 3 + .../openssl/test/certs/client-ed448-cert.pem | 15 + .../openssl/test/certs/client-ed448-key.pem | 4 + deps/openssl/openssl/test/certs/cyrillic.msb | 83 + deps/openssl/openssl/test/certs/cyrillic.pem | 25 + deps/openssl/openssl/test/certs/cyrillic.utf8 | 83 + .../openssl/test/certs/cyrillic_crl.pem | 13 + .../openssl/test/certs/cyrillic_crl.utf8 | 39 + deps/openssl/openssl/test/certs/dhp2048.pem | 8 + .../test/certs/ee-ecdsa-client-chain.pem | 33 + .../openssl/test/certs/ee-ecdsa-key.pem | 5 + .../openssl/openssl/test/certs/ee-ed25519.pem | 9 + .../openssl/test/certs/ee-pss-sha1-cert.pem | 19 + .../openssl/test/certs/ee-pss-sha256-cert.pem | 21 + deps/openssl/openssl/test/certs/mkcert.sh | 18 +- .../openssl/test/certs/p256-server-cert.pem | 12 + .../openssl/test/certs/p256-server-key.pem | 5 + .../openssl/test/certs/p384-root-key.pem | 6 + deps/openssl/openssl/test/certs/p384-root.pem | 12 + .../openssl/test/certs/p384-server-cert.pem | 13 + .../openssl/test/certs/p384-server-key.pem | 6 + .../openssl/test/certs/root-ed25519.pem | 9 + .../openssl/test/certs/server-cecdsa-cert.pem | 15 + .../openssl/test/certs/server-cecdsa-key.pem | 4 + .../openssl/test/certs/server-dsa-cert.pem | 31 + .../openssl/test/certs/server-dsa-key.pem | 15 + .../server-ecdsa-brainpoolP256r1-cert.pem | 16 + .../server-ecdsa-brainpoolP256r1-key.pem | 5 + .../openssl/test/certs/server-ecdsa-cert.pem | 15 + .../openssl/test/certs/server-ecdsa-key.pem | 5 + .../test/certs/server-ed25519-cert.pem | 14 + .../openssl/test/certs/server-ed25519-key.pem | 3 + .../openssl/test/certs/server-ed448-cert.pem | 14 + .../openssl/test/certs/server-ed448-key.pem | 4 + .../openssl/test/certs/server-pss-cert.pem | 19 + .../openssl/test/certs/server-pss-key.pem | 28 + deps/openssl/openssl/test/certs/setup.sh | 12 + .../openssl/test/certs/x509-check-key.pem | 28 + .../openssl/openssl/test/certs/x509-check.csr | 15 + deps/openssl/openssl/test/cipherlist_test.c | 128 +- deps/openssl/openssl/test/clienthellotest.c | 261 +- .../openssl/openssl/test/constant_time_test.c | 536 +- deps/openssl/openssl/test/crltest.c | 186 +- deps/openssl/openssl/test/ct_test.c | 475 +- deps/openssl/openssl/test/d2i_test.c | 124 +- deps/openssl/openssl/test/danetest.c | 286 +- deps/openssl/openssl/test/destest.c | 821 +- deps/openssl/openssl/test/dhtest.c | 384 +- deps/openssl/openssl/test/drbg_cavs_data.h | 82 + deps/openssl/openssl/test/drbgtest.h | 579 + deps/openssl/openssl/test/dsatest.c | 113 +- deps/openssl/openssl/test/dtlstest.c | 286 +- deps/openssl/openssl/test/dtlsv1listentest.c | 183 +- deps/openssl/openssl/test/ecdsatest.c | 374 +- deps/openssl/openssl/test/ectest.c | 2525 ++-- deps/openssl/openssl/test/enginetest.c | 420 +- deps/openssl/openssl/test/errtest.c | 9 +- deps/openssl/openssl/test/evp_extra_test.c | 828 +- deps/openssl/openssl/test/evp_test.c | 2900 ++-- .../pkcs7/pk7_dgst.c => test/evp_test.h} | 10 +- deps/openssl/openssl/test/exdatatest.c | 185 +- deps/openssl/openssl/test/exptest.c | 268 +- deps/openssl/openssl/test/fatalerrtest.c | 77 +- .../openssl/test/generate_buildtest.pl | 4 +- deps/openssl/openssl/test/gmdifftest.c | 68 +- deps/openssl/openssl/test/handshake_helper.c | 961 +- deps/openssl/openssl/test/handshake_helper.h | 24 +- deps/openssl/openssl/test/heartbeat_test.c | 378 - deps/openssl/openssl/test/hmactest.c | 337 +- deps/openssl/openssl/test/ideatest.c | 141 +- deps/openssl/openssl/test/igetest.c | 357 +- deps/openssl/openssl/test/md2test.c | 67 +- deps/openssl/openssl/test/md4test.c | 87 - deps/openssl/openssl/test/md5test.c | 88 - deps/openssl/openssl/test/mdc2test.c | 81 +- deps/openssl/openssl/test/memleaktest.c | 32 +- deps/openssl/openssl/test/methtest.c | 57 - deps/openssl/openssl/test/ocspapitest.c | 79 +- .../openssl/test/ossl_shim/async_bio.cc | 183 + .../openssl/test/ossl_shim/async_bio.h | 39 + .../openssl/openssl/test/ossl_shim/build.info | 6 + .../test/ossl_shim/include/openssl/base.h | 111 + .../openssl/test/ossl_shim/ossl_config.json | 301 + .../openssl/test/ossl_shim/ossl_shim.cc | 1300 ++ .../openssl/test/ossl_shim/packeted_bio.cc | 299 + .../openssl/test/ossl_shim/packeted_bio.h | 35 + .../openssl/test/ossl_shim/test_config.cc | 195 + .../openssl/test/ossl_shim/test_config.h | 88 + deps/openssl/openssl/test/p5_crpt2_test.c | 159 - deps/openssl/openssl/test/packettest.c | 609 +- deps/openssl/openssl/test/pbelutest.c | 43 +- deps/openssl/openssl/test/pkits-test.pl | 6 +- deps/openssl/openssl/test/randtest.c | 145 - deps/openssl/openssl/test/rc2test.c | 75 +- deps/openssl/openssl/test/rc4test.c | 191 +- deps/openssl/openssl/test/rc5test.c | 134 +- .../openssl/test/recipes/01-test_test.t | 12 + .../test/recipes/02-test_internal_ctype.t | 17 + .../openssl/test/recipes/02-test_lhash.t | 12 + .../openssl/test/recipes/02-test_stack.t | 12 + .../test/recipes/03-test_internal_asn1.t | 16 + .../test/recipes/03-test_internal_chacha.t | 16 + .../test/recipes/03-test_internal_curve448.t | 19 + ...05-test_sha1.t => 03-test_internal_mdc2.t} | 4 +- .../test/recipes/03-test_internal_modes.t | 16 + .../test/recipes/03-test_internal_poly1305.t | 16 + .../test/recipes/03-test_internal_siphash.t | 16 + .../test/recipes/03-test_internal_sm2.t | 16 + .../test/recipes/03-test_internal_sm4.t | 17 + .../recipes/03-test_internal_ssl_cert_table.t | 16 + .../test/recipes/03-test_internal_x509.t | 16 + .../openssl/openssl/test/recipes/03-test_ui.t | 21 +- .../{05-test_md4.t => 04-test_asn1_decode.t} | 4 +- .../test/recipes/04-test_asn1_encode.t | 12 + .../test/recipes/04-test_asn1_string_table.t | 12 + .../test/recipes/04-test_bio_callback.t | 12 + ...{90-test_bioprint.t => 04-test_bioprint.t} | 0 .../openssl/test/recipes/04-test_pem.t | 4 +- .../openssl/test/recipes/05-test_rand.t | 11 +- .../openssl/test/recipes/05-test_sha256.t | 12 - .../openssl/test/recipes/05-test_sha512.t | 12 - .../openssl/openssl/test/recipes/05-test_wp.t | 12 - .../openssl/test/recipes/06-test-rdrand.t | 22 + .../openssl/openssl/test/recipes/10-test_bn.t | 74 +- .../test/recipes/10-test_bn_data/bnexp.txt | 30 + .../test/recipes/10-test_bn_data/bnmod.txt | 2801 ++++ .../test/recipes/10-test_bn_data/bnmul.txt | 2678 ++++ .../test/recipes/10-test_bn_data/bnshift.txt | 2427 ++++ .../test/recipes/10-test_bn_data/bnsum.txt | 2626 ++++ .../openssl/test/recipes/15-test_dsa.t | 4 +- .../openssl/test/recipes/15-test_ecparam.t | 34 + .../invalid/c2pnb208w1-reducible.pem | 6 + .../invalid/nistp256-nonprime.pem | 8 + .../invalid/nistp256-offcurve.pem | 8 + .../invalid/nistp256-wrongorder.pem | 8 + .../valid/c2pnb163v1-explicit.pem | 6 + .../valid/c2pnb163v1-named.pem | 3 + .../valid/c2pnb163v2-explicit.pem | 6 + .../valid/c2pnb163v2-named.pem | 3 + .../valid/c2pnb163v3-explicit.pem | 6 + .../valid/c2pnb163v3-named.pem | 3 + .../valid/c2pnb176v1-explicit.pem | 6 + .../valid/c2pnb176v1-named.pem | 3 + .../valid/c2pnb208w1-explicit.pem | 6 + .../valid/c2pnb208w1-named.pem | 3 + .../valid/c2pnb272w1-explicit.pem | 7 + .../valid/c2pnb272w1-named.pem | 3 + .../valid/c2pnb304w1-explicit.pem | 8 + .../valid/c2pnb304w1-named.pem | 3 + .../valid/c2pnb368w1-explicit.pem | 9 + .../valid/c2pnb368w1-named.pem | 3 + .../valid/c2tnb191v1-explicit.pem | 7 + .../valid/c2tnb191v1-named.pem | 3 + .../valid/c2tnb191v2-explicit.pem | 7 + .../valid/c2tnb191v2-named.pem | 3 + .../valid/c2tnb191v3-explicit.pem | 7 + .../valid/c2tnb191v3-named.pem | 3 + .../valid/c2tnb239v1-explicit.pem | 7 + .../valid/c2tnb239v1-named.pem | 3 + .../valid/c2tnb239v2-explicit.pem | 7 + .../valid/c2tnb239v2-named.pem | 3 + .../valid/c2tnb239v3-explicit.pem | 7 + .../valid/c2tnb239v3-named.pem | 3 + .../valid/c2tnb359v1-explicit.pem | 9 + .../valid/c2tnb359v1-named.pem | 3 + .../valid/c2tnb431r1-explicit.pem | 9 + .../valid/c2tnb431r1-named.pem | 3 + .../valid/prime192v1-explicit.pem | 7 + .../valid/prime192v1-named.pem | 3 + .../valid/prime192v2-explicit.pem | 7 + .../valid/prime192v2-named.pem | 3 + .../valid/prime192v3-explicit.pem | 7 + .../valid/prime192v3-named.pem | 3 + .../valid/prime239v1-explicit.pem | 7 + .../valid/prime239v1-named.pem | 3 + .../valid/prime239v2-explicit.pem | 7 + .../valid/prime239v2-named.pem | 3 + .../valid/prime239v3-explicit.pem | 7 + .../valid/prime239v3-named.pem | 3 + .../valid/prime256v1-explicit.pem | 8 + .../valid/prime256v1-named.pem | 3 + .../valid/secp112r1-explicit.pem | 5 + .../valid/secp112r1-named.pem | 3 + .../valid/secp112r2-explicit.pem | 5 + .../valid/secp112r2-named.pem | 3 + .../valid/secp128r1-explicit.pem | 6 + .../valid/secp128r1-named.pem | 3 + .../valid/secp128r2-explicit.pem | 6 + .../valid/secp128r2-named.pem | 3 + .../valid/secp160k1-explicit.pem | 5 + .../valid/secp160k1-named.pem | 3 + .../valid/secp160r1-explicit.pem | 6 + .../valid/secp160r1-named.pem | 3 + .../valid/secp160r2-explicit.pem | 6 + .../valid/secp160r2-named.pem | 3 + .../valid/secp192k1-explicit.pem | 5 + .../valid/secp192k1-named.pem | 3 + .../valid/secp224k1-explicit.pem | 6 + .../valid/secp224k1-named.pem | 3 + .../valid/secp224r1-explicit.pem | 7 + .../valid/secp224r1-named.pem | 3 + .../valid/secp256k1-explicit.pem | 6 + .../valid/secp256k1-named.pem | 3 + .../valid/secp384r1-explicit.pem | 10 + .../valid/secp384r1-named.pem | 3 + .../valid/secp521r1-explicit.pem | 12 + .../valid/secp521r1-named.pem | 3 + .../valid/sect113r1-explicit.pem | 6 + .../valid/sect113r1-named.pem | 3 + .../valid/sect113r2-explicit.pem | 6 + .../valid/sect113r2-named.pem | 3 + .../valid/sect131r1-explicit.pem | 6 + .../valid/sect131r1-named.pem | 3 + .../valid/sect131r2-explicit.pem | 6 + .../valid/sect131r2-named.pem | 3 + .../valid/sect163k1-explicit.pem | 5 + .../valid/sect163k1-named.pem | 3 + .../valid/sect163r1-explicit.pem | 6 + .../valid/sect163r1-named.pem | 3 + .../valid/sect163r2-explicit.pem | 5 + .../valid/sect163r2-named.pem | 3 + .../valid/sect193r1-explicit.pem | 7 + .../valid/sect193r1-named.pem | 3 + .../valid/sect193r2-explicit.pem | 7 + .../valid/sect193r2-named.pem | 3 + .../valid/sect233k1-explicit.pem | 5 + .../valid/sect233k1-named.pem | 3 + .../valid/sect233r1-explicit.pem | 7 + .../valid/sect233r1-named.pem | 3 + .../valid/sect239k1-explicit.pem | 5 + .../valid/sect239k1-named.pem | 3 + .../valid/sect283k1-explicit.pem | 6 + .../valid/sect283k1-named.pem | 3 + .../valid/sect283r1-explicit.pem | 7 + .../valid/sect283r1-named.pem | 3 + .../valid/sect409k1-explicit.pem | 7 + .../valid/sect409k1-named.pem | 3 + .../valid/sect409r1-explicit.pem | 8 + .../valid/sect409r1-named.pem | 3 + .../valid/sect571k1-explicit.pem | 8 + .../valid/sect571k1-named.pem | 3 + .../valid/sect571r1-explicit.pem | 10 + .../valid/sect571r1-named.pem | 3 + .../valid/wap-wsg-idm-ecid-wtls1-explicit.pem | 4 + .../valid/wap-wsg-idm-ecid-wtls1-named.pem | 3 + .../wap-wsg-idm-ecid-wtls10-explicit.pem | 5 + .../valid/wap-wsg-idm-ecid-wtls10-named.pem | 3 + .../wap-wsg-idm-ecid-wtls11-explicit.pem | 7 + .../valid/wap-wsg-idm-ecid-wtls11-named.pem | 3 + .../wap-wsg-idm-ecid-wtls12-explicit.pem | 7 + .../valid/wap-wsg-idm-ecid-wtls12-named.pem | 3 + .../valid/wap-wsg-idm-ecid-wtls3-explicit.pem | 5 + .../valid/wap-wsg-idm-ecid-wtls3-named.pem | 3 + .../valid/wap-wsg-idm-ecid-wtls4-explicit.pem | 6 + .../valid/wap-wsg-idm-ecid-wtls4-named.pem | 3 + .../valid/wap-wsg-idm-ecid-wtls5-explicit.pem | 6 + .../valid/wap-wsg-idm-ecid-wtls5-named.pem | 3 + .../valid/wap-wsg-idm-ecid-wtls6-explicit.pem | 5 + .../valid/wap-wsg-idm-ecid-wtls6-named.pem | 3 + .../valid/wap-wsg-idm-ecid-wtls7-explicit.pem | 6 + .../valid/wap-wsg-idm-ecid-wtls7-named.pem | 3 + .../valid/wap-wsg-idm-ecid-wtls8-explicit.pem | 4 + .../valid/wap-wsg-idm-ecid-wtls8-named.pem | 3 + .../valid/wap-wsg-idm-ecid-wtls9-explicit.pem | 5 + .../valid/wap-wsg-idm-ecid-wtls9-named.pem | 3 + .../openssl/test/recipes/15-test_genrsa.t | 1 - .../openssl/test/recipes/15-test_mp_rsa.t | 111 + .../recipes/15-test_mp_rsa_data/plain_text | 4 + .../openssl/test/recipes/15-test_out_option.t | 73 + .../openssl/test/recipes/15-test_rsapss.t | 8 +- .../openssl/test/recipes/20-test_enc.t | 19 +- .../openssl/test/recipes/20-test_enc_more.t | 61 + .../openssl/test/recipes/20-test_passwd.t | 102 +- .../openssl/test/recipes/25-test_crl.t | 12 +- .../openssl/test/recipes/25-test_req.t | 39 +- .../openssl/test/recipes/25-test_sid.t | 4 + .../openssl/test/recipes/25-test_verify.t | 175 +- .../openssl/test/recipes/25-test_x509.t | 17 +- .../openssl/test/recipes/30-test_afalg.t | 4 +- .../test/recipes/30-test_evp_data/evpcase.txt | 9 +- .../test/recipes/30-test_evp_data/evpciph.txt | 2692 ++-- .../recipes/30-test_evp_data/evpdigest.txt | 334 +- .../recipes/30-test_evp_data/evpencod.txt | 4 +- .../test/recipes/30-test_evp_data/evpkdf.txt | 172 +- .../test/recipes/30-test_evp_data/evpmac.txt | 488 +- .../test/recipes/30-test_evp_data/evppbe.txt | 17 +- .../test/recipes/30-test_evp_data/evppkey.txt | 2537 +++- .../recipes/30-test_evp_data/evppkey_ecc.txt | 563 +- .../{05-test_rmd.t => 30-test_pkey_meth.t} | 2 +- .../test/recipes/30-test_pkey_meth_kdf.t | 12 + .../recipes/60-test_x509_check_cert_pkey.t | 46 + .../test/recipes/60-test_x509_dup_cert.t | 6 +- .../openssl/test/recipes/60-test_x509_time.t | 2 +- .../test/recipes/70-test_clienthello.t | 5 +- .../openssl/test/recipes/70-test_comp.t | 110 + .../openssl/test/recipes/70-test_key_share.t | 386 + .../openssl/test/recipes/70-test_recordlen.t | 21 + .../test/recipes/70-test_renegotiation.t | 98 + .../openssl/test/recipes/70-test_servername.t | 26 + .../test/recipes/70-test_sslcbcpadding.t | 31 +- .../test/recipes/70-test_sslcertstatus.t | 5 +- .../test/recipes/70-test_sslextension.t | 152 +- .../test/recipes/70-test_sslmessages.t | 442 +- .../openssl/test/recipes/70-test_sslrecords.t | 278 +- .../test/recipes/70-test_sslsessiontick.t | 27 +- .../openssl/test/recipes/70-test_sslsigalgs.t | 408 + .../test/recipes/70-test_sslsignature.t | 144 + .../test/recipes/70-test_sslskewith0p.t | 1 + .../test/recipes/70-test_sslversions.t | 185 + .../openssl/test/recipes/70-test_sslvertol.t | 85 +- .../test/recipes/70-test_tls13alerts.t | 56 + .../test/recipes/70-test_tls13cookie.t | 111 + .../test/recipes/70-test_tls13downgrade.t | 125 + .../openssl/test/recipes/70-test_tls13hrr.t | 93 + .../test/recipes/70-test_tls13kexmodes.t | 341 + .../test/recipes/70-test_tls13messages.t | 336 + .../openssl/test/recipes/70-test_tls13psk.t | 152 + .../openssl/test/recipes/70-test_tlsextms.t | 50 +- .../openssl/test/recipes/70-test_wpacket.t | 20 + .../openssl/openssl/test/recipes/80-test_ca.t | 18 +- .../test/recipes/80-test_cipherbytes.t | 26 + .../openssl/test/recipes/80-test_ciphername.t | 27 + .../openssl/test/recipes/80-test_cmsapi.t | 21 + .../openssl/test/recipes/80-test_dtls_mtu.t | 21 + .../openssl/test/recipes/80-test_ssl_new.t | 46 +- .../openssl/test/recipes/80-test_ssl_old.t | 137 +- .../{05-test_md5.t => 90-test_asn1_time.t} | 4 +- .../openssl/test/recipes/90-test_gost.t | 41 + .../test/recipes/90-test_gost_data/gost.conf | 12 + .../90-test_gost_data/server-cert2001.pem | 13 + .../90-test_gost_data/server-cert2012.pem | 13 + .../90-test_gost_data/server-key2001.pem | 4 + .../90-test_gost_data/server-key2012.pem | 4 + .../openssl/test/recipes/90-test_heartbeat.t | 12 - .../openssl/test/recipes/90-test_includes.t | 25 + .../conf-includes/includes1.cnf | 35 + .../conf-includes/includes2.cnf | 53 + .../90-test_includes_data/includes-broken.cnf | 5 + .../90-test_includes_data/includes-file.cnf | 5 + .../90-test_includes_data/includes.cnf | 5 + .../vms-includes-file.cnf | 5 + .../90-test_includes_data/vms-includes.cnf | 5 + .../openssl/test/recipes/90-test_overhead.t | 20 + .../openssl/test/recipes/90-test_p5_crpt2.t | 12 - .../openssl/test/recipes/90-test_shlibload.t | 3 +- .../openssl/test/recipes/90-test_sslapi.t | 12 +- .../recipes/90-test_sslapi_data/passwd.txt | 1 + .../openssl/test/recipes/90-test_sslbuffers.t | 21 + .../openssl/test/recipes/90-test_store.t | 494 + .../test/recipes/90-test_store_data/ca.cnf | 55 + .../test/recipes/90-test_store_data/user.cnf | 19 + .../openssl/test/recipes/90-test_sysdefault.t | 23 + .../test/recipes/90-test_time_offset.t | 12 + .../openssl/test/recipes/90-test_tls13ccs.t | 22 + .../test/recipes/90-test_tls13encryption.t | 20 + .../test/recipes/90-test_tls13secrets.t | 20 + .../test/recipes/95-test_external_boringssl.t | 30 + .../test/recipes/95-test_external_krb5.t | 23 + .../95-test_external_krb5_data/krb5.sh | 23 + .../test/recipes/95-test_external_pyca.t | 28 + .../cryptography.sh | 63 + .../openssl/test/recipes/99-test_ecstress.t | 23 + .../{90-test_fuzz.t => 99-test_fuzz.t} | 4 +- deps/openssl/openssl/test/recipes/bc.pl | 113 - .../openssl/test/recipes/ocsp-response.der | Bin 0 -> 1517 bytes .../openssl/test/recipes/tconversion.pl | 4 +- deps/openssl/openssl/test/rmdtest.c | 92 - deps/openssl/openssl/test/rsa_test.c | 218 +- deps/openssl/openssl/test/run_tests.pl | 110 +- deps/openssl/openssl/test/sanitytest.c | 117 +- deps/openssl/openssl/test/secmemtest.c | 259 +- deps/openssl/openssl/test/serverinfo2.pem | 8 + deps/openssl/openssl/test/session.pem | 31 + deps/openssl/openssl/test/sha1test.c | 111 - deps/openssl/openssl/test/sha256t.c | 177 - deps/openssl/openssl/test/sha512t.c | 199 - deps/openssl/openssl/test/shlibloadtest.c | 335 +- deps/openssl/openssl/test/srptest.c | 220 +- .../openssl/test/ssl-tests/01-simple.conf | 4 +- .../openssl/test/ssl-tests/01-simple.conf.in | 4 +- .../test/ssl-tests/02-protocol-version.conf | 11285 ++++++++++++++-- .../test/ssl-tests/04-client_auth.conf | 832 +- .../test/ssl-tests/04-client_auth.conf.in | 245 +- .../openssl/test/ssl-tests/05-sni.conf | 105 +- .../openssl/test/ssl-tests/05-sni.conf.in | 57 + .../openssl/test/ssl-tests/06-sni-ticket.conf | 33 + .../test/ssl-tests/06-sni-ticket.conf.in | 34 +- .../openssl/test/ssl-tests/08-npn.conf | 22 + .../openssl/test/ssl-tests/08-npn.conf.in | 33 +- .../openssl/test/ssl-tests/09-alpn.conf.in | 5 +- .../openssl/test/ssl-tests/10-resumption.conf | 1505 ++- .../test/ssl-tests/11-dtls_resumption.conf | 8 + .../openssl/test/ssl-tests/12-ct.conf.in | 2 +- .../test/ssl-tests/13-fragmentation.conf | 180 +- .../test/ssl-tests/13-fragmentation.conf.in | 91 +- .../openssl/test/ssl-tests/14-curves.conf | 87 +- .../openssl/test/ssl-tests/14-curves.conf.in | 11 +- .../test/ssl-tests/16-dtls-certstatus.conf.in | 35 +- .../test/ssl-tests/17-renegotiate.conf | 12 +- .../test/ssl-tests/17-renegotiate.conf.in | 24 +- .../test/ssl-tests/18-dtls-renegotiate.conf | 9 + .../ssl-tests/18-dtls-renegotiate.conf.in | 306 +- .../test/ssl-tests/19-mac-then-encrypt.conf | 6 + .../ssl-tests/19-mac-then-encrypt.conf.in | 13 + .../test/ssl-tests/20-cert-select.conf | 1678 +++ .../test/ssl-tests/20-cert-select.conf.in | 864 ++ .../openssl/test/ssl-tests/21-key-update.conf | 110 + .../test/ssl-tests/21-key-update.conf.in | 62 + .../test/ssl-tests/22-compression.conf | 214 + .../test/ssl-tests/22-compression.conf.in | 127 + .../openssl/test/ssl-tests/23-srp.conf | 146 + .../openssl/test/ssl-tests/23-srp.conf.in | 107 + .../openssl/test/ssl-tests/24-padding.conf | 32 + .../openssl/test/ssl-tests/24-padding.conf.in | 25 + .../openssl/test/ssl-tests/25-cipher.conf | 242 + .../openssl/test/ssl-tests/25-cipher.conf.in | 156 + .../test/ssl-tests/26-tls13_client_auth.conf | 486 + .../ssl-tests/26-tls13_client_auth.conf.in | 302 + .../test/ssl-tests/27-ticket-appdata.conf | 144 + .../test/ssl-tests/27-ticket-appdata.conf.in | 99 + .../openssl/test/ssl-tests/28-seclevel.conf | 100 + .../test/ssl-tests/28-seclevel.conf.in | 58 + .../test/ssl-tests/protocol_version.pm | 228 +- deps/openssl/openssl/test/ssl_test.c | 437 +- deps/openssl/openssl/test/ssl_test_ctx.c | 319 +- deps/openssl/openssl/test/ssl_test_ctx.h | 64 +- deps/openssl/openssl/test/ssl_test_ctx_test.c | 364 +- .../openssl/test/ssl_test_ctx_test.conf | 9 + deps/openssl/openssl/test/sslapitest.c | 5839 +++++++- deps/openssl/openssl/test/sslcorrupttest.c | 144 +- deps/openssl/openssl/test/ssltest_old.c | 360 +- deps/openssl/openssl/test/ssltestlib.c | 395 +- deps/openssl/openssl/test/ssltestlib.h | 13 +- deps/openssl/openssl/test/sysdefault.cnf | 15 + deps/openssl/openssl/test/testutil.c | 109 - deps/openssl/openssl/test/testutil.h | 410 +- .../openssl/test/testutil/basic_output.c | 58 + deps/openssl/openssl/test/testutil/cb.c | 16 + deps/openssl/openssl/test/testutil/driver.c | 298 + .../openssl/test/testutil/format_output.c | 529 + deps/openssl/openssl/test/testutil/init.c | 15 + deps/openssl/openssl/test/testutil/main.c | 105 + deps/openssl/openssl/test/testutil/output.h | 32 + .../openssl/test/testutil/output_helpers.c | 34 + deps/openssl/openssl/test/testutil/stanza.c | 158 + deps/openssl/openssl/test/testutil/tap_bio.c | 154 + .../openssl/test/testutil/test_cleanup.c | 14 + deps/openssl/openssl/test/testutil/tests.c | 448 + deps/openssl/openssl/test/testutil/tu_local.h | 51 + deps/openssl/openssl/test/threadstest.c | 105 +- deps/openssl/openssl/test/v3ext.c | 37 +- deps/openssl/openssl/test/v3nametest.c | 137 +- deps/openssl/openssl/test/verify_extra_test.c | 50 +- deps/openssl/openssl/test/wp_test.c | 233 - .../openssl/openssl/test/x509_dup_cert_test.c | 59 +- deps/openssl/openssl/test/x509_time_test.c | 325 +- deps/openssl/openssl/test/x509aux.c | 157 +- deps/openssl/openssl/tools/c_rehash.in | 4 +- deps/openssl/openssl/util/add-depends.pl | 288 + deps/openssl/openssl/util/check-malloc-errs | 16 + deps/openssl/openssl/util/ck_errf.pl | 186 +- deps/openssl/openssl/util/copy.pl | 3 +- deps/openssl/openssl/util/dofile.pl | 4 +- deps/openssl/openssl/util/find-doc-nits | 38 +- deps/openssl/openssl/util/find-undoc-api.pl | 82 - deps/openssl/openssl/util/find-unused-errs | 21 +- deps/openssl/openssl/util/fipslink.pl | 115 - deps/openssl/openssl/util/incore | 454 - deps/openssl/openssl/util/indent.pro | 61 +- deps/openssl/openssl/util/libcrypto.num | 456 +- deps/openssl/openssl/util/libssl.num | 95 +- deps/openssl/openssl/util/mkbuildinf.pl | 33 +- deps/openssl/openssl/util/mkcerts.sh | 220 - deps/openssl/openssl/util/mkdef.pl | 215 +- deps/openssl/openssl/util/mkerr.pl | 1300 +- deps/openssl/openssl/util/mkrc.pl | 54 +- .../openssl/util/openssl-format-source | 2 +- .../openssl/util/openssl-update-copyright | 63 + .../openssl/openssl/util/perl/OpenSSL/Test.pm | 426 +- .../openssl/util/perl/OpenSSL/Util/Pod.pm | 13 +- .../openssl/util/perl/TLSProxy/Alert.pm | 51 + .../openssl/util/perl/TLSProxy/Certificate.pm | 219 + .../util/perl/TLSProxy/CertificateVerify.pm | 96 + .../openssl/util/perl/TLSProxy/ClientHello.pm | 37 +- .../util/perl/TLSProxy/EncryptedExtensions.pm | 115 + .../openssl/util/perl/TLSProxy/Message.pm | 158 +- .../openssl/util/perl/TLSProxy/Proxy.pm | 537 +- .../openssl/util/perl/TLSProxy/Record.pm | 244 +- .../openssl/util/perl/TLSProxy/ServerHello.pm | 38 +- .../util/perl/TLSProxy/ServerKeyExchange.pm | 49 +- .../openssl/util/perl/checkhandshake.pm | 228 + deps/openssl/openssl/util/point.sh | 10 - deps/openssl/openssl/util/private.num | 457 + deps/openssl/openssl/util/process_docs.pl | 23 +- deps/openssl/openssl/util/selftest.pl | 207 - deps/openssl/openssl/util/shlib_wrap.sh.in | 8 +- deps/openssl/openssl/util/su-filter.pl | 2 +- 2210 files changed, 208590 insertions(+), 79524 deletions(-) create mode 100644 deps/openssl/openssl/.github/PULL_REQUEST_TEMPLATE.md create mode 100644 deps/openssl/openssl/.gitignore create mode 100644 deps/openssl/openssl/.gitmodules create mode 100644 deps/openssl/openssl/Configurations/15-android.conf create mode 100644 deps/openssl/openssl/Configurations/15-ios.conf create mode 100644 deps/openssl/openssl/Configurations/50-win-onecore.conf create mode 100644 deps/openssl/openssl/Configurations/common0.tmpl create mode 100644 deps/openssl/openssl/Configurations/shared-info.pl delete mode 100644 deps/openssl/openssl/Makefile.shared create mode 100644 deps/openssl/openssl/NOTES.ANDROID delete mode 100644 deps/openssl/openssl/README.ECC create mode 100644 deps/openssl/openssl/apps/bf_prefix.c delete mode 100644 deps/openssl/openssl/apps/demoCA/cacert.pem delete mode 100644 deps/openssl/openssl/apps/demoCA/index.txt delete mode 100644 deps/openssl/openssl/apps/demoCA/private/cakey.pem delete mode 100644 deps/openssl/openssl/apps/demoCA/serial create mode 100644 deps/openssl/openssl/apps/storeutl.c create mode 100644 deps/openssl/openssl/crypto/aria/aria.c create mode 100644 deps/openssl/openssl/crypto/aria/build.info create mode 100644 deps/openssl/openssl/crypto/asn1/asn1_item_list.c create mode 100644 deps/openssl/openssl/crypto/asn1/asn1_item_list.h create mode 100644 deps/openssl/openssl/crypto/asn1/standard_methods.h create mode 100644 deps/openssl/openssl/crypto/asn1/tbl_standard.h delete mode 100644 deps/openssl/openssl/crypto/bf/bf_cbc.c delete mode 100644 deps/openssl/openssl/crypto/bn/asm/pa-risc2.s delete mode 100644 deps/openssl/openssl/crypto/bn/asm/pa-risc2W.s create mode 100644 deps/openssl/openssl/crypto/ctype.c delete mode 100644 deps/openssl/openssl/crypto/des/rpc_des.h delete mode 100644 deps/openssl/openssl/crypto/des/rpc_enc.c create mode 100644 deps/openssl/openssl/crypto/dh/dh_rfc7919.c create mode 100755 deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-ppc64.pl create mode 100755 deps/openssl/openssl/crypto/ec/asm/x25519-ppc64.pl create mode 100755 deps/openssl/openssl/crypto/ec/asm/x25519-x86_64.pl create mode 100644 deps/openssl/openssl/crypto/ec/curve448/arch_32/arch_intrinsics.h create mode 100644 deps/openssl/openssl/crypto/ec/curve448/arch_32/f_impl.c create mode 100644 deps/openssl/openssl/crypto/ec/curve448/arch_32/f_impl.h create mode 100644 deps/openssl/openssl/crypto/ec/curve448/curve448.c create mode 100644 deps/openssl/openssl/crypto/ec/curve448/curve448_lcl.h create mode 100644 deps/openssl/openssl/crypto/ec/curve448/curve448_tables.c create mode 100644 deps/openssl/openssl/crypto/ec/curve448/curve448utils.h create mode 100644 deps/openssl/openssl/crypto/ec/curve448/ed448.h create mode 100644 deps/openssl/openssl/crypto/ec/curve448/eddsa.c create mode 100644 deps/openssl/openssl/crypto/ec/curve448/f_generic.c create mode 100644 deps/openssl/openssl/crypto/ec/curve448/field.h create mode 100644 deps/openssl/openssl/crypto/ec/curve448/point_448.h create mode 100644 deps/openssl/openssl/crypto/ec/curve448/scalar.c create mode 100644 deps/openssl/openssl/crypto/ec/curve448/word.h delete mode 100644 deps/openssl/openssl/crypto/ec/ec2_mult.c delete mode 100644 deps/openssl/openssl/crypto/engine/eng_cryptodev.c create mode 100644 deps/openssl/openssl/crypto/engine/eng_devcrypto.c create mode 100644 deps/openssl/openssl/crypto/err/openssl.txt create mode 100644 deps/openssl/openssl/crypto/evp/e_aria.c create mode 100644 deps/openssl/openssl/crypto/evp/e_sm4.c create mode 100644 deps/openssl/openssl/crypto/evp/m_sha3.c rename deps/openssl/openssl/crypto/evp/{scrypt.c => pbe_scrypt.c} (90%) create mode 100644 deps/openssl/openssl/crypto/include/internal/aria.h delete mode 100644 deps/openssl/openssl/crypto/include/internal/bn_conf.h create mode 100644 deps/openssl/openssl/crypto/include/internal/ctype.h delete mode 100644 deps/openssl/openssl/crypto/include/internal/dso_conf.h create mode 100644 deps/openssl/openssl/crypto/include/internal/ec_int.h delete mode 100644 deps/openssl/openssl/crypto/include/internal/rand.h create mode 100644 deps/openssl/openssl/crypto/include/internal/rand_int.h create mode 100644 deps/openssl/openssl/crypto/include/internal/sha.h create mode 100644 deps/openssl/openssl/crypto/include/internal/siphash.h create mode 100644 deps/openssl/openssl/crypto/include/internal/sm2.h create mode 100644 deps/openssl/openssl/crypto/include/internal/sm2err.h create mode 100644 deps/openssl/openssl/crypto/include/internal/sm3.h create mode 100644 deps/openssl/openssl/crypto/include/internal/sm4.h rename deps/openssl/openssl/{test/r160test.c => crypto/include/internal/store.h} (71%) create mode 100644 deps/openssl/openssl/crypto/include/internal/store_int.h create mode 100644 deps/openssl/openssl/crypto/kdf/scrypt.c delete mode 100644 deps/openssl/openssl/crypto/lhash/num.pl delete mode 100644 deps/openssl/openssl/crypto/md5/asm/md5-ia64.S create mode 100644 deps/openssl/openssl/crypto/mips_arch.h delete mode 100644 deps/openssl/openssl/crypto/pkcs7/pk7_enc.c create mode 100644 deps/openssl/openssl/crypto/poly1305/poly1305_ameth.c create mode 100644 deps/openssl/openssl/crypto/poly1305/poly1305_base2_44.c create mode 100644 deps/openssl/openssl/crypto/poly1305/poly1305_local.h create mode 100644 deps/openssl/openssl/crypto/poly1305/poly1305_pmeth.c create mode 100644 deps/openssl/openssl/crypto/rand/drbg_ctr.c create mode 100644 deps/openssl/openssl/crypto/rand/drbg_lib.c delete mode 100644 deps/openssl/openssl/crypto/rand/md_rand.c delete mode 100644 deps/openssl/openssl/crypto/rc2/tab.c delete mode 100644 deps/openssl/openssl/crypto/rc4/asm/rc4-ia64.pl create mode 100644 deps/openssl/openssl/crypto/rsa/rsa_mp.c delete mode 100644 deps/openssl/openssl/crypto/rsa/rsa_null.c create mode 100644 deps/openssl/openssl/crypto/s390x_arch.h delete mode 100644 deps/openssl/openssl/crypto/s390xcpuid.S create mode 100755 deps/openssl/openssl/crypto/s390xcpuid.pl create mode 100755 deps/openssl/openssl/crypto/sha/asm/keccak1600-armv4.pl create mode 100755 deps/openssl/openssl/crypto/sha/asm/keccak1600-armv8.pl create mode 100755 deps/openssl/openssl/crypto/sha/asm/keccak1600-avx2.pl create mode 100755 deps/openssl/openssl/crypto/sha/asm/keccak1600-avx512.pl create mode 100755 deps/openssl/openssl/crypto/sha/asm/keccak1600-avx512vl.pl create mode 100755 deps/openssl/openssl/crypto/sha/asm/keccak1600-c64x.pl create mode 100755 deps/openssl/openssl/crypto/sha/asm/keccak1600-mmx.pl create mode 100755 deps/openssl/openssl/crypto/sha/asm/keccak1600-ppc64.pl create mode 100755 deps/openssl/openssl/crypto/sha/asm/keccak1600-s390x.pl create mode 100755 deps/openssl/openssl/crypto/sha/asm/keccak1600-x86_64.pl create mode 100755 deps/openssl/openssl/crypto/sha/asm/keccak1600p8-ppc.pl create mode 100644 deps/openssl/openssl/crypto/sha/keccak1600.c create mode 100644 deps/openssl/openssl/crypto/siphash/build.info create mode 100644 deps/openssl/openssl/crypto/siphash/siphash.c create mode 100644 deps/openssl/openssl/crypto/siphash/siphash_ameth.c create mode 100644 deps/openssl/openssl/crypto/siphash/siphash_local.h create mode 100644 deps/openssl/openssl/crypto/siphash/siphash_pmeth.c create mode 100644 deps/openssl/openssl/crypto/sm2/build.info create mode 100644 deps/openssl/openssl/crypto/sm2/sm2_crypt.c create mode 100644 deps/openssl/openssl/crypto/sm2/sm2_err.c create mode 100644 deps/openssl/openssl/crypto/sm2/sm2_pmeth.c create mode 100644 deps/openssl/openssl/crypto/sm2/sm2_sign.c create mode 100644 deps/openssl/openssl/crypto/sm3/build.info create mode 100644 deps/openssl/openssl/crypto/sm3/m_sm3.c create mode 100644 deps/openssl/openssl/crypto/sm3/sm3.c create mode 100644 deps/openssl/openssl/crypto/sm3/sm3_locl.h create mode 100644 deps/openssl/openssl/crypto/sm4/build.info create mode 100644 deps/openssl/openssl/crypto/sm4/sm4.c create mode 100644 deps/openssl/openssl/crypto/store/build.info create mode 100644 deps/openssl/openssl/crypto/store/loader_file.c create mode 100644 deps/openssl/openssl/crypto/store/store_err.c create mode 100644 deps/openssl/openssl/crypto/store/store_init.c create mode 100644 deps/openssl/openssl/crypto/store/store_lib.c create mode 100644 deps/openssl/openssl/crypto/store/store_locl.h create mode 100644 deps/openssl/openssl/crypto/store/store_register.c create mode 100644 deps/openssl/openssl/crypto/store/store_strings.c create mode 100644 deps/openssl/openssl/crypto/ui/ui_null.c create mode 100644 deps/openssl/openssl/crypto/x509v3/standard_exts.h delete mode 100644 deps/openssl/openssl/crypto/x509v3/tabtest.c create mode 100644 deps/openssl/openssl/crypto/x509v3/v3_admis.c create mode 100644 deps/openssl/openssl/crypto/x509v3/v3_admis.h delete mode 100644 deps/openssl/openssl/crypto/x509v3/v3conf.c delete mode 100644 deps/openssl/openssl/crypto/x509v3/v3prin.c create mode 100644 deps/openssl/openssl/demos/engines/e_chil.txt delete mode 100644 deps/openssl/openssl/demos/pkcs12/README delete mode 100644 deps/openssl/openssl/doc/apps/speed.pod delete mode 100644 deps/openssl/openssl/doc/crypto/ASN1_TIME_set.pod delete mode 100644 deps/openssl/openssl/doc/crypto/ERR_remove_state.pod delete mode 100644 deps/openssl/openssl/doc/crypto/EVP_DigestInit.pod delete mode 100644 deps/openssl/openssl/doc/crypto/EVP_PKEY_CTX_ctrl.pod delete mode 100644 deps/openssl/openssl/doc/crypto/EVP_PKEY_new.pod delete mode 100644 deps/openssl/openssl/doc/crypto/RAND_add.pod delete mode 100644 deps/openssl/openssl/doc/crypto/RAND_bytes.pod delete mode 100644 deps/openssl/openssl/doc/crypto/RAND_egd.pod delete mode 100644 deps/openssl/openssl/doc/crypto/RAND_set_rand_method.pod delete mode 100644 deps/openssl/openssl/doc/crypto/RSA_generate_key.pod delete mode 100644 deps/openssl/openssl/doc/crypto/X509_cmp_time.pod delete mode 100644 deps/openssl/openssl/doc/crypto/d2i_Netscape_RSA.pod rename deps/openssl/openssl/doc/{apps => man1}/CA.pl.pod (83%) rename deps/openssl/openssl/doc/{apps => man1}/asn1parse.pod (84%) rename deps/openssl/openssl/doc/{apps => man1}/ca.pod (79%) rename deps/openssl/openssl/doc/{apps => man1}/ciphers.pod (82%) rename deps/openssl/openssl/doc/{apps => man1}/cms.pod (84%) rename deps/openssl/openssl/doc/{apps => man1}/crl.pod (77%) rename deps/openssl/openssl/doc/{apps => man1}/crl2pkcs7.pod (86%) rename deps/openssl/openssl/doc/{apps => man1}/dgst.pod (92%) rename deps/openssl/openssl/doc/{apps => man1}/dhparam.pod (84%) rename deps/openssl/openssl/doc/{apps => man1}/dsa.pod (83%) rename deps/openssl/openssl/doc/{apps => man1}/dsaparam.pod (77%) rename deps/openssl/openssl/doc/{apps => man1}/ec.pod (88%) rename deps/openssl/openssl/doc/{apps => man1}/ecparam.pod (92%) rename deps/openssl/openssl/doc/{apps => man1}/enc.pod (56%) rename deps/openssl/openssl/doc/{apps => man1}/engine.pod (96%) rename deps/openssl/openssl/doc/{apps => man1}/errstr.pod (100%) rename deps/openssl/openssl/doc/{apps => man1}/gendsa.pod (76%) rename deps/openssl/openssl/doc/{apps => man1}/genpkey.pod (86%) rename deps/openssl/openssl/doc/{apps => man1}/genrsa.pod (54%) rename deps/openssl/openssl/doc/{apps => man1}/list.pod (79%) rename deps/openssl/openssl/doc/{apps => man1}/nseq.pod (87%) rename deps/openssl/openssl/doc/{apps => man1}/ocsp.pod (78%) rename deps/openssl/openssl/doc/{apps => man1}/openssl.pod (68%) rename deps/openssl/openssl/doc/{apps => man1}/passwd.pod (59%) rename deps/openssl/openssl/doc/{apps => man1}/pkcs12.pod (81%) rename deps/openssl/openssl/doc/{apps => man1}/pkcs7.pod (83%) rename deps/openssl/openssl/doc/{apps => man1}/pkcs8.pod (88%) rename deps/openssl/openssl/doc/{apps => man1}/pkey.pod (75%) rename deps/openssl/openssl/doc/{apps => man1}/pkeyparam.pod (76%) rename deps/openssl/openssl/doc/{apps => man1}/pkeyutl.pod (58%) create mode 100644 deps/openssl/openssl/doc/man1/prime.pod rename deps/openssl/openssl/doc/{apps => man1}/rand.pod (81%) rename deps/openssl/openssl/doc/{apps => man1}/rehash.pod (100%) rename deps/openssl/openssl/doc/{apps => man1}/req.pod (82%) rename deps/openssl/openssl/doc/{apps => man1}/rsa.pod (72%) rename deps/openssl/openssl/doc/{apps => man1}/rsautl.pod (81%) rename deps/openssl/openssl/doc/{apps => man1}/s_client.pod (61%) rename deps/openssl/openssl/doc/{apps => man1}/s_server.pod (55%) rename deps/openssl/openssl/doc/{apps => man1}/s_time.pod (77%) rename deps/openssl/openssl/doc/{apps => man1}/sess_id.pod (71%) rename deps/openssl/openssl/doc/{apps => man1}/smime.pod (83%) create mode 100644 deps/openssl/openssl/doc/man1/speed.pod rename deps/openssl/openssl/doc/{apps => man1}/spkac.pod (71%) create mode 100644 deps/openssl/openssl/doc/man1/srp.pod create mode 100644 deps/openssl/openssl/doc/man1/storeutl.pod rename deps/openssl/openssl/doc/{apps => man1}/ts.pod (95%) rename deps/openssl/openssl/doc/{apps => man1}/tsget.pod (99%) rename deps/openssl/openssl/doc/{apps => man1}/verify.pod (89%) rename deps/openssl/openssl/doc/{apps => man1}/version.pod (74%) rename deps/openssl/openssl/doc/{apps => man1}/x509.pod (76%) create mode 100644 deps/openssl/openssl/doc/man3/ADMISSIONS.pod rename deps/openssl/openssl/doc/{crypto => man3}/ASN1_INTEGER_get_int64.pod (100%) create mode 100644 deps/openssl/openssl/doc/man3/ASN1_ITEM_lookup.pod rename deps/openssl/openssl/doc/{crypto => man3}/ASN1_OBJECT_new.pod (100%) create mode 100644 deps/openssl/openssl/doc/man3/ASN1_STRING_TABLE_add.pod rename deps/openssl/openssl/doc/{crypto => man3}/ASN1_STRING_length.pod (83%) rename deps/openssl/openssl/doc/{crypto => man3}/ASN1_STRING_new.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/ASN1_STRING_print_ex.pod (90%) create mode 100644 deps/openssl/openssl/doc/man3/ASN1_TIME_set.pod rename deps/openssl/openssl/doc/{crypto => man3}/ASN1_TYPE_get.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/ASN1_generate_nconf.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/ASYNC_WAIT_CTX_new.pod (98%) rename deps/openssl/openssl/doc/{crypto => man3}/ASYNC_start_job.pod (97%) rename deps/openssl/openssl/doc/{crypto => man3}/BF_encrypt.pod (92%) rename deps/openssl/openssl/doc/{crypto => man3}/BIO_ADDR.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/BIO_ADDRINFO.pod (60%) rename deps/openssl/openssl/doc/{crypto => man3}/BIO_connect.pod (82%) rename deps/openssl/openssl/doc/{crypto => man3}/BIO_ctrl.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/BIO_f_base64.pod (96%) rename deps/openssl/openssl/doc/{crypto => man3}/BIO_f_buffer.pod (97%) rename deps/openssl/openssl/doc/{crypto => man3}/BIO_f_cipher.pod (97%) rename deps/openssl/openssl/doc/{crypto => man3}/BIO_f_md.pod (87%) rename deps/openssl/openssl/doc/{crypto => man3}/BIO_f_null.pod (95%) rename deps/openssl/openssl/doc/{crypto => man3}/BIO_f_ssl.pod (90%) rename deps/openssl/openssl/doc/{crypto => man3}/BIO_find_type.pod (89%) rename deps/openssl/openssl/doc/{crypto => man3}/BIO_get_data.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/BIO_get_ex_new_index.pod (80%) rename deps/openssl/openssl/doc/{crypto => man3}/BIO_meth_new.pod (52%) rename deps/openssl/openssl/doc/{crypto => man3}/BIO_new.pod (88%) rename deps/openssl/openssl/doc/{crypto => man3}/BIO_new_CMS.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/BIO_parse_hostserv.pod (93%) rename deps/openssl/openssl/doc/{crypto => man3}/BIO_printf.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/BIO_push.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/BIO_read.pod (66%) rename deps/openssl/openssl/doc/{crypto => man3}/BIO_s_accept.pod (90%) rename deps/openssl/openssl/doc/{crypto => man3}/BIO_s_bio.pod (88%) rename deps/openssl/openssl/doc/{crypto => man3}/BIO_s_connect.pod (81%) rename deps/openssl/openssl/doc/{crypto => man3}/BIO_s_fd.pod (89%) rename deps/openssl/openssl/doc/{crypto => man3}/BIO_s_file.pod (88%) rename deps/openssl/openssl/doc/{crypto => man3}/BIO_s_mem.pod (88%) rename deps/openssl/openssl/doc/{crypto => man3}/BIO_s_null.pod (96%) rename deps/openssl/openssl/doc/{crypto => man3}/BIO_s_socket.pod (95%) rename deps/openssl/openssl/doc/{crypto => man3}/BIO_set_callback.pod (85%) rename deps/openssl/openssl/doc/{crypto => man3}/BIO_should_retry.pod (85%) rename deps/openssl/openssl/doc/{crypto => man3}/BN_BLINDING_new.pod (86%) rename deps/openssl/openssl/doc/{crypto => man3}/BN_CTX_new.pod (77%) rename deps/openssl/openssl/doc/{crypto => man3}/BN_CTX_start.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/BN_add.pod (96%) rename deps/openssl/openssl/doc/{crypto => man3}/BN_add_word.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/BN_bn2bin.pod (98%) rename deps/openssl/openssl/doc/{crypto => man3}/BN_cmp.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/BN_copy.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/BN_generate_prime.pod (80%) rename deps/openssl/openssl/doc/{crypto => man3}/BN_mod_inverse.pod (96%) rename deps/openssl/openssl/doc/{crypto => man3}/BN_mod_mul_montgomery.pod (94%) rename deps/openssl/openssl/doc/{crypto => man3}/BN_mod_mul_reciprocal.pod (96%) rename deps/openssl/openssl/doc/{crypto => man3}/BN_new.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/BN_num_bytes.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/BN_rand.pod (56%) create mode 100644 deps/openssl/openssl/doc/man3/BN_security_bits.pod rename deps/openssl/openssl/doc/{crypto => man3}/BN_set_bit.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/BN_swap.pod (79%) rename deps/openssl/openssl/doc/{crypto => man3}/BN_zero.pod (81%) rename deps/openssl/openssl/doc/{crypto => man3}/BUF_MEM_new.pod (95%) rename deps/openssl/openssl/doc/{crypto => man3}/CMS_add0_cert.pod (99%) rename deps/openssl/openssl/doc/{crypto => man3}/CMS_add1_recipient_cert.pod (83%) rename deps/openssl/openssl/doc/{crypto => man3}/CMS_add1_signer.pod (97%) rename deps/openssl/openssl/doc/{crypto => man3}/CMS_compress.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/CMS_decrypt.pod (95%) rename deps/openssl/openssl/doc/{crypto => man3}/CMS_encrypt.pod (96%) rename deps/openssl/openssl/doc/{crypto => man3}/CMS_final.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/CMS_get0_RecipientInfos.pod (86%) rename deps/openssl/openssl/doc/{crypto => man3}/CMS_get0_SignerInfos.pod (97%) rename deps/openssl/openssl/doc/{crypto => man3}/CMS_get0_type.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/CMS_get1_ReceiptRequest.pod (85%) rename deps/openssl/openssl/doc/{crypto => man3}/CMS_sign.pod (98%) rename deps/openssl/openssl/doc/{crypto => man3}/CMS_sign_receipt.pod (91%) rename deps/openssl/openssl/doc/{crypto => man3}/CMS_uncompress.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/CMS_verify.pod (98%) rename deps/openssl/openssl/doc/{crypto => man3}/CMS_verify_receipt.pod (92%) rename deps/openssl/openssl/doc/{crypto => man3}/CONF_modules_free.pod (69%) rename deps/openssl/openssl/doc/{crypto => man3}/CONF_modules_load_file.pod (77%) rename deps/openssl/openssl/doc/{crypto => man3}/CRYPTO_THREAD_run_once.pod (78%) rename deps/openssl/openssl/doc/{crypto => man3}/CRYPTO_get_ex_new_index.pod (94%) rename deps/openssl/openssl/doc/{crypto => man3}/CTLOG_STORE_get0_log_by_id.pod (99%) rename deps/openssl/openssl/doc/{crypto => man3}/CTLOG_STORE_new.pod (99%) rename deps/openssl/openssl/doc/{crypto => man3}/CTLOG_new.pod (99%) rename deps/openssl/openssl/doc/{crypto => man3}/CT_POLICY_EVAL_CTX_new.pod (82%) rename deps/openssl/openssl/doc/{crypto => man3}/DEFINE_STACK_OF.pod (77%) rename deps/openssl/openssl/doc/{crypto => man3}/DES_random_key.pod (71%) rename deps/openssl/openssl/doc/{crypto => man3}/DH_generate_key.pod (95%) rename deps/openssl/openssl/doc/{crypto => man3}/DH_generate_parameters.pod (69%) rename deps/openssl/openssl/doc/{crypto => man3}/DH_get0_pqg.pod (77%) rename deps/openssl/openssl/doc/{crypto => man3}/DH_get_1024_160.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/DH_meth_new.pod (89%) rename deps/openssl/openssl/doc/{crypto => man3}/DH_new.pod (96%) create mode 100644 deps/openssl/openssl/doc/man3/DH_new_by_nid.pod rename deps/openssl/openssl/doc/{crypto => man3}/DH_set_method.pod (98%) rename deps/openssl/openssl/doc/{crypto => man3}/DH_size.pod (51%) rename deps/openssl/openssl/doc/{crypto => man3}/DSA_SIG_new.pod (97%) rename deps/openssl/openssl/doc/{crypto => man3}/DSA_do_sign.pod (93%) rename deps/openssl/openssl/doc/{crypto => man3}/DSA_dup_DH.pod (82%) rename deps/openssl/openssl/doc/{crypto => man3}/DSA_generate_key.pod (81%) rename deps/openssl/openssl/doc/{crypto => man3}/DSA_generate_parameters.pod (78%) rename deps/openssl/openssl/doc/{crypto => man3}/DSA_get0_pqg.pod (83%) rename deps/openssl/openssl/doc/{crypto => man3}/DSA_meth_new.pod (68%) rename deps/openssl/openssl/doc/{crypto => man3}/DSA_new.pod (96%) rename deps/openssl/openssl/doc/{crypto => man3}/DSA_set_method.pod (98%) rename deps/openssl/openssl/doc/{crypto => man3}/DSA_sign.pod (84%) rename deps/openssl/openssl/doc/{crypto => man3}/DSA_size.pod (66%) create mode 100644 deps/openssl/openssl/doc/man3/DTLS_get_data_mtu.pod create mode 100644 deps/openssl/openssl/doc/man3/DTLS_set_timer_cb.pod create mode 100644 deps/openssl/openssl/doc/man3/DTLSv1_listen.pod rename deps/openssl/openssl/doc/{crypto => man3}/ECDSA_SIG_new.pod (88%) rename deps/openssl/openssl/doc/{crypto => man3}/ECPKParameters_print.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/EC_GFp_simple_method.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/EC_GROUP_copy.pod (98%) rename deps/openssl/openssl/doc/{crypto => man3}/EC_GROUP_new.pod (64%) rename deps/openssl/openssl/doc/{crypto => man3}/EC_KEY_get_enc_flags.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/EC_KEY_new.pod (95%) rename deps/openssl/openssl/doc/{crypto => man3}/EC_POINT_add.pod (71%) rename deps/openssl/openssl/doc/{crypto => man3}/EC_POINT_new.pod (80%) rename deps/openssl/openssl/doc/{crypto => man3}/ENGINE_add.pod (85%) rename deps/openssl/openssl/doc/{crypto => man3}/ERR_GET_LIB.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/ERR_clear_error.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/ERR_error_string.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/ERR_get_error.pod (92%) rename deps/openssl/openssl/doc/{crypto => man3}/ERR_load_crypto_strings.pod (76%) rename deps/openssl/openssl/doc/{crypto => man3}/ERR_load_strings.pod (90%) rename deps/openssl/openssl/doc/{crypto => man3}/ERR_print_errors.pod (97%) rename deps/openssl/openssl/doc/{crypto => man3}/ERR_put_error.pod (94%) create mode 100644 deps/openssl/openssl/doc/man3/ERR_remove_state.pod rename deps/openssl/openssl/doc/{crypto => man3}/ERR_set_mark.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/EVP_BytesToKey.pod (98%) rename deps/openssl/openssl/doc/{crypto => man3}/EVP_CIPHER_CTX_get_cipher_data.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/EVP_CIPHER_meth_new.pod (88%) create mode 100644 deps/openssl/openssl/doc/man3/EVP_DigestInit.pod rename deps/openssl/openssl/doc/{crypto => man3}/EVP_DigestSignInit.pod (67%) rename deps/openssl/openssl/doc/{crypto => man3}/EVP_DigestVerifyInit.pod (62%) rename deps/openssl/openssl/doc/{crypto => man3}/EVP_EncodeInit.pod (98%) rename deps/openssl/openssl/doc/{crypto => man3}/EVP_EncryptInit.pod (54%) rename deps/openssl/openssl/doc/{crypto => man3}/EVP_MD_meth_new.pod (99%) rename deps/openssl/openssl/doc/{crypto => man3}/EVP_OpenInit.pod (90%) rename deps/openssl/openssl/doc/{crypto => man3}/EVP_PKEY_ASN1_METHOD.pod (78%) create mode 100644 deps/openssl/openssl/doc/man3/EVP_PKEY_CTX_ctrl.pod rename deps/openssl/openssl/doc/{crypto => man3}/EVP_PKEY_CTX_new.pod (100%) create mode 100644 deps/openssl/openssl/doc/man3/EVP_PKEY_CTX_set1_pbe_pass.pod rename deps/openssl/openssl/doc/{crypto => man3}/EVP_PKEY_CTX_set_hkdf_md.pod (57%) create mode 100644 deps/openssl/openssl/doc/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod create mode 100644 deps/openssl/openssl/doc/man3/EVP_PKEY_CTX_set_scrypt_N.pod rename deps/openssl/openssl/doc/{crypto => man3}/EVP_PKEY_CTX_set_tls1_prf_md.pod (95%) rename deps/openssl/openssl/doc/{crypto => man3}/EVP_PKEY_asn1_get_count.pod (98%) rename deps/openssl/openssl/doc/{crypto => man3}/EVP_PKEY_cmp.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/EVP_PKEY_decrypt.pod (85%) rename deps/openssl/openssl/doc/{crypto => man3}/EVP_PKEY_derive.pod (89%) rename deps/openssl/openssl/doc/{crypto => man3}/EVP_PKEY_encrypt.pod (89%) rename deps/openssl/openssl/doc/{crypto => man3}/EVP_PKEY_get_default_digest_nid.pod (85%) rename deps/openssl/openssl/doc/{crypto => man3}/EVP_PKEY_keygen.pod (72%) create mode 100644 deps/openssl/openssl/doc/man3/EVP_PKEY_meth_get_count.pod create mode 100644 deps/openssl/openssl/doc/man3/EVP_PKEY_meth_new.pod create mode 100644 deps/openssl/openssl/doc/man3/EVP_PKEY_new.pod rename deps/openssl/openssl/doc/{crypto => man3}/EVP_PKEY_print_private.pod (86%) rename deps/openssl/openssl/doc/{crypto => man3}/EVP_PKEY_set1_RSA.pod (70%) rename deps/openssl/openssl/doc/{crypto => man3}/EVP_PKEY_sign.pod (91%) rename deps/openssl/openssl/doc/{crypto => man3}/EVP_PKEY_verify.pod (82%) rename deps/openssl/openssl/doc/{crypto => man3}/EVP_PKEY_verify_recover.pod (86%) rename deps/openssl/openssl/doc/{crypto => man3}/EVP_SealInit.pod (95%) rename deps/openssl/openssl/doc/{crypto => man3}/EVP_SignInit.pod (89%) rename deps/openssl/openssl/doc/{crypto => man3}/EVP_VerifyInit.pod (95%) create mode 100644 deps/openssl/openssl/doc/man3/EVP_aes.pod create mode 100644 deps/openssl/openssl/doc/man3/EVP_aria.pod create mode 100644 deps/openssl/openssl/doc/man3/EVP_bf_cbc.pod create mode 100644 deps/openssl/openssl/doc/man3/EVP_blake2b512.pod create mode 100644 deps/openssl/openssl/doc/man3/EVP_camellia.pod create mode 100644 deps/openssl/openssl/doc/man3/EVP_cast5_cbc.pod create mode 100644 deps/openssl/openssl/doc/man3/EVP_chacha20.pod create mode 100644 deps/openssl/openssl/doc/man3/EVP_des.pod create mode 100644 deps/openssl/openssl/doc/man3/EVP_desx_cbc.pod create mode 100644 deps/openssl/openssl/doc/man3/EVP_idea_cbc.pod create mode 100644 deps/openssl/openssl/doc/man3/EVP_md2.pod create mode 100644 deps/openssl/openssl/doc/man3/EVP_md4.pod create mode 100644 deps/openssl/openssl/doc/man3/EVP_md5.pod create mode 100644 deps/openssl/openssl/doc/man3/EVP_mdc2.pod create mode 100644 deps/openssl/openssl/doc/man3/EVP_rc2_cbc.pod create mode 100644 deps/openssl/openssl/doc/man3/EVP_rc4.pod create mode 100644 deps/openssl/openssl/doc/man3/EVP_rc5_32_12_16_cbc.pod create mode 100644 deps/openssl/openssl/doc/man3/EVP_ripemd160.pod create mode 100644 deps/openssl/openssl/doc/man3/EVP_seed_cbc.pod create mode 100644 deps/openssl/openssl/doc/man3/EVP_sha1.pod create mode 100644 deps/openssl/openssl/doc/man3/EVP_sha224.pod create mode 100644 deps/openssl/openssl/doc/man3/EVP_sha3_224.pod create mode 100644 deps/openssl/openssl/doc/man3/EVP_sm3.pod create mode 100644 deps/openssl/openssl/doc/man3/EVP_sm4_cbc.pod create mode 100644 deps/openssl/openssl/doc/man3/EVP_whirlpool.pod rename deps/openssl/openssl/doc/{crypto => man3}/HMAC.pod (81%) rename deps/openssl/openssl/doc/{crypto => man3}/MD5.pod (80%) rename deps/openssl/openssl/doc/{crypto => man3}/MDC2_Init.pod (88%) rename deps/openssl/openssl/doc/{crypto => man3}/OBJ_nid2obj.pod (90%) rename deps/openssl/openssl/doc/{crypto => man3}/OCSP_REQUEST_new.pod (97%) rename deps/openssl/openssl/doc/{crypto => man3}/OCSP_cert_to_id.pod (98%) rename deps/openssl/openssl/doc/{crypto => man3}/OCSP_request_add1_nonce.pod (98%) rename deps/openssl/openssl/doc/{crypto => man3}/OCSP_resp_find_status.pod (94%) rename deps/openssl/openssl/doc/{crypto => man3}/OCSP_response_status.pod (71%) rename deps/openssl/openssl/doc/{crypto => man3}/OCSP_sendreq_new.pod (98%) rename deps/openssl/openssl/doc/{crypto => man3}/OPENSSL_Applink.pod (90%) rename deps/openssl/openssl/doc/{crypto => man3}/OPENSSL_LH_COMPFUNC.pod (89%) rename deps/openssl/openssl/doc/{crypto => man3}/OPENSSL_LH_stats.pod (86%) rename deps/openssl/openssl/doc/{crypto => man3}/OPENSSL_VERSION_NUMBER.pod (95%) rename deps/openssl/openssl/doc/{crypto => man3}/OPENSSL_config.pod (91%) create mode 100644 deps/openssl/openssl/doc/man3/OPENSSL_fork_prepare.pod rename deps/openssl/openssl/doc/{crypto => man3}/OPENSSL_ia32cap.pod (80%) rename deps/openssl/openssl/doc/{crypto => man3}/OPENSSL_init_crypto.pod (93%) rename deps/openssl/openssl/doc/{ssl => man3}/OPENSSL_init_ssl.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/OPENSSL_instrument_bus.pod (92%) rename deps/openssl/openssl/doc/{crypto => man3}/OPENSSL_load_builtin_modules.pod (90%) rename deps/openssl/openssl/doc/{crypto => man3}/OPENSSL_malloc.pod (77%) rename deps/openssl/openssl/doc/{crypto => man3}/OPENSSL_secure_malloc.pod (91%) create mode 100644 deps/openssl/openssl/doc/man3/OSSL_STORE_INFO.pod create mode 100644 deps/openssl/openssl/doc/man3/OSSL_STORE_LOADER.pod create mode 100644 deps/openssl/openssl/doc/man3/OSSL_STORE_SEARCH.pod create mode 100644 deps/openssl/openssl/doc/man3/OSSL_STORE_expect.pod create mode 100644 deps/openssl/openssl/doc/man3/OSSL_STORE_open.pod rename deps/openssl/openssl/doc/{crypto => man3}/OpenSSL_add_all_algorithms.pod (50%) create mode 100644 deps/openssl/openssl/doc/man3/PEM_bytes_read_bio.pod rename deps/openssl/openssl/doc/{crypto => man3}/PEM_read.pod (95%) rename deps/openssl/openssl/doc/{crypto => man3}/PEM_read_CMS.pod (90%) rename deps/openssl/openssl/doc/{crypto => man3}/PEM_read_bio_PrivateKey.pod (95%) create mode 100644 deps/openssl/openssl/doc/man3/PEM_read_bio_ex.pod rename deps/openssl/openssl/doc/{crypto => man3}/PEM_write_bio_CMS_stream.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/PEM_write_bio_PKCS7_stream.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/PKCS12_create.pod (85%) rename deps/openssl/openssl/doc/{crypto => man3}/PKCS12_newpass.pod (67%) rename deps/openssl/openssl/doc/{crypto => man3}/PKCS12_parse.pod (95%) rename deps/openssl/openssl/doc/{crypto => man3}/PKCS5_PBKDF2_HMAC.pod (83%) rename deps/openssl/openssl/doc/{crypto => man3}/PKCS7_decrypt.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/PKCS7_encrypt.pod (98%) rename deps/openssl/openssl/doc/{crypto => man3}/PKCS7_sign.pod (98%) rename deps/openssl/openssl/doc/{crypto => man3}/PKCS7_sign_add_signer.pod (97%) rename deps/openssl/openssl/doc/{crypto => man3}/PKCS7_verify.pod (98%) create mode 100644 deps/openssl/openssl/doc/man3/RAND_DRBG_generate.pod create mode 100644 deps/openssl/openssl/doc/man3/RAND_DRBG_get0_master.pod create mode 100644 deps/openssl/openssl/doc/man3/RAND_DRBG_new.pod create mode 100644 deps/openssl/openssl/doc/man3/RAND_DRBG_reseed.pod create mode 100644 deps/openssl/openssl/doc/man3/RAND_DRBG_set_callbacks.pod create mode 100644 deps/openssl/openssl/doc/man3/RAND_DRBG_set_ex_data.pod create mode 100644 deps/openssl/openssl/doc/man3/RAND_add.pod create mode 100644 deps/openssl/openssl/doc/man3/RAND_bytes.pod rename deps/openssl/openssl/doc/{crypto => man3}/RAND_cleanup.pod (55%) create mode 100644 deps/openssl/openssl/doc/man3/RAND_egd.pod rename deps/openssl/openssl/doc/{crypto => man3}/RAND_load_file.pod (64%) create mode 100644 deps/openssl/openssl/doc/man3/RAND_set_rand_method.pod rename deps/openssl/openssl/doc/{crypto => man3}/RC4_set_key.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/RIPEMD160_Init.pod (87%) rename deps/openssl/openssl/doc/{crypto => man3}/RSA_blinding_on.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/RSA_check_key.pod (96%) create mode 100644 deps/openssl/openssl/doc/man3/RSA_generate_key.pod rename deps/openssl/openssl/doc/{crypto => man3}/RSA_get0_key.pod (53%) rename deps/openssl/openssl/doc/{crypto => man3}/RSA_meth_new.pod (55%) rename deps/openssl/openssl/doc/{crypto => man3}/RSA_new.pod (98%) rename deps/openssl/openssl/doc/{crypto => man3}/RSA_padding_add_PKCS1_type_1.pod (82%) rename deps/openssl/openssl/doc/{crypto => man3}/RSA_print.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/RSA_private_encrypt.pod (88%) rename deps/openssl/openssl/doc/{crypto => man3}/RSA_public_encrypt.pod (89%) rename deps/openssl/openssl/doc/{crypto => man3}/RSA_set_method.pod (78%) rename deps/openssl/openssl/doc/{crypto => man3}/RSA_sign.pod (92%) rename deps/openssl/openssl/doc/{crypto => man3}/RSA_sign_ASN1_OCTET_STRING.pod (83%) rename deps/openssl/openssl/doc/{crypto => man3}/RSA_size.pod (54%) rename deps/openssl/openssl/doc/{crypto => man3}/SCT_new.pod (80%) rename deps/openssl/openssl/doc/{crypto => man3}/SCT_print.pod (87%) rename deps/openssl/openssl/doc/{crypto => man3}/SCT_validate.pod (87%) rename deps/openssl/openssl/doc/{crypto => man3}/SHA256_Init.pod (94%) rename deps/openssl/openssl/doc/{crypto => man3}/SMIME_read_CMS.pod (96%) rename deps/openssl/openssl/doc/{crypto => man3}/SMIME_read_PKCS7.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/SMIME_write_CMS.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/SMIME_write_PKCS7.pod (100%) create mode 100644 deps/openssl/openssl/doc/man3/SSL_CIPHER_get_name.pod rename deps/openssl/openssl/doc/{ssl => man3}/SSL_COMP_add_compression_method.pod (83%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CONF_CTX_new.pod (100%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CONF_CTX_set1_prefix.pod (99%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CONF_CTX_set_flags.pod (97%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CONF_CTX_set_ssl_ctx.pod (100%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CONF_cmd.pod (61%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CONF_cmd_argv.pod (96%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_add1_chain_cert.pod (97%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_add_extra_chain_cert.pod (99%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_add_session.pod (77%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_config.pod (93%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_ctrl.pod (99%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_dane_enable.pod (72%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_flush_sessions.pod (81%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_free.pod (97%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_get0_param.pod (100%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_get_verify_mode.pod (98%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_has_client_custom_ext.pod (98%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_load_verify_locations.pod (99%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_new.pod (91%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_sess_number.pod (93%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_sess_set_cache_size.pod (99%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_sess_set_get_cb.pod (63%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_sessions.pod (76%) create mode 100644 deps/openssl/openssl/doc/man3/SSL_CTX_set0_CA_list.pod create mode 100644 deps/openssl/openssl/doc/man3/SSL_CTX_set1_curves.pod rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_set1_sigalgs.pod (82%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_set1_verify_cert_store.pod (100%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_set_alpn_select_cb.pod (100%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_set_cert_cb.pod (86%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_set_cert_store.pod (72%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_set_cert_verify_callback.pod (77%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_set_cipher_list.pod (57%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_set_client_cert_cb.pod (89%) create mode 100644 deps/openssl/openssl/doc/man3/SSL_CTX_set_client_hello_cb.pod rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_set_ct_validation_callback.pod (99%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_set_ctlog_list_file.pod (98%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_set_default_passwd_cb.pod (97%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_set_ex_data.pod (100%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_set_generate_session_id.pod (84%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_set_info_callback.pod (59%) create mode 100644 deps/openssl/openssl/doc/man3/SSL_CTX_set_keylog_callback.pod rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_set_max_cert_list.pod (99%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_set_min_proto_version.pod (95%) create mode 100644 deps/openssl/openssl/doc/man3/SSL_CTX_set_mode.pod create mode 100644 deps/openssl/openssl/doc/man3/SSL_CTX_set_msg_callback.pod create mode 100644 deps/openssl/openssl/doc/man3/SSL_CTX_set_num_tickets.pod rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_set_options.pod (66%) create mode 100644 deps/openssl/openssl/doc/man3/SSL_CTX_set_psk_client_callback.pod rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_set_quiet_shutdown.pod (90%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_set_read_ahead.pod (64%) create mode 100644 deps/openssl/openssl/doc/man3/SSL_CTX_set_record_padding_callback.pod rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_set_security_level.pod (73%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_set_session_cache_mode.pod (99%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_set_session_id_context.pod (99%) create mode 100644 deps/openssl/openssl/doc/man3/SSL_CTX_set_session_ticket_cb.pod rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_set_split_send_fragment.pod (65%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_set_ssl_version.pod (98%) create mode 100644 deps/openssl/openssl/doc/man3/SSL_CTX_set_stateless_cookie_generate_cb.pod rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_set_timeout.pod (99%) create mode 100644 deps/openssl/openssl/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_set_tlsext_status_cb.pod (95%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_set_tlsext_ticket_key_cb.pod (71%) rename deps/openssl/openssl/doc/{crypto => man3}/SSL_CTX_set_tlsext_use_srtp.pod (96%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_set_tmp_dh_callback.pod (84%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_set_verify.pod (62%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_CTX_use_certificate.pod (86%) create mode 100644 deps/openssl/openssl/doc/man3/SSL_CTX_use_psk_identity_hint.pod create mode 100644 deps/openssl/openssl/doc/man3/SSL_CTX_use_serverinfo.pod rename deps/openssl/openssl/doc/{ssl => man3}/SSL_SESSION_free.pod (90%) create mode 100644 deps/openssl/openssl/doc/man3/SSL_SESSION_get0_cipher.pod create mode 100644 deps/openssl/openssl/doc/man3/SSL_SESSION_get0_hostname.pod rename deps/openssl/openssl/doc/{ssl => man3}/SSL_SESSION_get0_id_context.pod (99%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_SESSION_get0_peer.pod (98%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_SESSION_get_compress_id.pod (98%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_SESSION_get_ex_data.pod (99%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_SESSION_get_protocol_version.pod (52%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_SESSION_get_time.pod (100%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_SESSION_has_ticket.pod (87%) create mode 100644 deps/openssl/openssl/doc/man3/SSL_SESSION_is_resumable.pod rename deps/openssl/openssl/doc/{ssl => man3}/SSL_SESSION_print.pod (99%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_SESSION_set1_id.pod (93%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_accept.pod (98%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_alert_type_string.pod (99%) create mode 100644 deps/openssl/openssl/doc/man3/SSL_alloc_buffers.pod rename deps/openssl/openssl/doc/{ssl => man3}/SSL_check_chain.pod (92%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_clear.pod (98%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_connect.pod (70%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_do_handshake.pod (98%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_export_keying_material.pod (56%) create mode 100644 deps/openssl/openssl/doc/man3/SSL_extension_supported.pod rename deps/openssl/openssl/doc/{ssl => man3}/SSL_free.pod (99%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_get0_peer_scts.pod (99%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_get_SSL_CTX.pod (96%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_get_all_async_fds.pod (100%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_get_ciphers.pod (83%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_get_client_random.pod (65%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_get_current_cipher.pod (50%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_get_default_timeout.pod (99%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_get_error.pod (62%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_get_extms_support.pod (98%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_get_fd.pod (96%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_get_peer_cert_chain.pod (97%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_get_peer_certificate.pod (97%) create mode 100644 deps/openssl/openssl/doc/man3/SSL_get_peer_signature_nid.pod create mode 100644 deps/openssl/openssl/doc/man3/SSL_get_peer_tmp_key.pod rename deps/openssl/openssl/doc/{ssl => man3}/SSL_get_psk_identity.pod (98%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_get_rbio.pod (95%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_get_session.pod (64%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_get_shared_sigalgs.pod (91%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_get_verify_result.pod (97%) create mode 100644 deps/openssl/openssl/doc/man3/SSL_get_version.pod create mode 100644 deps/openssl/openssl/doc/man3/SSL_in_init.pod create mode 100644 deps/openssl/openssl/doc/man3/SSL_key_update.pod rename deps/openssl/openssl/doc/{ssl => man3}/SSL_library_init.pod (100%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_load_client_CA_file.pod (94%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_new.pod (72%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_pending.pod (75%) create mode 100644 deps/openssl/openssl/doc/man3/SSL_read.pod create mode 100644 deps/openssl/openssl/doc/man3/SSL_read_early_data.pod rename deps/openssl/openssl/doc/{ssl => man3}/SSL_rstate_string.pod (99%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_session_reused.pod (96%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_set1_host.pod (89%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_set_bio.pod (55%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_set_connect_state.pod (58%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_set_fd.pod (97%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_set_session.pod (98%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_set_shutdown.pod (82%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_set_verify_result.pod (96%) create mode 100644 deps/openssl/openssl/doc/man3/SSL_shutdown.pod rename deps/openssl/openssl/doc/{ssl => man3}/SSL_state_string.pod (97%) rename deps/openssl/openssl/doc/{ssl => man3}/SSL_want.pod (79%) create mode 100644 deps/openssl/openssl/doc/man3/SSL_write.pod rename deps/openssl/openssl/doc/{crypto => man3}/UI_STRING.pod (80%) create mode 100644 deps/openssl/openssl/doc/man3/UI_UTIL_read_pw.pod rename deps/openssl/openssl/doc/{crypto => man3}/UI_create_method.pod (81%) rename deps/openssl/openssl/doc/{crypto => man3}/UI_new.pod (70%) rename deps/openssl/openssl/doc/{crypto => man3}/X509V3_get_d2i.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/X509_ALGOR_dup.pod (81%) rename deps/openssl/openssl/doc/{crypto => man3}/X509_CRL_get0_by_serial.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/X509_EXTENSION_set_object.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/X509_LOOKUP_hash_dir.pod (88%) rename deps/openssl/openssl/doc/{crypto => man3}/X509_LOOKUP_meth_new.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/X509_NAME_ENTRY_get_object.pod (64%) rename deps/openssl/openssl/doc/{crypto => man3}/X509_NAME_add_entry_by_txt.pod (87%) rename deps/openssl/openssl/doc/{crypto => man3}/X509_NAME_get0_der.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/X509_NAME_get_index_by_NID.pod (86%) rename deps/openssl/openssl/doc/{crypto => man3}/X509_NAME_print_ex.pod (86%) rename deps/openssl/openssl/doc/{crypto => man3}/X509_PUBKEY_new.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/X509_SIG_get0.pod (86%) rename deps/openssl/openssl/doc/{crypto => man3}/X509_STORE_CTX_get_error.pod (99%) rename deps/openssl/openssl/doc/{crypto => man3}/X509_STORE_CTX_new.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/X509_STORE_CTX_set_verify_cb.pod (67%) create mode 100644 deps/openssl/openssl/doc/man3/X509_STORE_add_cert.pod rename deps/openssl/openssl/doc/{crypto => man3}/X509_STORE_get0_param.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/X509_STORE_new.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/X509_STORE_set_verify_cb_func.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/X509_VERIFY_PARAM_set_flags.pod (95%) rename deps/openssl/openssl/doc/{crypto => man3}/X509_check_ca.pod (87%) rename deps/openssl/openssl/doc/{crypto => man3}/X509_check_host.pod (99%) rename deps/openssl/openssl/doc/{crypto => man3}/X509_check_issued.pod (92%) create mode 100644 deps/openssl/openssl/doc/man3/X509_check_private_key.pod create mode 100644 deps/openssl/openssl/doc/man3/X509_cmp_time.pod rename deps/openssl/openssl/doc/{crypto => man3}/X509_digest.pod (93%) rename deps/openssl/openssl/doc/{crypto => man3}/X509_dup.pod (95%) rename deps/openssl/openssl/doc/{crypto => man3}/X509_get0_notBefore.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/X509_get0_signature.pod (65%) rename deps/openssl/openssl/doc/{crypto => man3}/X509_get0_uids.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/X509_get_extension_flags.pod (92%) rename deps/openssl/openssl/doc/{crypto => man3}/X509_get_pubkey.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/X509_get_serialNumber.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/X509_get_subject_name.pod (97%) rename deps/openssl/openssl/doc/{crypto => man3}/X509_get_version.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/X509_new.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/X509_sign.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/X509_verify_cert.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/X509v3_get_ext_by_NID.pod (95%) rename deps/openssl/openssl/doc/{crypto => man3}/d2i_DHparams.pod (73%) rename deps/openssl/openssl/doc/{crypto => man3}/d2i_PKCS8PrivateKey_bio.pod (62%) rename deps/openssl/openssl/doc/{crypto => man3}/d2i_PrivateKey.pod (96%) rename deps/openssl/openssl/doc/{ssl => man3}/d2i_SSL_SESSION.pod (94%) rename deps/openssl/openssl/doc/{crypto => man3}/d2i_X509.pod (98%) rename deps/openssl/openssl/doc/{crypto => man3}/i2d_CMS_bio_stream.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/i2d_PKCS7_bio_stream.pod (100%) rename deps/openssl/openssl/doc/{crypto => man3}/i2d_re_X509_tbs.pod (88%) rename deps/openssl/openssl/doc/{crypto => man3}/o2i_SCT_LIST.pod (95%) rename deps/openssl/openssl/doc/{apps => man5}/config.pod (86%) rename deps/openssl/openssl/doc/{apps => man5}/x509v3_config.pod (98%) create mode 100644 deps/openssl/openssl/doc/man7/Ed25519.pod create mode 100644 deps/openssl/openssl/doc/man7/RAND.pod create mode 100644 deps/openssl/openssl/doc/man7/RAND_DRBG.pod create mode 100644 deps/openssl/openssl/doc/man7/RSA-PSS.pod create mode 100644 deps/openssl/openssl/doc/man7/SM2.pod create mode 100644 deps/openssl/openssl/doc/man7/X25519.pod rename deps/openssl/openssl/doc/{crypto => man7}/bio.pod (90%) rename deps/openssl/openssl/doc/{crypto => man7}/crypto.pod (96%) rename deps/openssl/openssl/doc/{crypto => man7}/ct.pod (97%) rename deps/openssl/openssl/doc/{crypto => man7}/des_modes.pod (98%) rename deps/openssl/openssl/doc/{crypto => man7}/evp.pod (79%) create mode 100644 deps/openssl/openssl/doc/man7/ossl_store-file.pod create mode 100644 deps/openssl/openssl/doc/man7/ossl_store.pod create mode 100644 deps/openssl/openssl/doc/man7/passphrase-encoding.pod create mode 100644 deps/openssl/openssl/doc/man7/scrypt.pod rename deps/openssl/openssl/doc/{ssl => man7}/ssl.pod (95%) rename deps/openssl/openssl/doc/{crypto => man7}/x509.pod (76%) delete mode 100644 deps/openssl/openssl/doc/ssl/DTLSv1_listen.pod delete mode 100644 deps/openssl/openssl/doc/ssl/SSL_CIPHER_get_name.pod delete mode 100644 deps/openssl/openssl/doc/ssl/SSL_CTX_set1_curves.pod delete mode 100644 deps/openssl/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod delete mode 100644 deps/openssl/openssl/doc/ssl/SSL_CTX_set_mode.pod delete mode 100644 deps/openssl/openssl/doc/ssl/SSL_CTX_set_msg_callback.pod delete mode 100644 deps/openssl/openssl/doc/ssl/SSL_CTX_set_psk_client_callback.pod delete mode 100644 deps/openssl/openssl/doc/ssl/SSL_CTX_use_psk_identity_hint.pod delete mode 100644 deps/openssl/openssl/doc/ssl/SSL_CTX_use_serverinfo.pod delete mode 100644 deps/openssl/openssl/doc/ssl/SSL_SESSION_get0_cipher.pod delete mode 100644 deps/openssl/openssl/doc/ssl/SSL_SESSION_get0_hostname.pod delete mode 100644 deps/openssl/openssl/doc/ssl/SSL_extension_supported.pod delete mode 100644 deps/openssl/openssl/doc/ssl/SSL_get_client_CA_list.pod delete mode 100644 deps/openssl/openssl/doc/ssl/SSL_get_version.pod delete mode 100644 deps/openssl/openssl/doc/ssl/SSL_read.pod delete mode 100644 deps/openssl/openssl/doc/ssl/SSL_shutdown.pod delete mode 100644 deps/openssl/openssl/doc/ssl/SSL_write.pod delete mode 100644 deps/openssl/openssl/engines/afalg/build.info delete mode 100644 deps/openssl/openssl/engines/afalg/e_afalg.ec delete mode 100644 deps/openssl/openssl/engines/afalg/e_afalg_err.c delete mode 100644 deps/openssl/openssl/engines/afalg/e_afalg_err.h rename deps/openssl/openssl/engines/{afalg => }/e_afalg.c (79%) create mode 100644 deps/openssl/openssl/engines/e_afalg.ec rename deps/openssl/openssl/engines/{afalg => }/e_afalg.h (89%) create mode 100644 deps/openssl/openssl/engines/e_afalg.txt create mode 100644 deps/openssl/openssl/engines/e_afalg_err.c create mode 100644 deps/openssl/openssl/engines/e_afalg_err.h create mode 100644 deps/openssl/openssl/engines/e_capi.txt delete mode 100644 deps/openssl/openssl/engines/e_chil.c delete mode 100644 deps/openssl/openssl/engines/e_chil.ec delete mode 100644 deps/openssl/openssl/engines/e_chil_err.c delete mode 100644 deps/openssl/openssl/engines/e_chil_err.h create mode 100644 deps/openssl/openssl/engines/e_dasync.txt create mode 100644 deps/openssl/openssl/engines/e_ossltest.txt delete mode 100644 deps/openssl/openssl/engines/e_padlock.ec delete mode 100644 deps/openssl/openssl/engines/vendor_defns/hwcryptohook.h create mode 100644 deps/openssl/openssl/fuzz/client.c create mode 100755 deps/openssl/openssl/fuzz/mkfuzzoids.pl create mode 100644 deps/openssl/openssl/fuzz/oids.txt create mode 100644 deps/openssl/openssl/fuzz/rand.inc rename deps/openssl/openssl/{crypto => }/include/internal/cryptlib.h (78%) create mode 100644 deps/openssl/openssl/include/internal/dsoerr.h rename deps/openssl/openssl/include/internal/{asn1t.h => nelem.h} (58%) create mode 100644 deps/openssl/openssl/include/internal/refcount.h create mode 100644 deps/openssl/openssl/include/internal/sockets.h create mode 100644 deps/openssl/openssl/include/internal/tsan_assist.h create mode 100644 deps/openssl/openssl/include/openssl/asn1err.h create mode 100644 deps/openssl/openssl/include/openssl/asyncerr.h create mode 100644 deps/openssl/openssl/include/openssl/bioerr.h create mode 100644 deps/openssl/openssl/include/openssl/bnerr.h create mode 100644 deps/openssl/openssl/include/openssl/buffererr.h create mode 100644 deps/openssl/openssl/include/openssl/cmserr.h create mode 100644 deps/openssl/openssl/include/openssl/comperr.h create mode 100644 deps/openssl/openssl/include/openssl/conferr.h create mode 100644 deps/openssl/openssl/include/openssl/cryptoerr.h create mode 100644 deps/openssl/openssl/include/openssl/cterr.h create mode 100644 deps/openssl/openssl/include/openssl/dherr.h create mode 100644 deps/openssl/openssl/include/openssl/dsaerr.h create mode 100644 deps/openssl/openssl/include/openssl/ecerr.h create mode 100644 deps/openssl/openssl/include/openssl/engineerr.h create mode 100644 deps/openssl/openssl/include/openssl/evperr.h create mode 100644 deps/openssl/openssl/include/openssl/kdferr.h create mode 100644 deps/openssl/openssl/include/openssl/objectserr.h create mode 100644 deps/openssl/openssl/include/openssl/ocsperr.h delete mode 100644 deps/openssl/openssl/include/openssl/opensslconf.h create mode 100644 deps/openssl/openssl/include/openssl/pemerr.h create mode 100644 deps/openssl/openssl/include/openssl/pkcs12err.h create mode 100644 deps/openssl/openssl/include/openssl/pkcs7err.h create mode 100644 deps/openssl/openssl/include/openssl/rand_drbg.h create mode 100644 deps/openssl/openssl/include/openssl/randerr.h create mode 100644 deps/openssl/openssl/include/openssl/rsaerr.h create mode 100644 deps/openssl/openssl/include/openssl/sslerr.h create mode 100644 deps/openssl/openssl/include/openssl/store.h create mode 100644 deps/openssl/openssl/include/openssl/storeerr.h create mode 100644 deps/openssl/openssl/include/openssl/tserr.h create mode 100644 deps/openssl/openssl/include/openssl/uierr.h create mode 100644 deps/openssl/openssl/include/openssl/x509err.h create mode 100644 deps/openssl/openssl/include/openssl/x509v3err.h delete mode 100755 deps/openssl/openssl/ms/segrenam.pl delete mode 100644 deps/openssl/openssl/ms/tlhelp32.h create mode 100644 deps/openssl/openssl/ssl/packet.c create mode 100644 deps/openssl/openssl/ssl/record/ssl3_record_tls13.c create mode 100644 deps/openssl/openssl/ssl/ssl_cert_table.h create mode 100644 deps/openssl/openssl/ssl/statem/extensions.c create mode 100644 deps/openssl/openssl/ssl/statem/extensions_clnt.c create mode 100644 deps/openssl/openssl/ssl/statem/extensions_cust.c create mode 100644 deps/openssl/openssl/ssl/statem/extensions_srvr.c delete mode 100644 deps/openssl/openssl/ssl/t1_ext.c delete mode 100644 deps/openssl/openssl/ssl/t1_reneg.c create mode 100644 deps/openssl/openssl/ssl/tls13_enc.c create mode 100644 deps/openssl/openssl/test/README.external create mode 100755 deps/openssl/openssl/test/bntests.pl create mode 100644 deps/openssl/openssl/test/certs/client-ed25519-cert.pem create mode 100644 deps/openssl/openssl/test/certs/client-ed25519-key.pem create mode 100644 deps/openssl/openssl/test/certs/client-ed448-cert.pem create mode 100644 deps/openssl/openssl/test/certs/client-ed448-key.pem create mode 100644 deps/openssl/openssl/test/certs/cyrillic.msb create mode 100644 deps/openssl/openssl/test/certs/cyrillic.pem create mode 100644 deps/openssl/openssl/test/certs/cyrillic.utf8 create mode 100644 deps/openssl/openssl/test/certs/cyrillic_crl.pem create mode 100644 deps/openssl/openssl/test/certs/cyrillic_crl.utf8 create mode 100644 deps/openssl/openssl/test/certs/dhp2048.pem create mode 100644 deps/openssl/openssl/test/certs/ee-ecdsa-client-chain.pem create mode 100644 deps/openssl/openssl/test/certs/ee-ecdsa-key.pem create mode 100644 deps/openssl/openssl/test/certs/ee-ed25519.pem create mode 100644 deps/openssl/openssl/test/certs/ee-pss-sha1-cert.pem create mode 100644 deps/openssl/openssl/test/certs/ee-pss-sha256-cert.pem create mode 100644 deps/openssl/openssl/test/certs/p256-server-cert.pem create mode 100644 deps/openssl/openssl/test/certs/p256-server-key.pem create mode 100644 deps/openssl/openssl/test/certs/p384-root-key.pem create mode 100644 deps/openssl/openssl/test/certs/p384-root.pem create mode 100644 deps/openssl/openssl/test/certs/p384-server-cert.pem create mode 100644 deps/openssl/openssl/test/certs/p384-server-key.pem create mode 100644 deps/openssl/openssl/test/certs/root-ed25519.pem create mode 100644 deps/openssl/openssl/test/certs/server-cecdsa-cert.pem create mode 100644 deps/openssl/openssl/test/certs/server-cecdsa-key.pem create mode 100644 deps/openssl/openssl/test/certs/server-dsa-cert.pem create mode 100644 deps/openssl/openssl/test/certs/server-dsa-key.pem create mode 100644 deps/openssl/openssl/test/certs/server-ecdsa-brainpoolP256r1-cert.pem create mode 100644 deps/openssl/openssl/test/certs/server-ecdsa-brainpoolP256r1-key.pem create mode 100644 deps/openssl/openssl/test/certs/server-ecdsa-cert.pem create mode 100644 deps/openssl/openssl/test/certs/server-ecdsa-key.pem create mode 100644 deps/openssl/openssl/test/certs/server-ed25519-cert.pem create mode 100644 deps/openssl/openssl/test/certs/server-ed25519-key.pem create mode 100644 deps/openssl/openssl/test/certs/server-ed448-cert.pem create mode 100644 deps/openssl/openssl/test/certs/server-ed448-key.pem create mode 100644 deps/openssl/openssl/test/certs/server-pss-cert.pem create mode 100644 deps/openssl/openssl/test/certs/server-pss-key.pem create mode 100644 deps/openssl/openssl/test/certs/x509-check-key.pem create mode 100644 deps/openssl/openssl/test/certs/x509-check.csr create mode 100644 deps/openssl/openssl/test/drbg_cavs_data.h create mode 100644 deps/openssl/openssl/test/drbgtest.h rename deps/openssl/openssl/{crypto/pkcs7/pk7_dgst.c => test/evp_test.h} (53%) delete mode 100644 deps/openssl/openssl/test/heartbeat_test.c delete mode 100644 deps/openssl/openssl/test/md4test.c delete mode 100644 deps/openssl/openssl/test/md5test.c delete mode 100644 deps/openssl/openssl/test/methtest.c create mode 100644 deps/openssl/openssl/test/ossl_shim/async_bio.cc create mode 100644 deps/openssl/openssl/test/ossl_shim/async_bio.h create mode 100644 deps/openssl/openssl/test/ossl_shim/build.info create mode 100644 deps/openssl/openssl/test/ossl_shim/include/openssl/base.h create mode 100644 deps/openssl/openssl/test/ossl_shim/ossl_config.json create mode 100644 deps/openssl/openssl/test/ossl_shim/ossl_shim.cc create mode 100644 deps/openssl/openssl/test/ossl_shim/packeted_bio.cc create mode 100644 deps/openssl/openssl/test/ossl_shim/packeted_bio.h create mode 100644 deps/openssl/openssl/test/ossl_shim/test_config.cc create mode 100644 deps/openssl/openssl/test/ossl_shim/test_config.h delete mode 100644 deps/openssl/openssl/test/p5_crpt2_test.c delete mode 100644 deps/openssl/openssl/test/randtest.c create mode 100644 deps/openssl/openssl/test/recipes/01-test_test.t create mode 100644 deps/openssl/openssl/test/recipes/02-test_internal_ctype.t create mode 100644 deps/openssl/openssl/test/recipes/02-test_lhash.t create mode 100644 deps/openssl/openssl/test/recipes/02-test_stack.t create mode 100644 deps/openssl/openssl/test/recipes/03-test_internal_asn1.t create mode 100644 deps/openssl/openssl/test/recipes/03-test_internal_chacha.t create mode 100644 deps/openssl/openssl/test/recipes/03-test_internal_curve448.t rename deps/openssl/openssl/test/recipes/{05-test_sha1.t => 03-test_internal_mdc2.t} (82%) create mode 100644 deps/openssl/openssl/test/recipes/03-test_internal_modes.t create mode 100644 deps/openssl/openssl/test/recipes/03-test_internal_poly1305.t create mode 100644 deps/openssl/openssl/test/recipes/03-test_internal_siphash.t create mode 100644 deps/openssl/openssl/test/recipes/03-test_internal_sm2.t create mode 100644 deps/openssl/openssl/test/recipes/03-test_internal_sm4.t create mode 100644 deps/openssl/openssl/test/recipes/03-test_internal_ssl_cert_table.t create mode 100644 deps/openssl/openssl/test/recipes/03-test_internal_x509.t rename deps/openssl/openssl/test/recipes/{05-test_md4.t => 04-test_asn1_decode.t} (72%) create mode 100644 deps/openssl/openssl/test/recipes/04-test_asn1_encode.t create mode 100644 deps/openssl/openssl/test/recipes/04-test_asn1_string_table.t create mode 100644 deps/openssl/openssl/test/recipes/04-test_bio_callback.t rename deps/openssl/openssl/test/recipes/{90-test_bioprint.t => 04-test_bioprint.t} (100%) delete mode 100644 deps/openssl/openssl/test/recipes/05-test_sha256.t delete mode 100644 deps/openssl/openssl/test/recipes/05-test_sha512.t delete mode 100644 deps/openssl/openssl/test/recipes/05-test_wp.t create mode 100644 deps/openssl/openssl/test/recipes/06-test-rdrand.t create mode 100644 deps/openssl/openssl/test/recipes/10-test_bn_data/bnexp.txt create mode 100644 deps/openssl/openssl/test/recipes/10-test_bn_data/bnmod.txt create mode 100644 deps/openssl/openssl/test/recipes/10-test_bn_data/bnmul.txt create mode 100644 deps/openssl/openssl/test/recipes/10-test_bn_data/bnshift.txt create mode 100644 deps/openssl/openssl/test/recipes/10-test_bn_data/bnsum.txt create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam.t create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/invalid/c2pnb208w1-reducible.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/invalid/nistp256-nonprime.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/invalid/nistp256-offcurve.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/invalid/nistp256-wrongorder.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb163v1-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb163v1-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb163v2-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb163v2-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb163v3-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb163v3-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb176v1-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb176v1-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb208w1-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb208w1-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb272w1-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb272w1-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb304w1-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb304w1-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb368w1-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb368w1-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb191v1-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb191v1-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb191v2-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb191v2-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb191v3-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb191v3-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb239v1-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb239v1-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb239v2-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb239v2-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb239v3-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb239v3-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb359v1-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb359v1-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb431r1-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb431r1-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime192v1-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime192v1-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime192v2-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime192v2-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime192v3-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime192v3-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime239v1-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime239v1-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime239v2-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime239v2-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime239v3-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime239v3-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime256v1-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime256v1-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp112r1-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp112r1-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp112r2-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp112r2-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp128r1-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp128r1-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp128r2-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp128r2-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp160k1-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp160k1-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp160r1-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp160r1-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp160r2-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp160r2-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp192k1-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp192k1-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp224k1-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp224k1-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp224r1-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp224r1-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp256k1-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp256k1-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp384r1-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp384r1-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp521r1-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp521r1-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect113r1-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect113r1-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect113r2-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect113r2-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect131r1-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect131r1-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect131r2-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect131r2-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect163k1-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect163k1-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect163r1-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect163r1-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect163r2-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect163r2-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect193r1-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect193r1-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect193r2-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect193r2-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect233k1-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect233k1-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect233r1-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect233r1-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect239k1-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect239k1-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect283k1-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect283k1-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect283r1-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect283r1-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect409k1-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect409k1-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect409r1-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect409r1-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect571k1-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect571k1-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect571r1-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect571r1-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls1-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls1-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls10-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls10-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls11-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls11-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls12-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls12-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls3-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls3-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls4-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls4-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls5-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls5-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls6-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls6-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls7-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls7-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls8-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls8-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls9-explicit.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls9-named.pem create mode 100644 deps/openssl/openssl/test/recipes/15-test_mp_rsa.t create mode 100644 deps/openssl/openssl/test/recipes/15-test_mp_rsa_data/plain_text create mode 100644 deps/openssl/openssl/test/recipes/15-test_out_option.t create mode 100644 deps/openssl/openssl/test/recipes/20-test_enc_more.t rename deps/openssl/openssl/test/recipes/{05-test_rmd.t => 30-test_pkey_meth.t} (88%) create mode 100644 deps/openssl/openssl/test/recipes/30-test_pkey_meth_kdf.t create mode 100644 deps/openssl/openssl/test/recipes/60-test_x509_check_cert_pkey.t create mode 100644 deps/openssl/openssl/test/recipes/70-test_comp.t create mode 100644 deps/openssl/openssl/test/recipes/70-test_key_share.t create mode 100644 deps/openssl/openssl/test/recipes/70-test_recordlen.t create mode 100644 deps/openssl/openssl/test/recipes/70-test_renegotiation.t create mode 100644 deps/openssl/openssl/test/recipes/70-test_servername.t create mode 100644 deps/openssl/openssl/test/recipes/70-test_sslsigalgs.t create mode 100644 deps/openssl/openssl/test/recipes/70-test_sslsignature.t create mode 100644 deps/openssl/openssl/test/recipes/70-test_sslversions.t create mode 100644 deps/openssl/openssl/test/recipes/70-test_tls13alerts.t create mode 100644 deps/openssl/openssl/test/recipes/70-test_tls13cookie.t create mode 100644 deps/openssl/openssl/test/recipes/70-test_tls13downgrade.t create mode 100644 deps/openssl/openssl/test/recipes/70-test_tls13hrr.t create mode 100644 deps/openssl/openssl/test/recipes/70-test_tls13kexmodes.t create mode 100644 deps/openssl/openssl/test/recipes/70-test_tls13messages.t create mode 100644 deps/openssl/openssl/test/recipes/70-test_tls13psk.t create mode 100644 deps/openssl/openssl/test/recipes/70-test_wpacket.t create mode 100644 deps/openssl/openssl/test/recipes/80-test_cipherbytes.t create mode 100644 deps/openssl/openssl/test/recipes/80-test_ciphername.t create mode 100644 deps/openssl/openssl/test/recipes/80-test_cmsapi.t create mode 100644 deps/openssl/openssl/test/recipes/80-test_dtls_mtu.t rename deps/openssl/openssl/test/recipes/{05-test_md5.t => 90-test_asn1_time.t} (73%) create mode 100644 deps/openssl/openssl/test/recipes/90-test_gost.t create mode 100644 deps/openssl/openssl/test/recipes/90-test_gost_data/gost.conf create mode 100644 deps/openssl/openssl/test/recipes/90-test_gost_data/server-cert2001.pem create mode 100644 deps/openssl/openssl/test/recipes/90-test_gost_data/server-cert2012.pem create mode 100644 deps/openssl/openssl/test/recipes/90-test_gost_data/server-key2001.pem create mode 100644 deps/openssl/openssl/test/recipes/90-test_gost_data/server-key2012.pem delete mode 100644 deps/openssl/openssl/test/recipes/90-test_heartbeat.t create mode 100644 deps/openssl/openssl/test/recipes/90-test_includes.t create mode 100644 deps/openssl/openssl/test/recipes/90-test_includes_data/conf-includes/includes1.cnf create mode 100644 deps/openssl/openssl/test/recipes/90-test_includes_data/conf-includes/includes2.cnf create mode 100644 deps/openssl/openssl/test/recipes/90-test_includes_data/includes-broken.cnf create mode 100644 deps/openssl/openssl/test/recipes/90-test_includes_data/includes-file.cnf create mode 100644 deps/openssl/openssl/test/recipes/90-test_includes_data/includes.cnf create mode 100644 deps/openssl/openssl/test/recipes/90-test_includes_data/vms-includes-file.cnf create mode 100644 deps/openssl/openssl/test/recipes/90-test_includes_data/vms-includes.cnf create mode 100644 deps/openssl/openssl/test/recipes/90-test_overhead.t delete mode 100644 deps/openssl/openssl/test/recipes/90-test_p5_crpt2.t create mode 100644 deps/openssl/openssl/test/recipes/90-test_sslapi_data/passwd.txt create mode 100644 deps/openssl/openssl/test/recipes/90-test_sslbuffers.t create mode 100644 deps/openssl/openssl/test/recipes/90-test_store.t create mode 100644 deps/openssl/openssl/test/recipes/90-test_store_data/ca.cnf create mode 100644 deps/openssl/openssl/test/recipes/90-test_store_data/user.cnf create mode 100644 deps/openssl/openssl/test/recipes/90-test_sysdefault.t create mode 100644 deps/openssl/openssl/test/recipes/90-test_time_offset.t create mode 100644 deps/openssl/openssl/test/recipes/90-test_tls13ccs.t create mode 100644 deps/openssl/openssl/test/recipes/90-test_tls13encryption.t create mode 100644 deps/openssl/openssl/test/recipes/90-test_tls13secrets.t create mode 100644 deps/openssl/openssl/test/recipes/95-test_external_boringssl.t create mode 100644 deps/openssl/openssl/test/recipes/95-test_external_krb5.t create mode 100755 deps/openssl/openssl/test/recipes/95-test_external_krb5_data/krb5.sh create mode 100644 deps/openssl/openssl/test/recipes/95-test_external_pyca.t create mode 100755 deps/openssl/openssl/test/recipes/95-test_external_pyca_data/cryptography.sh create mode 100644 deps/openssl/openssl/test/recipes/99-test_ecstress.t rename deps/openssl/openssl/test/recipes/{90-test_fuzz.t => 99-test_fuzz.t} (87%) delete mode 100644 deps/openssl/openssl/test/recipes/bc.pl create mode 100644 deps/openssl/openssl/test/recipes/ocsp-response.der delete mode 100644 deps/openssl/openssl/test/rmdtest.c create mode 100644 deps/openssl/openssl/test/serverinfo2.pem create mode 100644 deps/openssl/openssl/test/session.pem delete mode 100644 deps/openssl/openssl/test/sha1test.c delete mode 100644 deps/openssl/openssl/test/sha256t.c delete mode 100644 deps/openssl/openssl/test/sha512t.c create mode 100644 deps/openssl/openssl/test/ssl-tests/20-cert-select.conf create mode 100644 deps/openssl/openssl/test/ssl-tests/20-cert-select.conf.in create mode 100644 deps/openssl/openssl/test/ssl-tests/21-key-update.conf create mode 100644 deps/openssl/openssl/test/ssl-tests/21-key-update.conf.in create mode 100644 deps/openssl/openssl/test/ssl-tests/22-compression.conf create mode 100644 deps/openssl/openssl/test/ssl-tests/22-compression.conf.in create mode 100644 deps/openssl/openssl/test/ssl-tests/23-srp.conf create mode 100644 deps/openssl/openssl/test/ssl-tests/23-srp.conf.in create mode 100644 deps/openssl/openssl/test/ssl-tests/24-padding.conf create mode 100644 deps/openssl/openssl/test/ssl-tests/24-padding.conf.in create mode 100644 deps/openssl/openssl/test/ssl-tests/25-cipher.conf create mode 100644 deps/openssl/openssl/test/ssl-tests/25-cipher.conf.in create mode 100644 deps/openssl/openssl/test/ssl-tests/26-tls13_client_auth.conf create mode 100644 deps/openssl/openssl/test/ssl-tests/26-tls13_client_auth.conf.in create mode 100644 deps/openssl/openssl/test/ssl-tests/27-ticket-appdata.conf create mode 100644 deps/openssl/openssl/test/ssl-tests/27-ticket-appdata.conf.in create mode 100644 deps/openssl/openssl/test/ssl-tests/28-seclevel.conf create mode 100644 deps/openssl/openssl/test/ssl-tests/28-seclevel.conf.in create mode 100644 deps/openssl/openssl/test/sysdefault.cnf delete mode 100644 deps/openssl/openssl/test/testutil.c create mode 100644 deps/openssl/openssl/test/testutil/basic_output.c create mode 100644 deps/openssl/openssl/test/testutil/cb.c create mode 100644 deps/openssl/openssl/test/testutil/driver.c create mode 100644 deps/openssl/openssl/test/testutil/format_output.c create mode 100644 deps/openssl/openssl/test/testutil/init.c create mode 100644 deps/openssl/openssl/test/testutil/main.c create mode 100644 deps/openssl/openssl/test/testutil/output.h create mode 100644 deps/openssl/openssl/test/testutil/output_helpers.c create mode 100644 deps/openssl/openssl/test/testutil/stanza.c create mode 100644 deps/openssl/openssl/test/testutil/tap_bio.c create mode 100644 deps/openssl/openssl/test/testutil/test_cleanup.c create mode 100644 deps/openssl/openssl/test/testutil/tests.c create mode 100644 deps/openssl/openssl/test/testutil/tu_local.h delete mode 100644 deps/openssl/openssl/test/wp_test.c create mode 100644 deps/openssl/openssl/util/add-depends.pl create mode 100755 deps/openssl/openssl/util/check-malloc-errs delete mode 100755 deps/openssl/openssl/util/find-undoc-api.pl delete mode 100644 deps/openssl/openssl/util/fipslink.pl delete mode 100755 deps/openssl/openssl/util/incore delete mode 100755 deps/openssl/openssl/util/mkcerts.sh mode change 100644 => 100755 deps/openssl/openssl/util/mkerr.pl create mode 100755 deps/openssl/openssl/util/openssl-update-copyright create mode 100644 deps/openssl/openssl/util/perl/TLSProxy/Alert.pm create mode 100644 deps/openssl/openssl/util/perl/TLSProxy/Certificate.pm create mode 100644 deps/openssl/openssl/util/perl/TLSProxy/CertificateVerify.pm create mode 100644 deps/openssl/openssl/util/perl/TLSProxy/EncryptedExtensions.pm create mode 100644 deps/openssl/openssl/util/perl/checkhandshake.pm delete mode 100755 deps/openssl/openssl/util/point.sh create mode 100644 deps/openssl/openssl/util/private.num delete mode 100644 deps/openssl/openssl/util/selftest.pl diff --git a/deps/openssl/openssl/.github/PULL_REQUEST_TEMPLATE.md b/deps/openssl/openssl/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 00000000000000..7b384b1149c0d3 --- /dev/null +++ b/deps/openssl/openssl/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,14 @@ + + +##### Checklist + +- [ ] documentation is added or updated +- [ ] tests are added or updated diff --git a/deps/openssl/openssl/.gitignore b/deps/openssl/openssl/.gitignore new file mode 100644 index 00000000000000..1b0f25cc81b25b --- /dev/null +++ b/deps/openssl/openssl/.gitignore @@ -0,0 +1,185 @@ +# Ignore editor artefacts +/.dir-locals.el + +# Top level excludes +/Makefile.orig +/MINFO +/TABLE +/*.pc +/rehash.time +/inc.* +/makefile.* +/out.* +/tmp.* +/configdata.pm + +# *all* Makefiles +Makefile +# ... except in demos +!/demos/*/Makefile + +# Links under apps +/apps/CA.pl +/apps/tsget +/apps/tsget.pl +/apps/md4.c + +# Auto generated headers +/crypto/buildinf.h +/apps/progs.h +/crypto/include/internal/*_conf.h +/openssl/include/opensslconf.h +/util/domd + +# error code files +/crypto/err/openssl.txt.old +/engines/e_afalg.txt.old +/engines/e_capi.txt.old +/engines/e_dasync.txt.old +/engines/e_ossltest.txt.old + +# Executables +/apps/openssl +/test/sha256t +/test/sha512t +/test/gost2814789t +/test/ssltest_old +/test/*test +/test/fips_aesavs +/test/fips_desmovs +/test/fips_dhvs +/test/fips_drbgvs +/test/fips_dssvs +/test/fips_ecdhvs +/test/fips_ecdsavs +/test/fips_rngvs +/test/fips_test_suite +/test/ssltest_old +/test/x509aux +/test/v3ext +/test/versions +/test/ossl_shim/ossl_shim +/test/rsa_complex + +# Certain files that get created by tests on the fly +/test/test-runs +/test/buildtest_* + +# Fuzz stuff. +# Anything without an extension is an executable on Unix, so we keep files +# with extensions. And we keep the corpora subddir versioned as well. +# Anything more generic with extensions that should be ignored will be taken +# care of by general ignores for those extensions (*.o, *.obj, *.exe, ...) +/fuzz/* +!/fuzz/README* +!/fuzz/corpora +!/fuzz/*.* + +# Misc auto generated files +/include/openssl/opensslconf.h +/tools/c_rehash +/tools/c_rehash.pl +/util/shlib_wrap.sh +/tags +/TAGS +/libcrypto.map +/libssl.map + +# Windows (legacy) +/tmp32 +/tmp32.dbg +/tmp32dll +/tmp32dll.dbg +/out32 +/out32.dbg +/out32dll +/out32dll.dbg +/inc32 +/MINFO +/ms/.rnd +/ms/bcb.mak +/ms/libeay32.def +/ms/nt.mak +/ms/ntdll.mak +/ms/ssleay32.def +/ms/version32.rc + +# Files created on other branches that are not held in git, and are not +# needed on this branch +/include/openssl/asn1_mac.h +/include/openssl/des_old.h +/include/openssl/fips.h +/include/openssl/fips_rand.h +/include/openssl/krb5_asn.h +/include/openssl/kssl.h +/include/openssl/pq_compat.h +/include/openssl/ssl23.h +/include/openssl/tmdiff.h +/include/openssl/ui_compat.h +/test/fips_aesavs.c +/test/fips_desmovs.c +/test/fips_dsatest.c +/test/fips_dssvs.c +/test/fips_hmactest.c +/test/fips_randtest.c +/test/fips_rngvs.c +/test/fips_rsagtest.c +/test/fips_rsastest.c +/test/fips_rsavtest.c +/test/fips_shatest.c +/test/fips_test_suite.c +/test/shatest.c + +##### Generic patterns +# Auto generated assembly language source files +*.s +!/crypto/*/asm/*.s +/crypto/arm*.S +/crypto/*/*.S +*.asm +!/crypto/*/asm/*.asm + +# Object files +*.o +*.obj + +# editor artefacts +*.swp +.#* +\#*# +*~ + +# Certificate symbolic links +*.0 + +# All kinds of libraries and executables +*.a +*.so +*.so.* +*.dylib +*.dylib.* +*.dll +*.dll.* +*.exe +*.pyc +*.exp +*.lib +*.pdb +*.ilk +*.def +*.rc +*.res + +# Misc generated stuff +Makefile.save +/crypto/**/lib +/engines/**/lib +/ssl/**/lib +*.bak +cscope.* +*.d +pod2htmd.tmp + +# Windows manifest files +*.manifest +doc-nits diff --git a/deps/openssl/openssl/.gitmodules b/deps/openssl/openssl/.gitmodules new file mode 100644 index 00000000000000..af32ea618cf722 --- /dev/null +++ b/deps/openssl/openssl/.gitmodules @@ -0,0 +1,11 @@ +[submodule "boringssl"] + path = boringssl + url = https://boringssl.googlesource.com/boringssl + +[submodule "pyca.cryptography"] + path = pyca-cryptography + url = /~https://github.com/pyca/cryptography.git + +[submodule "krb5"] + path = krb5 + url = /~https://github.com/krb5/krb5 diff --git a/deps/openssl/openssl/.travis-create-release.sh b/deps/openssl/openssl/.travis-create-release.sh index 311cedd69c098b..b39a00137ac578 100644 --- a/deps/openssl/openssl/.travis-create-release.sh +++ b/deps/openssl/openssl/.travis-create-release.sh @@ -5,7 +5,7 @@ ./Configure dist if [ "$1" == osx ]; then make NAME='_srcdist' TARFILE='_srcdist.tar' \ - TAR_COMMAND='$(TAR) $(TARFLAGS) -cvf -' tar + TAR_COMMAND='$(TAR) $(TARFLAGS) -cf -' tar else make TARFILE='_srcdist.tar' NAME='_srcdist' dist fi diff --git a/deps/openssl/openssl/.travis.yml b/deps/openssl/openssl/.travis.yml index 1c1db2b73dad73..764da2885e546f 100644 --- a/deps/openssl/openssl/.travis.yml +++ b/deps/openssl/openssl/.travis.yml @@ -1,21 +1,25 @@ dist: trusty sudo: required +osx_image: xcode9.3 + language: c cache: ccache +git: + submodules: false + quiet: true before_install: - if [ -n "$COVERALLS" ]; then pip install --user cpp-coveralls; fi; - -addons: - apt: - packages: - - ccache + - if expr "$CONFIG_OPTS" ":" ".*enable-external-tests" > /dev/null; then + git submodule update --init --recursive; + fi; os: - linux + - osx compiler: - clang @@ -23,45 +27,28 @@ compiler: env: - CONFIG_OPTS="" DESTDIR="_install" - - CONFIG_OPTS="--debug no-shared enable-crypto-mdebug enable-rc5 enable-md2" - - CONFIG_OPTS="no-pic --strict-warnings" BUILDONLY="yes" - - CONFIG_OPTS="no-engine no-shared --strict-warnings" BUILDONLY="yes" - - CONFIG_OPTS="no-stdio --strict-warnings" BUILDONLY="yes" - - CONFIG_OPTS="no-ec" BUILDONLY="yes" - - CONFIG_OPTS="no-asm --strict-warnings" BUILDONLY="yes" CHECKDOCS="yes" + - CONFIG_OPTS="no-asm -Werror --debug no-afalgeng no-shared enable-crypto-mdebug enable-rc5 enable-md2" + - CONFIG_OPTS="no-asm no-makedepend --strict-warnings -std=c89 -D_DEFAULT_SOURCE" BUILDONLY="yes" CHECKDOCS="yes" GENERATE="yes" matrix: include: - - os: linux - compiler: clang-3.9 - env: CONFIG_OPTS="--strict-warnings no-deprecated" BUILDONLY="yes" - - os: linux - compiler: gcc - env: CONFIG_OPTS="--debug --coverage no-asm enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers" COVERALLS="yes" - - os: linux - compiler: clang-3.9 - env: CONFIG_OPTS="enable-asan" - - os: linux - compiler: clang-3.9 - env: CONFIG_OPTS="enable-msan" - - os: linux - compiler: clang-3.9 - env: CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method -fno-sanitize=alignment" - - os: linux - compiler: clang-3.9 - env: CONFIG_OPTS="no-asm enable-asan enable-rc5 enable-md2" - - os: linux - compiler: clang-3.9 - env: CONFIG_OPTS="no-stdio" + - os: linux-ppc64le + sudo: false + compiler: clang + env: CONFIG_OPTS="--strict-warnings -D__NO_STRING_INLINES" - os: linux addons: apt: packages: - gcc-5 + - g++-5 sources: - ubuntu-toolchain-r-test compiler: gcc-5 - env: UBUNTU_GCC_HACK="yes" CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 -DPEDANTIC" + env: CONFIG_OPTS="--strict-warnings" COMMENT="Move to the BORINGTEST build when interoperable" + - os: linux + compiler: clang + env: CONFIG_OPTS="--strict-warnings -D__NO_STRING_INLINES no-deprecated" BUILDONLY="yes" - os: linux addons: apt: @@ -69,23 +56,62 @@ matrix: - binutils-mingw-w64 - gcc-mingw-w64 compiler: i686-w64-mingw32-gcc - env: CONFIG_OPTS="no-pic" + env: CONFIG_OPTS="no-stdio" BUILDONLY="yes" + # Uncomment if there is reason to believe that PPC-specific problem + # can be diagnosed with this possibly >30 mins sanitizer build... + #- os: linux-ppc64le + # sudo: false + # compiler: gcc + # env: EXTENDED_TEST="yes" CONFIG_OPTS="no-asm enable-asan enable-ubsan no-shared -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -D__NO_STRING_INLINES" - os: linux addons: apt: packages: - - binutils-mingw-w64 - - gcc-mingw-w64 - compiler: i686-w64-mingw32-gcc - env: CONFIG_OPTS="no-stdio" BUILDONLY="yes" + - gcc-5 + - g++-5 + - golang-1.6 + sources: + - ubuntu-toolchain-r-test + compiler: gcc-5 + env: EXTENDED_TEST="yes" CONFIG_OPTS="--debug --coverage no-asm enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-ssl3 enable-ssl3-method enable-nextprotoneg enable-weak-ssl-ciphers no-shared -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" COVERALLS="yes" BORINGSSL_TESTS="yes" CXX="g++-5" + - os: linux + addons: + apt: + packages: + - gcc-5 + - g++-5 + - golang-1.6 + sources: + - ubuntu-toolchain-r-test + compiler: gcc-5 + env: EXTENDED_TEST="yes" CONFIG_OPTS="--debug enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-external-tests" BORINGSSL_TESTS="yes" CXX="g++-5" TESTS=95 + - os: linux + compiler: clang + env: EXTENDED_TEST="yes" CONFIG_OPTS="enable-msan -D__NO_STRING_INLINES -Wno-unused-command-line-argument" + - os: linux + compiler: clang + env: EXTENDED_TEST="yes" CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg no-shared -fno-sanitize=alignment -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -D__NO_STRING_INLINES -Wno-unused-command-line-argument" + - os: linux + compiler: clang + env: EXTENDED_TEST="yes" CONFIG_OPTS="no-asm enable-asan enable-rc5 enable-md2 no-shared -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -D__NO_STRING_INLINES -Wno-unused-command-line-argument" + - os: linux + addons: + apt: + packages: + - gcc-5 + - g++-5 + sources: + - ubuntu-toolchain-r-test + compiler: gcc-5 + env: UBUNTU_GCC_HACK="yes" EXTENDED_TEST="yes" CONFIG_OPTS="--debug no-asm enable-ubsan enable-rc5 enable-md2 -DPEDANTIC" OPENSSL_TEST_RAND_ORDER=0 - os: linux addons: apt: packages: - binutils-mingw-w64 - gcc-mingw-w64 - compiler: x86_64-w64-mingw32-gcc - env: CONFIG_OPTS="no-pic" + compiler: i686-w64-mingw32-gcc + env: EXTENDED_TEST="yes" CONFIG_OPTS="no-pic" - os: linux addons: apt: @@ -93,7 +119,7 @@ matrix: - binutils-mingw-w64 - gcc-mingw-w64 compiler: x86_64-w64-mingw32-gcc - env: CONFIG_OPTS="no-stdio" BUILDONLY="yes" + env: EXTENDED_TEST="yes" CONFIG_OPTS="no-pic" exclude: - os: linux compiler: clang @@ -101,9 +127,13 @@ matrix: compiler: gcc before_script: + - env + - if [ "$TRAVIS_PULL_REQUEST" != "false" -a -n "$EXTENDED_TEST" ]; then + (git log -1 $TRAVIS_COMMIT_RANGE | grep '\[extended tests\]' > /dev/null) || exit 0; + fi - if [ -n "$DESTDIR" ]; then sh .travis-create-release.sh $TRAVIS_OS_NAME; - tar -xvzf _srcdist.tar.gz; + tar -xzf _srcdist.tar.gz; mkdir _build; cd _build; srcdir=../_srcdist; @@ -116,14 +146,14 @@ before_script: $CC -dumpspecs | sed "s/--push-state//g; s/--pop-state/--as-needed/g" > gcc-specs.txt; CC="$CC -specs=gcc-specs.txt"; fi - - if [ "$CC" == i686-w64-mingw32-gcc ]; then + - if [ "$CC" = i686-w64-mingw32-gcc ]; then export CROSS_COMPILE=${CC%%gcc}; unset CC; $srcdir/Configure mingw $CONFIG_OPTS -Wno-pedantic-ms-format; - elif [ "$CC" == x86_64-w64-mingw32-gcc ]; then + elif [ "$CC" = x86_64-w64-mingw32-gcc ]; then export CROSS_COMPILE=${CC%%gcc}; unset CC; $srcdir/Configure mingw64 $CONFIG_OPTS -Wno-pedantic-ms-format; else - if [ "$CC" == clang-3.9 ]; then + if [ "$CC" = clang-3.9 ]; then sudo cp .travis-apt-pin.preferences /etc/apt/preferences.d/no-ubuntu-clang; curl -sSL "http://apt.llvm.org/llvm-snapshot.gpg.key" | sudo -E apt-key add -; echo "deb http://apt.llvm.org/trusty/ llvm-toolchain-trusty-3.9 main" | sudo tee -a /etc/apt/sources.list > /dev/null; @@ -135,14 +165,7 @@ before_script: fi; $srcdir/config -v $CONFIG_OPTS; fi - - if [ -z "$BUILDONLY" ]; then - if [ -n "$CROSS_COMPILE" ]; then - if [ "$TRAVIS_OS_NAME" == "linux" ]; then - sudo dpkg --add-architecture i386; - sudo apt-get update; - fi; - fi; - fi + - ./configdata.pm --dump - cd $top script: @@ -151,18 +174,21 @@ script: else make="make"; fi + - if [ -n "$GENERATE" ]; then + make2="$make PERL=no-perl"; + else + make2="$make"; + fi + - top=${PWD} - if [ -n "$DESTDIR" ]; then cd _build; - top=..; - else - top=.; fi - if $make update; then echo -e '+\057 MAKE UPDATE OK'; else echo -e '+\057 MAKE UPDATE FAILED'; false; - fi; - git diff --exit-code + fi + - git diff --exit-code - if [ -n "$CHECKDOCS" ]; then if $make doc-nits; then echo -e '+\057\057 MAKE DOC-NITS OK'; @@ -170,37 +196,57 @@ script: echo -e '+\057\057 MAKE DOC-NITS FAILED'; false; fi; fi - - if $make ; then - echo -e '+\057\057\057 MAKE OK'; + - if [ -n "$GENERATE" ]; then + if $make build_all_generated; then + echo -e '+\057\057\057 MAKE BUILD_ALL_GENERATED OK'; + else + echo -e '+\057\057\057 MAKE BUILD_ALL_GENERATED FAILED'; false; + fi; + fi + - if $make2; then + echo -e '+\057\057\057\057 MAKE OK'; else - echo -e '+\057\057\057 MAKE FAILED'; false; + echo -e '+\057\057\057\057 MAKE FAILED'; false; fi; - if [ -z "$BUILDONLY" ]; then if [ -n "$CROSS_COMPILE" ]; then - sudo apt-get -yq install wine; + sudo dpkg --add-architecture i386; + sudo apt-get update; + sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install wine; export EXE_SHELL="wine" WINEPREFIX=`pwd`; fi; - HARNESS_VERBOSE=yes make test; + if [ -e krb5/src ]; then + sudo apt-get -yq install bison dejagnu gettext keyutils ldap-utils libldap2-dev libkeyutils-dev python-cjson python-paste python-pyrad slapd tcl-dev tcsh; + fi; + if HARNESS_VERBOSE=yes BORING_RUNNER_DIR=$top/boringssl/ssl/test/runner make test; then + echo -e '+\057\057\057\057\057 MAKE TEST OK'; + else + echo -e '+\057\057\057\057\057 MAKE TEST FAILED'; false; + fi; else - if $make build_tests; then - echo -e '+\057\057\075 MAKE BUILD_TESTS OK'; + if $make build_tests >~/build.log 2>&1; then + echo -e '+\057\057\057\057\057\057 MAKE BUILD_TESTS OK'; else - echo -e '+\057\057\075 MAKE BUILD_TESTS FAILEd'; false; + echo -e '+\057\057\057\057\057\057 MAKE BUILD_TESTS FAILED'; + cat ~/build.log + false; fi; fi - if [ -n "$DESTDIR" ]; then - mkdir "../$DESTDIR"; - if $make install DESTDIR="../$DESTDIR"; then - echo -e '+\057\057\057\057\057 MAKE INSTALL_DOCS OK'; + mkdir "$top/$DESTDIR"; + if $make install DESTDIR="$top/$DESTDIR" >~/install.log 2>&1 ; then + echo -e '+\057\057\057\057\057\057\057 MAKE INSTALL OK'; else - echo -e '+\057\057\057\057\057 MAKE INSTALL_DOCS FAILED'; false; + echo -e '+\057\057\057\057\057\057\057 MAKE INSTALL FAILED'; + cat ~/install.log; + false; fi; fi - cd $top after_success: - if [ -n "$COVERALLS" ]; then - coveralls -b . --gcov-options '\-lp'; + coveralls -b . --gcov gcov-5 --gcov-options '\-lpbc'; fi; notifications: diff --git a/deps/openssl/openssl/AUTHORS b/deps/openssl/openssl/AUTHORS index 48211a27461835..ac93b2e7b975c2 100644 --- a/deps/openssl/openssl/AUTHORS +++ b/deps/openssl/openssl/AUTHORS @@ -1,21 +1,35 @@ - Andy Polyakov - Ben Laurie - Bodo M�ller - Emilia K�sper - Eric Young - Geoff Thorpe - Holger Reif - Kurt Roeckx - Lutz J�nicke - Mark J. Cox - Matt Caswell - Nils Larsch - Paul C. Sutton - Ralf S. Engelschall - Rich Salz - Richard Levitte - Stephen Henson - Steve Marquess - Tim Hudson - Ulf M�ller - Viktor Dukhovni +# This is the list of OpenSSL authors for copyright purposes. +# +# This does not necessarily list everyone who has contributed code, since in +# some cases, their employer may be the copyright holder. To see the full list +# of contributors, see the revision history in source control. +OpenSSL Software Services, Inc. +OpenSSL Software Foundation, Inc. + +# Individuals +Andy Polyakov +Ben Laurie +Ben Kaduk +Bernd Edlinger +Bodo Möller +David Benjamin +Emilia Käsper +Eric Young +Geoff Thorpe +Holger Reif +Kurt Roeckx +Lutz Jänicke +Mark J. Cox +Matt Caswell +Matthias St. Pierre +Nils Larsch +Paul Dale +Paul C. Sutton +Ralf S. Engelschall +Rich Salz +Richard Levitte +Stephen Henson +Steve Marquess +Tim Hudson +Ulf Möller +Viktor Dukhovni diff --git a/deps/openssl/openssl/CHANGES b/deps/openssl/openssl/CHANGES index cf76704d15cd7a..4b68f4832909b8 100644 --- a/deps/openssl/openssl/CHANGES +++ b/deps/openssl/openssl/CHANGES @@ -7,7 +7,7 @@ /~https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. - Changes between 1.1.0i and 1.1.0j [20 Nov 2018] + Changes between 1.1.1 and 1.1.1a [20 Nov 2018] *) Timing vulnerability in DSA signature generation @@ -29,12 +29,479 @@ (CVE-2018-0735) [Paul Dale] + *) Added EVP_PKEY_ECDH_KDF_X9_63 and ecdh_KDF_X9_63() as replacements for + the EVP_PKEY_ECDH_KDF_X9_62 KDF type and ECDH_KDF_X9_62(). The old names + are retained for backwards compatibility. + [Antoine Salon] + + *) Fixed the issue that RAND_add()/RAND_seed() silently discards random input + if its length exceeds 4096 bytes. The limit has been raised to a buffer size + of two gigabytes and the error handling improved. + + This issue was reported to OpenSSL by Dr. Falko Strenzke. It has been + categorized as a normal bug, not a security issue, because the DRBG reseeds + automatically and is fully functional even without additional randomness + provided by the application. + + Changes between 1.1.0i and 1.1.1 [11 Sep 2018] + + *) Add a new ClientHello callback. Provides a callback interface that gives + the application the ability to adjust the nascent SSL object at the + earliest stage of ClientHello processing, immediately after extensions have + been collected but before they have been processed. In particular, this + callback can adjust the supported TLS versions in response to the contents + of the ClientHello + [Benjamin Kaduk] + + *) Add SM2 base algorithm support. + [Jack Lloyd] + + *) s390x assembly pack: add (improved) hardware-support for the following + cryptographic primitives: sha3, shake, aes-gcm, aes-ccm, aes-ctr, aes-ofb, + aes-cfb/cfb8, aes-ecb. + [Patrick Steuer] + + *) Make EVP_PKEY_asn1_new() a bit stricter about its input. A NULL pem_str + parameter is no longer accepted, as it leads to a corrupt table. NULL + pem_str is reserved for alias entries only. + [Richard Levitte] + + *) Use the new ec_scalar_mul_ladder scaffold to implement a specialized ladder + step for prime curves. The new implementation is based on formulae from + differential addition-and-doubling in homogeneous projective coordinates + from Izu-Takagi "A fast parallel elliptic curve multiplication resistant + against side channel attacks" and Brier-Joye "Weierstrass Elliptic Curves + and Side-Channel Attacks" Eq. (8) for y-coordinate recovery, modified + to work in projective coordinates. + [Billy Bob Brumley, Nicola Tuveri] + + *) Change generating and checking of primes so that the error rate of not + being prime depends on the intended use based on the size of the input. + For larger primes this will result in more rounds of Miller-Rabin. + The maximal error rate for primes with more than 1080 bits is lowered + to 2^-128. + [Kurt Roeckx, Annie Yousar] + + *) Increase the number of Miller-Rabin rounds for DSA key generating to 64. + [Kurt Roeckx] + + *) The 'tsget' script is renamed to 'tsget.pl', to avoid confusion when + moving between systems, and to avoid confusion when a Windows build is + done with mingw vs with MSVC. For POSIX installs, there's still a + symlink or copy named 'tsget' to avoid that confusion as well. + [Richard Levitte] + + *) Revert blinding in ECDSA sign and instead make problematic addition + length-invariant. Switch even to fixed-length Montgomery multiplication. + [Andy Polyakov] + + *) Use the new ec_scalar_mul_ladder scaffold to implement a specialized ladder + step for binary curves. The new implementation is based on formulae from + differential addition-and-doubling in mixed Lopez-Dahab projective + coordinates, modified to independently blind the operands. + [Billy Bob Brumley, Sohaib ul Hassan, Nicola Tuveri] + + *) Add a scaffold to optionally enhance the Montgomery ladder implementation + for `ec_scalar_mul_ladder` (formerly `ec_mul_consttime`) allowing + EC_METHODs to implement their own specialized "ladder step", to take + advantage of more favorable coordinate systems or more efficient + differential addition-and-doubling algorithms. + [Billy Bob Brumley, Sohaib ul Hassan, Nicola Tuveri] + + *) Modified the random device based seed sources to keep the relevant + file descriptors open rather than reopening them on each access. + This allows such sources to operate in a chroot() jail without + the associated device nodes being available. This behaviour can be + controlled using RAND_keep_random_devices_open(). + [Paul Dale] + + *) Numerous side-channel attack mitigations have been applied. This may have + performance impacts for some algorithms for the benefit of improved + security. Specific changes are noted in this change log by their respective + authors. + [Matt Caswell] + + *) AIX shared library support overhaul. Switch to AIX "natural" way of + handling shared libraries, which means collecting shared objects of + different versions and bitnesses in one common archive. This allows to + mitigate conflict between 1.0 and 1.1 side-by-side installations. It + doesn't affect the way 3rd party applications are linked, only how + multi-version installation is managed. + [Andy Polyakov] + + *) Make ec_group_do_inverse_ord() more robust and available to other + EC cryptosystems, so that irrespective of BN_FLG_CONSTTIME, SCA + mitigations are applied to the fallback BN_mod_inverse(). + When using this function rather than BN_mod_inverse() directly, new + EC cryptosystem implementations are then safer-by-default. + [Billy Bob Brumley] + *) Add coordinate blinding for EC_POINT and implement projective coordinate blinding for generic prime curves as a countermeasure to chosen point SCA attacks. [Sohaib ul Hassan, Nicola Tuveri, Billy Bob Brumley] - Changes between 1.1.0h and 1.1.0i [14 Aug 2018] + *) Add blinding to ECDSA and DSA signatures to protect against side channel + attacks discovered by Keegan Ryan (NCC Group). + [Matt Caswell] + + *) Enforce checking in the pkeyutl command line app to ensure that the input + length does not exceed the maximum supported digest length when performing + a sign, verify or verifyrecover operation. + [Matt Caswell] + + *) SSL_MODE_AUTO_RETRY is enabled by default. Applications that use blocking + I/O in combination with something like select() or poll() will hang. This + can be turned off again using SSL_CTX_clear_mode(). + Many applications do not properly handle non-application data records, and + TLS 1.3 sends more of such records. Setting SSL_MODE_AUTO_RETRY works + around the problems in those applications, but can also break some. + It's recommended to read the manpages about SSL_read(), SSL_write(), + SSL_get_error(), SSL_shutdown(), SSL_CTX_set_mode() and + SSL_CTX_set_read_ahead() again. + [Kurt Roeckx] + + *) When unlocking a pass phrase protected PEM file or PKCS#8 container, we + now allow empty (zero character) pass phrases. + [Richard Levitte] + + *) Apply blinding to binary field modular inversion and remove patent + pending (OPENSSL_SUN_GF2M_DIV) BN_GF2m_mod_div implementation. + [Billy Bob Brumley] + + *) Deprecate ec2_mult.c and unify scalar multiplication code paths for + binary and prime elliptic curves. + [Billy Bob Brumley] + + *) Remove ECDSA nonce padding: EC_POINT_mul is now responsible for + constant time fixed point multiplication. + [Billy Bob Brumley] + + *) Revise elliptic curve scalar multiplication with timing attack + defenses: ec_wNAF_mul redirects to a constant time implementation + when computing fixed point and variable point multiplication (which + in OpenSSL are mostly used with secret scalars in keygen, sign, + ECDH derive operations). + [Billy Bob Brumley, Nicola Tuveri, Cesar Pereida García, + Sohaib ul Hassan] + + *) Updated CONTRIBUTING + [Rich Salz] + + *) Updated DRBG / RAND to request nonce and additional low entropy + randomness from the system. + [Matthias St. Pierre] + + *) Updated 'openssl rehash' to use OpenSSL consistent default. + [Richard Levitte] + + *) Moved the load of the ssl_conf module to libcrypto, which helps + loading engines that libssl uses before libssl is initialised. + [Matt Caswell] + + *) Added EVP_PKEY_sign() and EVP_PKEY_verify() for EdDSA + [Matt Caswell] + + *) Fixed X509_NAME_ENTRY_set to get multi-valued RDNs right in all cases. + [Ingo Schwarze, Rich Salz] + + *) Added output of accepting IP address and port for 'openssl s_server' + [Richard Levitte] + + *) Added a new API for TLSv1.3 ciphersuites: + SSL_CTX_set_ciphersuites() + SSL_set_ciphersuites() + [Matt Caswell] + + *) Memory allocation failures consistenly add an error to the error + stack. + [Rich Salz] + + *) Don't use OPENSSL_ENGINES and OPENSSL_CONF environment values + in libcrypto when run as setuid/setgid. + [Bernd Edlinger] + + *) Load any config file by default when libssl is used. + [Matt Caswell] + + *) Added new public header file and documentation + for the RAND_DRBG API. See manual page RAND_DRBG(7) for an overview. + [Matthias St. Pierre] + + *) QNX support removed (cannot find contributors to get their approval + for the license change). + [Rich Salz] + + *) TLSv1.3 replay protection for early data has been implemented. See the + SSL_read_early_data() man page for further details. + [Matt Caswell] + + *) Separated TLSv1.3 ciphersuite configuration out from TLSv1.2 ciphersuite + configuration. TLSv1.3 ciphersuites are not compatible with TLSv1.2 and + below. Similarly TLSv1.2 ciphersuites are not compatible with TLSv1.3. + In order to avoid issues where legacy TLSv1.2 ciphersuite configuration + would otherwise inadvertently disable all TLSv1.3 ciphersuites the + configuration has been separated out. See the ciphers man page or the + SSL_CTX_set_ciphersuites() man page for more information. + [Matt Caswell] + + *) On POSIX (BSD, Linux, ...) systems the ocsp(1) command running + in responder mode now supports the new "-multi" option, which + spawns the specified number of child processes to handle OCSP + requests. The "-timeout" option now also limits the OCSP + responder's patience to wait to receive the full client request + on a newly accepted connection. Child processes are respawned + as needed, and the CA index file is automatically reloaded + when changed. This makes it possible to run the "ocsp" responder + as a long-running service, making the OpenSSL CA somewhat more + feature-complete. In this mode, most diagnostic messages logged + after entering the event loop are logged via syslog(3) rather than + written to stderr. + [Viktor Dukhovni] + + *) Added support for X448 and Ed448. Heavily based on original work by + Mike Hamburg. + [Matt Caswell] + + *) Extend OSSL_STORE with capabilities to search and to narrow the set of + objects loaded. This adds the functions OSSL_STORE_expect() and + OSSL_STORE_find() as well as needed tools to construct searches and + get the search data out of them. + [Richard Levitte] + + *) Support for TLSv1.3 added. Note that users upgrading from an earlier + version of OpenSSL should review their configuration settings to ensure + that they are still appropriate for TLSv1.3. For further information see: + https://wiki.openssl.org/index.php/TLS1.3 + [Matt Caswell] + + *) Grand redesign of the OpenSSL random generator + + The default RAND method now utilizes an AES-CTR DRBG according to + NIST standard SP 800-90Ar1. The new random generator is essentially + a port of the default random generator from the OpenSSL FIPS 2.0 + object module. It is a hybrid deterministic random bit generator + using an AES-CTR bit stream and which seeds and reseeds itself + automatically using trusted system entropy sources. + + Some of its new features are: + o Support for multiple DRBG instances with seed chaining. + o The default RAND method makes use of a DRBG. + o There is a public and private DRBG instance. + o The DRBG instances are fork-safe. + o Keep all global DRBG instances on the secure heap if it is enabled. + o The public and private DRBG instance are per thread for lock free + operation + [Paul Dale, Benjamin Kaduk, Kurt Roeckx, Rich Salz, Matthias St. Pierre] + + *) Changed Configure so it only says what it does and doesn't dump + so much data. Instead, ./configdata.pm should be used as a script + to display all sorts of configuration data. + [Richard Levitte] + + *) Added processing of "make variables" to Configure. + [Richard Levitte] + + *) Added SHA512/224 and SHA512/256 algorithm support. + [Paul Dale] + + *) The last traces of Netware support, first removed in 1.1.0, have + now been removed. + [Rich Salz] + + *) Get rid of Makefile.shared, and in the process, make the processing + of certain files (rc.obj, or the .def/.map/.opt files produced from + the ordinal files) more visible and hopefully easier to trace and + debug (or make silent). + [Richard Levitte] + + *) Make it possible to have environment variable assignments as + arguments to config / Configure. + [Richard Levitte] + + *) Add multi-prime RSA (RFC 8017) support. + [Paul Yang] + + *) Add SM3 implemented according to GB/T 32905-2016 + [ Jack Lloyd , + Ronald Tse , + Erick Borsboom ] + + *) Add 'Maximum Fragment Length' TLS extension negotiation and support + as documented in RFC6066. + Based on a patch from Tomasz Moń + [Filipe Raimundo da Silva] + + *) Add SM4 implemented according to GB/T 32907-2016. + [ Jack Lloyd , + Ronald Tse , + Erick Borsboom ] + + *) Reimplement -newreq-nodes and ERR_error_string_n; the + original author does not agree with the license change. + [Rich Salz] + + *) Add ARIA AEAD TLS support. + [Jon Spillett] + + *) Some macro definitions to support VS6 have been removed. Visual + Studio 6 has not worked since 1.1.0 + [Rich Salz] + + *) Add ERR_clear_last_mark(), to allow callers to clear the last mark + without clearing the errors. + [Richard Levitte] + + *) Add "atfork" functions. If building on a system that without + pthreads, see doc/man3/OPENSSL_fork_prepare.pod for application + requirements. The RAND facility now uses/requires this. + [Rich Salz] + + *) Add SHA3. + [Andy Polyakov] + + *) The UI API becomes a permanent and integral part of libcrypto, i.e. + not possible to disable entirely. However, it's still possible to + disable the console reading UI method, UI_OpenSSL() (use UI_null() + as a fallback). + + To disable, configure with 'no-ui-console'. 'no-ui' is still + possible to use as an alias. Check at compile time with the + macro OPENSSL_NO_UI_CONSOLE. The macro OPENSSL_NO_UI is still + possible to check and is an alias for OPENSSL_NO_UI_CONSOLE. + [Richard Levitte] + + *) Add a STORE module, which implements a uniform and URI based reader of + stores that can contain keys, certificates, CRLs and numerous other + objects. The main API is loosely based on a few stdio functions, + and includes OSSL_STORE_open, OSSL_STORE_load, OSSL_STORE_eof, + OSSL_STORE_error and OSSL_STORE_close. + The implementation uses backends called "loaders" to implement arbitrary + URI schemes. There is one built in "loader" for the 'file' scheme. + [Richard Levitte] + + *) Add devcrypto engine. This has been implemented against cryptodev-linux, + then adjusted to work on FreeBSD 8.4 as well. + Enable by configuring with 'enable-devcryptoeng'. This is done by default + on BSD implementations, as cryptodev.h is assumed to exist on all of them. + [Richard Levitte] + + *) Module names can prefixed with OSSL_ or OPENSSL_. This affects + util/mkerr.pl, which is adapted to allow those prefixes, leading to + error code calls like this: + + OSSL_FOOerr(OSSL_FOO_F_SOMETHING, OSSL_FOO_R_WHATEVER); + + With this change, we claim the namespaces OSSL and OPENSSL in a manner + that can be encoded in C. For the foreseeable future, this will only + affect new modules. + [Richard Levitte and Tim Hudson] + + *) Removed BSD cryptodev engine. + [Rich Salz] + + *) Add a build target 'build_all_generated', to build all generated files + and only that. This can be used to prepare everything that requires + things like perl for a system that lacks perl and then move everything + to that system and do the rest of the build there. + [Richard Levitte] + + *) In the UI interface, make it possible to duplicate the user data. This + can be used by engines that need to retain the data for a longer time + than just the call where this user data is passed. + [Richard Levitte] + + *) Ignore the '-named_curve auto' value for compatibility of applications + with OpenSSL 1.0.2. + [Tomas Mraz ] + + *) Fragmented SSL/TLS alerts are no longer accepted. An alert message is 2 + bytes long. In theory it is permissible in SSLv3 - TLSv1.2 to fragment such + alerts across multiple records (some of which could be empty). In practice + it make no sense to send an empty alert record, or to fragment one. TLSv1.3 + prohibts this altogether and other libraries (BoringSSL, NSS) do not + support this at all. Supporting it adds significant complexity to the + record layer, and its removal is unlikely to cause inter-operability + issues. + [Matt Caswell] + + *) Add the ASN.1 types INT32, UINT32, INT64, UINT64 and variants prefixed + with Z. These are meant to replace LONG and ZLONG and to be size safe. + The use of LONG and ZLONG is discouraged and scheduled for deprecation + in OpenSSL 1.2.0. + [Richard Levitte] + + *) Add the 'z' and 'j' modifiers to BIO_printf() et al formatting string, + 'z' is to be used for [s]size_t, and 'j' - with [u]int64_t. + [Richard Levitte, Andy Polyakov] + + *) Add EC_KEY_get0_engine(), which does for EC_KEY what RSA_get0_engine() + does for RSA, etc. + [Richard Levitte] + + *) Have 'config' recognise 64-bit mingw and choose 'mingw64' as the target + platform rather than 'mingw'. + [Richard Levitte] + + *) The functions X509_STORE_add_cert and X509_STORE_add_crl return + success if they are asked to add an object which already exists + in the store. This change cascades to other functions which load + certificates and CRLs. + [Paul Dale] + + *) x86_64 assembly pack: annotate code with DWARF CFI directives to + facilitate stack unwinding even from assembly subroutines. + [Andy Polyakov] + + *) Remove VAX C specific definitions of OPENSSL_EXPORT, OPENSSL_EXTERN. + Also remove OPENSSL_GLOBAL entirely, as it became a no-op. + [Richard Levitte] + + *) Remove the VMS-specific reimplementation of gmtime from crypto/o_times.c. + VMS C's RTL has a fully up to date gmtime() and gmtime_r() since V7.1, + which is the minimum version we support. + [Richard Levitte] + + *) Certificate time validation (X509_cmp_time) enforces stricter + compliance with RFC 5280. Fractional seconds and timezone offsets + are no longer allowed. + [Emilia Käsper] + + *) Add support for ARIA + [Paul Dale] + + *) s_client will now send the Server Name Indication (SNI) extension by + default unless the new "-noservername" option is used. The server name is + based on the host provided to the "-connect" option unless overridden by + using "-servername". + [Matt Caswell] + + *) Add support for SipHash + [Todd Short] + + *) OpenSSL now fails if it receives an unrecognised record type in TLS1.0 + or TLS1.1. Previously this only happened in SSLv3 and TLS1.2. This is to + prevent issues where no progress is being made and the peer continually + sends unrecognised record types, using up resources processing them. + [Matt Caswell] + + *) 'openssl passwd' can now produce SHA256 and SHA512 based output, + using the algorithm defined in + https://www.akkadia.org/drepper/SHA-crypt.txt + [Richard Levitte] + + *) Heartbeat support has been removed; the ABI is changed for now. + [Richard Levitte, Rich Salz] + + *) Support for SSL_OP_NO_ENCRYPT_THEN_MAC in SSL_CONF_cmd. + [Emilia Käsper] + + *) The RSA "null" method, which was partially supported to avoid patent + issues, has been replaced to always returns NULL. + [Rich Salz] + + + Changes between 1.1.0h and 1.1.0i [xx XXX xxxx] *) Client DoS due to large DH parameter @@ -215,13 +682,6 @@ (CVE-2017-3735) [Rich Salz] - *) Ignore the '-named_curve auto' value for compatibility of applications - with OpenSSL 1.0.2. - [Tomas Mraz ] - - *) Support for SSL_OP_NO_ENCRYPT_THEN_MAC in SSL_CONF_cmd. - [Emilia Käsper] - Changes between 1.1.0e and 1.1.0f [25 May 2017] *) Have 'config' recognise 64-bit mingw and choose 'mingw64' as the target @@ -337,12 +797,6 @@ (CVE-2016-7055) [Andy Polyakov] - *) OpenSSL now fails if it receives an unrecognised record type in TLS1.0 - or TLS1.1. Previously this only happened in SSLv3 and TLS1.2. This is to - prevent issues where no progress is being made and the peer continually - sends unrecognised record types, using up resources processing them. - [Matt Caswell] - *) Removed automatic addition of RPATH in shared libraries and executables, as this was a remainder from OpenSSL 1.0.x and isn't needed any more. [Richard Levitte] @@ -896,7 +1350,7 @@ *) Add support for setting the minimum and maximum supported protocol. It can bet set via the SSL_set_min_proto_version() and SSL_set_max_proto_version(), or via the SSL_CONF's MinProtocol and - MaxProtcol. It's recommended to use the new APIs to disable + MaxProtocol. It's recommended to use the new APIs to disable protocols instead of disabling individual protocols using SSL_set_options() or SSL_CONF's Protocol. This change also removes support for disabling TLS 1.2 in the OpenSSL TLS @@ -1246,13 +1700,13 @@ [Steve Henson] *) Experimental encrypt-then-mac support. - + Experimental support for encrypt then mac from draft-gutmann-tls-encrypt-then-mac-02.txt To enable it set the appropriate extension number (0x42 for the test server) using e.g. -DTLSEXT_TYPE_encrypt_then_mac=0x42 - + For non-compliant peers (i.e. just about everything) this should have no effect. @@ -1303,7 +1757,7 @@ *) Use separate DRBG fields for internal and external flags. New function FIPS_drbg_health_check() to perform on demand health checking. Add - generation tests to fips_test_suite with reduced health check interval to + generation tests to fips_test_suite with reduced health check interval to demonstrate periodic health checking. Add "nodh" option to fips_test_suite to skip very slow DH test. [Steve Henson] @@ -1317,7 +1771,7 @@ combination: call this in fips_test_suite. [Steve Henson] - *) Add support for canonical generation of DSA parameter 'g'. See + *) Add support for canonical generation of DSA parameter 'g'. See FIPS 186-3 A.2.3. *) Add support for HMAC DRBG from SP800-90. Update DRBG algorithm test and @@ -1341,7 +1795,7 @@ requested amount of entropy. [Steve Henson] - *) Add PRNG security strength checks to RSA, DSA and ECDSA using + *) Add PRNG security strength checks to RSA, DSA and ECDSA using information in FIPS186-3, SP800-57 and SP800-131A. [Steve Henson] @@ -1433,7 +1887,7 @@ can be set or retrieved with a ctrl. The IV length is by default 12 bytes (96 bits) but can be set to an alternative value. If the IV length exceeds the maximum IV length (currently 16 bytes) it cannot be - set before the key. + set before the key. [Steve Henson] *) New flag in ciphers: EVP_CIPH_FLAG_CUSTOM_CIPHER. This means the @@ -1476,7 +1930,7 @@ Add CMAC pkey methods. [Steve Henson] - *) Experimental renegotiation in s_server -www mode. If the client + *) Experimental renegotiation in s_server -www mode. If the client browses /reneg connection is renegotiated. If /renegcert it is renegotiated requesting a certificate. [Steve Henson] @@ -1496,7 +1950,7 @@ *) New macro __owur for "OpenSSL Warn Unused Result". This makes use of a gcc attribute to warn if the result of a function is ignored. This is enable if DEBUG_UNUSED is set. Add to several functions in evp.h - whose return value is often ignored. + whose return value is often ignored. [Steve Henson] *) New -noct, -requestct, -requirect and -ctlogfile options for s_client. @@ -2301,7 +2755,7 @@ [Steve Henson] *) Add new "valid_flags" field to CERT_PKEY structure which determines what - the certificate can be used for (if anything). Set valid_flags field + the certificate can be used for (if anything). Set valid_flags field in new tls1_check_chain function. Simplify ssl_set_cert_masks which used to have similar checks in it. @@ -2344,7 +2798,7 @@ *) Fix OCSP checking. [Rob Stradling and Ben Laurie] - *) Initial experimental support for explicitly trusted non-root CAs. + *) Initial experimental support for explicitly trusted non-root CAs. OpenSSL still tries to build a complete chain to a root but if an intermediate CA has a trust setting included that is used. The first setting is used: whether to trust (e.g., -addtrust option to the x509 @@ -2395,7 +2849,7 @@ to set list of supported curves. [Steve Henson] - *) New ctrls to retrieve supported signature algorithms and + *) New ctrls to retrieve supported signature algorithms and supported curve values as an array of NIDs. Extend openssl utility to print out received values. [Steve Henson] @@ -2600,7 +3054,7 @@ [Adam Langley, Bodo Moeller] *) Add additional DigestInfo checks. - + Re-encode DigestInto in DER and check against the original when verifying RSA signature: this will reject any improperly encoded DigestInfo structures. @@ -2770,7 +3224,7 @@ Changes between 1.0.1e and 1.0.1f [6 Jan 2014] - *) Fix for TLS record tampering bug. A carefully crafted invalid + *) Fix for TLS record tampering bug. A carefully crafted invalid handshake could crash OpenSSL with a NULL pointer exception. Thanks to Anton Johansson for reporting this issues. (CVE-2013-4353) @@ -2798,9 +3252,9 @@ *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time. - This addresses the flaw in CBC record processing discovered by + This addresses the flaw in CBC record processing discovered by Nadhem Alfardan and Kenny Paterson. Details of this attack can be found - at: http://www.isg.rhul.ac.uk/tls/ + at: http://www.isg.rhul.ac.uk/tls/ Thanks go to Nadhem Alfardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London @@ -2860,7 +3314,7 @@ *) OpenSSL 1.0.0 sets SSL_OP_ALL to 0x80000FFFL and OpenSSL 1.0.1 and 1.0.1a set SSL_OP_NO_TLSv1_1 to 0x00000400L which would unfortunately mean any application compiled against OpenSSL 1.0.0 headers setting - SSL_OP_ALL would also set SSL_OP_NO_TLSv1_1, unintentionally disablng + SSL_OP_ALL would also set SSL_OP_NO_TLSv1_1, unintentionally disabling TLS 1.1 also. Fix this by changing the value of SSL_OP_NO_TLSv1_1 to 0x10000000L Any application which was previously compiled against OpenSSL 1.0.1 or 1.0.1a headers and which cares about SSL_OP_NO_TLSv1_1 @@ -2869,7 +3323,7 @@ in unlike event, limit maximum offered version to TLS 1.0 [see below]. [Steve Henson] - *) In order to ensure interoperabilty SSL_OP_NO_protocolX does not + *) In order to ensure interoperability SSL_OP_NO_protocolX does not disable just protocol X, but all protocols above X *if* there are protocols *below* X still enabled. In more practical terms it means that if application wants to disable TLS1.0 in favor of TLS1.1 and @@ -2898,12 +3352,12 @@ 1. Do not use record version number > TLS 1.0 in initial client hello: some (but not all) hanging servers will now work. 2. If we set OPENSSL_MAX_TLS1_2_CIPHER_LENGTH this will truncate - the number of ciphers sent in the client hello. This should be + the number of ciphers sent in the client hello. This should be set to an even number, such as 50, for example by passing: -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 to config or Configure. Most broken servers should now work. 3. If all else fails setting OPENSSL_NO_TLS1_2_CLIENT will disable - TLS 1.2 client support entirely. + TLS 1.2 client support entirely. [Steve Henson] *) Fix SEGV in Vector Permutation AES module observed in OpenSSH. @@ -2918,7 +3372,7 @@ *) The format used for MDC2 RSA signatures is inconsistent between EVP and the RSA_sign/RSA_verify functions. This was made more apparent when OpenSSL used RSA_sign/RSA_verify for some RSA signatures in particular - those which went through EVP_PKEY_METHOD in 1.0.0 and later. Detect + those which went through EVP_PKEY_METHOD in 1.0.0 and later. Detect the correct format in RSA_verify so both forms transparently work. [Steve Henson] @@ -2940,12 +3394,12 @@ *) Extensive assembler packs updates, most notably: - - x86[_64]: AES-NI, PCLMULQDQ, RDRAND support; - - x86[_64]: SSSE3 support (SHA1, vector-permutation AES); - - x86_64: bit-sliced AES implementation; - - ARM: NEON support, contemporary platforms optimizations; - - s390x: z196 support; - - *: GHASH and GF(2^m) multiplication implementations; + - x86[_64]: AES-NI, PCLMULQDQ, RDRAND support; + - x86[_64]: SSSE3 support (SHA1, vector-permutation AES); + - x86_64: bit-sliced AES implementation; + - ARM: NEON support, contemporary platforms optimizations; + - s390x: z196 support; + - *: GHASH and GF(2^m) multiplication implementations; [Andy Polyakov] @@ -2991,7 +3445,7 @@ *) New -sigopt option to the ca, req and x509 utilities. Additional signature parameters can be passed using this option and in - particular PSS. + particular PSS. [Steve Henson] *) Add RSA PSS signing function. This will generate and set the @@ -3016,7 +3470,7 @@ [Steve Henson, Martin Kaiser ] *) Add algorithm specific signature printing. An individual ASN1 method - can now print out signatures instead of the standard hex dump. + can now print out signatures instead of the standard hex dump. More complex signatures (e.g. PSS) can print out more meaningful information. Include DSA version that prints out the signature @@ -3053,7 +3507,7 @@ *) Add GCM support to TLS library. Some custom code is needed to split the IV between the fixed (from PRF) and explicit (from TLS record) - portions. This adds all GCM ciphersuites supported by RFC5288 and + portions. This adds all GCM ciphersuites supported by RFC5288 and RFC5289. Generalise some AES* cipherstrings to include GCM and add a special AESGCM string for GCM only. [Steve Henson] @@ -3107,10 +3561,10 @@ to use them can use the private_* version instead. [Steve Henson] - *) Redirect cipher operations to FIPS module for FIPS builds. + *) Redirect cipher operations to FIPS module for FIPS builds. [Steve Henson] - *) Redirect digest operations to FIPS module for FIPS builds. + *) Redirect digest operations to FIPS module for FIPS builds. [Steve Henson] *) Update build system to add "fips" flag which will link in fipscanister.o @@ -3122,7 +3576,7 @@ This should be configurable so applications can judge speed vs strength. [Steve Henson] - *) Add TLS v1.2 server support for client authentication. + *) Add TLS v1.2 server support for client authentication. [Steve Henson] *) Add support for FIPS mode in ssl library: disable SSLv3, non-FIPS ciphers @@ -3208,7 +3662,7 @@ this issue. (CVE-2012-0884) [Steve Henson] - *) Fix CVE-2011-4619: make sure we really are receiving a + *) Fix CVE-2011-4619: make sure we really are receiving a client hello before rejecting multiple SGC restarts. Thanks to Ivan Nestlerode for discovering this bug. [Steve Henson] @@ -3301,7 +3755,7 @@ *) Add protection against ECDSA timing attacks as mentioned in the paper by Billy Bob Brumley and Nicola Tuveri, see: - http://eprint.iacr.org/2011/232.pdf + http://eprint.iacr.org/2011/232.pdf [Billy Bob Brumley and Nicola Tuveri] @@ -3335,12 +3789,12 @@ [Steve Henson] *) Fix WIN32 build system to correctly link an ENGINE directory into - a DLL. + a DLL. [Steve Henson] Changes between 1.0.0 and 1.0.0a [01 Jun 2010] - *) Check return value of int_rsa_verify in pkey_rsa_verifyrecover + *) Check return value of int_rsa_verify in pkey_rsa_verifyrecover (CVE-2010-1633) [Steve Henson, Peter-Michael Hager ] @@ -3409,7 +3863,7 @@ retrieve a digest flags is by accessing the structure directly. Update EVP_MD_do_all*() and EVP_CIPHER_do_all*() to include the name a digest or cipher is registered as in the "from" argument. Print out all - registered digests in the dgst usage message instead of manually + registered digests in the dgst usage message instead of manually attempting to work them out. [Steve Henson] @@ -3443,7 +3897,7 @@ *) Update Gost ENGINE to support parameter files. [Victor B. Wagner ] - *) Support GeneralizedTime in ca utility. + *) Support GeneralizedTime in ca utility. [Oliver Martin , Steve Henson] *) Enhance the hash format used for certificate directory links. The new @@ -3640,7 +4094,7 @@ SSL_set_tlsext_opaque_prf_input(ssl, src, len) is used to set the opaque PRF input value to use in the handshake. This will create - an interal copy of the length-'len' string at 'src', and will + an internal copy of the length-'len' string at 'src', and will return non-zero for success. To get more control and flexibility, provide a callback function @@ -3681,7 +4135,7 @@ [Bodo Moeller] *) Update ssl code to support digests other than SHA1+MD5 for handshake - MAC. + MAC. [Victor B. Wagner ] @@ -3693,7 +4147,7 @@ If a client application caches session in an SSL_SESSION structure support is transparent because tickets are now stored in the encoded SSL_SESSION. - + The SSL_CTX structure automatically generates keys for ticket protection in servers so again support should be possible with no application modification. @@ -3730,7 +4184,7 @@ *) New option -sigopt to dgst utility. Update dgst to use EVP_Digest{Sign,Verify}*. These two changes make it possible to use - alternative signing parameters such as X9.31 or PSS in the dgst + alternative signing parameters such as X9.31 or PSS in the dgst utility. [Steve Henson] @@ -3750,8 +4204,8 @@ most recently disabled ciphersuites when "HIGH" is parsed). Also, change ssl_create_cipher_list() (using this new - funcionality) such that between otherwise identical - cihpersuites, ephemeral ECDH is preferred over ephemeral DH in + functionality) such that between otherwise identical + ciphersuites, ephemeral ECDH is preferred over ephemeral DH in the default order. [Bodo Moeller] @@ -3801,14 +4255,14 @@ *) Initial incomplete changes to avoid need for function casts in OpenSSL some compilers (gcc 4.2 and later) reject their use. Safestack is - reimplemented. Update ASN1 to avoid use of legacy functions. + reimplemented. Update ASN1 to avoid use of legacy functions. [Steve Henson] *) Win32/64 targets are linked with Winsock2. [Andy Polyakov] *) Add an X509_CRL_METHOD structure to allow CRL processing to be redirected - to external functions. This can be used to increase CRL handling + to external functions. This can be used to increase CRL handling efficiency especially when CRLs are very large by (for example) storing the CRL revoked certificates in a database. [Steve Henson] @@ -3842,7 +4296,7 @@ *) New function X509_CRL_match() to check if two CRLs are identical. Normally this would be called X509_CRL_cmp() but that name is already used by - a function that just compares CRL issuer names. Cache several CRL + a function that just compares CRL issuer names. Cache several CRL extensions in X509_CRL structure and cache CRLDP in X509. [Steve Henson] @@ -3851,7 +4305,7 @@ Name comparison can then be performed rapidly using memcmp(). [Steve Henson] - *) Non-blocking OCSP request processing. Add -timeout option to ocsp + *) Non-blocking OCSP request processing. Add -timeout option to ocsp utility. [Steve Henson] @@ -3930,7 +4384,7 @@ functional reference processing. [Steve Henson] - *) New functions EVP_Digest{Sign,Verify)*. These are enchance versions of + *) New functions EVP_Digest{Sign,Verify)*. These are enhanced versions of EVP_{Sign,Verify}* which allow an application to customise the signature process. [Steve Henson] @@ -3977,7 +4431,7 @@ type for signing if it is not explicitly indicated. [Steve Henson] - *) Use OID cross reference table in ASN1_sign() and ASN1_verify(). New + *) Use OID cross reference table in ASN1_sign() and ASN1_verify(). New EVP_MD flag EVP_MD_FLAG_PKEY_METHOD_SIGNATURE. This uses the relevant signing method from the key type. This effectively removes the link between digests and public key types. @@ -3986,7 +4440,7 @@ *) Add an OID cross reference table and utility functions. Its purpose is to translate between signature OIDs such as SHA1WithrsaEncryption and SHA1, rsaEncryption. This will allow some of the algorithm specific hackery - needed to use the correct OID to be removed. + needed to use the correct OID to be removed. [Steve Henson] *) Remove algorithm specific dependencies when setting PKCS7_SIGNER_INFO @@ -4002,7 +4456,7 @@ [Steve Henson] *) Add DSA pkey method and DH pkey methods, extend DH ASN1 method to support - public and private key formats. As a side effect these add additional + public and private key formats. As a side effect these add additional command line functionality not previously available: DSA signatures can be generated and verified using pkeyutl and DH key support and generation in pkey, genpkey. @@ -4023,7 +4477,7 @@ *) Add functions for main EVP_PKEY_method operations. The undocumented functions EVP_PKEY_{encrypt,decrypt} have been renamed to - EVP_PKEY_{encrypt,decrypt}_old. + EVP_PKEY_{encrypt,decrypt}_old. [Steve Henson] *) Initial definitions for EVP_PKEY_METHOD. This will be a high level public @@ -4048,7 +4502,7 @@ type. [Steve Henson] - *) Transfer public key printing routines to EVP_PKEY_ASN1_METHOD. New + *) Transfer public key printing routines to EVP_PKEY_ASN1_METHOD. New functions EVP_PKEY_print_public(), EVP_PKEY_print_private(), EVP_PKEY_print_param() to print public key data from an EVP_PKEY structure. @@ -4069,11 +4523,11 @@ *) Add initial support for RFC 4279 PSK TLS ciphersuites. Add members for the psk identity [hint] and the psk callback functions to the SSL_SESSION, SSL and SSL_CTX structure. - + New ciphersuites: PSK-RC4-SHA, PSK-3DES-EDE-CBC-SHA, PSK-AES128-CBC-SHA, PSK-AES256-CBC-SHA - + New functions: SSL_CTX_use_psk_identity_hint SSL_get_psk_identity_hint @@ -4142,8 +4596,8 @@ [Andy Polyakov] *) New option SSL_OP_NO_COMP to disable use of compression selectively - in SSL structures. New SSL ctrl to set maximum send fragment size. - Save memory by seeting the I/O buffer sizes dynamically instead of + in SSL structures. New SSL ctrl to set maximum send fragment size. + Save memory by setting the I/O buffer sizes dynamically instead of using the maximum available value. [Steve Henson] @@ -4196,13 +4650,13 @@ protection is active. (CVE-2010-0740) [Bodo Moeller, Adam Langley ] - *) Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL + *) Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL could be crashed if the relevant tables were not present (e.g. chrooted). [Tomas Hoger ] Changes between 0.9.8l and 0.9.8m [25 Feb 2010] - *) Always check bn_wexpend() return values for failure. (CVE-2009-3245) + *) Always check bn_wexpand() return values for failure. (CVE-2009-3245) [Martin Olsson, Neel Mehta] *) Fix X509_STORE locking: Every 'objs' access requires a lock (to @@ -4335,11 +4789,11 @@ is already buffered was missing. For every new message was memory allocated, allowing an attacker to perform an denial of service attack with sending out of seq handshake messages until there is no memory - left. Additionally every future messege was buffered, even if the + left. Additionally every future message was buffered, even if the sequence number made no sense and would be part of another handshake. So only messages with sequence numbers less than 10 in advance will be buffered. (CVE-2009-1378) - [Robin Seggelmann, discovered by Daniel Mentz] + [Robin Seggelmann, discovered by Daniel Mentz] *) Records are buffered if they arrive with a future epoch to be processed after finishing the corresponding handshake. There is @@ -4348,11 +4802,11 @@ memory left. This patch adds the pqueue_size() function to determine the size of a buffer and limits the record buffer to 100 entries. (CVE-2009-1377) - [Robin Seggelmann, discovered by Daniel Mentz] + [Robin Seggelmann, discovered by Daniel Mentz] *) Keep a copy of frag->msg_header.frag_len so it can be used after the parent structure is freed. (CVE-2009-1379) - [Daniel Mentz] + [Daniel Mentz] *) Handle non-blocking I/O properly in SSL_shutdown() call. [Darryl Miles ] @@ -4387,7 +4841,7 @@ a legal length. (CVE-2009-0590) [Steve Henson] - *) Set S/MIME signing as the default purpose rather than setting it + *) Set S/MIME signing as the default purpose rather than setting it unconditionally. This allows applications to override it at the store level. [Steve Henson] @@ -4519,12 +4973,12 @@ Changes between 0.9.8g and 0.9.8h [28 May 2008] *) Fix flaw if 'Server Key exchange message' is omitted from a TLS - handshake which could lead to a cilent crash as found using the - Codenomicon TLS test suite (CVE-2008-1672) + handshake which could lead to a client crash as found using the + Codenomicon TLS test suite (CVE-2008-1672) [Steve Henson, Mark Cox] *) Fix double free in TLS server name extensions which could lead to - a remote crash found by Codenomicon TLS test suite (CVE-2008-0891) + a remote crash found by Codenomicon TLS test suite (CVE-2008-0891) [Joe Orton] *) Clear error queue in SSL_CTX_use_certificate_chain_file() @@ -4625,7 +5079,7 @@ *) Fix BN flag handling in RSA_eay_mod_exp() and BN_MONT_CTX_set() to get the expected BN_FLG_CONSTTIME behavior. [Bodo Moeller (Google)] - + *) Netware support: - fixed wrong usage of ioctlsocket() when build for LIBC BSD sockets @@ -4677,7 +5131,7 @@ (gcc 4.2 and later) reject their use. [Kurt Roeckx , Peter Hartley , Steve Henson] - + *) Add RFC4507 support to OpenSSL. This includes the corrections in RFC4507bis. The encrypted ticket format is an encrypted encoded SSL_SESSION structure, that way new session features are automatically @@ -4686,7 +5140,7 @@ If a client application caches session in an SSL_SESSION structure support is transparent because tickets are now stored in the encoded SSL_SESSION. - + The SSL_CTX structure automatically generates keys for ticket protection in servers so again support should be possible with no application modification. @@ -4866,7 +5320,7 @@ *) Fix ASN.1 parsing of certain invalid structures that can result in a denial of service. (CVE-2006-2937) [Steve Henson] - *) Fix buffer overflow in SSL_get_shared_ciphers() function. + *) Fix buffer overflow in SSL_get_shared_ciphers() function. (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team] *) Fix SSL client code which could crash if connecting to a @@ -4953,7 +5407,7 @@ *) Disable the padding bug check when compression is in use. The padding bug check assumes the first packet is of even length, this is not - necessarily true if compresssion is enabled and can result in false + necessarily true if compression is enabled and can result in false positives causing handshake failure. The actual bug test is ancient code so it is hoped that implementations will either have fixed it by now or any which still have the bug do not support compression. @@ -5146,7 +5600,7 @@ *) New structure X509_VERIFY_PARAM which combines current verify parameters, update associated structures and add various utility functions. - Add new policy related verify parameters, include policy checking in + Add new policy related verify parameters, include policy checking in standard verify code. Enhance 'smime' application with extra parameters to support policy checking and print out. [Steve Henson] @@ -5182,7 +5636,7 @@ we can fix the problem directly in the 'ca' utility.) [Steve Henson] - *) Reduced header interdepencies by declaring more opaque objects in + *) Reduced header interdependencies by declaring more opaque objects in ossl_typ.h. As a consequence, including some headers (eg. engine.h) will give fewer recursive includes, which could break lazy source code - so this change is covered by the OPENSSL_NO_DEPRECATED symbol. As always, @@ -5195,12 +5649,12 @@ [Steve Henson] *) Add new EVP function EVP_CIPHER_CTX_rand_key and associated functionality. - This will generate a random key of the appropriate length based on the + This will generate a random key of the appropriate length based on the cipher context. The EVP_CIPHER can provide its own random key generation - routine to support keys of a specific form. This is used in the des and + routine to support keys of a specific form. This is used in the des and 3des routines to generate a key of the correct parity. Update S/MIME code to use new functions and hence generate correct parity DES keys. - Add EVP_CHECK_DES_KEY #define to return an error if the key is not + Add EVP_CHECK_DES_KEY #define to return an error if the key is not valid (weak or incorrect parity). [Steve Henson] @@ -5313,7 +5767,7 @@ functions. [Steve Henson] - *) New function PKCS7_set0_type_other() this initializes a PKCS7 + *) New function PKCS7_set0_type_other() this initializes a PKCS7 structure of type "other". [Steve Henson] @@ -5374,16 +5828,16 @@ takes an extra flags argument for optional functionality. Currently, the following flags are defined: - OBJ_BSEARCH_VALUE_ON_NOMATCH - This one gets OBJ_bsearch_ex() to return a pointer to the first - element where the comparing function returns a negative or zero - number. + OBJ_BSEARCH_VALUE_ON_NOMATCH + This one gets OBJ_bsearch_ex() to return a pointer to the first + element where the comparing function returns a negative or zero + number. - OBJ_BSEARCH_FIRST_VALUE_ON_MATCH - This one gets OBJ_bsearch_ex() to return a pointer to the first - element where the comparing function returns zero. This is useful - if there are more than one element where the comparing function - returns zero. + OBJ_BSEARCH_FIRST_VALUE_ON_MATCH + This one gets OBJ_bsearch_ex() to return a pointer to the first + element where the comparing function returns zero. This is useful + if there are more than one element where the comparing function + returns zero. [Richard Levitte] *) Make it possible to create self-signed certificates with 'openssl ca' @@ -5406,7 +5860,7 @@ named like the index file with '.attr' appended to the name. [Richard Levitte] - *) Generate muti valued AVAs using '+' notation in config files for + *) Generate multi-valued AVAs using '+' notation in config files for req and dirName. [Steve Henson] @@ -5522,7 +5976,7 @@ [Geoff Thorpe] *) Change the ZLIB compression method to be stateful, and make it - available to TLS with the number defined in + available to TLS with the number defined in draft-ietf-tls-compression-04.txt. [Richard Levitte] @@ -5530,8 +5984,8 @@ is defined as follows (according to X.509_4thEditionDraftV6.pdf): CertificatePair ::= SEQUENCE { - forward [0] Certificate OPTIONAL, - reverse [1] Certificate OPTIONAL, + forward [0] Certificate OPTIONAL, + reverse [1] Certificate OPTIONAL, -- at least one of the pair shall be present -- } Also implement the PEM functions to read and write certificate @@ -5546,7 +6000,7 @@ Makefile.shared, for Cygwin's sake. [Richard Levitte] - *) Extend the BIGNUM API by creating a function + *) Extend the BIGNUM API by creating a function void BN_set_negative(BIGNUM *a, int neg); and a macro that behave like int BN_is_negative(const BIGNUM *a); @@ -5699,7 +6153,7 @@ *) Add binary polynomial arithmetic software in crypto/bn/bn_gf2m.c. Polynomials are represented as BIGNUMs (where the sign bit is not - used) in the following functions [macros]: + used) in the following functions [macros]: BN_GF2m_add BN_GF2m_sub [= BN_GF2m_add] @@ -5792,7 +6246,7 @@ EC_METHOD_get_field_type() returns this value. [Nils Larsch ] - *) Add functions + *) Add functions EC_POINT_point2bn() EC_POINT_bn2point() EC_POINT_point2hex() @@ -5851,7 +6305,7 @@ EC_GROUP_set_curve_name() EC_GROUP_get_curve_name() [Nils Larsch ] @@ -5911,7 +6365,7 @@ *) Fix ASN.1 parsing of certain invalid structures that can result in a denial of service. (CVE-2006-2937) [Steve Henson] - *) Fix buffer overflow in SSL_get_shared_ciphers() function. + *) Fix buffer overflow in SSL_get_shared_ciphers() function. (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team] *) Fix SSL client code which could crash if connecting to a @@ -5947,7 +6401,7 @@ draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really appear there. - Also deactive the remaining ciphersuites from + Also deactivate the remaining ciphersuites from draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as unofficial, and the ID has long expired. [Bodo Moeller] @@ -5965,10 +6419,10 @@ *) Fixes for VC++ 2005 build under Windows. [Steve Henson] - *) Add new Windows build target VC-32-GMAKE for VC++. This uses GNU make + *) Add new Windows build target VC-32-GMAKE for VC++. This uses GNU make from a Windows bash shell such as MSYS. It is autodetected from the "config" script when run from a VC++ environment. Modify standard VC++ - build to use fipscanister.o from the GNU make build. + build to use fipscanister.o from the GNU make build. [Steve Henson] Changes between 0.9.7h and 0.9.7i [14 Oct 2005] @@ -6081,7 +6535,7 @@ values. The OpenSSL team would like to thank the UK NISCC for bringing this issue - to our attention. + to our attention. [Stephen Henson, reported by UK NISCC] @@ -6126,7 +6580,7 @@ Changes between 0.9.7d and 0.9.7e [25 Oct 2004] - *) Avoid a race condition when CRLs are checked in a multi threaded + *) Avoid a race condition when CRLs are checked in a multi threaded environment. This would happen due to the reordering of the revoked entries during signature checking and serial number lookup. Now the encoding is cached and the serial number sort performed under a lock. @@ -6150,13 +6604,13 @@ Changes between 0.9.7c and 0.9.7d [17 Mar 2004] - *) Fix null-pointer assignment in do_change_cipher_spec() revealed - by using the Codenomicon TLS Test Tool (CVE-2004-0079) - [Joe Orton, Steve Henson] + *) Fix null-pointer assignment in do_change_cipher_spec() revealed + by using the Codenomicon TLS Test Tool (CVE-2004-0079) + [Joe Orton, Steve Henson] *) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites (CVE-2004-0112) - [Joe Orton, Steve Henson] + [Joe Orton, Steve Henson] *) Make it possible to have multiple active certificates with the same subject in the CA index file. This is done only if the keyword @@ -6166,7 +6620,7 @@ named like the index file with '.attr' appended to the name. [Richard Levitte] - *) X509 verify fixes. Disable broken certificate workarounds when + *) X509 verify fixes. Disable broken certificate workarounds when X509_V_FLAGS_X509_STRICT is set. Check CRL issuer has cRLSign set if keyUsage extension present. Don't accept CRLs with unhandled critical extensions: since verify currently doesn't process CRL extensions this @@ -6175,7 +6629,7 @@ [Steve Henson] *) When creating an OCSP nonce use an OCTET STRING inside the extnValue. - A clarification of RFC2560 will require the use of OCTET STRINGs and + A clarification of RFC2560 will require the use of OCTET STRINGs and some implementations cannot handle the current raw format. Since OpenSSL copies and compares OCSP nonces as opaque blobs without any attempt at parsing them this should not create any compatibility issues. @@ -6199,7 +6653,7 @@ Stop out of bounds reads in the ASN1 code when presented with invalid tags (CVE-2003-0543 and CVE-2003-0544). - + Free up ASN1_TYPE correctly if ANY type is invalid (CVE-2003-0545). If verify callback ignores invalid public key errors don't try to check @@ -6229,7 +6683,7 @@ blocks during encryption. [Richard Levitte] - *) Various fixes to base64 BIO and non blocking I/O. On write + *) Various fixes to base64 BIO and non blocking I/O. On write flushes were not handled properly if the BIO retried. On read data was not being buffered properly and had various logic bugs. This also affects blocking I/O when the data being decoded is a @@ -6277,7 +6731,7 @@ *) Target "mingw" now allows native Windows code to be generated in the Cygwin environment as well as with the MinGW compiler. - [Ulf Moeller] + [Ulf Moeller] Changes between 0.9.7 and 0.9.7a [19 Feb 2003] @@ -6313,7 +6767,7 @@ *) Allow an application to disable the automatic SSL chain building. Before this a rather primitive chain build was always performed in - ssl3_output_cert_chain(): an application had no way to send the + ssl3_output_cert_chain(): an application had no way to send the correct chain if the automatic operation produced an incorrect result. Now the chain builder is disabled if either: @@ -6533,15 +6987,15 @@ build directory is the following (tested on Linux), maybe with some local tweaks: - # Place yourself outside of the OpenSSL source tree. In - # this example, the environment variable OPENSSL_SOURCE - # is assumed to contain the absolute OpenSSL source directory. - mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`" - cd objtree/"`uname -s`-`uname -r`-`uname -m`" - (cd $OPENSSL_SOURCE; find . -type f) | while read F; do - mkdir -p `dirname $F` - ln -s $OPENSSL_SOURCE/$F $F - done + # Place yourself outside of the OpenSSL source tree. In + # this example, the environment variable OPENSSL_SOURCE + # is assumed to contain the absolute OpenSSL source directory. + mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`" + cd objtree/"`uname -s`-`uname -r`-`uname -m`" + (cd $OPENSSL_SOURCE; find . -type f) | while read F; do + mkdir -p `dirname $F` + ln -s $OPENSSL_SOURCE/$F $F + done To be absolutely sure not to disturb the source tree, a "make clean" is a good thing. If it isn't successful, don't worry about it, @@ -6561,7 +7015,7 @@ error in AES-CFB decryption. [Richard Levitte] - *) Remove most calls to EVP_CIPHER_CTX_cleanup() in evp_enc.c, this + *) Remove most calls to EVP_CIPHER_CTX_cleanup() in evp_enc.c, this allows existing EVP_CIPHER_CTX structures to be reused after calling EVP_*Final(). This behaviour is used by encryption BIOs and some applications. This has the side effect that @@ -6588,11 +7042,11 @@ [Lutz Jaenicke] *) Add an "init" command to the ENGINE config module and auto initialize - ENGINEs. Without any "init" command the ENGINE will be initialized - after all ctrl commands have been executed on it. If init=1 the - ENGINE is initailized at that point (ctrls before that point are run + ENGINEs. Without any "init" command the ENGINE will be initialized + after all ctrl commands have been executed on it. If init=1 the + ENGINE is initialized at that point (ctrls before that point are run on the uninitialized ENGINE and after on the initialized one). If - init=0 then the ENGINE will not be iniatialized at all. + init=0 then the ENGINE will not be initialized at all. [Steve Henson] *) Fix the 'app_verify_callback' interface so that the user-defined @@ -6630,7 +7084,7 @@ *) Config modules support in openssl utility. Most commands now load modules from the config file, - though in a few (such as version) this isn't done + though in a few (such as version) this isn't done because it couldn't be used for anything. In the case of ca and req the config file used is @@ -6696,7 +7150,7 @@ but report on the latest error recorded rather than the first one still in the error queue. [Ben Laurie, Bodo Moeller] - + *) default_algorithms option in ENGINE config module. This allows things like: default_algorithms = ALL @@ -6813,7 +7267,7 @@ [Richard Levitte] *) Test for certificates which contain unsupported critical extensions. - If such a certificate is found during a verify operation it is + If such a certificate is found during a verify operation it is rejected by default: this behaviour can be overridden by either handling the new error X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION or by setting the verify flag X509_V_FLAG_IGNORE_CRITICAL. A new function @@ -6849,7 +7303,7 @@ *) Major restructuring to the underlying ENGINE code. This includes reduction of linker bloat, separation of pure "ENGINE" manipulation (initialisation, etc) from functionality dealing with implementations - of specific crypto iterfaces. This change also introduces integrated + of specific crypto interfaces. This change also introduces integrated support for symmetric ciphers and digest implementations - so ENGINEs can now accelerate these by providing EVP_CIPHER and EVP_MD implementations of their own. This is detailed in crypto/engine/README @@ -7036,8 +7490,8 @@ des_key_schedule ks; - des_set_key_checked(..., &ks); - des_ncbc_encrypt(..., &ks, ...); + des_set_key_checked(..., &ks); + des_ncbc_encrypt(..., &ks, ...); (Note that a later change renames 'des_...' into 'DES_...'.) [Ben Laurie] @@ -7178,7 +7632,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) Add copies of X509_STORE_CTX fields and callbacks to X509_STORE - structure. These are inherited by X509_STORE_CTX when it is + structure. These are inherited by X509_STORE_CTX when it is initialised. This allows various defaults to be set in the X509_STORE structure (such as flags for CRL checking and custom purpose or trust settings) for functions which only use X509_STORE_CTX @@ -7243,7 +7697,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k '-pre' and '-post' switches. '-post' is only used if '-t' is specified and the ENGINE is successfully initialised. The syntax for the individual commands are colon-separated, for example; - openssl engine chil -pre FORK_CHECK:0 -pre SO_PATH:/lib/test.so + openssl engine chil -pre FORK_CHECK:0 -pre SO_PATH:/lib/test.so [Geoff] *) New dynamic control command support for ENGINEs. ENGINEs can now @@ -7342,7 +7796,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k EC_GFp_simple_method() uses the basic BN_mod_mul and BN_mod_sqr operations and provides various method functions that can also - operate with faster implementations of modular arithmetic. + operate with faster implementations of modular arithmetic. EC_GFp_mont_method() reuses most functions that are part of EC_GFp_simple_method, but uses Montgomery arithmetic. @@ -7431,16 +7885,16 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k To implement a global variable, use the macro OPENSSL_IMPLEMENT_GLOBAL in the source file (foo.c) like this: - OPENSSL_IMPLEMENT_GLOBAL(int,foo)=1; - OPENSSL_IMPLEMENT_GLOBAL(double,bar); + OPENSSL_IMPLEMENT_GLOBAL(int,foo)=1; + OPENSSL_IMPLEMENT_GLOBAL(double,bar); To declare a global variable, use the macros OPENSSL_DECLARE_GLOBAL and OPENSSL_GLOBAL_REF in the header file (foo.h) like this: - OPENSSL_DECLARE_GLOBAL(int,foo); - #define foo OPENSSL_GLOBAL_REF(foo) - OPENSSL_DECLARE_GLOBAL(double,bar); - #define bar OPENSSL_GLOBAL_REF(bar) + OPENSSL_DECLARE_GLOBAL(int,foo); + #define foo OPENSSL_GLOBAL_REF(foo) + OPENSSL_DECLARE_GLOBAL(double,bar); + #define bar OPENSSL_GLOBAL_REF(bar) The #defines are very important, and therefore so is including the header file everywhere where the defined globals are used. @@ -7530,7 +7984,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) New option -set_serial to 'req' and 'x509' this allows the serial number to use to be specified on the command line. Previously self - signed certificates were hard coded with serial number 0 and the + signed certificates were hard coded with serial number 0 and the CA options of 'x509' had to use a serial number in a file which was auto incremented. [Steve Henson] @@ -7555,7 +8009,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k option to ocsp utility. [Steve Henson] - *) New nonce behavior. The return value of OCSP_check_nonce() now + *) New nonce behavior. The return value of OCSP_check_nonce() now reflects the various checks performed. Applications can decide whether to tolerate certain situations such as an absent nonce in a response when one was present in a request: the ocsp application @@ -7629,7 +8083,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Various new functions. EVP_Digest() combines EVP_Digest{Init,Update,Final}() in a single operation. X509_get0_pubkey_bitstr() extracts the public_key structure from a certificate. X509_pubkey_digest() digests the public_key - contents: this is used in various key identifiers. + contents: this is used in various key identifiers. [Steve Henson] *) Make sk_sort() tolerate a NULL argument. @@ -7644,7 +8098,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k to data. This was previously part of the PKCS7 ASN1 code. This was causing problems with OpenSSL created PKCS#12 and PKCS#7 structures. [Steve Henson, reported by Kenneth R. Robinette - ] + ] *) Add CRYPTO_push_info() and CRYPTO_pop_info() calls to new ASN1 routines: without these tracing memory leaks is very painful. @@ -7658,7 +8112,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k and use ASN1_TIME_set() if the value is not V_ASN1_UTCTIME or V_ASN1_GENERALIZEDTIME, without this it always uses GeneralizedTime. [Steve Henson, reported by Kenneth R. Robinette - ] + ] *) Fixes to BN_to_ASN1_INTEGER when bn is zero. This would previously result in a zero length in the ASN1_INTEGER structure which was @@ -7743,10 +8197,10 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k settings for extended allocation functions, the following functions are provided: - CRYPTO_set_mem_ex_functions - CRYPTO_set_locked_mem_ex_functions - CRYPTO_get_mem_ex_functions - CRYPTO_get_locked_mem_ex_functions + CRYPTO_set_mem_ex_functions + CRYPTO_set_locked_mem_ex_functions + CRYPTO_get_mem_ex_functions + CRYPTO_get_locked_mem_ex_functions These work the same way as CRYPTO_set_mem_functions and friends. CRYPTO_get_[locked_]mem_functions now writes 0 where such an @@ -7817,7 +8271,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Update OCSP API. Remove obsolete extensions argument from various functions. Extensions are now handled using the new - OCSP extension code. New simple OCSP HTTP function which + OCSP extension code. New simple OCSP HTTP function which can be used to send requests and parse the response. [Steve Henson] @@ -7853,7 +8307,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) Enhance mkdef.pl to be more accepting about spacing in C preprocessor - lines, recognice more "algorithms" that can be deselected, and make + lines, recognize more "algorithms" that can be deselected, and make it complain about algorithm deselection that isn't recognised. [Richard Levitte] @@ -8087,11 +8541,11 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Add the following functions: - ENGINE_load_cswift() - ENGINE_load_chil() - ENGINE_load_atalla() - ENGINE_load_nuron() - ENGINE_load_builtin_engines() + ENGINE_load_cswift() + ENGINE_load_chil() + ENGINE_load_atalla() + ENGINE_load_nuron() + ENGINE_load_builtin_engines() That way, an application can itself choose if external engines that are built-in in OpenSSL shall ever be used or not. The benefit is @@ -8203,7 +8657,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Stop out of bounds reads in the ASN1 code when presented with invalid tags (CVE-2003-0543 and CVE-2003-0544). - + If verify callback ignores invalid public key errors don't try to check certificate signature with the NULL public key. @@ -8251,7 +8705,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Changes between 0.9.6h and 0.9.6i [19 Feb 2003] *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked - via timing by performing a MAC computation even if incorrrect + via timing by performing a MAC computation even if incorrect block cipher padding has been found. This is a countermeasure against active attacks where the attacker has to distinguish between bad padding and a MAC verification error. (CVE-2003-0078) @@ -8282,7 +8736,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Zeev Lieber ] *) Undo an undocumented change introduced in 0.9.6e which caused - repeated calls to OpenSSL_add_all_ciphers() and + repeated calls to OpenSSL_add_all_ciphers() and OpenSSL_add_all_digests() to be ignored, even after calling EVP_cleanup(). [Richard Levitte] @@ -8340,8 +8794,8 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX and get fix the header length calculation. [Florian Weimer , - Alon Kantor (and others), - Steve Henson] + Alon Kantor (and others), + Steve Henson] *) Use proper error handling instead of 'assertions' in buffer overflow checks added in 0.9.6e. This prevents DoS (the @@ -8456,7 +8910,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k a generator of the order-q subgroup is just as good, if not better. [Bodo Moeller] - + *) Map new X509 verification errors to alerts. Discovered and submitted by Tom Wu . [Lutz Jaenicke] @@ -8569,7 +9023,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Broadcom, Nalin Dahyabhai , Mark Cox] *) [In 0.9.6c-engine release:] - Add support for SureWare crypto accelerator cards from + Add support for SureWare crypto accelerator cards from Baltimore Technologies. (Use engine 'sureware') [Baltimore Technologies and Mark Cox] @@ -8912,8 +9366,8 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Computations, J. Cryptology 14 (2001) 2, 101-119, http://theory.stanford.edu/~dabo/papers/faults.ps.gz). [Ulf Moeller] - - *) MIPS assembler BIGNUM division bug fix. + + *) MIPS assembler BIGNUM division bug fix. [Andy Polyakov] *) Disabled incorrect Alpha assembler code. @@ -8969,7 +9423,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k 2. Fix logical glitch in is_MemCheck_on() aka CRYPTO_is_mem_check_on(). 3. Count how many times MemCheck_off() has been called so that - nested use can be treated correctly. This also avoids + nested use can be treated correctly. This also avoids inband-signalling in the previous code (which relied on the assumption that thread ID 0 is impossible). [Bodo Moeller] @@ -9083,7 +9537,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) rand_win.c fix for Borland C. [Ulf Möller] - + *) BN_rshift bugfix for n == 0. [Bodo Moeller] @@ -9153,7 +9607,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k and not in SSL_clear because the latter is also used by the accept/connect functions; previously, the settings made by SSL_set_read_ahead would be lost during the handshake. - [Bodo Moeller; problems reported by Anders Gertz ] + [Bodo Moeller; problems reported by Anders Gertz ] *) Correct util/mkdef.pl to be selective about disabled algorithms. Previously, it would create entries for disabled algorithms no @@ -9243,7 +9697,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k doc package contains the contents of the doc directory. The original openssl.spec was provided by Damien Miller . [Richard Levitte] - + *) Add a large number of documentation files for many SSL routines. [Lutz Jaenicke ] @@ -9289,19 +9743,19 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Allow the verify time to be set by an application, rather than always using the current time. [Steve Henson] - + *) Phase 2 verify code reorganisation. The certificate verify code now looks up an issuer certificate by a number of criteria: subject name, authority key id and key usage. It also verifies self signed certificates by the same criteria. The main comparison function is X509_check_issued() which performs these checks. - + Lot of changes were necessary in order to support this without completely rewriting the lookup code. - + Authority and subject key identifier are now cached. - + The LHASH 'certs' is X509_STORE has now been replaced by a STACK_OF(X509_OBJECT). This is mainly because an LHASH can't store or retrieve multiple objects with @@ -9311,10 +9765,10 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k use only) have changed to handle the new X509_STORE structure. This will break anything that messed round with X509_STORE internally. - + The functions X509_STORE_add_cert() now checks for an exact match, rather than just subject name. - + The X509_STORE API doesn't directly support the retrieval of multiple certificates matching a given criteria, however this can be worked round by performing a lookup first @@ -9322,9 +9776,9 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k and then examining the cache for matches. This is probably the best we can do without throwing out X509_LOOKUP entirely (maybe later...). - + The X509_VERIFY_CTX structure has been enhanced considerably. - + All certificate lookup operations now go via a get_issuer() callback. Although this currently uses an X509_STORE it can be replaced by custom lookups. This is a simple way @@ -9333,15 +9787,15 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k in future. A very simple version which uses a simple STACK for its trusted certificate store is also provided using X509_STORE_CTX_trusted_stack(). - + The verify_cb() and verify() callbacks now have equivalents in the X509_STORE_CTX structure. - + X509_STORE_CTX also has a 'flags' field which can be used to customise the verify behaviour. [Steve Henson] - - *) Add new PKCS#7 signing option PKCS7_NOSMIMECAP which + + *) Add new PKCS#7 signing option PKCS7_NOSMIMECAP which excludes S/MIME capabilities. [Steve Henson] @@ -9403,7 +9857,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Modification to PKCS#7 encoding routines to output definite length encoding. Since currently the whole structures are in - memory there's not real point in using indefinite length + memory there's not real point in using indefinite length constructed encoding. However if OpenSSL is compiled with the flag PKCS7_INDEFINITE_ENCODING the old form is used. [Steve Henson] @@ -9411,27 +9865,27 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Added BIO_vprintf() and BIO_vsnprintf(). [Richard Levitte] - *) Added more prefixes to parse for in the the strings written + *) Added more prefixes to parse for in the strings written through a logging bio, to cover all the levels that are available through syslog. The prefixes are now: - PANIC, EMERG, EMR => LOG_EMERG - ALERT, ALR => LOG_ALERT - CRIT, CRI => LOG_CRIT - ERROR, ERR => LOG_ERR - WARNING, WARN, WAR => LOG_WARNING - NOTICE, NOTE, NOT => LOG_NOTICE - INFO, INF => LOG_INFO - DEBUG, DBG => LOG_DEBUG + PANIC, EMERG, EMR => LOG_EMERG + ALERT, ALR => LOG_ALERT + CRIT, CRI => LOG_CRIT + ERROR, ERR => LOG_ERR + WARNING, WARN, WAR => LOG_WARNING + NOTICE, NOTE, NOT => LOG_NOTICE + INFO, INF => LOG_INFO + DEBUG, DBG => LOG_DEBUG and as before, if none of those prefixes are present at the beginning of the string, LOG_ERR is chosen. On Win32, the LOG_* levels are mapped according to this: - LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_ERR => EVENTLOG_ERROR_TYPE - LOG_WARNING => EVENTLOG_WARNING_TYPE - LOG_NOTICE, LOG_INFO, LOG_DEBUG => EVENTLOG_INFORMATION_TYPE + LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_ERR => EVENTLOG_ERROR_TYPE + LOG_WARNING => EVENTLOG_WARNING_TYPE + LOG_NOTICE, LOG_INFO, LOG_DEBUG => EVENTLOG_INFORMATION_TYPE [Richard Levitte] @@ -9482,7 +9936,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) New functions ASN1_STRING_print_ex() and X509_NAME_print_ex() these print out strings and name structures based on various flags including RFC2253 support and proper handling of - multibyte characters. Added options to the 'x509' utility + multibyte characters. Added options to the 'x509' utility to allow the various flags to be set. [Steve Henson] @@ -9560,7 +10014,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k to check that it worked correctly is to look in obj_dat.h and check the array nid_objs and make sure the objects haven't moved around (this is important!). Additions are OK, as well as - consistent name changes. + consistent name changes. [Richard Levitte] *) Add BSD-style MD5-based passwords to 'openssl passwd' (option '-1'). @@ -9584,9 +10038,9 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k added extra typesafe functions: these no longer exist. [Steve Henson] - *) Reorganisation of the stack code. The macros are now all + *) Reorganisation of the stack code. The macros are now all collected in safestack.h . Each macro is defined in terms of - a "stack macro" of the form SKM_(type, a, b). The + a "stack macro" of the form SKM_(type, a, b). The DEBUG_SAFESTACK is now handled in terms of function casts, this has the advantage of retaining type safety without the use of additional functions. If DEBUG_SAFESTACK is not defined @@ -9604,7 +10058,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k new functions i2d_RSA_NET(), d2i_RSA_NET() etc which are the same as the old Netscape_RSA functions except they have an additional 'sgckey' parameter which uses the modified algorithm. Also added - an -sgckey command line option to the rsa utility. Thanks to + an -sgckey command line option to the rsa utility. Thanks to Adrian Peck for posting details of the modified algorithm to openssl-dev. [Steve Henson] @@ -9616,7 +10070,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) New X509_get1_email() and X509_REQ_get1_email() functions that return a STACK of email addresses from a certificate or request, these look - in the subject name and the subject alternative name extensions and + in the subject name and the subject alternative name extensions and omit any duplicate addresses. [Steve Henson] @@ -9848,7 +10302,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k ] *) Fix for HMAC. It wasn't zeroing the rest of the block if the key length - was larger than the MD block size. + was larger than the MD block size. [Steve Henson, pointed out by Yost William ] *) Modernise PKCS12_parse() so it uses STACK_OF(X509) for its ca argument @@ -9889,7 +10343,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k ssl_cert_dup, which is used by SSL_new, now copies DH keys in addition to parameters -- in previous versions (since OpenSSL 0.9.3) the 'default key' from SSL_CTX_set_tmp_dh would always be lost, meaning - you effectivly got SSL_OP_SINGLE_DH_USE when using this macro. + you effectively got SSL_OP_SINGLE_DH_USE when using this macro. [Bodo Moeller] *) New s_client option -ign_eof: EOF at stdin is ignored, and @@ -9983,7 +10437,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Add an optional second argument to the set_label() in the perl assembly language builder. If this argument exists and is set - to 1 it signals that the assembler should use a symbol whose + to 1 it signals that the assembler should use a symbol whose scope is the entire file, not just the current function. This is needed with MASM which uses the format label:: for this scope. [Steve Henson, pointed out by Peter Runestig ] @@ -10108,7 +10562,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) ./config recognizes MacOS X now. [Andy Polyakov] - *) Bug fix for BN_div() when the first words of num and divsor are + *) Bug fix for BN_div() when the first words of num and divisor are equal (it gave wrong results if (rem=(n1-q*d0)&BN_MASK2) < d0). [Ulf Möller] @@ -10146,7 +10600,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Source code cleanups: use const where appropriate, eliminate casts, use void * instead of char * in lhash. - [Ulf Möller] + [Ulf Möller] *) Bugfix: ssl3_send_server_key_exchange was not restartable (the state was not changed to SSL3_ST_SW_KEY_EXCH_B, and because of @@ -10171,7 +10625,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k loop rather than for the current invocation of the inner loop. DSA_generate_parameters additionally can call the callback function with an 'iteration count' of -1, meaning that a - candidate has passed the trial division test (when q is generated + candidate has passed the trial division test (when q is generated from an application-provided seed, trial division is skipped). [Bodo Moeller] @@ -10280,7 +10734,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Add missing #ifndefs that caused missing symbols when building libssl as a shared library without RSA. Use #ifndef NO_SSL2 instead of - NO_RSA in ssl/s2*.c. + NO_RSA in ssl/s2*.c. [Kris Kennaway , modified by Ulf Möller] *) Precautions against using the PRNG uninitialized: RAND_bytes() now @@ -10322,9 +10776,9 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Honor the no-xxx Configure options when creating .DEF files. [Ulf Möller] - *) Add PKCS#10 attributes to field table: challengePassword, + *) Add PKCS#10 attributes to field table: challengePassword, unstructuredName and unstructuredAddress. These are taken from - draft PKCS#9 v2.0 but are compatible with v1.2 provided no + draft PKCS#9 v2.0 but are compatible with v1.2 provided no international characters are used. More changes to X509_ATTRIBUTE code: allow the setting of types @@ -10476,9 +10930,9 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k With these changes, a new set of functions and macros have appeared: - CRYPTO_set_mem_debug_functions() [F] + CRYPTO_set_mem_debug_functions() [F] CRYPTO_get_mem_debug_functions() [F] - CRYPTO_dbg_set_options() [F] + CRYPTO_dbg_set_options() [F] CRYPTO_dbg_get_options() [F] CRYPTO_malloc_debug_init() [M] @@ -10491,7 +10945,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k debugging functions are used, CRYPTO_dbg_set_options can be used to request additional information: CRYPTO_dbg_set_options(V_CYRPTO_MDEBUG_xxx) corresponds to setting - the CRYPTO_MDEBUG_xxx macro when compiling the library. + the CRYPTO_MDEBUG_xxx macro when compiling the library. Also, things like CRYPTO_set_mem_functions will always give the expected result (the new set of functions is used for allocation @@ -10634,7 +11088,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k other than PKCS#8 should be dumped: but the other formats have to stay in the name of compatibility. - With public keys and the benefit of hindsight one standard format + With public keys and the benefit of hindsight one standard format is used which works with EVP_PKEY, RSA or DSA structures: though it clearly returns an error if you try to read the wrong kind of key. @@ -10751,7 +11205,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k will also read in any additional "auxiliary information". By doing things this way a fair degree of compatibility can be retained: existing certificates can have this information added - using the new 'x509' options. + using the new 'x509' options. Current auxiliary information includes an "alias" and some trust settings. The trust settings will ultimately be used in enhanced @@ -10767,7 +11221,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k performance improvement for 1024 bit RSA signs. [Mark Cox] - *) Hack to fix PKCS#7 decryption when used with some unorthodox RC2 + *) Hack to fix PKCS#7 decryption when used with some unorthodox RC2 handling. Most clients have the effective key size in bits equal to the key length in bits: so a 40 bit RC2 key uses a 40 bit (5 byte) key. A few however don't do this and instead use the size of the decrypted key @@ -10779,7 +11233,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k the key length and effective key length are equal. [Steve Henson] - *) Add a bunch of functions that should simplify the creation of + *) Add a bunch of functions that should simplify the creation of X509_NAME structures. Now you should be able to do: X509_NAME_add_entry_by_txt(nm, "CN", MBSTRING_ASC, "Steve", -1, -1, 0); and have it automatically work out the correct field type and fill in @@ -10812,7 +11266,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Use the random seed file in some applications that previously did not: ca, - dsaparam -genkey (which also ignored its '-rand' option), + dsaparam -genkey (which also ignored its '-rand' option), s_client, s_server, x509 (when signing). @@ -10849,7 +11303,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Add various functions that can check a certificate's extensions to see if it usable for various purposes such as SSL client, - server or S/MIME and CAs of these types. This is currently + server or S/MIME and CAs of these types. This is currently VERY EXPERIMENTAL but will ultimately be used for certificate chain verification. Also added a -purpose flag to x509 utility to print out all the purposes. @@ -11022,7 +11476,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k provides hooks that allow the default DSA functions or functions on a "per key" basis to be replaced. This allows hardware acceleration and hardware key storage to be handled without major modification to the - library. Also added low level modexp hooks and CRYPTO_EX structure and + library. Also added low level modexp hooks and CRYPTO_EX structure and associated functions. [Steve Henson] @@ -11067,7 +11521,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Bodo Moeller] Changes between 0.9.3a and 0.9.4 [09 Aug 1999] - + *) Install libRSAglue.a when OpenSSL is built with RSAref. [Ralf S. Engelschall] @@ -11156,7 +11610,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k delete an unused file. [Ulf Möller] - *) Add support for the the free Netwide assembler (NASM) under Win32, + *) Add support for the free Netwide assembler (NASM) under Win32, since not many people have MASM (ml) and it can be hard to obtain. This is currently experimental but it seems to work OK and pass all the tests. Check out INSTALL.W32 for info. @@ -11172,7 +11626,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k for verifying the consistency of RSA keys. [Ulf Moeller, Bodo Moeller] - *) Various changes to make Win32 compile work: + *) Various changes to make Win32 compile work: 1. Casts to avoid "loss of data" warnings in p5_crpt2.c 2. Change unsigned int to int in b_dump.c to avoid "signed/unsigned comparison" warnings. @@ -11196,7 +11650,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Omitting parameters is no longer recommended. The test was also the wrong way round! This was probably due to unusual behaviour in - EVP_cmp_parameters() which returns 1 if the parameters match. + EVP_cmp_parameters() which returns 1 if the parameters match. This meant that parameters were omitted when they *didn't* match and the certificate was useless. Certificates signed with 'ca' didn't have this bug. @@ -11273,7 +11727,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Complete the PEM_* macros with DECLARE_PEM versions to replace the function prototypes in pem.h, also change util/mkdef.pl to add the - necessary function names. + necessary function names. [Steve Henson] *) mk1mf.pl (used by Windows builds) did not properly read the @@ -11313,7 +11767,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Add initial documentation of the X509V3 functions. [Steve Henson] - *) Add a new pair of functions PEM_write_PKCS8PrivateKey() and + *) Add a new pair of functions PEM_write_PKCS8PrivateKey() and PEM_write_bio_PKCS8PrivateKey() that are equivalent to PEM_write_PrivateKey() and PEM_write_bio_PrivateKey() but use the more secure PKCS#8 private key format with a high iteration count. @@ -11455,11 +11909,11 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Changes between 0.9.2b and 0.9.3 [24 May 1999] *) Bignum library bug fix. IRIX 6 passes "make test" now! - This also avoids the problems with SC4.2 and unpatched SC5. + This also avoids the problems with SC4.2 and unpatched SC5. [Andy Polyakov ] *) New functions sk_num, sk_value and sk_set to replace the previous macros. - These are required because of the typesafe stack would otherwise break + These are required because of the typesafe stack would otherwise break existing code. If old code used a structure member which used to be STACK and is now STACK_OF (for example cert in a PKCS7_SIGNED structure) with sk_num or sk_value it would produce an error because the num, data members @@ -11520,7 +11974,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Fix various things to let OpenSSL even pass ``egcc -pipe -O2 -Wall -Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes - -Wmissing-declarations -Wnested-externs -Winline'' with EGCS 1.1.2+ + -Wmissing-declarations -Wnested-externs -Winline'' with EGCS 1.1.2+ [Ralf S. Engelschall] *) Various fixes to the EVP and PKCS#7 code. It may now be able to @@ -11541,7 +11995,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k in different behaviour than observed with earlier library versions: Changing settings for an SSL_CTX *ctx after having done s = SSL_new(ctx) does not influence s as it used to. - + In order to clean up things more thoroughly, inside SSL_SESSION we don't use CERT any longer, but a new structure SESS_CERT that holds per-session data (if available); currently, this is @@ -11589,7 +12043,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Update HPUX configuration. [Anonymous] - + *) Add missing sk__unshift() function to safestack.h [Ralf S. Engelschall] @@ -11693,11 +12147,11 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Fix lots of warnings. [Richard Levitte ] - + *) In add_cert_dir() in crypto/x509/by_dir.c, break out of the loop if the directory spec didn't end with a LIST_SEPARATOR_CHAR. [Richard Levitte ] - + *) Fix problems with sizeof(long) == 8. [Andy Polyakov ] @@ -11781,7 +12235,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Bugfix: In test/testenc, don't test "openssl " for ciphers that were excluded, e.g. by -DNO_IDEA. Also, test - all available cipers including rc5, which was forgotten until now. + all available ciphers including rc5, which was forgotten until now. In order to let the testing shell script know which algorithms are available, a new (up to now undocumented) command "openssl list-cipher-commands" is used. @@ -11808,7 +12262,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) New config option to avoid instructions that are illegal on the 80386. The default code is faster, but requires at least a 486. [Ulf Möller] - + *) Got rid of old SSL2_CLIENT_VERSION (inconsistently used) and SSL2_SERVER_VERSION (not used at all) macros, which are now the same as SSL2_VERSION anyway. @@ -11851,8 +12305,8 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k OAEP isn't supported when OpenSSL is built with RSAref. [Ulf Moeller ] - *) Move definitions of IS_SET/IS_SEQUENCE inside crypto/asn1/asn1.h - so they no longer are missing under -DNOPROTO. + *) Move definitions of IS_SET/IS_SEQUENCE inside crypto/asn1/asn1.h + so they no longer are missing under -DNOPROTO. [Soren S. Jorvang ] @@ -12009,14 +12463,14 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Ben Laurie] *) Add a bunch of fixes to the PKCS#7 stuff. It used to sometimes reorder - signed attributes when verifying signatures (this would break them), + signed attributes when verifying signatures (this would break them), the detached data encoding was wrong and public keys obtained using X509_get_pubkey() weren't freed. [Steve Henson] *) Add text documentation for the BUFFER functions. Also added a work around to a Win95 console bug. This was triggered by the password read stuff: the - last character typed gets carried over to the next fread(). If you were + last character typed gets carried over to the next fread(). If you were generating a new cert request using 'req' for example then the last character of the passphrase would be CR which would then enter the first field as blank. @@ -12025,7 +12479,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Added the new `Includes OpenSSL Cryptography Software' button as doc/openssl_button.{gif,html} which is similar in style to the old SSLeay button and can be used by applications based on OpenSSL to show the - relationship to the OpenSSL project. + relationship to the OpenSSL project. [Ralf S. Engelschall] *) Remove confusing variables in function signatures in files @@ -12056,7 +12510,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k See http://www.stack.nl/~dimitri/doxygen/index.html, and run doxygen with openssl.doxy as the configuration file. [Ben Laurie] - + *) Get rid of remaining C++-style comments which strict C compilers hate. [Ralf S. Engelschall, pointed out by Carlos Amengual] @@ -12069,12 +12523,12 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k their SSL_CTX_xxx() counterparts but work on a per-connection basis. This is needed for applications which have to configure certificates on a per-connection basis (e.g. Apache+mod_ssl) instead of a per-context basis - (e.g. s_server). + (e.g. s_server). For the RSA certificate situation is makes no difference, but for the DSA certificate situation this fixes the "no shared cipher" problem where the OpenSSL cipher selection procedure failed because the temporary keys were not overtaken from the context and the API provided - no way to reconfigure them. + no way to reconfigure them. The new functions now let applications reconfigure the stuff and they are in detail: SSL_need_tmp_RSA, SSL_set_tmp_rsa, SSL_set_tmp_dh, SSL_set_tmp_rsa_callback and SSL_set_tmp_dh_callback. Additionally a new @@ -12221,7 +12675,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k message is now correct (it understands "crypto" and "ssl" on its command line). There is also now an "update" option. This will update the util/ssleay.num and util/libeay.num files with any new functions. - If you do a: + If you do a: perl util/mkdef.pl crypto ssl update it will update them. [Steve Henson] @@ -12272,7 +12726,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Fixed ms/32all.bat script: `no_asm' -> `no-asm' [Rainer W. Gerling ] - + *) New program nseq to manipulate netscape certificate sequences [Steve Henson] @@ -12327,7 +12781,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Spelling mistake in C version of CAST-128. [Ben Laurie, reported by Jeremy Hylton ] - *) Changes to the error generation code. The perl script err-code.pl + *) Changes to the error generation code. The perl script err-code.pl now reads in the old error codes and retains the old numbers, only adding new ones if necessary. It also only changes the .err files if new codes are added. The makefiles have been modified to only insert errors @@ -12379,7 +12833,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) The function OBJ_txt2nid was broken. It was supposed to return a nid based on a text string, looking up short and long names and finally "dot" format. The "dot" format stuff didn't work. Added new function - OBJ_txt2obj to do the same but return an ASN1_OBJECT and rewrote + OBJ_txt2obj to do the same but return an ASN1_OBJECT and rewrote OBJ_txt2nid to use it. OBJ_txt2obj can also return objects even if the OID is not part of the table. [Steve Henson] @@ -12473,7 +12927,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Fix renumbering bug in X509_NAME_delete_entry(). [Ben Laurie] - *) Enhanced the err-ins.pl script so it makes the error library number + *) Enhanced the err-ins.pl script so it makes the error library number global and can add a library name. This is needed for external ASN1 and other error libraries. [Steve Henson] @@ -12481,7 +12935,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Fixed sk_insert which never worked properly. [Steve Henson] - *) Fix ASN1 macros so they can handle indefinite length constructed + *) Fix ASN1 macros so they can handle indefinite length constructed EXPLICIT tags. Some non standard certificates use these: they can now be read in. [Steve Henson] @@ -12526,10 +12980,10 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Changes between 0.9.1b and 0.9.1c [23-Dec-1998] - *) Added OPENSSL_VERSION_NUMBER to crypto/crypto.h and + *) Added OPENSSL_VERSION_NUMBER to crypto/crypto.h and changed SSLeay to OpenSSL in version strings. [Ralf S. Engelschall] - + *) Some fixups to the top-level documents. [Paul Sutton] @@ -12537,7 +12991,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k because the symlink to include/ was missing. [Ralf S. Engelschall] - *) Incorporated the popular no-RSA/DSA-only patches + *) Incorporated the popular no-RSA/DSA-only patches which allow to compile a RSA-free SSLeay. [Andrew Cooke / Interrader Ldt., Ralf S. Engelschall] @@ -12545,7 +12999,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k when "ssleay" is still not found. [Ralf S. Engelschall] - *) Added more platforms to Configure: Cray T3E, HPUX 11, + *) Added more platforms to Configure: Cray T3E, HPUX 11, [Ralf S. Engelschall, Beckmann ] *) Updated the README file. @@ -12561,13 +13015,13 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Cleaned up the top-level documents; o new files: CHANGES and LICENSE - o merged VERSION, HISTORY* and README* files a CHANGES.SSLeay + o merged VERSION, HISTORY* and README* files a CHANGES.SSLeay o merged COPYRIGHT into LICENSE o removed obsolete TODO file o renamed MICROSOFT to INSTALL.W32 [Ralf S. Engelschall] - *) Removed dummy files from the 0.9.1b source tree: + *) Removed dummy files from the 0.9.1b source tree: crypto/asn1/x crypto/bio/cd crypto/bio/fg crypto/bio/grep crypto/bio/vi crypto/bn/asm/......add.c crypto/bn/asm/a.out crypto/dsa/f crypto/md5/f crypto/pem/gmon.out crypto/perlasm/f crypto/pkcs7/build crypto/rsa/f @@ -12583,7 +13037,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Young and Tim J. Hudson created while they were working for C2Net until summer 1998. [The OpenSSL Project] - + Changes between 0.9.0b and 0.9.1b [not released] @@ -12593,17 +13047,17 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Changed some BIGNUM api stuff. [Eric A. Young] - *) Various platform ports: OpenBSD, Ultrix, IRIX 64bit, NetBSD, + *) Various platform ports: OpenBSD, Ultrix, IRIX 64bit, NetBSD, DGUX x86, Linux Alpha, etc. [Eric A. Young] - *) New COMP library [crypto/comp/] for SSL Record Layer Compression: + *) New COMP library [crypto/comp/] for SSL Record Layer Compression: RLE (dummy implemented) and ZLIB (really implemented when ZLIB is available). [Eric A. Young] - *) Add -strparse option to asn1pars program which parses nested - binary structures + *) Add -strparse option to asn1pars program which parses nested + binary structures [Dr Stephen Henson ] *) Added "oid_file" to ssleay.cnf for "ca" and "req" programs. @@ -12682,7 +13136,6 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Fixed various code and comment typos. [Eric A. Young] - *) A minor bug in ssl/s3_clnt.c where there would always be 4 0 + *) A minor bug in ssl/s3_clnt.c where there would always be 4 0 bytes sent in the client random. [Edward Bishop ] - diff --git a/deps/openssl/openssl/CONTRIBUTING b/deps/openssl/openssl/CONTRIBUTING index a6977b8117fe08..c0eed39e34b290 100644 --- a/deps/openssl/openssl/CONTRIBUTING +++ b/deps/openssl/openssl/CONTRIBUTING @@ -50,8 +50,9 @@ guidelines: test/README for information on the test framework. 6. New features or changed functionality must include - documentation. Please look at the "pod" files in doc for - examples of our style. + documentation. Please look at the "pod" files in doc/man[1357] for + examples of our style. Run "make doc-nits" to make sure that your + documentation changes are clean. 7. For user visible changes (API changes, behaviour changes, ...), consider adding a note in CHANGES. This could be a summarising diff --git a/deps/openssl/openssl/Configurations/00-base-templates.conf b/deps/openssl/openssl/Configurations/00-base-templates.conf index 8503c2f348c7aa..8555ba158baf7b 100644 --- a/deps/openssl/openssl/Configurations/00-base-templates.conf +++ b/deps/openssl/openssl/Configurations/00-base-templates.conf @@ -1,14 +1,21 @@ # -*- Mode: perl -*- -%targets=( +my %targets=( DEFAULTS => { template => 1, cflags => "", + cppflags => "", + lflags => "", defines => [], + includes => [], + lib_cflags => "", + lib_cppflags => "", + lib_defines => [], thread_scheme => "(unknown)", # Assume we don't know thread_defines => [], apps_aux_src => "", + apps_init_src => "", cpuid_asm_src => "mem_clr.c", uplink_aux_src => "", bn_asm_src => "bn_asm.c", @@ -27,6 +34,7 @@ padlock_asm_src => "", chacha_asm_src => "chacha_enc.c", poly1305_asm_src => "", + keccak1600_asm_src => "keccak1600.c", unistd => "", shared_target => "", @@ -36,12 +44,30 @@ shared_rcflag => "", shared_extension => "", - build_scheme => [ "unified", "unix" ], - build_file => "Makefile", + #### Defaults for the benefit of the config targets who don't inherit + #### a BASE and assume Unix defaults + #### THESE WILL DISAPPEAR IN OpenSSL 1.2 + build_scheme => [ "unified", "unix" ], + build_file => "Makefile", + + AR => "ar", + ARFLAGS => "r", + CC => "cc", + HASHBANGPERL => "/usr/bin/env perl", + RANLIB => sub { which("$config{cross_compile_prefix}ranlib") + ? "ranlib" : "" }, + RC => "windres", + + #### THESE WILL BE ENABLED IN OpenSSL 1.2 + #HASHBANGPERL => "PERL", # Only Unix actually cares }, BASE_common => { template => 1, + + enable => [], + disable => [], + defines => sub { my @defs = (); @@ -49,24 +75,32 @@ push @defs, "ZLIB_SHARED" unless $disabled{"zlib-dynamic"}; return [ @defs ]; }, + includes => + sub { + my @incs = (); + push @incs, $withargs{zlib_include} + if !$disabled{zlib} && $withargs{zlib_include}; + return [ @incs ]; + }, }, BASE_unix => { inherit_from => [ "BASE_common" ], template => 1, + AR => "ar", + ARFLAGS => "r", + CC => "cc", + lflags => + sub { $withargs{zlib_lib} ? "-L".$withargs{zlib_lib} : () }, ex_libs => - sub { - unless ($disabled{zlib}) { - if (defined($disabled{"zlib-dynamic"})) { - if (defined($withargs{zlib_lib})) { - return "-L".$withargs{zlib_lib}." -lz"; - } else { - return "-lz"; - } - } - } - return (); }, + sub { !defined($disabled{zlib}) + && defined($disabled{"zlib-dynamic"}) + ? "-lz" : () }, + HASHBANGPERL => "/usr/bin/env perl", # Only Unix actually cares + RANLIB => sub { which("$config{cross_compile_prefix}ranlib") + ? "ranlib" : "" }, + RC => "windres", shared_extension => ".so", @@ -78,6 +112,15 @@ inherit_from => [ "BASE_common" ], template => 1, + lib_defines => + sub { + my @defs = (); + unless ($disabled{"zlib-dynamic"}) { + my $zlib = $withargs{zlib_lib} // "ZLIB1"; + push @defs, 'LIBZ=' . (quotify("perl", $zlib))[0]; + } + return [ @defs ]; + }, ex_libs => sub { unless ($disabled{zlib}) { @@ -88,16 +131,16 @@ return (); }, - ld => "link", - lflags => "/nologo", - loutflag => "/out:", - ar => "lib", - arflags => "/nologo", + LD => "link", + LDFLAGS => "/nologo", + ldoutflag => "/out:", + AR => "lib", + ARFLAGS => "/nologo", aroutflag => "/out:", - rc => "rc", + RC => "rc", rcoutflag => "/fo", - mt => "mt", - mtflags => "-nologo", + MT => "mt", + MTFLAGS => "-nologo", mtinflag => "-manifest ", mtoutflag => "-outputresource:", @@ -111,6 +154,16 @@ inherit_from => [ "BASE_common" ], template => 1, + includes => + add(sub { + my @incs = (); + # GNV$ZLIB_INCLUDE is the standard logical name for later + # zlib incarnations. + push @incs, 'GNV$ZLIB_INCLUDE:' + if !$disabled{zlib} && !$withargs{zlib_include}; + return [ @incs ]; + }), + shared_extension => ".exe", build_file => "descrip.mms", @@ -119,7 +172,7 @@ uplink_common => { template => 1, - apps_aux_src => add("../ms/applink.c"), + apps_init_src => add("../ms/applink.c"), uplink_aux_src => add("../ms/uplink.c"), defines => add("OPENSSL_USE_APPLINK"), }, @@ -169,7 +222,7 @@ template => 1, cpuid_asm_src => "x86_64cpuid.s", bn_asm_src => "asm/x86_64-gcc.c x86_64-mont.s x86_64-mont5.s x86_64-gf2m.s rsaz_exp.c rsaz-x86_64.s rsaz-avx2.s", - ec_asm_src => "ecp_nistz256.c ecp_nistz256-x86_64.s", + ec_asm_src => "ecp_nistz256.c ecp_nistz256-x86_64.s x25519-x86_64.s", aes_asm_src => "aes-x86_64.s vpaes-x86_64.s bsaes-x86_64.s aesni-x86_64.s aesni-sha1-x86_64.s aesni-sha256-x86_64.s aesni-mb-x86_64.s", md5_asm_src => "md5-x86_64.s", sha1_asm_src => "sha1-x86_64.s sha256-x86_64.s sha512-x86_64.s sha1-mb-x86_64.s sha256-mb-x86_64.s", @@ -180,15 +233,14 @@ padlock_asm_src => "e_padlock-x86_64.s", chacha_asm_src => "chacha-x86_64.s", poly1305_asm_src=> "poly1305-x86_64.s", + keccak1600_asm_src => "keccak1600-x86_64.s", }, ia64_asm => { template => 1, cpuid_asm_src => "ia64cpuid.s", bn_asm_src => "bn-ia64.s ia64-mont.s", aes_asm_src => "aes_core.c aes_cbc.c aes-ia64.s", - md5_asm_src => "md5-ia64.s", sha1_asm_src => "sha1-ia64.s sha256-ia64.s sha512-ia64.s", - rc4_asm_src => "rc4-ia64.s rc4_skey.c", modes_asm_src => "ghash-ia64.s", perlasm_scheme => "void" }, @@ -223,7 +275,7 @@ }, mips32_asm => { template => 1, - bn_asm_src => "bn-mips.s mips-mont.s", + bn_asm_src => "bn-mips.S mips-mont.S", aes_asm_src => "aes_cbc.c aes-mips.S", sha1_asm_src => "sha1-mips.S sha256-mips.S", }, @@ -243,6 +295,7 @@ modes_asm_src => "ghash-s390x.S", chacha_asm_src => "chacha-s390x.S", poly1305_asm_src=> "poly1305-s390x.S", + keccak1600_asm_src => "keccak1600-s390x.S", }, armv4_asm => { template => 1, @@ -254,6 +307,7 @@ modes_asm_src => "ghash-armv4.S ghashv8-armx.S", chacha_asm_src => "chacha-armv4.S", poly1305_asm_src=> "poly1305-armv4.S", + keccak1600_asm_src => "keccak1600-armv4.S", perlasm_scheme => "void" }, aarch64_asm => { @@ -266,6 +320,7 @@ modes_asm_src => "ghashv8-armx.S", chacha_asm_src => "chacha-armv8.S", poly1305_asm_src=> "poly1305-armv8.S", + keccak1600_asm_src => "keccak1600-armv8.S", }, parisc11_asm => { template => 1, @@ -282,18 +337,20 @@ inherit_from => [ "parisc11_asm" ], perlasm_scheme => "64", }, - ppc64_asm => { + ppc32_asm => { template => 1, cpuid_asm_src => "ppccpuid.s ppccap.c", - bn_asm_src => "bn-ppc.s ppc-mont.s ppc64-mont.s", + bn_asm_src => "bn-ppc.s ppc-mont.s", aes_asm_src => "aes_core.c aes_cbc.c aes-ppc.s vpaes-ppc.s aesp8-ppc.s", sha1_asm_src => "sha1-ppc.s sha256-ppc.s sha512-ppc.s sha256p8-ppc.s sha512p8-ppc.s", modes_asm_src => "ghashp8-ppc.s", chacha_asm_src => "chacha-ppc.s", poly1305_asm_src=> "poly1305-ppc.s poly1305-ppcfp.s", }, - ppc32_asm => { - inherit_from => [ "ppc64_asm" ], - template => 1 + ppc64_asm => { + inherit_from => [ "ppc32_asm" ], + template => 1, + ec_asm_src => "ecp_nistz256.c ecp_nistz256-ppc64.s x25519-ppc64.s", + keccak1600_asm_src => "keccak1600-ppc64.s", }, ); diff --git a/deps/openssl/openssl/Configurations/10-main.conf b/deps/openssl/openssl/Configurations/10-main.conf index 6c05c2809f1848..5cf345da0af09a 100644 --- a/deps/openssl/openssl/Configurations/10-main.conf +++ b/deps/openssl/openssl/Configurations/10-main.conf @@ -6,16 +6,20 @@ my $vc_win64a_info = {}; sub vc_win64a_info { unless (%$vc_win64a_info) { if (`nasm -v 2>NUL` =~ /NASM version ([0-9]+\.[0-9]+)/ && $1 >= 2.0) { - $vc_win64a_info = { as => "nasm", - asflags => "-f win64 -DNEAR -Ox -g", - asoutflag => "-o" }; + $vc_win64a_info = { AS => "nasm", + ASFLAGS => "-g", + asflags => "-Ox -f win64 -DNEAR", + asoutflag => "-o " }; } elsif ($disabled{asm}) { - $vc_win64a_info = { as => "ml64", - asflags => "/c /Cp /Cx /Zi", + # assembler is still used to compile uplink shim + $vc_win64a_info = { AS => "ml64", + ASFLAGS => "/nologo /Zi", + asflags => "/c /Cp /Cx", asoutflag => "/Fo" }; } else { $die->("NASM not found - make sure it's installed and available on %PATH%\n"); - $vc_win64a_info = { as => "{unknown}", + $vc_win64a_info = { AS => "{unknown}", + ASFLAGS => "", asflags => "", asoutflag => "" }; } @@ -29,18 +33,22 @@ sub vc_win32_info { my $ver=`nasm -v 2>NUL`; my $vew=`nasmw -v 2>NUL`; if ($ver ne "" || $vew ne "") { - $vc_win32_info = { as => $ver ge $vew ? "nasm" : "nasmw", + $vc_win32_info = { AS => $ver ge $vew ? "nasm" : "nasmw", + ASFLAGS => "", asflags => "-f win32", - asoutflag => "-o", + asoutflag => "-o ", perlasm_scheme => "win32n" }; } elsif ($disabled{asm}) { - $vc_win32_info = { as => "ml", - asflags => "/nologo /Cp /coff /c /Cx /Zi", + # not actually used, uplink shim is inlined into C code + $vc_win32_info = { AS => "ml", + ASFLAGS => "/nologo /Zi", + asflags => "/Cp /coff /c /Cx", asoutflag => "/Fo", perlasm_scheme => "win32" }; } else { $die->("NASM not found - make sure it's installed and available on %PATH%\n"); - $vc_win32_info = { as => "{unknown}", + $vc_win32_info = { AS => "{unknown}", + ASFLAGS => "", asflags => "", asoutflag => "", perlasm_scheme => "win32" }; @@ -53,14 +61,14 @@ my $vc_wince_info = {}; sub vc_wince_info { unless (%$vc_wince_info) { # sanity check - $die->('%OSVERSION% is not defined') if (!defined($ENV{'OSVERSION'})); - $die->('%PLATFORM% is not defined') if (!defined($ENV{'PLATFORM'})); - $die->('%TARGETCPU% is not defined') if (!defined($ENV{'TARGETCPU'})); + $die->('%OSVERSION% is not defined') if (!defined(env('OSVERSION'))); + $die->('%PLATFORM% is not defined') if (!defined(env('PLATFORM'))); + $die->('%TARGETCPU% is not defined') if (!defined(env('TARGETCPU'))); # # Idea behind this is to mimic flags set by eVC++ IDE... # - my $wcevers = $ENV{'OSVERSION'}; # WCENNN + my $wcevers = env('OSVERSION'); # WCENNN my $wcevernum; my $wceverdotnum; if ($wcevers =~ /^WCE([1-9])([0-9]{2})$/) { @@ -74,12 +82,12 @@ sub vc_wince_info { my $wcecdefs = "-D_WIN32_WCE=$wcevernum -DUNDER_CE=$wcevernum"; # -D_WIN32_WCE=NNN my $wcelflag = "/subsystem:windowsce,$wceverdotnum"; # ...,N.NN - my $wceplatf = $ENV{'PLATFORM'}; + my $wceplatf = env('PLATFORM'); $wceplatf =~ tr/a-z0-9 /A-Z0-9_/; $wcecdefs .= " -DWCE_PLATFORM_$wceplatf"; - my $wcetgt = $ENV{'TARGETCPU'}; # just shorter name... + my $wcetgt = env('TARGETCPU'); # just shorter name... SWITCH: for($wcetgt) { /^X86/ && do { $wcecdefs.=" -Dx86 -D_X86_ -D_i386_ -Di_386_"; $wcelflag.=" /machine:X86"; last; }; @@ -107,7 +115,7 @@ sub vc_wince_info { $wcelflag.=" /machine:$wcetgt"; last; }; } - $vc_wince_info = { cflags => $wcecdefs, + $vc_wince_info = { cppflags => $wcecdefs, lflags => $wcelflag }; } return $vc_wince_info; @@ -116,13 +124,19 @@ sub vc_wince_info { # Helper functions for the VMS configs my $vms_info = {}; sub vms_info { - unless (%$vms_info) { - my $pointer_size = shift; - my $pointer_size_str = $pointer_size == 0 ? "" : "$pointer_size"; + my $pointer_size_str = $config{target} =~ m|-p(\d+)$| ? $1 : ""; + + # For the case where Configure iterate through all config targets, such + # as when listing them and their details, we reset info if the pointer + # size changes. + if (%$vms_info && $vms_info->{pointer_size} ne $pointer_size_str) { + $vms_info = {}; + } + unless (%$vms_info) { $vms_info->{disable_warns} = [ ]; $vms_info->{pointer_size} = $pointer_size_str; - if ($pointer_size == 64) { + if ($pointer_size_str eq "64") { `PIPE CC /NOCROSS_REFERENCE /NOLIST /NOOBJECT /WARNINGS = DISABLE = ( MAYLOSEDATA3, EMPTYFILE ) NL: 2> NL:`; if ($? == 0) { push @{$vms_info->{disable_warns}}, "MAYLOSEDATA3"; @@ -140,36 +154,51 @@ sub vms_info { $vms_info->{def_zlib} =~ s|/.*$||g; } } + + if ($config{target} =~ /-ia64/) { + `PIPE ias -H 2> NL:`; + if ($? == 0) { + $vms_info->{AS} = "ias"; + $vms_info->{ASFLAGS} = '-d debug'; + $vms_info->{asflags} = '"-N" vms_upcase'; + $vms_info->{asoutflag} = "-o "; + $vms_info->{perlasm_scheme} = "ias"; + } + } } return $vms_info; } -%targets = ( +my %targets = ( #### Basic configs that should work on any 32-bit box "gcc" => { - cc => "gcc", - cflags => picker(debug => "-O0 -g", + inherit_from => [ "BASE_unix" ], + CC => "gcc", + CFLAGS => picker(debug => "-O0 -g", release => "-O3"), thread_scheme => "(unknown)", bn_ops => "BN_LLONG", }, "cc" => { - cc => "cc", - cflags => "-O", + inherit_from => [ "BASE_unix" ], + CC => "cc", + CFLAGS => "-O", thread_scheme => "(unknown)", }, #### VOS Configurations "vos-gcc" => { inherit_from => [ "BASE_unix" ], - cc => "gcc", - cflags => picker(default => "-Wall -DOPENSSL_SYS_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN", + CC => "gcc", + CFLAGS => picker(default => "-Wall", debug => "-O0 -g", release => "-O3"), + cppflags => "-D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES", + lib_cppflags => "-DB_ENDIAN", thread_scheme => "(unknown)", sys_id => "VOS", - lflags => "-Wl,-map", + lflags => add("-Wl,-map"), bn_ops => "BN_LLONG", shared_extension => ".so", }, @@ -178,36 +207,32 @@ sub vms_info { "solaris-common" => { inherit_from => [ "BASE_unix" ], template => 1, - cflags => "-DFILIO_H", + lib_cppflags => "-DFILIO_H", ex_libs => add("-lsocket -lnsl -ldl"), dso_scheme => "dlfcn", thread_scheme => "pthreads", - shared_target => "solaris-shared", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + shared_target => "self", + shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", + shared_ldflag => "-Wl,-Bsymbolic", + shared_defflag => "-Wl,-M,", + shared_sonameflag=> "-Wl,-h,", }, #### Solaris x86 with GNU C setups "solaris-x86-gcc" => { # NB. GNU C has to be configured to use GNU assembler, and not # /usr/ccs/bin/as. Failure to comply will result in compile # failures [at least] in 32-bit build. - # [Above statement is in direct contradition with one below. - # Latter is kept, because it's formally inappropriate to - # modify compile flags in letter release.] - # -DOPENSSL_NO_INLINE_ASM switches off inline assembler. We have - # to do it here because whenever GNU C instantiates an assembler - # template it surrounds it with #APP #NO_APP comment pair which - # (at least Solaris 7_x86) /usr/ccs/bin/as fails to assemble - # with "Illegal mnemonic" error message. inherit_from => [ "solaris-common", asm("x86_elf_asm") ], - cc => "gcc", - cflags => add_before(picker(default => "-Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM", + CC => "gcc", + CFLAGS => add_before(picker(default => "-Wall", debug => "-O0 -g", - release => "-O3 -fomit-frame-pointer"), - threads("-pthread")), + release => "-O3 -fomit-frame-pointer")), + cflags => add(threads("-pthread")), + lib_cppflags => add("-DL_ENDIAN"), ex_libs => add(threads("-pthread")), bn_ops => "BN_LLONG", shared_cflag => "-fPIC", - shared_ldflag => "-shared -static-libgcc", + shared_ldflag => add_before("-shared -static-libgcc"), }, "solaris64-x86_64-gcc" => { # -shared -static-libgcc might appear controversial, but modules @@ -217,18 +242,19 @@ sub vms_info { # gcc shared build with Sun C. Given that gcc generates faster # code [thanks to inline assembler], I would actually recommend # to consider using gcc shared build even with vendor compiler:-) - # + # -- inherit_from => [ "solaris-common", asm("x86_64_asm") ], - cc => "gcc", - cflags => add_before(picker(default => "-m64 -Wall -DL_ENDIAN", + CC => "gcc", + CFLAGS => add_before(picker(default => "-Wall", debug => "-O0 -g", - release => "-O3"), - threads("-pthread")), + release => "-O3")), + cflags => add_before("-m64", threads("-pthread")), + lib_cppflags => add("-DL_ENDIAN"), ex_libs => add(threads("-pthread")), bn_ops => "SIXTY_FOUR_BIT_LONG", perlasm_scheme => "elf", shared_cflag => "-fPIC", - shared_ldflag => "-m64 -shared -static-libgcc", + shared_ldflag => add_before("-shared -static-libgcc"), multilib => "/64", }, @@ -247,33 +273,35 @@ sub vms_info { # "solaris64-x86_64-cc" => { inherit_from => [ "solaris-common", asm("x86_64_asm") ], - cc => "cc", - cflags => add_before(picker(default => "-xarch=generic64 -xstrconst -Xa -DL_ENDIAN", - debug => "-g", - release => "-xO5 -xdepend -xbuiltin"), - threads("-D_REENTRANT")), + CC => "cc", + CFLAGS => add_before(picker(debug => "-g", + release => "-xO5 -xdepend -xbuiltin")), + cflags => add_before("-xarch=generic64 -xstrconst -Xa"), + cppflags => add(threads("-D_REENTRANT")), + lib_cppflags => add("-DL_ENDIAN"), thread_scheme => "pthreads", - lflags => add("-xarch=generic64",threads("-mt")), + lflags => add(threads("-mt")), ex_libs => add(threads("-lpthread")), bn_ops => "SIXTY_FOUR_BIT_LONG", perlasm_scheme => "elf", shared_cflag => "-KPIC", - shared_ldflag => "-xarch=generic64 -G -dy -z text", + shared_ldflag => add_before("-G -dy -z text"), multilib => "/64", }, #### SPARC Solaris with GNU C setups "solaris-sparcv7-gcc" => { inherit_from => [ "solaris-common" ], - cc => "gcc", - cflags => add_before(picker(default => "-Wall -DB_ENDIAN -DBN_DIV2W", + CC => "gcc", + CFLAGS => add_before(picker(default => "-Wall", debug => "-O0 -g", - release => "-O3"), - threads("-pthread")), + release => "-O3")), + cflags => add(threads("-pthread")), + lib_cppflags => add("-DB_ENDIAN -DBN_DIV2W"), ex_libs => add(threads("-pthread")), bn_ops => "BN_LLONG RC4_CHAR", shared_cflag => "-fPIC", - shared_ldflag => "-shared", + shared_ldflag => add_before("-shared"), }, "solaris-sparcv8-gcc" => { inherit_from => [ "solaris-sparcv7-gcc", asm("sparcv8_asm") ], @@ -289,7 +317,6 @@ sub vms_info { inherit_from => [ "solaris-sparcv9-gcc" ], cflags => sub { my $f=join(" ",@_); $f =~ s/\-m32/-m64/; $f; }, bn_ops => "BN_LLONG RC4_CHAR", - shared_ldflag => "-m64 -shared", multilib => "/64", }, @@ -299,16 +326,17 @@ sub vms_info { # SC5.0 note: Compiler common patch 107357-01 or later is required! "solaris-sparcv7-cc" => { inherit_from => [ "solaris-common" ], - cc => "cc", - cflags => add_before(picker(default => "-xstrconst -Xa -DB_ENDIAN -DBN_DIV2W", - debug => "-g", - release => "-xO5 -xdepend"), - threads("-D_REENTRANT")), + CC => "cc", + CFLAGS => add_before(picker(debug => "-g", + release => "-xO5 -xdepend")), + cflags => add_before("-xstrconst -Xa"), + cppflags => add(threads("-D_REENTRANT")), + lib_cppflags => add("-DB_ENDIAN -DBN_DIV2W"), lflags => add(threads("-mt")), ex_libs => add(threads("-lpthread")), bn_ops => "BN_LLONG RC4_CHAR", shared_cflag => "-KPIC", - shared_ldflag => "-G -dy -z text", + shared_ldflag => add_before("-G -dy -z text"), }, #### "solaris-sparcv8-cc" => { @@ -322,81 +350,66 @@ sub vms_info { "solaris64-sparcv9-cc" => { inherit_from => [ "solaris-sparcv7-cc", asm("sparcv9_asm") ], cflags => add_before("-xarch=v9"), - lflags => add_before("-xarch=v9"), bn_ops => "BN_LLONG RC4_CHAR", - shared_ldflag => "-xarch=v9 -G -dy -z text", multilib => "/64", }, #### IRIX 6.x configs # Only N32 and N64 ABIs are supported. - "irix-mips3-gcc" => { - inherit_from => [ "BASE_unix", asm("mips64_asm") ], - cc => "gcc", - cflags => combine(picker(default => "-mabi=n32 -DB_ENDIAN -DBN_DIV3W", - debug => "-g -O0", - release => "-O3"), - threads("-D_SGI_MP_SOURCE")), + "irix-common" => { + inherit_from => [ "BASE_unix" ], + template => 1, + cppflags => threads("-D_SGI_MP_SOURCE"), + lib_cppflags => "-DB_ENDIAN -DBN_DIV3W", ex_libs => add(threads("-lpthread")), - bn_ops => "RC4_CHAR SIXTY_FOUR_BIT", thread_scheme => "pthreads", - perlasm_scheme => "n32", dso_scheme => "dlfcn", - shared_target => "irix-shared", - shared_ldflag => "-mabi=n32", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + shared_target => "self", + shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", + shared_ldflag => "-shared -Wl,-Bsymbolic", + shared_sonameflag=> "-Wl,-soname,", + }, + "irix-mips3-gcc" => { + inherit_from => [ "irix-common", asm("mips64_asm") ], + CC => "gcc", + CFLAGS => picker(debug => "-g -O0", + release => "-O3"), + LDFLAGS => "-static-libgcc", + cflags => "-mabi=n32", + bn_ops => "RC4_CHAR SIXTY_FOUR_BIT", + perlasm_scheme => "n32", multilib => "32", }, "irix-mips3-cc" => { - inherit_from => [ "BASE_unix", asm("mips64_asm") ], - cc => "cc", - cflags => combine(picker(default => "-n32 -mips3 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W", - debug => "-g -O0", - release => "-O2"), - threads("-D_SGI_MP_SOURCE")), - ex_libs => add(threads("-lpthread")), + inherit_from => [ "irix-common", asm("mips64_asm") ], + CC => "cc", + CFLAGS => picker(debug => "-g -O0", + release => "-O2"), + cflags => "-n32 -mips3 -use_readonly_const -G0 -rdata_shared", bn_ops => "RC4_CHAR SIXTY_FOUR_BIT", - thread_scheme => "pthreads", perlasm_scheme => "n32", - dso_scheme => "dlfcn", - shared_target => "irix-shared", - shared_ldflag => "-n32", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", multilib => "32", }, # N64 ABI builds. "irix64-mips4-gcc" => { - inherit_from => [ "BASE_unix", asm("mips64_asm") ], - cc => "gcc", - cflags => combine(picker(default => "-mabi=64 -mips4 -DB_ENDIAN -DBN_DIV3W", - debug => "-g -O0", - release => "-O3"), - threads("-D_SGI_MP_SOURCE")), - ex_libs => add(threads("-lpthread")), + inherit_from => [ "irix-common", asm("mips64_asm") ], + CC => "gcc", + CFLAGS => picker(debug => "-g -O0", + release => "-O3"), + LDFLAGS => "-static-libgcc", + cflags => "-mabi=64 -mips4", bn_ops => "RC4_CHAR SIXTY_FOUR_BIT_LONG", - thread_scheme => "pthreads", perlasm_scheme => "64", - dso_scheme => "dlfcn", - shared_target => "irix-shared", - shared_ldflag => "-mabi=64", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", multilib => "64", }, "irix64-mips4-cc" => { - inherit_from => [ "BASE_unix", asm("mips64_asm") ], - cc => "cc", - cflags => combine(picker(default => "-64 -mips4 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W", - debug => "-g -O0", - release => "-O2"), - threads("-D_SGI_MP_SOURCE")), - ex_libs => add(threads("-lpthread")), + inherit_from => [ "irix-common", asm("mips64_asm") ], + CC => "cc", + CFLAGS => picker(debug => "-g -O0", + release => "-O2"), + cflags => "-64 -mips4 -use_readonly_const -G0 -rdata_shared", bn_ops => "RC4_CHAR SIXTY_FOUR_BIT_LONG", - thread_scheme => "pthreads", perlasm_scheme => "64", - dso_scheme => "dlfcn", - shared_target => "irix-shared", - shared_ldflag => "-64", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", multilib => "64", }, @@ -427,29 +440,32 @@ sub vms_info { # targets; b) performance-critical 32-bit assembly modules implement # even PA-RISC 2.0-specific code paths, which are chosen at run-time, # thus adequate performance is provided even with PA-RISC 1.1 build. -# "hpux-common" => { inherit_from => [ "BASE_unix" ], template => 1, defines => add("_XOPEN_SOURCE", "_XOPEN_SOURCE_EXTENDED", "_HPUX_ALT_XOPEN_SOCKET_API"), + lib_cppflags => "-DB_ENDIAN", thread_scheme => "pthreads", dso_scheme => "dlfcn", # overridden in 32-bit PA-RISC builds - shared_target => "hpux-shared", + shared_target => "self", + bin_lflags => "-Wl,+s,+cdp,../:,+cdp,./:", + shared_ldflag => "-Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+cdp,../:,+cdp,./:", + shared_sonameflag=> "-Wl,+h,", }, "hpux-parisc-gcc" => { inherit_from => [ "hpux-common" ], - cc => "gcc", - cflags => combine(picker(default => "-DB_ENDIAN -DBN_DIV2W", - debug => "-O0 -g", - release => "-O3"), - threads("-pthread")), - ex_libs => add("-Wl,+s -ldld", threads("-pthread")), - bn_ops => "BN_LLONG", + CC => "gcc", + CFLAGS => picker(debug => "-O0 -g", + release => "-O3"), + cflags => add(threads("-pthread")), + lib_cppflags => add("-DBN_DIV2W"), + ex_libs => add("-ldld", threads("-pthread")), + bn_ops => "BN_LLONG RC4_CHAR", dso_scheme => "dl", shared_cflag => "-fPIC", - shared_ldflag => "-shared", - shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + shared_ldflag => add_before("-shared"), + shared_extension => ".sl.\$(SHLIB_VERSION_NUMBER)", }, "hpux-parisc1_1-gcc" => { inherit_from => [ "hpux-parisc-gcc", asm("parisc11_asm") ], @@ -457,36 +473,33 @@ sub vms_info { }, "hpux64-parisc2-gcc" => { inherit_from => [ "hpux-common", asm("parisc20_64_asm") ], - cc => "gcc", - cflags => combine(picker(default => "-DB_ENDIAN", - debug => "-O0 -g", - release => "-O3"), - threads("-D_REENTRANT")), - ex_libs => add("-ldl"), + CC => "gcc", + CFLAGS => combine(picker(debug => "-O0 -g", + release => "-O3")), + cflags => add(threads("-pthread")), + ex_libs => add("-ldl", threads("-pthread")), bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", shared_cflag => "-fpic", - shared_ldflag => "-shared", - shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + shared_ldflag => add_before("-shared"), + shared_extension => ".sl.\$(SHLIB_VERSION_NUMBER)", multilib => "/pa20_64", }, # More attempts at unified 10.X and 11.X targets for HP C compiler. - # - # Chris Ruemmler - # Kevin Steves "hpux-parisc-cc" => { inherit_from => [ "hpux-common" ], - cc => "cc", - cflags => combine(picker(default => "+Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY", - debug => "+O0 +d -g", - release => "+O3"), - threads("-D_REENTRANT")), - ex_libs => add("-Wl,+s -ldld",threads("-lpthread")), + CC => "cc", + CFLAGS => picker(debug => "+O0 +d -g", + release => "+O3"), + cflags => "+Optrs_strongly_typed -Ae +ESlit", + cppflags => threads("-D_REENTRANT"), + lib_cppflags => add("-DBN_DIV2W -DMD32_XARRAY"), + ex_libs => add("-ldld", threads("-lpthread")), bn_ops => "RC4_CHAR", dso_scheme => "dl", shared_cflag => "+Z", - shared_ldflag => "-b", - shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + shared_ldflag => add_before("-b"), + shared_extension => ".sl.\$(SHLIB_VERSION_NUMBER)", }, "hpux-parisc1_1-cc" => { inherit_from => [ "hpux-parisc-cc", asm("parisc11_asm") ], @@ -495,87 +508,88 @@ sub vms_info { }, "hpux64-parisc2-cc" => { inherit_from => [ "hpux-common", asm("parisc20_64_asm") ], - cc => "cc", - cflags => combine(picker(default => "+DD64 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY", - debug => "+O0 +d -g", - release => "+O3"), - threads("-D_REENTRANT")), - ex_libs => add("-ldl",threads("-lpthread")), + CC => "cc", + CFLAGS => picker(debug => "+O0 +d -g", + release => "+O3") , + cflags => "+DD64 +Optrs_strongly_typed -Ae +ESlit", + cppflags => threads("-D_REENTRANT") , + lib_cppflags => add("-DMD32_XARRAY"), + ex_libs => add("-ldl", threads("-lpthread")), bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", shared_cflag => "+Z", - shared_ldflag => "+DD64 -b", - shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + shared_ldflag => add_before("-b"), + shared_extension => ".sl.\$(SHLIB_VERSION_NUMBER)", multilib => "/pa20_64", }, # HP/UX IA-64 targets "hpux-ia64-cc" => { inherit_from => [ "hpux-common", asm("ia64_asm") ], - cc => "cc", - cflags => combine(picker(default => "-Ae +DD32 +Olit=all -z -DB_ENDIAN", - debug => "+O0 +d -g", - release => "+O2"), - threads("-D_REENTRANT")), - ex_libs => add("-ldl",threads("-lpthread")), + CC => "cc", + CFLAGS => picker(debug => "+O0 +d -g", + release => "+O2"), + cflags => "-Ae +DD32 +Olit=all -z", + cppflags => add(threads("-D_REENTRANT")), + ex_libs => add("-ldl", threads("-lpthread")), bn_ops => "SIXTY_FOUR_BIT", shared_cflag => "+Z", - shared_ldflag => "+DD32 -b", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + shared_ldflag => add_before("-b"), + shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", multilib => "/hpux32", }, - # Frank Geurts has patiently assisted - # with debugging of the following config. "hpux64-ia64-cc" => { inherit_from => [ "hpux-common", asm("ia64_asm") ], - cc => "cc", - cflags => combine(picker(default => "-Ae +DD64 +Olit=all -z -DB_ENDIAN", - debug => "+O0 +d -g", - release => "+O3"), - threads("-D_REENTRANT")), + CC => "cc", + CFLAGS => picker(debug => "+O0 +d -g", + release => "+O3"), + cflags => "-Ae +DD64 +Olit=all -z", + cppflags => threads("-D_REENTRANT"), ex_libs => add("-ldl", threads("-lpthread")), bn_ops => "SIXTY_FOUR_BIT_LONG", shared_cflag => "+Z", - shared_ldflag => "+DD64 -b", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + shared_ldflag => add_before("-b"), + shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", multilib => "/hpux64", }, # GCC builds... "hpux-ia64-gcc" => { inherit_from => [ "hpux-common", asm("ia64_asm") ], - cc => "gcc", - cflags => combine(picker(default => "-DB_ENDIAN", - debug => "-O0 -g", - release => "-O3"), - threads("-pthread")), + CC => "gcc", + CFLAGS => picker(debug => "-O0 -g", + release => "-O3"), + cflags => add(threads("-pthread")), ex_libs => add("-ldl", threads("-pthread")), bn_ops => "SIXTY_FOUR_BIT", shared_cflag => "-fpic", - shared_ldflag => "-shared", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + shared_ldflag => add_before("-shared"), + shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", multilib => "/hpux32", }, "hpux64-ia64-gcc" => { inherit_from => [ "hpux-common", asm("ia64_asm") ], - cc => "gcc", - cflags => combine(picker(default => "-mlp64 -DB_ENDIAN", - debug => "-O0 -g", - release => "-O3"), - threads("-pthread")), + CC => "gcc", + CFLAGS => picker(debug => "-O0 -g", + release => "-O3"), + cflags => combine("-mlp64", threads("-pthread")), ex_libs => add("-ldl", threads("-pthread")), bn_ops => "SIXTY_FOUR_BIT_LONG", shared_cflag => "-fpic", - shared_ldflag => "-mlp64 -shared", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + shared_ldflag => add_before("-shared"), + shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", multilib => "/hpux64", }, #### HP MPE/iX http://jazz.external.hp.com/src/openssl/ "MPE/iX-gcc" => { inherit_from => [ "BASE_unix" ], - cc => "gcc", - cflags => "-DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB", + CC => "gcc", + CFLAGS => "-O3", + cppflags => "-D_POSIX_SOURCE -D_SOCKET_SOURCE", + includes => [ "/SYSLOG/PUB" ], + lib_cppflags => "-DBN_DIV2W", sys_id => "MPE", - ex_libs => add("-L/SYSLOG/PUB -lsyslog -lsocket -lcurses"), + lflags => add("-L/SYSLOG/PUB"), + ex_libs => add("-lsyslog -lsocket -lcurses"), thread_scheme => "(unknown)", bn_ops => "BN_LLONG", }, @@ -586,9 +600,10 @@ sub vms_info { #### but not anymore... "tru64-alpha-gcc" => { inherit_from => [ "BASE_unix", asm("alpha_asm") ], - cc => "gcc", - cflags => combine("-std=c9x -D_XOPEN_SOURCE=500 -D_OSF_SOURCE -O3", - threads("-pthread")), + CC => "gcc", + CFLAGS => "-O3", + cflags => add("-std=c9x", threads("-pthread")), + cppflags => "-D_XOPEN_SOURCE=500 -D_OSF_SOURCE", ex_libs => add("-lrt", threads("-pthread")), # for mlock(2) bn_ops => "SIXTY_FOUR_BIT_LONG", thread_scheme => "pthreads", @@ -598,9 +613,11 @@ sub vms_info { }, "tru64-alpha-cc" => { inherit_from => [ "BASE_unix", asm("alpha_asm") ], - cc => "cc", - cflags => combine("-std1 -D_XOPEN_SOURCE=500 -D_OSF_SOURCE -tune host -fast -readonly_strings", - threads("-pthread")), + CC => "cc", + CFLAGS => "-tune host -fast", + cflags => add("-std1 -readonly_strings", + threads("-pthread")), + cppflags => "-D_XOPEN_SOURCE=500 -D_OSF_SOURCE", ex_libs => add("-lrt", threads("-pthread")), # for mlock(2) bn_ops => "SIXTY_FOUR_BIT_LONG", thread_scheme => "pthreads", @@ -617,19 +634,26 @@ sub vms_info { # throw in -D[BL]_ENDIAN, whichever appropriate... "linux-generic32" => { inherit_from => [ "BASE_unix" ], - cc => "gcc", - cflags => combine(picker(default => "-Wall", - debug => "-O0 -g", - release => "-O3"), - threads("-pthread")), + CC => "gcc", + CXX => "g++", + CFLAGS => picker(default => "-Wall", + debug => "-O0 -g", + release => "-O3"), + CXXFLAGS => picker(default => "-Wall", + debug => "-O0 -g", + release => "-O3"), + cflags => threads("-pthread"), + cxxflags => combine("-std=c++11", threads("-pthread")), + lib_cppflags => "-DOPENSSL_USE_NODELETE", ex_libs => add("-ldl", threads("-pthread")), bn_ops => "BN_LLONG RC4_CHAR", thread_scheme => "pthreads", dso_scheme => "dlfcn", shared_target => "linux-shared", - shared_cflag => "-fPIC -DOPENSSL_USE_NODELETE", + shared_cflag => "-fPIC", shared_ldflag => "-Wl,-znodelete", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", + enable => [ "afalgeng" ], }, "linux-generic64" => { inherit_from => [ "linux-generic32" ], @@ -642,16 +666,18 @@ sub vms_info { }, "linux-ppc64" => { inherit_from => [ "linux-generic64", asm("ppc64_asm") ], - cflags => add("-m64 -DB_ENDIAN"), + cflags => add("-m64"), + cxxflags => add("-m64"), + lib_cppflags => add("-DB_ENDIAN"), perlasm_scheme => "linux64", - shared_ldflag => add("-m64"), multilib => "64", }, "linux-ppc64le" => { inherit_from => [ "linux-generic64", asm("ppc64_asm") ], - cflags => add("-m64 -DL_ENDIAN"), + cflags => add("-m64"), + cxxflags => add("-m64"), + lib_cppflags => add("-DL_ENDIAN"), perlasm_scheme => "linux64le", - shared_ldflag => add("-m64"), }, "linux-armv4" => { @@ -696,34 +722,37 @@ sub vms_info { "linux-arm64ilp32" => { # https://wiki.linaro.org/Platform/arm64-ilp32 inherit_from => [ "linux-generic32", asm("aarch64_asm") ], cflags => add("-mabi=ilp32"), + cxxflags => add("-mabi=ilp32"), bn_ops => "SIXTY_FOUR_BIT RC4_CHAR", perlasm_scheme => "linux64", - shared_ldflag => add("-mabi=ilp32"), }, "linux-mips32" => { # Configure script adds minimally required -march for assembly # support, if no -march was specified at command line. inherit_from => [ "linux-generic32", asm("mips32_asm") ], - cflags => add("-mabi=32 -DBN_DIV3W"), + cflags => add("-mabi=32"), + cxxflags => add("-mabi=32"), + lib_cppflags => add("-DBN_DIV3W"), perlasm_scheme => "o32", - shared_ldflag => add("-mabi=32"), }, # mips32 and mips64 below refer to contemporary MIPS Architecture # specifications, MIPS32 and MIPS64, rather than to kernel bitness. "linux-mips64" => { inherit_from => [ "linux-generic32", asm("mips64_asm") ], - cflags => add("-mabi=n32 -DBN_DIV3W"), + cflags => add("-mabi=n32"), + cxxflags => add("-mabi=n32"), + lib_cppflags => add("-DBN_DIV3W"), bn_ops => "SIXTY_FOUR_BIT RC4_CHAR", perlasm_scheme => "n32", - shared_ldflag => add("-mabi=n32"), multilib => "32", }, "linux64-mips64" => { inherit_from => [ "linux-generic64", asm("mips64_asm") ], - cflags => add("-mabi=64 -DBN_DIV3W"), + cflags => add("-mabi=64"), + cxxflags => add("-mabi=64"), + lib_cppflags => add("-DBN_DIV3W"), perlasm_scheme => "64", - shared_ldflag => add("-mabi=64"), multilib => "64", }, @@ -732,16 +761,17 @@ sub vms_info { #### machines where gcc doesn't understand -m32 and -m64 "linux-elf" => { inherit_from => [ "linux-generic32", asm("x86_elf_asm") ], - cflags => add(picker(default => "-DL_ENDIAN", - release => "-fomit-frame-pointer")), + CFLAGS => add(picker(release => "-fomit-frame-pointer")), + lib_cppflags => add("-DL_ENDIAN"), bn_ops => "BN_LLONG", }, "linux-aout" => { inherit_from => [ "BASE_unix", asm("x86_asm") ], - cc => "gcc", - cflags => add(picker(default => "-DL_ENDIAN -Wall", + CC => "gcc", + CFLAGS => add(picker(default => "-Wall", debug => "-O0 -g", release => "-O3 -fomit-frame-pointer")), + lib_cppflags => add("-DL_ENDIAN"), bn_ops => "BN_LLONG", thread_scheme => "(unknown)", perlasm_scheme => "a.out", @@ -750,37 +780,39 @@ sub vms_info { #### X86 / X86_64 targets "linux-x86" => { inherit_from => [ "linux-generic32", asm("x86_asm") ], - cflags => add(picker(default => "-m32 -DL_ENDIAN", - release => "-fomit-frame-pointer")), + CFLAGS => add(picker(release => "-fomit-frame-pointer")), + cflags => add("-m32"), + cxxflags => add("-m32"), + lib_cppflags => add("-DL_ENDIAN"), bn_ops => "BN_LLONG", perlasm_scheme => "elf", - shared_ldflag => add("-m32"), }, "linux-x86-clang" => { inherit_from => [ "linux-x86" ], - cc => "clang", - cxx => "clang++", - cflags => add("-Wextra -Qunused-arguments"), + CC => "clang", + CXX => "clang++", }, "linux-x86_64" => { inherit_from => [ "linux-generic64", asm("x86_64_asm") ], - cflags => add("-m64 -DL_ENDIAN"), + cflags => add("-m64"), + cxxflags => add("-m64"), + lib_cppflags => add("-DL_ENDIAN"), bn_ops => "SIXTY_FOUR_BIT_LONG", perlasm_scheme => "elf", - shared_ldflag => add("-m64"), multilib => "64", }, "linux-x86_64-clang" => { inherit_from => [ "linux-x86_64" ], - cc => "clang", - cflags => add("-Wextra -Qunused-arguments"), + CC => "clang", + CXX => "clang++", }, "linux-x32" => { inherit_from => [ "linux-generic32", asm("x86_64_asm") ], - cflags => add("-mx32 -DL_ENDIAN"), + cflags => add("-mx32"), + cxxflags => add("-mx32"), + lib_cppflags => add("-DL_ENDIAN"), bn_ops => "SIXTY_FOUR_BIT", perlasm_scheme => "elf32", - shared_ldflag => add("-mx32"), multilib => "x32", }, @@ -791,9 +823,10 @@ sub vms_info { "linux64-s390x" => { inherit_from => [ "linux-generic64", asm("s390x_asm") ], - cflags => add("-m64 -DB_ENDIAN"), + cflags => add("-m64"), + cxxflags => add("-m64"), + lib_cppflags => add("-DB_ENDIAN"), perlasm_scheme => "64", - shared_ldflag => add("-m64"), multilib => "64", }, "linux32-s390x" => { @@ -814,46 +847,52 @@ sub vms_info { # sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1... # inherit_from => [ "linux-generic32", asm("s390x_asm") ], - cflags => add("-m31 -Wa,-mzarch -DB_ENDIAN"), + cflags => add("-m31 -Wa,-mzarch"), + cxxflags => add("-m31 -Wa,-mzarch"), + lib_cppflags => add("-DB_ENDIAN"), bn_asm_src => sub { my $r=join(" ",@_); $r=~s|asm/s390x\.S|bn_asm.c|; $r; }, perlasm_scheme => "31", - shared_ldflag => add("-m31"), multilib => "/highgprs", }, #### SPARC Linux setups - # Ray Miller has - # patiently assisted with debugging of following two configs. "linux-sparcv8" => { inherit_from => [ "linux-generic32", asm("sparcv8_asm") ], - cflags => add("-mcpu=v8 -DB_ENDIAN -DBN_DIV2W"), + cflags => add("-mcpu=v8"), + cxxflags => add("-mcpu=v8"), + lib_cppflags => add("-DB_ENDIAN -DBN_DIV2W"), }, "linux-sparcv9" => { # it's a real mess with -mcpu=ultrasparc option under Linux, # but -Wa,-Av8plus should do the trick no matter what. inherit_from => [ "linux-generic32", asm("sparcv9_asm") ], - cflags => add("-m32 -mcpu=ultrasparc -Wa,-Av8plus -DB_ENDIAN -DBN_DIV2W"), - shared_ldflag => add("-m32"), + cflags => add("-m32 -mcpu=ultrasparc -Wa,-Av8plus"), + cxxflags => add("-m32 -mcpu=ultrasparc -Wa,-Av8plus"), + lib_cppflags => add("-DB_ENDIAN -DBN_DIV2W"), }, "linux64-sparcv9" => { # GCC 3.1 is a requirement inherit_from => [ "linux-generic64", asm("sparcv9_asm") ], - cflags => add("-m64 -mcpu=ultrasparc -DB_ENDIAN"), + cflags => add("-m64 -mcpu=ultrasparc"), + cxxflags => add("-m64 -mcpu=ultrasparc"), + lib_cppflags => add("-DB_ENDIAN"), bn_ops => "BN_LLONG RC4_CHAR", - shared_ldflag => add("-m64"), multilib => "64", }, "linux-alpha-gcc" => { inherit_from => [ "linux-generic64", asm("alpha_asm") ], - cflags => add("-DL_ENDIAN"), + lib_cppflags => add("-DL_ENDIAN"), bn_ops => "SIXTY_FOUR_BIT_LONG", }, "linux-c64xplus" => { inherit_from => [ "BASE_unix" ], # TI_CGT_C6000_7.3.x is a requirement - cc => "cl6x", - cflags => combine("--linux -ea=.s -eo=.o -mv6400+ -o2 -ox -ms -pden -DOPENSSL_SMALL_FOOTPRINT", + CC => "cl6x", + CFLAGS => "-o2 -ox -ms", + cflags => "--linux -ea=.s -eo=.o -mv6400+ -pden", + cxxflags => "--linux -ea=.s -eo=.o -mv6400+ -pden", + cppflags => combine("-DOPENSSL_SMALL_FOOTPRINT", threads("-D_REENTRANT")), bn_ops => "BN_LLONG", cpuid_asm_src => "c64xpluscpuid.s", @@ -870,84 +909,10 @@ sub vms_info { shared_target => "linux-shared", shared_cflag => "--pic", shared_ldflag => add("-z --sysv --shared"), - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", ranlib => "true", }, -#### Android: linux-* but without pointers to headers and libs. - # - # It takes pair of prior-set environment variables to make it work: - # - # CROSS_SYSROOT=/some/where/android-ndk-/platforms/android-/arch- - # CROSS_COMPILE= - # - # As well as PATH adjusted to cover ${CROSS_COMPILE}gcc and company. - # For example to compile for ICS and ARM with NDK 10d, you'd: - # - # ANDROID_NDK=/some/where/android-ndk-10d - # CROSS_SYSROOT=$ANDROID_NDK/platforms/android-14/arch-arm - # CROSS_COMPILE=arm-linux-androideabi- - # PATH=$ANDROID_NDK/toolchains/arm-linux-androideabi-4.8/prebuild/linux-x86_64/bin - # - "android" => { - inherit_from => [ "linux-generic32" ], - # Special note about unconditional -fPIC and -pie. The underlying - # reason is that Lollipop refuses to run non-PIE. But what about - # older systems and NDKs? -fPIC was never problem, so the only - # concern is -pie. Older toolchains, e.g. r4, appear to handle it - # and binaries turn mostly functional. "Mostly" means that oldest - # Androids, such as Froyo, fail to handle executable, but newer - # systems are perfectly capable of executing binaries targeting - # Froyo. Keep in mind that in the nutshell Android builds are - # about JNI, i.e. shared libraries, not applications. - cflags => add(picker(default => "-mandroid -fPIC --sysroot=\$(CROSS_SYSROOT) -Wa,--noexecstack")), - bin_cflags => "-pie", - }, - "android-x86" => { - inherit_from => [ "android", asm("x86_asm") ], - cflags => add(picker(release => "-fomit-frame-pointer")), - bn_ops => "BN_LLONG", - perlasm_scheme => "android", - }, - ################################################################ - # Contemporary Android applications can provide multiple JNI - # providers in .apk, targeting multiple architectures. Among - # them there is "place" for two ARM flavours: generic eabi and - # armv7-a/hard-float. However, it should be noted that OpenSSL's - # ability to engage NEON is not constrained by ABI choice, nor - # is your ability to call OpenSSL from your application code - # compiled with floating-point ABI other than default 'soft'. - # [Latter thanks to __attribute__((pcs("aapcs"))) declaration.] - # This means that choice of ARM libraries you provide in .apk - # is driven by application needs. For example if application - # itself benefits from NEON or is floating-point intensive, then - # it might be appropriate to provide both libraries. Otherwise - # just generic eabi would do. But in latter case it would be - # appropriate to - # - # ./Configure android-armeabi -D__ARM_MAX_ARCH__=8 - # - # in order to build "universal" binary and allow OpenSSL take - # advantage of NEON when it's available. - # - "android-armeabi" => { - inherit_from => [ "android", asm("armv4_asm") ], - }, - "android-mips" => { - inherit_from => [ "android", asm("mips32_asm") ], - perlasm_scheme => "o32", - }, - - "android64" => { - inherit_from => [ "linux-generic64" ], - cflags => add(picker(default => "-mandroid -fPIC --sysroot=\$(CROSS_SYSROOT) -Wa,--noexecstack")), - bin_cflags => "-pie", - }, - "android64-aarch64" => { - inherit_from => [ "android64", asm("aarch64_asm") ], - perlasm_scheme => "linux64", - }, - #### *BSD "BSD-generic32" => { # As for thread cflag. Idea is to maintain "collective" set of @@ -958,17 +923,20 @@ sub vms_info { # -D_THREAD_SAFE and sometimes -D_REENTRANT. FreeBSD 5.x # expands it as -lc_r, which seems to be sufficient? inherit_from => [ "BASE_unix" ], - cc => "cc", - cflags => combine(picker(default => "-Wall", - debug => "-O0 -g", - release => "-O3"), - threads("-pthread -D_THREAD_SAFE -D_REENTRANT")), + CC => "cc", + CFLAGS => picker(default => "-Wall", + debug => "-O0 -g", + release => "-O3"), + cflags => threads("-pthread"), + cppflags => threads("-D_THREAD_SAFE -D_REENTRANT"), + ex_libs => add(threads("-pthread")), + enable => add("devcryptoeng"), bn_ops => "BN_LLONG", thread_scheme => "pthreads", dso_scheme => "dlfcn", shared_target => "bsd-gcc-shared", shared_cflag => "-fPIC", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", }, "BSD-generic64" => { inherit_from => [ "BSD-generic32" ], @@ -977,8 +945,8 @@ sub vms_info { "BSD-x86" => { inherit_from => [ "BSD-generic32", asm("x86_asm") ], - cflags => add(picker(default => "-DL_ENDIAN", - release => "-fomit-frame-pointer")), + CFLAGS => add(picker(release => "-fomit-frame-pointer")), + lib_cppflags => add("-DL_ENDIAN"), bn_ops => "BN_LLONG", shared_target => "bsd-shared", perlasm_scheme => "a.out", @@ -990,87 +958,62 @@ sub vms_info { "BSD-sparcv8" => { inherit_from => [ "BSD-generic32", asm("sparcv8_asm") ], - cflags => add("-mcpu=v8 -DB_ENDIAN"), + cflags => add("-mcpu=v8"), + lib_cppflags => add("-DB_ENDIAN"), }, "BSD-sparc64" => { # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it # simply *happens* to work around a compiler bug in gcc 3.3.3, # triggered by RIPEMD160 code. inherit_from => [ "BSD-generic64", asm("sparcv9_asm") ], - cflags => add("-DB_ENDIAN -DMD32_REG_T=int"), + lib_cppflags => add("-DB_ENDIAN -DMD32_REG_T=int"), bn_ops => "BN_LLONG", }, "BSD-ia64" => { inherit_from => [ "BSD-generic64", asm("ia64_asm") ], - cflags => add_before("-DL_ENDIAN"), + lib_cppflags => add("-DL_ENDIAN"), bn_ops => "SIXTY_FOUR_BIT_LONG", }, "BSD-x86_64" => { inherit_from => [ "BSD-generic64", asm("x86_64_asm") ], - cflags => add_before("-DL_ENDIAN"), + lib_cppflags => add("-DL_ENDIAN"), bn_ops => "SIXTY_FOUR_BIT_LONG", perlasm_scheme => "elf", }, "bsdi-elf-gcc" => { inherit_from => [ "BASE_unix", asm("x86_elf_asm") ], - cc => "gcc", - cflags => "-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -Wall", + CC => "gcc", + CFLAGS => "-fomit-frame-pointer -O3 -Wall", + lib_cppflags => "-DPERL5 -DL_ENDIAN", ex_libs => add("-ldl"), bn_ops => "BN_LLONG", thread_scheme => "(unknown)", dso_scheme => "dlfcn", shared_target => "bsd-gcc-shared", shared_cflag => "-fPIC", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", }, "nextstep" => { inherit_from => [ "BASE_unix" ], - cc => "cc", - cflags => "-O -Wall", + CC => "cc", + CFLAGS => "-O -Wall", unistd => "", bn_ops => "BN_LLONG", thread_scheme => "(unknown)", }, "nextstep3.3" => { inherit_from => [ "BASE_unix" ], - cc => "cc", - cflags => "-O3 -Wall", + CC => "cc", + CFLAGS => "-O3 -Wall", unistd => "", bn_ops => "BN_LLONG", thread_scheme => "(unknown)", }, -# QNX - "qnx4" => { - inherit_from => [ "BASE_unix" ], - cc => "cc", - cflags => "-DL_ENDIAN -DTERMIO", - thread_scheme => "(unknown)", - }, - "QNX6" => { - inherit_from => [ "BASE_unix" ], - cc => "gcc", - ex_libs => add("-lsocket"), - dso_scheme => "dlfcn", - shared_target => "bsd-gcc-shared", - shared_cflag => "-fPIC", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - }, - "QNX6-i386" => { - inherit_from => [ "BASE_unix", asm("x86_elf_asm") ], - cc => "gcc", - cflags => "-DL_ENDIAN -O2 -Wall", - ex_libs => add("-lsocket"), - dso_scheme => "dlfcn", - shared_target => "bsd-gcc-shared", - shared_cflag => "-fPIC", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - }, - #### SCO/Caldera targets. # # Originally we had like unixware-*, unixware-*-pentium, unixware-*-p6, etc. @@ -1079,31 +1022,32 @@ sub vms_info { # and './Configure unixware-7 -Kpentium_pro' or whatever appropriate. # Note that not all targets include assembler support. Mostly because of # lack of motivation to support out-of-date platforms with out-of-date -# compiler drivers and assemblers. Tim Rice has -# patiently assisted to debug most of it. +# compiler drivers and assemblers. # # UnixWare 2.0x fails destest with -O. "unixware-2.0" => { inherit_from => [ "BASE_unix" ], - cc => "cc", - cflags => combine("-DFILIO_H -DNO_STRINGS_H", - threads("-Kthread")), + CC => "cc", + cflags => threads("-Kthread"), + lib_cppflags => "-DFILIO_H -DNO_STRINGS_H", ex_libs => add("-lsocket -lnsl -lresolv -lx"), thread_scheme => "uithreads", }, "unixware-2.1" => { inherit_from => [ "BASE_unix" ], - cc => "cc", - cflags => combine("-O -DFILIO_H", - threads("-Kthread")), + CC => "cc", + CFLAGS => "-O", + cflags => threads("-Kthread"), + lib_cppflags => "-DFILIO_H", ex_libs => add("-lsocket -lnsl -lresolv -lx"), thread_scheme => "uithreads", }, "unixware-7" => { inherit_from => [ "BASE_unix", asm("x86_elf_asm") ], - cc => "cc", - cflags => combine("-O -DFILIO_H -Kalloca", - threads("-Kthread")), + CC => "cc", + CFLAGS => "-O", + cflags => combine("-Kalloca", threads("-Kthread")), + lib_cppflags => "-DFILIO_H", ex_libs => add("-lsocket -lnsl"), thread_scheme => "uithreads", bn_ops => "BN_LLONG", @@ -1111,13 +1055,14 @@ sub vms_info { dso_scheme => "dlfcn", shared_target => "svr5-shared", shared_cflag => "-Kpic", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", }, "unixware-7-gcc" => { inherit_from => [ "BASE_unix", asm("x86_elf_asm") ], - cc => "gcc", - cflags => combine("-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -Wall", - threads("-D_REENTRANT")), + CC => "gcc", + CFLAGS => "-O3 -fomit-frame-pointer -Wall", + cppflags => add(threads("-D_REENTRANT")), + lib_cppflags => add("-DL_ENDIAN -DFILIO_H"), ex_libs => add("-lsocket -lnsl"), bn_ops => "BN_LLONG", thread_scheme => "pthreads", @@ -1125,9 +1070,9 @@ sub vms_info { dso_scheme => "dlfcn", shared_target => "gnu-shared", shared_cflag => "-fPIC", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", }, -# SCO 5 - Ben Laurie says the -O breaks the SCO cc. +# SCO 5 - Ben Laurie says the -O breaks the SCO cc. "sco5-cc" => { inherit_from => [ "BASE_unix", asm("x86_elf_asm") ], cc => "cc", @@ -1138,7 +1083,7 @@ sub vms_info { dso_scheme => "dlfcn", shared_target => "svr3-shared", shared_cflag => "-Kpic", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", }, "sco5-gcc" => { inherit_from => [ "BASE_unix", asm("x86_elf_asm") ], @@ -1151,7 +1096,7 @@ sub vms_info { dso_scheme => "dlfcn", shared_target => "svr3-shared", shared_cflag => "-fPIC", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", }, #### IBM's AIX. @@ -1160,86 +1105,91 @@ sub vms_info { # variable, then you should know that in OpenSSL case it's considered # only in ./config. Once configured, build procedure remains "deaf" to # current value of $OBJECT_MODE. - "aix-gcc" => { - inherit_from => [ "BASE_unix", asm("ppc32_asm") ], - cc => "gcc", - cflags => combine(picker(default => "-DB_ENDIAN", - debug => "-O0 -g", - release => "-O"), - threads("-pthread")), - ex_libs => add(threads("-pthread")), + "aix-common" => { + inherit_from => [ "BASE_unix" ], + template => 1, sys_id => "AIX", - bn_ops => "BN_LLONG RC4_CHAR", + lib_cppflags => "-DB_ENDIAN", + lflags => "-Wl,-bsvr4", thread_scheme => "pthreads", - perlasm_scheme => "aix32", dso_scheme => "dlfcn", - shared_target => "aix-shared", - shared_ldflag => "-shared -static-libgcc -Wl,-G", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - arflags => "-X32", + shared_target => "self", + module_ldflags => "-Wl,-G,-bsymbolic,-bexpall", + shared_ldflag => "-Wl,-G,-bsymbolic", + shared_defflag => "-Wl,-bE:", + shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", + dso_extension => ".so", + lib_extension => shared("_a.a"), + shared_extension_simple => shared(".a"), + }, + "aix-gcc" => { + inherit_from => [ "aix-common", asm("ppc32_asm") ], + CC => "gcc", + CFLAGS => picker(debug => "-O0 -g", + release => "-O"), + cflags => add(threads("-pthread")), + ex_libs => threads("-pthread"), + bn_ops => "BN_LLONG RC4_CHAR", + perlasm_scheme => "aix32", + shared_ldflag => add_before("-shared -static-libgcc"), + AR => add("-X32"), + RANLIB => add("-X32"), }, "aix64-gcc" => { - inherit_from => [ "BASE_unix", asm("ppc64_asm") ], - cc => "gcc", - cflags => combine(picker(default => "-maix64 -DB_ENDIAN", - debug => "-O0 -g", - release => "-O"), - threads("-pthread")), - ex_libs => add(threads("-pthread")), - sys_id => "AIX", + inherit_from => [ "aix-common", asm("ppc64_asm") ], + CC => "gcc", + CFLAGS => picker(debug => "-O0 -g", + release => "-O"), + cflags => combine("-maix64", threads("-pthread")), + ex_libs => threads("-pthread"), bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", - thread_scheme => "pthreads", perlasm_scheme => "aix64", - dso_scheme => "dlfcn", - shared_target => "aix-shared", - shared_ldflag => "-maix64 -shared -static-libgcc -Wl,-G", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - arflags => "-X64", + shared_ldflag => add_before("-shared -static-libgcc"), + shared_extension => "64.so.\$(SHLIB_VERSION_NUMBER)", + AR => add("-X64"), + RANLIB => add("-X64"), }, "aix-cc" => { - inherit_from => [ "BASE_unix", asm("ppc32_asm") ], - cc => "cc", - cflags => combine(picker(default => "-q32 -DB_ENDIAN -qmaxmem=16384 -qro -qroconst", - debug => "-O0 -g", - release => "-O"), - threads("-qthreaded -D_THREAD_SAFE")), - sys_id => "AIX", - bn_ops => "BN_LLONG RC4_CHAR", - thread_scheme => "pthreads", + inherit_from => [ "aix-common", asm("ppc32_asm") ], + CC => "cc", + CFLAGS => picker(debug => "-O0 -g", + release => "-O"), + cflags => combine("-q32 -qmaxmem=16384 -qro -qroconst", + threads("-qthreaded")), + cppflags => threads("-D_THREAD_SAFE"), ex_libs => threads("-lpthreads"), + bn_ops => "BN_LLONG RC4_CHAR", perlasm_scheme => "aix32", - dso_scheme => "dlfcn", - shared_target => "aix-shared", shared_cflag => "-qpic", - shared_ldflag => "-q32 -G", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - arflags => "-X 32", + AR => add("-X32"), + RANLIB => add("-X32"), }, "aix64-cc" => { - inherit_from => [ "BASE_unix", asm("ppc64_asm") ], - cc => "cc", - cflags => combine(picker(default => "-q64 -DB_ENDIAN -qmaxmem=16384 -qro -qroconst", - debug => "-O0 -g", - release => "-O"), - threads("-qthreaded -D_THREAD_SAFE")), - sys_id => "AIX", - bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", - thread_scheme => "pthreads", + inherit_from => [ "aix-common", asm("ppc64_asm") ], + CC => "cc", + CFLAGS => picker(debug => "-O0 -g", + release => "-O"), + cflags => combine("-q64 -qmaxmem=16384 -qro -qroconst", + threads("-qthreaded")), + cppflags => threads("-D_THREAD_SAFE"), ex_libs => threads("-lpthreads"), + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", perlasm_scheme => "aix64", dso_scheme => "dlfcn", - shared_target => "aix-shared", shared_cflag => "-qpic", - shared_ldflag => "-q64 -G", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - arflags => "-X 64", + shared_extension => "64.so.\$(SHLIB_VERSION_NUMBER)", + AR => add("-X64"), + RANLIB => add("-X64"), }, # SIEMENS BS2000/OSD: an EBCDIC-based mainframe "BS2000-OSD" => { inherit_from => [ "BASE_unix" ], - cc => "c89", - cflags => "-O -XLLML -XLLMK -XL -DB_ENDIAN -DCHARSET_EBCDIC", + CC => "c89", + CFLAGS => "-O", + cflags => "-XLLML -XLLMK -XL", + cppflags => "-DCHARSET_EBCDIC", + lib_cppflags => "-DB_ENDIAN", ex_libs => add("-lsocket -lnsl"), bn_ops => "THIRTY_TWO_BIT RC4_CHAR", thread_scheme => "(unknown)", @@ -1247,55 +1197,64 @@ sub vms_info { #### Visual C targets # -# Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64 +# Win64 targets, WIN64I denotes IA-64/Itanium and WIN64A - AMD64 # -# Note about -wd4090, disable warning C4090. This warning returns false +# Note about /wd4090, disable warning C4090. This warning returns false # positives in some situations. Disabling it altogether masks both # legitimate and false cases, but as we compile on multiple platforms, # we rely on other compilers to catch legitimate cases. # # Also note that we force threads no matter what. Configuring "no-threads" # is ignored. +# +# UNICODE is defined in VC-common and applies to all targets. It used to +# be an opt-in option for VC-WIN32, but not anymore. The original reason +# was because ANSI API was *native* system interface for no longer +# supported Windows 9x. Keep in mind that UNICODE only affects how +# OpenSSL libraries interact with underlying OS, it doesn't affect API +# that OpenSSL presents to application. + "VC-common" => { inherit_from => [ "BASE_Windows" ], template => 1, - cc => "cl", - cflags => "-W3 -wd4090 -Gs0 -GF -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE", - defines => add(sub { my @defs = (); - unless ($disabled{"zlib-dynamic"}) { - my $zlib = - $withargs{zlib_lib} // "ZLIB1"; - push @defs, - quotify("perl", - 'LIBZ="' . $zlib . '"'); - } - return [ @defs ]; - }), + CC => "cl", + CPP => '$(CC) /EP /C', + CFLAGS => "/W3 /wd4090 /nologo", + LDFLAGS => add("/debug"), coutflag => "/Fo", - lib_cflags => add("/Zi /Fdossl_static"), - dso_cflags => "/Zi /Fddso", - bin_cflags => "/Zi /Fdapp", - lflags => add("/debug"), + defines => add("OPENSSL_SYS_WIN32", "WIN32_LEAN_AND_MEAN", + "UNICODE", "_UNICODE", + "_CRT_SECURE_NO_DEPRECATE", + "_WINSOCK_DEPRECATED_NO_WARNINGS"), + lib_cflags => add("/Zi /Fdossl_static.pdb"), + lib_defines => add("L_ENDIAN"), + dso_cflags => "/Zi /Fddso.pdb", + bin_cflags => "/Zi /Fdapp.pdb", shared_ldflag => "/dll", shared_target => "win-shared", # meaningless except it gives Configure a hint thread_scheme => "winthreads", dso_scheme => "win32", apps_aux_src => add("win32_init.c"), + bn_ops => "EXPORT_VAR_AS_FN", + # additional parameter to build_scheme denotes install-path "flavour" + build_scheme => add("VC-common", { separator => undef }), }, "VC-noCE-common" => { inherit_from => [ "VC-common" ], template => 1, - cflags => add(picker(default => "-DUNICODE -D_UNICODE", + CFLAGS => add(picker(debug => '/Od', + release => '/O2')), + cflags => add(picker(default => '/Gs0 /GF /Gy', debug => sub { - ($disabled{shared} ? "" : "/MDd") - ." /Od -DDEBUG -D_DEBUG"; + ($disabled{shared} ? "" : "/MDd"); }, release => sub { - ($disabled{shared} ? "" : "/MD") - ." /O2"; + ($disabled{shared} ? "" : "/MD"); })), + defines => add(picker(default => [], # works as type cast + debug => [ "DEBUG", "_DEBUG" ])), lib_cflags => add(sub { $disabled{shared} ? "/MT /Zl" : () }), # Following might/should appears controversial, i.e. defining # /MDd without evaluating $disabled{shared}. It works in @@ -1327,15 +1286,14 @@ sub vms_info { push @ex_libs, 'bufferoverflowu.lib' if (`cl 2>&1` =~ /14\.00\.4[0-9]{4}\./); return join(" ", @_, @ex_libs); }), - bn_ops => "SIXTY_FOUR_BIT EXPORT_VAR_AS_FN", - build_scheme => add("VC-W64", { separator => undef }), + bn_ops => add("SIXTY_FOUR_BIT"), }, "VC-WIN64I" => { inherit_from => [ "VC-WIN64-common", asm("ia64_asm"), sub { $disabled{shared} ? () : "ia64_uplink" } ], - as => "ias", - asflags => "-d debug", - asoutflag => "-o", + AS => "ias", + ASFLAGS => "-d debug", + asoutflag => "-o ", sys_id => "WIN64I", bn_asm_src => sub { return undef unless @_; my $r=join(" ",@_); $r=~s|bn-ia64.s|bn_asm.c|; $r; }, @@ -1345,9 +1303,10 @@ sub vms_info { "VC-WIN64A" => { inherit_from => [ "VC-WIN64-common", asm("x86_64_asm"), sub { $disabled{shared} ? () : "x86_64_uplink" } ], - as => sub { vc_win64a_info()->{as} }, - asflags => sub { vc_win64a_info()->{asflags} }, + AS => sub { vc_win64a_info()->{AS} }, + ASFLAGS => sub { vc_win64a_info()->{ASFLAGS} }, asoutflag => sub { vc_win64a_info()->{asoutflag} }, + asflags => sub { vc_win64a_info()->{asflags} }, sys_id => "WIN64A", bn_asm_src => sub { return undef unless @_; my $r=join(" ",@_); $r=~s|asm/x86_64-gcc|bn_asm|; $r; }, @@ -1355,58 +1314,53 @@ sub vms_info { multilib => "-x64", }, "VC-WIN32" => { - # x86 Win32 target defaults to ANSI API, if you want UNICODE, - # configure with 'perl Configure VC-WIN32 -DUNICODE -D_UNICODE' inherit_from => [ "VC-noCE-common", asm("x86_asm"), sub { $disabled{shared} ? () : "uplink_common" } ], - as => sub { vc_win32_info()->{as} }, - asflags => sub { vc_win32_info()->{asflags} }, + CFLAGS => add("/WX"), + AS => sub { vc_win32_info()->{AS} }, + ASFLAGS => sub { vc_win32_info()->{ASFLAGS} }, asoutflag => sub { vc_win32_info()->{asoutflag} }, - ex_libs => add(sub { - my @ex_libs = (); - # WIN32 UNICODE build gets linked with unicows.lib for - # backward compatibility with Win9x. - push @ex_libs, 'unicows.lib' - if (grep { $_ eq "UNICODE" } @user_defines); - return join(" ", @ex_libs, @_); - }), + asflags => sub { vc_win32_info()->{asflags} }, sys_id => "WIN32", - bn_ops => "BN_LLONG EXPORT_VAR_AS_FN", + bn_ops => add("BN_LLONG"), perlasm_scheme => sub { vc_win32_info()->{perlasm_scheme} }, - build_scheme => add("VC-W32", { separator => undef }), + # "WOW" stands for "Windows on Windows", and "VC-WOW" engages + # some installation path heuristics in windows-makefile.tmpl... + build_scheme => add("VC-WOW", { separator => undef }), }, "VC-CE" => { inherit_from => [ "VC-common" ], - as => "ml", - asflags => "/nologo /Cp /coff /c /Cx /Zi", - asoutflag => "/Fo", - cc => "cl", + CFLAGS => add(picker(debug => "/Od", + release => "/O1i")), + CPPDEFINES => picker(debug => [ "DEBUG", "_DEBUG" ]), + LDFLAGS => add("/nologo /opt:ref"), cflags => - picker(default => - combine('/W3 /WX /GF /Gy /nologo -DUNICODE -D_UNICODE -DOPENSSL_SYS_WINCE -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DNO_CHMOD -DOPENSSL_SMALL_FOOTPRINT', - sub { vc_wince_info()->{cflags}; }, - sub { defined($ENV{'WCECOMPAT'}) - ? '-I$(WCECOMPAT)/include' : (); }, - sub { defined($ENV{'PORTSDK_LIBPATH'}) - ? '-I$(PORTSDK_LIBPATH)/../../include' : (); }, - sub { `cl 2>&1` =~ /Version ([0-9]+)\./ && $1>=14 - ? ($disabled{shared} ? " /MT" : " /MD") - : " /MC"; }), - debug => "/Od -DDEBUG -D_DEBUG", - release => "/O1i"), - lflags => combine("/nologo /opt:ref", - sub { vc_wince_info()->{lflags}; }, - sub { defined($ENV{PORTSDK_LIBPATH}) - ? "/entry:mainCRTstartup" : (); }), + combine('/GF /Gy', + sub { vc_wince_info()->{cflags}; }, + sub { `cl 2>&1` =~ /Version ([0-9]+)\./ && $1>=14 + ? ($disabled{shared} ? " /MT" : " /MD") + : " /MC"; }), + cppflags => sub { vc_wince_info()->{cppflags}; }, + lib_defines => add("NO_CHMOD", "OPENSSL_SMALL_FOOTPRINT"), + lib_cppflags => sub { vc_wince_info()->{cppflags}; }, + includes => + add(combine(sub { defined(env('WCECOMPAT')) + ? '$(WCECOMPAT)/include' : (); }, + sub { defined(env('PORTSDK_LIBPATH')) + ? '$(PORTSDK_LIBPATH)/../../include' + : (); })), + lflags => add(combine(sub { vc_wince_info()->{lflags}; }, + sub { defined(env('PORTSDK_LIBPATH')) + ? "/entry:mainCRTstartup" : (); })), sys_id => "WINCE", - bn_ops => "BN_LLONG EXPORT_VAR_AS_FN", + bn_ops => add("BN_LLONG"), ex_libs => add(sub { my @ex_libs = (); push @ex_libs, 'ws2.lib' unless $disabled{sock}; push @ex_libs, 'crypt32.lib'; - if (defined($ENV{WCECOMPAT})) { + if (defined(env('WCECOMPAT'))) { my $x = '$(WCECOMPAT)/lib'; - if (-f "$x/$ENV{TARGETCPU}/wcecompatex.lib") { + if (-f "$x/env('TARGETCPU')/wcecompatex.lib") { $x .= '/$(TARGETCPU)/wcecompatex.lib'; } else { $x .= '/wcecompatex.lib'; @@ -1414,23 +1368,25 @@ sub vms_info { push @ex_libs, $x; } push @ex_libs, '$(PORTSDK_LIBPATH)/portlib.lib' - if (defined($ENV{'PORTSDK_LIBPATH'})); + if (defined(env('PORTSDK_LIBPATH'))); push @ex_libs, ' /nodefaultlib coredll.lib corelibc.lib' - if ($ENV{'TARGETCPU'} eq "X86"); + if (env('TARGETCPU') eq "X86"); return @ex_libs; }), - build_scheme => add("VC-WCE", { separator => undef }), }, #### MinGW "mingw" => { inherit_from => [ "BASE_unix", asm("x86_asm"), sub { $disabled{shared} ? () : "x86_uplink" } ], - cc => "gcc", - cflags => combine(picker(default => "-DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE -m32 -Wall", - debug => "-g -O0", - release => "-O3 -fomit-frame-pointer"), + CC => "gcc", + CFLAGS => picker(default => "-Wall", + debug => "-g -O0", + release => "-O3 -fomit-frame-pointer"), + cflags => "-m32", + cppflags => combine("-DUNICODE -D_UNICODE -DWIN32_LEAN_AND_MEAN", threads("-D_MT")), + lib_cppflags => "-DL_ENDIAN", sys_id => "MINGW32", ex_libs => add("-lws2_32 -lgdi32 -lcrypt32"), bn_ops => "BN_LLONG EXPORT_VAR_AS_FN", @@ -1438,7 +1394,7 @@ sub vms_info { perlasm_scheme => "coff", dso_scheme => "win32", shared_target => "mingw-shared", - shared_cflag => add("-D_WINDLL"), + shared_cppflags => add("_WINDLL"), shared_ldflag => "-static-libgcc", shared_rcflag => "--target=pe-i386", shared_extension => ".dll", @@ -1455,11 +1411,14 @@ sub vms_info { # environment. And as mingw64 is always consistent with itself, # Applink is never engaged and can as well be omitted. inherit_from => [ "BASE_unix", asm("x86_64_asm") ], - cc => "gcc", - cflags => combine(picker(default => "-DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE -m64 -Wall", - debug => "-g -O0", - release => "-O3"), + CC => "gcc", + CFLAGS => picker(default => "-Wall", + debug => "-g -O0", + release => "-O3"), + cflags => "-m64", + cppflags => combine("-DUNICODE -D_UNICODE -DWIN32_LEAN_AND_MEAN", threads("-D_MT")), + lib_cppflags => "-DL_ENDIAN", sys_id => "MINGW64", ex_libs => add("-lws2_32 -lgdi32 -lcrypt32"), bn_ops => "SIXTY_FOUR_BIT EXPORT_VAR_AS_FN", @@ -1467,7 +1426,7 @@ sub vms_info { perlasm_scheme => "mingw64", dso_scheme => "win32", shared_target => "mingw-shared", - shared_cflag => add("-D_WINDLL"), + shared_cppflags => add("_WINDLL"), shared_ldflag => "-static-libgcc", shared_rcflag => "--target=pe-x86-64", shared_extension => ".dll", @@ -1478,16 +1437,18 @@ sub vms_info { #### UEFI "UEFI" => { inherit_from => [ "BASE_unix" ], - cc => "cc", - cflags => "-DL_ENDIAN -O", + CC => "cc", + CFLAGS => "-O", + lib_cppflags => "-DL_ENDIAN", sys_id => "UEFI", }, #### UWIN "UWIN" => { inherit_from => [ "BASE_unix" ], - cc => "cc", - cflags => "-DTERMIOS -DL_ENDIAN -O -Wall", + CC => "cc", + CFLAGS => "-O -Wall", + lib_cppflags => "-DTERMIOS -DL_ENDIAN", sys_id => "UWIN", bn_ops => "BN_LLONG", dso_scheme => "win32", @@ -1496,34 +1457,34 @@ sub vms_info { #### Cygwin "Cygwin-x86" => { inherit_from => [ "BASE_unix", asm("x86_asm") ], - cc => "gcc", - cflags => picker(default => "-DTERMIOS -DL_ENDIAN -Wall", + CC => "gcc", + CFLAGS => picker(default => "-Wall", debug => "-g -O0", release => "-O3 -fomit-frame-pointer"), + lib_cppflags => "-DTERMIOS -DL_ENDIAN", sys_id => "CYGWIN", bn_ops => "BN_LLONG", thread_scheme => "pthread", perlasm_scheme => "coff", dso_scheme => "dlfcn", shared_target => "cygwin-shared", - shared_cflag => "-D_WINDLL", - shared_ldflag => "-shared", + shared_cppflags => "-D_WINDLL", shared_extension => ".dll", }, "Cygwin-x86_64" => { inherit_from => [ "BASE_unix", asm("x86_64_asm") ], - cc => "gcc", - cflags => picker(default => "-DTERMIOS -DL_ENDIAN -Wall", + CC => "gcc", + CFLAGS => picker(default => "-Wall", debug => "-g -O0", release => "-O3"), + lib_cppflags => "-DTERMIOS -DL_ENDIAN", sys_id => "CYGWIN", bn_ops => "SIXTY_FOUR_BIT_LONG", thread_scheme => "pthread", perlasm_scheme => "mingw64", dso_scheme => "dlfcn", shared_target => "cygwin-shared", - shared_cflag => "-D_WINDLL", - shared_ldflag => "-shared", + shared_cppflags => "-D_WINDLL", shared_extension => ".dll", }, # Backward compatibility for those using this target @@ -1548,13 +1509,12 @@ sub vms_info { "darwin-common" => { inherit_from => [ "BASE_unix" ], template => 1, - cc => "cc", - cflags => combine(picker(default => "", - debug => "-g -O0", - release => "-O3"), - threads("-D_REENTRANT")), + CC => "cc", + CFLAGS => picker(debug => "-g -O0", + release => "-O3"), + cppflags => threads("-D_REENTRANT"), + lflags => "-Wl,-search_paths_first", sys_id => "MACOSX", - plib_lflags => "-Wl,-search_paths_first", bn_ops => "BN_LLONG RC4_CHAR", thread_scheme => "pthreads", perlasm_scheme => "osx32", @@ -1562,153 +1522,156 @@ sub vms_info { ranlib => "ranlib -c", shared_target => "darwin-shared", shared_cflag => "-fPIC", - shared_ldflag => "-dynamiclib", - shared_extension => ".\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", + shared_extension => ".\$(SHLIB_VERSION_NUMBER).dylib", }, # Option "freeze" such as -std=gnu9x can't negatively interfere # with future defaults for below two targets, because MacOS X # for PPC has no future, it was discontinued by vendor in 2009. "darwin-ppc-cc" => { inherit_from => [ "darwin-common", asm("ppc32_asm") ], - cflags => add("-arch ppc -std=gnu9x -DB_ENDIAN -Wa,-force_cpusubtype_ALL"), - perlasm_scheme => "osx32", + cflags => add("-arch ppc -std=gnu9x -Wa,-force_cpusubtype_ALL"), + lib_cppflags => add("-DB_ENDIAN"), shared_cflag => add("-fno-common"), - shared_ldflag => "-arch ppc -dynamiclib", + perlasm_scheme => "osx32", }, "darwin64-ppc-cc" => { inherit_from => [ "darwin-common", asm("ppc64_asm") ], - cflags => add("-arch ppc64 -std=gnu9x -DB_ENDIAN"), + cflags => add("-arch ppc64 -std=gnu9x"), + lib_cppflags => add("-DB_ENDIAN"), bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", perlasm_scheme => "osx64", - shared_ldflag => "-arch ppc64 -dynamiclib", }, "darwin-i386-cc" => { inherit_from => [ "darwin-common", asm("x86_asm") ], - cflags => add(picker(default => "-arch i386 -DL_ENDIAN", - release => "-fomit-frame-pointer")), + CFLAGS => add(picker(release => "-fomit-frame-pointer")), + cflags => add("-arch i386"), + lib_cppflags => add("-DL_ENDIAN"), bn_ops => "BN_LLONG RC4_INT", perlasm_scheme => "macosx", - shared_ldflag => "-arch i386 -dynamiclib", }, "darwin64-x86_64-cc" => { inherit_from => [ "darwin-common", asm("x86_64_asm") ], - cflags => add("-arch x86_64 -DL_ENDIAN -Wall"), + CFLAGS => add("-Wall"), + cflags => add("-arch x86_64"), + lib_cppflags => add("-DL_ENDIAN"), bn_ops => "SIXTY_FOUR_BIT_LONG", perlasm_scheme => "macosx", - shared_ldflag => "-arch x86_64 -dynamiclib", - }, - -#### iPhoneOS/iOS -# -# It takes three prior-set environment variables to make it work: -# -# CROSS_COMPILE=/where/toolchain/is/usr/bin/ [note ending slash] -# CROSS_TOP=/where/SDKs/are -# CROSS_SDK=iPhoneOSx.y.sdk -# -# Exact paths vary with Xcode releases, but for couple of last ones -# they would look like this: -# -# CROSS_COMPILE=`xcode-select --print-path`/Toolchains/XcodeDefault.xctoolchain/usr/bin/ -# CROSS_TOP=`xcode-select --print-path`/Platforms/iPhoneOS.platform/Developer -# CROSS_SDK=iPhoneOS.sdk -# - "iphoneos-cross" => { - inherit_from => [ "darwin-common" ], - cflags => add("-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common"), - sys_id => "iOS", - }, - "ios-cross" => { - inherit_from => [ "darwin-common", asm("armv4_asm") ], - # It should be possible to go below iOS 6 and even add -arch armv6, - # thus targeting iPhone pre-3GS, but it's assumed to be irrelevant - # at this point. - cflags => add("-arch armv7 -mios-version-min=6.0.0 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common"), - sys_id => "iOS", - perlasm_scheme => "ios32", - }, - "ios64-cross" => { - inherit_from => [ "darwin-common", asm("aarch64_asm") ], - cflags => add("-arch arm64 -mios-version-min=7.0.0 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common"), - sys_id => "iOS", - bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", - perlasm_scheme => "ios64", }, ##### GNU Hurd "hurd-x86" => { inherit_from => [ "BASE_unix" ], inherit_from => [ asm("x86_elf_asm") ], - cc => "gcc", - cflags => combine("-DL_ENDIAN -O3 -fomit-frame-pointer -Wall", - threads("-pthread")), + CC => "gcc", + CFLAGS => "-O3 -fomit-frame-pointer -Wall", + cflags => threads("-pthread"), + lib_cppflags => "-DL_ENDIAN", ex_libs => add("-ldl", threads("-pthread")), bn_ops => "BN_LLONG", thread_scheme => "pthreads", dso_scheme => "dlfcn", shared_target => "linux-shared", shared_cflag => "-fPIC", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", }, ##### VxWorks for various targets "vxworks-ppc60x" => { inherit_from => [ "BASE_unix" ], - cc => "ccppc", - cflags => "-D_REENTRANT -mrtp -mhard-float -mstrict-align -fno-implicit-fp -DPPC32_fp60x -O2 -fstrength-reduce -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/usr/h/wrn/coreip", + CC => "ccppc", + CFLAGS => "-O2 -Wall -fstrength-reduce", + cflags => "-mrtp -mhard-float -mstrict-align -fno-implicit-fp -fno-builtin -fno-strict-aliasing", + cppflags => combine("-D_REENTRANT -DPPC32_fp60x -DCPU=PPC32", + "_DTOOL_FAMILY=gnu -DTOOL=gnu", + "-I\$(WIND_BASE)/target/usr/h", + "-I\$(WIND_BASE)/target/usr/h/wrn/coreip"), sys_id => "VXWORKS", - ex_libs => add("-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/common"), + lflags => add("-L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/common"), + ex_libs => add("-Wl,--defsym,__wrs_rtp_base=0xe0000000"), }, "vxworks-ppcgen" => { inherit_from => [ "BASE_unix" ], - cc => "ccppc", - cflags => "-D_REENTRANT -mrtp -msoft-float -mstrict-align -O1 -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/usr/h/wrn/coreip", + CC => "ccppc", + CFLAGS => "-O1 -Wall", + cflags => "-mrtp -msoft-float -mstrict-align -fno-builtin -fno-strict-aliasing", + cppflags => combine("-D_REENTRANT -DPPC32 -DCPU=PPC32", + "-DTOOL_FAMILY=gnu -DTOOL=gnu", + "-I\$(WIND_BASE)/target/usr/h", + "-I\$(WIND_BASE)/target/usr/h/wrn/coreip"), sys_id => "VXWORKS", - ex_libs => add("-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/sfcommon"), + lflags => add("-L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/sfcommon"), + ex_libs => add("-Wl,--defsym,__wrs_rtp_base=0xe0000000"), }, "vxworks-ppc405" => { inherit_from => [ "BASE_unix" ], - cc => "ccppc", - cflags => "-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h", + CC => "ccppc", + CFLAGS => "-g", + cflags => "-msoft-float -mlongcall", + cppflags => combine("-D_REENTRANT -DPPC32 -DCPU=PPC405", + "-DTOOL_FAMILY=gnu -DTOOL=gnu", + "-I\$(WIND_BASE)/target/h"), sys_id => "VXWORKS", - lflags => "-r", + lflags => add("-r"), }, "vxworks-ppc750" => { inherit_from => [ "BASE_unix" ], - cc => "ccppc", - cflags => "-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG)", + CC => "ccppc", + CFLAGS => "-ansi -fvolatile -Wall \$(DEBUG_FLAG)", + cflags => "-nostdinc -fno-builtin -fno-for-scope -fsigned-char -msoft-float -mlongcall", + cppflags => combine("-DPPC750 -D_REENTRANT -DCPU=PPC604", + "-I\$(WIND_BASE)/target/h"), sys_id => "VXWORKS", - lflags => "-r", + lflags => add("-r"), }, "vxworks-ppc750-debug" => { inherit_from => [ "BASE_unix" ], - cc => "ccppc", - cflags => "-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DPEDANTIC -DDEBUG -g", + CC => "ccppc", + CFLAGS => "-ansi -fvolatile -Wall -g", + cflags => "-nostdinc -fno-builtin -fno-for-scope -fsigned-char -msoft-float -mlongcall", + cppflags => combine("-DPPC750 -D_REENTRANT -DCPU=PPC604", + "-DPEDANTIC -DDEBUG", + "-I\$(WIND_BASE)/target/h"), sys_id => "VXWORKS", - lflags => "-r", + lflags => add("-r"), }, "vxworks-ppc860" => { inherit_from => [ "BASE_unix" ], - cc => "ccppc", - cflags => "-nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I\$(WIND_BASE)/target/h", + CC => "ccppc", + cflags => "-nostdinc -msoft-float", + cppflags => combine("-DCPU=PPC860 -DNO_STRINGS_H", + "-I\$(WIND_BASE)/target/h"), sys_id => "VXWORKS", - lflags => "-r", + lflags => add("-r"), }, "vxworks-simlinux" => { inherit_from => [ "BASE_unix" ], - cc => "ccpentium", - cflags => "-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DL_ENDIAN -DCPU=SIMLINUX -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I\$(WIND_BASE)/target/h -I\$(WIND_BASE)/target/h/wrn/coreip -DOPENSSL_NO_HW_PADLOCK", + CC => "ccpentium", + cflags => "-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -fno-builtin -fno-defer-pop", + cppflags => combine("-D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\"", + "-DL_ENDIAN -DCPU=SIMLINUX -DNO_STRINGS_H", + "-DTOOL_FAMILY=gnu -DTOOL=gnu", + "-DOPENSSL_NO_HW_PADLOCK", + "-I\$(WIND_BASE)/target/h", + "-I\$(WIND_BASE)/target/h/wrn/coreip"), sys_id => "VXWORKS", - lflags => "-r", + lflags => add("-r"), ranlib => "ranlibpentium", }, "vxworks-mips" => { inherit_from => [ "BASE_unix", asm("mips32_asm") ], - cc => "ccmips", - cflags => combine("-mrtp -mips2 -O -G 0 -B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DCPU=MIPS32 -msoft-float -mno-branch-likely -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/h/wrn/coreip", - threads("-D_REENTRANT")), + CC => "ccmips", + CFLAGS => "-O -G 0", + cflags => "-mrtp -mips2 -B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -msoft-float -mno-branch-likely -fno-builtin -fno-defer-pop", + cppflags => combine("-D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\"", + "-DCPU=MIPS32 -DNO_STRINGS_H", + "-DTOOL_FAMILY=gnu -DTOOL=gnu", + "-DOPENSSL_NO_HW_PADLOCK", + threads("-D_REENTRANT"), + "-I\$(WIND_BASE)/target/h", + "-I\$(WIND_BASE)/target/h/wrn/coreip"), sys_id => "VXWORKS", - ex_libs => add("-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/mips/MIPSI32/sfcommon"), + lflags => add("-L \$(WIND_BASE)/target/usr/lib/mips/MIPSI32/sfcommon"), + ex_libs => add("-Wl,--defsym,__wrs_rtp_base=0xe0000000"), thread_scheme => "pthreads", perlasm_scheme => "o32", ranlib => "ranlibmips", @@ -1717,157 +1680,124 @@ sub vms_info { #### uClinux "uClinux-dist" => { inherit_from => [ "BASE_unix" ], - cc => "$ENV{'CC'}", - cflags => combine(threads("-D_REENTRANT")), + CC => sub { env('CC') }, + cppflags => threads("-D_REENTRANT"), ex_libs => add("\$(LDLIBS)"), bn_ops => "BN_LLONG", thread_scheme => "pthreads", - dso_scheme => "$ENV{'LIBSSL_dlfcn'}", + dso_scheme => sub { env('LIBSSL_dlfcn') }, shared_target => "linux-shared", shared_cflag => "-fPIC", - shared_ldflag => "-shared", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - ranlib => "$ENV{'RANLIB'}", + shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", + ranlib => sub { env('RANLIB') }, }, "uClinux-dist64" => { inherit_from => [ "BASE_unix" ], - cc => "$ENV{'CC'}", - cflags => combine(threads("-D_REENTRANT")), + CC => sub { env('CC') }, + cppflags => threads("-D_REENTRANT"), ex_libs => add("\$(LDLIBS)"), bn_ops => "SIXTY_FOUR_BIT_LONG", thread_scheme => "pthreads", - dso_scheme => "$ENV{'LIBSSL_dlfcn'}", + dso_scheme => sub { env('LIBSSL_dlfcn') }, shared_target => "linux-shared", shared_cflag => "-fPIC", - shared_ldflag => "-shared", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - ranlib => "$ENV{'RANLIB'}", + shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", + ranlib => sub { env('RANLIB') }, }, ##### VMS + # Most things happen in vms-generic. + # Note that vms_info extracts the pointer size from the end of + # the target name, and will assume that anything matching /-p\d+$/ + # indicates the pointer size setting for the desired target. "vms-generic" => { inherit_from => [ "BASE_VMS" ], template => 1, - cc => "CC/DECC", - cflags => picker(default => "/STANDARD=(ISOC94,RELAXED)/NOLIST/PREFIX=ALL", - debug => "/NOOPTIMIZE/DEBUG", - release => "/OPTIMIZE/NODEBUG"), - defines => add("OPENSSL_USE_NODELETE"), - lflags => picker(default => "/MAP", + CC => "CC/DECC", + CPP => '$(CC)/PREPROCESS_ONLY=SYS$OUTPUT:', + CFLAGS => + combine(picker(default => "/STANDARD=(ISOC94,RELAXED)/NOLIST/PREFIX=ALL", + debug => "/NOOPTIMIZE/DEBUG", + release => "/OPTIMIZE/NODEBUG"), + sub { my @warnings = + @{vms_info()->{disable_warns}}; + @warnings + ? "/WARNINGS=DISABLE=(".join(",",@warnings).")" : (); }), + lib_defines => + add("OPENSSL_USE_NODELETE", + sub { + return vms_info()->{def_zlib} + ? "LIBZ=\"\"\"".vms_info()->{def_zlib}."\"\"\"" : (); + }), + lflags => picker(default => "/MAP='F\$PARSE(\".MAP\",\"\$\@\")'", debug => "/DEBUG/TRACEBACK", release => "/NODEBUG/NOTRACEBACK"), lib_cflags => add("/NAMES=(AS_IS,SHORTENED)/EXTERN_MODEL=STRICT_REFDEF"), - dso_cflags => add("/NAMES=(AS_IS,SHORTENED)"), + # no_inst_lib_cflags is used instead of lib_cflags by descrip.mms.tmpl + # for object files belonging to selected internal libraries + no_inst_lib_cflags => "", + ex_libs => add(sub { return vms_info()->{zlib} || (); }), shared_target => "vms-shared", dso_scheme => "vms", thread_scheme => "pthreads", - apps_aux_src => "vms_decc_init.c vms_term_sock.c", + AS => sub { vms_info()->{AS} }, + ASFLAGS => sub { vms_info()->{ASFLAGS} }, + asoutflag => sub { vms_info()->{asoutflag} }, + asflags => sub { vms_info()->{asflags} }, + perlasm_scheme => sub { vms_info()->{perlasm_scheme} }, + + apps_aux_src => "vms_term_sock.c", + apps_init_src => "vms_decc_init.c", }, + # From HELP CC/POINTER_SIZE: + # + # ---------- + # LONG[=ARGV] The compiler assumes 64-bit pointers. If the ARGV option to + # LONG or 64 is present, the main argument argv will be an + # array of long pointers instead of an array of short pointers. + # + # 64[=ARGV] Same as LONG. + # ---------- + # + # We don't want the hassle of dealing with 32-bit pointers with argv, so + # we force it to have 64-bit pointers, see the added cflags in the -p64 + # config targets below. + "vms-alpha" => { inherit_from => [ "vms-generic" ], - cflags => add(sub { my @warnings = - @{vms_info(0)->{disable_warns}}; - @warnings - ? "/WARNINGS=DISABLE=(".join(",",@warnings).")" : (); }), - defines => - add(sub { - return vms_info(0)->{def_zlib} - ? "LIBZ=\"\"\"".vms_info(0)->{def_zlib}."\"\"\"" : (); - }), - ex_libs => add(sub { return vms_info(0)->{zlib} || (); }), - pointer_size => sub { return vms_info(0)->{pointer_size} }, - #as => "???", - #debug_aflags => "/NOOPTIMIZE/DEBUG", - #release_aflags => "/OPTIMIZE/NODEBUG", - bn_opts => "SIXTY_FOUR_BIT RC4_INT", + bn_ops => "SIXTY_FOUR_BIT RC4_INT", + pointer_size => "", }, "vms-alpha-p32" => { - inherit_from => [ "vms-generic" ], - cflags => - add("/POINTER_SIZE=32", - sub { my @warnings = - @{vms_info(32)->{disable_warns}}; - @warnings - ? "/WARNINGS=DISABLE=(".join(",",@warnings).")" : (); - } ), - defines => - add(sub { - return vms_info(32)->{def_zlib} - ? "LIBZ=\"\"\"".vms_info(32)->{def_zlib}."\"\"\"" : (); - }), - ex_libs => add(sub { return vms_info(32)->{zlib} || (); }), - pointer_size => sub { return vms_info(32)->{pointer_size} }, + inherit_from => [ "vms-alpha" ], + cflags => add("/POINTER_SIZE=32"), + pointer_size => "32", }, "vms-alpha-p64" => { - inherit_from => [ "vms-generic" ], - cflags => - add("/POINTER_SIZE=64=ARGV", - sub { my @warnings = - @{vms_info(64)->{disable_warns}}; - @warnings - ? "/WARNINGS=DISABLE=(".join(",",@warnings).")" : (); - } ), - defines => - add(sub { - return vms_info(64)->{def_zlib} - ? "LIBZ=\"\"\"".vms_info(64)->{def_zlib}."\"\"\"" : (); - }), - ex_libs => add(sub { return vms_info(64)->{zlib} || (); }), - pointer_size => sub { return vms_info(64)->{pointer_size} }, + inherit_from => [ "vms-alpha" ], + cflags => add("/POINTER_SIZE=64=ARGV"), + pointer_size => "64", }, "vms-ia64" => { - inherit_from => [ "vms-generic" ], - cflags => add(sub { my @warnings = - @{vms_info(0)->{disable_warns}}; - @warnings - ? "/WARNINGS=DISABLE=(".join(",",@warnings).")" : (); }), - defines => - add(sub { - return vms_info(0)->{def_zlib} - ? "LIBZ=\"\"\"".vms_info(0)->{def_zlib}."\"\"\"" : (); - }), - ex_libs => add(sub { return vms_info(0)->{zlib} || (); }), - pointer_size => sub { return vms_info(0)->{pointer_size} }, - #as => "I4S", - #debug_aflags => "/NOOPTIMIZE/DEBUG", - #release_aflags => "/OPTIMIZE/NODEBUG", - bn_opts => "SIXTY_FOUR_BIT RC4_INT", + inherit_from => [ "vms-generic", + sub { vms_info()->{as} + ? asm("ia64_asm")->() : () } ], + bn_ops => "SIXTY_FOUR_BIT RC4_INT", + pointer_size => "", + + modes_asm_src => "", # Because ghash-ia64.s doesn't work on VMS }, "vms-ia64-p32" => { - inherit_from => [ "vms-generic" ], - cflags => - add("/POINTER_SIZE=32", - sub { my @warnings = - @{vms_info(32)->{disable_warns}}; - @warnings - ? "/WARNINGS=DISABLE=(".join(",",@warnings).")" : (); - } ), - defines => - add(sub { - return vms_info(32)->{def_zlib} - ? "LIBZ=\"\"\"".vms_info(32)->{def_zlib}."\"\"\"" : (); - }), - ex_libs => add(sub { return vms_info(32)->{zlib} || (); }), - pointer_size => sub { return vms_info(32)->{pointer_size} }, + inherit_from => [ "vms-ia64" ], + cflags => add("/POINTER_SIZE=32"), + pointer_size => "32", }, "vms-ia64-p64" => { - inherit_from => [ "vms-generic" ], - cflags => - add("/POINTER_SIZE=64=ARGV", - sub { my @warnings = - @{vms_info(64)->{disable_warns}}; - @warnings - ? "/WARNINGS=DISABLE=(".join(",",@warnings).")" : (); - } ), - defines => - add(sub { - return vms_info(64)->{def_zlib} - ? "LIBZ=\"\"\"".vms_info(64)->{def_zlib}."\"\"\"" : (); - }), - ex_libs => add(sub { return vms_info(64)->{zlib} || (); }), - pointer_size => sub { return vms_info(64)->{pointer_size} }, + inherit_from => [ "vms-ia64" ], + cflags => add("/POINTER_SIZE=64=ARGV"), + pointer_size => "64", }, ); diff --git a/deps/openssl/openssl/Configurations/15-android.conf b/deps/openssl/openssl/Configurations/15-android.conf new file mode 100644 index 00000000000000..10342ed5e3750d --- /dev/null +++ b/deps/openssl/openssl/Configurations/15-android.conf @@ -0,0 +1,255 @@ +#### Android... +# +# See NOTES.ANDROID for details, and don't miss platform-specific +# comments below... + +{ + use File::Spec::Functions; + + my $android_ndk = {}; + my %triplet = ( + arm => "arm-linux-androideabi", + arm64 => "aarch64-linux-android", + mips => "mipsel-linux-android", + mips64 => "mips64el-linux-android", + x86 => "i686-linux-android", + x86_64 => "x86_64-linux-android", + ); + + sub android_ndk { + unless (%$android_ndk) { + if ($now_printing =~ m|^android|) { + return $android_ndk = { bn_ops => "BN_AUTO" }; + } + + my $ndk = $ENV{ANDROID_NDK}; + die "\$ANDROID_NDK is not defined" if (!$ndk); + if (!-d "$ndk/platforms" && !-f "$ndk/AndroidVersion.txt") { + # $ndk/platforms is traditional "all-inclusive" NDK, while + # $ndk/AndroidVersion.txt is so-called standalone toolchain + # tailored for specific target down to API level. + die "\$ANDROID_NDK=$ndk is invalid"; + } + $ndk = canonpath($ndk); + + my $ndkver = undef; + + if (open my $fh, "<$ndk/source.properties") { + local $_; + while(<$fh>) { + if (m|Pkg\.Revision\s*=\s*([0-9]+)|) { + $ndkver = $1; + last; + } + } + close $fh; + } + + my ($sysroot, $api, $arch); + + $config{target} =~ m|[^-]+-([^-]+)$|; # split on dash + $arch = $1; + + if ($sysroot = $ENV{CROSS_SYSROOT}) { + $sysroot =~ m|/android-([0-9]+)/arch-(\w+)/?$|; + ($api, $arch) = ($1, $2); + } elsif (-f "$ndk/AndroidVersion.txt") { + $sysroot = "$ndk/sysroot"; + } else { + $api = "*"; + + # see if user passed -D__ANDROID_API__=N + foreach (@{$useradd{CPPDEFINES}}, @{$user{CPPFLAGS}}) { + if (m|__ANDROID_API__=([0-9]+)|) { + $api = $1; + last; + } + } + + # list available platforms (numerically) + my @platforms = sort { $a =~ m/-([0-9]+)$/; my $aa = $1; + $b =~ m/-([0-9]+)$/; $aa <=> $1; + } glob("$ndk/platforms/android-$api"); + die "no $ndk/platforms/android-$api" if ($#platforms < 0); + + $sysroot = "@platforms[$#platforms]/arch-$arch"; + $sysroot =~ m|/android-([0-9]+)/arch-$arch|; + $api = $1; + } + die "no sysroot=$sysroot" if (!-d $sysroot); + + my $triarch = $triplet{$arch}; + my $cflags; + my $cppflags; + + # see if there is NDK clang on $PATH, "universal" or "standalone" + if (which("clang") =~ m|^$ndk/.*/prebuilt/([^/]+)/|) { + my $host=$1; + # harmonize with gcc default + my $arm = $ndkver > 16 ? "armv7a" : "armv5te"; + (my $tridefault = $triarch) =~ s/^arm-/$arm-/; + (my $tritools = $triarch) =~ s/(?:x|i6)86(_64)?-.*/x86$1/; + $cflags .= " -target $tridefault " + . "-gcc-toolchain \$(ANDROID_NDK)/toolchains" + . "/$tritools-4.9/prebuilt/$host"; + $user{CC} = "clang" if ($user{CC} !~ m|clang|); + $user{CROSS_COMPILE} = undef; + if (which("llvm-ar") =~ m|^$ndk/.*/prebuilt/([^/]+)/|) { + $user{AR} = "llvm-ar"; + $user{ARFLAGS} = [ "rs" ]; + $user{RANLIB} = ":"; + } + } elsif (-f "$ndk/AndroidVersion.txt") { #"standalone toolchain" + my $cc = $user{CC} // "clang"; + # One can probably argue that both clang and gcc should be + # probed, but support for "standalone toolchain" was added + # *after* announcement that gcc is being phased out, so + # favouring clang is considered adequate. Those who insist + # have option to enforce test for gcc with CC=gcc. + if (which("$triarch-$cc") !~ m|^$ndk|) { + die "no NDK $triarch-$cc on \$PATH"; + } + $user{CC} = $cc; + $user{CROSS_COMPILE} = "$triarch-"; + } elsif ($user{CC} eq "clang") { + die "no NDK clang on \$PATH"; + } else { + if (which("$triarch-gcc") !~ m|^$ndk/.*/prebuilt/([^/]+)/|) { + die "no NDK $triarch-gcc on \$PATH"; + } + $cflags .= " -mandroid"; + $user{CROSS_COMPILE} = "$triarch-"; + } + + if (!-d "$sysroot/usr/include") { + my $incroot = "$ndk/sysroot/usr/include"; + die "no $incroot" if (!-d $incroot); + die "no $incroot/$triarch" if (!-d "$incroot/$triarch"); + $incroot =~ s|^$ndk/||; + $cppflags = "-D__ANDROID_API__=$api"; + $cppflags .= " -isystem \$(ANDROID_NDK)/$incroot/$triarch"; + $cppflags .= " -isystem \$(ANDROID_NDK)/$incroot"; + } + + $sysroot =~ s|^$ndk/||; + $android_ndk = { + cflags => "$cflags --sysroot=\$(ANDROID_NDK)/$sysroot", + cppflags => $cppflags, + bn_ops => $arch =~ m/64$/ ? "SIXTY_FOUR_BIT_LONG" + : "BN_LLONG", + }; + } + + return $android_ndk; + } +} + +my %targets = ( + "android" => { + inherit_from => [ "linux-generic32" ], + template => 1, + ################################################################ + # Special note about -pie. The underlying reason is that + # Lollipop refuses to run non-PIE. But what about older systems + # and NDKs? -fPIC was never problem, so the only concern is -pie. + # Older toolchains, e.g. r4, appear to handle it and binaries + # turn out mostly functional. "Mostly" means that oldest + # Androids, such as Froyo, fail to handle executable, but newer + # systems are perfectly capable of executing binaries targeting + # Froyo. Keep in mind that in the nutshell Android builds are + # about JNI, i.e. shared libraries, not applications. + cflags => add(sub { android_ndk()->{cflags} }), + cppflags => add(sub { android_ndk()->{cppflags} }), + cxxflags => add(sub { android_ndk()->{cflags} }), + bn_ops => sub { android_ndk()->{bn_ops} }, + bin_cflags => "-pie", + enable => [ ], + }, + "android-arm" => { + ################################################################ + # Contemporary Android applications can provide multiple JNI + # providers in .apk, targeting multiple architectures. Among + # them there is "place" for two ARM flavours: generic eabi and + # armv7-a/hard-float. However, it should be noted that OpenSSL's + # ability to engage NEON is not constrained by ABI choice, nor + # is your ability to call OpenSSL from your application code + # compiled with floating-point ABI other than default 'soft'. + # (Latter thanks to __attribute__((pcs("aapcs"))) declaration.) + # This means that choice of ARM libraries you provide in .apk + # is driven by application needs. For example if application + # itself benefits from NEON or is floating-point intensive, then + # it might be appropriate to provide both libraries. Otherwise + # just generic eabi would do. But in latter case it would be + # appropriate to + # + # ./Configure android-arm -D__ARM_MAX_ARCH__=8 + # + # in order to build "universal" binary and allow OpenSSL take + # advantage of NEON when it's available. + # + # Keep in mind that (just like with linux-armv4) we rely on + # compiler defaults, which is not necessarily what you had + # in mind, in which case you would have to pass additional + # -march and/or -mfloat-abi flags. NDK defaults to armv5te. + # Newer NDK versions reportedly require additional -latomic. + # + inherit_from => [ "android", asm("armv4_asm") ], + bn_ops => add("RC4_CHAR"), + }, + "android-arm64" => { + inherit_from => [ "android", asm("aarch64_asm") ], + bn_ops => add("RC4_CHAR"), + perlasm_scheme => "linux64", + }, + + "android-mips" => { + inherit_from => [ "android", asm("mips32_asm") ], + bn_ops => add("RC4_CHAR"), + perlasm_scheme => "o32", + }, + "android-mips64" => { + ################################################################ + # You are more than likely have to specify target processor + # on ./Configure command line. Trouble is that toolchain's + # default is MIPS64r6 (at least in r10d), but there are no + # such processors around (or they are too rare to spot one). + # Actual problem is that MIPS64r6 is binary incompatible + # with previous MIPS ISA versions, in sense that unlike + # prior versions original MIPS binary code will fail. + # + inherit_from => [ "android", asm("mips64_asm") ], + bn_ops => add("RC4_CHAR"), + perlasm_scheme => "64", + }, + + "android-x86" => { + inherit_from => [ "android", asm("x86_asm") ], + CFLAGS => add(picker(release => "-fomit-frame-pointer")), + bn_ops => add("RC4_INT"), + perlasm_scheme => "android", + }, + "android-x86_64" => { + inherit_from => [ "android", asm("x86_64_asm") ], + bn_ops => add("RC4_INT"), + perlasm_scheme => "elf", + }, + + #################################################################### + # Backward compatible targets, (might) requre $CROSS_SYSROOT + # + "android-armeabi" => { + inherit_from => [ "android-arm" ], + }, + "android64" => { + inherit_from => [ "android" ], + }, + "android64-aarch64" => { + inherit_from => [ "android-arm64" ], + }, + "android64-x86_64" => { + inherit_from => [ "android-x86_64" ], + }, + "android64-mips64" => { + inherit_from => [ "android-mips64" ], + }, +); diff --git a/deps/openssl/openssl/Configurations/15-ios.conf b/deps/openssl/openssl/Configurations/15-ios.conf new file mode 100644 index 00000000000000..1bb9f48d065052 --- /dev/null +++ b/deps/openssl/openssl/Configurations/15-ios.conf @@ -0,0 +1,62 @@ +#### iPhoneOS/iOS +# +# It takes recent enough XCode to use following two targets. It shouldn't +# be a problem by now, but if they don't work, original targets below +# that depend on manual definition of environment variables should still +# work... +# +my %targets = ( + "ios-common" => { + template => 1, + inherit_from => [ "darwin-common" ], + sys_id => "iOS", + disable => [ "engine", "async" ], + }, + "ios-xcrun" => { + inherit_from => [ "ios-common", asm("armv4_asm") ], + # It should be possible to go below iOS 6 and even add -arch armv6, + # thus targeting iPhone pre-3GS, but it's assumed to be irrelevant + # at this point. + CC => "xcrun -sdk iphoneos cc", + cflags => add("-arch armv7 -mios-version-min=6.0.0 -fno-common"), + perlasm_scheme => "ios32", + }, + "ios64-xcrun" => { + inherit_from => [ "ios-common", asm("aarch64_asm") ], + CC => "xcrun -sdk iphoneos cc", + cflags => add("-arch arm64 -mios-version-min=7.0.0 -fno-common"), + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", + perlasm_scheme => "ios64", + }, + "iossimulator-xcrun" => { + inherit_from => [ "ios-common" ], + CC => "xcrun -sdk iphonesimulator cc", + }, +# It takes three prior-set environment variables to make it work: +# +# CROSS_COMPILE=/where/toolchain/is/usr/bin/ [note ending slash] +# CROSS_TOP=/where/SDKs/are +# CROSS_SDK=iPhoneOSx.y.sdk +# +# Exact paths vary with Xcode releases, but for couple of last ones +# they would look like this: +# +# CROSS_COMPILE=`xcode-select --print-path`/Toolchains/XcodeDefault.xctoolchain/usr/bin/ +# CROSS_TOP=`xcode-select --print-path`/Platforms/iPhoneOS.platform/Developer +# CROSS_SDK=iPhoneOS.sdk +# + "iphoneos-cross" => { + inherit_from => [ "ios-common" ], + cflags => add("-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common"), + }, + "ios-cross" => { + inherit_from => [ "ios-xcrun" ], + CC => "cc", + cflags => add("-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK)"), + }, + "ios64-cross" => { + inherit_from => [ "ios64-xcrun" ], + CC => "cc", + cflags => add("-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK)"), + }, +); diff --git a/deps/openssl/openssl/Configurations/50-djgpp.conf b/deps/openssl/openssl/Configurations/50-djgpp.conf index f532bd16f779a6..a8853a81a14651 100644 --- a/deps/openssl/openssl/Configurations/50-djgpp.conf +++ b/deps/openssl/openssl/Configurations/50-djgpp.conf @@ -2,13 +2,15 @@ # and rely entirely on the OpenSSL community to help is fine # tune and test. -%targets = ( +my %targets = ( "DJGPP" => { inherit_from => [ asm("x86_asm") ], - cc => "gcc", - cflags => "-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall", + CC => "gcc", + CFLAGS => "-fomit-frame-pointer -O2 -Wall", + cflags => "-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN", sys_id => "MSDOS", - ex_libs => add("-L/dev/env/WATT_ROOT/lib -lwatt"), + lflags => add("-L/dev/env/WATT_ROOT/lib"), + ex_libs => add("-lwatt"), bn_ops => "BN_LLONG", perlasm_scheme => "a.out", }, diff --git a/deps/openssl/openssl/Configurations/50-haiku.conf b/deps/openssl/openssl/Configurations/50-haiku.conf index f1146666096501..cd6d10e5f08260 100644 --- a/deps/openssl/openssl/Configurations/50-haiku.conf +++ b/deps/openssl/openssl/Configurations/50-haiku.conf @@ -1,10 +1,11 @@ -%targets = ( +my %targets = ( "haiku-common" => { template => 1, - cc => "cc", - cflags => add_before(picker(default => "-DL_ENDIAN -Wall -include \$(SRCDIR)/os-dep/haiku.h", + CC => "cc", + CFLAGS => add_before(picker(default => "-Wall", debug => "-g -O0", - release => "-O2"), + release => "-O2")), + cflags => add_before("-DL_ENDIAN -include \$(SRCDIR)/os-dep/haiku.h", threads("-D_REENTRANT")), sys_id => "HAIKU", ex_libs => "-lnetwork", @@ -14,11 +15,11 @@ shared_target => "gnu-shared", shared_cflag => "-fPIC", shared_ldflag => "-shared", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", }, "haiku-x86" => { inherit_from => [ "haiku-common", asm("x86_elf_asm") ], - cflags => add(picker(release => "-fomit-frame-pointer")), + CFLAGS => add(picker(release => "-fomit-frame-pointer")), bn_ops => "BN_LLONG", }, "haiku-x86_64" => { diff --git a/deps/openssl/openssl/Configurations/50-masm.conf b/deps/openssl/openssl/Configurations/50-masm.conf index 60a55072f25606..2c55dddc2a0fb4 100644 --- a/deps/openssl/openssl/Configurations/50-masm.conf +++ b/deps/openssl/openssl/Configurations/50-masm.conf @@ -7,11 +7,17 @@ # proven to be daunting task. This is experimental target, for # production builds stick with [up-to-date version of] nasm. -%targets = ( +my %targets = ( "VC-WIN64A-masm" => { - inherit_from => [ "VC-WIN64A" ], - as => "ml64", - asflags => "/c /Cp /Cx /Zi", + inherit_from => [ "VC-WIN64-common", asm("x86_64_asm"), + sub { $disabled{shared} ? () : "x86_64_uplink" } ], + AS => "ml64", + ASFLAGS => "/nologo /Zi", asoutflag => "/Fo", + asflags => "/c /Cp /Cx", + sys_id => "WIN64A", + bn_asm_src => sub { return undef unless @_; + my $r=join(" ",@_); $r=~s|asm/x86_64-gcc|bn_asm|; $r; }, + perlasm_scheme => "masm", }, ); diff --git a/deps/openssl/openssl/Configurations/50-win-onecore.conf b/deps/openssl/openssl/Configurations/50-win-onecore.conf new file mode 100644 index 00000000000000..51cb3819cb9907 --- /dev/null +++ b/deps/openssl/openssl/Configurations/50-win-onecore.conf @@ -0,0 +1,64 @@ +# Windows OneCore targets. +# +# OneCore is new API stability "contract" that transends Desktop, IoT and +# Mobile[?] Windows editions. It's a set up "umbrella" libraries that +# export subset of Win32 API that are common to all Windows 10 devices. +# +# OneCore Configuration temporarly dedicated for console applications +# due to disabled event logging, which is incompatible with one core. +# Error messages are provided via standard error only. +# TODO: extend error handling to use ETW based eventing +# (Or rework whole error messaging) + +my %targets = ( + "VC-WIN32-ONECORE" => { + inherit_from => [ "VC-WIN32" ], + # /NODEFAULTLIB:kernel32.lib is needed, because MSVCRT.LIB has + # hidden reference to kernel32.lib, but we don't actually want + # it in "onecore" build. + lflags => add("/NODEFAULTLIB:kernel32.lib"), + defines => add("OPENSSL_SYS_WIN_CORE"), + ex_libs => "onecore.lib", + }, + "VC-WIN64A-ONECORE" => { + inherit_from => [ "VC-WIN64A" ], + lflags => add("/NODEFAULTLIB:kernel32.lib"), + defines => add("OPENSSL_SYS_WIN_CORE"), + ex_libs => "onecore.lib", + }, + + # Windows on ARM targets. ARM compilers are additional components in + # VS2017, i.e. they are not installed by default. And when installed, + # there are no "ARM Tool Command Prompt"s on Start menu, you have + # to locate vcvarsall.bat and act accordingly. VC-WIN32-ARM has + # received limited testing with evp_test.exe on Windows 10 IoT Core, + # but not VC-WIN64-ARM, no hardware... In other words they are not + # actually supported... + # + # Another thing to keep in mind [in cross-compilation scenario such + # as this one] is that target's file system has nothing to do with + # compilation system's one. This means that you're are likely to use + # --prefix and --openssldir with target-specific values. 'nmake install' + # step is effectively meaningless in cross-compilation case, though + # it might be useful to 'nmake install DESTDIR=S:\ome\where' where you + # can point Visual Studio to when compiling custom application code. + + "VC-WIN32-ARM" => { + inherit_from => [ "VC-noCE-common" ], + defines => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE", + "OPENSSL_SYS_WIN_CORE"), + bn_ops => "BN_LLONG RC4_CHAR EXPORT_VAR_AS_FN", + lflags => add("/NODEFAULTLIB:kernel32.lib"), + ex_libs => "onecore.lib", + multilib => "-arm", + }, + "VC-WIN64-ARM" => { + inherit_from => [ "VC-noCE-common" ], + defines => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE", + "OPENSSL_SYS_WIN_CORE"), + bn_ops => "SIXTY_FOUR_BIT RC4_CHAR EXPORT_VAR_AS_FN", + lflags => add("/NODEFAULTLIB:kernel32.lib"), + ex_libs => "onecore.lib", + multilib => "-arm64", + }, +); diff --git a/deps/openssl/openssl/Configurations/README b/deps/openssl/openssl/Configurations/README index 6e13645491f7c5..d2d893d8d2fe1c 100644 --- a/deps/openssl/openssl/Configurations/README +++ b/deps/openssl/openssl/Configurations/README @@ -38,20 +38,43 @@ In each table entry, the following keys are significant: sys_id => System identity for systems where that is difficult to determine automatically. - cc => The compiler command, usually one of "cc", + enable => Enable specific configuration features. + This MUST be an array of words. + disable => Disable specific configuration features. + This MUST be an array of words. + Note: if the same feature is both enabled + and disabled, disable wins. + + as => The assembler command. This is not always + used (for example on Unix, where the C + compiler is used instead). + asflags => Default assembler command flags [4]. + cpp => The C preprocessor command, normally not + given, as the build file defaults are + usually good enough. + cppflags => Default C preprocessor flags [4]. + defines => As an alternative, macro definitions may be + given here instead of in `cppflags' [4]. + If given here, they MUST be as an array of + the string such as "MACRO=value", or just + "MACRO" for definitions without value. + includes => As an alternative, inclusion directories + may be given here instead of in `cppflags' + [4]. If given here, the MUST be an array + of strings, one directory specification + each. + cc => The C compiler command, usually one of "cc", "gcc" or "clang". This command is normally also used to link object files and libraries into the final program. - cflags => Flags that are used at all times when - compiling. - defines => As an alternative, macro definitions may be - present here instead of in `cflags'. If - given here, they MUST be as an array of the - string such as "MACRO=value", or just - "MACRO" for definitions without value. - shared_cflag => Extra compilation flags used when - compiling for shared libraries, typically - something like "-fPIC". + cxx => The C++ compiler command, usually one of + "c++", "g++" or "clang++". This command is + also used when linking a program where at + least one of the object file is made from + C++ source. + cflags => Defaults C compiler flags [4]. + cxxflags => Default C++ compiler flags [4]. If unset, + it gets the same value as cflags. (linking is a complex thing, see [3] below) ld => Linker command, usually not defined @@ -59,20 +82,34 @@ In each table entry, the following keys are significant: instead). (NOTE: this is here for future use, it's not implemented yet) - lflags => Flags that are used when linking apps. - shared_ldflag => Flags that are used when linking shared - or dynamic libraries. - plib_lflags => Extra linking flags to appear just before - the libraries on the command line. + lflags => Default flags used when linking apps, + shared libraries or DSOs [4]. ex_libs => Extra libraries that are needed when - linking. + linking shared libraries, DSOs or programs. + The value is also assigned to Libs.private + in $(libdir)/pkgconfig/libcrypto.pc. + + shared_cppflags => Extra C preprocessor flags used when + processing C files for shared libraries. + shared_cflag => Extra C compiler flags used when compiling + for shared libraries, typically something + like "-fPIC". + shared_ldflag => Extra linking flags used when linking + shared libraries. + module_cppflags + module_cflags + module_ldflags => Has the same function as the corresponding + `shared_' attributes, but for building DSOs. + When unset, they get the same values as the + corresponding `shared_' attributes. ar => The library archive command, the default is "ar". (NOTE: this is here for future use, it's not implemented yet) arflags => Flags to be used with the library archive - command. + command. On Unix, this includes the + command letter, 'r' by default. ranlib => The library archive indexing command, the default is 'ranlib' it it exists. @@ -128,7 +165,7 @@ In each table entry, the following keys are significant: that use dlopen() et al but do not have fcntl.h), "DL" (shl_load() et al), "WIN32" and "VMS". - perlasm_scheme => The perlasm method used to created the + perlasm_scheme => The perlasm method used to create the assembler files used when compiling with assembler implementations. shared_target => The shared library building method used. @@ -189,8 +226,14 @@ In each table entry, the following keys are significant: export vars as accessor functions. - apps_extra_src => Extra source to build apps/openssl, as - needed by the target. + apps_aux_src => Extra source to build apps/openssl and other + apps, as needed by the target and that can be + collected in a library. + apps_init_src => Init source to build apps/openssl and other + apps, as needed by the target. This code + cannot be placed in a library, as the rest + of the code isn't expected to link to it + explicitly. cpuid_asm_src => assembler implementation of cpuid code as well as OPENSSL_cleanse(). Default to mem_clr.c @@ -308,18 +351,20 @@ In each table entry, the following keys are significant: of this file): shared libraries: - {ld} $(CFLAGS) {shared_ldflag} -shared -o libfoo.so \ - -Wl,--whole-archive libfoo.a -Wl,--no-whole-archive \ - {plib_lflags} -lcrypto {ex_libs} + {ld} $(CFLAGS) {lflags} {shared_ldflag} -o libfoo.so \ + foo/something.o foo/somethingelse.o {ex_libs} shared objects: - {ld} $(CFLAGS) {shared_ldflag} -shared -o libeng.so \ - blah1.o blah2.o {plib_lflags} -lcrypto {ex_libs} + {ld} $(CFLAGS) {lflags} {module_ldflags} -o libeng.so \ + blah1.o blah2.o -lcrypto {ex_libs} applications: {ld} $(CFLAGS) {lflags} -o app \ - app1.o utils.o {plib_lflags} -lssl -lcrypto {ex_libs} + app1.o utils.o -lssl -lcrypto {ex_libs} +[4] There are variants of these attribute, prefixed with `lib_', + `dso_' or `bin_'. Those variants replace the unprefixed attribute + when building library, DSO or program modules specifically. Historically, the target configurations came in form of a string with values separated by colons. This use is deprecated. The string form @@ -377,14 +422,16 @@ source as well. However, the files given through SOURCE are expected to be located in the source tree while files given through DEPEND are expected to be located in the build tree) -For some libraries, we maintain files with public symbols and their -slot in a transfer vector (important on some platforms). It can be -declared like this: +It's also possible to depend on static libraries explicitly: - ORDINALS[libcrypto]=crypto + DEPEND[foo]=libsomething.a + DEPEND[libbar]=libsomethingelse.a -The value is not the name of the file in question, but rather the -argument to util/mkdef.pl that indicates which file to use. +This should be rarely used, and care should be taken to make sure it's +only used when supported. For example, native Windows build doesn't +support building static libraries and DLLs at the same time, so using +static libraries on Windows can only be done when configured +'no-shared'. One some platforms, shared libraries come with a name that's different from their static counterpart. That's declared as follows: @@ -398,7 +445,7 @@ library: RENAME[libfoo]=libbar -That lines has "libfoo" get renamed to "libbar". While it makes no +That line has "libfoo" renamed to "libbar". While it makes no sense at all to just have a rename like that (why not just use "libbar" everywhere?), it does make sense when it can be used conditionally. See a little further below for an example. @@ -420,8 +467,8 @@ others, that's done as follows: GENERATE[bar.s]=asm/bar.S The value of each GENERATE line is a command line or part of it. -Configure places no rules on the command line, except the the first -item muct be the generator file. It is, however, entirely up to the +Configure places no rules on the command line, except that the first +item must be the generator file. It is, however, entirely up to the build file template to define exactly how those command lines should be handled, how the output is captured and so on. @@ -623,8 +670,7 @@ They are all expected to return a string with the lines they produce. libobj2shlib(shlib => "PATH/TO/shlibfile", lib => "PATH/TO/libfile", objs => [ "PATH/TO/objectfile", ... ], - deps => [ "PATH/TO/otherlibfile", ... ], - ordinals => [ "word", "/PATH/TO/ordfile" ]); + deps => [ "PATH/TO/otherlibfile", ... ]); 'lib' has the intended library file name *without* extension, libobj2shlib is expected to add that. @@ -633,11 +679,7 @@ They are all expected to return a string with the lines they produce. libraries (also *without* extension) this library needs to be linked with. 'objs' has the list of object files (also *without* extension) to build - this library. 'ordinals' MAY be present, and when - it is, its value is an array where the word is - "crypto" or "ssl" and the file is one of the ordinal - files util/libeay.num or util/ssleay.num in the - source directory. + this library. This function has a choice; it can use the corresponding static library as input to make the diff --git a/deps/openssl/openssl/Configurations/README.design b/deps/openssl/openssl/Configurations/README.design index bea9790afbd1ab..cae08fc249627c 100644 --- a/deps/openssl/openssl/Configurations/README.design +++ b/deps/openssl/openssl/Configurations/README.design @@ -41,10 +41,9 @@ end products. There are variants for them with '_NO_INST' as suffix (PROGRAM_NO_INST etc) to specify end products that shouldn't get installed. -The variables SOURCE, DEPEND, INCLUDE and ORDINALS are indexed by a -produced file, and their values are the source used to produce that -particular produced file, extra dependencies, include directories -needed, and ordinal files (explained further below. +The variables SOURCE, DEPEND and INCLUDE are indexed by a produced +file, and their values are the source used to produce that particular +produced file, extra dependencies, and include directories needed. All their values in all the build.info throughout the source tree are collected together and form a set of programs, libraries, engines and @@ -57,18 +56,15 @@ dependencies. # build.info LIBS=libcrypto libssl - ORDINALS[libcrypto]=crypto - ORDINALS[libssl]=ssl INCLUDE[libcrypto]=include INCLUDE[libssl]=include DEPEND[libssl]=libcrypto This is the top directory build.info file, and it tells us that two -libraries are to be built, there are some ordinals to be used to -declare what symbols in those libraries are seen as public, the -include directory 'include/' shall be used throughout when building -anything that will end up in each library, and that the library -'libssl' depend on the library 'libcrypto' to function properly. +libraries are to be built, the include directory 'include/' shall be +used throughout when building anything that will end up in each +library, and that the library 'libssl' depend on the library +'libcrypto' to function properly. # apps/build.info PROGRAMS=openssl @@ -133,7 +129,7 @@ library 'libssl' is built from the source file 'ssl/tls.c'. ENGINES_NO_INST=ossltest SOURCE[ossltest]=e_ossltest.c - DEPEND[ossltest]=../libcrypto + DEPEND[ossltest]=../libcrypto.a INCLUDE[ossltest]=../include This is the build.info file in 'engines/', telling us that two engines @@ -142,18 +138,17 @@ dasync's source is 'engines/e_dasync.c' and ossltest's source is 'engines/e_ossltest.c' and that the include directory 'include/' may be used when building anything that will be part of these engines. Also, both engines depend on the library 'libcrypto' to function -properly. Finally, only dasync is being installed, as ossltest is -only for internal testing. +properly. ossltest is explicitly linked with the static variant of +the library 'libcrypto'. Finally, only dasync is being installed, as +ossltest is only for internal testing. When Configure digests these build.info files, the accumulated information comes down to this: LIBS=libcrypto libssl - ORDINALS[libcrypto]=crypto SOURCE[libcrypto]=crypto/aes.c crypto/evp.c crypto/cversion.c DEPEND[crypto/cversion.o]=crypto/buildinf.h INCLUDE[libcrypto]=include - ORDINALS[libssl]=ssl SOURCE[libssl]=ssl/tls.c INCLUDE[libssl]=include DEPEND[libssl]=libcrypto @@ -170,7 +165,7 @@ information comes down to this: ENGINES_NO_INST=engines/ossltest SOURCE[engines/ossltest]=engines/e_ossltest.c - DEPEND[engines/ossltest]=libcrypto + DEPEND[engines/ossltest]=libcrypto.a INCLUDE[engines/ossltest]=include GENERATE[crypto/buildinf.h]=util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)" @@ -186,9 +181,9 @@ PROGRAMS may be used to declare programs only. ENGINES may be used to declare engines only. -The indexes for SOURCE and ORDINALS must only be end product files, -such as libraries, programs or engines. The values of SOURCE -variables must only be source files (possibly generated) +The indexes for SOURCE must only be end product files, such as +libraries, programs or engines. The values of SOURCE variables must +only be source files (possibly generated). INCLUDE and DEPEND shows a relationship between different files (usually produced files) or between files and directories, such as a @@ -235,12 +230,6 @@ indexes: libraries => a list of libraries. These are directly inferred from the LIBS variable in build.info files. - ordinals => a hash table containing 'file' => [ 'word', 'ordfile' ] - pairs. 'file' and 'word' are directly inferred from - the ORDINALS variables in build.info files, while the - file 'ofile' comes from internal knowledge in - Configure. - programs => a list of programs. These are directly inferred from the PROGRAMS variable in build.info files. @@ -281,10 +270,14 @@ section above would be digested into a %unified_info table: [ "crypto/buildinf.h", ], - "engines/ossltest" => + "engines/dasync" => [ "libcrypto", ], + "engines/ossltest" => + [ + "libcrypto.a", + ], "libssl" => [ "libcrypto", @@ -354,19 +347,6 @@ section above would be digested into a %unified_info table: "libcrypto", "libssl", ], - "ordinals" => - { - "libcrypto" => - [ - "crypto", - "util/libcrypto.num", - ], - "libssl" => - [ - "ssl", - "util/libssl.num", - ], - }, "programs" => [ "apps/openssl", @@ -396,6 +376,14 @@ section above would be digested into a %unified_info table: [ "crypto/evp.c", ], + "engines/e_dasync.o" => + [ + "engines/e_dasync.c", + ], + "engines/dasync" => + [ + "engines/e_dasync.o", + ], "engines/e_ossltest.o" => [ "engines/e_ossltest.c", @@ -517,8 +505,7 @@ etc. libobj2shlib(shlib => "PATH/TO/shlibfile", lib => "PATH/TO/libfile", objs => [ "PATH/TO/objectfile", ... ], - deps => [ "PATH/TO/otherlibfile", ... ], - ordinals => [ "word", "/PATH/TO/ordfile" ]); + deps => [ "PATH/TO/otherlibfile", ... ]); 'lib' has the intended library file name *without* extension, libobj2shlib is expected to add that. @@ -527,11 +514,7 @@ etc. libraries (also *without* extension) this library needs to be linked with. 'objs' has the list of object files (also *without* extension) to build - this library. 'ordinals' MAY be present, and when - it is, its value is an array where the word is - "crypto" or "ssl" and the file is one of the ordinal - files util/libcrypto.num or util/libssl.num in the - source directory. + this library. This function has a choice; it can use the corresponding static library as input to make the @@ -604,8 +587,7 @@ following calls: libobj2shlib(shlib => "libcrypto", lib => "libcrypto", objs => [ "crypto/aes", "crypto/evp", "crypto/cversion" ], - deps => [ ] - ordinals => [ "crypto", "util/libcrypto.num" ]); + deps => [ ]); obj2lib(lib => "libcrypto" objs => [ "crypto/aes", "crypto/evp", "crypto/cversion" ]); diff --git a/deps/openssl/openssl/Configurations/common.tmpl b/deps/openssl/openssl/Configurations/common.tmpl index 13ffe948d2cace..3a466eeb680c97 100644 --- a/deps/openssl/openssl/Configurations/common.tmpl +++ b/deps/openssl/openssl/Configurations/common.tmpl @@ -9,15 +9,23 @@ # there are no duplicate dependencies and that they are in the # right order. This is especially used to sort the list of # libraries that a build depends on. + sub extensionlesslib { + my @result = map { $_ =~ /(\.a)?$/; $` } @_; + return @result if wantarray; + return $result[0]; + } sub resolvedepends { my $thing = shift; + my $extensionlessthing = extensionlesslib($thing); my @listsofar = @_; # to check if we're looping - my @list = @{$unified_info{depends}->{$thing}}; + my @list = @{$unified_info{depends}->{$thing} // + $unified_info{depends}->{$extensionlessthing}}; my @newlist = (); if (scalar @list) { foreach my $item (@list) { + my $extensionlessitem = extensionlesslib($item); # It's time to break off when the dependency list starts looping - next if grep { $_ eq $item } @listsofar; + next if grep { extensionlesslib($_) eq $extensionlessitem } @listsofar; push @newlist, $item, resolvedepends($item, @listsofar, $item); } } @@ -26,12 +34,34 @@ sub reducedepends { my @list = @_; my @newlist = (); + my %replace = (); while (@list) { my $item = shift @list; - push @newlist, $item - unless grep { $item eq $_ } @list; + my $extensionlessitem = extensionlesslib($item); + if (grep { $extensionlessitem eq extensionlesslib($_) } @list) { + if ($item ne $extensionlessitem) { + # If this instance of the library is explicitly static, we + # prefer that to any shared library name, since it must have + # been done on purpose. + $replace{$extensionlessitem} = $item; + } + } else { + push @newlist, $item; + } } - @newlist; + map { $replace{$_} // $_; } @newlist; + } + + # is_installed checks if a given file will be installed (i.e. they are + # not defined _NO_INST in build.info) + sub is_installed { + my $product = shift; + if (grep { $product eq $_ } + map { (@{$unified_info{install}->{$_}}) } + keys %{$unified_info{install}}) { + return 1; + } + return 0; } # dogenerate is responsible for producing all the recipes that build @@ -66,11 +96,11 @@ sub doobj { my $obj = shift; return "" if $cache{$obj}; - (my $obj_no_o = $obj) =~ s|\.o$||; my $bin = shift; my %opts = @_; if (@{$unified_info{sources}->{$obj}}) { - $OUT .= src2obj(obj => $obj_no_o, + $OUT .= src2obj(obj => $obj, + product => $bin, srcs => $unified_info{sources}->{$obj}, deps => $unified_info{depends}->{$obj}, incs => $unified_info{includes}->{$obj}, @@ -90,26 +120,28 @@ sub dolib { my $lib = shift; return "" if $cache{$lib}; - unless ($disabled{shared}) { - my %ordinals = - $unified_info{ordinals}->{$lib} - ? (ordinals => $unified_info{ordinals}->{$lib}) : (); + unless ($disabled{shared} || $lib =~ /\.a$/) { $OUT .= libobj2shlib(shlib => $unified_info{sharednames}->{$lib}, lib => $lib, - objs => [ map { (my $x = $_) =~ s|\.o$||; $x } - (@{$unified_info{sources}->{$lib}}, - @{$unified_info{shared_sources}->{$lib}}) ], + objs => [ @{$unified_info{shared_sources}->{$lib}}, + @{$unified_info{sources}->{$lib}} ], deps => [ reducedepends(resolvedepends($lib)) ], - %ordinals); - foreach (@{$unified_info{shared_sources}->{$lib}}) { - doobj($_, $lib, intent => "lib"); + installed => is_installed($lib)); + foreach ((@{$unified_info{shared_sources}->{$lib}}, + @{$unified_info{sources}->{$lib}})) { + # If this is somehow a compiled object, take care of it that way + # Otherwise, it might simply be generated + if (defined $unified_info{sources}->{$_}) { + doobj($_, $lib, intent => "lib", installed => is_installed($lib)); + } else { + dogenerate($_, undef, undef, intent => "lib"); + } } } $OUT .= obj2lib(lib => $lib, - objs => [ map { (my $x = $_) =~ s|\.o$||; $x } - @{$unified_info{sources}->{$lib}} ]); + objs => [ @{$unified_info{sources}->{$lib}} ]); foreach (@{$unified_info{sources}->{$lib}}) { - doobj($_, $lib, intent => "lib"); + doobj($_, $lib, intent => "lib", installed => is_installed($lib)); } $cache{$lib} = 1; } @@ -121,13 +153,13 @@ my $lib = shift; return "" if $cache{$lib}; $OUT .= obj2dso(lib => $lib, - objs => [ map { (my $x = $_) =~ s|\.o$||; $x } - (@{$unified_info{sources}->{$lib}}, - @{$unified_info{shared_sources}->{$lib}}) ], - deps => [ resolvedepends($lib) ]); + objs => [ @{$unified_info{sources}->{$lib}}, + @{$unified_info{shared_sources}->{$lib}} ], + deps => [ resolvedepends($lib) ], + installed => is_installed($lib)); foreach ((@{$unified_info{sources}->{$lib}}, @{$unified_info{shared_sources}->{$lib}})) { - doobj($_, $lib, intent => "dso"); + doobj($_, $lib, intent => "dso", installed => is_installed($lib)); } $cache{$lib} = 1; } @@ -139,11 +171,11 @@ return "" if $cache{$bin}; my $deps = [ reducedepends(resolvedepends($bin)) ]; $OUT .= obj2bin(bin => $bin, - objs => [ map { (my $x = $_) =~ s|\.o$||; $x } - @{$unified_info{sources}->{$bin}} ], - deps => $deps); + objs => [ @{$unified_info{sources}->{$bin}} ], + deps => $deps, + installed => is_installed($bin)); foreach (@{$unified_info{sources}->{$bin}}) { - doobj($_, $bin, intent => "bin"); + doobj($_, $bin, intent => "bin", installed => is_installed($bin)); } $cache{$bin} = 1; } @@ -154,7 +186,8 @@ my $script = shift; return "" if $cache{$script}; $OUT .= in2script(script => $script, - sources => $unified_info{sources}->{$script}); + sources => $unified_info{sources}->{$script}, + installed => is_installed($script)); $cache{$script} = 1; } @@ -170,47 +203,6 @@ # Start with populating the cache with all the overrides %cache = map { $_ => 1 } @{$unified_info{overrides}}; - # For convenience collect information regarding directories where - # files are generated, those generated files and the end product - # they end up in where applicable. Then, add build rules for those - # directories - if (exists &generatedir) { - my %loopinfo = ( "dso" => [ @{$unified_info{engines}} ], - "lib" => [ @{$unified_info{libraries}} ], - "bin" => [ @{$unified_info{programs}} ], - "script" => [ @{$unified_info{scripts}} ] ); - foreach my $type (keys %loopinfo) { - foreach my $product (@{$loopinfo{$type}}) { - my %dirs = (); - my $pd = dirname($product); - - # We already have a "test" target, and the current directory - # is just silly to make a target for - $dirs{$pd} = 1 unless $pd eq "test" || $pd eq "."; - - foreach (@{$unified_info{sources}->{$product}}) { - my $d = dirname($_); - - # We don't want to create targets for source directories - # when building out of source - next if ($config{sourcedir} ne $config{builddir} - && $d =~ m|^\Q$config{sourcedir}\E|); - # We already have a "test" target, and the current directory - # is just silly to make a target for - next if $d eq "test" || $d eq "."; - - $dirs{$d} = 1; - push @{$unified_info{dirinfo}->{$d}->{deps}}, $_ - if $d ne $pd; - } - foreach (keys %dirs) { - push @{$unified_info{dirinfo}->{$_}->{products}->{$type}}, - $product; - } - } - } - } - # Build mandatory generated headers foreach (@{$unified_info{depends}->{""}}) { dogenerate($_); } diff --git a/deps/openssl/openssl/Configurations/common0.tmpl b/deps/openssl/openssl/Configurations/common0.tmpl new file mode 100644 index 00000000000000..03acb3e0b35bd9 --- /dev/null +++ b/deps/openssl/openssl/Configurations/common0.tmpl @@ -0,0 +1,31 @@ +{- # -*- Mode: perl -*- + + # Commonly used list of generated files + # The reason for the complexity is that the build.info files provide + # GENERATE rules for *all* platforms without discrimination, while the + # build files only want those for a particular build. Therefore, we + # need to extrapolate exactly what we need to generate. The way to do + # that is to extract all possible source files from diverse tables and + # filter out all that are not generated + my %generatables = + map { $_ => 1 } + ( # The sources of stuff may be generated + ( map { @{$unified_info{sources}->{$_}} } + keys %{$unified_info{sources}} ), + $disabled{shared} + ? () + : ( map { @{$unified_info{shared_sources}->{$_}} } + keys %{$unified_info{shared_sources}} ), + # Things we explicitly depend on are usually generated + ( map { $_ eq "" ? () : @{$unified_info{depends}->{$_}} } + keys %{$unified_info{depends}} )); + our @generated = + sort ( ( grep { defined $unified_info{generate}->{$_} } + sort keys %generatables ), + # Scripts are assumed to be generated, so add thhem too + ( grep { defined $unified_info{sources}->{$_} } + @{$unified_info{scripts}} ) ); + + # Avoid strange output + ""; +-} diff --git a/deps/openssl/openssl/Configurations/descrip.mms.tmpl b/deps/openssl/openssl/Configurations/descrip.mms.tmpl index 739928808ba9a3..5b22fc95f70c8f 100644 --- a/deps/openssl/openssl/Configurations/descrip.mms.tmpl +++ b/deps/openssl/openssl/Configurations/descrip.mms.tmpl @@ -3,13 +3,14 @@ ## {- join("\n## ", @autowarntext) -} {- use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs/; + use File::Basename; # Our prefix, claimed when speaking with the VSI folks Tuesday # January 26th 2016 our $osslprefix = 'OSSL$'; (our $osslprefix_q = $osslprefix) =~ s/\$/\\\$/; - our $sover = sprintf "%02d%02d", $config{shlib_major}, $config{shlib_minor}; + our $sover_dirname = sprintf "%02d%02d", split(/\./, $config{shlib_version_number}); our $osslver = sprintf "%02d%02d", split(/\./, $config{version}); our $sourcedir = $config{sourcedir}; @@ -42,13 +43,18 @@ # Because we need to make two computations of these data, # we store them in arrays for reuse - our @shlibs = map { $unified_info{sharednames}->{$_} || () } @{$unified_info{libraries}}; - our @install_shlibs = map { $unified_info{sharednames}->{$_} || () } @{$unified_info{install}->{libraries}}; - our @generated = ( ( map { (my $x = $_) =~ s|\.S$|\.s|; $x } - grep { defined $unified_info{generate}->{$_} } - map { @{$unified_info{sources}->{$_}} } - grep { /\.o$/ } keys %{$unified_info{sources}} ), - ( grep { /\.h$/ } keys %{$unified_info{generate}} ) ); + our @libs = + map { (my $x = $_) =~ s/\.a$//; $x } + @{$unified_info{libraries}}; + our @shlibs = + map { $unified_info{sharednames}->{$_} || () } + grep(!/\.a$/, @{$unified_info{libraries}}); + our @install_libs = + map { (my $x = $_) =~ s/\.a$//; $x } + @{$unified_info{install}->{libraries}}; + our @install_shlibs = + map { $unified_info{sharednames}->{$_} || () } + grep(!/\.a$/, @{$unified_info{install}->{libraries}}); # This is a horrible hack, but is needed because recursive inclusion of files # in different directories does not work well with HP C. @@ -63,17 +69,9 @@ } my $sd1 = sourcedir("ssl","record"); my $sd2 = sourcedir("ssl","statem"); - $unified_info{before}->{"[.test]heartbeat_test.OBJ"} - = $unified_info{before}->{"[.test]ssltest_old.OBJ"} - = qq(record_include = F\$PARSE("$sd1","A.;",,,"SYNTAX_ONLY") - "A.;" - define record 'record_include' - statem_include = F\$PARSE("$sd2","A.;",,,"SYNTAX_ONLY") - "A.;" - define statem 'statem_include'); - $unified_info{after}->{"[.test]heartbeat_test.OBJ"} - = $unified_info{after}->{"[.test]ssltest.OBJ"} - = qq(deassign statem - deassign record); - foreach (grep /^\[\.ssl\.(?:record|statem)\].*\.o$/, keys %{$unified_info{sources}}) { + my @ssl_locl_users = grep(/^\[\.(?:ssl\.(?:record|statem)|test)\].*\.o$/, + keys %{$unified_info{sources}}); + foreach (@ssl_locl_users) { (my $x = $_) =~ s|\.o$|.OBJ|; $unified_info{before}->{$x} = qq(record_include = F\$PARSE("$sd1","A.;",,,"SYNTAX_ONLY") - "A.;" @@ -121,7 +119,7 @@ SHLIB_EXT=.EXE OBJ_EXT=.OBJ DEP_EXT=.D -LIBS={- join(", ", map { "-\n\t".$_.".OLB" } @{$unified_info{libraries}}) -} +LIBS={- join(", ", map { "-\n\t".$_.".OLB" } @libs) -} SHLIBS={- join(", ", map { "-\n\t".$_.".EXE" } @shlibs) -} ENGINES={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{engines}}) -} PROGRAMS={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{programs}}) -} @@ -133,9 +131,11 @@ DEPS={- our @deps = map { (my $x = $_) =~ s|\.o$|\$(DEP_EXT)|; $x; } join(", ", map { "-\n\t".$_ } @deps); -} {- output_on() if $disabled{makedepend}; "" -} GENERATED_MANDATORY={- join(", ", map { "-\n\t".$_ } @{$unified_info{depends}->{""}} ) -} -GENERATED={- join(", ", map { "-\n\t".$_ } @generated) -} +GENERATED={- # common0.tmpl provides @generated + join(", ", map { (my $x = $_) =~ s|\.[sS]$|.asm|; "-\n\t".$x } + @generated) -} -INSTALL_LIBS={- join(", ", map { "-\n\t".$_.".OLB" } @{$unified_info{install}->{libraries}}) -} +INSTALL_LIBS={- join(", ", map { "-\n\t".$_.".OLB" } @install_libs) -} INSTALL_SHLIBS={- join(", ", map { "-\n\t".$_.".EXE" } @install_shlibs) -} INSTALL_ENGINES={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{install}->{engines}}) -} INSTALL_PROGRAMS={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{install}->{programs}}) -} @@ -167,27 +167,175 @@ OPENSSLDIR={- catdir($config{openssldir}) or # The same, but for C OPENSSLDIR_C={- $osslprefix -}DATAROOT:[000000] # Where installed engines reside, for C -ENGINESDIR_C={- $osslprefix -}ENGINES{- $sover.$target{pointer_size} -}: - -CC= {- $target{cc} -} -CFLAGS= /DEFINE=({- join(",", @{$target{defines}}, @{$config{defines}},"OPENSSLDIR=\"\"\"\$(OPENSSLDIR_C)\"\"\"","ENGINESDIR=\"\"\"\$(ENGINESDIR_C)\"\"\"") -}) {- $target{cflags} -} {- $config{cflags} -} -CFLAGS_Q=$(CFLAGS) -DEPFLAG= /DEFINE=({- join(",", @{$config{depdefines}}) -}) -LDFLAGS= {- $target{lflags} -} -EX_LIBS= {- $target{ex_libs} ? ",".$target{ex_libs} : "" -}{- $config{ex_libs} ? ",".$config{ex_libs} : "" -} -LIB_CFLAGS={- $target{lib_cflags} || "" -} -DSO_CFLAGS={- $target{dso_cflags} || "" -} -BIN_CFLAGS={- $target{bin_cflags} || "" -} - -PERL={- $config{perl} -} - -# We let the C compiler driver to take care of .s files. This is done in -# order to be excused from maintaining a separate set of architecture -# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC -# gcc, then the driver will automatically translate it to -xarch=v8plus -# and pass it down to assembler. -AS={- $target{as} -} -ASFLAG={- $target{asflags} -} +ENGINESDIR_C={- $osslprefix -}ENGINES{- $sover_dirname.$target{pointer_size} -}: + +##### User defined commands and flags ################################ + +CC={- $config{CC} -} +CPP={- $config{CPP} -} +DEFINES={- our $defines1 = join('', map { ",$_" } @{$config{CPPDEFINES}}) -} +INCLUDES={- our $includes1 = join(',', @{$config{CPPINCLUDES}}) -} +CPPFLAGS={- our $cppflags1 = join('', @{$config{CPPFLAGS}}) -} +CFLAGS={- join('', @{$config{CFLAGS}}) -} +LDFLAGS={- join('', @{$config{LFLAGS}}) -} +EX_LIBS={- join('', map { ",$_" } @{$config{LDLIBS}}) -} + +PERL={- $config{PERL} -} + +AS={- $config{AS} -} +ASFLAGS={- join(' ', @{$config{ASFLAGS}}) -} + +##### Special command flags ########################################## + +ASOUTFLAG={- $target{asoutflag} -}$(OSSL_EMPTY) + +##### Project flags ################################################## + +# Variables starting with CNF_ are common variables for all product types + +CNF_ASFLAGS={- join('', $target{asflags} || (), + @{$config{asflags}}) -} +CNF_DEFINES={- our $defines2 = join('', map { ",$_" } @{$target{defines}}, + @{$config{defines}}) -} +CNF_INCLUDES={- our $includes2 = join(',', @{$target{includes}}, + @{$config{includes}}) -} +CNF_CPPFLAGS={- our $cppflags2 = join('', $target{cppflags} || (), + @{$config{cppflags}}) -} +CNF_CFLAGS={- join('', $target{cflags} || (), + @{$config{cflags}}) -} +CNF_CXXFLAGS={- join('', $target{cxxflags} || (), + @{$config{cxxflags}}) -} +CNF_LDFLAGS={- join('', $target{lflags} || (), + @{$config{lflags}}) -} +CNF_EX_LIBS={- join('', map{ ",$_" } @{$target{ex_libs}}, + @{$config{ex_libs}}) -} + +# Variables starting with LIB_ are used to build library object files +# and shared libraries. +# Variables starting with DSO_ are used to build DSOs and their object files. +# Variables starting with BIN_ are used to build programs and their object +# files. + +LIB_ASFLAGS={- join(' ', $target{lib_asflags} || (), + @{$config{lib_asflags}}, + '$(CNF_ASFLAGS)', '$(ASFLAGS)') -} +LIB_DEFINES={- our $lib_defines = + join('', (map { ",$_" } @{$target{lib_defines}}, + @{$target{shared_defines}}, + @{$config{lib_defines}}, + @{$config{shared_defines}})); + join('', $lib_defines, + (map { ",$_" } 'OPENSSLDIR="""$(OPENSSLDIR_C)"""', + 'ENGINESDIR="""$(ENGINESDIR_C)"""'), + '$(CNF_DEFINES)', '$(DEFINES)') -} +LIB_INCLUDES={- our $lib_includes = + join(',', @{$target{lib_includes}}, + @{$target{shared_includes}}, + @{$config{lib_includes}}, + @{$config{shared_includes}}) -} +LIB_CPPFLAGS={- our $lib_cppflags = + join('', $target{lib_cppflags} || (), + $target{shared_cppflags} || (), + @{$config{lib_cppflags}}, + @{$config{shared_cppflag}}); + join('', "'qual_includes'", + '/DEFINE=(__dummy$(LIB_DEFINES))', + $lib_cppflags, + '$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -} +LIB_CFLAGS={- join('', $target{lib_cflags} || (), + $target{shared_cflag} || (), + @{$config{lib_cflags}}, + @{$config{shared_cflag}}, + '$(CNF_CFLAGS)', '$(CFLAGS)') -} +LIB_LDFLAGS={- join('', $target{lib_lflags} || (), + $target{shared_ldflag} || (), + @{$config{lib_lflags}}, + @{$config{shared_ldflag}}, + '$(CNF_LDFLAGS)', '$(LDFLAGS)') -} +LIB_EX_LIBS=$(CNF_EX_LIBS)$(EX_LIBS) +DSO_ASFLAGS={- join(' ', $target{dso_asflags} || (), + $target{module_asflags} || (), + @{$config{dso_asflags}}, + @{$config{module_asflags}}, + '$(CNF_ASFLAGS)', '$(ASFLAGS)') -} +DSO_DEFINES={- join('', (map { ",$_" } @{$target{dso_defines}}, + @{$target{module_defines}}, + @{$config{dso_defines}}, + @{$config{module_defines}}), + '$(CNF_DEFINES)', '$(DEFINES)') -} +DSO_INCLUDES={- join(',', @{$target{dso_includes}}, + @{$target{module_includes}}, + @{$config{dso_includes}}, + @{$config{module_includes}}) -} +DSO_CPPFLAGS={- join('', "'qual_includes'", + '/DEFINE=(__dummy$(DSO_DEFINES))', + $target{dso_cppflags} || (), + $target{module_cppflags} || (), + @{$config{dso_cppflags}}, + @{$config{module_cppflags}}, + '$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -} +DSO_CFLAGS={- join('', $target{dso_cflags} || (), + $target{module_cflags} || (), + @{$config{dso_cflags}}, + @{$config{module_cflags}}, + '$(CNF_CFLAGS)', '$(CFLAGS)') -} +DSO_LDFLAGS={- join('', $target{dso_lflags} || (), + $target{module_ldflags} || (), + @{$config{dso_lflags}}, + @{$config{module_ldflags}}, + '$(CNF_LDFLAGS)', '$(LDFLAGS)') -} +DSO_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS) +BIN_ASFLAGS={- join(' ', $target{bin_asflags} || (), + @{$config{bin_asflags}}, + '$(CNF_ASFLAGS)', '$(ASFLAGS)') -} +BIN_DEFINES={- join('', (map { ",$_" } @{$target{bin_defines}}, + @{$config{bin_defines}}), + '$(CNF_DEFINES)', '$(DEFINES)') -} +BIN_INCLUDES={- join(',', @{$target{bin_includes}}, + @{$config{bin_includes}}) -} +BIN_CPPFLAGS={- join('', "'qual_includes'", + '/DEFINE=(__dummy$(DSO_DEFINES))', + $target{bin_cppflags} || (), + @{$config{bin_cppflag}}, + '$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -} +BIN_CFLAGS={- join('', $target{bin_cflag} || (), + @{$config{bin_cflag}}, + '$(CNF_CFLAGS)', '$(CFLAGS)') -} +BIN_LDFLAGS={- join('', $target{bin_lflags} || (), + @{$config{bin_lflags}} || (), + '$(CNF_LDFLAGS)', '$(LDFLAGS)') -} +BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS) +NO_INST_LIB_CFLAGS={- join('', $target{no_inst_lib_cflags} + // $target{lib_cflags} + // (), + $target{shared_cflag} || (), + @{$config{lib_cflags}}, + @{$config{shared_cflag}}, + '$(CNF_CFLAGS)', '$(CFLAGS)') -} +NO_INST_DSO_CFLAGS={- join('', $target{no_inst_lib_cflags} + // $target{lib_cflags} + // (), + $target{dso_cflags} || (), + @{$config{lib_cflags}}, + @{$config{dso_cflags}}, + '$(CNF_CFLAGS)', '$(CFLAGS)') -} +NO_INST_BIN_CFLAGS={- join('', $target{no_inst_bin_cflags} + // $target{bin_cflags} + // (), + @{$config{bin_cflags}}, + '$(CNF_CFLAGS)', '$(CFLAGS)') -} + +PERLASM_SCHEME={- $target{perlasm_scheme} -} + +# CPPFLAGS_Q is used for one thing only: to build up buildinf.h +CPPFLAGS_Q={- (my $c = $lib_cppflags.$cppflags2.$cppflags1) =~ s|"|""|g; + (my $d = $lib_defines.$defines2.$defines1) =~ s|"|""|g; + my $i = join(',', $lib_includes || (), $includes2 || (), + $includes1 || ()); + my $x = $c; + $x .= "/INCLUDE=($i)" if $i; + $x .= "/DEFINE=($d)" if $d; + $x; -} # .FIRST and .LAST are special targets with MMS and MMK. # The defines in there are for C. includes that look like @@ -238,10 +386,10 @@ NODEBUG=@ $(NODEBUG) ! Set up logical names for the libraries, so LINK and $(NODEBUG) ! running programs can use them. $(NODEBUG) ! - $(NODEBUG) {- join("\n\t\$(NODEBUG) ", map { "DEFINE ".uc($_)." 'F\$ENV(\"DEFAULT\")'".uc($_)."\$(SHLIB_EXT)" } map { $unified_info{sharednames}->{$_} || () } @{$unified_info{libraries}}) || "!" -} + $(NODEBUG) {- join("\n\t\$(NODEBUG) ", map { "DEFINE ".uc($_)." 'F\$ENV(\"DEFAULT\")'".uc($_)."\$(SHLIB_EXT)" } @shlibs) || "!" -} .LAST : - $(NODEBUG) {- join("\n\t\$(NODEBUG) ", map { "DEASSIGN ".uc($_) } map { $unified_info{sharednames}->{$_} || () } @{$unified_info{libraries}}) || "!" -} + $(NODEBUG) {- join("\n\t\$(NODEBUG) ", map { "DEASSIGN ".uc($_) } @shlibs) || "!" -} $(NODEBUG) DEASSIGN ossl_dataroot $(NODEBUG) DEASSIGN ossl_installroot $(NODEBUG) DEASSIGN internal @@ -267,6 +415,11 @@ build_apps build_tests : build_programs # Convenience target to prebuild all generated files, not just the mandatory # ones build_all_generated : $(GENERATED_MANDATORY) $(GENERATED) + @ ! {- output_off() if $disabled{makedepend}; "" -} + @ WRITE SYS$OUTPUT "Warning: consider configuring with no-makedepend, because if" + @ WRITE SYS$OUTPUT " target system doesn't have $(PERL)," + @ WRITE SYS$OUTPUT " then make will fail..." + @ ! {- output_on() if $disabled{makedepend}; "" -} test : tests {- dependmagic('tests'); -} : build_programs_nodep, build_engines_nodep @@ -331,13 +484,14 @@ uninstall : uninstall_docs uninstall_sw # Because VMS wants the generation number (or *) to delete files, we can't # use $(LIBS), $(PROGRAMS), $(GENERATED) and $(ENGINES)directly. libclean : - {- join("\n\t", map { "- DELETE $_.OLB;*" } @{$unified_info{libraries}}) || "@ !" -} - {- join("\n\t", map { "- DELETE $_.EXE;*,$_.MAP;*,$_.OPT;*" } @shlibs) || "@ !" -} + {- join("\n\t", map { "- DELETE $_.OLB;*" } @libs) || "@ !" -} + {- join("\n\t", map { "- DELETE $_.EXE;*,$_.MAP;*" } @shlibs) || "@ !" -} clean : libclean {- join("\n\t", map { "- DELETE $_.EXE;*,$_.OPT;*" } @{$unified_info{programs}}) || "@ !" -} {- join("\n\t", map { "- DELETE $_.EXE;*,$_.OPT;*" } @{$unified_info{engines}}) || "@ !" -} {- join("\n\t", map { "- DELETE $_;*" } @{$unified_info{scripts}}) || "@ !" -} + {- join("\n\t", map { "- DELETE $_;*" } @{$unified_info{depends}->{""}}) || "@ !" -} {- join("\n\t", map { "- DELETE $_;*" } @generated) || "@ !" -} - DELETE [...]*.MAP;* - DELETE [...]*.D;* @@ -354,16 +508,7 @@ distclean : clean depend : descrip.mms descrip.mms : FORCE @ ! {- output_off() if $disabled{makedepend}; "" -} - @ $(PERL) -pe "if (/^# DO NOT DELETE.*/) { exit(0); }" - - < descrip.mms > descrip.mms-new - @ OPEN/APPEND DESCRIP descrip.mms-new - @ WRITE DESCRIP "# DO NOT DELETE THIS LINE -- make depend depends on it." - {- join("\n\t", map { "\@ IF F\$SEARCH(\"$_\") .NES. \"\" THEN TYPE $_ /OUTPUT=DESCRIP:" } @deps); -} - @ CLOSE DESCRIP - @ PIPE ( $(PERL) -e "use File::Compare qw/compare_text/; my $x = compare_text(""descrip.mms"",""descrip.mms-new""); exit(0x10000000 + ($x == 0));" || - - RENAME descrip.mms-new descrip.mms ) - @ IF F$SEARCH("descrip.mms-new") .NES. "" THEN DELETE descrip.mms-new;* - -@ SPAWN/OUTPUT=NLA0: PURGE/NOLOG descrip.mms + @ $(PERL) {- sourcefile("util", "add-depends.pl") -} "VMS C" @ ! {- output_on() if $disabled{makedepend}; "" -} # Install helper targets ############################################# @@ -393,6 +538,12 @@ install_ssldirs : check_INSTALLTOP IF F$SEARCH("OSSL_DATAROOT:[000000]openssl.cnf") .EQS. "" THEN - COPY/PROT=W:R {- sourcefile("apps", "openssl-vms.cnf") -} - ossl_dataroot:[000000]openssl.cnf + @ ! Install CTLOG configuration file + COPY/PROT=W:R {- sourcefile("apps", "ct_log_list.cnf") -} - + ossl_dataroot:[000000]ct_log_list.cnf-dist + IF F$SEARCH("OSSL_DATAROOT:[000000]ct_log_list.cnf") .EQS. "" THEN - + COPY/PROT=W:R {- sourcefile("apps", "ct_log_list.cnf") -} - + ossl_dataroot:[000000]ct_log_list.cnf install_dev : check_INSTALLTOP install_runtime_libs @ WRITE SYS$OUTPUT "*** Installing development files" @@ -403,14 +554,14 @@ install_dev : check_INSTALLTOP install_runtime_libs - CREATE/DIR ossl_installroot:[LIB.'arch'] {- join("\n ", map { "COPY/PROT=W:R $_.OLB ossl_installroot:[LIB.'arch']" } - @{$unified_info{install}->{libraries}}) -} + @install_libs) -} install_engines : check_INSTALLTOP install_runtime_libs build_engines @ {- output_off() unless scalar @{$unified_info{engines}}; "" -} ! @ WRITE SYS$OUTPUT "*** Installing engines" - - CREATE/DIR ossl_installroot:[ENGINES{- $sover.$target{pointer_size} -}.'arch'] + - CREATE/DIR ossl_installroot:[ENGINES{- $sover_dirname.$target{pointer_size} -}.'arch'] {- join("\n ", - map { "COPY/PROT=W:RE $_.EXE ossl_installroot:[ENGINES$sover$target{pointer_size}.'arch']" } + map { "COPY/PROT=W:RE $_.EXE ossl_installroot:[ENGINES$sover_dirname$target{pointer_size}.'arch']" } @{$unified_info{install}->{engines}}) -} @ {- output_on() unless scalar @{$unified_info{engines}}; "" -} ! @@ -485,6 +636,7 @@ vmsconfig.pm : configdata.pm WRITE CONFIG "our %config = (" WRITE CONFIG " target => '","{- $config{target} -}","'," WRITE CONFIG " version => '","{- $config{version} -}","'," + WRITE CONFIG " shlib_version_number => '","{- $config{shlib_version_number} -}","'," WRITE CONFIG " shlib_major => '","{- $config{shlib_major} -}","'," WRITE CONFIG " shlib_minor => '","{- $config{shlib_minor} -}","'," WRITE CONFIG " no_shared => '","{- $disabled{shared} -}","'," @@ -521,8 +673,7 @@ debug_logicals : # Building targets ################################################### configdata.pm : $(SRCDIR)Configure $(SRCDIR)config.com {- join(" ", @{$config{build_file_templates}}, @{$config{build_infos}}, @{$config{conf_files}}) -} - @ WRITE SYS$OUTPUT "Reconfiguring..." - perl $(SRCDIR)Configure reconf + perl configdata.pm -r @ WRITE SYS$OUTPUT "*************************************************" @ WRITE SYS$OUTPUT "*** ***" @ WRITE SYS$OUTPUT "*** Please run the same mms command again ***" @@ -530,41 +681,149 @@ configdata.pm : $(SRCDIR)Configure $(SRCDIR)config.com {- join(" ", @{$config{bu @ WRITE SYS$OUTPUT "*************************************************" @ PIPE ( EXIT %X10000000 ) +reconfigure reconf : + perl configdata.pm -r + {- use File::Basename; use File::Spec::Functions qw/abs2rel rel2abs catfile catdir/; + # Helper function to figure out dependencies on libraries + # It takes a list of library names and outputs a list of dependencies + sub compute_lib_depends { + if ($disabled{shared}) { + return map { $_ =~ /\.a$/ ? $`.".OLB" : $_.".OLB" } @_; + } + return map { $_ =~ /\.a$/ + ? $`.".OLB" + : $unified_info{sharednames}->{$_}.".EXE" } @_; + } + + # Helper function to deal with inclusion directory specs. + # We have to deal with two things: + # 1. comma separation and no possibility of trailing comma + # 2. no inclusion directories given at all + # 3. long compiler command lines + # To resolve 1, we need to iterate through the sources of inclusion + # directories, and only add a comma when needed. + # To resolve 2, we need to have a variable that will hold the whole + # inclusion qualifier, or be the empty string if there are no inclusion + # directories. That's the symbol 'qual_includes' that's used in CPPFLAGS + # To resolve 3, we creata a logical name TMP_INCLUDES: to hold the list + # of inclusion directories. + # + # This function returns a list of two lists, one being the collection of + # commands to execute before the compiler is called, and the other being + # the collection of commands to execute after. It takes as arguments the + # collection of strings to include as directory specs. + sub includes { + my @stuff = ( @_ ); + my @before = ( + 'qual_includes :=', + ); + my @after = ( + 'DELETE/SYMBOL/LOCAL qual_includes', + ); + + if (scalar @stuff > 0) { + push @before, 'tmp_includes := '.shift(@stuff); + while (@stuff) { + push @before, 'tmp_add := '.shift(@stuff); + push @before, 'IF tmp_includes .NES. "" .AND. tmp_add .NES. "" THEN tmp_includes = tmp_includes + ","'; + push @before, 'tmp_includes = tmp_includes + tmp_add'; + } + push @before, "IF tmp_includes .NES. \"\" THEN DEFINE tmp_includes 'tmp_includes'"; + push @before, 'IF tmp_includes .NES. "" THEN qual_includes := /INCLUDE=(tmp_includes:)'; + push @before, 'DELETE/SYMBOL/LOCAL tmp_includes'; + push @before, 'DELETE/SYMBOL/LOCAL tmp_add'; + push @after, 'DEASSIGN tmp_includes:' + } + return ([ @before ], [ @after ]); + } + sub generatesrc { my %args = @_; + (my $target = $args{src}) =~ s/\.[sS]$/.asm/; my $generator = join(" ", @{$args{generator}}); my $generator_incs = join("", map { ' "-I'.$_.'"' } @{$args{generator_incs}}); my $deps = join(", -\n\t\t", @{$args{generator_deps}}, @{$args{deps}}); - if ($args{src} !~ /\.[sS]$/) { + if ($target !~ /\.asm$/) { if ($args{generator}->[0] =~ m|^.*\.in$|) { my $dofile = abs2rel(rel2abs(catfile($config{sourcedir}, "util", "dofile.pl")), rel2abs($config{builddir})); return <<"EOF"; -$args{src} : $args{generator}->[0] $deps +$target : $args{generator}->[0] $deps \$(PERL) "-I\$(BLDDIR)" "-Mconfigdata" $dofile \\ - "-o$target{build_file}" $generator > \$@ + "-o$target{build_file}" $generator > \$\@ EOF } else { return <<"EOF"; -$args{src} : $args{generator}->[0] $deps - \$(PERL)$generator_incs $generator > \$@ +$target : $args{generator}->[0] $deps + \$(PERL)$generator_incs $generator > \$\@ EOF } } else { - die "No method to generate assembler source present.\n"; + if ($args{generator}->[0] =~ /\.pl$/) { + $generator = '$(PERL)'.$generator_incs.' '.$generator; + } elsif ($args{generator}->[0] =~ /\.S$/) { + $generator = undef; + } else { + die "Generator type for $src unknown: $generator\n"; + } + + my $cppflags = { + lib => '$(LIB_CFLAGS) $(LIB_CPPFLAGS)', + dso => '$(DSO_CFLAGS) $(DSO_CPPFLAGS)', + bin => '$(BIN_CFLAGS) $(BIN_CPPFLAGS)' + } -> {$args{intent}}; + my @incs_cmds = includes({ lib => '$(LIB_INCLUDES)', + dso => '$(DSO_INCLUDES)', + bin => '$(BIN_INCLUDES)' } -> {$args{intent}}, + '$(CNF_INCLUDES)', + '$(INCLUDES)', + @{$args{incs}}); + my $incs_on = join("\n\t\@ ", @{$incs_cmds[0]}) || '!'; + my $incs_off = join("\n\t\@ ", @{$incs_cmds[1]}) || '!'; + if (defined($generator)) { + # If the target is named foo.S in build.info, we want to + # end up generating foo.s in two steps. + if ($args{src} =~ /\.S$/) { + return <<"EOF"; +$target : $args{generator}->[0] $deps + $generator \$\@-S + \@ $incs_on + PIPE \$(CPP) $cppflags \$\@-S | - + \$(PERL) -ne "/^#(\\s*line)?\\s*[0-9]+\\s+""/ or print" > \$\@-i + \@ $incs_off + RENAME \$\@-i \$\@ + DELETE \$\@-S +EOF + } + # Otherwise.... + return <<"EOF"; +$target : $args{generator}->[0] $deps + $generator \$\@ +EOF + } + return <<"EOF"; +$target : $args{generator}->[0] $deps + \@ $incs_on + SHOW SYMBOL qual_includes + PIPE \$(CPP) $cppflags $args{generator}->[0] | - + \$(PERL) "-ne" "/^#(\\s*line)?\\s*[0-9]+\\s+""/ or print" > \$\@ + \@ $incs_off +EOF } } sub src2obj { my %args = @_; - my $obj = $args{obj}; - my $deps = join(", -\n\t\t", @{$args{srcs}}, @{$args{deps}}); + my @srcs = map { (my $x = $_) =~ s/\.s$/.asm/; $x + } ( @{$args{srcs}} ); + (my $obj = $args{obj}) =~ s|\.o$||; + my $deps = join(", -\n\t\t", @srcs, @{$args{deps}}); # Because VMS C isn't very good at combining a /INCLUDE path with # #includes having a relative directory (like '#include "../foo.h"), @@ -577,48 +836,59 @@ EOF my $objd = abs2rel(rel2abs(dirname($obj)), rel2abs($forward)); my $objn = basename($obj); my $srcs = - join(", ", - map { abs2rel(rel2abs($_), rel2abs($forward)) } @{$args{srcs}}); - my $ecflags = { lib => '$(LIB_CFLAGS)', + join(", ", map { abs2rel(rel2abs($_), rel2abs($forward)) } @srcs); + my $before = $unified_info{before}->{$obj.".OBJ"} || "\@ !"; + my $after = $unified_info{after}->{$obj.".OBJ"} || "\@ !"; + + if ($srcs[0] =~ /\.asm$/) { + my $asflags = { lib => ' $(LIB_ASFLAGS)', + dso => ' $(DSO_ASFLAGS)', + bin => ' $(BIN_ASFLAGS)' } -> {$args{intent}}; + return <<"EOF"; +$obj.OBJ : $deps + ${before} + SET DEFAULT $forward + \$(AS) $asflags \$(ASOUTFLAG)${objd}${objn}.OBJ $srcs + SET DEFAULT $backward +EOF + } + + my $cflags; + if ($args{installed}) { + $cflags = { lib => '$(LIB_CFLAGS)', dso => '$(DSO_CFLAGS)', bin => '$(BIN_CFLAGS)' } -> {$args{intent}}; - my $incs_on = "\@ !"; - my $incs_off = "\@ !"; - my $incs = ""; - my @incs = (); - push @incs, @{$args{incs}} if @{$args{incs}}; - unless ($disabled{zlib}) { - # GNV$ZLIB_INCLUDE is the standard logical name for later zlib - # incarnations. - push @incs, ($withargs{zlib_include} || 'GNV$ZLIB_INCLUDE:'); - } - if (@incs) { - $incs_on = - "DEFINE tmp_includes " - .join(",-\n\t\t\t", map { - file_name_is_absolute($_) - ? $_ : catdir($backward,$_) - } @incs); - $incs_off = "DEASSIGN tmp_includes"; - $incs = " /INCLUDE=(tmp_includes:)"; + } else { + $cflags = { lib => '$(NO_INST_LIB_CFLAGS)', + dso => '$(NO_INST_DSO_CFLAGS)', + bin => '$(NO_INST_BIN_CFLAGS)' } -> {$args{intent}}; } - my $before = $unified_info{before}->{$obj.".OBJ"} || "\@ !"; - my $after = $unified_info{after}->{$obj.".OBJ"} || "\@ !"; + $cflags .= { lib => '$(LIB_CPPFLAGS)', + dso => '$(DSO_CPPFLAGS)', + bin => '$(BIN_CPPFLAGS)' } -> {$args{intent}}; + + my @incs_cmds = includes({ lib => '$(LIB_INCLUDES)', + dso => '$(DSO_INCLUDES)', + bin => '$(BIN_INCLUDES)' } -> {$args{intent}}, + '$(INCLUDES)', + map { + file_name_is_absolute($_) + ? $_ : catdir($backward,$_) + } @{$args{incs}}); + my $incs_on = join("\n\t\@ ", @{$incs_cmds[0]}) || '!'; + my $incs_off = join("\n\t\@ ", @{$incs_cmds[1]}) || '!'; my $depbuild = $disabled{makedepend} ? "" - : " /MMS=(FILE=${objd}${objn}.tmp-D,TARGET=$obj.OBJ)"; + : " /MMS=(FILE=${objd}${objn}.D,TARGET=$obj.OBJ)"; return <<"EOF"; $obj.OBJ : $deps ${before} SET DEFAULT $forward - $incs_on - \$(CC) \$(CFLAGS)${ecflags}${incs}${depbuild} /OBJECT=${objd}${objn}.OBJ /REPOSITORY=$backward $srcs - $incs_off + \@ $incs_on + \$(CC) ${cflags}${depbuild} /OBJECT=${objd}${objn}.OBJ /REPOSITORY=$backward $srcs + \@ $incs_off SET DEFAULT $backward ${after} - \@ PIPE ( \$(PERL) -e "use File::Compare qw/compare_text/; my \$x = compare_text(""$obj.D"",""$obj.tmp-D""); exit(0x10000000 + (\$x == 0));" || - - RENAME $obj.tmp-D $obj.d ) - \@ IF F\$SEARCH("$obj.tmp-D") .NES. "" THEN DELETE $obj.tmp-D;* - PURGE $obj.OBJ EOF } @@ -628,19 +898,14 @@ EOF my $shlib = $args{shlib}; my $libd = dirname($lib); my $libn = basename($lib); - (my $mkdef_key = $libn) =~ s/^${osslprefix_q}lib([^0-9]*)\d*/$1/i; - my @deps = map { - $disabled{shared} ? $_.".OLB" - : $unified_info{sharednames}->{$_}.".EXE"; } @{$args{deps}}; - my $deps = join(", -\n\t\t", @deps); + my @objs = map { (my $x = $_) =~ s|\.o$|.OBJ|; $x } + grep { $_ =~ m|\.o$| } + @{$args{objs}}; + my @defs = grep { $_ =~ /\.opt$/ } @{$args{objs}}; + my @deps = compute_lib_depends(@{$args{deps}}); + die "More than one symbol vector" if scalar @defs > 1; + my $deps = join(", -\n\t\t", @defs, @deps); my $shlib_target = $disabled{shared} ? "" : $target{shared_target}; - my $ordinalsfile = defined($args{ordinals}) ? $args{ordinals}->[1] : ""; - my $engine_opt = abs2rel(rel2abs(catfile($config{sourcedir}, - "VMS", "engine.opt")), - rel2abs($config{builddir})); - my $mkdef_pl = abs2rel(rel2abs(catfile($config{sourcedir}, - "util", "mkdef.pl")), - rel2abs($config{builddir})); my $translatesyms_pl = abs2rel(rel2abs(catfile($config{sourcedir}, "VMS", "translatesyms.pl")), rel2abs($config{builddir})); @@ -648,27 +913,32 @@ EOF # previous line's file spec as default, so if no directory spec # is present in the current line and the previous line has one that # doesn't apply, you're in for a surprise. - my $write_opt = + my $write_opt1 = + join(",-\"\n\t", map { my $x = $_ =~ /\[/ ? $_ : "[]".$_; + "WRITE OPT_FILE \"$x" } @objs). + "\""; + my $write_opt2 = join("\n\t", map { my $x = $_ =~ /\[/ ? $_ : "[]".$_; $x =~ s|(\.EXE)|$1/SHARE|; $x =~ s|(\.OLB)|$1/LIB|; "WRITE OPT_FILE \"$x\"" } @deps) || "\@ !"; - return <<"EOF"; -$shlib.EXE : $lib.OLB $deps $ordinalsfile - \$(PERL) $mkdef_pl "$mkdef_key" "VMS" > $shlib.SYMVEC-tmp - \$(PERL) $translatesyms_pl \$(BLDDIR)CXX\$DEMANGLER_DB. < $shlib.SYMVEC-tmp > $shlib.SYMVEC - DELETE $shlib.SYMVEC-tmp;* - OPEN/WRITE/SHARE=READ OPT_FILE $shlib.OPT - WRITE OPT_FILE "IDENTIFICATION=""V$config{version}""" - TYPE $shlib.SYMVEC /OUTPUT=OPT_FILE: - WRITE OPT_FILE "$lib.OLB/LIBRARY" - $write_opt + return <<"EOF" +$shlib.EXE : $lib.OLB $deps + \$(PERL) $translatesyms_pl \$(BLDDIR)CXX\$DEMANGLER_DB. < $defs[0] > $defs[0]-translated + OPEN/WRITE/SHARE=READ OPT_FILE $lib-components.OPT + $write_opt1 + $write_opt2 CLOSE OPT_FILE - LINK /MAP=$shlib.MAP /FULL/SHARE=$shlib.EXE $shlib.OPT/OPT \$(EX_LIBS) - DELETE $shlib.SYMVEC;* - PURGE $shlib.EXE,$shlib.OPT,$shlib.MAP + LINK \$(LIB_LDFLAGS)/SHARE=\$\@ $defs[0]-translated/OPT,- + $lib-components.OPT/OPT \$(LIB_EX_LIBS) + DELETE $defs[0]-translated;*,$lib-components.OPT;* + PURGE $shlib.EXE,$shlib.MAP EOF + . ($config{target} =~ m|alpha| ? "" : <<"EOF" + SET IMAGE/FLAGS=(NOCALL_DEBUG) \$\@ +EOF + ); } sub obj2dso { my %args = @_; @@ -676,10 +946,8 @@ EOF my $libd = dirname($lib); my $libn = basename($lib); (my $libn_nolib = $libn) =~ s/^lib//; - my @objs = map { "$_.OBJ" } @{$args{objs}}; - my @deps = map { - $disabled{shared} ? $_.".OLB" - : $unified_info{sharednames}->{$_}.".EXE"; } @{$args{deps}}; + my @objs = map { (my $x = $_) =~ s|\.o$|.OBJ|; $x } @{$args{objs}}; + my @deps = compute_lib_depends(@{$args{deps}}); my $deps = join(", -\n\t\t", @objs, @deps); my $shlib_target = $disabled{shared} ? "" : $target{shared_target}; my $engine_opt = abs2rel(rel2abs(catfile($config{sourcedir}, @@ -699,23 +967,28 @@ EOF $x =~ s|(\.OLB)|$1/LIB|; "WRITE OPT_FILE \"$x\"" } @deps) || "\@ !"; - return <<"EOF"; + return <<"EOF" $lib.EXE : $deps OPEN/WRITE/SHARE=READ OPT_FILE $lib.OPT TYPE $engine_opt /OUTPUT=OPT_FILE: $write_opt1 $write_opt2 CLOSE OPT_FILE - LINK /MAP=$lib.MAP /FULL/SHARE=$lib.EXE $lib.OPT/OPT \$(EX_LIBS) + LINK \$(DSO_LDFLAGS)/SHARE=\$\@ $lib.OPT/OPT \$(DSO_EX_LIBS) - PURGE $lib.EXE,$lib.OPT,$lib.MAP EOF + . ($config{target} =~ m|alpha| ? "" : <<"EOF" + SET IMAGE/FLAGS=(NOCALL_DEBUG) \$\@ +EOF + ); } sub obj2lib { my %args = @_; - my $lib = $args{lib}; - my $objs = join(", -\n\t\t", map { $_.".OBJ" } (@{$args{objs}})); - my $fill_lib = join("\n\t", (map { "LIBRARY/REPLACE $lib.OLB $_.OBJ" } - @{$args{objs}})); + (my $lib = $args{lib}) =~ s/\.a$//; + my @objs = map { (my $x = $_) =~ s|\.o$|.OBJ|; $x } @{$args{objs}}; + my $objs = join(", -\n\t\t", @objs); + my $fill_lib = join("\n\t", (map { "LIBRARY/REPLACE $lib.OLB $_" } + @objs)); return <<"EOF"; $lib.OLB : $objs LIBRARY/CREATE/OBJECT $lib.OLB @@ -728,34 +1001,91 @@ EOF my $bin = $args{bin}; my $bind = dirname($bin); my $binn = basename($bin); - my @objs = map { "$_.OBJ" } @{$args{objs}}; - my @deps = map { - $disabled{shared} ? $_.".OLB" - : $unified_info{sharednames}->{$_}.".EXE"; } @{$args{deps}}; + my @objs = map { (my $x = $_) =~ s|\.o$|.OBJ|; $x } @{$args{objs}}; + my $objs = join(",", @objs); + my @deps = compute_lib_depends(@{$args{deps}}); my $deps = join(", -\n\t\t", @objs, @deps); + + my $olb_count = scalar grep(m|\.OLB$|, @deps); + my $analyse_objs = "@ !"; + if ($olb_count > 0) { + my $analyse_quals = + $config{target} =~ m|alpha| ? "/GSD" : "/SECTIONS=SYMTAB"; + $analyse_objs = "- pipe ANALYSE/OBJECT$analyse_quals $objs | SEARCH SYS\$INPUT \"\"\"main\"\"\" ; nomain = \$severity .NE. 1" + } # The "[]" hack is because in .OPT files, each line inherits the # previous line's file spec as default, so if no directory spec # is present in the current line and the previous line has one that # doesn't apply, you're in for a surprise. my $write_opt1 = join(",-\"\n\t", map { my $x = $_ =~ /\[/ ? $_ : "[]".$_; - "WRITE OPT_FILE \"$x" } @objs). + "\@ WRITE OPT_FILE \"$x" } @objs). "\""; my $write_opt2 = - join("\n\t", map { my $x = $_ =~ /\[/ ? $_ : "[]".$_; - $x =~ s|(\.EXE)|$1/SHARE|; - $x =~ s|(\.OLB)|$1/LIB|; - "WRITE OPT_FILE \"$x\"" } @deps) + join("\n\t", map { my @lines = (); + my $x = $_ =~ /\[/ ? $_ : "[]".$_; + if ($x =~ m|\.EXE$|) { + push @lines, "\@ WRITE OPT_FILE \"$x/SHARE\""; + } elsif ($x =~ m|\.OLB$|) { + (my $l = $x) =~ s/\W/_/g; + push @lines, + "\@ IF nomain THEN WRITE OPT_FILE \"$x/LIB\$(INCLUDE_MAIN_$l)\"", + "\@ IF .NOT. nomain THEN WRITE OPT_FILE \"$x/LIB\"" + } + @lines + } @deps) || "\@ !"; - return <<"EOF"; + # The linking commands looks a bit complex, but it's for good reason. + # When you link, say, foo.obj, bar.obj and libsomething.exe/share, and + # bar.obj happens to have a symbol that also exists in libsomething.exe, + # the linker will warn about it, loudly, and will then choose to pick + # the first copy encountered (the one in bar.obj in this example). + # On Unix and on Windows, the corresponding maneuvre goes through + # silently with the same effect. + # With some test programs, made for checking the internals of OpenSSL, + # we do this kind of linking deliberately, picking a few specific object + # files from within [.crypto] or [.ssl] so we can reach symbols that are + # otherwise unreachable (since the shareable images only exports the + # symbols listed in [.util]*.num), and then with the shared libraries + # themselves. So we need to silence the warning about multiply defined + # symbols, to mimic the way linking work on Unix and Windows, and so + # the build isn't interrupted (MMS stops when warnings are signaled, + # by default), and so someone building doesn't have to worry where it + # isn't necessary. If there are other warnings, however, we show them + # and let it break the build. + return <<"EOF" $bin.EXE : $deps - OPEN/WRITE/SHARE=READ OPT_FILE $bin.OPT + $analyse_objs + @ OPEN/WRITE/SHARE=READ OPT_FILE $bin.OPT $write_opt1 $write_opt2 - CLOSE OPT_FILE - LINK/EXEC=$bin.EXE \$(LDFLAGS) $bin.OPT/OPT \$(EX_LIBS) + @ CLOSE OPT_FILE + TYPE $bin.opt ! For debugging + - pipe SPAWN/WAIT/NOLOG/OUT=$bin.LINKLOG - + LINK \$(BIN_LDFLAGS)/EXEC=\$\@ $bin.OPT/OPT \$(BIN_EX_LIBS) ; - + link_status = \$status ; link_severity = link_status .AND. 7 + @ search_severity = 1 + -@ IF link_severity .EQ. 0 THEN - + pipe SEARCH $bin.LINKLOG "%","-"/MATCH=AND | - + SPAWN/WAIT/NOLOG/OUT=NLA0: - + SEARCH SYS\$INPUT: "-W-MULDEF,"/MATCH=NOR ; - + search_severity = \$severity + @ ! search_severity is 3 when the last search didn't find any matching + @ ! string: %SEARCH-I-NOMATCHES, no strings matched + @ ! If that was the result, we pretend linking got through without + @ ! fault or warning. + @ IF search_severity .EQ. 3 THEN link_severity = 1 + @ ! At this point, if link_severity shows that there was a fault + @ ! or warning, make sure to restore the linking status. + -@ IF .NOT. link_severity THEN TYPE $bin.LINKLOG + -@ DELETE $bin.LINKLOG;* + @ IF .NOT. link_severity THEN SPAWN/WAIT/NOLOG EXIT 'link_status' - PURGE $bin.EXE,$bin.OPT EOF + . ($config{target} =~ m|alpha| ? "" : <<"EOF" + SET IMAGE/FLAGS=(NOCALL_DEBUG) \$\@ +EOF + ); } sub in2script { my %args = @_; diff --git a/deps/openssl/openssl/Configurations/dist.conf b/deps/openssl/openssl/Configurations/dist.conf index 4f58dad9141ad3..2a458bcddfa77f 100644 --- a/deps/openssl/openssl/Configurations/dist.conf +++ b/deps/openssl/openssl/Configurations/dist.conf @@ -2,11 +2,11 @@ ## Build configuration targets for openssl-team members # This is to support 'make dist' -%targets = ( +my %targets = ( "dist" => { inherit_from => [ 'BASE_unix' ], - cc => "cc", - cflags => "-O", + CC => "cc", + CFLAGS => "-O", thread_scheme => "(unknown)", }, ); diff --git a/deps/openssl/openssl/Configurations/shared-info.pl b/deps/openssl/openssl/Configurations/shared-info.pl new file mode 100644 index 00000000000000..47eddd68355bb1 --- /dev/null +++ b/deps/openssl/openssl/Configurations/shared-info.pl @@ -0,0 +1,82 @@ +#! /usr/bin/env perl +# -*- mode: perl; -*- +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# This is a collection of extra attributes to be used as input for creating +# shared libraries, currently on any Unix variant, including Unix like +# environments on Windows. + +sub detect_gnu_ld { + my @lines = + `$config{CROSS_COMPILE}$config{CC} -Wl,-V /dev/null 2>&1`; + return grep /^GNU ld/, @lines; +} +sub detect_gnu_cc { + my @lines = + `$config{CROSS_COMPILE}$config{CC} -v 2>&1`; + return grep /gcc/, @lines; +} + +my %shared_info; +%shared_info = ( + 'gnu-shared' => { + shared_ldflag => '-shared -Wl,-Bsymbolic', + shared_sonameflag => '-Wl,-soname=', + }, + 'linux-shared' => sub { + return { + %{$shared_info{'gnu-shared'}}, + shared_defflag => '-Wl,--version-script=', + }; + }, + 'bsd-gcc-shared' => sub { return $shared_info{'linux-shared'}; }, + 'bsd-shared' => sub { + return $shared_info{'gnu-shared'} if detect_gnu_ld(); + return { + shared_ldflag => '-shared -nostdlib', + }; + }, + 'darwin-shared' => { + module_ldflags => '-bundle', + shared_ldflag => '-dynamiclib -current_version $(SHLIB_VERSION_NUMBER) -compatibility_version $(SHLIB_VERSION_NUMBER)', + shared_sonameflag => '-install_name $(INSTALLTOP)/$(LIBDIR)/', + }, + 'cygwin-shared' => { + shared_ldflag => '-shared -Wl,--enable-auto-image-base', + shared_impflag => '-Wl,--out-implib=', + }, + 'mingw-shared' => sub { + return { + %{$shared_info{'cygwin-shared'}}, + # def_flag made to empty string so it still generates + # something + shared_defflag => '', + }; + }, + 'alpha-osf1-shared' => sub { + return $shared_info{'gnu-shared'} if detect_gnu_ld(); + return { + module_ldflags => '-shared -Wl,-Bsymbolic', + shared_ldflag => '-shared -Wl,-Bsymbolic -set_version $(SHLIB_VERSION_NUMBER)', + }; + }, + 'svr3-shared' => sub { + return $shared_info{'gnu-shared'} if detect_gnu_ld(); + return { + shared_ldflag => '-G', + shared_sonameflag => '-h ', + }; + }, + 'svr5-shared' => sub { + return $shared_info{'gnu-shared'} if detect_gnu_ld(); + return { + shared_ldflag => detect_gnu_cc() ? '-shared' : '-G', + shared_sonameflag => '-h ', + }; + }, +); diff --git a/deps/openssl/openssl/Configurations/unix-Makefile.tmpl b/deps/openssl/openssl/Configurations/unix-Makefile.tmpl index 7254478af54767..e7120194ef8c08 100644 --- a/deps/openssl/openssl/Configurations/unix-Makefile.tmpl +++ b/deps/openssl/openssl/Configurations/unix-Makefile.tmpl @@ -12,12 +12,17 @@ our $shlibextsimple = $target{shared_extension_simple} || ".so"; our $shlibextimport = $target{shared_import_extension} || ""; our $dsoext = $target{dso_extension} || ".so"; + our $makedepprog = $disabled{makedepend} ? undef : $config{makedepprog}; sub windowsdll { $config{target} =~ /^(?:Cygwin|mingw)/ } - our $sover = $config{target} =~ /^mingw/ - ? $config{shlib_major}."_".$config{shlib_minor} - : $config{shlib_major}.".".$config{shlib_minor}; + # Shared AIX support is special. We put libcrypto[64].so.ver into + # libcrypto.a and use libcrypto_a.a as static one. + sub sharedaix { !$disabled{shared} && $config{target} =~ /^aix/ } + + our $sover_dirname = $config{shlib_version_number}; + $sover_dirname =~ s|\.|_|g + if $config{target} =~ /^mingw/; # shlib and shlib_simple both take a static library name and figure # out what the shlib name should be. @@ -39,18 +44,24 @@ # removed. On some systems, they may therefore return the exact same # string. sub shlib { - return () if $disabled{shared}; my $lib = shift; - return $unified_info{sharednames}->{$lib}. $shlibvariant. $shlibext; + return () if $disabled{shared} || $lib =~ /\.a$/; + return $unified_info{sharednames}->{$lib}. $shlibvariant. '$(SHLIB_EXT)'; } sub shlib_simple { - return () if $disabled{shared}; - my $lib = shift; + return () if $disabled{shared} || $lib =~ /\.a$/; + if (windowsdll()) { - return $lib . $shlibextimport; + return $lib . '$(SHLIB_EXT_IMPORT)'; } - return $lib . $shlibextsimple; + return $lib . '$(SHLIB_EXT_SIMPLE)'; + } + + # Easy fixing of static library names + sub lib { + (my $lib = shift) =~ s/\.a$//; + return $lib . $libext; } # dso is a complement to shlib / shlib_simple that returns the @@ -84,8 +95,11 @@ SHLIB_VERSION_HISTORY={- $config{shlib_version_history} -} SHLIB_MAJOR={- $config{shlib_major} -} SHLIB_MINOR={- $config{shlib_minor} -} SHLIB_TARGET={- $target{shared_target} -} +SHLIB_EXT={- $shlibext -} +SHLIB_EXT_SIMPLE={- $shlibextsimple -} +SHLIB_EXT_IMPORT={- $shlibextimport -} -LIBS={- join(" ", map { $_.$libext } @{$unified_info{libraries}}) -} +LIBS={- join(" ", map { lib($_) } @{$unified_info{libraries}}) -} SHLIBS={- join(" ", map { shlib($_) } @{$unified_info{libraries}}) -} SHLIB_INFO={- join(" ", map { "\"".shlib($_).";".shlib_simple($_)."\"" } @{$unified_info{libraries}}) -} ENGINES={- join(" ", map { dso($_) } @{$unified_info{engines}}) -} @@ -96,21 +110,18 @@ DEPS={- join(" ", map { (my $x = $_) =~ s|\.o$|$depext|; $x; } grep { $unified_info{sources}->{$_}->[0] =~ /\.c$/ } keys %{$unified_info{sources}}); -} {- output_on() if $disabled{makedepend}; "" -} -GENERATED_MANDATORY={- join(" ", @{$unified_info{depends}->{""}} ) -} -GENERATED={- join(" ", - ( grep { defined $unified_info{generate}->{$_} } - map { @{$unified_info{sources}->{$_}} } - grep { /\.o$/ } keys %{$unified_info{sources}} ), - ( grep { /\.h$/ } keys %{$unified_info{generate}} )) -} - -INSTALL_LIBS={- join(" ", map { $_.$libext } @{$unified_info{install}->{libraries}}) -} +GENERATED_MANDATORY={- join(" ", @{$unified_info{depends}->{""}}) -} +GENERATED={- # common0.tmpl provides @generated + join(" ", @generated ) -} + +INSTALL_LIBS={- join(" ", map { lib($_) } @{$unified_info{install}->{libraries}}) -} INSTALL_SHLIBS={- join(" ", map { shlib($_) } @{$unified_info{install}->{libraries}}) -} INSTALL_SHLIB_INFO={- join(" ", map { "\"".shlib($_).";".shlib_simple($_)."\"" } @{$unified_info{install}->{libraries}}) -} INSTALL_ENGINES={- join(" ", map { dso($_) } @{$unified_info{install}->{engines}}) -} INSTALL_PROGRAMS={- join(" ", map { $_.$exeext } @{$unified_info{install}->{programs}}) -} {- output_off() if $disabled{apps}; "" -} BIN_SCRIPTS=$(BLDDIR)/tools/c_rehash -MISC_SCRIPTS=$(BLDDIR)/apps/CA.pl $(BLDDIR)/apps/tsget +MISC_SCRIPTS=$(BLDDIR)/apps/CA.pl $(BLDDIR)/apps/tsget.pl:tsget {- output_on() if $disabled{apps}; "" -} APPS_OPENSSL={- use File::Spec::Functions; @@ -144,21 +155,26 @@ OPENSSLDIR={- # : catdir($prefix, $config{openssldir})) : catdir($prefix, "ssl"); $openssldir -} -LIBDIR={- # - # if $prefix/lib$target{multilib} is not an existing - # directory, then assume that it's not searched by linker - # automatically, in which case adding $target{multilib} suffix - # causes more grief than we're ready to tolerate, so don't... - our $multilib = - -d "$prefix/lib$target{multilib}" ? $target{multilib} : ""; - our $libdir = $config{libdir} || "lib$multilib"; - $libdir -} -ENGINESDIR={- use File::Spec::Functions; - catdir($prefix,$libdir,"engines-$sover") -} +LIBDIR={- our $libdir = $config{libdir}; + unless ($libdir) { + # + # if $prefix/lib$target{multilib} is not an existing + # directory, then assume that it's not searched by linker + # automatically, in which case adding $target{multilib} suffix + # causes more grief than we're ready to tolerate, so don't... + our $multilib = + -d "$prefix/lib$target{multilib}" ? $target{multilib} : ""; + $libdir = "lib$multilib"; + } + file_name_is_absolute($libdir) ? "" : $libdir -} +# $(libdir) is chosen to be compatible with the GNU coding standards +libdir={- file_name_is_absolute($libdir) + ? $libdir : '$(INSTALLTOP)/$(LIBDIR)' -} +ENGINESDIR=$(libdir)/engines-{- $sover_dirname -} # Convenience variable for those who want to set the rpath in shared # libraries and applications -LIBRPATH=$(INSTALLTOP)/$(LIBDIR) +LIBRPATH=$(libdir) MANDIR=$(INSTALLTOP)/share/man DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME) @@ -170,45 +186,144 @@ HTMLDIR=$(DOCDIR)/html MANSUFFIX= HTMLSUFFIX=html +# For "optional" echo messages, to get "real" silence +ECHO = echo + +##### User defined commands and flags ################################ + +# We let the C compiler driver to take care of .s files. This is done in +# order to be excused from maintaining a separate set of architecture +# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC +# gcc, then the driver will automatically translate it to -xarch=v8plus +# and pass it down to assembler. In any case, we do not define AS or +# ASFLAGS for this reason. + +CROSS_COMPILE={- $config{CROSS_COMPILE} -} +CC=$(CROSS_COMPILE){- $config{CC} -} +CXX={- $config{CXX} ? "\$(CROSS_COMPILE)$config{CXX}" : '' -} +CPPFLAGS={- our $cppflags1 = join(" ", + (map { "-D".$_} @{$config{CPPDEFINES}}), + (map { "-I".$_} @{$config{CPPINCLUDES}}), + @{$config{CPPFLAGS}}) -} +CFLAGS={- join(' ', @{$config{CFLAGS}}) -} +CXXFLAGS={- join(' ', @{$config{CXXFLAGS}}) -} +LDFLAGS= {- join(' ', @{$config{LDFLAGS}}) -} +EX_LIBS= {- join(' ', @{$config{LDLIBS}}) -} + +MAKEDEPEND={- $config{makedepprog} -} + +PERL={- $config{PERL} -} +AR=$(CROSS_COMPILE){- $config{AR} -} +ARFLAGS= {- join(' ', @{$config{ARFLAGS}}) -} +RANLIB={- $config{RANLIB} ? "\$(CROSS_COMPILE)$config{RANLIB}" : "true"; -} +RC= $(CROSS_COMPILE){- $config{RC} -} +RCFLAGS={- join(' ', @{$config{RCFLAGS}}) -} {- $target{shared_rcflag} -} -CROSS_COMPILE= {- $config{cross_compile_prefix} -} -CC= $(CROSS_COMPILE){- $target{cc} -} -CFLAGS={- our $cflags2 = join(" ",(map { "-D".$_} @{$target{defines}}, @{$config{defines}}),"-DOPENSSLDIR=\"\\\"\$(OPENSSLDIR)\\\"\"","-DENGINESDIR=\"\\\"\$(ENGINESDIR)\\\"\"") -} {- $target{cflags} -} {- $config{cflags} -} -CFLAGS_Q={- $cflags2 =~ s|([\\"])|\\$1|g; $cflags2 -} {- $config{cflags} -} -LDFLAGS= {- $target{lflags} -} -PLIB_LDFLAGS= {- $target{plib_lflags} -} -EX_LIBS= {- $target{ex_libs} -} {- $config{ex_libs} -} -LIB_CFLAGS={- $target{shared_cflag} || "" -} -LIB_LDFLAGS={- $target{shared_ldflag}." ".$config{shared_ldflag} -} -DSO_CFLAGS={- $target{shared_cflag} || "" -} -DSO_LDFLAGS=$(LIB_LDFLAGS) -BIN_CFLAGS={- $target{bin_cflags} -} - -PERL={- $config{perl} -} - -ARFLAGS= {- $target{arflags} -} -AR=$(CROSS_COMPILE){- $target{ar} || "ar" -} $(ARFLAGS) r -RANLIB= {- $target{ranlib} -} -NM= $(CROSS_COMPILE){- $target{nm} || "nm" -} -RCFLAGS={- $target{shared_rcflag} -} -RC= $(CROSS_COMPILE){- $target{rc} || "windres" -} RM= rm -f RMDIR= rmdir -TAR= {- $target{tar} || "tar" -} -TARFLAGS= {- $target{tarflags} -} -MAKEDEPEND={- $config{makedepprog} -} +TAR= {- $target{TAR} || "tar" -} +TARFLAGS= {- $target{TARFLAGS} -} BASENAME= openssl NAME= $(BASENAME)-$(VERSION) TARFILE= ../$(NAME).tar -# We let the C compiler driver to take care of .s files. This is done in -# order to be excused from maintaining a separate set of architecture -# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC -# gcc, then the driver will automatically translate it to -xarch=v8plus -# and pass it down to assembler. In any case, we do not define AS or -# ASFLAGS for this reason. +##### Project flags ################################################## + +# Variables starting with CNF_ are common variables for all product types + +CNF_CPPFLAGS={- our $cppflags2 = + join(' ', $target{cppflags} || (), + (map { "-D".$_} @{$target{defines}}, + @{$config{defines}}), + (map { "-I".$_} @{$target{includes}}, + @{$config{includes}}), + @{$config{cppflags}}) -} +CNF_CFLAGS={- join(' ', $target{cflags} || (), + @{$config{cflags}}) -} +CNF_CXXFLAGS={- join(' ', $target{cxxflags} || (), + @{$config{cxxflags}}) -} +CNF_LDFLAGS={- join(' ', $target{lflags} || (), + @{$config{lflags}}) -} +CNF_EX_LIBS={- join(' ', $target{ex_libs} || (), + @{$config{ex_libs}}) -} + +# Variables starting with LIB_ are used to build library object files +# and shared libraries. +# Variables starting with DSO_ are used to build DSOs and their object files. +# Variables starting with BIN_ are used to build programs and their object +# files. + +LIB_CPPFLAGS={- our $lib_cppflags = + join(' ', $target{lib_cppflags} || (), + $target{shared_cppflag} || (), + (map { '-D'.$_ } + @{$config{lib_defines}}, + @{$config{shared_defines}}), + @{$config{lib_cppflags}}, + @{$config{shared_cppflag}}); + join(' ', $lib_cppflags, + (map { '-D'.$_ } + 'OPENSSLDIR="\"$(OPENSSLDIR)\""', + 'ENGINESDIR="\"$(ENGINESDIR)\""'), + '$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -} +LIB_CFLAGS={- join(' ', $target{lib_cflags} || (), + $target{shared_cflag} || (), + @{$config{lib_cflags}}, + @{$config{shared_cflag}}, + '$(CNF_CFLAGS)', '$(CFLAGS)') -} +LIB_CXXFLAGS={- join(' ', $target{lib_cxxflags} || (), + $target{shared_cxxflag} || (), + @{$config{lib_cxxflags}}, + @{$config{shared_cxxflag}}, + '$(CNF_CXXFLAGS)', '$(CXXFLAGS)') -} +LIB_LDFLAGS={- join(' ', $target{shared_ldflag} || (), + $config{shared_ldflag} || (), + '$(CNF_LDFLAGS)', '$(LDFLAGS)') -} +LIB_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS) +DSO_CPPFLAGS={- join(' ', $target{dso_cppflags} || (), + $target{module_cppflags} || (), + @{$config{dso_cppflags}}, + @{$config{module_cppflags}}, + '$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -} +DSO_CFLAGS={- join(' ', $target{dso_cflags} || (), + $target{module_cflags} || (), + @{$config{dso_cflags}}, + @{$config{module_cflags}}, + '$(CNF_CFLAGS)', '$(CFLAGS)') -} +DSO_CXXFLAGS={- join(' ', $target{dso_cxxflags} || (), + $target{module_cxxflags} || (), + @{$config{dso_cxxflags}}, + @{$config{module_cxxflag}}, + '$(CNF_CXXFLAGS)', '$(CXXFLAGS)') -} +DSO_LDFLAGS={- join(' ', $target{dso_ldflags} || (), + $target{module_ldflags} || (), + @{$config{dso_ldflags}}, + @{$config{module_ldflags}}, + '$(CNF_LDFLAGS)', '$(LDFLAGS)') -} +DSO_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS) +BIN_CPPFLAGS={- join(' ', $target{bin_cppflags} || (), + @{$config{bin_cppflags}}, + '$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -} +BIN_CFLAGS={- join(' ', $target{bin_cflags} || (), + @{$config{bin_cflags}}, + '$(CNF_CFLAGS)', '$(CFLAGS)') -} +BIN_CXXFLAGS={- join(' ', $target{bin_cxxflags} || (), + @{$config{bin_cxxflags}}, + '$(CNF_CXXFLAGS)', '$(CXXFLAGS)') -} +BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (), + @{$config{bin_lflags}}, + '$(CNF_LDFLAGS)', '$(LDFLAGS)') -} +BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS) + +# CPPFLAGS_Q is used for one thing only: to build up buildinf.h +CPPFLAGS_Q={- $cppflags1 =~ s|([\\"])|\\$1|g; + $cppflags2 =~ s|([\\"])|\\$1|g; + $lib_cppflags =~ s|([\\"])|\\$1|g; + join(' ', $lib_cppflags || (), $cppflags2 || (), + $cppflags1 || ()) -} + PERLASM_SCHEME= {- $target{perlasm_scheme} -} # For x86 assembler: Set PROCESSOR to 386 if you want to support @@ -242,6 +357,11 @@ build_apps build_tests: build_programs # Convenience target to prebuild all generated files, not just the mandatory # ones build_all_generated: $(GENERATED_MANDATORY) $(GENERATED) + @ : {- output_off() if $disabled{makedepend}; "" -} + @echo "Warning: consider configuring with no-makedepend, because if" + @echo " target system doesn't have $(PERL)," + @echo " then make will fail..." + @ : {- output_on() if $disabled{makedepend}; "" -} test: tests {- dependmagic('tests'); -}: build_programs_nodep build_engines_nodep link-utils @@ -253,7 +373,7 @@ test: tests RESULT_D=test-runs \ PERL="$(PERL)" \ EXE_EXT={- $exeext -} \ - OPENSSL_ENGINES=`cd ../$(BLDDIR)/engines; pwd` \ + OPENSSL_ENGINES=`cd ../$(BLDDIR)/engines 2>/dev/null && pwd` \ OPENSSL_DEBUG_MEMORY=on \ $(PERL) ../$(SRCDIR)/test/run_tests.pl $(TESTS) ) @ : {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -} @@ -274,12 +394,16 @@ uninstall: uninstall_docs uninstall_sw libclean: @set -e; for s in $(SHLIB_INFO); do \ + if [ "$$s" = ";" ]; then continue; fi; \ s1=`echo "$$s" | cut -f1 -d";"`; \ s2=`echo "$$s" | cut -f2 -d";"`; \ - echo $(RM) $$s1; \ + $(ECHO) $(RM) $$s1; {- output_off() unless windowsdll(); "" -}\ + $(RM) apps/$$s1; \ + $(RM) test/$$s1; \ + $(RM) fuzz/$$s1; {- output_on() unless windowsdll(); "" -}\ $(RM) $$s1; \ if [ "$$s1" != "$$s2" ]; then \ - echo $(RM) $$s2; \ + $(ECHO) $(RM) $$s2; \ $(RM) $$s2; \ fi; \ done @@ -288,14 +412,14 @@ libclean: clean: libclean $(RM) $(PROGRAMS) $(TESTPROGS) $(ENGINES) $(SCRIPTS) - $(RM) $(GENERATED) - -$(RM) `find . -name '*{- $depext -}' -a \! -path "./.git/*"` - -$(RM) `find . -name '*{- $objext -}' -a \! -path "./.git/*"` + $(RM) $(GENERATED_MANDATORY) $(GENERATED) + -$(RM) `find . -name .git -prune -o -name '*{- $depext -}' -print` + -$(RM) `find . -name .git -prune -o -name '*{- $objext -}' -print` $(RM) core $(RM) tags TAGS doc-nits $(RM) -r test/test-runs $(RM) openssl.pc libcrypto.pc libssl.pc - -$(RM) `find . -type l -a \! -path "./.git/*"` + -$(RM) `find . -name .git -prune -o -type l -print` $(RM) $(TARFILE) distclean: clean @@ -306,19 +430,9 @@ distclean: clean # concatenate only if that is true. depend: @: {- output_off() if $disabled{makedepend}; "" -} - @if egrep "^# DO NOT DELETE THIS LINE" Makefile >/dev/null && [ -z "`find $(DEPS) -newer Makefile 2>/dev/null; exit 0`" ]; then :; else \ - ( $(PERL) -pe 'exit 0 if /^# DO NOT DELETE THIS LINE.*/' < Makefile; \ - echo '# DO NOT DELETE THIS LINE -- make depend depends on it.'; \ - echo; \ - for f in $(DEPS); do \ - if [ -f $$f ]; then cat $$f; fi; \ - done ) > Makefile.new; \ - if cmp Makefile.new Makefile >/dev/null 2>&1; then \ - rm -f Makefile.new; \ - else \ - mv -f Makefile.new Makefile; \ - fi; \ - fi + @$(PERL) $(SRCDIR)/util/add-depends.pl {- + defined $makedepprog && $makedepprog =~ /\/makedepend/ + ? 'makedepend' : 'gcc' -} @: {- output_on() if $disabled{makedepend}; "" -} # Install helper targets ############################################# @@ -338,48 +452,70 @@ install_ssldirs: @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/misc @set -e; for x in dummy $(MISC_SCRIPTS); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ - fn=`basename $$x`; \ - echo "install $$x -> $(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \ - cp $$x $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new; \ + x1=`echo "$$x" | cut -f1 -d:`; \ + x2=`echo "$$x" | cut -f2 -d:`; \ + fn=`basename $$x1`; \ + $(ECHO) "install $$x1 -> $(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \ + cp $$x1 $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new; \ chmod 755 $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new; \ mv -f $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new \ $(DESTDIR)$(OPENSSLDIR)/misc/$$fn; \ + if [ "$$x1" != "$$x2" ]; then \ + ln=`basename "$$x2"`; \ + : {- output_off() unless windowsdll(); "" -}; \ + $(ECHO) "copy $(DESTDIR)$(OPENSSLDIR)/misc/$$ln -> $(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \ + cp $(DESTDIR)$(OPENSSLDIR)/misc/$$fn $(DESTDIR)$(OPENSSLDIR)/misc/$$ln; \ + : {- output_on() unless windowsdll(); + output_off() if windowsdll(); "" -}; \ + $(ECHO) "link $(DESTDIR)$(OPENSSLDIR)/misc/$$ln -> $(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \ + ln -sf $$fn $(DESTDIR)$(OPENSSLDIR)/misc/$$ln; \ + : {- output_on() if windowsdll(); "" -}; \ + fi; \ done - @echo "install $(SRCDIR)/apps/openssl.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist" + @$(ECHO) "install $(SRCDIR)/apps/openssl.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist" @cp $(SRCDIR)/apps/openssl.cnf $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new @chmod 644 $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new @mv -f $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist - @if ! [ -f "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf" ]; then \ - echo "install $(SRCDIR)/apps/openssl.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl.cnf"; \ + @if [ ! -f "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf" ]; then \ + $(ECHO) "install $(SRCDIR)/apps/openssl.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl.cnf"; \ cp $(SRCDIR)/apps/openssl.cnf $(DESTDIR)$(OPENSSLDIR)/openssl.cnf; \ chmod 644 $(DESTDIR)$(OPENSSLDIR)/openssl.cnf; \ fi + @$(ECHO) "install $(SRCDIR)/apps/ct_log_list.cnf -> $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.dist" + @cp $(SRCDIR)/apps/ct_log_list.cnf $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new + @chmod 644 $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new + @mv -f $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.dist + @if [ ! -f "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf" ]; then \ + $(ECHO) "install $(SRCDIR)/apps/ct_log_list.cnf -> $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf"; \ + cp $(SRCDIR)/apps/ct_log_list.cnf $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf; \ + chmod 644 $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf; \ + fi install_dev: install_runtime_libs @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) - @echo "*** Installing development files" + @$(ECHO) "*** Installing development files" @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/include/openssl - @ : {- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -} - @echo "install $(SRCDIR)/ms/applink.c -> $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c" + @ : {- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -} + @$(ECHO) "install $(SRCDIR)/ms/applink.c -> $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c" @cp $(SRCDIR)/ms/applink.c $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c @chmod 644 $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c - @ : {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -} + @ : {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -} @set -e; for i in $(SRCDIR)/include/openssl/*.h \ $(BLDDIR)/include/openssl/*.h; do \ fn=`basename $$i`; \ - echo "install $$i -> $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn"; \ + $(ECHO) "install $$i -> $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn"; \ cp $$i $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn; \ chmod 644 $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn; \ done - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/$(LIBDIR) + @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(libdir) @set -e; for l in $(INSTALL_LIBS); do \ fn=`basename $$l`; \ - echo "install $$l -> $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn"; \ - cp $$l $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn.new; \ - $(RANLIB) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn.new; \ - chmod 644 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn.new; \ - mv -f $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn.new \ - $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn; \ + $(ECHO) "install $$l -> $(DESTDIR)$(libdir)/$$fn"; \ + cp $$l $(DESTDIR)$(libdir)/$$fn.new; \ + $(RANLIB) $(DESTDIR)$(libdir)/$$fn.new; \ + chmod 644 $(DESTDIR)$(libdir)/$$fn.new; \ + mv -f $(DESTDIR)$(libdir)/$$fn.new \ + $(DESTDIR)$(libdir)/$$fn; \ done @ : {- output_off() if $disabled{shared}; "" -} @set -e; for s in $(INSTALL_SHLIB_INFO); do \ @@ -387,54 +523,64 @@ install_dev: install_runtime_libs s2=`echo "$$s" | cut -f2 -d";"`; \ fn1=`basename $$s1`; \ fn2=`basename $$s2`; \ - : {- output_off() if windowsdll(); "" -}; \ - echo "install $$s1 -> $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn1"; \ - cp $$s1 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn1.new; \ - chmod 755 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn1.new; \ - mv -f $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn1.new \ - $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn1; \ + : {- output_off(); output_on() unless windowsdll() or sharedaix(); "" -}; \ if [ "$$fn1" != "$$fn2" ]; then \ - echo "link $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2 -> $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn1"; \ - ln -sf $$fn1 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2; \ + $(ECHO) "link $(DESTDIR)$(libdir)/$$fn2 -> $(DESTDIR)$(libdir)/$$fn1"; \ + ln -sf $$fn1 $(DESTDIR)$(libdir)/$$fn2; \ fi; \ - : {- output_on() if windowsdll(); "" -}{- output_off() unless windowsdll(); "" -}; \ - echo "install $$s2 -> $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2"; \ - cp $$s2 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2.new; \ - chmod 755 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2.new; \ - mv -f $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2.new \ - $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2; \ - : {- output_on() unless windowsdll(); "" -}; \ + : {- output_off() unless windowsdll() or sharedaix(); output_on() if windowsdll(); "" -}; \ + $(ECHO) "install $$s2 -> $(DESTDIR)$(libdir)/$$fn2"; \ + cp $$s2 $(DESTDIR)$(libdir)/$$fn2.new; \ + chmod 755 $(DESTDIR)$(libdir)/$$fn2.new; \ + mv -f $(DESTDIR)$(libdir)/$$fn2.new \ + $(DESTDIR)$(libdir)/$$fn2; \ + : {- output_off() if windowsdll(); output_on() if sharedaix(); "" -}; \ + a=$(DESTDIR)$(libdir)/$$fn2; \ + $(ECHO) "install $$s1 -> $$a"; \ + if [ -f $$a ]; then ( trap "rm -rf /tmp/ar.$$$$" INT 0; \ + mkdir /tmp/ar.$$$$; ( cd /tmp/ar.$$$$; \ + cp -f $$a $$a.new; \ + for so in `$(AR) t $$a`; do \ + $(AR) x $$a $$so; \ + chmod u+w $$so; \ + strip -X32_64 -e $$so; \ + $(AR) r $$a.new $$so; \ + done; \ + )); fi; \ + $(AR) r $$a.new $$s1; \ + mv -f $$a.new $$a; \ + : {- output_off() if sharedaix(); output_on(); "" -}; \ done @ : {- output_on() if $disabled{shared}; "" -} - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig - @echo "install libcrypto.pc -> $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc" - @cp libcrypto.pc $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig - @chmod 644 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc - @echo "install libssl.pc -> $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc" - @cp libssl.pc $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig - @chmod 644 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc - @echo "install openssl.pc -> $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc" - @cp openssl.pc $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig - @chmod 644 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc - -uninstall_dev: - @echo "*** Uninstalling development files" - @ : {- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -} - @echo "$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c" + @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(libdir)/pkgconfig + @$(ECHO) "install libcrypto.pc -> $(DESTDIR)$(libdir)/pkgconfig/libcrypto.pc" + @cp libcrypto.pc $(DESTDIR)$(libdir)/pkgconfig + @chmod 644 $(DESTDIR)$(libdir)/pkgconfig/libcrypto.pc + @$(ECHO) "install libssl.pc -> $(DESTDIR)$(libdir)/pkgconfig/libssl.pc" + @cp libssl.pc $(DESTDIR)$(libdir)/pkgconfig + @chmod 644 $(DESTDIR)$(libdir)/pkgconfig/libssl.pc + @$(ECHO) "install openssl.pc -> $(DESTDIR)$(libdir)/pkgconfig/openssl.pc" + @cp openssl.pc $(DESTDIR)$(libdir)/pkgconfig + @chmod 644 $(DESTDIR)$(libdir)/pkgconfig/openssl.pc + +uninstall_dev: uninstall_runtime_libs + @$(ECHO) "*** Uninstalling development files" + @ : {- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -} + @$(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c" @$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c - @ : {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -} + @ : {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -} @set -e; for i in $(SRCDIR)/include/openssl/*.h \ $(BLDDIR)/include/openssl/*.h; do \ fn=`basename $$i`; \ - echo "$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn"; \ + $(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn"; \ $(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn; \ done -$(RMDIR) $(DESTDIR)$(INSTALLTOP)/include/openssl -$(RMDIR) $(DESTDIR)$(INSTALLTOP)/include @set -e; for l in $(INSTALL_LIBS); do \ fn=`basename $$l`; \ - echo "$(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn"; \ - $(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn; \ + $(ECHO) "$(RM) $(DESTDIR)$(libdir)/$$fn"; \ + $(RM) $(DESTDIR)$(libdir)/$$fn; \ done @ : {- output_off() if $disabled{shared}; "" -} @set -e; for s in $(INSTALL_SHLIB_INFO); do \ @@ -443,32 +589,32 @@ uninstall_dev: fn1=`basename $$s1`; \ fn2=`basename $$s2`; \ : {- output_off() if windowsdll(); "" -}; \ - echo "$(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn1"; \ - $(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn1; \ - if [ "$$fn1" != "$$fn2" ]; then \ - echo "$(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2"; \ - $(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2; \ + $(ECHO) "$(RM) $(DESTDIR)$(libdir)/$$fn2"; \ + $(RM) $(DESTDIR)$(libdir)/$$fn2; \ + if [ "$$fn1" != "$$fn2" -a -f "$(DESTDIR)$(libdir)/$$fn1" ]; then \ + $(ECHO) "$(RM) $(DESTDIR)$(libdir)/$$fn1"; \ + $(RM) $(DESTDIR)$(libdir)/$$fn1; \ fi; \ : {- output_on() if windowsdll(); "" -}{- output_off() unless windowsdll(); "" -}; \ - echo "$(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2"; \ - $(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2; \ + $(ECHO) "$(RM) $(DESTDIR)$(libdir)/$$fn2"; \ + $(RM) $(DESTDIR)$(libdir)/$$fn2; \ : {- output_on() unless windowsdll(); "" -}; \ done @ : {- output_on() if $disabled{shared}; "" -} - $(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc - $(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc - $(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc - -$(RMDIR) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig - -$(RMDIR) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR) + $(RM) $(DESTDIR)$(libdir)/pkgconfig/libcrypto.pc + $(RM) $(DESTDIR)$(libdir)/pkgconfig/libssl.pc + $(RM) $(DESTDIR)$(libdir)/pkgconfig/openssl.pc + -$(RMDIR) $(DESTDIR)$(libdir)/pkgconfig + -$(RMDIR) $(DESTDIR)$(libdir) install_engines: install_runtime_libs build_engines @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(ENGINESDIR)/ - @echo "*** Installing engines" + @$(ECHO) "*** Installing engines" @set -e; for e in dummy $(INSTALL_ENGINES); do \ if [ "$$e" = "dummy" ]; then continue; fi; \ fn=`basename $$e`; \ - echo "install $$e -> $(DESTDIR)$(ENGINESDIR)/$$fn"; \ + $(ECHO) "install $$e -> $(DESTDIR)$(ENGINESDIR)/$$fn"; \ cp $$e $(DESTDIR)$(ENGINESDIR)/$$fn.new; \ chmod 755 $(DESTDIR)$(ENGINESDIR)/$$fn.new; \ mv -f $(DESTDIR)$(ENGINESDIR)/$$fn.new \ @@ -476,14 +622,14 @@ install_engines: install_runtime_libs build_engines done uninstall_engines: - @echo "*** Uninstalling engines" + @$(ECHO) "*** Uninstalling engines" @set -e; for e in dummy $(INSTALL_ENGINES); do \ if [ "$$e" = "dummy" ]; then continue; fi; \ fn=`basename $$e`; \ if [ "$$fn" = '{- dso("ossltest") -}' ]; then \ continue; \ fi; \ - echo "$(RM) $(DESTDIR)$(ENGINESDIR)/$$fn"; \ + $(ECHO) "$(RM) $(DESTDIR)$(ENGINESDIR)/$$fn"; \ $(RM) $(DESTDIR)$(ENGINESDIR)/$$fn; \ done -$(RMDIR) $(DESTDIR)$(ENGINESDIR) @@ -493,35 +639,37 @@ install_runtime: install_programs install_runtime_libs: build_libs @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) @ : {- output_off() if windowsdll(); "" -} - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/$(LIBDIR) - @ : {- output_on() if windowsdll(); "" -} - @echo "*** Installing runtime files" + @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(libdir) + @ : {- output_on() if windowsdll(); output_off() unless windowsdll(); "" -} + @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/bin + @ : {- output_on() unless windowsdll(); "" -} + @$(ECHO) "*** Installing runtime libraries" @set -e; for s in dummy $(INSTALL_SHLIBS); do \ if [ "$$s" = "dummy" ]; then continue; fi; \ fn=`basename $$s`; \ : {- output_off() unless windowsdll(); "" -}; \ - echo "install $$s -> $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ + $(ECHO) "install $$s -> $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ cp $$s $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \ chmod 644 $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \ mv -f $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new \ $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \ : {- output_on() unless windowsdll(); "" -}{- output_off() if windowsdll(); "" -}; \ - echo "install $$s -> $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn"; \ - cp $$s $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn.new; \ - chmod 755 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn.new; \ - mv -f $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn.new \ - $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn; \ + $(ECHO) "install $$s -> $(DESTDIR)$(libdir)/$$fn"; \ + cp $$s $(DESTDIR)$(libdir)/$$fn.new; \ + chmod 755 $(DESTDIR)$(libdir)/$$fn.new; \ + mv -f $(DESTDIR)$(libdir)/$$fn.new \ + $(DESTDIR)$(libdir)/$$fn; \ : {- output_on() if windowsdll(); "" -}; \ done install_programs: install_runtime_libs build_programs @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/bin - @echo "*** Installing runtime programs" + @$(ECHO) "*** Installing runtime programs" @set -e; for x in dummy $(INSTALL_PROGRAMS); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ - echo "install $$x -> $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ + $(ECHO) "install $$x -> $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ cp $$x $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \ chmod 755 $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \ mv -f $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new \ @@ -530,7 +678,7 @@ install_programs: install_runtime_libs build_programs @set -e; for x in dummy $(BIN_SCRIPTS); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ - echo "install $$x -> $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ + $(ECHO) "install $$x -> $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ cp $$x $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \ chmod 755 $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \ mv -f $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new \ @@ -540,30 +688,30 @@ install_programs: install_runtime_libs build_programs uninstall_runtime: uninstall_programs uninstall_runtime_libs uninstall_programs: - @echo "*** Uninstalling runtime programs" + @$(ECHO) "*** Uninstalling runtime programs" @set -e; for x in dummy $(INSTALL_PROGRAMS); \ do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ - echo "$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ + $(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ $(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \ done; @set -e; for x in dummy $(BIN_SCRIPTS); \ do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ - echo "$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ + $(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ $(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \ done -$(RMDIR) $(DESTDIR)$(INSTALLTOP)/bin uninstall_runtime_libs: - @echo "*** Uninstalling runtime libraries" + @$(ECHO) "*** Uninstalling runtime libraries" @ : {- output_off() unless windowsdll(); "" -} @set -e; for s in dummy $(INSTALL_SHLIBS); do \ if [ "$$s" = "dummy" ]; then continue; fi; \ fn=`basename $$s`; \ - echo "$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ + $(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ $(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \ done @ : {- output_on() unless windowsdll(); "" -} @@ -571,24 +719,24 @@ uninstall_runtime_libs: install_man_docs: @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) - @echo "*** Installing manpages" + @$(ECHO) "*** Installing manpages" $(PERL) $(SRCDIR)/util/process_docs.pl \ --destdir=$(DESTDIR)$(MANDIR) --type=man --suffix=$(MANSUFFIX) uninstall_man_docs: - @echo "*** Uninstalling manpages" + @$(ECHO) "*** Uninstalling manpages" $(PERL) $(SRCDIR)/util/process_docs.pl \ --destdir=$(DESTDIR)$(MANDIR) --type=man --suffix=$(MANSUFFIX) \ --remove install_html_docs: @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) - @echo "*** Installing HTML manpages" + @$(ECHO) "*** Installing HTML manpages" $(PERL) $(SRCDIR)/util/process_docs.pl \ --destdir=$(DESTDIR)$(HTMLDIR) --type=html uninstall_html_docs: - @echo "*** Uninstalling manpages" + @$(ECHO) "*** Uninstalling manpages" $(PERL) $(SRCDIR)/util/process_docs.pl \ --destdir=$(DESTDIR)$(HTMLDIR) --type=html --remove @@ -598,11 +746,13 @@ uninstall_html_docs: update: generate errors ordinals generate: generate_apps generate_crypto_bn generate_crypto_objects \ - generate_crypto_conf generate_crypto_asn1 + generate_crypto_conf generate_crypto_asn1 generate_fuzz_oids +.PHONY: doc-nits doc-nits: - (cd $(SRCDIR); $(PERL) util/find-doc-nits -n ) >doc-nits - if [ -s doc-nits ] ; then cat doc-nits; rm doc-nits ; exit 1; fi + (cd $(SRCDIR); $(PERL) util/find-doc-nits -n -p ) >doc-nits + @if [ -s doc-nits ] ; then cat doc-nits ; exit 1; \ + else echo 'doc-nits: no errors.'; rm doc-nits ; fi # Test coverage is a good idea for the future #coverage: $(PROGRAMS) $(TESTPROGRAMS) @@ -619,13 +769,18 @@ generate_crypto_bn: ( cd $(SRCDIR); $(PERL) crypto/bn/bn_prime.pl > crypto/bn/bn_prime.h ) generate_crypto_objects: + ( cd $(SRCDIR); $(PERL) crypto/objects/objects.pl -n \ + crypto/objects/objects.txt \ + crypto/objects/obj_mac.num \ + > crypto/objects/obj_mac.new && \ + mv crypto/objects/obj_mac.new crypto/objects/obj_mac.num ) ( cd $(SRCDIR); $(PERL) crypto/objects/objects.pl \ crypto/objects/objects.txt \ crypto/objects/obj_mac.num \ - include/openssl/obj_mac.h ) + > include/openssl/obj_mac.h ) ( cd $(SRCDIR); $(PERL) crypto/objects/obj_dat.pl \ include/openssl/obj_mac.h \ - crypto/objects/obj_dat.h ) + > crypto/objects/obj_dat.h ) ( cd $(SRCDIR); $(PERL) crypto/objects/objxref.pl \ crypto/objects/obj_mac.num \ crypto/objects/obj_xref.txt \ @@ -639,14 +794,24 @@ generate_crypto_asn1: ( cd $(SRCDIR); $(PERL) crypto/asn1/charmap.pl \ > crypto/asn1/charmap.h ) +generate_fuzz_oids: + ( cd $(SRCDIR); $(PERL) fuzz/mkfuzzoids.pl \ + crypto/objects/obj_dat.h \ + > fuzz/oids.txt ) + +# Set to -force to force a rebuild +ERROR_REBUILD= errors: - ( cd $(SRCDIR); $(PERL) util/ck_errf.pl -strict */*.c */*/*.c ) - ( cd $(SRCDIR); $(PERL) util/mkerr.pl -recurse -write ) - ( cd $(SRCDIR)/engines; \ - for e in *.ec; do \ - $(PERL) ../util/mkerr.pl -conf $$e \ - -nostatic -staticloader -write *.c; \ - done ) + ( b=`pwd`; set -e; cd $(SRCDIR); \ + $(PERL) util/ck_errf.pl -strict -internal; \ + $(PERL) -I$$b util/mkerr.pl $(ERROR_REBUILD) -internal ) + ( b=`pwd`; set -e; cd $(SRCDIR)/engines; \ + for E in *.ec ; do \ + $(PERL) ../util/ck_errf.pl -strict \ + -conf $$E `basename $$E .ec`.c; \ + $(PERL) -I$$b ../util/mkerr.pl $(ERROR_REBUILD) -static \ + -conf $$E `basename $$E .ec`.c ; \ + done ) ordinals: ( b=`pwd`; cd $(SRCDIR); $(PERL) -I$$b util/mkdef.pl crypto update ) @@ -667,7 +832,7 @@ tags TAGS: FORCE # If your tar command doesn't support --owner and --group, make sure to # use one that does, for example GNU tar -TAR_COMMAND=$(TAR) $(TARFLAGS) --owner 0 --group 0 -cvf - +TAR_COMMAND=$(TAR) $(TARFLAGS) --owner 0 --group 0 -cf - PREPARE_CMD=: tar: set -e; \ @@ -675,7 +840,8 @@ tar: DISTDIR=$(NAME); \ mkdir -p $$TMPDIR/$$DISTDIR; \ (cd $(SRCDIR); \ - excl_re="^(fuzz/corpora|Configurations/.*\.norelease\.conf)"; \ + excl_re=`git submodule status | sed -e 's/^.//' | cut -d' ' -f2`; \ + excl_re="^(fuzz/corpora|Configurations/.*\.norelease\.conf|`echo $$excl_re | sed -e 's/ /$$|/g'`\$$)"; \ echo "$$excl_re"; \ git ls-tree -r --name-only --full-tree HEAD \ | egrep -v "$$excl_re" \ @@ -694,7 +860,7 @@ tar: cd $(SRCDIR); ls -l $(TARFILE).gz dist: - @$(MAKE) PREPARE_CMD='$(PERL) ./Configure dist' tar + @$(MAKE) PREPARE_CMD='$(PERL) ./Configure dist' TARFILE="$(TARFILE)" NAME="$(NAME)" tar # Helper targets ##################################################### @@ -714,21 +880,29 @@ libcrypto.pc libssl.pc openssl.pc: configdata.pm $(LIBS) {- join(" ",map { shlib libcrypto.pc: @ ( echo 'prefix=$(INSTALLTOP)'; \ echo 'exec_prefix=$${prefix}'; \ - echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \ + if [ -n "$(LIBDIR)" ]; then \ + echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \ + else \ + echo 'libdir=$(libdir)'; \ + fi; \ echo 'includedir=$${prefix}/include'; \ - echo 'enginesdir=$${libdir}/engines-{- $sover -}'; \ + echo 'enginesdir=$${libdir}/engines-{- $sover_dirname -}'; \ echo ''; \ echo 'Name: OpenSSL-libcrypto'; \ echo 'Description: OpenSSL cryptography library'; \ echo 'Version: '$(VERSION); \ echo 'Libs: -L$${libdir} -lcrypto'; \ - echo 'Libs.private: $(EX_LIBS)'; \ + echo 'Libs.private: $(LIB_EX_LIBS)'; \ echo 'Cflags: -I$${includedir}' ) > libcrypto.pc libssl.pc: @ ( echo 'prefix=$(INSTALLTOP)'; \ echo 'exec_prefix=$${prefix}'; \ - echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \ + if [ -n "$(LIBDIR)" ]; then \ + echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \ + else \ + echo 'libdir=$(libdir)'; \ + fi; \ echo 'includedir=$${prefix}/include'; \ echo ''; \ echo 'Name: OpenSSL-libssl'; \ @@ -741,7 +915,11 @@ libssl.pc: openssl.pc: @ ( echo 'prefix=$(INSTALLTOP)'; \ echo 'exec_prefix=$${prefix}'; \ - echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \ + if [ -n "$(LIBDIR)" ]; then \ + echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \ + else \ + echo 'libdir=$(libdir)'; \ + fi; \ echo 'includedir=$${prefix}/include'; \ echo ''; \ echo 'Name: OpenSSL'; \ @@ -751,8 +929,7 @@ openssl.pc: configdata.pm: $(SRCDIR)/Configure $(SRCDIR)/config {- join(" ", @{$config{build_file_templates}}, @{$config{build_infos}}, @{$config{conf_files}}) -} @echo "Detected changed: $?" - @echo "Reconfiguring..." - $(PERL) $(SRCDIR)/Configure reconf + $(PERL) configdata.pm -r @echo "**************************************************" @echo "*** ***" @echo "*** Please run the same make command again ***" @@ -760,6 +937,9 @@ configdata.pm: $(SRCDIR)/Configure $(SRCDIR)/config {- join(" ", @{$config{build @echo "**************************************************" @false +reconfigure reconf: + $(PERL) configdata.pm -r + {- use File::Basename; use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs/; @@ -768,13 +948,13 @@ configdata.pm: $(SRCDIR)/Configure $(SRCDIR)/config {- join(" ", @{$config{build # It takes a list of library names and outputs a list of dependencies sub compute_lib_depends { if ($disabled{shared}) { - return map { $_.$libext } @_; + return map { lib($_) } @_; } # Depending on shared libraries: # On Windows POSIX layers, we depend on {libname}.dll.a # On Unix platforms, we depend on {shlibname}.so - return map { shlib_simple($_) } @_; + return map { $_ =~ /\.a$/ ? $`.$libext : shlib_simple($_) } @_; } sub generatesrc { @@ -811,6 +991,11 @@ EOF die "Generator type for $args{src} unknown: $generator\n"; } + my $cppflags = { + lib => '$(LIB_CFLAGS) $(LIB_CPPFLAGS)', + dso => '$(DSO_CFLAGS) $(DSO_CPPFLAGS)', + bin => '$(BIN_CFLAGS) $(BIN_CPPFLAGS)' + } -> {$args{intent}}; if (defined($generator)) { return <<"EOF"; $args{src}: $args{generator}->[0] $deps @@ -819,7 +1004,7 @@ EOF } return <<"EOF"; $args{src}: $args{generator}->[0] $deps - \$(CC) $incs \$(CFLAGS) -E $args{generator}->[0] | \\ + \$(CC) $incs $cppflags -E $args{generator}->[0] | \\ \$(PERL) -ne '/^#(line)?\\s*[0-9]+/ or print' > \$@ EOF } @@ -830,45 +1015,57 @@ EOF # last in the line. We may therefore need to put back a line ending. sub src2obj { my %args = @_; - my $obj = $args{obj}; + (my $obj = $args{obj}) =~ s|\.o$||; my @srcs = @{$args{srcs}}; my $srcs = join(" ", @srcs); my $deps = join(" ", @srcs, @{$args{deps}}); my $incs = join("", map { " -I".$_ } @{$args{incs}}); - unless ($disabled{zlib}) { - if ($withargs{zlib_include}) { - $incs .= " -I".$withargs{zlib_include}; - } + my $cmd; + my $cmdflags; + my $cmdcompile; + if (grep /\.rc$/, @srcs) { + $cmd = '$(RC)'; + $cmdflags = '$(RCFLAGS)'; + $cmdcompile = ''; + } elsif (grep /\.(cc|cpp)$/, @srcs) { + $cmd = '$(CXX)'; + $cmdcompile = ' -c'; + $cmdflags = { + lib => '$(LIB_CXXFLAGS) $(LIB_CPPFLAGS)', + dso => '$(DSO_CXXFLAGS) $(DSO_CPPFLAGS)', + bin => '$(BIN_CXXFLAGS) $(BIN_CPPFLAGS)' + } -> {$args{intent}}; + } else { + $cmd = '$(CC)'; + $cmdcompile = ' -c'; + $cmdflags = { + lib => '$(LIB_CFLAGS) $(LIB_CPPFLAGS)', + dso => '$(DSO_CFLAGS) $(DSO_CPPFLAGS)', + bin => '$(BIN_CFLAGS) $(BIN_CPPFLAGS)' + } -> {$args{intent}}; } - my $ecflags = { lib => '$(LIB_CFLAGS)', - dso => '$(DSO_CFLAGS)', - bin => '$(BIN_CFLAGS)' } -> {$args{intent}}; - my $makedepprog = $config{makedepprog}; my $recipe; # extension-specific rules if (grep /\.s$/, @srcs) { $recipe .= <<"EOF"; $obj$objext: $deps - \$(CC) \$(CFLAGS) $ecflags -c -o \$\@ $srcs + $cmd $cmdflags -c -o \$\@ $srcs EOF } elsif (grep /\.S$/, @srcs) { - # In case one wonders why not just $(CC) -c file.S. While it - # does work with contemporary compilers, there are some legacy - # ones that get it wrong. Hence the elaborate scheme... We - # don't care to maintain dependecy lists, because dependency - # is rather weak, at most one header file that lists constants - # which are assigned in ascending order. + # Originally there was mutli-step rule with $(CC) -E file.S + # followed by $(CC) -c file.s. It compensated for one of + # legacy platform compiler's inability to handle .S files. + # The platform is long discontinued by vendor so there is + # hardly a point to drag it along... $recipe .= <<"EOF"; $obj$objext: $deps - ( trap "rm -f \$@.*" INT 0; \\ - \$(CC) $incs \$(CFLAGS) $ecflags -E $srcs | \\ - \$(PERL) -ne '/^#(line)?\\s*[0-9]+/ or print' > \$@.s && \\ - \$(CC) \$(CFLAGS) $ecflags -c -o \$\@ \$@.s ) + $cmd $incs $cmdflags -c -o \$\@ $srcs EOF - } elsif (!$disabled{makedepend} && $makedepprog !~ /\/makedepend/) { + } elsif (defined $makedepprog && $makedepprog !~ /\/makedepend/ + && !grep /\.rc$/, @srcs) { $recipe .= <<"EOF"; $obj$objext: $deps - \$(CC) $incs \$(CFLAGS) $ecflags -MMD -MF $obj$depext.tmp -MT \$\@ -c -o \$\@ $srcs + $cmd $incs $cmdflags -MMD -MF $obj$depext.tmp -MT \$\@ -c -o \$\@ $srcs \@touch $obj$depext.tmp \@if cmp $obj$depext.tmp $obj$depext > /dev/null 2> /dev/null; then \\ rm -f $obj$depext.tmp; \\ @@ -879,26 +1076,18 @@ EOF } else { $recipe .= <<"EOF"; $obj$objext: $deps - \$(CC) $incs \$(CFLAGS) $ecflags -c -o \$\@ $srcs + $cmd $incs $cmdflags $cmdcompile -o \$\@ $srcs EOF - if (!$disabled{makedepend} && $makedepprog =~ /\/makedepend/) { + if (defined $makedepprog && $makedepprog =~ /\/makedepend/) { $recipe .= <<"EOF"; - -\$(MAKEDEPEND) -f- -o"|\$\@" -- $incs \$(CFLAGS) $ecflags -- $srcs \\ - >$obj$depext.tmp 2>/dev/null - -\$(PERL) -i -pe 's/^.*\\|//; s/ \\/(\\\\.|[^ ])*//; \$\$_ = undef if (/: *\$\$/ || /^(#.*| *)\$\$/); \$\$_.="\\n" unless !defined(\$\$_) or /\\R\$\$/g;' $obj$depext.tmp - \@if cmp $obj$depext.tmp $obj$depext > /dev/null 2> /dev/null; then \\ - rm -f $obj$depext.tmp; \\ - else \\ - mv $obj$depext.tmp $obj$depext; \\ - fi + \$(MAKEDEPEND) -f- -Y -- $incs $cmdflags -- $srcs 2>/dev/null \\ + > $obj$depext EOF } } return $recipe; } - # On Unix, we build shlibs from static libs, so we're ignoring the - # object file array. We *know* this routine is only called when we've - # configure 'shared'. + # We *know* this routine is only called when we've configure 'shared'. sub libobj2shlib { my %args = @_; my $lib = $args{lib}; @@ -906,79 +1095,98 @@ EOF my $libd = dirname($lib); my $libn = basename($lib); (my $libname = $libn) =~ s/^lib//; - my $linklibs = join("", map { my $d = dirname($_); - my $f = basename($_); + my @linkdirs = (); + foreach (@{args{deps}}) { + my $d = dirname($_); + push @linkdirs, $d unless grep { $d eq $_ } @linkdirs; + } + my $linkflags = join("", map { "-L$_ " } @linkdirs); + my $linklibs = join("", map { my $f = basename($_); (my $l = $f) =~ s/^lib//; - " -L$d -l$l" } @{$args{deps}}); - my $deps = join(" ",compute_lib_depends(@{$args{deps}})); - my $shlib_target = $target{shared_target}; - my $ordinalsfile = defined($args{ordinals}) ? $args{ordinals}->[1] : ""; - my $target = shlib_simple($lib); - my $target_full = shlib($lib); - return <<"EOF" -# With a build on a Windows POSIX layer (Cygwin or Mingw), we know for a fact -# that two files get produced, {shlibname}.dll and {libname}.dll.a. -# With all other Unix platforms, we often build a shared library with the -# SO version built into the file name and a symlink without the SO version -# It's not necessary to have both as targets. The choice falls on the -# simplest, {libname}$shlibextimport for Windows POSIX layers and -# {libname}$shlibextsimple for the Unix platforms. -$target: $lib$libext $deps $ordinalsfile - \$(MAKE) -f \$(SRCDIR)/Makefile.shared -e \\ - PLATFORM=\$(PLATFORM) \\ - PERL="\$(PERL)" SRCDIR='\$(SRCDIR)' DSTDIR="$libd" \\ - INSTALLTOP='\$(INSTALLTOP)' LIBDIR='\$(LIBDIR)' \\ - LIBDEPS='\$(PLIB_LDFLAGS) '"$linklibs"' \$(EX_LIBS)' \\ - LIBNAME=$libname SHLIBVERSION=\$(SHLIB_MAJOR).\$(SHLIB_MINOR) \\ - STLIBNAME=$lib$libext \\ - SHLIBNAME=$target SHLIBNAME_FULL=$target_full \\ - CC='\$(CC)' CFLAGS='\$(CFLAGS) \$(LIB_CFLAGS)' \\ - LDFLAGS='\$(LDFLAGS)' SHARED_LDFLAGS='\$(LIB_LDFLAGS)' \\ - RC='\$(RC)' SHARED_RCFLAGS='\$(RCFLAGS)' \\ - link_shlib.$shlib_target + " -l$l" } @{$args{deps}}); + my @objs = map { (my $x = $_) =~ s|\.o$||; "$x$objext" } + grep { $_ !~ m/\.(?:def|map)$/ } + @{$args{objs}}; + my @defs = grep { $_ =~ /\.(?:def|map)$/ } @{$args{objs}}; + my @deps = compute_lib_depends(@{$args{deps}}); + die "More than one exported symbol map" if scalar @defs > 1; + my $objs = join(" ", @objs); + my $deps = join(" ", @objs, @defs, @deps); + my $simple = shlib_simple($lib); + my $full = shlib($lib); + my $target = "$simple $full"; + my $shared_soname = ""; + $shared_soname .= ' '.$target{shared_sonameflag}.basename($full) + if defined $target{shared_sonameflag}; + my $shared_imp = ""; + $shared_imp .= ' '.$target{shared_impflag}.basename($simple) + if defined $target{shared_impflag}; + my $shared_def = join("", map { ' '.$target{shared_defflag}.$_ } @defs); + my $recipe = <<"EOF"; +$target: $deps + \$(CC) \$(LIB_CFLAGS) $linkflags\$(LIB_LDFLAGS)$shared_soname$shared_imp \\ + -o $full$shared_def $objs \\ + $linklibs \$(LIB_EX_LIBS) EOF - . (windowsdll() ? <<"EOF" : ""); - rm -f apps/$shlib$shlibext - rm -f test/$shlib$shlibext - rm -f fuzz/$shlib$shlibext - cp -p $shlib$shlibext apps/ - cp -p $shlib$shlibext test/ - cp -p $shlib$shlibext fuzz/ + if (windowsdll()) { + $recipe .= <<"EOF"; + rm -f apps/$shlib'\$(SHLIB_EXT)' + rm -f test/$shlib'\$(SHLIB_EXT)' + rm -f fuzz/$shlib'\$(SHLIB_EXT)' + cp -p $shlib'\$(SHLIB_EXT)' apps/ + cp -p $shlib'\$(SHLIB_EXT)' test/ + cp -p $shlib'\$(SHLIB_EXT)' fuzz/ EOF + } elsif (sharedaix()) { + $recipe .= <<"EOF"; + rm -f $simple && \\ + \$(AR) r $simple $full +EOF + } else { + $recipe .= <<"EOF"; + if [ '$simple' != '$full' ]; then \\ + rm -f $simple; \\ + ln -s $full $simple; \\ + fi +EOF + } } sub obj2dso { my %args = @_; my $dso = $args{lib}; my $dsod = dirname($dso); my $dson = basename($dso); - my $shlibdeps = join("", map { my $d = dirname($_); - my $f = basename($_); - (my $l = $f) =~ s/^lib//; - " -L$d -l$l" } @{$args{deps}}); - my $deps = join(" ",compute_lib_depends(@{$args{deps}})); - my $shlib_target = $target{shared_target}; - my $objs = join(" ", map { $_.$objext } @{$args{objs}}); + my @linkdirs = (); + foreach (@{args{deps}}) { + my $d = dirname($_); + push @linkdirs, $d unless grep { $d eq $_ } @linkdirs; + } + my $linkflags = join("", map { "-L$_ " } @linkdirs); + my $linklibs = join("", map { my $f = basename($_); + (my $l = $f) =~ s/^lib//; + " -l$l" } @{$args{deps}}); + my @objs = map { (my $x = $_) =~ s|\.o$||; "$x$objext" } + grep { $_ !~ m/\.(?:def|map)$/ } + @{$args{objs}}; + my @deps = compute_lib_depends(@{$args{deps}}); + my $objs = join(" ", @objs); + my $deps = join(" ", @deps); my $target = dso($dso); return <<"EOF"; $target: $objs $deps - \$(MAKE) -f \$(SRCDIR)/Makefile.shared -e \\ - PLATFORM=\$(PLATFORM) \\ - PERL="\$(PERL)" SRCDIR='\$(SRCDIR)' DSTDIR="$dsod" \\ - LIBDEPS='\$(PLIB_LDFLAGS) '"$shlibdeps"' \$(EX_LIBS)' \\ - SHLIBNAME_FULL=$target LDFLAGS='\$(LDFLAGS)' \\ - CC='\$(CC)' CFLAGS='\$(CFLAGS) \$(DSO_CFLAGS)' \\ - SHARED_LDFLAGS='\$(DSO_LDFLAGS)' \\ - LIBEXTRAS="$objs" \\ - link_dso.$shlib_target + \$(CC) \$(DSO_CFLAGS) $linkflags\$(DSO_LDFLAGS) \\ + -o $target $objs \\ + $linklibs \$(DSO_EX_LIBS) EOF } sub obj2lib { my %args = @_; - my $lib = $args{lib}; - my $objs = join(" ", map { $_.$objext } @{$args{objs}}); + (my $lib = $args{lib}) =~ s/\.a$//; + my @objs = map { (my $x = $_) =~ s|\.o$|$objext|; $x } @{$args{objs}}; + my $objs = join(" ", @objs); return <<"EOF"; $lib$libext: $objs - \$(AR) \$\@ \$\? + \$(AR) \$(ARFLAGS) \$\@ \$\? \$(RANLIB) \$\@ || echo Never mind. EOF } @@ -987,24 +1195,36 @@ EOF my $bin = $args{bin}; my $bind = dirname($bin); my $binn = basename($bin); - my $objs = join(" ", map { $_.$objext } @{$args{objs}}); + my $objs = join(" ", map { (my $x = $_) =~ s|\.o$||; "$x$objext" } + @{$args{objs}}); my $deps = join(" ",compute_lib_depends(@{$args{deps}})); - my $linklibs = join("", map { my $d = dirname($_); - my $f = basename($_); - $d = "." if $d eq $f; - (my $l = $f) =~ s/^lib//; - " -L$d -l$l" } @{$args{deps}}); - my $shlib_target = $disabled{shared} ? "" : $target{shared_target}; + my @linkdirs = (); + foreach (@{args{deps}}) { + next if $_ =~ /\.a$/; + my $d = dirname($_); + push @linkdirs, $d unless grep { $d eq $_ } @linkdirs; + } + my $linkflags = join("", map { "-L$_ " } @linkdirs); + my $linklibs = join("", map { if ($_ =~ s/\.a$//) { + " $_$libext"; + } else { + my $f = basename($_); + (my $l = $f) =~ s/^lib//; + " -l$l" + } + } @{$args{deps}}); + my $cmd = '$(CC)'; + my $cmdflags = '$(BIN_CFLAGS)'; + if (grep /_cc\.o$/, @{$args{objs}}) { + $cmd = '$(CXX)'; + $cmdflags = '$(BIN_CXXFLAGS)'; + } return <<"EOF"; $bin$exeext: $objs $deps - \$(RM) $bin$exeext - \$(MAKE) -f \$(SRCDIR)/Makefile.shared -e \\ - PERL="\$(PERL)" SRCDIR=\$(SRCDIR) \\ - APPNAME=$bin$exeext OBJECTS="$objs" \\ - LIBDEPS='\$(PLIB_LDFLAGS) '"$linklibs"' \$(EX_LIBS)' \\ - CC='\$(CC)' CFLAGS='\$(CFLAGS) \$(BIN_CFLAGS)' \\ - LDFLAGS='\$(LDFLAGS)' \\ - link_app.$shlib_target + rm -f $bin$exeext + \$\${LDCMD:-$cmd} $cmdflags $linkflags\$(BIN_LDFLAGS) \\ + -o $bin$exeext $objs \\ + $linklibs \$(BIN_EX_LIBS) EOF } sub in2script { @@ -1030,6 +1250,10 @@ EOF lib => $libext, bin => $exeext ); + # We already have a 'test' target, and the top directory is just plain + # silly + return if $dir eq "test" || $dir eq "."; + foreach my $type (("dso", "lib", "bin", "script")) { next unless defined($unified_info{dirinfo}->{$dir}->{products}->{$type}); # For lib object files, we could update the library. However, it @@ -1050,7 +1274,7 @@ EOF my $deps = join(" ", @deps); my $actions = join("\n", "", @actions); return <<"EOF"; -$args{dir} $args{dir}/: $deps$actions +$dir $dir/: $deps$actions EOF } "" # Important! This becomes part of the template result. diff --git a/deps/openssl/openssl/Configurations/windows-makefile.tmpl b/deps/openssl/openssl/Configurations/windows-makefile.tmpl index 5c8d3e81d3b4a1..d420bfff347d9e 100644 --- a/deps/openssl/openssl/Configurations/windows-makefile.tmpl +++ b/deps/openssl/openssl/Configurations/windows-makefile.tmpl @@ -4,6 +4,7 @@ ## {- join("\n## ", @autowarntext) -} {- our $objext = $target{obj_extension} || ".obj"; + our $resext = $target{res_extension} || ".res"; our $depext = $target{dep_extension} || ".d"; our $exeext = $target{exe_extension} || ".exe"; our $libext = $target{lib_extension} || ".lib"; @@ -11,34 +12,42 @@ our $shlibextimport = $target{shared_import_extension} || ".lib"; our $dsoext = $target{dso_extension} || ".dll"; - our $sover = $config{shlib_major}."_".$config{shlib_minor}; + (our $sover_dirname = $config{shlib_version_number}) =~ s|\.|_|g; + my $build_scheme = $target{build_scheme}; + my $install_flavour = $build_scheme->[$#$build_scheme]; # last element my $win_installenv = - $target{build_scheme}->[2] eq "VC-W32" ? - "ProgramFiles(x86)" : "ProgramW6432"; + $install_flavour eq "VC-WOW" ? "ProgramFiles(x86)" + : "ProgramW6432"; my $win_commonenv = - $target{build_scheme}->[2] eq "VC-W32" - ? "CommonProgramFiles(x86)" : "CommonProgramW6432"; + $install_flavour eq "VC-WOW" ? "CommonProgramFiles(x86)" + : "CommonProgramW6432"; our $win_installroot = - defined($ENV{$win_installenv}) - ? $win_installenv : 'ProgramFiles'; + defined($ENV{$win_installenv}) ? $win_installenv : 'ProgramFiles'; our $win_commonroot = - defined($ENV{$win_commonenv}) - ? $win_commonenv : 'CommonProgramFiles'; + defined($ENV{$win_commonenv}) ? $win_commonenv : 'CommonProgramFiles'; # expand variables early $win_installroot = $ENV{$win_installroot}; $win_commonroot = $ENV{$win_commonroot}; sub shlib { - return () if $disabled{shared}; my $lib = shift; + return () if $disabled{shared} || $lib =~ /\.a$/; + return () unless defined $unified_info{sharednames}->{$lib}; return $unified_info{sharednames}->{$lib} . $shlibext; } + sub lib { + (my $lib = shift) =~ s/\.a$//; + $lib .= '_static' + if (defined $unified_info{sharednames}->{$lib}); + return $lib . $libext; + } + sub shlib_import { - return () if $disabled{shared}; my $lib = shift; + return () if $disabled{shared} || $lib =~ /\.a$/; return $lib . $shlibextimport; } @@ -52,7 +61,7 @@ sub dependmagic { my $target = shift; - return "$target: build_generated\n\t\$(MAKE) depend && \$(MAKE) _$target\n_$target"; + return "$target: build_generated\n\t\$(MAKE) /\$(MAKEFLAGS) depend && \$(MAKE) /\$(MAKEFLAGS) _$target\n_$target"; } ''; -} @@ -67,7 +76,7 @@ MINOR={- $config{minor} -} SHLIB_VERSION_NUMBER={- $config{shlib_version_number} -} -LIBS={- join(" ", map { $_.$libext } @{$unified_info{libraries}}) -} +LIBS={- join(" ", map { ( shlib_import($_), lib($_) ) } @{$unified_info{libraries}}) -} SHLIBS={- join(" ", map { shlib($_) } @{$unified_info{libraries}}) -} SHLIBPDBS={- join(" ", map { local $shlibext = ".pdb"; shlib($_) } @{$unified_info{libraries}}) -} ENGINES={- join(" ", map { dso($_) } @{$unified_info{engines}}) -} @@ -81,14 +90,11 @@ DEPS={- join(" ", map { (my $x = $_) =~ s|\.o$|$depext|; $x; } keys %{$unified_info{sources}}); -} {- output_on() if $disabled{makedepend}; "" -} GENERATED_MANDATORY={- join(" ", @{$unified_info{depends}->{""}} ) -} -GENERATED={- join(" ", - ( map { (my $x = $_) =~ s|\.[sS]$|\.asm|; $x } - grep { defined $unified_info{generate}->{$_} } - map { @{$unified_info{sources}->{$_}} } - grep { /\.o$/ } keys %{$unified_info{sources}} ), - ( grep { /\.h$/ } keys %{$unified_info{generate}} )) -} - -INSTALL_LIBS={- join(" ", map { quotify1($_.$libext) } @{$unified_info{install}->{libraries}}) -} +GENERATED={- # common0.tmpl provides @generated + join(" ", map { (my $x = $_) =~ s|\.[sS]$|.asm|; $x } + @generated) -} + +INSTALL_LIBS={- join(" ", map { quotify1(shlib_import($_) or lib($_)) } @{$unified_info{install}->{libraries}}) -} INSTALL_SHLIBS={- join(" ", map { quotify_l(shlib($_)) } @{$unified_info{install}->{libraries}}) -} INSTALL_SHLIBPDBS={- join(" ", map { local $shlibext = ".pdb"; quotify_l(shlib($_)) } @{$unified_info{install}->{libraries}}) -} INSTALL_ENGINES={- join(" ", map { quotify1(dso($_)) } @{$unified_info{install}->{engines}}) -} @@ -116,7 +122,7 @@ INSTALLTOP_dev={- # $prefix is used in the OPENSSLDIR perl snippet INSTALLTOP_dir={- canonpath($prefix_dir) -} OPENSSLDIR_dev={- # # The logic here is that if no --openssldir was given, - # OPENSSLDIR will get the value from $prefix plus "/ssl". + # OPENSSLDIR will get the value "$win_commonroot\\SSL". # If --openssldir was given and the value is an absolute # path, OPENSSLDIR will get its value without change. # If the value from --openssldir is a relative path, @@ -135,9 +141,9 @@ OPENSSLDIR_dev={- # $openssldir_dev -} OPENSSLDIR_dir={- canonpath($openssldir_dir) -} LIBDIR={- our $libdir = $config{libdir} || "lib"; - $libdir -} + file_name_is_absolute($libdir) ? "" : $libdir -} ENGINESDIR_dev={- use File::Spec::Functions qw(:DEFAULT splitpath); - our $enginesdir = catdir($prefix,$libdir,"engines-$sover"); + our $enginesdir = catdir($prefix,$libdir,"engines-$sover_dirname"); our ($enginesdir_dev, $enginesdir_dir, $enginesdir_file) = splitpath($enginesdir, 1); $enginesdir_dev -} @@ -152,39 +158,149 @@ OPENSSLDIR=$(OPENSSLDIR_dev)$(OPENSSLDIR_dir) ENGINESDIR=$(ENGINESDIR_dev)$(ENGINESDIR_dir) !ENDIF -CC={- $target{cc} -} -CFLAGS={- join(" ",(map { "-D".$_} @{$target{defines}}, @{$config{defines}})) -} {- join(" ", quotify_l("-DENGINESDIR=\"$enginesdir\"", "-DOPENSSLDIR=\"$openssldir\"")) -} {- $target{cflags} -} {- $config{cflags} -} -COUTFLAG={- $target{coutflag} || "/Fo" -}$(OSSL_EMPTY) -RC={- $target{rc} || "rc" -} -RCOUTFLAG={- $target{rcoutflag} || "/fo" -}$(OSSL_EMPTY) -LD={- $target{ld} || "link" -} -LDFLAGS={- $target{lflags} -} -LDOUTFLAG={- $target{loutflag} || "/out:" -}$(OSSL_EMPTY) -EX_LIBS={- $target{ex_libs} -} -LIB_CFLAGS={- join(" ", $target{lib_cflags}, $target{shared_cflag}) || "" -} -LIB_LDFLAGS={- $target{shared_ldflag} || "" -} -DSO_CFLAGS={- join(" ", $target{dso_cflags}, $target{shared_cflag}) || "" -} -DSO_LDFLAGS={- join(" ", $target{dso_lflags}, $target{shared_ldflag}) || "" -} -BIN_CFLAGS={- $target{bin_cflags} -} -BIN_LDFLAGS={- $target{bin_lflags} -} - -PERL={- $config{perl} -} - -AR={- $target{ar} -} -ARFLAGS= {- $target{arflags} -} -AROUTFLAG={- $target{aroutflag} || "/out:" -}$(OSSL_EMPTY) - -MT={- $target{mt} -} -MTFLAGS= {- $target{mtflags} -} -MTINFLAG={- $target{mtinflag} || "-manifest " -}$(OSSL_EMPTY) -MTOUTFLAG={- $target{mtoutflag} || "-outputresource:" -}$(OSSL_EMPTY) - -AS={- $target{as} -} -ASFLAGS={- $target{asflags} -} -ASOUTFLAG={- $target{asoutflag} -}$(OSSL_EMPTY) +# $(libdir) is chosen to be compatible with the GNU coding standards +libdir={- file_name_is_absolute($libdir) + ? $libdir : '$(INSTALLTOP)\$(LIBDIR)' -} + +##### User defined commands and flags ################################ + +CC={- $config{CC} -} +CPP={- $config{CPP} -} +CPPFLAGS={- our $cppflags1 = join(" ", + (map { "-D".$_} @{$config{CPPDEFINES}}), + (map { " /I ".$_} @{$config{CPPINCLUDES}}), + @{$config{CPPFLAGS}}) -} +CFLAGS={- join(' ', @{$config{CFLAGS}}) -} +LD={- $config{LD} -} +LDFLAGS={- join(' ', @{$config{LDFLAGS}}) -} +EX_LIBS={- join(' ', @{$config{LDLIBS}}) -} + +PERL={- $config{PERL} -} + +AR={- $config{AR} -} +ARFLAGS= {- join(' ', @{$config{ARFLAGS}}) -} + +MT={- $config{MT} -} +MTFLAGS= {- join(' ', @{$config{MTFLAGS}}) -} + +AS={- $config{AS} -} +ASFLAGS={- join(' ', @{$config{ASFLAGS}}) -} + +RC={- $config{RC} -} ECHO="$(PERL)" "$(SRCDIR)\util\echo.pl" +##### Special command flags ########################################## + +COUTFLAG={- $target{coutflag} -}$(OSSL_EMPTY) +LDOUTFLAG={- $target{ldoutflag} -}$(OSSL_EMPTY) +AROUTFLAG={- $target{aroutflag} -}$(OSSL_EMPTY) +MTINFLAG={- $target{mtinflag} -}$(OSSL_EMPTY) +MTOUTFLAG={- $target{mtoutflag} -}$(OSSL_EMPTY) +ASOUTFLAG={- $target{asoutflag} -}$(OSSL_EMPTY) +RCOUTFLAG={- $target{rcoutflag} -}$(OSSL_EMPTY) + +##### Project flags ################################################## + +# Variables starting with CNF_ are common variables for all product types + +CNF_ASFLAGS={- join(' ', $target{asflags} || (), + @{$config{asflags}}) -} +CNF_CPPFLAGS={- our $cppfags2 = + join(' ', $target{cppflags} || (), + (map { '-D'.quotify1($_) } @{$target{defines}}, + @{$config{defines}}), + (map { '-I'.quotify1($_) } @{$target{includes}}, + @{$config{includes}}), + @{$config{cppflags}}) -} +CNF_CFLAGS={- join(' ', $target{cflags} || (), + @{$config{cflags}}) -} +CNF_CXXFLAGS={- join(' ', $target{cxxflags} || (), + @{$config{cxxflags}}) -} +CNF_LDFLAGS={- join(' ', $target{lflags} || (), + @{$config{lflags}}) -} +CNF_EX_LIBS={- join(' ', $target{ex_libs} || (), + @{$config{ex_libs}}) -} + +# Variables starting with LIB_ are used to build library object files +# and shared libraries. +# Variables starting with DSO_ are used to build DSOs and their object files. +# Variables starting with BIN_ are used to build programs and their object +# files. + +LIB_ASFLAGS={- join(' ', $target{lib_asflags} || (), + @{$config{lib_asflags}}, + '$(CNF_ASFLAGS)', '$(ASFLAGS)') -} +LIB_CPPFLAGS={- our $lib_cppflags = + join(' ', $target{lib_cppflags} || (), + $target{shared_cppflag} || (), + (map { '-D'.quotify1($_) } + @{$target{lib_defines}}, + @{$target{shared_defines}}, + @{$config{lib_defines}}, + @{$config{shared_defines}}), + (map { '-I'.quotify1($_) } + @{$target{lib_includes}}, + @{$target{shared_includes}}, + @{$config{lib_includes}}, + @{$config{shared_includes}}), + @{$config{lib_cppflags}}, + @{$config{shared_cppflag}}); + join(' ', $lib_cppflags, + (map { '-D'.quotify1($_) } + "OPENSSLDIR=\"$openssldir\"", + "ENGINESDIR=\"$enginesdir\""), + '$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -} +LIB_CFLAGS={- join(' ', $target{lib_cflags} || (), + $target{shared_cflag} || (), + @{$config{lib_cflags}}, + @{$config{shared_cflag}}, + '$(CNF_CFLAGS)', '$(CFLAGS)') -} +LIB_LDFLAGS={- join(' ', $target{shared_ldflag} || (), + $config{shared_ldflag} || (), + '$(CNF_LDFLAGS)', '$(LDFLAGS)') -} +LIB_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS) +DSO_ASFLAGS={- join(' ', $target{dso_asflags} || (), + $target{module_asflags} || (), + @{$config{dso_asflags}}, + @{$config{module_asflags}}, + '$(CNF_ASFLAGS)', '$(ASFLAGS)') -} +DSO_CPPFLAGS={- join(' ', $target{dso_cppflags} || (), + $target{module_cppflags} || (), + @{$config{dso_cppflags}}, + @{$config{module_cppflags}}, + '$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -} +DSO_CFLAGS={- join(' ', $target{dso_cflags} || (), + $target{module_cflags} || (), + @{$config{dso_cflags}}, + @{$config{module_cflags}}, + '$(CNF_CFLAGS)', '$(CFLAGS)') -} +DSO_LDFLAGS={- join(' ', $target{dso_lflags} || (), + $target{module_ldflags} || (), + @{$config{dso_lflags}}, + @{$config{module_ldflags}}, + '$(CNF_LDFLAGS)', '$(LDFLAGS)') -} +DSO_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS) +BIN_ASFLAGS={- join(' ', $target{bin_asflags} || (), + @{$config{bin_asflags}}, + '$(CNF_ASFLAGS)', '$(ASFLAGS)') -} +BIN_CPPFLAGS={- join(' ', $target{bin_cppflags} || (), + @{$config{bin_cppflags}}, + '$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -} +BIN_CFLAGS={- join(' ', $target{bin_cflags} || (), + @{$config{bin_cflags}}, + '$(CNF_CFLAGS)', '$(CFLAGS)') -} +BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (), + @{$config{bin_lflags}}, + '$(CNF_LDFLAGS)', '$(LDFLAGS)') -} +BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS) + +# CPPFLAGS_Q is used for one thing only: to build up buildinf.h +CPPFLAGS_Q={- $cppflags1 =~ s|([\\"])|\\$1|g; + $cppflags2 =~ s|([\\"])|\\$1|g; + join(' ', $lib_cppflags || (), $cppflags2 || (), + $cppflags1 || ()) -} + PERLASM_SCHEME= {- $target{perlasm_scheme} -} PROCESSOR= {- $config{processor} -} @@ -207,6 +323,11 @@ build_apps build_tests: build_programs # Convenience target to prebuild all generated files, not just the mandatory # ones build_all_generated: $(GENERATED_MANDATORY) $(GENERATED) + @{- output_off() if $disabled{makedepend}; "" -} + @$(ECHO) "Warning: consider configuring with no-makedepend, because if" + @$(ECHO) " target system doesn't have $(PERL)," + @$(ECHO) " then make will fail..." + @{- output_on() if $disabled{makedepend}; "" -} test: tests {- dependmagic('tests'); -}: build_programs_nodep build_engines_nodep @@ -236,34 +357,29 @@ install: install_sw install_ssldirs install_docs uninstall: uninstall_docs uninstall_sw libclean: - "$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """$$1.*"""; } @ARGV" $(SHLIBS) - "$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """apps/$$1.*"""; } @ARGV" $(SHLIBS) - "$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """test/$$1.*"""; } @ARGV" $(SHLIBS) - "$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """fuzz/$$1.*"""; } @ARGV" $(SHLIBS) - -del /Q /F $(LIBS) - -del /Q ossl_static.pdb + "$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """{.,apps,test,fuzz}/$$1.*"""; } @ARGV" $(SHLIBS) + -del /Q /F $(LIBS) libcrypto.* libssl.* ossl_static.pdb clean: libclean {- join("\n\t", map { "-del /Q /F $_" } @PROGRAMS) -} -del /Q /F $(ENGINES) -del /Q /F $(SCRIPTS) + -del /Q /F $(GENERATED_MANDATORY) -del /Q /F $(GENERATED) - -del /Q /S /F *.d - -del /Q /S /F *.obj - -del /Q /S /F *.pdb - -del /Q /S /F *.exp - -del /Q /S /F engines\*.ilk - -del /Q /S /F engines\*.lib - -del /Q /S /F apps\*.lib - -del /Q /S /F engines\*.manifest - -del /Q /S /F apps\*.manifest - -del /Q /S /F test\*.manifest + -del /Q /S /F *.d *.obj *.pdb *.ilk *.manifest + -del /Q /S /F engines\*.lib engines\*.exp + -del /Q /S /F apps\*.lib apps\*.rc apps\*.res apps\*.exp + -del /Q /S /F test\*.exp + -rmdir /Q /S test\test-runs distclean: clean -del /Q /F configdata.pm -del /Q /F makefile depend: + @ {- output_off() if $disabled{makedepend}; "" -} + @ "$(PERL)" "$(SRCDIR)\util\add-depends.pl" "VC" + @ {- output_on() if $disabled{makedepend}; "" -} # Install helper targets ############################################# @@ -286,26 +402,29 @@ install_ssldirs: "$(OPENSSLDIR)\openssl.cnf" @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(MISC_SCRIPTS) \ "$(OPENSSLDIR)\misc" + @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\apps\ct_log_list.cnf" \ + "$(OPENSSLDIR)\ct_log_list.cnf.dist" + @IF NOT EXIST "$(OPENSSLDIR)\ct_log_list.cnf" \ + "$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\apps\ct_log_list.cnf" \ + "$(OPENSSLDIR)\ct_log_list.cnf" install_dev: install_runtime_libs @if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 ) @$(ECHO) "*** Installing development files" @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\include\openssl" - @{- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -} + @{- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -} @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\ms\applink.c" \ "$(INSTALLTOP)\include\openssl" - @{- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -} + @{- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -} @"$(PERL)" "$(SRCDIR)\util\copy.pl" "-exclude_re=/__DECC_" \ "$(SRCDIR)\include\openssl\*.h" \ "$(INSTALLTOP)\include\openssl" @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(BLDDIR)\include\openssl\*.h" \ "$(INSTALLTOP)\include\openssl" - @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\$(LIBDIR)" - @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_LIBS) \ - "$(INSTALLTOP)\$(LIBDIR)" + @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(libdir)" + @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_LIBS) "$(libdir)" @if "$(SHLIBS)"=="" \ - "$(PERL)" "$(SRCDIR)\util\copy.pl" ossl_static.pdb \ - "$(INSTALLTOP)\$(LIBDIR)" + "$(PERL)" "$(SRCDIR)\util\copy.pl" ossl_static.pdb "$(libdir)" uninstall_dev: @@ -355,8 +474,7 @@ uninstall_html_docs: configdata.pm: "$(SRCDIR)\Configure" {- join(" ", map { '"'.$_.'"' } @{$config{build_file_templates}}, @{$config{build_infos}}, @{$config{conf_files}}) -} @$(ECHO) "Detected changed: $?" - @$(ECHO) "Reconfiguring..." - "$(PERL)" "$(SRCDIR)\Configure" reconf + "$(PERL)" configdata.pm -r @$(ECHO) "**************************************************" @$(ECHO) "*** ***" @$(ECHO) "*** Please run the same make command again ***" @@ -364,6 +482,9 @@ configdata.pm: "$(SRCDIR)\Configure" {- join(" ", map { '"'.$_.'"' } @{$config{b @$(ECHO) "**************************************************" @exit 1 +reconfigure reconf: + "$(PERL)" configdata.pm -r + {- use File::Basename; use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs/; @@ -372,9 +493,9 @@ configdata.pm: "$(SRCDIR)\Configure" {- join(" ", map { '"'.$_.'"' } @{$config{b # It takes a list of library names and outputs a list of dependencies sub compute_lib_depends { if ($disabled{shared}) { - return map { $_.$libext } @_; + return map { lib($_) } @_; } - return map { shlib_import($_) } @_; + return map { shlib_import($_) or lib($_) } @_; } sub generatesrc { @@ -412,6 +533,12 @@ EOF die "Generator type for $src unknown: $generator\n"; } + my $cppflags = $incs; + $cppflags .= { + lib => ' $(LIB_CFLAGS) $(LIB_CPPFLAGS)', + dso => ' $(DSO_CFLAGS) $(DSO_CPPFLAGS)', + bin => ' $(BIN_CFLAGS) $(BIN_CPPFLAGS)' + } -> {$args{intent}}; if (defined($generator)) { # If the target is named foo.S in build.info, we want to # end up generating foo.s in two steps. @@ -420,7 +547,7 @@ EOF $target: "$args{generator}->[0]" $deps set ASM=\$(AS) $generator \$@.S - \$(CC) $incs \$(CFLAGS) /EP /C \$@.S > \$@.i && move /Y \$@.i \$@ + \$(CPP) $cppflags \$@.S > \$@.i && move /Y \$@.i \$@ del /Q \$@.S EOF } @@ -433,104 +560,107 @@ EOF } return <<"EOF"; $target: "$args{generator}->[0]" $deps - \$(CC) $incs \$(CFLAGS) /EP /C "$args{generator}->[0]" > \$@.i && move /Y \$@.i \$@ + \$(CPP) $incs $cppflags "$args{generator}->[0]" > \$@.i && move /Y \$@.i \$@ EOF } } sub src2obj { my %args = @_; - my $obj = $args{obj}; my @srcs = map { (my $x = $_) =~ s/\.s$/.asm/; $x } ( @{$args{srcs}} ); my $srcs = '"'.join('" "', @srcs).'"'; my $deps = '"'.join('" "', @srcs, @{$args{deps}}).'"'; my $incs = join("", map { ' /I "'.$_.'"' } @{$args{incs}}); - unless ($disabled{zlib}) { - if ($withargs{zlib_include}) { - $incs .= ' /I "'.$withargs{zlib_include}.'"'; - } - } - my $ecflags = { lib => '$(LIB_CFLAGS)', - dso => '$(DSO_CFLAGS)', - bin => '$(BIN_CFLAGS)' } -> {$args{intent}}; + my $cflags = { lib => ' $(LIB_CFLAGS)', + dso => ' $(DSO_CFLAGS)', + bin => ' $(BIN_CFLAGS)' } -> {$args{intent}}; + $cflags .= $incs; + $cflags .= { lib => ' $(LIB_CPPFLAGS)', + dso => ' $(DSO_CPPFLAGS)', + bin => ' $(BIN_CPPFLAGS)' } -> {$args{intent}}; + my $asflags = { lib => ' $(LIB_ASFLAGS)', + dso => ' $(DSO_ASFLAGS)', + bin => ' $(BIN_ASFLAGS)' } -> {$args{intent}}; my $makedepprog = $config{makedepprog}; + if ($srcs[0] =~ /\.rc$/) { + return <<"EOF"; +$args{obj}: $deps + \$(RC) \$(RCOUTFLAG)\$\@ $srcs +EOF + } + (my $obj = $args{obj}) =~ s|\.o$||; if ($srcs[0] =~ /\.asm$/) { return <<"EOF"; $obj$objext: $deps - \$(AS) \$(ASFLAGS) \$(ASOUTFLAG)\$\@ $srcs + \$(AS) $asflags \$(ASOUTFLAG)\$\@ $srcs +EOF + } elsif ($srcs[0] =~ /.S$/) { + return <<"EOF"; +$obj$objext: $deps + \$(CC) /EP /D__ASSEMBLER__ $cflags $srcs > \$@.asm && \$(AS) $asflags \$(ASOUTFLAG)\$\@ \$@.asm EOF } my $recipe = <<"EOF"; $obj$objext: $deps - \$(CC) $incs \$(CFLAGS) $ecflags -c \$(COUTFLAG)\$\@ $srcs + \$(CC) $cflags -c \$(COUTFLAG)\$\@ $srcs EOF $recipe .= <<"EOF" unless $disabled{makedepend}; - \$(CC) $incs \$(CFLAGS) $ecflags /Zs /showIncludes $srcs 2>&1 | \\ - "\$(PERL)" -n << > $obj$depext -chomp; -s/^Note: including file: *//; -\$\$collect{\$\$_} = 1; -END { print '$obj$objext: ',join(" ", sort keys \%collect),"\\n" } -<< + \$(CC) $cflags /Zs /showIncludes $srcs 2>&1 > $obj$depext EOF return $recipe; } - # On Unix, we build shlibs from static libs, so we're ignoring the - # object file array. We *know* this routine is only called when we've - # configure 'shared'. + # We *know* this routine is only called when we've configure 'shared'. + # Also, note that even though the import library built here looks like + # a static library, it really isn't. sub libobj2shlib { my %args = @_; my $lib = $args{lib}; - my $shlib = $args{shlib}; - (my $mkdef_key = $lib) =~ s/^lib//i; - my $objs = join("\n", map { $_.$objext } @{$args{objs}}); - my $linklibs = join("", - map { "\n$_" } compute_lib_depends(@{$args{deps}})); - my $deps = join(" ", - (map { $_.$objext } @{$args{objs}}), - compute_lib_depends(@{$args{deps}})); - my $ordinalsfile = defined($args{ordinals}) ? $args{ordinals}->[1] : ""; - my $mkdef_pl = abs2rel(rel2abs(catfile($config{sourcedir}, - "util", "mkdef.pl")), - rel2abs($config{builddir})); - my $mkrc_pl = abs2rel(rel2abs(catfile($config{sourcedir}, - "util", "mkrc.pl")), - rel2abs($config{builddir})); - my $target = shlib_import($lib); + my @objs = map { (my $x = $_) =~ s|\.o$|$objext|; $x } + grep { $_ =~ m/\.(?:o|res)$/ } + @{$args{objs}}; + my @defs = grep { $_ =~ /\.def$/ } @{$args{objs}}; + my @deps = compute_lib_depends(@{$args{deps}}); + die "More than one exported symbols list" if scalar @defs > 1; + my $linklibs = join("", map { "$_\n" } @deps); + my $objs = join("\n", @objs); + my $deps = join(" ", @objs, @defs, @deps); + my $import = shlib_import($lib); + my $dll = shlib($lib); + my $shared_def = join("", map { " /def:$_" } @defs); return <<"EOF" -$target: $deps "$ordinalsfile" "$mkdef_pl" - "\$(PERL)" "$mkdef_pl" "$mkdef_key" 32 > $shlib.def - "\$(PERL)" -i.tmp -pe "s|^LIBRARY\\s+${mkdef_key}32|LIBRARY $shlib|;" $shlib.def - DEL $shlib.def.tmp - "\$(PERL)" "$mkrc_pl" $shlib$shlibext > $shlib.rc - \$(RC) \$(RCOUTFLAG)$shlib.res $shlib.rc - IF EXIST $shlib$shlibext.manifest DEL /F /Q $shlib$shlibext.manifest +# The import library may look like a static library, but it is not. +# We MUST make the import library depend on the DLL, in case someone +# mistakenly removes the latter. +$import: $dll +$dll: $deps + IF EXIST $full.manifest DEL /F /Q $full.manifest + IF EXIST \$@ DEL /F /Q \$@ \$(LD) \$(LDFLAGS) \$(LIB_LDFLAGS) \\ - /implib:\$@ \$(LDOUTFLAG)$shlib$shlibext /def:$shlib.def @<< || (DEL /Q \$(\@B).* $shlib.* && EXIT 1) -$objs $shlib.res$linklibs \$(EX_LIBS) + /implib:$import \$(LDOUTFLAG)$dll$shared_def @<< || (DEL /Q \$(\@B).* $import && EXIT 1) +$objs +$linklibs\$(LIB_EX_LIBS) << - IF EXIST $shlib$shlibext.manifest \\ - \$(MT) \$(MTFLAGS) \$(MTINFLAG)$shlib$shlibext.manifest \$(MTOUTFLAG)$shlib$shlibext - IF EXIST apps\\$shlib$shlibext DEL /Q /F apps\\$shlib$shlibext - IF EXIST test\\$shlib$shlibext DEL /Q /F test\\$shlib$shlibext - IF EXIST fuzz\\$shlib$shlibext DEL /Q /F fuzz\\$shlib$shlibext - COPY $shlib$shlibext apps - COPY $shlib$shlibext test - COPY $shlib$shlibext fuzz + IF EXIST $dll.manifest \\ + \$(MT) \$(MTFLAGS) \$(MTINFLAG)$dll.manifest \$(MTOUTFLAG)$dll + IF EXIST apps\\$dll DEL /Q /F apps\\$dll + IF EXIST test\\$dll DEL /Q /F test\\$dll + IF EXIST fuzz\\$dll DEL /Q /F fuzz\\$dll + COPY $dll apps + COPY $dll test + COPY $dll fuzz EOF } sub obj2dso { my %args = @_; my $dso = $args{lib}; my $dso_n = basename($dso); - my $objs = join("\n", map { $_.$objext } @{$args{objs}}); - my $linklibs = join("", - map { "\n$_" } compute_lib_depends(@{$args{deps}})); - my $deps = join(" ", - (map { $_.$objext } @{$args{objs}}), - compute_lib_depends(@{$args{deps}})); + my @objs = map { (my $x = $_) =~ s|\.o$|$objext|; $x } @{$args{objs}}; + my @deps = compute_lib_depends(@{$args{deps}}); + my $objs = join("\n", @objs); + my $linklibs = join("", map { "$_\n" } @deps); + my $deps = join(" ", @objs, @deps); return <<"EOF"; $dso$dsoext: $deps IF EXIST $dso$dsoext.manifest DEL /F /Q $dso$dsoext.manifest @@ -540,43 +670,41 @@ EXPORTS bind_engine @1 v_check @2 << -$objs$linklibs \$(EX_LIBS) +$objs +$linklibs \$(DSO_EX_LIBS) << IF EXIST $dso$dsoext.manifest \\ \$(MT) \$(MTFLAGS) \$(MTINFLAG)$dso$dsoext.manifest \$(MTOUTFLAG)$dso$dsoext EOF } sub obj2lib { - # Because static libs and import libs are both named the same in native - # Windows, we can't have both. We skip the static lib in that case, - # as the shared libs are what we use anyway. - return "" unless $disabled{"shared"}; - my %args = @_; - my $lib = $args{lib}; - my $objs = join("\n", map { $_.$objext } @{$args{objs}}); - my $deps = join(" ", map { $_.$objext } @{$args{objs}}); + my $lib = lib($args{lib}); + my @objs = map { (my $x = $_) =~ s|\.o$|$objext|; $x } @{$args{objs}}; + my $objs = join("\n", @objs); + my $deps = join(" ", @objs); return <<"EOF"; -$lib$libext: $deps - \$(AR) \$(ARFLAGS) \$(AROUTFLAG)$lib$libext @<< -\$** +$lib: $deps + \$(AR) \$(ARFLAGS) \$(AROUTFLAG)$lib @<< +$objs << EOF } sub obj2bin { my %args = @_; my $bin = $args{bin}; - my $objs = join("\n", map { $_.$objext } @{$args{objs}}); - my $linklibs = join("", - map { "\n$_" } compute_lib_depends(@{$args{deps}})); - my $deps = join(" ", - (map { $_.$objext } @{$args{objs}}), - compute_lib_depends(@{$args{deps}})); + my @objs = map { (my $x = $_) =~ s|\.o$|$objext|; $x } @{$args{objs}}; + my @deps = compute_lib_depends(@{$args{deps}}); + my $objs = join("\n", @objs); + my $linklibs = join("", map { "$_\n" } @deps); + my $deps = join(" ", @objs, @deps); return <<"EOF"; $bin$exeext: $deps IF EXIST $bin$exeext.manifest DEL /F /Q $bin$exeext.manifest \$(LD) \$(LDFLAGS) \$(BIN_LDFLAGS) \$(LDOUTFLAG)$bin$exeext @<< -$objs setargv.obj$linklibs \$(EX_LIBS) +$objs +setargv.obj +$linklibs\$(BIN_EX_LIBS) << IF EXIST $bin$exeext.manifest \\ \$(MT) \$(MTFLAGS) \$(MTINFLAG)$bin$exeext.manifest \$(MTOUTFLAG)$bin$exeext @@ -604,6 +732,10 @@ EOF lib => $libext, bin => $exeext ); + # We already have a 'test' target, and the top directory is just plain + # silly + return if $dir eq "test" || $dir eq "."; + foreach my $type (("dso", "lib", "bin", "script")) { next unless defined($unified_info{dirinfo}->{$dir}->{products}->{$type}); # For lib object files, we could update the library. However, @@ -621,7 +753,7 @@ EOF my $deps = join(" ", @deps); my $actions = join("\n", "", @actions); return <<"EOF"; -$args{dir} $args{dir}\\ : $deps$actions +$dir $dir\\ : $deps$actions EOF } "" # Important! This becomes part of the template result. diff --git a/deps/openssl/openssl/Configure b/deps/openssl/openssl/Configure index a1ce65239e2bc3..d5dc36c285bab2 100755 --- a/deps/openssl/openssl/Configure +++ b/deps/openssl/openssl/Configure @@ -11,6 +11,7 @@ use 5.10.0; use strict; +use Config; use FindBin; use lib "$FindBin::Bin/util/perl"; use File::Basename; @@ -106,25 +107,28 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lx # past these. # DEBUG_UNUSED enables __owur (warn unused result) checks. +# -DPEDANTIC complements -pedantic and is meant to mask code that +# is not strictly standard-compliant and/or implementation-specific, +# e.g. inline assembly, disregards to alignment requirements, such +# that -pedantic would complain about. Incidentally -DPEDANTIC has +# to be used even in sanitized builds, because sanitizer too is +# supposed to and does take notice of non-standard behaviour. Then +# -pedantic with pre-C9x compiler would also complain about 'long +# long' not being supported. As 64-bit algorithms are common now, +# it grew impossible to resolve this without sizeable additional +# code, so we just tell compiler to be pedantic about everything +# but 'long long' type. + my $gcc_devteam_warn = "-DDEBUG_UNUSED" - # -DPEDANTIC complements -pedantic and is meant to mask code that - # is not strictly standard-compliant and/or implementation-specific, - # e.g. inline assembly, disregards to alignment requirements, such - # that -pedantic would complain about. Incidentally -DPEDANTIC has - # to be used even in sanitized builds, because sanitizer too is - # supposed to and does take notice of non-standard behaviour. Then - # -pedantic with pre-C9x compiler would also complain about 'long - # long' not being supported. As 64-bit algorithms are common now, - # it grew impossible to resolve this without sizeable additional - # code, so we just tell compiler to be pedantic about everything - # but 'long long' type. . " -DPEDANTIC -pedantic -Wno-long-long" . " -Wall" . " -Wextra" . " -Wno-unused-parameter" . " -Wno-missing-field-initializers" + . " -Wswitch" . " -Wsign-compare" . " -Wmissing-prototypes" + . " -Wstrict-prototypes" . " -Wshadow" . " -Wformat" . " -Wtype-limits" @@ -135,19 +139,20 @@ my $gcc_devteam_warn = "-DDEBUG_UNUSED" # These are used in addition to $gcc_devteam_warn when the compiler is clang. # TODO(openssl-team): fix problems and investigate if (at least) the # following warnings can also be enabled: -# -Wswitch-enum # -Wcast-align -# -Wunreachable-code +# -Wunreachable-code -- no, too ugly/compiler-specific # -Wlanguage-extension-token -- no, we use asm() # -Wunused-macros -- no, too tricky for BN and _XOPEN_SOURCE etc # -Wextended-offsetof -- no, needed in CMS ASN1 code my $clang_devteam_warn = "" - . " -Qunused-arguments" + . " -Wswitch-default" + . " -Wno-parentheses-equality" . " -Wno-language-extension-token" . " -Wno-extended-offsetof" . " -Wconditional-uninitialized" . " -Wincompatible-pointer-types-discards-qualifiers" . " -Wmissing-variable-declarations" + . " -Wno-unknown-warning-option" ; # This adds backtrace information to the memory leak info. Is only used @@ -178,6 +183,10 @@ my $apitable = { our %table = (); our %config = (); our %withargs = (); +our $now_printing; # set to current entry's name in print_table_entry + # (todo: right thing would be to encapsulate name + # into %target [class] and make print_table_entry + # a method) # Forward declarations ############################################### @@ -210,6 +219,8 @@ $config{builddir} = abs2rel($blddir); my @argvcopy=@ARGV; if (grep /^reconf(igure)?$/, @argvcopy) { + die "reconfiguring with other arguments present isn't supported" + if scalar @argvcopy > 1; if (-f "./configdata.pm") { my $file = "./configdata.pm"; unless (my $return = do $file) { @@ -222,22 +233,7 @@ if (grep /^reconf(igure)?$/, @argvcopy) { @{$configdata::config{perlargv}} : (); die "Incorrect data to reconfigure, please do a normal configuration\n" if (grep(/^reconf/,@argvcopy)); - $ENV{CROSS_COMPILE} = $configdata::config{cross_compile_prefix} - if defined($configdata::config{cross_compile_prefix}); - $ENV{CC} = $configdata::config{cc} - if defined($configdata::config{cc}); - $ENV{BUILDFILE} = $configdata::config{build_file} - if defined($configdata::config{build_file}); - $ENV{$local_config_envname} = $configdata::config{local_config_dir} - if defined($configdata::config{local_config_dir}); - - print "Reconfiguring with: ", join(" ",@argvcopy), "\n"; - print " CROSS_COMPILE = ",$ENV{CROSS_COMPILE},"\n" - if $ENV{CROSS_COMPILE}; - print " CC = ",$ENV{CC},"\n" if $ENV{CC}; - print " BUILDFILE = ",$ENV{BUILDFILE},"\n" if $ENV{BUILDFILE}; - print " $local_config_envname = ",$ENV{$local_config_envname},"\n" - if $ENV{$local_config_envname}; + $config{perlenv} = $configdata::config{perlenv} // {}; } else { die "Insufficient data to reconfigure, please do a normal configuration\n"; } @@ -276,13 +272,13 @@ foreach (sort glob($pattern)) { &read_config($_); } -if (defined $ENV{$local_config_envname}) { +if (defined env($local_config_envname)) { if ($^O eq 'VMS') { # VMS environment variables are logical names, # which can be used as is $pattern = $local_config_envname . ':' . '*.conf'; } else { - $pattern = catfile($ENV{$local_config_envname}, '*.conf'); + $pattern = catfile(env($local_config_envname), '*.conf'); } foreach (sort glob($pattern)) { @@ -290,36 +286,35 @@ if (defined $ENV{$local_config_envname}) { } } - -print "Configuring OpenSSL version $config{version} ($config{version_num})\n"; +# Save away perl command information +$config{perl_cmd} = $^X; +$config{perl_version} = $Config{version}; +$config{perl_archname} = $Config{archname}; $config{prefix}=""; $config{openssldir}=""; $config{processor}=""; $config{libdir}=""; -$config{cross_compile_prefix}=""; -$config{fipslibdir}="/usr/local/ssl/fips-2.0/lib/"; -my $nofipscanistercheck=0; -$config{baseaddr}="0xFB00000"; my $auto_threads=1; # enable threads automatically? true by default my $default_ranlib; -$config{fips}=0; # Top level directories to build $config{dirs} = [ "crypto", "ssl", "engines", "apps", "test", "util", "tools", "fuzz" ]; # crypto/ subdirectories to build $config{sdirs} = [ "objects", - "md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2", - "des", "aes", "rc2", "rc4", "rc5", "idea", "bf", "cast", "camellia", "seed", "chacha", "modes", - "bn", "ec", "rsa", "dsa", "dh", "dso", "engine", + "md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2", "siphash", "sm3", + "des", "aes", "rc2", "rc4", "rc5", "idea", "aria", "bf", "cast", "camellia", "seed", "sm4", "chacha", "modes", + "bn", "ec", "rsa", "dsa", "dh", "sm2", "dso", "engine", "buffer", "bio", "stack", "lhash", "rand", "err", "evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui", - "cms", "ts", "srp", "cmac", "ct", "async", "kdf" + "cms", "ts", "srp", "cmac", "ct", "async", "kdf", "store" ]; +# test/ subdirectories to build +$config{tdirs} = [ "ossl_shim" ]; # Known TLS and DTLS protocols -my @tls = qw(ssl3 tls1 tls1_1 tls1_2); +my @tls = qw(ssl3 tls1 tls1_1 tls1_2 tls1_3); my @dtls = qw(dtls1 dtls1_2); # Explicitly known options that are possible to disable. They can @@ -328,11 +323,13 @@ my @dtls = qw(dtls1 dtls1_2); my @disablables = ( "afalgeng", + "aria", "asan", "asm", "async", "autoalginit", "autoerrinit", + "autoload-config", "bf", "blake2", "camellia", @@ -347,6 +344,7 @@ my @disablables = ( "ct", "deprecated", "des", + "devcryptoeng", "dgram", "dh", "dsa", @@ -361,6 +359,7 @@ my @disablables = ( "egd", "engine", "err", + "external-tests", "filenames", "fuzz-libfuzzer", "fuzz-afl", @@ -391,6 +390,10 @@ my @disablables = ( "sctp", "seed", "shared", + "siphash", + "sm2", + "sm3", + "sm4", "sock", "srp", "srtp", @@ -399,11 +402,12 @@ my @disablables = ( "ssl-trace", "static-engine", "stdio", + "tests", "threads", "tls", "ts", "ubsan", - "ui", + "ui-console", "unit-test", "whirlpool", "weak-ssl-ciphers", @@ -413,23 +417,26 @@ my @disablables = ( foreach my $proto ((@tls, @dtls)) { push(@disablables, $proto); - push(@disablables, "$proto-method"); + push(@disablables, "$proto-method") unless $proto eq "tls1_3"; } my %deprecated_disablables = ( "ssl2" => undef, "buf-freelists" => undef, - "ripemd" => "rmd160" + "ripemd" => "rmd160", + "ui" => "ui-console", ); -# All of the following is disabled by default (RC5 was enabled before 0.9.8): +# All of the following are disabled by default: our %disabled = ( # "what" => "comment" - "asan" => "default", + "asan" => "default", "crypto-mdebug" => "default", "crypto-mdebug-backtrace" => "default", + "devcryptoeng" => "default", "ec_nistp_64_gcc_128" => "default", "egd" => "default", + "external-tests" => "default", "fuzz-libfuzzer" => "default", "fuzz-afl" => "default", "heartbeats" => "default", @@ -476,14 +483,17 @@ my @disable_cascades = ( # Without position independent code, there can be no shared libraries or DSOs "pic" => [ "shared" ], "shared" => [ "dynamic-engine" ], - "engine" => [ "afalgeng" ], + "engine" => [ "afalgeng", "devcryptoeng" ], # no-autoalginit is only useful when building non-shared "autoalginit" => [ "shared", "apps" ], "stdio" => [ "apps", "capieng", "egd" ], "apps" => [ "tests" ], - "comp" => [ "zlib" ], + "tests" => [ "external-tests" ], + "comp" => [ "zlib" ], + "ec" => [ "tls1_3", "sm2" ], + "sm3" => [ "sm2" ], sub { !$disabled{"unit-test"} } => [ "heartbeats" ], sub { !$disabled{"msan"} } => [ "asm" ], @@ -513,23 +523,124 @@ while ((my $first, my $second) = (shift @list, shift @list)) { &usage if ($#ARGV < 0); -my $user_cflags=""; -my @user_defines=(); +# For the "make variables" CINCLUDES and CDEFINES, we support lists with +# platform specific list separators. Users from those platforms should +# recognise those separators from how you set up the PATH to find executables. +# The default is the Unix like separator, :, but as an exception, we also +# support the space as separator. +my $list_separator_re = + { VMS => qr/(? qr/(? {$^O} // qr/(? env('AR'), + ARFLAGS => [], + AS => undef, + ASFLAGS => [], + CC => env('CC'), + CFLAGS => [], + CXX => env('CXX'), + CXXFLAGS => [], + CPP => undef, + CPPFLAGS => [], # -D, -I, -Wp, + CPPDEFINES => [], # Alternative for -D + CPPINCLUDES => [], # Alternative for -I + CROSS_COMPILE => env('CROSS_COMPILE'), + HASHBANGPERL=> env('HASHBANGPERL') || env('PERL'), + LD => undef, + LDFLAGS => [], # -L, -Wl, + LDLIBS => [], # -l + MT => undef, + MTFLAGS => [], + PERL => env('PERL') || ($^O ne "VMS" ? $^X : "perl"), + RANLIB => env('RANLIB'), + RC => env('RC') || env('WINDRES'), + RCFLAGS => [], + RM => undef, + ); +# Info about what "make variables" may be prefixed with the cross compiler +# prefix. This should NEVER mention any such variable with a list for value. +my @user_crossable = qw ( AR AS CC CXX CPP LD MT RANLIB RC ); +# The same but for flags given as Configure options. These are *additional* +# input, as opposed to the VAR=string option that override the corresponding +# config target attributes +my %useradd = ( + CPPDEFINES => [], + CPPINCLUDES => [], + CPPFLAGS => [], + CFLAGS => [], + CXXFLAGS => [], + LDFLAGS => [], + LDLIBS => [], + ); + +my %user_synonyms = ( + HASHBANGPERL=> 'PERL', + RC => 'WINDRES', + ); + +# Some target attributes have been renamed, this is the translation table +my %target_attr_translate =( + ar => 'AR', + as => 'AS', + cc => 'CC', + cxx => 'CXX', + cpp => 'CPP', + hashbangperl => 'HASHBANGPERL', + ld => 'LD', + mt => 'MT', + ranlib => 'RANLIB', + rc => 'RC', + rm => 'RM', + ); + +# Initialisers coming from 'config' scripts +$config{defines} = [ split(/$list_separator_re/, env('__CNF_CPPDEFINES')) ]; +$config{includes} = [ split(/$list_separator_re/, env('__CNF_CPPINCLUDES')) ]; +$config{cppflags} = [ env('__CNF_CPPFLAGS') || () ]; +$config{cflags} = [ env('__CNF_CFLAGS') || () ]; +$config{cxxflags} = [ env('__CNF_CXXFLAGS') || () ]; +$config{lflags} = [ env('__CNF_LDFLAGS') || () ]; +$config{ex_libs} = [ env('__CNF_LDLIBS') || () ]; + $config{openssl_api_defines}=[]; $config{openssl_algorithm_defines}=[]; $config{openssl_thread_defines}=[]; $config{openssl_sys_defines}=[]; $config{openssl_other_defines}=[]; -my $libs=""; -my $target=""; $config{options}=""; $config{build_type} = "release"; +my $target=""; +my %cmdvars = (); # Stores FOO='blah' type arguments my %unsupported_options = (); my %deprecated_options = (); +# If you change this, update apps/version.c +my @known_seed_sources = qw(getrandom devrandom os egd none rdcpu librandom); +my @seed_sources = (); while (@argvcopy) { $_ = shift @argvcopy; + + # Support env variable assignments among the options + if (m|^(\w+)=(.+)?$|) + { + $cmdvars{$1} = $2; + # Every time a variable is given as a configuration argument, + # it acts as a reset if the variable. + if (exists $user{$1}) + { + $user{$1} = ref $user{$1} eq "ARRAY" ? [] : undef; + } + #if (exists $useradd{$1}) + # { + # $useradd{$1} = []; + # } + next; + } + # VMS is a case insensitive environment, and depending on settings # out of our control, we may receive options uppercased. Let's # downcase at least the part before any equal sign. @@ -537,7 +648,9 @@ while (@argvcopy) { s/^([^=]*)/lc($1)/e; } - s /^-no-/no-/; # some people just can't read the instructions + + # some people just can't read the instructions, clang people have to... + s/^-no-(?!integrated-as)/no-/; # rewrite some options in "enable-..." form s /^-?-?shared$/enable-shared/; @@ -647,7 +760,7 @@ while (@argvcopy) { $config{processor}=386; } elsif (/^fips$/) { - $config{fips}=1; + die "FIPS mode not supported\n"; } elsif (/^rsaref$/) { @@ -657,8 +770,7 @@ while (@argvcopy) } elsif (/^nofipscanistercheck$/) { - $config{fips} = 1; - $nofipscanistercheck = 1; + die "FIPS mode not supported\n"; } elsif (/^[-+]/) { @@ -696,25 +808,34 @@ while (@argvcopy) { $withargs{fuzzer_include}=$1; } - elsif (/^--with-fipslibdir=(.*)$/) + elsif (/^--with-rand-seed=(.*)$/) { - $config{fipslibdir}="$1/"; - } - elsif (/^--with-baseaddr=(.*)$/) - { - $config{baseaddr}="$1"; - } + foreach my $x (split(m|,|, $1)) + { + die "Unknown --with-rand-seed choice $x\n" + if ! grep { $x eq $_ } @known_seed_sources; + push @seed_sources, $x; + } + } elsif (/^--cross-compile-prefix=(.*)$/) { - $config{cross_compile_prefix}=$1; + $user{CROSS_COMPILE}=$1; } elsif (/^--config=(.*)$/) { read_config $1; } - elsif (/^-[lL](.*)$/ or /^-Wl,/) + elsif (/^-l(.*)$/) + { + push @{$useradd{LDLIBS}}, $_; + } + elsif (/^-framework$/) { - $libs.=$_." "; + push @{$useradd{LDLIBS}}, $_, shift(@argvcopy); + } + elsif (/^-L(.*)$/ or /^-Wl,/) + { + push @{$useradd{LDFLAGS}}, $_; } elsif (/^-rpath$/ or /^-R$/) # -rpath is the OSF1 rpath flag @@ -722,11 +843,11 @@ while (@argvcopy) { my $rpath = shift(@argvcopy) || ""; $rpath .= " " if $rpath ne ""; - $libs.=$_." ".$rpath; + push @{$useradd{LDFLAGS}}, $_, $rpath; } elsif (/^-static$/) { - $libs.=$_." "; + push @{$useradd{LDFLAGS}}, $_; $disabled{"dso"} = "forced"; $disabled{"pic"} = "forced"; $disabled{"shared"} = "forced"; @@ -734,12 +855,21 @@ while (@argvcopy) } elsif (/^-D(.*)$/) { - push @user_defines, $1; + push @{$useradd{CPPDEFINES}}, $1; + } + elsif (/^-I(.*)$/) + { + push @{$useradd{CPPINCLUDES}}, $1; + } + elsif (/^-Wp,$/) + { + push @{$useradd{CPPFLAGS}}, $1; } else # common if (/^[-+]/), just pass down... { $_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei; - $user_cflags.=" ".$_; + push @{$useradd{CFLAGS}}, $_; + push @{$useradd{CXXFLAGS}}, $_; } } else @@ -749,7 +879,7 @@ while (@argvcopy) } unless ($_ eq $target || /^no-/ || /^disable-/) { - # "no-..." follows later after implied disactivations + # "no-..." follows later after implied deactivations # have been derived. (Don't take this too seriously, # we really only write OPTIONS to the Makefile out of # nostalgia.) @@ -776,22 +906,63 @@ if (keys %unsupported_options) join(", ", keys %unsupported_options), "\n"; } -if ($libs =~ /(^|\s)-Wl,-rpath,/ +# If any %useradd entry has been set, we must check that the "make +# variables" haven't been set. We start by checking of any %useradd entry +# is set. +if (grep { scalar @$_ > 0 } values %useradd) { + # Hash of env / make variables names. The possible values are: + # 1 - "make vars" + # 2 - %useradd entry set + # 3 - both set + my %detected_vars = + map { my $v = 0; + $v += 1 if $cmdvars{$_}; + $v += 2 if @{$useradd{$_}}; + $_ => $v } + keys %useradd; + + # If any of the corresponding "make variables" is set, we error + if (grep { $_ & 1 } values %detected_vars) { + my $names = join(', ', grep { $detected_vars{$_} > 0 } + sort keys %detected_vars); + die <<"_____"; +***** Mixing make variables and additional compiler/linker flags as +***** configure command line option is not permitted. +***** Affected make variables: $names +_____ + } +} + +# Check through all supported command line variables to see if any of them +# were set, and canonicalise the values we got. If no compiler or linker +# flag or anything else that affects %useradd was set, we also check the +# environment for values. +my $anyuseradd = + grep { defined $_ && (ref $_ ne 'ARRAY' || @$_) } values %useradd; +foreach (keys %user) { + my $value = $cmdvars{$_}; + $value //= env($_) unless $anyuseradd; + $value //= + defined $user_synonyms{$_} ? $cmdvars{$user_synonyms{$_}} : undef; + $value //= defined $user_synonyms{$_} ? env($user_synonyms{$_}) : undef + unless $anyuseradd; + + if (defined $value) { + if (ref $user{$_} eq 'ARRAY') { + $user{$_} = [ split /$list_separator_re/, $value ]; + } elsif (!defined $user{$_}) { + $user{$_} = $value; + } + } +} + +if (grep { /-rpath\b/ } ($user{LDFLAGS} ? @{$user{LDFLAGS}} : ()) && !$disabled{shared} && !($disabled{asan} && $disabled{msan} && $disabled{ubsan})) { die "***** Cannot simultaneously use -rpath, shared libraries, and\n", "***** any of asan, msan or ubsan\n"; } -if ($config{fips}) - { - delete $disabled{"shared"} if ($disabled{"shared"} =~ /^default/); - } -else - { - @{$config{dirs}} = grep !/^fips$/, @{$config{dirs}}; - } - my @tocheckfor = (keys %disabled); while (@tocheckfor) { my %new_tocheckfor = (); @@ -832,74 +1003,38 @@ if ($target eq "HASH") { exit 0; } -# Backward compatibility? -if ($target =~ m/^CygWin32(-.*)$/) { - $target = "Cygwin".$1; -} +print "Configuring OpenSSL version $config{version} ($config{version_num}) "; +print "for $target\n"; -foreach (sort (keys %disabled)) - { - $config{options} .= " no-$_"; - - printf " no-%-12s %-10s", $_, "[$disabled{$_}]"; - - if (/^dso$/) - { } - elsif (/^threads$/) - { } - elsif (/^shared$/) - { } - elsif (/^pic$/) - { } - elsif (/^zlib$/) - { } - elsif (/^dynamic-engine$/) - { } - elsif (/^makedepend$/) - { } - elsif (/^zlib-dynamic$/) - { } - elsif (/^sse2$/) - { } - elsif (/^engine$/) - { - @{$config{dirs}} = grep !/^engines$/, @{$config{dirs}}; - @{$config{sdirs}} = grep !/^engine$/, @{$config{sdirs}}; - push @{$config{openssl_other_defines}}, "OPENSSL_NO_ENGINE"; - print " OPENSSL_NO_ENGINE (skip engines)"; - } - else - { - my ($WHAT, $what); - - ($WHAT = $what = $_) =~ tr/[\-a-z]/[_A-Z]/; +if (scalar(@seed_sources) == 0) { + print "Using os-specific seed configuration\n"; + push @seed_sources, 'os'; +} +if (scalar(grep { $_ eq 'none' } @seed_sources) > 0) { + die "Cannot seed with none and anything else" if scalar(@seed_sources) > 1; + warn <<_____ if scalar(@seed_sources) == 1; - # Fix up C macro end names - $WHAT = "RMD160" if $what eq "ripemd"; +============================== WARNING =============================== +You have selected the --with-rand-seed=none option, which effectively +disables automatic reseeding of the OpenSSL random generator. +All operations depending on the random generator such as creating keys +will not work unless the random generator is seeded manually by the +application. - # fix-up crypto/directory name(s) - $what = "ripemd" if $what eq "rmd160"; - $what = "whrlpool" if $what eq "whirlpool"; +Please read the 'Note on random number generation' section in the +INSTALL instructions and the RAND_DRBG(7) manual page for more details. +============================== WARNING =============================== - if ($what ne "async" && $what ne "err" - && grep { $_ eq $what } @{$config{sdirs}}) - { - push @{$config{openssl_algorithm_defines}}, "OPENSSL_NO_$WHAT"; - @{$config{sdirs}} = grep { $_ ne $what} @{$config{sdirs}}; - - print " OPENSSL_NO_$WHAT (skip dir)"; - } - else - { - push @{$config{openssl_other_defines}}, "OPENSSL_NO_$WHAT"; - print " OPENSSL_NO_$WHAT"; - } - } - - print "\n"; - } +_____ +} +push @{$config{openssl_other_defines}}, + map { (my $x = $_) =~ tr|[\-a-z]|[_A-Z]|; "OPENSSL_RAND_SEED_$x" } + @seed_sources; -print "Configuring for $target\n"; +# Backward compatibility? +if ($target =~ m/^CygWin32(-.*)$/) { + $target = "Cygwin".$1; +} # Support for legacy targets having a name starting with 'debug-' my ($d, $t) = $target =~ m/^(debug-)?(.*)$/; @@ -917,54 +1052,161 @@ if ($d) { $config{target} = $target; my %target = resolve_config($target); +foreach (keys %target_attr_translate) { + $target{$target_attr_translate{$_}} = $target{$_} + if $target{$_}; + delete $target{$_}; +} + +%target = ( %{$table{DEFAULTS}}, %target ); + +# Make the flags to build DSOs the same as for shared libraries unless they +# are already defined +$target{module_cflags} = $target{shared_cflag} unless defined $target{module_cflags}; +$target{module_cxxflags} = $target{shared_cxxflag} unless defined $target{module_cxxflags}; +$target{module_ldflags} = $target{shared_ldflag} unless defined $target{module_ldflags}; +{ + my $shared_info_pl = + catfile(dirname($0), "Configurations", "shared-info.pl"); + my %shared_info = read_eval_file($shared_info_pl); + push @{$target{_conf_fname_int}}, $shared_info_pl; + my $si = $target{shared_target}; + while (ref $si ne "HASH") { + last if ! defined $si; + if (ref $si eq "CODE") { + $si = $si->(); + } else { + $si = $shared_info{$si}; + } + } + + # Some of the 'shared_target' values don't have any entried in + # %shared_info. That's perfectly fine, AS LONG AS the build file + # template knows how to handle this. That is currently the case for + # Windows and VMS. + if (defined $si) { + # Just as above, copy certain shared_* attributes to the corresponding + # module_ attribute unless the latter is already defined + $si->{module_cflags} = $si->{shared_cflag} unless defined $si->{module_cflags}; + $si->{module_cxxflags} = $si->{shared_cxxflag} unless defined $si->{module_cxxflags}; + $si->{module_ldflags} = $si->{shared_ldflag} unless defined $si->{module_ldflags}; + foreach (sort keys %$si) { + $target{$_} = defined $target{$_} + ? add($si->{$_})->($target{$_}) + : $si->{$_}; + } + } +} + my %conf_files = map { $_ => 1 } (@{$target{_conf_fname_int}}); $config{conf_files} = [ sort keys %conf_files ]; -%target = ( %{$table{DEFAULTS}}, %target ); +foreach my $feature (@{$target{disable}}) { + if (exists $deprecated_disablables{$feature}) { + warn "***** config $target disables deprecated feature $feature\n"; + } elsif (!grep { $feature eq $_ } @disablables) { + die "***** config $target disables unknown feature $feature\n"; + } + $disabled{$feature} = 'config'; +} +foreach my $feature (@{$target{enable}}) { + if ("default" eq ($disabled{$_} // "")) { + if (exists $deprecated_disablables{$feature}) { + warn "***** config $target enables deprecated feature $feature\n"; + } elsif (!grep { $feature eq $_ } @disablables) { + die "***** config $target enables unknown feature $feature\n"; + } + delete $disabled{$_}; + } +} + +$target{CXXFLAGS}//=$target{CFLAGS} if $target{CXX}; +$target{cxxflags}//=$target{cflags} if $target{CXX}; $target{exe_extension}=""; $target{exe_extension}=".exe" if ($config{target} eq "DJGPP" || $config{target} =~ /^(?:Cygwin|mingw)/); $target{exe_extension}=".pm" if ($config{target} =~ /vos/); ($target{shared_extension_simple}=$target{shared_extension}) - =~ s|\.\$\(SHLIB_MAJOR\)\.\$\(SHLIB_MINOR\)||; -$target{dso_extension}=$target{shared_extension_simple}; + =~ s|\.\$\(SHLIB_VERSION_NUMBER\)|| + unless defined($target{shared_extension_simple}); +$target{dso_extension}//=$target{shared_extension_simple}; ($target{shared_import_extension}=$target{shared_extension_simple}.".a") if ($config{target} =~ /^(?:Cygwin|mingw)/); +# Fill %config with values from %user, and in case those are undefined or +# empty, use values from %target (acting as a default). +foreach (keys %user) { + my $ref_type = ref $user{$_}; + + # Temporary function. Takes an intended ref type (empty string or "ARRAY") + # and a value that's to be coerced into that type. + my $mkvalue = sub { + my $type = shift; + my $value = shift; + my $undef_p = shift; + + die "Too many arguments for \$mkvalue" if @_; + + while (ref $value eq 'CODE') { + $value = $value->(); + } -$config{cross_compile_prefix} = $ENV{'CROSS_COMPILE'} - if $config{cross_compile_prefix} eq ""; - -# Allow overriding the names of some tools. USE WITH CARE -# Note: only Unix cares about HASHBANGPERL... that explains -# the default string. -$config{perl} = $ENV{'PERL'} || ($^O ne "VMS" ? $^X : "perl"); -$config{hashbangperl} = - $ENV{'HASHBANGPERL'} || $ENV{'PERL'} || "/usr/bin/env perl"; -$target{cc} = $ENV{'CC'} || $target{cc} || "cc"; -$target{ranlib} = $ENV{'RANLIB'} || $target{ranlib} || - (which("$config{cross_compile_prefix}ranlib") ? - "\$(CROSS_COMPILE)ranlib" : "true"); -$target{ar} = $ENV{'AR'} || $target{ar} || "ar"; -$target{nm} = $ENV{'NM'} || $target{nm} || "nm"; -$target{rc} = - $ENV{'RC'} || $ENV{'WINDRES'} || $target{rc} || "windres"; + if ($type eq 'ARRAY') { + return undef unless defined $value; + return undef if ref $value ne 'ARRAY' && !$value; + return undef if ref $value eq 'ARRAY' && !@$value; + return [ $value ] unless ref $value eq 'ARRAY'; + } + return undef unless $value; + return $value; + }; + + $config{$_} = + $mkvalue->($ref_type, $user{$_}) + || $mkvalue->($ref_type, $target{$_}); + delete $config{$_} unless defined $config{$_}; +} # Allow overriding the build file name -$target{build_file} = $ENV{BUILDFILE} || $target{build_file} || "Makefile"; +$config{build_file} = env('BUILDFILE') || $target{build_file} || "Makefile"; -# Cache information necessary for reconfiguration -$config{cc} = $target{cc}; -$config{build_file} = $target{build_file}; +my %disabled_info = (); # For configdata.pm +foreach my $what (sort keys %disabled) { + $config{options} .= " no-$what"; -# For cflags, lflags, plib_lflags, ex_libs and defines, add the debug_ -# or release_ attributes. -# Do it in such a way that no spurious space is appended (hence the grep). -$config{defines} = []; -$config{cflags} = ""; -$config{ex_libs} = ""; -$config{shared_ldflag} = ""; + if (!grep { $what eq $_ } ( 'dso', 'threads', 'shared', 'pic', + 'dynamic-engine', 'makedepend', + 'zlib-dynamic', 'zlib', 'sse2' )) { + (my $WHAT = uc $what) =~ s|-|_|g; + + # Fix up C macro end names + $WHAT = "RMD160" if $what eq "ripemd"; + + # fix-up crypto/directory name(s) + $what = "ripemd" if $what eq "rmd160"; + $what = "whrlpool" if $what eq "whirlpool"; + + my $macro = $disabled_info{$what}->{macro} = "OPENSSL_NO_$WHAT"; + + if ((grep { $what eq $_ } @{$config{sdirs}}) + && $what ne 'async' && $what ne 'err') { + @{$config{sdirs}} = grep { $what ne $_} @{$config{sdirs}}; + $disabled_info{$what}->{skipped} = [ catdir('crypto', $what) ]; + + if ($what ne 'engine') { + push @{$config{openssl_algorithm_defines}}, $macro; + } else { + @{$config{dirs}} = grep !/^engines$/, @{$config{dirs}}; + push @{$disabled_info{engine}->{skipped}}, catdir('engines'); + push @{$config{openssl_other_defines}}, $macro; + } + } else { + push @{$config{openssl_other_defines}}, $macro; + } + + } +} # Make sure build_scheme is consistent. $target{build_scheme} = [ $target{build_scheme} ] @@ -994,56 +1236,24 @@ foreach my $checker (($builder_platform."-".$target{build_file}."-checker.pm", push @{$config{defines}}, "NDEBUG" if $config{build_type} eq "release"; -if ($target =~ /^mingw/ && `$target{cc} --target-help 2>&1` =~ m/-mno-cygwin/m) +if ($target =~ /^mingw/ && `$config{CC} --target-help 2>&1` =~ m/-mno-cygwin/m) { - $config{cflags} .= " -mno-cygwin"; - $config{shared_ldflag} .= " -mno-cygwin"; + push @{$config{cflags}}, "-mno-cygwin"; + push @{$config{cxxflags}}, "-mno-cygwin" if $config{CXX}; + push @{$config{shared_ldflag}}, "-mno-cygwin"; } -if ($target =~ /linux.*-mips/ && !$disabled{asm} && $user_cflags !~ /-m(ips|arch=)/) { +if ($target =~ /linux.*-mips/ && !$disabled{asm} + && !grep { $_ !~ /-m(ips|arch=)/ } (@{$user{CFLAGS}}, + @{$useradd{CFLAGS}})) { # minimally required architecture flags for assembly modules - $config{cflags}="-mips2 $config{cflags}" if ($target =~ /mips32/); - $config{cflags}="-mips3 $config{cflags}" if ($target =~ /mips64/); + my $value; + $value = '-mips2' if ($target =~ /mips32/); + $value = '-mips3' if ($target =~ /mips64/); + unshift @{$config{cflags}}, $value; + unshift @{$config{cxxflags}}, $value if $config{CXX}; } -my $no_shared_warn=0; -my $no_user_cflags=0; -my $no_user_defines=0; - -# The DSO code currently always implements all functions so that no -# applications will have to worry about that from a compilation point -# of view. However, the "method"s may return zero unless that platform -# has support compiled in for them. Currently each method is enabled -# by a define "DSO_" ... we translate the "dso_scheme" config -# string entry into using the following logic; -if (!$disabled{dso} && $target{dso_scheme} ne "") - { - $target{dso_scheme} =~ tr/[a-z]/[A-Z]/; - if ($target{dso_scheme} eq "DLFCN") - { - unshift @{$config{defines}}, "DSO_DLFCN", "HAVE_DLFCN_H"; - } - elsif ($target{dso_scheme} eq "DLFCN_NO_H") - { - unshift @{$config{defines}}, "DSO_DLFCN"; - } - else - { - unshift @{$config{defines}}, "DSO_$target{dso_scheme}"; - } - } - -$config{ex_libs}="$libs$config{ex_libs}" if ($libs ne ""); - -if ($disabled{asm}) - { - if ($config{fips}) - { - @{$config{defines}} = grep !/^[BL]_ENDIAN$/, @{$config{defines}}; - @{$target{defines}} = grep !/^[BL]_ENDIAN$/, @{$target{defines}}; - } - } - # If threads aren't disabled, check how possible they are unless ($disabled{threads}) { if ($auto_threads) { @@ -1060,7 +1270,8 @@ unless ($disabled{threads}) { # system-dependent compiler options that are necessary. We # can't truly check that the given options are correct, but # we expect the user to know what [s]He is doing. - if ($no_user_cflags && $no_user_defines) { + if (!@{$user{CFLAGS}} && !@{$useradd{CFLAGS}} + && !@{$user{CPPDEFINES}} && !@{$useradd{CPPDEFINES}}) { die "You asked for multi-threading support, but didn't\n" ,"provide any system-specific compiler options\n"; } @@ -1071,9 +1282,7 @@ unless ($disabled{threads}) { # If threads still aren't disabled, add a C macro to ensure the source # code knows about it. Any other flag is taken care of by the configs. unless($disabled{threads}) { - foreach (("defines", "openssl_thread_defines")) { - push @{$config{$_}}, "OPENSSL_THREADS"; - } + push @{$config{openssl_thread_defines}}, "OPENSSL_THREADS"; } # With "deprecated" disable all deprecated features. @@ -1081,45 +1290,46 @@ if (defined($disabled{"deprecated"})) { $config{api} = $maxapi; } +my $no_shared_warn=0; if ($target{shared_target} eq "") { $no_shared_warn = 1 - if ((!$disabled{shared} || !$disabled{"dynamic-engine"}) - && !$config{fips}); + if (!$disabled{shared} || !$disabled{"dynamic-engine"}); $disabled{shared} = "no-shared-target"; $disabled{pic} = $disabled{shared} = $disabled{"dynamic-engine"} = "no-shared-target"; } if ($disabled{"dynamic-engine"}) { - push @{$config{defines}}, "OPENSSL_NO_DYNAMIC_ENGINE"; + push @{$config{openssl_other_defines}}, "OPENSSL_NO_DYNAMIC_ENGINE"; $config{dynamic_engines} = 0; } else { - push @{$config{defines}}, "OPENSSL_NO_STATIC_ENGINE"; + push @{$config{openssl_other_defines}}, "OPENSSL_NO_STATIC_ENGINE"; $config{dynamic_engines} = 1; } -unless ($disabled{"fuzz-libfuzzer"}) { - $config{cflags} .= "-fsanitize-coverage=edge,indirect-calls "; -} - unless ($disabled{asan}) { - $config{cflags} .= "-fsanitize=address "; + push @{$config{cflags}}, "-fsanitize=address"; + push @{$config{cxxflags}}, "-fsanitize=address" if $config{CXX}; } unless ($disabled{ubsan}) { # -DPEDANTIC or -fnosanitize=alignment may also be required on some # platforms. - $config{cflags} .= "-fsanitize=undefined -fno-sanitize-recover=all "; + push @{$config{cflags}}, "-fsanitize=undefined", "-fno-sanitize-recover=all"; + push @{$config{cxxflags}}, "-fsanitize=undefined", "-fno-sanitize-recover=all" + if $config{CXX}; } unless ($disabled{msan}) { - $config{cflags} .= "-fsanitize=memory "; + push @{$config{cflags}}, "-fsanitize=memory"; + push @{$config{cxxflags}}, "-fsanitize=memory" if $config{CXX}; } unless ($disabled{"fuzz-libfuzzer"} && $disabled{"fuzz-afl"} && $disabled{asan} && $disabled{ubsan} && $disabled{msan}) { - $config{cflags} .= "-fno-omit-frame-pointer -g "; + push @{$config{cflags}}, "-fno-omit-frame-pointer", "-g"; + push @{$config{cxxflags}}, "-fno-omit-frame-pointer", "-g" if $config{CXX}; } # # Platform fix-ups @@ -1128,12 +1338,18 @@ unless ($disabled{"fuzz-libfuzzer"} && $disabled{"fuzz-afl"} # This saves the build files from having to check if ($disabled{pic}) { - $target{shared_cflag} = $target{shared_ldflag} = - $target{shared_rcflag} = ""; + foreach (qw(shared_cflag shared_cxxflag shared_cppflag + shared_defines shared_includes shared_ldflag + module_cflags module_cxxflags module_cppflags + module_defines module_includes module_lflags)) + { + delete $config{$_}; + $target{$_} = ""; + } } else { - push @{$config{defines}}, "OPENSSL_PIC"; + push @{$config{lib_defines}}, "OPENSSL_PIC"; } if ($target{sys_id} ne "") @@ -1143,96 +1359,115 @@ if ($target{sys_id} ne "") unless ($disabled{asm}) { $target{cpuid_asm_src}=$table{DEFAULTS}->{cpuid_asm_src} if ($config{processor} eq "386"); + push @{$config{lib_defines}}, "OPENSSL_CPUID_OBJ" if ($target{cpuid_asm_src} ne "mem_clr.c"); + $target{bn_asm_src} =~ s/\w+-gf2m.c// if (defined($disabled{ec2m})); # bn-586 is the only one implementing bn_*_part_words - push @{$config{defines}}, "OPENSSL_BN_ASM_PART_WORDS" if ($target{bn_asm_src} =~ /bn-586/); - push @{$config{defines}}, "OPENSSL_IA32_SSE2" if (!$disabled{sse2} && $target{bn_asm_src} =~ /86/); + push @{$config{lib_defines}}, "OPENSSL_BN_ASM_PART_WORDS" if ($target{bn_asm_src} =~ /bn-586/); + push @{$config{lib_defines}}, "OPENSSL_IA32_SSE2" if (!$disabled{sse2} && $target{bn_asm_src} =~ /86/); - push @{$config{defines}}, "OPENSSL_BN_ASM_MONT" if ($target{bn_asm_src} =~ /-mont/); - push @{$config{defines}}, "OPENSSL_BN_ASM_MONT5" if ($target{bn_asm_src} =~ /-mont5/); - push @{$config{defines}}, "OPENSSL_BN_ASM_GF2m" if ($target{bn_asm_src} =~ /-gf2m/); - - if ($config{fips}) { - push @{$config{openssl_other_defines}}, "OPENSSL_FIPS"; - } + push @{$config{lib_defines}}, "OPENSSL_BN_ASM_MONT" if ($target{bn_asm_src} =~ /-mont/); + push @{$config{lib_defines}}, "OPENSSL_BN_ASM_MONT5" if ($target{bn_asm_src} =~ /-mont5/); + push @{$config{lib_defines}}, "OPENSSL_BN_ASM_GF2m" if ($target{bn_asm_src} =~ /-gf2m/); if ($target{sha1_asm_src}) { - push @{$config{defines}}, "SHA1_ASM" if ($target{sha1_asm_src} =~ /sx86/ || $target{sha1_asm_src} =~ /sha1/); - push @{$config{defines}}, "SHA256_ASM" if ($target{sha1_asm_src} =~ /sha256/); - push @{$config{defines}}, "SHA512_ASM" if ($target{sha1_asm_src} =~ /sha512/); + push @{$config{lib_defines}}, "SHA1_ASM" if ($target{sha1_asm_src} =~ /sx86/ || $target{sha1_asm_src} =~ /sha1/); + push @{$config{lib_defines}}, "SHA256_ASM" if ($target{sha1_asm_src} =~ /sha256/); + push @{$config{lib_defines}}, "SHA512_ASM" if ($target{sha1_asm_src} =~ /sha512/); + } + if ($target{keccak1600_asm_src} ne $table{DEFAULTS}->{keccak1600_asm_src}) { + push @{$config{lib_defines}}, "KECCAK1600_ASM"; } if ($target{rc4_asm_src} ne $table{DEFAULTS}->{rc4_asm_src}) { - push @{$config{defines}}, "RC4_ASM"; + push @{$config{lib_defines}}, "RC4_ASM"; } if ($target{md5_asm_src}) { - push @{$config{defines}}, "MD5_ASM"; + push @{$config{lib_defines}}, "MD5_ASM"; } $target{cast_asm_src}=$table{DEFAULTS}->{cast_asm_src} unless $disabled{pic}; # CAST assembler is not PIC if ($target{rmd160_asm_src}) { - push @{$config{defines}}, "RMD160_ASM"; + push @{$config{lib_defines}}, "RMD160_ASM"; } if ($target{aes_asm_src}) { - push @{$config{defines}}, "AES_ASM" if ($target{aes_asm_src} =~ m/\baes-/);; + push @{$config{lib_defines}}, "AES_ASM" if ($target{aes_asm_src} =~ m/\baes-/);; # aes-ctr.fake is not a real file, only indication that assembler # module implements AES_ctr32_encrypt... - push @{$config{defines}}, "AES_CTR_ASM" if ($target{aes_asm_src} =~ s/\s*aes-ctr\.fake//); + push @{$config{lib_defines}}, "AES_CTR_ASM" if ($target{aes_asm_src} =~ s/\s*aes-ctr\.fake//); # aes-xts.fake indicates presence of AES_xts_[en|de]crypt... - push @{$config{defines}}, "AES_XTS_ASM" if ($target{aes_asm_src} =~ s/\s*aes-xts\.fake//); + push @{$config{lib_defines}}, "AES_XTS_ASM" if ($target{aes_asm_src} =~ s/\s*aes-xts\.fake//); $target{aes_asm_src} =~ s/\s*(vpaes|aesni)-x86\.s//g if ($disabled{sse2}); - push @{$config{defines}}, "VPAES_ASM" if ($target{aes_asm_src} =~ m/vpaes/); - push @{$config{defines}}, "BSAES_ASM" if ($target{aes_asm_src} =~ m/bsaes/); + push @{$config{lib_defines}}, "VPAES_ASM" if ($target{aes_asm_src} =~ m/vpaes/); + push @{$config{lib_defines}}, "BSAES_ASM" if ($target{aes_asm_src} =~ m/bsaes/); } if ($target{wp_asm_src} =~ /mmx/) { if ($config{processor} eq "386") { $target{wp_asm_src}=$table{DEFAULTS}->{wp_asm_src}; } elsif (!$disabled{"whirlpool"}) { - push @{$config{defines}}, "WHIRLPOOL_ASM"; + push @{$config{lib_defines}}, "WHIRLPOOL_ASM"; } } if ($target{modes_asm_src} =~ /ghash-/) { - push @{$config{defines}}, "GHASH_ASM"; + push @{$config{lib_defines}}, "GHASH_ASM"; } if ($target{ec_asm_src} =~ /ecp_nistz256/) { - push @{$config{defines}}, "ECP_NISTZ256_ASM"; + push @{$config{lib_defines}}, "ECP_NISTZ256_ASM"; + } + if ($target{ec_asm_src} =~ /x25519/) { + push @{$config{lib_defines}}, "X25519_ASM"; } if ($target{padlock_asm_src} ne $table{DEFAULTS}->{padlock_asm_src}) { - push @{$config{defines}}, "PADLOCK_ASM"; + push @{$config{lib_defines}}, "PADLOCK_ASM"; } if ($target{poly1305_asm_src} ne "") { - push @{$config{defines}}, "POLY1305_ASM"; + push @{$config{lib_defines}}, "POLY1305_ASM"; } } -my %predefined; - -if ($^O ne "VMS") { - my $cc = "$config{cross_compile_prefix}$target{cc}"; - - # collect compiler pre-defines from gcc or gcc-alike... - open(PIPE, "$cc -dM -E -x c /dev/null 2>&1 |"); - while () { - m/^#define\s+(\w+(?:\(\w+\))?)(?:\s+(.+))?/ or last; - $predefined{$1} = $2 // ""; +my %predefined = compiler_predefined($config{CROSS_COMPILE}.$config{CC}); + +# Check for makedepend capabilities. +if (!$disabled{makedepend}) { + if ($config{target} =~ /^(VC|vms)-/) { + # For VC- and vms- targets, there's nothing more to do here. The + # functionality is hard coded in the corresponding build files for + # cl (Windows) and CC/DECC (VMS). + } elsif (($predefined{__GNUC__} // -1) >= 3 + && !($predefined{__APPLE_CC__} && !$predefined{__clang__})) { + # We know that GNU C version 3 and up as well as all clang + # versions support dependency generation, but Xcode did not + # handle $cc -M before clang support (but claims __GNUC__ = 3) + $config{makedepprog} = "\$(CROSS_COMPILE)$config{CC}"; + } else { + # In all other cases, we look for 'makedepend', and disable the + # capability if not found. + $config{makedepprog} = which('makedepend'); + $disabled{makedepend} = "unavailable" unless $config{makedepprog}; } - close(PIPE); +} - if (!$disabled{makedepend}) { - # We know that GNU C version 3 and up as well as all clang - # versions support dependency generation, but Xcode did not - # handle $cc -M before clang support (but claims __GNUC__ = 3) - if (($predefined{__GNUC__} // -1) >= 3 - && !($predefined{__APPLE_CC__} && !$predefined{__clang__})) { - $config{makedepprog} = $cc; - } else { - $config{makedepprog} = which('makedepend'); - $disabled{makedepend} = "unavailable" unless $config{makedepprog}; - } +if (!$disabled{asm} && !$predefined{__MACH__} && $^O ne 'VMS') { + # probe for -Wa,--noexecstack option... + if ($predefined{__clang__}) { + # clang has builtin assembler, which doesn't recognize --help, + # but it apparently recognizes the option in question on all + # supported platforms even when it's meaningless. In other words + # probe would fail, but probed option always accepted... + push @{$config{cflags}}, "-Wa,--noexecstack", "-Qunused-arguments"; + } else { + my $cc = $config{CROSS_COMPILE}.$config{CC}; + open(PIPE, "$cc -Wa,--help -c -o null.$$.o -x assembler /dev/null 2>&1 |"); + while() { + if (m/--noexecstack/) { + push @{$config{cflags}}, "-Wa,--noexecstack"; + last; + } + } + close(PIPE); + unlink("null.$$.o"); } } - - # Deal with bn_ops ################################################### $config{bn_ll} =0; @@ -1260,9 +1495,12 @@ die "Exactly one of SIXTY_FOUR_BIT|SIXTY_FOUR_BIT_LONG|THIRTY_TWO_BIT can be set # Hack cflags for better warnings (dev option) ####################### -# "Stringify" the C flags string. This permits it to be made part of a string -# and works as well on command lines. -$config{cflags} =~ s/([\\\"])/\\$1/g; +# "Stringify" the C and C++ flags string. This permits it to be made part of +# a string and works as well on command lines. +$config{cflags} = [ map { (my $x = $_) =~ s/([\\\"])/\\$1/g; $x } + @{$config{cflags}} ]; +$config{cxxflags} = [ map { (my $x = $_) =~ s/([\\\"])/\\$1/g; $x } + @{$config{cxxflags}} ] if $config{CXX}; if (defined($config{api})) { $config{openssl_api_defines} = [ "OPENSSL_MIN_API=".$apitable->{$config{api}} ]; @@ -1273,17 +1511,27 @@ if (defined($config{api})) { if ($strict_warnings) { my $wopt; - die "ERROR --strict-warnings requires gcc or gcc-alike" - unless defined($predefined{__GNUC__}); + my $gccver = $predefined{__GNUC__} // -1; + + die "ERROR --strict-warnings requires gcc[>=4] or gcc-alike" + unless $gccver >= 4; foreach $wopt (split /\s+/, $gcc_devteam_warn) { - $config{cflags} .= " $wopt" unless ($config{cflags} =~ /(?:^|\s)$wopt(?:\s|$)/) + push @{$config{cflags}}, $wopt + unless grep { $_ eq $wopt } @{$config{cflags}}; + push @{$config{cxxflags}}, $wopt + if ($config{CXX} + && !grep { $_ eq $wopt } @{$config{cxxflags}}); } if (defined($predefined{__clang__})) { foreach $wopt (split /\s+/, $clang_devteam_warn) { - $config{cflags} .= " $wopt" unless ($config{cflags} =~ /(?:^|\s)$wopt(?:\s|$)/) + push @{$config{cflags}}, $wopt + unless grep { $_ eq $wopt } @{$config{cflags}}; + push @{$config{cxxflags}}, $wopt + if ($config{CXX} + && !grep { $_ eq $wopt } @{$config{cxxflags}}); } } } @@ -1292,26 +1540,23 @@ unless ($disabled{"crypto-mdebug-backtrace"}) { foreach my $wopt (split /\s+/, $memleak_devteam_backtrace) { - $config{cflags} .= " $wopt" unless ($config{cflags} =~ /(?:^|\s)$wopt(?:\s|$)/) + push @{$config{cflags}}, $wopt + unless grep { $_ eq $wopt } @{$config{cflags}}; + push @{$config{cxxflags}}, $wopt + if ($config{CXX} + && !grep { $_ eq $wopt } @{$config{cxxflags}}); } if ($target =~ /^BSD-/) { - $config{ex_libs} .= " -lexecinfo"; + push @{$config{ex_libs}}, "-lexecinfo"; } } -if ($user_cflags ne "") { $config{cflags}="$config{cflags}$user_cflags"; } -else { $no_user_cflags=1; } -if (@user_defines) { $config{defines}=[ @{$config{defines}}, @user_defines ]; } -else { $no_user_defines=1; } - -# ALL MODIFICATIONS TO %config and %target MUST BE DONE FROM HERE ON - unless ($disabled{afalgeng}) { $config{afalgeng}=""; - if ($target =~ m/^linux/) { + if (grep { $_ eq 'afalgeng' } @{$target{enable}}) { my $minver = 4*10000 + 1*100 + 0; - if ($config{cross_compile_prefix} eq "") { + if ($config{CROSS_COMPILE} eq "") { my $verstr = `uname -r`; my ($ma, $mi1, $mi2) = split("\\.", $verstr); ($mi2) = $mi2 =~ /(\d+)/; @@ -1331,6 +1576,22 @@ unless ($disabled{afalgeng}) { push @{$config{openssl_other_defines}}, "OPENSSL_NO_AFALGENG" if ($disabled{afalgeng}); +# Finish up %config by appending things the user gave us on the command line +# apart from "make variables" +foreach (keys %useradd) { + # The must all be lists, so we assert that here + die "internal error: \$useradd{$_} isn't an ARRAY\n" + unless ref $useradd{$_} eq 'ARRAY'; + + if (defined $config{$_}) { + push @{$config{$_}}, @{$useradd{$_}}; + } else { + $config{$_} = [ @{$useradd{$_}} ]; + } +} + +# ALL MODIFICATIONS TO %config and %target MUST BE DONE FROM HERE ON + # If we use the unified build, collect information from build.info files my %unified_info = (); @@ -1379,7 +1640,7 @@ if ($builder eq "unified") { my @build_file_templates = (); # First, look in the user provided directory, if given - if (defined $ENV{$local_config_envname}) { + if (defined env($local_config_envname)) { @build_file_templates = map { if ($^O eq 'VMS') { @@ -1387,7 +1648,7 @@ if ($builder eq "unified") { # which can be used as is $local_config_envname . ':' . $_; } else { - catfile($ENV{$local_config_envname}, $_); + catfile(env($local_config_envname), $_); } } @build_file_template_names; @@ -1408,7 +1669,9 @@ if ($builder eq "unified") { die "*** Couldn't find any of:\n", join("\n", @build_file_templates), "\n"; } $config{build_file_templates} - = [ $build_file_template, + = [ cleanfile($srcdir, catfile("Configurations", "common0.tmpl"), + $blddir), + $build_file_template, cleanfile($srcdir, catfile("Configurations", "common.tmpl"), $blddir) ]; @@ -1425,9 +1688,14 @@ if ($builder eq "unified") { push @build_infos, [ catdir("engines", $_), "build.info" ] if (-f catfile($srcdir, "engines", $_, "build.info")); } + foreach (@{$config{tdirs}}) { + push @build_infos, [ catdir("test", $_), "build.info" ] + if (-f catfile($srcdir, "test", $_, "build.info")); + } $config{build_infos} = [ ]; + my %ordinals = (); foreach (@build_infos) { my $sourced = catdir($srcdir, $_->[0]); my $buildd = catdir($blddir, $_->[0]); @@ -1449,7 +1717,6 @@ if ($builder eq "unified") { my @intermediates = (); my @rawlines = (); - my %ordinals = (); my %sources = (); my %shared_sources = (); my %includes = (); @@ -1597,7 +1864,7 @@ if ($builder eq "unified") { || $target_kind eq $target{build_file}."(".$builder_platform.")"); } }, - qr/^(?:#.*|\s*)$/ => sub { }, + qr/^\s*(?:#.*)?$/ => sub { }, "OTHERWISE" => sub { die "Something wrong with this line:\n$_\nat $sourced/$f" }, "BEFORE" => sub { if ($buildinfo_debug) { @@ -1727,33 +1994,24 @@ EOF } # Additionally, we set up sharednames for libraries that don't - # have any, as themselves. - foreach (keys %{$unified_info{libraries}}) { + # have any, as themselves. Only for libraries that aren't + # explicitly static. + foreach (grep !/\.a$/, keys %{$unified_info{libraries}}) { if (!defined $unified_info{sharednames}->{$_}) { $unified_info{sharednames}->{$_} = $_ } } - } - foreach (keys %ordinals) { - my $dest = $_; - my $ddest = cleanfile($buildd, $_, $blddir); - if ($unified_info{rename}->{$ddest}) { - $ddest = $unified_info{rename}->{$ddest}; - } - foreach (@{$ordinals{$dest}}) { - my %known_ordinals = - ( - crypto => - cleanfile($sourced, catfile("util", "libcrypto.num"), $blddir), - ssl => - cleanfile($sourced, catfile("util", "libssl.num"), $blddir) - ); - my $o = $known_ordinals{$_}; - die "Ordinals for $ddest defined more than once\n" - if $unified_info{ordinals}->{$ddest}; - $unified_info{ordinals}->{$ddest} = [ $_, $o ]; + # Check that we haven't defined any library as both shared and + # explicitly static. That is forbidden. + my @doubles = (); + foreach (grep /\.a$/, keys %{$unified_info{libraries}}) { + (my $l = $_) =~ s/\.a$//; + push @doubles, $l if defined $unified_info{sharednames}->{$l}; } + die "these libraries are both explicitly static and shared:\n ", + join(" ", @doubles), "\n" + if @doubles; } foreach (keys %sources) { @@ -1770,12 +2028,21 @@ EOF if ($s eq $src_configdata || ! -f $s || $generate{$_}) { $s = cleanfile($buildd, $_, $blddir); } - # We recognise C and asm files - if ($s =~ /\.[csS]\b$/) { - (my $o = $_) =~ s/\.[csS]\b$/.o/; + # We recognise C++, C and asm files + if ($s =~ /\.(cc|cpp|c|s|S)$/) { + my $o = $_; + $o =~ s/\.[csS]$/.o/; # C and assembler + $o =~ s/\.(cc|cpp)$/_cc.o/; # C++ $o = cleanfile($buildd, $o, $blddir); $unified_info{sources}->{$ddest}->{$o} = 1; $unified_info{sources}->{$o}->{$s} = 1; + } elsif ($s =~ /\.rc$/) { + # We also recognise resource files + my $o = $_; + $o =~ s/\.rc$/.res/; # Resource configuration + my $o = cleanfile($buildd, $o, $blddir); + $unified_info{sources}->{$ddest}->{$o} = 1; + $unified_info{sources}->{$o}->{$s} = 1; } else { $unified_info{sources}->{$ddest}->{$s} = 1; } @@ -1796,12 +2063,27 @@ EOF if ($s eq $src_configdata || ! -f $s || $generate{$_}) { $s = cleanfile($buildd, $_, $blddir); } - # We recognise C and asm files - if ($s =~ /\.[csS]\b$/) { - (my $o = $_) =~ s/\.[csS]\b$/.o/; + + if ($s =~ /\.(cc|cpp|c|s|S)$/) { + # We recognise C++, C and asm files + my $o = $_; + $o =~ s/\.[csS]$/.o/; # C and assembler + $o =~ s/\.(cc|cpp)$/_cc.o/; # C++ $o = cleanfile($buildd, $o, $blddir); $unified_info{shared_sources}->{$ddest}->{$o} = 1; $unified_info{sources}->{$o}->{$s} = 1; + } elsif ($s =~ /\.rc$/) { + # We also recognise resource files + my $o = $_; + $o =~ s/\.rc$/.res/; # Resource configuration + my $o = cleanfile($buildd, $o, $blddir); + $unified_info{shared_sources}->{$ddest}->{$o} = 1; + $unified_info{sources}->{$o}->{$s} = 1; + } elsif ($s =~ /\.(def|map|opt)$/) { + # We also recognise .def / .map / .opt files + # We know they are generated files + my $def = cleanfile($buildd, $s, $blddir); + $unified_info{shared_sources}->{$ddest}->{$def} = 1; } else { die "unrecognised source file type for shared library: $s\n"; } @@ -1850,9 +2132,16 @@ EOF $d = cleanfile($buildd, $_, $blddir); } # Take note if the file to depend on is being renamed + # Take extra care with files ending with .a, they should + # be treated without that extension, and the extension + # should be added back after treatment. + $d =~ /(\.a)?$/; + my $e = $1 // ""; + $d = $`; if ($unified_info{rename}->{$d}) { $d = $unified_info{rename}->{$d}; } + $d .= $e; $unified_info{depends}->{$ddest}->{$d} = 1; } } @@ -1880,8 +2169,26 @@ EOF } } + my $ordinals_text = join(', ', sort keys %ordinals); + warn <<"EOF" if $ordinals_text; + +WARNING: ORDINALS were specified for $ordinals_text +They are ignored and should be replaced with a combination of GENERATE, +DEPEND and SHARED_SOURCE. +EOF + # Massage the result + # If the user configured no-shared, we allow no shared sources + if ($disabled{shared}) { + foreach (keys %{$unified_info{shared_sources}}) { + foreach (keys %{$unified_info{shared_sources}->{$_}}) { + delete $unified_info{sources}->{$_}; + } + } + $unified_info{shared_sources} = {}; + } + # If we depend on a header file or a perl module, add an inclusion of # its directory to allow smoothe inclusion foreach my $dest (keys %{$unified_info{depends}}) { @@ -1946,6 +2253,42 @@ EOF [ @{$unified_info{includes}->{$dest}->{source}} ]; } } + + # For convenience collect information regarding directories where + # files are generated, those generated files and the end product + # they end up in where applicable. Then, add build rules for those + # directories + my %loopinfo = ( "lib" => [ @{$unified_info{libraries}} ], + "dso" => [ @{$unified_info{engines}} ], + "bin" => [ @{$unified_info{programs}} ], + "script" => [ @{$unified_info{scripts}} ] ); + foreach my $type (keys %loopinfo) { + foreach my $product (@{$loopinfo{$type}}) { + my %dirs = (); + my $pd = dirname($product); + + foreach (@{$unified_info{sources}->{$product} // []}, + @{$unified_info{shared_sources}->{$product} // []}) { + my $d = dirname($_); + + # We don't want to create targets for source directories + # when building out of source + next if ($config{sourcedir} ne $config{builddir} + && $d =~ m|^\Q$config{sourcedir}\E|); + # We already have a "test" target, and the current directory + # is just silly to make a target for + next if $d eq "test" || $d eq "."; + + $dirs{$d} = 1; + push @{$unified_info{dirinfo}->{$d}->{deps}}, $_ + if $d ne $pd; + } + foreach (keys %dirs) { + push @{$unified_info{dirinfo}->{$_}->{products}->{$type}}, + $product; + } + } + } } # For the schemes that need it, we provide the old *_obj configs @@ -1953,13 +2296,18 @@ EOF foreach (grep /_(asm|aux)_src$/, keys %target) { my $src = $_; (my $obj = $_) =~ s/_(asm|aux)_src$/_obj/; - ($target{$obj} = $target{$src}) =~ s/\.[csS]\b/.o/g; + $target{$obj} = $target{$src}; + $target{$obj} =~ s/\.[csS]\b/.o/g; # C and assembler + $target{$obj} =~ s/\.(cc|cpp)\b/_cc.o/g; # C++ } # Write down our configuration where it fits ######################### +print "Creating configdata.pm\n"; open(OUT,">configdata.pm") || die "unable to create configdata.pm: $!\n"; print OUT <<"EOF"; +#! $config{HASHBANGPERL} + package configdata; use strict; @@ -1977,6 +2325,22 @@ foreach (sort keys %config) { print OUT " ", $_, " => [ ", join(", ", map { quotify("perl", $_) } @{$config{$_}}), " ],\n"; + } elsif (ref($config{$_}) eq "HASH") { + print OUT " ", $_, " => {"; + if (scalar keys %{$config{$_}} > 0) { + print OUT "\n"; + foreach my $key (sort keys %{$config{$_}}) { + print OUT " ", + join(" => ", + quotify("perl", $key), + defined $config{$_}->{$key} + ? quotify("perl", $config{$_}->{$key}) + : "undef"); + print OUT ",\n"; + } + print OUT " "; + } + print OUT "},\n"; } else { print OUT " ", $_, " => ", quotify("perl", $config{$_}), ",\n" } @@ -2078,52 +2442,298 @@ if ($builder eq "unified") { EOF } -print OUT "1;\n"; -close(OUT); +print OUT + "# The following data is only used when this files is use as a script\n"; +print OUT "my \@makevars = (\n"; +foreach (sort keys %user) { + print OUT " '",$_,"',\n"; +} +print OUT ");\n"; +print OUT "my \%disabled_info = (\n"; +foreach my $what (sort keys %disabled_info) { + print OUT " '$what' => {\n"; + foreach my $info (sort keys %{$disabled_info{$what}}) { + if (ref $disabled_info{$what}->{$info} eq 'ARRAY') { + print OUT " $info => [ ", + join(', ', map { "'$_'" } @{$disabled_info{$what}->{$info}}), + " ],\n"; + } else { + print OUT " $info => '", $disabled_info{$what}->{$info}, + "',\n"; + } + } + print OUT " },\n"; +} +print OUT ");\n"; +print OUT 'my @user_crossable = qw( ', join (' ', @user_crossable), " );\n"; +print OUT << 'EOF'; +# If run directly, we can give some answers, and even reconfigure +unless (caller) { + use Getopt::Long; + use File::Spec::Functions; + use File::Basename; + use Pod::Usage; + + my $here = dirname($0); + + my $dump = undef; + my $cmdline = undef; + my $options = undef; + my $target = undef; + my $envvars = undef; + my $makevars = undef; + my $buildparams = undef; + my $reconf = undef; + my $verbose = undef; + my $help = undef; + my $man = undef; + GetOptions('dump|d' => \$dump, + 'command-line|c' => \$cmdline, + 'options|o' => \$options, + 'target|t' => \$target, + 'environment|e' => \$envvars, + 'make-variables|m' => \$makevars, + 'build-parameters|b' => \$buildparams, + 'reconfigure|reconf|r' => \$reconf, + 'verbose|v' => \$verbose, + 'help' => \$help, + 'man' => \$man) + or die "Errors in command line arguments\n"; + + unless ($dump || $cmdline || $options || $target || $envvars || $makevars + || $buildparams || $reconf || $verbose || $help || $man) { + print STDERR <<"_____"; +You must give at least one option. +For more information, do '$0 --help' +_____ + exit(2); + } + + if ($help) { + pod2usage(-exitval => 0, + -verbose => 1); + } + if ($man) { + pod2usage(-exitval => 0, + -verbose => 2); + } + if ($dump || $cmdline) { + print "\nCommand line (with current working directory = $here):\n\n"; + print ' ',join(' ', + $config{PERL}, + catfile($config{sourcedir}, 'Configure'), + @{$config{perlargv}}), "\n"; + print "\nPerl information:\n\n"; + print ' ',$config{perl_cmd},"\n"; + print ' ',$config{perl_version},' for ',$config{perl_archname},"\n"; + } + if ($dump || $options) { + my $longest = 0; + my $longest2 = 0; + foreach my $what (@disablables) { + $longest = length($what) if $longest < length($what); + $longest2 = length($disabled{$what}) + if $disabled{$what} && $longest2 < length($disabled{$what}); + } + print "\nEnabled features:\n\n"; + foreach my $what (@disablables) { + print " $what\n" unless $disabled{$what}; + } + print "\nDisabled features:\n\n"; + foreach my $what (@disablables) { + if ($disabled{$what}) { + print " $what", ' ' x ($longest - length($what) + 1), + "[$disabled{$what}]", ' ' x ($longest2 - length($disabled{$what}) + 1); + print $disabled_info{$what}->{macro} + if $disabled_info{$what}->{macro}; + print ' (skip ', + join(', ', @{$disabled_info{$what}->{skipped}}), + ')' + if $disabled_info{$what}->{skipped}; + print "\n"; + } + } + } + if ($dump || $target) { + print "\nConfig target attributes:\n\n"; + foreach (sort keys %target) { + next if $_ =~ m|^_| || $_ eq 'template'; + my $quotify = sub { + map { (my $x = $_) =~ s|([\\\$\@"])|\\$1|g; "\"$x\""} @_; + }; + print ' ', $_, ' => '; + if (ref($target{$_}) eq "ARRAY") { + print '[ ', join(', ', $quotify->(@{$target{$_}})), " ],\n"; + } else { + print $quotify->($target{$_}), ",\n" + } + } + } + if ($dump || $envvars) { + print "\nRecorded environment:\n\n"; + foreach (sort keys %{$config{perlenv}}) { + print ' ',$_,' = ',($config{perlenv}->{$_} || ''),"\n"; + } + } + if ($dump || $makevars) { + print "\nMakevars:\n\n"; + foreach my $var (@makevars) { + my $prefix = ''; + $prefix = $config{CROSS_COMPILE} + if grep { $var eq $_ } @user_crossable; + $prefix //= ''; + print ' ',$var,' ' x (16 - length $var),'= ', + (ref $config{$var} eq 'ARRAY' + ? join(' ', @{$config{$var}}) + : $prefix.$config{$var}), + "\n" + if defined $config{$var}; + } + + my @buildfile = ($config{builddir}, $config{build_file}); + unshift @buildfile, $here + unless file_name_is_absolute($config{builddir}); + my $buildfile = canonpath(catdir(@buildfile)); + print <<"_____"; + +NOTE: These variables only represent the configuration view. The build file +template may have processed these variables further, please have a look at the +build file for more exact data: + $buildfile +_____ + } + if ($dump || $buildparams) { + my @buildfile = ($config{builddir}, $config{build_file}); + unshift @buildfile, $here + unless file_name_is_absolute($config{builddir}); + print "\nbuild file:\n\n"; + print " ", canonpath(catfile(@buildfile)),"\n"; + + print "\nbuild file templates:\n\n"; + foreach (@{$config{build_file_templates}}) { + my @tmpl = ($_); + unshift @tmpl, $here + unless file_name_is_absolute($config{sourcedir}); + print ' ',canonpath(catfile(@tmpl)),"\n"; + } + } + if ($reconf) { + if ($verbose) { + print 'Reconfiguring with: ', join(' ',@{$config{perlargv}}), "\n"; + foreach (sort keys %{$config{perlenv}}) { + print ' ',$_,' = ',($config{perlenv}->{$_} || ""),"\n"; + } + } + + chdir $here; + exec $^X,catfile($config{sourcedir}, 'Configure'),'reconf'; + } +} + +1; + +__END__ + +=head1 NAME + +configdata.pm - configuration data for OpenSSL builds + +=head1 SYNOPSIS + +Interactive: + + perl configdata.pm [options] + +As data bank module: + + use configdata; +=head1 DESCRIPTION -print "CC =$config{cross_compile_prefix}$target{cc}\n"; -print "CFLAG =$target{cflags} $config{cflags}\n"; -print "SHARED_CFLAG =$target{shared_cflag}\n"; -print "DEFINES =",join(" ", @{$target{defines}}, @{$config{defines}}),"\n"; -print "LFLAG =$target{lflags}\n"; -print "PLIB_LFLAG =$target{plib_lflags}\n"; -print "EX_LIBS =$target{ex_libs} $config{ex_libs}\n"; -print "APPS_OBJ =$target{apps_obj}\n"; -print "CPUID_OBJ =$target{cpuid_obj}\n"; -print "UPLINK_OBJ =$target{uplink_obj}\n"; -print "BN_ASM =$target{bn_obj}\n"; -print "EC_ASM =$target{ec_obj}\n"; -print "DES_ENC =$target{des_obj}\n"; -print "AES_ENC =$target{aes_obj}\n"; -print "BF_ENC =$target{bf_obj}\n"; -print "CAST_ENC =$target{cast_obj}\n"; -print "RC4_ENC =$target{rc4_obj}\n"; -print "RC5_ENC =$target{rc5_obj}\n"; -print "MD5_OBJ_ASM =$target{md5_obj}\n"; -print "SHA1_OBJ_ASM =$target{sha1_obj}\n"; -print "RMD160_OBJ_ASM=$target{rmd160_obj}\n"; -print "CMLL_ENC =$target{cmll_obj}\n"; -print "MODES_OBJ =$target{modes_obj}\n"; -print "PADLOCK_OBJ =$target{padlock_obj}\n"; -print "CHACHA_ENC =$target{chacha_obj}\n"; -print "POLY1305_OBJ =$target{poly1305_obj}\n"; -print "BLAKE2_OBJ =$target{blake2_obj}\n"; -print "PROCESSOR =$config{processor}\n"; -print "RANLIB =", $target{ranlib} eq '$(CROSS_COMPILE)ranlib' ? - "$config{cross_compile_prefix}ranlib" : - "$target{ranlib}", "\n"; -print "ARFLAGS =$target{arflags}\n"; -print "PERL =$config{perl}\n"; -print "\n"; -print "SIXTY_FOUR_BIT_LONG mode\n" if $config{b64l}; -print "SIXTY_FOUR_BIT mode\n" if $config{b64}; -print "THIRTY_TWO_BIT mode\n" if $config{b32}; -print "BN_LLONG mode\n" if $config{bn_ll}; -print "RC4 uses $config{rc4_int}\n" if $config{rc4_int} ne $def_int; +This module can be used in two modes, interactively and as a module containing +all the data recorded by OpenSSL's Configure script. + +When used interactively, simply run it as any perl script, with at least one +option, and you will get the information you ask for. See L below. + +When loaded as a module, you get a few databanks with useful information to +perform build related tasks. The databanks are: + + %config Configured things. + %target The OpenSSL config target with all inheritances + resolved. + %disabled The features that are disabled. + @disablables The list of features that can be disabled. + %withargs All data given through --with-THING options. + %unified_info All information that was computed from the build.info + files. + +=head1 OPTIONS + +=over 4 + +=item B<--help> + +Print a brief help message and exit. + +=item B<--man> + +Print the manual page and exit. + +=item B<--dump> | B<-d> + +Print all relevant configuration data. This is equivalent to B<--command-line> +B<--options> B<--target> B<--environment> B<--make-variables> +B<--build-parameters>. + +=item B<--command-line> | B<-c> + +Print the current configuration command line. + +=item B<--options> | B<-o> + +Print the features, both enabled and disabled, and display defined macro and +skipped directories where applicable. + +=item B<--target> | B<-t> + +Print the config attributes for this config target. + +=item B<--environment> | B<-e> + +Print the environment variables and their values at the time of configuration. + +=item B<--make-variables> | B<-m> + +Print the main make variables generated in the current configuration + +=item B<--build-parameters> | B<-b> + +Print the build parameters, i.e. build file and build file templates. + +=item B<--reconfigure> | B<--reconf> | B<-r> + +Redo the configuration. + +=item B<--verbose> | B<-v> + +Verbose output. + +=back + +=cut + +EOF +close(OUT); +if ($builder_platform eq 'unix') { + my $mode = (0755 & ~umask); + chmod $mode, 'configdata.pm' + or warn sprintf("WARNING: Couldn't change mode for 'configdata.pm' to 0%03o: %s\n",$mode,$!); +} my %builders = ( unified => sub { + print 'Creating ',$target{build_file},"\n"; run_dofile(catfile($blddir, $target{build_file}), @{$config{build_file_templates}}); }, @@ -2133,11 +2743,6 @@ $builders{$builder}->($builder_platform, @builder_opts); $SIG{__DIE__} = $orig_death_handler; -print <<"EOF"; - -Configured for $target. -EOF - print <<"EOF" if ($disabled{threads} eq "unavailable"); The library could not be configured for supporting multi-threaded @@ -2154,6 +2759,24 @@ or position independent code, please let us know (but please first make sure you have tried with a current version of OpenSSL). EOF +print <<"EOF"; + +********************************************************************** +*** *** +*** OpenSSL has been successfully configured *** +*** *** +*** If you encounter a problem while building, please open an *** +*** issue on GitHub *** +*** and include the output from the following command: *** +*** *** +*** perl configdata.pm --dump *** +*** *** +*** (If you are new to OpenSSL, you might want to consult the *** +*** 'Troubleshooting' section in the INSTALL file first) *** +*** *** +********************************************************************** +EOF + exit(0); ###################################################################### @@ -2243,7 +2866,10 @@ sub threads { return sub { add($disabled{threads} ? () : @flags)->(); } } - +sub shared { + my @flags = @_; + return sub { add($disabled{shared} ? () : @flags)->(); } +} our $add_called = 0; # Helper function to implement adding values to already existing configuration @@ -2301,25 +2927,38 @@ sub add { sub { _add($separator, @_, @x) }; } +sub read_eval_file { + my $fname = shift; + my $content; + my @result; + + open F, "< $fname" or die "Can't open '$fname': $!\n"; + { + undef local $/; + $content = ; + } + close F; + { + local $@; + + @result = ( eval $content ); + warn $@ if $@; + } + return wantarray ? @result : $result[0]; +} + # configuration reader, evaluates the input file as a perl script and expects # it to fill %targets with target configurations. Those are then added to # %table. sub read_config { my $fname = shift; - open(CONFFILE, "< $fname") - or die "Can't open configuration file '$fname'!\n"; - my $x = $/; - undef $/; - my $content = ; - $/ = $x; - close(CONFFILE); - my %targets = (); + my %targets; + { # Protect certain tables from tampering - local %table = %::table; + local %table = (); - eval $content; - warn $@ if $@; + %targets = read_eval_file($fname); } my %preexisting = (); foreach (sort keys %targets) { @@ -2513,7 +3152,7 @@ sub run_dofile foreach (@templates) { die "Can't open $_, $!" unless -f $_; } - my $perlcmd = (quotify("maybeshell", $config{perl}))[0]; + my $perlcmd = (quotify("maybeshell", $config{PERL}))[0]; my $cmd = "$perlcmd \"-I.\" \"-Mconfigdata\" \"$dofile\" -o\"Configure\" \"".join("\" \"",@templates)."\" > \"$out.new\""; #print STDERR "DEBUG[run_dofile]: \$cmd = $cmd\n"; system($cmd); @@ -2521,6 +3160,31 @@ sub run_dofile rename("$out.new", $out) || die "Can't rename $out.new, $!"; } +sub compiler_predefined { + state %predefined; + my $cc = shift; + + return () if $^O eq 'VMS'; + + die 'compiler_predefined called without a compiler command' + unless $cc; + + if (! $predefined{$cc}) { + + $predefined{$cc} = {}; + + # collect compiler pre-defines from gcc or gcc-alike... + open(PIPE, "$cc -dM -E -x c /dev/null 2>&1 |"); + while (my $l = ) { + $l =~ m/^#define\s+(\w+(?:\(\w+\))?)(?:\s+(.+))?/ or last; + $predefined{$cc}->{$1} = $2 // ''; + } + close(PIPE); + } + + return %{$predefined{$cc}}; +} + sub which { my ($name)=@_; @@ -2542,12 +3206,28 @@ sub which } } +sub env +{ + my $name = shift; + my %opts = @_; + + unless ($opts{cacheonly}) { + # Note that if $ENV{$name} doesn't exist or is undefined, + # $config{perlenv}->{$name} will be created with the value + # undef. This is intentional. + + $config{perlenv}->{$name} = $ENV{$name} + if ! exists $config{perlenv}->{$name}; + } + return $config{perlenv}->{$name}; +} + # Configuration printer ############################################## sub print_table_entry { - my $target = shift; - my %target = resolve_config($target); + local $now_printing = shift; + my %target = resolve_config($now_printing); my $type = shift; # Don't print the templates @@ -2555,14 +3235,16 @@ sub print_table_entry my @sequence = ( "sys_id", + "cpp", + "cppflags", + "defines", + "includes", "cc", "cflags", - "defines", "unistd", "ld", "lflags", "loutflag", - "plib_lflags", "ex_libs", "bn_ops", "apps_aux_src", @@ -2614,7 +3296,7 @@ sub print_table_entry if ($type eq "TABLE") { print "\n"; - print "*** $target\n"; + print "*** $now_printing\n"; foreach (@sequence) { if (ref($target{$_}) eq "ARRAY") { printf "\$%-12s = %s\n", $_, join(" ", @{$target{$_}}); @@ -2625,7 +3307,7 @@ sub print_table_entry } elsif ($type eq "HASH") { my $largest = length((sort { length($a) <=> length($b) } @sequence)[-1]); - print " '$target' => {\n"; + print " '$now_printing' => {\n"; foreach (@sequence) { if ($target{$_}) { if (ref($target{$_}) eq "ARRAY") { diff --git a/deps/openssl/openssl/INSTALL b/deps/openssl/openssl/INSTALL index 5a98d1da83fb36..4ce6651b6b3422 100644 --- a/deps/openssl/openssl/INSTALL +++ b/deps/openssl/openssl/INSTALL @@ -1,4 +1,3 @@ - OPENSSL INSTALLATION -------------------- @@ -23,6 +22,7 @@ * NOTES.VMS (OpenVMS) * NOTES.WIN (any supported Windows) * NOTES.DJGPP (DOS platform with DJGPP) + * NOTES.ANDROID (obviously Android [NDK]) Notational conventions in this document --------------------------------------- @@ -145,8 +145,8 @@ put together one-size-fits-all instructions. You might have to pass more flags or set up environment variables to actually make it work. Android and iOS cases are - discussed in corresponding Configurations/10-main.cf - sections. But there are cases when this option alone is + discussed in corresponding Configurations/15-*.conf + files. But there are cases when this option alone is sufficient. For example to build the mingw64 target on Linux "--cross-compile-prefix=x86_64-w64-mingw32-" works. Naturally provided that mingw packages are @@ -157,10 +157,12 @@ "--cross-compile-prefix=mipsel-linux-gnu-" suffices in such case. Needless to mention that you have to invoke ./Configure, not ./config, and pass your target - name explicitly. + name explicitly. Also, note that --openssldir refers + to target's file system, not one you are building on. --debug - Build OpenSSL with debugging symbols. + Build OpenSSL with debugging symbols and zero optimization + level. --libdir=DIR The name of the directory under the top of the installation @@ -209,12 +211,41 @@ without a path). This flag must be provided if the zlib-dynamic option is not also used. If zlib-dynamic is used then this flag is optional and a default value ("ZLIB1") is - used if not provided. + used if not provided. On VMS: this is the filename of the zlib library (with or without a path). This flag is optional and if not provided then "GNV$LIBZSHR", "GNV$LIBZSHR32" or "GNV$LIBZSHR64" is used by default depending on the pointer size chosen. + + --with-rand-seed=seed1[,seed2,...] + A comma separated list of seeding methods which will be tried + by OpenSSL in order to obtain random input (a.k.a "entropy") + for seeding its cryptographically secure random number + generator (CSPRNG). The current seeding methods are: + + os: Use a trusted operating system entropy source. + This is the default method if such an entropy + source exists. + getrandom: Use the L or equivalent system + call. + devrandom: Use the the first device from the DEVRANDOM list + which can be opened to read random bytes. The + DEVRANDOM preprocessor constant expands to + "/dev/urandom","/dev/random","/dev/srandom" on + most unix-ish operating systems. + egd: Check for an entropy generating daemon. + rdcpu: Use the RDSEED or RDRAND command if provided by + the CPU. + librandom: Use librandom (not implemented yet). + none: Disable automatic seeding. This is the default + on some operating systems where no suitable + entropy source exists, or no support for it is + implemented yet. + + For more information, see the section 'Note on random number + generation' at the end of this document. + no-afalgeng Don't build the AFALG engine. This option will be forced if on a platform that does not support AFALG. @@ -227,8 +258,10 @@ no-shared option. no-asm - Do not use assembler code. On some platforms a small amount - of assembler code may still be used. + Do not use assembler code. This should be viewed as + debugging/trouble-shooting option rather than production. + On some platforms a small amount of assembler code may + still be used even with this option. no-async Do not build support for async operations. @@ -249,6 +282,10 @@ error strings. For a statically linked application this may be undesirable if small executable size is an objective. + no-autoload-config + Don't automatically load the default openssl.cnf file. + Typically OpenSSL will automatically load a system config + file which configures default ssl options. no-capieng Don't build the CAPI engine. This option will be forced if @@ -304,8 +341,13 @@ enable-ec_nistp_64_gcc_128 Enable support for optimised implementations of some commonly - used NIST elliptic curves. This is only supported on some - platforms. + used NIST elliptic curves. + This is only supported on platforms: + - with little-endian storage of non-byte types + - that tolerate misaligned memory references + - where the compiler: + - supports the non-standard type __uint128_t + - defines the built-in macro __SIZEOF_INT128__ enable-egd Build support for gathering entropy from EGD (Entropy @@ -317,6 +359,13 @@ no-err Don't compile in any error strings. + enable-external-tests + Enable building of integration with external test suites. + This is a developer option and may not work on all platforms. + The only supported external test suite at the current time is + the BoringSSL test suite. See the file test/README.external + for further details. + no-filenames Don't compile in filename and line number information (e.g. for errors and memory allocation). @@ -333,9 +382,6 @@ available if the GOST algorithms are also available through loading an externally supplied engine. - enable-heartbeats - Build support for DTLS heartbeats. - no-hw-padlock Don't build the padlock engine. @@ -416,6 +462,9 @@ the OpenSSL tests also use the command line applications the tests will also be skipped. + no-tests + Don't build test programs or run any test. + no-threads Don't try to build with support for multi-threaded applications. @@ -468,18 +517,22 @@ no- Don't build support for negotiating the specified SSL/TLS - protocol (one of ssl, ssl3, tls, tls1, tls1_1, tls1_2, dtls, - dtls1 or dtls1_2). If "no-tls" is selected then all of tls1, - tls1_1 and tls1_2 are disabled. Similarly "no-dtls" will - disable dtls1 and dtls1_2. The "no-ssl" option is synonymous - with "no-ssl3". Note this only affects version negotiation. - OpenSSL will still provide the methods for applications to - explicitly select the individual protocol versions. + protocol (one of ssl, ssl3, tls, tls1, tls1_1, tls1_2, + tls1_3, dtls, dtls1 or dtls1_2). If "no-tls" is selected then + all of tls1, tls1_1, tls1_2 and tls1_3 are disabled. + Similarly "no-dtls" will disable dtls1 and dtls1_2. The + "no-ssl" option is synonymous with "no-ssl3". Note this only + affects version negotiation. OpenSSL will still provide the + methods for applications to explicitly select the individual + protocol versions. no--method As for no- but in addition do not build the methods for applications to explicitly select individual protocol - versions. + versions. Note that there is no "no-tls1_3-method" option + because there is no application method for TLSv1.3. Using + individual protocol methods directly is deprecated. + Applications should use TLS_method() instead. enable- Build with support for the specified algorithm, where @@ -487,13 +540,14 @@ no- Build without support for the specified algorithm, where - is one of: bf, blake2, camellia, cast, chacha, cmac, - des, dh, dsa, ecdh, ecdsa, idea, md4, mdc2, ocb, poly1305, - rc2, rc4, rmd160, scrypt, seed or whirlpool. The "ripemd" - algorithm is deprecated and if used is synonymous with rmd160. - - -Dxxx, lxxx, -Lxxx, -Wl, -rpath, -R, -framework, -static - These system specific options will be recocognised and + is one of: aria, bf, blake2, camellia, cast, chacha, + cmac, des, dh, dsa, ecdh, ecdsa, idea, md4, mdc2, ocb, + poly1305, rc2, rc4, rmd160, scrypt, seed, siphash, sm2, sm3, + sm4 or whirlpool. The "ripemd" algorithm is deprecated and + if used is synonymous with rmd160. + + -Dxxx, -Ixxx, -Wp, -lxxx, -Lxxx, -Wl, -rpath, -R, -framework, -static + These system specific options will be recognised and passed through to the compiler to allow you to define preprocessor symbols, specify additional libraries, library directories or other compiler options. It might be worth @@ -503,11 +557,123 @@ unsuitable for execution on other, typically older, processor. Consult your compiler documentation. + Take note of the VAR=value documentation below and how + these flags interact with those variables. + -xxx, +xxx Additional options that are not otherwise recognised are passed through as they are to the compiler as well. Again, consult your compiler documentation. + Take note of the VAR=value documentation below and how + these flags interact with those variables. + + VAR=value + Assignment of environment variable for Configure. These + work just like normal environment variable assignments, + but are supported on all platforms and are confined to + the configuration scripts only. These assignments override + the corresponding value in the inherited environment, if + there is one. + + The following variables are used as "make variables" and + can be used as an alternative to giving preprocessor, + compiler and linker options directly as configuration. + The following variables are supported: + + AR The static library archiver. + ARFLAGS Flags for the static library archiver. + AS The assembler compiler. + ASFLAGS Flags for the assembler compiler. + CC The C compiler. + CFLAGS Flags for the C compiler. + CXX The C++ compiler. + CXXFLAGS Flags for the C++ compiler. + CPP The C/C++ preprocessor. + CPPFLAGS Flags for the C/C++ preprocessor. + CPPDEFINES List of CPP macro definitions, separated + by a platform specific character (':' or + space for Unix, ';' for Windows, ',' for + VMS). This can be used instead of using + -D (or what corresponds to that on your + compiler) in CPPFLAGS. + CPPINCLUDES List of CPP inclusion directories, separated + the same way as for CPPDEFINES. This can + be used instead of -I (or what corresponds + to that on your compiler) in CPPFLAGS. + HASHBANGPERL Perl invocation to be inserted after '#!' + in public perl scripts (only relevant on + Unix). + LD The program linker (not used on Unix, $(CC) + is used there). + LDFLAGS Flags for the shared library, DSO and + program linker. + LDLIBS Extra libraries to use when linking. + Takes the form of a space separated list + of library specifications on Unix and + Windows, and as a comma separated list of + libraries on VMS. + RANLIB The library archive indexer. + RC The Windows resource compiler. + RCFLAGS Flags for the Windows resource compiler. + RM The command to remove files and directories. + + These cannot be mixed with compiling / linking flags given + on the command line. In other words, something like this + isn't permitted. + + ./config -DFOO CPPFLAGS=-DBAR -DCOOKIE + + Backward compatibility note: + + To be compatible with older configuration scripts, the + environment variables are ignored if compiling / linking + flags are given on the command line, except for these: + + AR, CC, CXX, CROSS_COMPILE, HASHBANGPERL, PERL, RANLIB, RC + and WINDRES + + For example, the following command will not see -DBAR: + + CPPFLAGS=-DBAR ./config -DCOOKIE + + However, the following will see both set variables: + + CC=gcc CROSS_COMPILE=x86_64-w64-mingw32- \ + ./config -DCOOKIE + + reconf + reconfigure + Reconfigure from earlier data. This fetches the previous + command line options and environment from data saved in + "configdata.pm", and runs the configuration process again, + using these options and environment. + Note: NO other option is permitted together with "reconf". + This means that you also MUST use "./Configure" (or + what corresponds to that on non-Unix platforms) directly + to invoke this option. + Note: The original configuration saves away values for ALL + environment variables that were used, and if they weren't + defined, they are still saved away with information that + they weren't originally defined. This information takes + precedence over environment variables that are defined + when reconfiguring. + + Displaying configuration data + ----------------------------- + + The configuration script itself will say very little, and finishes by + creating "configdata.pm". This perl module can be loaded by other scripts + to find all the configuration data, and it can also be used as a script to + display all sorts of configuration data in a human readable form. + + For more information, please do: + + $ ./configdata.pm --help # Unix + + or + + $ perl configdata.pm --help # Windows and VMS Installation in Detail ---------------------- @@ -620,22 +786,34 @@ ("openssl"). The libraries will be built in the top-level directory, and the binary will be in the "apps" subdirectory. + Troubleshooting: + If the build fails, look at the output. There may be reasons for the failure that aren't problems in OpenSSL itself (like - missing standard headers). If you are having problems you can - get help by sending an email to the openssl-users email list (see + missing standard headers). + + If the build succeeded previously, but fails after a source or + configuration change, it might be helpful to clean the build tree + before attempting another build. Use this command: + + $ make clean # Unix + $ mms clean ! (or mmk) OpenVMS + $ nmake clean # Windows + + Assembler error messages can sometimes be sidestepped by using the + "no-asm" configuration option. + + Compiling parts of OpenSSL with gcc and others with the system + compiler will result in unresolved symbols on some systems. + + If you are still having problems you can get help by sending an email + to the openssl-users email list (see https://www.openssl.org/community/mailinglists.html for details). If it is a bug with OpenSSL itself, please open an issue on GitHub, at /~https://github.com/openssl/openssl/issues. Please review the existing ones first; maybe the bug was already reported or has already been fixed. - (If you encounter assembler error messages, try the "no-asm" - configuration option as an immediate fix.) - - Compiling parts of OpenSSL with gcc and others with the system - compiler will result in unresolved symbols on some systems. - 3. After a successful build, the libraries should be tested. Run: $ make test # Unix @@ -664,7 +842,7 @@ $ nmake TESTS='test_rsa test_dsa' test # Windows And of course, you can combine (Unix example shown): - + $ make VERBOSE=1 TESTS='test_rsa test_dsa' test You can find the list of available tests like this: @@ -683,6 +861,9 @@ To report a bug please open an issue on GitHub, at /~https://github.com/openssl/openssl/issues. + For more details on how the make variables TESTS can be used, + see section TESTS in Detail below. + 4. If everything tests ok, install OpenSSL with $ make install # Unix @@ -734,7 +915,7 @@ command symbols. [.SYSTEST] Contains the installation verification procedure. [.HTML] Contains the HTML rendition of the manual pages. - + Additionally, install will add the following directories under OPENSSLDIR (the directory given with --openssldir or its default) @@ -788,7 +969,7 @@ BUILDFILE Use a different build file name than the platform default - ("Makefile" on Unixly platforms, "makefile" on native Windows, + ("Makefile" on Unix-like platforms, "makefile" on native Windows, "descrip.mms" on OpenVMS). This requires that there is a corresponding build file template. See Configurations/README for further information. @@ -820,11 +1001,14 @@ possible to create your own ".conf" and ".tmpl" files and store them locally, outside the OpenSSL source tree. This environment variable can be set to the directory where these files are held - and will have Configure to consider them in addition to the - standard ones. + and will be considered by Configure before it looks in the + standard directories. PERL The name of the Perl executable to use when building OpenSSL. + This variable is used in config script only. Configure on the + other hand imposes the interpreter by which it itself was + executed on the whole build procedure. HASHBANGPERL The command string for the Perl executable to insert in the @@ -889,12 +1073,68 @@ uninstall Uninstall all OpenSSL components. + reconfigure + reconf + Re-run the configuration process, as exactly as the last time + as possible. + update This is a developer option. If you are developing a patch for OpenSSL you may need to use this if you want to update automatically generated files; add new error codes or add new (or change the visibility of) public API functions. (Unix only). + TESTS in Detail + --------------- + + The make variable TESTS supports a versatile set of space separated tokens + with which you can specify a set of tests to be performed. With a "current + set of tests" in mind, initially being empty, here are the possible tokens: + + alltests The current set of tests becomes the whole set of available + tests (as listed when you do 'make list-tests' or similar). + xxx Adds the test 'xxx' to the current set of tests. + -xxx Removes 'xxx' from the current set of tests. If this is the + first token in the list, the current set of tests is first + assigned the whole set of available tests, effectively making + this token equivalent to TESTS="alltests -xxx". + nn Adds the test group 'nn' (which is a number) to the current + set of tests. + -nn Removes the test group 'nn' from the current set of tests. + If this is the first token in the list, the current set of + tests is first assigned the whole set of available tests, + effectively making this token equivalent to + TESTS="alltests -xxx". + + Also, all tokens except for "alltests" may have wildcards, such as *. + (on Unix and Windows, BSD style wildcards are supported, while on VMS, + it's VMS style wildcards) + + Example: All tests except for the fuzz tests: + + $ make TESTS=-test_fuzz test + + or (if you want to be explicit) + + $ make TESTS='alltests -test_fuzz' test + + Example: All tests that have a name starting with "test_ssl" but not those + starting with "test_ssl_": + + $ make TESTS='test_ssl* -test_ssl_*' test + + Example: Only test group 10: + + $ make TESTS='10' + + Example: All tests except the slow group (group 99): + + $ make TESTS='-99' + + Example: All tests in test groups 80 to 99 except for tests in group 90: + + $ make TESTS='[89]? -90' + Note on multi-threading ----------------------- @@ -931,7 +1171,7 @@ part of the file name, i.e. for OpenSSL 1.1.x, 1.1 is somehow part of the name. - On most POSIXly platforms, shared libraries are named libcrypto.so.1.1 + On most POSIX platforms, shared libraries are named libcrypto.so.1.1 and libssl.so.1.1. on Cygwin, shared libraries are named cygcrypto-1.1.dll and cygssl-1.1.dll @@ -956,10 +1196,22 @@ Availability of cryptographically secure random numbers is required for secret key generation. OpenSSL provides several options to seed the - internal PRNG. If not properly seeded, the internal PRNG will refuse + internal CSPRNG. If not properly seeded, the internal CSPRNG will refuse to deliver random bytes and a "PRNG not seeded error" will occur. - On systems without /dev/urandom (or similar) device, it may be necessary - to install additional support software to obtain a random seed. - Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(), - and the FAQ for more information. + The seeding method can be configured using the --with-rand-seed option, + which can be used to specify a comma separated list of seed methods. + However in most cases OpenSSL will choose a suitable default method, + so it is not necessary to explicitly provide this option. Note also + that not all methods are available on all platforms. + + I) On operating systems which provide a suitable randomness source (in + form of a system call or system device), OpenSSL will use the optimal + available method to seed the CSPRNG from the operating system's + randomness sources. This corresponds to the option --with-rand-seed=os. + + II) On systems without such a suitable randomness source, automatic seeding + and reseeding is disabled (--with-rand-seed=none) and it may be necessary + to install additional support software to obtain a random seed and reseed + the CSPRNG manually. Please check out the manual pages for RAND_add(), + RAND_bytes(), RAND_egd(), and the FAQ for more information. diff --git a/deps/openssl/openssl/Makefile.shared b/deps/openssl/openssl/Makefile.shared deleted file mode 100644 index 4f9550aaf18c57..00000000000000 --- a/deps/openssl/openssl/Makefile.shared +++ /dev/null @@ -1,521 +0,0 @@ -# -# Helper makefile to link shared libraries in a portable way. -# This is much simpler than libtool, and hopefully not too error-prone. -# -# The following variables need to be set on the command line to build -# properly - -# CC contains the current compiler. This one MUST be defined -CC=cc -CFLAGS=$(CFLAG) -# LDFLAGS contains flags to be used when temporary object files (when building -# shared libraries) are created, or when an application is linked. -# SHARED_LDFLAGS contains flags to be used when the shared library is created. -LDFLAGS=$(LDFLAG) -SHARED_LDFLAGS=$(SHARED_LDFLAG) - -RC=windres -# SHARED_RCFLAGS are flags used with windres, i.e. when build for Cygwin -# or Mingw. -SHARED_RCFLAGS=$(SHARED_RCFLAG) - -NM=nm - -# LIBNAME contains just the name of the library, without prefix ("lib" -# on Unix, "cyg" for certain forms under Cygwin...) or suffix (.a, .so, -# .dll, ...). This one MUST have a value when using this makefile to -# build shared libraries. -# For example, to build libfoo.so, you need to do the following: -#LIBNAME=foo -LIBNAME= - -# STLIBNAME contains the path of the static library to build the shared -# library from, for example: -#STLIBNAME=libfoo.a -STLIBNAME= - -# On most Unix platforms, SHLIBNAME contains the path of the short name of -# the shared library to build, for example -#SHLIBNAME=libfoo.so -# On Windows POSIX layers (cygwin and mingw), SHLIBNAME contains the import -# library name for the shared library to be built, for example: -#SHLIBNAME=libfoo.dll.a - -# SHLIBNAME_FULL contains the path of the full name of the shared library to -# build, for example: -#SHLIBNAME_FULL=libfoo.so.1.2 -# When building DSOs, SHLIBNAME_FULL contains path of the full DSO name, for -# example: -#SHLIBNAME_FULL=dir/dso.so -SHLIBNAME_FULL= - -# SHLIBVERSION contains the current version of the shared library (not to -# be confused with the project version) -#SHLIBVERSION=1.2 -SHLIBVERSION= - -# NOTE: to build shared libraries, LIBNAME, STLIBNAME, SHLIBNAME and -# SHLIBNAME_FULL MUST have values when using this makefile, and in some -# cases, SHLIBVERSION as well. To build DSOs, SHLIBNAME_FULL MUST have -# a value, the rest can be left alone. - - -# APPNAME contains just the name of the application, without suffix ("" -# on Unix, ".exe" on Windows, ...). This one MUST have a value when using -# this makefile to build applications. -# For example, to build foo, you need to do the following: -#APPNAME=foo -APPNAME= - -# SRCDIR is the top directory of the source tree. -SRCDIR=. - -# OBJECTS contains all the object files to link together into the application. -# This must contain at least one object file. -#OBJECTS=foo.o -OBJECTS= - -# LIBEXTRAS contains extra modules to link together with the library. -# For example, if a second library, say libbar.a needs to be linked into -# libfoo.so, you need to do the following: -#LIBEXTRAS=libbar.a -# Note that this MUST be used when using the link_dso targets, to hold the -# names of all object files that go into the target shared object. -LIBEXTRAS= - -# LIBDEPS contains all the flags necessary to cover all necessary -# dependencies to other libraries. -LIBDEPS= - -#------------------------------------------------------------------------------ -# The rest is private to this makefile. - -SET_X=: -#SET_X=set -x - -top: - echo "Trying to use this makefile interactively? Don't." - -LINK_APP= \ - ( $(SET_X); \ - LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \ - LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS) $(LDFLAGS)}"; \ - LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ - LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ - echo LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ - $${LDCMD} $${LDFLAGS} -o $${APPNAME:=$(APPNAME)} $(OBJECTS) $${LIBDEPS}; \ - LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ - $${LDCMD} $${LDFLAGS} -o $${APPNAME:=$(APPNAME)} $(OBJECTS) $${LIBDEPS} ) - -LINK_SO= \ - ( $(SET_X); \ - LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \ - SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \ - SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ - LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ - LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ - echo LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ - $${SHAREDCMD} $${SHAREDFLAGS} \ - -o $(SHLIBNAME_FULL) \ - $$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS; \ - LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ - $${SHAREDCMD} $${SHAREDFLAGS} \ - -o $(SHLIBNAME_FULL) \ - $$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS \ - ) && $(SYMLINK_SO) - -SYMLINK_SO= \ - if [ -n "$$INHIBIT_SYMLINKS" ]; then :; else \ - if [ -n "$(SHLIBNAME_FULL)" -a -n "$(SHLIBNAME)" -a \ - "$(SHLIBNAME_FULL)" != "$(SHLIBNAME)" ]; then \ - ( $(SET_X); \ - rm -f $(SHLIBNAME); \ - ln -s $(SHLIBNAME_FULL) $(SHLIBNAME) ); \ - fi; \ - fi - -LINK_SO_SHLIB= SHOBJECTS="$(STLIBNAME) $(LIBEXTRAS)"; $(LINK_SO) -LINK_SO_DSO= INHIBIT_SYMLINKS=yes; SHOBJECTS="$(LIBEXTRAS)"; $(LINK_SO) - -LINK_SO_SHLIB_VIA_O= \ - SHOBJECTS=$(STLIBNAME).o; \ - ALL=$$ALLSYMSFLAGS; ALLSYMSFLAGS=; NOALLSYMSFLAGS=; \ - ( echo ld $(LDFLAGS) -r -o $$SHOBJECTS $$ALL $(STLIBNAME) $(LIBEXTRAS); \ - ld $(LDFLAGS) -r -o $$SHOBJECTS $$ALL $(STLIBNAME) $(LIBEXTRAS) ); \ - $(LINK_SO) && ( echo rm -f $$SHOBJECTS; rm -f $$SHOBJECTS ) - -LINK_SO_SHLIB_UNPACKED= \ - UNPACKDIR=link_tmp.$$$$; rm -rf $$UNPACKDIR; mkdir $$UNPACKDIR; \ - (cd $$UNPACKDIR; ar x ../$(STLIBNAME)) && \ - ([ -z "$(LIBEXTRAS)" ] || cp $(LIBEXTRAS) $$UNPACKDIR) && \ - SHOBJECTS=$$UNPACKDIR/*.o; \ - $(LINK_SO) && rm -rf $$UNPACKDIR - -DETECT_GNU_LD=($(CC) -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null - -DO_GNU_SO_COMMON=\ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$(SHLIBNAME_FULL)" -DO_GNU_DSO=\ - $(DO_GNU_SO_COMMON) -DO_GNU_SO=\ - ALLSYMSFLAGS='-Wl,--whole-archive'; \ - NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ - $(DO_GNU_SO_COMMON) -DO_GNU_APP=LDFLAGS="$(CFLAGS) $(LDFLAGS)" - -#This is rather special. It's a special target with which one can link -#applications without bothering with any features that have anything to -#do with shared libraries, for example when linking against static -#libraries. It's mostly here to avoid a lot of conditionals everywhere -#else... -link_app.: - $(LINK_APP) - -link_dso.gnu: - @ $(DO_GNU_DSO); $(LINK_SO_DSO) -link_shlib.gnu: - @ $(DO_GNU_SO); $(LINK_SO_SHLIB) -link_app.gnu: - @ $(DO_GNU_APP); $(LINK_APP) - -link_shlib.linux-shared: - @$(PERL) $(SRCDIR)/util/mkdef.pl $(LIBNAME) linux >$(LIBNAME).map; \ - $(DO_GNU_SO); \ - ALLSYMSFLAGS='-Wl,--whole-archive,--version-script=$(LIBNAME).map'; \ - $(LINK_SO_SHLIB) - -link_dso.bsd: - @if $(DETECT_GNU_LD); then $(DO_GNU_DSO); else \ - LIBDEPS=" "; \ - ALLSYMSFLAGS=; \ - NOALLSYMSFLAGS=; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -nostdlib"; \ - fi; $(LINK_SO_DSO) -link_shlib.bsd: - @if $(DETECT_GNU_LD); then $(DO_GNU_SO); else \ - LIBDEPS=" "; \ - ALLSYMSFLAGS="-Wl,-Bforcearchive"; \ - NOALLSYMSFLAGS=; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -nostdlib"; \ - fi; $(LINK_SO_SHLIB) -link_app.bsd: - @if $(DETECT_GNU_LD); then $(DO_GNU_APP); else \ - LDFLAGS="$(CFLAGS) $(LDFLAGS)"; \ - fi; $(LINK_APP) - -# For Darwin AKA Mac OS/X (dyld) -# Originally link_dso.darwin produced .so, because it was hard-coded -# in dso_dlfcn module. At later point dso_dlfcn switched to .dylib -# extension in order to allow for run-time linking with vendor- -# supplied shared libraries such as libz, so that link_dso.darwin had -# to be harmonized with it. This caused minor controversy, because -# it was believed that dlopen can't be used to dynamically load -# .dylib-s, only so called bundle modules (ones linked with -bundle -# flag). The belief seems to be originating from pre-10.4 release, -# where dlfcn functionality was emulated by dlcompat add-on. In -# 10.4 dlopen was rewritten as native part of dyld and is documented -# to be capable of loading both dynamic libraries and bundles. In -# order to provide compatibility with pre-10.4 dlopen, modules are -# linked with -bundle flag, which makes .dylib extension misleading. -# It works, because dlopen is [and always was] extension-agnostic. -# Alternative to this heuristic approach is to develop specific -# MacOS X dso module relying on whichever "native" dyld interface. -link_dso.darwin: - @ ALLSYMSFLAGS=''; \ - NOALLSYMSFLAGS=''; \ - SHAREDFLAGS="$(CFLAGS) `echo $(SHARED_LDFLAGS) | sed s/dynamiclib/bundle/`"; \ - $(LINK_SO_DSO) -link_shlib.darwin: - @ ALLSYMSFLAGS='-all_load'; \ - NOALLSYMSFLAGS=''; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -current_version $(SHLIBVERSION) -compatibility_version $(SHLIBVERSION) -install_name $(INSTALLTOP)/$(LIBDIR)/$(SHLIBNAME_FULL)"; \ - $(LINK_SO_SHLIB) -link_app.darwin: # is there run-path on darwin? - $(LINK_APP) - -link_dso.cygwin: - @ALLSYMSFLAGS=''; \ - NOALLSYMSFLAGS=''; \ - base=-Wl,--enable-auto-image-base; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic"; \ - $(LINK_SO_DSO) -link_shlib.cygwin: - @ INHIBIT_SYMLINKS=yes; \ - echo "$(PERL) $(SRCDIR)/util/mkrc.pl $(SHLIBNAME_FULL) |" \ - "$(RC) $(SHARED_RCFLAGS) -o rc.o"; \ - $(PERL) $(SRCDIR)/util/mkrc.pl $(SHLIBNAME_FULL) | \ - $(RC) $(SHARED_RCFLAGS) -o rc.o; \ - ALLSYMSFLAGS='-Wl,--whole-archive'; \ - NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,--enable-auto-image-base -Wl,-Bsymbolic -Wl,--out-implib,$(SHLIBNAME) rc.o"; \ - $(LINK_SO_SHLIB) || exit 1; \ - rm rc.o -link_app.cygwin: - $(LINK_APP) - -# link_dso.mingw-shared and link_app.mingw-shared are mapped to the -# corresponding cygwin targets, as they do the exact same thing. -link_shlib.mingw: - @ INHIBIT_SYMLINKS=yes; \ - base=; [ $(LIBNAME) = "crypto" -a -n "$(FIPSCANLIB)" ] && base=-Wl,--image-base,0x63000000; \ - $(PERL) $(SRCDIR)/util/mkdef.pl 32 $(LIBNAME) \ - | sed -e 's|^\(LIBRARY *\)$(LIBNAME)32|\1$(SHLIBNAME_FULL)|' \ - > $(LIBNAME).def; \ - echo "$(PERL) $(SRCDIR)/util/mkrc.pl $(SHLIBNAME_FULL) |" \ - "$(RC) $(SHARED_RCFLAGS) -o rc.o"; \ - $(PERL) $(SRCDIR)/util/mkrc.pl $(SHLIBNAME_FULL) | \ - $(RC) $(SHARED_RCFLAGS) -o rc.o; \ - ALLSYMSFLAGS='-Wl,--whole-archive'; \ - NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic -Wl,--out-implib,$(SHLIBNAME) $(LIBNAME).def rc.o"; \ - $(LINK_SO_SHLIB) || exit 1; \ - rm $(LIBNAME).def rc.o - -link_dso.alpha-osf1: - @ if $(DETECT_GNU_LD); then \ - $(DO_GNU_DSO); \ - else \ - ALLSYMSFLAGS=''; \ - NOALLSYMSFLAGS=''; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic"; \ - fi; \ - $(LINK_SO_DSO) -link_shlib.alpha-osf1: - @ if $(DETECT_GNU_LD); then \ - $(DO_GNU_SO); \ - else \ - ALLSYMSFLAGS='-all'; \ - NOALLSYMSFLAGS='-none'; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic -set_version $(SHLIBVERSION)"; \ - fi; \ - $(LINK_SO_SHLIB) -link_app.alpha-osf1: - @if $(DETECT_GNU_LD); then \ - $(DO_GNU_APP); \ - else \ - LDFLAGS="$(CFLAGS) $(LDFLAGS)"; \ - fi; \ - $(LINK_APP) - -link_dso.solaris: - @ if $(DETECT_GNU_LD); then \ - $(DO_GNU_DSO); \ - else \ - ALLSYMSFLAGS=""; \ - NOALLSYMSFLAGS=""; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $(SHLIBNAME_FULL) -Wl,-Bsymbolic"; \ - fi; \ - $(LINK_SO_DSO) -link_shlib.solaris: - @ if $(DETECT_GNU_LD); then \ - $(DO_GNU_SO); \ - else \ - $(PERL) $(SRCDIR)/util/mkdef.pl $(LIBNAME) linux >$(LIBNAME).map; \ - ALLSYMSFLAGS="-Wl,-z,allextract,-M,$(LIBNAME).map"; \ - NOALLSYMSFLAGS="-Wl,-z,defaultextract"; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $(SHLIBNAME_FULL) -Wl,-Bsymbolic"; \ - fi; \ - $(LINK_SO_SHLIB) -link_app.solaris: - @ if $(DETECT_GNU_LD); then \ - $(DO_GNU_APP); \ - else \ - LDFLAGS="$(CFLAGS) $(LDFLAGS)"; \ - fi; \ - $(LINK_APP) - -# OpenServer 5 native compilers used -link_dso.svr3: - @ if $(DETECT_GNU_LD); then \ - $(DO_GNU_DSO); \ - else \ - ALLSYMSFLAGS=''; \ - NOALLSYMSFLAGS=''; \ - SHAREDFLAGS="$(CFLAGS) -G -h $(SHLIBNAME_FULL)"; \ - fi; \ - $(LINK_SO_DSO) -link_shlib.svr3: - @ if $(DETECT_GNU_LD); then \ - $(DO_GNU_SO); \ - else \ - ALLSYMSFLAGS=''; \ - NOALLSYMSFLAGS=''; \ - SHAREDFLAGS="$(CFLAGS) -G -h $(SHLIBNAME_FULL)"; \ - fi; \ - $(LINK_SO_SHLIB_UNPACKED) -link_app.svr3: - @$(DETECT_GNU_LD) && $(DO_GNU_APP); \ - $(LINK_APP) - -# UnixWare 7 and OpenUNIX 8 native compilers used -link_dso.svr5: - @ if $(DETECT_GNU_LD); then \ - $(DO_GNU_DSO); \ - else \ - SHARE_FLAG='-G'; \ - ($(CC) -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \ - ALLSYMSFLAGS=''; \ - NOALLSYMSFLAGS=''; \ - SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $(SHLIBNAME_FULL)"; \ - fi; \ - $(LINK_SO_DSO) -link_shlib.svr5: - @ if $(DETECT_GNU_LD); then \ - $(DO_GNU_SO); \ - else \ - SHARE_FLAG='-G'; \ - ($(CC) -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \ - ALLSYMSFLAGS=''; \ - NOALLSYMSFLAGS=''; \ - SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $(SHLIBNAME_FULL)"; \ - fi; \ - $(LINK_SO_SHLIB_UNPACKED) -link_app.svr5: - @$(DETECT_GNU_LD) && $(DO_GNU_APP); \ - $(LINK_APP) - -link_dso.irix: - @ if $(DETECT_GNU_LD); then \ - $(DO_GNU_DSO); \ - else \ - ALLSYMSFLAGS=""; \ - NOALLSYMSFLAGS=""; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$(SHLIBNAME_FULL),-B,symbolic"; \ - fi; \ - $(LINK_SO_DSO) -link_shlib.irix: - @ if $(DETECT_GNU_LD); then \ - $(DO_GNU_SO); \ - else \ - MINUSWL=""; \ - ($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL="-Wl,"; \ - ALLSYMSFLAGS="$${MINUSWL}-all"; \ - NOALLSYMSFLAGS="$${MINUSWL}-none"; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$(SHLIBNAME_FULL),-B,symbolic"; \ - fi; \ - $(LINK_SO_SHLIB) -link_app.irix: - @LDFLAGS="$(CFLAGS) $(LDFLAGS)"; \ - $(LINK_APP) - -# 32-bit PA-RISC HP-UX embeds the -L pathname of libs we link with, so -# we compensate for it with +cdp ../: and +cdp ./:. Yes, these rewrite -# rules imply that we can only link one level down in catalog structure, -# but that's what takes place for the moment of this writing. +cdp option -# was introduced in HP-UX 11.x and applies in 32-bit PA-RISC link -# editor context only [it's simply ignored in other cases, which are all -# ELFs by the way]. -# -link_dso.hpux: - @if $(DETECT_GNU_LD); then $(DO_GNU_DSO); else \ - ALLSYMSFLAGS=''; \ - NOALLSYMSFLAGS=''; \ - expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$(SHLIBNAME_FULL),+cdp,../:,+cdp,./:"; \ - fi; \ - rm -f $(SHLIBNAME_FULL) || :; \ - $(LINK_SO_DSO) && chmod a=rx $(SHLIBNAME_FULL) -link_shlib.hpux: - @if $(DETECT_GNU_LD); then $(DO_GNU_SO); else \ - ALLSYMSFLAGS='-Wl,-Fl'; \ - NOALLSYMSFLAGS=''; \ - expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$(SHLIBNAME_FULL),+cdp,../:,+cdp,./:"; \ - fi; \ - rm -f $(SHLIBNAME_FULL) || :; \ - $(LINK_SO_SHLIB) && chmod a=rx $(SHLIBNAME_FULL) -link_app.hpux: - @if $(DETECT_GNU_LD); then $(DO_GNU_APP); else \ - LDFLAGS="$(CFLAGS) $(LDFLAGS) -Wl,+s,+cdp,../:,+cdp,./:"; \ - fi; \ - $(LINK_APP) - -link_dso.aix: - @OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || :; \ - OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \ - ALLSYMSFLAGS=''; \ - NOALLSYMSFLAGS=''; \ - SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \ - rm -f $(SHLIBNAME_FULL) 2>&1 > /dev/null ; \ - $(LINK_SO_DSO); -link_shlib.aix: - @ OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || : ; \ - OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \ - ALLSYMSFLAGS='-bnogc'; \ - NOALLSYMSFLAGS=''; \ - SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \ - rm -f $(SHLIBNAME_FULL) 2>&1 > /dev/null ; \ - $(LINK_SO_SHLIB_VIA_O) -link_app.aix: - LDFLAGS="$(CFLAGS) -Wl,-bsvr4 $(LDFLAGS)"; \ - $(LINK_APP) - - -# Targets to build symbolic links when needed -symlink.gnu symlink.solaris symlink.svr3 symlink.svr5 symlink.irix \ -symlink.aix: - @ $(SYMLINK_SO) -symlink.darwin: - @ $(SYMLINK_SO) -symlink.hpux: - @ $(SYMLINK_SO) -# The following lines means those specific architectures do no symlinks -symlink.cygwin symlink.alpha-osf1 symlink.tru64 symlink.tru64-rpath: - -# Compatibility targets -link_dso.bsd-gcc-shared link_dso.linux-shared link_dso.gnu-shared: link_dso.gnu -link_shlib.bsd-gcc-shared: link_shlib.linux-shared -link_shlib.gnu-shared: link_shlib.gnu -link_app.bsd-gcc-shared link_app.linux-shared link_app.gnu-shared: link_app.gnu -symlink.bsd-gcc-shared symlink.bsd-shared symlink.linux-shared symlink.gnu-shared: symlink.gnu -link_dso.bsd-shared: link_dso.bsd -link_shlib.bsd-shared: link_shlib.bsd -link_app.bsd-shared: link_app.bsd -link_dso.darwin-shared: link_dso.darwin -link_shlib.darwin-shared: link_shlib.darwin -link_app.darwin-shared: link_app.darwin -symlink.darwin-shared: symlink.darwin -link_dso.cygwin-shared: link_dso.cygwin -link_shlib.cygwin-shared: link_shlib.cygwin -link_app.cygwin-shared: link_app.cygwin -symlink.cygwin-shared: symlink.cygwin -link_dso.mingw-shared: link_dso.cygwin -link_shlib.mingw-shared: link_shlib.mingw -link_app.mingw-shared: link_app.cygwin -symlink.mingw-shared: symlink.cygwin -link_dso.alpha-osf1-shared: link_dso.alpha-osf1 -link_shlib.alpha-osf1-shared: link_shlib.alpha-osf1 -link_app.alpha-osf1-shared: link_app.alpha-osf1 -symlink.alpha-osf1-shared: symlink.alpha-osf1 -link_dso.tru64-shared: link_dso.tru64 -link_shlib.tru64-shared: link_shlib.tru64 -link_app.tru64-shared: link_app.tru64 -symlink.tru64-shared: symlink.tru64 -link_dso.tru64-shared-rpath: link_dso.tru64-rpath -link_shlib.tru64-shared-rpath: link_shlib.tru64-rpath -link_app.tru64-shared-rpath: link_app.tru64-rpath -symlink.tru64-shared-rpath: symlink.tru64-rpath -link_dso.solaris-shared: link_dso.solaris -link_shlib.solaris-shared: link_shlib.solaris -link_app.solaris-shared: link_app.solaris -symlink.solaris-shared: symlink.solaris -link_dso.svr3-shared: link_dso.svr3 -link_shlib.svr3-shared: link_shlib.svr3 -link_app.svr3-shared: link_app.svr3 -symlink.svr3-shared: symlink.svr3 -link_dso.svr5-shared: link_dso.svr5 -link_shlib.svr5-shared: link_shlib.svr5 -link_app.svr5-shared: link_app.svr5 -symlink.svr5-shared: symlink.svr5 -link_dso.irix-shared: link_dso.irix -link_shlib.irix-shared: link_shlib.irix -link_app.irix-shared: link_app.irix -symlink.irix-shared: symlink.irix -link_dso.hpux-shared: link_dso.hpux -link_shlib.hpux-shared: link_shlib.hpux -link_app.hpux-shared: link_app.hpux -symlink.hpux-shared: symlink.hpux -link_dso.aix-shared: link_dso.aix -link_shlib.aix-shared: link_shlib.aix -link_app.aix-shared: link_app.aix -symlink.aix-shared: symlink.aix diff --git a/deps/openssl/openssl/NEWS b/deps/openssl/openssl/NEWS index 983fceb2bbe7e8..b95e93027f830d 100644 --- a/deps/openssl/openssl/NEWS +++ b/deps/openssl/openssl/NEWS @@ -5,17 +5,65 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.0j [20 Nov 2018] + Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018] o Timing vulnerability in DSA signature generation (CVE-2018-0734) o Timing vulnerability in ECDSA signature generation (CVE-2018-0735) - Major changes between OpenSSL 1.1.0h and OpenSSL 1.1.0i [14 Aug 2018] + Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [11 Sep 2018] + + o Support for TLSv1.3 added (see https://wiki.openssl.org/index.php/TLS1.3 + for further important information). The TLSv1.3 implementation includes: + o Fully compliant implementation of RFC8446 (TLSv1.3) on by default + o Early data (0-RTT) + o Post-handshake authentication and key update + o Middlebox Compatibility Mode + o TLSv1.3 PSKs + o Support for all five RFC8446 ciphersuites + o RSA-PSS signature algorithms (backported to TLSv1.2) + o Configurable session ticket support + o Stateless server support + o Rewrite of the packet construction code for "safer" packet handling + o Rewrite of the extension handling code + o Complete rewrite of the OpenSSL random number generator to introduce the + following capabilities + o The default RAND method now utilizes an AES-CTR DRBG according to + NIST standard SP 800-90Ar1. + o Support for multiple DRBG instances with seed chaining. + o There is a public and private DRBG instance. + o The DRBG instances are fork-safe. + o Keep all global DRBG instances on the secure heap if it is enabled. + o The public and private DRBG instance are per thread for lock free + operation + o Support for various new cryptographic algorithms including: + o SHA3 + o SHA512/224 and SHA512/256 + o EdDSA (both Ed25519 and Ed448) including X509 and TLS support + o X448 (adding to the existing X25519 support in 1.1.0) + o Multi-prime RSA + o SM2 + o SM3 + o SM4 + o SipHash + o ARIA (including TLS support) + o Significant Side-Channel attack security improvements + o Add a new ClientHello callback to provide the ability to adjust the SSL + object at an early stage. + o Add 'Maximum Fragment Length' TLS extension negotiation and support + o A new STORE module, which implements a uniform and URI based reader of + stores that can contain keys, certificates, CRLs and numerous other + objects. + o Move the display of configuration data to configdata.pm. + o Allow GNU style "make variables" to be used with Configure. + o Claim the namespaces OSSL and OPENSSL, represented as symbol prefixes + o Rewrite of devcrypto engine + + Major changes between OpenSSL 1.1.0h and OpenSSL 1.1.0i [under development] o Client DoS due to large DH parameter (CVE-2018-0732) o Cache timing vulnerability in RSA Key Generation (CVE-2018-0737) - Major changes between OpenSSL 1.1.0g and OpenSSL 1.1.0h [27 Mar 2018] + Major changes between OpenSSL 1.1.0g and OpenSSL 1.1.0h [under development] o Constructed ASN.1 types with a recursive definition could exceed the stack (CVE-2018-0739) @@ -377,7 +425,7 @@ o Compression memory leak fixed. o Compression session resumption fixed. o Ticket and SNI coexistence fixes. - o Many fixes to DTLS handling. + o Many fixes to DTLS handling. Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l [5 Nov 2009]: @@ -410,7 +458,7 @@ o Add gcc 4.2 support. o Add support for AES and SSE2 assembly language optimization for VC++ build. - o Support for RFC4507bis and server name extensions if explicitly + o Support for RFC4507bis and server name extensions if explicitly selected at compile time. o DTLS improvements. o RFC4507bis support. @@ -503,7 +551,7 @@ affected functions. o Improved platform support for PowerPC. o New FIPS 180-2 algorithms (SHA-224, -256, -384 and -512). - o New X509_VERIFY_PARAM structure to support parametrisation + o New X509_VERIFY_PARAM structure to support parameterisation of X.509 path validation. o Major overhaul of RC4 performance on Intel P4, IA-64 and AMD64. @@ -590,7 +638,7 @@ Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b [10 Apr 2003]: o Security: counter the Klima-Pokorny-Rosa extension of - Bleichbacher's attack + Bleichbacher's attack o Security: make RSA blinding default. o Configuration: Irix fixes, AIX fixes, better mingw support. o Support for new platforms: linux-ia64-ecc. @@ -650,7 +698,7 @@ o SSL/TLS: allow optional cipher choice according to server's preference. o SSL/TLS: allow server to explicitly set new session ids. o SSL/TLS: support Kerberos cipher suites (RFC2712). - Only supports MIT Kerberos for now. + Only supports MIT Kerberos for now. o SSL/TLS: allow more precise control of renegotiations and sessions. o SSL/TLS: add callback to retrieve SSL/TLS messages. o SSL/TLS: support AES cipher suites (RFC3268). @@ -663,7 +711,7 @@ Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j [10 Apr 2003]: o Security: counter the Klima-Pokorny-Rosa extension of - Bleichbacher's attack + Bleichbacher's attack o Security: make RSA blinding default. o Build: shared library support fixes. @@ -775,7 +823,7 @@ Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a [1 Apr 2000]: - o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8 + o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8 o Shared library support for HPUX and Solaris-gcc o Support of Linux/IA64 o Assembler support for Mingw32 @@ -789,7 +837,7 @@ o Automation of 'req' application o Fixes to make s_client, s_server work under Windows o Support for multiple fieldnames in SPKACs - o New SPKAC command line utilty and associated library functions + o New SPKAC command line utility and associated library functions o Options to allow passwords to be obtained from various sources o New public key PEM format and options to handle it o Many other fixes and enhancements to command line utilities @@ -871,8 +919,7 @@ o Added BIO proxy and filtering functionality o Extended Big Number (BN) library o Added RIPE MD160 message digest - o Addeed support for RC2/64bit cipher + o Added support for RC2/64bit cipher o Extended ASN.1 parser routines - o Adjustations of the source tree for CVS + o Adjustments of the source tree for CVS o Support for various new platforms - diff --git a/deps/openssl/openssl/NOTES.ANDROID b/deps/openssl/openssl/NOTES.ANDROID new file mode 100644 index 00000000000000..020e5e1612c80b --- /dev/null +++ b/deps/openssl/openssl/NOTES.ANDROID @@ -0,0 +1,76 @@ + + NOTES FOR ANDROID PLATFORMS + =========================== + + Requirement details + ------------------- + + Beside basic tools like perl and make you'll need to download the Android + NDK. It's available for Linux, Mac OS X and Windows, but only Linux + version was actually tested. There is no reason to believe that Mac OS X + wouldn't work. And as for Windows, it's unclear which "shell" would be + suitable, MSYS2 might have best chances. NDK version should play lesser + role, the goal is to support a range of most recent versions. + + Configuration + ------------- + + Android is naturally cross-compiled target and you can't use ./config. + You have to use ./Configure and name your target explicitly; there are + android-arm, android-arm64, android-mips, android-mip64, android-x86 + and android-x86_64. Do not pass --cross-compile-prefix (as you might + be tempted), as it will be "calculated" automatically based on chosen + platform. Though you still need to know the prefix to extend your PATH, + in order to invoke $(CROSS_COMPILE)gcc and company. (Configure will fail + and give you a hint if you get it wrong.) Apart from PATH adjustment + you need to set ANDROID_NDK environment to point at NDK directory + as /some/where/android-ndk-. Both variables are significant at both + configuration and compilation times. NDK customarily supports multiple + Android API levels, e.g. android-14, android-21, etc. By default latest + one available is chosen. If you need to target older platform, pass + additional -D__ANDROID_API__=N to Configure. N is numeric value of the + target platform version. For example, to compile for ICS on ARM with + NDK 10d: + + export ANDROID_NDK=/some/where/android-ndk-10d + PATH=$ANDROID_NDK/toolchains/arm-linux-androideabi-4.8/prebuilt/linux-x86_64/bin:$PATH + ./Configure android-arm -D__ANDROID_API__=14 + make + + Caveat lector! Earlier OpenSSL versions relied on additional CROSS_SYSROOT + variable set to $ANDROID_NDK/platforms/android-/arch- to + appoint headers-n-libraries' location. It's still recognized in order + to facilitate migration from older projects. However, since API level + appears in CROSS_SYSROOT value, passing -D__ANDROID_API__=N can be in + conflict, and mixing the two is therefore not supported. Migration to + CROSS_SYSROOT-less setup is recommended. + + One can engage clang by adjusting PATH to cover same NDK's clang. Just + keep in mind that if you miss it, Configure will try to use gcc... + Also, PATH would need even further adjustment to cover unprefixed, yet + target-specific, ar and ranlib. It's possible that you don't need to + bother, if binutils-multiarch is installed on your Linux system. + + Another option is to create so called "standalone toolchain" tailored + for single specific platform including Android API level, and assign its + location to ANDROID_NDK. In such case you have to pass matching target + name to Configure and shouldn't use -D__ANDROID_API__=N. PATH adjusment + becomes simpler, $ANDROID_NDK/bin:$PATH suffices. + + Running tests (on Linux) + ------------------------ + + This is not actually supported. Notes are meant rather as inspiration. + + Even though build output targets alien system, it's possible to execute + test suite on Linux system by employing qemu-user. The trick is static + linking. Pass -static to Configure, then edit generated Makefile and + remove occurrences of -ldl and -pie flags. You would also need to pick + API version that comes with usable static libraries, 42/2=21 used to + work. Once built, you should be able to + + env EXE_SHELL=qemu- make test + + If you need to pass additional flag to qemu, quotes are your friend, e.g. + + env EXE_SHELL="qemu-mips64el -cpu MIPS64R6-generic" make test diff --git a/deps/openssl/openssl/NOTES.UNIX b/deps/openssl/openssl/NOTES.UNIX index 43146e9ed08f1d..6c291cbab6fdfc 100644 --- a/deps/openssl/openssl/NOTES.UNIX +++ b/deps/openssl/openssl/NOTES.UNIX @@ -5,26 +5,113 @@ For Unix/POSIX runtime systems on Windows, please see NOTES.WIN. - Shared libraries and installation in non-standard locations - ----------------------------------------------------------- - - Binaries on Unix variants expect to find shared libraries in standard - locations, such as /usr/lib, /usr/local/lib and some other locations - configured in the system (for example /etc/ld.so.conf on some systems). - If the libraries are installed in non-standard locations, binaries - will not find them and therefore fail to run unless they get a bit of - help from a defined RPATH or RUNPATH. This can be applied by adding - the appropriate linker flags to the configuration command, such as - this (/usr/local/ssl was the default location for OpenSSL installation - in versions before 1.1.0): + OpenSSL uses the compiler to link programs and shared libraries + --------------------------------------------------------------- + + OpenSSL's generated Makefile uses the C compiler command line to + link programs, shared libraries and dynamically loadable shared + objects. Because of this, any linking option that's given to the + configuration scripts MUST be in a form that the compiler can accept. + This varies between systems, where some have compilers that accept + linker flags directly, while others take them in '-Wl,' form. You need + to read your compiler documentation to figure out what is acceptable, + and ld(1) to figure out what linker options are available. + + + Shared libraries and installation in non-default locations + ---------------------------------------------------------- + + Every Unix system has its own set of default locations for shared + libraries, such as /lib, /usr/lib or possibly /usr/local/lib. If + libraries are installed in non-default locations, dynamically linked + binaries will not find them and therefore fail to run, unless they get + a bit of help from a defined runtime shared library search path. + + For OpenSSL's application (the 'openssl' command), our configuration + scripts do NOT generally set the runtime shared library search path for + you. It's therefore advisable to set it explicitly when configuring, + unless the libraries are to be installed in directories that you know + to be in the default list. + + Runtime shared library search paths are specified with different + linking options depending on operating system and versions thereof, and + are talked about differently in their respective documentation; + variations of RPATH are the most usual (note: ELF systems have two such + tags, more on that below). + + Possible options to set the runtime shared library search path include + the following: + + -Wl,-rpath,/whatever/path # Linux, *BSD, etc. + -R /whatever/path # Solaris + -Wl,-R,/whatever/path # AIX (-bsvr4 is passed internally) + -Wl,+b,/whatever/path # HP-UX + -rpath /whatever/path # Tru64, IRIX + + OpenSSL's configuration scripts recognise all these options and pass + them to the Makefile that they build. (In fact, all arguments starting + with '-Wl,' are recognised as linker options.) + + Please do not use verbatim directories in your runtime shared library + search path! Some OpenSSL config targets add an extra directory level + for multilib installations. To help with that, the produced Makefile + includes the variable LIBRPATH, which is a convenience variable to be + used with the runtime shared library search path options, as shown in + this example: $ ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl \ - -Wl,-rpath,/usr/local/ssl/lib + '-Wl,-rpath,$(LIBRPATH)' + + On modern ELF based systems, there are two runtime search paths tags to + consider, DT_RPATH and DT_RUNPATH. Shared objects are searched for in + this order: + + 1. Using directories specified in DT_RPATH, unless DT_RUNPATH is + also set. + 2. Using the environment variable LD_LIBRARY_PATH + 3. Using directories specified in DT_RUNPATH. + 4. Using system shared object caches and default directories. + + This means that the values in the environment variable LD_LIBRARY_PATH + won't matter if the library is found in the paths given by DT_RPATH + (and DT_RUNPATH isn't set). + + Exactly which of DT_RPATH or DT_RUNPATH is set by default appears to + depend on the system. For example, according to documentation, + DT_RPATH appears to be deprecated on Solaris in favor of DT_RUNPATH, + while on Debian GNU/Linux, either can be set, and DT_RPATH is the + default at the time of writing. - Because the actual library location may vary further (for example on - multilib installations), there is a convenience variable in Makefile - that holds the exact installation directory and that can be used like - this: + How to choose which runtime search path tag is to be set depends on + your system, please refer to ld(1) for the exact information on your + system. As an example, the way to ensure the DT_RUNPATH is set on + Debian GNU/Linux systems rather than DT_RPATH is to tell the linker to + set new dtags, like this: $ ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl \ - -Wl,-rpath,'$(LIBRPATH)' + '-Wl,--enable-new-dtags,-rpath,$(LIBRPATH)' + + It might be worth noting that some/most ELF systems implement support + for runtime search path relative to the directory containing current + executable, by interpreting $ORIGIN along with some other internal + variables. Consult your system documentation. + + Linking your application + ------------------------ + + Third-party applications dynamically linked with OpenSSL (or any other) + shared library face exactly the same problem with non-default locations. + The OpenSSL config options mentioned above might or might not have bearing + on linking of the target application. "Might" means that under some + circumstances it would be sufficient to link with OpenSSL shared library + "naturally", i.e. with -L/whatever/path -lssl -lcrypto. But there are + also cases when you'd have to explicitly specify runtime search path + when linking your application. Consult your system documentation and use + above section as inspiration... + + Shared OpenSSL builds also install static libraries. Linking with the + latter is likely to require special care, because linkers usually look + for shared libraries first and tend to remain "blind" to static OpenSSL + libraries. Referring to system documentation would suffice, if not for + a corner case. On AIX static libraries (in shared build) are named + differently, add _a suffix to link with them, e.g. -lcrypto_a. diff --git a/deps/openssl/openssl/NOTES.VMS b/deps/openssl/openssl/NOTES.VMS index 3e9a57e8052b60..98def0689a77a2 100644 --- a/deps/openssl/openssl/NOTES.VMS +++ b/deps/openssl/openssl/NOTES.VMS @@ -56,6 +56,32 @@ to use. + About debugging + --------------- + + If you build for debugging, the default on VMS is that image + activation starts the debugger automatically, giving you a debug + prompt. Unfortunately, this disrupts all other uses, such as running + test programs in the test framework. + + Generally speaking, if you build for debugging, only use the programs + directly for debugging. Do not try to use them from a script, such + as running the test suite. + + *The following is not available on Alpha* + + As a compromise, we're turning off the flag that makes the debugger + start automatically. If there is a program that you need to debug, + you need to turn that flag back on first, for example: + + $ set image /flag=call_debug [.test]evp_test.exe + + Then just run it and you will find yourself in a debugging session. + When done, we recommend that you turn that flag back off: + + $ set image /flag=nocall_debug [.test]evp_test.exe + + Checking the distribution ------------------------- diff --git a/deps/openssl/openssl/NOTES.WIN b/deps/openssl/openssl/NOTES.WIN index c31aed922e5b2c..4d39d06f32ad10 100644 --- a/deps/openssl/openssl/NOTES.WIN +++ b/deps/openssl/openssl/NOTES.WIN @@ -2,32 +2,60 @@ NOTES FOR THE WINDOWS PLATFORMS =============================== - Requirement details for native (Visual C++) builds - -------------------------------------------------- + Windows targets can be classified as "native", ones that use Windows API + directly, and "hosted" which rely on POSIX-compatible layer. "Native" + targets are VC-* (where "VC" stems from abbreviating Microsoft Visual C + compiler) and mingw[64]. "Hosted" platforms are Cygwin and MSYS[2]. Even + though the latter is not directly supported by OpenSSL Team, it's #1 + popular choice for building MinGW targets. In the nutshell MinGW builds + are always cross-compiled. On Linux and Cygwin they look exactly as such + and require --cross-compile-prefix option. While on MSYS[2] it's solved + rather by placing gcc that produces "MinGW binary" code 1st on $PATH. + This is customarily source of confusion. "Hosted" applications "live" in + emulated file system name space with POSIX-y root, mount points, /dev + and even /proc. Confusion is intensified by the fact that MSYS2 shell + (or rather emulated execve(2) call) examines the binary it's about to + start, and if it's found *not* to be linked with MSYS2 POSIX-y thing, + command line arguments that look like file names get translated from + emulated name space to "native". For example '/c/some/where' becomes + 'c:\some\where', '/dev/null' - 'nul'. This creates an illusion that + there is no difference between MSYS2 shell and "MinGW binary", but + there is. Just keep in mind that "MinGW binary" "experiences" Windows + system in exactly same way as one produced by VC, and in its essence + is indistinguishable from the latter. (Which by the way is why + it's referred to in quotes here, as "MinGW binary", it's just as + "native" as it can get.) + + Visual C++ builds, a.k.a. VC-* + ============================== + + Requirement details + ------------------- In addition to the requirements and instructions listed in INSTALL, - this are required as well: + these are required as well: - - You need Perl. We recommend ActiveState Perl, available from + - Perl. We recommend ActiveState Perl, available from https://www.activestate.com/ActivePerl. Another viable alternative appears to be Strawberry Perl, http://strawberryperl.com. You also need the perl module Text::Template, available on CPAN. Please read NOTES.PERL for more information. - - You need a C compiler. OpenSSL has been tested to build with these: + - Microsoft Visual C compiler. Since we can't test them all, there is + unavoidable uncertainty about which versions are supported. Latest + version along with couple of previous are certainly supported. On + the other hand oldest one is known not to work. Everything between + falls into best-effort category. - * Visual C++ + - Netwide Assembler, a.k.a. NASM, available from https://www.nasm.us, + is required. Note that NASM is the only supported assembler. Even + though Microsoft provided assembler is NOT supported, contemporary + 64-bit version is exercised through continuous integration of + VC-WIN64A-masm target. - - Netwide Assembler, a.k.a. NASM, available from http://www.nasm.us, - is required if you intend to utilize assembler modules. Note that NASM - is the only supported assembler. The Microsoft provided assembler is NOT - supported. - - - Visual C++ (native Windows) - --------------------------- Installation directories + ------------------------ The default installation directories are derived from environment variables. @@ -55,62 +83,36 @@ is, of course, to choose a different set of directories by using --prefix and --openssldir when configuring. - GNU C (Cygwin) - -------------- - - Cygwin implements a Posix/Unix runtime system (cygwin1.dll) on top of the - Windows subsystem and provides a bash shell and GNU tools environment. - Consequently, a make of OpenSSL with Cygwin is virtually identical to the - Unix procedure. - - To build OpenSSL using Cygwin, you need to: - - * Install Cygwin (see https://cygwin.com/) - - * Install Cygwin Perl and ensure it is in the path. Recall that - as least 5.10.0 is required. - - * Run the Cygwin bash shell - - Apart from that, follow the Unix instructions in INSTALL. - - NOTE: "make test" and normal file operations may fail in directories - mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin - stripping of carriage returns. To avoid this ensure that a binary - mount is used, e.g. mount -b c:\somewhere /home. - - It is also possible to create "conventional" Windows binaries that use - the Microsoft C runtime system (msvcrt.dll or crtdll.dll) using MinGW - development add-on for Cygwin. MinGW is supported even as a standalone - setup as described in the following section. In the context you should - recognize that binaries targeting Cygwin itself are not interchangeable - with "conventional" Windows binaries you generate with/for MinGW. + mingw and mingw64 + ================= + * MSYS2 shell and development environment installation: - GNU C (MinGW/MSYS) - ------------------ + Download MSYS2 from https://msys2.github.io/ and follow installation + instructions. Once up and running install even make, perl, (git if + needed,) mingw-w64-i686-gcc and/or mingw-w64-x86_64-gcc. You should + have corresponding MinGW items on your start menu, use *them*, not + generic MSYS2. As implied in opening note, difference between them + is which compiler is found 1st on $PATH. At this point ./config + should recognize correct target, roll as if it was Unix... - * Compiler and shell environment installation: + * It is also possible to build mingw[64] on Linux or Cygwin by + configuring with corresponding --cross-compile-prefix= option. For + example - MinGW and MSYS are available from http://www.mingw.org/, both are - required. Run the installers and do whatever magic they say it takes - to start MSYS bash shell with GNU tools and matching Perl on its PATH. - "Matching Perl" refers to chosen "shell environment", i.e. if built - under MSYS, then Perl compiled for MSYS must be used. + ./Configure mingw --cross-compile-prefix=i686-w64-mingw32- ... - Alternatively, one can use MSYS2 from https://msys2.github.io/, - which includes MingW (32-bit and 64-bit). + or - * It is also possible to cross-compile it on Linux by configuring - with './Configure --cross-compile-prefix=i386-mingw32- mingw ...'. - Other possible cross compile prefixes include x86_64-w64-mingw32- - and i686-w64-mingw32-. + ./Configure mingw64 --cross-compile-prefix=x86_64-w64-mingw32- ... + This naturally implies that you've installed corresponding add-on + packages. Linking your application - ------------------------ + ======================== - This section applies to non-Cygwin builds. + This section applies to all "native" builds. If you link with static OpenSSL libraries then you're expected to additionally link your application with WS2_32.LIB, GDI32.LIB, @@ -137,3 +139,27 @@ your application code small "shim" snippet, which provides glue between OpenSSL BIO layer and your compiler run-time. See the OPENSSL_Applink manual page for further details. + + Cygwin, "hosted" environment + ============================ + + Cygwin implements a Posix/Unix runtime system (cygwin1.dll) on top of the + Windows subsystem and provides a bash shell and GNU tools environment. + Consequently, a make of OpenSSL with Cygwin is virtually identical to the + Unix procedure. + + To build OpenSSL using Cygwin, you need to: + + * Install Cygwin (see https://cygwin.com/) + + * Install Cygwin Perl and ensure it is in the path. Recall that + as least 5.10.0 is required. + + * Run the Cygwin bash shell + + Apart from that, follow the Unix instructions in INSTALL. + + NOTE: "make test" and normal file operations may fail in directories + mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin + stripping of carriage returns. To avoid this ensure that a binary + mount is used, e.g. mount -b c:\somewhere /home. diff --git a/deps/openssl/openssl/README b/deps/openssl/openssl/README index 46947019097071..affb172e8ba824 100644 --- a/deps/openssl/openssl/README +++ b/deps/openssl/openssl/README @@ -1,5 +1,5 @@ - OpenSSL 1.1.0j 20 Nov 2018 + OpenSSL 1.1.1a 20 Nov 2018 Copyright (c) 1998-2018 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson @@ -62,14 +62,13 @@ - Download the latest version from the repository to see if the problem has already been addressed - Configure with no-asm - - Remove compiler optimisation flags + - Remove compiler optimization flags If you wish to report a bug then please include the following information and create an issue on GitHub: - OpenSSL version: output of 'openssl version -a' - - Any "Configure" options that you selected during compilation of the - library if applicable (see INSTALL) + - Configuration data: output of 'perl configdata.pm --dump' - OS Name, Version, Hardware platform - Compiler Details (name, version) - Application Details (name, version) diff --git a/deps/openssl/openssl/README.ECC b/deps/openssl/openssl/README.ECC deleted file mode 100644 index fa3cad7aa7f08c..00000000000000 --- a/deps/openssl/openssl/README.ECC +++ /dev/null @@ -1,61 +0,0 @@ -NOTE: The OpenSSL Software Foundation has executed a sublicense agreement -entitled "Elliptic Curve Cryptography Patent License Agreement" with the -National Security Agency/ Central Security Service Commercial Solutions -Center (NCSC) dated 2010-11-04. That agreement permits implementation and -distribution of software containing features covered by any or all of the -following patents: - -1.) U.S. Pat. No. 5,761,305 entitled "Key Agreement and Transport Protocol - with Implicit Signatures" issued on June 2, 1998; -2.) Can. Pat. Appl. Ser. No. 2176972 entitled "Key Agreement and Transport - Protocol with Implicit Signature and Reduced Bandwidth" filed on May - 16, 1996; -3.) U.S. Pat. No. 5,889,865 entitled "Key Agreement and Transport Protocol - with Implicit Signatures" issued on March 30, 1999; -4.) U.S. Pat. No. 5,896,455 entitled "Key Agreement and Transport Protocol - with Implicit Signatures" issued on April 20, 1999; -5.) U.S. Pat. No. 5,933,504 entitled "Strengthened Public Key Protocol" - issued on August 3, 1999; -6.) Can. Pat. Appl. Ser. No. 2176866 entitled "Strengthened Public Key - Protocol" filed on May 17, 1996; -7.) E.P. Pat. Appl. Ser. No. 96201322.3 entitled "Strengthened Public Key - Protocol" filed on May 17, 1996; -8.) U.S. Pat. No. 5,999,626 entitled "Digital Signatures on a Smartcard" - issued on December 7, 1999; -9.) Can. Pat. Appl. Ser. No. 2202566 entitled "Digital Signatures on a - Smartcard" filed on April 14, 1997; -10.) E.P. Pat. Appl. No. 97106114.8 entitled "Digital Signatures on a - Smartcard" filed on April 15, 1997; -11.) U.S Pat. No. 6,122,736 entitled "Key Agreement and Transport Protocol - with Implicit Signatures" issued on September 19, 2000; -12.) Can. Pat. Appl. Ser. No. 2174261 entitled "Key Agreement and Transport - Protocol with Implicit Signatures" filed on April 16, 1996; -13.) E.P. Pat. Appl. Ser. No. 96105920.1 entitled "Key Agreement and - Transport Protocol with Implicit Signatures" filed on April 16, 1996; -14.) U.S. Pat. No. 6,141,420 entitled "Elliptic Curve Encryption Systems" - issued on October 31, 2000; -15.) Can. Pat. Appl. Ser. No. 2155038 entitled "Elliptic Curve Encryption - Systems" filed on July 31, 1995; -16.) E.P. Pat. Appl. Ser. No. 95926348.4 entitled "Elliptic Curve Encryption - Systems" filed on July 31, 1995; -17.) U.S. Pat. No. 6,336,188 entitled "Authenticated Key Agreement" issued - on January 1, 2002; -18.) U.S. Pat. No. 6,487,661 entitled "Key Agreement and Transport Protocol" - issued on November 26, 2002; -19.) Can. Pat. Appl. Ser. No. 2174260 entitled "Key Agreement and Transport - Protocol" filed on April 16, 1996; -20.) E.P. Pat. Appl. Ser. No. 96105921.9 entitled "Key Agreement and - Transport Protocol" filed on April 21, 1996; -21.) U.S. Pat. No. 6,563,928 entitled "Strengthened Public Key Protocol" - issued on May 13, 2003; -22.) U.S. Pat. No. 6,618,483 entitled "Elliptic Curve Encryption Systems" - issued September 9, 2003; -23.) U.S. Pat. Appl. Ser. No. 09/434,247 entitled "Digital Signatures on a - Smartcard" filed on November 5, 1999; -24.) U.S. Pat. Appl. Ser. No. 09/558,256 entitled "Key Agreement and - Transport Protocol with Implicit Signatures" filed on April 25, 2000; -25.) U.S. Pat. Appl. Ser. No. 09/942,492 entitled "Digital Signatures on a - Smartcard" filed on August 29, 2001 and published on July 18, 2002; and, -26.) U.S. Pat. Appl. Ser. No. 10/185,735 entitled "Strengthened Public Key - Protocol" filed on July 1, 2000. - diff --git a/deps/openssl/openssl/README.ENGINE b/deps/openssl/openssl/README.ENGINE index 530a4eddb9d29a..230dc82a87ba72 100644 --- a/deps/openssl/openssl/README.ENGINE +++ b/deps/openssl/openssl/README.ENGINE @@ -13,7 +13,6 @@ There are currently built-in ENGINE implementations for the following crypto devices: - o Cryptodev o Microsoft CryptoAPI o VIA Padlock o nCipher CHIL diff --git a/deps/openssl/openssl/VMS/engine.opt b/deps/openssl/openssl/VMS/engine.opt index 1c73c8005ab9f0..9725023a3122df 100644 --- a/deps/openssl/openssl/VMS/engine.opt +++ b/deps/openssl/openssl/VMS/engine.opt @@ -1,2 +1,3 @@ CASE_SENSITIVE=YES -SYMBOL_VECTOR=(bind_engine=PROCEDURE,v_check=PROCEDURE) +SYMBOL_VECTOR=(BIND_ENGINE=PROCEDURE,V_CHECK=PROCEDURE,- + bind_engine/BIND_ENGINE=PROCEDURE,v_check/V_CHECK=PROCEDURE) diff --git a/deps/openssl/openssl/VMS/openssl_shutdown.com.in b/deps/openssl/openssl/VMS/openssl_shutdown.com.in index f0df1c1c356f41..fd4e3d5086d2c6 100644 --- a/deps/openssl/openssl/VMS/openssl_shutdown.com.in +++ b/deps/openssl/openssl/VMS/openssl_shutdown.com.in @@ -26,7 +26,7 @@ $ ENDIF $ $ ! Abbrevs $ DEAS := DEASSIGN /NOLOG 'P1' -$ sv := {- sprintf "%02d%02d", $config{shlib_major}, $config{shlib_minor} -} +$ sv := {- sprintf "%02d%02d", split m|\.|, $config{shlib_version_number} -} $ pz := {- $config{pointer_size} -} $ $ DEAS OSSL$DATAROOT diff --git a/deps/openssl/openssl/VMS/openssl_startup.com.in b/deps/openssl/openssl/VMS/openssl_startup.com.in index 9c8c09ac9c8a31..9e6e1c0b35bea0 100644 --- a/deps/openssl/openssl/VMS/openssl_startup.com.in +++ b/deps/openssl/openssl/VMS/openssl_startup.com.in @@ -88,7 +88,7 @@ $ $ ! Abbrevs $ DEFT := DEFINE /TRANSLATION=CONCEALED /NOLOG 'P1' $ DEF := DEFINE /NOLOG 'P1' -$ sv := {- sprintf "%02d%02d", $config{shlib_major}, $config{shlib_minor} -} +$ sv := {- sprintf "%02d%02d", split m|\.|, $config{shlib_version_number} -} $ pz := {- $config{pointer_size} -} $ $ DEFT OSSL$DATAROOT 'OPENSSLDIR_'] diff --git a/deps/openssl/openssl/apps/CA.pl.in b/deps/openssl/openssl/apps/CA.pl.in index 7277eeca96b8db..db3cc383189e6a 100644 --- a/deps/openssl/openssl/apps/CA.pl.in +++ b/deps/openssl/openssl/apps/CA.pl.in @@ -1,5 +1,5 @@ -#!{- $config{hashbangperl} -} -# Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +#!{- $config{HASHBANGPERL} -} +# Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -46,8 +46,25 @@ my $NEWCERT = "newcert.pem"; my $NEWP12 = "newcert.p12"; my $RET = 0; my $WHAT = shift @ARGV || ""; +my @OPENSSL_CMDS = ("req", "ca", "pkcs12", "x509", "verify"); +my %EXTRA = extra_args(\@ARGV, "-extra-"); my $FILE; +sub extra_args { + my ($args_ref, $arg_prefix) = @_; + my %eargs = map { + if ($_ < $#$args_ref) { + my ($arg, $value) = splice(@$args_ref, $_, 2); + $arg =~ s/$arg_prefix//; + ($arg, $value); + } else { + (); + } + } reverse grep($$args_ref[$_] =~ /$arg_prefix/, 0..$#$args_ref); + my %empty = map { ($_, "") } @OPENSSL_CMDS; + return (%empty, %eargs); +} + # See if reason for a CRL entry is valid; exit if not. sub crl_reason_ok { @@ -96,22 +113,23 @@ sub run if ( $WHAT =~ /^(-\?|-h|-help)$/ ) { - print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n"; - print STDERR " CA -pkcs12 [certname]\n"; - print STDERR " CA -crl|-revoke cert-filename [reason]\n"; + print STDERR "usage: CA.pl -newcert | -newreq | -newreq-nodes | -xsign | -sign | -signCA | -signcert | -crl | -newca [-extra-cmd extra-params]\n"; + print STDERR " CA.pl -pkcs12 [-extra-pkcs12 extra-params] [certname]\n"; + print STDERR " CA.pl -verify [-extra-verify extra-params] certfile ...\n"; + print STDERR " CA.pl -revoke [-extra-ca extra-params] certfile [reason]\n"; exit 0; } if ($WHAT eq '-newcert' ) { # create a certificate - $RET = run("$REQ -new -x509 -keyout $NEWKEY -out $NEWCERT $DAYS"); + $RET = run("$REQ -new -x509 -keyout $NEWKEY -out $NEWCERT $DAYS $EXTRA{req}"); print "Cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0; -} elsif ($WHAT eq '-newreq' ) { - # create a certificate request - $RET = run("$REQ -new -keyout $NEWKEY -out $NEWREQ $DAYS"); - print "Request is in $NEWREQ, private key is in $NEWKEY\n" if $RET == 0; -} elsif ($WHAT eq '-newreq-nodes' ) { +} elsif ($WHAT eq '-precert' ) { + # create a pre-certificate + $RET = run("$REQ -x509 -precert -keyout $NEWKEY -out $NEWCERT $DAYS"); + print "Pre-cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0; +} elsif ($WHAT =~ /^\-newreq(\-nodes)?$/ ) { # create a certificate request - $RET = run("$REQ -new -nodes -keyout $NEWKEY -out $NEWREQ $DAYS"); + $RET = run("$REQ -new $1 -keyout $NEWKEY -out $NEWREQ $DAYS $EXTRA{req}"); print "Request is in $NEWREQ, private key is in $NEWKEY\n" if $RET == 0; } elsif ($WHAT eq '-newca' ) { # create the directory hierarchy @@ -136,11 +154,11 @@ if ($WHAT eq '-newcert' ) { print "Making CA certificate ...\n"; $RET = run("$REQ -new -keyout" . " ${CATOP}/private/$CAKEY" - . " -out ${CATOP}/$CAREQ"); + . " -out ${CATOP}/$CAREQ $EXTRA{req}"); $RET = run("$CA -create_serial" . " -out ${CATOP}/$CACERT $CADAYS -batch" . " -keyfile ${CATOP}/private/$CAKEY -selfsign" - . " -extensions v3_ca" + . " -extensions v3_ca $EXTRA{ca}" . " -infiles ${CATOP}/$CAREQ") if $RET == 0; print "CA certificate is in ${CATOP}/$CACERT\n" if $RET == 0; } @@ -150,32 +168,32 @@ if ($WHAT eq '-newcert' ) { $RET = run("$PKCS12 -in $NEWCERT -inkey $NEWKEY" . " -certfile ${CATOP}/$CACERT" . " -out $NEWP12" - . " -export -name \"$cname\""); + . " -export -name \"$cname\" $EXTRA{pkcs12}"); print "PKCS #12 file is in $NEWP12\n" if $RET == 0; } elsif ($WHAT eq '-xsign' ) { - $RET = run("$CA -policy policy_anything -infiles $NEWREQ"); + $RET = run("$CA -policy policy_anything $EXTRA{ca} -infiles $NEWREQ"); } elsif ($WHAT eq '-sign' ) { - $RET = run("$CA -policy policy_anything -out $NEWCERT -infiles $NEWREQ"); + $RET = run("$CA -policy policy_anything -out $NEWCERT $EXTRA{ca} -infiles $NEWREQ"); print "Signed certificate is in $NEWCERT\n" if $RET == 0; } elsif ($WHAT eq '-signCA' ) { $RET = run("$CA -policy policy_anything -out $NEWCERT" - . " -extensions v3_ca -infiles $NEWREQ"); + . " -extensions v3_ca $EXTRA{ca} -infiles $NEWREQ"); print "Signed CA certificate is in $NEWCERT\n" if $RET == 0; } elsif ($WHAT eq '-signcert' ) { $RET = run("$X509 -x509toreq -in $NEWREQ -signkey $NEWREQ" - . " -out tmp.pem"); + . " -out tmp.pem $EXTRA{x509}"); $RET = run("$CA -policy policy_anything -out $NEWCERT" - . " -infiles tmp.pem") if $RET == 0; + . "$EXTRA{ca} -infiles tmp.pem") if $RET == 0; print "Signed certificate is in $NEWCERT\n" if $RET == 0; } elsif ($WHAT eq '-verify' ) { my @files = @ARGV ? @ARGV : ( $NEWCERT ); my $file; foreach $file (@files) { - my $status = run("$VERIFY \"-CAfile\" ${CATOP}/$CACERT $file"); + my $status = run("$VERIFY \"-CAfile\" ${CATOP}/$CACERT $file $EXTRA{verify}"); $RET = $status if $status != 0; } } elsif ($WHAT eq '-crl' ) { - $RET = run("$CA -gencrl -out ${CATOP}/crl/$CACRL"); + $RET = run("$CA -gencrl -out ${CATOP}/crl/$CACRL $EXTRA{ca}"); print "Generated CRL is in ${CATOP}/crl/$CACRL\n" if $RET == 0; } elsif ($WHAT eq '-revoke' ) { my $cname = $ARGV[0]; @@ -186,7 +204,7 @@ if ($WHAT eq '-newcert' ) { my $reason = $ARGV[1]; $reason = " -crl_reason $reason" if defined $reason && crl_reason_ok($reason); - $RET = run("$CA -revoke \"$cname\"" . $reason); + $RET = run("$CA -revoke \"$cname\"" . $reason . $EXTRA{ca}); } else { print STDERR "Unknown arg \"$WHAT\"\n"; print STDERR "Use -help for help.\n"; diff --git a/deps/openssl/openssl/apps/app_rand.c b/deps/openssl/openssl/apps/app_rand.c index ff0771cb7a2db7..2b0bbde0342304 100644 --- a/deps/openssl/openssl/apps/app_rand.c +++ b/deps/openssl/openssl/apps/app_rand.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,107 +9,85 @@ #include "apps.h" #include +#include #include +#include -static int seeded = 0; -static int egdsocket = 0; +static char *save_rand_file; -int app_RAND_load_file(const char *file, int dont_warn) +void app_RAND_load_conf(CONF *c, const char *section) { - int consider_randfile = (file == NULL); - char buffer[200]; + const char *randfile = NCONF_get_string(c, section, "RANDFILE"); - if (file == NULL) - file = RAND_file_name(buffer, sizeof(buffer)); -#ifndef OPENSSL_NO_EGD - else if (RAND_egd(file) > 0) { - /* - * we try if the given filename is an EGD socket. if it is, we don't - * write anything back to the file. - */ - egdsocket = 1; - return 1; + if (randfile == NULL) { + ERR_clear_error(); + return; } -#endif - if (file == NULL || !RAND_load_file(file, -1)) { - if (RAND_status() == 0) { - if (!dont_warn) { - BIO_printf(bio_err, "unable to load 'random state'\n"); - BIO_printf(bio_err, - "This means that the random number generator has not been seeded\n"); - BIO_printf(bio_err, "with much random data.\n"); - if (consider_randfile) { /* explanation does not apply when a - * file is explicitly named */ - BIO_printf(bio_err, - "Consider setting the RANDFILE environment variable to point at a file that\n"); - BIO_printf(bio_err, - "'random' data can be kept in (the file will be overwritten).\n"); - } - } - return 0; - } + if (RAND_load_file(randfile, -1) < 0) { + BIO_printf(bio_err, "Can't load %s into RNG\n", randfile); + ERR_print_errors(bio_err); } - seeded = 1; - return 1; + if (save_rand_file == NULL) + save_rand_file = OPENSSL_strdup(randfile); } -long app_RAND_load_files(char *name) +static int loadfiles(char *name) { - char *p, *n; - int last; - long tot = 0; -#ifndef OPENSSL_NO_EGD - int egd; -#endif + char *p; + int last, ret = 1; - for (;;) { + for ( ; ; ) { last = 0; - for (p = name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++) ; + for (p = name; *p != '\0' && *p != LIST_SEPARATOR_CHAR; p++) + continue; if (*p == '\0') last = 1; *p = '\0'; - n = name; - name = p + 1; - if (*n == '\0') - break; - -#ifndef OPENSSL_NO_EGD - egd = RAND_egd(n); - if (egd > 0) - tot += egd; - else -#endif - tot += RAND_load_file(n, -1); + if (RAND_load_file(name, -1) < 0) { + BIO_printf(bio_err, "Can't load %s into RNG\n", name); + ERR_print_errors(bio_err); + ret = 0; + } if (last) break; + name = p + 1; + if (*name == '\0') + break; } - if (tot > 512) - app_RAND_allow_write_file(); - return (tot); + return ret; } -int app_RAND_write_file(const char *file) +void app_RAND_write(void) { - char buffer[200]; - - if (egdsocket || !seeded) - /* - * If we did not manage to read the seed file, we should not write a - * low-entropy seed file back -- it would suppress a crucial warning - * the next time we want to use it. - */ - return 0; - - if (file == NULL) - file = RAND_file_name(buffer, sizeof(buffer)); - if (file == NULL || !RAND_write_file(file)) { - BIO_printf(bio_err, "unable to write 'random state'\n"); - return 0; + if (save_rand_file == NULL) + return; + if (RAND_write_file(save_rand_file) == -1) { + BIO_printf(bio_err, "Cannot write random bytes:\n"); + ERR_print_errors(bio_err); } - return 1; + OPENSSL_free(save_rand_file); + save_rand_file = NULL; } -void app_RAND_allow_write_file(void) + +/* + * See comments in opt_verify for explanation of this. + */ +enum r_range { OPT_R_ENUM }; + +int opt_rand(int opt) { - seeded = 1; + switch ((enum r_range)opt) { + case OPT_R__FIRST: + case OPT_R__LAST: + break; + case OPT_R_RAND: + return loadfiles(opt_arg()); + break; + case OPT_R_WRITERAND: + OPENSSL_free(save_rand_file); + save_rand_file = OPENSSL_strdup(opt_arg()); + break; + } + return 1; } diff --git a/deps/openssl/openssl/apps/apps.c b/deps/openssl/openssl/apps/apps.c index 94efa5ac05dd28..653e3973e04da7 100644 --- a/deps/openssl/openssl/apps/apps.c +++ b/deps/openssl/openssl/apps/apps.c @@ -54,9 +54,8 @@ typedef struct { unsigned long mask; } NAME_EX_TBL; -#if !defined(OPENSSL_NO_UI) || !defined(OPENSSL_NO_ENGINE) static UI_METHOD *ui_method = NULL; -#endif +static const UI_METHOD *ui_fallback_method = NULL; static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL * in_tbl); @@ -110,13 +109,13 @@ int chopup_args(ARGS *arg, char *buf) } } arg->argv[arg->argc] = NULL; - return (1); + return 1; } #ifndef APP_INIT int app_init(long mesgwin) { - return (1); + return 1; } #endif @@ -138,41 +137,55 @@ int ctx_set_verify_locations(SSL_CTX *ctx, const char *CAfile, int ctx_set_ctlog_list_file(SSL_CTX *ctx, const char *path) { - if (path == NULL) { + if (path == NULL) return SSL_CTX_set_default_ctlog_list_file(ctx); - } return SSL_CTX_set_ctlog_list_file(ctx, path); } #endif -int dump_cert_text(BIO *out, X509 *x) +static unsigned long nmflag = 0; +static char nmflag_set = 0; + +int set_nameopt(const char *arg) { - char *p; + int ret = set_name_ex(&nmflag, arg); - p = X509_NAME_oneline(X509_get_subject_name(x), NULL, 0); - BIO_puts(out, "subject="); - BIO_puts(out, p); - OPENSSL_free(p); + if (ret) + nmflag_set = 1; - p = X509_NAME_oneline(X509_get_issuer_name(x), NULL, 0); - BIO_puts(out, "\nissuer="); - BIO_puts(out, p); + return ret; +} + +unsigned long get_nameopt(void) +{ + return (nmflag_set) ? nmflag : XN_FLAG_ONELINE; +} + +int dump_cert_text(BIO *out, X509 *x) +{ + print_name(out, "subject=", X509_get_subject_name(x), get_nameopt()); + BIO_puts(out, "\n"); + print_name(out, "issuer=", X509_get_issuer_name(x), get_nameopt()); BIO_puts(out, "\n"); - OPENSSL_free(p); return 0; } -#ifndef OPENSSL_NO_UI static int ui_open(UI *ui) { - return UI_method_get_opener(UI_OpenSSL())(ui); + int (*opener)(UI *ui) = UI_method_get_opener(ui_fallback_method); + + if (opener) + return opener(ui); + return 1; } static int ui_read(UI *ui, UI_STRING *uis) { + int (*reader)(UI *ui, UI_STRING *uis) = NULL; + if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD && UI_get0_user_data(ui)) { switch (UI_get_string_type(uis)) { @@ -186,15 +199,25 @@ static int ui_read(UI *ui, UI_STRING *uis) return 1; } } - default: + break; + case UIT_NONE: + case UIT_BOOLEAN: + case UIT_INFO: + case UIT_ERROR: break; } } - return UI_method_get_reader(UI_OpenSSL())(ui, uis); + + reader = UI_method_get_reader(ui_fallback_method); + if (reader) + return reader(ui, uis); + return 1; } static int ui_write(UI *ui, UI_STRING *uis) { + int (*writer)(UI *ui, UI_STRING *uis) = NULL; + if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD && UI_get0_user_data(ui)) { switch (UI_get_string_type(uis)) { @@ -206,20 +229,36 @@ static int ui_write(UI *ui, UI_STRING *uis) if (password && password[0] != '\0') return 1; } - default: + break; + case UIT_NONE: + case UIT_BOOLEAN: + case UIT_INFO: + case UIT_ERROR: break; } } - return UI_method_get_writer(UI_OpenSSL())(ui, uis); + + writer = UI_method_get_writer(ui_fallback_method); + if (writer) + return writer(ui, uis); + return 1; } static int ui_close(UI *ui) { - return UI_method_get_closer(UI_OpenSSL())(ui); + int (*closer)(UI *ui) = UI_method_get_closer(ui_fallback_method); + + if (closer) + return closer(ui); + return 1; } int setup_ui_method(void) { + ui_fallback_method = UI_null(); +#ifndef OPENSSL_NO_UI_CONSOLE + ui_fallback_method = UI_OpenSSL(); +#endif ui_method = UI_create_method("OpenSSL application user interface"); UI_method_set_opener(ui_method, ui_open); UI_method_set_reader(ui_method, ui_read); @@ -235,24 +274,18 @@ void destroy_ui_method(void) ui_method = NULL; } } -#endif + +const UI_METHOD *get_ui_method(void) +{ + return ui_method; +} int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) { int res = 0; -#ifndef OPENSSL_NO_UI UI *ui = NULL; -#endif PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp; -#ifdef OPENSSL_NO_UI - if (cb_data != NULL && cb_data->password != NULL) { - res = strlen(cb_data->password); - if (res > bufsiz) - res = bufsiz; - memcpy(buf, cb_data->password, res); - } -#else ui = UI_new_method(ui_method); if (ui) { int ok = 0; @@ -276,9 +309,9 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) /* We know that there is no previous user data to return to us */ (void)UI_add_user_data(ui, cb_data); - if (ok >= 0) - ok = UI_add_input_string(ui, prompt, ui_flags, buf, - PW_MIN_LENGTH, bufsiz - 1); + ok = UI_add_input_string(ui, prompt, ui_flags, buf, + PW_MIN_LENGTH, bufsiz - 1); + if (ok >= 0 && verify) { buff = app_malloc(bufsiz, "password buffer"); ok = UI_add_verify_string(ui, prompt, ui_flags, buff, @@ -287,8 +320,7 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) if (ok >= 0) do { ok = UI_process(ui); - } - while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0)); + } while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0)); OPENSSL_clear_free(buff, (unsigned int)bufsiz); @@ -308,7 +340,6 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) UI_free(ui); OPENSSL_free(prompt); } -#endif return res; } @@ -317,22 +348,24 @@ static char *app_get_pass(const char *arg, int keepbio); int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2) { int same; - if (!arg2 || !arg1 || strcmp(arg1, arg2)) + if (arg2 == NULL || arg1 == NULL || strcmp(arg1, arg2)) same = 0; else same = 1; - if (arg1) { + if (arg1 != NULL) { *pass1 = app_get_pass(arg1, same); - if (!*pass1) + if (*pass1 == NULL) return 0; - } else if (pass1) + } else if (pass1 != NULL) { *pass1 = NULL; - if (arg2) { + } + if (arg2 != NULL) { *pass2 = app_get_pass(arg2, same ? 2 : 0); - if (!*pass2) + if (*pass2 == NULL) return 0; - } else if (pass2) + } else if (pass2 != NULL) { *pass2 = NULL; + } return 1; } @@ -346,16 +379,16 @@ static char *app_get_pass(const char *arg, int keepbio) return OPENSSL_strdup(arg + 5); if (strncmp(arg, "env:", 4) == 0) { tmp = getenv(arg + 4); - if (!tmp) { + if (tmp == NULL) { BIO_printf(bio_err, "Can't read environment variable %s\n", arg + 4); return NULL; } return OPENSSL_strdup(tmp); } - if (!keepbio || !pwdbio) { + if (!keepbio || pwdbio == NULL) { if (strncmp(arg, "file:", 5) == 0) { pwdbio = BIO_new_file(arg + 5, "r"); - if (!pwdbio) { + if (pwdbio == NULL) { BIO_printf(bio_err, "Can't open file %s\n", arg + 5); return NULL; } @@ -404,12 +437,12 @@ static char *app_get_pass(const char *arg, int keepbio) return NULL; } tmp = strchr(tpass, '\n'); - if (tmp) + if (tmp != NULL) *tmp = 0; return OPENSSL_strdup(tpass); } -static CONF *app_load_config_(BIO *in, const char *filename) +CONF *app_load_config_bio(BIO *in, const char *filename) { long errorline = -1; CONF *conf; @@ -420,15 +453,21 @@ static CONF *app_load_config_(BIO *in, const char *filename) if (i > 0) return conf; - if (errorline <= 0) - BIO_printf(bio_err, "%s: Can't load config file \"%s\"\n", - opt_getprog(), filename); + if (errorline <= 0) { + BIO_printf(bio_err, "%s: Can't load ", opt_getprog()); + } else { + BIO_printf(bio_err, "%s: Error on line %ld of ", opt_getprog(), + errorline); + } + if (filename != NULL) + BIO_printf(bio_err, "config file \"%s\"\n", filename); else - BIO_printf(bio_err, "%s: Error on line %ld of config file \"%s\"\n", - opt_getprog(), errorline, filename); + BIO_printf(bio_err, "config input"); + NCONF_free(conf); return NULL; } + CONF *app_load_config(const char *filename) { BIO *in; @@ -438,10 +477,11 @@ CONF *app_load_config(const char *filename) if (in == NULL) return NULL; - conf = app_load_config_(in, filename); + conf = app_load_config_bio(in, filename); BIO_free(in); return conf; } + CONF *app_load_config_quiet(const char *filename) { BIO *in; @@ -451,7 +491,7 @@ CONF *app_load_config_quiet(const char *filename) if (in == NULL) return NULL; - conf = app_load_config_(in, filename); + conf = app_load_config_bio(in, filename); BIO_free(in); return conf; } @@ -515,9 +555,9 @@ static int load_pkcs12(BIO *in, const char *desc, goto die; } /* See if an empty password will do */ - if (PKCS12_verify_mac(p12, "", 0) || PKCS12_verify_mac(p12, NULL, 0)) + if (PKCS12_verify_mac(p12, "", 0) || PKCS12_verify_mac(p12, NULL, 0)) { pass = ""; - else { + } else { if (!pem_cb) pem_cb = (pem_password_cb *)password_callback; len = pem_cb(tpass, PEM_BUFSIZE, 0, cb_data); @@ -578,8 +618,7 @@ static int load_cert_crl_http(const char *url, X509 **pcert, X509_CRL **pcrl) OPENSSL_free(host); OPENSSL_free(path); OPENSSL_free(port); - if (bio) - BIO_free_all(bio); + BIO_free_all(bio); OCSP_REQ_CTX_free(rctx); if (rv != 1) { BIO_printf(bio_err, "Error loading %s from %s\n", @@ -605,17 +644,18 @@ X509 *load_cert(const char *file, int format, const char *cert_descrip) if (file == NULL) { unbuffer(stdin); cert = dup_bio_in(format); - } else + } else { cert = bio_open_default(file, 'r', format); + } if (cert == NULL) goto end; - if (format == FORMAT_ASN1) + if (format == FORMAT_ASN1) { x = d2i_X509_bio(cert, NULL); - else if (format == FORMAT_PEM) + } else if (format == FORMAT_PEM) { x = PEM_read_bio_X509_AUX(cert, NULL, (pem_password_cb *)password_callback, NULL); - else if (format == FORMAT_PKCS12) { + } else if (format == FORMAT_PKCS12) { if (!load_pkcs12(cert, cert_descrip, NULL, NULL, NULL, &x, NULL)) goto end; } else { @@ -628,7 +668,7 @@ X509 *load_cert(const char *file, int format, const char *cert_descrip) ERR_print_errors(bio_err); } BIO_free(cert); - return (x); + return x; } X509_CRL *load_crl(const char *infile, int format) @@ -646,11 +686,11 @@ X509_CRL *load_crl(const char *infile, int format) in = bio_open_default(infile, 'r', format); if (in == NULL) goto end; - if (format == FORMAT_ASN1) + if (format == FORMAT_ASN1) { x = d2i_X509_CRL_bio(in, NULL); - else if (format == FORMAT_PEM) + } else if (format == FORMAT_PEM) { x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL); - else { + } else { BIO_printf(bio_err, "bad input format specified for input crl\n"); goto end; } @@ -662,7 +702,7 @@ X509_CRL *load_crl(const char *infile, int format) end: BIO_free(in); - return (x); + return x; } EVP_PKEY *load_key(const char *file, int format, int maybe_stdin, @@ -680,9 +720,9 @@ EVP_PKEY *load_key(const char *file, int format, int maybe_stdin, goto end; } if (format == FORMAT_ENGINE) { - if (e == NULL) + if (e == NULL) { BIO_printf(bio_err, "no engine specified\n"); - else { + } else { #ifndef OPENSSL_NO_ENGINE if (ENGINE_init(e)) { pkey = ENGINE_load_private_key(e, file, ui_method, &cb_data); @@ -701,8 +741,9 @@ EVP_PKEY *load_key(const char *file, int format, int maybe_stdin, if (file == NULL && maybe_stdin) { unbuffer(stdin); key = dup_bio_in(format); - } else + } else { key = bio_open_default(file, 'r', format); + } if (key == NULL) goto end; if (format == FORMAT_ASN1) { @@ -711,21 +752,19 @@ EVP_PKEY *load_key(const char *file, int format, int maybe_stdin, pkey = PEM_read_bio_PrivateKey(key, NULL, (pem_password_cb *)password_callback, &cb_data); - } - else if (format == FORMAT_PKCS12) { + } else if (format == FORMAT_PKCS12) { if (!load_pkcs12(key, key_descrip, (pem_password_cb *)password_callback, &cb_data, &pkey, NULL, NULL)) goto end; - } #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) && !defined (OPENSSL_NO_RC4) - else if (format == FORMAT_MSBLOB) + } else if (format == FORMAT_MSBLOB) { pkey = b2i_PrivateKey_bio(key); - else if (format == FORMAT_PVK) + } else if (format == FORMAT_PVK) { pkey = b2i_PVK_bio(key, (pem_password_cb *)password_callback, &cb_data); #endif - else { + } else { BIO_printf(bio_err, "bad input format specified for key file\n"); goto end; } @@ -735,7 +774,7 @@ EVP_PKEY *load_key(const char *file, int format, int maybe_stdin, BIO_printf(bio_err, "unable to load %s\n", key_descrip); ERR_print_errors(bio_err); } - return (pkey); + return pkey; } EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin, @@ -753,9 +792,9 @@ EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin, goto end; } if (format == FORMAT_ENGINE) { - if (e == NULL) + if (e == NULL) { BIO_printf(bio_err, "no engine specified\n"); - else { + } else { #ifndef OPENSSL_NO_ENGINE pkey = ENGINE_load_public_key(e, file, ui_method, &cb_data); if (pkey == NULL) { @@ -771,14 +810,14 @@ EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin, if (file == NULL && maybe_stdin) { unbuffer(stdin); key = dup_bio_in(format); - } else + } else { key = bio_open_default(file, 'r', format); + } if (key == NULL) goto end; if (format == FORMAT_ASN1) { pkey = d2i_PUBKEY_bio(key, NULL); - } - else if (format == FORMAT_ASN1RSA) { + } else if (format == FORMAT_ASN1RSA) { #ifndef OPENSSL_NO_RSA RSA *rsa; rsa = d2i_RSAPublicKey_bio(key, NULL); @@ -808,21 +847,20 @@ EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin, BIO_printf(bio_err, "RSA keys not supported\n"); #endif pkey = NULL; - } - else if (format == FORMAT_PEM) { + } else if (format == FORMAT_PEM) { pkey = PEM_read_bio_PUBKEY(key, NULL, (pem_password_cb *)password_callback, &cb_data); - } #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) - else if (format == FORMAT_MSBLOB) + } else if (format == FORMAT_MSBLOB) { pkey = b2i_PublicKey_bio(key); #endif + } end: BIO_free(key); if (pkey == NULL) BIO_printf(bio_err, "unable to load %s\n", key_descrip); - return (pkey); + return pkey; } static int load_certs_crls(const char *file, int format, @@ -855,36 +893,36 @@ static int load_certs_crls(const char *file, int format, BIO_free(bio); - if (pcerts && *pcerts == NULL) { + if (pcerts != NULL && *pcerts == NULL) { *pcerts = sk_X509_new_null(); - if (!*pcerts) + if (*pcerts == NULL) goto end; } - if (pcrls && *pcrls == NULL) { + if (pcrls != NULL && *pcrls == NULL) { *pcrls = sk_X509_CRL_new_null(); - if (!*pcrls) + if (*pcrls == NULL) goto end; } for (i = 0; i < sk_X509_INFO_num(xis); i++) { xi = sk_X509_INFO_value(xis, i); - if (xi->x509 && pcerts) { + if (xi->x509 != NULL && pcerts != NULL) { if (!sk_X509_push(*pcerts, xi->x509)) goto end; xi->x509 = NULL; } - if (xi->crl && pcrls) { + if (xi->crl != NULL && pcrls != NULL) { if (!sk_X509_CRL_push(*pcrls, xi->crl)) goto end; xi->crl = NULL; } } - if (pcerts && sk_X509_num(*pcerts) > 0) + if (pcerts != NULL && sk_X509_num(*pcerts) > 0) rv = 1; - if (pcrls && sk_X509_CRL_num(*pcrls) > 0) + if (pcrls != NULL && sk_X509_CRL_num(*pcrls) > 0) rv = 1; end: @@ -892,11 +930,11 @@ static int load_certs_crls(const char *file, int format, sk_X509_INFO_pop_free(xis, X509_INFO_free); if (rv == 0) { - if (pcerts) { + if (pcerts != NULL) { sk_X509_pop_free(*pcerts, X509_free); *pcerts = NULL; } - if (pcrls) { + if (pcrls != NULL) { sk_X509_CRL_pop_free(*pcrls, X509_CRL_free); *pcrls = NULL; } @@ -1102,8 +1140,9 @@ static int set_table_opts(unsigned long *flags, const char *arg, } else if (c == '+') { c = 1; arg++; - } else + } else { c = 1; + } for (ptbl = in_tbl; ptbl->name; ptbl++) { if (strcasecmp(arg, ptbl->name) == 0) { @@ -1148,23 +1187,23 @@ void print_bignum_var(BIO *out, const BIGNUM *in, const char *var, int len, unsigned char *buffer) { BIO_printf(out, " static unsigned char %s_%d[] = {", var, len); - if (BN_is_zero(in)) - BIO_printf(out, "\n\t0x00"); - else { + if (BN_is_zero(in)) { + BIO_printf(out, "\n 0x00"); + } else { int i, l; l = BN_bn2bin(in, buffer); for (i = 0; i < l; i++) { - if ((i % 10) == 0) - BIO_printf(out, "\n\t"); + BIO_printf(out, (i % 10) == 0 ? "\n " : " "); if (i < l - 1) - BIO_printf(out, "0x%02X, ", buffer[i]); + BIO_printf(out, "0x%02X,", buffer[i]); else BIO_printf(out, "0x%02X", buffer[i]); } } BIO_printf(out, "\n };\n"); } + void print_array(BIO *out, const char* title, int len, const unsigned char* d) { int i; @@ -1198,8 +1237,9 @@ X509_STORE *setup_verify(const char *CAfile, const char *CApath, int noCAfile, i BIO_printf(bio_err, "Error loading file %s\n", CAfile); goto end; } - } else + } else { X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT); + } } if (CApath != NULL || !noCApath) { @@ -1211,8 +1251,9 @@ X509_STORE *setup_verify(const char *CAfile, const char *CApath, int noCAfile, i BIO_printf(bio_err, "Error loading directory %s\n", CApath); goto end; } - } else + } else { X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT); + } } ERR_clear_error(); @@ -1243,7 +1284,7 @@ ENGINE *setup_engine(const char *engine, int debug) ENGINE *e = NULL; #ifndef OPENSSL_NO_ENGINE - if (engine) { + if (engine != NULL) { if (strcmp(engine, "auto") == 0) { BIO_printf(bio_err, "enabling auto ENGINE support\n"); ENGINE_register_all_complete(); @@ -1298,7 +1339,7 @@ static int index_serial_cmp(const OPENSSL_CSTRING *a, for (aa = a[DB_serial]; *aa == '0'; aa++) ; for (bb = b[DB_serial]; *bb == '0'; bb++) ; - return (strcmp(aa, bb)); + return strcmp(aa, bb); } static int index_name_qual(char **a) @@ -1313,7 +1354,7 @@ static unsigned long index_name_hash(const OPENSSL_CSTRING *a) int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b) { - return (strcmp(a[DB_name], b[DB_name])); + return strcmp(a[DB_name], b[DB_name]); } static IMPLEMENT_LHASH_HASH_FN(index_serial, OPENSSL_CSTRING) @@ -1364,7 +1405,7 @@ BIGNUM *load_serial(const char *serialfile, int create, ASN1_INTEGER **retai) err: BIO_free(in); ASN1_INTEGER_free(ai); - return (ret); + return ret; } int save_serial(const char *serialfile, const char *suffix, const BIGNUM *serial, @@ -1414,7 +1455,7 @@ int save_serial(const char *serialfile, const char *suffix, const BIGNUM *serial err: BIO_free_all(out); ASN1_INTEGER_free(ai); - return (ret); + return ret; } int rotate_serial(const char *serialfile, const char *new_suffix, @@ -1465,15 +1506,11 @@ int rand_serial(BIGNUM *b, ASN1_INTEGER *ai) BIGNUM *btmp; int ret = 0; - if (b) - btmp = b; - else - btmp = BN_new(); - + btmp = b == NULL ? BN_new() : b; if (btmp == NULL) return 0; - if (!BN_pseudo_rand(btmp, SERIAL_RAND_BITS, 0, 0)) + if (!BN_rand(btmp, SERIAL_RAND_BITS, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) goto error; if (ai && !BN_to_ASN1_INTEGER(btmp, ai)) goto error; @@ -1495,12 +1532,27 @@ CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr) BIO *in; CONF *dbattr_conf = NULL; char buf[BSIZE]; +#ifndef OPENSSL_NO_POSIX_IO + FILE *dbfp; + struct stat dbst; +#endif in = BIO_new_file(dbfile, "r"); if (in == NULL) { ERR_print_errors(bio_err); goto err; } + +#ifndef OPENSSL_NO_POSIX_IO + BIO_get_fp(in, &dbfp); + if (fstat(fileno(dbfp), &dbst) == -1) { + SYSerr(SYS_F_FSTAT, errno); + ERR_add_error_data(3, "fstat('", dbfile, "')"); + ERR_print_errors(bio_err); + goto err; + } +#endif + if ((tmpdb = TXT_DB_read(in, DB_NUMBER)) == NULL) goto err; @@ -1527,6 +1579,11 @@ CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr) } } + retdb->dbfname = OPENSSL_strdup(dbfile); +#ifndef OPENSSL_NO_POSIX_IO + retdb->dbst = dbst; +#endif + err: NCONF_free(dbattr_conf); TXT_DB_free(tmpdb); @@ -1534,6 +1591,9 @@ CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr) return retdb; } +/* + * Returns > 0 on success, <= 0 on error + */ int index_index(CA_DB *db) { if (!TXT_DB_create_index(db->db, DB_serial, NULL, @@ -1672,6 +1732,7 @@ void free_index(CA_DB *db) { if (db) { TXT_DB_free(db->db); + OPENSSL_free(db->dbfname); OPENSSL_free(db); } } @@ -1861,8 +1922,9 @@ static void nodes_print(const char *name, STACK_OF(X509_POLICY_NODE) *nodes) node = sk_X509_POLICY_NODE_value(nodes, i); X509_POLICY_NODE_print(bio_err, node, 2); } - } else + } else { BIO_puts(bio_err, " \n"); + } } void policies_print(X509_STORE_CTX *ctx) @@ -1905,10 +1967,11 @@ unsigned char *next_protos_parse(size_t *outlen, const char *in) OPENSSL_free(out); return NULL; } - out[start] = i - start; + out[start] = (unsigned char)(i - start); start = i + 1; - } else + } else { out[i + 1] = in[i]; + } } *outlen = len + 1; @@ -2131,7 +2194,7 @@ double app_tminterval(int stop, int usertime) ret = (__int64)(tmstop.QuadPart - tmstart.QuadPart) * 1e-7; } - return (ret); + return ret; } #elif defined(OPENSSL_SYSTEM_VXWORKS) # include @@ -2167,7 +2230,7 @@ double app_tminterval(int stop, int usertime) else ret = (now - tmstart) / (double)sysClkRateGet(); # endif - return (ret); + return ret; } #elif defined(OPENSSL_SYSTEM_VMS) @@ -2201,7 +2264,7 @@ double app_tminterval(int stop, int usertime) else ret = (now - tmstart) / (double)(CLK_TCK); - return (ret); + return ret; } #elif defined(_SC_CLK_TCK) /* by means of unistd.h */ @@ -2217,14 +2280,14 @@ double app_tminterval(int stop, int usertime) if (usertime) now = rus.tms_utime; - if (stop == TM_START) + if (stop == TM_START) { tmstart = now; - else { + } else { long int tck = sysconf(_SC_CLK_TCK); ret = (now - tmstart) / (double)tck; } - return (ret); + return ret; } #else @@ -2349,12 +2412,12 @@ int raw_read_stdin(void *buf, int siz) { DWORD n; if (ReadFile(GetStdHandle(STD_INPUT_HANDLE), buf, siz, &n, NULL)) - return (n); + return n; else - return (-1); + return -1; } #elif defined(__VMS) -#include +# include int raw_read_stdin(void *buf, int siz) { @@ -2372,9 +2435,9 @@ int raw_write_stdout(const void *buf, int siz) { DWORD n; if (WriteFile(GetStdHandle(STD_OUTPUT_HANDLE), buf, siz, &n, NULL)) - return (n); + return n; else - return (-1); + return -1; } #else int raw_write_stdout(const void *buf, int siz) @@ -2401,14 +2464,26 @@ BIO *dup_bio_in(int format) BIO_NOCLOSE | (istext(format) ? BIO_FP_TEXT : 0)); } +static BIO_METHOD *prefix_method = NULL; + BIO *dup_bio_out(int format) { BIO *b = BIO_new_fp(stdout, BIO_NOCLOSE | (istext(format) ? BIO_FP_TEXT : 0)); + void *prefix = NULL; + #ifdef OPENSSL_SYS_VMS if (istext(format)) b = BIO_push(BIO_new(BIO_f_linebuffer()), b); #endif + + if (istext(format) && (prefix = getenv("HARNESS_OSSL_PREFIX")) != NULL) { + if (prefix_method == NULL) + prefix_method = apps_bf_prefix(); + b = BIO_push(BIO_new(prefix_method), b); + BIO_ctrl(b, PREFIX_CTRL_SET_PREFIX, 0, prefix); + } + return b; } @@ -2423,6 +2498,12 @@ BIO *dup_bio_err(int format) return b; } +void destroy_prefix_method(void) +{ + BIO_meth_free(prefix_method); + prefix_method = NULL; +} + void unbuffer(FILE *fp) { /* @@ -2649,15 +2730,23 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate, if (X509_gmtime_adj(X509_getm_notBefore(x), 0) == NULL) return 0; } else { - if (!ASN1_TIME_set_string(X509_getm_notBefore(x), startdate)) + if (!ASN1_TIME_set_string_X509(X509_getm_notBefore(x), startdate)) return 0; } if (enddate == NULL) { if (X509_time_adj_ex(X509_getm_notAfter(x), days, 0, NULL) == NULL) return 0; - } else if (!ASN1_TIME_set_string(X509_getm_notAfter(x), enddate)) { + } else if (!ASN1_TIME_set_string_X509(X509_getm_notAfter(x), enddate)) { return 0; } return 1; } + +void make_uppercase(char *string) +{ + int i; + + for (i = 0; string[i] != '\0'; i++) + string[i] = toupper((unsigned char)string[i]); +} diff --git a/deps/openssl/openssl/apps/apps.h b/deps/openssl/openssl/apps/apps.h index f91faf8c143d9d..d9eb650eb21197 100644 --- a/deps/openssl/openssl/apps/apps.h +++ b/deps/openssl/openssl/apps/apps.h @@ -10,17 +10,20 @@ #ifndef HEADER_APPS_H # define HEADER_APPS_H -# include "e_os.h" -# if defined(__unix) || defined(__unix__) -# include /* struct timeval for DTLS */ -# endif +# include "e_os.h" /* struct timeval for DTLS */ +# include "internal/nelem.h" # include +# include +# ifndef OPENSSL_NO_POSIX_IO +# include +# include +# endif + # include # include # include # include -# include # include # include # include @@ -40,27 +43,38 @@ */ #define _UC(c) ((unsigned char)(c)) -int app_RAND_load_file(const char *file, int dont_warn); -int app_RAND_write_file(const char *file); -/* - * When `file' is NULL, use defaults. `bio_e' is for error messages. - */ -void app_RAND_allow_write_file(void); -long app_RAND_load_files(char *file); /* `file' is a list of files to read, - * separated by LIST_SEPARATOR_CHAR - * (see e_os.h). The string is - * destroyed! */ +void app_RAND_load_conf(CONF *c, const char *section); +void app_RAND_write(void); extern char *default_config_file; extern BIO *bio_in; extern BIO *bio_out; extern BIO *bio_err; +extern const unsigned char tls13_aes128gcmsha256_id[]; +extern const unsigned char tls13_aes256gcmsha384_id[]; +extern BIO_ADDR *ourpeer; + +BIO_METHOD *apps_bf_prefix(void); +/* + * The control used to set the prefix with BIO_ctrl() + * We make it high enough so the chance of ever clashing with the BIO library + * remains unlikely for the foreseeable future and beyond. + */ +#define PREFIX_CTRL_SET_PREFIX (1 << 15) +/* + * apps_bf_prefix() returns a dynamically created BIO_METHOD, which we + * need to destroy at some point. When created internally, it's stored + * in an internal pointer which can be freed with the following function + */ +void destroy_prefix_method(void); + BIO *dup_bio_in(int format); BIO *dup_bio_out(int format); BIO *dup_bio_err(int format); BIO *bio_open_owner(const char *filename, int format, int private); BIO *bio_open_default(const char *filename, char mode, int format); BIO *bio_open_default_quiet(const char *filename, char mode, int format); +CONF *app_load_config_bio(BIO *in, const char *filename); CONF *app_load_config(const char *filename); CONF *app_load_config_quiet(const char *filename); int app_load_modules(const CONF *config); @@ -175,7 +189,7 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate, case OPT_V_ALLOW_PROXY_CERTS /* - * Common "extended"? options. + * Common "extended validation" options. */ # define OPT_X_ENUM \ OPT_X__FIRST=1000, \ @@ -210,18 +224,22 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate, # define OPT_S_ENUM \ OPT_S__FIRST=3000, \ OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \ - OPT_S_BUGS, OPT_S_NO_COMP, OPT_S_NOTICKET, \ + OPT_S_NOTLS1_3, OPT_S_BUGS, OPT_S_NO_COMP, OPT_S_NOTICKET, \ OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_LEGACYCONN, \ - OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_STRICT, OPT_S_SIGALGS, \ - OPT_S_CLIENTSIGALGS, OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, \ - OPT_S_DEBUGBROKE, OPT_S_COMP, OPT_S_MINPROTO, OPT_S_MAXPROTO, \ - OPT_S_NO_RENEGOTIATION, OPT_S__LAST + OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_ALLOW_NO_DHE_KEX, \ + OPT_S_PRIORITIZE_CHACHA, \ + OPT_S_STRICT, OPT_S_SIGALGS, OPT_S_CLIENTSIGALGS, OPT_S_GROUPS, \ + OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, OPT_S_CIPHERSUITES, \ + OPT_S_RECORD_PADDING, OPT_S_DEBUGBROKE, OPT_S_COMP, \ + OPT_S_MINPROTO, OPT_S_MAXPROTO, \ + OPT_S_NO_RENEGOTIATION, OPT_S_NO_MIDDLEBOX, OPT_S__LAST # define OPT_S_OPTIONS \ {"no_ssl3", OPT_S_NOSSL3, '-',"Just disable SSLv3" }, \ {"no_tls1", OPT_S_NOTLS1, '-', "Just disable TLSv1"}, \ {"no_tls1_1", OPT_S_NOTLS1_1, '-', "Just disable TLSv1.1" }, \ {"no_tls1_2", OPT_S_NOTLS1_2, '-', "Just disable TLSv1.2"}, \ + {"no_tls1_3", OPT_S_NOTLS1_3, '-', "Just disable TLSv1.3"}, \ {"bugs", OPT_S_BUGS, '-', "Turn on SSL bug compatibility"}, \ {"no_comp", OPT_S_NO_COMP, '-', "Disable SSL/TLS compression (default)" }, \ {"comp", OPT_S_COMP, '-', "Use SSL/TLS-level compression" }, \ @@ -238,6 +256,10 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate, "Disallow session resumption on renegotiation"}, \ {"no_legacy_server_connect", OPT_S_NOLEGACYCONN, '-', \ "Disallow initial connection to servers that don't support RI"}, \ + {"allow_no_dhe_kex", OPT_S_ALLOW_NO_DHE_KEX, '-', \ + "In TLSv1.3 allow non-(ec)dhe based key exchange on resumption"}, \ + {"prioritize_chacha", OPT_S_PRIORITIZE_CHACHA, '-', \ + "Prioritize ChaCha ciphers when preferred by clients"}, \ {"strict", OPT_S_STRICT, '-', \ "Enforce strict certificate checks as per TLS standard"}, \ {"sigalgs", OPT_S_SIGALGS, 's', \ @@ -245,15 +267,22 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate, {"client_sigalgs", OPT_S_CLIENTSIGALGS, 's', \ "Signature algorithms to support for client certificate" \ " authentication (colon-separated list)" }, \ + {"groups", OPT_S_GROUPS, 's', \ + "Groups to advertise (colon-separated list)" }, \ {"curves", OPT_S_CURVES, 's', \ - "Elliptic curves to advertise (colon-separated list)" }, \ + "Groups to advertise (colon-separated list)" }, \ {"named_curve", OPT_S_NAMEDCURVE, 's', \ "Elliptic curve used for ECDHE (server-side only)" }, \ - {"cipher", OPT_S_CIPHER, 's', "Specify cipher list to be used"}, \ + {"cipher", OPT_S_CIPHER, 's', "Specify TLSv1.2 and below cipher list to be used"}, \ + {"ciphersuites", OPT_S_CIPHERSUITES, 's', "Specify TLSv1.3 ciphersuites to be used"}, \ {"min_protocol", OPT_S_MINPROTO, 's', "Specify the minimum protocol version to be used"}, \ {"max_protocol", OPT_S_MAXPROTO, 's', "Specify the maximum protocol version to be used"}, \ + {"record_padding", OPT_S_RECORD_PADDING, 's', \ + "Block size to pad TLS 1.3 records to."}, \ {"debug_broken_protocol", OPT_S_DEBUGBROKE, '-', \ - "Perform all sorts of protocol violations for testing purposes"} + "Perform all sorts of protocol violations for testing purposes"}, \ + {"no_middlebox", OPT_S_NO_MIDDLEBOX, '-', \ + "Disable TLSv1.3 middlebox compat mode" } # define OPT_S_CASES \ OPT_S__FIRST: case OPT_S__LAST: break; \ @@ -261,6 +290,7 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate, case OPT_S_NOTLS1: \ case OPT_S_NOTLS1_1: \ case OPT_S_NOTLS1_2: \ + case OPT_S_NOTLS1_3: \ case OPT_S_BUGS: \ case OPT_S_NO_COMP: \ case OPT_S_COMP: \ @@ -270,20 +300,40 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate, case OPT_S_LEGACYCONN: \ case OPT_S_ONRESUMP: \ case OPT_S_NOLEGACYCONN: \ + case OPT_S_ALLOW_NO_DHE_KEX: \ + case OPT_S_PRIORITIZE_CHACHA: \ case OPT_S_STRICT: \ case OPT_S_SIGALGS: \ case OPT_S_CLIENTSIGALGS: \ + case OPT_S_GROUPS: \ case OPT_S_CURVES: \ case OPT_S_NAMEDCURVE: \ case OPT_S_CIPHER: \ + case OPT_S_CIPHERSUITES: \ + case OPT_S_RECORD_PADDING: \ + case OPT_S_NO_RENEGOTIATION: \ case OPT_S_MINPROTO: \ case OPT_S_MAXPROTO: \ - case OPT_S_NO_RENEGOTIATION: \ - case OPT_S_DEBUGBROKE + case OPT_S_DEBUGBROKE: \ + case OPT_S_NO_MIDDLEBOX #define IS_NO_PROT_FLAG(o) \ (o == OPT_S_NOSSL3 || o == OPT_S_NOTLS1 || o == OPT_S_NOTLS1_1 \ - || o == OPT_S_NOTLS1_2) + || o == OPT_S_NOTLS1_2 || o == OPT_S_NOTLS1_3) + +/* + * Random state options. + */ +# define OPT_R_ENUM \ + OPT_R__FIRST=1500, OPT_R_RAND, OPT_R_WRITERAND, OPT_R__LAST + +# define OPT_R_OPTIONS \ + {"rand", OPT_R_RAND, 's', "Load the file(s) into the random number generator"}, \ + {"writerand", OPT_R_WRITERAND, '>', "Write random data to the specified file"} + +# define OPT_R_CASES \ + OPT_R__FIRST: case OPT_R__LAST: break; \ + case OPT_R_RAND: case OPT_R_WRITERAND /* * Option parsing. @@ -296,7 +346,7 @@ typedef struct options_st { /* * value type: - no value (also the value zero), n number, p positive * number, u unsigned, l long, s string, < input file, > output file, - * f any format, F der/pem format , E der/pem/engine format identifier. + * f any format, F der/pem format, E der/pem/engine format identifier. * l, n and u include zero; p does not. */ int valtype; @@ -319,7 +369,7 @@ typedef struct string_int_pair_st { # define OPT_FMT_SMIME (1L << 3) # define OPT_FMT_ENGINE (1L << 4) # define OPT_FMT_MSBLOB (1L << 5) -# define OPT_FMT_NETSCAPE (1L << 6) +/* (1L << 6) was OPT_FMT_NETSCAPE, but wasn't used */ # define OPT_FMT_NSS (1L << 7) # define OPT_FMT_TEXT (1L << 8) # define OPT_FMT_HTTP (1L << 9) @@ -328,8 +378,8 @@ typedef struct string_int_pair_st { # define OPT_FMT_PDS (OPT_FMT_PEMDER | OPT_FMT_SMIME) # define OPT_FMT_ANY ( \ OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_SMIME | \ - OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NETSCAPE | \ - OPT_FMT_NSS | OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK) + OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NSS | \ + OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK) char *opt_progname(const char *argv0); char *opt_getprog(void); @@ -355,10 +405,10 @@ int opt_md(const char *name, const EVP_MD **mdp); char *opt_arg(void); char *opt_flag(void); char *opt_unknown(void); -char *opt_reset(void); char **opt_rest(void); int opt_num_rest(void); int opt_verify(int i, X509_VERIFY_PARAM *vpm); +int opt_rand(int i); void opt_help(const OPTIONS * list); int opt_format_error(const char *s, unsigned long flags); @@ -391,6 +441,7 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_data); int setup_ui_method(void); void destroy_ui_method(void); +const UI_METHOD *get_ui_method(void); int chopup_args(ARGS *arg, char *buf); # ifdef HEADER_X509_H @@ -401,6 +452,8 @@ void print_name(BIO *out, const char *title, X509_NAME *nm, void print_bignum_var(BIO *, const BIGNUM *, const char*, int, unsigned char *); void print_array(BIO *, const char *, int, const unsigned char *); +int set_nameopt(const char *arg); +unsigned long get_nameopt(void); int set_cert_ex(unsigned long *flags, const char *arg); int set_name_ex(unsigned long *flags, const char *arg); int set_ext_copy(int *copy_type, const char *arg); @@ -458,9 +511,10 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, * disabled */ # define DB_NUMBER 6 -# define DB_TYPE_REV 'R' -# define DB_TYPE_EXP 'E' -# define DB_TYPE_VAL 'V' +# define DB_TYPE_REV 'R' /* Revoked */ +# define DB_TYPE_EXP 'E' /* Expired */ +# define DB_TYPE_VAL 'V' /* Valid ; inserted with: ca ... -valid */ +# define DB_TYPE_SUSP 'S' /* Suspended */ typedef struct db_attr_st { int unique_subject; @@ -468,6 +522,10 @@ typedef struct db_attr_st { typedef struct ca_db_st { DB_ATTR attributes; TXT_DB *db; + char *dbfname; +# ifndef OPENSSL_NO_POSIX_IO + struct stat dbst; +# endif } CA_DB; void* app_malloc(int sz, const char *what); @@ -490,8 +548,6 @@ int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b); int parse_yesno(const char *str, int def); X509_NAME *parse_name(const char *str, long chtype, int multirdn); -int args_verify(char ***pargs, int *pargc, - int *badarg, X509_VERIFY_PARAM **pm); void policies_print(X509_STORE_CTX *ctx); int bio_to_mem(unsigned char **out, int maxlen, BIO *in); int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value); @@ -503,9 +559,9 @@ int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts); int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts); -# ifndef OPENSSL_NO_PSK + extern char *psk_key; -# endif + unsigned char *next_protos_parse(size_t *outlen, const char *in); @@ -546,7 +602,12 @@ void store_setup_crl_download(X509_STORE *st); # define APP_PASS_LEN 1024 -# define SERIAL_RAND_BITS 64 +/* + * IETF RFC 5280 says serial number must be <= 20 bytes. Use 159 bits + * so that the first bit will never be one, so that the DER encoding + * rules won't force a leading octet. + */ +# define SERIAL_RAND_BITS 159 int app_isdir(const char *); int app_access(const char *, int flag); @@ -559,6 +620,8 @@ int raw_write_stdout(const void *, int); # define TM_STOP 1 double app_tminterval(int stop, int usertime); +void make_uppercase(char *string); + typedef struct verify_options_st { int depth; int quiet; @@ -568,6 +631,4 @@ typedef struct verify_options_st { extern VERIFY_CB_ARGS verify_args; -# include "progs.h" - #endif diff --git a/deps/openssl/openssl/apps/asn1pars.c b/deps/openssl/openssl/apps/asn1pars.c index 008a6797d04523..62c70b9cc4405e 100644 --- a/deps/openssl/openssl/apps/asn1pars.c +++ b/deps/openssl/openssl/apps/asn1pars.c @@ -7,28 +7,26 @@ * https://www.openssl.org/source/license.html */ -/* - * A nice addition from Dr Stephen Henson to add the - * -strparse option which parses nested binary structures - */ - #include #include #include #include "apps.h" +#include "progs.h" #include #include #include #include +#include typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_INFORM, OPT_IN, OPT_OUT, OPT_INDENT, OPT_NOOUT, OPT_OID, OPT_OFFSET, OPT_LENGTH, OPT_DUMP, OPT_DLIMIT, - OPT_STRPARSE, OPT_GENSTR, OPT_GENCONF, OPT_STRICTPEM + OPT_STRPARSE, OPT_GENSTR, OPT_GENCONF, OPT_STRICTPEM, + OPT_ITEM } OPTION_CHOICE; -OPTIONS asn1parse_options[] = { +const OPTIONS asn1parse_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, {"inform", OPT_INFORM, 'F', "input format - one of DER PEM"}, {"in", OPT_IN, '<', "input file"}, @@ -49,6 +47,7 @@ OPTIONS asn1parse_options[] = { {OPT_MORE_STR, 0, 0, "(-inform will be ignored)"}, {"strictpem", OPT_STRICTPEM, 0, "do not attempt base64 decode outside PEM markers"}, + {"item", OPT_ITEM, 's', "item to parse and print"}, {NULL} }; @@ -71,6 +70,7 @@ int asn1parse_main(int argc, char **argv) unsigned char *tmpbuf; unsigned int length = 0; OPTION_CHOICE o; + const ASN1_ITEM *it = NULL; prog = opt_init(argc, argv, asn1parse_options); @@ -134,6 +134,22 @@ int asn1parse_main(int argc, char **argv) strictpem = 1; informat = FORMAT_PEM; break; + case OPT_ITEM: + it = ASN1_ITEM_lookup(opt_arg()); + if (it == NULL) { + size_t tmp; + + BIO_printf(bio_err, "Unknown item name %s\n", opt_arg()); + BIO_puts(bio_err, "Supported types:\n"); + for (tmp = 0;; tmp++) { + it = ASN1_ITEM_get(tmp); + if (it == NULL) + break; + BIO_printf(bio_err, " %s\n", it->sname); + } + goto end; + } + break; } } argc = opt_num_rest(); @@ -174,9 +190,7 @@ int asn1parse_main(int argc, char **argv) ERR_print_errors(bio_err); goto end; } - } - - else { + } else { if (informat == FORMAT_PEM) { BIO *tmp; @@ -253,18 +267,31 @@ int asn1parse_main(int argc, char **argv) if (length == 0 || length > (unsigned int)num) length = (unsigned int)num; - if (derout) { + if (derout != NULL) { if (BIO_write(derout, str + offset, length) != (int)length) { BIO_printf(bio_err, "Error writing output\n"); ERR_print_errors(bio_err); goto end; } } - if (!noout && - !ASN1_parse_dump(bio_out, &(str[offset]), length, - indent, dump)) { - ERR_print_errors(bio_err); - goto end; + if (!noout) { + const unsigned char *p = str + offset; + + if (it != NULL) { + ASN1_VALUE *value = ASN1_item_d2i(NULL, &p, length, it); + if (value == NULL) { + BIO_printf(bio_err, "Error parsing item %s\n", it->sname); + ERR_print_errors(bio_err); + goto end; + } + ASN1_item_print(bio_out, value, 0, it, NULL); + ASN1_item_free(value, it); + } else { + if (!ASN1_parse_dump(bio_out, p, length, indent, dump)) { + ERR_print_errors(bio_err); + goto end; + } + } } ret = 0; end: @@ -280,7 +307,7 @@ int asn1parse_main(int argc, char **argv) OPENSSL_free(str); ASN1_TYPE_free(at); sk_OPENSSL_STRING_free(osk); - return (ret); + return ret; } static int do_generate(char *genstr, const char *genconf, BUF_MEM *buf) @@ -290,12 +317,12 @@ static int do_generate(char *genstr, const char *genconf, BUF_MEM *buf) unsigned char *p; ASN1_TYPE *atyp = NULL; - if (genconf) { + if (genconf != NULL) { if ((cnf = app_load_config(genconf)) == NULL) goto err; - if (!genstr) + if (genstr == NULL) genstr = NCONF_get_string(cnf, "default", "asn1"); - if (!genstr) { + if (genstr == NULL) { BIO_printf(bio_err, "Can't find 'asn1' in '%s'\n", genconf); goto err; } @@ -305,7 +332,7 @@ static int do_generate(char *genstr, const char *genconf, BUF_MEM *buf) NCONF_free(cnf); cnf = NULL; - if (!atyp) + if (atyp == NULL) return -1; len = i2d_ASN1_TYPE(atyp, NULL); diff --git a/deps/openssl/openssl/apps/bf_prefix.c b/deps/openssl/openssl/apps/bf_prefix.c new file mode 100644 index 00000000000000..bae3c91bf8b385 --- /dev/null +++ b/deps/openssl/openssl/apps/bf_prefix.c @@ -0,0 +1,177 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include "apps.h" + +static int prefix_write(BIO *b, const char *out, size_t outl, + size_t *numwritten); +static int prefix_read(BIO *b, char *buf, size_t size, size_t *numread); +static int prefix_puts(BIO *b, const char *str); +static int prefix_gets(BIO *b, char *str, int size); +static long prefix_ctrl(BIO *b, int cmd, long arg1, void *arg2); +static int prefix_create(BIO *b); +static int prefix_destroy(BIO *b); +static long prefix_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp); + +static BIO_METHOD *prefix_meth = NULL; + +BIO_METHOD *apps_bf_prefix(void) +{ + if (prefix_meth == NULL) { + if ((prefix_meth = + BIO_meth_new(BIO_TYPE_FILTER, "Prefix filter")) == NULL + || !BIO_meth_set_create(prefix_meth, prefix_create) + || !BIO_meth_set_destroy(prefix_meth, prefix_destroy) + || !BIO_meth_set_write_ex(prefix_meth, prefix_write) + || !BIO_meth_set_read_ex(prefix_meth, prefix_read) + || !BIO_meth_set_puts(prefix_meth, prefix_puts) + || !BIO_meth_set_gets(prefix_meth, prefix_gets) + || !BIO_meth_set_ctrl(prefix_meth, prefix_ctrl) + || !BIO_meth_set_callback_ctrl(prefix_meth, prefix_callback_ctrl)) { + BIO_meth_free(prefix_meth); + prefix_meth = NULL; + } + } + return prefix_meth; +} + +typedef struct prefix_ctx_st { + char *prefix; + int linestart; /* flag to indicate we're at the line start */ +} PREFIX_CTX; + +static int prefix_create(BIO *b) +{ + PREFIX_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); + + if (ctx == NULL) + return 0; + + ctx->prefix = NULL; + ctx->linestart = 1; + BIO_set_data(b, ctx); + BIO_set_init(b, 1); + return 1; +} + +static int prefix_destroy(BIO *b) +{ + PREFIX_CTX *ctx = BIO_get_data(b); + + OPENSSL_free(ctx->prefix); + OPENSSL_free(ctx); + return 1; +} + +static int prefix_read(BIO *b, char *in, size_t size, size_t *numread) +{ + return BIO_read_ex(BIO_next(b), in, size, numread); +} + +static int prefix_write(BIO *b, const char *out, size_t outl, + size_t *numwritten) +{ + PREFIX_CTX *ctx = BIO_get_data(b); + + if (ctx == NULL) + return 0; + + /* If no prefix is set or if it's empty, we've got nothing to do here */ + if (ctx->prefix == NULL || *ctx->prefix == '\0') { + /* We do note if what comes next will be a new line, though */ + if (outl > 0) + ctx->linestart = (out[outl-1] == '\n'); + return BIO_write_ex(BIO_next(b), out, outl, numwritten); + } + + *numwritten = 0; + + while (outl > 0) { + size_t i; + char c; + + /* If we know that we're at the start of the line, output the prefix */ + if (ctx->linestart) { + size_t dontcare; + + if (!BIO_write_ex(BIO_next(b), ctx->prefix, strlen(ctx->prefix), + &dontcare)) + return 0; + ctx->linestart = 0; + } + + /* Now, go look for the next LF, or the end of the string */ + for (i = 0, c = '\0'; i < outl && (c = out[i]) != '\n'; i++) + continue; + if (c == '\n') + i++; + + /* Output what we found so far */ + while (i > 0) { + size_t num = 0; + + if (!BIO_write_ex(BIO_next(b), out, i, &num)) + return 0; + out += num; + outl -= num; + *numwritten += num; + i -= num; + } + + /* If we found a LF, what follows is a new line, so take note */ + if (c == '\n') + ctx->linestart = 1; + } + + return 1; +} + +static long prefix_ctrl(BIO *b, int cmd, long num, void *ptr) +{ + long ret = 0; + + switch (cmd) { + case PREFIX_CTRL_SET_PREFIX: + { + PREFIX_CTX *ctx = BIO_get_data(b); + + if (ctx == NULL) + break; + + OPENSSL_free(ctx->prefix); + ctx->prefix = OPENSSL_strdup((const char *)ptr); + ret = ctx->prefix != NULL; + } + break; + default: + if (BIO_next(b) != NULL) + ret = BIO_ctrl(BIO_next(b), cmd, num, ptr); + break; + } + return ret; +} + +static long prefix_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) +{ + return BIO_callback_ctrl(BIO_next(b), cmd, fp); +} + +static int prefix_gets(BIO *b, char *buf, int size) +{ + return BIO_gets(BIO_next(b), buf, size); +} + +static int prefix_puts(BIO *b, const char *str) +{ + return BIO_write(b, str, strlen(str)); +} diff --git a/deps/openssl/openssl/apps/build.info b/deps/openssl/openssl/apps/build.info index e2ddd2b56d418c..751d8da8281815 100644 --- a/deps/openssl/openssl/apps/build.info +++ b/deps/openssl/openssl/apps/build.info @@ -1,28 +1,38 @@ -{- our $tsget_name = $config{target} =~ /^(VC|vms)-/ ? "tsget.pl" : "tsget"; - our @apps_openssl_src = - ( qw(openssl.c - asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c dhparam.c - dsa.c dsaparam.c ec.c ecparam.c enc.c engine.c errstr.c gendsa.c - genpkey.c genrsa.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c pkcs8.c - pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c rsautl.c - s_client.c s_server.c s_time.c sess_id.c smime.c speed.c spkac.c - srp.c ts.c verify.c version.c x509.c rehash.c - apps.c opt.c s_cb.c s_socket.c - app_rand.c), - split(/\s+/, $target{apps_aux_src}) ); +{- our @apps_openssl_src = + qw(openssl.c + asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c dhparam.c + dsa.c dsaparam.c ec.c ecparam.c enc.c engine.c errstr.c gendsa.c + genpkey.c genrsa.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c pkcs8.c + pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c rsautl.c + s_client.c s_server.c s_time.c sess_id.c smime.c speed.c spkac.c + srp.c ts.c verify.c version.c x509.c rehash.c storeutl.c); + our @apps_lib_src = + ( qw(apps.c opt.c s_cb.c s_socket.c app_rand.c bf_prefix.c), + split(/\s+/, $target{apps_aux_src}) ); + our @apps_init_src = split(/\s+/, $target{apps_init_src}); "" -} IF[{- !$disabled{apps} -}] + LIBS_NO_INST=libapps.a + SOURCE[libapps.a]={- join(" ", @apps_lib_src) -} + INCLUDE[libapps.a]=.. ../include + PROGRAMS=openssl + SOURCE[openssl]={- join(" ", @apps_init_src) -} SOURCE[openssl]={- join(" ", @apps_openssl_src) -} INCLUDE[openssl]=.. ../include - DEPEND[openssl]=../libssl + DEPEND[openssl]=libapps.a ../libssl + +IF[{- $config{target} =~ /^(?:Cygwin|mingw|VC-)/ -}] + GENERATE[openssl.rc]=../util/mkrc.pl openssl + SOURCE[openssl]=openssl.rc +ENDIF {- join("\n ", map { (my $x = $_) =~ s|\.c$|.o|; "DEPEND[$x]=progs.h" } @apps_openssl_src) -} GENERATE[progs.h]=progs.pl $(APPS_OPENSSL) DEPEND[progs.h]=../configdata.pm - SCRIPTS=CA.pl {- $tsget_name -} + SCRIPTS=CA.pl tsget.pl SOURCE[CA.pl]=CA.pl.in - SOURCE[{- $tsget_name -}]=tsget.in + SOURCE[tsget.pl]=tsget.in ENDIF diff --git a/deps/openssl/openssl/apps/ca.c b/deps/openssl/openssl/apps/ca.c index c69a2b5cdd9fd7..69207c0662ed7f 100644 --- a/deps/openssl/openssl/apps/ca.c +++ b/deps/openssl/openssl/apps/ca.c @@ -6,9 +6,6 @@ * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ - -/* The PPKI stuff has been donated by Jeff Barber */ - #include #include #include @@ -28,27 +25,24 @@ #ifndef W_OK # ifdef OPENSSL_SYS_VMS -# if defined(__DECC) -# include -# else -# include -# endif +# include # elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) # include # endif #endif #include "apps.h" +#include "progs.h" #ifndef W_OK # define F_OK 0 -# define X_OK 1 # define W_OK 2 # define R_OK 4 #endif -#undef BSIZE -#define BSIZE 256 +#ifndef PATH_MAX +# define PATH_MAX 4096 +#endif #define BASE_SECTION "ca" @@ -60,6 +54,7 @@ #define ENV_NEW_CERTS_DIR "new_certs_dir" #define ENV_CERTIFICATE "certificate" #define ENV_SERIAL "serial" +#define ENV_RAND_SERIAL "rand_serial" #define ENV_CRLNUMBER "crlnumber" #define ENV_PRIVATE_KEY "private_key" #define ENV_DEFAULT_DAYS "default_days" @@ -82,12 +77,14 @@ #define ENV_DATABASE "database" /* Additional revocation information types */ - -#define REV_NONE 0 /* No additional information */ -#define REV_CRL_REASON 1 /* Value is CRL reason code */ -#define REV_HOLD 2 /* Value is hold instruction */ -#define REV_KEY_COMPROMISE 3 /* Value is cert key compromise time */ -#define REV_CA_COMPROMISE 4 /* Value is CA key compromise time */ +typedef enum { + REV_VALID = -1, /* Valid (not-revoked) status */ + REV_NONE = 0, /* No additional information */ + REV_CRL_REASON = 1, /* Value is CRL reason code */ + REV_HOLD = 2, /* Value is hold instruction */ + REV_KEY_COMPROMISE = 3, /* Value is cert key compromise time */ + REV_CA_COMPROMISE = 4 /* Value is CA key compromise time */ +} REVINFO_TYPE; static char *lookup_conf(const CONF *conf, const char *group, const char *tag); @@ -117,7 +114,6 @@ static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey, const char *enddate, long days, const char *ext_sect, CONF *conf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy); -static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext); static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, @@ -126,13 +122,15 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, int batch, int verbose, X509_REQ *req, const char *ext_sect, CONF *conf, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, int selfsign); -static int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval); static int get_certificate_status(const char *ser_status, CA_DB *db); static int do_updatedb(CA_DB *db); static int check_time_format(const char *str); -char *make_revocation_str(int rev_type, char *rev_arg); -int make_revoked(X509_REVOKED *rev, const char *str); +static int do_revoke(X509 *x509, CA_DB *db, REVINFO_TYPE rev_type, + const char *extval); +static char *make_revocation_str(REVINFO_TYPE rev_type, const char *rev_arg); +static int make_revoked(X509_REVOKED *rev, const char *str); static int old_entry_print(const ASN1_OBJECT *obj, const ASN1_STRING *str); +static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext); static CONF *extconf = NULL; static int preserve = 0; @@ -148,11 +146,13 @@ typedef enum OPTION_choice { OPT_GENCRL, OPT_MSIE_HACK, OPT_CRLDAYS, OPT_CRLHOURS, OPT_CRLSEC, OPT_INFILES, OPT_SS_CERT, OPT_SPKAC, OPT_REVOKE, OPT_VALID, OPT_EXTENSIONS, OPT_EXTFILE, OPT_STATUS, OPT_UPDATEDB, OPT_CRLEXTS, - OPT_CRL_REASON, OPT_CRL_HOLD, OPT_CRL_COMPROMISE, - OPT_CRL_CA_COMPROMISE + OPT_RAND_SERIAL, + OPT_R_ENUM, + /* Do not change the order here; see related case statements below */ + OPT_CRL_REASON, OPT_CRL_HOLD, OPT_CRL_COMPROMISE, OPT_CRL_CA_COMPROMISE } OPTION_CHOICE; -OPTIONS ca_options[] = { +const OPTIONS ca_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, {"verbose", OPT_VERBOSE, '-', "Verbose output during processing"}, {"config", OPT_CONFIG, 's', "A config file"}, @@ -161,6 +161,8 @@ OPTIONS ca_options[] = { {"utf8", OPT_UTF8, '-', "Input characters are UTF8 (default ASCII)"}, {"create_serial", OPT_CREATE_SERIAL, '-', "If reading serial fails, create a new random serial"}, + {"rand_serial", OPT_RAND_SERIAL, '-', + "Always create a random serial; do not store it"}, {"multivalue-rdn", OPT_MULTIVALUE_RDN, '-', "Enable support for multivalued RDNs"}, {"startdate", OPT_STARTDATE, 's', "Cert notBefore, YYMMDDHHMMSSZ"}, @@ -212,6 +214,7 @@ OPTIONS ca_options[] = { "sets compromise time to val and the revocation reason to keyCompromise"}, {"crl_CA_compromise", OPT_CRL_CA_COMPROMISE, 's', "sets compromise time to val and the revocation reason to CACompromise"}, + OPT_R_OPTIONS, #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, #endif @@ -242,18 +245,21 @@ int ca_main(int argc, char **argv) char *outdir = NULL, *outfile = NULL, *rev_arg = NULL, *ser_status = NULL; const char *serialfile = NULL, *subj = NULL; char *prog, *startdate = NULL, *enddate = NULL; - char *dbfile = NULL, *f, *randfile = NULL; - char buf[3][BSIZE]; + char *dbfile = NULL, *f; + char new_cert[PATH_MAX]; + char tmp[10 + 1] = "\0"; char *const *pp; const char *p; + size_t outdirlen = 0; int create_ser = 0, free_key = 0, total = 0, total_done = 0; int batch = 0, default_op = 1, doupdatedb = 0, ext_copy = EXT_COPY_NONE; int keyformat = FORMAT_PEM, multirdn = 0, notext = 0, output_der = 0; int ret = 1, email_dn = 1, req = 0, verbose = 0, gencrl = 0, dorevoke = 0; - int i, j, rev_type = REV_NONE, selfsign = 0; + int rand_ser = 0, i, j, selfsign = 0, def_nid, def_ret; long crldays = 0, crlhours = 0, crlsec = 0, days = 0; - unsigned long chtype = MBSTRING_ASC, nameopt = 0, certopt = 0; + unsigned long chtype = MBSTRING_ASC, certopt = 0; X509 *x509 = NULL, *x509p = NULL, *x = NULL; + REVINFO_TYPE rev_type = REV_NONE; X509_REVOKED *r = NULL; OPTION_CHOICE o; @@ -292,6 +298,9 @@ int ca_main(int argc, char **argv) case OPT_UTF8: chtype = MBSTRING_UTF8; break; + case OPT_RAND_SERIAL: + rand_ser = 1; + break; case OPT_CREATE_SERIAL: create_ser = 1; break; @@ -323,6 +332,10 @@ int ca_main(int argc, char **argv) case OPT_PASSIN: passinarg = opt_arg(); break; + case OPT_R_CASES: + if (!opt_rand(o)) + goto end; + break; case OPT_KEY: key = opt_arg(); break; @@ -338,8 +351,7 @@ int ca_main(int argc, char **argv) case OPT_SIGOPT: if (sigopts == NULL) sigopts = sk_OPENSSL_STRING_new_null(); - if (sigopts == NULL - || !sk_OPENSSL_STRING_push(sigopts, opt_arg())) + if (sigopts == NULL || !sk_OPENSSL_STRING_push(sigopts, opt_arg())) goto end; break; case OPT_NOTEXT: @@ -403,21 +415,12 @@ int ca_main(int argc, char **argv) case OPT_CRLEXTS: crl_ext = opt_arg(); break; - case OPT_CRL_REASON: - rev_arg = opt_arg(); - rev_type = REV_CRL_REASON; - break; + case OPT_CRL_REASON: /* := REV_CRL_REASON */ case OPT_CRL_HOLD: - rev_arg = opt_arg(); - rev_type = REV_HOLD; - break; case OPT_CRL_COMPROMISE: - rev_arg = opt_arg(); - rev_type = REV_KEY_COMPROMISE; - break; case OPT_CRL_CA_COMPROMISE: rev_arg = opt_arg(); - rev_type = REV_CA_COMPROMISE; + rev_type = (o - OPT_CRL_REASON) + REV_CRL_REASON; break; case OPT_ENGINE: e = setup_engine(opt_arg(), 0); @@ -458,23 +461,20 @@ int ca_main(int argc, char **argv) goto end; } - randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE"); - if (randfile == NULL) - ERR_clear_error(); - app_RAND_load_file(randfile, 0); + app_RAND_load_conf(conf, BASE_SECTION); f = NCONF_get_string(conf, section, STRING_MASK); - if (!f) + if (f == NULL) ERR_clear_error(); - if (f && !ASN1_STRING_set_default_mask_asc(f)) { + if (f != NULL && !ASN1_STRING_set_default_mask_asc(f)) { BIO_printf(bio_err, "Invalid global string mask setting %s\n", f); goto end; } if (chtype != MBSTRING_UTF8) { f = NCONF_get_string(conf, section, UTF8_IN); - if (!f) + if (f == NULL) ERR_clear_error(); else if (strcmp(f, "yes") == 0) chtype = MBSTRING_UTF8; @@ -482,9 +482,9 @@ int ca_main(int argc, char **argv) db_attr.unique_subject = 1; p = NCONF_get_string(conf, section, ENV_UNIQUE_SUBJECT); - if (p) { + if (p != NULL) db_attr.unique_subject = parse_yesno(p, 1); - } else + else ERR_clear_error(); /*****************************************************************/ @@ -498,7 +498,7 @@ int ca_main(int argc, char **argv) if (db == NULL) goto end; - if (!index_index(db)) + if (index_index(db) <= 0) goto end; if (get_certificate_status(ser_status, db) != 1) @@ -513,7 +513,7 @@ int ca_main(int argc, char **argv) && (keyfile = lookup_conf(conf, section, ENV_PRIVATE_KEY)) == NULL) goto end; - if (!key) { + if (key == NULL) { free_key = 1; if (!app_passwd(passinarg, NULL, &key, NULL)) { BIO_printf(bio_err, "Error getting password\n"); @@ -521,12 +521,11 @@ int ca_main(int argc, char **argv) } } pkey = load_key(keyfile, keyformat, 0, key, e, "CA private key"); - if (key) + if (key != NULL) OPENSSL_cleanse(key, strlen(key)); - if (pkey == NULL) { + if (pkey == NULL) /* load_key() has already printed an appropriate message */ goto end; - } /*****************************************************************/ /* we need a certificate */ @@ -561,37 +560,36 @@ int ca_main(int argc, char **argv) f = NCONF_get_string(conf, section, ENV_NAMEOPT); - if (f) { - if (!set_name_ex(&nameopt, f)) { + if (f != NULL) { + if (!set_nameopt(f)) { BIO_printf(bio_err, "Invalid name options: \"%s\"\n", f); goto end; } default_op = 0; - } else { - nameopt = XN_FLAG_ONELINE; - ERR_clear_error(); } f = NCONF_get_string(conf, section, ENV_CERTOPT); - if (f) { + if (f != NULL) { if (!set_cert_ex(&certopt, f)) { BIO_printf(bio_err, "Invalid certificate options: \"%s\"\n", f); goto end; } default_op = 0; - } else + } else { ERR_clear_error(); + } f = NCONF_get_string(conf, section, ENV_EXTCOPY); - if (f) { + if (f != NULL) { if (!set_ext_copy(&ext_copy, f)) { BIO_printf(bio_err, "Invalid extension copy option: \"%s\"\n", f); goto end; } - } else + } else { ERR_clear_error(); + } /*****************************************************************/ /* lookup where to write new certificates */ @@ -607,7 +605,7 @@ int ca_main(int argc, char **argv) /* * outdir is a directory spec, but access() for VMS demands a * filename. We could use the DEC C routine to convert the - * directory syntax to Unixly, and give that to app_isdir, + * directory syntax to Unix, and give that to app_isdir, * but for now the fopen will catch the error if it's not a * directory */ @@ -674,7 +672,7 @@ int ca_main(int argc, char **argv) BIO_printf(bio_err, "generating index\n"); } - if (!index_index(db)) + if (index_index(db) <= 0) goto end; /*****************************************************************/ @@ -698,8 +696,7 @@ int ca_main(int argc, char **argv) goto end; if (verbose) - BIO_printf(bio_err, - "Done. %d entries marked as expired\n", i); + BIO_printf(bio_err, "Done. %d entries marked as expired\n", i); } } @@ -731,21 +728,28 @@ int ca_main(int argc, char **argv) } } - if (md == NULL - && (md = lookup_conf(conf, section, ENV_DEFAULT_MD)) == NULL) + def_ret = EVP_PKEY_get_default_digest_nid(pkey, &def_nid); + /* + * EVP_PKEY_get_default_digest_nid() returns 2 if the digest is + * mandatory for this algorithm. + */ + if (def_ret == 2 && def_nid == NID_undef) { + /* The signing algorithm requires there to be no digest */ + dgst = EVP_md_null(); + } else if (md == NULL + && (md = lookup_conf(conf, section, ENV_DEFAULT_MD)) == NULL) { goto end; - - if (strcmp(md, "default") == 0) { - int def_nid; - if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0) { - BIO_puts(bio_err, "no default digest\n"); - goto end; + } else { + if (strcmp(md, "default") == 0) { + if (def_ret <= 0) { + BIO_puts(bio_err, "no default digest\n"); + goto end; + } + md = (char *)OBJ_nid2sn(def_nid); } - md = (char *)OBJ_nid2sn(def_nid); - } - if (!opt_md(md, &dgst)) { - goto end; + if (!opt_md(md, &dgst)) + goto end; } if (req) { @@ -766,21 +770,25 @@ int ca_main(int argc, char **argv) if (verbose) BIO_printf(bio_err, "policy is %s\n", policy); - serialfile = lookup_conf(conf, section, ENV_SERIAL); - if (serialfile == NULL) - goto end; + if (NCONF_get_string(conf, section, ENV_RAND_SERIAL) != NULL) { + rand_ser = 1; + } else { + serialfile = lookup_conf(conf, section, ENV_SERIAL); + if (serialfile == NULL) + goto end; + } - if (!extconf) { + if (extconf == NULL) { /* * no '-extfile' option, so we look for extensions in the main * configuration file */ - if (!extensions) { + if (extensions == NULL) { extensions = NCONF_get_string(conf, section, ENV_EXTENSIONS); - if (!extensions) + if (extensions == NULL) ERR_clear_error(); } - if (extensions) { + if (extensions != NULL) { /* Check syntax of file */ X509V3_CTX ctx; X509V3_set_ctx_test(&ctx); @@ -796,12 +804,11 @@ int ca_main(int argc, char **argv) } if (startdate == NULL) { - startdate = NCONF_get_string(conf, section, - ENV_DEFAULT_STARTDATE); + startdate = NCONF_get_string(conf, section, ENV_DEFAULT_STARTDATE); if (startdate == NULL) ERR_clear_error(); } - if (startdate && !ASN1_TIME_set_string(NULL, startdate)) { + if (startdate != NULL && !ASN1_TIME_set_string_X509(NULL, startdate)) { BIO_printf(bio_err, "start date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n"); goto end; @@ -814,7 +821,7 @@ int ca_main(int argc, char **argv) if (enddate == NULL) ERR_clear_error(); } - if (enddate && !ASN1_TIME_set_string(NULL, enddate)) { + if (enddate != NULL && !ASN1_TIME_set_string_X509(NULL, enddate)) { BIO_printf(bio_err, "end date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n"); goto end; @@ -824,24 +831,30 @@ int ca_main(int argc, char **argv) if (!NCONF_get_number(conf, section, ENV_DEFAULT_DAYS, &days)) days = 0; } - if (!enddate && (days == 0)) { - BIO_printf(bio_err, - "cannot lookup how many days to certify for\n"); + if (enddate == NULL && days == 0) { + BIO_printf(bio_err, "cannot lookup how many days to certify for\n"); goto end; } - if ((serial = load_serial(serialfile, create_ser, NULL)) == NULL) { - BIO_printf(bio_err, "error while loading serial number\n"); - goto end; - } - if (verbose) { - if (BN_is_zero(serial)) - BIO_printf(bio_err, "next serial number is 00\n"); - else { - if ((f = BN_bn2hex(serial)) == NULL) - goto end; - BIO_printf(bio_err, "next serial number is %s\n", f); - OPENSSL_free(f); + if (rand_ser) { + if ((serial = BN_new()) == NULL || !rand_serial(serial, NULL)) { + BIO_printf(bio_err, "error generating serial number\n"); + goto end; + } + } else { + if ((serial = load_serial(serialfile, create_ser, NULL)) == NULL) { + BIO_printf(bio_err, "error while loading serial number\n"); + goto end; + } + if (verbose) { + if (BN_is_zero(serial)) { + BIO_printf(bio_err, "next serial number is 00\n"); + } else { + if ((f = BN_bn2hex(serial)) == NULL) + goto end; + BIO_printf(bio_err, "next serial number is %s\n", f); + OPENSSL_free(f); + } } } @@ -859,7 +872,7 @@ int ca_main(int argc, char **argv) j = certify_spkac(&x, spkac_file, pkey, x509, dgst, sigopts, attribs, db, serial, subj, chtype, multirdn, email_dn, startdate, enddate, days, extensions, - conf, verbose, certopt, nameopt, default_op, + conf, verbose, certopt, get_nameopt(), default_op, ext_copy); if (j < 0) goto end; @@ -880,7 +893,7 @@ int ca_main(int argc, char **argv) attribs, db, serial, subj, chtype, multirdn, email_dn, startdate, enddate, days, batch, extensions, - conf, verbose, certopt, nameopt, default_op, + conf, verbose, certopt, get_nameopt(), default_op, ext_copy); if (j < 0) goto end; @@ -900,7 +913,7 @@ int ca_main(int argc, char **argv) j = certify(&x, infile, pkey, x509p, dgst, sigopts, attribs, db, serial, subj, chtype, multirdn, email_dn, startdate, enddate, days, batch, extensions, conf, verbose, - certopt, nameopt, default_op, ext_copy, selfsign); + certopt, get_nameopt(), default_op, ext_copy, selfsign); if (j < 0) goto end; if (j > 0) { @@ -919,7 +932,7 @@ int ca_main(int argc, char **argv) j = certify(&x, argv[i], pkey, x509p, dgst, sigopts, attribs, db, serial, subj, chtype, multirdn, email_dn, startdate, enddate, days, batch, extensions, conf, verbose, - certopt, nameopt, default_op, ext_copy, selfsign); + certopt, get_nameopt(), default_op, ext_copy, selfsign); if (j < 0) goto end; if (j > 0) { @@ -947,14 +960,13 @@ int ca_main(int argc, char **argv) "\n%d out of %d certificate requests certified, commit? [y/n]", total_done, total); (void)BIO_flush(bio_err); - buf[0][0] = '\0'; - if (!fgets(buf[0], 10, stdin)) { - BIO_printf(bio_err, - "CERTIFICATION CANCELED: I/O error\n"); + tmp[0] = '\0'; + if (fgets(tmp, sizeof(tmp), stdin) == NULL) { + BIO_printf(bio_err, "CERTIFICATION CANCELED: I/O error\n"); ret = 0; goto end; } - if ((buf[0][0] != 'y') && (buf[0][0] != 'Y')) { + if (tmp[0] != 'y' && tmp[0] != 'Y') { BIO_printf(bio_err, "CERTIFICATION CANCELED\n"); ret = 0; goto end; @@ -964,45 +976,42 @@ int ca_main(int argc, char **argv) BIO_printf(bio_err, "Write out database with %d new entries\n", sk_X509_num(cert_sk)); - if (!save_serial(serialfile, "new", serial, NULL)) + if (serialfile != NULL + && !save_serial(serialfile, "new", serial, NULL)) goto end; if (!save_index(dbfile, "new", db)) goto end; } + outdirlen = OPENSSL_strlcpy(new_cert, outdir, sizeof(new_cert)); +#ifndef OPENSSL_SYS_VMS + outdirlen = OPENSSL_strlcat(new_cert, "/", sizeof(new_cert)); +#endif + if (verbose) BIO_printf(bio_err, "writing new certificates\n"); + for (i = 0; i < sk_X509_num(cert_sk); i++) { BIO *Cout = NULL; X509 *xi = sk_X509_value(cert_sk, i); ASN1_INTEGER *serialNumber = X509_get_serialNumber(xi); - int k; - char *n; - - j = ASN1_STRING_length(serialNumber); - p = (const char *)ASN1_STRING_get0_data(serialNumber); + const unsigned char *psn = ASN1_STRING_get0_data(serialNumber); + const int snl = ASN1_STRING_length(serialNumber); + const int filen_len = 2 * (snl > 0 ? snl : 1) + sizeof(".pem"); + char *n = new_cert + outdirlen; - if (strlen(outdir) >= (size_t)(j ? BSIZE - j * 2 - 6 : BSIZE - 8)) { + if (outdirlen + filen_len > PATH_MAX) { BIO_printf(bio_err, "certificate file name too long\n"); goto end; } - strcpy(buf[2], outdir); - -#ifndef OPENSSL_SYS_VMS - OPENSSL_strlcat(buf[2], "/", sizeof(buf[2])); -#endif + if (snl > 0) { + static const char HEX_DIGITS[] = "0123456789ABCDEF"; - n = (char *)&(buf[2][strlen(buf[2])]); - if (j > 0) { - for (k = 0; k < j; k++) { - if (n >= &(buf[2][sizeof(buf[2])])) - break; - BIO_snprintf(n, - &buf[2][0] + sizeof(buf[2]) - n, - "%02X", (unsigned char)*(p++)); - n += 2; + for (j = 0; j < snl; j++, psn++) { + *n++ = HEX_DIGITS[*psn >> 4]; + *n++ = HEX_DIGITS[*psn & 0x0F]; } } else { *(n++) = '0'; @@ -1012,18 +1021,18 @@ int ca_main(int argc, char **argv) *(n++) = 'p'; *(n++) = 'e'; *(n++) = 'm'; - *n = '\0'; + *n = '\0'; /* closing new_cert */ if (verbose) - BIO_printf(bio_err, "writing %s\n", buf[2]); + BIO_printf(bio_err, "writing %s\n", new_cert); Sout = bio_open_default(outfile, 'w', output_der ? FORMAT_ASN1 : FORMAT_TEXT); if (Sout == NULL) goto end; - Cout = BIO_new_file(buf[2], "w"); + Cout = BIO_new_file(new_cert, "w"); if (Cout == NULL) { - perror(buf[2]); + perror(new_cert); goto end; } write_new_certificate(Cout, xi, 0, notext); @@ -1035,7 +1044,8 @@ int ca_main(int argc, char **argv) if (sk_X509_num(cert_sk)) { /* Rename the database and the serial file */ - if (!rotate_serial(serialfile, "new", "old")) + if (serialfile != NULL + && !rotate_serial(serialfile, "new", "old")) goto end; if (!rotate_index(dbfile, "new", "old")) @@ -1048,20 +1058,19 @@ int ca_main(int argc, char **argv) /*****************************************************************/ if (gencrl) { int crl_v2 = 0; - if (!crl_ext) { + if (crl_ext == NULL) { crl_ext = NCONF_get_string(conf, section, ENV_CRLEXT); - if (!crl_ext) + if (crl_ext == NULL) ERR_clear_error(); } - if (crl_ext) { + if (crl_ext != NULL) { /* Check syntax of file */ X509V3_CTX ctx; X509V3_set_ctx_test(&ctx); X509V3_set_nconf(&ctx, conf); if (!X509V3_EXT_add_nconf(conf, &ctx, crl_ext, NULL)) { BIO_printf(bio_err, - "Error Loading CRL extension section %s\n", - crl_ext); + "Error Loading CRL extension section %s\n", crl_ext); ret = 1; goto end; } @@ -1144,12 +1153,12 @@ int ca_main(int argc, char **argv) /* Add any extensions asked for */ - if (crl_ext || crlnumberfile != NULL) { + if (crl_ext != NULL || crlnumberfile != NULL) { X509V3_CTX crlctx; X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0); X509V3_set_nconf(&crlctx, conf); - if (crl_ext) + if (crl_ext != NULL) if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx, crl_ext, crl)) goto end; if (crlnumberfile != NULL) { @@ -1163,15 +1172,15 @@ int ca_main(int argc, char **argv) goto end; } } - if (crl_ext || crl_v2) { + if (crl_ext != NULL || crl_v2) { if (!X509_CRL_set_version(crl, 1)) goto end; /* version 2 CRL */ } /* we have a CRL number that need updating */ - if (crlnumberfile != NULL) - if (!save_serial(crlnumberfile, "new", crlnumber, NULL)) - goto end; + if (crlnumberfile != NULL + && !save_serial(crlnumberfile, "new", crlnumber, NULL)) + goto end; BN_free(crlnumber); crlnumber = NULL; @@ -1186,9 +1195,10 @@ int ca_main(int argc, char **argv) PEM_write_bio_X509_CRL(Sout, crl); - if (crlnumberfile != NULL) /* Rename the crlnumber file */ - if (!rotate_serial(crlnumberfile, "new", "old")) - goto end; + /* Rename the crlnumber file */ + if (crlnumberfile != NULL + && !rotate_serial(crlnumberfile, "new", "old")) + goto end; } /*****************************************************************/ @@ -1202,7 +1212,7 @@ int ca_main(int argc, char **argv) if (revcert == NULL) goto end; if (dorevoke == 2) - rev_type = -1; + rev_type = REV_VALID; j = do_revoke(revcert, db, rev_type, rev_arg); if (j <= 0) goto end; @@ -1217,17 +1227,16 @@ int ca_main(int argc, char **argv) BIO_printf(bio_err, "Data Base Updated\n"); } } - /*****************************************************************/ ret = 0; + end: + if (ret) + ERR_print_errors(bio_err); BIO_free_all(Sout); BIO_free_all(out); BIO_free_all(in); sk_X509_pop_free(cert_sk, X509_free); - if (ret) - ERR_print_errors(bio_err); - app_RAND_write_file(randfile); if (free_key) OPENSSL_free(key); BN_free(serial); @@ -1240,7 +1249,7 @@ int ca_main(int argc, char **argv) NCONF_free(conf); NCONF_free(extconf); release_engine(e); - return (ret); + return ret; } static char *lookup_conf(const CONF *conf, const char *section, const char *tag) @@ -1277,7 +1286,7 @@ static int certify(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x509, goto end; } if (verbose) - X509_REQ_print(bio_err, req); + X509_REQ_print_ex(bio_err, req, nameopt, X509_FLAG_COMPAT); BIO_printf(bio_err, "Check that the request matches the signature\n"); @@ -1305,8 +1314,9 @@ static int certify(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x509, "Signature did not match the certificate request\n"); ERR_print_errors(bio_err); goto end; - } else + } else { BIO_printf(bio_err, "Signature ok\n"); + } ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj, chtype, multirdn, email_dn, startdate, enddate, days, batch, @@ -1316,7 +1326,7 @@ static int certify(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x509, end: X509_REQ_free(req); BIO_free(in); - return (ok); + return ok; } static int certify_cert(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x509, @@ -1354,8 +1364,9 @@ static int certify_cert(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x ok = 0; BIO_printf(bio_err, "Signature did not match the certificate\n"); goto end; - } else + } else { BIO_printf(bio_err, "Signature ok\n"); + } if ((rreq = X509_to_X509_REQ(req, NULL, NULL)) == NULL) goto end; @@ -1368,7 +1379,7 @@ static int certify_cert(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x end: X509_REQ_free(rreq); X509_free(req); - return (ok); + return ok; } static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, @@ -1385,8 +1396,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, ASN1_STRING *str, *str2; ASN1_OBJECT *obj; X509 *ret = NULL; - X509_NAME_ENTRY *ne; - X509_NAME_ENTRY *tne, *push; + X509_NAME_ENTRY *ne, *tne; EVP_PKEY *pktmp; int ok = -1, i, j, last, nid; const char *p; @@ -1411,49 +1421,44 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, } if (default_op) - BIO_printf(bio_err, - "The Subject's Distinguished Name is as follows\n"); + BIO_printf(bio_err, "The Subject's Distinguished Name is as follows\n"); name = X509_REQ_get_subject_name(req); for (i = 0; i < X509_NAME_entry_count(name); i++) { ne = X509_NAME_get_entry(name, i); str = X509_NAME_ENTRY_get_data(ne); obj = X509_NAME_ENTRY_get_object(ne); + nid = OBJ_obj2nid(obj); if (msie_hack) { /* assume all type should be strings */ - nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(ne)); if (str->type == V_ASN1_UNIVERSALSTRING) ASN1_UNIVERSALSTRING_to_string(str); - if ((str->type == V_ASN1_IA5STRING) && - (nid != NID_pkcs9_emailAddress)) + if (str->type == V_ASN1_IA5STRING && nid != NID_pkcs9_emailAddress) str->type = V_ASN1_T61STRING; - if ((nid == NID_pkcs9_emailAddress) && - (str->type == V_ASN1_PRINTABLESTRING)) + if (nid == NID_pkcs9_emailAddress + && str->type == V_ASN1_PRINTABLESTRING) str->type = V_ASN1_IA5STRING; } /* If no EMAIL is wanted in the subject */ - if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) && (!email_dn)) + if (nid == NID_pkcs9_emailAddress && !email_dn) continue; /* check some things */ - if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) && - (str->type != V_ASN1_IA5STRING)) { + if (nid == NID_pkcs9_emailAddress && str->type != V_ASN1_IA5STRING) { BIO_printf(bio_err, "\nemailAddress type needs to be of type IA5STRING\n"); goto end; } - if ((str->type != V_ASN1_BMPSTRING) - && (str->type != V_ASN1_UTF8STRING)) { + if (str->type != V_ASN1_BMPSTRING && str->type != V_ASN1_UTF8STRING) { j = ASN1_PRINTABLE_type(str->data, str->length); - if (((j == V_ASN1_T61STRING) && - (str->type != V_ASN1_T61STRING)) || - ((j == V_ASN1_IA5STRING) && - (str->type == V_ASN1_PRINTABLESTRING))) { + if ((j == V_ASN1_T61STRING && str->type != V_ASN1_T61STRING) || + (j == V_ASN1_IA5STRING && str->type == V_ASN1_PRINTABLESTRING)) + { BIO_printf(bio_err, "\nThe string contains characters that are illegal for the ASN.1 type\n"); goto end; @@ -1491,6 +1496,8 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, last = -1; for (;;) { + X509_NAME_ENTRY *push = NULL; + /* lookup the object in the supplied name list */ j = X509_NAME_get_index_by_OBJ(name, obj, last); if (j < 0) { @@ -1503,7 +1510,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, last = j; /* depending on the 'policy', decide what to do. */ - push = NULL; if (strcmp(cv->value, "optional") == 0) { if (tne != NULL) push = tne; @@ -1513,8 +1519,9 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, "The %s field needed to be supplied and was missing\n", cv->name); goto end; - } else + } else { push = tne; + } } else if (strcmp(cv->value, "match") == 0) { int last2; @@ -1532,8 +1539,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, if ((j < 0) && (last2 == -1)) { BIO_printf(bio_err, "The %s field does not exist in the CA certificate,\n" - "the 'policy' is misconfigured\n", - cv->name); + "the 'policy' is misconfigured\n", cv->name); goto end; } if (j >= 0) { @@ -1632,7 +1638,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, else X509V3_set_ctx(&ctx, x509, ret, req, NULL, 0); - if (extconf) { + if (extconf != NULL) { if (verbose) BIO_printf(bio_err, "Extra configuration file found\n"); @@ -1705,11 +1711,11 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, BIO_printf(bio_err, "Memory allocation failure\n"); goto end; } + i = -1; while ((i = X509_NAME_get_index_by_NID(dn_subject, NID_pkcs9_emailAddress, - -1)) >= 0) { - tmpne = X509_NAME_get_entry(dn_subject, i); - X509_NAME_delete_entry(dn_subject, i); + i)) >= 0) { + tmpne = X509_NAME_delete_entry(dn_subject, i--); X509_NAME_ENTRY_free(tmpne); } @@ -1827,13 +1833,13 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, BIO_printf(bio_err, "Sign the certificate? [y/n]:"); (void)BIO_flush(bio_err); buf[0] = '\0'; - if (!fgets(buf, sizeof(buf) - 1, stdin)) { + if (fgets(buf, sizeof(buf), stdin) == NULL) { BIO_printf(bio_err, "CERTIFICATE WILL NOT BE CERTIFIED: I/O error\n"); ok = 0; goto end; } - if (!((buf[0] == 'y') || (buf[0] == 'Y'))) { + if (!(buf[0] == 'y' || buf[0] == 'Y')) { BIO_printf(bio_err, "CERTIFICATE WILL NOT BE CERTIFIED\n"); ok = 0; goto end; @@ -1848,7 +1854,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, if (!do_X509_sign(ret, pkey, dgst, sigopts)) goto end; - /* We now just add it to the database */ + /* We now just add it to the database as DB_TYPE_VAL('V') */ row[DB_type] = OPENSSL_strdup("V"); tm = X509_get0_notAfter(ret); row[DB_exp_date] = app_malloc(tm->length + 1, "row expdate"); @@ -1887,11 +1893,10 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, X509_free(ret); else *xret = ret; - return (ok); + return ok; } -static void write_new_certificate(BIO *bp, X509 *x, int output_der, - int notext) +static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext) { if (output_der) { @@ -2007,8 +2012,7 @@ static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey, * Now extract the key from the SPKI structure. */ - BIO_printf(bio_err, - "Check that the SPKAC request matches the signature\n"); + BIO_printf(bio_err, "Check that the SPKAC request matches the signature\n"); if ((pktmp = NETSCAPE_SPKI_get_pubkey(spki)) == NULL) { BIO_printf(bio_err, "error unpacking SPKAC public key\n"); @@ -2036,7 +2040,7 @@ static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey, NETSCAPE_SPKI_free(spki); X509_NAME_ENTRY_free(ne); - return (ok); + return ok; } static int check_time_format(const char *str) @@ -2044,7 +2048,8 @@ static int check_time_format(const char *str) return ASN1_TIME_set_string(NULL, str); } -static int do_revoke(X509 *x509, CA_DB *db, int type, char *value) +static int do_revoke(X509 *x509, CA_DB *db, REVINFO_TYPE rev_type, + const char *value) { const ASN1_TIME *tm = NULL; char *row[DB_NUMBER], **rrow, **irow; @@ -2082,7 +2087,7 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value) "Adding Entry with serial number %s to DB for %s\n", row[DB_serial], row[DB_name]); - /* We now just add it to the database */ + /* We now just add it to the database as DB_TYPE_REV('V') */ row[DB_type] = OPENSSL_strdup("V"); tm = X509_get0_notAfter(x509); row[DB_exp_date] = app_malloc(tm->length + 1, "row exp_data"); @@ -2112,32 +2117,33 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value) row[i] = NULL; /* Revoke Certificate */ - if (type == -1) + if (rev_type == REV_VALID) ok = 1; else - ok = do_revoke(x509, db, type, value); + /* Retry revocation after DB insertion */ + ok = do_revoke(x509, db, rev_type, value); goto end; } else if (index_name_cmp_noconst(row, rrow)) { BIO_printf(bio_err, "ERROR:name does not match %s\n", row[DB_name]); goto end; - } else if (type == -1) { + } else if (rev_type == REV_VALID) { BIO_printf(bio_err, "ERROR:Already present, serial number %s\n", row[DB_serial]); goto end; - } else if (rrow[DB_type][0] == 'R') { + } else if (rrow[DB_type][0] == DB_TYPE_REV) { BIO_printf(bio_err, "ERROR:Already revoked, serial number %s\n", row[DB_serial]); goto end; } else { BIO_printf(bio_err, "Revoking Certificate %s.\n", rrow[DB_serial]); - rev_str = make_revocation_str(type, value); + rev_str = make_revocation_str(rev_type, value); if (!rev_str) { BIO_printf(bio_err, "Error in revocation arguments\n"); goto end; } - rrow[DB_type][0] = 'R'; + rrow[DB_type][0] = DB_TYPE_REV; rrow[DB_type][1] = '\0'; rrow[DB_rev_date] = rev_str; } @@ -2145,7 +2151,7 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value) end: for (i = 0; i < DB_NUMBER; i++) OPENSSL_free(row[i]); - return (ok); + return ok; } static int get_certificate_status(const char *serial, CA_DB *db) @@ -2164,7 +2170,7 @@ static int get_certificate_status(const char *serial, CA_DB *db) if (serial_len % 2) { /* * Set the first char to 0 - */ ; + */ row[DB_serial][0] = '0'; /* Copy String from serial to row[DB_serial] */ @@ -2177,8 +2183,7 @@ static int get_certificate_status(const char *serial, CA_DB *db) } /* Make it Upper Case */ - for (i = 0; row[DB_serial][i] != '\0'; i++) - row[DB_serial][i] = toupper((unsigned char)row[DB_serial][i]); + make_uppercase(row[DB_serial]); ok = 1; @@ -2188,19 +2193,19 @@ static int get_certificate_status(const char *serial, CA_DB *db) BIO_printf(bio_err, "Serial %s not present in db.\n", row[DB_serial]); ok = -1; goto end; - } else if (rrow[DB_type][0] == 'V') { + } else if (rrow[DB_type][0] == DB_TYPE_VAL) { BIO_printf(bio_err, "%s=Valid (%c)\n", row[DB_serial], rrow[DB_type][0]); goto end; - } else if (rrow[DB_type][0] == 'R') { + } else if (rrow[DB_type][0] == DB_TYPE_REV) { BIO_printf(bio_err, "%s=Revoked (%c)\n", row[DB_serial], rrow[DB_type][0]); goto end; - } else if (rrow[DB_type][0] == 'E') { + } else if (rrow[DB_type][0] == DB_TYPE_EXP) { BIO_printf(bio_err, "%s=Expired (%c)\n", row[DB_serial], rrow[DB_type][0]); goto end; - } else if (rrow[DB_type][0] == 'S') { + } else if (rrow[DB_type][0] == DB_TYPE_SUSP) { BIO_printf(bio_err, "%s=Suspended (%c)\n", row[DB_serial], rrow[DB_type][0]); goto end; @@ -2213,7 +2218,7 @@ static int get_certificate_status(const char *serial, CA_DB *db) for (i = 0; i < DB_NUMBER; i++) { OPENSSL_free(row[i]); } - return (ok); + return ok; } static int do_updatedb(CA_DB *db) @@ -2245,7 +2250,7 @@ static int do_updatedb(CA_DB *db) for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { rrow = sk_OPENSSL_PSTRING_value(db->db->data, i); - if (rrow[DB_type][0] == 'V') { + if (rrow[DB_type][0] == DB_TYPE_VAL) { /* ignore entries that are not valid */ if (strncmp(rrow[DB_exp_date], "49", 2) <= 0) db_y2k = 1; @@ -2255,14 +2260,14 @@ static int do_updatedb(CA_DB *db) if (db_y2k == a_y2k) { /* all on the same y2k side */ if (strcmp(rrow[DB_exp_date], a_tm_s) <= 0) { - rrow[DB_type][0] = 'E'; + rrow[DB_type][0] = DB_TYPE_EXP; rrow[DB_type][1] = '\0'; cnt++; BIO_printf(bio_err, "%s=Expired\n", rrow[DB_serial]); } } else if (db_y2k < a_y2k) { - rrow[DB_type][0] = 'E'; + rrow[DB_type][0] = DB_TYPE_EXP; rrow[DB_type][1] = '\0'; cnt++; @@ -2274,7 +2279,7 @@ static int do_updatedb(CA_DB *db) ASN1_UTCTIME_free(a_tm); OPENSSL_free(a_tm_s); - return (cnt); + return cnt; } static const char *crl_reasons[] = { @@ -2302,16 +2307,17 @@ static const char *crl_reasons[] = { * additional argument */ -char *make_revocation_str(int rev_type, char *rev_arg) +static char *make_revocation_str(REVINFO_TYPE rev_type, const char *rev_arg) { char *str; - const char *other = NULL; - const char *reason = NULL; + const char *reason = NULL, *other = NULL; ASN1_OBJECT *otmp; ASN1_UTCTIME *revtm = NULL; int i; + switch (rev_type) { case REV_NONE: + case REV_VALID: break; case REV_CRL_REASON: @@ -2329,7 +2335,6 @@ char *make_revocation_str(int rev_type, char *rev_arg) case REV_HOLD: /* Argument is an OID */ - otmp = OBJ_txt2obj(rev_arg, 0); ASN1_OBJECT_free(otmp); @@ -2344,7 +2349,6 @@ char *make_revocation_str(int rev_type, char *rev_arg) case REV_KEY_COMPROMISE: case REV_CA_COMPROMISE: - /* Argument is the key compromise time */ if (!ASN1_GENERALIZEDTIME_set_string(NULL, rev_arg)) { BIO_printf(bio_err, @@ -2359,7 +2363,6 @@ char *make_revocation_str(int rev_type, char *rev_arg) reason = "CAkeyTime"; break; - } revtm = X509_gmtime_adj(NULL, 0); @@ -2396,7 +2399,7 @@ char *make_revocation_str(int rev_type, char *rev_arg) * 2 OK and some extensions added (i.e. V2 CRL) */ -int make_revoked(X509_REVOKED *rev, const char *str) +static int make_revoked(X509_REVOKED *rev, const char *str) { char *tmp = NULL; int reason_code = -1; @@ -2546,9 +2549,9 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, goto end; } - if (reason_code == 7) + if (reason_code == 7) { reason_code = OCSP_REVOKED_STATUS_REMOVEFROMCRL; - else if (reason_code == 8) { /* Hold instruction */ + } else if (reason_code == 8) { /* Hold instruction */ if (!arg_str) { BIO_printf(bio_err, "missing hold instruction\n"); goto end; @@ -2557,8 +2560,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, hold = OBJ_txt2obj(arg_str, 0); if (!hold) { - BIO_printf(bio_err, "invalid object identifier %s\n", - arg_str); + BIO_printf(bio_err, "invalid object identifier %s\n", arg_str); goto end; } if (phold) diff --git a/deps/openssl/openssl/apps/ciphers.c b/deps/openssl/openssl/apps/ciphers.c index e1b5b255c99744..0bb33a4aca4ba8 100644 --- a/deps/openssl/openssl/apps/ciphers.c +++ b/deps/openssl/openssl/apps/ciphers.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,22 +11,26 @@ #include #include #include "apps.h" +#include "progs.h" #include #include typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_STDNAME, + OPT_CONVERT, OPT_SSL3, OPT_TLS1, OPT_TLS1_1, OPT_TLS1_2, + OPT_TLS1_3, OPT_PSK, OPT_SRP, + OPT_CIPHERSUITES, OPT_V, OPT_UPPER_V, OPT_S } OPTION_CHOICE; -OPTIONS ciphers_options[] = { +const OPTIONS ciphers_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, {"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"}, {"V", OPT_UPPER_V, '-', "Even more verbose"}, @@ -43,15 +47,19 @@ OPTIONS ciphers_options[] = { #ifndef OPENSSL_NO_TLS1_2 {"tls1_2", OPT_TLS1_2, '-', "TLS1.2 mode"}, #endif -#ifndef OPENSSL_NO_SSL_TRACE - {"stdname", OPT_STDNAME, '-', "Show standard cipher names"}, +#ifndef OPENSSL_NO_TLS1_3 + {"tls1_3", OPT_TLS1_3, '-', "TLS1.3 mode"}, #endif + {"stdname", OPT_STDNAME, '-', "Show standard cipher names"}, #ifndef OPENSSL_NO_PSK {"psk", OPT_PSK, '-', "include ciphersuites requiring PSK"}, #endif #ifndef OPENSSL_NO_SRP {"srp", OPT_SRP, '-', "include ciphersuites requiring SRP"}, #endif + {"convert", OPT_CONVERT, 's', "Convert standard name into OpenSSL name"}, + {"ciphersuites", OPT_CIPHERSUITES, 's', + "Configure the TLSv1.3 ciphersuites to use"}, {NULL} }; @@ -78,9 +86,7 @@ int ciphers_main(int argc, char **argv) STACK_OF(SSL_CIPHER) *sk = NULL; const SSL_METHOD *meth = TLS_server_method(); int ret = 1, i, verbose = 0, Verbose = 0, use_supported = 0; -#ifndef OPENSSL_NO_SSL_TRACE int stdname = 0; -#endif #ifndef OPENSSL_NO_PSK int psk = 0; #endif @@ -88,7 +94,7 @@ int ciphers_main(int argc, char **argv) int srp = 0; #endif const char *p; - char *ciphers = NULL, *prog; + char *ciphers = NULL, *prog, *convert = NULL, *ciphersuites = NULL; char buf[512]; OPTION_CHOICE o; int min_version = 0, max_version = 0; @@ -115,9 +121,10 @@ int ciphers_main(int argc, char **argv) use_supported = 1; break; case OPT_STDNAME: -#ifndef OPENSSL_NO_SSL_TRACE stdname = verbose = 1; -#endif + break; + case OPT_CONVERT: + convert = opt_arg(); break; case OPT_SSL3: min_version = SSL3_VERSION; @@ -135,6 +142,10 @@ int ciphers_main(int argc, char **argv) min_version = TLS1_2_VERSION; max_version = TLS1_2_VERSION; break; + case OPT_TLS1_3: + min_version = TLS1_3_VERSION; + max_version = TLS1_3_VERSION; + break; case OPT_PSK: #ifndef OPENSSL_NO_PSK psk = 1; @@ -145,6 +156,9 @@ int ciphers_main(int argc, char **argv) srp = 1; #endif break; + case OPT_CIPHERSUITES: + ciphersuites = opt_arg(); + break; } } argv = opt_rest(); @@ -155,6 +169,12 @@ int ciphers_main(int argc, char **argv) else if (argc != 0) goto opthelp; + if (convert != NULL) { + BIO_printf(bio_out, "OpenSSL cipher name: %s\n", + OPENSSL_cipher_name(convert)); + goto end; + } + ctx = SSL_CTX_new(meth); if (ctx == NULL) goto err; @@ -171,6 +191,12 @@ int ciphers_main(int argc, char **argv) if (srp) SSL_CTX_set_srp_client_pwd_callback(ctx, dummy_srp); #endif + + if (ciphersuites != NULL && !SSL_CTX_set_ciphersuites(ctx, ciphersuites)) { + BIO_printf(bio_err, "Error setting TLSv1.3 ciphersuites\n"); + goto err; + } + if (ciphers != NULL) { if (!SSL_CTX_set_cipher_list(ctx, ciphers)) { BIO_printf(bio_err, "Error in cipher list\n"); @@ -217,14 +243,12 @@ int ciphers_main(int argc, char **argv) else BIO_printf(bio_out, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */ } -#ifndef OPENSSL_NO_SSL_TRACE if (stdname) { const char *nm = SSL_CIPHER_standard_name(c); if (nm == NULL) nm = "UNKNOWN"; BIO_printf(bio_out, "%s - ", nm); } -#endif BIO_puts(bio_out, SSL_CIPHER_description(c, buf, sizeof(buf))); } } @@ -238,5 +262,5 @@ int ciphers_main(int argc, char **argv) sk_SSL_CIPHER_free(sk); SSL_CTX_free(ctx); SSL_free(ssl); - return (ret); + return ret; } diff --git a/deps/openssl/openssl/apps/cms.c b/deps/openssl/openssl/apps/cms.c index 640f92eb1b3779..e9d760c999b78f 100644 --- a/deps/openssl/openssl/apps/cms.c +++ b/deps/openssl/openssl/apps/cms.c @@ -12,6 +12,7 @@ #include #include #include "apps.h" +#include "progs.h" #ifndef OPENSSL_NO_CMS @@ -76,15 +77,16 @@ typedef enum OPTION_choice { OPT_RR_ALL, OPT_RR_FIRST, OPT_RCTFORM, OPT_CERTFILE, OPT_CAFILE, OPT_CAPATH, OPT_NOCAPATH, OPT_NOCAFILE,OPT_CONTENT, OPT_PRINT, OPT_SECRETKEY, OPT_SECRETKEYID, OPT_PWRI_PASSWORD, OPT_ECONTENT_TYPE, - OPT_RAND, OPT_PASSIN, OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP, + OPT_PASSIN, OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP, OPT_CERTSOUT, OPT_MD, OPT_INKEY, OPT_KEYFORM, OPT_KEYOPT, OPT_RR_FROM, OPT_RR_TO, OPT_AES128_WRAP, OPT_AES192_WRAP, OPT_AES256_WRAP, OPT_3DES_WRAP, OPT_ENGINE, + OPT_R_ENUM, OPT_V_ENUM, OPT_CIPHER } OPTION_CHOICE; -OPTIONS cms_options[] = { +const OPTIONS cms_options[] = { {OPT_HELP_STR, 1, '-', "Usage: %s [options] cert.pem...\n"}, {OPT_HELP_STR, 1, '-', " cert.pem... recipient certs for encryption\n"}, @@ -146,14 +148,12 @@ OPTIONS cms_options[] = { "Do not load certificates from the default certificates directory"}, {"content", OPT_CONTENT, '<', "Supply or override content for detached signature"}, - {"print", OPT_PRINT, '-', + {"print", OPT_PRINT, '-', "For the -cmsout operation print out all fields of the CMS structure"}, {"secretkey", OPT_SECRETKEY, 's'}, {"secretkeyid", OPT_SECRETKEYID, 's'}, {"pwri_password", OPT_PWRI_PASSWORD, 's'}, {"econtent_type", OPT_ECONTENT_TYPE, 's'}, - {"rand", OPT_RAND, 's', - "Load the file(s) into the random number generator"}, {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, {"to", OPT_TO, 's', "To address"}, {"from", OPT_FROM, 's', "From address"}, @@ -169,6 +169,7 @@ OPTIONS cms_options[] = { {"receipt_request_from", OPT_RR_FROM, 's'}, {"receipt_request_to", OPT_RR_TO, 's'}, {"", OPT_CIPHER, '-', "Any supported cipher"}, + OPT_R_OPTIONS, OPT_V_OPTIONS, {"aes128-wrap", OPT_AES128_WRAP, '-', "Use AES128 to wrap key"}, {"aes192-wrap", OPT_AES192_WRAP, '-', "Use AES192 to wrap key"}, @@ -202,16 +203,13 @@ int cms_main(int argc, char **argv) const char *CAfile = NULL, *CApath = NULL; char *certsoutfile = NULL; int noCAfile = 0, noCApath = 0; - char *infile = NULL, *outfile = NULL, *rctfile = NULL, *inrand = NULL; - char *passinarg = NULL, *passin = NULL, *signerfile = NULL, *recipfile = - NULL; + char *infile = NULL, *outfile = NULL, *rctfile = NULL; + char *passinarg = NULL, *passin = NULL, *signerfile = NULL, *recipfile = NULL; char *to = NULL, *from = NULL, *subject = NULL, *prog; cms_key_param *key_first = NULL, *key_param = NULL; - int flags = CMS_DETACHED, noout = 0, print = 0, keyidx = -1, vpmtouched = - 0; + int flags = CMS_DETACHED, noout = 0, print = 0, keyidx = -1, vpmtouched = 0; int informat = FORMAT_SMIME, outformat = FORMAT_SMIME; - int need_rand = 0, operation = 0, ret = 1, rr_print = 0, rr_allorfirst = - -1; + int operation = 0, ret = 1, rr_print = 0, rr_allorfirst = -1; int verify_retcode = 0, rctformat = FORMAT_SMIME, keyform = FORMAT_PEM; size_t secret_keylen = 0, secret_keyidlen = 0; unsigned char *pwri_pass = NULL, *pwri_tmp = NULL; @@ -449,10 +447,6 @@ int cms_main(int argc, char **argv) goto opthelp; } break; - case OPT_RAND: - inrand = opt_arg(); - need_rand = 1; - break; case OPT_ENGINE: e = setup_engine(opt_arg(), 0); break; @@ -477,7 +471,7 @@ int cms_main(int argc, char **argv) break; case OPT_SIGNER: /* If previous -signer argument add signer to list */ - if (signerfile) { + if (signerfile != NULL) { if (sksigners == NULL && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) goto end; @@ -494,7 +488,7 @@ int cms_main(int argc, char **argv) break; case OPT_INKEY: /* If previous -inkey argument add signer to list */ - if (keyfile) { + if (keyfile != NULL) { if (signerfile == NULL) { BIO_puts(bio_err, "Illegal -inkey without -signer\n"); goto end; @@ -525,8 +519,9 @@ int cms_main(int argc, char **argv) goto end; sk_X509_push(encerts, cert); cert = NULL; - } else + } else { recipfile = opt_arg(); + } break; case OPT_CIPHER: if (!opt_cipher(opt_unknown(), &cipher)) @@ -535,12 +530,12 @@ int cms_main(int argc, char **argv) case OPT_KEYOPT: keyidx = -1; if (operation == SMIME_ENCRYPT) { - if (encerts) + if (encerts != NULL) keyidx += sk_X509_num(encerts); } else { - if (keyfile || signerfile) + if (keyfile != NULL || signerfile != NULL) keyidx++; - if (skkeys) + if (skkeys != NULL) keyidx += sk_OPENSSL_STRING_num(skkeys); } if (keyidx < 0) { @@ -567,6 +562,10 @@ int cms_main(int argc, char **argv) goto end; vpmtouched++; break; + case OPT_R_CASES: + if (!opt_rand(o)) + goto end; + break; case OPT_3DES_WRAP: # ifndef OPENSSL_NO_DES wrap_cipher = EVP_des_ede3_wrap(); @@ -586,87 +585,77 @@ int cms_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); - if (((rr_allorfirst != -1) || rr_from) && !rr_to) { + if ((rr_allorfirst != -1 || rr_from != NULL) && rr_to == NULL) { BIO_puts(bio_err, "No Signed Receipts Recipients\n"); goto opthelp; } - if (!(operation & SMIME_SIGNERS) && (rr_to || rr_from)) { + if (!(operation & SMIME_SIGNERS) && (rr_to != NULL || rr_from != NULL)) { BIO_puts(bio_err, "Signed receipts only allowed with -sign\n"); goto opthelp; } - if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners)) { + if (!(operation & SMIME_SIGNERS) && (skkeys != NULL || sksigners != NULL)) { BIO_puts(bio_err, "Multiple signers or keys not allowed\n"); goto opthelp; } if (operation & SMIME_SIGNERS) { - if (keyfile && !signerfile) { + if (keyfile != NULL && signerfile == NULL) { BIO_puts(bio_err, "Illegal -inkey without -signer\n"); goto opthelp; } /* Check to see if any final signer needs to be appended */ - if (signerfile) { - if (!sksigners + if (signerfile != NULL) { + if (sksigners == NULL && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) goto end; sk_OPENSSL_STRING_push(sksigners, signerfile); - if (!skkeys && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) + if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - if (!keyfile) + if (keyfile == NULL) keyfile = signerfile; sk_OPENSSL_STRING_push(skkeys, keyfile); } - if (!sksigners) { + if (sksigners == NULL) { BIO_printf(bio_err, "No signer certificate specified\n"); goto opthelp; } signerfile = NULL; keyfile = NULL; - need_rand = 1; - } - - else if (operation == SMIME_DECRYPT) { - if (!recipfile && !keyfile && !secret_key && !pwri_pass) { + } else if (operation == SMIME_DECRYPT) { + if (recipfile == NULL && keyfile == NULL + && secret_key == NULL && pwri_pass == NULL) { BIO_printf(bio_err, "No recipient certificate or key specified\n"); goto opthelp; } } else if (operation == SMIME_ENCRYPT) { - if (*argv == NULL && !secret_key && !pwri_pass && !encerts) { + if (*argv == NULL && secret_key == NULL + && pwri_pass == NULL && encerts == NULL) { BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n"); goto opthelp; } - need_rand = 1; - } else if (!operation) + } else if (!operation) { goto opthelp; + } if (!app_passwd(passinarg, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; } - if (need_rand) { - app_RAND_load_file(NULL, (inrand != NULL)); - if (inrand != NULL) - BIO_printf(bio_err, "%ld semi-random bytes loaded\n", - app_RAND_load_files(inrand)); - } - ret = 2; if (!(operation & SMIME_SIGNERS)) flags &= ~CMS_DETACHED; - if (!(operation & SMIME_OP)) { + if (!(operation & SMIME_OP)) if (flags & CMS_BINARY) outformat = FORMAT_BINARY; - } - if (!(operation & SMIME_IP)) { + if (!(operation & SMIME_IP)) if (flags & CMS_BINARY) informat = FORMAT_BINARY; - } if (operation == SMIME_ENCRYPT) { if (!cipher) { @@ -683,7 +672,7 @@ int cms_main(int argc, char **argv) goto end; } - if (*argv && !encerts) + if (*argv && encerts == NULL) if ((encerts = sk_X509_new_null()) == NULL) goto end; while (*argv) { @@ -696,7 +685,7 @@ int cms_main(int argc, char **argv) } } - if (certfile) { + if (certfile != NULL) { if (!load_certs(certfile, &other, FORMAT_PEM, NULL, "certificate file")) { ERR_print_errors(bio_err); @@ -704,7 +693,7 @@ int cms_main(int argc, char **argv) } } - if (recipfile && (operation == SMIME_DECRYPT)) { + if (recipfile != NULL && (operation == SMIME_DECRYPT)) { if ((recip = load_cert(recipfile, FORMAT_PEM, "recipient certificate file")) == NULL) { ERR_print_errors(bio_err); @@ -721,17 +710,18 @@ int cms_main(int argc, char **argv) } if (operation == SMIME_DECRYPT) { - if (!keyfile) + if (keyfile == NULL) keyfile = recipfile; } else if ((operation == SMIME_SIGN) || (operation == SMIME_SIGN_RECEIPT)) { - if (!keyfile) + if (keyfile == NULL) keyfile = signerfile; - } else + } else { keyfile = NULL; + } - if (keyfile) { + if (keyfile != NULL) { key = load_key(keyfile, keyform, 0, passin, e, "signing key file"); - if (!key) + if (key == NULL) goto end; } @@ -740,29 +730,29 @@ int cms_main(int argc, char **argv) goto end; if (operation & SMIME_IP) { - if (informat == FORMAT_SMIME) + if (informat == FORMAT_SMIME) { cms = SMIME_read_CMS(in, &indata); - else if (informat == FORMAT_PEM) + } else if (informat == FORMAT_PEM) { cms = PEM_read_bio_CMS(in, NULL, NULL, NULL); - else if (informat == FORMAT_ASN1) + } else if (informat == FORMAT_ASN1) { cms = d2i_CMS_bio(in, NULL); - else { + } else { BIO_printf(bio_err, "Bad input format for CMS file\n"); goto end; } - if (!cms) { + if (cms == NULL) { BIO_printf(bio_err, "Error reading S/MIME message\n"); goto end; } - if (contfile) { + if (contfile != NULL) { BIO_free(indata); if ((indata = BIO_new_file(contfile, "rb")) == NULL) { BIO_printf(bio_err, "Can't read content file %s\n", contfile); goto end; } } - if (certsoutfile) { + if (certsoutfile != NULL) { STACK_OF(X509) *allcerts; allcerts = CMS_get1_certs(cms); if (!save_certs(certsoutfile, allcerts)) { @@ -775,25 +765,25 @@ int cms_main(int argc, char **argv) } } - if (rctfile) { + if (rctfile != NULL) { char *rctmode = (rctformat == FORMAT_ASN1) ? "rb" : "r"; if ((rctin = BIO_new_file(rctfile, rctmode)) == NULL) { BIO_printf(bio_err, "Can't open receipt file %s\n", rctfile); goto end; } - if (rctformat == FORMAT_SMIME) + if (rctformat == FORMAT_SMIME) { rcms = SMIME_read_CMS(rctin, NULL); - else if (rctformat == FORMAT_PEM) + } else if (rctformat == FORMAT_PEM) { rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL); - else if (rctformat == FORMAT_ASN1) + } else if (rctformat == FORMAT_ASN1) { rcms = d2i_CMS_bio(rctin, NULL); - else { + } else { BIO_printf(bio_err, "Bad input format for receipt\n"); goto end; } - if (!rcms) { + if (rcms == NULL) { BIO_printf(bio_err, "Error reading receipt\n"); goto end; } @@ -823,7 +813,7 @@ int cms_main(int argc, char **argv) int i; flags |= CMS_PARTIAL; cms = CMS_encrypt(NULL, in, cipher, flags); - if (!cms) + if (cms == NULL) goto end; for (i = 0; i < sk_X509_num(encerts); i++) { CMS_RecipientInfo *ri; @@ -837,9 +827,9 @@ int cms_main(int argc, char **argv) } } ri = CMS_add1_recipient_cert(cms, x, tflags); - if (!ri) + if (ri == NULL) goto end; - if (kparam) { + if (kparam != NULL) { EVP_PKEY_CTX *pctx; pctx = CMS_RecipientInfo_get0_pkey_ctx(ri); if (!cms_set_pkey_param(pctx, kparam->param)) @@ -853,7 +843,7 @@ int cms_main(int argc, char **argv) } } - if (secret_key) { + if (secret_key != NULL) { if (!CMS_add0_recipient_key(cms, NID_undef, secret_key, secret_keylen, secret_keyid, secret_keyidlen, @@ -863,13 +853,13 @@ int cms_main(int argc, char **argv) secret_key = NULL; secret_keyid = NULL; } - if (pwri_pass) { + if (pwri_pass != NULL) { pwri_tmp = (unsigned char *)OPENSSL_strdup((char *)pwri_pass); - if (!pwri_tmp) + if (pwri_tmp == NULL) goto end; - if (!CMS_add0_recipient_password(cms, - -1, NID_undef, NID_undef, - pwri_tmp, -1, NULL)) + if (CMS_add0_recipient_password(cms, + -1, NID_undef, NID_undef, + pwri_tmp, -1, NULL) == NULL) goto end; pwri_tmp = NULL; } @@ -886,11 +876,11 @@ int cms_main(int argc, char **argv) STACK_OF(CMS_SignerInfo) *sis; CMS_SignerInfo *si; sis = CMS_get0_SignerInfos(cms); - if (!sis) + if (sis == NULL) goto end; si = sk_CMS_SignerInfo_value(sis, 0); srcms = CMS_sign_receipt(si, signer, key, other, flags); - if (!srcms) + if (srcms == NULL) goto end; CMS_ContentInfo_free(cms); cms = srcms; @@ -908,21 +898,22 @@ int cms_main(int argc, char **argv) } flags |= CMS_PARTIAL; cms = CMS_sign(NULL, NULL, other, in, flags); - if (!cms) + if (cms == NULL) goto end; - if (econtent_type) + if (econtent_type != NULL) CMS_set1_eContentType(cms, econtent_type); - if (rr_to) { + if (rr_to != NULL) { rr = make_receipt_request(rr_to, rr_allorfirst, rr_from); - if (!rr) { + if (rr == NULL) { BIO_puts(bio_err, "Signed Receipt Request Creation Error\n"); goto end; } } - } else + } else { flags |= CMS_REUSE_DIGEST; + } for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) { CMS_SignerInfo *si; cms_key_param *kparam; @@ -931,12 +922,12 @@ int cms_main(int argc, char **argv) keyfile = sk_OPENSSL_STRING_value(skkeys, i); signer = load_cert(signerfile, FORMAT_PEM, "signer certificate"); - if (!signer) { + if (signer == NULL) { ret = 2; goto end; } key = load_key(keyfile, keyform, 0, passin, e, "signing key file"); - if (!key) { + if (key == NULL) { ret = 2; goto end; } @@ -947,15 +938,15 @@ int cms_main(int argc, char **argv) } } si = CMS_add1_signer(cms, signer, key, sign_md, tflags); - if (!si) + if (si == NULL) goto end; - if (kparam) { + if (kparam != NULL) { EVP_PKEY_CTX *pctx; pctx = CMS_SignerInfo_get0_pkey_ctx(si); if (!cms_set_pkey_param(pctx, kparam->param)) goto end; } - if (rr && !CMS_add1_ReceiptRequest(si, rr)) + if (rr != NULL && !CMS_add1_ReceiptRequest(si, rr)) goto end; X509_free(signer); signer = NULL; @@ -969,7 +960,7 @@ int cms_main(int argc, char **argv) } } - if (!cms) { + if (cms == NULL) { BIO_printf(bio_err, "Error creating CMS structure\n"); goto end; } @@ -979,7 +970,7 @@ int cms_main(int argc, char **argv) if (flags & CMS_DEBUG_DECRYPT) CMS_decrypt(cms, NULL, NULL, NULL, NULL, flags); - if (secret_key) { + if (secret_key != NULL) { if (!CMS_decrypt_set1_key(cms, secret_key, secret_keylen, secret_keyid, secret_keyidlen)) { @@ -988,14 +979,14 @@ int cms_main(int argc, char **argv) } } - if (key) { + if (key != NULL) { if (!CMS_decrypt_set1_pkey(cms, key, recip)) { BIO_puts(bio_err, "Error decrypting CMS using private key\n"); goto end; } } - if (pwri_pass) { + if (pwri_pass != NULL) { if (!CMS_decrypt_set1_password(cms, pwri_pass, -1)) { BIO_puts(bio_err, "Error decrypting CMS using password\n"); goto end; @@ -1013,9 +1004,9 @@ int cms_main(int argc, char **argv) if (!CMS_uncompress(cms, indata, out, flags)) goto end; } else if (operation == SMIME_DIGEST_VERIFY) { - if (CMS_digest_verify(cms, indata, out, flags) > 0) + if (CMS_digest_verify(cms, indata, out, flags) > 0) { BIO_printf(bio_err, "Verification successful\n"); - else { + } else { BIO_printf(bio_err, "Verification failure\n"); goto end; } @@ -1024,15 +1015,15 @@ int cms_main(int argc, char **argv) indata, out, flags)) goto end; } else if (operation == SMIME_VERIFY) { - if (CMS_verify(cms, other, store, indata, out, flags) > 0) + if (CMS_verify(cms, other, store, indata, out, flags) > 0) { BIO_printf(bio_err, "Verification successful\n"); - else { + } else { BIO_printf(bio_err, "Verification failure\n"); if (verify_retcode) ret = verify_err + 32; goto end; } - if (signerfile) { + if (signerfile != NULL) { STACK_OF(X509) *signers; signers = CMS_get0_signers(cms); if (!save_certs(signerfile, signers)) { @@ -1047,9 +1038,9 @@ int cms_main(int argc, char **argv) receipt_request_print(cms); } else if (operation == SMIME_VERIFY_RECEIPT) { - if (CMS_verify_receipt(rcms, cms, other, store, flags) > 0) + if (CMS_verify_receipt(rcms, cms, other, store, flags) > 0) { BIO_printf(bio_err, "Verification successful\n"); - else { + } else { BIO_printf(bio_err, "Verification failure\n"); goto end; } @@ -1068,11 +1059,11 @@ int cms_main(int argc, char **argv) ret = SMIME_write_CMS(out, cms, indata, flags); else ret = SMIME_write_CMS(out, cms, in, flags); - } else if (outformat == FORMAT_PEM) + } else if (outformat == FORMAT_PEM) { ret = PEM_write_bio_CMS_stream(out, cms, in, flags); - else if (outformat == FORMAT_ASN1) + } else if (outformat == FORMAT_ASN1) { ret = i2d_CMS_bio_stream(out, cms, in, flags); - else { + } else { BIO_printf(bio_err, "Bad output format for CMS file\n"); goto end; } @@ -1085,8 +1076,6 @@ int cms_main(int argc, char **argv) end: if (ret) ERR_print_errors(bio_err); - if (need_rand) - app_RAND_write_file(NULL); sk_X509_pop_free(encerts, X509_free); sk_X509_pop_free(other, X509_free); X509_VERIFY_PARAM_free(vpm); @@ -1119,17 +1108,17 @@ int cms_main(int argc, char **argv) BIO_free(indata); BIO_free_all(out); OPENSSL_free(passin); - return (ret); + return ret; } static int save_certs(char *signerfile, STACK_OF(X509) *signers) { int i; BIO *tmp; - if (!signerfile) + if (signerfile == NULL) return 1; tmp = BIO_new_file(signerfile, "w"); - if (!tmp) + if (tmp == NULL) return 0; for (i = 0; i < sk_X509_num(signers); i++) PEM_write_bio_X509(tmp, sk_X509_value(signers, i)); @@ -1189,9 +1178,9 @@ static void receipt_request_print(CMS_ContentInfo *cms) si = sk_CMS_SignerInfo_value(sis, i); rv = CMS_get1_ReceiptRequest(si, &rr); BIO_printf(bio_err, "Signer %d:\n", i + 1); - if (rv == 0) + if (rv == 0) { BIO_puts(bio_err, " No Receipt Request\n"); - else if (rv < 0) { + } else if (rv < 0) { BIO_puts(bio_err, " Receipt Request Parse Error\n"); ERR_print_errors(bio_err); } else { @@ -1204,15 +1193,16 @@ static void receipt_request_print(CMS_ContentInfo *cms) id = (const char *)ASN1_STRING_get0_data(scid); BIO_dump_indent(bio_err, id, idlen, 4); BIO_puts(bio_err, " Receipts From"); - if (rlist) { + if (rlist != NULL) { BIO_puts(bio_err, " List:\n"); gnames_stack_print(rlist); - } else if (allorfirst == 1) + } else if (allorfirst == 1) { BIO_puts(bio_err, ": First Tier\n"); - else if (allorfirst == 0) + } else if (allorfirst == 0) { BIO_puts(bio_err, ": All\n"); - else + } else { BIO_printf(bio_err, " Unknown (%d)\n", allorfirst); + } BIO_puts(bio_err, " Receipts To:\n"); gnames_stack_print(rto); } @@ -1227,12 +1217,12 @@ static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns) GENERAL_NAMES *gens = NULL; GENERAL_NAME *gen = NULL; ret = sk_GENERAL_NAMES_new_null(); - if (!ret) + if (ret == NULL) goto err; for (i = 0; i < sk_OPENSSL_STRING_num(ns); i++) { char *str = sk_OPENSSL_STRING_value(ns, i); gen = a2i_GENERAL_NAME(NULL, NULL, NULL, GEN_EMAIL, str, 0); - if (!gen) + if (gen == NULL) goto err; gens = GENERAL_NAMES_new(); if (gens == NULL) @@ -1261,14 +1251,15 @@ static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING) STACK_OF(GENERAL_NAMES) *rct_to = NULL, *rct_from = NULL; CMS_ReceiptRequest *rr; rct_to = make_names_stack(rr_to); - if (!rct_to) + if (rct_to == NULL) goto err; - if (rr_from) { + if (rr_from != NULL) { rct_from = make_names_stack(rr_from); - if (!rct_from) + if (rct_from == NULL) goto err; - } else + } else { rct_from = NULL; + } rr = CMS_ReceiptRequest_create0(NULL, -1, rr_allorfirst, rct_from, rct_to); return rr; diff --git a/deps/openssl/openssl/apps/crl.c b/deps/openssl/openssl/apps/crl.c index 06b6e5b92ccac9..031fada14c8436 100644 --- a/deps/openssl/openssl/apps/crl.c +++ b/deps/openssl/openssl/apps/crl.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,7 @@ #include #include #include "apps.h" +#include "progs.h" #include #include #include @@ -26,7 +27,7 @@ typedef enum OPTION_choice { OPT_NOOUT, OPT_NAMEOPT, OPT_MD } OPTION_CHOICE; -OPTIONS crl_options[] = { +const OPTIONS crl_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, {"inform", OPT_INFORM, 'F', "Input format; default PEM"}, {"in", OPT_IN, '<', "Input file - default stdin"}, @@ -69,8 +70,6 @@ int crl_main(int argc, char **argv) X509_OBJECT *xobj = NULL; EVP_PKEY *pkey; const EVP_MD *digest = EVP_sha1(); - unsigned long nmflag = 0; - char nmflag_set = 0; char *infile = NULL, *outfile = NULL, *crldiff = NULL, *keyfile = NULL; const char *CAfile = NULL, *CApath = NULL, *prog; OPTION_CHOICE o; @@ -169,8 +168,7 @@ int crl_main(int argc, char **argv) badsig = 1; break; case OPT_NAMEOPT: - nmflag_set = 1; - if (!set_name_ex(&nmflag, opt_arg())) + if (!set_nameopt(opt_arg())) goto opthelp; break; case OPT_MD: @@ -182,9 +180,6 @@ int crl_main(int argc, char **argv) if (argc != 0) goto opthelp; - if (!nmflag_set) - nmflag = XN_FLAG_ONELINE; - x = load_crl(infile, informat); if (x == NULL) goto end; @@ -260,7 +255,7 @@ int crl_main(int argc, char **argv) for (i = 1; i <= num; i++) { if (issuer == i) { print_name(bio_out, "issuer=", X509_CRL_get_issuer(x), - nmflag); + get_nameopt()); } if (crlnumber == i) { ASN1_INTEGER *crlnum; @@ -319,7 +314,7 @@ int crl_main(int argc, char **argv) goto end; if (text) - X509_CRL_print(out, x); + X509_CRL_print_ex(out, x, get_nameopt()); if (noout) { ret = 0; @@ -343,5 +338,5 @@ int crl_main(int argc, char **argv) X509_CRL_free(x); X509_STORE_CTX_free(ctx); X509_STORE_free(store); - return (ret); + return ret; } diff --git a/deps/openssl/openssl/apps/crl2p7.c b/deps/openssl/openssl/apps/crl2p7.c index 9c5f79f9f37988..88fabcb22c3618 100644 --- a/deps/openssl/openssl/apps/crl2p7.c +++ b/deps/openssl/openssl/apps/crl2p7.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,7 @@ #include #include #include "apps.h" +#include "progs.h" #include #include #include @@ -25,7 +26,7 @@ typedef enum OPTION_choice { OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_NOCRL, OPT_CERTFILE } OPTION_CHOICE; -OPTIONS crl2pkcs7_options[] = { +const OPTIONS crl2pkcs7_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, {"inform", OPT_INFORM, 'F', "Input format - DER or PEM"}, {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"}, @@ -131,7 +132,7 @@ int crl2pkcs7_main(int argc, char **argv) goto end; p7s->cert = cert_stack; - if (certflst) + if (certflst != NULL) for (i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) { certfile = sk_OPENSSL_STRING_value(certflst, i); if (add_certs_from_file(cert_stack, certfile) < 0) { @@ -162,7 +163,7 @@ int crl2pkcs7_main(int argc, char **argv) PKCS7_free(p7); X509_CRL_free(crl); - return (ret); + return ret; } /*- @@ -212,5 +213,5 @@ static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile) /* never need to OPENSSL_free x */ BIO_free(in); sk_X509_INFO_free(sk); - return (ret); + return ret; } diff --git a/deps/openssl/openssl/apps/ct_log_list.cnf b/deps/openssl/openssl/apps/ct_log_list.cnf index 243487453c64f6..e643cfdbdf3fbd 100644 --- a/deps/openssl/openssl/apps/ct_log_list.cnf +++ b/deps/openssl/openssl/apps/ct_log_list.cnf @@ -1,34 +1,9 @@ -enabled_logs=pilot,aviator,rocketeer,digicert,certly,izempe,symantec,venafi - -[pilot] -description = Google Pilot Log -key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfahLEimAoz2t01p3uMziiLOl/fHTDM0YDOhBRuiBARsV4UvxG2LdNgoIGLrtCzWE0J5APC2em4JlvR8EEEFMoA== - -[aviator] -description = Google Aviator log -key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1/TMabLkDpCjiupacAlP7xNi0I1JYP8bQFAHDG1xhtolSY1l4QgNRzRrvSe8liE+NPWHdjGxfx3JhTsN9x8/6Q== - -[rocketeer] -description = Google Rocketeer log -key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIFsYyDzBi7MxCAC/oJBXK7dHjG+1aLCOkHjpoHPqTyghLpzA9BYbqvnV16mAw04vUjyYASVGJCUoI3ctBcJAeg== - -[digicert] -description = DigiCert Log Server -key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAkbFvhu7gkAW6MHSrBlpE1n4+HCFRkC5OLAjgqhkTH+/uzSfSl8ois8ZxAD2NgaTZe1M9akhYlrYkes4JECs6A== - -[certly] -description = Certly.IO log -key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECyPLhWKYYUgEc+tUXfPQB4wtGS2MNvXrjwFCCnyYJifBtd2Sk7Cu+Js9DNhMTh35FftHaHu6ZrclnNBKwmbbSA== - -[izempe] -description = Izempe log -key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJ2Q5DC3cUBj4IQCiDu0s6j51up+TZAkAEcQRF6tczw90rLWXkJMAW7jr9yc92bIKgV8vDXU4lDeZHvYHduDuvg== - -[symantec] -description = Symantec log -key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEluqsHEYMG1XcDfy1lCdGV0JwOmkY4r87xNuroPS2bMBTP01CEDPwWJePa75y9CrsHEKqAy8afig1dpkIPSEUhg== - -[venafi] -description = Venafi log -key = MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAolpIHxdSlTXLo1s6H1OCdpSj/4DyHDc8wLG9wVmLqy1lk9fz4ATVmm+/1iN2Nk8jmctUKK2MFUtlWXZBSpym97M7frGlSaQXUWyA3CqQUEuIJOmlEjKTBEiQAvpfDjCHjlV2Be4qTM6jamkJbiWtgnYPhJL6ONaGTiSPm7Byy57iaz/hbckldSOIoRhYBiMzeNoA0DiRZ9KmfSeXZ1rB8y8X5urSW+iBzf2SaOfzBvDpcoTuAaWx2DPazoOl28fP1hZ+kHUYvxbcMjttjauCFx+JII0dmuZNIwjfeG/GBb9frpSX219k1O4Wi6OEbHEr8at/XQ0y7gTikOxBn/s5wQIDAQAB - +# This file specifies the Certificate Transparency logs +# that are to be trusted. + +# Google's list of logs can be found here: +# www.certificate-transparency.org/known-logs +# A Python program to convert the log list to OpenSSL's format can be +# found here: +# /~https://github.com/google/certificate-transparency/blob/master/python/utilities/log_list/print_log_list.py +# Use the "--openssl_output" flag. diff --git a/deps/openssl/openssl/apps/demoCA/cacert.pem b/deps/openssl/openssl/apps/demoCA/cacert.pem deleted file mode 100644 index affbce3bc94837..00000000000000 --- a/deps/openssl/openssl/apps/demoCA/cacert.pem +++ /dev/null @@ -1,14 +0,0 @@ -subject=/C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server -issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA ------BEGIN X509 CERTIFICATE----- - -MIIBgjCCASwCAQQwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV -BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MTAwOTIz -MzIwNVoXDTk4MDcwNTIzMzIwNVowYDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM -RDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRkLjELMAkGA1UECxMCQ1MxGzAZBgNV -BAMTElNTTGVheSBkZW1vIHNlcnZlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3 -LCXcScWua0PFLkHBLm2VejqpA1F4RQ8q0VjRiPafjx/Z/aWH3ipdMVvuJGa/wFXb -/nDFLDlfWp+oCPwhBtVPAgMBAAEwDQYJKoZIhvcNAQEEBQADQQArNFsihWIjBzb0 -DCsU0BvL2bvSwJrPEqFlkDq3F4M6EGutL9axEcANWgbbEdAvNJD1dmEmoWny27Pn -IMs6ZOZB ------END X509 CERTIFICATE----- diff --git a/deps/openssl/openssl/apps/demoCA/index.txt b/deps/openssl/openssl/apps/demoCA/index.txt deleted file mode 100644 index 2cdd252d67ca73..00000000000000 --- a/deps/openssl/openssl/apps/demoCA/index.txt +++ /dev/null @@ -1,39 +0,0 @@ -R 980705233205Z 951009233205Z 01 certs/00000001 /CN=Eric Young -E 951009233205Z 02 certs/00000002 /CN=Duncan Young -R 980705233205Z 951201010000Z 03 certs/00000003 /CN=Tim Hudson -V 980705233205Z 04 certs/00000004 /CN=Eric Young4 -V 980705233205Z 05 certs/00000004 /CN=Eric Young5 -V 980705233205Z 06 certs/00000004 /CN=Eric Young6 -V 980705233205Z 07 certs/00000004 /CN=Eric Young7 -V 980705233205Z 08 certs/00000004 /CN=Eric Young8 -V 980705233205Z 09 certs/00000004 /CN=Eric Young9 -V 980705233205Z 0A certs/00000004 /CN=Eric YoungA -V 980705233205Z 0B certs/00000004 /CN=Eric YoungB -V 980705233205Z 0C certs/00000004 /CN=Eric YoungC -V 980705233205Z 0D certs/00000004 /CN=Eric YoungD -V 980705233205Z 0E certs/00000004 /CN=Eric YoungE -V 980705233205Z 0F certs/00000004 /CN=Eric YoungF -V 980705233205Z 10 certs/00000004 /CN=Eric Young10 -V 980705233205Z 11 certs/00000004 /CN=Eric Young11 -V 980705233205Z 12 certs/00000004 /CN=Eric Young12 -V 980705233205Z 13 certs/00000004 /CN=Eric Young13 -V 980705233205Z 14 certs/00000004 /CN=Eric Young14 -V 980705233205Z 15 certs/00000004 /CN=Eric Young15 -V 980705233205Z 16 certs/00000004 /CN=Eric Young16 -V 980705233205Z 17 certs/00000004 /CN=Eric Young17 -V 961206150305Z 010C unknown /C=AU/SP=QLD/O=Mincom Pty. Ltd./OU=MTR/CN=Eric Young/Email=eay@mincom.oz.au -V 961206153245Z 010D unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=Eric Young/Email=eay@mincom.oz.au -V 970322074816Z 010E unknown /CN=Eric Young/Email=eay@mincom.oz.au -V 970322075152Z 010F unknown /CN=Eric Young -V 970322075906Z 0110 unknown /CN=Eric Youngg -V 970324092238Z 0111 unknown /C=AU/SP=Queensland/CN=Eric Young -V 970324221931Z 0112 unknown /CN=Fred -V 970324224934Z 0113 unknown /C=AU/CN=eay -V 971001005237Z 0114 unknown /C=AU/SP=QLD/O=Mincom Pty Ltd/OU=MTR/CN=x509v3 test -V 971001010331Z 0115 unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test again - x509v3 -V 971001013945Z 0117 unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=x509v3 test -V 971014225415Z 0118 unknown /C=AU/SP=Queensland/CN=test -V 971015004448Z 0119 unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test2 -V 971016035001Z 011A unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test64 -V 971016080129Z 011B unknown /C=FR/O=ALCATEL/OU=Alcatel Mobile Phones/CN=bourque/Email=bourque@art.alcatel.fr -V 971016224000Z 011D unknown /L=Bedford/O=Cranfield University/OU=Computer Centre/CN=Peter R Lister/Email=P.Lister@cranfield.ac.uk diff --git a/deps/openssl/openssl/apps/demoCA/private/cakey.pem b/deps/openssl/openssl/apps/demoCA/private/cakey.pem deleted file mode 100644 index 48fb18c7d80707..00000000000000 --- a/deps/openssl/openssl/apps/demoCA/private/cakey.pem +++ /dev/null @@ -1,24 +0,0 @@ -issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA -subject=/C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server ------BEGIN X509 CERTIFICATE----- - -MIIBgjCCASwCAQQwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV -BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MTAwOTIz -MzIwNVoXDTk4MDcwNTIzMzIwNVowYDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM -RDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRkLjELMAkGA1UECxMCQ1MxGzAZBgNV -BAMTElNTTGVheSBkZW1vIHNlcnZlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3 -LCXcScWua0PFLkHBLm2VejqpA1F4RQ8q0VjRiPafjx/Z/aWH3ipdMVvuJGa/wFXb -/nDFLDlfWp+oCPwhBtVPAgMBAAEwDQYJKoZIhvcNAQEEBQADQQArNFsihWIjBzb0 -DCsU0BvL2bvSwJrPEqFlkDq3F4M6EGutL9axEcANWgbbEdAvNJD1dmEmoWny27Pn -IMs6ZOZB ------END X509 CERTIFICATE----- ------BEGIN RSA PRIVATE KEY----- - -MIIBPAIBAAJBALcsJdxJxa5rQ8UuQcEubZV6OqkDUXhFDyrRWNGI9p+PH9n9pYfe -Kl0xW+4kZr/AVdv+cMUsOV9an6gI/CEG1U8CAwEAAQJAXJMBZ34ZXHd1vtgL/3hZ -hexKbVTx/djZO4imXO/dxPGRzG2ylYZpHmG32/T1kaHpZlCHoEPgHoSzmxYXfxjG -sQIhAPmZ/bQOjmRUHM/VM2X5zrjjM6z18R1P6l3ObFwt9FGdAiEAu943Yh9SqMRw -tL0xHGxKmM/YJueUw1gB6sLkETN71NsCIQCeT3RhoqXfrpXDoEcEU+gwzjI1bpxq -agiNTOLfqGoA5QIhAIQFYjgzONxex7FLrsKBm16N2SFl5pXsN9SpRqqL2n63AiEA -g9VNIQ3xwpw7og3IbONifeku+J9qGMGQJMKwSTwrFtI= ------END RSA PRIVATE KEY----- diff --git a/deps/openssl/openssl/apps/demoCA/serial b/deps/openssl/openssl/apps/demoCA/serial deleted file mode 100644 index 69fa0ffe28e7e4..00000000000000 --- a/deps/openssl/openssl/apps/demoCA/serial +++ /dev/null @@ -1 +0,0 @@ -011E diff --git a/deps/openssl/openssl/apps/dgst.c b/deps/openssl/openssl/apps/dgst.c index 08182e2ab8c228..d158a0ccb2843a 100644 --- a/deps/openssl/openssl/apps/dgst.c +++ b/deps/openssl/openssl/apps/dgst.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,7 @@ #include #include #include "apps.h" +#include "progs.h" #include #include #include @@ -29,22 +30,21 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, - OPT_C, OPT_R, OPT_RAND, OPT_OUT, OPT_SIGN, OPT_PASSIN, OPT_VERIFY, + OPT_C, OPT_R, OPT_OUT, OPT_SIGN, OPT_PASSIN, OPT_VERIFY, OPT_PRVERIFY, OPT_SIGNATURE, OPT_KEYFORM, OPT_ENGINE, OPT_ENGINE_IMPL, OPT_HEX, OPT_BINARY, OPT_DEBUG, OPT_FIPS_FINGERPRINT, OPT_HMAC, OPT_MAC, OPT_SIGOPT, OPT_MACOPT, - OPT_DIGEST + OPT_DIGEST, + OPT_R_ENUM } OPTION_CHOICE; -OPTIONS dgst_options[] = { +const OPTIONS dgst_options[] = { {OPT_HELP_STR, 1, '-', "Usage: %s [options] [file...]\n"}, {OPT_HELP_STR, 1, '-', " file... files to digest (default is stdin)\n"}, {"help", OPT_HELP, '-', "Display this summary"}, {"c", OPT_C, '-', "Print the digest with separating colons"}, {"r", OPT_R, '-', "Print the digest in coreutils format"}, - {"rand", OPT_RAND, 's', - "Use file(s) containing random data to seed RNG or an EGD sock"}, {"out", OPT_OUT, '>', "Output to filename rather than stdout"}, {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, {"sign", OPT_SIGN, 's', "Sign digest using private key"}, @@ -65,6 +65,7 @@ OPTIONS dgst_options[] = { {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"}, {"macopt", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form or key"}, {"", OPT_DIGEST, '-', "Any supported digest"}, + OPT_R_OPTIONS, #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, {"engine_impl", OPT_ENGINE_IMPL, '-', @@ -84,7 +85,7 @@ int dgst_main(int argc, char **argv) char *passinarg = NULL, *passin = NULL; const EVP_MD *md = NULL, *m; const char *outfile = NULL, *keyfile = NULL, *prog = NULL; - const char *sigfile = NULL, *randfile = NULL; + const char *sigfile = NULL; OPTION_CHOICE o; int separator = 0, debug = 0, keyform = FORMAT_PEM, siglen = 0; int i, ret = 1, out_bin = -1, want_pub = 0, do_verify = 0; @@ -113,8 +114,9 @@ int dgst_main(int argc, char **argv) case OPT_R: separator = 2; break; - case OPT_RAND: - randfile = opt_arg(); + case OPT_R_CASES: + if (!opt_rand(o)) + goto end; break; case OPT_OUT: outfile = opt_arg(); @@ -190,7 +192,7 @@ int dgst_main(int argc, char **argv) goto end; } - if (do_verify && !sigfile) { + if (do_verify && sigfile == NULL) { BIO_printf(bio_err, "No signature to verify: use the -signature option\n"); goto end; @@ -217,43 +219,51 @@ int dgst_main(int argc, char **argv) } if (out_bin == -1) { - if (keyfile) + if (keyfile != NULL) out_bin = 1; else out_bin = 0; } - if (randfile) - app_RAND_load_file(randfile, 0); - out = bio_open_default(outfile, 'w', out_bin ? FORMAT_BINARY : FORMAT_TEXT); if (out == NULL) goto end; - if ((! !mac_name + ! !keyfile + ! !hmac_key) > 1) { + if ((!(mac_name == NULL) + !(keyfile == NULL) + !(hmac_key == NULL)) > 1) { BIO_printf(bio_err, "MAC and Signing key cannot both be specified\n"); goto end; } - if (keyfile) { + if (keyfile != NULL) { + int type; + if (want_pub) sigkey = load_pubkey(keyfile, keyform, 0, NULL, e, "key file"); else sigkey = load_key(keyfile, keyform, 0, passin, e, "key file"); - if (!sigkey) { + if (sigkey == NULL) { /* * load_[pub]key() has already printed an appropriate message */ goto end; } + type = EVP_PKEY_id(sigkey); + if (type == EVP_PKEY_ED25519 || type == EVP_PKEY_ED448) { + /* + * We implement PureEdDSA for these which doesn't have a separate + * digest, and only supports one shot. + */ + BIO_printf(bio_err, "Key type not supported for this operation\n"); + goto end; + } } - if (mac_name) { + if (mac_name != NULL) { EVP_PKEY_CTX *mac_ctx = NULL; int r = 0; if (!init_gen_str(&mac_ctx, mac_name, impl, 0)) goto mac_end; - if (macopts) { + if (macopts != NULL) { char *macopt; for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++) { macopt = sk_OPENSSL_STRING_value(macopts, i); @@ -277,14 +287,14 @@ int dgst_main(int argc, char **argv) goto end; } - if (hmac_key) { - sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, impl, - (unsigned char *)hmac_key, -1); - if (!sigkey) + if (hmac_key != NULL) { + sigkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, impl, + (unsigned char *)hmac_key, -1); + if (sigkey == NULL) goto end; } - if (sigkey) { + if (sigkey != NULL) { EVP_MD_CTX *mctx = NULL; EVP_PKEY_CTX *pctx = NULL; int r; @@ -302,7 +312,7 @@ int dgst_main(int argc, char **argv) ERR_print_errors(bio_err); goto end; } - if (sigopts) { + if (sigopts != NULL) { char *sigopt; for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) { sigopt = sk_OPENSSL_STRING_value(sigopts, i); @@ -331,9 +341,9 @@ int dgst_main(int argc, char **argv) } } - if (sigfile && sigkey) { + if (sigfile != NULL && sigkey != NULL) { BIO *sigbio = BIO_new_file(sigfile, "rb"); - if (!sigbio) { + if (sigbio == NULL) { BIO_printf(bio_err, "Error opening signature file %s\n", sigfile); ERR_print_errors(bio_err); goto end; @@ -363,14 +373,14 @@ int dgst_main(int argc, char **argv) } else { const char *md_name = NULL, *sig_name = NULL; if (!out_bin) { - if (sigkey) { + if (sigkey != NULL) { const EVP_PKEY_ASN1_METHOD *ameth; ameth = EVP_PKEY_get0_asn1(sigkey); if (ameth) EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, &sig_name, ameth); } - if (md) + if (md != NULL) md_name = EVP_MD_name(md); } ret = 0; @@ -380,9 +390,10 @@ int dgst_main(int argc, char **argv) perror(argv[i]); ret++; continue; - } else + } else { r = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf, siglen, sig_name, md_name, argv[i]); + } if (r) ret = r; (void)BIO_reset(bmd); @@ -399,7 +410,7 @@ int dgst_main(int argc, char **argv) OPENSSL_free(sigbuf); BIO_free(bmd); release_engine(e); - return (ret); + return ret; } int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, @@ -420,13 +431,13 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, if (i == 0) break; } - if (sigin) { + if (sigin != NULL) { EVP_MD_CTX *ctx; BIO_get_md_ctx(bp, &ctx); i = EVP_DigestVerifyFinal(ctx, sigin, (unsigned int)siglen); - if (i > 0) + if (i > 0) { BIO_printf(out, "Verified OK\n"); - else if (i == 0) { + } else if (i == 0) { BIO_printf(out, "Verification Failure\n"); return 1; } else { @@ -436,7 +447,7 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, } return 0; } - if (key) { + if (key != NULL) { EVP_MD_CTX *ctx; BIO_get_md_ctx(bp, &ctx); len = BUFSIZE; @@ -453,22 +464,23 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, } } - if (binout) + if (binout) { BIO_write(out, buf, len); - else if (sep == 2) { + } else if (sep == 2) { for (i = 0; i < (int)len; i++) BIO_printf(out, "%02x", buf[i]); BIO_printf(out, " *%s\n", file); } else { - if (sig_name) { + if (sig_name != NULL) { BIO_puts(out, sig_name); - if (md_name) + if (md_name != NULL) BIO_printf(out, "-%s", md_name); BIO_printf(out, "(%s)= ", file); - } else if (md_name) + } else if (md_name != NULL) { BIO_printf(out, "%s(%s)= ", md_name, file); - else + } else { BIO_printf(out, "(%s)= ", file); + } for (i = 0; i < (int)len; i++) { if (sep && (i != 0)) BIO_printf(out, ":"); diff --git a/deps/openssl/openssl/apps/dhparam.c b/deps/openssl/openssl/apps/dhparam.c index 8a28414562ba4d..13f76754d27cbe 100644 --- a/deps/openssl/openssl/apps/dhparam.c +++ b/deps/openssl/openssl/apps/dhparam.c @@ -17,6 +17,7 @@ NON_EMPTY_TRANSLATION_UNIT # include # include # include "apps.h" +# include "progs.h" # include # include # include @@ -36,10 +37,11 @@ typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_ENGINE, OPT_CHECK, OPT_TEXT, OPT_NOOUT, - OPT_RAND, OPT_DSAPARAM, OPT_C, OPT_2, OPT_5 + OPT_DSAPARAM, OPT_C, OPT_2, OPT_5, + OPT_R_ENUM } OPTION_CHOICE; -OPTIONS dhparam_options[] = { +const OPTIONS dhparam_options[] = { {OPT_HELP_STR, 1, '-', "Usage: %s [flags] [numbits]\n"}, {OPT_HELP_STR, 1, '-', "Valid options are:\n"}, {"help", OPT_HELP, '-', "Display this summary"}, @@ -50,8 +52,7 @@ OPTIONS dhparam_options[] = { {"check", OPT_CHECK, '-', "Check the DH parameters"}, {"text", OPT_TEXT, '-', "Print a text form of the DH parameters"}, {"noout", OPT_NOOUT, '-', "Don't output any DH parameters"}, - {"rand", OPT_RAND, 's', - "Load the file(s) into the random number generator"}, + OPT_R_OPTIONS, {"C", OPT_C, '-', "Print C code"}, {"2", OPT_2, '-', "Generate parameters using 2 as the generator value"}, {"5", OPT_5, '-', "Generate parameters using 5 as the generator value"}, @@ -69,7 +70,7 @@ int dhparam_main(int argc, char **argv) { BIO *in = NULL, *out = NULL; DH *dh = NULL; - char *infile = NULL, *outfile = NULL, *prog, *inrand = NULL; + char *infile = NULL, *outfile = NULL, *prog; ENGINE *e = NULL; #ifndef OPENSSL_NO_DSA int dsaparam = 0; @@ -130,15 +131,16 @@ int dhparam_main(int argc, char **argv) case OPT_NOOUT: noout = 1; break; - case OPT_RAND: - inrand = opt_arg(); + case OPT_R_CASES: + if (!opt_rand(o)) + goto end; break; } } argc = opt_num_rest(); argv = opt_rest(); - if (argv[0] && (!opt_int(argv[0], &num) || num <= 0)) + if (argv[0] != NULL && (!opt_int(argv[0], &num) || num <= 0)) goto end; if (g && !num) @@ -170,13 +172,6 @@ int dhparam_main(int argc, char **argv) } BN_GENCB_set(cb, dh_cb, bio_err); - if (!app_RAND_load_file(NULL, 1) && inrand == NULL) { - BIO_printf(bio_err, - "warning, not much extra random data, consider using the -rand option\n"); - } - if (inrand != NULL) - BIO_printf(bio_err, "%ld semi-random bytes loaded\n", - app_RAND_load_files(inrand)); # ifndef OPENSSL_NO_DSA if (dsaparam) { @@ -216,7 +211,6 @@ int dhparam_main(int argc, char **argv) } BN_GENCB_free(cb); - app_RAND_write_file(NULL); } else { in = bio_open_default(infile, 'r', informat); @@ -315,33 +309,31 @@ int dhparam_main(int argc, char **argv) bits = DH_bits(dh); DH_get0_pqg(dh, &pbn, NULL, &gbn); data = app_malloc(len, "print a BN"); - BIO_printf(out, "#ifndef HEADER_DH_H\n" - "# include \n" - "#endif\n" - "\n"); - BIO_printf(out, "DH *get_dh%d()\n{\n", bits); + + BIO_printf(out, "static DH *get_dh%d(void)\n{\n", bits); print_bignum_var(out, pbn, "dhp", bits, data); print_bignum_var(out, gbn, "dhg", bits, data); BIO_printf(out, " DH *dh = DH_new();\n" - " BIGNUM *dhp_bn, *dhg_bn;\n" + " BIGNUM *p, *g;\n" "\n" " if (dh == NULL)\n" " return NULL;\n"); - BIO_printf(out, " dhp_bn = BN_bin2bn(dhp_%d, sizeof(dhp_%d), NULL);\n", + BIO_printf(out, " p = BN_bin2bn(dhp_%d, sizeof(dhp_%d), NULL);\n", bits, bits); - BIO_printf(out, " dhg_bn = BN_bin2bn(dhg_%d, sizeof(dhg_%d), NULL);\n", + BIO_printf(out, " g = BN_bin2bn(dhg_%d, sizeof(dhg_%d), NULL);\n", bits, bits); - BIO_printf(out, " if (dhp_bn == NULL || dhg_bn == NULL\n" - " || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {\n" + BIO_printf(out, " if (p == NULL || g == NULL\n" + " || !DH_set0_pqg(dh, p, NULL, g)) {\n" " DH_free(dh);\n" - " BN_free(dhp_bn);\n" - " BN_free(dhg_bn);\n" + " BN_free(p);\n" + " BN_free(g);\n" " return NULL;\n" " }\n"); if (DH_get_length(dh) > 0) BIO_printf(out, " if (!DH_set_length(dh, %ld)) {\n" " DH_free(dh);\n" + " return NULL;\n" " }\n", DH_get_length(dh)); BIO_printf(out, " return dh;\n}\n"); OPENSSL_free(data); @@ -355,10 +347,11 @@ int dhparam_main(int argc, char **argv) i = i2d_DHxparams_bio(out, dh); else i = i2d_DHparams_bio(out, dh); - } else if (q != NULL) + } else if (q != NULL) { i = PEM_write_bio_DHxparams(out, dh); - else + } else { i = PEM_write_bio_DHparams(out, dh); + } if (!i) { BIO_printf(bio_err, "unable to write DH parameters\n"); ERR_print_errors(bio_err); @@ -371,21 +364,14 @@ int dhparam_main(int argc, char **argv) BIO_free_all(out); DH_free(dh); release_engine(e); - return (ret); + return ret; } static int dh_cb(int p, int n, BN_GENCB *cb) { - char c = '*'; - - if (p == 0) - c = '.'; - if (p == 1) - c = '+'; - if (p == 2) - c = '*'; - if (p == 3) - c = '\n'; + static const char symbols[] = ".+*\n"; + char c = (p >= 0 && (size_t)p < sizeof(symbols) - 1) ? symbols[p] : '?'; + BIO_write(BN_GENCB_get_arg(cb), &c, 1); (void)BIO_flush(BN_GENCB_get_arg(cb)); return 1; diff --git a/deps/openssl/openssl/apps/dsa.c b/deps/openssl/openssl/apps/dsa.c index 8454b2e9a7ab8b..6022e64cd4cebe 100644 --- a/deps/openssl/openssl/apps/dsa.c +++ b/deps/openssl/openssl/apps/dsa.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -17,6 +17,7 @@ NON_EMPTY_TRANSLATION_UNIT # include # include # include "apps.h" +# include "progs.h" # include # include # include @@ -34,7 +35,7 @@ typedef enum OPTION_choice { OPT_PUBOUT, OPT_CIPHER, OPT_PASSIN, OPT_PASSOUT } OPTION_CHOICE; -OPTIONS dsa_options[] = { +const OPTIONS dsa_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, {"inform", OPT_INFORM, 'f', "Input format, DER PEM PVK"}, {"outform", OPT_OUTFORM, 'f', "Output format, DER PEM PVK"}, @@ -161,7 +162,7 @@ int dsa_main(int argc, char **argv) else pkey = load_key(infile, informat, 1, passin, e, "Private Key"); - if (pkey) { + if (pkey != NULL) { dsa = EVP_PKEY_get1_DSA(pkey); EVP_PKEY_free(pkey); } @@ -199,16 +200,16 @@ int dsa_main(int argc, char **argv) } BIO_printf(bio_err, "writing DSA key\n"); if (outformat == FORMAT_ASN1) { - if (pubin || pubout) + if (pubin || pubout) { i = i2d_DSA_PUBKEY_bio(out, dsa); - else { + } else { assert(private); i = i2d_DSAPrivateKey_bio(out, dsa); } } else if (outformat == FORMAT_PEM) { - if (pubin || pubout) + if (pubin || pubout) { i = PEM_write_bio_DSA_PUBKEY(out, dsa); - else { + } else { assert(private); i = PEM_write_bio_DSAPrivateKey(out, dsa, enc, NULL, 0, NULL, passout); @@ -235,10 +236,9 @@ int dsa_main(int argc, char **argv) # else i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout); # endif - } - else if (pubin || pubout) + } else if (pubin || pubout) { i = i2b_PublicKey_bio(out, pk); - else { + } else { assert(private); i = i2b_PrivateKey_bio(out, pk); } @@ -260,6 +260,6 @@ int dsa_main(int argc, char **argv) release_engine(e); OPENSSL_free(passin); OPENSSL_free(passout); - return (ret); + return ret; } #endif diff --git a/deps/openssl/openssl/apps/dsaparam.c b/deps/openssl/openssl/apps/dsaparam.c index 20891cf3ddbc98..b227b76a372362 100644 --- a/deps/openssl/openssl/apps/dsaparam.c +++ b/deps/openssl/openssl/apps/dsaparam.c @@ -17,6 +17,7 @@ NON_EMPTY_TRANSLATION_UNIT # include # include # include "apps.h" +# include "progs.h" # include # include # include @@ -24,27 +25,15 @@ NON_EMPTY_TRANSLATION_UNIT # include # include -# ifdef GENCB_TEST - -static int stop_keygen_flag = 0; - -static void timebomb_sigalarm(int foo) -{ - stop_keygen_flag = 1; -} - -# endif - static int dsa_cb(int p, int n, BN_GENCB *cb); typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT, OPT_C, - OPT_NOOUT, OPT_GENKEY, OPT_RAND, OPT_ENGINE, - OPT_TIMEBOMB + OPT_NOOUT, OPT_GENKEY, OPT_ENGINE, OPT_R_ENUM } OPTION_CHOICE; -OPTIONS dsaparam_options[] = { +const OPTIONS dsaparam_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, {"inform", OPT_INFORM, 'F', "Input format - DER or PEM"}, {"in", OPT_IN, '<', "Input file"}, @@ -54,10 +43,7 @@ OPTIONS dsaparam_options[] = { {"C", OPT_C, '-', "Output C code"}, {"noout", OPT_NOOUT, '-', "No output"}, {"genkey", OPT_GENKEY, '-', "Generate a DSA key"}, - {"rand", OPT_RAND, 's', "Files to use for random number input"}, -# ifdef GENCB_TEST - {"timebomb", OPT_TIMEBOMB, 'p', "Interrupt keygen after 'pnum' seconds"}, -# endif + OPT_R_OPTIONS, # ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, # endif @@ -70,13 +56,10 @@ int dsaparam_main(int argc, char **argv) DSA *dsa = NULL; BIO *in = NULL, *out = NULL; BN_GENCB *cb = NULL; - int numbits = -1, num = 0, genkey = 0, need_rand = 0; + int numbits = -1, num = 0, genkey = 0; int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0, C = 0; int ret = 1, i, text = 0, private = 0; -# ifdef GENCB_TEST - int timebomb = 0; -# endif - char *infile = NULL, *outfile = NULL, *prog, *inrand = NULL; + char *infile = NULL, *outfile = NULL, *prog; OPTION_CHOICE o; prog = opt_init(argc, argv, dsaparam_options); @@ -108,11 +91,6 @@ int dsaparam_main(int argc, char **argv) case OPT_ENGINE: e = setup_engine(opt_arg(), 0); break; - case OPT_TIMEBOMB: -# ifdef GENCB_TEST - timebomb = atoi(opt_arg()); - break; -# endif case OPT_TEXT: text = 1; break; @@ -120,11 +98,11 @@ int dsaparam_main(int argc, char **argv) C = 1; break; case OPT_GENKEY: - genkey = need_rand = 1; + genkey = 1; break; - case OPT_RAND: - inrand = opt_arg(); - need_rand = 1; + case OPT_R_CASES: + if (!opt_rand(o)) + goto end; break; case OPT_NOOUT: noout = 1; @@ -139,7 +117,6 @@ int dsaparam_main(int argc, char **argv) goto end; /* generate a key */ numbits = num; - need_rand = 1; } private = genkey ? 1 : 0; @@ -150,21 +127,19 @@ int dsaparam_main(int argc, char **argv) if (out == NULL) goto end; - if (need_rand) { - app_RAND_load_file(NULL, (inrand != NULL)); - if (inrand != NULL) - BIO_printf(bio_err, "%ld semi-random bytes loaded\n", - app_RAND_load_files(inrand)); - } - if (numbits > 0) { + if (numbits > OPENSSL_DSA_MAX_MODULUS_BITS) + BIO_printf(bio_err, + "Warning: It is not recommended to use more than %d bit for DSA keys.\n" + " Your key size is %d! Larger key size may behave not as expected.\n", + OPENSSL_DSA_MAX_MODULUS_BITS, numbits); + cb = BN_GENCB_new(); if (cb == NULL) { BIO_printf(bio_err, "Error allocating BN_GENCB object\n"); goto end; } BN_GENCB_set(cb, dsa_cb, bio_err); - assert(need_rand); dsa = DSA_new(); if (dsa == NULL) { BIO_printf(bio_err, "Error allocating DSA object\n"); @@ -173,38 +148,16 @@ int dsaparam_main(int argc, char **argv) BIO_printf(bio_err, "Generating DSA parameters, %d bit long prime\n", num); BIO_printf(bio_err, "This could take some time\n"); -# ifdef GENCB_TEST - if (timebomb > 0) { - struct sigaction act; - act.sa_handler = timebomb_sigalarm; - act.sa_flags = 0; - BIO_printf(bio_err, - "(though I'll stop it if not done within %d secs)\n", - timebomb); - if (sigaction(SIGALRM, &act, NULL) != 0) { - BIO_printf(bio_err, "Error, couldn't set SIGALRM handler\n"); - goto end; - } - alarm(timebomb); - } -# endif if (!DSA_generate_parameters_ex(dsa, num, NULL, 0, NULL, NULL, cb)) { -# ifdef GENCB_TEST - if (stop_keygen_flag) { - BIO_printf(bio_err, "DSA key generation time-stopped\n"); - /* This is an asked-for behaviour! */ - ret = 0; - goto end; - } -# endif ERR_print_errors(bio_err); BIO_printf(bio_err, "Error, DSA key generation failed\n"); goto end; } - } else if (informat == FORMAT_ASN1) + } else if (informat == FORMAT_ASN1) { dsa = d2i_DSAparams_bio(in, NULL); - else + } else { dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL); + } if (dsa == NULL) { BIO_printf(bio_err, "unable to load DSA parameters\n"); ERR_print_errors(bio_err); @@ -268,7 +221,6 @@ int dsaparam_main(int argc, char **argv) if (genkey) { DSA *dsakey; - assert(need_rand); if ((dsakey = DSAparams_dup(dsa)) == NULL) goto end; if (!DSA_generate_key(dsakey)) { @@ -284,8 +236,6 @@ int dsaparam_main(int argc, char **argv) NULL); DSA_free(dsakey); } - if (need_rand) - app_RAND_write_file(NULL); ret = 0; end: BN_GENCB_free(cb); @@ -293,27 +243,16 @@ int dsaparam_main(int argc, char **argv) BIO_free_all(out); DSA_free(dsa); release_engine(e); - return (ret); + return ret; } static int dsa_cb(int p, int n, BN_GENCB *cb) { - char c = '*'; + static const char symbols[] = ".+*\n"; + char c = (p >= 0 && (size_t)p < sizeof(symbols) - 1) ? symbols[p] : '?'; - if (p == 0) - c = '.'; - if (p == 1) - c = '+'; - if (p == 2) - c = '*'; - if (p == 3) - c = '\n'; BIO_write(BN_GENCB_get_arg(cb), &c, 1); (void)BIO_flush(BN_GENCB_get_arg(cb)); -# ifdef GENCB_TEST - if (stop_keygen_flag) - return 0; -# endif return 1; } #endif diff --git a/deps/openssl/openssl/apps/ec.c b/deps/openssl/openssl/apps/ec.c index 2516c032429835..03abb00683373b 100644 --- a/deps/openssl/openssl/apps/ec.c +++ b/deps/openssl/openssl/apps/ec.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -16,6 +16,7 @@ NON_EMPTY_TRANSLATION_UNIT # include # include # include "apps.h" +# include "progs.h" # include # include # include @@ -42,7 +43,7 @@ typedef enum OPTION_choice { OPT_NO_PUBLIC, OPT_CHECK } OPTION_CHOICE; -OPTIONS ec_options[] = { +const OPTIONS ec_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, {"in", OPT_IN, 's', "Input file"}, {"inform", OPT_INFORM, 'f', "Input format - DER or PEM"}, @@ -185,7 +186,7 @@ int ec_main(int argc, char **argv) } else if (informat == FORMAT_ENGINE) { EVP_PKEY *pkey; if (pubin) - pkey = load_pubkey(infile, informat , 1, passin, e, "Public Key"); + pkey = load_pubkey(infile, informat, 1, passin, e, "Public Key"); else pkey = load_key(infile, informat, 1, passin, e, "Private Key"); if (pkey != NULL) { @@ -244,20 +245,20 @@ int ec_main(int argc, char **argv) BIO_printf(bio_err, "writing EC key\n"); if (outformat == FORMAT_ASN1) { - if (param_out) + if (param_out) { i = i2d_ECPKParameters_bio(out, group); - else if (pubin || pubout) + } else if (pubin || pubout) { i = i2d_EC_PUBKEY_bio(out, eckey); - else { + } else { assert(private); i = i2d_ECPrivateKey_bio(out, eckey); } } else { - if (param_out) + if (param_out) { i = PEM_write_bio_ECPKParameters(out, group); - else if (pubin || pubout) + } else if (pubin || pubout) { i = PEM_write_bio_EC_PUBKEY(out, eckey); - else { + } else { assert(private); i = PEM_write_bio_ECPrivateKey(out, eckey, enc, NULL, 0, NULL, passout); @@ -267,8 +268,9 @@ int ec_main(int argc, char **argv) if (!i) { BIO_printf(bio_err, "unable to write private key\n"); ERR_print_errors(bio_err); - } else + } else { ret = 0; + } end: BIO_free(in); BIO_free_all(out); @@ -276,6 +278,6 @@ int ec_main(int argc, char **argv) release_engine(e); OPENSSL_free(passin); OPENSSL_free(passout); - return (ret); + return ret; } #endif diff --git a/deps/openssl/openssl/apps/ecparam.c b/deps/openssl/openssl/apps/ecparam.c index 999f7487035e7a..917f1a86b2e36c 100644 --- a/deps/openssl/openssl/apps/ecparam.c +++ b/deps/openssl/openssl/apps/ecparam.c @@ -1,5 +1,6 @@ /* * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,20 +8,6 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * - * Portions of the attached software ("Contribution") are developed by - * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. - * - * The Contribution is licensed pursuant to the OpenSSL open source - * license provided above. - * - * The elliptic curve binary polynomial software is originally written by - * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. - * - */ - #include #ifdef OPENSSL_NO_EC NON_EMPTY_TRANSLATION_UNIT @@ -31,6 +18,7 @@ NON_EMPTY_TRANSLATION_UNIT # include # include # include "apps.h" +# include "progs.h" # include # include # include @@ -42,10 +30,11 @@ typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT, OPT_C, OPT_CHECK, OPT_LIST_CURVES, OPT_NO_SEED, OPT_NOOUT, OPT_NAME, - OPT_CONV_FORM, OPT_PARAM_ENC, OPT_GENKEY, OPT_RAND, OPT_ENGINE + OPT_CONV_FORM, OPT_PARAM_ENC, OPT_GENKEY, OPT_ENGINE, + OPT_R_ENUM } OPTION_CHOICE; -OPTIONS ecparam_options[] = { +const OPTIONS ecparam_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, {"inform", OPT_INFORM, 'F', "Input format - default PEM (DER or PEM)"}, {"outform", OPT_OUTFORM, 'F', "Output format - default PEM"}, @@ -65,7 +54,7 @@ OPTIONS ecparam_options[] = { {"param_enc", OPT_PARAM_ENC, 's', "Specifies the way the ec parameters are encoded"}, {"genkey", OPT_GENKEY, '-', "Generate ec key"}, - {"rand", OPT_RAND, 's', "Files to use for random number input"}, + OPT_R_OPTIONS, # ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, # endif @@ -93,7 +82,7 @@ int ecparam_main(int argc, char **argv) BIO *in = NULL, *out = NULL; EC_GROUP *group = NULL; point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED; - char *curve_name = NULL, *inrand = NULL; + char *curve_name = NULL; char *infile = NULL, *outfile = NULL, *prog; unsigned char *buffer = NULL; OPTION_CHOICE o; @@ -101,7 +90,7 @@ int ecparam_main(int argc, char **argv) int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0, C = 0; int ret = 1, private = 0; int list_curves = 0, no_seed = 0, check = 0, new_form = 0; - int text = 0, i, need_rand = 0, genkey = 0; + int text = 0, i, genkey = 0; prog = opt_init(argc, argv, ecparam_options); while ((o = opt_next()) != OPT_EOF) { @@ -162,11 +151,11 @@ int ecparam_main(int argc, char **argv) new_asn1_flag = 1; break; case OPT_GENKEY: - genkey = need_rand = 1; + genkey = 1; break; - case OPT_RAND: - inrand = opt_arg(); - need_rand = 1; + case OPT_R_CASES: + if (!opt_rand(o)) + goto end; break; case OPT_ENGINE: e = setup_engine(opt_arg(), 0); @@ -232,8 +221,9 @@ int ecparam_main(int argc, char **argv) BIO_printf(bio_err, "using curve name prime256v1 " "instead of secp256r1\n"); nid = NID_X9_62_prime256v1; - } else + } else { nid = OBJ_sn2nid(curve_name); + } if (nid == 0) nid = EC_curve_nist2nid(curve_name); @@ -250,10 +240,11 @@ int ecparam_main(int argc, char **argv) } EC_GROUP_set_asn1_flag(group, asn1_flag); EC_GROUP_set_point_conversion_form(group, form); - } else if (informat == FORMAT_ASN1) + } else if (informat == FORMAT_ASN1) { group = d2i_ECPKParameters_bio(in, NULL); - else + } else { group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL); + } if (group == NULL) { BIO_printf(bio_err, "unable to load elliptic curve parameters\n"); ERR_print_errors(bio_err); @@ -308,7 +299,7 @@ int ecparam_main(int argc, char **argv) goto end; } - if (!EC_GROUP_get_curve_GFp(group, ec_p, ec_a, ec_b, NULL)) + if (!EC_GROUP_get_curve(group, ec_p, ec_a, ec_b, NULL)) goto end; if ((point = EC_GROUP_get0_generator(group)) == NULL) @@ -409,21 +400,12 @@ int ecparam_main(int argc, char **argv) } } - if (need_rand) { - app_RAND_load_file(NULL, (inrand != NULL)); - if (inrand != NULL) - BIO_printf(bio_err, "%ld semi-random bytes loaded\n", - app_RAND_load_files(inrand)); - } - if (genkey) { EC_KEY *eckey = EC_KEY_new(); if (eckey == NULL) goto end; - assert(need_rand); - if (EC_KEY_set_group(eckey, group) == 0) { BIO_printf(bio_err, "unable to set group when generating key\n"); EC_KEY_free(eckey); @@ -449,9 +431,6 @@ int ecparam_main(int argc, char **argv) EC_KEY_free(eckey); } - if (need_rand) - app_RAND_write_file(NULL); - ret = 0; end: BN_free(ec_p); @@ -465,7 +444,7 @@ int ecparam_main(int argc, char **argv) release_engine(e); BIO_free(in); BIO_free_all(out); - return (ret); + return ret; } #endif diff --git a/deps/openssl/openssl/apps/enc.c b/deps/openssl/openssl/apps/enc.c index df5538114c76ac..8e5a57d3e5d74d 100644 --- a/deps/openssl/openssl/apps/enc.c +++ b/deps/openssl/openssl/apps/enc.c @@ -12,6 +12,7 @@ #include #include #include "apps.h" +#include "progs.h" #include #include #include @@ -29,7 +30,7 @@ #define SIZE (512) #define BSIZE (8*1024) -static int set_hex(char *in, unsigned char *out, int size); +static int set_hex(const char *in, unsigned char *out, int size); static void show_ciphers(const OBJ_NAME *name, void *bio_); struct doall_enc_ciphers { @@ -43,10 +44,11 @@ typedef enum OPTION_choice { OPT_E, OPT_IN, OPT_OUT, OPT_PASS, OPT_ENGINE, OPT_D, OPT_P, OPT_V, OPT_NOPAD, OPT_SALT, OPT_NOSALT, OPT_DEBUG, OPT_UPPER_P, OPT_UPPER_A, OPT_A, OPT_Z, OPT_BUFSIZE, OPT_K, OPT_KFILE, OPT_UPPER_K, OPT_NONE, - OPT_UPPER_S, OPT_IV, OPT_MD, OPT_CIPHER + OPT_UPPER_S, OPT_IV, OPT_MD, OPT_ITER, OPT_PBKDF2, OPT_CIPHER, + OPT_R_ENUM } OPTION_CHOICE; -OPTIONS enc_options[] = { +const OPTIONS enc_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, {"ciphers", OPT_LIST, '-', "List ciphers"}, {"in", OPT_IN, '<', "Input file"}, @@ -72,8 +74,11 @@ OPTIONS enc_options[] = { {"S", OPT_UPPER_S, 's', "Salt, in hex"}, {"iv", OPT_IV, 's', "IV in hex"}, {"md", OPT_MD, 's', "Use specified digest to create a key from the passphrase"}, + {"iter", OPT_ITER, 'p', "Specify the iteration count and force use of PBKDF2"}, + {"pbkdf2", OPT_PBKDF2, '-', "Use password-based key derivation function 2"}, {"none", OPT_NONE, '-', "Don't encrypt"}, {"", OPT_CIPHER, '-', "Any supported cipher"}, + OPT_R_OPTIONS, #ifdef ZLIB {"z", OPT_Z, '-', "Use zlib as the 'encryption'"}, #endif @@ -104,6 +109,8 @@ int enc_main(int argc, char **argv) int ret = 1, inl, nopad = 0; unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; unsigned char *buff = NULL, salt[PKCS5_SALT_LEN]; + int pbkdf2 = 0; + int iter = 0; long n; struct doall_enc_ciphers dec; #ifdef ZLIB @@ -113,13 +120,13 @@ int enc_main(int argc, char **argv) /* first check the program name */ prog = opt_progname(argv[0]); - if (strcmp(prog, "base64") == 0) + if (strcmp(prog, "base64") == 0) { base64 = 1; #ifdef ZLIB - else if (strcmp(prog, "zlib") == 0) + } else if (strcmp(prog, "zlib") == 0) { do_zlib = 1; #endif - else { + } else { cipher = EVP_get_cipherbyname(prog); if (cipher == NULL && strcmp(prog, "enc") != 0) { BIO_printf(bio_err, "%s is not a known cipher\n", prog); @@ -252,9 +259,23 @@ int enc_main(int argc, char **argv) goto opthelp; cipher = c; break; + case OPT_ITER: + if (!opt_int(opt_arg(), &iter)) + goto opthelp; + pbkdf2 = 1; + break; + case OPT_PBKDF2: + pbkdf2 = 1; + if (iter == 0) /* do not overwrite a chosen value */ + iter = 10000; + break; case OPT_NONE: cipher = NULL; break; + case OPT_R_CASES: + if (!opt_rand(o)) + goto end; + break; } } if (opt_num_rest() != 0) { @@ -275,6 +296,9 @@ int enc_main(int argc, char **argv) if (dgst == NULL) dgst = EVP_sha256(); + if (iter == 0) + iter = 1; + /* It must be large enough for a base64 encoded line */ if (base64 && bsize < 80) bsize = 80; @@ -296,12 +320,13 @@ int enc_main(int argc, char **argv) if (infile == NULL) { in = dup_bio_in(informat); - } else + } else { in = bio_open_default(infile, 'r', informat); + } if (in == NULL) goto end; - if (!str && passarg) { + if (str == NULL && passarg != NULL) { if (!app_passwd(passarg, NULL, &pass, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; @@ -311,13 +336,13 @@ int enc_main(int argc, char **argv) if ((str == NULL) && (cipher != NULL) && (hkey == NULL)) { if (1) { -#ifndef OPENSSL_NO_UI +#ifndef OPENSSL_NO_UI_CONSOLE for (;;) { char prompt[200]; BIO_snprintf(prompt, sizeof(prompt), "enter %s %s password:", - OBJ_nid2ln(EVP_CIPHER_nid(cipher)), - (enc) ? "encryption" : "decryption"); + OBJ_nid2ln(EVP_CIPHER_nid(cipher)), + (enc) ? "encryption" : "decryption"); strbuf[0] = '\0'; i = EVP_read_pw_string((char *)strbuf, SIZE, prompt, enc); if (i == 0) { @@ -397,17 +422,18 @@ int enc_main(int argc, char **argv) unsigned char *sptr; size_t str_len = strlen(str); - if (nosalt) + if (nosalt) { sptr = NULL; - else { + } else { if (enc) { if (hsalt) { if (!set_hex(hsalt, salt, sizeof(salt))) { BIO_printf(bio_err, "invalid hex salt value\n"); goto end; } - } else if (RAND_bytes(salt, sizeof(salt)) <= 0) + } else if (RAND_bytes(salt, sizeof(salt)) <= 0) { goto end; + } /* * If -P option then don't bother writing */ @@ -430,19 +456,41 @@ int enc_main(int argc, char **argv) BIO_printf(bio_err, "bad magic number\n"); goto end; } - sptr = salt; } - if (!EVP_BytesToKey(cipher, dgst, sptr, - (unsigned char *)str, - str_len, 1, key, iv)) { - BIO_printf(bio_err, "EVP_BytesToKey failed\n"); - goto end; + if (pbkdf2 == 1) { + /* + * derive key and default iv + * concatenated into a temporary buffer + */ + unsigned char tmpkeyiv[EVP_MAX_KEY_LENGTH + EVP_MAX_IV_LENGTH]; + int iklen = EVP_CIPHER_key_length(cipher); + int ivlen = EVP_CIPHER_iv_length(cipher); + /* not needed if HASH_UPDATE() is fixed : */ + int islen = (sptr != NULL ? sizeof(salt) : 0); + if (!PKCS5_PBKDF2_HMAC(str, str_len, sptr, islen, + iter, dgst, iklen+ivlen, tmpkeyiv)) { + BIO_printf(bio_err, "PKCS5_PBKDF2_HMAC failed\n"); + goto end; + } + /* split and move data back to global buffer */ + memcpy(key, tmpkeyiv, iklen); + memcpy(iv, tmpkeyiv+iklen, ivlen); + } else { + BIO_printf(bio_err, "*** WARNING : " + "deprecated key derivation used.\n" + "Using -iter or -pbkdf2 would be better.\n"); + if (!EVP_BytesToKey(cipher, dgst, sptr, + (unsigned char *)str, str_len, + 1, key, iv)) { + BIO_printf(bio_err, "EVP_BytesToKey failed\n"); + goto end; + } } /* * zero the complete buffer or the string passed from the command - * line bug picked up by Larry J. Hughes Jr. + * line. */ if (str == strbuf) OPENSSL_cleanse(str, SIZE); @@ -453,7 +501,7 @@ int enc_main(int argc, char **argv) int siz = EVP_CIPHER_iv_length(cipher); if (siz == 0) { BIO_printf(bio_err, "warning: iv not use by this cipher\n"); - } else if (!set_hex(hiv, iv, sizeof(iv))) { + } else if (!set_hex(hiv, iv, siz)) { BIO_printf(bio_err, "invalid hex iv value\n"); goto end; } @@ -461,16 +509,19 @@ int enc_main(int argc, char **argv) if ((hiv == NULL) && (str == NULL) && EVP_CIPHER_iv_length(cipher) != 0) { /* - * No IV was explicitly set and no IV was generated during - * EVP_BytesToKey. Hence the IV is undefined, making correct - * decryption impossible. + * No IV was explicitly set and no IV was generated. + * Hence the IV is undefined, making correct decryption impossible. */ BIO_printf(bio_err, "iv undefined\n"); goto end; } - if ((hkey != NULL) && !set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) { - BIO_printf(bio_err, "invalid hex key value\n"); - goto end; + if (hkey != NULL) { + if (!set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) { + BIO_printf(bio_err, "invalid hex key value\n"); + goto end; + } + /* wiping secret data as we no longer need it */ + OPENSSL_cleanse(hkey, strlen(hkey)); } if ((benc = BIO_new(BIO_f_cipher())) == NULL) @@ -551,8 +602,8 @@ int enc_main(int argc, char **argv) ret = 0; if (verbose) { - BIO_printf(bio_err, "bytes read :%8"BIO_PRI64"u\n", BIO_number_read(in)); - BIO_printf(bio_err, "bytes written:%8"BIO_PRI64"u\n", BIO_number_written(out)); + BIO_printf(bio_err, "bytes read : %8ju\n", BIO_number_read(in)); + BIO_printf(bio_err, "bytes written: %8ju\n", BIO_number_written(out)); } end: ERR_print_errors(bio_err); @@ -567,7 +618,7 @@ int enc_main(int argc, char **argv) #endif release_engine(e); OPENSSL_free(pass); - return (ret); + return ret; } static void show_ciphers(const OBJ_NAME *name, void *arg) @@ -593,25 +644,26 @@ static void show_ciphers(const OBJ_NAME *name, void *arg) BIO_printf(dec->bio, " "); } -static int set_hex(char *in, unsigned char *out, int size) +static int set_hex(const char *in, unsigned char *out, int size) { int i, n; unsigned char j; + i = size * 2; n = strlen(in); - if (n > (size * 2)) { - BIO_printf(bio_err, "hex string is too long\n"); - return (0); + if (n > i) { + BIO_printf(bio_err, "hex string is too long, ignoring excess\n"); + n = i; /* ignore exceeding part */ + } else if (n < i) { + BIO_printf(bio_err, "hex string is too short, padding with zero bytes to length\n"); } + memset(out, 0, size); for (i = 0; i < n; i++) { - j = (unsigned char)*in; - *(in++) = '\0'; - if (j == 0) - break; + j = (unsigned char)*in++; if (!isxdigit(j)) { BIO_printf(bio_err, "non-hex digit\n"); - return (0); + return 0; } j = (unsigned char)OPENSSL_hexchar2int(j); if (i & 1) @@ -619,5 +671,5 @@ static int set_hex(char *in, unsigned char *out, int size) else out[i / 2] = (j << 4); } - return (1); + return 1; } diff --git a/deps/openssl/openssl/apps/engine.c b/deps/openssl/openssl/apps/engine.c index 4eeb642495b0b0..83f9588a0ab19f 100644 --- a/deps/openssl/openssl/apps/engine.c +++ b/deps/openssl/openssl/apps/engine.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,12 +13,14 @@ NON_EMPTY_TRANSLATION_UNIT #else # include "apps.h" +# include "progs.h" # include # include # include # include # include # include +# include typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, @@ -26,7 +28,7 @@ typedef enum OPTION_choice { OPT_V = 100, OPT_VV, OPT_VVV, OPT_VVVV } OPTION_CHOICE; -OPTIONS engine_options[] = { +const OPTIONS engine_options[] = { {OPT_HELP_STR, 1, '-', "Usage: %s [options] engine...\n"}, {OPT_HELP_STR, 1, '-', " engine... Engines to load\n"}, @@ -47,28 +49,38 @@ OPTIONS engine_options[] = { static int append_buf(char **buf, int *size, const char *s) { - if (*buf == NULL) { - *size = 256; - *buf = app_malloc(*size, "engine buffer"); - **buf = '\0'; - } + const int expand = 256; + int len = strlen(s) + 1; + char *p = *buf; + + if (p == NULL) { + *size = ((len + expand - 1) / expand) * expand; + p = *buf = app_malloc(*size, "engine buffer"); + } else { + const int blen = strlen(p); + + if (blen > 0) + len += 2 + blen; - if (strlen(*buf) + strlen(s) >= (unsigned int)*size) { - char *tmp; - *size += 256; - tmp = OPENSSL_realloc(*buf, *size); - if (tmp == NULL) { - OPENSSL_free(*buf); - *buf = NULL; - return 0; + if (len > *size) { + *size = ((len + expand - 1) / expand) * expand; + p = OPENSSL_realloc(p, *size); + if (p == NULL) { + OPENSSL_free(*buf); + *buf = NULL; + return 0; + } + *buf = p; } - *buf = tmp; - } - if (**buf != '\0') - OPENSSL_strlcat(*buf, ", ", *size); - OPENSSL_strlcat(*buf, s, *size); + if (blen > 0) { + p += blen; + *p++ = ','; + *p++ = ' '; + } + } + strcpy(p, s); return 1; } @@ -147,7 +159,7 @@ static int util_verbose(ENGINE *e, int verbose, BIO *out, const char *indent) } cmds = sk_OPENSSL_STRING_new_null(); - if (!cmds) + if (cmds == NULL) goto err; do { @@ -249,15 +261,34 @@ static void util_do_cmds(ENGINE *e, STACK_OF(OPENSSL_STRING) *cmds, if (!ENGINE_ctrl_cmd_string(e, buf, arg, 0)) res = 0; } - if (res) + if (res) { BIO_printf(out, "[Success]: %s\n", cmd); - else { + } else { BIO_printf(out, "[Failure]: %s\n", cmd); ERR_print_errors(out); } } } +struct util_store_cap_data { + ENGINE *engine; + char **cap_buf; + int *cap_size; + int ok; +}; +static void util_store_cap(const OSSL_STORE_LOADER *loader, void *arg) +{ + struct util_store_cap_data *ctx = arg; + + if (OSSL_STORE_LOADER_get0_engine(loader) == ctx->engine) { + char buf[256]; + BIO_snprintf(buf, sizeof(buf), "STORE(%s)", + OSSL_STORE_LOADER_get0_scheme(loader)); + if (!append_buf(ctx->cap_buf, ctx->cap_size, buf)) + ctx->ok = 0; + } +} + int engine_main(int argc, char **argv) { int ret = 1, i; @@ -380,7 +411,7 @@ int engine_main(int argc, char **argv) goto end; fn_c = ENGINE_get_ciphers(e); - if (!fn_c) + if (fn_c == NULL) goto skip_ciphers; n = fn_c(e, NULL, &nids, 0); for (k = 0; k < n; ++k) @@ -389,7 +420,7 @@ int engine_main(int argc, char **argv) skip_ciphers: fn_d = ENGINE_get_digests(e); - if (!fn_d) + if (fn_d == NULL) goto skip_digests; n = fn_d(e, NULL, &nids, 0); for (k = 0; k < n; ++k) @@ -398,14 +429,26 @@ int engine_main(int argc, char **argv) skip_digests: fn_pk = ENGINE_get_pkey_meths(e); - if (!fn_pk) + if (fn_pk == NULL) goto skip_pmeths; n = fn_pk(e, NULL, &nids, 0); for (k = 0; k < n; ++k) if (!append_buf(&cap_buf, &cap_size, OBJ_nid2sn(nids[k]))) goto end; skip_pmeths: - if (cap_buf && (*cap_buf != '\0')) + { + struct util_store_cap_data store_ctx; + + store_ctx.engine = e; + store_ctx.cap_buf = &cap_buf; + store_ctx.cap_size = &cap_size; + store_ctx.ok = 1; + + OSSL_STORE_do_all_loaders(util_store_cap, &store_ctx); + if (!store_ctx.ok) + goto end; + } + if (cap_buf != NULL && (*cap_buf != '\0')) BIO_printf(out, " [%s]\n", cap_buf); OPENSSL_free(cap_buf); @@ -441,6 +484,6 @@ int engine_main(int argc, char **argv) sk_OPENSSL_STRING_free(pre_cmds); sk_OPENSSL_STRING_free(post_cmds); BIO_free_all(out); - return (ret); + return ret; } #endif diff --git a/deps/openssl/openssl/apps/errstr.c b/deps/openssl/openssl/apps/errstr.c index 79d83ee464af24..3ef01f076a8c32 100644 --- a/deps/openssl/openssl/apps/errstr.c +++ b/deps/openssl/openssl/apps/errstr.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,8 +11,8 @@ #include #include #include "apps.h" +#include "progs.h" #include -#include #include #include @@ -20,7 +20,7 @@ typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP } OPTION_CHOICE; -OPTIONS errstr_options[] = { +const OPTIONS errstr_options[] = { {OPT_HELP_STR, 1, '-', "Usage: %s [options] errnum...\n"}, {OPT_HELP_STR, 1, '-', " errnum Error number\n"}, {"help", OPT_HELP, '-', "Display this summary"}, @@ -50,9 +50,9 @@ int errstr_main(int argc, char **argv) ret = 0; for (argv = opt_rest(); *argv; argv++) { - if (sscanf(*argv, "%lx", &l) == 0) + if (sscanf(*argv, "%lx", &l) == 0) { ret++; - else { + } else { /* We're not really an SSL application so this won't auto-init, but * we're still interested in SSL error strings */ @@ -63,5 +63,5 @@ int errstr_main(int argc, char **argv) } } end: - return (ret); + return ret; } diff --git a/deps/openssl/openssl/apps/gendsa.c b/deps/openssl/openssl/apps/gendsa.c index bdef022cff4f2f..401375420bffad 100644 --- a/deps/openssl/openssl/apps/gendsa.c +++ b/deps/openssl/openssl/apps/gendsa.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -17,6 +17,7 @@ NON_EMPTY_TRANSLATION_UNIT # include # include # include "apps.h" +# include "progs.h" # include # include # include @@ -26,17 +27,17 @@ NON_EMPTY_TRANSLATION_UNIT typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, - OPT_OUT, OPT_PASSOUT, OPT_ENGINE, OPT_RAND, OPT_CIPHER + OPT_OUT, OPT_PASSOUT, OPT_ENGINE, OPT_CIPHER, + OPT_R_ENUM } OPTION_CHOICE; -OPTIONS gendsa_options[] = { +const OPTIONS gendsa_options[] = { {OPT_HELP_STR, 1, '-', "Usage: %s [args] dsaparam-file\n"}, {OPT_HELP_STR, 1, '-', "Valid options are:\n"}, {"help", OPT_HELP, '-', "Display this summary"}, {"out", OPT_OUT, '>', "Output the key to the specified file"}, {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, - {"rand", OPT_RAND, 's', - "Load the file(s) into the random number generator"}, + OPT_R_OPTIONS, {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"}, # ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, @@ -50,7 +51,7 @@ int gendsa_main(int argc, char **argv) BIO *out = NULL, *in = NULL; DSA *dsa = NULL; const EVP_CIPHER *enc = NULL; - char *inrand = NULL, *dsaparams = NULL; + char *dsaparams = NULL; char *outfile = NULL, *passoutarg = NULL, *passout = NULL, *prog; OPTION_CHOICE o; int ret = 1, private = 0; @@ -77,8 +78,9 @@ int gendsa_main(int argc, char **argv) case OPT_ENGINE: e = setup_engine(opt_arg(), 0); break; - case OPT_RAND: - inrand = opt_arg(); + case OPT_R_CASES: + if (!opt_rand(o)) + goto end; break; case OPT_CIPHER: if (!opt_cipher(opt_unknown(), &enc)) @@ -114,21 +116,18 @@ int gendsa_main(int argc, char **argv) if (out == NULL) goto end2; - if (!app_RAND_load_file(NULL, 1) && inrand == NULL) { + DSA_get0_pqg(dsa, &p, NULL, NULL); + + if (BN_num_bits(p) > OPENSSL_DSA_MAX_MODULUS_BITS) BIO_printf(bio_err, - "warning, not much extra random data, consider using the -rand option\n"); - } - if (inrand != NULL) - BIO_printf(bio_err, "%ld semi-random bytes loaded\n", - app_RAND_load_files(inrand)); + "Warning: It is not recommended to use more than %d bit for DSA keys.\n" + " Your key size is %d! Larger key size may behave not as expected.\n", + OPENSSL_DSA_MAX_MODULUS_BITS, BN_num_bits(p)); - DSA_get0_pqg(dsa, &p, NULL, NULL); BIO_printf(bio_err, "Generating DSA key, %d bits\n", BN_num_bits(p)); if (!DSA_generate_key(dsa)) goto end; - app_RAND_write_file(NULL); - assert(private); if (!PEM_write_bio_DSAPrivateKey(out, dsa, enc, NULL, 0, NULL, passout)) goto end; @@ -142,6 +141,6 @@ int gendsa_main(int argc, char **argv) DSA_free(dsa); release_engine(e); OPENSSL_free(passout); - return (ret); + return ret; } #endif diff --git a/deps/openssl/openssl/apps/genpkey.c b/deps/openssl/openssl/apps/genpkey.c index 9e37977252e0b1..39fa73c91cf4dd 100644 --- a/deps/openssl/openssl/apps/genpkey.c +++ b/deps/openssl/openssl/apps/genpkey.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,6 +10,7 @@ #include #include #include "apps.h" +#include "progs.h" #include #include #include @@ -26,7 +27,7 @@ typedef enum OPTION_choice { OPT_ALGORITHM, OPT_PKEYOPT, OPT_GENPARAM, OPT_TEXT, OPT_CIPHER } OPTION_CHOICE; -OPTIONS genpkey_options[] = { +const OPTIONS genpkey_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, {"out", OPT_OUT, '>', "Output file"}, {"outform", OPT_OUTFORM, 'F', "output format (DER or PEM)"}, @@ -119,6 +120,13 @@ int genpkey_main(int argc, char **argv) if (!opt_cipher(opt_unknown(), &cipher) || do_param == 1) goto opthelp; + if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE || + EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE || + EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE || + EVP_CIPHER_mode(cipher) == EVP_CIPH_OCB_MODE) { + BIO_printf(bio_err, "%s: cipher mode not supported\n", prog); + goto end; + } } } argc = opt_num_rest(); @@ -156,9 +164,9 @@ int genpkey_main(int argc, char **argv) } } - if (do_param) + if (do_param) { rv = PEM_write_bio_Parameters(out, pkey); - else if (outformat == FORMAT_PEM) { + } else if (outformat == FORMAT_PEM) { assert(private); rv = PEM_write_bio_PrivateKey(out, pkey, cipher, NULL, 0, NULL, pass); } else if (outformat == FORMAT_ASN1) { diff --git a/deps/openssl/openssl/apps/genrsa.c b/deps/openssl/openssl/apps/genrsa.c index 19bc7535e34acb..c17cd147154eea 100644 --- a/deps/openssl/openssl/apps/genrsa.c +++ b/deps/openssl/openssl/apps/genrsa.c @@ -17,6 +17,7 @@ NON_EMPTY_TRANSLATION_UNIT # include # include # include "apps.h" +# include "progs.h" # include # include # include @@ -27,28 +28,30 @@ NON_EMPTY_TRANSLATION_UNIT # include # define DEFBITS 2048 +# define DEFPRIMES 2 static int genrsa_cb(int p, int n, BN_GENCB *cb); typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_3, OPT_F4, OPT_ENGINE, - OPT_OUT, OPT_RAND, OPT_PASSOUT, OPT_CIPHER + OPT_OUT, OPT_PASSOUT, OPT_CIPHER, OPT_PRIMES, + OPT_R_ENUM } OPTION_CHOICE; -OPTIONS genrsa_options[] = { +const OPTIONS genrsa_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, {"3", OPT_3, '-', "Use 3 for the E value"}, {"F4", OPT_F4, '-', "Use F4 (0x10001) for the E value"}, {"f4", OPT_F4, '-', "Use F4 (0x10001) for the E value"}, - {"out", OPT_OUT, 's', "Output the key to specified file"}, - {"rand", OPT_RAND, 's', - "Load the file(s) into the random number generator"}, + {"out", OPT_OUT, '>', "Output the key to specified file"}, + OPT_R_OPTIONS, {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"}, # ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, # endif + {"primes", OPT_PRIMES, 'p', "Specify number of primes"}, {NULL} }; @@ -62,10 +65,10 @@ int genrsa_main(int argc, char **argv) const BIGNUM *e; RSA *rsa = NULL; const EVP_CIPHER *enc = NULL; - int ret = 1, num = DEFBITS, private = 0; + int ret = 1, num = DEFBITS, private = 0, primes = DEFPRIMES; unsigned long f4 = RSA_F4; char *outfile = NULL, *passoutarg = NULL, *passout = NULL; - char *inrand = NULL, *prog, *hexe, *dece; + char *prog, *hexe, *dece; OPTION_CHOICE o; if (bn == NULL || cb == NULL) @@ -97,8 +100,9 @@ int genrsa_main(int argc, char **argv) case OPT_ENGINE: eng = setup_engine(opt_arg(), 0); break; - case OPT_RAND: - inrand = opt_arg(); + case OPT_R_CASES: + if (!opt_rand(o)) + goto end; break; case OPT_PASSOUT: passoutarg = opt_arg(); @@ -107,6 +111,10 @@ int genrsa_main(int argc, char **argv) if (!opt_cipher(opt_unknown(), &enc)) goto end; break; + case OPT_PRIMES: + if (!opt_int(opt_arg(), &primes)) + goto end; + break; } } argc = opt_num_rest(); @@ -115,6 +123,11 @@ int genrsa_main(int argc, char **argv) if (argc == 1) { if (!opt_int(argv[0], &num) || num <= 0) goto end; + if (num > OPENSSL_RSA_MAX_MODULUS_BITS) + BIO_printf(bio_err, + "Warning: It is not recommended to use more than %d bit for RSA keys.\n" + " Your key size is %d! Larger key size may behave not as expected.\n", + OPENSSL_RSA_MAX_MODULUS_BITS, num); } else if (argc > 0) { BIO_printf(bio_err, "Extra arguments given.\n"); goto opthelp; @@ -130,26 +143,16 @@ int genrsa_main(int argc, char **argv) if (out == NULL) goto end; - if (!app_RAND_load_file(NULL, 1) && inrand == NULL - && !RAND_status()) { - BIO_printf(bio_err, - "warning, not much extra random data, consider using the -rand option\n"); - } - if (inrand != NULL) - BIO_printf(bio_err, "%ld semi-random bytes loaded\n", - app_RAND_load_files(inrand)); - - BIO_printf(bio_err, "Generating RSA private key, %d bit long modulus\n", - num); + BIO_printf(bio_err, "Generating RSA private key, %d bit long modulus (%d primes)\n", + num, primes); rsa = eng ? RSA_new_method(eng) : RSA_new(); if (rsa == NULL) goto end; - if (!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, cb)) + if (!BN_set_word(bn, f4) + || !RSA_generate_multi_prime_key(rsa, num, primes, bn, cb)) goto end; - app_RAND_write_file(NULL); - RSA_get0_key(rsa, NULL, &e, NULL); hexe = BN_bn2hex(e); dece = BN_bn2dec(e); @@ -176,7 +179,7 @@ int genrsa_main(int argc, char **argv) OPENSSL_free(passout); if (ret != 0) ERR_print_errors(bio_err); - return (ret); + return ret; } static int genrsa_cb(int p, int n, BN_GENCB *cb) diff --git a/deps/openssl/openssl/apps/nseq.c b/deps/openssl/openssl/apps/nseq.c index 018d5ebdb65502..a067c915926f2f 100644 --- a/deps/openssl/openssl/apps/nseq.c +++ b/deps/openssl/openssl/apps/nseq.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,6 +10,7 @@ #include #include #include "apps.h" +#include "progs.h" #include #include @@ -18,7 +19,7 @@ typedef enum OPTION_choice { OPT_TOSEQ, OPT_IN, OPT_OUT } OPTION_CHOICE; -OPTIONS nseq_options[] = { +const OPTIONS nseq_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, {"toseq", OPT_TOSEQ, '-', "Output NS Sequence file"}, {"in", OPT_IN, '<', "Input file"}, @@ -109,5 +110,5 @@ int nseq_main(int argc, char **argv) BIO_free_all(out); NETSCAPE_CERT_SEQUENCE_free(seq); - return (ret); + return ret; } diff --git a/deps/openssl/openssl/apps/ocsp.c b/deps/openssl/openssl/apps/ocsp.c index 0c15f5114d2307..7fd78624bbcca1 100644 --- a/deps/openssl/openssl/apps/ocsp.c +++ b/deps/openssl/openssl/apps/ocsp.c @@ -17,8 +17,6 @@ NON_EMPTY_TRANSLATION_UNIT * on OpenVMS */ # endif -# define USE_SOCKETS - # include # include # include @@ -27,6 +25,8 @@ NON_EMPTY_TRANSLATION_UNIT /* Needs to be included before the openssl headers */ # include "apps.h" +# include "progs.h" +# include "internal/sockets.h" # include # include # include @@ -34,20 +34,23 @@ NON_EMPTY_TRANSLATION_UNIT # include # include # include - -# if defined(NETWARE_CLIB) -# ifdef NETWARE_BSDSOCK -# include -# include -# else -# include -# endif -# elif defined(NETWARE_LIBC) -# ifdef NETWARE_BSDSOCK -# include -# else -# include -# endif +# include + +# if defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_NO_SOCK) \ + && !defined(OPENSSL_NO_POSIX_IO) +# define OCSP_DAEMON +# include +# include +# include +# include +# define MAXERRLEN 1000 /* limit error text sent to syslog to 1000 bytes */ +# else +# undef LOG_INFO +# undef LOG_WARNING +# undef LOG_ERR +# define LOG_INFO 0 +# define LOG_WARNING 1 +# define LOG_ERR 2 # endif /* Maximum leeway in validity period: default 5 minutes */ @@ -63,16 +66,28 @@ static void print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req, STACK_OF(OPENSSL_STRING) *names, STACK_OF(OCSP_CERTID) *ids, long nsec, long maxage); -static void make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, - CA_DB *db, X509 *ca, X509 *rcert, +static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req, + CA_DB *db, STACK_OF(X509) *ca, X509 *rcert, EVP_PKEY *rkey, const EVP_MD *md, + STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(X509) *rother, unsigned long flags, int nmin, int ndays, int badsig); static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser); static BIO *init_responder(const char *port); -static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio); +static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, int timeout); static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp); +static void log_message(int level, const char *fmt, ...); +static char *prog; +static int multi = 0; + +# ifdef OCSP_DAEMON +static int acfd = (int) INVALID_SOCKET; +static int index_changed(CA_DB *); +static void spawn_loop(void); +static int print_syslog(const char *str, size_t len, void *levPtr); +static void sock_timeout(int signum); +# endif # ifndef OPENSSL_NO_SOCK static OCSP_RESPONSE *query_responder(BIO *cbio, const char *host, @@ -94,12 +109,13 @@ typedef enum OPTION_choice { OPT_VALIDITY_PERIOD, OPT_STATUS_AGE, OPT_SIGNKEY, OPT_REQOUT, OPT_RESPOUT, OPT_PATH, OPT_ISSUER, OPT_CERT, OPT_SERIAL, OPT_INDEX, OPT_CA, OPT_NMIN, OPT_REQUEST, OPT_NDAYS, OPT_RSIGNER, - OPT_RKEY, OPT_ROTHER, OPT_RMD, OPT_HEADER, + OPT_RKEY, OPT_ROTHER, OPT_RMD, OPT_RSIGOPT, OPT_HEADER, OPT_V_ENUM, - OPT_MD + OPT_MD, + OPT_MULTI } OPTION_CHOICE; -OPTIONS ocsp_options[] = { +const OPTIONS ocsp_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, {"out", OPT_OUTFILE, '>', "Output filename"}, {"timeout", OPT_TIMEOUT, 'p', @@ -108,7 +124,7 @@ OPTIONS ocsp_options[] = { {"host", OPT_HOST, 's', "TCP/IP hostname:port to connect to"}, {"port", OPT_PORT, 'p', "Port to run responder on"}, {"ignore_err", OPT_IGNORE_ERR, '-', - "Ignore Error response from OCSP responder, and retry "}, + "Ignore error on OCSP request or response and continue running"}, {"noverify", OPT_NOVERIFY, '-', "Don't verify response at all"}, {"nonce", OPT_NONCE, '-', "Add OCSP nonce to request"}, {"no_nonce", OPT_NO_NONCE, '-', "Don't add OCSP nonce to request"}, @@ -116,6 +132,9 @@ OPTIONS ocsp_options[] = { "Don't include any certificates in response"}, {"resp_key_id", OPT_RESP_KEY_ID, '-', "Identify response by signing certificate key ID"}, +# ifdef OCSP_DAEMON + {"multi", OPT_MULTI, 'p', "run multiple responder processes"}, +# endif {"no_certs", OPT_NO_CERTS, '-', "Don't include any certificates in signed request"}, {"no_signature_verify", OPT_NO_SIGNATURE_VERIFY, '-', @@ -171,6 +190,7 @@ OPTIONS ocsp_options[] = { {"rkey", OPT_RKEY, '<', "Responder key to sign responses with"}, {"rother", OPT_ROTHER, '<', "Other certificates to include in response"}, {"rmd", OPT_RMD, 's', "Digest Algorithm to use in signature of OCSP response"}, + {"rsigopt", OPT_RSIGOPT, 's', "OCSP response signature parameter in n:v form"}, {"header", OPT_HEADER, 's', "key=value header to add"}, {"", OPT_MD, '-', "Any supported digest algorithm (sha1,sha256, ... )"}, OPT_V_OPTIONS, @@ -181,6 +201,7 @@ int ocsp_main(int argc, char **argv) { BIO *acbio = NULL, *cbio = NULL, *derbio = NULL, *out = NULL; const EVP_MD *cert_id_md = NULL, *rsign_md = NULL; + STACK_OF(OPENSSL_STRING) *rsign_sigopts = NULL; int trailing_md = 0; CA_DB *rdb = NULL; EVP_PKEY *key = NULL, *rkey = NULL; @@ -192,7 +213,8 @@ int ocsp_main(int argc, char **argv) STACK_OF(OPENSSL_STRING) *reqnames = NULL; STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL; STACK_OF(X509) *issuers = NULL; - X509 *issuer = NULL, *cert = NULL, *rca_cert = NULL; + X509 *issuer = NULL, *cert = NULL; + STACK_OF(X509) *rca_cert = NULL; X509 *signer = NULL, *rsigner = NULL; X509_STORE *store = NULL; X509_VERIFY_PARAM *vpm = NULL; @@ -209,19 +231,16 @@ int ocsp_main(int argc, char **argv) int accept_count = -1, add_nonce = 1, noverify = 0, use_ssl = -1; int vpmtouched = 0, badsig = 0, i, ignore_err = 0, nmin = 0, ndays = -1; int req_text = 0, resp_text = 0, ret = 1; -#ifndef OPENSSL_NO_SOCK int req_timeout = -1; -#endif long nsec = MAX_VALIDITY_PERIOD, maxage = -1; unsigned long sign_flags = 0, verify_flags = 0, rflags = 0; OPTION_CHOICE o; - char *prog; reqnames = sk_OPENSSL_STRING_new_null(); - if (!reqnames) + if (reqnames == NULL) goto end; ids = sk_OCSP_CERTID_new_null(); - if (!ids) + if (ids == NULL) goto end; if ((vpm = X509_VERIFY_PARAM_new()) == NULL) return 1; @@ -435,6 +454,12 @@ int ocsp_main(int argc, char **argv) if (!opt_md(opt_arg(), &rsign_md)) goto end; break; + case OPT_RSIGOPT: + if (rsign_sigopts == NULL) + rsign_sigopts = sk_OPENSSL_STRING_new_null(); + if (rsign_sigopts == NULL || !sk_OPENSSL_STRING_push(rsign_sigopts, opt_arg())) + goto end; + break; case OPT_HEADER: header = opt_arg(); value = strchr(header, '='); @@ -457,9 +482,13 @@ int ocsp_main(int argc, char **argv) goto opthelp; trailing_md = 1; break; + case OPT_MULTI: +# ifdef OCSP_DAEMON + multi = atoi(opt_arg()); +# endif + break; } } - if (trailing_md) { BIO_printf(bio_err, "%s: Digest must be before -cert or -serial\n", prog); @@ -470,62 +499,105 @@ int ocsp_main(int argc, char **argv) goto opthelp; /* Have we anything to do? */ - if (!req && !reqin && !respin && !(port && ridx_filename)) + if (req == NULL && reqin == NULL + && respin == NULL && !(port != NULL && ridx_filename != NULL)) goto opthelp; out = bio_open_default(outfile, 'w', FORMAT_TEXT); if (out == NULL) goto end; - if (!req && (add_nonce != 2)) + if (req == NULL && (add_nonce != 2)) add_nonce = 0; - if (!req && reqin) { + if (req == NULL && reqin != NULL) { derbio = bio_open_default(reqin, 'r', FORMAT_ASN1); if (derbio == NULL) goto end; req = d2i_OCSP_REQUEST_bio(derbio, NULL); BIO_free(derbio); - if (!req) { + if (req == NULL) { BIO_printf(bio_err, "Error reading OCSP request\n"); goto end; } } - if (!req && port) { + if (req == NULL && port != NULL) { acbio = init_responder(port); - if (!acbio) + if (acbio == NULL) goto end; } - if (rsignfile) { - if (!rkeyfile) + if (rsignfile != NULL) { + if (rkeyfile == NULL) rkeyfile = rsignfile; rsigner = load_cert(rsignfile, FORMAT_PEM, "responder certificate"); - if (!rsigner) { + if (rsigner == NULL) { BIO_printf(bio_err, "Error loading responder certificate\n"); goto end; } - rca_cert = load_cert(rca_filename, FORMAT_PEM, "CA certificate"); - if (rcertfile) { + if (!load_certs(rca_filename, &rca_cert, FORMAT_PEM, + NULL, "CA certificate")) + goto end; + if (rcertfile != NULL) { if (!load_certs(rcertfile, &rother, FORMAT_PEM, NULL, "responder other certificates")) goto end; } rkey = load_key(rkeyfile, FORMAT_PEM, 0, NULL, NULL, "responder private key"); - if (!rkey) + if (rkey == NULL) goto end; } - if (acbio) - BIO_printf(bio_err, "Waiting for OCSP client connections...\n"); - redo_accept: + if (ridx_filename != NULL + && (rkey == NULL || rsigner == NULL || rca_cert == NULL)) { + BIO_printf(bio_err, + "Responder mode requires certificate, key, and CA.\n"); + goto end; + } - if (acbio) { - if (!do_responder(&req, &cbio, acbio)) + if (ridx_filename != NULL) { + rdb = load_index(ridx_filename, NULL); + if (rdb == NULL || index_index(rdb) <= 0) { + ret = 1; goto end; - if (!req) { + } + } + +# ifdef OCSP_DAEMON + if (multi && acbio != NULL) + spawn_loop(); + if (acbio != NULL && req_timeout > 0) + signal(SIGALRM, sock_timeout); +#endif + + if (acbio != NULL) + log_message(LOG_INFO, "waiting for OCSP client connections..."); + +redo_accept: + + if (acbio != NULL) { +# ifdef OCSP_DAEMON + if (index_changed(rdb)) { + CA_DB *newrdb = load_index(ridx_filename, NULL); + + if (newrdb != NULL && index_index(newrdb) > 0) { + free_index(rdb); + rdb = newrdb; + } else { + free_index(newrdb); + log_message(LOG_ERR, "error reloading updated index: %s", + ridx_filename); + } + } +# endif + + req = NULL; + if (!do_responder(&req, &cbio, acbio, req_timeout)) + goto redo_accept; + + if (req == NULL) { resp = OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL); @@ -534,30 +606,32 @@ int ocsp_main(int argc, char **argv) } } - if (!req && (signfile || reqout || host || add_nonce || ridx_filename)) { + if (req == NULL + && (signfile != NULL || reqout != NULL + || host != NULL || add_nonce || ridx_filename != NULL)) { BIO_printf(bio_err, "Need an OCSP request for this operation!\n"); goto end; } - if (req && add_nonce) + if (req != NULL && add_nonce) OCSP_request_add1_nonce(req, NULL, -1); - if (signfile) { - if (!keyfile) + if (signfile != NULL) { + if (keyfile == NULL) keyfile = signfile; signer = load_cert(signfile, FORMAT_PEM, "signer certificate"); - if (!signer) { + if (signer == NULL) { BIO_printf(bio_err, "Error loading signer certificate\n"); goto end; } - if (sign_certfile) { + if (sign_certfile != NULL) { if (!load_certs(sign_certfile, &sign_other, FORMAT_PEM, NULL, "signer certificates")) goto end; } key = load_key(keyfile, FORMAT_PEM, 0, NULL, NULL, "signer private key"); - if (!key) + if (key == NULL) goto end; if (!OCSP_request_sign @@ -567,10 +641,10 @@ int ocsp_main(int argc, char **argv) } } - if (req_text && req) + if (req_text && req != NULL) OCSP_REQUEST_print(out, req, 0); - if (reqout) { + if (reqout != NULL) { derbio = bio_open_default(reqout, 'w', FORMAT_ASN1); if (derbio == NULL) goto end; @@ -578,43 +652,29 @@ int ocsp_main(int argc, char **argv) BIO_free(derbio); } - if (ridx_filename && (!rkey || !rsigner || !rca_cert)) { - BIO_printf(bio_err, - "Need a responder certificate, key and CA for this operation!\n"); - goto end; - } - - if (ridx_filename && !rdb) { - rdb = load_index(ridx_filename, NULL); - if (!rdb) - goto end; - if (!index_index(rdb)) - goto end; - } - - if (rdb) { - make_ocsp_response(&resp, req, rdb, rca_cert, rsigner, rkey, - rsign_md, rother, rflags, nmin, ndays, badsig); - if (cbio) + if (rdb != NULL) { + make_ocsp_response(bio_err, &resp, req, rdb, rca_cert, rsigner, rkey, + rsign_md, rsign_sigopts, rother, rflags, nmin, ndays, badsig); + if (cbio != NULL) send_ocsp_response(cbio, resp); - } else if (host) { + } else if (host != NULL) { # ifndef OPENSSL_NO_SOCK resp = process_responder(req, host, path, port, use_ssl, headers, req_timeout); - if (!resp) + if (resp == NULL) goto end; # else BIO_printf(bio_err, "Error creating connect BIO - sockets not supported.\n"); goto end; # endif - } else if (respin) { + } else if (respin != NULL) { derbio = bio_open_default(respin, 'r', FORMAT_ASN1); if (derbio == NULL) goto end; resp = d2i_OCSP_RESPONSE_bio(derbio, NULL); BIO_free(derbio); - if (!resp) { + if (resp == NULL) { BIO_printf(bio_err, "Error reading OCSP response\n"); goto end; } @@ -625,7 +685,7 @@ int ocsp_main(int argc, char **argv) done_resp: - if (respout) { + if (respout != NULL) { derbio = bio_open_default(respout, 'w', FORMAT_ASN1); if (derbio == NULL) goto end; @@ -637,16 +697,15 @@ int ocsp_main(int argc, char **argv) if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) { BIO_printf(out, "Responder Error: %s (%d)\n", OCSP_response_status_str(i), i); - if (ignore_err) - goto redo_accept; - goto end; + if (!ignore_err) + goto end; } if (resp_text) OCSP_RESPONSE_print(out, resp, 0); /* If running as responder don't verify our own response */ - if (cbio) { + if (cbio != NULL) { /* If not unlimited, see if we took all we should. */ if (accept_count != -1 && --accept_count <= 0) { ret = 0; @@ -660,26 +719,26 @@ int ocsp_main(int argc, char **argv) resp = NULL; goto redo_accept; } - if (ridx_filename) { + if (ridx_filename != NULL) { ret = 0; goto end; } - if (!store) { + if (store == NULL) { store = setup_verify(CAfile, CApath, noCAfile, noCApath); if (!store) goto end; } if (vpmtouched) X509_STORE_set1_param(store, vpm); - if (verify_certfile) { + if (verify_certfile != NULL) { if (!load_certs(verify_certfile, &verify_other, FORMAT_PEM, NULL, "validator certificate")) goto end; } bs = OCSP_response_get1_basic(resp); - if (!bs) { + if (bs == NULL) { BIO_printf(bio_err, "Error parsing response\n"); goto end; } @@ -687,7 +746,7 @@ int ocsp_main(int argc, char **argv) ret = 0; if (!noverify) { - if (req && ((i = OCSP_check_nonce(req, bs)) <= 0)) { + if (req != NULL && ((i = OCSP_check_nonce(req, bs)) <= 0)) { if (i == -1) BIO_printf(bio_err, "WARNING: no nonce in response\n"); else { @@ -707,9 +766,9 @@ int ocsp_main(int argc, char **argv) BIO_printf(bio_err, "Response Verify Failure\n"); ERR_print_errors(bio_err); ret = 1; - } else + } else { BIO_printf(bio_err, "Response verify OK\n"); - + } } print_ocsp_summary(out, bs, req, reqnames, ids, nsec, maxage); @@ -719,16 +778,17 @@ int ocsp_main(int argc, char **argv) X509_free(signer); X509_STORE_free(store); X509_VERIFY_PARAM_free(vpm); + sk_OPENSSL_STRING_free(rsign_sigopts); EVP_PKEY_free(key); EVP_PKEY_free(rkey); X509_free(cert); sk_X509_pop_free(issuers, X509_free); X509_free(rsigner); - X509_free(rca_cert); + sk_X509_pop_free(rca_cert, X509_free); free_index(rdb); BIO_free_all(cbio); BIO_free_all(acbio); - BIO_free(out); + BIO_free_all(out); OCSP_REQUEST_free(req); OCSP_RESPONSE_free(resp); OCSP_BASICRESP_free(bs); @@ -741,15 +801,195 @@ int ocsp_main(int argc, char **argv) OPENSSL_free(tport); OPENSSL_free(tpath); - return (ret); + return ret; +} + +static void +log_message(int level, const char *fmt, ...) +{ + va_list ap; + + va_start(ap, fmt); +# ifdef OCSP_DAEMON + if (multi) { + char buf[1024]; + if (vsnprintf(buf, sizeof(buf), fmt, ap) > 0) { + syslog(level, "%s", buf); + } + if (level >= LOG_ERR) + ERR_print_errors_cb(print_syslog, &level); + } +# endif + if (!multi) { + BIO_printf(bio_err, "%s: ", prog); + BIO_vprintf(bio_err, fmt, ap); + BIO_printf(bio_err, "\n"); + } + va_end(ap); +} + +# ifdef OCSP_DAEMON + +static int print_syslog(const char *str, size_t len, void *levPtr) +{ + int level = *(int *)levPtr; + int ilen = (len > MAXERRLEN) ? MAXERRLEN : len; + + syslog(level, "%.*s", ilen, str); + + return ilen; } +static int index_changed(CA_DB *rdb) +{ + struct stat sb; + + if (rdb != NULL && stat(rdb->dbfname, &sb) != -1) { + if (rdb->dbst.st_mtime != sb.st_mtime + || rdb->dbst.st_ctime != sb.st_ctime + || rdb->dbst.st_ino != sb.st_ino + || rdb->dbst.st_dev != sb.st_dev) { + syslog(LOG_INFO, "index file changed, reloading"); + return 1; + } + } + return 0; +} + +static void killall(int ret, pid_t *kidpids) +{ + int i; + + for (i = 0; i < multi; ++i) + if (kidpids[i] != 0) + (void)kill(kidpids[i], SIGTERM); + sleep(1); + exit(ret); +} + +static int termsig = 0; + +static void noteterm (int sig) +{ + termsig = sig; +} + +/* + * Loop spawning up to `multi` child processes, only child processes return + * from this function. The parent process loops until receiving a termination + * signal, kills extant children and exits without returning. + */ +static void spawn_loop(void) +{ + pid_t *kidpids = NULL; + int status; + int procs = 0; + int i; + + openlog(prog, LOG_PID, LOG_DAEMON); + + if (setpgid(0, 0)) { + syslog(LOG_ERR, "fatal: error detaching from parent process group: %s", + strerror(errno)); + exit(1); + } + kidpids = app_malloc(multi * sizeof(*kidpids), "child PID array"); + for (i = 0; i < multi; ++i) + kidpids[i] = 0; + + signal(SIGINT, noteterm); + signal(SIGTERM, noteterm); + + while (termsig == 0) { + pid_t fpid; + + /* + * Wait for a child to replace when we're at the limit. + * Slow down if a child exited abnormally or waitpid() < 0 + */ + while (termsig == 0 && procs >= multi) { + if ((fpid = waitpid(-1, &status, 0)) > 0) { + for (i = 0; i < procs; ++i) { + if (kidpids[i] == fpid) { + kidpids[i] = 0; + --procs; + break; + } + } + if (i >= multi) { + syslog(LOG_ERR, "fatal: internal error: " + "no matching child slot for pid: %ld", + (long) fpid); + killall(1, kidpids); + } + if (status != 0) { + if (WIFEXITED(status)) + syslog(LOG_WARNING, "child process: %ld, exit status: %d", + (long)fpid, WEXITSTATUS(status)); + else if (WIFSIGNALED(status)) + syslog(LOG_WARNING, "child process: %ld, term signal %d%s", + (long)fpid, WTERMSIG(status), +#ifdef WCOREDUMP + WCOREDUMP(status) ? " (core dumped)" : +#endif + ""); + sleep(1); + } + break; + } else if (errno != EINTR) { + syslog(LOG_ERR, "fatal: waitpid(): %s", strerror(errno)); + killall(1, kidpids); + } + } + if (termsig) + break; + + switch(fpid = fork()) { + case -1: /* error */ + /* System critically low on memory, pause and try again later */ + sleep(30); + break; + case 0: /* child */ + OPENSSL_free(kidpids); + signal(SIGINT, SIG_DFL); + signal(SIGTERM, SIG_DFL); + if (termsig) + _exit(0); + if (RAND_poll() <= 0) { + syslog(LOG_ERR, "fatal: RAND_poll() failed"); + _exit(1); + } + return; + default: /* parent */ + for (i = 0; i < multi; ++i) { + if (kidpids[i] == 0) { + kidpids[i] = fpid; + procs++; + break; + } + } + if (i >= multi) { + syslog(LOG_ERR, "fatal: internal error: no free child slots"); + killall(1, kidpids); + } + break; + } + } + + /* The loop above can only break on termsig */ + OPENSSL_free(kidpids); + syslog(LOG_INFO, "terminating on signal: %d", termsig); + killall(0, kidpids); +} +# endif + static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, const EVP_MD *cert_id_md, X509 *issuer, STACK_OF(OCSP_CERTID) *ids) { OCSP_CERTID *id; - if (!issuer) { + + if (issuer == NULL) { BIO_printf(bio_err, "No issuer certificate specified\n"); return 0; } @@ -758,7 +998,7 @@ static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, if (*req == NULL) goto err; id = OCSP_cert_to_id(cert_id_md, cert, issuer); - if (!id || !sk_OCSP_CERTID_push(ids, id)) + if (id == NULL || !sk_OCSP_CERTID_push(ids, id)) goto err; if (!OCSP_request_add0_id(*req, id)) goto err; @@ -777,7 +1017,8 @@ static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509_NAME *iname; ASN1_BIT_STRING *ikey; ASN1_INTEGER *sno; - if (!issuer) { + + if (issuer == NULL) { BIO_printf(bio_err, "No issuer certificate specified\n"); return 0; } @@ -788,7 +1029,7 @@ static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, iname = X509_get_subject_name(issuer); ikey = X509_get0_pubkey_bitstr(issuer); sno = s2i_ASN1_INTEGER(NULL, serial); - if (!sno) { + if (sno == NULL) { BIO_printf(bio_err, "Error converting serial number %s\n", serial); return 0; } @@ -815,7 +1056,7 @@ static void print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req, int i, status, reason; ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd; - if (!bs || !req || !sk_OPENSSL_STRING_num(names) + if (bs == NULL || req == NULL || !sk_OPENSSL_STRING_num(names) || !sk_OCSP_CERTID_num(ids)) return; @@ -862,16 +1103,19 @@ static void print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req, } } -static void make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, - CA_DB *db, X509 *ca, X509 *rcert, +static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req, + CA_DB *db, STACK_OF(X509) *ca, X509 *rcert, EVP_PKEY *rkey, const EVP_MD *rmd, + STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(X509) *rother, unsigned long flags, int nmin, int ndays, int badsig) { ASN1_TIME *thisupd = NULL, *nextupd = NULL; - OCSP_CERTID *cid, *ca_id = NULL; + OCSP_CERTID *cid; OCSP_BASICRESP *bs = NULL; int i, id_count; + EVP_MD_CTX *mctx = NULL; + EVP_PKEY_CTX *pkctx = NULL; id_count = OCSP_request_onereq_count(req); @@ -891,6 +1135,8 @@ static void make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, OCSP_ONEREQ *one; ASN1_INTEGER *serial; char **inf; + int jj; + int found = 0; ASN1_OBJECT *cert_id_md_oid; const EVP_MD *cert_id_md; one = OCSP_request_onereq_get0(req, i); @@ -899,16 +1145,22 @@ static void make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, OCSP_id_get0_info(NULL, &cert_id_md_oid, NULL, NULL, cid); cert_id_md = EVP_get_digestbyobj(cert_id_md_oid); - if (!cert_id_md) { + if (cert_id_md == NULL) { *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR, NULL); goto end; } - OCSP_CERTID_free(ca_id); - ca_id = OCSP_cert_to_id(cert_id_md, NULL, ca); + for (jj = 0; jj < sk_X509_num(ca) && !found; jj++) { + X509 *ca_cert = sk_X509_value(ca, jj); + OCSP_CERTID *ca_id = OCSP_cert_to_id(cert_id_md, NULL, ca_cert); - /* Is this request about our CA? */ - if (OCSP_id_issuer_cmp(ca_id, cid)) { + if (OCSP_id_issuer_cmp(ca_id, cid) == 0) + found = 1; + + OCSP_CERTID_free(ca_id); + } + + if (!found) { OCSP_basic_add1_status(bs, cid, V_OCSP_CERTSTATUS_UNKNOWN, 0, NULL, thisupd, nextupd); @@ -916,15 +1168,15 @@ static void make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, } OCSP_id_get0_info(NULL, NULL, NULL, &serial, cid); inf = lookup_serial(db, serial); - if (!inf) + if (inf == NULL) { OCSP_basic_add1_status(bs, cid, V_OCSP_CERTSTATUS_UNKNOWN, 0, NULL, thisupd, nextupd); - else if (inf[DB_type][0] == DB_TYPE_VAL) + } else if (inf[DB_type][0] == DB_TYPE_VAL) { OCSP_basic_add1_status(bs, cid, V_OCSP_CERTSTATUS_GOOD, 0, NULL, thisupd, nextupd); - else if (inf[DB_type][0] == DB_TYPE_REV) { + } else if (inf[DB_type][0] == DB_TYPE_REV) { ASN1_OBJECT *inst = NULL; ASN1_TIME *revtm = NULL; ASN1_GENERALIZEDTIME *invtm = NULL; @@ -934,10 +1186,10 @@ static void make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, single = OCSP_basic_add1_status(bs, cid, V_OCSP_CERTSTATUS_REVOKED, reason, revtm, thisupd, nextupd); - if (invtm) + if (invtm != NULL) OCSP_SINGLERESP_add1_ext_i2d(single, NID_invalidity_date, invtm, 0, 0); - else if (inst) + else if (inst != NULL) OCSP_SINGLERESP_add1_ext_i2d(single, NID_hold_instruction_code, inst, 0, 0); @@ -949,7 +1201,23 @@ static void make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, OCSP_copy_nonce(bs, req); - OCSP_basic_sign(bs, rcert, rkey, rmd, rother, flags); + mctx = EVP_MD_CTX_new(); + if ( mctx == NULL || !EVP_DigestSignInit(mctx, &pkctx, rmd, NULL, rkey)) { + *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR, NULL); + goto end; + } + for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) { + char *sigopt = sk_OPENSSL_STRING_value(sigopts, i); + + if (pkey_ctrl_string(pkctx, sigopt) <= 0) { + BIO_printf(err, "parameter error \"%s\"\n", sigopt); + ERR_print_errors(bio_err); + *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR, + NULL); + goto end; + } + } + OCSP_basic_sign_ctx(bs, rcert, mctx, rother, flags); if (badsig) { const ASN1_OCTET_STRING *sig = OCSP_resp_get0_signature(bs); @@ -959,9 +1227,9 @@ static void make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs); end: + EVP_MD_CTX_free(mctx); ASN1_TIME_free(thisupd); ASN1_TIME_free(nextupd); - OCSP_CERTID_free(ca_id); OCSP_BASICRESP_free(bs); } @@ -1004,16 +1272,14 @@ static BIO *init_responder(const char *port) if (acbio == NULL || BIO_set_bind_mode(acbio, BIO_BIND_REUSEADDR) < 0 || BIO_set_accept_port(acbio, port) < 0) { - BIO_printf(bio_err, "Error setting up accept BIO\n"); - ERR_print_errors(bio_err); + log_message(LOG_ERR, "Error setting up accept BIO"); goto err; } BIO_set_accept_bios(acbio, bufbio); bufbio = NULL; if (BIO_do_accept(acbio) <= 0) { - BIO_printf(bio_err, "Error starting accept\n"); - ERR_print_errors(bio_err); + log_message(LOG_ERR, "Error starting accept"); goto err; } @@ -1052,7 +1318,16 @@ static int urldecode(char *p) } # endif -static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio) +# ifdef OCSP_DAEMON +static void sock_timeout(int signum) +{ + if (acfd != (int)INVALID_SOCKET) + (void)shutdown(acfd, SHUT_RD); +} +# endif + +static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, + int timeout) { # ifdef OPENSSL_NO_SOCK return 0; @@ -1062,27 +1337,37 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio) char inbuf[2048], reqbuf[2048]; char *p, *q; BIO *cbio = NULL, *getbio = NULL, *b64 = NULL; + const char *client; - if (BIO_do_accept(acbio) <= 0) { - BIO_printf(bio_err, "Error accepting connection\n"); - ERR_print_errors(bio_err); + *preq = NULL; + + /* Connection loss before accept() is routine, ignore silently */ + if (BIO_do_accept(acbio) <= 0) return 0; - } cbio = BIO_pop(acbio); *pcbio = cbio; + client = BIO_get_peer_name(cbio); + +# ifdef OCSP_DAEMON + if (timeout > 0) { + (void) BIO_get_fd(cbio, &acfd); + alarm(timeout); + } +# endif /* Read the request line. */ len = BIO_gets(cbio, reqbuf, sizeof(reqbuf)); if (len <= 0) - return 1; + goto out; + if (strncmp(reqbuf, "GET ", 4) == 0) { /* Expecting GET {sp} /URL {sp} HTTP/1.x */ for (p = reqbuf + 4; *p == ' '; ++p) continue; if (*p != '/') { - BIO_printf(bio_err, "Invalid request -- bad URL\n"); - return 1; + log_message(LOG_INFO, "Invalid request -- bad URL: %s", client); + goto out; } p++; @@ -1091,51 +1376,70 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio) if (*q == ' ') break; if (strncmp(q, " HTTP/1.", 8) != 0) { - BIO_printf(bio_err, "Invalid request -- bad HTTP vesion\n"); - return 1; + log_message(LOG_INFO, + "Invalid request -- bad HTTP version: %s", client); + goto out; } *q = '\0'; + + /* + * Skip "GET / HTTP..." requests often used by load-balancers + */ + if (p[1] == '\0') + goto out; + len = urldecode(p); if (len <= 0) { - BIO_printf(bio_err, "Invalid request -- bad URL encoding\n"); - return 1; + log_message(LOG_INFO, + "Invalid request -- bad URL encoding: %s", client); + goto out; } if ((getbio = BIO_new_mem_buf(p, len)) == NULL || (b64 = BIO_new(BIO_f_base64())) == NULL) { - BIO_printf(bio_err, "Could not allocate memory\n"); - ERR_print_errors(bio_err); - return 1; + log_message(LOG_ERR, "Could not allocate base64 bio: %s", client); + goto out; } BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); getbio = BIO_push(b64, getbio); } else if (strncmp(reqbuf, "POST ", 5) != 0) { - BIO_printf(bio_err, "Invalid request -- bad HTTP verb\n"); - return 1; + log_message(LOG_INFO, "Invalid request -- bad HTTP verb: %s", client); + goto out; } /* Read and skip past the headers. */ for (;;) { len = BIO_gets(cbio, inbuf, sizeof(inbuf)); if (len <= 0) - return 1; + goto out; if ((inbuf[0] == '\r') || (inbuf[0] == '\n')) break; } +# ifdef OCSP_DAEMON + /* Clear alarm before we close the client socket */ + alarm(0); + timeout = 0; +# endif + /* Try to read OCSP request */ - if (getbio) { + if (getbio != NULL) { req = d2i_OCSP_REQUEST_bio(getbio, NULL); BIO_free_all(getbio); - } else + } else { req = d2i_OCSP_REQUEST_bio(cbio, NULL); - - if (!req) { - BIO_printf(bio_err, "Error parsing OCSP request\n"); - ERR_print_errors(bio_err); } + if (req == NULL) + log_message(LOG_ERR, "Error parsing OCSP request"); + *preq = req; +out: +# ifdef OCSP_DAEMON + if (timeout > 0) + alarm(0); + acfd = (int)INVALID_SOCKET; +# endif return 1; # endif } @@ -1145,7 +1449,7 @@ static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp) char http_resp[] = "HTTP/1.0 200 OK\r\nContent-type: application/ocsp-response\r\n" "Content-Length: %d\r\n\r\n"; - if (!cbio) + if (cbio == NULL) return 0; BIO_printf(cbio, http_resp, i2d_OCSP_RESPONSE(resp, NULL)); i2d_OCSP_RESPONSE_bio(cbio, resp); @@ -1223,11 +1527,11 @@ static OCSP_RESPONSE *query_responder(BIO *cbio, const char *host, openssl_fdset(fd, &confds); tv.tv_usec = 0; tv.tv_sec = req_timeout; - if (BIO_should_read(cbio)) + if (BIO_should_read(cbio)) { rv = select(fd + 1, (void *)&confds, NULL, NULL, &tv); - else if (BIO_should_write(cbio)) + } else if (BIO_should_write(cbio)) { rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv); - else { + } else { BIO_puts(bio_err, "Unexpected retry condition\n"); goto err; } @@ -1258,11 +1562,11 @@ OCSP_RESPONSE *process_responder(OCSP_REQUEST *req, OCSP_RESPONSE *resp = NULL; cbio = BIO_new_connect(host); - if (!cbio) { + if (cbio == NULL) { BIO_printf(bio_err, "Error creating connect BIO\n"); goto end; } - if (port) + if (port != NULL) BIO_set_conn_port(cbio, port); if (use_ssl == 1) { BIO *sbio; @@ -1277,7 +1581,7 @@ OCSP_RESPONSE *process_responder(OCSP_REQUEST *req, } resp = query_responder(cbio, host, path, headers, req, req_timeout); - if (!resp) + if (resp == NULL) BIO_printf(bio_err, "Error querying OCSP responder\n"); end: BIO_free_all(cbio); diff --git a/deps/openssl/openssl/apps/openssl-vms.cnf b/deps/openssl/openssl/apps/openssl-vms.cnf index 0092a650cb97bf..178a0b0f2d3036 100644 --- a/deps/openssl/openssl/apps/openssl-vms.cnf +++ b/deps/openssl/openssl/apps/openssl-vms.cnf @@ -3,10 +3,13 @@ # This is mostly being used for generation of certificate requests. # +# Note that you can include other files from the main configuration +# file using the .include directive. +#.include filename + # This definition stops the following lines choking if HOME isn't # defined. HOME = . -RANDFILE = $ENV::HOME/.rnd # Extra OBJECT IDENTIFIER info: #oid_file = $ENV::HOME/.oid @@ -53,7 +56,6 @@ crlnumber = $dir]crlnumber. # the current crl number # must be commented out to leave a V1 CRL crl = $dir]crl.pem # The current CRL private_key = $dir.private]cakey.pem# The private key -RANDFILE = $dir.private].rand # private random number file x509_extensions = usr_cert # The extensions to add to the cert @@ -344,3 +346,5 @@ tsa_name = yes # Must the TSA name be included in the reply? # (optional, default: no) ess_cert_id_chain = no # Must the ESS cert id chain be included? # (optional, default: no) +ess_cert_id_alg = sha1 # algorithm to compute certificate + # identifier (optional, default: sha1) diff --git a/deps/openssl/openssl/apps/openssl.c b/deps/openssl/openssl/apps/openssl.c index 2607694f59ebb9..a872e2c5eeec8b 100644 --- a/deps/openssl/openssl/apps/openssl.c +++ b/deps/openssl/openssl/apps/openssl.c @@ -7,6 +7,7 @@ * https://www.openssl.org/source/license.html */ +#include #include #include #include @@ -21,26 +22,22 @@ # include #endif #include -#ifdef OPENSSL_FIPS -# include -#endif -#define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */ #include "s_apps.h" /* Needed to get the other O_xxx flags. */ #ifdef OPENSSL_SYS_VMS # include #endif -#define INCLUDE_FUNCTION_TABLE #include "apps.h" +#define INCLUDE_FUNCTION_TABLE +#include "progs.h" - -#ifdef OPENSSL_NO_CAMELLIA -# define FORMAT "%-15s" -# define COLUMNS 5 -#else -# define FORMAT "%-18s" -# define COLUMNS 4 -#endif +/* Structure to hold the number of columns to be displayed and the + * field width used to display them. + */ +typedef struct { + int columns; + int width; +} DISPLAY_COLUMNS; /* Special sentinel to exit the program. */ #define EXIT_THE_PROGRAM (-1) @@ -54,7 +51,8 @@ static LHASH_OF(FUNCTION) *prog_init(void); static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[]); static void list_pkey(void); -static void list_type(FUNC_TYPE ft); +static void list_pkey_meth(void); +static void list_type(FUNC_TYPE ft, int one); static void list_disabled(void); char *default_config_file = NULL; @@ -62,7 +60,21 @@ BIO *bio_in = NULL; BIO *bio_out = NULL; BIO *bio_err = NULL; -static int apps_startup() +static void calculate_columns(DISPLAY_COLUMNS *dc) +{ + FUNCTION *f; + int len, maxlen = 0; + + for (f = functions; f->name != NULL; ++f) + if (f->type == FT_general || f->type == FT_md || f->type == FT_cipher) + if ((len = strlen(f->name)) > maxlen) + maxlen = len; + + dc->width = maxlen + 2; + dc->columns = (80 - 1) / dc->width; +} + +static int apps_startup(void) { #ifdef SIGPIPE signal(SIGPIPE, SIG_IGN); @@ -73,21 +85,18 @@ static int apps_startup() | OPENSSL_INIT_LOAD_CONFIG, NULL)) return 0; -#ifndef OPENSSL_NO_UI setup_ui_method(); -#endif return 1; } -static void apps_shutdown() +static void apps_shutdown(void) { -#ifndef OPENSSL_NO_UI destroy_ui_method(); -#endif + destroy_prefix_method(); } -static char *make_config_name() +static char *make_config_name(void) { const char *t; size_t len; @@ -143,15 +152,8 @@ int main(int argc, char *argv[]) CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); if (getenv("OPENSSL_FIPS")) { -#ifdef OPENSSL_FIPS - if (!FIPS_mode_set(1)) { - ERR_print_errors(bio_err); - return 1; - } -#else BIO_printf(bio_err, "FIPS mode not supported.\n"); return 1; -#endif } if (!apps_startup()) { @@ -254,6 +256,7 @@ int main(int argc, char *argv[]) OPENSSL_free(default_config_file); lh_FUNCTION_free(prog); OPENSSL_free(arg.argv); + app_RAND_write(); BIO_free(bio_in); BIO_free_all(bio_out); @@ -266,19 +269,15 @@ int main(int argc, char *argv[]) EXIT(ret); } -OPTIONS exit_options[] = { - {NULL} -}; - static void list_cipher_fn(const EVP_CIPHER *c, const char *from, const char *to, void *arg) { - if (c) + if (c != NULL) { BIO_printf(arg, "%s\n", EVP_CIPHER_name(c)); - else { - if (!from) + } else { + if (from == NULL) from = ""; - if (!to) + if (to == NULL) to = ""; BIO_printf(arg, "%s => %s\n", from, to); } @@ -287,27 +286,74 @@ static void list_cipher_fn(const EVP_CIPHER *c, static void list_md_fn(const EVP_MD *m, const char *from, const char *to, void *arg) { - if (m) + if (m != NULL) { BIO_printf(arg, "%s\n", EVP_MD_name(m)); - else { - if (!from) + } else { + if (from == NULL) from = ""; - if (!to) + if (to == NULL) to = ""; BIO_printf((BIO *)arg, "%s => %s\n", from, to); } } +static void list_missing_help(void) +{ + const FUNCTION *fp; + const OPTIONS *o; + + for (fp = functions; fp->name != NULL; fp++) { + if ((o = fp->help) != NULL) { + /* If there is help, list what flags are not documented. */ + for ( ; o->name != NULL; o++) { + if (o->helpstr == NULL) + BIO_printf(bio_out, "%s %s\n", fp->name, o->name); + } + } else if (fp->func != dgst_main) { + /* If not aliased to the dgst command, */ + BIO_printf(bio_out, "%s *\n", fp->name); + } + } +} + +static void list_options_for_command(const char *command) +{ + const FUNCTION *fp; + const OPTIONS *o; + + for (fp = functions; fp->name != NULL; fp++) + if (strcmp(fp->name, command) == 0) + break; + if (fp->name == NULL) { + BIO_printf(bio_err, "Invalid command '%s'; type \"help\" for a list.\n", + command); + return; + } + + if ((o = fp->help) == NULL) + return; + + for ( ; o->name != NULL; o++) { + if (o->name == OPT_HELP_STR + || o->name == OPT_MORE_STR + || o->name[0] == '\0') + continue; + BIO_printf(bio_out, "%s %c\n", o->name, o->valtype); + } +} + + /* Unified enum for help and list commands. */ typedef enum HELPLIST_CHOICE { - OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, - OPT_COMMANDS, OPT_DIGEST_COMMANDS, + OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ONE, + OPT_COMMANDS, OPT_DIGEST_COMMANDS, OPT_OPTIONS, OPT_DIGEST_ALGORITHMS, OPT_CIPHER_COMMANDS, OPT_CIPHER_ALGORITHMS, - OPT_PK_ALGORITHMS, OPT_DISABLED + OPT_PK_ALGORITHMS, OPT_PK_METHOD, OPT_DISABLED, OPT_MISSING_HELP } HELPLIST_CHOICE; -OPTIONS list_options[] = { +const OPTIONS list_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, + {"1", OPT_ONE, '-', "List in one column"}, {"commands", OPT_COMMANDS, '-', "List of standard commands"}, {"digest-commands", OPT_DIGEST_COMMANDS, '-', "List of message digest commands"}, @@ -318,8 +364,14 @@ OPTIONS list_options[] = { "List of cipher algorithms"}, {"public-key-algorithms", OPT_PK_ALGORITHMS, '-', "List of public key algorithms"}, + {"public-key-methods", OPT_PK_METHOD, '-', + "List of public key methods"}, {"disabled", OPT_DISABLED, '-', "List of disabled features"}, + {"missing-help", OPT_MISSING_HELP, '-', + "List missing detailed help strings"}, + {"options", OPT_OPTIONS, 's', + "List options for specified command"}, {NULL} }; @@ -327,7 +379,7 @@ int list_main(int argc, char **argv) { char *prog; HELPLIST_CHOICE o; - int done = 0; + int one = 0, done = 0; prog = opt_init(argc, argv, list_options); while ((o = opt_next()) != OPT_EOF) { @@ -340,17 +392,20 @@ int list_main(int argc, char **argv) case OPT_HELP: opt_help(list_options); break; + case OPT_ONE: + one = 1; + break; case OPT_COMMANDS: - list_type(FT_general); + list_type(FT_general, one); break; case OPT_DIGEST_COMMANDS: - list_type(FT_md); + list_type(FT_md, one); break; case OPT_DIGEST_ALGORITHMS: EVP_MD_do_all_sorted(list_md_fn, bio_out); break; case OPT_CIPHER_COMMANDS: - list_type(FT_cipher); + list_type(FT_cipher, one); break; case OPT_CIPHER_ALGORITHMS: EVP_CIPHER_do_all_sorted(list_cipher_fn, bio_out); @@ -358,9 +413,18 @@ int list_main(int argc, char **argv) case OPT_PK_ALGORITHMS: list_pkey(); break; + case OPT_PK_METHOD: + list_pkey_meth(); + break; case OPT_DISABLED: list_disabled(); break; + case OPT_MISSING_HELP: + list_missing_help(); + break; + case OPT_OPTIONS: + list_options_for_command(opt_arg()); + break; } done = 1; } @@ -375,42 +439,60 @@ int list_main(int argc, char **argv) return 0; } -OPTIONS help_options[] = { - {"help", OPT_HELP, '-', "Display this summary"}, +typedef enum HELP_CHOICE { + OPT_hERR = -1, OPT_hEOF = 0, OPT_hHELP +} HELP_CHOICE; + +const OPTIONS help_options[] = { + {OPT_HELP_STR, 1, '-', "Usage: help [options]\n"}, + {OPT_HELP_STR, 1, '-', " help [command]\n"}, + {"help", OPT_hHELP, '-', "Display this summary"}, {NULL} }; + int help_main(int argc, char **argv) { FUNCTION *fp; int i, nl; FUNC_TYPE tp; char *prog; - HELPLIST_CHOICE o; + HELP_CHOICE o; + DISPLAY_COLUMNS dc; prog = opt_init(argc, argv, help_options); - while ((o = opt_next()) != OPT_EOF) { + while ((o = opt_next()) != OPT_hEOF) { switch (o) { - default: + case OPT_hERR: + case OPT_hEOF: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); return 1; - case OPT_HELP: + case OPT_hHELP: opt_help(help_options); return 0; } } + if (opt_num_rest() == 1) { + char *new_argv[3]; + + new_argv[0] = opt_rest()[0]; + new_argv[1] = "--help"; + new_argv[2] = NULL; + return do_cmd(prog_init(), 2, new_argv); + } if (opt_num_rest() != 0) { BIO_printf(bio_err, "Usage: %s\n", prog); return 1; } - BIO_printf(bio_err, "\nStandard commands"); + calculate_columns(&dc); + BIO_printf(bio_err, "Standard commands"); i = 0; tp = FT_none; for (fp = functions; fp->name != NULL; fp++) { nl = 0; - if (((i++) % COLUMNS) == 0) { + if (i++ % dc.columns == 0) { BIO_printf(bio_err, "\n"); nl = 1; } @@ -428,29 +510,35 @@ int help_main(int argc, char **argv) "\nCipher commands (see the `enc' command for more details)\n"); } } - BIO_printf(bio_err, FORMAT, fp->name); + BIO_printf(bio_err, "%-*s", dc.width, fp->name); } BIO_printf(bio_err, "\n\n"); return 0; } -int exit_main(int argc, char **argv) -{ - return EXIT_THE_PROGRAM; -} - -static void list_type(FUNC_TYPE ft) +static void list_type(FUNC_TYPE ft, int one) { FUNCTION *fp; int i = 0; + DISPLAY_COLUMNS dc = {0}; - for (fp = functions; fp->name != NULL; fp++) - if (fp->type == ft) { - if ((i++ % COLUMNS) == 0) + if (!one) + calculate_columns(&dc); + + for (fp = functions; fp->name != NULL; fp++) { + if (fp->type != ft) + continue; + if (one) { + BIO_printf(bio_out, "%s\n", fp->name); + } else { + if (i % dc.columns == 0 && i > 0) BIO_printf(bio_out, "\n"); - BIO_printf(bio_out, FORMAT, fp->name); + BIO_printf(bio_out, "%-*s", dc.width, fp->name); + i++; } - BIO_printf(bio_out, "\n"); + } + if (!one) + BIO_printf(bio_out, "\n\n"); } static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[]) @@ -458,7 +546,7 @@ static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[]) FUNCTION f, *fp; if (argc <= 0 || argv[0] == NULL) - return (0); + return 0; f.name = argv[0]; fp = lh_FUNCTION_retrieve(prog, &f); if (fp == NULL) { @@ -473,7 +561,7 @@ static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[]) } } if (fp != NULL) { - return (fp->func(argc, argv)); + return fp->func(argc, argv); } if ((strncmp(argv[0], "no-", 3)) == 0) { /* @@ -483,7 +571,7 @@ static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[]) f.name = argv[0] + 3; if (lh_FUNCTION_retrieve(prog, &f) == NULL) { BIO_printf(bio_out, "%s\n", argv[0]); - return (0); + return 0; } BIO_printf(bio_out, "%s\n", argv[0] + 3); return 1; @@ -495,7 +583,7 @@ static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[]) BIO_printf(bio_err, "Invalid command '%s'; type \"help\" for a list.\n", argv[0]); - return (1); + return 1; } static void list_pkey(void) @@ -527,6 +615,22 @@ static void list_pkey(void) } } +static void list_pkey_meth(void) +{ + size_t i; + size_t meth_count = EVP_PKEY_meth_get_count(); + + for (i = 0; i < meth_count; i++) { + const EVP_PKEY_METHOD *pmeth = EVP_PKEY_meth_get0(i); + int pkey_id, pkey_flags; + + EVP_PKEY_meth_get0_info(&pkey_id, &pkey_flags, pmeth); + BIO_printf(bio_out, "%s\n", OBJ_nid2ln(pkey_id)); + BIO_printf(bio_out, "\tType: %s Algorithm\n", + pkey_flags & ASN1_PKEY_DYNAMIC ? "External" : "Builtin"); + } +} + static int function_cmp(const FUNCTION * a, const FUNCTION * b) { return strncmp(a->name, b->name, 8); @@ -550,6 +654,9 @@ static int SortFnByName(const void *_f1, const void *_f2) static void list_disabled(void) { BIO_puts(bio_out, "Disabled algorithms:\n"); +#ifdef OPENSSL_NO_ARIA + BIO_puts(bio_out, "ARIA\n"); +#endif #ifdef OPENSSL_NO_BF BIO_puts(bio_out, "BF\n"); #endif @@ -655,6 +762,15 @@ static void list_disabled(void) #ifdef OPENSSL_NO_SEED BIO_puts(bio_out, "SEED\n"); #endif +#ifdef OPENSSL_NO_SM2 + BIO_puts(bio_out, "SM2\n"); +#endif +#ifdef OPENSSL_NO_SM3 + BIO_puts(bio_out, "SM3\n"); +#endif +#ifdef OPENSSL_NO_SM4 + BIO_puts(bio_out, "SM4\n"); +#endif #ifdef OPENSSL_NO_SOCK BIO_puts(bio_out, "SOCK\n"); #endif @@ -686,18 +802,25 @@ static void list_disabled(void) static LHASH_OF(FUNCTION) *prog_init(void) { - LHASH_OF(FUNCTION) *ret; + static LHASH_OF(FUNCTION) *ret = NULL; + static int prog_inited = 0; FUNCTION *f; size_t i; + if (prog_inited) + return ret; + + prog_inited = 1; + /* Sort alphabetically within category. For nicer help displays. */ - for (i = 0, f = functions; f->name != NULL; ++f, ++i) ; + for (i = 0, f = functions; f->name != NULL; ++f, ++i) + ; qsort(functions, i, sizeof(*functions), SortFnByName); if ((ret = lh_FUNCTION_new(function_hash, function_cmp)) == NULL) - return (NULL); + return NULL; for (f = functions; f->name != NULL; f++) (void)lh_FUNCTION_insert(ret, f); - return (ret); + return ret; } diff --git a/deps/openssl/openssl/apps/openssl.cnf b/deps/openssl/openssl/apps/openssl.cnf index b3e7444e5f22ef..6df2878d502155 100644 --- a/deps/openssl/openssl/apps/openssl.cnf +++ b/deps/openssl/openssl/apps/openssl.cnf @@ -3,10 +3,13 @@ # This is mostly being used for generation of certificate requests. # +# Note that you can include other files from the main configuration +# file using the .include directive. +#.include filename + # This definition stops the following lines choking if HOME isn't # defined. HOME = . -RANDFILE = $ENV::HOME/.rnd # Extra OBJECT IDENTIFIER info: #oid_file = $ENV::HOME/.oid @@ -53,7 +56,6 @@ crlnumber = $dir/crlnumber # the current crl number # must be commented out to leave a V1 CRL crl = $dir/crl.pem # The current CRL private_key = $dir/private/cakey.pem# The private key -RANDFILE = $dir/private/.rand # private random number file x509_extensions = usr_cert # The extensions to add to the cert @@ -344,3 +346,5 @@ tsa_name = yes # Must the TSA name be included in the reply? # (optional, default: no) ess_cert_id_chain = no # Must the ESS cert id chain be included? # (optional, default: no) +ess_cert_id_alg = sha1 # algorithm to compute certificate + # identifier (optional, default: sha1) diff --git a/deps/openssl/openssl/apps/opt.c b/deps/openssl/openssl/apps/opt.c index 6e40f6480b4467..666856535d5ed4 100644 --- a/deps/openssl/openssl/apps/opt.c +++ b/deps/openssl/openssl/apps/opt.c @@ -1,13 +1,11 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ - -/* #define COMPILE_STANDALONE_TEST_DRIVER */ #include "apps.h" #include #if !defined(OPENSSL_SYS_MSDOS) @@ -170,7 +168,6 @@ static OPT_PAIR formats[] = { {"smime", OPT_FMT_SMIME}, {"engine", OPT_FMT_ENGINE}, {"msblob", OPT_FMT_MSBLOB}, - {"netscape", OPT_FMT_NETSCAPE}, {"nss", OPT_FMT_NSS}, {"text", OPT_FMT_TEXT}, {"http", OPT_FMT_HTTP}, @@ -183,10 +180,10 @@ int opt_format_error(const char *s, unsigned long flags) { OPT_PAIR *ap; - if (flags == OPT_FMT_PEMDER) + if (flags == OPT_FMT_PEMDER) { BIO_printf(bio_err, "%s: Bad format \"%s\"; must be pem or der\n", prog, s); - else { + } else { BIO_printf(bio_err, "%s: Bad format \"%s\"; must be one of:\n", prog, s); for (ap = formats; ap->name; ap++) @@ -266,8 +263,9 @@ int opt_format(const char *s, unsigned long flags, int *result) if ((flags & OPT_FMT_PKCS12) == 0) return opt_format_error(s, flags); *result = FORMAT_PKCS12; - } else + } else { return 0; + } break; } return 1; @@ -277,9 +275,9 @@ int opt_format(const char *s, unsigned long flags, int *result) int opt_cipher(const char *name, const EVP_CIPHER **cipherp) { *cipherp = EVP_get_cipherbyname(name); - if (*cipherp) + if (*cipherp != NULL) return 1; - BIO_printf(bio_err, "%s: Unknown cipher %s\n", prog, name); + BIO_printf(bio_err, "%s: Unrecognized flag %s\n", prog, name); return 0; } @@ -289,9 +287,9 @@ int opt_cipher(const char *name, const EVP_CIPHER **cipherp) int opt_md(const char *name, const EVP_MD **mdp) { *mdp = EVP_get_digestbyname(name); - if (*mdp) + if (*mdp != NULL) return 1; - BIO_printf(bio_err, "%s: Unknown digest %s\n", prog, name); + BIO_printf(bio_err, "%s: Unrecognized flag %s\n", prog, name); return 0; } @@ -327,6 +325,30 @@ int opt_int(const char *value, int *result) return 1; } +static void opt_number_error(const char *v) +{ + size_t i = 0; + struct strstr_pair_st { + char *prefix; + char *name; + } b[] = { + {"0x", "a hexadecimal"}, + {"0X", "a hexadecimal"}, + {"0", "an octal"} + }; + + for (i = 0; i < OSSL_NELEM(b); i++) { + if (strncmp(v, b[i].prefix, strlen(b[i].prefix)) == 0) { + BIO_printf(bio_err, + "%s: Can't parse \"%s\" as %s number\n", + prog, v, b[i].name); + return; + } + } + BIO_printf(bio_err, "%s: Can't parse \"%s\" as a number\n", prog, v); + return; +} + /* Parse a long, put it into *result; return 0 on failure, else 1. */ int opt_long(const char *value, long *result) { @@ -340,8 +362,7 @@ int opt_long(const char *value, long *result) || endp == value || ((l == LONG_MAX || l == LONG_MIN) && errno == ERANGE) || (l == 0 && errno != 0)) { - BIO_printf(bio_err, "%s: Can't parse \"%s\" as a number\n", - prog, value); + opt_number_error(value); errno = oerrno; return 0; } @@ -366,8 +387,7 @@ int opt_imax(const char *value, intmax_t *result) || endp == value || ((m == INTMAX_MAX || m == INTMAX_MIN) && errno == ERANGE) || (m == 0 && errno != 0)) { - BIO_printf(bio_err, "%s: Can't parse \"%s\" as a number\n", - prog, value); + opt_number_error(value); errno = oerrno; return 0; } @@ -389,8 +409,7 @@ int opt_umax(const char *value, uintmax_t *result) || endp == value || (m == UINTMAX_MAX && errno == ERANGE) || (m == 0 && errno != 0)) { - BIO_printf(bio_err, "%s: Can't parse \"%s\" as a number\n", - prog, value); + opt_number_error(value); errno = oerrno; return 0; } @@ -415,8 +434,7 @@ int opt_ulong(const char *value, unsigned long *result) || endptr == value || ((l == ULONG_MAX) && errno == ERANGE) || (l == 0 && errno != 0)) { - BIO_printf(bio_err, "%s: Can't parse \"%s\" as an unsigned number\n", - prog, value); + opt_number_error(value); errno = oerrno; return 0; } @@ -657,26 +675,16 @@ int opt_next(void) /* Just a string. */ break; case '/': - if (app_isdir(arg) >= 0) + if (app_isdir(arg) > 0) break; BIO_printf(bio_err, "%s: Not a directory: %s\n", prog, arg); return -1; case '<': /* Input file. */ - if (strcmp(arg, "-") == 0 || app_access(arg, R_OK) >= 0) - break; - BIO_printf(bio_err, - "%s: Cannot open input file %s, %s\n", - prog, arg, strerror(errno)); - return -1; + break; case '>': /* Output file. */ - if (strcmp(arg, "-") == 0 || app_access(arg, W_OK) >= 0 || errno == ENOENT) - break; - BIO_printf(bio_err, - "%s: Cannot open output file %s, %s\n", - prog, arg, strerror(errno)); - return -1; + break; case 'p': case 'n': if (!opt_int(arg, &ival) @@ -888,90 +896,3 @@ void opt_help(const OPTIONS *list) BIO_printf(bio_err, "%s %s\n", start, help); } } - -#ifdef COMPILE_STANDALONE_TEST_DRIVER -# include - -typedef enum OPTION_choice { - OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, - OPT_IN, OPT_INFORM, OPT_OUT, OPT_COUNT, OPT_U, OPT_FLAG, - OPT_STR, OPT_NOTUSED -} OPTION_CHOICE; - -static OPTIONS options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s flags\n"}, - {OPT_HELP_STR, 1, '-', "Valid options are:\n"}, - {"help", OPT_HELP, '-', "Display this summary"}, - {"in", OPT_IN, '<', "input file"}, - {OPT_MORE_STR, 1, '-', "more detail about input"}, - {"inform", OPT_INFORM, 'f', "input file format; defaults to pem"}, - {"out", OPT_OUT, '>', "output file"}, - {"count", OPT_COUNT, 'p', "a counter greater than zero"}, - {"u", OPT_U, 'u', "an unsigned number"}, - {"flag", OPT_FLAG, 0, "just some flag"}, - {"str", OPT_STR, 's', "the magic word"}, - {"areallyverylongoption", OPT_HELP, '-', "long way for help"}, - {NULL} -}; - -BIO *bio_err; - -int app_isdir(const char *name) -{ - struct stat sb; - - return name != NULL && stat(name, &sb) >= 0 && S_ISDIR(sb.st_mode); -} - -int main(int ac, char **av) -{ - OPTION_CHOICE o; - char **rest; - char *prog; - - bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); - - prog = opt_init(ac, av, options); - while ((o = opt_next()) != OPT_EOF) { - switch (c) { - case OPT_NOTUSED: - case OPT_EOF: - case OPT_ERR: - printf("%s: Usage error; try -help.\n", prog); - return 1; - case OPT_HELP: - opt_help(options); - return 0; - case OPT_IN: - printf("in %s\n", opt_arg()); - break; - case OPT_INFORM: - printf("inform %s\n", opt_arg()); - break; - case OPT_OUT: - printf("out %s\n", opt_arg()); - break; - case OPT_COUNT: - printf("count %s\n", opt_arg()); - break; - case OPT_U: - printf("u %s\n", opt_arg()); - break; - case OPT_FLAG: - printf("flag\n"); - break; - case OPT_STR: - printf("str %s\n", opt_arg()); - break; - } - } - argc = opt_num_rest(); - argv = opt_rest(); - - printf("args = %d\n", argc); - if (argc) - while (*argv) - printf(" %s\n", *argv++); - return 0; -} -#endif diff --git a/deps/openssl/openssl/apps/passwd.c b/deps/openssl/openssl/apps/passwd.c index f2b0d9a29d1c0e..aa516c874e656f 100644 --- a/deps/openssl/openssl/apps/passwd.c +++ b/deps/openssl/openssl/apps/passwd.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,26 +7,20 @@ * https://www.openssl.org/source/license.html */ -#if defined OPENSSL_NO_MD5 || defined CHARSET_EBCDIC -# define NO_MD5CRYPT_1 -#endif - -#if !defined(OPENSSL_NO_DES) || !defined(NO_MD5CRYPT_1) - -# include +#include -# include "apps.h" +#include "apps.h" +#include "progs.h" -# include -# include -# include -# include -# ifndef OPENSSL_NO_DES -# include -# endif -# ifndef NO_MD5CRYPT_1 -# include -# endif +#include +#include +#include +#include +#ifndef OPENSSL_NO_DES +# include +#endif +#include +#include static unsigned const char cov_2char[64] = { /* from crypto/des/fcrypt.c */ @@ -40,19 +34,31 @@ static unsigned const char cov_2char[64] = { 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A }; +static const char ascii_dollar[] = { 0x24, 0x00 }; + +typedef enum { + passwd_unset = 0, + passwd_crypt, + passwd_md5, + passwd_apr1, + passwd_sha256, + passwd_sha512, + passwd_aixmd5 +} passwd_modes; + static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, char *passwd, BIO *out, int quiet, int table, - int reverse, size_t pw_maxlen, int usecrypt, int use1, - int useapr1); + int reverse, size_t pw_maxlen, passwd_modes mode); typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_IN, OPT_NOVERIFY, OPT_QUIET, OPT_TABLE, OPT_REVERSE, OPT_APR1, - OPT_1, OPT_CRYPT, OPT_SALT, OPT_STDIN + OPT_1, OPT_5, OPT_6, OPT_CRYPT, OPT_AIXMD5, OPT_SALT, OPT_STDIN, + OPT_R_ENUM } OPTION_CHOICE; -OPTIONS passwd_options[] = { +const OPTIONS passwd_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, {"in", OPT_IN, '<', "Read passwords from file"}, {"noverify", OPT_NOVERIFY, '-', @@ -62,13 +68,15 @@ OPTIONS passwd_options[] = { {"reverse", OPT_REVERSE, '-', "Switch table columns"}, {"salt", OPT_SALT, 's', "Use provided salt"}, {"stdin", OPT_STDIN, '-', "Read passwords from stdin"}, -# ifndef NO_MD5CRYPT_1 + {"6", OPT_6, '-', "SHA512-based password algorithm"}, + {"5", OPT_5, '-', "SHA256-based password algorithm"}, {"apr1", OPT_APR1, '-', "MD5-based password algorithm, Apache variant"}, {"1", OPT_1, '-', "MD5-based password algorithm"}, -# endif -# ifndef OPENSSL_NO_DES + {"aixmd5", OPT_AIXMD5, '-', "AIX MD5-based password algorithm"}, +#ifndef OPENSSL_NO_DES {"crypt", OPT_CRYPT, '-', "Standard Unix password algorithm (default)"}, -# endif +#endif + OPT_R_OPTIONS, {NULL} }; @@ -79,12 +87,15 @@ int passwd_main(int argc, char **argv) char *salt_malloc = NULL, *passwd_malloc = NULL, *prog; OPTION_CHOICE o; int in_stdin = 0, pw_source_defined = 0; -# ifndef OPENSSL_NO_UI +#ifndef OPENSSL_NO_UI_CONSOLE int in_noverify = 0; -# endif +#endif int passed_salt = 0, quiet = 0, table = 0, reverse = 0; - int ret = 1, usecrypt = 0, use1 = 0, useapr1 = 0; - size_t passwd_malloc_size = 0, pw_maxlen = 256; + int ret = 1; + passwd_modes mode = passwd_unset; + size_t passwd_malloc_size = 0; + size_t pw_maxlen = 256; /* arbitrary limit, should be enough for most + * passwords */ prog = opt_init(argc, argv, passwd_options); while ((o = opt_next()) != OPT_EOF) { @@ -105,9 +116,9 @@ int passwd_main(int argc, char **argv) pw_source_defined = 1; break; case OPT_NOVERIFY: -# ifndef OPENSSL_NO_UI +#ifndef OPENSSL_NO_UI_CONSOLE in_noverify = 1; -# endif +#endif break; case OPT_QUIET: quiet = 1; @@ -119,13 +130,36 @@ int passwd_main(int argc, char **argv) reverse = 1; break; case OPT_1: - use1 = 1; + if (mode != passwd_unset) + goto opthelp; + mode = passwd_md5; + break; + case OPT_5: + if (mode != passwd_unset) + goto opthelp; + mode = passwd_sha256; + break; + case OPT_6: + if (mode != passwd_unset) + goto opthelp; + mode = passwd_sha512; break; case OPT_APR1: - useapr1 = 1; + if (mode != passwd_unset) + goto opthelp; + mode = passwd_apr1; + break; + case OPT_AIXMD5: + if (mode != passwd_unset) + goto opthelp; + mode = passwd_aixmd5; break; case OPT_CRYPT: - usecrypt = 1; +#ifndef OPENSSL_NO_DES + if (mode != passwd_unset) + goto opthelp; + mode = passwd_crypt; +#endif break; case OPT_SALT: passed_salt = 1; @@ -137,35 +171,31 @@ int passwd_main(int argc, char **argv) in_stdin = 1; pw_source_defined = 1; break; + case OPT_R_CASES: + if (!opt_rand(o)) + goto end; + break; } } argc = opt_num_rest(); argv = opt_rest(); - if (*argv) { + if (*argv != NULL) { if (pw_source_defined) goto opthelp; pw_source_defined = 1; passwds = argv; } - if (!usecrypt && !use1 && !useapr1) { + if (mode == passwd_unset) { /* use default */ - usecrypt = 1; - } - if (usecrypt + use1 + useapr1 > 1) { - /* conflict */ - goto opthelp; + mode = passwd_crypt; } -# ifdef OPENSSL_NO_DES - if (usecrypt) - goto opthelp; -# endif -# ifdef NO_MD5CRYPT_1 - if (use1 || useapr1) +#ifdef OPENSSL_NO_DES + if (mode == passwd_crypt) goto opthelp; -# endif +#endif if (infile != NULL && in_stdin) { BIO_printf(bio_err, "%s: Can't combine -in and -stdin\n", prog); @@ -182,11 +212,8 @@ int passwd_main(int argc, char **argv) goto end; } - if (usecrypt) + if (mode == passwd_crypt) pw_maxlen = 8; - else if (use1 || useapr1) - pw_maxlen = 256; /* arbitrary limit, should be enough for most - * passwords */ if (passwds == NULL) { /* no passwords on the command line */ @@ -204,7 +231,7 @@ int passwd_main(int argc, char **argv) * avoid rot of not-frequently-used code. */ if (1) { -# ifndef OPENSSL_NO_UI +#ifndef OPENSSL_NO_UI_CONSOLE /* build a null-terminated list */ static char *passwds_static[2] = { NULL, NULL }; @@ -217,7 +244,7 @@ int passwd_main(int argc, char **argv) } passwds[0] = passwd_malloc; } else { -# endif +#endif BIO_printf(bio_err, "password required\n"); goto end; } @@ -230,8 +257,7 @@ int passwd_main(int argc, char **argv) do { /* loop over list of passwords */ passwd = *passwds++; if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, bio_out, - quiet, table, reverse, pw_maxlen, usecrypt, use1, - useapr1)) + quiet, table, reverse, pw_maxlen, mode)) goto end; } while (*passwds != NULL); } else { @@ -255,7 +281,7 @@ int passwd_main(int argc, char **argv) if (!do_passwd (passed_salt, &salt, &salt_malloc, passwd, bio_out, quiet, - table, reverse, pw_maxlen, usecrypt, use1, useapr1)) + table, reverse, pw_maxlen, mode)) goto end; } done = (r <= 0); @@ -264,14 +290,15 @@ int passwd_main(int argc, char **argv) ret = 0; end: +#if 0 ERR_print_errors(bio_err); +#endif OPENSSL_free(salt_malloc); OPENSSL_free(passwd_malloc); BIO_free(in); - return (ret); + return ret; } -# ifndef NO_MD5CRYPT_1 /* * MD5-based password algorithm (should probably be available as a library * function; then the static buffer would not be acceptable). For magic @@ -286,6 +313,9 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) /* "$apr1$..salt..$.......md5hash..........\0" */ static char out_buf[6 + 9 + 24 + 2]; unsigned char buf[MD5_DIGEST_LENGTH]; + char ascii_magic[5]; /* "apr1" plus '\0' */ + char ascii_salt[9]; /* Max 8 chars plus '\0' */ + char *ascii_passwd = NULL; char *salt_out; int n; unsigned int i; @@ -293,41 +323,72 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) size_t passwd_len, salt_len, magic_len; passwd_len = strlen(passwd); - out_buf[0] = '$'; - out_buf[1] = 0; + + out_buf[0] = 0; magic_len = strlen(magic); + OPENSSL_strlcpy(ascii_magic, magic, sizeof(ascii_magic)); +#ifdef CHARSET_EBCDIC + if ((magic[0] & 0x80) != 0) /* High bit is 1 in EBCDIC alnums */ + ebcdic2ascii(ascii_magic, ascii_magic, magic_len); +#endif - if (magic_len > 4) /* assert it's "1" or "apr1" */ + /* The salt gets truncated to 8 chars */ + OPENSSL_strlcpy(ascii_salt, salt, sizeof(ascii_salt)); + salt_len = strlen(ascii_salt); +#ifdef CHARSET_EBCDIC + ebcdic2ascii(ascii_salt, ascii_salt, salt_len); +#endif + +#ifdef CHARSET_EBCDIC + ascii_passwd = OPENSSL_strdup(passwd); + if (ascii_passwd == NULL) return NULL; + ebcdic2ascii(ascii_passwd, ascii_passwd, passwd_len); + passwd = ascii_passwd; +#endif + + if (magic_len > 0) { + OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf)); + + if (magic_len > 4) /* assert it's "1" or "apr1" */ + goto err; + + OPENSSL_strlcat(out_buf, ascii_magic, sizeof(out_buf)); + OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf)); + } - OPENSSL_strlcat(out_buf, magic, sizeof(out_buf)); - OPENSSL_strlcat(out_buf, "$", sizeof(out_buf)); - OPENSSL_strlcat(out_buf, salt, sizeof(out_buf)); + OPENSSL_strlcat(out_buf, ascii_salt, sizeof(out_buf)); if (strlen(out_buf) > 6 + 8) /* assert "$apr1$..salt.." */ - return NULL; + goto err; - salt_out = out_buf + 2 + magic_len; - salt_len = strlen(salt_out); + salt_out = out_buf; + if (magic_len > 0) + salt_out += 2 + magic_len; if (salt_len > 8) - return NULL; + goto err; md = EVP_MD_CTX_new(); if (md == NULL || !EVP_DigestInit_ex(md, EVP_md5(), NULL) - || !EVP_DigestUpdate(md, passwd, passwd_len) - || !EVP_DigestUpdate(md, "$", 1) - || !EVP_DigestUpdate(md, magic, magic_len) - || !EVP_DigestUpdate(md, "$", 1) - || !EVP_DigestUpdate(md, salt_out, salt_len)) + || !EVP_DigestUpdate(md, passwd, passwd_len)) + goto err; + + if (magic_len > 0) + if (!EVP_DigestUpdate(md, ascii_dollar, 1) + || !EVP_DigestUpdate(md, ascii_magic, magic_len) + || !EVP_DigestUpdate(md, ascii_dollar, 1)) + goto err; + + if (!EVP_DigestUpdate(md, ascii_salt, salt_len)) goto err; md2 = EVP_MD_CTX_new(); if (md2 == NULL || !EVP_DigestInit_ex(md2, EVP_md5(), NULL) || !EVP_DigestUpdate(md2, passwd, passwd_len) - || !EVP_DigestUpdate(md2, salt_out, salt_len) + || !EVP_DigestUpdate(md2, ascii_salt, salt_len) || !EVP_DigestUpdate(md2, passwd, passwd_len) || !EVP_DigestFinal_ex(md2, buf, NULL)) goto err; @@ -356,7 +417,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) (i & 1) ? passwd_len : sizeof(buf))) goto err; if (i % 3) { - if (!EVP_DigestUpdate(md2, salt_out, salt_len)) + if (!EVP_DigestUpdate(md2, ascii_salt, salt_len)) goto err; } if (i % 7) { @@ -387,15 +448,15 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) buf_perm[dest] = buf[source]; buf_perm[14] = buf[5]; buf_perm[15] = buf[11]; -# ifndef PEDANTIC /* Unfortunately, this generates a "no +# ifndef PEDANTIC /* Unfortunately, this generates a "no * effect" warning */ assert(16 == sizeof(buf_perm)); -# endif +# endif output = salt_out + salt_len; assert(output == out_buf + strlen(out_buf)); - *output++ = '$'; + *output++ = ascii_dollar[0]; for (i = 0; i < 15; i += 3) { *output++ = cov_2char[buf_perm[i + 2] & 0x3f]; @@ -410,21 +471,309 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) *output++ = cov_2char[buf_perm[i] >> 6]; *output = 0; assert(strlen(out_buf) < sizeof(out_buf)); +#ifdef CHARSET_EBCDIC + ascii2ebcdic(out_buf, out_buf, strlen(out_buf)); +#endif } return out_buf; err: + OPENSSL_free(ascii_passwd); EVP_MD_CTX_free(md2); EVP_MD_CTX_free(md); return NULL; } -# endif + +/* + * SHA based password algorithm, describe by Ulrich Drepper here: + * https://www.akkadia.org/drepper/SHA-crypt.txt + * (note that it's in the public domain) + */ +static char *shacrypt(const char *passwd, const char *magic, const char *salt) +{ + /* Prefix for optional rounds specification. */ + static const char rounds_prefix[] = "rounds="; + /* Maximum salt string length. */ +# define SALT_LEN_MAX 16 + /* Default number of rounds if not explicitly specified. */ +# define ROUNDS_DEFAULT 5000 + /* Minimum number of rounds. */ +# define ROUNDS_MIN 1000 + /* Maximum number of rounds. */ +# define ROUNDS_MAX 999999999 + + /* "$6$rounds=$......salt......$...shahash(up to 86 chars)...\0" */ + static char out_buf[3 + 17 + 17 + 86 + 1]; + unsigned char buf[SHA512_DIGEST_LENGTH]; + unsigned char temp_buf[SHA512_DIGEST_LENGTH]; + size_t buf_size = 0; + char ascii_magic[2]; + char ascii_salt[17]; /* Max 16 chars plus '\0' */ + char *ascii_passwd = NULL; + size_t n; + EVP_MD_CTX *md = NULL, *md2 = NULL; + const EVP_MD *sha = NULL; + size_t passwd_len, salt_len, magic_len; + unsigned int rounds = 5000; /* Default */ + char rounds_custom = 0; + char *p_bytes = NULL; + char *s_bytes = NULL; + char *cp = NULL; + + passwd_len = strlen(passwd); + magic_len = strlen(magic); + + /* assert it's "5" or "6" */ + if (magic_len != 1) + return NULL; + + switch (magic[0]) { + case '5': + sha = EVP_sha256(); + buf_size = 32; + break; + case '6': + sha = EVP_sha512(); + buf_size = 64; + break; + default: + return NULL; + } + + if (strncmp(salt, rounds_prefix, sizeof(rounds_prefix) - 1) == 0) { + const char *num = salt + sizeof(rounds_prefix) - 1; + char *endp; + unsigned long int srounds = strtoul (num, &endp, 10); + if (*endp == '$') { + salt = endp + 1; + if (srounds > ROUNDS_MAX) + rounds = ROUNDS_MAX; + else if (srounds < ROUNDS_MIN) + rounds = ROUNDS_MIN; + else + rounds = (unsigned int)srounds; + rounds_custom = 1; + } else { + return NULL; + } + } + + OPENSSL_strlcpy(ascii_magic, magic, sizeof(ascii_magic)); +#ifdef CHARSET_EBCDIC + if ((magic[0] & 0x80) != 0) /* High bit is 1 in EBCDIC alnums */ + ebcdic2ascii(ascii_magic, ascii_magic, magic_len); +#endif + + /* The salt gets truncated to 16 chars */ + OPENSSL_strlcpy(ascii_salt, salt, sizeof(ascii_salt)); + salt_len = strlen(ascii_salt); +#ifdef CHARSET_EBCDIC + ebcdic2ascii(ascii_salt, ascii_salt, salt_len); +#endif + +#ifdef CHARSET_EBCDIC + ascii_passwd = OPENSSL_strdup(passwd); + if (ascii_passwd == NULL) + return NULL; + ebcdic2ascii(ascii_passwd, ascii_passwd, passwd_len); + passwd = ascii_passwd; +#endif + + out_buf[0] = 0; + OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf)); + OPENSSL_strlcat(out_buf, ascii_magic, sizeof(out_buf)); + OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf)); + if (rounds_custom) { + char tmp_buf[80]; /* "rounds=999999999" */ + sprintf(tmp_buf, "rounds=%u", rounds); +#ifdef CHARSET_EBCDIC + /* In case we're really on a ASCII based platform and just pretend */ + if (tmp_buf[0] != 0x72) /* ASCII 'r' */ + ebcdic2ascii(tmp_buf, tmp_buf, strlen(tmp_buf)); +#endif + OPENSSL_strlcat(out_buf, tmp_buf, sizeof(out_buf)); + OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf)); + } + OPENSSL_strlcat(out_buf, ascii_salt, sizeof(out_buf)); + + /* assert "$5$rounds=999999999$......salt......" */ + if (strlen(out_buf) > 3 + 17 * rounds_custom + salt_len ) + goto err; + + md = EVP_MD_CTX_new(); + if (md == NULL + || !EVP_DigestInit_ex(md, sha, NULL) + || !EVP_DigestUpdate(md, passwd, passwd_len) + || !EVP_DigestUpdate(md, ascii_salt, salt_len)) + goto err; + + md2 = EVP_MD_CTX_new(); + if (md2 == NULL + || !EVP_DigestInit_ex(md2, sha, NULL) + || !EVP_DigestUpdate(md2, passwd, passwd_len) + || !EVP_DigestUpdate(md2, ascii_salt, salt_len) + || !EVP_DigestUpdate(md2, passwd, passwd_len) + || !EVP_DigestFinal_ex(md2, buf, NULL)) + goto err; + + for (n = passwd_len; n > buf_size; n -= buf_size) { + if (!EVP_DigestUpdate(md, buf, buf_size)) + goto err; + } + if (!EVP_DigestUpdate(md, buf, n)) + goto err; + + n = passwd_len; + while (n) { + if (!EVP_DigestUpdate(md, + (n & 1) ? buf : (unsigned const char *)passwd, + (n & 1) ? buf_size : passwd_len)) + goto err; + n >>= 1; + } + if (!EVP_DigestFinal_ex(md, buf, NULL)) + return NULL; + + /* P sequence */ + if (!EVP_DigestInit_ex(md2, sha, NULL)) + goto err; + + for (n = passwd_len; n > 0; n--) + if (!EVP_DigestUpdate(md2, passwd, passwd_len)) + goto err; + + if (!EVP_DigestFinal_ex(md2, temp_buf, NULL)) + return NULL; + + if ((p_bytes = OPENSSL_zalloc(passwd_len)) == NULL) + goto err; + for (cp = p_bytes, n = passwd_len; n > buf_size; n -= buf_size, cp += buf_size) + memcpy(cp, temp_buf, buf_size); + memcpy(cp, temp_buf, n); + + /* S sequence */ + if (!EVP_DigestInit_ex(md2, sha, NULL)) + goto err; + + for (n = 16 + buf[0]; n > 0; n--) + if (!EVP_DigestUpdate(md2, ascii_salt, salt_len)) + goto err; + + if (!EVP_DigestFinal_ex(md2, temp_buf, NULL)) + return NULL; + + if ((s_bytes = OPENSSL_zalloc(salt_len)) == NULL) + goto err; + for (cp = s_bytes, n = salt_len; n > buf_size; n -= buf_size, cp += buf_size) + memcpy(cp, temp_buf, buf_size); + memcpy(cp, temp_buf, n); + + for (n = 0; n < rounds; n++) { + if (!EVP_DigestInit_ex(md2, sha, NULL)) + goto err; + if (!EVP_DigestUpdate(md2, + (n & 1) ? (unsigned const char *)p_bytes : buf, + (n & 1) ? passwd_len : buf_size)) + goto err; + if (n % 3) { + if (!EVP_DigestUpdate(md2, s_bytes, salt_len)) + goto err; + } + if (n % 7) { + if (!EVP_DigestUpdate(md2, p_bytes, passwd_len)) + goto err; + } + if (!EVP_DigestUpdate(md2, + (n & 1) ? buf : (unsigned const char *)p_bytes, + (n & 1) ? buf_size : passwd_len)) + goto err; + if (!EVP_DigestFinal_ex(md2, buf, NULL)) + goto err; + } + EVP_MD_CTX_free(md2); + EVP_MD_CTX_free(md); + md2 = NULL; + md = NULL; + OPENSSL_free(p_bytes); + OPENSSL_free(s_bytes); + p_bytes = NULL; + s_bytes = NULL; + + cp = out_buf + strlen(out_buf); + *cp++ = ascii_dollar[0]; + +# define b64_from_24bit(B2, B1, B0, N) \ + do { \ + unsigned int w = ((B2) << 16) | ((B1) << 8) | (B0); \ + int i = (N); \ + while (i-- > 0) \ + { \ + *cp++ = cov_2char[w & 0x3f]; \ + w >>= 6; \ + } \ + } while (0) + + switch (magic[0]) { + case '5': + b64_from_24bit (buf[0], buf[10], buf[20], 4); + b64_from_24bit (buf[21], buf[1], buf[11], 4); + b64_from_24bit (buf[12], buf[22], buf[2], 4); + b64_from_24bit (buf[3], buf[13], buf[23], 4); + b64_from_24bit (buf[24], buf[4], buf[14], 4); + b64_from_24bit (buf[15], buf[25], buf[5], 4); + b64_from_24bit (buf[6], buf[16], buf[26], 4); + b64_from_24bit (buf[27], buf[7], buf[17], 4); + b64_from_24bit (buf[18], buf[28], buf[8], 4); + b64_from_24bit (buf[9], buf[19], buf[29], 4); + b64_from_24bit (0, buf[31], buf[30], 3); + break; + case '6': + b64_from_24bit (buf[0], buf[21], buf[42], 4); + b64_from_24bit (buf[22], buf[43], buf[1], 4); + b64_from_24bit (buf[44], buf[2], buf[23], 4); + b64_from_24bit (buf[3], buf[24], buf[45], 4); + b64_from_24bit (buf[25], buf[46], buf[4], 4); + b64_from_24bit (buf[47], buf[5], buf[26], 4); + b64_from_24bit (buf[6], buf[27], buf[48], 4); + b64_from_24bit (buf[28], buf[49], buf[7], 4); + b64_from_24bit (buf[50], buf[8], buf[29], 4); + b64_from_24bit (buf[9], buf[30], buf[51], 4); + b64_from_24bit (buf[31], buf[52], buf[10], 4); + b64_from_24bit (buf[53], buf[11], buf[32], 4); + b64_from_24bit (buf[12], buf[33], buf[54], 4); + b64_from_24bit (buf[34], buf[55], buf[13], 4); + b64_from_24bit (buf[56], buf[14], buf[35], 4); + b64_from_24bit (buf[15], buf[36], buf[57], 4); + b64_from_24bit (buf[37], buf[58], buf[16], 4); + b64_from_24bit (buf[59], buf[17], buf[38], 4); + b64_from_24bit (buf[18], buf[39], buf[60], 4); + b64_from_24bit (buf[40], buf[61], buf[19], 4); + b64_from_24bit (buf[62], buf[20], buf[41], 4); + b64_from_24bit (0, 0, buf[63], 2); + break; + default: + goto err; + } + *cp = '\0'; +#ifdef CHARSET_EBCDIC + ascii2ebcdic(out_buf, out_buf, strlen(out_buf)); +#endif + + return out_buf; + + err: + EVP_MD_CTX_free(md2); + EVP_MD_CTX_free(md); + OPENSSL_free(p_bytes); + OPENSSL_free(s_bytes); + OPENSSL_free(ascii_passwd); + return NULL; +} static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, char *passwd, BIO *out, int quiet, int table, - int reverse, size_t pw_maxlen, int usecrypt, int use1, - int useapr1) + int reverse, size_t pw_maxlen, passwd_modes mode) { char *hash = NULL; @@ -433,36 +782,34 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, /* first make sure we have a salt */ if (!passed_salt) { -# ifndef OPENSSL_NO_DES - if (usecrypt) { - if (*salt_malloc_p == NULL) - *salt_p = *salt_malloc_p = app_malloc(3, "salt buffer"); - if (RAND_bytes((unsigned char *)*salt_p, 2) <= 0) - goto end; - (*salt_p)[0] = cov_2char[(*salt_p)[0] & 0x3f]; /* 6 bits */ - (*salt_p)[1] = cov_2char[(*salt_p)[1] & 0x3f]; /* 6 bits */ - (*salt_p)[2] = 0; -# ifdef CHARSET_EBCDIC - ascii2ebcdic(*salt_p, *salt_p, 2); /* des_crypt will convert back - * to ASCII */ -# endif - } -# endif /* !OPENSSL_NO_DES */ + size_t saltlen = 0; + size_t i; -# ifndef NO_MD5CRYPT_1 - if (use1 || useapr1) { - int i; +#ifndef OPENSSL_NO_DES + if (mode == passwd_crypt) + saltlen = 2; +#endif /* !OPENSSL_NO_DES */ - if (*salt_malloc_p == NULL) - *salt_p = *salt_malloc_p = app_malloc(9, "salt buffer"); - if (RAND_bytes((unsigned char *)*salt_p, 8) <= 0) - goto end; + if (mode == passwd_md5 || mode == passwd_apr1 || mode == passwd_aixmd5) + saltlen = 8; - for (i = 0; i < 8; i++) - (*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */ - (*salt_p)[8] = 0; - } -# endif /* !NO_MD5CRYPT_1 */ + if (mode == passwd_sha256 || mode == passwd_sha512) + saltlen = 16; + + assert(saltlen != 0); + + if (*salt_malloc_p == NULL) + *salt_p = *salt_malloc_p = app_malloc(saltlen + 1, "salt buffer"); + if (RAND_bytes((unsigned char *)*salt_p, saltlen) <= 0) + goto end; + + for (i = 0; i < saltlen; i++) + (*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */ + (*salt_p)[i] = 0; +# ifdef CHARSET_EBCDIC + /* The password encryption funtion will convert back to ASCII */ + ascii2ebcdic(*salt_p, *salt_p, saltlen); +# endif } assert(*salt_p != NULL); @@ -481,14 +828,16 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, assert(strlen(passwd) <= pw_maxlen); /* now compute password hash */ -# ifndef OPENSSL_NO_DES - if (usecrypt) +#ifndef OPENSSL_NO_DES + if (mode == passwd_crypt) hash = DES_crypt(passwd, *salt_p); -# endif -# ifndef NO_MD5CRYPT_1 - if (use1 || useapr1) - hash = md5crypt(passwd, (use1 ? "1" : "apr1"), *salt_p); -# endif +#endif + if (mode == passwd_md5 || mode == passwd_apr1) + hash = md5crypt(passwd, (mode == passwd_md5 ? "1" : "apr1"), *salt_p); + if (mode == passwd_aixmd5) + hash = md5crypt(passwd, "", *salt_p); + if (mode == passwd_sha256 || mode == passwd_sha512) + hash = shacrypt(passwd, (mode == passwd_sha256 ? "5" : "6"), *salt_p); assert(hash != NULL); if (table && !reverse) @@ -502,11 +851,3 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, end: return 0; } -#else - -int passwd_main(int argc, char **argv) -{ - BIO_printf(bio_err, "Program not available.\n"); - return (1); -} -#endif diff --git a/deps/openssl/openssl/apps/pkcs12.c b/deps/openssl/openssl/apps/pkcs12.c index 85f649d812041b..c8fc452ec6d2e7 100644 --- a/deps/openssl/openssl/apps/pkcs12.c +++ b/deps/openssl/openssl/apps/pkcs12.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -16,6 +16,7 @@ NON_EMPTY_TRANSLATION_UNIT # include # include # include "apps.h" +# include "progs.h" # include # include # include @@ -27,6 +28,8 @@ NON_EMPTY_TRANSLATION_UNIT # define CLCERTS 0x8 # define CACERTS 0x10 +#define PASSWD_BUF_SIZE 2048 + static int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain); int dump_certs_keys_p12(BIO *out, const PKCS12 *p12, @@ -51,12 +54,13 @@ typedef enum OPTION_choice { OPT_CACERTS, OPT_NOOUT, OPT_INFO, OPT_CHAIN, OPT_TWOPASS, OPT_NOMACVER, OPT_DESCERT, OPT_EXPORT, OPT_NOITER, OPT_MACITER, OPT_NOMACITER, OPT_NOMAC, OPT_LMK, OPT_NODES, OPT_MACALG, OPT_CERTPBE, OPT_KEYPBE, - OPT_RAND, OPT_INKEY, OPT_CERTFILE, OPT_NAME, OPT_CSP, OPT_CANAME, + OPT_INKEY, OPT_CERTFILE, OPT_NAME, OPT_CSP, OPT_CANAME, OPT_IN, OPT_OUT, OPT_PASSIN, OPT_PASSOUT, OPT_PASSWORD, OPT_CAPATH, - OPT_CAFILE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_ENGINE + OPT_CAFILE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_ENGINE, + OPT_R_ENUM } OPTION_CHOICE; -OPTIONS pkcs12_options[] = { +const OPTIONS pkcs12_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, {"nokeys", OPT_NOKEYS, '-', "Don't output private keys"}, {"keyex", OPT_KEYEX, '-', "Set MS key exchange type"}, @@ -89,8 +93,7 @@ OPTIONS pkcs12_options[] = { {"macalg", OPT_MACALG, 's', "Digest algorithm used in MAC (default SHA1)"}, {"keypbe", OPT_KEYPBE, 's', "Private key PBE algorithm (default 3DES)"}, - {"rand", OPT_RAND, 's', - "Load the file(s) into the random number generator"}, + OPT_R_OPTIONS, {"inkey", OPT_INKEY, 's', "Private key if not infile"}, {"certfile", OPT_CERTFILE, '<', "Load certs from file"}, {"name", OPT_NAME, 's', "Use name as friendly name"}, @@ -119,7 +122,7 @@ int pkcs12_main(int argc, char **argv) { char *infile = NULL, *outfile = NULL, *keyname = NULL, *certfile = NULL; char *name = NULL, *csp_name = NULL; - char pass[2048] = "", macpass[2048] = ""; + char pass[PASSWD_BUF_SIZE] = "", macpass[PASSWD_BUF_SIZE] = ""; int export_cert = 0, options = 0, chain = 0, twopass = 0, keytype = 0; int iter = PKCS12_DEFAULT_ITER, maciter = PKCS12_DEFAULT_ITER; # ifndef OPENSSL_NO_RC2 @@ -131,7 +134,7 @@ int pkcs12_main(int argc, char **argv) int ret = 1, macver = 1, add_lmk = 0, private = 0; int noprompt = 0; char *passinarg = NULL, *passoutarg = NULL, *passarg = NULL; - char *passin = NULL, *passout = NULL, *inrand = NULL, *macalg = NULL; + char *passin = NULL, *passout = NULL, *macalg = NULL; char *cpass = NULL, *mpass = NULL, *badpass = NULL; const char *CApath = NULL, *CAfile = NULL, *prog; int noCApath = 0, noCAfile = 0; @@ -223,8 +226,9 @@ int pkcs12_main(int argc, char **argv) if (!set_pbe(&key_pbe, opt_arg())) goto opthelp; break; - case OPT_RAND: - inrand = opt_arg(); + case OPT_R_CASES: + if (!opt_rand(o)) + goto end; break; case OPT_INKEY: keyname = opt_arg(); @@ -285,7 +289,7 @@ int pkcs12_main(int argc, char **argv) private = 1; - if (passarg) { + if (passarg != NULL) { if (export_cert) passoutarg = passarg; else @@ -297,14 +301,14 @@ int pkcs12_main(int argc, char **argv) goto end; } - if (!cpass) { + if (cpass == NULL) { if (export_cert) cpass = passout; else cpass = passin; } - if (cpass) { + if (cpass != NULL) { mpass = cpass; noprompt = 1; } else { @@ -312,18 +316,12 @@ int pkcs12_main(int argc, char **argv) mpass = macpass; } - if (export_cert || inrand) { - app_RAND_load_file(NULL, (inrand != NULL)); - if (inrand != NULL) - BIO_printf(bio_err, "%ld semi-random bytes loaded\n", - app_RAND_load_files(inrand)); - } - if (twopass) { + /* To avoid bit rot */ if (1) { -#ifndef OPENSSL_NO_UI - if (EVP_read_pw_string - (macpass, sizeof(macpass), "Enter MAC Password:", export_cert)) { +#ifndef OPENSSL_NO_UI_CONSOLE + if (EVP_read_pw_string( + macpass, sizeof(macpass), "Enter MAC Password:", export_cert)) { BIO_printf(bio_err, "Can't read Password\n"); goto end; } @@ -353,7 +351,7 @@ int pkcs12_main(int argc, char **argv) if (!(options & NOKEYS)) { key = load_key(keyname ? keyname : infile, FORMAT_PEM, 1, passin, e, "private key"); - if (!key) + if (key == NULL) goto export_end; } @@ -363,7 +361,7 @@ int pkcs12_main(int argc, char **argv) "certificates")) goto export_end; - if (key) { + if (key != NULL) { /* Look for matching private key */ for (i = 0; i < sk_X509_num(certs); i++) { x = sk_X509_value(certs, i); @@ -377,7 +375,7 @@ int pkcs12_main(int argc, char **argv) break; } } - if (!ucert) { + if (ucert == NULL) { BIO_printf(bio_err, "No certificate matches private key\n"); goto export_end; @@ -387,7 +385,7 @@ int pkcs12_main(int argc, char **argv) } /* Add any more certificates asked for */ - if (certfile) { + if (certfile != NULL) { if (!load_certs(certfile, &certs, FORMAT_PEM, NULL, "certificates from certfile")) goto export_end; @@ -429,19 +427,20 @@ int pkcs12_main(int argc, char **argv) X509_alias_set1(sk_X509_value(certs, i), catmp, -1); } - if (csp_name && key) + if (csp_name != NULL && key != NULL) EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name, MBSTRING_ASC, (unsigned char *)csp_name, -1); - if (add_lmk && key) + if (add_lmk && key != NULL) EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1); if (!noprompt) { + /* To avoid bit rot */ if (1) { -#ifndef OPENSSL_NO_UI - if (EVP_read_pw_string(pass, sizeof(pass), "Enter Export Password:", - 1)) { +#ifndef OPENSSL_NO_UI_CONSOLE + if (EVP_read_pw_string(pass, sizeof(pass), + "Enter Export Password:", 1)) { BIO_printf(bio_err, "Can't read Password\n"); goto export_end; } @@ -505,7 +504,7 @@ int pkcs12_main(int argc, char **argv) if (!noprompt) { if (1) { -#ifndef OPENSSL_NO_UI +#ifndef OPENSSL_NO_UI_CONSOLE if (EVP_read_pw_string(pass, sizeof(pass), "Enter Import Password:", 0)) { BIO_printf(bio_err, "Can't read Password\n"); @@ -525,12 +524,20 @@ int pkcs12_main(int argc, char **argv) const ASN1_INTEGER *tmaciter; const X509_ALGOR *macalgid; const ASN1_OBJECT *macobj; - PKCS12_get0_mac(NULL, &macalgid, NULL, &tmaciter, p12); + const ASN1_OCTET_STRING *tmac; + const ASN1_OCTET_STRING *tsalt; + + PKCS12_get0_mac(&tmac, &macalgid, &tsalt, &tmaciter, p12); + /* current hash algorithms do not use parameters so extract just name, + in future alg_print() may be needed */ X509_ALGOR_get0(&macobj, NULL, NULL, macalgid); - BIO_puts(bio_err, "MAC:"); + BIO_puts(bio_err, "MAC: "); i2a_ASN1_OBJECT(bio_err, macobj); - BIO_printf(bio_err, " Iteration %ld\n", - tmaciter != NULL ? ASN1_INTEGER_get(tmaciter) : 1L); + BIO_printf(bio_err, ", Iteration %ld\n", + tmaciter != NULL ? ASN1_INTEGER_get(tmaciter) : 1L); + BIO_printf(bio_err, "MAC length: %ld, salt length: %ld\n", + tmac != NULL ? ASN1_STRING_length(tmac) : 0L, + tsalt != NULL ? ASN1_STRING_length(tsalt) : 0L); } if (macver) { /* If we enter empty password try no password first */ @@ -572,8 +579,6 @@ int pkcs12_main(int argc, char **argv) ret = 0; end: PKCS12_free(p12); - if (export_cert || inrand) - app_RAND_write_file(NULL); release_engine(e); BIO_free(in); BIO_free_all(out); @@ -581,7 +586,7 @@ int pkcs12_main(int argc, char **argv) OPENSSL_free(badpass); OPENSSL_free(passin); OPENSSL_free(passout); - return (ret); + return ret; } int dump_certs_keys_p12(BIO *out, const PKCS12 *p12, const char *pass, @@ -609,8 +614,9 @@ int dump_certs_keys_p12(BIO *out, const PKCS12 *p12, const char *pass, alg_print(p7->d.encrypted->enc_data->algorithm); } bags = PKCS12_unpack_p7encdata(p7, pass, passlen); - } else + } else { continue; + } if (!bags) goto err; if (!dump_certs_pkeys_bags(out, bags, pass, passlen, @@ -785,7 +791,7 @@ static int alg_print(const X509_ALGOR *alg) if (aparamtype == V_ASN1_SEQUENCE) pbe2 = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBE2PARAM)); if (pbe2 == NULL) { - BIO_puts(bio_err, ""); + BIO_puts(bio_err, ", "); goto done; } X509_ALGOR_get0(&aoid, &aparamtype, &aparam, pbe2->keyfunc); @@ -801,7 +807,7 @@ static int alg_print(const X509_ALGOR *alg) if (aparamtype == V_ASN1_SEQUENCE) kdf = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBKDF2PARAM)); if (kdf == NULL) { - BIO_puts(bio_err, ""); + BIO_puts(bio_err, ", "); goto done; } @@ -814,13 +820,31 @@ static int alg_print(const X509_ALGOR *alg) BIO_printf(bio_err, ", Iteration %ld, PRF %s", ASN1_INTEGER_get(kdf->iter), OBJ_nid2sn(prfnid)); PBKDF2PARAM_free(kdf); +#ifndef OPENSSL_NO_SCRYPT + } else if (pbenid == NID_id_scrypt) { + SCRYPT_PARAMS *kdf = NULL; + + if (aparamtype == V_ASN1_SEQUENCE) + kdf = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(SCRYPT_PARAMS)); + if (kdf == NULL) { + BIO_puts(bio_err, ", "); + goto done; + } + BIO_printf(bio_err, ", Salt length: %d, Cost(N): %ld, " + "Block size(r): %ld, Paralelizm(p): %ld", + ASN1_STRING_length(kdf->salt), + ASN1_INTEGER_get(kdf->costParameter), + ASN1_INTEGER_get(kdf->blockSize), + ASN1_INTEGER_get(kdf->parallelizationParameter)); + SCRYPT_PARAMS_free(kdf); +#endif } PBE2PARAM_free(pbe2); } else { if (aparamtype == V_ASN1_SEQUENCE) pbe = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBEPARAM)); if (pbe == NULL) { - BIO_puts(bio_err, ""); + BIO_puts(bio_err, ", "); goto done; } BIO_printf(bio_err, ", Iteration %ld", ASN1_INTEGER_get(pbe->iter)); @@ -874,8 +898,9 @@ int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst, if (attr_nid == NID_undef) { i2a_ASN1_OBJECT(out, attr_obj); BIO_printf(out, ": "); - } else + } else { BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid)); + } if (X509_ATTRIBUTE_count(attr)) { av = X509_ATTRIBUTE_get0_type(attr, 0); @@ -903,8 +928,9 @@ int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst, BIO_printf(out, "\n", av->type); break; } - } else + } else { BIO_printf(out, "\n"); + } } return 1; } diff --git a/deps/openssl/openssl/apps/pkcs7.c b/deps/openssl/openssl/apps/pkcs7.c index 209e30d63f6fa7..c3e9f5c692608e 100644 --- a/deps/openssl/openssl/apps/pkcs7.c +++ b/deps/openssl/openssl/apps/pkcs7.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,6 +12,7 @@ #include #include #include "apps.h" +#include "progs.h" #include #include #include @@ -25,7 +26,7 @@ typedef enum OPTION_choice { OPT_TEXT, OPT_PRINT, OPT_PRINT_CERTS, OPT_ENGINE } OPTION_CHOICE; -OPTIONS pkcs7_options[] = { +const OPTIONS pkcs7_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, {"inform", OPT_INFORM, 'F', "Input format - DER or PEM"}, {"in", OPT_IN, '<', "Input file"}, @@ -163,7 +164,7 @@ int pkcs7_main(int argc, char **argv) for (i = 0; i < sk_X509_CRL_num(crls); i++) { crl = sk_X509_CRL_value(crls, i); - X509_CRL_print(out, crl); + X509_CRL_print_ex(out, crl, get_nameopt()); if (!noout) PEM_write_bio_X509_CRL(out, crl); @@ -193,5 +194,5 @@ int pkcs7_main(int argc, char **argv) release_engine(e); BIO_free(in); BIO_free_all(out); - return (ret); + return ret; } diff --git a/deps/openssl/openssl/apps/pkcs8.c b/deps/openssl/openssl/apps/pkcs8.c index 0874370d0c5525..205536560ac134 100644 --- a/deps/openssl/openssl/apps/pkcs8.c +++ b/deps/openssl/openssl/apps/pkcs8.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,7 @@ #include #include #include "apps.h" +#include "progs.h" #include #include #include @@ -24,10 +25,11 @@ typedef enum OPTION_choice { OPT_SCRYPT, OPT_SCRYPT_N, OPT_SCRYPT_R, OPT_SCRYPT_P, #endif OPT_V2, OPT_V1, OPT_V2PRF, OPT_ITER, OPT_PASSIN, OPT_PASSOUT, - OPT_TRADITIONAL + OPT_TRADITIONAL, + OPT_R_ENUM } OPTION_CHOICE; -OPTIONS pkcs8_options[] = { +const OPTIONS pkcs8_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, {"inform", OPT_INFORM, 'F', "Input format (DER or PEM)"}, {"outform", OPT_OUTFORM, 'F', "Output format (DER or PEM)"}, @@ -36,6 +38,7 @@ OPTIONS pkcs8_options[] = { {"topk8", OPT_TOPK8, '-', "Output PKCS8 file"}, {"noiter", OPT_NOITER, '-', "Use 1 as iteration count"}, {"nocrypt", OPT_NOCRYPT, '-', "Use or expect unencrypted private key"}, + OPT_R_OPTIONS, {"v2", OPT_V2, 's', "Use PKCS#5 v2.0 and cipher"}, {"v1", OPT_V1, 's', "Use PKCS#5 v1.5 and cipher"}, {"v2prf", OPT_V2PRF, 's', "Set the PRF algorithm to use with PKCS#5 v2.0"}, @@ -65,7 +68,7 @@ int pkcs8_main(int argc, char **argv) const EVP_CIPHER *cipher = NULL; char *infile = NULL, *outfile = NULL; char *passinarg = NULL, *passoutarg = NULL, *prog; -#ifndef OPENSSL_NO_UI +#ifndef OPENSSL_NO_UI_CONSOLE char pass[APP_PASS_LEN]; #endif char *passin = NULL, *passout = NULL, *p8pass = NULL; @@ -112,6 +115,10 @@ int pkcs8_main(int argc, char **argv) case OPT_NOCRYPT: nocrypt = 1; break; + case OPT_R_CASES: + if (!opt_rand(o)) + goto end; + break; case OPT_TRADITIONAL: traditional = 1; break; @@ -196,7 +203,7 @@ int pkcs8_main(int argc, char **argv) if (topk8) { pkey = load_key(infile, informat, 1, passin, e, "key"); - if (!pkey) + if (pkey == NULL) goto end; if ((p8inf = EVP_PKEY2PKCS8(pkey)) == NULL) { BIO_printf(bio_err, "Error converting key\n"); @@ -205,11 +212,11 @@ int pkcs8_main(int argc, char **argv) } if (nocrypt) { assert(private); - if (outformat == FORMAT_PEM) + if (outformat == FORMAT_PEM) { PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf); - else if (outformat == FORMAT_ASN1) + } else if (outformat == FORMAT_ASN1) { i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf); - else { + } else { BIO_printf(bio_err, "Bad format specified for key\n"); goto end; } @@ -232,10 +239,11 @@ int pkcs8_main(int argc, char **argv) ERR_print_errors(bio_err); goto end; } - if (passout) + if (passout != NULL) { p8pass = passout; - else if (1) { -#ifndef OPENSSL_NO_UI + } else if (1) { + /* To avoid bit rot */ +#ifndef OPENSSL_NO_UI_CONSOLE p8pass = pass; if (EVP_read_pw_string (pass, sizeof(pass), "Enter Encryption Password:", 1)) { @@ -247,7 +255,6 @@ int pkcs8_main(int argc, char **argv) BIO_printf(bio_err, "Password required\n"); goto end; } - app_RAND_load_file(NULL, 0); p8 = PKCS8_set0_pbe(p8pass, strlen(p8pass), p8inf, pbe); if (p8 == NULL) { X509_ALGOR_free(pbe); @@ -255,7 +262,6 @@ int pkcs8_main(int argc, char **argv) ERR_print_errors(bio_err); goto end; } - app_RAND_write_file(NULL); assert(private); if (outformat == FORMAT_PEM) PEM_write_bio_PKCS8(out, p8); @@ -272,33 +278,33 @@ int pkcs8_main(int argc, char **argv) } if (nocrypt) { - if (informat == FORMAT_PEM) + if (informat == FORMAT_PEM) { p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in, NULL, NULL, NULL); - else if (informat == FORMAT_ASN1) + } else if (informat == FORMAT_ASN1) { p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL); - else { + } else { BIO_printf(bio_err, "Bad format specified for key\n"); goto end; } } else { - if (informat == FORMAT_PEM) + if (informat == FORMAT_PEM) { p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL); - else if (informat == FORMAT_ASN1) + } else if (informat == FORMAT_ASN1) { p8 = d2i_PKCS8_bio(in, NULL); - else { + } else { BIO_printf(bio_err, "Bad format specified for key\n"); goto end; } - if (!p8) { + if (p8 == NULL) { BIO_printf(bio_err, "Error reading key\n"); ERR_print_errors(bio_err); goto end; } - if (passin) + if (passin != NULL) { p8pass = passin; - else if (1) { -#ifndef OPENSSL_NO_UI + } else if (1) { +#ifndef OPENSSL_NO_UI_CONSOLE p8pass = pass; if (EVP_read_pw_string(pass, sizeof(pass), "Enter Password:", 0)) { BIO_printf(bio_err, "Can't read Password\n"); @@ -312,7 +318,7 @@ int pkcs8_main(int argc, char **argv) p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass)); } - if (!p8inf) { + if (p8inf == NULL) { BIO_printf(bio_err, "Error decrypting key\n"); ERR_print_errors(bio_err); goto end; diff --git a/deps/openssl/openssl/apps/pkey.c b/deps/openssl/openssl/apps/pkey.c index 5c13d8b87af16c..0dd5590bdc0bc7 100644 --- a/deps/openssl/openssl/apps/pkey.c +++ b/deps/openssl/openssl/apps/pkey.c @@ -10,6 +10,7 @@ #include #include #include "apps.h" +#include "progs.h" #include #include #include @@ -18,10 +19,10 @@ typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_INFORM, OPT_OUTFORM, OPT_PASSIN, OPT_PASSOUT, OPT_ENGINE, OPT_IN, OPT_OUT, OPT_PUBIN, OPT_PUBOUT, OPT_TEXT_PUB, - OPT_TEXT, OPT_NOOUT, OPT_MD, OPT_TRADITIONAL + OPT_TEXT, OPT_NOOUT, OPT_MD, OPT_TRADITIONAL, OPT_CHECK, OPT_PUB_CHECK } OPTION_CHOICE; -OPTIONS pkey_options[] = { +const OPTIONS pkey_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, {"inform", OPT_INFORM, 'f', "Input format (DER or PEM)"}, {"outform", OPT_OUTFORM, 'F', "Output format (DER or PEM)"}, @@ -41,6 +42,8 @@ OPTIONS pkey_options[] = { #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, #endif + {"check", OPT_CHECK, '-', "Check key consistency"}, + {"pubcheck", OPT_PUB_CHECK, '-', "Check public key consistency"}, {NULL} }; @@ -55,7 +58,7 @@ int pkey_main(int argc, char **argv) OPTION_CHOICE o; int informat = FORMAT_PEM, outformat = FORMAT_PEM; int pubin = 0, pubout = 0, pubtext = 0, text = 0, noout = 0, ret = 1; - int private = 0, traditional = 0; + int private = 0, traditional = 0, check = 0, pub_check = 0; prog = opt_init(argc, argv, pkey_options); while ((o = opt_next()) != OPT_EOF) { @@ -110,6 +113,12 @@ int pkey_main(int argc, char **argv) case OPT_TRADITIONAL: traditional = 1; break; + case OPT_CHECK: + check = 1; + break; + case OPT_PUB_CHECK: + pub_check = 1; + break; case OPT_MD: if (!opt_cipher(opt_unknown(), &cipher)) goto opthelp; @@ -136,9 +145,44 @@ int pkey_main(int argc, char **argv) pkey = load_pubkey(infile, informat, 1, passin, e, "Public Key"); else pkey = load_key(infile, informat, 1, passin, e, "key"); - if (!pkey) + if (pkey == NULL) goto end; + if (check || pub_check) { + int r; + EVP_PKEY_CTX *ctx; + + ctx = EVP_PKEY_CTX_new(pkey, e); + if (ctx == NULL) { + ERR_print_errors(bio_err); + goto end; + } + + if (check) + r = EVP_PKEY_check(ctx); + else + r = EVP_PKEY_public_check(ctx); + + if (r == 1) { + BIO_printf(out, "Key is valid\n"); + } else { + /* + * Note: at least for RSA keys if this function returns + * -1, there will be no error reasons. + */ + unsigned long err; + + BIO_printf(out, "Key is invalid\n"); + + while ((err = ERR_peek_error()) != 0) { + BIO_printf(out, "Detailed error: %s\n", + ERR_reason_error_string(err)); + ERR_get_error(); /* remove err from error stack */ + } + } + EVP_PKEY_CTX_free(ctx); + } + if (!noout) { if (outformat == FORMAT_PEM) { if (pubout) { @@ -170,7 +214,6 @@ int pkey_main(int argc, char **argv) BIO_printf(bio_err, "Bad format specified for key\n"); goto end; } - } if (text) { diff --git a/deps/openssl/openssl/apps/pkeyparam.c b/deps/openssl/openssl/apps/pkeyparam.c index 0a1b2d1283339d..41c3f532b3450f 100644 --- a/deps/openssl/openssl/apps/pkeyparam.c +++ b/deps/openssl/openssl/apps/pkeyparam.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,16 +10,18 @@ #include #include #include "apps.h" +#include "progs.h" #include #include #include typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, - OPT_IN, OPT_OUT, OPT_TEXT, OPT_NOOUT, OPT_ENGINE + OPT_IN, OPT_OUT, OPT_TEXT, OPT_NOOUT, + OPT_ENGINE, OPT_CHECK } OPTION_CHOICE; -OPTIONS pkeyparam_options[] = { +const OPTIONS pkeyparam_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, {"in", OPT_IN, '<', "Input file"}, {"out", OPT_OUT, '>', "Output file"}, @@ -28,6 +30,7 @@ OPTIONS pkeyparam_options[] = { #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, #endif + {"check", OPT_CHECK, '-', "Check key param consistency"}, {NULL} }; @@ -36,7 +39,7 @@ int pkeyparam_main(int argc, char **argv) ENGINE *e = NULL; BIO *in = NULL, *out = NULL; EVP_PKEY *pkey = NULL; - int text = 0, noout = 0, ret = 1; + int text = 0, noout = 0, ret = 1, check = 0; OPTION_CHOICE o; char *infile = NULL, *outfile = NULL, *prog; @@ -67,6 +70,9 @@ int pkeyparam_main(int argc, char **argv) case OPT_NOOUT: noout = 1; break; + case OPT_CHECK: + check = 1; + break; } } argc = opt_num_rest(); @@ -80,12 +86,44 @@ int pkeyparam_main(int argc, char **argv) if (out == NULL) goto end; pkey = PEM_read_bio_Parameters(in, NULL); - if (!pkey) { + if (pkey == NULL) { BIO_printf(bio_err, "Error reading parameters\n"); ERR_print_errors(bio_err); goto end; } + if (check) { + int r; + EVP_PKEY_CTX *ctx; + + ctx = EVP_PKEY_CTX_new(pkey, e); + if (ctx == NULL) { + ERR_print_errors(bio_err); + goto end; + } + + r = EVP_PKEY_param_check(ctx); + + if (r == 1) { + BIO_printf(out, "Parameters are valid\n"); + } else { + /* + * Note: at least for RSA keys if this function returns + * -1, there will be no error reasons. + */ + unsigned long err; + + BIO_printf(out, "Parameters are invalid\n"); + + while ((err = ERR_peek_error()) != 0) { + BIO_printf(out, "Detailed error: %s\n", + ERR_reason_error_string(err)); + ERR_get_error(); /* remove err from error stack */ + } + } + EVP_PKEY_CTX_free(ctx); + } + if (!noout) PEM_write_bio_Parameters(out, pkey); diff --git a/deps/openssl/openssl/apps/pkeyutl.c b/deps/openssl/openssl/apps/pkeyutl.c index bbb1274f13b1ea..2c4e524b693e47 100644 --- a/deps/openssl/openssl/apps/pkeyutl.c +++ b/deps/openssl/openssl/apps/pkeyutl.c @@ -8,6 +8,7 @@ */ #include "apps.h" +#include "progs.h" #include #include #include @@ -36,10 +37,11 @@ typedef enum OPTION_choice { OPT_PUBIN, OPT_CERTIN, OPT_ASN1PARSE, OPT_HEXDUMP, OPT_SIGN, OPT_VERIFY, OPT_VERIFYRECOVER, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT, OPT_DERIVE, OPT_SIGFILE, OPT_INKEY, OPT_PEERKEY, OPT_PASSIN, - OPT_PEERFORM, OPT_KEYFORM, OPT_PKEYOPT, OPT_KDF, OPT_KDFLEN + OPT_PEERFORM, OPT_KEYFORM, OPT_PKEYOPT, OPT_KDF, OPT_KDFLEN, + OPT_R_ENUM } OPTION_CHOICE; -OPTIONS pkeyutl_options[] = { +const OPTIONS pkeyutl_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, {"in", OPT_IN, '<', "Input file - default stdin"}, {"out", OPT_OUT, '>', "Output file - default stdout"}, @@ -64,6 +66,7 @@ OPTIONS pkeyutl_options[] = { {"peerform", OPT_PEERFORM, 'E', "Peer key format - default PEM"}, {"keyform", OPT_KEYFORM, 'E', "Private key format - default PEM"}, {"pkeyopt", OPT_PKEYOPT, 's', "Public key options as opt:value"}, + OPT_R_OPTIONS, #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, {"engine_impl", OPT_ENGINE_IMPL, '-', @@ -133,6 +136,10 @@ int pkeyutl_main(int argc, char **argv) if (!opt_format(opt_arg(), OPT_FMT_PDE, &keyform)) goto opthelp; break; + case OPT_R_CASES: + if (!opt_rand(o)) + goto end; + break; case OPT_ENGINE: e = setup_engine(opt_arg(), 0); break; @@ -234,21 +241,18 @@ int pkeyutl_main(int argc, char **argv) } } - if (sigfile && (pkey_op != EVP_PKEY_OP_VERIFY)) { + if (sigfile != NULL && (pkey_op != EVP_PKEY_OP_VERIFY)) { BIO_printf(bio_err, "%s: Signature file specified for non verify\n", prog); goto end; } - if (!sigfile && (pkey_op == EVP_PKEY_OP_VERIFY)) { + if (sigfile == NULL && (pkey_op == EVP_PKEY_OP_VERIFY)) { BIO_printf(bio_err, "%s: No signature file specified for verify\n", prog); goto end; } -/* FIXME: seed PRNG only if needed */ - app_RAND_load_file(NULL, 0); - if (pkey_op != EVP_PKEY_OP_DERIVE) { in = bio_open_default(infile, 'r', FORMAT_BINARY); if (in == NULL) @@ -258,9 +262,10 @@ int pkeyutl_main(int argc, char **argv) if (out == NULL) goto end; - if (sigfile) { + if (sigfile != NULL) { BIO *sigbio = BIO_new_file(sigfile, "rb"); - if (!sigbio) { + + if (sigbio == NULL) { BIO_printf(bio_err, "Can't open signature file %s\n", sigfile); goto end; } @@ -272,12 +277,12 @@ int pkeyutl_main(int argc, char **argv) } } - if (in) { + if (in != NULL) { /* Read the input data */ buf_inlen = bio_to_mem(&buf_in, keysize * 10, in); if (buf_inlen < 0) { BIO_printf(bio_err, "Error reading input Data\n"); - exit(1); + goto end; } if (rev) { size_t i; @@ -291,14 +296,25 @@ int pkeyutl_main(int argc, char **argv) } } + /* Sanity check the input */ + if (buf_inlen > EVP_MAX_MD_SIZE + && (pkey_op == EVP_PKEY_OP_SIGN + || pkey_op == EVP_PKEY_OP_VERIFY + || pkey_op == EVP_PKEY_OP_VERIFYRECOVER)) { + BIO_printf(bio_err, + "Error: The input data looks too long to be a hash\n"); + goto end; + } + if (pkey_op == EVP_PKEY_OP_VERIFY) { rv = EVP_PKEY_verify(ctx, sig, (size_t)siglen, buf_in, (size_t)buf_inlen); if (rv == 1) { BIO_puts(out, "Signature Verified Successfully\n"); ret = 0; - } else + } else { BIO_puts(out, "Signature Verification Failure\n"); + } goto end; } if (kdflen != 0) { @@ -328,10 +344,11 @@ int pkeyutl_main(int argc, char **argv) if (asn1parse) { if (!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1)) ERR_print_errors(bio_err); - } else if (hexdump) + } else if (hexdump) { BIO_dump(out, (char *)buf_out, buf_outlen); - else + } else { BIO_write(out, buf_out, buf_outlen); + } end: EVP_PKEY_CTX_free(ctx); @@ -393,7 +410,7 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize, impl = e; #endif - if (kdfalg) { + if (kdfalg != NULL) { int kdfnid = OBJ_sn2nid(kdfalg); if (kdfnid == NID_undef) { @@ -463,7 +480,7 @@ static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file, if (peerform == FORMAT_ENGINE) engine = e; peer = load_pubkey(file, peerform, 0, NULL, engine, "Peer Key"); - if (!peer) { + if (peer == NULL) { BIO_printf(bio_err, "Error reading peer key %s\n", file); ERR_print_errors(bio_err); return 0; diff --git a/deps/openssl/openssl/apps/prime.c b/deps/openssl/openssl/apps/prime.c index c12463d8cd6ba9..6944797646962c 100644 --- a/deps/openssl/openssl/apps/prime.c +++ b/deps/openssl/openssl/apps/prime.c @@ -10,6 +10,7 @@ #include #include "apps.h" +#include "progs.h" #include typedef enum OPTION_choice { @@ -17,7 +18,7 @@ typedef enum OPTION_choice { OPT_HEX, OPT_GENERATE, OPT_BITS, OPT_SAFE, OPT_CHECKS } OPTION_CHOICE; -OPTIONS prime_options[] = { +const OPTIONS prime_options[] = { {OPT_HELP_STR, 1, '-', "Usage: %s [options] [number...]\n"}, {OPT_HELP_STR, 1, '-', " number Number to check for primality\n"}, @@ -112,7 +113,7 @@ int prime_main(int argc, char **argv) else r = BN_dec2bn(&bn, argv[0]); - if(!r) { + if (!r) { BIO_printf(bio_err, "Failed to process value (%s)\n", argv[0]); goto end; } diff --git a/deps/openssl/openssl/apps/progs.pl b/deps/openssl/openssl/apps/progs.pl index 0d3b4469a1eabe..57671405dda007 100644 --- a/deps/openssl/openssl/apps/progs.pl +++ b/deps/openssl/openssl/apps/progs.pl @@ -14,34 +14,36 @@ use lib '.'; use configdata qw/@disablables %unified_info/; -my %commands = (); -my $cmdre = qr/^\s*int\s+([a-z_][a-z0-9_]*)_main\(\s*int\s+argc\s*,/; - +my %commands = (); +my $cmdre = qr/^\s*int\s+([a-z_][a-z0-9_]*)_main\(\s*int\s+argc\s*,/; my $apps_openssl = shift @ARGV; +my $YEAR = [localtime()]->[5] + 1900; + # because the program apps/openssl has object files as sources, and # they then have the corresponding C files as source, we need to chain # the lookups in %unified_info my @openssl_source = map { @{$unified_info{sources}->{$_}} } - @{$unified_info{sources}->{$apps_openssl}}; + grep { /\.o$/ } + @{$unified_info{sources}->{$apps_openssl}}; foreach my $filename (@openssl_source) { - open F, $filename or die "Couldn't open $filename: $!\n"; - foreach (grep /$cmdre/, ) { - my @foo = /$cmdre/; - $commands{$1} = 1; - } - close F; + open F, $filename or die "Couldn't open $filename: $!\n"; + foreach ( grep /$cmdre/, ) { + my @foo = /$cmdre/; + $commands{$1} = 1; + } + close F; } @ARGV = sort keys %commands; -print <<'EOF'; +print <<"EOF"; /* * WARNING: do not edit! * Generated by apps/progs.pl * - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-$YEAR The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -66,17 +68,15 @@ EOF foreach (@ARGV) { - printf "extern int %s_main(int argc, char *argv[]);\n", $_; + printf "extern int %s_main(int argc, char *argv[]);\n", $_; } - print "\n"; foreach (@ARGV) { - printf "extern OPTIONS %s_options[];\n", $_; + printf "extern const OPTIONS %s_options[];\n", $_; } +print "\n"; -print "\n#ifdef INCLUDE_FUNCTION_TABLE\n"; -print "static FUNCTION functions[] = {\n"; my %cmd_disabler = ( ciphers => "sock", genrsa => "rsa", @@ -87,78 +87,95 @@ dhparam => "dh", ecparam => "ec", pkcs12 => "des", - ); -foreach my $cmd (@ARGV) { - my $str=" { FT_general, \"$cmd\", ${cmd}_main, ${cmd}_options },\n"; - if ($cmd =~ /^s_/) { - print "#ifndef OPENSSL_NO_SOCK\n${str}#endif\n"; - } elsif (grep { $cmd eq $_ } @disablables) { - print "#ifndef OPENSSL_NO_".uc($cmd)."\n${str}#endif\n"; - } elsif (my $disabler = $cmd_disabler{$cmd}) { - print "#ifndef OPENSSL_NO_".uc($disabler)."\n${str}#endif\n"; - } else { - print $str; - } +); + +print "#ifdef INCLUDE_FUNCTION_TABLE\n"; +print "static FUNCTION functions[] = {\n"; +foreach my $cmd ( @ARGV ) { + my $str = " {FT_general, \"$cmd\", ${cmd}_main, ${cmd}_options},\n"; + if ($cmd =~ /^s_/) { + print "#ifndef OPENSSL_NO_SOCK\n${str}#endif\n"; + } elsif (grep { $cmd eq $_ } @disablables) { + print "#ifndef OPENSSL_NO_" . uc($cmd) . "\n${str}#endif\n"; + } elsif (my $disabler = $cmd_disabler{$cmd}) { + print "#ifndef OPENSSL_NO_" . uc($disabler) . "\n${str}#endif\n"; + } else { + print $str; + } } my %md_disabler = ( blake2b512 => "blake2", blake2s256 => "blake2", - ); +); foreach my $cmd ( - "md2", "md4", "md5", - "gost", - "sha1", "sha224", "sha256", "sha384", "sha512", - "mdc2", "rmd160", "blake2b512", "blake2s256" + "md2", "md4", "md5", + "gost", + "sha1", "sha224", "sha256", "sha384", + "sha512", "sha512-224", "sha512-256", + "sha3-224", "sha3-256", "sha3-384", "sha3-512", + "shake128", "shake256", + "mdc2", "rmd160", "blake2b512", "blake2s256", + "sm3" ) { - my $str = " { FT_md, \"".$cmd."\", dgst_main},\n"; - if (grep { $cmd eq $_ } @disablables) { - print "#ifndef OPENSSL_NO_".uc($cmd)."\n${str}#endif\n"; - } elsif (my $disabler = $md_disabler{$cmd}) { - print "#ifndef OPENSSL_NO_".uc($disabler)."\n${str}#endif\n"; - } else { - print $str; - } + my $str = " {FT_md, \"$cmd\", dgst_main},\n"; + if (grep { $cmd eq $_ } @disablables) { + print "#ifndef OPENSSL_NO_" . uc($cmd) . "\n${str}#endif\n"; + } elsif (my $disabler = $md_disabler{$cmd}) { + print "#ifndef OPENSSL_NO_" . uc($disabler) . "\n${str}#endif\n"; + } else { + print $str; + } } my %cipher_disabler = ( des3 => "des", desx => "des", cast5 => "cast", - ); +); foreach my $cmd ( - "aes-128-cbc", "aes-128-ecb", - "aes-192-cbc", "aes-192-ecb", - "aes-256-cbc", "aes-256-ecb", - "camellia-128-cbc", "camellia-128-ecb", - "camellia-192-cbc", "camellia-192-ecb", - "camellia-256-cbc", "camellia-256-ecb", - "base64", "zlib", - "des", "des3", "desx", "idea", "seed", "rc4", "rc4-40", - "rc2", "bf", "cast", "rc5", - "des-ecb", "des-ede", "des-ede3", - "des-cbc", "des-ede-cbc","des-ede3-cbc", - "des-cfb", "des-ede-cfb","des-ede3-cfb", - "des-ofb", "des-ede-ofb","des-ede3-ofb", - "idea-cbc","idea-ecb", "idea-cfb", "idea-ofb", - "seed-cbc","seed-ecb", "seed-cfb", "seed-ofb", - "rc2-cbc", "rc2-ecb", "rc2-cfb","rc2-ofb", "rc2-64-cbc", "rc2-40-cbc", - "bf-cbc", "bf-ecb", "bf-cfb", "bf-ofb", - "cast5-cbc","cast5-ecb", "cast5-cfb","cast5-ofb", - "cast-cbc", "rc5-cbc", "rc5-ecb", "rc5-cfb", "rc5-ofb" + "aes-128-cbc", "aes-128-ecb", + "aes-192-cbc", "aes-192-ecb", + "aes-256-cbc", "aes-256-ecb", + "aria-128-cbc", "aria-128-cfb", + "aria-128-ctr", "aria-128-ecb", "aria-128-ofb", + "aria-128-cfb1", "aria-128-cfb8", + "aria-192-cbc", "aria-192-cfb", + "aria-192-ctr", "aria-192-ecb", "aria-192-ofb", + "aria-192-cfb1", "aria-192-cfb8", + "aria-256-cbc", "aria-256-cfb", + "aria-256-ctr", "aria-256-ecb", "aria-256-ofb", + "aria-256-cfb1", "aria-256-cfb8", + "camellia-128-cbc", "camellia-128-ecb", + "camellia-192-cbc", "camellia-192-ecb", + "camellia-256-cbc", "camellia-256-ecb", + "base64", "zlib", + "des", "des3", "desx", "idea", "seed", "rc4", "rc4-40", + "rc2", "bf", "cast", "rc5", + "des-ecb", "des-ede", "des-ede3", + "des-cbc", "des-ede-cbc","des-ede3-cbc", + "des-cfb", "des-ede-cfb","des-ede3-cfb", + "des-ofb", "des-ede-ofb","des-ede3-ofb", + "idea-cbc","idea-ecb", "idea-cfb", "idea-ofb", + "seed-cbc","seed-ecb", "seed-cfb", "seed-ofb", + "rc2-cbc", "rc2-ecb", "rc2-cfb","rc2-ofb", "rc2-64-cbc", "rc2-40-cbc", + "bf-cbc", "bf-ecb", "bf-cfb", "bf-ofb", + "cast5-cbc","cast5-ecb", "cast5-cfb","cast5-ofb", + "cast-cbc", "rc5-cbc", "rc5-ecb", "rc5-cfb", "rc5-ofb", + "sm4-cbc", "sm4-ecb", "sm4-cfb", "sm4-ofb", "sm4-ctr" ) { - my $str=" { FT_cipher, \"$cmd\", enc_main, enc_options },\n"; - (my $algo= $cmd) =~ s/-.*//g; - if ($cmd eq "zlib") { - print "#ifdef ZLIB\n${str}#endif\n"; - } elsif (grep { $algo eq $_ } @disablables) { - print "#ifndef OPENSSL_NO_".uc($algo)."\n${str}#endif\n"; - } elsif (my $disabler = $cipher_disabler{$algo}) { - print "#ifndef OPENSSL_NO_".uc($disabler)."\n${str}#endif\n"; - } else { - print $str; - } + my $str = " {FT_cipher, \"$cmd\", enc_main, enc_options},\n"; + (my $algo = $cmd) =~ s/-.*//g; + if ($cmd eq "zlib") { + print "#ifdef ZLIB\n${str}#endif\n"; + } elsif (grep { $algo eq $_ } @disablables) { + print "#ifndef OPENSSL_NO_" . uc($algo) . "\n${str}#endif\n"; + } elsif (my $disabler = $cipher_disabler{$algo}) { + print "#ifndef OPENSSL_NO_" . uc($disabler) . "\n${str}#endif\n"; + } else { + print $str; + } } -print " { 0, NULL, NULL}\n};\n"; +print " {0, NULL, NULL}\n};\n"; print "#endif\n"; diff --git a/deps/openssl/openssl/apps/rand.c b/deps/openssl/openssl/apps/rand.c index b3ec70a771a3d9..4c6181507bd5af 100644 --- a/deps/openssl/openssl/apps/rand.c +++ b/deps/openssl/openssl/apps/rand.c @@ -8,6 +8,7 @@ */ #include "apps.h" +#include "progs.h" #include #include @@ -19,16 +20,16 @@ typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, - OPT_OUT, OPT_ENGINE, OPT_RAND, OPT_BASE64, OPT_HEX + OPT_OUT, OPT_ENGINE, OPT_BASE64, OPT_HEX, + OPT_R_ENUM } OPTION_CHOICE; -OPTIONS rand_options[] = { +const OPTIONS rand_options[] = { {OPT_HELP_STR, 1, '-', "Usage: %s [flags] num\n"}, {OPT_HELP_STR, 1, '-', "Valid options are:\n"}, {"help", OPT_HELP, '-', "Display this summary"}, {"out", OPT_OUT, '>', "Output file"}, - {"rand", OPT_RAND, 's', - "Load the file(s) into the random number generator"}, + OPT_R_OPTIONS, {"base64", OPT_BASE64, '-', "Base64 encode output"}, {"hex", OPT_HEX, '-', "Hex encode output"}, #ifndef OPENSSL_NO_ENGINE @@ -41,7 +42,7 @@ int rand_main(int argc, char **argv) { ENGINE *e = NULL; BIO *out = NULL; - char *inrand = NULL, *outfile = NULL, *prog; + char *outfile = NULL, *prog; OPTION_CHOICE o; int format = FORMAT_BINARY, i, num = -1, r, ret = 1; @@ -63,8 +64,9 @@ int rand_main(int argc, char **argv) case OPT_ENGINE: e = setup_engine(opt_arg(), 0); break; - case OPT_RAND: - inrand = opt_arg(); + case OPT_R_CASES: + if (!opt_rand(o)) + goto end; break; case OPT_BASE64: format = FORMAT_BASE64; @@ -84,11 +86,6 @@ int rand_main(int argc, char **argv) goto opthelp; } - app_RAND_load_file(NULL, (inrand != NULL)); - if (inrand != NULL) - BIO_printf(bio_err, "%ld semi-random bytes loaded\n", - app_RAND_load_files(inrand)); - out = bio_open_default(outfile, 'w', format); if (out == NULL) goto end; @@ -122,7 +119,7 @@ int rand_main(int argc, char **argv) } if (format == FORMAT_TEXT) BIO_puts(out, "\n"); - if (BIO_flush(out) <= 0 || !app_RAND_write_file(NULL)) + if (BIO_flush(out) <= 0) goto end; ret = 0; @@ -132,5 +129,5 @@ int rand_main(int argc, char **argv) ERR_print_errors(bio_err); release_engine(e); BIO_free_all(out); - return (ret); + return ret; } diff --git a/deps/openssl/openssl/apps/rehash.c b/deps/openssl/openssl/apps/rehash.c index aa3f8643a5afde..bb41d3129f9c51 100644 --- a/deps/openssl/openssl/apps/rehash.c +++ b/deps/openssl/openssl/apps/rehash.c @@ -1,5 +1,6 @@ /* * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2013-2014 Timo Teräs * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,13 +8,8 @@ * https://www.openssl.org/source/license.html */ -/* - * C implementation based on the original Perl and shell versions - * - * Copyright (c) 2013-2014 Timo Teräs - */ - #include "apps.h" +#include "progs.h" #if defined(OPENSSL_SYS_UNIX) || defined(__APPLE__) || \ (defined(__VMS) && defined(__DECC) && __CRTL_VER >= 80300000) @@ -255,11 +251,11 @@ static int do_file(const char *filename, const char *fullpath, enum Hash h) goto end; } x = sk_X509_INFO_value(inf, 0); - if (x->x509) { + if (x->x509 != NULL) { type = TYPE_CERT; name = X509_get_subject_name(x->x509); X509_digest(x->x509, evpmd, digest, NULL); - } else if (x->crl) { + } else if (x->crl != NULL) { type = TYPE_CRL; name = X509_CRL_get_issuer(x->crl); X509_CRL_digest(x->crl, evpmd, digest, NULL); @@ -267,7 +263,7 @@ static int do_file(const char *filename, const char *fullpath, enum Hash h) ++errs; goto end; } - if (name) { + if (name != NULL) { if ((h == HASH_NEW) || (h == HASH_BOTH)) errs += add_entry(type, X509_NAME_hash(name), filename, digest, 1, ~0); if ((h == HASH_OLD) || (h == HASH_BOTH)) @@ -298,24 +294,6 @@ static int ends_with_dirsep(const char *path) return *path == '/'; } -static int massage_filename(char *name) -{ -# ifdef __VMS - char *p = strchr(name, ';'); - char *q = p; - - if (q != NULL) { - for (q++; *q != '\0'; q++) { - if (!isdigit((unsigned char)*q)) - return 1; - } - } - - *p = '\0'; -# endif - return 1; -} - /* * Process a directory; return number of errors found. */ @@ -330,7 +308,7 @@ static int do_dir(const char *dirname, enum Hash h) size_t i; const char *pathsep; const char *filename; - char *buf, *copy; + char *buf, *copy = NULL; STACK_OF(OPENSSL_STRING) *files = NULL; if (app_access(dirname, W_OK) < 0) { @@ -347,14 +325,16 @@ static int do_dir(const char *dirname, enum Hash h) if ((files = sk_OPENSSL_STRING_new_null()) == NULL) { BIO_printf(bio_err, "Skipping %s, out of memory\n", dirname); - exit(1); + errs = 1; + goto err; } while ((filename = OPENSSL_DIR_read(&d, dirname)) != NULL) { - if ((copy = strdup(filename)) == NULL - || !massage_filename(copy) + if ((copy = OPENSSL_strdup(filename)) == NULL || sk_OPENSSL_STRING_push(files, copy) == 0) { + OPENSSL_free(copy); BIO_puts(bio_err, "out of memory\n"); - exit(1); + errs = 1; + goto err; } } OPENSSL_DIR_end(&d); @@ -372,7 +352,6 @@ static int do_dir(const char *dirname, enum Hash h) continue; errs += do_file(filename, buf, h); } - sk_OPENSSL_STRING_pop_free(files, str_free); for (i = 0; i < OSSL_NELEM(hash_table); i++) { for (bp = hash_table[i]; bp; bp = nextbp) { @@ -440,6 +419,8 @@ static int do_dir(const char *dirname, enum Hash h) hash_table[i] = NULL; } + err: + sk_OPENSSL_STRING_pop_free(files, str_free); OPENSSL_free(buf); return errs; } @@ -449,7 +430,7 @@ typedef enum OPTION_choice { OPT_COMPAT, OPT_OLD, OPT_N, OPT_VERBOSE } OPTION_CHOICE; -OPTIONS rehash_options[] = { +const OPTIONS rehash_options[] = { {OPT_HELP_STR, 1, '-', "Usage: %s [options] [cert-directory...]\n"}, {OPT_HELP_STR, 1, '-', "Valid options are:\n"}, {"help", OPT_HELP, '-', "Display this summary"}, @@ -500,8 +481,8 @@ int rehash_main(int argc, char **argv) evpmd = EVP_sha1(); evpmdsize = EVP_MD_size(evpmd); - if (*argv) { - while (*argv) + if (*argv != NULL) { + while (*argv != NULL) errs += do_dir(*argv++, h); } else if ((env = getenv(X509_get_default_cert_dir_env())) != NULL) { char lsc[2] = { LIST_SEPARATOR_CHAR, '\0' }; @@ -518,14 +499,14 @@ int rehash_main(int argc, char **argv) } #else -OPTIONS rehash_options[] = { +const OPTIONS rehash_options[] = { {NULL} }; int rehash_main(int argc, char **argv) { BIO_printf(bio_err, "Not available; use c_rehash script\n"); - return (1); + return 1; } #endif /* defined(OPENSSL_SYS_UNIX) || defined(__APPLE__) */ diff --git a/deps/openssl/openssl/apps/req.c b/deps/openssl/openssl/apps/req.c index a20e7c1ef155fa..6fd28a2aba2406 100644 --- a/deps/openssl/openssl/apps/req.c +++ b/deps/openssl/openssl/apps/req.c @@ -11,7 +11,9 @@ #include #include #include +#include #include "apps.h" +#include "progs.h" #include #include #include @@ -22,6 +24,7 @@ #include #include #include +#include #ifndef OPENSSL_NO_RSA # include #endif @@ -62,27 +65,36 @@ static int add_DN_object(X509_NAME *n, char *text, const char *def, char *value, int nid, int n_min, int n_max, unsigned long chtype, int mval); static int genpkey_cb(EVP_PKEY_CTX *ctx); +static int build_data(char *text, const char *def, + char *value, int n_min, int n_max, + char *buf, const int buf_size, + const char *desc1, const char *desc2 + ); static int req_check_len(int len, int n_min, int n_max); static int check_end(const char *str, const char *end); +static int join(char buf[], size_t buf_size, const char *name, + const char *tail, const char *desc); static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr, int *pkey_type, long *pkeylen, char **palgnam, ENGINE *keygen_engine); static CONF *req_conf = NULL; +static CONF *addext_conf = NULL; static int batch = 0; typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_KEYGEN_ENGINE, OPT_KEY, OPT_PUBKEY, OPT_NEW, OPT_CONFIG, OPT_KEYFORM, OPT_IN, OPT_OUT, - OPT_KEYOUT, OPT_PASSIN, OPT_PASSOUT, OPT_RAND, OPT_NEWKEY, + OPT_KEYOUT, OPT_PASSIN, OPT_PASSOUT, OPT_NEWKEY, OPT_PKEYOPT, OPT_SIGOPT, OPT_BATCH, OPT_NEWHDR, OPT_MODULUS, OPT_VERIFY, OPT_NODES, OPT_NOOUT, OPT_VERBOSE, OPT_UTF8, OPT_NAMEOPT, OPT_REQOPT, OPT_SUBJ, OPT_SUBJECT, OPT_TEXT, OPT_X509, - OPT_MULTIVALUE_RDN, OPT_DAYS, OPT_SET_SERIAL, OPT_EXTENSIONS, - OPT_REQEXTS, OPT_MD + OPT_MULTIVALUE_RDN, OPT_DAYS, OPT_SET_SERIAL, OPT_ADDEXT, OPT_EXTENSIONS, + OPT_REQEXTS, OPT_PRECERT, OPT_MD, + OPT_R_ENUM } OPTION_CHOICE; -OPTIONS req_options[] = { +const OPTIONS req_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, {"inform", OPT_INFORM, 'F', "Input format - DER or PEM"}, {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"}, @@ -96,8 +108,7 @@ OPTIONS req_options[] = { {"keyout", OPT_KEYOUT, '>', "File to send the key to"}, {"passin", OPT_PASSIN, 's', "Private key password source"}, {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, - {"rand", OPT_RAND, 's', - "Load the file(s) into the random number generator"}, + OPT_R_OPTIONS, {"newkey", OPT_NEWKEY, 's', "Specify as type:bits"}, {"pkeyopt", OPT_PKEYOPT, 's', "Public key options as opt:value"}, {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"}, @@ -122,10 +133,13 @@ OPTIONS req_options[] = { "Enable support for multivalued RDNs"}, {"days", OPT_DAYS, 'p', "Number of days cert is valid for"}, {"set_serial", OPT_SET_SERIAL, 's', "Serial number to use"}, + {"addext", OPT_ADDEXT, 's', + "Additional cert extension key=value pair (may be given more than once)"}, {"extensions", OPT_EXTENSIONS, 's', "Cert extension section (override value in config file)"}, {"reqexts", OPT_REQEXTS, 's', "Request extension section (override value in config file)"}, + {"precert", OPT_PRECERT, '-', "Add a poison extension (implies -new)"}, {"", OPT_MD, '-', "Any supported digest"}, #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, @@ -135,6 +149,66 @@ OPTIONS req_options[] = { {NULL} }; + +/* + * An LHASH of strings, where each string is an extension name. + */ +static unsigned long ext_name_hash(const OPENSSL_STRING *a) +{ + return OPENSSL_LH_strhash((const char *)a); +} + +static int ext_name_cmp(const OPENSSL_STRING *a, const OPENSSL_STRING *b) +{ + return strcmp((const char *)a, (const char *)b); +} + +static void exts_cleanup(OPENSSL_STRING *x) +{ + OPENSSL_free((char *)x); +} + +/* + * Is the |kv| key already duplicated? This is remarkably tricky to get + * right. Return 0 if unique, -1 on runtime error; 1 if found or a syntax + * error. + */ +static int duplicated(LHASH_OF(OPENSSL_STRING) *addexts, char *kv) +{ + char *p; + size_t off; + + /* Check syntax. */ + /* Skip leading whitespace, make a copy. */ + while (*kv && isspace(*kv)) + if (*++kv == '\0') + return 1; + if ((p = strchr(kv, '=')) == NULL) + return 1; + off = p - kv; + if ((kv = OPENSSL_strdup(kv)) == NULL) + return -1; + + /* Skip trailing space before the equal sign. */ + for (p = kv + off; p > kv; --p) + if (!isspace(p[-1])) + break; + if (p == kv) { + OPENSSL_free(kv); + return 1; + } + *p = '\0'; + + /* Finally have a clean "key"; see if it's there [by attempt to add it]. */ + if ((p = (char *)lh_OPENSSL_STRING_insert(addexts, (OPENSSL_STRING*)kv)) + != NULL || lh_OPENSSL_STRING_error(addexts)) { + OPENSSL_free(p != NULL ? p : kv); + return -1; + } + + return 0; +} + int req_main(int argc, char **argv) { ASN1_INTEGER *serial = NULL; @@ -143,12 +217,14 @@ int req_main(int argc, char **argv) EVP_PKEY *pkey = NULL; EVP_PKEY_CTX *genctx = NULL; STACK_OF(OPENSSL_STRING) *pkeyopts = NULL, *sigopts = NULL; + LHASH_OF(OPENSSL_STRING) *addexts = NULL; X509 *x509ss = NULL; X509_REQ *req = NULL; const EVP_CIPHER *cipher = NULL; const EVP_MD *md_alg = NULL, *digest = NULL; + BIO *addext_bio = NULL; char *extensions = NULL, *infile = NULL; - char *outfile = NULL, *keyfile = NULL, *inrand = NULL; + char *outfile = NULL, *keyfile = NULL; char *keyalgstr = NULL, *p, *prog, *passargin = NULL, *passargout = NULL; char *passin = NULL, *passout = NULL; char *nofree_passin = NULL, *nofree_passout = NULL; @@ -156,14 +232,13 @@ int req_main(int argc, char **argv) char *template = default_config_file, *keyout = NULL; const char *keyalg = NULL; OPTION_CHOICE o; - int ret = 1, x509 = 0, days = 30, i = 0, newreq = 0, verbose = 0; + int ret = 1, x509 = 0, days = 0, i = 0, newreq = 0, verbose = 0; int pkey_type = -1, private = 0; int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyform = FORMAT_PEM; int modulus = 0, multirdn = 0, verify = 0, noout = 0, text = 0; - int nodes = 0, newhdr = 0, subject = 0, pubkey = 0; + int nodes = 0, newhdr = 0, subject = 0, pubkey = 0, precert = 0; long newkey = -1; - unsigned long chtype = MBSTRING_ASC, nmflag = 0, reqflag = 0; - char nmflag_set = 0; + unsigned long chtype = MBSTRING_ASC, reqflag = 0; #ifndef OPENSSL_NO_DES cipher = EVP_des_ede3_cbc(); @@ -232,8 +307,9 @@ int req_main(int argc, char **argv) case OPT_PASSOUT: passargout = opt_arg(); break; - case OPT_RAND: - inrand = opt_arg(); + case OPT_R_CASES: + if (!opt_rand(o)) + goto end; break; case OPT_NEWKEY: keyalg = opt_arg(); @@ -276,8 +352,7 @@ int req_main(int argc, char **argv) chtype = MBSTRING_UTF8; break; case OPT_NAMEOPT: - nmflag_set = 1; - if (!set_name_ex(&nmflag, opt_arg())) + if (!set_nameopt(opt_arg())) goto opthelp; break; case OPT_REQOPT: @@ -311,12 +386,29 @@ int req_main(int argc, char **argv) case OPT_MULTIVALUE_RDN: multirdn = 1; break; + case OPT_ADDEXT: + p = opt_arg(); + if (addexts == NULL) { + addexts = lh_OPENSSL_STRING_new(ext_name_hash, ext_name_cmp); + addext_bio = BIO_new(BIO_s_mem()); + if (addexts == NULL || addext_bio == NULL) + goto end; + } + i = duplicated(addexts, p); + if (i == 1) + goto opthelp; + if (i < 0 || BIO_printf(addext_bio, "%s\n", opt_arg()) < 0) + goto end; + break; case OPT_EXTENSIONS: extensions = opt_arg(); break; case OPT_REQEXTS: req_exts = opt_arg(); break; + case OPT_PRECERT: + newreq = precert = 1; + break; case OPT_MD: if (!opt_md(opt_unknown(), &md_alg)) goto opthelp; @@ -328,12 +420,11 @@ int req_main(int argc, char **argv) if (argc != 0) goto opthelp; + if (days && !x509) + BIO_printf(bio_err, "Ignoring -days; not generating a certificate\n"); if (x509 && infile == NULL) newreq = 1; - if (!nmflag_set) - nmflag = XN_FLAG_ONELINE; - /* TODO: simplify this as pkey is still always NULL here */ private = newreq && (pkey == NULL) ? 1 : 0; @@ -345,6 +436,12 @@ int req_main(int argc, char **argv) if (verbose) BIO_printf(bio_err, "Using configuration from %s\n", template); req_conf = app_load_config(template); + if (addext_bio) { + if (verbose) + BIO_printf(bio_err, + "Using additional configuration from command line\n"); + addext_conf = app_load_config_bio(addext_bio, NULL); + } if (template != default_config_file && !app_load_modules(req_conf)) goto end; @@ -372,21 +469,21 @@ int req_main(int argc, char **argv) if (md_alg == NULL) { p = NCONF_get_string(req_conf, SECTION, "default_md"); - if (p == NULL) + if (p == NULL) { ERR_clear_error(); - else { + } else { if (!opt_md(p, &md_alg)) goto opthelp; digest = md_alg; } } - if (!extensions) { + if (extensions == NULL) { extensions = NCONF_get_string(req_conf, SECTION, V3_EXTENSIONS); - if (!extensions) + if (extensions == NULL) ERR_clear_error(); } - if (extensions) { + if (extensions != NULL) { /* Check syntax of file */ X509V3_CTX ctx; X509V3_set_ctx_test(&ctx); @@ -397,6 +494,16 @@ int req_main(int argc, char **argv) goto end; } } + if (addext_conf != NULL) { + /* Check syntax of command line extensions */ + X509V3_CTX ctx; + X509V3_set_ctx_test(&ctx); + X509V3_set_nconf(&ctx, addext_conf); + if (!X509V3_EXT_add_nconf(addext_conf, &ctx, "default", NULL)) { + BIO_printf(bio_err, "Error Loading command line extensions\n"); + goto end; + } + } if (passin == NULL) { passin = nofree_passin = @@ -413,28 +520,28 @@ int req_main(int argc, char **argv) } p = NCONF_get_string(req_conf, SECTION, STRING_MASK); - if (!p) + if (p == NULL) ERR_clear_error(); - if (p && !ASN1_STRING_set_default_mask_asc(p)) { + if (p != NULL && !ASN1_STRING_set_default_mask_asc(p)) { BIO_printf(bio_err, "Invalid global string mask setting %s\n", p); goto end; } if (chtype != MBSTRING_UTF8) { p = NCONF_get_string(req_conf, SECTION, UTF8_IN); - if (!p) + if (p == NULL) ERR_clear_error(); else if (strcmp(p, "yes") == 0) chtype = MBSTRING_UTF8; } - if (!req_exts) { + if (req_exts == NULL) { req_exts = NCONF_get_string(req_conf, SECTION, REQ_EXTENSIONS); - if (!req_exts) + if (req_exts == NULL) ERR_clear_error(); } - if (req_exts) { + if (req_exts != NULL) { /* Check syntax of file */ X509V3_CTX ctx; X509V3_set_ctx_test(&ctx); @@ -449,33 +556,25 @@ int req_main(int argc, char **argv) if (keyfile != NULL) { pkey = load_key(keyfile, keyform, 0, passin, e, "Private Key"); - if (!pkey) { + if (pkey == NULL) { /* load_key() has already printed an appropriate message */ goto end; } else { - char *randfile = NCONF_get_string(req_conf, SECTION, "RANDFILE"); - if (randfile == NULL) - ERR_clear_error(); - app_RAND_load_file(randfile, 0); + app_RAND_load_conf(req_conf, SECTION); } } if (newreq && (pkey == NULL)) { - char *randfile = NCONF_get_string(req_conf, SECTION, "RANDFILE"); - if (randfile == NULL) - ERR_clear_error(); - app_RAND_load_file(randfile, 0); - if (inrand) - app_RAND_load_files(inrand); + app_RAND_load_conf(req_conf, SECTION); if (!NCONF_get_number(req_conf, SECTION, BITS, &newkey)) { newkey = DEFAULT_KEY_LENGTH; } - if (keyalg) { + if (keyalg != NULL) { genctx = set_keygen_ctx(keyalg, &pkey_type, &newkey, &keyalgstr, gen_eng); - if (!genctx) + if (genctx == NULL) goto end; } @@ -487,14 +586,28 @@ int req_main(int argc, char **argv) goto end; } - if (!genctx) { + if (pkey_type == EVP_PKEY_RSA && newkey > OPENSSL_RSA_MAX_MODULUS_BITS) + BIO_printf(bio_err, + "Warning: It is not recommended to use more than %d bit for RSA keys.\n" + " Your key size is %ld! Larger key size may behave not as expected.\n", + OPENSSL_RSA_MAX_MODULUS_BITS, newkey); + +#ifndef OPENSSL_NO_DSA + if (pkey_type == EVP_PKEY_DSA && newkey > OPENSSL_DSA_MAX_MODULUS_BITS) + BIO_printf(bio_err, + "Warning: It is not recommended to use more than %d bit for DSA keys.\n" + " Your key size is %ld! Larger key size may behave not as expected.\n", + OPENSSL_DSA_MAX_MODULUS_BITS, newkey); +#endif + + if (genctx == NULL) { genctx = set_keygen_ctx(NULL, &pkey_type, &newkey, &keyalgstr, gen_eng); if (!genctx) goto end; } - if (pkeyopts) { + if (pkeyopts != NULL) { char *genopt; for (i = 0; i < sk_OPENSSL_STRING_num(pkeyopts); i++) { genopt = sk_OPENSSL_STRING_value(pkeyopts, i); @@ -523,8 +636,6 @@ int req_main(int argc, char **argv) EVP_PKEY_CTX_free(genctx); genctx = NULL; - app_RAND_write_file(randfile); - if (keyout == NULL) { keyout = NCONF_get_string(req_conf, SECTION, KEYFILE); if (keyout == NULL) @@ -610,9 +721,10 @@ int req_main(int argc, char **argv) goto end; /* Set version to V3 */ - if (extensions && !X509_set_version(x509ss, 2)) + if ((extensions != NULL || addext_conf != NULL) + && !X509_set_version(x509ss, 2)) goto end; - if (serial) { + if (serial != NULL) { if (!X509_set_serialNumber(x509ss, serial)) goto end; } else { @@ -622,6 +734,10 @@ int req_main(int argc, char **argv) if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req))) goto end; + if (days == 0) { + /* set default days if it's not specified */ + days = 30; + } if (!set_cert_times(x509ss, NULL, NULL, days)) goto end; if (!X509_set_subject_name @@ -637,13 +753,28 @@ int req_main(int argc, char **argv) X509V3_set_nconf(&ext_ctx, req_conf); /* Add extensions */ - if (extensions && !X509V3_EXT_add_nconf(req_conf, - &ext_ctx, extensions, - x509ss)) { + if (extensions != NULL && !X509V3_EXT_add_nconf(req_conf, + &ext_ctx, extensions, + x509ss)) { BIO_printf(bio_err, "Error Loading extension section %s\n", extensions); goto end; } + if (addext_conf != NULL + && !X509V3_EXT_add_nconf(addext_conf, &ext_ctx, "default", + x509ss)) { + BIO_printf(bio_err, "Error Loading command line extensions\n"); + goto end; + } + + /* If a pre-cert was requested, we need to add a poison extension */ + if (precert) { + if (X509_add1_ext_i2d(x509ss, NID_ct_precert_poison, NULL, 1, 0) + != 1) { + BIO_printf(bio_err, "Error adding poison extension\n"); + goto end; + } + } i = do_X509_sign(x509ss, pkey, digest, sigopts); if (!i) { @@ -659,13 +790,19 @@ int req_main(int argc, char **argv) X509V3_set_nconf(&ext_ctx, req_conf); /* Add extensions */ - if (req_exts && !X509V3_EXT_REQ_add_nconf(req_conf, - &ext_ctx, req_exts, - req)) { + if (req_exts != NULL + && !X509V3_EXT_REQ_add_nconf(req_conf, &ext_ctx, + req_exts, req)) { BIO_printf(bio_err, "Error Loading extension section %s\n", req_exts); goto end; } + if (addext_conf != NULL + && !X509V3_EXT_REQ_add_nconf(addext_conf, &ext_ctx, "default", + req)) { + BIO_printf(bio_err, "Error Loading command line extensions\n"); + goto end; + } i = do_X509_REQ_sign(req, pkey, digest, sigopts); if (!i) { ERR_print_errors(bio_err); @@ -683,7 +820,7 @@ int req_main(int argc, char **argv) if (verbose) { BIO_printf(bio_err, "Modifying Request's Subject\n"); print_name(bio_err, "old subject=", - X509_REQ_get_subject_name(req), nmflag); + X509_REQ_get_subject_name(req), get_nameopt()); } if (build_subject(req, subj, chtype, multirdn) == 0) { @@ -694,7 +831,7 @@ int req_main(int argc, char **argv) if (verbose) { print_name(bio_err, "new subject=", - X509_REQ_get_subject_name(req), nmflag); + X509_REQ_get_subject_name(req), get_nameopt()); } } @@ -714,8 +851,9 @@ int req_main(int argc, char **argv) } else if (i == 0) { BIO_printf(bio_err, "verify failure\n"); ERR_print_errors(bio_err); - } else /* if (i > 0) */ + } else { /* if (i > 0) */ BIO_printf(bio_err, "verify OK\n"); + } } if (noout && !text && !modulus && !subject && !pubkey) { @@ -743,18 +881,18 @@ int req_main(int argc, char **argv) if (text) { if (x509) - X509_print_ex(out, x509ss, nmflag, reqflag); + X509_print_ex(out, x509ss, get_nameopt(), reqflag); else - X509_REQ_print_ex(out, req, nmflag, reqflag); + X509_REQ_print_ex(out, req, get_nameopt(), reqflag); } if (subject) { if (x509) print_name(out, "subject=", X509_get_subject_name(x509ss), - nmflag); + get_nameopt()); else print_name(out, "subject=", X509_REQ_get_subject_name(req), - nmflag); + get_nameopt()); } if (modulus) { @@ -808,12 +946,16 @@ int req_main(int argc, char **argv) ERR_print_errors(bio_err); } NCONF_free(req_conf); + NCONF_free(addext_conf); + BIO_free(addext_bio); BIO_free(in); BIO_free_all(out); EVP_PKEY_free(pkey); EVP_PKEY_CTX_free(genctx); sk_OPENSSL_STRING_free(pkeyopts); sk_OPENSSL_STRING_free(sigopts); + lh_OPENSSL_STRING_doall(addexts, exts_cleanup); + lh_OPENSSL_STRING_free(addexts); #ifndef OPENSSL_NO_ENGINE ENGINE_free(gen_eng); #endif @@ -826,7 +968,7 @@ int req_main(int argc, char **argv) OPENSSL_free(passin); if (passout != nofree_passout) OPENSSL_free(passout); - return (ret); + return ret; } static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int multirdn, @@ -886,7 +1028,7 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int multirdn, ret = 1; err: - return (ret); + return ret; } /* @@ -942,7 +1084,8 @@ static int prompt_info(X509_REQ *req, if (sk_CONF_VALUE_num(dn_sk)) { i = -1; - start:for (;;) { + start: + for ( ; ; ) { i++; if (sk_CONF_VALUE_num(dn_sk) <= i) break; @@ -967,35 +1110,36 @@ static int prompt_info(X509_REQ *req, if (*type == '+') { mval = -1; type++; - } else + } else { mval = 0; + } /* If OBJ not recognised ignore it */ if ((nid = OBJ_txt2nid(type)) == NID_undef) goto start; - if (BIO_snprintf(buf, sizeof(buf), "%s_default", v->name) - >= (int)sizeof(buf)) { - BIO_printf(bio_err, "Name '%s' too long\n", v->name); + if (!join(buf, sizeof(buf), v->name, "_default", "Name")) return 0; - } - if ((def = NCONF_get_string(req_conf, dn_sect, buf)) == NULL) { ERR_clear_error(); def = ""; } - BIO_snprintf(buf, sizeof(buf), "%s_value", v->name); + if (!join(buf, sizeof(buf), v->name, "_value", "Name")) + return 0; if ((value = NCONF_get_string(req_conf, dn_sect, buf)) == NULL) { ERR_clear_error(); value = NULL; } - BIO_snprintf(buf, sizeof(buf), "%s_min", v->name); + if (!join(buf, sizeof(buf), v->name, "_min", "Name")) + return 0; if (!NCONF_get_number(req_conf, dn_sect, buf, &n_min)) { ERR_clear_error(); n_min = -1; } - BIO_snprintf(buf, sizeof(buf), "%s_max", v->name); + + if (!join(buf, sizeof(buf), v->name, "_max", "Name")) + return 0; if (!NCONF_get_number(req_conf, dn_sect, buf, &n_max)) { ERR_clear_error(); n_max = -1; @@ -1021,7 +1165,8 @@ static int prompt_info(X509_REQ *req, } i = -1; - start2: for (;;) { + start2: + for ( ; ; ) { i++; if ((attr_sk == NULL) || (sk_CONF_VALUE_num(attr_sk) <= i)) break; @@ -1031,32 +1176,31 @@ static int prompt_info(X509_REQ *req, if ((nid = OBJ_txt2nid(type)) == NID_undef) goto start2; - if (BIO_snprintf(buf, sizeof(buf), "%s_default", type) - >= (int)sizeof(buf)) { - BIO_printf(bio_err, "Name '%s' too long\n", v->name); + if (!join(buf, sizeof(buf), type, "_default", "Name")) return 0; - } - if ((def = NCONF_get_string(req_conf, attr_sect, buf)) == NULL) { ERR_clear_error(); def = ""; } - BIO_snprintf(buf, sizeof(buf), "%s_value", type); + if (!join(buf, sizeof(buf), type, "_value", "Name")) + return 0; if ((value = NCONF_get_string(req_conf, attr_sect, buf)) == NULL) { ERR_clear_error(); value = NULL; } - BIO_snprintf(buf, sizeof(buf), "%s_min", type); + if (!join(buf, sizeof(buf), type,"_min", "Name")) + return 0; if (!NCONF_get_number(req_conf, attr_sect, buf, &n_min)) { ERR_clear_error(); n_min = -1; } - BIO_snprintf(buf, sizeof(buf), "%s_max", type); + if (!join(buf, sizeof(buf), type, "_max", "Name")) + return 0; if (!NCONF_get_number(req_conf, attr_sect, buf, &n_max)) { ERR_clear_error(); n_max = -1; @@ -1119,8 +1263,9 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk, if (plus_char) { type++; mval = -1; - } else + } else { mval = 0; + } if (!X509_NAME_add_entry_by_txt(subj, type, chtype, (unsigned char *)v->value, -1, -1, mval)) @@ -1147,79 +1292,65 @@ static int add_DN_object(X509_NAME *n, char *text, const char *def, char *value, int nid, int n_min, int n_max, unsigned long chtype, int mval) { - int i, ret = 0; + int ret = 0; char buf[1024]; - start: - if (!batch) - BIO_printf(bio_err, "%s [%s]:", text, def); - (void)BIO_flush(bio_err); - if (value != NULL) { - OPENSSL_strlcpy(buf, value, sizeof(buf)); - OPENSSL_strlcat(buf, "\n", sizeof(buf)); - BIO_printf(bio_err, "%s\n", value); - } else { - buf[0] = '\0'; - if (!batch) { - if (!fgets(buf, sizeof(buf), stdin)) - return 0; - } else { - buf[0] = '\n'; - buf[1] = '\0'; - } - } - if (buf[0] == '\0') - return (0); - else if (buf[0] == '\n') { - if ((def == NULL) || (def[0] == '\0')) - return (1); - OPENSSL_strlcpy(buf, def, sizeof(buf)); - OPENSSL_strlcat(buf, "\n", sizeof(buf)); - } else if ((buf[0] == '.') && (buf[1] == '\n')) - return (1); - - i = strlen(buf); - if (buf[i - 1] != '\n') { - BIO_printf(bio_err, "weird input :-(\n"); - return (0); - } - buf[--i] = '\0'; -#ifdef CHARSET_EBCDIC - ebcdic2ascii(buf, buf, i); -#endif - if (!req_check_len(i, n_min, n_max)) { - if (batch || value) - return 0; - goto start; - } + ret = build_data(text, def, value, n_min, n_max, buf, sizeof(buf), + "DN value", "DN default"); + if ((ret == 0) || (ret == 1)) + return ret; + ret = 1; if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char *)buf, -1, -1, mval)) - goto err; - ret = 1; - err: - return (ret); + ret = 0; + + return ret; } static int add_attribute_object(X509_REQ *req, char *text, const char *def, char *value, int nid, int n_min, int n_max, unsigned long chtype) { - int i; - static char buf[1024]; + int ret = 0; + char buf[1024]; + + ret = build_data(text, def, value, n_min, n_max, buf, sizeof(buf), + "Attribute value", "Attribute default"); + if ((ret == 0) || (ret == 1)) + return ret; + ret = 1; + + if (!X509_REQ_add1_attr_by_NID(req, nid, chtype, + (unsigned char *)buf, -1)) { + BIO_printf(bio_err, "Error adding attribute\n"); + ERR_print_errors(bio_err); + ret = 0; + } + return ret; +} + + +static int build_data(char *text, const char *def, + char *value, int n_min, int n_max, + char *buf, const int buf_size, + const char *desc1, const char *desc2 + ) +{ + int i; start: if (!batch) BIO_printf(bio_err, "%s [%s]:", text, def); (void)BIO_flush(bio_err); if (value != NULL) { - OPENSSL_strlcpy(buf, value, sizeof(buf)); - OPENSSL_strlcat(buf, "\n", sizeof(buf)); + if (!join(buf, buf_size, value, "\n", desc1)) + return 0; BIO_printf(bio_err, "%s\n", value); } else { buf[0] = '\0'; if (!batch) { - if (!fgets(buf, sizeof(buf), stdin)) + if (!fgets(buf, buf_size, stdin)) return 0; } else { buf[0] = '\n'; @@ -1228,19 +1359,20 @@ static int add_attribute_object(X509_REQ *req, char *text, const char *def, } if (buf[0] == '\0') - return (0); - else if (buf[0] == '\n') { + return 0; + if (buf[0] == '\n') { if ((def == NULL) || (def[0] == '\0')) - return (1); - OPENSSL_strlcpy(buf, def, sizeof(buf)); - OPENSSL_strlcat(buf, "\n", sizeof(buf)); - } else if ((buf[0] == '.') && (buf[1] == '\n')) - return (1); + return 1; + if (!join(buf, buf_size, def, "\n", desc2)) + return 0; + } else if ((buf[0] == '.') && (buf[1] == '\n')) { + return 1; + } i = strlen(buf); if (buf[i - 1] != '\n') { BIO_printf(bio_err, "weird input :-(\n"); - return (0); + return 0; } buf[--i] = '\0'; #ifdef CHARSET_EBCDIC @@ -1251,17 +1383,7 @@ static int add_attribute_object(X509_REQ *req, char *text, const char *def, return 0; goto start; } - - if (!X509_REQ_add1_attr_by_NID(req, nid, chtype, - (unsigned char *)buf, -1)) { - BIO_printf(bio_err, "Error adding attribute\n"); - ERR_print_errors(bio_err); - goto err; - } - - return (1); - err: - return (0); + return 2; } static int req_check_len(int len, int n_min, int n_max) @@ -1270,22 +1392,23 @@ static int req_check_len(int len, int n_min, int n_max) BIO_printf(bio_err, "string is too short, it needs to be at least %d bytes long\n", n_min); - return (0); + return 0; } if ((n_max >= 0) && (len > n_max)) { BIO_printf(bio_err, "string is too long, it needs to be no more than %d bytes long\n", n_max); - return (0); + return 0; } - return (1); + return 1; } /* Check if the end of a string matches 'end' */ static int check_end(const char *str, const char *end) { - int elen, slen; + size_t elen, slen; const char *tmp; + elen = strlen(end); slen = strlen(str); if (elen > slen) @@ -1294,6 +1417,24 @@ static int check_end(const char *str, const char *end) return strcmp(tmp, end); } +/* + * Merge the two strings together into the result buffer checking for + * overflow and producing an error message if there is. + */ +static int join(char buf[], size_t buf_size, const char *name, + const char *tail, const char *desc) +{ + const size_t name_len = strlen(name), tail_len = strlen(tail); + + if (name_len + tail_len + 1 > buf_size) { + BIO_printf(bio_err, "%s '%s' too long\n", desc, name); + return 0; + } + memcpy(buf, name, name_len); + memcpy(buf + name_len, tail, tail_len + 1); + return 1; +} + static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr, int *pkey_type, long *pkeylen, char **palgnam, ENGINE *keygen_engine) @@ -1311,15 +1452,15 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr, *pkey_type = EVP_PKEY_RSA; keylen = atol(gstr); *pkeylen = keylen; - } else if (strncmp(gstr, "param:", 6) == 0) + } else if (strncmp(gstr, "param:", 6) == 0) { paramfile = gstr + 6; - else { + } else { const char *p = strchr(gstr, ':'); int len; ENGINE *tmpeng; const EVP_PKEY_ASN1_METHOD *ameth; - if (p) + if (p != NULL) len = p - gstr; else len = strlen(gstr); @@ -1330,7 +1471,7 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr, ameth = EVP_PKEY_asn1_find_str(&tmpeng, gstr, len); - if (!ameth) { + if (ameth == NULL) { BIO_printf(bio_err, "Unknown algorithm %.*s\n", len, gstr); return NULL; } @@ -1340,28 +1481,31 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr, ENGINE_finish(tmpeng); #endif if (*pkey_type == EVP_PKEY_RSA) { - if (p) { + if (p != NULL) { keylen = atol(p + 1); *pkeylen = keylen; - } else + } else { keylen = *pkeylen; - } else if (p) + } + } else if (p != NULL) { paramfile = p + 1; + } } - if (paramfile) { + if (paramfile != NULL) { pbio = BIO_new_file(paramfile, "r"); - if (!pbio) { + if (pbio == NULL) { BIO_printf(bio_err, "Can't open parameter file %s\n", paramfile); return NULL; } param = PEM_read_bio_Parameters(pbio, NULL); - if (!param) { + if (param == NULL) { X509 *x; + (void)BIO_reset(pbio); x = PEM_read_bio_X509(pbio, NULL, NULL, NULL); - if (x) { + if (x != NULL) { param = X509_get_pubkey(x); X509_free(x); } @@ -1369,25 +1513,26 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr, BIO_free(pbio); - if (!param) { + if (param == NULL) { BIO_printf(bio_err, "Error reading parameter file %s\n", paramfile); return NULL; } - if (*pkey_type == -1) + if (*pkey_type == -1) { *pkey_type = EVP_PKEY_id(param); - else if (*pkey_type != EVP_PKEY_base_id(param)) { + } else if (*pkey_type != EVP_PKEY_base_id(param)) { BIO_printf(bio_err, "Key Type does not match parameters\n"); EVP_PKEY_free(param); return NULL; } } - if (palgnam) { + if (palgnam != NULL) { const EVP_PKEY_ASN1_METHOD *ameth; ENGINE *tmpeng; const char *anam; + ameth = EVP_PKEY_asn1_find(&tmpeng, *pkey_type); - if (!ameth) { + if (ameth == NULL) { BIO_puts(bio_err, "Internal error: can't find key algorithm\n"); return NULL; } @@ -1398,12 +1543,13 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr, #endif } - if (param) { + if (param != NULL) { gctx = EVP_PKEY_CTX_new(param, keygen_engine); *pkeylen = EVP_PKEY_bits(param); EVP_PKEY_free(param); - } else + } else { gctx = EVP_PKEY_CTX_new_id(*pkey_type, keygen_engine); + } if (gctx == NULL) { BIO_puts(bio_err, "Error allocating keygen context\n"); @@ -1454,10 +1600,19 @@ static int do_sign_init(EVP_MD_CTX *ctx, EVP_PKEY *pkey, const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts) { EVP_PKEY_CTX *pkctx = NULL; - int i; + int i, def_nid; if (ctx == NULL) return 0; + /* + * EVP_PKEY_get_default_digest_nid() returns 2 if the digest is mandatory + * for this algorithm. + */ + if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) == 2 + && def_nid == NID_undef) { + /* The signing algorithm requires there to be no digest */ + md = NULL; + } if (!EVP_DigestSignInit(ctx, &pkctx, md, NULL, pkey)) return 0; for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) { diff --git a/deps/openssl/openssl/apps/rsa.c b/deps/openssl/openssl/apps/rsa.c index 8b15fcba1aab66..fdd02dce32419a 100644 --- a/deps/openssl/openssl/apps/rsa.c +++ b/deps/openssl/openssl/apps/rsa.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -17,6 +17,7 @@ NON_EMPTY_TRANSLATION_UNIT # include # include # include "apps.h" +# include "progs.h" # include # include # include @@ -35,10 +36,10 @@ typedef enum OPTION_choice { OPT_NOOUT, OPT_TEXT, OPT_MODULUS, OPT_CHECK, OPT_CIPHER } OPTION_CHOICE; -OPTIONS rsa_options[] = { +const OPTIONS rsa_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, - {"inform", OPT_INFORM, 'f', "Input format, one of DER NET PEM"}, - {"outform", OPT_OUTFORM, 'f', "Output format, one of DER NET PEM PVK"}, + {"inform", OPT_INFORM, 'f', "Input format, one of DER PEM"}, + {"outform", OPT_OUTFORM, 'f', "Output format, one of DER PEM PVK"}, {"in", OPT_IN, 's', "Input file"}, {"out", OPT_OUT, '>', "Output file"}, {"pubin", OPT_PUBIN, '-', "Expect a public key in input file"}, @@ -176,12 +177,14 @@ int rsa_main(int argc, char **argv) tmpformat = FORMAT_PEMRSA; else if (informat == FORMAT_ASN1) tmpformat = FORMAT_ASN1RSA; - } else + } else { tmpformat = informat; + } pkey = load_pubkey(infile, tmpformat, 1, passin, e, "Public Key"); - } else + } else { pkey = load_key(infile, informat, 1, passin, e, "Private Key"); + } if (pkey != NULL) rsa = EVP_PKEY_get1_RSA(pkey); @@ -217,9 +220,9 @@ int rsa_main(int argc, char **argv) if (check) { int r = RSA_check_key_ex(rsa, NULL); - if (r == 1) + if (r == 1) { BIO_printf(out, "RSA key ok\n"); - else if (r == 0) { + } else if (r == 0) { unsigned long err; while ((err = ERR_peek_error()) != 0 && @@ -228,7 +231,7 @@ int rsa_main(int argc, char **argv) ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE) { BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(err)); - ERR_get_error(); /* remove e from error stack */ + ERR_get_error(); /* remove err from error stack */ } } else if (r == -1) { ERR_print_errors(bio_err); @@ -251,8 +254,7 @@ int rsa_main(int argc, char **argv) assert(private); i = i2d_RSAPrivateKey_bio(out, rsa); } - } - else if (outformat == FORMAT_PEM) { + } else if (outformat == FORMAT_PEM) { if (pubout || pubin) { if (pubout == 2) i = PEM_write_bio_RSAPublicKey(out, rsa); @@ -267,6 +269,9 @@ int rsa_main(int argc, char **argv) } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) { EVP_PKEY *pk; pk = EVP_PKEY_new(); + if (pk == NULL) + goto end; + EVP_PKEY_set1_RSA(pk, rsa); if (outformat == FORMAT_PVK) { if (pubin) { @@ -297,14 +302,15 @@ int rsa_main(int argc, char **argv) if (i <= 0) { BIO_printf(bio_err, "unable to write key\n"); ERR_print_errors(bio_err); - } else + } else { ret = 0; + } end: release_engine(e); BIO_free_all(out); RSA_free(rsa); OPENSSL_free(passin); OPENSSL_free(passout); - return (ret); + return ret; } #endif diff --git a/deps/openssl/openssl/apps/rsautl.c b/deps/openssl/openssl/apps/rsautl.c index d527bf4d8e1688..5da8504d3c061f 100644 --- a/deps/openssl/openssl/apps/rsautl.c +++ b/deps/openssl/openssl/apps/rsautl.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,6 +13,7 @@ NON_EMPTY_TRANSLATION_UNIT #else # include "apps.h" +# include "progs.h" # include # include # include @@ -32,10 +33,11 @@ typedef enum OPTION_choice { OPT_ENGINE, OPT_IN, OPT_OUT, OPT_ASN1PARSE, OPT_HEXDUMP, OPT_RAW, OPT_OAEP, OPT_SSL, OPT_PKCS, OPT_X931, OPT_SIGN, OPT_VERIFY, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT, - OPT_PUBIN, OPT_CERTIN, OPT_INKEY, OPT_PASSIN, OPT_KEYFORM + OPT_PUBIN, OPT_CERTIN, OPT_INKEY, OPT_PASSIN, OPT_KEYFORM, + OPT_R_ENUM } OPTION_CHOICE; -OPTIONS rsautl_options[] = { +const OPTIONS rsautl_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, {"in", OPT_IN, '<', "Input file"}, {"out", OPT_OUT, '>', "Output file"}, @@ -57,6 +59,7 @@ OPTIONS rsautl_options[] = { {"encrypt", OPT_ENCRYPT, '-', "Encrypt with public key"}, {"decrypt", OPT_DECRYPT, '-', "Decrypt with private key"}, {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, + OPT_R_OPTIONS, # ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, # endif @@ -153,6 +156,10 @@ int rsautl_main(int argc, char **argv) case OPT_PASSIN: passinarg = opt_arg(); break; + case OPT_R_CASES: + if (!opt_rand(o)) + goto end; + break; } } argc = opt_num_rest(); @@ -169,9 +176,6 @@ int rsautl_main(int argc, char **argv) goto end; } -/* FIXME: seed PRNG only if needed */ - app_RAND_load_file(NULL, 0); - switch (key_type) { case KEY_PRIVKEY: pkey = load_key(keyfile, keyformat, 0, passin, e, "Private Key"); @@ -190,14 +194,13 @@ int rsautl_main(int argc, char **argv) break; } - if (!pkey) { + if (pkey == NULL) return 1; - } rsa = EVP_PKEY_get1_RSA(pkey); EVP_PKEY_free(pkey); - if (!rsa) { + if (rsa == NULL) { BIO_printf(bio_err, "Error getting RSA key\n"); ERR_print_errors(bio_err); goto end; @@ -261,10 +264,11 @@ int rsautl_main(int argc, char **argv) if (!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) { ERR_print_errors(bio_err); } - } else if (hexdump) + } else if (hexdump) { BIO_dump(out, (char *)rsa_out, rsa_outlen); - else + } else { BIO_write(out, rsa_out, rsa_outlen); + } end: RSA_free(rsa); release_engine(e); diff --git a/deps/openssl/openssl/apps/s_apps.h b/deps/openssl/openssl/apps/s_apps.h index c47932bfb689db..0a3bc962808be2 100644 --- a/deps/openssl/openssl/apps/s_apps.h +++ b/deps/openssl/openssl/apps/s_apps.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -17,39 +17,13 @@ # define _kbhit kbhit #endif -#if defined(OPENSSL_SYS_VMS) && !defined(FD_SET) -/* - * VAX C does not defined fd_set and friends, but it's actually quite simple - */ -/* These definitions are borrowed from SOCKETSHR. /Richard Levitte */ -# define MAX_NOFILE 32 -# define NBBY 8 /* number of bits in a byte */ - -# ifndef FD_SETSIZE -# define FD_SETSIZE MAX_NOFILE -# endif /* FD_SETSIZE */ - -/* How many things we'll allow select to use. 0 if unlimited */ -# define MAXSELFD MAX_NOFILE -typedef int fd_mask; /* int here! VMS prototypes int, not long */ -# define NFDBITS (sizeof(fd_mask) * NBBY)/* bits per mask (power of 2!) */ -# define NFDSHIFT 5 /* Shift based on above */ - -typedef fd_mask fd_set; -# define FD_SET(n, p) (*(p) |= (1 << ((n) % NFDBITS))) -# define FD_CLR(n, p) (*(p) &= ~(1 << ((n) % NFDBITS))) -# define FD_ISSET(n, p) (*(p) & (1 << ((n) % NFDBITS))) -# define FD_ZERO(p) memset((p), 0, sizeof(*(p))) -#endif - #define PORT "4433" #define PROTOCOL "tcp" -typedef int (*do_server_cb)(int s, int stype, unsigned char *context); +typedef int (*do_server_cb)(int s, int stype, int prot, unsigned char *context); int do_server(int *accept_sock, const char *host, const char *port, - int family, int type, - do_server_cb cb, - unsigned char *context, int naccept); + int family, int type, int protocol, do_server_cb cb, + unsigned char *context, int naccept, BIO *bio_s_out); #ifdef HEADER_X509_H int verify_callback(int ok, X509_STORE_CTX *ctx); #endif @@ -59,11 +33,12 @@ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key, STACK_OF(X509) *chain, int build_chain); int ssl_print_sigalgs(BIO *out, SSL *s); int ssl_print_point_formats(BIO *out, SSL *s); -int ssl_print_curves(BIO *out, SSL *s, int noshared); +int ssl_print_groups(BIO *out, SSL *s, int noshared); #endif int ssl_print_tmp_key(BIO *out, SSL *s); int init_client(int *sock, const char *host, const char *port, - int family, int type); + const char *bindhost, const char *bindport, + int family, int type, int protocol); int should_retry(int i); long bio_dump_callback(BIO *bio, int cmd, const char *argp, @@ -82,6 +57,16 @@ int generate_cookie_callback(SSL *ssl, unsigned char *cookie, int verify_cookie_callback(SSL *ssl, const unsigned char *cookie, unsigned int cookie_len); +#ifdef __VMS /* 31 char symbol name limit */ +# define generate_stateless_cookie_callback generate_stateless_cookie_cb +# define verify_stateless_cookie_callback verify_stateless_cookie_cb +#endif + +int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie, + size_t *cookie_len); +int verify_stateless_cookie_callback(SSL *ssl, const unsigned char *cookie, + size_t cookie_len); + typedef struct ssl_excert_st SSL_EXCERT; void ssl_ctx_set_excert(SSL_CTX *ctx, SSL_EXCERT *exc); @@ -99,4 +84,6 @@ int ssl_load_stores(SSL_CTX *ctx, const char *vfyCApath, const char *chCAfile, STACK_OF(X509_CRL) *crls, int crl_download); void ssl_ctx_security_debug(SSL_CTX *ctx, int verbose); +int set_keylog_file(SSL_CTX *ctx, const char *keylog_file); +void print_ca_names(BIO *bio, SSL *s); #endif diff --git a/deps/openssl/openssl/apps/s_cb.c b/deps/openssl/openssl/apps/s_cb.c index afa306549d8f6c..2d4568f40ccbc1 100644 --- a/deps/openssl/openssl/apps/s_cb.c +++ b/deps/openssl/openssl/apps/s_cb.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,9 +11,7 @@ #include #include #include /* for memcpy() and strcmp() */ -#define USE_SOCKETS #include "apps.h" -#undef USE_SOCKETS #include #include #include @@ -32,6 +30,7 @@ VERIFY_CB_ARGS verify_args = { 0, 0, X509_V_OK, 0 }; static unsigned char cookie_secret[COOKIE_SECRET_LENGTH]; static int cookie_initialized = 0; #endif +static BIO *bio_keylog = NULL; static const char *lookup(int val, const STRINT_PAIR* list, const char* def) { @@ -52,13 +51,14 @@ int verify_callback(int ok, X509_STORE_CTX *ctx) if (!verify_args.quiet || !ok) { BIO_printf(bio_err, "depth=%d ", depth); - if (err_cert) { + if (err_cert != NULL) { X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert), - 0, XN_FLAG_ONELINE); + 0, get_nameopt()); BIO_puts(bio_err, "\n"); - } else + } else { BIO_puts(bio_err, "\n"); + } } if (!ok) { BIO_printf(bio_err, "verify error:num=%d:%s\n", err, @@ -76,7 +76,7 @@ int verify_callback(int ok, X509_STORE_CTX *ctx) case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: BIO_puts(bio_err, "issuer= "); X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert), - 0, XN_FLAG_ONELINE); + 0, get_nameopt()); BIO_puts(bio_err, "\n"); break; case X509_V_ERR_CERT_NOT_YET_VALID: @@ -100,7 +100,7 @@ int verify_callback(int ok, X509_STORE_CTX *ctx) policies_print(ctx); if (ok && !verify_args.quiet) BIO_printf(bio_err, "verify return:%d\n", ok); - return (ok); + return ok; } int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) @@ -111,7 +111,7 @@ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) BIO_printf(bio_err, "unable to get certificate from '%s'\n", cert_file); ERR_print_errors(bio_err); - return (0); + return 0; } if (key_file == NULL) key_file = cert_file; @@ -119,7 +119,7 @@ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) BIO_printf(bio_err, "unable to get private key from '%s'\n", key_file); ERR_print_errors(bio_err); - return (0); + return 0; } /* @@ -134,10 +134,10 @@ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) if (!SSL_CTX_check_private_key(ctx)) { BIO_printf(bio_err, "Private key does not match the certificate public key\n"); - return (0); + return 0; } } - return (1); + return 1; } int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key, @@ -205,7 +205,7 @@ static void ssl_print_client_cert_types(BIO *bio, SSL *s) if (i) BIO_puts(bio, ", "); - if (cname) + if (cname != NULL) BIO_puts(bio, cname); else BIO_printf(bio, "UNKNOWN (%d),", cert_type); @@ -213,12 +213,47 @@ static void ssl_print_client_cert_types(BIO *bio, SSL *s) BIO_puts(bio, "\n"); } +static const char *get_sigtype(int nid) +{ + switch (nid) { + case EVP_PKEY_RSA: + return "RSA"; + + case EVP_PKEY_RSA_PSS: + return "RSA-PSS"; + + case EVP_PKEY_DSA: + return "DSA"; + + case EVP_PKEY_EC: + return "ECDSA"; + + case NID_ED25519: + return "Ed25519"; + + case NID_ED448: + return "Ed448"; + + case NID_id_GostR3410_2001: + return "gost2001"; + + case NID_id_GostR3410_2012_256: + return "gost2012_256"; + + case NID_id_GostR3410_2012_512: + return "gost2012_512"; + + default: + return NULL; + } +} + static int do_print_sigalgs(BIO *out, SSL *s, int shared) { int i, nsig, client; client = SSL_is_server(s) ? 0 : 1; if (shared) - nsig = SSL_get_shared_sigalgs(s, -1, NULL, NULL, NULL, NULL, NULL); + nsig = SSL_get_shared_sigalgs(s, 0, NULL, NULL, NULL, NULL, NULL); else nsig = SSL_get_sigalgs(s, -1, NULL, NULL, NULL, NULL, NULL); if (nsig == 0) @@ -241,20 +276,15 @@ static int do_print_sigalgs(BIO *out, SSL *s, int shared) SSL_get_sigalgs(s, i, &sign_nid, &hash_nid, NULL, &rsign, &rhash); if (i) BIO_puts(out, ":"); - if (sign_nid == EVP_PKEY_RSA) - sstr = "RSA"; - else if (sign_nid == EVP_PKEY_DSA) - sstr = "DSA"; - else if (sign_nid == EVP_PKEY_EC) - sstr = "ECDSA"; + sstr = get_sigtype(sign_nid); if (sstr) - BIO_printf(out, "%s+", sstr); + BIO_printf(out, "%s", sstr); else - BIO_printf(out, "0x%02X+", (int)rsign); + BIO_printf(out, "0x%02X", (int)rsign); if (hash_nid != NID_undef) - BIO_printf(out, "%s", OBJ_nid2sn(hash_nid)); - else - BIO_printf(out, "0x%02X", (int)rhash); + BIO_printf(out, "+%s", OBJ_nid2sn(hash_nid)); + else if (sstr == NULL) + BIO_printf(out, "+0x%02X", (int)rhash); } BIO_puts(out, "\n"); return 1; @@ -262,13 +292,15 @@ static int do_print_sigalgs(BIO *out, SSL *s, int shared) int ssl_print_sigalgs(BIO *out, SSL *s) { - int mdnid; + int nid; if (!SSL_is_server(s)) ssl_print_client_cert_types(out, s); do_print_sigalgs(out, s, 0); do_print_sigalgs(out, s, 1); - if (SSL_get_peer_signature_nid(s, &mdnid)) - BIO_printf(out, "Peer signing digest: %s\n", OBJ_nid2sn(mdnid)); + if (SSL_get_peer_signature_nid(s, &nid) && nid != NID_undef) + BIO_printf(out, "Peer signing digest: %s\n", OBJ_nid2sn(nid)); + if (SSL_get_peer_signature_type_nid(s, &nid)) + BIO_printf(out, "Peer signature type: %s\n", get_sigtype(nid)); return 1; } @@ -307,59 +339,63 @@ int ssl_print_point_formats(BIO *out, SSL *s) return 1; } -int ssl_print_curves(BIO *out, SSL *s, int noshared) +int ssl_print_groups(BIO *out, SSL *s, int noshared) { - int i, ncurves, *curves, nid; - const char *cname; + int i, ngroups, *groups, nid; + const char *gname; - ncurves = SSL_get1_curves(s, NULL); - if (ncurves <= 0) + ngroups = SSL_get1_groups(s, NULL); + if (ngroups <= 0) return 1; - curves = app_malloc(ncurves * sizeof(int), "curves to print"); - SSL_get1_curves(s, curves); + groups = app_malloc(ngroups * sizeof(int), "groups to print"); + SSL_get1_groups(s, groups); - BIO_puts(out, "Supported Elliptic Curves: "); - for (i = 0; i < ncurves; i++) { + BIO_puts(out, "Supported Elliptic Groups: "); + for (i = 0; i < ngroups; i++) { if (i) BIO_puts(out, ":"); - nid = curves[i]; + nid = groups[i]; /* If unrecognised print out hex version */ - if (nid & TLSEXT_nid_unknown) + if (nid & TLSEXT_nid_unknown) { BIO_printf(out, "0x%04X", nid & 0xFFFF); - else { + } else { + /* TODO(TLS1.3): Get group name here */ /* Use NIST name for curve if it exists */ - cname = EC_curve_nid2nist(nid); - if (!cname) - cname = OBJ_nid2sn(nid); - BIO_printf(out, "%s", cname); + gname = EC_curve_nid2nist(nid); + if (gname == NULL) + gname = OBJ_nid2sn(nid); + BIO_printf(out, "%s", gname); } } - OPENSSL_free(curves); + OPENSSL_free(groups); if (noshared) { BIO_puts(out, "\n"); return 1; } - BIO_puts(out, "\nShared Elliptic curves: "); - ncurves = SSL_get_shared_curve(s, -1); - for (i = 0; i < ncurves; i++) { + BIO_puts(out, "\nShared Elliptic groups: "); + ngroups = SSL_get_shared_group(s, -1); + for (i = 0; i < ngroups; i++) { if (i) BIO_puts(out, ":"); - nid = SSL_get_shared_curve(s, i); - cname = EC_curve_nid2nist(nid); - if (!cname) - cname = OBJ_nid2sn(nid); - BIO_printf(out, "%s", cname); + nid = SSL_get_shared_group(s, i); + /* TODO(TLS1.3): Convert for DH groups */ + gname = EC_curve_nid2nist(nid); + if (gname == NULL) + gname = OBJ_nid2sn(nid); + BIO_printf(out, "%s", gname); } - if (ncurves == 0) + if (ngroups == 0) BIO_puts(out, "NONE"); BIO_puts(out, "\n"); return 1; } #endif + int ssl_print_tmp_key(BIO *out, SSL *s) { EVP_PKEY *key; - if (!SSL_get_server_tmp_key(s, &key)) + + if (!SSL_get_peer_tmp_key(s, &key)) return 1; BIO_puts(out, "Server Temp Key: "); switch (EVP_PKEY_id(key)) { @@ -379,7 +415,7 @@ int ssl_print_tmp_key(BIO *out, SSL *s) nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); EC_KEY_free(ec); cname = EC_curve_nid2nist(nid); - if (!cname) + if (cname == NULL) cname = OBJ_nid2sn(nid); BIO_printf(out, "ECDH, %s, %d bits\n", cname, EVP_PKEY_bits(key)); } @@ -400,19 +436,19 @@ long bio_dump_callback(BIO *bio, int cmd, const char *argp, out = (BIO *)BIO_get_callback_arg(bio); if (out == NULL) - return (ret); + return ret; if (cmd == (BIO_CB_READ | BIO_CB_RETURN)) { BIO_printf(out, "read from %p [%p] (%lu bytes => %ld (0x%lX))\n", (void *)bio, (void *)argp, (unsigned long)argi, ret, ret); BIO_dump(out, argp, (int)ret); - return (ret); + return ret; } else if (cmd == (BIO_CB_WRITE | BIO_CB_RETURN)) { BIO_printf(out, "write to %p [%p] (%lu bytes => %ld (0x%lX))\n", (void *)bio, (void *)argp, (unsigned long)argi, ret, ret); BIO_dump(out, argp, (int)ret); } - return (ret); + return ret; } void apps_ssl_info_callback(const SSL *s, int where, int ret) @@ -441,10 +477,9 @@ void apps_ssl_info_callback(const SSL *s, int where, int ret) if (ret == 0) BIO_printf(bio_err, "%s:failed in %s\n", str, SSL_state_string_long(s)); - else if (ret < 0) { + else if (ret < 0) BIO_printf(bio_err, "%s:error in %s\n", str, SSL_state_string_long(s)); - } } } @@ -453,12 +488,15 @@ static STRINT_PAIR ssl_versions[] = { {"TLS 1.0", TLS1_VERSION}, {"TLS 1.1", TLS1_1_VERSION}, {"TLS 1.2", TLS1_2_VERSION}, + {"TLS 1.3", TLS1_3_VERSION}, {"DTLS 1.0", DTLS1_VERSION}, {"DTLS 1.0 (bad)", DTLS1_BAD_VER}, {NULL} }; + static STRINT_PAIR alert_types[] = { {" close_notify", 0}, + {" end_of_early_data", 1}, {" unexpected_message", 10}, {" bad_record_mac", 20}, {" decryption_failed", 21}, @@ -479,33 +517,43 @@ static STRINT_PAIR alert_types[] = { {" protocol_version", 70}, {" insufficient_security", 71}, {" internal_error", 80}, + {" inappropriate_fallback", 86}, {" user_canceled", 90}, {" no_renegotiation", 100}, + {" missing_extension", 109}, {" unsupported_extension", 110}, {" certificate_unobtainable", 111}, {" unrecognized_name", 112}, {" bad_certificate_status_response", 113}, {" bad_certificate_hash_value", 114}, {" unknown_psk_identity", 115}, + {" certificate_required", 116}, {NULL} }; static STRINT_PAIR handshakes[] = { - {", HelloRequest", 0}, - {", ClientHello", 1}, - {", ServerHello", 2}, - {", HelloVerifyRequest", 3}, - {", NewSessionTicket", 4}, - {", Certificate", 11}, - {", ServerKeyExchange", 12}, - {", CertificateRequest", 13}, - {", ServerHelloDone", 14}, - {", CertificateVerify", 15}, - {", ClientKeyExchange", 16}, - {", Finished", 20}, - {", CertificateUrl", 21}, - {", CertificateStatus", 22}, - {", SupplementalData", 23}, + {", HelloRequest", SSL3_MT_HELLO_REQUEST}, + {", ClientHello", SSL3_MT_CLIENT_HELLO}, + {", ServerHello", SSL3_MT_SERVER_HELLO}, + {", HelloVerifyRequest", DTLS1_MT_HELLO_VERIFY_REQUEST}, + {", NewSessionTicket", SSL3_MT_NEWSESSION_TICKET}, + {", EndOfEarlyData", SSL3_MT_END_OF_EARLY_DATA}, + {", EncryptedExtensions", SSL3_MT_ENCRYPTED_EXTENSIONS}, + {", Certificate", SSL3_MT_CERTIFICATE}, + {", ServerKeyExchange", SSL3_MT_SERVER_KEY_EXCHANGE}, + {", CertificateRequest", SSL3_MT_CERTIFICATE_REQUEST}, + {", ServerHelloDone", SSL3_MT_SERVER_DONE}, + {", CertificateVerify", SSL3_MT_CERTIFICATE_VERIFY}, + {", ClientKeyExchange", SSL3_MT_CLIENT_KEY_EXCHANGE}, + {", Finished", SSL3_MT_FINISHED}, + {", CertificateUrl", SSL3_MT_CERTIFICATE_URL}, + {", CertificateStatus", SSL3_MT_CERTIFICATE_STATUS}, + {", SupplementalData", SSL3_MT_SUPPLEMENTAL_DATA}, + {", KeyUpdate", SSL3_MT_KEY_UPDATE}, +#ifndef OPENSSL_NO_NEXTPROTONEG + {", NextProto", SSL3_MT_NEXT_PROTO}, +#endif + {", MessageHash", SSL3_MT_MESSAGE_HASH}, {NULL} }; @@ -522,13 +570,14 @@ void msg_cb(int write_p, int version, int content_type, const void *buf, version == TLS1_VERSION || version == TLS1_1_VERSION || version == TLS1_2_VERSION || + version == TLS1_3_VERSION || version == DTLS1_VERSION || version == DTLS1_BAD_VER) { switch (content_type) { case 20: - str_content_type = "ChangeCipherSpec"; + str_content_type = ", ChangeCipherSpec"; break; case 21: - str_content_type = "Alert"; + str_content_type = ", Alert"; str_details1 = ", ???"; if (len == 2) { switch (bp[0]) { @@ -543,13 +592,13 @@ void msg_cb(int write_p, int version, int content_type, const void *buf, } break; case 22: - str_content_type = "Handshake"; + str_content_type = ", Handshake"; str_details1 = "???"; if (len > 0) str_details1 = lookup((int)bp[0], handshakes, "???"); break; case 23: - str_content_type = "ApplicationData"; + str_content_type = ", ApplicationData"; break; #ifndef OPENSSL_NO_HEARTBEATS case 24: @@ -602,7 +651,7 @@ static STRINT_PAIR tlsext_types[] = { {"client authz", TLSEXT_TYPE_client_authz}, {"server authz", TLSEXT_TYPE_server_authz}, {"cert type", TLSEXT_TYPE_cert_type}, - {"elliptic curves", TLSEXT_TYPE_elliptic_curves}, + {"supported_groups", TLSEXT_TYPE_supported_groups}, {"EC point formats", TLSEXT_TYPE_ec_point_formats}, {"SRP", TLSEXT_TYPE_srp}, {"signature algorithms", TLSEXT_TYPE_signature_algorithms}, @@ -625,6 +674,12 @@ static STRINT_PAIR tlsext_types[] = { #ifdef TLSEXT_TYPE_extended_master_secret {"extended master secret", TLSEXT_TYPE_extended_master_secret}, #endif + {"key share", TLSEXT_TYPE_key_share}, + {"supported versions", TLSEXT_TYPE_supported_versions}, + {"psk", TLSEXT_TYPE_psk}, + {"psk kex modes", TLSEXT_TYPE_psk_kex_modes}, + {"certificate authorities", TLSEXT_TYPE_certificate_authorities}, + {"post handshake auth", TLSEXT_TYPE_post_handshake_auth}, {NULL} }; @@ -645,9 +700,9 @@ int generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len) { unsigned char *buffer; - size_t length; + size_t length = 0; unsigned short port; - BIO_ADDR *peer = NULL; + BIO_ADDR *lpeer = NULL, *peer = NULL; /* Initialize a random secret */ if (!cookie_initialized) { @@ -658,17 +713,24 @@ int generate_cookie_callback(SSL *ssl, unsigned char *cookie, cookie_initialized = 1; } - peer = BIO_ADDR_new(); - if (peer == NULL) { - BIO_printf(bio_err, "memory full\n"); - return 0; - } + if (SSL_is_dtls(ssl)) { + lpeer = peer = BIO_ADDR_new(); + if (peer == NULL) { + BIO_printf(bio_err, "memory full\n"); + return 0; + } - /* Read peer information */ - (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), peer); + /* Read peer information */ + (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), peer); + } else { + peer = ourpeer; + } /* Create buffer with peer's address and port */ - BIO_ADDR_rawaddress(peer, NULL, &length); + if (!BIO_ADDR_rawaddress(peer, NULL, &length)) { + BIO_printf(bio_err, "Failed getting peer address\n"); + return 0; + } OPENSSL_assert(length != 0); port = BIO_ADDR_rawport(peer); length += sizeof(port); @@ -682,7 +744,7 @@ int generate_cookie_callback(SSL *ssl, unsigned char *cookie, buffer, length, cookie, cookie_len); OPENSSL_free(buffer); - BIO_ADDR_free(peer); + BIO_ADDR_free(lpeer); return 1; } @@ -703,6 +765,22 @@ int verify_cookie_callback(SSL *ssl, const unsigned char *cookie, return 0; } + +int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie, + size_t *cookie_len) +{ + unsigned int temp; + int res = generate_cookie_callback(ssl, cookie, &temp); + *cookie_len = temp; + return res; +} + +int verify_stateless_cookie_callback(SSL *ssl, const unsigned char *cookie, + size_t cookie_len) +{ + return verify_cookie_callback(ssl, cookie, cookie_len); +} + #endif /* @@ -774,24 +852,24 @@ static int set_cert_cb(SSL *ssl, void *arg) #endif SSL_certs_clear(ssl); - if (!exc) + if (exc == NULL) return 1; /* * Go to end of list and traverse backwards since we prepend newer * entries this retains the original order. */ - while (exc->next) + while (exc->next != NULL) exc = exc->next; i = 0; - while (exc) { + while (exc != NULL) { i++; rv = SSL_check_chain(ssl, exc->cert, exc->key, exc->chain); BIO_printf(bio_err, "Checking cert chain %d:\nSubject: ", i); X509_NAME_print_ex(bio_err, X509_get_subject_name(exc->cert), 0, - XN_FLAG_ONELINE); + get_nameopt()); BIO_puts(bio_err, "\n"); print_chain_flags(ssl, rv); if (rv & CERT_PKEY_VALID) { @@ -807,8 +885,9 @@ static int set_cert_cb(SSL *ssl, void *arg) if (exc->build_chain) { if (!SSL_build_cert_chain(ssl, 0)) return 0; - } else if (exc->chain) + } else if (exc->chain != NULL) { SSL_set1_chain(ssl, exc->chain); + } } exc = exc->prev; } @@ -845,7 +924,7 @@ void ssl_excert_free(SSL_EXCERT *exc) { SSL_EXCERT *curr; - if (!exc) + if (exc == NULL) return; while (exc) { X509_free(exc->cert); @@ -860,33 +939,33 @@ void ssl_excert_free(SSL_EXCERT *exc) int load_excert(SSL_EXCERT **pexc) { SSL_EXCERT *exc = *pexc; - if (!exc) + if (exc == NULL) return 1; /* If nothing in list, free and set to NULL */ - if (!exc->certfile && !exc->next) { + if (exc->certfile == NULL && exc->next == NULL) { ssl_excert_free(exc); *pexc = NULL; return 1; } for (; exc; exc = exc->next) { - if (!exc->certfile) { + if (exc->certfile == NULL) { BIO_printf(bio_err, "Missing filename\n"); return 0; } exc->cert = load_cert(exc->certfile, exc->certform, "Server Certificate"); - if (!exc->cert) + if (exc->cert == NULL) return 0; - if (exc->keyfile) { + if (exc->keyfile != NULL) { exc->key = load_key(exc->keyfile, exc->keyform, 0, NULL, NULL, "Server Key"); } else { exc->key = load_key(exc->certfile, exc->certform, 0, NULL, NULL, "Server Key"); } - if (!exc->key) + if (exc->key == NULL) return 0; - if (exc->chainfile) { + if (exc->chainfile != NULL) { if (!load_certs(exc->chainfile, &exc->chain, FORMAT_PEM, NULL, "Server Chain")) return 0; @@ -918,7 +997,7 @@ int args_excert(int opt, SSL_EXCERT **pexc) case OPT_X__LAST: return 0; case OPT_X_CERT: - if (exc->certfile && !ssl_excert_prepend(&exc)) { + if (exc->certfile != NULL && !ssl_excert_prepend(&exc)) { BIO_printf(bio_err, "%s: Error adding xcert\n", opt_getprog()); goto err; } @@ -926,14 +1005,14 @@ int args_excert(int opt, SSL_EXCERT **pexc) exc->certfile = opt_arg(); break; case OPT_X_KEY: - if (exc->keyfile) { + if (exc->keyfile != NULL) { BIO_printf(bio_err, "%s: Key already specified\n", opt_getprog()); goto err; } exc->keyfile = opt_arg(); break; case OPT_X_CHAIN: - if (exc->chainfile) { + if (exc->chainfile != NULL) { BIO_printf(bio_err, "%s: Chain already specified\n", opt_getprog()); goto err; @@ -976,11 +1055,11 @@ static void print_raw_cipherlist(SSL *s) const SSL_CIPHER *c = SSL_CIPHER_find(s, rlist); if (i) BIO_puts(bio_err, ":"); - if (c) + if (c != NULL) { BIO_puts(bio_err, SSL_CIPHER_get_name(c)); - else if (!memcmp(rlist, scsv_id, num)) + } else if (memcmp(rlist, scsv_id, num) == 0) { BIO_puts(bio_err, "SCSV"); - else { + } else { size_t j; BIO_puts(bio_err, "0x"); for (j = 0; j < num; j++) @@ -1002,8 +1081,8 @@ static char *hexencode(const unsigned char *data, size_t len) int ilen = (int) outlen; if (outlen < len || ilen < 0 || outlen != (size_t)ilen) { - BIO_printf(bio_err, "%s: %"BIO_PRI64"u-byte buffer too large to hexencode\n", - opt_getprog(), (uint64_t)len); + BIO_printf(bio_err, "%s: %zu-byte buffer too large to hexencode\n", + opt_getprog(), len); exit(1); } cp = out = app_malloc(ilen, "TLSA hex data buffer"); @@ -1068,7 +1147,6 @@ void print_ssl_summary(SSL *s) { const SSL_CIPHER *c; X509 *peer; - /* const char *pnam = SSL_is_server(s) ? "client" : "server"; */ BIO_printf(bio_err, "Protocol version: %s\n", SSL_get_version(s)); print_raw_cipherlist(s); @@ -1076,23 +1154,26 @@ void print_ssl_summary(SSL *s) BIO_printf(bio_err, "Ciphersuite: %s\n", SSL_CIPHER_get_name(c)); do_print_sigalgs(bio_err, s, 0); peer = SSL_get_peer_certificate(s); - if (peer) { + if (peer != NULL) { int nid; BIO_puts(bio_err, "Peer certificate: "); X509_NAME_print_ex(bio_err, X509_get_subject_name(peer), - 0, XN_FLAG_ONELINE); + 0, get_nameopt()); BIO_puts(bio_err, "\n"); if (SSL_get_peer_signature_nid(s, &nid)) BIO_printf(bio_err, "Hash used: %s\n", OBJ_nid2sn(nid)); + if (SSL_get_peer_signature_type_nid(s, &nid)) + BIO_printf(bio_err, "Signature type: %s\n", get_sigtype(nid)); print_verify_detail(s, bio_err); - } else + } else { BIO_puts(bio_err, "No peer certificate\n"); + } X509_free(peer); #ifndef OPENSSL_NO_EC ssl_print_point_formats(bio_err, s); if (SSL_is_server(s)) - ssl_print_curves(bio_err, s, 1); + ssl_print_groups(bio_err, s, 1); else ssl_print_tmp_key(bio_err, s); #else @@ -1111,7 +1192,7 @@ int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str, const char *flag = sk_OPENSSL_STRING_value(str, i); const char *arg = sk_OPENSSL_STRING_value(str, i + 1); if (SSL_CONF_cmd(cctx, flag, arg) <= 0) { - if (arg) + if (arg != NULL) BIO_printf(bio_err, "Error with command: \"%s %s\"\n", flag, arg); else @@ -1245,7 +1326,7 @@ static int security_callback_debug(const SSL *s, const SSL_CTX *ctx, cert_md = 1; break; } - if (nm) + if (nm != NULL) BIO_printf(sdb->out, "%s=", nm); switch (op & SSL_SECOP_OTHER_TYPE) { @@ -1333,3 +1414,68 @@ void ssl_ctx_security_debug(SSL_CTX *ctx, int verbose) SSL_CTX_set_security_callback(ctx, security_callback_debug); SSL_CTX_set0_security_ex_data(ctx, &sdb); } + +static void keylog_callback(const SSL *ssl, const char *line) +{ + if (bio_keylog == NULL) { + BIO_printf(bio_err, "Keylog callback is invoked without valid file!\n"); + return; + } + + /* + * There might be concurrent writers to the keylog file, so we must ensure + * that the given line is written at once. + */ + BIO_printf(bio_keylog, "%s\n", line); + (void)BIO_flush(bio_keylog); +} + +int set_keylog_file(SSL_CTX *ctx, const char *keylog_file) +{ + /* Close any open files */ + BIO_free_all(bio_keylog); + bio_keylog = NULL; + + if (ctx == NULL || keylog_file == NULL) { + /* Keylogging is disabled, OK. */ + return 0; + } + + /* + * Append rather than write in order to allow concurrent modification. + * Furthermore, this preserves existing keylog files which is useful when + * the tool is run multiple times. + */ + bio_keylog = BIO_new_file(keylog_file, "a"); + if (bio_keylog == NULL) { + BIO_printf(bio_err, "Error writing keylog file %s\n", keylog_file); + return 1; + } + + /* Write a header for seekable, empty files (this excludes pipes). */ + if (BIO_tell(bio_keylog) == 0) { + BIO_puts(bio_keylog, + "# SSL/TLS secrets log file, generated by OpenSSL\n"); + (void)BIO_flush(bio_keylog); + } + SSL_CTX_set_keylog_callback(ctx, keylog_callback); + return 0; +} + +void print_ca_names(BIO *bio, SSL *s) +{ + const char *cs = SSL_is_server(s) ? "server" : "client"; + const STACK_OF(X509_NAME) *sk = SSL_get0_peer_CA_list(s); + int i; + + if (sk == NULL || sk_X509_NAME_num(sk) == 0) { + BIO_printf(bio, "---\nNo %s certificate CA names sent\n", cs); + return; + } + + BIO_printf(bio, "---\nAcceptable %s certificate CA names\n",cs); + for (i = 0; i < sk_X509_NAME_num(sk); i++) { + X509_NAME_print_ex(bio, sk_X509_NAME_value(sk, i), 0, get_nameopt()); + BIO_write(bio, "\n", 1); + } +} diff --git a/deps/openssl/openssl/apps/s_client.c b/deps/openssl/openssl/apps/s_client.c index 3c0c73e8516c52..dcaa10cf44ebae 100644 --- a/deps/openssl/openssl/apps/s_client.c +++ b/deps/openssl/openssl/apps/s_client.c @@ -1,5 +1,6 @@ /* * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005 Nokia. All rights reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,33 +8,7 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - +#include "e_os.h" #include #include #include @@ -54,8 +29,8 @@ typedef unsigned int u_int; #endif -#define USE_SOCKETS #include "apps.h" +#include "progs.h" #include #include #include @@ -72,6 +47,7 @@ typedef unsigned int u_int; #endif #include "s_apps.h" #include "timeouts.h" +#include "internal/sockets.h" #if defined(__has_feature) # if __has_feature(memory_sanitizer) @@ -90,11 +66,14 @@ static char *keymatexportlabel = NULL; static int keymatexportlen = 20; static BIO *bio_c_out = NULL; static int c_quiet = 0; +static char *sess_out = NULL; +static SSL_SESSION *psksess = NULL; static void print_stuff(BIO *berr, SSL *con, int full); #ifndef OPENSSL_NO_OCSP static int ocsp_resp_cb(SSL *s, void *arg); #endif +static int ldap_ExtendedResponse_parse(const char *buf, long rem); static int saved_errno; @@ -132,13 +111,10 @@ static void do_ssl_shutdown(SSL *ssl) } while (ret < 0); } -#ifndef OPENSSL_NO_PSK /* Default PSK identity and key */ static char *psk_identity = "Client_identity"; -/* - * char *psk_key=NULL; by default PSK is not used - */ +#ifndef OPENSSL_NO_PSK static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, @@ -155,8 +131,9 @@ static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity, if (c_debug) BIO_printf(bio_c_out, "NULL received PSK identity hint, continuing anyway\n"); - } else if (c_debug) + } else if (c_debug) { BIO_printf(bio_c_out, "Received PSK identity hint '%s'\n", hint); + } /* * lookup PSK identity and PSK key based on the given identity hint here @@ -197,6 +174,71 @@ static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity, } #endif +const unsigned char tls13_aes128gcmsha256_id[] = { 0x13, 0x01 }; +const unsigned char tls13_aes256gcmsha384_id[] = { 0x13, 0x02 }; + +static int psk_use_session_cb(SSL *s, const EVP_MD *md, + const unsigned char **id, size_t *idlen, + SSL_SESSION **sess) +{ + SSL_SESSION *usesess = NULL; + const SSL_CIPHER *cipher = NULL; + + if (psksess != NULL) { + SSL_SESSION_up_ref(psksess); + usesess = psksess; + } else { + long key_len; + unsigned char *key = OPENSSL_hexstr2buf(psk_key, &key_len); + + if (key == NULL) { + BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n", + psk_key); + return 0; + } + + /* We default to SHA-256 */ + cipher = SSL_CIPHER_find(s, tls13_aes128gcmsha256_id); + if (cipher == NULL) { + BIO_printf(bio_err, "Error finding suitable ciphersuite\n"); + OPENSSL_free(key); + return 0; + } + + usesess = SSL_SESSION_new(); + if (usesess == NULL + || !SSL_SESSION_set1_master_key(usesess, key, key_len) + || !SSL_SESSION_set_cipher(usesess, cipher) + || !SSL_SESSION_set_protocol_version(usesess, TLS1_3_VERSION)) { + OPENSSL_free(key); + goto err; + } + OPENSSL_free(key); + } + + cipher = SSL_SESSION_get0_cipher(usesess); + if (cipher == NULL) + goto err; + + if (md != NULL && SSL_CIPHER_get_handshake_digest(cipher) != md) { + /* PSK not usable, ignore it */ + *id = NULL; + *idlen = 0; + *sess = NULL; + SSL_SESSION_free(usesess); + } else { + *sess = usesess; + *id = (unsigned char *)psk_identity; + *idlen = strlen(psk_identity); + } + + return 1; + + err: + SSL_SESSION_free(usesess); + return 0; +} + /* This is a context that we pass to callbacks */ typedef struct tlsextctx_st { BIO *biodebug; @@ -326,8 +368,6 @@ static char *ssl_give_srp_client_pwd_cb(SSL *s, void *arg) #endif -static char *srtp_profiles = NULL; - #ifndef OPENSSL_NO_NEXTPROTONEG /* This the context that we pass to next_proto_cb */ typedef struct tlsextnextprotoctx_st { @@ -371,10 +411,11 @@ static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type, unsigned char ext_buf[4 + 65536]; /* Reconstruct the type/len fields prior to extension data */ - ext_buf[0] = ext_type >> 8; - ext_buf[1] = ext_type & 0xFF; - ext_buf[2] = inlen >> 8; - ext_buf[3] = inlen & 0xFF; + inlen &= 0xffff; /* for formal memcmpy correctness */ + ext_buf[0] = (unsigned char)(ext_type >> 8); + ext_buf[1] = (unsigned char)(ext_type); + ext_buf[2] = (unsigned char)(inlen >> 8); + ext_buf[3] = (unsigned char)(inlen); memcpy(ext_buf + 4, in, inlen); BIO_snprintf(pem_name, sizeof(pem_name), "SERVERINFO FOR EXTENSION %d", @@ -522,32 +563,30 @@ static int tlsa_import_rrset(SSL *con, STACK_OF(OPENSSL_STRING) *rrset) typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, - OPT_4, OPT_6, OPT_HOST, OPT_PORT, OPT_CONNECT, OPT_UNIX, - OPT_XMPPHOST, OPT_VERIFY, + OPT_4, OPT_6, OPT_HOST, OPT_PORT, OPT_CONNECT, OPT_BIND, OPT_UNIX, + OPT_XMPPHOST, OPT_VERIFY, OPT_NAMEOPT, OPT_CERT, OPT_CRL, OPT_CRL_DOWNLOAD, OPT_SESS_OUT, OPT_SESS_IN, OPT_CERTFORM, OPT_CRLFORM, OPT_VERIFY_RET_ERROR, OPT_VERIFY_QUIET, OPT_BRIEF, OPT_PREXIT, OPT_CRLF, OPT_QUIET, OPT_NBIO, - OPT_SSL_CLIENT_ENGINE, OPT_RAND, OPT_IGN_EOF, OPT_NO_IGN_EOF, + OPT_SSL_CLIENT_ENGINE, OPT_IGN_EOF, OPT_NO_IGN_EOF, OPT_DEBUG, OPT_TLSEXTDEBUG, OPT_STATUS, OPT_WDEBUG, OPT_MSG, OPT_MSGFILE, OPT_ENGINE, OPT_TRACE, OPT_SECURITY_DEBUG, OPT_SECURITY_DEBUG_VERBOSE, OPT_SHOWCERTS, OPT_NBIO_TEST, OPT_STATE, -#ifndef OPENSSL_NO_PSK - OPT_PSK_IDENTITY, OPT_PSK, -#endif + OPT_PSK_IDENTITY, OPT_PSK, OPT_PSK_SESS, #ifndef OPENSSL_NO_SRP OPT_SRPUSER, OPT_SRPPASS, OPT_SRP_STRENGTH, OPT_SRP_LATEUSER, OPT_SRP_MOREGROUPS, #endif OPT_SSL3, OPT_SSL_CONFIG, - OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1, - OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_KEYFORM, OPT_PASS, - OPT_CERT_CHAIN, OPT_CAPATH, OPT_NOCAPATH, OPT_CHAINCAPATH, - OPT_VERIFYCAPATH, + OPT_TLS1_3, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1, + OPT_DTLS1_2, OPT_SCTP, OPT_TIMEOUT, OPT_MTU, OPT_KEYFORM, OPT_PASS, + OPT_CERT_CHAIN, OPT_CAPATH, OPT_NOCAPATH, OPT_CHAINCAPATH, OPT_VERIFYCAPATH, OPT_KEY, OPT_RECONNECT, OPT_BUILD_CHAIN, OPT_CAFILE, OPT_NOCAFILE, OPT_CHAINCAFILE, OPT_VERIFYCAFILE, OPT_NEXTPROTONEG, OPT_ALPN, - OPT_SERVERINFO, OPT_STARTTLS, OPT_SERVERNAME, - OPT_USE_SRTP, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, OPT_SMTPHOST, - OPT_ASYNC, OPT_SPLIT_SEND_FRAG, OPT_MAX_PIPELINES, OPT_READ_BUF, + OPT_SERVERINFO, OPT_STARTTLS, OPT_SERVERNAME, OPT_NOSERVERNAME, OPT_ASYNC, + OPT_USE_SRTP, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, OPT_PROTOHOST, + OPT_MAXFRAGLEN, OPT_MAX_SEND_FRAG, OPT_SPLIT_SEND_FRAG, OPT_MAX_PIPELINES, + OPT_READ_BUF, OPT_KEYLOG_FILE, OPT_EARLY_DATA, OPT_REQCAFILE, OPT_V_ENUM, OPT_X_ENUM, OPT_S_ENUM, @@ -555,15 +594,18 @@ typedef enum OPTION_choice { #ifndef OPENSSL_NO_CT OPT_CT, OPT_NOCT, OPT_CTLOG_FILE, #endif - OPT_DANE_TLSA_RRDATA, OPT_DANE_EE_NO_NAME + OPT_DANE_TLSA_RRDATA, OPT_DANE_EE_NO_NAME, + OPT_ENABLE_PHA, + OPT_R_ENUM } OPTION_CHOICE; -OPTIONS s_client_options[] = { +const OPTIONS s_client_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, {"host", OPT_HOST, 's', "Use -connect instead"}, {"port", OPT_PORT, 'p', "Use -connect instead"}, {"connect", OPT_CONNECT, 's', "TCP/IP where to connect (default is :" PORT ")"}, + {"bind", OPT_BIND, 's', "bind local address for connection"}, {"proxy", OPT_PROXY, 's', "Connect to via specified proxy to the real server"}, #ifdef AF_UNIX @@ -577,6 +619,7 @@ OPTIONS s_client_options[] = { {"cert", OPT_CERT, '<', "Certificate file to use, PEM format assumed"}, {"certform", OPT_CERTFORM, 'F', "Certificate format (PEM or DER) PEM default"}, + {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"}, {"key", OPT_KEY, 's', "Private key file to use, if not in -cert file"}, {"keyform", OPT_KEYFORM, 'E', "Key format (PEM, DER or engine) PEM default"}, {"pass", OPT_PASS, 's', "Private key file pass phrase source"}, @@ -586,6 +629,8 @@ OPTIONS s_client_options[] = { "Do not load the default certificates file"}, {"no-CApath", OPT_NOCAPATH, '-', "Do not load certificates from the default certificates directory"}, + {"requestCAfile", OPT_REQCAFILE, '<', + "PEM format file of CA names to send to the server"}, {"dane_tlsa_domain", OPT_DANE_TLSA_DOMAIN, 's', "DANE TLSA base domain"}, {"dane_tlsa_rrdata", OPT_DANE_TLSA_RRDATA, 's', "DANE TLSA rrdata presentation form"}, @@ -608,19 +653,23 @@ OPTIONS s_client_options[] = { {"starttls", OPT_STARTTLS, 's', "Use the appropriate STARTTLS command before starting TLS"}, {"xmpphost", OPT_XMPPHOST, 's', - "Host to use with \"-starttls xmpp[-server]\""}, - {"rand", OPT_RAND, 's', - "Load the file(s) into the random number generator"}, + "Alias of -name option for \"-starttls xmpp[-server]\""}, + OPT_R_OPTIONS, {"sess_out", OPT_SESS_OUT, '>', "File to write SSL session to"}, {"sess_in", OPT_SESS_IN, '<', "File to read SSL session from"}, +#ifndef OPENSSL_NO_SRTP {"use_srtp", OPT_USE_SRTP, 's', "Offer SRTP key management with a colon-separated profile list"}, +#endif {"keymatexport", OPT_KEYMATEXPORT, 's', "Export keying material using label"}, {"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p', "Export len bytes of keying material (default 20)"}, + {"maxfraglen", OPT_MAXFRAGLEN, 'p', + "Enable Maximum Fragment Length Negotiation (len values: 512, 1024, 2048 and 4096)"}, {"fallback_scsv", OPT_FALLBACKSCSV, '-', "Send the fallback SCSV"}, - {"name", OPT_SMTPHOST, 's', "Hostname to use for \"-starttls smtp\""}, + {"name", OPT_PROTOHOST, 's', + "Hostname to use for \"-starttls lmtp\", \"-starttls smtp\" or \"-starttls xmpp[-server]\""}, {"CRL", OPT_CRL, '<', "CRL file to use"}, {"crl_download", OPT_CRL_DOWNLOAD, '-', "Download CRL from distribution points"}, {"CRLform", OPT_CRLFORM, 'F', "CRL format (PEM or DER) PEM is default"}, @@ -648,7 +697,9 @@ OPTIONS s_client_options[] = { "CA file for certificate verification (PEM format)"}, {"nocommands", OPT_NOCMDS, '-', "Do not use interactive command letters"}, {"servername", OPT_SERVERNAME, 's', - "Set TLS extension servername in ClientHello"}, + "Set TLS extension servername (SNI) in ClientHello (default)"}, + {"noservername", OPT_NOSERVERNAME, '-', + "Do not send the server name (SNI) extension in the ClientHello"}, {"tlsextdebug", OPT_TLSEXTDEBUG, '-', "Hex dump of all TLS extensions received"}, #ifndef OPENSSL_NO_OCSP @@ -660,11 +711,12 @@ OPTIONS s_client_options[] = { "Enable ALPN extension, considering named protocols supported (comma-separated list)"}, {"async", OPT_ASYNC, '-', "Support asynchronous operation"}, {"ssl_config", OPT_SSL_CONFIG, 's', "Use specified configuration file"}, - {"split_send_frag", OPT_SPLIT_SEND_FRAG, 'n', + {"max_send_frag", OPT_MAX_SEND_FRAG, 'p', "Maximum Size of send frames "}, + {"split_send_frag", OPT_SPLIT_SEND_FRAG, 'p', "Size used to split data for encrypt pipelines"}, - {"max_pipelines", OPT_MAX_PIPELINES, 'n', + {"max_pipelines", OPT_MAX_PIPELINES, 'p', "Maximum number of encrypt/decrypt pipelines to be used"}, - {"read_buf", OPT_READ_BUF, 'n', + {"read_buf", OPT_READ_BUF, 'p', "Default read buffer size to be used for connections"}, OPT_S_OPTIONS, OPT_V_OPTIONS, @@ -681,6 +733,9 @@ OPTIONS s_client_options[] = { #ifndef OPENSSL_NO_TLS1_2 {"tls1_2", OPT_TLS1_2, '-', "Just use TLSv1.2"}, #endif +#ifndef OPENSSL_NO_TLS1_3 + {"tls1_3", OPT_TLS1_3, '-', "Just use TLSv1.3"}, +#endif #ifndef OPENSSL_NO_DTLS {"dtls", OPT_DTLS, '-', "Use any version of DTLS"}, {"timeout", OPT_TIMEOUT, '-', @@ -693,6 +748,9 @@ OPTIONS s_client_options[] = { #ifndef OPENSSL_NO_DTLS1_2 {"dtls1_2", OPT_DTLS1_2, '-', "Just use DTLSv1.2"}, #endif +#ifndef OPENSSL_NO_SCTP + {"sctp", OPT_SCTP, '-', "Use SCTP"}, +#endif #ifndef OPENSSL_NO_SSL_TRACE {"trace", OPT_TRACE, '-', "Show trace output of protocol messages"}, #endif @@ -700,10 +758,9 @@ OPTIONS s_client_options[] = { {"wdebug", OPT_WDEBUG, '-', "WATT-32 tcp debugging"}, #endif {"nbio", OPT_NBIO, '-', "Use non-blocking IO"}, -#ifndef OPENSSL_NO_PSK {"psk_identity", OPT_PSK_IDENTITY, 's', "PSK identity"}, {"psk", OPT_PSK, 's', "PSK in hex (without 0x)"}, -#endif + {"psk_session", OPT_PSK_SESS, '<', "File to read PSK SSL session from"}, #ifndef OPENSSL_NO_SRP {"srpuser", OPT_SRPUSER, 's', "SRP authentication for 'user'"}, {"srppass", OPT_SRPPASS, 's', "Password for 'user'"}, @@ -727,6 +784,9 @@ OPTIONS s_client_options[] = { {"noct", OPT_NOCT, '-', "Do not request or parse SCTs (default)"}, {"ctlogfile", OPT_CTLOG_FILE, '<', "CT log list CONF file"}, #endif + {"keylogfile", OPT_KEYLOG_FILE, '>', "Write TLS secrets to file"}, + {"early_data", OPT_EARLY_DATA, '<', "File to send as early data"}, + {"enable_pha", OPT_ENABLE_PHA, '-', "Enable post-handshake-authentication"}, {NULL, OPT_EOF, 0x00, NULL} }; @@ -740,7 +800,13 @@ typedef enum PROTOCOL_choice { PROTO_XMPP, PROTO_XMPP_SERVER, PROTO_CONNECT, - PROTO_IRC + PROTO_IRC, + PROTO_MYSQL, + PROTO_POSTGRES, + PROTO_LMTP, + PROTO_NNTP, + PROTO_SIEVE, + PROTO_LDAP } PROTOCOL_CHOICE; static const OPT_PAIR services[] = { @@ -752,6 +818,12 @@ static const OPT_PAIR services[] = { {"xmpp-server", PROTO_XMPP_SERVER}, {"telnet", PROTO_TELNET}, {"irc", PROTO_IRC}, + {"mysql", PROTO_MYSQL}, + {"postgres", PROTO_POSTGRES}, + {"lmtp", PROTO_LMTP}, + {"nntp", PROTO_NNTP}, + {"sieve", PROTO_SIEVE}, + {"ldap", PROTO_LDAP}, {NULL, 0} }; @@ -761,7 +833,7 @@ static const OPT_PAIR services[] = { #define IS_PROT_FLAG(o) \ (o == OPT_SSL3 || o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \ - || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2) + || o == OPT_TLS1_3 || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2) /* Free |*dest| and optionally set it to a copy of |source|. */ static void freeandcopy(char **dest, const char *source) @@ -772,6 +844,38 @@ static void freeandcopy(char **dest, const char *source) *dest = OPENSSL_strdup(source); } +static int new_session_cb(SSL *s, SSL_SESSION *sess) +{ + + if (sess_out != NULL) { + BIO *stmp = BIO_new_file(sess_out, "w"); + + if (stmp == NULL) { + BIO_printf(bio_err, "Error writing session file %s\n", sess_out); + } else { + PEM_write_bio_SSL_SESSION(stmp, sess); + BIO_free(stmp); + } + } + + /* + * Session data gets dumped on connection for TLSv1.2 and below, and on + * arrival of the NewSessionTicket for TLSv1.3. + */ + if (SSL_version(s) == TLS1_3_VERSION) { + BIO_printf(bio_c_out, + "---\nPost-Handshake New Session Ticket arrived:\n"); + SSL_SESSION_print(bio_c_out, sess); + BIO_printf(bio_c_out, "---\n"); + } + + /* + * We always return a "fail" response so that the session gets freed again + * because we haven't used the reference. + */ + return 0; +} + int s_client_main(int argc, char **argv) { BIO *sbio; @@ -791,15 +895,15 @@ int s_client_main(int argc, char **argv) const SSL_METHOD *meth = TLS_client_method(); const char *CApath = NULL, *CAfile = NULL; char *cbuf = NULL, *sbuf = NULL; - char *mbuf = NULL, *proxystr = NULL, *connectstr = NULL; + char *mbuf = NULL, *proxystr = NULL, *connectstr = NULL, *bindstr = NULL; char *cert_file = NULL, *key_file = NULL, *chain_file = NULL; char *chCApath = NULL, *chCAfile = NULL, *host = NULL; char *port = OPENSSL_strdup(PORT); - char *inrand = NULL; + char *bindhost = NULL, *bindport = NULL; char *passarg = NULL, *pass = NULL, *vfyCApath = NULL, *vfyCAfile = NULL; - char *sess_in = NULL, *sess_out = NULL, *crl_file = NULL, *p; - char *xmpphost = NULL; - const char *ehlo = "mail.example.com"; + char *ReqCAfile = NULL; + char *sess_in = NULL, *crl_file = NULL, *p; + const char *protohost = NULL; struct timeval timeout, *timeoutp; fd_set readfds, writefds; int noCApath = 0, noCAfile = 0; @@ -810,7 +914,7 @@ int s_client_main(int argc, char **argv) int reconnect = 0, verify = SSL_VERIFY_NONE, vpmtouched = 0; int ret = 1, in_init = 1, i, nbio_test = 0, s = -1, k, width, state = 0; int sbuf_len, sbuf_off, cmdletters = 1; - int socket_family = AF_UNSPEC, socket_type = SOCK_STREAM; + int socket_family = AF_UNSPEC, socket_type = SOCK_STREAM, protocol = 0; int starttls_proto = PROTO_OFF, crl_format = FORMAT_PEM, crl_download = 0; int write_tty, read_tty, write_ssl, read_ssl, tty_on, ssl_pending; #if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) @@ -818,7 +922,6 @@ int s_client_main(int argc, char **argv) #endif int read_buf_len = 0; int fallback_scsv = 0; - long randamt = 0; OPTION_CHOICE o; #ifndef OPENSSL_NO_DTLS int enable_timeouts = 0; @@ -831,7 +934,8 @@ int s_client_main(int argc, char **argv) #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) struct timeval tv; #endif - char *servername = NULL; + const char *servername = NULL; + int noservername = 0; const char *alpn_in = NULL; tlsextctx tlsextcbp = { NULL, 0 }; const char *ssl_config = NULL; @@ -846,22 +950,32 @@ int s_client_main(int argc, char **argv) int srp_lateuser = 0; SRP_ARG srp_arg = { NULL, NULL, 0, 0, 0, 1024 }; #endif +#ifndef OPENSSL_NO_SRTP + char *srtp_profiles = NULL; +#endif #ifndef OPENSSL_NO_CT char *ctlog_file = NULL; int ct_validation = 0; #endif int min_version = 0, max_version = 0, prot_opt = 0, no_prot_opt = 0; int async = 0; - unsigned int split_send_fragment = 0; - unsigned int max_pipelines = 0; + unsigned int max_send_fragment = 0; + unsigned int split_send_fragment = 0, max_pipelines = 0; enum { use_inet, use_unix, use_unknown } connect_type = use_unknown; int count4or6 = 0; + uint8_t maxfraglen = 0; int c_nbio = 0, c_msg = 0, c_ign_eof = 0, c_brief = 0; int c_tlsextdebug = 0; #ifndef OPENSSL_NO_OCSP int c_status_req = 0; #endif BIO *bio_c_msg = NULL; + const char *keylog_file = NULL, *early_data_file = NULL; +#ifndef OPENSSL_NO_DTLS + int isdtls = 0; +#endif + char *psksessf = NULL; + int enable_pha = 0; FD_ZERO(&readfds); FD_ZERO(&writefds); @@ -954,6 +1068,9 @@ int s_client_main(int argc, char **argv) connect_type = use_inet; freeandcopy(&connectstr, opt_arg()); break; + case OPT_BIND: + freeandcopy(&bindstr, opt_arg()); + break; case OPT_PROXY: proxystr = opt_arg(); starttls_proto = PROTO_CONNECT; @@ -966,10 +1083,9 @@ int s_client_main(int argc, char **argv) break; #endif case OPT_XMPPHOST: - xmpphost = opt_arg(); - break; - case OPT_SMTPHOST: - ehlo = opt_arg(); + /* fall through, since this is an alias */ + case OPT_PROTOHOST: + protohost = opt_arg(); break; case OPT_VERIFY: verify = SSL_VERIFY_PEER; @@ -980,6 +1096,10 @@ int s_client_main(int argc, char **argv) case OPT_CERT: cert_file = opt_arg(); break; + case OPT_NAMEOPT: + if (!set_nameopt(opt_arg())) + goto end; + break; case OPT_CRL: crl_file = opt_arg(); break; @@ -1055,8 +1175,9 @@ int s_client_main(int argc, char **argv) } #endif break; - case OPT_RAND: - inrand = opt_arg(); + case OPT_R_CASES: + if (!opt_rand(o)) + goto end; break; case OPT_IGN_EOF: c_ign_eof = 1; @@ -1106,7 +1227,6 @@ int s_client_main(int argc, char **argv) case OPT_STATE: state = 1; break; -#ifndef OPENSSL_NO_PSK case OPT_PSK_IDENTITY: psk_identity = opt_arg(); break; @@ -1118,7 +1238,9 @@ int s_client_main(int argc, char **argv) goto end; } break; -#endif + case OPT_PSK_SESS: + psksessf = opt_arg(); + break; #ifndef OPENSSL_NO_SRP case OPT_SRPUSER: srp_arg.srplogin = opt_arg(); @@ -1155,6 +1277,10 @@ int s_client_main(int argc, char **argv) min_version = SSL3_VERSION; max_version = SSL3_VERSION; break; + case OPT_TLS1_3: + min_version = TLS1_3_VERSION; + max_version = TLS1_3_VERSION; + break; case OPT_TLS1_2: min_version = TLS1_2_VERSION; max_version = TLS1_2_VERSION; @@ -1171,6 +1297,7 @@ int s_client_main(int argc, char **argv) #ifndef OPENSSL_NO_DTLS meth = DTLS_client_method(); socket_type = SOCK_DGRAM; + isdtls = 1; #endif break; case OPT_DTLS1: @@ -1179,6 +1306,7 @@ int s_client_main(int argc, char **argv) min_version = DTLS1_VERSION; max_version = DTLS1_VERSION; socket_type = SOCK_DGRAM; + isdtls = 1; #endif break; case OPT_DTLS1_2: @@ -1187,6 +1315,12 @@ int s_client_main(int argc, char **argv) min_version = DTLS1_2_VERSION; max_version = DTLS1_2_VERSION; socket_type = SOCK_DGRAM; + isdtls = 1; +#endif + break; + case OPT_SCTP: +#ifndef OPENSSL_NO_SCTP + protocol = IPPROTO_SCTP; #endif break; case OPT_TIMEOUT: @@ -1233,6 +1367,9 @@ int s_client_main(int argc, char **argv) case OPT_BUILD_CHAIN: build_chain = 1; break; + case OPT_REQCAFILE: + ReqCAfile = opt_arg(); + break; case OPT_CAFILE: CAfile = opt_arg(); break; @@ -1298,8 +1435,13 @@ int s_client_main(int argc, char **argv) case OPT_SERVERNAME: servername = opt_arg(); break; + case OPT_NOSERVERNAME: + noservername = 1; + break; case OPT_USE_SRTP: +#ifndef OPENSSL_NO_SRTP srtp_profiles = opt_arg(); +#endif break; case OPT_KEYMATEXPORT: keymatexportlabel = opt_arg(); @@ -1310,15 +1452,33 @@ int s_client_main(int argc, char **argv) case OPT_ASYNC: async = 1; break; + case OPT_MAXFRAGLEN: + len = atoi(opt_arg()); + switch (len) { + case 512: + maxfraglen = TLSEXT_max_fragment_length_512; + break; + case 1024: + maxfraglen = TLSEXT_max_fragment_length_1024; + break; + case 2048: + maxfraglen = TLSEXT_max_fragment_length_2048; + break; + case 4096: + maxfraglen = TLSEXT_max_fragment_length_4096; + break; + default: + BIO_printf(bio_err, + "%s: Max Fragment Len %u is out of permitted values", + prog, len); + goto opthelp; + } + break; + case OPT_MAX_SEND_FRAG: + max_send_fragment = atoi(opt_arg()); + break; case OPT_SPLIT_SEND_FRAG: split_send_fragment = atoi(opt_arg()); - if (split_send_fragment == 0) { - /* - * Not allowed - set to a deliberately bad value so we get an - * error message below - */ - split_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH + 1; - } break; case OPT_MAX_PIPELINES: max_pipelines = atoi(opt_arg()); @@ -1326,21 +1486,64 @@ int s_client_main(int argc, char **argv) case OPT_READ_BUF: read_buf_len = atoi(opt_arg()); break; + case OPT_KEYLOG_FILE: + keylog_file = opt_arg(); + break; + case OPT_EARLY_DATA: + early_data_file = opt_arg(); + break; + case OPT_ENABLE_PHA: + enable_pha = 1; + break; } } if (count4or6 >= 2) { BIO_printf(bio_err, "%s: Can't use both -4 and -6\n", prog); goto opthelp; } + if (noservername) { + if (servername != NULL) { + BIO_printf(bio_err, + "%s: Can't use -servername and -noservername together\n", + prog); + goto opthelp; + } + if (dane_tlsa_domain != NULL) { + BIO_printf(bio_err, + "%s: Can't use -dane_tlsa_domain and -noservername together\n", + prog); + goto opthelp; + } + } argc = opt_num_rest(); - if (argc != 0) + if (argc == 1) { + /* If there's a positional argument, it's the equivalent of + * OPT_CONNECT. + * Don't allow -connect and a separate argument. + */ + if (connectstr != NULL) { + BIO_printf(bio_err, + "%s: must not provide both -connect option and target parameter\n", + prog); + goto opthelp; + } + connect_type = use_inet; + freeandcopy(&connectstr, *opt_rest()); + } else if (argc != 0) { goto opthelp; + } - if (proxystr) { +#ifndef OPENSSL_NO_NEXTPROTONEG + if (min_version == TLS1_3_VERSION && next_proto_neg_in != NULL) { + BIO_printf(bio_err, "Cannot supply -nextprotoneg with TLSv1.3\n"); + goto opthelp; + } +#endif + if (proxystr != NULL) { int res; char *tmp_host = host, *tmp_port = port; if (connectstr == NULL) { - BIO_printf(bio_err, "%s: -proxy requires use of -connect\n", prog); + BIO_printf(bio_err, "%s: -proxy requires use of -connect or target parameter\n", prog); goto opthelp; } res = BIO_parse_hostserv(proxystr, &host, &port, BIO_PARSE_PRIO_HOST); @@ -1365,7 +1568,19 @@ int s_client_main(int argc, char **argv) OPENSSL_free(tmp_port); if (!res) { BIO_printf(bio_err, - "%s: -connect argument malformed or ambiguous\n", + "%s: -connect argument or target parameter malformed or ambiguous\n", + prog); + goto end; + } + } + + if (bindstr != NULL) { + int res; + res = BIO_parse_hostserv(bindstr, &bindhost, &bindport, + BIO_PARSE_PRIO_HOST); + if (!res) { + BIO_printf(bio_err, + "%s: -bind argument parameter malformed or ambiguous\n", prog); goto end; } @@ -1379,15 +1594,16 @@ int s_client_main(int argc, char **argv) } #endif - if (split_send_fragment > SSL3_RT_MAX_PLAIN_LENGTH) { - BIO_printf(bio_err, "Bad split send fragment size\n"); - goto end; - } - - if (max_pipelines > SSL_MAX_PIPELINES) { - BIO_printf(bio_err, "Bad max pipelines value\n"); - goto end; +#ifndef OPENSSL_NO_SCTP + if (protocol == IPPROTO_SCTP) { + if (socket_type != SOCK_DGRAM) { + BIO_printf(bio_err, "Can't use -sctp without DTLS\n"); + goto end; + } + /* SCTP is unusual. It uses DTLS over a SOCK_STREAM protocol */ + socket_type = SOCK_STREAM; } +#endif #if !defined(OPENSSL_NO_NEXTPROTONEG) next_proto.status = -1; @@ -1410,7 +1626,7 @@ int s_client_main(int argc, char **argv) if (key_file == NULL) key_file = cert_file; - if (key_file) { + if (key_file != NULL) { key = load_key(key_file, key_format, 0, pass, e, "client certificate private key file"); if (key == NULL) { @@ -1419,7 +1635,7 @@ int s_client_main(int argc, char **argv) } } - if (cert_file) { + if (cert_file != NULL) { cert = load_cert(cert_file, cert_format, "client certificate file"); if (cert == NULL) { ERR_print_errors(bio_err); @@ -1427,13 +1643,13 @@ int s_client_main(int argc, char **argv) } } - if (chain_file) { + if (chain_file != NULL) { if (!load_certs(chain_file, &chain, FORMAT_PEM, NULL, "client certificate chain")) goto end; } - if (crl_file) { + if (crl_file != NULL) { X509_CRL *crl; crl = load_crl(crl_file, crl_format); if (crl == NULL) { @@ -1453,20 +1669,10 @@ int s_client_main(int argc, char **argv) if (!load_excert(&exc)) goto end; - if (!app_RAND_load_file(NULL, 1) && inrand == NULL - && !RAND_status()) { - BIO_printf(bio_err, - "warning, not much extra random data, consider using the -rand option\n"); - } - if (inrand != NULL) { - randamt = app_RAND_load_files(inrand); - BIO_printf(bio_err, "%ld semi-random bytes loaded\n", randamt); - } - if (bio_c_out == NULL) { if (c_quiet && !c_debug) { bio_c_out = BIO_new(BIO_s_null()); - if (c_msg && !bio_c_msg) + if (c_msg && bio_c_msg == NULL) bio_c_msg = dup_bio_out(FORMAT_TEXT); } else if (bio_c_out == NULL) bio_c_out = dup_bio_out(FORMAT_TEXT); @@ -1484,13 +1690,15 @@ int s_client_main(int argc, char **argv) goto end; } + SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY); + if (sdebug) ssl_ctx_security_debug(ctx, sdebug); if (!config_ctx(cctx, ssl_args, ctx)) goto end; - if (ssl_config) { + if (ssl_config != NULL) { if (SSL_CTX_config(ctx, ssl_config) == 0) { BIO_printf(bio_err, "Error using configuration \"%s\"\n", ssl_config); @@ -1515,23 +1723,57 @@ int s_client_main(int argc, char **argv) if (async) { SSL_CTX_set_mode(ctx, SSL_MODE_ASYNC); } - if (split_send_fragment > 0) { - SSL_CTX_set_split_send_fragment(ctx, split_send_fragment); + + if (max_send_fragment > 0 + && !SSL_CTX_set_max_send_fragment(ctx, max_send_fragment)) { + BIO_printf(bio_err, "%s: Max send fragment size %u is out of permitted range\n", + prog, max_send_fragment); + goto end; + } + + if (split_send_fragment > 0 + && !SSL_CTX_set_split_send_fragment(ctx, split_send_fragment)) { + BIO_printf(bio_err, "%s: Split send fragment size %u is out of permitted range\n", + prog, split_send_fragment); + goto end; } - if (max_pipelines > 0) { - SSL_CTX_set_max_pipelines(ctx, max_pipelines); + + if (max_pipelines > 0 + && !SSL_CTX_set_max_pipelines(ctx, max_pipelines)) { + BIO_printf(bio_err, "%s: Max pipelines %u is out of permitted range\n", + prog, max_pipelines); + goto end; } if (read_buf_len > 0) { SSL_CTX_set_default_read_buffer_len(ctx, read_buf_len); } + if (maxfraglen > 0 + && !SSL_CTX_set_tlsext_max_fragment_length(ctx, maxfraglen)) { + BIO_printf(bio_err, + "%s: Max Fragment Length code %u is out of permitted values" + "\n", prog, maxfraglen); + goto end; + } + if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile, crls, crl_download)) { BIO_printf(bio_err, "Error loading store locations\n"); ERR_print_errors(bio_err); goto end; } + if (ReqCAfile != NULL) { + STACK_OF(X509_NAME) *nm = sk_X509_NAME_new_null(); + + if (nm == NULL || !SSL_add_file_cert_subjects_to_stack(nm, ReqCAfile)) { + sk_X509_NAME_pop_free(nm, X509_NAME_free); + BIO_printf(bio_err, "Error loading CA names\n"); + ERR_print_errors(bio_err); + goto end; + } + SSL_CTX_set0_CA_list(ctx, nm); + } #ifndef OPENSSL_NO_ENGINE if (ssl_client_engine) { if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine)) { @@ -1551,6 +1793,25 @@ int s_client_main(int argc, char **argv) SSL_CTX_set_psk_client_callback(ctx, psk_client_cb); } #endif + if (psksessf != NULL) { + BIO *stmp = BIO_new_file(psksessf, "r"); + + if (stmp == NULL) { + BIO_printf(bio_err, "Can't open PSK session file %s\n", psksessf); + ERR_print_errors(bio_err); + goto end; + } + psksess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL); + BIO_free(stmp); + if (psksess == NULL) { + BIO_printf(bio_err, "Can't read PSK session file %s\n", psksessf); + ERR_print_errors(bio_err); + goto end; + } + } + if (psk_key != NULL || psksess != NULL) + SSL_CTX_set_psk_use_session_callback(ctx, psk_use_session_cb); + #ifndef OPENSSL_NO_SRTP if (srtp_profiles != NULL) { /* Returns 0 on success! */ @@ -1562,11 +1823,11 @@ int s_client_main(int argc, char **argv) } #endif - if (exc) + if (exc != NULL) ssl_ctx_set_excert(ctx, exc); #if !defined(OPENSSL_NO_NEXTPROTONEG) - if (next_proto.data) + if (next_proto.data != NULL) SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto); #endif if (alpn_in) { @@ -1635,7 +1896,7 @@ int s_client_main(int argc, char **argv) if (!set_cert_key_stuff(ctx, cert, key, chain, build_chain)) goto end; - if (servername != NULL) { + if (!noservername) { tlsextcbp.biodebug = bio_err; SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp); @@ -1667,18 +1928,36 @@ int s_client_main(int argc, char **argv) } } + /* + * In TLSv1.3 NewSessionTicket messages arrive after the handshake and can + * come at any time. Therefore we use a callback to write out the session + * when we know about it. This approach works for < TLSv1.3 as well. + */ + SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_CLIENT + | SSL_SESS_CACHE_NO_INTERNAL_STORE); + SSL_CTX_sess_set_new_cb(ctx, new_session_cb); + + if (set_keylog_file(ctx, keylog_file)) + goto end; + con = SSL_new(ctx); - if (sess_in) { + if (con == NULL) + goto end; + + if (enable_pha) + SSL_set_post_handshake_auth(con, 1); + + if (sess_in != NULL) { SSL_SESSION *sess; BIO *stmp = BIO_new_file(sess_in, "r"); - if (!stmp) { + if (stmp == NULL) { BIO_printf(bio_err, "Can't open session file %s\n", sess_in); ERR_print_errors(bio_err); goto end; } sess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL); BIO_free(stmp); - if (!sess) { + if (sess == NULL) { BIO_printf(bio_err, "Can't open session file %s\n", sess_in); ERR_print_errors(bio_err); goto end; @@ -1688,13 +1967,16 @@ int s_client_main(int argc, char **argv) ERR_print_errors(bio_err); goto end; } + SSL_SESSION_free(sess); } if (fallback_scsv) SSL_set_mode(con, SSL_MODE_SEND_FALLBACK_SCSV); - if (servername != NULL) { + if (!noservername && (servername != NULL || dane_tlsa_domain == NULL)) { + if (servername == NULL) + servername = (host == NULL) ? "localhost" : host; if (!SSL_set_tlsext_host_name(con, servername)) { BIO_printf(bio_err, "Unable to set TLS servername extension.\n"); ERR_print_errors(bio_err); @@ -1728,7 +2010,8 @@ int s_client_main(int argc, char **argv) } re_start: - if (init_client(&s, host, port, socket_family, socket_type) == 0) { + if (init_client(&s, host, port, bindhost, bindport, socket_family, + socket_type, protocol) == 0) { BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error()); BIO_closesocket(s); goto end; @@ -1743,10 +2026,16 @@ int s_client_main(int argc, char **argv) BIO_printf(bio_c_out, "Turned on non blocking io\n"); } #ifndef OPENSSL_NO_DTLS - if (socket_type == SOCK_DGRAM) { + if (isdtls) { union BIO_sock_info_u peer_info; - sbio = BIO_new_dgram(s, BIO_NOCLOSE); +#ifndef OPENSSL_NO_SCTP + if (protocol == IPPROTO_SCTP) + sbio = BIO_new_dgram_sctp(s, BIO_NOCLOSE); + else +#endif + sbio = BIO_new_dgram(s, BIO_NOCLOSE); + if ((peer_info.addr = BIO_ADDR_new()) == NULL) { BIO_printf(bio_err, "memory allocation failure\n"); BIO_closesocket(s); @@ -1787,9 +2076,10 @@ int s_client_main(int argc, char **argv) BIO_free(sbio); goto shut; } - } else + } else { /* want to do MTU discovery */ BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL); + } } else #endif /* OPENSSL_NO_DTLS */ sbio = BIO_new_socket(s, BIO_NOCLOSE); @@ -1850,6 +2140,7 @@ int s_client_main(int argc, char **argv) switch ((PROTOCOL_CHOICE) starttls_proto) { case PROTO_OFF: break; + case PROTO_LMTP: case PROTO_SMTP: { /* @@ -1862,27 +2153,34 @@ int s_client_main(int argc, char **argv) */ int foundit = 0; BIO *fbio = BIO_new(BIO_f_buffer()); + BIO_push(fbio, sbio); - /* wait for multi-line response to end from SMTP */ + /* Wait for multi-line response to end from LMTP or SMTP */ do { mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); - } - while (mbuf_len > 3 && mbuf[3] == '-'); - BIO_printf(fbio, "EHLO %s\r\n", ehlo); + } while (mbuf_len > 3 && mbuf[3] == '-'); + if (protohost == NULL) + protohost = "mail.example.com"; + if (starttls_proto == (int)PROTO_LMTP) + BIO_printf(fbio, "LHLO %s\r\n", protohost); + else + BIO_printf(fbio, "EHLO %s\r\n", protohost); (void)BIO_flush(fbio); - /* wait for multi-line response to end EHLO SMTP response */ + /* + * Wait for multi-line response to end LHLO LMTP or EHLO SMTP + * response. + */ do { mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); if (strstr(mbuf, "STARTTLS")) foundit = 1; - } - while (mbuf_len > 3 && mbuf[3] == '-'); + } while (mbuf_len > 3 && mbuf[3] == '-'); (void)BIO_flush(fbio); BIO_pop(fbio); BIO_free(fbio); if (!foundit) BIO_printf(bio_err, - "didn't find starttls in server response," + "Didn't find STARTTLS in server response," " trying anyway...\n"); BIO_printf(sbio, "STARTTLS\r\n"); BIO_read(sbio, sbuf, BUFSIZZ); @@ -1903,6 +2201,7 @@ int s_client_main(int argc, char **argv) { int foundit = 0; BIO *fbio = BIO_new(BIO_f_buffer()); + BIO_push(fbio, sbio); BIO_gets(fbio, mbuf, BUFSIZZ); /* STARTTLS command requires CAPABILITY... */ @@ -1920,7 +2219,7 @@ int s_client_main(int argc, char **argv) BIO_free(fbio); if (!foundit) BIO_printf(bio_err, - "didn't find STARTTLS in server response," + "Didn't find STARTTLS in server response," " trying anyway...\n"); BIO_printf(sbio, ". STARTTLS\r\n"); BIO_read(sbio, sbuf, BUFSIZZ); @@ -1929,6 +2228,7 @@ int s_client_main(int argc, char **argv) case PROTO_FTP: { BIO *fbio = BIO_new(BIO_f_buffer()); + BIO_push(fbio, sbio); /* wait for multi-line response to end from FTP */ do { @@ -1950,9 +2250,13 @@ int s_client_main(int argc, char **argv) "xmlns:stream='http://etherx.jabber.org/streams' " "xmlns='jabber:%s' to='%s' version='1.0'>", starttls_proto == PROTO_XMPP ? "client" : "server", - xmpphost ? xmpphost : host); + protohost ? protohost : host); seen = BIO_read(sbio, mbuf, BUFSIZZ); - mbuf[seen] = 0; + if (seen < 0) { + BIO_printf(bio_err, "BIO_read failed\n"); + goto end; + } + mbuf[seen] = '\0'; while (!strstr (mbuf, ""); seen = BIO_read(sbio, sbuf, BUFSIZZ); - sbuf[seen] = 0; + if (seen < 0) { + BIO_printf(bio_err, "BIO_read failed\n"); + goto shut; + } + sbuf[seen] = '\0'; if (!strstr(sbuf, "= bytes) { + BIO_printf(bio_err, "Cannot confirm server version. "); + goto shut; + } else if (packet[pos++] == '\0') { + break; + } + } + + /* make sure we have at least 15 bytes left in the packet */ + if (pos + 15 > bytes) { + BIO_printf(bio_err, + "MySQL server handshake packet is broken.\n"); + goto shut; + } + + pos += 12; /* skip over conn id[4] + SALT[8] */ + if (packet[pos++] != '\0') { /* verify filler */ + BIO_printf(bio_err, + "MySQL packet is broken.\n"); + goto shut; + } + + /* capability flags[2] */ + if (!((packet[pos] + (packet[pos + 1] << 8)) & ssl_flg)) { + BIO_printf(bio_err, "MySQL server does not support SSL.\n"); + goto shut; + } + + /* Sending SSL Handshake packet. */ + BIO_write(sbio, ssl_req, sizeof(ssl_req)); + (void)BIO_flush(sbio); + } + break; + case PROTO_POSTGRES: + { + static const unsigned char ssl_request[] = { + /* Length SSLRequest */ + 0, 0, 0, 8, 4, 210, 22, 47 + }; + int bytes; + + /* Send SSLRequest packet */ + BIO_write(sbio, ssl_request, 8); + (void)BIO_flush(sbio); + + /* Reply will be a single S if SSL is enabled */ + bytes = BIO_read(sbio, sbuf, BUFSIZZ); + if (bytes != 1 || sbuf[0] != 'S') + goto shut; + } + break; + case PROTO_NNTP: + { + int foundit = 0; + BIO *fbio = BIO_new(BIO_f_buffer()); + + BIO_push(fbio, sbio); + BIO_gets(fbio, mbuf, BUFSIZZ); + /* STARTTLS command requires CAPABILITIES... */ + BIO_printf(fbio, "CAPABILITIES\r\n"); + (void)BIO_flush(fbio); + /* wait for multi-line CAPABILITIES response */ + do { + mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); + if (strstr(mbuf, "STARTTLS")) + foundit = 1; + } while (mbuf_len > 1 && mbuf[0] != '.'); + (void)BIO_flush(fbio); + BIO_pop(fbio); + BIO_free(fbio); + if (!foundit) + BIO_printf(bio_err, + "Didn't find STARTTLS in server response," + " trying anyway...\n"); + BIO_printf(sbio, "STARTTLS\r\n"); + mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ); + if (mbuf_len < 0) { + BIO_printf(bio_err, "BIO_read failed\n"); + goto end; + } + mbuf[mbuf_len] = '\0'; + if (strstr(mbuf, "382") == NULL) { + BIO_printf(bio_err, "STARTTLS failed: %s", mbuf); + goto shut; + } + } + break; + case PROTO_SIEVE: + { + int foundit = 0; + BIO *fbio = BIO_new(BIO_f_buffer()); + + BIO_push(fbio, sbio); + /* wait for multi-line response to end from Sieve */ + do { + mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); + /* + * According to RFC 5804 § 1.7, capability + * is case-insensitive, make it uppercase + */ + if (mbuf_len > 1 && mbuf[0] == '"') { + make_uppercase(mbuf); + if (strncmp(mbuf, "\"STARTTLS\"", 10) == 0) + foundit = 1; + } + } while (mbuf_len > 1 && mbuf[0] == '"'); + (void)BIO_flush(fbio); + BIO_pop(fbio); + BIO_free(fbio); + if (!foundit) + BIO_printf(bio_err, + "Didn't find STARTTLS in server response," + " trying anyway...\n"); + BIO_printf(sbio, "STARTTLS\r\n"); + mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ); + if (mbuf_len < 0) { + BIO_printf(bio_err, "BIO_read failed\n"); + goto end; + } + mbuf[mbuf_len] = '\0'; + if (mbuf_len < 2) { + BIO_printf(bio_err, "STARTTLS failed: %s", mbuf); + goto shut; + } + /* + * According to RFC 5804 § 2.2, response codes are case- + * insensitive, make it uppercase but preserve the response. + */ + strncpy(sbuf, mbuf, 2); + make_uppercase(sbuf); + if (strncmp(sbuf, "OK", 2) != 0) { + BIO_printf(bio_err, "STARTTLS not supported: %s", mbuf); + goto shut; + } + } + break; + case PROTO_LDAP: + { + /* StartTLS Operation according to RFC 4511 */ + static char ldap_tls_genconf[] = "asn1=SEQUENCE:LDAPMessage\n" + "[LDAPMessage]\n" + "messageID=INTEGER:1\n" + "extendedReq=EXPLICIT:23A,IMPLICIT:0C," + "FORMAT:ASCII,OCT:1.3.6.1.4.1.1466.20037\n"; + long errline = -1; + char *genstr = NULL; + int result = -1; + ASN1_TYPE *atyp = NULL; + BIO *ldapbio = BIO_new(BIO_s_mem()); + CONF *cnf = NCONF_new(NULL); + + if (cnf == NULL) { + BIO_free(ldapbio); + goto end; + } + BIO_puts(ldapbio, ldap_tls_genconf); + if (NCONF_load_bio(cnf, ldapbio, &errline) <= 0) { + BIO_free(ldapbio); + NCONF_free(cnf); + if (errline <= 0) { + BIO_printf(bio_err, "NCONF_load_bio failed\n"); + goto end; + } else { + BIO_printf(bio_err, "Error on line %ld\n", errline); + goto end; + } + } + BIO_free(ldapbio); + genstr = NCONF_get_string(cnf, "default", "asn1"); + if (genstr == NULL) { + NCONF_free(cnf); + BIO_printf(bio_err, "NCONF_get_string failed\n"); + goto end; + } + atyp = ASN1_generate_nconf(genstr, cnf); + if (atyp == NULL) { + NCONF_free(cnf); + BIO_printf(bio_err, "ASN1_generate_nconf failed\n"); + goto end; + } + NCONF_free(cnf); + + /* Send SSLRequest packet */ + BIO_write(sbio, atyp->value.sequence->data, + atyp->value.sequence->length); + (void)BIO_flush(sbio); + ASN1_TYPE_free(atyp); + + mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ); + if (mbuf_len < 0) { + BIO_printf(bio_err, "BIO_read failed\n"); + goto end; + } + result = ldap_ExtendedResponse_parse(mbuf, mbuf_len); + if (result < 0) { + BIO_printf(bio_err, "ldap_ExtendedResponse_parse failed\n"); + goto shut; + } else if (result > 0) { + BIO_printf(bio_err, "STARTTLS failed, LDAP Result Code: %i\n", + result); + goto shut; + } + mbuf_len = 0; + } + break; + } + + if (early_data_file != NULL + && ((SSL_get0_session(con) != NULL + && SSL_SESSION_get_max_early_data(SSL_get0_session(con)) > 0) + || (psksess != NULL + && SSL_SESSION_get_max_early_data(psksess) > 0))) { + BIO *edfile = BIO_new_file(early_data_file, "r"); + size_t readbytes, writtenbytes; + int finish = 0; + + if (edfile == NULL) { + BIO_printf(bio_err, "Cannot open early data file\n"); + goto shut; + } + + while (!finish) { + if (!BIO_read_ex(edfile, cbuf, BUFSIZZ, &readbytes)) + finish = 1; + + while (!SSL_write_early_data(con, cbuf, readbytes, &writtenbytes)) { + switch (SSL_get_error(con, 0)) { + case SSL_ERROR_WANT_WRITE: + case SSL_ERROR_WANT_ASYNC: + case SSL_ERROR_WANT_READ: + /* Just keep trying - busy waiting */ + continue; + default: + BIO_printf(bio_err, "Error writing early data\n"); + BIO_free(edfile); + ERR_print_errors(bio_err); + goto shut; + } + } + } + + BIO_free(edfile); } for (;;) { @@ -2120,7 +2727,8 @@ int s_client_main(int argc, char **argv) else timeoutp = NULL; - if (SSL_in_init(con) && !SSL_total_renegotiations(con)) { + if (!SSL_is_init_finished(con) && SSL_total_renegotiations(con) == 0 + && SSL_get_key_update_type(con) == SSL_KEY_UPDATE_NONE) { in_init = 1; tty_on = 0; } else { @@ -2128,15 +2736,6 @@ int s_client_main(int argc, char **argv) if (in_init) { in_init = 0; - if (sess_out) { - BIO *stmp = BIO_new_file(sess_out, "w"); - if (stmp) { - PEM_write_bio_SSL_SESSION(stmp, SSL_get_session(con)); - BIO_free(stmp); - } else - BIO_printf(bio_err, "Error writing session file %s\n", - sess_out); - } if (c_brief) { BIO_puts(bio_err, "CONNECTION ESTABLISHED\n"); print_ssl_summary(con); @@ -2231,7 +2830,6 @@ int s_client_main(int argc, char **argv) BIO_printf(bio_err, "bad select %d\n", get_last_socket_error()); goto shut; - /* goto end; */ } } @@ -2320,10 +2918,9 @@ int s_client_main(int argc, char **argv) BIO_printf(bio_c_out, "DONE\n"); ret = 0; goto shut; - /* goto end; */ } - sbuf_len -= i;; + sbuf_len -= i; sbuf_off += i; if (sbuf_len <= 0) { read_ssl = 1; @@ -2390,7 +2987,6 @@ int s_client_main(int argc, char **argv) case SSL_ERROR_SSL: ERR_print_errors(bio_err); goto shut; - /* break; */ } } /* OPENSSL_SYS_MSDOS includes OPENSSL_SYS_WINDOWS */ @@ -2436,6 +3032,15 @@ int s_client_main(int argc, char **argv) SSL_renegotiate(con); cbuf_len = 0; } + + if (!c_ign_eof && (cbuf[0] == 'K' || cbuf[0] == 'k' ) + && cmdletters) { + BIO_printf(bio_err, "KEYUPDATE\n"); + SSL_key_update(con, + cbuf[0] == 'K' ? SSL_KEY_UPDATE_REQUESTED + : SSL_KEY_UPDATE_NOT_REQUESTED); + cbuf_len = 0; + } #ifndef OPENSSL_NO_HEARTBEATS else if ((!c_ign_eof) && (cbuf[0] == 'B' && cmdletters)) { BIO_printf(bio_err, "HEARTBEATING\n"); @@ -2462,19 +3067,6 @@ int s_client_main(int argc, char **argv) print_stuff(bio_c_out, con, full_log); do_ssl_shutdown(con); - /* - * Give the socket time to send its last data before we close it. - * No amount of setting SO_LINGER etc on the socket seems to persuade - * Windows to send the data before closing the socket...but sleeping - * for a short time seems to do it (units in ms) - * TODO: Find a better way to do this - */ -#if defined(OPENSSL_SYS_WINDOWS) - Sleep(50); -#elif defined(OPENSSL_SYS_CYGWIN) - usleep(50000); -#endif - /* * If we ended with an alert being sent, but still with data in the * network buffer to be read, then calling BIO_closesocket() will @@ -2486,6 +3078,19 @@ int s_client_main(int argc, char **argv) * TCP-RST. This seems to allow the peer to read the alert data. */ shutdown(SSL_get_fd(con), 1); /* SHUT_WR */ + /* + * We just said we have nothing else to say, but it doesn't mean that + * the other side has nothing. It's even recommended to consume incoming + * data. [In testing context this ensures that alerts are passed on...] + */ + timeout.tv_sec = 0; + timeout.tv_usec = 500000; /* some extreme round-trip */ + do { + FD_ZERO(&readfds); + openssl_fdset(s, &readfds); + } while (select(s + 1, &readfds, NULL, NULL, &timeout) > 0 + && BIO_read(sbio, sbuf, BUFSIZZ) > 0); + BIO_closesocket(SSL_get_fd(con)); end: if (con != NULL) { @@ -2493,10 +3098,12 @@ int s_client_main(int argc, char **argv) print_stuff(bio_c_out, con, 1); SSL_free(con); } + SSL_SESSION_free(psksess); #if !defined(OPENSSL_NO_NEXTPROTONEG) OPENSSL_free(next_proto.data); #endif SSL_CTX_free(ctx); + set_keylog_file(NULL, NULL); X509_free(cert); sk_X509_CRL_pop_free(crls, X509_CRL_free); EVP_PKEY_free(key); @@ -2506,6 +3113,7 @@ int s_client_main(int argc, char **argv) OPENSSL_free(srp_arg.srppassin); #endif OPENSSL_free(connectstr); + OPENSSL_free(bindstr); OPENSSL_free(host); OPENSSL_free(port); X509_VERIFY_PARAM_free(vpm); @@ -2521,18 +3129,16 @@ int s_client_main(int argc, char **argv) bio_c_out = NULL; BIO_free(bio_c_msg); bio_c_msg = NULL; - return (ret); + return ret; } static void print_stuff(BIO *bio, SSL *s, int full) { X509 *peer = NULL; - char buf[BUFSIZ]; STACK_OF(X509) *sk; - STACK_OF(X509_NAME) *sk2; const SSL_CIPHER *c; - X509_NAME *xn; - int i; + int i, istls13 = (SSL_version(s) == TLS1_3_VERSION); + long verify_result; #ifndef OPENSSL_NO_COMP const COMP_METHOD *comp, *expansion; #endif @@ -2550,12 +3156,12 @@ static void print_stuff(BIO *bio, SSL *s, int full) BIO_printf(bio, "---\nCertificate chain\n"); for (i = 0; i < sk_X509_num(sk); i++) { - X509_NAME_oneline(X509_get_subject_name(sk_X509_value(sk, i)), - buf, sizeof(buf)); - BIO_printf(bio, "%2d s:%s\n", i, buf); - X509_NAME_oneline(X509_get_issuer_name(sk_X509_value(sk, i)), - buf, sizeof(buf)); - BIO_printf(bio, " i:%s\n", buf); + BIO_printf(bio, "%2d s:", i); + X509_NAME_print_ex(bio, X509_get_subject_name(sk_X509_value(sk, i)), 0, get_nameopt()); + BIO_puts(bio, "\n"); + BIO_printf(bio, " i:"); + X509_NAME_print_ex(bio, X509_get_issuer_name(sk_X509_value(sk, i)), 0, get_nameopt()); + BIO_puts(bio, "\n"); if (c_showcerts) PEM_write_bio_X509(bio, sk_X509_value(sk, i)); } @@ -2569,25 +3175,11 @@ static void print_stuff(BIO *bio, SSL *s, int full) /* Redundant if we showed the whole chain */ if (!(c_showcerts && got_a_chain)) PEM_write_bio_X509(bio, peer); - X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof(buf)); - BIO_printf(bio, "subject=%s\n", buf); - X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof(buf)); - BIO_printf(bio, "issuer=%s\n", buf); - } else - BIO_printf(bio, "no peer certificate available\n"); - - sk2 = SSL_get_client_CA_list(s); - if ((sk2 != NULL) && (sk_X509_NAME_num(sk2) > 0)) { - BIO_printf(bio, "---\nAcceptable client certificate CA names\n"); - for (i = 0; i < sk_X509_NAME_num(sk2); i++) { - xn = sk_X509_NAME_value(sk2, i); - X509_NAME_oneline(xn, buf, sizeof(buf)); - BIO_write(bio, buf, strlen(buf)); - BIO_write(bio, "\n", 1); - } + dump_cert_text(bio, peer); } else { - BIO_printf(bio, "---\nNo client certificate CA names sent\n"); + BIO_printf(bio, "no peer certificate available\n"); } + print_ca_names(bio, s); ssl_print_sigalgs(bio, s); ssl_print_tmp_key(bio, s); @@ -2626,8 +3218,8 @@ static void print_stuff(BIO *bio, SSL *s, int full) #endif BIO_printf(bio, - "---\nSSL handshake has read %"BIO_PRI64"u" - " bytes and written %"BIO_PRI64"u bytes\n", + "---\nSSL handshake has read %ju bytes " + "and written %ju bytes\n", BIO_number_read(SSL_get_rbio(s)), BIO_number_written(SSL_get_wbio(s))); } @@ -2703,7 +3295,35 @@ static void print_stuff(BIO *bio, SSL *s, int full) } #endif - SSL_SESSION_print(bio, SSL_get_session(s)); + if (istls13) { + switch (SSL_get_early_data_status(s)) { + case SSL_EARLY_DATA_NOT_SENT: + BIO_printf(bio, "Early data was not sent\n"); + break; + + case SSL_EARLY_DATA_REJECTED: + BIO_printf(bio, "Early data was rejected\n"); + break; + + case SSL_EARLY_DATA_ACCEPTED: + BIO_printf(bio, "Early data was accepted\n"); + break; + + } + + /* + * We also print the verify results when we dump session information, + * but in TLSv1.3 we may not get that right away (or at all) depending + * on when we get a NewSessionTicket. Therefore we print it now as well. + */ + verify_result = SSL_get_verify_result(s); + BIO_printf(bio, "Verify return code: %ld (%s)\n", verify_result, + X509_verify_cert_error_string(verify_result)); + } else { + /* In TLSv1.3 we do this on arrival of a NewSessionTicket */ + SSL_SESSION_print(bio, SSL_get_session(s)); + } + if (SSL_get_session(s) != NULL && keymatexportlabel != NULL) { BIO_printf(bio, "Keying material exporter:\n"); BIO_printf(bio, " Label: '%s'\n", keymatexportlabel); @@ -2737,12 +3357,12 @@ static int ocsp_resp_cb(SSL *s, void *arg) OCSP_RESPONSE *rsp; len = SSL_get_tlsext_status_ocsp_resp(s, &p); BIO_puts(arg, "OCSP response: "); - if (!p) { + if (p == NULL) { BIO_puts(arg, "no response sent\n"); return 1; } rsp = d2i_OCSP_RESPONSE(NULL, &p, len); - if (!rsp) { + if (rsp == NULL) { BIO_puts(arg, "response parse error\n"); BIO_dump_indent(arg, (char *)p, len, 4); return 0; @@ -2755,4 +3375,88 @@ static int ocsp_resp_cb(SSL *s, void *arg) } # endif +static int ldap_ExtendedResponse_parse(const char *buf, long rem) +{ + const unsigned char *cur, *end; + long len; + int tag, xclass, inf, ret = -1; + + cur = (const unsigned char *)buf; + end = cur + rem; + + /* + * From RFC 4511: + * + * LDAPMessage ::= SEQUENCE { + * messageID MessageID, + * protocolOp CHOICE { + * ... + * extendedResp ExtendedResponse, + * ... }, + * controls [0] Controls OPTIONAL } + * + * ExtendedResponse ::= [APPLICATION 24] SEQUENCE { + * COMPONENTS OF LDAPResult, + * responseName [10] LDAPOID OPTIONAL, + * responseValue [11] OCTET STRING OPTIONAL } + * + * LDAPResult ::= SEQUENCE { + * resultCode ENUMERATED { + * success (0), + * ... + * other (80), + * ... }, + * matchedDN LDAPDN, + * diagnosticMessage LDAPString, + * referral [3] Referral OPTIONAL } + */ + + /* pull SEQUENCE */ + inf = ASN1_get_object(&cur, &len, &tag, &xclass, rem); + if (inf != V_ASN1_CONSTRUCTED || tag != V_ASN1_SEQUENCE || + (rem = end - cur, len > rem)) { + BIO_printf(bio_err, "Unexpected LDAP response\n"); + goto end; + } + + rem = len; /* ensure that we don't overstep the SEQUENCE */ + + /* pull MessageID */ + inf = ASN1_get_object(&cur, &len, &tag, &xclass, rem); + if (inf != V_ASN1_UNIVERSAL || tag != V_ASN1_INTEGER || + (rem = end - cur, len > rem)) { + BIO_printf(bio_err, "No MessageID\n"); + goto end; + } + + cur += len; /* shall we check for MessageId match or just skip? */ + + /* pull [APPLICATION 24] */ + rem = end - cur; + inf = ASN1_get_object(&cur, &len, &tag, &xclass, rem); + if (inf != V_ASN1_CONSTRUCTED || xclass != V_ASN1_APPLICATION || + tag != 24) { + BIO_printf(bio_err, "Not ExtendedResponse\n"); + goto end; + } + + /* pull resultCode */ + rem = end - cur; + inf = ASN1_get_object(&cur, &len, &tag, &xclass, rem); + if (inf != V_ASN1_UNIVERSAL || tag != V_ASN1_ENUMERATED || len == 0 || + (rem = end - cur, len > rem)) { + BIO_printf(bio_err, "Not LDAPResult\n"); + goto end; + } + + /* len should always be one, but just in case... */ + for (ret = 0, inf = 0; inf < len; inf++) { + ret <<= 8; + ret |= cur[inf]; + } + /* There is more data, but we don't care... */ + end: + return ret; +} + #endif /* OPENSSL_NO_SOCK */ diff --git a/deps/openssl/openssl/apps/s_server.c b/deps/openssl/openssl/apps/s_server.c index 86298334bd6919..ac7dca607ba471 100644 --- a/deps/openssl/openssl/apps/s_server.c +++ b/deps/openssl/openssl/apps/s_server.c @@ -1,5 +1,7 @@ /* * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * Copyright 2005 Nokia. All rights reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,38 +9,6 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECC cipher suite support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - #include #include #include @@ -65,10 +35,9 @@ typedef unsigned int u_int; #endif -#include #include -#define USE_SOCKETS #include "apps.h" +#include "progs.h" #include #include #include @@ -89,21 +58,23 @@ typedef unsigned int u_int; #ifdef CHARSET_EBCDIC #include #endif +#include "internal/sockets.h" static int not_resumable_sess_cb(SSL *s, int is_forward_secure); -static int sv_body(int s, int stype, unsigned char *context); -static int www_body(int s, int stype, unsigned char *context); -static int rev_body(int s, int stype, unsigned char *context); +static int sv_body(int s, int stype, int prot, unsigned char *context); +static int www_body(int s, int stype, int prot, unsigned char *context); +static int rev_body(int s, int stype, int prot, unsigned char *context); static void close_accept_socket(void); static int init_ssl_connection(SSL *s); static void print_stats(BIO *bp, SSL_CTX *ctx); -static int generate_session_id(const SSL *ssl, unsigned char *id, +static int generate_session_id(SSL *ssl, unsigned char *id, unsigned int *id_len); static void init_session_cache_ctx(SSL_CTX *sctx); static void free_sessions(void); #ifndef OPENSSL_NO_DH static DH *load_dh_param(const char *dhfile); #endif +static void print_connection_info(SSL *con); static const int bufsize = 16 * 1024; static int accept_socket = -1; @@ -144,11 +115,15 @@ static long socket_mtu; * code. */ static int dtlslisten = 0; +static int stateless = 0; -#ifndef OPENSSL_NO_PSK -static const char psk_identity[] = "Client_identity"; +static int early_data = 0; +static SSL_SESSION *psksess = NULL; + +static char *psk_identity = "Client_identity"; char *psk_key = NULL; /* by default PSK is not used */ +#ifndef OPENSSL_NO_PSK static unsigned int psk_server_cb(SSL *ssl, const char *identity, unsigned char *psk, unsigned int max_psk_len) @@ -158,7 +133,7 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity, if (s_debug) BIO_printf(bio_s_out, "psk_server_cb\n"); - if (!identity) { + if (identity == NULL) { BIO_printf(bio_err, "Error: client did not send PSK identity\n"); goto out_err; } @@ -168,12 +143,12 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity, /* here we could lookup the given identity e.g. from a database */ if (strcmp(identity, psk_identity) != 0) { - BIO_printf(bio_s_out, "PSK error: client identity not found" + BIO_printf(bio_s_out, "PSK warning: client identity not what we expected" " (got '%s' expected '%s')\n", identity, psk_identity); - goto out_err; - } - if (s_debug) + } else { + if (s_debug) BIO_printf(bio_s_out, "PSK client identity found\n"); + } /* convert the PSK key to binary */ key = OPENSSL_hexstr2buf(psk_key, &key_len); @@ -205,6 +180,58 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity, } #endif +#define TLS13_AES_128_GCM_SHA256_BYTES ((const unsigned char *)"\x13\x01") +#define TLS13_AES_256_GCM_SHA384_BYTES ((const unsigned char *)"\x13\x02") + +static int psk_find_session_cb(SSL *ssl, const unsigned char *identity, + size_t identity_len, SSL_SESSION **sess) +{ + SSL_SESSION *tmpsess = NULL; + unsigned char *key; + long key_len; + const SSL_CIPHER *cipher = NULL; + + if (strlen(psk_identity) != identity_len + || memcmp(psk_identity, identity, identity_len) != 0) { + *sess = NULL; + return 1; + } + + if (psksess != NULL) { + SSL_SESSION_up_ref(psksess); + *sess = psksess; + return 1; + } + + key = OPENSSL_hexstr2buf(psk_key, &key_len); + if (key == NULL) { + BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n", + psk_key); + return 0; + } + + /* We default to SHA256 */ + cipher = SSL_CIPHER_find(ssl, tls13_aes128gcmsha256_id); + if (cipher == NULL) { + BIO_printf(bio_err, "Error finding suitable ciphersuite\n"); + OPENSSL_free(key); + return 0; + } + + tmpsess = SSL_SESSION_new(); + if (tmpsess == NULL + || !SSL_SESSION_set1_master_key(tmpsess, key, key_len) + || !SSL_SESSION_set_cipher(tmpsess, cipher) + || !SSL_SESSION_set_protocol_version(tmpsess, SSL_version(ssl))) { + OPENSSL_free(key); + return 0; + } + OPENSSL_free(key); + *sess = tmpsess; + + return 1; +} + #ifndef OPENSSL_NO_SRP /* This is a context that we pass to callbacks */ typedef struct srpsrvparm_st { @@ -212,6 +239,7 @@ typedef struct srpsrvparm_st { SRP_VBASE *vb; SRP_user_pwd *user; } srpsrvparm; +static srpsrvparm srp_callback_parm; /* * This callback pretends to require some asynchronous logic in order to @@ -229,7 +257,7 @@ static int ssl_srp_server_param_cb(SSL *s, int *ad, void *arg) if (p->login == NULL && p->user == NULL) { p->login = SSL_get_srp_username(s); BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login); - return (-1); + return -1; } if (p->user == NULL) { @@ -329,9 +357,9 @@ static int ebcdic_read(BIO *b, char *out, int outl) BIO *next = BIO_next(b); if (out == NULL || outl == 0) - return (0); + return 0; if (next == NULL) - return (0); + return 0; ret = BIO_read(next, out, outl); if (ret > 0) @@ -347,7 +375,7 @@ static int ebcdic_write(BIO *b, const char *in, int inl) int num; if ((in == NULL) || (inl <= 0)) - return (0); + return 0; if (next == NULL) return 0; @@ -370,7 +398,7 @@ static int ebcdic_write(BIO *b, const char *in, int inl) ret = BIO_write(next, wbuf->buff, inl); - return (ret); + return ret; } static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr) @@ -379,7 +407,7 @@ static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr) BIO *next = BIO_next(b); if (next == NULL) - return (0); + return 0; switch (cmd) { case BIO_CTRL_DUP: ret = 0L; @@ -388,7 +416,7 @@ static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr) ret = BIO_ctrl(next, cmd, num, ptr); break; } - return (ret); + return ret; } static int ebcdic_gets(BIO *bp, char *buf, int size) @@ -432,17 +460,25 @@ static int ssl_servername_cb(SSL *s, int *ad, void *arg) { tlsextctx *p = (tlsextctx *) arg; const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); - if (servername && p->biodebug) - BIO_printf(p->biodebug, "Hostname in TLS extension: \"%s\"\n", - servername); - if (!p->servername) + if (servername != NULL && p->biodebug != NULL) { + const char *cp = servername; + unsigned char uc; + + BIO_printf(p->biodebug, "Hostname in TLS extension: \""); + while ((uc = *cp++) != 0) + BIO_printf(p->biodebug, + isascii(uc) && isprint(uc) ? "%c" : "\\x%02x", uc); + BIO_printf(p->biodebug, "\"\n"); + } + + if (p->servername == NULL) return SSL_TLSEXT_ERR_NOACK; - if (servername) { + if (servername != NULL) { if (strcasecmp(servername, p->servername)) return p->extension_error; - if (ctx2) { + if (ctx2 != NULL) { BIO_printf(p->biodebug, "Switching server context.\n"); SSL_set_SSL_CTX(s, ctx2); } @@ -452,49 +488,45 @@ static int ssl_servername_cb(SSL *s, int *ad, void *arg) /* Structure passed to cert status callback */ typedef struct tlsextstatusctx_st { + int timeout; + /* File to load OCSP Response from (or NULL if no file) */ + char *respin; /* Default responder to use */ char *host, *path, *port; int use_ssl; - int timeout; int verbose; } tlsextstatusctx; -static tlsextstatusctx tlscstatp = { NULL, NULL, NULL, 0, -1, 0 }; +static tlsextstatusctx tlscstatp = { -1 }; #ifndef OPENSSL_NO_OCSP + /* - * Certificate Status callback. This is called when a client includes a - * certificate status request extension. This is a simplified version. It - * examines certificates each time and makes one OCSP responder query for - * each request. A full version would store details such as the OCSP - * certificate IDs and minimise the number of OCSP responses by caching them - * until they were considered "expired". + * Helper function to get an OCSP_RESPONSE from a responder. This is a + * simplified version. It examines certificates each time and makes one OCSP + * responder query for each request. A full version would store details such as + * the OCSP certificate IDs and minimise the number of OCSP responses by caching + * them until they were considered "expired". */ - -static int cert_status_cb(SSL *s, void *arg) +static int get_ocsp_resp_from_responder(SSL *s, tlsextstatusctx *srctx, + OCSP_RESPONSE **resp) { - tlsextstatusctx *srctx = arg; char *host = NULL, *port = NULL, *path = NULL; int use_ssl; - unsigned char *rspder = NULL; - int rspderlen; STACK_OF(OPENSSL_STRING) *aia = NULL; X509 *x = NULL; X509_STORE_CTX *inctx = NULL; X509_OBJECT *obj; OCSP_REQUEST *req = NULL; - OCSP_RESPONSE *resp = NULL; OCSP_CERTID *id = NULL; STACK_OF(X509_EXTENSION) *exts; int ret = SSL_TLSEXT_ERR_NOACK; int i; - if (srctx->verbose) - BIO_puts(bio_err, "cert_status: callback called\n"); /* Build up OCSP query from server certificate */ x = SSL_get_certificate(s); aia = X509_get1_ocsp(x); - if (aia) { + if (aia != NULL) { if (!OCSP_parse_url(sk_OPENSSL_STRING_value(aia, 0), &host, &port, &path, &use_ssl)) { BIO_puts(bio_err, "cert_status: can't parse AIA URL\n"); @@ -504,7 +536,7 @@ static int cert_status_cb(SSL *s, void *arg) BIO_printf(bio_err, "cert_status: AIA URL: %s\n", sk_OPENSSL_STRING_value(aia, 0)); } else { - if (!srctx->host) { + if (srctx->host == NULL) { BIO_puts(bio_err, "cert_status: no AIA and no default responder URL\n"); goto done; @@ -530,7 +562,7 @@ static int cert_status_cb(SSL *s, void *arg) } id = OCSP_cert_to_id(NULL, x, X509_OBJECT_get0_X509(obj)); X509_OBJECT_free(obj); - if (!id) + if (id == NULL) goto err; req = OCSP_REQUEST_new(); if (req == NULL) @@ -545,29 +577,24 @@ static int cert_status_cb(SSL *s, void *arg) if (!OCSP_REQUEST_add_ext(req, ext, -1)) goto err; } - resp = process_responder(req, host, path, port, use_ssl, NULL, + *resp = process_responder(req, host, path, port, use_ssl, NULL, srctx->timeout); - if (!resp) { + if (*resp == NULL) { BIO_puts(bio_err, "cert_status: error querying responder\n"); goto done; } - rspderlen = i2d_OCSP_RESPONSE(resp, &rspder); - if (rspderlen <= 0) - goto err; - SSL_set_tlsext_status_ocsp_resp(s, rspder, rspderlen); - if (srctx->verbose) { - BIO_puts(bio_err, "cert_status: ocsp response sent:\n"); - OCSP_RESPONSE_print(bio_err, resp, 2); - } + ret = SSL_TLSEXT_ERR_OK; goto done; err: ret = SSL_TLSEXT_ERR_ALERT_FATAL; done: - if (ret != SSL_TLSEXT_ERR_OK) - ERR_print_errors(bio_err); - if (aia) { + /* + * If we parsed aia we need to free; otherwise they were copied and we + * don't + */ + if (aia != NULL) { OPENSSL_free(host); OPENSSL_free(path); OPENSSL_free(port); @@ -575,10 +602,64 @@ static int cert_status_cb(SSL *s, void *arg) } OCSP_CERTID_free(id); OCSP_REQUEST_free(req); - OCSP_RESPONSE_free(resp); X509_STORE_CTX_free(inctx); return ret; } + +/* + * Certificate Status callback. This is called when a client includes a + * certificate status request extension. The response is either obtained from a + * file, or from an OCSP responder. + */ +static int cert_status_cb(SSL *s, void *arg) +{ + tlsextstatusctx *srctx = arg; + OCSP_RESPONSE *resp = NULL; + unsigned char *rspder = NULL; + int rspderlen; + int ret = SSL_TLSEXT_ERR_ALERT_FATAL; + + if (srctx->verbose) + BIO_puts(bio_err, "cert_status: callback called\n"); + + if (srctx->respin != NULL) { + BIO *derbio = bio_open_default(srctx->respin, 'r', FORMAT_ASN1); + if (derbio == NULL) { + BIO_puts(bio_err, "cert_status: Cannot open OCSP response file\n"); + goto err; + } + resp = d2i_OCSP_RESPONSE_bio(derbio, NULL); + BIO_free(derbio); + if (resp == NULL) { + BIO_puts(bio_err, "cert_status: Error reading OCSP response\n"); + goto err; + } + } else { + ret = get_ocsp_resp_from_responder(s, srctx, &resp); + if (ret != SSL_TLSEXT_ERR_OK) + goto err; + } + + rspderlen = i2d_OCSP_RESPONSE(resp, &rspder); + if (rspderlen <= 0) + goto err; + + SSL_set_tlsext_status_ocsp_resp(s, rspder, rspderlen); + if (srctx->verbose) { + BIO_puts(bio_err, "cert_status: ocsp response sent:\n"); + OCSP_RESPONSE_print(bio_err, resp, 2); + } + + ret = SSL_TLSEXT_ERR_OK; + + err: + if (ret != SSL_TLSEXT_ERR_OK) + ERR_print_errors(bio_err); + + OCSP_RESPONSE_free(resp); + + return ret; +} #endif #ifndef OPENSSL_NO_NEXTPROTONEG @@ -645,17 +726,10 @@ static int not_resumable_sess_cb(SSL *s, int is_forward_secure) return is_forward_secure; } -#ifndef OPENSSL_NO_SRP -static srpsrvparm srp_callback_parm; -#endif -#ifndef OPENSSL_NO_SRTP -static char *srtp_profiles = NULL; -#endif - typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ENGINE, OPT_4, OPT_6, OPT_ACCEPT, OPT_PORT, OPT_UNIX, OPT_UNLINK, OPT_NACCEPT, - OPT_VERIFY, OPT_UPPER_V_VERIFY, OPT_CONTEXT, OPT_CERT, OPT_CRL, + OPT_VERIFY, OPT_NAMEOPT, OPT_UPPER_V_VERIFY, OPT_CONTEXT, OPT_CERT, OPT_CRL, OPT_CRL_DOWNLOAD, OPT_SERVERINFO, OPT_CERTFORM, OPT_KEY, OPT_KEYFORM, OPT_PASS, OPT_CERT_CHAIN, OPT_DHPARAM, OPT_DCERTFORM, OPT_DCERT, OPT_DKEYFORM, OPT_DPASS, OPT_DKEY, OPT_DCERT_CHAIN, OPT_NOCERT, @@ -664,23 +738,27 @@ typedef enum OPTION_choice { OPT_BUILD_CHAIN, OPT_CAFILE, OPT_NOCAFILE, OPT_CHAINCAFILE, OPT_VERIFYCAFILE, OPT_NBIO, OPT_NBIO_TEST, OPT_IGN_EOF, OPT_NO_IGN_EOF, OPT_DEBUG, OPT_TLSEXTDEBUG, OPT_STATUS, OPT_STATUS_VERBOSE, - OPT_STATUS_TIMEOUT, OPT_STATUS_URL, OPT_MSG, OPT_MSGFILE, OPT_TRACE, - OPT_SECURITY_DEBUG, OPT_SECURITY_DEBUG_VERBOSE, OPT_STATE, OPT_CRLF, - OPT_QUIET, OPT_BRIEF, OPT_NO_DHE, - OPT_NO_RESUME_EPHEMERAL, OPT_PSK_HINT, OPT_PSK, OPT_SRPVFILE, - OPT_SRPUSERSEED, OPT_REV, OPT_WWW, OPT_UPPER_WWW, OPT_HTTP, OPT_ASYNC, - OPT_SSL_CONFIG, OPT_SPLIT_SEND_FRAG, OPT_MAX_PIPELINES, OPT_READ_BUF, - OPT_SSL3, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1, - OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_LISTEN, - OPT_ID_PREFIX, OPT_RAND, OPT_SERVERNAME, OPT_SERVERNAME_FATAL, + OPT_STATUS_TIMEOUT, OPT_STATUS_URL, OPT_STATUS_FILE, OPT_MSG, OPT_MSGFILE, + OPT_TRACE, OPT_SECURITY_DEBUG, OPT_SECURITY_DEBUG_VERBOSE, OPT_STATE, + OPT_CRLF, OPT_QUIET, OPT_BRIEF, OPT_NO_DHE, + OPT_NO_RESUME_EPHEMERAL, OPT_PSK_IDENTITY, OPT_PSK_HINT, OPT_PSK, + OPT_PSK_SESS, OPT_SRPVFILE, OPT_SRPUSERSEED, OPT_REV, OPT_WWW, + OPT_UPPER_WWW, OPT_HTTP, OPT_ASYNC, OPT_SSL_CONFIG, + OPT_MAX_SEND_FRAG, OPT_SPLIT_SEND_FRAG, OPT_MAX_PIPELINES, OPT_READ_BUF, + OPT_SSL3, OPT_TLS1_3, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1, + OPT_DTLS1_2, OPT_SCTP, OPT_TIMEOUT, OPT_MTU, OPT_LISTEN, OPT_STATELESS, + OPT_ID_PREFIX, OPT_SERVERNAME, OPT_SERVERNAME_FATAL, OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN, OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, + OPT_KEYLOG_FILE, OPT_MAX_EARLY, OPT_RECV_MAX_EARLY, OPT_EARLY_DATA, + OPT_S_NUM_TICKETS, OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY, + OPT_R_ENUM, OPT_S_ENUM, OPT_V_ENUM, OPT_X_ENUM } OPTION_CHOICE; -OPTIONS s_server_options[] = { +const OPTIONS s_server_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, {"port", OPT_PORT, 'p', "TCP/IP port to listen on for connections (default is " PORT ")"}, @@ -699,6 +777,7 @@ OPTIONS s_server_options[] = { {"Verify", OPT_UPPER_V_VERIFY, 'n', "Turn on peer certificate verification, must have a cert"}, {"cert", OPT_CERT, '<', "Certificate file to use; default is " TEST_CERT}, + {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"}, {"naccept", OPT_NACCEPT, 'p', "Terminate after #num connections"}, {"serverinfo", OPT_SERVERINFO, 's', "PEM serverinfo file for certificate"}, @@ -751,8 +830,7 @@ OPTIONS s_server_options[] = { {"HTTP", OPT_HTTP, '-', "Like -WWW but ./path includes HTTP headers"}, {"id_prefix", OPT_ID_PREFIX, 's', "Generate SSL/TLS session IDs prefixed by arg"}, - {"rand", OPT_RAND, 's', - "Load the file(s) into the random number generator"}, + OPT_R_OPTIONS, {"keymatexport", OPT_KEYMATEXPORT, 's', "Export keying material using label"}, {"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p', @@ -790,6 +868,8 @@ OPTIONS s_server_options[] = { {"status_timeout", OPT_STATUS_TIMEOUT, 'n', "Status request responder timeout"}, {"status_url", OPT_STATUS_URL, 's', "Status request fallback URL"}, + {"status_file", OPT_STATUS_FILE, '<', + "File containing DER encoded OCSP Response"}, #endif #ifndef OPENSSL_NO_SSL_TRACE {"trace", OPT_TRACE, '-', "trace protocol messages"}, @@ -805,20 +885,23 @@ OPTIONS s_server_options[] = { {"async", OPT_ASYNC, '-', "Operate in asynchronous mode"}, {"ssl_config", OPT_SSL_CONFIG, 's', "Configure SSL_CTX using the configuration 'val'"}, - {"split_send_frag", OPT_SPLIT_SEND_FRAG, 'n', + {"max_send_frag", OPT_MAX_SEND_FRAG, 'p', "Maximum Size of send frames "}, + {"split_send_frag", OPT_SPLIT_SEND_FRAG, 'p', "Size used to split data for encrypt pipelines"}, - {"max_pipelines", OPT_MAX_PIPELINES, 'n', + {"max_pipelines", OPT_MAX_PIPELINES, 'p', "Maximum number of encrypt/decrypt pipelines to be used"}, - {"read_buf", OPT_READ_BUF, 'n', + {"read_buf", OPT_READ_BUF, 'p', "Default read buffer size to be used for connections"}, OPT_S_OPTIONS, OPT_V_OPTIONS, OPT_X_OPTIONS, {"nbio", OPT_NBIO, '-', "Use non-blocking IO"}, + {"psk_identity", OPT_PSK_IDENTITY, 's', "PSK identity to expect"}, #ifndef OPENSSL_NO_PSK {"psk_hint", OPT_PSK_HINT, 's', "PSK identity hint to use"}, - {"psk", OPT_PSK, 's', "PSK in hex (without 0x)"}, #endif + {"psk", OPT_PSK, 's', "PSK in hex (without 0x)"}, + {"psk_session", OPT_PSK_SESS, '<', "File to read PSK SSL session from"}, #ifndef OPENSSL_NO_SRP {"srpvfile", OPT_SRPVFILE, '<', "The verifier file for SRP"}, {"srpuserseed", OPT_SRPUSERSEED, 's', @@ -836,6 +919,9 @@ OPTIONS s_server_options[] = { #ifndef OPENSSL_NO_TLS1_2 {"tls1_2", OPT_TLS1_2, '-', "just talk TLSv1.2"}, #endif +#ifndef OPENSSL_NO_TLS1_3 + {"tls1_3", OPT_TLS1_3, '-', "just talk TLSv1.3"}, +#endif #ifndef OPENSSL_NO_DTLS {"dtls", OPT_DTLS, '-', "Use any DTLS version"}, {"timeout", OPT_TIMEOUT, '-', "Enable timeouts"}, @@ -843,12 +929,16 @@ OPTIONS s_server_options[] = { {"listen", OPT_LISTEN, '-', "Listen for a DTLS ClientHello with a cookie and then connect"}, #endif + {"stateless", OPT_STATELESS, '-', "Require TLSv1.3 cookies"}, #ifndef OPENSSL_NO_DTLS1 {"dtls1", OPT_DTLS1, '-', "Just talk DTLSv1"}, #endif #ifndef OPENSSL_NO_DTLS1_2 {"dtls1_2", OPT_DTLS1_2, '-', "Just talk DTLSv1.2"}, #endif +#ifndef OPENSSL_NO_SCTP + {"sctp", OPT_SCTP, '-', "Use SCTP"}, +#endif #ifndef OPENSSL_NO_DH {"no_dhe", OPT_NO_DHE, '-', "Disable ephemeral DH"}, #endif @@ -865,12 +955,22 @@ OPTIONS s_server_options[] = { #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, #endif + {"keylogfile", OPT_KEYLOG_FILE, '>', "Write TLS secrets to file"}, + {"max_early_data", OPT_MAX_EARLY, 'n', + "The maximum number of bytes of early data as advertised in tickets"}, + {"recv_max_early_data", OPT_RECV_MAX_EARLY, 'n', + "The maximum number of bytes of early data (hard limit)"}, + {"early_data", OPT_EARLY_DATA, '-', "Attempt to read early data"}, + {"num_tickets", OPT_S_NUM_TICKETS, 'n', + "The number of TLSv1.3 session tickets that a server will automatically issue" }, + {"anti_replay", OPT_ANTI_REPLAY, '-', "Switch on anti-replay protection (default)"}, + {"no_anti_replay", OPT_NO_ANTI_REPLAY, '-', "Switch off anti-replay protection"}, {NULL, OPT_EOF, 0, NULL} }; #define IS_PROT_FLAG(o) \ (o == OPT_SSL3 || o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \ - || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2) + || o == OPT_TLS1_3 || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2) int s_server_main(int argc, char *argv[]) { @@ -885,7 +985,7 @@ int s_server_main(int argc, char *argv[]) X509 *s_cert = NULL, *s_dcert = NULL; X509_VERIFY_PARAM *vpm = NULL; const char *CApath = NULL, *CAfile = NULL, *chCApath = NULL, *chCAfile = NULL; - char *dpassarg = NULL, *dpass = NULL, *inrand = NULL; + char *dpassarg = NULL, *dpass = NULL; char *passarg = NULL, *pass = NULL, *vfyCApath = NULL, *vfyCAfile = NULL; char *crl_file = NULL, *prog; #ifdef AF_UNIX @@ -902,7 +1002,7 @@ int s_server_main(int argc, char *argv[]) int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM; int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM; int rev = 0, naccept = -1, sdebug = 0; - int socket_family = AF_UNSPEC, socket_type = SOCK_STREAM; + int socket_family = AF_UNSPEC, socket_type = SOCK_STREAM, protocol = 0; int state = 0, crl_format = FORMAT_PEM, crl_download = 0; char *host = NULL; char *port = BUF_strdup(PORT); @@ -922,11 +1022,14 @@ int s_server_main(int argc, char *argv[]) #ifndef OPENSSL_NO_PSK /* by default do not send a PSK identity hint */ char *psk_identity_hint = NULL; - char *p; #endif + char *p; #ifndef OPENSSL_NO_SRP char *srpuserseed = NULL; char *srp_verifier_file = NULL; +#endif +#ifndef OPENSSL_NO_SRTP + char *srtp_profiles = NULL; #endif int min_version = 0, max_version = 0, prot_opt = 0, no_prot_opt = 0; int s_server_verify = SSL_VERIFY_NONE; @@ -938,8 +1041,12 @@ int s_server_main(int argc, char *argv[]) int s_tlsextstatus = 0; #endif int no_resume_ephemeral = 0; + unsigned int max_send_fragment = 0; unsigned int split_send_fragment = 0, max_pipelines = 0; const char *s_serverinfo_file = NULL; + const char *keylog_file = NULL; + int max_early_data = -1, recv_max_early_data = -1; + char *psksessf = NULL; /* Init of few remaining global variables */ local_argc = argc; @@ -1076,6 +1183,10 @@ int s_server_main(int argc, char *argv[]) case OPT_CERT: s_cert_file = opt_arg(); break; + case OPT_NAMEOPT: + if (!set_nameopt(opt_arg())) + goto end; + break; case OPT_CRL: crl_file = opt_arg(); break; @@ -1153,6 +1264,9 @@ int s_server_main(int argc, char *argv[]) goto opthelp; break; case OPT_S_CASES: + case OPT_S_NUM_TICKETS: + case OPT_ANTI_REPLAY: + case OPT_NO_ANTI_REPLAY: if (ssl_args == NULL) ssl_args = sk_OPENSSL_STRING_new_null(); if (ssl_args == NULL @@ -1236,6 +1350,12 @@ int s_server_main(int argc, char *argv[]) BIO_printf(bio_err, "Error parsing URL\n"); goto end; } +#endif + break; + case OPT_STATUS_FILE: +#ifndef OPENSSL_NO_OCSP + s_tlsextstatus = 1; + tlscstatp.respin = opt_arg(); #endif break; case OPT_MSG: @@ -1275,20 +1395,24 @@ int s_server_main(int argc, char *argv[]) case OPT_NO_RESUME_EPHEMERAL: no_resume_ephemeral = 1; break; + case OPT_PSK_IDENTITY: + psk_identity = opt_arg(); + break; case OPT_PSK_HINT: #ifndef OPENSSL_NO_PSK psk_identity_hint = opt_arg(); #endif break; case OPT_PSK: -#ifndef OPENSSL_NO_PSK for (p = psk_key = opt_arg(); *p; p++) { if (isxdigit(_UC(*p))) continue; BIO_printf(bio_err, "Not a hex number '%s'\n", *argv); goto end; } -#endif + break; + case OPT_PSK_SESS: + psksessf = opt_arg(); break; case OPT_SRPVFILE: #ifndef OPENSSL_NO_SRP @@ -1323,6 +1447,10 @@ int s_server_main(int argc, char *argv[]) min_version = SSL3_VERSION; max_version = SSL3_VERSION; break; + case OPT_TLS1_3: + min_version = TLS1_3_VERSION; + max_version = TLS1_3_VERSION; + break; case OPT_TLS1_2: min_version = TLS1_2_VERSION; max_version = TLS1_2_VERSION; @@ -1355,6 +1483,11 @@ int s_server_main(int argc, char *argv[]) min_version = DTLS1_2_VERSION; max_version = DTLS1_2_VERSION; socket_type = SOCK_DGRAM; +#endif + break; + case OPT_SCTP: +#ifndef OPENSSL_NO_SCTP + protocol = IPPROTO_SCTP; #endif break; case OPT_TIMEOUT: @@ -1372,14 +1505,18 @@ int s_server_main(int argc, char *argv[]) dtlslisten = 1; #endif break; + case OPT_STATELESS: + stateless = 1; + break; case OPT_ID_PREFIX: session_id_prefix = opt_arg(); break; case OPT_ENGINE: engine = setup_engine(opt_arg(), 1); break; - case OPT_RAND: - inrand = opt_arg(); + case OPT_R_CASES: + if (!opt_rand(o)) + goto end; break; case OPT_SERVERNAME: tlsextcbp.servername = opt_arg(); @@ -1415,15 +1552,11 @@ int s_server_main(int argc, char *argv[]) case OPT_ASYNC: async = 1; break; + case OPT_MAX_SEND_FRAG: + max_send_fragment = atoi(opt_arg()); + break; case OPT_SPLIT_SEND_FRAG: split_send_fragment = atoi(opt_arg()); - if (split_send_fragment == 0) { - /* - * Not allowed - set to a deliberately bad value so we get an - * error message below - */ - split_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH + 1; - } break; case OPT_MAX_PIPELINES: max_pipelines = atoi(opt_arg()); @@ -1431,12 +1564,39 @@ int s_server_main(int argc, char *argv[]) case OPT_READ_BUF: read_buf_len = atoi(opt_arg()); break; - + case OPT_KEYLOG_FILE: + keylog_file = opt_arg(); + break; + case OPT_MAX_EARLY: + max_early_data = atoi(opt_arg()); + if (max_early_data < 0) { + BIO_printf(bio_err, "Invalid value for max_early_data\n"); + goto end; + } + break; + case OPT_RECV_MAX_EARLY: + recv_max_early_data = atoi(opt_arg()); + if (recv_max_early_data < 0) { + BIO_printf(bio_err, "Invalid value for recv_max_early_data\n"); + goto end; + } + break; + case OPT_EARLY_DATA: + early_data = 1; + if (max_early_data == -1) + max_early_data = SSL3_RT_MAX_PLAIN_LENGTH; + break; } } argc = opt_num_rest(); argv = opt_rest(); +#ifndef OPENSSL_NO_NEXTPROTONEG + if (min_version == TLS1_3_VERSION && next_proto_neg_in != NULL) { + BIO_printf(bio_err, "Cannot supply -nextprotoneg with TLSv1.3\n"); + goto opthelp; + } +#endif #ifndef OPENSSL_NO_DTLS if (www && socket_type == SOCK_DGRAM) { BIO_printf(bio_err, "Can't use -HTTP, -www or -WWW with DTLS\n"); @@ -1449,6 +1609,11 @@ int s_server_main(int argc, char *argv[]) } #endif + if (stateless && socket_type != SOCK_STREAM) { + BIO_printf(bio_err, "Can only use --stateless with TLS\n"); + goto end; + } + #ifdef AF_UNIX if (socket_family == AF_UNIX && socket_type != SOCK_STREAM) { BIO_printf(bio_err, @@ -1456,16 +1621,22 @@ int s_server_main(int argc, char *argv[]) goto end; } #endif - - if (split_send_fragment > SSL3_RT_MAX_PLAIN_LENGTH) { - BIO_printf(bio_err, "Bad split send fragment size\n"); + if (early_data && (www > 0 || rev)) { + BIO_printf(bio_err, + "Can't use -early_data in combination with -www, -WWW, -HTTP, or -rev\n"); goto end; } - if (max_pipelines > SSL_MAX_PIPELINES) { - BIO_printf(bio_err, "Bad max pipelines value\n"); - goto end; +#ifndef OPENSSL_NO_SCTP + if (protocol == IPPROTO_SCTP) { + if (socket_type != SOCK_DGRAM) { + BIO_printf(bio_err, "Can't use -sctp without DTLS\n"); + goto end; + } + /* SCTP is unusual. It uses DTLS over a SOCK_STREAM protocol */ + socket_type = SOCK_STREAM; } +#endif if (!app_passwd(passarg, dpassarg, &pass, &dpass)) { BIO_printf(bio_err, "Error getting password\n"); @@ -1484,7 +1655,7 @@ int s_server_main(int argc, char *argv[]) if (nocert == 0) { s_key = load_key(s_key_file, s_key_format, 0, pass, engine, "server certificate private key file"); - if (!s_key) { + if (s_key == NULL) { ERR_print_errors(bio_err); goto end; } @@ -1492,20 +1663,20 @@ int s_server_main(int argc, char *argv[]) s_cert = load_cert(s_cert_file, s_cert_format, "server certificate file"); - if (!s_cert) { + if (s_cert == NULL) { ERR_print_errors(bio_err); goto end; } - if (s_chain_file) { + if (s_chain_file != NULL) { if (!load_certs(s_chain_file, &s_chain, FORMAT_PEM, NULL, "server certificate chain")) goto end; } - if (tlsextcbp.servername) { + if (tlsextcbp.servername != NULL) { s_key2 = load_key(s_key_file2, s_key_format, 0, pass, engine, "second server certificate private key file"); - if (!s_key2) { + if (s_key2 == NULL) { ERR_print_errors(bio_err); goto end; } @@ -1513,7 +1684,7 @@ int s_server_main(int argc, char *argv[]) s_cert2 = load_cert(s_cert_file2, s_cert_format, "second server certificate file"); - if (!s_cert2) { + if (s_cert2 == NULL) { ERR_print_errors(bio_err); goto end; } @@ -1533,16 +1704,16 @@ int s_server_main(int argc, char *argv[]) goto end; } - if (crl_file) { + if (crl_file != NULL) { X509_CRL *crl; crl = load_crl(crl_file, crl_format); - if (!crl) { + if (crl == NULL) { BIO_puts(bio_err, "Error loading CRL\n"); ERR_print_errors(bio_err); goto end; } crls = sk_X509_CRL_new_null(); - if (!crls || !sk_X509_CRL_push(crls, crl)) { + if (crls == NULL || !sk_X509_CRL_push(crls, crl)) { BIO_puts(bio_err, "Error adding CRL\n"); ERR_print_errors(bio_err); X509_CRL_free(crl); @@ -1550,14 +1721,14 @@ int s_server_main(int argc, char *argv[]) } } - if (s_dcert_file) { + if (s_dcert_file != NULL) { if (s_dkey_file == NULL) s_dkey_file = s_dcert_file; s_dkey = load_key(s_dkey_file, s_dkey_format, 0, dpass, engine, "second certificate private key file"); - if (!s_dkey) { + if (s_dkey == NULL) { ERR_print_errors(bio_err); goto end; } @@ -1565,11 +1736,11 @@ int s_server_main(int argc, char *argv[]) s_dcert = load_cert(s_dcert_file, s_dcert_format, "second server certificate file"); - if (!s_dcert) { + if (s_dcert == NULL) { ERR_print_errors(bio_err); goto end; } - if (s_dchain_file) { + if (s_dchain_file != NULL) { if (!load_certs(s_dchain_file, &s_dchain, FORMAT_PEM, NULL, "second server certificate chain")) goto end; @@ -1577,19 +1748,10 @@ int s_server_main(int argc, char *argv[]) } - if (!app_RAND_load_file(NULL, 1) && inrand == NULL - && !RAND_status()) { - BIO_printf(bio_err, - "warning, not much extra random data, consider using the -rand option\n"); - } - if (inrand != NULL) - BIO_printf(bio_err, "%ld semi-random bytes loaded\n", - app_RAND_load_files(inrand)); - if (bio_s_out == NULL) { if (s_quiet && !s_debug) { bio_s_out = BIO_new(BIO_s_null()); - if (s_msg && !bio_s_msg) + if (s_msg && bio_s_msg == NULL) bio_s_msg = dup_bio_out(FORMAT_TEXT); } else { if (bio_s_out == NULL) @@ -1613,6 +1775,9 @@ int s_server_main(int argc, char *argv[]) ERR_print_errors(bio_err); goto end; } + + SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY); + if (sdebug) ssl_ctx_security_debug(ctx, sdebug); @@ -1646,7 +1811,7 @@ int s_server_main(int argc, char *argv[]) BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix); } SSL_CTX_set_quiet_shutdown(ctx, 1); - if (exc) + if (exc != NULL) ssl_ctx_set_excert(ctx, exc); if (state) @@ -1661,11 +1826,25 @@ int s_server_main(int argc, char *argv[]) if (async) { SSL_CTX_set_mode(ctx, SSL_MODE_ASYNC); } - if (split_send_fragment > 0) { - SSL_CTX_set_split_send_fragment(ctx, split_send_fragment); + + if (max_send_fragment > 0 + && !SSL_CTX_set_max_send_fragment(ctx, max_send_fragment)) { + BIO_printf(bio_err, "%s: Max send fragment size %u is out of permitted range\n", + prog, max_send_fragment); + goto end; + } + + if (split_send_fragment > 0 + && !SSL_CTX_set_split_send_fragment(ctx, split_send_fragment)) { + BIO_printf(bio_err, "%s: Split send fragment size %u is out of permitted range\n", + prog, split_send_fragment); + goto end; } - if (max_pipelines > 0) { - SSL_CTX_set_max_pipelines(ctx, max_pipelines); + if (max_pipelines > 0 + && !SSL_CTX_set_max_pipelines(ctx, max_pipelines)) { + BIO_printf(bio_err, "%s: Max pipelines %u is out of permitted range\n", + prog, max_pipelines); + goto end; } if (read_buf_len > 0) { @@ -1709,7 +1888,7 @@ int s_server_main(int argc, char *argv[]) } } - if (ctx2) { + if (ctx2 != NULL) { BIO_printf(bio_s_out, "Setting secondary ctx parameters\n"); if (sdebug) @@ -1727,7 +1906,7 @@ int s_server_main(int argc, char *argv[]) BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix); } SSL_CTX_set_quiet_shutdown(ctx2, 1); - if (exc) + if (exc != NULL) ssl_ctx_set_excert(ctx2, exc); if (state) @@ -1770,9 +1949,9 @@ int s_server_main(int argc, char *argv[]) if (!no_dhe) { DH *dh = NULL; - if (dhfile) + if (dhfile != NULL) dh = load_dh_param(dhfile); - else if (s_cert_file) + else if (s_cert_file != NULL) dh = load_dh_param(s_cert_file); if (dh != NULL) { @@ -1782,16 +1961,16 @@ int s_server_main(int argc, char *argv[]) } (void)BIO_flush(bio_s_out); - if (dh == NULL) + if (dh == NULL) { SSL_CTX_set_dh_auto(ctx, 1); - else if (!SSL_CTX_set_tmp_dh(ctx, dh)) { + } else if (!SSL_CTX_set_tmp_dh(ctx, dh)) { BIO_puts(bio_err, "Error setting temp DH parameters\n"); ERR_print_errors(bio_err); DH_free(dh); goto end; } - if (ctx2) { + if (ctx2 != NULL) { if (!dhfile) { DH *dh2 = load_dh_param(s_cert_file2); if (dh2 != NULL) { @@ -1802,9 +1981,9 @@ int s_server_main(int argc, char *argv[]) dh = dh2; } } - if (dh == NULL) + if (dh == NULL) { SSL_CTX_set_dh_auto(ctx2, 1); - else if (!SSL_CTX_set_tmp_dh(ctx2, dh)) { + } else if (!SSL_CTX_set_tmp_dh(ctx2, dh)) { BIO_puts(bio_err, "Error setting temp DH parameters\n"); ERR_print_errors(bio_err); DH_free(dh); @@ -1824,7 +2003,8 @@ int s_server_main(int argc, char *argv[]) goto end; } - if (ctx2 && !set_cert_key_stuff(ctx2, s_cert2, s_key2, NULL, build_chain)) + if (ctx2 != NULL + && !set_cert_key_stuff(ctx2, s_cert2, s_key2, NULL, build_chain)) goto end; if (s_dcert != NULL) { @@ -1836,7 +2016,7 @@ int s_server_main(int argc, char *argv[]) SSL_CTX_set_not_resumable_session_callback(ctx, not_resumable_sess_cb); - if (ctx2) + if (ctx2 != NULL) SSL_CTX_set_not_resumable_session_callback(ctx2, not_resumable_sess_cb); } @@ -1853,6 +2033,26 @@ int s_server_main(int argc, char *argv[]) goto end; } #endif + if (psksessf != NULL) { + BIO *stmp = BIO_new_file(psksessf, "r"); + + if (stmp == NULL) { + BIO_printf(bio_err, "Can't open PSK session file %s\n", psksessf); + ERR_print_errors(bio_err); + goto end; + } + psksess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL); + BIO_free(stmp); + if (psksess == NULL) { + BIO_printf(bio_err, "Can't read PSK session file %s\n", psksessf); + ERR_print_errors(bio_err); + goto end; + } + + } + + if (psk_key != NULL || psksess != NULL) + SSL_CTX_set_psk_find_session_callback(ctx, psk_find_session_cb); SSL_CTX_set_verify(ctx, s_server_verify, verify_callback); if (!SSL_CTX_set_session_id_context(ctx, @@ -1867,7 +2067,11 @@ int s_server_main(int argc, char *argv[]) SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback); SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback); - if (ctx2) { + /* Set TLS1.3 cookie generation and verification callbacks */ + SSL_CTX_set_stateless_cookie_generate_cb(ctx, generate_stateless_cookie_callback); + SSL_CTX_set_stateless_cookie_verify_cb(ctx, verify_stateless_cookie_callback); + + if (ctx2 != NULL) { SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback); if (!SSL_CTX_set_session_id_context(ctx2, (void *)&s_server_session_id_context, @@ -1917,9 +2121,14 @@ int s_server_main(int argc, char *argv[]) } } #endif + if (set_keylog_file(ctx, keylog_file)) + goto end; + + if (max_early_data >= 0) + SSL_CTX_set_max_early_data(ctx, max_early_data); + if (recv_max_early_data >= 0) + SSL_CTX_set_recv_max_early_data(ctx, recv_max_early_data); - BIO_printf(bio_s_out, "ACCEPT\n"); - (void)BIO_flush(bio_s_out); if (rev) server_cb = rev_body; else if (www) @@ -1931,12 +2140,14 @@ int s_server_main(int argc, char *argv[]) && unlink_unix_path) unlink(host); #endif - do_server(&accept_socket, host, port, socket_family, socket_type, - server_cb, context, naccept); + do_server(&accept_socket, host, port, socket_family, socket_type, protocol, + server_cb, context, naccept, bio_s_out); print_stats(bio_s_out, ctx); ret = 0; end: SSL_CTX_free(ctx); + SSL_SESSION_free(psksess); + set_keylog_file(NULL, NULL); X509_free(s_cert); sk_X509_CRL_pop_free(crls, X509_CRL_free); X509_free(s_dcert); @@ -1971,7 +2182,7 @@ int s_server_main(int argc, char *argv[]) #ifdef CHARSET_EBCDIC BIO_meth_free(methods_ebcdic); #endif - return (ret); + return ret; } static void print_stats(BIO *bio, SSL_CTX *ssl_ctx) @@ -2002,7 +2213,7 @@ static void print_stats(BIO *bio, SSL_CTX *ssl_ctx) SSL_CTX_sess_get_cache_size(ssl_ctx)); } -static int sv_body(int s, int stype, unsigned char *context) +static int sv_body(int s, int stype, int prot, unsigned char *context) { char *buf = NULL; fd_set readfds; @@ -2014,6 +2225,13 @@ static int sv_body(int s, int stype, unsigned char *context) struct timeval timeout; #if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)) struct timeval *timeoutp; +#endif +#ifndef OPENSSL_NO_DTLS +# ifndef OPENSSL_NO_SCTP + int isdtls = (stype == SOCK_DGRAM || prot == IPPROTO_SCTP); +# else + int isdtls = (stype == SOCK_DGRAM); +# endif #endif buf = app_malloc(bufsize, "server buffer"); @@ -2024,31 +2242,38 @@ static int sv_body(int s, int stype, unsigned char *context) BIO_printf(bio_err, "Turned on non blocking io\n"); } + con = SSL_new(ctx); if (con == NULL) { - con = SSL_new(ctx); + ret = -1; + goto err; + } - if (s_tlsextdebug) { - SSL_set_tlsext_debug_callback(con, tlsext_cb); - SSL_set_tlsext_debug_arg(con, bio_s_out); - } + if (s_tlsextdebug) { + SSL_set_tlsext_debug_callback(con, tlsext_cb); + SSL_set_tlsext_debug_arg(con, bio_s_out); + } - if (context - && !SSL_set_session_id_context(con, - context, strlen((char *)context))) { - BIO_printf(bio_err, "Error setting session id context\n"); - ret = -1; - goto err; - } + if (context != NULL + && !SSL_set_session_id_context(con, context, + strlen((char *)context))) { + BIO_printf(bio_err, "Error setting session id context\n"); + ret = -1; + goto err; } + if (!SSL_clear(con)) { BIO_printf(bio_err, "Error clearing SSL connection\n"); ret = -1; goto err; } #ifndef OPENSSL_NO_DTLS - if (stype == SOCK_DGRAM) { - - sbio = BIO_new_dgram(s, BIO_NOCLOSE); + if (isdtls) { +# ifndef OPENSSL_NO_SCTP + if (prot == IPPROTO_SCTP) + sbio = BIO_new_dgram_sctp(s, BIO_NOCLOSE); + else +# endif + sbio = BIO_new_dgram(s, BIO_NOCLOSE); if (enable_timeouts) { timeout.tv_sec = 0; @@ -2079,12 +2304,21 @@ static int sv_body(int s, int stype, unsigned char *context) /* want to do MTU discovery */ BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL); - /* turn on cookie exchange */ - SSL_set_options(con, SSL_OP_COOKIE_EXCHANGE); +# ifndef OPENSSL_NO_SCTP + if (prot != IPPROTO_SCTP) +# endif + /* Turn on cookie exchange. Not necessary for SCTP */ + SSL_set_options(con, SSL_OP_COOKIE_EXCHANGE); } else #endif sbio = BIO_new_socket(s, BIO_NOCLOSE); + if (sbio == NULL) { + BIO_printf(bio_err, "Unable to create BIO\n"); + ERR_print_errors(bio_err); + goto err; + } + if (s_nbio_test) { BIO *test; @@ -2115,6 +2349,49 @@ static int sv_body(int s, int stype, unsigned char *context) SSL_set_tlsext_debug_arg(con, bio_s_out); } + if (early_data) { + int write_header = 1, edret = SSL_READ_EARLY_DATA_ERROR; + size_t readbytes; + + while (edret != SSL_READ_EARLY_DATA_FINISH) { + for (;;) { + edret = SSL_read_early_data(con, buf, bufsize, &readbytes); + if (edret != SSL_READ_EARLY_DATA_ERROR) + break; + + switch (SSL_get_error(con, 0)) { + case SSL_ERROR_WANT_WRITE: + case SSL_ERROR_WANT_ASYNC: + case SSL_ERROR_WANT_READ: + /* Just keep trying - busy waiting */ + continue; + default: + BIO_printf(bio_err, "Error reading early data\n"); + ERR_print_errors(bio_err); + goto err; + } + } + if (readbytes > 0) { + if (write_header) { + BIO_printf(bio_s_out, "Early data received:\n"); + write_header = 0; + } + raw_write_stdout(buf, (unsigned int)readbytes); + (void)BIO_flush(bio_s_out); + } + } + if (write_header) { + if (SSL_get_early_data_status(con) == SSL_EARLY_DATA_NOT_SENT) + BIO_printf(bio_s_out, "No early data received\n"); + else + BIO_printf(bio_s_out, "Early data was rejected\n"); + } else { + BIO_printf(bio_s_out, "\nEnd of early data\n"); + } + if (SSL_is_init_finished(con)) + print_connection_info(con); + } + if (fileno_stdin() > s) width = fileno_stdin() + 1; else @@ -2192,8 +2469,9 @@ static int sv_body(int s, int stype, unsigned char *context) } } assert(lf_num == 0); - } else + } else { i = raw_read_stdin(buf, bufsize); + } if (!s_quiet && !s_brief) { if ((i <= 0) || (buf[0] == 'Q')) { @@ -2228,9 +2506,6 @@ static int sv_body(int s, int stype, unsigned char *context) printf("SSL_do_handshake -> %d\n", i); i = 0; /* 13; */ continue; - /* - * strcpy(buf,"server side RE-NEGOTIATE\n"); - */ } if ((buf[0] == 'R') && ((buf[1] == '\n') || (buf[1] == '\r'))) { SSL_set_verify(con, @@ -2241,10 +2516,29 @@ static int sv_body(int s, int stype, unsigned char *context) printf("SSL_do_handshake -> %d\n", i); i = 0; /* 13; */ continue; - /* - * strcpy(buf,"server side RE-NEGOTIATE asking for client - * cert\n"); - */ + } + if ((buf[0] == 'K' || buf[0] == 'k') + && ((buf[1] == '\n') || (buf[1] == '\r'))) { + SSL_key_update(con, buf[0] == 'K' ? + SSL_KEY_UPDATE_REQUESTED + : SSL_KEY_UPDATE_NOT_REQUESTED); + i = SSL_do_handshake(con); + printf("SSL_do_handshake -> %d\n", i); + i = 0; + continue; + } + if (buf[0] == 'c' && ((buf[1] == '\n') || (buf[1] == '\r'))) { + SSL_set_verify(con, SSL_VERIFY_PEER, NULL); + i = SSL_verify_client_post_handshake(con); + if (i == 0) { + printf("Failed to initiate request\n"); + ERR_print_errors(bio_err); + } else { + i = SSL_do_handshake(con); + printf("SSL_do_handshake -> %d\n", i); + i = 0; + } + continue; } if (buf[0] == 'P') { static const char *str = "Lets print some clear text\n"; @@ -2406,10 +2700,7 @@ static int sv_body(int s, int stype, unsigned char *context) } BIO_printf(bio_s_out, "CONNECTION CLOSED\n"); OPENSSL_clear_free(buf, bufsize); - if (ret >= 0) - BIO_printf(bio_s_out, "ACCEPT\n"); - (void)BIO_flush(bio_s_out); - return (ret); + return ret; } static void close_accept_socket(void) @@ -2420,97 +2711,105 @@ static void close_accept_socket(void) } } +static int is_retryable(SSL *con, int i) +{ + int err = SSL_get_error(con, i); + + /* If it's not a fatal error, it must be retryable */ + return (err != SSL_ERROR_SSL) + && (err != SSL_ERROR_SYSCALL) + && (err != SSL_ERROR_ZERO_RETURN); +} + static int init_ssl_connection(SSL *con) { int i; - const char *str; - X509 *peer; long verify_err; - char buf[BUFSIZ]; -#if !defined(OPENSSL_NO_NEXTPROTONEG) - const unsigned char *next_proto_neg; - unsigned next_proto_neg_len; -#endif - unsigned char *exportedkeymat; int retry = 0; -#ifndef OPENSSL_NO_DTLS - if (dtlslisten) { + if (dtlslisten || stateless) { BIO_ADDR *client = NULL; - if ((client = BIO_ADDR_new()) == NULL) { - BIO_printf(bio_err, "ERROR - memory\n"); - return 0; + if (dtlslisten) { + if ((client = BIO_ADDR_new()) == NULL) { + BIO_printf(bio_err, "ERROR - memory\n"); + return 0; + } + i = DTLSv1_listen(con, client); + } else { + i = SSL_stateless(con); } - i = DTLSv1_listen(con, client); if (i > 0) { BIO *wbio; int fd = -1; - wbio = SSL_get_wbio(con); - if (wbio) { - BIO_get_fd(wbio, &fd); - } + if (dtlslisten) { + wbio = SSL_get_wbio(con); + if (wbio) { + BIO_get_fd(wbio, &fd); + } - if (!wbio || BIO_connect(fd, client, 0) == 0) { - BIO_printf(bio_err, "ERROR - unable to connect\n"); + if (!wbio || BIO_connect(fd, client, 0) == 0) { + BIO_printf(bio_err, "ERROR - unable to connect\n"); + BIO_ADDR_free(client); + return 0; + } BIO_ADDR_free(client); - return 0; + dtlslisten = 0; + } else { + stateless = 0; } - BIO_ADDR_free(client); - dtlslisten = 0; i = SSL_accept(con); } else { BIO_ADDR_free(client); } - } else -#endif - - do { - i = SSL_accept(con); + } else { + do { + i = SSL_accept(con); - if (i <= 0) - retry = BIO_sock_should_retry(i); + if (i <= 0) + retry = is_retryable(con, i); #ifdef CERT_CB_TEST_RETRY - { - while (i <= 0 - && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP - && SSL_get_state(con) == TLS_ST_SR_CLNT_HELLO) { - BIO_printf(bio_err, - "LOOKUP from certificate callback during accept\n"); - i = SSL_accept(con); - if (i <= 0) - retry = BIO_sock_should_retry(i); + { + while (i <= 0 + && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP + && SSL_get_state(con) == TLS_ST_SR_CLNT_HELLO) { + BIO_printf(bio_err, + "LOOKUP from certificate callback during accept\n"); + i = SSL_accept(con); + if (i <= 0) + retry = is_retryable(con, i); + } } - } #endif #ifndef OPENSSL_NO_SRP - while (i <= 0 - && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) { - BIO_printf(bio_s_out, "LOOKUP during accept %s\n", - srp_callback_parm.login); - SRP_user_pwd_free(srp_callback_parm.user); - srp_callback_parm.user = - SRP_VBASE_get1_by_user(srp_callback_parm.vb, - srp_callback_parm.login); - if (srp_callback_parm.user) - BIO_printf(bio_s_out, "LOOKUP done %s\n", - srp_callback_parm.user->info); - else - BIO_printf(bio_s_out, "LOOKUP not successful\n"); - i = SSL_accept(con); - if (i <= 0) - retry = BIO_sock_should_retry(i); - } + while (i <= 0 + && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) { + BIO_printf(bio_s_out, "LOOKUP during accept %s\n", + srp_callback_parm.login); + SRP_user_pwd_free(srp_callback_parm.user); + srp_callback_parm.user = + SRP_VBASE_get1_by_user(srp_callback_parm.vb, + srp_callback_parm.login); + if (srp_callback_parm.user) + BIO_printf(bio_s_out, "LOOKUP done %s\n", + srp_callback_parm.user->info); + else + BIO_printf(bio_s_out, "LOOKUP not successful\n"); + i = SSL_accept(con); + if (i <= 0) + retry = is_retryable(con, i); + } #endif - } while (i < 0 && SSL_waiting_for_async(con)); + } while (i < 0 && SSL_waiting_for_async(con)); + } if (i <= 0) { - if ((dtlslisten && i == 0) - || (!dtlslisten && retry)) { + if (((dtlslisten || stateless) && i == 0) + || (!dtlslisten && !stateless && retry)) { BIO_printf(bio_s_out, "DELAY\n"); - return (1); + return 1; } BIO_printf(bio_err, "ERROR\n"); @@ -2522,9 +2821,25 @@ static int init_ssl_connection(SSL *con) } /* Always print any error messages */ ERR_print_errors(bio_err); - return (0); + return 0; } + print_connection_info(con); + return 1; +} + +static void print_connection_info(SSL *con) +{ + const char *str; + X509 *peer; + char buf[BUFSIZ]; +#if !defined(OPENSSL_NO_NEXTPROTONEG) + const unsigned char *next_proto_neg; + unsigned next_proto_neg_len; +#endif + unsigned char *exportedkeymat; + int i; + if (s_brief) print_ssl_summary(con); @@ -2534,10 +2849,7 @@ static int init_ssl_connection(SSL *con) if (peer != NULL) { BIO_printf(bio_s_out, "Client certificate\n"); PEM_write_bio_X509(bio_s_out, peer); - X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof(buf)); - BIO_printf(bio_s_out, "subject=%s\n", buf); - X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof(buf)); - BIO_printf(bio_s_out, "issuer=%s\n", buf); + dump_cert_text(bio_s_out, peer); X509_free(peer); peer = NULL; } @@ -2548,8 +2860,9 @@ static int init_ssl_connection(SSL *con) ssl_print_sigalgs(bio_s_out, con); #ifndef OPENSSL_NO_EC ssl_print_point_formats(bio_s_out, con); - ssl_print_curves(bio_s_out, con, 0); + ssl_print_groups(bio_s_out, con, 0); #endif + print_ca_names(bio_s_out, con); BIO_printf(bio_s_out, "CIPHER is %s\n", (str != NULL) ? str : "(NONE)"); #if !defined(OPENSSL_NO_NEXTPROTONEG) @@ -2598,7 +2911,6 @@ static int init_ssl_connection(SSL *con) } (void)BIO_flush(bio_s_out); - return (1); } #ifndef OPENSSL_NO_DH @@ -2612,11 +2924,11 @@ static DH *load_dh_param(const char *dhfile) ret = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); err: BIO_free(bio); - return (ret); + return ret; } #endif -static int www_body(int s, int stype, unsigned char *context) +static int www_body(int s, int stype, int prot, unsigned char *context) { char *buf = NULL; int ret = 1; @@ -2658,7 +2970,7 @@ static int www_body(int s, int stype, unsigned char *context) SSL_set_tlsext_debug_arg(con, bio_s_out); } - if (context + if (context != NULL && !SSL_set_session_id_context(con, context, strlen((char *)context))) { SSL_free(con); @@ -2840,8 +3152,9 @@ static int www_body(int s, int stype, unsigned char *context) } ssl_print_sigalgs(io, con); #ifndef OPENSSL_NO_EC - ssl_print_curves(io, con, 0); + ssl_print_groups(io, con, 0); #endif + print_ca_names(io, con); BIO_printf(io, (SSL_session_reused(con) ? "---\nReused, " : "---\nNew, ")); c = SSL_get_current_cipher(con); @@ -2997,14 +3310,12 @@ static int www_body(int s, int stype, unsigned char *context) SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); err: - if (ret >= 0) - BIO_printf(bio_s_out, "ACCEPT\n"); OPENSSL_free(buf); BIO_free_all(io); - return (ret); + return ret; } -static int rev_body(int s, int stype, unsigned char *context) +static int rev_body(int s, int stype, int prot, unsigned char *context) { char *buf = NULL; int i; @@ -3029,7 +3340,7 @@ static int rev_body(int s, int stype, unsigned char *context) SSL_set_tlsext_debug_callback(con, tlsext_cb); SSL_set_tlsext_debug_arg(con, bio_s_out); } - if (context + if (context != NULL && !SSL_set_session_id_context(con, context, strlen((char *)context))) { SSL_free(con); @@ -3156,11 +3467,11 @@ static int rev_body(int s, int stype, unsigned char *context) OPENSSL_free(buf); BIO_free_all(io); - return (ret); + return ret; } #define MAX_SESSION_ID_ATTEMPTS 10 -static int generate_session_id(const SSL *ssl, unsigned char *id, +static int generate_session_id(SSL *ssl, unsigned char *id, unsigned int *id_len) { unsigned int count = 0; diff --git a/deps/openssl/openssl/apps/s_socket.c b/deps/openssl/openssl/apps/s_socket.c index 458aa862e931f5..76f92890020762 100644 --- a/deps/openssl/openssl/apps/s_socket.c +++ b/deps/openssl/openssl/apps/s_socket.c @@ -28,22 +28,27 @@ typedef unsigned int u_int; #ifndef OPENSSL_NO_SOCK -# define USE_SOCKETS # include "apps.h" -# undef USE_SOCKETS # include "s_apps.h" +# include "internal/sockets.h" # include # include +/* Keep track of our peer's address for the cookie callback */ +BIO_ADDR *ourpeer = NULL; + /* * init_client - helper routine to set up socket communication * @sock: pointer to storage of resulting socket. * @host: the host name or path (for AF_UNIX) to connect to. * @port: the port to connect to (ignored for AF_UNIX). + * @bindhost: source host or path (for AF_UNIX). + * @bindport: source port (ignored for AF_UNIX). * @family: desired socket family, may be AF_INET, AF_INET6, AF_UNIX or * AF_UNSPEC * @type: socket type, must be SOCK_STREAM or SOCK_DGRAM + * @protocol: socket protocol, e.g. IPPROTO_TCP or IPPROTO_UDP (or 0 for any) * * This will create a socket and use it to connect to a host:port, or if * family == AF_UNIX, to the path found in host. @@ -55,21 +60,35 @@ typedef unsigned int u_int; * Returns 1 on success, 0 on failure. */ int init_client(int *sock, const char *host, const char *port, - int family, int type) + const char *bindhost, const char *bindport, + int family, int type, int protocol) { BIO_ADDRINFO *res = NULL; + BIO_ADDRINFO *bindaddr = NULL; const BIO_ADDRINFO *ai = NULL; + const BIO_ADDRINFO *bi = NULL; + int found = 0; int ret; - if (!BIO_sock_init()) + if (BIO_sock_init() != 1) return 0; - ret = BIO_lookup(host, port, BIO_LOOKUP_CLIENT, family, type, &res); + ret = BIO_lookup_ex(host, port, BIO_LOOKUP_CLIENT, family, type, protocol, + &res); if (ret == 0) { ERR_print_errors(bio_err); return 0; } + if (bindhost != NULL || bindport != NULL) { + ret = BIO_lookup_ex(bindhost, bindport, BIO_LOOKUP_CLIENT, + family, type, protocol, &bindaddr); + if (ret == 0) { + ERR_print_errors (bio_err); + goto out; + } + } + ret = 0; for (ai = res; ai != NULL; ai = BIO_ADDRINFO_next(ai)) { /* Admittedly, these checks are quite paranoid, we should not get @@ -77,7 +96,19 @@ int init_client(int *sock, const char *host, const char *port, * asked for. */ OPENSSL_assert((family == AF_UNSPEC || family == BIO_ADDRINFO_family(ai)) - && (type == 0 || type == BIO_ADDRINFO_socktype(ai))); + && (type == 0 || type == BIO_ADDRINFO_socktype(ai)) + && (protocol == 0 + || protocol == BIO_ADDRINFO_protocol(ai))); + + if (bindaddr != NULL) { + for (bi = bindaddr; bi != NULL; bi = BIO_ADDRINFO_next(bi)) { + if (BIO_ADDRINFO_family(bi) == BIO_ADDRINFO_family(ai)) + break; + } + if (bi == NULL) + continue; + ++found; + } *sock = BIO_socket(BIO_ADDRINFO_family(ai), BIO_ADDRINFO_socktype(ai), BIO_ADDRINFO_protocol(ai), 0); @@ -87,7 +118,36 @@ int init_client(int *sock, const char *host, const char *port, */ continue; } - if (!BIO_connect(*sock, BIO_ADDRINFO_address(ai), 0)) { + + if (bi != NULL) { + if (!BIO_bind(*sock, BIO_ADDRINFO_address(bi), + BIO_SOCK_REUSEADDR)) { + BIO_closesocket(*sock); + *sock = INVALID_SOCKET; + break; + } + } + +#ifndef OPENSSL_NO_SCTP + if (protocol == IPPROTO_SCTP) { + /* + * For SCTP we have to set various options on the socket prior to + * connecting. This is done automatically by BIO_new_dgram_sctp(). + * We don't actually need the created BIO though so we free it again + * immediately. + */ + BIO *tmpbio = BIO_new_dgram_sctp(*sock, BIO_NOCLOSE); + + if (tmpbio == NULL) { + ERR_print_errors(bio_err); + return 0; + } + BIO_free(tmpbio); + } +#endif + + if (!BIO_connect(*sock, BIO_ADDRINFO_address(ai), + protocol == IPPROTO_TCP ? BIO_SOCK_NODELAY : 0)) { BIO_closesocket(*sock); *sock = INVALID_SOCKET; continue; @@ -98,12 +158,27 @@ int init_client(int *sock, const char *host, const char *port, } if (*sock == INVALID_SOCKET) { + if (bindaddr != NULL && !found) { + BIO_printf(bio_err, "Can't bind %saddress for %s%s%s\n", + BIO_ADDRINFO_family(res) == AF_INET6 ? "IPv6 " : + BIO_ADDRINFO_family(res) == AF_INET ? "IPv4 " : + BIO_ADDRINFO_family(res) == AF_UNIX ? "unix " : "", + bindhost != NULL ? bindhost : "", + bindport != NULL ? ":" : "", + bindport != NULL ? bindport : ""); + ERR_clear_error(); + ret = 0; + } ERR_print_errors(bio_err); } else { /* Remove any stale errors from previous connection attempts */ ERR_clear_error(); ret = 1; } +out: + if (bindaddr != NULL) { + BIO_ADDRINFO_free (bindaddr); + } BIO_ADDRINFO_free(res); return ret; } @@ -129,23 +204,24 @@ int init_client(int *sock, const char *host, const char *port, * 0 on failure, something other on success. */ int do_server(int *accept_sock, const char *host, const char *port, - int family, int type, do_server_cb cb, - unsigned char *context, int naccept) + int family, int type, int protocol, do_server_cb cb, + unsigned char *context, int naccept, BIO *bio_s_out) { int asock = 0; int sock; int i; BIO_ADDRINFO *res = NULL; const BIO_ADDRINFO *next; - int sock_family, sock_type, sock_protocol; + int sock_family, sock_type, sock_protocol, sock_port; const BIO_ADDR *sock_address; int sock_options = BIO_SOCK_REUSEADDR; int ret = 0; - if (!BIO_sock_init()) + if (BIO_sock_init() != 1) return 0; - if (!BIO_lookup(host, port, BIO_LOOKUP_SERVER, family, type, &res)) { + if (!BIO_lookup_ex(host, port, BIO_LOOKUP_SERVER, family, type, protocol, + &res)) { ERR_print_errors(bio_err); return 0; } @@ -153,7 +229,8 @@ int do_server(int *accept_sock, const char *host, const char *port, /* Admittedly, these checks are quite paranoid, we should not get * anything in the BIO_ADDRINFO chain that we haven't asked for */ OPENSSL_assert((family == AF_UNSPEC || family == BIO_ADDRINFO_family(res)) - && (type == 0 || type == BIO_ADDRINFO_socktype(res))); + && (type == 0 || type == BIO_ADDRINFO_socktype(res)) + && (protocol == 0 || protocol == BIO_ADDRINFO_protocol(res))); sock_family = BIO_ADDRINFO_family(res); sock_type = BIO_ADDRINFO_socktype(res); @@ -185,35 +262,87 @@ int do_server(int *accept_sock, const char *host, const char *port, goto end; } +#ifndef OPENSSL_NO_SCTP + if (protocol == IPPROTO_SCTP) { + /* + * For SCTP we have to set various options on the socket prior to + * accepting. This is done automatically by BIO_new_dgram_sctp(). + * We don't actually need the created BIO though so we free it again + * immediately. + */ + BIO *tmpbio = BIO_new_dgram_sctp(asock, BIO_NOCLOSE); + + if (tmpbio == NULL) { + BIO_closesocket(asock); + ERR_print_errors(bio_err); + goto end; + } + BIO_free(tmpbio); + } +#endif + + sock_port = BIO_ADDR_rawport(sock_address); + BIO_ADDRINFO_free(res); res = NULL; + if (sock_port == 0) { + /* dynamically allocated port, report which one */ + union BIO_sock_info_u info; + char *hostname = NULL; + char *service = NULL; + int success = 0; + + if ((info.addr = BIO_ADDR_new()) != NULL + && BIO_sock_info(asock, BIO_SOCK_INFO_ADDRESS, &info) + && (hostname = BIO_ADDR_hostname_string(info.addr, 1)) != NULL + && (service = BIO_ADDR_service_string(info.addr, 1)) != NULL + && BIO_printf(bio_s_out, + strchr(hostname, ':') == NULL + ? /* IPv4 */ "ACCEPT %s:%s\n" + : /* IPv6 */ "ACCEPT [%s]:%s\n", + hostname, service) > 0) + success = 1; + + (void)BIO_flush(bio_s_out); + OPENSSL_free(hostname); + OPENSSL_free(service); + BIO_ADDR_free(info.addr); + if (!success) { + BIO_closesocket(asock); + ERR_print_errors(bio_err); + goto end; + } + } else { + (void)BIO_printf(bio_s_out, "ACCEPT\n"); + (void)BIO_flush(bio_s_out); + } + if (accept_sock != NULL) *accept_sock = asock; for (;;) { + char sink[64]; + struct timeval timeout; + fd_set readfds; + if (type == SOCK_STREAM) { + BIO_ADDR_free(ourpeer); + ourpeer = BIO_ADDR_new(); + if (ourpeer == NULL) { + BIO_closesocket(asock); + ERR_print_errors(bio_err); + goto end; + } do { - sock = BIO_accept_ex(asock, NULL, 0); + sock = BIO_accept_ex(asock, ourpeer, 0); } while (sock < 0 && BIO_sock_should_retry(sock)); if (sock < 0) { ERR_print_errors(bio_err); BIO_closesocket(asock); break; } - i = (*cb)(sock, type, context); - - /* - * Give the socket time to send its last data before we close it. - * No amount of setting SO_LINGER etc on the socket seems to - * persuade Windows to send the data before closing the socket... - * but sleeping for a short time seems to do it (units in ms) - * TODO: Find a better way to do this - */ -#if defined(OPENSSL_SYS_WINDOWS) - Sleep(50); -#elif defined(OPENSSL_SYS_CYGWIN) - usleep(50000); -#endif + BIO_set_tcp_ndelay(sock, 1); + i = (*cb)(sock, type, protocol, context); /* * If we ended with an alert being sent, but still with data in the @@ -226,9 +355,23 @@ int do_server(int *accept_sock, const char *host, const char *port, * TCP-RST. This seems to allow the peer to read the alert data. */ shutdown(sock, 1); /* SHUT_WR */ + /* + * We just said we have nothing else to say, but it doesn't mean + * that the other side has nothing. It's even recommended to + * consume incoming data. [In testing context this ensures that + * alerts are passed on...] + */ + timeout.tv_sec = 0; + timeout.tv_usec = 500000; /* some extreme round-trip */ + do { + FD_ZERO(&readfds); + openssl_fdset(sock, &readfds); + } while (select(sock + 1, &readfds, NULL, NULL, &timeout) > 0 + && readsocket(sock, sink, sizeof(sink)) > 0); + BIO_closesocket(sock); } else { - i = (*cb)(asock, type, context); + i = (*cb)(asock, type, protocol, context); } if (naccept != -1) @@ -244,6 +387,8 @@ int do_server(int *accept_sock, const char *host, const char *port, if (family == AF_UNIX) unlink(host); # endif + BIO_ADDR_free(ourpeer); + ourpeer = NULL; return ret; } diff --git a/deps/openssl/openssl/apps/s_time.c b/deps/openssl/openssl/apps/s_time.c index dc0ec4af4db3f2..82d40a5a513246 100644 --- a/deps/openssl/openssl/apps/s_time.c +++ b/deps/openssl/openssl/apps/s_time.c @@ -15,13 +15,14 @@ #ifndef OPENSSL_NO_SOCK -#define USE_SOCKETS #include "apps.h" +#include "progs.h" #include #include #include #include "s_apps.h" #include +#include #if !defined(OPENSSL_SYS_MSDOS) # include OPENSSL_UNISTD #endif @@ -33,22 +34,31 @@ static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx); +/* + * Define a HTTP get command globally. + * Also define the size of the command, this is two bytes less than + * the size of the string because the %s is replaced by the URL. + */ static const char fmt_http_get_cmd[] = "GET %s HTTP/1.0\r\n\r\n"; +static const size_t fmt_http_get_cmd_size = sizeof(fmt_http_get_cmd) - 2; typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, - OPT_CONNECT, OPT_CIPHER, OPT_CERT, OPT_KEY, OPT_CAPATH, - OPT_CAFILE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_NEW, OPT_REUSE, OPT_BUGS, - OPT_VERIFY, OPT_TIME, OPT_SSL3, + OPT_CONNECT, OPT_CIPHER, OPT_CIPHERSUITES, OPT_CERT, OPT_NAMEOPT, OPT_KEY, + OPT_CAPATH, OPT_CAFILE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_NEW, OPT_REUSE, + OPT_BUGS, OPT_VERIFY, OPT_TIME, OPT_SSL3, OPT_WWW } OPTION_CHOICE; -OPTIONS s_time_options[] = { +const OPTIONS s_time_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, {"connect", OPT_CONNECT, 's', "Where to connect as post:port (default is " SSL_CONNECT_NAME ")"}, - {"cipher", OPT_CIPHER, 's', "Cipher to use, see 'openssl ciphers'"}, + {"cipher", OPT_CIPHER, 's', "TLSv1.2 and below cipher list to be used"}, + {"ciphersuites", OPT_CIPHERSUITES, 's', + "Specify TLSv1.3 ciphersuites to be used"}, {"cert", OPT_CERT, '<', "Cert file to use, PEM format assumed"}, + {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"}, {"key", OPT_KEY, '<', "File with key, PEM; default is -cert file"}, {"CApath", OPT_CAPATH, '/', "PEM format directory of CA's"}, {"cafile", OPT_CAFILE, '<', "PEM format file of CA's"}, @@ -83,7 +93,8 @@ int s_time_main(int argc, char **argv) SSL *scon = NULL; SSL_CTX *ctx = NULL; const SSL_METHOD *meth = NULL; - char *CApath = NULL, *CAfile = NULL, *cipher = NULL, *www_path = NULL; + char *CApath = NULL, *CAfile = NULL, *cipher = NULL, *ciphersuites = NULL; + char *www_path = NULL; char *host = SSL_CONNECT_NAME, *certfile = NULL, *keyfile = NULL, *prog; double totalTime = 0.0; int noCApath = 0, noCAfile = 0; @@ -125,6 +136,10 @@ int s_time_main(int argc, char **argv) case OPT_CERT: certfile = opt_arg(); break; + case OPT_NAMEOPT: + if (!set_nameopt(opt_arg())) + goto end; + break; case OPT_KEY: keyfile = opt_arg(); break; @@ -143,6 +158,9 @@ int s_time_main(int argc, char **argv) case OPT_CIPHER: cipher = opt_arg(); break; + case OPT_CIPHERSUITES: + ciphersuites = opt_arg(); + break; case OPT_BUGS: st_bugs = 1; break; @@ -152,7 +170,7 @@ int s_time_main(int argc, char **argv) break; case OPT_WWW: www_path = opt_arg(); - buf_size = strlen(www_path) + sizeof(fmt_http_get_cmd) - 2; /* 2 is for %s */ + buf_size = strlen(www_path) + fmt_http_get_cmd_size; if (buf_size > sizeof(buf)) { BIO_printf(bio_err, "%s: -www option is too long\n", prog); goto end; @@ -169,8 +187,6 @@ int s_time_main(int argc, char **argv) if (cipher == NULL) cipher = getenv("SSL_CIPHER"); - if (cipher == NULL) - BIO_printf(bio_err, "No CIPHER specified\n"); if ((ctx = SSL_CTX_new(meth)) == NULL) goto end; @@ -184,6 +200,8 @@ int s_time_main(int argc, char **argv) SSL_CTX_set_options(ctx, SSL_OP_ALL); if (cipher != NULL && !SSL_CTX_set_cipher_list(ctx, cipher)) goto end; + if (ciphersuites != NULL && !SSL_CTX_set_ciphersuites(ctx, ciphersuites)) + goto end; if (!set_cert_stuff(ctx, certfile, keyfile)) goto end; @@ -208,9 +226,9 @@ int s_time_main(int argc, char **argv) goto end; if (www_path != NULL) { - buf_len = BIO_snprintf(buf, sizeof(buf), - fmt_http_get_cmd, www_path); - if (SSL_write(scon, buf, buf_len) <= 0) + buf_len = BIO_snprintf(buf, sizeof(buf), fmt_http_get_cmd, + www_path); + if (buf_len <= 0 || SSL_write(scon, buf, buf_len) <= 0) goto end; while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) bytes_read += i; @@ -219,9 +237,9 @@ int s_time_main(int argc, char **argv) BIO_closesocket(SSL_get_fd(scon)); nConn += 1; - if (SSL_session_reused(scon)) + if (SSL_session_reused(scon)) { ver = 'r'; - else { + } else { ver = SSL_version(scon); if (ver == TLS1_VERSION) ver = 't'; @@ -262,9 +280,8 @@ int s_time_main(int argc, char **argv) } if (www_path != NULL) { - buf_len = BIO_snprintf(buf, sizeof(buf), - fmt_http_get_cmd, www_path); - if (SSL_write(scon, buf, buf_len) <= 0) + buf_len = BIO_snprintf(buf, sizeof(buf), fmt_http_get_cmd, www_path); + if (buf_len <= 0 || SSL_write(scon, buf, buf_len) <= 0) goto end; while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) continue; @@ -288,10 +305,10 @@ int s_time_main(int argc, char **argv) if ((doConnection(scon, host, ctx)) == NULL) goto end; - if (www_path) { - BIO_snprintf(buf, sizeof(buf), "GET %s HTTP/1.0\r\n\r\n", - www_path); - if (SSL_write(scon, buf, strlen(buf)) <= 0) + if (www_path != NULL) { + buf_len = BIO_snprintf(buf, sizeof(buf), fmt_http_get_cmd, + www_path); + if (buf_len <= 0 || SSL_write(scon, buf, buf_len) <= 0) goto end; while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) bytes_read += i; @@ -300,9 +317,9 @@ int s_time_main(int argc, char **argv) BIO_closesocket(SSL_get_fd(scon)); nConn += 1; - if (SSL_session_reused(scon)) + if (SSL_session_reused(scon)) { ver = 'r'; - else { + } else { ver = SSL_version(scon); if (ver == TLS1_VERSION) ver = 't'; @@ -328,7 +345,7 @@ int s_time_main(int argc, char **argv) end: SSL_free(scon); SSL_CTX_free(ctx); - return (ret); + return ret; } /*- @@ -372,11 +389,14 @@ static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx) #if defined(SOL_SOCKET) && defined(SO_LINGER) { struct linger no_linger; + int fd; no_linger.l_onoff = 1; no_linger.l_linger = 0; - (void) setsockopt(SSL_get_fd(serverCon), SOL_SOCKET, SO_LINGER, - (char*)&no_linger, sizeof(no_linger)); + fd = SSL_get_fd(serverCon); + if (fd >= 0) + (void)setsockopt(fd, SOL_SOCKET, SO_LINGER, (char*)&no_linger, + sizeof(no_linger)); } #endif diff --git a/deps/openssl/openssl/apps/sess_id.c b/deps/openssl/openssl/apps/sess_id.c index 2b63e69cdcc0f7..8fd584f3b13119 100644 --- a/deps/openssl/openssl/apps/sess_id.c +++ b/deps/openssl/openssl/apps/sess_id.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,7 @@ #include #include #include "apps.h" +#include "progs.h" #include #include #include @@ -23,13 +24,13 @@ typedef enum OPTION_choice { OPT_TEXT, OPT_CERT, OPT_NOOUT, OPT_CONTEXT } OPTION_CHOICE; -OPTIONS sess_id_options[] = { +const OPTIONS sess_id_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, {"inform", OPT_INFORM, 'F', "Input format - default PEM (DER or PEM)"}, {"outform", OPT_OUTFORM, 'f', "Output format - default PEM (PEM, DER or NSS)"}, {"in", OPT_IN, 's', "Input file - default stdin"}, - {"out", OPT_OUT, 's', "Output file - default stdout"}, + {"out", OPT_OUT, '>', "Output file - default stdout"}, {"text", OPT_TEXT, '-', "Print ssl session id details"}, {"cert", OPT_CERT, '-', "Output certificate "}, {"noout", OPT_NOOUT, '-', "Don't output the encoded session info"}, @@ -100,14 +101,14 @@ int sess_id_main(int argc, char **argv) } peer = SSL_SESSION_get0_peer(x); - if (context) { + if (context != NULL) { size_t ctx_len = strlen(context); if (ctx_len > SSL_MAX_SID_CTX_LENGTH) { BIO_printf(bio_err, "Context too long\n"); goto end; } if (!SSL_SESSION_set1_id_context(x, (unsigned char *)context, - ctx_len)) { + ctx_len)) { BIO_printf(bio_err, "Error setting id context\n"); goto end; } @@ -131,13 +132,13 @@ int sess_id_main(int argc, char **argv) } if (!noout && !cert) { - if (outformat == FORMAT_ASN1) + if (outformat == FORMAT_ASN1) { i = i2d_SSL_SESSION_bio(out, x); - else if (outformat == FORMAT_PEM) + } else if (outformat == FORMAT_PEM) { i = PEM_write_bio_SSL_SESSION(out, x); - else if (outformat == FORMAT_NSS) + } else if (outformat == FORMAT_NSS) { i = SSL_SESSION_print_keylog(out, x); - else { + } else { BIO_printf(bio_err, "bad output format specified for outfile\n"); goto end; } @@ -146,11 +147,11 @@ int sess_id_main(int argc, char **argv) goto end; } } else if (!noout && (peer != NULL)) { /* just print the certificate */ - if (outformat == FORMAT_ASN1) + if (outformat == FORMAT_ASN1) { i = (int)i2d_X509_bio(out, peer); - else if (outformat == FORMAT_PEM) + } else if (outformat == FORMAT_PEM) { i = PEM_write_bio_X509(out, peer); - else { + } else { BIO_printf(bio_err, "bad output format specified for outfile\n"); goto end; } @@ -163,7 +164,7 @@ int sess_id_main(int argc, char **argv) end: BIO_free_all(out); SSL_SESSION_free(x); - return (ret); + return ret; } static SSL_SESSION *load_sess_id(char *infile, int format) @@ -186,5 +187,5 @@ static SSL_SESSION *load_sess_id(char *infile, int format) end: BIO_free(in); - return (x); + return x; } diff --git a/deps/openssl/openssl/apps/smime.c b/deps/openssl/openssl/apps/smime.c index e18d7de75fce9f..6fd473775f45a4 100644 --- a/deps/openssl/openssl/apps/smime.c +++ b/deps/openssl/openssl/apps/smime.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,6 +12,7 @@ #include #include #include "apps.h" +#include "progs.h" #include #include #include @@ -37,15 +38,16 @@ typedef enum OPTION_choice { OPT_PK7OUT, OPT_TEXT, OPT_NOINTERN, OPT_NOVERIFY, OPT_NOCHAIN, OPT_NOCERTS, OPT_NOATTR, OPT_NODETACH, OPT_NOSMIMECAP, OPT_BINARY, OPT_NOSIGS, OPT_STREAM, OPT_INDEF, OPT_NOINDEF, - OPT_CRLFEOL, OPT_RAND, OPT_ENGINE, OPT_PASSIN, + OPT_CRLFEOL, OPT_ENGINE, OPT_PASSIN, OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP, OPT_MD, OPT_CIPHER, OPT_INKEY, OPT_KEYFORM, OPT_CERTFILE, OPT_CAFILE, + OPT_R_ENUM, OPT_V_ENUM, OPT_CAPATH, OPT_NOCAFILE, OPT_NOCAPATH, OPT_IN, OPT_INFORM, OPT_OUT, OPT_OUTFORM, OPT_CONTENT } OPTION_CHOICE; -OPTIONS smime_options[] = { +const OPTIONS smime_options[] = { {OPT_HELP_STR, 1, '-', "Usage: %s [options] cert.pem...\n"}, {OPT_HELP_STR, 1, '-', " cert.pem... recipient certs for encryption\n"}, @@ -89,15 +91,14 @@ OPTIONS smime_options[] = { {"no-CApath", OPT_NOCAPATH, '-', "Do not load certificates from the default certificates directory"}, {"resign", OPT_RESIGN, '-', "Resign a signed message"}, - {"nochain", OPT_NOCHAIN, '-', + {"nochain", OPT_NOCHAIN, '-', "set PKCS7_NOCHAIN so certificates contained in the message are not used as untrusted CAs" }, {"nosmimecap", OPT_NOSMIMECAP, '-', "Omit the SMIMECapabilities attribute"}, {"stream", OPT_STREAM, '-', "Enable CMS streaming" }, {"indef", OPT_INDEF, '-', "Same as -stream" }, {"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"}, {"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR only"}, - {"rand", OPT_RAND, 's', - "Load the file(s) into the random number generator"}, + OPT_R_OPTIONS, {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, {"md", OPT_MD, 's', "Digest algorithm to use when signing or resigning"}, {"", OPT_CIPHER, '-', "Any supported cipher"}, @@ -121,15 +122,12 @@ int smime_main(int argc, char **argv) const EVP_CIPHER *cipher = NULL; const EVP_MD *sign_md = NULL; const char *CAfile = NULL, *CApath = NULL, *prog = NULL; - char *certfile = NULL, *keyfile = NULL, *contfile = NULL, *inrand = NULL; - char *infile = NULL, *outfile = NULL, *signerfile = NULL, *recipfile = - NULL; - char *passinarg = NULL, *passin = NULL, *to = NULL, *from = - NULL, *subject = NULL; + char *certfile = NULL, *keyfile = NULL, *contfile = NULL; + char *infile = NULL, *outfile = NULL, *signerfile = NULL, *recipfile = NULL; + char *passinarg = NULL, *passin = NULL, *to = NULL, *from = NULL, *subject = NULL; OPTION_CHOICE o; int noCApath = 0, noCAfile = 0; - int flags = PKCS7_DETACHED, operation = 0, ret = 0, need_rand = 0, indef = - 0; + int flags = PKCS7_DETACHED, operation = 0, ret = 0, indef = 0; int informat = FORMAT_SMIME, outformat = FORMAT_SMIME, keyform = FORMAT_PEM; int vpmtouched = 0, rv = 0; @@ -224,9 +222,9 @@ int smime_main(int argc, char **argv) flags |= PKCS7_CRLFEOL; mime_eol = "\r\n"; break; - case OPT_RAND: - inrand = opt_arg(); - need_rand = 1; + case OPT_R_CASES: + if (!opt_rand(o)) + goto end; break; case OPT_ENGINE: e = setup_engine(opt_arg(), 0); @@ -245,7 +243,7 @@ int smime_main(int argc, char **argv) break; case OPT_SIGNER: /* If previous -signer argument add signer to list */ - if (signerfile) { + if (signerfile != NULL) { if (sksigners == NULL && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) goto end; @@ -273,7 +271,7 @@ int smime_main(int argc, char **argv) break; case OPT_INKEY: /* If previous -inkey argument add signer to list */ - if (keyfile) { + if (keyfile != NULL) { if (signerfile == NULL) { BIO_printf(bio_err, "%s: Must have -signer before -inkey\n", prog); @@ -323,7 +321,7 @@ int smime_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); - if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners)) { + if (!(operation & SMIME_SIGNERS) && (skkeys != NULL || sksigners != NULL)) { BIO_puts(bio_err, "Multiple signers or keys not allowed\n"); goto opthelp; } @@ -334,8 +332,8 @@ int smime_main(int argc, char **argv) BIO_puts(bio_err, "Illegal -inkey without -signer\n"); goto opthelp; } - if (signerfile) { - if (!sksigners + if (signerfile != NULL) { + if (sksigners == NULL && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) goto end; sk_OPENSSL_STRING_push(sksigners, signerfile); @@ -345,15 +343,14 @@ int smime_main(int argc, char **argv) keyfile = signerfile; sk_OPENSSL_STRING_push(skkeys, keyfile); } - if (!sksigners) { + if (sksigners == NULL) { BIO_printf(bio_err, "No signer certificate specified\n"); goto opthelp; } signerfile = NULL; keyfile = NULL; - need_rand = 1; } else if (operation == SMIME_DECRYPT) { - if (!recipfile && !keyfile) { + if (recipfile == NULL && keyfile == NULL) { BIO_printf(bio_err, "No recipient certificate or key specified\n"); goto opthelp; @@ -363,22 +360,15 @@ int smime_main(int argc, char **argv) BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n"); goto opthelp; } - need_rand = 1; - } else if (!operation) + } else if (!operation) { goto opthelp; + } if (!app_passwd(passinarg, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; } - if (need_rand) { - app_RAND_load_file(NULL, (inrand != NULL)); - if (inrand != NULL) - BIO_printf(bio_err, "%ld semi-random bytes loaded\n", - app_RAND_load_files(inrand)); - } - ret = 2; if (!(operation & SMIME_SIGNERS)) @@ -395,7 +385,7 @@ int smime_main(int argc, char **argv) } if (operation == SMIME_ENCRYPT) { - if (!cipher) { + if (cipher == NULL) { #ifndef OPENSSL_NO_DES cipher = EVP_des_ede3_cbc(); #else @@ -404,9 +394,9 @@ int smime_main(int argc, char **argv) #endif } encerts = sk_X509_new_null(); - if (!encerts) + if (encerts == NULL) goto end; - while (*argv) { + while (*argv != NULL) { cert = load_cert(*argv, FORMAT_PEM, "recipient certificate file"); if (cert == NULL) @@ -417,7 +407,7 @@ int smime_main(int argc, char **argv) } } - if (certfile) { + if (certfile != NULL) { if (!load_certs(certfile, &other, FORMAT_PEM, NULL, "certificate file")) { ERR_print_errors(bio_err); @@ -425,7 +415,7 @@ int smime_main(int argc, char **argv) } } - if (recipfile && (operation == SMIME_DECRYPT)) { + if (recipfile != NULL && (operation == SMIME_DECRYPT)) { if ((recip = load_cert(recipfile, FORMAT_PEM, "recipient certificate file")) == NULL) { ERR_print_errors(bio_err); @@ -434,17 +424,18 @@ int smime_main(int argc, char **argv) } if (operation == SMIME_DECRYPT) { - if (!keyfile) + if (keyfile == NULL) keyfile = recipfile; } else if (operation == SMIME_SIGN) { - if (!keyfile) + if (keyfile == NULL) keyfile = signerfile; - } else + } else { keyfile = NULL; + } - if (keyfile) { + if (keyfile != NULL) { key = load_key(keyfile, keyform, 0, passin, e, "signing key file"); - if (!key) + if (key == NULL) goto end; } @@ -453,22 +444,22 @@ int smime_main(int argc, char **argv) goto end; if (operation & SMIME_IP) { - if (informat == FORMAT_SMIME) + if (informat == FORMAT_SMIME) { p7 = SMIME_read_PKCS7(in, &indata); - else if (informat == FORMAT_PEM) + } else if (informat == FORMAT_PEM) { p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL); - else if (informat == FORMAT_ASN1) + } else if (informat == FORMAT_ASN1) { p7 = d2i_PKCS7_bio(in, NULL); - else { + } else { BIO_printf(bio_err, "Bad input format for PKCS#7 file\n"); goto end; } - if (!p7) { + if (p7 == NULL) { BIO_printf(bio_err, "Error reading S/MIME message\n"); goto end; } - if (contfile) { + if (contfile != NULL) { BIO_free(indata); if ((indata = BIO_new_file(contfile, "rb")) == NULL) { BIO_printf(bio_err, "Can't read content file %s\n", contfile); @@ -505,11 +496,12 @@ int smime_main(int argc, char **argv) if (flags & PKCS7_DETACHED) { if (outformat == FORMAT_SMIME) flags |= PKCS7_STREAM; - } else if (indef) + } else if (indef) { flags |= PKCS7_STREAM; + } flags |= PKCS7_PARTIAL; p7 = PKCS7_sign(NULL, NULL, other, in, flags); - if (!p7) + if (p7 == NULL) goto end; if (flags & PKCS7_NOCERTS) { for (i = 0; i < sk_X509_num(other); i++) { @@ -517,17 +509,18 @@ int smime_main(int argc, char **argv) PKCS7_add_certificate(p7, x); } } - } else + } else { flags |= PKCS7_REUSE_DIGEST; + } for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) { signerfile = sk_OPENSSL_STRING_value(sksigners, i); keyfile = sk_OPENSSL_STRING_value(skkeys, i); signer = load_cert(signerfile, FORMAT_PEM, "signer certificate"); - if (!signer) + if (signer == NULL) goto end; key = load_key(keyfile, keyform, 0, passin, e, "signing key file"); - if (!key) + if (key == NULL) goto end; if (!PKCS7_sign_add_signer(p7, signer, key, sign_md, flags)) goto end; @@ -543,7 +536,7 @@ int smime_main(int argc, char **argv) } } - if (!p7) { + if (p7 == NULL) { BIO_printf(bio_err, "Error creating PKCS#7 structure\n"); goto end; } @@ -569,9 +562,9 @@ int smime_main(int argc, char **argv) goto end; } sk_X509_free(signers); - } else if (operation == SMIME_PK7OUT) + } else if (operation == SMIME_PK7OUT) { PEM_write_bio_PKCS7(out, p7); - else { + } else { if (to) BIO_printf(out, "To: %s%s", to, mime_eol); if (from) @@ -583,11 +576,11 @@ int smime_main(int argc, char **argv) rv = SMIME_write_PKCS7(out, p7, indata, flags); else rv = SMIME_write_PKCS7(out, p7, in, flags); - } else if (outformat == FORMAT_PEM) + } else if (outformat == FORMAT_PEM) { rv = PEM_write_bio_PKCS7_stream(out, p7, in, flags); - else if (outformat == FORMAT_ASN1) + } else if (outformat == FORMAT_ASN1) { rv = i2d_PKCS7_bio_stream(out, p7, in, flags); - else { + } else { BIO_printf(bio_err, "Bad output format for PKCS#7 file\n"); goto end; } @@ -599,8 +592,6 @@ int smime_main(int argc, char **argv) } ret = 0; end: - if (need_rand) - app_RAND_write_file(NULL); if (ret) ERR_print_errors(bio_err); sk_X509_pop_free(encerts, X509_free); @@ -619,17 +610,18 @@ int smime_main(int argc, char **argv) BIO_free(indata); BIO_free_all(out); OPENSSL_free(passin); - return (ret); + return ret; } static int save_certs(char *signerfile, STACK_OF(X509) *signers) { int i; BIO *tmp; - if (!signerfile) + + if (signerfile == NULL) return 1; tmp = BIO_new_file(signerfile, "w"); - if (!tmp) + if (tmp == NULL) return 0; for (i = 0; i < sk_X509_num(signers); i++) PEM_write_bio_X509(tmp, sk_X509_value(signers, i)); @@ -652,5 +644,4 @@ static int smime_cb(int ok, X509_STORE_CTX *ctx) policies_print(ctx); return ok; - } diff --git a/deps/openssl/openssl/apps/speed.c b/deps/openssl/openssl/apps/speed.c index 6672fe606ac032..77c7d623f7fa29 100644 --- a/deps/openssl/openssl/apps/speed.c +++ b/deps/openssl/openssl/apps/speed.c @@ -1,5 +1,6 @@ /* * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,33 +8,20 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * - * Portions of the attached software ("Contribution") are developed by - * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. - * - * The Contribution is licensed pursuant to the OpenSSL open source - * license provided above. - * - * The ECDH and ECDSA speed test software is originally written by - * Sumit Gupta of Sun Microsystems Laboratories. - * - */ - #undef SECONDS #define SECONDS 3 -#define PRIME_SECONDS 10 #define RSA_SECONDS 10 #define DSA_SECONDS 10 #define ECDSA_SECONDS 10 #define ECDH_SECONDS 10 +#define EdDSA_SECONDS 10 #include #include #include #include #include "apps.h" +#include "progs.h" #include #include #include @@ -125,13 +113,19 @@ # define NO_FORK #endif -#undef BUFSIZE -#define BUFSIZE (1024*16+1) #define MAX_MISALIGNMENT 63 - #define MAX_ECDH_SIZE 256 #define MISALIGN 64 +typedef struct openssl_speed_sec_st { + int sym; + int rsa; + int dsa; + int ecdsa; + int ecdh; + int eddsa; +} openssl_speed_sec_t; + static volatile int run = 0; static int mr = 0; @@ -174,7 +168,10 @@ static int AES_cbc_256_encrypt_loop(void *args); static int AES_ige_192_encrypt_loop(void *args); static int AES_ige_256_encrypt_loop(void *args); static int CRYPTO_gcm128_aad_loop(void *args); +static int RAND_bytes_loop(void *args); static int EVP_Update_loop(void *args); +static int EVP_Update_loop_ccm(void *args); +static int EVP_Update_loop_aead(void *args); static int EVP_Digest_loop(void *args); #ifndef OPENSSL_NO_RSA static int RSA_sign_loop(void *args); @@ -187,51 +184,51 @@ static int DSA_verify_loop(void *args); #ifndef OPENSSL_NO_EC static int ECDSA_sign_loop(void *args); static int ECDSA_verify_loop(void *args); -static int ECDH_compute_key_loop(void *args); +static int EdDSA_sign_loop(void *args); +static int EdDSA_verify_loop(void *args); #endif static double Time_F(int s); -static void print_message(const char *s, long num, int length); +static void print_message(const char *s, long num, int length, int tm); static void pkey_print_message(const char *str, const char *str2, - long num, int bits, int sec); + long num, unsigned int bits, int sec); static void print_result(int alg, int run_no, int count, double time_used); #ifndef NO_FORK -static int do_multi(int multi); +static int do_multi(int multi, int size_num); #endif -static const int lengths[] = { +static const int lengths_list[] = { 16, 64, 256, 1024, 8 * 1024, 16 * 1024 }; -#define SIZE_NUM OSSL_NELEM(lengths) +static const int *lengths = lengths_list; -#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) -static const char rnd_seed[] = - "string to make the random number generator think it has entropy"; -#endif +static const int aead_lengths_list[] = { + 2, 31, 136, 1024, 8 * 1024, 16 * 1024 +}; + +#define START 0 +#define STOP 1 #ifdef SIGALRM -# if defined(__STDC__) || defined(sgi) || defined(_AIX) -# define SIGRETTYPE void -# else -# define SIGRETTYPE int -# endif -static SIGRETTYPE sig_done(int sig); -static SIGRETTYPE sig_done(int sig) +static void alarmed(int sig) { - signal(SIGALRM, sig_done); + signal(SIGALRM, alarmed); run = 0; } -#endif -#define START 0 -#define STOP 1 +static double Time_F(int s) +{ + double ret = app_tminterval(s, usertime); + if (s == STOP) + alarm(0); + return ret; +} -#if defined(_WIN32) +#elif defined(_WIN32) + +# define SIGALRM -1 -# if !defined(SIGALRM) -# define SIGALRM -# endif static unsigned int lapse; static volatile unsigned int schlock; static void alarm_win32(unsigned int secs) @@ -275,17 +272,14 @@ static double Time_F(int s) return ret; } #else - static double Time_F(int s) { - double ret = app_tminterval(s, usertime); - if (s == STOP) - alarm(0); - return ret; + return app_tminterval(s, usertime); } #endif -static void multiblock_speed(const EVP_CIPHER *evp_cipher); +static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single, + const openssl_speed_sec_t *seconds); #define found(value, pairs, result)\ opt_found(value, result, pairs, OSSL_NELEM(pairs)) @@ -305,32 +299,42 @@ static int opt_found(const char *name, unsigned int *result, typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ELAPSED, OPT_EVP, OPT_DECRYPT, OPT_ENGINE, OPT_MULTI, - OPT_MR, OPT_MB, OPT_MISALIGN, OPT_ASYNCJOBS + OPT_MR, OPT_MB, OPT_MISALIGN, OPT_ASYNCJOBS, OPT_R_ENUM, + OPT_PRIMES, OPT_SECONDS, OPT_BYTES, OPT_AEAD } OPTION_CHOICE; -OPTIONS speed_options[] = { +const OPTIONS speed_options[] = { {OPT_HELP_STR, 1, '-', "Usage: %s [options] ciphers...\n"}, {OPT_HELP_STR, 1, '-', "Valid options are:\n"}, {"help", OPT_HELP, '-', "Display this summary"}, - {"evp", OPT_EVP, 's', "Use specified EVP cipher"}, + {"evp", OPT_EVP, 's', "Use EVP-named cipher or digest"}, {"decrypt", OPT_DECRYPT, '-', "Time decryption instead of encryption (only EVP)"}, - {"mr", OPT_MR, '-', "Produce machine readable output"}, + {"aead", OPT_AEAD, '-', + "Benchmark EVP-named AEAD cipher in TLS-like sequence"}, {"mb", OPT_MB, '-', - "Enable (tls1.1) multi-block mode on evp_cipher requested with -evp"}, - {"misalign", OPT_MISALIGN, 'n', "Amount to mis-align buffers"}, - {"elapsed", OPT_ELAPSED, '-', - "Measure time in real time instead of CPU user time"}, + "Enable (tls1>=1) multi-block mode on EVP-named cipher"}, + {"mr", OPT_MR, '-', "Produce machine readable output"}, #ifndef NO_FORK {"multi", OPT_MULTI, 'p', "Run benchmarks in parallel"}, #endif #ifndef OPENSSL_NO_ASYNC {"async_jobs", OPT_ASYNCJOBS, 'p', - "Enable async mode and start pnum jobs"}, + "Enable async mode and start specified number of jobs"}, #endif + OPT_R_OPTIONS, #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, #endif + {"elapsed", OPT_ELAPSED, '-', + "Use wall-clock time instead of CPU user time as divisor"}, + {"primes", OPT_PRIMES, 'p', "Specify number of primes (for RSA only)"}, + {"seconds", OPT_SECONDS, 'p', + "Run benchmarks for specified amount of seconds"}, + {"bytes", OPT_BYTES, 'p', + "Run [non-PKI] benchmarks on custom-sized buffer"}, + {"misalign", OPT_MISALIGN, 'p', + "Use specified offset to mis-align buffers"}, {NULL} }; @@ -364,6 +368,7 @@ OPTIONS speed_options[] = { #define D_IGE_192_AES 27 #define D_IGE_256_AES 28 #define D_GHASH 29 +#define D_RAND 30 /* name of algorithms to test */ static const char *names[] = { "md2", "mdc2", "md4", "md5", "hmac(md5)", "sha1", "rmd160", "rc4", @@ -372,9 +377,11 @@ static const char *names[] = { "aes-128 cbc", "aes-192 cbc", "aes-256 cbc", "camellia-128 cbc", "camellia-192 cbc", "camellia-256 cbc", "evp", "sha256", "sha512", "whirlpool", - "aes-128 ige", "aes-192 ige", "aes-256 ige", "ghash" + "aes-128 ige", "aes-192 ige", "aes-256 ige", "ghash", + "rand" }; #define ALGOR_NUM OSSL_NELEM(names) + /* list of configured algorithm (remaining) */ static const OPT_PAIR doit_choices[] = { #ifndef OPENSSL_NO_MD2 @@ -440,10 +447,11 @@ static const OPT_PAIR doit_choices[] = { {"cast", D_CBC_CAST}, {"cast5", D_CBC_CAST}, #endif - {"ghash", D_GHASH} + {"ghash", D_GHASH}, + {"rand", D_RAND} }; -static double results[ALGOR_NUM][SIZE_NUM]; +static double results[ALGOR_NUM][OSSL_NELEM(lengths_list)]; #ifndef OPENSSL_NO_DSA # define R_DSA_512 0 @@ -466,6 +474,7 @@ static double dsa_results[DSA_NUM][2]; /* 2 ops: sign then verify */ #define R_RSA_4096 4 #define R_RSA_7680 5 #define R_RSA_15360 6 +#ifndef OPENSSL_NO_RSA static const OPT_PAIR rsa_choices[] = { {"rsa512", R_RSA_512}, {"rsa1024", R_RSA_1024}, @@ -478,6 +487,7 @@ static const OPT_PAIR rsa_choices[] = { # define RSA_NUM OSSL_NELEM(rsa_choices) static double rsa_results[RSA_NUM][2]; /* 2 ops: sign then verify */ +#endif /* OPENSSL_NO_RSA */ #define R_EC_P160 0 #define R_EC_P192 1 @@ -495,9 +505,16 @@ static double rsa_results[RSA_NUM][2]; /* 2 ops: sign then verify */ #define R_EC_B283 13 #define R_EC_B409 14 #define R_EC_B571 15 -#define R_EC_X25519 16 +#define R_EC_BRP256R1 16 +#define R_EC_BRP256T1 17 +#define R_EC_BRP384R1 18 +#define R_EC_BRP384T1 19 +#define R_EC_BRP512R1 20 +#define R_EC_BRP512T1 21 +#define R_EC_X25519 22 +#define R_EC_X448 23 #ifndef OPENSSL_NO_EC -static const OPT_PAIR ecdsa_choices[] = { +static OPT_PAIR ecdsa_choices[] = { {"ecdsap160", R_EC_P160}, {"ecdsap192", R_EC_P192}, {"ecdsap224", R_EC_P224}, @@ -513,7 +530,13 @@ static const OPT_PAIR ecdsa_choices[] = { {"ecdsab233", R_EC_B233}, {"ecdsab283", R_EC_B283}, {"ecdsab409", R_EC_B409}, - {"ecdsab571", R_EC_B571} + {"ecdsab571", R_EC_B571}, + {"ecdsabrp256r1", R_EC_BRP256R1}, + {"ecdsabrp256t1", R_EC_BRP256T1}, + {"ecdsabrp384r1", R_EC_BRP384R1}, + {"ecdsabrp384t1", R_EC_BRP384T1}, + {"ecdsabrp512r1", R_EC_BRP512R1}, + {"ecdsabrp512t1", R_EC_BRP512T1} }; # define ECDSA_NUM OSSL_NELEM(ecdsa_choices) @@ -536,12 +559,28 @@ static const OPT_PAIR ecdh_choices[] = { {"ecdhb283", R_EC_B283}, {"ecdhb409", R_EC_B409}, {"ecdhb571", R_EC_B571}, + {"ecdhbrp256r1", R_EC_BRP256R1}, + {"ecdhbrp256t1", R_EC_BRP256T1}, + {"ecdhbrp384r1", R_EC_BRP384R1}, + {"ecdhbrp384t1", R_EC_BRP384T1}, + {"ecdhbrp512r1", R_EC_BRP512R1}, + {"ecdhbrp512t1", R_EC_BRP512T1}, {"ecdhx25519", R_EC_X25519}, - {NULL} + {"ecdhx448", R_EC_X448} }; # define EC_NUM OSSL_NELEM(ecdh_choices) static double ecdh_results[EC_NUM][1]; /* 1 op: derivation */ + +#define R_EC_Ed25519 0 +#define R_EC_Ed448 1 +static OPT_PAIR eddsa_choices[] = { + {"ed25519", R_EC_Ed25519}, + {"ed448", R_EC_Ed448} +}; +# define EdDSA_NUM OSSL_NELEM(eddsa_choices) + +static double eddsa_results[EdDSA_NUM][2]; /* 2 ops: sign then verify */ #endif /* OPENSSL_NO_EC */ #ifndef SIGALRM @@ -550,11 +589,7 @@ static double ecdh_results[EC_NUM][1]; /* 1 op: derivation */ #else # define COND(unused_cond) (run && count<0x7fffffff) # define COUNT(d) (count) -#endif /* SIGALRM */ - -static unsigned int testnum; -typedef void *(*kdf_fn) (const void *in, size_t inlen, void *out, - size_t *xoutlen); +#endif /* SIGALRM */ typedef struct loopargs_st { ASYNC_JOB *inprogress_job; @@ -563,7 +598,9 @@ typedef struct loopargs_st { unsigned char *buf2; unsigned char *buf_malloc; unsigned char *buf2_malloc; + unsigned char *key; unsigned int siglen; + size_t sigsize; #ifndef OPENSSL_NO_RSA RSA *rsa_key[RSA_NUM]; #endif @@ -572,35 +609,35 @@ typedef struct loopargs_st { #endif #ifndef OPENSSL_NO_EC EC_KEY *ecdsa[ECDSA_NUM]; - EC_KEY *ecdh_a[EC_NUM]; - EC_KEY *ecdh_b[EC_NUM]; + EVP_PKEY_CTX *ecdh_ctx[EC_NUM]; + EVP_MD_CTX *eddsa_ctx[EdDSA_NUM]; unsigned char *secret_a; unsigned char *secret_b; - size_t outlen; - kdf_fn kdf; + size_t outlen[EC_NUM]; #endif EVP_CIPHER_CTX *ctx; HMAC_CTX *hctx; GCM128_CONTEXT *gcm_ctx; } loopargs_t; - static int run_benchmark(int async_jobs, int (*loop_function) (void *), loopargs_t * loopargs); +static unsigned int testnum; + /* Nb of iterations to do per algorithm and key-size */ -static long c[ALGOR_NUM][SIZE_NUM]; +static long c[ALGOR_NUM][OSSL_NELEM(lengths_list)]; #ifndef OPENSSL_NO_MD2 static int EVP_Digest_MD2_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; unsigned char md2[MD2_DIGEST_LENGTH]; int count; for (count = 0; COND(c[D_MD2][testnum]); count++) { if (!EVP_Digest(buf, (size_t)lengths[testnum], md2, NULL, EVP_md2(), - NULL)) + NULL)) return -1; } return count; @@ -610,14 +647,14 @@ static int EVP_Digest_MD2_loop(void *args) #ifndef OPENSSL_NO_MDC2 static int EVP_Digest_MDC2_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; unsigned char mdc2[MDC2_DIGEST_LENGTH]; int count; for (count = 0; COND(c[D_MDC2][testnum]); count++) { if (!EVP_Digest(buf, (size_t)lengths[testnum], mdc2, NULL, EVP_mdc2(), - NULL)) + NULL)) return -1; } return count; @@ -627,14 +664,14 @@ static int EVP_Digest_MDC2_loop(void *args) #ifndef OPENSSL_NO_MD4 static int EVP_Digest_MD4_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; unsigned char md4[MD4_DIGEST_LENGTH]; int count; for (count = 0; COND(c[D_MD4][testnum]); count++) { if (!EVP_Digest(buf, (size_t)lengths[testnum], md4, NULL, EVP_md4(), - NULL)) + NULL)) return -1; } return count; @@ -644,7 +681,7 @@ static int EVP_Digest_MD4_loop(void *args) #ifndef OPENSSL_NO_MD5 static int MD5_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; unsigned char md5[MD5_DIGEST_LENGTH]; int count; @@ -655,7 +692,7 @@ static int MD5_loop(void *args) static int HMAC_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; HMAC_CTX *hctx = tempargs->hctx; unsigned char hmac[MD5_DIGEST_LENGTH]; @@ -672,7 +709,7 @@ static int HMAC_loop(void *args) static int SHA1_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; unsigned char sha[SHA_DIGEST_LENGTH]; int count; @@ -683,7 +720,7 @@ static int SHA1_loop(void *args) static int SHA256_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; unsigned char sha256[SHA256_DIGEST_LENGTH]; int count; @@ -694,7 +731,7 @@ static int SHA256_loop(void *args) static int SHA512_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; unsigned char sha512[SHA512_DIGEST_LENGTH]; int count; @@ -706,7 +743,7 @@ static int SHA512_loop(void *args) #ifndef OPENSSL_NO_WHIRLPOOL static int WHIRLPOOL_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; unsigned char whirlpool[WHIRLPOOL_DIGEST_LENGTH]; int count; @@ -719,13 +756,13 @@ static int WHIRLPOOL_loop(void *args) #ifndef OPENSSL_NO_RMD160 static int EVP_Digest_RMD160_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; unsigned char rmd160[RIPEMD160_DIGEST_LENGTH]; int count; for (count = 0; COND(c[D_RMD160][testnum]); count++) { if (!EVP_Digest(buf, (size_t)lengths[testnum], &(rmd160[0]), - NULL, EVP_ripemd160(), NULL)) + NULL, EVP_ripemd160(), NULL)) return -1; } return count; @@ -736,7 +773,7 @@ static int EVP_Digest_RMD160_loop(void *args) static RC4_KEY rc4_ks; static int RC4_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; int count; for (count = 0; COND(c[D_RC4][testnum]); count++) @@ -752,24 +789,23 @@ static DES_key_schedule sch2; static DES_key_schedule sch3; static int DES_ncbc_encrypt_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; int count; for (count = 0; COND(c[D_CBC_DES][testnum]); count++) DES_ncbc_encrypt(buf, buf, lengths[testnum], &sch, - &DES_iv, DES_ENCRYPT); + &DES_iv, DES_ENCRYPT); return count; } static int DES_ede3_cbc_encrypt_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; int count; for (count = 0; COND(c[D_EDE3_DES][testnum]); count++) DES_ede3_cbc_encrypt(buf, buf, lengths[testnum], - &sch, &sch2, &sch3, - &DES_iv, DES_ENCRYPT); + &sch, &sch2, &sch3, &DES_iv, DES_ENCRYPT); return count; } #endif @@ -780,82 +816,76 @@ static unsigned char iv[2 * MAX_BLOCK_SIZE / 8]; static AES_KEY aes_ks1, aes_ks2, aes_ks3; static int AES_cbc_128_encrypt_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; int count; for (count = 0; COND(c[D_CBC_128_AES][testnum]); count++) AES_cbc_encrypt(buf, buf, - (size_t)lengths[testnum], &aes_ks1, - iv, AES_ENCRYPT); + (size_t)lengths[testnum], &aes_ks1, iv, AES_ENCRYPT); return count; } static int AES_cbc_192_encrypt_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; int count; for (count = 0; COND(c[D_CBC_192_AES][testnum]); count++) AES_cbc_encrypt(buf, buf, - (size_t)lengths[testnum], &aes_ks2, - iv, AES_ENCRYPT); + (size_t)lengths[testnum], &aes_ks2, iv, AES_ENCRYPT); return count; } static int AES_cbc_256_encrypt_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; int count; for (count = 0; COND(c[D_CBC_256_AES][testnum]); count++) AES_cbc_encrypt(buf, buf, - (size_t)lengths[testnum], &aes_ks3, - iv, AES_ENCRYPT); + (size_t)lengths[testnum], &aes_ks3, iv, AES_ENCRYPT); return count; } static int AES_ige_128_encrypt_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; unsigned char *buf2 = tempargs->buf2; int count; for (count = 0; COND(c[D_IGE_128_AES][testnum]); count++) AES_ige_encrypt(buf, buf2, - (size_t)lengths[testnum], &aes_ks1, - iv, AES_ENCRYPT); + (size_t)lengths[testnum], &aes_ks1, iv, AES_ENCRYPT); return count; } static int AES_ige_192_encrypt_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; unsigned char *buf2 = tempargs->buf2; int count; for (count = 0; COND(c[D_IGE_192_AES][testnum]); count++) AES_ige_encrypt(buf, buf2, - (size_t)lengths[testnum], &aes_ks2, - iv, AES_ENCRYPT); + (size_t)lengths[testnum], &aes_ks2, iv, AES_ENCRYPT); return count; } static int AES_ige_256_encrypt_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; unsigned char *buf2 = tempargs->buf2; int count; for (count = 0; COND(c[D_IGE_256_AES][testnum]); count++) AES_ige_encrypt(buf, buf2, - (size_t)lengths[testnum], &aes_ks3, - iv, AES_ENCRYPT); + (size_t)lengths[testnum], &aes_ks3, iv, AES_ENCRYPT); return count; } static int CRYPTO_gcm128_aad_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; GCM128_CONTEXT *gcm_ctx = tempargs->gcm_ctx; int count; @@ -864,23 +894,83 @@ static int CRYPTO_gcm128_aad_loop(void *args) return count; } +static int RAND_bytes_loop(void *args) +{ + loopargs_t *tempargs = *(loopargs_t **) args; + unsigned char *buf = tempargs->buf; + int count; + + for (count = 0; COND(c[D_RAND][testnum]); count++) + RAND_bytes(buf, lengths[testnum]); + return count; +} + static long save_count = 0; static int decrypt = 0; static int EVP_Update_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; EVP_CIPHER_CTX *ctx = tempargs->ctx; - int outl, count; + int outl, count, rc; #ifndef SIGALRM int nb_iter = save_count * 4 * lengths[0] / lengths[testnum]; #endif + if (decrypt) { + for (count = 0; COND(nb_iter); count++) { + rc = EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]); + if (rc != 1) { + /* reset iv in case of counter overflow */ + EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, -1); + } + } + } else { + for (count = 0; COND(nb_iter); count++) { + rc = EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]); + if (rc != 1) { + /* reset iv in case of counter overflow */ + EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, -1); + } + } + } if (decrypt) - for (count = 0; COND(nb_iter); count++) - EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]); + EVP_DecryptFinal_ex(ctx, buf, &outl); else - for (count = 0; COND(nb_iter); count++) + EVP_EncryptFinal_ex(ctx, buf, &outl); + return count; +} + +/* + * CCM does not support streaming. For the purpose of performance measurement, + * each message is encrypted using the same (key,iv)-pair. Do not use this + * code in your application. + */ +static int EVP_Update_loop_ccm(void *args) +{ + loopargs_t *tempargs = *(loopargs_t **) args; + unsigned char *buf = tempargs->buf; + EVP_CIPHER_CTX *ctx = tempargs->ctx; + int outl, count; + unsigned char tag[12]; +#ifndef SIGALRM + int nb_iter = save_count * 4 * lengths[0] / lengths[testnum]; +#endif + if (decrypt) { + for (count = 0; COND(nb_iter); count++) { + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(tag), tag); + /* reset iv */ + EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv); + /* counter is reset on every update */ + EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]); + } + } else { + for (count = 0; COND(nb_iter); count++) { + /* restore iv length field */ + EVP_EncryptUpdate(ctx, NULL, &outl, NULL, lengths[testnum]); + /* counter is reset on every update */ EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]); + } + } if (decrypt) EVP_DecryptFinal_ex(ctx, buf, &outl); else @@ -888,10 +978,46 @@ static int EVP_Update_loop(void *args) return count; } +/* + * To make AEAD benchmarking more relevant perform TLS-like operations, + * 13-byte AAD followed by payload. But don't use TLS-formatted AAD, as + * payload length is not actually limited by 16KB... + */ +static int EVP_Update_loop_aead(void *args) +{ + loopargs_t *tempargs = *(loopargs_t **) args; + unsigned char *buf = tempargs->buf; + EVP_CIPHER_CTX *ctx = tempargs->ctx; + int outl, count; + unsigned char aad[13] = { 0xcc }; + unsigned char faketag[16] = { 0xcc }; +#ifndef SIGALRM + int nb_iter = save_count * 4 * lengths[0] / lengths[testnum]; +#endif + if (decrypt) { + for (count = 0; COND(nb_iter); count++) { + EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv); + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, + sizeof(faketag), faketag); + EVP_DecryptUpdate(ctx, NULL, &outl, aad, sizeof(aad)); + EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]); + EVP_DecryptFinal_ex(ctx, buf + outl, &outl); + } + } else { + for (count = 0; COND(nb_iter); count++) { + EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv); + EVP_EncryptUpdate(ctx, NULL, &outl, aad, sizeof(aad)); + EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]); + EVP_EncryptFinal_ex(ctx, buf + outl, &outl); + } + } + return count; +} + static const EVP_MD *evp_md = NULL; static int EVP_Digest_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; unsigned char md[EVP_MAX_MD_SIZE]; int count; @@ -911,7 +1037,7 @@ static long rsa_c[RSA_NUM][2]; /* # RSA iteration test */ static int RSA_sign_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; unsigned char *buf2 = tempargs->buf2; unsigned int *rsa_num = &tempargs->siglen; @@ -931,14 +1057,15 @@ static int RSA_sign_loop(void *args) static int RSA_verify_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; unsigned char *buf2 = tempargs->buf2; unsigned int rsa_num = tempargs->siglen; RSA **rsa_key = tempargs->rsa_key; int ret, count; for (count = 0; COND(rsa_c[testnum][1]); count++) { - ret = RSA_verify(NID_md5_sha1, buf, 36, buf2, rsa_num, rsa_key[testnum]); + ret = + RSA_verify(NID_md5_sha1, buf, 36, buf2, rsa_num, rsa_key[testnum]); if (ret <= 0) { BIO_printf(bio_err, "RSA verify failure\n"); ERR_print_errors(bio_err); @@ -954,7 +1081,7 @@ static int RSA_verify_loop(void *args) static long dsa_c[DSA_NUM][2]; static int DSA_sign_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; unsigned char *buf2 = tempargs->buf2; DSA **dsa_key = tempargs->dsa_key; @@ -974,7 +1101,7 @@ static int DSA_sign_loop(void *args) static int DSA_verify_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; unsigned char *buf2 = tempargs->buf2; DSA **dsa_key = tempargs->dsa_key; @@ -997,15 +1124,14 @@ static int DSA_verify_loop(void *args) static long ecdsa_c[ECDSA_NUM][2]; static int ECDSA_sign_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; EC_KEY **ecdsa = tempargs->ecdsa; unsigned char *ecdsasig = tempargs->buf2; unsigned int *ecdsasiglen = &tempargs->siglen; int ret, count; for (count = 0; COND(ecdsa_c[testnum][0]); count++) { - ret = ECDSA_sign(0, buf, 20, - ecdsasig, ecdsasiglen, ecdsa[testnum]); + ret = ECDSA_sign(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[testnum]); if (ret == 0) { BIO_printf(bio_err, "ECDSA sign failure\n"); ERR_print_errors(bio_err); @@ -1018,15 +1144,14 @@ static int ECDSA_sign_loop(void *args) static int ECDSA_verify_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; EC_KEY **ecdsa = tempargs->ecdsa; unsigned char *ecdsasig = tempargs->buf2; unsigned int ecdsasiglen = tempargs->siglen; int ret, count; for (count = 0; COND(ecdsa_c[testnum][1]); count++) { - ret = ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen, - ecdsa[testnum]); + ret = ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[testnum]); if (ret != 1) { BIO_printf(bio_err, "ECDSA verify failure\n"); ERR_print_errors(bio_err); @@ -1040,37 +1165,66 @@ static int ECDSA_verify_loop(void *args) /* ******************************************************************** */ static long ecdh_c[EC_NUM][1]; -static int ECDH_compute_key_loop(void *args) +static int ECDH_EVP_derive_key_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; - EC_KEY **ecdh_a = tempargs->ecdh_a; - EC_KEY **ecdh_b = tempargs->ecdh_b; - unsigned char *secret_a = tempargs->secret_a; + loopargs_t *tempargs = *(loopargs_t **) args; + EVP_PKEY_CTX *ctx = tempargs->ecdh_ctx[testnum]; + unsigned char *derived_secret = tempargs->secret_a; int count; - size_t outlen = tempargs->outlen; - kdf_fn kdf = tempargs->kdf; + size_t *outlen = &(tempargs->outlen[testnum]); + + for (count = 0; COND(ecdh_c[testnum][0]); count++) + EVP_PKEY_derive(ctx, derived_secret, outlen); + + return count; +} + +static long eddsa_c[EdDSA_NUM][2]; +static int EdDSA_sign_loop(void *args) +{ + loopargs_t *tempargs = *(loopargs_t **) args; + unsigned char *buf = tempargs->buf; + EVP_MD_CTX **edctx = tempargs->eddsa_ctx; + unsigned char *eddsasig = tempargs->buf2; + size_t *eddsasigsize = &tempargs->sigsize; + int ret, count; - for (count = 0; COND(ecdh_c[testnum][0]); count++) { - ECDH_compute_key(secret_a, outlen, - EC_KEY_get0_public_key(ecdh_b[testnum]), - ecdh_a[testnum], kdf); + for (count = 0; COND(eddsa_c[testnum][0]); count++) { + ret = EVP_DigestSign(edctx[testnum], eddsasig, eddsasigsize, buf, 20); + if (ret == 0) { + BIO_printf(bio_err, "EdDSA sign failure\n"); + ERR_print_errors(bio_err); + count = -1; + break; + } } return count; } -static const size_t KDF1_SHA1_len = 20; -static void *KDF1_SHA1(const void *in, size_t inlen, void *out, - size_t *outlen) +static int EdDSA_verify_loop(void *args) { - if (*outlen < SHA_DIGEST_LENGTH) - return NULL; - *outlen = SHA_DIGEST_LENGTH; - return SHA1(in, inlen, out); + loopargs_t *tempargs = *(loopargs_t **) args; + unsigned char *buf = tempargs->buf; + EVP_MD_CTX **edctx = tempargs->eddsa_ctx; + unsigned char *eddsasig = tempargs->buf2; + size_t eddsasigsize = tempargs->sigsize; + int ret, count; + + for (count = 0; COND(eddsa_c[testnum][1]); count++) { + ret = EVP_DigestVerify(edctx[testnum], eddsasig, eddsasigsize, buf, 20); + if (ret != 1) { + BIO_printf(bio_err, "EdDSA verify failure\n"); + ERR_print_errors(bio_err); + count = -1; + break; + } + } + return count; } #endif /* OPENSSL_NO_EC */ static int run_benchmark(int async_jobs, - int (*loop_function)(void *), loopargs_t *loopargs) + int (*loop_function) (void *), loopargs_t * loopargs) { int job_op_count = 0; int total_op_count = 0; @@ -1126,14 +1280,16 @@ static int run_benchmark(int async_jobs, if (loopargs[i].inprogress_job == NULL) continue; - if (!ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, NULL, &num_job_fds) - || num_job_fds > 1) { + if (!ASYNC_WAIT_CTX_get_all_fds + (loopargs[i].wait_ctx, NULL, &num_job_fds) + || num_job_fds > 1) { BIO_printf(bio_err, "Too many fds in ASYNC_WAIT_CTX\n"); ERR_print_errors(bio_err); error = 1; break; } - ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, &job_fd, &num_job_fds); + ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, &job_fd, + &num_job_fds); FD_SET(job_fd, &waitfdset); if (job_fd > max_fd) max_fd = job_fd; @@ -1141,9 +1297,9 @@ static int run_benchmark(int async_jobs, if (max_fd >= (OSSL_ASYNC_FD)FD_SETSIZE) { BIO_printf(bio_err, - "Error: max_fd (%d) must be smaller than FD_SETSIZE (%d). " - "Decrease the value of async_jobs\n", - max_fd, FD_SETSIZE); + "Error: max_fd (%d) must be smaller than FD_SETSIZE (%d). " + "Decrease the value of async_jobs\n", + max_fd, FD_SETSIZE); ERR_print_errors(bio_err); error = 1; break; @@ -1168,14 +1324,16 @@ static int run_benchmark(int async_jobs, if (loopargs[i].inprogress_job == NULL) continue; - if (!ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, NULL, &num_job_fds) - || num_job_fds > 1) { + if (!ASYNC_WAIT_CTX_get_all_fds + (loopargs[i].wait_ctx, NULL, &num_job_fds) + || num_job_fds > 1) { BIO_printf(bio_err, "Too many fds in ASYNC_WAIT_CTX\n"); ERR_print_errors(bio_err); error = 1; break; } - ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, &job_fd, &num_job_fds); + ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, &job_fd, + &num_job_fds); #if defined(OPENSSL_SYS_UNIX) if (num_job_fds == 1 && !FD_ISSET(job_fd, &waitfdset)) @@ -1187,9 +1345,10 @@ static int run_benchmark(int async_jobs, continue; #endif - ret = ASYNC_start_job(&loopargs[i].inprogress_job, - loopargs[i].wait_ctx, &job_op_count, loop_function, - (void *)(loopargs + i), sizeof(loopargs_t)); + ret = ASYNC_start_job(&loopargs[i].inprogress_job, + loopargs[i].wait_ctx, &job_op_count, + loop_function, (void *)(loopargs + i), + sizeof(loopargs_t)); switch (ret) { case ASYNC_PAUSE: break; @@ -1228,9 +1387,12 @@ int speed_main(int argc, char **argv) OPTION_CHOICE o; int async_init = 0, multiblock = 0, pr_header = 0; int doit[ALGOR_NUM] = { 0 }; - int ret = 1, misalign = 0; + int ret = 1, misalign = 0, lengths_single = 0, aead = 0; long count = 0; + unsigned int size_num = OSSL_NELEM(lengths_list); unsigned int i, k, loop, loopargs_len = 0, async_jobs = 0; + int keylen; + int buflen; #ifndef NO_FORK int multi = 0; #endif @@ -1238,6 +1400,9 @@ int speed_main(int argc, char **argv) || !defined(OPENSSL_NO_EC) long rsa_count = 1; #endif + openssl_speed_sec_t seconds = { SECONDS, RSA_SECONDS, DSA_SECONDS, + ECDSA_SECONDS, ECDH_SECONDS, + EdDSA_SECONDS }; /* What follows are the buffers and key material. */ #ifndef OPENSSL_NO_RC5 @@ -1312,6 +1477,7 @@ int speed_main(int argc, char **argv) sizeof(test15360) }; int rsa_doit[RSA_NUM] = { 0 }; + int primes = RSA_DEFAULT_PRIME_NUM; #endif #ifndef OPENSSL_NO_DSA static const unsigned int dsa_bits[DSA_NUM] = { 512, 1024, 2048 }; @@ -1323,41 +1489,54 @@ int speed_main(int argc, char **argv) * add tests over more curves, simply add the curve NID and curve name to * the following arrays and increase the |ecdh_choices| list accordingly. */ - static const unsigned int test_curves[EC_NUM] = { - /* Prime Curves */ - NID_secp160r1, NID_X9_62_prime192v1, NID_secp224r1, - NID_X9_62_prime256v1, NID_secp384r1, NID_secp521r1, - /* Binary Curves */ - NID_sect163k1, NID_sect233k1, NID_sect283k1, - NID_sect409k1, NID_sect571k1, NID_sect163r2, - NID_sect233r1, NID_sect283r1, NID_sect409r1, - NID_sect571r1, - /* Other */ - NID_X25519 - }; - static const char *test_curves_names[EC_NUM] = { + static const struct { + const char *name; + unsigned int nid; + unsigned int bits; + } test_curves[] = { /* Prime Curves */ - "secp160r1", "nistp192", "nistp224", - "nistp256", "nistp384", "nistp521", + {"secp160r1", NID_secp160r1, 160}, + {"nistp192", NID_X9_62_prime192v1, 192}, + {"nistp224", NID_secp224r1, 224}, + {"nistp256", NID_X9_62_prime256v1, 256}, + {"nistp384", NID_secp384r1, 384}, + {"nistp521", NID_secp521r1, 521}, /* Binary Curves */ - "nistk163", "nistk233", "nistk283", - "nistk409", "nistk571", "nistb163", - "nistb233", "nistb283", "nistb409", - "nistb571", - /* Other */ - "X25519" + {"nistk163", NID_sect163k1, 163}, + {"nistk233", NID_sect233k1, 233}, + {"nistk283", NID_sect283k1, 283}, + {"nistk409", NID_sect409k1, 409}, + {"nistk571", NID_sect571k1, 571}, + {"nistb163", NID_sect163r2, 163}, + {"nistb233", NID_sect233r1, 233}, + {"nistb283", NID_sect283r1, 283}, + {"nistb409", NID_sect409r1, 409}, + {"nistb571", NID_sect571r1, 571}, + {"brainpoolP256r1", NID_brainpoolP256r1, 256}, + {"brainpoolP256t1", NID_brainpoolP256t1, 256}, + {"brainpoolP384r1", NID_brainpoolP384r1, 384}, + {"brainpoolP384t1", NID_brainpoolP384t1, 384}, + {"brainpoolP512r1", NID_brainpoolP512r1, 512}, + {"brainpoolP512t1", NID_brainpoolP512t1, 512}, + /* Other and ECDH only ones */ + {"X25519", NID_X25519, 253}, + {"X448", NID_X448, 448} }; - static const int test_curves_bits[EC_NUM] = { - 160, 192, 224, - 256, 384, 521, - 163, 233, 283, - 409, 571, 163, - 233, 283, 409, - 571, 253 /* X25519 */ + static const struct { + const char *name; + unsigned int nid; + unsigned int bits; + size_t sigsize; + } test_ed_curves[] = { + /* EdDSA */ + {"Ed25519", NID_ED25519, 253, 64}, + {"Ed448", NID_ED448, 456, 114} }; - int ecdsa_doit[ECDSA_NUM] = { 0 }; int ecdh_doit[EC_NUM] = { 0 }; + int eddsa_doit[EdDSA_NUM] = { 0 }; + OPENSSL_assert(OSSL_NELEM(test_curves) >= EC_NUM); + OPENSSL_assert(OSSL_NELEM(test_ed_curves) >= EdDSA_NUM); #endif /* ndef OPENSSL_NO_EC */ prog = opt_init(argc, argv, speed_options); @@ -1440,13 +1619,33 @@ int speed_main(int argc, char **argv) goto end; #endif break; + case OPT_R_CASES: + if (!opt_rand(o)) + goto end; + break; + case OPT_PRIMES: + if (!opt_int(opt_arg(), &primes)) + goto end; + break; + case OPT_SECONDS: + seconds.sym = seconds.rsa = seconds.dsa = seconds.ecdsa + = seconds.ecdh = seconds.eddsa = atoi(opt_arg()); + break; + case OPT_BYTES: + lengths_single = atoi(opt_arg()); + lengths = &lengths_single; + size_num = 1; + break; + case OPT_AEAD: + aead = 1; + break; } } argc = opt_num_rest(); argv = opt_rest(); /* Remaining arguments are algorithms. */ - for ( ; *argv; argv++) { + for (; *argv; argv++) { if (found(*argv, doit_choices, &i)) { doit[i] = 1; continue; @@ -1486,14 +1685,12 @@ int speed_main(int argc, char **argv) } #endif if (strcmp(*argv, "aes") == 0) { - doit[D_CBC_128_AES] = doit[D_CBC_192_AES] = - doit[D_CBC_256_AES] = 1; + doit[D_CBC_128_AES] = doit[D_CBC_192_AES] = doit[D_CBC_256_AES] = 1; continue; } #ifndef OPENSSL_NO_CAMELLIA if (strcmp(*argv, "camellia") == 0) { - doit[D_CBC_128_CML] = doit[D_CBC_192_CML] = - doit[D_CBC_256_CML] = 1; + doit[D_CBC_128_CML] = doit[D_CBC_192_CML] = doit[D_CBC_256_CML] = 1; continue; } #endif @@ -1516,11 +1713,48 @@ int speed_main(int argc, char **argv) ecdh_doit[i] = 2; continue; } + if (strcmp(*argv, "eddsa") == 0) { + for (loop = 0; loop < OSSL_NELEM(eddsa_doit); loop++) + eddsa_doit[loop] = 1; + continue; + } + if (found(*argv, eddsa_choices, &i)) { + eddsa_doit[i] = 2; + continue; + } #endif BIO_printf(bio_err, "%s: Unknown algorithm %s\n", prog, *argv); goto end; } + /* Sanity checks */ + if (aead) { + if (evp_cipher == NULL) { + BIO_printf(bio_err, "-aead can be used only with an AEAD cipher\n"); + goto end; + } else if (!(EVP_CIPHER_flags(evp_cipher) & + EVP_CIPH_FLAG_AEAD_CIPHER)) { + BIO_printf(bio_err, "%s is not an AEAD cipher\n", + OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher))); + goto end; + } + } + if (multiblock) { + if (evp_cipher == NULL) { + BIO_printf(bio_err,"-mb can be used only with a multi-block" + " capable cipher\n"); + goto end; + } else if (!(EVP_CIPHER_flags(evp_cipher) & + EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) { + BIO_printf(bio_err, "%s is not a multi-block capable\n", + OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher))); + goto end; + } else if (async_jobs > 0) { + BIO_printf(bio_err, "Async mode is not supported with -mb"); + goto end; + } + } + /* Initialize the job pool if async mode is enabled */ if (async_jobs > 0) { async_init = ASYNC_init_thread(async_jobs, async_jobs); @@ -1531,7 +1765,8 @@ int speed_main(int argc, char **argv) } loopargs_len = (async_jobs == 0 ? 1 : async_jobs); - loopargs = app_malloc(loopargs_len * sizeof(loopargs_t), "array of loopargs"); + loopargs = + app_malloc(loopargs_len * sizeof(loopargs_t), "array of loopargs"); memset(loopargs, 0, loopargs_len * sizeof(loopargs_t)); for (i = 0; i < loopargs_len; i++) { @@ -1543,8 +1778,15 @@ int speed_main(int argc, char **argv) } } - loopargs[i].buf_malloc = app_malloc((int)BUFSIZE + MAX_MISALIGNMENT + 1, "input buffer"); - loopargs[i].buf2_malloc = app_malloc((int)BUFSIZE + MAX_MISALIGNMENT + 1, "input buffer"); + buflen = lengths[size_num - 1]; + if (buflen < 36) /* size of random vector in RSA bencmark */ + buflen = 36; + buflen += MAX_MISALIGNMENT + 1; + loopargs[i].buf_malloc = app_malloc(buflen, "input buffer"); + loopargs[i].buf2_malloc = app_malloc(buflen, "input buffer"); + memset(loopargs[i].buf_malloc, 0, buflen); + memset(loopargs[i].buf2_malloc, 0, buflen); + /* Align the start of buffers on a 64 byte boundary */ loopargs[i].buf = loopargs[i].buf_malloc + misalign; loopargs[i].buf2 = loopargs[i].buf2_malloc + misalign; @@ -1555,7 +1797,7 @@ int speed_main(int argc, char **argv) } #ifndef NO_FORK - if (multi && do_multi(multi)) + if (multi && do_multi(multi, size_num)) goto show_res; #endif @@ -1580,6 +1822,8 @@ int speed_main(int argc, char **argv) ecdsa_doit[loop] = 1; for (loop = 0; loop < OSSL_NELEM(ecdh_doit); loop++) ecdh_doit[loop] = 1; + for (loop = 0; loop < OSSL_NELEM(eddsa_doit); loop++) + eddsa_doit[loop] = 1; #endif } for (i = 0; i < ALGOR_NUM; i++) @@ -1593,14 +1837,19 @@ int speed_main(int argc, char **argv) #ifndef OPENSSL_NO_RSA for (i = 0; i < loopargs_len; i++) { + if (primes > RSA_DEFAULT_PRIME_NUM) { + /* for multi-prime RSA, skip this */ + break; + } for (k = 0; k < RSA_NUM; k++) { const unsigned char *p; p = rsa_data[k]; - loopargs[i].rsa_key[k] = d2i_RSAPrivateKey(NULL, &p, rsa_data_length[k]); + loopargs[i].rsa_key[k] = + d2i_RSAPrivateKey(NULL, &p, rsa_data_length[k]); if (loopargs[i].rsa_key[k] == NULL) { - BIO_printf(bio_err, "internal error loading RSA key number %d\n", - k); + BIO_printf(bio_err, + "internal error loading RSA key number %d\n", k); goto end; } } @@ -1608,9 +1857,9 @@ int speed_main(int argc, char **argv) #endif #ifndef OPENSSL_NO_DSA for (i = 0; i < loopargs_len; i++) { - loopargs[i].dsa_key[0] = get_dsa512(); - loopargs[i].dsa_key[1] = get_dsa1024(); - loopargs[i].dsa_key[2] = get_dsa2048(); + loopargs[i].dsa_key[0] = get_dsa(512); + loopargs[i].dsa_key[1] = get_dsa(1024); + loopargs[i].dsa_key[2] = get_dsa(2048); } #endif #ifndef OPENSSL_NO_DES @@ -1690,8 +1939,9 @@ int speed_main(int argc, char **argv) c[D_IGE_192_AES][0] = count; c[D_IGE_256_AES][0] = count; c[D_GHASH][0] = count; + c[D_RAND][0] = count; - for (i = 1; i < SIZE_NUM; i++) { + for (i = 1; i < size_num; i++) { long l0, l1; l0 = (long)lengths[0]; @@ -1708,6 +1958,7 @@ int speed_main(int argc, char **argv) c[D_SHA512][i] = c[D_SHA512][0] * 4 * l0 / l1; c[D_WHIRLPOOL][i] = c[D_WHIRLPOOL][0] * 4 * l0 / l1; c[D_GHASH][i] = c[D_GHASH][0] * 4 * l0 / l1; + c[D_RAND][i] = c[D_RAND][0] * 4 * l0 / l1; l0 = (long)lengths[i - 1]; @@ -1741,7 +1992,7 @@ int speed_main(int argc, char **argv) rsa_doit[i] = 0; else { if (rsa_c[i][0] == 0) { - rsa_c[i][0] = 1; /* Set minimum iteration Nb to 1. */ + rsa_c[i][0] = 1; /* Set minimum iteration Nb to 1. */ rsa_c[i][1] = 20; } } @@ -1758,7 +2009,7 @@ int speed_main(int argc, char **argv) dsa_doit[i] = 0; else { if (dsa_c[i][0] == 0) { - dsa_c[i][0] = 1; /* Set minimum iteration Nb to 1. */ + dsa_c[i][0] = 1; /* Set minimum iteration Nb to 1. */ dsa_c[i][1] = 1; } } @@ -1842,24 +2093,50 @@ int speed_main(int argc, char **argv) } } } - /* default iteration count for the last EC Curve */ + /* repeated code good to factorize */ + ecdh_c[R_EC_BRP256R1][0] = count / 1000; + for (i = R_EC_BRP384R1; i <= R_EC_BRP512R1; i += 2) { + ecdh_c[i][0] = ecdh_c[i - 2][0] / 2; + if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0) + ecdh_doit[i] = 0; + else { + if (ecdh_c[i][0] == 0) { + ecdh_c[i][0] = 1; + } + } + } + ecdh_c[R_EC_BRP256T1][0] = count / 1000; + for (i = R_EC_BRP384T1; i <= R_EC_BRP512T1; i += 2) { + ecdh_c[i][0] = ecdh_c[i - 2][0] / 2; + if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0) + ecdh_doit[i] = 0; + else { + if (ecdh_c[i][0] == 0) { + ecdh_c[i][0] = 1; + } + } + } + /* default iteration count for the last two EC Curves */ ecdh_c[R_EC_X25519][0] = count / 1800; + ecdh_c[R_EC_X448][0] = count / 7200; + + eddsa_c[R_EC_Ed25519][0] = count / 1800; + eddsa_c[R_EC_Ed448][0] = count / 7200; # endif # else /* not worth fixing */ # error "You cannot disable DES on systems without SIGALRM." -# endif /* OPENSSL_NO_DES */ -#else -# ifndef _WIN32 - signal(SIGALRM, sig_done); -# endif -#endif /* SIGALRM */ +# endif /* OPENSSL_NO_DES */ +#elif SIGALRM > 0 + signal(SIGALRM, alarmed); +#endif /* SIGALRM */ #ifndef OPENSSL_NO_MD2 if (doit[D_MD2]) { - for (testnum = 0; testnum < SIZE_NUM; testnum++) { - print_message(names[D_MD2], c[D_MD2][testnum], lengths[testnum]); + for (testnum = 0; testnum < size_num; testnum++) { + print_message(names[D_MD2], c[D_MD2][testnum], lengths[testnum], + seconds.sym); Time_F(START); count = run_benchmark(async_jobs, EVP_Digest_MD2_loop, loopargs); d = Time_F(STOP); @@ -1869,8 +2146,9 @@ int speed_main(int argc, char **argv) #endif #ifndef OPENSSL_NO_MDC2 if (doit[D_MDC2]) { - for (testnum = 0; testnum < SIZE_NUM; testnum++) { - print_message(names[D_MDC2], c[D_MDC2][testnum], lengths[testnum]); + for (testnum = 0; testnum < size_num; testnum++) { + print_message(names[D_MDC2], c[D_MDC2][testnum], lengths[testnum], + seconds.sym); Time_F(START); count = run_benchmark(async_jobs, EVP_Digest_MDC2_loop, loopargs); d = Time_F(STOP); @@ -1881,8 +2159,9 @@ int speed_main(int argc, char **argv) #ifndef OPENSSL_NO_MD4 if (doit[D_MD4]) { - for (testnum = 0; testnum < SIZE_NUM; testnum++) { - print_message(names[D_MD4], c[D_MD4][testnum], lengths[testnum]); + for (testnum = 0; testnum < size_num; testnum++) { + print_message(names[D_MD4], c[D_MD4][testnum], lengths[testnum], + seconds.sym); Time_F(START); count = run_benchmark(async_jobs, EVP_Digest_MD4_loop, loopargs); d = Time_F(STOP); @@ -1893,8 +2172,9 @@ int speed_main(int argc, char **argv) #ifndef OPENSSL_NO_MD5 if (doit[D_MD5]) { - for (testnum = 0; testnum < SIZE_NUM; testnum++) { - print_message(names[D_MD5], c[D_MD5][testnum], lengths[testnum]); + for (testnum = 0; testnum < size_num; testnum++) { + print_message(names[D_MD5], c[D_MD5][testnum], lengths[testnum], + seconds.sym); Time_F(START); count = run_benchmark(async_jobs, MD5_loop, loopargs); d = Time_F(STOP); @@ -1915,8 +2195,9 @@ int speed_main(int argc, char **argv) HMAC_Init_ex(loopargs[i].hctx, hmac_key, len, EVP_md5(), NULL); } - for (testnum = 0; testnum < SIZE_NUM; testnum++) { - print_message(names[D_HMAC], c[D_HMAC][testnum], lengths[testnum]); + for (testnum = 0; testnum < size_num; testnum++) { + print_message(names[D_HMAC], c[D_HMAC][testnum], lengths[testnum], + seconds.sym); Time_F(START); count = run_benchmark(async_jobs, HMAC_loop, loopargs); d = Time_F(STOP); @@ -1928,8 +2209,9 @@ int speed_main(int argc, char **argv) } #endif if (doit[D_SHA1]) { - for (testnum = 0; testnum < SIZE_NUM; testnum++) { - print_message(names[D_SHA1], c[D_SHA1][testnum], lengths[testnum]); + for (testnum = 0; testnum < size_num; testnum++) { + print_message(names[D_SHA1], c[D_SHA1][testnum], lengths[testnum], + seconds.sym); Time_F(START); count = run_benchmark(async_jobs, SHA1_loop, loopargs); d = Time_F(STOP); @@ -1937,8 +2219,9 @@ int speed_main(int argc, char **argv) } } if (doit[D_SHA256]) { - for (testnum = 0; testnum < SIZE_NUM; testnum++) { - print_message(names[D_SHA256], c[D_SHA256][testnum], lengths[testnum]); + for (testnum = 0; testnum < size_num; testnum++) { + print_message(names[D_SHA256], c[D_SHA256][testnum], + lengths[testnum], seconds.sym); Time_F(START); count = run_benchmark(async_jobs, SHA256_loop, loopargs); d = Time_F(STOP); @@ -1946,19 +2229,20 @@ int speed_main(int argc, char **argv) } } if (doit[D_SHA512]) { - for (testnum = 0; testnum < SIZE_NUM; testnum++) { - print_message(names[D_SHA512], c[D_SHA512][testnum], lengths[testnum]); + for (testnum = 0; testnum < size_num; testnum++) { + print_message(names[D_SHA512], c[D_SHA512][testnum], + lengths[testnum], seconds.sym); Time_F(START); count = run_benchmark(async_jobs, SHA512_loop, loopargs); d = Time_F(STOP); print_result(D_SHA512, testnum, count, d); } } - #ifndef OPENSSL_NO_WHIRLPOOL if (doit[D_WHIRLPOOL]) { - for (testnum = 0; testnum < SIZE_NUM; testnum++) { - print_message(names[D_WHIRLPOOL], c[D_WHIRLPOOL][testnum], lengths[testnum]); + for (testnum = 0; testnum < size_num; testnum++) { + print_message(names[D_WHIRLPOOL], c[D_WHIRLPOOL][testnum], + lengths[testnum], seconds.sym); Time_F(START); count = run_benchmark(async_jobs, WHIRLPOOL_loop, loopargs); d = Time_F(STOP); @@ -1969,8 +2253,9 @@ int speed_main(int argc, char **argv) #ifndef OPENSSL_NO_RMD160 if (doit[D_RMD160]) { - for (testnum = 0; testnum < SIZE_NUM; testnum++) { - print_message(names[D_RMD160], c[D_RMD160][testnum], lengths[testnum]); + for (testnum = 0; testnum < size_num; testnum++) { + print_message(names[D_RMD160], c[D_RMD160][testnum], + lengths[testnum], seconds.sym); Time_F(START); count = run_benchmark(async_jobs, EVP_Digest_RMD160_loop, loopargs); d = Time_F(STOP); @@ -1980,8 +2265,9 @@ int speed_main(int argc, char **argv) #endif #ifndef OPENSSL_NO_RC4 if (doit[D_RC4]) { - for (testnum = 0; testnum < SIZE_NUM; testnum++) { - print_message(names[D_RC4], c[D_RC4][testnum], lengths[testnum]); + for (testnum = 0; testnum < size_num; testnum++) { + print_message(names[D_RC4], c[D_RC4][testnum], lengths[testnum], + seconds.sym); Time_F(START); count = run_benchmark(async_jobs, RC4_loop, loopargs); d = Time_F(STOP); @@ -1991,8 +2277,9 @@ int speed_main(int argc, char **argv) #endif #ifndef OPENSSL_NO_DES if (doit[D_CBC_DES]) { - for (testnum = 0; testnum < SIZE_NUM; testnum++) { - print_message(names[D_CBC_DES], c[D_CBC_DES][testnum], lengths[testnum]); + for (testnum = 0; testnum < size_num; testnum++) { + print_message(names[D_CBC_DES], c[D_CBC_DES][testnum], + lengths[testnum], seconds.sym); Time_F(START); count = run_benchmark(async_jobs, DES_ncbc_encrypt_loop, loopargs); d = Time_F(STOP); @@ -2001,10 +2288,12 @@ int speed_main(int argc, char **argv) } if (doit[D_EDE3_DES]) { - for (testnum = 0; testnum < SIZE_NUM; testnum++) { - print_message(names[D_EDE3_DES], c[D_EDE3_DES][testnum], lengths[testnum]); + for (testnum = 0; testnum < size_num; testnum++) { + print_message(names[D_EDE3_DES], c[D_EDE3_DES][testnum], + lengths[testnum], seconds.sym); Time_F(START); - count = run_benchmark(async_jobs, DES_ede3_cbc_encrypt_loop, loopargs); + count = + run_benchmark(async_jobs, DES_ede3_cbc_encrypt_loop, loopargs); d = Time_F(STOP); print_result(D_EDE3_DES, testnum, count, d); } @@ -2012,74 +2301,83 @@ int speed_main(int argc, char **argv) #endif if (doit[D_CBC_128_AES]) { - for (testnum = 0; testnum < SIZE_NUM; testnum++) { + for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_CBC_128_AES], c[D_CBC_128_AES][testnum], - lengths[testnum]); + lengths[testnum], seconds.sym); Time_F(START); - count = run_benchmark(async_jobs, AES_cbc_128_encrypt_loop, loopargs); + count = + run_benchmark(async_jobs, AES_cbc_128_encrypt_loop, loopargs); d = Time_F(STOP); print_result(D_CBC_128_AES, testnum, count, d); } } if (doit[D_CBC_192_AES]) { - for (testnum = 0; testnum < SIZE_NUM; testnum++) { + for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_CBC_192_AES], c[D_CBC_192_AES][testnum], - lengths[testnum]); + lengths[testnum], seconds.sym); Time_F(START); - count = run_benchmark(async_jobs, AES_cbc_192_encrypt_loop, loopargs); + count = + run_benchmark(async_jobs, AES_cbc_192_encrypt_loop, loopargs); d = Time_F(STOP); print_result(D_CBC_192_AES, testnum, count, d); } } if (doit[D_CBC_256_AES]) { - for (testnum = 0; testnum < SIZE_NUM; testnum++) { + for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_CBC_256_AES], c[D_CBC_256_AES][testnum], - lengths[testnum]); + lengths[testnum], seconds.sym); Time_F(START); - count = run_benchmark(async_jobs, AES_cbc_256_encrypt_loop, loopargs); + count = + run_benchmark(async_jobs, AES_cbc_256_encrypt_loop, loopargs); d = Time_F(STOP); print_result(D_CBC_256_AES, testnum, count, d); } } if (doit[D_IGE_128_AES]) { - for (testnum = 0; testnum < SIZE_NUM; testnum++) { + for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_IGE_128_AES], c[D_IGE_128_AES][testnum], - lengths[testnum]); + lengths[testnum], seconds.sym); Time_F(START); - count = run_benchmark(async_jobs, AES_ige_128_encrypt_loop, loopargs); + count = + run_benchmark(async_jobs, AES_ige_128_encrypt_loop, loopargs); d = Time_F(STOP); print_result(D_IGE_128_AES, testnum, count, d); } } if (doit[D_IGE_192_AES]) { - for (testnum = 0; testnum < SIZE_NUM; testnum++) { + for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_IGE_192_AES], c[D_IGE_192_AES][testnum], - lengths[testnum]); + lengths[testnum], seconds.sym); Time_F(START); - count = run_benchmark(async_jobs, AES_ige_192_encrypt_loop, loopargs); + count = + run_benchmark(async_jobs, AES_ige_192_encrypt_loop, loopargs); d = Time_F(STOP); print_result(D_IGE_192_AES, testnum, count, d); } } if (doit[D_IGE_256_AES]) { - for (testnum = 0; testnum < SIZE_NUM; testnum++) { + for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_IGE_256_AES], c[D_IGE_256_AES][testnum], - lengths[testnum]); + lengths[testnum], seconds.sym); Time_F(START); - count = run_benchmark(async_jobs, AES_ige_256_encrypt_loop, loopargs); + count = + run_benchmark(async_jobs, AES_ige_256_encrypt_loop, loopargs); d = Time_F(STOP); print_result(D_IGE_256_AES, testnum, count, d); } } if (doit[D_GHASH]) { for (i = 0; i < loopargs_len; i++) { - loopargs[i].gcm_ctx = CRYPTO_gcm128_new(&aes_ks1, (block128_f) AES_encrypt); - CRYPTO_gcm128_setiv(loopargs[i].gcm_ctx, (unsigned char *)"0123456789ab", 12); + loopargs[i].gcm_ctx = + CRYPTO_gcm128_new(&aes_ks1, (block128_f) AES_encrypt); + CRYPTO_gcm128_setiv(loopargs[i].gcm_ctx, + (unsigned char *)"0123456789ab", 12); } - for (testnum = 0; testnum < SIZE_NUM; testnum++) { - print_message(names[D_GHASH], c[D_GHASH][testnum], lengths[testnum]); + for (testnum = 0; testnum < size_num; testnum++) { + print_message(names[D_GHASH], c[D_GHASH][testnum], + lengths[testnum], seconds.sym); Time_F(START); count = run_benchmark(async_jobs, CRYPTO_gcm128_aad_loop, loopargs); d = Time_F(STOP); @@ -2088,7 +2386,6 @@ int speed_main(int argc, char **argv) for (i = 0; i < loopargs_len; i++) CRYPTO_gcm128_release(loopargs[i].gcm_ctx); } - #ifndef OPENSSL_NO_CAMELLIA if (doit[D_CBC_128_CML]) { if (async_jobs > 0) { @@ -2096,9 +2393,9 @@ int speed_main(int argc, char **argv) names[D_CBC_128_CML]); doit[D_CBC_128_CML] = 0; } - for (testnum = 0; testnum < SIZE_NUM && async_init == 0; testnum++) { + for (testnum = 0; testnum < size_num && async_init == 0; testnum++) { print_message(names[D_CBC_128_CML], c[D_CBC_128_CML][testnum], - lengths[testnum]); + lengths[testnum], seconds.sym); Time_F(START); for (count = 0, run = 1; COND(c[D_CBC_128_CML][testnum]); count++) Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, @@ -2114,9 +2411,9 @@ int speed_main(int argc, char **argv) names[D_CBC_192_CML]); doit[D_CBC_192_CML] = 0; } - for (testnum = 0; testnum < SIZE_NUM && async_init == 0; testnum++) { + for (testnum = 0; testnum < size_num && async_init == 0; testnum++) { print_message(names[D_CBC_192_CML], c[D_CBC_192_CML][testnum], - lengths[testnum]); + lengths[testnum], seconds.sym); if (async_jobs > 0) { BIO_printf(bio_err, "Async mode is not supported, exiting..."); exit(1); @@ -2136,9 +2433,9 @@ int speed_main(int argc, char **argv) names[D_CBC_256_CML]); doit[D_CBC_256_CML] = 0; } - for (testnum = 0; testnum < SIZE_NUM && async_init == 0; testnum++) { + for (testnum = 0; testnum < size_num && async_init == 0; testnum++) { print_message(names[D_CBC_256_CML], c[D_CBC_256_CML][testnum], - lengths[testnum]); + lengths[testnum], seconds.sym); Time_F(START); for (count = 0, run = 1; COND(c[D_CBC_256_CML][testnum]); count++) Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, @@ -2156,8 +2453,9 @@ int speed_main(int argc, char **argv) names[D_CBC_IDEA]); doit[D_CBC_IDEA] = 0; } - for (testnum = 0; testnum < SIZE_NUM && async_init == 0; testnum++) { - print_message(names[D_CBC_IDEA], c[D_CBC_IDEA][testnum], lengths[testnum]); + for (testnum = 0; testnum < size_num && async_init == 0; testnum++) { + print_message(names[D_CBC_IDEA], c[D_CBC_IDEA][testnum], + lengths[testnum], seconds.sym); Time_F(START); for (count = 0, run = 1; COND(c[D_CBC_IDEA][testnum]); count++) IDEA_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, @@ -2175,8 +2473,9 @@ int speed_main(int argc, char **argv) names[D_CBC_SEED]); doit[D_CBC_SEED] = 0; } - for (testnum = 0; testnum < SIZE_NUM && async_init == 0; testnum++) { - print_message(names[D_CBC_SEED], c[D_CBC_SEED][testnum], lengths[testnum]); + for (testnum = 0; testnum < size_num && async_init == 0; testnum++) { + print_message(names[D_CBC_SEED], c[D_CBC_SEED][testnum], + lengths[testnum], seconds.sym); Time_F(START); for (count = 0, run = 1; COND(c[D_CBC_SEED][testnum]); count++) SEED_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, @@ -2193,8 +2492,9 @@ int speed_main(int argc, char **argv) names[D_CBC_RC2]); doit[D_CBC_RC2] = 0; } - for (testnum = 0; testnum < SIZE_NUM && async_init == 0; testnum++) { - print_message(names[D_CBC_RC2], c[D_CBC_RC2][testnum], lengths[testnum]); + for (testnum = 0; testnum < size_num && async_init == 0; testnum++) { + print_message(names[D_CBC_RC2], c[D_CBC_RC2][testnum], + lengths[testnum], seconds.sym); if (async_jobs > 0) { BIO_printf(bio_err, "Async mode is not supported, exiting..."); exit(1); @@ -2216,8 +2516,9 @@ int speed_main(int argc, char **argv) names[D_CBC_RC5]); doit[D_CBC_RC5] = 0; } - for (testnum = 0; testnum < SIZE_NUM && async_init == 0; testnum++) { - print_message(names[D_CBC_RC5], c[D_CBC_RC5][testnum], lengths[testnum]); + for (testnum = 0; testnum < size_num && async_init == 0; testnum++) { + print_message(names[D_CBC_RC5], c[D_CBC_RC5][testnum], + lengths[testnum], seconds.sym); if (async_jobs > 0) { BIO_printf(bio_err, "Async mode is not supported, exiting..."); exit(1); @@ -2239,8 +2540,9 @@ int speed_main(int argc, char **argv) names[D_CBC_BF]); doit[D_CBC_BF] = 0; } - for (testnum = 0; testnum < SIZE_NUM && async_init == 0; testnum++) { - print_message(names[D_CBC_BF], c[D_CBC_BF][testnum], lengths[testnum]); + for (testnum = 0; testnum < size_num && async_init == 0; testnum++) { + print_message(names[D_CBC_BF], c[D_CBC_BF][testnum], + lengths[testnum], seconds.sym); Time_F(START); for (count = 0, run = 1; COND(c[D_CBC_BF][testnum]); count++) BF_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, @@ -2258,8 +2560,9 @@ int speed_main(int argc, char **argv) names[D_CBC_CAST]); doit[D_CBC_CAST] = 0; } - for (testnum = 0; testnum < SIZE_NUM && async_init == 0; testnum++) { - print_message(names[D_CBC_CAST], c[D_CBC_CAST][testnum], lengths[testnum]); + for (testnum = 0; testnum < size_num && async_init == 0; testnum++) { + print_message(names[D_CBC_CAST], c[D_CBC_CAST][testnum], + lengths[testnum], seconds.sym); Time_F(START); for (count = 0, run = 1; COND(c[D_CBC_CAST][testnum]); count++) CAST_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, @@ -2270,63 +2573,85 @@ int speed_main(int argc, char **argv) } } #endif + if (doit[D_RAND]) { + for (testnum = 0; testnum < size_num; testnum++) { + print_message(names[D_RAND], c[D_RAND][testnum], lengths[testnum], + seconds.sym); + Time_F(START); + count = run_benchmark(async_jobs, RAND_bytes_loop, loopargs); + d = Time_F(STOP); + print_result(D_RAND, testnum, count, d); + } + } if (doit[D_EVP]) { - if (multiblock && evp_cipher) { - if (! - (EVP_CIPHER_flags(evp_cipher) & - EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) { - BIO_printf(bio_err, "%s is not multi-block capable\n", - OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher))); + if (evp_cipher != NULL) { + int (*loopfunc)(void *args) = EVP_Update_loop; + + if (multiblock && (EVP_CIPHER_flags(evp_cipher) & + EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) { + multiblock_speed(evp_cipher, lengths_single, &seconds); + ret = 0; goto end; } - if (async_jobs > 0) { - BIO_printf(bio_err, "Async mode is not supported, exiting..."); - exit(1); + + names[D_EVP] = OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher)); + + if (EVP_CIPHER_mode(evp_cipher) == EVP_CIPH_CCM_MODE) { + loopfunc = EVP_Update_loop_ccm; + } else if (aead && (EVP_CIPHER_flags(evp_cipher) & + EVP_CIPH_FLAG_AEAD_CIPHER)) { + loopfunc = EVP_Update_loop_aead; + if (lengths == lengths_list) { + lengths = aead_lengths_list; + size_num = OSSL_NELEM(aead_lengths_list); + } } - multiblock_speed(evp_cipher); - ret = 0; - goto end; - } - for (testnum = 0; testnum < SIZE_NUM; testnum++) { - if (evp_cipher) { - names[D_EVP] = OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher)); - /* - * -O3 -fschedule-insns messes up an optimization here! - * names[D_EVP] somehow becomes NULL - */ - print_message(names[D_EVP], save_count, lengths[testnum]); + for (testnum = 0; testnum < size_num; testnum++) { + print_message(names[D_EVP], save_count, lengths[testnum], + seconds.sym); for (k = 0; k < loopargs_len; k++) { loopargs[k].ctx = EVP_CIPHER_CTX_new(); - if (decrypt) - EVP_DecryptInit_ex(loopargs[k].ctx, evp_cipher, NULL, key16, iv); - else - EVP_EncryptInit_ex(loopargs[k].ctx, evp_cipher, NULL, key16, iv); + EVP_CipherInit_ex(loopargs[k].ctx, evp_cipher, NULL, NULL, + iv, decrypt ? 0 : 1); + EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0); + + keylen = EVP_CIPHER_CTX_key_length(loopargs[k].ctx); + loopargs[k].key = app_malloc(keylen, "evp_cipher key"); + EVP_CIPHER_CTX_rand_key(loopargs[k].ctx, loopargs[k].key); + EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL, + loopargs[k].key, NULL, -1); + OPENSSL_clear_free(loopargs[k].key, keylen); } Time_F(START); - count = run_benchmark(async_jobs, EVP_Update_loop, loopargs); + count = run_benchmark(async_jobs, loopfunc, loopargs); d = Time_F(STOP); for (k = 0; k < loopargs_len; k++) { EVP_CIPHER_CTX_free(loopargs[k].ctx); } + print_result(D_EVP, testnum, count, d); } - if (evp_md) { - names[D_EVP] = OBJ_nid2ln(EVP_MD_type(evp_md)); - print_message(names[D_EVP], save_count, lengths[testnum]); + } else if (evp_md != NULL) { + names[D_EVP] = OBJ_nid2ln(EVP_MD_type(evp_md)); + + for (testnum = 0; testnum < size_num; testnum++) { + print_message(names[D_EVP], save_count, lengths[testnum], + seconds.sym); Time_F(START); count = run_benchmark(async_jobs, EVP_Digest_loop, loopargs); d = Time_F(STOP); + print_result(D_EVP, testnum, count, d); } - print_result(D_EVP, testnum, count, d); } } for (i = 0; i < loopargs_len; i++) - RAND_bytes(loopargs[i].buf, 36); + if (RAND_bytes(loopargs[i].buf, 36) <= 0) + goto end; #ifndef OPENSSL_NO_RSA for (testnum = 0; testnum < RSA_NUM; testnum++) { @@ -2334,6 +2659,34 @@ int speed_main(int argc, char **argv) if (!rsa_doit[testnum]) continue; for (i = 0; i < loopargs_len; i++) { + if (primes > 2) { + /* we haven't set keys yet, generate multi-prime RSA keys */ + BIGNUM *bn = BN_new(); + + if (bn == NULL) + goto end; + if (!BN_set_word(bn, RSA_F4)) { + BN_free(bn); + goto end; + } + + BIO_printf(bio_err, "Generate multi-prime RSA key for %s\n", + rsa_choices[testnum].name); + + loopargs[i].rsa_key[testnum] = RSA_new(); + if (loopargs[i].rsa_key[testnum] == NULL) { + BN_free(bn); + goto end; + } + + if (!RSA_generate_multi_prime_key(loopargs[i].rsa_key[testnum], + rsa_bits[testnum], + primes, bn, NULL)) { + BN_free(bn); + goto end; + } + BN_free(bn); + } st = RSA_sign(NID_md5_sha1, loopargs[i].buf, 36, loopargs[i].buf2, &loopargs[i].siglen, loopargs[i].rsa_key[testnum]); if (st == 0) @@ -2346,16 +2699,17 @@ int speed_main(int argc, char **argv) rsa_count = 1; } else { pkey_print_message("private", "rsa", - rsa_c[testnum][0], rsa_bits[testnum], RSA_SECONDS); + rsa_c[testnum][0], rsa_bits[testnum], + seconds.rsa); /* RSA_blinding_on(rsa_key[testnum],NULL); */ Time_F(START); count = run_benchmark(async_jobs, RSA_sign_loop, loopargs); d = Time_F(STOP); BIO_printf(bio_err, mr ? "+R1:%ld:%d:%.2f\n" - : "%ld %d bit private RSA's in %.2fs\n", + : "%ld %u bits private RSA's in %.2fs\n", count, rsa_bits[testnum], d); - rsa_results[testnum][0] = d / (double)count; + rsa_results[testnum][0] = (double)count / d; rsa_count = count; } @@ -2372,15 +2726,16 @@ int speed_main(int argc, char **argv) rsa_doit[testnum] = 0; } else { pkey_print_message("public", "rsa", - rsa_c[testnum][1], rsa_bits[testnum], RSA_SECONDS); + rsa_c[testnum][1], rsa_bits[testnum], + seconds.rsa); Time_F(START); count = run_benchmark(async_jobs, RSA_verify_loop, loopargs); d = Time_F(STOP); BIO_printf(bio_err, mr ? "+R2:%ld:%d:%.2f\n" - : "%ld %d bit public RSA's in %.2fs\n", + : "%ld %u bits public RSA's in %.2fs\n", count, rsa_bits[testnum], d); - rsa_results[testnum][1] = d / (double)count; + rsa_results[testnum][1] = (double)count / d; } if (rsa_count <= 1) { @@ -2392,12 +2747,10 @@ int speed_main(int argc, char **argv) #endif /* OPENSSL_NO_RSA */ for (i = 0; i < loopargs_len; i++) - RAND_bytes(loopargs[i].buf, 36); + if (RAND_bytes(loopargs[i].buf, 36) <= 0) + goto end; #ifndef OPENSSL_NO_DSA - if (RAND_status() != 1) { - RAND_seed(rnd_seed, sizeof(rnd_seed)); - } for (testnum = 0; testnum < DSA_NUM; testnum++) { int st = 0; if (!dsa_doit[testnum]) @@ -2418,15 +2771,16 @@ int speed_main(int argc, char **argv) rsa_count = 1; } else { pkey_print_message("sign", "dsa", - dsa_c[testnum][0], dsa_bits[testnum], DSA_SECONDS); + dsa_c[testnum][0], dsa_bits[testnum], + seconds.dsa); Time_F(START); count = run_benchmark(async_jobs, DSA_sign_loop, loopargs); d = Time_F(STOP); BIO_printf(bio_err, - mr ? "+R3:%ld:%d:%.2f\n" - : "%ld %d bit DSA signs in %.2fs\n", + mr ? "+R3:%ld:%u:%.2f\n" + : "%ld %u bits DSA signs in %.2fs\n", count, dsa_bits[testnum], d); - dsa_results[testnum][0] = d / (double)count; + dsa_results[testnum][0] = (double)count / d; rsa_count = count; } @@ -2443,15 +2797,16 @@ int speed_main(int argc, char **argv) dsa_doit[testnum] = 0; } else { pkey_print_message("verify", "dsa", - dsa_c[testnum][1], dsa_bits[testnum], DSA_SECONDS); + dsa_c[testnum][1], dsa_bits[testnum], + seconds.dsa); Time_F(START); count = run_benchmark(async_jobs, DSA_verify_loop, loopargs); d = Time_F(STOP); BIO_printf(bio_err, - mr ? "+R4:%ld:%d:%.2f\n" - : "%ld %d bit DSA verify in %.2fs\n", + mr ? "+R4:%ld:%u:%.2f\n" + : "%ld %u bits DSA verify in %.2fs\n", count, dsa_bits[testnum], d); - dsa_results[testnum][1] = d / (double)count; + dsa_results[testnum][1] = (double)count / d; } if (rsa_count <= 1) { @@ -2463,16 +2818,14 @@ int speed_main(int argc, char **argv) #endif /* OPENSSL_NO_DSA */ #ifndef OPENSSL_NO_EC - if (RAND_status() != 1) { - RAND_seed(rnd_seed, sizeof(rnd_seed)); - } for (testnum = 0; testnum < ECDSA_NUM; testnum++) { int st = 1; if (!ecdsa_doit[testnum]) continue; /* Ignore Curve */ for (i = 0; i < loopargs_len; i++) { - loopargs[i].ecdsa[testnum] = EC_KEY_new_by_curve_name(test_curves[testnum]); + loopargs[i].ecdsa[testnum] = + EC_KEY_new_by_curve_name(test_curves[testnum].nid); if (loopargs[i].ecdsa[testnum] == NULL) { st = 0; break; @@ -2488,7 +2841,8 @@ int speed_main(int argc, char **argv) /* Perform ECDSA signature test */ EC_KEY_generate_key(loopargs[i].ecdsa[testnum]); st = ECDSA_sign(0, loopargs[i].buf, 20, loopargs[i].buf2, - &loopargs[i].siglen, loopargs[i].ecdsa[testnum]); + &loopargs[i].siglen, + loopargs[i].ecdsa[testnum]); if (st == 0) break; } @@ -2500,23 +2854,24 @@ int speed_main(int argc, char **argv) } else { pkey_print_message("sign", "ecdsa", ecdsa_c[testnum][0], - test_curves_bits[testnum], ECDSA_SECONDS); + test_curves[testnum].bits, seconds.ecdsa); Time_F(START); count = run_benchmark(async_jobs, ECDSA_sign_loop, loopargs); d = Time_F(STOP); BIO_printf(bio_err, - mr ? "+R5:%ld:%d:%.2f\n" : - "%ld %d bit ECDSA signs in %.2fs \n", - count, test_curves_bits[testnum], d); - ecdsa_results[testnum][0] = d / (double)count; + mr ? "+R5:%ld:%u:%.2f\n" : + "%ld %u bits ECDSA signs in %.2fs \n", + count, test_curves[testnum].bits, d); + ecdsa_results[testnum][0] = (double)count / d; rsa_count = count; } /* Perform ECDSA verification test */ for (i = 0; i < loopargs_len; i++) { st = ECDSA_verify(0, loopargs[i].buf, 20, loopargs[i].buf2, - loopargs[i].siglen, loopargs[i].ecdsa[testnum]); + loopargs[i].siglen, + loopargs[i].ecdsa[testnum]); if (st != 1) break; } @@ -2528,15 +2883,15 @@ int speed_main(int argc, char **argv) } else { pkey_print_message("verify", "ecdsa", ecdsa_c[testnum][1], - test_curves_bits[testnum], ECDSA_SECONDS); + test_curves[testnum].bits, seconds.ecdsa); Time_F(START); count = run_benchmark(async_jobs, ECDSA_verify_loop, loopargs); d = Time_F(STOP); BIO_printf(bio_err, - mr ? "+R6:%ld:%d:%.2f\n" - : "%ld %d bit ECDSA verify in %.2fs\n", - count, test_curves_bits[testnum], d); - ecdsa_results[testnum][1] = d / (double)count; + mr ? "+R6:%ld:%u:%.2f\n" + : "%ld %u bits ECDSA verify in %.2fs\n", + count, test_curves[testnum].bits, d); + ecdsa_results[testnum][1] = (double)count / d; } if (rsa_count <= 1) { @@ -2547,101 +2902,271 @@ int speed_main(int argc, char **argv) } } - if (RAND_status() != 1) { - RAND_seed(rnd_seed, sizeof(rnd_seed)); - } for (testnum = 0; testnum < EC_NUM; testnum++) { int ecdh_checks = 1; if (!ecdh_doit[testnum]) continue; + for (i = 0; i < loopargs_len; i++) { - loopargs[i].ecdh_a[testnum] = EC_KEY_new_by_curve_name(test_curves[testnum]); - loopargs[i].ecdh_b[testnum] = EC_KEY_new_by_curve_name(test_curves[testnum]); - if (loopargs[i].ecdh_a[testnum] == NULL || - loopargs[i].ecdh_b[testnum] == NULL) { + EVP_PKEY_CTX *kctx = NULL; + EVP_PKEY_CTX *test_ctx = NULL; + EVP_PKEY_CTX *ctx = NULL; + EVP_PKEY *key_A = NULL; + EVP_PKEY *key_B = NULL; + size_t outlen; + size_t test_outlen; + + /* Ensure that the error queue is empty */ + if (ERR_peek_error()) { + BIO_printf(bio_err, + "WARNING: the error queue contains previous unhandled errors.\n"); + ERR_print_errors(bio_err); + } + + /* Let's try to create a ctx directly from the NID: this works for + * curves like Curve25519 that are not implemented through the low + * level EC interface. + * If this fails we try creating a EVP_PKEY_EC generic param ctx, + * then we set the curve by NID before deriving the actual keygen + * ctx for that specific curve. */ + kctx = EVP_PKEY_CTX_new_id(test_curves[testnum].nid, NULL); /* keygen ctx from NID */ + if (!kctx) { + EVP_PKEY_CTX *pctx = NULL; + EVP_PKEY *params = NULL; + + /* If we reach this code EVP_PKEY_CTX_new_id() failed and a + * "int_ctx_new:unsupported algorithm" error was added to the + * error queue. + * We remove it from the error queue as we are handling it. */ + unsigned long error = ERR_peek_error(); /* peek the latest error in the queue */ + if (error == ERR_peek_last_error() && /* oldest and latest errors match */ + /* check that the error origin matches */ + ERR_GET_LIB(error) == ERR_LIB_EVP && + ERR_GET_FUNC(error) == EVP_F_INT_CTX_NEW && + ERR_GET_REASON(error) == EVP_R_UNSUPPORTED_ALGORITHM) + ERR_get_error(); /* pop error from queue */ + if (ERR_peek_error()) { + BIO_printf(bio_err, + "Unhandled error in the error queue during ECDH init.\n"); + ERR_print_errors(bio_err); + rsa_count = 1; + break; + } + + if ( /* Create the context for parameter generation */ + !(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL)) || + /* Initialise the parameter generation */ + !EVP_PKEY_paramgen_init(pctx) || + /* Set the curve by NID */ + !EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, + test_curves + [testnum].nid) || + /* Create the parameter object params */ + !EVP_PKEY_paramgen(pctx, ¶ms)) { + ecdh_checks = 0; + BIO_printf(bio_err, "ECDH EC params init failure.\n"); + ERR_print_errors(bio_err); + rsa_count = 1; + break; + } + /* Create the context for the key generation */ + kctx = EVP_PKEY_CTX_new(params, NULL); + + EVP_PKEY_free(params); + params = NULL; + EVP_PKEY_CTX_free(pctx); + pctx = NULL; + } + if (kctx == NULL || /* keygen ctx is not null */ + !EVP_PKEY_keygen_init(kctx) /* init keygen ctx */ ) { + ecdh_checks = 0; + BIO_printf(bio_err, "ECDH keygen failure.\n"); + ERR_print_errors(bio_err); + rsa_count = 1; + break; + } + + if (!EVP_PKEY_keygen(kctx, &key_A) || /* generate secret key A */ + !EVP_PKEY_keygen(kctx, &key_B) || /* generate secret key B */ + !(ctx = EVP_PKEY_CTX_new(key_A, NULL)) || /* derivation ctx from skeyA */ + !EVP_PKEY_derive_init(ctx) || /* init derivation ctx */ + !EVP_PKEY_derive_set_peer(ctx, key_B) || /* set peer pubkey in ctx */ + !EVP_PKEY_derive(ctx, NULL, &outlen) || /* determine max length */ + outlen == 0 || /* ensure outlen is a valid size */ + outlen > MAX_ECDH_SIZE /* avoid buffer overflow */ ) { + ecdh_checks = 0; + BIO_printf(bio_err, "ECDH key generation failure.\n"); + ERR_print_errors(bio_err); + rsa_count = 1; + break; + } + + /* Here we perform a test run, comparing the output of a*B and b*A; + * we try this here and assume that further EVP_PKEY_derive calls + * never fail, so we can skip checks in the actually benchmarked + * code, for maximum performance. */ + if (!(test_ctx = EVP_PKEY_CTX_new(key_B, NULL)) || /* test ctx from skeyB */ + !EVP_PKEY_derive_init(test_ctx) || /* init derivation test_ctx */ + !EVP_PKEY_derive_set_peer(test_ctx, key_A) || /* set peer pubkey in test_ctx */ + !EVP_PKEY_derive(test_ctx, NULL, &test_outlen) || /* determine max length */ + !EVP_PKEY_derive(ctx, loopargs[i].secret_a, &outlen) || /* compute a*B */ + !EVP_PKEY_derive(test_ctx, loopargs[i].secret_b, &test_outlen) || /* compute b*A */ + test_outlen != outlen /* compare output length */ ) { ecdh_checks = 0; + BIO_printf(bio_err, "ECDH computation failure.\n"); + ERR_print_errors(bio_err); + rsa_count = 1; + break; + } + + /* Compare the computation results: CRYPTO_memcmp() returns 0 if equal */ + if (CRYPTO_memcmp(loopargs[i].secret_a, + loopargs[i].secret_b, outlen)) { + ecdh_checks = 0; + BIO_printf(bio_err, "ECDH computations don't match.\n"); + ERR_print_errors(bio_err); + rsa_count = 1; + break; + } + + loopargs[i].ecdh_ctx[testnum] = ctx; + loopargs[i].outlen[testnum] = outlen; + + EVP_PKEY_free(key_A); + EVP_PKEY_free(key_B); + EVP_PKEY_CTX_free(kctx); + kctx = NULL; + EVP_PKEY_CTX_free(test_ctx); + test_ctx = NULL; + } + if (ecdh_checks != 0) { + pkey_print_message("", "ecdh", + ecdh_c[testnum][0], + test_curves[testnum].bits, seconds.ecdh); + Time_F(START); + count = + run_benchmark(async_jobs, ECDH_EVP_derive_key_loop, loopargs); + d = Time_F(STOP); + BIO_printf(bio_err, + mr ? "+R7:%ld:%d:%.2f\n" : + "%ld %u-bits ECDH ops in %.2fs\n", count, + test_curves[testnum].bits, d); + ecdh_results[testnum][0] = (double)count / d; + rsa_count = count; + } + + if (rsa_count <= 1) { + /* if longer than 10s, don't do any more */ + for (testnum++; testnum < OSSL_NELEM(ecdh_doit); testnum++) + ecdh_doit[testnum] = 0; + } + } + + for (testnum = 0; testnum < EdDSA_NUM; testnum++) { + int st = 1; + EVP_PKEY *ed_pkey = NULL; + EVP_PKEY_CTX *ed_pctx = NULL; + + if (!eddsa_doit[testnum]) + continue; /* Ignore Curve */ + for (i = 0; i < loopargs_len; i++) { + loopargs[i].eddsa_ctx[testnum] = EVP_MD_CTX_new(); + if (loopargs[i].eddsa_ctx[testnum] == NULL) { + st = 0; break; } + + if ((ed_pctx = EVP_PKEY_CTX_new_id(test_ed_curves[testnum].nid, NULL)) + == NULL + || !EVP_PKEY_keygen_init(ed_pctx) + || !EVP_PKEY_keygen(ed_pctx, &ed_pkey)) { + st = 0; + EVP_PKEY_CTX_free(ed_pctx); + break; + } + EVP_PKEY_CTX_free(ed_pctx); + + if (!EVP_DigestSignInit(loopargs[i].eddsa_ctx[testnum], NULL, NULL, + NULL, ed_pkey)) { + st = 0; + EVP_PKEY_free(ed_pkey); + break; + } + EVP_PKEY_free(ed_pkey); } - if (ecdh_checks == 0) { - BIO_printf(bio_err, "ECDH failure.\n"); + if (st == 0) { + BIO_printf(bio_err, "EdDSA failure.\n"); ERR_print_errors(bio_err); rsa_count = 1; } else { for (i = 0; i < loopargs_len; i++) { - /* generate two ECDH key pairs */ - if (!EC_KEY_generate_key(loopargs[i].ecdh_a[testnum]) || - !EC_KEY_generate_key(loopargs[i].ecdh_b[testnum])) { - BIO_printf(bio_err, "ECDH key generation failure.\n"); - ERR_print_errors(bio_err); - ecdh_checks = 0; - rsa_count = 1; - } else { - int secret_size_a, secret_size_b, j; - /* - * If field size is not more than 24 octets, then use SHA-1 - * hash of result; otherwise, use result (see section 4.8 of - * draft-ietf-tls-ecc-03.txt). - */ - int field_size = EC_GROUP_get_degree( - EC_KEY_get0_group(loopargs[i].ecdh_a[testnum])); - - if (field_size <= 24 * 8) { /* 192 bits */ - loopargs[i].outlen = KDF1_SHA1_len; - loopargs[i].kdf = KDF1_SHA1; - } else { - loopargs[i].outlen = (field_size + 7) / 8; - loopargs[i].kdf = NULL; - } - secret_size_a = - ECDH_compute_key(loopargs[i].secret_a, loopargs[i].outlen, - EC_KEY_get0_public_key(loopargs[i].ecdh_b[testnum]), - loopargs[i].ecdh_a[testnum], loopargs[i].kdf); - secret_size_b = - ECDH_compute_key(loopargs[i].secret_b, loopargs[i].outlen, - EC_KEY_get0_public_key(loopargs[i].ecdh_a[testnum]), - loopargs[i].ecdh_b[testnum], loopargs[i].kdf); - if (secret_size_a != secret_size_b) - ecdh_checks = 0; - else - ecdh_checks = 1; - - for (j = 0; j < secret_size_a && ecdh_checks == 1; j++) { - if (loopargs[i].secret_a[j] != loopargs[i].secret_b[j]) - ecdh_checks = 0; - } - - if (ecdh_checks == 0) { - BIO_printf(bio_err, "ECDH computations don't match.\n"); - ERR_print_errors(bio_err); - rsa_count = 1; - break; - } - } + /* Perform EdDSA signature test */ + loopargs[i].sigsize = test_ed_curves[testnum].sigsize; + st = EVP_DigestSign(loopargs[i].eddsa_ctx[testnum], + loopargs[i].buf2, &loopargs[i].sigsize, + loopargs[i].buf, 20); + if (st == 0) + break; } - if (ecdh_checks != 0) { - pkey_print_message("", "ecdh", - ecdh_c[testnum][0], - test_curves_bits[testnum], ECDH_SECONDS); + if (st == 0) { + BIO_printf(bio_err, + "EdDSA sign failure. No EdDSA sign will be done.\n"); + ERR_print_errors(bio_err); + rsa_count = 1; + } else { + pkey_print_message("sign", test_ed_curves[testnum].name, + eddsa_c[testnum][0], + test_ed_curves[testnum].bits, seconds.eddsa); Time_F(START); - count = run_benchmark(async_jobs, ECDH_compute_key_loop, loopargs); + count = run_benchmark(async_jobs, EdDSA_sign_loop, loopargs); d = Time_F(STOP); + BIO_printf(bio_err, - mr ? "+R7:%ld:%d:%.2f\n" : - "%ld %d-bit ECDH ops in %.2fs\n", count, - test_curves_bits[testnum], d); - ecdh_results[testnum][0] = d / (double)count; + mr ? "+R8:%ld:%u:%s:%.2f\n" : + "%ld %u bits %s signs in %.2fs \n", + count, test_ed_curves[testnum].bits, + test_ed_curves[testnum].name, d); + eddsa_results[testnum][0] = (double)count / d; rsa_count = count; } - } - if (rsa_count <= 1) { - /* if longer than 10s, don't do any more */ - for (testnum++; testnum < OSSL_NELEM(ecdh_doit); testnum++) - ecdh_doit[testnum] = 0; + /* Perform EdDSA verification test */ + for (i = 0; i < loopargs_len; i++) { + st = EVP_DigestVerify(loopargs[i].eddsa_ctx[testnum], + loopargs[i].buf2, loopargs[i].sigsize, + loopargs[i].buf, 20); + if (st != 1) + break; + } + if (st != 1) { + BIO_printf(bio_err, + "EdDSA verify failure. No EdDSA verify will be done.\n"); + ERR_print_errors(bio_err); + eddsa_doit[testnum] = 0; + } else { + pkey_print_message("verify", test_ed_curves[testnum].name, + eddsa_c[testnum][1], + test_ed_curves[testnum].bits, seconds.eddsa); + Time_F(START); + count = run_benchmark(async_jobs, EdDSA_verify_loop, loopargs); + d = Time_F(STOP); + BIO_printf(bio_err, + mr ? "+R9:%ld:%u:%s:%.2f\n" + : "%ld %u bits %s verify in %.2fs\n", + count, test_ed_curves[testnum].bits, + test_ed_curves[testnum].name, d); + eddsa_results[testnum][1] = (double)count / d; + } + + if (rsa_count <= 1) { + /* if longer than 10s, don't do any more */ + for (testnum++; testnum < EdDSA_NUM; testnum++) + eddsa_doit[testnum] = 0; + } } } + #endif /* OPENSSL_NO_EC */ #ifndef NO_FORK show_res: @@ -2678,7 +3203,7 @@ int speed_main(int argc, char **argv) ("The 'numbers' are in 1000s of bytes per second processed.\n"); printf("type "); } - for (testnum = 0; testnum < SIZE_NUM; testnum++) + for (testnum = 0; testnum < size_num; testnum++) printf(mr ? ":%d" : "%7d bytes", lengths[testnum]); printf("\n"); } @@ -2690,7 +3215,7 @@ int speed_main(int argc, char **argv) printf("+F:%u:%s", k, names[k]); else printf("%-13s", names[k]); - for (testnum = 0; testnum < SIZE_NUM; testnum++) { + for (testnum = 0; testnum < size_num; testnum++) { if (results[k][testnum] > 10000 && !mr) printf(" %11.2fk", results[k][testnum] / 1e3); else @@ -2712,8 +3237,8 @@ int speed_main(int argc, char **argv) k, rsa_bits[k], rsa_results[k][0], rsa_results[k][1]); else printf("rsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n", - rsa_bits[k], rsa_results[k][0], rsa_results[k][1], - 1.0 / rsa_results[k][0], 1.0 / rsa_results[k][1]); + rsa_bits[k], 1.0 / rsa_results[k][0], 1.0 / rsa_results[k][1], + rsa_results[k][0], rsa_results[k][1]); } #endif #ifndef OPENSSL_NO_DSA @@ -2730,8 +3255,8 @@ int speed_main(int argc, char **argv) k, dsa_bits[k], dsa_results[k][0], dsa_results[k][1]); else printf("dsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n", - dsa_bits[k], dsa_results[k][0], dsa_results[k][1], - 1.0 / dsa_results[k][0], 1.0 / dsa_results[k][1]); + dsa_bits[k], 1.0 / dsa_results[k][0], 1.0 / dsa_results[k][1], + dsa_results[k][0], dsa_results[k][1]); } #endif #ifndef OPENSSL_NO_EC @@ -2746,14 +3271,13 @@ int speed_main(int argc, char **argv) if (mr) printf("+F4:%u:%u:%f:%f\n", - k, test_curves_bits[k], + k, test_curves[k].bits, ecdsa_results[k][0], ecdsa_results[k][1]); else - printf("%4u bit ecdsa (%s) %8.4fs %8.4fs %8.1f %8.1f\n", - test_curves_bits[k], - test_curves_names[k], - ecdsa_results[k][0], ecdsa_results[k][1], - 1.0 / ecdsa_results[k][0], 1.0 / ecdsa_results[k][1]); + printf("%4u bits ecdsa (%s) %8.4fs %8.4fs %8.1f %8.1f\n", + test_curves[k].bits, test_curves[k].name, + 1.0 / ecdsa_results[k][0], 1.0 / ecdsa_results[k][1], + ecdsa_results[k][0], ecdsa_results[k][1]); } testnum = 1; @@ -2766,14 +3290,33 @@ int speed_main(int argc, char **argv) } if (mr) printf("+F5:%u:%u:%f:%f\n", - k, test_curves_bits[k], + k, test_curves[k].bits, ecdh_results[k][0], 1.0 / ecdh_results[k][0]); else - printf("%4u bit ecdh (%s) %8.4fs %8.1f\n", - test_curves_bits[k], - test_curves_names[k], - ecdh_results[k][0], 1.0 / ecdh_results[k][0]); + printf("%4u bits ecdh (%s) %8.4fs %8.1f\n", + test_curves[k].bits, test_curves[k].name, + 1.0 / ecdh_results[k][0], ecdh_results[k][0]); + } + + testnum = 1; + for (k = 0; k < OSSL_NELEM(eddsa_doit); k++) { + if (!eddsa_doit[k]) + continue; + if (testnum && !mr) { + printf("%30ssign verify sign/s verify/s\n", " "); + testnum = 0; + } + + if (mr) + printf("+F6:%u:%u:%s:%f:%f\n", + k, test_ed_curves[k].bits, test_ed_curves[k].name, + eddsa_results[k][0], eddsa_results[k][1]); + else + printf("%4u bits EdDSA (%s) %8.4fs %8.4fs %8.1f %8.1f\n", + test_ed_curves[k].bits, test_ed_curves[k].name, + 1.0 / eddsa_results[k][0], 1.0 / eddsa_results[k][1], + eddsa_results[k][0], eddsa_results[k][1]); } #endif @@ -2796,10 +3339,10 @@ int speed_main(int argc, char **argv) #ifndef OPENSSL_NO_EC for (k = 0; k < ECDSA_NUM; k++) EC_KEY_free(loopargs[i].ecdsa[k]); - for (k = 0; k < EC_NUM; k++) { - EC_KEY_free(loopargs[i].ecdh_a[k]); - EC_KEY_free(loopargs[i].ecdh_b[k]); - } + for (k = 0; k < EC_NUM; k++) + EVP_PKEY_CTX_free(loopargs[i].ecdh_ctx[k]); + for (k = 0; k < EdDSA_NUM; k++) + EVP_MD_CTX_free(loopargs[i].eddsa_ctx[k]); OPENSSL_free(loopargs[i].secret_a); OPENSSL_free(loopargs[i].secret_b); #endif @@ -2815,17 +3358,17 @@ int speed_main(int argc, char **argv) } OPENSSL_free(loopargs); release_engine(e); - return (ret); + return ret; } -static void print_message(const char *s, long num, int length) +static void print_message(const char *s, long num, int length, int tm) { #ifdef SIGALRM BIO_printf(bio_err, mr ? "+DT:%s:%d:%d\n" - : "Doing %s for %ds on %d size blocks: ", s, SECONDS, length); + : "Doing %s for %ds on %d size blocks: ", s, tm, length); (void)BIO_flush(bio_err); - alarm(SECONDS); + alarm(tm); #else BIO_printf(bio_err, mr ? "+DN:%s:%ld:%d\n" @@ -2835,18 +3378,18 @@ static void print_message(const char *s, long num, int length) } static void pkey_print_message(const char *str, const char *str2, long num, - int bits, int tm) + unsigned int bits, int tm) { #ifdef SIGALRM BIO_printf(bio_err, mr ? "+DTP:%d:%s:%s:%d\n" - : "Doing %d bit %s %s's for %ds: ", bits, str, str2, tm); + : "Doing %u bits %s %s's for %ds: ", bits, str, str2, tm); (void)BIO_flush(bio_err); alarm(tm); #else BIO_printf(bio_err, mr ? "+DNP:%ld:%d:%s:%s\n" - : "Doing %ld %d bit %s %s's: ", num, bits, str, str2); + : "Doing %ld %u bits %s %s's: ", num, bits, str, str2); (void)BIO_flush(bio_err); #endif } @@ -2892,14 +3435,14 @@ static char *sstrsep(char **string, const char *delim) return token; } -static int do_multi(int multi) +static int do_multi(int multi, int size_num) { int n; int fd[2]; int *fds; static char sep[] = ":"; - fds = malloc(sizeof(*fds) * multi); + fds = app_malloc(sizeof(*fds) * multi, "fd buffer for do_multi"); for (n = 0; n < multi; ++n) { if (pipe(fd) == -1) { BIO_printf(bio_err, "pipe failure\n"); @@ -2938,19 +3481,20 @@ static int do_multi(int multi) if (p) *p = '\0'; if (buf[0] != '+') { - BIO_printf(bio_err, "Don't understand line '%s' from child %d\n", - buf, n); + BIO_printf(bio_err, + "Don't understand line '%s' from child %d\n", buf, + n); continue; } printf("Got: %s from %d\n", buf, n); if (strncmp(buf, "+F:", 3) == 0) { int alg; - unsigned int j; + int j; p = buf + 3; alg = atoi(sstrsep(&p, sep)); sstrsep(&p, sep); - for (j = 0; j < SIZE_NUM; ++j) + for (j = 0; j < size_num; ++j) results[alg][j] += atof(sstrsep(&p, sep)); } else if (strncmp(buf, "+F2:", 4) == 0) { int k; @@ -2961,16 +3505,10 @@ static int do_multi(int multi) sstrsep(&p, sep); d = atof(sstrsep(&p, sep)); - if (n) - rsa_results[k][0] = 1 / (1 / rsa_results[k][0] + 1 / d); - else - rsa_results[k][0] = d; + rsa_results[k][0] += d; d = atof(sstrsep(&p, sep)); - if (n) - rsa_results[k][1] = 1 / (1 / rsa_results[k][1] + 1 / d); - else - rsa_results[k][1] = d; + rsa_results[k][1] += d; } # ifndef OPENSSL_NO_DSA else if (strncmp(buf, "+F3:", 4) == 0) { @@ -2982,16 +3520,10 @@ static int do_multi(int multi) sstrsep(&p, sep); d = atof(sstrsep(&p, sep)); - if (n) - dsa_results[k][0] = 1 / (1 / dsa_results[k][0] + 1 / d); - else - dsa_results[k][0] = d; + dsa_results[k][0] += d; d = atof(sstrsep(&p, sep)); - if (n) - dsa_results[k][1] = 1 / (1 / dsa_results[k][1] + 1 / d); - else - dsa_results[k][1] = d; + dsa_results[k][1] += d; } # endif # ifndef OPENSSL_NO_EC @@ -3004,18 +3536,10 @@ static int do_multi(int multi) sstrsep(&p, sep); d = atof(sstrsep(&p, sep)); - if (n) - ecdsa_results[k][0] = - 1 / (1 / ecdsa_results[k][0] + 1 / d); - else - ecdsa_results[k][0] = d; + ecdsa_results[k][0] += d; d = atof(sstrsep(&p, sep)); - if (n) - ecdsa_results[k][1] = - 1 / (1 / ecdsa_results[k][1] + 1 / d); - else - ecdsa_results[k][1] = d; + ecdsa_results[k][1] += d; } else if (strncmp(buf, "+F5:", 4) == 0) { int k; double d; @@ -3025,18 +3549,28 @@ static int do_multi(int multi) sstrsep(&p, sep); d = atof(sstrsep(&p, sep)); - if (n) - ecdh_results[k][0] = 1 / (1 / ecdh_results[k][0] + 1 / d); - else - ecdh_results[k][0] = d; + ecdh_results[k][0] += d; + } else if (strncmp(buf, "+F6:", 4) == 0) { + int k; + double d; + p = buf + 4; + k = atoi(sstrsep(&p, sep)); + sstrsep(&p, sep); + + d = atof(sstrsep(&p, sep)); + eddsa_results[k][0] += d; + + d = atof(sstrsep(&p, sep)); + eddsa_results[k][1] += d; } # endif else if (strncmp(buf, "+H:", 3) == 0) { ; } else - BIO_printf(bio_err, "Unknown type '%s' from child %d\n", buf, n); + BIO_printf(bio_err, "Unknown type '%s' from child %d\n", buf, + n); } fclose(f); @@ -3046,26 +3580,39 @@ static int do_multi(int multi) } #endif -static void multiblock_speed(const EVP_CIPHER *evp_cipher) +static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single, + const openssl_speed_sec_t *seconds) { - static int mblengths[] = + static const int mblengths_list[] = { 8 * 1024, 2 * 8 * 1024, 4 * 8 * 1024, 8 * 8 * 1024, 8 * 16 * 1024 }; - int j, count, num = OSSL_NELEM(mblengths); + const int *mblengths = mblengths_list; + int j, count, keylen, num = OSSL_NELEM(mblengths_list); const char *alg_name; - unsigned char *inp, *out, no_key[32], no_iv[16]; + unsigned char *inp, *out, *key, no_key[32], no_iv[16]; EVP_CIPHER_CTX *ctx; double d = 0.0; + if (lengths_single) { + mblengths = &lengths_single; + num = 1; + } + inp = app_malloc(mblengths[num - 1], "multiblock input buffer"); out = app_malloc(mblengths[num - 1] + 1024, "multiblock output buffer"); ctx = EVP_CIPHER_CTX_new(); - EVP_EncryptInit_ex(ctx, evp_cipher, NULL, no_key, no_iv); - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY, sizeof(no_key), - no_key); + EVP_EncryptInit_ex(ctx, evp_cipher, NULL, NULL, no_iv); + + keylen = EVP_CIPHER_CTX_key_length(ctx); + key = app_malloc(keylen, "evp_cipher key"); + EVP_CIPHER_CTX_rand_key(ctx, key); + EVP_EncryptInit_ex(ctx, NULL, NULL, key, NULL); + OPENSSL_clear_free(key, keylen); + + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY, sizeof(no_key), no_key); alg_name = OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher)); for (j = 0; j < num; j++) { - print_message(alg_name, 0, mblengths[j]); + print_message(alg_name, 0, mblengths[j], seconds->sym); Time_F(START); for (count = 0, run = 1; run && count < 0x7fffffff; count++) { unsigned char aad[EVP_AEAD_TLS1_AAD_LEN]; @@ -3098,8 +3645,8 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher) RAND_bytes(out, 16); len += 16; - aad[11] = len >> 8; - aad[12] = len; + aad[11] = (unsigned char)(len >> 8); + aad[12] = (unsigned char)(len); pad = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_TLS1_AAD, EVP_AEAD_TLS1_AAD_LEN, aad); EVP_Cipher(ctx, out, inp, len + pad); diff --git a/deps/openssl/openssl/apps/spkac.c b/deps/openssl/openssl/apps/spkac.c index 344906796764a8..f384af6eb60b0b 100644 --- a/deps/openssl/openssl/apps/spkac.c +++ b/deps/openssl/openssl/apps/spkac.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,11 +12,11 @@ #include #include #include "apps.h" +#include "progs.h" #include #include #include #include -#include #include #include @@ -24,14 +24,15 @@ typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_NOOUT, OPT_PUBKEY, OPT_VERIFY, OPT_IN, OPT_OUT, OPT_ENGINE, OPT_KEY, OPT_CHALLENGE, OPT_PASSIN, OPT_SPKAC, - OPT_SPKSECT + OPT_SPKSECT, OPT_KEYFORM } OPTION_CHOICE; -OPTIONS spkac_options[] = { +const OPTIONS spkac_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, {"in", OPT_IN, '<', "Input file"}, {"out", OPT_OUT, '>', "Output file"}, {"key", OPT_KEY, '<', "Create SPKAC using private key"}, + {"keyform", OPT_KEYFORM, 'f', "Private key file format - default PEM (PEM, DER, or ENGINE)"}, {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, {"challenge", OPT_CHALLENGE, 's', "Challenge string"}, {"spkac", OPT_SPKAC, 's', "Alternative SPKAC name"}, @@ -58,6 +59,7 @@ int spkac_main(int argc, char **argv) char *spkstr = NULL, *prog; const char *spkac = "SPKAC", *spksect = "default"; int i, ret = 1, verify = 0, noout = 0, pubkey = 0; + int keyformat = FORMAT_PEM; OPTION_CHOICE o; prog = opt_init(argc, argv, spkac_options); @@ -93,6 +95,10 @@ int spkac_main(int argc, char **argv) case OPT_KEY: keyfile = opt_arg(); break; + case OPT_KEYFORM: + if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyformat)) + goto opthelp; + break; case OPT_CHALLENGE: challenge = opt_arg(); break; @@ -118,7 +124,7 @@ int spkac_main(int argc, char **argv) if (keyfile != NULL) { pkey = load_key(strcmp(keyfile, "-") ? keyfile : NULL, - FORMAT_PEM, 1, passin, e, "private key"); + keyformat, 1, passin, e, "private key"); if (pkey == NULL) goto end; spki = NETSCAPE_SPKI_new(); @@ -192,5 +198,5 @@ int spkac_main(int argc, char **argv) EVP_PKEY_free(pkey); release_engine(e); OPENSSL_free(passin); - return (ret); + return ret; } diff --git a/deps/openssl/openssl/apps/srp.c b/deps/openssl/openssl/apps/srp.c index 0ead68e8d7c61c..689574a4854c84 100644 --- a/deps/openssl/openssl/apps/srp.c +++ b/deps/openssl/openssl/apps/srp.c @@ -1,10 +1,14 @@ /* * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2004, EdelKey Project. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html + * + * Originally written by Christophe Renou and Peter Sylvester, + * for the EdelKey project. */ #include @@ -22,11 +26,11 @@ NON_EMPTY_TRANSLATION_UNIT # include # include # include "apps.h" +# include "progs.h" # define BASE_SECTION "srp" # define CONFIG_FILE "openssl.cnf" -# define ENV_RANDFILE "RANDFILE" # define ENV_DATABASE "srpvfile" # define ENV_DEFAULT_SRP "default_srp" @@ -139,8 +143,8 @@ static char *srp_verify_user(const char *user, const char *srp_verifier, BIO_printf(bio_err, "Pass %s\n", password); OPENSSL_assert(srp_usersalt != NULL); - if (!(gNid = SRP_create_verifier(user, password, &srp_usersalt, - &verifier, N, g)) ) { + if ((gNid = SRP_create_verifier(user, password, &srp_usersalt, + &verifier, N, g)) == NULL) { BIO_printf(bio_err, "Internal error validating SRP verifier\n"); } else { if (strcmp(verifier, srp_verifier)) @@ -170,8 +174,8 @@ static char *srp_create_user(char *user, char **srp_verifier, if (verbose) BIO_printf(bio_err, "Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n", user, g, N); - if (!(gNid = SRP_create_verifier(user, password, &salt, - srp_verifier, N, g)) ) { + if ((gNid = SRP_create_verifier(user, password, &salt, + srp_verifier, N, g)) == NULL) { BIO_printf(bio_err, "Internal error creating SRP verifier\n"); } else { *srp_usersalt = salt; @@ -189,10 +193,10 @@ typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_VERBOSE, OPT_CONFIG, OPT_NAME, OPT_SRPVFILE, OPT_ADD, OPT_DELETE, OPT_MODIFY, OPT_LIST, OPT_GN, OPT_USERINFO, - OPT_PASSIN, OPT_PASSOUT, OPT_ENGINE + OPT_PASSIN, OPT_PASSOUT, OPT_ENGINE, OPT_R_ENUM } OPTION_CHOICE; -OPTIONS srp_options[] = { +const OPTIONS srp_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, {"verbose", OPT_VERBOSE, '-', "Talk a lot while doing things"}, {"config", OPT_CONFIG, '<', "A config file"}, @@ -207,6 +211,7 @@ OPTIONS srp_options[] = { {"userinfo", OPT_USERINFO, 's', "Additional info to be set for user"}, {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, + OPT_R_OPTIONS, # ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, # endif @@ -222,7 +227,7 @@ int srp_main(int argc, char **argv) int doupdatedb = 0, mode = OPT_ERR; char *user = NULL, *passinarg = NULL, *passoutarg = NULL; char *passin = NULL, *passout = NULL, *gN = NULL, *userinfo = NULL; - char *randfile = NULL, *section = NULL; + char *section = NULL; char **gNrow = NULL, *configfile = NULL; char *srpvfile = NULL, **pp, *prog; OPTION_CHOICE o; @@ -278,12 +283,16 @@ int srp_main(int argc, char **argv) case OPT_ENGINE: e = setup_engine(opt_arg(), 0); break; + case OPT_R_CASES: + if (!opt_rand(o)) + goto end; + break; } } argc = opt_num_rest(); argv = opt_rest(); - if (srpvfile && configfile) { + if (srpvfile != NULL && configfile != NULL) { BIO_printf(bio_err, "-srpvfile and -configfile cannot be specified together.\n"); goto end; @@ -300,7 +309,7 @@ int srp_main(int argc, char **argv) } user = *argv++; } - if ((passinarg || passoutarg) && argc != 1) { + if ((passinarg != NULL || passoutarg != NULL) && argc != 1) { BIO_printf(bio_err, "-passin, -passout arguments only valid with one user.\n"); goto opthelp; @@ -311,8 +320,8 @@ int srp_main(int argc, char **argv) goto end; } - if (!srpvfile) { - if (!configfile) + if (srpvfile == NULL) { + if (configfile == NULL) configfile = default_config_file; if (verbose) @@ -336,8 +345,7 @@ int srp_main(int argc, char **argv) goto end; } - if (randfile == NULL) - randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE"); + app_RAND_load_conf(conf, BASE_SECTION); if (verbose) BIO_printf(bio_err, @@ -348,10 +356,6 @@ int srp_main(int argc, char **argv) if (srpvfile == NULL) goto end; } - if (randfile == NULL) - ERR_clear_error(); - else - app_RAND_load_file(randfile, 0); if (verbose) BIO_printf(bio_err, "Trying to read SRP verifier file \"%s\"\n", @@ -397,17 +401,15 @@ int srp_main(int argc, char **argv) if (user != NULL && verbose > 1) BIO_printf(bio_err, "Processing user \"%s\"\n", user); - if ((userindex = get_index(db, user, 'U')) >= 0) { + if ((userindex = get_index(db, user, 'U')) >= 0) print_user(db, userindex, (verbose > 0) || mode == OPT_LIST); - } if (mode == OPT_LIST) { if (user == NULL) { BIO_printf(bio_err, "List all users\n"); - for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { + for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) print_user(db, i, 1); - } } else if (userindex < 0) { BIO_printf(bio_err, "user \"%s\" does not exist, ignored. t\n", user); @@ -603,11 +605,9 @@ int srp_main(int argc, char **argv) OPENSSL_free(passout); if (ret) ERR_print_errors(bio_err); - if (randfile) - app_RAND_write_file(randfile); NCONF_free(conf); free_index(db); release_engine(e); - return (ret); + return ret; } #endif diff --git a/deps/openssl/openssl/apps/storeutl.c b/deps/openssl/openssl/apps/storeutl.c new file mode 100644 index 00000000000000..50007f6e8b69ee --- /dev/null +++ b/deps/openssl/openssl/apps/storeutl.c @@ -0,0 +1,473 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +#include "apps.h" +#include "progs.h" +#include +#include +#include +#include /* s2i_ASN1_INTEGER */ + +static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata, + int expected, int criterion, OSSL_STORE_SEARCH *search, + int text, int noout, int recursive, int indent, BIO *out, + const char *prog); + +typedef enum OPTION_choice { + OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ENGINE, OPT_OUT, OPT_PASSIN, + OPT_NOOUT, OPT_TEXT, OPT_RECURSIVE, + OPT_SEARCHFOR_CERTS, OPT_SEARCHFOR_KEYS, OPT_SEARCHFOR_CRLS, + OPT_CRITERION_SUBJECT, OPT_CRITERION_ISSUER, OPT_CRITERION_SERIAL, + OPT_CRITERION_FINGERPRINT, OPT_CRITERION_ALIAS, + OPT_MD +} OPTION_CHOICE; + +const OPTIONS storeutl_options[] = { + {OPT_HELP_STR, 1, '-', "Usage: %s [options] uri\nValid options are:\n"}, + {"help", OPT_HELP, '-', "Display this summary"}, + {"out", OPT_OUT, '>', "Output file - default stdout"}, + {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, + {"text", OPT_TEXT, '-', "Print a text form of the objects"}, + {"noout", OPT_NOOUT, '-', "No PEM output, just status"}, + {"certs", OPT_SEARCHFOR_CERTS, '-', "Search for certificates only"}, + {"keys", OPT_SEARCHFOR_KEYS, '-', "Search for keys only"}, + {"crls", OPT_SEARCHFOR_CRLS, '-', "Search for CRLs only"}, + {"subject", OPT_CRITERION_SUBJECT, 's', "Search by subject"}, + {"issuer", OPT_CRITERION_ISSUER, 's', "Search by issuer and serial, issuer name"}, + {"serial", OPT_CRITERION_SERIAL, 's', "Search by issuer and serial, serial number"}, + {"fingerprint", OPT_CRITERION_FINGERPRINT, 's', "Search by public key fingerprint, given in hex"}, + {"alias", OPT_CRITERION_ALIAS, 's', "Search by alias"}, + {"", OPT_MD, '-', "Any supported digest"}, +#ifndef OPENSSL_NO_ENGINE + {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, +#endif + {"r", OPT_RECURSIVE, '-', "Recurse through names"}, + {NULL} +}; + +int storeutl_main(int argc, char *argv[]) +{ + int ret = 1, noout = 0, text = 0, recursive = 0; + char *outfile = NULL, *passin = NULL, *passinarg = NULL; + BIO *out = NULL; + ENGINE *e = NULL; + OPTION_CHOICE o; + char *prog = opt_init(argc, argv, storeutl_options); + PW_CB_DATA pw_cb_data; + int expected = 0; + int criterion = 0; + X509_NAME *subject = NULL, *issuer = NULL; + ASN1_INTEGER *serial = NULL; + unsigned char *fingerprint = NULL; + size_t fingerprintlen = 0; + char *alias = NULL; + OSSL_STORE_SEARCH *search = NULL; + const EVP_MD *digest = NULL; + + while ((o = opt_next()) != OPT_EOF) { + switch (o) { + case OPT_EOF: + case OPT_ERR: + opthelp: + BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); + goto end; + case OPT_HELP: + opt_help(storeutl_options); + ret = 0; + goto end; + case OPT_OUT: + outfile = opt_arg(); + break; + case OPT_PASSIN: + passinarg = opt_arg(); + break; + case OPT_NOOUT: + noout = 1; + break; + case OPT_TEXT: + text = 1; + break; + case OPT_RECURSIVE: + recursive = 1; + break; + case OPT_SEARCHFOR_CERTS: + case OPT_SEARCHFOR_KEYS: + case OPT_SEARCHFOR_CRLS: + if (expected != 0) { + BIO_printf(bio_err, "%s: only one search type can be given.\n", + prog); + goto end; + } + { + static const struct { + enum OPTION_choice choice; + int type; + } map[] = { + {OPT_SEARCHFOR_CERTS, OSSL_STORE_INFO_CERT}, + {OPT_SEARCHFOR_KEYS, OSSL_STORE_INFO_PKEY}, + {OPT_SEARCHFOR_CRLS, OSSL_STORE_INFO_CRL}, + }; + size_t i; + + for (i = 0; i < OSSL_NELEM(map); i++) { + if (o == map[i].choice) { + expected = map[i].type; + break; + } + } + /* + * If expected wasn't set at this point, it means the map + * isn't syncronised with the possible options leading here. + */ + OPENSSL_assert(expected != 0); + } + break; + case OPT_CRITERION_SUBJECT: + if (criterion != 0) { + BIO_printf(bio_err, "%s: criterion already given.\n", + prog); + goto end; + } + criterion = OSSL_STORE_SEARCH_BY_NAME; + if (subject != NULL) { + BIO_printf(bio_err, "%s: subject already given.\n", + prog); + goto end; + } + if ((subject = parse_name(opt_arg(), MBSTRING_UTF8, 1)) == NULL) { + BIO_printf(bio_err, "%s: can't parse subject argument.\n", + prog); + goto end; + } + break; + case OPT_CRITERION_ISSUER: + if (criterion != 0 + || (criterion == OSSL_STORE_SEARCH_BY_ISSUER_SERIAL + && issuer != NULL)) { + BIO_printf(bio_err, "%s: criterion already given.\n", + prog); + goto end; + } + criterion = OSSL_STORE_SEARCH_BY_ISSUER_SERIAL; + if (issuer != NULL) { + BIO_printf(bio_err, "%s: issuer already given.\n", + prog); + goto end; + } + if ((issuer = parse_name(opt_arg(), MBSTRING_UTF8, 1)) == NULL) { + BIO_printf(bio_err, "%s: can't parse issuer argument.\n", + prog); + goto end; + } + break; + case OPT_CRITERION_SERIAL: + if (criterion != 0 + || (criterion == OSSL_STORE_SEARCH_BY_ISSUER_SERIAL + && serial != NULL)) { + BIO_printf(bio_err, "%s: criterion already given.\n", + prog); + goto end; + } + criterion = OSSL_STORE_SEARCH_BY_ISSUER_SERIAL; + if (serial != NULL) { + BIO_printf(bio_err, "%s: serial number already given.\n", + prog); + goto end; + } + if ((serial = s2i_ASN1_INTEGER(NULL, opt_arg())) == NULL) { + BIO_printf(bio_err, "%s: can't parse serial number argument.\n", + prog); + goto end; + } + break; + case OPT_CRITERION_FINGERPRINT: + if (criterion != 0 + || (criterion == OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT + && fingerprint != NULL)) { + BIO_printf(bio_err, "%s: criterion already given.\n", + prog); + goto end; + } + criterion = OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT; + if (fingerprint != NULL) { + BIO_printf(bio_err, "%s: fingerprint already given.\n", + prog); + goto end; + } + { + long tmplen = 0; + + if ((fingerprint = OPENSSL_hexstr2buf(opt_arg(), &tmplen)) + == NULL) { + BIO_printf(bio_err, + "%s: can't parse fingerprint argument.\n", + prog); + goto end; + } + fingerprintlen = (size_t)tmplen; + } + break; + case OPT_CRITERION_ALIAS: + if (criterion != 0) { + BIO_printf(bio_err, "%s: criterion already given.\n", + prog); + goto end; + } + criterion = OSSL_STORE_SEARCH_BY_ALIAS; + if (alias != NULL) { + BIO_printf(bio_err, "%s: alias already given.\n", + prog); + goto end; + } + if ((alias = OPENSSL_strdup(opt_arg())) == NULL) { + BIO_printf(bio_err, "%s: can't parse alias argument.\n", + prog); + goto end; + } + break; + case OPT_ENGINE: + e = setup_engine(opt_arg(), 0); + break; + case OPT_MD: + if (!opt_md(opt_unknown(), &digest)) + goto opthelp; + } + } + argc = opt_num_rest(); + argv = opt_rest(); + + if (argc == 0) { + BIO_printf(bio_err, "%s: No URI given, nothing to do...\n", prog); + goto opthelp; + } + if (argc > 1) { + BIO_printf(bio_err, "%s: Unknown extra parameters after URI\n", prog); + goto opthelp; + } + + if (criterion != 0) { + switch (criterion) { + case OSSL_STORE_SEARCH_BY_NAME: + if ((search = OSSL_STORE_SEARCH_by_name(subject)) == NULL) { + ERR_print_errors(bio_err); + goto end; + } + break; + case OSSL_STORE_SEARCH_BY_ISSUER_SERIAL: + if (issuer == NULL || serial == NULL) { + BIO_printf(bio_err, + "%s: both -issuer and -serial must be given.\n", + prog); + goto end; + } + if ((search = OSSL_STORE_SEARCH_by_issuer_serial(issuer, serial)) + == NULL) { + ERR_print_errors(bio_err); + goto end; + } + break; + case OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT: + if ((search = OSSL_STORE_SEARCH_by_key_fingerprint(digest, + fingerprint, + fingerprintlen)) + == NULL) { + ERR_print_errors(bio_err); + goto end; + } + break; + case OSSL_STORE_SEARCH_BY_ALIAS: + if ((search = OSSL_STORE_SEARCH_by_alias(alias)) == NULL) { + ERR_print_errors(bio_err); + goto end; + } + break; + } + } + + if (!app_passwd(passinarg, NULL, &passin, NULL)) { + BIO_printf(bio_err, "Error getting passwords\n"); + goto end; + } + pw_cb_data.password = passin; + pw_cb_data.prompt_info = argv[0]; + + out = bio_open_default(outfile, 'w', FORMAT_TEXT); + if (out == NULL) + goto end; + + ret = process(argv[0], get_ui_method(), &pw_cb_data, + expected, criterion, search, + text, noout, recursive, 0, out, prog); + + end: + OPENSSL_free(fingerprint); + OPENSSL_free(alias); + ASN1_INTEGER_free(serial); + X509_NAME_free(subject); + X509_NAME_free(issuer); + OSSL_STORE_SEARCH_free(search); + BIO_free_all(out); + OPENSSL_free(passin); + release_engine(e); + return ret; +} + +static int indent_printf(int indent, BIO *bio, const char *format, ...) +{ + va_list args; + int ret; + + va_start(args, format); + + ret = BIO_printf(bio, "%*s", indent, "") + BIO_vprintf(bio, format, args); + + va_end(args); + return ret; +} + +static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata, + int expected, int criterion, OSSL_STORE_SEARCH *search, + int text, int noout, int recursive, int indent, BIO *out, + const char *prog) +{ + OSSL_STORE_CTX *store_ctx = NULL; + int ret = 1, items = 0; + + if ((store_ctx = OSSL_STORE_open(uri, uimeth, uidata, NULL, NULL)) + == NULL) { + BIO_printf(bio_err, "Couldn't open file or uri %s\n", uri); + ERR_print_errors(bio_err); + return ret; + } + + if (expected != 0) { + if (!OSSL_STORE_expect(store_ctx, expected)) { + ERR_print_errors(bio_err); + goto end2; + } + } + + if (criterion != 0) { + if (!OSSL_STORE_supports_search(store_ctx, criterion)) { + BIO_printf(bio_err, + "%s: the store scheme doesn't support the given search criteria.\n", + prog); + goto end2; + } + + if (!OSSL_STORE_find(store_ctx, search)) { + ERR_print_errors(bio_err); + goto end2; + } + } + + /* From here on, we count errors, and we'll return the count at the end */ + ret = 0; + + for (;;) { + OSSL_STORE_INFO *info = OSSL_STORE_load(store_ctx); + int type = info == NULL ? 0 : OSSL_STORE_INFO_get_type(info); + const char *infostr = + info == NULL ? NULL : OSSL_STORE_INFO_type_string(type); + + if (info == NULL) { + if (OSSL_STORE_eof(store_ctx)) + break; + + if (OSSL_STORE_error(store_ctx)) { + if (recursive) + ERR_clear_error(); + else + ERR_print_errors(bio_err); + ret++; + continue; + } + + BIO_printf(bio_err, + "ERROR: OSSL_STORE_load() returned NULL without " + "eof or error indications\n"); + BIO_printf(bio_err, " This is an error in the loader\n"); + ERR_print_errors(bio_err); + ret++; + break; + } + + if (type == OSSL_STORE_INFO_NAME) { + const char *name = OSSL_STORE_INFO_get0_NAME(info); + const char *desc = OSSL_STORE_INFO_get0_NAME_description(info); + indent_printf(indent, bio_out, "%d: %s: %s\n", items, infostr, + name); + if (desc != NULL) + indent_printf(indent, bio_out, "%s\n", desc); + } else { + indent_printf(indent, bio_out, "%d: %s\n", items, infostr); + } + + /* + * Unfortunately, PEM_X509_INFO_write_bio() is sorely lacking in + * functionality, so we must figure out how exactly to write things + * ourselves... + */ + switch (type) { + case OSSL_STORE_INFO_NAME: + if (recursive) { + const char *suburi = OSSL_STORE_INFO_get0_NAME(info); + ret += process(suburi, uimeth, uidata, + expected, criterion, search, + text, noout, recursive, indent + 2, out, prog); + } + break; + case OSSL_STORE_INFO_PARAMS: + if (text) + EVP_PKEY_print_params(out, OSSL_STORE_INFO_get0_PARAMS(info), + 0, NULL); + if (!noout) + PEM_write_bio_Parameters(out, + OSSL_STORE_INFO_get0_PARAMS(info)); + break; + case OSSL_STORE_INFO_PKEY: + if (text) + EVP_PKEY_print_private(out, OSSL_STORE_INFO_get0_PKEY(info), + 0, NULL); + if (!noout) + PEM_write_bio_PrivateKey(out, OSSL_STORE_INFO_get0_PKEY(info), + NULL, NULL, 0, NULL, NULL); + break; + case OSSL_STORE_INFO_CERT: + if (text) + X509_print(out, OSSL_STORE_INFO_get0_CERT(info)); + if (!noout) + PEM_write_bio_X509(out, OSSL_STORE_INFO_get0_CERT(info)); + break; + case OSSL_STORE_INFO_CRL: + if (text) + X509_CRL_print(out, OSSL_STORE_INFO_get0_CRL(info)); + if (!noout) + PEM_write_bio_X509_CRL(out, OSSL_STORE_INFO_get0_CRL(info)); + break; + default: + BIO_printf(bio_err, "!!! Unknown code\n"); + ret++; + break; + } + items++; + OSSL_STORE_INFO_free(info); + } + indent_printf(indent, out, "Total found: %d\n", items); + + end2: + if (!OSSL_STORE_close(store_ctx)) { + ERR_print_errors(bio_err); + ret++; + } + + return ret; +} diff --git a/deps/openssl/openssl/apps/testdsa.h b/deps/openssl/openssl/apps/testdsa.h index 1e4502a10bd030..3c4b459db117e8 100644 --- a/deps/openssl/openssl/apps/testdsa.h +++ b/deps/openssl/openssl/apps/testdsa.h @@ -1,5 +1,5 @@ /* - * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,9 +8,7 @@ */ /* used by speed.c */ -DSA *get_dsa512(void); -DSA *get_dsa1024(void); -DSA *get_dsa2048(void); +DSA *get_dsa(int); static unsigned char dsa512_priv[] = { 0x65, 0xe5, 0xc7, 0x38, 0x60, 0x24, 0xb5, 0x89, 0xd4, 0x9c, 0xeb, 0x4c, @@ -49,40 +47,6 @@ static unsigned char dsa512_g[] = { 0xA2, 0x03, 0x9D, 0x20, }; -DSA *get_dsa512() -{ - DSA *dsa; - BIGNUM *priv_key, *pub_key, *p, *q, *g; - - if ((dsa = DSA_new()) == NULL) - return (NULL); - priv_key = BN_bin2bn(dsa512_priv, sizeof(dsa512_priv), NULL); - pub_key = BN_bin2bn(dsa512_pub, sizeof(dsa512_pub), NULL); - p = BN_bin2bn(dsa512_p, sizeof(dsa512_p), NULL); - q = BN_bin2bn(dsa512_q, sizeof(dsa512_q), NULL); - g = BN_bin2bn(dsa512_g, sizeof(dsa512_g), NULL); - if ((priv_key == NULL) || (pub_key == NULL) || (p == NULL) || (q == NULL) - || (g == NULL)) { - goto err; - } - if (!DSA_set0_pqg(dsa, p, q, g)) - goto err; - p = q = g = NULL; - - if (!DSA_set0_key(dsa, pub_key, priv_key)) - goto err; - - return dsa; - err: - DSA_free(dsa); - BN_free(priv_key); - BN_free(pub_key); - BN_free(p); - BN_free(q); - BN_free(g); - return NULL; -} - static unsigned char dsa1024_priv[] = { 0x7d, 0x21, 0xda, 0xbb, 0x62, 0x15, 0x47, 0x36, 0x07, 0x67, 0x12, 0xe8, 0x8c, 0xaa, 0x1c, 0xcd, 0x38, 0x12, 0x61, 0x18, @@ -135,40 +99,6 @@ static unsigned char dsa1024_g[] = { 0x6A, 0x7E, 0xD8, 0x32, 0xED, 0x0E, 0x02, 0xB8, }; -DSA *get_dsa1024() -{ - DSA *dsa; - BIGNUM *priv_key, *pub_key, *p, *q, *g; - - if ((dsa = DSA_new()) == NULL) - return (NULL); - priv_key = BN_bin2bn(dsa1024_priv, sizeof(dsa1024_priv), NULL); - pub_key = BN_bin2bn(dsa1024_pub, sizeof(dsa1024_pub), NULL); - p = BN_bin2bn(dsa1024_p, sizeof(dsa1024_p), NULL); - q = BN_bin2bn(dsa1024_q, sizeof(dsa1024_q), NULL); - g = BN_bin2bn(dsa1024_g, sizeof(dsa1024_g), NULL); - if ((priv_key == NULL) || (pub_key == NULL) || (p == NULL) || (q == NULL) - || (g == NULL)) { - goto err; - } - if (!DSA_set0_pqg(dsa, p, q, g)) - goto err; - p = q = g = NULL; - - if (!DSA_set0_key(dsa, pub_key, priv_key)) - goto err; - - return dsa; - err: - DSA_free(dsa); - BN_free(priv_key); - BN_free(pub_key); - BN_free(p); - BN_free(q); - BN_free(g); - return NULL; -} - static unsigned char dsa2048_priv[] = { 0x32, 0x67, 0x92, 0xf6, 0xc4, 0xe2, 0xe2, 0xe8, 0xa0, 0x8b, 0x6b, 0x45, 0x0c, 0x8a, 0x76, 0xb0, 0xee, 0xcf, 0x91, 0xa7, @@ -254,25 +184,66 @@ static unsigned char dsa2048_g[] = { 0xF8, 0xB2, 0xE5, 0x38, }; -DSA *get_dsa2048() +typedef struct testdsa_st { + unsigned char *priv; + unsigned char *pub; + unsigned char *p; + unsigned char *g; + unsigned char *q; + int priv_l; + int pub_l; + int p_l; + int g_l; + int q_l; +} testdsa; + +#define set_dsa_ptr(st, bits) \ + do { \ + st.priv = dsa##bits##_priv; \ + st.pub = dsa##bits##_pub; \ + st.p = dsa##bits##_p; \ + st.g = dsa##bits##_g; \ + st.q = dsa##bits##_q; \ + st.priv_l = sizeof(dsa##bits##_priv); \ + st.pub_l = sizeof(dsa##bits##_pub); \ + st.p_l = sizeof(dsa##bits##_p); \ + st.g_l = sizeof(dsa##bits##_g); \ + st.q_l = sizeof(dsa##bits##_q); \ + } while (0) + +DSA *get_dsa(int dsa_bits) { DSA *dsa; BIGNUM *priv_key, *pub_key, *p, *q, *g; + testdsa dsa_t; + + switch (dsa_bits) { + case 512: + set_dsa_ptr(dsa_t, 512); + break; + case 1024: + set_dsa_ptr(dsa_t, 1024); + break; + case 2048: + set_dsa_ptr(dsa_t, 2048); + break; + default: + return NULL; + } if ((dsa = DSA_new()) == NULL) - return (NULL); - priv_key = BN_bin2bn(dsa2048_priv, sizeof(dsa2048_priv), NULL); - pub_key = BN_bin2bn(dsa2048_pub, sizeof(dsa2048_pub), NULL); - p = BN_bin2bn(dsa2048_p, sizeof(dsa2048_p), NULL); - q = BN_bin2bn(dsa2048_q, sizeof(dsa2048_q), NULL); - g = BN_bin2bn(dsa2048_g, sizeof(dsa2048_g), NULL); + return NULL; + priv_key = BN_bin2bn(dsa_t.priv, dsa_t.priv_l, NULL); + pub_key = BN_bin2bn(dsa_t.pub, dsa_t.pub_l, NULL); + p = BN_bin2bn(dsa_t.p, dsa_t.p_l, NULL); + q = BN_bin2bn(dsa_t.q, dsa_t.q_l, NULL); + g = BN_bin2bn(dsa_t.g, dsa_t.g_l, NULL); if ((priv_key == NULL) || (pub_key == NULL) || (p == NULL) || (q == NULL) - || (g == NULL)) { + || (g == NULL)) { goto err; } if (!DSA_set0_pqg(dsa, p, q, g)) goto err; - p = q = g = NULL; if (!DSA_set0_key(dsa, pub_key, priv_key)) goto err; @@ -287,4 +258,3 @@ DSA *get_dsa2048() BN_free(g); return NULL; } - diff --git a/deps/openssl/openssl/apps/ts.c b/deps/openssl/openssl/apps/ts.c index 0e07c088d0ba67..930c1daaab6d43 100644 --- a/deps/openssl/openssl/apps/ts.c +++ b/deps/openssl/openssl/apps/ts.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -15,6 +15,7 @@ NON_EMPTY_TRANSLATION_UNIT # include # include # include "apps.h" +# include "progs.h" # include # include # include @@ -79,22 +80,21 @@ static int verify_cb(int ok, X509_STORE_CTX *ctx); typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ENGINE, OPT_CONFIG, OPT_SECTION, OPT_QUERY, OPT_DATA, - OPT_DIGEST, OPT_RAND, OPT_TSPOLICY, OPT_NO_NONCE, OPT_CERT, + OPT_DIGEST, OPT_TSPOLICY, OPT_NO_NONCE, OPT_CERT, OPT_IN, OPT_TOKEN_IN, OPT_OUT, OPT_TOKEN_OUT, OPT_TEXT, OPT_REPLY, OPT_QUERYFILE, OPT_PASSIN, OPT_INKEY, OPT_SIGNER, OPT_CHAIN, OPT_VERIFY, OPT_CAPATH, OPT_CAFILE, OPT_UNTRUSTED, - OPT_MD, OPT_V_ENUM + OPT_MD, OPT_V_ENUM, OPT_R_ENUM } OPTION_CHOICE; -OPTIONS ts_options[] = { +const OPTIONS ts_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, {"config", OPT_CONFIG, '<', "Configuration file"}, {"section", OPT_SECTION, 's', "Section to use within config file"}, {"query", OPT_QUERY, '-', "Generate a TS query"}, {"data", OPT_DATA, '<', "File to hash"}, {"digest", OPT_DIGEST, 's', "Digest (as a hex string)"}, - {"rand", OPT_RAND, 's', - "Load the file(s) into the random number generator"}, + OPT_R_OPTIONS, {"tspolicy", OPT_TSPOLICY, 's', "Policy OID to use"}, {"no_nonce", OPT_NO_NONCE, '-', "Do not include a nonce"}, {"cert", OPT_CERT, '-', "Put cert request into query"}, @@ -158,7 +158,7 @@ int ts_main(int argc, char **argv) const char *section = NULL; char **helpp; char *password = NULL; - char *data = NULL, *digest = NULL, *rnd = NULL, *policy = NULL; + char *data = NULL, *digest = NULL, *policy = NULL; char *in = NULL, *out = NULL, *queryfile = NULL, *passin = NULL; char *inkey = NULL, *signer = NULL, *chain = NULL, *CApath = NULL; const EVP_MD *md = NULL; @@ -207,8 +207,9 @@ int ts_main(int argc, char **argv) case OPT_DIGEST: digest = opt_arg(); break; - case OPT_RAND: - rnd = opt_arg(); + case OPT_R_CASES: + if (!opt_rand(o)) + goto end; break; case OPT_TSPOLICY: policy = opt_arg(); @@ -275,16 +276,6 @@ int ts_main(int argc, char **argv) if (mode == OPT_ERR || opt_num_rest() != 0) goto opthelp; - /* Seed the random number generator if it is going to be used. */ - if (mode == OPT_QUERY && !no_nonce) { - if (!app_RAND_load_file(NULL, 1) && rnd == NULL) - BIO_printf(bio_err, "warning, not much extra random " - "data, consider using the -rand option\n"); - if (rnd != NULL) - BIO_printf(bio_err, "%ld semi-random bytes loaded\n", - app_RAND_load_files(rnd)); - } - if (mode == OPT_REPLY && passin && !app_passwd(passin, NULL, &password, NULL)) { BIO_printf(bio_err, "Error getting password.\n"); @@ -296,19 +287,14 @@ int ts_main(int argc, char **argv) goto end; /* Check parameter consistency and execute the appropriate function. */ - switch (mode) { - default: - case OPT_ERR: - goto opthelp; - case OPT_QUERY: + if (mode == OPT_QUERY) { if (vpmtouched) goto opthelp; if ((data != NULL) && (digest != NULL)) goto opthelp; ret = !query_command(data, digest, md, policy, no_nonce, cert, in, out, text); - break; - case OPT_REPLY: + } else if (mode == OPT_REPLY) { if (vpmtouched) goto opthelp; if ((in != NULL) && (queryfile != NULL)) @@ -320,21 +306,22 @@ int ts_main(int argc, char **argv) ret = !reply_command(conf, section, engine, queryfile, password, inkey, md, signer, chain, policy, in, token_in, out, token_out, text); - break; - case OPT_VERIFY: + + } else if (mode == OPT_VERIFY) { if ((in == NULL) || !EXACTLY_ONE(queryfile, data, digest)) goto opthelp; ret = !verify_command(data, digest, queryfile, in, token_in, CApath, CAfile, untrusted, vpmtouched ? vpm : NULL); + } else { + goto opthelp; } end: X509_VERIFY_PARAM_free(vpm); - app_RAND_write_file(NULL); NCONF_free(conf); OPENSSL_free(password); - return (ret); + return ret; } /* @@ -501,7 +488,7 @@ static int create_digest(BIO *input, const char *digest, const EVP_MD *md, if (md_value_len < 0) return 0; - if (input) { + if (input != NULL) { unsigned char buffer[4096]; int length; @@ -593,7 +580,7 @@ static int reply_command(CONF *conf, const char *section, const char *engine, } else { response = create_response(conf, section, engine, queryfile, passin, inkey, md, signer, chain, policy); - if (response) + if (response != NULL) BIO_printf(bio_err, "Response has been generated.\n"); else BIO_printf(bio_err, "Response is not generated.\n"); @@ -712,6 +699,8 @@ static TS_RESP *create_response(CONF *conf, const char *section, const char *eng goto end; } + if (!TS_CONF_set_ess_cert_id_digest(conf, section, resp_ctx)) + goto end; if (!TS_CONF_set_def_policy(conf, section, policy, resp_ctx)) goto end; if (!TS_CONF_set_policies(conf, section, resp_ctx)) @@ -747,13 +736,14 @@ static ASN1_INTEGER *serial_cb(TS_RESP_CTX *ctx, void *data) const char *serial_file = (const char *)data; ASN1_INTEGER *serial = next_serial(serial_file); - if (!serial) { + if (serial == NULL) { TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, "Error during serial number " "generation."); TS_RESP_CTX_add_failure_info(ctx, TS_INFO_ADD_INFO_NOT_AVAILABLE); - } else + } else { save_ts_serial(serial_file, serial); + } return serial; } @@ -916,8 +906,9 @@ static TS_VERIFY_CTX *create_verify_ctx(const char *data, const char *digest, goto err; if ((ctx = TS_REQ_to_TS_VERIFY_CTX(request, NULL)) == NULL) goto err; - } else + } else { return NULL; + } /* Add the signature verification flag and arguments. */ TS_VERIFY_CTX_add_flags(ctx, f | TS_VFY_SIGNATURE); diff --git a/deps/openssl/openssl/apps/tsget.in b/deps/openssl/openssl/apps/tsget.in index c6193e57da1941..bec365e28ce546 100644 --- a/deps/openssl/openssl/apps/tsget.in +++ b/deps/openssl/openssl/apps/tsget.in @@ -1,6 +1,6 @@ -#!{- $config{hashbangperl} -} +#!{- $config{HASHBANGPERL} -} +# Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. # Copyright (c) 2002 The OpenTSA Project. All rights reserved. -# Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/apps/verify.c b/deps/openssl/openssl/apps/verify.c index 8bcbff61774abe..38377a57e4a9f7 100644 --- a/deps/openssl/openssl/apps/verify.c +++ b/deps/openssl/openssl/apps/verify.c @@ -11,6 +11,7 @@ #include #include #include "apps.h" +#include "progs.h" #include #include #include @@ -27,11 +28,11 @@ typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ENGINE, OPT_CAPATH, OPT_CAFILE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_UNTRUSTED, OPT_TRUSTED, OPT_CRLFILE, OPT_CRL_DOWNLOAD, OPT_SHOW_CHAIN, - OPT_V_ENUM, + OPT_V_ENUM, OPT_NAMEOPT, OPT_VERBOSE } OPTION_CHOICE; -OPTIONS verify_options[] = { +const OPTIONS verify_options[] = { {OPT_HELP_STR, 1, '-', "Usage: %s [options] cert.pem...\n"}, {OPT_HELP_STR, 1, '-', "Valid options are:\n"}, {"help", OPT_HELP, '-', "Display this summary"}, @@ -51,6 +52,7 @@ OPTIONS verify_options[] = { "Attempt to download CRL information for this certificate"}, {"show_chain", OPT_SHOW_CHAIN, '-', "Display information about the certificate chain"}, + {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"}, OPT_V_OPTIONS, #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, @@ -149,6 +151,10 @@ int verify_main(int argc, char **argv) case OPT_SHOW_CHAIN: show_chain = 1; break; + case OPT_NAMEOPT: + if (!set_nameopt(opt_arg())) + goto end; + break; case OPT_VERBOSE: v_verbose = 1; break; @@ -224,9 +230,9 @@ static int check(X509_STORE *ctx, const char *file, (file == NULL) ? "stdin" : file); goto end; } - if (tchain) + if (tchain != NULL) X509_STORE_CTX_set0_trusted_stack(csc, tchain); - if (crls) + if (crls != NULL) X509_STORE_CTX_set0_crls(csc, crls); i = X509_verify_cert(csc); if (i > 0 && X509_STORE_CTX_get_error(csc) == X509_V_OK) { @@ -243,7 +249,7 @@ static int check(X509_STORE *ctx, const char *file, printf("depth=%d: ", j); X509_NAME_print_ex_fp(stdout, X509_get_subject_name(cert), - 0, XN_FLAG_ONELINE); + 0, get_nameopt()); if (j < num_untrusted) printf(" (untrusted)"); printf("\n"); @@ -269,10 +275,10 @@ static int cb(int ok, X509_STORE_CTX *ctx) X509 *current_cert = X509_STORE_CTX_get_current_cert(ctx); if (!ok) { - if (current_cert) { + if (current_cert != NULL) { X509_NAME_print_ex(bio_err, X509_get_subject_name(current_cert), - 0, XN_FLAG_ONELINE); + 0, get_nameopt()); BIO_printf(bio_err, "\n"); } BIO_printf(bio_err, "%serror %d at %d depth lookup: %s\n", @@ -309,5 +315,5 @@ static int cb(int ok, X509_STORE_CTX *ctx) policies_print(ctx); if (!v_verbose) ERR_clear_error(); - return (ok); + return ok; } diff --git a/deps/openssl/openssl/apps/version.c b/deps/openssl/openssl/apps/version.c index 2f8be364387b78..2aca1636152bb2 100644 --- a/deps/openssl/openssl/apps/version.c +++ b/deps/openssl/openssl/apps/version.c @@ -11,6 +11,7 @@ #include #include #include "apps.h" +#include "progs.h" #include #include #include @@ -32,10 +33,10 @@ typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, - OPT_B, OPT_D, OPT_E, OPT_F, OPT_O, OPT_P, OPT_V, OPT_A + OPT_B, OPT_D, OPT_E, OPT_F, OPT_O, OPT_P, OPT_V, OPT_A, OPT_R } OPTION_CHOICE; -OPTIONS version_options[] = { +const OPTIONS version_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, {"a", OPT_A, '-', "Show all data"}, {"b", OPT_B, '-', "Show build date"}, @@ -44,13 +45,24 @@ OPTIONS version_options[] = { {"f", OPT_F, '-', "Show compiler flags used"}, {"o", OPT_O, '-', "Show some internal datatype options"}, {"p", OPT_P, '-', "Show target build platform"}, + {"r", OPT_R, '-', "Show random seeding options"}, {"v", OPT_V, '-', "Show library version"}, {NULL} }; +#if defined(OPENSSL_RAND_SEED_DEVRANDOM) || defined(OPENSSL_RAND_SEED_EGD) +static void printlist(const char *prefix, const char **dev) +{ + printf("%s (", prefix); + for ( ; *dev != NULL; dev++) + printf(" \"%s\"", *dev); + printf(" )"); +} +#endif + int version_main(int argc, char **argv) { - int ret = 1, dirty = 0; + int ret = 1, dirty = 0, seed = 0; int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir = 0; int engdir = 0; char *prog; @@ -86,11 +98,15 @@ int version_main(int argc, char **argv) case OPT_P: dirty = platform = 1; break; + case OPT_R: + dirty = seed = 1; + break; case OPT_V: dirty = version = 1; break; case OPT_A: - options = cflags = version = date = platform = dir = engdir = 1; + seed = options = cflags = version = date = platform = dir = engdir + = 1; break; } } @@ -102,12 +118,11 @@ int version_main(int argc, char **argv) version = 1; if (version) { - if (OpenSSL_version_num() == OPENSSL_VERSION_NUMBER) { + if (OpenSSL_version_num() == OPENSSL_VERSION_NUMBER) printf("%s\n", OpenSSL_version(OPENSSL_VERSION)); - } else { + else printf("%s (Library: %s)\n", OPENSSL_VERSION_TEXT, OpenSSL_version(OPENSSL_VERSION)); - } } if (date) printf("%s\n", OpenSSL_version(OPENSSL_BUILT_ON)); @@ -139,7 +154,41 @@ int version_main(int argc, char **argv) printf("%s\n", OpenSSL_version(OPENSSL_DIR)); if (engdir) printf("%s\n", OpenSSL_version(OPENSSL_ENGINES_DIR)); + if (seed) { + printf("Seeding source:"); +#ifdef OPENSSL_RAND_SEED_RTDSC + printf(" rtdsc"); +#endif +#ifdef OPENSSL_RAND_SEED_RDCPU + printf(" rdrand ( rdseed rdrand )"); +#endif +#ifdef OPENSSL_RAND_SEED_LIBRANDOM + printf(" C-library-random"); +#endif +#ifdef OPENSSL_RAND_SEED_GETRANDOM + printf(" getrandom-syscall"); +#endif +#ifdef OPENSSL_RAND_SEED_DEVRANDOM + { + static const char *dev[] = { DEVRANDOM, NULL }; + printlist(" random-device", dev); + } +#endif +#ifdef OPENSSL_RAND_SEED_EGD + { + static const char *dev[] = { DEVRANDOM_EGD, NULL }; + printlist(" EGD", dev); + } +#endif +#ifdef OPENSSL_RAND_SEED_NONE + printf(" none"); +#endif +#ifdef OPENSSL_RAND_SEED_OS + printf(" os-specific"); +#endif + printf("\n"); + } ret = 0; end: - return (ret); + return ret; } diff --git a/deps/openssl/openssl/apps/vms_term_sock.c b/deps/openssl/openssl/apps/vms_term_sock.c index bc0c173ef4e0c7..9a90a1e7901254 100644 --- a/deps/openssl/openssl/apps/vms_term_sock.c +++ b/deps/openssl/openssl/apps/vms_term_sock.c @@ -1,4 +1,5 @@ /* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2016 VMS Software, Inc. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -183,7 +184,7 @@ int TerminalSocket (int FunctionCode, int *ReturnSocket) close (TerminalSocketPair[0]); if (TerminalSocketPair[1]) close (TerminalSocketPair[1]); - return (TERM_SOCK_FAILURE); + return TERM_SOCK_FAILURE; } /* @@ -196,7 +197,7 @@ int TerminalSocket (int FunctionCode, int *ReturnSocket) LogMessage ("TerminalSocket: SYS$ASSIGN () - %08X", status); close (TerminalSocketPair[0]); close (TerminalSocketPair[1]); - return (TERM_SOCK_FAILURE); + return TERM_SOCK_FAILURE; } /* @@ -215,7 +216,7 @@ int TerminalSocket (int FunctionCode, int *ReturnSocket) LogMessage ("TerminalSocket: SYS$QIO () - %08X", status); close (TerminalSocketPair[0]); close (TerminalSocketPair[1]); - return (TERM_SOCK_FAILURE); + return TERM_SOCK_FAILURE; } /* @@ -233,7 +234,7 @@ int TerminalSocket (int FunctionCode, int *ReturnSocket) LogMessage ("TerminalSocket: SYS$CANCEL () - %08X", status); close (TerminalSocketPair[0]); close (TerminalSocketPair[1]); - return (TERM_SOCK_FAILURE); + return TERM_SOCK_FAILURE; } /* @@ -244,7 +245,7 @@ int TerminalSocket (int FunctionCode, int *ReturnSocket) LogMessage ("TerminalSocket: SYS$DASSGN () - %08X", status); close (TerminalSocketPair[0]); close (TerminalSocketPair[1]); - return (TERM_SOCK_FAILURE); + return TERM_SOCK_FAILURE; } /* @@ -264,14 +265,14 @@ int TerminalSocket (int FunctionCode, int *ReturnSocket) ** Invalid function code */ LogMessage ("TerminalSocket: Invalid Function Code - %d", FunctionCode); - return (TERM_SOCK_FAILURE); + return TERM_SOCK_FAILURE; break; } /* ** Return success */ - return (TERM_SOCK_SUCCESS); + return TERM_SOCK_SUCCESS; } @@ -311,7 +312,7 @@ static int CreateSocketPair (int SocketFamily, SockDesc1 = socket (SocketFamily, SocketType, 0); if (SockDesc1 < 0) { LogMessage ("CreateSocketPair: socket () - %d", errno); - return (-1); + return -1; } /* @@ -330,7 +331,7 @@ static int CreateSocketPair (int SocketFamily, if (status < 0) { LogMessage ("CreateSocketPair: bind () - %d", errno); close (SockDesc1); - return (-1); + return -1; } /* @@ -340,7 +341,7 @@ static int CreateSocketPair (int SocketFamily, if (status < 0) { LogMessage ("CreateSocketPair: getsockname () - %d", errno); close (SockDesc1); - return (-1); + return -1; } else LocalHostPort = sin.sin_port; @@ -359,7 +360,7 @@ static int CreateSocketPair (int SocketFamily, if (! (status & 1)) { LogMessage ("CreateSocketPair: SYS$BINTIM () - %08X", status); close (SockDesc1); - return (-1); + return -1; } /* @@ -370,7 +371,7 @@ static int CreateSocketPair (int SocketFamily, if (! (status & 1)) { LogMessage ("CreateSocketPair: SYS$ASSIGN () - %08X", status); close (SockDesc1); - return (-1); + return -1; } /* @@ -392,7 +393,7 @@ static int CreateSocketPair (int SocketFamily, LogMessage ("CreateSocketPair: SYS$QIO () - %08X", status); close (SockDesc1); sys$dassgn (TcpDeviceChan); - return (-1); + return -1; } /* @@ -428,7 +429,7 @@ static int CreateSocketPair (int SocketFamily, close (SockDesc1); close (SockDesc2); sys$dassgn (TcpDeviceChan); - return (-1); + return -1; } /* @@ -447,7 +448,7 @@ static int CreateSocketPair (int SocketFamily, close (SockDesc1); close (SockDesc2); sys$dassgn (TcpDeviceChan); - return (-1); + return -1; } /* @@ -467,7 +468,7 @@ static int CreateSocketPair (int SocketFamily, close (SockDesc1); close (SockDesc2); sys$dassgn (TcpDeviceChan); - return (-1); + return -1; } /* @@ -513,7 +514,7 @@ static int TerminalDeviceAst (int astparm) strcat (TerminalDeviceBuff, "\n"); /* - ** Send the data read from the terminal device throught the socket pair + ** Send the data read from the terminal device through the socket pair */ send (TerminalSocketPair[0], TerminalDeviceBuff, TerminalDeviceIosb.iosb$w_bcnt + 1, 0); diff --git a/deps/openssl/openssl/apps/vms_term_sock.h b/deps/openssl/openssl/apps/vms_term_sock.h index 662fa0adaf254b..c4d1702d799ecc 100644 --- a/deps/openssl/openssl/apps/vms_term_sock.h +++ b/deps/openssl/openssl/apps/vms_term_sock.h @@ -1,4 +1,5 @@ /* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2016 VMS Software, Inc. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use diff --git a/deps/openssl/openssl/apps/win32_init.c b/deps/openssl/openssl/apps/win32_init.c index ebe92bcd4055b0..df4bff41a24dea 100644 --- a/deps/openssl/openssl/apps/win32_init.c +++ b/deps/openssl/openssl/apps/win32_init.c @@ -302,6 +302,6 @@ void win32_utf8argv(int *argc, char **argv[]) return; } #else -void win32_utf8argv(int &argc, char **argv[]) +void win32_utf8argv(int *argc, char **argv[]) { return; } #endif diff --git a/deps/openssl/openssl/apps/x509.c b/deps/openssl/openssl/apps/x509.c index 7a66ea6603fd87..81291a9a4f90f2 100644 --- a/deps/openssl/openssl/apps/x509.c +++ b/deps/openssl/openssl/apps/x509.c @@ -11,6 +11,7 @@ #include #include #include "apps.h" +#include "progs.h" #include #include #include @@ -33,13 +34,16 @@ static int callb(int ok, X509_STORE_CTX *ctx); static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, - const EVP_MD *digest, CONF *conf, const char *section); + const EVP_MD *digest, CONF *conf, const char *section, + int preserve_dates); static int x509_certify(X509_STORE *ctx, const char *CAfile, const EVP_MD *digest, X509 *x, X509 *xca, EVP_PKEY *pkey, STACK_OF(OPENSSL_STRING) *sigopts, const char *serialfile, int create, int days, int clrext, CONF *conf, - const char *section, ASN1_INTEGER *sno, int reqfile); + const char *section, ASN1_INTEGER *sno, int reqfile, + int preserve_dates); static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt); +static int print_x509v3_exts(BIO *bio, X509 *x, const char *exts); typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, @@ -56,16 +60,17 @@ typedef enum OPTION_choice { OPT_CLRREJECT, OPT_ALIAS, OPT_CACREATESERIAL, OPT_CLREXT, OPT_OCSPID, OPT_SUBJECT_HASH_OLD, OPT_ISSUER_HASH_OLD, - OPT_BADSIG, OPT_MD, OPT_ENGINE, OPT_NOCERT + OPT_BADSIG, OPT_MD, OPT_ENGINE, OPT_NOCERT, OPT_PRESERVE_DATES, + OPT_R_ENUM, OPT_EXT } OPTION_CHOICE; -OPTIONS x509_options[] = { +const OPTIONS x509_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, {"inform", OPT_INFORM, 'f', - "Input format - default PEM (one of DER, NET or PEM)"}, + "Input format - default PEM (one of DER or PEM)"}, {"in", OPT_IN, '<', "Input file - default stdin"}, {"outform", OPT_OUTFORM, 'f', - "Output format - default PEM (one of DER, NET or PEM)"}, + "Output format - default PEM (one of DER or PEM)"}, {"out", OPT_OUT, '>', "Output file - default stdout"}, {"keyform", OPT_KEYFORM, 'F', "Private key format - default PEM"}, {"passin", OPT_PASSIN, 's', "Private key password/pass-phrase source"}, @@ -114,8 +119,10 @@ OPTIONS x509_options[] = { {"CAserial", OPT_CASERIAL, 's', "Serial file"}, {"set_serial", OPT_SET_SERIAL, 's', "Serial number to use"}, {"text", OPT_TEXT, '-', "Print the certificate in text form"}, + {"ext", OPT_EXT, 's', "Print various X509V3 extensions"}, {"C", OPT_C, '-', "Print out C code forms"}, {"extfile", OPT_EXTFILE, '<', "File with X509V3 extensions to add"}, + OPT_R_OPTIONS, {"extensions", OPT_EXTENSIONS, 's', "Section from config file to use"}, {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"}, {"certopt", OPT_CERTOPT, 's', "Various certificate text options"}, @@ -140,6 +147,7 @@ OPTIONS x509_options[] = { #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, #endif + {"preserve_dates", OPT_PRESERVE_DATES, '-', "preserve existing dates when signing"}, {NULL} }; @@ -157,23 +165,23 @@ int x509_main(int argc, char **argv) X509_STORE *ctx = NULL; const EVP_MD *digest = NULL; char *CAkeyfile = NULL, *CAserial = NULL, *fkeyfile = NULL, *alias = NULL; - char *checkhost = NULL, *checkemail = NULL, *checkip = NULL; + char *checkhost = NULL, *checkemail = NULL, *checkip = NULL, *exts = NULL; char *extsect = NULL, *extfile = NULL, *passin = NULL, *passinarg = NULL; char *infile = NULL, *outfile = NULL, *keyfile = NULL, *CAfile = NULL; - char buf[256], *prog; + char *prog; int x509req = 0, days = DEF_DAYS, modulus = 0, pubkey = 0, pprint = 0; int C = 0, CAformat = FORMAT_PEM, CAkeyformat = FORMAT_PEM; - int fingerprint = 0, reqfile = 0, need_rand = 0, checkend = 0; + int fingerprint = 0, reqfile = 0, checkend = 0; int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM; int next_serial = 0, subject_hash = 0, issuer_hash = 0, ocspid = 0; int noout = 0, sign_flag = 0, CA_flag = 0, CA_createserial = 0, email = 0; int ocsp_uri = 0, trustout = 0, clrtrust = 0, clrreject = 0, aliasout = 0; int ret = 1, i, num = 0, badsig = 0, clrext = 0, nocert = 0; - int text = 0, serial = 0, subject = 0, issuer = 0, startdate = 0; + int text = 0, serial = 0, subject = 0, issuer = 0, startdate = 0, ext = 0; int enddate = 0; time_t checkoffset = 0; - unsigned long nmflag = 0, certflag = 0; - char nmflag_set = 0; + unsigned long certflag = 0; + int preserve_dates = 0; OPTION_CHOICE o; ENGINE *e = NULL; #ifndef OPENSSL_NO_MD5 @@ -224,7 +232,7 @@ int x509_main(int argc, char **argv) outfile = opt_arg(); break; case OPT_REQ: - reqfile = need_rand = 1; + reqfile = 1; break; case OPT_SIGOPT: @@ -234,6 +242,8 @@ int x509_main(int argc, char **argv) goto opthelp; break; case OPT_DAYS: + if (preserve_dates) + goto opthelp; days = atoi(opt_arg()); break; case OPT_PASSIN: @@ -242,18 +252,20 @@ int x509_main(int argc, char **argv) case OPT_EXTFILE: extfile = opt_arg(); break; + case OPT_R_CASES: + if (!opt_rand(o)) + goto end; + break; case OPT_EXTENSIONS: extsect = opt_arg(); break; case OPT_SIGNKEY: keyfile = opt_arg(); sign_flag = ++num; - need_rand = 1; break; case OPT_CA: CAfile = opt_arg(); CA_flag = ++num; - need_rand = 1; break; case OPT_CAKEY: CAkeyfile = opt_arg(); @@ -308,8 +320,7 @@ int x509_main(int argc, char **argv) goto opthelp; break; case OPT_NAMEOPT: - nmflag_set = 1; - if (!set_name_ex(&nmflag, opt_arg())) + if (!set_nameopt(opt_arg())) goto opthelp; break; case OPT_ENGINE: @@ -369,6 +380,10 @@ int x509_main(int argc, char **argv) case OPT_NOOUT: noout = ++num; break; + case OPT_EXT: + ext = ++num; + exts = opt_arg(); + break; case OPT_NOCERT: nocert = 1; break; @@ -435,6 +450,11 @@ int x509_main(int argc, char **argv) case OPT_CHECKIP: checkip = opt_arg(); break; + case OPT_PRESERVE_DATES: + if (days != DEF_DAYS) + goto opthelp; + preserve_dates = 1; + break; case OPT_MD: if (!opt_md(opt_unknown(), &digest)) goto opthelp; @@ -447,12 +467,6 @@ int x509_main(int argc, char **argv) goto opthelp; } - if (!nmflag_set) - nmflag = XN_FLAG_ONELINE; - - if (need_rand) - app_RAND_load_file(NULL, 0); - if (!app_passwd(passinarg, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; @@ -463,7 +477,7 @@ int x509_main(int argc, char **argv) goto end; } - if (fkeyfile) { + if (fkeyfile != NULL) { fkey = load_pubkey(fkeyfile, keyformat, 0, NULL, e, "Forced key"); if (fkey == NULL) goto end; @@ -477,13 +491,13 @@ int x509_main(int argc, char **argv) goto end; } - if (extfile) { + if (extfile != NULL) { X509V3_CTX ctx2; if ((extconf = app_load_config(extfile)) == NULL) goto end; - if (!extsect) { + if (extsect == NULL) { extsect = NCONF_get_string(extconf, "default", "extensions"); - if (!extsect) { + if (extsect == NULL) { ERR_clear_error(); extsect = "default"; } @@ -531,11 +545,12 @@ int x509_main(int argc, char **argv) BIO_printf(bio_err, "Signature did not match the certificate request\n"); goto end; - } else + } else { BIO_printf(bio_err, "Signature ok\n"); + } print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), - nmflag); + get_nameopt()); if ((x = X509_new()) == NULL) goto end; @@ -548,8 +563,9 @@ int x509_main(int argc, char **argv) goto end; ASN1_INTEGER_free(sno); sno = NULL; - } else if (!X509_set_serialNumber(x, sno)) + } else if (!X509_set_serialNumber(x, sno)) { goto end; + } if (!X509_set_issuer_name(x, X509_REQ_get_subject_name(req))) goto end; @@ -558,14 +574,15 @@ int x509_main(int argc, char **argv) if (!set_cert_times(x, NULL, NULL, days)) goto end; - if (fkey) + if (fkey != NULL) { X509_set_pubkey(x, fkey); - else { + } else { pkey = X509_REQ_get0_pubkey(req); X509_set_pubkey(x, pkey); } - } else + } else { x = load_cert(infile, informat, "Certificate"); + } if (x == NULL) goto end; @@ -590,7 +607,7 @@ int x509_main(int argc, char **argv) if (clrreject) X509_reject_clear(x); - if (trust) { + if (trust != NULL) { for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++) { objtmp = sk_ASN1_OBJECT_value(trust, i); X509_add1_trust_object(x, objtmp); @@ -598,7 +615,7 @@ int x509_main(int argc, char **argv) objtmp = NULL; } - if (reject) { + if (reject != NULL) { for (i = 0; i < sk_ASN1_OBJECT_num(reject); i++) { objtmp = sk_ASN1_OBJECT_value(reject, i); X509_add1_reject_object(x, objtmp); @@ -616,10 +633,10 @@ int x509_main(int argc, char **argv) if (num) { for (i = 1; i <= num; i++) { if (issuer == i) { - print_name(out, "issuer=", X509_get_issuer_name(x), nmflag); + print_name(out, "issuer=", X509_get_issuer_name(x), get_nameopt()); } else if (subject == i) { print_name(out, "subject=", - X509_get_subject_name(x), nmflag); + X509_get_subject_name(x), get_nameopt()); } else if (serial == i) { BIO_printf(out, "serial="); i2a_ASN1_INTEGER(out, X509_get_serialNumber(x)); @@ -724,13 +741,10 @@ int x509_main(int argc, char **argv) char *m; int len; - X509_NAME_oneline(X509_get_subject_name(x), buf, sizeof(buf)); - BIO_printf(out, "/*\n" - " * Subject: %s\n", buf); - - X509_NAME_oneline(X509_get_issuer_name(x), buf, sizeof(buf)); - BIO_printf(out, " * Issuer: %s\n" - " */\n", buf); + print_name(out, "/*\n" + " * Subject: ", X509_get_subject_name(x), get_nameopt()); + print_name(out, " * Issuer: ", X509_get_issuer_name(x), get_nameopt()); + BIO_puts(out, " */\n"); len = i2d_X509(x, NULL); m = app_malloc(len, "x509 name buffer"); @@ -745,7 +759,7 @@ int x509_main(int argc, char **argv) print_array(out, "the_certificate", len, (unsigned char *)m); OPENSSL_free(m); } else if (text == i) { - X509_print_ex(out, x, nmflag, certflag); + X509_print_ex(out, x, get_nameopt(), certflag); } else if (startdate == i) { BIO_puts(out, "notBefore="); ASN1_TIME_print(out, X509_get0_notBefore(x)); @@ -760,7 +774,7 @@ int x509_main(int argc, char **argv) unsigned char md[EVP_MAX_MD_SIZE]; const EVP_MD *fdig = digest; - if (!fdig) + if (fdig == NULL) fdig = EVP_sha1(); if (!X509_digest(x, fdig, md, &n)) { @@ -785,8 +799,7 @@ int x509_main(int argc, char **argv) goto end; } - assert(need_rand); - if (!sign(x, Upkey, days, clrext, digest, extconf, extsect)) + if (!sign(x, Upkey, days, clrext, digest, extconf, extsect, preserve_dates)) goto end; } else if (CA_flag == i) { BIO_printf(bio_err, "Getting CA Private Key\n"); @@ -797,11 +810,10 @@ int x509_main(int argc, char **argv) goto end; } - assert(need_rand); if (!x509_certify(ctx, CAfile, digest, x, xca, CApkey, sigopts, CAserial, CA_createserial, days, clrext, - extconf, extsect, sno, reqfile)) + extconf, extsect, sno, reqfile, preserve_dates)) goto end; } else if (x509req == i) { EVP_PKEY *pk; @@ -826,12 +838,14 @@ int x509_main(int argc, char **argv) goto end; } if (!noout) { - X509_REQ_print(out, rq); + X509_REQ_print_ex(out, rq, get_nameopt(), X509_FLAG_COMPAT); PEM_write_bio_X509_REQ(out, rq); } noout = 1; } else if (ocspid == i) { X509_ocspid_print(out, x); + } else if (ext == i) { + print_x509v3_exts(out, x, exts); } } } @@ -856,9 +870,9 @@ int x509_main(int argc, char **argv) goto end; } - if (outformat == FORMAT_ASN1) + if (outformat == FORMAT_ASN1) { i = i2d_X509_bio(out, x); - else if (outformat == FORMAT_PEM) { + } else if (outformat == FORMAT_PEM) { if (trustout) i = PEM_write_bio_X509_AUX(out, x); else @@ -874,8 +888,6 @@ int x509_main(int argc, char **argv) } ret = 0; end: - if (need_rand) - app_RAND_write_file(NULL); NCONF_free(extconf); BIO_free_all(out); X509_STORE_free(ctx); @@ -893,33 +905,27 @@ int x509_main(int argc, char **argv) ASN1_OBJECT_free(objtmp); release_engine(e); OPENSSL_free(passin); - return (ret); + return ret; } -static ASN1_INTEGER *x509_load_serial(const char *CAfile, const char *serialfile, - int create) +static ASN1_INTEGER *x509_load_serial(const char *CAfile, + const char *serialfile, int create) { - char *buf = NULL, *p; + char *buf = NULL; ASN1_INTEGER *bs = NULL; BIGNUM *serial = NULL; - size_t len; - len = ((serialfile == NULL) - ? (strlen(CAfile) + strlen(POSTFIX) + 1) - : (strlen(serialfile))) + 1; - buf = app_malloc(len, "serial# buffer"); if (serialfile == NULL) { - OPENSSL_strlcpy(buf, CAfile, len); - for (p = buf; *p; p++) - if (*p == '.') { - *p = '\0'; - break; - } - OPENSSL_strlcat(buf, POSTFIX, len); - } else - OPENSSL_strlcpy(buf, serialfile, len); + const char *p = strrchr(CAfile, '.'); + size_t len = p != NULL ? (size_t)(p - CAfile) : strlen(CAfile); + + buf = app_malloc(len + sizeof(POSTFIX), "serial# buffer"); + memcpy(buf, CAfile, len); + memcpy(buf + len, POSTFIX, sizeof(POSTFIX)); + serialfile = buf; + } - serial = load_serial(buf, create, NULL); + serial = load_serial(serialfile, create, NULL); if (serial == NULL) goto end; @@ -928,7 +934,7 @@ static ASN1_INTEGER *x509_load_serial(const char *CAfile, const char *serialfile goto end; } - if (!save_serial(buf, NULL, serial, &bs)) + if (!save_serial(serialfile, NULL, serial, &bs)) goto end; end: @@ -942,7 +948,7 @@ static int x509_certify(X509_STORE *ctx, const char *CAfile, const EVP_MD *diges STACK_OF(OPENSSL_STRING) *sigopts, const char *serialfile, int create, int days, int clrext, CONF *conf, const char *section, - ASN1_INTEGER *sno, int reqfile) + ASN1_INTEGER *sno, int reqfile, int preserve_dates) { int ret = 0; ASN1_INTEGER *bs = NULL; @@ -986,7 +992,7 @@ static int x509_certify(X509_STORE *ctx, const char *CAfile, const EVP_MD *diges if (!X509_set_serialNumber(x, bs)) goto end; - if (!set_cert_times(x, NULL, NULL, days)) + if (!preserve_dates && !set_cert_times(x, NULL, NULL, days)) goto end; if (clrext) { @@ -994,7 +1000,7 @@ static int x509_certify(X509_STORE *ctx, const char *CAfile, const EVP_MD *diges X509_delete_ext(x, 0); } - if (conf) { + if (conf != NULL) { X509V3_CTX ctx2; X509_set_version(x, 2); /* version 3 certificate */ X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0); @@ -1050,12 +1056,13 @@ static int callb(int ok, X509_STORE_CTX *ctx) /* self sign */ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, - const EVP_MD *digest, CONF *conf, const char *section) + const EVP_MD *digest, CONF *conf, const char *section, + int preserve_dates) { if (!X509_set_issuer_name(x, X509_get_subject_name(x))) goto err; - if (!set_cert_times(x, NULL, NULL, days)) + if (!preserve_dates && !set_cert_times(x, NULL, NULL, days)) goto err; if (!X509_set_pubkey(x, pkey)) goto err; @@ -1063,7 +1070,7 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, while (X509_get_ext_count(x) > 0) X509_delete_ext(x, 0); } - if (conf) { + if (conf != NULL) { X509V3_CTX ctx; X509_set_version(x, 2); /* version 3 certificate */ X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0); @@ -1097,3 +1104,93 @@ static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt) } return 1; } + +static int parse_ext_names(char *names, const char **result) +{ + char *p, *q; + int cnt = 0, len = 0; + + p = q = names; + len = strlen(names); + + while (q - names <= len) { + if (*q != ',' && *q != '\0') { + q++; + continue; + } + if (p != q) { + /* found */ + if (result != NULL) { + result[cnt] = p; + *q = '\0'; + } + cnt++; + } + p = ++q; + } + + return cnt; +} + +static int print_x509v3_exts(BIO *bio, X509 *x, const char *ext_names) +{ + const STACK_OF(X509_EXTENSION) *exts = NULL; + STACK_OF(X509_EXTENSION) *exts2 = NULL; + X509_EXTENSION *ext = NULL; + ASN1_OBJECT *obj; + int i, j, ret = 0, num, nn = 0; + const char *sn, **names = NULL; + char *tmp_ext_names = NULL; + + exts = X509_get0_extensions(x); + if ((num = sk_X509_EXTENSION_num(exts)) <= 0) { + BIO_printf(bio, "No extensions in certificate\n"); + ret = 1; + goto end; + } + + /* parse comma separated ext name string */ + if ((tmp_ext_names = OPENSSL_strdup(ext_names)) == NULL) + goto end; + if ((nn = parse_ext_names(tmp_ext_names, NULL)) == 0) { + BIO_printf(bio, "Invalid extension names: %s\n", ext_names); + goto end; + } + if ((names = OPENSSL_malloc(sizeof(char *) * nn)) == NULL) + goto end; + parse_ext_names(tmp_ext_names, names); + + for (i = 0; i < num; i++) { + ext = sk_X509_EXTENSION_value(exts, i); + + /* check if this ext is what we want */ + obj = X509_EXTENSION_get_object(ext); + sn = OBJ_nid2sn(OBJ_obj2nid(obj)); + if (sn == NULL || strcmp(sn, "UNDEF") == 0) + continue; + + for (j = 0; j < nn; j++) { + if (strcmp(sn, names[j]) == 0) { + /* push the extension into a new stack */ + if (exts2 == NULL + && (exts2 = sk_X509_EXTENSION_new_null()) == NULL) + goto end; + if (!sk_X509_EXTENSION_push(exts2, ext)) + goto end; + } + } + } + + if (!sk_X509_EXTENSION_num(exts2)) { + BIO_printf(bio, "No extensions matched with %s\n", ext_names); + ret = 1; + goto end; + } + + ret = X509V3_extensions_print(bio, NULL, exts2, 0, 0); + end: + sk_X509_EXTENSION_free(exts2); + OPENSSL_free(names); + OPENSSL_free(tmp_ext_names); + return ret; +} diff --git a/deps/openssl/openssl/appveyor.yml b/deps/openssl/openssl/appveyor.yml index ba291fdd174b09..24966c0faa5ce4 100644 --- a/deps/openssl/openssl/appveyor.yml +++ b/deps/openssl/openssl/appveyor.yml @@ -1,45 +1,66 @@ platform: - - x86 - x64 + - x86 environment: + fast_finish: true matrix: - VSVER: 14 configuration: - - plain - shared + - plain before_build: - ps: >- If ($env:Platform -Match "x86") { $env:VCVARS_PLATFORM="x86" - $env:TARGET="VC-WIN32" + $env:TARGET="VC-WIN32 no-asm" } Else { $env:VCVARS_PLATFORM="amd64" - $env:TARGET="VC-WIN64A" + $env:TARGET="VC-WIN64A-masm" } - ps: >- If ($env:Configuration -Match "shared") { - $env:SHARED="" + $env:SHARED="no-makedepend" } Else { - $env:SHARED="no-shared" + $env:SHARED="no-shared no-makedepend" } - ps: $env:VSCOMNTOOLS=(Get-Content ("env:VS" + "$env:VSVER" + "0COMNTOOLS")) - call "%VSCOMNTOOLS%\..\..\VC\vcvarsall.bat" %VCVARS_PLATFORM% - mkdir _build - cd _build - - perl ..\Configure %TARGET% no-asm %SHARED% + - perl ..\Configure %TARGET% %SHARED% + - perl configdata.pm --dump - cd .. + - ps: >- + if (-not $env:APPVEYOR_PULL_REQUEST_NUMBER` + -or (&git log -2 | Select-String "\[extended tests\]") ) { + $env:EXTENDED_TESTS="yes" + } build_script: - cd _build - - nmake + - ps: >- + If ($env:Configuration -Match "shared" -or $env:EXTENDED_TESTS) { + cmd /c "nmake build_all_generated 2>&1" + cmd /c "nmake PERL=no-perl 2>&1" + } - cd .. test_script: - cd _build - - nmake test - - mkdir ..\_install - - nmake install DESTDIR=..\_install + - ps: >- + If ($env:Configuration -Match "shared" -or $env:EXTENDED_TESTS) { + if ($env:EXTENDED_TESTS) { + cmd /c "nmake test V=1 2>&1" + } Else { + cmd /c "nmake test V=1 TESTS=-test_fuzz 2>&1" + } + } + - ps: >- + if ($env:EXTENDED_TESTS) { + mkdir ..\_install + cmd /c "nmake install DESTDIR=..\_install 2>&1" + } - cd .. diff --git a/deps/openssl/openssl/build.info b/deps/openssl/openssl/build.info index fa136dc4314362..3dda4e89bf5cc5 100644 --- a/deps/openssl/openssl/build.info +++ b/deps/openssl/openssl/build.info @@ -1,6 +1,14 @@ +{- + our $sover = $config{shlib_version_number}; + our $sover_filename = $sover; + $sover_filename =~ s|\.|_|g + if $config{target} =~ /^mingw/ || $config{target} =~ /^VC-/; + $sover_filename = + sprintf "%02d%02d", split m|\.|, $config{shlib_version_number} + if $config{target} =~ /^vms/; + ""; +-} LIBS=libcrypto libssl -ORDINALS[libcrypto]=crypto -ORDINALS[libssl]=ssl INCLUDE[libcrypto]=. crypto/include include INCLUDE[libssl]=. include DEPEND[libssl]=libcrypto @@ -16,16 +24,70 @@ GENERATE[crypto/include/internal/bn_conf.h]=crypto/include/internal/bn_conf.h.in DEPEND[crypto/include/internal/dso_conf.h]=configdata.pm GENERATE[crypto/include/internal/dso_conf.h]=crypto/include/internal/dso_conf.h.in +IF[{- defined $target{shared_defflag} -}] + IF[{- $config{target} =~ /^mingw/ -}] + GENERATE[libcrypto.def]=util/mkdef.pl crypto 32 + DEPEND[libcrypto.def]=util/libcrypto.num + GENERATE[libssl.def]=util/mkdef.pl ssl 32 + DEPEND[libssl.def]=util/libssl.num + + SHARED_SOURCE[libcrypto]=libcrypto.def + SHARED_SOURCE[libssl]=libssl.def + ELSIF[{- $config{target} =~ /^aix/ -}] + GENERATE[libcrypto.map]=util/mkdef.pl crypto aix + DEPEND[libcrypto.map]=util/libcrypto.num + GENERATE[libssl.map]=util/mkdef.pl ssl aix + DEPEND[libssl.map]=util/libssl.num + + SHARED_SOURCE[libcrypto]=libcrypto.map + SHARED_SOURCE[libssl]=libssl.map + ELSE + GENERATE[libcrypto.map]=util/mkdef.pl crypto linux + DEPEND[libcrypto.map]=util/libcrypto.num + GENERATE[libssl.map]=util/mkdef.pl ssl linux + DEPEND[libssl.map]=util/libssl.num + + SHARED_SOURCE[libcrypto]=libcrypto.map + SHARED_SOURCE[libssl]=libssl.map + ENDIF +ENDIF +# VMS and VC don't have parametrised .def / .symvec generation, so they get +# special treatment, since we know they do use these files +IF[{- $config{target} =~ /^VC-/ -}] + GENERATE[libcrypto.def]=util/mkdef.pl crypto 32 + DEPEND[libcrypto.def]=util/libcrypto.num + GENERATE[libssl.def]=util/mkdef.pl ssl 32 + DEPEND[libssl.def]=util/libssl.num + + SHARED_SOURCE[libcrypto]=libcrypto.def + SHARED_SOURCE[libssl]=libssl.def +ELSIF[{- $config{target} =~ /^vms/ -}] + GENERATE[libcrypto.opt]=util/mkdef.pl crypto "VMS" + DEPEND[libcrypto.opt]=util/libcrypto.num + GENERATE[libssl.opt]=util/mkdef.pl ssl "VMS" + DEPEND[libssl.opt]=util/libssl.num + + SHARED_SOURCE[libcrypto]=libcrypto.opt + SHARED_SOURCE[libssl]=libssl.opt +ENDIF + +IF[{- $config{target} =~ /^(?:Cygwin|mingw|VC-)/ -}] + GENERATE[libcrypto.rc]=util/mkrc.pl libcrypto + GENERATE[libssl.rc]=util/mkrc.pl libssl + + SHARED_SOURCE[libcrypto]=libcrypto.rc + SHARED_SOURCE[libssl]=libssl.rc +ENDIF IF[{- $config{target} =~ /^Cygwin/ -}] - SHARED_NAME[libcrypto]=cygcrypto-{- $config{shlib_major}.".".$config{shlib_minor} -} - SHARED_NAME[libssl]=cygssl-{- $config{shlib_major}.".".$config{shlib_minor} -} + SHARED_NAME[libcrypto]=cygcrypto-{- $sover_filename -} + SHARED_NAME[libssl]=cygssl-{- $sover_filename -} ELSIF[{- $config{target} =~ /^mingw/ -}] - SHARED_NAME[libcrypto]=libcrypto-{- $config{shlib_major}."_".$config{shlib_minor} -}{- $config{target} eq "mingw64" ? "-x64" : "" -} - SHARED_NAME[libssl]=libssl-{- $config{shlib_major}."_".$config{shlib_minor} -}{- $config{target} eq "mingw64" ? "-x64" : "" -} + SHARED_NAME[libcrypto]=libcrypto-{- $sover_filename -}{- $config{target} eq "mingw64" ? "-x64" : "" -} + SHARED_NAME[libssl]=libssl-{- $sover_filename -}{- $config{target} eq "mingw64" ? "-x64" : "" -} ELSIF[{- $config{target} =~ /^VC-/ -}] - SHARED_NAME[libcrypto]=libcrypto-{- $config{shlib_major}."_".$config{shlib_minor} -}{- $target{multilib} -} - SHARED_NAME[libssl]=libssl-{- $config{shlib_major}."_".$config{shlib_minor} -}{- $target{multilib} -} + SHARED_NAME[libcrypto]=libcrypto-{- $sover_filename -}{- $target{multilib} -} + SHARED_NAME[libssl]=libssl-{- $sover_filename -}{- $target{multilib} -} ENDIF # VMS has a cultural standard where all libraries are prefixed. @@ -36,6 +98,6 @@ ENDIF IF[{- $config{target} =~ /^vms/ -}] RENAME[libcrypto]=ossl$libcrypto{- $target{pointer_size} -} RENAME[libssl]=ossl$libssl{- $target{pointer_size} -} - SHARED_NAME[libcrypto]=ossl$libcrypto{- sprintf "%02d%02d", $config{shlib_major}, $config{shlib_minor} -}_shr{- $target{pointer_size} -} - SHARED_NAME[libssl]=ossl$libssl{- sprintf "%02d%02d", $config{shlib_major}, $config{shlib_minor} -}_shr{- $target{pointer_size} -} + SHARED_NAME[libcrypto]=ossl$libcrypto{- $sover_filename -}_shr{- $target{pointer_size} -} + SHARED_NAME[libssl]=ossl$libssl{- $sover_filename -}_shr{- $target{pointer_size} -} ENDIF diff --git a/deps/openssl/openssl/config b/deps/openssl/openssl/config index ef0841d12d292e..b8adf3499953d4 100755 --- a/deps/openssl/openssl/config +++ b/deps/openssl/openssl/config @@ -35,10 +35,20 @@ See INSTALL for instructions. EOF ;; -*) options=$options" $i" ;; +*) i=`echo "$i" | sed -e "s|'|'\\\\\\''|g"` + options="$options '$i'" ;; esac done +# Environment that's being passed to Configure +__CNF_CPPDEFINES= +__CNF_CPPINCLUDES= +__CNF_CPPFLAGS= +__CNF_CFLAGS= +__CNF_CXXFLAGS= +__CNF_LDFLAGS= +__CNF_LDLIBS= + # First get uname entries that we use below [ "$MACHINE" ] || MACHINE=`(uname -m) 2>/dev/null` || MACHINE="unknown" @@ -187,6 +197,10 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in echo "${MACH}-${ARCH}-freebsd${VERS}"; exit 0 ;; + DragonFly:*) + echo "${MACHINE}-whatever-dragonfly"; exit 0 + ;; + FreeBSD:*) echo "${MACHINE}-whatever-freebsd"; exit 0 ;; @@ -226,21 +240,6 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in esac ;; - QNX:*) - case "$RELEASE" in - 4*) - echo "${MACHINE}-whatever-qnx4" - ;; - 6*) - echo "${MACHINE}-whatever-qnx6" - ;; - *) - echo "${MACHINE}-whatever-qnx" - ;; - esac - exit 0 - ;; - Paragon*:*:*:*) echo "i860-intel-osf1"; exit 0 ;; @@ -450,13 +449,6 @@ case "$GUESSOS" in OUT=uClinux-dist ;; mips3-sgi-irix) - #CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'` - #CPU=${CPU:-0} - #if [ $CPU -ge 5000 ]; then - # options="$options -mips4" - #else - # options="$options -mips3" - #fi OUT="irix-mips3-$CC" ;; mips4-sgi-irix64) @@ -466,13 +458,6 @@ case "$GUESSOS" in echo " You have about 5 seconds to press Ctrl-C to abort." (trap "stty `stty -g`; exit 0" 2 0; stty -icanon min 0 time 50; read waste) <&1 fi - #CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'` - #CPU=${CPU:-0} - #if [ $CPU -ge 5000 ]; then - # options="$options -mips4" - #else - # options="$options -mips3" - #fi OUT="irix-mips3-$CC" ;; ppc-apple-rhapsody) OUT="rhapsody-ppc-cc" ;; @@ -498,9 +483,7 @@ case "$GUESSOS" in echo " invoke 'KERNEL_BITS=64 $THERE/config $options'." if [ "$DRYRUN" = "false" -a -t 1 ]; then echo " You have about 5 seconds to press Ctrl-C to abort." - # The stty technique used elsewhere doesn't work on - # MacOS. At least, right now on this Mac. - sleep 5 + (trap "stty `stty -g`; exit 1" 2; stty -icanon min 0 time 50; read waste; exit 0) <&1 || exit fi fi if [ "$ISA64" = "1" -a "$KERNEL_BITS" = "64" ]; then @@ -509,26 +492,18 @@ case "$GUESSOS" in OUT="darwin-i386-cc" fi ;; x86_64-apple-darwin*) - if [ -z "$KERNEL_BITS" ]; then - echo "WARNING! If you wish to build 32-bit library, then you have to" - echo " invoke 'KERNEL_BITS=32 $THERE/config $options'." - if [ "$DRYRUN" = "false" -a -t 1 ]; then - echo " You have about 5 seconds to press Ctrl-C to abort." - # The stty technique used elsewhere doesn't work on - # MacOS. At least, right now on this Mac. - sleep 5 - fi - fi if [ "$KERNEL_BITS" = "32" ]; then OUT="darwin-i386-cc" else OUT="darwin64-x86_64-cc" fi ;; armv6+7-*-iphoneos) - options="$options -arch%20armv6 -arch%20armv7" + __CNF_CFLAGS="$__CNF_CFLAGS -arch%20armv6 -arch%20armv7" + __CNF_CXXFLAGS="$__CNF_CXXFLAGS -arch%20armv6 -arch%20armv7" OUT="iphoneos-cross" ;; *-*-iphoneos) - options="$options -arch%20${MACHINE}" + __CNF_CFLAGS="$__CNF_CFLAGS -arch%20${MACHINE}" + __CNF_CXXFLAGS="$__CNF_CXXFLAGS -arch%20${MACHINE}" OUT="iphoneos-cross" ;; arm64-*-iphoneos|*-*-ios64) OUT="ios64-cross" ;; @@ -540,9 +515,12 @@ case "$GUESSOS" in esac if [ "$CC" = "gcc" ]; then case ${ISA:-generic} in - EV5|EV45) options="$options -mcpu=ev5";; - EV56|PCA56) options="$options -mcpu=ev56";; - *) options="$options -mcpu=ev6";; + EV5|EV45) __CNF_CFLAGS="$__CNF_CFLAGS -mcpu=ev5" + __CNF_CXXFLAGS="$__CNF_CFLAGS -mcpu=ev5";; + EV56|PCA56) __CNF_CFLAGS="$__CNF_CFLAGS -mcpu=ev56" + __CNF_CXXFLAGS="$__CNF_CXXFLAGS -mcpu=ev56";; + *) __CNF_CFLAGS="$__CNF_CFLAGS -mcpu=ev6" + __CNF_CXXFLAGS="$__CNF_CXXFLAGS -mcpu=ev6";; esac fi ;; @@ -559,7 +537,12 @@ case "$GUESSOS" in OUT="linux-ppc64" else OUT="linux-ppc" - (echo "__LP64__" | gcc -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null) || options="$options -m32" + if (echo "__LP64__" | gcc -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null); then + :; + else + __CNF_CFLAGS="$__CNF_CFLAGS -m32" + __CNF_CXXFLAGS="$__CNF_CXXFLAGS -m32" + fi fi ;; ppc64le-*-linux2) OUT="linux-ppc64le" ;; @@ -595,7 +578,8 @@ case "$GUESSOS" in sun4u*) OUT="linux-sparcv9" ;; sun4m) OUT="linux-sparcv8" ;; sun4d) OUT="linux-sparcv8" ;; - *) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;; + *) OUT="linux-generic32"; + __CNF_CPPFLAGS="$__CNF_CPPFLAGS -DB_ENDIAN" ;; esac ;; parisc*-*-linux2) # 64-bit builds under parisc64 linux are not supported and @@ -617,16 +601,25 @@ case "$GUESSOS" in CPUSCHEDULE=`echo $CPUSCHEDULE|sed -e 's/7300LC/7100LC/' -e 's/8.00/8000/'` # Finish Model transformations - options="$options -DB_ENDIAN -mschedule=$CPUSCHEDULE -march=$CPUARCH" + __CNF_CPPFLAGS="$__CNF_CPPFLAGS -DB_ENDIAN" + __CNF_CFLAGS="$__CNF_CFLAGS -mschedule=$CPUSCHEDULE -march=$CPUARCH" + __CNF_CXXFLAGS="$__CNF_CXXFLAGS -mschedule=$CPUSCHEDULE -march=$CPUARCH" OUT="linux-generic32" ;; armv[1-3]*-*-linux2) OUT="linux-generic32" ;; - armv[7-9]*-*-linux2) OUT="linux-armv4"; options="$options -march=armv7-a" ;; + armv[7-9]*-*-linux2) OUT="linux-armv4" + __CNF_CFLAGS="$__CNF_CFLAGS -march=armv7-a" + __CNF_CXXFLAGS="$__CNF_CXXFLAGS -march=armv7-a" + ;; arm*-*-linux2) OUT="linux-armv4" ;; aarch64-*-linux2) OUT="linux-aarch64" ;; - sh*b-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;; - sh*-*-linux2) OUT="linux-generic32"; options="$options -DL_ENDIAN" ;; - m68k*-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;; - s390-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;; + sh*b-*-linux2) OUT="linux-generic32"; + __CNF_CPPFLAGS="$__CNF_CPPFLAGS -DB_ENDIAN" ;; + sh*-*-linux2) OUT="linux-generic32"; + __CNF_CPPFLAGS="$__CNF_CPPFLAGS -DL_ENDIAN" ;; + m68k*-*-linux2) OUT="linux-generic32"; + __CNF_CPPFLAGS="$__CNF_CPPFLAGS -DB_ENDIAN" ;; + s390-*-linux2) OUT="linux-generic32"; + __CNF_CPPFLAGS="$__CNF_CPPFLAGS -DB_ENDIAN" ;; s390x-*-linux2) # To be uncommented when glibc bug is fixed, see Configure... #if egrep -e '^features.* highgprs' /proc/cpuinfo >/dev/null ; then @@ -708,11 +701,15 @@ case "$GUESSOS" in ;; *-*-sunos4) OUT="sunos-$CC" ;; - *86*-*-bsdi4) OUT="BSD-x86-elf"; options="$options no-sse2 -ldl" ;; - alpha*-*-*bsd*) OUT="BSD-generic64"; options="$options -DL_ENDIAN" ;; - powerpc64-*-*bsd*) OUT="BSD-generic64"; options="$options -DB_ENDIAN" ;; + *86*-*-bsdi4) OUT="BSD-x86-elf"; options="$options no-sse2"; + __CNF_LDFLAGS="$__CNF_LDFLAGS -ldl" ;; + alpha*-*-*bsd*) OUT="BSD-generic64"; + __CNF_CPPFLAGS="$__CNF_CPPFLAGS -DL_ENDIAN" ;; + powerpc64-*-*bsd*) OUT="BSD-generic64"; + __CNF_CPPFLAGS="$__CNF_CPPFLAGS -DB_ENDIAN" ;; sparc64-*-*bsd*) OUT="BSD-sparc64" ;; ia64-*-*bsd*) OUT="BSD-ia64" ;; + x86_64-*-dragonfly*) OUT="BSD-x86_64" ;; amd64-*-*bsd*) OUT="BSD-x86_64" ;; *86*-*-*bsd*) # mimic ld behaviour when it's looking for libc... if [ -L /usr/lib/libc.so ]; then # [Free|Net]BSD @@ -736,7 +733,8 @@ case "$GUESSOS" in if [ "$CC" = "gcc" ]; then OUT="unixware-7-gcc" ; options="$options no-sse2" else - OUT="unixware-7" ; options="$options no-sse2 -D__i386__" + OUT="unixware-7" ; options="$options no-sse2" + __CNF_CPPFLAGS="$__CNF_CPPFLAGS -D__i386__" fi ;; *-*-[Uu]nix[Ww]are20*) OUT="unixware-2.0"; options="$options no-sse2 no-sha512" ;; @@ -762,7 +760,11 @@ case "$GUESSOS" in OUT="hpux-ia64-cc" fi elif [ $CPU_VERSION -ge 532 ]; then # PA-RISC 2.x CPU - OUT=${OUT:-"hpux-parisc2-${CC}"} + # PA-RISC 2.0 is no longer supported as separate 32-bit + # target. This is compensated for by run-time detection + # in most critical assembly modules and taking advantage + # of 2.0 architecture in PA-RISC 1.1 build. + OUT=${OUT:-"hpux-parisc1_1-${CC}"} if [ $KERNEL_BITS -eq 64 -a "$CC" = "cc" ]; then echo "WARNING! If you wish to build 64-bit library then you have to" echo " invoke '$THERE/Configure hpux64-parisc2-cc' *manually*." @@ -771,11 +773,6 @@ case "$GUESSOS" in (trap "stty `stty -g`; exit 0" 2 0; stty -icanon min 0 time 50; read waste) <&1 fi fi - # PA-RISC 2.0 is no longer supported as separate 32-bit - # target. This is compensated for by run-time detection - # in most critical assembly modules and taking advantage - # of 2.0 architecture in PA-RISC 1.1 build. - OUT="hpux-parisc1_1-${CC}" elif [ $CPU_VERSION -ge 528 ]; then # PA-RISC 1.1+ CPU OUT="hpux-parisc1_1-${CC}" elif [ $CPU_VERSION -ge 523 ]; then # PA-RISC 1.0 CPU @@ -783,7 +780,7 @@ case "$GUESSOS" in else # Motorola(?) CPU OUT="hpux-$CC" fi - options="$options -D_REENTRANT" ;; + __CNF_CPPFLAGS="$__CNF_CPPFLAGS -D_REENTRANT" ;; *-hpux) OUT="hpux-parisc-$CC" ;; *-aix) [ "$KERNEL_BITS" ] || KERNEL_BITS=`(getconf KERNEL_BITMODE) 2>/dev/null` @@ -818,11 +815,11 @@ case "$GUESSOS" in # these are all covered by the catchall below i[3456]86-*-cygwin) OUT="Cygwin-x86" ;; *-*-cygwin) OUT="Cygwin-${MACHINE}" ;; - x86pc-*-qnx6) OUT="QNX6-i386" ;; - *-*-qnx6) OUT="QNX6" ;; x86-*-android|i?86-*-android) OUT="android-x86" ;; armv[7-9]*-*-android) - OUT="android-armeabi"; options="$options -march=armv7-a" ;; + OUT="android-armeabi" + __CNF_CFLAGS="$__CNF_CFLAGS -march=armv7-a" + __CNF_CXXFLAGS="$__CNF_CXXFLAGS -march=armv7-a";; arm*-*-android) OUT="android-armeabi" ;; *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;; esac @@ -836,19 +833,13 @@ esac # See whether we can compile Atalla support #if [ -f /usr/include/atasi.h ] #then -# options="$options -DATALLA" +# __CNF_CPPFLAGS="$__CNF_CPPFLAGS -DATALLA" #fi if [ -n "$CONFIG_OPTIONS" ]; then options="$options $CONFIG_OPTIONS" fi -if expr "$options" : '.*no\-asm' > /dev/null; then :; else - sh -c "$CROSS_COMPILE${CC:-gcc} -Wa,--help -c -o /tmp/null.$$.o -x assembler /dev/null && rm /tmp/null.$$.o" 2>&1 | \ - grep \\--noexecstack >/dev/null && \ - options="$options -Wa,--noexecstack" -fi - # gcc < 2.8 does not support -march=ultrasparc if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ] then @@ -869,7 +860,7 @@ case "$GUESSOS" in i386-*) options="$options 386" ;; esac -for i in aes bf camellia cast des dh dsa ec hmac idea md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa seed sha +for i in aes aria bf camellia cast des dh dsa ec hmac idea md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa seed sha sm2 sm3 sm4 do if [ ! -d $THERE/crypto/$i ] then @@ -919,16 +910,37 @@ OUT="$OUT" $PERL $THERE/Configure LIST | grep "$OUT" > /dev/null if [ $? = "0" ]; then - echo Configuring for $OUT - if [ "$VERBOSE" = "true" ]; then - echo $PERL $THERE/Configure $OUT $options + echo /usr/bin/env \ + __CNF_CPPDEFINES="'$__CNF_CPPDEFINES'" \ + __CNF_CPPINCLUDES="'$__CNF_CPPINCLUDES'" \ + __CNF_CPPFLAGS="'$__CNF_CPPFLAGS'" \ + __CNF_CFLAGS="'$__CNF_CFLAGS'" \ + __CNF_CXXFLAGS="'$__CNF_CXXFLAGS'" \ + __CNF_LDFLAGS="'$__CNF_LDFLAGS'" \ + __CNF_LDLIBS="'$__CNF_LDLIBS'" \ + $PERL $THERE/Configure $OUT $options fi if [ "$DRYRUN" = "false" ]; then - $PERL $THERE/Configure $OUT $options + # eval to make sure quoted options, possibly with spaces inside, + # are treated right + eval /usr/bin/env \ + __CNF_CPPDEFINES="'$__CNF_CPPDEFINES'" \ + __CNF_CPPINCLUDES="'$__CNF_CPPINCLUDES'" \ + __CNF_CPPFLAGS="'$__CNF_CPPFLAGS'" \ + __CNF_CFLAGS="'$__CNF_CFLAGS'" \ + __CNF_CXXFLAGS="'$__CNF_CXXFLAGS'" \ + __CNF_LDFLAGS="'$__CNF_LDFLAGS'" \ + __CNF_LDLIBS="'$__CNF_LDLIBS'" \ + $PERL $THERE/Configure $OUT $options fi else echo "This system ($OUT) is not supported. See file INSTALL for details." exit 1 fi + +if [ "$OUT" = "darwin64-x86_64-cc" ]; then + echo "WARNING! If you wish to build 32-bit libraries, then you have to" + echo " invoke 'KERNEL_BITS=32 $THERE/config $options'." +fi ) diff --git a/deps/openssl/openssl/crypto/LPdir_nyi.c b/deps/openssl/openssl/crypto/LPdir_nyi.c index 049044c4cae848..b02449f7c04af4 100644 --- a/deps/openssl/openssl/crypto/LPdir_nyi.c +++ b/deps/openssl/openssl/crypto/LPdir_nyi.c @@ -8,6 +8,9 @@ */ /* + * This file is dual-licensed and is also available under the following + * terms: + * * Copyright (c) 2004, Richard Levitte * All rights reserved. * diff --git a/deps/openssl/openssl/crypto/LPdir_unix.c b/deps/openssl/openssl/crypto/LPdir_unix.c index 1bb2940b95ce0b..b1022895c85540 100644 --- a/deps/openssl/openssl/crypto/LPdir_unix.c +++ b/deps/openssl/openssl/crypto/LPdir_unix.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,7 +8,10 @@ */ /* - * Copyright (c) 2004, Richard Levitte + * This file is dual-licensed and is also available under the following + * terms: + * + * Copyright (c) 2004, 2018, Richard Levitte * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -43,9 +46,12 @@ #ifndef LPDIR_H # include "LPdir.h" #endif +#ifdef __VMS +# include +#endif /* - * The POSIXly macro for the maximum number of characters in a file path is + * The POSIX macro for the maximum number of characters in a file path is * NAME_MAX. However, some operating systems use PATH_MAX instead. * Therefore, it seems natural to first check for PATH_MAX and use that, and * if it doesn't exist, use NAME_MAX. @@ -70,6 +76,10 @@ struct LP_dir_context_st { DIR *dir; char entry_name[LP_ENTRY_SIZE + 1]; +#ifdef __VMS + int expect_file_generations; + char previous_entry_name[LP_ENTRY_SIZE + 1]; +#endif }; const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) @@ -90,6 +100,15 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) } memset(*ctx, 0, sizeof(**ctx)); +#ifdef __VMS + { + char c = directory[strlen(directory) - 1]; + + if (c == ']' || c == '>' || c == ':') + (*ctx)->expect_file_generations = 1; + } +#endif + (*ctx)->dir = opendir(directory); if ((*ctx)->dir == NULL) { int save_errno = errno; /* Probably not needed, but I'm paranoid */ @@ -100,6 +119,13 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) } } +#ifdef __VMS + strncpy((*ctx)->previous_entry_name, (*ctx)->entry_name, + sizeof((*ctx)->previous_entry_name)); + + again: +#endif + direntry = readdir((*ctx)->dir); if (direntry == NULL) { return 0; @@ -108,6 +134,18 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) strncpy((*ctx)->entry_name, direntry->d_name, sizeof((*ctx)->entry_name) - 1); (*ctx)->entry_name[sizeof((*ctx)->entry_name) - 1] = '\0'; +#ifdef __VMS + if ((*ctx)->expect_file_generations) { + char *p = (*ctx)->entry_name + strlen((*ctx)->entry_name); + + while(p > (*ctx)->entry_name && isdigit(p[-1])) + p--; + if (p > (*ctx)->entry_name && p[-1] == ';') + p[-1] = '\0'; + if (strcasecmp((*ctx)->entry_name, (*ctx)->previous_entry_name) == 0) + goto again; + } +#endif return (*ctx)->entry_name; } diff --git a/deps/openssl/openssl/crypto/LPdir_vms.c b/deps/openssl/openssl/crypto/LPdir_vms.c index 1a5b60febfbc81..e35363fd661444 100644 --- a/deps/openssl/openssl/crypto/LPdir_vms.c +++ b/deps/openssl/openssl/crypto/LPdir_vms.c @@ -8,6 +8,9 @@ */ /* + * This file is dual-licensed and is also available under the following + * terms: + * * Copyright (c) 2004, Richard Levitte * All rights reserved. * diff --git a/deps/openssl/openssl/crypto/LPdir_win.c b/deps/openssl/openssl/crypto/LPdir_win.c index 8f674d305b74b7..1dc1ef122c0c46 100644 --- a/deps/openssl/openssl/crypto/LPdir_win.c +++ b/deps/openssl/openssl/crypto/LPdir_win.c @@ -8,6 +8,9 @@ */ /* + * This file is dual-licensed and is also available under the following + * terms: + * * Copyright (c) 2004, Richard Levitte * All rights reserved. * diff --git a/deps/openssl/openssl/crypto/LPdir_win32.c b/deps/openssl/openssl/crypto/LPdir_win32.c index 59ed485791faca..edceb98d6f81fd 100644 --- a/deps/openssl/openssl/crypto/LPdir_win32.c +++ b/deps/openssl/openssl/crypto/LPdir_win32.c @@ -8,6 +8,9 @@ */ /* + * This file is dual-licensed and is also available under the following + * terms: + * * Copyright (c) 2004, Richard Levitte * All rights reserved. * diff --git a/deps/openssl/openssl/crypto/LPdir_wince.c b/deps/openssl/openssl/crypto/LPdir_wince.c index dbc10529dc2112..a24e73829289ba 100644 --- a/deps/openssl/openssl/crypto/LPdir_wince.c +++ b/deps/openssl/openssl/crypto/LPdir_wince.c @@ -8,6 +8,9 @@ */ /* + * This file is dual-licensed and is also available under the following + * terms: + * * Copyright (c) 2004, Richard Levitte * All rights reserved. * diff --git a/deps/openssl/openssl/crypto/aes/aes_core.c b/deps/openssl/openssl/crypto/aes/aes_core.c index bd5c7793bec236..f1f11fd8de7bf5 100644 --- a/deps/openssl/openssl/crypto/aes/aes_core.c +++ b/deps/openssl/openssl/crypto/aes/aes_core.c @@ -14,9 +14,9 @@ * * Optimised ANSI C code for the Rijndael cipher (now AES) * - * @author Vincent Rijmen - * @author Antoon Bosselaers - * @author Paulo Barreto + * @author Vincent Rijmen + * @author Antoon Bosselaers + * @author Paulo Barreto * * This code is hereby placed in the public domain. * diff --git a/deps/openssl/openssl/crypto/aes/aes_x86core.c b/deps/openssl/openssl/crypto/aes/aes_x86core.c index 95b49bbabc2842..1b660d716d6c18 100644 --- a/deps/openssl/openssl/crypto/aes/aes_x86core.c +++ b/deps/openssl/openssl/crypto/aes/aes_x86core.c @@ -7,6 +7,14 @@ * https://www.openssl.org/source/license.html */ +/* + * This is experimental x86[_64] derivative. It assumes little-endian + * byte order and expects CPU to sustain unaligned memory references. + * It is used as playground for cache-time attack mitigations and + * serves as reference C implementation for x86[_64] as well as some + * other assembly modules. + */ + /** * rijndael-alg-fst.c * @@ -14,9 +22,9 @@ * * Optimised ANSI C code for the Rijndael cipher (now AES) * - * @author Vincent Rijmen - * @author Antoon Bosselaers - * @author Paulo Barreto + * @author Vincent Rijmen + * @author Antoon Bosselaers + * @author Paulo Barreto * * This code is hereby placed in the public domain. * @@ -33,15 +41,6 @@ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* - * This is experimental x86[_64] derivative. It assumes little-endian - * byte order and expects CPU to sustain unaligned memory references. - * It is used as playground for cache-time attack mitigations and - * serves as reference C implementation for x86[_64] assembler. - * - * - */ - #include diff --git a/deps/openssl/openssl/crypto/aes/asm/aes-586.pl b/deps/openssl/openssl/crypto/aes/asm/aes-586.pl index 1ba356508a42b1..29059edf8b7a6b 100755 --- a/deps/openssl/openssl/crypto/aes/asm/aes-586.pl +++ b/deps/openssl/openssl/crypto/aes/asm/aes-586.pl @@ -8,7 +8,7 @@ # # ==================================================================== -# Written by Andy Polyakov for the OpenSSL +# Written by Andy Polyakov for the OpenSSL # project. The module is, however, dual licensed under OpenSSL and # CRYPTOGAMS licenses depending on where you obtain it. For further # details see http://www.openssl.org/~appro/cryptogams/. @@ -39,7 +39,7 @@ # for scaling too, I [try to] avoid the latter by favoring off-by-2 # shifts and masking the result with 0xFF<<2 instead of "boring" 0xFF. # -# As was shown by Dean Gaudet , the above note turned +# As was shown by Dean Gaudet, the above note turned out to be # void. Performance improvement with off-by-2 shifts was observed on # intermediate implementation, which was spilling yet another register # to stack... Final offset*4 code below runs just a tad faster on P4, @@ -55,8 +55,8 @@ # better performance on most recent µ-archs... # # Third version adds AES_cbc_encrypt implementation, which resulted in -# up to 40% performance imrovement of CBC benchmark results. 40% was -# observed on P4 core, where "overall" imrovement coefficient, i.e. if +# up to 40% performance improvement of CBC benchmark results. 40% was +# observed on P4 core, where "overall" improvement coefficient, i.e. if # compared to PIC generated by GCC and in CBC mode, was observed to be # as large as 4x:-) CBC performance is virtually identical to ECB now # and on some platforms even better, e.g. 17.6 "small" cycles/byte on @@ -123,7 +123,7 @@ # words every cache-line is *guaranteed* to be accessed within ~50 # cycles window. Why just SSE? Because it's needed on hyper-threading # CPU! Which is also why it's prefetched with 64 byte stride. Best -# part is that it has no negative effect on performance:-) +# part is that it has no negative effect on performance:-) # # Version 4.3 implements switch between compact and non-compact block # functions in AES_cbc_encrypt depending on how much data was asked @@ -159,7 +159,7 @@ # combinations then attack becomes infeasible. This is why revised # AES_cbc_encrypt "dares" to switch to larger S-box when larger chunk # of data is to be processed in one stroke. The current size limit of -# 512 bytes is chosen to provide same [diminishigly low] probability +# 512 bytes is chosen to provide same [diminishingly low] probability # for cache-line to remain untouched in large chunk operation with # large S-box as for single block operation with compact S-box and # surely needs more careful consideration... @@ -171,12 +171,12 @@ # yield execution to process performing AES just before timer fires # off the scheduler, immediately regain control of CPU and analyze the # cache state. For this attack to be efficient attacker would have to -# effectively slow down the operation by several *orders* of magnitute, +# effectively slow down the operation by several *orders* of magnitude, # by ratio of time slice to duration of handful of AES rounds, which # unlikely to remain unnoticed. Not to mention that this also means -# that he would spend correspondigly more time to collect enough +# that he would spend correspondingly more time to collect enough # statistical data to mount the attack. It's probably appropriate to -# say that if adeversary reckons that this attack is beneficial and +# say that if adversary reckons that this attack is beneficial and # risks to be noticed, you probably have larger problems having him # mere opportunity. In other words suggested code design expects you # to preclude/mitigate this attack by overall system security design. @@ -202,7 +202,7 @@ open OUT,">$output"; *STDOUT=*OUT; -&asm_init($ARGV[0],"aes-586.pl",$x86only = $ARGV[$#ARGV] eq "386"); +&asm_init($ARGV[0],$x86only = $ARGV[$#ARGV] eq "386"); &static_label("AES_Te"); &static_label("AES_Td"); @@ -240,7 +240,7 @@ # contention and in hope to "collect" 5% back # in real-life applications... -$vertical_spin=0; # shift "verticaly" defaults to 0, because of +$vertical_spin=0; # shift "vertically" defaults to 0, because of # its proof-of-concept status... # Note that there is no decvert(), as well as last encryption round is # performed with "horizontal" shifts. This is because this "vertical" @@ -585,7 +585,7 @@ () # +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ # | mm4 | mm0 | # +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ -# | s3 | s2 | s1 | s0 | +# | s3 | s2 | s1 | s0 | # +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ # |15|14|13|12|11|10| 9| 8| 7| 6| 5| 4| 3| 2| 1| 0| # +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ @@ -805,7 +805,7 @@ () if ($i==3) { $tmp=$s[3]; &mov ($s[2],$__s1); }##%ecx elsif($i==2){ &movz ($tmp,&HB($s[3])); }#%ebx[2] - else { &mov ($tmp,$s[3]); + else { &mov ($tmp,$s[3]); &shr ($tmp,24) } &xor ($out,&DWP(1,$te,$tmp,8)); if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); } @@ -1558,7 +1558,7 @@ () &pxor ("mm1","mm3"); &pxor ("mm5","mm7"); # tp4 &pshufw ("mm3","mm1",0xb1); &pshufw ("mm7","mm5",0xb1); &pxor ("mm0","mm1"); &pxor ("mm4","mm5"); # ^= tp4 - &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= ROTATE(tp4,16) + &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= ROTATE(tp4,16) &pxor ("mm3","mm3"); &pxor ("mm7","mm7"); &pcmpgtb("mm3","mm1"); &pcmpgtb("mm7","mm5"); @@ -1606,7 +1606,7 @@ () # no instructions are reordered, as performance appears # optimal... or rather that all attempts to reorder didn't # result in better performance [which by the way is not a - # bit lower than ecryption]. + # bit lower than encryption]. if($i==3) { &mov ($key,$__key); } else { &mov ($out,$s[0]); } &and ($out,0xFF); @@ -2028,7 +2028,7 @@ () { # stack frame layout # -4(%esp) # return address 0(%esp) -# 0(%esp) # s0 backing store 4(%esp) +# 0(%esp) # s0 backing store 4(%esp) # 4(%esp) # s1 backing store 8(%esp) # 8(%esp) # s2 backing store 12(%esp) # 12(%esp) # s3 backing store 16(%esp) @@ -2738,7 +2738,7 @@ () &mov (&DWP(80,"edi"),10); # setup number of rounds &xor ("eax","eax"); &jmp (&label("exit")); - + &set_label("12rounds"); &mov ("eax",&DWP(0,"esi")); # copy first 6 dwords &mov ("ebx",&DWP(4,"esi")); diff --git a/deps/openssl/openssl/crypto/aes/asm/aes-ia64.S b/deps/openssl/openssl/crypto/aes/asm/aes-ia64.S index f7f1f63c9dfa13..03f79b7ae3b777 100644 --- a/deps/openssl/openssl/crypto/aes/asm/aes-ia64.S +++ b/deps/openssl/openssl/crypto/aes/asm/aes-ia64.S @@ -6,7 +6,7 @@ // https://www.openssl.org/source/license.html // // ==================================================================== -// Written by Andy Polyakov for the OpenSSL +// Written by Andy Polyakov for the OpenSSL // project. Rights for redistribution and usage in source and binary // forms are granted according to the OpenSSL license. // ==================================================================== @@ -33,7 +33,7 @@ // 64 bytes line size and L2 - 128 bytes... .ident "aes-ia64.S, version 1.2" -.ident "IA-64 ISA artwork by Andy Polyakov " +.ident "IA-64 ISA artwork by Andy Polyakov " .explicit .text diff --git a/deps/openssl/openssl/crypto/aes/asm/aes-mips.pl b/deps/openssl/openssl/crypto/aes/asm/aes-mips.pl index 439578d9c2449d..716c3356ead90c 100644 --- a/deps/openssl/openssl/crypto/aes/asm/aes-mips.pl +++ b/deps/openssl/openssl/crypto/aes/asm/aes-mips.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -65,8 +65,8 @@ if ($flavour =~ /64|n32/i) { $PTR_LA="dla"; - $PTR_ADD="dadd"; # incidentally works even on n32 - $PTR_SUB="dsub"; # incidentally works even on n32 + $PTR_ADD="daddu"; # incidentally works even on n32 + $PTR_SUB="dsubu"; # incidentally works even on n32 $PTR_INS="dins"; $REG_S="sd"; $REG_L="ld"; @@ -74,8 +74,8 @@ $SZREG=8; } else { $PTR_LA="la"; - $PTR_ADD="add"; - $PTR_SUB="sub"; + $PTR_ADD="addu"; + $PTR_SUB="subu"; $PTR_INS="ins"; $REG_S="sw"; $REG_L="lw"; @@ -88,7 +88,7 @@ # ###################################################################### -$big_endian=(`echo MIPSEL | $ENV{CC} -E -`=~/MIPSEL/)?1:0 if ($ENV{CC}); +$big_endian=(`echo MIPSEB | $ENV{CC} -E -`=~/MIPSEB/)?0:1 if ($ENV{CC}); for (@ARGV) { $output=$_ if (/\w[\w\-]*\.\w+$/); } open STDOUT,">$output"; @@ -102,15 +102,9 @@ my ($MSB,$LSB)=(0,3); # automatically converted to little-endian $code.=<<___; -.text -#ifdef OPENSSL_FIPSCANISTER -# include -#endif - -#if defined(__mips_smartmips) && !defined(_MIPS_ARCH_MIPS32R2) -#define _MIPS_ARCH_MIPS32R2 -#endif +#include "mips_arch.h" +.text #if !defined(__mips_eabi) && (!defined(__vxworks) || defined(__pic__)) .option pic2 #endif @@ -126,7 +120,7 @@ my ($t0,$t1,$t2,$t3,$t4,$t5,$t6,$t7,$t8,$t9,$t10,$t11) = map("\$$_",(12..23)); my ($key0,$cnt)=($gp,$fp); -# instuction ordering is "stolen" from output from MIPSpro assembler +# instruction ordering is "stolen" from output from MIPSpro assembler # invoked with -mips3 -O3 arguments... $code.=<<___; .align 5 @@ -146,7 +140,7 @@ xor $s2,$t2 xor $s3,$t3 - sub $cnt,1 + subu $cnt,1 #if defined(__mips_smartmips) ext $i0,$s1,16,8 .Loop_enc: @@ -218,7 +212,7 @@ xor $t2,$t6 xor $t3,$t7 - sub $cnt,1 + subu $cnt,1 $PTR_ADD $key0,16 xor $s0,$t0 xor $s1,$t1 @@ -409,7 +403,7 @@ xor $t2,$t6 xor $t3,$t7 - sub $cnt,1 + subu $cnt,1 $PTR_ADD $key0,16 xor $s0,$t0 xor $s1,$t1 @@ -657,6 +651,12 @@ .set reorder $PTR_LA $Tbl,AES_Te # PIC-ified 'load address' +#if defined(_MIPS_ARCH_MIPS32R6) || defined(_MIPS_ARCH_MIPS64R6) + lw $s0,0($inp) + lw $s1,4($inp) + lw $s2,8($inp) + lw $s3,12($inp) +#else lwl $s0,0+$MSB($inp) lwl $s1,4+$MSB($inp) lwl $s2,8+$MSB($inp) @@ -665,9 +665,16 @@ lwr $s1,4+$LSB($inp) lwr $s2,8+$LSB($inp) lwr $s3,12+$LSB($inp) +#endif bal _mips_AES_encrypt +#if defined(_MIPS_ARCH_MIPS32R6) || defined(_MIPS_ARCH_MIPS64R6) + sw $s0,0($out) + sw $s1,4($out) + sw $s2,8($out) + sw $s3,12($out) +#else swr $s0,0+$LSB($out) swr $s1,4+$LSB($out) swr $s2,8+$LSB($out) @@ -676,6 +683,7 @@ swl $s1,4+$MSB($out) swl $s2,8+$MSB($out) swl $s3,12+$MSB($out) +#endif .set noreorder $REG_L $ra,$FRAMESIZE-1*$SZREG($sp) @@ -720,7 +728,7 @@ xor $s2,$t2 xor $s3,$t3 - sub $cnt,1 + subu $cnt,1 #if defined(__mips_smartmips) ext $i0,$s3,16,8 .Loop_dec: @@ -792,7 +800,7 @@ xor $t2,$t6 xor $t3,$t7 - sub $cnt,1 + subu $cnt,1 $PTR_ADD $key0,16 xor $s0,$t0 xor $s1,$t1 @@ -985,7 +993,7 @@ xor $t2,$t6 xor $t3,$t7 - sub $cnt,1 + subu $cnt,1 $PTR_ADD $key0,16 xor $s0,$t0 xor $s1,$t1 @@ -1228,6 +1236,12 @@ .set reorder $PTR_LA $Tbl,AES_Td # PIC-ified 'load address' +#if defined(_MIPS_ARCH_MIPS32R6) || defined(_MIPS_ARCH_MIPS64R6) + lw $s0,0($inp) + lw $s1,4($inp) + lw $s2,8($inp) + lw $s3,12($inp) +#else lwl $s0,0+$MSB($inp) lwl $s1,4+$MSB($inp) lwl $s2,8+$MSB($inp) @@ -1236,9 +1250,16 @@ lwr $s1,4+$LSB($inp) lwr $s2,8+$LSB($inp) lwr $s3,12+$LSB($inp) +#endif bal _mips_AES_decrypt +#if defined(_MIPS_ARCH_MIPS32R6) || defined(_MIPS_ARCH_MIPS64R6) + sw $s0,0($out) + sw $s1,4($out) + sw $s2,8($out) + sw $s3,12($out) +#else swr $s0,0+$LSB($out) swr $s1,4+$LSB($out) swr $s2,8+$LSB($out) @@ -1247,6 +1268,7 @@ swl $s1,4+$MSB($out) swl $s2,8+$MSB($out) swl $s3,12+$MSB($out) +#endif .set noreorder $REG_L $ra,$FRAMESIZE-1*$SZREG($sp) @@ -1295,35 +1317,52 @@ $PTR_ADD $rcon,$Tbl,256 .set reorder +#if defined(_MIPS_ARCH_MIPS32R6) || defined(_MIPS_ARCH_MIPS64R6) + lw $rk0,0($inp) # load 128 bits + lw $rk1,4($inp) + lw $rk2,8($inp) + lw $rk3,12($inp) +#else lwl $rk0,0+$MSB($inp) # load 128 bits lwl $rk1,4+$MSB($inp) lwl $rk2,8+$MSB($inp) lwl $rk3,12+$MSB($inp) - li $at,128 lwr $rk0,0+$LSB($inp) lwr $rk1,4+$LSB($inp) lwr $rk2,8+$LSB($inp) lwr $rk3,12+$LSB($inp) +#endif + li $at,128 .set noreorder beq $bits,$at,.L128bits li $cnt,10 .set reorder +#if defined(_MIPS_ARCH_MIPS32R6) || defined(_MIPS_ARCH_MIPS64R6) + lw $rk4,16($inp) # load 192 bits + lw $rk5,20($inp) +#else lwl $rk4,16+$MSB($inp) # load 192 bits lwl $rk5,20+$MSB($inp) - li $at,192 lwr $rk4,16+$LSB($inp) lwr $rk5,20+$LSB($inp) +#endif + li $at,192 .set noreorder beq $bits,$at,.L192bits li $cnt,8 .set reorder +#if defined(_MIPS_ARCH_MIPS32R6) || defined(_MIPS_ARCH_MIPS64R6) + lw $rk6,24($inp) # load 256 bits + lw $rk7,28($inp) +#else lwl $rk6,24+$MSB($inp) # load 256 bits lwl $rk7,28+$MSB($inp) - li $at,256 lwr $rk6,24+$LSB($inp) lwr $rk7,28+$LSB($inp) +#endif + li $at,256 .set noreorder beq $bits,$at,.L256bits li $cnt,7 @@ -1353,7 +1392,7 @@ sw $rk1,4($key) sw $rk2,8($key) sw $rk3,12($key) - sub $cnt,1 + subu $cnt,1 $PTR_ADD $key,16 _bias $i0,24 @@ -1410,7 +1449,7 @@ sw $rk3,12($key) sw $rk4,16($key) sw $rk5,20($key) - sub $cnt,1 + subu $cnt,1 $PTR_ADD $key,24 _bias $i0,24 @@ -1471,7 +1510,7 @@ sw $rk5,20($key) sw $rk6,24($key) sw $rk7,28($key) - sub $cnt,1 + subu $cnt,1 _bias $i0,24 _bias $i1,16 @@ -1653,7 +1692,7 @@ lw $tp1,16($key) # modulo-scheduled lui $x80808080,0x8080 - sub $cnt,1 + subu $cnt,1 or $x80808080,0x8080 sll $cnt,2 $PTR_ADD $key,16 @@ -1716,7 +1755,7 @@ lw $tp1,4($key) # modulo-scheduled xor $tpe,$tp2 #endif - sub $cnt,1 + subu $cnt,1 sw $tpe,0($key) $PTR_ADD $key,4 bnez $cnt,.Lmix diff --git a/deps/openssl/openssl/crypto/aes/asm/aes-parisc.pl b/deps/openssl/openssl/crypto/aes/asm/aes-parisc.pl index 2c785bc56d5ddd..e817c757f8c282 100644 --- a/deps/openssl/openssl/crypto/aes/asm/aes-parisc.pl +++ b/deps/openssl/openssl/crypto/aes/asm/aes-parisc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -8,7 +8,7 @@ # ==================================================================== -# Written by Andy Polyakov for the OpenSSL +# Written by Andy Polyakov for the OpenSSL # project. The module is, however, dual licensed under OpenSSL and # CRYPTOGAMS licenses depending on where you obtain it. For further # details see http://www.openssl.org/~appro/cryptogams/. @@ -1012,18 +1012,27 @@ .STRINGZ "AES for PA-RISC, CRYPTOGAMS by " ___ +if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` + =~ /GNU assembler/) { + $gnuas = 1; +} + foreach (split("\n",$code)) { s/\`([^\`]*)\`/eval $1/ge; - # translate made up instructons: _ror, _srm + # translate made up instructions: _ror, _srm s/_ror(\s+)(%r[0-9]+),/shd$1$2,$2,/ or s/_srm(\s+%r[0-9]+),([0-9]+),/ $SIZE_T==4 ? sprintf("extru%s,%d,8,",$1,31-$2) : sprintf("extrd,u%s,%d,8,",$1,63-$2)/e; + s/(\.LEVEL\s+2\.0)W/$1w/ if ($gnuas && $SIZE_T==8); + s/\.SPACE\s+\$TEXT\$/.text/ if ($gnuas && $SIZE_T==8); + s/\.SUBSPA.*// if ($gnuas && $SIZE_T==8); s/,\*/,/ if ($SIZE_T==4); s/\bbv\b(.*\(%r2\))/bve$1/ if ($SIZE_T==8); + print $_,"\n"; } close STDOUT; diff --git a/deps/openssl/openssl/crypto/aes/asm/aes-ppc.pl b/deps/openssl/openssl/crypto/aes/asm/aes-ppc.pl index 1558d8e4540607..ca69df4c3e95bd 100644 --- a/deps/openssl/openssl/crypto/aes/asm/aes-ppc.pl +++ b/deps/openssl/openssl/crypto/aes/asm/aes-ppc.pl @@ -8,7 +8,7 @@ # ==================================================================== -# Written by Andy Polyakov for the OpenSSL +# Written by Andy Polyakov for the OpenSSL # project. The module is, however, dual licensed under OpenSSL and # CRYPTOGAMS licenses depending on where you obtain it. For further # details see http://www.openssl.org/~appro/cryptogams/. @@ -1433,10 +1433,10 @@ () xor $s1,$s1,$acc05 xor $s2,$s2,$acc06 xor $s3,$s3,$acc07 - xor $s0,$s0,$acc08 # ^= ROTATE(r8,8) - xor $s1,$s1,$acc09 - xor $s2,$s2,$acc10 - xor $s3,$s3,$acc11 + xor $s0,$s0,$acc08 # ^= ROTATE(r8,8) + xor $s1,$s1,$acc09 + xor $s2,$s2,$acc10 + xor $s3,$s3,$acc11 b Ldec_compact_loop .align 4 diff --git a/deps/openssl/openssl/crypto/aes/asm/aes-s390x.pl b/deps/openssl/openssl/crypto/aes/asm/aes-s390x.pl index fd8a737166f7a0..0c40059066508d 100644 --- a/deps/openssl/openssl/crypto/aes/asm/aes-s390x.pl +++ b/deps/openssl/openssl/crypto/aes/asm/aes-s390x.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -8,7 +8,7 @@ # ==================================================================== -# Written by Andy Polyakov for the OpenSSL +# Written by Andy Polyakov for the OpenSSL # project. The module is, however, dual licensed under OpenSSL and # CRYPTOGAMS licenses depending on where you obtain it. For further # details see http://www.openssl.org/~appro/cryptogams/. @@ -44,7 +44,7 @@ # minimize/avoid Address Generation Interlock hazard and to favour # dual-issue z10 pipeline. This gave ~25% improvement on z10 and # almost 50% on z9. The gain is smaller on z10, because being dual- -# issue z10 makes it improssible to eliminate the interlock condition: +# issue z10 makes it impossible to eliminate the interlock condition: # critial path is not long enough. Yet it spends ~24 cycles per byte # processed with 128-bit key. # @@ -129,6 +129,8 @@ () } $code=<<___; +#include "s390x_arch.h" + .text .type AES_Te,\@object @@ -404,7 +406,7 @@ () or $s1,$t1 or $t2,$i2 or $t3,$i3 - + srlg $i1,$s2,`8-3` # i0 srlg $i2,$s2,`16-3` # i1 nr $i1,$mask @@ -457,7 +459,7 @@ () x $s2,24($key) x $s3,28($key) - br $ra + br $ra .size _s390x_AES_encrypt,.-_s390x_AES_encrypt ___ @@ -779,7 +781,7 @@ () x $s2,24($key) x $s3,28($key) - br $ra + br $ra .size _s390x_AES_decrypt,.-_s390x_AES_decrypt ___ @@ -823,8 +825,8 @@ () larl %r1,OPENSSL_s390xcap_P llihh %r0,0x8000 srlg %r0,%r0,0(%r5) - ng %r0,32(%r1) # check availability of both km... - ng %r0,48(%r1) # ...and kmc support for given key length + ng %r0,S390X_KM(%r1) # check availability of both km... + ng %r0,S390X_KMC(%r1) # ...and kmc support for given key length jz .Lekey_internal lmg %r0,%r1,0($inp) # just copy 128 bits... @@ -1084,7 +1086,7 @@ () lhi $t1,16 cr $t0,$t1 jl .Lgo - oill $t0,0x80 # set "decrypt" bit + oill $t0,S390X_DECRYPT # set "decrypt" bit st $t0,240($key) br $ra ___ @@ -1223,7 +1225,7 @@ () .align 16 .Lkmc_truncated: ahi $key,-1 # it's the way it's encoded in mvc - tmll %r0,0x80 + tmll %r0,S390X_DECRYPT jnz .Lkmc_truncated_dec lghi %r1,0 stg %r1,16*$SIZE_T($sp) @@ -1294,7 +1296,7 @@ () .Lcbc_enc_done: l${g} $ivp,6*$SIZE_T($sp) st $s0,0($ivp) - st $s1,4($ivp) + st $s1,4($ivp) st $s2,8($ivp) st $s3,12($ivp) @@ -1403,7 +1405,61 @@ () clr %r0,%r1 jl .Lctr32_software - stm${g} %r6,$s3,6*$SIZE_T($sp) + st${g} $s2,10*$SIZE_T($sp) + st${g} $s3,11*$SIZE_T($sp) + + clr $len,%r1 # does work even in 64-bit mode + jle .Lctr32_nokma # kma is slower for <= 16 blocks + + larl %r1,OPENSSL_s390xcap_P + lr $s2,%r0 + llihh $s3,0x8000 + srlg $s3,$s3,0($s2) + ng $s3,S390X_KMA(%r1) # check kma capability vector + jz .Lctr32_nokma + + l${g}hi %r1,-$stdframe-112 + l${g}r $s3,$sp + la $sp,0(%r1,$sp) # prepare parameter block + + lhi %r1,0x0600 + sllg $len,$len,4 + or %r0,%r1 # set HS and LAAD flags + + st${g} $s3,0($sp) # backchain + la %r1,$stdframe($sp) + + lmg $s2,$s3,0($key) # copy key + stg $s2,$stdframe+80($sp) + stg $s3,$stdframe+88($sp) + lmg $s2,$s3,16($key) + stg $s2,$stdframe+96($sp) + stg $s3,$stdframe+104($sp) + + lmg $s2,$s3,0($ivp) # copy iv + stg $s2,$stdframe+64($sp) + ahi $s3,-1 # kma requires counter-1 + stg $s3,$stdframe+72($sp) + st $s3,$stdframe+12($sp) # copy counter + + lghi $s2,0 # no AAD + lghi $s3,0 + + .long 0xb929a042 # kma $out,$s2,$inp + brc 1,.-4 # pay attention to "partial completion" + + stg %r0,$stdframe+80($sp) # wipe key + stg %r0,$stdframe+88($sp) + stg %r0,$stdframe+96($sp) + stg %r0,$stdframe+104($sp) + la $sp,$stdframe+112($sp) + + lm${g} $s2,$s3,10*$SIZE_T($sp) + br $ra + +.align 16 +.Lctr32_nokma: + stm${g} %r6,$s1,6*$SIZE_T($sp) slgr $out,$inp la %r1,0($key) # %r1 is permanent copy of $key @@ -1442,7 +1498,7 @@ () larl %r1,OPENSSL_s390xcap_P llihh %r0,0x8000 # check if kmctr supports the function code srlg %r0,%r0,0($s0) - ng %r0,64(%r1) # check kmctr capability vector + ng %r0,S390X_KMCTR(%r1) # check kmctr capability vector lgr %r0,$s0 lgr %r1,$s1 jz .Lctr32_km_loop @@ -1567,8 +1623,8 @@ () } ######################################################################## -# void AES_xts_encrypt(const char *inp,char *out,size_t len, -# const AES_KEY *key1, const AES_KEY *key2, +# void AES_xts_encrypt(const unsigned char *inp, unsigned char *out, +# size_t len, const AES_KEY *key1, const AES_KEY *key2, # const unsigned char iv[16]); # { @@ -1592,7 +1648,7 @@ () larl %r1,OPENSSL_s390xcap_P llihh %r0,0x8000 srlg %r0,%r0,32($s1) # check for 32+function code - ng %r0,32(%r1) # check km capability vector + ng %r0,S390X_KM(%r1) # check km capability vector lgr %r0,$s0 # restore the function code la %r1,0($key1) # restore $key1 jz .Lxts_km_vanilla @@ -1627,7 +1683,7 @@ () llgc $len,2*$SIZE_T-1($sp) nill $len,0x0f # $len%=16 br $ra - + .align 16 .Lxts_km_vanilla: ___ @@ -1854,7 +1910,7 @@ () xgr $s1,%r1 lrvgr $s1,$s1 # flip byte order lrvgr $s3,$s3 - srlg $s0,$s1,32 # smash the tweak to 4x32-bits + srlg $s0,$s1,32 # smash the tweak to 4x32-bits stg $s1,$tweak+0($sp) # save the tweak llgfr $s1,$s1 srlg $s2,$s3,32 @@ -1905,7 +1961,7 @@ () xgr $s1,%r1 lrvgr $s1,$s1 # flip byte order lrvgr $s3,$s3 - srlg $s0,$s1,32 # smash the tweak to 4x32-bits + srlg $s0,$s1,32 # smash the tweak to 4x32-bits stg $s1,$tweak+0($sp) # save the tweak llgfr $s1,$s1 srlg $s2,$s3,32 @@ -1936,8 +1992,8 @@ () br $ra .size AES_xts_encrypt,.-AES_xts_encrypt ___ -# void AES_xts_decrypt(const char *inp,char *out,size_t len, -# const AES_KEY *key1, const AES_KEY *key2, +# void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, +# size_t len, const AES_KEY *key1, const AES_KEY *key2, # const unsigned char iv[16]); # $code.=<<___; @@ -2097,7 +2153,7 @@ () xgr $s1,%r1 lrvgr $s1,$s1 # flip byte order lrvgr $s3,$s3 - srlg $s0,$s1,32 # smash the tweak to 4x32-bits + srlg $s0,$s1,32 # smash the tweak to 4x32-bits stg $s1,$tweak+0($sp) # save the tweak llgfr $s1,$s1 srlg $s2,$s3,32 diff --git a/deps/openssl/openssl/crypto/aes/asm/aes-sparcv9.pl b/deps/openssl/openssl/crypto/aes/asm/aes-sparcv9.pl index 883fae820f8cf0..40d1f94ccd7213 100755 --- a/deps/openssl/openssl/crypto/aes/asm/aes-sparcv9.pl +++ b/deps/openssl/openssl/crypto/aes/asm/aes-sparcv9.pl @@ -8,7 +8,7 @@ # # ==================================================================== -# Written by Andy Polyakov for the OpenSSL +# Written by Andy Polyakov for the OpenSSL # project. Rights for redistribution and usage in source and binary # forms are granted according to the OpenSSL license. # ==================================================================== diff --git a/deps/openssl/openssl/crypto/aes/asm/aes-x86_64.pl b/deps/openssl/openssl/crypto/aes/asm/aes-x86_64.pl index ce4ca30b1a785b..4d1dc9c70199db 100755 --- a/deps/openssl/openssl/crypto/aes/asm/aes-x86_64.pl +++ b/deps/openssl/openssl/crypto/aes/asm/aes-x86_64.pl @@ -8,7 +8,7 @@ # # ==================================================================== -# Written by Andy Polyakov for the OpenSSL +# Written by Andy Polyakov for the OpenSSL # project. The module is, however, dual licensed under OpenSSL and # CRYPTOGAMS licenses depending on where you obtain it. For further # details see http://www.openssl.org/~appro/cryptogams/. @@ -599,15 +599,23 @@ () .hidden asm_AES_encrypt asm_AES_encrypt: AES_encrypt: +.cfi_startproc + mov %rsp,%rax +.cfi_def_cfa_register %rax push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 # allocate frame "above" key schedule - mov %rsp,%r10 lea -63(%rdx),%rcx # %rdx is key argument and \$-64,%rsp sub %rsp,%rcx @@ -617,7 +625,8 @@ () sub \$32,%rsp mov %rsi,16(%rsp) # save out - mov %r10,24(%rsp) # save real stack pointer + mov %rax,24(%rsp) # save original stack pointer +.cfi_cfa_expression %rsp+24,deref,+8 .Lenc_prologue: mov %rdx,$key @@ -644,20 +653,29 @@ () mov 16(%rsp),$out # restore out mov 24(%rsp),%rsi # restore saved stack pointer +.cfi_def_cfa %rsi,8 mov $s0,0($out) # write output vector mov $s1,4($out) mov $s2,8($out) mov $s3,12($out) - mov (%rsi),%r15 - mov 8(%rsi),%r14 - mov 16(%rsi),%r13 - mov 24(%rsi),%r12 - mov 32(%rsi),%rbp - mov 40(%rsi),%rbx - lea 48(%rsi),%rsp + mov -48(%rsi),%r15 +.cfi_restore %r15 + mov -40(%rsi),%r14 +.cfi_restore %r14 + mov -32(%rsi),%r13 +.cfi_restore %r13 + mov -24(%rsi),%r12 +.cfi_restore %r12 + mov -16(%rsi),%rbp +.cfi_restore %rbp + mov -8(%rsi),%rbx +.cfi_restore %rbx + lea (%rsi),%rsp +.cfi_def_cfa_register %rsp .Lenc_epilogue: ret +.cfi_endproc .size AES_encrypt,.-AES_encrypt ___ @@ -1197,15 +1215,23 @@ () .hidden asm_AES_decrypt asm_AES_decrypt: AES_decrypt: +.cfi_startproc + mov %rsp,%rax +.cfi_def_cfa_register %rax push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 # allocate frame "above" key schedule - mov %rsp,%r10 lea -63(%rdx),%rcx # %rdx is key argument and \$-64,%rsp sub %rsp,%rcx @@ -1215,7 +1241,8 @@ () sub \$32,%rsp mov %rsi,16(%rsp) # save out - mov %r10,24(%rsp) # save real stack pointer + mov %rax,24(%rsp) # save original stack pointer +.cfi_cfa_expression %rsp+24,deref,+8 .Ldec_prologue: mov %rdx,$key @@ -1244,20 +1271,29 @@ () mov 16(%rsp),$out # restore out mov 24(%rsp),%rsi # restore saved stack pointer +.cfi_def_cfa %rsi,8 mov $s0,0($out) # write output vector mov $s1,4($out) mov $s2,8($out) mov $s3,12($out) - mov (%rsi),%r15 - mov 8(%rsi),%r14 - mov 16(%rsi),%r13 - mov 24(%rsi),%r12 - mov 32(%rsi),%rbp - mov 40(%rsi),%rbx - lea 48(%rsi),%rsp + mov -48(%rsi),%r15 +.cfi_restore %r15 + mov -40(%rsi),%r14 +.cfi_restore %r14 + mov -32(%rsi),%r13 +.cfi_restore %r13 + mov -24(%rsi),%r12 +.cfi_restore %r12 + mov -16(%rsi),%rbp +.cfi_restore %rbp + mov -8(%rsi),%rbx +.cfi_restore %rbx + lea (%rsi),%rsp +.cfi_def_cfa_register %rsp .Ldec_epilogue: ret +.cfi_endproc .size AES_decrypt,.-AES_decrypt ___ #------------------------------------------------------------------# @@ -1296,22 +1332,34 @@ () .type AES_set_encrypt_key,\@function,3 .align 16 AES_set_encrypt_key: +.cfi_startproc push %rbx +.cfi_push %rbx push %rbp - push %r12 # redundant, but allows to share +.cfi_push %rbp + push %r12 # redundant, but allows to share +.cfi_push %r12 push %r13 # exception handler... +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 sub \$8,%rsp +.cfi_adjust_cfa_offset 8 .Lenc_key_prologue: call _x86_64_AES_set_encrypt_key mov 40(%rsp),%rbp +.cfi_restore %rbp mov 48(%rsp),%rbx +.cfi_restore %rbx add \$56,%rsp +.cfi_adjust_cfa_offset -56 .Lenc_key_epilogue: ret +.cfi_endproc .size AES_set_encrypt_key,.-AES_set_encrypt_key .type _x86_64_AES_set_encrypt_key,\@abi-omnipotent @@ -1424,7 +1472,7 @@ () xor %rax,%rax jmp .Lexit -.L14rounds: +.L14rounds: mov 0(%rsi),%rax # copy first 8 dwords mov 8(%rsi),%rbx mov 16(%rsi),%rcx @@ -1562,13 +1610,21 @@ () .type AES_set_decrypt_key,\@function,3 .align 16 AES_set_decrypt_key: +.cfi_startproc push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 push %rdx # save key schedule +.cfi_adjust_cfa_offset 8 .Ldec_key_prologue: call _x86_64_AES_set_encrypt_key @@ -1622,14 +1678,22 @@ () xor %rax,%rax .Labort: mov 8(%rsp),%r15 +.cfi_restore %r15 mov 16(%rsp),%r14 +.cfi_restore %r14 mov 24(%rsp),%r13 +.cfi_restore %r13 mov 32(%rsp),%r12 +.cfi_restore %r12 mov 40(%rsp),%rbp +.cfi_restore %rbp mov 48(%rsp),%rbx +.cfi_restore %rbx add \$56,%rsp +.cfi_adjust_cfa_offset -56 .Ldec_key_epilogue: ret +.cfi_endproc .size AES_set_decrypt_key,.-AES_set_decrypt_key ___ @@ -1660,25 +1724,32 @@ () .hidden asm_AES_cbc_encrypt asm_AES_cbc_encrypt: AES_cbc_encrypt: +.cfi_startproc cmp \$0,%rdx # check length je .Lcbc_epilogue pushfq +.cfi_push 49 # %rflags push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 .Lcbc_prologue: cld mov %r9d,%r9d # clear upper half of enc lea .LAES_Te(%rip),$sbox + lea .LAES_Td(%rip),%r10 cmp \$0,%r9 - jne .Lcbc_picked_te - lea .LAES_Td(%rip),$sbox -.Lcbc_picked_te: + cmoveq %r10,$sbox mov OPENSSL_ia32cap_P(%rip),%r10d cmp \$$speed_limit,%rdx @@ -1714,8 +1785,10 @@ () .Lcbc_te_ok: xchg %rsp,$key +.cfi_def_cfa_register $key #add \$8,%rsp # reserve for return address! mov $key,$_rsp # save %rsp +.cfi_cfa_expression $_rsp,deref,+64 .Lcbc_fast_body: mov %rdi,$_inp # save copy of inp mov %rsi,$_out # save copy of out @@ -1945,7 +2018,7 @@ () lea ($key,%rax),%rax mov %rax,$keyend - # pick Te4 copy which can't "overlap" with stack frame or key scdedule + # pick Te4 copy which can't "overlap" with stack frame or key schedule lea 2048($sbox),$sbox lea 768-8(%rsp),%rax sub $sbox,%rax @@ -2097,17 +2170,27 @@ () .align 16 .Lcbc_exit: mov $_rsp,%rsi +.cfi_def_cfa %rsi,64 mov (%rsi),%r15 +.cfi_restore %r15 mov 8(%rsi),%r14 +.cfi_restore %r14 mov 16(%rsi),%r13 +.cfi_restore %r13 mov 24(%rsi),%r12 +.cfi_restore %r12 mov 32(%rsi),%rbp +.cfi_restore %rbp mov 40(%rsi),%rbx +.cfi_restore %rbx lea 48(%rsi),%rsp +.cfi_def_cfa %rsp,16 .Lcbc_popfq: popfq +.cfi_pop 49 # %rflags .Lcbc_epilogue: ret +.cfi_endproc .size AES_cbc_encrypt,.-AES_cbc_encrypt ___ } @@ -2580,7 +2663,6 @@ () jae .Lin_block_prologue mov 24(%rax),%rax # pull saved real stack pointer - lea 48(%rax),%rax # adjust... mov -8(%rax),%rbx mov -16(%rax),%rbp diff --git a/deps/openssl/openssl/crypto/aes/asm/aesfx-sparcv9.pl b/deps/openssl/openssl/crypto/aes/asm/aesfx-sparcv9.pl index 04b3cf7116e940..9ddf0b4b00ecbe 100644 --- a/deps/openssl/openssl/crypto/aes/asm/aesfx-sparcv9.pl +++ b/deps/openssl/openssl/crypto/aes/asm/aesfx-sparcv9.pl @@ -22,7 +22,7 @@ # April 2016 # # Add "teaser" CBC and CTR mode-specific subroutines. "Teaser" means -# that parallelizeable nature of CBC decrypt and CTR is not utilized +# that parallelizable nature of CBC decrypt and CTR is not utilized # yet. CBC encrypt on the other hand is as good as it can possibly # get processing one byte in 4.1 cycles with 128-bit key on SPARC64 X. # This is ~6x faster than pure software implementation... diff --git a/deps/openssl/openssl/crypto/aes/asm/aesni-mb-x86_64.pl b/deps/openssl/openssl/crypto/aes/asm/aesni-mb-x86_64.pl index aa2735e06ab247..1f356d2d3fbb61 100644 --- a/deps/openssl/openssl/crypto/aes/asm/aesni-mb-x86_64.pl +++ b/deps/openssl/openssl/crypto/aes/asm/aesni-mb-x86_64.pl @@ -105,6 +105,7 @@ .type aesni_multi_cbc_encrypt,\@function,3 .align 32 aesni_multi_cbc_encrypt: +.cfi_startproc ___ $code.=<<___ if ($avx); cmp \$2,$num @@ -118,12 +119,19 @@ ___ $code.=<<___; mov %rsp,%rax +.cfi_def_cfa_register %rax push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 ___ $code.=<<___ if ($win64); lea -0xa8(%rsp),%rsp @@ -134,7 +142,7 @@ movaps %xmm10,0x40(%rsp) movaps %xmm11,0x50(%rsp) movaps %xmm12,0x60(%rsp) - movaps %xmm13,-0x68(%rax) # not used, saved to share se_handler + movaps %xmm13,-0x68(%rax) # not used, saved to share se_handler movaps %xmm14,-0x58(%rax) movaps %xmm15,-0x48(%rax) ___ @@ -148,6 +156,7 @@ sub \$48,%rsp and \$-64,%rsp mov %rax,16(%rsp) # original %rsp +.cfi_cfa_expression %rsp+16,deref,+8 .Lenc4x_body: movdqu ($key),$zero # 0-round key @@ -308,9 +317,9 @@ movups @out[0],-16(@outptr[0],$offset) pxor @inp[0],@out[0] - movups @out[1],-16(@outptr[1],$offset) + movups @out[1],-16(@outptr[1],$offset) pxor @inp[1],@out[1] - movups @out[2],-16(@outptr[2],$offset) + movups @out[2],-16(@outptr[2],$offset) pxor @inp[2],@out[2] movups @out[3],-16(@outptr[3],$offset) pxor @inp[3],@out[3] @@ -319,6 +328,7 @@ jnz .Loop_enc4x mov 16(%rsp),%rax # original %rsp +.cfi_def_cfa %rax,8 mov 24(%rsp),$num #pxor @inp[0],@out[0] @@ -350,20 +360,29 @@ ___ $code.=<<___; mov -48(%rax),%r15 +.cfi_restore %r15 mov -40(%rax),%r14 +.cfi_restore %r14 mov -32(%rax),%r13 +.cfi_restore %r13 mov -24(%rax),%r12 +.cfi_restore %r12 mov -16(%rax),%rbp +.cfi_restore %rbp mov -8(%rax),%rbx +.cfi_restore %rbx lea (%rax),%rsp +.cfi_def_cfa_register %rsp .Lenc4x_epilogue: ret +.cfi_endproc .size aesni_multi_cbc_encrypt,.-aesni_multi_cbc_encrypt .globl aesni_multi_cbc_decrypt .type aesni_multi_cbc_decrypt,\@function,3 .align 32 aesni_multi_cbc_decrypt: +.cfi_startproc ___ $code.=<<___ if ($avx); cmp \$2,$num @@ -377,12 +396,19 @@ ___ $code.=<<___; mov %rsp,%rax +.cfi_def_cfa_register %rax push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 ___ $code.=<<___ if ($win64); lea -0xa8(%rsp),%rsp @@ -393,7 +419,7 @@ movaps %xmm10,0x40(%rsp) movaps %xmm11,0x50(%rsp) movaps %xmm12,0x60(%rsp) - movaps %xmm13,-0x68(%rax) # not used, saved to share se_handler + movaps %xmm13,-0x68(%rax) # not used, saved to share se_handler movaps %xmm14,-0x58(%rax) movaps %xmm15,-0x48(%rax) ___ @@ -407,6 +433,7 @@ sub \$48,%rsp and \$-64,%rsp mov %rax,16(%rsp) # original %rsp +.cfi_cfa_expression %rsp+16,deref,+8 .Ldec4x_body: movdqu ($key),$zero # 0-round key @@ -563,10 +590,10 @@ movups @out[0],-16(@outptr[0],$offset) movdqu (@inptr[0],$offset),@out[0] - movups @out[1],-16(@outptr[1],$offset) + movups @out[1],-16(@outptr[1],$offset) movdqu (@inptr[1],$offset),@out[1] pxor $zero,@out[0] - movups @out[2],-16(@outptr[2],$offset) + movups @out[2],-16(@outptr[2],$offset) movdqu (@inptr[2],$offset),@out[2] pxor $zero,@out[1] movups @out[3],-16(@outptr[3],$offset) @@ -578,6 +605,7 @@ jnz .Loop_dec4x mov 16(%rsp),%rax # original %rsp +.cfi_def_cfa %rax,8 mov 24(%rsp),$num lea `40*4`($inp),$inp @@ -600,14 +628,22 @@ ___ $code.=<<___; mov -48(%rax),%r15 +.cfi_restore %r15 mov -40(%rax),%r14 +.cfi_restore %r14 mov -32(%rax),%r13 +.cfi_restore %r13 mov -24(%rax),%r12 +.cfi_restore %r12 mov -16(%rax),%rbp +.cfi_restore %rbp mov -8(%rax),%rbx +.cfi_restore %rbx lea (%rax),%rsp +.cfi_def_cfa_register %rsp .Ldec4x_epilogue: ret +.cfi_endproc .size aesni_multi_cbc_decrypt,.-aesni_multi_cbc_decrypt ___ @@ -623,14 +659,22 @@ .type aesni_multi_cbc_encrypt_avx,\@function,3 .align 32 aesni_multi_cbc_encrypt_avx: +.cfi_startproc _avx_cbc_enc_shortcut: mov %rsp,%rax +.cfi_def_cfa_register %rax push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 ___ $code.=<<___ if ($win64); lea -0xa8(%rsp),%rsp @@ -657,6 +701,7 @@ sub \$192,%rsp and \$-128,%rsp mov %rax,16(%rsp) # original %rsp +.cfi_cfa_expression %rsp+16,deref,+8 .Lenc8x_body: vzeroupper @@ -835,10 +880,10 @@ vmovups @out[0],-16(@ptr[0]) # write output sub $offset,@ptr[0] # switch to input vpxor 0x00($offload),@out[0],@out[0] - vmovups @out[1],-16(@ptr[1]) + vmovups @out[1],-16(@ptr[1]) sub `64+1*8`(%rsp),@ptr[1] vpxor 0x10($offload),@out[1],@out[1] - vmovups @out[2],-16(@ptr[2]) + vmovups @out[2],-16(@ptr[2]) sub `64+2*8`(%rsp),@ptr[2] vpxor 0x20($offload),@out[2],@out[2] vmovups @out[3],-16(@ptr[3]) @@ -847,10 +892,10 @@ vmovups @out[4],-16(@ptr[4]) sub `64+4*8`(%rsp),@ptr[4] vpxor @inp[0],@out[4],@out[4] - vmovups @out[5],-16(@ptr[5]) + vmovups @out[5],-16(@ptr[5]) sub `64+5*8`(%rsp),@ptr[5] vpxor @inp[1],@out[5],@out[5] - vmovups @out[6],-16(@ptr[6]) + vmovups @out[6],-16(@ptr[6]) sub `64+6*8`(%rsp),@ptr[6] vpxor @inp[2],@out[6],@out[6] vmovups @out[7],-16(@ptr[7]) @@ -861,6 +906,7 @@ jnz .Loop_enc8x mov 16(%rsp),%rax # original %rsp +.cfi_def_cfa %rax,8 #mov 24(%rsp),$num #lea `40*8`($inp),$inp #dec $num @@ -883,27 +929,43 @@ ___ $code.=<<___; mov -48(%rax),%r15 +.cfi_restore %r15 mov -40(%rax),%r14 +.cfi_restore %r14 mov -32(%rax),%r13 +.cfi_restore %r13 mov -24(%rax),%r12 +.cfi_restore %r12 mov -16(%rax),%rbp +.cfi_restore %rbp mov -8(%rax),%rbx +.cfi_restore %rbx lea (%rax),%rsp +.cfi_def_cfa_register %rsp .Lenc8x_epilogue: ret +.cfi_endproc .size aesni_multi_cbc_encrypt_avx,.-aesni_multi_cbc_encrypt_avx .type aesni_multi_cbc_decrypt_avx,\@function,3 .align 32 aesni_multi_cbc_decrypt_avx: +.cfi_startproc _avx_cbc_dec_shortcut: mov %rsp,%rax +.cfi_def_cfa_register %rax push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 ___ $code.=<<___ if ($win64); lea -0xa8(%rsp),%rsp @@ -932,6 +994,7 @@ and \$-256,%rsp sub \$192,%rsp mov %rax,16(%rsp) # original %rsp +.cfi_cfa_expression %rsp+16,deref,+8 .Ldec8x_body: vzeroupper @@ -1128,12 +1191,12 @@ sub $offset,@ptr[0] # switch to input vmovdqu 128+0(%rsp),@out[0] vpxor 0x70($offload),@out[7],@out[7] - vmovups @out[1],-16(@ptr[1]) + vmovups @out[1],-16(@ptr[1]) sub `64+1*8`(%rsp),@ptr[1] vmovdqu @out[0],0x00($offload) vpxor $zero,@out[0],@out[0] vmovdqu 128+16(%rsp),@out[1] - vmovups @out[2],-16(@ptr[2]) + vmovups @out[2],-16(@ptr[2]) sub `64+2*8`(%rsp),@ptr[2] vmovdqu @out[1],0x10($offload) vpxor $zero,@out[1],@out[1] @@ -1149,11 +1212,11 @@ vpxor $zero,@out[3],@out[3] vmovdqu @inp[0],0x40($offload) vpxor @inp[0],$zero,@out[4] - vmovups @out[5],-16(@ptr[5]) + vmovups @out[5],-16(@ptr[5]) sub `64+5*8`(%rsp),@ptr[5] vmovdqu @inp[1],0x50($offload) vpxor @inp[1],$zero,@out[5] - vmovups @out[6],-16(@ptr[6]) + vmovups @out[6],-16(@ptr[6]) sub `64+6*8`(%rsp),@ptr[6] vmovdqu @inp[2],0x60($offload) vpxor @inp[2],$zero,@out[6] @@ -1167,6 +1230,7 @@ jnz .Loop_dec8x mov 16(%rsp),%rax # original %rsp +.cfi_def_cfa %rax,8 #mov 24(%rsp),$num #lea `40*8`($inp),$inp #dec $num @@ -1189,14 +1253,22 @@ ___ $code.=<<___; mov -48(%rax),%r15 +.cfi_restore %r15 mov -40(%rax),%r14 +.cfi_restore %r14 mov -32(%rax),%r13 +.cfi_restore %r13 mov -24(%rax),%r12 +.cfi_restore %r12 mov -16(%rax),%rbp +.cfi_restore %rbp mov -8(%rax),%rbx +.cfi_restore %rbx lea (%rax),%rsp +.cfi_def_cfa_register %rsp .Ldec8x_epilogue: ret +.cfi_endproc .size aesni_multi_cbc_decrypt_avx,.-aesni_multi_cbc_decrypt_avx ___ }}} @@ -1253,10 +1325,10 @@ mov -48(%rax),%r15 mov %rbx,144($context) # restore context->Rbx mov %rbp,160($context) # restore context->Rbp - mov %r12,216($context) # restore cotnext->R12 - mov %r13,224($context) # restore cotnext->R13 - mov %r14,232($context) # restore cotnext->R14 - mov %r15,240($context) # restore cotnext->R15 + mov %r12,216($context) # restore context->R12 + mov %r13,224($context) # restore context->R13 + mov %r14,232($context) # restore context->R14 + mov %r15,240($context) # restore context->R15 lea -56-10*16(%rax),%rsi lea 512($context),%rdi # &context.Xmm6 diff --git a/deps/openssl/openssl/crypto/aes/asm/aesni-sha1-x86_64.pl b/deps/openssl/openssl/crypto/aes/asm/aesni-sha1-x86_64.pl index 33a7f0cf449f9c..b01a4c55c86aed 100644 --- a/deps/openssl/openssl/crypto/aes/asm/aesni-sha1-x86_64.pl +++ b/deps/openssl/openssl/crypto/aes/asm/aesni-sha1-x86_64.pl @@ -191,16 +191,24 @@ () .type aesni_cbc_sha1_enc_ssse3,\@function,6 .align 32 aesni_cbc_sha1_enc_ssse3: +.cfi_startproc mov `($win64?56:8)`(%rsp),$inp # load 7th argument #shr \$6,$len # debugging artefact #jz .Lepilogue_ssse3 # debugging artefact push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 lea `-104-($win64?10*16:0)`(%rsp),%rsp +.cfi_adjust_cfa_offset `104+($win64?10*16:0)` #mov $in0,$inp # debugging artefact #lea 64(%rsp),$ctx # debugging artefact ___ @@ -726,15 +734,24 @@ () ___ $code.=<<___; lea `104+($win64?10*16:0)`(%rsp),%rsi +.cfi_def_cfa %rsi,56 mov 0(%rsi),%r15 +.cfi_restore %r15 mov 8(%rsi),%r14 +.cfi_restore %r14 mov 16(%rsi),%r13 +.cfi_restore %r13 mov 24(%rsi),%r12 +.cfi_restore %r12 mov 32(%rsi),%rbp +.cfi_restore %rbp mov 40(%rsi),%rbx +.cfi_restore %rbx lea 48(%rsi),%rsp +.cfi_def_cfa %rsp,8 .Lepilogue_ssse3: ret +.cfi_endproc .size aesni_cbc_sha1_enc_ssse3,.-aesni_cbc_sha1_enc_ssse3 ___ @@ -798,7 +815,7 @@ () sub body_20_39_dec () { # b^d^c # on entry @T[0]=b^d return &body_40_59_dec() if ($rx==39); - + my @r=@body_20_39; unshift (@r,@aes256_dec[$rx]) if (@aes256_dec[$rx]); @@ -842,14 +859,22 @@ () .type aesni256_cbc_sha1_dec_ssse3,\@function,6 .align 32 aesni256_cbc_sha1_dec_ssse3: +.cfi_startproc mov `($win64?56:8)`(%rsp),$inp # load 7th argument push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 lea `-104-($win64?10*16:0)`(%rsp),%rsp +.cfi_adjust_cfa_offset `104+($win64?10*16:0)` ___ $code.=<<___ if ($win64); movaps %xmm6,96+0(%rsp) @@ -997,15 +1022,24 @@ () ___ $code.=<<___; lea `104+($win64?10*16:0)`(%rsp),%rsi +.cfi_cfa_def %rsi,56 mov 0(%rsi),%r15 +.cfi_restore %r15 mov 8(%rsi),%r14 +.cfi_restore %r14 mov 16(%rsi),%r13 +.cfi_restore %r13 mov 24(%rsi),%r12 +.cfi_restore %r12 mov 32(%rsi),%rbp +.cfi_restore %rbp mov 40(%rsi),%rbx +.cfi_restore %rbx lea 48(%rsi),%rsp +.cfi_cfa_def %rsp,8 .Lepilogue_dec_ssse3: ret +.cfi_endproc .size aesni256_cbc_sha1_dec_ssse3,.-aesni256_cbc_sha1_dec_ssse3 ___ }}} @@ -1031,16 +1065,24 @@ () .type aesni_cbc_sha1_enc_avx,\@function,6 .align 32 aesni_cbc_sha1_enc_avx: +.cfi_startproc mov `($win64?56:8)`(%rsp),$inp # load 7th argument #shr \$6,$len # debugging artefact #jz .Lepilogue_avx # debugging artefact push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 lea `-104-($win64?10*16:0)`(%rsp),%rsp +.cfi_adjust_cfa_offset `104+($win64?10*16:0)` #mov $in0,$inp # debugging artefact #lea 64(%rsp),$ctx # debugging artefact ___ @@ -1439,15 +1481,24 @@ () ___ $code.=<<___; lea `104+($win64?10*16:0)`(%rsp),%rsi +.cfi_def_cfa %rsi,56 mov 0(%rsi),%r15 +.cfi_restore %r15 mov 8(%rsi),%r14 +.cfi_restore %r14 mov 16(%rsi),%r13 +.cfi_restore %r13 mov 24(%rsi),%r12 +.cfi_restore %r12 mov 32(%rsi),%rbp +.cfi_restore %rbp mov 40(%rsi),%rbx +.cfi_restore %rbx lea 48(%rsi),%rsp +.cfi_def_cfa %rsp,8 .Lepilogue_avx: ret +.cfi_endproc .size aesni_cbc_sha1_enc_avx,.-aesni_cbc_sha1_enc_avx ___ @@ -1496,14 +1547,22 @@ () .type aesni256_cbc_sha1_dec_avx,\@function,6 .align 32 aesni256_cbc_sha1_dec_avx: +.cfi_startproc mov `($win64?56:8)`(%rsp),$inp # load 7th argument push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 lea `-104-($win64?10*16:0)`(%rsp),%rsp +.cfi_adjust_cfa_offset `104+($win64?10*16:0)` ___ $code.=<<___ if ($win64); movaps %xmm6,96+0(%rsp) @@ -1650,15 +1709,24 @@ () ___ $code.=<<___; lea `104+($win64?10*16:0)`(%rsp),%rsi +.cfi_def_cfa %rsi,56 mov 0(%rsi),%r15 +.cfi_restore %r15 mov 8(%rsi),%r14 +.cfi_restore %r14 mov 16(%rsi),%r13 +.cfi_restore %r13 mov 24(%rsi),%r12 +.cfi_restore %r12 mov 32(%rsi),%rbp +.cfi_restore %rbp mov 40(%rsi),%rbx +.cfi_restore %rbx lea 48(%rsi),%rsp +.cfi_def_cfa %rsp,8 .Lepilogue_dec_avx: ret +.cfi_endproc .size aesni256_cbc_sha1_dec_avx,.-aesni256_cbc_sha1_dec_avx ___ }}} diff --git a/deps/openssl/openssl/crypto/aes/asm/aesni-sha256-x86_64.pl b/deps/openssl/openssl/crypto/aes/asm/aesni-sha256-x86_64.pl index 0e49f26fafd51c..ef460237108ec4 100644 --- a/deps/openssl/openssl/crypto/aes/asm/aesni-sha256-x86_64.pl +++ b/deps/openssl/openssl/crypto/aes/asm/aesni-sha256-x86_64.pl @@ -112,7 +112,7 @@ $_ivp="16*$SZ+4*8(%rsp)"; $_ctx="16*$SZ+5*8(%rsp)"; $_in0="16*$SZ+6*8(%rsp)"; -$_rsp="16*$SZ+7*8(%rsp)"; +$_rsp="`16*$SZ+7*8`(%rsp)"; $framesz=16*$SZ+8*8; $code=<<___; @@ -342,15 +342,23 @@ () .type ${func}_xop,\@function,6 .align 64 ${func}_xop: +.cfi_startproc .Lxop_shortcut: mov `($win64?56:8)`(%rsp),$in0 # load 7th parameter + mov %rsp,%rax # copy %rsp +.cfi_def_cfa_register %rax push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 - mov %rsp,%r11 # copy %rsp +.cfi_push %r15 sub \$`$framesz+$win64*16*10`,%rsp and \$-64,%rsp # align stack frame @@ -366,7 +374,8 @@ () mov $ivp,$_ivp mov $ctx,$_ctx mov $in0,$_in0 - mov %r11,$_rsp + mov %rax,$_rsp +.cfi_cfa_expression $_rsp,deref,+8 ___ $code.=<<___ if ($win64); movaps %xmm6,`$framesz+16*0`(%rsp) @@ -604,6 +613,7 @@ () mov $_ivp,$ivp mov $_rsp,%rsi +.cfi_def_cfa %rsi,8 vmovdqu $iv,($ivp) # output IV vzeroall ___ @@ -620,15 +630,23 @@ () movaps `$framesz+16*9`(%rsp),%xmm15 ___ $code.=<<___; - mov (%rsi),%r15 - mov 8(%rsi),%r14 - mov 16(%rsi),%r13 - mov 24(%rsi),%r12 - mov 32(%rsi),%rbp - mov 40(%rsi),%rbx - lea 48(%rsi),%rsp + mov -48(%rsi),%r15 +.cfi_restore %r15 + mov -40(%rsi),%r14 +.cfi_restore %r14 + mov -32(%rsi),%r13 +.cfi_restore %r13 + mov -24(%rsi),%r12 +.cfi_restore %r12 + mov -16(%rsi),%rbp +.cfi_restore %rbp + mov -8(%rsi),%rbx +.cfi_restore %rbx + lea (%rsi),%rsp +.cfi_def_cfa_register %rsp .Lepilogue_xop: ret +.cfi_endproc .size ${func}_xop,.-${func}_xop ___ ###################################################################### @@ -640,15 +658,23 @@ () .type ${func}_avx,\@function,6 .align 64 ${func}_avx: +.cfi_startproc .Lavx_shortcut: mov `($win64?56:8)`(%rsp),$in0 # load 7th parameter + mov %rsp,%rax # copy %rsp +.cfi_def_cfa_register %rax push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 - mov %rsp,%r11 # copy %rsp +.cfi_push %r15 sub \$`$framesz+$win64*16*10`,%rsp and \$-64,%rsp # align stack frame @@ -664,7 +690,8 @@ () mov $ivp,$_ivp mov $ctx,$_ctx mov $in0,$_in0 - mov %r11,$_rsp + mov %rax,$_rsp +.cfi_cfa_expression $_rsp,deref,+8 ___ $code.=<<___ if ($win64); movaps %xmm6,`$framesz+16*0`(%rsp) @@ -855,6 +882,7 @@ () mov $_ivp,$ivp mov $_rsp,%rsi +.cfi_def_cfa %rsi,8 vmovdqu $iv,($ivp) # output IV vzeroall ___ @@ -871,15 +899,23 @@ () movaps `$framesz+16*9`(%rsp),%xmm15 ___ $code.=<<___; - mov (%rsi),%r15 - mov 8(%rsi),%r14 - mov 16(%rsi),%r13 - mov 24(%rsi),%r12 - mov 32(%rsi),%rbp - mov 40(%rsi),%rbx - lea 48(%rsi),%rsp + mov -48(%rsi),%r15 +.cfi_restore %r15 + mov -40(%rsi),%r14 +.cfi_restore %r14 + mov -32(%rsi),%r13 +.cfi_restore %r13 + mov -24(%rsi),%r12 +.cfi_restore %r12 + mov -16(%rsi),%rbp +.cfi_restore %rbp + mov -8(%rsi),%rbx +.cfi_restore %rbx + lea (%rsi),%rsp +.cfi_def_cfa_register %rsp .Lepilogue_avx: ret +.cfi_endproc .size ${func}_avx,.-${func}_avx ___ @@ -887,7 +923,7 @@ () ###################################################################### # AVX2+BMI code path # -my $a5=$SZ==4?"%esi":"%rsi"; # zap $inp +my $a5=$SZ==4?"%esi":"%rsi"; # zap $inp my $PUSH8=8*2*$SZ; use integer; @@ -936,15 +972,23 @@ () .type ${func}_avx2,\@function,6 .align 64 ${func}_avx2: +.cfi_startproc .Lavx2_shortcut: mov `($win64?56:8)`(%rsp),$in0 # load 7th parameter + mov %rsp,%rax # copy %rsp +.cfi_def_cfa_register %rax push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 - mov %rsp,%r11 # copy %rsp +.cfi_push %r15 sub \$`2*$SZ*$rounds+8*8+$win64*16*10`,%rsp and \$-256*$SZ,%rsp # align stack frame add \$`2*$SZ*($rounds-8)`,%rsp @@ -961,7 +1005,8 @@ () mov $ivp,$_ivp mov $ctx,$_ctx mov $in0,$_in0 - mov %r11,$_rsp + mov %rax,$_rsp +.cfi_cfa_expression $_rsp,deref,+8 ___ $code.=<<___ if ($win64); movaps %xmm6,`$framesz+16*0`(%rsp) @@ -1192,6 +1237,7 @@ () lea ($Tbl),%rsp mov $_ivp,$ivp mov $_rsp,%rsi +.cfi_def_cfa %rsi,8 vmovdqu $iv,($ivp) # output IV vzeroall ___ @@ -1208,15 +1254,23 @@ () movaps `$framesz+16*9`(%rsp),%xmm15 ___ $code.=<<___; - mov (%rsi),%r15 - mov 8(%rsi),%r14 - mov 16(%rsi),%r13 - mov 24(%rsi),%r12 - mov 32(%rsi),%rbp - mov 40(%rsi),%rbx - lea 48(%rsi),%rsp + mov -48(%rsi),%r15 +.cfi_restore %r15 + mov -40(%rsi),%r14 +.cfi_restore %r14 + mov -32(%rsi),%r13 +.cfi_restore %r13 + mov -24(%rsi),%r12 +.cfi_restore %r12 + mov -16(%rsi),%rbp +.cfi_restore %rbp + mov -8(%rsi),%rbx +.cfi_restore %rbx + lea (%rsi),%rsp +.cfi_def_cfa_register %rsp .Lepilogue_avx2: ret +.cfi_endproc .size ${func}_avx2,.-${func}_avx2 ___ }} @@ -1573,7 +1627,6 @@ () $code.=<<___; mov %rax,%rsi # put aside Rsp mov 16*$SZ+7*8(%rax),%rax # pull $_rsp - lea 48(%rax),%rax mov -8(%rax),%rbx mov -16(%rax),%rbp diff --git a/deps/openssl/openssl/crypto/aes/asm/aesni-x86.pl b/deps/openssl/openssl/crypto/aes/asm/aesni-x86.pl index ed1a47c30cd161..b351fca28e023f 100644 --- a/deps/openssl/openssl/crypto/aes/asm/aesni-x86.pl +++ b/deps/openssl/openssl/crypto/aes/asm/aesni-x86.pl @@ -62,7 +62,9 @@ # Westmere 3.77/1.37 1.37 1.52 1.27 # * Bridge 5.07/0.98 0.99 1.09 0.91 1.10 # Haswell 4.44/0.80 0.97 1.03 0.72 0.76 +# Skylake 2.68/0.65 0.65 0.66 0.64 0.66 # Silvermont 5.77/3.56 3.67 4.03 3.46 4.03 +# Goldmont 3.84/1.39 1.39 1.63 1.31 1.70 # Bulldozer 5.80/0.98 1.05 1.24 0.93 1.23 $PREFIX="aesni"; # if $PREFIX is set to "AES", the script @@ -78,7 +80,7 @@ open OUT,">$output"; *STDOUT=*OUT; -&asm_init($ARGV[0],$0); +&asm_init($ARGV[0]); &external_label("OPENSSL_ia32cap_P"); &static_label("key_const"); @@ -237,7 +239,7 @@ sub aesni_generate1 # fully unrolled loop # can schedule aes[enc|dec] every cycle optimal interleave factor # equals to corresponding instructions latency. 8x is optimal for # * Bridge, but it's unfeasible to accommodate such implementation -# in XMM registers addreassable in 32-bit mode and therefore maximum +# in XMM registers addressable in 32-bit mode and therefore maximum # of 6x is used instead... sub aesni_generate2 @@ -1051,7 +1053,7 @@ sub aesni_generate6 &set_label("ctr32_one_shortcut",16); &movups ($inout0,&QWP(0,$rounds_)); # load ivec &mov ($rounds,&DWP(240,$key)); - + &set_label("ctr32_one"); if ($inline) { &aesni_inline_generate1("enc"); } diff --git a/deps/openssl/openssl/crypto/aes/asm/aesni-x86_64.pl b/deps/openssl/openssl/crypto/aes/asm/aesni-x86_64.pl index 98ca17991d8fb4..2a202c53e5f841 100644 --- a/deps/openssl/openssl/crypto/aes/asm/aesni-x86_64.pl +++ b/deps/openssl/openssl/crypto/aes/asm/aesni-x86_64.pl @@ -34,7 +34,7 @@ # ECB 4.25/4.25 1.38/1.38 1.28/1.28 1.26/1.26 1.26/1.26 # CTR 5.42/5.42 1.92/1.92 1.44/1.44 1.28/1.28 1.26/1.26 # CBC 4.38/4.43 4.15/1.43 4.07/1.32 4.07/1.29 4.06/1.28 -# CCM 5.66/9.42 4.42/5.41 4.16/4.40 4.09/4.15 4.06/4.07 +# CCM 5.66/9.42 4.42/5.41 4.16/4.40 4.09/4.15 4.06/4.07 # OFB 5.42/5.42 4.64/4.64 4.44/4.44 4.39/4.39 4.38/4.38 # CFB 5.73/5.85 5.56/5.62 5.48/5.56 5.47/5.55 5.47/5.55 # @@ -60,7 +60,7 @@ # identical to CBC, because CBC-MAC is essentially CBC encrypt without # saving output. CCM CTR "stays invisible," because it's neatly # interleaved wih CBC-MAC. This provides ~30% improvement over -# "straghtforward" CCM implementation with CTR and CBC-MAC performed +# "straightforward" CCM implementation with CTR and CBC-MAC performed # disjointly. Parallelizable modes practically achieve the theoretical # limit. # @@ -118,7 +118,7 @@ # performance is achieved by interleaving instructions working on # independent blocks. In which case asymptotic limit for such modes # can be obtained by dividing above mentioned numbers by AES -# instructions' interleave factor. Westmere can execute at most 3 +# instructions' interleave factor. Westmere can execute at most 3 # instructions at a time, meaning that optimal interleave factor is 3, # and that's where the "magic" number of 1.25 come from. "Optimal # interleave factor" means that increase of interleave factor does @@ -143,14 +143,14 @@ # asymptotic, if it can be surpassed, isn't it? What happens there? # Rewind to CBC paragraph for the answer. Yes, out-of-order execution # magic is responsible for this. Processor overlaps not only the -# additional instructions with AES ones, but even AES instuctions +# additional instructions with AES ones, but even AES instructions # processing adjacent triplets of independent blocks. In the 6x case # additional instructions still claim disproportionally small amount # of additional cycles, but in 8x case number of instructions must be # a tad too high for out-of-order logic to cope with, and AES unit # remains underutilized... As you can see 8x interleave is hardly # justifiable, so there no need to feel bad that 32-bit aesni-x86.pl -# utilizies 6x interleave because of limited register bank capacity. +# utilizes 6x interleave because of limited register bank capacity. # # Higher interleave factors do have negative impact on Westmere # performance. While for ECB mode it's negligible ~1.5%, other @@ -179,8 +179,10 @@ # Haswell 4.44/0.63 0.63 0.73 0.63 0.70 # Skylake 2.62/0.63 0.63 0.63 0.63 # Silvermont 5.75/3.54 3.56 4.12 3.87(*) 4.11 +# Knights L 2.54/0.77 0.78 0.85 - 1.50 # Goldmont 3.82/1.26 1.26 1.29 1.29 1.50 # Bulldozer 5.77/0.70 0.72 0.90 0.70 0.95 +# Ryzen 2.71/0.35 0.35 0.44 0.38 0.49 # # (*) Atom Silvermont ECB result is suboptimal because of penalties # incurred by operations on %xmm8-15. As ECB is not considered @@ -313,7 +315,7 @@ sub aesni_generate1 { # on 2x subroutine on Atom Silvermont account. For processors that # can schedule aes[enc|dec] every cycle optimal interleave factor # equals to corresponding instructions latency. 8x is optimal for -# * Bridge and "super-optimal" for other Intel CPUs... +# * Bridge and "super-optimal" for other Intel CPUs... sub aesni_generate2 { my $dir=shift; @@ -1172,7 +1174,7 @@ sub aesni_generate8 { # with zero-round key xor. { my ($in0,$in1,$in2,$in3,$in4,$in5)=map("%xmm$_",(10..15)); -my ($key0,$ctr)=("${key_}d","${ivp}d"); +my ($key0,$ctr)=("%ebp","${ivp}d"); my $frame_size = 0x80 + ($win64?160:0); $code.=<<___; @@ -1180,6 +1182,7 @@ sub aesni_generate8 { .type aesni_ctr32_encrypt_blocks,\@function,5 .align 16 aesni_ctr32_encrypt_blocks: +.cfi_startproc cmp \$1,$len jne .Lctr32_bulk @@ -1201,26 +1204,27 @@ sub aesni_generate8 { .align 16 .Lctr32_bulk: - lea (%rsp),%rax + lea (%rsp),$key_ # use $key_ as frame pointer +.cfi_def_cfa_register $key_ push %rbp +.cfi_push %rbp sub \$$frame_size,%rsp and \$-16,%rsp # Linux kernel stack can be incorrectly seeded ___ $code.=<<___ if ($win64); - movaps %xmm6,-0xa8(%rax) # offload everything - movaps %xmm7,-0x98(%rax) - movaps %xmm8,-0x88(%rax) - movaps %xmm9,-0x78(%rax) - movaps %xmm10,-0x68(%rax) - movaps %xmm11,-0x58(%rax) - movaps %xmm12,-0x48(%rax) - movaps %xmm13,-0x38(%rax) - movaps %xmm14,-0x28(%rax) - movaps %xmm15,-0x18(%rax) + movaps %xmm6,-0xa8($key_) # offload everything + movaps %xmm7,-0x98($key_) + movaps %xmm8,-0x88($key_) + movaps %xmm9,-0x78($key_) + movaps %xmm10,-0x68($key_) + movaps %xmm11,-0x58($key_) + movaps %xmm12,-0x48($key_) + movaps %xmm13,-0x38($key_) + movaps %xmm14,-0x28($key_) + movaps %xmm15,-0x18($key_) .Lctr32_body: ___ $code.=<<___; - lea -8(%rax),%rbp # 8 16-byte words on top of stack are counter values # xor-ed with zero-round key @@ -1272,7 +1276,7 @@ sub aesni_generate8 { lea 7($ctr),%r9 mov %r10d,0x60+12(%rsp) bswap %r9d - mov OPENSSL_ia32cap_P+4(%rip),%r10d + mov OPENSSL_ia32cap_P+4(%rip),%r10d xor $key0,%r9d and \$`1<<26|1<<22`,%r10d # isolate XSAVE+MOVBE mov %r9d,0x70+12(%rsp) @@ -1546,13 +1550,13 @@ sub aesni_generate8 { sub \$8,$len jnc .Lctr32_loop8 # loop if $len-=8 didn't borrow - add \$8,$len # restore real remainig $len + add \$8,$len # restore real remaining $len jz .Lctr32_done # done if ($len==0) lea -0x80($key),$key .Lctr32_tail: # note that at this point $inout0..5 are populated with - # counter values xor-ed with 0-round key + # counter values xor-ed with 0-round key lea 16($key),$key cmp \$4,$len jb .Lctr32_loop3 @@ -1663,7 +1667,7 @@ sub aesni_generate8 { movups $inout2,0x20($out) # $len was 3, stop store .Lctr32_done: - xorps %xmm0,%xmm0 # clear regiser bank + xorps %xmm0,%xmm0 # clear register bank xor $key0,$key0 pxor %xmm1,%xmm1 pxor %xmm2,%xmm2 @@ -1692,26 +1696,26 @@ sub aesni_generate8 { pxor %xmm15,%xmm15 ___ $code.=<<___ if ($win64); - movaps -0xa0(%rbp),%xmm6 - movaps %xmm0,-0xa0(%rbp) # clear stack - movaps -0x90(%rbp),%xmm7 - movaps %xmm0,-0x90(%rbp) - movaps -0x80(%rbp),%xmm8 - movaps %xmm0,-0x80(%rbp) - movaps -0x70(%rbp),%xmm9 - movaps %xmm0,-0x70(%rbp) - movaps -0x60(%rbp),%xmm10 - movaps %xmm0,-0x60(%rbp) - movaps -0x50(%rbp),%xmm11 - movaps %xmm0,-0x50(%rbp) - movaps -0x40(%rbp),%xmm12 - movaps %xmm0,-0x40(%rbp) - movaps -0x30(%rbp),%xmm13 - movaps %xmm0,-0x30(%rbp) - movaps -0x20(%rbp),%xmm14 - movaps %xmm0,-0x20(%rbp) - movaps -0x10(%rbp),%xmm15 - movaps %xmm0,-0x10(%rbp) + movaps -0xa8($key_),%xmm6 + movaps %xmm0,-0xa8($key_) # clear stack + movaps -0x98($key_),%xmm7 + movaps %xmm0,-0x98($key_) + movaps -0x88($key_),%xmm8 + movaps %xmm0,-0x88($key_) + movaps -0x78($key_),%xmm9 + movaps %xmm0,-0x78($key_) + movaps -0x68($key_),%xmm10 + movaps %xmm0,-0x68($key_) + movaps -0x58($key_),%xmm11 + movaps %xmm0,-0x58($key_) + movaps -0x48($key_),%xmm12 + movaps %xmm0,-0x48($key_) + movaps -0x38($key_),%xmm13 + movaps %xmm0,-0x38($key_) + movaps -0x28($key_),%xmm14 + movaps %xmm0,-0x28($key_) + movaps -0x18($key_),%xmm15 + movaps %xmm0,-0x18($key_) movaps %xmm0,0x00(%rsp) movaps %xmm0,0x10(%rsp) movaps %xmm0,0x20(%rsp) @@ -1722,10 +1726,13 @@ sub aesni_generate8 { movaps %xmm0,0x70(%rsp) ___ $code.=<<___; - lea (%rbp),%rsp - pop %rbp + mov -8($key_),%rbp +.cfi_restore %rbp + lea ($key_),%rsp +.cfi_def_cfa_register %rsp .Lctr32_epilogue: ret +.cfi_endproc .size aesni_ctr32_encrypt_blocks,.-aesni_ctr32_encrypt_blocks ___ } @@ -1740,32 +1747,35 @@ sub aesni_generate8 { my ($twmask,$twres,$twtmp)=("%xmm8","%xmm9",@tweak[4]); my ($key2,$ivp,$len_)=("%r8","%r9","%r9"); my $frame_size = 0x70 + ($win64?160:0); +my $key_ = "%rbp"; # override so that we can use %r11 as FP $code.=<<___; .globl aesni_xts_encrypt .type aesni_xts_encrypt,\@function,6 .align 16 aesni_xts_encrypt: - lea (%rsp),%rax +.cfi_startproc + lea (%rsp),%r11 # frame pointer +.cfi_def_cfa_register %r11 push %rbp +.cfi_push %rbp sub \$$frame_size,%rsp and \$-16,%rsp # Linux kernel stack can be incorrectly seeded ___ $code.=<<___ if ($win64); - movaps %xmm6,-0xa8(%rax) # offload everything - movaps %xmm7,-0x98(%rax) - movaps %xmm8,-0x88(%rax) - movaps %xmm9,-0x78(%rax) - movaps %xmm10,-0x68(%rax) - movaps %xmm11,-0x58(%rax) - movaps %xmm12,-0x48(%rax) - movaps %xmm13,-0x38(%rax) - movaps %xmm14,-0x28(%rax) - movaps %xmm15,-0x18(%rax) + movaps %xmm6,-0xa8(%r11) # offload everything + movaps %xmm7,-0x98(%r11) + movaps %xmm8,-0x88(%r11) + movaps %xmm9,-0x78(%r11) + movaps %xmm10,-0x68(%r11) + movaps %xmm11,-0x58(%r11) + movaps %xmm12,-0x48(%r11) + movaps %xmm13,-0x38(%r11) + movaps %xmm14,-0x28(%r11) + movaps %xmm15,-0x18(%r11) .Lxts_enc_body: ___ $code.=<<___; - lea -8(%rax),%rbp movups ($ivp),$inout0 # load clear-text tweak mov 240(%r8),$rounds # key2->rounds mov 240($key),$rnds_ # key1->rounds @@ -1846,7 +1856,7 @@ sub aesni_generate8 { lea `16*6`($inp),$inp pxor $twmask,$inout5 - pxor $twres,@tweak[0] # calclulate tweaks^round[last] + pxor $twres,@tweak[0] # calculate tweaks^round[last] aesenc $rndkey1,$inout4 pxor $twres,@tweak[1] movdqa @tweak[0],`16*0`(%rsp) # put aside tweaks^round[last] @@ -2183,26 +2193,26 @@ sub aesni_generate8 { pxor %xmm15,%xmm15 ___ $code.=<<___ if ($win64); - movaps -0xa0(%rbp),%xmm6 - movaps %xmm0,-0xa0(%rbp) # clear stack - movaps -0x90(%rbp),%xmm7 - movaps %xmm0,-0x90(%rbp) - movaps -0x80(%rbp),%xmm8 - movaps %xmm0,-0x80(%rbp) - movaps -0x70(%rbp),%xmm9 - movaps %xmm0,-0x70(%rbp) - movaps -0x60(%rbp),%xmm10 - movaps %xmm0,-0x60(%rbp) - movaps -0x50(%rbp),%xmm11 - movaps %xmm0,-0x50(%rbp) - movaps -0x40(%rbp),%xmm12 - movaps %xmm0,-0x40(%rbp) - movaps -0x30(%rbp),%xmm13 - movaps %xmm0,-0x30(%rbp) - movaps -0x20(%rbp),%xmm14 - movaps %xmm0,-0x20(%rbp) - movaps -0x10(%rbp),%xmm15 - movaps %xmm0,-0x10(%rbp) + movaps -0xa8(%r11),%xmm6 + movaps %xmm0,-0xa8(%r11) # clear stack + movaps -0x98(%r11),%xmm7 + movaps %xmm0,-0x98(%r11) + movaps -0x88(%r11),%xmm8 + movaps %xmm0,-0x88(%r11) + movaps -0x78(%r11),%xmm9 + movaps %xmm0,-0x78(%r11) + movaps -0x68(%r11),%xmm10 + movaps %xmm0,-0x68(%r11) + movaps -0x58(%r11),%xmm11 + movaps %xmm0,-0x58(%r11) + movaps -0x48(%r11),%xmm12 + movaps %xmm0,-0x48(%r11) + movaps -0x38(%r11),%xmm13 + movaps %xmm0,-0x38(%r11) + movaps -0x28(%r11),%xmm14 + movaps %xmm0,-0x28(%r11) + movaps -0x18(%r11),%xmm15 + movaps %xmm0,-0x18(%r11) movaps %xmm0,0x00(%rsp) movaps %xmm0,0x10(%rsp) movaps %xmm0,0x20(%rsp) @@ -2212,10 +2222,13 @@ sub aesni_generate8 { movaps %xmm0,0x60(%rsp) ___ $code.=<<___; - lea (%rbp),%rsp - pop %rbp + mov -8(%r11),%rbp +.cfi_restore %rbp + lea (%r11),%rsp +.cfi_def_cfa_register %rsp .Lxts_enc_epilogue: ret +.cfi_endproc .size aesni_xts_encrypt,.-aesni_xts_encrypt ___ @@ -2224,26 +2237,28 @@ sub aesni_generate8 { .type aesni_xts_decrypt,\@function,6 .align 16 aesni_xts_decrypt: - lea (%rsp),%rax +.cfi_startproc + lea (%rsp),%r11 # frame pointer +.cfi_def_cfa_register %r11 push %rbp +.cfi_push %rbp sub \$$frame_size,%rsp and \$-16,%rsp # Linux kernel stack can be incorrectly seeded ___ $code.=<<___ if ($win64); - movaps %xmm6,-0xa8(%rax) # offload everything - movaps %xmm7,-0x98(%rax) - movaps %xmm8,-0x88(%rax) - movaps %xmm9,-0x78(%rax) - movaps %xmm10,-0x68(%rax) - movaps %xmm11,-0x58(%rax) - movaps %xmm12,-0x48(%rax) - movaps %xmm13,-0x38(%rax) - movaps %xmm14,-0x28(%rax) - movaps %xmm15,-0x18(%rax) + movaps %xmm6,-0xa8(%r11) # offload everything + movaps %xmm7,-0x98(%r11) + movaps %xmm8,-0x88(%r11) + movaps %xmm9,-0x78(%r11) + movaps %xmm10,-0x68(%r11) + movaps %xmm11,-0x58(%r11) + movaps %xmm12,-0x48(%r11) + movaps %xmm13,-0x38(%r11) + movaps %xmm14,-0x28(%r11) + movaps %xmm15,-0x18(%r11) .Lxts_dec_body: ___ $code.=<<___; - lea -8(%rax),%rbp movups ($ivp),$inout0 # load clear-text tweak mov 240($key2),$rounds # key2->rounds mov 240($key),$rnds_ # key1->rounds @@ -2327,7 +2342,7 @@ sub aesni_generate8 { lea `16*6`($inp),$inp pxor $twmask,$inout5 - pxor $twres,@tweak[0] # calclulate tweaks^round[last] + pxor $twres,@tweak[0] # calculate tweaks^round[last] aesdec $rndkey1,$inout4 pxor $twres,@tweak[1] movdqa @tweak[0],`16*0`(%rsp) # put aside tweaks^last round key @@ -2687,26 +2702,26 @@ sub aesni_generate8 { pxor %xmm15,%xmm15 ___ $code.=<<___ if ($win64); - movaps -0xa0(%rbp),%xmm6 - movaps %xmm0,-0xa0(%rbp) # clear stack - movaps -0x90(%rbp),%xmm7 - movaps %xmm0,-0x90(%rbp) - movaps -0x80(%rbp),%xmm8 - movaps %xmm0,-0x80(%rbp) - movaps -0x70(%rbp),%xmm9 - movaps %xmm0,-0x70(%rbp) - movaps -0x60(%rbp),%xmm10 - movaps %xmm0,-0x60(%rbp) - movaps -0x50(%rbp),%xmm11 - movaps %xmm0,-0x50(%rbp) - movaps -0x40(%rbp),%xmm12 - movaps %xmm0,-0x40(%rbp) - movaps -0x30(%rbp),%xmm13 - movaps %xmm0,-0x30(%rbp) - movaps -0x20(%rbp),%xmm14 - movaps %xmm0,-0x20(%rbp) - movaps -0x10(%rbp),%xmm15 - movaps %xmm0,-0x10(%rbp) + movaps -0xa8(%r11),%xmm6 + movaps %xmm0,-0xa8(%r11) # clear stack + movaps -0x98(%r11),%xmm7 + movaps %xmm0,-0x98(%r11) + movaps -0x88(%r11),%xmm8 + movaps %xmm0,-0x88(%r11) + movaps -0x78(%r11),%xmm9 + movaps %xmm0,-0x78(%r11) + movaps -0x68(%r11),%xmm10 + movaps %xmm0,-0x68(%r11) + movaps -0x58(%r11),%xmm11 + movaps %xmm0,-0x58(%r11) + movaps -0x48(%r11),%xmm12 + movaps %xmm0,-0x48(%r11) + movaps -0x38(%r11),%xmm13 + movaps %xmm0,-0x38(%r11) + movaps -0x28(%r11),%xmm14 + movaps %xmm0,-0x28(%r11) + movaps -0x18(%r11),%xmm15 + movaps %xmm0,-0x18(%r11) movaps %xmm0,0x00(%rsp) movaps %xmm0,0x10(%rsp) movaps %xmm0,0x20(%rsp) @@ -2716,10 +2731,13 @@ sub aesni_generate8 { movaps %xmm0,0x60(%rsp) ___ $code.=<<___; - lea (%rbp),%rsp - pop %rbp + mov -8(%r11),%rbp +.cfi_restore %rbp + lea (%r11),%rsp +.cfi_def_cfa_register %rsp .Lxts_dec_epilogue: ret +.cfi_endproc .size aesni_xts_decrypt,.-aesni_xts_decrypt ___ } @@ -2744,12 +2762,18 @@ sub aesni_generate8 { .type aesni_ocb_encrypt,\@function,6 .align 32 aesni_ocb_encrypt: +.cfi_startproc lea (%rsp),%rax push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 ___ $code.=<<___ if ($win64); lea -0xa0(%rsp),%rsp @@ -2943,6 +2967,8 @@ sub aesni_generate8 { pxor %xmm13,%xmm13 pxor %xmm14,%xmm14 pxor %xmm15,%xmm15 + lea 0x28(%rsp),%rax +.cfi_def_cfa %rax,8 ___ $code.=<<___ if ($win64); movaps 0x00(%rsp),%xmm6 @@ -2967,16 +2993,23 @@ sub aesni_generate8 { movaps %xmm0,0x90(%rsp) lea 0xa0+0x28(%rsp),%rax .Locb_enc_pop: - lea 0xa0(%rsp),%rsp ___ $code.=<<___; - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx + mov -40(%rax),%r14 +.cfi_restore %r14 + mov -32(%rax),%r13 +.cfi_restore %r13 + mov -24(%rax),%r12 +.cfi_restore %r12 + mov -16(%rax),%rbp +.cfi_restore %rbp + mov -8(%rax),%rbx +.cfi_restore %rbx + lea (%rax),%rsp +.cfi_def_cfa_register %rsp .Locb_enc_epilogue: ret +.cfi_endproc .size aesni_ocb_encrypt,.-aesni_ocb_encrypt .type __ocb_encrypt6,\@abi-omnipotent @@ -3189,12 +3222,18 @@ sub aesni_generate8 { .type aesni_ocb_decrypt,\@function,6 .align 32 aesni_ocb_decrypt: +.cfi_startproc lea (%rsp),%rax push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 ___ $code.=<<___ if ($win64); lea -0xa0(%rsp),%rsp @@ -3410,6 +3449,8 @@ sub aesni_generate8 { pxor %xmm13,%xmm13 pxor %xmm14,%xmm14 pxor %xmm15,%xmm15 + lea 0x28(%rsp),%rax +.cfi_def_cfa %rax,8 ___ $code.=<<___ if ($win64); movaps 0x00(%rsp),%xmm6 @@ -3434,16 +3475,23 @@ sub aesni_generate8 { movaps %xmm0,0x90(%rsp) lea 0xa0+0x28(%rsp),%rax .Locb_dec_pop: - lea 0xa0(%rsp),%rsp ___ $code.=<<___; - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx + mov -40(%rax),%r14 +.cfi_restore %r14 + mov -32(%rax),%r13 +.cfi_restore %r13 + mov -24(%rax),%r12 +.cfi_restore %r12 + mov -16(%rax),%rbp +.cfi_restore %rbp + mov -8(%rax),%rbx +.cfi_restore %rbx + lea (%rax),%rsp +.cfi_def_cfa_register %rsp .Locb_dec_epilogue: ret +.cfi_endproc .size aesni_ocb_decrypt,.-aesni_ocb_decrypt .type __ocb_decrypt6,\@abi-omnipotent @@ -3650,13 +3698,13 @@ sub aesni_generate8 { { my $frame_size = 0x10 + ($win64?0xa0:0); # used in decrypt my ($iv,$in0,$in1,$in2,$in3,$in4)=map("%xmm$_",(10..15)); -my $inp_=$key_; $code.=<<___; .globl ${PREFIX}_cbc_encrypt .type ${PREFIX}_cbc_encrypt,\@function,6 .align 16 ${PREFIX}_cbc_encrypt: +.cfi_startproc test $len,$len # check length jz .Lcbc_ret @@ -3732,8 +3780,10 @@ sub aesni_generate8 { jmp .Lcbc_ret .align 16 .Lcbc_decrypt_bulk: - lea (%rsp),%rax + lea (%rsp),%r11 # frame pointer +.cfi_def_cfa_register %r11 push %rbp +.cfi_push %rbp sub \$$frame_size,%rsp and \$-16,%rsp # Linux kernel stack can be incorrectly seeded ___ @@ -3750,8 +3800,11 @@ sub aesni_generate8 { movaps %xmm15,0xa0(%rsp) .Lcbc_decrypt_body: ___ + +my $inp_=$key_="%rbp"; # reassign $key_ + $code.=<<___; - lea -8(%rax),%rbp + mov $key,$key_ # [re-]backup $key [after reassignment] movups ($ivp),$iv mov $rnds_,$rounds cmp \$0x50,$len @@ -3791,7 +3844,7 @@ sub aesni_generate8 { pxor $rndkey0,$inout1 $movkey 0x10-0x70($key),$rndkey1 pxor $rndkey0,$inout2 - xor $inp_,$inp_ + mov \$-1,$inp_ cmp \$0x70,$len # is there at least 0x60 bytes ahead? pxor $rndkey0,$inout3 pxor $rndkey0,$inout4 @@ -3807,8 +3860,8 @@ sub aesni_generate8 { aesdec $rndkey1,$inout4 aesdec $rndkey1,$inout5 aesdec $rndkey1,$inout6 - setnc ${inp_}b - shl \$7,$inp_ + adc \$0,$inp_ + and \$128,$inp_ aesdec $rndkey1,$inout7 add $inp,$inp_ $movkey 0x30-0x70($key),$rndkey1 @@ -4172,10 +4225,13 @@ sub aesni_generate8 { movaps %xmm0,0xa0(%rsp) ___ $code.=<<___; - lea (%rbp),%rsp - pop %rbp + mov -8(%r11),%rbp +.cfi_restore %rbp + lea (%r11),%rsp +.cfi_def_cfa_register %rsp .Lcbc_ret: ret +.cfi_endproc .size ${PREFIX}_cbc_encrypt,.-${PREFIX}_cbc_encrypt ___ } @@ -4196,7 +4252,9 @@ sub aesni_generate8 { .type ${PREFIX}_set_decrypt_key,\@abi-omnipotent .align 16 ${PREFIX}_set_decrypt_key: +.cfi_startproc .byte 0x48,0x83,0xEC,0x08 # sub rsp,8 +.cfi_adjust_cfa_offset 8 call __aesni_set_encrypt_key shl \$4,$bits # rounds-1 after _aesni_set_encrypt_key test %eax,%eax @@ -4229,15 +4287,16 @@ sub aesni_generate8 { pxor %xmm0,%xmm0 .Ldec_key_ret: add \$8,%rsp +.cfi_adjust_cfa_offset -8 ret +.cfi_endproc .LSEH_end_set_decrypt_key: .size ${PREFIX}_set_decrypt_key,.-${PREFIX}_set_decrypt_key ___ -# This is based on submission by -# -# Huang Ying -# Vinodh Gopal +# This is based on submission from Intel by +# Huang Ying +# Vinodh Gopal # Kahraman Akdemir # # Aggressively optimized in respect to aeskeygenassist's critical path @@ -4265,7 +4324,9 @@ sub aesni_generate8 { .align 16 ${PREFIX}_set_encrypt_key: __aesni_set_encrypt_key: +.cfi_startproc .byte 0x48,0x83,0xEC,0x08 # sub rsp,8 +.cfi_adjust_cfa_offset 8 mov \$-1,%rax test $inp,$inp jz .Lenc_key_ret @@ -4454,7 +4515,7 @@ sub aesni_generate8 { .align 16 .L14rounds: - movups 16($inp),%xmm2 # remaning half of *userKey + movups 16($inp),%xmm2 # remaining half of *userKey mov \$13,$bits # 14 rounds for 256 lea 16(%rax),%rax cmp \$`1<<28`,%r10d # AVX, but no XOP @@ -4558,7 +4619,9 @@ sub aesni_generate8 { pxor %xmm4,%xmm4 pxor %xmm5,%xmm5 add \$8,%rsp +.cfi_adjust_cfa_offset -8 ret +.cfi_endproc .LSEH_end_set_encrypt_key: .align 16 @@ -4744,13 +4807,16 @@ sub aesni_generate8 { cmp %r10,%rbx # context->Rip>=epilogue label jae .Lcommon_seh_tail - mov 160($context),%rax # pull context->Rbp - lea -0xa0(%rax),%rsi # %xmm save area + mov 208($context),%rax # pull context->R11 + + lea -0xa8(%rax),%rsi # %xmm save area lea 512($context),%rdi # & context.Xmm6 mov \$20,%ecx # 10*sizeof(%xmm0)/sizeof(%rax) .long 0xa548f3fc # cld; rep movsq - jmp .Lcommon_rbp_tail + mov -8(%rax),%rbp # restore saved %rbp + mov %rbp,160($context) # restore context->Rbp + jmp .Lcommon_seh_tail .size ctr_xts_se_handler,.-ctr_xts_se_handler .type ocb_se_handler,\@abi-omnipotent @@ -4834,9 +4900,13 @@ sub aesni_generate8 { cmp %r10,%rbx # context->Rip<"prologue" label jb .Lcommon_seh_tail + mov 120($context),%rax # pull context->Rax + lea .Lcbc_decrypt_body(%rip),%r10 cmp %r10,%rbx # context->RipRsp lea .Lcbc_ret(%rip),%r10 cmp %r10,%rbx # context->Rip>="epilogue" label @@ -4847,15 +4917,10 @@ sub aesni_generate8 { mov \$20,%ecx # 10*sizeof(%xmm0)/sizeof(%rax) .long 0xa548f3fc # cld; rep movsq -.Lcommon_rbp_tail: - mov 160($context),%rax # pull context->Rbp - mov (%rax),%rbp # restore saved %rbp - lea 8(%rax),%rax # adjust stack pointer - mov %rbp,160($context) # restore context->Rbp - jmp .Lcommon_seh_tail + mov 208($context),%rax # pull context->R11 -.Lrestore_cbc_rax: - mov 120($context),%rax + mov -8(%rax),%rbp # restore saved %rbp + mov %rbp,160($context) # restore context->Rbp .Lcommon_seh_tail: mov 8(%rax),%rdi diff --git a/deps/openssl/openssl/crypto/aes/asm/aesp8-ppc.pl b/deps/openssl/openssl/crypto/aes/asm/aesp8-ppc.pl index b7e92f6538abfa..488b133250c677 100755 --- a/deps/openssl/openssl/crypto/aes/asm/aesp8-ppc.pl +++ b/deps/openssl/openssl/crypto/aes/asm/aesp8-ppc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -40,6 +40,8 @@ # CBC en-/decrypt CTR XTS # POWER8[le] 3.96/0.72 0.74 1.1 # POWER8[be] 3.75/0.65 0.66 1.0 +# POWER9[le] 4.02/0.86 0.84 1.05 +# POWER9[be] 3.99/0.78 0.79 0.97 $flavour = shift; @@ -3773,7 +3775,7 @@ () if ($flavour =~ /le$/o) { SWITCH: for($conv) { /\?inv/ && do { @bytes=map($_^0xf,@bytes); last; }; - /\?rev/ && do { @bytes=reverse(@bytes); last; }; + /\?rev/ && do { @bytes=reverse(@bytes); last; }; } } diff --git a/deps/openssl/openssl/crypto/aes/asm/aest4-sparcv9.pl b/deps/openssl/openssl/crypto/aes/asm/aest4-sparcv9.pl index bf479c60aede1f..54d0c58821a7f4 100644 --- a/deps/openssl/openssl/crypto/aes/asm/aest4-sparcv9.pl +++ b/deps/openssl/openssl/crypto/aes/asm/aest4-sparcv9.pl @@ -8,9 +8,9 @@ # ==================================================================== -# Written by David S. Miller and Andy Polyakov -# . The module is licensed under 2-clause BSD -# license. October 2012. All rights reserved. +# Written by David S. Miller and Andy Polyakov. +# The module is licensed under 2-clause BSD license. October 2012. +# All rights reserved. # ==================================================================== ###################################################################### @@ -44,7 +44,7 @@ # instructions with those on critical path. Amazing! # # As with Intel AES-NI, question is if it's possible to improve -# performance of parallelizeable modes by interleaving round +# performance of parallelizable modes by interleaving round # instructions. Provided round instruction latency and throughput # optimal interleave factor is 2. But can we expect 2x performance # improvement? Well, as round instructions can be issued one per diff --git a/deps/openssl/openssl/crypto/aes/asm/aesv8-armx.pl b/deps/openssl/openssl/crypto/aes/asm/aesv8-armx.pl index 1782d5b4143658..8b37cfc452a02d 100755 --- a/deps/openssl/openssl/crypto/aes/asm/aesv8-armx.pl +++ b/deps/openssl/openssl/crypto/aes/asm/aesv8-armx.pl @@ -35,6 +35,7 @@ # Cortex-A57(*) 1.95 0.85 0.93 # Denver 1.96 0.86 0.80 # Mongoose 1.33 1.20 1.20 +# Kryo 1.26 0.94 1.00 # # (*) original 3.64/1.34/1.32 results were for r0p0 revision # and are still same even for updated module; @@ -929,7 +930,7 @@ () s/^(\s+)v/$1/o or # strip off v prefix s/\bbx\s+lr\b/ret/o; - # fix up remainig legacy suffixes + # fix up remaining legacy suffixes s/\.[ui]?8//o; m/\],#8/o and s/\.16b/\.8b/go; s/\.[ui]?32//o and s/\.16b/\.4s/go; @@ -964,21 +965,21 @@ () $arg =~ m/q([0-9]+),\s*\{q([0-9]+)\},\s*q([0-9]+)/o && sprintf "vtbl.8 d%d,{q%d},d%d\n\t". - "vtbl.8 d%d,{q%d},d%d", 2*$1,$2,2*$3, 2*$1+1,$2,2*$3+1; + "vtbl.8 d%d,{q%d},d%d", 2*$1,$2,2*$3, 2*$1+1,$2,2*$3+1; } sub unvdup32 { my $arg=shift; $arg =~ m/q([0-9]+),\s*q([0-9]+)\[([0-3])\]/o && - sprintf "vdup.32 q%d,d%d[%d]",$1,2*$2+($3>>1),$3&1; + sprintf "vdup.32 q%d,d%d[%d]",$1,2*$2+($3>>1),$3&1; } sub unvmov32 { my $arg=shift; $arg =~ m/q([0-9]+)\[([0-3])\],(.*)/o && - sprintf "vmov.32 d%d[%d],%s",2*$1+($2>>1),$2&1,$3; + sprintf "vmov.32 d%d[%d],%s",2*$1+($2>>1),$2&1,$3; } foreach(split("\n",$code)) { @@ -988,7 +989,7 @@ () s/\bv([0-9])\.[12468]+[bsd]\b/q$1/go; # new->old registers s/\/\/\s?/@ /o; # new->old style commentary - # fix up remainig new-style suffixes + # fix up remaining new-style suffixes s/\{q([0-9]+)\},\s*\[(.+)\],#8/sprintf "{d%d},[$2]!",2*$1/eo or s/\],#[0-9]+/]!/o; diff --git a/deps/openssl/openssl/crypto/aes/asm/bsaes-armv7.pl b/deps/openssl/openssl/crypto/aes/asm/bsaes-armv7.pl index 7af38afcb69f8d..bfe825af0d92b8 100644 --- a/deps/openssl/openssl/crypto/aes/asm/bsaes-armv7.pl +++ b/deps/openssl/openssl/crypto/aes/asm/bsaes-armv7.pl @@ -14,8 +14,7 @@ # details see http://www.openssl.org/~appro/cryptogams/. # # Specific modes and adaptation for Linux kernel by Ard Biesheuvel -# . Permission to use under GPL terms is -# granted. +# of Linaro. Permission to use under GPL terms is granted. # ==================================================================== # Bit-sliced AES for ARM NEON @@ -49,10 +48,7 @@ # # April-August 2013 -# -# Add CBC, CTR and XTS subroutines, adapt for kernel use. -# -# +# Add CBC, CTR and XTS subroutines and adapt for kernel use; courtesy of Ard. $flavour = shift; if ($flavour=~/\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; } @@ -91,7 +87,7 @@ sub Sbox { sub InBasisChange { # input in lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb -# output in lsb > [b6, b5, b0, b3, b7, b1, b4, b2] < msb +# output in lsb > [b6, b5, b0, b3, b7, b1, b4, b2] < msb my @b=@_[0..7]; $code.=<<___; veor @b[2], @b[2], @b[1] diff --git a/deps/openssl/openssl/crypto/aes/asm/bsaes-x86_64.pl b/deps/openssl/openssl/crypto/aes/asm/bsaes-x86_64.pl index 921d870e98bdcf..2c79c2b67c897d 100644 --- a/deps/openssl/openssl/crypto/aes/asm/bsaes-x86_64.pl +++ b/deps/openssl/openssl/crypto/aes/asm/bsaes-x86_64.pl @@ -131,7 +131,7 @@ sub Sbox { sub InBasisChange { # input in lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb -# output in lsb > [b6, b5, b0, b3, b7, b1, b4, b2] < msb +# output in lsb > [b6, b5, b0, b3, b7, b1, b4, b2] < msb my @b=@_[0..7]; $code.=<<___; pxor @b[6], @b[5] @@ -381,7 +381,7 @@ sub Inv_GF256 { pxor @s[0], @t[3] pxor @s[1], @t[2] pxor @s[2], @t[1] - pxor @s[3], @t[0] + pxor @s[3], @t[0] #Inv_GF16 \t0, \t1, \t2, \t3, \s0, \s1, \s2, \s3 @@ -1165,15 +1165,23 @@ sub bitslice_key { .type bsaes_ecb_encrypt_blocks,\@abi-omnipotent .align 16 bsaes_ecb_encrypt_blocks: +.cfi_startproc mov %rsp, %rax .Lecb_enc_prologue: push %rbp +.cfi_push %rbp push %rbx +.cfi_push %rbx push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 lea -0x48(%rsp),%rsp +.cfi_adjust_cfa_offset 0x48 ___ $code.=<<___ if ($win64); lea -0xa0(%rsp), %rsp @@ -1191,6 +1199,7 @@ sub bitslice_key { ___ $code.=<<___; mov %rsp,%rbp # backup %rsp +.cfi_def_cfa_register %rbp mov 240($arg4),%eax # rounds mov $arg1,$inp # backup arguments mov $arg2,$out @@ -1334,7 +1343,8 @@ sub bitslice_key { cmp %rax, %rbp jb .Lecb_enc_bzero - lea (%rbp),%rsp # restore %rsp + lea 0x78(%rbp),%rax +.cfi_def_cfa %rax,8 ___ $code.=<<___ if ($win64); movaps 0x40(%rbp), %xmm6 @@ -1347,34 +1357,50 @@ sub bitslice_key { movaps 0xb0(%rbp), %xmm13 movaps 0xc0(%rbp), %xmm14 movaps 0xd0(%rbp), %xmm15 - lea 0xa0(%rbp), %rsp + lea 0xa0(%rax), %rax +.Lecb_enc_tail: ___ $code.=<<___; - mov 0x48(%rsp), %r15 - mov 0x50(%rsp), %r14 - mov 0x58(%rsp), %r13 - mov 0x60(%rsp), %r12 - mov 0x68(%rsp), %rbx - mov 0x70(%rsp), %rax - lea 0x78(%rsp), %rsp - mov %rax, %rbp + mov -48(%rax), %r15 +.cfi_restore %r15 + mov -40(%rax), %r14 +.cfi_restore %r14 + mov -32(%rax), %r13 +.cfi_restore %r13 + mov -24(%rax), %r12 +.cfi_restore %r12 + mov -16(%rax), %rbx +.cfi_restore %rbx + mov -8(%rax), %rbp +.cfi_restore %rbp + lea (%rax), %rsp # restore %rsp +.cfi_def_cfa_register %rsp .Lecb_enc_epilogue: ret +.cfi_endproc .size bsaes_ecb_encrypt_blocks,.-bsaes_ecb_encrypt_blocks .globl bsaes_ecb_decrypt_blocks .type bsaes_ecb_decrypt_blocks,\@abi-omnipotent .align 16 bsaes_ecb_decrypt_blocks: +.cfi_startproc mov %rsp, %rax .Lecb_dec_prologue: push %rbp +.cfi_push %rbp push %rbx +.cfi_push %rbx push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 lea -0x48(%rsp),%rsp +.cfi_adjust_cfa_offset 0x48 ___ $code.=<<___ if ($win64); lea -0xa0(%rsp), %rsp @@ -1392,6 +1418,7 @@ sub bitslice_key { ___ $code.=<<___; mov %rsp,%rbp # backup %rsp +.cfi_def_cfa_register %rbp mov 240($arg4),%eax # rounds mov $arg1,$inp # backup arguments mov $arg2,$out @@ -1536,7 +1563,8 @@ sub bitslice_key { cmp %rax, %rbp jb .Lecb_dec_bzero - lea (%rbp),%rsp # restore %rsp + lea 0x78(%rbp),%rax +.cfi_def_cfa %rax,8 ___ $code.=<<___ if ($win64); movaps 0x40(%rbp), %xmm6 @@ -1549,19 +1577,27 @@ sub bitslice_key { movaps 0xb0(%rbp), %xmm13 movaps 0xc0(%rbp), %xmm14 movaps 0xd0(%rbp), %xmm15 - lea 0xa0(%rbp), %rsp + lea 0xa0(%rax), %rax +.Lecb_dec_tail: ___ $code.=<<___; - mov 0x48(%rsp), %r15 - mov 0x50(%rsp), %r14 - mov 0x58(%rsp), %r13 - mov 0x60(%rsp), %r12 - mov 0x68(%rsp), %rbx - mov 0x70(%rsp), %rax - lea 0x78(%rsp), %rsp - mov %rax, %rbp + mov -48(%rax), %r15 +.cfi_restore %r15 + mov -40(%rax), %r14 +.cfi_restore %r14 + mov -32(%rax), %r13 +.cfi_restore %r13 + mov -24(%rax), %r12 +.cfi_restore %r12 + mov -16(%rax), %rbx +.cfi_restore %rbx + mov -8(%rax), %rbp +.cfi_restore %rbp + lea (%rax), %rsp # restore %rsp +.cfi_def_cfa_register %rsp .Lecb_dec_epilogue: ret +.cfi_endproc .size bsaes_ecb_decrypt_blocks,.-bsaes_ecb_decrypt_blocks ___ } @@ -1571,6 +1607,7 @@ sub bitslice_key { .type bsaes_cbc_encrypt,\@abi-omnipotent .align 16 bsaes_cbc_encrypt: +.cfi_startproc ___ $code.=<<___ if ($win64); mov 48(%rsp),$arg6 # pull direction flag @@ -1584,12 +1621,19 @@ sub bitslice_key { mov %rsp, %rax .Lcbc_dec_prologue: push %rbp +.cfi_push %rbp push %rbx +.cfi_push %rbx push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 lea -0x48(%rsp), %rsp +.cfi_adjust_cfa_offset 0x48 ___ $code.=<<___ if ($win64); mov 0xa0(%rsp),$arg5 # pull ivp @@ -1608,6 +1652,7 @@ sub bitslice_key { ___ $code.=<<___; mov %rsp, %rbp # backup %rsp +.cfi_def_cfa_register %rbp mov 240($arg4), %eax # rounds mov $arg1, $inp # backup arguments mov $arg2, $out @@ -1826,7 +1871,8 @@ sub bitslice_key { cmp %rax, %rbp ja .Lcbc_dec_bzero - lea (%rbp),%rsp # restore %rsp + lea 0x78(%rbp),%rax +.cfi_def_cfa %rax,8 ___ $code.=<<___ if ($win64); movaps 0x40(%rbp), %xmm6 @@ -1839,34 +1885,50 @@ sub bitslice_key { movaps 0xb0(%rbp), %xmm13 movaps 0xc0(%rbp), %xmm14 movaps 0xd0(%rbp), %xmm15 - lea 0xa0(%rbp), %rsp + lea 0xa0(%rax), %rax +.Lcbc_dec_tail: ___ $code.=<<___; - mov 0x48(%rsp), %r15 - mov 0x50(%rsp), %r14 - mov 0x58(%rsp), %r13 - mov 0x60(%rsp), %r12 - mov 0x68(%rsp), %rbx - mov 0x70(%rsp), %rax - lea 0x78(%rsp), %rsp - mov %rax, %rbp + mov -48(%rax), %r15 +.cfi_restore %r15 + mov -40(%rax), %r14 +.cfi_restore %r14 + mov -32(%rax), %r13 +.cfi_restore %r13 + mov -24(%rax), %r12 +.cfi_restore %r12 + mov -16(%rax), %rbx +.cfi_restore %rbx + mov -8(%rax), %rbp +.cfi_restore %rbp + lea (%rax), %rsp # restore %rsp +.cfi_def_cfa_register %rsp .Lcbc_dec_epilogue: ret +.cfi_endproc .size bsaes_cbc_encrypt,.-bsaes_cbc_encrypt .globl bsaes_ctr32_encrypt_blocks .type bsaes_ctr32_encrypt_blocks,\@abi-omnipotent .align 16 bsaes_ctr32_encrypt_blocks: +.cfi_startproc mov %rsp, %rax .Lctr_enc_prologue: push %rbp +.cfi_push %rbp push %rbx +.cfi_push %rbx push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 lea -0x48(%rsp), %rsp +.cfi_adjust_cfa_offset 0x48 ___ $code.=<<___ if ($win64); mov 0xa0(%rsp),$arg5 # pull ivp @@ -1885,6 +1947,7 @@ sub bitslice_key { ___ $code.=<<___; mov %rsp, %rbp # backup %rsp +.cfi_def_cfa_register %rbp movdqu ($arg5), %xmm0 # load counter mov 240($arg4), %eax # rounds mov $arg1, $inp # backup arguments @@ -2058,7 +2121,8 @@ sub bitslice_key { cmp %rax, %rbp ja .Lctr_enc_bzero - lea (%rbp),%rsp # restore %rsp + lea 0x78(%rbp),%rax +.cfi_def_cfa %rax,8 ___ $code.=<<___ if ($win64); movaps 0x40(%rbp), %xmm6 @@ -2071,19 +2135,27 @@ sub bitslice_key { movaps 0xb0(%rbp), %xmm13 movaps 0xc0(%rbp), %xmm14 movaps 0xd0(%rbp), %xmm15 - lea 0xa0(%rbp), %rsp + lea 0xa0(%rax), %rax +.Lctr_enc_tail: ___ $code.=<<___; - mov 0x48(%rsp), %r15 - mov 0x50(%rsp), %r14 - mov 0x58(%rsp), %r13 - mov 0x60(%rsp), %r12 - mov 0x68(%rsp), %rbx - mov 0x70(%rsp), %rax - lea 0x78(%rsp), %rsp - mov %rax, %rbp + mov -48(%rax), %r15 +.cfi_restore %r15 + mov -40(%rax), %r14 +.cfi_restore %r14 + mov -32(%rax), %r13 +.cfi_restore %r13 + mov -24(%rax), %r12 +.cfi_restore %r12 + mov -16(%rax), %rbx +.cfi_restore %rbx + mov -8(%rax), %rbp +.cfi_restore %rbp + lea (%rax), %rsp # restore %rsp +.cfi_def_cfa_register %rsp .Lctr_enc_epilogue: ret +.cfi_endproc .size bsaes_ctr32_encrypt_blocks,.-bsaes_ctr32_encrypt_blocks ___ ###################################################################### @@ -2099,15 +2171,23 @@ sub bitslice_key { .type bsaes_xts_encrypt,\@abi-omnipotent .align 16 bsaes_xts_encrypt: +.cfi_startproc mov %rsp, %rax .Lxts_enc_prologue: push %rbp +.cfi_push %rbp push %rbx +.cfi_push %rbx push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 lea -0x48(%rsp), %rsp +.cfi_adjust_cfa_offset 0x48 ___ $code.=<<___ if ($win64); mov 0xa0(%rsp),$arg5 # pull key2 @@ -2127,6 +2207,7 @@ sub bitslice_key { ___ $code.=<<___; mov %rsp, %rbp # backup %rsp +.cfi_def_cfa_register %rbp mov $arg1, $inp # backup arguments mov $arg2, $out mov $arg3, $len @@ -2448,7 +2529,8 @@ sub bitslice_key { cmp %rax, %rbp ja .Lxts_enc_bzero - lea (%rbp),%rsp # restore %rsp + lea 0x78(%rbp),%rax +.cfi_def_cfa %rax,8 ___ $code.=<<___ if ($win64); movaps 0x40(%rbp), %xmm6 @@ -2461,34 +2543,50 @@ sub bitslice_key { movaps 0xb0(%rbp), %xmm13 movaps 0xc0(%rbp), %xmm14 movaps 0xd0(%rbp), %xmm15 - lea 0xa0(%rbp), %rsp + lea 0xa0(%rax), %rax +.Lxts_enc_tail: ___ $code.=<<___; - mov 0x48(%rsp), %r15 - mov 0x50(%rsp), %r14 - mov 0x58(%rsp), %r13 - mov 0x60(%rsp), %r12 - mov 0x68(%rsp), %rbx - mov 0x70(%rsp), %rax - lea 0x78(%rsp), %rsp - mov %rax, %rbp + mov -48(%rax), %r15 +.cfi_restore %r15 + mov -40(%rax), %r14 +.cfi_restore %r14 + mov -32(%rax), %r13 +.cfi_restore %r13 + mov -24(%rax), %r12 +.cfi_restore %r12 + mov -16(%rax), %rbx +.cfi_restore %rbx + mov -8(%rax), %rbp +.cfi_restore %rbp + lea (%rax), %rsp # restore %rsp +.cfi_def_cfa_register %rsp .Lxts_enc_epilogue: ret +.cfi_endproc .size bsaes_xts_encrypt,.-bsaes_xts_encrypt .globl bsaes_xts_decrypt .type bsaes_xts_decrypt,\@abi-omnipotent .align 16 bsaes_xts_decrypt: +.cfi_startproc mov %rsp, %rax .Lxts_dec_prologue: push %rbp +.cfi_push %rbp push %rbx +.cfi_push %rbx push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 lea -0x48(%rsp), %rsp +.cfi_adjust_cfa_offset 0x48 ___ $code.=<<___ if ($win64); mov 0xa0(%rsp),$arg5 # pull key2 @@ -2855,7 +2953,8 @@ sub bitslice_key { cmp %rax, %rbp ja .Lxts_dec_bzero - lea (%rbp),%rsp # restore %rsp + lea 0x78(%rbp),%rax +.cfi_def_cfa %rax,8 ___ $code.=<<___ if ($win64); movaps 0x40(%rbp), %xmm6 @@ -2868,19 +2967,27 @@ sub bitslice_key { movaps 0xb0(%rbp), %xmm13 movaps 0xc0(%rbp), %xmm14 movaps 0xd0(%rbp), %xmm15 - lea 0xa0(%rbp), %rsp + lea 0xa0(%rax), %rax +.Lxts_dec_tail: ___ $code.=<<___; - mov 0x48(%rsp), %r15 - mov 0x50(%rsp), %r14 - mov 0x58(%rsp), %r13 - mov 0x60(%rsp), %r12 - mov 0x68(%rsp), %rbx - mov 0x70(%rsp), %rax - lea 0x78(%rsp), %rsp - mov %rax, %rbp + mov -48(%rax), %r15 +.cfi_restore %r15 + mov -40(%rax), %r14 +.cfi_restore %r14 + mov -32(%rax), %r13 +.cfi_restore %r13 + mov -24(%rax), %r12 +.cfi_restore %r12 + mov -16(%rax), %rbx +.cfi_restore %rbx + mov -8(%rax), %rbp +.cfi_restore %rbp + lea (%rax), %rsp # restore %rsp +.cfi_def_cfa_register %rsp .Lxts_dec_epilogue: ret +.cfi_endproc .size bsaes_xts_decrypt,.-bsaes_xts_decrypt ___ } @@ -2974,31 +3081,34 @@ sub bitslice_key { mov 0(%r11),%r10d # HandlerData[0] lea (%rsi,%r10),%r10 # prologue label - cmp %r10,%rbx # context->RipRsp + cmp %r10,%rbx # context->Rip<=prologue label + jbe .Lin_prologue mov 4(%r11),%r10d # HandlerData[1] lea (%rsi,%r10),%r10 # epilogue label cmp %r10,%rbx # context->Rip>=epilogue label jae .Lin_prologue + mov 8(%r11),%r10d # HandlerData[2] + lea (%rsi,%r10),%r10 # epilogue label + cmp %r10,%rbx # context->Rip>=tail label + jae .Lin_tail + mov 160($context),%rax # pull context->Rbp lea 0x40(%rax),%rsi # %xmm save area lea 512($context),%rdi # &context.Xmm6 mov \$20,%ecx # 10*sizeof(%xmm0)/sizeof(%rax) .long 0xa548f3fc # cld; rep movsq - lea 0xa0(%rax),%rax # adjust stack pointer - - mov 0x70(%rax),%rbp - mov 0x68(%rax),%rbx - mov 0x60(%rax),%r12 - mov 0x58(%rax),%r13 - mov 0x50(%rax),%r14 - mov 0x48(%rax),%r15 - lea 0x78(%rax),%rax # adjust stack pointer + lea 0xa0+0x78(%rax),%rax # adjust stack pointer + +.Lin_tail: + mov -48(%rax),%rbp + mov -40(%rax),%rbx + mov -32(%rax),%r12 + mov -24(%rax),%r13 + mov -16(%rax),%r14 + mov -8(%rax),%r15 mov %rbx,144($context) # restore context->Rbx mov %rbp,160($context) # restore context->Rbp mov %r12,216($context) # restore context->R12 @@ -3079,28 +3189,40 @@ sub bitslice_key { .byte 9,0,0,0 .rva se_handler .rva .Lecb_enc_body,.Lecb_enc_epilogue # HandlerData[] + .rva .Lecb_enc_tail + .long 0 .Lecb_dec_info: .byte 9,0,0,0 .rva se_handler .rva .Lecb_dec_body,.Lecb_dec_epilogue # HandlerData[] + .rva .Lecb_dec_tail + .long 0 ___ $code.=<<___; .Lcbc_dec_info: .byte 9,0,0,0 .rva se_handler .rva .Lcbc_dec_body,.Lcbc_dec_epilogue # HandlerData[] + .rva .Lcbc_dec_tail + .long 0 .Lctr_enc_info: .byte 9,0,0,0 .rva se_handler .rva .Lctr_enc_body,.Lctr_enc_epilogue # HandlerData[] + .rva .Lctr_enc_tail + .long 0 .Lxts_enc_info: .byte 9,0,0,0 .rva se_handler .rva .Lxts_enc_body,.Lxts_enc_epilogue # HandlerData[] + .rva .Lxts_enc_tail + .long 0 .Lxts_dec_info: .byte 9,0,0,0 .rva se_handler .rva .Lxts_dec_body,.Lxts_dec_epilogue # HandlerData[] + .rva .Lxts_dec_tail + .long 0 ___ } diff --git a/deps/openssl/openssl/crypto/aes/asm/vpaes-armv8.pl b/deps/openssl/openssl/crypto/aes/asm/vpaes-armv8.pl index d6b5f561c4cff5..5131e13a09a295 100755 --- a/deps/openssl/openssl/crypto/aes/asm/vpaes-armv8.pl +++ b/deps/openssl/openssl/crypto/aes/asm/vpaes-armv8.pl @@ -31,7 +31,7 @@ # Apple A7(***) 22.7(**) 10.9/14.3 [8.45/10.0 ] # Mongoose(***) 26.3(**) 21.0/25.0(**) [13.3/16.8 ] # -# (*) ECB denotes approximate result for parallelizeable modes +# (*) ECB denotes approximate result for parallelizable modes # such as CBC decrypt, CTR, etc.; # (**) these results are worse than scalar compiler-generated # code, but it's constant-time and therefore preferred; @@ -137,7 +137,7 @@ .quad 0x07E4A34047A4E300, 0x1DFEB95A5DBEF91A .quad 0x5F36B5DC83EA6900, 0x2841C2ABF49D1E77 -.asciz "Vector Permutaion AES for ARMv8, Mike Hamburg (Stanford University)" +.asciz "Vector Permutation AES for ARMv8, Mike Hamburg (Stanford University)" .size _vpaes_consts,.-_vpaes_consts .align 6 ___ @@ -769,7 +769,7 @@ ld1 {v0.16b}, [$inp] // vmovdqu 16(%rdi),%xmm0 # load key part 2 (unaligned) bl _vpaes_schedule_transform // input transform mov $inp, #7 // mov \$7, %esi - + .Loop_schedule_256: sub $inp, $inp, #1 // dec %esi bl _vpaes_schedule_mangle // output low result @@ -778,7 +778,7 @@ // high round bl _vpaes_schedule_round cbz $inp, .Lschedule_mangle_last - bl _vpaes_schedule_mangle + bl _vpaes_schedule_mangle // low round. swap xmm7 and xmm6 dup v0.4s, v0.s[3] // vpshufd \$0xFF, %xmm0, %xmm0 @@ -787,7 +787,7 @@ mov v7.16b, v6.16b // vmovdqa %xmm6, %xmm7 bl _vpaes_schedule_low_round mov v7.16b, v5.16b // vmovdqa %xmm5, %xmm7 - + b .Loop_schedule_256 ## @@ -814,7 +814,7 @@ .Lschedule_mangle_last_dec: ld1 {v20.2d-v21.2d}, [x11] // reload constants - sub $out, $out, #16 // add \$-16, %rdx + sub $out, $out, #16 // add \$-16, %rdx eor v0.16b, v0.16b, v16.16b // vpxor .Lk_s63(%rip), %xmm0, %xmm0 bl _vpaes_schedule_transform // output transform st1 {v0.2d}, [$out] // vmovdqu %xmm0, (%rdx) # save last key diff --git a/deps/openssl/openssl/crypto/aes/asm/vpaes-ppc.pl b/deps/openssl/openssl/crypto/aes/asm/vpaes-ppc.pl index bb38fbe60cdfd8..3c771a7e98b1c2 100644 --- a/deps/openssl/openssl/crypto/aes/asm/vpaes-ppc.pl +++ b/deps/openssl/openssl/crypto/aes/asm/vpaes-ppc.pl @@ -1075,7 +1075,7 @@ # high round bl _vpaes_schedule_round bdz Lschedule_mangle_last # dec %esi - bl _vpaes_schedule_mangle + bl _vpaes_schedule_mangle # low round. swap xmm7 and xmm6 ?vspltw v0, v0, 3 # vpshufd \$0xFF, %xmm0, %xmm0 @@ -1083,7 +1083,7 @@ vmr v7, v6 # vmovdqa %xmm6, %xmm7 bl _vpaes_schedule_low_round vmr v7, v5 # vmovdqa %xmm5, %xmm7 - + b Loop_schedule_256 ## ## .aes_schedule_mangle_last @@ -1131,7 +1131,7 @@ Lschedule_mangle_last_dec: lvx $iptlo, r11, r12 # reload $ipt lvx $ipthi, r9, r12 - addi $out, $out, -16 # add \$-16, %rdx + addi $out, $out, -16 # add \$-16, %rdx vxor v0, v0, v26 # vpxor .Lk_s63(%rip), %xmm0, %xmm0 bl _vpaes_schedule_transform # output transform @@ -1566,7 +1566,7 @@ if ($flavour =~ /le$/o) { SWITCH: for($conv) { /\?inv/ && do { @bytes=map($_^0xf,@bytes); last; }; - /\?rev/ && do { @bytes=reverse(@bytes); last; }; + /\?rev/ && do { @bytes=reverse(@bytes); last; }; } } diff --git a/deps/openssl/openssl/crypto/aes/asm/vpaes-x86.pl b/deps/openssl/openssl/crypto/aes/asm/vpaes-x86.pl index 47615c0795f8cd..7d57edc0eb6c10 100644 --- a/deps/openssl/openssl/crypto/aes/asm/vpaes-x86.pl +++ b/deps/openssl/openssl/crypto/aes/asm/vpaes-x86.pl @@ -62,7 +62,7 @@ open OUT,">$output"; *STDOUT=*OUT; -&asm_init($ARGV[0],"vpaes-x86.pl",$x86only = $ARGV[$#ARGV] eq "386"); +&asm_init($ARGV[0],$x86only = $ARGV[$#ARGV] eq "386"); $PREFIX="vpaes"; @@ -445,7 +445,7 @@ ## &set_label("schedule_192",16); &movdqu ("xmm0",&QWP(8,$inp)); # load key part 2 (very unaligned) - &call ("_vpaes_schedule_transform"); # input transform + &call ("_vpaes_schedule_transform"); # input transform &movdqa ("xmm6","xmm0"); # save short part &pxor ("xmm4","xmm4"); # clear 4 &movhlps("xmm6","xmm4"); # clobber low side with zeros @@ -476,7 +476,7 @@ ## &set_label("schedule_256",16); &movdqu ("xmm0",&QWP(16,$inp)); # load key part 2 (unaligned) - &call ("_vpaes_schedule_transform"); # input transform + &call ("_vpaes_schedule_transform"); # input transform &mov ($round,7); &set_label("loop_schedule_256"); @@ -487,7 +487,7 @@ &call ("_vpaes_schedule_round"); &dec ($round); &jz (&label("schedule_mangle_last")); - &call ("_vpaes_schedule_mangle"); + &call ("_vpaes_schedule_mangle"); # low round. swap xmm7 and xmm6 &pshufd ("xmm0","xmm0",0xFF); @@ -610,7 +610,7 @@ # subbyte &movdqa ("xmm4",&QWP($k_s0F,$const)); &movdqa ("xmm5",&QWP($k_inv,$const)); # 4 : 1/j - &movdqa ("xmm1","xmm4"); + &movdqa ("xmm1","xmm4"); &pandn ("xmm1","xmm0"); &psrld ("xmm1",4); # 1 = i &pand ("xmm0","xmm4"); # 0 = k diff --git a/deps/openssl/openssl/crypto/aes/asm/vpaes-x86_64.pl b/deps/openssl/openssl/crypto/aes/asm/vpaes-x86_64.pl index 422e8ee4423e6d..b715aca167d170 100644 --- a/deps/openssl/openssl/crypto/aes/asm/vpaes-x86_64.pl +++ b/deps/openssl/openssl/crypto/aes/asm/vpaes-x86_64.pl @@ -172,7 +172,7 @@ pshufb %xmm1, %xmm0 ret .size _vpaes_encrypt_core,.-_vpaes_encrypt_core - + ## ## Decryption core ## @@ -333,7 +333,7 @@ ## .Lschedule_128: mov \$10, %esi - + .Loop_schedule_128: call _vpaes_schedule_round dec %rsi @@ -367,7 +367,7 @@ .Loop_schedule_192: call _vpaes_schedule_round - palignr \$8,%xmm6,%xmm0 + palignr \$8,%xmm6,%xmm0 call _vpaes_schedule_mangle # save key n call _vpaes_schedule_192_smear call _vpaes_schedule_mangle # save key n+1 @@ -393,7 +393,7 @@ movdqu 16(%rdi),%xmm0 # load key part 2 (unaligned) call _vpaes_schedule_transform # input transform mov \$7, %esi - + .Loop_schedule_256: call _vpaes_schedule_mangle # output low result movdqa %xmm0, %xmm6 # save cur_lo in xmm6 @@ -402,7 +402,7 @@ call _vpaes_schedule_round dec %rsi jz .Lschedule_mangle_last - call _vpaes_schedule_mangle + call _vpaes_schedule_mangle # low round. swap xmm7 and xmm6 pshufd \$0xFF, %xmm0, %xmm0 @@ -410,10 +410,10 @@ movdqa %xmm6, %xmm7 call _vpaes_schedule_low_round movdqa %xmm5, %xmm7 - + jmp .Loop_schedule_256 - + ## ## .aes_schedule_mangle_last ## @@ -512,9 +512,9 @@ # rotate pshufd \$0xFF, %xmm0, %xmm0 palignr \$1, %xmm0, %xmm0 - + # fall through... - + # low round: same as high round, but no rotation and no rcon. _vpaes_schedule_low_round: # smear xmm7 @@ -553,7 +553,7 @@ pxor %xmm4, %xmm0 # 0 = sbox output # add in smeared stuff - pxor %xmm7, %xmm0 + pxor %xmm7, %xmm0 movdqa %xmm0, %xmm7 ret .size _vpaes_schedule_round,.-_vpaes_schedule_round diff --git a/deps/openssl/openssl/crypto/aes/build.info b/deps/openssl/openssl/crypto/aes/build.info index 5240b9c87fa8cc..0f04863640def6 100644 --- a/deps/openssl/openssl/crypto/aes/build.info +++ b/deps/openssl/openssl/crypto/aes/build.info @@ -5,11 +5,14 @@ SOURCE[../../libcrypto]=\ GENERATE[aes-ia64.s]=asm/aes-ia64.S -GENERATE[aes-586.s]=asm/aes-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR) +GENERATE[aes-586.s]=asm/aes-586.pl \ + $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR) DEPEND[aes-586.s]=../perlasm/x86asm.pl -GENERATE[vpaes-x86.s]=asm/vpaes-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR) +GENERATE[vpaes-x86.s]=asm/vpaes-x86.pl \ + $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR) DEPEND[vpaes-586.s]=../perlasm/x86asm.pl -GENERATE[aesni-x86.s]=asm/aesni-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR) +GENERATE[aesni-x86.s]=asm/aesni-x86.pl \ + $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR) DEPEND[aesni-586.s]=../perlasm/x86asm.pl GENERATE[aes-x86_64.s]=asm/aes-x86_64.pl $(PERLASM_SCHEME) @@ -35,6 +38,7 @@ GENERATE[aesp8-ppc.s]=asm/aesp8-ppc.pl $(PERLASM_SCHEME) GENERATE[aes-parisc.s]=asm/aes-parisc.pl $(PERLASM_SCHEME) GENERATE[aes-mips.S]=asm/aes-mips.pl $(PERLASM_SCHEME) +INCLUDE[aes-mips.o]=.. GENERATE[aesv8-armx.S]=asm/aesv8-armx.pl $(PERLASM_SCHEME) INCLUDE[aesv8-armx.o]=.. diff --git a/deps/openssl/openssl/crypto/aria/aria.c b/deps/openssl/openssl/crypto/aria/aria.c new file mode 100644 index 00000000000000..293bcc72bd03bc --- /dev/null +++ b/deps/openssl/openssl/crypto/aria/aria.c @@ -0,0 +1,1212 @@ +/* + * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Copyright (C) 2017 National Security Research Institute. All Rights Reserved. + * + * Information for ARIA + * http://210.104.33.10/ARIA/index-e.html (English) + * http://seed.kisa.or.kr/ (Korean) + * + * Public domain version is distributed above. + */ + +#include +#include "internal/aria.h" + +#include +#include + +#ifndef OPENSSL_SMALL_FOOTPRINT + +/* Begin macro */ + +/* rotation */ +#define rotl32(v, r) (((uint32_t)(v) << (r)) | ((uint32_t)(v) >> (32 - r))) +#define rotr32(v, r) (((uint32_t)(v) >> (r)) | ((uint32_t)(v) << (32 - r))) + +#define bswap32(v) \ + (((v) << 24) ^ ((v) >> 24) ^ \ + (((v) & 0x0000ff00) << 8) ^ (((v) & 0x00ff0000) >> 8)) + +#define GET_U8_BE(X, Y) ((uint8_t)((X) >> ((3 - Y) * 8))) +#define GET_U32_BE(X, Y) ( \ + ((uint32_t)((const uint8_t *)(X))[Y * 4 ] << 24) ^ \ + ((uint32_t)((const uint8_t *)(X))[Y * 4 + 1] << 16) ^ \ + ((uint32_t)((const uint8_t *)(X))[Y * 4 + 2] << 8) ^ \ + ((uint32_t)((const uint8_t *)(X))[Y * 4 + 3] ) ) + +#define PUT_U32_BE(DEST, IDX, VAL) \ + do { \ + ((uint8_t *)(DEST))[IDX * 4 ] = GET_U8_BE(VAL, 0); \ + ((uint8_t *)(DEST))[IDX * 4 + 1] = GET_U8_BE(VAL, 1); \ + ((uint8_t *)(DEST))[IDX * 4 + 2] = GET_U8_BE(VAL, 2); \ + ((uint8_t *)(DEST))[IDX * 4 + 3] = GET_U8_BE(VAL, 3); \ + } while(0) + +#define MAKE_U32(V0, V1, V2, V3) ( \ + ((uint32_t)((uint8_t)(V0)) << 24) | \ + ((uint32_t)((uint8_t)(V1)) << 16) | \ + ((uint32_t)((uint8_t)(V2)) << 8) | \ + ((uint32_t)((uint8_t)(V3)) ) ) + +/* End Macro*/ + +/* Key Constant + * 128bit : 0, 1, 2 + * 192bit : 1, 2, 3(0) + * 256bit : 2, 3(0), 4(1) + */ +static const uint32_t Key_RC[5][4] = { + { 0x517cc1b7, 0x27220a94, 0xfe13abe8, 0xfa9a6ee0 }, + { 0x6db14acc, 0x9e21c820, 0xff28b1d5, 0xef5de2b0 }, + { 0xdb92371d, 0x2126e970, 0x03249775, 0x04e8c90e }, + { 0x517cc1b7, 0x27220a94, 0xfe13abe8, 0xfa9a6ee0 }, + { 0x6db14acc, 0x9e21c820, 0xff28b1d5, 0xef5de2b0 } +}; + +/* 32bit expanded s-box */ +static const uint32_t S1[256] = { + 0x00636363, 0x007c7c7c, 0x00777777, 0x007b7b7b, + 0x00f2f2f2, 0x006b6b6b, 0x006f6f6f, 0x00c5c5c5, + 0x00303030, 0x00010101, 0x00676767, 0x002b2b2b, + 0x00fefefe, 0x00d7d7d7, 0x00ababab, 0x00767676, + 0x00cacaca, 0x00828282, 0x00c9c9c9, 0x007d7d7d, + 0x00fafafa, 0x00595959, 0x00474747, 0x00f0f0f0, + 0x00adadad, 0x00d4d4d4, 0x00a2a2a2, 0x00afafaf, + 0x009c9c9c, 0x00a4a4a4, 0x00727272, 0x00c0c0c0, + 0x00b7b7b7, 0x00fdfdfd, 0x00939393, 0x00262626, + 0x00363636, 0x003f3f3f, 0x00f7f7f7, 0x00cccccc, + 0x00343434, 0x00a5a5a5, 0x00e5e5e5, 0x00f1f1f1, + 0x00717171, 0x00d8d8d8, 0x00313131, 0x00151515, + 0x00040404, 0x00c7c7c7, 0x00232323, 0x00c3c3c3, + 0x00181818, 0x00969696, 0x00050505, 0x009a9a9a, + 0x00070707, 0x00121212, 0x00808080, 0x00e2e2e2, + 0x00ebebeb, 0x00272727, 0x00b2b2b2, 0x00757575, + 0x00090909, 0x00838383, 0x002c2c2c, 0x001a1a1a, + 0x001b1b1b, 0x006e6e6e, 0x005a5a5a, 0x00a0a0a0, + 0x00525252, 0x003b3b3b, 0x00d6d6d6, 0x00b3b3b3, + 0x00292929, 0x00e3e3e3, 0x002f2f2f, 0x00848484, + 0x00535353, 0x00d1d1d1, 0x00000000, 0x00ededed, + 0x00202020, 0x00fcfcfc, 0x00b1b1b1, 0x005b5b5b, + 0x006a6a6a, 0x00cbcbcb, 0x00bebebe, 0x00393939, + 0x004a4a4a, 0x004c4c4c, 0x00585858, 0x00cfcfcf, + 0x00d0d0d0, 0x00efefef, 0x00aaaaaa, 0x00fbfbfb, + 0x00434343, 0x004d4d4d, 0x00333333, 0x00858585, + 0x00454545, 0x00f9f9f9, 0x00020202, 0x007f7f7f, + 0x00505050, 0x003c3c3c, 0x009f9f9f, 0x00a8a8a8, + 0x00515151, 0x00a3a3a3, 0x00404040, 0x008f8f8f, + 0x00929292, 0x009d9d9d, 0x00383838, 0x00f5f5f5, + 0x00bcbcbc, 0x00b6b6b6, 0x00dadada, 0x00212121, + 0x00101010, 0x00ffffff, 0x00f3f3f3, 0x00d2d2d2, + 0x00cdcdcd, 0x000c0c0c, 0x00131313, 0x00ececec, + 0x005f5f5f, 0x00979797, 0x00444444, 0x00171717, + 0x00c4c4c4, 0x00a7a7a7, 0x007e7e7e, 0x003d3d3d, + 0x00646464, 0x005d5d5d, 0x00191919, 0x00737373, + 0x00606060, 0x00818181, 0x004f4f4f, 0x00dcdcdc, + 0x00222222, 0x002a2a2a, 0x00909090, 0x00888888, + 0x00464646, 0x00eeeeee, 0x00b8b8b8, 0x00141414, + 0x00dedede, 0x005e5e5e, 0x000b0b0b, 0x00dbdbdb, + 0x00e0e0e0, 0x00323232, 0x003a3a3a, 0x000a0a0a, + 0x00494949, 0x00060606, 0x00242424, 0x005c5c5c, + 0x00c2c2c2, 0x00d3d3d3, 0x00acacac, 0x00626262, + 0x00919191, 0x00959595, 0x00e4e4e4, 0x00797979, + 0x00e7e7e7, 0x00c8c8c8, 0x00373737, 0x006d6d6d, + 0x008d8d8d, 0x00d5d5d5, 0x004e4e4e, 0x00a9a9a9, + 0x006c6c6c, 0x00565656, 0x00f4f4f4, 0x00eaeaea, + 0x00656565, 0x007a7a7a, 0x00aeaeae, 0x00080808, + 0x00bababa, 0x00787878, 0x00252525, 0x002e2e2e, + 0x001c1c1c, 0x00a6a6a6, 0x00b4b4b4, 0x00c6c6c6, + 0x00e8e8e8, 0x00dddddd, 0x00747474, 0x001f1f1f, + 0x004b4b4b, 0x00bdbdbd, 0x008b8b8b, 0x008a8a8a, + 0x00707070, 0x003e3e3e, 0x00b5b5b5, 0x00666666, + 0x00484848, 0x00030303, 0x00f6f6f6, 0x000e0e0e, + 0x00616161, 0x00353535, 0x00575757, 0x00b9b9b9, + 0x00868686, 0x00c1c1c1, 0x001d1d1d, 0x009e9e9e, + 0x00e1e1e1, 0x00f8f8f8, 0x00989898, 0x00111111, + 0x00696969, 0x00d9d9d9, 0x008e8e8e, 0x00949494, + 0x009b9b9b, 0x001e1e1e, 0x00878787, 0x00e9e9e9, + 0x00cecece, 0x00555555, 0x00282828, 0x00dfdfdf, + 0x008c8c8c, 0x00a1a1a1, 0x00898989, 0x000d0d0d, + 0x00bfbfbf, 0x00e6e6e6, 0x00424242, 0x00686868, + 0x00414141, 0x00999999, 0x002d2d2d, 0x000f0f0f, + 0x00b0b0b0, 0x00545454, 0x00bbbbbb, 0x00161616 +}; + +static const uint32_t S2[256] = { + 0xe200e2e2, 0x4e004e4e, 0x54005454, 0xfc00fcfc, + 0x94009494, 0xc200c2c2, 0x4a004a4a, 0xcc00cccc, + 0x62006262, 0x0d000d0d, 0x6a006a6a, 0x46004646, + 0x3c003c3c, 0x4d004d4d, 0x8b008b8b, 0xd100d1d1, + 0x5e005e5e, 0xfa00fafa, 0x64006464, 0xcb00cbcb, + 0xb400b4b4, 0x97009797, 0xbe00bebe, 0x2b002b2b, + 0xbc00bcbc, 0x77007777, 0x2e002e2e, 0x03000303, + 0xd300d3d3, 0x19001919, 0x59005959, 0xc100c1c1, + 0x1d001d1d, 0x06000606, 0x41004141, 0x6b006b6b, + 0x55005555, 0xf000f0f0, 0x99009999, 0x69006969, + 0xea00eaea, 0x9c009c9c, 0x18001818, 0xae00aeae, + 0x63006363, 0xdf00dfdf, 0xe700e7e7, 0xbb00bbbb, + 0x00000000, 0x73007373, 0x66006666, 0xfb00fbfb, + 0x96009696, 0x4c004c4c, 0x85008585, 0xe400e4e4, + 0x3a003a3a, 0x09000909, 0x45004545, 0xaa00aaaa, + 0x0f000f0f, 0xee00eeee, 0x10001010, 0xeb00ebeb, + 0x2d002d2d, 0x7f007f7f, 0xf400f4f4, 0x29002929, + 0xac00acac, 0xcf00cfcf, 0xad00adad, 0x91009191, + 0x8d008d8d, 0x78007878, 0xc800c8c8, 0x95009595, + 0xf900f9f9, 0x2f002f2f, 0xce00cece, 0xcd00cdcd, + 0x08000808, 0x7a007a7a, 0x88008888, 0x38003838, + 0x5c005c5c, 0x83008383, 0x2a002a2a, 0x28002828, + 0x47004747, 0xdb00dbdb, 0xb800b8b8, 0xc700c7c7, + 0x93009393, 0xa400a4a4, 0x12001212, 0x53005353, + 0xff00ffff, 0x87008787, 0x0e000e0e, 0x31003131, + 0x36003636, 0x21002121, 0x58005858, 0x48004848, + 0x01000101, 0x8e008e8e, 0x37003737, 0x74007474, + 0x32003232, 0xca00caca, 0xe900e9e9, 0xb100b1b1, + 0xb700b7b7, 0xab00abab, 0x0c000c0c, 0xd700d7d7, + 0xc400c4c4, 0x56005656, 0x42004242, 0x26002626, + 0x07000707, 0x98009898, 0x60006060, 0xd900d9d9, + 0xb600b6b6, 0xb900b9b9, 0x11001111, 0x40004040, + 0xec00ecec, 0x20002020, 0x8c008c8c, 0xbd00bdbd, + 0xa000a0a0, 0xc900c9c9, 0x84008484, 0x04000404, + 0x49004949, 0x23002323, 0xf100f1f1, 0x4f004f4f, + 0x50005050, 0x1f001f1f, 0x13001313, 0xdc00dcdc, + 0xd800d8d8, 0xc000c0c0, 0x9e009e9e, 0x57005757, + 0xe300e3e3, 0xc300c3c3, 0x7b007b7b, 0x65006565, + 0x3b003b3b, 0x02000202, 0x8f008f8f, 0x3e003e3e, + 0xe800e8e8, 0x25002525, 0x92009292, 0xe500e5e5, + 0x15001515, 0xdd00dddd, 0xfd00fdfd, 0x17001717, + 0xa900a9a9, 0xbf00bfbf, 0xd400d4d4, 0x9a009a9a, + 0x7e007e7e, 0xc500c5c5, 0x39003939, 0x67006767, + 0xfe00fefe, 0x76007676, 0x9d009d9d, 0x43004343, + 0xa700a7a7, 0xe100e1e1, 0xd000d0d0, 0xf500f5f5, + 0x68006868, 0xf200f2f2, 0x1b001b1b, 0x34003434, + 0x70007070, 0x05000505, 0xa300a3a3, 0x8a008a8a, + 0xd500d5d5, 0x79007979, 0x86008686, 0xa800a8a8, + 0x30003030, 0xc600c6c6, 0x51005151, 0x4b004b4b, + 0x1e001e1e, 0xa600a6a6, 0x27002727, 0xf600f6f6, + 0x35003535, 0xd200d2d2, 0x6e006e6e, 0x24002424, + 0x16001616, 0x82008282, 0x5f005f5f, 0xda00dada, + 0xe600e6e6, 0x75007575, 0xa200a2a2, 0xef00efef, + 0x2c002c2c, 0xb200b2b2, 0x1c001c1c, 0x9f009f9f, + 0x5d005d5d, 0x6f006f6f, 0x80008080, 0x0a000a0a, + 0x72007272, 0x44004444, 0x9b009b9b, 0x6c006c6c, + 0x90009090, 0x0b000b0b, 0x5b005b5b, 0x33003333, + 0x7d007d7d, 0x5a005a5a, 0x52005252, 0xf300f3f3, + 0x61006161, 0xa100a1a1, 0xf700f7f7, 0xb000b0b0, + 0xd600d6d6, 0x3f003f3f, 0x7c007c7c, 0x6d006d6d, + 0xed00eded, 0x14001414, 0xe000e0e0, 0xa500a5a5, + 0x3d003d3d, 0x22002222, 0xb300b3b3, 0xf800f8f8, + 0x89008989, 0xde00dede, 0x71007171, 0x1a001a1a, + 0xaf00afaf, 0xba00baba, 0xb500b5b5, 0x81008181 +}; + +static const uint32_t X1[256] = { + 0x52520052, 0x09090009, 0x6a6a006a, 0xd5d500d5, + 0x30300030, 0x36360036, 0xa5a500a5, 0x38380038, + 0xbfbf00bf, 0x40400040, 0xa3a300a3, 0x9e9e009e, + 0x81810081, 0xf3f300f3, 0xd7d700d7, 0xfbfb00fb, + 0x7c7c007c, 0xe3e300e3, 0x39390039, 0x82820082, + 0x9b9b009b, 0x2f2f002f, 0xffff00ff, 0x87870087, + 0x34340034, 0x8e8e008e, 0x43430043, 0x44440044, + 0xc4c400c4, 0xdede00de, 0xe9e900e9, 0xcbcb00cb, + 0x54540054, 0x7b7b007b, 0x94940094, 0x32320032, + 0xa6a600a6, 0xc2c200c2, 0x23230023, 0x3d3d003d, + 0xeeee00ee, 0x4c4c004c, 0x95950095, 0x0b0b000b, + 0x42420042, 0xfafa00fa, 0xc3c300c3, 0x4e4e004e, + 0x08080008, 0x2e2e002e, 0xa1a100a1, 0x66660066, + 0x28280028, 0xd9d900d9, 0x24240024, 0xb2b200b2, + 0x76760076, 0x5b5b005b, 0xa2a200a2, 0x49490049, + 0x6d6d006d, 0x8b8b008b, 0xd1d100d1, 0x25250025, + 0x72720072, 0xf8f800f8, 0xf6f600f6, 0x64640064, + 0x86860086, 0x68680068, 0x98980098, 0x16160016, + 0xd4d400d4, 0xa4a400a4, 0x5c5c005c, 0xcccc00cc, + 0x5d5d005d, 0x65650065, 0xb6b600b6, 0x92920092, + 0x6c6c006c, 0x70700070, 0x48480048, 0x50500050, + 0xfdfd00fd, 0xeded00ed, 0xb9b900b9, 0xdada00da, + 0x5e5e005e, 0x15150015, 0x46460046, 0x57570057, + 0xa7a700a7, 0x8d8d008d, 0x9d9d009d, 0x84840084, + 0x90900090, 0xd8d800d8, 0xabab00ab, 0x00000000, + 0x8c8c008c, 0xbcbc00bc, 0xd3d300d3, 0x0a0a000a, + 0xf7f700f7, 0xe4e400e4, 0x58580058, 0x05050005, + 0xb8b800b8, 0xb3b300b3, 0x45450045, 0x06060006, + 0xd0d000d0, 0x2c2c002c, 0x1e1e001e, 0x8f8f008f, + 0xcaca00ca, 0x3f3f003f, 0x0f0f000f, 0x02020002, + 0xc1c100c1, 0xafaf00af, 0xbdbd00bd, 0x03030003, + 0x01010001, 0x13130013, 0x8a8a008a, 0x6b6b006b, + 0x3a3a003a, 0x91910091, 0x11110011, 0x41410041, + 0x4f4f004f, 0x67670067, 0xdcdc00dc, 0xeaea00ea, + 0x97970097, 0xf2f200f2, 0xcfcf00cf, 0xcece00ce, + 0xf0f000f0, 0xb4b400b4, 0xe6e600e6, 0x73730073, + 0x96960096, 0xacac00ac, 0x74740074, 0x22220022, + 0xe7e700e7, 0xadad00ad, 0x35350035, 0x85850085, + 0xe2e200e2, 0xf9f900f9, 0x37370037, 0xe8e800e8, + 0x1c1c001c, 0x75750075, 0xdfdf00df, 0x6e6e006e, + 0x47470047, 0xf1f100f1, 0x1a1a001a, 0x71710071, + 0x1d1d001d, 0x29290029, 0xc5c500c5, 0x89890089, + 0x6f6f006f, 0xb7b700b7, 0x62620062, 0x0e0e000e, + 0xaaaa00aa, 0x18180018, 0xbebe00be, 0x1b1b001b, + 0xfcfc00fc, 0x56560056, 0x3e3e003e, 0x4b4b004b, + 0xc6c600c6, 0xd2d200d2, 0x79790079, 0x20200020, + 0x9a9a009a, 0xdbdb00db, 0xc0c000c0, 0xfefe00fe, + 0x78780078, 0xcdcd00cd, 0x5a5a005a, 0xf4f400f4, + 0x1f1f001f, 0xdddd00dd, 0xa8a800a8, 0x33330033, + 0x88880088, 0x07070007, 0xc7c700c7, 0x31310031, + 0xb1b100b1, 0x12120012, 0x10100010, 0x59590059, + 0x27270027, 0x80800080, 0xecec00ec, 0x5f5f005f, + 0x60600060, 0x51510051, 0x7f7f007f, 0xa9a900a9, + 0x19190019, 0xb5b500b5, 0x4a4a004a, 0x0d0d000d, + 0x2d2d002d, 0xe5e500e5, 0x7a7a007a, 0x9f9f009f, + 0x93930093, 0xc9c900c9, 0x9c9c009c, 0xefef00ef, + 0xa0a000a0, 0xe0e000e0, 0x3b3b003b, 0x4d4d004d, + 0xaeae00ae, 0x2a2a002a, 0xf5f500f5, 0xb0b000b0, + 0xc8c800c8, 0xebeb00eb, 0xbbbb00bb, 0x3c3c003c, + 0x83830083, 0x53530053, 0x99990099, 0x61610061, + 0x17170017, 0x2b2b002b, 0x04040004, 0x7e7e007e, + 0xbaba00ba, 0x77770077, 0xd6d600d6, 0x26260026, + 0xe1e100e1, 0x69690069, 0x14140014, 0x63630063, + 0x55550055, 0x21210021, 0x0c0c000c, 0x7d7d007d +}; + +static const uint32_t X2[256] = { + 0x30303000, 0x68686800, 0x99999900, 0x1b1b1b00, + 0x87878700, 0xb9b9b900, 0x21212100, 0x78787800, + 0x50505000, 0x39393900, 0xdbdbdb00, 0xe1e1e100, + 0x72727200, 0x09090900, 0x62626200, 0x3c3c3c00, + 0x3e3e3e00, 0x7e7e7e00, 0x5e5e5e00, 0x8e8e8e00, + 0xf1f1f100, 0xa0a0a000, 0xcccccc00, 0xa3a3a300, + 0x2a2a2a00, 0x1d1d1d00, 0xfbfbfb00, 0xb6b6b600, + 0xd6d6d600, 0x20202000, 0xc4c4c400, 0x8d8d8d00, + 0x81818100, 0x65656500, 0xf5f5f500, 0x89898900, + 0xcbcbcb00, 0x9d9d9d00, 0x77777700, 0xc6c6c600, + 0x57575700, 0x43434300, 0x56565600, 0x17171700, + 0xd4d4d400, 0x40404000, 0x1a1a1a00, 0x4d4d4d00, + 0xc0c0c000, 0x63636300, 0x6c6c6c00, 0xe3e3e300, + 0xb7b7b700, 0xc8c8c800, 0x64646400, 0x6a6a6a00, + 0x53535300, 0xaaaaaa00, 0x38383800, 0x98989800, + 0x0c0c0c00, 0xf4f4f400, 0x9b9b9b00, 0xededed00, + 0x7f7f7f00, 0x22222200, 0x76767600, 0xafafaf00, + 0xdddddd00, 0x3a3a3a00, 0x0b0b0b00, 0x58585800, + 0x67676700, 0x88888800, 0x06060600, 0xc3c3c300, + 0x35353500, 0x0d0d0d00, 0x01010100, 0x8b8b8b00, + 0x8c8c8c00, 0xc2c2c200, 0xe6e6e600, 0x5f5f5f00, + 0x02020200, 0x24242400, 0x75757500, 0x93939300, + 0x66666600, 0x1e1e1e00, 0xe5e5e500, 0xe2e2e200, + 0x54545400, 0xd8d8d800, 0x10101000, 0xcecece00, + 0x7a7a7a00, 0xe8e8e800, 0x08080800, 0x2c2c2c00, + 0x12121200, 0x97979700, 0x32323200, 0xababab00, + 0xb4b4b400, 0x27272700, 0x0a0a0a00, 0x23232300, + 0xdfdfdf00, 0xefefef00, 0xcacaca00, 0xd9d9d900, + 0xb8b8b800, 0xfafafa00, 0xdcdcdc00, 0x31313100, + 0x6b6b6b00, 0xd1d1d100, 0xadadad00, 0x19191900, + 0x49494900, 0xbdbdbd00, 0x51515100, 0x96969600, + 0xeeeeee00, 0xe4e4e400, 0xa8a8a800, 0x41414100, + 0xdadada00, 0xffffff00, 0xcdcdcd00, 0x55555500, + 0x86868600, 0x36363600, 0xbebebe00, 0x61616100, + 0x52525200, 0xf8f8f800, 0xbbbbbb00, 0x0e0e0e00, + 0x82828200, 0x48484800, 0x69696900, 0x9a9a9a00, + 0xe0e0e000, 0x47474700, 0x9e9e9e00, 0x5c5c5c00, + 0x04040400, 0x4b4b4b00, 0x34343400, 0x15151500, + 0x79797900, 0x26262600, 0xa7a7a700, 0xdedede00, + 0x29292900, 0xaeaeae00, 0x92929200, 0xd7d7d700, + 0x84848400, 0xe9e9e900, 0xd2d2d200, 0xbababa00, + 0x5d5d5d00, 0xf3f3f300, 0xc5c5c500, 0xb0b0b000, + 0xbfbfbf00, 0xa4a4a400, 0x3b3b3b00, 0x71717100, + 0x44444400, 0x46464600, 0x2b2b2b00, 0xfcfcfc00, + 0xebebeb00, 0x6f6f6f00, 0xd5d5d500, 0xf6f6f600, + 0x14141400, 0xfefefe00, 0x7c7c7c00, 0x70707000, + 0x5a5a5a00, 0x7d7d7d00, 0xfdfdfd00, 0x2f2f2f00, + 0x18181800, 0x83838300, 0x16161600, 0xa5a5a500, + 0x91919100, 0x1f1f1f00, 0x05050500, 0x95959500, + 0x74747400, 0xa9a9a900, 0xc1c1c100, 0x5b5b5b00, + 0x4a4a4a00, 0x85858500, 0x6d6d6d00, 0x13131300, + 0x07070700, 0x4f4f4f00, 0x4e4e4e00, 0x45454500, + 0xb2b2b200, 0x0f0f0f00, 0xc9c9c900, 0x1c1c1c00, + 0xa6a6a600, 0xbcbcbc00, 0xececec00, 0x73737300, + 0x90909000, 0x7b7b7b00, 0xcfcfcf00, 0x59595900, + 0x8f8f8f00, 0xa1a1a100, 0xf9f9f900, 0x2d2d2d00, + 0xf2f2f200, 0xb1b1b100, 0x00000000, 0x94949400, + 0x37373700, 0x9f9f9f00, 0xd0d0d000, 0x2e2e2e00, + 0x9c9c9c00, 0x6e6e6e00, 0x28282800, 0x3f3f3f00, + 0x80808000, 0xf0f0f000, 0x3d3d3d00, 0xd3d3d300, + 0x25252500, 0x8a8a8a00, 0xb5b5b500, 0xe7e7e700, + 0x42424200, 0xb3b3b300, 0xc7c7c700, 0xeaeaea00, + 0xf7f7f700, 0x4c4c4c00, 0x11111100, 0x33333300, + 0x03030300, 0xa2a2a200, 0xacacac00, 0x60606000 +}; + +/* Key XOR Layer */ +#define ARIA_ADD_ROUND_KEY(RK, T0, T1, T2, T3) \ + do { \ + (T0) ^= (RK)->u[0]; \ + (T1) ^= (RK)->u[1]; \ + (T2) ^= (RK)->u[2]; \ + (T3) ^= (RK)->u[3]; \ + } while(0) + +/* S-Box Layer 1 + M */ +#define ARIA_SBOX_LAYER1_WITH_PRE_DIFF(T0, T1, T2, T3) \ + do { \ + (T0) = \ + S1[GET_U8_BE(T0, 0)] ^ \ + S2[GET_U8_BE(T0, 1)] ^ \ + X1[GET_U8_BE(T0, 2)] ^ \ + X2[GET_U8_BE(T0, 3)]; \ + (T1) = \ + S1[GET_U8_BE(T1, 0)] ^ \ + S2[GET_U8_BE(T1, 1)] ^ \ + X1[GET_U8_BE(T1, 2)] ^ \ + X2[GET_U8_BE(T1, 3)]; \ + (T2) = \ + S1[GET_U8_BE(T2, 0)] ^ \ + S2[GET_U8_BE(T2, 1)] ^ \ + X1[GET_U8_BE(T2, 2)] ^ \ + X2[GET_U8_BE(T2, 3)]; \ + (T3) = \ + S1[GET_U8_BE(T3, 0)] ^ \ + S2[GET_U8_BE(T3, 1)] ^ \ + X1[GET_U8_BE(T3, 2)] ^ \ + X2[GET_U8_BE(T3, 3)]; \ + } while(0) + +/* S-Box Layer 2 + M */ +#define ARIA_SBOX_LAYER2_WITH_PRE_DIFF(T0, T1, T2, T3) \ + do { \ + (T0) = \ + X1[GET_U8_BE(T0, 0)] ^ \ + X2[GET_U8_BE(T0, 1)] ^ \ + S1[GET_U8_BE(T0, 2)] ^ \ + S2[GET_U8_BE(T0, 3)]; \ + (T1) = \ + X1[GET_U8_BE(T1, 0)] ^ \ + X2[GET_U8_BE(T1, 1)] ^ \ + S1[GET_U8_BE(T1, 2)] ^ \ + S2[GET_U8_BE(T1, 3)]; \ + (T2) = \ + X1[GET_U8_BE(T2, 0)] ^ \ + X2[GET_U8_BE(T2, 1)] ^ \ + S1[GET_U8_BE(T2, 2)] ^ \ + S2[GET_U8_BE(T2, 3)]; \ + (T3) = \ + X1[GET_U8_BE(T3, 0)] ^ \ + X2[GET_U8_BE(T3, 1)] ^ \ + S1[GET_U8_BE(T3, 2)] ^ \ + S2[GET_U8_BE(T3, 3)]; \ + } while(0) + +/* Word-level diffusion */ +#define ARIA_DIFF_WORD(T0,T1,T2,T3) \ + do { \ + (T1) ^= (T2); \ + (T2) ^= (T3); \ + (T0) ^= (T1); \ + \ + (T3) ^= (T1); \ + (T2) ^= (T0); \ + (T1) ^= (T2); \ + } while(0) + +/* Byte-level diffusion */ +#define ARIA_DIFF_BYTE(T0, T1, T2, T3) \ + do { \ + (T1) = (((T1) << 8) & 0xff00ff00) ^ (((T1) >> 8) & 0x00ff00ff); \ + (T2) = rotr32(T2, 16); \ + (T3) = bswap32(T3); \ + } while(0) + +/* Odd round Substitution & Diffusion */ +#define ARIA_SUBST_DIFF_ODD(T0, T1, T2, T3) \ + do { \ + ARIA_SBOX_LAYER1_WITH_PRE_DIFF(T0, T1, T2, T3); \ + ARIA_DIFF_WORD(T0, T1, T2, T3); \ + ARIA_DIFF_BYTE(T0, T1, T2, T3); \ + ARIA_DIFF_WORD(T0, T1, T2, T3); \ + } while(0) + +/* Even round Substitution & Diffusion */ +#define ARIA_SUBST_DIFF_EVEN(T0, T1, T2, T3) \ + do { \ + ARIA_SBOX_LAYER2_WITH_PRE_DIFF(T0, T1, T2, T3); \ + ARIA_DIFF_WORD(T0, T1, T2, T3); \ + ARIA_DIFF_BYTE(T2, T3, T0, T1); \ + ARIA_DIFF_WORD(T0, T1, T2, T3); \ + } while(0) + +/* Q, R Macro expanded ARIA GSRK */ +#define _ARIA_GSRK(RK, X, Y, Q, R) \ + do { \ + (RK)->u[0] = \ + ((X)[0]) ^ \ + (((Y)[((Q) ) % 4]) >> (R)) ^ \ + (((Y)[((Q) + 3) % 4]) << (32 - (R))); \ + (RK)->u[1] = \ + ((X)[1]) ^ \ + (((Y)[((Q) + 1) % 4]) >> (R)) ^ \ + (((Y)[((Q) ) % 4]) << (32 - (R))); \ + (RK)->u[2] = \ + ((X)[2]) ^ \ + (((Y)[((Q) + 2) % 4]) >> (R)) ^ \ + (((Y)[((Q) + 1) % 4]) << (32 - (R))); \ + (RK)->u[3] = \ + ((X)[3]) ^ \ + (((Y)[((Q) + 3) % 4]) >> (R)) ^ \ + (((Y)[((Q) + 2) % 4]) << (32 - (R))); \ + } while(0) + +#define ARIA_GSRK(RK, X, Y, N) _ARIA_GSRK(RK, X, Y, 4 - ((N) / 32), (N) % 32) + +#define ARIA_DEC_DIFF_BYTE(X, Y, TMP, TMP2) \ + do { \ + (TMP) = (X); \ + (TMP2) = rotr32((TMP), 8); \ + (Y) = (TMP2) ^ rotr32((TMP) ^ (TMP2), 16); \ + } while(0) + +void aria_encrypt(const unsigned char *in, unsigned char *out, + const ARIA_KEY *key) +{ + register uint32_t reg0, reg1, reg2, reg3; + int Nr; + const ARIA_u128 *rk; + + if (in == NULL || out == NULL || key == NULL) { + return; + } + + rk = key->rd_key; + Nr = key->rounds; + + if (Nr != 12 && Nr != 14 && Nr != 16) { + return; + } + + reg0 = GET_U32_BE(in, 0); + reg1 = GET_U32_BE(in, 1); + reg2 = GET_U32_BE(in, 2); + reg3 = GET_U32_BE(in, 3); + + ARIA_ADD_ROUND_KEY(rk, reg0, reg1, reg2, reg3); + rk++; + + ARIA_SUBST_DIFF_ODD(reg0, reg1, reg2, reg3); + ARIA_ADD_ROUND_KEY(rk, reg0, reg1, reg2, reg3); + rk++; + + while(Nr -= 2){ + ARIA_SUBST_DIFF_EVEN(reg0, reg1, reg2, reg3); + ARIA_ADD_ROUND_KEY(rk, reg0, reg1, reg2, reg3); + rk++; + + ARIA_SUBST_DIFF_ODD(reg0, reg1, reg2, reg3); + ARIA_ADD_ROUND_KEY(rk, reg0, reg1, reg2, reg3); + rk++; + } + + reg0 = rk->u[0] ^ MAKE_U32( + (uint8_t)(X1[GET_U8_BE(reg0, 0)] ), + (uint8_t)(X2[GET_U8_BE(reg0, 1)] >> 8), + (uint8_t)(S1[GET_U8_BE(reg0, 2)] ), + (uint8_t)(S2[GET_U8_BE(reg0, 3)] )); + reg1 = rk->u[1] ^ MAKE_U32( + (uint8_t)(X1[GET_U8_BE(reg1, 0)] ), + (uint8_t)(X2[GET_U8_BE(reg1, 1)] >> 8), + (uint8_t)(S1[GET_U8_BE(reg1, 2)] ), + (uint8_t)(S2[GET_U8_BE(reg1, 3)] )); + reg2 = rk->u[2] ^ MAKE_U32( + (uint8_t)(X1[GET_U8_BE(reg2, 0)] ), + (uint8_t)(X2[GET_U8_BE(reg2, 1)] >> 8), + (uint8_t)(S1[GET_U8_BE(reg2, 2)] ), + (uint8_t)(S2[GET_U8_BE(reg2, 3)] )); + reg3 = rk->u[3] ^ MAKE_U32( + (uint8_t)(X1[GET_U8_BE(reg3, 0)] ), + (uint8_t)(X2[GET_U8_BE(reg3, 1)] >> 8), + (uint8_t)(S1[GET_U8_BE(reg3, 2)] ), + (uint8_t)(S2[GET_U8_BE(reg3, 3)] )); + + PUT_U32_BE(out, 0, reg0); + PUT_U32_BE(out, 1, reg1); + PUT_U32_BE(out, 2, reg2); + PUT_U32_BE(out, 3, reg3); +} + +int aria_set_encrypt_key(const unsigned char *userKey, const int bits, + ARIA_KEY *key) +{ + register uint32_t reg0, reg1, reg2, reg3; + uint32_t w0[4], w1[4], w2[4], w3[4]; + const uint32_t *ck; + + ARIA_u128 *rk; + int Nr = (bits + 256) / 32; + + if (userKey == NULL || key == NULL) { + return -1; + } + if (bits != 128 && bits != 192 && bits != 256) { + return -2; + } + + rk = key->rd_key; + key->rounds = Nr; + ck = &Key_RC[(bits - 128) / 64][0]; + + w0[0] = GET_U32_BE(userKey, 0); + w0[1] = GET_U32_BE(userKey, 1); + w0[2] = GET_U32_BE(userKey, 2); + w0[3] = GET_U32_BE(userKey, 3); + + reg0 = w0[0] ^ ck[0]; + reg1 = w0[1] ^ ck[1]; + reg2 = w0[2] ^ ck[2]; + reg3 = w0[3] ^ ck[3]; + + ARIA_SUBST_DIFF_ODD(reg0, reg1, reg2, reg3); + + if (bits > 128) { + w1[0] = GET_U32_BE(userKey, 4); + w1[1] = GET_U32_BE(userKey, 5); + if (bits > 192) { + w1[2] = GET_U32_BE(userKey, 6); + w1[3] = GET_U32_BE(userKey, 7); + } + else { + w1[2] = w1[3] = 0; + } + } + else { + w1[0] = w1[1] = w1[2] = w1[3] = 0; + } + + w1[0] ^= reg0; + w1[1] ^= reg1; + w1[2] ^= reg2; + w1[3] ^= reg3; + + reg0 = w1[0]; + reg1 = w1[1]; + reg2 = w1[2]; + reg3 = w1[3]; + + reg0 ^= ck[4]; + reg1 ^= ck[5]; + reg2 ^= ck[6]; + reg3 ^= ck[7]; + + ARIA_SUBST_DIFF_EVEN(reg0, reg1, reg2, reg3); + + reg0 ^= w0[0]; + reg1 ^= w0[1]; + reg2 ^= w0[2]; + reg3 ^= w0[3]; + + w2[0] = reg0; + w2[1] = reg1; + w2[2] = reg2; + w2[3] = reg3; + + reg0 ^= ck[8]; + reg1 ^= ck[9]; + reg2 ^= ck[10]; + reg3 ^= ck[11]; + + ARIA_SUBST_DIFF_ODD(reg0, reg1, reg2, reg3); + + w3[0] = reg0 ^ w1[0]; + w3[1] = reg1 ^ w1[1]; + w3[2] = reg2 ^ w1[2]; + w3[3] = reg3 ^ w1[3]; + + ARIA_GSRK(rk, w0, w1, 19); + rk++; + ARIA_GSRK(rk, w1, w2, 19); + rk++; + ARIA_GSRK(rk, w2, w3, 19); + rk++; + ARIA_GSRK(rk, w3, w0, 19); + + rk++; + ARIA_GSRK(rk, w0, w1, 31); + rk++; + ARIA_GSRK(rk, w1, w2, 31); + rk++; + ARIA_GSRK(rk, w2, w3, 31); + rk++; + ARIA_GSRK(rk, w3, w0, 31); + + rk++; + ARIA_GSRK(rk, w0, w1, 67); + rk++; + ARIA_GSRK(rk, w1, w2, 67); + rk++; + ARIA_GSRK(rk, w2, w3, 67); + rk++; + ARIA_GSRK(rk, w3, w0, 67); + + rk++; + ARIA_GSRK(rk, w0, w1, 97); + if (bits > 128) { + rk++; + ARIA_GSRK(rk, w1, w2, 97); + rk++; + ARIA_GSRK(rk, w2, w3, 97); + } + if (bits > 192) { + rk++; + ARIA_GSRK(rk, w3, w0, 97); + + rk++; + ARIA_GSRK(rk, w0, w1, 109); + } + + return 0; +} + +int aria_set_decrypt_key(const unsigned char *userKey, const int bits, + ARIA_KEY *key) +{ + ARIA_u128 *rk_head; + ARIA_u128 *rk_tail; + register uint32_t w1, w2; + register uint32_t reg0, reg1, reg2, reg3; + uint32_t s0, s1, s2, s3; + + const int r = aria_set_encrypt_key(userKey, bits, key); + + if (r != 0) { + return r; + } + + rk_head = key->rd_key; + rk_tail = rk_head + key->rounds; + + reg0 = rk_head->u[0]; + reg1 = rk_head->u[1]; + reg2 = rk_head->u[2]; + reg3 = rk_head->u[3]; + + memcpy(rk_head, rk_tail, ARIA_BLOCK_SIZE); + + rk_tail->u[0] = reg0; + rk_tail->u[1] = reg1; + rk_tail->u[2] = reg2; + rk_tail->u[3] = reg3; + + rk_head++; + rk_tail--; + + for (; rk_head < rk_tail; rk_head++, rk_tail--) { + ARIA_DEC_DIFF_BYTE(rk_head->u[0], reg0, w1, w2); + ARIA_DEC_DIFF_BYTE(rk_head->u[1], reg1, w1, w2); + ARIA_DEC_DIFF_BYTE(rk_head->u[2], reg2, w1, w2); + ARIA_DEC_DIFF_BYTE(rk_head->u[3], reg3, w1, w2); + + ARIA_DIFF_WORD(reg0, reg1, reg2, reg3); + ARIA_DIFF_BYTE(reg0, reg1, reg2, reg3); + ARIA_DIFF_WORD(reg0, reg1, reg2, reg3); + + s0 = reg0; + s1 = reg1; + s2 = reg2; + s3 = reg3; + + ARIA_DEC_DIFF_BYTE(rk_tail->u[0], reg0, w1, w2); + ARIA_DEC_DIFF_BYTE(rk_tail->u[1], reg1, w1, w2); + ARIA_DEC_DIFF_BYTE(rk_tail->u[2], reg2, w1, w2); + ARIA_DEC_DIFF_BYTE(rk_tail->u[3], reg3, w1, w2); + + ARIA_DIFF_WORD(reg0, reg1, reg2, reg3); + ARIA_DIFF_BYTE(reg0, reg1, reg2, reg3); + ARIA_DIFF_WORD(reg0, reg1, reg2, reg3); + + rk_head->u[0] = reg0; + rk_head->u[1] = reg1; + rk_head->u[2] = reg2; + rk_head->u[3] = reg3; + + rk_tail->u[0] = s0; + rk_tail->u[1] = s1; + rk_tail->u[2] = s2; + rk_tail->u[3] = s3; + } + ARIA_DEC_DIFF_BYTE(rk_head->u[0], reg0, w1, w2); + ARIA_DEC_DIFF_BYTE(rk_head->u[1], reg1, w1, w2); + ARIA_DEC_DIFF_BYTE(rk_head->u[2], reg2, w1, w2); + ARIA_DEC_DIFF_BYTE(rk_head->u[3], reg3, w1, w2); + + ARIA_DIFF_WORD(reg0, reg1, reg2, reg3); + ARIA_DIFF_BYTE(reg0, reg1, reg2, reg3); + ARIA_DIFF_WORD(reg0, reg1, reg2, reg3); + + rk_tail->u[0] = reg0; + rk_tail->u[1] = reg1; + rk_tail->u[2] = reg2; + rk_tail->u[3] = reg3; + + return 0; +} + +#else + +static const unsigned char sb1[256] = { + 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, + 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76, + 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, + 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, + 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, + 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15, + 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, + 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75, + 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, + 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, + 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, + 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf, + 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, + 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8, + 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, + 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, + 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, + 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, + 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, + 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb, + 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, + 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, + 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, + 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08, + 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, + 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, + 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, + 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, + 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, + 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, + 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, + 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 +}; + +static const unsigned char sb2[256] = { + 0xe2, 0x4e, 0x54, 0xfc, 0x94, 0xc2, 0x4a, 0xcc, + 0x62, 0x0d, 0x6a, 0x46, 0x3c, 0x4d, 0x8b, 0xd1, + 0x5e, 0xfa, 0x64, 0xcb, 0xb4, 0x97, 0xbe, 0x2b, + 0xbc, 0x77, 0x2e, 0x03, 0xd3, 0x19, 0x59, 0xc1, + 0x1d, 0x06, 0x41, 0x6b, 0x55, 0xf0, 0x99, 0x69, + 0xea, 0x9c, 0x18, 0xae, 0x63, 0xdf, 0xe7, 0xbb, + 0x00, 0x73, 0x66, 0xfb, 0x96, 0x4c, 0x85, 0xe4, + 0x3a, 0x09, 0x45, 0xaa, 0x0f, 0xee, 0x10, 0xeb, + 0x2d, 0x7f, 0xf4, 0x29, 0xac, 0xcf, 0xad, 0x91, + 0x8d, 0x78, 0xc8, 0x95, 0xf9, 0x2f, 0xce, 0xcd, + 0x08, 0x7a, 0x88, 0x38, 0x5c, 0x83, 0x2a, 0x28, + 0x47, 0xdb, 0xb8, 0xc7, 0x93, 0xa4, 0x12, 0x53, + 0xff, 0x87, 0x0e, 0x31, 0x36, 0x21, 0x58, 0x48, + 0x01, 0x8e, 0x37, 0x74, 0x32, 0xca, 0xe9, 0xb1, + 0xb7, 0xab, 0x0c, 0xd7, 0xc4, 0x56, 0x42, 0x26, + 0x07, 0x98, 0x60, 0xd9, 0xb6, 0xb9, 0x11, 0x40, + 0xec, 0x20, 0x8c, 0xbd, 0xa0, 0xc9, 0x84, 0x04, + 0x49, 0x23, 0xf1, 0x4f, 0x50, 0x1f, 0x13, 0xdc, + 0xd8, 0xc0, 0x9e, 0x57, 0xe3, 0xc3, 0x7b, 0x65, + 0x3b, 0x02, 0x8f, 0x3e, 0xe8, 0x25, 0x92, 0xe5, + 0x15, 0xdd, 0xfd, 0x17, 0xa9, 0xbf, 0xd4, 0x9a, + 0x7e, 0xc5, 0x39, 0x67, 0xfe, 0x76, 0x9d, 0x43, + 0xa7, 0xe1, 0xd0, 0xf5, 0x68, 0xf2, 0x1b, 0x34, + 0x70, 0x05, 0xa3, 0x8a, 0xd5, 0x79, 0x86, 0xa8, + 0x30, 0xc6, 0x51, 0x4b, 0x1e, 0xa6, 0x27, 0xf6, + 0x35, 0xd2, 0x6e, 0x24, 0x16, 0x82, 0x5f, 0xda, + 0xe6, 0x75, 0xa2, 0xef, 0x2c, 0xb2, 0x1c, 0x9f, + 0x5d, 0x6f, 0x80, 0x0a, 0x72, 0x44, 0x9b, 0x6c, + 0x90, 0x0b, 0x5b, 0x33, 0x7d, 0x5a, 0x52, 0xf3, + 0x61, 0xa1, 0xf7, 0xb0, 0xd6, 0x3f, 0x7c, 0x6d, + 0xed, 0x14, 0xe0, 0xa5, 0x3d, 0x22, 0xb3, 0xf8, + 0x89, 0xde, 0x71, 0x1a, 0xaf, 0xba, 0xb5, 0x81 +}; + +static const unsigned char sb3[256] = { + 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, + 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb, + 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, + 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb, + 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, + 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e, + 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, + 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25, + 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, + 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92, + 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, + 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84, + 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, + 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06, + 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, + 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b, + 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, + 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73, + 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, + 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e, + 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, + 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b, + 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, + 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4, + 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, + 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f, + 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, + 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef, + 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, + 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61, + 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, + 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d +}; + +static const unsigned char sb4[256] = { + 0x30, 0x68, 0x99, 0x1b, 0x87, 0xb9, 0x21, 0x78, + 0x50, 0x39, 0xdb, 0xe1, 0x72, 0x09, 0x62, 0x3c, + 0x3e, 0x7e, 0x5e, 0x8e, 0xf1, 0xa0, 0xcc, 0xa3, + 0x2a, 0x1d, 0xfb, 0xb6, 0xd6, 0x20, 0xc4, 0x8d, + 0x81, 0x65, 0xf5, 0x89, 0xcb, 0x9d, 0x77, 0xc6, + 0x57, 0x43, 0x56, 0x17, 0xd4, 0x40, 0x1a, 0x4d, + 0xc0, 0x63, 0x6c, 0xe3, 0xb7, 0xc8, 0x64, 0x6a, + 0x53, 0xaa, 0x38, 0x98, 0x0c, 0xf4, 0x9b, 0xed, + 0x7f, 0x22, 0x76, 0xaf, 0xdd, 0x3a, 0x0b, 0x58, + 0x67, 0x88, 0x06, 0xc3, 0x35, 0x0d, 0x01, 0x8b, + 0x8c, 0xc2, 0xe6, 0x5f, 0x02, 0x24, 0x75, 0x93, + 0x66, 0x1e, 0xe5, 0xe2, 0x54, 0xd8, 0x10, 0xce, + 0x7a, 0xe8, 0x08, 0x2c, 0x12, 0x97, 0x32, 0xab, + 0xb4, 0x27, 0x0a, 0x23, 0xdf, 0xef, 0xca, 0xd9, + 0xb8, 0xfa, 0xdc, 0x31, 0x6b, 0xd1, 0xad, 0x19, + 0x49, 0xbd, 0x51, 0x96, 0xee, 0xe4, 0xa8, 0x41, + 0xda, 0xff, 0xcd, 0x55, 0x86, 0x36, 0xbe, 0x61, + 0x52, 0xf8, 0xbb, 0x0e, 0x82, 0x48, 0x69, 0x9a, + 0xe0, 0x47, 0x9e, 0x5c, 0x04, 0x4b, 0x34, 0x15, + 0x79, 0x26, 0xa7, 0xde, 0x29, 0xae, 0x92, 0xd7, + 0x84, 0xe9, 0xd2, 0xba, 0x5d, 0xf3, 0xc5, 0xb0, + 0xbf, 0xa4, 0x3b, 0x71, 0x44, 0x46, 0x2b, 0xfc, + 0xeb, 0x6f, 0xd5, 0xf6, 0x14, 0xfe, 0x7c, 0x70, + 0x5a, 0x7d, 0xfd, 0x2f, 0x18, 0x83, 0x16, 0xa5, + 0x91, 0x1f, 0x05, 0x95, 0x74, 0xa9, 0xc1, 0x5b, + 0x4a, 0x85, 0x6d, 0x13, 0x07, 0x4f, 0x4e, 0x45, + 0xb2, 0x0f, 0xc9, 0x1c, 0xa6, 0xbc, 0xec, 0x73, + 0x90, 0x7b, 0xcf, 0x59, 0x8f, 0xa1, 0xf9, 0x2d, + 0xf2, 0xb1, 0x00, 0x94, 0x37, 0x9f, 0xd0, 0x2e, + 0x9c, 0x6e, 0x28, 0x3f, 0x80, 0xf0, 0x3d, 0xd3, + 0x25, 0x8a, 0xb5, 0xe7, 0x42, 0xb3, 0xc7, 0xea, + 0xf7, 0x4c, 0x11, 0x33, 0x03, 0xa2, 0xac, 0x60 +}; + +static const ARIA_u128 c1 = {{ + 0x51, 0x7c, 0xc1, 0xb7, 0x27, 0x22, 0x0a, 0x94, + 0xfe, 0x13, 0xab, 0xe8, 0xfa, 0x9a, 0x6e, 0xe0 +}}; + +static const ARIA_u128 c2 = {{ + 0x6d, 0xb1, 0x4a, 0xcc, 0x9e, 0x21, 0xc8, 0x20, + 0xff, 0x28, 0xb1, 0xd5, 0xef, 0x5d, 0xe2, 0xb0 +}}; + +static const ARIA_u128 c3 = {{ + 0xdb, 0x92, 0x37, 0x1d, 0x21, 0x26, 0xe9, 0x70, + 0x03, 0x24, 0x97, 0x75, 0x04, 0xe8, 0xc9, 0x0e +}}; + +/* + * Exclusive or two 128 bit values into the result. + * It is safe for the result to be the same as the either input. + */ +static void xor128(ARIA_c128 o, const ARIA_c128 x, const ARIA_u128 *y) +{ + int i; + + for (i = 0; i < ARIA_BLOCK_SIZE; i++) + o[i] = x[i] ^ y->c[i]; +} + +/* + * Generalised circular rotate right and exclusive or function. + * It is safe for the output to overlap either input. + */ +static ossl_inline void rotnr(unsigned int n, ARIA_u128 *o, + const ARIA_u128 *xor, const ARIA_u128 *z) +{ + const unsigned int bytes = n / 8, bits = n % 8; + unsigned int i; + ARIA_u128 t; + + for (i = 0; i < ARIA_BLOCK_SIZE; i++) + t.c[(i + bytes) % ARIA_BLOCK_SIZE] = z->c[i]; + for (i = 0; i < ARIA_BLOCK_SIZE; i++) + o->c[i] = ((t.c[i] >> bits) | + (t.c[i ? i - 1 : ARIA_BLOCK_SIZE - 1] << (8 - bits))) ^ + xor->c[i]; +} + +/* + * Circular rotate 19 bits right and xor. + * It is safe for the output to overlap either input. + */ +static void rot19r(ARIA_u128 *o, const ARIA_u128 *xor, const ARIA_u128 *z) +{ + rotnr(19, o, xor, z); +} + +/* + * Circular rotate 31 bits right and xor. + * It is safe for the output to overlap either input. + */ +static void rot31r(ARIA_u128 *o, const ARIA_u128 *xor, const ARIA_u128 *z) +{ + rotnr(31, o, xor, z); +} + +/* + * Circular rotate 61 bits left and xor. + * It is safe for the output to overlap either input. + */ +static void rot61l(ARIA_u128 *o, const ARIA_u128 *xor, const ARIA_u128 *z) +{ + rotnr(8 * ARIA_BLOCK_SIZE - 61, o, xor, z); +} + +/* + * Circular rotate 31 bits left and xor. + * It is safe for the output to overlap either input. + */ +static void rot31l(ARIA_u128 *o, const ARIA_u128 *xor, const ARIA_u128 *z) +{ + rotnr(8 * ARIA_BLOCK_SIZE - 31, o, xor, z); +} + +/* + * Circular rotate 19 bits left and xor. + * It is safe for the output to overlap either input. + */ +static void rot19l(ARIA_u128 *o, const ARIA_u128 *xor, const ARIA_u128 *z) +{ + rotnr(8 * ARIA_BLOCK_SIZE - 19, o, xor, z); +} + +/* + * First substitution and xor layer, used for odd steps. + * It is safe for the input and output to be the same. + */ +static void sl1(ARIA_u128 *o, const ARIA_u128 *x, const ARIA_u128 *y) +{ + unsigned int i; + for (i = 0; i < ARIA_BLOCK_SIZE; i += 4) { + o->c[i ] = sb1[x->c[i ] ^ y->c[i ]]; + o->c[i + 1] = sb2[x->c[i + 1] ^ y->c[i + 1]]; + o->c[i + 2] = sb3[x->c[i + 2] ^ y->c[i + 2]]; + o->c[i + 3] = sb4[x->c[i + 3] ^ y->c[i + 3]]; + } +} + +/* + * Second substitution and xor layer, used for even steps. + * It is safe for the input and output to be the same. + */ +static void sl2(ARIA_c128 o, const ARIA_u128 *x, const ARIA_u128 *y) +{ + unsigned int i; + for (i = 0; i < ARIA_BLOCK_SIZE; i += 4) { + o[i ] = sb3[x->c[i ] ^ y->c[i ]]; + o[i + 1] = sb4[x->c[i + 1] ^ y->c[i + 1]]; + o[i + 2] = sb1[x->c[i + 2] ^ y->c[i + 2]]; + o[i + 3] = sb2[x->c[i + 3] ^ y->c[i + 3]]; + } +} + +/* + * Diffusion layer step + * It is NOT safe for the input and output to overlap. + */ +static void a(ARIA_u128 *y, const ARIA_u128 *x) +{ + y->c[ 0] = x->c[ 3] ^ x->c[ 4] ^ x->c[ 6] ^ x->c[ 8] ^ + x->c[ 9] ^ x->c[13] ^ x->c[14]; + y->c[ 1] = x->c[ 2] ^ x->c[ 5] ^ x->c[ 7] ^ x->c[ 8] ^ + x->c[ 9] ^ x->c[12] ^ x->c[15]; + y->c[ 2] = x->c[ 1] ^ x->c[ 4] ^ x->c[ 6] ^ x->c[10] ^ + x->c[11] ^ x->c[12] ^ x->c[15]; + y->c[ 3] = x->c[ 0] ^ x->c[ 5] ^ x->c[ 7] ^ x->c[10] ^ + x->c[11] ^ x->c[13] ^ x->c[14]; + y->c[ 4] = x->c[ 0] ^ x->c[ 2] ^ x->c[ 5] ^ x->c[ 8] ^ + x->c[11] ^ x->c[14] ^ x->c[15]; + y->c[ 5] = x->c[ 1] ^ x->c[ 3] ^ x->c[ 4] ^ x->c[ 9] ^ + x->c[10] ^ x->c[14] ^ x->c[15]; + y->c[ 6] = x->c[ 0] ^ x->c[ 2] ^ x->c[ 7] ^ x->c[ 9] ^ + x->c[10] ^ x->c[12] ^ x->c[13]; + y->c[ 7] = x->c[ 1] ^ x->c[ 3] ^ x->c[ 6] ^ x->c[ 8] ^ + x->c[11] ^ x->c[12] ^ x->c[13]; + y->c[ 8] = x->c[ 0] ^ x->c[ 1] ^ x->c[ 4] ^ x->c[ 7] ^ + x->c[10] ^ x->c[13] ^ x->c[15]; + y->c[ 9] = x->c[ 0] ^ x->c[ 1] ^ x->c[ 5] ^ x->c[ 6] ^ + x->c[11] ^ x->c[12] ^ x->c[14]; + y->c[10] = x->c[ 2] ^ x->c[ 3] ^ x->c[ 5] ^ x->c[ 6] ^ + x->c[ 8] ^ x->c[13] ^ x->c[15]; + y->c[11] = x->c[ 2] ^ x->c[ 3] ^ x->c[ 4] ^ x->c[ 7] ^ + x->c[ 9] ^ x->c[12] ^ x->c[14]; + y->c[12] = x->c[ 1] ^ x->c[ 2] ^ x->c[ 6] ^ x->c[ 7] ^ + x->c[ 9] ^ x->c[11] ^ x->c[12]; + y->c[13] = x->c[ 0] ^ x->c[ 3] ^ x->c[ 6] ^ x->c[ 7] ^ + x->c[ 8] ^ x->c[10] ^ x->c[13]; + y->c[14] = x->c[ 0] ^ x->c[ 3] ^ x->c[ 4] ^ x->c[ 5] ^ + x->c[ 9] ^ x->c[11] ^ x->c[14]; + y->c[15] = x->c[ 1] ^ x->c[ 2] ^ x->c[ 4] ^ x->c[ 5] ^ + x->c[ 8] ^ x->c[10] ^ x->c[15]; +} + +/* + * Odd round function + * Apply the first substitution layer and then a diffusion step. + * It is safe for the input and output to overlap. + */ +static ossl_inline void FO(ARIA_u128 *o, const ARIA_u128 *d, + const ARIA_u128 *rk) +{ + ARIA_u128 y; + + sl1(&y, d, rk); + a(o, &y); +} + +/* + * Even round function + * Apply the second substitution layer and then a diffusion step. + * It is safe for the input and output to overlap. + */ +static ossl_inline void FE(ARIA_u128 *o, const ARIA_u128 *d, + const ARIA_u128 *rk) +{ + ARIA_u128 y; + + sl2(y.c, d, rk); + a(o, &y); +} + +/* + * Encrypt or decrypt a single block + * in and out can overlap + */ +static void do_encrypt(unsigned char *o, const unsigned char *pin, + unsigned int rounds, const ARIA_u128 *keys) +{ + ARIA_u128 p; + unsigned int i; + + memcpy(&p, pin, sizeof(p)); + for (i = 0; i < rounds - 2; i += 2) { + FO(&p, &p, &keys[i]); + FE(&p, &p, &keys[i + 1]); + } + FO(&p, &p, &keys[rounds - 2]); + sl2(o, &p, &keys[rounds - 1]); + xor128(o, o, &keys[rounds]); +} + +/* + * Encrypt a single block + * in and out can overlap + */ +void aria_encrypt(const unsigned char *in, unsigned char *out, + const ARIA_KEY *key) +{ + assert(in != NULL && out != NULL && key != NULL); + do_encrypt(out, in, key->rounds, key->rd_key); +} + + +/* + * Expand the cipher key into the encryption key schedule. + * We short circuit execution of the last two + * or four rotations based on the key size. + */ +int aria_set_encrypt_key(const unsigned char *userKey, const int bits, + ARIA_KEY *key) +{ + const ARIA_u128 *ck1, *ck2, *ck3; + ARIA_u128 kr, w0, w1, w2, w3; + + if (!userKey || !key) + return -1; + memcpy(w0.c, userKey, sizeof(w0)); + switch (bits) { + default: + return -2; + case 128: + key->rounds = 12; + ck1 = &c1; + ck2 = &c2; + ck3 = &c3; + memset(kr.c, 0, sizeof(kr)); + break; + + case 192: + key->rounds = 14; + ck1 = &c2; + ck2 = &c3; + ck3 = &c1; + memcpy(kr.c, userKey + ARIA_BLOCK_SIZE, sizeof(kr) / 2); + memset(kr.c + ARIA_BLOCK_SIZE / 2, 0, sizeof(kr) / 2); + break; + + case 256: + key->rounds = 16; + ck1 = &c3; + ck2 = &c1; + ck3 = &c2; + memcpy(kr.c, userKey + ARIA_BLOCK_SIZE, sizeof(kr)); + break; + } + + FO(&w3, &w0, ck1); xor128(w1.c, w3.c, &kr); + FE(&w3, &w1, ck2); xor128(w2.c, w3.c, &w0); + FO(&kr, &w2, ck3); xor128(w3.c, kr.c, &w1); + + rot19r(&key->rd_key[ 0], &w0, &w1); + rot19r(&key->rd_key[ 1], &w1, &w2); + rot19r(&key->rd_key[ 2], &w2, &w3); + rot19r(&key->rd_key[ 3], &w3, &w0); + + rot31r(&key->rd_key[ 4], &w0, &w1); + rot31r(&key->rd_key[ 5], &w1, &w2); + rot31r(&key->rd_key[ 6], &w2, &w3); + rot31r(&key->rd_key[ 7], &w3, &w0); + + rot61l(&key->rd_key[ 8], &w0, &w1); + rot61l(&key->rd_key[ 9], &w1, &w2); + rot61l(&key->rd_key[10], &w2, &w3); + rot61l(&key->rd_key[11], &w3, &w0); + + rot31l(&key->rd_key[12], &w0, &w1); + if (key->rounds > 12) { + rot31l(&key->rd_key[13], &w1, &w2); + rot31l(&key->rd_key[14], &w2, &w3); + + if (key->rounds > 14) { + rot31l(&key->rd_key[15], &w3, &w0); + rot19l(&key->rd_key[16], &w0, &w1); + } + } + return 0; +} + +/* + * Expand the cipher key into the decryption key schedule. + */ +int aria_set_decrypt_key(const unsigned char *userKey, const int bits, + ARIA_KEY *key) +{ + ARIA_KEY ek; + const int r = aria_set_encrypt_key(userKey, bits, &ek); + unsigned int i, rounds = ek.rounds; + + if (r == 0) { + key->rounds = rounds; + memcpy(&key->rd_key[0], &ek.rd_key[rounds], sizeof(key->rd_key[0])); + for (i = 1; i < rounds; i++) + a(&key->rd_key[i], &ek.rd_key[rounds - i]); + memcpy(&key->rd_key[rounds], &ek.rd_key[0], sizeof(key->rd_key[rounds])); + } + return r; +} + +#endif diff --git a/deps/openssl/openssl/crypto/aria/build.info b/deps/openssl/openssl/crypto/aria/build.info new file mode 100644 index 00000000000000..1dc2354e676139 --- /dev/null +++ b/deps/openssl/openssl/crypto/aria/build.info @@ -0,0 +1,3 @@ +LIBS=../../libcrypto +SOURCE[../../libcrypto]=\ + aria.c diff --git a/deps/openssl/openssl/crypto/arm64cpuid.pl b/deps/openssl/openssl/crypto/arm64cpuid.pl index caa33875c93739..06c8add7a07561 100755 --- a/deps/openssl/openssl/crypto/arm64cpuid.pl +++ b/deps/openssl/openssl/crypto/arm64cpuid.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -63,6 +63,7 @@ sha256su0 v0.4s, v0.4s ret .size _armv8_sha256_probe,.-_armv8_sha256_probe + .globl _armv8_pmull_probe .type _armv8_pmull_probe,%function _armv8_pmull_probe: @@ -70,6 +71,13 @@ ret .size _armv8_pmull_probe,.-_armv8_pmull_probe +.globl _armv8_sha512_probe +.type _armv8_sha512_probe,%function +_armv8_sha512_probe: + .long 0xcec08000 // sha512su0 v0.2d,v0.2d + ret +.size _armv8_sha512_probe,.-_armv8_sha512_probe + .globl OPENSSL_cleanse .type OPENSSL_cleanse,%function .align 5 @@ -107,6 +115,19 @@ CRYPTO_memcmp: eor w3,w3,w3 cbz x2,.Lno_data // len==0? + cmp x2,#16 + b.ne .Loop_cmp + ldp x8,x9,[x0] + ldp x10,x11,[x1] + eor x8,x8,x10 + eor x9,x9,x11 + orr x8,x8,x9 + mov x0,#1 + cmp x8,#0 + csel x0,xzr,x0,eq + ret + +.align 4 .Loop_cmp: ldrb w4,[x0],#1 ldrb w5,[x1],#1 diff --git a/deps/openssl/openssl/crypto/arm_arch.h b/deps/openssl/openssl/crypto/arm_arch.h index 25419e0df17d47..f11b543df64f0c 100644 --- a/deps/openssl/openssl/crypto/arm_arch.h +++ b/deps/openssl/openssl/crypto/arm_arch.h @@ -28,7 +28,7 @@ # endif /* * Why doesn't gcc define __ARM_ARCH__? Instead it defines - * bunch of below macros. See all_architectires[] table in + * bunch of below macros. See all_architectures[] table in * gcc/config/arm/arm.c. On a side note it defines * __ARMEL__/__ARMEB__ for little-/big-endian. */ @@ -79,5 +79,6 @@ extern unsigned int OPENSSL_armcap_P; # define ARMV8_SHA1 (1<<3) # define ARMV8_SHA256 (1<<4) # define ARMV8_PMULL (1<<5) +# define ARMV8_SHA512 (1<<6) #endif diff --git a/deps/openssl/openssl/crypto/armcap.c b/deps/openssl/openssl/crypto/armcap.c index 28e97c8c4a0483..1b3c2722d1e168 100644 --- a/deps/openssl/openssl/crypto/armcap.c +++ b/deps/openssl/openssl/crypto/armcap.c @@ -13,7 +13,7 @@ #include #include #include -#include +#include "internal/cryptlib.h" #include "arm_arch.h" @@ -24,7 +24,7 @@ void OPENSSL_cpuid_setup(void) { } -unsigned long OPENSSL_rdtsc(void) +uint32_t OPENSSL_rdtsc(void) { return 0; } @@ -46,9 +46,12 @@ void _armv8_aes_probe(void); void _armv8_sha1_probe(void); void _armv8_sha256_probe(void); void _armv8_pmull_probe(void); -unsigned long _armv7_tick(void); +# ifdef __aarch64__ +void _armv8_sha512_probe(void); +# endif +uint32_t _armv7_tick(void); -unsigned long OPENSSL_rdtsc(void) +uint32_t OPENSSL_rdtsc(void) { if (OPENSSL_armcap_P & ARMV7_TICK) return _armv7_tick(); @@ -94,11 +97,12 @@ static unsigned long (*getauxval) (unsigned long) = NULL; # define HWCAP_CE_PMULL (1 << 4) # define HWCAP_CE_SHA1 (1 << 5) # define HWCAP_CE_SHA256 (1 << 6) +# define HWCAP_CE_SHA512 (1 << 21) # endif void OPENSSL_cpuid_setup(void) { - char *e; + const char *e; struct sigaction ill_oact, ill_act; sigset_t oset; static int trigger = 0; @@ -163,6 +167,11 @@ void OPENSSL_cpuid_setup(void) if (hwcap & HWCAP_CE_SHA256) OPENSSL_armcap_P |= ARMV8_SHA256; + +# ifdef __aarch64__ + if (hwcap & HWCAP_CE_SHA512) + OPENSSL_armcap_P |= ARMV8_SHA512; +# endif } } else if (sigsetjmp(ill_jmp, 1) == 0) { _armv7_neon_probe(); @@ -182,6 +191,12 @@ void OPENSSL_cpuid_setup(void) _armv8_sha256_probe(); OPENSSL_armcap_P |= ARMV8_SHA256; } +# if defined(__aarch64__) && !defined(__APPLE__) + if (sigsetjmp(ill_jmp, 1) == 0) { + _armv8_sha512_probe(); + OPENSSL_armcap_P |= ARMV8_SHA512; + } +# endif } if (sigsetjmp(ill_jmp, 1) == 0) { _armv7_tick(); diff --git a/deps/openssl/openssl/crypto/asn1/a_bitstr.c b/deps/openssl/openssl/crypto/asn1/a_bitstr.c index b2e0fb688265ec..bffbd160a233ee 100644 --- a/deps/openssl/openssl/crypto/asn1/a_bitstr.c +++ b/deps/openssl/openssl/crypto/asn1/a_bitstr.c @@ -24,7 +24,7 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp) unsigned char *p, *d; if (a == NULL) - return (0); + return 0; len = a->length; @@ -61,7 +61,7 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp) ret = 1 + len; if (pp == NULL) - return (ret); + return ret; p = *pp; @@ -73,7 +73,7 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp) p[-1] &= (0xff << bits); } *pp = p; - return (ret); + return ret; } ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, @@ -96,7 +96,7 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, if ((a == NULL) || ((*a) == NULL)) { if ((ret = ASN1_BIT_STRING_new()) == NULL) - return (NULL); + return NULL; } else ret = (*a); @@ -132,16 +132,16 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, if (a != NULL) (*a) = ret; *pp = p; - return (ret); + return ret; err: ASN1err(ASN1_F_C2I_ASN1_BIT_STRING, i); if ((a == NULL) || (*a != ret)) ASN1_BIT_STRING_free(ret); - return (NULL); + return NULL; } /* - * These next 2 functions from Goetz Babin-Ebell + * These next 2 functions from Goetz Babin-Ebell. */ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value) { @@ -161,7 +161,7 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value) if ((a->length < (w + 1)) || (a->data == NULL)) { if (!value) - return (1); /* Don't need to set */ + return 1; /* Don't need to set */ c = OPENSSL_clear_realloc(a->data, a->length, w + 1); if (c == NULL) { ASN1err(ASN1_F_ASN1_BIT_STRING_SET_BIT, ERR_R_MALLOC_FAILURE); @@ -175,7 +175,7 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value) a->data[w] = ((a->data[w]) & iv) | v; while ((a->length > 0) && (a->data[a->length - 1] == 0)) a->length--; - return (1); + return 1; } int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n) @@ -185,7 +185,7 @@ int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n) w = n / 8; v = 1 << (7 - (n & 0x07)); if ((a == NULL) || (a->length < (w + 1)) || (a->data == NULL)) - return (0); + return 0; return ((a->data[w] & v) != 0); } diff --git a/deps/openssl/openssl/crypto/asn1/a_d2i_fp.c b/deps/openssl/openssl/crypto/asn1/a_d2i_fp.c index e5c1d0ed70e2a7..a1a17901b8f8c1 100644 --- a/deps/openssl/openssl/crypto/asn1/a_d2i_fp.c +++ b/deps/openssl/openssl/crypto/asn1/a_d2i_fp.c @@ -13,8 +13,7 @@ #include "internal/numbers.h" #include #include - -static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb); +#include "internal/asn1_int.h" #ifndef NO_OLD_ASN1 # ifndef OPENSSL_NO_STDIO @@ -26,12 +25,12 @@ void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x) if ((b = BIO_new(BIO_s_file())) == NULL) { ASN1err(ASN1_F_ASN1_D2I_FP, ERR_R_BUF_LIB); - return (NULL); + return NULL; } BIO_set_fp(b, in, BIO_NOCLOSE); ret = ASN1_d2i_bio(xnew, d2i, b, x); BIO_free(b); - return (ret); + return ret; } # endif @@ -50,7 +49,7 @@ void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x) ret = d2i(x, &p, len); err: BUF_MEM_free(b); - return (ret); + return ret; } #endif @@ -70,7 +69,7 @@ void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x) ret = ASN1_item_d2i(x, &p, len, it); err: BUF_MEM_free(b); - return (ret); + return ret; } #ifndef OPENSSL_NO_STDIO @@ -81,18 +80,18 @@ void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x) if ((b = BIO_new(BIO_s_file())) == NULL) { ASN1err(ASN1_F_ASN1_ITEM_D2I_FP, ERR_R_BUF_LIB); - return (NULL); + return NULL; } BIO_set_fp(b, in, BIO_NOCLOSE); ret = ASN1_item_d2i_bio(it, b, x); BIO_free(b); - return (ret); + return ret; } #endif #define HEADER_SIZE 8 #define ASN1_CHUNK_INITIAL_SIZE (16 * 1024) -static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) +int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) { BUF_MEM *b; unsigned char *p; diff --git a/deps/openssl/openssl/crypto/asn1/a_digest.c b/deps/openssl/openssl/crypto/asn1/a_digest.c index c84ecc9b4bce9c..f4cc1f2e0eaa52 100644 --- a/deps/openssl/openssl/crypto/asn1/a_digest.c +++ b/deps/openssl/openssl/crypto/asn1/a_digest.c @@ -29,7 +29,7 @@ int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, i = i2d(data, NULL); if ((str = OPENSSL_malloc(i)) == NULL) { ASN1err(ASN1_F_ASN1_DIGEST, ERR_R_MALLOC_FAILURE); - return (0); + return 0; } p = str; i2d(data, &p); @@ -39,7 +39,7 @@ int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, return 0; } OPENSSL_free(str); - return (1); + return 1; } #endif @@ -52,12 +52,12 @@ int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn, i = ASN1_item_i2d(asn, &str, it); if (!str) - return (0); + return 0; if (!EVP_Digest(str, i, md, len, type, NULL)) { OPENSSL_free(str); return 0; } OPENSSL_free(str); - return (1); + return 1; } diff --git a/deps/openssl/openssl/crypto/asn1/a_dup.c b/deps/openssl/openssl/crypto/asn1/a_dup.c index d9a57b2c612338..50af6b0006094e 100644 --- a/deps/openssl/openssl/crypto/asn1/a_dup.c +++ b/deps/openssl/openssl/crypto/asn1/a_dup.c @@ -21,20 +21,20 @@ void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x) char *ret; if (x == NULL) - return (NULL); + return NULL; i = i2d(x, NULL); b = OPENSSL_malloc(i + 10); if (b == NULL) { ASN1err(ASN1_F_ASN1_DUP, ERR_R_MALLOC_FAILURE); - return (NULL); + return NULL; } p = b; i = i2d(x, &p); p2 = b; ret = d2i(NULL, &p2, i); OPENSSL_free(b); - return (ret); + return ret; } #endif @@ -54,15 +54,15 @@ void *ASN1_item_dup(const ASN1_ITEM *it, void *x) void *ret; if (x == NULL) - return (NULL); + return NULL; i = ASN1_item_i2d(x, &b, it); if (b == NULL) { ASN1err(ASN1_F_ASN1_ITEM_DUP, ERR_R_MALLOC_FAILURE); - return (NULL); + return NULL; } p = b; ret = ASN1_item_d2i(NULL, &p, i, it); OPENSSL_free(b); - return (ret); + return ret; } diff --git a/deps/openssl/openssl/crypto/asn1/a_gentm.c b/deps/openssl/openssl/crypto/asn1/a_gentm.c index ff1b6954756698..d3878d6e57fe47 100644 --- a/deps/openssl/openssl/crypto/asn1/a_gentm.c +++ b/deps/openssl/openssl/crypto/asn1/a_gentm.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -17,121 +17,13 @@ #include #include "asn1_locl.h" +/* This is the primary function used to parse ASN1_GENERALIZEDTIME */ int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d) { - static const int min[9] = { 0, 0, 1, 1, 0, 0, 0, 0, 0 }; - static const int max[9] = { 99, 99, 12, 31, 23, 59, 59, 12, 59 }; - char *a; - int n, i, l, o; - + /* wrapper around asn1_time_to_tm */ if (d->type != V_ASN1_GENERALIZEDTIME) - return (0); - l = d->length; - a = (char *)d->data; - o = 0; - /* - * GENERALIZEDTIME is similar to UTCTIME except the year is represented - * as YYYY. This stuff treats everything as a two digit field so make - * first two fields 00 to 99 - */ - if (l < 13) - goto err; - for (i = 0; i < 7; i++) { - if ((i == 6) && ((a[o] == 'Z') || (a[o] == '+') || (a[o] == '-'))) { - i++; - if (tm) - tm->tm_sec = 0; - break; - } - if ((a[o] < '0') || (a[o] > '9')) - goto err; - n = a[o] - '0'; - if (++o > l) - goto err; - - if ((a[o] < '0') || (a[o] > '9')) - goto err; - n = (n * 10) + a[o] - '0'; - if (++o > l) - goto err; - - if ((n < min[i]) || (n > max[i])) - goto err; - if (tm) { - switch (i) { - case 0: - tm->tm_year = n * 100 - 1900; - break; - case 1: - tm->tm_year += n; - break; - case 2: - tm->tm_mon = n - 1; - break; - case 3: - tm->tm_mday = n; - break; - case 4: - tm->tm_hour = n; - break; - case 5: - tm->tm_min = n; - break; - case 6: - tm->tm_sec = n; - break; - } - } - } - /* - * Optional fractional seconds: decimal point followed by one or more - * digits. - */ - if (a[o] == '.') { - if (++o > l) - goto err; - i = o; - while ((a[o] >= '0') && (a[o] <= '9') && (o <= l)) - o++; - /* Must have at least one digit after decimal point */ - if (i == o) - goto err; - } - - if (a[o] == 'Z') - o++; - else if ((a[o] == '+') || (a[o] == '-')) { - int offsign = a[o] == '-' ? 1 : -1, offset = 0; - o++; - if (o + 4 > l) - goto err; - for (i = 7; i < 9; i++) { - if ((a[o] < '0') || (a[o] > '9')) - goto err; - n = a[o] - '0'; - o++; - if ((a[o] < '0') || (a[o] > '9')) - goto err; - n = (n * 10) + a[o] - '0'; - if ((n < min[i]) || (n > max[i])) - goto err; - if (tm) { - if (i == 7) - offset = n * 3600; - else if (i == 8) - offset += n * 60; - } - o++; - } - if (offset && !OPENSSL_gmtime_adj(tm, 0, offset * offsign)) - return 0; - } else if (a[o]) { - /* Missing time zone information. */ - goto err; - } - return (o == l); - err: - return (0); + return 0; + return asn1_time_to_tm(tm, d); } int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *d) @@ -146,15 +38,15 @@ int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str) t.type = V_ASN1_GENERALIZEDTIME; t.length = strlen(str); t.data = (unsigned char *)str; - if (ASN1_GENERALIZEDTIME_check(&t)) { - if (s != NULL) { - if (!ASN1_STRING_set((ASN1_STRING *)s, str, t.length)) - return 0; - s->type = V_ASN1_GENERALIZEDTIME; - } - return (1); - } else - return (0); + t.flags = 0; + + if (!ASN1_GENERALIZEDTIME_check(&t)) + return 0; + + if (s != NULL && !ASN1_STRING_copy(s, &t)) + return 0; + + return 1; } ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, @@ -167,107 +59,24 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, time_t t, int offset_day, long offset_sec) { - char *p; struct tm *ts; struct tm data; - size_t len = 20; - ASN1_GENERALIZEDTIME *tmps = NULL; - - if (s == NULL) - tmps = ASN1_GENERALIZEDTIME_new(); - else - tmps = s; - if (tmps == NULL) - return NULL; ts = OPENSSL_gmtime(&t, &data); if (ts == NULL) - goto err; + return NULL; if (offset_day || offset_sec) { if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec)) - goto err; - } - - p = (char *)tmps->data; - if ((p == NULL) || ((size_t)tmps->length < len)) { - p = OPENSSL_malloc(len); - if (p == NULL) { - ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_ADJ, ERR_R_MALLOC_FAILURE); - goto err; - } - OPENSSL_free(tmps->data); - tmps->data = (unsigned char *)p; + return NULL; } - BIO_snprintf(p, len, "%04d%02d%02d%02d%02d%02dZ", ts->tm_year + 1900, - ts->tm_mon + 1, ts->tm_mday, ts->tm_hour, ts->tm_min, - ts->tm_sec); - tmps->length = strlen(p); - tmps->type = V_ASN1_GENERALIZEDTIME; -#ifdef CHARSET_EBCDIC_not - ebcdic2ascii(tmps->data, tmps->data, tmps->length); -#endif - return tmps; - err: - if (s == NULL) - ASN1_GENERALIZEDTIME_free(tmps); - return NULL; + return asn1_time_from_tm(s, ts, V_ASN1_GENERALIZEDTIME); } -const char *_asn1_mon[12] = { - "Jan", "Feb", "Mar", "Apr", "May", "Jun", - "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" -}; - int ASN1_GENERALIZEDTIME_print(BIO *bp, const ASN1_GENERALIZEDTIME *tm) { - char *v; - int gmt = 0; - int i; - int y = 0, M = 0, d = 0, h = 0, m = 0, s = 0; - char *f = NULL; - int f_len = 0; - - i = tm->length; - v = (char *)tm->data; - - if (i < 12) - goto err; - if (v[i - 1] == 'Z') - gmt = 1; - for (i = 0; i < 12; i++) - if ((v[i] > '9') || (v[i] < '0')) - goto err; - y = (v[0] - '0') * 1000 + (v[1] - '0') * 100 - + (v[2] - '0') * 10 + (v[3] - '0'); - M = (v[4] - '0') * 10 + (v[5] - '0'); - if ((M > 12) || (M < 1)) - goto err; - d = (v[6] - '0') * 10 + (v[7] - '0'); - h = (v[8] - '0') * 10 + (v[9] - '0'); - m = (v[10] - '0') * 10 + (v[11] - '0'); - if (tm->length >= 14 && - (v[12] >= '0') && (v[12] <= '9') && - (v[13] >= '0') && (v[13] <= '9')) { - s = (v[12] - '0') * 10 + (v[13] - '0'); - /* Check for fractions of seconds. */ - if (tm->length >= 15 && v[14] == '.') { - int l = tm->length; - f = &v[14]; /* The decimal point. */ - f_len = 1; - while (14 + f_len < l && f[f_len] >= '0' && f[f_len] <= '9') - ++f_len; - } - } - - if (BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s", - _asn1_mon[M - 1], d, h, m, s, f_len, f, y, - (gmt) ? " GMT" : "") <= 0) - return (0); - else - return (1); - err: - BIO_write(bp, "Bad time value", 14); - return (0); + if (tm->type != V_ASN1_GENERALIZEDTIME) + return 0; + return ASN1_TIME_print(bp, tm); } diff --git a/deps/openssl/openssl/crypto/asn1/a_i2d_fp.c b/deps/openssl/openssl/crypto/asn1/a_i2d_fp.c index 3b3f713c2050ce..980c65a25d2daa 100644 --- a/deps/openssl/openssl/crypto/asn1/a_i2d_fp.c +++ b/deps/openssl/openssl/crypto/asn1/a_i2d_fp.c @@ -22,12 +22,12 @@ int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x) if ((b = BIO_new(BIO_s_file())) == NULL) { ASN1err(ASN1_F_ASN1_I2D_FP, ERR_R_BUF_LIB); - return (0); + return 0; } BIO_set_fp(b, out, BIO_NOCLOSE); ret = ASN1_i2d_bio(i2d, b, x); BIO_free(b); - return (ret); + return ret; } # endif @@ -44,7 +44,7 @@ int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x) b = OPENSSL_malloc(n); if (b == NULL) { ASN1err(ASN1_F_ASN1_I2D_BIO, ERR_R_MALLOC_FAILURE); - return (0); + return 0; } p = (unsigned char *)b; @@ -62,7 +62,7 @@ int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x) n -= i; } OPENSSL_free(b); - return (ret); + return ret; } #endif @@ -75,12 +75,12 @@ int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x) if ((b = BIO_new(BIO_s_file())) == NULL) { ASN1err(ASN1_F_ASN1_ITEM_I2D_FP, ERR_R_BUF_LIB); - return (0); + return 0; } BIO_set_fp(b, out, BIO_NOCLOSE); ret = ASN1_item_i2d_bio(it, b, x); BIO_free(b); - return (ret); + return ret; } #endif @@ -92,7 +92,7 @@ int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x) n = ASN1_item_i2d(x, &b, it); if (b == NULL) { ASN1err(ASN1_F_ASN1_ITEM_I2D_BIO, ERR_R_MALLOC_FAILURE); - return (0); + return 0; } for (;;) { @@ -107,5 +107,5 @@ int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x) n -= i; } OPENSSL_free(b); - return (ret); + return ret; } diff --git a/deps/openssl/openssl/crypto/asn1/a_int.c b/deps/openssl/openssl/crypto/asn1/a_int.c index 217650a036c98b..70a45cb3cc770d 100644 --- a/deps/openssl/openssl/crypto/asn1/a_int.c +++ b/deps/openssl/openssl/crypto/asn1/a_int.c @@ -396,7 +396,7 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, if ((a == NULL) || ((*a) == NULL)) { if ((ret = ASN1_INTEGER_new()) == NULL) - return (NULL); + return NULL; ret->type = V_ASN1_INTEGER; } else ret = (*a); @@ -438,12 +438,12 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, if (a != NULL) (*a) = ret; *pp = p; - return (ret); + return ret; err: ASN1err(ASN1_F_D2I_ASN1_UINTEGER, i); if ((a == NULL) || (*a != ret)) ASN1_INTEGER_free(ret); - return (NULL); + return NULL; } static ASN1_STRING *bn_to_asn1_string(const BIGNUM *bn, ASN1_STRING *ai, @@ -487,7 +487,7 @@ static ASN1_STRING *bn_to_asn1_string(const BIGNUM *bn, ASN1_STRING *ai, err: if (ret != ai) ASN1_INTEGER_free(ret); - return (NULL); + return NULL; } static BIGNUM *asn1_string_to_bn(const ASN1_INTEGER *ai, BIGNUM *bn, diff --git a/deps/openssl/openssl/crypto/asn1/a_mbstr.c b/deps/openssl/openssl/crypto/asn1/a_mbstr.c index 7a035afbae4605..949fe6c1611ac3 100644 --- a/deps/openssl/openssl/crypto/asn1/a_mbstr.c +++ b/deps/openssl/openssl/crypto/asn1/a_mbstr.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,7 +8,7 @@ */ #include -#include +#include "internal/ctype.h" #include "internal/cryptlib.h" #include @@ -22,8 +22,6 @@ static int cpy_asc(unsigned long value, void *arg); static int cpy_bmp(unsigned long value, void *arg); static int cpy_univ(unsigned long value, void *arg); static int cpy_utf8(unsigned long value, void *arg); -static int is_numeric(unsigned long value); -static int is_printable(unsigned long value); /* * These functions take a string in UTF8, ASCII or multibyte form and a mask @@ -271,13 +269,15 @@ static int out_utf8(unsigned long value, void *arg) static int type_str(unsigned long value, void *arg) { - unsigned long types; - types = *((unsigned long *)arg); - if ((types & B_ASN1_NUMERICSTRING) && !is_numeric(value)) + unsigned long types = *((unsigned long *)arg); + const int native = value > INT_MAX ? INT_MAX : ossl_fromascii(value); + + if ((types & B_ASN1_NUMERICSTRING) && !(ossl_isdigit(native) + || native == ' ')) types &= ~B_ASN1_NUMERICSTRING; - if ((types & B_ASN1_PRINTABLESTRING) && !is_printable(value)) + if ((types & B_ASN1_PRINTABLESTRING) && !ossl_isasn1print(native)) types &= ~B_ASN1_PRINTABLESTRING; - if ((types & B_ASN1_IA5STRING) && (value > 127)) + if ((types & B_ASN1_IA5STRING) && !ossl_isascii(native)) types &= ~B_ASN1_IA5STRING; if ((types & B_ASN1_T61STRING) && (value > 0xff)) types &= ~B_ASN1_T61STRING; @@ -341,55 +341,3 @@ static int cpy_utf8(unsigned long value, void *arg) *p += ret; return 1; } - -/* Return 1 if the character is permitted in a PrintableString */ -static int is_printable(unsigned long value) -{ - int ch; - if (value > 0x7f) - return 0; - ch = (int)value; - /* - * Note: we can't use 'isalnum' because certain accented characters may - * count as alphanumeric in some environments. - */ -#ifndef CHARSET_EBCDIC - if ((ch >= 'a') && (ch <= 'z')) - return 1; - if ((ch >= 'A') && (ch <= 'Z')) - return 1; - if ((ch >= '0') && (ch <= '9')) - return 1; - if ((ch == ' ') || strchr("'()+,-./:=?", ch)) - return 1; -#else /* CHARSET_EBCDIC */ - if ((ch >= os_toascii['a']) && (ch <= os_toascii['z'])) - return 1; - if ((ch >= os_toascii['A']) && (ch <= os_toascii['Z'])) - return 1; - if ((ch >= os_toascii['0']) && (ch <= os_toascii['9'])) - return 1; - if ((ch == os_toascii[' ']) || strchr("'()+,-./:=?", os_toebcdic[ch])) - return 1; -#endif /* CHARSET_EBCDIC */ - return 0; -} - -/* Return 1 if the character is a digit or space */ -static int is_numeric(unsigned long value) -{ - int ch; - if (value > 0x7f) - return 0; - ch = (int)value; -#ifndef CHARSET_EBCDIC - if (!isdigit(ch) && ch != ' ') - return 0; -#else - if (ch > os_toascii['9']) - return 0; - if (ch < os_toascii['0'] && ch != os_toascii[' ']) - return 0; -#endif - return 1; -} diff --git a/deps/openssl/openssl/crypto/asn1/a_object.c b/deps/openssl/openssl/crypto/asn1/a_object.c index 7d332ec2f6e1d0..5e1424a806fbd9 100644 --- a/deps/openssl/openssl/crypto/asn1/a_object.c +++ b/deps/openssl/openssl/crypto/asn1/a_object.c @@ -9,6 +9,7 @@ #include #include +#include "internal/ctype.h" #include "internal/cryptlib.h" #include #include @@ -23,7 +24,7 @@ int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp) int objsize; if ((a == NULL) || (a->data == NULL)) - return (0); + return 0; objsize = ASN1_object_size(0, a->length, V_ASN1_OBJECT); if (pp == NULL || objsize == -1) @@ -59,7 +60,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) BIGNUM *bl = NULL; if (num == 0) - return (0); + return 0; else if (num == -1) num = strlen(buf); @@ -95,7 +96,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) c = *(p++); if ((c == ' ') || (c == '.')) break; - if ((c < '0') || (c > '9')) { + if (!ossl_isdigit(c)) { ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_INVALID_DIGIT); goto err; } @@ -168,12 +169,12 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) if (tmp != ftmp) OPENSSL_free(tmp); BN_free(bl); - return (len); + return len; err: if (tmp != ftmp) OPENSSL_free(tmp); BN_free(bl); - return (0); + return 0; } int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a) @@ -187,12 +188,13 @@ int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a) int i; if ((a == NULL) || (a->data == NULL)) - return (BIO_write(bp, "NULL", 4)); + return BIO_write(bp, "NULL", 4); i = i2t_ASN1_OBJECT(buf, sizeof(buf), a); if (i > (int)(sizeof(buf) - 1)) { - p = OPENSSL_malloc(i + 1); - if (p == NULL) + if ((p = OPENSSL_malloc(i + 1)) == NULL) { + ASN1err(ASN1_F_I2A_ASN1_OBJECT, ERR_R_MALLOC_FAILURE); return -1; + } i2t_ASN1_OBJECT(p, i + 1, a); } if (i <= 0) { @@ -203,7 +205,7 @@ int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a) BIO_write(bp, p, i); if (p != buf) OPENSSL_free(p); - return (i); + return i; } ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, @@ -231,7 +233,7 @@ ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, return ret; err: ASN1err(ASN1_F_D2I_ASN1_OBJECT, i); - return (NULL); + return NULL; } ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, @@ -291,7 +293,7 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, if ((a == NULL) || ((*a) == NULL) || !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) { if ((ret = ASN1_OBJECT_new()) == NULL) - return (NULL); + return NULL; } else ret = (*a); @@ -322,12 +324,12 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, if (a != NULL) (*a) = ret; *pp = p; - return (ret); + return ret; err: ASN1err(ASN1_F_C2I_ASN1_OBJECT, i); if ((a == NULL) || (*a != ret)) ASN1_OBJECT_free(ret); - return (NULL); + return NULL; } ASN1_OBJECT *ASN1_OBJECT_new(void) @@ -337,10 +339,10 @@ ASN1_OBJECT *ASN1_OBJECT_new(void) ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { ASN1err(ASN1_F_ASN1_OBJECT_NEW, ERR_R_MALLOC_FAILURE); - return (NULL); + return NULL; } ret->flags = ASN1_OBJECT_FLAG_DYNAMIC; - return (ret); + return ret; } void ASN1_OBJECT_free(ASN1_OBJECT *a) @@ -377,5 +379,5 @@ ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len, o.length = len; o.flags = ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS | ASN1_OBJECT_FLAG_DYNAMIC_DATA; - return (OBJ_dup(&o)); + return OBJ_dup(&o); } diff --git a/deps/openssl/openssl/crypto/asn1/a_print.c b/deps/openssl/openssl/crypto/asn1/a_print.c index 1aafe7c839e6c5..8a373d9da9f61a 100644 --- a/deps/openssl/openssl/crypto/asn1/a_print.c +++ b/deps/openssl/openssl/crypto/asn1/a_print.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,7 +8,7 @@ */ #include -#include +#include "internal/ctype.h" #include "internal/cryptlib.h" #include @@ -21,34 +21,20 @@ int ASN1_PRINTABLE_type(const unsigned char *s, int len) if (len <= 0) len = -1; if (s == NULL) - return (V_ASN1_PRINTABLESTRING); + return V_ASN1_PRINTABLESTRING; while ((*s) && (len-- != 0)) { c = *(s++); -#ifndef CHARSET_EBCDIC - if (!(((c >= 'a') && (c <= 'z')) || - ((c >= 'A') && (c <= 'Z')) || - ((c >= '0') && (c <= '9')) || - (c == ' ') || (c == '\'') || - (c == '(') || (c == ')') || - (c == '+') || (c == ',') || - (c == '-') || (c == '.') || - (c == '/') || (c == ':') || (c == '=') || (c == '?'))) + if (!ossl_isasn1print(c)) ia5 = 1; - if (c & 0x80) + if (!ossl_isascii(c)) t61 = 1; -#else - if (!isalnum(c) && (c != ' ') && strchr("'()+,-./:=?", c) == NULL) - ia5 = 1; - if (os_toascii[c] & 0x80) - t61 = 1; -#endif } if (t61) - return (V_ASN1_T61STRING); + return V_ASN1_T61STRING; if (ia5) - return (V_ASN1_IA5STRING); - return (V_ASN1_PRINTABLESTRING); + return V_ASN1_IA5STRING; + return V_ASN1_PRINTABLESTRING; } int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s) @@ -57,9 +43,9 @@ int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s) unsigned char *p; if (s->type != V_ASN1_UNIVERSALSTRING) - return (0); + return 0; if ((s->length % 4) != 0) - return (0); + return 0; p = s->data; for (i = 0; i < s->length; i += 4) { if ((p[0] != '\0') || (p[1] != '\0') || (p[2] != '\0')) @@ -68,7 +54,7 @@ int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s) p += 4; } if (i < s->length) - return (0); + return 0; p = s->data; for (i = 3; i < s->length; i += 4) { *(p++) = s->data[i]; @@ -76,7 +62,7 @@ int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s) *(p) = '\0'; s->length /= 4; s->type = ASN1_PRINTABLE_type(s->data, s->length); - return (1); + return 1; } int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v) @@ -86,7 +72,7 @@ int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v) const char *p; if (v == NULL) - return (0); + return 0; n = 0; p = (const char *)v->data; for (i = 0; i < v->length; i++) { @@ -98,12 +84,12 @@ int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v) n++; if (n >= 80) { if (BIO_write(bp, buf, n) <= 0) - return (0); + return 0; n = 0; } } if (n > 0) if (BIO_write(bp, buf, n) <= 0) - return (0); - return (1); + return 0; + return 1; } diff --git a/deps/openssl/openssl/crypto/asn1/a_sign.c b/deps/openssl/openssl/crypto/asn1/a_sign.c index 3b261eba419af7..130e23eaaa1e61 100644 --- a/deps/openssl/openssl/crypto/asn1/a_sign.c +++ b/deps/openssl/openssl/crypto/asn1/a_sign.c @@ -103,7 +103,7 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, EVP_MD_CTX_free(ctx); OPENSSL_clear_free((char *)buf_in, (unsigned int)inl); OPENSSL_clear_free((char *)buf_out, outll); - return (outl); + return outl; } #endif @@ -144,7 +144,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, type = EVP_MD_CTX_md(ctx); pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx)); - if (type == NULL || pkey == NULL) { + if (pkey == NULL) { ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED); goto err; } @@ -169,10 +169,15 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB); if (rv <= 1) goto err; - } else + } else { rv = 2; + } if (rv == 2) { + if (type == NULL) { + ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED); + goto err; + } if (!OBJ_find_sigid_by_algs(&signid, EVP_MD_nid(type), pkey->ameth->pkey_id)) { @@ -202,8 +207,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, goto err; } - if (!EVP_DigestSignUpdate(ctx, buf_in, inl) - || !EVP_DigestSignFinal(ctx, buf_out, &outl)) { + if (!EVP_DigestSign(ctx, buf_out, &outl, buf_in, inl)) { outl = 0; ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB); goto err; @@ -221,5 +225,5 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, err: OPENSSL_clear_free((char *)buf_in, (unsigned int)inl); OPENSSL_clear_free((char *)buf_out, outll); - return (outl); + return outl; } diff --git a/deps/openssl/openssl/crypto/asn1/a_strex.c b/deps/openssl/openssl/crypto/asn1/a_strex.c index 207190c52b2221..ea4dd1c5b189e5 100644 --- a/deps/openssl/openssl/crypto/asn1/a_strex.c +++ b/deps/openssl/openssl/crypto/asn1/a_strex.c @@ -280,9 +280,10 @@ static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, t.type = str->type; t.value.ptr = (char *)str; der_len = i2d_ASN1_TYPE(&t, NULL); - der_buf = OPENSSL_malloc(der_len); - if (der_buf == NULL) + if ((der_buf = OPENSSL_malloc(der_len)) == NULL) { + ASN1err(ASN1_F_DO_DUMP, ERR_R_MALLOC_FAILURE); return -1; + } p = der_buf; i2d_ASN1_TYPE(&t, &p); outlen = do_hex_dump(io_ch, arg, der_buf, der_len); @@ -301,12 +302,22 @@ static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, static const signed char tag2nbyte[] = { -1, -1, -1, -1, -1, /* 0-4 */ -1, -1, -1, -1, -1, /* 5-9 */ - -1, -1, 0, -1, /* 10-13 */ - -1, -1, -1, -1, /* 15-17 */ - 1, 1, 1, /* 18-20 */ - -1, 1, 1, 1, /* 21-24 */ - -1, 1, -1, /* 25-27 */ - 4, -1, 2 /* 28-30 */ + -1, -1, /* 10-11 */ + 0, /* 12 V_ASN1_UTF8STRING */ + -1, -1, -1, -1, -1, /* 13-17 */ + 1, /* 18 V_ASN1_NUMERICSTRING */ + 1, /* 19 V_ASN1_PRINTABLESTRING */ + 1, /* 20 V_ASN1_T61STRING */ + -1, /* 21 */ + 1, /* 22 V_ASN1_IA5STRING */ + 1, /* 23 V_ASN1_UTCTIME */ + 1, /* 24 V_ASN1_GENERALIZEDTIME */ + -1, /* 25 */ + 1, /* 26 V_ASN1_ISO64STRING */ + -1, /* 27 */ + 4, /* 28 V_ASN1_UNIVERSALSTRING */ + -1, /* 29 */ + 2 /* 30 V_ASN1_BMPSTRING */ }; /* diff --git a/deps/openssl/openssl/crypto/asn1/a_strnid.c b/deps/openssl/openssl/crypto/asn1/a_strnid.c index ecf178e28bae7c..f19a9de647b1cf 100644 --- a/deps/openssl/openssl/crypto/asn1/a_strnid.c +++ b/deps/openssl/openssl/crypto/asn1/a_strnid.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,7 +8,6 @@ */ #include -#include #include "internal/cryptlib.h" #include #include @@ -50,6 +49,7 @@ int ASN1_STRING_set_default_mask_asc(const char *p) { unsigned long mask; char *end; + if (strncmp(p, "MASK:", 5) == 0) { if (!p[5]) return 0; @@ -84,19 +84,20 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, ASN1_STRING *str = NULL; unsigned long mask; int ret; - if (!out) + + if (out == NULL) out = &str; tbl = ASN1_STRING_TABLE_get(nid); - if (tbl) { + if (tbl != NULL) { mask = tbl->mask; if (!(tbl->flags & STABLE_NO_MASK)) mask &= global_mask; ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask, tbl->minsize, tbl->maxsize); - } else - ret = - ASN1_mbstring_copy(out, in, inlen, inform, - DIRSTRING_TYPE & global_mask); + } else { + ret = ASN1_mbstring_copy(out, in, inlen, inform, + DIRSTRING_TYPE & global_mask); + } if (ret <= 0) return NULL; return *out; @@ -106,54 +107,7 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, * Now the tables and helper functions for the string table: */ -/* size limits: this stuff is taken straight from RFC3280 */ - -#define ub_name 32768 -#define ub_common_name 64 -#define ub_locality_name 128 -#define ub_state_name 128 -#define ub_organization_name 64 -#define ub_organization_unit_name 64 -#define ub_title 64 -#define ub_email_address 128 -#define ub_serial_number 64 - -/* From RFC4524 */ - -#define ub_rfc822_mailbox 256 - -/* This table must be kept in NID order */ - -static const ASN1_STRING_TABLE tbl_standard[] = { - {NID_commonName, 1, ub_common_name, DIRSTRING_TYPE, 0}, - {NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, - {NID_localityName, 1, ub_locality_name, DIRSTRING_TYPE, 0}, - {NID_stateOrProvinceName, 1, ub_state_name, DIRSTRING_TYPE, 0}, - {NID_organizationName, 1, ub_organization_name, DIRSTRING_TYPE, 0}, - {NID_organizationalUnitName, 1, ub_organization_unit_name, DIRSTRING_TYPE, - 0}, - {NID_pkcs9_emailAddress, 1, ub_email_address, B_ASN1_IA5STRING, - STABLE_NO_MASK}, - {NID_pkcs9_unstructuredName, 1, -1, PKCS9STRING_TYPE, 0}, - {NID_pkcs9_challengePassword, 1, -1, PKCS9STRING_TYPE, 0}, - {NID_pkcs9_unstructuredAddress, 1, -1, DIRSTRING_TYPE, 0}, - {NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0}, - {NID_surname, 1, ub_name, DIRSTRING_TYPE, 0}, - {NID_initials, 1, ub_name, DIRSTRING_TYPE, 0}, - {NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING, - STABLE_NO_MASK}, - {NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}, - {NID_name, 1, ub_name, DIRSTRING_TYPE, 0}, - {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, - {NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK}, - {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}, - {NID_rfc822Mailbox, 1, ub_rfc822_mailbox, B_ASN1_IA5STRING, - STABLE_NO_MASK}, - {NID_jurisdictionCountryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, - {NID_INN, 1, 12, B_ASN1_NUMERICSTRING, STABLE_NO_MASK}, - {NID_OGRN, 1, 13, B_ASN1_NUMERICSTRING, STABLE_NO_MASK}, - {NID_SNILS, 1, 11, B_ASN1_NUMERICSTRING, STABLE_NO_MASK} -}; +#include "tbl_standard.h" static int sk_table_cmp(const ASN1_STRING_TABLE *const *a, const ASN1_STRING_TABLE *const *b) @@ -174,6 +128,7 @@ ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid) { int idx; ASN1_STRING_TABLE fnd; + fnd.nid = nid; if (stable) { idx = sk_ASN1_STRING_TABLE_find(stable, &fnd); @@ -191,6 +146,7 @@ ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid) static ASN1_STRING_TABLE *stable_get(int nid) { ASN1_STRING_TABLE *tmp, *rv; + /* Always need a string table so allocate one if NULL */ if (stable == NULL) { stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp); @@ -198,16 +154,17 @@ static ASN1_STRING_TABLE *stable_get(int nid) return NULL; } tmp = ASN1_STRING_TABLE_get(nid); - if (tmp && tmp->flags & STABLE_FLAGS_MALLOC) + if (tmp != NULL && tmp->flags & STABLE_FLAGS_MALLOC) return tmp; - rv = OPENSSL_zalloc(sizeof(*rv)); - if (rv == NULL) + if ((rv = OPENSSL_zalloc(sizeof(*rv))) == NULL) { + ASN1err(ASN1_F_STABLE_GET, ERR_R_MALLOC_FAILURE); return NULL; + } if (!sk_ASN1_STRING_TABLE_push(stable, rv)) { OPENSSL_free(rv); return NULL; } - if (tmp) { + if (tmp != NULL) { rv->nid = tmp->nid; rv->minsize = tmp->minsize; rv->maxsize = tmp->maxsize; @@ -227,8 +184,9 @@ int ASN1_STRING_TABLE_add(int nid, unsigned long flags) { ASN1_STRING_TABLE *tmp; + tmp = stable_get(nid); - if (!tmp) { + if (tmp == NULL) { ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE); return 0; } @@ -246,8 +204,9 @@ int ASN1_STRING_TABLE_add(int nid, void ASN1_STRING_TABLE_cleanup(void) { STACK_OF(ASN1_STRING_TABLE) *tmp; + tmp = stable; - if (!tmp) + if (tmp == NULL) return; stable = NULL; sk_ASN1_STRING_TABLE_pop_free(tmp, st_free); @@ -258,32 +217,3 @@ static void st_free(ASN1_STRING_TABLE *tbl) if (tbl->flags & STABLE_FLAGS_MALLOC) OPENSSL_free(tbl); } - - -#ifdef STRING_TABLE_TEST - -main() -{ - ASN1_STRING_TABLE *tmp; - int i, last_nid = -1; - - for (tmp = tbl_standard, i = 0; i < OSSL_NELEM(tbl_standard); i++, tmp++) { - if (tmp->nid < last_nid) { - last_nid = 0; - break; - } - last_nid = tmp->nid; - } - - if (last_nid != 0) { - printf("Table order OK\n"); - exit(0); - } - - for (tmp = tbl_standard, i = 0; i < OSSL_NELEM(tbl_standard); i++, tmp++) - printf("Index %d, NID %d, Name=%s\n", i, tmp->nid, - OBJ_nid2ln(tmp->nid)); - -} - -#endif diff --git a/deps/openssl/openssl/crypto/asn1/a_time.c b/deps/openssl/openssl/crypto/asn1/a_time.c index 46f539cb8d776c..1babb9636054c6 100644 --- a/deps/openssl/openssl/crypto/asn1/a_time.c +++ b/deps/openssl/openssl/crypto/asn1/a_time.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -16,6 +16,7 @@ #include #include +#include "internal/ctype.h" #include "internal/cryptlib.h" #include #include "asn1_locl.h" @@ -24,6 +25,291 @@ IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME) IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME) +static int is_utc(const int year) +{ + if (50 <= year && year <= 149) + return 1; + return 0; +} + +static int leap_year(const int year) +{ + if (year % 400 == 0 || (year % 100 != 0 && year % 4 == 0)) + return 1; + return 0; +} + +/* + * Compute the day of the week and the day of the year from the year, month + * and day. The day of the year is straightforward, the day of the week uses + * a form of Zeller's congruence. For this months start with March and are + * numbered 4 through 15. + */ +static void determine_days(struct tm *tm) +{ + static const int ydays[12] = { + 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334 + }; + int y = tm->tm_year + 1900; + int m = tm->tm_mon; + int d = tm->tm_mday; + int c; + + tm->tm_yday = ydays[m] + d - 1; + if (m >= 2) { + /* March and onwards can be one day further into the year */ + tm->tm_yday += leap_year(y); + m += 2; + } else { + /* Treat January and February as part of the previous year */ + m += 14; + y--; + } + c = y / 100; + y %= 100; + /* Zeller's congruance */ + tm->tm_wday = (d + (13 * m) / 5 + y + y / 4 + c / 4 + 5 * c + 6) % 7; +} + +int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d) +{ + static const int min[9] = { 0, 0, 1, 1, 0, 0, 0, 0, 0 }; + static const int max[9] = { 99, 99, 12, 31, 23, 59, 59, 12, 59 }; + static const int mdays[12] = { 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 }; + char *a; + int n, i, i2, l, o, min_l = 11, strict = 0, end = 6, btz = 5, md; + struct tm tmp; + + /* + * ASN1_STRING_FLAG_X509_TIME is used to enforce RFC 5280 + * time string format, in which: + * + * 1. "seconds" is a 'MUST' + * 2. "Zulu" timezone is a 'MUST' + * 3. "+|-" is not allowed to indicate a time zone + */ + if (d->type == V_ASN1_UTCTIME) { + if (d->flags & ASN1_STRING_FLAG_X509_TIME) { + min_l = 13; + strict = 1; + } + } else if (d->type == V_ASN1_GENERALIZEDTIME) { + end = 7; + btz = 6; + if (d->flags & ASN1_STRING_FLAG_X509_TIME) { + min_l = 15; + strict = 1; + } else { + min_l = 13; + } + } else { + return 0; + } + + l = d->length; + a = (char *)d->data; + o = 0; + memset(&tmp, 0, sizeof(tmp)); + + /* + * GENERALIZEDTIME is similar to UTCTIME except the year is represented + * as YYYY. This stuff treats everything as a two digit field so make + * first two fields 00 to 99 + */ + + if (l < min_l) + goto err; + for (i = 0; i < end; i++) { + if (!strict && (i == btz) && ((a[o] == 'Z') || (a[o] == '+') || (a[o] == '-'))) { + i++; + break; + } + if (!ossl_isdigit(a[o])) + goto err; + n = a[o] - '0'; + /* incomplete 2-digital number */ + if (++o == l) + goto err; + + if (!ossl_isdigit(a[o])) + goto err; + n = (n * 10) + a[o] - '0'; + /* no more bytes to read, but we haven't seen time-zone yet */ + if (++o == l) + goto err; + + i2 = (d->type == V_ASN1_UTCTIME) ? i + 1 : i; + + if ((n < min[i2]) || (n > max[i2])) + goto err; + switch (i2) { + case 0: + /* UTC will never be here */ + tmp.tm_year = n * 100 - 1900; + break; + case 1: + if (d->type == V_ASN1_UTCTIME) + tmp.tm_year = n < 50 ? n + 100 : n; + else + tmp.tm_year += n; + break; + case 2: + tmp.tm_mon = n - 1; + break; + case 3: + /* check if tm_mday is valid in tm_mon */ + if (tmp.tm_mon == 1) { + /* it's February */ + md = mdays[1] + leap_year(tmp.tm_year + 1900); + } else { + md = mdays[tmp.tm_mon]; + } + if (n > md) + goto err; + tmp.tm_mday = n; + determine_days(&tmp); + break; + case 4: + tmp.tm_hour = n; + break; + case 5: + tmp.tm_min = n; + break; + case 6: + tmp.tm_sec = n; + break; + } + } + + /* + * Optional fractional seconds: decimal point followed by one or more + * digits. + */ + if (d->type == V_ASN1_GENERALIZEDTIME && a[o] == '.') { + if (strict) + /* RFC 5280 forbids fractional seconds */ + goto err; + if (++o == l) + goto err; + i = o; + while ((o < l) && ossl_isdigit(a[o])) + o++; + /* Must have at least one digit after decimal point */ + if (i == o) + goto err; + /* no more bytes to read, but we haven't seen time-zone yet */ + if (o == l) + goto err; + } + + /* + * 'o' will never point to '\0' at this point, the only chance + * 'o' can point to '\0' is either the subsequent if or the first + * else if is true. + */ + if (a[o] == 'Z') { + o++; + } else if (!strict && ((a[o] == '+') || (a[o] == '-'))) { + int offsign = a[o] == '-' ? 1 : -1; + int offset = 0; + + o++; + /* + * if not equal, no need to do subsequent checks + * since the following for-loop will add 'o' by 4 + * and the final return statement will check if 'l' + * and 'o' are equal. + */ + if (o + 4 != l) + goto err; + for (i = end; i < end + 2; i++) { + if (!ossl_isdigit(a[o])) + goto err; + n = a[o] - '0'; + o++; + if (!ossl_isdigit(a[o])) + goto err; + n = (n * 10) + a[o] - '0'; + i2 = (d->type == V_ASN1_UTCTIME) ? i + 1 : i; + if ((n < min[i2]) || (n > max[i2])) + goto err; + /* if tm is NULL, no need to adjust */ + if (tm != NULL) { + if (i == end) + offset = n * 3600; + else if (i == end + 1) + offset += n * 60; + } + o++; + } + if (offset && !OPENSSL_gmtime_adj(&tmp, 0, offset * offsign)) + goto err; + } else { + /* not Z, or not +/- in non-strict mode */ + goto err; + } + if (o == l) { + /* success, check if tm should be filled */ + if (tm != NULL) + *tm = tmp; + return 1; + } + err: + return 0; +} + +ASN1_TIME *asn1_time_from_tm(ASN1_TIME *s, struct tm *ts, int type) +{ + char* p; + ASN1_TIME *tmps = NULL; + const size_t len = 20; + + if (type == V_ASN1_UNDEF) { + if (is_utc(ts->tm_year)) + type = V_ASN1_UTCTIME; + else + type = V_ASN1_GENERALIZEDTIME; + } else if (type == V_ASN1_UTCTIME) { + if (!is_utc(ts->tm_year)) + goto err; + } else if (type != V_ASN1_GENERALIZEDTIME) { + goto err; + } + + if (s == NULL) + tmps = ASN1_STRING_new(); + else + tmps = s; + if (tmps == NULL) + return NULL; + + if (!ASN1_STRING_set(tmps, NULL, len)) + goto err; + + tmps->type = type; + p = (char*)tmps->data; + + if (type == V_ASN1_GENERALIZEDTIME) + tmps->length = BIO_snprintf(p, len, "%04d%02d%02d%02d%02d%02dZ", + ts->tm_year + 1900, ts->tm_mon + 1, + ts->tm_mday, ts->tm_hour, ts->tm_min, + ts->tm_sec); + else + tmps->length = BIO_snprintf(p, len, "%02d%02d%02d%02d%02d%02dZ", + ts->tm_year % 100, ts->tm_mon + 1, + ts->tm_mday, ts->tm_hour, ts->tm_min, + ts->tm_sec); + +#ifdef CHARSET_EBCDIC_not + ebcdic2ascii(tmps->data, tmps->data, tmps->length); +#endif + return tmps; + err: + if (tmps != s) + ASN1_STRING_free(tmps); + return NULL; +} + ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t) { return ASN1_TIME_adj(s, t, 0, 0); @@ -44,9 +330,7 @@ ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec)) return NULL; } - if ((ts->tm_year >= 50) && (ts->tm_year < 150)) - return ASN1_UTCTIME_adj(s, t, offset_day, offset_sec); - return ASN1_GENERALIZEDTIME_adj(s, t, offset_day, offset_sec); + return asn1_time_from_tm(s, ts, V_ASN1_UNDEF); } int ASN1_TIME_check(const ASN1_TIME *t) @@ -63,108 +347,207 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t, ASN1_GENERALIZEDTIME **out) { ASN1_GENERALIZEDTIME *ret = NULL; - char *str; - int newlen; + struct tm tm; - if (!ASN1_TIME_check(t)) + if (!ASN1_TIME_to_tm(t, &tm)) return NULL; - if (out == NULL || *out == NULL) { - if ((ret = ASN1_GENERALIZEDTIME_new()) == NULL) - goto err; - } else + if (out != NULL) ret = *out; - /* If already GeneralizedTime just copy across */ - if (t->type == V_ASN1_GENERALIZEDTIME) { - if (!ASN1_STRING_set(ret, t->data, t->length)) - goto err; - goto done; - } - - /* grow the string */ - if (!ASN1_STRING_set(ret, NULL, t->length + 2)) - goto err; - /* ASN1_STRING_set() allocated 'len + 1' bytes. */ - newlen = t->length + 2 + 1; - str = (char *)ret->data; - /* Work out the century and prepend */ - if (t->data[0] >= '5') - OPENSSL_strlcpy(str, "19", newlen); - else - OPENSSL_strlcpy(str, "20", newlen); - - OPENSSL_strlcat(str, (const char *)t->data, newlen); + ret = asn1_time_from_tm(ret, &tm, V_ASN1_GENERALIZEDTIME); - done: - if (out != NULL && *out == NULL) - *out = ret; - return ret; + if (out != NULL && ret != NULL) + *out = ret; - err: - if (out == NULL || *out != ret) - ASN1_GENERALIZEDTIME_free(ret); - return NULL; + return ret; } - int ASN1_TIME_set_string(ASN1_TIME *s, const char *str) +{ + /* Try UTC, if that fails, try GENERALIZED */ + if (ASN1_UTCTIME_set_string(s, str)) + return 1; + return ASN1_GENERALIZEDTIME_set_string(s, str); +} + +int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str) { ASN1_TIME t; + struct tm tm; + int rv = 0; t.length = strlen(str); t.data = (unsigned char *)str; - t.flags = 0; + t.flags = ASN1_STRING_FLAG_X509_TIME; t.type = V_ASN1_UTCTIME; if (!ASN1_TIME_check(&t)) { t.type = V_ASN1_GENERALIZEDTIME; if (!ASN1_TIME_check(&t)) - return 0; + goto out; } - if (s && !ASN1_STRING_copy((ASN1_STRING *)s, (ASN1_STRING *)&t)) - return 0; + /* + * Per RFC 5280 (section 4.1.2.5.), the valid input time + * strings should be encoded with the following rules: + * + * 1. UTC: YYMMDDHHMMSSZ, if YY < 50 (20YY) --> UTC: YYMMDDHHMMSSZ + * 2. UTC: YYMMDDHHMMSSZ, if YY >= 50 (19YY) --> UTC: YYMMDDHHMMSSZ + * 3. G'd: YYYYMMDDHHMMSSZ, if YYYY >= 2050 --> G'd: YYYYMMDDHHMMSSZ + * 4. G'd: YYYYMMDDHHMMSSZ, if YYYY < 2050 --> UTC: YYMMDDHHMMSSZ + * + * Only strings of the 4th rule should be reformatted, but since a + * UTC can only present [1950, 2050), so if the given time string + * is less than 1950 (e.g. 19230419000000Z), we do nothing... + */ - return 1; + if (s != NULL && t.type == V_ASN1_GENERALIZEDTIME) { + if (!asn1_time_to_tm(&tm, &t)) + goto out; + if (is_utc(tm.tm_year)) { + t.length -= 2; + /* + * it's OK to let original t.data go since that's assigned + * to a piece of memory allocated outside of this function. + * new t.data would be freed after ASN1_STRING_copy is done. + */ + t.data = OPENSSL_zalloc(t.length + 1); + if (t.data == NULL) + goto out; + memcpy(t.data, str + 2, t.length); + t.type = V_ASN1_UTCTIME; + } + } + + if (s == NULL || ASN1_STRING_copy((ASN1_STRING *)s, (ASN1_STRING *)&t)) + rv = 1; + + if (t.data != (unsigned char *)str) + OPENSSL_free(t.data); +out: + return rv; } -static int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *t) +int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm) { - if (t == NULL) { + if (s == NULL) { time_t now_t; + time(&now_t); - if (OPENSSL_gmtime(&now_t, tm)) + memset(tm, 0, sizeof(*tm)); + if (OPENSSL_gmtime(&now_t, tm) != NULL) return 1; return 0; } - if (t->type == V_ASN1_UTCTIME) - return asn1_utctime_to_tm(tm, t); - else if (t->type == V_ASN1_GENERALIZEDTIME) - return asn1_generalizedtime_to_tm(tm, t); - - return 0; + return asn1_time_to_tm(tm, s); } int ASN1_TIME_diff(int *pday, int *psec, const ASN1_TIME *from, const ASN1_TIME *to) { struct tm tm_from, tm_to; - if (!asn1_time_to_tm(&tm_from, from)) + + if (!ASN1_TIME_to_tm(from, &tm_from)) return 0; - if (!asn1_time_to_tm(&tm_to, to)) + if (!ASN1_TIME_to_tm(to, &tm_to)) return 0; return OPENSSL_gmtime_diff(pday, psec, &tm_from, &tm_to); } +static const char _asn1_mon[12][4] = { + "Jan", "Feb", "Mar", "Apr", "May", "Jun", + "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" +}; + int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm) { - if (tm->type == V_ASN1_UTCTIME) - return ASN1_UTCTIME_print(bp, tm); - if (tm->type == V_ASN1_GENERALIZEDTIME) - return ASN1_GENERALIZEDTIME_print(bp, tm); + char *v; + int gmt = 0, l; + struct tm stm; + + if (!asn1_time_to_tm(&stm, tm)) { + /* asn1_time_to_tm will check the time type */ + goto err; + } + + l = tm->length; + v = (char *)tm->data; + if (v[l - 1] == 'Z') + gmt = 1; + + if (tm->type == V_ASN1_GENERALIZEDTIME) { + char *f = NULL; + int f_len = 0; + + /* + * Try to parse fractional seconds. '14' is the place of + * 'fraction point' in a GeneralizedTime string. + */ + if (tm->length > 15 && v[14] == '.') { + f = &v[14]; + f_len = 1; + while (14 + f_len < l && ossl_isdigit(f[f_len])) + ++f_len; + } + + return BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s", + _asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour, + stm.tm_min, stm.tm_sec, f_len, f, stm.tm_year + 1900, + (gmt ? " GMT" : "")) > 0; + } else { + return BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s", + _asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour, + stm.tm_min, stm.tm_sec, stm.tm_year + 1900, + (gmt ? " GMT" : "")) > 0; + } + err: BIO_write(bp, "Bad time value", 14); - return (0); + return 0; +} + +int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t) +{ + struct tm stm, ttm; + int day, sec; + + if (!ASN1_TIME_to_tm(s, &stm)) + return -2; + + if (!OPENSSL_gmtime(&t, &ttm)) + return -2; + + if (!OPENSSL_gmtime_diff(&day, &sec, &ttm, &stm)) + return -2; + + if (day > 0 || sec > 0) + return 1; + if (day < 0 || sec < 0) + return -1; + return 0; +} + +int ASN1_TIME_normalize(ASN1_TIME *t) +{ + struct tm tm; + + if (!ASN1_TIME_to_tm(t, &tm)) + return 0; + + return asn1_time_from_tm(t, &tm, V_ASN1_UNDEF) != NULL; +} + +int ASN1_TIME_compare(const ASN1_TIME *a, const ASN1_TIME *b) +{ + int day, sec; + + if (!ASN1_TIME_diff(&day, &sec, b, a)) + return -2; + if (day > 0 || sec > 0) + return 1; + if (day < 0 || sec < 0) + return -1; + return 0; } diff --git a/deps/openssl/openssl/crypto/asn1/a_type.c b/deps/openssl/openssl/crypto/asn1/a_type.c index df42360e76101b..0c7aebe3076b4e 100644 --- a/deps/openssl/openssl/crypto/asn1/a_type.c +++ b/deps/openssl/openssl/crypto/asn1/a_type.c @@ -16,9 +16,9 @@ int ASN1_TYPE_get(const ASN1_TYPE *a) { if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL)) - return (a->type); + return a->type; else - return (0); + return 0; } void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value) diff --git a/deps/openssl/openssl/crypto/asn1/a_utctm.c b/deps/openssl/openssl/crypto/asn1/a_utctm.c index 9797aa8a1eb4b7..b224991aa3df1e 100644 --- a/deps/openssl/openssl/crypto/asn1/a_utctm.c +++ b/deps/openssl/openssl/crypto/asn1/a_utctm.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,96 +13,13 @@ #include #include "asn1_locl.h" +/* This is the primary function used to parse ASN1_UTCTIME */ int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d) { - static const int min[8] = { 0, 1, 1, 0, 0, 0, 0, 0 }; - static const int max[8] = { 99, 12, 31, 23, 59, 59, 12, 59 }; - char *a; - int n, i, l, o; - + /* wrapper around ans1_time_to_tm */ if (d->type != V_ASN1_UTCTIME) - return (0); - l = d->length; - a = (char *)d->data; - o = 0; - - if (l < 11) - goto err; - for (i = 0; i < 6; i++) { - if ((i == 5) && ((a[o] == 'Z') || (a[o] == '+') || (a[o] == '-'))) { - i++; - if (tm) - tm->tm_sec = 0; - break; - } - if ((a[o] < '0') || (a[o] > '9')) - goto err; - n = a[o] - '0'; - if (++o > l) - goto err; - - if ((a[o] < '0') || (a[o] > '9')) - goto err; - n = (n * 10) + a[o] - '0'; - if (++o > l) - goto err; - - if ((n < min[i]) || (n > max[i])) - goto err; - if (tm) { - switch (i) { - case 0: - tm->tm_year = n < 50 ? n + 100 : n; - break; - case 1: - tm->tm_mon = n - 1; - break; - case 2: - tm->tm_mday = n; - break; - case 3: - tm->tm_hour = n; - break; - case 4: - tm->tm_min = n; - break; - case 5: - tm->tm_sec = n; - break; - } - } - } - if (a[o] == 'Z') - o++; - else if ((a[o] == '+') || (a[o] == '-')) { - int offsign = a[o] == '-' ? 1 : -1, offset = 0; - o++; - if (o + 4 > l) - goto err; - for (i = 6; i < 8; i++) { - if ((a[o] < '0') || (a[o] > '9')) - goto err; - n = a[o] - '0'; - o++; - if ((a[o] < '0') || (a[o] > '9')) - goto err; - n = (n * 10) + a[o] - '0'; - if ((n < min[i]) || (n > max[i])) - goto err; - if (tm) { - if (i == 6) - offset = n * 3600; - else if (i == 7) - offset += n * 60; - } - o++; - } - if (offset && !OPENSSL_gmtime_adj(tm, 0, offset * offsign)) - return 0; - } - return o == l; - err: - return 0; + return 0; + return asn1_time_to_tm(tm, d); } int ASN1_UTCTIME_check(const ASN1_UTCTIME *d) @@ -110,6 +27,7 @@ int ASN1_UTCTIME_check(const ASN1_UTCTIME *d) return asn1_utctime_to_tm(NULL, d); } +/* Sets the string via simple copy without cleaning it up */ int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str) { ASN1_UTCTIME t; @@ -117,15 +35,15 @@ int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str) t.type = V_ASN1_UTCTIME; t.length = strlen(str); t.data = (unsigned char *)str; - if (ASN1_UTCTIME_check(&t)) { - if (s != NULL) { - if (!ASN1_STRING_set((ASN1_STRING *)s, str, t.length)) - return 0; - s->type = V_ASN1_UTCTIME; - } - return (1); - } else - return (0); + t.flags = 0; + + if (!ASN1_UTCTIME_check(&t)) + return 0; + + if (s != NULL && !ASN1_STRING_copy(s, &t)) + return 0; + + return 1; } ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t) @@ -136,55 +54,19 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t) ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, int offset_day, long offset_sec) { - char *p; struct tm *ts; struct tm data; - size_t len = 20; - int free_s = 0; - - if (s == NULL) { - s = ASN1_UTCTIME_new(); - if (s == NULL) - goto err; - free_s = 1; - } ts = OPENSSL_gmtime(&t, &data); if (ts == NULL) - goto err; + return NULL; if (offset_day || offset_sec) { if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec)) - goto err; - } - - if ((ts->tm_year < 50) || (ts->tm_year >= 150)) - goto err; - - p = (char *)s->data; - if ((p == NULL) || ((size_t)s->length < len)) { - p = OPENSSL_malloc(len); - if (p == NULL) { - ASN1err(ASN1_F_ASN1_UTCTIME_ADJ, ERR_R_MALLOC_FAILURE); - goto err; - } - OPENSSL_free(s->data); - s->data = (unsigned char *)p; + return NULL; } - BIO_snprintf(p, len, "%02d%02d%02d%02d%02d%02dZ", ts->tm_year % 100, - ts->tm_mon + 1, ts->tm_mday, ts->tm_hour, ts->tm_min, - ts->tm_sec); - s->length = strlen(p); - s->type = V_ASN1_UTCTIME; -#ifdef CHARSET_EBCDIC_not - ebcdic2ascii(s->data, s->data, s->length); -#endif - return (s); - err: - if (free_s) - ASN1_UTCTIME_free(s); - return NULL; + return asn1_time_from_tm(s, ts, V_ASN1_UTCTIME); } int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t) @@ -195,60 +77,22 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t) if (!asn1_utctime_to_tm(&stm, s)) return -2; - if (!OPENSSL_gmtime(&t, &ttm)) + if (OPENSSL_gmtime(&t, &ttm) == NULL) return -2; if (!OPENSSL_gmtime_diff(&day, &sec, &ttm, &stm)) return -2; - if (day > 0) - return 1; - if (day < 0) - return -1; - if (sec > 0) + if (day > 0 || sec > 0) return 1; - if (sec < 0) + if (day < 0 || sec < 0) return -1; return 0; } int ASN1_UTCTIME_print(BIO *bp, const ASN1_UTCTIME *tm) { - const char *v; - int gmt = 0; - int i; - int y = 0, M = 0, d = 0, h = 0, m = 0, s = 0; - - i = tm->length; - v = (const char *)tm->data; - - if (i < 10) - goto err; - if (v[i - 1] == 'Z') - gmt = 1; - for (i = 0; i < 10; i++) - if ((v[i] > '9') || (v[i] < '0')) - goto err; - y = (v[0] - '0') * 10 + (v[1] - '0'); - if (y < 50) - y += 100; - M = (v[2] - '0') * 10 + (v[3] - '0'); - if ((M > 12) || (M < 1)) - goto err; - d = (v[4] - '0') * 10 + (v[5] - '0'); - h = (v[6] - '0') * 10 + (v[7] - '0'); - m = (v[8] - '0') * 10 + (v[9] - '0'); - if (tm->length >= 12 && - (v[10] >= '0') && (v[10] <= '9') && (v[11] >= '0') && (v[11] <= '9')) - s = (v[10] - '0') * 10 + (v[11] - '0'); - - if (BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s", - _asn1_mon[M - 1], d, h, m, s, y + 1900, - (gmt) ? " GMT" : "") <= 0) - return (0); - else - return (1); - err: - BIO_write(bp, "Bad time value", 14); - return (0); + if (tm->type != V_ASN1_UTCTIME) + return 0; + return ASN1_TIME_print(bp, tm); } diff --git a/deps/openssl/openssl/crypto/asn1/a_verify.c b/deps/openssl/openssl/crypto/asn1/a_verify.c index fb3607cbbd41bd..973d50d24de901 100644 --- a/deps/openssl/openssl/crypto/asn1/a_verify.c +++ b/deps/openssl/openssl/crypto/asn1/a_verify.c @@ -76,7 +76,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, ret = 1; err: EVP_MD_CTX_free(ctx); - return (ret); + return ret; } #endif @@ -86,7 +86,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, { EVP_MD_CTX *ctx = NULL; unsigned char *buf_in = NULL; - int ret = -1, inl; + int ret = -1, inl = 0; int mdnid, pknid; @@ -156,24 +156,15 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, goto err; } - ret = EVP_DigestVerifyUpdate(ctx, buf_in, inl); - - OPENSSL_clear_free(buf_in, (unsigned int)inl); - - if (!ret) { + ret = EVP_DigestVerify(ctx, signature->data, (size_t)signature->length, + buf_in, inl); + if (ret <= 0) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB); goto err; } - ret = -1; - - if (EVP_DigestVerifyFinal(ctx, signature->data, - (size_t)signature->length) <= 0) { - ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB); - ret = 0; - goto err; - } ret = 1; err: + OPENSSL_clear_free(buf_in, (unsigned int)inl); EVP_MD_CTX_free(ctx); - return (ret); + return ret; } diff --git a/deps/openssl/openssl/crypto/asn1/ameth_lib.c b/deps/openssl/openssl/crypto/asn1/ameth_lib.c index 9b0a2ccb20b7e8..9a1644148af5d5 100644 --- a/deps/openssl/openssl/crypto/asn1/ameth_lib.c +++ b/deps/openssl/openssl/crypto/asn1/ameth_lib.c @@ -7,59 +7,20 @@ * https://www.openssl.org/source/license.html */ -#include +#include "e_os.h" /* for strncasecmp */ #include "internal/cryptlib.h" +#include #include #include #include #include "internal/asn1_int.h" #include "internal/evp_int.h" -/* Keep this sorted in type order !! */ -static const EVP_PKEY_ASN1_METHOD *standard_methods[] = { -#ifndef OPENSSL_NO_RSA - &rsa_asn1_meths[0], - &rsa_asn1_meths[1], -#endif -#ifndef OPENSSL_NO_DH - &dh_asn1_meth, -#endif -#ifndef OPENSSL_NO_DSA - &dsa_asn1_meths[0], - &dsa_asn1_meths[1], - &dsa_asn1_meths[2], - &dsa_asn1_meths[3], - &dsa_asn1_meths[4], -#endif -#ifndef OPENSSL_NO_EC - &eckey_asn1_meth, -#endif - &hmac_asn1_meth, -#ifndef OPENSSL_NO_CMAC - &cmac_asn1_meth, -#endif -#ifndef OPENSSL_NO_DH - &dhx_asn1_meth, -#endif -#ifndef OPENSSL_NO_EC - &ecx25519_asn1_meth -#endif -}; +#include "standard_methods.h" typedef int sk_cmp_fn_type(const char *const *a, const char *const *b); static STACK_OF(EVP_PKEY_ASN1_METHOD) *app_methods = NULL; -#ifdef TEST -void main() -{ - int i; - for (i = 0; i < OSSL_NELEM(standard_methods); i++) - fprintf(stderr, "Number %d id=%d (%s)\n", i, - standard_methods[i]->pkey_id, - OBJ_nid2sn(standard_methods[i]->pkey_id)); -} -#endif - DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_ASN1_METHOD *, const EVP_PKEY_ASN1_METHOD *, ameth); @@ -313,6 +274,10 @@ void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, dst->item_sign = src->item_sign; dst->item_verify = src->item_verify; + dst->siginf_set = src->siginf_set; + + dst->pkey_check = src->pkey_check; + } void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth) @@ -421,3 +386,62 @@ void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth, ameth->item_sign = item_sign; ameth->item_verify = item_verify; } + +void EVP_PKEY_asn1_set_siginf(EVP_PKEY_ASN1_METHOD *ameth, + int (*siginf_set) (X509_SIG_INFO *siginf, + const X509_ALGOR *alg, + const ASN1_STRING *sig)) +{ + ameth->siginf_set = siginf_set; +} + +void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_check) (const EVP_PKEY *pk)) +{ + ameth->pkey_check = pkey_check; +} + +void EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_pub_check) (const EVP_PKEY *pk)) +{ + ameth->pkey_public_check = pkey_pub_check; +} + +void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_param_check) (const EVP_PKEY *pk)) +{ + ameth->pkey_param_check = pkey_param_check; +} + +void EVP_PKEY_asn1_set_set_priv_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*set_priv_key) (EVP_PKEY *pk, + const unsigned char + *priv, + size_t len)) +{ + ameth->set_priv_key = set_priv_key; +} + +void EVP_PKEY_asn1_set_set_pub_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*set_pub_key) (EVP_PKEY *pk, + const unsigned char *pub, + size_t len)) +{ + ameth->set_pub_key = set_pub_key; +} + +void EVP_PKEY_asn1_set_get_priv_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*get_priv_key) (const EVP_PKEY *pk, + unsigned char *priv, + size_t *len)) +{ + ameth->get_priv_key = get_priv_key; +} + +void EVP_PKEY_asn1_set_get_pub_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*get_pub_key) (const EVP_PKEY *pk, + unsigned char *pub, + size_t *len)) +{ + ameth->get_pub_key = get_pub_key; +} diff --git a/deps/openssl/openssl/crypto/asn1/asn1_err.c b/deps/openssl/openssl/crypto/asn1/asn1_err.c index 5d895d30095ddd..613f9ae71333a5 100644 --- a/deps/openssl/openssl/crypto/asn1/asn1_err.c +++ b/deps/openssl/openssl/crypto/asn1/asn1_err.c @@ -8,253 +8,331 @@ * https://www.openssl.org/source/license.html */ -#include #include -#include +#include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -# define ERR_FUNC(func) ERR_PACK(ERR_LIB_ASN1,func,0) -# define ERR_REASON(reason) ERR_PACK(ERR_LIB_ASN1,0,reason) - -static ERR_STRING_DATA ASN1_str_functs[] = { - {ERR_FUNC(ASN1_F_A2D_ASN1_OBJECT), "a2d_ASN1_OBJECT"}, - {ERR_FUNC(ASN1_F_A2I_ASN1_INTEGER), "a2i_ASN1_INTEGER"}, - {ERR_FUNC(ASN1_F_A2I_ASN1_STRING), "a2i_ASN1_STRING"}, - {ERR_FUNC(ASN1_F_APPEND_EXP), "append_exp"}, - {ERR_FUNC(ASN1_F_ASN1_BIT_STRING_SET_BIT), "ASN1_BIT_STRING_set_bit"}, - {ERR_FUNC(ASN1_F_ASN1_CB), "asn1_cb"}, - {ERR_FUNC(ASN1_F_ASN1_CHECK_TLEN), "asn1_check_tlen"}, - {ERR_FUNC(ASN1_F_ASN1_COLLECT), "asn1_collect"}, - {ERR_FUNC(ASN1_F_ASN1_D2I_EX_PRIMITIVE), "asn1_d2i_ex_primitive"}, - {ERR_FUNC(ASN1_F_ASN1_D2I_FP), "ASN1_d2i_fp"}, - {ERR_FUNC(ASN1_F_ASN1_D2I_READ_BIO), "asn1_d2i_read_bio"}, - {ERR_FUNC(ASN1_F_ASN1_DIGEST), "ASN1_digest"}, - {ERR_FUNC(ASN1_F_ASN1_DO_ADB), "asn1_do_adb"}, - {ERR_FUNC(ASN1_F_ASN1_DO_LOCK), "asn1_do_lock"}, - {ERR_FUNC(ASN1_F_ASN1_DUP), "ASN1_dup"}, - {ERR_FUNC(ASN1_F_ASN1_EX_C2I), "asn1_ex_c2i"}, - {ERR_FUNC(ASN1_F_ASN1_FIND_END), "asn1_find_end"}, - {ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_ADJ), "ASN1_GENERALIZEDTIME_adj"}, - {ERR_FUNC(ASN1_F_ASN1_GENERATE_V3), "ASN1_generate_v3"}, - {ERR_FUNC(ASN1_F_ASN1_GET_INT64), "asn1_get_int64"}, - {ERR_FUNC(ASN1_F_ASN1_GET_OBJECT), "ASN1_get_object"}, - {ERR_FUNC(ASN1_F_ASN1_GET_UINT64), "asn1_get_uint64"}, - {ERR_FUNC(ASN1_F_ASN1_I2D_BIO), "ASN1_i2d_bio"}, - {ERR_FUNC(ASN1_F_ASN1_I2D_FP), "ASN1_i2d_fp"}, - {ERR_FUNC(ASN1_F_ASN1_ITEM_D2I_FP), "ASN1_item_d2i_fp"}, - {ERR_FUNC(ASN1_F_ASN1_ITEM_DUP), "ASN1_item_dup"}, - {ERR_FUNC(ASN1_F_ASN1_ITEM_EMBED_D2I), "asn1_item_embed_d2i"}, - {ERR_FUNC(ASN1_F_ASN1_ITEM_EMBED_NEW), "asn1_item_embed_new"}, - {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_BIO), "ASN1_item_i2d_bio"}, - {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_FP), "ASN1_item_i2d_fp"}, - {ERR_FUNC(ASN1_F_ASN1_ITEM_PACK), "ASN1_item_pack"}, - {ERR_FUNC(ASN1_F_ASN1_ITEM_SIGN), "ASN1_item_sign"}, - {ERR_FUNC(ASN1_F_ASN1_ITEM_SIGN_CTX), "ASN1_item_sign_ctx"}, - {ERR_FUNC(ASN1_F_ASN1_ITEM_UNPACK), "ASN1_item_unpack"}, - {ERR_FUNC(ASN1_F_ASN1_ITEM_VERIFY), "ASN1_item_verify"}, - {ERR_FUNC(ASN1_F_ASN1_MBSTRING_NCOPY), "ASN1_mbstring_ncopy"}, - {ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW), "ASN1_OBJECT_new"}, - {ERR_FUNC(ASN1_F_ASN1_OUTPUT_DATA), "asn1_output_data"}, - {ERR_FUNC(ASN1_F_ASN1_PCTX_NEW), "ASN1_PCTX_new"}, - {ERR_FUNC(ASN1_F_ASN1_SCTX_NEW), "ASN1_SCTX_new"}, - {ERR_FUNC(ASN1_F_ASN1_SIGN), "ASN1_sign"}, - {ERR_FUNC(ASN1_F_ASN1_STR2TYPE), "asn1_str2type"}, - {ERR_FUNC(ASN1_F_ASN1_STRING_GET_INT64), "asn1_string_get_int64"}, - {ERR_FUNC(ASN1_F_ASN1_STRING_GET_UINT64), "asn1_string_get_uint64"}, - {ERR_FUNC(ASN1_F_ASN1_STRING_SET), "ASN1_STRING_set"}, - {ERR_FUNC(ASN1_F_ASN1_STRING_TABLE_ADD), "ASN1_STRING_TABLE_add"}, - {ERR_FUNC(ASN1_F_ASN1_STRING_TO_BN), "asn1_string_to_bn"}, - {ERR_FUNC(ASN1_F_ASN1_STRING_TYPE_NEW), "ASN1_STRING_type_new"}, - {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I), "asn1_template_ex_d2i"}, - {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW), "asn1_template_new"}, - {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I), "asn1_template_noexp_d2i"}, - {ERR_FUNC(ASN1_F_ASN1_TIME_ADJ), "ASN1_TIME_adj"}, - {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING), +static const ERR_STRING_DATA ASN1_str_functs[] = { + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_A2D_ASN1_OBJECT, 0), "a2d_ASN1_OBJECT"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_A2I_ASN1_INTEGER, 0), "a2i_ASN1_INTEGER"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_A2I_ASN1_STRING, 0), "a2i_ASN1_STRING"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_APPEND_EXP, 0), "append_exp"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_BIO_INIT, 0), "asn1_bio_init"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_BIT_STRING_SET_BIT, 0), + "ASN1_BIT_STRING_set_bit"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_CB, 0), "asn1_cb"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_CHECK_TLEN, 0), "asn1_check_tlen"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_COLLECT, 0), "asn1_collect"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_D2I_EX_PRIMITIVE, 0), + "asn1_d2i_ex_primitive"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_D2I_FP, 0), "ASN1_d2i_fp"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_D2I_READ_BIO, 0), "asn1_d2i_read_bio"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_DIGEST, 0), "ASN1_digest"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_DO_ADB, 0), "asn1_do_adb"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_DO_LOCK, 0), "asn1_do_lock"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_DUP, 0), "ASN1_dup"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ENC_SAVE, 0), "asn1_enc_save"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_EX_C2I, 0), "asn1_ex_c2i"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_FIND_END, 0), "asn1_find_end"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GENERALIZEDTIME_ADJ, 0), + "ASN1_GENERALIZEDTIME_adj"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GENERATE_V3, 0), "ASN1_generate_v3"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GET_INT64, 0), "asn1_get_int64"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GET_OBJECT, 0), "ASN1_get_object"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GET_UINT64, 0), "asn1_get_uint64"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_I2D_BIO, 0), "ASN1_i2d_bio"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_I2D_FP, 0), "ASN1_i2d_fp"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_D2I_FP, 0), "ASN1_item_d2i_fp"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_DUP, 0), "ASN1_item_dup"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_EMBED_D2I, 0), + "asn1_item_embed_d2i"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_EMBED_NEW, 0), + "asn1_item_embed_new"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_FLAGS_I2D, 0), + "asn1_item_flags_i2d"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_I2D_BIO, 0), "ASN1_item_i2d_bio"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_I2D_FP, 0), "ASN1_item_i2d_fp"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_PACK, 0), "ASN1_item_pack"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_SIGN, 0), "ASN1_item_sign"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_SIGN_CTX, 0), + "ASN1_item_sign_ctx"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_UNPACK, 0), "ASN1_item_unpack"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_VERIFY, 0), "ASN1_item_verify"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_MBSTRING_NCOPY, 0), + "ASN1_mbstring_ncopy"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_OBJECT_NEW, 0), "ASN1_OBJECT_new"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_OUTPUT_DATA, 0), "asn1_output_data"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_PCTX_NEW, 0), "ASN1_PCTX_new"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_PRIMITIVE_NEW, 0), + "asn1_primitive_new"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_SCTX_NEW, 0), "ASN1_SCTX_new"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_SIGN, 0), "ASN1_sign"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STR2TYPE, 0), "asn1_str2type"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_GET_INT64, 0), + "asn1_string_get_int64"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_GET_UINT64, 0), + "asn1_string_get_uint64"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_SET, 0), "ASN1_STRING_set"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_TABLE_ADD, 0), + "ASN1_STRING_TABLE_add"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_TO_BN, 0), "asn1_string_to_bn"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_TYPE_NEW, 0), + "ASN1_STRING_type_new"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TEMPLATE_EX_D2I, 0), + "asn1_template_ex_d2i"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TEMPLATE_NEW, 0), "asn1_template_new"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, 0), + "asn1_template_noexp_d2i"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TIME_ADJ, 0), "ASN1_TIME_adj"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING, 0), "ASN1_TYPE_get_int_octetstring"}, - {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING), "ASN1_TYPE_get_octetstring"}, - {ERR_FUNC(ASN1_F_ASN1_UTCTIME_ADJ), "ASN1_UTCTIME_adj"}, - {ERR_FUNC(ASN1_F_ASN1_VERIFY), "ASN1_verify"}, - {ERR_FUNC(ASN1_F_B64_READ_ASN1), "b64_read_asn1"}, - {ERR_FUNC(ASN1_F_B64_WRITE_ASN1), "B64_write_ASN1"}, - {ERR_FUNC(ASN1_F_BIO_NEW_NDEF), "BIO_new_NDEF"}, - {ERR_FUNC(ASN1_F_BITSTR_CB), "bitstr_cb"}, - {ERR_FUNC(ASN1_F_BN_TO_ASN1_STRING), "bn_to_asn1_string"}, - {ERR_FUNC(ASN1_F_C2I_ASN1_BIT_STRING), "c2i_ASN1_BIT_STRING"}, - {ERR_FUNC(ASN1_F_C2I_ASN1_INTEGER), "c2i_ASN1_INTEGER"}, - {ERR_FUNC(ASN1_F_C2I_ASN1_OBJECT), "c2i_ASN1_OBJECT"}, - {ERR_FUNC(ASN1_F_C2I_IBUF), "c2i_ibuf"}, - {ERR_FUNC(ASN1_F_C2I_UINT64_INT), "c2i_uint64_int"}, - {ERR_FUNC(ASN1_F_COLLECT_DATA), "collect_data"}, - {ERR_FUNC(ASN1_F_D2I_ASN1_OBJECT), "d2i_ASN1_OBJECT"}, - {ERR_FUNC(ASN1_F_D2I_ASN1_UINTEGER), "d2i_ASN1_UINTEGER"}, - {ERR_FUNC(ASN1_F_D2I_AUTOPRIVATEKEY), "d2i_AutoPrivateKey"}, - {ERR_FUNC(ASN1_F_D2I_PRIVATEKEY), "d2i_PrivateKey"}, - {ERR_FUNC(ASN1_F_D2I_PUBLICKEY), "d2i_PublicKey"}, - {ERR_FUNC(ASN1_F_DO_BUF), "do_buf"}, - {ERR_FUNC(ASN1_F_DO_TCREATE), "do_tcreate"}, - {ERR_FUNC(ASN1_F_I2D_ASN1_BIO_STREAM), "i2d_ASN1_bio_stream"}, - {ERR_FUNC(ASN1_F_I2D_ASN1_OBJECT), "i2d_ASN1_OBJECT"}, - {ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"}, - {ERR_FUNC(ASN1_F_I2D_EC_PUBKEY), "i2d_EC_PUBKEY"}, - {ERR_FUNC(ASN1_F_I2D_PRIVATEKEY), "i2d_PrivateKey"}, - {ERR_FUNC(ASN1_F_I2D_PUBLICKEY), "i2d_PublicKey"}, - {ERR_FUNC(ASN1_F_I2D_RSA_PUBKEY), "i2d_RSA_PUBKEY"}, - {ERR_FUNC(ASN1_F_LONG_C2I), "long_c2i"}, - {ERR_FUNC(ASN1_F_OID_MODULE_INIT), "oid_module_init"}, - {ERR_FUNC(ASN1_F_PARSE_TAGGING), "parse_tagging"}, - {ERR_FUNC(ASN1_F_PKCS5_PBE2_SET_IV), "PKCS5_pbe2_set_iv"}, - {ERR_FUNC(ASN1_F_PKCS5_PBE2_SET_SCRYPT), "PKCS5_pbe2_set_scrypt"}, - {ERR_FUNC(ASN1_F_PKCS5_PBE_SET), "PKCS5_pbe_set"}, - {ERR_FUNC(ASN1_F_PKCS5_PBE_SET0_ALGOR), "PKCS5_pbe_set0_algor"}, - {ERR_FUNC(ASN1_F_PKCS5_PBKDF2_SET), "PKCS5_pbkdf2_set"}, - {ERR_FUNC(ASN1_F_PKCS5_SCRYPT_SET), "pkcs5_scrypt_set"}, - {ERR_FUNC(ASN1_F_SMIME_READ_ASN1), "SMIME_read_ASN1"}, - {ERR_FUNC(ASN1_F_SMIME_TEXT), "SMIME_text"}, - {ERR_FUNC(ASN1_F_STBL_MODULE_INIT), "stbl_module_init"}, - {ERR_FUNC(ASN1_F_UINT32_C2I), "uint32_c2i"}, - {ERR_FUNC(ASN1_F_UINT64_C2I), "uint64_c2i"}, - {ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED), "X509_CRL_add0_revoked"}, - {ERR_FUNC(ASN1_F_X509_INFO_NEW), "X509_INFO_new"}, - {ERR_FUNC(ASN1_F_X509_NAME_ENCODE), "x509_name_encode"}, - {ERR_FUNC(ASN1_F_X509_NAME_EX_D2I), "x509_name_ex_d2i"}, - {ERR_FUNC(ASN1_F_X509_NAME_EX_NEW), "x509_name_ex_new"}, - {ERR_FUNC(ASN1_F_X509_PKEY_NEW), "X509_PKEY_new"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TYPE_GET_OCTETSTRING, 0), + "ASN1_TYPE_get_octetstring"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_UTCTIME_ADJ, 0), "ASN1_UTCTIME_adj"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_VERIFY, 0), "ASN1_verify"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_B64_READ_ASN1, 0), "b64_read_asn1"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_B64_WRITE_ASN1, 0), "B64_write_ASN1"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_BIO_NEW_NDEF, 0), "BIO_new_NDEF"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_BITSTR_CB, 0), "bitstr_cb"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_BN_TO_ASN1_STRING, 0), "bn_to_asn1_string"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_C2I_ASN1_BIT_STRING, 0), + "c2i_ASN1_BIT_STRING"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_C2I_ASN1_INTEGER, 0), "c2i_ASN1_INTEGER"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_C2I_ASN1_OBJECT, 0), "c2i_ASN1_OBJECT"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_C2I_IBUF, 0), "c2i_ibuf"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_C2I_UINT64_INT, 0), "c2i_uint64_int"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_COLLECT_DATA, 0), "collect_data"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_D2I_ASN1_OBJECT, 0), "d2i_ASN1_OBJECT"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_D2I_ASN1_UINTEGER, 0), "d2i_ASN1_UINTEGER"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_D2I_AUTOPRIVATEKEY, 0), + "d2i_AutoPrivateKey"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_D2I_PRIVATEKEY, 0), "d2i_PrivateKey"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_D2I_PUBLICKEY, 0), "d2i_PublicKey"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_DO_BUF, 0), "do_buf"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_DO_CREATE, 0), "do_create"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_DO_DUMP, 0), "do_dump"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_DO_TCREATE, 0), "do_tcreate"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2A_ASN1_OBJECT, 0), "i2a_ASN1_OBJECT"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_ASN1_BIO_STREAM, 0), + "i2d_ASN1_bio_stream"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_ASN1_OBJECT, 0), "i2d_ASN1_OBJECT"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_DSA_PUBKEY, 0), "i2d_DSA_PUBKEY"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_EC_PUBKEY, 0), "i2d_EC_PUBKEY"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_PRIVATEKEY, 0), "i2d_PrivateKey"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_PUBLICKEY, 0), "i2d_PublicKey"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_RSA_PUBKEY, 0), "i2d_RSA_PUBKEY"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_LONG_C2I, 0), "long_c2i"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_NDEF_PREFIX, 0), "ndef_prefix"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_NDEF_SUFFIX, 0), "ndef_suffix"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_OID_MODULE_INIT, 0), "oid_module_init"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PARSE_TAGGING, 0), "parse_tagging"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PKCS5_PBE2_SET_IV, 0), "PKCS5_pbe2_set_iv"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PKCS5_PBE2_SET_SCRYPT, 0), + "PKCS5_pbe2_set_scrypt"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PKCS5_PBE_SET, 0), "PKCS5_pbe_set"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PKCS5_PBE_SET0_ALGOR, 0), + "PKCS5_pbe_set0_algor"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PKCS5_PBKDF2_SET, 0), "PKCS5_pbkdf2_set"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PKCS5_SCRYPT_SET, 0), "pkcs5_scrypt_set"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_SMIME_READ_ASN1, 0), "SMIME_read_ASN1"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_SMIME_TEXT, 0), "SMIME_text"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_STABLE_GET, 0), "stable_get"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_STBL_MODULE_INIT, 0), "stbl_module_init"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_UINT32_C2I, 0), "uint32_c2i"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_UINT32_NEW, 0), "uint32_new"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_UINT64_C2I, 0), "uint64_c2i"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_UINT64_NEW, 0), "uint64_new"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_X509_CRL_ADD0_REVOKED, 0), + "X509_CRL_add0_revoked"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_X509_INFO_NEW, 0), "X509_INFO_new"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_X509_NAME_ENCODE, 0), "x509_name_encode"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_X509_NAME_EX_D2I, 0), "x509_name_ex_d2i"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_X509_NAME_EX_NEW, 0), "x509_name_ex_new"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_X509_PKEY_NEW, 0), "X509_PKEY_new"}, {0, NULL} }; -static ERR_STRING_DATA ASN1_str_reasons[] = { - {ERR_REASON(ASN1_R_ADDING_OBJECT), "adding object"}, - {ERR_REASON(ASN1_R_ASN1_PARSE_ERROR), "asn1 parse error"}, - {ERR_REASON(ASN1_R_ASN1_SIG_PARSE_ERROR), "asn1 sig parse error"}, - {ERR_REASON(ASN1_R_AUX_ERROR), "aux error"}, - {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER), "bad object header"}, - {ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH), - "bmpstring is wrong length"}, - {ERR_REASON(ASN1_R_BN_LIB), "bn lib"}, - {ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH), "boolean is wrong length"}, - {ERR_REASON(ASN1_R_BUFFER_TOO_SMALL), "buffer too small"}, - {ERR_REASON(ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER), - "cipher has no object identifier"}, - {ERR_REASON(ASN1_R_CONTEXT_NOT_INITIALISED), "context not initialised"}, - {ERR_REASON(ASN1_R_DATA_IS_WRONG), "data is wrong"}, - {ERR_REASON(ASN1_R_DECODE_ERROR), "decode error"}, - {ERR_REASON(ASN1_R_DEPTH_EXCEEDED), "depth exceeded"}, - {ERR_REASON(ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED), - "digest and key type not supported"}, - {ERR_REASON(ASN1_R_ENCODE_ERROR), "encode error"}, - {ERR_REASON(ASN1_R_ERROR_GETTING_TIME), "error getting time"}, - {ERR_REASON(ASN1_R_ERROR_LOADING_SECTION), "error loading section"}, - {ERR_REASON(ASN1_R_ERROR_SETTING_CIPHER_PARAMS), - "error setting cipher params"}, - {ERR_REASON(ASN1_R_EXPECTING_AN_INTEGER), "expecting an integer"}, - {ERR_REASON(ASN1_R_EXPECTING_AN_OBJECT), "expecting an object"}, - {ERR_REASON(ASN1_R_EXPLICIT_LENGTH_MISMATCH), "explicit length mismatch"}, - {ERR_REASON(ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED), - "explicit tag not constructed"}, - {ERR_REASON(ASN1_R_FIELD_MISSING), "field missing"}, - {ERR_REASON(ASN1_R_FIRST_NUM_TOO_LARGE), "first num too large"}, - {ERR_REASON(ASN1_R_HEADER_TOO_LONG), "header too long"}, - {ERR_REASON(ASN1_R_ILLEGAL_BITSTRING_FORMAT), "illegal bitstring format"}, - {ERR_REASON(ASN1_R_ILLEGAL_BOOLEAN), "illegal boolean"}, - {ERR_REASON(ASN1_R_ILLEGAL_CHARACTERS), "illegal characters"}, - {ERR_REASON(ASN1_R_ILLEGAL_FORMAT), "illegal format"}, - {ERR_REASON(ASN1_R_ILLEGAL_HEX), "illegal hex"}, - {ERR_REASON(ASN1_R_ILLEGAL_IMPLICIT_TAG), "illegal implicit tag"}, - {ERR_REASON(ASN1_R_ILLEGAL_INTEGER), "illegal integer"}, - {ERR_REASON(ASN1_R_ILLEGAL_NEGATIVE_VALUE), "illegal negative value"}, - {ERR_REASON(ASN1_R_ILLEGAL_NESTED_TAGGING), "illegal nested tagging"}, - {ERR_REASON(ASN1_R_ILLEGAL_NULL), "illegal null"}, - {ERR_REASON(ASN1_R_ILLEGAL_NULL_VALUE), "illegal null value"}, - {ERR_REASON(ASN1_R_ILLEGAL_OBJECT), "illegal object"}, - {ERR_REASON(ASN1_R_ILLEGAL_OPTIONAL_ANY), "illegal optional any"}, - {ERR_REASON(ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE), - "illegal options on item template"}, - {ERR_REASON(ASN1_R_ILLEGAL_PADDING), "illegal padding"}, - {ERR_REASON(ASN1_R_ILLEGAL_TAGGED_ANY), "illegal tagged any"}, - {ERR_REASON(ASN1_R_ILLEGAL_TIME_VALUE), "illegal time value"}, - {ERR_REASON(ASN1_R_ILLEGAL_ZERO_CONTENT), "illegal zero content"}, - {ERR_REASON(ASN1_R_INTEGER_NOT_ASCII_FORMAT), "integer not ascii format"}, - {ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG), - "integer too large for long"}, - {ERR_REASON(ASN1_R_INVALID_BIT_STRING_BITS_LEFT), - "invalid bit string bits left"}, - {ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH), "invalid bmpstring length"}, - {ERR_REASON(ASN1_R_INVALID_DIGIT), "invalid digit"}, - {ERR_REASON(ASN1_R_INVALID_MIME_TYPE), "invalid mime type"}, - {ERR_REASON(ASN1_R_INVALID_MODIFIER), "invalid modifier"}, - {ERR_REASON(ASN1_R_INVALID_NUMBER), "invalid number"}, - {ERR_REASON(ASN1_R_INVALID_OBJECT_ENCODING), "invalid object encoding"}, - {ERR_REASON(ASN1_R_INVALID_SCRYPT_PARAMETERS), - "invalid scrypt parameters"}, - {ERR_REASON(ASN1_R_INVALID_SEPARATOR), "invalid separator"}, - {ERR_REASON(ASN1_R_INVALID_STRING_TABLE_VALUE), - "invalid string table value"}, - {ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH), - "invalid universalstring length"}, - {ERR_REASON(ASN1_R_INVALID_UTF8STRING), "invalid utf8string"}, - {ERR_REASON(ASN1_R_INVALID_VALUE), "invalid value"}, - {ERR_REASON(ASN1_R_LIST_ERROR), "list error"}, - {ERR_REASON(ASN1_R_MIME_NO_CONTENT_TYPE), "mime no content type"}, - {ERR_REASON(ASN1_R_MIME_PARSE_ERROR), "mime parse error"}, - {ERR_REASON(ASN1_R_MIME_SIG_PARSE_ERROR), "mime sig parse error"}, - {ERR_REASON(ASN1_R_MISSING_EOC), "missing eoc"}, - {ERR_REASON(ASN1_R_MISSING_SECOND_NUMBER), "missing second number"}, - {ERR_REASON(ASN1_R_MISSING_VALUE), "missing value"}, - {ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL), "mstring not universal"}, - {ERR_REASON(ASN1_R_MSTRING_WRONG_TAG), "mstring wrong tag"}, - {ERR_REASON(ASN1_R_NESTED_ASN1_STRING), "nested asn1 string"}, - {ERR_REASON(ASN1_R_NESTED_TOO_DEEP), "nested too deep"}, - {ERR_REASON(ASN1_R_NON_HEX_CHARACTERS), "non hex characters"}, - {ERR_REASON(ASN1_R_NOT_ASCII_FORMAT), "not ascii format"}, - {ERR_REASON(ASN1_R_NOT_ENOUGH_DATA), "not enough data"}, - {ERR_REASON(ASN1_R_NO_CONTENT_TYPE), "no content type"}, - {ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE), "no matching choice type"}, - {ERR_REASON(ASN1_R_NO_MULTIPART_BODY_FAILURE), - "no multipart body failure"}, - {ERR_REASON(ASN1_R_NO_MULTIPART_BOUNDARY), "no multipart boundary"}, - {ERR_REASON(ASN1_R_NO_SIG_CONTENT_TYPE), "no sig content type"}, - {ERR_REASON(ASN1_R_NULL_IS_WRONG_LENGTH), "null is wrong length"}, - {ERR_REASON(ASN1_R_OBJECT_NOT_ASCII_FORMAT), "object not ascii format"}, - {ERR_REASON(ASN1_R_ODD_NUMBER_OF_CHARS), "odd number of chars"}, - {ERR_REASON(ASN1_R_SECOND_NUMBER_TOO_LARGE), "second number too large"}, - {ERR_REASON(ASN1_R_SEQUENCE_LENGTH_MISMATCH), "sequence length mismatch"}, - {ERR_REASON(ASN1_R_SEQUENCE_NOT_CONSTRUCTED), "sequence not constructed"}, - {ERR_REASON(ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG), - "sequence or set needs config"}, - {ERR_REASON(ASN1_R_SHORT_LINE), "short line"}, - {ERR_REASON(ASN1_R_SIG_INVALID_MIME_TYPE), "sig invalid mime type"}, - {ERR_REASON(ASN1_R_STREAMING_NOT_SUPPORTED), "streaming not supported"}, - {ERR_REASON(ASN1_R_STRING_TOO_LONG), "string too long"}, - {ERR_REASON(ASN1_R_STRING_TOO_SHORT), "string too short"}, - {ERR_REASON(ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD), - "the asn1 object identifier is not known for this md"}, - {ERR_REASON(ASN1_R_TIME_NOT_ASCII_FORMAT), "time not ascii format"}, - {ERR_REASON(ASN1_R_TOO_LARGE), "too large"}, - {ERR_REASON(ASN1_R_TOO_LONG), "too long"}, - {ERR_REASON(ASN1_R_TOO_SMALL), "too small"}, - {ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED), "type not constructed"}, - {ERR_REASON(ASN1_R_TYPE_NOT_PRIMITIVE), "type not primitive"}, - {ERR_REASON(ASN1_R_UNEXPECTED_EOC), "unexpected eoc"}, - {ERR_REASON(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH), - "universalstring is wrong length"}, - {ERR_REASON(ASN1_R_UNKNOWN_FORMAT), "unknown format"}, - {ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM), - "unknown message digest algorithm"}, - {ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE), "unknown object type"}, - {ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE), "unknown public key type"}, - {ERR_REASON(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM), - "unknown signature algorithm"}, - {ERR_REASON(ASN1_R_UNKNOWN_TAG), "unknown tag"}, - {ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE), - "unsupported any defined by type"}, - {ERR_REASON(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE), - "unsupported public key type"}, - {ERR_REASON(ASN1_R_UNSUPPORTED_TYPE), "unsupported type"}, - {ERR_REASON(ASN1_R_WRONG_INTEGER_TYPE), "wrong integer type"}, - {ERR_REASON(ASN1_R_WRONG_PUBLIC_KEY_TYPE), "wrong public key type"}, - {ERR_REASON(ASN1_R_WRONG_TAG), "wrong tag"}, +static const ERR_STRING_DATA ASN1_str_reasons[] = { + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ADDING_OBJECT), "adding object"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ASN1_PARSE_ERROR), "asn1 parse error"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ASN1_SIG_PARSE_ERROR), + "asn1 sig parse error"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_AUX_ERROR), "aux error"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BAD_OBJECT_HEADER), "bad object header"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BMPSTRING_IS_WRONG_LENGTH), + "bmpstring is wrong length"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BN_LIB), "bn lib"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BOOLEAN_IS_WRONG_LENGTH), + "boolean is wrong length"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BUFFER_TOO_SMALL), "buffer too small"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER), + "cipher has no object identifier"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_CONTEXT_NOT_INITIALISED), + "context not initialised"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_DATA_IS_WRONG), "data is wrong"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_DECODE_ERROR), "decode error"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_DEPTH_EXCEEDED), "depth exceeded"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED), + "digest and key type not supported"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ENCODE_ERROR), "encode error"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ERROR_GETTING_TIME), + "error getting time"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ERROR_LOADING_SECTION), + "error loading section"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ERROR_SETTING_CIPHER_PARAMS), + "error setting cipher params"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_EXPECTING_AN_INTEGER), + "expecting an integer"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_EXPECTING_AN_OBJECT), + "expecting an object"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_EXPLICIT_LENGTH_MISMATCH), + "explicit length mismatch"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED), + "explicit tag not constructed"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_FIELD_MISSING), "field missing"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_FIRST_NUM_TOO_LARGE), + "first num too large"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_HEADER_TOO_LONG), "header too long"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_BITSTRING_FORMAT), + "illegal bitstring format"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_BOOLEAN), "illegal boolean"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_CHARACTERS), + "illegal characters"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_FORMAT), "illegal format"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_HEX), "illegal hex"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_IMPLICIT_TAG), + "illegal implicit tag"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_INTEGER), "illegal integer"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_NEGATIVE_VALUE), + "illegal negative value"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_NESTED_TAGGING), + "illegal nested tagging"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_NULL), "illegal null"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_NULL_VALUE), + "illegal null value"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_OBJECT), "illegal object"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_OPTIONAL_ANY), + "illegal optional any"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE), + "illegal options on item template"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_PADDING), "illegal padding"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_TAGGED_ANY), + "illegal tagged any"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_TIME_VALUE), + "illegal time value"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_ZERO_CONTENT), + "illegal zero content"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INTEGER_NOT_ASCII_FORMAT), + "integer not ascii format"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG), + "integer too large for long"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_BIT_STRING_BITS_LEFT), + "invalid bit string bits left"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_BMPSTRING_LENGTH), + "invalid bmpstring length"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_DIGIT), "invalid digit"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_MIME_TYPE), "invalid mime type"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_MODIFIER), "invalid modifier"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_NUMBER), "invalid number"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_OBJECT_ENCODING), + "invalid object encoding"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_SCRYPT_PARAMETERS), + "invalid scrypt parameters"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_SEPARATOR), "invalid separator"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_STRING_TABLE_VALUE), + "invalid string table value"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_UNIVERSALSTRING_LENGTH), + "invalid universalstring length"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_UTF8STRING), + "invalid utf8string"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_VALUE), "invalid value"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_LIST_ERROR), "list error"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MIME_NO_CONTENT_TYPE), + "mime no content type"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MIME_PARSE_ERROR), "mime parse error"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MIME_SIG_PARSE_ERROR), + "mime sig parse error"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MISSING_EOC), "missing eoc"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MISSING_SECOND_NUMBER), + "missing second number"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MISSING_VALUE), "missing value"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MSTRING_NOT_UNIVERSAL), + "mstring not universal"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MSTRING_WRONG_TAG), "mstring wrong tag"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NESTED_ASN1_STRING), + "nested asn1 string"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NESTED_TOO_DEEP), "nested too deep"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NON_HEX_CHARACTERS), + "non hex characters"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NOT_ASCII_FORMAT), "not ascii format"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NOT_ENOUGH_DATA), "not enough data"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_CONTENT_TYPE), "no content type"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_MATCHING_CHOICE_TYPE), + "no matching choice type"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_MULTIPART_BODY_FAILURE), + "no multipart body failure"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_MULTIPART_BOUNDARY), + "no multipart boundary"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_SIG_CONTENT_TYPE), + "no sig content type"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NULL_IS_WRONG_LENGTH), + "null is wrong length"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_OBJECT_NOT_ASCII_FORMAT), + "object not ascii format"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ODD_NUMBER_OF_CHARS), + "odd number of chars"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SECOND_NUMBER_TOO_LARGE), + "second number too large"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SEQUENCE_LENGTH_MISMATCH), + "sequence length mismatch"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SEQUENCE_NOT_CONSTRUCTED), + "sequence not constructed"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG), + "sequence or set needs config"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SHORT_LINE), "short line"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SIG_INVALID_MIME_TYPE), + "sig invalid mime type"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_STREAMING_NOT_SUPPORTED), + "streaming not supported"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_STRING_TOO_LONG), "string too long"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_STRING_TOO_SHORT), "string too short"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD), + "the asn1 object identifier is not known for this md"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TIME_NOT_ASCII_FORMAT), + "time not ascii format"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TOO_LARGE), "too large"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TOO_LONG), "too long"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TOO_SMALL), "too small"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TYPE_NOT_CONSTRUCTED), + "type not constructed"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TYPE_NOT_PRIMITIVE), + "type not primitive"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNEXPECTED_EOC), "unexpected eoc"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH), + "universalstring is wrong length"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_FORMAT), "unknown format"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM), + "unknown message digest algorithm"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_OBJECT_TYPE), + "unknown object type"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE), + "unknown public key type"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM), + "unknown signature algorithm"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_TAG), "unknown tag"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE), + "unsupported any defined by type"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_CIPHER), + "unsupported cipher"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE), + "unsupported public key type"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_TYPE), "unsupported type"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_WRONG_INTEGER_TYPE), + "wrong integer type"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_WRONG_PUBLIC_KEY_TYPE), + "wrong public key type"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_WRONG_TAG), "wrong tag"}, {0, NULL} }; @@ -263,10 +341,9 @@ static ERR_STRING_DATA ASN1_str_reasons[] = { int ERR_load_ASN1_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(ASN1_str_functs[0].error) == NULL) { - ERR_load_strings(0, ASN1_str_functs); - ERR_load_strings(0, ASN1_str_reasons); + ERR_load_strings_const(ASN1_str_functs); + ERR_load_strings_const(ASN1_str_reasons); } #endif return 1; diff --git a/deps/openssl/openssl/crypto/asn1/asn1_item_list.c b/deps/openssl/openssl/crypto/asn1/asn1_item_list.c new file mode 100644 index 00000000000000..9798192f4be221 --- /dev/null +++ b/deps/openssl/openssl/crypto/asn1/asn1_item_list.c @@ -0,0 +1,42 @@ +/* + * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "internal/cryptlib.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "asn1_item_list.h" + +const ASN1_ITEM *ASN1_ITEM_lookup(const char *name) +{ + size_t i; + + for (i = 0; i < OSSL_NELEM(asn1_item_list); i++) { + const ASN1_ITEM *it = ASN1_ITEM_ptr(asn1_item_list[i]); + + if (strcmp(it->sname, name) == 0) + return it; + } + return NULL; +} + +const ASN1_ITEM *ASN1_ITEM_get(size_t i) +{ + if (i >= OSSL_NELEM(asn1_item_list)) + return NULL; + return ASN1_ITEM_ptr(asn1_item_list[i]); +} diff --git a/deps/openssl/openssl/crypto/asn1/asn1_item_list.h b/deps/openssl/openssl/crypto/asn1/asn1_item_list.h new file mode 100644 index 00000000000000..db8107ed1b1905 --- /dev/null +++ b/deps/openssl/openssl/crypto/asn1/asn1_item_list.h @@ -0,0 +1,178 @@ +/* + * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +static ASN1_ITEM_EXP *asn1_item_list[] = { + + ASN1_ITEM_ref(ACCESS_DESCRIPTION), +#ifndef OPENSSL_NO_RFC3779 + ASN1_ITEM_ref(ASIdOrRange), + ASN1_ITEM_ref(ASIdentifierChoice), + ASN1_ITEM_ref(ASIdentifiers), +#endif + ASN1_ITEM_ref(ASN1_ANY), + ASN1_ITEM_ref(ASN1_BIT_STRING), + ASN1_ITEM_ref(ASN1_BMPSTRING), + ASN1_ITEM_ref(ASN1_BOOLEAN), + ASN1_ITEM_ref(ASN1_ENUMERATED), + ASN1_ITEM_ref(ASN1_FBOOLEAN), + ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), + ASN1_ITEM_ref(ASN1_GENERALSTRING), + ASN1_ITEM_ref(ASN1_IA5STRING), + ASN1_ITEM_ref(ASN1_INTEGER), + ASN1_ITEM_ref(ASN1_NULL), + ASN1_ITEM_ref(ASN1_OBJECT), + ASN1_ITEM_ref(ASN1_OCTET_STRING_NDEF), + ASN1_ITEM_ref(ASN1_OCTET_STRING), + ASN1_ITEM_ref(ASN1_PRINTABLESTRING), + ASN1_ITEM_ref(ASN1_PRINTABLE), + ASN1_ITEM_ref(ASN1_SEQUENCE_ANY), + ASN1_ITEM_ref(ASN1_SEQUENCE), + ASN1_ITEM_ref(ASN1_SET_ANY), + ASN1_ITEM_ref(ASN1_T61STRING), + ASN1_ITEM_ref(ASN1_TBOOLEAN), + ASN1_ITEM_ref(ASN1_TIME), + ASN1_ITEM_ref(ASN1_UNIVERSALSTRING), + ASN1_ITEM_ref(ASN1_UTCTIME), + ASN1_ITEM_ref(ASN1_UTF8STRING), + ASN1_ITEM_ref(ASN1_VISIBLESTRING), +#ifndef OPENSSL_NO_RFC3779 + ASN1_ITEM_ref(ASRange), +#endif + ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS), + ASN1_ITEM_ref(AUTHORITY_KEYID), + ASN1_ITEM_ref(BASIC_CONSTRAINTS), + ASN1_ITEM_ref(BIGNUM), + ASN1_ITEM_ref(CBIGNUM), + ASN1_ITEM_ref(CERTIFICATEPOLICIES), +#ifndef OPENSSL_NO_CMS + ASN1_ITEM_ref(CMS_ContentInfo), + ASN1_ITEM_ref(CMS_ReceiptRequest), +#endif + ASN1_ITEM_ref(CRL_DIST_POINTS), +#ifndef OPENSSL_NO_DH + ASN1_ITEM_ref(DHparams), +#endif + ASN1_ITEM_ref(DIRECTORYSTRING), + ASN1_ITEM_ref(DISPLAYTEXT), + ASN1_ITEM_ref(DIST_POINT_NAME), + ASN1_ITEM_ref(DIST_POINT), +#ifndef OPENSSL_NO_EC + ASN1_ITEM_ref(ECPARAMETERS), + ASN1_ITEM_ref(ECPKPARAMETERS), +#endif + ASN1_ITEM_ref(EDIPARTYNAME), + ASN1_ITEM_ref(EXTENDED_KEY_USAGE), + ASN1_ITEM_ref(GENERAL_NAMES), + ASN1_ITEM_ref(GENERAL_NAME), + ASN1_ITEM_ref(GENERAL_SUBTREE), +#ifndef OPENSSL_NO_RFC3779 + ASN1_ITEM_ref(IPAddressChoice), + ASN1_ITEM_ref(IPAddressFamily), + ASN1_ITEM_ref(IPAddressOrRange), + ASN1_ITEM_ref(IPAddressRange), +#endif + ASN1_ITEM_ref(ISSUING_DIST_POINT), +#if OPENSSL_API_COMPAT < 0x10200000L + ASN1_ITEM_ref(LONG), +#endif + ASN1_ITEM_ref(NAME_CONSTRAINTS), + ASN1_ITEM_ref(NETSCAPE_CERT_SEQUENCE), + ASN1_ITEM_ref(NETSCAPE_SPKAC), + ASN1_ITEM_ref(NETSCAPE_SPKI), + ASN1_ITEM_ref(NOTICEREF), +#ifndef OPENSSL_NO_OCSP + ASN1_ITEM_ref(OCSP_BASICRESP), + ASN1_ITEM_ref(OCSP_CERTID), + ASN1_ITEM_ref(OCSP_CERTSTATUS), + ASN1_ITEM_ref(OCSP_CRLID), + ASN1_ITEM_ref(OCSP_ONEREQ), + ASN1_ITEM_ref(OCSP_REQINFO), + ASN1_ITEM_ref(OCSP_REQUEST), + ASN1_ITEM_ref(OCSP_RESPBYTES), + ASN1_ITEM_ref(OCSP_RESPDATA), + ASN1_ITEM_ref(OCSP_RESPID), + ASN1_ITEM_ref(OCSP_RESPONSE), + ASN1_ITEM_ref(OCSP_REVOKEDINFO), + ASN1_ITEM_ref(OCSP_SERVICELOC), + ASN1_ITEM_ref(OCSP_SIGNATURE), + ASN1_ITEM_ref(OCSP_SINGLERESP), +#endif + ASN1_ITEM_ref(OTHERNAME), + ASN1_ITEM_ref(PBE2PARAM), + ASN1_ITEM_ref(PBEPARAM), + ASN1_ITEM_ref(PBKDF2PARAM), + ASN1_ITEM_ref(PKCS12_AUTHSAFES), + ASN1_ITEM_ref(PKCS12_BAGS), + ASN1_ITEM_ref(PKCS12_MAC_DATA), + ASN1_ITEM_ref(PKCS12_SAFEBAGS), + ASN1_ITEM_ref(PKCS12_SAFEBAG), + ASN1_ITEM_ref(PKCS12), + ASN1_ITEM_ref(PKCS7_ATTR_SIGN), + ASN1_ITEM_ref(PKCS7_ATTR_VERIFY), + ASN1_ITEM_ref(PKCS7_DIGEST), + ASN1_ITEM_ref(PKCS7_ENCRYPT), + ASN1_ITEM_ref(PKCS7_ENC_CONTENT), + ASN1_ITEM_ref(PKCS7_ENVELOPE), + ASN1_ITEM_ref(PKCS7_ISSUER_AND_SERIAL), + ASN1_ITEM_ref(PKCS7_RECIP_INFO), + ASN1_ITEM_ref(PKCS7_SIGNED), + ASN1_ITEM_ref(PKCS7_SIGNER_INFO), + ASN1_ITEM_ref(PKCS7_SIGN_ENVELOPE), + ASN1_ITEM_ref(PKCS7), + ASN1_ITEM_ref(PKCS8_PRIV_KEY_INFO), + ASN1_ITEM_ref(PKEY_USAGE_PERIOD), + ASN1_ITEM_ref(POLICYINFO), + ASN1_ITEM_ref(POLICYQUALINFO), + ASN1_ITEM_ref(POLICY_CONSTRAINTS), + ASN1_ITEM_ref(POLICY_MAPPINGS), + ASN1_ITEM_ref(POLICY_MAPPING), + ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION), + ASN1_ITEM_ref(PROXY_POLICY), +#ifndef OPENSSL_NO_RSA + ASN1_ITEM_ref(RSAPrivateKey), + ASN1_ITEM_ref(RSAPublicKey), + ASN1_ITEM_ref(RSA_OAEP_PARAMS), + ASN1_ITEM_ref(RSA_PSS_PARAMS), +#endif +#ifndef OPENSSL_NO_SCRYPT + ASN1_ITEM_ref(SCRYPT_PARAMS), +#endif + ASN1_ITEM_ref(SXNETID), + ASN1_ITEM_ref(SXNET), + ASN1_ITEM_ref(USERNOTICE), + ASN1_ITEM_ref(X509_ALGORS), + ASN1_ITEM_ref(X509_ALGOR), + ASN1_ITEM_ref(X509_ATTRIBUTE), + ASN1_ITEM_ref(X509_CERT_AUX), + ASN1_ITEM_ref(X509_CINF), + ASN1_ITEM_ref(X509_CRL_INFO), + ASN1_ITEM_ref(X509_CRL), + ASN1_ITEM_ref(X509_EXTENSIONS), + ASN1_ITEM_ref(X509_EXTENSION), + ASN1_ITEM_ref(X509_NAME_ENTRY), + ASN1_ITEM_ref(X509_NAME), + ASN1_ITEM_ref(X509_PUBKEY), + ASN1_ITEM_ref(X509_REQ_INFO), + ASN1_ITEM_ref(X509_REQ), + ASN1_ITEM_ref(X509_REVOKED), + ASN1_ITEM_ref(X509_SIG), + ASN1_ITEM_ref(X509_VAL), + ASN1_ITEM_ref(X509), +#if OPENSSL_API_COMPAT < 0x10200000L + ASN1_ITEM_ref(ZLONG), +#endif + ASN1_ITEM_ref(INT32), + ASN1_ITEM_ref(UINT32), + ASN1_ITEM_ref(ZINT32), + ASN1_ITEM_ref(ZUINT32), + ASN1_ITEM_ref(INT64), + ASN1_ITEM_ref(UINT64), + ASN1_ITEM_ref(ZINT64), + ASN1_ITEM_ref(ZUINT64), +}; diff --git a/deps/openssl/openssl/crypto/asn1/asn1_lib.c b/deps/openssl/openssl/crypto/asn1/asn1_lib.c index 8ca53b4ce4f7c8..88c4b539180267 100644 --- a/deps/openssl/openssl/crypto/asn1/asn1_lib.c +++ b/deps/openssl/openssl/crypto/asn1/asn1_lib.c @@ -23,12 +23,12 @@ static int _asn1_check_infinite_end(const unsigned char **p, long len) * If there is 0 or 1 byte left, the length check should pick things up */ if (len <= 0) - return (1); + return 1; else if ((len >= 2) && ((*p)[0] == 0) && ((*p)[1] == 0)) { (*p) += 2; - return (1); + return 1; } - return (0); + return 0; } int ASN1_check_infinite_end(unsigned char **p, long len) @@ -96,47 +96,54 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, ret |= 0x80; } *pp = p; - return (ret | inf); + return ret | inf; err: ASN1err(ASN1_F_ASN1_GET_OBJECT, ASN1_R_HEADER_TOO_LONG); - return (0x80); + return 0x80; } +/* + * Decode a length field. + * The short form is a single byte defining a length 0 - 127. + * The long form is a byte 0 - 127 with the top bit set and this indicates + * the number of following octets that contain the length. These octets + * are stored most significant digit first. + */ static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, long max) { const unsigned char *p = *pp; unsigned long ret = 0; - unsigned long i; + int i; if (max-- < 1) return 0; if (*p == 0x80) { *inf = 1; - ret = 0; p++; } else { *inf = 0; i = *p & 0x7f; - if (*(p++) & 0x80) { - if (max < (long)i + 1) + if (*p++ & 0x80) { + if (max < i + 1) return 0; /* Skip leading zeroes */ - while (i && *p == 0) { + while (i > 0 && *p == 0) { p++; i--; } - if (i > sizeof(long)) + if (i > (int)sizeof(long)) return 0; - while (i-- > 0) { - ret <<= 8L; - ret |= *(p++); + while (i > 0) { + ret <<= 8; + ret |= *p++; + i--; } + if (ret > LONG_MAX) + return 0; } else ret = i; } - if (ret > LONG_MAX) - return 0; *pp = p; *rl = (long)ret; return 1; @@ -268,7 +275,7 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len) if (len < 0) { if (data == NULL) - return (0); + return 0; else len = strlen(data); } @@ -278,7 +285,7 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len) if (str->data == NULL) { ASN1err(ASN1_F_ASN1_STRING_SET, ERR_R_MALLOC_FAILURE); str->data = c; - return (0); + return 0; } } str->length = len; @@ -287,7 +294,7 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len) /* an allowance for strings :-) */ str->data[len] = '\0'; } - return (1); + return 1; } void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len) @@ -299,7 +306,7 @@ void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len) ASN1_STRING *ASN1_STRING_new(void) { - return (ASN1_STRING_type_new(V_ASN1_OCTET_STRING)); + return ASN1_STRING_type_new(V_ASN1_OCTET_STRING); } ASN1_STRING *ASN1_STRING_type_new(int type) @@ -309,10 +316,10 @@ ASN1_STRING *ASN1_STRING_type_new(int type) ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { ASN1err(ASN1_F_ASN1_STRING_TYPE_NEW, ERR_R_MALLOC_FAILURE); - return (NULL); + return NULL; } ret->type = type; - return (ret); + return ret; } void asn1_string_embed_free(ASN1_STRING *a, int embed) @@ -349,11 +356,11 @@ int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b) if (i == 0) { i = memcmp(a->data, b->data, a->length); if (i == 0) - return (a->type - b->type); + return a->type - b->type; else - return (i); + return i; } else - return (i); + return i; } int ASN1_STRING_length(const ASN1_STRING *x) diff --git a/deps/openssl/openssl/crypto/asn1/asn1_locl.h b/deps/openssl/openssl/crypto/asn1/asn1_locl.h index 9a47b1ef368680..cec141721b3485 100644 --- a/deps/openssl/openssl/crypto/asn1/asn1_locl.h +++ b/deps/openssl/openssl/crypto/asn1/asn1_locl.h @@ -9,6 +9,7 @@ /* Internal ASN1 structures and functions: not for application use */ +int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d); int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d); int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d); @@ -42,9 +43,6 @@ DEFINE_STACK_OF(MIME_PARAM) typedef struct mime_header_st MIME_HEADER; DEFINE_STACK_OF(MIME_HEADER) -/* Month values for printing out times */ -extern const char *_asn1_mon[12]; - void asn1_string_embed_free(ASN1_STRING *a, int embed); int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it); @@ -81,3 +79,5 @@ ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, /* Internal functions used by x_int64.c */ int c2i_uint64_int(uint64_t *ret, int *neg, const unsigned char **pp, long len); int i2c_uint64_int(unsigned char *p, uint64_t r, int neg); + +ASN1_TIME *asn1_time_from_tm(ASN1_TIME *s, struct tm *ts, int type); diff --git a/deps/openssl/openssl/crypto/asn1/asn1_par.c b/deps/openssl/openssl/crypto/asn1/asn1_par.c index fabc8d6fef8a02..4b60c615de7645 100644 --- a/deps/openssl/openssl/crypto/asn1/asn1_par.c +++ b/deps/openssl/openssl/crypto/asn1/asn1_par.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -50,20 +50,20 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed, if (BIO_printf(bp, fmt, p) <= 0) goto err; - return (1); + return 1; err: - return (0); + return 0; } int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent) { - return (asn1_parse2(bp, &pp, len, 0, 0, indent, 0)); + return asn1_parse2(bp, &pp, len, 0, 0, indent, 0); } int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, int dump) { - return (asn1_parse2(bp, &pp, len, 0, 0, indent, dump)); + return asn1_parse2(bp, &pp, len, 0, 0, indent, dump); } static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, @@ -342,7 +342,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, ASN1_OBJECT_free(o); ASN1_OCTET_STRING_free(os); *pp = p; - return (ret); + return ret; } const char *ASN1_tag2str(int tag) diff --git a/deps/openssl/openssl/crypto/asn1/asn_mime.c b/deps/openssl/openssl/crypto/asn1/asn_mime.c index da0085f680cd0c..dfd5be6347543b 100644 --- a/deps/openssl/openssl/crypto/asn1/asn_mime.c +++ b/deps/openssl/openssl/crypto/asn1/asn_mime.c @@ -8,7 +8,7 @@ */ #include -#include +#include "internal/ctype.h" #include "internal/cryptlib.h" #include #include @@ -635,7 +635,7 @@ static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio) return NULL; while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { /* If whitespace at line start then continuation line */ - if (mhdr && isspace((unsigned char)linebuf[0])) + if (mhdr && ossl_isspace(linebuf[0])) state = MIME_NAME; else state = MIME_START; @@ -759,7 +759,7 @@ static char *strip_start(char *name) /* Else null string */ return NULL; } - if (!isspace((unsigned char)c)) + if (!ossl_isspace(c)) return p; } return NULL; @@ -780,7 +780,7 @@ static char *strip_end(char *name) *p = 0; return name; } - if (isspace((unsigned char)c)) + if (ossl_isspace(c)) *p = 0; else return name; @@ -792,29 +792,18 @@ static MIME_HEADER *mime_hdr_new(const char *name, const char *value) { MIME_HEADER *mhdr = NULL; char *tmpname = NULL, *tmpval = NULL, *p; - int c; if (name) { if ((tmpname = OPENSSL_strdup(name)) == NULL) return NULL; - for (p = tmpname; *p; p++) { - c = (unsigned char)*p; - if (isupper(c)) { - c = tolower(c); - *p = c; - } - } + for (p = tmpname; *p; p++) + *p = ossl_tolower(*p); } if (value) { if ((tmpval = OPENSSL_strdup(value)) == NULL) goto err; - for (p = tmpval; *p; p++) { - c = (unsigned char)*p; - if (isupper(c)) { - c = tolower(c); - *p = c; - } - } + for (p = tmpval; *p; p++) + *p = ossl_tolower(*p); } mhdr = OPENSSL_malloc(sizeof(*mhdr)); if (mhdr == NULL) @@ -835,19 +824,14 @@ static MIME_HEADER *mime_hdr_new(const char *name, const char *value) static int mime_hdr_addparam(MIME_HEADER *mhdr, const char *name, const char *value) { char *tmpname = NULL, *tmpval = NULL, *p; - int c; MIME_PARAM *mparam = NULL; + if (name) { tmpname = OPENSSL_strdup(name); if (!tmpname) goto err; - for (p = tmpname; *p; p++) { - c = (unsigned char)*p; - if (isupper(c)) { - c = tolower(c); - *p = c; - } - } + for (p = tmpname; *p; p++) + *p = ossl_tolower(*p); } if (value) { tmpval = OPENSSL_strdup(value); @@ -876,7 +860,7 @@ static int mime_hdr_cmp(const MIME_HEADER *const *a, if (!(*a)->name || !(*b)->name) return ! !(*a)->name - ! !(*b)->name; - return (strcmp((*a)->name, (*b)->name)); + return strcmp((*a)->name, (*b)->name); } static int mime_param_cmp(const MIME_PARAM *const *a, @@ -884,7 +868,7 @@ static int mime_param_cmp(const MIME_PARAM *const *a, { if (!(*a)->param_name || !(*b)->param_name) return ! !(*a)->param_name - ! !(*b)->param_name; - return (strcmp((*a)->param_name, (*b)->param_name)); + return strcmp((*a)->param_name, (*b)->param_name); } /* Find a header with a given name (if possible) */ @@ -899,8 +883,6 @@ static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, const char *name) htmp.params = NULL; idx = sk_MIME_HEADER_find(hdrs, &htmp); - if (idx < 0) - return NULL; return sk_MIME_HEADER_value(hdrs, idx); } @@ -912,8 +894,6 @@ static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, const char *name) param.param_name = (char *)name; param.param_value = NULL; idx = sk_MIME_PARAM_find(hdr->params, ¶m); - if (idx < 0) - return NULL; return sk_MIME_PARAM_value(hdr->params, idx); } @@ -966,7 +946,7 @@ static int strip_eol(char *linebuf, int *plen, int flags) int len = *plen; char *p, c; int is_eol = 0; - p = linebuf + len - 1; + for (p = linebuf + len - 1; len > 0; len--, p--) { c = *p; if (c == '\n') { diff --git a/deps/openssl/openssl/crypto/asn1/asn_moid.c b/deps/openssl/openssl/crypto/asn1/asn_moid.c index 8176b7600832a8..68a01f31179efe 100644 --- a/deps/openssl/openssl/crypto/asn1/asn_moid.c +++ b/deps/openssl/openssl/crypto/asn1/asn_moid.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,7 +8,7 @@ */ #include -#include +#include "internal/ctype.h" #include #include "internal/cryptlib.h" #include @@ -60,46 +60,41 @@ void ASN1_add_oid_module(void) static int do_create(const char *value, const char *name) { int nid; - ASN1_OBJECT *oid; const char *ln, *ostr, *p; - char *lntmp; + char *lntmp = NULL; + p = strrchr(value, ','); - if (!p) { + if (p == NULL) { ln = name; ostr = value; } else { - ln = NULL; + ln = value; ostr = p + 1; - if (!*ostr) + if (*ostr == '\0') return 0; - while (isspace((unsigned char)*ostr)) + while (ossl_isspace(*ostr)) ostr++; - } - - nid = OBJ_create(ostr, name, ln); - - if (nid == NID_undef) - return 0; - - if (p) { - ln = value; - while (isspace((unsigned char)*ln)) + while (ossl_isspace(*ln)) ln++; p--; - while (isspace((unsigned char)*p)) { + while (ossl_isspace(*p)) { if (p == ln) return 0; p--; } p++; - lntmp = OPENSSL_malloc((p - ln) + 1); - if (lntmp == NULL) + if ((lntmp = OPENSSL_malloc((p - ln) + 1)) == NULL) { + ASN1err(ASN1_F_DO_CREATE, ERR_R_MALLOC_FAILURE); return 0; + } memcpy(lntmp, ln, p - ln); - lntmp[p - ln] = 0; - oid = OBJ_nid2obj(nid); - oid->ln = lntmp; + lntmp[p - ln] = '\0'; + ln = lntmp; } - return 1; + nid = OBJ_create(ostr, name, ln); + + OPENSSL_free(lntmp); + + return nid != NID_undef; } diff --git a/deps/openssl/openssl/crypto/asn1/asn_mstbl.c b/deps/openssl/openssl/crypto/asn1/asn_mstbl.c index 8260939002a70c..ddcbcd07fe6ef7 100644 --- a/deps/openssl/openssl/crypto/asn1/asn_mstbl.c +++ b/deps/openssl/openssl/crypto/asn1/asn_mstbl.c @@ -1,5 +1,5 @@ /* - * Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2012-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,7 +8,6 @@ */ #include -#include #include #include "internal/cryptlib.h" #include diff --git a/deps/openssl/openssl/crypto/asn1/bio_asn1.c b/deps/openssl/openssl/crypto/asn1/bio_asn1.c index 2a8a41f50a0b13..86ee566323052d 100644 --- a/deps/openssl/openssl/crypto/asn1/bio_asn1.c +++ b/deps/openssl/openssl/crypto/asn1/bio_asn1.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,8 +14,9 @@ */ #include -#include +#include "internal/bio.h" #include +#include "internal/cryptlib.h" /* Must be large enough for biggest tag+length */ #define DEFAULT_ASN1_BUF_SIZE 20 @@ -78,7 +79,11 @@ static int asn1_bio_setup_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx, static const BIO_METHOD methods_asn1 = { BIO_TYPE_ASN1, "asn1", + /* TODO: Convert to new style write function */ + bwrite_conv, asn1_bio_write, + /* TODO: Convert to new style read function */ + bread_conv, asn1_bio_read, asn1_bio_puts, asn1_bio_gets, @@ -90,7 +95,7 @@ static const BIO_METHOD methods_asn1 = { const BIO_METHOD *BIO_f_asn1(void) { - return (&methods_asn1); + return &methods_asn1; } static int asn1_bio_new(BIO *b) @@ -111,9 +116,10 @@ static int asn1_bio_new(BIO *b) static int asn1_bio_init(BIO_ASN1_BUF_CTX *ctx, int size) { - ctx->buf = OPENSSL_malloc(size); - if (ctx->buf == NULL) + if ((ctx->buf = OPENSSL_malloc(size)) == NULL) { + ASN1err(ASN1_F_ASN1_BIO_INIT, ERR_R_MALLOC_FAILURE); return 0; + } ctx->bufsize = size; ctx->asn1_class = V_ASN1_UNIVERSAL; ctx->asn1_tag = V_ASN1_OCTET_STRING; @@ -157,7 +163,6 @@ static int asn1_bio_write(BIO *b, const char *in, int inl) for (;;) { switch (ctx->state) { - /* Setup prefix data, call it */ case ASN1_STATE_START: if (!asn1_bio_setup_ex(b, ctx, ctx->prefix, @@ -178,7 +183,8 @@ static int asn1_bio_write(BIO *b, const char *in, int inl) case ASN1_STATE_HEADER: ctx->buflen = ASN1_object_size(0, inl, ctx->asn1_tag) - inl; - OPENSSL_assert(ctx->buflen <= ctx->bufsize); + if (!ossl_assert(ctx->buflen <= ctx->bufsize)) + return 0; p = ctx->buf; ASN1_put_object(&p, 0, inl, ctx->asn1_tag, ctx->asn1_class); ctx->copylen = inl; @@ -223,7 +229,8 @@ static int asn1_bio_write(BIO *b, const char *in, int inl) break; - default: + case ASN1_STATE_POST_COPY: + case ASN1_STATE_DONE: BIO_clear_retry_flags(b); return 0; diff --git a/deps/openssl/openssl/crypto/asn1/bio_ndef.c b/deps/openssl/openssl/crypto/asn1/bio_ndef.c index 0f206b24977e1e..6222c99074de8d 100644 --- a/deps/openssl/openssl/crypto/asn1/bio_ndef.c +++ b/deps/openssl/openssl/crypto/asn1/bio_ndef.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -113,9 +113,10 @@ static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg) ndef_aux = *(NDEF_SUPPORT **)parg; derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it); - p = OPENSSL_malloc(derlen); - if (p == NULL) + if ((p = OPENSSL_malloc(derlen)) == NULL) { + ASN1err(ASN1_F_NDEF_PREFIX, ERR_R_MALLOC_FAILURE); return 0; + } ndef_aux->derbuf = p; *pbuf = p; @@ -182,9 +183,10 @@ static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg) return 0; derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it); - p = OPENSSL_malloc(derlen); - if (p == NULL) + if ((p = OPENSSL_malloc(derlen)) == NULL) { + ASN1err(ASN1_F_NDEF_SUFFIX, ERR_R_MALLOC_FAILURE); return 0; + } ndef_aux->derbuf = p; *pbuf = p; diff --git a/deps/openssl/openssl/crypto/asn1/build.info b/deps/openssl/openssl/crypto/asn1/build.info index c1afb71ad0666a..d3e92c81acfe3b 100644 --- a/deps/openssl/openssl/crypto/asn1/build.info +++ b/deps/openssl/openssl/crypto/asn1/build.info @@ -13,4 +13,4 @@ SOURCE[../../libcrypto]=\ x_pkey.c bio_asn1.c bio_ndef.c asn_mime.c \ asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_strnid.c \ evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p5_scrypt.c p8_pkey.c \ - asn_moid.c asn_mstbl.c + asn_moid.c asn_mstbl.c asn1_item_list.c diff --git a/deps/openssl/openssl/crypto/asn1/charmap.h b/deps/openssl/openssl/crypto/asn1/charmap.h index 2a75925c3373e8..bfccac2cb4e317 100644 --- a/deps/openssl/openssl/crypto/asn1/charmap.h +++ b/deps/openssl/openssl/crypto/asn1/charmap.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/asn1/charmap.pl * - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/crypto/asn1/charmap.pl b/deps/openssl/openssl/crypto/asn1/charmap.pl index 26ca32522351e7..fbab1f3b0ad7ec 100644 --- a/deps/openssl/openssl/crypto/asn1/charmap.pl +++ b/deps/openssl/openssl/crypto/asn1/charmap.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -82,12 +82,14 @@ # Now generate the C code +# Output year depends on the year of the script. +my $YEAR = [localtime([stat($0)]->[9])]->[5] + 1900; print <type != V_ASN1_OCTET_STRING) || (a->value.octet_string == NULL)) { ASN1err(ASN1_F_ASN1_TYPE_GET_OCTETSTRING, ASN1_R_DATA_IS_WRONG); - return (-1); + return -1; } p = ASN1_STRING_get0_data(a->value.octet_string); ret = ASN1_STRING_length(a->value.octet_string); @@ -43,16 +43,16 @@ int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_l else num = max_len; memcpy(data, p, num); - return (ret); + return ret; } typedef struct { - long num; + int32_t num; ASN1_OCTET_STRING *oct; } asn1_int_oct; ASN1_SEQUENCE(asn1_int_oct) = { - ASN1_SIMPLE(asn1_int_oct, num, LONG), + ASN1_EMBED(asn1_int_oct, num, INT32), ASN1_SIMPLE(asn1_int_oct, oct, ASN1_OCTET_STRING) } static_ASN1_SEQUENCE_END(asn1_int_oct) diff --git a/deps/openssl/openssl/crypto/asn1/f_int.c b/deps/openssl/openssl/crypto/asn1/f_int.c index ec556c92dcb1e9..6d6bddc651cc73 100644 --- a/deps/openssl/openssl/crypto/asn1/f_int.c +++ b/deps/openssl/openssl/crypto/asn1/f_int.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,7 +8,7 @@ */ #include -#include +#include "internal/ctype.h" #include "internal/cryptlib.h" #include #include @@ -20,7 +20,7 @@ int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a) char buf[2]; if (a == NULL) - return (0); + return 0; if (a->type & V_ASN1_NEG) { if (BIO_write(bp, "-", 1) != 1) @@ -46,9 +46,9 @@ int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a) n += 2; } } - return (n); + return n; err: - return (-1); + return -1; } int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size) @@ -76,18 +76,7 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size) again = (buf[i - 1] == '\\'); for (j = 0; j < i; j++) { -#ifndef CHARSET_EBCDIC - if (!(((buf[j] >= '0') && (buf[j] <= '9')) || - ((buf[j] >= 'a') && (buf[j] <= 'f')) || - ((buf[j] >= 'A') && (buf[j] <= 'F')))) -#else - /* - * This #ifdef is not strictly necessary, since the characters - * A...F a...f 0...9 are contiguous (yes, even in EBCDIC - but - * not the whole alphabet). Nevertheless, isxdigit() is faster. - */ - if (!isxdigit(buf[j])) -#endif + if (!ossl_isxdigit(buf[j])) { i = j; break; diff --git a/deps/openssl/openssl/crypto/asn1/f_string.c b/deps/openssl/openssl/crypto/asn1/f_string.c index b9258bba8b62fc..f893489a67198c 100644 --- a/deps/openssl/openssl/crypto/asn1/f_string.c +++ b/deps/openssl/openssl/crypto/asn1/f_string.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,7 +8,7 @@ */ #include -#include +#include "internal/ctype.h" #include "internal/cryptlib.h" #include #include @@ -20,7 +20,7 @@ int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type) char buf[2]; if (a == NULL) - return (0); + return 0; if (a->length == 0) { if (BIO_write(bp, "0", 1) != 1) @@ -40,14 +40,14 @@ int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type) n += 2; } } - return (n); + return n; err: - return (-1); + return -1; } int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size) { - int i, j, k, m, n, again, bufsize, spec_char; + int i, j, k, m, n, again, bufsize; unsigned char *s = NULL, *sp; unsigned char *bufp; int num = 0, slen = 0, first = 1; @@ -74,19 +74,7 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size) again = (buf[i - 1] == '\\'); for (j = i - 1; j > 0; j--) { -#ifndef CHARSET_EBCDIC - spec_char = (!(((buf[j] >= '0') && (buf[j] <= '9')) || - ((buf[j] >= 'a') && (buf[j] <= 'f')) || - ((buf[j] >= 'A') && (buf[j] <= 'F')))); -#else - /* - * This #ifdef is not strictly necessary, since the characters - * A...F a...f 0...9 are contiguous (yes, even in EBCDIC - but - * not the whole alphabet). Nevertheless, isxdigit() is faster. - */ - spec_char = (!isxdigit(buf[j])); -#endif - if (spec_char) { + if (!ossl_isxdigit(buf[j])) { i = j; break; } diff --git a/deps/openssl/openssl/crypto/asn1/n_pkey.c b/deps/openssl/openssl/crypto/asn1/n_pkey.c index 267ce60110d58c..d1fb8a146d6208 100644 --- a/deps/openssl/openssl/crypto/asn1/n_pkey.c +++ b/deps/openssl/openssl/crypto/asn1/n_pkey.c @@ -23,7 +23,7 @@ NON_EMPTY_TRANSLATION_UNIT # ifndef OPENSSL_NO_RC4 typedef struct netscape_pkey_st { - long version; + int32_t version; X509_ALGOR *algor; ASN1_OCTET_STRING *private_key; } NETSCAPE_PKEY; @@ -48,7 +48,7 @@ DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY,NETSCAPE_ENCRYPTED_P IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY) ASN1_SEQUENCE(NETSCAPE_PKEY) = { - ASN1_SIMPLE(NETSCAPE_PKEY, version, LONG), + ASN1_EMBED(NETSCAPE_PKEY, version, INT32), ASN1_SIMPLE(NETSCAPE_PKEY, algor, X509_ALGOR), ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING) } static_ASN1_SEQUENCE_END(NETSCAPE_PKEY) diff --git a/deps/openssl/openssl/crypto/asn1/p5_pbev2.c b/deps/openssl/openssl/crypto/asn1/p5_pbev2.c index 14e8700b7a685a..f91ba08f1ea4cb 100644 --- a/deps/openssl/openssl/crypto/asn1/p5_pbev2.c +++ b/deps/openssl/openssl/crypto/asn1/p5_pbev2.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -78,7 +78,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, /* Dummy cipherinit to just setup the IV, and PRF */ if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, iv, 0)) goto err; - if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) < 0) { + if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) <= 0) { ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ASN1_R_ERROR_SETTING_CIPHER_PARAMS); goto err; } diff --git a/deps/openssl/openssl/crypto/asn1/p5_scrypt.c b/deps/openssl/openssl/crypto/asn1/p5_scrypt.c index 10a73602335147..1491d96ec8d389 100644 --- a/deps/openssl/openssl/crypto/asn1/p5_scrypt.c +++ b/deps/openssl/openssl/crypto/asn1/p5_scrypt.c @@ -18,24 +18,15 @@ #ifndef OPENSSL_NO_SCRYPT /* PKCS#5 scrypt password based encryption structures */ -typedef struct { - ASN1_OCTET_STRING *salt; - ASN1_INTEGER *costParameter; - ASN1_INTEGER *blockSize; - ASN1_INTEGER *parallelizationParameter; - ASN1_INTEGER *keyLength; -} SCRYPT_PARAMS; - ASN1_SEQUENCE(SCRYPT_PARAMS) = { ASN1_SIMPLE(SCRYPT_PARAMS, salt, ASN1_OCTET_STRING), ASN1_SIMPLE(SCRYPT_PARAMS, costParameter, ASN1_INTEGER), ASN1_SIMPLE(SCRYPT_PARAMS, blockSize, ASN1_INTEGER), ASN1_SIMPLE(SCRYPT_PARAMS, parallelizationParameter, ASN1_INTEGER), ASN1_OPT(SCRYPT_PARAMS, keyLength, ASN1_INTEGER), -} static_ASN1_SEQUENCE_END(SCRYPT_PARAMS) +} ASN1_SEQUENCE_END(SCRYPT_PARAMS) -DECLARE_ASN1_ALLOC_FUNCTIONS(SCRYPT_PARAMS) -IMPLEMENT_ASN1_ALLOC_FUNCTIONS(SCRYPT_PARAMS) +IMPLEMENT_ASN1_FUNCTIONS(SCRYPT_PARAMS) static X509_ALGOR *pkcs5_scrypt_set(const unsigned char *salt, size_t saltlen, size_t keylen, uint64_t N, uint64_t r, @@ -102,7 +93,7 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher, /* Dummy cipherinit to just setup the IV */ if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, iv, 0) == 0) goto err; - if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) < 0) { + if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) <= 0) { ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT, ASN1_R_ERROR_SETTING_CIPHER_PARAMS); goto err; diff --git a/deps/openssl/openssl/crypto/asn1/standard_methods.h b/deps/openssl/openssl/crypto/asn1/standard_methods.h new file mode 100644 index 00000000000000..a3552c231fd2ea --- /dev/null +++ b/deps/openssl/openssl/crypto/asn1/standard_methods.h @@ -0,0 +1,60 @@ +/* + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * This table MUST be kept in ascending order of the NID each method + * represents (corresponding to the pkey_id field) as OBJ_bsearch + * is used to search it. + */ +static const EVP_PKEY_ASN1_METHOD *standard_methods[] = { +#ifndef OPENSSL_NO_RSA + &rsa_asn1_meths[0], + &rsa_asn1_meths[1], +#endif +#ifndef OPENSSL_NO_DH + &dh_asn1_meth, +#endif +#ifndef OPENSSL_NO_DSA + &dsa_asn1_meths[0], + &dsa_asn1_meths[1], + &dsa_asn1_meths[2], + &dsa_asn1_meths[3], + &dsa_asn1_meths[4], +#endif +#ifndef OPENSSL_NO_EC + &eckey_asn1_meth, +#endif + &hmac_asn1_meth, +#ifndef OPENSSL_NO_CMAC + &cmac_asn1_meth, +#endif +#ifndef OPENSSL_NO_RSA + &rsa_pss_asn1_meth, +#endif +#ifndef OPENSSL_NO_DH + &dhx_asn1_meth, +#endif +#ifndef OPENSSL_NO_EC + &ecx25519_asn1_meth, + &ecx448_asn1_meth, +#endif +#ifndef OPENSSL_NO_POLY1305 + &poly1305_asn1_meth, +#endif +#ifndef OPENSSL_NO_SIPHASH + &siphash_asn1_meth, +#endif +#ifndef OPENSSL_NO_EC + &ed25519_asn1_meth, + &ed448_asn1_meth, +#endif +#ifndef OPENSSL_NO_SM2 + &sm2_asn1_meth, +#endif +}; diff --git a/deps/openssl/openssl/crypto/asn1/tasn_dec.c b/deps/openssl/openssl/crypto/asn1/tasn_dec.c index af8641e35bd55b..c2a521ed51800b 100644 --- a/deps/openssl/openssl/crypto/asn1/tasn_dec.c +++ b/deps/openssl/openssl/crypto/asn1/tasn_dec.c @@ -17,6 +17,7 @@ #include "internal/numbers.h" #include "asn1_locl.h" + /* * Constructed types with a recursive definition (such as can be found in PKCS7) * could eventually exceed the stack given malicious input with excessive @@ -554,7 +555,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, } else if (ret == -1) return -1; if (!*val) - *val = (ASN1_VALUE *)OPENSSL_sk_new_null(); + *val = (ASN1_VALUE *)sk_ASN1_VALUE_new_null(); else { /* * We've got a valid STACK: free up any items present diff --git a/deps/openssl/openssl/crypto/asn1/tasn_enc.c b/deps/openssl/openssl/crypto/asn1/tasn_enc.c index 3b723a1845db5b..30be314ff982a6 100644 --- a/deps/openssl/openssl/crypto/asn1/tasn_enc.c +++ b/deps/openssl/openssl/crypto/asn1/tasn_enc.c @@ -57,12 +57,14 @@ static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out, if (out && !*out) { unsigned char *p, *buf; int len; + len = ASN1_item_ex_i2d(&val, NULL, it, -1, flags); if (len <= 0) return len; - buf = OPENSSL_malloc(len); - if (buf == NULL) + if ((buf = OPENSSL_malloc(len)) == NULL) { + ASN1err(ASN1_F_ASN1_ITEM_FLAGS_I2D, ERR_R_MALLOC_FAILURE); return -1; + } p = buf; ASN1_item_ex_i2d(&val, &p, it, -1, flags); *out = buf; diff --git a/deps/openssl/openssl/crypto/asn1/tasn_new.c b/deps/openssl/openssl/crypto/asn1/tasn_new.c index 11c804026adc0b..6b8ea8ddd74dbe 100644 --- a/deps/openssl/openssl/crypto/asn1/tasn_new.c +++ b/deps/openssl/openssl/crypto/asn1/tasn_new.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -299,9 +299,10 @@ static int asn1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it, return 1; case V_ASN1_ANY: - typ = OPENSSL_malloc(sizeof(*typ)); - if (typ == NULL) + if ((typ = OPENSSL_malloc(sizeof(*typ))) == NULL) { + ASN1err(ASN1_F_ASN1_PRIMITIVE_NEW, ERR_R_MALLOC_FAILURE); return 0; + } typ->value.ptr = NULL; typ->type = -1; *pval = (ASN1_VALUE *)typ; diff --git a/deps/openssl/openssl/crypto/asn1/tasn_prn.c b/deps/openssl/openssl/crypto/asn1/tasn_prn.c index 53a9ee8ee93b1e..1fb66f1062ba64 100644 --- a/deps/openssl/openssl/crypto/asn1/tasn_prn.c +++ b/deps/openssl/openssl/crypto/asn1/tasn_prn.c @@ -315,7 +315,8 @@ static int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, pctx)) return 0; } - if (!i && BIO_printf(out, "%*s\n", indent + 2, "") <= 0) + if (i == 0 && BIO_printf(out, "%*s<%s>\n", indent + 2, "", + stack == NULL ? "ABSENT" : "EMPTY") <= 0) return 0; if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE) { if (BIO_printf(out, "%*s}\n", indent, "") <= 0) diff --git a/deps/openssl/openssl/crypto/asn1/tasn_utl.c b/deps/openssl/openssl/crypto/asn1/tasn_utl.c index 832603b1dbcd50..7ceecffce75822 100644 --- a/deps/openssl/openssl/crypto/asn1/tasn_utl.c +++ b/deps/openssl/openssl/crypto/asn1/tasn_utl.c @@ -9,7 +9,8 @@ #include #include -#include +#include "internal/cryptlib.h" +#include "internal/refcount.h" #include #include #include @@ -57,8 +58,10 @@ int asn1_set_choice_selector(ASN1_VALUE **pval, int value, int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it) { const ASN1_AUX *aux; - int *lck, ret; + CRYPTO_REF_COUNT *lck; CRYPTO_RWLOCK **lock; + int ret = -1; + if ((it->itype != ASN1_ITYPE_SEQUENCE) && (it->itype != ASN1_ITYPE_NDEF_SEQUENCE)) return 0; @@ -67,25 +70,34 @@ int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it) return 0; lck = offset2ptr(*pval, aux->ref_offset); lock = offset2ptr(*pval, aux->ref_lock); - if (op == 0) { - *lck = 1; + + switch (op) { + case 0: + *lck = ret = 1; *lock = CRYPTO_THREAD_lock_new(); if (*lock == NULL) { ASN1err(ASN1_F_ASN1_DO_LOCK, ERR_R_MALLOC_FAILURE); return -1; } - return 1; - } - if (!CRYPTO_atomic_add(lck, op, &ret, *lock)) - return -1; /* failed */ + break; + case 1: + if (!CRYPTO_UP_REF(lck, &ret, *lock)) + return -1; + break; + case -1: + if (!CRYPTO_DOWN_REF(lck, &ret, *lock)) + return -1; /* failed */ #ifdef REF_PRINT - fprintf(stderr, "%p:%4d:%s\n", it, *lck, it->sname); + fprintf(stderr, "%p:%4d:%s\n", it, ret, it->sname); #endif - REF_ASSERT_ISNT(ret < 0); - if (ret == 0) { - CRYPTO_THREAD_lock_free(*lock); - *lock = NULL; + REF_ASSERT_ISNT(ret < 0); + if (ret == 0) { + CRYPTO_THREAD_lock_free(*lock); + *lock = NULL; + } + break; } + return ret; } @@ -132,9 +144,10 @@ int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, return 1; OPENSSL_free(enc->enc); - enc->enc = OPENSSL_malloc(inlen); - if (enc->enc == NULL) + if ((enc->enc = OPENSSL_malloc(inlen)) == NULL) { + ASN1err(ASN1_F_ASN1_ENC_SAVE, ERR_R_MALLOC_FAILURE); return 0; + } memcpy(enc->enc, in, inlen); enc->len = inlen; enc->modified = 0; diff --git a/deps/openssl/openssl/crypto/asn1/tbl_standard.h b/deps/openssl/openssl/crypto/asn1/tbl_standard.h new file mode 100644 index 00000000000000..9ea331cc131bb6 --- /dev/null +++ b/deps/openssl/openssl/crypto/asn1/tbl_standard.h @@ -0,0 +1,60 @@ +/* + * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* size limits: this stuff is taken straight from RFC3280 */ + +#define ub_name 32768 +#define ub_common_name 64 +#define ub_locality_name 128 +#define ub_state_name 128 +#define ub_organization_name 64 +#define ub_organization_unit_name 64 +#define ub_title 64 +#define ub_email_address 128 +#define ub_serial_number 64 + +/* From RFC4524 */ + +#define ub_rfc822_mailbox 256 + +/* This table must be kept in NID order */ + +static const ASN1_STRING_TABLE tbl_standard[] = { + {NID_commonName, 1, ub_common_name, DIRSTRING_TYPE, 0}, + {NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, + {NID_localityName, 1, ub_locality_name, DIRSTRING_TYPE, 0}, + {NID_stateOrProvinceName, 1, ub_state_name, DIRSTRING_TYPE, 0}, + {NID_organizationName, 1, ub_organization_name, DIRSTRING_TYPE, 0}, + {NID_organizationalUnitName, 1, ub_organization_unit_name, DIRSTRING_TYPE, + 0}, + {NID_pkcs9_emailAddress, 1, ub_email_address, B_ASN1_IA5STRING, + STABLE_NO_MASK}, + {NID_pkcs9_unstructuredName, 1, -1, PKCS9STRING_TYPE, 0}, + {NID_pkcs9_challengePassword, 1, -1, PKCS9STRING_TYPE, 0}, + {NID_pkcs9_unstructuredAddress, 1, -1, DIRSTRING_TYPE, 0}, + {NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0}, + {NID_surname, 1, ub_name, DIRSTRING_TYPE, 0}, + {NID_initials, 1, ub_name, DIRSTRING_TYPE, 0}, + {NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING, + STABLE_NO_MASK}, + {NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}, + {NID_name, 1, ub_name, DIRSTRING_TYPE, 0}, + {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, + {NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK}, + {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}, + {NID_rfc822Mailbox, 1, ub_rfc822_mailbox, B_ASN1_IA5STRING, + STABLE_NO_MASK}, + {NID_jurisdictionCountryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, + {NID_INN, 1, 12, B_ASN1_NUMERICSTRING, STABLE_NO_MASK}, + {NID_OGRN, 1, 13, B_ASN1_NUMERICSTRING, STABLE_NO_MASK}, + {NID_SNILS, 1, 11, B_ASN1_NUMERICSTRING, STABLE_NO_MASK}, + {NID_countryCode3c, 3, 3, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, + {NID_countryCode3n, 3, 3, B_ASN1_NUMERICSTRING, STABLE_NO_MASK}, + {NID_dnsName, 0, -1, B_ASN1_UTF8STRING, STABLE_NO_MASK} +}; diff --git a/deps/openssl/openssl/crypto/asn1/x_algor.c b/deps/openssl/openssl/crypto/asn1/x_algor.c index 72378db922a3a8..853d45b8bc8aac 100644 --- a/deps/openssl/openssl/crypto/asn1/x_algor.c +++ b/deps/openssl/openssl/crypto/asn1/x_algor.c @@ -28,18 +28,19 @@ IMPLEMENT_ASN1_DUP_FUNCTION(X509_ALGOR) int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval) { - if (!alg) + if (alg == NULL) return 0; + if (ptype != V_ASN1_UNDEF) { if (alg->parameter == NULL) alg->parameter = ASN1_TYPE_new(); if (alg->parameter == NULL) return 0; } - if (alg) { - ASN1_OBJECT_free(alg->algorithm); - alg->algorithm = aobj; - } + + ASN1_OBJECT_free(alg->algorithm); + alg->algorithm = aobj; + if (ptype == 0) return 1; if (ptype == V_ASN1_UNDEF) { diff --git a/deps/openssl/openssl/crypto/asn1/x_int64.c b/deps/openssl/openssl/crypto/asn1/x_int64.c index 4433167a442c0b..0ee552cf0a4885 100644 --- a/deps/openssl/openssl/crypto/asn1/x_int64.c +++ b/deps/openssl/openssl/crypto/asn1/x_int64.c @@ -1,5 +1,5 @@ /* - * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,8 +9,8 @@ #include #include "internal/cryptlib.h" -#include "internal/asn1t.h" #include "internal/numbers.h" +#include #include #include "asn1_locl.h" @@ -28,9 +28,10 @@ static int uint64_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { - *pval = (ASN1_VALUE *)OPENSSL_zalloc(sizeof(uint64_t)); - if (*pval == NULL) + if ((*pval = (ASN1_VALUE *)OPENSSL_zalloc(sizeof(uint64_t))) == NULL) { + ASN1err(ASN1_F_UINT64_NEW, ERR_R_MALLOC_FAILURE); return 0; + } return 1; } @@ -80,6 +81,16 @@ static int uint64_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, return 0; cp = (char *)*pval; + + /* + * Strictly speaking, zero length is malformed. However, long_c2i + * (x_long.c) encodes 0 as a zero length INTEGER (wrongly, of course), + * so for the sake of backward compatibility, we still decode zero + * length INTEGERs as the number zero. + */ + if (len == 0) + goto long_compat; + if (!c2i_uint64_int(&utmp, &neg, &cont, len)) return 0; if ((it->size & INTxx_FLAG_SIGNED) == 0 && neg) { @@ -94,6 +105,8 @@ static int uint64_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, if (neg) /* c2i_uint64_int() returns positive values */ utmp = 0 - utmp; + + long_compat: memcpy(cp, &utmp, sizeof(utmp)); return 1; } @@ -102,17 +115,18 @@ static int uint64_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, int indent, const ASN1_PCTX *pctx) { if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED) - return BIO_printf(out, "%"BIO_PRI64"d\n", **(int64_t **)pval); - return BIO_printf(out, "%"BIO_PRI64"u\n", **(uint64_t **)pval); + return BIO_printf(out, "%jd\n", **(int64_t **)pval); + return BIO_printf(out, "%ju\n", **(uint64_t **)pval); } /* 32-bit variants */ static int uint32_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { - *pval = (ASN1_VALUE *)OPENSSL_zalloc(sizeof(uint32_t)); - if (*pval == NULL) + if ((*pval = (ASN1_VALUE *)OPENSSL_zalloc(sizeof(uint32_t))) == NULL) { + ASN1err(ASN1_F_UINT32_NEW, ERR_R_MALLOC_FAILURE); return 0; + } return 1; } @@ -170,6 +184,16 @@ static int uint32_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, return 0; cp = (char *)*pval; + + /* + * Strictly speaking, zero length is malformed. However, long_c2i + * (x_long.c) encodes 0 as a zero length INTEGER (wrongly, of course), + * so for the sake of backward compatibility, we still decode zero + * length INTEGERs as the number zero. + */ + if (len == 0) + goto long_compat; + if (!c2i_uint64_int(&utmp, &neg, &cont, len)) return 0; if ((it->size & INTxx_FLAG_SIGNED) == 0 && neg) { @@ -189,6 +213,8 @@ static int uint32_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, return 0; } } + + long_compat: utmp2 = (uint32_t)utmp; memcpy(cp, &utmp2, sizeof(utmp2)); return 1; diff --git a/deps/openssl/openssl/crypto/asn1/x_long.c b/deps/openssl/openssl/crypto/asn1/x_long.c index 5895345f9fe1cb..bf9371ef55aaf1 100644 --- a/deps/openssl/openssl/crypto/asn1/x_long.c +++ b/deps/openssl/openssl/crypto/asn1/x_long.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,12 @@ #include "internal/cryptlib.h" #include +#if !(OPENSSL_API_COMPAT < 0x10200000L) +NON_EMPTY_TRANSLATION_UNIT +#else + +#define COPY_SIZE(a, b) (sizeof(a) < sizeof(b) ? sizeof(a) : sizeof(b)) + /* * Custom primitive type for long handling. This converts between an * ASN1_INTEGER and a long directly. @@ -46,13 +52,13 @@ ASN1_ITEM_end(ZLONG) static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { - *(long *)pval = it->size; + memcpy(pval, &it->size, COPY_SIZE(*pval, it->size)); return 1; } static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it) { - *(long *)pval = it->size; + memcpy(pval, &it->size, COPY_SIZE(*pval, it->size)); } /* @@ -86,12 +92,8 @@ static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, long ltmp; unsigned long utmp, sign; int clen, pad, i; - /* this exists to bypass broken gcc optimization */ - char *cp = (char *)pval; - - /* use memcpy, because we may not be long aligned */ - memcpy(<mp, cp, sizeof(long)); + memcpy(<mp, pval, COPY_SIZE(*pval, ltmp)); if (ltmp == it->size) return -1; /* @@ -133,7 +135,6 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int i; long ltmp; unsigned long utmp = 0, sign = 0x100; - char *cp = (char *)pval; if (len > 1) { /* @@ -185,12 +186,16 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); return 0; } - memcpy(cp, <mp, sizeof(long)); + memcpy(pval, <mp, COPY_SIZE(*pval, ltmp)); return 1; } static int long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, int indent, const ASN1_PCTX *pctx) { - return BIO_printf(out, "%ld\n", *(long *)pval); + long l; + + memcpy(&l, pval, COPY_SIZE(*pval, l)); + return BIO_printf(out, "%ld\n", l); } +#endif diff --git a/deps/openssl/openssl/crypto/asn1/x_spki.c b/deps/openssl/openssl/crypto/asn1/x_spki.c index c45400b42f3a3f..0d72a3f3a9d239 100644 --- a/deps/openssl/openssl/crypto/asn1/x_spki.c +++ b/deps/openssl/openssl/crypto/asn1/x_spki.c @@ -7,11 +7,6 @@ * https://www.openssl.org/source/license.html */ - /* - * This module was send to me my Pat Richards who wrote it. - * It is under my Copyright with his permission - */ - #include #include "internal/cryptlib.h" #include diff --git a/deps/openssl/openssl/crypto/async/arch/async_posix.h b/deps/openssl/openssl/crypto/async/arch/async_posix.h index 939b4ab183cd26..62449fe60e04ff 100644 --- a/deps/openssl/openssl/crypto/async/arch/async_posix.h +++ b/deps/openssl/openssl/crypto/async/arch/async_posix.h @@ -27,7 +27,6 @@ # include # include -# include "e_os.h" typedef struct async_fibre_st { ucontext_t fibre; diff --git a/deps/openssl/openssl/crypto/async/async.c b/deps/openssl/openssl/crypto/async/async.c index 0862cca21ae23e..1d83e4576f8145 100644 --- a/deps/openssl/openssl/crypto/async/async.c +++ b/deps/openssl/openssl/crypto/async/async.c @@ -19,7 +19,7 @@ #include "async_locl.h" #include -#include +#include "internal/cryptlib_int.h" #include #define ASYNC_JOB_RUNNING 0 @@ -37,7 +37,7 @@ static async_ctx *async_ctx_new(void) if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ASYNC)) return NULL; - nctx = OPENSSL_malloc(sizeof(async_ctx)); + nctx = OPENSSL_malloc(sizeof(*nctx)); if (nctx == NULL) { ASYNCerr(ASYNC_F_ASYNC_CTX_NEW, ERR_R_MALLOC_FAILURE); goto err; @@ -79,7 +79,7 @@ static ASYNC_JOB *async_job_new(void) { ASYNC_JOB *job = NULL; - job = OPENSSL_zalloc(sizeof(ASYNC_JOB)); + job = OPENSSL_zalloc(sizeof(*job)); if (job == NULL) { ASYNCerr(ASYNC_F_ASYNC_JOB_NEW, ERR_R_MALLOC_FAILURE); return NULL; @@ -335,7 +335,7 @@ int ASYNC_init_thread(size_t max_size, size_t init_size) return 0; } - pool->jobs = sk_ASYNC_JOB_new_null(); + pool->jobs = sk_ASYNC_JOB_new_reserve(NULL, init_size); if (pool->jobs == NULL) { ASYNCerr(ASYNC_F_ASYNC_INIT_THREAD, ERR_R_MALLOC_FAILURE); OPENSSL_free(pool); @@ -357,7 +357,7 @@ int ASYNC_init_thread(size_t max_size, size_t init_size) break; } job->funcargs = NULL; - sk_ASYNC_JOB_push(pool->jobs, job); + sk_ASYNC_JOB_push(pool->jobs, job); /* Cannot fail due to reserve */ curr_size++; } pool->curr_size = curr_size; diff --git a/deps/openssl/openssl/crypto/async/async_err.c b/deps/openssl/openssl/crypto/async/async_err.c index ae97e965337d89..fd5527aae8c98b 100644 --- a/deps/openssl/openssl/crypto/async/async_err.c +++ b/deps/openssl/openssl/crypto/async/async_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,31 +8,32 @@ * https://www.openssl.org/source/license.html */ -#include #include -#include +#include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -# define ERR_FUNC(func) ERR_PACK(ERR_LIB_ASYNC,func,0) -# define ERR_REASON(reason) ERR_PACK(ERR_LIB_ASYNC,0,reason) - -static ERR_STRING_DATA ASYNC_str_functs[] = { - {ERR_FUNC(ASYNC_F_ASYNC_CTX_NEW), "async_ctx_new"}, - {ERR_FUNC(ASYNC_F_ASYNC_INIT_THREAD), "ASYNC_init_thread"}, - {ERR_FUNC(ASYNC_F_ASYNC_JOB_NEW), "async_job_new"}, - {ERR_FUNC(ASYNC_F_ASYNC_PAUSE_JOB), "ASYNC_pause_job"}, - {ERR_FUNC(ASYNC_F_ASYNC_START_FUNC), "async_start_func"}, - {ERR_FUNC(ASYNC_F_ASYNC_START_JOB), "ASYNC_start_job"}, +static const ERR_STRING_DATA ASYNC_str_functs[] = { + {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_CTX_NEW, 0), "async_ctx_new"}, + {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_INIT_THREAD, 0), + "ASYNC_init_thread"}, + {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_JOB_NEW, 0), "async_job_new"}, + {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_PAUSE_JOB, 0), "ASYNC_pause_job"}, + {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_START_FUNC, 0), "async_start_func"}, + {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_START_JOB, 0), "ASYNC_start_job"}, + {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_WAIT_CTX_SET_WAIT_FD, 0), + "ASYNC_WAIT_CTX_set_wait_fd"}, {0, NULL} }; -static ERR_STRING_DATA ASYNC_str_reasons[] = { - {ERR_REASON(ASYNC_R_FAILED_TO_SET_POOL), "failed to set pool"}, - {ERR_REASON(ASYNC_R_FAILED_TO_SWAP_CONTEXT), "failed to swap context"}, - {ERR_REASON(ASYNC_R_INIT_FAILED), "init failed"}, - {ERR_REASON(ASYNC_R_INVALID_POOL_SIZE), "invalid pool size"}, +static const ERR_STRING_DATA ASYNC_str_reasons[] = { + {ERR_PACK(ERR_LIB_ASYNC, 0, ASYNC_R_FAILED_TO_SET_POOL), + "failed to set pool"}, + {ERR_PACK(ERR_LIB_ASYNC, 0, ASYNC_R_FAILED_TO_SWAP_CONTEXT), + "failed to swap context"}, + {ERR_PACK(ERR_LIB_ASYNC, 0, ASYNC_R_INIT_FAILED), "init failed"}, + {ERR_PACK(ERR_LIB_ASYNC, 0, ASYNC_R_INVALID_POOL_SIZE), + "invalid pool size"}, {0, NULL} }; @@ -41,10 +42,9 @@ static ERR_STRING_DATA ASYNC_str_reasons[] = { int ERR_load_ASYNC_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(ASYNC_str_functs[0].error) == NULL) { - ERR_load_strings(0, ASYNC_str_functs); - ERR_load_strings(0, ASYNC_str_reasons); + ERR_load_strings_const(ASYNC_str_functs); + ERR_load_strings_const(ASYNC_str_reasons); } #endif return 1; diff --git a/deps/openssl/openssl/crypto/async/async_locl.h b/deps/openssl/openssl/crypto/async/async_locl.h index f0ac05a3db754e..d7790293f74f52 100644 --- a/deps/openssl/openssl/crypto/async/async_locl.h +++ b/deps/openssl/openssl/crypto/async/async_locl.h @@ -20,7 +20,7 @@ # include #endif -#include +#include "internal/async.h" #include typedef struct async_ctx_st async_ctx; diff --git a/deps/openssl/openssl/crypto/async/async_wait.c b/deps/openssl/openssl/crypto/async/async_wait.c index 0a0bf873e130cc..b23e43e8c8624a 100644 --- a/deps/openssl/openssl/crypto/async/async_wait.c +++ b/deps/openssl/openssl/crypto/async/async_wait.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -47,9 +47,10 @@ int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key, { struct fd_lookup_st *fdlookup; - fdlookup = OPENSSL_zalloc(sizeof(*fdlookup)); - if (fdlookup == NULL) + if ((fdlookup = OPENSSL_zalloc(sizeof(*fdlookup))) == NULL) { + ASYNCerr(ASYNC_F_ASYNC_WAIT_CTX_SET_WAIT_FD, ERR_R_MALLOC_FAILURE); return 0; + } fdlookup->key = key; fdlookup->fd = fd; @@ -145,6 +146,7 @@ int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key) while (curr != NULL) { if (curr->del == 1) { /* This one has been marked deleted already so do nothing */ + prev = curr; curr = curr->next; continue; } diff --git a/deps/openssl/openssl/crypto/bf/asm/bf-586.pl b/deps/openssl/openssl/crypto/bf/asm/bf-586.pl index ebc24f48a152c8..4e913aecf42da0 100644 --- a/deps/openssl/openssl/crypto/bf/asm/bf-586.pl +++ b/deps/openssl/openssl/crypto/bf/asm/bf-586.pl @@ -15,7 +15,7 @@ $output = pop; open STDOUT,">$output"; -&asm_init($ARGV[0],"bf-586.pl",$ARGV[$#ARGV] eq "386"); +&asm_init($ARGV[0],$ARGV[$#ARGV] eq "386"); $BF_ROUNDS=16; $BF_OFF=($BF_ROUNDS+2)*4; diff --git a/deps/openssl/openssl/crypto/bf/bf_cbc.c b/deps/openssl/openssl/crypto/bf/bf_cbc.c deleted file mode 100644 index 6ed62578ace3cb..00000000000000 --- a/deps/openssl/openssl/crypto/bf/bf_cbc.c +++ /dev/null @@ -1,86 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "bf_locl.h" - -void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, - const BF_KEY *schedule, unsigned char *ivec, int encrypt) -{ - register BF_LONG tin0, tin1; - register BF_LONG tout0, tout1, xor0, xor1; - register long l = length; - BF_LONG tin[2]; - - if (encrypt) { - n2l(ivec, tout0); - n2l(ivec, tout1); - ivec -= 8; - for (l -= 8; l >= 0; l -= 8) { - n2l(in, tin0); - n2l(in, tin1); - tin0 ^= tout0; - tin1 ^= tout1; - tin[0] = tin0; - tin[1] = tin1; - BF_encrypt(tin, schedule); - tout0 = tin[0]; - tout1 = tin[1]; - l2n(tout0, out); - l2n(tout1, out); - } - if (l != -8) { - n2ln(in, tin0, tin1, l + 8); - tin0 ^= tout0; - tin1 ^= tout1; - tin[0] = tin0; - tin[1] = tin1; - BF_encrypt(tin, schedule); - tout0 = tin[0]; - tout1 = tin[1]; - l2n(tout0, out); - l2n(tout1, out); - } - l2n(tout0, ivec); - l2n(tout1, ivec); - } else { - n2l(ivec, xor0); - n2l(ivec, xor1); - ivec -= 8; - for (l -= 8; l >= 0; l -= 8) { - n2l(in, tin0); - n2l(in, tin1); - tin[0] = tin0; - tin[1] = tin1; - BF_decrypt(tin, schedule); - tout0 = tin[0] ^ xor0; - tout1 = tin[1] ^ xor1; - l2n(tout0, out); - l2n(tout1, out); - xor0 = tin0; - xor1 = tin1; - } - if (l != -8) { - n2l(in, tin0); - n2l(in, tin1); - tin[0] = tin0; - tin[1] = tin1; - BF_decrypt(tin, schedule); - tout0 = tin[0] ^ xor0; - tout1 = tin[1] ^ xor1; - l2nn(tout0, tout1, out, l + 8); - xor0 = tin0; - xor1 = tin1; - } - l2n(xor0, ivec); - l2n(xor1, ivec); - } - tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; - tin[0] = tin[1] = 0; -} diff --git a/deps/openssl/openssl/crypto/bf/bf_ecb.c b/deps/openssl/openssl/crypto/bf/bf_ecb.c index aa73540f35aee8..dc1becdbe4ed05 100644 --- a/deps/openssl/openssl/crypto/bf/bf_ecb.c +++ b/deps/openssl/openssl/crypto/bf/bf_ecb.c @@ -19,7 +19,7 @@ const char *BF_options(void) { - return ("blowfish(ptr)"); + return "blowfish(ptr)"; } void BF_ecb_encrypt(const unsigned char *in, unsigned char *out, diff --git a/deps/openssl/openssl/crypto/bf/bf_enc.c b/deps/openssl/openssl/crypto/bf/bf_enc.c index 9f80c56d57167c..67c0d78aec5cba 100644 --- a/deps/openssl/openssl/crypto/bf/bf_enc.c +++ b/deps/openssl/openssl/crypto/bf/bf_enc.c @@ -60,8 +60,6 @@ void BF_encrypt(BF_LONG *data, const BF_KEY *key) data[0] = r & 0xffffffffU; } -#ifndef BF_DEFAULT_OPTIONS - void BF_decrypt(BF_LONG *data, const BF_KEY *key) { register BF_LONG l, r; @@ -175,5 +173,3 @@ void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; tin[0] = tin[1] = 0; } - -#endif diff --git a/deps/openssl/openssl/crypto/bf/build.info b/deps/openssl/openssl/crypto/bf/build.info index 37a004ea5b59e3..29adc8ce507214 100644 --- a/deps/openssl/openssl/crypto/bf/build.info +++ b/deps/openssl/openssl/crypto/bf/build.info @@ -2,5 +2,6 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]=bf_skey.c bf_ecb.c bf_cfb64.c bf_ofb64.c \ {- $target{bf_asm_src} -} -GENERATE[bf-586.s]=asm/bf-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR) +GENERATE[bf-586.s]=asm/bf-586.pl \ + $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR) DEPEND[bf-586.s]=../perlasm/x86asm.pl ../perlasm/cbc.pl diff --git a/deps/openssl/openssl/crypto/bio/b_addr.c b/deps/openssl/openssl/crypto/bio/b_addr.c index 6ed1652c8a860c..abec7bb8dbba47 100644 --- a/deps/openssl/openssl/crypto/bio/b_addr.c +++ b/deps/openssl/openssl/crypto/bio/b_addr.c @@ -7,6 +7,7 @@ * https://www.openssl.org/source/license.html */ +#include #include #include "bio_lcl.h" @@ -15,8 +16,7 @@ #ifndef OPENSSL_NO_SOCK #include #include -#include -#include +#include "internal/thread_once.h" CRYPTO_RWLOCK *bio_lookup_lock; static CRYPTO_ONCE bio_lookup_init = CRYPTO_ONCE_STATIC_INIT; @@ -565,11 +565,10 @@ static int addrinfo_wrap(int family, int socktype, unsigned short port, BIO_ADDRINFO **bai) { - OPENSSL_assert(bai != NULL); - - *bai = OPENSSL_zalloc(sizeof(**bai)); - if (*bai == NULL) + if ((*bai = OPENSSL_zalloc(sizeof(**bai))) == NULL) { + BIOerr(BIO_F_ADDRINFO_WRAP, ERR_R_MALLOC_FAILURE); return 0; + } (*bai)->bai_family = family; (*bai)->bai_socktype = socktype; @@ -610,8 +609,15 @@ DEFINE_RUN_ONCE_STATIC(do_bio_lookup_init) return bio_lookup_lock != NULL; } +int BIO_lookup(const char *host, const char *service, + enum BIO_lookup_type lookup_type, + int family, int socktype, BIO_ADDRINFO **res) +{ + return BIO_lookup_ex(host, service, lookup_type, family, socktype, 0, res); +} + /*- - * BIO_lookup - look up the node and service you want to connect to. + * BIO_lookup_ex - look up the node and service you want to connect to. * @node: the node you want to connect to. * @service: the service you want to connect to. * @lookup_type: declare intent with the result, client or server. @@ -619,6 +625,10 @@ DEFINE_RUN_ONCE_STATIC(do_bio_lookup_init) * AF_INET, AF_INET6 or AF_UNIX. * @socktype: The socket type you want to use. Can be SOCK_STREAM, SOCK_DGRAM * or 0 for all. + * @protocol: The protocol to use, e.g. IPPROTO_TCP or IPPROTO_UDP or 0 for all. + * Note that some platforms may not return IPPROTO_SCTP without + * explicitly requesting it (i.e. IPPROTO_SCTP may not be returned + * with 0 for the protocol) * @res: Storage place for the resulting list of returned addresses * * This will do a lookup of the node and service that you want to connect to. @@ -628,9 +638,8 @@ DEFINE_RUN_ONCE_STATIC(do_bio_lookup_init) * * The return value is 1 on success or 0 in case of error. */ -int BIO_lookup(const char *host, const char *service, - enum BIO_lookup_type lookup_type, - int family, int socktype, BIO_ADDRINFO **res) +int BIO_lookup_ex(const char *host, const char *service, int lookup_type, + int family, int socktype, int protocol, BIO_ADDRINFO **res) { int ret = 0; /* Assume failure */ @@ -647,7 +656,7 @@ int BIO_lookup(const char *host, const char *service, #endif break; default: - BIOerr(BIO_F_BIO_LOOKUP, BIO_R_UNSUPPORTED_PROTOCOL_FAMILY); + BIOerr(BIO_F_BIO_LOOKUP_EX, BIO_R_UNSUPPORTED_PROTOCOL_FAMILY); return 0; } @@ -656,7 +665,7 @@ int BIO_lookup(const char *host, const char *service, if (addrinfo_wrap(family, socktype, host, strlen(host), 0, res)) return 1; else - BIOerr(BIO_F_BIO_LOOKUP, ERR_R_MALLOC_FAILURE); + BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_MALLOC_FAILURE); return 0; } #endif @@ -673,6 +682,7 @@ int BIO_lookup(const char *host, const char *service, hints.ai_family = family; hints.ai_socktype = socktype; + hints.ai_protocol = protocol; if (lookup_type == BIO_LOOKUP_SERVER) hints.ai_flags |= AI_PASSIVE; @@ -684,14 +694,14 @@ int BIO_lookup(const char *host, const char *service, # ifdef EAI_SYSTEM case EAI_SYSTEM: SYSerr(SYS_F_GETADDRINFO, get_last_socket_error()); - BIOerr(BIO_F_BIO_LOOKUP, ERR_R_SYS_LIB); + BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_SYS_LIB); break; # endif case 0: ret = 1; /* Success */ break; default: - BIOerr(BIO_F_BIO_LOOKUP, ERR_R_SYS_LIB); + BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_SYS_LIB); ERR_add_error_data(1, gai_strerror(gai_ret)); break; } @@ -733,7 +743,7 @@ int BIO_lookup(const char *host, const char *service, #endif if (!RUN_ONCE(&bio_lookup_init, do_bio_lookup_init)) { - BIOerr(BIO_F_BIO_LOOKUP, ERR_R_MALLOC_FAILURE); + BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_MALLOC_FAILURE); ret = 0; goto err; } @@ -750,8 +760,11 @@ int BIO_lookup(const char *host, const char *service, he_fallback_address = INADDR_ANY; break; default: - OPENSSL_assert(("We forgot to handle a lookup type!" == 0)); - break; + /* We forgot to handle a lookup type! */ + assert("We forgot to handle a lookup type!" == NULL); + BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_INTERNAL_ERROR); + ret = 0; + goto err; } } else { he = gethostbyname(host); @@ -810,7 +823,7 @@ int BIO_lookup(const char *host, const char *service, if (endp != service && *endp == '\0' && portnum > 0 && portnum < 65536) { - se_fallback.s_port = htons(portnum); + se_fallback.s_port = htons((unsigned short)portnum); se_fallback.s_proto = proto; se = &se_fallback; } else if (endp == service) { @@ -825,7 +838,7 @@ int BIO_lookup(const char *host, const char *service, goto err; } } else { - BIOerr(BIO_F_BIO_LOOKUP, BIO_R_MALFORMED_HOST_OR_SERVICE); + BIOerr(BIO_F_BIO_LOOKUP_EX, BIO_R_MALFORMED_HOST_OR_SERVICE); goto err; } } @@ -867,7 +880,7 @@ int BIO_lookup(const char *host, const char *service, addrinfo_malloc_err: BIO_ADDRINFO_free(*res); *res = NULL; - BIOerr(BIO_F_BIO_LOOKUP, ERR_R_MALLOC_FAILURE); + BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_MALLOC_FAILURE); ret = 0; goto err; } diff --git a/deps/openssl/openssl/crypto/bio/b_dump.c b/deps/openssl/openssl/crypto/bio/b_dump.c index 424195e16b3834..0d06414e7d912f 100644 --- a/deps/openssl/openssl/crypto/bio/b_dump.c +++ b/deps/openssl/openssl/crypto/bio/b_dump.c @@ -15,7 +15,9 @@ #include "bio_lcl.h" #define DUMP_WIDTH 16 -#define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH-((i-(i>6?6:i)+3)/4)) +#define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH - ((i - (i > 6 ? 6 : i) + 3) / 4)) + +#define SPACE(buf, pos, n) (sizeof(buf) - (pos) > (n)) int BIO_dump_cb(int (*cb) (const void *data, size_t len, void *u), void *u, const char *s, int len) @@ -27,60 +29,63 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), void *u, const char *s, int len, int indent) { int ret = 0; - char buf[288 + 1], tmp[20], str[128 + 1]; - int i, j, rows; + char buf[288 + 1]; + int i, j, rows, n; unsigned char ch; int dump_width; if (indent < 0) indent = 0; - if (indent) { - if (indent > 128) - indent = 128; - memset(str, ' ', indent); - } - str[indent] = '\0'; + else if (indent > 128) + indent = 128; dump_width = DUMP_WIDTH_LESS_INDENT(indent); - rows = (len / dump_width); + rows = len / dump_width; if ((rows * dump_width) < len) rows++; for (i = 0; i < rows; i++) { - OPENSSL_strlcpy(buf, str, sizeof(buf)); - BIO_snprintf(tmp, sizeof(tmp), "%04x - ", i * dump_width); - OPENSSL_strlcat(buf, tmp, sizeof(buf)); + n = BIO_snprintf(buf, sizeof(buf), "%*s%04x - ", indent, "", + i * dump_width); for (j = 0; j < dump_width; j++) { - if (((i * dump_width) + j) >= len) { - OPENSSL_strlcat(buf, " ", sizeof(buf)); - } else { - ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff; - BIO_snprintf(tmp, sizeof(tmp), "%02x%c", ch, - j == 7 ? '-' : ' '); - OPENSSL_strlcat(buf, tmp, sizeof(buf)); + if (SPACE(buf, n, 3)) { + if (((i * dump_width) + j) >= len) { + strcpy(buf + n, " "); + } else { + ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff; + BIO_snprintf(buf + n, 4, "%02x%c", ch, + j == 7 ? '-' : ' '); + } + n += 3; } } - OPENSSL_strlcat(buf, " ", sizeof(buf)); + if (SPACE(buf, n, 2)) { + strcpy(buf + n, " "); + n += 2; + } for (j = 0; j < dump_width; j++) { if (((i * dump_width) + j) >= len) break; - ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff; + if (SPACE(buf, n, 1)) { + ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff; #ifndef CHARSET_EBCDIC - BIO_snprintf(tmp, sizeof(tmp), "%c", - ((ch >= ' ') && (ch <= '~')) ? ch : '.'); + buf[n++] = ((ch >= ' ') && (ch <= '~')) ? ch : '.'; #else - BIO_snprintf(tmp, sizeof(tmp), "%c", - ((ch >= os_toascii[' ']) && (ch <= os_toascii['~'])) - ? os_toebcdic[ch] - : '.'); + buf[n++] = ((ch >= os_toascii[' ']) && (ch <= os_toascii['~'])) + ? os_toebcdic[ch] + : '.'; #endif - OPENSSL_strlcat(buf, tmp, sizeof(buf)); + buf[n] = '\0'; + } + } + if (SPACE(buf, n, 1)) { + buf[n++] = '\n'; + buf[n] = '\0'; } - OPENSSL_strlcat(buf, "\n", sizeof(buf)); /* * if this is the last call then update the ddt_dump thing so that we * will move the selection point in the debug window */ - ret += cb((void *)buf, strlen(buf), u); + ret += cb((void *)buf, n, u); } return ret; } diff --git a/deps/openssl/openssl/crypto/bio/b_print.c b/deps/openssl/openssl/crypto/bio/b_print.c index 8f50cb8c143314..9e907fcaa778c6 100644 --- a/deps/openssl/openssl/crypto/bio/b_print.c +++ b/deps/openssl/openssl/crypto/bio/b_print.c @@ -9,10 +9,10 @@ #include #include -#include -#include #include "internal/cryptlib.h" +#include "internal/ctype.h" #include "internal/numbers.h" +#include /* * Copyright Patrick Powell 1995 @@ -69,6 +69,7 @@ static int _dopr(char **sbuffer, char **buffer, #define DP_C_LONG 2 #define DP_C_LDOUBLE 3 #define DP_C_LLONG 4 +#define DP_C_SIZE 5 /* Floating point formats */ #define F_FORMAT 0 @@ -110,7 +111,7 @@ _dopr(char **sbuffer, if (ch == '%') state = DP_S_FLAGS; else - if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch)) + if (!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch)) return 0; ch = *format++; break; @@ -142,7 +143,7 @@ _dopr(char **sbuffer, } break; case DP_S_MIN: - if (isdigit((unsigned char)ch)) { + if (ossl_isdigit(ch)) { min = 10 * min + char_to_int(ch); ch = *format++; } else if (ch == '*') { @@ -160,7 +161,7 @@ _dopr(char **sbuffer, state = DP_S_MOD; break; case DP_S_MAX: - if (isdigit((unsigned char)ch)) { + if (ossl_isdigit(ch)) { if (max < 0) max = 0; max = 10 * max + char_to_int(ch); @@ -187,6 +188,7 @@ _dopr(char **sbuffer, ch = *format++; break; case 'q': + case 'j': cflags = DP_C_LLONG; ch = *format++; break; @@ -194,6 +196,10 @@ _dopr(char **sbuffer, cflags = DP_C_LDOUBLE; ch = *format++; break; + case 'z': + cflags = DP_C_SIZE; + ch = *format++; + break; default: break; } @@ -213,6 +219,9 @@ _dopr(char **sbuffer, case DP_C_LLONG: value = va_arg(args, int64_t); break; + case DP_C_SIZE: + value = va_arg(args, ossl_ssize_t); + break; default: value = va_arg(args, int); break; @@ -238,6 +247,9 @@ _dopr(char **sbuffer, case DP_C_LLONG: value = va_arg(args, uint64_t); break; + case DP_C_SIZE: + value = va_arg(args, size_t); + break; default: value = va_arg(args, unsigned int); break; @@ -281,8 +293,8 @@ _dopr(char **sbuffer, return 0; break; case 'c': - if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, - va_arg(args, int))) + if (!doapr_outch(sbuffer, buffer, &currlen, maxlen, + va_arg(args, int))) return 0; break; case 's': @@ -303,27 +315,15 @@ _dopr(char **sbuffer, value, 16, min, max, flags | DP_F_NUM)) return 0; break; - case 'n': /* XXX */ - if (cflags == DP_C_SHORT) { - short int *num; - num = va_arg(args, short int *); - *num = currlen; - } else if (cflags == DP_C_LONG) { /* XXX */ - long int *num; - num = va_arg(args, long int *); - *num = (long int)currlen; - } else if (cflags == DP_C_LLONG) { /* XXX */ - int64_t *num; - num = va_arg(args, int64_t *); - *num = (int64_t)currlen; - } else { + case 'n': + { int *num; num = va_arg(args, int *); *num = currlen; } break; case '%': - if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch)) + if (!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch)) return 0; break; case 'w': @@ -354,7 +354,7 @@ _dopr(char **sbuffer, if (*truncated) currlen = *maxlen - 1; } - if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0')) + if (!doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0')) return 0; *retlen = currlen - 1; return 1; @@ -392,19 +392,19 @@ fmtstr(char **sbuffer, padlen = -padlen; while ((padlen > 0) && (max < 0 || cnt < max)) { - if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) + if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) return 0; --padlen; ++cnt; } while (strln > 0 && (max < 0 || cnt < max)) { - if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *value++)) + if (!doapr_outch(sbuffer, buffer, currlen, maxlen, *value++)) return 0; --strln; ++cnt; } while ((padlen < 0) && (max < 0 || cnt < max)) { - if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) + if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) return 0; ++padlen; ++cnt; @@ -472,19 +472,19 @@ fmtint(char **sbuffer, /* spaces */ while (spadlen > 0) { - if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) + if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) return 0; --spadlen; } /* sign */ if (signvalue) - if(!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue)) + if (!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue)) return 0; /* prefix */ while (*prefix) { - if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix)) + if (!doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix)) return 0; prefix++; } @@ -492,7 +492,7 @@ fmtint(char **sbuffer, /* zeros */ if (zpadlen > 0) { while (zpadlen > 0) { - if(!doapr_outch(sbuffer, buffer, currlen, maxlen, '0')) + if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0')) return 0; --zpadlen; } @@ -758,8 +758,8 @@ fmtfp(char **sbuffer, return 0; while (fplace > 0) { - if(!doapr_outch(sbuffer, buffer, currlen, maxlen, - fconvert[--fplace])) + if (!doapr_outch(sbuffer, buffer, currlen, maxlen, + fconvert[--fplace])) return 0; } } @@ -805,11 +805,13 @@ static int doapr_outch(char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, int c) { - /* If we haven't at least one buffer, someone has doe a big booboo */ - OPENSSL_assert(*sbuffer != NULL || buffer != NULL); + /* If we haven't at least one buffer, someone has done a big booboo */ + if (!ossl_assert(*sbuffer != NULL || buffer != NULL)) + return 0; /* |currlen| must always be <= |*maxlen| */ - OPENSSL_assert(*currlen <= *maxlen); + if (!ossl_assert(*currlen <= *maxlen)) + return 0; if (buffer && *currlen == *maxlen) { if (*maxlen > INT_MAX - BUFFER_INC) @@ -817,11 +819,13 @@ doapr_outch(char **sbuffer, *maxlen += BUFFER_INC; if (*buffer == NULL) { - *buffer = OPENSSL_malloc(*maxlen); - if (*buffer == NULL) + if ((*buffer = OPENSSL_malloc(*maxlen)) == NULL) { + BIOerr(BIO_F_DOAPR_OUTCH, ERR_R_MALLOC_FAILURE); return 0; + } if (*currlen > 0) { - OPENSSL_assert(*sbuffer != NULL); + if (!ossl_assert(*sbuffer != NULL)) + return 0; memcpy(*buffer, *sbuffer, *currlen); } *sbuffer = NULL; @@ -856,7 +860,7 @@ int BIO_printf(BIO *bio, const char *format, ...) ret = BIO_vprintf(bio, format, args); va_end(args); - return (ret); + return ret; } int BIO_vprintf(BIO *bio, const char *format, va_list args) @@ -883,7 +887,7 @@ int BIO_vprintf(BIO *bio, const char *format, va_list args) } else { ret = BIO_write(bio, hugebuf, (int)retlen); } - return (ret); + return ret; } /* @@ -902,7 +906,7 @@ int BIO_snprintf(char *buf, size_t n, const char *format, ...) ret = BIO_vsnprintf(buf, n, format, args); va_end(args); - return (ret); + return ret; } int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) @@ -910,7 +914,7 @@ int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) size_t retlen; int truncated; - if(!_dopr(&buf, NULL, &n, &retlen, &truncated, format, args)) + if (!_dopr(&buf, NULL, &n, &retlen, &truncated, format, args)) return -1; if (truncated) diff --git a/deps/openssl/openssl/crypto/bio/b_sock.c b/deps/openssl/openssl/crypto/bio/b_sock.c index fac1432787dc65..e7a24d02cbe5b0 100644 --- a/deps/openssl/openssl/crypto/bio/b_sock.c +++ b/deps/openssl/openssl/crypto/bio/b_sock.c @@ -11,10 +11,6 @@ #include #include #include "bio_lcl.h" -#if defined(NETWARE_CLIB) -# include -NETDB_DEFINE_CONTEXT -#endif #ifndef OPENSSL_NO_SOCK # define SOCKET_PROTOCOL IPPROTO_TCP # ifdef SO_MAXCONN @@ -43,14 +39,13 @@ int BIO_get_host_ip(const char *str, unsigned char *ip) if (BIO_ADDRINFO_family(res) != AF_INET) { BIOerr(BIO_F_BIO_GET_HOST_IP, BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET); - } else { - BIO_ADDR_rawaddress(BIO_ADDRINFO_address(res), NULL, &l); - /* Because only AF_INET addresses will reach this far, - we can assert that l should be 4 */ - OPENSSL_assert(l == 4); - - BIO_ADDR_rawaddress(BIO_ADDRINFO_address(res), ip, &l); - ret = 1; + } else if (BIO_ADDR_rawaddress(BIO_ADDRINFO_address(res), NULL, &l)) { + /* + * Because only AF_INET addresses will reach this far, we can assert + * that l should be 4 + */ + if (ossl_assert(l == 4)) + ret = BIO_ADDR_rawaddress(BIO_ADDRINFO_address(res), ip, &l); } BIO_ADDRINFO_free(res); } else { @@ -67,7 +62,7 @@ int BIO_get_port(const char *str, unsigned short *port_ptr) if (str == NULL) { BIOerr(BIO_F_BIO_GET_PORT, BIO_R_NO_PORT_DEFINED); - return (0); + return 0; } if (BIO_sock_init() != 1) @@ -103,9 +98,9 @@ int BIO_sock_error(int sock) */ i = getsockopt(sock, SOL_SOCKET, SO_ERROR, (void *)&j, &size); if (i < 0) - return (get_last_socket_error()); + return get_last_socket_error(); else - return (j); + return j; } # if OPENSSL_API_COMPAT < 0x10100000L @@ -115,11 +110,7 @@ struct hostent *BIO_gethostbyname(const char *name) * Caching gethostbyname() results forever is wrong, so we have to let * the true gethostbyname() worry about this */ -# if (defined(NETWARE_BSDSOCK) && !defined(__NOVELL_LIBC__)) - return gethostbyname((char *)name); -# else return gethostbyname(name); -# endif } # endif @@ -143,7 +134,7 @@ int BIO_sock_init(void) err = WSAGetLastError(); SYSerr(SYS_F_WSASTARTUP, err); BIOerr(BIO_F_BIO_SOCK_INIT, BIO_R_WSASTARTUP); - return (-1); + return -1; } } # endif /* OPENSSL_SYS_WINDOWS */ @@ -151,10 +142,10 @@ int BIO_sock_init(void) extern int _watt_do_exit; _watt_do_exit = 0; /* don't make sock_init() call exit() */ if (sock_init()) - return (-1); + return -1; # endif - return (1); + return 1; } void bio_sock_cleanup_int(void) @@ -202,7 +193,7 @@ int BIO_socket_ioctl(int fd, long type, void *arg) # endif /* __DJGPP__ */ if (i < 0) SYSerr(SYS_F_IOCTLSOCKET, get_last_socket_error()); - return (i); + return i; } # if OPENSSL_API_COMPAT < 0x10100000L diff --git a/deps/openssl/openssl/crypto/bio/b_sock2.c b/deps/openssl/openssl/crypto/bio/b_sock2.c index d8b49d022cc032..5d82ab22dc304c 100644 --- a/deps/openssl/openssl/crypto/bio/b_sock2.c +++ b/deps/openssl/openssl/crypto/bio/b_sock2.c @@ -76,7 +76,7 @@ int BIO_socket(int domain, int socktype, int protocol, int options) */ int BIO_connect(int sock, const BIO_ADDR *addr, int options) { - int on = 1; + const int on = 1; if (sock == -1) { BIOerr(BIO_F_BIO_CONNECT, BIO_R_INVALID_SOCKET); @@ -87,7 +87,8 @@ int BIO_connect(int sock, const BIO_ADDR *addr, int options) return 0; if (options & BIO_SOCK_KEEPALIVE) { - if (setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) != 0) { + if (setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, + (const void *)&on, sizeof(on)) != 0) { SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error()); BIOerr(BIO_F_BIO_CONNECT, BIO_R_UNABLE_TO_KEEPALIVE); return 0; @@ -95,7 +96,8 @@ int BIO_connect(int sock, const BIO_ADDR *addr, int options) } if (options & BIO_SOCK_NODELAY) { - if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(on)) != 0) { + if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, + (const void *)&on, sizeof(on)) != 0) { SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error()); BIOerr(BIO_F_BIO_CONNECT, BIO_R_UNABLE_TO_NODELAY); return 0; @@ -113,6 +115,57 @@ int BIO_connect(int sock, const BIO_ADDR *addr, int options) return 1; } +/*- + * BIO_bind - bind socket to address + * @sock: the socket to set + * @addr: local address to bind to + * @options: BIO socket options + * + * Binds to the address using the given socket and options. + * + * Options can be a combination of the following: + * - BIO_SOCK_REUSEADDR: Try to reuse the address and port combination + * for a recently closed port. + * + * When restarting the program it could be that the port is still in use. If + * you set to BIO_SOCK_REUSEADDR option it will try to reuse the port anyway. + * It's recommended that you use this. + */ +int BIO_bind(int sock, const BIO_ADDR *addr, int options) +{ +# ifndef OPENSSL_SYS_WINDOWS + int on = 1; +# endif + + if (sock == -1) { + BIOerr(BIO_F_BIO_BIND, BIO_R_INVALID_SOCKET); + return 0; + } + +# ifndef OPENSSL_SYS_WINDOWS + /* + * SO_REUSEADDR has different behavior on Windows than on + * other operating systems, don't set it there. + */ + if (options & BIO_SOCK_REUSEADDR) { + if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, + (const void *)&on, sizeof(on)) != 0) { + SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error()); + BIOerr(BIO_F_BIO_BIND, BIO_R_UNABLE_TO_REUSEADDR); + return 0; + } + } +# endif + + if (bind(sock, BIO_ADDR_sockaddr(addr), BIO_ADDR_sockaddr_size(addr)) != 0) { + SYSerr(SYS_F_BIND, get_last_socket_error()); + BIOerr(BIO_F_BIO_BIND, BIO_R_UNABLE_TO_BIND_SOCKET); + return 0; + } + + return 1; +} + /*- * BIO_listen - Creates a listen socket * @sock: the socket to listen with @@ -161,7 +214,8 @@ int BIO_listen(int sock, const BIO_ADDR *addr, int options) return 0; } - if (getsockopt(sock, SOL_SOCKET, SO_TYPE, &socktype, &socktype_len) != 0 + if (getsockopt(sock, SOL_SOCKET, SO_TYPE, + (void *)&socktype, &socktype_len) != 0 || socktype_len != sizeof(socktype)) { SYSerr(SYS_F_GETSOCKOPT, get_last_socket_error()); BIOerr(BIO_F_BIO_LISTEN, BIO_R_GETTING_SOCKTYPE); @@ -171,22 +225,9 @@ int BIO_listen(int sock, const BIO_ADDR *addr, int options) if (!BIO_socket_nbio(sock, (options & BIO_SOCK_NONBLOCK) != 0)) return 0; -# ifndef OPENSSL_SYS_WINDOWS - /* - * SO_REUSEADDR has different behavior on Windows than on - * other operating systems, don't set it there. - */ - if (options & BIO_SOCK_REUSEADDR) { - if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) != 0) { - SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error()); - BIOerr(BIO_F_BIO_LISTEN, BIO_R_UNABLE_TO_REUSEADDR); - return 0; - } - } -# endif - if (options & BIO_SOCK_KEEPALIVE) { - if (setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) != 0) { + if (setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, + (const void *)&on, sizeof(on)) != 0) { SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error()); BIOerr(BIO_F_BIO_LISTEN, BIO_R_UNABLE_TO_KEEPALIVE); return 0; @@ -194,7 +235,8 @@ int BIO_listen(int sock, const BIO_ADDR *addr, int options) } if (options & BIO_SOCK_NODELAY) { - if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(on)) != 0) { + if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, + (const void *)&on, sizeof(on)) != 0) { SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error()); BIOerr(BIO_F_BIO_LISTEN, BIO_R_UNABLE_TO_NODELAY); return 0; @@ -208,7 +250,8 @@ int BIO_listen(int sock, const BIO_ADDR *addr, int options) * Therefore we always have to use setsockopt here. */ on = options & BIO_SOCK_V6_ONLY ? 1 : 0; - if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) != 0) { + if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, + (const void *)&on, sizeof(on)) != 0) { SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error()); BIOerr(BIO_F_BIO_LISTEN, BIO_R_LISTEN_V6_ONLY); return 0; @@ -216,11 +259,8 @@ int BIO_listen(int sock, const BIO_ADDR *addr, int options) } # endif - if (bind(sock, BIO_ADDR_sockaddr(addr), BIO_ADDR_sockaddr_size(addr)) != 0) { - SYSerr(SYS_F_BIND, get_last_socket_error()); - BIOerr(BIO_F_BIO_LISTEN, BIO_R_UNABLE_TO_BIND_SOCKET); + if (!BIO_bind(sock, addr, options)) return 0; - } if (socktype != SOCK_DGRAM && listen(sock, MAX_LISTEN) == -1) { SYSerr(SYS_F_LISTEN, get_last_socket_error()); diff --git a/deps/openssl/openssl/crypto/bio/bf_buff.c b/deps/openssl/openssl/crypto/bio/bf_buff.c index 85099561591206..8e87a629b8b542 100644 --- a/deps/openssl/openssl/crypto/bio/bf_buff.c +++ b/deps/openssl/openssl/crypto/bio/bf_buff.c @@ -25,7 +25,11 @@ static long buffer_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); static const BIO_METHOD methods_buffer = { BIO_TYPE_BUFFER, "buffer", + /* TODO: Convert to new style write function */ + bwrite_conv, buffer_write, + /* TODO: Convert to new style read function */ + bread_conv, buffer_read, buffer_puts, buffer_gets, @@ -37,7 +41,7 @@ static const BIO_METHOD methods_buffer = { const BIO_METHOD *BIO_f_buffer(void) { - return (&methods_buffer); + return &methods_buffer; } static int buffer_new(BIO *bi) @@ -45,25 +49,25 @@ static int buffer_new(BIO *bi) BIO_F_BUFFER_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx == NULL) - return (0); + return 0; ctx->ibuf_size = DEFAULT_BUFFER_SIZE; ctx->ibuf = OPENSSL_malloc(DEFAULT_BUFFER_SIZE); if (ctx->ibuf == NULL) { OPENSSL_free(ctx); - return (0); + return 0; } ctx->obuf_size = DEFAULT_BUFFER_SIZE; ctx->obuf = OPENSSL_malloc(DEFAULT_BUFFER_SIZE); if (ctx->obuf == NULL) { OPENSSL_free(ctx->ibuf); OPENSSL_free(ctx); - return (0); + return 0; } bi->init = 1; bi->ptr = (char *)ctx; bi->flags = 0; - return (1); + return 1; } static int buffer_free(BIO *a) @@ -71,7 +75,7 @@ static int buffer_free(BIO *a) BIO_F_BUFFER_CTX *b; if (a == NULL) - return (0); + return 0; b = (BIO_F_BUFFER_CTX *)a->ptr; OPENSSL_free(b->ibuf); OPENSSL_free(b->obuf); @@ -79,7 +83,7 @@ static int buffer_free(BIO *a) a->ptr = NULL; a->init = 0; a->flags = 0; - return (1); + return 1; } static int buffer_read(BIO *b, char *out, int outl) @@ -88,11 +92,11 @@ static int buffer_read(BIO *b, char *out, int outl) BIO_F_BUFFER_CTX *ctx; if (out == NULL) - return (0); + return 0; ctx = (BIO_F_BUFFER_CTX *)b->ptr; if ((ctx == NULL) || (b->next_bio == NULL)) - return (0); + return 0; num = 0; BIO_clear_retry_flags(b); @@ -107,7 +111,7 @@ static int buffer_read(BIO *b, char *out, int outl) ctx->ibuf_len -= i; num += i; if (outl == i) - return (num); + return num; outl -= i; out += i; } @@ -126,11 +130,11 @@ static int buffer_read(BIO *b, char *out, int outl) if (i < 0) return ((num > 0) ? num : i); if (i == 0) - return (num); + return num; } num += i; if (outl == i) - return (num); + return num; out += i; outl -= i; } @@ -144,7 +148,7 @@ static int buffer_read(BIO *b, char *out, int outl) if (i < 0) return ((num > 0) ? num : i); if (i == 0) - return (num); + return num; } ctx->ibuf_off = 0; ctx->ibuf_len = i; @@ -159,10 +163,10 @@ static int buffer_write(BIO *b, const char *in, int inl) BIO_F_BUFFER_CTX *ctx; if ((in == NULL) || (inl <= 0)) - return (0); + return 0; ctx = (BIO_F_BUFFER_CTX *)b->ptr; if ((ctx == NULL) || (b->next_bio == NULL)) - return (0); + return 0; BIO_clear_retry_flags(b); start: @@ -193,7 +197,7 @@ static int buffer_write(BIO *b, const char *in, int inl) if (i < 0) return ((num > 0) ? num : i); if (i == 0) - return (num); + return num; } ctx->obuf_off += i; ctx->obuf_len -= i; @@ -215,13 +219,13 @@ static int buffer_write(BIO *b, const char *in, int inl) if (i < 0) return ((num > 0) ? num : i); if (i == 0) - return (num); + return num; } num += i; in += i; inl -= i; if (inl == 0) - return (num); + return num; } /* @@ -248,7 +252,12 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr) ctx->obuf_off = 0; ctx->obuf_len = 0; if (b->next_bio == NULL) - return (0); + return 0; + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + break; + case BIO_CTRL_EOF: + if (ctx->ibuf_len > 0) + return 0; ret = BIO_ctrl(b->next_bio, cmd, num, ptr); break; case BIO_CTRL_INFO: @@ -266,7 +275,7 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr) ret = (long)ctx->obuf_len; if (ret == 0) { if (b->next_bio == NULL) - return (0); + return 0; ret = BIO_ctrl(b->next_bio, cmd, num, ptr); } break; @@ -274,7 +283,7 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr) ret = (long)ctx->ibuf_len; if (ret == 0) { if (b->next_bio == NULL) - return (0); + return 0; ret = BIO_ctrl(b->next_bio, cmd, num, ptr); } break; @@ -338,7 +347,7 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr) break; case BIO_C_DO_STATE_MACHINE: if (b->next_bio == NULL) - return (0); + return 0; BIO_clear_retry_flags(b); ret = BIO_ctrl(b->next_bio, cmd, num, ptr); BIO_copy_next_retry(b); @@ -346,7 +355,7 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr) case BIO_CTRL_FLUSH: if (b->next_bio == NULL) - return (0); + return 0; if (ctx->obuf_len <= 0) { ret = BIO_ctrl(b->next_bio, cmd, num, ptr); break; @@ -359,7 +368,7 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr) &(ctx->obuf[ctx->obuf_off]), ctx->obuf_len); BIO_copy_next_retry(b); if (r <= 0) - return ((long)r); + return (long)r; ctx->obuf_off += r; ctx->obuf_len -= r; } else { @@ -376,16 +385,27 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr) !BIO_set_write_buffer_size(dbio, ctx->obuf_size)) ret = 0; break; + case BIO_CTRL_PEEK: + /* Ensure there's stuff in the input buffer */ + { + char fake_buf[1]; + (void)buffer_read(b, fake_buf, 0); + } + if (num > ctx->ibuf_len) + num = ctx->ibuf_len; + memcpy(ptr, &(ctx->ibuf[ctx->ibuf_off]), num); + ret = num; + break; default: if (b->next_bio == NULL) - return (0); + return 0; ret = BIO_ctrl(b->next_bio, cmd, num, ptr); break; } - return (ret); + return ret; malloc_error: BIOerr(BIO_F_BUFFER_CTRL, ERR_R_MALLOC_FAILURE); - return (0); + return 0; } static long buffer_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) @@ -393,13 +413,13 @@ static long buffer_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) long ret = 1; if (b->next_bio == NULL) - return (0); + return 0; switch (cmd) { default: ret = BIO_callback_ctrl(b->next_bio, cmd, fp); break; } - return (ret); + return ret; } static int buffer_gets(BIO *b, char *buf, int size) @@ -430,7 +450,7 @@ static int buffer_gets(BIO *b, char *buf, int size) ctx->ibuf_off += i; if (flag || size == 0) { *buf = '\0'; - return (num); + return num; } } else { /* read another chunk */ @@ -441,7 +461,7 @@ static int buffer_gets(BIO *b, char *buf, int size) if (i < 0) return ((num > 0) ? num : i); if (i == 0) - return (num); + return num; } ctx->ibuf_len = i; ctx->ibuf_off = 0; @@ -451,5 +471,5 @@ static int buffer_gets(BIO *b, char *buf, int size) static int buffer_puts(BIO *b, const char *str) { - return (buffer_write(b, str, strlen(str))); + return buffer_write(b, str, strlen(str)); } diff --git a/deps/openssl/openssl/crypto/bio/bf_lbuf.c b/deps/openssl/openssl/crypto/bio/bf_lbuf.c index a80f899a0ed300..194c7b8af7137f 100644 --- a/deps/openssl/openssl/crypto/bio/bf_lbuf.c +++ b/deps/openssl/openssl/crypto/bio/bf_lbuf.c @@ -30,7 +30,11 @@ static long linebuffer_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); static const BIO_METHOD methods_linebuffer = { BIO_TYPE_LINEBUFFER, "linebuffer", + /* TODO: Convert to new style write function */ + bwrite_conv, linebuffer_write, + /* TODO: Convert to new style read function */ + bread_conv, linebuffer_read, linebuffer_puts, linebuffer_gets, @@ -42,7 +46,7 @@ static const BIO_METHOD methods_linebuffer = { const BIO_METHOD *BIO_f_linebuffer(void) { - return (&methods_linebuffer); + return &methods_linebuffer; } typedef struct bio_linebuffer_ctx_struct { @@ -55,13 +59,15 @@ static int linebuffer_new(BIO *bi) { BIO_LINEBUFFER_CTX *ctx; - ctx = OPENSSL_malloc(sizeof(*ctx)); - if (ctx == NULL) - return (0); + if ((ctx = OPENSSL_malloc(sizeof(*ctx))) == NULL) { + BIOerr(BIO_F_LINEBUFFER_NEW, ERR_R_MALLOC_FAILURE); + return 0; + } ctx->obuf = OPENSSL_malloc(DEFAULT_LINEBUFFER_SIZE); if (ctx->obuf == NULL) { + BIOerr(BIO_F_LINEBUFFER_NEW, ERR_R_MALLOC_FAILURE); OPENSSL_free(ctx); - return (0); + return 0; } ctx->obuf_size = DEFAULT_LINEBUFFER_SIZE; ctx->obuf_len = 0; @@ -69,7 +75,7 @@ static int linebuffer_new(BIO *bi) bi->init = 1; bi->ptr = (char *)ctx; bi->flags = 0; - return (1); + return 1; } static int linebuffer_free(BIO *a) @@ -77,14 +83,14 @@ static int linebuffer_free(BIO *a) BIO_LINEBUFFER_CTX *b; if (a == NULL) - return (0); + return 0; b = (BIO_LINEBUFFER_CTX *)a->ptr; OPENSSL_free(b->obuf); OPENSSL_free(a->ptr); a->ptr = NULL; a->init = 0; a->flags = 0; - return (1); + return 1; } static int linebuffer_read(BIO *b, char *out, int outl) @@ -92,13 +98,13 @@ static int linebuffer_read(BIO *b, char *out, int outl) int ret = 0; if (out == NULL) - return (0); + return 0; if (b->next_bio == NULL) - return (0); + return 0; ret = BIO_read(b->next_bio, out, outl); BIO_clear_retry_flags(b); BIO_copy_next_retry(b); - return (ret); + return ret; } static int linebuffer_write(BIO *b, const char *in, int inl) @@ -107,10 +113,10 @@ static int linebuffer_write(BIO *b, const char *in, int inl) BIO_LINEBUFFER_CTX *ctx; if ((in == NULL) || (inl <= 0)) - return (0); + return 0; ctx = (BIO_LINEBUFFER_CTX *)b->ptr; if ((ctx == NULL) || (b->next_bio == NULL)) - return (0); + return 0; BIO_clear_retry_flags(b); @@ -157,7 +163,7 @@ static int linebuffer_write(BIO *b, const char *in, int inl) if (i < 0) return ((num > 0) ? num : i); if (i == 0) - return (num); + return num; } if (i < ctx->obuf_len) memmove(ctx->obuf, ctx->obuf + i, ctx->obuf_len - i); @@ -175,7 +181,7 @@ static int linebuffer_write(BIO *b, const char *in, int inl) if (i < 0) return ((num > 0) ? num : i); if (i == 0) - return (num); + return num; } num += i; in += i; @@ -211,7 +217,7 @@ static long linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr) case BIO_CTRL_RESET: ctx->obuf_len = 0; if (b->next_bio == NULL) - return (0); + return 0; ret = BIO_ctrl(b->next_bio, cmd, num, ptr); break; case BIO_CTRL_INFO: @@ -221,7 +227,7 @@ static long linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr) ret = (long)ctx->obuf_len; if (ret == 0) { if (b->next_bio == NULL) - return (0); + return 0; ret = BIO_ctrl(b->next_bio, cmd, num, ptr); } break; @@ -245,7 +251,7 @@ static long linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr) break; case BIO_C_DO_STATE_MACHINE: if (b->next_bio == NULL) - return (0); + return 0; BIO_clear_retry_flags(b); ret = BIO_ctrl(b->next_bio, cmd, num, ptr); BIO_copy_next_retry(b); @@ -253,7 +259,7 @@ static long linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr) case BIO_CTRL_FLUSH: if (b->next_bio == NULL) - return (0); + return 0; if (ctx->obuf_len <= 0) { ret = BIO_ctrl(b->next_bio, cmd, num, ptr); break; @@ -265,7 +271,7 @@ static long linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr) r = BIO_write(b->next_bio, ctx->obuf, ctx->obuf_len); BIO_copy_next_retry(b); if (r <= 0) - return ((long)r); + return (long)r; if (r < ctx->obuf_len) memmove(ctx->obuf, ctx->obuf + r, ctx->obuf_len - r); ctx->obuf_len -= r; @@ -283,14 +289,14 @@ static long linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr) break; default: if (b->next_bio == NULL) - return (0); + return 0; ret = BIO_ctrl(b->next_bio, cmd, num, ptr); break; } - return (ret); + return ret; malloc_error: BIOerr(BIO_F_LINEBUFFER_CTRL, ERR_R_MALLOC_FAILURE); - return (0); + return 0; } static long linebuffer_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) @@ -298,23 +304,23 @@ static long linebuffer_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) long ret = 1; if (b->next_bio == NULL) - return (0); + return 0; switch (cmd) { default: ret = BIO_callback_ctrl(b->next_bio, cmd, fp); break; } - return (ret); + return ret; } static int linebuffer_gets(BIO *b, char *buf, int size) { if (b->next_bio == NULL) - return (0); - return (BIO_gets(b->next_bio, buf, size)); + return 0; + return BIO_gets(b->next_bio, buf, size); } static int linebuffer_puts(BIO *b, const char *str) { - return (linebuffer_write(b, str, strlen(str))); + return linebuffer_write(b, str, strlen(str)); } diff --git a/deps/openssl/openssl/crypto/bio/bf_nbio.c b/deps/openssl/openssl/crypto/bio/bf_nbio.c index 3328506dbc38a3..4bc84eeba659c4 100644 --- a/deps/openssl/openssl/crypto/bio/bf_nbio.c +++ b/deps/openssl/openssl/crypto/bio/bf_nbio.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -34,7 +34,11 @@ typedef struct nbio_test_st { static const BIO_METHOD methods_nbiof = { BIO_TYPE_NBIO_TEST, "non-blocking IO test filter", + /* TODO: Convert to new style write function */ + bwrite_conv, nbiof_write, + /* TODO: Convert to new style read function */ + bread_conv, nbiof_read, nbiof_puts, nbiof_gets, @@ -46,31 +50,33 @@ static const BIO_METHOD methods_nbiof = { const BIO_METHOD *BIO_f_nbio_test(void) { - return (&methods_nbiof); + return &methods_nbiof; } static int nbiof_new(BIO *bi) { NBIO_TEST *nt; - if ((nt = OPENSSL_zalloc(sizeof(*nt))) == NULL) - return (0); + if ((nt = OPENSSL_zalloc(sizeof(*nt))) == NULL) { + BIOerr(BIO_F_NBIOF_NEW, ERR_R_MALLOC_FAILURE); + return 0; + } nt->lrn = -1; nt->lwn = -1; bi->ptr = (char *)nt; bi->init = 1; - return (1); + return 1; } static int nbiof_free(BIO *a) { if (a == NULL) - return (0); + return 0; OPENSSL_free(a->ptr); a->ptr = NULL; a->init = 0; a->flags = 0; - return (1); + return 1; } static int nbiof_read(BIO *b, char *out, int outl) @@ -80,12 +86,12 @@ static int nbiof_read(BIO *b, char *out, int outl) unsigned char n; if (out == NULL) - return (0); + return 0; if (b->next_bio == NULL) - return (0); + return 0; BIO_clear_retry_flags(b); - if (RAND_bytes(&n, 1) <= 0) + if (RAND_priv_bytes(&n, 1) <= 0) return -1; num = (n & 0x07); @@ -100,7 +106,7 @@ static int nbiof_read(BIO *b, char *out, int outl) if (ret < 0) BIO_copy_next_retry(b); } - return (ret); + return ret; } static int nbiof_write(BIO *b, const char *in, int inl) @@ -111,9 +117,9 @@ static int nbiof_write(BIO *b, const char *in, int inl) unsigned char n; if ((in == NULL) || (inl <= 0)) - return (0); + return 0; if (b->next_bio == NULL) - return (0); + return 0; nt = (NBIO_TEST *)b->ptr; BIO_clear_retry_flags(b); @@ -122,7 +128,7 @@ static int nbiof_write(BIO *b, const char *in, int inl) num = nt->lwn; nt->lwn = 0; } else { - if (RAND_bytes(&n, 1) <= 0) + if (RAND_priv_bytes(&n, 1) <= 0) return -1; num = (n & 7); } @@ -140,7 +146,7 @@ static int nbiof_write(BIO *b, const char *in, int inl) nt->lwn = inl; } } - return (ret); + return ret; } static long nbiof_ctrl(BIO *b, int cmd, long num, void *ptr) @@ -148,7 +154,7 @@ static long nbiof_ctrl(BIO *b, int cmd, long num, void *ptr) long ret; if (b->next_bio == NULL) - return (0); + return 0; switch (cmd) { case BIO_C_DO_STATE_MACHINE: BIO_clear_retry_flags(b); @@ -162,7 +168,7 @@ static long nbiof_ctrl(BIO *b, int cmd, long num, void *ptr) ret = BIO_ctrl(b->next_bio, cmd, num, ptr); break; } - return (ret); + return ret; } static long nbiof_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) @@ -170,25 +176,25 @@ static long nbiof_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) long ret = 1; if (b->next_bio == NULL) - return (0); + return 0; switch (cmd) { default: ret = BIO_callback_ctrl(b->next_bio, cmd, fp); break; } - return (ret); + return ret; } static int nbiof_gets(BIO *bp, char *buf, int size) { if (bp->next_bio == NULL) - return (0); - return (BIO_gets(bp->next_bio, buf, size)); + return 0; + return BIO_gets(bp->next_bio, buf, size); } static int nbiof_puts(BIO *bp, const char *str) { if (bp->next_bio == NULL) - return (0); - return (BIO_puts(bp->next_bio, str)); + return 0; + return BIO_puts(bp->next_bio, str); } diff --git a/deps/openssl/openssl/crypto/bio/bf_null.c b/deps/openssl/openssl/crypto/bio/bf_null.c index 6b86aa550b2da3..613fb2e0583dd1 100644 --- a/deps/openssl/openssl/crypto/bio/bf_null.c +++ b/deps/openssl/openssl/crypto/bio/bf_null.c @@ -25,7 +25,11 @@ static long nullf_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); static const BIO_METHOD methods_nullf = { BIO_TYPE_NULL_FILTER, "NULL filter", + /* TODO: Convert to new style write function */ + bwrite_conv, nullf_write, + /* TODO: Convert to new style read function */ + bread_conv, nullf_read, nullf_puts, nullf_gets, @@ -37,7 +41,7 @@ static const BIO_METHOD methods_nullf = { const BIO_METHOD *BIO_f_null(void) { - return (&methods_nullf); + return &methods_nullf; } static int nullf_read(BIO *b, char *out, int outl) @@ -45,13 +49,13 @@ static int nullf_read(BIO *b, char *out, int outl) int ret = 0; if (out == NULL) - return (0); + return 0; if (b->next_bio == NULL) - return (0); + return 0; ret = BIO_read(b->next_bio, out, outl); BIO_clear_retry_flags(b); BIO_copy_next_retry(b); - return (ret); + return ret; } static int nullf_write(BIO *b, const char *in, int inl) @@ -59,13 +63,13 @@ static int nullf_write(BIO *b, const char *in, int inl) int ret = 0; if ((in == NULL) || (inl <= 0)) - return (0); + return 0; if (b->next_bio == NULL) - return (0); + return 0; ret = BIO_write(b->next_bio, in, inl); BIO_clear_retry_flags(b); BIO_copy_next_retry(b); - return (ret); + return ret; } static long nullf_ctrl(BIO *b, int cmd, long num, void *ptr) @@ -73,7 +77,7 @@ static long nullf_ctrl(BIO *b, int cmd, long num, void *ptr) long ret; if (b->next_bio == NULL) - return (0); + return 0; switch (cmd) { case BIO_C_DO_STATE_MACHINE: BIO_clear_retry_flags(b); @@ -86,7 +90,7 @@ static long nullf_ctrl(BIO *b, int cmd, long num, void *ptr) default: ret = BIO_ctrl(b->next_bio, cmd, num, ptr); } - return (ret); + return ret; } static long nullf_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) @@ -94,25 +98,25 @@ static long nullf_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) long ret = 1; if (b->next_bio == NULL) - return (0); + return 0; switch (cmd) { default: ret = BIO_callback_ctrl(b->next_bio, cmd, fp); break; } - return (ret); + return ret; } static int nullf_gets(BIO *bp, char *buf, int size) { if (bp->next_bio == NULL) - return (0); - return (BIO_gets(bp->next_bio, buf, size)); + return 0; + return BIO_gets(bp->next_bio, buf, size); } static int nullf_puts(BIO *bp, const char *str) { if (bp->next_bio == NULL) - return (0); - return (BIO_puts(bp->next_bio, str)); + return 0; + return BIO_puts(bp->next_bio, str); } diff --git a/deps/openssl/openssl/crypto/bio/bio_cb.c b/deps/openssl/openssl/crypto/bio/bio_cb.c index 412387b6b284d5..1154c233afd8d3 100644 --- a/deps/openssl/openssl/crypto/bio/bio_cb.c +++ b/deps/openssl/openssl/crypto/bio/bio_cb.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -21,8 +21,7 @@ long BIO_debug_callback(BIO *bio, int cmd, const char *argp, char buf[256]; char *p; long r = 1; - int len; - size_t p_maxlen; + int len, left; if (BIO_CB_RETURN & cmd) r = ret; @@ -33,58 +32,58 @@ long BIO_debug_callback(BIO *bio, int cmd, const char *argp, if (len < 0) len = 0; p = buf + len; - p_maxlen = sizeof(buf) - len; + left = sizeof(buf) - len; switch (cmd) { case BIO_CB_FREE: - BIO_snprintf(p, p_maxlen, "Free - %s\n", bio->method->name); + BIO_snprintf(p, left, "Free - %s\n", bio->method->name); break; case BIO_CB_READ: if (bio->method->type & BIO_TYPE_DESCRIPTOR) - BIO_snprintf(p, p_maxlen, "read(%d,%lu) - %s fd=%d\n", + BIO_snprintf(p, left, "read(%d,%lu) - %s fd=%d\n", bio->num, (unsigned long)argi, bio->method->name, bio->num); else - BIO_snprintf(p, p_maxlen, "read(%d,%lu) - %s\n", - bio->num, (unsigned long)argi, bio->method->name); + BIO_snprintf(p, left, "read(%d,%lu) - %s\n", + bio->num, (unsigned long)argi, bio->method->name); break; case BIO_CB_WRITE: if (bio->method->type & BIO_TYPE_DESCRIPTOR) - BIO_snprintf(p, p_maxlen, "write(%d,%lu) - %s fd=%d\n", + BIO_snprintf(p, left, "write(%d,%lu) - %s fd=%d\n", bio->num, (unsigned long)argi, bio->method->name, bio->num); else - BIO_snprintf(p, p_maxlen, "write(%d,%lu) - %s\n", + BIO_snprintf(p, left, "write(%d,%lu) - %s\n", bio->num, (unsigned long)argi, bio->method->name); break; case BIO_CB_PUTS: - BIO_snprintf(p, p_maxlen, "puts() - %s\n", bio->method->name); + BIO_snprintf(p, left, "puts() - %s\n", bio->method->name); break; case BIO_CB_GETS: - BIO_snprintf(p, p_maxlen, "gets(%lu) - %s\n", (unsigned long)argi, + BIO_snprintf(p, left, "gets(%lu) - %s\n", (unsigned long)argi, bio->method->name); break; case BIO_CB_CTRL: - BIO_snprintf(p, p_maxlen, "ctrl(%lu) - %s\n", (unsigned long)argi, + BIO_snprintf(p, left, "ctrl(%lu) - %s\n", (unsigned long)argi, bio->method->name); break; case BIO_CB_RETURN | BIO_CB_READ: - BIO_snprintf(p, p_maxlen, "read return %ld\n", ret); + BIO_snprintf(p, left, "read return %ld\n", ret); break; case BIO_CB_RETURN | BIO_CB_WRITE: - BIO_snprintf(p, p_maxlen, "write return %ld\n", ret); + BIO_snprintf(p, left, "write return %ld\n", ret); break; case BIO_CB_RETURN | BIO_CB_GETS: - BIO_snprintf(p, p_maxlen, "gets return %ld\n", ret); + BIO_snprintf(p, left, "gets return %ld\n", ret); break; case BIO_CB_RETURN | BIO_CB_PUTS: - BIO_snprintf(p, p_maxlen, "puts return %ld\n", ret); + BIO_snprintf(p, left, "puts return %ld\n", ret); break; case BIO_CB_RETURN | BIO_CB_CTRL: - BIO_snprintf(p, p_maxlen, "ctrl return %ld\n", ret); + BIO_snprintf(p, left, "ctrl return %ld\n", ret); break; default: - BIO_snprintf(p, p_maxlen, "bio callback - unknown type (%d)\n", cmd); + BIO_snprintf(p, left, "bio callback - unknown type (%d)\n", cmd); break; } @@ -95,5 +94,5 @@ long BIO_debug_callback(BIO *bio, int cmd, const char *argp, else fputs(buf, stderr); #endif - return (r); + return r; } diff --git a/deps/openssl/openssl/crypto/bio/bio_err.c b/deps/openssl/openssl/crypto/bio/bio_err.c index c914dcffddd8d7..7aa9dabb29154c 100644 --- a/deps/openssl/openssl/crypto/bio/bio_err.c +++ b/deps/openssl/openssl/crypto/bio/bio_err.c @@ -8,106 +8,126 @@ * https://www.openssl.org/source/license.html */ -#include #include -#include +#include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -# define ERR_FUNC(func) ERR_PACK(ERR_LIB_BIO,func,0) -# define ERR_REASON(reason) ERR_PACK(ERR_LIB_BIO,0,reason) - -static ERR_STRING_DATA BIO_str_functs[] = { - {ERR_FUNC(BIO_F_ACPT_STATE), "acpt_state"}, - {ERR_FUNC(BIO_F_ADDR_STRINGS), "addr_strings"}, - {ERR_FUNC(BIO_F_BIO_ACCEPT), "BIO_accept"}, - {ERR_FUNC(BIO_F_BIO_ACCEPT_EX), "BIO_accept_ex"}, - {ERR_FUNC(BIO_F_BIO_ADDR_NEW), "BIO_ADDR_new"}, - {ERR_FUNC(BIO_F_BIO_CALLBACK_CTRL), "BIO_callback_ctrl"}, - {ERR_FUNC(BIO_F_BIO_CONNECT), "BIO_connect"}, - {ERR_FUNC(BIO_F_BIO_CTRL), "BIO_ctrl"}, - {ERR_FUNC(BIO_F_BIO_GETS), "BIO_gets"}, - {ERR_FUNC(BIO_F_BIO_GET_HOST_IP), "BIO_get_host_ip"}, - {ERR_FUNC(BIO_F_BIO_GET_NEW_INDEX), "BIO_get_new_index"}, - {ERR_FUNC(BIO_F_BIO_GET_PORT), "BIO_get_port"}, - {ERR_FUNC(BIO_F_BIO_LISTEN), "BIO_listen"}, - {ERR_FUNC(BIO_F_BIO_LOOKUP), "BIO_lookup"}, - {ERR_FUNC(BIO_F_BIO_MAKE_PAIR), "bio_make_pair"}, - {ERR_FUNC(BIO_F_BIO_METH_NEW), "BIO_meth_new"}, - {ERR_FUNC(BIO_F_BIO_NEW), "BIO_new"}, - {ERR_FUNC(BIO_F_BIO_NEW_FILE), "BIO_new_file"}, - {ERR_FUNC(BIO_F_BIO_NEW_MEM_BUF), "BIO_new_mem_buf"}, - {ERR_FUNC(BIO_F_BIO_NREAD), "BIO_nread"}, - {ERR_FUNC(BIO_F_BIO_NREAD0), "BIO_nread0"}, - {ERR_FUNC(BIO_F_BIO_NWRITE), "BIO_nwrite"}, - {ERR_FUNC(BIO_F_BIO_NWRITE0), "BIO_nwrite0"}, - {ERR_FUNC(BIO_F_BIO_PARSE_HOSTSERV), "BIO_parse_hostserv"}, - {ERR_FUNC(BIO_F_BIO_PUTS), "BIO_puts"}, - {ERR_FUNC(BIO_F_BIO_READ), "BIO_read"}, - {ERR_FUNC(BIO_F_BIO_SOCKET), "BIO_socket"}, - {ERR_FUNC(BIO_F_BIO_SOCKET_NBIO), "BIO_socket_nbio"}, - {ERR_FUNC(BIO_F_BIO_SOCK_INFO), "BIO_sock_info"}, - {ERR_FUNC(BIO_F_BIO_SOCK_INIT), "BIO_sock_init"}, - {ERR_FUNC(BIO_F_BIO_WRITE), "BIO_write"}, - {ERR_FUNC(BIO_F_BUFFER_CTRL), "buffer_ctrl"}, - {ERR_FUNC(BIO_F_CONN_CTRL), "conn_ctrl"}, - {ERR_FUNC(BIO_F_CONN_STATE), "conn_state"}, - {ERR_FUNC(BIO_F_DGRAM_SCTP_READ), "dgram_sctp_read"}, - {ERR_FUNC(BIO_F_DGRAM_SCTP_WRITE), "dgram_sctp_write"}, - {ERR_FUNC(BIO_F_FILE_CTRL), "file_ctrl"}, - {ERR_FUNC(BIO_F_FILE_READ), "file_read"}, - {ERR_FUNC(BIO_F_LINEBUFFER_CTRL), "linebuffer_ctrl"}, - {ERR_FUNC(BIO_F_MEM_WRITE), "mem_write"}, - {ERR_FUNC(BIO_F_SSL_NEW), "SSL_new"}, +static const ERR_STRING_DATA BIO_str_functs[] = { + {ERR_PACK(ERR_LIB_BIO, BIO_F_ACPT_STATE, 0), "acpt_state"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_ADDRINFO_WRAP, 0), "addrinfo_wrap"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_ADDR_STRINGS, 0), "addr_strings"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_ACCEPT, 0), "BIO_accept"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_ACCEPT_EX, 0), "BIO_accept_ex"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_ACCEPT_NEW, 0), "BIO_ACCEPT_new"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_ADDR_NEW, 0), "BIO_ADDR_new"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_BIND, 0), "BIO_bind"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_CALLBACK_CTRL, 0), "BIO_callback_ctrl"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_CONNECT, 0), "BIO_connect"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_CONNECT_NEW, 0), "BIO_CONNECT_new"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_CTRL, 0), "BIO_ctrl"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_GETS, 0), "BIO_gets"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_GET_HOST_IP, 0), "BIO_get_host_ip"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_GET_NEW_INDEX, 0), "BIO_get_new_index"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_GET_PORT, 0), "BIO_get_port"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_LISTEN, 0), "BIO_listen"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_LOOKUP, 0), "BIO_lookup"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_LOOKUP_EX, 0), "BIO_lookup_ex"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_MAKE_PAIR, 0), "bio_make_pair"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_METH_NEW, 0), "BIO_meth_new"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NEW, 0), "BIO_new"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NEW_DGRAM_SCTP, 0), "BIO_new_dgram_sctp"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NEW_FILE, 0), "BIO_new_file"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NEW_MEM_BUF, 0), "BIO_new_mem_buf"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NREAD, 0), "BIO_nread"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NREAD0, 0), "BIO_nread0"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NWRITE, 0), "BIO_nwrite"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NWRITE0, 0), "BIO_nwrite0"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_PARSE_HOSTSERV, 0), "BIO_parse_hostserv"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_PUTS, 0), "BIO_puts"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_READ, 0), "BIO_read"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_READ_EX, 0), "BIO_read_ex"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_READ_INTERN, 0), "bio_read_intern"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_SOCKET, 0), "BIO_socket"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_SOCKET_NBIO, 0), "BIO_socket_nbio"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_SOCK_INFO, 0), "BIO_sock_info"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_SOCK_INIT, 0), "BIO_sock_init"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_WRITE, 0), "BIO_write"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_WRITE_EX, 0), "BIO_write_ex"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_WRITE_INTERN, 0), "bio_write_intern"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_BUFFER_CTRL, 0), "buffer_ctrl"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_CONN_CTRL, 0), "conn_ctrl"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_CONN_STATE, 0), "conn_state"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_DGRAM_SCTP_NEW, 0), "dgram_sctp_new"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_DGRAM_SCTP_READ, 0), "dgram_sctp_read"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_DGRAM_SCTP_WRITE, 0), "dgram_sctp_write"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_DOAPR_OUTCH, 0), "doapr_outch"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_FILE_CTRL, 0), "file_ctrl"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_FILE_READ, 0), "file_read"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_LINEBUFFER_CTRL, 0), "linebuffer_ctrl"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_LINEBUFFER_NEW, 0), "linebuffer_new"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_MEM_WRITE, 0), "mem_write"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_NBIOF_NEW, 0), "nbiof_new"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_SLG_WRITE, 0), "slg_write"}, + {ERR_PACK(ERR_LIB_BIO, BIO_F_SSL_NEW, 0), "SSL_new"}, {0, NULL} }; -static ERR_STRING_DATA BIO_str_reasons[] = { - {ERR_REASON(BIO_R_ACCEPT_ERROR), "accept error"}, - {ERR_REASON(BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET), - "addrinfo addr is not af inet"}, - {ERR_REASON(BIO_R_AMBIGUOUS_HOST_OR_SERVICE), - "ambiguous host or service"}, - {ERR_REASON(BIO_R_BAD_FOPEN_MODE), "bad fopen mode"}, - {ERR_REASON(BIO_R_BROKEN_PIPE), "broken pipe"}, - {ERR_REASON(BIO_R_CONNECT_ERROR), "connect error"}, - {ERR_REASON(BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET), - "gethostbyname addr is not af inet"}, - {ERR_REASON(BIO_R_GETSOCKNAME_ERROR), "getsockname error"}, - {ERR_REASON(BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS), - "getsockname truncated address"}, - {ERR_REASON(BIO_R_GETTING_SOCKTYPE), "getting socktype"}, - {ERR_REASON(BIO_R_INVALID_ARGUMENT), "invalid argument"}, - {ERR_REASON(BIO_R_INVALID_SOCKET), "invalid socket"}, - {ERR_REASON(BIO_R_IN_USE), "in use"}, - {ERR_REASON(BIO_R_LISTEN_V6_ONLY), "listen v6 only"}, - {ERR_REASON(BIO_R_LOOKUP_RETURNED_NOTHING), "lookup returned nothing"}, - {ERR_REASON(BIO_R_MALFORMED_HOST_OR_SERVICE), - "malformed host or service"}, - {ERR_REASON(BIO_R_NBIO_CONNECT_ERROR), "nbio connect error"}, - {ERR_REASON(BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED), - "no accept addr or service specified"}, - {ERR_REASON(BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED), - "no hostname or service specified"}, - {ERR_REASON(BIO_R_NO_PORT_DEFINED), "no port defined"}, - {ERR_REASON(BIO_R_NO_SUCH_FILE), "no such file"}, - {ERR_REASON(BIO_R_NULL_PARAMETER), "null parameter"}, - {ERR_REASON(BIO_R_UNABLE_TO_BIND_SOCKET), "unable to bind socket"}, - {ERR_REASON(BIO_R_UNABLE_TO_CREATE_SOCKET), "unable to create socket"}, - {ERR_REASON(BIO_R_UNABLE_TO_KEEPALIVE), "unable to keepalive"}, - {ERR_REASON(BIO_R_UNABLE_TO_LISTEN_SOCKET), "unable to listen socket"}, - {ERR_REASON(BIO_R_UNABLE_TO_NODELAY), "unable to nodelay"}, - {ERR_REASON(BIO_R_UNABLE_TO_REUSEADDR), "unable to reuseaddr"}, - {ERR_REASON(BIO_R_UNAVAILABLE_IP_FAMILY), "unavailable ip family"}, - {ERR_REASON(BIO_R_UNINITIALIZED), "uninitialized"}, - {ERR_REASON(BIO_R_UNKNOWN_INFO_TYPE), "unknown info type"}, - {ERR_REASON(BIO_R_UNSUPPORTED_IP_FAMILY), "unsupported ip family"}, - {ERR_REASON(BIO_R_UNSUPPORTED_METHOD), "unsupported method"}, - {ERR_REASON(BIO_R_UNSUPPORTED_PROTOCOL_FAMILY), - "unsupported protocol family"}, - {ERR_REASON(BIO_R_WRITE_TO_READ_ONLY_BIO), "write to read only BIO"}, - {ERR_REASON(BIO_R_WSASTARTUP), "WSAStartup"}, +static const ERR_STRING_DATA BIO_str_reasons[] = { + {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_ACCEPT_ERROR), "accept error"}, + {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET), + "addrinfo addr is not af inet"}, + {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_AMBIGUOUS_HOST_OR_SERVICE), + "ambiguous host or service"}, + {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_BAD_FOPEN_MODE), "bad fopen mode"}, + {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_BROKEN_PIPE), "broken pipe"}, + {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_CONNECT_ERROR), "connect error"}, + {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET), + "gethostbyname addr is not af inet"}, + {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_GETSOCKNAME_ERROR), "getsockname error"}, + {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS), + "getsockname truncated address"}, + {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_GETTING_SOCKTYPE), "getting socktype"}, + {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_INVALID_ARGUMENT), "invalid argument"}, + {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_INVALID_SOCKET), "invalid socket"}, + {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_IN_USE), "in use"}, + {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_LENGTH_TOO_LONG), "length too long"}, + {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_LISTEN_V6_ONLY), "listen v6 only"}, + {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_LOOKUP_RETURNED_NOTHING), + "lookup returned nothing"}, + {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_MALFORMED_HOST_OR_SERVICE), + "malformed host or service"}, + {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NBIO_CONNECT_ERROR), "nbio connect error"}, + {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED), + "no accept addr or service specified"}, + {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED), + "no hostname or service specified"}, + {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NO_PORT_DEFINED), "no port defined"}, + {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NO_SUCH_FILE), "no such file"}, + {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NULL_PARAMETER), "null parameter"}, + {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_BIND_SOCKET), + "unable to bind socket"}, + {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_CREATE_SOCKET), + "unable to create socket"}, + {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_KEEPALIVE), + "unable to keepalive"}, + {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_LISTEN_SOCKET), + "unable to listen socket"}, + {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_NODELAY), "unable to nodelay"}, + {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_REUSEADDR), + "unable to reuseaddr"}, + {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNAVAILABLE_IP_FAMILY), + "unavailable ip family"}, + {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNINITIALIZED), "uninitialized"}, + {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNKNOWN_INFO_TYPE), "unknown info type"}, + {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNSUPPORTED_IP_FAMILY), + "unsupported ip family"}, + {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNSUPPORTED_METHOD), "unsupported method"}, + {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNSUPPORTED_PROTOCOL_FAMILY), + "unsupported protocol family"}, + {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_WRITE_TO_READ_ONLY_BIO), + "write to read only BIO"}, + {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_WSASTARTUP), "WSAStartup"}, {0, NULL} }; @@ -116,10 +136,9 @@ static ERR_STRING_DATA BIO_str_reasons[] = { int ERR_load_BIO_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(BIO_str_functs[0].error) == NULL) { - ERR_load_strings(0, BIO_str_functs); - ERR_load_strings(0, BIO_str_reasons); + ERR_load_strings_const(BIO_str_functs); + ERR_load_strings_const(BIO_str_reasons); } #endif return 1; diff --git a/deps/openssl/openssl/crypto/bio/bio_lcl.h b/deps/openssl/openssl/crypto/bio/bio_lcl.h index 39178cf50a2498..e2c05a20de6cbc 100644 --- a/deps/openssl/openssl/crypto/bio/bio_lcl.h +++ b/deps/openssl/openssl/crypto/bio/bio_lcl.h @@ -7,8 +7,9 @@ * https://www.openssl.org/source/license.html */ -#define USE_SOCKETS #include "e_os.h" +#include "internal/sockets.h" +#include "internal/refcount.h" /* BEGIN BIO_ADDRINFO/BIO_ADDR stuff. */ @@ -86,7 +87,7 @@ union bio_addr_st { /* END BIO_ADDRINFO/BIO_ADDR stuff. */ #include "internal/cryptlib.h" -#include +#include "internal/bio.h" typedef struct bio_f_buffer_ctx_struct { /*- @@ -114,7 +115,8 @@ typedef struct bio_f_buffer_ctx_struct { struct bio_st { const BIO_METHOD *method; /* bio, mode, argp, argi, argl, ret */ - long (*callback) (struct bio_st *, int, const char *, int, long, long); + BIO_callback_fn callback; + BIO_callback_fn_ex callback_ex; char *cb_arg; /* first argument for the callback */ int init; int shutdown; @@ -124,7 +126,7 @@ struct bio_st { void *ptr; struct bio_st *next_bio; /* used by filter BIOs */ struct bio_st *prev_bio; /* used by filter BIOs */ - int references; + CRYPTO_REF_COUNT references; uint64_t num_read; uint64_t num_write; CRYPTO_EX_DATA ex_data; diff --git a/deps/openssl/openssl/crypto/bio/bio_lib.c b/deps/openssl/openssl/crypto/bio/bio_lib.c index 7b98dc931efc8f..ca375b911ae8b5 100644 --- a/deps/openssl/openssl/crypto/bio/bio_lib.c +++ b/deps/openssl/openssl/crypto/bio/bio_lib.c @@ -13,13 +13,68 @@ #include "bio_lcl.h" #include "internal/cryptlib.h" + +/* + * Helper macro for the callback to determine whether an operator expects a + * len parameter or not + */ +#define HAS_LEN_OPER(o) ((o) == BIO_CB_READ || (o) == BIO_CB_WRITE || \ + (o) == BIO_CB_GETS) + +/* + * Helper function to work out whether to call the new style callback or the old + * one, and translate between the two. + * + * This has a long return type for consistency with the old callback. Similarly + * for the "long" used for "inret" + */ +static long bio_call_callback(BIO *b, int oper, const char *argp, size_t len, + int argi, long argl, long inret, size_t *processed) +{ + long ret; + int bareoper; + + if (b->callback_ex != NULL) + return b->callback_ex(b, oper, argp, len, argi, argl, inret, processed); + + /* Strip off any BIO_CB_RETURN flag */ + bareoper = oper & ~BIO_CB_RETURN; + + /* + * We have an old style callback, so we will have to do nasty casts and + * check for overflows. + */ + if (HAS_LEN_OPER(bareoper)) { + /* In this case |len| is set, and should be used instead of |argi| */ + if (len > INT_MAX) + return -1; + + argi = (int)len; + } + + if (inret > 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) { + if (*processed > INT_MAX) + return -1; + inret = *processed; + } + + ret = b->callback(b, oper, argp, argi, argl, inret); + + if (ret > 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) { + *processed = (size_t)ret; + ret = 1; + } + + return ret; +} + BIO *BIO_new(const BIO_METHOD *method) { BIO *bio = OPENSSL_zalloc(sizeof(*bio)); if (bio == NULL) { BIOerr(BIO_F_BIO_NEW, ERR_R_MALLOC_FAILURE); - return (NULL); + return NULL; } bio->method = method; @@ -54,21 +109,24 @@ BIO *BIO_new(const BIO_METHOD *method) int BIO_free(BIO *a) { - int i; + int ret; if (a == NULL) return 0; - if (CRYPTO_atomic_add(&a->references, -1, &i, a->lock) <= 0) + if (CRYPTO_DOWN_REF(&a->references, &ret, a->lock) <= 0) return 0; REF_PRINT_COUNT("BIO", a); - if (i > 0) + if (ret > 0) return 1; - REF_ASSERT_ISNT(i < 0); - if ((a->callback != NULL) && - ((i = (int)a->callback(a, BIO_CB_FREE, NULL, 0, 0L, 1L)) <= 0)) - return i; + REF_ASSERT_ISNT(ret < 0); + + if (a->callback != NULL || a->callback_ex != NULL) { + ret = (int)bio_call_callback(a, BIO_CB_FREE, NULL, 0, 0, 0L, 1L, NULL); + if (ret <= 0) + return ret; + } if ((a->method != NULL) && (a->method->destroy != NULL)) a->method->destroy(a); @@ -121,7 +179,7 @@ int BIO_up_ref(BIO *a) { int i; - if (CRYPTO_atomic_add(&a->references, 1, &i, a->lock) <= 0) + if (CRYPTO_UP_REF(&a->references, &i, a->lock) <= 0) return 0; REF_PRINT_COUNT("BIO", a); @@ -144,18 +202,26 @@ void BIO_set_flags(BIO *b, int flags) b->flags |= flags; } -long (*BIO_get_callback(const BIO *b)) (struct bio_st *, int, const char *, - int, long, long) { +BIO_callback_fn BIO_get_callback(const BIO *b) +{ return b->callback; } -void BIO_set_callback(BIO *b, - long (*cb) (struct bio_st *, int, const char *, int, - long, long)) +void BIO_set_callback(BIO *b, BIO_callback_fn cb) { b->callback = cb; } +BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b) +{ + return b->callback_ex; +} + +void BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex cb) +{ + b->callback_ex = cb; +} + void BIO_set_callback_arg(BIO *b, char *arg) { b->cb_arg = arg; @@ -176,124 +242,239 @@ int BIO_method_type(const BIO *b) return b->method->type; } -int BIO_read(BIO *b, void *out, int outl) +/* + * This is essentially the same as BIO_read_ex() except that it allows + * 0 or a negative value to indicate failure (retryable or not) in the return. + * This is for compatibility with the old style BIO_read(), where existing code + * may make assumptions about the return value that it might get. + */ +static int bio_read_intern(BIO *b, void *data, size_t dlen, size_t *readbytes) { - int i; - long (*cb) (BIO *, int, const char *, int, long, long); + int ret; if ((b == NULL) || (b->method == NULL) || (b->method->bread == NULL)) { - BIOerr(BIO_F_BIO_READ, BIO_R_UNSUPPORTED_METHOD); - return (-2); + BIOerr(BIO_F_BIO_READ_INTERN, BIO_R_UNSUPPORTED_METHOD); + return -2; } - cb = b->callback; - if ((cb != NULL) && - ((i = (int)cb(b, BIO_CB_READ, out, outl, 0L, 1L)) <= 0)) - return (i); + if ((b->callback != NULL || b->callback_ex != NULL) && + ((ret = (int)bio_call_callback(b, BIO_CB_READ, data, dlen, 0, 0L, 1L, + NULL)) <= 0)) + return ret; if (!b->init) { - BIOerr(BIO_F_BIO_READ, BIO_R_UNINITIALIZED); - return (-2); + BIOerr(BIO_F_BIO_READ_INTERN, BIO_R_UNINITIALIZED); + return -2; + } + + ret = b->method->bread(b, data, dlen, readbytes); + + if (ret > 0) + b->num_read += (uint64_t)*readbytes; + + if (b->callback != NULL || b->callback_ex != NULL) + ret = (int)bio_call_callback(b, BIO_CB_READ | BIO_CB_RETURN, data, + dlen, 0, 0L, ret, readbytes); + + /* Shouldn't happen */ + if (ret > 0 && *readbytes > dlen) { + BIOerr(BIO_F_BIO_READ_INTERN, ERR_R_INTERNAL_ERROR); + return -1; } - i = b->method->bread(b, out, outl); + return ret; +} + +int BIO_read(BIO *b, void *data, int dlen) +{ + size_t readbytes; + int ret; + + if (dlen < 0) + return 0; - if (i > 0) - b->num_read += (uint64_t)i; + ret = bio_read_intern(b, data, (size_t)dlen, &readbytes); - if (cb != NULL) - i = (int)cb(b, BIO_CB_READ | BIO_CB_RETURN, out, outl, 0L, (long)i); - return (i); + if (ret > 0) { + /* *readbytes should always be <= dlen */ + ret = (int)readbytes; + } + + return ret; } -int BIO_write(BIO *b, const void *in, int inl) +int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes) { - int i; - long (*cb) (BIO *, int, const char *, int, long, long); + int ret; + + ret = bio_read_intern(b, data, dlen, readbytes); + + if (ret > 0) + ret = 1; + else + ret = 0; + + return ret; +} + +static int bio_write_intern(BIO *b, const void *data, size_t dlen, + size_t *written) +{ + int ret; if (b == NULL) - return (0); + return 0; - cb = b->callback; if ((b->method == NULL) || (b->method->bwrite == NULL)) { - BIOerr(BIO_F_BIO_WRITE, BIO_R_UNSUPPORTED_METHOD); - return (-2); + BIOerr(BIO_F_BIO_WRITE_INTERN, BIO_R_UNSUPPORTED_METHOD); + return -2; } - if ((cb != NULL) && - ((i = (int)cb(b, BIO_CB_WRITE, in, inl, 0L, 1L)) <= 0)) - return (i); + if ((b->callback != NULL || b->callback_ex != NULL) && + ((ret = (int)bio_call_callback(b, BIO_CB_WRITE, data, dlen, 0, 0L, 1L, + NULL)) <= 0)) + return ret; if (!b->init) { - BIOerr(BIO_F_BIO_WRITE, BIO_R_UNINITIALIZED); - return (-2); + BIOerr(BIO_F_BIO_WRITE_INTERN, BIO_R_UNINITIALIZED); + return -2; } - i = b->method->bwrite(b, in, inl); + ret = b->method->bwrite(b, data, dlen, written); + + if (ret > 0) + b->num_write += (uint64_t)*written; - if (i > 0) - b->num_write += (uint64_t)i; + if (b->callback != NULL || b->callback_ex != NULL) + ret = (int)bio_call_callback(b, BIO_CB_WRITE | BIO_CB_RETURN, data, + dlen, 0, 0L, ret, written); - if (cb != NULL) - i = (int)cb(b, BIO_CB_WRITE | BIO_CB_RETURN, in, inl, 0L, (long)i); - return (i); + return ret; } -int BIO_puts(BIO *b, const char *in) +int BIO_write(BIO *b, const void *data, int dlen) { - int i; - long (*cb) (BIO *, int, const char *, int, long, long); + size_t written; + int ret; + + if (dlen < 0) + return 0; + + ret = bio_write_intern(b, data, (size_t)dlen, &written); + + if (ret > 0) { + /* *written should always be <= dlen */ + ret = (int)written; + } + + return ret; +} + +int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written) +{ + int ret; + + ret = bio_write_intern(b, data, dlen, written); + + if (ret > 0) + ret = 1; + else + ret = 0; + + return ret; +} + +int BIO_puts(BIO *b, const char *buf) +{ + int ret; + size_t written = 0; if ((b == NULL) || (b->method == NULL) || (b->method->bputs == NULL)) { BIOerr(BIO_F_BIO_PUTS, BIO_R_UNSUPPORTED_METHOD); - return (-2); + return -2; } - cb = b->callback; - - if ((cb != NULL) && ((i = (int)cb(b, BIO_CB_PUTS, in, 0, 0L, 1L)) <= 0)) - return (i); + if (b->callback != NULL || b->callback_ex != NULL) { + ret = (int)bio_call_callback(b, BIO_CB_PUTS, buf, 0, 0, 0L, 1L, NULL); + if (ret <= 0) + return ret; + } if (!b->init) { BIOerr(BIO_F_BIO_PUTS, BIO_R_UNINITIALIZED); - return (-2); + return -2; + } + + ret = b->method->bputs(b, buf); + + if (ret > 0) { + b->num_write += (uint64_t)ret; + written = ret; + ret = 1; } - i = b->method->bputs(b, in); + if (b->callback != NULL || b->callback_ex != NULL) + ret = (int)bio_call_callback(b, BIO_CB_PUTS | BIO_CB_RETURN, buf, 0, 0, + 0L, ret, &written); - if (i > 0) - b->num_write += (uint64_t)i; + if (ret > 0) { + if (written > INT_MAX) { + BIOerr(BIO_F_BIO_PUTS, BIO_R_LENGTH_TOO_LONG); + ret = -1; + } else { + ret = (int)written; + } + } - if (cb != NULL) - i = (int)cb(b, BIO_CB_PUTS | BIO_CB_RETURN, in, 0, 0L, (long)i); - return (i); + return ret; } -int BIO_gets(BIO *b, char *in, int inl) +int BIO_gets(BIO *b, char *buf, int size) { - int i; - long (*cb) (BIO *, int, const char *, int, long, long); + int ret; + size_t readbytes = 0; if ((b == NULL) || (b->method == NULL) || (b->method->bgets == NULL)) { BIOerr(BIO_F_BIO_GETS, BIO_R_UNSUPPORTED_METHOD); - return (-2); + return -2; } - cb = b->callback; + if (size < 0) { + BIOerr(BIO_F_BIO_GETS, BIO_R_INVALID_ARGUMENT); + return 0; + } - if ((cb != NULL) && ((i = (int)cb(b, BIO_CB_GETS, in, inl, 0L, 1L)) <= 0)) - return (i); + if (b->callback != NULL || b->callback_ex != NULL) { + ret = (int)bio_call_callback(b, BIO_CB_GETS, buf, size, 0, 0L, 1, NULL); + if (ret <= 0) + return ret; + } if (!b->init) { BIOerr(BIO_F_BIO_GETS, BIO_R_UNINITIALIZED); - return (-2); + return -2; + } + + ret = b->method->bgets(b, buf, size); + + if (ret > 0) { + readbytes = ret; + ret = 1; } - i = b->method->bgets(b, in, inl); + if (b->callback != NULL || b->callback_ex != NULL) + ret = (int)bio_call_callback(b, BIO_CB_GETS | BIO_CB_RETURN, buf, size, + 0, 0L, ret, &readbytes); + + if (ret > 0) { + /* Shouldn't happen */ + if (readbytes > (size_t)size) + ret = -1; + else + ret = (int)readbytes; + } - if (cb != NULL) - i = (int)cb(b, BIO_CB_GETS | BIO_CB_RETURN, in, inl, 0L, (long)i); - return (i); + return ret; } int BIO_indent(BIO *b, int indent, int max) @@ -313,7 +494,7 @@ long BIO_int_ctrl(BIO *b, int cmd, long larg, int iarg) int i; i = iarg; - return (BIO_ctrl(b, cmd, larg, (char *)&i)); + return BIO_ctrl(b, cmd, larg, (char *)&i); } void *BIO_ptr_ctrl(BIO *b, int cmd, long larg) @@ -321,61 +502,65 @@ void *BIO_ptr_ctrl(BIO *b, int cmd, long larg) void *p = NULL; if (BIO_ctrl(b, cmd, larg, (char *)&p) <= 0) - return (NULL); + return NULL; else - return (p); + return p; } long BIO_ctrl(BIO *b, int cmd, long larg, void *parg) { long ret; - long (*cb) (BIO *, int, const char *, int, long, long); if (b == NULL) - return (0); + return 0; if ((b->method == NULL) || (b->method->ctrl == NULL)) { BIOerr(BIO_F_BIO_CTRL, BIO_R_UNSUPPORTED_METHOD); - return (-2); + return -2; } - cb = b->callback; - - if ((cb != NULL) && - ((ret = cb(b, BIO_CB_CTRL, parg, cmd, larg, 1L)) <= 0)) - return (ret); + if (b->callback != NULL || b->callback_ex != NULL) { + ret = bio_call_callback(b, BIO_CB_CTRL, parg, 0, cmd, larg, 1L, NULL); + if (ret <= 0) + return ret; + } ret = b->method->ctrl(b, cmd, larg, parg); - if (cb != NULL) - ret = cb(b, BIO_CB_CTRL | BIO_CB_RETURN, parg, cmd, larg, ret); - return (ret); + if (b->callback != NULL || b->callback_ex != NULL) + ret = bio_call_callback(b, BIO_CB_CTRL | BIO_CB_RETURN, parg, 0, cmd, + larg, ret, NULL); + + return ret; } long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) { long ret; - long (*cb) (BIO *, int, const char *, int, long, long); if (b == NULL) - return (0); + return 0; - if ((b->method == NULL) || (b->method->callback_ctrl == NULL)) { + if ((b->method == NULL) || (b->method->callback_ctrl == NULL) + || (cmd != BIO_CTRL_SET_CALLBACK)) { BIOerr(BIO_F_BIO_CALLBACK_CTRL, BIO_R_UNSUPPORTED_METHOD); - return (-2); + return -2; } - cb = b->callback; - - if ((cb != NULL) && - ((ret = cb(b, BIO_CB_CTRL, (void *)&fp, cmd, 0, 1L)) <= 0)) - return (ret); + if (b->callback != NULL || b->callback_ex != NULL) { + ret = bio_call_callback(b, BIO_CB_CTRL, (void *)&fp, 0, cmd, 0, 1L, + NULL); + if (ret <= 0) + return ret; + } ret = b->method->callback_ctrl(b, cmd, fp); - if (cb != NULL) - ret = cb(b, BIO_CB_CTRL | BIO_CB_RETURN, (void *)&fp, cmd, 0, ret); - return (ret); + if (b->callback != NULL || b->callback_ex != NULL) + ret = bio_call_callback(b, BIO_CB_CTRL | BIO_CB_RETURN, (void *)&fp, 0, + cmd, 0, ret, NULL); + + return ret; } /* @@ -399,7 +584,7 @@ BIO *BIO_push(BIO *b, BIO *bio) BIO *lb; if (b == NULL) - return (bio); + return bio; lb = b; while (lb->next_bio != NULL) lb = lb->next_bio; @@ -408,7 +593,7 @@ BIO *BIO_push(BIO *b, BIO *bio) bio->prev_bio = lb; /* called to do internal processing */ BIO_ctrl(b, BIO_CTRL_PUSH, 0, lb); - return (b); + return b; } /* Remove the first and return the rest */ @@ -417,7 +602,7 @@ BIO *BIO_pop(BIO *b) BIO *ret; if (b == NULL) - return (NULL); + return NULL; ret = b->next_bio; BIO_ctrl(b, BIO_CTRL_POP, 0, b); @@ -429,7 +614,7 @@ BIO *BIO_pop(BIO *b) b->next_bio = NULL; b->prev_bio = NULL; - return (ret); + return ret; } BIO *BIO_get_retry_BIO(BIO *bio, int *reason) @@ -447,12 +632,12 @@ BIO *BIO_get_retry_BIO(BIO *bio, int *reason) } if (reason != NULL) *reason = last->retry_reason; - return (last); + return last; } int BIO_get_retry_reason(BIO *bio) { - return (bio->retry_reason); + return bio->retry_reason; } void BIO_set_retry_reason(BIO *bio, int reason) @@ -473,13 +658,13 @@ BIO *BIO_find_type(BIO *bio, int type) if (!mask) { if (mt & type) - return (bio); + return bio; } else if (mt == type) - return (bio); + return bio; } bio = bio->next_bio; } while (bio != NULL); - return (NULL); + return NULL; } BIO *BIO_next(BIO *b) @@ -518,6 +703,7 @@ BIO *BIO_dup_chain(BIO *in) if ((new_bio = BIO_new(bio->method)) == NULL) goto err; new_bio->callback = bio->callback; + new_bio->callback_ex = bio->callback_ex; new_bio->cb_arg = bio->cb_arg; new_bio->init = bio->init; new_bio->shutdown = bio->shutdown; @@ -546,11 +732,11 @@ BIO *BIO_dup_chain(BIO *in) eoc = new_bio; } } - return (ret); + return ret; err: BIO_free_all(ret); - return (NULL); + return NULL; } void BIO_copy_next_retry(BIO *b) @@ -561,12 +747,12 @@ void BIO_copy_next_retry(BIO *b) int BIO_set_ex_data(BIO *bio, int idx, void *data) { - return (CRYPTO_set_ex_data(&(bio->ex_data), idx, data)); + return CRYPTO_set_ex_data(&(bio->ex_data), idx, data); } void *BIO_get_ex_data(BIO *bio, int idx) { - return (CRYPTO_get_ex_data(&(bio->ex_data), idx)); + return CRYPTO_get_ex_data(&(bio->ex_data), idx); } uint64_t BIO_number_read(BIO *bio) diff --git a/deps/openssl/openssl/crypto/bio/bio_meth.c b/deps/openssl/openssl/crypto/bio/bio_meth.c index 63a7cccc827f2f..493ff63a9012b6 100644 --- a/deps/openssl/openssl/crypto/bio/bio_meth.c +++ b/deps/openssl/openssl/crypto/bio/bio_meth.c @@ -8,7 +8,7 @@ */ #include "bio_lcl.h" -#include +#include "internal/thread_once.h" CRYPTO_RWLOCK *bio_type_lock = NULL; static CRYPTO_ONCE bio_type_init = CRYPTO_ONCE_STATIC_INIT; @@ -19,16 +19,16 @@ DEFINE_RUN_ONCE_STATIC(do_bio_type_init) return bio_type_lock != NULL; } -int BIO_get_new_index() +int BIO_get_new_index(void) { - static int bio_count = BIO_TYPE_START; + static CRYPTO_REF_COUNT bio_count = BIO_TYPE_START; int newval; if (!RUN_ONCE(&bio_type_init, do_bio_type_init)) { BIOerr(BIO_F_BIO_GET_NEW_INDEX, ERR_R_MALLOC_FAILURE); return -1; } - if (!CRYPTO_atomic_add(&bio_count, 1, &newval, bio_type_lock)) + if (!CRYPTO_UP_REF(&bio_count, &newval, bio_type_lock)) return -1; return newval; } @@ -56,25 +56,94 @@ void BIO_meth_free(BIO_METHOD *biom) } int (*BIO_meth_get_write(const BIO_METHOD *biom)) (BIO *, const char *, int) +{ + return biom->bwrite_old; +} + +int (*BIO_meth_get_write_ex(const BIO_METHOD *biom)) (BIO *, const char *, size_t, + size_t *) { return biom->bwrite; } +/* Conversion for old style bwrite to new style */ +int bwrite_conv(BIO *bio, const char *data, size_t datal, size_t *written) +{ + int ret; + + if (datal > INT_MAX) + datal = INT_MAX; + + ret = bio->method->bwrite_old(bio, data, (int)datal); + + if (ret <= 0) { + *written = 0; + return ret; + } + + *written = (size_t)ret; + + return 1; +} + int BIO_meth_set_write(BIO_METHOD *biom, int (*bwrite) (BIO *, const char *, int)) { + biom->bwrite_old = bwrite; + biom->bwrite = bwrite_conv; + return 1; +} + +int BIO_meth_set_write_ex(BIO_METHOD *biom, + int (*bwrite) (BIO *, const char *, size_t, size_t *)) +{ + biom->bwrite_old = NULL; biom->bwrite = bwrite; return 1; } int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int) +{ + return biom->bread_old; +} + +int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *) { return biom->bread; } +/* Conversion for old style bread to new style */ +int bread_conv(BIO *bio, char *data, size_t datal, size_t *readbytes) +{ + int ret; + + if (datal > INT_MAX) + datal = INT_MAX; + + ret = bio->method->bread_old(bio, data, (int)datal); + + if (ret <= 0) { + *readbytes = 0; + return ret; + } + + *readbytes = (size_t)ret; + + return 1; +} + int BIO_meth_set_read(BIO_METHOD *biom, int (*bread) (BIO *, char *, int)) { + biom->bread_old = bread; + biom->bread = bread_conv; + return 1; +} + +int BIO_meth_set_read_ex(BIO_METHOD *biom, + int (*bread) (BIO *, char *, size_t, size_t *)) +{ + biom->bread_old = NULL; biom->bread = bread; return 1; } diff --git a/deps/openssl/openssl/crypto/bio/bss_acpt.c b/deps/openssl/openssl/crypto/bio/bss_acpt.c index 21d21c16a979e9..993e5903a04fac 100644 --- a/deps/openssl/openssl/crypto/bio/bss_acpt.c +++ b/deps/openssl/openssl/crypto/bio/bss_acpt.c @@ -54,7 +54,11 @@ static void BIO_ACCEPT_free(BIO_ACCEPT *a); static const BIO_METHOD methods_acceptp = { BIO_TYPE_ACCEPT, "socket accept", + /* TODO: Convert to new style write function */ + bwrite_conv, acpt_write, + /* TODO: Convert to new style read function */ + bread_conv, acpt_read, acpt_puts, NULL, /* connect_gets, */ @@ -66,7 +70,7 @@ static const BIO_METHOD methods_acceptp = { const BIO_METHOD *BIO_s_accept(void) { - return (&methods_acceptp); + return &methods_acceptp; } static int acpt_new(BIO *bi) @@ -77,29 +81,30 @@ static int acpt_new(BIO *bi) bi->num = (int)INVALID_SOCKET; bi->flags = 0; if ((ba = BIO_ACCEPT_new()) == NULL) - return (0); + return 0; bi->ptr = (char *)ba; ba->state = ACPT_S_BEFORE; bi->shutdown = 1; - return (1); + return 1; } static BIO_ACCEPT *BIO_ACCEPT_new(void) { BIO_ACCEPT *ret; - if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) - return (NULL); + if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) { + BIOerr(BIO_F_BIO_ACCEPT_NEW, ERR_R_MALLOC_FAILURE); + return NULL; + } ret->accept_family = BIO_FAMILY_IPANY; ret->accept_sock = (int)INVALID_SOCKET; - return (ret); + return ret; } static void BIO_ACCEPT_free(BIO_ACCEPT *a) { if (a == NULL) return; - OPENSSL_free(a->param_addr); OPENSSL_free(a->param_serv); BIO_ADDRINFO_free(a->addr_first); @@ -129,7 +134,7 @@ static int acpt_free(BIO *a) BIO_ACCEPT *data; if (a == NULL) - return (0); + return 0; data = (BIO_ACCEPT *)a->ptr; if (a->shutdown) { @@ -139,7 +144,7 @@ static int acpt_free(BIO *a) a->flags = 0; a->init = 0; } - return (1); + return 1; } static int acpt_state(BIO *b, BIO_ACCEPT *c) @@ -360,12 +365,12 @@ static int acpt_read(BIO *b, char *out, int outl) while (b->next_bio == NULL) { ret = acpt_state(b, data); if (ret <= 0) - return (ret); + return ret; } ret = BIO_read(b->next_bio, out, outl); BIO_copy_next_retry(b); - return (ret); + return ret; } static int acpt_write(BIO *b, const char *in, int inl) @@ -379,12 +384,12 @@ static int acpt_write(BIO *b, const char *in, int inl) while (b->next_bio == NULL) { ret = acpt_state(b, data); if (ret <= 0) - return (ret); + return ret; } ret = BIO_write(b->next_bio, in, inl); BIO_copy_next_retry(b); - return (ret); + return ret; } static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr) @@ -451,7 +456,6 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr) data->accepted_mode &= ~BIO_SOCK_NONBLOCK; break; case BIO_C_SET_FD: - b->init = 1; b->num = *((int *)ptr); data->accept_sock = b->num; data->state = ACPT_S_ACCEPT; @@ -522,19 +526,13 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr) ret = (long)data->bind_mode; break; case BIO_CTRL_DUP: -/*- dbio=(BIO *)ptr; - if (data->param_port) EAY EAY - BIO_set_port(dbio,data->param_port); - if (data->param_hostname) - BIO_set_hostname(dbio,data->param_hostname); - BIO_set_nbio(dbio,data->nbio); */ break; default: ret = 0; break; } - return (ret); + return ret; } static int acpt_puts(BIO *bp, const char *str) @@ -543,7 +541,7 @@ static int acpt_puts(BIO *bp, const char *str) n = strlen(str); ret = acpt_write(bp, str, n); - return (ret); + return ret; } BIO *BIO_new_accept(const char *str) @@ -552,11 +550,11 @@ BIO *BIO_new_accept(const char *str) ret = BIO_new(BIO_s_accept()); if (ret == NULL) - return (NULL); + return NULL; if (BIO_set_accept_name(ret, str)) - return (ret); + return ret; BIO_free(ret); - return (NULL); + return NULL; } #endif diff --git a/deps/openssl/openssl/crypto/bio/bss_bio.c b/deps/openssl/openssl/crypto/bio/bss_bio.c index de34f6bf3763ee..e34382c5578141 100644 --- a/deps/openssl/openssl/crypto/bio/bss_bio.c +++ b/deps/openssl/openssl/crypto/bio/bss_bio.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -15,6 +15,7 @@ * See ssl/ssltest.c for some hints on how this can be used. */ +#include "e_os.h" #include #include #include @@ -24,8 +25,6 @@ #include #include -#include "e_os.h" - static int bio_new(BIO *bio); static int bio_free(BIO *bio); static int bio_read(BIO *bio, char *buf, int size); @@ -39,7 +38,11 @@ static void bio_destroy_pair(BIO *bio); static const BIO_METHOD methods_biop = { BIO_TYPE_BIO, "BIO pair", + /* TODO: Convert to new style write function */ + bwrite_conv, bio_write, + /* TODO: Convert to new style read function */ + bread_conv, bio_read, bio_puts, NULL /* no bio_gets */ , diff --git a/deps/openssl/openssl/crypto/bio/bss_conn.c b/deps/openssl/openssl/crypto/bio/bss_conn.c index e343bcddfa682f..e9673fe7833693 100644 --- a/deps/openssl/openssl/crypto/bio/bss_conn.c +++ b/deps/openssl/openssl/crypto/bio/bss_conn.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -58,7 +58,11 @@ void BIO_CONNECT_free(BIO_CONNECT *a); static const BIO_METHOD methods_connectp = { BIO_TYPE_CONNECT, "socket connect", + /* TODO: Convert to new style write function */ + bwrite_conv, conn_write, + /* TODO: Convert to new style read function */ + bread_conv, conn_read, conn_puts, NULL, /* conn_gets, */ @@ -212,25 +216,26 @@ static int conn_state(BIO *b, BIO_CONNECT *c) if (cb != NULL) ret = cb((BIO *)b, c->state, ret); end: - return (ret); + return ret; } BIO_CONNECT *BIO_CONNECT_new(void) { BIO_CONNECT *ret; - if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) - return (NULL); + if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) { + BIOerr(BIO_F_BIO_CONNECT_NEW, ERR_R_MALLOC_FAILURE); + return NULL; + } ret->state = BIO_CONN_S_BEFORE; ret->connect_family = BIO_FAMILY_IPANY; - return (ret); + return ret; } void BIO_CONNECT_free(BIO_CONNECT *a) { if (a == NULL) return; - OPENSSL_free(a->param_hostname); OPENSSL_free(a->param_service); BIO_ADDRINFO_free(a->addr_first); @@ -239,7 +244,7 @@ void BIO_CONNECT_free(BIO_CONNECT *a) const BIO_METHOD *BIO_s_connect(void) { - return (&methods_connectp); + return &methods_connectp; } static int conn_new(BIO *bi) @@ -248,9 +253,9 @@ static int conn_new(BIO *bi) bi->num = (int)INVALID_SOCKET; bi->flags = 0; if ((bi->ptr = (char *)BIO_CONNECT_new()) == NULL) - return (0); + return 0; else - return (1); + return 1; } static void conn_close_socket(BIO *bio) @@ -272,7 +277,7 @@ static int conn_free(BIO *a) BIO_CONNECT *data; if (a == NULL) - return (0); + return 0; data = (BIO_CONNECT *)a->ptr; if (a->shutdown) { @@ -282,7 +287,7 @@ static int conn_free(BIO *a) a->flags = 0; a->init = 0; } - return (1); + return 1; } static int conn_read(BIO *b, char *out, int outl) @@ -294,7 +299,7 @@ static int conn_read(BIO *b, char *out, int outl) if (data->state != BIO_CONN_S_OK) { ret = conn_state(b, data); if (ret <= 0) - return (ret); + return ret; } if (out != NULL) { @@ -306,7 +311,7 @@ static int conn_read(BIO *b, char *out, int outl) BIO_set_retry_read(b); } } - return (ret); + return ret; } static int conn_write(BIO *b, const char *in, int inl) @@ -318,7 +323,7 @@ static int conn_write(BIO *b, const char *in, int inl) if (data->state != BIO_CONN_S_OK) { ret = conn_state(b, data); if (ret <= 0) - return (ret); + return ret; } clear_socket_error(); @@ -328,7 +333,7 @@ static int conn_write(BIO *b, const char *in, int inl) if (BIO_sock_should_retry(ret)) BIO_set_retry_write(b); } - return (ret); + return ret; } static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) @@ -473,15 +478,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) } break; case BIO_CTRL_SET_CALLBACK: - { -# if 0 /* FIXME: Should this be used? -- Richard - * Levitte */ - BIOerr(BIO_F_CONN_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - ret = -1; -# else - ret = 0; -# endif - } + ret = 0; /* use callback ctrl */ break; case BIO_CTRL_GET_CALLBACK: { @@ -495,7 +492,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) ret = 0; break; } - return (ret); + return ret; } static long conn_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) @@ -515,7 +512,7 @@ static long conn_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) ret = 0; break; } - return (ret); + return ret; } static int conn_puts(BIO *bp, const char *str) @@ -524,7 +521,7 @@ static int conn_puts(BIO *bp, const char *str) n = strlen(str); ret = conn_write(bp, str, n); - return (ret); + return ret; } BIO *BIO_new_connect(const char *str) @@ -533,11 +530,11 @@ BIO *BIO_new_connect(const char *str) ret = BIO_new(BIO_s_connect()); if (ret == NULL) - return (NULL); + return NULL; if (BIO_set_conn_hostname(ret, str)) - return (ret); + return ret; BIO_free(ret); - return (NULL); + return NULL; } #endif diff --git a/deps/openssl/openssl/crypto/bio/bss_dgram.c b/deps/openssl/openssl/crypto/bio/bss_dgram.c index c772d956b869a3..d5fe5bb5a8a2d7 100644 --- a/deps/openssl/openssl/crypto/bio/bss_dgram.c +++ b/deps/openssl/openssl/crypto/bio/bss_dgram.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,13 +13,6 @@ #include "bio_lcl.h" #ifndef OPENSSL_NO_DGRAM -# if !(defined(_WIN32) || defined(OPENSSL_SYS_VMS)) -# include -# endif -# if defined(OPENSSL_SYS_VMS) -# include -# endif - # ifndef OPENSSL_NO_SCTP # include # include @@ -73,7 +66,11 @@ static void get_current_time(struct timeval *t); static const BIO_METHOD methods_dgramp = { BIO_TYPE_DGRAM, "datagram socket", + /* TODO: Convert to new style write function */ + bwrite_conv, dgram_write, + /* TODO: Convert to new style read function */ + bread_conv, dgram_read, dgram_puts, NULL, /* dgram_gets, */ @@ -87,7 +84,11 @@ static const BIO_METHOD methods_dgramp = { static const BIO_METHOD methods_dgramp_sctp = { BIO_TYPE_DGRAM_SCTP, "datagram sctp socket", + /* TODO: Convert to new style write function */ + bwrite_conv, dgram_sctp_write, + /* TODO: Convert to new style write function */ + bread_conv, dgram_sctp_read, dgram_sctp_puts, NULL, /* dgram_gets, */ @@ -135,7 +136,7 @@ typedef struct bio_dgram_sctp_data_st { const BIO_METHOD *BIO_s_datagram(void) { - return (&methods_dgramp); + return &methods_dgramp; } BIO *BIO_new_dgram(int fd, int close_flag) @@ -144,9 +145,9 @@ BIO *BIO_new_dgram(int fd, int close_flag) ret = BIO_new(BIO_s_datagram()); if (ret == NULL) - return (NULL); + return NULL; BIO_set_fd(ret, fd, close_flag); - return (ret); + return ret; } static int dgram_new(BIO *bi) @@ -156,7 +157,7 @@ static int dgram_new(BIO *bi) if (data == NULL) return 0; bi->ptr = data; - return (1); + return 1; } static int dgram_free(BIO *a) @@ -164,20 +165,20 @@ static int dgram_free(BIO *a) bio_dgram_data *data; if (a == NULL) - return (0); + return 0; if (!dgram_clear(a)) return 0; data = (bio_dgram_data *)a->ptr; OPENSSL_free(data); - return (1); + return 1; } static int dgram_clear(BIO *a) { if (a == NULL) - return (0); + return 0; if (a->shutdown) { if (a->init) { BIO_closesocket(a->num); @@ -185,7 +186,7 @@ static int dgram_clear(BIO *a) a->init = 0; a->flags = 0; } - return (1); + return 1; } static void dgram_adjust_rcv_timeout(BIO *b) @@ -324,7 +325,7 @@ static int dgram_read(BIO *b, char *out, int outl) dgram_reset_rcv_timeout(b); } - return (ret); + return ret; } static int dgram_write(BIO *b, const char *in, int inl) @@ -338,13 +339,8 @@ static int dgram_write(BIO *b, const char *in, int inl) else { int peerlen = BIO_ADDR_sockaddr_size(&data->peer); -# if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK) - ret = sendto(b->num, (char *)in, inl, 0, - BIO_ADDR_sockaddr(&data->peer), peerlen); -# else ret = sendto(b->num, in, inl, 0, BIO_ADDR_sockaddr(&data->peer), peerlen); -# endif } BIO_clear_retry_flags(b); @@ -354,7 +350,7 @@ static int dgram_write(BIO *b, const char *in, int inl) data->_errno = get_last_socket_error(); } } - return (ret); + return ret; } static long dgram_get_mtu_overhead(bio_dgram_data *data) @@ -368,7 +364,7 @@ static long dgram_get_mtu_overhead(bio_dgram_data *data) */ ret = 28; break; -# ifdef AF_INET6 +# if OPENSSL_USE_IPV6 case AF_INET6: { # ifdef IN6_IS_ADDR_V4MAPPED @@ -798,7 +794,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) ret = 0; break; } - return (ret); + return ret; } static int dgram_puts(BIO *bp, const char *str) @@ -807,13 +803,13 @@ static int dgram_puts(BIO *bp, const char *str) n = strlen(str); ret = dgram_write(bp, str, n); - return (ret); + return ret; } # ifndef OPENSSL_NO_SCTP const BIO_METHOD *BIO_s_datagram_sctp(void) { - return (&methods_dgramp_sctp); + return &methods_dgramp_sctp; } BIO *BIO_new_dgram_sctp(int fd, int close_flag) @@ -835,7 +831,7 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag) bio = BIO_new(BIO_s_datagram_sctp()); if (bio == NULL) - return (NULL); + return NULL; BIO_set_fd(bio, fd, close_flag); /* Activate SCTP-AUTH for DATA and FORWARD-TSN chunks */ @@ -845,7 +841,9 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag) sizeof(struct sctp_authchunk)); if (ret < 0) { BIO_vfree(bio); - return (NULL); + BIOerr(BIO_F_BIO_NEW_DGRAM_SCTP, ERR_R_SYS_LIB); + ERR_add_error_data(1, "Ensure SCTP AUTH chunks are enabled in kernel"); + return NULL; } auth.sauth_chunk = OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE; ret = @@ -853,26 +851,29 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag) sizeof(struct sctp_authchunk)); if (ret < 0) { BIO_vfree(bio); - return (NULL); + BIOerr(BIO_F_BIO_NEW_DGRAM_SCTP, ERR_R_SYS_LIB); + ERR_add_error_data(1, "Ensure SCTP AUTH chunks are enabled in kernel"); + return NULL; } /* * Test if activation was successful. When using accept(), SCTP-AUTH has * to be activated for the listening socket already, otherwise the - * connected socket won't use it. + * connected socket won't use it. Similarly with connect(): the socket + * prior to connection must be activated for SCTP-AUTH */ sockopt_len = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); authchunks = OPENSSL_zalloc(sockopt_len); if (authchunks == NULL) { BIO_vfree(bio); - return (NULL); + return NULL; } ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks, &sockopt_len); if (ret < 0) { OPENSSL_free(authchunks); BIO_vfree(bio); - return (NULL); + return NULL; } for (p = (unsigned char *)authchunks->gauth_chunks; @@ -886,8 +887,14 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag) OPENSSL_free(authchunks); - OPENSSL_assert(auth_data); - OPENSSL_assert(auth_forward); + if (!auth_data || !auth_forward) { + BIO_vfree(bio); + BIOerr(BIO_F_BIO_NEW_DGRAM_SCTP, ERR_R_SYS_LIB); + ERR_add_error_data(1, + "Ensure SCTP AUTH chunks are enabled on the " + "underlying socket"); + return NULL; + } # ifdef SCTP_AUTHENTICATION_EVENT # ifdef SCTP_EVENT @@ -900,14 +907,14 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag) sizeof(struct sctp_event)); if (ret < 0) { BIO_vfree(bio); - return (NULL); + return NULL; } # else sockopt_len = (socklen_t) sizeof(struct sctp_event_subscribe); ret = getsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, &sockopt_len); if (ret < 0) { BIO_vfree(bio); - return (NULL); + return NULL; } event.sctp_authentication_event = 1; @@ -917,7 +924,7 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag) sizeof(struct sctp_event_subscribe)); if (ret < 0) { BIO_vfree(bio); - return (NULL); + return NULL; } # endif # endif @@ -931,10 +938,10 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag) sizeof(optval)); if (ret < 0) { BIO_vfree(bio); - return (NULL); + return NULL; } - return (bio); + return bio; } int BIO_dgram_is_sctp(BIO *bio) @@ -948,16 +955,17 @@ static int dgram_sctp_new(BIO *bi) bi->init = 0; bi->num = 0; - data = OPENSSL_zalloc(sizeof(*data)); - if (data == NULL) + if ((data = OPENSSL_zalloc(sizeof(*data))) == NULL) { + BIOerr(BIO_F_DGRAM_SCTP_NEW, ERR_R_MALLOC_FAILURE); return 0; + } # ifdef SCTP_PR_SCTP_NONE data->prinfo.pr_policy = SCTP_PR_SCTP_NONE; # endif bi->ptr = data; bi->flags = 0; - return (1); + return 1; } static int dgram_sctp_free(BIO *a) @@ -965,7 +973,7 @@ static int dgram_sctp_free(BIO *a) bio_dgram_sctp_data *data; if (a == NULL) - return (0); + return 0; if (!dgram_clear(a)) return 0; @@ -973,7 +981,7 @@ static int dgram_sctp_free(BIO *a) if (data != NULL) OPENSSL_free(data); - return (1); + return 1; } # ifdef SCTP_AUTHENTICATION_EVENT @@ -1210,7 +1218,7 @@ static int dgram_sctp_read(BIO *b, char *out, int outl) data->peer_auth_tested = 1; } } - return (ret); + return ret; } /* @@ -1326,7 +1334,7 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl) data->_errno = get_last_socket_error(); } } - return (ret); + return ret; } static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr) @@ -1562,7 +1570,7 @@ static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr) ret = dgram_ctrl(b, cmd, num, ptr); break; } - return (ret); + return ret; } int BIO_dgram_sctp_notification_cb(BIO *b, @@ -1819,7 +1827,7 @@ static int dgram_sctp_puts(BIO *bp, const char *str) n = strlen(str); ret = dgram_sctp_write(bp, str, n); - return (ret); + return ret; } # endif @@ -1838,9 +1846,9 @@ static int BIO_dgram_should_retry(int i) */ # endif - return (BIO_dgram_non_fatal_error(err)); + return BIO_dgram_non_fatal_error(err); } - return (0); + return 0; } int BIO_dgram_non_fatal_error(int err) @@ -1884,12 +1892,11 @@ int BIO_dgram_non_fatal_error(int err) case EALREADY: # endif - return (1); - /* break; */ + return 1; default: break; } - return (0); + return 0; } static void get_current_time(struct timeval *t) @@ -1910,11 +1917,6 @@ static void get_current_time(struct timeval *t) # endif t->tv_sec = (long)(now.ul / 10000000); t->tv_usec = ((int)(now.ul % 10000000)) / 10; -# elif defined(OPENSSL_SYS_VMS) - struct timeb tb; - ftime(&tb); - t->tv_sec = (long)tb.time; - t->tv_usec = (long)tb.millitm * 1000; # else gettimeofday(t, NULL); # endif diff --git a/deps/openssl/openssl/crypto/bio/bss_fd.c b/deps/openssl/openssl/crypto/bio/bss_fd.c index 2bd3517dfda7c5..5bc539c90b961f 100644 --- a/deps/openssl/openssl/crypto/bio/bss_fd.c +++ b/deps/openssl/openssl/crypto/bio/bss_fd.c @@ -60,7 +60,11 @@ int BIO_fd_should_retry(int s); static const BIO_METHOD methods_fdp = { BIO_TYPE_FD, "file descriptor", + /* TODO: Convert to new style write function */ + bwrite_conv, fd_write, + /* TODO: Convert to new style read function */ + bread_conv, fd_read, fd_puts, fd_gets, @@ -72,7 +76,7 @@ static const BIO_METHOD methods_fdp = { const BIO_METHOD *BIO_s_fd(void) { - return (&methods_fdp); + return &methods_fdp; } BIO *BIO_new_fd(int fd, int close_flag) @@ -80,9 +84,9 @@ BIO *BIO_new_fd(int fd, int close_flag) BIO *ret; ret = BIO_new(BIO_s_fd()); if (ret == NULL) - return (NULL); + return NULL; BIO_set_fd(ret, fd, close_flag); - return (ret); + return ret; } static int fd_new(BIO *bi) @@ -91,13 +95,13 @@ static int fd_new(BIO *bi) bi->num = -1; bi->ptr = NULL; bi->flags = BIO_FLAGS_UPLINK; /* essentially redundant */ - return (1); + return 1; } static int fd_free(BIO *a) { if (a == NULL) - return (0); + return 0; if (a->shutdown) { if (a->init) { UP_close(a->num); @@ -105,7 +109,7 @@ static int fd_free(BIO *a) a->init = 0; a->flags = BIO_FLAGS_UPLINK; } - return (1); + return 1; } static int fd_read(BIO *b, char *out, int outl) @@ -121,7 +125,7 @@ static int fd_read(BIO *b, char *out, int outl) BIO_set_retry_read(b); } } - return (ret); + return ret; } static int fd_write(BIO *b, const char *in, int inl) @@ -134,7 +138,7 @@ static int fd_write(BIO *b, const char *in, int inl) if (BIO_fd_should_retry(ret)) BIO_set_retry_write(b); } - return (ret); + return ret; } static long fd_ctrl(BIO *b, int cmd, long num, void *ptr) @@ -186,7 +190,7 @@ static long fd_ctrl(BIO *b, int cmd, long num, void *ptr) ret = 0; break; } - return (ret); + return ret; } static int fd_puts(BIO *bp, const char *str) @@ -195,7 +199,7 @@ static int fd_puts(BIO *bp, const char *str) n = strlen(str); ret = fd_write(bp, str, n); - return (ret); + return ret; } static int fd_gets(BIO *bp, char *buf, int size) @@ -204,14 +208,16 @@ static int fd_gets(BIO *bp, char *buf, int size) char *ptr = buf; char *end = buf + size - 1; - while ((ptr < end) && (fd_read(bp, ptr, 1) > 0) && (ptr[0] != '\n')) - ptr++; + while (ptr < end && fd_read(bp, ptr, 1) > 0) { + if (*ptr++ == '\n') + break; + } ptr[0] = '\0'; if (buf[0] != '\0') ret = strlen(buf); - return (ret); + return ret; } int BIO_fd_should_retry(int i) @@ -221,9 +227,9 @@ int BIO_fd_should_retry(int i) if ((i == 0) || (i == -1)) { err = get_last_sys_error(); - return (BIO_fd_non_fatal_error(err)); + return BIO_fd_non_fatal_error(err); } - return (0); + return 0; } int BIO_fd_non_fatal_error(int err) @@ -265,11 +271,10 @@ int BIO_fd_non_fatal_error(int err) # ifdef EALREADY case EALREADY: # endif - return (1); - /* break; */ + return 1; default: break; } - return (0); + return 0; } #endif diff --git a/deps/openssl/openssl/crypto/bio/bss_file.c b/deps/openssl/openssl/crypto/bio/bss_file.c index 2edf244835312f..8de2391267afe8 100644 --- a/deps/openssl/openssl/crypto/bio/bss_file.c +++ b/deps/openssl/openssl/crypto/bio/bss_file.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,12 +7,6 @@ * https://www.openssl.org/source/license.html */ -/*- - * 03-Dec-1997 rdenny@dc3.com Fix bug preventing use of stdin/stdout - * with binary data (e.g. asn1parse -inform DER < xxx) under - * Windows - */ - #ifndef HEADER_BSS_FILE_C # define HEADER_BSS_FILE_C @@ -51,7 +45,11 @@ static int file_free(BIO *data); static const BIO_METHOD methods_filep = { BIO_TYPE_FILE, "FILE pointer", + /* TODO: Convert to new style write function */ + bwrite_conv, file_write, + /* TODO: Convert to new style read function */ + bread_conv, file_read, file_puts, file_gets, @@ -81,17 +79,17 @@ BIO *BIO_new_file(const char *filename, const char *mode) BIOerr(BIO_F_BIO_NEW_FILE, BIO_R_NO_SUCH_FILE); else BIOerr(BIO_F_BIO_NEW_FILE, ERR_R_SYS_LIB); - return (NULL); + return NULL; } if ((ret = BIO_new(BIO_s_file())) == NULL) { fclose(file); - return (NULL); + return NULL; } BIO_clear_flags(ret, BIO_FLAGS_UPLINK); /* we did fopen -> we disengage * UPLINK */ BIO_set_fp(ret, file, fp_flags); - return (ret); + return ret; } BIO *BIO_new_fp(FILE *stream, int close_flag) @@ -99,17 +97,17 @@ BIO *BIO_new_fp(FILE *stream, int close_flag) BIO *ret; if ((ret = BIO_new(BIO_s_file())) == NULL) - return (NULL); + return NULL; /* redundant flag, left for documentation purposes */ BIO_set_flags(ret, BIO_FLAGS_UPLINK); BIO_set_fp(ret, stream, close_flag); - return (ret); + return ret; } const BIO_METHOD *BIO_s_file(void) { - return (&methods_filep); + return &methods_filep; } static int file_new(BIO *bi) @@ -118,13 +116,13 @@ static int file_new(BIO *bi) bi->num = 0; bi->ptr = NULL; bi->flags = BIO_FLAGS_UPLINK; /* default to UPLINK */ - return (1); + return 1; } static int file_free(BIO *a) { if (a == NULL) - return (0); + return 0; if (a->shutdown) { if ((a->init) && (a->ptr != NULL)) { if (a->flags & BIO_FLAGS_UPLINK) @@ -136,7 +134,7 @@ static int file_free(BIO *a) } a->init = 0; } - return (1); + return 1; } static int file_read(BIO *b, char *out, int outl) @@ -156,7 +154,7 @@ static int file_read(BIO *b, char *out, int outl) ret = -1; } } - return (ret); + return ret; } static int file_write(BIO *b, const char *in, int inl) @@ -172,12 +170,12 @@ static int file_write(BIO *b, const char *in, int inl) ret = inl; /* ret=fwrite(in,1,(int)inl,(FILE *)b->ptr); */ /* - * according to Tim Hudson , the commented out + * according to Tim Hudson , the commented out * version above can cause 'inl' write calls under some stupid stdio * implementations (VMS) */ } - return (ret); + return ret; } static long file_ctrl(BIO *b, int cmd, long num, void *ptr) @@ -283,9 +281,9 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr) } # if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32_CYGWIN) if (!(num & BIO_FP_TEXT)) - strcat(p, "b"); + OPENSSL_strlcat(p, "b", sizeof(p)); else - strcat(p, "t"); + OPENSSL_strlcat(p, "t", sizeof(p)); # endif fp = openssl_fopen(ptr, p); if (fp == NULL) { @@ -335,7 +333,7 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr) ret = 0; break; } - return (ret); + return ret; } static int file_gets(BIO *bp, char *buf, int size) @@ -353,7 +351,7 @@ static int file_gets(BIO *bp, char *buf, int size) if (buf[0] != '\0') ret = strlen(buf); err: - return (ret); + return ret; } static int file_puts(BIO *bp, const char *str) @@ -362,7 +360,7 @@ static int file_puts(BIO *bp, const char *str) n = strlen(str); ret = file_write(bp, str, n); - return (ret); + return ret; } #else @@ -399,7 +397,11 @@ static int file_free(BIO *a) static const BIO_METHOD methods_filep = { BIO_TYPE_FILE, "FILE pointer", + /* TODO: Convert to new style write function */ + bwrite_conv, file_write, + /* TODO: Convert to new style read function */ + bread_conv, file_read, file_puts, file_gets, @@ -411,7 +413,7 @@ static const BIO_METHOD methods_filep = { const BIO_METHOD *BIO_s_file(void) { - return (&methods_filep); + return &methods_filep; } BIO *BIO_new_file(const char *filename, const char *mode) diff --git a/deps/openssl/openssl/crypto/bio/bss_log.c b/deps/openssl/openssl/crypto/bio/bss_log.c index f090e8214bb020..e9ab932ec29531 100644 --- a/deps/openssl/openssl/crypto/bio/bss_log.c +++ b/deps/openssl/openssl/crypto/bio/bss_log.c @@ -39,7 +39,7 @@ void *_malloc32(__size_t); # endif /* __INITIAL_POINTER_SIZE == 64 */ # endif /* __INITIAL_POINTER_SIZE && defined * _ANSI_C_SOURCE */ -#elif defined(OPENSSL_SYS_NETWARE) +#elif defined(__DJGPP__) && defined(OPENSSL_NO_SOCK) # define NO_SYSLOG #elif (!defined(MSDOS) || defined(WATT32)) && !defined(OPENSSL_SYS_VXWORKS) && !defined(NO_SYSLOG) # include @@ -87,10 +87,13 @@ static void xcloselog(BIO *bp); static const BIO_METHOD methods_slg = { BIO_TYPE_MEM, "syslog", + /* TODO: Convert to new style write function */ + bwrite_conv, slg_write, + NULL, /* slg_write_old, */ NULL, /* slg_read, */ slg_puts, - NULL, /* slg_gets, */ + NULL, slg_ctrl, slg_new, slg_free, @@ -99,7 +102,7 @@ static const BIO_METHOD methods_slg = { const BIO_METHOD *BIO_s_log(void) { - return (&methods_slg); + return &methods_slg; } static int slg_new(BIO *bi) @@ -108,15 +111,15 @@ static int slg_new(BIO *bi) bi->num = 0; bi->ptr = NULL; xopenlog(bi, "application", LOG_DAEMON); - return (1); + return 1; } static int slg_free(BIO *a) { if (a == NULL) - return (0); + return 0; xcloselog(a); - return (1); + return 1; } static int slg_write(BIO *b, const char *in, int inl) @@ -194,7 +197,8 @@ static int slg_write(BIO *b, const char *in, int inl) }; if ((buf = OPENSSL_malloc(inl + 1)) == NULL) { - return (0); + BIOerr(BIO_F_SLG_WRITE, ERR_R_MALLOC_FAILURE); + return 0; } memcpy(buf, in, inl); buf[inl] = '\0'; @@ -208,7 +212,7 @@ static int slg_write(BIO *b, const char *in, int inl) xsyslog(b, priority, pp); OPENSSL_free(buf); - return (ret); + return ret; } static long slg_ctrl(BIO *b, int cmd, long num, void *ptr) @@ -221,7 +225,7 @@ static long slg_ctrl(BIO *b, int cmd, long num, void *ptr) default: break; } - return (0); + return 0; } static int slg_puts(BIO *bp, const char *str) @@ -230,7 +234,7 @@ static int slg_puts(BIO *bp, const char *str) n = strlen(str); ret = slg_write(bp, str, n); - return (ret); + return ret; } # if defined(OPENSSL_SYS_WIN32) diff --git a/deps/openssl/openssl/crypto/bio/bss_mem.c b/deps/openssl/openssl/crypto/bio/bss_mem.c index 4c0e4d7412df01..e0a97c3b43e188 100644 --- a/deps/openssl/openssl/crypto/bio/bss_mem.c +++ b/deps/openssl/openssl/crypto/bio/bss_mem.c @@ -26,7 +26,11 @@ static int mem_buf_sync(BIO *h); static const BIO_METHOD mem_method = { BIO_TYPE_MEM, "memory buffer", + /* TODO: Convert to new style write function */ + bwrite_conv, mem_write, + /* TODO: Convert to new style read function */ + bread_conv, mem_read, mem_puts, mem_gets, @@ -39,7 +43,11 @@ static const BIO_METHOD mem_method = { static const BIO_METHOD secmem_method = { BIO_TYPE_MEM, "secure memory buffer", + /* TODO: Convert to new style write function */ + bwrite_conv, mem_write, + /* TODO: Convert to new style read function */ + bread_conv, mem_read, mem_puts, mem_gets, @@ -62,7 +70,7 @@ typedef struct bio_buf_mem_st { const BIO_METHOD *BIO_s_mem(void) { - return (&mem_method); + return &mem_method; } const BIO_METHOD *BIO_s_secmem(void) @@ -122,42 +130,38 @@ static int mem_init(BIO *bi, unsigned long flags) static int mem_new(BIO *bi) { - return (mem_init(bi, 0L)); + return mem_init(bi, 0L); } static int secmem_new(BIO *bi) { - return (mem_init(bi, BUF_MEM_FLAG_SECURE)); + return mem_init(bi, BUF_MEM_FLAG_SECURE); } static int mem_free(BIO *a) { - return (mem_buf_free(a, 1)); + return mem_buf_free(a, 1); } static int mem_buf_free(BIO *a, int free_all) { if (a == NULL) - return (0); - if (a->shutdown) { - if ((a->init) && (a->ptr != NULL)) { - BUF_MEM *b; - BIO_BUF_MEM *bb = (BIO_BUF_MEM *)a->ptr; - - if (bb != NULL) { - b = bb->buf; - if (a->flags & BIO_FLAGS_MEM_RDONLY) - b->data = NULL; - BUF_MEM_free(b); - if (free_all) { - OPENSSL_free(bb->readp); - OPENSSL_free(bb); - } - } - a->ptr = NULL; + return 0; + + if (a->shutdown && a->init && a->ptr != NULL) { + BIO_BUF_MEM *bb = (BIO_BUF_MEM *)a->ptr; + BUF_MEM *b = bb->buf; + + if (a->flags & BIO_FLAGS_MEM_RDONLY) + b->data = NULL; + BUF_MEM_free(b); + if (free_all) { + OPENSSL_free(bb->readp); + OPENSSL_free(bb); } + a->ptr = NULL; } - return (1); + return 1; } /* @@ -174,7 +178,7 @@ static int mem_buf_sync(BIO *b) bbm->readp->data = bbm->buf->data; } } - return (0); + return 0; } static int mem_read(BIO *b, char *out, int outl) @@ -194,7 +198,7 @@ static int mem_read(BIO *b, char *out, int outl) if (ret != 0) BIO_set_retry_read(b); } - return (ret); + return ret; } static int mem_write(BIO *b, const char *in, int inl) @@ -222,7 +226,7 @@ static int mem_write(BIO *b, const char *in, int inl) *bbm->readp = *bbm->buf; ret = inl; end: - return (ret); + return ret; } static long mem_ctrl(BIO *b, int cmd, long num, void *ptr) @@ -299,7 +303,7 @@ static long mem_ctrl(BIO *b, int cmd, long num, void *ptr) ret = 0; break; } - return (ret); + return ret; } static int mem_gets(BIO *bp, char *buf, int size) @@ -335,7 +339,7 @@ static int mem_gets(BIO *bp, char *buf, int size) if (i > 0) buf[i] = '\0'; ret = i; - return (ret); + return ret; } static int mem_puts(BIO *bp, const char *str) @@ -345,5 +349,5 @@ static int mem_puts(BIO *bp, const char *str) n = strlen(str); ret = mem_write(bp, str, n); /* memory semantics is that it will always work */ - return (ret); + return ret; } diff --git a/deps/openssl/openssl/crypto/bio/bss_null.c b/deps/openssl/openssl/crypto/bio/bss_null.c index 56f95f9fc24cba..08f1d2bc98a37d 100644 --- a/deps/openssl/openssl/crypto/bio/bss_null.c +++ b/deps/openssl/openssl/crypto/bio/bss_null.c @@ -20,7 +20,11 @@ static long null_ctrl(BIO *h, int cmd, long arg1, void *arg2); static const BIO_METHOD null_method = { BIO_TYPE_NULL, "NULL", + /* TODO: Convert to new style write function */ + bwrite_conv, null_write, + /* TODO: Convert to new style read function */ + bread_conv, null_read, null_puts, null_gets, @@ -32,17 +36,17 @@ static const BIO_METHOD null_method = { const BIO_METHOD *BIO_s_null(void) { - return (&null_method); + return &null_method; } static int null_read(BIO *b, char *out, int outl) { - return (0); + return 0; } static int null_write(BIO *b, const char *in, int inl) { - return (inl); + return inl; } static long null_ctrl(BIO *b, int cmd, long num, void *ptr) @@ -67,17 +71,17 @@ static long null_ctrl(BIO *b, int cmd, long num, void *ptr) ret = 0; break; } - return (ret); + return ret; } static int null_gets(BIO *bp, char *buf, int size) { - return (0); + return 0; } static int null_puts(BIO *bp, const char *str) { if (str == NULL) - return (0); - return (strlen(str)); + return 0; + return strlen(str); } diff --git a/deps/openssl/openssl/crypto/bio/bss_sock.c b/deps/openssl/openssl/crypto/bio/bss_sock.c index 992266dc24e567..ad38453201f171 100644 --- a/deps/openssl/openssl/crypto/bio/bss_sock.c +++ b/deps/openssl/openssl/crypto/bio/bss_sock.c @@ -9,7 +9,6 @@ #include #include -#define USE_SOCKETS #include "bio_lcl.h" #include "internal/cryptlib.h" @@ -38,7 +37,11 @@ int BIO_sock_should_retry(int s); static const BIO_METHOD methods_sockp = { BIO_TYPE_SOCKET, "socket", + /* TODO: Convert to new style write function */ + bwrite_conv, sock_write, + /* TODO: Convert to new style read function */ + bread_conv, sock_read, sock_puts, NULL, /* sock_gets, */ @@ -50,7 +53,7 @@ static const BIO_METHOD methods_sockp = { const BIO_METHOD *BIO_s_socket(void) { - return (&methods_sockp); + return &methods_sockp; } BIO *BIO_new_socket(int fd, int close_flag) @@ -59,9 +62,9 @@ BIO *BIO_new_socket(int fd, int close_flag) ret = BIO_new(BIO_s_socket()); if (ret == NULL) - return (NULL); + return NULL; BIO_set_fd(ret, fd, close_flag); - return (ret); + return ret; } static int sock_new(BIO *bi) @@ -70,13 +73,13 @@ static int sock_new(BIO *bi) bi->num = 0; bi->ptr = NULL; bi->flags = 0; - return (1); + return 1; } static int sock_free(BIO *a) { if (a == NULL) - return (0); + return 0; if (a->shutdown) { if (a->init) { BIO_closesocket(a->num); @@ -84,7 +87,7 @@ static int sock_free(BIO *a) a->init = 0; a->flags = 0; } - return (1); + return 1; } static int sock_read(BIO *b, char *out, int outl) @@ -100,7 +103,7 @@ static int sock_read(BIO *b, char *out, int outl) BIO_set_retry_read(b); } } - return (ret); + return ret; } static int sock_write(BIO *b, const char *in, int inl) @@ -114,7 +117,7 @@ static int sock_write(BIO *b, const char *in, int inl) if (BIO_sock_should_retry(ret)) BIO_set_retry_write(b); } - return (ret); + return ret; } static long sock_ctrl(BIO *b, int cmd, long num, void *ptr) @@ -152,7 +155,7 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr) ret = 0; break; } - return (ret); + return ret; } static int sock_puts(BIO *bp, const char *str) @@ -161,7 +164,7 @@ static int sock_puts(BIO *bp, const char *str) n = strlen(str); ret = sock_write(bp, str, n); - return (ret); + return ret; } int BIO_sock_should_retry(int i) @@ -171,9 +174,9 @@ int BIO_sock_should_retry(int i) if ((i == 0) || (i == -1)) { err = get_last_socket_error(); - return (BIO_sock_non_fatal_error(err)); + return BIO_sock_non_fatal_error(err); } - return (0); + return 0; } int BIO_sock_non_fatal_error(int err) @@ -220,12 +223,11 @@ int BIO_sock_non_fatal_error(int err) # ifdef EALREADY case EALREADY: # endif - return (1); - /* break; */ + return 1; default: break; } - return (0); + return 0; } #endif /* #ifndef OPENSSL_NO_SOCK */ diff --git a/deps/openssl/openssl/crypto/blake2/blake2_impl.h b/deps/openssl/openssl/crypto/blake2/blake2_impl.h index 8fe5c959150594..80b717e79c08ab 100644 --- a/deps/openssl/openssl/crypto/blake2/blake2_impl.h +++ b/deps/openssl/openssl/crypto/blake2/blake2_impl.h @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -15,7 +15,6 @@ */ #include -#include "e_os.h" static ossl_inline uint32_t load32(const uint8_t *src) { diff --git a/deps/openssl/openssl/crypto/blake2/blake2_locl.h b/deps/openssl/openssl/crypto/blake2/blake2_locl.h index fb7beb976c2f19..926bae944c174c 100644 --- a/deps/openssl/openssl/crypto/blake2/blake2_locl.h +++ b/deps/openssl/openssl/crypto/blake2/blake2_locl.h @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -15,7 +15,6 @@ */ #include -#include "e_os.h" #define BLAKE2S_BLOCKBYTES 64 #define BLAKE2S_OUTBYTES 32 diff --git a/deps/openssl/openssl/crypto/blake2/blake2b.c b/deps/openssl/openssl/crypto/blake2/blake2b.c index e77bd9ac16ffd9..829ba5b50a5c44 100644 --- a/deps/openssl/openssl/crypto/blake2/blake2b.c +++ b/deps/openssl/openssl/crypto/blake2/blake2b.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -17,7 +17,6 @@ #include #include #include -#include "e_os.h" #include "blake2_locl.h" #include "blake2_impl.h" diff --git a/deps/openssl/openssl/crypto/blake2/blake2s.c b/deps/openssl/openssl/crypto/blake2/blake2s.c index 0b3503e4f00754..8211374d123f12 100644 --- a/deps/openssl/openssl/crypto/blake2/blake2s.c +++ b/deps/openssl/openssl/crypto/blake2/blake2s.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -17,7 +17,6 @@ #include #include #include -#include "e_os.h" #include "blake2_locl.h" #include "blake2_impl.h" @@ -219,7 +218,7 @@ int BLAKE2s_Update(BLAKE2S_CTX *c, const void *data, size_t datalen) in += fill; datalen -= fill; } - if (datalen > BLAKE2S_BLOCKBYTES) { + if (datalen > BLAKE2S_BLOCKBYTES) { size_t stashlen = datalen % BLAKE2S_BLOCKBYTES; /* * If |datalen| is a multiple of the blocksize, stash diff --git a/deps/openssl/openssl/crypto/blake2/m_blake2b.c b/deps/openssl/openssl/crypto/blake2/m_blake2b.c index 82c6f6bd80447c..c493648c3cd086 100644 --- a/deps/openssl/openssl/crypto/blake2/m_blake2b.c +++ b/deps/openssl/openssl/crypto/blake2/m_blake2b.c @@ -54,6 +54,6 @@ static const EVP_MD blake2b_md = { const EVP_MD *EVP_blake2b512(void) { - return (&blake2b_md); + return &blake2b_md; } #endif diff --git a/deps/openssl/openssl/crypto/blake2/m_blake2s.c b/deps/openssl/openssl/crypto/blake2/m_blake2s.c index 467e91a87bddd1..83b2811e443283 100644 --- a/deps/openssl/openssl/crypto/blake2/m_blake2s.c +++ b/deps/openssl/openssl/crypto/blake2/m_blake2s.c @@ -54,6 +54,6 @@ static const EVP_MD blake2s_md = { const EVP_MD *EVP_blake2s256(void) { - return (&blake2s_md); + return &blake2s_md; } #endif diff --git a/deps/openssl/openssl/crypto/bn/README.pod b/deps/openssl/openssl/crypto/bn/README.pod index 109ab0d9142872..706a140342cd69 100644 --- a/deps/openssl/openssl/crypto/bn/README.pod +++ b/deps/openssl/openssl/crypto/bn/README.pod @@ -6,7 +6,7 @@ bn_mul_words, bn_mul_add_words, bn_sqr_words, bn_div_words, bn_add_words, bn_sub_words, bn_mul_comba4, bn_mul_comba8, bn_sqr_comba4, bn_sqr_comba8, bn_cmp_words, bn_mul_normal, bn_mul_low_normal, bn_mul_recursive, bn_mul_part_recursive, -bn_mul_low_recursive, bn_mul_high, bn_sqr_normal, bn_sqr_recursive, +bn_mul_low_recursive, bn_sqr_normal, bn_sqr_recursive, bn_expand, bn_wexpand, bn_expand2, bn_fix_top, bn_check_top, bn_print, bn_dump, bn_set_max, bn_set_high, bn_set_low - BIGNUM library internal functions @@ -41,8 +41,6 @@ library internal functions int n, int tna, int tnb, BN_ULONG *tmp); void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, BN_ULONG *tmp); - void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, - int n2, BN_ULONG *tmp); void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp); void bn_sqr_recursive(BN_ULONG *r, BN_ULONG *a, int n2, BN_ULONG *tmp); @@ -178,10 +176,6 @@ bn_mul_low_recursive(B, B, B, B, B) operates on the B word arrays B and B and the B/2 word arrays B and B. -bn_mul_high(B, B, B, B, B, B) operates on the -B word arrays B, B, B and B (?) and the 3*B word -array B. - BN_mul() calls bn_mul_normal(), or an optimized implementation if the factors have the same size: bn_mul_comba8() is used if they are 8 words long, bn_mul_recursive() if they are larger than diff --git a/deps/openssl/openssl/crypto/bn/asm/alpha-mont.pl b/deps/openssl/openssl/crypto/bn/asm/alpha-mont.pl index 96321330904d2a..c9b962a150de61 100644 --- a/deps/openssl/openssl/crypto/bn/asm/alpha-mont.pl +++ b/deps/openssl/openssl/crypto/bn/asm/alpha-mont.pl @@ -8,7 +8,7 @@ # # ==================================================================== -# Written by Andy Polyakov for the OpenSSL +# Written by Andy Polyakov for the OpenSSL # project. The module is, however, dual licensed under OpenSSL and # CRYPTOGAMS licenses depending on where you obtain it. For further # details see http://www.openssl.org/~appro/cryptogams/. diff --git a/deps/openssl/openssl/crypto/bn/asm/armv4-gf2m.pl b/deps/openssl/openssl/crypto/bn/asm/armv4-gf2m.pl index 0bb54330759034..7a0cdb2e8a0096 100644 --- a/deps/openssl/openssl/crypto/bn/asm/armv4-gf2m.pl +++ b/deps/openssl/openssl/crypto/bn/asm/armv4-gf2m.pl @@ -36,7 +36,7 @@ # # Câmara, D.; Gouvêa, C. P. L.; López, J. & Dahab, R.: Fast Software # Polynomial Multiplication on ARM Processors using the NEON Engine. -# +# # http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf $flavour = shift; diff --git a/deps/openssl/openssl/crypto/bn/asm/armv4-mont.pl b/deps/openssl/openssl/crypto/bn/asm/armv4-mont.pl index ddee8b7fa14e1d..6bedc62ba62deb 100644 --- a/deps/openssl/openssl/crypto/bn/asm/armv4-mont.pl +++ b/deps/openssl/openssl/crypto/bn/asm/armv4-mont.pl @@ -23,7 +23,7 @@ # [depending on key length, less for longer keys] on ARM920T, and # +115-80% on Intel IXP425. This is compared to pre-bn_mul_mont code # base and compiler generated code with in-lined umull and even umlal -# instructions. The latter means that this code didn't really have an +# instructions. The latter means that this code didn't really have an # "advantage" of utilizing some "secret" instruction. # # The code is interoperable with Thumb ISA and is rather compact, less diff --git a/deps/openssl/openssl/crypto/bn/asm/bn-586.pl b/deps/openssl/openssl/crypto/bn/asm/bn-586.pl index 1ca1bbf7d4e17f..58effc8808dd47 100644 --- a/deps/openssl/openssl/crypto/bn/asm/bn-586.pl +++ b/deps/openssl/openssl/crypto/bn/asm/bn-586.pl @@ -14,7 +14,7 @@ $output = pop; open STDOUT,">$output"; -&asm_init($ARGV[0],$0); +&asm_init($ARGV[0]); $sse2=0; for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } @@ -54,7 +54,7 @@ sub bn_mul_add_words &movd("mm0",&wparam(3)); # mm0 = w &pxor("mm1","mm1"); # mm1 = carry_in &jmp(&label("maw_sse2_entry")); - + &set_label("maw_sse2_unrolled",16); &movd("mm3",&DWP(0,$r,"",0)); # mm3 = r[0] &paddq("mm1","mm3"); # mm1 = carry_in + r[0] @@ -675,20 +675,20 @@ sub bn_sub_part_words &adc($c,0); &mov(&DWP($i*4,$r,"",0),$tmp1); # *r } - + &comment(""); &add($b,32); &add($r,32); &sub($num,8); &jnz(&label("pw_neg_loop")); - + &set_label("pw_neg_finish",0); &mov($tmp2,&wparam(4)); # get dl &mov($num,0); &sub($num,$tmp2); &and($num,7); &jz(&label("pw_end")); - + for ($i=0; $i<7; $i++) { &comment("dl<0 Tail Round $i"); @@ -705,9 +705,9 @@ sub bn_sub_part_words } &jmp(&label("pw_end")); - + &set_label("pw_pos",0); - + &and($num,0xfffffff8); # num / 8 &jz(&label("pw_pos_finish")); @@ -722,18 +722,18 @@ sub bn_sub_part_words &mov(&DWP($i*4,$r,"",0),$tmp1); # *r &jnc(&label("pw_nc".$i)); } - + &comment(""); &add($a,32); &add($r,32); &sub($num,8); &jnz(&label("pw_pos_loop")); - + &set_label("pw_pos_finish",0); &mov($num,&wparam(4)); # get dl &and($num,7); &jz(&label("pw_end")); - + for ($i=0; $i<7; $i++) { &comment("dl>0 Tail Round $i"); @@ -754,17 +754,17 @@ sub bn_sub_part_words &mov(&DWP($i*4,$r,"",0),$tmp1); # *r &set_label("pw_nc".$i,0); } - + &comment(""); &add($a,32); &add($r,32); &sub($num,8); &jnz(&label("pw_nc_loop")); - + &mov($num,&wparam(4)); # get dl &and($num,7); &jz(&label("pw_nc_end")); - + for ($i=0; $i<7; $i++) { &mov($tmp1,&DWP($i*4,$a,"",0)); # *a diff --git a/deps/openssl/openssl/crypto/bn/asm/c64xplus-gf2m.pl b/deps/openssl/openssl/crypto/bn/asm/c64xplus-gf2m.pl index c0e5400807f5b6..9c46da3af8d1f5 100644 --- a/deps/openssl/openssl/crypto/bn/asm/c64xplus-gf2m.pl +++ b/deps/openssl/openssl/crypto/bn/asm/c64xplus-gf2m.pl @@ -43,7 +43,7 @@ sub mul_1x1_upper { SHRU $A,16, $Ahi ; smash $A to two halfwords || EXTU $A,16,16,$Alo - XORMPY $Alo,$B_2,$Alox2 ; 16x8 bits muliplication + XORMPY $Alo,$B_2,$Alox2 ; 16x8 bits multiplication || XORMPY $Ahi,$B_2,$Ahix2 || EXTU $B,16,24,$B_1 XORMPY $Alo,$B_0,$Alox0 diff --git a/deps/openssl/openssl/crypto/bn/asm/co-586.pl b/deps/openssl/openssl/crypto/bn/asm/co-586.pl index 60d0363660d093..97f5e3a19fc43a 100644 --- a/deps/openssl/openssl/crypto/bn/asm/co-586.pl +++ b/deps/openssl/openssl/crypto/bn/asm/co-586.pl @@ -13,7 +13,7 @@ $output = pop; open STDOUT,">$output"; -&asm_init($ARGV[0],$0); +&asm_init($ARGV[0]); &bn_mul_comba("bn_mul_comba8",8); &bn_mul_comba("bn_mul_comba4",4); @@ -47,7 +47,7 @@ sub mul_add_c &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 1; # laod next b ### &adc($c2,0); - # is pos > 1, it means it is the last loop + # is pos > 1, it means it is the last loop &mov(&DWP($i*4,"eax","",0),$c0) if $pos > 0; # save r[]; &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1; # laod next a } @@ -76,7 +76,7 @@ sub sqr_add_c &mov("edx",&DWP(($nb)*4,$a,"",0)) if ($pos == 1) && ($na != $nb); ### &adc($c2,0); - # is pos > 1, it means it is the last loop + # is pos > 1, it means it is the last loop &mov(&DWP($i*4,$r,"",0),$c0) if $pos > 0; # save r[]; &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1; # load next b } @@ -127,7 +127,7 @@ sub bn_mul_comba $c2="ebp"; $a="esi"; $b="edi"; - + $as=0; $ae=0; $bs=0; @@ -142,9 +142,9 @@ sub bn_mul_comba &push("ebx"); &xor($c0,$c0); - &mov("eax",&DWP(0,$a,"",0)); # load the first word + &mov("eax",&DWP(0,$a,"",0)); # load the first word &xor($c1,$c1); - &mov("edx",&DWP(0,$b,"",0)); # load the first second + &mov("edx",&DWP(0,$b,"",0)); # load the first second for ($i=0; $i<$tot; $i++) { @@ -152,7 +152,7 @@ sub bn_mul_comba $bi=$bs; $end=$be+1; - &comment("################## Calculate word $i"); + &comment("################## Calculate word $i"); for ($j=$bs; $j<$end; $j++) { diff --git a/deps/openssl/openssl/crypto/bn/asm/ia64-mont.pl b/deps/openssl/openssl/crypto/bn/asm/ia64-mont.pl index 0df1fad115bc19..ec486f77792be6 100644 --- a/deps/openssl/openssl/crypto/bn/asm/ia64-mont.pl +++ b/deps/openssl/openssl/crypto/bn/asm/ia64-mont.pl @@ -8,7 +8,7 @@ # # ==================================================================== -# Written by Andy Polyakov for the OpenSSL +# Written by Andy Polyakov for the OpenSSL # project. The module is, however, dual licensed under OpenSSL and # CRYPTOGAMS licenses depending on where you obtain it. For further # details see http://www.openssl.org/~appro/cryptogams/. @@ -80,7 +80,7 @@ // int bn_mul_mont (BN_ULONG *rp,const BN_ULONG *ap, // const BN_ULONG *bp,const BN_ULONG *np, -// const BN_ULONG *n0p,int num); +// const BN_ULONG *n0p,int num); .align 64 .global bn_mul_mont# .proc bn_mul_mont# @@ -203,7 +203,7 @@ { .mmi; .pred.rel "mutex",p39,p41 (p39) add topbit=r0,r0 (p41) add topbit=r0,r0,1 - nop.i 0 } + nop.i 0 } { .mmi; st8 [tp_1]=n[0] add tptr=16,sp add tp_1=8,sp };; diff --git a/deps/openssl/openssl/crypto/bn/asm/ia64.S b/deps/openssl/openssl/crypto/bn/asm/ia64.S index f2404a3c1e0ef7..d235c45e2d6321 100644 --- a/deps/openssl/openssl/crypto/bn/asm/ia64.S +++ b/deps/openssl/openssl/crypto/bn/asm/ia64.S @@ -1,9 +1,9 @@ .explicit .text .ident "ia64.S, Version 2.1" -.ident "IA-64 ISA artwork by Andy Polyakov " +.ident "IA-64 ISA artwork by Andy Polyakov " -// Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. +// Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. // // Licensed under the OpenSSL license (the "License"). You may not use // this file except in compliance with the License. You can obtain a copy @@ -12,7 +12,7 @@ // // ==================================================================== -// Written by Andy Polyakov for the OpenSSL +// Written by Andy Polyakov for the OpenSSL // project. // // Rights for redistribution and usage in source and binary forms are @@ -20,7 +20,7 @@ // disclaimed. // ==================================================================== // -// Version 2.x is Itanium2 re-tune. Few words about how Itanum2 is +// Version 2.x is Itanium2 re-tune. Few words about how Itanium2 is // different from Itanium to this module viewpoint. Most notably, is it // "wider" than Itanium? Can you experience loop scalability as // discussed in commentary sections? Not really:-( Itanium2 has 6 @@ -141,7 +141,7 @@ // User Mask I want to excuse the kernel from preserving upper // (f32-f128) FP register bank over process context switch, thus // minimizing bus bandwidth consumption during the switch (i.e. -// after PKI opration completes and the program is off doing +// after PKI operation completes and the program is off doing // something else like bulk symmetric encryption). Having said // this, I also want to point out that it might be good idea // to compile the whole toolkit (as well as majority of the @@ -157,12 +157,15 @@ #else #define ADDP add #endif +#ifdef __VMS +.alias abort, "decc$abort" +#endif #if 1 // // bn_[add|sub]_words routines. // -// Loops are spinning in 2*(n+5) ticks on Itanuim (provided that the +// Loops are spinning in 2*(n+5) ticks on Itanium (provided that the // data reside in L1 cache, i.e. 2 ticks away). It's possible to // compress the epilogue and get down to 2*n+6, but at the cost of // scalability (the neat feature of this implementation is that it @@ -500,7 +503,7 @@ bn_sqr_words: // possible to compress the epilogue (I'm getting tired to write this // comment over and over) and get down to 2*n+16 at the cost of // scalability. The decision will very likely be reconsidered after the -// benchmark program is profiled. I.e. if perfomance gain on Itanium +// benchmark program is profiled. I.e. if performance gain on Itanium // will appear larger than loss on "wider" IA-64, then the loop should // be explicitly split and the epilogue compressed. .L_bn_sqr_words_ctop: @@ -936,7 +939,7 @@ bn_mul_comba8: xma.hu f118=f39,f127,f117 } { .mfi; xma.lu f117=f39,f127,f117 };;// //-------------------------------------------------// -// Leaving muliplier's heaven... Quite a ride, huh? +// Leaving multiplier's heaven... Quite a ride, huh? { .mii; getf.sig r31=f47 add r25=r25,r24 @@ -1428,6 +1431,7 @@ bn_div_words: mov ar.ec=0 // don't rotate at exit mov pr.rot=0 } { .mii; mov L=r33 // save l + mov r25=r0 // needed if abort is called on VMS mov r36=r0 };; .L_divw_shift: // -vv- note signed comparison @@ -1529,9 +1533,8 @@ bn_div_words: // output: f8 = (int)(a/b) // clobbered: f8,f9,f10,f11,pred pred=p15 -// One can argue that this snippet is copyrighted to Intel -// Corporation, as it's essentially identical to one of those -// found in "Divide, Square Root and Remainder" section at +// This snippet is based on text found in the "Divide, Square +// Root and Remainder" section at // http://www.intel.com/software/products/opensource/libraries/num.htm. // Yes, I admit that the referred code was used as template, // but after I realized that there hardly is any other instruction diff --git a/deps/openssl/openssl/crypto/bn/asm/mips-mont.pl b/deps/openssl/openssl/crypto/bn/asm/mips-mont.pl index e141e1a9252421..fbe5d04f716c98 100644 --- a/deps/openssl/openssl/crypto/bn/asm/mips-mont.pl +++ b/deps/openssl/openssl/crypto/bn/asm/mips-mont.pl @@ -56,14 +56,14 @@ $flavour = shift || "o32"; # supported flavours are o32,n32,64,nubi32,nubi64 if ($flavour =~ /64|n32/i) { - $PTR_ADD="dadd"; # incidentally works even on n32 - $PTR_SUB="dsub"; # incidentally works even on n32 + $PTR_ADD="daddu"; # incidentally works even on n32 + $PTR_SUB="dsubu"; # incidentally works even on n32 $REG_S="sd"; $REG_L="ld"; $SZREG=8; } else { - $PTR_ADD="add"; - $PTR_SUB="sub"; + $PTR_ADD="addu"; + $PTR_SUB="subu"; $REG_S="sw"; $REG_L="lw"; $SZREG=4; @@ -121,6 +121,8 @@ $FRAMESIZE=14; $code=<<___; +#include "mips_arch.h" + .text .set noat @@ -183,27 +185,27 @@ $PTR_SUB $sp,$num and $sp,$at - $MULTU $aj,$bi - $LD $alo,$BNSZ($ap) - $LD $nlo,$BNSZ($np) - mflo $lo0 - mfhi $hi0 - $MULTU $lo0,$n0 - mflo $m1 - - $MULTU $alo,$bi - mflo $alo - mfhi $ahi - - $MULTU $nj,$m1 - mflo $lo1 - mfhi $hi1 - $MULTU $nlo,$m1 + $MULTU ($aj,$bi) + $LD $ahi,$BNSZ($ap) + $LD $nhi,$BNSZ($np) + mflo ($lo0,$aj,$bi) + mfhi ($hi0,$aj,$bi) + $MULTU ($lo0,$n0) + mflo ($m1,$lo0,$n0) + + $MULTU ($ahi,$bi) + mflo ($alo,$ahi,$bi) + mfhi ($ahi,$ahi,$bi) + + $MULTU ($nj,$m1) + mflo ($lo1,$nj,$m1) + mfhi ($hi1,$nj,$m1) + $MULTU ($nhi,$m1) $ADDU $lo1,$lo0 sltu $at,$lo1,$lo0 $ADDU $hi1,$at - mflo $nlo - mfhi $nhi + mflo ($nlo,$nhi,$m1) + mfhi ($nhi,$nhi,$m1) move $tp,$sp li $j,2*$BNSZ @@ -215,25 +217,25 @@ $LD $aj,($aj) $LD $nj,($nj) - $MULTU $aj,$bi + $MULTU ($aj,$bi) $ADDU $lo0,$alo,$hi0 $ADDU $lo1,$nlo,$hi1 sltu $at,$lo0,$hi0 sltu $t0,$lo1,$hi1 $ADDU $hi0,$ahi,$at $ADDU $hi1,$nhi,$t0 - mflo $alo - mfhi $ahi + mflo ($alo,$aj,$bi) + mfhi ($ahi,$aj,$bi) $ADDU $lo1,$lo0 sltu $at,$lo1,$lo0 - $MULTU $nj,$m1 + $MULTU ($nj,$m1) $ADDU $hi1,$at addu $j,$BNSZ $ST $lo1,($tp) sltu $t0,$j,$num - mflo $nlo - mfhi $nhi + mflo ($nlo,$nj,$m1) + mfhi ($nhi,$nj,$m1) bnez $t0,.L1st $PTR_ADD $tp,$BNSZ @@ -263,34 +265,34 @@ $PTR_ADD $bi,$bp,$i $LD $bi,($bi) $LD $aj,($ap) - $LD $alo,$BNSZ($ap) + $LD $ahi,$BNSZ($ap) $LD $tj,($sp) - $MULTU $aj,$bi + $MULTU ($aj,$bi) $LD $nj,($np) - $LD $nlo,$BNSZ($np) - mflo $lo0 - mfhi $hi0 + $LD $nhi,$BNSZ($np) + mflo ($lo0,$aj,$bi) + mfhi ($hi0,$aj,$bi) $ADDU $lo0,$tj - $MULTU $lo0,$n0 + $MULTU ($lo0,$n0) sltu $at,$lo0,$tj $ADDU $hi0,$at - mflo $m1 + mflo ($m1,$lo0,$n0) - $MULTU $alo,$bi - mflo $alo - mfhi $ahi + $MULTU ($ahi,$bi) + mflo ($alo,$ahi,$bi) + mfhi ($ahi,$ahi,$bi) - $MULTU $nj,$m1 - mflo $lo1 - mfhi $hi1 + $MULTU ($nj,$m1) + mflo ($lo1,$nj,$m1) + mfhi ($hi1,$nj,$m1) - $MULTU $nlo,$m1 + $MULTU ($nhi,$m1) $ADDU $lo1,$lo0 sltu $at,$lo1,$lo0 $ADDU $hi1,$at - mflo $nlo - mfhi $nhi + mflo ($nlo,$nhi,$m1) + mfhi ($nhi,$nhi,$m1) move $tp,$sp li $j,2*$BNSZ @@ -303,19 +305,19 @@ $LD $aj,($aj) $LD $nj,($nj) - $MULTU $aj,$bi + $MULTU ($aj,$bi) $ADDU $lo0,$alo,$hi0 $ADDU $lo1,$nlo,$hi1 sltu $at,$lo0,$hi0 sltu $t0,$lo1,$hi1 $ADDU $hi0,$ahi,$at $ADDU $hi1,$nhi,$t0 - mflo $alo - mfhi $ahi + mflo ($alo,$aj,$bi) + mfhi ($ahi,$aj,$bi) $ADDU $lo0,$tj addu $j,$BNSZ - $MULTU $nj,$m1 + $MULTU ($nj,$m1) sltu $at,$lo0,$tj $ADDU $lo1,$lo0 $ADDU $hi0,$at @@ -323,8 +325,8 @@ $LD $tj,2*$BNSZ($tp) $ADDU $hi1,$t0 sltu $at,$j,$num - mflo $nlo - mfhi $nhi + mflo ($nlo,$nj,$m1) + mfhi ($nhi,$nj,$m1) $ST $lo1,($tp) bnez $at,.Linner $PTR_ADD $tp,$BNSZ diff --git a/deps/openssl/openssl/crypto/bn/asm/mips.pl b/deps/openssl/openssl/crypto/bn/asm/mips.pl index 420f01f3a4c141..da35ec1b30cea5 100644 --- a/deps/openssl/openssl/crypto/bn/asm/mips.pl +++ b/deps/openssl/openssl/crypto/bn/asm/mips.pl @@ -8,7 +8,7 @@ # # ==================================================================== -# Written by Andy Polyakov for the OpenSSL +# Written by Andy Polyakov for the OpenSSL # project. # # Rights for redistribution and usage in source and binary forms are @@ -42,7 +42,7 @@ # Performance improvement is astonishing! 'apps/openssl speed rsa dsa' # goes way over 3 times faster! # -# +# # October 2010 # @@ -109,6 +109,22 @@ $minus4=$v1; $code.=<<___; +#include "mips_arch.h" + +#if defined(_MIPS_ARCH_MIPS64R6) +# define ddivu(rs,rt) +# define mfqt(rd,rs,rt) ddivu rd,rs,rt +# define mfrm(rd,rs,rt) dmodu rd,rs,rt +#elif defined(_MIPS_ARCH_MIPS32R6) +# define divu(rs,rt) +# define mfqt(rd,rs,rt) divu rd,rs,rt +# define mfrm(rd,rs,rt) modu rd,rs,rt +#else +# define $DIVU(rs,rt) $DIVU $zero,rs,rt +# define mfqt(rd,rs,rt) mflo rd +# define mfrm(rd,rs,rt) mfhi rd +#endif + .rdata .asciiz "mips3.s, Version 1.2" .asciiz "MIPS II/III/IV ISA artwork by Andy Polyakov " @@ -151,7 +167,7 @@ .L_bn_mul_add_words_loop: $LD $t0,0($a1) - $MULTU $t0,$a3 + $MULTU ($t0,$a3) $LD $t1,0($a0) $LD $t2,$BNSZ($a1) $LD $t3,$BNSZ($a0) @@ -161,11 +177,11 @@ sltu $v0,$t1,$v0 # All manuals say it "compares 32-bit # values", but it seems to work fine # even on 64-bit registers. - mflo $at - mfhi $t0 + mflo ($at,$t0,$a3) + mfhi ($t0,$t0,$a3) $ADDU $t1,$at $ADDU $v0,$t0 - $MULTU $t2,$a3 + $MULTU ($t2,$a3) sltu $at,$t1,$at $ST $t1,0($a0) $ADDU $v0,$at @@ -174,11 +190,11 @@ $LD $ta3,3*$BNSZ($a0) $ADDU $t3,$v0 sltu $v0,$t3,$v0 - mflo $at - mfhi $t2 + mflo ($at,$t2,$a3) + mfhi ($t2,$t2,$a3) $ADDU $t3,$at $ADDU $v0,$t2 - $MULTU $ta0,$a3 + $MULTU ($ta0,$a3) sltu $at,$t3,$at $ST $t3,$BNSZ($a0) $ADDU $v0,$at @@ -188,11 +204,11 @@ $PTR_ADD $a1,4*$BNSZ $ADDU $ta1,$v0 sltu $v0,$ta1,$v0 - mflo $at - mfhi $ta0 + mflo ($at,$ta0,$a3) + mfhi ($ta0,$ta0,$a3) $ADDU $ta1,$at $ADDU $v0,$ta0 - $MULTU $ta2,$a3 + $MULTU ($ta2,$a3) sltu $at,$ta1,$at $ST $ta1,-2*$BNSZ($a0) $ADDU $v0,$at @@ -201,8 +217,8 @@ and $ta0,$a2,$minus4 $ADDU $ta3,$v0 sltu $v0,$ta3,$v0 - mflo $at - mfhi $ta2 + mflo ($at,$ta2,$a3) + mfhi ($ta2,$ta2,$a3) $ADDU $ta3,$at $ADDU $v0,$ta2 sltu $at,$ta3,$at @@ -217,13 +233,13 @@ .L_bn_mul_add_words_tail: .set reorder $LD $t0,0($a1) - $MULTU $t0,$a3 + $MULTU ($t0,$a3) $LD $t1,0($a0) subu $a2,1 $ADDU $t1,$v0 sltu $v0,$t1,$v0 - mflo $at - mfhi $t0 + mflo ($at,$t0,$a3) + mfhi ($t0,$t0,$a3) $ADDU $t1,$at $ADDU $v0,$t0 sltu $at,$t1,$at @@ -232,13 +248,13 @@ beqz $a2,.L_bn_mul_add_words_return $LD $t0,$BNSZ($a1) - $MULTU $t0,$a3 + $MULTU ($t0,$a3) $LD $t1,$BNSZ($a0) subu $a2,1 $ADDU $t1,$v0 sltu $v0,$t1,$v0 - mflo $at - mfhi $t0 + mflo ($at,$t0,$a3) + mfhi ($t0,$t0,$a3) $ADDU $t1,$at $ADDU $v0,$t0 sltu $at,$t1,$at @@ -247,12 +263,12 @@ beqz $a2,.L_bn_mul_add_words_return $LD $t0,2*$BNSZ($a1) - $MULTU $t0,$a3 + $MULTU ($t0,$a3) $LD $t1,2*$BNSZ($a0) $ADDU $t1,$v0 sltu $v0,$t1,$v0 - mflo $at - mfhi $t0 + mflo ($at,$t0,$a3) + mfhi ($t0,$t0,$a3) $ADDU $t1,$at $ADDU $v0,$t0 sltu $at,$t1,$at @@ -310,40 +326,40 @@ .L_bn_mul_words_loop: $LD $t0,0($a1) - $MULTU $t0,$a3 + $MULTU ($t0,$a3) $LD $t2,$BNSZ($a1) $LD $ta0,2*$BNSZ($a1) $LD $ta2,3*$BNSZ($a1) - mflo $at - mfhi $t0 + mflo ($at,$t0,$a3) + mfhi ($t0,$t0,$a3) $ADDU $v0,$at sltu $t1,$v0,$at - $MULTU $t2,$a3 + $MULTU ($t2,$a3) $ST $v0,0($a0) $ADDU $v0,$t1,$t0 subu $a2,4 $PTR_ADD $a0,4*$BNSZ $PTR_ADD $a1,4*$BNSZ - mflo $at - mfhi $t2 + mflo ($at,$t2,$a3) + mfhi ($t2,$t2,$a3) $ADDU $v0,$at sltu $t3,$v0,$at - $MULTU $ta0,$a3 + $MULTU ($ta0,$a3) $ST $v0,-3*$BNSZ($a0) $ADDU $v0,$t3,$t2 - mflo $at - mfhi $ta0 + mflo ($at,$ta0,$a3) + mfhi ($ta0,$ta0,$a3) $ADDU $v0,$at sltu $ta1,$v0,$at - $MULTU $ta2,$a3 + $MULTU ($ta2,$a3) $ST $v0,-2*$BNSZ($a0) $ADDU $v0,$ta1,$ta0 and $ta0,$a2,$minus4 - mflo $at - mfhi $ta2 + mflo ($at,$ta2,$a3) + mfhi ($ta2,$ta2,$a3) $ADDU $v0,$at sltu $ta3,$v0,$at $ST $v0,-$BNSZ($a0) @@ -357,10 +373,10 @@ .L_bn_mul_words_tail: .set reorder $LD $t0,0($a1) - $MULTU $t0,$a3 + $MULTU ($t0,$a3) subu $a2,1 - mflo $at - mfhi $t0 + mflo ($at,$t0,$a3) + mfhi ($t0,$t0,$a3) $ADDU $v0,$at sltu $t1,$v0,$at $ST $v0,0($a0) @@ -368,10 +384,10 @@ beqz $a2,.L_bn_mul_words_return $LD $t0,$BNSZ($a1) - $MULTU $t0,$a3 + $MULTU ($t0,$a3) subu $a2,1 - mflo $at - mfhi $t0 + mflo ($at,$t0,$a3) + mfhi ($t0,$t0,$a3) $ADDU $v0,$at sltu $t1,$v0,$at $ST $v0,$BNSZ($a0) @@ -379,9 +395,9 @@ beqz $a2,.L_bn_mul_words_return $LD $t0,2*$BNSZ($a1) - $MULTU $t0,$a3 - mflo $at - mfhi $t0 + $MULTU ($t0,$a3) + mflo ($at,$t0,$a3) + mfhi ($t0,$t0,$a3) $ADDU $v0,$at sltu $t1,$v0,$at $ST $v0,2*$BNSZ($a0) @@ -438,35 +454,35 @@ .L_bn_sqr_words_loop: $LD $t0,0($a1) - $MULTU $t0,$t0 + $MULTU ($t0,$t0) $LD $t2,$BNSZ($a1) $LD $ta0,2*$BNSZ($a1) $LD $ta2,3*$BNSZ($a1) - mflo $t1 - mfhi $t0 + mflo ($t1,$t0,$t0) + mfhi ($t0,$t0,$t0) $ST $t1,0($a0) $ST $t0,$BNSZ($a0) - $MULTU $t2,$t2 + $MULTU ($t2,$t2) subu $a2,4 $PTR_ADD $a0,8*$BNSZ $PTR_ADD $a1,4*$BNSZ - mflo $t3 - mfhi $t2 + mflo ($t3,$t2,$t2) + mfhi ($t2,$t2,$t2) $ST $t3,-6*$BNSZ($a0) $ST $t2,-5*$BNSZ($a0) - $MULTU $ta0,$ta0 - mflo $ta1 - mfhi $ta0 + $MULTU ($ta0,$ta0) + mflo ($ta1,$ta0,$ta0) + mfhi ($ta0,$ta0,$ta0) $ST $ta1,-4*$BNSZ($a0) $ST $ta0,-3*$BNSZ($a0) - $MULTU $ta2,$ta2 + $MULTU ($ta2,$ta2) and $ta0,$a2,$minus4 - mflo $ta3 - mfhi $ta2 + mflo ($ta3,$ta2,$ta2) + mfhi ($ta2,$ta2,$ta2) $ST $ta3,-2*$BNSZ($a0) .set noreorder @@ -479,27 +495,27 @@ .L_bn_sqr_words_tail: .set reorder $LD $t0,0($a1) - $MULTU $t0,$t0 + $MULTU ($t0,$t0) subu $a2,1 - mflo $t1 - mfhi $t0 + mflo ($t1,$t0,$t0) + mfhi ($t0,$t0,$t0) $ST $t1,0($a0) $ST $t0,$BNSZ($a0) beqz $a2,.L_bn_sqr_words_return $LD $t0,$BNSZ($a1) - $MULTU $t0,$t0 + $MULTU ($t0,$t0) subu $a2,1 - mflo $t1 - mfhi $t0 + mflo ($t1,$t0,$t0) + mfhi ($t0,$t0,$t0) $ST $t1,2*$BNSZ($a0) $ST $t0,3*$BNSZ($a0) beqz $a2,.L_bn_sqr_words_return $LD $t0,2*$BNSZ($a1) - $MULTU $t0,$t0 - mflo $t1 - mfhi $t0 + $MULTU ($t0,$t0) + mflo ($t1,$t0,$t0) + mfhi ($t0,$t0,$t0) $ST $t1,4*$BNSZ($a0) $ST $t0,5*$BNSZ($a0) @@ -587,13 +603,13 @@ sltu $v0,$t2,$ta2 $ST $t2,-2*$BNSZ($a0) $ADDU $v0,$t8 - + $ADDU $ta3,$t3 sltu $t9,$ta3,$t3 $ADDU $t3,$ta3,$v0 sltu $v0,$t3,$ta3 $ST $t3,-$BNSZ($a0) - + .set noreorder bgtz $at,.L_bn_add_words_loop $ADDU $v0,$t9 @@ -792,7 +808,7 @@ # so that we can save two arguments # and return address in registers # instead of stack:-) - + $LD $a0,($a3) move $ta2,$a1 bne $a0,$a2,bn_div_3_words_internal @@ -823,11 +839,11 @@ move $ta3,$ra bal bn_div_words_internal move $ra,$ta3 - $MULTU $ta2,$v0 + $MULTU ($ta2,$v0) $LD $t2,-2*$BNSZ($a3) move $ta0,$zero - mfhi $t1 - mflo $t0 + mfhi ($t1,$ta2,$v0) + mflo ($t0,$ta2,$v0) sltu $t8,$t1,$a1 .L_bn_div_3_words_inner_loop: bnez $t8,.L_bn_div_3_words_inner_loop_done @@ -930,15 +946,15 @@ $SRL $HH,$a0,4*$BNSZ # bits $SRL $QT,4*$BNSZ # q=0xffffffff beq $DH,$HH,.L_bn_div_words_skip_div1 - $DIVU $zero,$a0,$DH - mflo $QT + $DIVU ($a0,$DH) + mfqt ($QT,$a0,$DH) .L_bn_div_words_skip_div1: - $MULTU $a2,$QT + $MULTU ($a2,$QT) $SLL $t3,$a0,4*$BNSZ # bits $SRL $at,$a1,4*$BNSZ # bits or $t3,$at - mflo $t0 - mfhi $t1 + mflo ($t0,$a2,$QT) + mfhi ($t1,$a2,$QT) .L_bn_div_words_inner_loop1: sltu $t2,$t3,$t0 seq $t8,$HH,$t1 @@ -963,15 +979,15 @@ $SRL $HH,$a0,4*$BNSZ # bits $SRL $QT,4*$BNSZ # q=0xffffffff beq $DH,$HH,.L_bn_div_words_skip_div2 - $DIVU $zero,$a0,$DH - mflo $QT + $DIVU ($a0,$DH) + mfqt ($QT,$a0,$DH) .L_bn_div_words_skip_div2: - $MULTU $a2,$QT + $MULTU ($a2,$QT) $SLL $t3,$a0,4*$BNSZ # bits $SRL $at,$a1,4*$BNSZ # bits or $t3,$at - mflo $t0 - mfhi $t1 + mflo ($t0,$a2,$QT) + mfhi ($t1,$a2,$QT) .L_bn_div_words_inner_loop2: sltu $t2,$t3,$t0 seq $t8,$HH,$t1 @@ -1070,592 +1086,592 @@ $LD $b_0,0($a2) $LD $a_1,$BNSZ($a1) $LD $a_2,2*$BNSZ($a1) - $MULTU $a_0,$b_0 # mul_add_c(a[0],b[0],c1,c2,c3); + $MULTU ($a_0,$b_0) # mul_add_c(a[0],b[0],c1,c2,c3); $LD $a_3,3*$BNSZ($a1) $LD $b_1,$BNSZ($a2) $LD $b_2,2*$BNSZ($a2) $LD $b_3,3*$BNSZ($a2) - mflo $c_1 - mfhi $c_2 + mflo ($c_1,$a_0,$b_0) + mfhi ($c_2,$a_0,$b_0) $LD $a_4,4*$BNSZ($a1) $LD $a_5,5*$BNSZ($a1) - $MULTU $a_0,$b_1 # mul_add_c(a[0],b[1],c2,c3,c1); + $MULTU ($a_0,$b_1) # mul_add_c(a[0],b[1],c2,c3,c1); $LD $a_6,6*$BNSZ($a1) $LD $a_7,7*$BNSZ($a1) $LD $b_4,4*$BNSZ($a2) $LD $b_5,5*$BNSZ($a2) - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_0,$b_1) + mfhi ($t_2,$a_0,$b_1) $ADDU $c_2,$t_1 sltu $at,$c_2,$t_1 - $MULTU $a_1,$b_0 # mul_add_c(a[1],b[0],c2,c3,c1); + $MULTU ($a_1,$b_0) # mul_add_c(a[1],b[0],c2,c3,c1); $ADDU $c_3,$t_2,$at $LD $b_6,6*$BNSZ($a2) $LD $b_7,7*$BNSZ($a2) $ST $c_1,0($a0) # r[0]=c1; - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_1,$b_0) + mfhi ($t_2,$a_1,$b_0) $ADDU $c_2,$t_1 sltu $at,$c_2,$t_1 - $MULTU $a_2,$b_0 # mul_add_c(a[2],b[0],c3,c1,c2); + $MULTU ($a_2,$b_0) # mul_add_c(a[2],b[0],c3,c1,c2); $ADDU $t_2,$at $ADDU $c_3,$t_2 sltu $c_1,$c_3,$t_2 $ST $c_2,$BNSZ($a0) # r[1]=c2; - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_2,$b_0) + mfhi ($t_2,$a_2,$b_0) $ADDU $c_3,$t_1 sltu $at,$c_3,$t_1 - $MULTU $a_1,$b_1 # mul_add_c(a[1],b[1],c3,c1,c2); + $MULTU ($a_1,$b_1) # mul_add_c(a[1],b[1],c3,c1,c2); $ADDU $t_2,$at $ADDU $c_1,$t_2 - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_1,$b_1) + mfhi ($t_2,$a_1,$b_1) $ADDU $c_3,$t_1 sltu $at,$c_3,$t_1 - $MULTU $a_0,$b_2 # mul_add_c(a[0],b[2],c3,c1,c2); + $MULTU ($a_0,$b_2) # mul_add_c(a[0],b[2],c3,c1,c2); $ADDU $t_2,$at $ADDU $c_1,$t_2 sltu $c_2,$c_1,$t_2 - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_0,$b_2) + mfhi ($t_2,$a_0,$b_2) $ADDU $c_3,$t_1 sltu $at,$c_3,$t_1 - $MULTU $a_0,$b_3 # mul_add_c(a[0],b[3],c1,c2,c3); + $MULTU ($a_0,$b_3) # mul_add_c(a[0],b[3],c1,c2,c3); $ADDU $t_2,$at $ADDU $c_1,$t_2 sltu $at,$c_1,$t_2 $ADDU $c_2,$at $ST $c_3,2*$BNSZ($a0) # r[2]=c3; - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_0,$b_3) + mfhi ($t_2,$a_0,$b_3) $ADDU $c_1,$t_1 sltu $at,$c_1,$t_1 - $MULTU $a_1,$b_2 # mul_add_c(a[1],b[2],c1,c2,c3); + $MULTU ($a_1,$b_2) # mul_add_c(a[1],b[2],c1,c2,c3); $ADDU $t_2,$at $ADDU $c_2,$t_2 sltu $c_3,$c_2,$t_2 - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_1,$b_2) + mfhi ($t_2,$a_1,$b_2) $ADDU $c_1,$t_1 sltu $at,$c_1,$t_1 - $MULTU $a_2,$b_1 # mul_add_c(a[2],b[1],c1,c2,c3); + $MULTU ($a_2,$b_1) # mul_add_c(a[2],b[1],c1,c2,c3); $ADDU $t_2,$at $ADDU $c_2,$t_2 sltu $at,$c_2,$t_2 $ADDU $c_3,$at - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_2,$b_1) + mfhi ($t_2,$a_2,$b_1) $ADDU $c_1,$t_1 sltu $at,$c_1,$t_1 - $MULTU $a_3,$b_0 # mul_add_c(a[3],b[0],c1,c2,c3); + $MULTU ($a_3,$b_0) # mul_add_c(a[3],b[0],c1,c2,c3); $ADDU $t_2,$at $ADDU $c_2,$t_2 sltu $at,$c_2,$t_2 $ADDU $c_3,$at - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_3,$b_0) + mfhi ($t_2,$a_3,$b_0) $ADDU $c_1,$t_1 sltu $at,$c_1,$t_1 - $MULTU $a_4,$b_0 # mul_add_c(a[4],b[0],c2,c3,c1); + $MULTU ($a_4,$b_0) # mul_add_c(a[4],b[0],c2,c3,c1); $ADDU $t_2,$at $ADDU $c_2,$t_2 sltu $at,$c_2,$t_2 $ADDU $c_3,$at $ST $c_1,3*$BNSZ($a0) # r[3]=c1; - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_4,$b_0) + mfhi ($t_2,$a_4,$b_0) $ADDU $c_2,$t_1 sltu $at,$c_2,$t_1 - $MULTU $a_3,$b_1 # mul_add_c(a[3],b[1],c2,c3,c1); + $MULTU ($a_3,$b_1) # mul_add_c(a[3],b[1],c2,c3,c1); $ADDU $t_2,$at $ADDU $c_3,$t_2 sltu $c_1,$c_3,$t_2 - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_3,$b_1) + mfhi ($t_2,$a_3,$b_1) $ADDU $c_2,$t_1 sltu $at,$c_2,$t_1 - $MULTU $a_2,$b_2 # mul_add_c(a[2],b[2],c2,c3,c1); + $MULTU ($a_2,$b_2) # mul_add_c(a[2],b[2],c2,c3,c1); $ADDU $t_2,$at $ADDU $c_3,$t_2 sltu $at,$c_3,$t_2 $ADDU $c_1,$at - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_2,$b_2) + mfhi ($t_2,$a_2,$b_2) $ADDU $c_2,$t_1 sltu $at,$c_2,$t_1 - $MULTU $a_1,$b_3 # mul_add_c(a[1],b[3],c2,c3,c1); + $MULTU ($a_1,$b_3) # mul_add_c(a[1],b[3],c2,c3,c1); $ADDU $t_2,$at $ADDU $c_3,$t_2 sltu $at,$c_3,$t_2 $ADDU $c_1,$at - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_1,$b_3) + mfhi ($t_2,$a_1,$b_3) $ADDU $c_2,$t_1 sltu $at,$c_2,$t_1 - $MULTU $a_0,$b_4 # mul_add_c(a[0],b[4],c2,c3,c1); + $MULTU ($a_0,$b_4) # mul_add_c(a[0],b[4],c2,c3,c1); $ADDU $t_2,$at $ADDU $c_3,$t_2 sltu $at,$c_3,$t_2 $ADDU $c_1,$at - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_0,$b_4) + mfhi ($t_2,$a_0,$b_4) $ADDU $c_2,$t_1 sltu $at,$c_2,$t_1 - $MULTU $a_0,$b_5 # mul_add_c(a[0],b[5],c3,c1,c2); + $MULTU ($a_0,$b_5) # mul_add_c(a[0],b[5],c3,c1,c2); $ADDU $t_2,$at $ADDU $c_3,$t_2 sltu $at,$c_3,$t_2 $ADDU $c_1,$at $ST $c_2,4*$BNSZ($a0) # r[4]=c2; - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_0,$b_5) + mfhi ($t_2,$a_0,$b_5) $ADDU $c_3,$t_1 sltu $at,$c_3,$t_1 - $MULTU $a_1,$b_4 # mul_add_c(a[1],b[4],c3,c1,c2); + $MULTU ($a_1,$b_4) # mul_add_c(a[1],b[4],c3,c1,c2); $ADDU $t_2,$at $ADDU $c_1,$t_2 sltu $c_2,$c_1,$t_2 - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_1,$b_4) + mfhi ($t_2,$a_1,$b_4) $ADDU $c_3,$t_1 sltu $at,$c_3,$t_1 - $MULTU $a_2,$b_3 # mul_add_c(a[2],b[3],c3,c1,c2); + $MULTU ($a_2,$b_3) # mul_add_c(a[2],b[3],c3,c1,c2); $ADDU $t_2,$at $ADDU $c_1,$t_2 sltu $at,$c_1,$t_2 $ADDU $c_2,$at - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_2,$b_3) + mfhi ($t_2,$a_2,$b_3) $ADDU $c_3,$t_1 sltu $at,$c_3,$t_1 - $MULTU $a_3,$b_2 # mul_add_c(a[3],b[2],c3,c1,c2); + $MULTU ($a_3,$b_2) # mul_add_c(a[3],b[2],c3,c1,c2); $ADDU $t_2,$at $ADDU $c_1,$t_2 sltu $at,$c_1,$t_2 $ADDU $c_2,$at - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_3,$b_2) + mfhi ($t_2,$a_3,$b_2) $ADDU $c_3,$t_1 sltu $at,$c_3,$t_1 - $MULTU $a_4,$b_1 # mul_add_c(a[4],b[1],c3,c1,c2); + $MULTU ($a_4,$b_1) # mul_add_c(a[4],b[1],c3,c1,c2); $ADDU $t_2,$at $ADDU $c_1,$t_2 sltu $at,$c_1,$t_2 $ADDU $c_2,$at - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_4,$b_1) + mfhi ($t_2,$a_4,$b_1) $ADDU $c_3,$t_1 sltu $at,$c_3,$t_1 - $MULTU $a_5,$b_0 # mul_add_c(a[5],b[0],c3,c1,c2); + $MULTU ($a_5,$b_0) # mul_add_c(a[5],b[0],c3,c1,c2); $ADDU $t_2,$at $ADDU $c_1,$t_2 sltu $at,$c_1,$t_2 $ADDU $c_2,$at - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_5,$b_0) + mfhi ($t_2,$a_5,$b_0) $ADDU $c_3,$t_1 sltu $at,$c_3,$t_1 - $MULTU $a_6,$b_0 # mul_add_c(a[6],b[0],c1,c2,c3); + $MULTU ($a_6,$b_0) # mul_add_c(a[6],b[0],c1,c2,c3); $ADDU $t_2,$at $ADDU $c_1,$t_2 sltu $at,$c_1,$t_2 $ADDU $c_2,$at $ST $c_3,5*$BNSZ($a0) # r[5]=c3; - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_6,$b_0) + mfhi ($t_2,$a_6,$b_0) $ADDU $c_1,$t_1 sltu $at,$c_1,$t_1 - $MULTU $a_5,$b_1 # mul_add_c(a[5],b[1],c1,c2,c3); + $MULTU ($a_5,$b_1) # mul_add_c(a[5],b[1],c1,c2,c3); $ADDU $t_2,$at $ADDU $c_2,$t_2 sltu $c_3,$c_2,$t_2 - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_5,$b_1) + mfhi ($t_2,$a_5,$b_1) $ADDU $c_1,$t_1 sltu $at,$c_1,$t_1 - $MULTU $a_4,$b_2 # mul_add_c(a[4],b[2],c1,c2,c3); + $MULTU ($a_4,$b_2) # mul_add_c(a[4],b[2],c1,c2,c3); $ADDU $t_2,$at $ADDU $c_2,$t_2 sltu $at,$c_2,$t_2 $ADDU $c_3,$at - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_4,$b_2) + mfhi ($t_2,$a_4,$b_2) $ADDU $c_1,$t_1 sltu $at,$c_1,$t_1 - $MULTU $a_3,$b_3 # mul_add_c(a[3],b[3],c1,c2,c3); + $MULTU ($a_3,$b_3) # mul_add_c(a[3],b[3],c1,c2,c3); $ADDU $t_2,$at $ADDU $c_2,$t_2 sltu $at,$c_2,$t_2 $ADDU $c_3,$at - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_3,$b_3) + mfhi ($t_2,$a_3,$b_3) $ADDU $c_1,$t_1 sltu $at,$c_1,$t_1 - $MULTU $a_2,$b_4 # mul_add_c(a[2],b[4],c1,c2,c3); + $MULTU ($a_2,$b_4) # mul_add_c(a[2],b[4],c1,c2,c3); $ADDU $t_2,$at $ADDU $c_2,$t_2 sltu $at,$c_2,$t_2 $ADDU $c_3,$at - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_2,$b_4) + mfhi ($t_2,$a_2,$b_4) $ADDU $c_1,$t_1 sltu $at,$c_1,$t_1 - $MULTU $a_1,$b_5 # mul_add_c(a[1],b[5],c1,c2,c3); + $MULTU ($a_1,$b_5) # mul_add_c(a[1],b[5],c1,c2,c3); $ADDU $t_2,$at $ADDU $c_2,$t_2 sltu $at,$c_2,$t_2 $ADDU $c_3,$at - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_1,$b_5) + mfhi ($t_2,$a_1,$b_5) $ADDU $c_1,$t_1 sltu $at,$c_1,$t_1 - $MULTU $a_0,$b_6 # mul_add_c(a[0],b[6],c1,c2,c3); + $MULTU ($a_0,$b_6) # mul_add_c(a[0],b[6],c1,c2,c3); $ADDU $t_2,$at $ADDU $c_2,$t_2 sltu $at,$c_2,$t_2 $ADDU $c_3,$at - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_0,$b_6) + mfhi ($t_2,$a_0,$b_6) $ADDU $c_1,$t_1 sltu $at,$c_1,$t_1 - $MULTU $a_0,$b_7 # mul_add_c(a[0],b[7],c2,c3,c1); + $MULTU ($a_0,$b_7) # mul_add_c(a[0],b[7],c2,c3,c1); $ADDU $t_2,$at $ADDU $c_2,$t_2 sltu $at,$c_2,$t_2 $ADDU $c_3,$at $ST $c_1,6*$BNSZ($a0) # r[6]=c1; - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_0,$b_7) + mfhi ($t_2,$a_0,$b_7) $ADDU $c_2,$t_1 sltu $at,$c_2,$t_1 - $MULTU $a_1,$b_6 # mul_add_c(a[1],b[6],c2,c3,c1); + $MULTU ($a_1,$b_6) # mul_add_c(a[1],b[6],c2,c3,c1); $ADDU $t_2,$at $ADDU $c_3,$t_2 sltu $c_1,$c_3,$t_2 - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_1,$b_6) + mfhi ($t_2,$a_1,$b_6) $ADDU $c_2,$t_1 sltu $at,$c_2,$t_1 - $MULTU $a_2,$b_5 # mul_add_c(a[2],b[5],c2,c3,c1); + $MULTU ($a_2,$b_5) # mul_add_c(a[2],b[5],c2,c3,c1); $ADDU $t_2,$at $ADDU $c_3,$t_2 sltu $at,$c_3,$t_2 $ADDU $c_1,$at - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_2,$b_5) + mfhi ($t_2,$a_2,$b_5) $ADDU $c_2,$t_1 sltu $at,$c_2,$t_1 - $MULTU $a_3,$b_4 # mul_add_c(a[3],b[4],c2,c3,c1); + $MULTU ($a_3,$b_4) # mul_add_c(a[3],b[4],c2,c3,c1); $ADDU $t_2,$at $ADDU $c_3,$t_2 sltu $at,$c_3,$t_2 $ADDU $c_1,$at - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_3,$b_4) + mfhi ($t_2,$a_3,$b_4) $ADDU $c_2,$t_1 sltu $at,$c_2,$t_1 - $MULTU $a_4,$b_3 # mul_add_c(a[4],b[3],c2,c3,c1); + $MULTU ($a_4,$b_3) # mul_add_c(a[4],b[3],c2,c3,c1); $ADDU $t_2,$at $ADDU $c_3,$t_2 sltu $at,$c_3,$t_2 $ADDU $c_1,$at - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_4,$b_3) + mfhi ($t_2,$a_4,$b_3) $ADDU $c_2,$t_1 sltu $at,$c_2,$t_1 - $MULTU $a_5,$b_2 # mul_add_c(a[5],b[2],c2,c3,c1); + $MULTU ($a_5,$b_2) # mul_add_c(a[5],b[2],c2,c3,c1); $ADDU $t_2,$at $ADDU $c_3,$t_2 sltu $at,$c_3,$t_2 $ADDU $c_1,$at - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_5,$b_2) + mfhi ($t_2,$a_5,$b_2) $ADDU $c_2,$t_1 sltu $at,$c_2,$t_1 - $MULTU $a_6,$b_1 # mul_add_c(a[6],b[1],c2,c3,c1); + $MULTU ($a_6,$b_1) # mul_add_c(a[6],b[1],c2,c3,c1); $ADDU $t_2,$at $ADDU $c_3,$t_2 sltu $at,$c_3,$t_2 $ADDU $c_1,$at - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_6,$b_1) + mfhi ($t_2,$a_6,$b_1) $ADDU $c_2,$t_1 sltu $at,$c_2,$t_1 - $MULTU $a_7,$b_0 # mul_add_c(a[7],b[0],c2,c3,c1); + $MULTU ($a_7,$b_0) # mul_add_c(a[7],b[0],c2,c3,c1); $ADDU $t_2,$at $ADDU $c_3,$t_2 sltu $at,$c_3,$t_2 $ADDU $c_1,$at - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_7,$b_0) + mfhi ($t_2,$a_7,$b_0) $ADDU $c_2,$t_1 sltu $at,$c_2,$t_1 - $MULTU $a_7,$b_1 # mul_add_c(a[7],b[1],c3,c1,c2); + $MULTU ($a_7,$b_1) # mul_add_c(a[7],b[1],c3,c1,c2); $ADDU $t_2,$at $ADDU $c_3,$t_2 sltu $at,$c_3,$t_2 $ADDU $c_1,$at $ST $c_2,7*$BNSZ($a0) # r[7]=c2; - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_7,$b_1) + mfhi ($t_2,$a_7,$b_1) $ADDU $c_3,$t_1 sltu $at,$c_3,$t_1 - $MULTU $a_6,$b_2 # mul_add_c(a[6],b[2],c3,c1,c2); + $MULTU ($a_6,$b_2) # mul_add_c(a[6],b[2],c3,c1,c2); $ADDU $t_2,$at $ADDU $c_1,$t_2 sltu $c_2,$c_1,$t_2 - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_6,$b_2) + mfhi ($t_2,$a_6,$b_2) $ADDU $c_3,$t_1 sltu $at,$c_3,$t_1 - $MULTU $a_5,$b_3 # mul_add_c(a[5],b[3],c3,c1,c2); + $MULTU ($a_5,$b_3) # mul_add_c(a[5],b[3],c3,c1,c2); $ADDU $t_2,$at $ADDU $c_1,$t_2 sltu $at,$c_1,$t_2 $ADDU $c_2,$at - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_5,$b_3) + mfhi ($t_2,$a_5,$b_3) $ADDU $c_3,$t_1 sltu $at,$c_3,$t_1 - $MULTU $a_4,$b_4 # mul_add_c(a[4],b[4],c3,c1,c2); + $MULTU ($a_4,$b_4) # mul_add_c(a[4],b[4],c3,c1,c2); $ADDU $t_2,$at $ADDU $c_1,$t_2 sltu $at,$c_1,$t_2 $ADDU $c_2,$at - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_4,$b_4) + mfhi ($t_2,$a_4,$b_4) $ADDU $c_3,$t_1 sltu $at,$c_3,$t_1 - $MULTU $a_3,$b_5 # mul_add_c(a[3],b[5],c3,c1,c2); + $MULTU ($a_3,$b_5) # mul_add_c(a[3],b[5],c3,c1,c2); $ADDU $t_2,$at $ADDU $c_1,$t_2 sltu $at,$c_1,$t_2 $ADDU $c_2,$at - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_3,$b_5) + mfhi ($t_2,$a_3,$b_5) $ADDU $c_3,$t_1 sltu $at,$c_3,$t_1 - $MULTU $a_2,$b_6 # mul_add_c(a[2],b[6],c3,c1,c2); + $MULTU ($a_2,$b_6) # mul_add_c(a[2],b[6],c3,c1,c2); $ADDU $t_2,$at $ADDU $c_1,$t_2 sltu $at,$c_1,$t_2 $ADDU $c_2,$at - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_2,$b_6) + mfhi ($t_2,$a_2,$b_6) $ADDU $c_3,$t_1 sltu $at,$c_3,$t_1 - $MULTU $a_1,$b_7 # mul_add_c(a[1],b[7],c3,c1,c2); + $MULTU ($a_1,$b_7) # mul_add_c(a[1],b[7],c3,c1,c2); $ADDU $t_2,$at $ADDU $c_1,$t_2 sltu $at,$c_1,$t_2 $ADDU $c_2,$at - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_1,$b_7) + mfhi ($t_2,$a_1,$b_7) $ADDU $c_3,$t_1 sltu $at,$c_3,$t_1 - $MULTU $a_2,$b_7 # mul_add_c(a[2],b[7],c1,c2,c3); + $MULTU ($a_2,$b_7) # mul_add_c(a[2],b[7],c1,c2,c3); $ADDU $t_2,$at $ADDU $c_1,$t_2 sltu $at,$c_1,$t_2 $ADDU $c_2,$at $ST $c_3,8*$BNSZ($a0) # r[8]=c3; - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_2,$b_7) + mfhi ($t_2,$a_2,$b_7) $ADDU $c_1,$t_1 sltu $at,$c_1,$t_1 - $MULTU $a_3,$b_6 # mul_add_c(a[3],b[6],c1,c2,c3); + $MULTU ($a_3,$b_6) # mul_add_c(a[3],b[6],c1,c2,c3); $ADDU $t_2,$at $ADDU $c_2,$t_2 sltu $c_3,$c_2,$t_2 - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_3,$b_6) + mfhi ($t_2,$a_3,$b_6) $ADDU $c_1,$t_1 sltu $at,$c_1,$t_1 - $MULTU $a_4,$b_5 # mul_add_c(a[4],b[5],c1,c2,c3); + $MULTU ($a_4,$b_5) # mul_add_c(a[4],b[5],c1,c2,c3); $ADDU $t_2,$at $ADDU $c_2,$t_2 sltu $at,$c_2,$t_2 $ADDU $c_3,$at - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_4,$b_5) + mfhi ($t_2,$a_4,$b_5) $ADDU $c_1,$t_1 sltu $at,$c_1,$t_1 - $MULTU $a_5,$b_4 # mul_add_c(a[5],b[4],c1,c2,c3); + $MULTU ($a_5,$b_4) # mul_add_c(a[5],b[4],c1,c2,c3); $ADDU $t_2,$at $ADDU $c_2,$t_2 sltu $at,$c_2,$t_2 $ADDU $c_3,$at - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_5,$b_4) + mfhi ($t_2,$a_5,$b_4) $ADDU $c_1,$t_1 sltu $at,$c_1,$t_1 - $MULTU $a_6,$b_3 # mul_add_c(a[6],b[3],c1,c2,c3); + $MULTU ($a_6,$b_3) # mul_add_c(a[6],b[3],c1,c2,c3); $ADDU $t_2,$at $ADDU $c_2,$t_2 sltu $at,$c_2,$t_2 $ADDU $c_3,$at - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_6,$b_3) + mfhi ($t_2,$a_6,$b_3) $ADDU $c_1,$t_1 sltu $at,$c_1,$t_1 - $MULTU $a_7,$b_2 # mul_add_c(a[7],b[2],c1,c2,c3); + $MULTU ($a_7,$b_2) # mul_add_c(a[7],b[2],c1,c2,c3); $ADDU $t_2,$at $ADDU $c_2,$t_2 sltu $at,$c_2,$t_2 $ADDU $c_3,$at - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_7,$b_2) + mfhi ($t_2,$a_7,$b_2) $ADDU $c_1,$t_1 sltu $at,$c_1,$t_1 - $MULTU $a_7,$b_3 # mul_add_c(a[7],b[3],c2,c3,c1); + $MULTU ($a_7,$b_3) # mul_add_c(a[7],b[3],c2,c3,c1); $ADDU $t_2,$at $ADDU $c_2,$t_2 sltu $at,$c_2,$t_2 $ADDU $c_3,$at $ST $c_1,9*$BNSZ($a0) # r[9]=c1; - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_7,$b_3) + mfhi ($t_2,$a_7,$b_3) $ADDU $c_2,$t_1 sltu $at,$c_2,$t_1 - $MULTU $a_6,$b_4 # mul_add_c(a[6],b[4],c2,c3,c1); + $MULTU ($a_6,$b_4) # mul_add_c(a[6],b[4],c2,c3,c1); $ADDU $t_2,$at $ADDU $c_3,$t_2 sltu $c_1,$c_3,$t_2 - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_6,$b_4) + mfhi ($t_2,$a_6,$b_4) $ADDU $c_2,$t_1 sltu $at,$c_2,$t_1 - $MULTU $a_5,$b_5 # mul_add_c(a[5],b[5],c2,c3,c1); + $MULTU ($a_5,$b_5) # mul_add_c(a[5],b[5],c2,c3,c1); $ADDU $t_2,$at $ADDU $c_3,$t_2 sltu $at,$c_3,$t_2 $ADDU $c_1,$at - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_5,$b_5) + mfhi ($t_2,$a_5,$b_5) $ADDU $c_2,$t_1 sltu $at,$c_2,$t_1 - $MULTU $a_4,$b_6 # mul_add_c(a[4],b[6],c2,c3,c1); + $MULTU ($a_4,$b_6) # mul_add_c(a[4],b[6],c2,c3,c1); $ADDU $t_2,$at $ADDU $c_3,$t_2 sltu $at,$c_3,$t_2 $ADDU $c_1,$at - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_4,$b_6) + mfhi ($t_2,$a_4,$b_6) $ADDU $c_2,$t_1 sltu $at,$c_2,$t_1 - $MULTU $a_3,$b_7 # mul_add_c(a[3],b[7],c2,c3,c1); + $MULTU ($a_3,$b_7) # mul_add_c(a[3],b[7],c2,c3,c1); $ADDU $t_2,$at $ADDU $c_3,$t_2 sltu $at,$c_3,$t_2 $ADDU $c_1,$at - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_3,$b_7) + mfhi ($t_2,$a_3,$b_7) $ADDU $c_2,$t_1 sltu $at,$c_2,$t_1 - $MULTU $a_4,$b_7 # mul_add_c(a[4],b[7],c3,c1,c2); + $MULTU ($a_4,$b_7) # mul_add_c(a[4],b[7],c3,c1,c2); $ADDU $t_2,$at $ADDU $c_3,$t_2 sltu $at,$c_3,$t_2 $ADDU $c_1,$at $ST $c_2,10*$BNSZ($a0) # r[10]=c2; - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_4,$b_7) + mfhi ($t_2,$a_4,$b_7) $ADDU $c_3,$t_1 sltu $at,$c_3,$t_1 - $MULTU $a_5,$b_6 # mul_add_c(a[5],b[6],c3,c1,c2); + $MULTU ($a_5,$b_6) # mul_add_c(a[5],b[6],c3,c1,c2); $ADDU $t_2,$at $ADDU $c_1,$t_2 sltu $c_2,$c_1,$t_2 - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_5,$b_6) + mfhi ($t_2,$a_5,$b_6) $ADDU $c_3,$t_1 sltu $at,$c_3,$t_1 - $MULTU $a_6,$b_5 # mul_add_c(a[6],b[5],c3,c1,c2); + $MULTU ($a_6,$b_5) # mul_add_c(a[6],b[5],c3,c1,c2); $ADDU $t_2,$at $ADDU $c_1,$t_2 sltu $at,$c_1,$t_2 $ADDU $c_2,$at - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_6,$b_5) + mfhi ($t_2,$a_6,$b_5) $ADDU $c_3,$t_1 sltu $at,$c_3,$t_1 - $MULTU $a_7,$b_4 # mul_add_c(a[7],b[4],c3,c1,c2); + $MULTU ($a_7,$b_4) # mul_add_c(a[7],b[4],c3,c1,c2); $ADDU $t_2,$at $ADDU $c_1,$t_2 sltu $at,$c_1,$t_2 $ADDU $c_2,$at - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_7,$b_4) + mfhi ($t_2,$a_7,$b_4) $ADDU $c_3,$t_1 sltu $at,$c_3,$t_1 - $MULTU $a_7,$b_5 # mul_add_c(a[7],b[5],c1,c2,c3); + $MULTU ($a_7,$b_5) # mul_add_c(a[7],b[5],c1,c2,c3); $ADDU $t_2,$at $ADDU $c_1,$t_2 sltu $at,$c_1,$t_2 $ADDU $c_2,$at $ST $c_3,11*$BNSZ($a0) # r[11]=c3; - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_7,$b_5) + mfhi ($t_2,$a_7,$b_5) $ADDU $c_1,$t_1 sltu $at,$c_1,$t_1 - $MULTU $a_6,$b_6 # mul_add_c(a[6],b[6],c1,c2,c3); + $MULTU ($a_6,$b_6) # mul_add_c(a[6],b[6],c1,c2,c3); $ADDU $t_2,$at $ADDU $c_2,$t_2 sltu $c_3,$c_2,$t_2 - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_6,$b_6) + mfhi ($t_2,$a_6,$b_6) $ADDU $c_1,$t_1 sltu $at,$c_1,$t_1 - $MULTU $a_5,$b_7 # mul_add_c(a[5],b[7],c1,c2,c3); + $MULTU ($a_5,$b_7) # mul_add_c(a[5],b[7],c1,c2,c3); $ADDU $t_2,$at $ADDU $c_2,$t_2 sltu $at,$c_2,$t_2 $ADDU $c_3,$at - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_5,$b_7) + mfhi ($t_2,$a_5,$b_7) $ADDU $c_1,$t_1 sltu $at,$c_1,$t_1 - $MULTU $a_6,$b_7 # mul_add_c(a[6],b[7],c2,c3,c1); + $MULTU ($a_6,$b_7) # mul_add_c(a[6],b[7],c2,c3,c1); $ADDU $t_2,$at $ADDU $c_2,$t_2 sltu $at,$c_2,$t_2 $ADDU $c_3,$at $ST $c_1,12*$BNSZ($a0) # r[12]=c1; - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_6,$b_7) + mfhi ($t_2,$a_6,$b_7) $ADDU $c_2,$t_1 sltu $at,$c_2,$t_1 - $MULTU $a_7,$b_6 # mul_add_c(a[7],b[6],c2,c3,c1); + $MULTU ($a_7,$b_6) # mul_add_c(a[7],b[6],c2,c3,c1); $ADDU $t_2,$at $ADDU $c_3,$t_2 sltu $c_1,$c_3,$t_2 - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_7,$b_6) + mfhi ($t_2,$a_7,$b_6) $ADDU $c_2,$t_1 sltu $at,$c_2,$t_1 - $MULTU $a_7,$b_7 # mul_add_c(a[7],b[7],c3,c1,c2); + $MULTU ($a_7,$b_7) # mul_add_c(a[7],b[7],c3,c1,c2); $ADDU $t_2,$at $ADDU $c_3,$t_2 sltu $at,$c_3,$t_2 $ADDU $c_1,$at $ST $c_2,13*$BNSZ($a0) # r[13]=c2; - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_7,$b_7) + mfhi ($t_2,$a_7,$b_7) $ADDU $c_3,$t_1 sltu $at,$c_3,$t_1 $ADDU $t_2,$at @@ -1716,144 +1732,144 @@ $LD $b_0,0($a2) $LD $a_1,$BNSZ($a1) $LD $a_2,2*$BNSZ($a1) - $MULTU $a_0,$b_0 # mul_add_c(a[0],b[0],c1,c2,c3); + $MULTU ($a_0,$b_0) # mul_add_c(a[0],b[0],c1,c2,c3); $LD $a_3,3*$BNSZ($a1) $LD $b_1,$BNSZ($a2) $LD $b_2,2*$BNSZ($a2) $LD $b_3,3*$BNSZ($a2) - mflo $c_1 - mfhi $c_2 + mflo ($c_1,$a_0,$b_0) + mfhi ($c_2,$a_0,$b_0) $ST $c_1,0($a0) - $MULTU $a_0,$b_1 # mul_add_c(a[0],b[1],c2,c3,c1); - mflo $t_1 - mfhi $t_2 + $MULTU ($a_0,$b_1) # mul_add_c(a[0],b[1],c2,c3,c1); + mflo ($t_1,$a_0,$b_1) + mfhi ($t_2,$a_0,$b_1) $ADDU $c_2,$t_1 sltu $at,$c_2,$t_1 - $MULTU $a_1,$b_0 # mul_add_c(a[1],b[0],c2,c3,c1); + $MULTU ($a_1,$b_0) # mul_add_c(a[1],b[0],c2,c3,c1); $ADDU $c_3,$t_2,$at - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_1,$b_0) + mfhi ($t_2,$a_1,$b_0) $ADDU $c_2,$t_1 sltu $at,$c_2,$t_1 - $MULTU $a_2,$b_0 # mul_add_c(a[2],b[0],c3,c1,c2); + $MULTU ($a_2,$b_0) # mul_add_c(a[2],b[0],c3,c1,c2); $ADDU $t_2,$at $ADDU $c_3,$t_2 sltu $c_1,$c_3,$t_2 $ST $c_2,$BNSZ($a0) - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_2,$b_0) + mfhi ($t_2,$a_2,$b_0) $ADDU $c_3,$t_1 sltu $at,$c_3,$t_1 - $MULTU $a_1,$b_1 # mul_add_c(a[1],b[1],c3,c1,c2); + $MULTU ($a_1,$b_1) # mul_add_c(a[1],b[1],c3,c1,c2); $ADDU $t_2,$at $ADDU $c_1,$t_2 - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_1,$b_1) + mfhi ($t_2,$a_1,$b_1) $ADDU $c_3,$t_1 sltu $at,$c_3,$t_1 - $MULTU $a_0,$b_2 # mul_add_c(a[0],b[2],c3,c1,c2); + $MULTU ($a_0,$b_2) # mul_add_c(a[0],b[2],c3,c1,c2); $ADDU $t_2,$at $ADDU $c_1,$t_2 sltu $c_2,$c_1,$t_2 - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_0,$b_2) + mfhi ($t_2,$a_0,$b_2) $ADDU $c_3,$t_1 sltu $at,$c_3,$t_1 - $MULTU $a_0,$b_3 # mul_add_c(a[0],b[3],c1,c2,c3); + $MULTU ($a_0,$b_3) # mul_add_c(a[0],b[3],c1,c2,c3); $ADDU $t_2,$at $ADDU $c_1,$t_2 sltu $at,$c_1,$t_2 $ADDU $c_2,$at $ST $c_3,2*$BNSZ($a0) - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_0,$b_3) + mfhi ($t_2,$a_0,$b_3) $ADDU $c_1,$t_1 sltu $at,$c_1,$t_1 - $MULTU $a_1,$b_2 # mul_add_c(a[1],b[2],c1,c2,c3); + $MULTU ($a_1,$b_2) # mul_add_c(a[1],b[2],c1,c2,c3); $ADDU $t_2,$at $ADDU $c_2,$t_2 sltu $c_3,$c_2,$t_2 - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_1,$b_2) + mfhi ($t_2,$a_1,$b_2) $ADDU $c_1,$t_1 sltu $at,$c_1,$t_1 - $MULTU $a_2,$b_1 # mul_add_c(a[2],b[1],c1,c2,c3); + $MULTU ($a_2,$b_1) # mul_add_c(a[2],b[1],c1,c2,c3); $ADDU $t_2,$at $ADDU $c_2,$t_2 sltu $at,$c_2,$t_2 $ADDU $c_3,$at - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_2,$b_1) + mfhi ($t_2,$a_2,$b_1) $ADDU $c_1,$t_1 sltu $at,$c_1,$t_1 - $MULTU $a_3,$b_0 # mul_add_c(a[3],b[0],c1,c2,c3); + $MULTU ($a_3,$b_0) # mul_add_c(a[3],b[0],c1,c2,c3); $ADDU $t_2,$at $ADDU $c_2,$t_2 sltu $at,$c_2,$t_2 $ADDU $c_3,$at - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_3,$b_0) + mfhi ($t_2,$a_3,$b_0) $ADDU $c_1,$t_1 sltu $at,$c_1,$t_1 - $MULTU $a_3,$b_1 # mul_add_c(a[3],b[1],c2,c3,c1); + $MULTU ($a_3,$b_1) # mul_add_c(a[3],b[1],c2,c3,c1); $ADDU $t_2,$at $ADDU $c_2,$t_2 sltu $at,$c_2,$t_2 $ADDU $c_3,$at $ST $c_1,3*$BNSZ($a0) - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_3,$b_1) + mfhi ($t_2,$a_3,$b_1) $ADDU $c_2,$t_1 sltu $at,$c_2,$t_1 - $MULTU $a_2,$b_2 # mul_add_c(a[2],b[2],c2,c3,c1); + $MULTU ($a_2,$b_2) # mul_add_c(a[2],b[2],c2,c3,c1); $ADDU $t_2,$at $ADDU $c_3,$t_2 sltu $c_1,$c_3,$t_2 - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_2,$b_2) + mfhi ($t_2,$a_2,$b_2) $ADDU $c_2,$t_1 sltu $at,$c_2,$t_1 - $MULTU $a_1,$b_3 # mul_add_c(a[1],b[3],c2,c3,c1); + $MULTU ($a_1,$b_3) # mul_add_c(a[1],b[3],c2,c3,c1); $ADDU $t_2,$at $ADDU $c_3,$t_2 sltu $at,$c_3,$t_2 $ADDU $c_1,$at - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_1,$b_3) + mfhi ($t_2,$a_1,$b_3) $ADDU $c_2,$t_1 sltu $at,$c_2,$t_1 - $MULTU $a_2,$b_3 # mul_add_c(a[2],b[3],c3,c1,c2); + $MULTU ($a_2,$b_3) # mul_add_c(a[2],b[3],c3,c1,c2); $ADDU $t_2,$at $ADDU $c_3,$t_2 sltu $at,$c_3,$t_2 $ADDU $c_1,$at $ST $c_2,4*$BNSZ($a0) - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_2,$b_3) + mfhi ($t_2,$a_2,$b_3) $ADDU $c_3,$t_1 sltu $at,$c_3,$t_1 - $MULTU $a_3,$b_2 # mul_add_c(a[3],b[2],c3,c1,c2); + $MULTU ($a_3,$b_2) # mul_add_c(a[3],b[2],c3,c1,c2); $ADDU $t_2,$at $ADDU $c_1,$t_2 sltu $c_2,$c_1,$t_2 - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_3,$b_2) + mfhi ($t_2,$a_3,$b_2) $ADDU $c_3,$t_1 sltu $at,$c_3,$t_1 - $MULTU $a_3,$b_3 # mul_add_c(a[3],b[3],c1,c2,c3); + $MULTU ($a_3,$b_3) # mul_add_c(a[3],b[3],c1,c2,c3); $ADDU $t_2,$at $ADDU $c_1,$t_2 sltu $at,$c_1,$t_2 $ADDU $c_2,$at $ST $c_3,5*$BNSZ($a0) - mflo $t_1 - mfhi $t_2 + mflo ($t_1,$a_3,$b_3) + mfhi ($t_2,$a_3,$b_3) $ADDU $c_1,$t_1 sltu $at,$c_1,$t_1 $ADDU $t_2,$at @@ -1888,11 +1904,9 @@ () # commented as "forward multiplication" below]; )=@_; $code.=<<___; - mflo $lo - mfhi $hi $ADDU $c0,$lo sltu $at,$c0,$lo - $MULTU $an,$bn # forward multiplication + $MULTU ($an,$bn) # forward multiplication $ADDU $c0,$lo $ADDU $at,$hi sltu $lo,$c0,$lo @@ -1902,15 +1916,17 @@ () $code.=<<___ if (!$warm); sltu $c2,$c1,$at $ADDU $c1,$hi - sltu $hi,$c1,$hi - $ADDU $c2,$hi ___ $code.=<<___ if ($warm); sltu $at,$c1,$at $ADDU $c1,$hi $ADDU $c2,$at +___ +$code.=<<___; sltu $hi,$c1,$hi $ADDU $c2,$hi + mflo ($lo,$an,$bn) + mfhi ($hi,$an,$bn) ___ } @@ -1940,21 +1956,21 @@ () $LD $a_2,2*$BNSZ($a1) $LD $a_3,3*$BNSZ($a1) - $MULTU $a_0,$a_0 # mul_add_c(a[0],b[0],c1,c2,c3); + $MULTU ($a_0,$a_0) # mul_add_c(a[0],b[0],c1,c2,c3); $LD $a_4,4*$BNSZ($a1) $LD $a_5,5*$BNSZ($a1) $LD $a_6,6*$BNSZ($a1) $LD $a_7,7*$BNSZ($a1) - mflo $c_1 - mfhi $c_2 + mflo ($c_1,$a_0,$a_0) + mfhi ($c_2,$a_0,$a_0) $ST $c_1,0($a0) - $MULTU $a_0,$a_1 # mul_add_c2(a[0],b[1],c2,c3,c1); - mflo $t_1 - mfhi $t_2 + $MULTU ($a_0,$a_1) # mul_add_c2(a[0],b[1],c2,c3,c1); + mflo ($t_1,$a_0,$a_1) + mfhi ($t_2,$a_0,$a_1) slt $c_1,$t_2,$zero $SLL $t_2,1 - $MULTU $a_2,$a_0 # mul_add_c2(a[2],b[0],c3,c1,c2); + $MULTU ($a_2,$a_0) # mul_add_c2(a[2],b[0],c3,c1,c2); slt $a2,$t_1,$zero $ADDU $t_2,$a2 $SLL $t_1,1 @@ -1962,20 +1978,22 @@ () sltu $at,$c_2,$t_1 $ADDU $c_3,$t_2,$at $ST $c_2,$BNSZ($a0) + mflo ($t_1,$a_2,$a_0) + mfhi ($t_2,$a_2,$a_0) ___ &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, $a_1,$a_1); # mul_add_c(a[1],b[1],c3,c1,c2); $code.=<<___; - mflo $t_1 - mfhi $t_2 $ADDU $c_3,$t_1 sltu $at,$c_3,$t_1 - $MULTU $a_0,$a_3 # mul_add_c2(a[0],b[3],c1,c2,c3); + $MULTU ($a_0,$a_3) # mul_add_c2(a[0],b[3],c1,c2,c3); $ADDU $t_2,$at $ADDU $c_1,$t_2 sltu $at,$c_1,$t_2 $ADDU $c_2,$at $ST $c_3,2*$BNSZ($a0) + mflo ($t_1,$a_0,$a_3) + mfhi ($t_2,$a_0,$a_3) ___ &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0, $a_1,$a_2); # mul_add_c2(a[1],b[2],c1,c2,c3); @@ -1989,16 +2007,16 @@ () &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1, $a_2,$a_2); # mul_add_c(a[2],b[2],c2,c3,c1); $code.=<<___; - mflo $t_1 - mfhi $t_2 $ADDU $c_2,$t_1 sltu $at,$c_2,$t_1 - $MULTU $a_0,$a_5 # mul_add_c2(a[0],b[5],c3,c1,c2); + $MULTU ($a_0,$a_5) # mul_add_c2(a[0],b[5],c3,c1,c2); $ADDU $t_2,$at $ADDU $c_3,$t_2 sltu $at,$c_3,$t_2 $ADDU $c_1,$at $ST $c_2,4*$BNSZ($a0) + mflo ($t_1,$a_0,$a_5) + mfhi ($t_2,$a_0,$a_5) ___ &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, $a_1,$a_4); # mul_add_c2(a[1],b[4],c3,c1,c2); @@ -2016,16 +2034,16 @@ () &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1, $a_3,$a_3); # mul_add_c(a[3],b[3],c1,c2,c3); $code.=<<___; - mflo $t_1 - mfhi $t_2 $ADDU $c_1,$t_1 sltu $at,$c_1,$t_1 - $MULTU $a_0,$a_7 # mul_add_c2(a[0],b[7],c2,c3,c1); + $MULTU ($a_0,$a_7) # mul_add_c2(a[0],b[7],c2,c3,c1); $ADDU $t_2,$at $ADDU $c_2,$t_2 sltu $at,$c_2,$t_2 $ADDU $c_3,$at $ST $c_1,6*$BNSZ($a0) + mflo ($t_1,$a_0,$a_7) + mfhi ($t_2,$a_0,$a_7) ___ &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0, $a_1,$a_6); # mul_add_c2(a[1],b[6],c2,c3,c1); @@ -2045,16 +2063,16 @@ () &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1, $a_4,$a_4); # mul_add_c(a[4],b[4],c3,c1,c2); $code.=<<___; - mflo $t_1 - mfhi $t_2 $ADDU $c_3,$t_1 sltu $at,$c_3,$t_1 - $MULTU $a_2,$a_7 # mul_add_c2(a[2],b[7],c1,c2,c3); + $MULTU ($a_2,$a_7) # mul_add_c2(a[2],b[7],c1,c2,c3); $ADDU $t_2,$at $ADDU $c_1,$t_2 sltu $at,$c_1,$t_2 $ADDU $c_2,$at $ST $c_3,8*$BNSZ($a0) + mflo ($t_1,$a_2,$a_7) + mfhi ($t_2,$a_2,$a_7) ___ &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0, $a_3,$a_6); # mul_add_c2(a[3],b[6],c1,c2,c3); @@ -2070,16 +2088,16 @@ () &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1, $a_5,$a_5); # mul_add_c(a[5],b[5],c2,c3,c1); $code.=<<___; - mflo $t_1 - mfhi $t_2 $ADDU $c_2,$t_1 sltu $at,$c_2,$t_1 - $MULTU $a_4,$a_7 # mul_add_c2(a[4],b[7],c3,c1,c2); + $MULTU ($a_4,$a_7) # mul_add_c2(a[4],b[7],c3,c1,c2); $ADDU $t_2,$at $ADDU $c_3,$t_2 sltu $at,$c_3,$t_2 $ADDU $c_1,$at $ST $c_2,10*$BNSZ($a0) + mflo ($t_1,$a_4,$a_7) + mfhi ($t_2,$a_4,$a_7) ___ &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, $a_5,$a_6); # mul_add_c2(a[5],b[6],c3,c1,c2); @@ -2091,24 +2109,22 @@ () &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0, $a_6,$a_6); # mul_add_c(a[6],b[6],c1,c2,c3); $code.=<<___; - mflo $t_1 - mfhi $t_2 $ADDU $c_1,$t_1 sltu $at,$c_1,$t_1 - $MULTU $a_6,$a_7 # mul_add_c2(a[6],b[7],c2,c3,c1); + $MULTU ($a_6,$a_7) # mul_add_c2(a[6],b[7],c2,c3,c1); $ADDU $t_2,$at $ADDU $c_2,$t_2 sltu $at,$c_2,$t_2 $ADDU $c_3,$at $ST $c_1,12*$BNSZ($a0) + mflo ($t_1,$a_6,$a_7) + mfhi ($t_2,$a_6,$a_7) ___ &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0, $a_7,$a_7); # mul_add_c(a[7],b[7],c3,c1,c2); $code.=<<___; $ST $c_2,13*$BNSZ($a0) - mflo $t_1 - mfhi $t_2 $ADDU $c_3,$t_1 sltu $at,$c_3,$t_1 $ADDU $t_2,$at @@ -2152,19 +2168,19 @@ () .set reorder $LD $a_0,0($a1) $LD $a_1,$BNSZ($a1) - $MULTU $a_0,$a_0 # mul_add_c(a[0],b[0],c1,c2,c3); + $MULTU ($a_0,$a_0) # mul_add_c(a[0],b[0],c1,c2,c3); $LD $a_2,2*$BNSZ($a1) $LD $a_3,3*$BNSZ($a1) - mflo $c_1 - mfhi $c_2 + mflo ($c_1,$a_0,$a_0) + mfhi ($c_2,$a_0,$a_0) $ST $c_1,0($a0) - $MULTU $a_0,$a_1 # mul_add_c2(a[0],b[1],c2,c3,c1); - mflo $t_1 - mfhi $t_2 + $MULTU ($a_0,$a_1) # mul_add_c2(a[0],b[1],c2,c3,c1); + mflo ($t_1,$a_0,$a_1) + mfhi ($t_2,$a_0,$a_1) slt $c_1,$t_2,$zero $SLL $t_2,1 - $MULTU $a_2,$a_0 # mul_add_c2(a[2],b[0],c3,c1,c2); + $MULTU ($a_2,$a_0) # mul_add_c2(a[2],b[0],c3,c1,c2); slt $a2,$t_1,$zero $ADDU $t_2,$a2 $SLL $t_1,1 @@ -2172,20 +2188,22 @@ () sltu $at,$c_2,$t_1 $ADDU $c_3,$t_2,$at $ST $c_2,$BNSZ($a0) + mflo ($t_1,$a_2,$a_0) + mfhi ($t_2,$a_2,$a_0) ___ &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, $a_1,$a_1); # mul_add_c(a[1],b[1],c3,c1,c2); $code.=<<___; - mflo $t_1 - mfhi $t_2 $ADDU $c_3,$t_1 sltu $at,$c_3,$t_1 - $MULTU $a_0,$a_3 # mul_add_c2(a[0],b[3],c1,c2,c3); + $MULTU ($a_0,$a_3) # mul_add_c2(a[0],b[3],c1,c2,c3); $ADDU $t_2,$at $ADDU $c_1,$t_2 sltu $at,$c_1,$t_2 $ADDU $c_2,$at $ST $c_3,2*$BNSZ($a0) + mflo ($t_1,$a_0,$a_3) + mfhi ($t_2,$a_0,$a_3) ___ &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0, $a_1,$a_2); # mul_add_c2(a2[1],b[2],c1,c2,c3); @@ -2197,24 +2215,22 @@ () &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0, $a_2,$a_2); # mul_add_c(a[2],b[2],c2,c3,c1); $code.=<<___; - mflo $t_1 - mfhi $t_2 $ADDU $c_2,$t_1 sltu $at,$c_2,$t_1 - $MULTU $a_2,$a_3 # mul_add_c2(a[2],b[3],c3,c1,c2); + $MULTU ($a_2,$a_3) # mul_add_c2(a[2],b[3],c3,c1,c2); $ADDU $t_2,$at $ADDU $c_3,$t_2 sltu $at,$c_3,$t_2 $ADDU $c_1,$at $ST $c_2,4*$BNSZ($a0) + mflo ($t_1,$a_2,$a_3) + mfhi ($t_2,$a_2,$a_3) ___ &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, $a_3,$a_3); # mul_add_c(a[3],b[3],c1,c2,c3); $code.=<<___; $ST $c_3,5*$BNSZ($a0) - mflo $t_1 - mfhi $t_2 $ADDU $c_1,$t_1 sltu $at,$c_1,$t_1 $ADDU $t_2,$at diff --git a/deps/openssl/openssl/crypto/bn/asm/pa-risc2.s b/deps/openssl/openssl/crypto/bn/asm/pa-risc2.s deleted file mode 100644 index 413eac71237c2f..00000000000000 --- a/deps/openssl/openssl/crypto/bn/asm/pa-risc2.s +++ /dev/null @@ -1,1624 +0,0 @@ -; Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. -; -; Licensed under the OpenSSL license (the "License"). You may not use -; this file except in compliance with the License. You can obtain a copy -; in the file LICENSE in the source distribution or at -; https://www.openssl.org/source/license.html -; -; PA-RISC 2.0 implementation of bn_asm code, based on the -; 64-bit version of the code. This code is effectively the -; same as the 64-bit version except the register model is -; slightly different given all values must be 32-bit between -; function calls. Thus the 64-bit return values are returned -; in %ret0 and %ret1 vs just %ret0 as is done in 64-bit -; -; -; This code is approximately 2x faster than the C version -; for RSA/DSA. -; -; See http://devresource.hp.com/ for more details on the PA-RISC -; architecture. Also see the book "PA-RISC 2.0 Architecture" -; by Gerry Kane for information on the instruction set architecture. -; -; Code written by Chris Ruemmler (with some help from the HP C -; compiler). -; -; The code compiles with HP's assembler -; - - .level 2.0N - .space $TEXT$ - .subspa $CODE$,QUAD=0,ALIGN=8,ACCESS=0x2c,CODE_ONLY - -; -; Global Register definitions used for the routines. -; -; Some information about HP's runtime architecture for 32-bits. -; -; "Caller save" means the calling function must save the register -; if it wants the register to be preserved. -; "Callee save" means if a function uses the register, it must save -; the value before using it. -; -; For the floating point registers -; -; "caller save" registers: fr4-fr11, fr22-fr31 -; "callee save" registers: fr12-fr21 -; "special" registers: fr0-fr3 (status and exception registers) -; -; For the integer registers -; value zero : r0 -; "caller save" registers: r1,r19-r26 -; "callee save" registers: r3-r18 -; return register : r2 (rp) -; return values ; r28,r29 (ret0,ret1) -; Stack pointer ; r30 (sp) -; millicode return ptr ; r31 (also a caller save register) - - -; -; Arguments to the routines -; -r_ptr .reg %r26 -a_ptr .reg %r25 -b_ptr .reg %r24 -num .reg %r24 -n .reg %r23 - -; -; Note that the "w" argument for bn_mul_add_words and bn_mul_words -; is passed on the stack at a delta of -56 from the top of stack -; as the routine is entered. -; - -; -; Globals used in some routines -; - -top_overflow .reg %r23 -high_mask .reg %r22 ; value 0xffffffff80000000L - - -;------------------------------------------------------------------------------ -; -; bn_mul_add_words -; -;BN_ULONG bn_mul_add_words(BN_ULONG *r_ptr, BN_ULONG *a_ptr, -; int num, BN_ULONG w) -; -; arg0 = r_ptr -; arg1 = a_ptr -; arg3 = num -; -56(sp) = w -; -; Local register definitions -; - -fm1 .reg %fr22 -fm .reg %fr23 -ht_temp .reg %fr24 -ht_temp_1 .reg %fr25 -lt_temp .reg %fr26 -lt_temp_1 .reg %fr27 -fm1_1 .reg %fr28 -fm_1 .reg %fr29 - -fw_h .reg %fr7L -fw_l .reg %fr7R -fw .reg %fr7 - -fht_0 .reg %fr8L -flt_0 .reg %fr8R -t_float_0 .reg %fr8 - -fht_1 .reg %fr9L -flt_1 .reg %fr9R -t_float_1 .reg %fr9 - -tmp_0 .reg %r31 -tmp_1 .reg %r21 -m_0 .reg %r20 -m_1 .reg %r19 -ht_0 .reg %r1 -ht_1 .reg %r3 -lt_0 .reg %r4 -lt_1 .reg %r5 -m1_0 .reg %r6 -m1_1 .reg %r7 -rp_val .reg %r8 -rp_val_1 .reg %r9 - -bn_mul_add_words - .export bn_mul_add_words,entry,NO_RELOCATION,LONG_RETURN - .proc - .callinfo frame=128 - .entry - .align 64 - - STD %r3,0(%sp) ; save r3 - STD %r4,8(%sp) ; save r4 - NOP ; Needed to make the loop 16-byte aligned - NOP ; needed to make the loop 16-byte aligned - - STD %r5,16(%sp) ; save r5 - NOP - STD %r6,24(%sp) ; save r6 - STD %r7,32(%sp) ; save r7 - - STD %r8,40(%sp) ; save r8 - STD %r9,48(%sp) ; save r9 - COPY %r0,%ret1 ; return 0 by default - DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32 - - CMPIB,>= 0,num,bn_mul_add_words_exit ; if (num <= 0) then exit - LDO 128(%sp),%sp ; bump stack - - ; - ; The loop is unrolled twice, so if there is only 1 number - ; then go straight to the cleanup code. - ; - CMPIB,= 1,num,bn_mul_add_words_single_top - FLDD -184(%sp),fw ; (-56-128) load up w into fw (fw_h/fw_l) - - ; - ; This loop is unrolled 2 times (64-byte aligned as well) - ; - ; PA-RISC 2.0 chips have two fully pipelined multipliers, thus - ; two 32-bit mutiplies can be issued per cycle. - ; -bn_mul_add_words_unroll2 - - FLDD 0(a_ptr),t_float_0 ; load up 64-bit value (fr8L) ht(L)/lt(R) - FLDD 8(a_ptr),t_float_1 ; load up 64-bit value (fr8L) ht(L)/lt(R) - LDD 0(r_ptr),rp_val ; rp[0] - LDD 8(r_ptr),rp_val_1 ; rp[1] - - XMPYU fht_0,fw_l,fm1 ; m1[0] = fht_0*fw_l - XMPYU fht_1,fw_l,fm1_1 ; m1[1] = fht_1*fw_l - FSTD fm1,-16(%sp) ; -16(sp) = m1[0] - FSTD fm1_1,-48(%sp) ; -48(sp) = m1[1] - - XMPYU flt_0,fw_h,fm ; m[0] = flt_0*fw_h - XMPYU flt_1,fw_h,fm_1 ; m[1] = flt_1*fw_h - FSTD fm,-8(%sp) ; -8(sp) = m[0] - FSTD fm_1,-40(%sp) ; -40(sp) = m[1] - - XMPYU fht_0,fw_h,ht_temp ; ht_temp = fht_0*fw_h - XMPYU fht_1,fw_h,ht_temp_1 ; ht_temp_1 = fht_1*fw_h - FSTD ht_temp,-24(%sp) ; -24(sp) = ht_temp - FSTD ht_temp_1,-56(%sp) ; -56(sp) = ht_temp_1 - - XMPYU flt_0,fw_l,lt_temp ; lt_temp = lt*fw_l - XMPYU flt_1,fw_l,lt_temp_1 ; lt_temp = lt*fw_l - FSTD lt_temp,-32(%sp) ; -32(sp) = lt_temp - FSTD lt_temp_1,-64(%sp) ; -64(sp) = lt_temp_1 - - LDD -8(%sp),m_0 ; m[0] - LDD -40(%sp),m_1 ; m[1] - LDD -16(%sp),m1_0 ; m1[0] - LDD -48(%sp),m1_1 ; m1[1] - - LDD -24(%sp),ht_0 ; ht[0] - LDD -56(%sp),ht_1 ; ht[1] - ADD,L m1_0,m_0,tmp_0 ; tmp_0 = m[0] + m1[0]; - ADD,L m1_1,m_1,tmp_1 ; tmp_1 = m[1] + m1[1]; - - LDD -32(%sp),lt_0 - LDD -64(%sp),lt_1 - CMPCLR,*>>= tmp_0,m1_0, %r0 ; if (m[0] < m1[0]) - ADD,L ht_0,top_overflow,ht_0 ; ht[0] += (1<<32) - - CMPCLR,*>>= tmp_1,m1_1,%r0 ; if (m[1] < m1[1]) - ADD,L ht_1,top_overflow,ht_1 ; ht[1] += (1<<32) - EXTRD,U tmp_0,31,32,m_0 ; m[0]>>32 - DEPD,Z tmp_0,31,32,m1_0 ; m1[0] = m[0]<<32 - - EXTRD,U tmp_1,31,32,m_1 ; m[1]>>32 - DEPD,Z tmp_1,31,32,m1_1 ; m1[1] = m[1]<<32 - ADD,L ht_0,m_0,ht_0 ; ht[0]+= (m[0]>>32) - ADD,L ht_1,m_1,ht_1 ; ht[1]+= (m[1]>>32) - - ADD lt_0,m1_0,lt_0 ; lt[0] = lt[0]+m1[0]; - ADD,DC ht_0,%r0,ht_0 ; ht[0]++ - ADD lt_1,m1_1,lt_1 ; lt[1] = lt[1]+m1[1]; - ADD,DC ht_1,%r0,ht_1 ; ht[1]++ - - ADD %ret1,lt_0,lt_0 ; lt[0] = lt[0] + c; - ADD,DC ht_0,%r0,ht_0 ; ht[0]++ - ADD lt_0,rp_val,lt_0 ; lt[0] = lt[0]+rp[0] - ADD,DC ht_0,%r0,ht_0 ; ht[0]++ - - LDO -2(num),num ; num = num - 2; - ADD ht_0,lt_1,lt_1 ; lt[1] = lt[1] + ht_0 (c); - ADD,DC ht_1,%r0,ht_1 ; ht[1]++ - STD lt_0,0(r_ptr) ; rp[0] = lt[0] - - ADD lt_1,rp_val_1,lt_1 ; lt[1] = lt[1]+rp[1] - ADD,DC ht_1,%r0,%ret1 ; ht[1]++ - LDO 16(a_ptr),a_ptr ; a_ptr += 2 - - STD lt_1,8(r_ptr) ; rp[1] = lt[1] - CMPIB,<= 2,num,bn_mul_add_words_unroll2 ; go again if more to do - LDO 16(r_ptr),r_ptr ; r_ptr += 2 - - CMPIB,=,N 0,num,bn_mul_add_words_exit ; are we done, or cleanup last one - - ; - ; Top of loop aligned on 64-byte boundary - ; -bn_mul_add_words_single_top - FLDD 0(a_ptr),t_float_0 ; load up 64-bit value (fr8L) ht(L)/lt(R) - LDD 0(r_ptr),rp_val ; rp[0] - LDO 8(a_ptr),a_ptr ; a_ptr++ - XMPYU fht_0,fw_l,fm1 ; m1 = ht*fw_l - FSTD fm1,-16(%sp) ; -16(sp) = m1 - XMPYU flt_0,fw_h,fm ; m = lt*fw_h - FSTD fm,-8(%sp) ; -8(sp) = m - XMPYU fht_0,fw_h,ht_temp ; ht_temp = ht*fw_h - FSTD ht_temp,-24(%sp) ; -24(sp) = ht - XMPYU flt_0,fw_l,lt_temp ; lt_temp = lt*fw_l - FSTD lt_temp,-32(%sp) ; -32(sp) = lt - - LDD -8(%sp),m_0 - LDD -16(%sp),m1_0 ; m1 = temp1 - ADD,L m_0,m1_0,tmp_0 ; tmp_0 = m + m1; - LDD -24(%sp),ht_0 - LDD -32(%sp),lt_0 - - CMPCLR,*>>= tmp_0,m1_0,%r0 ; if (m < m1) - ADD,L ht_0,top_overflow,ht_0 ; ht += (1<<32) - - EXTRD,U tmp_0,31,32,m_0 ; m>>32 - DEPD,Z tmp_0,31,32,m1_0 ; m1 = m<<32 - - ADD,L ht_0,m_0,ht_0 ; ht+= (m>>32) - ADD lt_0,m1_0,tmp_0 ; tmp_0 = lt+m1; - ADD,DC ht_0,%r0,ht_0 ; ht++ - ADD %ret1,tmp_0,lt_0 ; lt = lt + c; - ADD,DC ht_0,%r0,ht_0 ; ht++ - ADD lt_0,rp_val,lt_0 ; lt = lt+rp[0] - ADD,DC ht_0,%r0,%ret1 ; ht++ - STD lt_0,0(r_ptr) ; rp[0] = lt - -bn_mul_add_words_exit - .EXIT - - EXTRD,U %ret1,31,32,%ret0 ; for 32-bit, return in ret0/ret1 - LDD -80(%sp),%r9 ; restore r9 - LDD -88(%sp),%r8 ; restore r8 - LDD -96(%sp),%r7 ; restore r7 - LDD -104(%sp),%r6 ; restore r6 - LDD -112(%sp),%r5 ; restore r5 - LDD -120(%sp),%r4 ; restore r4 - BVE (%rp) - LDD,MB -128(%sp),%r3 ; restore r3 - .PROCEND ;in=23,24,25,26,29;out=28; - -;---------------------------------------------------------------------------- -; -;BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) -; -; arg0 = rp -; arg1 = ap -; arg3 = num -; w on stack at -56(sp) - -bn_mul_words - .proc - .callinfo frame=128 - .entry - .EXPORT bn_mul_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN - .align 64 - - STD %r3,0(%sp) ; save r3 - STD %r4,8(%sp) ; save r4 - NOP - STD %r5,16(%sp) ; save r5 - - STD %r6,24(%sp) ; save r6 - STD %r7,32(%sp) ; save r7 - COPY %r0,%ret1 ; return 0 by default - DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32 - - CMPIB,>= 0,num,bn_mul_words_exit - LDO 128(%sp),%sp ; bump stack - - ; - ; See if only 1 word to do, thus just do cleanup - ; - CMPIB,= 1,num,bn_mul_words_single_top - FLDD -184(%sp),fw ; (-56-128) load up w into fw (fw_h/fw_l) - - ; - ; This loop is unrolled 2 times (64-byte aligned as well) - ; - ; PA-RISC 2.0 chips have two fully pipelined multipliers, thus - ; two 32-bit mutiplies can be issued per cycle. - ; -bn_mul_words_unroll2 - - FLDD 0(a_ptr),t_float_0 ; load up 64-bit value (fr8L) ht(L)/lt(R) - FLDD 8(a_ptr),t_float_1 ; load up 64-bit value (fr8L) ht(L)/lt(R) - XMPYU fht_0,fw_l,fm1 ; m1[0] = fht_0*fw_l - XMPYU fht_1,fw_l,fm1_1 ; m1[1] = ht*fw_l - - FSTD fm1,-16(%sp) ; -16(sp) = m1 - FSTD fm1_1,-48(%sp) ; -48(sp) = m1 - XMPYU flt_0,fw_h,fm ; m = lt*fw_h - XMPYU flt_1,fw_h,fm_1 ; m = lt*fw_h - - FSTD fm,-8(%sp) ; -8(sp) = m - FSTD fm_1,-40(%sp) ; -40(sp) = m - XMPYU fht_0,fw_h,ht_temp ; ht_temp = fht_0*fw_h - XMPYU fht_1,fw_h,ht_temp_1 ; ht_temp = ht*fw_h - - FSTD ht_temp,-24(%sp) ; -24(sp) = ht - FSTD ht_temp_1,-56(%sp) ; -56(sp) = ht - XMPYU flt_0,fw_l,lt_temp ; lt_temp = lt*fw_l - XMPYU flt_1,fw_l,lt_temp_1 ; lt_temp = lt*fw_l - - FSTD lt_temp,-32(%sp) ; -32(sp) = lt - FSTD lt_temp_1,-64(%sp) ; -64(sp) = lt - LDD -8(%sp),m_0 - LDD -40(%sp),m_1 - - LDD -16(%sp),m1_0 - LDD -48(%sp),m1_1 - LDD -24(%sp),ht_0 - LDD -56(%sp),ht_1 - - ADD,L m1_0,m_0,tmp_0 ; tmp_0 = m + m1; - ADD,L m1_1,m_1,tmp_1 ; tmp_1 = m + m1; - LDD -32(%sp),lt_0 - LDD -64(%sp),lt_1 - - CMPCLR,*>>= tmp_0,m1_0, %r0 ; if (m < m1) - ADD,L ht_0,top_overflow,ht_0 ; ht += (1<<32) - CMPCLR,*>>= tmp_1,m1_1,%r0 ; if (m < m1) - ADD,L ht_1,top_overflow,ht_1 ; ht += (1<<32) - - EXTRD,U tmp_0,31,32,m_0 ; m>>32 - DEPD,Z tmp_0,31,32,m1_0 ; m1 = m<<32 - EXTRD,U tmp_1,31,32,m_1 ; m>>32 - DEPD,Z tmp_1,31,32,m1_1 ; m1 = m<<32 - - ADD,L ht_0,m_0,ht_0 ; ht+= (m>>32) - ADD,L ht_1,m_1,ht_1 ; ht+= (m>>32) - ADD lt_0,m1_0,lt_0 ; lt = lt+m1; - ADD,DC ht_0,%r0,ht_0 ; ht++ - - ADD lt_1,m1_1,lt_1 ; lt = lt+m1; - ADD,DC ht_1,%r0,ht_1 ; ht++ - ADD %ret1,lt_0,lt_0 ; lt = lt + c (ret1); - ADD,DC ht_0,%r0,ht_0 ; ht++ - - ADD ht_0,lt_1,lt_1 ; lt = lt + c (ht_0) - ADD,DC ht_1,%r0,ht_1 ; ht++ - STD lt_0,0(r_ptr) ; rp[0] = lt - STD lt_1,8(r_ptr) ; rp[1] = lt - - COPY ht_1,%ret1 ; carry = ht - LDO -2(num),num ; num = num - 2; - LDO 16(a_ptr),a_ptr ; ap += 2 - CMPIB,<= 2,num,bn_mul_words_unroll2 - LDO 16(r_ptr),r_ptr ; rp++ - - CMPIB,=,N 0,num,bn_mul_words_exit ; are we done? - - ; - ; Top of loop aligned on 64-byte boundary - ; -bn_mul_words_single_top - FLDD 0(a_ptr),t_float_0 ; load up 64-bit value (fr8L) ht(L)/lt(R) - - XMPYU fht_0,fw_l,fm1 ; m1 = ht*fw_l - FSTD fm1,-16(%sp) ; -16(sp) = m1 - XMPYU flt_0,fw_h,fm ; m = lt*fw_h - FSTD fm,-8(%sp) ; -8(sp) = m - XMPYU fht_0,fw_h,ht_temp ; ht_temp = ht*fw_h - FSTD ht_temp,-24(%sp) ; -24(sp) = ht - XMPYU flt_0,fw_l,lt_temp ; lt_temp = lt*fw_l - FSTD lt_temp,-32(%sp) ; -32(sp) = lt - - LDD -8(%sp),m_0 - LDD -16(%sp),m1_0 - ADD,L m_0,m1_0,tmp_0 ; tmp_0 = m + m1; - LDD -24(%sp),ht_0 - LDD -32(%sp),lt_0 - - CMPCLR,*>>= tmp_0,m1_0,%r0 ; if (m < m1) - ADD,L ht_0,top_overflow,ht_0 ; ht += (1<<32) - - EXTRD,U tmp_0,31,32,m_0 ; m>>32 - DEPD,Z tmp_0,31,32,m1_0 ; m1 = m<<32 - - ADD,L ht_0,m_0,ht_0 ; ht+= (m>>32) - ADD lt_0,m1_0,lt_0 ; lt= lt+m1; - ADD,DC ht_0,%r0,ht_0 ; ht++ - - ADD %ret1,lt_0,lt_0 ; lt = lt + c; - ADD,DC ht_0,%r0,ht_0 ; ht++ - - COPY ht_0,%ret1 ; copy carry - STD lt_0,0(r_ptr) ; rp[0] = lt - -bn_mul_words_exit - .EXIT - EXTRD,U %ret1,31,32,%ret0 ; for 32-bit, return in ret0/ret1 - LDD -96(%sp),%r7 ; restore r7 - LDD -104(%sp),%r6 ; restore r6 - LDD -112(%sp),%r5 ; restore r5 - LDD -120(%sp),%r4 ; restore r4 - BVE (%rp) - LDD,MB -128(%sp),%r3 ; restore r3 - .PROCEND - -;---------------------------------------------------------------------------- -; -;void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num) -; -; arg0 = rp -; arg1 = ap -; arg2 = num -; - -bn_sqr_words - .proc - .callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE - .EXPORT bn_sqr_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN - .entry - .align 64 - - STD %r3,0(%sp) ; save r3 - STD %r4,8(%sp) ; save r4 - NOP - STD %r5,16(%sp) ; save r5 - - CMPIB,>= 0,num,bn_sqr_words_exit - LDO 128(%sp),%sp ; bump stack - - ; - ; If only 1, the goto straight to cleanup - ; - CMPIB,= 1,num,bn_sqr_words_single_top - DEPDI,Z -1,32,33,high_mask ; Create Mask 0xffffffff80000000L - - ; - ; This loop is unrolled 2 times (64-byte aligned as well) - ; - -bn_sqr_words_unroll2 - FLDD 0(a_ptr),t_float_0 ; a[0] - FLDD 8(a_ptr),t_float_1 ; a[1] - XMPYU fht_0,flt_0,fm ; m[0] - XMPYU fht_1,flt_1,fm_1 ; m[1] - - FSTD fm,-24(%sp) ; store m[0] - FSTD fm_1,-56(%sp) ; store m[1] - XMPYU flt_0,flt_0,lt_temp ; lt[0] - XMPYU flt_1,flt_1,lt_temp_1 ; lt[1] - - FSTD lt_temp,-16(%sp) ; store lt[0] - FSTD lt_temp_1,-48(%sp) ; store lt[1] - XMPYU fht_0,fht_0,ht_temp ; ht[0] - XMPYU fht_1,fht_1,ht_temp_1 ; ht[1] - - FSTD ht_temp,-8(%sp) ; store ht[0] - FSTD ht_temp_1,-40(%sp) ; store ht[1] - LDD -24(%sp),m_0 - LDD -56(%sp),m_1 - - AND m_0,high_mask,tmp_0 ; m[0] & Mask - AND m_1,high_mask,tmp_1 ; m[1] & Mask - DEPD,Z m_0,30,31,m_0 ; m[0] << 32+1 - DEPD,Z m_1,30,31,m_1 ; m[1] << 32+1 - - LDD -16(%sp),lt_0 - LDD -48(%sp),lt_1 - EXTRD,U tmp_0,32,33,tmp_0 ; tmp_0 = m[0]&Mask >> 32-1 - EXTRD,U tmp_1,32,33,tmp_1 ; tmp_1 = m[1]&Mask >> 32-1 - - LDD -8(%sp),ht_0 - LDD -40(%sp),ht_1 - ADD,L ht_0,tmp_0,ht_0 ; ht[0] += tmp_0 - ADD,L ht_1,tmp_1,ht_1 ; ht[1] += tmp_1 - - ADD lt_0,m_0,lt_0 ; lt = lt+m - ADD,DC ht_0,%r0,ht_0 ; ht[0]++ - STD lt_0,0(r_ptr) ; rp[0] = lt[0] - STD ht_0,8(r_ptr) ; rp[1] = ht[1] - - ADD lt_1,m_1,lt_1 ; lt = lt+m - ADD,DC ht_1,%r0,ht_1 ; ht[1]++ - STD lt_1,16(r_ptr) ; rp[2] = lt[1] - STD ht_1,24(r_ptr) ; rp[3] = ht[1] - - LDO -2(num),num ; num = num - 2; - LDO 16(a_ptr),a_ptr ; ap += 2 - CMPIB,<= 2,num,bn_sqr_words_unroll2 - LDO 32(r_ptr),r_ptr ; rp += 4 - - CMPIB,=,N 0,num,bn_sqr_words_exit ; are we done? - - ; - ; Top of loop aligned on 64-byte boundary - ; -bn_sqr_words_single_top - FLDD 0(a_ptr),t_float_0 ; load up 64-bit value (fr8L) ht(L)/lt(R) - - XMPYU fht_0,flt_0,fm ; m - FSTD fm,-24(%sp) ; store m - - XMPYU flt_0,flt_0,lt_temp ; lt - FSTD lt_temp,-16(%sp) ; store lt - - XMPYU fht_0,fht_0,ht_temp ; ht - FSTD ht_temp,-8(%sp) ; store ht - - LDD -24(%sp),m_0 ; load m - AND m_0,high_mask,tmp_0 ; m & Mask - DEPD,Z m_0,30,31,m_0 ; m << 32+1 - LDD -16(%sp),lt_0 ; lt - - LDD -8(%sp),ht_0 ; ht - EXTRD,U tmp_0,32,33,tmp_0 ; tmp_0 = m&Mask >> 32-1 - ADD m_0,lt_0,lt_0 ; lt = lt+m - ADD,L ht_0,tmp_0,ht_0 ; ht += tmp_0 - ADD,DC ht_0,%r0,ht_0 ; ht++ - - STD lt_0,0(r_ptr) ; rp[0] = lt - STD ht_0,8(r_ptr) ; rp[1] = ht - -bn_sqr_words_exit - .EXIT - LDD -112(%sp),%r5 ; restore r5 - LDD -120(%sp),%r4 ; restore r4 - BVE (%rp) - LDD,MB -128(%sp),%r3 - .PROCEND ;in=23,24,25,26,29;out=28; - - -;---------------------------------------------------------------------------- -; -;BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) -; -; arg0 = rp -; arg1 = ap -; arg2 = bp -; arg3 = n - -t .reg %r22 -b .reg %r21 -l .reg %r20 - -bn_add_words - .proc - .entry - .callinfo - .EXPORT bn_add_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN - .align 64 - - CMPIB,>= 0,n,bn_add_words_exit - COPY %r0,%ret1 ; return 0 by default - - ; - ; If 2 or more numbers do the loop - ; - CMPIB,= 1,n,bn_add_words_single_top - NOP - - ; - ; This loop is unrolled 2 times (64-byte aligned as well) - ; -bn_add_words_unroll2 - LDD 0(a_ptr),t - LDD 0(b_ptr),b - ADD t,%ret1,t ; t = t+c; - ADD,DC %r0,%r0,%ret1 ; set c to carry - ADD t,b,l ; l = t + b[0] - ADD,DC %ret1,%r0,%ret1 ; c+= carry - STD l,0(r_ptr) - - LDD 8(a_ptr),t - LDD 8(b_ptr),b - ADD t,%ret1,t ; t = t+c; - ADD,DC %r0,%r0,%ret1 ; set c to carry - ADD t,b,l ; l = t + b[0] - ADD,DC %ret1,%r0,%ret1 ; c+= carry - STD l,8(r_ptr) - - LDO -2(n),n - LDO 16(a_ptr),a_ptr - LDO 16(b_ptr),b_ptr - - CMPIB,<= 2,n,bn_add_words_unroll2 - LDO 16(r_ptr),r_ptr - - CMPIB,=,N 0,n,bn_add_words_exit ; are we done? - -bn_add_words_single_top - LDD 0(a_ptr),t - LDD 0(b_ptr),b - - ADD t,%ret1,t ; t = t+c; - ADD,DC %r0,%r0,%ret1 ; set c to carry (could use CMPCLR??) - ADD t,b,l ; l = t + b[0] - ADD,DC %ret1,%r0,%ret1 ; c+= carry - STD l,0(r_ptr) - -bn_add_words_exit - .EXIT - BVE (%rp) - EXTRD,U %ret1,31,32,%ret0 ; for 32-bit, return in ret0/ret1 - .PROCEND ;in=23,24,25,26,29;out=28; - -;---------------------------------------------------------------------------- -; -;BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) -; -; arg0 = rp -; arg1 = ap -; arg2 = bp -; arg3 = n - -t1 .reg %r22 -t2 .reg %r21 -sub_tmp1 .reg %r20 -sub_tmp2 .reg %r19 - - -bn_sub_words - .proc - .callinfo - .EXPORT bn_sub_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN - .entry - .align 64 - - CMPIB,>= 0,n,bn_sub_words_exit - COPY %r0,%ret1 ; return 0 by default - - ; - ; If 2 or more numbers do the loop - ; - CMPIB,= 1,n,bn_sub_words_single_top - NOP - - ; - ; This loop is unrolled 2 times (64-byte aligned as well) - ; -bn_sub_words_unroll2 - LDD 0(a_ptr),t1 - LDD 0(b_ptr),t2 - SUB t1,t2,sub_tmp1 ; t3 = t1-t2; - SUB sub_tmp1,%ret1,sub_tmp1 ; t3 = t3- c; - - CMPCLR,*>> t1,t2,sub_tmp2 ; clear if t1 > t2 - LDO 1(%r0),sub_tmp2 - - CMPCLR,*= t1,t2,%r0 - COPY sub_tmp2,%ret1 - STD sub_tmp1,0(r_ptr) - - LDD 8(a_ptr),t1 - LDD 8(b_ptr),t2 - SUB t1,t2,sub_tmp1 ; t3 = t1-t2; - SUB sub_tmp1,%ret1,sub_tmp1 ; t3 = t3- c; - CMPCLR,*>> t1,t2,sub_tmp2 ; clear if t1 > t2 - LDO 1(%r0),sub_tmp2 - - CMPCLR,*= t1,t2,%r0 - COPY sub_tmp2,%ret1 - STD sub_tmp1,8(r_ptr) - - LDO -2(n),n - LDO 16(a_ptr),a_ptr - LDO 16(b_ptr),b_ptr - - CMPIB,<= 2,n,bn_sub_words_unroll2 - LDO 16(r_ptr),r_ptr - - CMPIB,=,N 0,n,bn_sub_words_exit ; are we done? - -bn_sub_words_single_top - LDD 0(a_ptr),t1 - LDD 0(b_ptr),t2 - SUB t1,t2,sub_tmp1 ; t3 = t1-t2; - SUB sub_tmp1,%ret1,sub_tmp1 ; t3 = t3- c; - CMPCLR,*>> t1,t2,sub_tmp2 ; clear if t1 > t2 - LDO 1(%r0),sub_tmp2 - - CMPCLR,*= t1,t2,%r0 - COPY sub_tmp2,%ret1 - - STD sub_tmp1,0(r_ptr) - -bn_sub_words_exit - .EXIT - BVE (%rp) - EXTRD,U %ret1,31,32,%ret0 ; for 32-bit, return in ret0/ret1 - .PROCEND ;in=23,24,25,26,29;out=28; - -;------------------------------------------------------------------------------ -; -; unsigned long bn_div_words(unsigned long h, unsigned long l, unsigned long d) -; -; arg0 = h -; arg1 = l -; arg2 = d -; -; This is mainly just output from the HP C compiler. -; -;------------------------------------------------------------------------------ -bn_div_words - .PROC - .EXPORT bn_div_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR,LONG_RETURN - .IMPORT BN_num_bits_word,CODE - ;--- not PIC .IMPORT __iob,DATA - ;--- not PIC .IMPORT fprintf,CODE - .IMPORT abort,CODE - .IMPORT $$div2U,MILLICODE - .CALLINFO CALLER,FRAME=144,ENTRY_GR=%r9,SAVE_RP,ARGS_SAVED,ORDERING_AWARE - .ENTRY - STW %r2,-20(%r30) ;offset 0x8ec - STW,MA %r3,192(%r30) ;offset 0x8f0 - STW %r4,-188(%r30) ;offset 0x8f4 - DEPD %r5,31,32,%r6 ;offset 0x8f8 - STD %r6,-184(%r30) ;offset 0x8fc - DEPD %r7,31,32,%r8 ;offset 0x900 - STD %r8,-176(%r30) ;offset 0x904 - STW %r9,-168(%r30) ;offset 0x908 - LDD -248(%r30),%r3 ;offset 0x90c - COPY %r26,%r4 ;offset 0x910 - COPY %r24,%r5 ;offset 0x914 - DEPD %r25,31,32,%r4 ;offset 0x918 - CMPB,*<> %r3,%r0,$0006000C ;offset 0x91c - DEPD %r23,31,32,%r5 ;offset 0x920 - MOVIB,TR -1,%r29,$00060002 ;offset 0x924 - EXTRD,U %r29,31,32,%r28 ;offset 0x928 -$0006002A - LDO -1(%r29),%r29 ;offset 0x92c - SUB %r23,%r7,%r23 ;offset 0x930 -$00060024 - SUB %r4,%r31,%r25 ;offset 0x934 - AND %r25,%r19,%r26 ;offset 0x938 - CMPB,*<>,N %r0,%r26,$00060046 ;offset 0x93c - DEPD,Z %r25,31,32,%r20 ;offset 0x940 - OR %r20,%r24,%r21 ;offset 0x944 - CMPB,*<<,N %r21,%r23,$0006002A ;offset 0x948 - SUB %r31,%r2,%r31 ;offset 0x94c -$00060046 -$0006002E - DEPD,Z %r23,31,32,%r25 ;offset 0x950 - EXTRD,U %r23,31,32,%r26 ;offset 0x954 - AND %r25,%r19,%r24 ;offset 0x958 - ADD,L %r31,%r26,%r31 ;offset 0x95c - CMPCLR,*>>= %r5,%r24,%r0 ;offset 0x960 - LDO 1(%r31),%r31 ;offset 0x964 -$00060032 - CMPB,*<<=,N %r31,%r4,$00060036 ;offset 0x968 - LDO -1(%r29),%r29 ;offset 0x96c - ADD,L %r4,%r3,%r4 ;offset 0x970 -$00060036 - ADDIB,=,N -1,%r8,$D0 ;offset 0x974 - SUB %r5,%r24,%r28 ;offset 0x978 -$0006003A - SUB %r4,%r31,%r24 ;offset 0x97c - SHRPD %r24,%r28,32,%r4 ;offset 0x980 - DEPD,Z %r29,31,32,%r9 ;offset 0x984 - DEPD,Z %r28,31,32,%r5 ;offset 0x988 -$0006001C - EXTRD,U %r4,31,32,%r31 ;offset 0x98c - CMPB,*<>,N %r31,%r2,$00060020 ;offset 0x990 - MOVB,TR %r6,%r29,$D1 ;offset 0x994 - STD %r29,-152(%r30) ;offset 0x998 -$0006000C - EXTRD,U %r3,31,32,%r25 ;offset 0x99c - COPY %r3,%r26 ;offset 0x9a0 - EXTRD,U %r3,31,32,%r9 ;offset 0x9a4 - EXTRD,U %r4,31,32,%r8 ;offset 0x9a8 - .CALL ARGW0=GR,ARGW1=GR,RTNVAL=GR ;in=25,26;out=28; - B,L BN_num_bits_word,%r2 ;offset 0x9ac - EXTRD,U %r5,31,32,%r7 ;offset 0x9b0 - LDI 64,%r20 ;offset 0x9b4 - DEPD %r7,31,32,%r5 ;offset 0x9b8 - DEPD %r8,31,32,%r4 ;offset 0x9bc - DEPD %r9,31,32,%r3 ;offset 0x9c0 - CMPB,= %r28,%r20,$00060012 ;offset 0x9c4 - COPY %r28,%r24 ;offset 0x9c8 - MTSARCM %r24 ;offset 0x9cc - DEPDI,Z -1,%sar,1,%r19 ;offset 0x9d0 - CMPB,*>>,N %r4,%r19,$D2 ;offset 0x9d4 -$00060012 - SUBI 64,%r24,%r31 ;offset 0x9d8 - CMPCLR,*<< %r4,%r3,%r0 ;offset 0x9dc - SUB %r4,%r3,%r4 ;offset 0x9e0 -$00060016 - CMPB,= %r31,%r0,$0006001A ;offset 0x9e4 - COPY %r0,%r9 ;offset 0x9e8 - MTSARCM %r31 ;offset 0x9ec - DEPD,Z %r3,%sar,64,%r3 ;offset 0x9f0 - SUBI 64,%r31,%r26 ;offset 0x9f4 - MTSAR %r26 ;offset 0x9f8 - SHRPD %r4,%r5,%sar,%r4 ;offset 0x9fc - MTSARCM %r31 ;offset 0xa00 - DEPD,Z %r5,%sar,64,%r5 ;offset 0xa04 -$0006001A - DEPDI,Z -1,31,32,%r19 ;offset 0xa08 - AND %r3,%r19,%r29 ;offset 0xa0c - EXTRD,U %r29,31,32,%r2 ;offset 0xa10 - DEPDI,Z -1,63,32,%r6 ;offset 0xa14 - MOVIB,TR 2,%r8,$0006001C ;offset 0xa18 - EXTRD,U %r3,63,32,%r7 ;offset 0xa1c -$D2 - ;--- not PIC ADDIL LR'__iob-$global$,%r27,%r1 ;offset 0xa20 - ;--- not PIC LDIL LR'C$7,%r21 ;offset 0xa24 - ;--- not PIC LDO RR'__iob-$global$+32(%r1),%r26 ;offset 0xa28 - ;--- not PIC .CALL ARGW0=GR,ARGW1=GR,ARGW2=GR,RTNVAL=GR ;in=24,25,26;out=28; - ;--- not PIC B,L fprintf,%r2 ;offset 0xa2c - ;--- not PIC LDO RR'C$7(%r21),%r25 ;offset 0xa30 - .CALL ; - B,L abort,%r2 ;offset 0xa34 - NOP ;offset 0xa38 - B $D3 ;offset 0xa3c - LDW -212(%r30),%r2 ;offset 0xa40 -$00060020 - COPY %r4,%r26 ;offset 0xa44 - EXTRD,U %r4,31,32,%r25 ;offset 0xa48 - COPY %r2,%r24 ;offset 0xa4c - .CALL ;in=23,24,25,26;out=20,21,22,28,29; (MILLICALL) - B,L $$div2U,%r31 ;offset 0xa50 - EXTRD,U %r2,31,32,%r23 ;offset 0xa54 - DEPD %r28,31,32,%r29 ;offset 0xa58 -$00060022 - STD %r29,-152(%r30) ;offset 0xa5c -$D1 - AND %r5,%r19,%r24 ;offset 0xa60 - EXTRD,U %r24,31,32,%r24 ;offset 0xa64 - STW %r2,-160(%r30) ;offset 0xa68 - STW %r7,-128(%r30) ;offset 0xa6c - FLDD -152(%r30),%fr4 ;offset 0xa70 - FLDD -152(%r30),%fr7 ;offset 0xa74 - FLDW -160(%r30),%fr8L ;offset 0xa78 - FLDW -128(%r30),%fr5L ;offset 0xa7c - XMPYU %fr8L,%fr7L,%fr10 ;offset 0xa80 - FSTD %fr10,-136(%r30) ;offset 0xa84 - XMPYU %fr8L,%fr7R,%fr22 ;offset 0xa88 - FSTD %fr22,-144(%r30) ;offset 0xa8c - XMPYU %fr5L,%fr4L,%fr11 ;offset 0xa90 - XMPYU %fr5L,%fr4R,%fr23 ;offset 0xa94 - FSTD %fr11,-112(%r30) ;offset 0xa98 - FSTD %fr23,-120(%r30) ;offset 0xa9c - LDD -136(%r30),%r28 ;offset 0xaa0 - DEPD,Z %r28,31,32,%r31 ;offset 0xaa4 - LDD -144(%r30),%r20 ;offset 0xaa8 - ADD,L %r20,%r31,%r31 ;offset 0xaac - LDD -112(%r30),%r22 ;offset 0xab0 - DEPD,Z %r22,31,32,%r22 ;offset 0xab4 - LDD -120(%r30),%r21 ;offset 0xab8 - B $00060024 ;offset 0xabc - ADD,L %r21,%r22,%r23 ;offset 0xac0 -$D0 - OR %r9,%r29,%r29 ;offset 0xac4 -$00060040 - EXTRD,U %r29,31,32,%r28 ;offset 0xac8 -$00060002 -$L2 - LDW -212(%r30),%r2 ;offset 0xacc -$D3 - LDW -168(%r30),%r9 ;offset 0xad0 - LDD -176(%r30),%r8 ;offset 0xad4 - EXTRD,U %r8,31,32,%r7 ;offset 0xad8 - LDD -184(%r30),%r6 ;offset 0xadc - EXTRD,U %r6,31,32,%r5 ;offset 0xae0 - LDW -188(%r30),%r4 ;offset 0xae4 - BVE (%r2) ;offset 0xae8 - .EXIT - LDW,MB -192(%r30),%r3 ;offset 0xaec - .PROCEND ;in=23,25;out=28,29;fpin=105,107; - - - - -;---------------------------------------------------------------------------- -; -; Registers to hold 64-bit values to manipulate. The "L" part -; of the register corresponds to the upper 32-bits, while the "R" -; part corresponds to the lower 32-bits -; -; Note, that when using b6 and b7, the code must save these before -; using them because they are callee save registers -; -; -; Floating point registers to use to save values that -; are manipulated. These don't collide with ftemp1-6 and -; are all caller save registers -; -a0 .reg %fr22 -a0L .reg %fr22L -a0R .reg %fr22R - -a1 .reg %fr23 -a1L .reg %fr23L -a1R .reg %fr23R - -a2 .reg %fr24 -a2L .reg %fr24L -a2R .reg %fr24R - -a3 .reg %fr25 -a3L .reg %fr25L -a3R .reg %fr25R - -a4 .reg %fr26 -a4L .reg %fr26L -a4R .reg %fr26R - -a5 .reg %fr27 -a5L .reg %fr27L -a5R .reg %fr27R - -a6 .reg %fr28 -a6L .reg %fr28L -a6R .reg %fr28R - -a7 .reg %fr29 -a7L .reg %fr29L -a7R .reg %fr29R - -b0 .reg %fr30 -b0L .reg %fr30L -b0R .reg %fr30R - -b1 .reg %fr31 -b1L .reg %fr31L -b1R .reg %fr31R - -; -; Temporary floating point variables, these are all caller save -; registers -; -ftemp1 .reg %fr4 -ftemp2 .reg %fr5 -ftemp3 .reg %fr6 -ftemp4 .reg %fr7 - -; -; The B set of registers when used. -; - -b2 .reg %fr8 -b2L .reg %fr8L -b2R .reg %fr8R - -b3 .reg %fr9 -b3L .reg %fr9L -b3R .reg %fr9R - -b4 .reg %fr10 -b4L .reg %fr10L -b4R .reg %fr10R - -b5 .reg %fr11 -b5L .reg %fr11L -b5R .reg %fr11R - -b6 .reg %fr12 -b6L .reg %fr12L -b6R .reg %fr12R - -b7 .reg %fr13 -b7L .reg %fr13L -b7R .reg %fr13R - -c1 .reg %r21 ; only reg -temp1 .reg %r20 ; only reg -temp2 .reg %r19 ; only reg -temp3 .reg %r31 ; only reg - -m1 .reg %r28 -c2 .reg %r23 -high_one .reg %r1 -ht .reg %r6 -lt .reg %r5 -m .reg %r4 -c3 .reg %r3 - -SQR_ADD_C .macro A0L,A0R,C1,C2,C3 - XMPYU A0L,A0R,ftemp1 ; m - FSTD ftemp1,-24(%sp) ; store m - - XMPYU A0R,A0R,ftemp2 ; lt - FSTD ftemp2,-16(%sp) ; store lt - - XMPYU A0L,A0L,ftemp3 ; ht - FSTD ftemp3,-8(%sp) ; store ht - - LDD -24(%sp),m ; load m - AND m,high_mask,temp2 ; m & Mask - DEPD,Z m,30,31,temp3 ; m << 32+1 - LDD -16(%sp),lt ; lt - - LDD -8(%sp),ht ; ht - EXTRD,U temp2,32,33,temp1 ; temp1 = m&Mask >> 32-1 - ADD temp3,lt,lt ; lt = lt+m - ADD,L ht,temp1,ht ; ht += temp1 - ADD,DC ht,%r0,ht ; ht++ - - ADD C1,lt,C1 ; c1=c1+lt - ADD,DC ht,%r0,ht ; ht++ - - ADD C2,ht,C2 ; c2=c2+ht - ADD,DC C3,%r0,C3 ; c3++ -.endm - -SQR_ADD_C2 .macro A0L,A0R,A1L,A1R,C1,C2,C3 - XMPYU A0L,A1R,ftemp1 ; m1 = bl*ht - FSTD ftemp1,-16(%sp) ; - XMPYU A0R,A1L,ftemp2 ; m = bh*lt - FSTD ftemp2,-8(%sp) ; - XMPYU A0R,A1R,ftemp3 ; lt = bl*lt - FSTD ftemp3,-32(%sp) - XMPYU A0L,A1L,ftemp4 ; ht = bh*ht - FSTD ftemp4,-24(%sp) ; - - LDD -8(%sp),m ; r21 = m - LDD -16(%sp),m1 ; r19 = m1 - ADD,L m,m1,m ; m+m1 - - DEPD,Z m,31,32,temp3 ; (m+m1<<32) - LDD -24(%sp),ht ; r24 = ht - - CMPCLR,*>>= m,m1,%r0 ; if (m < m1) - ADD,L ht,high_one,ht ; ht+=high_one - - EXTRD,U m,31,32,temp1 ; m >> 32 - LDD -32(%sp),lt ; lt - ADD,L ht,temp1,ht ; ht+= m>>32 - ADD lt,temp3,lt ; lt = lt+m1 - ADD,DC ht,%r0,ht ; ht++ - - ADD ht,ht,ht ; ht=ht+ht; - ADD,DC C3,%r0,C3 ; add in carry (c3++) - - ADD lt,lt,lt ; lt=lt+lt; - ADD,DC ht,%r0,ht ; add in carry (ht++) - - ADD C1,lt,C1 ; c1=c1+lt - ADD,DC,*NUV ht,%r0,ht ; add in carry (ht++) - LDO 1(C3),C3 ; bump c3 if overflow,nullify otherwise - - ADD C2,ht,C2 ; c2 = c2 + ht - ADD,DC C3,%r0,C3 ; add in carry (c3++) -.endm - -; -;void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a) -; arg0 = r_ptr -; arg1 = a_ptr -; - -bn_sqr_comba8 - .PROC - .CALLINFO FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE - .EXPORT bn_sqr_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN - .ENTRY - .align 64 - - STD %r3,0(%sp) ; save r3 - STD %r4,8(%sp) ; save r4 - STD %r5,16(%sp) ; save r5 - STD %r6,24(%sp) ; save r6 - - ; - ; Zero out carries - ; - COPY %r0,c1 - COPY %r0,c2 - COPY %r0,c3 - - LDO 128(%sp),%sp ; bump stack - DEPDI,Z -1,32,33,high_mask ; Create Mask 0xffffffff80000000L - DEPDI,Z 1,31,1,high_one ; Create Value 1 << 32 - - ; - ; Load up all of the values we are going to use - ; - FLDD 0(a_ptr),a0 - FLDD 8(a_ptr),a1 - FLDD 16(a_ptr),a2 - FLDD 24(a_ptr),a3 - FLDD 32(a_ptr),a4 - FLDD 40(a_ptr),a5 - FLDD 48(a_ptr),a6 - FLDD 56(a_ptr),a7 - - SQR_ADD_C a0L,a0R,c1,c2,c3 - STD c1,0(r_ptr) ; r[0] = c1; - COPY %r0,c1 - - SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1 - STD c2,8(r_ptr) ; r[1] = c2; - COPY %r0,c2 - - SQR_ADD_C a1L,a1R,c3,c1,c2 - SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2 - STD c3,16(r_ptr) ; r[2] = c3; - COPY %r0,c3 - - SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3 - SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3 - STD c1,24(r_ptr) ; r[3] = c1; - COPY %r0,c1 - - SQR_ADD_C a2L,a2R,c2,c3,c1 - SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1 - SQR_ADD_C2 a4L,a4R,a0L,a0R,c2,c3,c1 - STD c2,32(r_ptr) ; r[4] = c2; - COPY %r0,c2 - - SQR_ADD_C2 a5L,a5R,a0L,a0R,c3,c1,c2 - SQR_ADD_C2 a4L,a4R,a1L,a1R,c3,c1,c2 - SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2 - STD c3,40(r_ptr) ; r[5] = c3; - COPY %r0,c3 - - SQR_ADD_C a3L,a3R,c1,c2,c3 - SQR_ADD_C2 a4L,a4R,a2L,a2R,c1,c2,c3 - SQR_ADD_C2 a5L,a5R,a1L,a1R,c1,c2,c3 - SQR_ADD_C2 a6L,a6R,a0L,a0R,c1,c2,c3 - STD c1,48(r_ptr) ; r[6] = c1; - COPY %r0,c1 - - SQR_ADD_C2 a7L,a7R,a0L,a0R,c2,c3,c1 - SQR_ADD_C2 a6L,a6R,a1L,a1R,c2,c3,c1 - SQR_ADD_C2 a5L,a5R,a2L,a2R,c2,c3,c1 - SQR_ADD_C2 a4L,a4R,a3L,a3R,c2,c3,c1 - STD c2,56(r_ptr) ; r[7] = c2; - COPY %r0,c2 - - SQR_ADD_C a4L,a4R,c3,c1,c2 - SQR_ADD_C2 a5L,a5R,a3L,a3R,c3,c1,c2 - SQR_ADD_C2 a6L,a6R,a2L,a2R,c3,c1,c2 - SQR_ADD_C2 a7L,a7R,a1L,a1R,c3,c1,c2 - STD c3,64(r_ptr) ; r[8] = c3; - COPY %r0,c3 - - SQR_ADD_C2 a7L,a7R,a2L,a2R,c1,c2,c3 - SQR_ADD_C2 a6L,a6R,a3L,a3R,c1,c2,c3 - SQR_ADD_C2 a5L,a5R,a4L,a4R,c1,c2,c3 - STD c1,72(r_ptr) ; r[9] = c1; - COPY %r0,c1 - - SQR_ADD_C a5L,a5R,c2,c3,c1 - SQR_ADD_C2 a6L,a6R,a4L,a4R,c2,c3,c1 - SQR_ADD_C2 a7L,a7R,a3L,a3R,c2,c3,c1 - STD c2,80(r_ptr) ; r[10] = c2; - COPY %r0,c2 - - SQR_ADD_C2 a7L,a7R,a4L,a4R,c3,c1,c2 - SQR_ADD_C2 a6L,a6R,a5L,a5R,c3,c1,c2 - STD c3,88(r_ptr) ; r[11] = c3; - COPY %r0,c3 - - SQR_ADD_C a6L,a6R,c1,c2,c3 - SQR_ADD_C2 a7L,a7R,a5L,a5R,c1,c2,c3 - STD c1,96(r_ptr) ; r[12] = c1; - COPY %r0,c1 - - SQR_ADD_C2 a7L,a7R,a6L,a6R,c2,c3,c1 - STD c2,104(r_ptr) ; r[13] = c2; - COPY %r0,c2 - - SQR_ADD_C a7L,a7R,c3,c1,c2 - STD c3, 112(r_ptr) ; r[14] = c3 - STD c1, 120(r_ptr) ; r[15] = c1 - - .EXIT - LDD -104(%sp),%r6 ; restore r6 - LDD -112(%sp),%r5 ; restore r5 - LDD -120(%sp),%r4 ; restore r4 - BVE (%rp) - LDD,MB -128(%sp),%r3 - - .PROCEND - -;----------------------------------------------------------------------------- -; -;void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a) -; arg0 = r_ptr -; arg1 = a_ptr -; - -bn_sqr_comba4 - .proc - .callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE - .EXPORT bn_sqr_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN - .entry - .align 64 - STD %r3,0(%sp) ; save r3 - STD %r4,8(%sp) ; save r4 - STD %r5,16(%sp) ; save r5 - STD %r6,24(%sp) ; save r6 - - ; - ; Zero out carries - ; - COPY %r0,c1 - COPY %r0,c2 - COPY %r0,c3 - - LDO 128(%sp),%sp ; bump stack - DEPDI,Z -1,32,33,high_mask ; Create Mask 0xffffffff80000000L - DEPDI,Z 1,31,1,high_one ; Create Value 1 << 32 - - ; - ; Load up all of the values we are going to use - ; - FLDD 0(a_ptr),a0 - FLDD 8(a_ptr),a1 - FLDD 16(a_ptr),a2 - FLDD 24(a_ptr),a3 - FLDD 32(a_ptr),a4 - FLDD 40(a_ptr),a5 - FLDD 48(a_ptr),a6 - FLDD 56(a_ptr),a7 - - SQR_ADD_C a0L,a0R,c1,c2,c3 - - STD c1,0(r_ptr) ; r[0] = c1; - COPY %r0,c1 - - SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1 - - STD c2,8(r_ptr) ; r[1] = c2; - COPY %r0,c2 - - SQR_ADD_C a1L,a1R,c3,c1,c2 - SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2 - - STD c3,16(r_ptr) ; r[2] = c3; - COPY %r0,c3 - - SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3 - SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3 - - STD c1,24(r_ptr) ; r[3] = c1; - COPY %r0,c1 - - SQR_ADD_C a2L,a2R,c2,c3,c1 - SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1 - - STD c2,32(r_ptr) ; r[4] = c2; - COPY %r0,c2 - - SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2 - STD c3,40(r_ptr) ; r[5] = c3; - COPY %r0,c3 - - SQR_ADD_C a3L,a3R,c1,c2,c3 - STD c1,48(r_ptr) ; r[6] = c1; - STD c2,56(r_ptr) ; r[7] = c2; - - .EXIT - LDD -104(%sp),%r6 ; restore r6 - LDD -112(%sp),%r5 ; restore r5 - LDD -120(%sp),%r4 ; restore r4 - BVE (%rp) - LDD,MB -128(%sp),%r3 - - .PROCEND - - -;--------------------------------------------------------------------------- - -MUL_ADD_C .macro A0L,A0R,B0L,B0R,C1,C2,C3 - XMPYU A0L,B0R,ftemp1 ; m1 = bl*ht - FSTD ftemp1,-16(%sp) ; - XMPYU A0R,B0L,ftemp2 ; m = bh*lt - FSTD ftemp2,-8(%sp) ; - XMPYU A0R,B0R,ftemp3 ; lt = bl*lt - FSTD ftemp3,-32(%sp) - XMPYU A0L,B0L,ftemp4 ; ht = bh*ht - FSTD ftemp4,-24(%sp) ; - - LDD -8(%sp),m ; r21 = m - LDD -16(%sp),m1 ; r19 = m1 - ADD,L m,m1,m ; m+m1 - - DEPD,Z m,31,32,temp3 ; (m+m1<<32) - LDD -24(%sp),ht ; r24 = ht - - CMPCLR,*>>= m,m1,%r0 ; if (m < m1) - ADD,L ht,high_one,ht ; ht+=high_one - - EXTRD,U m,31,32,temp1 ; m >> 32 - LDD -32(%sp),lt ; lt - ADD,L ht,temp1,ht ; ht+= m>>32 - ADD lt,temp3,lt ; lt = lt+m1 - ADD,DC ht,%r0,ht ; ht++ - - ADD C1,lt,C1 ; c1=c1+lt - ADD,DC ht,%r0,ht ; bump c3 if overflow,nullify otherwise - - ADD C2,ht,C2 ; c2 = c2 + ht - ADD,DC C3,%r0,C3 ; add in carry (c3++) -.endm - - -; -;void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) -; arg0 = r_ptr -; arg1 = a_ptr -; arg2 = b_ptr -; - -bn_mul_comba8 - .proc - .callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE - .EXPORT bn_mul_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN - .entry - .align 64 - - STD %r3,0(%sp) ; save r3 - STD %r4,8(%sp) ; save r4 - STD %r5,16(%sp) ; save r5 - STD %r6,24(%sp) ; save r6 - FSTD %fr12,32(%sp) ; save r6 - FSTD %fr13,40(%sp) ; save r7 - - ; - ; Zero out carries - ; - COPY %r0,c1 - COPY %r0,c2 - COPY %r0,c3 - - LDO 128(%sp),%sp ; bump stack - DEPDI,Z 1,31,1,high_one ; Create Value 1 << 32 - - ; - ; Load up all of the values we are going to use - ; - FLDD 0(a_ptr),a0 - FLDD 8(a_ptr),a1 - FLDD 16(a_ptr),a2 - FLDD 24(a_ptr),a3 - FLDD 32(a_ptr),a4 - FLDD 40(a_ptr),a5 - FLDD 48(a_ptr),a6 - FLDD 56(a_ptr),a7 - - FLDD 0(b_ptr),b0 - FLDD 8(b_ptr),b1 - FLDD 16(b_ptr),b2 - FLDD 24(b_ptr),b3 - FLDD 32(b_ptr),b4 - FLDD 40(b_ptr),b5 - FLDD 48(b_ptr),b6 - FLDD 56(b_ptr),b7 - - MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3 - STD c1,0(r_ptr) - COPY %r0,c1 - - MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1 - MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1 - STD c2,8(r_ptr) - COPY %r0,c2 - - MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2 - MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2 - MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2 - STD c3,16(r_ptr) - COPY %r0,c3 - - MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3 - MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3 - MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3 - MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3 - STD c1,24(r_ptr) - COPY %r0,c1 - - MUL_ADD_C a4L,a4R,b0L,b0R,c2,c3,c1 - MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1 - MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1 - MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1 - MUL_ADD_C a0L,a0R,b4L,b4R,c2,c3,c1 - STD c2,32(r_ptr) - COPY %r0,c2 - - MUL_ADD_C a0L,a0R,b5L,b5R,c3,c1,c2 - MUL_ADD_C a1L,a1R,b4L,b4R,c3,c1,c2 - MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2 - MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2 - MUL_ADD_C a4L,a4R,b1L,b1R,c3,c1,c2 - MUL_ADD_C a5L,a5R,b0L,b0R,c3,c1,c2 - STD c3,40(r_ptr) - COPY %r0,c3 - - MUL_ADD_C a6L,a6R,b0L,b0R,c1,c2,c3 - MUL_ADD_C a5L,a5R,b1L,b1R,c1,c2,c3 - MUL_ADD_C a4L,a4R,b2L,b2R,c1,c2,c3 - MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3 - MUL_ADD_C a2L,a2R,b4L,b4R,c1,c2,c3 - MUL_ADD_C a1L,a1R,b5L,b5R,c1,c2,c3 - MUL_ADD_C a0L,a0R,b6L,b6R,c1,c2,c3 - STD c1,48(r_ptr) - COPY %r0,c1 - - MUL_ADD_C a0L,a0R,b7L,b7R,c2,c3,c1 - MUL_ADD_C a1L,a1R,b6L,b6R,c2,c3,c1 - MUL_ADD_C a2L,a2R,b5L,b5R,c2,c3,c1 - MUL_ADD_C a3L,a3R,b4L,b4R,c2,c3,c1 - MUL_ADD_C a4L,a4R,b3L,b3R,c2,c3,c1 - MUL_ADD_C a5L,a5R,b2L,b2R,c2,c3,c1 - MUL_ADD_C a6L,a6R,b1L,b1R,c2,c3,c1 - MUL_ADD_C a7L,a7R,b0L,b0R,c2,c3,c1 - STD c2,56(r_ptr) - COPY %r0,c2 - - MUL_ADD_C a7L,a7R,b1L,b1R,c3,c1,c2 - MUL_ADD_C a6L,a6R,b2L,b2R,c3,c1,c2 - MUL_ADD_C a5L,a5R,b3L,b3R,c3,c1,c2 - MUL_ADD_C a4L,a4R,b4L,b4R,c3,c1,c2 - MUL_ADD_C a3L,a3R,b5L,b5R,c3,c1,c2 - MUL_ADD_C a2L,a2R,b6L,b6R,c3,c1,c2 - MUL_ADD_C a1L,a1R,b7L,b7R,c3,c1,c2 - STD c3,64(r_ptr) - COPY %r0,c3 - - MUL_ADD_C a2L,a2R,b7L,b7R,c1,c2,c3 - MUL_ADD_C a3L,a3R,b6L,b6R,c1,c2,c3 - MUL_ADD_C a4L,a4R,b5L,b5R,c1,c2,c3 - MUL_ADD_C a5L,a5R,b4L,b4R,c1,c2,c3 - MUL_ADD_C a6L,a6R,b3L,b3R,c1,c2,c3 - MUL_ADD_C a7L,a7R,b2L,b2R,c1,c2,c3 - STD c1,72(r_ptr) - COPY %r0,c1 - - MUL_ADD_C a7L,a7R,b3L,b3R,c2,c3,c1 - MUL_ADD_C a6L,a6R,b4L,b4R,c2,c3,c1 - MUL_ADD_C a5L,a5R,b5L,b5R,c2,c3,c1 - MUL_ADD_C a4L,a4R,b6L,b6R,c2,c3,c1 - MUL_ADD_C a3L,a3R,b7L,b7R,c2,c3,c1 - STD c2,80(r_ptr) - COPY %r0,c2 - - MUL_ADD_C a4L,a4R,b7L,b7R,c3,c1,c2 - MUL_ADD_C a5L,a5R,b6L,b6R,c3,c1,c2 - MUL_ADD_C a6L,a6R,b5L,b5R,c3,c1,c2 - MUL_ADD_C a7L,a7R,b4L,b4R,c3,c1,c2 - STD c3,88(r_ptr) - COPY %r0,c3 - - MUL_ADD_C a7L,a7R,b5L,b5R,c1,c2,c3 - MUL_ADD_C a6L,a6R,b6L,b6R,c1,c2,c3 - MUL_ADD_C a5L,a5R,b7L,b7R,c1,c2,c3 - STD c1,96(r_ptr) - COPY %r0,c1 - - MUL_ADD_C a6L,a6R,b7L,b7R,c2,c3,c1 - MUL_ADD_C a7L,a7R,b6L,b6R,c2,c3,c1 - STD c2,104(r_ptr) - COPY %r0,c2 - - MUL_ADD_C a7L,a7R,b7L,b7R,c3,c1,c2 - STD c3,112(r_ptr) - STD c1,120(r_ptr) - - .EXIT - FLDD -88(%sp),%fr13 - FLDD -96(%sp),%fr12 - LDD -104(%sp),%r6 ; restore r6 - LDD -112(%sp),%r5 ; restore r5 - LDD -120(%sp),%r4 ; restore r4 - BVE (%rp) - LDD,MB -128(%sp),%r3 - - .PROCEND - -;----------------------------------------------------------------------------- -; -;void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) -; arg0 = r_ptr -; arg1 = a_ptr -; arg2 = b_ptr -; - -bn_mul_comba4 - .proc - .callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE - .EXPORT bn_mul_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN - .entry - .align 64 - - STD %r3,0(%sp) ; save r3 - STD %r4,8(%sp) ; save r4 - STD %r5,16(%sp) ; save r5 - STD %r6,24(%sp) ; save r6 - FSTD %fr12,32(%sp) ; save r6 - FSTD %fr13,40(%sp) ; save r7 - - ; - ; Zero out carries - ; - COPY %r0,c1 - COPY %r0,c2 - COPY %r0,c3 - - LDO 128(%sp),%sp ; bump stack - DEPDI,Z 1,31,1,high_one ; Create Value 1 << 32 - - ; - ; Load up all of the values we are going to use - ; - FLDD 0(a_ptr),a0 - FLDD 8(a_ptr),a1 - FLDD 16(a_ptr),a2 - FLDD 24(a_ptr),a3 - - FLDD 0(b_ptr),b0 - FLDD 8(b_ptr),b1 - FLDD 16(b_ptr),b2 - FLDD 24(b_ptr),b3 - - MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3 - STD c1,0(r_ptr) - COPY %r0,c1 - - MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1 - MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1 - STD c2,8(r_ptr) - COPY %r0,c2 - - MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2 - MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2 - MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2 - STD c3,16(r_ptr) - COPY %r0,c3 - - MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3 - MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3 - MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3 - MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3 - STD c1,24(r_ptr) - COPY %r0,c1 - - MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1 - MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1 - MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1 - STD c2,32(r_ptr) - COPY %r0,c2 - - MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2 - MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2 - STD c3,40(r_ptr) - COPY %r0,c3 - - MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3 - STD c1,48(r_ptr) - STD c2,56(r_ptr) - - .EXIT - FLDD -88(%sp),%fr13 - FLDD -96(%sp),%fr12 - LDD -104(%sp),%r6 ; restore r6 - LDD -112(%sp),%r5 ; restore r5 - LDD -120(%sp),%r4 ; restore r4 - BVE (%rp) - LDD,MB -128(%sp),%r3 - - .PROCEND - - -;--- not PIC .SPACE $TEXT$ -;--- not PIC .SUBSPA $CODE$ -;--- not PIC .SPACE $PRIVATE$,SORT=16 -;--- not PIC .IMPORT $global$,DATA -;--- not PIC .SPACE $TEXT$ -;--- not PIC .SUBSPA $CODE$ -;--- not PIC .SUBSPA $LIT$,ACCESS=0x2c -;--- not PIC C$7 -;--- not PIC .ALIGN 8 -;--- not PIC .STRINGZ "Division would overflow (%d)\n" - .END diff --git a/deps/openssl/openssl/crypto/bn/asm/pa-risc2W.s b/deps/openssl/openssl/crypto/bn/asm/pa-risc2W.s deleted file mode 100644 index 97381172e727cb..00000000000000 --- a/deps/openssl/openssl/crypto/bn/asm/pa-risc2W.s +++ /dev/null @@ -1,1612 +0,0 @@ -; Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. -; -; Licensed under the OpenSSL license (the "License"). You may not use -; this file except in compliance with the License. You can obtain a copy -; in the file LICENSE in the source distribution or at -; https://www.openssl.org/source/license.html - -; -; PA-RISC 64-bit implementation of bn_asm code -; -; This code is approximately 2x faster than the C version -; for RSA/DSA. -; -; See http://devresource.hp.com/ for more details on the PA-RISC -; architecture. Also see the book "PA-RISC 2.0 Architecture" -; by Gerry Kane for information on the instruction set architecture. -; -; Code written by Chris Ruemmler (with some help from the HP C -; compiler). -; -; The code compiles with HP's assembler -; - - .level 2.0W - .space $TEXT$ - .subspa $CODE$,QUAD=0,ALIGN=8,ACCESS=0x2c,CODE_ONLY - -; -; Global Register definitions used for the routines. -; -; Some information about HP's runtime architecture for 64-bits. -; -; "Caller save" means the calling function must save the register -; if it wants the register to be preserved. -; "Callee save" means if a function uses the register, it must save -; the value before using it. -; -; For the floating point registers -; -; "caller save" registers: fr4-fr11, fr22-fr31 -; "callee save" registers: fr12-fr21 -; "special" registers: fr0-fr3 (status and exception registers) -; -; For the integer registers -; value zero : r0 -; "caller save" registers: r1,r19-r26 -; "callee save" registers: r3-r18 -; return register : r2 (rp) -; return values ; r28 (ret0,ret1) -; Stack pointer ; r30 (sp) -; global data pointer ; r27 (dp) -; argument pointer ; r29 (ap) -; millicode return ptr ; r31 (also a caller save register) - - -; -; Arguments to the routines -; -r_ptr .reg %r26 -a_ptr .reg %r25 -b_ptr .reg %r24 -num .reg %r24 -w .reg %r23 -n .reg %r23 - - -; -; Globals used in some routines -; - -top_overflow .reg %r29 -high_mask .reg %r22 ; value 0xffffffff80000000L - - -;------------------------------------------------------------------------------ -; -; bn_mul_add_words -; -;BN_ULONG bn_mul_add_words(BN_ULONG *r_ptr, BN_ULONG *a_ptr, -; int num, BN_ULONG w) -; -; arg0 = r_ptr -; arg1 = a_ptr -; arg2 = num -; arg3 = w -; -; Local register definitions -; - -fm1 .reg %fr22 -fm .reg %fr23 -ht_temp .reg %fr24 -ht_temp_1 .reg %fr25 -lt_temp .reg %fr26 -lt_temp_1 .reg %fr27 -fm1_1 .reg %fr28 -fm_1 .reg %fr29 - -fw_h .reg %fr7L -fw_l .reg %fr7R -fw .reg %fr7 - -fht_0 .reg %fr8L -flt_0 .reg %fr8R -t_float_0 .reg %fr8 - -fht_1 .reg %fr9L -flt_1 .reg %fr9R -t_float_1 .reg %fr9 - -tmp_0 .reg %r31 -tmp_1 .reg %r21 -m_0 .reg %r20 -m_1 .reg %r19 -ht_0 .reg %r1 -ht_1 .reg %r3 -lt_0 .reg %r4 -lt_1 .reg %r5 -m1_0 .reg %r6 -m1_1 .reg %r7 -rp_val .reg %r8 -rp_val_1 .reg %r9 - -bn_mul_add_words - .export bn_mul_add_words,entry,NO_RELOCATION,LONG_RETURN - .proc - .callinfo frame=128 - .entry - .align 64 - - STD %r3,0(%sp) ; save r3 - STD %r4,8(%sp) ; save r4 - NOP ; Needed to make the loop 16-byte aligned - NOP ; Needed to make the loop 16-byte aligned - - STD %r5,16(%sp) ; save r5 - STD %r6,24(%sp) ; save r6 - STD %r7,32(%sp) ; save r7 - STD %r8,40(%sp) ; save r8 - - STD %r9,48(%sp) ; save r9 - COPY %r0,%ret0 ; return 0 by default - DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32 - STD w,56(%sp) ; store w on stack - - CMPIB,>= 0,num,bn_mul_add_words_exit ; if (num <= 0) then exit - LDO 128(%sp),%sp ; bump stack - - ; - ; The loop is unrolled twice, so if there is only 1 number - ; then go straight to the cleanup code. - ; - CMPIB,= 1,num,bn_mul_add_words_single_top - FLDD -72(%sp),fw ; load up w into fp register fw (fw_h/fw_l) - - ; - ; This loop is unrolled 2 times (64-byte aligned as well) - ; - ; PA-RISC 2.0 chips have two fully pipelined multipliers, thus - ; two 32-bit mutiplies can be issued per cycle. - ; -bn_mul_add_words_unroll2 - - FLDD 0(a_ptr),t_float_0 ; load up 64-bit value (fr8L) ht(L)/lt(R) - FLDD 8(a_ptr),t_float_1 ; load up 64-bit value (fr8L) ht(L)/lt(R) - LDD 0(r_ptr),rp_val ; rp[0] - LDD 8(r_ptr),rp_val_1 ; rp[1] - - XMPYU fht_0,fw_l,fm1 ; m1[0] = fht_0*fw_l - XMPYU fht_1,fw_l,fm1_1 ; m1[1] = fht_1*fw_l - FSTD fm1,-16(%sp) ; -16(sp) = m1[0] - FSTD fm1_1,-48(%sp) ; -48(sp) = m1[1] - - XMPYU flt_0,fw_h,fm ; m[0] = flt_0*fw_h - XMPYU flt_1,fw_h,fm_1 ; m[1] = flt_1*fw_h - FSTD fm,-8(%sp) ; -8(sp) = m[0] - FSTD fm_1,-40(%sp) ; -40(sp) = m[1] - - XMPYU fht_0,fw_h,ht_temp ; ht_temp = fht_0*fw_h - XMPYU fht_1,fw_h,ht_temp_1 ; ht_temp_1 = fht_1*fw_h - FSTD ht_temp,-24(%sp) ; -24(sp) = ht_temp - FSTD ht_temp_1,-56(%sp) ; -56(sp) = ht_temp_1 - - XMPYU flt_0,fw_l,lt_temp ; lt_temp = lt*fw_l - XMPYU flt_1,fw_l,lt_temp_1 ; lt_temp = lt*fw_l - FSTD lt_temp,-32(%sp) ; -32(sp) = lt_temp - FSTD lt_temp_1,-64(%sp) ; -64(sp) = lt_temp_1 - - LDD -8(%sp),m_0 ; m[0] - LDD -40(%sp),m_1 ; m[1] - LDD -16(%sp),m1_0 ; m1[0] - LDD -48(%sp),m1_1 ; m1[1] - - LDD -24(%sp),ht_0 ; ht[0] - LDD -56(%sp),ht_1 ; ht[1] - ADD,L m1_0,m_0,tmp_0 ; tmp_0 = m[0] + m1[0]; - ADD,L m1_1,m_1,tmp_1 ; tmp_1 = m[1] + m1[1]; - - LDD -32(%sp),lt_0 - LDD -64(%sp),lt_1 - CMPCLR,*>>= tmp_0,m1_0, %r0 ; if (m[0] < m1[0]) - ADD,L ht_0,top_overflow,ht_0 ; ht[0] += (1<<32) - - CMPCLR,*>>= tmp_1,m1_1,%r0 ; if (m[1] < m1[1]) - ADD,L ht_1,top_overflow,ht_1 ; ht[1] += (1<<32) - EXTRD,U tmp_0,31,32,m_0 ; m[0]>>32 - DEPD,Z tmp_0,31,32,m1_0 ; m1[0] = m[0]<<32 - - EXTRD,U tmp_1,31,32,m_1 ; m[1]>>32 - DEPD,Z tmp_1,31,32,m1_1 ; m1[1] = m[1]<<32 - ADD,L ht_0,m_0,ht_0 ; ht[0]+= (m[0]>>32) - ADD,L ht_1,m_1,ht_1 ; ht[1]+= (m[1]>>32) - - ADD lt_0,m1_0,lt_0 ; lt[0] = lt[0]+m1[0]; - ADD,DC ht_0,%r0,ht_0 ; ht[0]++ - ADD lt_1,m1_1,lt_1 ; lt[1] = lt[1]+m1[1]; - ADD,DC ht_1,%r0,ht_1 ; ht[1]++ - - ADD %ret0,lt_0,lt_0 ; lt[0] = lt[0] + c; - ADD,DC ht_0,%r0,ht_0 ; ht[0]++ - ADD lt_0,rp_val,lt_0 ; lt[0] = lt[0]+rp[0] - ADD,DC ht_0,%r0,ht_0 ; ht[0]++ - - LDO -2(num),num ; num = num - 2; - ADD ht_0,lt_1,lt_1 ; lt[1] = lt[1] + ht_0 (c); - ADD,DC ht_1,%r0,ht_1 ; ht[1]++ - STD lt_0,0(r_ptr) ; rp[0] = lt[0] - - ADD lt_1,rp_val_1,lt_1 ; lt[1] = lt[1]+rp[1] - ADD,DC ht_1,%r0,%ret0 ; ht[1]++ - LDO 16(a_ptr),a_ptr ; a_ptr += 2 - - STD lt_1,8(r_ptr) ; rp[1] = lt[1] - CMPIB,<= 2,num,bn_mul_add_words_unroll2 ; go again if more to do - LDO 16(r_ptr),r_ptr ; r_ptr += 2 - - CMPIB,=,N 0,num,bn_mul_add_words_exit ; are we done, or cleanup last one - - ; - ; Top of loop aligned on 64-byte boundary - ; -bn_mul_add_words_single_top - FLDD 0(a_ptr),t_float_0 ; load up 64-bit value (fr8L) ht(L)/lt(R) - LDD 0(r_ptr),rp_val ; rp[0] - LDO 8(a_ptr),a_ptr ; a_ptr++ - XMPYU fht_0,fw_l,fm1 ; m1 = ht*fw_l - FSTD fm1,-16(%sp) ; -16(sp) = m1 - XMPYU flt_0,fw_h,fm ; m = lt*fw_h - FSTD fm,-8(%sp) ; -8(sp) = m - XMPYU fht_0,fw_h,ht_temp ; ht_temp = ht*fw_h - FSTD ht_temp,-24(%sp) ; -24(sp) = ht - XMPYU flt_0,fw_l,lt_temp ; lt_temp = lt*fw_l - FSTD lt_temp,-32(%sp) ; -32(sp) = lt - - LDD -8(%sp),m_0 - LDD -16(%sp),m1_0 ; m1 = temp1 - ADD,L m_0,m1_0,tmp_0 ; tmp_0 = m + m1; - LDD -24(%sp),ht_0 - LDD -32(%sp),lt_0 - - CMPCLR,*>>= tmp_0,m1_0,%r0 ; if (m < m1) - ADD,L ht_0,top_overflow,ht_0 ; ht += (1<<32) - - EXTRD,U tmp_0,31,32,m_0 ; m>>32 - DEPD,Z tmp_0,31,32,m1_0 ; m1 = m<<32 - - ADD,L ht_0,m_0,ht_0 ; ht+= (m>>32) - ADD lt_0,m1_0,tmp_0 ; tmp_0 = lt+m1; - ADD,DC ht_0,%r0,ht_0 ; ht++ - ADD %ret0,tmp_0,lt_0 ; lt = lt + c; - ADD,DC ht_0,%r0,ht_0 ; ht++ - ADD lt_0,rp_val,lt_0 ; lt = lt+rp[0] - ADD,DC ht_0,%r0,%ret0 ; ht++ - STD lt_0,0(r_ptr) ; rp[0] = lt - -bn_mul_add_words_exit - .EXIT - LDD -80(%sp),%r9 ; restore r9 - LDD -88(%sp),%r8 ; restore r8 - LDD -96(%sp),%r7 ; restore r7 - LDD -104(%sp),%r6 ; restore r6 - LDD -112(%sp),%r5 ; restore r5 - LDD -120(%sp),%r4 ; restore r4 - BVE (%rp) - LDD,MB -128(%sp),%r3 ; restore r3 - .PROCEND ;in=23,24,25,26,29;out=28; - -;---------------------------------------------------------------------------- -; -;BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) -; -; arg0 = rp -; arg1 = ap -; arg2 = num -; arg3 = w - -bn_mul_words - .proc - .callinfo frame=128 - .entry - .EXPORT bn_mul_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN - .align 64 - - STD %r3,0(%sp) ; save r3 - STD %r4,8(%sp) ; save r4 - STD %r5,16(%sp) ; save r5 - STD %r6,24(%sp) ; save r6 - - STD %r7,32(%sp) ; save r7 - COPY %r0,%ret0 ; return 0 by default - DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32 - STD w,56(%sp) ; w on stack - - CMPIB,>= 0,num,bn_mul_words_exit - LDO 128(%sp),%sp ; bump stack - - ; - ; See if only 1 word to do, thus just do cleanup - ; - CMPIB,= 1,num,bn_mul_words_single_top - FLDD -72(%sp),fw ; load up w into fp register fw (fw_h/fw_l) - - ; - ; This loop is unrolled 2 times (64-byte aligned as well) - ; - ; PA-RISC 2.0 chips have two fully pipelined multipliers, thus - ; two 32-bit mutiplies can be issued per cycle. - ; -bn_mul_words_unroll2 - - FLDD 0(a_ptr),t_float_0 ; load up 64-bit value (fr8L) ht(L)/lt(R) - FLDD 8(a_ptr),t_float_1 ; load up 64-bit value (fr8L) ht(L)/lt(R) - XMPYU fht_0,fw_l,fm1 ; m1[0] = fht_0*fw_l - XMPYU fht_1,fw_l,fm1_1 ; m1[1] = ht*fw_l - - FSTD fm1,-16(%sp) ; -16(sp) = m1 - FSTD fm1_1,-48(%sp) ; -48(sp) = m1 - XMPYU flt_0,fw_h,fm ; m = lt*fw_h - XMPYU flt_1,fw_h,fm_1 ; m = lt*fw_h - - FSTD fm,-8(%sp) ; -8(sp) = m - FSTD fm_1,-40(%sp) ; -40(sp) = m - XMPYU fht_0,fw_h,ht_temp ; ht_temp = fht_0*fw_h - XMPYU fht_1,fw_h,ht_temp_1 ; ht_temp = ht*fw_h - - FSTD ht_temp,-24(%sp) ; -24(sp) = ht - FSTD ht_temp_1,-56(%sp) ; -56(sp) = ht - XMPYU flt_0,fw_l,lt_temp ; lt_temp = lt*fw_l - XMPYU flt_1,fw_l,lt_temp_1 ; lt_temp = lt*fw_l - - FSTD lt_temp,-32(%sp) ; -32(sp) = lt - FSTD lt_temp_1,-64(%sp) ; -64(sp) = lt - LDD -8(%sp),m_0 - LDD -40(%sp),m_1 - - LDD -16(%sp),m1_0 - LDD -48(%sp),m1_1 - LDD -24(%sp),ht_0 - LDD -56(%sp),ht_1 - - ADD,L m1_0,m_0,tmp_0 ; tmp_0 = m + m1; - ADD,L m1_1,m_1,tmp_1 ; tmp_1 = m + m1; - LDD -32(%sp),lt_0 - LDD -64(%sp),lt_1 - - CMPCLR,*>>= tmp_0,m1_0, %r0 ; if (m < m1) - ADD,L ht_0,top_overflow,ht_0 ; ht += (1<<32) - CMPCLR,*>>= tmp_1,m1_1,%r0 ; if (m < m1) - ADD,L ht_1,top_overflow,ht_1 ; ht += (1<<32) - - EXTRD,U tmp_0,31,32,m_0 ; m>>32 - DEPD,Z tmp_0,31,32,m1_0 ; m1 = m<<32 - EXTRD,U tmp_1,31,32,m_1 ; m>>32 - DEPD,Z tmp_1,31,32,m1_1 ; m1 = m<<32 - - ADD,L ht_0,m_0,ht_0 ; ht+= (m>>32) - ADD,L ht_1,m_1,ht_1 ; ht+= (m>>32) - ADD lt_0,m1_0,lt_0 ; lt = lt+m1; - ADD,DC ht_0,%r0,ht_0 ; ht++ - - ADD lt_1,m1_1,lt_1 ; lt = lt+m1; - ADD,DC ht_1,%r0,ht_1 ; ht++ - ADD %ret0,lt_0,lt_0 ; lt = lt + c (ret0); - ADD,DC ht_0,%r0,ht_0 ; ht++ - - ADD ht_0,lt_1,lt_1 ; lt = lt + c (ht_0) - ADD,DC ht_1,%r0,ht_1 ; ht++ - STD lt_0,0(r_ptr) ; rp[0] = lt - STD lt_1,8(r_ptr) ; rp[1] = lt - - COPY ht_1,%ret0 ; carry = ht - LDO -2(num),num ; num = num - 2; - LDO 16(a_ptr),a_ptr ; ap += 2 - CMPIB,<= 2,num,bn_mul_words_unroll2 - LDO 16(r_ptr),r_ptr ; rp++ - - CMPIB,=,N 0,num,bn_mul_words_exit ; are we done? - - ; - ; Top of loop aligned on 64-byte boundary - ; -bn_mul_words_single_top - FLDD 0(a_ptr),t_float_0 ; load up 64-bit value (fr8L) ht(L)/lt(R) - - XMPYU fht_0,fw_l,fm1 ; m1 = ht*fw_l - FSTD fm1,-16(%sp) ; -16(sp) = m1 - XMPYU flt_0,fw_h,fm ; m = lt*fw_h - FSTD fm,-8(%sp) ; -8(sp) = m - XMPYU fht_0,fw_h,ht_temp ; ht_temp = ht*fw_h - FSTD ht_temp,-24(%sp) ; -24(sp) = ht - XMPYU flt_0,fw_l,lt_temp ; lt_temp = lt*fw_l - FSTD lt_temp,-32(%sp) ; -32(sp) = lt - - LDD -8(%sp),m_0 - LDD -16(%sp),m1_0 - ADD,L m_0,m1_0,tmp_0 ; tmp_0 = m + m1; - LDD -24(%sp),ht_0 - LDD -32(%sp),lt_0 - - CMPCLR,*>>= tmp_0,m1_0,%r0 ; if (m < m1) - ADD,L ht_0,top_overflow,ht_0 ; ht += (1<<32) - - EXTRD,U tmp_0,31,32,m_0 ; m>>32 - DEPD,Z tmp_0,31,32,m1_0 ; m1 = m<<32 - - ADD,L ht_0,m_0,ht_0 ; ht+= (m>>32) - ADD lt_0,m1_0,lt_0 ; lt= lt+m1; - ADD,DC ht_0,%r0,ht_0 ; ht++ - - ADD %ret0,lt_0,lt_0 ; lt = lt + c; - ADD,DC ht_0,%r0,ht_0 ; ht++ - - COPY ht_0,%ret0 ; copy carry - STD lt_0,0(r_ptr) ; rp[0] = lt - -bn_mul_words_exit - .EXIT - LDD -96(%sp),%r7 ; restore r7 - LDD -104(%sp),%r6 ; restore r6 - LDD -112(%sp),%r5 ; restore r5 - LDD -120(%sp),%r4 ; restore r4 - BVE (%rp) - LDD,MB -128(%sp),%r3 ; restore r3 - .PROCEND ;in=23,24,25,26,29;out=28; - -;---------------------------------------------------------------------------- -; -;void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num) -; -; arg0 = rp -; arg1 = ap -; arg2 = num -; - -bn_sqr_words - .proc - .callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE - .EXPORT bn_sqr_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN - .entry - .align 64 - - STD %r3,0(%sp) ; save r3 - STD %r4,8(%sp) ; save r4 - NOP - STD %r5,16(%sp) ; save r5 - - CMPIB,>= 0,num,bn_sqr_words_exit - LDO 128(%sp),%sp ; bump stack - - ; - ; If only 1, the goto straight to cleanup - ; - CMPIB,= 1,num,bn_sqr_words_single_top - DEPDI,Z -1,32,33,high_mask ; Create Mask 0xffffffff80000000L - - ; - ; This loop is unrolled 2 times (64-byte aligned as well) - ; - -bn_sqr_words_unroll2 - FLDD 0(a_ptr),t_float_0 ; a[0] - FLDD 8(a_ptr),t_float_1 ; a[1] - XMPYU fht_0,flt_0,fm ; m[0] - XMPYU fht_1,flt_1,fm_1 ; m[1] - - FSTD fm,-24(%sp) ; store m[0] - FSTD fm_1,-56(%sp) ; store m[1] - XMPYU flt_0,flt_0,lt_temp ; lt[0] - XMPYU flt_1,flt_1,lt_temp_1 ; lt[1] - - FSTD lt_temp,-16(%sp) ; store lt[0] - FSTD lt_temp_1,-48(%sp) ; store lt[1] - XMPYU fht_0,fht_0,ht_temp ; ht[0] - XMPYU fht_1,fht_1,ht_temp_1 ; ht[1] - - FSTD ht_temp,-8(%sp) ; store ht[0] - FSTD ht_temp_1,-40(%sp) ; store ht[1] - LDD -24(%sp),m_0 - LDD -56(%sp),m_1 - - AND m_0,high_mask,tmp_0 ; m[0] & Mask - AND m_1,high_mask,tmp_1 ; m[1] & Mask - DEPD,Z m_0,30,31,m_0 ; m[0] << 32+1 - DEPD,Z m_1,30,31,m_1 ; m[1] << 32+1 - - LDD -16(%sp),lt_0 - LDD -48(%sp),lt_1 - EXTRD,U tmp_0,32,33,tmp_0 ; tmp_0 = m[0]&Mask >> 32-1 - EXTRD,U tmp_1,32,33,tmp_1 ; tmp_1 = m[1]&Mask >> 32-1 - - LDD -8(%sp),ht_0 - LDD -40(%sp),ht_1 - ADD,L ht_0,tmp_0,ht_0 ; ht[0] += tmp_0 - ADD,L ht_1,tmp_1,ht_1 ; ht[1] += tmp_1 - - ADD lt_0,m_0,lt_0 ; lt = lt+m - ADD,DC ht_0,%r0,ht_0 ; ht[0]++ - STD lt_0,0(r_ptr) ; rp[0] = lt[0] - STD ht_0,8(r_ptr) ; rp[1] = ht[1] - - ADD lt_1,m_1,lt_1 ; lt = lt+m - ADD,DC ht_1,%r0,ht_1 ; ht[1]++ - STD lt_1,16(r_ptr) ; rp[2] = lt[1] - STD ht_1,24(r_ptr) ; rp[3] = ht[1] - - LDO -2(num),num ; num = num - 2; - LDO 16(a_ptr),a_ptr ; ap += 2 - CMPIB,<= 2,num,bn_sqr_words_unroll2 - LDO 32(r_ptr),r_ptr ; rp += 4 - - CMPIB,=,N 0,num,bn_sqr_words_exit ; are we done? - - ; - ; Top of loop aligned on 64-byte boundary - ; -bn_sqr_words_single_top - FLDD 0(a_ptr),t_float_0 ; load up 64-bit value (fr8L) ht(L)/lt(R) - - XMPYU fht_0,flt_0,fm ; m - FSTD fm,-24(%sp) ; store m - - XMPYU flt_0,flt_0,lt_temp ; lt - FSTD lt_temp,-16(%sp) ; store lt - - XMPYU fht_0,fht_0,ht_temp ; ht - FSTD ht_temp,-8(%sp) ; store ht - - LDD -24(%sp),m_0 ; load m - AND m_0,high_mask,tmp_0 ; m & Mask - DEPD,Z m_0,30,31,m_0 ; m << 32+1 - LDD -16(%sp),lt_0 ; lt - - LDD -8(%sp),ht_0 ; ht - EXTRD,U tmp_0,32,33,tmp_0 ; tmp_0 = m&Mask >> 32-1 - ADD m_0,lt_0,lt_0 ; lt = lt+m - ADD,L ht_0,tmp_0,ht_0 ; ht += tmp_0 - ADD,DC ht_0,%r0,ht_0 ; ht++ - - STD lt_0,0(r_ptr) ; rp[0] = lt - STD ht_0,8(r_ptr) ; rp[1] = ht - -bn_sqr_words_exit - .EXIT - LDD -112(%sp),%r5 ; restore r5 - LDD -120(%sp),%r4 ; restore r4 - BVE (%rp) - LDD,MB -128(%sp),%r3 - .PROCEND ;in=23,24,25,26,29;out=28; - - -;---------------------------------------------------------------------------- -; -;BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) -; -; arg0 = rp -; arg1 = ap -; arg2 = bp -; arg3 = n - -t .reg %r22 -b .reg %r21 -l .reg %r20 - -bn_add_words - .proc - .entry - .callinfo - .EXPORT bn_add_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN - .align 64 - - CMPIB,>= 0,n,bn_add_words_exit - COPY %r0,%ret0 ; return 0 by default - - ; - ; If 2 or more numbers do the loop - ; - CMPIB,= 1,n,bn_add_words_single_top - NOP - - ; - ; This loop is unrolled 2 times (64-byte aligned as well) - ; -bn_add_words_unroll2 - LDD 0(a_ptr),t - LDD 0(b_ptr),b - ADD t,%ret0,t ; t = t+c; - ADD,DC %r0,%r0,%ret0 ; set c to carry - ADD t,b,l ; l = t + b[0] - ADD,DC %ret0,%r0,%ret0 ; c+= carry - STD l,0(r_ptr) - - LDD 8(a_ptr),t - LDD 8(b_ptr),b - ADD t,%ret0,t ; t = t+c; - ADD,DC %r0,%r0,%ret0 ; set c to carry - ADD t,b,l ; l = t + b[0] - ADD,DC %ret0,%r0,%ret0 ; c+= carry - STD l,8(r_ptr) - - LDO -2(n),n - LDO 16(a_ptr),a_ptr - LDO 16(b_ptr),b_ptr - - CMPIB,<= 2,n,bn_add_words_unroll2 - LDO 16(r_ptr),r_ptr - - CMPIB,=,N 0,n,bn_add_words_exit ; are we done? - -bn_add_words_single_top - LDD 0(a_ptr),t - LDD 0(b_ptr),b - - ADD t,%ret0,t ; t = t+c; - ADD,DC %r0,%r0,%ret0 ; set c to carry (could use CMPCLR??) - ADD t,b,l ; l = t + b[0] - ADD,DC %ret0,%r0,%ret0 ; c+= carry - STD l,0(r_ptr) - -bn_add_words_exit - .EXIT - BVE (%rp) - NOP - .PROCEND ;in=23,24,25,26,29;out=28; - -;---------------------------------------------------------------------------- -; -;BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) -; -; arg0 = rp -; arg1 = ap -; arg2 = bp -; arg3 = n - -t1 .reg %r22 -t2 .reg %r21 -sub_tmp1 .reg %r20 -sub_tmp2 .reg %r19 - - -bn_sub_words - .proc - .callinfo - .EXPORT bn_sub_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN - .entry - .align 64 - - CMPIB,>= 0,n,bn_sub_words_exit - COPY %r0,%ret0 ; return 0 by default - - ; - ; If 2 or more numbers do the loop - ; - CMPIB,= 1,n,bn_sub_words_single_top - NOP - - ; - ; This loop is unrolled 2 times (64-byte aligned as well) - ; -bn_sub_words_unroll2 - LDD 0(a_ptr),t1 - LDD 0(b_ptr),t2 - SUB t1,t2,sub_tmp1 ; t3 = t1-t2; - SUB sub_tmp1,%ret0,sub_tmp1 ; t3 = t3- c; - - CMPCLR,*>> t1,t2,sub_tmp2 ; clear if t1 > t2 - LDO 1(%r0),sub_tmp2 - - CMPCLR,*= t1,t2,%r0 - COPY sub_tmp2,%ret0 - STD sub_tmp1,0(r_ptr) - - LDD 8(a_ptr),t1 - LDD 8(b_ptr),t2 - SUB t1,t2,sub_tmp1 ; t3 = t1-t2; - SUB sub_tmp1,%ret0,sub_tmp1 ; t3 = t3- c; - CMPCLR,*>> t1,t2,sub_tmp2 ; clear if t1 > t2 - LDO 1(%r0),sub_tmp2 - - CMPCLR,*= t1,t2,%r0 - COPY sub_tmp2,%ret0 - STD sub_tmp1,8(r_ptr) - - LDO -2(n),n - LDO 16(a_ptr),a_ptr - LDO 16(b_ptr),b_ptr - - CMPIB,<= 2,n,bn_sub_words_unroll2 - LDO 16(r_ptr),r_ptr - - CMPIB,=,N 0,n,bn_sub_words_exit ; are we done? - -bn_sub_words_single_top - LDD 0(a_ptr),t1 - LDD 0(b_ptr),t2 - SUB t1,t2,sub_tmp1 ; t3 = t1-t2; - SUB sub_tmp1,%ret0,sub_tmp1 ; t3 = t3- c; - CMPCLR,*>> t1,t2,sub_tmp2 ; clear if t1 > t2 - LDO 1(%r0),sub_tmp2 - - CMPCLR,*= t1,t2,%r0 - COPY sub_tmp2,%ret0 - - STD sub_tmp1,0(r_ptr) - -bn_sub_words_exit - .EXIT - BVE (%rp) - NOP - .PROCEND ;in=23,24,25,26,29;out=28; - -;------------------------------------------------------------------------------ -; -; unsigned long bn_div_words(unsigned long h, unsigned long l, unsigned long d) -; -; arg0 = h -; arg1 = l -; arg2 = d -; -; This is mainly just modified assembly from the compiler, thus the -; lack of variable names. -; -;------------------------------------------------------------------------------ -bn_div_words - .proc - .callinfo CALLER,FRAME=272,ENTRY_GR=%r10,SAVE_RP,ARGS_SAVED,ORDERING_AWARE - .EXPORT bn_div_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN - .IMPORT BN_num_bits_word,CODE,NO_RELOCATION - .IMPORT __iob,DATA - .IMPORT fprintf,CODE,NO_RELOCATION - .IMPORT abort,CODE,NO_RELOCATION - .IMPORT $$div2U,MILLICODE - .entry - STD %r2,-16(%r30) - STD,MA %r3,352(%r30) - STD %r4,-344(%r30) - STD %r5,-336(%r30) - STD %r6,-328(%r30) - STD %r7,-320(%r30) - STD %r8,-312(%r30) - STD %r9,-304(%r30) - STD %r10,-296(%r30) - - STD %r27,-288(%r30) ; save gp - - COPY %r24,%r3 ; save d - COPY %r26,%r4 ; save h (high 64-bits) - LDO -1(%r0),%ret0 ; return -1 by default - - CMPB,*= %r0,%arg2,$D3 ; if (d == 0) - COPY %r25,%r5 ; save l (low 64-bits) - - LDO -48(%r30),%r29 ; create ap - .CALL ;in=26,29;out=28; - B,L BN_num_bits_word,%r2 - COPY %r3,%r26 - LDD -288(%r30),%r27 ; restore gp - LDI 64,%r21 - - CMPB,= %r21,%ret0,$00000012 ;if (i == 64) (forward) - COPY %ret0,%r24 ; i - MTSARCM %r24 - DEPDI,Z -1,%sar,1,%r29 - CMPB,*<<,N %r29,%r4,bn_div_err_case ; if (h > 1<= d) - SUB %r4,%r3,%r4 ; h -= d - CMPB,= %r31,%r0,$0000001A ; if (i) - COPY %r0,%r10 ; ret = 0 - MTSARCM %r31 ; i to shift - DEPD,Z %r3,%sar,64,%r3 ; d <<= i; - SUBI 64,%r31,%r19 ; 64 - i; redundent - MTSAR %r19 ; (64 -i) to shift - SHRPD %r4,%r5,%sar,%r4 ; l>> (64-i) - MTSARCM %r31 ; i to shift - DEPD,Z %r5,%sar,64,%r5 ; l <<= i; - -$0000001A - DEPDI,Z -1,31,32,%r19 - EXTRD,U %r3,31,32,%r6 ; dh=(d&0xfff)>>32 - EXTRD,U %r3,63,32,%r8 ; dl = d&0xffffff - LDO 2(%r0),%r9 - STD %r3,-280(%r30) ; "d" to stack - -$0000001C - DEPDI,Z -1,63,32,%r29 ; - EXTRD,U %r4,31,32,%r31 ; h >> 32 - CMPB,*=,N %r31,%r6,$D2 ; if ((h>>32) != dh)(forward) div - COPY %r4,%r26 - EXTRD,U %r4,31,32,%r25 - COPY %r6,%r24 - .CALL ;in=23,24,25,26;out=20,21,22,28,29; (MILLICALL) - B,L $$div2U,%r2 - EXTRD,U %r6,31,32,%r23 - DEPD %r28,31,32,%r29 -$D2 - STD %r29,-272(%r30) ; q - AND %r5,%r19,%r24 ; t & 0xffffffff00000000; - EXTRD,U %r24,31,32,%r24 ; ??? - FLDD -272(%r30),%fr7 ; q - FLDD -280(%r30),%fr8 ; d - XMPYU %fr8L,%fr7L,%fr10 - FSTD %fr10,-256(%r30) - XMPYU %fr8L,%fr7R,%fr22 - FSTD %fr22,-264(%r30) - XMPYU %fr8R,%fr7L,%fr11 - XMPYU %fr8R,%fr7R,%fr23 - FSTD %fr11,-232(%r30) - FSTD %fr23,-240(%r30) - LDD -256(%r30),%r28 - DEPD,Z %r28,31,32,%r2 - LDD -264(%r30),%r20 - ADD,L %r20,%r2,%r31 - LDD -232(%r30),%r22 - DEPD,Z %r22,31,32,%r22 - LDD -240(%r30),%r21 - B $00000024 ; enter loop - ADD,L %r21,%r22,%r23 - -$0000002A - LDO -1(%r29),%r29 - SUB %r23,%r8,%r23 -$00000024 - SUB %r4,%r31,%r25 - AND %r25,%r19,%r26 - CMPB,*<>,N %r0,%r26,$00000046 ; (forward) - DEPD,Z %r25,31,32,%r20 - OR %r20,%r24,%r21 - CMPB,*<<,N %r21,%r23,$0000002A ;(backward) - SUB %r31,%r6,%r31 -;-------------Break path--------------------- - -$00000046 - DEPD,Z %r23,31,32,%r25 ;tl - EXTRD,U %r23,31,32,%r26 ;t - AND %r25,%r19,%r24 ;tl = (tl<<32)&0xfffffff0000000L - ADD,L %r31,%r26,%r31 ;th += t; - CMPCLR,*>>= %r5,%r24,%r0 ;if (l>32)); - DEPD,Z %r29,31,32,%r10 ; ret = q<<32 - b $0000001C - DEPD,Z %r28,31,32,%r5 ; l = l << 32 - -$D1 - OR %r10,%r29,%r28 ; ret |= q -$D3 - LDD -368(%r30),%r2 -$D0 - LDD -296(%r30),%r10 - LDD -304(%r30),%r9 - LDD -312(%r30),%r8 - LDD -320(%r30),%r7 - LDD -328(%r30),%r6 - LDD -336(%r30),%r5 - LDD -344(%r30),%r4 - BVE (%r2) - .EXIT - LDD,MB -352(%r30),%r3 - -bn_div_err_case - MFIA %r6 - ADDIL L'bn_div_words-bn_div_err_case,%r6,%r1 - LDO R'bn_div_words-bn_div_err_case(%r1),%r6 - ADDIL LT'__iob,%r27,%r1 - LDD RT'__iob(%r1),%r26 - ADDIL L'C$4-bn_div_words,%r6,%r1 - LDO R'C$4-bn_div_words(%r1),%r25 - LDO 64(%r26),%r26 - .CALL ;in=24,25,26,29;out=28; - B,L fprintf,%r2 - LDO -48(%r30),%r29 - LDD -288(%r30),%r27 - .CALL ;in=29; - B,L abort,%r2 - LDO -48(%r30),%r29 - LDD -288(%r30),%r27 - B $D0 - LDD -368(%r30),%r2 - .PROCEND ;in=24,25,26,29;out=28; - -;---------------------------------------------------------------------------- -; -; Registers to hold 64-bit values to manipulate. The "L" part -; of the register corresponds to the upper 32-bits, while the "R" -; part corresponds to the lower 32-bits -; -; Note, that when using b6 and b7, the code must save these before -; using them because they are callee save registers -; -; -; Floating point registers to use to save values that -; are manipulated. These don't collide with ftemp1-6 and -; are all caller save registers -; -a0 .reg %fr22 -a0L .reg %fr22L -a0R .reg %fr22R - -a1 .reg %fr23 -a1L .reg %fr23L -a1R .reg %fr23R - -a2 .reg %fr24 -a2L .reg %fr24L -a2R .reg %fr24R - -a3 .reg %fr25 -a3L .reg %fr25L -a3R .reg %fr25R - -a4 .reg %fr26 -a4L .reg %fr26L -a4R .reg %fr26R - -a5 .reg %fr27 -a5L .reg %fr27L -a5R .reg %fr27R - -a6 .reg %fr28 -a6L .reg %fr28L -a6R .reg %fr28R - -a7 .reg %fr29 -a7L .reg %fr29L -a7R .reg %fr29R - -b0 .reg %fr30 -b0L .reg %fr30L -b0R .reg %fr30R - -b1 .reg %fr31 -b1L .reg %fr31L -b1R .reg %fr31R - -; -; Temporary floating point variables, these are all caller save -; registers -; -ftemp1 .reg %fr4 -ftemp2 .reg %fr5 -ftemp3 .reg %fr6 -ftemp4 .reg %fr7 - -; -; The B set of registers when used. -; - -b2 .reg %fr8 -b2L .reg %fr8L -b2R .reg %fr8R - -b3 .reg %fr9 -b3L .reg %fr9L -b3R .reg %fr9R - -b4 .reg %fr10 -b4L .reg %fr10L -b4R .reg %fr10R - -b5 .reg %fr11 -b5L .reg %fr11L -b5R .reg %fr11R - -b6 .reg %fr12 -b6L .reg %fr12L -b6R .reg %fr12R - -b7 .reg %fr13 -b7L .reg %fr13L -b7R .reg %fr13R - -c1 .reg %r21 ; only reg -temp1 .reg %r20 ; only reg -temp2 .reg %r19 ; only reg -temp3 .reg %r31 ; only reg - -m1 .reg %r28 -c2 .reg %r23 -high_one .reg %r1 -ht .reg %r6 -lt .reg %r5 -m .reg %r4 -c3 .reg %r3 - -SQR_ADD_C .macro A0L,A0R,C1,C2,C3 - XMPYU A0L,A0R,ftemp1 ; m - FSTD ftemp1,-24(%sp) ; store m - - XMPYU A0R,A0R,ftemp2 ; lt - FSTD ftemp2,-16(%sp) ; store lt - - XMPYU A0L,A0L,ftemp3 ; ht - FSTD ftemp3,-8(%sp) ; store ht - - LDD -24(%sp),m ; load m - AND m,high_mask,temp2 ; m & Mask - DEPD,Z m,30,31,temp3 ; m << 32+1 - LDD -16(%sp),lt ; lt - - LDD -8(%sp),ht ; ht - EXTRD,U temp2,32,33,temp1 ; temp1 = m&Mask >> 32-1 - ADD temp3,lt,lt ; lt = lt+m - ADD,L ht,temp1,ht ; ht += temp1 - ADD,DC ht,%r0,ht ; ht++ - - ADD C1,lt,C1 ; c1=c1+lt - ADD,DC ht,%r0,ht ; ht++ - - ADD C2,ht,C2 ; c2=c2+ht - ADD,DC C3,%r0,C3 ; c3++ -.endm - -SQR_ADD_C2 .macro A0L,A0R,A1L,A1R,C1,C2,C3 - XMPYU A0L,A1R,ftemp1 ; m1 = bl*ht - FSTD ftemp1,-16(%sp) ; - XMPYU A0R,A1L,ftemp2 ; m = bh*lt - FSTD ftemp2,-8(%sp) ; - XMPYU A0R,A1R,ftemp3 ; lt = bl*lt - FSTD ftemp3,-32(%sp) - XMPYU A0L,A1L,ftemp4 ; ht = bh*ht - FSTD ftemp4,-24(%sp) ; - - LDD -8(%sp),m ; r21 = m - LDD -16(%sp),m1 ; r19 = m1 - ADD,L m,m1,m ; m+m1 - - DEPD,Z m,31,32,temp3 ; (m+m1<<32) - LDD -24(%sp),ht ; r24 = ht - - CMPCLR,*>>= m,m1,%r0 ; if (m < m1) - ADD,L ht,high_one,ht ; ht+=high_one - - EXTRD,U m,31,32,temp1 ; m >> 32 - LDD -32(%sp),lt ; lt - ADD,L ht,temp1,ht ; ht+= m>>32 - ADD lt,temp3,lt ; lt = lt+m1 - ADD,DC ht,%r0,ht ; ht++ - - ADD ht,ht,ht ; ht=ht+ht; - ADD,DC C3,%r0,C3 ; add in carry (c3++) - - ADD lt,lt,lt ; lt=lt+lt; - ADD,DC ht,%r0,ht ; add in carry (ht++) - - ADD C1,lt,C1 ; c1=c1+lt - ADD,DC,*NUV ht,%r0,ht ; add in carry (ht++) - LDO 1(C3),C3 ; bump c3 if overflow,nullify otherwise - - ADD C2,ht,C2 ; c2 = c2 + ht - ADD,DC C3,%r0,C3 ; add in carry (c3++) -.endm - -; -;void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a) -; arg0 = r_ptr -; arg1 = a_ptr -; - -bn_sqr_comba8 - .PROC - .CALLINFO FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE - .EXPORT bn_sqr_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN - .ENTRY - .align 64 - - STD %r3,0(%sp) ; save r3 - STD %r4,8(%sp) ; save r4 - STD %r5,16(%sp) ; save r5 - STD %r6,24(%sp) ; save r6 - - ; - ; Zero out carries - ; - COPY %r0,c1 - COPY %r0,c2 - COPY %r0,c3 - - LDO 128(%sp),%sp ; bump stack - DEPDI,Z -1,32,33,high_mask ; Create Mask 0xffffffff80000000L - DEPDI,Z 1,31,1,high_one ; Create Value 1 << 32 - - ; - ; Load up all of the values we are going to use - ; - FLDD 0(a_ptr),a0 - FLDD 8(a_ptr),a1 - FLDD 16(a_ptr),a2 - FLDD 24(a_ptr),a3 - FLDD 32(a_ptr),a4 - FLDD 40(a_ptr),a5 - FLDD 48(a_ptr),a6 - FLDD 56(a_ptr),a7 - - SQR_ADD_C a0L,a0R,c1,c2,c3 - STD c1,0(r_ptr) ; r[0] = c1; - COPY %r0,c1 - - SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1 - STD c2,8(r_ptr) ; r[1] = c2; - COPY %r0,c2 - - SQR_ADD_C a1L,a1R,c3,c1,c2 - SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2 - STD c3,16(r_ptr) ; r[2] = c3; - COPY %r0,c3 - - SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3 - SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3 - STD c1,24(r_ptr) ; r[3] = c1; - COPY %r0,c1 - - SQR_ADD_C a2L,a2R,c2,c3,c1 - SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1 - SQR_ADD_C2 a4L,a4R,a0L,a0R,c2,c3,c1 - STD c2,32(r_ptr) ; r[4] = c2; - COPY %r0,c2 - - SQR_ADD_C2 a5L,a5R,a0L,a0R,c3,c1,c2 - SQR_ADD_C2 a4L,a4R,a1L,a1R,c3,c1,c2 - SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2 - STD c3,40(r_ptr) ; r[5] = c3; - COPY %r0,c3 - - SQR_ADD_C a3L,a3R,c1,c2,c3 - SQR_ADD_C2 a4L,a4R,a2L,a2R,c1,c2,c3 - SQR_ADD_C2 a5L,a5R,a1L,a1R,c1,c2,c3 - SQR_ADD_C2 a6L,a6R,a0L,a0R,c1,c2,c3 - STD c1,48(r_ptr) ; r[6] = c1; - COPY %r0,c1 - - SQR_ADD_C2 a7L,a7R,a0L,a0R,c2,c3,c1 - SQR_ADD_C2 a6L,a6R,a1L,a1R,c2,c3,c1 - SQR_ADD_C2 a5L,a5R,a2L,a2R,c2,c3,c1 - SQR_ADD_C2 a4L,a4R,a3L,a3R,c2,c3,c1 - STD c2,56(r_ptr) ; r[7] = c2; - COPY %r0,c2 - - SQR_ADD_C a4L,a4R,c3,c1,c2 - SQR_ADD_C2 a5L,a5R,a3L,a3R,c3,c1,c2 - SQR_ADD_C2 a6L,a6R,a2L,a2R,c3,c1,c2 - SQR_ADD_C2 a7L,a7R,a1L,a1R,c3,c1,c2 - STD c3,64(r_ptr) ; r[8] = c3; - COPY %r0,c3 - - SQR_ADD_C2 a7L,a7R,a2L,a2R,c1,c2,c3 - SQR_ADD_C2 a6L,a6R,a3L,a3R,c1,c2,c3 - SQR_ADD_C2 a5L,a5R,a4L,a4R,c1,c2,c3 - STD c1,72(r_ptr) ; r[9] = c1; - COPY %r0,c1 - - SQR_ADD_C a5L,a5R,c2,c3,c1 - SQR_ADD_C2 a6L,a6R,a4L,a4R,c2,c3,c1 - SQR_ADD_C2 a7L,a7R,a3L,a3R,c2,c3,c1 - STD c2,80(r_ptr) ; r[10] = c2; - COPY %r0,c2 - - SQR_ADD_C2 a7L,a7R,a4L,a4R,c3,c1,c2 - SQR_ADD_C2 a6L,a6R,a5L,a5R,c3,c1,c2 - STD c3,88(r_ptr) ; r[11] = c3; - COPY %r0,c3 - - SQR_ADD_C a6L,a6R,c1,c2,c3 - SQR_ADD_C2 a7L,a7R,a5L,a5R,c1,c2,c3 - STD c1,96(r_ptr) ; r[12] = c1; - COPY %r0,c1 - - SQR_ADD_C2 a7L,a7R,a6L,a6R,c2,c3,c1 - STD c2,104(r_ptr) ; r[13] = c2; - COPY %r0,c2 - - SQR_ADD_C a7L,a7R,c3,c1,c2 - STD c3, 112(r_ptr) ; r[14] = c3 - STD c1, 120(r_ptr) ; r[15] = c1 - - .EXIT - LDD -104(%sp),%r6 ; restore r6 - LDD -112(%sp),%r5 ; restore r5 - LDD -120(%sp),%r4 ; restore r4 - BVE (%rp) - LDD,MB -128(%sp),%r3 - - .PROCEND - -;----------------------------------------------------------------------------- -; -;void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a) -; arg0 = r_ptr -; arg1 = a_ptr -; - -bn_sqr_comba4 - .proc - .callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE - .EXPORT bn_sqr_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN - .entry - .align 64 - STD %r3,0(%sp) ; save r3 - STD %r4,8(%sp) ; save r4 - STD %r5,16(%sp) ; save r5 - STD %r6,24(%sp) ; save r6 - - ; - ; Zero out carries - ; - COPY %r0,c1 - COPY %r0,c2 - COPY %r0,c3 - - LDO 128(%sp),%sp ; bump stack - DEPDI,Z -1,32,33,high_mask ; Create Mask 0xffffffff80000000L - DEPDI,Z 1,31,1,high_one ; Create Value 1 << 32 - - ; - ; Load up all of the values we are going to use - ; - FLDD 0(a_ptr),a0 - FLDD 8(a_ptr),a1 - FLDD 16(a_ptr),a2 - FLDD 24(a_ptr),a3 - FLDD 32(a_ptr),a4 - FLDD 40(a_ptr),a5 - FLDD 48(a_ptr),a6 - FLDD 56(a_ptr),a7 - - SQR_ADD_C a0L,a0R,c1,c2,c3 - - STD c1,0(r_ptr) ; r[0] = c1; - COPY %r0,c1 - - SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1 - - STD c2,8(r_ptr) ; r[1] = c2; - COPY %r0,c2 - - SQR_ADD_C a1L,a1R,c3,c1,c2 - SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2 - - STD c3,16(r_ptr) ; r[2] = c3; - COPY %r0,c3 - - SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3 - SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3 - - STD c1,24(r_ptr) ; r[3] = c1; - COPY %r0,c1 - - SQR_ADD_C a2L,a2R,c2,c3,c1 - SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1 - - STD c2,32(r_ptr) ; r[4] = c2; - COPY %r0,c2 - - SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2 - STD c3,40(r_ptr) ; r[5] = c3; - COPY %r0,c3 - - SQR_ADD_C a3L,a3R,c1,c2,c3 - STD c1,48(r_ptr) ; r[6] = c1; - STD c2,56(r_ptr) ; r[7] = c2; - - .EXIT - LDD -104(%sp),%r6 ; restore r6 - LDD -112(%sp),%r5 ; restore r5 - LDD -120(%sp),%r4 ; restore r4 - BVE (%rp) - LDD,MB -128(%sp),%r3 - - .PROCEND - - -;--------------------------------------------------------------------------- - -MUL_ADD_C .macro A0L,A0R,B0L,B0R,C1,C2,C3 - XMPYU A0L,B0R,ftemp1 ; m1 = bl*ht - FSTD ftemp1,-16(%sp) ; - XMPYU A0R,B0L,ftemp2 ; m = bh*lt - FSTD ftemp2,-8(%sp) ; - XMPYU A0R,B0R,ftemp3 ; lt = bl*lt - FSTD ftemp3,-32(%sp) - XMPYU A0L,B0L,ftemp4 ; ht = bh*ht - FSTD ftemp4,-24(%sp) ; - - LDD -8(%sp),m ; r21 = m - LDD -16(%sp),m1 ; r19 = m1 - ADD,L m,m1,m ; m+m1 - - DEPD,Z m,31,32,temp3 ; (m+m1<<32) - LDD -24(%sp),ht ; r24 = ht - - CMPCLR,*>>= m,m1,%r0 ; if (m < m1) - ADD,L ht,high_one,ht ; ht+=high_one - - EXTRD,U m,31,32,temp1 ; m >> 32 - LDD -32(%sp),lt ; lt - ADD,L ht,temp1,ht ; ht+= m>>32 - ADD lt,temp3,lt ; lt = lt+m1 - ADD,DC ht,%r0,ht ; ht++ - - ADD C1,lt,C1 ; c1=c1+lt - ADD,DC ht,%r0,ht ; bump c3 if overflow,nullify otherwise - - ADD C2,ht,C2 ; c2 = c2 + ht - ADD,DC C3,%r0,C3 ; add in carry (c3++) -.endm - - -; -;void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) -; arg0 = r_ptr -; arg1 = a_ptr -; arg2 = b_ptr -; - -bn_mul_comba8 - .proc - .callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE - .EXPORT bn_mul_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN - .entry - .align 64 - - STD %r3,0(%sp) ; save r3 - STD %r4,8(%sp) ; save r4 - STD %r5,16(%sp) ; save r5 - STD %r6,24(%sp) ; save r6 - FSTD %fr12,32(%sp) ; save r6 - FSTD %fr13,40(%sp) ; save r7 - - ; - ; Zero out carries - ; - COPY %r0,c1 - COPY %r0,c2 - COPY %r0,c3 - - LDO 128(%sp),%sp ; bump stack - DEPDI,Z 1,31,1,high_one ; Create Value 1 << 32 - - ; - ; Load up all of the values we are going to use - ; - FLDD 0(a_ptr),a0 - FLDD 8(a_ptr),a1 - FLDD 16(a_ptr),a2 - FLDD 24(a_ptr),a3 - FLDD 32(a_ptr),a4 - FLDD 40(a_ptr),a5 - FLDD 48(a_ptr),a6 - FLDD 56(a_ptr),a7 - - FLDD 0(b_ptr),b0 - FLDD 8(b_ptr),b1 - FLDD 16(b_ptr),b2 - FLDD 24(b_ptr),b3 - FLDD 32(b_ptr),b4 - FLDD 40(b_ptr),b5 - FLDD 48(b_ptr),b6 - FLDD 56(b_ptr),b7 - - MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3 - STD c1,0(r_ptr) - COPY %r0,c1 - - MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1 - MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1 - STD c2,8(r_ptr) - COPY %r0,c2 - - MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2 - MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2 - MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2 - STD c3,16(r_ptr) - COPY %r0,c3 - - MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3 - MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3 - MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3 - MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3 - STD c1,24(r_ptr) - COPY %r0,c1 - - MUL_ADD_C a4L,a4R,b0L,b0R,c2,c3,c1 - MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1 - MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1 - MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1 - MUL_ADD_C a0L,a0R,b4L,b4R,c2,c3,c1 - STD c2,32(r_ptr) - COPY %r0,c2 - - MUL_ADD_C a0L,a0R,b5L,b5R,c3,c1,c2 - MUL_ADD_C a1L,a1R,b4L,b4R,c3,c1,c2 - MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2 - MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2 - MUL_ADD_C a4L,a4R,b1L,b1R,c3,c1,c2 - MUL_ADD_C a5L,a5R,b0L,b0R,c3,c1,c2 - STD c3,40(r_ptr) - COPY %r0,c3 - - MUL_ADD_C a6L,a6R,b0L,b0R,c1,c2,c3 - MUL_ADD_C a5L,a5R,b1L,b1R,c1,c2,c3 - MUL_ADD_C a4L,a4R,b2L,b2R,c1,c2,c3 - MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3 - MUL_ADD_C a2L,a2R,b4L,b4R,c1,c2,c3 - MUL_ADD_C a1L,a1R,b5L,b5R,c1,c2,c3 - MUL_ADD_C a0L,a0R,b6L,b6R,c1,c2,c3 - STD c1,48(r_ptr) - COPY %r0,c1 - - MUL_ADD_C a0L,a0R,b7L,b7R,c2,c3,c1 - MUL_ADD_C a1L,a1R,b6L,b6R,c2,c3,c1 - MUL_ADD_C a2L,a2R,b5L,b5R,c2,c3,c1 - MUL_ADD_C a3L,a3R,b4L,b4R,c2,c3,c1 - MUL_ADD_C a4L,a4R,b3L,b3R,c2,c3,c1 - MUL_ADD_C a5L,a5R,b2L,b2R,c2,c3,c1 - MUL_ADD_C a6L,a6R,b1L,b1R,c2,c3,c1 - MUL_ADD_C a7L,a7R,b0L,b0R,c2,c3,c1 - STD c2,56(r_ptr) - COPY %r0,c2 - - MUL_ADD_C a7L,a7R,b1L,b1R,c3,c1,c2 - MUL_ADD_C a6L,a6R,b2L,b2R,c3,c1,c2 - MUL_ADD_C a5L,a5R,b3L,b3R,c3,c1,c2 - MUL_ADD_C a4L,a4R,b4L,b4R,c3,c1,c2 - MUL_ADD_C a3L,a3R,b5L,b5R,c3,c1,c2 - MUL_ADD_C a2L,a2R,b6L,b6R,c3,c1,c2 - MUL_ADD_C a1L,a1R,b7L,b7R,c3,c1,c2 - STD c3,64(r_ptr) - COPY %r0,c3 - - MUL_ADD_C a2L,a2R,b7L,b7R,c1,c2,c3 - MUL_ADD_C a3L,a3R,b6L,b6R,c1,c2,c3 - MUL_ADD_C a4L,a4R,b5L,b5R,c1,c2,c3 - MUL_ADD_C a5L,a5R,b4L,b4R,c1,c2,c3 - MUL_ADD_C a6L,a6R,b3L,b3R,c1,c2,c3 - MUL_ADD_C a7L,a7R,b2L,b2R,c1,c2,c3 - STD c1,72(r_ptr) - COPY %r0,c1 - - MUL_ADD_C a7L,a7R,b3L,b3R,c2,c3,c1 - MUL_ADD_C a6L,a6R,b4L,b4R,c2,c3,c1 - MUL_ADD_C a5L,a5R,b5L,b5R,c2,c3,c1 - MUL_ADD_C a4L,a4R,b6L,b6R,c2,c3,c1 - MUL_ADD_C a3L,a3R,b7L,b7R,c2,c3,c1 - STD c2,80(r_ptr) - COPY %r0,c2 - - MUL_ADD_C a4L,a4R,b7L,b7R,c3,c1,c2 - MUL_ADD_C a5L,a5R,b6L,b6R,c3,c1,c2 - MUL_ADD_C a6L,a6R,b5L,b5R,c3,c1,c2 - MUL_ADD_C a7L,a7R,b4L,b4R,c3,c1,c2 - STD c3,88(r_ptr) - COPY %r0,c3 - - MUL_ADD_C a7L,a7R,b5L,b5R,c1,c2,c3 - MUL_ADD_C a6L,a6R,b6L,b6R,c1,c2,c3 - MUL_ADD_C a5L,a5R,b7L,b7R,c1,c2,c3 - STD c1,96(r_ptr) - COPY %r0,c1 - - MUL_ADD_C a6L,a6R,b7L,b7R,c2,c3,c1 - MUL_ADD_C a7L,a7R,b6L,b6R,c2,c3,c1 - STD c2,104(r_ptr) - COPY %r0,c2 - - MUL_ADD_C a7L,a7R,b7L,b7R,c3,c1,c2 - STD c3,112(r_ptr) - STD c1,120(r_ptr) - - .EXIT - FLDD -88(%sp),%fr13 - FLDD -96(%sp),%fr12 - LDD -104(%sp),%r6 ; restore r6 - LDD -112(%sp),%r5 ; restore r5 - LDD -120(%sp),%r4 ; restore r4 - BVE (%rp) - LDD,MB -128(%sp),%r3 - - .PROCEND - -;----------------------------------------------------------------------------- -; -;void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) -; arg0 = r_ptr -; arg1 = a_ptr -; arg2 = b_ptr -; - -bn_mul_comba4 - .proc - .callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE - .EXPORT bn_mul_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN - .entry - .align 64 - - STD %r3,0(%sp) ; save r3 - STD %r4,8(%sp) ; save r4 - STD %r5,16(%sp) ; save r5 - STD %r6,24(%sp) ; save r6 - FSTD %fr12,32(%sp) ; save r6 - FSTD %fr13,40(%sp) ; save r7 - - ; - ; Zero out carries - ; - COPY %r0,c1 - COPY %r0,c2 - COPY %r0,c3 - - LDO 128(%sp),%sp ; bump stack - DEPDI,Z 1,31,1,high_one ; Create Value 1 << 32 - - ; - ; Load up all of the values we are going to use - ; - FLDD 0(a_ptr),a0 - FLDD 8(a_ptr),a1 - FLDD 16(a_ptr),a2 - FLDD 24(a_ptr),a3 - - FLDD 0(b_ptr),b0 - FLDD 8(b_ptr),b1 - FLDD 16(b_ptr),b2 - FLDD 24(b_ptr),b3 - - MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3 - STD c1,0(r_ptr) - COPY %r0,c1 - - MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1 - MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1 - STD c2,8(r_ptr) - COPY %r0,c2 - - MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2 - MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2 - MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2 - STD c3,16(r_ptr) - COPY %r0,c3 - - MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3 - MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3 - MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3 - MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3 - STD c1,24(r_ptr) - COPY %r0,c1 - - MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1 - MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1 - MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1 - STD c2,32(r_ptr) - COPY %r0,c2 - - MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2 - MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2 - STD c3,40(r_ptr) - COPY %r0,c3 - - MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3 - STD c1,48(r_ptr) - STD c2,56(r_ptr) - - .EXIT - FLDD -88(%sp),%fr13 - FLDD -96(%sp),%fr12 - LDD -104(%sp),%r6 ; restore r6 - LDD -112(%sp),%r5 ; restore r5 - LDD -120(%sp),%r4 ; restore r4 - BVE (%rp) - LDD,MB -128(%sp),%r3 - - .PROCEND - - - .SPACE $TEXT$ - .SUBSPA $CODE$ - .SPACE $PRIVATE$,SORT=16 - .IMPORT $global$,DATA - .SPACE $TEXT$ - .SUBSPA $CODE$ - .SUBSPA $LIT$,ACCESS=0x2c -C$4 - .ALIGN 8 - .STRINGZ "Division would overflow (%d)\n" - .END diff --git a/deps/openssl/openssl/crypto/bn/asm/parisc-mont.pl b/deps/openssl/openssl/crypto/bn/asm/parisc-mont.pl index cd9926a25f8aa0..aa9f626ed26768 100644 --- a/deps/openssl/openssl/crypto/bn/asm/parisc-mont.pl +++ b/deps/openssl/openssl/crypto/bn/asm/parisc-mont.pl @@ -8,7 +8,7 @@ # ==================================================================== -# Written by Andy Polyakov for the OpenSSL +# Written by Andy Polyakov for the OpenSSL # project. The module is, however, dual licensed under OpenSSL and # CRYPTOGAMS licenses depending on where you obtain it. For further # details see http://www.openssl.org/~appro/cryptogams/. @@ -21,7 +21,7 @@ # optimal in respect to instruction set capabilities. Fair comparison # with vendor compiler is problematic, because OpenSSL doesn't define # BN_LLONG [presumably] for historical reasons, which drives compiler -# toward 4 times 16x16=32-bit multiplicatons [plus complementary +# toward 4 times 16x16=32-bit multiplications [plus complementary # shifts and additions] instead. This means that you should observe # several times improvement over code generated by vendor compiler # for PA-RISC 1.1, but the "baseline" is far from optimal. The actual @@ -864,7 +864,7 @@ comiclr,= 0,$hi1,%r0 copy $ti0,$hi0 addib,<> 4,$idx,L\$copy_pa11 - stws,ma $hi0,4($rp) + stws,ma $hi0,4($rp) nop ; alignment L\$done @@ -984,6 +984,11 @@ sub assemble { ref($opcode) eq 'CODE' ? &$opcode($mod,$args) : "\t$mnemonic$mod\t$args"; } +if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` + =~ /GNU assembler/) { + $gnuas = 1; +} + foreach (split("\n",$code)) { s/\`([^\`]*)\`/eval $1/ge; # flip word order in 64-bit mode... @@ -991,7 +996,10 @@ sub assemble { # assemble 2.0 instructions in 32-bit mode... s/^\s+([a-z]+)([\S]*)\s+([\S]*)/&assemble($1,$2,$3)/e if ($BN_SZ==4); - s/\bbv\b/bve/gm if ($SIZE_T==8); + s/(\.LEVEL\s+2\.0)W/$1w/ if ($gnuas && $SIZE_T==8); + s/\.SPACE\s+\$TEXT\$/.text/ if ($gnuas && $SIZE_T==8); + s/\.SUBSPA.*// if ($gnuas && $SIZE_T==8); + s/\bbv\b/bve/ if ($SIZE_T==8); print $_,"\n"; } diff --git a/deps/openssl/openssl/crypto/bn/asm/ppc-mont.pl b/deps/openssl/openssl/crypto/bn/asm/ppc-mont.pl index 9d14a121565a98..ec7e019a4380fb 100644 --- a/deps/openssl/openssl/crypto/bn/asm/ppc-mont.pl +++ b/deps/openssl/openssl/crypto/bn/asm/ppc-mont.pl @@ -8,7 +8,7 @@ # ==================================================================== -# Written by Andy Polyakov for the OpenSSL +# Written by Andy Polyakov for the OpenSSL # project. The module is, however, dual licensed under OpenSSL and # CRYPTOGAMS licenses depending on where you obtain it. For further # details see http://www.openssl.org/~appro/cryptogams/. @@ -26,11 +26,21 @@ # So far RSA *sign* performance improvement over pre-bn_mul_mont asm # for 64-bit application running on PPC970/G5 is: # -# 512-bit +65% +# 512-bit +65% # 1024-bit +35% # 2048-bit +18% # 4096-bit +4% +# September 2016 +# +# Add multiplication procedure operating on lengths divisible by 4 +# and squaring procedure operating on lengths divisible by 8. Length +# is expressed in number of limbs. RSA private key operations are +# ~35-50% faster (more for longer keys) on contemporary high-end POWER +# processors in 64-bit builds, [mysteriously enough] more in 32-bit +# builds. On low-end 32-bit processors performance improvement turned +# to be marginal... + $flavour = shift; if ($flavour =~ /32/) { @@ -49,7 +59,8 @@ $UMULL= "mullw"; # unsigned multiply low $UMULH= "mulhwu"; # unsigned multiply high $UCMP= "cmplw"; # unsigned compare - $SHRI= "srwi"; # unsigned shift right by immediate + $SHRI= "srwi"; # unsigned shift right by immediate + $SHLI= "slwi"; # unsigned shift left by immediate $PUSH= $ST; $POP= $LD; } elsif ($flavour =~ /64/) { @@ -69,7 +80,8 @@ $UMULL= "mulld"; # unsigned multiply low $UMULH= "mulhdu"; # unsigned multiply high $UCMP= "cmpld"; # unsigned compare - $SHRI= "srdi"; # unsigned shift right by immediate + $SHRI= "srdi"; # unsigned shift right by immediate + $SHLI= "sldi"; # unsigned shift left by immediate $PUSH= $ST; $POP= $LD; } else { die "nonsense $flavour"; } @@ -86,43 +98,44 @@ $sp="r1"; $toc="r2"; -$rp="r3"; $ovf="r3"; +$rp="r3"; $ap="r4"; $bp="r5"; $np="r6"; $n0="r7"; $num="r8"; -$rp="r9"; # $rp is reassigned -$aj="r10"; -$nj="r11"; -$tj="r12"; + +{ +my $ovf=$rp; +my $rp="r9"; # $rp is reassigned +my $aj="r10"; +my $nj="r11"; +my $tj="r12"; # non-volatile registers -$i="r20"; -$j="r21"; -$tp="r22"; -$m0="r23"; -$m1="r24"; -$lo0="r25"; -$hi0="r26"; -$lo1="r27"; -$hi1="r28"; -$alo="r29"; -$ahi="r30"; -$nlo="r31"; +my $i="r20"; +my $j="r21"; +my $tp="r22"; +my $m0="r23"; +my $m1="r24"; +my $lo0="r25"; +my $hi0="r26"; +my $lo1="r27"; +my $hi1="r28"; +my $alo="r29"; +my $ahi="r30"; +my $nlo="r31"; # -$nhi="r0"; +my $nhi="r0"; $code=<<___; .machine "any" .text .globl .bn_mul_mont_int -.align 4 +.align 5 .bn_mul_mont_int: - cmpwi $num,4 mr $rp,r3 ; $rp is reassigned li r3,0 - bltlr ___ $code.=<<___ if ($BNSZ==4); cmpwi $num,32 ; longer key performance is not better @@ -334,7 +347,1641 @@ .byte 0,12,4,0,0x80,12,6,0 .long 0 .size .bn_mul_mont_int,.-.bn_mul_mont_int +___ +} +if (1) { +my ($a0,$a1,$a2,$a3, + $t0,$t1,$t2,$t3, + $m0,$m1,$m2,$m3, + $acc0,$acc1,$acc2,$acc3,$acc4, + $bi,$mi,$tp,$ap_end,$cnt) = map("r$_",(9..12,14..31)); +my ($carry,$zero) = ($rp,"r0"); + +# sp----------->+-------------------------------+ +# | saved sp | +# +-------------------------------+ +# . . +# +8*size_t +-------------------------------+ +# | 4 "n0*t0" | +# . . +# . . +# +12*size_t +-------------------------------+ +# | size_t tmp[num] | +# . . +# . . +# . . +# +-------------------------------+ +# | topmost carry | +# . . +# -18*size_t +-------------------------------+ +# | 18 saved gpr, r14-r31 | +# . . +# . . +# +-------------------------------+ +$code.=<<___; +.globl .bn_mul4x_mont_int +.align 5 +.bn_mul4x_mont_int: + andi. r0,$num,7 + bne .Lmul4x_do + $UCMP $ap,$bp + bne .Lmul4x_do + b .Lsqr8x_do +.Lmul4x_do: + slwi $num,$num,`log($SIZE_T)/log(2)` + mr $a0,$sp + li $a1,-32*$SIZE_T + sub $a1,$a1,$num + $STUX $sp,$sp,$a1 # alloca + + $PUSH r14,-$SIZE_T*18($a0) + $PUSH r15,-$SIZE_T*17($a0) + $PUSH r16,-$SIZE_T*16($a0) + $PUSH r17,-$SIZE_T*15($a0) + $PUSH r18,-$SIZE_T*14($a0) + $PUSH r19,-$SIZE_T*13($a0) + $PUSH r20,-$SIZE_T*12($a0) + $PUSH r21,-$SIZE_T*11($a0) + $PUSH r22,-$SIZE_T*10($a0) + $PUSH r23,-$SIZE_T*9($a0) + $PUSH r24,-$SIZE_T*8($a0) + $PUSH r25,-$SIZE_T*7($a0) + $PUSH r26,-$SIZE_T*6($a0) + $PUSH r27,-$SIZE_T*5($a0) + $PUSH r28,-$SIZE_T*4($a0) + $PUSH r29,-$SIZE_T*3($a0) + $PUSH r30,-$SIZE_T*2($a0) + $PUSH r31,-$SIZE_T*1($a0) + + subi $ap,$ap,$SIZE_T # bias by -1 + subi $np,$np,$SIZE_T # bias by -1 + subi $rp,$rp,$SIZE_T # bias by -1 + $LD $n0,0($n0) # *n0 + + add $t0,$bp,$num + add $ap_end,$ap,$num + subi $t0,$t0,$SIZE_T*4 # &b[num-4] + + $LD $bi,$SIZE_T*0($bp) # b[0] + li $acc0,0 + $LD $a0,$SIZE_T*1($ap) # a[0..3] + li $acc1,0 + $LD $a1,$SIZE_T*2($ap) + li $acc2,0 + $LD $a2,$SIZE_T*3($ap) + li $acc3,0 + $LDU $a3,$SIZE_T*4($ap) + $LD $m0,$SIZE_T*1($np) # n[0..3] + $LD $m1,$SIZE_T*2($np) + $LD $m2,$SIZE_T*3($np) + $LDU $m3,$SIZE_T*4($np) + + $PUSH $rp,$SIZE_T*6($sp) # offload rp and &b[num-4] + $PUSH $t0,$SIZE_T*7($sp) + li $carry,0 + addic $tp,$sp,$SIZE_T*7 # &t[-1], clear carry bit + li $cnt,0 + li $zero,0 + b .Loop_mul4x_1st_reduction + +.align 5 +.Loop_mul4x_1st_reduction: + $UMULL $t0,$a0,$bi # lo(a[0..3]*b[0]) + addze $carry,$carry # modulo-scheduled + $UMULL $t1,$a1,$bi + addi $cnt,$cnt,$SIZE_T + $UMULL $t2,$a2,$bi + andi. $cnt,$cnt,$SIZE_T*4-1 + $UMULL $t3,$a3,$bi + addc $acc0,$acc0,$t0 + $UMULH $t0,$a0,$bi # hi(a[0..3]*b[0]) + adde $acc1,$acc1,$t1 + $UMULH $t1,$a1,$bi + adde $acc2,$acc2,$t2 + $UMULL $mi,$acc0,$n0 # t[0]*n0 + adde $acc3,$acc3,$t3 + $UMULH $t2,$a2,$bi + addze $acc4,$zero + $UMULH $t3,$a3,$bi + $LDX $bi,$bp,$cnt # next b[i] (or b[0]) + addc $acc1,$acc1,$t0 + # (*) mul $t0,$m0,$mi # lo(n[0..3]*t[0]*n0) + $STU $mi,$SIZE_T($tp) # put aside t[0]*n0 for tail processing + adde $acc2,$acc2,$t1 + $UMULL $t1,$m1,$mi + adde $acc3,$acc3,$t2 + $UMULL $t2,$m2,$mi + adde $acc4,$acc4,$t3 # can't overflow + $UMULL $t3,$m3,$mi + # (*) addc $acc0,$acc0,$t0 + # (*) As for removal of first multiplication and addition + # instructions. The outcome of first addition is + # guaranteed to be zero, which leaves two computationally + # significant outcomes: it either carries or not. Then + # question is when does it carry? Is there alternative + # way to deduce it? If you follow operations, you can + # observe that condition for carry is quite simple: + # $acc0 being non-zero. So that carry can be calculated + # by adding -1 to $acc0. That's what next instruction does. + addic $acc0,$acc0,-1 # (*), discarded + $UMULH $t0,$m0,$mi # hi(n[0..3]*t[0]*n0) + adde $acc0,$acc1,$t1 + $UMULH $t1,$m1,$mi + adde $acc1,$acc2,$t2 + $UMULH $t2,$m2,$mi + adde $acc2,$acc3,$t3 + $UMULH $t3,$m3,$mi + adde $acc3,$acc4,$carry + addze $carry,$zero + addc $acc0,$acc0,$t0 + adde $acc1,$acc1,$t1 + adde $acc2,$acc2,$t2 + adde $acc3,$acc3,$t3 + #addze $carry,$carry + bne .Loop_mul4x_1st_reduction + + $UCMP $ap_end,$ap + beq .Lmul4x4_post_condition + + $LD $a0,$SIZE_T*1($ap) # a[4..7] + $LD $a1,$SIZE_T*2($ap) + $LD $a2,$SIZE_T*3($ap) + $LDU $a3,$SIZE_T*4($ap) + $LD $mi,$SIZE_T*8($sp) # a[0]*n0 + $LD $m0,$SIZE_T*1($np) # n[4..7] + $LD $m1,$SIZE_T*2($np) + $LD $m2,$SIZE_T*3($np) + $LDU $m3,$SIZE_T*4($np) + b .Loop_mul4x_1st_tail + +.align 5 +.Loop_mul4x_1st_tail: + $UMULL $t0,$a0,$bi # lo(a[4..7]*b[i]) + addze $carry,$carry # modulo-scheduled + $UMULL $t1,$a1,$bi + addi $cnt,$cnt,$SIZE_T + $UMULL $t2,$a2,$bi + andi. $cnt,$cnt,$SIZE_T*4-1 + $UMULL $t3,$a3,$bi + addc $acc0,$acc0,$t0 + $UMULH $t0,$a0,$bi # hi(a[4..7]*b[i]) + adde $acc1,$acc1,$t1 + $UMULH $t1,$a1,$bi + adde $acc2,$acc2,$t2 + $UMULH $t2,$a2,$bi + adde $acc3,$acc3,$t3 + $UMULH $t3,$a3,$bi + addze $acc4,$zero + $LDX $bi,$bp,$cnt # next b[i] (or b[0]) + addc $acc1,$acc1,$t0 + $UMULL $t0,$m0,$mi # lo(n[4..7]*a[0]*n0) + adde $acc2,$acc2,$t1 + $UMULL $t1,$m1,$mi + adde $acc3,$acc3,$t2 + $UMULL $t2,$m2,$mi + adde $acc4,$acc4,$t3 # can't overflow + $UMULL $t3,$m3,$mi + addc $acc0,$acc0,$t0 + $UMULH $t0,$m0,$mi # hi(n[4..7]*a[0]*n0) + adde $acc1,$acc1,$t1 + $UMULH $t1,$m1,$mi + adde $acc2,$acc2,$t2 + $UMULH $t2,$m2,$mi + adde $acc3,$acc3,$t3 + adde $acc4,$acc4,$carry + $UMULH $t3,$m3,$mi + addze $carry,$zero + addi $mi,$sp,$SIZE_T*8 + $LDX $mi,$mi,$cnt # next t[0]*n0 + $STU $acc0,$SIZE_T($tp) # word of result + addc $acc0,$acc1,$t0 + adde $acc1,$acc2,$t1 + adde $acc2,$acc3,$t2 + adde $acc3,$acc4,$t3 + #addze $carry,$carry + bne .Loop_mul4x_1st_tail + + sub $t1,$ap_end,$num # rewinded $ap + $UCMP $ap_end,$ap # done yet? + beq .Lmul4x_proceed + + $LD $a0,$SIZE_T*1($ap) + $LD $a1,$SIZE_T*2($ap) + $LD $a2,$SIZE_T*3($ap) + $LDU $a3,$SIZE_T*4($ap) + $LD $m0,$SIZE_T*1($np) + $LD $m1,$SIZE_T*2($np) + $LD $m2,$SIZE_T*3($np) + $LDU $m3,$SIZE_T*4($np) + b .Loop_mul4x_1st_tail + +.align 5 +.Lmul4x_proceed: + $LDU $bi,$SIZE_T*4($bp) # *++b + addze $carry,$carry # topmost carry + $LD $a0,$SIZE_T*1($t1) + $LD $a1,$SIZE_T*2($t1) + $LD $a2,$SIZE_T*3($t1) + $LD $a3,$SIZE_T*4($t1) + addi $ap,$t1,$SIZE_T*4 + sub $np,$np,$num # rewind np + + $ST $acc0,$SIZE_T*1($tp) # result + $ST $acc1,$SIZE_T*2($tp) + $ST $acc2,$SIZE_T*3($tp) + $ST $acc3,$SIZE_T*4($tp) + $ST $carry,$SIZE_T*5($tp) # save topmost carry + $LD $acc0,$SIZE_T*12($sp) # t[0..3] + $LD $acc1,$SIZE_T*13($sp) + $LD $acc2,$SIZE_T*14($sp) + $LD $acc3,$SIZE_T*15($sp) + + $LD $m0,$SIZE_T*1($np) # n[0..3] + $LD $m1,$SIZE_T*2($np) + $LD $m2,$SIZE_T*3($np) + $LDU $m3,$SIZE_T*4($np) + addic $tp,$sp,$SIZE_T*7 # &t[-1], clear carry bit + li $carry,0 + b .Loop_mul4x_reduction + +.align 5 +.Loop_mul4x_reduction: + $UMULL $t0,$a0,$bi # lo(a[0..3]*b[4]) + addze $carry,$carry # modulo-scheduled + $UMULL $t1,$a1,$bi + addi $cnt,$cnt,$SIZE_T + $UMULL $t2,$a2,$bi + andi. $cnt,$cnt,$SIZE_T*4-1 + $UMULL $t3,$a3,$bi + addc $acc0,$acc0,$t0 + $UMULH $t0,$a0,$bi # hi(a[0..3]*b[4]) + adde $acc1,$acc1,$t1 + $UMULH $t1,$a1,$bi + adde $acc2,$acc2,$t2 + $UMULL $mi,$acc0,$n0 # t[0]*n0 + adde $acc3,$acc3,$t3 + $UMULH $t2,$a2,$bi + addze $acc4,$zero + $UMULH $t3,$a3,$bi + $LDX $bi,$bp,$cnt # next b[i] + addc $acc1,$acc1,$t0 + # (*) mul $t0,$m0,$mi + $STU $mi,$SIZE_T($tp) # put aside t[0]*n0 for tail processing + adde $acc2,$acc2,$t1 + $UMULL $t1,$m1,$mi # lo(n[0..3]*t[0]*n0 + adde $acc3,$acc3,$t2 + $UMULL $t2,$m2,$mi + adde $acc4,$acc4,$t3 # can't overflow + $UMULL $t3,$m3,$mi + # (*) addc $acc0,$acc0,$t0 + addic $acc0,$acc0,-1 # (*), discarded + $UMULH $t0,$m0,$mi # hi(n[0..3]*t[0]*n0 + adde $acc0,$acc1,$t1 + $UMULH $t1,$m1,$mi + adde $acc1,$acc2,$t2 + $UMULH $t2,$m2,$mi + adde $acc2,$acc3,$t3 + $UMULH $t3,$m3,$mi + adde $acc3,$acc4,$carry + addze $carry,$zero + addc $acc0,$acc0,$t0 + adde $acc1,$acc1,$t1 + adde $acc2,$acc2,$t2 + adde $acc3,$acc3,$t3 + #addze $carry,$carry + bne .Loop_mul4x_reduction + + $LD $t0,$SIZE_T*5($tp) # t[4..7] + addze $carry,$carry + $LD $t1,$SIZE_T*6($tp) + $LD $t2,$SIZE_T*7($tp) + $LD $t3,$SIZE_T*8($tp) + $LD $a0,$SIZE_T*1($ap) # a[4..7] + $LD $a1,$SIZE_T*2($ap) + $LD $a2,$SIZE_T*3($ap) + $LDU $a3,$SIZE_T*4($ap) + addc $acc0,$acc0,$t0 + adde $acc1,$acc1,$t1 + adde $acc2,$acc2,$t2 + adde $acc3,$acc3,$t3 + #addze $carry,$carry + + $LD $mi,$SIZE_T*8($sp) # t[0]*n0 + $LD $m0,$SIZE_T*1($np) # n[4..7] + $LD $m1,$SIZE_T*2($np) + $LD $m2,$SIZE_T*3($np) + $LDU $m3,$SIZE_T*4($np) + b .Loop_mul4x_tail + +.align 5 +.Loop_mul4x_tail: + $UMULL $t0,$a0,$bi # lo(a[4..7]*b[4]) + addze $carry,$carry # modulo-scheduled + $UMULL $t1,$a1,$bi + addi $cnt,$cnt,$SIZE_T + $UMULL $t2,$a2,$bi + andi. $cnt,$cnt,$SIZE_T*4-1 + $UMULL $t3,$a3,$bi + addc $acc0,$acc0,$t0 + $UMULH $t0,$a0,$bi # hi(a[4..7]*b[4]) + adde $acc1,$acc1,$t1 + $UMULH $t1,$a1,$bi + adde $acc2,$acc2,$t2 + $UMULH $t2,$a2,$bi + adde $acc3,$acc3,$t3 + $UMULH $t3,$a3,$bi + addze $acc4,$zero + $LDX $bi,$bp,$cnt # next b[i] + addc $acc1,$acc1,$t0 + $UMULL $t0,$m0,$mi # lo(n[4..7]*t[0]*n0) + adde $acc2,$acc2,$t1 + $UMULL $t1,$m1,$mi + adde $acc3,$acc3,$t2 + $UMULL $t2,$m2,$mi + adde $acc4,$acc4,$t3 # can't overflow + $UMULL $t3,$m3,$mi + addc $acc0,$acc0,$t0 + $UMULH $t0,$m0,$mi # hi(n[4..7]*t[0]*n0) + adde $acc1,$acc1,$t1 + $UMULH $t1,$m1,$mi + adde $acc2,$acc2,$t2 + $UMULH $t2,$m2,$mi + adde $acc3,$acc3,$t3 + $UMULH $t3,$m3,$mi + adde $acc4,$acc4,$carry + addi $mi,$sp,$SIZE_T*8 + $LDX $mi,$mi,$cnt # next a[0]*n0 + addze $carry,$zero + $STU $acc0,$SIZE_T($tp) # word of result + addc $acc0,$acc1,$t0 + adde $acc1,$acc2,$t1 + adde $acc2,$acc3,$t2 + adde $acc3,$acc4,$t3 + #addze $carry,$carry + bne .Loop_mul4x_tail + + $LD $t0,$SIZE_T*5($tp) # next t[i] or topmost carry + sub $t1,$np,$num # rewinded np? + addze $carry,$carry + $UCMP $ap_end,$ap # done yet? + beq .Loop_mul4x_break + + $LD $t1,$SIZE_T*6($tp) + $LD $t2,$SIZE_T*7($tp) + $LD $t3,$SIZE_T*8($tp) + $LD $a0,$SIZE_T*1($ap) + $LD $a1,$SIZE_T*2($ap) + $LD $a2,$SIZE_T*3($ap) + $LDU $a3,$SIZE_T*4($ap) + addc $acc0,$acc0,$t0 + adde $acc1,$acc1,$t1 + adde $acc2,$acc2,$t2 + adde $acc3,$acc3,$t3 + #addze $carry,$carry + + $LD $m0,$SIZE_T*1($np) # n[4..7] + $LD $m1,$SIZE_T*2($np) + $LD $m2,$SIZE_T*3($np) + $LDU $m3,$SIZE_T*4($np) + b .Loop_mul4x_tail + +.align 5 +.Loop_mul4x_break: + $POP $t2,$SIZE_T*6($sp) # pull rp and &b[num-4] + $POP $t3,$SIZE_T*7($sp) + addc $a0,$acc0,$t0 # accumulate topmost carry + $LD $acc0,$SIZE_T*12($sp) # t[0..3] + addze $a1,$acc1 + $LD $acc1,$SIZE_T*13($sp) + addze $a2,$acc2 + $LD $acc2,$SIZE_T*14($sp) + addze $a3,$acc3 + $LD $acc3,$SIZE_T*15($sp) + addze $carry,$carry # topmost carry + $ST $a0,$SIZE_T*1($tp) # result + sub $ap,$ap_end,$num # rewind ap + $ST $a1,$SIZE_T*2($tp) + $ST $a2,$SIZE_T*3($tp) + $ST $a3,$SIZE_T*4($tp) + $ST $carry,$SIZE_T*5($tp) # store topmost carry + + $LD $m0,$SIZE_T*1($t1) # n[0..3] + $LD $m1,$SIZE_T*2($t1) + $LD $m2,$SIZE_T*3($t1) + $LD $m3,$SIZE_T*4($t1) + addi $np,$t1,$SIZE_T*4 + $UCMP $bp,$t3 # done yet? + beq .Lmul4x_post + + $LDU $bi,$SIZE_T*4($bp) + $LD $a0,$SIZE_T*1($ap) # a[0..3] + $LD $a1,$SIZE_T*2($ap) + $LD $a2,$SIZE_T*3($ap) + $LDU $a3,$SIZE_T*4($ap) + li $carry,0 + addic $tp,$sp,$SIZE_T*7 # &t[-1], clear carry bit + b .Loop_mul4x_reduction + +.align 5 +.Lmul4x_post: + # Final step. We see if result is larger than modulus, and + # if it is, subtract the modulus. But comparison implies + # subtraction. So we subtract modulus, see if it borrowed, + # and conditionally copy original value. + srwi $cnt,$num,`log($SIZE_T)/log(2)+2` + mr $bp,$t2 # &rp[-1] + subi $cnt,$cnt,1 + mr $ap_end,$t2 # &rp[-1] copy + subfc $t0,$m0,$acc0 + addi $tp,$sp,$SIZE_T*15 + subfe $t1,$m1,$acc1 + + mtctr $cnt +.Lmul4x_sub: + $LD $m0,$SIZE_T*1($np) + $LD $acc0,$SIZE_T*1($tp) + subfe $t2,$m2,$acc2 + $LD $m1,$SIZE_T*2($np) + $LD $acc1,$SIZE_T*2($tp) + subfe $t3,$m3,$acc3 + $LD $m2,$SIZE_T*3($np) + $LD $acc2,$SIZE_T*3($tp) + $LDU $m3,$SIZE_T*4($np) + $LDU $acc3,$SIZE_T*4($tp) + $ST $t0,$SIZE_T*1($bp) + $ST $t1,$SIZE_T*2($bp) + subfe $t0,$m0,$acc0 + $ST $t2,$SIZE_T*3($bp) + $STU $t3,$SIZE_T*4($bp) + subfe $t1,$m1,$acc1 + bdnz .Lmul4x_sub + + $LD $a0,$SIZE_T*1($ap_end) + $ST $t0,$SIZE_T*1($bp) + $LD $t0,$SIZE_T*12($sp) + subfe $t2,$m2,$acc2 + $LD $a1,$SIZE_T*2($ap_end) + $ST $t1,$SIZE_T*2($bp) + $LD $t1,$SIZE_T*13($sp) + subfe $t3,$m3,$acc3 + subfe $carry,$zero,$carry # did it borrow? + addi $tp,$sp,$SIZE_T*12 + $LD $a2,$SIZE_T*3($ap_end) + $ST $t2,$SIZE_T*3($bp) + $LD $t2,$SIZE_T*14($sp) + $LD $a3,$SIZE_T*4($ap_end) + $ST $t3,$SIZE_T*4($bp) + $LD $t3,$SIZE_T*15($sp) + + mtctr $cnt +.Lmul4x_cond_copy: + and $t0,$t0,$carry + andc $a0,$a0,$carry + $ST $zero,$SIZE_T*0($tp) # wipe stack clean + and $t1,$t1,$carry + andc $a1,$a1,$carry + $ST $zero,$SIZE_T*1($tp) + and $t2,$t2,$carry + andc $a2,$a2,$carry + $ST $zero,$SIZE_T*2($tp) + and $t3,$t3,$carry + andc $a3,$a3,$carry + $ST $zero,$SIZE_T*3($tp) + or $acc0,$t0,$a0 + $LD $a0,$SIZE_T*5($ap_end) + $LD $t0,$SIZE_T*4($tp) + or $acc1,$t1,$a1 + $LD $a1,$SIZE_T*6($ap_end) + $LD $t1,$SIZE_T*5($tp) + or $acc2,$t2,$a2 + $LD $a2,$SIZE_T*7($ap_end) + $LD $t2,$SIZE_T*6($tp) + or $acc3,$t3,$a3 + $LD $a3,$SIZE_T*8($ap_end) + $LD $t3,$SIZE_T*7($tp) + addi $tp,$tp,$SIZE_T*4 + $ST $acc0,$SIZE_T*1($ap_end) + $ST $acc1,$SIZE_T*2($ap_end) + $ST $acc2,$SIZE_T*3($ap_end) + $STU $acc3,$SIZE_T*4($ap_end) + bdnz .Lmul4x_cond_copy + + $POP $bp,0($sp) # pull saved sp + and $t0,$t0,$carry + andc $a0,$a0,$carry + $ST $zero,$SIZE_T*0($tp) + and $t1,$t1,$carry + andc $a1,$a1,$carry + $ST $zero,$SIZE_T*1($tp) + and $t2,$t2,$carry + andc $a2,$a2,$carry + $ST $zero,$SIZE_T*2($tp) + and $t3,$t3,$carry + andc $a3,$a3,$carry + $ST $zero,$SIZE_T*3($tp) + or $acc0,$t0,$a0 + or $acc1,$t1,$a1 + $ST $zero,$SIZE_T*4($tp) + or $acc2,$t2,$a2 + or $acc3,$t3,$a3 + $ST $acc0,$SIZE_T*1($ap_end) + $ST $acc1,$SIZE_T*2($ap_end) + $ST $acc2,$SIZE_T*3($ap_end) + $ST $acc3,$SIZE_T*4($ap_end) + + b .Lmul4x_done + +.align 4 +.Lmul4x4_post_condition: + $POP $ap,$SIZE_T*6($sp) # pull &rp[-1] + $POP $bp,0($sp) # pull saved sp + addze $carry,$carry # modulo-scheduled + # $acc0-3,$carry hold result, $m0-3 hold modulus + subfc $a0,$m0,$acc0 + subfe $a1,$m1,$acc1 + subfe $a2,$m2,$acc2 + subfe $a3,$m3,$acc3 + subfe $carry,$zero,$carry # did it borrow? + + and $m0,$m0,$carry + and $m1,$m1,$carry + addc $a0,$a0,$m0 + and $m2,$m2,$carry + adde $a1,$a1,$m1 + and $m3,$m3,$carry + adde $a2,$a2,$m2 + adde $a3,$a3,$m3 + + $ST $a0,$SIZE_T*1($ap) # write result + $ST $a1,$SIZE_T*2($ap) + $ST $a2,$SIZE_T*3($ap) + $ST $a3,$SIZE_T*4($ap) + +.Lmul4x_done: + $ST $zero,$SIZE_T*8($sp) # wipe stack clean + $ST $zero,$SIZE_T*9($sp) + $ST $zero,$SIZE_T*10($sp) + $ST $zero,$SIZE_T*11($sp) + li r3,1 # signal "done" + $POP r14,-$SIZE_T*18($bp) + $POP r15,-$SIZE_T*17($bp) + $POP r16,-$SIZE_T*16($bp) + $POP r17,-$SIZE_T*15($bp) + $POP r18,-$SIZE_T*14($bp) + $POP r19,-$SIZE_T*13($bp) + $POP r20,-$SIZE_T*12($bp) + $POP r21,-$SIZE_T*11($bp) + $POP r22,-$SIZE_T*10($bp) + $POP r23,-$SIZE_T*9($bp) + $POP r24,-$SIZE_T*8($bp) + $POP r25,-$SIZE_T*7($bp) + $POP r26,-$SIZE_T*6($bp) + $POP r27,-$SIZE_T*5($bp) + $POP r28,-$SIZE_T*4($bp) + $POP r29,-$SIZE_T*3($bp) + $POP r30,-$SIZE_T*2($bp) + $POP r31,-$SIZE_T*1($bp) + mr $sp,$bp + blr + .long 0 + .byte 0,12,4,0x20,0x80,18,6,0 + .long 0 +.size .bn_mul4x_mont_int,.-.bn_mul4x_mont_int +___ +} + +if (1) { +######################################################################## +# Following is PPC adaptation of sqrx8x_mont from x86_64-mont5 module. + +my ($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("r$_",(9..12,14..17)); +my ($t0,$t1,$t2,$t3)=map("r$_",(18..21)); +my ($acc0,$acc1,$acc2,$acc3,$acc4,$acc5,$acc6,$acc7)=map("r$_",(22..29)); +my ($cnt,$carry,$zero)=("r30","r31","r0"); +my ($tp,$ap_end,$na0)=($bp,$np,$carry); + +# sp----------->+-------------------------------+ +# | saved sp | +# +-------------------------------+ +# . . +# +12*size_t +-------------------------------+ +# | size_t tmp[2*num] | +# . . +# . . +# . . +# +-------------------------------+ +# . . +# -18*size_t +-------------------------------+ +# | 18 saved gpr, r14-r31 | +# . . +# . . +# +-------------------------------+ +$code.=<<___; +.align 5 +__bn_sqr8x_mont: +.Lsqr8x_do: + mr $a0,$sp + slwi $a1,$num,`log($SIZE_T)/log(2)+1` + li $a2,-32*$SIZE_T + sub $a1,$a2,$a1 + slwi $num,$num,`log($SIZE_T)/log(2)` + $STUX $sp,$sp,$a1 # alloca + + $PUSH r14,-$SIZE_T*18($a0) + $PUSH r15,-$SIZE_T*17($a0) + $PUSH r16,-$SIZE_T*16($a0) + $PUSH r17,-$SIZE_T*15($a0) + $PUSH r18,-$SIZE_T*14($a0) + $PUSH r19,-$SIZE_T*13($a0) + $PUSH r20,-$SIZE_T*12($a0) + $PUSH r21,-$SIZE_T*11($a0) + $PUSH r22,-$SIZE_T*10($a0) + $PUSH r23,-$SIZE_T*9($a0) + $PUSH r24,-$SIZE_T*8($a0) + $PUSH r25,-$SIZE_T*7($a0) + $PUSH r26,-$SIZE_T*6($a0) + $PUSH r27,-$SIZE_T*5($a0) + $PUSH r28,-$SIZE_T*4($a0) + $PUSH r29,-$SIZE_T*3($a0) + $PUSH r30,-$SIZE_T*2($a0) + $PUSH r31,-$SIZE_T*1($a0) + subi $ap,$ap,$SIZE_T # bias by -1 + subi $t0,$np,$SIZE_T # bias by -1 + subi $rp,$rp,$SIZE_T # bias by -1 + $LD $n0,0($n0) # *n0 + li $zero,0 + + add $ap_end,$ap,$num + $LD $a0,$SIZE_T*1($ap) + #li $acc0,0 + $LD $a1,$SIZE_T*2($ap) + li $acc1,0 + $LD $a2,$SIZE_T*3($ap) + li $acc2,0 + $LD $a3,$SIZE_T*4($ap) + li $acc3,0 + $LD $a4,$SIZE_T*5($ap) + li $acc4,0 + $LD $a5,$SIZE_T*6($ap) + li $acc5,0 + $LD $a6,$SIZE_T*7($ap) + li $acc6,0 + $LDU $a7,$SIZE_T*8($ap) + li $acc7,0 + + addi $tp,$sp,$SIZE_T*11 # &tp[-1] + subic. $cnt,$num,$SIZE_T*8 + b .Lsqr8x_zero_start + +.align 5 +.Lsqr8x_zero: + subic. $cnt,$cnt,$SIZE_T*8 + $ST $zero,$SIZE_T*1($tp) + $ST $zero,$SIZE_T*2($tp) + $ST $zero,$SIZE_T*3($tp) + $ST $zero,$SIZE_T*4($tp) + $ST $zero,$SIZE_T*5($tp) + $ST $zero,$SIZE_T*6($tp) + $ST $zero,$SIZE_T*7($tp) + $ST $zero,$SIZE_T*8($tp) +.Lsqr8x_zero_start: + $ST $zero,$SIZE_T*9($tp) + $ST $zero,$SIZE_T*10($tp) + $ST $zero,$SIZE_T*11($tp) + $ST $zero,$SIZE_T*12($tp) + $ST $zero,$SIZE_T*13($tp) + $ST $zero,$SIZE_T*14($tp) + $ST $zero,$SIZE_T*15($tp) + $STU $zero,$SIZE_T*16($tp) + bne .Lsqr8x_zero + + $PUSH $rp,$SIZE_T*6($sp) # offload &rp[-1] + $PUSH $t0,$SIZE_T*7($sp) # offload &np[-1] + $PUSH $n0,$SIZE_T*8($sp) # offload n0 + $PUSH $tp,$SIZE_T*9($sp) # &tp[2*num-1] + $PUSH $zero,$SIZE_T*10($sp) # initial top-most carry + addi $tp,$sp,$SIZE_T*11 # &tp[-1] + + # Multiply everything but a[i]*a[i] +.align 5 +.Lsqr8x_outer_loop: + # a[1]a[0] (i) + # a[2]a[0] + # a[3]a[0] + # a[4]a[0] + # a[5]a[0] + # a[6]a[0] + # a[7]a[0] + # a[2]a[1] (ii) + # a[3]a[1] + # a[4]a[1] + # a[5]a[1] + # a[6]a[1] + # a[7]a[1] + # a[3]a[2] (iii) + # a[4]a[2] + # a[5]a[2] + # a[6]a[2] + # a[7]a[2] + # a[4]a[3] (iv) + # a[5]a[3] + # a[6]a[3] + # a[7]a[3] + # a[5]a[4] (v) + # a[6]a[4] + # a[7]a[4] + # a[6]a[5] (vi) + # a[7]a[5] + # a[7]a[6] (vii) + + $UMULL $t0,$a1,$a0 # lo(a[1..7]*a[0]) (i) + $UMULL $t1,$a2,$a0 + $UMULL $t2,$a3,$a0 + $UMULL $t3,$a4,$a0 + addc $acc1,$acc1,$t0 # t[1]+lo(a[1]*a[0]) + $UMULL $t0,$a5,$a0 + adde $acc2,$acc2,$t1 + $UMULL $t1,$a6,$a0 + adde $acc3,$acc3,$t2 + $UMULL $t2,$a7,$a0 + adde $acc4,$acc4,$t3 + $UMULH $t3,$a1,$a0 # hi(a[1..7]*a[0]) + adde $acc5,$acc5,$t0 + $UMULH $t0,$a2,$a0 + adde $acc6,$acc6,$t1 + $UMULH $t1,$a3,$a0 + adde $acc7,$acc7,$t2 + $UMULH $t2,$a4,$a0 + $ST $acc0,$SIZE_T*1($tp) # t[0] + addze $acc0,$zero # t[8] + $ST $acc1,$SIZE_T*2($tp) # t[1] + addc $acc2,$acc2,$t3 # t[2]+lo(a[1]*a[0]) + $UMULH $t3,$a5,$a0 + adde $acc3,$acc3,$t0 + $UMULH $t0,$a6,$a0 + adde $acc4,$acc4,$t1 + $UMULH $t1,$a7,$a0 + adde $acc5,$acc5,$t2 + $UMULL $t2,$a2,$a1 # lo(a[2..7]*a[1]) (ii) + adde $acc6,$acc6,$t3 + $UMULL $t3,$a3,$a1 + adde $acc7,$acc7,$t0 + $UMULL $t0,$a4,$a1 + adde $acc0,$acc0,$t1 + + $UMULL $t1,$a5,$a1 + addc $acc3,$acc3,$t2 + $UMULL $t2,$a6,$a1 + adde $acc4,$acc4,$t3 + $UMULL $t3,$a7,$a1 + adde $acc5,$acc5,$t0 + $UMULH $t0,$a2,$a1 # hi(a[2..7]*a[1]) + adde $acc6,$acc6,$t1 + $UMULH $t1,$a3,$a1 + adde $acc7,$acc7,$t2 + $UMULH $t2,$a4,$a1 + adde $acc0,$acc0,$t3 + $UMULH $t3,$a5,$a1 + $ST $acc2,$SIZE_T*3($tp) # t[2] + addze $acc1,$zero # t[9] + $ST $acc3,$SIZE_T*4($tp) # t[3] + addc $acc4,$acc4,$t0 + $UMULH $t0,$a6,$a1 + adde $acc5,$acc5,$t1 + $UMULH $t1,$a7,$a1 + adde $acc6,$acc6,$t2 + $UMULL $t2,$a3,$a2 # lo(a[3..7]*a[2]) (iii) + adde $acc7,$acc7,$t3 + $UMULL $t3,$a4,$a2 + adde $acc0,$acc0,$t0 + $UMULL $t0,$a5,$a2 + adde $acc1,$acc1,$t1 + + $UMULL $t1,$a6,$a2 + addc $acc5,$acc5,$t2 + $UMULL $t2,$a7,$a2 + adde $acc6,$acc6,$t3 + $UMULH $t3,$a3,$a2 # hi(a[3..7]*a[2]) + adde $acc7,$acc7,$t0 + $UMULH $t0,$a4,$a2 + adde $acc0,$acc0,$t1 + $UMULH $t1,$a5,$a2 + adde $acc1,$acc1,$t2 + $UMULH $t2,$a6,$a2 + $ST $acc4,$SIZE_T*5($tp) # t[4] + addze $acc2,$zero # t[10] + $ST $acc5,$SIZE_T*6($tp) # t[5] + addc $acc6,$acc6,$t3 + $UMULH $t3,$a7,$a2 + adde $acc7,$acc7,$t0 + $UMULL $t0,$a4,$a3 # lo(a[4..7]*a[3]) (iv) + adde $acc0,$acc0,$t1 + $UMULL $t1,$a5,$a3 + adde $acc1,$acc1,$t2 + $UMULL $t2,$a6,$a3 + adde $acc2,$acc2,$t3 + + $UMULL $t3,$a7,$a3 + addc $acc7,$acc7,$t0 + $UMULH $t0,$a4,$a3 # hi(a[4..7]*a[3]) + adde $acc0,$acc0,$t1 + $UMULH $t1,$a5,$a3 + adde $acc1,$acc1,$t2 + $UMULH $t2,$a6,$a3 + adde $acc2,$acc2,$t3 + $UMULH $t3,$a7,$a3 + $ST $acc6,$SIZE_T*7($tp) # t[6] + addze $acc3,$zero # t[11] + $STU $acc7,$SIZE_T*8($tp) # t[7] + addc $acc0,$acc0,$t0 + $UMULL $t0,$a5,$a4 # lo(a[5..7]*a[4]) (v) + adde $acc1,$acc1,$t1 + $UMULL $t1,$a6,$a4 + adde $acc2,$acc2,$t2 + $UMULL $t2,$a7,$a4 + adde $acc3,$acc3,$t3 + + $UMULH $t3,$a5,$a4 # hi(a[5..7]*a[4]) + addc $acc1,$acc1,$t0 + $UMULH $t0,$a6,$a4 + adde $acc2,$acc2,$t1 + $UMULH $t1,$a7,$a4 + adde $acc3,$acc3,$t2 + $UMULL $t2,$a6,$a5 # lo(a[6..7]*a[5]) (vi) + addze $acc4,$zero # t[12] + addc $acc2,$acc2,$t3 + $UMULL $t3,$a7,$a5 + adde $acc3,$acc3,$t0 + $UMULH $t0,$a6,$a5 # hi(a[6..7]*a[5]) + adde $acc4,$acc4,$t1 + + $UMULH $t1,$a7,$a5 + addc $acc3,$acc3,$t2 + $UMULL $t2,$a7,$a6 # lo(a[7]*a[6]) (vii) + adde $acc4,$acc4,$t3 + $UMULH $t3,$a7,$a6 # hi(a[7]*a[6]) + addze $acc5,$zero # t[13] + addc $acc4,$acc4,$t0 + $UCMP $ap_end,$ap # done yet? + adde $acc5,$acc5,$t1 + + addc $acc5,$acc5,$t2 + sub $t0,$ap_end,$num # rewinded ap + addze $acc6,$zero # t[14] + add $acc6,$acc6,$t3 + + beq .Lsqr8x_outer_break + + mr $n0,$a0 + $LD $a0,$SIZE_T*1($tp) + $LD $a1,$SIZE_T*2($tp) + $LD $a2,$SIZE_T*3($tp) + $LD $a3,$SIZE_T*4($tp) + $LD $a4,$SIZE_T*5($tp) + $LD $a5,$SIZE_T*6($tp) + $LD $a6,$SIZE_T*7($tp) + $LD $a7,$SIZE_T*8($tp) + addc $acc0,$acc0,$a0 + $LD $a0,$SIZE_T*1($ap) + adde $acc1,$acc1,$a1 + $LD $a1,$SIZE_T*2($ap) + adde $acc2,$acc2,$a2 + $LD $a2,$SIZE_T*3($ap) + adde $acc3,$acc3,$a3 + $LD $a3,$SIZE_T*4($ap) + adde $acc4,$acc4,$a4 + $LD $a4,$SIZE_T*5($ap) + adde $acc5,$acc5,$a5 + $LD $a5,$SIZE_T*6($ap) + adde $acc6,$acc6,$a6 + $LD $a6,$SIZE_T*7($ap) + subi $rp,$ap,$SIZE_T*7 + addze $acc7,$a7 + $LDU $a7,$SIZE_T*8($ap) + #addze $carry,$zero # moved below + li $cnt,0 + b .Lsqr8x_mul + + # a[8]a[0] + # a[9]a[0] + # a[a]a[0] + # a[b]a[0] + # a[c]a[0] + # a[d]a[0] + # a[e]a[0] + # a[f]a[0] + # a[8]a[1] + # a[f]a[1]........................ + # a[8]a[2] + # a[f]a[2]........................ + # a[8]a[3] + # a[f]a[3]........................ + # a[8]a[4] + # a[f]a[4]........................ + # a[8]a[5] + # a[f]a[5]........................ + # a[8]a[6] + # a[f]a[6]........................ + # a[8]a[7] + # a[f]a[7]........................ +.align 5 +.Lsqr8x_mul: + $UMULL $t0,$a0,$n0 + addze $carry,$zero # carry bit, modulo-scheduled + $UMULL $t1,$a1,$n0 + addi $cnt,$cnt,$SIZE_T + $UMULL $t2,$a2,$n0 + andi. $cnt,$cnt,$SIZE_T*8-1 + $UMULL $t3,$a3,$n0 + addc $acc0,$acc0,$t0 + $UMULL $t0,$a4,$n0 + adde $acc1,$acc1,$t1 + $UMULL $t1,$a5,$n0 + adde $acc2,$acc2,$t2 + $UMULL $t2,$a6,$n0 + adde $acc3,$acc3,$t3 + $UMULL $t3,$a7,$n0 + adde $acc4,$acc4,$t0 + $UMULH $t0,$a0,$n0 + adde $acc5,$acc5,$t1 + $UMULH $t1,$a1,$n0 + adde $acc6,$acc6,$t2 + $UMULH $t2,$a2,$n0 + adde $acc7,$acc7,$t3 + $UMULH $t3,$a3,$n0 + addze $carry,$carry + $STU $acc0,$SIZE_T($tp) + addc $acc0,$acc1,$t0 + $UMULH $t0,$a4,$n0 + adde $acc1,$acc2,$t1 + $UMULH $t1,$a5,$n0 + adde $acc2,$acc3,$t2 + $UMULH $t2,$a6,$n0 + adde $acc3,$acc4,$t3 + $UMULH $t3,$a7,$n0 + $LDX $n0,$rp,$cnt + adde $acc4,$acc5,$t0 + adde $acc5,$acc6,$t1 + adde $acc6,$acc7,$t2 + adde $acc7,$carry,$t3 + #addze $carry,$zero # moved above + bne .Lsqr8x_mul + # note that carry flag is guaranteed + # to be zero at this point + $UCMP $ap,$ap_end # done yet? + beq .Lsqr8x_break + + $LD $a0,$SIZE_T*1($tp) + $LD $a1,$SIZE_T*2($tp) + $LD $a2,$SIZE_T*3($tp) + $LD $a3,$SIZE_T*4($tp) + $LD $a4,$SIZE_T*5($tp) + $LD $a5,$SIZE_T*6($tp) + $LD $a6,$SIZE_T*7($tp) + $LD $a7,$SIZE_T*8($tp) + addc $acc0,$acc0,$a0 + $LD $a0,$SIZE_T*1($ap) + adde $acc1,$acc1,$a1 + $LD $a1,$SIZE_T*2($ap) + adde $acc2,$acc2,$a2 + $LD $a2,$SIZE_T*3($ap) + adde $acc3,$acc3,$a3 + $LD $a3,$SIZE_T*4($ap) + adde $acc4,$acc4,$a4 + $LD $a4,$SIZE_T*5($ap) + adde $acc5,$acc5,$a5 + $LD $a5,$SIZE_T*6($ap) + adde $acc6,$acc6,$a6 + $LD $a6,$SIZE_T*7($ap) + adde $acc7,$acc7,$a7 + $LDU $a7,$SIZE_T*8($ap) + #addze $carry,$zero # moved above + b .Lsqr8x_mul + +.align 5 +.Lsqr8x_break: + $LD $a0,$SIZE_T*8($rp) + addi $ap,$rp,$SIZE_T*15 + $LD $a1,$SIZE_T*9($rp) + sub. $t0,$ap_end,$ap # is it last iteration? + $LD $a2,$SIZE_T*10($rp) + sub $t1,$tp,$t0 + $LD $a3,$SIZE_T*11($rp) + $LD $a4,$SIZE_T*12($rp) + $LD $a5,$SIZE_T*13($rp) + $LD $a6,$SIZE_T*14($rp) + $LD $a7,$SIZE_T*15($rp) + beq .Lsqr8x_outer_loop + + $ST $acc0,$SIZE_T*1($tp) + $LD $acc0,$SIZE_T*1($t1) + $ST $acc1,$SIZE_T*2($tp) + $LD $acc1,$SIZE_T*2($t1) + $ST $acc2,$SIZE_T*3($tp) + $LD $acc2,$SIZE_T*3($t1) + $ST $acc3,$SIZE_T*4($tp) + $LD $acc3,$SIZE_T*4($t1) + $ST $acc4,$SIZE_T*5($tp) + $LD $acc4,$SIZE_T*5($t1) + $ST $acc5,$SIZE_T*6($tp) + $LD $acc5,$SIZE_T*6($t1) + $ST $acc6,$SIZE_T*7($tp) + $LD $acc6,$SIZE_T*7($t1) + $ST $acc7,$SIZE_T*8($tp) + $LD $acc7,$SIZE_T*8($t1) + mr $tp,$t1 + b .Lsqr8x_outer_loop + +.align 5 +.Lsqr8x_outer_break: + #################################################################### + # Now multiply above result by 2 and add a[n-1]*a[n-1]|...|a[0]*a[0] + $LD $a1,$SIZE_T*1($t0) # recall that $t0 is &a[-1] + $LD $a3,$SIZE_T*2($t0) + $LD $a5,$SIZE_T*3($t0) + $LD $a7,$SIZE_T*4($t0) + addi $ap,$t0,$SIZE_T*4 + # "tp[x]" comments are for num==8 case + $LD $t1,$SIZE_T*13($sp) # =tp[1], t[0] is not interesting + $LD $t2,$SIZE_T*14($sp) + $LD $t3,$SIZE_T*15($sp) + $LD $t0,$SIZE_T*16($sp) + + $ST $acc0,$SIZE_T*1($tp) # tp[8]= + srwi $cnt,$num,`log($SIZE_T)/log(2)+2` + $ST $acc1,$SIZE_T*2($tp) + subi $cnt,$cnt,1 + $ST $acc2,$SIZE_T*3($tp) + $ST $acc3,$SIZE_T*4($tp) + $ST $acc4,$SIZE_T*5($tp) + $ST $acc5,$SIZE_T*6($tp) + $ST $acc6,$SIZE_T*7($tp) + #$ST $acc7,$SIZE_T*8($tp) # tp[15] is not interesting + addi $tp,$sp,$SIZE_T*11 # &tp[-1] + $UMULL $acc0,$a1,$a1 + $UMULH $a1,$a1,$a1 + add $acc1,$t1,$t1 # <<1 + $SHRI $t1,$t1,$BITS-1 + $UMULL $a2,$a3,$a3 + $UMULH $a3,$a3,$a3 + addc $acc1,$acc1,$a1 + add $acc2,$t2,$t2 + $SHRI $t2,$t2,$BITS-1 + add $acc3,$t3,$t3 + $SHRI $t3,$t3,$BITS-1 + or $acc2,$acc2,$t1 + + mtctr $cnt +.Lsqr4x_shift_n_add: + $UMULL $a4,$a5,$a5 + $UMULH $a5,$a5,$a5 + $LD $t1,$SIZE_T*6($tp) # =tp[5] + $LD $a1,$SIZE_T*1($ap) + adde $acc2,$acc2,$a2 + add $acc4,$t0,$t0 + $SHRI $t0,$t0,$BITS-1 + or $acc3,$acc3,$t2 + $LD $t2,$SIZE_T*7($tp) # =tp[6] + adde $acc3,$acc3,$a3 + $LD $a3,$SIZE_T*2($ap) + add $acc5,$t1,$t1 + $SHRI $t1,$t1,$BITS-1 + or $acc4,$acc4,$t3 + $LD $t3,$SIZE_T*8($tp) # =tp[7] + $UMULL $a6,$a7,$a7 + $UMULH $a7,$a7,$a7 + adde $acc4,$acc4,$a4 + add $acc6,$t2,$t2 + $SHRI $t2,$t2,$BITS-1 + or $acc5,$acc5,$t0 + $LD $t0,$SIZE_T*9($tp) # =tp[8] + adde $acc5,$acc5,$a5 + $LD $a5,$SIZE_T*3($ap) + add $acc7,$t3,$t3 + $SHRI $t3,$t3,$BITS-1 + or $acc6,$acc6,$t1 + $LD $t1,$SIZE_T*10($tp) # =tp[9] + $UMULL $a0,$a1,$a1 + $UMULH $a1,$a1,$a1 + adde $acc6,$acc6,$a6 + $ST $acc0,$SIZE_T*1($tp) # tp[0]= + add $acc0,$t0,$t0 + $SHRI $t0,$t0,$BITS-1 + or $acc7,$acc7,$t2 + $LD $t2,$SIZE_T*11($tp) # =tp[10] + adde $acc7,$acc7,$a7 + $LDU $a7,$SIZE_T*4($ap) + $ST $acc1,$SIZE_T*2($tp) # tp[1]= + add $acc1,$t1,$t1 + $SHRI $t1,$t1,$BITS-1 + or $acc0,$acc0,$t3 + $LD $t3,$SIZE_T*12($tp) # =tp[11] + $UMULL $a2,$a3,$a3 + $UMULH $a3,$a3,$a3 + adde $acc0,$acc0,$a0 + $ST $acc2,$SIZE_T*3($tp) # tp[2]= + add $acc2,$t2,$t2 + $SHRI $t2,$t2,$BITS-1 + or $acc1,$acc1,$t0 + $LD $t0,$SIZE_T*13($tp) # =tp[12] + adde $acc1,$acc1,$a1 + $ST $acc3,$SIZE_T*4($tp) # tp[3]= + $ST $acc4,$SIZE_T*5($tp) # tp[4]= + $ST $acc5,$SIZE_T*6($tp) # tp[5]= + $ST $acc6,$SIZE_T*7($tp) # tp[6]= + $STU $acc7,$SIZE_T*8($tp) # tp[7]= + add $acc3,$t3,$t3 + $SHRI $t3,$t3,$BITS-1 + or $acc2,$acc2,$t1 + bdnz .Lsqr4x_shift_n_add +___ +my ($np,$np_end)=($ap,$ap_end); +$code.=<<___; + $POP $np,$SIZE_T*7($sp) # pull &np[-1] and n0 + $POP $n0,$SIZE_T*8($sp) + + $UMULL $a4,$a5,$a5 + $UMULH $a5,$a5,$a5 + $ST $acc0,$SIZE_T*1($tp) # tp[8]= + $LD $acc0,$SIZE_T*12($sp) # =tp[0] + $LD $t1,$SIZE_T*6($tp) # =tp[13] + adde $acc2,$acc2,$a2 + add $acc4,$t0,$t0 + $SHRI $t0,$t0,$BITS-1 + or $acc3,$acc3,$t2 + $LD $t2,$SIZE_T*7($tp) # =tp[14] + adde $acc3,$acc3,$a3 + add $acc5,$t1,$t1 + $SHRI $t1,$t1,$BITS-1 + or $acc4,$acc4,$t3 + $UMULL $a6,$a7,$a7 + $UMULH $a7,$a7,$a7 + adde $acc4,$acc4,$a4 + add $acc6,$t2,$t2 + $SHRI $t2,$t2,$BITS-1 + or $acc5,$acc5,$t0 + $ST $acc1,$SIZE_T*2($tp) # tp[9]= + $LD $acc1,$SIZE_T*13($sp) # =tp[1] + adde $acc5,$acc5,$a5 + or $acc6,$acc6,$t1 + $LD $a0,$SIZE_T*1($np) + $LD $a1,$SIZE_T*2($np) + adde $acc6,$acc6,$a6 + $LD $a2,$SIZE_T*3($np) + $LD $a3,$SIZE_T*4($np) + adde $acc7,$a7,$t2 + $LD $a4,$SIZE_T*5($np) + $LD $a5,$SIZE_T*6($np) + + ################################################################ + # Reduce by 8 limbs per iteration + $UMULL $na0,$n0,$acc0 # t[0]*n0 + li $cnt,8 + $LD $a6,$SIZE_T*7($np) + add $np_end,$np,$num + $LDU $a7,$SIZE_T*8($np) + $ST $acc2,$SIZE_T*3($tp) # tp[10]= + $LD $acc2,$SIZE_T*14($sp) + $ST $acc3,$SIZE_T*4($tp) # tp[11]= + $LD $acc3,$SIZE_T*15($sp) + $ST $acc4,$SIZE_T*5($tp) # tp[12]= + $LD $acc4,$SIZE_T*16($sp) + $ST $acc5,$SIZE_T*6($tp) # tp[13]= + $LD $acc5,$SIZE_T*17($sp) + $ST $acc6,$SIZE_T*7($tp) # tp[14]= + $LD $acc6,$SIZE_T*18($sp) + $ST $acc7,$SIZE_T*8($tp) # tp[15]= + $LD $acc7,$SIZE_T*19($sp) + addi $tp,$sp,$SIZE_T*11 # &tp[-1] + mtctr $cnt + b .Lsqr8x_reduction + +.align 5 +.Lsqr8x_reduction: + # (*) $UMULL $t0,$a0,$na0 # lo(n[0-7])*lo(t[0]*n0) + $UMULL $t1,$a1,$na0 + $UMULL $t2,$a2,$na0 + $STU $na0,$SIZE_T($tp) # put aside t[0]*n0 for tail processing + $UMULL $t3,$a3,$na0 + # (*) addc $acc0,$acc0,$t0 + addic $acc0,$acc0,-1 # (*) + $UMULL $t0,$a4,$na0 + adde $acc0,$acc1,$t1 + $UMULL $t1,$a5,$na0 + adde $acc1,$acc2,$t2 + $UMULL $t2,$a6,$na0 + adde $acc2,$acc3,$t3 + $UMULL $t3,$a7,$na0 + adde $acc3,$acc4,$t0 + $UMULH $t0,$a0,$na0 # hi(n[0-7])*lo(t[0]*n0) + adde $acc4,$acc5,$t1 + $UMULH $t1,$a1,$na0 + adde $acc5,$acc6,$t2 + $UMULH $t2,$a2,$na0 + adde $acc6,$acc7,$t3 + $UMULH $t3,$a3,$na0 + addze $acc7,$zero + addc $acc0,$acc0,$t0 + $UMULH $t0,$a4,$na0 + adde $acc1,$acc1,$t1 + $UMULH $t1,$a5,$na0 + adde $acc2,$acc2,$t2 + $UMULH $t2,$a6,$na0 + adde $acc3,$acc3,$t3 + $UMULH $t3,$a7,$na0 + $UMULL $na0,$n0,$acc0 # next t[0]*n0 + adde $acc4,$acc4,$t0 + adde $acc5,$acc5,$t1 + adde $acc6,$acc6,$t2 + adde $acc7,$acc7,$t3 + bdnz .Lsqr8x_reduction + + $LD $t0,$SIZE_T*1($tp) + $LD $t1,$SIZE_T*2($tp) + $LD $t2,$SIZE_T*3($tp) + $LD $t3,$SIZE_T*4($tp) + subi $rp,$tp,$SIZE_T*7 + $UCMP $np_end,$np # done yet? + addc $acc0,$acc0,$t0 + $LD $t0,$SIZE_T*5($tp) + adde $acc1,$acc1,$t1 + $LD $t1,$SIZE_T*6($tp) + adde $acc2,$acc2,$t2 + $LD $t2,$SIZE_T*7($tp) + adde $acc3,$acc3,$t3 + $LD $t3,$SIZE_T*8($tp) + adde $acc4,$acc4,$t0 + adde $acc5,$acc5,$t1 + adde $acc6,$acc6,$t2 + adde $acc7,$acc7,$t3 + #addze $carry,$zero # moved below + beq .Lsqr8x8_post_condition + + $LD $n0,$SIZE_T*0($rp) + $LD $a0,$SIZE_T*1($np) + $LD $a1,$SIZE_T*2($np) + $LD $a2,$SIZE_T*3($np) + $LD $a3,$SIZE_T*4($np) + $LD $a4,$SIZE_T*5($np) + $LD $a5,$SIZE_T*6($np) + $LD $a6,$SIZE_T*7($np) + $LDU $a7,$SIZE_T*8($np) + li $cnt,0 + +.align 5 +.Lsqr8x_tail: + $UMULL $t0,$a0,$n0 + addze $carry,$zero # carry bit, modulo-scheduled + $UMULL $t1,$a1,$n0 + addi $cnt,$cnt,$SIZE_T + $UMULL $t2,$a2,$n0 + andi. $cnt,$cnt,$SIZE_T*8-1 + $UMULL $t3,$a3,$n0 + addc $acc0,$acc0,$t0 + $UMULL $t0,$a4,$n0 + adde $acc1,$acc1,$t1 + $UMULL $t1,$a5,$n0 + adde $acc2,$acc2,$t2 + $UMULL $t2,$a6,$n0 + adde $acc3,$acc3,$t3 + $UMULL $t3,$a7,$n0 + adde $acc4,$acc4,$t0 + $UMULH $t0,$a0,$n0 + adde $acc5,$acc5,$t1 + $UMULH $t1,$a1,$n0 + adde $acc6,$acc6,$t2 + $UMULH $t2,$a2,$n0 + adde $acc7,$acc7,$t3 + $UMULH $t3,$a3,$n0 + addze $carry,$carry + $STU $acc0,$SIZE_T($tp) + addc $acc0,$acc1,$t0 + $UMULH $t0,$a4,$n0 + adde $acc1,$acc2,$t1 + $UMULH $t1,$a5,$n0 + adde $acc2,$acc3,$t2 + $UMULH $t2,$a6,$n0 + adde $acc3,$acc4,$t3 + $UMULH $t3,$a7,$n0 + $LDX $n0,$rp,$cnt + adde $acc4,$acc5,$t0 + adde $acc5,$acc6,$t1 + adde $acc6,$acc7,$t2 + adde $acc7,$carry,$t3 + #addze $carry,$zero # moved above + bne .Lsqr8x_tail + # note that carry flag is guaranteed + # to be zero at this point + $LD $a0,$SIZE_T*1($tp) + $POP $carry,$SIZE_T*10($sp) # pull top-most carry in case we break + $UCMP $np_end,$np # done yet? + $LD $a1,$SIZE_T*2($tp) + sub $t2,$np_end,$num # rewinded np + $LD $a2,$SIZE_T*3($tp) + $LD $a3,$SIZE_T*4($tp) + $LD $a4,$SIZE_T*5($tp) + $LD $a5,$SIZE_T*6($tp) + $LD $a6,$SIZE_T*7($tp) + $LD $a7,$SIZE_T*8($tp) + beq .Lsqr8x_tail_break + + addc $acc0,$acc0,$a0 + $LD $a0,$SIZE_T*1($np) + adde $acc1,$acc1,$a1 + $LD $a1,$SIZE_T*2($np) + adde $acc2,$acc2,$a2 + $LD $a2,$SIZE_T*3($np) + adde $acc3,$acc3,$a3 + $LD $a3,$SIZE_T*4($np) + adde $acc4,$acc4,$a4 + $LD $a4,$SIZE_T*5($np) + adde $acc5,$acc5,$a5 + $LD $a5,$SIZE_T*6($np) + adde $acc6,$acc6,$a6 + $LD $a6,$SIZE_T*7($np) + adde $acc7,$acc7,$a7 + $LDU $a7,$SIZE_T*8($np) + #addze $carry,$zero # moved above + b .Lsqr8x_tail + +.align 5 +.Lsqr8x_tail_break: + $POP $n0,$SIZE_T*8($sp) # pull n0 + $POP $t3,$SIZE_T*9($sp) # &tp[2*num-1] + addi $cnt,$tp,$SIZE_T*8 # end of current t[num] window + + addic $carry,$carry,-1 # "move" top-most carry to carry bit + adde $t0,$acc0,$a0 + $LD $acc0,$SIZE_T*8($rp) + $LD $a0,$SIZE_T*1($t2) # recall that $t2 is &n[-1] + adde $t1,$acc1,$a1 + $LD $acc1,$SIZE_T*9($rp) + $LD $a1,$SIZE_T*2($t2) + adde $acc2,$acc2,$a2 + $LD $a2,$SIZE_T*3($t2) + adde $acc3,$acc3,$a3 + $LD $a3,$SIZE_T*4($t2) + adde $acc4,$acc4,$a4 + $LD $a4,$SIZE_T*5($t2) + adde $acc5,$acc5,$a5 + $LD $a5,$SIZE_T*6($t2) + adde $acc6,$acc6,$a6 + $LD $a6,$SIZE_T*7($t2) + adde $acc7,$acc7,$a7 + $LD $a7,$SIZE_T*8($t2) + addi $np,$t2,$SIZE_T*8 + addze $t2,$zero # top-most carry + $UMULL $na0,$n0,$acc0 + $ST $t0,$SIZE_T*1($tp) + $UCMP $cnt,$t3 # did we hit the bottom? + $ST $t1,$SIZE_T*2($tp) + li $cnt,8 + $ST $acc2,$SIZE_T*3($tp) + $LD $acc2,$SIZE_T*10($rp) + $ST $acc3,$SIZE_T*4($tp) + $LD $acc3,$SIZE_T*11($rp) + $ST $acc4,$SIZE_T*5($tp) + $LD $acc4,$SIZE_T*12($rp) + $ST $acc5,$SIZE_T*6($tp) + $LD $acc5,$SIZE_T*13($rp) + $ST $acc6,$SIZE_T*7($tp) + $LD $acc6,$SIZE_T*14($rp) + $ST $acc7,$SIZE_T*8($tp) + $LD $acc7,$SIZE_T*15($rp) + $PUSH $t2,$SIZE_T*10($sp) # off-load top-most carry + addi $tp,$rp,$SIZE_T*7 # slide the window + mtctr $cnt + bne .Lsqr8x_reduction + + ################################################################ + # Final step. We see if result is larger than modulus, and + # if it is, subtract the modulus. But comparison implies + # subtraction. So we subtract modulus, see if it borrowed, + # and conditionally copy original value. + $POP $rp,$SIZE_T*6($sp) # pull &rp[-1] + srwi $cnt,$num,`log($SIZE_T)/log(2)+3` + mr $n0,$tp # put tp aside + addi $tp,$tp,$SIZE_T*8 + subi $cnt,$cnt,1 + subfc $t0,$a0,$acc0 + subfe $t1,$a1,$acc1 + mr $carry,$t2 + mr $ap_end,$rp # $rp copy + + mtctr $cnt + b .Lsqr8x_sub + +.align 5 +.Lsqr8x_sub: + $LD $a0,$SIZE_T*1($np) + $LD $acc0,$SIZE_T*1($tp) + $LD $a1,$SIZE_T*2($np) + $LD $acc1,$SIZE_T*2($tp) + subfe $t2,$a2,$acc2 + $LD $a2,$SIZE_T*3($np) + $LD $acc2,$SIZE_T*3($tp) + subfe $t3,$a3,$acc3 + $LD $a3,$SIZE_T*4($np) + $LD $acc3,$SIZE_T*4($tp) + $ST $t0,$SIZE_T*1($rp) + subfe $t0,$a4,$acc4 + $LD $a4,$SIZE_T*5($np) + $LD $acc4,$SIZE_T*5($tp) + $ST $t1,$SIZE_T*2($rp) + subfe $t1,$a5,$acc5 + $LD $a5,$SIZE_T*6($np) + $LD $acc5,$SIZE_T*6($tp) + $ST $t2,$SIZE_T*3($rp) + subfe $t2,$a6,$acc6 + $LD $a6,$SIZE_T*7($np) + $LD $acc6,$SIZE_T*7($tp) + $ST $t3,$SIZE_T*4($rp) + subfe $t3,$a7,$acc7 + $LDU $a7,$SIZE_T*8($np) + $LDU $acc7,$SIZE_T*8($tp) + $ST $t0,$SIZE_T*5($rp) + subfe $t0,$a0,$acc0 + $ST $t1,$SIZE_T*6($rp) + subfe $t1,$a1,$acc1 + $ST $t2,$SIZE_T*7($rp) + $STU $t3,$SIZE_T*8($rp) + bdnz .Lsqr8x_sub + + srwi $cnt,$num,`log($SIZE_T)/log(2)+2` + $LD $a0,$SIZE_T*1($ap_end) # original $rp + $LD $acc0,$SIZE_T*1($n0) # original $tp + subi $cnt,$cnt,1 + $LD $a1,$SIZE_T*2($ap_end) + $LD $acc1,$SIZE_T*2($n0) + subfe $t2,$a2,$acc2 + $LD $a2,$SIZE_T*3($ap_end) + $LD $acc2,$SIZE_T*3($n0) + subfe $t3,$a3,$acc3 + $LD $a3,$SIZE_T*4($ap_end) + $LDU $acc3,$SIZE_T*4($n0) + $ST $t0,$SIZE_T*1($rp) + subfe $t0,$a4,$acc4 + $ST $t1,$SIZE_T*2($rp) + subfe $t1,$a5,$acc5 + $ST $t2,$SIZE_T*3($rp) + subfe $t2,$a6,$acc6 + $ST $t3,$SIZE_T*4($rp) + subfe $t3,$a7,$acc7 + $ST $t0,$SIZE_T*5($rp) + subfe $carry,$zero,$carry # did it borrow? + $ST $t1,$SIZE_T*6($rp) + $ST $t2,$SIZE_T*7($rp) + $ST $t3,$SIZE_T*8($rp) + + addi $tp,$sp,$SIZE_T*11 + mtctr $cnt + +.Lsqr4x_cond_copy: + andc $a0,$a0,$carry + $ST $zero,-$SIZE_T*3($n0) # wipe stack clean + and $acc0,$acc0,$carry + $ST $zero,-$SIZE_T*2($n0) + andc $a1,$a1,$carry + $ST $zero,-$SIZE_T*1($n0) + and $acc1,$acc1,$carry + $ST $zero,-$SIZE_T*0($n0) + andc $a2,$a2,$carry + $ST $zero,$SIZE_T*1($tp) + and $acc2,$acc2,$carry + $ST $zero,$SIZE_T*2($tp) + andc $a3,$a3,$carry + $ST $zero,$SIZE_T*3($tp) + and $acc3,$acc3,$carry + $STU $zero,$SIZE_T*4($tp) + or $t0,$a0,$acc0 + $LD $a0,$SIZE_T*5($ap_end) + $LD $acc0,$SIZE_T*1($n0) + or $t1,$a1,$acc1 + $LD $a1,$SIZE_T*6($ap_end) + $LD $acc1,$SIZE_T*2($n0) + or $t2,$a2,$acc2 + $LD $a2,$SIZE_T*7($ap_end) + $LD $acc2,$SIZE_T*3($n0) + or $t3,$a3,$acc3 + $LD $a3,$SIZE_T*8($ap_end) + $LDU $acc3,$SIZE_T*4($n0) + $ST $t0,$SIZE_T*1($ap_end) + $ST $t1,$SIZE_T*2($ap_end) + $ST $t2,$SIZE_T*3($ap_end) + $STU $t3,$SIZE_T*4($ap_end) + bdnz .Lsqr4x_cond_copy + + $POP $ap,0($sp) # pull saved sp + andc $a0,$a0,$carry + and $acc0,$acc0,$carry + andc $a1,$a1,$carry + and $acc1,$acc1,$carry + andc $a2,$a2,$carry + and $acc2,$acc2,$carry + andc $a3,$a3,$carry + and $acc3,$acc3,$carry + or $t0,$a0,$acc0 + or $t1,$a1,$acc1 + or $t2,$a2,$acc2 + or $t3,$a3,$acc3 + $ST $t0,$SIZE_T*1($ap_end) + $ST $t1,$SIZE_T*2($ap_end) + $ST $t2,$SIZE_T*3($ap_end) + $ST $t3,$SIZE_T*4($ap_end) + + b .Lsqr8x_done + +.align 5 +.Lsqr8x8_post_condition: + $POP $rp,$SIZE_T*6($sp) # pull rp + $POP $ap,0($sp) # pull saved sp + addze $carry,$zero + + # $acc0-7,$carry hold result, $a0-7 hold modulus + subfc $acc0,$a0,$acc0 + subfe $acc1,$a1,$acc1 + $ST $zero,$SIZE_T*12($sp) # wipe stack clean + $ST $zero,$SIZE_T*13($sp) + subfe $acc2,$a2,$acc2 + $ST $zero,$SIZE_T*14($sp) + $ST $zero,$SIZE_T*15($sp) + subfe $acc3,$a3,$acc3 + $ST $zero,$SIZE_T*16($sp) + $ST $zero,$SIZE_T*17($sp) + subfe $acc4,$a4,$acc4 + $ST $zero,$SIZE_T*18($sp) + $ST $zero,$SIZE_T*19($sp) + subfe $acc5,$a5,$acc5 + $ST $zero,$SIZE_T*20($sp) + $ST $zero,$SIZE_T*21($sp) + subfe $acc6,$a6,$acc6 + $ST $zero,$SIZE_T*22($sp) + $ST $zero,$SIZE_T*23($sp) + subfe $acc7,$a7,$acc7 + $ST $zero,$SIZE_T*24($sp) + $ST $zero,$SIZE_T*25($sp) + subfe $carry,$zero,$carry # did it borrow? + $ST $zero,$SIZE_T*26($sp) + $ST $zero,$SIZE_T*27($sp) + + and $a0,$a0,$carry + and $a1,$a1,$carry + addc $acc0,$acc0,$a0 # add modulus back if borrowed + and $a2,$a2,$carry + adde $acc1,$acc1,$a1 + and $a3,$a3,$carry + adde $acc2,$acc2,$a2 + and $a4,$a4,$carry + adde $acc3,$acc3,$a3 + and $a5,$a5,$carry + adde $acc4,$acc4,$a4 + and $a6,$a6,$carry + adde $acc5,$acc5,$a5 + and $a7,$a7,$carry + adde $acc6,$acc6,$a6 + adde $acc7,$acc7,$a7 + $ST $acc0,$SIZE_T*1($rp) + $ST $acc1,$SIZE_T*2($rp) + $ST $acc2,$SIZE_T*3($rp) + $ST $acc3,$SIZE_T*4($rp) + $ST $acc4,$SIZE_T*5($rp) + $ST $acc5,$SIZE_T*6($rp) + $ST $acc6,$SIZE_T*7($rp) + $ST $acc7,$SIZE_T*8($rp) + +.Lsqr8x_done: + $PUSH $zero,$SIZE_T*8($sp) + $PUSH $zero,$SIZE_T*10($sp) + + $POP r14,-$SIZE_T*18($ap) + li r3,1 # signal "done" + $POP r15,-$SIZE_T*17($ap) + $POP r16,-$SIZE_T*16($ap) + $POP r17,-$SIZE_T*15($ap) + $POP r18,-$SIZE_T*14($ap) + $POP r19,-$SIZE_T*13($ap) + $POP r20,-$SIZE_T*12($ap) + $POP r21,-$SIZE_T*11($ap) + $POP r22,-$SIZE_T*10($ap) + $POP r23,-$SIZE_T*9($ap) + $POP r24,-$SIZE_T*8($ap) + $POP r25,-$SIZE_T*7($ap) + $POP r26,-$SIZE_T*6($ap) + $POP r27,-$SIZE_T*5($ap) + $POP r28,-$SIZE_T*4($ap) + $POP r29,-$SIZE_T*3($ap) + $POP r30,-$SIZE_T*2($ap) + $POP r31,-$SIZE_T*1($ap) + mr $sp,$ap + blr + .long 0 + .byte 0,12,4,0x20,0x80,18,6,0 + .long 0 +.size __bn_sqr8x_mont,.-__bn_sqr8x_mont +___ +} +$code.=<<___; .asciz "Montgomery Multiplication for PPC, CRYPTOGAMS by " ___ diff --git a/deps/openssl/openssl/crypto/bn/asm/ppc.pl b/deps/openssl/openssl/crypto/bn/asm/ppc.pl index 4ea534a1c7ad65..e37068192f2f5e 100644 --- a/deps/openssl/openssl/crypto/bn/asm/ppc.pl +++ b/deps/openssl/openssl/crypto/bn/asm/ppc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -38,9 +38,9 @@ #rsa 2048 bits 0.3036s 0.0085s 3.3 117.1 #rsa 4096 bits 2.0040s 0.0299s 0.5 33.4 #dsa 512 bits 0.0087s 0.0106s 114.3 94.5 -#dsa 1024 bits 0.0256s 0.0313s 39.0 32.0 +#dsa 1024 bits 0.0256s 0.0313s 39.0 32.0 # -# Same bechmark with this assembler code: +# Same benchmark with this assembler code: # #rsa 512 bits 0.0056s 0.0005s 178.6 2049.2 #rsa 1024 bits 0.0283s 0.0015s 35.3 674.1 @@ -74,7 +74,7 @@ #rsa 4096 bits 0.3700s 0.0058s 2.7 171.0 #dsa 512 bits 0.0016s 0.0020s 610.7 507.1 #dsa 1024 bits 0.0047s 0.0058s 212.5 173.2 -# +# # Again, performance increases by at about 75% # # Mac OS X, Apple G5 1.8GHz (Note this is 32 bit code) @@ -101,10 +101,7 @@ #dsa 2048 bits 0.0061s 0.0075s 163.5 132.8 # # Performance increase of ~60% -# -# If you have comments or suggestions to improve code send -# me a note at schari@us.ibm.com -# +# Based on submission from Suresh N. Chari of IBM $flavour = shift; @@ -125,7 +122,7 @@ $CNTLZ= "cntlzw"; # count leading zeros $SHL= "slw"; # shift left $SHR= "srw"; # unsigned shift right - $SHRI= "srwi"; # unsigned shift right by immediate + $SHRI= "srwi"; # unsigned shift right by immediate $SHLI= "slwi"; # shift left by immediate $CLRU= "clrlwi"; # clear upper bits $INSR= "insrwi"; # insert right @@ -149,10 +146,10 @@ $CNTLZ= "cntlzd"; # count leading zeros $SHL= "sld"; # shift left $SHR= "srd"; # unsigned shift right - $SHRI= "srdi"; # unsigned shift right by immediate + $SHRI= "srdi"; # unsigned shift right by immediate $SHLI= "sldi"; # shift left by immediate $CLRU= "clrldi"; # clear upper bits - $INSR= "insrdi"; # insert right + $INSR= "insrdi"; # insert right $ROTL= "rotldi"; # rotate left by immediate $TR= "td"; # conditional trap } else { die "nonsense $flavour"; } @@ -189,7 +186,7 @@ # below. # 12/05/03 Suresh Chari # (with lots of help from) Andy Polyakov -## +## # 1. Initial version 10/20/02 Suresh Chari # # @@ -202,7 +199,7 @@ # be done in the build process. # # Hand optimized assembly code for the following routines -# +# # bn_sqr_comba4 # bn_sqr_comba8 # bn_mul_comba4 @@ -225,10 +222,10 @@ #-------------------------------------------------------------------------- # # Defines to be used in the assembly code. -# +# #.set r0,0 # we use it as storage for value of 0 #.set SP,1 # preserved -#.set RTOC,2 # preserved +#.set RTOC,2 # preserved #.set r3,3 # 1st argument/return value #.set r4,4 # 2nd argument/volatile register #.set r5,5 # 3rd argument/volatile register @@ -246,7 +243,7 @@ # the first . i.e. for example change ".bn_sqr_comba4" # to "bn_sqr_comba4". This should be automatically done # in the build. - + .globl .bn_sqr_comba4 .globl .bn_sqr_comba8 .globl .bn_mul_comba4 @@ -257,9 +254,9 @@ .globl .bn_sqr_words .globl .bn_mul_words .globl .bn_mul_add_words - + # .text section - + .machine "any" # @@ -278,8 +275,8 @@ # r3 contains r # r4 contains a # -# Freely use registers r5,r6,r7,r8,r9,r10,r11 as follows: -# +# Freely use registers r5,r6,r7,r8,r9,r10,r11 as follows: +# # r5,r6 are the two BN_ULONGs being multiplied. # r7,r8 are the results of the 32x32 giving 64 bit multiply. # r9,r10, r11 are the equivalents of c1,c2, c3. @@ -288,10 +285,10 @@ # xor r0,r0,r0 # set r0 = 0. Used in the addze # instructions below - + #sqr_add_c(a,0,c1,c2,c3) - $LD r5,`0*$BNSZ`(r4) - $UMULL r9,r5,r5 + $LD r5,`0*$BNSZ`(r4) + $UMULL r9,r5,r5 $UMULH r10,r5,r5 #in first iteration. No need #to add since c1=c2=c3=0. # Note c3(r11) is NOT set to 0 @@ -299,20 +296,20 @@ $ST r9,`0*$BNSZ`(r3) # r[0]=c1; # sqr_add_c2(a,1,0,c2,c3,c1); - $LD r6,`1*$BNSZ`(r4) + $LD r6,`1*$BNSZ`(r4) $UMULL r7,r5,r6 $UMULH r8,r5,r6 - + addc r7,r7,r7 # compute (r7,r8)=2*(r7,r8) adde r8,r8,r8 addze r9,r0 # catch carry if any. - # r9= r0(=0) and carry - + # r9= r0(=0) and carry + addc r10,r7,r10 # now add to temp result. - addze r11,r8 # r8 added to r11 which is 0 + addze r11,r8 # r8 added to r11 which is 0 addze r9,r9 - - $ST r10,`1*$BNSZ`(r3) #r[1]=c2; + + $ST r10,`1*$BNSZ`(r3) #r[1]=c2; #sqr_add_c(a,1,c3,c1,c2) $UMULL r7,r6,r6 $UMULH r8,r6,r6 @@ -323,23 +320,23 @@ $LD r6,`2*$BNSZ`(r4) $UMULL r7,r5,r6 $UMULH r8,r5,r6 - + addc r7,r7,r7 adde r8,r8,r8 addze r10,r10 - + addc r11,r7,r11 adde r9,r8,r9 addze r10,r10 - $ST r11,`2*$BNSZ`(r3) #r[2]=c3 + $ST r11,`2*$BNSZ`(r3) #r[2]=c3 #sqr_add_c2(a,3,0,c1,c2,c3); - $LD r6,`3*$BNSZ`(r4) + $LD r6,`3*$BNSZ`(r4) $UMULL r7,r5,r6 $UMULH r8,r5,r6 addc r7,r7,r7 adde r8,r8,r8 addze r11,r0 - + addc r9,r7,r9 adde r10,r8,r10 addze r11,r11 @@ -348,7 +345,7 @@ $LD r6,`2*$BNSZ`(r4) $UMULL r7,r5,r6 $UMULH r8,r5,r6 - + addc r7,r7,r7 adde r8,r8,r8 addze r11,r11 @@ -363,31 +360,31 @@ adde r11,r8,r11 addze r9,r0 #sqr_add_c2(a,3,1,c2,c3,c1); - $LD r6,`3*$BNSZ`(r4) + $LD r6,`3*$BNSZ`(r4) $UMULL r7,r5,r6 $UMULH r8,r5,r6 addc r7,r7,r7 adde r8,r8,r8 addze r9,r9 - + addc r10,r7,r10 adde r11,r8,r11 addze r9,r9 $ST r10,`4*$BNSZ`(r3) #r[4]=c2 #sqr_add_c2(a,3,2,c3,c1,c2); - $LD r5,`2*$BNSZ`(r4) + $LD r5,`2*$BNSZ`(r4) $UMULL r7,r5,r6 $UMULH r8,r5,r6 addc r7,r7,r7 adde r8,r8,r8 addze r10,r0 - + addc r11,r7,r11 adde r9,r8,r9 addze r10,r10 $ST r11,`5*$BNSZ`(r3) #r[5] = c3 #sqr_add_c(a,3,c1,c2,c3); - $UMULL r7,r6,r6 + $UMULL r7,r6,r6 $UMULH r8,r6,r6 addc r9,r7,r9 adde r10,r8,r10 @@ -406,7 +403,7 @@ # for the gcc compiler. This should be automatically # done in the build # - + .align 4 .bn_sqr_comba8: # @@ -418,15 +415,15 @@ # r3 contains r # r4 contains a # -# Freely use registers r5,r6,r7,r8,r9,r10,r11 as follows: -# +# Freely use registers r5,r6,r7,r8,r9,r10,r11 as follows: +# # r5,r6 are the two BN_ULONGs being multiplied. # r7,r8 are the results of the 32x32 giving 64 bit multiply. # r9,r10, r11 are the equivalents of c1,c2, c3. # # Possible optimization of loading all 8 longs of a into registers # doesn't provide any speedup -# +# xor r0,r0,r0 #set r0 = 0.Used in addze #instructions below. @@ -439,18 +436,18 @@ #sqr_add_c2(a,1,0,c2,c3,c1); $LD r6,`1*$BNSZ`(r4) $UMULL r7,r5,r6 - $UMULH r8,r5,r6 - + $UMULH r8,r5,r6 + addc r10,r7,r10 #add the two register number adde r11,r8,r0 # (r8,r7) to the three register addze r9,r0 # number (r9,r11,r10).NOTE:r0=0 - + addc r10,r7,r10 #add the two register number adde r11,r8,r11 # (r8,r7) to the three register addze r9,r9 # number (r9,r11,r10). - + $ST r10,`1*$BNSZ`(r3) # r[1]=c2 - + #sqr_add_c(a,1,c3,c1,c2); $UMULL r7,r6,r6 $UMULH r8,r6,r6 @@ -461,25 +458,25 @@ $LD r6,`2*$BNSZ`(r4) $UMULL r7,r5,r6 $UMULH r8,r5,r6 - + addc r11,r7,r11 adde r9,r8,r9 addze r10,r10 - + addc r11,r7,r11 adde r9,r8,r9 addze r10,r10 - + $ST r11,`2*$BNSZ`(r3) #r[2]=c3 #sqr_add_c2(a,3,0,c1,c2,c3); $LD r6,`3*$BNSZ`(r4) #r6 = a[3]. r5 is already a[0]. $UMULL r7,r5,r6 $UMULH r8,r5,r6 - + addc r9,r7,r9 adde r10,r8,r10 addze r11,r0 - + addc r9,r7,r9 adde r10,r8,r10 addze r11,r11 @@ -488,20 +485,20 @@ $LD r6,`2*$BNSZ`(r4) $UMULL r7,r5,r6 $UMULH r8,r5,r6 - + addc r9,r7,r9 adde r10,r8,r10 addze r11,r11 - + addc r9,r7,r9 adde r10,r8,r10 addze r11,r11 - + $ST r9,`3*$BNSZ`(r3) #r[3]=c1; #sqr_add_c(a,2,c2,c3,c1); $UMULL r7,r6,r6 $UMULH r8,r6,r6 - + addc r10,r7,r10 adde r11,r8,r11 addze r9,r0 @@ -509,11 +506,11 @@ $LD r6,`3*$BNSZ`(r4) $UMULL r7,r5,r6 $UMULH r8,r5,r6 - + addc r10,r7,r10 adde r11,r8,r11 addze r9,r9 - + addc r10,r7,r10 adde r11,r8,r11 addze r9,r9 @@ -522,11 +519,11 @@ $LD r6,`4*$BNSZ`(r4) $UMULL r7,r5,r6 $UMULH r8,r5,r6 - + addc r10,r7,r10 adde r11,r8,r11 addze r9,r9 - + addc r10,r7,r10 adde r11,r8,r11 addze r9,r9 @@ -535,11 +532,11 @@ $LD r6,`5*$BNSZ`(r4) $UMULL r7,r5,r6 $UMULH r8,r5,r6 - + addc r11,r7,r11 adde r9,r8,r9 addze r10,r0 - + addc r11,r7,r11 adde r9,r8,r9 addze r10,r10 @@ -548,11 +545,11 @@ $LD r6,`4*$BNSZ`(r4) $UMULL r7,r5,r6 $UMULH r8,r5,r6 - + addc r11,r7,r11 adde r9,r8,r9 addze r10,r10 - + addc r11,r7,r11 adde r9,r8,r9 addze r10,r10 @@ -561,11 +558,11 @@ $LD r6,`3*$BNSZ`(r4) $UMULL r7,r5,r6 $UMULH r8,r5,r6 - + addc r11,r7,r11 adde r9,r8,r9 addze r10,r10 - + addc r11,r7,r11 adde r9,r8,r9 addze r10,r10 @@ -580,11 +577,11 @@ $LD r6,`4*$BNSZ`(r4) $UMULL r7,r5,r6 $UMULH r8,r5,r6 - + addc r9,r7,r9 adde r10,r8,r10 addze r11,r11 - + addc r9,r7,r9 adde r10,r8,r10 addze r11,r11 @@ -593,11 +590,11 @@ $LD r6,`5*$BNSZ`(r4) $UMULL r7,r5,r6 $UMULH r8,r5,r6 - + addc r9,r7,r9 adde r10,r8,r10 addze r11,r11 - + addc r9,r7,r9 adde r10,r8,r10 addze r11,r11 @@ -617,7 +614,7 @@ $LD r6,`7*$BNSZ`(r4) $UMULL r7,r5,r6 $UMULH r8,r5,r6 - + addc r10,r7,r10 adde r11,r8,r11 addze r9,r0 @@ -629,7 +626,7 @@ $LD r6,`6*$BNSZ`(r4) $UMULL r7,r5,r6 $UMULH r8,r5,r6 - + addc r10,r7,r10 adde r11,r8,r11 addze r9,r9 @@ -652,7 +649,7 @@ $LD r6,`4*$BNSZ`(r4) $UMULL r7,r5,r6 $UMULH r8,r5,r6 - + addc r10,r7,r10 adde r11,r8,r11 addze r9,r9 @@ -684,7 +681,7 @@ addc r11,r7,r11 adde r9,r8,r9 addze r10,r10 - + addc r11,r7,r11 adde r9,r8,r9 addze r10,r10 @@ -704,7 +701,7 @@ $LD r5,`2*$BNSZ`(r4) $UMULL r7,r5,r6 $UMULH r8,r5,r6 - + addc r9,r7,r9 adde r10,r8,r10 addze r11,r0 @@ -801,7 +798,7 @@ adde r10,r8,r10 addze r11,r11 $ST r9,`12*$BNSZ`(r3) #r[12]=c1; - + #sqr_add_c2(a,7,6,c2,c3,c1) $LD r5,`6*$BNSZ`(r4) $UMULL r7,r5,r6 @@ -850,21 +847,21 @@ # xor r0,r0,r0 #r0=0. Used in addze below. #mul_add_c(a[0],b[0],c1,c2,c3); - $LD r6,`0*$BNSZ`(r4) - $LD r7,`0*$BNSZ`(r5) - $UMULL r10,r6,r7 - $UMULH r11,r6,r7 + $LD r6,`0*$BNSZ`(r4) + $LD r7,`0*$BNSZ`(r5) + $UMULL r10,r6,r7 + $UMULH r11,r6,r7 $ST r10,`0*$BNSZ`(r3) #r[0]=c1 #mul_add_c(a[0],b[1],c2,c3,c1); - $LD r7,`1*$BNSZ`(r5) + $LD r7,`1*$BNSZ`(r5) $UMULL r8,r6,r7 $UMULH r9,r6,r7 addc r11,r8,r11 adde r12,r9,r0 addze r10,r0 #mul_add_c(a[1],b[0],c2,c3,c1); - $LD r6, `1*$BNSZ`(r4) - $LD r7, `0*$BNSZ`(r5) + $LD r6, `1*$BNSZ`(r4) + $LD r7, `0*$BNSZ`(r5) $UMULL r8,r6,r7 $UMULH r9,r6,r7 addc r11,r8,r11 @@ -872,23 +869,23 @@ addze r10,r10 $ST r11,`1*$BNSZ`(r3) #r[1]=c2 #mul_add_c(a[2],b[0],c3,c1,c2); - $LD r6,`2*$BNSZ`(r4) + $LD r6,`2*$BNSZ`(r4) $UMULL r8,r6,r7 $UMULH r9,r6,r7 addc r12,r8,r12 adde r10,r9,r10 addze r11,r0 #mul_add_c(a[1],b[1],c3,c1,c2); - $LD r6,`1*$BNSZ`(r4) - $LD r7,`1*$BNSZ`(r5) + $LD r6,`1*$BNSZ`(r4) + $LD r7,`1*$BNSZ`(r5) $UMULL r8,r6,r7 $UMULH r9,r6,r7 addc r12,r8,r12 adde r10,r9,r10 addze r11,r11 #mul_add_c(a[0],b[2],c3,c1,c2); - $LD r6,`0*$BNSZ`(r4) - $LD r7,`2*$BNSZ`(r5) + $LD r6,`0*$BNSZ`(r4) + $LD r7,`2*$BNSZ`(r5) $UMULL r8,r6,r7 $UMULH r9,r6,r7 addc r12,r8,r12 @@ -896,7 +893,7 @@ addze r11,r11 $ST r12,`2*$BNSZ`(r3) #r[2]=c3 #mul_add_c(a[0],b[3],c1,c2,c3); - $LD r7,`3*$BNSZ`(r5) + $LD r7,`3*$BNSZ`(r5) $UMULL r8,r6,r7 $UMULH r9,r6,r7 addc r10,r8,r10 @@ -928,7 +925,7 @@ addze r12,r12 $ST r10,`3*$BNSZ`(r3) #r[3]=c1 #mul_add_c(a[3],b[1],c2,c3,c1); - $LD r7,`1*$BNSZ`(r5) + $LD r7,`1*$BNSZ`(r5) $UMULL r8,r6,r7 $UMULH r9,r6,r7 addc r11,r8,r11 @@ -952,7 +949,7 @@ addze r10,r10 $ST r11,`4*$BNSZ`(r3) #r[4]=c2 #mul_add_c(a[2],b[3],c3,c1,c2); - $LD r6,`2*$BNSZ`(r4) + $LD r6,`2*$BNSZ`(r4) $UMULL r8,r6,r7 $UMULH r9,r6,r7 addc r12,r8,r12 @@ -968,7 +965,7 @@ addze r11,r11 $ST r12,`5*$BNSZ`(r3) #r[5]=c3 #mul_add_c(a[3],b[3],c1,c2,c3); - $LD r7,`3*$BNSZ`(r5) + $LD r7,`3*$BNSZ`(r5) $UMULL r8,r6,r7 $UMULH r9,r6,r7 addc r10,r8,r10 @@ -988,7 +985,7 @@ # for the gcc compiler. This should be automatically # done in the build # - + .align 4 .bn_mul_comba8: # @@ -1003,7 +1000,7 @@ # r10, r11, r12 are the equivalents of c1, c2, and c3. # xor r0,r0,r0 #r0=0. Used in addze below. - + #mul_add_c(a[0],b[0],c1,c2,c3); $LD r6,`0*$BNSZ`(r4) #a[0] $LD r7,`0*$BNSZ`(r5) #b[0] @@ -1065,7 +1062,7 @@ addc r10,r10,r8 adde r11,r11,r9 addze r12,r12 - + #mul_add_c(a[2],b[1],c1,c2,c3); $LD r6,`2*$BNSZ`(r4) $LD r7,`1*$BNSZ`(r5) @@ -1131,7 +1128,7 @@ adde r10,r10,r9 addze r11,r0 #mul_add_c(a[1],b[4],c3,c1,c2); - $LD r6,`1*$BNSZ`(r4) + $LD r6,`1*$BNSZ`(r4) $LD r7,`4*$BNSZ`(r5) $UMULL r8,r6,r7 $UMULH r9,r6,r7 @@ -1139,7 +1136,7 @@ adde r10,r10,r9 addze r11,r11 #mul_add_c(a[2],b[3],c3,c1,c2); - $LD r6,`2*$BNSZ`(r4) + $LD r6,`2*$BNSZ`(r4) $LD r7,`3*$BNSZ`(r5) $UMULL r8,r6,r7 $UMULH r9,r6,r7 @@ -1147,7 +1144,7 @@ adde r10,r10,r9 addze r11,r11 #mul_add_c(a[3],b[2],c3,c1,c2); - $LD r6,`3*$BNSZ`(r4) + $LD r6,`3*$BNSZ`(r4) $LD r7,`2*$BNSZ`(r5) $UMULL r8,r6,r7 $UMULH r9,r6,r7 @@ -1155,7 +1152,7 @@ adde r10,r10,r9 addze r11,r11 #mul_add_c(a[4],b[1],c3,c1,c2); - $LD r6,`4*$BNSZ`(r4) + $LD r6,`4*$BNSZ`(r4) $LD r7,`1*$BNSZ`(r5) $UMULL r8,r6,r7 $UMULH r9,r6,r7 @@ -1163,7 +1160,7 @@ adde r10,r10,r9 addze r11,r11 #mul_add_c(a[5],b[0],c3,c1,c2); - $LD r6,`5*$BNSZ`(r4) + $LD r6,`5*$BNSZ`(r4) $LD r7,`0*$BNSZ`(r5) $UMULL r8,r6,r7 $UMULH r9,r6,r7 @@ -1555,7 +1552,7 @@ addi r3,r3,-$BNSZ addi r5,r5,-$BNSZ mtctr r6 -Lppcasm_sub_mainloop: +Lppcasm_sub_mainloop: $LDU r7,$BNSZ(r4) $LDU r8,$BNSZ(r5) subfe r6,r8,r7 # r6 = r7+carry bit + onescomplement(r8) @@ -1563,7 +1560,7 @@ # is r7-r8 -1 as we need. $STU r6,$BNSZ(r3) bdnz Lppcasm_sub_mainloop -Lppcasm_sub_adios: +Lppcasm_sub_adios: subfze r3,r0 # if carry bit is set then r3 = 0 else -1 andi. r3,r3,1 # keep only last bit. blr @@ -1604,13 +1601,13 @@ addi r3,r3,-$BNSZ addi r5,r5,-$BNSZ mtctr r6 -Lppcasm_add_mainloop: +Lppcasm_add_mainloop: $LDU r7,$BNSZ(r4) $LDU r8,$BNSZ(r5) adde r8,r7,r8 $STU r8,$BNSZ(r3) bdnz Lppcasm_add_mainloop -Lppcasm_add_adios: +Lppcasm_add_adios: addze r3,r0 #return carry bit. blr .long 0 @@ -1633,11 +1630,11 @@ # the PPC instruction to count leading zeros instead # of call to num_bits_word. Since this was compiled # only at level -O2 we can possibly squeeze it more? -# +# # r3 = h # r4 = l # r5 = d - + $UCMPI 0,r5,0 # compare r5 and 0 bne Lppcasm_div1 # proceed if d!=0 li r3,-1 # d=0 return -1 @@ -1653,7 +1650,7 @@ Lppcasm_div2: $UCMP 0,r3,r5 #h>=d? blt Lppcasm_div3 #goto Lppcasm_div3 if not - subf r3,r5,r3 #h-=d ; + subf r3,r5,r3 #h-=d ; Lppcasm_div3: #r7 = BN_BITS2-i. so r7=i cmpi 0,0,r7,0 # is (i == 0)? beq Lppcasm_div4 @@ -1668,7 +1665,7 @@ # as it saves registers. li r6,2 #r6=2 mtctr r6 #counter will be in count. -Lppcasm_divouterloop: +Lppcasm_divouterloop: $SHRI r8,r3,`$BITS/2` #r8 = (h>>BN_BITS4) $SHRI r11,r4,`$BITS/2` #r11= (l&BN_MASK2h)>>BN_BITS4 # compute here for innerloop. @@ -1676,7 +1673,7 @@ bne Lppcasm_div5 # goto Lppcasm_div5 if not li r8,-1 - $CLRU r8,r8,`$BITS/2` #q = BN_MASK2l + $CLRU r8,r8,`$BITS/2` #q = BN_MASK2l b Lppcasm_div6 Lppcasm_div5: $UDIV r8,r3,r9 #q = h/dh @@ -1684,7 +1681,7 @@ $UMULL r12,r9,r8 #th = q*dh $CLRU r10,r5,`$BITS/2` #r10=dl $UMULL r6,r8,r10 #tl = q*dl - + Lppcasm_divinnerloop: subf r10,r12,r3 #t = h -th $SHRI r7,r10,`$BITS/2` #r7= (t &BN_MASK2H), sort of... @@ -1761,7 +1758,7 @@ addi r4,r4,-$BNSZ addi r3,r3,-$BNSZ mtctr r5 -Lppcasm_sqr_mainloop: +Lppcasm_sqr_mainloop: #sqr(r[0],r[1],a[0]); $LDU r6,$BNSZ(r4) $UMULL r7,r6,r6 @@ -1769,7 +1766,7 @@ $STU r7,$BNSZ(r3) $STU r8,$BNSZ(r3) bdnz Lppcasm_sqr_mainloop -Lppcasm_sqr_adios: +Lppcasm_sqr_adios: blr .long 0 .byte 0,12,0x14,0,0,0,3,0 @@ -1783,7 +1780,7 @@ # done in the build # -.align 4 +.align 4 .bn_mul_words: # # BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) @@ -1797,7 +1794,7 @@ rlwinm. r7,r5,30,2,31 # num >> 2 beq Lppcasm_mw_REM mtctr r7 -Lppcasm_mw_LOOP: +Lppcasm_mw_LOOP: #mul(rp[0],ap[0],w,c1); $LD r8,`0*$BNSZ`(r4) $UMULL r9,r6,r8 @@ -1809,7 +1806,7 @@ #using adde. $ST r9,`0*$BNSZ`(r3) #mul(rp[1],ap[1],w,c1); - $LD r8,`1*$BNSZ`(r4) + $LD r8,`1*$BNSZ`(r4) $UMULL r11,r6,r8 $UMULH r12,r6,r8 adde r11,r11,r10 @@ -1830,7 +1827,7 @@ addze r12,r12 #this spin we collect carry into #r12 $ST r11,`3*$BNSZ`(r3) - + addi r3,r3,`4*$BNSZ` addi r4,r4,`4*$BNSZ` bdnz Lppcasm_mw_LOOP @@ -1846,25 +1843,25 @@ addze r10,r10 $ST r9,`0*$BNSZ`(r3) addi r12,r10,0 - + addi r5,r5,-1 cmpli 0,0,r5,0 beq Lppcasm_mw_OVER - + #mul(rp[1],ap[1],w,c1); - $LD r8,`1*$BNSZ`(r4) + $LD r8,`1*$BNSZ`(r4) $UMULL r9,r6,r8 $UMULH r10,r6,r8 addc r9,r9,r12 addze r10,r10 $ST r9,`1*$BNSZ`(r3) addi r12,r10,0 - + addi r5,r5,-1 cmpli 0,0,r5,0 beq Lppcasm_mw_OVER - + #mul_add(rp[2],ap[2],w,c1); $LD r8,`2*$BNSZ`(r4) $UMULL r9,r6,r8 @@ -1873,14 +1870,14 @@ addze r10,r10 $ST r9,`2*$BNSZ`(r3) addi r12,r10,0 - -Lppcasm_mw_OVER: + +Lppcasm_mw_OVER: addi r3,r12,0 blr .long 0 .byte 0,12,0x14,0,0,0,4,0 .long 0 -.size bn_mul_words,.-bn_mul_words +.size .bn_mul_words,.-.bn_mul_words # # NOTE: The following label name should be changed to @@ -1902,11 +1899,11 @@ # empirical evidence suggests that unrolled version performs best!! # xor r0,r0,r0 #r0 = 0 - xor r12,r12,r12 #r12 = 0 . used for carry + xor r12,r12,r12 #r12 = 0 . used for carry rlwinm. r7,r5,30,2,31 # num >> 2 beq Lppcasm_maw_leftover # if (num < 4) go LPPCASM_maw_leftover mtctr r7 -Lppcasm_maw_mainloop: +Lppcasm_maw_mainloop: #mul_add(rp[0],ap[0],w,c1); $LD r8,`0*$BNSZ`(r4) $LD r11,`0*$BNSZ`(r3) @@ -1922,9 +1919,9 @@ #by multiply and will be collected #in the next spin $ST r9,`0*$BNSZ`(r3) - + #mul_add(rp[1],ap[1],w,c1); - $LD r8,`1*$BNSZ`(r4) + $LD r8,`1*$BNSZ`(r4) $LD r9,`1*$BNSZ`(r3) $UMULL r11,r6,r8 $UMULH r12,r6,r8 @@ -1933,7 +1930,7 @@ addc r11,r11,r9 #addze r12,r12 $ST r11,`1*$BNSZ`(r3) - + #mul_add(rp[2],ap[2],w,c1); $LD r8,`2*$BNSZ`(r4) $UMULL r9,r6,r8 @@ -1944,7 +1941,7 @@ addc r9,r9,r11 #addze r10,r10 $ST r9,`2*$BNSZ`(r3) - + #mul_add(rp[3],ap[3],w,c1); $LD r8,`3*$BNSZ`(r4) $UMULL r11,r6,r8 @@ -1958,7 +1955,7 @@ addi r3,r3,`4*$BNSZ` addi r4,r4,`4*$BNSZ` bdnz Lppcasm_maw_mainloop - + Lppcasm_maw_leftover: andi. r5,r5,0x3 beq Lppcasm_maw_adios @@ -1975,10 +1972,10 @@ addc r9,r9,r12 addze r12,r10 $ST r9,0(r3) - + bdz Lppcasm_maw_adios #mul_add(rp[1],ap[1],w,c1); - $LDU r8,$BNSZ(r4) + $LDU r8,$BNSZ(r4) $UMULL r9,r6,r8 $UMULH r10,r6,r8 $LDU r11,$BNSZ(r3) @@ -1987,7 +1984,7 @@ addc r9,r9,r12 addze r12,r10 $ST r9,0(r3) - + bdz Lppcasm_maw_adios #mul_add(rp[2],ap[2],w,c1); $LDU r8,$BNSZ(r4) @@ -1999,8 +1996,8 @@ addc r9,r9,r12 addze r12,r10 $ST r9,0(r3) - -Lppcasm_maw_adios: + +Lppcasm_maw_adios: addi r3,r12,0 blr .long 0 diff --git a/deps/openssl/openssl/crypto/bn/asm/ppc64-mont.pl b/deps/openssl/openssl/crypto/bn/asm/ppc64-mont.pl index 5d9f43aa5dbe0b..c41b620bc23ec8 100644 --- a/deps/openssl/openssl/crypto/bn/asm/ppc64-mont.pl +++ b/deps/openssl/openssl/crypto/bn/asm/ppc64-mont.pl @@ -35,7 +35,7 @@ # key lengths. As it's obviously inappropriate as "best all-round" # alternative, it has to be complemented with run-time CPU family # detection. Oh! It should also be noted that unlike other PowerPC -# implementation IALU ppc-mont.pl module performs *suboptimaly* on +# implementation IALU ppc-mont.pl module performs *suboptimally* on # >=1024-bit key lengths on Power 6. It should also be noted that # *everything* said so far applies to 64-bit builds! As far as 32-bit # application executed on 64-bit CPU goes, this module is likely to @@ -1353,7 +1353,7 @@ std $t3,-16($tp) ; tp[j-1] std $t5,-8($tp) ; tp[j] - add $carry,$carry,$ovf ; comsume upmost overflow + add $carry,$carry,$ovf ; consume upmost overflow add $t6,$t6,$carry ; can not overflow srdi $carry,$t6,16 add $t7,$t7,$carry diff --git a/deps/openssl/openssl/crypto/bn/asm/rsaz-avx2.pl b/deps/openssl/openssl/crypto/bn/asm/rsaz-avx2.pl index 0466e11a25180a..f1292cc75cfb5e 100755 --- a/deps/openssl/openssl/crypto/bn/asm/rsaz-avx2.pl +++ b/deps/openssl/openssl/crypto/bn/asm/rsaz-avx2.pl @@ -1,68 +1,30 @@ #! /usr/bin/env perl # Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright (c) 2012, Intel Corporation. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy # in the file LICENSE in the source distribution or at # https://www.openssl.org/source/license.html - - -############################################################################## -# # -# Copyright (c) 2012, Intel Corporation # -# # -# All rights reserved. # -# # -# Redistribution and use in source and binary forms, with or without # -# modification, are permitted provided that the following conditions are # -# met: # -# # -# * Redistributions of source code must retain the above copyright # -# notice, this list of conditions and the following disclaimer. # -# # -# * Redistributions in binary form must reproduce the above copyright # -# notice, this list of conditions and the following disclaimer in the # -# documentation and/or other materials provided with the # -# distribution. # -# # -# * Neither the name of the Intel Corporation nor the names of its # -# contributors may be used to endorse or promote products derived from # -# this software without specific prior written permission. # -# # -# # -# THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION ""AS IS"" AND ANY # -# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # -# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR # -# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, # -# EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, # -# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR # -# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF # -# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING # -# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS # -# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # -# # -############################################################################## -# Developers and authors: # -# Shay Gueron (1, 2), and Vlad Krasnov (1) # -# (1) Intel Corporation, Israel Development Center, Haifa, Israel # -# (2) University of Haifa, Israel # -############################################################################## -# Reference: # -# [1] S. Gueron, V. Krasnov: "Software Implementation of Modular # -# Exponentiation, Using Advanced Vector Instructions Architectures", # -# F. Ozbudak and F. Rodriguez-Henriquez (Eds.): WAIFI 2012, LNCS 7369, # -# pp. 119?135, 2012. Springer-Verlag Berlin Heidelberg 2012 # -# [2] S. Gueron: "Efficient Software Implementations of Modular # -# Exponentiation", Journal of Cryptographic Engineering 2:31-43 (2012). # -# [3] S. Gueron, V. Krasnov: "Speeding up Big-numbers Squaring",IEEE # -# Proceedings of 9th International Conference on Information Technology: # -# New Generations (ITNG 2012), pp.821-823 (2012) # -# [4] S. Gueron, V. Krasnov: "[PATCH] Efficient and side channel analysis # -# resistant 1024-bit modular exponentiation, for optimizing RSA2048 # -# on AVX2 capable x86_64 platforms", # -# http://rt.openssl.org/Ticket/Display.html?id=2850&user=guest&pass=guest# -############################################################################## +# +# Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1) +# (1) Intel Corporation, Israel Development Center, Haifa, Israel +# (2) University of Haifa, Israel +# +# References: +# [1] S. Gueron, V. Krasnov: "Software Implementation of Modular +# Exponentiation, Using Advanced Vector Instructions Architectures", +# F. Ozbudak and F. Rodriguez-Henriquez (Eds.): WAIFI 2012, LNCS 7369, +# pp. 119?135, 2012. Springer-Verlag Berlin Heidelberg 2012 +# [2] S. Gueron: "Efficient Software Implementations of Modular +# Exponentiation", Journal of Cryptographic Engineering 2:31-43 (2012). +# [3] S. Gueron, V. Krasnov: "Speeding up Big-numbers Squaring",IEEE +# Proceedings of 9th International Conference on Information Technology: +# New Generations (ITNG 2012), pp.821-823 (2012) +# [4] S. Gueron, V. Krasnov: "[PATCH] Efficient and side channel analysis +# resistant 1024-bit modular exponentiation, for optimizing RSA2048 +# on AVX2 capable x86_64 platforms", +# http://rt.openssl.org/Ticket/Display.html?id=2850&user=guest&pass=guest # # +13% improvement over original submission by # @@ -168,13 +130,21 @@ .type rsaz_1024_sqr_avx2,\@function,5 .align 64 rsaz_1024_sqr_avx2: # 702 cycles, 14% faster than rsaz_1024_mul_avx2 +.cfi_startproc lea (%rsp), %rax +.cfi_def_cfa_register %rax push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 vzeroupper ___ $code.=<<___ if ($win64); @@ -193,6 +163,7 @@ ___ $code.=<<___; mov %rax,%rbp +.cfi_def_cfa_register %rbp mov %rdx, $np # reassigned argument sub \$$FrameSize, %rsp mov $np, $tmp @@ -382,7 +353,7 @@ vpaddq $TEMP1, $ACC1, $ACC1 vpmuludq 32*7-128($aap), $B2, $ACC2 vpbroadcastq 32*5-128($tpa), $B2 - vpaddq 32*11-448($tp1), $ACC2, $ACC2 + vpaddq 32*11-448($tp1), $ACC2, $ACC2 vmovdqu $ACC6, 32*6-192($tp0) vmovdqu $ACC7, 32*7-192($tp0) @@ -441,7 +412,7 @@ vmovdqu $ACC7, 32*16-448($tp1) lea 8($tp1), $tp1 - dec $i + dec $i jnz .LOOP_SQR_1024 ___ $ZERO = $ACC9; @@ -786,7 +757,7 @@ vpblendd \$3, $TEMP4, $TEMP5, $TEMP4 vpaddq $TEMP3, $ACC7, $ACC7 vpaddq $TEMP4, $ACC8, $ACC8 - + vpsrlq \$29, $ACC4, $TEMP1 vpand $AND_MASK, $ACC4, $ACC4 vpsrlq \$29, $ACC5, $TEMP2 @@ -825,8 +796,10 @@ vzeroall mov %rbp, %rax +.cfi_def_cfa_register %rax ___ $code.=<<___ if ($win64); +.Lsqr_1024_in_tail: movaps -0xd8(%rax),%xmm6 movaps -0xc8(%rax),%xmm7 movaps -0xb8(%rax),%xmm8 @@ -840,14 +813,22 @@ ___ $code.=<<___; mov -48(%rax),%r15 +.cfi_restore %r15 mov -40(%rax),%r14 +.cfi_restore %r14 mov -32(%rax),%r13 +.cfi_restore %r13 mov -24(%rax),%r12 +.cfi_restore %r12 mov -16(%rax),%rbp +.cfi_restore %rbp mov -8(%rax),%rbx +.cfi_restore %rbx lea (%rax),%rsp # restore %rsp +.cfi_def_cfa_register %rsp .Lsqr_1024_epilogue: ret +.cfi_endproc .size rsaz_1024_sqr_avx2,.-rsaz_1024_sqr_avx2 ___ } @@ -900,13 +881,21 @@ .type rsaz_1024_mul_avx2,\@function,5 .align 64 rsaz_1024_mul_avx2: +.cfi_startproc lea (%rsp), %rax +.cfi_def_cfa_register %rax push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 ___ $code.=<<___ if ($win64); vzeroupper @@ -925,6 +914,7 @@ ___ $code.=<<___; mov %rax,%rbp +.cfi_def_cfa_register %rbp vzeroall mov %rdx, $bp # reassigned argument sub \$64,%rsp @@ -1450,15 +1440,17 @@ vpaddq $TEMP4, $ACC8, $ACC8 vmovdqu $ACC4, 128-128($rp) - vmovdqu $ACC5, 160-128($rp) + vmovdqu $ACC5, 160-128($rp) vmovdqu $ACC6, 192-128($rp) vmovdqu $ACC7, 224-128($rp) vmovdqu $ACC8, 256-128($rp) vzeroupper mov %rbp, %rax +.cfi_def_cfa_register %rax ___ $code.=<<___ if ($win64); +.Lmul_1024_in_tail: movaps -0xd8(%rax),%xmm6 movaps -0xc8(%rax),%xmm7 movaps -0xb8(%rax),%xmm8 @@ -1472,14 +1464,22 @@ ___ $code.=<<___; mov -48(%rax),%r15 +.cfi_restore %r15 mov -40(%rax),%r14 +.cfi_restore %r14 mov -32(%rax),%r13 +.cfi_restore %r13 mov -24(%rax),%r12 +.cfi_restore %r12 mov -16(%rax),%rbp +.cfi_restore %rbp mov -8(%rax),%rbx +.cfi_restore %rbx lea (%rax),%rsp # restore %rsp +.cfi_def_cfa_register %rsp .Lmul_1024_epilogue: ret +.cfi_endproc .size rsaz_1024_mul_avx2,.-rsaz_1024_mul_avx2 ___ } @@ -1598,8 +1598,10 @@ .type rsaz_1024_gather5_avx2,\@abi-omnipotent .align 32 rsaz_1024_gather5_avx2: +.cfi_startproc vzeroupper mov %rsp,%r11 +.cfi_def_cfa_register %r11 ___ $code.=<<___ if ($win64); lea -0x88(%rsp),%rax @@ -1737,11 +1739,13 @@ movaps -0x38(%r11),%xmm13 movaps -0x28(%r11),%xmm14 movaps -0x18(%r11),%xmm15 -.LSEH_end_rsaz_1024_gather5: ___ $code.=<<___; lea (%r11),%rsp +.cfi_def_cfa_register %rsp ret +.cfi_endproc +.LSEH_end_rsaz_1024_gather5: .size rsaz_1024_gather5_avx2,.-rsaz_1024_gather5_avx2 ___ } @@ -1814,14 +1818,17 @@ cmp %r10,%rbx # context->RipRsp - mov 4(%r11),%r10d # HandlerData[1] lea (%rsi,%r10),%r10 # epilogue label cmp %r10,%rbx # context->Rip>=epilogue label jae .Lcommon_seh_tail - mov 160($context),%rax # pull context->Rbp + mov 160($context),%rbp # pull context->Rbp + + mov 8(%r11),%r10d # HandlerData[2] + lea (%rsi,%r10),%r10 # "in tail" label + cmp %r10,%rbx # context->Rip>="in tail" label + cmovc %rbp,%rax mov -48(%rax),%r15 mov -40(%rax),%r14 @@ -1899,11 +1906,13 @@ .LSEH_info_rsaz_1024_sqr_avx2: .byte 9,0,0,0 .rva rsaz_se_handler - .rva .Lsqr_1024_body,.Lsqr_1024_epilogue + .rva .Lsqr_1024_body,.Lsqr_1024_epilogue,.Lsqr_1024_in_tail + .long 0 .LSEH_info_rsaz_1024_mul_avx2: .byte 9,0,0,0 .rva rsaz_se_handler - .rva .Lmul_1024_body,.Lmul_1024_epilogue + .rva .Lmul_1024_body,.Lmul_1024_epilogue,.Lmul_1024_in_tail + .long 0 .LSEH_info_rsaz_1024_gather5: .byte 0x01,0x36,0x17,0x0b .byte 0x36,0xf8,0x09,0x00 # vmovaps 0x90(rsp),xmm15 diff --git a/deps/openssl/openssl/crypto/bn/asm/rsaz-x86_64.pl b/deps/openssl/openssl/crypto/bn/asm/rsaz-x86_64.pl index 6f3b664f7a89cc..b1797b649f0034 100755 --- a/deps/openssl/openssl/crypto/bn/asm/rsaz-x86_64.pl +++ b/deps/openssl/openssl/crypto/bn/asm/rsaz-x86_64.pl @@ -1,68 +1,29 @@ #! /usr/bin/env perl # Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright (c) 2012, Intel Corporation. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy # in the file LICENSE in the source distribution or at # https://www.openssl.org/source/license.html - - -############################################################################## -# # -# Copyright (c) 2012, Intel Corporation # -# # -# All rights reserved. # -# # -# Redistribution and use in source and binary forms, with or without # -# modification, are permitted provided that the following conditions are # -# met: # -# # -# * Redistributions of source code must retain the above copyright # -# notice, this list of conditions and the following disclaimer. # -# # -# * Redistributions in binary form must reproduce the above copyright # -# notice, this list of conditions and the following disclaimer in the # -# documentation and/or other materials provided with the # -# distribution. # -# # -# * Neither the name of the Intel Corporation nor the names of its # -# contributors may be used to endorse or promote products derived from # -# this software without specific prior written permission. # -# # -# # -# THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION ""AS IS"" AND ANY # -# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # -# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR # -# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, # -# EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, # -# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR # -# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF # -# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING # -# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS # -# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # -# # -############################################################################## -# Developers and authors: # -# Shay Gueron (1, 2), and Vlad Krasnov (1) # -# (1) Intel Architecture Group, Microprocessor and Chipset Development, # -# Israel Development Center, Haifa, Israel # -# (2) University of Haifa # -############################################################################## -# Reference: # -# [1] S. Gueron, "Efficient Software Implementations of Modular # -# Exponentiation", http://eprint.iacr.org/2011/239 # -# [2] S. Gueron, V. Krasnov. "Speeding up Big-Numbers Squaring". # -# IEEE Proceedings of 9th International Conference on Information # -# Technology: New Generations (ITNG 2012), 821-823 (2012). # -# [3] S. Gueron, Efficient Software Implementations of Modular Exponentiation# -# Journal of Cryptographic Engineering 2:31-43 (2012). # -# [4] S. Gueron, V. Krasnov: "[PATCH] Efficient and side channel analysis # -# resistant 512-bit and 1024-bit modular exponentiation for optimizing # -# RSA1024 and RSA2048 on x86_64 platforms", # -# http://rt.openssl.org/Ticket/Display.html?id=2582&user=guest&pass=guest# -############################################################################## - +# +# Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1) +# (1) Intel Corporation, Israel Development Center, Haifa, Israel +# (2) University of Haifa, Israel +# +# References: +# [1] S. Gueron, "Efficient Software Implementations of Modular +# Exponentiation", http://eprint.iacr.org/2011/239 +# [2] S. Gueron, V. Krasnov. "Speeding up Big-Numbers Squaring". +# IEEE Proceedings of 9th International Conference on Information +# Technology: New Generations (ITNG 2012), 821-823 (2012). +# [3] S. Gueron, Efficient Software Implementations of Modular Exponentiation +# Journal of Cryptographic Engineering 2:31-43 (2012). +# [4] S. Gueron, V. Krasnov: "[PATCH] Efficient and side channel analysis +# resistant 512-bit and 1024-bit modular exponentiation for optimizing +# RSA1024 and RSA2048 on x86_64 platforms", +# http://rt.openssl.org/Ticket/Display.html?id=2582&user=guest&pass=guest +# # While original submission covers 512- and 1024-bit exponentiation, # this module is limited to 512-bit version only (and as such # accelerates RSA1024 sign). This is because improvement for longer @@ -138,14 +99,22 @@ .type rsaz_512_sqr,\@function,5 .align 32 rsaz_512_sqr: # 25-29% faster than rsaz_512_mul +.cfi_startproc push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 subq \$128+24, %rsp +.cfi_adjust_cfa_offset 128+24 .Lsqr_body: movq $mod, %rbp # common argument movq ($inp), %rdx @@ -282,9 +251,9 @@ movq %r9, 16(%rsp) movq %r10, 24(%rsp) shrq \$63, %rbx - + #third iteration - movq 16($inp), %r9 + movq 16($inp), %r9 movq 24($inp), %rax mulq %r9 addq %rax, %r12 @@ -532,7 +501,7 @@ movl $times,128+8(%rsp) movq $out, %xmm0 # off-load movq %rbp, %xmm1 # off-load -#first iteration +#first iteration mulx %rax, %r8, %r9 mulx 16($inp), %rcx, %r10 @@ -568,7 +537,7 @@ mov %rax, (%rsp) mov %r8, 8(%rsp) -#second iteration +#second iteration mulx 16($inp), %rax, %rbx adox %rax, %r10 adcx %rbx, %r11 @@ -607,8 +576,8 @@ mov %r9, 16(%rsp) .byte 0x4c,0x89,0x94,0x24,0x18,0x00,0x00,0x00 # mov %r10, 24(%rsp) - -#third iteration + +#third iteration .byte 0xc4,0x62,0xc3,0xf6,0x8e,0x18,0x00,0x00,0x00 # mulx 24($inp), $out, %r9 adox $out, %r12 adcx %r9, %r13 @@ -643,8 +612,8 @@ mov %r11, 32(%rsp) .byte 0x4c,0x89,0xa4,0x24,0x28,0x00,0x00,0x00 # mov %r12, 40(%rsp) - -#fourth iteration + +#fourth iteration .byte 0xc4,0xe2,0xfb,0xf6,0x9e,0x20,0x00,0x00,0x00 # mulx 32($inp), %rax, %rbx adox %rax, %r14 adcx %rbx, %r15 @@ -676,8 +645,8 @@ mov %r13, 48(%rsp) mov %r14, 56(%rsp) - -#fifth iteration + +#fifth iteration .byte 0xc4,0x62,0xc3,0xf6,0x9e,0x28,0x00,0x00,0x00 # mulx 40($inp), $out, %r11 adox $out, %r8 adcx %r11, %r9 @@ -704,8 +673,8 @@ mov %r15, 64(%rsp) mov %r8, 72(%rsp) - -#sixth iteration + +#sixth iteration .byte 0xc4,0xe2,0xfb,0xf6,0x9e,0x30,0x00,0x00,0x00 # mulx 48($inp), %rax, %rbx adox %rax, %r10 adcx %rbx, %r11 @@ -800,15 +769,24 @@ $code.=<<___; leaq 128+24+48(%rsp), %rax +.cfi_def_cfa %rax,8 movq -48(%rax), %r15 +.cfi_restore %r15 movq -40(%rax), %r14 +.cfi_restore %r14 movq -32(%rax), %r13 +.cfi_restore %r13 movq -24(%rax), %r12 +.cfi_restore %r12 movq -16(%rax), %rbp +.cfi_restore %rbp movq -8(%rax), %rbx +.cfi_restore %rbx leaq (%rax), %rsp +.cfi_def_cfa_register %rsp .Lsqr_epilogue: ret +.cfi_endproc .size rsaz_512_sqr,.-rsaz_512_sqr ___ } @@ -819,14 +797,22 @@ .type rsaz_512_mul,\@function,5 .align 32 rsaz_512_mul: +.cfi_startproc push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 subq \$128+24, %rsp +.cfi_adjust_cfa_offset 128+24 .Lmul_body: movq $out, %xmm0 # off-load arguments movq $mod, %xmm1 @@ -896,15 +882,24 @@ call __rsaz_512_subtract leaq 128+24+48(%rsp), %rax +.cfi_def_cfa %rax,8 movq -48(%rax), %r15 +.cfi_restore %r15 movq -40(%rax), %r14 +.cfi_restore %r14 movq -32(%rax), %r13 +.cfi_restore %r13 movq -24(%rax), %r12 +.cfi_restore %r12 movq -16(%rax), %rbp +.cfi_restore %rbp movq -8(%rax), %rbx +.cfi_restore %rbx leaq (%rax), %rsp +.cfi_def_cfa_register %rsp .Lmul_epilogue: ret +.cfi_endproc .size rsaz_512_mul,.-rsaz_512_mul ___ } @@ -915,14 +910,22 @@ .type rsaz_512_mul_gather4,\@function,6 .align 32 rsaz_512_mul_gather4: +.cfi_startproc push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 subq \$`128+24+($win64?0xb0:0)`, %rsp +.cfi_adjust_cfa_offset `128+24+($win64?0xb0:0)` ___ $code.=<<___ if ($win64); movaps %xmm6,0xa0(%rsp) @@ -1048,7 +1051,7 @@ movq 56($ap), %rax movq %rdx, %r14 adcq \$0, %r14 - + mulq %rbx addq %rax, %r14 movq ($ap), %rax @@ -1150,7 +1153,7 @@ movq ($ap), %rax adcq \$0, %rdx addq %r15, %r14 - movq %rdx, %r15 + movq %rdx, %r15 adcq \$0, %r15 leaq 8(%rdi), %rdi @@ -1212,7 +1215,7 @@ mulx 48($ap), %rbx, %r14 adcx %rax, %r12 - + mulx 56($ap), %rax, %r15 adcx %rbx, %r13 adcx %rax, %r14 @@ -1348,15 +1351,24 @@ lea 0xb0(%rax),%rax ___ $code.=<<___; +.cfi_def_cfa %rax,8 movq -48(%rax), %r15 +.cfi_restore %r15 movq -40(%rax), %r14 +.cfi_restore %r14 movq -32(%rax), %r13 +.cfi_restore %r13 movq -24(%rax), %r12 +.cfi_restore %r12 movq -16(%rax), %rbp +.cfi_restore %rbp movq -8(%rax), %rbx +.cfi_restore %rbx leaq (%rax), %rsp +.cfi_def_cfa_register %rsp .Lmul_gather4_epilogue: ret +.cfi_endproc .size rsaz_512_mul_gather4,.-rsaz_512_mul_gather4 ___ } @@ -1367,15 +1379,23 @@ .type rsaz_512_mul_scatter4,\@function,6 .align 32 rsaz_512_mul_scatter4: +.cfi_startproc push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 mov $pwr, $pwr subq \$128+24, %rsp +.cfi_adjust_cfa_offset 128+24 .Lmul_scatter4_body: leaq ($tbl,$pwr,8), $tbl movq $out, %xmm0 # off-load arguments @@ -1411,7 +1431,7 @@ ___ $code.=<<___ if ($addx); jmp .Lmul_scatter_tail - + .align 32 .Lmulx_scatter: movq ($out), %rdx # pass b[0] @@ -1458,15 +1478,24 @@ movq %r15, 128*7($inp) leaq 128+24+48(%rsp), %rax +.cfi_def_cfa %rax,8 movq -48(%rax), %r15 +.cfi_restore %r15 movq -40(%rax), %r14 +.cfi_restore %r14 movq -32(%rax), %r13 +.cfi_restore %r13 movq -24(%rax), %r12 +.cfi_restore %r12 movq -16(%rax), %rbp +.cfi_restore %rbp movq -8(%rax), %rbx +.cfi_restore %rbx leaq (%rax), %rsp +.cfi_def_cfa_register %rsp .Lmul_scatter4_epilogue: ret +.cfi_endproc .size rsaz_512_mul_scatter4,.-rsaz_512_mul_scatter4 ___ } @@ -1477,14 +1506,22 @@ .type rsaz_512_mul_by_one,\@function,4 .align 32 rsaz_512_mul_by_one: +.cfi_startproc push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 subq \$128+24, %rsp +.cfi_adjust_cfa_offset 128+24 .Lmul_by_one_body: ___ $code.=<<___ if ($addx); @@ -1539,15 +1576,24 @@ movq %r15, 56($out) leaq 128+24+48(%rsp), %rax +.cfi_def_cfa %rax,8 movq -48(%rax), %r15 +.cfi_restore %r15 movq -40(%rax), %r14 +.cfi_restore %r14 movq -32(%rax), %r13 +.cfi_restore %r13 movq -24(%rax), %r12 +.cfi_restore %r12 movq -16(%rax), %rbp +.cfi_restore %rbp movq -8(%rax), %rbx +.cfi_restore %rbx leaq (%rax), %rsp +.cfi_def_cfa_register %rsp .Lmul_by_one_epilogue: ret +.cfi_endproc .size rsaz_512_mul_by_one,.-rsaz_512_mul_by_one ___ } @@ -1824,7 +1870,7 @@ movq 56($ap), %rax movq %rdx, %r14 adcq \$0, %r14 - + mulq %rbx addq %rax, %r14 movq ($ap), %rax @@ -1901,7 +1947,7 @@ movq ($ap), %rax adcq \$0, %rdx addq %r15, %r14 - movq %rdx, %r15 + movq %rdx, %r15 adcq \$0, %r15 leaq 8(%rdi), %rdi diff --git a/deps/openssl/openssl/crypto/bn/asm/s390x-gf2m.pl b/deps/openssl/openssl/crypto/bn/asm/s390x-gf2m.pl index cbd16f42145b71..06181bf9b95f77 100644 --- a/deps/openssl/openssl/crypto/bn/asm/s390x-gf2m.pl +++ b/deps/openssl/openssl/crypto/bn/asm/s390x-gf2m.pl @@ -20,7 +20,7 @@ # in bn_gf2m.c. It's kind of low-hanging mechanical port from C for # the time being... gcc 4.3 appeared to generate poor code, therefore # the effort. And indeed, the module delivers 55%-90%(*) improvement -# on haviest ECDSA verify and ECDH benchmarks for 163- and 571-bit +# on heaviest ECDSA verify and ECDH benchmarks for 163- and 571-bit # key lengths on z990, 30%-55%(*) - on z10, and 70%-110%(*) - on z196. # This is for 64-bit build. In 32-bit "highgprs" case improvement is # even higher, for example on z990 it was measured 80%-150%. ECDSA @@ -198,7 +198,7 @@ xgr $hi,@r[1] xgr $lo,@r[0] xgr $hi,@r[2] - xgr $lo,@r[3] + xgr $lo,@r[3] xgr $hi,@r[3] xgr $lo,$hi stg $hi,16($rp) diff --git a/deps/openssl/openssl/crypto/bn/asm/s390x-mont.pl b/deps/openssl/openssl/crypto/bn/asm/s390x-mont.pl index 66780cdf80bc68..c2fc5adffe0d14 100644 --- a/deps/openssl/openssl/crypto/bn/asm/s390x-mont.pl +++ b/deps/openssl/openssl/crypto/bn/asm/s390x-mont.pl @@ -8,7 +8,7 @@ # ==================================================================== -# Written by Andy Polyakov for the OpenSSL +# Written by Andy Polyakov for the OpenSSL # project. The module is, however, dual licensed under OpenSSL and # CRYPTOGAMS licenses depending on where you obtain it. For further # details see http://www.openssl.org/~appro/cryptogams/. diff --git a/deps/openssl/openssl/crypto/bn/asm/sparct4-mont.pl b/deps/openssl/openssl/crypto/bn/asm/sparct4-mont.pl index 4f339b22796e90..fcae9cfc5b44bf 100755 --- a/deps/openssl/openssl/crypto/bn/asm/sparct4-mont.pl +++ b/deps/openssl/openssl/crypto/bn/asm/sparct4-mont.pl @@ -8,9 +8,9 @@ # ==================================================================== -# Written by David S. Miller and Andy Polyakov -# . The module is licensed under 2-clause BSD -# license. November 2012. All rights reserved. +# Written by David S. Miller and Andy Polyakov +# The module is licensed under 2-clause BSD license. +# November 2012. All rights reserved. # ==================================================================== ###################################################################### diff --git a/deps/openssl/openssl/crypto/bn/asm/sparcv8.S b/deps/openssl/openssl/crypto/bn/asm/sparcv8.S index 9c31073b2430f0..75d72eb92c7482 100644 --- a/deps/openssl/openssl/crypto/bn/asm/sparcv8.S +++ b/deps/openssl/openssl/crypto/bn/asm/sparcv8.S @@ -1,5 +1,5 @@ .ident "sparcv8.s, Version 1.4" -.ident "SPARC v8 ISA artwork by Andy Polyakov " +.ident "SPARC v8 ISA artwork by Andy Polyakov " /* * ==================================================================== @@ -13,7 +13,7 @@ */ /* - * This is my modest contributon to OpenSSL project (see + * This is my modest contribution to OpenSSL project (see * http://www.openssl.org/ for more information about it) and is * a drop-in SuperSPARC ISA replacement for crypto/bn/bn_asm.c * module. For updates see http://fy.chalmers.se/~appro/hpe/. @@ -159,12 +159,12 @@ bn_mul_add_words: */ bn_mul_words: cmp %o2,0 - bg,a .L_bn_mul_words_proceeed + bg,a .L_bn_mul_words_proceed ld [%o1],%g2 retl clr %o0 -.L_bn_mul_words_proceeed: +.L_bn_mul_words_proceed: andcc %o2,-4,%g0 bz .L_bn_mul_words_tail clr %o5 @@ -251,12 +251,12 @@ bn_mul_words: */ bn_sqr_words: cmp %o2,0 - bg,a .L_bn_sqr_words_proceeed + bg,a .L_bn_sqr_words_proceed ld [%o1],%g2 retl clr %o0 -.L_bn_sqr_words_proceeed: +.L_bn_sqr_words_proceed: andcc %o2,-4,%g0 bz .L_bn_sqr_words_tail clr %o5 diff --git a/deps/openssl/openssl/crypto/bn/asm/sparcv8plus.S b/deps/openssl/openssl/crypto/bn/asm/sparcv8plus.S index 714a136675be09..fe4699b2bdd144 100644 --- a/deps/openssl/openssl/crypto/bn/asm/sparcv8plus.S +++ b/deps/openssl/openssl/crypto/bn/asm/sparcv8plus.S @@ -1,5 +1,5 @@ .ident "sparcv8plus.s, Version 1.4" -.ident "SPARC v9 ISA artwork by Andy Polyakov " +.ident "SPARC v9 ISA artwork by Andy Polyakov " /* * ==================================================================== @@ -13,7 +13,7 @@ */ /* - * This is my modest contributon to OpenSSL project (see + * This is my modest contribution to OpenSSL project (see * http://www.openssl.org/ for more information about it) and is * a drop-in UltraSPARC ISA replacement for crypto/bn/bn_asm.c * module. For updates see http://fy.chalmers.se/~appro/hpe/. @@ -144,10 +144,6 @@ * } */ -#ifdef OPENSSL_FIPSCANISTER -#include -#endif - #if defined(__SUNPRO_C) && defined(__sparcv9) /* They've said -xarch=v9 at command line */ .register %g2,#scratch @@ -282,7 +278,7 @@ bn_mul_add_words: */ bn_mul_words: sra %o2,%g0,%o2 ! signx %o2 - brgz,a %o2,.L_bn_mul_words_proceeed + brgz,a %o2,.L_bn_mul_words_proceed lduw [%o1],%g2 retl clr %o0 @@ -290,7 +286,7 @@ bn_mul_words: nop nop -.L_bn_mul_words_proceeed: +.L_bn_mul_words_proceed: srl %o3,%g0,%o3 ! clruw %o3 andcc %o2,-4,%g0 bz,pn %icc,.L_bn_mul_words_tail @@ -370,7 +366,7 @@ bn_mul_words: */ bn_sqr_words: sra %o2,%g0,%o2 ! signx %o2 - brgz,a %o2,.L_bn_sqr_words_proceeed + brgz,a %o2,.L_bn_sqr_words_proceed lduw [%o1],%g2 retl clr %o0 @@ -378,7 +374,7 @@ bn_sqr_words: nop nop -.L_bn_sqr_words_proceeed: +.L_bn_sqr_words_proceed: andcc %o2,-4,%g0 nop bz,pn %icc,.L_bn_sqr_words_tail diff --git a/deps/openssl/openssl/crypto/bn/asm/sparcv9-mont.pl b/deps/openssl/openssl/crypto/bn/asm/sparcv9-mont.pl index 074f9df14bc2c1..b41903af985f56 100644 --- a/deps/openssl/openssl/crypto/bn/asm/sparcv9-mont.pl +++ b/deps/openssl/openssl/crypto/bn/asm/sparcv9-mont.pl @@ -8,7 +8,7 @@ # ==================================================================== -# Written by Andy Polyakov for the OpenSSL +# Written by Andy Polyakov for the OpenSSL # project. The module is, however, dual licensed under OpenSSL and # CRYPTOGAMS licenses depending on where you obtain it. For further # details see http://www.openssl.org/~appro/cryptogams/. @@ -612,7 +612,7 @@ add $tp,8,$tp .type $fname,#function .size $fname,(.-$fname) -.asciz "Montgomery Multipltication for SPARCv9, CRYPTOGAMS by " +.asciz "Montgomery Multiplication for SPARCv9, CRYPTOGAMS by " .align 32 ___ $code =~ s/\`([^\`]*)\`/eval($1)/gem; diff --git a/deps/openssl/openssl/crypto/bn/asm/sparcv9a-mont.pl b/deps/openssl/openssl/crypto/bn/asm/sparcv9a-mont.pl index 50b690653fc200..c8f759df9fbd1a 100755 --- a/deps/openssl/openssl/crypto/bn/asm/sparcv9a-mont.pl +++ b/deps/openssl/openssl/crypto/bn/asm/sparcv9a-mont.pl @@ -8,7 +8,7 @@ # ==================================================================== -# Written by Andy Polyakov for the OpenSSL +# Written by Andy Polyakov for the OpenSSL # project. The module is, however, dual licensed under OpenSSL and # CRYPTOGAMS licenses depending on where you obtain it. For further # details see http://www.openssl.org/~appro/cryptogams/. @@ -865,7 +865,7 @@ restore .type $fname,#function .size $fname,(.-$fname) -.asciz "Montgomery Multipltication for UltraSPARC, CRYPTOGAMS by " +.asciz "Montgomery Multiplication for UltraSPARC, CRYPTOGAMS by " .align 32 ___ diff --git a/deps/openssl/openssl/crypto/bn/asm/via-mont.pl b/deps/openssl/openssl/crypto/bn/asm/via-mont.pl index 9d65a146a2800d..9cf717e8410248 100644 --- a/deps/openssl/openssl/crypto/bn/asm/via-mont.pl +++ b/deps/openssl/openssl/crypto/bn/asm/via-mont.pl @@ -8,7 +8,7 @@ # # ==================================================================== -# Written by Andy Polyakov for the OpenSSL +# Written by Andy Polyakov for the OpenSSL # project. The module is, however, dual licensed under OpenSSL and # CRYPTOGAMS licenses depending on where you obtain it. For further # details see http://www.openssl.org/~appro/cryptogams/. @@ -76,7 +76,7 @@ # dsa 1024 bits 0.001346s 0.001595s 742.7 627.0 # dsa 2048 bits 0.004745s 0.005582s 210.7 179.1 # -# Conclusions: +# Conclusions: # - VIA SDK leaves a *lot* of room for improvement (which this # implementation successfully fills:-); # - 'rep montmul' gives up to >3x performance improvement depending on @@ -91,7 +91,7 @@ $output = pop; open STDOUT,">$output"; -&asm_init($ARGV[0],"via-mont.pl"); +&asm_init($ARGV[0]); # int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num); $func="bn_mul_mont_padlock"; diff --git a/deps/openssl/openssl/crypto/bn/asm/vis3-mont.pl b/deps/openssl/openssl/crypto/bn/asm/vis3-mont.pl index ba34b36a81ec1f..04833a0c876df0 100644 --- a/deps/openssl/openssl/crypto/bn/asm/vis3-mont.pl +++ b/deps/openssl/openssl/crypto/bn/asm/vis3-mont.pl @@ -16,7 +16,7 @@ # October 2012. # -# SPARCv9 VIS3 Montgomery multiplicaion procedure suitable for T3 and +# SPARCv9 VIS3 Montgomery multiplication procedure suitable for T3 and # onward. There are three new instructions used here: umulxhi, # addxc[cc] and initializing store. On T3 RSA private key operations # are 1.54/1.87/2.11/2.26 times faster for 512/1024/2048/4096-bit key diff --git a/deps/openssl/openssl/crypto/bn/asm/x86-gf2m.pl b/deps/openssl/openssl/crypto/bn/asm/x86-gf2m.pl index f4643687332f46..d03efcc75023dc 100644 --- a/deps/openssl/openssl/crypto/bn/asm/x86-gf2m.pl +++ b/deps/openssl/openssl/crypto/bn/asm/x86-gf2m.pl @@ -46,7 +46,7 @@ $output = pop; open STDOUT,">$output"; -&asm_init($ARGV[0],$0,$x86only = $ARGV[$#ARGV] eq "386"); +&asm_init($ARGV[0],$x86only = $ARGV[$#ARGV] eq "386"); $sse2=0; for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } @@ -152,7 +152,7 @@ &xor ($a4,$a2); # a2=a4^a2^a4 &mov (&DWP(5*4,"esp"),$a1); # a1^a4 &xor ($a4,$a1); # a1^a2^a4 - &sar (@i[1],31); # broardcast 30th bit + &sar (@i[1],31); # broadcast 30th bit &and ($lo,$b); &mov (&DWP(6*4,"esp"),$a2); # a2^a4 &and (@i[1],$b); diff --git a/deps/openssl/openssl/crypto/bn/asm/x86-mont.pl b/deps/openssl/openssl/crypto/bn/asm/x86-mont.pl index f1abcc5b4c4bf4..7ba2133ac9c3a1 100755 --- a/deps/openssl/openssl/crypto/bn/asm/x86-mont.pl +++ b/deps/openssl/openssl/crypto/bn/asm/x86-mont.pl @@ -8,7 +8,7 @@ # ==================================================================== -# Written by Andy Polyakov for the OpenSSL +# Written by Andy Polyakov for the OpenSSL # project. The module is, however, dual licensed under OpenSSL and # CRYPTOGAMS licenses depending on where you obtain it. For further # details see http://www.openssl.org/~appro/cryptogams/. @@ -39,8 +39,8 @@ $output = pop; open STDOUT,">$output"; - -&asm_init($ARGV[0],$0); + +&asm_init($ARGV[0]); $sse2=0; for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } @@ -78,7 +78,7 @@ &lea ("ebp",&DWP(-$frame,"esp","edi",4)); # future alloca($frame+4*(num+2)) &neg ("edi"); - # minimize cache contention by arraning 2K window between stack + # minimize cache contention by arranging 2K window between stack # pointer and ap argument [np is also position sensitive vector, # but it's assumed to be near ap, as it's allocated at ~same # time]. diff --git a/deps/openssl/openssl/crypto/bn/asm/x86_64-gcc.c b/deps/openssl/openssl/crypto/bn/asm/x86_64-gcc.c index 621be33054f9bd..31839ba060fa5a 100644 --- a/deps/openssl/openssl/crypto/bn/asm/x86_64-gcc.c +++ b/deps/openssl/openssl/crypto/bn/asm/x86_64-gcc.c @@ -14,7 +14,7 @@ /*- * x86_64 BIGNUM accelerator version 0.1, December 2002. * - * Implemented by Andy Polyakov for the OpenSSL + * Implemented by Andy Polyakov for the OpenSSL * project. * * Rights for redistribution and usage in source and binary forms are @@ -114,7 +114,7 @@ BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG c1 = 0; if (num <= 0) - return (c1); + return c1; while (num & ~3) { mul_add(rp[0], ap[0], w, c1); @@ -136,7 +136,7 @@ BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, return c1; } - return (c1); + return c1; } BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) @@ -144,7 +144,7 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) BN_ULONG c1 = 0; if (num <= 0) - return (c1); + return c1; while (num & ~3) { mul(rp[0], ap[0], w, c1); @@ -164,7 +164,7 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) return c1; mul(rp[2], ap[2], w, c1); } - return (c1); + return c1; } void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n) @@ -264,7 +264,7 @@ BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) int c = 0; if (n <= 0) - return ((BN_ULONG)0); + return (BN_ULONG)0; for (;;) { t1 = a[0]; @@ -303,7 +303,7 @@ BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) b += 4; r += 4; } - return (c); + return c; } # endif diff --git a/deps/openssl/openssl/crypto/bn/asm/x86_64-gf2m.pl b/deps/openssl/openssl/crypto/bn/asm/x86_64-gf2m.pl index d962f62033caaa..0fd6e985d7b058 100644 --- a/deps/openssl/openssl/crypto/bn/asm/x86_64-gf2m.pl +++ b/deps/openssl/openssl/crypto/bn/asm/x86_64-gf2m.pl @@ -54,7 +54,9 @@ .type _mul_1x1,\@abi-omnipotent .align 16 _mul_1x1: +.cfi_startproc sub \$128+8,%rsp +.cfi_adjust_cfa_offset 128+8 mov \$-1,$a1 lea ($a,$a),$i0 shr \$3,$a1 @@ -66,7 +68,7 @@ sar \$63,$i0 # broadcast 62nd bit lea (,$a1,4),$a4 and $b,$a - sar \$63,$i1 # boardcast 61st bit + sar \$63,$i1 # broadcast 61st bit mov $a,$hi # $a is $lo shl \$63,$lo and $b,$i0 @@ -160,8 +162,10 @@ xor $i1,$hi add \$128+8,%rsp +.cfi_adjust_cfa_offset -128-8 ret .Lend_mul_1x1: +.cfi_endproc .size _mul_1x1,.-_mul_1x1 ___ @@ -174,8 +178,10 @@ .type bn_GF2m_mul_2x2,\@abi-omnipotent .align 16 bn_GF2m_mul_2x2: - mov OPENSSL_ia32cap_P(%rip),%rax - bt \$33,%rax +.cfi_startproc + mov %rsp,%rax + mov OPENSSL_ia32cap_P(%rip),%r10 + bt \$33,%r10 jnc .Lvanilla_mul_2x2 movq $a1,%xmm0 @@ -210,6 +216,7 @@ .align 16 .Lvanilla_mul_2x2: lea -8*17(%rsp),%rsp +.cfi_adjust_cfa_offset 8*17 ___ $code.=<<___ if ($win64); mov `8*17+40`(%rsp),$b0 @@ -218,10 +225,15 @@ ___ $code.=<<___; mov %r14,8*10(%rsp) +.cfi_rel_offset %r14,8*10 mov %r13,8*11(%rsp) +.cfi_rel_offset %r13,8*11 mov %r12,8*12(%rsp) +.cfi_rel_offset %r12,8*12 mov %rbp,8*13(%rsp) +.cfi_rel_offset %rbp,8*13 mov %rbx,8*14(%rsp) +.cfi_rel_offset %rbx,8*14 .Lbody_mul_2x2: mov $rp,32(%rsp) # save the arguments mov $a1,40(%rsp) @@ -269,10 +281,15 @@ mov $lo,8(%rbp) mov 8*10(%rsp),%r14 +.cfi_restore %r14 mov 8*11(%rsp),%r13 +.cfi_restore %r13 mov 8*12(%rsp),%r12 +.cfi_restore %r12 mov 8*13(%rsp),%rbp +.cfi_restore %rbp mov 8*14(%rsp),%rbx +.cfi_restore %rbx ___ $code.=<<___ if ($win64); mov 8*15(%rsp),%rdi @@ -280,8 +297,11 @@ ___ $code.=<<___; lea 8*17(%rsp),%rsp +.cfi_adjust_cfa_offset -8*17 +.Lepilogue_mul_2x2: ret .Lend_mul_2x2: +.cfi_endproc .size bn_GF2m_mul_2x2,.-bn_GF2m_mul_2x2 .asciz "GF(2^m) Multiplication for x86_64, CRYPTOGAMS by " .align 16 @@ -312,13 +332,19 @@ pushfq sub \$64,%rsp - mov 152($context),%rax # pull context->Rsp + mov 120($context),%rax # pull context->Rax mov 248($context),%rbx # pull context->Rip lea .Lbody_mul_2x2(%rip),%r10 cmp %r10,%rbx # context->Rip<"prologue" label jb .Lin_prologue + mov 152($context),%rax # pull context->Rsp + + lea .Lepilogue_mul_2x2(%rip),%r10 + cmp %r10,%rbx # context->Rip>="epilogue" label + jae .Lin_prologue + mov 8*10(%rax),%r14 # mimic epilogue mov 8*11(%rax),%r13 mov 8*12(%rax),%r12 @@ -335,8 +361,9 @@ mov %r13,224($context) # restore context->R13 mov %r14,232($context) # restore context->R14 -.Lin_prologue: lea 8*17(%rax),%rax + +.Lin_prologue: mov %rax,152($context) # restore context->Rsp mov 40($disp),%rdi # disp->ContextRecord diff --git a/deps/openssl/openssl/crypto/bn/asm/x86_64-mont.pl b/deps/openssl/openssl/crypto/bn/asm/x86_64-mont.pl index 8d2fb2cebb8917..c051135e30dd33 100755 --- a/deps/openssl/openssl/crypto/bn/asm/x86_64-mont.pl +++ b/deps/openssl/openssl/crypto/bn/asm/x86_64-mont.pl @@ -104,8 +104,10 @@ .type bn_mul_mont,\@function,6 .align 16 bn_mul_mont: +.cfi_startproc mov ${num}d,${num}d mov %rsp,%rax +.cfi_def_cfa_register %rax test \$3,${num}d jnz .Lmul_enter cmp \$8,${num}d @@ -124,11 +126,17 @@ .align 16 .Lmul_enter: push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 neg $num mov %rsp,%r11 @@ -161,6 +169,7 @@ .Lmul_page_walk_done: mov %rax,8(%rsp,$num,8) # tp[num+1]=%rsp +.cfi_cfa_expression %rsp+8,$num,8,mul,plus,deref,+8 .Lmul_body: mov $bp,%r12 # reassign $bp ___ @@ -309,7 +318,7 @@ mov %rax,($rp,$i,8) # rp[i]=tp[i]-np[i] mov 8(%rsp,$i,8),%rax # tp[i+1] lea 1($i),$i # i++ - dec $j # doesnn't affect CF! + dec $j # doesn't affect CF! jnz .Lsub sbb \$0,%rax # handle upmost overflow bit @@ -331,16 +340,25 @@ jnz .Lcopy mov 8(%rsp,$num,8),%rsi # restore %rsp +.cfi_def_cfa %rsi,8 mov \$1,%rax mov -48(%rsi),%r15 +.cfi_restore %r15 mov -40(%rsi),%r14 +.cfi_restore %r14 mov -32(%rsi),%r13 +.cfi_restore %r13 mov -24(%rsi),%r12 +.cfi_restore %r12 mov -16(%rsi),%rbp +.cfi_restore %rbp mov -8(%rsi),%rbx +.cfi_restore %rbx lea (%rsi),%rsp +.cfi_def_cfa_register %rsp .Lmul_epilogue: ret +.cfi_endproc .size bn_mul_mont,.-bn_mul_mont ___ {{{ @@ -350,8 +368,10 @@ .type bn_mul4x_mont,\@function,6 .align 16 bn_mul4x_mont: +.cfi_startproc mov ${num}d,${num}d mov %rsp,%rax +.cfi_def_cfa_register %rax .Lmul4x_enter: ___ $code.=<<___ if ($addx); @@ -361,11 +381,17 @@ ___ $code.=<<___; push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 neg $num mov %rsp,%r11 @@ -389,6 +415,7 @@ .Lmul4x_page_walk_done: mov %rax,8(%rsp,$num,8) # tp[num+1]=%rsp +.cfi_cfa_expression %rsp+8,$num,8,mul,plus,deref,+8 .Lmul4x_body: mov $rp,16(%rsp,$num,8) # tp[num+2]=$rp mov %rdx,%r12 # reassign $bp @@ -721,7 +748,7 @@ mov 56($ap,$i,8),@ri[3] sbb 40($np,$i,8),@ri[1] lea 4($i),$i # i++ - dec $j # doesnn't affect CF! + dec $j # doesn't affect CF! jnz .Lsub4x mov @ri[0],0($rp,$i,8) # rp[i]=tp[i]-np[i] @@ -766,16 +793,25 @@ } $code.=<<___; mov 8(%rsp,$num,8),%rsi # restore %rsp +.cfi_def_cfa %rsi, 8 mov \$1,%rax mov -48(%rsi),%r15 +.cfi_restore %r15 mov -40(%rsi),%r14 +.cfi_restore %r14 mov -32(%rsi),%r13 +.cfi_restore %r13 mov -24(%rsi),%r12 +.cfi_restore %r12 mov -16(%rsi),%rbp +.cfi_restore %rbp mov -8(%rsi),%rbx +.cfi_restore %rbx lea (%rsi),%rsp +.cfi_def_cfa_register %rsp .Lmul4x_epilogue: ret +.cfi_endproc .size bn_mul4x_mont,.-bn_mul4x_mont ___ }}} @@ -803,14 +839,22 @@ .type bn_sqr8x_mont,\@function,6 .align 32 bn_sqr8x_mont: +.cfi_startproc mov %rsp,%rax +.cfi_def_cfa_register %rax .Lsqr8x_enter: push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 .Lsqr8x_prologue: mov ${num}d,%r10d @@ -866,6 +910,7 @@ mov $n0, 32(%rsp) mov %rax, 40(%rsp) # save original %rsp +.cfi_cfa_expression %rsp+40,deref,+8 .Lsqr8x_body: movq $nptr, %xmm2 # save pointer to modulus @@ -935,6 +980,7 @@ pxor %xmm0,%xmm0 pshufd \$0,%xmm1,%xmm1 mov 40(%rsp),%rsi # restore %rsp +.cfi_def_cfa %rsi,8 jmp .Lsqr8x_cond_copy .align 32 @@ -964,14 +1010,22 @@ mov \$1,%rax mov -48(%rsi),%r15 +.cfi_restore %r15 mov -40(%rsi),%r14 +.cfi_restore %r14 mov -32(%rsi),%r13 +.cfi_restore %r13 mov -24(%rsi),%r12 +.cfi_restore %r12 mov -16(%rsi),%rbp +.cfi_restore %rbp mov -8(%rsi),%rbx +.cfi_restore %rbx lea (%rsi),%rsp +.cfi_def_cfa_register %rsp .Lsqr8x_epilogue: ret +.cfi_endproc .size bn_sqr8x_mont,.-bn_sqr8x_mont ___ }}} @@ -983,14 +1037,22 @@ .type bn_mulx4x_mont,\@function,6 .align 32 bn_mulx4x_mont: +.cfi_startproc mov %rsp,%rax +.cfi_def_cfa_register %rax .Lmulx4x_enter: push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 .Lmulx4x_prologue: shl \$3,${num}d # convert $num to bytes @@ -1036,6 +1098,7 @@ mov $n0, 24(%rsp) # save *n0 mov $rp, 32(%rsp) # save $rp mov %rax,40(%rsp) # save original %rsp +.cfi_cfa_expression %rsp+40,deref,+8 mov $num,48(%rsp) # inner counter jmp .Lmulx4x_body @@ -1285,6 +1348,7 @@ pxor %xmm0,%xmm0 pshufd \$0,%xmm1,%xmm1 mov 40(%rsp),%rsi # restore %rsp +.cfi_def_cfa %rsi,8 jmp .Lmulx4x_cond_copy .align 32 @@ -1314,14 +1378,22 @@ mov \$1,%rax mov -48(%rsi),%r15 +.cfi_restore %r15 mov -40(%rsi),%r14 +.cfi_restore %r14 mov -32(%rsi),%r13 +.cfi_restore %r13 mov -24(%rsi),%r12 +.cfi_restore %r12 mov -16(%rsi),%rbp +.cfi_restore %rbp mov -8(%rsi),%rbx +.cfi_restore %rbx lea (%rsi),%rsp +.cfi_def_cfa_register %rsp .Lmulx4x_epilogue: ret +.cfi_endproc .size bn_mulx4x_mont,.-bn_mulx4x_mont ___ }}} @@ -1400,12 +1472,12 @@ mov 0(%r11),%r10d # HandlerData[0] lea (%rsi,%r10),%r10 # end of prologue label - cmp %r10,%rbx # context->Rip<.Lsqr_body + cmp %r10,%rbx # context->Rip<.Lsqr_prologue jb .Lcommon_seh_tail mov 4(%r11),%r10d # HandlerData[1] lea (%rsi,%r10),%r10 # body label - cmp %r10,%rbx # context->Rip>=.Lsqr_epilogue + cmp %r10,%rbx # context->Rip<.Lsqr_body jb .Lcommon_pop_regs mov 152($context),%rax # pull context->Rsp diff --git a/deps/openssl/openssl/crypto/bn/asm/x86_64-mont5.pl b/deps/openssl/openssl/crypto/bn/asm/x86_64-mont5.pl index 97d8eee700b69d..ad6e8ada3ce75e 100755 --- a/deps/openssl/openssl/crypto/bn/asm/x86_64-mont5.pl +++ b/deps/openssl/openssl/crypto/bn/asm/x86_64-mont5.pl @@ -93,8 +93,10 @@ .type bn_mul_mont_gather5,\@function,6 .align 64 bn_mul_mont_gather5: +.cfi_startproc mov ${num}d,${num}d mov %rsp,%rax +.cfi_def_cfa_register %rax test \$7,${num}d jnz .Lmul_enter ___ @@ -108,11 +110,17 @@ .Lmul_enter: movd `($win64?56:8)`(%rsp),%xmm5 # load 7th argument push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 neg $num mov %rsp,%r11 @@ -145,6 +153,7 @@ lea .Linc(%rip),%r10 mov %rax,8(%rsp,$num,8) # tp[num+1]=%rsp +.cfi_cfa_expression %rsp+8,$num,8,mul,plus,deref,+8 .Lmul_body: lea 128($bp),%r12 # reassign $bp (+size optimization) @@ -410,7 +419,7 @@ mov %rax,($rp,$i,8) # rp[i]=tp[i]-np[i] mov 8($ap,$i,8),%rax # tp[i+1] lea 1($i),$i # i++ - dec $j # doesnn't affect CF! + dec $j # doesn't affect CF! jnz .Lsub sbb \$0,%rax # handle upmost overflow bit @@ -432,17 +441,26 @@ jnz .Lcopy mov 8(%rsp,$num,8),%rsi # restore %rsp +.cfi_def_cfa %rsi,8 mov \$1,%rax mov -48(%rsi),%r15 +.cfi_restore %r15 mov -40(%rsi),%r14 +.cfi_restore %r14 mov -32(%rsi),%r13 +.cfi_restore %r13 mov -24(%rsi),%r12 +.cfi_restore %r12 mov -16(%rsi),%rbp +.cfi_restore %rbp mov -8(%rsi),%rbx +.cfi_restore %rbx lea (%rsi),%rsp +.cfi_def_cfa_register %rsp .Lmul_epilogue: ret +.cfi_endproc .size bn_mul_mont_gather5,.-bn_mul_mont_gather5 ___ {{{ @@ -452,8 +470,10 @@ .type bn_mul4x_mont_gather5,\@function,6 .align 32 bn_mul4x_mont_gather5: +.cfi_startproc .byte 0x67 mov %rsp,%rax +.cfi_def_cfa_register %rax .Lmul4x_enter: ___ $code.=<<___ if ($addx); @@ -463,11 +483,17 @@ ___ $code.=<<___; push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 .Lmul4x_prologue: .byte 0x67 @@ -523,22 +549,32 @@ neg $num mov %rax,40(%rsp) +.cfi_cfa_expression %rsp+40,deref,+8 .Lmul4x_body: call mul4x_internal mov 40(%rsp),%rsi # restore %rsp +.cfi_def_cfa %rsi,8 mov \$1,%rax mov -48(%rsi),%r15 +.cfi_restore %r15 mov -40(%rsi),%r14 +.cfi_restore %r14 mov -32(%rsi),%r13 +.cfi_restore %r13 mov -24(%rsi),%r12 +.cfi_restore %r12 mov -16(%rsi),%rbp +.cfi_restore %rbp mov -8(%rsi),%rbx +.cfi_restore %rbx lea (%rsi),%rsp +.cfi_def_cfa_register %rsp .Lmul4x_epilogue: ret +.cfi_endproc .size bn_mul4x_mont_gather5,.-bn_mul4x_mont_gather5 .type mul4x_internal,\@abi-omnipotent @@ -1050,7 +1086,7 @@ my $nptr="%rcx"; # const BN_ULONG *nptr, my $n0 ="%r8"; # const BN_ULONG *n0); my $num ="%r9"; # int num, has to be divisible by 8 - # int pwr + # int pwr my ($i,$j,$tptr)=("%rbp","%rcx",$rptr); my @A0=("%r10","%r11"); @@ -1062,7 +1098,9 @@ .type bn_power5,\@function,6 .align 32 bn_power5: +.cfi_startproc mov %rsp,%rax +.cfi_def_cfa_register %rax ___ $code.=<<___ if ($addx); mov OPENSSL_ia32cap_P+8(%rip),%r11d @@ -1072,11 +1110,17 @@ ___ $code.=<<___; push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 .Lpower5_prologue: shl \$3,${num}d # convert $num to bytes @@ -1127,7 +1171,7 @@ ja .Lpwr_page_walk .Lpwr_page_walk_done: - mov $num,%r10 + mov $num,%r10 neg $num ############################################################## @@ -1141,6 +1185,7 @@ # mov $n0, 32(%rsp) mov %rax, 40(%rsp) # save original %rsp +.cfi_cfa_expression %rsp+40,deref,+8 .Lpower5_body: movq $rptr,%xmm1 # save $rptr, used in sqr8x movq $nptr,%xmm2 # save $nptr @@ -1167,16 +1212,25 @@ call mul4x_internal mov 40(%rsp),%rsi # restore %rsp +.cfi_def_cfa %rsi,8 mov \$1,%rax mov -48(%rsi),%r15 +.cfi_restore %r15 mov -40(%rsi),%r14 +.cfi_restore %r14 mov -32(%rsi),%r13 +.cfi_restore %r13 mov -24(%rsi),%r12 +.cfi_restore %r12 mov -16(%rsi),%rbp +.cfi_restore %rbp mov -8(%rsi),%rbx +.cfi_restore %rbx lea (%rsi),%rsp +.cfi_def_cfa_register %rsp .Lpower5_epilogue: ret +.cfi_endproc .size bn_power5,.-bn_power5 .globl bn_sqr8x_internal @@ -2036,7 +2090,7 @@ jnz .Lsqr4x_sub mov $num,%r10 # prepare for back-to-back call - neg $num # restore $num + neg $num # restore $num ret .size __bn_post4x_internal,.-__bn_post4x_internal ___ @@ -2056,14 +2110,22 @@ .type bn_from_mont8x,\@function,6 .align 32 bn_from_mont8x: +.cfi_startproc .byte 0x67 mov %rsp,%rax +.cfi_def_cfa_register %rax push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 .Lfrom_prologue: shl \$3,${num}d # convert $num to bytes @@ -2128,6 +2190,7 @@ # mov $n0, 32(%rsp) mov %rax, 40(%rsp) # save original %rsp +.cfi_cfa_expression %rsp+40,deref,+8 .Lfrom_body: mov $num,%r11 lea 48(%rsp),%rax @@ -2171,7 +2234,6 @@ pxor %xmm0,%xmm0 lea 48(%rsp),%rax - mov 40(%rsp),%rsi # restore %rsp jmp .Lfrom_mont_zero .align 32 @@ -2183,11 +2245,12 @@ pxor %xmm0,%xmm0 lea 48(%rsp),%rax - mov 40(%rsp),%rsi # restore %rsp jmp .Lfrom_mont_zero .align 32 .Lfrom_mont_zero: + mov 40(%rsp),%rsi # restore %rsp +.cfi_def_cfa %rsi,8 movdqa %xmm0,16*0(%rax) movdqa %xmm0,16*1(%rax) movdqa %xmm0,16*2(%rax) @@ -2198,14 +2261,22 @@ mov \$1,%rax mov -48(%rsi),%r15 +.cfi_restore %r15 mov -40(%rsi),%r14 +.cfi_restore %r14 mov -32(%rsi),%r13 +.cfi_restore %r13 mov -24(%rsi),%r12 +.cfi_restore %r12 mov -16(%rsi),%rbp +.cfi_restore %rbp mov -8(%rsi),%rbx +.cfi_restore %rbx lea (%rsi),%rsp +.cfi_def_cfa_register %rsp .Lfrom_epilogue: ret +.cfi_endproc .size bn_from_mont8x,.-bn_from_mont8x ___ } @@ -2218,14 +2289,22 @@ .type bn_mulx4x_mont_gather5,\@function,6 .align 32 bn_mulx4x_mont_gather5: +.cfi_startproc mov %rsp,%rax +.cfi_def_cfa_register %rax .Lmulx4x_enter: push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 .Lmulx4x_prologue: shl \$3,${num}d # convert $num to bytes @@ -2259,7 +2338,7 @@ mov \$0,%r10 cmovc %r10,%r11 sub %r11,%rbp -.Lmulx4xsp_done: +.Lmulx4xsp_done: and \$-64,%rbp # ensure alignment mov %rsp,%r11 sub %rbp,%r11 @@ -2291,21 +2370,31 @@ # mov $n0, 32(%rsp) # save *n0 mov %rax,40(%rsp) # save original %rsp +.cfi_cfa_expression %rsp+40,deref,+8 .Lmulx4x_body: call mulx4x_internal mov 40(%rsp),%rsi # restore %rsp +.cfi_def_cfa %rsi,8 mov \$1,%rax mov -48(%rsi),%r15 +.cfi_restore %r15 mov -40(%rsi),%r14 +.cfi_restore %r14 mov -32(%rsi),%r13 +.cfi_restore %r13 mov -24(%rsi),%r12 +.cfi_restore %r12 mov -16(%rsi),%rbp +.cfi_restore %rbp mov -8(%rsi),%rbx +.cfi_restore %rbx lea (%rsi),%rsp +.cfi_def_cfa_register %rsp .Lmulx4x_epilogue: ret +.cfi_endproc .size bn_mulx4x_mont_gather5,.-bn_mulx4x_mont_gather5 .type mulx4x_internal,\@abi-omnipotent @@ -2333,7 +2422,7 @@ $code.=<<___; movdqa 0(%rax),%xmm0 # 00000001000000010000000000000000 movdqa 16(%rax),%xmm1 # 00000002000000020000000200000002 - lea 88-112(%rsp,%r10),%r10 # place the mask after tp[num+1] (+ICache optimizaton) + lea 88-112(%rsp,%r10),%r10 # place the mask after tp[num+1] (+ICache optimization) lea 128($bp),$bptr # size optimization pshufd \$0,%xmm5,%xmm5 # broadcast index @@ -2683,14 +2772,22 @@ .type bn_powerx5,\@function,6 .align 32 bn_powerx5: +.cfi_startproc mov %rsp,%rax +.cfi_def_cfa_register %rax .Lpowerx5_enter: push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 .Lpowerx5_prologue: shl \$3,${num}d # convert $num to bytes @@ -2741,7 +2838,7 @@ ja .Lpwrx_page_walk .Lpwrx_page_walk_done: - mov $num,%r10 + mov $num,%r10 neg $num ############################################################## @@ -2762,6 +2859,7 @@ movq $bptr,%xmm4 mov $n0, 32(%rsp) mov %rax, 40(%rsp) # save original %rsp +.cfi_cfa_expression %rsp+40,deref,+8 .Lpowerx5_body: call __bn_sqrx8x_internal @@ -2784,17 +2882,26 @@ call mulx4x_internal mov 40(%rsp),%rsi # restore %rsp +.cfi_def_cfa %rsi,8 mov \$1,%rax mov -48(%rsi),%r15 +.cfi_restore %r15 mov -40(%rsi),%r14 +.cfi_restore %r14 mov -32(%rsi),%r13 +.cfi_restore %r13 mov -24(%rsi),%r12 +.cfi_restore %r12 mov -16(%rsi),%rbp +.cfi_restore %rbp mov -8(%rsi),%rbx +.cfi_restore %rbx lea (%rsi),%rsp +.cfi_def_cfa_register %rsp .Lpowerx5_epilogue: ret +.cfi_endproc .size bn_powerx5,.-bn_powerx5 .globl bn_sqrx8x_internal @@ -3678,8 +3785,8 @@ jb .Lcommon_seh_tail mov 4(%r11),%r10d # HandlerData[1] - lea (%rsi,%r10),%r10 # epilogue label - cmp %r10,%rbx # context->Rip>=epilogue label + lea (%rsi,%r10),%r10 # beginning of body label + cmp %r10,%rbx # context->RipRsp diff --git a/deps/openssl/openssl/crypto/bn/bn_add.c b/deps/openssl/openssl/crypto/bn/bn_add.c index 7cdefa77a17c57..f2736b8f6d4194 100644 --- a/deps/openssl/openssl/crypto/bn/bn_add.c +++ b/deps/openssl/openssl/crypto/bn/bn_add.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,51 +10,69 @@ #include "internal/cryptlib.h" #include "bn_lcl.h" -/* r can == a or b */ +/* signed add of b to a. */ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) { - int a_neg = a->neg, ret; + int ret, r_neg, cmp_res; bn_check_top(a); bn_check_top(b); - /*- - * a + b a+b - * a + -b a-b - * -a + b b-a - * -a + -b -(a+b) - */ - if (a_neg ^ b->neg) { - /* only one is negative */ - if (a_neg) { - const BIGNUM *tmp; - - tmp = a; - a = b; - b = tmp; + if (a->neg == b->neg) { + r_neg = a->neg; + ret = BN_uadd(r, a, b); + } else { + cmp_res = BN_ucmp(a, b); + if (cmp_res > 0) { + r_neg = a->neg; + ret = BN_usub(r, a, b); + } else if (cmp_res < 0) { + r_neg = b->neg; + ret = BN_usub(r, b, a); + } else { + r_neg = 0; + BN_zero(r); + ret = 1; } + } + + r->neg = r_neg; + bn_check_top(r); + return ret; +} + +/* signed sub of b from a. */ +int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) +{ + int ret, r_neg, cmp_res; - /* we are now a - b */ + bn_check_top(a); + bn_check_top(b); - if (BN_ucmp(a, b) < 0) { - if (!BN_usub(r, b, a)) - return 0; - r->neg = 1; + if (a->neg != b->neg) { + r_neg = a->neg; + ret = BN_uadd(r, a, b); + } else { + cmp_res = BN_ucmp(a, b); + if (cmp_res > 0) { + r_neg = a->neg; + ret = BN_usub(r, a, b); + } else if (cmp_res < 0) { + r_neg = !b->neg; + ret = BN_usub(r, b, a); } else { - if (!BN_usub(r, a, b)) - return 0; - r->neg = 0; + r_neg = 0; + BN_zero(r); + ret = 1; } - return 1; } - ret = BN_uadd(r, a, b); - r->neg = a_neg; + r->neg = r_neg; bn_check_top(r); return ret; } -/* unsigned add of b to a */ +/* unsigned add of b to a, r can be equal to a or b. */ int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) { int max, min, dif; @@ -151,59 +169,3 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) return 1; } -int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) -{ - int max; - int add = 0, neg = 0; - - bn_check_top(a); - bn_check_top(b); - - /*- - * a - b a-b - * a - -b a+b - * -a - b -(a+b) - * -a - -b b-a - */ - if (a->neg) { - if (b->neg) { - const BIGNUM *tmp; - - tmp = a; - a = b; - b = tmp; - } else { - add = 1; - neg = 1; - } - } else { - if (b->neg) { - add = 1; - neg = 0; - } - } - - if (add) { - if (!BN_uadd(r, a, b)) - return 0; - r->neg = neg; - return 1; - } - - /* We are actually doing a - b :-) */ - - max = (a->top > b->top) ? a->top : b->top; - if (bn_wexpand(r, max) == NULL) - return 0; - if (BN_ucmp(a, b) < 0) { - if (!BN_usub(r, b, a)) - return 0; - r->neg = 1; - } else { - if (!BN_usub(r, a, b)) - return 0; - r->neg = 0; - } - bn_check_top(r); - return 1; -} diff --git a/deps/openssl/openssl/crypto/bn/bn_asm.c b/deps/openssl/openssl/crypto/bn/bn_asm.c index 39c6c2134b3436..729b2480acd18e 100644 --- a/deps/openssl/openssl/crypto/bn/bn_asm.c +++ b/deps/openssl/openssl/crypto/bn/bn_asm.c @@ -21,7 +21,7 @@ BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, assert(num >= 0); if (num <= 0) - return (c1); + return c1; # ifndef OPENSSL_SMALL_FOOTPRINT while (num & ~3) { @@ -41,7 +41,7 @@ BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, num--; } - return (c1); + return c1; } BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) @@ -50,7 +50,7 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) assert(num >= 0); if (num <= 0) - return (c1); + return c1; # ifndef OPENSSL_SMALL_FOOTPRINT while (num & ~3) { @@ -69,7 +69,7 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) rp++; num--; } - return (c1); + return c1; } void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n) @@ -108,7 +108,7 @@ BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, assert(num >= 0); if (num <= 0) - return ((BN_ULONG)0); + return (BN_ULONG)0; bl = LBITS(w); bh = HBITS(w); @@ -130,7 +130,7 @@ BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, rp++; num--; } - return (c); + return c; } BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) @@ -140,7 +140,7 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) assert(num >= 0); if (num <= 0) - return ((BN_ULONG)0); + return (BN_ULONG)0; bl = LBITS(w); bh = HBITS(w); @@ -162,7 +162,7 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) rp++; num--; } - return (carry); + return carry; } void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n) @@ -210,7 +210,7 @@ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d) int i, count = 2; if (d == 0) - return (BN_MASK2); + return BN_MASK2; i = BN_num_bits_word(d); assert((i == BN_BITS2) || (h <= (BN_ULONG)1 << i)); @@ -264,7 +264,7 @@ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d) l = (l & BN_MASK2l) << BN_BITS4; } ret |= q; - return (ret); + return ret; } #endif /* !defined(BN_LLONG) && defined(BN_DIV2W) */ @@ -276,7 +276,7 @@ BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, assert(n >= 0); if (n <= 0) - return ((BN_ULONG)0); + return (BN_ULONG)0; # ifndef OPENSSL_SMALL_FOOTPRINT while (n & ~3) { @@ -307,7 +307,7 @@ BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, r++; n--; } - return ((BN_ULONG)ll); + return (BN_ULONG)ll; } #else /* !BN_LLONG */ BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, @@ -317,7 +317,7 @@ BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, assert(n >= 0); if (n <= 0) - return ((BN_ULONG)0); + return (BN_ULONG)0; c = 0; # ifndef OPENSSL_SMALL_FOOTPRINT @@ -364,7 +364,7 @@ BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, r++; n--; } - return ((BN_ULONG)c); + return (BN_ULONG)c; } #endif /* !BN_LLONG */ @@ -376,7 +376,7 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, assert(n >= 0); if (n <= 0) - return ((BN_ULONG)0); + return (BN_ULONG)0; #ifndef OPENSSL_SMALL_FOOTPRINT while (n & ~3) { @@ -417,7 +417,7 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, r++; n--; } - return (c); + return c; } #if defined(BN_MUL_COMBA) && !defined(OPENSSL_SMALL_FOOTPRINT) diff --git a/deps/openssl/openssl/crypto/bn/bn_blind.c b/deps/openssl/openssl/crypto/bn/bn_blind.c index 9474e21e4c24dc..450cdfb34866e6 100644 --- a/deps/openssl/openssl/crypto/bn/bn_blind.c +++ b/deps/openssl/openssl/crypto/bn/bn_blind.c @@ -82,7 +82,6 @@ void BN_BLINDING_free(BN_BLINDING *r) { if (r == NULL) return; - BN_free(r->A); BN_free(r->Ai); BN_free(r->e); @@ -124,7 +123,7 @@ int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx) err: if (b->counter == BN_BLINDING_COUNTER) b->counter = 0; - return (ret); + return ret; } int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx) @@ -140,14 +139,14 @@ int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx) if ((b->A == NULL) || (b->Ai == NULL)) { BNerr(BN_F_BN_BLINDING_CONVERT_EX, BN_R_NOT_INITIALIZED); - return (0); + return 0; } if (b->counter == -1) /* Fresh blinding, doesn't need updating. */ b->counter = 0; else if (!BN_BLINDING_update(b, ctx)) - return (0); + return 0; if (r != NULL && (BN_copy(r, b->Ai) == NULL)) return 0; @@ -198,7 +197,7 @@ int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, } bn_check_top(n); - return (ret); + return ret; } int BN_BLINDING_is_current_thread(BN_BLINDING *b) @@ -271,7 +270,7 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, do { int rv; - if (!BN_rand_range(ret->A, ret->mod)) + if (!BN_priv_rand_range(ret->A, ret->mod)) goto err; if (int_bn_mod_inverse(ret->Ai, ret->A, ret->mod, ctx, &rv)) break; diff --git a/deps/openssl/openssl/crypto/bn/bn_ctx.c b/deps/openssl/openssl/crypto/bn/bn_ctx.c index 68c04687437f1d..228c8537fa089e 100644 --- a/deps/openssl/openssl/crypto/bn/bn_ctx.c +++ b/deps/openssl/openssl/crypto/bn/bn_ctx.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -255,9 +255,12 @@ static int BN_STACK_push(BN_STACK *st, unsigned int idx) /* Need to expand */ unsigned int newsize = st->size ? (st->size * 3 / 2) : BN_CTX_START_FRAMES; - unsigned int *newitems = OPENSSL_malloc(sizeof(*newitems) * newsize); - if (newitems == NULL) + unsigned int *newitems; + + if ((newitems = OPENSSL_malloc(sizeof(*newitems) * newsize)) == NULL) { + BNerr(BN_F_BN_STACK_PUSH, ERR_R_MALLOC_FAILURE); return 0; + } if (st->depth) memcpy(newitems, st->indexes, sizeof(*newitems) * st->depth); OPENSSL_free(st->indexes); @@ -306,9 +309,12 @@ static BIGNUM *BN_POOL_get(BN_POOL *p, int flag) /* Full; allocate a new pool item and link it in. */ if (p->used == p->size) { - BN_POOL_ITEM *item = OPENSSL_malloc(sizeof(*item)); - if (item == NULL) + BN_POOL_ITEM *item; + + if ((item = OPENSSL_malloc(sizeof(*item))) == NULL) { + BNerr(BN_F_BN_POOL_GET, ERR_R_MALLOC_FAILURE); return NULL; + } for (loop = 0, bn = item->vals; loop++ < BN_CTX_POOL_SIZE; bn++) { bn_init(bn); if ((flag & BN_FLG_SECURE) != 0) diff --git a/deps/openssl/openssl/crypto/bn/bn_dh.c b/deps/openssl/openssl/crypto/bn/bn_dh.c index 17d05597b3fc34..38acdee234d08f 100644 --- a/deps/openssl/openssl/crypto/bn/bn_dh.c +++ b/deps/openssl/openssl/crypto/bn/bn_dh.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,7 +8,7 @@ */ #include "bn_lcl.h" -#include "e_os.h" +#include "internal/nelem.h" #ifndef OPENSSL_NO_DH #include @@ -104,6 +104,146 @@ static const BN_ULONG dh2048_256_q[] = { 0x8CF83642A709A097ULL }; +/* Primes from RFC 7919 */ +static const BN_ULONG ffdhe2048_p[] = { + 0xFFFFFFFFFFFFFFFFULL, 0x886B423861285C97ULL, 0xC6F34A26C1B2EFFAULL, + 0xC58EF1837D1683B2ULL, 0x3BB5FCBC2EC22005ULL, 0xC3FE3B1B4C6FAD73ULL, + 0x8E4F1232EEF28183ULL, 0x9172FE9CE98583FFULL, 0xC03404CD28342F61ULL, + 0x9E02FCE1CDF7E2ECULL, 0x0B07A7C8EE0A6D70ULL, 0xAE56EDE76372BB19ULL, + 0x1D4F42A3DE394DF4ULL, 0xB96ADAB760D7F468ULL, 0xD108A94BB2C8E3FBULL, + 0xBC0AB182B324FB61ULL, 0x30ACCA4F483A797AULL, 0x1DF158A136ADE735ULL, + 0xE2A689DAF3EFE872ULL, 0x984F0C70E0E68B77ULL, 0xB557135E7F57C935ULL, + 0x856365553DED1AF3ULL, 0x2433F51F5F066ED0ULL, 0xD3DF1ED5D5FD6561ULL, + 0xF681B202AEC4617AULL, 0x7D2FE363630C75D8ULL, 0xCC939DCE249B3EF9ULL, + 0xA9E13641146433FBULL, 0xD8B9C583CE2D3695ULL, 0xAFDC5620273D3CF1ULL, + 0xADF85458A2BB4A9AULL, 0xFFFFFFFFFFFFFFFFULL +}; + +static const BN_ULONG ffdhe3072_p[] = { + 0xFFFFFFFFFFFFFFFFULL, 0x25E41D2B66C62E37ULL, 0x3C1B20EE3FD59D7CULL, + 0x0ABCD06BFA53DDEFULL, 0x1DBF9A42D5C4484EULL, 0xABC521979B0DEADAULL, + 0xE86D2BC522363A0DULL, 0x5CAE82AB9C9DF69EULL, 0x64F2E21E71F54BFFULL, + 0xF4FD4452E2D74DD3ULL, 0xB4130C93BC437944ULL, 0xAEFE130985139270ULL, + 0x598CB0FAC186D91CULL, 0x7AD91D2691F7F7EEULL, 0x61B46FC9D6E6C907ULL, + 0xBC34F4DEF99C0238ULL, 0xDE355B3B6519035BULL, 0x886B4238611FCFDCULL, + 0xC6F34A26C1B2EFFAULL, 0xC58EF1837D1683B2ULL, 0x3BB5FCBC2EC22005ULL, + 0xC3FE3B1B4C6FAD73ULL, 0x8E4F1232EEF28183ULL, 0x9172FE9CE98583FFULL, + 0xC03404CD28342F61ULL, 0x9E02FCE1CDF7E2ECULL, 0x0B07A7C8EE0A6D70ULL, + 0xAE56EDE76372BB19ULL, 0x1D4F42A3DE394DF4ULL, 0xB96ADAB760D7F468ULL, + 0xD108A94BB2C8E3FBULL, 0xBC0AB182B324FB61ULL, 0x30ACCA4F483A797AULL, + 0x1DF158A136ADE735ULL, 0xE2A689DAF3EFE872ULL, 0x984F0C70E0E68B77ULL, + 0xB557135E7F57C935ULL, 0x856365553DED1AF3ULL, 0x2433F51F5F066ED0ULL, + 0xD3DF1ED5D5FD6561ULL, 0xF681B202AEC4617AULL, 0x7D2FE363630C75D8ULL, + 0xCC939DCE249B3EF9ULL, 0xA9E13641146433FBULL, 0xD8B9C583CE2D3695ULL, + 0xAFDC5620273D3CF1ULL, 0xADF85458A2BB4A9AULL, 0xFFFFFFFFFFFFFFFFULL +}; + +static const BN_ULONG ffdhe4096_p[] = { + 0xFFFFFFFFFFFFFFFFULL, 0xC68A007E5E655F6AULL, 0x4DB5A851F44182E1ULL, + 0x8EC9B55A7F88A46BULL, 0x0A8291CDCEC97DCFULL, 0x2A4ECEA9F98D0ACCULL, + 0x1A1DB93D7140003CULL, 0x092999A333CB8B7AULL, 0x6DC778F971AD0038ULL, + 0xA907600A918130C4ULL, 0xED6A1E012D9E6832ULL, 0x7135C886EFB4318AULL, + 0x87F55BA57E31CC7AULL, 0x7763CF1D55034004ULL, 0xAC7D5F42D69F6D18ULL, + 0x7930E9E4E58857B6ULL, 0x6E6F52C3164DF4FBULL, 0x25E41D2B669E1EF1ULL, + 0x3C1B20EE3FD59D7CULL, 0x0ABCD06BFA53DDEFULL, 0x1DBF9A42D5C4484EULL, + 0xABC521979B0DEADAULL, 0xE86D2BC522363A0DULL, 0x5CAE82AB9C9DF69EULL, + 0x64F2E21E71F54BFFULL, 0xF4FD4452E2D74DD3ULL, 0xB4130C93BC437944ULL, + 0xAEFE130985139270ULL, 0x598CB0FAC186D91CULL, 0x7AD91D2691F7F7EEULL, + 0x61B46FC9D6E6C907ULL, 0xBC34F4DEF99C0238ULL, 0xDE355B3B6519035BULL, + 0x886B4238611FCFDCULL, 0xC6F34A26C1B2EFFAULL, 0xC58EF1837D1683B2ULL, + 0x3BB5FCBC2EC22005ULL, 0xC3FE3B1B4C6FAD73ULL, 0x8E4F1232EEF28183ULL, + 0x9172FE9CE98583FFULL, 0xC03404CD28342F61ULL, 0x9E02FCE1CDF7E2ECULL, + 0x0B07A7C8EE0A6D70ULL, 0xAE56EDE76372BB19ULL, 0x1D4F42A3DE394DF4ULL, + 0xB96ADAB760D7F468ULL, 0xD108A94BB2C8E3FBULL, 0xBC0AB182B324FB61ULL, + 0x30ACCA4F483A797AULL, 0x1DF158A136ADE735ULL, 0xE2A689DAF3EFE872ULL, + 0x984F0C70E0E68B77ULL, 0xB557135E7F57C935ULL, 0x856365553DED1AF3ULL, + 0x2433F51F5F066ED0ULL, 0xD3DF1ED5D5FD6561ULL, 0xF681B202AEC4617AULL, + 0x7D2FE363630C75D8ULL, 0xCC939DCE249B3EF9ULL, 0xA9E13641146433FBULL, + 0xD8B9C583CE2D3695ULL, 0xAFDC5620273D3CF1ULL, 0xADF85458A2BB4A9AULL, + 0xFFFFFFFFFFFFFFFFULL +}; + +static const BN_ULONG ffdhe6144_p[] = { + 0xFFFFFFFFFFFFFFFFULL, 0xA40E329CD0E40E65ULL, 0xA41D570D7938DAD4ULL, + 0x62A69526D43161C1ULL, 0x3FDD4A8E9ADB1E69ULL, 0x5B3B71F9DC6B80D6ULL, + 0xEC9D1810C6272B04ULL, 0x8CCF2DD5CACEF403ULL, 0xE49F5235C95B9117ULL, + 0x505DC82DB854338AULL, 0x62292C311562A846ULL, 0xD72B03746AE77F5EULL, + 0xF9C9091B462D538CULL, 0x0AE8DB5847A67CBEULL, 0xB3A739C122611682ULL, + 0xEEAAC0232A281BF6ULL, 0x94C6651E77CAF992ULL, 0x763E4E4B94B2BBC1ULL, + 0x587E38DA0077D9B4ULL, 0x7FB29F8C183023C3ULL, 0x0ABEC1FFF9E3A26EULL, + 0xA00EF092350511E3ULL, 0xB855322EDB6340D8ULL, 0xA52471F7A9A96910ULL, + 0x388147FB4CFDB477ULL, 0x9B1F5C3E4E46041FULL, 0xCDAD0657FCCFEC71ULL, + 0xB38E8C334C701C3AULL, 0x917BDD64B1C0FD4CULL, 0x3BB454329B7624C8ULL, + 0x23BA4442CAF53EA6ULL, 0x4E677D2C38532A3AULL, 0x0BFD64B645036C7AULL, + 0xC68A007E5E0DD902ULL, 0x4DB5A851F44182E1ULL, 0x8EC9B55A7F88A46BULL, + 0x0A8291CDCEC97DCFULL, 0x2A4ECEA9F98D0ACCULL, 0x1A1DB93D7140003CULL, + 0x092999A333CB8B7AULL, 0x6DC778F971AD0038ULL, 0xA907600A918130C4ULL, + 0xED6A1E012D9E6832ULL, 0x7135C886EFB4318AULL, 0x87F55BA57E31CC7AULL, + 0x7763CF1D55034004ULL, 0xAC7D5F42D69F6D18ULL, 0x7930E9E4E58857B6ULL, + 0x6E6F52C3164DF4FBULL, 0x25E41D2B669E1EF1ULL, 0x3C1B20EE3FD59D7CULL, + 0x0ABCD06BFA53DDEFULL, 0x1DBF9A42D5C4484EULL, 0xABC521979B0DEADAULL, + 0xE86D2BC522363A0DULL, 0x5CAE82AB9C9DF69EULL, 0x64F2E21E71F54BFFULL, + 0xF4FD4452E2D74DD3ULL, 0xB4130C93BC437944ULL, 0xAEFE130985139270ULL, + 0x598CB0FAC186D91CULL, 0x7AD91D2691F7F7EEULL, 0x61B46FC9D6E6C907ULL, + 0xBC34F4DEF99C0238ULL, 0xDE355B3B6519035BULL, 0x886B4238611FCFDCULL, + 0xC6F34A26C1B2EFFAULL, 0xC58EF1837D1683B2ULL, 0x3BB5FCBC2EC22005ULL, + 0xC3FE3B1B4C6FAD73ULL, 0x8E4F1232EEF28183ULL, 0x9172FE9CE98583FFULL, + 0xC03404CD28342F61ULL, 0x9E02FCE1CDF7E2ECULL, 0x0B07A7C8EE0A6D70ULL, + 0xAE56EDE76372BB19ULL, 0x1D4F42A3DE394DF4ULL, 0xB96ADAB760D7F468ULL, + 0xD108A94BB2C8E3FBULL, 0xBC0AB182B324FB61ULL, 0x30ACCA4F483A797AULL, + 0x1DF158A136ADE735ULL, 0xE2A689DAF3EFE872ULL, 0x984F0C70E0E68B77ULL, + 0xB557135E7F57C935ULL, 0x856365553DED1AF3ULL, 0x2433F51F5F066ED0ULL, + 0xD3DF1ED5D5FD6561ULL, 0xF681B202AEC4617AULL, 0x7D2FE363630C75D8ULL, + 0xCC939DCE249B3EF9ULL, 0xA9E13641146433FBULL, 0xD8B9C583CE2D3695ULL, + 0xAFDC5620273D3CF1ULL, 0xADF85458A2BB4A9AULL, 0xFFFFFFFFFFFFFFFFULL +}; + +static const BN_ULONG ffdhe8192_p[] = { + 0xFFFFFFFFFFFFFFFFULL, 0xD68C8BB7C5C6424CULL, 0x011E2A94838FF88CULL, + 0x0822E506A9F4614EULL, 0x97D11D49F7A8443DULL, 0xA6BBFDE530677F0DULL, + 0x2F741EF8C1FE86FEULL, 0xFAFABE1C5D71A87EULL, 0xDED2FBABFBE58A30ULL, + 0xB6855DFE72B0A66EULL, 0x1EFC8CE0BA8A4FE8ULL, 0x83F81D4A3F2FA457ULL, + 0xA1FE3075A577E231ULL, 0xD5B8019488D9C0A0ULL, 0x624816CDAD9A95F9ULL, + 0x99E9E31650C1217BULL, 0x51AA691E0E423CFCULL, 0x1C217E6C3826E52CULL, + 0x51A8A93109703FEEULL, 0xBB7099876A460E74ULL, 0x541FC68C9C86B022ULL, + 0x59160CC046FD8251ULL, 0x2846C0BA35C35F5CULL, 0x54504AC78B758282ULL, + 0x29388839D2AF05E4ULL, 0xCB2C0F1CC01BD702ULL, 0x555B2F747C932665ULL, + 0x86B63142A3AB8829ULL, 0x0B8CC3BDF64B10EFULL, 0x687FEB69EDD1CC5EULL, + 0xFDB23FCEC9509D43ULL, 0x1E425A31D951AE64ULL, 0x36AD004CF600C838ULL, + 0xA40E329CCFF46AAAULL, 0xA41D570D7938DAD4ULL, 0x62A69526D43161C1ULL, + 0x3FDD4A8E9ADB1E69ULL, 0x5B3B71F9DC6B80D6ULL, 0xEC9D1810C6272B04ULL, + 0x8CCF2DD5CACEF403ULL, 0xE49F5235C95B9117ULL, 0x505DC82DB854338AULL, + 0x62292C311562A846ULL, 0xD72B03746AE77F5EULL, 0xF9C9091B462D538CULL, + 0x0AE8DB5847A67CBEULL, 0xB3A739C122611682ULL, 0xEEAAC0232A281BF6ULL, + 0x94C6651E77CAF992ULL, 0x763E4E4B94B2BBC1ULL, 0x587E38DA0077D9B4ULL, + 0x7FB29F8C183023C3ULL, 0x0ABEC1FFF9E3A26EULL, 0xA00EF092350511E3ULL, + 0xB855322EDB6340D8ULL, 0xA52471F7A9A96910ULL, 0x388147FB4CFDB477ULL, + 0x9B1F5C3E4E46041FULL, 0xCDAD0657FCCFEC71ULL, 0xB38E8C334C701C3AULL, + 0x917BDD64B1C0FD4CULL, 0x3BB454329B7624C8ULL, 0x23BA4442CAF53EA6ULL, + 0x4E677D2C38532A3AULL, 0x0BFD64B645036C7AULL, 0xC68A007E5E0DD902ULL, + 0x4DB5A851F44182E1ULL, 0x8EC9B55A7F88A46BULL, 0x0A8291CDCEC97DCFULL, + 0x2A4ECEA9F98D0ACCULL, 0x1A1DB93D7140003CULL, 0x092999A333CB8B7AULL, + 0x6DC778F971AD0038ULL, 0xA907600A918130C4ULL, 0xED6A1E012D9E6832ULL, + 0x7135C886EFB4318AULL, 0x87F55BA57E31CC7AULL, 0x7763CF1D55034004ULL, + 0xAC7D5F42D69F6D18ULL, 0x7930E9E4E58857B6ULL, 0x6E6F52C3164DF4FBULL, + 0x25E41D2B669E1EF1ULL, 0x3C1B20EE3FD59D7CULL, 0x0ABCD06BFA53DDEFULL, + 0x1DBF9A42D5C4484EULL, 0xABC521979B0DEADAULL, 0xE86D2BC522363A0DULL, + 0x5CAE82AB9C9DF69EULL, 0x64F2E21E71F54BFFULL, 0xF4FD4452E2D74DD3ULL, + 0xB4130C93BC437944ULL, 0xAEFE130985139270ULL, 0x598CB0FAC186D91CULL, + 0x7AD91D2691F7F7EEULL, 0x61B46FC9D6E6C907ULL, 0xBC34F4DEF99C0238ULL, + 0xDE355B3B6519035BULL, 0x886B4238611FCFDCULL, 0xC6F34A26C1B2EFFAULL, + 0xC58EF1837D1683B2ULL, 0x3BB5FCBC2EC22005ULL, 0xC3FE3B1B4C6FAD73ULL, + 0x8E4F1232EEF28183ULL, 0x9172FE9CE98583FFULL, 0xC03404CD28342F61ULL, + 0x9E02FCE1CDF7E2ECULL, 0x0B07A7C8EE0A6D70ULL, 0xAE56EDE76372BB19ULL, + 0x1D4F42A3DE394DF4ULL, 0xB96ADAB760D7F468ULL, 0xD108A94BB2C8E3FBULL, + 0xBC0AB182B324FB61ULL, 0x30ACCA4F483A797AULL, 0x1DF158A136ADE735ULL, + 0xE2A689DAF3EFE872ULL, 0x984F0C70E0E68B77ULL, 0xB557135E7F57C935ULL, + 0x856365553DED1AF3ULL, 0x2433F51F5F066ED0ULL, 0xD3DF1ED5D5FD6561ULL, + 0xF681B202AEC4617AULL, 0x7D2FE363630C75D8ULL, 0xCC939DCE249B3EF9ULL, + 0xA9E13641146433FBULL, 0xD8B9C583CE2D3695ULL, 0xAFDC5620273D3CF1ULL, + 0xADF85458A2BB4A9AULL, 0xFFFFFFFFFFFFFFFFULL +}; + # elif BN_BITS2 == 32 static const BN_ULONG dh1024_160_p[] = { @@ -194,6 +334,147 @@ static const BN_ULONG dh2048_256_q[] = { 0xA709A097, 0x8CF83642 }; +/* Primes from RFC 7919 */ + +static const BN_ULONG ffdhe2048_p[] = { + 0xFFFFFFFF, 0xFFFFFFFF, 0x61285C97, 0x886B4238, 0xC1B2EFFA, 0xC6F34A26, + 0x7D1683B2, 0xC58EF183, 0x2EC22005, 0x3BB5FCBC, 0x4C6FAD73, 0xC3FE3B1B, + 0xEEF28183, 0x8E4F1232, 0xE98583FF, 0x9172FE9C, 0x28342F61, 0xC03404CD, + 0xCDF7E2EC, 0x9E02FCE1, 0xEE0A6D70, 0x0B07A7C8, 0x6372BB19, 0xAE56EDE7, + 0xDE394DF4, 0x1D4F42A3, 0x60D7F468, 0xB96ADAB7, 0xB2C8E3FB, 0xD108A94B, + 0xB324FB61, 0xBC0AB182, 0x483A797A, 0x30ACCA4F, 0x36ADE735, 0x1DF158A1, + 0xF3EFE872, 0xE2A689DA, 0xE0E68B77, 0x984F0C70, 0x7F57C935, 0xB557135E, + 0x3DED1AF3, 0x85636555, 0x5F066ED0, 0x2433F51F, 0xD5FD6561, 0xD3DF1ED5, + 0xAEC4617A, 0xF681B202, 0x630C75D8, 0x7D2FE363, 0x249B3EF9, 0xCC939DCE, + 0x146433FB, 0xA9E13641, 0xCE2D3695, 0xD8B9C583, 0x273D3CF1, 0xAFDC5620, + 0xA2BB4A9A, 0xADF85458, 0xFFFFFFFF, 0xFFFFFFFF +}; + +static const BN_ULONG ffdhe3072_p[] = { + 0xFFFFFFFF, 0xFFFFFFFF, 0x66C62E37, 0x25E41D2B, 0x3FD59D7C, 0x3C1B20EE, + 0xFA53DDEF, 0x0ABCD06B, 0xD5C4484E, 0x1DBF9A42, 0x9B0DEADA, 0xABC52197, + 0x22363A0D, 0xE86D2BC5, 0x9C9DF69E, 0x5CAE82AB, 0x71F54BFF, 0x64F2E21E, + 0xE2D74DD3, 0xF4FD4452, 0xBC437944, 0xB4130C93, 0x85139270, 0xAEFE1309, + 0xC186D91C, 0x598CB0FA, 0x91F7F7EE, 0x7AD91D26, 0xD6E6C907, 0x61B46FC9, + 0xF99C0238, 0xBC34F4DE, 0x6519035B, 0xDE355B3B, 0x611FCFDC, 0x886B4238, + 0xC1B2EFFA, 0xC6F34A26, 0x7D1683B2, 0xC58EF183, 0x2EC22005, 0x3BB5FCBC, + 0x4C6FAD73, 0xC3FE3B1B, 0xEEF28183, 0x8E4F1232, 0xE98583FF, 0x9172FE9C, + 0x28342F61, 0xC03404CD, 0xCDF7E2EC, 0x9E02FCE1, 0xEE0A6D70, 0x0B07A7C8, + 0x6372BB19, 0xAE56EDE7, 0xDE394DF4, 0x1D4F42A3, 0x60D7F468, 0xB96ADAB7, + 0xB2C8E3FB, 0xD108A94B, 0xB324FB61, 0xBC0AB182, 0x483A797A, 0x30ACCA4F, + 0x36ADE735, 0x1DF158A1, 0xF3EFE872, 0xE2A689DA, 0xE0E68B77, 0x984F0C70, + 0x7F57C935, 0xB557135E, 0x3DED1AF3, 0x85636555, 0x5F066ED0, 0x2433F51F, + 0xD5FD6561, 0xD3DF1ED5, 0xAEC4617A, 0xF681B202, 0x630C75D8, 0x7D2FE363, + 0x249B3EF9, 0xCC939DCE, 0x146433FB, 0xA9E13641, 0xCE2D3695, 0xD8B9C583, + 0x273D3CF1, 0xAFDC5620, 0xA2BB4A9A, 0xADF85458, 0xFFFFFFFF, 0xFFFFFFFF +}; + +static const BN_ULONG ffdhe4096_p[] = { + 0xFFFFFFFF, 0xFFFFFFFF, 0x5E655F6A, 0xC68A007E, 0xF44182E1, 0x4DB5A851, + 0x7F88A46B, 0x8EC9B55A, 0xCEC97DCF, 0x0A8291CD, 0xF98D0ACC, 0x2A4ECEA9, + 0x7140003C, 0x1A1DB93D, 0x33CB8B7A, 0x092999A3, 0x71AD0038, 0x6DC778F9, + 0x918130C4, 0xA907600A, 0x2D9E6832, 0xED6A1E01, 0xEFB4318A, 0x7135C886, + 0x7E31CC7A, 0x87F55BA5, 0x55034004, 0x7763CF1D, 0xD69F6D18, 0xAC7D5F42, + 0xE58857B6, 0x7930E9E4, 0x164DF4FB, 0x6E6F52C3, 0x669E1EF1, 0x25E41D2B, + 0x3FD59D7C, 0x3C1B20EE, 0xFA53DDEF, 0x0ABCD06B, 0xD5C4484E, 0x1DBF9A42, + 0x9B0DEADA, 0xABC52197, 0x22363A0D, 0xE86D2BC5, 0x9C9DF69E, 0x5CAE82AB, + 0x71F54BFF, 0x64F2E21E, 0xE2D74DD3, 0xF4FD4452, 0xBC437944, 0xB4130C93, + 0x85139270, 0xAEFE1309, 0xC186D91C, 0x598CB0FA, 0x91F7F7EE, 0x7AD91D26, + 0xD6E6C907, 0x61B46FC9, 0xF99C0238, 0xBC34F4DE, 0x6519035B, 0xDE355B3B, + 0x611FCFDC, 0x886B4238, 0xC1B2EFFA, 0xC6F34A26, 0x7D1683B2, 0xC58EF183, + 0x2EC22005, 0x3BB5FCBC, 0x4C6FAD73, 0xC3FE3B1B, 0xEEF28183, 0x8E4F1232, + 0xE98583FF, 0x9172FE9C, 0x28342F61, 0xC03404CD, 0xCDF7E2EC, 0x9E02FCE1, + 0xEE0A6D70, 0x0B07A7C8, 0x6372BB19, 0xAE56EDE7, 0xDE394DF4, 0x1D4F42A3, + 0x60D7F468, 0xB96ADAB7, 0xB2C8E3FB, 0xD108A94B, 0xB324FB61, 0xBC0AB182, + 0x483A797A, 0x30ACCA4F, 0x36ADE735, 0x1DF158A1, 0xF3EFE872, 0xE2A689DA, + 0xE0E68B77, 0x984F0C70, 0x7F57C935, 0xB557135E, 0x3DED1AF3, 0x85636555, + 0x5F066ED0, 0x2433F51F, 0xD5FD6561, 0xD3DF1ED5, 0xAEC4617A, 0xF681B202, + 0x630C75D8, 0x7D2FE363, 0x249B3EF9, 0xCC939DCE, 0x146433FB, 0xA9E13641, + 0xCE2D3695, 0xD8B9C583, 0x273D3CF1, 0xAFDC5620, 0xA2BB4A9A, 0xADF85458, + 0xFFFFFFFF, 0xFFFFFFFF +}; + +static const BN_ULONG ffdhe6144_p[] = { + 0xFFFFFFFF, 0xFFFFFFFF, 0xD0E40E65, 0xA40E329C, 0x7938DAD4, 0xA41D570D, + 0xD43161C1, 0x62A69526, 0x9ADB1E69, 0x3FDD4A8E, 0xDC6B80D6, 0x5B3B71F9, + 0xC6272B04, 0xEC9D1810, 0xCACEF403, 0x8CCF2DD5, 0xC95B9117, 0xE49F5235, + 0xB854338A, 0x505DC82D, 0x1562A846, 0x62292C31, 0x6AE77F5E, 0xD72B0374, + 0x462D538C, 0xF9C9091B, 0x47A67CBE, 0x0AE8DB58, 0x22611682, 0xB3A739C1, + 0x2A281BF6, 0xEEAAC023, 0x77CAF992, 0x94C6651E, 0x94B2BBC1, 0x763E4E4B, + 0x0077D9B4, 0x587E38DA, 0x183023C3, 0x7FB29F8C, 0xF9E3A26E, 0x0ABEC1FF, + 0x350511E3, 0xA00EF092, 0xDB6340D8, 0xB855322E, 0xA9A96910, 0xA52471F7, + 0x4CFDB477, 0x388147FB, 0x4E46041F, 0x9B1F5C3E, 0xFCCFEC71, 0xCDAD0657, + 0x4C701C3A, 0xB38E8C33, 0xB1C0FD4C, 0x917BDD64, 0x9B7624C8, 0x3BB45432, + 0xCAF53EA6, 0x23BA4442, 0x38532A3A, 0x4E677D2C, 0x45036C7A, 0x0BFD64B6, + 0x5E0DD902, 0xC68A007E, 0xF44182E1, 0x4DB5A851, 0x7F88A46B, 0x8EC9B55A, + 0xCEC97DCF, 0x0A8291CD, 0xF98D0ACC, 0x2A4ECEA9, 0x7140003C, 0x1A1DB93D, + 0x33CB8B7A, 0x092999A3, 0x71AD0038, 0x6DC778F9, 0x918130C4, 0xA907600A, + 0x2D9E6832, 0xED6A1E01, 0xEFB4318A, 0x7135C886, 0x7E31CC7A, 0x87F55BA5, + 0x55034004, 0x7763CF1D, 0xD69F6D18, 0xAC7D5F42, 0xE58857B6, 0x7930E9E4, + 0x164DF4FB, 0x6E6F52C3, 0x669E1EF1, 0x25E41D2B, 0x3FD59D7C, 0x3C1B20EE, + 0xFA53DDEF, 0x0ABCD06B, 0xD5C4484E, 0x1DBF9A42, 0x9B0DEADA, 0xABC52197, + 0x22363A0D, 0xE86D2BC5, 0x9C9DF69E, 0x5CAE82AB, 0x71F54BFF, 0x64F2E21E, + 0xE2D74DD3, 0xF4FD4452, 0xBC437944, 0xB4130C93, 0x85139270, 0xAEFE1309, + 0xC186D91C, 0x598CB0FA, 0x91F7F7EE, 0x7AD91D26, 0xD6E6C907, 0x61B46FC9, + 0xF99C0238, 0xBC34F4DE, 0x6519035B, 0xDE355B3B, 0x611FCFDC, 0x886B4238, + 0xC1B2EFFA, 0xC6F34A26, 0x7D1683B2, 0xC58EF183, 0x2EC22005, 0x3BB5FCBC, + 0x4C6FAD73, 0xC3FE3B1B, 0xEEF28183, 0x8E4F1232, 0xE98583FF, 0x9172FE9C, + 0x28342F61, 0xC03404CD, 0xCDF7E2EC, 0x9E02FCE1, 0xEE0A6D70, 0x0B07A7C8, + 0x6372BB19, 0xAE56EDE7, 0xDE394DF4, 0x1D4F42A3, 0x60D7F468, 0xB96ADAB7, + 0xB2C8E3FB, 0xD108A94B, 0xB324FB61, 0xBC0AB182, 0x483A797A, 0x30ACCA4F, + 0x36ADE735, 0x1DF158A1, 0xF3EFE872, 0xE2A689DA, 0xE0E68B77, 0x984F0C70, + 0x7F57C935, 0xB557135E, 0x3DED1AF3, 0x85636555, 0x5F066ED0, 0x2433F51F, + 0xD5FD6561, 0xD3DF1ED5, 0xAEC4617A, 0xF681B202, 0x630C75D8, 0x7D2FE363, + 0x249B3EF9, 0xCC939DCE, 0x146433FB, 0xA9E13641, 0xCE2D3695, 0xD8B9C583, + 0x273D3CF1, 0xAFDC5620, 0xA2BB4A9A, 0xADF85458, 0xFFFFFFFF, 0xFFFFFFFF +}; + +static const BN_ULONG ffdhe8192_p[] = { + 0xFFFFFFFF, 0xFFFFFFFF, 0xC5C6424C, 0xD68C8BB7, 0x838FF88C, 0x011E2A94, + 0xA9F4614E, 0x0822E506, 0xF7A8443D, 0x97D11D49, 0x30677F0D, 0xA6BBFDE5, + 0xC1FE86FE, 0x2F741EF8, 0x5D71A87E, 0xFAFABE1C, 0xFBE58A30, 0xDED2FBAB, + 0x72B0A66E, 0xB6855DFE, 0xBA8A4FE8, 0x1EFC8CE0, 0x3F2FA457, 0x83F81D4A, + 0xA577E231, 0xA1FE3075, 0x88D9C0A0, 0xD5B80194, 0xAD9A95F9, 0x624816CD, + 0x50C1217B, 0x99E9E316, 0x0E423CFC, 0x51AA691E, 0x3826E52C, 0x1C217E6C, + 0x09703FEE, 0x51A8A931, 0x6A460E74, 0xBB709987, 0x9C86B022, 0x541FC68C, + 0x46FD8251, 0x59160CC0, 0x35C35F5C, 0x2846C0BA, 0x8B758282, 0x54504AC7, + 0xD2AF05E4, 0x29388839, 0xC01BD702, 0xCB2C0F1C, 0x7C932665, 0x555B2F74, + 0xA3AB8829, 0x86B63142, 0xF64B10EF, 0x0B8CC3BD, 0xEDD1CC5E, 0x687FEB69, + 0xC9509D43, 0xFDB23FCE, 0xD951AE64, 0x1E425A31, 0xF600C838, 0x36AD004C, + 0xCFF46AAA, 0xA40E329C, 0x7938DAD4, 0xA41D570D, 0xD43161C1, 0x62A69526, + 0x9ADB1E69, 0x3FDD4A8E, 0xDC6B80D6, 0x5B3B71F9, 0xC6272B04, 0xEC9D1810, + 0xCACEF403, 0x8CCF2DD5, 0xC95B9117, 0xE49F5235, 0xB854338A, 0x505DC82D, + 0x1562A846, 0x62292C31, 0x6AE77F5E, 0xD72B0374, 0x462D538C, 0xF9C9091B, + 0x47A67CBE, 0x0AE8DB58, 0x22611682, 0xB3A739C1, 0x2A281BF6, 0xEEAAC023, + 0x77CAF992, 0x94C6651E, 0x94B2BBC1, 0x763E4E4B, 0x0077D9B4, 0x587E38DA, + 0x183023C3, 0x7FB29F8C, 0xF9E3A26E, 0x0ABEC1FF, 0x350511E3, 0xA00EF092, + 0xDB6340D8, 0xB855322E, 0xA9A96910, 0xA52471F7, 0x4CFDB477, 0x388147FB, + 0x4E46041F, 0x9B1F5C3E, 0xFCCFEC71, 0xCDAD0657, 0x4C701C3A, 0xB38E8C33, + 0xB1C0FD4C, 0x917BDD64, 0x9B7624C8, 0x3BB45432, 0xCAF53EA6, 0x23BA4442, + 0x38532A3A, 0x4E677D2C, 0x45036C7A, 0x0BFD64B6, 0x5E0DD902, 0xC68A007E, + 0xF44182E1, 0x4DB5A851, 0x7F88A46B, 0x8EC9B55A, 0xCEC97DCF, 0x0A8291CD, + 0xF98D0ACC, 0x2A4ECEA9, 0x7140003C, 0x1A1DB93D, 0x33CB8B7A, 0x092999A3, + 0x71AD0038, 0x6DC778F9, 0x918130C4, 0xA907600A, 0x2D9E6832, 0xED6A1E01, + 0xEFB4318A, 0x7135C886, 0x7E31CC7A, 0x87F55BA5, 0x55034004, 0x7763CF1D, + 0xD69F6D18, 0xAC7D5F42, 0xE58857B6, 0x7930E9E4, 0x164DF4FB, 0x6E6F52C3, + 0x669E1EF1, 0x25E41D2B, 0x3FD59D7C, 0x3C1B20EE, 0xFA53DDEF, 0x0ABCD06B, + 0xD5C4484E, 0x1DBF9A42, 0x9B0DEADA, 0xABC52197, 0x22363A0D, 0xE86D2BC5, + 0x9C9DF69E, 0x5CAE82AB, 0x71F54BFF, 0x64F2E21E, 0xE2D74DD3, 0xF4FD4452, + 0xBC437944, 0xB4130C93, 0x85139270, 0xAEFE1309, 0xC186D91C, 0x598CB0FA, + 0x91F7F7EE, 0x7AD91D26, 0xD6E6C907, 0x61B46FC9, 0xF99C0238, 0xBC34F4DE, + 0x6519035B, 0xDE355B3B, 0x611FCFDC, 0x886B4238, 0xC1B2EFFA, 0xC6F34A26, + 0x7D1683B2, 0xC58EF183, 0x2EC22005, 0x3BB5FCBC, 0x4C6FAD73, 0xC3FE3B1B, + 0xEEF28183, 0x8E4F1232, 0xE98583FF, 0x9172FE9C, 0x28342F61, 0xC03404CD, + 0xCDF7E2EC, 0x9E02FCE1, 0xEE0A6D70, 0x0B07A7C8, 0x6372BB19, 0xAE56EDE7, + 0xDE394DF4, 0x1D4F42A3, 0x60D7F468, 0xB96ADAB7, 0xB2C8E3FB, 0xD108A94B, + 0xB324FB61, 0xBC0AB182, 0x483A797A, 0x30ACCA4F, 0x36ADE735, 0x1DF158A1, + 0xF3EFE872, 0xE2A689DA, 0xE0E68B77, 0x984F0C70, 0x7F57C935, 0xB557135E, + 0x3DED1AF3, 0x85636555, 0x5F066ED0, 0x2433F51F, 0xD5FD6561, 0xD3DF1ED5, + 0xAEC4617A, 0xF681B202, 0x630C75D8, 0x7D2FE363, 0x249B3EF9, 0xCC939DCE, + 0x146433FB, 0xA9E13641, 0xCE2D3695, 0xD8B9C583, 0x273D3CF1, 0xAFDC5620, + 0xA2BB4A9A, 0xADF85458, 0xFFFFFFFF, 0xFFFFFFFF +}; + # else # error "unsupported BN_BITS2" # endif @@ -206,6 +487,10 @@ static const BN_ULONG dh2048_256_q[] = { OSSL_NELEM(x),\ 0, BN_FLG_STATIC_DATA }; +static const BN_ULONG value_2 = 2; + +const BIGNUM _bignum_const_2 = + { (BN_ULONG *)&value_2, 1, 1, 0, BN_FLG_STATIC_DATA }; make_dh_bn(dh1024_160_p) make_dh_bn(dh1024_160_g) @@ -217,4 +502,11 @@ make_dh_bn(dh2048_256_p) make_dh_bn(dh2048_256_g) make_dh_bn(dh2048_256_q) +make_dh_bn(ffdhe2048_p) +make_dh_bn(ffdhe3072_p) +make_dh_bn(ffdhe4096_p) +make_dh_bn(ffdhe6144_p) +make_dh_bn(ffdhe8192_p) + + #endif diff --git a/deps/openssl/openssl/crypto/bn/bn_div.c b/deps/openssl/openssl/crypto/bn/bn_div.c index 884ff2991702e7..70add10c7d6cef 100644 --- a/deps/openssl/openssl/crypto/bn/bn_div.c +++ b/deps/openssl/openssl/crypto/bn/bn_div.c @@ -24,17 +24,17 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, bn_check_top(d); if (BN_is_zero(d)) { BNerr(BN_F_BN_DIV, BN_R_DIV_BY_ZERO); - return (0); + return 0; } if (BN_ucmp(m, d) < 0) { if (rem != NULL) { if (BN_copy(rem, m) == NULL) - return (0); + return 0; } if (dv != NULL) BN_zero(dv); - return (1); + return 1; } BN_CTX_start(ctx); @@ -81,7 +81,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, ret = 1; end: BN_CTX_end(ctx); - return (ret); + return ret; } #else @@ -97,8 +97,6 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, * understand why...); * - divl doesn't only calculate quotient, but also leaves * remainder in %edx which we can definitely use here:-) - * - * */ # undef bn_div_words # define bn_div_words(n0,n1,d0) \ @@ -113,7 +111,6 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, # elif defined(__x86_64) && defined(SIXTY_FOUR_BIT_LONG) /* * Same story here, but it's 128-bit by 64-bit division. Wow! - * */ # undef bn_div_words # define bn_div_words(n0,n1,d0) \ @@ -177,28 +174,25 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, if (BN_is_zero(divisor)) { BNerr(BN_F_BN_DIV, BN_R_DIV_BY_ZERO); - return (0); + return 0; } if (!no_branch && BN_ucmp(num, divisor) < 0) { if (rm != NULL) { if (BN_copy(rm, num) == NULL) - return (0); + return 0; } if (dv != NULL) BN_zero(dv); - return (1); + return 1; } BN_CTX_start(ctx); + res = (dv == NULL) ? BN_CTX_get(ctx) : dv; tmp = BN_CTX_get(ctx); snum = BN_CTX_get(ctx); sdiv = BN_CTX_get(ctx); - if (dv == NULL) - res = BN_CTX_get(ctx); - else - res = dv; - if (sdiv == NULL || res == NULL || tmp == NULL || snum == NULL) + if (sdiv == NULL) goto err; /* First we normalise the numbers */ @@ -415,10 +409,10 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, if (no_branch) bn_correct_top(res); BN_CTX_end(ctx); - return (1); + return 1; err: bn_check_top(rm); BN_CTX_end(ctx); - return (0); + return 0; } #endif diff --git a/deps/openssl/openssl/crypto/bn/bn_err.c b/deps/openssl/openssl/crypto/bn/bn_err.c index 5fe9db9ede3e32..dd87c152cf3758 100644 --- a/deps/openssl/openssl/crypto/bn/bn_err.c +++ b/deps/openssl/openssl/crypto/bn/bn_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,87 +8,99 @@ * https://www.openssl.org/source/license.html */ -#include #include -#include +#include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -# define ERR_FUNC(func) ERR_PACK(ERR_LIB_BN,func,0) -# define ERR_REASON(reason) ERR_PACK(ERR_LIB_BN,0,reason) - -static ERR_STRING_DATA BN_str_functs[] = { - {ERR_FUNC(BN_F_BNRAND), "bnrand"}, - {ERR_FUNC(BN_F_BN_BLINDING_CONVERT_EX), "BN_BLINDING_convert_ex"}, - {ERR_FUNC(BN_F_BN_BLINDING_CREATE_PARAM), "BN_BLINDING_create_param"}, - {ERR_FUNC(BN_F_BN_BLINDING_INVERT_EX), "BN_BLINDING_invert_ex"}, - {ERR_FUNC(BN_F_BN_BLINDING_NEW), "BN_BLINDING_new"}, - {ERR_FUNC(BN_F_BN_BLINDING_UPDATE), "BN_BLINDING_update"}, - {ERR_FUNC(BN_F_BN_BN2DEC), "BN_bn2dec"}, - {ERR_FUNC(BN_F_BN_BN2HEX), "BN_bn2hex"}, - {ERR_FUNC(BN_F_BN_COMPUTE_WNAF), "bn_compute_wNAF"}, - {ERR_FUNC(BN_F_BN_CTX_GET), "BN_CTX_get"}, - {ERR_FUNC(BN_F_BN_CTX_NEW), "BN_CTX_new"}, - {ERR_FUNC(BN_F_BN_CTX_START), "BN_CTX_start"}, - {ERR_FUNC(BN_F_BN_DIV), "BN_div"}, - {ERR_FUNC(BN_F_BN_DIV_RECP), "BN_div_recp"}, - {ERR_FUNC(BN_F_BN_EXP), "BN_exp"}, - {ERR_FUNC(BN_F_BN_EXPAND_INTERNAL), "bn_expand_internal"}, - {ERR_FUNC(BN_F_BN_GENCB_NEW), "BN_GENCB_new"}, - {ERR_FUNC(BN_F_BN_GENERATE_DSA_NONCE), "BN_generate_dsa_nonce"}, - {ERR_FUNC(BN_F_BN_GENERATE_PRIME_EX), "BN_generate_prime_ex"}, - {ERR_FUNC(BN_F_BN_GF2M_MOD), "BN_GF2m_mod"}, - {ERR_FUNC(BN_F_BN_GF2M_MOD_EXP), "BN_GF2m_mod_exp"}, - {ERR_FUNC(BN_F_BN_GF2M_MOD_MUL), "BN_GF2m_mod_mul"}, - {ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD), "BN_GF2m_mod_solve_quad"}, - {ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR), "BN_GF2m_mod_solve_quad_arr"}, - {ERR_FUNC(BN_F_BN_GF2M_MOD_SQR), "BN_GF2m_mod_sqr"}, - {ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT), "BN_GF2m_mod_sqrt"}, - {ERR_FUNC(BN_F_BN_LSHIFT), "BN_lshift"}, - {ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"}, - {ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"}, - {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"}, - {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_WORD), "BN_mod_exp_mont_word"}, - {ERR_FUNC(BN_F_BN_MOD_EXP_RECP), "BN_mod_exp_recp"}, - {ERR_FUNC(BN_F_BN_MOD_EXP_SIMPLE), "BN_mod_exp_simple"}, - {ERR_FUNC(BN_F_BN_MOD_INVERSE), "BN_mod_inverse"}, - {ERR_FUNC(BN_F_BN_MOD_INVERSE_NO_BRANCH), "BN_mod_inverse_no_branch"}, - {ERR_FUNC(BN_F_BN_MOD_LSHIFT_QUICK), "BN_mod_lshift_quick"}, - {ERR_FUNC(BN_F_BN_MOD_SQRT), "BN_mod_sqrt"}, - {ERR_FUNC(BN_F_BN_MPI2BN), "BN_mpi2bn"}, - {ERR_FUNC(BN_F_BN_NEW), "BN_new"}, - {ERR_FUNC(BN_F_BN_RAND), "BN_rand"}, - {ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"}, - {ERR_FUNC(BN_F_BN_RSHIFT), "BN_rshift"}, - {ERR_FUNC(BN_F_BN_SET_WORDS), "bn_set_words"}, - {ERR_FUNC(BN_F_BN_USUB), "BN_usub"}, +static const ERR_STRING_DATA BN_str_functs[] = { + {ERR_PACK(ERR_LIB_BN, BN_F_BNRAND, 0), "bnrand"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BNRAND_RANGE, 0), "bnrand_range"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_BLINDING_CONVERT_EX, 0), + "BN_BLINDING_convert_ex"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_BLINDING_CREATE_PARAM, 0), + "BN_BLINDING_create_param"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_BLINDING_INVERT_EX, 0), + "BN_BLINDING_invert_ex"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_BLINDING_NEW, 0), "BN_BLINDING_new"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_BLINDING_UPDATE, 0), "BN_BLINDING_update"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_BN2DEC, 0), "BN_bn2dec"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_BN2HEX, 0), "BN_bn2hex"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_COMPUTE_WNAF, 0), "bn_compute_wNAF"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_CTX_GET, 0), "BN_CTX_get"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_CTX_NEW, 0), "BN_CTX_new"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_CTX_START, 0), "BN_CTX_start"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_DIV, 0), "BN_div"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_DIV_RECP, 0), "BN_div_recp"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_EXP, 0), "BN_exp"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_EXPAND_INTERNAL, 0), "bn_expand_internal"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_GENCB_NEW, 0), "BN_GENCB_new"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_GENERATE_DSA_NONCE, 0), + "BN_generate_dsa_nonce"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_GENERATE_PRIME_EX, 0), + "BN_generate_prime_ex"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD, 0), "BN_GF2m_mod"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD_EXP, 0), "BN_GF2m_mod_exp"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD_MUL, 0), "BN_GF2m_mod_mul"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD_SOLVE_QUAD, 0), + "BN_GF2m_mod_solve_quad"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR, 0), + "BN_GF2m_mod_solve_quad_arr"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD_SQR, 0), "BN_GF2m_mod_sqr"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD_SQRT, 0), "BN_GF2m_mod_sqrt"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_LSHIFT, 0), "BN_lshift"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_EXP2_MONT, 0), "BN_mod_exp2_mont"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_EXP_MONT, 0), "BN_mod_exp_mont"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_EXP_MONT_CONSTTIME, 0), + "BN_mod_exp_mont_consttime"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_EXP_MONT_WORD, 0), + "BN_mod_exp_mont_word"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_EXP_RECP, 0), "BN_mod_exp_recp"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_EXP_SIMPLE, 0), "BN_mod_exp_simple"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_INVERSE, 0), "BN_mod_inverse"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_INVERSE_NO_BRANCH, 0), + "BN_mod_inverse_no_branch"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_LSHIFT_QUICK, 0), "BN_mod_lshift_quick"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_SQRT, 0), "BN_mod_sqrt"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_MONT_CTX_NEW, 0), "BN_MONT_CTX_new"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_MPI2BN, 0), "BN_mpi2bn"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_NEW, 0), "BN_new"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_POOL_GET, 0), "BN_POOL_get"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_RAND, 0), "BN_rand"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_RAND_RANGE, 0), "BN_rand_range"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_RECP_CTX_NEW, 0), "BN_RECP_CTX_new"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_RSHIFT, 0), "BN_rshift"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_SET_WORDS, 0), "bn_set_words"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_STACK_PUSH, 0), "BN_STACK_push"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_USUB, 0), "BN_usub"}, {0, NULL} }; -static ERR_STRING_DATA BN_str_reasons[] = { - {ERR_REASON(BN_R_ARG2_LT_ARG3), "arg2 lt arg3"}, - {ERR_REASON(BN_R_BAD_RECIPROCAL), "bad reciprocal"}, - {ERR_REASON(BN_R_BIGNUM_TOO_LONG), "bignum too long"}, - {ERR_REASON(BN_R_BITS_TOO_SMALL), "bits too small"}, - {ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS), "called with even modulus"}, - {ERR_REASON(BN_R_DIV_BY_ZERO), "div by zero"}, - {ERR_REASON(BN_R_ENCODING_ERROR), "encoding error"}, - {ERR_REASON(BN_R_EXPAND_ON_STATIC_BIGNUM_DATA), - "expand on static bignum data"}, - {ERR_REASON(BN_R_INPUT_NOT_REDUCED), "input not reduced"}, - {ERR_REASON(BN_R_INVALID_LENGTH), "invalid length"}, - {ERR_REASON(BN_R_INVALID_RANGE), "invalid range"}, - {ERR_REASON(BN_R_INVALID_SHIFT), "invalid shift"}, - {ERR_REASON(BN_R_NOT_A_SQUARE), "not a square"}, - {ERR_REASON(BN_R_NOT_INITIALIZED), "not initialized"}, - {ERR_REASON(BN_R_NO_INVERSE), "no inverse"}, - {ERR_REASON(BN_R_NO_SOLUTION), "no solution"}, - {ERR_REASON(BN_R_PRIVATE_KEY_TOO_LARGE), "private key too large"}, - {ERR_REASON(BN_R_P_IS_NOT_PRIME), "p is not prime"}, - {ERR_REASON(BN_R_TOO_MANY_ITERATIONS), "too many iterations"}, - {ERR_REASON(BN_R_TOO_MANY_TEMPORARY_VARIABLES), - "too many temporary variables"}, +static const ERR_STRING_DATA BN_str_reasons[] = { + {ERR_PACK(ERR_LIB_BN, 0, BN_R_ARG2_LT_ARG3), "arg2 lt arg3"}, + {ERR_PACK(ERR_LIB_BN, 0, BN_R_BAD_RECIPROCAL), "bad reciprocal"}, + {ERR_PACK(ERR_LIB_BN, 0, BN_R_BIGNUM_TOO_LONG), "bignum too long"}, + {ERR_PACK(ERR_LIB_BN, 0, BN_R_BITS_TOO_SMALL), "bits too small"}, + {ERR_PACK(ERR_LIB_BN, 0, BN_R_CALLED_WITH_EVEN_MODULUS), + "called with even modulus"}, + {ERR_PACK(ERR_LIB_BN, 0, BN_R_DIV_BY_ZERO), "div by zero"}, + {ERR_PACK(ERR_LIB_BN, 0, BN_R_ENCODING_ERROR), "encoding error"}, + {ERR_PACK(ERR_LIB_BN, 0, BN_R_EXPAND_ON_STATIC_BIGNUM_DATA), + "expand on static bignum data"}, + {ERR_PACK(ERR_LIB_BN, 0, BN_R_INPUT_NOT_REDUCED), "input not reduced"}, + {ERR_PACK(ERR_LIB_BN, 0, BN_R_INVALID_LENGTH), "invalid length"}, + {ERR_PACK(ERR_LIB_BN, 0, BN_R_INVALID_RANGE), "invalid range"}, + {ERR_PACK(ERR_LIB_BN, 0, BN_R_INVALID_SHIFT), "invalid shift"}, + {ERR_PACK(ERR_LIB_BN, 0, BN_R_NOT_A_SQUARE), "not a square"}, + {ERR_PACK(ERR_LIB_BN, 0, BN_R_NOT_INITIALIZED), "not initialized"}, + {ERR_PACK(ERR_LIB_BN, 0, BN_R_NO_INVERSE), "no inverse"}, + {ERR_PACK(ERR_LIB_BN, 0, BN_R_NO_SOLUTION), "no solution"}, + {ERR_PACK(ERR_LIB_BN, 0, BN_R_PRIVATE_KEY_TOO_LARGE), + "private key too large"}, + {ERR_PACK(ERR_LIB_BN, 0, BN_R_P_IS_NOT_PRIME), "p is not prime"}, + {ERR_PACK(ERR_LIB_BN, 0, BN_R_TOO_MANY_ITERATIONS), "too many iterations"}, + {ERR_PACK(ERR_LIB_BN, 0, BN_R_TOO_MANY_TEMPORARY_VARIABLES), + "too many temporary variables"}, {0, NULL} }; @@ -97,10 +109,9 @@ static ERR_STRING_DATA BN_str_reasons[] = { int ERR_load_BN_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(BN_str_functs[0].error) == NULL) { - ERR_load_strings(0, BN_str_functs); - ERR_load_strings(0, BN_str_reasons); + ERR_load_strings_const(BN_str_functs); + ERR_load_strings_const(BN_str_reasons); } #endif return 1; diff --git a/deps/openssl/openssl/crypto/bn/bn_exp.c b/deps/openssl/openssl/crypto/bn/bn_exp.c index a6ad475a0b2696..c026ffcb339cec 100644 --- a/deps/openssl/openssl/crypto/bn/bn_exp.c +++ b/deps/openssl/openssl/crypto/bn/bn_exp.c @@ -51,10 +51,7 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) } BN_CTX_start(ctx); - if ((r == a) || (r == p)) - rr = BN_CTX_get(ctx); - else - rr = r; + rr = ((r == a) || (r == p)) ? BN_CTX_get(ctx) : r; v = BN_CTX_get(ctx); if (rr == NULL || v == NULL) goto err; @@ -86,7 +83,7 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) err: BN_CTX_end(ctx); bn_check_top(r); - return (ret); + return ret; } int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, @@ -134,13 +131,6 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, #define RECP_MUL_MOD #ifdef MONT_MUL_MOD - /* - * I have finally been able to take out this pre-condition of the top bit - * being set. It was caused by an error in BN_div with negatives. There - * was also another problem when for a^b%m a >= m. eay 07-May-97 - */ - /* if ((m->d[m->top-1]&BN_TBIT) && BN_is_odd(m)) */ - if (BN_is_odd(m)) { # ifdef MONT_EXP_WORD if (a->top == 1 && !a->neg @@ -165,7 +155,7 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, #endif bn_check_top(r); - return (ret); + return ret; } int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, @@ -201,7 +191,7 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX_start(ctx); aa = BN_CTX_get(ctx); val[0] = BN_CTX_get(ctx); - if (!aa || !val[0]) + if (val[0] == NULL) goto err; BN_RECP_CTX_init(&recp); @@ -300,7 +290,7 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX_end(ctx); BN_RECP_CTX_free(&recp); bn_check_top(r); - return (ret); + return ret; } int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, @@ -326,7 +316,7 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, if (!BN_is_odd(m)) { BNerr(BN_F_BN_MOD_EXP_MONT, BN_R_CALLED_WITH_EVEN_MODULUS); - return (0); + return 0; } bits = BN_num_bits(p); if (bits == 0) { @@ -344,7 +334,7 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, d = BN_CTX_get(ctx); r = BN_CTX_get(ctx); val[0] = BN_CTX_get(ctx); - if (!d || !r || !val[0]) + if (val[0] == NULL) goto err; /* @@ -366,11 +356,6 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, aa = val[0]; } else aa = a; - if (BN_is_zero(aa)) { - BN_zero(rr); - ret = 1; - goto err; - } if (!bn_to_mont_fixed_top(val[0], aa, mont, ctx)) goto err; /* 1 */ @@ -481,10 +466,9 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, BN_MONT_CTX_free(mont); BN_CTX_end(ctx); bn_check_top(rr); - return (ret); + return ret; } -#if defined(SPARC_T4_MONT) static BN_ULONG bn_get_bits(const BIGNUM *a, int bitpos) { BN_ULONG ret = 0; @@ -503,7 +487,6 @@ static BN_ULONG bn_get_bits(const BIGNUM *a, int bitpos) return ret & BN_MASK2; } -#endif /* * BN_mod_exp_mont_consttime() stores the precomputed powers in a specific @@ -610,7 +593,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) { - int i, bits, ret = 0, window, wvalue; + int i, bits, ret = 0, window, wvalue, wmask, window0; int top; BN_MONT_CTX *mont = NULL; @@ -629,7 +612,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, if (!BN_is_odd(m)) { BNerr(BN_F_BN_MOD_EXP_MONT_CONSTTIME, BN_R_CALLED_WITH_EVEN_MODULUS); - return (0); + return 0; } top = m->top; @@ -666,31 +649,33 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, } #ifdef RSAZ_ENABLED - /* - * If the size of the operands allow it, perform the optimized - * RSAZ exponentiation. For further information see - * crypto/bn/rsaz_exp.c and accompanying assembly modules. - */ - if ((16 == a->top) && (16 == p->top) && (BN_num_bits(m) == 1024) - && rsaz_avx2_eligible()) { - if (NULL == bn_wexpand(rr, 16)) + if (!a->neg) { + /* + * If the size of the operands allow it, perform the optimized + * RSAZ exponentiation. For further information see + * crypto/bn/rsaz_exp.c and accompanying assembly modules. + */ + if ((16 == a->top) && (16 == p->top) && (BN_num_bits(m) == 1024) + && rsaz_avx2_eligible()) { + if (NULL == bn_wexpand(rr, 16)) + goto err; + RSAZ_1024_mod_exp_avx2(rr->d, a->d, p->d, m->d, mont->RR.d, + mont->n0[0]); + rr->top = 16; + rr->neg = 0; + bn_correct_top(rr); + ret = 1; goto err; - RSAZ_1024_mod_exp_avx2(rr->d, a->d, p->d, m->d, mont->RR.d, - mont->n0[0]); - rr->top = 16; - rr->neg = 0; - bn_correct_top(rr); - ret = 1; - goto err; - } else if ((8 == a->top) && (8 == p->top) && (BN_num_bits(m) == 512)) { - if (NULL == bn_wexpand(rr, 8)) + } else if ((8 == a->top) && (8 == p->top) && (BN_num_bits(m) == 512)) { + if (NULL == bn_wexpand(rr, 8)) + goto err; + RSAZ_512_mod_exp(rr->d, a->d, p->d, m->d, mont->n0[0], mont->RR.d); + rr->top = 8; + rr->neg = 0; + bn_correct_top(rr); + ret = 1; goto err; - RSAZ_512_mod_exp(rr->d, a->d, p->d, m->d, mont->n0[0], mont->RR.d); - rr->top = 8; - rr->neg = 0; - bn_correct_top(rr); - ret = 1; - goto err; + } } #endif @@ -763,7 +748,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, /* prepare a^1 in Montgomery domain */ if (a->neg || BN_ucmp(a, m) >= 0) { - if (!BN_mod(&am, a, m, ctx)) + if (!BN_nnmod(&am, a, m, ctx)) goto err; if (!bn_to_mont_fixed_top(&am, &am, mont, ctx)) goto err; @@ -861,20 +846,27 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, top /= 2; bn_flip_t4(np, mont->N.d, top); - bits--; - for (wvalue = 0, i = bits % 5; i >= 0; i--, bits--) - wvalue = (wvalue << 1) + BN_is_bit_set(p, bits); + /* + * The exponent may not have a whole number of fixed-size windows. + * To simplify the main loop, the initial window has between 1 and + * full-window-size bits such that what remains is always a whole + * number of windows + */ + window0 = (bits - 1) % 5 + 1; + wmask = (1 << window0) - 1; + bits -= window0; + wvalue = bn_get_bits(p, bits) & wmask; bn_gather5_t4(tmp.d, top, powerbuf, wvalue); /* * Scan the exponent one window at a time starting from the most * significant bits. */ - while (bits >= 0) { + while (bits > 0) { if (bits < stride) - stride = bits + 1; + stride = bits; bits -= stride; - wvalue = bn_get_bits(p, bits + 1); + wvalue = bn_get_bits(p, bits); if ((*pwr5_worker) (tmp.d, np, n0, powerbuf, wvalue, stride)) continue; @@ -982,32 +974,36 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, bn_scatter5(tmp.d, top, powerbuf, i); } # endif - bits--; - for (wvalue = 0, i = bits % 5; i >= 0; i--, bits--) - wvalue = (wvalue << 1) + BN_is_bit_set(p, bits); + /* + * The exponent may not have a whole number of fixed-size windows. + * To simplify the main loop, the initial window has between 1 and + * full-window-size bits such that what remains is always a whole + * number of windows + */ + window0 = (bits - 1) % 5 + 1; + wmask = (1 << window0) - 1; + bits -= window0; + wvalue = bn_get_bits(p, bits) & wmask; bn_gather5(tmp.d, top, powerbuf, wvalue); /* * Scan the exponent one window at a time starting from the most * significant bits. */ - if (top & 7) - while (bits >= 0) { - for (wvalue = 0, i = 0; i < 5; i++, bits--) - wvalue = (wvalue << 1) + BN_is_bit_set(p, bits); - + if (top & 7) { + while (bits > 0) { bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); bn_mul_mont_gather5(tmp.d, tmp.d, powerbuf, np, n0, top, - wvalue); + bn_get_bits5(p->d, bits -= 5)); + } } else { - while (bits >= 0) { - wvalue = bn_get_bits5(p->d, bits - 4); - bits -= 5; - bn_power5(tmp.d, tmp.d, powerbuf, np, n0, top, wvalue); + while (bits > 0) { + bn_power5(tmp.d, tmp.d, powerbuf, np, n0, top, + bn_get_bits5(p->d, bits -= 5)); } } @@ -1049,27 +1045,44 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, } } - bits--; - for (wvalue = 0, i = bits % window; i >= 0; i--, bits--) - wvalue = (wvalue << 1) + BN_is_bit_set(p, bits); + /* + * The exponent may not have a whole number of fixed-size windows. + * To simplify the main loop, the initial window has between 1 and + * full-window-size bits such that what remains is always a whole + * number of windows + */ + window0 = (bits - 1) % window + 1; + wmask = (1 << window0) - 1; + bits -= window0; + wvalue = bn_get_bits(p, bits) & wmask; if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&tmp, top, powerbuf, wvalue, window)) goto err; + wmask = (1 << window) - 1; /* * Scan the exponent one window at a time starting from the most * significant bits. */ - while (bits >= 0) { - wvalue = 0; /* The 'value' of the window */ + while (bits > 0) { - /* Scan the window, squaring the result as we go */ - for (i = 0; i < window; i++, bits--) { + /* Square the result window-size times */ + for (i = 0; i < window; i++) if (!bn_mul_mont_fixed_top(&tmp, &tmp, &tmp, mont, ctx)) goto err; - wvalue = (wvalue << 1) + BN_is_bit_set(p, bits); - } + /* + * Get a window's worth of bits from the exponent + * This avoids calling BN_is_bit_set for each bit, which + * is not only slower but also makes each bit vulnerable to + * EM (and likely other) side-channel attacks like One&Done + * (for details see "One&Done: A Single-Decryption EM-Based + * Attack on OpenSSL's Constant-Time Blinded RSA" by M. Alam, + * H. Khan, M. Dey, N. Sinha, R. Callan, A. Zajic, and + * M. Prvulovic, in USENIX Security'18) + */ + bits -= window; + wvalue = bn_get_bits(p, bits) & wmask; /* * Fetch the appropriate pre-computed value from the pre-buf */ @@ -1108,7 +1121,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, OPENSSL_free(powerbufFree); } BN_CTX_end(ctx); - return (ret); + return ret; } int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, @@ -1118,7 +1131,7 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, int b, bits, ret = 0; int r_is_one; BN_ULONG w, next_w; - BIGNUM *d, *r, *t; + BIGNUM *r, *t; BIGNUM *swap_tmp; #define BN_MOD_MUL_WORD(r, w, m) \ (BN_mul_word(r, (w)) && \ @@ -1149,7 +1162,7 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, if (!BN_is_odd(m)) { BNerr(BN_F_BN_MOD_EXP_MONT_WORD, BN_R_CALLED_WITH_EVEN_MODULUS); - return (0); + return 0; } if (m->top == 1) a %= m->d[0]; /* make sure that 'a' is reduced */ @@ -1172,10 +1185,9 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, } BN_CTX_start(ctx); - d = BN_CTX_get(ctx); r = BN_CTX_get(ctx); t = BN_CTX_get(ctx); - if (d == NULL || r == NULL || t == NULL) + if (t == NULL) goto err; if (in_mont != NULL) @@ -1256,7 +1268,7 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, BN_MONT_CTX_free(mont); BN_CTX_end(ctx); bn_check_top(rr); - return (ret); + return ret; } /* The old fallback, simple version :-) */ @@ -1292,7 +1304,7 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX_start(ctx); d = BN_CTX_get(ctx); val[0] = BN_CTX_get(ctx); - if (!d || !val[0]) + if (val[0] == NULL) goto err; if (!BN_nnmod(val[0], a, m, ctx)) @@ -1377,5 +1389,5 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, err: BN_CTX_end(ctx); bn_check_top(r); - return (ret); + return ret; } diff --git a/deps/openssl/openssl/crypto/bn/bn_exp2.c b/deps/openssl/openssl/crypto/bn/bn_exp2.c index 5141c21f6d6bfe..082c9286a0f4b3 100644 --- a/deps/openssl/openssl/crypto/bn/bn_exp2.c +++ b/deps/openssl/openssl/crypto/bn/bn_exp2.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -34,7 +34,7 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, if (!(m->d[0] & 1)) { BNerr(BN_F_BN_MOD_EXP2_MONT, BN_R_CALLED_WITH_EVEN_MODULUS); - return (0); + return 0; } bits1 = BN_num_bits(p1); bits2 = BN_num_bits(p2); @@ -50,7 +50,7 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, r = BN_CTX_get(ctx); val1[0] = BN_CTX_get(ctx); val2[0] = BN_CTX_get(ctx); - if (!d || !r || !val1[0] || !val2[0]) + if (val2[0] == NULL) goto err; if (in_mont != NULL) @@ -197,5 +197,5 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, BN_MONT_CTX_free(mont); BN_CTX_end(ctx); bn_check_top(rr); - return (ret); + return ret; } diff --git a/deps/openssl/openssl/crypto/bn/bn_gcd.c b/deps/openssl/openssl/crypto/bn/bn_gcd.c index bed231c8fa6632..0091ea4e08a67c 100644 --- a/deps/openssl/openssl/crypto/bn/bn_gcd.c +++ b/deps/openssl/openssl/crypto/bn/bn_gcd.c @@ -23,7 +23,7 @@ int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx) BN_CTX_start(ctx); a = BN_CTX_get(ctx); b = BN_CTX_get(ctx); - if (a == NULL || b == NULL) + if (b == NULL) goto err; if (BN_copy(a, in_a) == NULL) @@ -48,7 +48,7 @@ int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx) err: BN_CTX_end(ctx); bn_check_top(r); - return (ret); + return ret; } static BIGNUM *euclid(BIGNUM *a, BIGNUM *b) @@ -111,9 +111,9 @@ static BIGNUM *euclid(BIGNUM *a, BIGNUM *b) goto err; } bn_check_top(a); - return (a); + return a; err: - return (NULL); + return NULL; } /* solves ax == 1 (mod n) */ @@ -448,7 +448,7 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in, BN_free(R); BN_CTX_end(ctx); bn_check_top(ret); - return (ret); + return ret; } /* @@ -619,5 +619,5 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, BN_free(R); BN_CTX_end(ctx); bn_check_top(ret); - return (ret); + return ret; } diff --git a/deps/openssl/openssl/crypto/bn/bn_gf2m.c b/deps/openssl/openssl/crypto/bn/bn_gf2m.c index d80f3ec94027c9..34d8b69c1ec9d7 100644 --- a/deps/openssl/openssl/crypto/bn/bn_gf2m.c +++ b/deps/openssl/openssl/crypto/bn/bn_gf2m.c @@ -1,5 +1,6 @@ /* * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,17 +8,6 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * - * The Elliptic Curve Public-Key Crypto Library (ECC Code) included - * herein is developed by SUN MICROSYSTEMS, INC., and is contributed - * to the OpenSSL project. - * - * The ECC Code is licensed pursuant to the OpenSSL open source - * license provided below. - */ - #include #include #include @@ -559,7 +549,8 @@ int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) * Hernandez, J.L., and Menezes, A. "Software Implementation of Elliptic * Curve Cryptography Over Binary Fields". */ -int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) +static int BN_GF2m_mod_inv_vartime(BIGNUM *r, const BIGNUM *a, + const BIGNUM *p, BN_CTX *ctx) { BIGNUM *b, *c = NULL, *u = NULL, *v = NULL, *tmp; int ret = 0; @@ -569,13 +560,11 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) BN_CTX_start(ctx); - if ((b = BN_CTX_get(ctx)) == NULL) - goto err; - if ((c = BN_CTX_get(ctx)) == NULL) - goto err; - if ((u = BN_CTX_get(ctx)) == NULL) - goto err; - if ((v = BN_CTX_get(ctx)) == NULL) + b = BN_CTX_get(ctx); + c = BN_CTX_get(ctx); + u = BN_CTX_get(ctx); + v = BN_CTX_get(ctx); + if (v == NULL) goto err; if (!BN_GF2m_mod(u, a, p)) @@ -727,6 +716,46 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) return ret; } +/*- + * Wrapper for BN_GF2m_mod_inv_vartime that blinds the input before calling. + * This is not constant time. + * But it does eliminate first order deduction on the input. + */ +int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) +{ + BIGNUM *b = NULL; + int ret = 0; + + BN_CTX_start(ctx); + if ((b = BN_CTX_get(ctx)) == NULL) + goto err; + + /* generate blinding value */ + do { + if (!BN_priv_rand(b, BN_num_bits(p) - 1, + BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) + goto err; + } while (BN_is_zero(b)); + + /* r := a * b */ + if (!BN_GF2m_mod_mul(r, a, b, p, ctx)) + goto err; + + /* r := 1/(a * b) */ + if (!BN_GF2m_mod_inv_vartime(r, r, p, ctx)) + goto err; + + /* r := b/(a * b) = 1/a */ + if (!BN_GF2m_mod_mul(r, r, b, p, ctx)) + goto err; + + ret = 1; + + err: + BN_CTX_end(ctx); + return ret; +} + /* * Invert xx, reduce modulo p, and store the result in r. r could be xx. * This function calls down to the BN_GF2m_mod_inv implementation; this @@ -754,7 +783,6 @@ int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const int p[], return ret; } -# ifndef OPENSSL_SUN_GF2M_DIV /* * Divide y by x, reduce modulo p, and store the result in r. r could be x * or y, x could equal y. @@ -785,94 +813,6 @@ int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, BN_CTX_end(ctx); return ret; } -# else -/* - * Divide y by x, reduce modulo p, and store the result in r. r could be x - * or y, x could equal y. Uses algorithm Modular_Division_GF(2^m) from - * Chang-Shantz, S. "From Euclid's GCD to Montgomery Multiplication to the - * Great Divide". - */ -int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, - const BIGNUM *p, BN_CTX *ctx) -{ - BIGNUM *a, *b, *u, *v; - int ret = 0; - - bn_check_top(y); - bn_check_top(x); - bn_check_top(p); - - BN_CTX_start(ctx); - - a = BN_CTX_get(ctx); - b = BN_CTX_get(ctx); - u = BN_CTX_get(ctx); - v = BN_CTX_get(ctx); - if (v == NULL) - goto err; - - /* reduce x and y mod p */ - if (!BN_GF2m_mod(u, y, p)) - goto err; - if (!BN_GF2m_mod(a, x, p)) - goto err; - if (!BN_copy(b, p)) - goto err; - - while (!BN_is_odd(a)) { - if (!BN_rshift1(a, a)) - goto err; - if (BN_is_odd(u)) - if (!BN_GF2m_add(u, u, p)) - goto err; - if (!BN_rshift1(u, u)) - goto err; - } - - do { - if (BN_GF2m_cmp(b, a) > 0) { - if (!BN_GF2m_add(b, b, a)) - goto err; - if (!BN_GF2m_add(v, v, u)) - goto err; - do { - if (!BN_rshift1(b, b)) - goto err; - if (BN_is_odd(v)) - if (!BN_GF2m_add(v, v, p)) - goto err; - if (!BN_rshift1(v, v)) - goto err; - } while (!BN_is_odd(b)); - } else if (BN_abs_is_word(a, 1)) - break; - else { - if (!BN_GF2m_add(a, a, b)) - goto err; - if (!BN_GF2m_add(u, u, v)) - goto err; - do { - if (!BN_rshift1(a, a)) - goto err; - if (BN_is_odd(u)) - if (!BN_GF2m_add(u, u, p)) - goto err; - if (!BN_rshift1(u, u)) - goto err; - } while (!BN_is_odd(a)); - } - } while (1); - - if (!BN_copy(r, u)) - goto err; - bn_check_top(r); - ret = 1; - - err: - BN_CTX_end(ctx); - return ret; -} -# endif /* * Divide yy by xx, reduce modulo p, and store the result in r. r could be xx @@ -918,7 +858,7 @@ int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, bn_check_top(b); if (BN_is_zero(b)) - return (BN_one(r)); + return BN_one(r); if (BN_abs_is_word(b, 1)) return (BN_copy(r, a) != NULL); @@ -1091,7 +1031,7 @@ int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const int p[], if (tmp == NULL) goto err; do { - if (!BN_rand(rho, p[0], BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) + if (!BN_priv_rand(rho, p[0], BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) goto err; if (!BN_GF2m_mod_arr(rho, rho, p)) goto err; diff --git a/deps/openssl/openssl/crypto/bn/bn_intern.c b/deps/openssl/openssl/crypto/bn/bn_intern.c index 7b25927f9bcaee..46bc97575dfe47 100644 --- a/deps/openssl/openssl/crypto/bn/bn_intern.c +++ b/deps/openssl/openssl/crypto/bn/bn_intern.c @@ -143,11 +143,6 @@ int bn_get_top(const BIGNUM *a) return a->top; } -void bn_set_top(BIGNUM *a, int top) -{ - a->top = top; -} - int bn_get_dmax(const BIGNUM *a) { return a->dmax; @@ -202,13 +197,3 @@ int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words) bn_correct_top(a); return 1; } - -size_t bn_sizeof_BIGNUM(void) -{ - return sizeof(BIGNUM); -} - -BIGNUM *bn_array_el(BIGNUM *base, int el) -{ - return &base[el]; -} diff --git a/deps/openssl/openssl/crypto/bn/bn_lcl.h b/deps/openssl/openssl/crypto/bn/bn_lcl.h index 4d9808f5b8d1e6..8a36db2e8b671c 100644 --- a/deps/openssl/openssl/crypto/bn/bn_lcl.h +++ b/deps/openssl/openssl/crypto/bn/bn_lcl.h @@ -23,10 +23,6 @@ # include "internal/bn_int.h" -#ifdef __cplusplus -extern "C" { -#endif - /* * These preprocessor symbols control various aspects of the bignum headers * and library code. They're not defined by any "normal" configuration, as @@ -156,11 +152,6 @@ extern "C" { */ # define BN_FLG_FIXED_TOP 0x10000 # ifdef BN_DEBUG_RAND -/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */ -# ifndef RAND_bytes -int RAND_bytes(unsigned char *buf, int num); -# define BN_DEBUG_TRIX -# endif # define bn_pollute(a) \ do { \ const BIGNUM *_bnum1 = (a); \ @@ -176,9 +167,6 @@ int RAND_bytes(unsigned char *buf, int num); sizeof(*_not_const) * (_bnum1->dmax - _bnum1->top)); \ } \ } while(0) -# ifdef BN_DEBUG_TRIX -# undef RAND_bytes -# endif # else # define bn_pollute(a) # endif @@ -187,9 +175,9 @@ int RAND_bytes(unsigned char *buf, int num); const BIGNUM *_bnum2 = (a); \ if (_bnum2 != NULL) { \ int _top = _bnum2->top; \ - OPENSSL_assert((_top == 0 && !_bnum2->neg) || \ - (_top && ((_bnum2->flags & BN_FLG_FIXED_TOP) \ - || _bnum2->d[_top - 1] != 0))); \ + (void)ossl_assert((_top == 0 && !_bnum2->neg) || \ + (_top && ((_bnum2->flags & BN_FLG_FIXED_TOP) \ + || _bnum2->d[_top - 1] != 0))); \ bn_pollute(_bnum2); \ } \ } while(0) @@ -200,8 +188,8 @@ int RAND_bytes(unsigned char *buf, int num); # define bn_wcheck_size(bn, words) \ do { \ const BIGNUM *_bnum2 = (bn); \ - OPENSSL_assert((words) <= (_bnum2)->dmax && \ - (words) >= (_bnum2)->top); \ + assert((words) <= (_bnum2)->dmax && \ + (words) >= (_bnum2)->top); \ /* avoid unused variable warning with NDEBUG */ \ (void)(_bnum2); \ } while(0) @@ -370,59 +358,58 @@ struct bn_gencb_st { # if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC) /* * BN_UMULT_HIGH section. - * - * No, I'm not trying to overwhelm you when stating that the - * product of N-bit numbers is 2*N bits wide:-) No, I don't expect - * you to be impressed when I say that if the compiler doesn't - * support 2*N integer type, then you have to replace every N*N - * multiplication with 4 (N/2)*(N/2) accompanied by some shifts - * and additions which unavoidably results in severe performance - * penalties. Of course provided that the hardware is capable of - * producing 2*N result... That's when you normally start - * considering assembler implementation. However! It should be - * pointed out that some CPUs (most notably Alpha, PowerPC and - * upcoming IA-64 family:-) provide *separate* instruction - * calculating the upper half of the product placing the result - * into a general purpose register. Now *if* the compiler supports - * inline assembler, then it's not impossible to implement the - * "bignum" routines (and have the compiler optimize 'em) - * exhibiting "native" performance in C. That's what BN_UMULT_HIGH - * macro is about:-) - * - * + * If the compiler doesn't support 2*N integer type, then you have to + * replace every N*N multiplication with 4 (N/2)*(N/2) accompanied by some + * shifts and additions which unavoidably results in severe performance + * penalties. Of course provided that the hardware is capable of producing + * 2*N result... That's when you normally start considering assembler + * implementation. However! It should be pointed out that some CPUs (e.g., + * PowerPC, Alpha, and IA-64) provide *separate* instruction calculating + * the upper half of the product placing the result into a general + * purpose register. Now *if* the compiler supports inline assembler, + * then it's not impossible to implement the "bignum" routines (and have + * the compiler optimize 'em) exhibiting "native" performance in C. That's + * what BN_UMULT_HIGH macro is about:-) Note that more recent compilers do + * support 2*64 integer type, which is also used here. */ -# if defined(__alpha) && (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT)) +# if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16 && \ + (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)) +# define BN_UMULT_HIGH(a,b) (((__uint128_t)(a)*(b))>>64) +# define BN_UMULT_LOHI(low,high,a,b) ({ \ + __uint128_t ret=(__uint128_t)(a)*(b); \ + (high)=ret>>64; (low)=ret; }) +# elif defined(__alpha) && (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT)) # if defined(__DECC) # include # define BN_UMULT_HIGH(a,b) (BN_ULONG)asm("umulh %a0,%a1,%v0",(a),(b)) # elif defined(__GNUC__) && __GNUC__>=2 -# define BN_UMULT_HIGH(a,b) ({ \ +# define BN_UMULT_HIGH(a,b) ({ \ register BN_ULONG ret; \ asm ("umulh %1,%2,%0" \ : "=r"(ret) \ : "r"(a), "r"(b)); \ - ret; }) + ret; }) # endif /* compiler */ -# elif defined(_ARCH_PPC) && defined(__64BIT__) && defined(SIXTY_FOUR_BIT_LONG) +# elif defined(_ARCH_PPC64) && defined(SIXTY_FOUR_BIT_LONG) # if defined(__GNUC__) && __GNUC__>=2 -# define BN_UMULT_HIGH(a,b) ({ \ +# define BN_UMULT_HIGH(a,b) ({ \ register BN_ULONG ret; \ asm ("mulhdu %0,%1,%2" \ : "=r"(ret) \ : "r"(a), "r"(b)); \ - ret; }) + ret; }) # endif /* compiler */ # elif (defined(__x86_64) || defined(__x86_64__)) && \ (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT)) # if defined(__GNUC__) && __GNUC__>=2 -# define BN_UMULT_HIGH(a,b) ({ \ +# define BN_UMULT_HIGH(a,b) ({ \ register BN_ULONG ret,discard; \ asm ("mulq %3" \ : "=a"(discard),"=d"(ret) \ : "a"(a), "g"(b) \ : "cc"); \ - ret; }) -# define BN_UMULT_LOHI(low,high,a,b) \ + ret; }) +# define BN_UMULT_LOHI(low,high,a,b) \ asm ("mulq %3" \ : "=a"(low),"=d"(high) \ : "a"(a),"g"(b) \ @@ -439,43 +426,29 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b, # endif # elif defined(__mips) && (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)) # if defined(__GNUC__) && __GNUC__>=2 -# if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16 - /* "h" constraint is not an option on R6 and was removed in 4.4 */ -# define BN_UMULT_HIGH(a,b) (((__uint128_t)(a)*(b))>>64) -# define BN_UMULT_LOHI(low,high,a,b) ({ \ - __uint128_t ret=(__uint128_t)(a)*(b); \ - (high)=ret>>64; (low)=ret; }) -# else -# define BN_UMULT_HIGH(a,b) ({ \ +# define BN_UMULT_HIGH(a,b) ({ \ register BN_ULONG ret; \ asm ("dmultu %1,%2" \ : "=h"(ret) \ : "r"(a), "r"(b) : "l"); \ ret; }) -# define BN_UMULT_LOHI(low,high,a,b)\ +# define BN_UMULT_LOHI(low,high,a,b) \ asm ("dmultu %2,%3" \ : "=l"(low),"=h"(high) \ : "r"(a), "r"(b)); -# endif # endif # elif defined(__aarch64__) && defined(SIXTY_FOUR_BIT_LONG) # if defined(__GNUC__) && __GNUC__>=2 -# define BN_UMULT_HIGH(a,b) ({ \ +# define BN_UMULT_HIGH(a,b) ({ \ register BN_ULONG ret; \ asm ("umulh %0,%1,%2" \ : "=r"(ret) \ : "r"(a), "r"(b)); \ - ret; }) + ret; }) # endif # endif /* cpu */ # endif /* OPENSSL_NO_ASM */ -/************************************************************* - * Using the long long type - */ -# define Lw(t) (((BN_ULONG)(t))&BN_MASK2) -# define Hw(t) (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2) - # ifdef BN_DEBUG_RAND # define bn_clear_top2max(a) \ { \ @@ -489,6 +462,12 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b, # endif # ifdef BN_LLONG +/******************************************************************* + * Using the long long type, has to be twice as wide as BN_ULONG... + */ +# define Lw(t) (((BN_ULONG)(t))&BN_MASK2) +# define Hw(t) (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2) + # define mul_add(r,a,w,c) { \ BN_ULLONG t; \ t=(BN_ULLONG)w * (a) + (r) + (c); \ @@ -666,10 +645,6 @@ void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t); void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n); void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, BN_ULONG *t); -void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2, - BN_ULONG *t); -BN_ULONG bn_add_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, - int cl, int dl); BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int cl, int dl); int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, @@ -681,8 +656,6 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in, int bn_probable_prime_dh(BIGNUM *rnd, int bits, const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx); -int bn_probable_prime_dh_retry(BIGNUM *rnd, int bits, BN_CTX *ctx); -int bn_probable_prime_dh_coprime(BIGNUM *rnd, int bits, BN_CTX *ctx); static ossl_inline BIGNUM *bn_expand(BIGNUM *a, int bits) { @@ -695,8 +668,4 @@ static ossl_inline BIGNUM *bn_expand(BIGNUM *a, int bits) return bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2); } -#ifdef __cplusplus -} -#endif - #endif diff --git a/deps/openssl/openssl/crypto/bn/bn_lib.c b/deps/openssl/openssl/crypto/bn/bn_lib.c index 3f3c7bbb2f7c20..80f910c8077934 100644 --- a/deps/openssl/openssl/crypto/bn/bn_lib.c +++ b/deps/openssl/openssl/crypto/bn/bn_lib.c @@ -66,15 +66,15 @@ void BN_set_params(int mult, int high, int low, int mont) int BN_get_params(int which) { if (which == 0) - return (bn_limit_bits); + return bn_limit_bits; else if (which == 1) - return (bn_limit_bits_high); + return bn_limit_bits_high; else if (which == 2) - return (bn_limit_bits_low); + return bn_limit_bits_low; else if (which == 3) - return (bn_limit_bits_mont); + return bn_limit_bits_mont; else - return (0); + return 0; } #endif @@ -84,7 +84,7 @@ const BIGNUM *BN_value_one(void) static const BIGNUM const_one = { (BN_ULONG *)&data_one, 1, 1, 0, BN_FLG_STATIC_DATA }; - return (&const_one); + return &const_one; } int BN_num_bits_word(BN_ULONG l) @@ -153,37 +153,26 @@ static void bn_free_d(BIGNUM *a) void BN_clear_free(BIGNUM *a) { - int i; - if (a == NULL) return; - bn_check_top(a); - if (a->d != NULL) { + if (a->d != NULL && !BN_get_flags(a, BN_FLG_STATIC_DATA)) { OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0])); - if (!BN_get_flags(a, BN_FLG_STATIC_DATA)) - bn_free_d(a); + bn_free_d(a); } - i = BN_get_flags(a, BN_FLG_MALLOCED); - OPENSSL_cleanse(a, sizeof(*a)); - if (i) + if (BN_get_flags(a, BN_FLG_MALLOCED)) { + OPENSSL_cleanse(a, sizeof(*a)); OPENSSL_free(a); + } } void BN_free(BIGNUM *a) { if (a == NULL) return; - bn_check_top(a); if (!BN_get_flags(a, BN_FLG_STATIC_DATA)) bn_free_d(a); if (a->flags & BN_FLG_MALLOCED) OPENSSL_free(a); - else { -#if OPENSSL_API_COMPAT < 0x00908000L - a->flags |= BN_FLG_FREE; -#endif - a->d = NULL; - } } void bn_init(BIGNUM *a) @@ -200,11 +189,11 @@ BIGNUM *BN_new(void) if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) { BNerr(BN_F_BN_NEW, ERR_R_MALLOC_FAILURE); - return (NULL); + return NULL; } ret->flags = BN_FLG_MALLOCED; bn_check_top(ret); - return (ret); + return ret; } BIGNUM *BN_secure_new(void) @@ -212,16 +201,14 @@ BIGNUM *BN_new(void) BIGNUM *ret = BN_new(); if (ret != NULL) ret->flags |= BN_FLG_SECURE; - return (ret); + return ret; } /* This is used by bn_expand2() */ /* The caller MUST check that words > b->dmax before calling this */ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) { - BN_ULONG *A, *a = NULL; - const BN_ULONG *B; - int i; + BN_ULONG *a = NULL; if (words > (INT_MAX / (4 * BN_BITS2))) { BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_BIGNUM_TOO_LONG); @@ -229,62 +216,22 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) } if (BN_get_flags(b, BN_FLG_STATIC_DATA)) { BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_EXPAND_ON_STATIC_BIGNUM_DATA); - return (NULL); + return NULL; } if (BN_get_flags(b, BN_FLG_SECURE)) - a = A = OPENSSL_secure_zalloc(words * sizeof(*a)); + a = OPENSSL_secure_zalloc(words * sizeof(*a)); else - a = A = OPENSSL_zalloc(words * sizeof(*a)); - if (A == NULL) { + a = OPENSSL_zalloc(words * sizeof(*a)); + if (a == NULL) { BNerr(BN_F_BN_EXPAND_INTERNAL, ERR_R_MALLOC_FAILURE); - return (NULL); + return NULL; } -#if 1 - B = b->d; - /* Check if the previous number needs to be copied */ - if (B != NULL) { - for (i = b->top >> 2; i > 0; i--, A += 4, B += 4) { - /* - * The fact that the loop is unrolled - * 4-wise is a tribute to Intel. It's - * the one that doesn't have enough - * registers to accommodate more data. - * I'd unroll it 8-wise otherwise:-) - * - * - */ - BN_ULONG a0, a1, a2, a3; - a0 = B[0]; - a1 = B[1]; - a2 = B[2]; - a3 = B[3]; - A[0] = a0; - A[1] = a1; - A[2] = a2; - A[3] = a3; - } - switch (b->top & 3) { - case 3: - A[2] = B[2]; - /* fall thru */ - case 2: - A[1] = B[1]; - /* fall thru */ - case 1: - A[0] = B[0]; - /* fall thru */ - case 0: - /* Without the "case 0" some old optimizers got this wrong. */ - ; - } - } -#else - memset(A, 0, sizeof(*A) * words); - memcpy(A, b->d, sizeof(b->d[0]) * b->top); -#endif + assert(b->top <= words); + if (b->top > 0) + memcpy(a, b->d, sizeof(*a) * b->top); - return (a); + return a; } /* @@ -333,53 +280,21 @@ BIGNUM *BN_dup(const BIGNUM *a) BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) { - int i; - BN_ULONG *A; - const BN_ULONG *B; - bn_check_top(b); if (a == b) - return (a); + return a; if (bn_wexpand(a, b->top) == NULL) - return (NULL); - -#if 1 - A = a->d; - B = b->d; - for (i = b->top >> 2; i > 0; i--, A += 4, B += 4) { - BN_ULONG a0, a1, a2, a3; - a0 = B[0]; - a1 = B[1]; - a2 = B[2]; - a3 = B[3]; - A[0] = a0; - A[1] = a1; - A[2] = a2; - A[3] = a3; - } - /* ultrix cc workaround, see comments in bn_expand_internal */ - switch (b->top & 3) { - case 3: - A[2] = B[2]; - /* fall thru */ - case 2: - A[1] = B[1]; - /* fall thru */ - case 1: - A[0] = B[0]; - /* fall thru */ - case 0:; - } -#else - memcpy(a->d, b->d, sizeof(b->d[0]) * b->top); -#endif + return NULL; + + if (b->top > 0) + memcpy(a->d, b->d, sizeof(b->d[0]) * b->top); a->neg = b->neg; a->top = b->top; a->flags |= b->flags & BN_FLG_FIXED_TOP; bn_check_top(a); - return (a); + return a; } #define FLAGS_DATA(flags) ((flags) & (BN_FLG_STATIC_DATA \ @@ -445,13 +360,13 @@ int BN_set_word(BIGNUM *a, BN_ULONG w) { bn_check_top(a); if (bn_expand(a, (int)sizeof(BN_ULONG) * 8) == NULL) - return (0); + return 0; a->neg = 0; a->d[0] = w; a->top = (w ? 1 : 0); a->flags &= ~BN_FLG_FIXED_TOP; bn_check_top(a); - return (1); + return 1; } BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) @@ -464,7 +379,7 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) if (ret == NULL) ret = bn = BN_new(); if (ret == NULL) - return (NULL); + return NULL; bn_check_top(ret); /* Skip leading zero's. */ for ( ; len > 0 && *s == 0; s++, len--) @@ -472,7 +387,7 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) n = len; if (n == 0) { ret->top = 0; - return (ret); + return ret; } i = ((n - 1) / BN_BYTES) + 1; m = ((n - 1) % (BN_BYTES)); @@ -496,7 +411,7 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) * bit set (-ve number) */ bn_correct_top(ret); - return (ret); + return ret; } /* ignore negative */ @@ -564,7 +479,7 @@ BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret) if (ret == NULL) ret = bn = BN_new(); if (ret == NULL) - return (NULL); + return NULL; bn_check_top(ret); s += len; /* Skip trailing zeroes. */ @@ -631,7 +546,7 @@ int BN_ucmp(const BIGNUM *a, const BIGNUM *b) i = a->top - b->top; if (i != 0) - return (i); + return i; ap = a->d; bp = b->d; for (i = a->top - 1; i >= 0; i--) { @@ -640,7 +555,7 @@ int BN_ucmp(const BIGNUM *a, const BIGNUM *b) if (t1 != t2) return ((t1 > t2) ? 1 : -1); } - return (0); + return 0; } int BN_cmp(const BIGNUM *a, const BIGNUM *b) @@ -651,11 +566,11 @@ int BN_cmp(const BIGNUM *a, const BIGNUM *b) if ((a == NULL) || (b == NULL)) { if (a != NULL) - return (-1); + return -1; else if (b != NULL) - return (1); + return 1; else - return (0); + return 0; } bn_check_top(a); @@ -663,9 +578,9 @@ int BN_cmp(const BIGNUM *a, const BIGNUM *b) if (a->neg != b->neg) { if (a->neg) - return (-1); + return -1; else - return (1); + return 1; } if (a->neg == 0) { gt = 1; @@ -676,18 +591,18 @@ int BN_cmp(const BIGNUM *a, const BIGNUM *b) } if (a->top > b->top) - return (gt); + return gt; if (a->top < b->top) - return (lt); + return lt; for (i = a->top - 1; i >= 0; i--) { t1 = a->d[i]; t2 = b->d[i]; if (t1 > t2) - return (gt); + return gt; if (t1 < t2) - return (lt); + return lt; } - return (0); + return 0; } int BN_set_bit(BIGNUM *a, int n) @@ -701,7 +616,7 @@ int BN_set_bit(BIGNUM *a, int n) j = n % BN_BITS2; if (a->top <= i) { if (bn_wexpand(a, i + 1) == NULL) - return (0); + return 0; for (k = a->top; k < i + 1; k++) a->d[k] = 0; a->top = i + 1; @@ -710,7 +625,7 @@ int BN_set_bit(BIGNUM *a, int n) a->d[i] |= (((BN_ULONG)1) << j); bn_check_top(a); - return (1); + return 1; } int BN_clear_bit(BIGNUM *a, int n) @@ -724,11 +639,11 @@ int BN_clear_bit(BIGNUM *a, int n) i = n / BN_BITS2; j = n % BN_BITS2; if (a->top <= i) - return (0); + return 0; a->d[i] &= (~(((BN_ULONG)1) << j)); bn_correct_top(a); - return (1); + return 1; } int BN_is_bit_set(const BIGNUM *a, int n) @@ -764,7 +679,7 @@ int BN_mask_bits(BIGNUM *a, int n) a->d[w] &= ~(BN_MASK2 << b); } bn_correct_top(a); - return (1); + return 1; } void BN_set_negative(BIGNUM *a, int b) @@ -790,7 +705,7 @@ int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n) if (aa != bb) return ((aa > bb) ? 1 : -1); } - return (0); + return 0; } /* @@ -1000,7 +915,7 @@ BN_GENCB *BN_GENCB_new(void) if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) { BNerr(BN_F_BN_GENCB_NEW, ERR_R_MALLOC_FAILURE); - return (NULL); + return NULL; } return ret; diff --git a/deps/openssl/openssl/crypto/bn/bn_mod.c b/deps/openssl/openssl/crypto/bn/bn_mod.c index 2e98035bd85489..712fc8ac145be2 100644 --- a/deps/openssl/openssl/crypto/bn/bn_mod.c +++ b/deps/openssl/openssl/crypto/bn/bn_mod.c @@ -216,7 +216,7 @@ int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, ret = 1; err: BN_CTX_end(ctx); - return (ret); + return ret; } int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx) diff --git a/deps/openssl/openssl/crypto/bn/bn_mont.c b/deps/openssl/openssl/crypto/bn/bn_mont.c index 41214334b8a3e0..393d27c392c738 100644 --- a/deps/openssl/openssl/crypto/bn/bn_mont.c +++ b/deps/openssl/openssl/crypto/bn/bn_mont.c @@ -44,12 +44,12 @@ int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, #if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD) if (num > 1 && a->top == num && b->top == num) { if (bn_wexpand(r, num) == NULL) - return (0); + return 0; if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, mont->n0, num)) { r->neg = a->neg ^ b->neg; r->top = num; r->flags |= BN_FLG_FIXED_TOP; - return (1); + return 1; } } #endif @@ -81,7 +81,7 @@ int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, ret = 1; err: BN_CTX_end(ctx); - return (ret); + return ret; } #ifdef MONT_WORD @@ -96,17 +96,18 @@ static int bn_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) nl = n->top; if (nl == 0) { ret->top = 0; - return (1); + return 1; } max = (2 * nl); /* carry is stored separately */ if (bn_wexpand(r, max) == NULL) - return (0); + return 0; r->neg ^= n->neg; np = n->d; rp = r->d; + /* clear the top words of T */ for (rtop = r->top, i = 0; i < max; i++) { v = (BN_ULONG)0 - ((i - rtop) >> (8 * sizeof(rtop) - 1)); rp[i] &= v; @@ -130,7 +131,7 @@ static int bn_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) } if (bn_wexpand(ret, nl) == NULL) - return (0); + return 0; ret->top = nl; ret->flags |= BN_FLG_FIXED_TOP; ret->neg = r->neg; @@ -154,7 +155,7 @@ static int bn_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) ap[i] = 0; } - return (1); + return 1; } #endif /* MONT_WORD */ @@ -188,7 +189,7 @@ int bn_from_mont_fixed_top(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, BN_CTX_start(ctx); t1 = BN_CTX_get(ctx); t2 = BN_CTX_get(ctx); - if (t1 == NULL || t2 == NULL) + if (t2 == NULL) goto err; if (!BN_copy(t1, a)) @@ -215,7 +216,7 @@ int bn_from_mont_fixed_top(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, err: BN_CTX_end(ctx); #endif /* MONT_WORD */ - return (retn); + return retn; } int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, @@ -228,20 +229,22 @@ BN_MONT_CTX *BN_MONT_CTX_new(void) { BN_MONT_CTX *ret; - if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) - return (NULL); + if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) { + BNerr(BN_F_BN_MONT_CTX_NEW, ERR_R_MALLOC_FAILURE); + return NULL; + } BN_MONT_CTX_init(ret); ret->flags = BN_FLG_MALLOCED; - return (ret); + return ret; } void BN_MONT_CTX_init(BN_MONT_CTX *ctx) { ctx->ri = 0; - bn_init(&(ctx->RR)); - bn_init(&(ctx->N)); - bn_init(&(ctx->Ni)); + bn_init(&ctx->RR); + bn_init(&ctx->N); + bn_init(&ctx->Ni); ctx->n0[0] = ctx->n0[1] = 0; ctx->flags = 0; } @@ -250,10 +253,9 @@ void BN_MONT_CTX_free(BN_MONT_CTX *mont) { if (mont == NULL) return; - - BN_clear_free(&(mont->RR)); - BN_clear_free(&(mont->N)); - BN_clear_free(&(mont->Ni)); + BN_clear_free(&mont->RR); + BN_clear_free(&mont->N); + BN_clear_free(&mont->Ni); if (mont->flags & BN_FLG_MALLOCED) OPENSSL_free(mont); } @@ -409,7 +411,7 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from) { if (to == from) - return (to); + return to; if (!BN_copy(&(to->RR), &(from->RR))) return NULL; @@ -420,7 +422,7 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from) to->ri = from->ri; to->n0[0] = from->n0[0]; to->n0[1] = from->n0[1]; - return (to); + return to; } BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock, diff --git a/deps/openssl/openssl/crypto/bn/bn_mul.c b/deps/openssl/openssl/crypto/bn/bn_mul.c index 237d7df106cfb4..5eda65cfbb0481 100644 --- a/deps/openssl/openssl/crypto/bn/bn_mul.c +++ b/deps/openssl/openssl/crypto/bn/bn_mul.c @@ -154,170 +154,6 @@ BN_ULONG bn_sub_part_words(BN_ULONG *r, } #endif -BN_ULONG bn_add_part_words(BN_ULONG *r, - const BN_ULONG *a, const BN_ULONG *b, - int cl, int dl) -{ - BN_ULONG c, l, t; - - assert(cl >= 0); - c = bn_add_words(r, a, b, cl); - - if (dl == 0) - return c; - - r += cl; - a += cl; - b += cl; - - if (dl < 0) { - int save_dl = dl; - while (c) { - l = (c + b[0]) & BN_MASK2; - c = (l < c); - r[0] = l; - if (++dl >= 0) - break; - - l = (c + b[1]) & BN_MASK2; - c = (l < c); - r[1] = l; - if (++dl >= 0) - break; - - l = (c + b[2]) & BN_MASK2; - c = (l < c); - r[2] = l; - if (++dl >= 0) - break; - - l = (c + b[3]) & BN_MASK2; - c = (l < c); - r[3] = l; - if (++dl >= 0) - break; - - save_dl = dl; - b += 4; - r += 4; - } - if (dl < 0) { - if (save_dl < dl) { - switch (dl - save_dl) { - case 1: - r[1] = b[1]; - if (++dl >= 0) - break; - /* fall thru */ - case 2: - r[2] = b[2]; - if (++dl >= 0) - break; - /* fall thru */ - case 3: - r[3] = b[3]; - if (++dl >= 0) - break; - } - b += 4; - r += 4; - } - } - if (dl < 0) { - for (;;) { - r[0] = b[0]; - if (++dl >= 0) - break; - r[1] = b[1]; - if (++dl >= 0) - break; - r[2] = b[2]; - if (++dl >= 0) - break; - r[3] = b[3]; - if (++dl >= 0) - break; - - b += 4; - r += 4; - } - } - } else { - int save_dl = dl; - while (c) { - t = (a[0] + c) & BN_MASK2; - c = (t < c); - r[0] = t; - if (--dl <= 0) - break; - - t = (a[1] + c) & BN_MASK2; - c = (t < c); - r[1] = t; - if (--dl <= 0) - break; - - t = (a[2] + c) & BN_MASK2; - c = (t < c); - r[2] = t; - if (--dl <= 0) - break; - - t = (a[3] + c) & BN_MASK2; - c = (t < c); - r[3] = t; - if (--dl <= 0) - break; - - save_dl = dl; - a += 4; - r += 4; - } - if (dl > 0) { - if (save_dl > dl) { - switch (save_dl - dl) { - case 1: - r[1] = a[1]; - if (--dl <= 0) - break; - /* fall thru */ - case 2: - r[2] = a[2]; - if (--dl <= 0) - break; - /* fall thru */ - case 3: - r[3] = a[3]; - if (--dl <= 0) - break; - } - a += 4; - r += 4; - } - } - if (dl > 0) { - for (;;) { - r[0] = a[0]; - if (--dl <= 0) - break; - r[1] = a[1]; - if (--dl <= 0) - break; - r[2] = a[2]; - if (--dl <= 0) - break; - r[3] = a[3]; - if (--dl <= 0) - break; - - a += 4; - r += 4; - } - } - } - return c; -} - #ifdef BN_RECURSION /* * Karatsuba recursive multiplication algorithm (cf. Knuth, The Art of @@ -505,7 +341,6 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */ break; case -3: - /* break; */ case -2: bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */ bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); /* + */ @@ -514,14 +349,12 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, case -1: case 0: case 1: - /* break; */ case 2: bn_sub_part_words(t, a, &(a[n]), tna, n - tna); /* + */ bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */ neg = 1; break; case 3: - /* break; */ case 4: bn_sub_part_words(t, a, &(a[n]), tna, n - tna); bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); @@ -659,176 +492,6 @@ void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, bn_add_words(&(r[n]), &(r[n]), &(t[n]), n); } } - -/*- - * a and b must be the same size, which is n2. - * r needs to be n2 words and t needs to be n2*2 - * l is the low words of the output. - * t needs to be n2*3 - */ -void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2, - BN_ULONG *t) -{ - int i, n; - int c1, c2; - int neg, oneg, zero; - BN_ULONG ll, lc, *lp, *mp; - - n = n2 / 2; - - /* Calculate (al-ah)*(bh-bl) */ - neg = zero = 0; - c1 = bn_cmp_words(&(a[0]), &(a[n]), n); - c2 = bn_cmp_words(&(b[n]), &(b[0]), n); - switch (c1 * 3 + c2) { - case -4: - bn_sub_words(&(r[0]), &(a[n]), &(a[0]), n); - bn_sub_words(&(r[n]), &(b[0]), &(b[n]), n); - break; - case -3: - zero = 1; - break; - case -2: - bn_sub_words(&(r[0]), &(a[n]), &(a[0]), n); - bn_sub_words(&(r[n]), &(b[n]), &(b[0]), n); - neg = 1; - break; - case -1: - case 0: - case 1: - zero = 1; - break; - case 2: - bn_sub_words(&(r[0]), &(a[0]), &(a[n]), n); - bn_sub_words(&(r[n]), &(b[0]), &(b[n]), n); - neg = 1; - break; - case 3: - zero = 1; - break; - case 4: - bn_sub_words(&(r[0]), &(a[0]), &(a[n]), n); - bn_sub_words(&(r[n]), &(b[n]), &(b[0]), n); - break; - } - - oneg = neg; - /* t[10] = (a[0]-a[1])*(b[1]-b[0]) */ - /* r[10] = (a[1]*b[1]) */ -# ifdef BN_MUL_COMBA - if (n == 8) { - bn_mul_comba8(&(t[0]), &(r[0]), &(r[n])); - bn_mul_comba8(r, &(a[n]), &(b[n])); - } else -# endif - { - bn_mul_recursive(&(t[0]), &(r[0]), &(r[n]), n, 0, 0, &(t[n2])); - bn_mul_recursive(r, &(a[n]), &(b[n]), n, 0, 0, &(t[n2])); - } - - /*- - * s0 == low(al*bl) - * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl) - * We know s0 and s1 so the only unknown is high(al*bl) - * high(al*bl) == s1 - low(ah*bh+s0+(al-ah)*(bh-bl)) - * high(al*bl) == s1 - (r[0]+l[0]+t[0]) - */ - if (l != NULL) { - lp = &(t[n2 + n]); - bn_add_words(lp, &(r[0]), &(l[0]), n); - } else { - lp = &(r[0]); - } - - if (neg) - neg = (int)(bn_sub_words(&(t[n2]), lp, &(t[0]), n)); - else { - bn_add_words(&(t[n2]), lp, &(t[0]), n); - neg = 0; - } - - if (l != NULL) { - bn_sub_words(&(t[n2 + n]), &(l[n]), &(t[n2]), n); - } else { - lp = &(t[n2 + n]); - mp = &(t[n2]); - for (i = 0; i < n; i++) - lp[i] = ((~mp[i]) + 1) & BN_MASK2; - } - - /*- - * s[0] = low(al*bl) - * t[3] = high(al*bl) - * t[10] = (a[0]-a[1])*(b[1]-b[0]) neg is the sign - * r[10] = (a[1]*b[1]) - */ - /*- - * R[10] = al*bl - * R[21] = al*bl + ah*bh + (a[0]-a[1])*(b[1]-b[0]) - * R[32] = ah*bh - */ - /*- - * R[1]=t[3]+l[0]+r[0](+-)t[0] (have carry/borrow) - * R[2]=r[0]+t[3]+r[1](+-)t[1] (have carry/borrow) - * R[3]=r[1]+(carry/borrow) - */ - if (l != NULL) { - lp = &(t[n2]); - c1 = (int)(bn_add_words(lp, &(t[n2 + n]), &(l[0]), n)); - } else { - lp = &(t[n2 + n]); - c1 = 0; - } - c1 += (int)(bn_add_words(&(t[n2]), lp, &(r[0]), n)); - if (oneg) - c1 -= (int)(bn_sub_words(&(t[n2]), &(t[n2]), &(t[0]), n)); - else - c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), &(t[0]), n)); - - c2 = (int)(bn_add_words(&(r[0]), &(r[0]), &(t[n2 + n]), n)); - c2 += (int)(bn_add_words(&(r[0]), &(r[0]), &(r[n]), n)); - if (oneg) - c2 -= (int)(bn_sub_words(&(r[0]), &(r[0]), &(t[n]), n)); - else - c2 += (int)(bn_add_words(&(r[0]), &(r[0]), &(t[n]), n)); - - if (c1 != 0) { /* Add starting at r[0], could be +ve or -ve */ - i = 0; - if (c1 > 0) { - lc = c1; - do { - ll = (r[i] + lc) & BN_MASK2; - r[i++] = ll; - lc = (lc > ll); - } while (lc); - } else { - lc = -c1; - do { - ll = r[i]; - r[i++] = (ll - lc) & BN_MASK2; - lc = (lc > ll); - } while (lc); - } - } - if (c2 != 0) { /* Add starting at r[1] */ - i = n; - if (c2 > 0) { - lc = c2; - do { - ll = (r[i] + lc) & BN_MASK2; - r[i++] = ll; - lc = (lc > ll); - } while (lc); - } else { - lc = -c2; - do { - ll = r[i]; - r[i++] = (ll - lc) & BN_MASK2; - lc = (lc > ll); - } while (lc); - } - } -} #endif /* BN_RECURSION */ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) @@ -863,7 +526,7 @@ int bn_mul_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) if ((al == 0) || (bl == 0)) { BN_zero(r); - return (1); + return 1; } top = al + bl; @@ -953,7 +616,7 @@ int bn_mul_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) err: bn_check_top(r); BN_CTX_end(ctx); - return (ret); + return ret; } void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb) diff --git a/deps/openssl/openssl/crypto/bn/bn_nist.c b/deps/openssl/openssl/crypto/bn/bn_nist.c index 53598f97eff5ba..dcdd321c6688cd 100644 --- a/deps/openssl/openssl/crypto/bn/bn_nist.c +++ b/deps/openssl/openssl/crypto/bn/bn_nist.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -254,7 +254,7 @@ static void nist_cp_bn_0(BN_ULONG *dst, const BN_ULONG *src, int top, int max) int i; #ifdef BN_DEBUG - OPENSSL_assert(top <= max); + (void)ossl_assert(top <= max); #endif for (i = 0; i < top; i++) dst[i] = src[i]; diff --git a/deps/openssl/openssl/crypto/bn/bn_prime.c b/deps/openssl/openssl/crypto/bn/bn_prime.c index 616389cfa6282a..b91b31b1f304d2 100644 --- a/deps/openssl/openssl/crypto/bn/bn_prime.c +++ b/deps/openssl/openssl/crypto/bn/bn_prime.c @@ -1,7 +1,5 @@ /* - * WARNING: do not edit! - * Generated by crypto/bn/bn_prime.pl - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -29,53 +27,6 @@ static int probable_prime_dh_safe(BIGNUM *rnd, int bits, const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx); -static const int prime_offsets[480] = { - 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, - 89, 97, 101, 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, 157, 163, - 167, 169, 173, 179, 181, 191, 193, 197, 199, 211, 221, 223, 227, 229, - 233, 239, 241, 247, 251, 257, 263, 269, 271, 277, 281, 283, 289, 293, - 299, 307, 311, 313, 317, 323, 331, 337, 347, 349, 353, 359, 361, 367, - 373, 377, 379, 383, 389, 391, 397, 401, 403, 409, 419, 421, 431, 433, - 437, 439, 443, 449, 457, 461, 463, 467, 479, 481, 487, 491, 493, 499, - 503, 509, 521, 523, 527, 529, 533, 541, 547, 551, 557, 559, 563, 569, - 571, 577, 587, 589, 593, 599, 601, 607, 611, 613, 617, 619, 629, 631, - 641, 643, 647, 653, 659, 661, 667, 673, 677, 683, 689, 691, 697, 701, - 703, 709, 713, 719, 727, 731, 733, 739, 743, 751, 757, 761, 767, 769, - 773, 779, 787, 793, 797, 799, 809, 811, 817, 821, 823, 827, 829, 839, - 841, 851, 853, 857, 859, 863, 871, 877, 881, 883, 887, 893, 899, 901, - 907, 911, 919, 923, 929, 937, 941, 943, 947, 949, 953, 961, 967, 971, - 977, 983, 989, 991, 997, 1003, 1007, 1009, 1013, 1019, 1021, 1027, 1031, - 1033, 1037, 1039, 1049, 1051, 1061, 1063, 1069, 1073, 1079, 1081, 1087, - 1091, 1093, 1097, 1103, 1109, 1117, 1121, 1123, 1129, 1139, 1147, 1151, - 1153, 1157, 1159, 1163, 1171, 1181, 1187, 1189, 1193, 1201, 1207, 1213, - 1217, 1219, 1223, 1229, 1231, 1237, 1241, 1247, 1249, 1259, 1261, 1271, - 1273, 1277, 1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307, 1313, 1319, - 1321, 1327, 1333, 1339, 1343, 1349, 1357, 1361, 1363, 1367, 1369, 1373, - 1381, 1387, 1391, 1399, 1403, 1409, 1411, 1417, 1423, 1427, 1429, 1433, - 1439, 1447, 1451, 1453, 1457, 1459, 1469, 1471, 1481, 1483, 1487, 1489, - 1493, 1499, 1501, 1511, 1513, 1517, 1523, 1531, 1537, 1541, 1543, 1549, - 1553, 1559, 1567, 1571, 1577, 1579, 1583, 1591, 1597, 1601, 1607, 1609, - 1613, 1619, 1621, 1627, 1633, 1637, 1643, 1649, 1651, 1657, 1663, 1667, - 1669, 1679, 1681, 1691, 1693, 1697, 1699, 1703, 1709, 1711, 1717, 1721, - 1723, 1733, 1739, 1741, 1747, 1751, 1753, 1759, 1763, 1769, 1777, 1781, - 1783, 1787, 1789, 1801, 1807, 1811, 1817, 1819, 1823, 1829, 1831, 1843, - 1847, 1849, 1853, 1861, 1867, 1871, 1873, 1877, 1879, 1889, 1891, 1901, - 1907, 1909, 1913, 1919, 1921, 1927, 1931, 1933, 1937, 1943, 1949, 1951, - 1957, 1961, 1963, 1973, 1979, 1987, 1993, 1997, 1999, 2003, 2011, 2017, - 2021, 2027, 2029, 2033, 2039, 2041, 2047, 2053, 2059, 2063, 2069, 2071, - 2077, 2081, 2083, 2087, 2089, 2099, 2111, 2113, 2117, 2119, 2129, 2131, - 2137, 2141, 2143, 2147, 2153, 2159, 2161, 2171, 2173, 2179, 2183, 2197, - 2201, 2203, 2207, 2209, 2213, 2221, 2227, 2231, 2237, 2239, 2243, 2249, - 2251, 2257, 2263, 2267, 2269, 2273, 2279, 2281, 2287, 2291, 2293, 2297, - 2309, 2311 -}; - -static const int prime_offset_count = 480; -static const int prime_multiplier = 2310; -static const int prime_multiplier_bits = 11; /* 2^|prime_multiplier_bits| <= - * |prime_multiplier| */ -static const int first_prime_index = 5; - int BN_GENCB_call(BN_GENCB *cb, int a, int b) { /* No callback means continue */ @@ -127,7 +78,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, goto err; BN_CTX_start(ctx); t = BN_CTX_get(ctx); - if (!t) + if (t == NULL) goto err; loop: /* make a random number and set the top and bottom bits */ @@ -203,26 +154,28 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, int i, j, ret = -1; int k; BN_CTX *ctx = NULL; - BIGNUM *A1, *A1_odd, *check; /* taken from ctx */ + BIGNUM *A1, *A1_odd, *A3, *check; /* taken from ctx */ BN_MONT_CTX *mont = NULL; - if (BN_cmp(a, BN_value_one()) <= 0) + /* Take care of the really small primes 2 & 3 */ + if (BN_is_word(a, 2) || BN_is_word(a, 3)) + return 1; + + /* Check odd and bigger than 1 */ + if (!BN_is_odd(a) || BN_cmp(a, BN_value_one()) <= 0) return 0; if (checks == BN_prime_checks) checks = BN_prime_checks_for_size(BN_num_bits(a)); /* first look for small factors */ - if (!BN_is_odd(a)) - /* a is even => a is prime if and only if a == 2 */ - return BN_is_word(a, 2); if (do_trial_division) { for (i = 1; i < NUMPRIMES; i++) { BN_ULONG mod = BN_mod_word(a, primes[i]); if (mod == (BN_ULONG)-1) goto err; if (mod == 0) - return 0; + return BN_is_word(a, primes[i]); } if (!BN_GENCB_call(cb, 1, -1)) goto err; @@ -235,20 +188,18 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, BN_CTX_start(ctx); A1 = BN_CTX_get(ctx); + A3 = BN_CTX_get(ctx); A1_odd = BN_CTX_get(ctx); check = BN_CTX_get(ctx); if (check == NULL) goto err; /* compute A1 := a - 1 */ - if (!BN_copy(A1, a)) + if (!BN_copy(A1, a) || !BN_sub_word(A1, 1)) goto err; - if (!BN_sub_word(A1, 1)) + /* compute A3 := a - 3 */ + if (!BN_copy(A3, a) || !BN_sub_word(A3, 3)) goto err; - if (BN_is_zero(A1)) { - ret = 0; - goto err; - } /* write A1 as A1_odd * 2^k */ k = 1; @@ -265,11 +216,9 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, goto err; for (i = 0; i < checks; i++) { - if (!BN_pseudo_rand_range(check, A1)) + /* 1 < check < a-1 */ + if (!BN_priv_rand_range(check, A3) || !BN_add_word(check, 2)) goto err; - if (!BN_add_word(check, 1)) - goto err; - /* now 1 <= check < a */ j = witness(check, a, A1, A1_odd, k, ctx, mont); if (j == -1) @@ -290,83 +239,6 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, } BN_MONT_CTX_free(mont); - return (ret); -} - -int bn_probable_prime_dh_retry(BIGNUM *rnd, int bits, BN_CTX *ctx) -{ - int i; - int ret = 0; - - loop: - if (!BN_rand(rnd, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD)) - goto err; - - /* we now have a random number 'rand' to test. */ - - for (i = 1; i < NUMPRIMES; i++) { - /* check that rnd is a prime */ - BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]); - if (mod == (BN_ULONG)-1) - goto err; - if (mod <= 1) { - goto loop; - } - } - ret = 1; - - err: - bn_check_top(rnd); - return (ret); -} - -int bn_probable_prime_dh_coprime(BIGNUM *rnd, int bits, BN_CTX *ctx) -{ - int i; - BIGNUM *offset_index; - BIGNUM *offset_count; - int ret = 0; - - OPENSSL_assert(bits > prime_multiplier_bits); - - BN_CTX_start(ctx); - if ((offset_index = BN_CTX_get(ctx)) == NULL) - goto err; - if ((offset_count = BN_CTX_get(ctx)) == NULL) - goto err; - - if (!BN_add_word(offset_count, prime_offset_count)) - goto err; - - loop: - if (!BN_rand(rnd, bits - prime_multiplier_bits, - BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD)) - goto err; - if (BN_is_bit_set(rnd, bits)) - goto loop; - if (!BN_rand_range(offset_index, offset_count)) - goto err; - - if (!BN_mul_word(rnd, prime_multiplier) - || !BN_add_word(rnd, prime_offsets[BN_get_word(offset_index)])) - goto err; - - /* we now have a random number 'rand' to test. */ - - /* skip coprimes */ - for (i = first_prime_index; i < NUMPRIMES; i++) { - /* check that rnd is a prime */ - BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]); - if (mod == (BN_ULONG)-1) - goto err; - if (mod <= 1) - goto loop; - } - ret = 1; - - err: - BN_CTX_end(ctx); - bn_check_top(rnd); return ret; } @@ -405,8 +277,9 @@ static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods) char is_single_word = bits <= BN_BITS2; again: - if (!BN_rand(rnd, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ODD)) - return (0); + /* TODO: Not all primes are private */ + if (!BN_priv_rand(rnd, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ODD)) + return 0; /* we now have a random number 'rnd' to test. */ for (i = 1; i < NUMPRIMES; i++) { BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]); @@ -472,11 +345,11 @@ static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods) } } if (!BN_add_word(rnd, delta)) - return (0); + return 0; if (BN_num_bits(rnd) != bits) goto again; bn_check_top(rnd); - return (1); + return 1; } int bn_probable_prime_dh(BIGNUM *rnd, int bits, @@ -525,7 +398,7 @@ int bn_probable_prime_dh(BIGNUM *rnd, int bits, err: BN_CTX_end(ctx); bn_check_top(rnd); - return (ret); + return ret; } static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd, @@ -592,5 +465,5 @@ static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd, err: BN_CTX_end(ctx); bn_check_top(p); - return (ret); + return ret; } diff --git a/deps/openssl/openssl/crypto/bn/bn_prime.h b/deps/openssl/openssl/crypto/bn/bn_prime.h index 41440fa4e19c15..a64c9630f3b04f 100644 --- a/deps/openssl/openssl/crypto/bn/bn_prime.h +++ b/deps/openssl/openssl/crypto/bn/bn_prime.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/bn/bn_prime.pl * - * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,261 +14,260 @@ typedef unsigned short prime_t; # define NUMPRIMES 2048 static const prime_t primes[2048] = { - - 2, 3, 5, 7, 11, 13, 17, 19, - 23, 29, 31, 37, 41, 43, 47, 53, - 59, 61, 67, 71, 73, 79, 83, 89, - 97, 101, 103, 107, 109, 113, 127, 131, - 137, 139, 149, 151, 157, 163, 167, 173, - 179, 181, 191, 193, 197, 199, 211, 223, - 227, 229, 233, 239, 241, 251, 257, 263, - 269, 271, 277, 281, 283, 293, 307, 311, - 313, 317, 331, 337, 347, 349, 353, 359, - 367, 373, 379, 383, 389, 397, 401, 409, - 419, 421, 431, 433, 439, 443, 449, 457, - 461, 463, 467, 479, 487, 491, 499, 503, - 509, 521, 523, 541, 547, 557, 563, 569, - 571, 577, 587, 593, 599, 601, 607, 613, - 617, 619, 631, 641, 643, 647, 653, 659, - 661, 673, 677, 683, 691, 701, 709, 719, - 727, 733, 739, 743, 751, 757, 761, 769, - 773, 787, 797, 809, 811, 821, 823, 827, - 829, 839, 853, 857, 859, 863, 877, 881, - 883, 887, 907, 911, 919, 929, 937, 941, - 947, 953, 967, 971, 977, 983, 991, 997, - 1009, 1013, 1019, 1021, 1031, 1033, 1039, 1049, - 1051, 1061, 1063, 1069, 1087, 1091, 1093, 1097, - 1103, 1109, 1117, 1123, 1129, 1151, 1153, 1163, - 1171, 1181, 1187, 1193, 1201, 1213, 1217, 1223, - 1229, 1231, 1237, 1249, 1259, 1277, 1279, 1283, - 1289, 1291, 1297, 1301, 1303, 1307, 1319, 1321, - 1327, 1361, 1367, 1373, 1381, 1399, 1409, 1423, - 1427, 1429, 1433, 1439, 1447, 1451, 1453, 1459, - 1471, 1481, 1483, 1487, 1489, 1493, 1499, 1511, - 1523, 1531, 1543, 1549, 1553, 1559, 1567, 1571, - 1579, 1583, 1597, 1601, 1607, 1609, 1613, 1619, - 1621, 1627, 1637, 1657, 1663, 1667, 1669, 1693, - 1697, 1699, 1709, 1721, 1723, 1733, 1741, 1747, - 1753, 1759, 1777, 1783, 1787, 1789, 1801, 1811, - 1823, 1831, 1847, 1861, 1867, 1871, 1873, 1877, - 1879, 1889, 1901, 1907, 1913, 1931, 1933, 1949, - 1951, 1973, 1979, 1987, 1993, 1997, 1999, 2003, - 2011, 2017, 2027, 2029, 2039, 2053, 2063, 2069, - 2081, 2083, 2087, 2089, 2099, 2111, 2113, 2129, - 2131, 2137, 2141, 2143, 2153, 2161, 2179, 2203, - 2207, 2213, 2221, 2237, 2239, 2243, 2251, 2267, - 2269, 2273, 2281, 2287, 2293, 2297, 2309, 2311, - 2333, 2339, 2341, 2347, 2351, 2357, 2371, 2377, - 2381, 2383, 2389, 2393, 2399, 2411, 2417, 2423, - 2437, 2441, 2447, 2459, 2467, 2473, 2477, 2503, - 2521, 2531, 2539, 2543, 2549, 2551, 2557, 2579, - 2591, 2593, 2609, 2617, 2621, 2633, 2647, 2657, - 2659, 2663, 2671, 2677, 2683, 2687, 2689, 2693, - 2699, 2707, 2711, 2713, 2719, 2729, 2731, 2741, - 2749, 2753, 2767, 2777, 2789, 2791, 2797, 2801, - 2803, 2819, 2833, 2837, 2843, 2851, 2857, 2861, - 2879, 2887, 2897, 2903, 2909, 2917, 2927, 2939, - 2953, 2957, 2963, 2969, 2971, 2999, 3001, 3011, - 3019, 3023, 3037, 3041, 3049, 3061, 3067, 3079, - 3083, 3089, 3109, 3119, 3121, 3137, 3163, 3167, - 3169, 3181, 3187, 3191, 3203, 3209, 3217, 3221, - 3229, 3251, 3253, 3257, 3259, 3271, 3299, 3301, - 3307, 3313, 3319, 3323, 3329, 3331, 3343, 3347, - 3359, 3361, 3371, 3373, 3389, 3391, 3407, 3413, - 3433, 3449, 3457, 3461, 3463, 3467, 3469, 3491, - 3499, 3511, 3517, 3527, 3529, 3533, 3539, 3541, - 3547, 3557, 3559, 3571, 3581, 3583, 3593, 3607, - 3613, 3617, 3623, 3631, 3637, 3643, 3659, 3671, - 3673, 3677, 3691, 3697, 3701, 3709, 3719, 3727, - 3733, 3739, 3761, 3767, 3769, 3779, 3793, 3797, - 3803, 3821, 3823, 3833, 3847, 3851, 3853, 3863, - 3877, 3881, 3889, 3907, 3911, 3917, 3919, 3923, - 3929, 3931, 3943, 3947, 3967, 3989, 4001, 4003, - 4007, 4013, 4019, 4021, 4027, 4049, 4051, 4057, - 4073, 4079, 4091, 4093, 4099, 4111, 4127, 4129, - 4133, 4139, 4153, 4157, 4159, 4177, 4201, 4211, - 4217, 4219, 4229, 4231, 4241, 4243, 4253, 4259, - 4261, 4271, 4273, 4283, 4289, 4297, 4327, 4337, - 4339, 4349, 4357, 4363, 4373, 4391, 4397, 4409, - 4421, 4423, 4441, 4447, 4451, 4457, 4463, 4481, - 4483, 4493, 4507, 4513, 4517, 4519, 4523, 4547, - 4549, 4561, 4567, 4583, 4591, 4597, 4603, 4621, - 4637, 4639, 4643, 4649, 4651, 4657, 4663, 4673, - 4679, 4691, 4703, 4721, 4723, 4729, 4733, 4751, - 4759, 4783, 4787, 4789, 4793, 4799, 4801, 4813, - 4817, 4831, 4861, 4871, 4877, 4889, 4903, 4909, - 4919, 4931, 4933, 4937, 4943, 4951, 4957, 4967, - 4969, 4973, 4987, 4993, 4999, 5003, 5009, 5011, - 5021, 5023, 5039, 5051, 5059, 5077, 5081, 5087, - 5099, 5101, 5107, 5113, 5119, 5147, 5153, 5167, - 5171, 5179, 5189, 5197, 5209, 5227, 5231, 5233, - 5237, 5261, 5273, 5279, 5281, 5297, 5303, 5309, - 5323, 5333, 5347, 5351, 5381, 5387, 5393, 5399, - 5407, 5413, 5417, 5419, 5431, 5437, 5441, 5443, - 5449, 5471, 5477, 5479, 5483, 5501, 5503, 5507, - 5519, 5521, 5527, 5531, 5557, 5563, 5569, 5573, - 5581, 5591, 5623, 5639, 5641, 5647, 5651, 5653, - 5657, 5659, 5669, 5683, 5689, 5693, 5701, 5711, - 5717, 5737, 5741, 5743, 5749, 5779, 5783, 5791, - 5801, 5807, 5813, 5821, 5827, 5839, 5843, 5849, - 5851, 5857, 5861, 5867, 5869, 5879, 5881, 5897, - 5903, 5923, 5927, 5939, 5953, 5981, 5987, 6007, - 6011, 6029, 6037, 6043, 6047, 6053, 6067, 6073, - 6079, 6089, 6091, 6101, 6113, 6121, 6131, 6133, - 6143, 6151, 6163, 6173, 6197, 6199, 6203, 6211, - 6217, 6221, 6229, 6247, 6257, 6263, 6269, 6271, - 6277, 6287, 6299, 6301, 6311, 6317, 6323, 6329, - 6337, 6343, 6353, 6359, 6361, 6367, 6373, 6379, - 6389, 6397, 6421, 6427, 6449, 6451, 6469, 6473, - 6481, 6491, 6521, 6529, 6547, 6551, 6553, 6563, - 6569, 6571, 6577, 6581, 6599, 6607, 6619, 6637, - 6653, 6659, 6661, 6673, 6679, 6689, 6691, 6701, - 6703, 6709, 6719, 6733, 6737, 6761, 6763, 6779, - 6781, 6791, 6793, 6803, 6823, 6827, 6829, 6833, - 6841, 6857, 6863, 6869, 6871, 6883, 6899, 6907, - 6911, 6917, 6947, 6949, 6959, 6961, 6967, 6971, - 6977, 6983, 6991, 6997, 7001, 7013, 7019, 7027, - 7039, 7043, 7057, 7069, 7079, 7103, 7109, 7121, - 7127, 7129, 7151, 7159, 7177, 7187, 7193, 7207, - 7211, 7213, 7219, 7229, 7237, 7243, 7247, 7253, - 7283, 7297, 7307, 7309, 7321, 7331, 7333, 7349, - 7351, 7369, 7393, 7411, 7417, 7433, 7451, 7457, - 7459, 7477, 7481, 7487, 7489, 7499, 7507, 7517, - 7523, 7529, 7537, 7541, 7547, 7549, 7559, 7561, - 7573, 7577, 7583, 7589, 7591, 7603, 7607, 7621, - 7639, 7643, 7649, 7669, 7673, 7681, 7687, 7691, - 7699, 7703, 7717, 7723, 7727, 7741, 7753, 7757, - 7759, 7789, 7793, 7817, 7823, 7829, 7841, 7853, - 7867, 7873, 7877, 7879, 7883, 7901, 7907, 7919, - 7927, 7933, 7937, 7949, 7951, 7963, 7993, 8009, - 8011, 8017, 8039, 8053, 8059, 8069, 8081, 8087, - 8089, 8093, 8101, 8111, 8117, 8123, 8147, 8161, - 8167, 8171, 8179, 8191, 8209, 8219, 8221, 8231, - 8233, 8237, 8243, 8263, 8269, 8273, 8287, 8291, - 8293, 8297, 8311, 8317, 8329, 8353, 8363, 8369, - 8377, 8387, 8389, 8419, 8423, 8429, 8431, 8443, - 8447, 8461, 8467, 8501, 8513, 8521, 8527, 8537, - 8539, 8543, 8563, 8573, 8581, 8597, 8599, 8609, - 8623, 8627, 8629, 8641, 8647, 8663, 8669, 8677, - 8681, 8689, 8693, 8699, 8707, 8713, 8719, 8731, - 8737, 8741, 8747, 8753, 8761, 8779, 8783, 8803, - 8807, 8819, 8821, 8831, 8837, 8839, 8849, 8861, - 8863, 8867, 8887, 8893, 8923, 8929, 8933, 8941, - 8951, 8963, 8969, 8971, 8999, 9001, 9007, 9011, - 9013, 9029, 9041, 9043, 9049, 9059, 9067, 9091, - 9103, 9109, 9127, 9133, 9137, 9151, 9157, 9161, - 9173, 9181, 9187, 9199, 9203, 9209, 9221, 9227, - 9239, 9241, 9257, 9277, 9281, 9283, 9293, 9311, - 9319, 9323, 9337, 9341, 9343, 9349, 9371, 9377, - 9391, 9397, 9403, 9413, 9419, 9421, 9431, 9433, - 9437, 9439, 9461, 9463, 9467, 9473, 9479, 9491, - 9497, 9511, 9521, 9533, 9539, 9547, 9551, 9587, - 9601, 9613, 9619, 9623, 9629, 9631, 9643, 9649, - 9661, 9677, 9679, 9689, 9697, 9719, 9721, 9733, - 9739, 9743, 9749, 9767, 9769, 9781, 9787, 9791, - 9803, 9811, 9817, 9829, 9833, 9839, 9851, 9857, - 9859, 9871, 9883, 9887, 9901, 9907, 9923, 9929, - 9931, 9941, 9949, 9967, 9973, 10007, 10009, 10037, - 10039, 10061, 10067, 10069, 10079, 10091, 10093, 10099, - 10103, 10111, 10133, 10139, 10141, 10151, 10159, 10163, - 10169, 10177, 10181, 10193, 10211, 10223, 10243, 10247, - 10253, 10259, 10267, 10271, 10273, 10289, 10301, 10303, - 10313, 10321, 10331, 10333, 10337, 10343, 10357, 10369, - 10391, 10399, 10427, 10429, 10433, 10453, 10457, 10459, - 10463, 10477, 10487, 10499, 10501, 10513, 10529, 10531, - 10559, 10567, 10589, 10597, 10601, 10607, 10613, 10627, - 10631, 10639, 10651, 10657, 10663, 10667, 10687, 10691, - 10709, 10711, 10723, 10729, 10733, 10739, 10753, 10771, - 10781, 10789, 10799, 10831, 10837, 10847, 10853, 10859, - 10861, 10867, 10883, 10889, 10891, 10903, 10909, 10937, - 10939, 10949, 10957, 10973, 10979, 10987, 10993, 11003, - 11027, 11047, 11057, 11059, 11069, 11071, 11083, 11087, - 11093, 11113, 11117, 11119, 11131, 11149, 11159, 11161, - 11171, 11173, 11177, 11197, 11213, 11239, 11243, 11251, - 11257, 11261, 11273, 11279, 11287, 11299, 11311, 11317, - 11321, 11329, 11351, 11353, 11369, 11383, 11393, 11399, - 11411, 11423, 11437, 11443, 11447, 11467, 11471, 11483, - 11489, 11491, 11497, 11503, 11519, 11527, 11549, 11551, - 11579, 11587, 11593, 11597, 11617, 11621, 11633, 11657, - 11677, 11681, 11689, 11699, 11701, 11717, 11719, 11731, - 11743, 11777, 11779, 11783, 11789, 11801, 11807, 11813, - 11821, 11827, 11831, 11833, 11839, 11863, 11867, 11887, - 11897, 11903, 11909, 11923, 11927, 11933, 11939, 11941, - 11953, 11959, 11969, 11971, 11981, 11987, 12007, 12011, - 12037, 12041, 12043, 12049, 12071, 12073, 12097, 12101, - 12107, 12109, 12113, 12119, 12143, 12149, 12157, 12161, - 12163, 12197, 12203, 12211, 12227, 12239, 12241, 12251, - 12253, 12263, 12269, 12277, 12281, 12289, 12301, 12323, - 12329, 12343, 12347, 12373, 12377, 12379, 12391, 12401, - 12409, 12413, 12421, 12433, 12437, 12451, 12457, 12473, - 12479, 12487, 12491, 12497, 12503, 12511, 12517, 12527, - 12539, 12541, 12547, 12553, 12569, 12577, 12583, 12589, - 12601, 12611, 12613, 12619, 12637, 12641, 12647, 12653, - 12659, 12671, 12689, 12697, 12703, 12713, 12721, 12739, - 12743, 12757, 12763, 12781, 12791, 12799, 12809, 12821, - 12823, 12829, 12841, 12853, 12889, 12893, 12899, 12907, - 12911, 12917, 12919, 12923, 12941, 12953, 12959, 12967, - 12973, 12979, 12983, 13001, 13003, 13007, 13009, 13033, - 13037, 13043, 13049, 13063, 13093, 13099, 13103, 13109, - 13121, 13127, 13147, 13151, 13159, 13163, 13171, 13177, - 13183, 13187, 13217, 13219, 13229, 13241, 13249, 13259, - 13267, 13291, 13297, 13309, 13313, 13327, 13331, 13337, - 13339, 13367, 13381, 13397, 13399, 13411, 13417, 13421, - 13441, 13451, 13457, 13463, 13469, 13477, 13487, 13499, - 13513, 13523, 13537, 13553, 13567, 13577, 13591, 13597, - 13613, 13619, 13627, 13633, 13649, 13669, 13679, 13681, - 13687, 13691, 13693, 13697, 13709, 13711, 13721, 13723, - 13729, 13751, 13757, 13759, 13763, 13781, 13789, 13799, - 13807, 13829, 13831, 13841, 13859, 13873, 13877, 13879, - 13883, 13901, 13903, 13907, 13913, 13921, 13931, 13933, - 13963, 13967, 13997, 13999, 14009, 14011, 14029, 14033, - 14051, 14057, 14071, 14081, 14083, 14087, 14107, 14143, - 14149, 14153, 14159, 14173, 14177, 14197, 14207, 14221, - 14243, 14249, 14251, 14281, 14293, 14303, 14321, 14323, - 14327, 14341, 14347, 14369, 14387, 14389, 14401, 14407, - 14411, 14419, 14423, 14431, 14437, 14447, 14449, 14461, - 14479, 14489, 14503, 14519, 14533, 14537, 14543, 14549, - 14551, 14557, 14561, 14563, 14591, 14593, 14621, 14627, - 14629, 14633, 14639, 14653, 14657, 14669, 14683, 14699, - 14713, 14717, 14723, 14731, 14737, 14741, 14747, 14753, - 14759, 14767, 14771, 14779, 14783, 14797, 14813, 14821, - 14827, 14831, 14843, 14851, 14867, 14869, 14879, 14887, - 14891, 14897, 14923, 14929, 14939, 14947, 14951, 14957, - 14969, 14983, 15013, 15017, 15031, 15053, 15061, 15073, - 15077, 15083, 15091, 15101, 15107, 15121, 15131, 15137, - 15139, 15149, 15161, 15173, 15187, 15193, 15199, 15217, - 15227, 15233, 15241, 15259, 15263, 15269, 15271, 15277, - 15287, 15289, 15299, 15307, 15313, 15319, 15329, 15331, - 15349, 15359, 15361, 15373, 15377, 15383, 15391, 15401, - 15413, 15427, 15439, 15443, 15451, 15461, 15467, 15473, - 15493, 15497, 15511, 15527, 15541, 15551, 15559, 15569, - 15581, 15583, 15601, 15607, 15619, 15629, 15641, 15643, - 15647, 15649, 15661, 15667, 15671, 15679, 15683, 15727, - 15731, 15733, 15737, 15739, 15749, 15761, 15767, 15773, - 15787, 15791, 15797, 15803, 15809, 15817, 15823, 15859, - 15877, 15881, 15887, 15889, 15901, 15907, 15913, 15919, - 15923, 15937, 15959, 15971, 15973, 15991, 16001, 16007, - 16033, 16057, 16061, 16063, 16067, 16069, 16073, 16087, - 16091, 16097, 16103, 16111, 16127, 16139, 16141, 16183, - 16187, 16189, 16193, 16217, 16223, 16229, 16231, 16249, - 16253, 16267, 16273, 16301, 16319, 16333, 16339, 16349, - 16361, 16363, 16369, 16381, 16411, 16417, 16421, 16427, - 16433, 16447, 16451, 16453, 16477, 16481, 16487, 16493, - 16519, 16529, 16547, 16553, 16561, 16567, 16573, 16603, - 16607, 16619, 16631, 16633, 16649, 16651, 16657, 16661, - 16673, 16691, 16693, 16699, 16703, 16729, 16741, 16747, - 16759, 16763, 16787, 16811, 16823, 16829, 16831, 16843, - 16871, 16879, 16883, 16889, 16901, 16903, 16921, 16927, - 16931, 16937, 16943, 16963, 16979, 16981, 16987, 16993, - 17011, 17021, 17027, 17029, 17033, 17041, 17047, 17053, - 17077, 17093, 17099, 17107, 17117, 17123, 17137, 17159, - 17167, 17183, 17189, 17191, 17203, 17207, 17209, 17231, - 17239, 17257, 17291, 17293, 17299, 17317, 17321, 17327, - 17333, 17341, 17351, 17359, 17377, 17383, 17387, 17389, - 17393, 17401, 17417, 17419, 17431, 17443, 17449, 17467, - 17471, 17477, 17483, 17489, 17491, 17497, 17509, 17519, - 17539, 17551, 17569, 17573, 17579, 17581, 17597, 17599, - 17609, 17623, 17627, 17657, 17659, 17669, 17681, 17683, - 17707, 17713, 17729, 17737, 17747, 17749, 17761, 17783, - 17789, 17791, 17807, 17827, 17837, 17839, 17851, 17863, + 2, 3, 5, 7, 11, 13, 17, 19, + 23, 29, 31, 37, 41, 43, 47, 53, + 59, 61, 67, 71, 73, 79, 83, 89, + 97, 101, 103, 107, 109, 113, 127, 131, + 137, 139, 149, 151, 157, 163, 167, 173, + 179, 181, 191, 193, 197, 199, 211, 223, + 227, 229, 233, 239, 241, 251, 257, 263, + 269, 271, 277, 281, 283, 293, 307, 311, + 313, 317, 331, 337, 347, 349, 353, 359, + 367, 373, 379, 383, 389, 397, 401, 409, + 419, 421, 431, 433, 439, 443, 449, 457, + 461, 463, 467, 479, 487, 491, 499, 503, + 509, 521, 523, 541, 547, 557, 563, 569, + 571, 577, 587, 593, 599, 601, 607, 613, + 617, 619, 631, 641, 643, 647, 653, 659, + 661, 673, 677, 683, 691, 701, 709, 719, + 727, 733, 739, 743, 751, 757, 761, 769, + 773, 787, 797, 809, 811, 821, 823, 827, + 829, 839, 853, 857, 859, 863, 877, 881, + 883, 887, 907, 911, 919, 929, 937, 941, + 947, 953, 967, 971, 977, 983, 991, 997, + 1009, 1013, 1019, 1021, 1031, 1033, 1039, 1049, + 1051, 1061, 1063, 1069, 1087, 1091, 1093, 1097, + 1103, 1109, 1117, 1123, 1129, 1151, 1153, 1163, + 1171, 1181, 1187, 1193, 1201, 1213, 1217, 1223, + 1229, 1231, 1237, 1249, 1259, 1277, 1279, 1283, + 1289, 1291, 1297, 1301, 1303, 1307, 1319, 1321, + 1327, 1361, 1367, 1373, 1381, 1399, 1409, 1423, + 1427, 1429, 1433, 1439, 1447, 1451, 1453, 1459, + 1471, 1481, 1483, 1487, 1489, 1493, 1499, 1511, + 1523, 1531, 1543, 1549, 1553, 1559, 1567, 1571, + 1579, 1583, 1597, 1601, 1607, 1609, 1613, 1619, + 1621, 1627, 1637, 1657, 1663, 1667, 1669, 1693, + 1697, 1699, 1709, 1721, 1723, 1733, 1741, 1747, + 1753, 1759, 1777, 1783, 1787, 1789, 1801, 1811, + 1823, 1831, 1847, 1861, 1867, 1871, 1873, 1877, + 1879, 1889, 1901, 1907, 1913, 1931, 1933, 1949, + 1951, 1973, 1979, 1987, 1993, 1997, 1999, 2003, + 2011, 2017, 2027, 2029, 2039, 2053, 2063, 2069, + 2081, 2083, 2087, 2089, 2099, 2111, 2113, 2129, + 2131, 2137, 2141, 2143, 2153, 2161, 2179, 2203, + 2207, 2213, 2221, 2237, 2239, 2243, 2251, 2267, + 2269, 2273, 2281, 2287, 2293, 2297, 2309, 2311, + 2333, 2339, 2341, 2347, 2351, 2357, 2371, 2377, + 2381, 2383, 2389, 2393, 2399, 2411, 2417, 2423, + 2437, 2441, 2447, 2459, 2467, 2473, 2477, 2503, + 2521, 2531, 2539, 2543, 2549, 2551, 2557, 2579, + 2591, 2593, 2609, 2617, 2621, 2633, 2647, 2657, + 2659, 2663, 2671, 2677, 2683, 2687, 2689, 2693, + 2699, 2707, 2711, 2713, 2719, 2729, 2731, 2741, + 2749, 2753, 2767, 2777, 2789, 2791, 2797, 2801, + 2803, 2819, 2833, 2837, 2843, 2851, 2857, 2861, + 2879, 2887, 2897, 2903, 2909, 2917, 2927, 2939, + 2953, 2957, 2963, 2969, 2971, 2999, 3001, 3011, + 3019, 3023, 3037, 3041, 3049, 3061, 3067, 3079, + 3083, 3089, 3109, 3119, 3121, 3137, 3163, 3167, + 3169, 3181, 3187, 3191, 3203, 3209, 3217, 3221, + 3229, 3251, 3253, 3257, 3259, 3271, 3299, 3301, + 3307, 3313, 3319, 3323, 3329, 3331, 3343, 3347, + 3359, 3361, 3371, 3373, 3389, 3391, 3407, 3413, + 3433, 3449, 3457, 3461, 3463, 3467, 3469, 3491, + 3499, 3511, 3517, 3527, 3529, 3533, 3539, 3541, + 3547, 3557, 3559, 3571, 3581, 3583, 3593, 3607, + 3613, 3617, 3623, 3631, 3637, 3643, 3659, 3671, + 3673, 3677, 3691, 3697, 3701, 3709, 3719, 3727, + 3733, 3739, 3761, 3767, 3769, 3779, 3793, 3797, + 3803, 3821, 3823, 3833, 3847, 3851, 3853, 3863, + 3877, 3881, 3889, 3907, 3911, 3917, 3919, 3923, + 3929, 3931, 3943, 3947, 3967, 3989, 4001, 4003, + 4007, 4013, 4019, 4021, 4027, 4049, 4051, 4057, + 4073, 4079, 4091, 4093, 4099, 4111, 4127, 4129, + 4133, 4139, 4153, 4157, 4159, 4177, 4201, 4211, + 4217, 4219, 4229, 4231, 4241, 4243, 4253, 4259, + 4261, 4271, 4273, 4283, 4289, 4297, 4327, 4337, + 4339, 4349, 4357, 4363, 4373, 4391, 4397, 4409, + 4421, 4423, 4441, 4447, 4451, 4457, 4463, 4481, + 4483, 4493, 4507, 4513, 4517, 4519, 4523, 4547, + 4549, 4561, 4567, 4583, 4591, 4597, 4603, 4621, + 4637, 4639, 4643, 4649, 4651, 4657, 4663, 4673, + 4679, 4691, 4703, 4721, 4723, 4729, 4733, 4751, + 4759, 4783, 4787, 4789, 4793, 4799, 4801, 4813, + 4817, 4831, 4861, 4871, 4877, 4889, 4903, 4909, + 4919, 4931, 4933, 4937, 4943, 4951, 4957, 4967, + 4969, 4973, 4987, 4993, 4999, 5003, 5009, 5011, + 5021, 5023, 5039, 5051, 5059, 5077, 5081, 5087, + 5099, 5101, 5107, 5113, 5119, 5147, 5153, 5167, + 5171, 5179, 5189, 5197, 5209, 5227, 5231, 5233, + 5237, 5261, 5273, 5279, 5281, 5297, 5303, 5309, + 5323, 5333, 5347, 5351, 5381, 5387, 5393, 5399, + 5407, 5413, 5417, 5419, 5431, 5437, 5441, 5443, + 5449, 5471, 5477, 5479, 5483, 5501, 5503, 5507, + 5519, 5521, 5527, 5531, 5557, 5563, 5569, 5573, + 5581, 5591, 5623, 5639, 5641, 5647, 5651, 5653, + 5657, 5659, 5669, 5683, 5689, 5693, 5701, 5711, + 5717, 5737, 5741, 5743, 5749, 5779, 5783, 5791, + 5801, 5807, 5813, 5821, 5827, 5839, 5843, 5849, + 5851, 5857, 5861, 5867, 5869, 5879, 5881, 5897, + 5903, 5923, 5927, 5939, 5953, 5981, 5987, 6007, + 6011, 6029, 6037, 6043, 6047, 6053, 6067, 6073, + 6079, 6089, 6091, 6101, 6113, 6121, 6131, 6133, + 6143, 6151, 6163, 6173, 6197, 6199, 6203, 6211, + 6217, 6221, 6229, 6247, 6257, 6263, 6269, 6271, + 6277, 6287, 6299, 6301, 6311, 6317, 6323, 6329, + 6337, 6343, 6353, 6359, 6361, 6367, 6373, 6379, + 6389, 6397, 6421, 6427, 6449, 6451, 6469, 6473, + 6481, 6491, 6521, 6529, 6547, 6551, 6553, 6563, + 6569, 6571, 6577, 6581, 6599, 6607, 6619, 6637, + 6653, 6659, 6661, 6673, 6679, 6689, 6691, 6701, + 6703, 6709, 6719, 6733, 6737, 6761, 6763, 6779, + 6781, 6791, 6793, 6803, 6823, 6827, 6829, 6833, + 6841, 6857, 6863, 6869, 6871, 6883, 6899, 6907, + 6911, 6917, 6947, 6949, 6959, 6961, 6967, 6971, + 6977, 6983, 6991, 6997, 7001, 7013, 7019, 7027, + 7039, 7043, 7057, 7069, 7079, 7103, 7109, 7121, + 7127, 7129, 7151, 7159, 7177, 7187, 7193, 7207, + 7211, 7213, 7219, 7229, 7237, 7243, 7247, 7253, + 7283, 7297, 7307, 7309, 7321, 7331, 7333, 7349, + 7351, 7369, 7393, 7411, 7417, 7433, 7451, 7457, + 7459, 7477, 7481, 7487, 7489, 7499, 7507, 7517, + 7523, 7529, 7537, 7541, 7547, 7549, 7559, 7561, + 7573, 7577, 7583, 7589, 7591, 7603, 7607, 7621, + 7639, 7643, 7649, 7669, 7673, 7681, 7687, 7691, + 7699, 7703, 7717, 7723, 7727, 7741, 7753, 7757, + 7759, 7789, 7793, 7817, 7823, 7829, 7841, 7853, + 7867, 7873, 7877, 7879, 7883, 7901, 7907, 7919, + 7927, 7933, 7937, 7949, 7951, 7963, 7993, 8009, + 8011, 8017, 8039, 8053, 8059, 8069, 8081, 8087, + 8089, 8093, 8101, 8111, 8117, 8123, 8147, 8161, + 8167, 8171, 8179, 8191, 8209, 8219, 8221, 8231, + 8233, 8237, 8243, 8263, 8269, 8273, 8287, 8291, + 8293, 8297, 8311, 8317, 8329, 8353, 8363, 8369, + 8377, 8387, 8389, 8419, 8423, 8429, 8431, 8443, + 8447, 8461, 8467, 8501, 8513, 8521, 8527, 8537, + 8539, 8543, 8563, 8573, 8581, 8597, 8599, 8609, + 8623, 8627, 8629, 8641, 8647, 8663, 8669, 8677, + 8681, 8689, 8693, 8699, 8707, 8713, 8719, 8731, + 8737, 8741, 8747, 8753, 8761, 8779, 8783, 8803, + 8807, 8819, 8821, 8831, 8837, 8839, 8849, 8861, + 8863, 8867, 8887, 8893, 8923, 8929, 8933, 8941, + 8951, 8963, 8969, 8971, 8999, 9001, 9007, 9011, + 9013, 9029, 9041, 9043, 9049, 9059, 9067, 9091, + 9103, 9109, 9127, 9133, 9137, 9151, 9157, 9161, + 9173, 9181, 9187, 9199, 9203, 9209, 9221, 9227, + 9239, 9241, 9257, 9277, 9281, 9283, 9293, 9311, + 9319, 9323, 9337, 9341, 9343, 9349, 9371, 9377, + 9391, 9397, 9403, 9413, 9419, 9421, 9431, 9433, + 9437, 9439, 9461, 9463, 9467, 9473, 9479, 9491, + 9497, 9511, 9521, 9533, 9539, 9547, 9551, 9587, + 9601, 9613, 9619, 9623, 9629, 9631, 9643, 9649, + 9661, 9677, 9679, 9689, 9697, 9719, 9721, 9733, + 9739, 9743, 9749, 9767, 9769, 9781, 9787, 9791, + 9803, 9811, 9817, 9829, 9833, 9839, 9851, 9857, + 9859, 9871, 9883, 9887, 9901, 9907, 9923, 9929, + 9931, 9941, 9949, 9967, 9973, 10007, 10009, 10037, + 10039, 10061, 10067, 10069, 10079, 10091, 10093, 10099, + 10103, 10111, 10133, 10139, 10141, 10151, 10159, 10163, + 10169, 10177, 10181, 10193, 10211, 10223, 10243, 10247, + 10253, 10259, 10267, 10271, 10273, 10289, 10301, 10303, + 10313, 10321, 10331, 10333, 10337, 10343, 10357, 10369, + 10391, 10399, 10427, 10429, 10433, 10453, 10457, 10459, + 10463, 10477, 10487, 10499, 10501, 10513, 10529, 10531, + 10559, 10567, 10589, 10597, 10601, 10607, 10613, 10627, + 10631, 10639, 10651, 10657, 10663, 10667, 10687, 10691, + 10709, 10711, 10723, 10729, 10733, 10739, 10753, 10771, + 10781, 10789, 10799, 10831, 10837, 10847, 10853, 10859, + 10861, 10867, 10883, 10889, 10891, 10903, 10909, 10937, + 10939, 10949, 10957, 10973, 10979, 10987, 10993, 11003, + 11027, 11047, 11057, 11059, 11069, 11071, 11083, 11087, + 11093, 11113, 11117, 11119, 11131, 11149, 11159, 11161, + 11171, 11173, 11177, 11197, 11213, 11239, 11243, 11251, + 11257, 11261, 11273, 11279, 11287, 11299, 11311, 11317, + 11321, 11329, 11351, 11353, 11369, 11383, 11393, 11399, + 11411, 11423, 11437, 11443, 11447, 11467, 11471, 11483, + 11489, 11491, 11497, 11503, 11519, 11527, 11549, 11551, + 11579, 11587, 11593, 11597, 11617, 11621, 11633, 11657, + 11677, 11681, 11689, 11699, 11701, 11717, 11719, 11731, + 11743, 11777, 11779, 11783, 11789, 11801, 11807, 11813, + 11821, 11827, 11831, 11833, 11839, 11863, 11867, 11887, + 11897, 11903, 11909, 11923, 11927, 11933, 11939, 11941, + 11953, 11959, 11969, 11971, 11981, 11987, 12007, 12011, + 12037, 12041, 12043, 12049, 12071, 12073, 12097, 12101, + 12107, 12109, 12113, 12119, 12143, 12149, 12157, 12161, + 12163, 12197, 12203, 12211, 12227, 12239, 12241, 12251, + 12253, 12263, 12269, 12277, 12281, 12289, 12301, 12323, + 12329, 12343, 12347, 12373, 12377, 12379, 12391, 12401, + 12409, 12413, 12421, 12433, 12437, 12451, 12457, 12473, + 12479, 12487, 12491, 12497, 12503, 12511, 12517, 12527, + 12539, 12541, 12547, 12553, 12569, 12577, 12583, 12589, + 12601, 12611, 12613, 12619, 12637, 12641, 12647, 12653, + 12659, 12671, 12689, 12697, 12703, 12713, 12721, 12739, + 12743, 12757, 12763, 12781, 12791, 12799, 12809, 12821, + 12823, 12829, 12841, 12853, 12889, 12893, 12899, 12907, + 12911, 12917, 12919, 12923, 12941, 12953, 12959, 12967, + 12973, 12979, 12983, 13001, 13003, 13007, 13009, 13033, + 13037, 13043, 13049, 13063, 13093, 13099, 13103, 13109, + 13121, 13127, 13147, 13151, 13159, 13163, 13171, 13177, + 13183, 13187, 13217, 13219, 13229, 13241, 13249, 13259, + 13267, 13291, 13297, 13309, 13313, 13327, 13331, 13337, + 13339, 13367, 13381, 13397, 13399, 13411, 13417, 13421, + 13441, 13451, 13457, 13463, 13469, 13477, 13487, 13499, + 13513, 13523, 13537, 13553, 13567, 13577, 13591, 13597, + 13613, 13619, 13627, 13633, 13649, 13669, 13679, 13681, + 13687, 13691, 13693, 13697, 13709, 13711, 13721, 13723, + 13729, 13751, 13757, 13759, 13763, 13781, 13789, 13799, + 13807, 13829, 13831, 13841, 13859, 13873, 13877, 13879, + 13883, 13901, 13903, 13907, 13913, 13921, 13931, 13933, + 13963, 13967, 13997, 13999, 14009, 14011, 14029, 14033, + 14051, 14057, 14071, 14081, 14083, 14087, 14107, 14143, + 14149, 14153, 14159, 14173, 14177, 14197, 14207, 14221, + 14243, 14249, 14251, 14281, 14293, 14303, 14321, 14323, + 14327, 14341, 14347, 14369, 14387, 14389, 14401, 14407, + 14411, 14419, 14423, 14431, 14437, 14447, 14449, 14461, + 14479, 14489, 14503, 14519, 14533, 14537, 14543, 14549, + 14551, 14557, 14561, 14563, 14591, 14593, 14621, 14627, + 14629, 14633, 14639, 14653, 14657, 14669, 14683, 14699, + 14713, 14717, 14723, 14731, 14737, 14741, 14747, 14753, + 14759, 14767, 14771, 14779, 14783, 14797, 14813, 14821, + 14827, 14831, 14843, 14851, 14867, 14869, 14879, 14887, + 14891, 14897, 14923, 14929, 14939, 14947, 14951, 14957, + 14969, 14983, 15013, 15017, 15031, 15053, 15061, 15073, + 15077, 15083, 15091, 15101, 15107, 15121, 15131, 15137, + 15139, 15149, 15161, 15173, 15187, 15193, 15199, 15217, + 15227, 15233, 15241, 15259, 15263, 15269, 15271, 15277, + 15287, 15289, 15299, 15307, 15313, 15319, 15329, 15331, + 15349, 15359, 15361, 15373, 15377, 15383, 15391, 15401, + 15413, 15427, 15439, 15443, 15451, 15461, 15467, 15473, + 15493, 15497, 15511, 15527, 15541, 15551, 15559, 15569, + 15581, 15583, 15601, 15607, 15619, 15629, 15641, 15643, + 15647, 15649, 15661, 15667, 15671, 15679, 15683, 15727, + 15731, 15733, 15737, 15739, 15749, 15761, 15767, 15773, + 15787, 15791, 15797, 15803, 15809, 15817, 15823, 15859, + 15877, 15881, 15887, 15889, 15901, 15907, 15913, 15919, + 15923, 15937, 15959, 15971, 15973, 15991, 16001, 16007, + 16033, 16057, 16061, 16063, 16067, 16069, 16073, 16087, + 16091, 16097, 16103, 16111, 16127, 16139, 16141, 16183, + 16187, 16189, 16193, 16217, 16223, 16229, 16231, 16249, + 16253, 16267, 16273, 16301, 16319, 16333, 16339, 16349, + 16361, 16363, 16369, 16381, 16411, 16417, 16421, 16427, + 16433, 16447, 16451, 16453, 16477, 16481, 16487, 16493, + 16519, 16529, 16547, 16553, 16561, 16567, 16573, 16603, + 16607, 16619, 16631, 16633, 16649, 16651, 16657, 16661, + 16673, 16691, 16693, 16699, 16703, 16729, 16741, 16747, + 16759, 16763, 16787, 16811, 16823, 16829, 16831, 16843, + 16871, 16879, 16883, 16889, 16901, 16903, 16921, 16927, + 16931, 16937, 16943, 16963, 16979, 16981, 16987, 16993, + 17011, 17021, 17027, 17029, 17033, 17041, 17047, 17053, + 17077, 17093, 17099, 17107, 17117, 17123, 17137, 17159, + 17167, 17183, 17189, 17191, 17203, 17207, 17209, 17231, + 17239, 17257, 17291, 17293, 17299, 17317, 17321, 17327, + 17333, 17341, 17351, 17359, 17377, 17383, 17387, 17389, + 17393, 17401, 17417, 17419, 17431, 17443, 17449, 17467, + 17471, 17477, 17483, 17489, 17491, 17497, 17509, 17519, + 17539, 17551, 17569, 17573, 17579, 17581, 17597, 17599, + 17609, 17623, 17627, 17657, 17659, 17669, 17681, 17683, + 17707, 17713, 17729, 17737, 17747, 17749, 17761, 17783, + 17789, 17791, 17807, 17827, 17837, 17839, 17851, 17863, }; diff --git a/deps/openssl/openssl/crypto/bn/bn_prime.pl b/deps/openssl/openssl/crypto/bn/bn_prime.pl index 163d4a9d306f50..eeca475b9366bb 100644 --- a/deps/openssl/openssl/crypto/bn/bn_prime.pl +++ b/deps/openssl/openssl/crypto/bn/bn_prime.pl @@ -1,17 +1,19 @@ #! /usr/bin/env perl -# Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy # in the file LICENSE in the source distribution or at # https://www.openssl.org/source/license.html +# Output year depends on the year of the script. +my $YEAR = [localtime([stat($0)]->[9])]->[5] + 1900; print <<"EOF"; /* * WARNING: do not edit! * Generated by crypto/bn/bn_prime.pl * - * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-$YEAR The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -38,9 +40,9 @@ print "typedef unsigned short prime_t;\n"; printf "# define NUMPRIMES %d\n\n", $num; -printf "static const prime_t primes[%d] = {\n", $num; +printf "static const prime_t primes[%d] = {", $num; for (my $i = 0; $i <= $#primes; $i++) { - printf "\n " if ($i % 8) == 0; - printf "%4d, ", $primes[$i]; + printf "\n " if ($i % 8) == 0; + printf " %5d,", $primes[$i]; } print "\n};\n"; diff --git a/deps/openssl/openssl/crypto/bn/bn_print.c b/deps/openssl/openssl/crypto/bn/bn_print.c index 5ffe2fc9ba2525..1853269d903df1 100644 --- a/deps/openssl/openssl/crypto/bn/bn_print.c +++ b/deps/openssl/openssl/crypto/bn/bn_print.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,7 +8,7 @@ */ #include -#include +#include "internal/ctype.h" #include #include "internal/cryptlib.h" #include @@ -32,27 +32,27 @@ char *BN_bn2hex(const BIGNUM *a) } p = buf; if (a->neg) - *(p++) = '-'; + *p++ = '-'; for (i = a->top - 1; i >= 0; i--) { for (j = BN_BITS2 - 8; j >= 0; j -= 8) { /* strip leading zeros */ - v = ((int)(a->d[i] >> (long)j)) & 0xff; - if (z || (v != 0)) { - *(p++) = Hex[v >> 4]; - *(p++) = Hex[v & 0x0f]; + v = (int)((a->d[i] >> j) & 0xff); + if (z || v != 0) { + *p++ = Hex[v >> 4]; + *p++ = Hex[v & 0x0f]; z = 1; } } } *p = '\0'; err: - return (buf); + return buf; } /* Must 'OPENSSL_free' the returned data */ char *BN_bn2dec(const BIGNUM *a) { - int i = 0, num, ok = 0; + int i = 0, num, ok = 0, n, tbytes; char *buf = NULL; char *p; BIGNUM *t = NULL; @@ -67,22 +67,22 @@ char *BN_bn2dec(const BIGNUM *a) */ i = BN_num_bits(a) * 3; num = (i / 10 + i / 1000 + 1) + 1; + tbytes = num + 3; /* negative and terminator and one spare? */ bn_data_num = num / BN_DEC_NUM + 1; bn_data = OPENSSL_malloc(bn_data_num * sizeof(BN_ULONG)); - buf = OPENSSL_malloc(num + 3); - if ((buf == NULL) || (bn_data == NULL)) { + buf = OPENSSL_malloc(tbytes); + if (buf == NULL || bn_data == NULL) { BNerr(BN_F_BN_BN2DEC, ERR_R_MALLOC_FAILURE); goto err; } if ((t = BN_dup(a)) == NULL) goto err; -#define BUF_REMAIN (num+3 - (size_t)(p - buf)) p = buf; lp = bn_data; if (BN_is_zero(t)) { - *(p++) = '0'; - *(p++) = '\0'; + *p++ = '0'; + *p++ = '\0'; } else { if (BN_is_negative(t)) *p++ = '-'; @@ -101,14 +101,16 @@ char *BN_bn2dec(const BIGNUM *a) * the last one needs truncation. The blocks need to be reversed in * order. */ - BIO_snprintf(p, BUF_REMAIN, BN_DEC_FMT1, *lp); - while (*p) - p++; + n = BIO_snprintf(p, tbytes - (size_t)(p - buf), BN_DEC_FMT1, *lp); + if (n < 0) + goto err; + p += n; while (lp != bn_data) { lp--; - BIO_snprintf(p, BUF_REMAIN, BN_DEC_FMT2, *lp); - while (*p) - p++; + n = BIO_snprintf(p, tbytes - (size_t)(p - buf), BN_DEC_FMT2, *lp); + if (n < 0) + goto err; + p += n; } } ok = 1; @@ -128,28 +130,28 @@ int BN_hex2bn(BIGNUM **bn, const char *a) int neg = 0, h, m, i, j, k, c; int num; - if ((a == NULL) || (*a == '\0')) - return (0); + if (a == NULL || *a == '\0') + return 0; if (*a == '-') { neg = 1; a++; } - for (i = 0; i <= (INT_MAX/4) && isxdigit((unsigned char)a[i]); i++) + for (i = 0; i <= INT_MAX / 4 && ossl_isxdigit(a[i]); i++) continue; - if (i == 0 || i > INT_MAX/4) + if (i == 0 || i > INT_MAX / 4) goto err; num = i + neg; if (bn == NULL) - return (num); + return num; /* a is the start of the hex digits, and it is 'i' long */ if (*bn == NULL) { if ((ret = BN_new()) == NULL) - return (0); + return 0; } else { ret = *bn; BN_zero(ret); @@ -163,7 +165,7 @@ int BN_hex2bn(BIGNUM **bn, const char *a) m = 0; h = 0; while (j > 0) { - m = ((BN_BYTES * 2) <= j) ? (BN_BYTES * 2) : j; + m = (BN_BYTES * 2 <= j) ? BN_BYTES * 2 : j; l = 0; for (;;) { c = a[j - m]; @@ -177,7 +179,7 @@ int BN_hex2bn(BIGNUM **bn, const char *a) break; } } - j -= (BN_BYTES * 2); + j -= BN_BYTES * 2; } ret->top = h; bn_correct_top(ret); @@ -187,11 +189,11 @@ int BN_hex2bn(BIGNUM **bn, const char *a) /* Don't set the negative flag if it's zero. */ if (ret->top != 0) ret->neg = neg; - return (num); + return num; err: if (*bn == NULL) BN_free(ret); - return (0); + return 0; } int BN_dec2bn(BIGNUM **bn, const char *a) @@ -201,22 +203,22 @@ int BN_dec2bn(BIGNUM **bn, const char *a) int neg = 0, i, j; int num; - if ((a == NULL) || (*a == '\0')) - return (0); + if (a == NULL || *a == '\0') + return 0; if (*a == '-') { neg = 1; a++; } - for (i = 0; i <= (INT_MAX/4) && isdigit((unsigned char)a[i]); i++) + for (i = 0; i <= INT_MAX / 4 && ossl_isdigit(a[i]); i++) continue; - if (i == 0 || i > INT_MAX/4) + if (i == 0 || i > INT_MAX / 4) goto err; num = i + neg; if (bn == NULL) - return (num); + return num; /* * a is the start of the digits, and it is 'i' long. We chop it into @@ -224,7 +226,7 @@ int BN_dec2bn(BIGNUM **bn, const char *a) */ if (*bn == NULL) { if ((ret = BN_new()) == NULL) - return (0); + return 0; } else { ret = *bn; BN_zero(ret); @@ -234,7 +236,7 @@ int BN_dec2bn(BIGNUM **bn, const char *a) if (bn_expand(ret, i * 4) == NULL) goto err; - j = BN_DEC_NUM - (i % BN_DEC_NUM); + j = BN_DEC_NUM - i % BN_DEC_NUM; if (j == BN_DEC_NUM) j = 0; l = 0; @@ -257,11 +259,11 @@ int BN_dec2bn(BIGNUM **bn, const char *a) /* Don't set the negative flag if it's zero. */ if (ret->top != 0) ret->neg = neg; - return (num); + return num; err: if (*bn == NULL) BN_free(ret); - return (0); + return 0; } int BN_asc2bn(BIGNUM **bn, const char *a) @@ -291,11 +293,11 @@ int BN_print_fp(FILE *fp, const BIGNUM *a) int ret; if ((b = BIO_new(BIO_s_file())) == NULL) - return (0); + return 0; BIO_set_fp(b, fp, BIO_NOCLOSE); ret = BN_print(b, a); BIO_free(b); - return (ret); + return ret; } # endif @@ -304,16 +306,16 @@ int BN_print(BIO *bp, const BIGNUM *a) int i, j, v, z = 0; int ret = 0; - if ((a->neg) && (BIO_write(bp, "-", 1) != 1)) + if ((a->neg) && BIO_write(bp, "-", 1) != 1) goto end; - if (BN_is_zero(a) && (BIO_write(bp, "0", 1) != 1)) + if (BN_is_zero(a) && BIO_write(bp, "0", 1) != 1) goto end; for (i = a->top - 1; i >= 0; i--) { for (j = BN_BITS2 - 4; j >= 0; j -= 4) { /* strip leading zeros */ - v = ((int)(a->d[i] >> (long)j)) & 0x0f; - if (z || (v != 0)) { - if (BIO_write(bp, &(Hex[v]), 1) != 1) + v = (int)((a->d[i] >> j) & 0x0f); + if (z || v != 0) { + if (BIO_write(bp, &Hex[v], 1) != 1) goto end; z = 1; } @@ -321,7 +323,7 @@ int BN_print(BIO *bp, const BIGNUM *a) } ret = 1; end: - return (ret); + return ret; } char *BN_options(void) @@ -332,12 +334,12 @@ char *BN_options(void) if (!init) { init++; #ifdef BN_LLONG - BIO_snprintf(data, sizeof(data), "bn(%d,%d)", - (int)sizeof(BN_ULLONG) * 8, (int)sizeof(BN_ULONG) * 8); + BIO_snprintf(data, sizeof(data), "bn(%zu,%zu)", + sizeof(BN_ULLONG) * 8, sizeof(BN_ULONG) * 8); #else - BIO_snprintf(data, sizeof(data), "bn(%d,%d)", - (int)sizeof(BN_ULONG) * 8, (int)sizeof(BN_ULONG) * 8); + BIO_snprintf(data, sizeof(data), "bn(%zu,%zu)", + sizeof(BN_ULONG) * 8, sizeof(BN_ULONG) * 8); #endif } - return (data); + return data; } diff --git a/deps/openssl/openssl/crypto/bn/bn_rand.c b/deps/openssl/openssl/crypto/bn/bn_rand.c index 9ce4c5f6064515..c0d1a32292bace 100644 --- a/deps/openssl/openssl/crypto/bn/bn_rand.c +++ b/deps/openssl/openssl/crypto/bn/bn_rand.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,11 +14,14 @@ #include #include -static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) +typedef enum bnrand_flag_e { + NORMAL, TESTING, PRIVATE +} BNRAND_FLAG; + +static int bnrand(BNRAND_FLAG flag, BIGNUM *rnd, int bits, int top, int bottom) { unsigned char *buf = NULL; - int ret = 0, bit, bytes, mask; - time_t tim; + int b, ret = 0, bit, bytes, mask; if (bits == 0) { if (top != BN_RAND_TOP_ANY || bottom != BN_RAND_BOTTOM_ANY) @@ -40,13 +43,11 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) } /* make a random number and set the top and bottom bits */ - time(&tim); - RAND_add(&tim, sizeof(tim), 0.0); - - if (RAND_bytes(buf, bytes) <= 0) + b = flag == NORMAL ? RAND_bytes(buf, bytes) : RAND_priv_bytes(buf, bytes); + if (b <= 0) goto err; - if (pseudorand == 2) { + if (flag == TESTING) { /* * generate patterns that are more likely to trigger BN library bugs */ @@ -86,7 +87,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) err: OPENSSL_clear_free(buf, bytes); bn_check_top(rnd); - return (ret); + return ret; toosmall: BNerr(BN_F_BNRAND, BN_R_BITS_TOO_SMALL); @@ -95,29 +96,27 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) int BN_rand(BIGNUM *rnd, int bits, int top, int bottom) { - return bnrand(0, rnd, bits, top, bottom); + return bnrand(NORMAL, rnd, bits, top, bottom); } -int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom) +int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom) { - return bnrand(1, rnd, bits, top, bottom); + return bnrand(TESTING, rnd, bits, top, bottom); } -int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom) +int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom) { - return bnrand(2, rnd, bits, top, bottom); + return bnrand(PRIVATE, rnd, bits, top, bottom); } /* random number r: 0 <= r < range */ -static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range) +static int bnrand_range(BNRAND_FLAG flag, BIGNUM *r, const BIGNUM *range) { - int (*bn_rand) (BIGNUM *, int, int, int) = - pseudo ? BN_pseudo_rand : BN_rand; int n; int count = 100; if (range->neg || BN_is_zero(range)) { - BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE); + BNerr(BN_F_BNRAND_RANGE, BN_R_INVALID_RANGE); return 0; } @@ -133,8 +132,9 @@ static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range) * than range */ do { - if (!bn_rand(r, n + 1, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) + if (!bnrand(flag, r, n + 1, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) return 0; + /* * If r < 3*range, use r := r MOD range (which is either r, r - * range, or r - 2*range). Otherwise, iterate once more. Since @@ -150,7 +150,7 @@ static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range) } if (!--count) { - BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS); + BNerr(BN_F_BNRAND_RANGE, BN_R_TOO_MANY_ITERATIONS); return 0; } @@ -159,11 +159,11 @@ static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range) } else { do { /* range = 11..._2 or range = 101..._2 */ - if (!bn_rand(r, n, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) + if (!bnrand(flag, r, n, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) return 0; if (!--count) { - BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS); + BNerr(BN_F_BNRAND_RANGE, BN_R_TOO_MANY_ITERATIONS); return 0; } } @@ -176,12 +176,22 @@ static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range) int BN_rand_range(BIGNUM *r, const BIGNUM *range) { - return bn_rand_range(0, r, range); + return bnrand_range(NORMAL, r, range); +} + +int BN_priv_rand_range(BIGNUM *r, const BIGNUM *range) +{ + return bnrand_range(PRIVATE, r, range); +} + +int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom) +{ + return BN_rand(rnd, bits, top, bottom); } int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range) { - return bn_rand_range(1, r, range); + return BN_rand_range(r, range); } /* @@ -229,7 +239,7 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, memset(private_bytes + todo, 0, sizeof(private_bytes) - todo); for (done = 0; done < num_k_bytes;) { - if (RAND_bytes(random_bytes, sizeof(random_bytes)) != 1) + if (RAND_priv_bytes(random_bytes, sizeof(random_bytes)) != 1) goto err; SHA512_Init(&sha); SHA512_Update(&sha, &done, sizeof(done)); diff --git a/deps/openssl/openssl/crypto/bn/bn_recp.c b/deps/openssl/openssl/crypto/bn/bn_recp.c index 20585b9d4b8675..9ab767f42fe9ff 100644 --- a/deps/openssl/openssl/crypto/bn/bn_recp.c +++ b/deps/openssl/openssl/crypto/bn/bn_recp.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -21,22 +21,23 @@ BN_RECP_CTX *BN_RECP_CTX_new(void) { BN_RECP_CTX *ret; - if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) - return (NULL); + if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) { + BNerr(BN_F_BN_RECP_CTX_NEW, ERR_R_MALLOC_FAILURE); + return NULL; + } bn_init(&(ret->N)); bn_init(&(ret->Nr)); ret->flags = BN_FLG_MALLOCED; - return (ret); + return ret; } void BN_RECP_CTX_free(BN_RECP_CTX *recp) { if (recp == NULL) return; - - BN_free(&(recp->N)); - BN_free(&(recp->Nr)); + BN_free(&recp->N); + BN_free(&recp->Nr); if (recp->flags & BN_FLG_MALLOCED) OPENSSL_free(recp); } @@ -48,7 +49,7 @@ int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx) BN_zero(&(recp->Nr)); recp->num_bits = BN_num_bits(d); recp->shift = 0; - return (1); + return 1; } int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, @@ -77,7 +78,7 @@ int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, err: BN_CTX_end(ctx); bn_check_top(r); - return (ret); + return ret; } int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, @@ -87,17 +88,11 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, BIGNUM *a, *b, *d, *r; BN_CTX_start(ctx); + d = (dv != NULL) ? dv : BN_CTX_get(ctx); + r = (rem != NULL) ? rem : BN_CTX_get(ctx); a = BN_CTX_get(ctx); b = BN_CTX_get(ctx); - if (dv != NULL) - d = dv; - else - d = BN_CTX_get(ctx); - if (rem != NULL) - r = rem; - else - r = BN_CTX_get(ctx); - if (a == NULL || b == NULL || d == NULL || r == NULL) + if (b == NULL) goto err; if (BN_ucmp(m, &(recp->N)) < 0) { @@ -107,7 +102,7 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, return 0; } BN_CTX_end(ctx); - return (1); + return 1; } /* @@ -167,7 +162,7 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, BN_CTX_end(ctx); bn_check_top(dv); bn_check_top(rem); - return (ret); + return ret; } /* @@ -195,5 +190,5 @@ int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx) err: bn_check_top(r); BN_CTX_end(ctx); - return (ret); + return ret; } diff --git a/deps/openssl/openssl/crypto/bn/bn_shift.c b/deps/openssl/openssl/crypto/bn/bn_shift.c index 6a1eec80af4b45..15d4b321ba2684 100644 --- a/deps/openssl/openssl/crypto/bn/bn_shift.c +++ b/deps/openssl/openssl/crypto/bn/bn_shift.c @@ -21,11 +21,11 @@ int BN_lshift1(BIGNUM *r, const BIGNUM *a) if (r != a) { r->neg = a->neg; if (bn_wexpand(r, a->top + 1) == NULL) - return (0); + return 0; r->top = a->top; } else { if (bn_wexpand(r, a->top + 1) == NULL) - return (0); + return 0; } ap = a->d; rp = r->d; @@ -40,7 +40,7 @@ int BN_lshift1(BIGNUM *r, const BIGNUM *a) r->top++; } bn_check_top(r); - return (1); + return 1; } int BN_rshift1(BIGNUM *r, const BIGNUM *a) @@ -53,14 +53,14 @@ int BN_rshift1(BIGNUM *r, const BIGNUM *a) if (BN_is_zero(a)) { BN_zero(r); - return (1); + return 1; } i = a->top; ap = a->d; j = i - (ap[i - 1] == 1); if (a != r) { if (bn_wexpand(r, j) == NULL) - return (0); + return 0; r->neg = a->neg; } rp = r->d; @@ -77,7 +77,7 @@ int BN_rshift1(BIGNUM *r, const BIGNUM *a) if (!r->top) r->neg = 0; /* don't allow negative zero */ bn_check_top(r); - return (1); + return 1; } int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) @@ -96,7 +96,7 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) nw = n / BN_BITS2; if (bn_wexpand(r, a->top + nw + 1) == NULL) - return (0); + return 0; r->neg = a->neg; lb = n % BN_BITS2; rb = BN_BITS2 - lb; @@ -116,7 +116,7 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) r->top = a->top + nw + 1; bn_correct_top(r); bn_check_top(r); - return (1); + return 1; } int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) @@ -138,12 +138,12 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) lb = BN_BITS2 - rb; if (nw >= a->top || a->top == 0) { BN_zero(r); - return (1); + return 1; } i = (BN_num_bits(a) - n + (BN_BITS2 - 1)) / BN_BITS2; if (r != a) { if (bn_wexpand(r, i) == NULL) - return (0); + return 0; r->neg = a->neg; } else { if (n == 0) @@ -171,5 +171,5 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) if (!r->top) r->neg = 0; /* don't allow negative zero */ bn_check_top(r); - return (1); + return 1; } diff --git a/deps/openssl/openssl/crypto/bn/bn_sqr.c b/deps/openssl/openssl/crypto/bn/bn_sqr.c index db72bf28a66482..0c0a590f0c6ab1 100644 --- a/deps/openssl/openssl/crypto/bn/bn_sqr.c +++ b/deps/openssl/openssl/crypto/bn/bn_sqr.c @@ -42,7 +42,7 @@ int bn_sqr_fixed_top(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) BN_CTX_start(ctx); rr = (a != r) ? r : BN_CTX_get(ctx); tmp = BN_CTX_get(ctx); - if (!rr || !tmp) + if (rr == NULL || tmp == NULL) goto err; max = 2 * al; /* Non-zero (from above) */ @@ -102,7 +102,7 @@ int bn_sqr_fixed_top(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) bn_check_top(rr); bn_check_top(tmp); BN_CTX_end(ctx); - return (ret); + return ret; } /* tmp must have 2*n words */ diff --git a/deps/openssl/openssl/crypto/bn/bn_sqrt.c b/deps/openssl/openssl/crypto/bn/bn_sqrt.c index 84376c78e5ba80..b97d8ca43ba2c8 100644 --- a/deps/openssl/openssl/crypto/bn/bn_sqrt.c +++ b/deps/openssl/openssl/crypto/bn/bn_sqrt.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -39,7 +39,7 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) } BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME); - return (NULL); + return NULL; } if (BN_is_zero(a) || BN_is_one(a)) { @@ -179,7 +179,7 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) if (!BN_set_word(y, i)) goto end; } else { - if (!BN_pseudo_rand(y, BN_num_bits(p), 0, 0)) + if (!BN_priv_rand(y, BN_num_bits(p), 0, 0)) goto end; if (BN_ucmp(y, p) >= 0) { if (!(p->neg ? BN_add : BN_sub) (y, y, p)) diff --git a/deps/openssl/openssl/crypto/bn/bn_srp.c b/deps/openssl/openssl/crypto/bn/bn_srp.c index 58b1691eee7796..27b6ebe518ea88 100644 --- a/deps/openssl/openssl/crypto/bn/bn_srp.c +++ b/deps/openssl/openssl/crypto/bn/bn_srp.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,12 +8,12 @@ */ #include "bn_lcl.h" -#include "e_os.h" +#include "internal/nelem.h" #ifndef OPENSSL_NO_SRP #include -#include +#include "internal/bn_srp.h" # if (BN_BYTES == 8) # if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) diff --git a/deps/openssl/openssl/crypto/bn/bn_word.c b/deps/openssl/openssl/crypto/bn/bn_word.c index 1af13a53fb1c81..262d7668fcd4ee 100644 --- a/deps/openssl/openssl/crypto/bn/bn_word.c +++ b/deps/openssl/openssl/crypto/bn/bn_word.c @@ -55,7 +55,7 @@ BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w) (BN_ULLONG) w); #endif } - return ((BN_ULONG)ret); + return (BN_ULONG)ret; } BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w) @@ -92,7 +92,7 @@ BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w) if (!a->top) a->neg = 0; /* don't allow negative zero */ bn_check_top(a); - return (ret); + return ret; } int BN_add_word(BIGNUM *a, BN_ULONG w) @@ -115,7 +115,7 @@ int BN_add_word(BIGNUM *a, BN_ULONG w) i = BN_sub_word(a, w); if (!BN_is_zero(a)) a->neg = !(a->neg); - return (i); + return i; } for (i = 0; w != 0 && i < a->top; i++) { a->d[i] = l = (a->d[i] + w) & BN_MASK2; @@ -128,7 +128,7 @@ int BN_add_word(BIGNUM *a, BN_ULONG w) a->d[i] = w; } bn_check_top(a); - return (1); + return 1; } int BN_sub_word(BIGNUM *a, BN_ULONG w) @@ -153,13 +153,13 @@ int BN_sub_word(BIGNUM *a, BN_ULONG w) a->neg = 0; i = BN_add_word(a, w); a->neg = 1; - return (i); + return i; } if ((a->top == 1) && (a->d[0] < w)) { a->d[0] = w - a->d[0]; a->neg = 1; - return (1); + return 1; } i = 0; for (;;) { @@ -175,7 +175,7 @@ int BN_sub_word(BIGNUM *a, BN_ULONG w) if ((a->d[i] == 0) && (i == (a->top - 1))) a->top--; bn_check_top(a); - return (1); + return 1; } int BN_mul_word(BIGNUM *a, BN_ULONG w) @@ -191,11 +191,11 @@ int BN_mul_word(BIGNUM *a, BN_ULONG w) ll = bn_mul_words(a->d, a->d, a->top, w); if (ll) { if (bn_wexpand(a, a->top + 1) == NULL) - return (0); + return 0; a->d[a->top++] = ll; } } } bn_check_top(a); - return (1); + return 1; } diff --git a/deps/openssl/openssl/crypto/bn/bn_x931p.c b/deps/openssl/openssl/crypto/bn/bn_x931p.c index d01f12cadc8898..9eb8384fdeb281 100644 --- a/deps/openssl/openssl/crypto/bn/bn_x931p.c +++ b/deps/openssl/openssl/crypto/bn/bn_x931p.c @@ -62,10 +62,10 @@ int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, return 0; BN_CTX_start(ctx); - if (!p1) + if (p1 == NULL) p1 = BN_CTX_get(ctx); - if (!p2) + if (p2 == NULL) p2 = BN_CTX_get(ctx); t = BN_CTX_get(ctx); @@ -173,7 +173,7 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx) * - 1. By setting the top two bits we ensure that the lower bound is * exceeded. */ - if (!BN_rand(Xp, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY)) + if (!BN_priv_rand(Xp, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY)) goto err; BN_CTX_start(ctx); @@ -182,7 +182,7 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx) goto err; for (i = 0; i < 1000; i++) { - if (!BN_rand(Xq, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY)) + if (!BN_priv_rand(Xq, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY)) goto err; /* Check that |Xp - Xq| > 2^(nbits - 100) */ @@ -227,9 +227,9 @@ int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, if (Xp1 == NULL || Xp2 == NULL) goto error; - if (!BN_rand(Xp1, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) + if (!BN_priv_rand(Xp1, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) goto error; - if (!BN_rand(Xp2, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) + if (!BN_priv_rand(Xp2, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) goto error; if (!BN_X931_derive_prime_ex(p, p1, p2, Xp, Xp1, Xp2, e, ctx, cb)) goto error; diff --git a/deps/openssl/openssl/crypto/bn/build.info b/deps/openssl/openssl/crypto/bn/build.info index c608ecce82e86f..a463eddabbbbca 100644 --- a/deps/openssl/openssl/crypto/bn/build.info +++ b/deps/openssl/openssl/crypto/bn/build.info @@ -11,16 +11,16 @@ INCLUDE[../../libcrypto]=../../crypto/include INCLUDE[bn_exp.o]=.. GENERATE[bn-586.s]=asm/bn-586.pl \ - $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR) + $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR) DEPEND[bn-586.s]=../perlasm/x86asm.pl GENERATE[co-586.s]=asm/co-586.pl \ - $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR) + $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR) DEPEND[co-586.s]=../perlasm/x86asm.pl GENERATE[x86-mont.s]=asm/x86-mont.pl \ - $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR) + $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR) DEPEND[x86-mont.s]=../perlasm/x86asm.pl GENERATE[x86-gf2m.s]=asm/x86-gf2m.pl \ - $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR) + $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR) DEPEND[x86-gf2m.s]=../perlasm/x86asm.pl GENERATE[sparcv9a-mont.S]=asm/sparcv9a-mont.pl $(PERLASM_SCHEME) @@ -34,8 +34,10 @@ INCLUDE[sparct4-mont.o]=.. GENERATE[sparcv9-gf2m.S]=asm/sparcv9-gf2m.pl $(PERLASM_SCHEME) INCLUDE[sparcv9-gf2m.o]=.. -GENERATE[bn-mips.s]=asm/mips.pl $(PERLASM_SCHEME) -GENERATE[mips-mont.s]=asm/mips-mont.pl $(PERLASM_SCHEME) +GENERATE[bn-mips.S]=asm/mips.pl $(PERLASM_SCHEME) +INCLUDE[bn-mips.o]=.. +GENERATE[mips-mont.S]=asm/mips-mont.pl $(PERLASM_SCHEME) +INCLUDE[mips-mont.o]=.. GENERATE[s390x-mont.S]=asm/s390x-mont.pl $(PERLASM_SCHEME) GENERATE[s390x-gf2m.s]=asm/s390x-gf2m.pl $(PERLASM_SCHEME) @@ -47,7 +49,7 @@ GENERATE[rsaz-x86_64.s]=asm/rsaz-x86_64.pl $(PERLASM_SCHEME) GENERATE[rsaz-avx2.s]=asm/rsaz-avx2.pl $(PERLASM_SCHEME) GENERATE[bn-ia64.s]=asm/ia64.S -GENERATE[ia64-mont.s]=asm/ia64-mont.pl $(CFLAGS) $(LIB_CFLAGS) +GENERATE[ia64-mont.s]=asm/ia64-mont.pl $(LIB_CFLAGS) $(LIB_CPPFLAGS) GENERATE[parisc-mont.s]=asm/parisc-mont.pl $(PERLASM_SCHEME) @@ -63,22 +65,3 @@ INCLUDE[armv4-mont.o]=.. GENERATE[armv4-gf2m.S]=asm/armv4-gf2m.pl $(PERLASM_SCHEME) INCLUDE[armv4-gf2m.o]=.. GENERATE[armv8-mont.S]=asm/armv8-mont.pl $(PERLASM_SCHEME) - -OVERRIDES=bn-mips3.o pa-risc2W.o pa-risc2.c -BEGINRAW[Makefile] -##### BN assembler implementations - -{- $builddir -}/bn-mips3.o: {- $sourcedir -}/asm/mips3.s - @if [ "$(CC)" = "gcc" ]; then \ - ABI=`expr "$(CFLAGS)" : ".*-mabi=\([n3264]*\)"` && \ - as -$$ABI -O -o $@ {- $sourcedir -}/asm/mips3.s; \ - else $(CC) -c $(CFLAGS) $(LIB_CFLAGS) -o $@ {- $sourcedir -}/asm/mips3.s; fi - -# GNU assembler fails to compile PA-RISC2 modules, insist on calling -# vendor assembler... -{- $builddir -}/pa-risc2W.o: {- $sourcedir -}/asm/pa-risc2W.s - CC="$(CC)" $(PERL) $(SRCDIR)/util/fipsas.pl $(SRCDIR) $< /usr/ccs/bin/as -o pa-risc2W.o {- $sourcedir -}/asm/pa-risc2W.s -{- $builddir -}/pa-risc2.o: {- $sourcedir -}/asm/pa-risc2.s - CC="$(CC)" $(PERL) $(SRCDIR)/util/fipsas.pl $(SRCDIR) $< /usr/ccs/bin/as -o pa-risc2.o {- $sourcedir -}/asm/pa-risc2.s - -ENDRAW[Makefile] diff --git a/deps/openssl/openssl/crypto/bn/rsaz_exp.c b/deps/openssl/openssl/crypto/bn/rsaz_exp.c index 1a70f6caded2ea..22455b8a637459 100644 --- a/deps/openssl/openssl/crypto/bn/rsaz_exp.c +++ b/deps/openssl/openssl/crypto/bn/rsaz_exp.c @@ -1,54 +1,17 @@ /* * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2012, Intel Corporation. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html + * + * Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1) + * (1) Intel Corporation, Israel Development Center, Haifa, Israel + * (2) University of Haifa, Israel */ -/***************************************************************************** -* * -* Copyright (c) 2012, Intel Corporation * -* * -* All rights reserved. * -* * -* Redistribution and use in source and binary forms, with or without * -* modification, are permitted provided that the following conditions are * -* met: * -* * -* * Redistributions of source code must retain the above copyright * -* notice, this list of conditions and the following disclaimer. * -* * -* * Redistributions in binary form must reproduce the above copyright * -* notice, this list of conditions and the following disclaimer in the * -* documentation and/or other materials provided with the * -* distribution. * -* * -* * Neither the name of the Intel Corporation nor the names of its * -* contributors may be used to endorse or promote products derived from * -* this software without specific prior written permission. * -* * -* * -* THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION ""AS IS"" AND ANY * -* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * -* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * -* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR * -* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * -* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * -* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -* * -****************************************************************************** -* Developers and authors: * -* Shay Gueron (1, 2), and Vlad Krasnov (1) * -* (1) Intel Corporation, Israel Development Center, Haifa, Israel * -* (2) University of Haifa, Israel * -*****************************************************************************/ - #include #include "rsaz_exp.h" diff --git a/deps/openssl/openssl/crypto/bn/rsaz_exp.h b/deps/openssl/openssl/crypto/bn/rsaz_exp.h index 9501cc8089e99b..c5864f8aaa8c9d 100644 --- a/deps/openssl/openssl/crypto/bn/rsaz_exp.h +++ b/deps/openssl/openssl/crypto/bn/rsaz_exp.h @@ -1,54 +1,17 @@ /* - * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2012, Intel Corporation. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html + * + * Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1) + * (1) Intel Corporation, Israel Development Center, Haifa, Israel + * (2) University of Haifa, Israel */ -/***************************************************************************** -* * -* Copyright (c) 2012, Intel Corporation * -* * -* All rights reserved. * -* * -* Redistribution and use in source and binary forms, with or without * -* modification, are permitted provided that the following conditions are * -* met: * -* * -* * Redistributions of source code must retain the above copyright * -* notice, this list of conditions and the following disclaimer. * -* * -* * Redistributions in binary form must reproduce the above copyright * -* notice, this list of conditions and the following disclaimer in the * -* documentation and/or other materials provided with the * -* distribution. * -* * -* * Neither the name of the Intel Corporation nor the names of its * -* contributors may be used to endorse or promote products derived from * -* this software without specific prior written permission. * -* * -* * -* THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION ""AS IS"" AND ANY * -* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * -* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * -* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR * -* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * -* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * -* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * -* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * -* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * -* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * -* * -****************************************************************************** -* Developers and authors: * -* Shay Gueron (1, 2), and Vlad Krasnov (1) * -* (1) Intel Corporation, Israel Development Center, Haifa, Israel * -* (2) University of Haifa, Israel * -*****************************************************************************/ - #ifndef RSAZ_EXP_H # define RSAZ_EXP_H @@ -65,7 +28,7 @@ void RSAZ_1024_mod_exp_avx2(BN_ULONG result[16], const BN_ULONG exponent[16], const BN_ULONG m_norm[16], const BN_ULONG RR[16], BN_ULONG k0); -int rsaz_avx2_eligible(); +int rsaz_avx2_eligible(void); void RSAZ_512_mod_exp(BN_ULONG result[8], const BN_ULONG base_norm[8], const BN_ULONG exponent[8], diff --git a/deps/openssl/openssl/crypto/buffer/buf_err.c b/deps/openssl/openssl/crypto/buffer/buf_err.c index a6a2ab88ae0621..7e6e53226a93ae 100644 --- a/deps/openssl/openssl/crypto/buffer/buf_err.c +++ b/deps/openssl/openssl/crypto/buffer/buf_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,24 +8,19 @@ * https://www.openssl.org/source/license.html */ -#include #include -#include +#include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -# define ERR_FUNC(func) ERR_PACK(ERR_LIB_BUF,func,0) -# define ERR_REASON(reason) ERR_PACK(ERR_LIB_BUF,0,reason) - -static ERR_STRING_DATA BUF_str_functs[] = { - {ERR_FUNC(BUF_F_BUF_MEM_GROW), "BUF_MEM_grow"}, - {ERR_FUNC(BUF_F_BUF_MEM_GROW_CLEAN), "BUF_MEM_grow_clean"}, - {ERR_FUNC(BUF_F_BUF_MEM_NEW), "BUF_MEM_new"}, +static const ERR_STRING_DATA BUF_str_functs[] = { + {ERR_PACK(ERR_LIB_BUF, BUF_F_BUF_MEM_GROW, 0), "BUF_MEM_grow"}, + {ERR_PACK(ERR_LIB_BUF, BUF_F_BUF_MEM_GROW_CLEAN, 0), "BUF_MEM_grow_clean"}, + {ERR_PACK(ERR_LIB_BUF, BUF_F_BUF_MEM_NEW, 0), "BUF_MEM_new"}, {0, NULL} }; -static ERR_STRING_DATA BUF_str_reasons[] = { +static const ERR_STRING_DATA BUF_str_reasons[] = { {0, NULL} }; @@ -34,10 +29,9 @@ static ERR_STRING_DATA BUF_str_reasons[] = { int ERR_load_BUF_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(BUF_str_functs[0].error) == NULL) { - ERR_load_strings(0, BUF_str_functs); - ERR_load_strings(0, BUF_str_reasons); + ERR_load_strings_const(BUF_str_functs); + ERR_load_strings_const(BUF_str_reasons); } #endif return 1; diff --git a/deps/openssl/openssl/crypto/buffer/buffer.c b/deps/openssl/openssl/crypto/buffer/buffer.c index f3f8a1b55c83b2..72258abb9e5e67 100644 --- a/deps/openssl/openssl/crypto/buffer/buffer.c +++ b/deps/openssl/openssl/crypto/buffer/buffer.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -25,7 +25,7 @@ BUF_MEM *BUF_MEM_new_ex(unsigned long flags) ret = BUF_MEM_new(); if (ret != NULL) ret->flags = flags; - return (ret); + return ret; } BUF_MEM *BUF_MEM_new(void) @@ -35,16 +35,15 @@ BUF_MEM *BUF_MEM_new(void) ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { BUFerr(BUF_F_BUF_MEM_NEW, ERR_R_MALLOC_FAILURE); - return (NULL); + return NULL; } - return (ret); + return ret; } void BUF_MEM_free(BUF_MEM *a) { if (a == NULL) return; - if (a->data != NULL) { if (a->flags & BUF_MEM_FLAG_SECURE) OPENSSL_secure_clear_free(a->data, a->max); @@ -68,7 +67,7 @@ static char *sec_alloc_realloc(BUF_MEM *str, size_t len) str->data = NULL; } } - return (ret); + return ret; } size_t BUF_MEM_grow(BUF_MEM *str, size_t len) @@ -78,13 +77,13 @@ size_t BUF_MEM_grow(BUF_MEM *str, size_t len) if (str->length >= len) { str->length = len; - return (len); + return len; } if (str->max >= len) { if (str->data != NULL) memset(&str->data[str->length], 0, len - str->length); str->length = len; - return (len); + return len; } /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */ if (len > LIMIT_BEFORE_EXPANSION) { @@ -105,7 +104,7 @@ size_t BUF_MEM_grow(BUF_MEM *str, size_t len) memset(&str->data[str->length], 0, len - str->length); str->length = len; } - return (len); + return len; } size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len) @@ -117,12 +116,12 @@ size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len) if (str->data != NULL) memset(&str->data[len], 0, str->length - len); str->length = len; - return (len); + return len; } if (str->max >= len) { memset(&str->data[str->length], 0, len - str->length); str->length = len; - return (len); + return len; } /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */ if (len > LIMIT_BEFORE_EXPANSION) { @@ -143,7 +142,7 @@ size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len) memset(&str->data[str->length], 0, len - str->length); str->length = len; } - return (len); + return len; } void BUF_reverse(unsigned char *out, const unsigned char *in, size_t size) diff --git a/deps/openssl/openssl/crypto/build.info b/deps/openssl/openssl/crypto/build.info index 8e153797008571..2c619c62e84393 100644 --- a/deps/openssl/openssl/crypto/build.info +++ b/deps/openssl/openssl/crypto/build.info @@ -1,7 +1,7 @@ LIBS=../libcrypto SOURCE[../libcrypto]=\ cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c cpt_err.c \ - ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fopen.c \ + ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fopen.c ctype.c \ threads_pthread.c threads_win.c threads_none.c getenv.c \ o_init.c o_fips.c mem_sec.c init.c {- $target{cpuid_asm_src} -} \ {- $target{uplink_aux_src} -} @@ -10,14 +10,15 @@ EXTRA= ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \ ppccpuid.pl pariscid.pl alphacpuid.pl arm64cpuid.pl armv4cpuid.pl DEPEND[cversion.o]=buildinf.h -GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(CFLAGS_Q)" "$(PLATFORM)" +GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)" DEPEND[buildinf.h]=../configdata.pm GENERATE[uplink-x86.s]=../ms/uplink-x86.pl $(PERLASM_SCHEME) GENERATE[uplink-x86_64.s]=../ms/uplink-x86_64.pl $(PERLASM_SCHEME) GENERATE[uplink-ia64.s]=../ms/uplink-ia64.pl $(PERLASM_SCHEME) -GENERATE[x86cpuid.s]=x86cpuid.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR) +GENERATE[x86cpuid.s]=x86cpuid.pl \ + $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR) DEPEND[x86cpuid.s]=perlasm/x86asm.pl GENERATE[x86_64cpuid.s]=x86_64cpuid.pl $(PERLASM_SCHEME) @@ -30,6 +31,8 @@ GENERATE[arm64cpuid.S]=arm64cpuid.pl $(PERLASM_SCHEME) INCLUDE[arm64cpuid.o]=. GENERATE[armv4cpuid.S]=armv4cpuid.pl $(PERLASM_SCHEME) INCLUDE[armv4cpuid.o]=. +GENERATE[s390xcpuid.S]=s390xcpuid.pl $(PERLASM_SCHEME) +INCLUDE[s390xcpuid.o]=. IF[{- $config{target} =~ /^(?:Cygwin|mingw|VC-)/ -}] SHARED_SOURCE[../libcrypto]=dllmain.c diff --git a/deps/openssl/openssl/crypto/c64xpluscpuid.pl b/deps/openssl/openssl/crypto/c64xpluscpuid.pl index 9efe1205fff4b5..b7b11d50316b1c 100644 --- a/deps/openssl/openssl/crypto/c64xpluscpuid.pl +++ b/deps/openssl/openssl/crypto/c64xpluscpuid.pl @@ -231,7 +231,7 @@ _OPENSSL_instrument_bus2: .asmfunc MV A6,B0 ; reassign max -|| MV B4,A6 ; reassing sizeof(output) +|| MV B4,A6 ; reassign sizeof(output) || MVK 0x00004030,A3 MV A4,B4 ; reassign output || MVK 0,A4 ; return value diff --git a/deps/openssl/openssl/crypto/camellia/asm/cmll-x86.pl b/deps/openssl/openssl/crypto/camellia/asm/cmll-x86.pl index 59f9ed9141b0eb..55af9b4e3d01f0 100644 --- a/deps/openssl/openssl/crypto/camellia/asm/cmll-x86.pl +++ b/deps/openssl/openssl/crypto/camellia/asm/cmll-x86.pl @@ -52,7 +52,7 @@ $output = pop; open STDOUT,">$output"; -&asm_init($ARGV[0],"cmll-586.pl",$ARGV[$#ARGV] eq "386"); +&asm_init($ARGV[0],$ARGV[$#ARGV] eq "386"); @T=("eax","ebx","ecx","edx"); $idx="esi"; @@ -792,9 +792,9 @@ sub _loadround { 64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158); sub S1110 { my $i=shift; $i=@SBOX[$i]; return $i<<24|$i<<16|$i<<8; } -sub S4404 { my $i=shift; $i=($i<<1|$i>>7)&0xff; $i=@SBOX[$i]; return $i<<24|$i<<16|$i; } -sub S0222 { my $i=shift; $i=@SBOX[$i]; $i=($i<<1|$i>>7)&0xff; return $i<<16|$i<<8|$i; } -sub S3033 { my $i=shift; $i=@SBOX[$i]; $i=($i>>1|$i<<7)&0xff; return $i<<24|$i<<8|$i; } +sub S4404 { my $i=shift; $i=($i<<1|$i>>7)&0xff; $i=@SBOX[$i]; return $i<<24|$i<<16|$i; } +sub S0222 { my $i=shift; $i=@SBOX[$i]; $i=($i<<1|$i>>7)&0xff; return $i<<16|$i<<8|$i; } +sub S3033 { my $i=shift; $i=@SBOX[$i]; $i=($i>>1|$i<<7)&0xff; return $i<<24|$i<<8|$i; } &set_label("Camellia_SIGMA",64); &data_word( diff --git a/deps/openssl/openssl/crypto/camellia/asm/cmll-x86_64.pl b/deps/openssl/openssl/crypto/camellia/asm/cmll-x86_64.pl index da5ad7b7e0e7d3..02c52c3efe47dd 100644 --- a/deps/openssl/openssl/crypto/camellia/asm/cmll-x86_64.pl +++ b/deps/openssl/openssl/crypto/camellia/asm/cmll-x86_64.pl @@ -137,11 +137,17 @@ sub Camellia_Feistel { .align 16 .Lenc_rounds: Camellia_EncryptBlock_Rounds: +.cfi_startproc push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 .Lenc_prologue: #mov %rsi,$inp # put away arguments @@ -173,13 +179,20 @@ sub Camellia_Feistel { mov @S[3],12($out) mov 0(%rsp),%r15 +.cfi_restore %r15 mov 8(%rsp),%r14 +.cfi_restore %r14 mov 16(%rsp),%r13 +.cfi_restore %r13 mov 24(%rsp),%rbp +.cfi_restore %rbp mov 32(%rsp),%rbx +.cfi_restore %rbx lea 40(%rsp),%rsp +.cfi_adjust_cfa_offset -40 .Lenc_epilogue: ret +.cfi_endproc .size Camellia_EncryptBlock_Rounds,.-Camellia_EncryptBlock_Rounds .type _x86_64_Camellia_encrypt,\@abi-omnipotent @@ -247,11 +260,17 @@ sub Camellia_Feistel { .align 16 .Ldec_rounds: Camellia_DecryptBlock_Rounds: +.cfi_startproc push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 .Ldec_prologue: #mov %rsi,$inp # put away arguments @@ -283,13 +302,20 @@ sub Camellia_Feistel { mov @S[3],12($out) mov 0(%rsp),%r15 +.cfi_restore %r15 mov 8(%rsp),%r14 +.cfi_restore %r14 mov 16(%rsp),%r13 +.cfi_restore %r13 mov 24(%rsp),%rbp +.cfi_restore %rbp mov 32(%rsp),%rbx +.cfi_restore %rbx lea 40(%rsp),%rsp +.cfi_adjust_cfa_offset -40 .Ldec_epilogue: ret +.cfi_endproc .size Camellia_DecryptBlock_Rounds,.-Camellia_DecryptBlock_Rounds .type _x86_64_Camellia_decrypt,\@abi-omnipotent @@ -409,11 +435,17 @@ sub _rotl128 { .type Camellia_Ekeygen,\@function,3 .align 16 Camellia_Ekeygen: +.cfi_startproc push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 .Lkey_prologue: mov %edi,${keyend}d # put away arguments, keyBitLength @@ -573,13 +605,20 @@ sub _rotl128 { mov \$4,%eax .Ldone: mov 0(%rsp),%r15 +.cfi_restore %r15 mov 8(%rsp),%r14 +.cfi_restore %r14 mov 16(%rsp),%r13 +.cfi_restore %r13 mov 24(%rsp),%rbp +.cfi_restore %rbp mov 32(%rsp),%rbx +.cfi_restore %rbx lea 40(%rsp),%rsp +.cfi_adjust_cfa_offset -40 .Lkey_epilogue: ret +.cfi_endproc .size Camellia_Ekeygen,.-Camellia_Ekeygen ___ } @@ -637,17 +676,25 @@ sub _rotl128 { .type Camellia_cbc_encrypt,\@function,6 .align 16 Camellia_cbc_encrypt: +.cfi_startproc cmp \$0,%rdx je .Lcbc_abort push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 .Lcbc_prologue: mov %rsp,%rbp +.cfi_def_cfa_register %rbp sub \$64,%rsp and \$-64,%rsp @@ -668,6 +715,7 @@ sub _rotl128 { mov %r8,$_ivp mov %rbp,$_rsp +.cfi_cfa_expression $_rsp,deref,+56 .Lcbc_body: lea .LCamellia_SBOX(%rip),$Tbl @@ -856,15 +904,24 @@ sub _rotl128 { .align 16 .Lcbc_done: mov $_rsp,%rcx +.cfi_def_cfa %rcx,56 mov 0(%rcx),%r15 +.cfi_restore %r15 mov 8(%rcx),%r14 +.cfi_restore %r14 mov 16(%rcx),%r13 +.cfi_restore %r13 mov 24(%rcx),%r12 +.cfi_restore %r12 mov 32(%rcx),%rbp +.cfi_restore %rbp mov 40(%rcx),%rbx +.cfi_restore %rbx lea 48(%rcx),%rsp +.cfi_def_cfa %rsp,8 .Lcbc_abort: ret +.cfi_endproc .size Camellia_cbc_encrypt,.-Camellia_cbc_encrypt .asciz "Camellia for x86_64 by " diff --git a/deps/openssl/openssl/crypto/camellia/asm/cmllt4-sparcv9.pl b/deps/openssl/openssl/crypto/camellia/asm/cmllt4-sparcv9.pl index ffe4a7d91cbcbb..6396679a5af4b2 100644 --- a/deps/openssl/openssl/crypto/camellia/asm/cmllt4-sparcv9.pl +++ b/deps/openssl/openssl/crypto/camellia/asm/cmllt4-sparcv9.pl @@ -8,8 +8,8 @@ # ==================================================================== -# Written by David S. Miller and Andy Polyakov -# . The module is licensed under 2-clause BSD +# Written by David S. Miller and Andy Polyakov. +# The module is licensed under 2-clause BSD # license. October 2012. All rights reserved. # ==================================================================== @@ -17,7 +17,7 @@ # Camellia for SPARC T4. # # As with AES below results [for aligned data] are virtually identical -# to critical path lenths for 3-cycle instruction latency: +# to critical path lengths for 3-cycle instruction latency: # # 128-bit key 192/256- # CBC encrypt 4.14/4.21(*) 5.46/5.52 @@ -25,7 +25,7 @@ # misaligned data. # # As with Intel AES-NI, question is if it's possible to improve -# performance of parallelizeable modes by interleaving round +# performance of parallelizable modes by interleaving round # instructions. In Camellia every instruction is dependent on # previous, which means that there is place for 2 additional ones # in between two dependent. Can we expect 3x performance improvement? diff --git a/deps/openssl/openssl/crypto/camellia/build.info b/deps/openssl/openssl/crypto/camellia/build.info index fd782724f06956..e36a19bd4d0bd1 100644 --- a/deps/openssl/openssl/crypto/camellia/build.info +++ b/deps/openssl/openssl/crypto/camellia/build.info @@ -3,7 +3,9 @@ SOURCE[../../libcrypto]=\ cmll_ecb.c cmll_ofb.c cmll_cfb.c cmll_ctr.c \ {- $target{cmll_asm_src} -} -GENERATE[cmll-x86.s]=asm/cmll-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR) +GENERATE[cmll-x86.s]=asm/cmll-x86.pl \ + $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) \ + $(PROCESSOR) DEPEND[cmll-x86.s]=../perlasm/x86asm.pl GENERATE[cmll-x86_64.s]=asm/cmll-x86_64.pl $(PERLASM_SCHEME) GENERATE[cmllt4-sparcv9.S]=asm/cmllt4-sparcv9.pl $(PERLASM_SCHEME) diff --git a/deps/openssl/openssl/crypto/camellia/camellia.c b/deps/openssl/openssl/crypto/camellia/camellia.c index 6641a622057e4d..c200b823041b02 100644 --- a/deps/openssl/openssl/crypto/camellia/camellia.c +++ b/deps/openssl/openssl/crypto/camellia/camellia.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -44,51 +44,11 @@ #include #include -/* 32-bit rotations */ -#if !defined(PEDANTIC) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) -# if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64)) -# define RightRotate(x, s) _lrotr(x, s) -# define LeftRotate(x, s) _lrotl(x, s) -# if _MSC_VER >= 1400 -# define SWAP(x) _byteswap_ulong(x) -# else -# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) -# endif -# define GETU32(p) SWAP(*((u32 *)(p))) -# define PUTU32(p,v) (*((u32 *)(p)) = SWAP((v))) -# elif defined(__GNUC__) && __GNUC__>=2 -# if defined(__i386) || defined(__x86_64) -# define RightRotate(x,s) ({u32 ret; asm ("rorl %1,%0":"=r"(ret):"I"(s),"0"(x):"cc"); ret; }) -# define LeftRotate(x,s) ({u32 ret; asm ("roll %1,%0":"=r"(ret):"I"(s),"0"(x):"cc"); ret; }) -# if defined(B_ENDIAN) /* stratus.com does it */ -# define GETU32(p) (*(u32 *)(p)) -# define PUTU32(p,v) (*(u32 *)(p)=(v)) -# else -# define GETU32(p) ({u32 r=*(const u32 *)(p); asm("bswapl %0":"=r"(r):"0"(r)); r; }) -# define PUTU32(p,v) ({u32 r=(v); asm("bswapl %0":"=r"(r):"0"(r)); *(u32 *)(p)=r; }) -# endif -# elif defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \ - defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__) -# define LeftRotate(x,s) ({u32 ret; asm ("rlwinm %0,%1,%2,0,31":"=r"(ret):"r"(x),"I"(s)); ret; }) -# define RightRotate(x,s) LeftRotate(x,(32-s)) -# elif defined(__s390x__) -# define LeftRotate(x,s) ({u32 ret; asm ("rll %0,%1,%2":"=r"(ret):"r"(x),"I"(s)); ret; }) -# define RightRotate(x,s) LeftRotate(x,(32-s)) -# define GETU32(p) (*(u32 *)(p)) -# define PUTU32(p,v) (*(u32 *)(p)=(v)) -# endif -# endif -#endif - -#if !defined(RightRotate) && !defined(LeftRotate) -# define RightRotate(x, s) ( ((x) >> (s)) + ((x) << (32 - s)) ) -# define LeftRotate(x, s) ( ((x) << (s)) + ((x) >> (32 - s)) ) -#endif - -#if !defined(GETU32) && !defined(PUTU32) -# define GETU32(p) (((u32)(p)[0] << 24) ^ ((u32)(p)[1] << 16) ^ ((u32)(p)[2] << 8) ^ ((u32)(p)[3])) -# define PUTU32(p,v) ((p)[0] = (u8)((v) >> 24), (p)[1] = (u8)((v) >> 16), (p)[2] = (u8)((v) >> 8), (p)[3] = (u8)(v)) -#endif +#define RightRotate(x, s) ( ((x) >> (s)) + ((x) << (32 - s)) ) +#define LeftRotate(x, s) ( ((x) << (s)) + ((x) >> (32 - s)) ) + +#define GETU32(p) (((u32)(p)[0] << 24) ^ ((u32)(p)[1] << 16) ^ ((u32)(p)[2] << 8) ^ ((u32)(p)[3])) +#define PUTU32(p,v) ((p)[0] = (u8)((v) >> 24), (p)[1] = (u8)((v) >> 16), (p)[2] = (u8)((v) >> 8), (p)[3] = (u8)(v)) /* S-box data */ #define SBOX1_1110 Camellia_SBOX[0] diff --git a/deps/openssl/openssl/crypto/cast/asm/cast-586.pl b/deps/openssl/openssl/crypto/cast/asm/cast-586.pl index 6beb9c5f255071..d5d38965cf760a 100644 --- a/deps/openssl/openssl/crypto/cast/asm/cast-586.pl +++ b/deps/openssl/openssl/crypto/cast/asm/cast-586.pl @@ -7,7 +7,7 @@ # https://www.openssl.org/source/license.html -# This flag makes the inner loop one cycle longer, but generates +# This flag makes the inner loop one cycle longer, but generates # code that runs %30 faster on the pentium pro/II, 44% faster # of PIII, while only %7 slower on the pentium. # By default, this flag is on. @@ -21,7 +21,7 @@ $output=pop; open STDOUT,">$output"; -&asm_init($ARGV[0],"cast-586.pl",$ARGV[$#ARGV] eq "386"); +&asm_init($ARGV[0],$ARGV[$#ARGV] eq "386"); $CAST_ROUNDS=16; $L="edi"; @@ -157,7 +157,7 @@ sub E_CAST { if ($ppro) { &xor( $tmp1, $tmp1); &mov( $tmp2, 0xff); - + &movb( &LB($tmp1), &HB($tmp4)); # A &and( $tmp2, $tmp4); @@ -166,7 +166,7 @@ sub E_CAST { } else { &mov( $tmp2, $tmp4); # B &movb( &LB($tmp1), &HB($tmp4)); # A # BAD BAD BAD - + &shr( $tmp4, 16); # &and( $tmp2, 0xff); } diff --git a/deps/openssl/openssl/crypto/cast/build.info b/deps/openssl/openssl/crypto/cast/build.info index f6a25c9a56cc2d..b0f59f38002c32 100644 --- a/deps/openssl/openssl/crypto/cast/build.info +++ b/deps/openssl/openssl/crypto/cast/build.info @@ -2,5 +2,6 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]=\ c_skey.c c_ecb.c {- $target{cast_asm_src} -} c_cfb64.c c_ofb64.c -GENERATE[cast-586.s]=asm/cast-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR) +GENERATE[cast-586.s]=asm/cast-586.pl \ + $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR) DEPEND[cast-586.s]=../perlasm/x86asm.pl ../perlasm/cbc.pl diff --git a/deps/openssl/openssl/crypto/cast/cast_lcl.h b/deps/openssl/openssl/crypto/cast/cast_lcl.h index e8cf322d430dc8..35e89930a8c029 100644 --- a/deps/openssl/openssl/crypto/cast/cast_lcl.h +++ b/deps/openssl/openssl/crypto/cast/cast_lcl.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,8 +7,6 @@ * https://www.openssl.org/source/license.html */ -#include "e_os.h" - #ifdef OPENSSL_SYS_WIN32 # include #endif diff --git a/deps/openssl/openssl/crypto/cast/cast_s.h b/deps/openssl/openssl/crypto/cast/cast_s.h index d9fd6ac416e77b..b27415b967f5a0 100644 --- a/deps/openssl/openssl/crypto/cast/cast_s.h +++ b/deps/openssl/openssl/crypto/cast/cast_s.h @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -OPENSSL_GLOBAL const CAST_LONG CAST_S_table0[256] = { +const CAST_LONG CAST_S_table0[256] = { 0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, 0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949, 0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, @@ -74,7 +74,7 @@ OPENSSL_GLOBAL const CAST_LONG CAST_S_table0[256] = { 0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf, }; -OPENSSL_GLOBAL const CAST_LONG CAST_S_table1[256] = { +const CAST_LONG CAST_S_table1[256] = { 0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, 0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651, 0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, @@ -141,7 +141,7 @@ OPENSSL_GLOBAL const CAST_LONG CAST_S_table1[256] = { 0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1, }; -OPENSSL_GLOBAL const CAST_LONG CAST_S_table2[256] = { +const CAST_LONG CAST_S_table2[256] = { 0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, 0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90, 0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, @@ -208,7 +208,7 @@ OPENSSL_GLOBAL const CAST_LONG CAST_S_table2[256] = { 0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783, }; -OPENSSL_GLOBAL const CAST_LONG CAST_S_table3[256] = { +const CAST_LONG CAST_S_table3[256] = { 0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, 0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1, 0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, @@ -275,7 +275,7 @@ OPENSSL_GLOBAL const CAST_LONG CAST_S_table3[256] = { 0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2, }; -OPENSSL_GLOBAL const CAST_LONG CAST_S_table4[256] = { +const CAST_LONG CAST_S_table4[256] = { 0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911, 0xb86a7fff, 0x1dd358f5, 0x44dd9d44, 0x1731167f, 0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00, @@ -342,7 +342,7 @@ OPENSSL_GLOBAL const CAST_LONG CAST_S_table4[256] = { 0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4, }; -OPENSSL_GLOBAL const CAST_LONG CAST_S_table5[256] = { +const CAST_LONG CAST_S_table5[256] = { 0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c, 0x95db08e7, 0x016843b4, 0xeced5cbc, 0x325553ac, 0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9, @@ -409,7 +409,7 @@ OPENSSL_GLOBAL const CAST_LONG CAST_S_table5[256] = { 0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f, }; -OPENSSL_GLOBAL const CAST_LONG CAST_S_table6[256] = { +const CAST_LONG CAST_S_table6[256] = { 0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693, 0x2a8d7f6f, 0xab9bc912, 0xde6008a1, 0x2028da1f, 0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82, @@ -476,7 +476,7 @@ OPENSSL_GLOBAL const CAST_LONG CAST_S_table6[256] = { 0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3, }; -OPENSSL_GLOBAL const CAST_LONG CAST_S_table7[256] = { +const CAST_LONG CAST_S_table7[256] = { 0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095, 0x7789f8b7, 0xe6c1121b, 0x0e241600, 0x052ce8b5, 0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174, diff --git a/deps/openssl/openssl/crypto/chacha/asm/chacha-armv4.pl b/deps/openssl/openssl/crypto/chacha/asm/chacha-armv4.pl index b5e21e4938e06f..d3fadcc63d3338 100755 --- a/deps/openssl/openssl/crypto/chacha/asm/chacha-armv4.pl +++ b/deps/openssl/openssl/crypto/chacha/asm/chacha-armv4.pl @@ -15,7 +15,7 @@ # ==================================================================== # # December 2014 -# +# # ChaCha20 for ARMv4. # # Performance in cycles per byte out of large buffer. @@ -172,8 +172,10 @@ sub ROUND { #include "arm_arch.h" .text -#if defined(__thumb2__) +#if defined(__thumb2__) || defined(__clang__) .syntax unified +#endif +#if defined(__thumb2__) .thumb #else .code 32 @@ -720,7 +722,7 @@ sub NEONROUND { vadd.i32 $d2,$d1,$t0 @ counter+2 str @t[3], [sp,#4*(16+15)] mov @t[3],#10 - add @x[12],@x[12],#3 @ counter+3 + add @x[12],@x[12],#3 @ counter+3 b .Loop_neon .align 4 diff --git a/deps/openssl/openssl/crypto/chacha/asm/chacha-armv8.pl b/deps/openssl/openssl/crypto/chacha/asm/chacha-armv8.pl index f7e10747145026..4a838bc2b32e20 100755 --- a/deps/openssl/openssl/crypto/chacha/asm/chacha-armv8.pl +++ b/deps/openssl/openssl/crypto/chacha/asm/chacha-armv8.pl @@ -15,7 +15,7 @@ # ==================================================================== # # June 2015 -# +# # ChaCha20 for ARMv8. # # Performance in cycles per byte out of large buffer. @@ -28,6 +28,7 @@ # Denver 4.50/+82% 2.63 2.67(*) # X-Gene 9.50/+46% 8.82 8.89(*) # Mongoose 8.00/+44% 3.64 3.25 +# Kryo 8.17/+50% 4.83 4.65 # # (*) it's expected that doubling interleave factor doesn't help # all processors, only those with higher NEON latency and @@ -201,7 +202,7 @@ sub ROUND { mov $ctr,#10 subs $len,$len,#64 .Loop: - sub $ctr,$ctr,#1 + sub $ctr,$ctr,#1 ___ foreach (&ROUND(0, 4, 8,12)) { eval; } foreach (&ROUND(0, 5,10,15)) { eval; } diff --git a/deps/openssl/openssl/crypto/chacha/asm/chacha-c64xplus.pl b/deps/openssl/openssl/crypto/chacha/asm/chacha-c64xplus.pl index bdb380442c4a1a..266401eb1644b5 100755 --- a/deps/openssl/openssl/crypto/chacha/asm/chacha-c64xplus.pl +++ b/deps/openssl/openssl/crypto/chacha/asm/chacha-c64xplus.pl @@ -22,7 +22,7 @@ # faster than code generated by TI compiler. Compiler also disables # interrupts for some reason, thus making interrupt response time # dependent on input length. This module on the other hand is free -# from such limiation. +# from such limitation. $output=pop; open STDOUT,">$output"; diff --git a/deps/openssl/openssl/crypto/chacha/asm/chacha-ppc.pl b/deps/openssl/openssl/crypto/chacha/asm/chacha-ppc.pl index 181decdad9d280..f4f8610bf3bf78 100755 --- a/deps/openssl/openssl/crypto/chacha/asm/chacha-ppc.pl +++ b/deps/openssl/openssl/crypto/chacha/asm/chacha-ppc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -15,18 +15,34 @@ # ==================================================================== # # October 2015 -# +# # ChaCha20 for PowerPC/AltiVec. # +# June 2018 +# +# Add VSX 2.07 code path. Original 3xAltiVec+1xIALU is well-suited for +# processors that can't issue more than one vector instruction per +# cycle. But POWER8 (and POWER9) can issue a pair, and vector-only 4x +# interleave would perform better. Incidentally PowerISA 2.07 (first +# implemented by POWER8) defined new usable instructions, hence 4xVSX +# code path... +# # Performance in cycles per byte out of large buffer. # -# IALU/gcc-4.x 3xAltiVec+1xIALU +# IALU/gcc-4.x 3xAltiVec+1xIALU 4xVSX +# +# Freescale e300 13.6/+115% - - +# PPC74x0/G4e 6.81/+310% 3.81 - +# PPC970/G5 9.29/+160% ? - +# POWER7 8.62/+61% 3.35 - +# POWER8 8.70/+51% 2.91 2.09 +# POWER9 8.80/+29% 4.44(*) 2.45(**) # -# Freescale e300 13.6/+115% - -# PPC74x0/G4e 6.81/+310% 4.66 -# PPC970/G5 9.29/+160% 4.60 -# POWER7 8.62/+61% 4.27 -# POWER8 8.70/+51% 3.96 +# (*) this is trade-off result, it's possible to improve it, but +# then it would negatively affect all others; +# (**) POWER9 seems to be "allergic" to mixing vector and integer +# instructions, which is why switch to vector-only code pays +# off that much; $flavour = shift; @@ -391,19 +407,19 @@ sub ROUND { ___ {{{ -my ($A0,$B0,$C0,$D0,$A1,$B1,$C1,$D1,$A2,$B2,$C2,$D2,$T0,$T1,$T2) = - map("v$_",(0..14)); -my (@K)=map("v$_",(15..20)); -my ($FOUR,$sixteen,$twenty4,$twenty,$twelve,$twenty5,$seven) = - map("v$_",(21..27)); -my ($inpperm,$outperm,$outmask) = map("v$_",(28..30)); -my @D=("v31",$seven,$T0,$T1,$T2); +my ($A0,$B0,$C0,$D0,$A1,$B1,$C1,$D1,$A2,$B2,$C2,$D2) + = map("v$_",(0..11)); +my @K = map("v$_",(12..17)); +my ($FOUR,$sixteen,$twenty4) = map("v$_",(18..19,23)); +my ($inpperm,$outperm,$outmask) = map("v$_",(24..26)); +my @D = map("v$_",(27..31)); +my ($twelve,$seven,$T0,$T1) = @D; -my $FRAME=$LOCALS+64+13*16+18*$SIZE_T; # 13*16 is for v20-v31 offload +my $FRAME=$LOCALS+64+10*16+18*$SIZE_T; # 10*16 is for v23-v31 offload sub VMXROUND { my $odd = pop; -my ($a,$b,$c,$d,$t)=@_; +my ($a,$b,$c,$d)=@_; ( "&vadduwm ('$a','$a','$b')", @@ -411,24 +427,20 @@ sub VMXROUND { "&vperm ('$d','$d','$d','$sixteen')", "&vadduwm ('$c','$c','$d')", - "&vxor ('$t','$b','$c')", - "&vsrw ('$b','$t','$twenty')", - "&vslw ('$t','$t','$twelve')", - "&vor ('$b','$b','$t')", + "&vxor ('$b','$b','$c')", + "&vrlw ('$b','$b','$twelve')", "&vadduwm ('$a','$a','$b')", "&vxor ('$d','$d','$a')", "&vperm ('$d','$d','$d','$twenty4')", "&vadduwm ('$c','$c','$d')", - "&vxor ('$t','$b','$c')", - "&vsrw ('$b','$t','$twenty5')", - "&vslw ('$t','$t','$seven')", - "&vor ('$b','$b','$t')", - - "&vsldoi ('$c','$c','$c',8)", - "&vsldoi ('$b','$b','$b',$odd?4:12)", - "&vsldoi ('$d','$d','$d',$odd?12:4)" + "&vxor ('$b','$b','$c')", + "&vrlw ('$b','$b','$seven')", + + "&vrldoi ('$c','$c',8)", + "&vrldoi ('$b','$b',$odd?4:12)", + "&vrldoi ('$d','$d',$odd?12:4)" ); } @@ -445,28 +457,22 @@ sub VMXROUND { li r10,`15+$LOCALS+64` li r11,`31+$LOCALS+64` mfspr r12,256 - stvx v20,r10,$sp - addi r10,r10,32 - stvx v21,r11,$sp - addi r11,r11,32 - stvx v22,r10,$sp + stvx v23,r10,$sp addi r10,r10,32 - stvx v23,r11,$sp + stvx v24,r11,$sp addi r11,r11,32 - stvx v24,r10,$sp + stvx v25,r10,$sp addi r10,r10,32 - stvx v25,r11,$sp + stvx v26,r11,$sp addi r11,r11,32 - stvx v26,r10,$sp + stvx v27,r10,$sp addi r10,r10,32 - stvx v27,r11,$sp + stvx v28,r11,$sp addi r11,r11,32 - stvx v28,r10,$sp + stvx v29,r10,$sp addi r10,r10,32 - stvx v29,r11,$sp - addi r11,r11,32 - stvx v30,r10,$sp - stvx v31,r11,$sp + stvx v30,r11,$sp + stvx v31,r10,$sp stw r12,`$FRAME-$SIZE_T*18-4`($sp) # save vrsave $PUSH r14,`$FRAME-$SIZE_T*18`($sp) $PUSH r15,`$FRAME-$SIZE_T*17`($sp) @@ -486,9 +492,9 @@ sub VMXROUND { $PUSH r29,`$FRAME-$SIZE_T*3`($sp) $PUSH r30,`$FRAME-$SIZE_T*2`($sp) $PUSH r31,`$FRAME-$SIZE_T*1`($sp) - li r12,-1 + li r12,-4096+511 $PUSH r0, `$FRAME+$LRSAVE`($sp) - mtspr 256,r12 # preserve all AltiVec registers + mtspr 256,r12 # preserve 29 AltiVec registers bl Lconsts # returns pointer Lsigma in r12 li @x[0],16 @@ -525,11 +531,6 @@ sub VMXROUND { lwz @d[3],12($ctr) vadduwm @K[5],@K[4],@K[5] - vspltisw $twenty,-12 # synthesize constants - vspltisw $twelve,12 - vspltisw $twenty5,-7 - #vspltisw $seven,7 # synthesized in the loop - vxor $T0,$T0,$T0 # 0x00..00 vspltisw $outmask,-1 # 0xff..ff ?lvsr $inpperm,0,$inp # prepare for unaligned load @@ -542,6 +543,7 @@ sub VMXROUND { be?vxor $outperm,$outperm,$T1 be?vperm $inpperm,$inpperm,$inpperm,$T0 + li r0,10 # inner loop counter b Loop_outer_vmx .align 4 @@ -559,7 +561,6 @@ sub VMXROUND { ori @x[3],@x[3],0x6574 vmr $B0,@K[1] - li r0,10 # inner loop counter lwz @x[4],0($key) # load key to GPR vmr $B1,@K[1] lwz @x[5],4($key) @@ -585,33 +586,45 @@ sub VMXROUND { mr @t[1],@x[5] mr @t[2],@x[6] mr @t[3],@x[7] + + vspltisw $twelve,12 # synthesize constants vspltisw $seven,7 mtctr r0 nop Loop_vmx: ___ - my @thread0=&VMXROUND($A0,$B0,$C0,$D0,$T0,0); - my @thread1=&VMXROUND($A1,$B1,$C1,$D1,$T1,0); - my @thread2=&VMXROUND($A2,$B2,$C2,$D2,$T2,0); + my @thread0=&VMXROUND($A0,$B0,$C0,$D0,0); + my @thread1=&VMXROUND($A1,$B1,$C1,$D1,0); + my @thread2=&VMXROUND($A2,$B2,$C2,$D2,0); my @thread3=&ROUND(0,4,8,12); foreach (@thread0) { - eval; eval(shift(@thread3)); - eval(shift(@thread1)); eval(shift(@thread3)); - eval(shift(@thread2)); eval(shift(@thread3)); + eval; + eval(shift(@thread1)); + eval(shift(@thread2)); + + eval(shift(@thread3)); + eval(shift(@thread3)); + eval(shift(@thread3)); } + foreach (@thread3) { eval; } - @thread0=&VMXROUND($A0,$B0,$C0,$D0,$T0,1); - @thread1=&VMXROUND($A1,$B1,$C1,$D1,$T1,1); - @thread2=&VMXROUND($A2,$B2,$C2,$D2,$T2,1); + @thread0=&VMXROUND($A0,$B0,$C0,$D0,1); + @thread1=&VMXROUND($A1,$B1,$C1,$D1,1); + @thread2=&VMXROUND($A2,$B2,$C2,$D2,1); @thread3=&ROUND(0,5,10,15); foreach (@thread0) { - eval; eval(shift(@thread3)); - eval(shift(@thread1)); eval(shift(@thread3)); - eval(shift(@thread2)); eval(shift(@thread3)); + eval; + eval(shift(@thread1)); + eval(shift(@thread2)); + + eval(shift(@thread3)); + eval(shift(@thread3)); + eval(shift(@thread3)); } + foreach (@thread3) { eval; } $code.=<<___; bdnz Loop_vmx @@ -850,28 +863,22 @@ sub VMXROUND { li r10,`15+$LOCALS+64` li r11,`31+$LOCALS+64` mtspr 256,r12 # restore vrsave - lvx v20,r10,$sp + lvx v23,r10,$sp addi r10,r10,32 - lvx v21,r11,$sp + lvx v24,r11,$sp addi r11,r11,32 - lvx v22,r10,$sp + lvx v25,r10,$sp addi r10,r10,32 - lvx v23,r11,$sp + lvx v26,r11,$sp addi r11,r11,32 - lvx v24,r10,$sp + lvx v27,r10,$sp addi r10,r10,32 - lvx v25,r11,$sp + lvx v28,r11,$sp addi r11,r11,32 - lvx v26,r10,$sp - addi r10,r10,32 - lvx v27,r11,$sp - addi r11,r11,32 - lvx v28,r10,$sp + lvx v29,r10,$sp addi r10,r10,32 - lvx v29,r11,$sp - addi r11,r11,32 - lvx v30,r10,$sp - lvx v31,r11,$sp + lvx v30,r11,$sp + lvx v31,r10,$sp $POP r0, `$FRAME+$LRSAVE`($sp) $POP r14,`$FRAME-$SIZE_T*18`($sp) $POP r15,`$FRAME-$SIZE_T*17`($sp) @@ -898,12 +905,395 @@ sub VMXROUND { .byte 0,12,0x04,1,0x80,18,5,0 .long 0 .size .ChaCha20_ctr32_vmx,.-.ChaCha20_ctr32_vmx +___ +}}} +{{{ +my ($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3, + $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3) = map("v$_",(0..15)); +my @K = map("v$_",(16..19)); +my $CTR = "v26"; +my ($xt0,$xt1,$xt2,$xt3) = map("v$_",(27..30)); +my ($sixteen,$twelve,$eight,$seven) = ($xt0,$xt1,$xt2,$xt3); +my $beperm = "v31"; + +my ($x00,$x10,$x20,$x30) = (0, map("r$_",(8..10))); +my $FRAME=$LOCALS+64+7*16; # 7*16 is for v26-v31 offload + +sub VSX_lane_ROUND { +my ($a0,$b0,$c0,$d0)=@_; +my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0)); +my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1)); +my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2)); +my @x=map("\"v$_\"",(0..15)); + + ( + "&vadduwm (@x[$a0],@x[$a0],@x[$b0])", # Q1 + "&vadduwm (@x[$a1],@x[$a1],@x[$b1])", # Q2 + "&vadduwm (@x[$a2],@x[$a2],@x[$b2])", # Q3 + "&vadduwm (@x[$a3],@x[$a3],@x[$b3])", # Q4 + "&vxor (@x[$d0],@x[$d0],@x[$a0])", + "&vxor (@x[$d1],@x[$d1],@x[$a1])", + "&vxor (@x[$d2],@x[$d2],@x[$a2])", + "&vxor (@x[$d3],@x[$d3],@x[$a3])", + "&vrlw (@x[$d0],@x[$d0],'$sixteen')", + "&vrlw (@x[$d1],@x[$d1],'$sixteen')", + "&vrlw (@x[$d2],@x[$d2],'$sixteen')", + "&vrlw (@x[$d3],@x[$d3],'$sixteen')", + + "&vadduwm (@x[$c0],@x[$c0],@x[$d0])", + "&vadduwm (@x[$c1],@x[$c1],@x[$d1])", + "&vadduwm (@x[$c2],@x[$c2],@x[$d2])", + "&vadduwm (@x[$c3],@x[$c3],@x[$d3])", + "&vxor (@x[$b0],@x[$b0],@x[$c0])", + "&vxor (@x[$b1],@x[$b1],@x[$c1])", + "&vxor (@x[$b2],@x[$b2],@x[$c2])", + "&vxor (@x[$b3],@x[$b3],@x[$c3])", + "&vrlw (@x[$b0],@x[$b0],'$twelve')", + "&vrlw (@x[$b1],@x[$b1],'$twelve')", + "&vrlw (@x[$b2],@x[$b2],'$twelve')", + "&vrlw (@x[$b3],@x[$b3],'$twelve')", + + "&vadduwm (@x[$a0],@x[$a0],@x[$b0])", + "&vadduwm (@x[$a1],@x[$a1],@x[$b1])", + "&vadduwm (@x[$a2],@x[$a2],@x[$b2])", + "&vadduwm (@x[$a3],@x[$a3],@x[$b3])", + "&vxor (@x[$d0],@x[$d0],@x[$a0])", + "&vxor (@x[$d1],@x[$d1],@x[$a1])", + "&vxor (@x[$d2],@x[$d2],@x[$a2])", + "&vxor (@x[$d3],@x[$d3],@x[$a3])", + "&vrlw (@x[$d0],@x[$d0],'$eight')", + "&vrlw (@x[$d1],@x[$d1],'$eight')", + "&vrlw (@x[$d2],@x[$d2],'$eight')", + "&vrlw (@x[$d3],@x[$d3],'$eight')", + + "&vadduwm (@x[$c0],@x[$c0],@x[$d0])", + "&vadduwm (@x[$c1],@x[$c1],@x[$d1])", + "&vadduwm (@x[$c2],@x[$c2],@x[$d2])", + "&vadduwm (@x[$c3],@x[$c3],@x[$d3])", + "&vxor (@x[$b0],@x[$b0],@x[$c0])", + "&vxor (@x[$b1],@x[$b1],@x[$c1])", + "&vxor (@x[$b2],@x[$b2],@x[$c2])", + "&vxor (@x[$b3],@x[$b3],@x[$c3])", + "&vrlw (@x[$b0],@x[$b0],'$seven')", + "&vrlw (@x[$b1],@x[$b1],'$seven')", + "&vrlw (@x[$b2],@x[$b2],'$seven')", + "&vrlw (@x[$b3],@x[$b3],'$seven')" + ); +} + +$code.=<<___; + +.globl .ChaCha20_ctr32_vsx +.align 5 +.ChaCha20_ctr32_vsx: + $STU $sp,-$FRAME($sp) + mflr r0 + li r10,`15+$LOCALS+64` + li r11,`31+$LOCALS+64` + mfspr r12,256 + stvx v26,r10,$sp + addi r10,r10,32 + stvx v27,r11,$sp + addi r11,r11,32 + stvx v28,r10,$sp + addi r10,r10,32 + stvx v29,r11,$sp + addi r11,r11,32 + stvx v30,r10,$sp + stvx v31,r11,$sp + stw r12,`$FRAME-4`($sp) # save vrsave + li r12,-4096+63 + $PUSH r0, `$FRAME+$LRSAVE`($sp) + mtspr 256,r12 # preserve 29 AltiVec registers + + bl Lconsts # returns pointer Lsigma in r12 + lvx_4w @K[0],0,r12 # load sigma + addi r12,r12,0x50 + li $x10,16 + li $x20,32 + li $x30,48 + li r11,64 + + lvx_4w @K[1],0,$key # load key + lvx_4w @K[2],$x10,$key + lvx_4w @K[3],0,$ctr # load counter + + vxor $xt0,$xt0,$xt0 + lvx_4w $xt1,r11,r12 + vspltw $CTR,@K[3],0 + vsldoi @K[3],@K[3],$xt0,4 + vsldoi @K[3],$xt0,@K[3],12 # clear @K[3].word[0] + vadduwm $CTR,$CTR,$xt1 + + be?lvsl $beperm,0,$x10 # 0x00..0f + be?vspltisb $xt0,3 # 0x03..03 + be?vxor $beperm,$beperm,$xt0 # swap bytes within words + + li r0,10 # inner loop counter + mtctr r0 + b Loop_outer_vsx + +.align 5 +Loop_outer_vsx: + lvx $xa0,$x00,r12 # load [smashed] sigma + lvx $xa1,$x10,r12 + lvx $xa2,$x20,r12 + lvx $xa3,$x30,r12 + + vspltw $xb0,@K[1],0 # smash the key + vspltw $xb1,@K[1],1 + vspltw $xb2,@K[1],2 + vspltw $xb3,@K[1],3 + + vspltw $xc0,@K[2],0 + vspltw $xc1,@K[2],1 + vspltw $xc2,@K[2],2 + vspltw $xc3,@K[2],3 + + vmr $xd0,$CTR # smash the counter + vspltw $xd1,@K[3],1 + vspltw $xd2,@K[3],2 + vspltw $xd3,@K[3],3 + + vspltisw $sixteen,-16 # synthesize constants + vspltisw $twelve,12 + vspltisw $eight,8 + vspltisw $seven,7 + +Loop_vsx: +___ + foreach (&VSX_lane_ROUND(0, 4, 8,12)) { eval; } + foreach (&VSX_lane_ROUND(0, 5,10,15)) { eval; } +$code.=<<___; + bdnz Loop_vsx + + vadduwm $xd0,$xd0,$CTR + + vmrgew $xt0,$xa0,$xa1 # transpose data + vmrgew $xt1,$xa2,$xa3 + vmrgow $xa0,$xa0,$xa1 + vmrgow $xa2,$xa2,$xa3 + vmrgew $xt2,$xb0,$xb1 + vmrgew $xt3,$xb2,$xb3 + vpermdi $xa1,$xa0,$xa2,0b00 + vpermdi $xa3,$xa0,$xa2,0b11 + vpermdi $xa0,$xt0,$xt1,0b00 + vpermdi $xa2,$xt0,$xt1,0b11 + + vmrgow $xb0,$xb0,$xb1 + vmrgow $xb2,$xb2,$xb3 + vmrgew $xt0,$xc0,$xc1 + vmrgew $xt1,$xc2,$xc3 + vpermdi $xb1,$xb0,$xb2,0b00 + vpermdi $xb3,$xb0,$xb2,0b11 + vpermdi $xb0,$xt2,$xt3,0b00 + vpermdi $xb2,$xt2,$xt3,0b11 + + vmrgow $xc0,$xc0,$xc1 + vmrgow $xc2,$xc2,$xc3 + vmrgew $xt2,$xd0,$xd1 + vmrgew $xt3,$xd2,$xd3 + vpermdi $xc1,$xc0,$xc2,0b00 + vpermdi $xc3,$xc0,$xc2,0b11 + vpermdi $xc0,$xt0,$xt1,0b00 + vpermdi $xc2,$xt0,$xt1,0b11 + + vmrgow $xd0,$xd0,$xd1 + vmrgow $xd2,$xd2,$xd3 + vspltisw $xt0,4 + vadduwm $CTR,$CTR,$xt0 # next counter value + vpermdi $xd1,$xd0,$xd2,0b00 + vpermdi $xd3,$xd0,$xd2,0b11 + vpermdi $xd0,$xt2,$xt3,0b00 + vpermdi $xd2,$xt2,$xt3,0b11 + + vadduwm $xa0,$xa0,@K[0] + vadduwm $xb0,$xb0,@K[1] + vadduwm $xc0,$xc0,@K[2] + vadduwm $xd0,$xd0,@K[3] + + be?vperm $xa0,$xa0,$xa0,$beperm + be?vperm $xb0,$xb0,$xb0,$beperm + be?vperm $xc0,$xc0,$xc0,$beperm + be?vperm $xd0,$xd0,$xd0,$beperm + + ${UCMP}i $len,0x40 + blt Ltail_vsx + + lvx_4w $xt0,$x00,$inp + lvx_4w $xt1,$x10,$inp + lvx_4w $xt2,$x20,$inp + lvx_4w $xt3,$x30,$inp + + vxor $xt0,$xt0,$xa0 + vxor $xt1,$xt1,$xb0 + vxor $xt2,$xt2,$xc0 + vxor $xt3,$xt3,$xd0 + + stvx_4w $xt0,$x00,$out + stvx_4w $xt1,$x10,$out + addi $inp,$inp,0x40 + stvx_4w $xt2,$x20,$out + subi $len,$len,0x40 + stvx_4w $xt3,$x30,$out + addi $out,$out,0x40 + beq Ldone_vsx + + vadduwm $xa0,$xa1,@K[0] + vadduwm $xb0,$xb1,@K[1] + vadduwm $xc0,$xc1,@K[2] + vadduwm $xd0,$xd1,@K[3] + + be?vperm $xa0,$xa0,$xa0,$beperm + be?vperm $xb0,$xb0,$xb0,$beperm + be?vperm $xc0,$xc0,$xc0,$beperm + be?vperm $xd0,$xd0,$xd0,$beperm + + ${UCMP}i $len,0x40 + blt Ltail_vsx + + lvx_4w $xt0,$x00,$inp + lvx_4w $xt1,$x10,$inp + lvx_4w $xt2,$x20,$inp + lvx_4w $xt3,$x30,$inp + + vxor $xt0,$xt0,$xa0 + vxor $xt1,$xt1,$xb0 + vxor $xt2,$xt2,$xc0 + vxor $xt3,$xt3,$xd0 + + stvx_4w $xt0,$x00,$out + stvx_4w $xt1,$x10,$out + addi $inp,$inp,0x40 + stvx_4w $xt2,$x20,$out + subi $len,$len,0x40 + stvx_4w $xt3,$x30,$out + addi $out,$out,0x40 + beq Ldone_vsx + + vadduwm $xa0,$xa2,@K[0] + vadduwm $xb0,$xb2,@K[1] + vadduwm $xc0,$xc2,@K[2] + vadduwm $xd0,$xd2,@K[3] + + be?vperm $xa0,$xa0,$xa0,$beperm + be?vperm $xb0,$xb0,$xb0,$beperm + be?vperm $xc0,$xc0,$xc0,$beperm + be?vperm $xd0,$xd0,$xd0,$beperm + + ${UCMP}i $len,0x40 + blt Ltail_vsx + + lvx_4w $xt0,$x00,$inp + lvx_4w $xt1,$x10,$inp + lvx_4w $xt2,$x20,$inp + lvx_4w $xt3,$x30,$inp + + vxor $xt0,$xt0,$xa0 + vxor $xt1,$xt1,$xb0 + vxor $xt2,$xt2,$xc0 + vxor $xt3,$xt3,$xd0 + + stvx_4w $xt0,$x00,$out + stvx_4w $xt1,$x10,$out + addi $inp,$inp,0x40 + stvx_4w $xt2,$x20,$out + subi $len,$len,0x40 + stvx_4w $xt3,$x30,$out + addi $out,$out,0x40 + beq Ldone_vsx + + vadduwm $xa0,$xa3,@K[0] + vadduwm $xb0,$xb3,@K[1] + vadduwm $xc0,$xc3,@K[2] + vadduwm $xd0,$xd3,@K[3] + + be?vperm $xa0,$xa0,$xa0,$beperm + be?vperm $xb0,$xb0,$xb0,$beperm + be?vperm $xc0,$xc0,$xc0,$beperm + be?vperm $xd0,$xd0,$xd0,$beperm + + ${UCMP}i $len,0x40 + blt Ltail_vsx + + lvx_4w $xt0,$x00,$inp + lvx_4w $xt1,$x10,$inp + lvx_4w $xt2,$x20,$inp + lvx_4w $xt3,$x30,$inp + + vxor $xt0,$xt0,$xa0 + vxor $xt1,$xt1,$xb0 + vxor $xt2,$xt2,$xc0 + vxor $xt3,$xt3,$xd0 + + stvx_4w $xt0,$x00,$out + stvx_4w $xt1,$x10,$out + addi $inp,$inp,0x40 + stvx_4w $xt2,$x20,$out + subi $len,$len,0x40 + stvx_4w $xt3,$x30,$out + addi $out,$out,0x40 + mtctr r0 + bne Loop_outer_vsx + +Ldone_vsx: + lwz r12,`$FRAME-4`($sp) # pull vrsave + li r10,`15+$LOCALS+64` + li r11,`31+$LOCALS+64` + $POP r0, `$FRAME+$LRSAVE`($sp) + mtspr 256,r12 # restore vrsave + lvx v26,r10,$sp + addi r10,r10,32 + lvx v27,r11,$sp + addi r11,r11,32 + lvx v28,r10,$sp + addi r10,r10,32 + lvx v29,r11,$sp + addi r11,r11,32 + lvx v30,r10,$sp + lvx v31,r11,$sp + mtlr r0 + addi $sp,$sp,$FRAME + blr + +.align 4 +Ltail_vsx: + addi r11,$sp,$LOCALS + mtctr $len + stvx_4w $xa0,$x00,r11 # offload block to stack + stvx_4w $xb0,$x10,r11 + stvx_4w $xc0,$x20,r11 + stvx_4w $xd0,$x30,r11 + subi r12,r11,1 # prepare for *++ptr + subi $inp,$inp,1 + subi $out,$out,1 + +Loop_tail_vsx: + lbzu r6,1(r12) + lbzu r7,1($inp) + xor r6,r6,r7 + stbu r6,1($out) + bdnz Loop_tail_vsx + + stvx_4w $K[0],$x00,r11 # wipe copy of the block + stvx_4w $K[0],$x10,r11 + stvx_4w $K[0],$x20,r11 + stvx_4w $K[0],$x30,r11 + + b Ldone_vsx + .long 0 + .byte 0,12,0x04,1,0x80,0,5,0 + .long 0 +.size .ChaCha20_ctr32_vsx,.-.ChaCha20_ctr32_vsx +___ +}}} +$code.=<<___; .align 5 Lconsts: mflr r0 bcl 20,31,\$+4 - mflr r12 #vvvvv "distance between . and _vpaes_consts + mflr r12 #vvvvv "distance between . and Lsigma addi r12,r12,`64-8` mtlr r0 blr @@ -924,10 +1314,14 @@ sub VMXROUND { .long 0x01020300,0x05060704,0x090a0b08,0x0d0e0f0c ___ $code.=<<___; + .long 0x61707865,0x61707865,0x61707865,0x61707865 + .long 0x3320646e,0x3320646e,0x3320646e,0x3320646e + .long 0x79622d32,0x79622d32,0x79622d32,0x79622d32 + .long 0x6b206574,0x6b206574,0x6b206574,0x6b206574 + .long 0,1,2,3 .asciz "ChaCha20 for PowerPC/AltiVec, CRYPTOGAMS by " .align 2 ___ -}}} foreach (split("\n",$code)) { s/\`([^\`]*)\`/eval $1/ge; @@ -940,11 +1334,12 @@ sub VMXROUND { s/\?lvsr/lvsl/ or s/\?lvsl/lvsr/ or s/\?(vperm\s+v[0-9]+,\s*)(v[0-9]+,\s*)(v[0-9]+,\s*)(v[0-9]+)/$1$3$2$4/ or - s/(vsldoi\s+v[0-9]+,\s*)(v[0-9]+,)\s*(v[0-9]+,\s*)([0-9]+)/$1$3$2 16-$4/; + s/vrldoi(\s+v[0-9]+,\s*)(v[0-9]+,)\s*([0-9]+)/vsldoi$1$2$2 16-$3/; } else { # little-endian s/le\?// or s/be\?/#be#/ or - s/\?([a-z]+)/$1/; + s/\?([a-z]+)/$1/ or + s/vrldoi(\s+v[0-9]+,\s*)(v[0-9]+,)\s*([0-9]+)/vsldoi$1$2$2 $3/; } print $_,"\n"; diff --git a/deps/openssl/openssl/crypto/chacha/asm/chacha-x86.pl b/deps/openssl/openssl/crypto/chacha/asm/chacha-x86.pl index 932dec67e43cdf..13c217dcf1f203 100755 --- a/deps/openssl/openssl/crypto/chacha/asm/chacha-x86.pl +++ b/deps/openssl/openssl/crypto/chacha/asm/chacha-x86.pl @@ -28,6 +28,7 @@ # Westmere 9.50/+45% 3.35 # Sandy Bridge 10.5/+47% 3.20 # Haswell 8.15/+50% 2.83 +# Skylake 7.53/+22% 2.75 # Silvermont 17.4/+36% 8.35 # Goldmont 13.4/+40% 4.36 # Sledgehammer 10.2/+54% @@ -42,7 +43,7 @@ $output=pop; open STDOUT,">$output"; -&asm_init($ARGV[0],"chacha-x86.pl",$ARGV[$#ARGV] eq "386"); +&asm_init($ARGV[0],$ARGV[$#ARGV] eq "386"); $xmm=$ymm=0; for (@ARGV) { $xmm=1 if (/-DOPENSSL_IA32_SSE2/); } diff --git a/deps/openssl/openssl/crypto/chacha/asm/chacha-x86_64.pl b/deps/openssl/openssl/crypto/chacha/asm/chacha-x86_64.pl index 347dfcb3e578a3..b54f3b1525bc19 100755 --- a/deps/openssl/openssl/crypto/chacha/asm/chacha-x86_64.pl +++ b/deps/openssl/openssl/crypto/chacha/asm/chacha-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -18,32 +18,45 @@ # # ChaCha20 for x86_64. # +# December 2016 +# +# Add AVX512F code path. +# +# December 2017 +# +# Add AVX512VL code path. +# # Performance in cycles per byte out of large buffer. # -# IALU/gcc 4.8(i) 1xSSSE3/SSE2 4xSSSE3 8xAVX2 +# IALU/gcc 4.8(i) 1x/2xSSSE3(ii) 4xSSSE3 NxAVX(v) # -# P4 9.48/+99% -/22.7(ii) - -# Core2 7.83/+55% 7.90/8.08 4.35 -# Westmere 7.19/+50% 5.60/6.70 3.00 -# Sandy Bridge 8.31/+42% 5.45/6.76 2.72 -# Ivy Bridge 6.71/+46% 5.40/6.49 2.41 -# Haswell 5.92/+43% 5.20/6.45 2.42 1.23 -# Silvermont 12.0/+33% 7.75/7.40 7.03(iii) -# Goldmont 10.6/+17% 5.10/- 3.28 -# Sledgehammer 7.28/+52% -/14.2(ii) - -# Bulldozer 9.66/+28% 9.85/11.1 3.06(iv) -# VIA Nano 10.5/+46% 6.72/8.60 6.05 +# P4 9.48/+99% - - +# Core2 7.83/+55% 7.90/5.76 4.35 +# Westmere 7.19/+50% 5.60/4.50 3.00 +# Sandy Bridge 8.31/+42% 5.45/4.00 2.72 +# Ivy Bridge 6.71/+46% 5.40/? 2.41 +# Haswell 5.92/+43% 5.20/3.45 2.42 1.23 +# Skylake[-X] 5.87/+39% 4.70/3.22 2.31 1.19[0.80(vi)] +# Silvermont 12.0/+33% 7.75/6.90 7.03(iii) +# Knights L 11.7/- ? 9.60(iii) 0.80 +# Goldmont 10.6/+17% 5.10/3.52 3.28 +# Sledgehammer 7.28/+52% - - +# Bulldozer 9.66/+28% 9.85/5.35(iv) 3.06(iv) +# Ryzen 5.96/+50% 5.19/3.00 2.40 2.09 +# VIA Nano 10.5/+46% 6.72/6.88 6.05 # # (i) compared to older gcc 3.x one can observe >2x improvement on # most platforms; -# (ii) as it can be seen, SSE2 performance is too low on legacy -# processors; NxSSE2 results are naturally better, but not -# impressively better than IALU ones, which is why you won't -# find SSE2 code below; +# (ii) 2xSSSE3 is code path optimized specifically for 128 bytes used +# by chacha20_poly1305_tls_cipher, results are EVP-free; # (iii) this is not optimal result for Atom because of MSROM # limitations, SSE2 can do better, but gain is considered too # low to justify the [maintenance] effort; -# (iv) Bulldozer actually executes 4xXOP code path that delivers 2.20; +# (iv) Bulldozer actually executes 4xXOP code path that delivers 2.20 +# and 4.85 for 128-byte inputs; +# (v) 8xAVX2, 8xAVX512VL or 16xAVX512F, whichever best applicable; +# (vi) even though Skylake-X can execute AVX512F code and deliver 0.57 +# cpb in single thread, the corresponding capability is suppressed; $flavour = shift; $output = shift; @@ -58,12 +71,13 @@ if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` =~ /GNU assembler version ([2-9]\.[0-9]+)/) { - $avx = ($1>=2.19) + ($1>=2.22); + $avx = ($1>=2.19) + ($1>=2.22) + ($1>=2.25); } if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) && - `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) { - $avx = ($1>=2.09) + ($1>=2.10); + `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)(?:\.([0-9]+))?/) { + $avx = ($1>=2.09) + ($1>=2.10) + ($1>=2.12); + $avx += 1 if ($1==2.11 && $2>=8); } if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && @@ -103,6 +117,17 @@ .byte 0x2,0x3,0x0,0x1, 0x6,0x7,0x4,0x5, 0xa,0xb,0x8,0x9, 0xe,0xf,0xc,0xd .Lrot24: .byte 0x3,0x0,0x1,0x2, 0x7,0x4,0x5,0x6, 0xb,0x8,0x9,0xa, 0xf,0xc,0xd,0xe +.Ltwoy: +.long 2,0,0,0, 2,0,0,0 +.align 64 +.Lzeroz: +.long 0,0,0,0, 1,0,0,0, 2,0,0,0, 3,0,0,0 +.Lfourz: +.long 4,0,0,0, 4,0,0,0, 4,0,0,0, 4,0,0,0 +.Lincz: +.long 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 +.Lsixteen: +.long 16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16 .Lsigma: .asciz "expand 32-byte k" .asciz "ChaCha20 for x86_64, CRYPTOGAMS by " @@ -227,19 +252,36 @@ sub ROUND { # critical path is 24 cycles per round .type ChaCha20_ctr32,\@function,5 .align 64 ChaCha20_ctr32: +.cfi_startproc cmp \$0,$len je .Lno_data mov OPENSSL_ia32cap_P+4(%rip),%r10 +___ +$code.=<<___ if ($avx>2); + bt \$48,%r10 # check for AVX512F + jc .LChaCha20_avx512 + test %r10,%r10 # check for AVX512VL + js .LChaCha20_avx512vl +___ +$code.=<<___; test \$`1<<(41-32)`,%r10d jnz .LChaCha20_ssse3 push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 sub \$64+24,%rsp +.cfi_adjust_cfa_offset 64+24 +.Lctr32_body: #movdqa .Lsigma(%rip),%xmm0 movdqu ($key),%xmm1 @@ -378,15 +420,25 @@ sub ROUND { # critical path is 24 cycles per round jnz .Loop_tail .Ldone: - add \$64+24,%rsp - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx + lea 64+24+48(%rsp),%rsi +.cfi_def_cfa %rsi,8 + mov -48(%rsi),%r15 +.cfi_restore %r15 + mov -40(%rsi),%r14 +.cfi_restore %r14 + mov -32(%rsi),%r13 +.cfi_restore %r13 + mov -24(%rsi),%r12 +.cfi_restore %r12 + mov -16(%rsi),%rbp +.cfi_restore %rbp + mov -8(%rsi),%rbx +.cfi_restore %rbx + lea (%rsi),%rsp +.cfi_def_cfa_register %rsp .Lno_data: ret +.cfi_endproc .size ChaCha20_ctr32,.-ChaCha20_ctr32 ___ @@ -419,13 +471,16 @@ sub SSSE3ROUND { # critical path is 20 "SIMD ticks" per round &por ($b,$t); } -my $xframe = $win64 ? 32+32+8 : 24; +my $xframe = $win64 ? 32+8 : 8; $code.=<<___; .type ChaCha20_ssse3,\@function,5 .align 32 ChaCha20_ssse3: +.cfi_startproc .LChaCha20_ssse3: + mov %rsp,%r9 # frame pointer +.cfi_def_cfa_register %r9 ___ $code.=<<___ if ($avx); test \$`1<<(43-32)`,%r10d @@ -433,21 +488,16 @@ sub SSSE3ROUND { # critical path is 20 "SIMD ticks" per round ___ $code.=<<___; cmp \$128,$len # we might throw away some data, + je .LChaCha20_128 ja .LChaCha20_4x # but overall it won't be slower .Ldo_sse3_after_all: - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - sub \$64+$xframe,%rsp ___ $code.=<<___ if ($win64); - movaps %xmm6,64+32(%rsp) - movaps %xmm7,64+48(%rsp) + movaps %xmm6,-0x28(%r9) + movaps %xmm7,-0x18(%r9) +.Lssse3_body: ___ $code.=<<___; movdqa .Lsigma(%rip),$a @@ -461,7 +511,7 @@ sub SSSE3ROUND { # critical path is 20 "SIMD ticks" per round movdqa $b,0x10(%rsp) movdqa $c,0x20(%rsp) movdqa $d,0x30(%rsp) - mov \$10,%ebp + mov \$10,$counter # reuse $counter jmp .Loop_ssse3 .align 32 @@ -471,7 +521,7 @@ sub SSSE3ROUND { # critical path is 20 "SIMD ticks" per round movdqa 0x10(%rsp),$b movdqa 0x20(%rsp),$c paddd 0x30(%rsp),$d - mov \$10,%ebp + mov \$10,$counter movdqa $d,0x30(%rsp) jmp .Loop_ssse3 @@ -489,7 +539,7 @@ sub SSSE3ROUND { # critical path is 20 "SIMD ticks" per round &pshufd ($b,$b,0b10010011); &pshufd ($d,$d,0b00111001); - &dec ("%ebp"); + &dec ($counter); &jnz (".Loop_ssse3"); $code.=<<___; @@ -528,36 +578,199 @@ sub SSSE3ROUND { # critical path is 20 "SIMD ticks" per round movdqa $b,0x10(%rsp) movdqa $c,0x20(%rsp) movdqa $d,0x30(%rsp) - xor %rbx,%rbx + xor $counter,$counter .Loop_tail_ssse3: - movzb ($inp,%rbx),%eax - movzb (%rsp,%rbx),%ecx - lea 1(%rbx),%rbx + movzb ($inp,$counter),%eax + movzb (%rsp,$counter),%ecx + lea 1($counter),$counter xor %ecx,%eax - mov %al,-1($out,%rbx) + mov %al,-1($out,$counter) dec $len jnz .Loop_tail_ssse3 .Ldone_ssse3: ___ $code.=<<___ if ($win64); - movaps 64+32(%rsp),%xmm6 - movaps 64+48(%rsp),%xmm7 + movaps -0x28(%r9),%xmm6 + movaps -0x18(%r9),%xmm7 ___ $code.=<<___; - add \$64+$xframe,%rsp - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx + lea (%r9),%rsp +.cfi_def_cfa_register %rsp +.Lssse3_epilogue: ret +.cfi_endproc .size ChaCha20_ssse3,.-ChaCha20_ssse3 ___ } +######################################################################## +# SSSE3 code path that handles 128-byte inputs +{ +my ($a,$b,$c,$d,$t,$t1,$rot16,$rot24)=map("%xmm$_",(8,9,2..7)); +my ($a1,$b1,$c1,$d1)=map("%xmm$_",(10,11,0,1)); + +sub SSSE3ROUND_2x { + &paddd ($a,$b); + &pxor ($d,$a); + &paddd ($a1,$b1); + &pxor ($d1,$a1); + &pshufb ($d,$rot16); + &pshufb($d1,$rot16); + + &paddd ($c,$d); + &paddd ($c1,$d1); + &pxor ($b,$c); + &pxor ($b1,$c1); + &movdqa ($t,$b); + &psrld ($b,20); + &movdqa($t1,$b1); + &pslld ($t,12); + &psrld ($b1,20); + &por ($b,$t); + &pslld ($t1,12); + &por ($b1,$t1); + + &paddd ($a,$b); + &pxor ($d,$a); + &paddd ($a1,$b1); + &pxor ($d1,$a1); + &pshufb ($d,$rot24); + &pshufb($d1,$rot24); + + &paddd ($c,$d); + &paddd ($c1,$d1); + &pxor ($b,$c); + &pxor ($b1,$c1); + &movdqa ($t,$b); + &psrld ($b,25); + &movdqa($t1,$b1); + &pslld ($t,7); + &psrld ($b1,25); + &por ($b,$t); + &pslld ($t1,7); + &por ($b1,$t1); +} + +my $xframe = $win64 ? 0x68 : 8; + +$code.=<<___; +.type ChaCha20_128,\@function,5 +.align 32 +ChaCha20_128: +.cfi_startproc +.LChaCha20_128: + mov %rsp,%r9 # frame pointer +.cfi_def_cfa_register %r9 + sub \$64+$xframe,%rsp +___ +$code.=<<___ if ($win64); + movaps %xmm6,-0x68(%r9) + movaps %xmm7,-0x58(%r9) + movaps %xmm8,-0x48(%r9) + movaps %xmm9,-0x38(%r9) + movaps %xmm10,-0x28(%r9) + movaps %xmm11,-0x18(%r9) +.L128_body: +___ +$code.=<<___; + movdqa .Lsigma(%rip),$a + movdqu ($key),$b + movdqu 16($key),$c + movdqu ($counter),$d + movdqa .Lone(%rip),$d1 + movdqa .Lrot16(%rip),$rot16 + movdqa .Lrot24(%rip),$rot24 + + movdqa $a,$a1 + movdqa $a,0x00(%rsp) + movdqa $b,$b1 + movdqa $b,0x10(%rsp) + movdqa $c,$c1 + movdqa $c,0x20(%rsp) + paddd $d,$d1 + movdqa $d,0x30(%rsp) + mov \$10,$counter # reuse $counter + jmp .Loop_128 + +.align 32 +.Loop_128: +___ + &SSSE3ROUND_2x(); + &pshufd ($c,$c,0b01001110); + &pshufd ($b,$b,0b00111001); + &pshufd ($d,$d,0b10010011); + &pshufd ($c1,$c1,0b01001110); + &pshufd ($b1,$b1,0b00111001); + &pshufd ($d1,$d1,0b10010011); + + &SSSE3ROUND_2x(); + &pshufd ($c,$c,0b01001110); + &pshufd ($b,$b,0b10010011); + &pshufd ($d,$d,0b00111001); + &pshufd ($c1,$c1,0b01001110); + &pshufd ($b1,$b1,0b10010011); + &pshufd ($d1,$d1,0b00111001); + + &dec ($counter); + &jnz (".Loop_128"); + +$code.=<<___; + paddd 0x00(%rsp),$a + paddd 0x10(%rsp),$b + paddd 0x20(%rsp),$c + paddd 0x30(%rsp),$d + paddd .Lone(%rip),$d1 + paddd 0x00(%rsp),$a1 + paddd 0x10(%rsp),$b1 + paddd 0x20(%rsp),$c1 + paddd 0x30(%rsp),$d1 + + movdqu 0x00($inp),$t + movdqu 0x10($inp),$t1 + pxor $t,$a # xor with input + movdqu 0x20($inp),$t + pxor $t1,$b + movdqu 0x30($inp),$t1 + pxor $t,$c + movdqu 0x40($inp),$t + pxor $t1,$d + movdqu 0x50($inp),$t1 + pxor $t,$a1 + movdqu 0x60($inp),$t + pxor $t1,$b1 + movdqu 0x70($inp),$t1 + pxor $t,$c1 + pxor $t1,$d1 + + movdqu $a,0x00($out) # write output + movdqu $b,0x10($out) + movdqu $c,0x20($out) + movdqu $d,0x30($out) + movdqu $a1,0x40($out) + movdqu $b1,0x50($out) + movdqu $c1,0x60($out) + movdqu $d1,0x70($out) +___ +$code.=<<___ if ($win64); + movaps -0x68(%r9),%xmm6 + movaps -0x58(%r9),%xmm7 + movaps -0x48(%r9),%xmm8 + movaps -0x38(%r9),%xmm9 + movaps -0x28(%r9),%xmm10 + movaps -0x18(%r9),%xmm11 +___ +$code.=<<___; + lea (%r9),%rsp +.cfi_def_cfa_register %rsp +.L128_epilogue: + ret +.cfi_endproc +.size ChaCha20_128,.-ChaCha20_128 +___ +} + ######################################################################## # SSSE3 code path that handles longer messages. { @@ -689,13 +902,16 @@ sub SSSE3_lane_ROUND { ); } -my $xframe = $win64 ? 0xa0 : 0; +my $xframe = $win64 ? 0xa8 : 8; $code.=<<___; .type ChaCha20_4x,\@function,5 .align 32 ChaCha20_4x: +.cfi_startproc .LChaCha20_4x: + mov %rsp,%r9 # frame pointer +.cfi_def_cfa_register %r9 mov %r10,%r11 ___ $code.=<<___ if ($avx>1); @@ -712,8 +928,7 @@ sub SSSE3_lane_ROUND { je .Ldo_sse3_after_all # to detect Atom .Lproceed4x: - lea -0x78(%rsp),%r11 - sub \$0x148+$xframe,%rsp + sub \$0x140+$xframe,%rsp ___ ################ stack layout # +0x00 SIMD equivalent of @x[8-12] @@ -724,16 +939,17 @@ sub SSSE3_lane_ROUND { # ... # +0x140 $code.=<<___ if ($win64); - movaps %xmm6,-0x30(%r11) - movaps %xmm7,-0x20(%r11) - movaps %xmm8,-0x10(%r11) - movaps %xmm9,0x00(%r11) - movaps %xmm10,0x10(%r11) - movaps %xmm11,0x20(%r11) - movaps %xmm12,0x30(%r11) - movaps %xmm13,0x40(%r11) - movaps %xmm14,0x50(%r11) - movaps %xmm15,0x60(%r11) + movaps %xmm6,-0xa8(%r9) + movaps %xmm7,-0x98(%r9) + movaps %xmm8,-0x88(%r9) + movaps %xmm9,-0x78(%r9) + movaps %xmm10,-0x68(%r9) + movaps %xmm11,-0x58(%r9) + movaps %xmm12,-0x48(%r9) + movaps %xmm13,-0x38(%r9) + movaps %xmm14,-0x28(%r9) + movaps %xmm15,-0x18(%r9) +.L4x_body: ___ $code.=<<___; movdqa .Lsigma(%rip),$xa3 # key[0] @@ -1122,21 +1338,23 @@ sub SSSE3_lane_ROUND { .Ldone4x: ___ $code.=<<___ if ($win64); - lea 0x140+0x30(%rsp),%r11 - movaps -0x30(%r11),%xmm6 - movaps -0x20(%r11),%xmm7 - movaps -0x10(%r11),%xmm8 - movaps 0x00(%r11),%xmm9 - movaps 0x10(%r11),%xmm10 - movaps 0x20(%r11),%xmm11 - movaps 0x30(%r11),%xmm12 - movaps 0x40(%r11),%xmm13 - movaps 0x50(%r11),%xmm14 - movaps 0x60(%r11),%xmm15 -___ -$code.=<<___; - add \$0x148+$xframe,%rsp + movaps -0xa8(%r9),%xmm6 + movaps -0x98(%r9),%xmm7 + movaps -0x88(%r9),%xmm8 + movaps -0x78(%r9),%xmm9 + movaps -0x68(%r9),%xmm10 + movaps -0x58(%r9),%xmm11 + movaps -0x48(%r9),%xmm12 + movaps -0x38(%r9),%xmm13 + movaps -0x28(%r9),%xmm14 + movaps -0x18(%r9),%xmm15 +___ +$code.=<<___; + lea (%r9),%rsp +.cfi_def_cfa_register %rsp +.L4x_epilogue: ret +.cfi_endproc .size ChaCha20_4x,.-ChaCha20_4x ___ } @@ -1217,15 +1435,17 @@ sub XOP_lane_ROUND { ); } -my $xframe = $win64 ? 0xa0 : 0; +my $xframe = $win64 ? 0xa8 : 8; $code.=<<___; .type ChaCha20_4xop,\@function,5 .align 32 ChaCha20_4xop: +.cfi_startproc .LChaCha20_4xop: - lea -0x78(%rsp),%r11 - sub \$0x148+$xframe,%rsp + mov %rsp,%r9 # frame pointer +.cfi_def_cfa_register %r9 + sub \$0x140+$xframe,%rsp ___ ################ stack layout # +0x00 SIMD equivalent of @x[8-12] @@ -1236,16 +1456,17 @@ sub XOP_lane_ROUND { # ... # +0x140 $code.=<<___ if ($win64); - movaps %xmm6,-0x30(%r11) - movaps %xmm7,-0x20(%r11) - movaps %xmm8,-0x10(%r11) - movaps %xmm9,0x00(%r11) - movaps %xmm10,0x10(%r11) - movaps %xmm11,0x20(%r11) - movaps %xmm12,0x30(%r11) - movaps %xmm13,0x40(%r11) - movaps %xmm14,0x50(%r11) - movaps %xmm15,0x60(%r11) + movaps %xmm6,-0xa8(%r9) + movaps %xmm7,-0x98(%r9) + movaps %xmm8,-0x88(%r9) + movaps %xmm9,-0x78(%r9) + movaps %xmm10,-0x68(%r9) + movaps %xmm11,-0x58(%r9) + movaps %xmm12,-0x48(%r9) + movaps %xmm13,-0x38(%r9) + movaps %xmm14,-0x28(%r9) + movaps %xmm15,-0x18(%r9) +.L4xop_body: ___ $code.=<<___; vzeroupper @@ -1573,21 +1794,23 @@ sub XOP_lane_ROUND { vzeroupper ___ $code.=<<___ if ($win64); - lea 0x140+0x30(%rsp),%r11 - movaps -0x30(%r11),%xmm6 - movaps -0x20(%r11),%xmm7 - movaps -0x10(%r11),%xmm8 - movaps 0x00(%r11),%xmm9 - movaps 0x10(%r11),%xmm10 - movaps 0x20(%r11),%xmm11 - movaps 0x30(%r11),%xmm12 - movaps 0x40(%r11),%xmm13 - movaps 0x50(%r11),%xmm14 - movaps 0x60(%r11),%xmm15 -___ -$code.=<<___; - add \$0x148+$xframe,%rsp + movaps -0xa8(%r9),%xmm6 + movaps -0x98(%r9),%xmm7 + movaps -0x88(%r9),%xmm8 + movaps -0x78(%r9),%xmm9 + movaps -0x68(%r9),%xmm10 + movaps -0x58(%r9),%xmm11 + movaps -0x48(%r9),%xmm12 + movaps -0x38(%r9),%xmm13 + movaps -0x28(%r9),%xmm14 + movaps -0x18(%r9),%xmm15 +___ +$code.=<<___; + lea (%r9),%rsp +.cfi_def_cfa_register %rsp +.L4xop_epilogue: ret +.cfi_endproc .size ChaCha20_4xop,.-ChaCha20_4xop ___ } @@ -1714,33 +1937,34 @@ sub AVX2_lane_ROUND { ); } -my $xframe = $win64 ? 0xb0 : 8; +my $xframe = $win64 ? 0xa8 : 8; $code.=<<___; .type ChaCha20_8x,\@function,5 .align 32 ChaCha20_8x: +.cfi_startproc .LChaCha20_8x: - mov %rsp,%r10 + mov %rsp,%r9 # frame register +.cfi_def_cfa_register %r9 sub \$0x280+$xframe,%rsp and \$-32,%rsp ___ $code.=<<___ if ($win64); - lea 0x290+0x30(%rsp),%r11 - movaps %xmm6,-0x30(%r11) - movaps %xmm7,-0x20(%r11) - movaps %xmm8,-0x10(%r11) - movaps %xmm9,0x00(%r11) - movaps %xmm10,0x10(%r11) - movaps %xmm11,0x20(%r11) - movaps %xmm12,0x30(%r11) - movaps %xmm13,0x40(%r11) - movaps %xmm14,0x50(%r11) - movaps %xmm15,0x60(%r11) + movaps %xmm6,-0xa8(%r9) + movaps %xmm7,-0x98(%r9) + movaps %xmm8,-0x88(%r9) + movaps %xmm9,-0x78(%r9) + movaps %xmm10,-0x68(%r9) + movaps %xmm11,-0x58(%r9) + movaps %xmm12,-0x48(%r9) + movaps %xmm13,-0x38(%r9) + movaps %xmm14,-0x28(%r9) + movaps %xmm15,-0x18(%r9) +.L8x_body: ___ $code.=<<___; vzeroupper - mov %r10,0x280(%rsp) ################ stack layout # +0x00 SIMD equivalent of @x[8-12] @@ -1749,7 +1973,7 @@ sub AVX2_lane_ROUND { # ... # +0x200 SIMD counters (with nonce smashed by lanes) # ... - # +0x280 saved %rsp + # +0x280 vbroadcasti128 .Lsigma(%rip),$xa3 # key[0] vbroadcasti128 ($key),$xb3 # key[1] @@ -2215,29 +2439,1565 @@ sub AVX2_lane_ROUND { vzeroall ___ $code.=<<___ if ($win64); - lea 0x290+0x30(%rsp),%r11 - movaps -0x30(%r11),%xmm6 - movaps -0x20(%r11),%xmm7 - movaps -0x10(%r11),%xmm8 - movaps 0x00(%r11),%xmm9 - movaps 0x10(%r11),%xmm10 - movaps 0x20(%r11),%xmm11 - movaps 0x30(%r11),%xmm12 - movaps 0x40(%r11),%xmm13 - movaps 0x50(%r11),%xmm14 - movaps 0x60(%r11),%xmm15 -___ -$code.=<<___; - mov 0x280(%rsp),%rsp + movaps -0xa8(%r9),%xmm6 + movaps -0x98(%r9),%xmm7 + movaps -0x88(%r9),%xmm8 + movaps -0x78(%r9),%xmm9 + movaps -0x68(%r9),%xmm10 + movaps -0x58(%r9),%xmm11 + movaps -0x48(%r9),%xmm12 + movaps -0x38(%r9),%xmm13 + movaps -0x28(%r9),%xmm14 + movaps -0x18(%r9),%xmm15 +___ +$code.=<<___; + lea (%r9),%rsp +.cfi_def_cfa_register %rsp +.L8x_epilogue: ret +.cfi_endproc .size ChaCha20_8x,.-ChaCha20_8x ___ } +######################################################################## +# AVX512 code paths +if ($avx>2) { +# This one handles shorter inputs... + +my ($a,$b,$c,$d, $a_,$b_,$c_,$d_,$fourz) = map("%zmm$_",(0..3,16..20)); +my ($t0,$t1,$t2,$t3) = map("%xmm$_",(4..7)); + +sub vpxord() # size optimization +{ my $opcode = "vpxor"; # adhere to vpxor when possible + + foreach (@_) { + if (/%([zy])mm([0-9]+)/ && ($1 eq "z" || $2>=16)) { + $opcode = "vpxord"; + last; + } + } + + $code .= "\t$opcode\t".join(',',reverse @_)."\n"; +} + +sub AVX512ROUND { # critical path is 14 "SIMD ticks" per round + &vpaddd ($a,$a,$b); + &vpxord ($d,$d,$a); + &vprold ($d,$d,16); + + &vpaddd ($c,$c,$d); + &vpxord ($b,$b,$c); + &vprold ($b,$b,12); + + &vpaddd ($a,$a,$b); + &vpxord ($d,$d,$a); + &vprold ($d,$d,8); + + &vpaddd ($c,$c,$d); + &vpxord ($b,$b,$c); + &vprold ($b,$b,7); +} + +my $xframe = $win64 ? 32+8 : 8; + +$code.=<<___; +.type ChaCha20_avx512,\@function,5 +.align 32 +ChaCha20_avx512: +.cfi_startproc +.LChaCha20_avx512: + mov %rsp,%r9 # frame pointer +.cfi_def_cfa_register %r9 + cmp \$512,$len + ja .LChaCha20_16x + + sub \$64+$xframe,%rsp +___ +$code.=<<___ if ($win64); + movaps %xmm6,-0x28(%r9) + movaps %xmm7,-0x18(%r9) +.Lavx512_body: +___ +$code.=<<___; + vbroadcasti32x4 .Lsigma(%rip),$a + vbroadcasti32x4 ($key),$b + vbroadcasti32x4 16($key),$c + vbroadcasti32x4 ($counter),$d + + vmovdqa32 $a,$a_ + vmovdqa32 $b,$b_ + vmovdqa32 $c,$c_ + vpaddd .Lzeroz(%rip),$d,$d + vmovdqa32 .Lfourz(%rip),$fourz + mov \$10,$counter # reuse $counter + vmovdqa32 $d,$d_ + jmp .Loop_avx512 + +.align 16 +.Loop_outer_avx512: + vmovdqa32 $a_,$a + vmovdqa32 $b_,$b + vmovdqa32 $c_,$c + vpaddd $fourz,$d_,$d + mov \$10,$counter + vmovdqa32 $d,$d_ + jmp .Loop_avx512 + +.align 32 +.Loop_avx512: +___ + &AVX512ROUND(); + &vpshufd ($c,$c,0b01001110); + &vpshufd ($b,$b,0b00111001); + &vpshufd ($d,$d,0b10010011); + + &AVX512ROUND(); + &vpshufd ($c,$c,0b01001110); + &vpshufd ($b,$b,0b10010011); + &vpshufd ($d,$d,0b00111001); + + &dec ($counter); + &jnz (".Loop_avx512"); + +$code.=<<___; + vpaddd $a_,$a,$a + vpaddd $b_,$b,$b + vpaddd $c_,$c,$c + vpaddd $d_,$d,$d + + sub \$64,$len + jb .Ltail64_avx512 + + vpxor 0x00($inp),%x#$a,$t0 # xor with input + vpxor 0x10($inp),%x#$b,$t1 + vpxor 0x20($inp),%x#$c,$t2 + vpxor 0x30($inp),%x#$d,$t3 + lea 0x40($inp),$inp # inp+=64 + + vmovdqu $t0,0x00($out) # write output + vmovdqu $t1,0x10($out) + vmovdqu $t2,0x20($out) + vmovdqu $t3,0x30($out) + lea 0x40($out),$out # out+=64 + + jz .Ldone_avx512 + + vextracti32x4 \$1,$a,$t0 + vextracti32x4 \$1,$b,$t1 + vextracti32x4 \$1,$c,$t2 + vextracti32x4 \$1,$d,$t3 + + sub \$64,$len + jb .Ltail_avx512 + + vpxor 0x00($inp),$t0,$t0 # xor with input + vpxor 0x10($inp),$t1,$t1 + vpxor 0x20($inp),$t2,$t2 + vpxor 0x30($inp),$t3,$t3 + lea 0x40($inp),$inp # inp+=64 + + vmovdqu $t0,0x00($out) # write output + vmovdqu $t1,0x10($out) + vmovdqu $t2,0x20($out) + vmovdqu $t3,0x30($out) + lea 0x40($out),$out # out+=64 + + jz .Ldone_avx512 + + vextracti32x4 \$2,$a,$t0 + vextracti32x4 \$2,$b,$t1 + vextracti32x4 \$2,$c,$t2 + vextracti32x4 \$2,$d,$t3 + + sub \$64,$len + jb .Ltail_avx512 + + vpxor 0x00($inp),$t0,$t0 # xor with input + vpxor 0x10($inp),$t1,$t1 + vpxor 0x20($inp),$t2,$t2 + vpxor 0x30($inp),$t3,$t3 + lea 0x40($inp),$inp # inp+=64 + + vmovdqu $t0,0x00($out) # write output + vmovdqu $t1,0x10($out) + vmovdqu $t2,0x20($out) + vmovdqu $t3,0x30($out) + lea 0x40($out),$out # out+=64 + + jz .Ldone_avx512 + + vextracti32x4 \$3,$a,$t0 + vextracti32x4 \$3,$b,$t1 + vextracti32x4 \$3,$c,$t2 + vextracti32x4 \$3,$d,$t3 + + sub \$64,$len + jb .Ltail_avx512 + + vpxor 0x00($inp),$t0,$t0 # xor with input + vpxor 0x10($inp),$t1,$t1 + vpxor 0x20($inp),$t2,$t2 + vpxor 0x30($inp),$t3,$t3 + lea 0x40($inp),$inp # inp+=64 + + vmovdqu $t0,0x00($out) # write output + vmovdqu $t1,0x10($out) + vmovdqu $t2,0x20($out) + vmovdqu $t3,0x30($out) + lea 0x40($out),$out # out+=64 + + jnz .Loop_outer_avx512 + + jmp .Ldone_avx512 + +.align 16 +.Ltail64_avx512: + vmovdqa %x#$a,0x00(%rsp) + vmovdqa %x#$b,0x10(%rsp) + vmovdqa %x#$c,0x20(%rsp) + vmovdqa %x#$d,0x30(%rsp) + add \$64,$len + jmp .Loop_tail_avx512 + +.align 16 +.Ltail_avx512: + vmovdqa $t0,0x00(%rsp) + vmovdqa $t1,0x10(%rsp) + vmovdqa $t2,0x20(%rsp) + vmovdqa $t3,0x30(%rsp) + add \$64,$len + +.Loop_tail_avx512: + movzb ($inp,$counter),%eax + movzb (%rsp,$counter),%ecx + lea 1($counter),$counter + xor %ecx,%eax + mov %al,-1($out,$counter) + dec $len + jnz .Loop_tail_avx512 + + vmovdqu32 $a_,0x00(%rsp) + +.Ldone_avx512: + vzeroall +___ +$code.=<<___ if ($win64); + movaps -0x28(%r9),%xmm6 + movaps -0x18(%r9),%xmm7 +___ +$code.=<<___; + lea (%r9),%rsp +.cfi_def_cfa_register %rsp +.Lavx512_epilogue: + ret +.cfi_endproc +.size ChaCha20_avx512,.-ChaCha20_avx512 +___ + +map(s/%z/%y/, $a,$b,$c,$d, $a_,$b_,$c_,$d_,$fourz); + +$code.=<<___; +.type ChaCha20_avx512vl,\@function,5 +.align 32 +ChaCha20_avx512vl: +.cfi_startproc +.LChaCha20_avx512vl: + mov %rsp,%r9 # frame pointer +.cfi_def_cfa_register %r9 + cmp \$128,$len + ja .LChaCha20_8xvl + + sub \$64+$xframe,%rsp +___ +$code.=<<___ if ($win64); + movaps %xmm6,-0x28(%r9) + movaps %xmm7,-0x18(%r9) +.Lavx512vl_body: +___ +$code.=<<___; + vbroadcasti128 .Lsigma(%rip),$a + vbroadcasti128 ($key),$b + vbroadcasti128 16($key),$c + vbroadcasti128 ($counter),$d + + vmovdqa32 $a,$a_ + vmovdqa32 $b,$b_ + vmovdqa32 $c,$c_ + vpaddd .Lzeroz(%rip),$d,$d + vmovdqa32 .Ltwoy(%rip),$fourz + mov \$10,$counter # reuse $counter + vmovdqa32 $d,$d_ + jmp .Loop_avx512vl + +.align 16 +.Loop_outer_avx512vl: + vmovdqa32 $c_,$c + vpaddd $fourz,$d_,$d + mov \$10,$counter + vmovdqa32 $d,$d_ + jmp .Loop_avx512vl + +.align 32 +.Loop_avx512vl: +___ + &AVX512ROUND(); + &vpshufd ($c,$c,0b01001110); + &vpshufd ($b,$b,0b00111001); + &vpshufd ($d,$d,0b10010011); + + &AVX512ROUND(); + &vpshufd ($c,$c,0b01001110); + &vpshufd ($b,$b,0b10010011); + &vpshufd ($d,$d,0b00111001); + + &dec ($counter); + &jnz (".Loop_avx512vl"); + +$code.=<<___; + vpaddd $a_,$a,$a + vpaddd $b_,$b,$b + vpaddd $c_,$c,$c + vpaddd $d_,$d,$d + + sub \$64,$len + jb .Ltail64_avx512vl + + vpxor 0x00($inp),%x#$a,$t0 # xor with input + vpxor 0x10($inp),%x#$b,$t1 + vpxor 0x20($inp),%x#$c,$t2 + vpxor 0x30($inp),%x#$d,$t3 + lea 0x40($inp),$inp # inp+=64 + + vmovdqu $t0,0x00($out) # write output + vmovdqu $t1,0x10($out) + vmovdqu $t2,0x20($out) + vmovdqu $t3,0x30($out) + lea 0x40($out),$out # out+=64 + + jz .Ldone_avx512vl + + vextracti128 \$1,$a,$t0 + vextracti128 \$1,$b,$t1 + vextracti128 \$1,$c,$t2 + vextracti128 \$1,$d,$t3 + + sub \$64,$len + jb .Ltail_avx512vl + + vpxor 0x00($inp),$t0,$t0 # xor with input + vpxor 0x10($inp),$t1,$t1 + vpxor 0x20($inp),$t2,$t2 + vpxor 0x30($inp),$t3,$t3 + lea 0x40($inp),$inp # inp+=64 + + vmovdqu $t0,0x00($out) # write output + vmovdqu $t1,0x10($out) + vmovdqu $t2,0x20($out) + vmovdqu $t3,0x30($out) + lea 0x40($out),$out # out+=64 + + vmovdqa32 $a_,$a + vmovdqa32 $b_,$b + jnz .Loop_outer_avx512vl + + jmp .Ldone_avx512vl + +.align 16 +.Ltail64_avx512vl: + vmovdqa %x#$a,0x00(%rsp) + vmovdqa %x#$b,0x10(%rsp) + vmovdqa %x#$c,0x20(%rsp) + vmovdqa %x#$d,0x30(%rsp) + add \$64,$len + jmp .Loop_tail_avx512vl + +.align 16 +.Ltail_avx512vl: + vmovdqa $t0,0x00(%rsp) + vmovdqa $t1,0x10(%rsp) + vmovdqa $t2,0x20(%rsp) + vmovdqa $t3,0x30(%rsp) + add \$64,$len + +.Loop_tail_avx512vl: + movzb ($inp,$counter),%eax + movzb (%rsp,$counter),%ecx + lea 1($counter),$counter + xor %ecx,%eax + mov %al,-1($out,$counter) + dec $len + jnz .Loop_tail_avx512vl + + vmovdqu32 $a_,0x00(%rsp) + vmovdqu32 $a_,0x20(%rsp) + +.Ldone_avx512vl: + vzeroall +___ +$code.=<<___ if ($win64); + movaps -0x28(%r9),%xmm6 + movaps -0x18(%r9),%xmm7 +___ +$code.=<<___; + lea (%r9),%rsp +.cfi_def_cfa_register %rsp +.Lavx512vl_epilogue: + ret +.cfi_endproc +.size ChaCha20_avx512vl,.-ChaCha20_avx512vl +___ +} +if ($avx>2) { +# This one handles longer inputs... + +my ($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3, + $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3)=map("%zmm$_",(0..15)); +my @xx=($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3, + $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3); +my @key=map("%zmm$_",(16..31)); +my ($xt0,$xt1,$xt2,$xt3)=@key[0..3]; + +sub AVX512_lane_ROUND { +my ($a0,$b0,$c0,$d0)=@_; +my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0)); +my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1)); +my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2)); +my @x=map("\"$_\"",@xx); + + ( + "&vpaddd (@x[$a0],@x[$a0],@x[$b0])", # Q1 + "&vpaddd (@x[$a1],@x[$a1],@x[$b1])", # Q2 + "&vpaddd (@x[$a2],@x[$a2],@x[$b2])", # Q3 + "&vpaddd (@x[$a3],@x[$a3],@x[$b3])", # Q4 + "&vpxord (@x[$d0],@x[$d0],@x[$a0])", + "&vpxord (@x[$d1],@x[$d1],@x[$a1])", + "&vpxord (@x[$d2],@x[$d2],@x[$a2])", + "&vpxord (@x[$d3],@x[$d3],@x[$a3])", + "&vprold (@x[$d0],@x[$d0],16)", + "&vprold (@x[$d1],@x[$d1],16)", + "&vprold (@x[$d2],@x[$d2],16)", + "&vprold (@x[$d3],@x[$d3],16)", + + "&vpaddd (@x[$c0],@x[$c0],@x[$d0])", + "&vpaddd (@x[$c1],@x[$c1],@x[$d1])", + "&vpaddd (@x[$c2],@x[$c2],@x[$d2])", + "&vpaddd (@x[$c3],@x[$c3],@x[$d3])", + "&vpxord (@x[$b0],@x[$b0],@x[$c0])", + "&vpxord (@x[$b1],@x[$b1],@x[$c1])", + "&vpxord (@x[$b2],@x[$b2],@x[$c2])", + "&vpxord (@x[$b3],@x[$b3],@x[$c3])", + "&vprold (@x[$b0],@x[$b0],12)", + "&vprold (@x[$b1],@x[$b1],12)", + "&vprold (@x[$b2],@x[$b2],12)", + "&vprold (@x[$b3],@x[$b3],12)", + + "&vpaddd (@x[$a0],@x[$a0],@x[$b0])", + "&vpaddd (@x[$a1],@x[$a1],@x[$b1])", + "&vpaddd (@x[$a2],@x[$a2],@x[$b2])", + "&vpaddd (@x[$a3],@x[$a3],@x[$b3])", + "&vpxord (@x[$d0],@x[$d0],@x[$a0])", + "&vpxord (@x[$d1],@x[$d1],@x[$a1])", + "&vpxord (@x[$d2],@x[$d2],@x[$a2])", + "&vpxord (@x[$d3],@x[$d3],@x[$a3])", + "&vprold (@x[$d0],@x[$d0],8)", + "&vprold (@x[$d1],@x[$d1],8)", + "&vprold (@x[$d2],@x[$d2],8)", + "&vprold (@x[$d3],@x[$d3],8)", + + "&vpaddd (@x[$c0],@x[$c0],@x[$d0])", + "&vpaddd (@x[$c1],@x[$c1],@x[$d1])", + "&vpaddd (@x[$c2],@x[$c2],@x[$d2])", + "&vpaddd (@x[$c3],@x[$c3],@x[$d3])", + "&vpxord (@x[$b0],@x[$b0],@x[$c0])", + "&vpxord (@x[$b1],@x[$b1],@x[$c1])", + "&vpxord (@x[$b2],@x[$b2],@x[$c2])", + "&vpxord (@x[$b3],@x[$b3],@x[$c3])", + "&vprold (@x[$b0],@x[$b0],7)", + "&vprold (@x[$b1],@x[$b1],7)", + "&vprold (@x[$b2],@x[$b2],7)", + "&vprold (@x[$b3],@x[$b3],7)" + ); +} + +my $xframe = $win64 ? 0xa8 : 8; + +$code.=<<___; +.type ChaCha20_16x,\@function,5 +.align 32 +ChaCha20_16x: +.cfi_startproc +.LChaCha20_16x: + mov %rsp,%r9 # frame register +.cfi_def_cfa_register %r9 + sub \$64+$xframe,%rsp + and \$-64,%rsp +___ +$code.=<<___ if ($win64); + movaps %xmm6,-0xa8(%r9) + movaps %xmm7,-0x98(%r9) + movaps %xmm8,-0x88(%r9) + movaps %xmm9,-0x78(%r9) + movaps %xmm10,-0x68(%r9) + movaps %xmm11,-0x58(%r9) + movaps %xmm12,-0x48(%r9) + movaps %xmm13,-0x38(%r9) + movaps %xmm14,-0x28(%r9) + movaps %xmm15,-0x18(%r9) +.L16x_body: +___ +$code.=<<___; + vzeroupper + + lea .Lsigma(%rip),%r10 + vbroadcasti32x4 (%r10),$xa3 # key[0] + vbroadcasti32x4 ($key),$xb3 # key[1] + vbroadcasti32x4 16($key),$xc3 # key[2] + vbroadcasti32x4 ($counter),$xd3 # key[3] + + vpshufd \$0x00,$xa3,$xa0 # smash key by lanes... + vpshufd \$0x55,$xa3,$xa1 + vpshufd \$0xaa,$xa3,$xa2 + vpshufd \$0xff,$xa3,$xa3 + vmovdqa64 $xa0,@key[0] + vmovdqa64 $xa1,@key[1] + vmovdqa64 $xa2,@key[2] + vmovdqa64 $xa3,@key[3] + + vpshufd \$0x00,$xb3,$xb0 + vpshufd \$0x55,$xb3,$xb1 + vpshufd \$0xaa,$xb3,$xb2 + vpshufd \$0xff,$xb3,$xb3 + vmovdqa64 $xb0,@key[4] + vmovdqa64 $xb1,@key[5] + vmovdqa64 $xb2,@key[6] + vmovdqa64 $xb3,@key[7] + + vpshufd \$0x00,$xc3,$xc0 + vpshufd \$0x55,$xc3,$xc1 + vpshufd \$0xaa,$xc3,$xc2 + vpshufd \$0xff,$xc3,$xc3 + vmovdqa64 $xc0,@key[8] + vmovdqa64 $xc1,@key[9] + vmovdqa64 $xc2,@key[10] + vmovdqa64 $xc3,@key[11] + + vpshufd \$0x00,$xd3,$xd0 + vpshufd \$0x55,$xd3,$xd1 + vpshufd \$0xaa,$xd3,$xd2 + vpshufd \$0xff,$xd3,$xd3 + vpaddd .Lincz(%rip),$xd0,$xd0 # don't save counters yet + vmovdqa64 $xd0,@key[12] + vmovdqa64 $xd1,@key[13] + vmovdqa64 $xd2,@key[14] + vmovdqa64 $xd3,@key[15] + + mov \$10,%eax + jmp .Loop16x + +.align 32 +.Loop_outer16x: + vpbroadcastd 0(%r10),$xa0 # reload key + vpbroadcastd 4(%r10),$xa1 + vpbroadcastd 8(%r10),$xa2 + vpbroadcastd 12(%r10),$xa3 + vpaddd .Lsixteen(%rip),@key[12],@key[12] # next SIMD counters + vmovdqa64 @key[4],$xb0 + vmovdqa64 @key[5],$xb1 + vmovdqa64 @key[6],$xb2 + vmovdqa64 @key[7],$xb3 + vmovdqa64 @key[8],$xc0 + vmovdqa64 @key[9],$xc1 + vmovdqa64 @key[10],$xc2 + vmovdqa64 @key[11],$xc3 + vmovdqa64 @key[12],$xd0 + vmovdqa64 @key[13],$xd1 + vmovdqa64 @key[14],$xd2 + vmovdqa64 @key[15],$xd3 + + vmovdqa64 $xa0,@key[0] + vmovdqa64 $xa1,@key[1] + vmovdqa64 $xa2,@key[2] + vmovdqa64 $xa3,@key[3] + + mov \$10,%eax + jmp .Loop16x + +.align 32 +.Loop16x: +___ + foreach (&AVX512_lane_ROUND(0, 4, 8,12)) { eval; } + foreach (&AVX512_lane_ROUND(0, 5,10,15)) { eval; } +$code.=<<___; + dec %eax + jnz .Loop16x + + vpaddd @key[0],$xa0,$xa0 # accumulate key + vpaddd @key[1],$xa1,$xa1 + vpaddd @key[2],$xa2,$xa2 + vpaddd @key[3],$xa3,$xa3 + + vpunpckldq $xa1,$xa0,$xt2 # "de-interlace" data + vpunpckldq $xa3,$xa2,$xt3 + vpunpckhdq $xa1,$xa0,$xa0 + vpunpckhdq $xa3,$xa2,$xa2 + vpunpcklqdq $xt3,$xt2,$xa1 # "a0" + vpunpckhqdq $xt3,$xt2,$xt2 # "a1" + vpunpcklqdq $xa2,$xa0,$xa3 # "a2" + vpunpckhqdq $xa2,$xa0,$xa0 # "a3" +___ + ($xa0,$xa1,$xa2,$xa3,$xt2)=($xa1,$xt2,$xa3,$xa0,$xa2); +$code.=<<___; + vpaddd @key[4],$xb0,$xb0 + vpaddd @key[5],$xb1,$xb1 + vpaddd @key[6],$xb2,$xb2 + vpaddd @key[7],$xb3,$xb3 + + vpunpckldq $xb1,$xb0,$xt2 + vpunpckldq $xb3,$xb2,$xt3 + vpunpckhdq $xb1,$xb0,$xb0 + vpunpckhdq $xb3,$xb2,$xb2 + vpunpcklqdq $xt3,$xt2,$xb1 # "b0" + vpunpckhqdq $xt3,$xt2,$xt2 # "b1" + vpunpcklqdq $xb2,$xb0,$xb3 # "b2" + vpunpckhqdq $xb2,$xb0,$xb0 # "b3" +___ + ($xb0,$xb1,$xb2,$xb3,$xt2)=($xb1,$xt2,$xb3,$xb0,$xb2); +$code.=<<___; + vshufi32x4 \$0x44,$xb0,$xa0,$xt3 # "de-interlace" further + vshufi32x4 \$0xee,$xb0,$xa0,$xb0 + vshufi32x4 \$0x44,$xb1,$xa1,$xa0 + vshufi32x4 \$0xee,$xb1,$xa1,$xb1 + vshufi32x4 \$0x44,$xb2,$xa2,$xa1 + vshufi32x4 \$0xee,$xb2,$xa2,$xb2 + vshufi32x4 \$0x44,$xb3,$xa3,$xa2 + vshufi32x4 \$0xee,$xb3,$xa3,$xb3 +___ + ($xa0,$xa1,$xa2,$xa3,$xt3)=($xt3,$xa0,$xa1,$xa2,$xa3); +$code.=<<___; + vpaddd @key[8],$xc0,$xc0 + vpaddd @key[9],$xc1,$xc1 + vpaddd @key[10],$xc2,$xc2 + vpaddd @key[11],$xc3,$xc3 + + vpunpckldq $xc1,$xc0,$xt2 + vpunpckldq $xc3,$xc2,$xt3 + vpunpckhdq $xc1,$xc0,$xc0 + vpunpckhdq $xc3,$xc2,$xc2 + vpunpcklqdq $xt3,$xt2,$xc1 # "c0" + vpunpckhqdq $xt3,$xt2,$xt2 # "c1" + vpunpcklqdq $xc2,$xc0,$xc3 # "c2" + vpunpckhqdq $xc2,$xc0,$xc0 # "c3" +___ + ($xc0,$xc1,$xc2,$xc3,$xt2)=($xc1,$xt2,$xc3,$xc0,$xc2); +$code.=<<___; + vpaddd @key[12],$xd0,$xd0 + vpaddd @key[13],$xd1,$xd1 + vpaddd @key[14],$xd2,$xd2 + vpaddd @key[15],$xd3,$xd3 + + vpunpckldq $xd1,$xd0,$xt2 + vpunpckldq $xd3,$xd2,$xt3 + vpunpckhdq $xd1,$xd0,$xd0 + vpunpckhdq $xd3,$xd2,$xd2 + vpunpcklqdq $xt3,$xt2,$xd1 # "d0" + vpunpckhqdq $xt3,$xt2,$xt2 # "d1" + vpunpcklqdq $xd2,$xd0,$xd3 # "d2" + vpunpckhqdq $xd2,$xd0,$xd0 # "d3" +___ + ($xd0,$xd1,$xd2,$xd3,$xt2)=($xd1,$xt2,$xd3,$xd0,$xd2); +$code.=<<___; + vshufi32x4 \$0x44,$xd0,$xc0,$xt3 # "de-interlace" further + vshufi32x4 \$0xee,$xd0,$xc0,$xd0 + vshufi32x4 \$0x44,$xd1,$xc1,$xc0 + vshufi32x4 \$0xee,$xd1,$xc1,$xd1 + vshufi32x4 \$0x44,$xd2,$xc2,$xc1 + vshufi32x4 \$0xee,$xd2,$xc2,$xd2 + vshufi32x4 \$0x44,$xd3,$xc3,$xc2 + vshufi32x4 \$0xee,$xd3,$xc3,$xd3 +___ + ($xc0,$xc1,$xc2,$xc3,$xt3)=($xt3,$xc0,$xc1,$xc2,$xc3); +$code.=<<___; + vshufi32x4 \$0x88,$xc0,$xa0,$xt0 # "de-interlace" further + vshufi32x4 \$0xdd,$xc0,$xa0,$xa0 + vshufi32x4 \$0x88,$xd0,$xb0,$xc0 + vshufi32x4 \$0xdd,$xd0,$xb0,$xd0 + vshufi32x4 \$0x88,$xc1,$xa1,$xt1 + vshufi32x4 \$0xdd,$xc1,$xa1,$xa1 + vshufi32x4 \$0x88,$xd1,$xb1,$xc1 + vshufi32x4 \$0xdd,$xd1,$xb1,$xd1 + vshufi32x4 \$0x88,$xc2,$xa2,$xt2 + vshufi32x4 \$0xdd,$xc2,$xa2,$xa2 + vshufi32x4 \$0x88,$xd2,$xb2,$xc2 + vshufi32x4 \$0xdd,$xd2,$xb2,$xd2 + vshufi32x4 \$0x88,$xc3,$xa3,$xt3 + vshufi32x4 \$0xdd,$xc3,$xa3,$xa3 + vshufi32x4 \$0x88,$xd3,$xb3,$xc3 + vshufi32x4 \$0xdd,$xd3,$xb3,$xd3 +___ + ($xa0,$xa1,$xa2,$xa3,$xb0,$xb1,$xb2,$xb3)= + ($xt0,$xt1,$xt2,$xt3,$xa0,$xa1,$xa2,$xa3); + + ($xa0,$xb0,$xc0,$xd0, $xa1,$xb1,$xc1,$xd1, + $xa2,$xb2,$xc2,$xd2, $xa3,$xb3,$xc3,$xd3) = + ($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3, + $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3); +$code.=<<___; + cmp \$64*16,$len + jb .Ltail16x + + vpxord 0x00($inp),$xa0,$xa0 # xor with input + vpxord 0x40($inp),$xb0,$xb0 + vpxord 0x80($inp),$xc0,$xc0 + vpxord 0xc0($inp),$xd0,$xd0 + vmovdqu32 $xa0,0x00($out) + vmovdqu32 $xb0,0x40($out) + vmovdqu32 $xc0,0x80($out) + vmovdqu32 $xd0,0xc0($out) + + vpxord 0x100($inp),$xa1,$xa1 + vpxord 0x140($inp),$xb1,$xb1 + vpxord 0x180($inp),$xc1,$xc1 + vpxord 0x1c0($inp),$xd1,$xd1 + vmovdqu32 $xa1,0x100($out) + vmovdqu32 $xb1,0x140($out) + vmovdqu32 $xc1,0x180($out) + vmovdqu32 $xd1,0x1c0($out) + + vpxord 0x200($inp),$xa2,$xa2 + vpxord 0x240($inp),$xb2,$xb2 + vpxord 0x280($inp),$xc2,$xc2 + vpxord 0x2c0($inp),$xd2,$xd2 + vmovdqu32 $xa2,0x200($out) + vmovdqu32 $xb2,0x240($out) + vmovdqu32 $xc2,0x280($out) + vmovdqu32 $xd2,0x2c0($out) + + vpxord 0x300($inp),$xa3,$xa3 + vpxord 0x340($inp),$xb3,$xb3 + vpxord 0x380($inp),$xc3,$xc3 + vpxord 0x3c0($inp),$xd3,$xd3 + lea 0x400($inp),$inp + vmovdqu32 $xa3,0x300($out) + vmovdqu32 $xb3,0x340($out) + vmovdqu32 $xc3,0x380($out) + vmovdqu32 $xd3,0x3c0($out) + lea 0x400($out),$out + + sub \$64*16,$len + jnz .Loop_outer16x + + jmp .Ldone16x + +.align 32 +.Ltail16x: + xor %r10,%r10 + sub $inp,$out + cmp \$64*1,$len + jb .Less_than_64_16x + vpxord ($inp),$xa0,$xa0 # xor with input + vmovdqu32 $xa0,($out,$inp) + je .Ldone16x + vmovdqa32 $xb0,$xa0 + lea 64($inp),$inp + + cmp \$64*2,$len + jb .Less_than_64_16x + vpxord ($inp),$xb0,$xb0 + vmovdqu32 $xb0,($out,$inp) + je .Ldone16x + vmovdqa32 $xc0,$xa0 + lea 64($inp),$inp + + cmp \$64*3,$len + jb .Less_than_64_16x + vpxord ($inp),$xc0,$xc0 + vmovdqu32 $xc0,($out,$inp) + je .Ldone16x + vmovdqa32 $xd0,$xa0 + lea 64($inp),$inp + + cmp \$64*4,$len + jb .Less_than_64_16x + vpxord ($inp),$xd0,$xd0 + vmovdqu32 $xd0,($out,$inp) + je .Ldone16x + vmovdqa32 $xa1,$xa0 + lea 64($inp),$inp + + cmp \$64*5,$len + jb .Less_than_64_16x + vpxord ($inp),$xa1,$xa1 + vmovdqu32 $xa1,($out,$inp) + je .Ldone16x + vmovdqa32 $xb1,$xa0 + lea 64($inp),$inp + + cmp \$64*6,$len + jb .Less_than_64_16x + vpxord ($inp),$xb1,$xb1 + vmovdqu32 $xb1,($out,$inp) + je .Ldone16x + vmovdqa32 $xc1,$xa0 + lea 64($inp),$inp + + cmp \$64*7,$len + jb .Less_than_64_16x + vpxord ($inp),$xc1,$xc1 + vmovdqu32 $xc1,($out,$inp) + je .Ldone16x + vmovdqa32 $xd1,$xa0 + lea 64($inp),$inp + + cmp \$64*8,$len + jb .Less_than_64_16x + vpxord ($inp),$xd1,$xd1 + vmovdqu32 $xd1,($out,$inp) + je .Ldone16x + vmovdqa32 $xa2,$xa0 + lea 64($inp),$inp + + cmp \$64*9,$len + jb .Less_than_64_16x + vpxord ($inp),$xa2,$xa2 + vmovdqu32 $xa2,($out,$inp) + je .Ldone16x + vmovdqa32 $xb2,$xa0 + lea 64($inp),$inp + + cmp \$64*10,$len + jb .Less_than_64_16x + vpxord ($inp),$xb2,$xb2 + vmovdqu32 $xb2,($out,$inp) + je .Ldone16x + vmovdqa32 $xc2,$xa0 + lea 64($inp),$inp + + cmp \$64*11,$len + jb .Less_than_64_16x + vpxord ($inp),$xc2,$xc2 + vmovdqu32 $xc2,($out,$inp) + je .Ldone16x + vmovdqa32 $xd2,$xa0 + lea 64($inp),$inp + + cmp \$64*12,$len + jb .Less_than_64_16x + vpxord ($inp),$xd2,$xd2 + vmovdqu32 $xd2,($out,$inp) + je .Ldone16x + vmovdqa32 $xa3,$xa0 + lea 64($inp),$inp + + cmp \$64*13,$len + jb .Less_than_64_16x + vpxord ($inp),$xa3,$xa3 + vmovdqu32 $xa3,($out,$inp) + je .Ldone16x + vmovdqa32 $xb3,$xa0 + lea 64($inp),$inp + + cmp \$64*14,$len + jb .Less_than_64_16x + vpxord ($inp),$xb3,$xb3 + vmovdqu32 $xb3,($out,$inp) + je .Ldone16x + vmovdqa32 $xc3,$xa0 + lea 64($inp),$inp + + cmp \$64*15,$len + jb .Less_than_64_16x + vpxord ($inp),$xc3,$xc3 + vmovdqu32 $xc3,($out,$inp) + je .Ldone16x + vmovdqa32 $xd3,$xa0 + lea 64($inp),$inp + +.Less_than_64_16x: + vmovdqa32 $xa0,0x00(%rsp) + lea ($out,$inp),$out + and \$63,$len + +.Loop_tail16x: + movzb ($inp,%r10),%eax + movzb (%rsp,%r10),%ecx + lea 1(%r10),%r10 + xor %ecx,%eax + mov %al,-1($out,%r10) + dec $len + jnz .Loop_tail16x + + vpxord $xa0,$xa0,$xa0 + vmovdqa32 $xa0,0(%rsp) + +.Ldone16x: + vzeroall +___ +$code.=<<___ if ($win64); + movaps -0xa8(%r9),%xmm6 + movaps -0x98(%r9),%xmm7 + movaps -0x88(%r9),%xmm8 + movaps -0x78(%r9),%xmm9 + movaps -0x68(%r9),%xmm10 + movaps -0x58(%r9),%xmm11 + movaps -0x48(%r9),%xmm12 + movaps -0x38(%r9),%xmm13 + movaps -0x28(%r9),%xmm14 + movaps -0x18(%r9),%xmm15 +___ +$code.=<<___; + lea (%r9),%rsp +.cfi_def_cfa_register %rsp +.L16x_epilogue: + ret +.cfi_endproc +.size ChaCha20_16x,.-ChaCha20_16x +___ + +# switch to %ymm domain +($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3, + $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3)=map("%ymm$_",(0..15)); +@xx=($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3, + $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3); +@key=map("%ymm$_",(16..31)); +($xt0,$xt1,$xt2,$xt3)=@key[0..3]; + +$code.=<<___; +.type ChaCha20_8xvl,\@function,5 +.align 32 +ChaCha20_8xvl: +.cfi_startproc +.LChaCha20_8xvl: + mov %rsp,%r9 # frame register +.cfi_def_cfa_register %r9 + sub \$64+$xframe,%rsp + and \$-64,%rsp +___ +$code.=<<___ if ($win64); + movaps %xmm6,-0xa8(%r9) + movaps %xmm7,-0x98(%r9) + movaps %xmm8,-0x88(%r9) + movaps %xmm9,-0x78(%r9) + movaps %xmm10,-0x68(%r9) + movaps %xmm11,-0x58(%r9) + movaps %xmm12,-0x48(%r9) + movaps %xmm13,-0x38(%r9) + movaps %xmm14,-0x28(%r9) + movaps %xmm15,-0x18(%r9) +.L8xvl_body: +___ +$code.=<<___; + vzeroupper + + lea .Lsigma(%rip),%r10 + vbroadcasti128 (%r10),$xa3 # key[0] + vbroadcasti128 ($key),$xb3 # key[1] + vbroadcasti128 16($key),$xc3 # key[2] + vbroadcasti128 ($counter),$xd3 # key[3] + + vpshufd \$0x00,$xa3,$xa0 # smash key by lanes... + vpshufd \$0x55,$xa3,$xa1 + vpshufd \$0xaa,$xa3,$xa2 + vpshufd \$0xff,$xa3,$xa3 + vmovdqa64 $xa0,@key[0] + vmovdqa64 $xa1,@key[1] + vmovdqa64 $xa2,@key[2] + vmovdqa64 $xa3,@key[3] + + vpshufd \$0x00,$xb3,$xb0 + vpshufd \$0x55,$xb3,$xb1 + vpshufd \$0xaa,$xb3,$xb2 + vpshufd \$0xff,$xb3,$xb3 + vmovdqa64 $xb0,@key[4] + vmovdqa64 $xb1,@key[5] + vmovdqa64 $xb2,@key[6] + vmovdqa64 $xb3,@key[7] + + vpshufd \$0x00,$xc3,$xc0 + vpshufd \$0x55,$xc3,$xc1 + vpshufd \$0xaa,$xc3,$xc2 + vpshufd \$0xff,$xc3,$xc3 + vmovdqa64 $xc0,@key[8] + vmovdqa64 $xc1,@key[9] + vmovdqa64 $xc2,@key[10] + vmovdqa64 $xc3,@key[11] + + vpshufd \$0x00,$xd3,$xd0 + vpshufd \$0x55,$xd3,$xd1 + vpshufd \$0xaa,$xd3,$xd2 + vpshufd \$0xff,$xd3,$xd3 + vpaddd .Lincy(%rip),$xd0,$xd0 # don't save counters yet + vmovdqa64 $xd0,@key[12] + vmovdqa64 $xd1,@key[13] + vmovdqa64 $xd2,@key[14] + vmovdqa64 $xd3,@key[15] + + mov \$10,%eax + jmp .Loop8xvl + +.align 32 +.Loop_outer8xvl: + #vpbroadcastd 0(%r10),$xa0 # reload key + #vpbroadcastd 4(%r10),$xa1 + vpbroadcastd 8(%r10),$xa2 + vpbroadcastd 12(%r10),$xa3 + vpaddd .Leight(%rip),@key[12],@key[12] # next SIMD counters + vmovdqa64 @key[4],$xb0 + vmovdqa64 @key[5],$xb1 + vmovdqa64 @key[6],$xb2 + vmovdqa64 @key[7],$xb3 + vmovdqa64 @key[8],$xc0 + vmovdqa64 @key[9],$xc1 + vmovdqa64 @key[10],$xc2 + vmovdqa64 @key[11],$xc3 + vmovdqa64 @key[12],$xd0 + vmovdqa64 @key[13],$xd1 + vmovdqa64 @key[14],$xd2 + vmovdqa64 @key[15],$xd3 + + vmovdqa64 $xa0,@key[0] + vmovdqa64 $xa1,@key[1] + vmovdqa64 $xa2,@key[2] + vmovdqa64 $xa3,@key[3] + + mov \$10,%eax + jmp .Loop8xvl + +.align 32 +.Loop8xvl: +___ + foreach (&AVX512_lane_ROUND(0, 4, 8,12)) { eval; } + foreach (&AVX512_lane_ROUND(0, 5,10,15)) { eval; } +$code.=<<___; + dec %eax + jnz .Loop8xvl + + vpaddd @key[0],$xa0,$xa0 # accumulate key + vpaddd @key[1],$xa1,$xa1 + vpaddd @key[2],$xa2,$xa2 + vpaddd @key[3],$xa3,$xa3 + + vpunpckldq $xa1,$xa0,$xt2 # "de-interlace" data + vpunpckldq $xa3,$xa2,$xt3 + vpunpckhdq $xa1,$xa0,$xa0 + vpunpckhdq $xa3,$xa2,$xa2 + vpunpcklqdq $xt3,$xt2,$xa1 # "a0" + vpunpckhqdq $xt3,$xt2,$xt2 # "a1" + vpunpcklqdq $xa2,$xa0,$xa3 # "a2" + vpunpckhqdq $xa2,$xa0,$xa0 # "a3" +___ + ($xa0,$xa1,$xa2,$xa3,$xt2)=($xa1,$xt2,$xa3,$xa0,$xa2); +$code.=<<___; + vpaddd @key[4],$xb0,$xb0 + vpaddd @key[5],$xb1,$xb1 + vpaddd @key[6],$xb2,$xb2 + vpaddd @key[7],$xb3,$xb3 + + vpunpckldq $xb1,$xb0,$xt2 + vpunpckldq $xb3,$xb2,$xt3 + vpunpckhdq $xb1,$xb0,$xb0 + vpunpckhdq $xb3,$xb2,$xb2 + vpunpcklqdq $xt3,$xt2,$xb1 # "b0" + vpunpckhqdq $xt3,$xt2,$xt2 # "b1" + vpunpcklqdq $xb2,$xb0,$xb3 # "b2" + vpunpckhqdq $xb2,$xb0,$xb0 # "b3" +___ + ($xb0,$xb1,$xb2,$xb3,$xt2)=($xb1,$xt2,$xb3,$xb0,$xb2); +$code.=<<___; + vshufi32x4 \$0,$xb0,$xa0,$xt3 # "de-interlace" further + vshufi32x4 \$3,$xb0,$xa0,$xb0 + vshufi32x4 \$0,$xb1,$xa1,$xa0 + vshufi32x4 \$3,$xb1,$xa1,$xb1 + vshufi32x4 \$0,$xb2,$xa2,$xa1 + vshufi32x4 \$3,$xb2,$xa2,$xb2 + vshufi32x4 \$0,$xb3,$xa3,$xa2 + vshufi32x4 \$3,$xb3,$xa3,$xb3 +___ + ($xa0,$xa1,$xa2,$xa3,$xt3)=($xt3,$xa0,$xa1,$xa2,$xa3); +$code.=<<___; + vpaddd @key[8],$xc0,$xc0 + vpaddd @key[9],$xc1,$xc1 + vpaddd @key[10],$xc2,$xc2 + vpaddd @key[11],$xc3,$xc3 + + vpunpckldq $xc1,$xc0,$xt2 + vpunpckldq $xc3,$xc2,$xt3 + vpunpckhdq $xc1,$xc0,$xc0 + vpunpckhdq $xc3,$xc2,$xc2 + vpunpcklqdq $xt3,$xt2,$xc1 # "c0" + vpunpckhqdq $xt3,$xt2,$xt2 # "c1" + vpunpcklqdq $xc2,$xc0,$xc3 # "c2" + vpunpckhqdq $xc2,$xc0,$xc0 # "c3" +___ + ($xc0,$xc1,$xc2,$xc3,$xt2)=($xc1,$xt2,$xc3,$xc0,$xc2); +$code.=<<___; + vpaddd @key[12],$xd0,$xd0 + vpaddd @key[13],$xd1,$xd1 + vpaddd @key[14],$xd2,$xd2 + vpaddd @key[15],$xd3,$xd3 + + vpunpckldq $xd1,$xd0,$xt2 + vpunpckldq $xd3,$xd2,$xt3 + vpunpckhdq $xd1,$xd0,$xd0 + vpunpckhdq $xd3,$xd2,$xd2 + vpunpcklqdq $xt3,$xt2,$xd1 # "d0" + vpunpckhqdq $xt3,$xt2,$xt2 # "d1" + vpunpcklqdq $xd2,$xd0,$xd3 # "d2" + vpunpckhqdq $xd2,$xd0,$xd0 # "d3" +___ + ($xd0,$xd1,$xd2,$xd3,$xt2)=($xd1,$xt2,$xd3,$xd0,$xd2); +$code.=<<___; + vperm2i128 \$0x20,$xd0,$xc0,$xt3 # "de-interlace" further + vperm2i128 \$0x31,$xd0,$xc0,$xd0 + vperm2i128 \$0x20,$xd1,$xc1,$xc0 + vperm2i128 \$0x31,$xd1,$xc1,$xd1 + vperm2i128 \$0x20,$xd2,$xc2,$xc1 + vperm2i128 \$0x31,$xd2,$xc2,$xd2 + vperm2i128 \$0x20,$xd3,$xc3,$xc2 + vperm2i128 \$0x31,$xd3,$xc3,$xd3 +___ + ($xc0,$xc1,$xc2,$xc3,$xt3)=($xt3,$xc0,$xc1,$xc2,$xc3); + ($xb0,$xb1,$xb2,$xb3,$xc0,$xc1,$xc2,$xc3)= + ($xc0,$xc1,$xc2,$xc3,$xb0,$xb1,$xb2,$xb3); +$code.=<<___; + cmp \$64*8,$len + jb .Ltail8xvl + + mov \$0x80,%eax # size optimization + vpxord 0x00($inp),$xa0,$xa0 # xor with input + vpxor 0x20($inp),$xb0,$xb0 + vpxor 0x40($inp),$xc0,$xc0 + vpxor 0x60($inp),$xd0,$xd0 + lea ($inp,%rax),$inp # size optimization + vmovdqu32 $xa0,0x00($out) + vmovdqu $xb0,0x20($out) + vmovdqu $xc0,0x40($out) + vmovdqu $xd0,0x60($out) + lea ($out,%rax),$out # size optimization + + vpxor 0x00($inp),$xa1,$xa1 + vpxor 0x20($inp),$xb1,$xb1 + vpxor 0x40($inp),$xc1,$xc1 + vpxor 0x60($inp),$xd1,$xd1 + lea ($inp,%rax),$inp # size optimization + vmovdqu $xa1,0x00($out) + vmovdqu $xb1,0x20($out) + vmovdqu $xc1,0x40($out) + vmovdqu $xd1,0x60($out) + lea ($out,%rax),$out # size optimization + + vpxord 0x00($inp),$xa2,$xa2 + vpxor 0x20($inp),$xb2,$xb2 + vpxor 0x40($inp),$xc2,$xc2 + vpxor 0x60($inp),$xd2,$xd2 + lea ($inp,%rax),$inp # size optimization + vmovdqu32 $xa2,0x00($out) + vmovdqu $xb2,0x20($out) + vmovdqu $xc2,0x40($out) + vmovdqu $xd2,0x60($out) + lea ($out,%rax),$out # size optimization + + vpxor 0x00($inp),$xa3,$xa3 + vpxor 0x20($inp),$xb3,$xb3 + vpxor 0x40($inp),$xc3,$xc3 + vpxor 0x60($inp),$xd3,$xd3 + lea ($inp,%rax),$inp # size optimization + vmovdqu $xa3,0x00($out) + vmovdqu $xb3,0x20($out) + vmovdqu $xc3,0x40($out) + vmovdqu $xd3,0x60($out) + lea ($out,%rax),$out # size optimization + + vpbroadcastd 0(%r10),%ymm0 # reload key + vpbroadcastd 4(%r10),%ymm1 + + sub \$64*8,$len + jnz .Loop_outer8xvl + + jmp .Ldone8xvl + +.align 32 +.Ltail8xvl: + vmovdqa64 $xa0,%ymm8 # size optimization +___ +$xa0 = "%ymm8"; +$code.=<<___; + xor %r10,%r10 + sub $inp,$out + cmp \$64*1,$len + jb .Less_than_64_8xvl + vpxor 0x00($inp),$xa0,$xa0 # xor with input + vpxor 0x20($inp),$xb0,$xb0 + vmovdqu $xa0,0x00($out,$inp) + vmovdqu $xb0,0x20($out,$inp) + je .Ldone8xvl + vmovdqa $xc0,$xa0 + vmovdqa $xd0,$xb0 + lea 64($inp),$inp + + cmp \$64*2,$len + jb .Less_than_64_8xvl + vpxor 0x00($inp),$xc0,$xc0 + vpxor 0x20($inp),$xd0,$xd0 + vmovdqu $xc0,0x00($out,$inp) + vmovdqu $xd0,0x20($out,$inp) + je .Ldone8xvl + vmovdqa $xa1,$xa0 + vmovdqa $xb1,$xb0 + lea 64($inp),$inp + + cmp \$64*3,$len + jb .Less_than_64_8xvl + vpxor 0x00($inp),$xa1,$xa1 + vpxor 0x20($inp),$xb1,$xb1 + vmovdqu $xa1,0x00($out,$inp) + vmovdqu $xb1,0x20($out,$inp) + je .Ldone8xvl + vmovdqa $xc1,$xa0 + vmovdqa $xd1,$xb0 + lea 64($inp),$inp + + cmp \$64*4,$len + jb .Less_than_64_8xvl + vpxor 0x00($inp),$xc1,$xc1 + vpxor 0x20($inp),$xd1,$xd1 + vmovdqu $xc1,0x00($out,$inp) + vmovdqu $xd1,0x20($out,$inp) + je .Ldone8xvl + vmovdqa32 $xa2,$xa0 + vmovdqa $xb2,$xb0 + lea 64($inp),$inp + + cmp \$64*5,$len + jb .Less_than_64_8xvl + vpxord 0x00($inp),$xa2,$xa2 + vpxor 0x20($inp),$xb2,$xb2 + vmovdqu32 $xa2,0x00($out,$inp) + vmovdqu $xb2,0x20($out,$inp) + je .Ldone8xvl + vmovdqa $xc2,$xa0 + vmovdqa $xd2,$xb0 + lea 64($inp),$inp + + cmp \$64*6,$len + jb .Less_than_64_8xvl + vpxor 0x00($inp),$xc2,$xc2 + vpxor 0x20($inp),$xd2,$xd2 + vmovdqu $xc2,0x00($out,$inp) + vmovdqu $xd2,0x20($out,$inp) + je .Ldone8xvl + vmovdqa $xa3,$xa0 + vmovdqa $xb3,$xb0 + lea 64($inp),$inp + + cmp \$64*7,$len + jb .Less_than_64_8xvl + vpxor 0x00($inp),$xa3,$xa3 + vpxor 0x20($inp),$xb3,$xb3 + vmovdqu $xa3,0x00($out,$inp) + vmovdqu $xb3,0x20($out,$inp) + je .Ldone8xvl + vmovdqa $xc3,$xa0 + vmovdqa $xd3,$xb0 + lea 64($inp),$inp + +.Less_than_64_8xvl: + vmovdqa $xa0,0x00(%rsp) + vmovdqa $xb0,0x20(%rsp) + lea ($out,$inp),$out + and \$63,$len + +.Loop_tail8xvl: + movzb ($inp,%r10),%eax + movzb (%rsp,%r10),%ecx + lea 1(%r10),%r10 + xor %ecx,%eax + mov %al,-1($out,%r10) + dec $len + jnz .Loop_tail8xvl + + vpxor $xa0,$xa0,$xa0 + vmovdqa $xa0,0x00(%rsp) + vmovdqa $xa0,0x20(%rsp) + +.Ldone8xvl: + vzeroall +___ +$code.=<<___ if ($win64); + movaps -0xa8(%r9),%xmm6 + movaps -0x98(%r9),%xmm7 + movaps -0x88(%r9),%xmm8 + movaps -0x78(%r9),%xmm9 + movaps -0x68(%r9),%xmm10 + movaps -0x58(%r9),%xmm11 + movaps -0x48(%r9),%xmm12 + movaps -0x38(%r9),%xmm13 + movaps -0x28(%r9),%xmm14 + movaps -0x18(%r9),%xmm15 +___ +$code.=<<___; + lea (%r9),%rsp +.cfi_def_cfa_register %rsp +.L8xvl_epilogue: + ret +.cfi_endproc +.size ChaCha20_8xvl,.-ChaCha20_8xvl +___ +} + +# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, +# CONTEXT *context,DISPATCHER_CONTEXT *disp) +if ($win64) { +$rec="%rcx"; +$frame="%rdx"; +$context="%r8"; +$disp="%r9"; + +$code.=<<___; +.extern __imp_RtlVirtualUnwind +.type se_handler,\@abi-omnipotent +.align 16 +se_handler: + push %rsi + push %rdi + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + pushfq + sub \$64,%rsp + + mov 120($context),%rax # pull context->Rax + mov 248($context),%rbx # pull context->Rip + + mov 8($disp),%rsi # disp->ImageBase + mov 56($disp),%r11 # disp->HandlerData + + lea .Lctr32_body(%rip),%r10 + cmp %r10,%rbx # context->Rip<.Lprologue + jb .Lcommon_seh_tail + + mov 152($context),%rax # pull context->Rsp + + lea .Lno_data(%rip),%r10 # epilogue label + cmp %r10,%rbx # context->Rip>=.Lepilogue + jae .Lcommon_seh_tail + + lea 64+24+48(%rax),%rax + + mov -8(%rax),%rbx + mov -16(%rax),%rbp + mov -24(%rax),%r12 + mov -32(%rax),%r13 + mov -40(%rax),%r14 + mov -48(%rax),%r15 + mov %rbx,144($context) # restore context->Rbx + mov %rbp,160($context) # restore context->Rbp + mov %r12,216($context) # restore context->R12 + mov %r13,224($context) # restore context->R13 + mov %r14,232($context) # restore context->R14 + mov %r15,240($context) # restore context->R14 + +.Lcommon_seh_tail: + mov 8(%rax),%rdi + mov 16(%rax),%rsi + mov %rax,152($context) # restore context->Rsp + mov %rsi,168($context) # restore context->Rsi + mov %rdi,176($context) # restore context->Rdi + + mov 40($disp),%rdi # disp->ContextRecord + mov $context,%rsi # context + mov \$154,%ecx # sizeof(CONTEXT) + .long 0xa548f3fc # cld; rep movsq + + mov $disp,%rsi + xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER + mov 8(%rsi),%rdx # arg2, disp->ImageBase + mov 0(%rsi),%r8 # arg3, disp->ControlPc + mov 16(%rsi),%r9 # arg4, disp->FunctionEntry + mov 40(%rsi),%r10 # disp->ContextRecord + lea 56(%rsi),%r11 # &disp->HandlerData + lea 24(%rsi),%r12 # &disp->EstablisherFrame + mov %r10,32(%rsp) # arg5 + mov %r11,40(%rsp) # arg6 + mov %r12,48(%rsp) # arg7 + mov %rcx,56(%rsp) # arg8, (NULL) + call *__imp_RtlVirtualUnwind(%rip) + + mov \$1,%eax # ExceptionContinueSearch + add \$64,%rsp + popfq + pop %r15 + pop %r14 + pop %r13 + pop %r12 + pop %rbp + pop %rbx + pop %rdi + pop %rsi + ret +.size se_handler,.-se_handler + +.type simd_handler,\@abi-omnipotent +.align 16 +simd_handler: + push %rsi + push %rdi + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + pushfq + sub \$64,%rsp + + mov 120($context),%rax # pull context->Rax + mov 248($context),%rbx # pull context->Rip + + mov 8($disp),%rsi # disp->ImageBase + mov 56($disp),%r11 # disp->HandlerData + + mov 0(%r11),%r10d # HandlerData[0] + lea (%rsi,%r10),%r10 # prologue label + cmp %r10,%rbx # context->RipR9 + + mov 4(%r11),%r10d # HandlerData[1] + mov 8(%r11),%ecx # HandlerData[2] + lea (%rsi,%r10),%r10 # epilogue label + cmp %r10,%rbx # context->Rip>=epilogue label + jae .Lcommon_seh_tail + + neg %rcx + lea -8(%rax,%rcx),%rsi + lea 512($context),%rdi # &context.Xmm6 + neg %ecx + shr \$3,%ecx + .long 0xa548f3fc # cld; rep movsq + + jmp .Lcommon_seh_tail +.size simd_handler,.-simd_handler + +.section .pdata +.align 4 + .rva .LSEH_begin_ChaCha20_ctr32 + .rva .LSEH_end_ChaCha20_ctr32 + .rva .LSEH_info_ChaCha20_ctr32 + + .rva .LSEH_begin_ChaCha20_ssse3 + .rva .LSEH_end_ChaCha20_ssse3 + .rva .LSEH_info_ChaCha20_ssse3 + + .rva .LSEH_begin_ChaCha20_128 + .rva .LSEH_end_ChaCha20_128 + .rva .LSEH_info_ChaCha20_128 + + .rva .LSEH_begin_ChaCha20_4x + .rva .LSEH_end_ChaCha20_4x + .rva .LSEH_info_ChaCha20_4x +___ +$code.=<<___ if ($avx); + .rva .LSEH_begin_ChaCha20_4xop + .rva .LSEH_end_ChaCha20_4xop + .rva .LSEH_info_ChaCha20_4xop +___ +$code.=<<___ if ($avx>1); + .rva .LSEH_begin_ChaCha20_8x + .rva .LSEH_end_ChaCha20_8x + .rva .LSEH_info_ChaCha20_8x +___ +$code.=<<___ if ($avx>2); + .rva .LSEH_begin_ChaCha20_avx512 + .rva .LSEH_end_ChaCha20_avx512 + .rva .LSEH_info_ChaCha20_avx512 + + .rva .LSEH_begin_ChaCha20_avx512vl + .rva .LSEH_end_ChaCha20_avx512vl + .rva .LSEH_info_ChaCha20_avx512vl + + .rva .LSEH_begin_ChaCha20_16x + .rva .LSEH_end_ChaCha20_16x + .rva .LSEH_info_ChaCha20_16x + + .rva .LSEH_begin_ChaCha20_8xvl + .rva .LSEH_end_ChaCha20_8xvl + .rva .LSEH_info_ChaCha20_8xvl +___ +$code.=<<___; +.section .xdata +.align 8 +.LSEH_info_ChaCha20_ctr32: + .byte 9,0,0,0 + .rva se_handler + +.LSEH_info_ChaCha20_ssse3: + .byte 9,0,0,0 + .rva simd_handler + .rva .Lssse3_body,.Lssse3_epilogue + .long 0x20,0 + +.LSEH_info_ChaCha20_128: + .byte 9,0,0,0 + .rva simd_handler + .rva .L128_body,.L128_epilogue + .long 0x60,0 + +.LSEH_info_ChaCha20_4x: + .byte 9,0,0,0 + .rva simd_handler + .rva .L4x_body,.L4x_epilogue + .long 0xa0,0 +___ +$code.=<<___ if ($avx); +.LSEH_info_ChaCha20_4xop: + .byte 9,0,0,0 + .rva simd_handler + .rva .L4xop_body,.L4xop_epilogue # HandlerData[] + .long 0xa0,0 +___ +$code.=<<___ if ($avx>1); +.LSEH_info_ChaCha20_8x: + .byte 9,0,0,0 + .rva simd_handler + .rva .L8x_body,.L8x_epilogue # HandlerData[] + .long 0xa0,0 +___ +$code.=<<___ if ($avx>2); +.LSEH_info_ChaCha20_avx512: + .byte 9,0,0,0 + .rva simd_handler + .rva .Lavx512_body,.Lavx512_epilogue # HandlerData[] + .long 0x20,0 + +.LSEH_info_ChaCha20_avx512vl: + .byte 9,0,0,0 + .rva simd_handler + .rva .Lavx512vl_body,.Lavx512vl_epilogue # HandlerData[] + .long 0x20,0 + +.LSEH_info_ChaCha20_16x: + .byte 9,0,0,0 + .rva simd_handler + .rva .L16x_body,.L16x_epilogue # HandlerData[] + .long 0xa0,0 + +.LSEH_info_ChaCha20_8xvl: + .byte 9,0,0,0 + .rva simd_handler + .rva .L8xvl_body,.L8xvl_epilogue # HandlerData[] + .long 0xa0,0 +___ +} + foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval $1/geo; + s/\`([^\`]*)\`/eval $1/ge; - s/%x#%y/%x/go; + s/%x#%[yz]/%x/g; # "down-shift" print $_,"\n"; } diff --git a/deps/openssl/openssl/crypto/chacha/build.info b/deps/openssl/openssl/crypto/chacha/build.info index ed1e01ae30f0db..02f8e518aeca90 100644 --- a/deps/openssl/openssl/crypto/chacha/build.info +++ b/deps/openssl/openssl/crypto/chacha/build.info @@ -1,15 +1,14 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]={- $target{chacha_asm_src} -} -GENERATE[chacha-x86.s]=asm/chacha-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR) +GENERATE[chacha-x86.s]=asm/chacha-x86.pl \ + $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR) GENERATE[chacha-x86_64.s]=asm/chacha-x86_64.pl $(PERLASM_SCHEME) GENERATE[chacha-ppc.s]=asm/chacha-ppc.pl $(PERLASM_SCHEME) GENERATE[chacha-armv4.S]=asm/chacha-armv4.pl $(PERLASM_SCHEME) INCLUDE[chacha-armv4.o]=.. GENERATE[chacha-armv8.S]=asm/chacha-armv8.pl $(PERLASM_SCHEME) INCLUDE[chacha-armv8.o]=.. -GENERATE[chacha-s390x.S]=asm/chacha-s390x.pl $(PERLASM_SCHEME) -INCLUDE[chacha-s390x.o]=.. BEGINRAW[Makefile(unix)] ##### CHACHA assembler implementations diff --git a/deps/openssl/openssl/crypto/cmac/cmac.c b/deps/openssl/openssl/crypto/cmac/cmac.c index 46e3cb7912a61e..6989c32d06609c 100644 --- a/deps/openssl/openssl/crypto/cmac/cmac.c +++ b/deps/openssl/openssl/crypto/cmac/cmac.c @@ -1,5 +1,5 @@ /* - * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,6 +12,7 @@ #include #include "internal/cryptlib.h" #include +#include struct CMAC_CTX_st { /* Cipher context to use */ @@ -46,9 +47,10 @@ CMAC_CTX *CMAC_CTX_new(void) { CMAC_CTX *ctx; - ctx = OPENSSL_malloc(sizeof(*ctx)); - if (ctx == NULL) + if ((ctx = OPENSSL_malloc(sizeof(*ctx))) == NULL) { + CRYPTOerr(CRYPTO_F_CMAC_CTX_NEW, ERR_R_MALLOC_FAILURE); return NULL; + } ctx->cctx = EVP_CIPHER_CTX_new(); if (ctx->cctx == NULL) { OPENSSL_free(ctx); diff --git a/deps/openssl/openssl/crypto/cms/cms_asn1.c b/deps/openssl/openssl/crypto/cms/cms_asn1.c index 0a594f41d9eeb5..993ea6b219ab79 100644 --- a/deps/openssl/openssl/crypto/cms/cms_asn1.c +++ b/deps/openssl/openssl/crypto/cms/cms_asn1.c @@ -56,7 +56,7 @@ static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, } ASN1_SEQUENCE_cb(CMS_SignerInfo, cms_si_cb) = { - ASN1_SIMPLE(CMS_SignerInfo, version, LONG), + ASN1_EMBED(CMS_SignerInfo, version, INT32), ASN1_SIMPLE(CMS_SignerInfo, sid, CMS_SignerIdentifier), ASN1_SIMPLE(CMS_SignerInfo, digestAlgorithm, X509_ALGOR), ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, signedAttrs, X509_ATTRIBUTE, 0), @@ -76,7 +76,7 @@ ASN1_CHOICE(CMS_RevocationInfoChoice) = { } ASN1_CHOICE_END(CMS_RevocationInfoChoice) ASN1_NDEF_SEQUENCE(CMS_SignedData) = { - ASN1_SIMPLE(CMS_SignedData, version, LONG), + ASN1_EMBED(CMS_SignedData, version, INT32), ASN1_SET_OF(CMS_SignedData, digestAlgorithms, X509_ALGOR), ASN1_SIMPLE(CMS_SignedData, encapContentInfo, CMS_EncapsulatedContentInfo), ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0), @@ -96,7 +96,7 @@ ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = { } static_ASN1_NDEF_SEQUENCE_END(CMS_EncryptedContentInfo) ASN1_SEQUENCE(CMS_KeyTransRecipientInfo) = { - ASN1_SIMPLE(CMS_KeyTransRecipientInfo, version, LONG), + ASN1_EMBED(CMS_KeyTransRecipientInfo, version, INT32), ASN1_SIMPLE(CMS_KeyTransRecipientInfo, rid, CMS_SignerIdentifier), ASN1_SIMPLE(CMS_KeyTransRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR), ASN1_SIMPLE(CMS_KeyTransRecipientInfo, encryptedKey, ASN1_OCTET_STRING) @@ -162,7 +162,7 @@ static int cms_kari_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, } ASN1_SEQUENCE_cb(CMS_KeyAgreeRecipientInfo, cms_kari_cb) = { - ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, version, LONG), + ASN1_EMBED(CMS_KeyAgreeRecipientInfo, version, INT32), ASN1_EXP(CMS_KeyAgreeRecipientInfo, originator, CMS_OriginatorIdentifierOrKey, 0), ASN1_EXP_OPT(CMS_KeyAgreeRecipientInfo, ukm, ASN1_OCTET_STRING, 1), ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR), @@ -176,14 +176,14 @@ ASN1_SEQUENCE(CMS_KEKIdentifier) = { } static_ASN1_SEQUENCE_END(CMS_KEKIdentifier) ASN1_SEQUENCE(CMS_KEKRecipientInfo) = { - ASN1_SIMPLE(CMS_KEKRecipientInfo, version, LONG), + ASN1_EMBED(CMS_KEKRecipientInfo, version, INT32), ASN1_SIMPLE(CMS_KEKRecipientInfo, kekid, CMS_KEKIdentifier), ASN1_SIMPLE(CMS_KEKRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR), ASN1_SIMPLE(CMS_KEKRecipientInfo, encryptedKey, ASN1_OCTET_STRING) } ASN1_SEQUENCE_END(CMS_KEKRecipientInfo) ASN1_SEQUENCE(CMS_PasswordRecipientInfo) = { - ASN1_SIMPLE(CMS_PasswordRecipientInfo, version, LONG), + ASN1_EMBED(CMS_PasswordRecipientInfo, version, INT32), ASN1_IMP_OPT(CMS_PasswordRecipientInfo, keyDerivationAlgorithm, X509_ALGOR, 0), ASN1_SIMPLE(CMS_PasswordRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR), ASN1_SIMPLE(CMS_PasswordRecipientInfo, encryptedKey, ASN1_OCTET_STRING) @@ -225,7 +225,7 @@ ASN1_CHOICE_cb(CMS_RecipientInfo, cms_ri_cb) = { } ASN1_CHOICE_END_cb(CMS_RecipientInfo, CMS_RecipientInfo, type) ASN1_NDEF_SEQUENCE(CMS_EnvelopedData) = { - ASN1_SIMPLE(CMS_EnvelopedData, version, LONG), + ASN1_EMBED(CMS_EnvelopedData, version, INT32), ASN1_IMP_OPT(CMS_EnvelopedData, originatorInfo, CMS_OriginatorInfo, 0), ASN1_SET_OF(CMS_EnvelopedData, recipientInfos, CMS_RecipientInfo), ASN1_SIMPLE(CMS_EnvelopedData, encryptedContentInfo, CMS_EncryptedContentInfo), @@ -233,20 +233,20 @@ ASN1_NDEF_SEQUENCE(CMS_EnvelopedData) = { } ASN1_NDEF_SEQUENCE_END(CMS_EnvelopedData) ASN1_NDEF_SEQUENCE(CMS_DigestedData) = { - ASN1_SIMPLE(CMS_DigestedData, version, LONG), + ASN1_EMBED(CMS_DigestedData, version, INT32), ASN1_SIMPLE(CMS_DigestedData, digestAlgorithm, X509_ALGOR), ASN1_SIMPLE(CMS_DigestedData, encapContentInfo, CMS_EncapsulatedContentInfo), ASN1_SIMPLE(CMS_DigestedData, digest, ASN1_OCTET_STRING) } ASN1_NDEF_SEQUENCE_END(CMS_DigestedData) ASN1_NDEF_SEQUENCE(CMS_EncryptedData) = { - ASN1_SIMPLE(CMS_EncryptedData, version, LONG), + ASN1_EMBED(CMS_EncryptedData, version, INT32), ASN1_SIMPLE(CMS_EncryptedData, encryptedContentInfo, CMS_EncryptedContentInfo), ASN1_IMP_SET_OF_OPT(CMS_EncryptedData, unprotectedAttrs, X509_ATTRIBUTE, 1) } ASN1_NDEF_SEQUENCE_END(CMS_EncryptedData) ASN1_NDEF_SEQUENCE(CMS_AuthenticatedData) = { - ASN1_SIMPLE(CMS_AuthenticatedData, version, LONG), + ASN1_EMBED(CMS_AuthenticatedData, version, INT32), ASN1_IMP_OPT(CMS_AuthenticatedData, originatorInfo, CMS_OriginatorInfo, 0), ASN1_SET_OF(CMS_AuthenticatedData, recipientInfos, CMS_RecipientInfo), ASN1_SIMPLE(CMS_AuthenticatedData, macAlgorithm, X509_ALGOR), @@ -258,7 +258,7 @@ ASN1_NDEF_SEQUENCE(CMS_AuthenticatedData) = { } static_ASN1_NDEF_SEQUENCE_END(CMS_AuthenticatedData) ASN1_NDEF_SEQUENCE(CMS_CompressedData) = { - ASN1_SIMPLE(CMS_CompressedData, version, LONG), + ASN1_EMBED(CMS_CompressedData, version, INT32), ASN1_SIMPLE(CMS_CompressedData, compressionAlgorithm, X509_ALGOR), ASN1_SIMPLE(CMS_CompressedData, encapContentInfo, CMS_EncapsulatedContentInfo), } ASN1_NDEF_SEQUENCE_END(CMS_CompressedData) @@ -338,7 +338,7 @@ ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Verify) ASN1_CHOICE(CMS_ReceiptsFrom) = { - ASN1_IMP(CMS_ReceiptsFrom, d.allOrFirstTier, LONG, 0), + ASN1_IMP_EMBED(CMS_ReceiptsFrom, d.allOrFirstTier, INT32, 0), ASN1_IMP_SEQUENCE_OF(CMS_ReceiptsFrom, d.receiptList, GENERAL_NAMES, 1) } static_ASN1_CHOICE_END(CMS_ReceiptsFrom) @@ -349,7 +349,7 @@ ASN1_SEQUENCE(CMS_ReceiptRequest) = { } ASN1_SEQUENCE_END(CMS_ReceiptRequest) ASN1_SEQUENCE(CMS_Receipt) = { - ASN1_SIMPLE(CMS_Receipt, version, LONG), + ASN1_EMBED(CMS_Receipt, version, INT32), ASN1_SIMPLE(CMS_Receipt, contentType, ASN1_OBJECT), ASN1_SIMPLE(CMS_Receipt, signedContentIdentifier, ASN1_OCTET_STRING), ASN1_SIMPLE(CMS_Receipt, originatorSignatureValue, ASN1_OCTET_STRING) diff --git a/deps/openssl/openssl/crypto/cms/cms_enc.c b/deps/openssl/openssl/crypto/cms/cms_enc.c index ed913426bc917c..a1719830e8d4f0 100644 --- a/deps/openssl/openssl/crypto/cms/cms_enc.c +++ b/deps/openssl/openssl/crypto/cms/cms_enc.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -168,9 +168,10 @@ int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, { ec->cipher = cipher; if (key) { - ec->key = OPENSSL_malloc(keylen); - if (ec->key == NULL) + if ((ec->key = OPENSSL_malloc(keylen)) == NULL) { + CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT, ERR_R_MALLOC_FAILURE); return 0; + } memcpy(ec->key, key, keylen); } ec->keylen = keylen; diff --git a/deps/openssl/openssl/crypto/cms/cms_env.c b/deps/openssl/openssl/crypto/cms/cms_env.c index fe5076ec02dd7c..bb95af75e3e1dc 100644 --- a/deps/openssl/openssl/crypto/cms/cms_env.c +++ b/deps/openssl/openssl/crypto/cms/cms_env.c @@ -750,7 +750,7 @@ int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri) default: CMSerr(CMS_F_CMS_RECIPIENTINFO_DECRYPT, - CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE); + CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE); return 0; } } diff --git a/deps/openssl/openssl/crypto/cms/cms_err.c b/deps/openssl/openssl/crypto/cms/cms_err.c index c6df1b5afefe7f..4432b471ee7620 100644 --- a/deps/openssl/openssl/crypto/cms/cms_err.c +++ b/deps/openssl/openssl/crypto/cms/cms_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,238 +8,275 @@ * https://www.openssl.org/source/license.html */ -#include #include -#include +#include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -# define ERR_FUNC(func) ERR_PACK(ERR_LIB_CMS,func,0) -# define ERR_REASON(reason) ERR_PACK(ERR_LIB_CMS,0,reason) - -static ERR_STRING_DATA CMS_str_functs[] = { - {ERR_FUNC(CMS_F_CHECK_CONTENT), "check_content"}, - {ERR_FUNC(CMS_F_CMS_ADD0_CERT), "CMS_add0_cert"}, - {ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_KEY), "CMS_add0_recipient_key"}, - {ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD), +static const ERR_STRING_DATA CMS_str_functs[] = { + {ERR_PACK(ERR_LIB_CMS, CMS_F_CHECK_CONTENT, 0), "check_content"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD0_CERT, 0), "CMS_add0_cert"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD0_RECIPIENT_KEY, 0), + "CMS_add0_recipient_key"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, 0), "CMS_add0_recipient_password"}, - {ERR_FUNC(CMS_F_CMS_ADD1_RECEIPTREQUEST), "CMS_add1_ReceiptRequest"}, - {ERR_FUNC(CMS_F_CMS_ADD1_RECIPIENT_CERT), "CMS_add1_recipient_cert"}, - {ERR_FUNC(CMS_F_CMS_ADD1_SIGNER), "CMS_add1_signer"}, - {ERR_FUNC(CMS_F_CMS_ADD1_SIGNINGTIME), "cms_add1_signingTime"}, - {ERR_FUNC(CMS_F_CMS_COMPRESS), "CMS_compress"}, - {ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_CREATE), "cms_CompressedData_create"}, - {ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO), + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD1_RECEIPTREQUEST, 0), + "CMS_add1_ReceiptRequest"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD1_RECIPIENT_CERT, 0), + "CMS_add1_recipient_cert"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD1_SIGNER, 0), "CMS_add1_signer"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD1_SIGNINGTIME, 0), + "cms_add1_signingTime"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_COMPRESS, 0), "CMS_compress"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_COMPRESSEDDATA_CREATE, 0), + "cms_CompressedData_create"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_COMPRESSEDDATA_INIT_BIO, 0), "cms_CompressedData_init_bio"}, - {ERR_FUNC(CMS_F_CMS_COPY_CONTENT), "cms_copy_content"}, - {ERR_FUNC(CMS_F_CMS_COPY_MESSAGEDIGEST), "cms_copy_messageDigest"}, - {ERR_FUNC(CMS_F_CMS_DATA), "CMS_data"}, - {ERR_FUNC(CMS_F_CMS_DATAFINAL), "CMS_dataFinal"}, - {ERR_FUNC(CMS_F_CMS_DATAINIT), "CMS_dataInit"}, - {ERR_FUNC(CMS_F_CMS_DECRYPT), "CMS_decrypt"}, - {ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_KEY), "CMS_decrypt_set1_key"}, - {ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_PASSWORD), "CMS_decrypt_set1_password"}, - {ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_PKEY), "CMS_decrypt_set1_pkey"}, - {ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX), + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_COPY_CONTENT, 0), "cms_copy_content"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_COPY_MESSAGEDIGEST, 0), + "cms_copy_messageDigest"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DATA, 0), "CMS_data"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DATAFINAL, 0), "CMS_dataFinal"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DATAINIT, 0), "CMS_dataInit"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DECRYPT, 0), "CMS_decrypt"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DECRYPT_SET1_KEY, 0), + "CMS_decrypt_set1_key"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DECRYPT_SET1_PASSWORD, 0), + "CMS_decrypt_set1_password"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DECRYPT_SET1_PKEY, 0), + "CMS_decrypt_set1_pkey"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DIGESTALGORITHM_FIND_CTX, 0), "cms_DigestAlgorithm_find_ctx"}, - {ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO), + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DIGESTALGORITHM_INIT_BIO, 0), "cms_DigestAlgorithm_init_bio"}, - {ERR_FUNC(CMS_F_CMS_DIGESTEDDATA_DO_FINAL), "cms_DigestedData_do_final"}, - {ERR_FUNC(CMS_F_CMS_DIGEST_VERIFY), "CMS_digest_verify"}, - {ERR_FUNC(CMS_F_CMS_ENCODE_RECEIPT), "cms_encode_Receipt"}, - {ERR_FUNC(CMS_F_CMS_ENCRYPT), "CMS_encrypt"}, - {ERR_FUNC(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO), + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DIGESTEDDATA_DO_FINAL, 0), + "cms_DigestedData_do_final"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DIGEST_VERIFY, 0), "CMS_digest_verify"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCODE_RECEIPT, 0), "cms_encode_Receipt"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPT, 0), "CMS_encrypt"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPTEDCONTENT_INIT, 0), + "cms_EncryptedContent_init"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, 0), "cms_EncryptedContent_init_bio"}, - {ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT), "CMS_EncryptedData_decrypt"}, - {ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT), "CMS_EncryptedData_encrypt"}, - {ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY), + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPTEDDATA_DECRYPT, 0), + "CMS_EncryptedData_decrypt"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT, 0), + "CMS_EncryptedData_encrypt"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, 0), "CMS_EncryptedData_set1_key"}, - {ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_CREATE), "CMS_EnvelopedData_create"}, - {ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO), + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENVELOPEDDATA_CREATE, 0), + "CMS_EnvelopedData_create"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENVELOPEDDATA_INIT_BIO, 0), "cms_EnvelopedData_init_bio"}, - {ERR_FUNC(CMS_F_CMS_ENVELOPED_DATA_INIT), "cms_enveloped_data_init"}, - {ERR_FUNC(CMS_F_CMS_ENV_ASN1_CTRL), "cms_env_asn1_ctrl"}, - {ERR_FUNC(CMS_F_CMS_FINAL), "CMS_final"}, - {ERR_FUNC(CMS_F_CMS_GET0_CERTIFICATE_CHOICES), + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENVELOPED_DATA_INIT, 0), + "cms_enveloped_data_init"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENV_ASN1_CTRL, 0), "cms_env_asn1_ctrl"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_FINAL, 0), "CMS_final"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_GET0_CERTIFICATE_CHOICES, 0), "cms_get0_certificate_choices"}, - {ERR_FUNC(CMS_F_CMS_GET0_CONTENT), "CMS_get0_content"}, - {ERR_FUNC(CMS_F_CMS_GET0_ECONTENT_TYPE), "cms_get0_econtent_type"}, - {ERR_FUNC(CMS_F_CMS_GET0_ENVELOPED), "cms_get0_enveloped"}, - {ERR_FUNC(CMS_F_CMS_GET0_REVOCATION_CHOICES), + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_GET0_CONTENT, 0), "CMS_get0_content"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_GET0_ECONTENT_TYPE, 0), + "cms_get0_econtent_type"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_GET0_ENVELOPED, 0), "cms_get0_enveloped"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_GET0_REVOCATION_CHOICES, 0), "cms_get0_revocation_choices"}, - {ERR_FUNC(CMS_F_CMS_GET0_SIGNED), "cms_get0_signed"}, - {ERR_FUNC(CMS_F_CMS_MSGSIGDIGEST_ADD1), "cms_msgSigDigest_add1"}, - {ERR_FUNC(CMS_F_CMS_RECEIPTREQUEST_CREATE0), + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_GET0_SIGNED, 0), "cms_get0_signed"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_MSGSIGDIGEST_ADD1, 0), + "cms_msgSigDigest_add1"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECEIPTREQUEST_CREATE0, 0), "CMS_ReceiptRequest_create0"}, - {ERR_FUNC(CMS_F_CMS_RECEIPT_VERIFY), "cms_Receipt_verify"}, - {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_DECRYPT), "CMS_RecipientInfo_decrypt"}, - {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_ENCRYPT), "CMS_RecipientInfo_encrypt"}, - {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT), + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECEIPT_VERIFY, 0), "cms_Receipt_verify"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_DECRYPT, 0), + "CMS_RecipientInfo_decrypt"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_ENCRYPT, 0), + "CMS_RecipientInfo_encrypt"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT, 0), "cms_RecipientInfo_kari_encrypt"}, - {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG), + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG, 0), "CMS_RecipientInfo_kari_get0_alg"}, - {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID), + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID, 0), "CMS_RecipientInfo_kari_get0_orig_id"}, - {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS), + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS, 0), "CMS_RecipientInfo_kari_get0_reks"}, - {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP), + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP, 0), "CMS_RecipientInfo_kari_orig_id_cmp"}, - {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT), + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, 0), "cms_RecipientInfo_kekri_decrypt"}, - {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT), + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, 0), "cms_RecipientInfo_kekri_encrypt"}, - {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID), + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID, 0), "CMS_RecipientInfo_kekri_get0_id"}, - {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP), + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP, 0), "CMS_RecipientInfo_kekri_id_cmp"}, - {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP), + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP, 0), "CMS_RecipientInfo_ktri_cert_cmp"}, - {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT), + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, 0), "cms_RecipientInfo_ktri_decrypt"}, - {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT), + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, 0), "cms_RecipientInfo_ktri_encrypt"}, - {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS), + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS, 0), "CMS_RecipientInfo_ktri_get0_algs"}, - {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID), + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID, 0), "CMS_RecipientInfo_ktri_get0_signer_id"}, - {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT), + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, 0), "cms_RecipientInfo_pwri_crypt"}, - {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_KEY), + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_SET0_KEY, 0), "CMS_RecipientInfo_set0_key"}, - {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD), + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD, 0), "CMS_RecipientInfo_set0_password"}, - {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY), + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_SET0_PKEY, 0), "CMS_RecipientInfo_set0_pkey"}, - {ERR_FUNC(CMS_F_CMS_SD_ASN1_CTRL), "cms_sd_asn1_ctrl"}, - {ERR_FUNC(CMS_F_CMS_SET1_IAS), "cms_set1_ias"}, - {ERR_FUNC(CMS_F_CMS_SET1_KEYID), "cms_set1_keyid"}, - {ERR_FUNC(CMS_F_CMS_SET1_SIGNERIDENTIFIER), "cms_set1_SignerIdentifier"}, - {ERR_FUNC(CMS_F_CMS_SET_DETACHED), "CMS_set_detached"}, - {ERR_FUNC(CMS_F_CMS_SIGN), "CMS_sign"}, - {ERR_FUNC(CMS_F_CMS_SIGNED_DATA_INIT), "cms_signed_data_init"}, - {ERR_FUNC(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN), + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SD_ASN1_CTRL, 0), "cms_sd_asn1_ctrl"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SET1_IAS, 0), "cms_set1_ias"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SET1_KEYID, 0), "cms_set1_keyid"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SET1_SIGNERIDENTIFIER, 0), + "cms_set1_SignerIdentifier"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SET_DETACHED, 0), "CMS_set_detached"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGN, 0), "CMS_sign"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNED_DATA_INIT, 0), + "cms_signed_data_init"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, 0), "cms_SignerInfo_content_sign"}, - {ERR_FUNC(CMS_F_CMS_SIGNERINFO_SIGN), "CMS_SignerInfo_sign"}, - {ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY), "CMS_SignerInfo_verify"}, - {ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CERT), + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNERINFO_SIGN, 0), + "CMS_SignerInfo_sign"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNERINFO_VERIFY, 0), + "CMS_SignerInfo_verify"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNERINFO_VERIFY_CERT, 0), "cms_signerinfo_verify_cert"}, - {ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT), + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, 0), "CMS_SignerInfo_verify_content"}, - {ERR_FUNC(CMS_F_CMS_SIGN_RECEIPT), "CMS_sign_receipt"}, - {ERR_FUNC(CMS_F_CMS_STREAM), "CMS_stream"}, - {ERR_FUNC(CMS_F_CMS_UNCOMPRESS), "CMS_uncompress"}, - {ERR_FUNC(CMS_F_CMS_VERIFY), "CMS_verify"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGN_RECEIPT, 0), "CMS_sign_receipt"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_STREAM, 0), "CMS_stream"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_UNCOMPRESS, 0), "CMS_uncompress"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_VERIFY, 0), "CMS_verify"}, + {ERR_PACK(ERR_LIB_CMS, CMS_F_KEK_UNWRAP_KEY, 0), "kek_unwrap_key"}, {0, NULL} }; -static ERR_STRING_DATA CMS_str_reasons[] = { - {ERR_REASON(CMS_R_ADD_SIGNER_ERROR), "add signer error"}, - {ERR_REASON(CMS_R_CERTIFICATE_ALREADY_PRESENT), - "certificate already present"}, - {ERR_REASON(CMS_R_CERTIFICATE_HAS_NO_KEYID), "certificate has no keyid"}, - {ERR_REASON(CMS_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"}, - {ERR_REASON(CMS_R_CIPHER_INITIALISATION_ERROR), - "cipher initialisation error"}, - {ERR_REASON(CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR), - "cipher parameter initialisation error"}, - {ERR_REASON(CMS_R_CMS_DATAFINAL_ERROR), "cms datafinal error"}, - {ERR_REASON(CMS_R_CMS_LIB), "cms lib"}, - {ERR_REASON(CMS_R_CONTENTIDENTIFIER_MISMATCH), - "contentidentifier mismatch"}, - {ERR_REASON(CMS_R_CONTENT_NOT_FOUND), "content not found"}, - {ERR_REASON(CMS_R_CONTENT_TYPE_MISMATCH), "content type mismatch"}, - {ERR_REASON(CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA), - "content type not compressed data"}, - {ERR_REASON(CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA), - "content type not enveloped data"}, - {ERR_REASON(CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA), - "content type not signed data"}, - {ERR_REASON(CMS_R_CONTENT_VERIFY_ERROR), "content verify error"}, - {ERR_REASON(CMS_R_CTRL_ERROR), "ctrl error"}, - {ERR_REASON(CMS_R_CTRL_FAILURE), "ctrl failure"}, - {ERR_REASON(CMS_R_DECRYPT_ERROR), "decrypt error"}, - {ERR_REASON(CMS_R_ERROR_GETTING_PUBLIC_KEY), "error getting public key"}, - {ERR_REASON(CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE), - "error reading messagedigest attribute"}, - {ERR_REASON(CMS_R_ERROR_SETTING_KEY), "error setting key"}, - {ERR_REASON(CMS_R_ERROR_SETTING_RECIPIENTINFO), - "error setting recipientinfo"}, - {ERR_REASON(CMS_R_INVALID_ENCRYPTED_KEY_LENGTH), - "invalid encrypted key length"}, - {ERR_REASON(CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER), - "invalid key encryption parameter"}, - {ERR_REASON(CMS_R_INVALID_KEY_LENGTH), "invalid key length"}, - {ERR_REASON(CMS_R_MD_BIO_INIT_ERROR), "md bio init error"}, - {ERR_REASON(CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH), - "messagedigest attribute wrong length"}, - {ERR_REASON(CMS_R_MESSAGEDIGEST_WRONG_LENGTH), - "messagedigest wrong length"}, - {ERR_REASON(CMS_R_MSGSIGDIGEST_ERROR), "msgsigdigest error"}, - {ERR_REASON(CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE), - "msgsigdigest verification failure"}, - {ERR_REASON(CMS_R_MSGSIGDIGEST_WRONG_LENGTH), - "msgsigdigest wrong length"}, - {ERR_REASON(CMS_R_NEED_ONE_SIGNER), "need one signer"}, - {ERR_REASON(CMS_R_NOT_A_SIGNED_RECEIPT), "not a signed receipt"}, - {ERR_REASON(CMS_R_NOT_ENCRYPTED_DATA), "not encrypted data"}, - {ERR_REASON(CMS_R_NOT_KEK), "not kek"}, - {ERR_REASON(CMS_R_NOT_KEY_AGREEMENT), "not key agreement"}, - {ERR_REASON(CMS_R_NOT_KEY_TRANSPORT), "not key transport"}, - {ERR_REASON(CMS_R_NOT_PWRI), "not pwri"}, - {ERR_REASON(CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE), - "not supported for this key type"}, - {ERR_REASON(CMS_R_NO_CIPHER), "no cipher"}, - {ERR_REASON(CMS_R_NO_CONTENT), "no content"}, - {ERR_REASON(CMS_R_NO_CONTENT_TYPE), "no content type"}, - {ERR_REASON(CMS_R_NO_DEFAULT_DIGEST), "no default digest"}, - {ERR_REASON(CMS_R_NO_DIGEST_SET), "no digest set"}, - {ERR_REASON(CMS_R_NO_KEY), "no key"}, - {ERR_REASON(CMS_R_NO_KEY_OR_CERT), "no key or cert"}, - {ERR_REASON(CMS_R_NO_MATCHING_DIGEST), "no matching digest"}, - {ERR_REASON(CMS_R_NO_MATCHING_RECIPIENT), "no matching recipient"}, - {ERR_REASON(CMS_R_NO_MATCHING_SIGNATURE), "no matching signature"}, - {ERR_REASON(CMS_R_NO_MSGSIGDIGEST), "no msgsigdigest"}, - {ERR_REASON(CMS_R_NO_PASSWORD), "no password"}, - {ERR_REASON(CMS_R_NO_PRIVATE_KEY), "no private key"}, - {ERR_REASON(CMS_R_NO_PUBLIC_KEY), "no public key"}, - {ERR_REASON(CMS_R_NO_RECEIPT_REQUEST), "no receipt request"}, - {ERR_REASON(CMS_R_NO_SIGNERS), "no signers"}, - {ERR_REASON(CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), - "private key does not match certificate"}, - {ERR_REASON(CMS_R_RECEIPT_DECODE_ERROR), "receipt decode error"}, - {ERR_REASON(CMS_R_RECIPIENT_ERROR), "recipient error"}, - {ERR_REASON(CMS_R_SIGNER_CERTIFICATE_NOT_FOUND), - "signer certificate not found"}, - {ERR_REASON(CMS_R_SIGNFINAL_ERROR), "signfinal error"}, - {ERR_REASON(CMS_R_SMIME_TEXT_ERROR), "smime text error"}, - {ERR_REASON(CMS_R_STORE_INIT_ERROR), "store init error"}, - {ERR_REASON(CMS_R_TYPE_NOT_COMPRESSED_DATA), "type not compressed data"}, - {ERR_REASON(CMS_R_TYPE_NOT_DATA), "type not data"}, - {ERR_REASON(CMS_R_TYPE_NOT_DIGESTED_DATA), "type not digested data"}, - {ERR_REASON(CMS_R_TYPE_NOT_ENCRYPTED_DATA), "type not encrypted data"}, - {ERR_REASON(CMS_R_TYPE_NOT_ENVELOPED_DATA), "type not enveloped data"}, - {ERR_REASON(CMS_R_UNABLE_TO_FINALIZE_CONTEXT), - "unable to finalize context"}, - {ERR_REASON(CMS_R_UNKNOWN_CIPHER), "unknown cipher"}, - {ERR_REASON(CMS_R_UNKNOWN_DIGEST_ALGORIHM), "unknown digest algorihm"}, - {ERR_REASON(CMS_R_UNKNOWN_ID), "unknown id"}, - {ERR_REASON(CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM), - "unsupported compression algorithm"}, - {ERR_REASON(CMS_R_UNSUPPORTED_CONTENT_TYPE), "unsupported content type"}, - {ERR_REASON(CMS_R_UNSUPPORTED_KEK_ALGORITHM), - "unsupported kek algorithm"}, - {ERR_REASON(CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM), - "unsupported key encryption algorithm"}, - {ERR_REASON(CMS_R_UNSUPPORTED_RECIPIENT_TYPE), - "unsupported recipient type"}, - {ERR_REASON(CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE), - "unsupported recpientinfo type"}, - {ERR_REASON(CMS_R_UNSUPPORTED_TYPE), "unsupported type"}, - {ERR_REASON(CMS_R_UNWRAP_ERROR), "unwrap error"}, - {ERR_REASON(CMS_R_UNWRAP_FAILURE), "unwrap failure"}, - {ERR_REASON(CMS_R_VERIFICATION_FAILURE), "verification failure"}, - {ERR_REASON(CMS_R_WRAP_ERROR), "wrap error"}, +static const ERR_STRING_DATA CMS_str_reasons[] = { + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ADD_SIGNER_ERROR), "add signer error"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_ALREADY_PRESENT), + "certificate already present"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_HAS_NO_KEYID), + "certificate has no keyid"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_VERIFY_ERROR), + "certificate verify error"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CIPHER_INITIALISATION_ERROR), + "cipher initialisation error"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR), + "cipher parameter initialisation error"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CMS_DATAFINAL_ERROR), + "cms datafinal error"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CMS_LIB), "cms lib"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENTIDENTIFIER_MISMATCH), + "contentidentifier mismatch"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_NOT_FOUND), "content not found"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_MISMATCH), + "content type mismatch"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA), + "content type not compressed data"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA), + "content type not enveloped data"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA), + "content type not signed data"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_VERIFY_ERROR), + "content verify error"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CTRL_ERROR), "ctrl error"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CTRL_FAILURE), "ctrl failure"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_DECRYPT_ERROR), "decrypt error"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_GETTING_PUBLIC_KEY), + "error getting public key"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE), + "error reading messagedigest attribute"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_SETTING_KEY), "error setting key"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_SETTING_RECIPIENTINFO), + "error setting recipientinfo"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_ENCRYPTED_KEY_LENGTH), + "invalid encrypted key length"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER), + "invalid key encryption parameter"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_KEY_LENGTH), "invalid key length"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MD_BIO_INIT_ERROR), "md bio init error"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH), + "messagedigest attribute wrong length"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MESSAGEDIGEST_WRONG_LENGTH), + "messagedigest wrong length"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MSGSIGDIGEST_ERROR), "msgsigdigest error"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE), + "msgsigdigest verification failure"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MSGSIGDIGEST_WRONG_LENGTH), + "msgsigdigest wrong length"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NEED_ONE_SIGNER), "need one signer"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_A_SIGNED_RECEIPT), + "not a signed receipt"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_ENCRYPTED_DATA), "not encrypted data"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_KEK), "not kek"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_KEY_AGREEMENT), "not key agreement"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_KEY_TRANSPORT), "not key transport"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_PWRI), "not pwri"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE), + "not supported for this key type"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_CIPHER), "no cipher"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_CONTENT), "no content"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_CONTENT_TYPE), "no content type"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_DEFAULT_DIGEST), "no default digest"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_DIGEST_SET), "no digest set"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_KEY), "no key"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_KEY_OR_CERT), "no key or cert"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MATCHING_DIGEST), "no matching digest"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MATCHING_RECIPIENT), + "no matching recipient"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MATCHING_SIGNATURE), + "no matching signature"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MSGSIGDIGEST), "no msgsigdigest"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_PASSWORD), "no password"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_PRIVATE_KEY), "no private key"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_PUBLIC_KEY), "no public key"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_RECEIPT_REQUEST), "no receipt request"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_SIGNERS), "no signers"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), + "private key does not match certificate"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_RECEIPT_DECODE_ERROR), + "receipt decode error"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_RECIPIENT_ERROR), "recipient error"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SIGNER_CERTIFICATE_NOT_FOUND), + "signer certificate not found"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SIGNFINAL_ERROR), "signfinal error"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SMIME_TEXT_ERROR), "smime text error"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_STORE_INIT_ERROR), "store init error"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_COMPRESSED_DATA), + "type not compressed data"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_DATA), "type not data"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_DIGESTED_DATA), + "type not digested data"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_ENCRYPTED_DATA), + "type not encrypted data"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_ENVELOPED_DATA), + "type not enveloped data"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNABLE_TO_FINALIZE_CONTEXT), + "unable to finalize context"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_CIPHER), "unknown cipher"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_DIGEST_ALGORITHM), + "unknown digest algorithm"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_ID), "unknown id"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM), + "unsupported compression algorithm"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_CONTENT_TYPE), + "unsupported content type"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_KEK_ALGORITHM), + "unsupported kek algorithm"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM), + "unsupported key encryption algorithm"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE), + "unsupported recipientinfo type"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_RECIPIENT_TYPE), + "unsupported recipient type"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_TYPE), "unsupported type"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNWRAP_ERROR), "unwrap error"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNWRAP_FAILURE), "unwrap failure"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_VERIFICATION_FAILURE), + "verification failure"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_WRAP_ERROR), "wrap error"}, {0, NULL} }; @@ -248,10 +285,9 @@ static ERR_STRING_DATA CMS_str_reasons[] = { int ERR_load_CMS_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(CMS_str_functs[0].error) == NULL) { - ERR_load_strings(0, CMS_str_functs); - ERR_load_strings(0, CMS_str_reasons); + ERR_load_strings_const(CMS_str_functs); + ERR_load_strings_const(CMS_str_reasons); } #endif return 1; diff --git a/deps/openssl/openssl/crypto/cms/cms_lcl.h b/deps/openssl/openssl/crypto/cms/cms_lcl.h index d0c0e81363ba11..916fcbfbe190b1 100644 --- a/deps/openssl/openssl/crypto/cms/cms_lcl.h +++ b/deps/openssl/openssl/crypto/cms/cms_lcl.h @@ -1,5 +1,5 @@ /* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,10 +10,6 @@ #ifndef HEADER_CMS_LCL_H # define HEADER_CMS_LCL_H -#ifdef __cplusplus -extern "C" { -#endif - # include /* @@ -67,7 +63,7 @@ struct CMS_ContentInfo_st { DEFINE_STACK_OF(CMS_CertificateChoices) struct CMS_SignedData_st { - long version; + int32_t version; STACK_OF(X509_ALGOR) *digestAlgorithms; CMS_EncapsulatedContentInfo *encapContentInfo; STACK_OF(CMS_CertificateChoices) *certificates; @@ -83,7 +79,7 @@ struct CMS_EncapsulatedContentInfo_st { }; struct CMS_SignerInfo_st { - long version; + int32_t version; CMS_SignerIdentifier *sid; X509_ALGOR *digestAlgorithm; STACK_OF(X509_ATTRIBUTE) *signedAttrs; @@ -107,7 +103,7 @@ struct CMS_SignerIdentifier_st { }; struct CMS_EnvelopedData_st { - long version; + int32_t version; CMS_OriginatorInfo *originatorInfo; STACK_OF(CMS_RecipientInfo) *recipientInfos; CMS_EncryptedContentInfo *encryptedContentInfo; @@ -145,7 +141,7 @@ struct CMS_RecipientInfo_st { typedef CMS_SignerIdentifier CMS_RecipientIdentifier; struct CMS_KeyTransRecipientInfo_st { - long version; + int32_t version; CMS_RecipientIdentifier *rid; X509_ALGOR *keyEncryptionAlgorithm; ASN1_OCTET_STRING *encryptedKey; @@ -157,7 +153,7 @@ struct CMS_KeyTransRecipientInfo_st { }; struct CMS_KeyAgreeRecipientInfo_st { - long version; + int32_t version; CMS_OriginatorIdentifierOrKey *originator; ASN1_OCTET_STRING *ukm; X509_ALGOR *keyEncryptionAlgorithm; @@ -204,7 +200,7 @@ struct CMS_RecipientKeyIdentifier_st { }; struct CMS_KEKRecipientInfo_st { - long version; + int32_t version; CMS_KEKIdentifier *kekid; X509_ALGOR *keyEncryptionAlgorithm; ASN1_OCTET_STRING *encryptedKey; @@ -220,7 +216,7 @@ struct CMS_KEKIdentifier_st { }; struct CMS_PasswordRecipientInfo_st { - long version; + int32_t version; X509_ALGOR *keyDerivationAlgorithm; X509_ALGOR *keyEncryptionAlgorithm; ASN1_OCTET_STRING *encryptedKey; @@ -235,20 +231,20 @@ struct CMS_OtherRecipientInfo_st { }; struct CMS_DigestedData_st { - long version; + int32_t version; X509_ALGOR *digestAlgorithm; CMS_EncapsulatedContentInfo *encapContentInfo; ASN1_OCTET_STRING *digest; }; struct CMS_EncryptedData_st { - long version; + int32_t version; CMS_EncryptedContentInfo *encryptedContentInfo; STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs; }; struct CMS_AuthenticatedData_st { - long version; + int32_t version; CMS_OriginatorInfo *originatorInfo; STACK_OF(CMS_RecipientInfo) *recipientInfos; X509_ALGOR *macAlgorithm; @@ -260,7 +256,7 @@ struct CMS_AuthenticatedData_st { }; struct CMS_CompressedData_st { - long version; + int32_t version; X509_ALGOR *compressionAlgorithm; STACK_OF(CMS_RecipientInfo) *recipientInfos; CMS_EncapsulatedContentInfo *encapContentInfo; @@ -332,14 +328,14 @@ struct CMS_ReceiptRequest_st { struct CMS_ReceiptsFrom_st { int type; union { - long allOrFirstTier; + int32_t allOrFirstTier; STACK_OF(GENERAL_NAMES) *receiptList; } d; }; # endif struct CMS_Receipt_st { - long version; + int32_t version; ASN1_OBJECT *contentType; ASN1_OCTET_STRING *signedContentIdentifier; ASN1_OCTET_STRING *originatorSignatureValue; @@ -438,7 +434,4 @@ DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice) DECLARE_ASN1_ITEM(CMS_SignedData) DECLARE_ASN1_ITEM(CMS_CompressedData) -#ifdef __cplusplus -} -#endif #endif diff --git a/deps/openssl/openssl/crypto/cms/cms_lib.c b/deps/openssl/openssl/crypto/cms/cms_lib.c index 7395684b616915..c2cac260109d1f 100644 --- a/deps/openssl/openssl/crypto/cms/cms_lib.c +++ b/deps/openssl/openssl/crypto/cms/cms_lib.c @@ -292,7 +292,7 @@ BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm) digest = EVP_get_digestbyobj(digestoid); if (!digest) { CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO, - CMS_R_UNKNOWN_DIGEST_ALGORIHM); + CMS_R_UNKNOWN_DIGEST_ALGORITHM); goto err; } mdbio = BIO_new(BIO_f_md()); diff --git a/deps/openssl/openssl/crypto/cms/cms_pwri.c b/deps/openssl/openssl/crypto/cms/cms_pwri.c index 0571bb8026a5af..eac9c2fc862ebe 100644 --- a/deps/openssl/openssl/crypto/cms/cms_pwri.c +++ b/deps/openssl/openssl/crypto/cms/cms_pwri.c @@ -1,5 +1,5 @@ /* - * Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -188,9 +188,10 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen, /* Invalid size */ return 0; } - tmp = OPENSSL_malloc(inlen); - if (tmp == NULL) + if ((tmp = OPENSSL_malloc(inlen)) == NULL) { + CMSerr(CMS_F_KEK_UNWRAP_KEY, ERR_R_MALLOC_FAILURE); return 0; + } /* setup IV by decrypting last two blocks */ if (!EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl, in + inlen - 2 * blocklen, blocklen * 2) @@ -325,7 +326,7 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, if (!EVP_CipherInit_ex(kekctx, kekcipher, NULL, NULL, NULL, en_de)) goto err; EVP_CIPHER_CTX_set_padding(kekctx, 0); - if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) < 0) { + if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) <= 0) { CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); goto err; diff --git a/deps/openssl/openssl/crypto/cms/cms_sd.c b/deps/openssl/openssl/crypto/cms/cms_sd.c index 4108fe70827694..ff2d540b6a30cd 100644 --- a/deps/openssl/openssl/crypto/cms/cms_sd.c +++ b/deps/openssl/openssl/crypto/cms/cms_sd.c @@ -635,7 +635,7 @@ int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain) int CMS_SignerInfo_sign(CMS_SignerInfo *si) { EVP_MD_CTX *mctx = si->mctx; - EVP_PKEY_CTX *pctx; + EVP_PKEY_CTX *pctx = NULL; unsigned char *abuf = NULL; int alen; size_t siglen; @@ -656,6 +656,7 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si) EVP_MD_CTX_reset(mctx); if (EVP_DigestSignInit(mctx, &pctx, md, NULL, si->pkey) <= 0) goto err; + si->pctx = pctx; } if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, diff --git a/deps/openssl/openssl/crypto/comp/c_zlib.c b/deps/openssl/openssl/crypto/comp/c_zlib.c index 821dc099bb912a..d688deee5f23fb 100644 --- a/deps/openssl/openssl/crypto/comp/c_zlib.c +++ b/deps/openssl/openssl/crypto/comp/c_zlib.c @@ -256,14 +256,13 @@ COMP_METHOD *COMP_zlib(void) meth = &zlib_stateful_method; #endif - return (meth); + return meth; } void comp_zlib_cleanup_int(void) { #ifdef ZLIB_SHARED - if (zlib_dso != NULL) - DSO_free(zlib_dso); + DSO_free(zlib_dso); zlib_dso = NULL; #endif } @@ -297,7 +296,11 @@ static long bio_zlib_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp); static const BIO_METHOD bio_meth_zlib = { BIO_TYPE_COMP, "zlib", + /* TODO: Convert to new style write function */ + bwrite_conv, bio_zlib_write, + /* TODO: Convert to new style read function */ + bread_conv, bio_zlib_read, NULL, /* bio_zlib_puts, */ NULL, /* bio_zlib_gets, */ diff --git a/deps/openssl/openssl/crypto/comp/comp_err.c b/deps/openssl/openssl/crypto/comp/comp_err.c index 8e2e69568def55..2dca315cf1d398 100644 --- a/deps/openssl/openssl/crypto/comp/comp_err.c +++ b/deps/openssl/openssl/crypto/comp/comp_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,28 +8,27 @@ * https://www.openssl.org/source/license.html */ -#include #include -#include +#include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -# define ERR_FUNC(func) ERR_PACK(ERR_LIB_COMP,func,0) -# define ERR_REASON(reason) ERR_PACK(ERR_LIB_COMP,0,reason) - -static ERR_STRING_DATA COMP_str_functs[] = { - {ERR_FUNC(COMP_F_BIO_ZLIB_FLUSH), "bio_zlib_flush"}, - {ERR_FUNC(COMP_F_BIO_ZLIB_NEW), "bio_zlib_new"}, - {ERR_FUNC(COMP_F_BIO_ZLIB_READ), "bio_zlib_read"}, - {ERR_FUNC(COMP_F_BIO_ZLIB_WRITE), "bio_zlib_write"}, +static const ERR_STRING_DATA COMP_str_functs[] = { + {ERR_PACK(ERR_LIB_COMP, COMP_F_BIO_ZLIB_FLUSH, 0), "bio_zlib_flush"}, + {ERR_PACK(ERR_LIB_COMP, COMP_F_BIO_ZLIB_NEW, 0), "bio_zlib_new"}, + {ERR_PACK(ERR_LIB_COMP, COMP_F_BIO_ZLIB_READ, 0), "bio_zlib_read"}, + {ERR_PACK(ERR_LIB_COMP, COMP_F_BIO_ZLIB_WRITE, 0), "bio_zlib_write"}, + {ERR_PACK(ERR_LIB_COMP, COMP_F_COMP_CTX_NEW, 0), "COMP_CTX_new"}, {0, NULL} }; -static ERR_STRING_DATA COMP_str_reasons[] = { - {ERR_REASON(COMP_R_ZLIB_DEFLATE_ERROR), "zlib deflate error"}, - {ERR_REASON(COMP_R_ZLIB_INFLATE_ERROR), "zlib inflate error"}, - {ERR_REASON(COMP_R_ZLIB_NOT_SUPPORTED), "zlib not supported"}, +static const ERR_STRING_DATA COMP_str_reasons[] = { + {ERR_PACK(ERR_LIB_COMP, 0, COMP_R_ZLIB_DEFLATE_ERROR), + "zlib deflate error"}, + {ERR_PACK(ERR_LIB_COMP, 0, COMP_R_ZLIB_INFLATE_ERROR), + "zlib inflate error"}, + {ERR_PACK(ERR_LIB_COMP, 0, COMP_R_ZLIB_NOT_SUPPORTED), + "zlib not supported"}, {0, NULL} }; @@ -38,10 +37,9 @@ static ERR_STRING_DATA COMP_str_reasons[] = { int ERR_load_COMP_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(COMP_str_functs[0].error) == NULL) { - ERR_load_strings(0, COMP_str_functs); - ERR_load_strings(0, COMP_str_reasons); + ERR_load_strings_const(COMP_str_functs); + ERR_load_strings_const(COMP_str_reasons); } #endif return 1; diff --git a/deps/openssl/openssl/crypto/comp/comp_lib.c b/deps/openssl/openssl/crypto/comp/comp_lib.c index 32afd0dba8185a..6ae2114496b03b 100644 --- a/deps/openssl/openssl/crypto/comp/comp_lib.c +++ b/deps/openssl/openssl/crypto/comp/comp_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,20 +12,23 @@ #include #include #include +#include #include "comp_lcl.h" COMP_CTX *COMP_CTX_new(COMP_METHOD *meth) { COMP_CTX *ret; - if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) - return (NULL); + if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) { + COMPerr(COMP_F_COMP_CTX_NEW, ERR_R_MALLOC_FAILURE); + return NULL; + } ret->meth = meth; if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { OPENSSL_free(ret); ret = NULL; } - return (ret); + return ret; } const COMP_METHOD *COMP_CTX_get_method(const COMP_CTX *ctx) @@ -47,7 +50,6 @@ void COMP_CTX_free(COMP_CTX *ctx) { if (ctx == NULL) return; - if (ctx->meth->finish != NULL) ctx->meth->finish(ctx); @@ -59,14 +61,14 @@ int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen, { int ret; if (ctx->meth->compress == NULL) { - return (-1); + return -1; } ret = ctx->meth->compress(ctx, out, olen, in, ilen); if (ret > 0) { ctx->compress_in += ilen; ctx->compress_out += ret; } - return (ret); + return ret; } int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, @@ -75,14 +77,14 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, int ret; if (ctx->meth->expand == NULL) { - return (-1); + return -1; } ret = ctx->meth->expand(ctx, out, olen, in, ilen); if (ret > 0) { ctx->expand_in += ilen; ctx->expand_out += ret; } - return (ret); + return ret; } int COMP_CTX_get_type(const COMP_CTX* comp) diff --git a/deps/openssl/openssl/crypto/conf/conf_api.c b/deps/openssl/openssl/crypto/conf/conf_api.c index 36c91b166399c5..5e57d749ce5e7c 100644 --- a/deps/openssl/openssl/crypto/conf/conf_api.c +++ b/deps/openssl/openssl/crypto/conf/conf_api.c @@ -25,11 +25,11 @@ CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section) CONF_VALUE *v, vv; if ((conf == NULL) || (section == NULL)) - return (NULL); + return NULL; vv.name = NULL; vv.section = (char *)section; v = lh_CONF_VALUE_retrieve(conf->data, &vv); - return (v); + return v; } /* Up until OpenSSL 0.9.5a, this was CONF_get_section */ @@ -42,7 +42,7 @@ STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf, if (v != NULL) return ((STACK_OF(CONF_VALUE) *)v->value); else - return (NULL); + return NULL; } int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value) @@ -74,27 +74,27 @@ char *_CONF_get_string(const CONF *conf, const char *section, char *p; if (name == NULL) - return (NULL); + return NULL; if (conf != NULL) { if (section != NULL) { vv.name = (char *)name; vv.section = (char *)section; v = lh_CONF_VALUE_retrieve(conf->data, &vv); if (v != NULL) - return (v->value); + return v->value; if (strcmp(section, "ENV") == 0) { p = ossl_safe_getenv(name); if (p != NULL) - return (p); + return p; } } vv.section = "default"; vv.name = (char *)name; v = lh_CONF_VALUE_retrieve(conf->data, &vv); if (v != NULL) - return (v->value); + return v->value; else - return (NULL); + return NULL; } else return ossl_safe_getenv(name); } @@ -111,14 +111,14 @@ static int conf_value_cmp(const CONF_VALUE *a, const CONF_VALUE *b) if (a->section != b->section) { i = strcmp(a->section, b->section); if (i) - return (i); + return i; } if ((a->name != NULL) && (b->name != NULL)) { i = strcmp(a->name, b->name); - return (i); + return i; } else if (a->name == b->name) - return (0); + return 0; else return ((a->name == NULL) ? -1 : 1); } @@ -205,8 +205,7 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const char *section) v->value = (char *)sk; vv = lh_CONF_VALUE_insert(conf->data, v); - OPENSSL_assert(vv == NULL); - if (lh_CONF_VALUE_error(conf->data) > 0) + if (vv != NULL || lh_CONF_VALUE_error(conf->data) > 0) goto err; return v; diff --git a/deps/openssl/openssl/crypto/conf/conf_def.c b/deps/openssl/openssl/crypto/conf/conf_def.c index b443903f46f4e7..7f0d70ea695ecf 100644 --- a/deps/openssl/openssl/crypto/conf/conf_def.c +++ b/deps/openssl/openssl/crypto/conf/conf_def.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,13 +12,24 @@ #include #include #include "internal/cryptlib.h" -#include +#include "internal/o_dir.h" #include #include #include #include "conf_def.h" #include #include +#ifndef OPENSSL_NO_POSIX_IO +# include +# ifdef _WIN32 +# define stat _stat +# define strcasecmp _stricmp +# endif +#endif + +#ifndef S_ISDIR +# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR) +#endif /* * The maximum length we can grow a value to after variable expansion. 64k @@ -26,13 +37,20 @@ */ #define MAX_CONF_VALUE_LENGTH 65536 +static int is_keytype(const CONF *conf, char c, unsigned short type); static char *eat_ws(CONF *conf, char *p); +static void trim_ws(CONF *conf, char *start); static char *eat_alpha_numeric(CONF *conf, char *p); static void clear_comments(CONF *conf, char *p); static int str_copy(CONF *conf, char *section, char **to, char *from); static char *scan_quote(CONF *conf, char *p); static char *scan_dquote(CONF *conf, char *p); #define scan_esc(conf,p) (((IS_EOF((conf),(p)[1]))?((p)+1):((p)+2))) +#ifndef OPENSSL_NO_POSIX_IO +static BIO *process_include(char *include, OPENSSL_DIR_CTX **dirctx, + char **dirpath); +static BIO *get_next_file(const char *path, OPENSSL_DIR_CTX **dirctx); +#endif static CONF *def_create(CONF_METHOD *meth); static int def_init_default(CONF *conf); @@ -71,12 +89,12 @@ static CONF_METHOD WIN32_method = { def_load }; -CONF_METHOD *NCONF_default() +CONF_METHOD *NCONF_default(void) { return &default_method; } -CONF_METHOD *NCONF_WIN32() +CONF_METHOD *NCONF_WIN32(void) { return &WIN32_method; } @@ -174,6 +192,11 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) char *section = NULL, *buf; char *start, *psection, *pname; void *h = (void *)(conf->data); + STACK_OF(BIO) *biosk = NULL; +#ifndef OPENSSL_NO_POSIX_IO + char *dirpath = NULL; + OPENSSL_DIR_CTX *dirctx = NULL; +#endif if ((buff = BUF_MEM_new()) == NULL) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_BUF_LIB); @@ -206,11 +229,39 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) } p = &(buff->data[bufnum]); *p = '\0'; + read_retry: BIO_gets(in, p, CONFBUFSIZE - 1); p[CONFBUFSIZE - 1] = '\0'; ii = i = strlen(p); - if (i == 0 && !again) - break; + if (i == 0 && !again) { + /* the currently processed BIO is at EOF */ + BIO *parent; + +#ifndef OPENSSL_NO_POSIX_IO + /* continue processing with the next file from directory */ + if (dirctx != NULL) { + BIO *next; + + if ((next = get_next_file(dirpath, &dirctx)) != NULL) { + BIO_vfree(in); + in = next; + goto read_retry; + } else { + OPENSSL_free(dirpath); + dirpath = NULL; + } + } +#endif + /* no more files in directory, continue with processing parent */ + if ((parent = sk_BIO_pop(biosk)) == NULL) { + /* everything processed get out of the loop */ + break; + } else { + BIO_vfree(in); + in = parent; + goto read_retry; + } + } again = 0; while (i > 0) { if ((p[i - 1] != '\r') && (p[i - 1] != '\n')) @@ -286,7 +337,6 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) continue; } else { pname = s; - psection = NULL; end = eat_alpha_numeric(conf, s); if ((end[0] == ':') && (end[1] == ':')) { *end = '\0'; @@ -294,36 +344,63 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) psection = pname; pname = end; end = eat_alpha_numeric(conf, end); + } else { + psection = section; } p = eat_ws(conf, end); - if (*p != '=') { + if (strncmp(pname, ".include", 8) == 0 && p != pname + 8) { + char *include = NULL; + BIO *next; + + trim_ws(conf, p); + if (!str_copy(conf, psection, &include, p)) + goto err; + /* get the BIO of the included file */ +#ifndef OPENSSL_NO_POSIX_IO + next = process_include(include, &dirctx, &dirpath); + if (include != dirpath) { + /* dirpath will contain include in case of a directory */ + OPENSSL_free(include); + } +#else + next = BIO_new_file(include, "r"); + OPENSSL_free(include); +#endif + if (next != NULL) { + /* push the currently processing BIO onto stack */ + if (biosk == NULL) { + if ((biosk = sk_BIO_new_null()) == NULL) { + CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); + goto err; + } + } + if (!sk_BIO_push(biosk, in)) { + CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); + goto err; + } + /* continue with reading from the included BIO */ + in = next; + } + continue; + } else if (*p != '=') { CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_MISSING_EQUAL_SIGN); goto err; } *end = '\0'; p++; start = eat_ws(conf, p); - while (!IS_EOF(conf, *p)) - p++; - p--; - while ((p != start) && (IS_WS(conf, *p))) - p--; - p++; - *p = '\0'; + trim_ws(conf, start); if ((v = OPENSSL_malloc(sizeof(*v))) == NULL) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); goto err; } - if (psection == NULL) - psection = section; - v->name = OPENSSL_malloc(strlen(pname) + 1); + v->name = OPENSSL_strdup(pname); v->value = NULL; if (v->name == NULL) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); goto err; } - OPENSSL_strlcpy(v->name, pname, strlen(pname) + 1); if (!str_copy(conf, psection, &(v->value), start)) goto err; @@ -347,10 +424,31 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) } BUF_MEM_free(buff); OPENSSL_free(section); - return (1); + /* + * No need to pop, since we only get here if the stack is empty. + * If this causes a BIO leak, THE ISSUE IS SOMEWHERE ELSE! + */ + sk_BIO_free(biosk); + return 1; err: BUF_MEM_free(buff); OPENSSL_free(section); + /* + * Since |in| is the first element of the stack and should NOT be freed + * here, we cannot use sk_BIO_pop_free(). Instead, we pop and free one + * BIO at a time, making sure that the last one popped isn't. + */ + while (sk_BIO_num(biosk) > 0) { + BIO *popped = sk_BIO_pop(biosk); + BIO_vfree(in); + in = popped; + } + sk_BIO_free(biosk); +#ifndef OPENSSL_NO_POSIX_IO + OPENSSL_free(dirpath); + if (dirctx != NULL) + OPENSSL_DIR_end(&dirctx); +#endif if (line != NULL) *line = eline; BIO_snprintf(btmp, sizeof(btmp), "%ld", eline); @@ -364,7 +462,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) OPENSSL_free(v->value); OPENSSL_free(v); } - return (0); + return 0; } static void clear_comments(CONF *conf, char *p) @@ -411,7 +509,7 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) BUF_MEM *buf; if ((buf = BUF_MEM_new()) == NULL) - return (0); + return 0; len = strlen(from) + 1; if (!BUF_MEM_grow(buf, len)) @@ -479,7 +577,7 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) s++; cp = section; e = np = s; - while (IS_ALPHA_NUMERIC(conf, *e)) + while (IS_ALNUM(conf, *e)) e++; if ((e[0] == ':') && (e[1] == ':')) { cp = np; @@ -488,7 +586,7 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) *rrp = '\0'; e += 2; np = e; - while (IS_ALPHA_NUMERIC(conf, *e)) + while (IS_ALNUM(conf, *e)) e++; } r = *e; @@ -551,17 +649,150 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) OPENSSL_free(*pto); *pto = buf->data; OPENSSL_free(buf); - return (1); + return 1; err: BUF_MEM_free(buf); - return (0); + return 0; +} + +#ifndef OPENSSL_NO_POSIX_IO +/* + * Check whether included path is a directory. + * Returns next BIO to process and in case of a directory + * also an opened directory context and the include path. + */ +static BIO *process_include(char *include, OPENSSL_DIR_CTX **dirctx, + char **dirpath) +{ + struct stat st = { 0 }; + BIO *next; + + if (stat(include, &st) < 0) { + SYSerr(SYS_F_STAT, errno); + ERR_add_error_data(1, include); + /* missing include file is not fatal error */ + return NULL; + } + + if (S_ISDIR(st.st_mode)) { + if (*dirctx != NULL) { + CONFerr(CONF_F_PROCESS_INCLUDE, + CONF_R_RECURSIVE_DIRECTORY_INCLUDE); + ERR_add_error_data(1, include); + return NULL; + } + /* a directory, load its contents */ + if ((next = get_next_file(include, dirctx)) != NULL) + *dirpath = include; + return next; + } + + next = BIO_new_file(include, "r"); + return next; +} + +/* + * Get next file from the directory path. + * Returns BIO of the next file to read and updates dirctx. + */ +static BIO *get_next_file(const char *path, OPENSSL_DIR_CTX **dirctx) +{ + const char *filename; + + while ((filename = OPENSSL_DIR_read(dirctx, path)) != NULL) { + size_t namelen; + + namelen = strlen(filename); + + + if ((namelen > 5 && strcasecmp(filename + namelen - 5, ".conf") == 0) + || (namelen > 4 && strcasecmp(filename + namelen - 4, ".cnf") == 0)) { + size_t newlen; + char *newpath; + BIO *bio; + + newlen = strlen(path) + namelen + 2; + newpath = OPENSSL_zalloc(newlen); + if (newpath == NULL) { + CONFerr(CONF_F_GET_NEXT_FILE, ERR_R_MALLOC_FAILURE); + break; + } +#ifdef OPENSSL_SYS_VMS + /* + * If the given path isn't clear VMS syntax, + * we treat it as on Unix. + */ + { + size_t pathlen = strlen(path); + + if (path[pathlen - 1] == ']' || path[pathlen - 1] == '>' + || path[pathlen - 1] == ':') { + /* Clear VMS directory syntax, just copy as is */ + OPENSSL_strlcpy(newpath, path, newlen); + } + } +#endif + if (newpath[0] == '\0') { + OPENSSL_strlcpy(newpath, path, newlen); + OPENSSL_strlcat(newpath, "/", newlen); + } + OPENSSL_strlcat(newpath, filename, newlen); + + bio = BIO_new_file(newpath, "r"); + OPENSSL_free(newpath); + /* Errors when opening files are non-fatal. */ + if (bio != NULL) + return bio; + } + } + OPENSSL_DIR_end(dirctx); + *dirctx = NULL; + return NULL; +} +#endif + +static int is_keytype(const CONF *conf, char c, unsigned short type) +{ + const unsigned short * keytypes = (const unsigned short *) conf->meth_data; + unsigned char key = (unsigned char)c; + +#ifdef CHARSET_EBCDIC +# if CHAR_BIT > 8 + if (key > 255) { + /* key is out of range for os_toascii table */ + return 0; + } +# endif + /* convert key from ebcdic to ascii */ + key = os_toascii[key]; +#endif + + if (key > 127) { + /* key is not a seven bit ascii character */ + return 0; + } + + return (keytypes[key] & type) ? 1 : 0; } static char *eat_ws(CONF *conf, char *p) { while (IS_WS(conf, *p) && (!IS_EOF(conf, *p))) p++; - return (p); + return p; +} + +static void trim_ws(CONF *conf, char *start) +{ + char *p = start; + + while (!IS_EOF(conf, *p)) + p++; + p--; + while ((p >= start) && IS_WS(conf, *p)) + p--; + p++; + *p = '\0'; } static char *eat_alpha_numeric(CONF *conf, char *p) @@ -571,8 +802,8 @@ static char *eat_alpha_numeric(CONF *conf, char *p) p = scan_esc(conf, p); continue; } - if (!IS_ALPHA_NUMERIC_PUNCT(conf, *p)) - return (p); + if (!IS_ALNUM_PUNCT(conf, *p)) + return p; p++; } } @@ -586,13 +817,13 @@ static char *scan_quote(CONF *conf, char *p) if (IS_ESC(conf, *p)) { p++; if (IS_EOF(conf, *p)) - return (p); + return p; } p++; } if (*p == q) p++; - return (p); + return p; } static char *scan_dquote(CONF *conf, char *p) @@ -612,7 +843,7 @@ static char *scan_dquote(CONF *conf, char *p) } if (*p == q) p++; - return (p); + return p; } static void dump_value_doall_arg(const CONF_VALUE *a, BIO *out) diff --git a/deps/openssl/openssl/crypto/conf/conf_def.h b/deps/openssl/openssl/crypto/conf/conf_def.h index da4767e196cb7e..73e88baa8ba11f 100644 --- a/deps/openssl/openssl/crypto/conf/conf_def.h +++ b/deps/openssl/openssl/crypto/conf/conf_def.h @@ -2,63 +2,42 @@ * WARNING: do not edit! * Generated by crypto/conf/keysets.pl * - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ -#define CONF_NUMBER 1 -#define CONF_UPPER 2 -#define CONF_LOWER 4 -#define CONF_UNDER 256 -#define CONF_PUNCTUATION 512 -#define CONF_WS 16 -#define CONF_ESC 32 -#define CONF_QUOTE 64 -#define CONF_DQUOTE 1024 -#define CONF_COMMENT 128 -#define CONF_FCOMMENT 2048 -#define CONF_EOF 8 -#define CONF_HIGHBIT 4096 -#define CONF_ALPHA (CONF_UPPER|CONF_LOWER) -#define CONF_ALPHA_NUMERIC (CONF_ALPHA|CONF_NUMBER|CONF_UNDER) -#define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \ - CONF_PUNCTUATION) +#define CONF_NUMBER 1 +#define CONF_UPPER 2 +#define CONF_LOWER 4 +#define CONF_UNDER 256 +#define CONF_PUNCT 512 +#define CONF_WS 16 +#define CONF_ESC 32 +#define CONF_QUOTE 64 +#define CONF_DQUOTE 1024 +#define CONF_COMMENT 128 +#define CONF_FCOMMENT 2048 +#define CONF_EOF 8 +#define CONF_ALPHA (CONF_UPPER|CONF_LOWER) +#define CONF_ALNUM (CONF_ALPHA|CONF_NUMBER|CONF_UNDER) +#define CONF_ALNUM_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER|CONF_PUNCT) -#define KEYTYPES(c) ((const unsigned short *)((c)->meth_data)) -#ifndef CHARSET_EBCDIC -# define IS_COMMENT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_COMMENT) -# define IS_FCOMMENT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT) -# define IS_EOF(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_EOF) -# define IS_ESC(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_ESC) -# define IS_NUMBER(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_NUMBER) -# define IS_WS(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_WS) -# define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC) -# define IS_ALPHA_NUMERIC_PUNCT(c,a) \ - (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC_PUNCT) -# define IS_QUOTE(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_QUOTE) -# define IS_DQUOTE(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE) -# define IS_HIGHBIT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT) -#else /* CHARSET_EBCDIC */ +#define IS_COMMENT(conf,c) is_keytype(conf, c, CONF_COMMENT) +#define IS_FCOMMENT(conf,c) is_keytype(conf, c, CONF_FCOMMENT) +#define IS_EOF(conf,c) is_keytype(conf, c, CONF_EOF) +#define IS_ESC(conf,c) is_keytype(conf, c, CONF_ESC) +#define IS_NUMBER(conf,c) is_keytype(conf, c, CONF_NUMBER) +#define IS_WS(conf,c) is_keytype(conf, c, CONF_WS) +#define IS_ALNUM(conf,c) is_keytype(conf, c, CONF_ALNUM) +#define IS_ALNUM_PUNCT(conf,c) is_keytype(conf, c, CONF_ALNUM_PUNCT) +#define IS_QUOTE(conf,c) is_keytype(conf, c, CONF_QUOTE) +#define IS_DQUOTE(conf,c) is_keytype(conf, c, CONF_DQUOTE) -# define IS_COMMENT(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_COMMENT) -# define IS_FCOMMENT(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_FCOMMENT) -# define IS_EOF(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_EOF) -# define IS_ESC(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_ESC) -# define IS_NUMBER(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_NUMBER) -# define IS_WS(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_WS) -# define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_ALPHA_NUMERIC) -# define IS_ALPHA_NUMERIC_PUNCT(c,a) \ - (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_ALPHA_NUMERIC_PUNCT) -# define IS_QUOTE(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_QUOTE) -# define IS_DQUOTE(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_DQUOTE) -# define IS_HIGHBIT(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_HIGHBIT) -#endif /* CHARSET_EBCDIC */ - -static const unsigned short CONF_type_default[256] = { +static const unsigned short CONF_type_default[128] = { 0x0008, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0010, 0x0010, 0x0000, 0x0000, 0x0010, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, @@ -75,25 +54,9 @@ static const unsigned short CONF_type_default[256] = { 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0000, 0x0200, 0x0000, 0x0200, 0x0000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, }; -static const unsigned short CONF_type_win32[256] = { +static const unsigned short CONF_type_win32[128] = { 0x0008, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0010, 0x0010, 0x0000, 0x0000, 0x0010, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, @@ -110,20 +73,4 @@ static const unsigned short CONF_type_win32[256] = { 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0000, 0x0200, 0x0000, 0x0200, 0x0000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, - 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, }; diff --git a/deps/openssl/openssl/crypto/conf/conf_err.c b/deps/openssl/openssl/crypto/conf/conf_err.c index 19f480d5b32b85..f7613584ec3e43 100644 --- a/deps/openssl/openssl/crypto/conf/conf_err.c +++ b/deps/openssl/openssl/crypto/conf/conf_err.c @@ -8,68 +8,76 @@ * https://www.openssl.org/source/license.html */ -#include #include -#include +#include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -# define ERR_FUNC(func) ERR_PACK(ERR_LIB_CONF,func,0) -# define ERR_REASON(reason) ERR_PACK(ERR_LIB_CONF,0,reason) - -static ERR_STRING_DATA CONF_str_functs[] = { - {ERR_FUNC(CONF_F_CONF_DUMP_FP), "CONF_dump_fp"}, - {ERR_FUNC(CONF_F_CONF_LOAD), "CONF_load"}, - {ERR_FUNC(CONF_F_CONF_LOAD_FP), "CONF_load_fp"}, - {ERR_FUNC(CONF_F_CONF_PARSE_LIST), "CONF_parse_list"}, - {ERR_FUNC(CONF_F_DEF_LOAD), "def_load"}, - {ERR_FUNC(CONF_F_DEF_LOAD_BIO), "def_load_bio"}, - {ERR_FUNC(CONF_F_MODULE_INIT), "module_init"}, - {ERR_FUNC(CONF_F_MODULE_LOAD_DSO), "module_load_dso"}, - {ERR_FUNC(CONF_F_MODULE_RUN), "module_run"}, - {ERR_FUNC(CONF_F_NCONF_DUMP_BIO), "NCONF_dump_bio"}, - {ERR_FUNC(CONF_F_NCONF_DUMP_FP), "NCONF_dump_fp"}, - {ERR_FUNC(CONF_F_NCONF_GET_NUMBER_E), "NCONF_get_number_e"}, - {ERR_FUNC(CONF_F_NCONF_GET_SECTION), "NCONF_get_section"}, - {ERR_FUNC(CONF_F_NCONF_GET_STRING), "NCONF_get_string"}, - {ERR_FUNC(CONF_F_NCONF_LOAD), "NCONF_load"}, - {ERR_FUNC(CONF_F_NCONF_LOAD_BIO), "NCONF_load_bio"}, - {ERR_FUNC(CONF_F_NCONF_LOAD_FP), "NCONF_load_fp"}, - {ERR_FUNC(CONF_F_NCONF_NEW), "NCONF_new"}, - {ERR_FUNC(CONF_F_SSL_MODULE_INIT), "ssl_module_init"}, - {ERR_FUNC(CONF_F_STR_COPY), "str_copy"}, +static const ERR_STRING_DATA CONF_str_functs[] = { + {ERR_PACK(ERR_LIB_CONF, CONF_F_CONF_DUMP_FP, 0), "CONF_dump_fp"}, + {ERR_PACK(ERR_LIB_CONF, CONF_F_CONF_LOAD, 0), "CONF_load"}, + {ERR_PACK(ERR_LIB_CONF, CONF_F_CONF_LOAD_FP, 0), "CONF_load_fp"}, + {ERR_PACK(ERR_LIB_CONF, CONF_F_CONF_PARSE_LIST, 0), "CONF_parse_list"}, + {ERR_PACK(ERR_LIB_CONF, CONF_F_DEF_LOAD, 0), "def_load"}, + {ERR_PACK(ERR_LIB_CONF, CONF_F_DEF_LOAD_BIO, 0), "def_load_bio"}, + {ERR_PACK(ERR_LIB_CONF, CONF_F_GET_NEXT_FILE, 0), "get_next_file"}, + {ERR_PACK(ERR_LIB_CONF, CONF_F_MODULE_ADD, 0), "module_add"}, + {ERR_PACK(ERR_LIB_CONF, CONF_F_MODULE_INIT, 0), "module_init"}, + {ERR_PACK(ERR_LIB_CONF, CONF_F_MODULE_LOAD_DSO, 0), "module_load_dso"}, + {ERR_PACK(ERR_LIB_CONF, CONF_F_MODULE_RUN, 0), "module_run"}, + {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_DUMP_BIO, 0), "NCONF_dump_bio"}, + {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_DUMP_FP, 0), "NCONF_dump_fp"}, + {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_GET_NUMBER_E, 0), + "NCONF_get_number_e"}, + {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_GET_SECTION, 0), "NCONF_get_section"}, + {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_GET_STRING, 0), "NCONF_get_string"}, + {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_LOAD, 0), "NCONF_load"}, + {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_LOAD_BIO, 0), "NCONF_load_bio"}, + {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_LOAD_FP, 0), "NCONF_load_fp"}, + {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_NEW, 0), "NCONF_new"}, + {ERR_PACK(ERR_LIB_CONF, CONF_F_PROCESS_INCLUDE, 0), "process_include"}, + {ERR_PACK(ERR_LIB_CONF, CONF_F_SSL_MODULE_INIT, 0), "ssl_module_init"}, + {ERR_PACK(ERR_LIB_CONF, CONF_F_STR_COPY, 0), "str_copy"}, {0, NULL} }; -static ERR_STRING_DATA CONF_str_reasons[] = { - {ERR_REASON(CONF_R_ERROR_LOADING_DSO), "error loading dso"}, - {ERR_REASON(CONF_R_LIST_CANNOT_BE_NULL), "list cannot be null"}, - {ERR_REASON(CONF_R_MISSING_CLOSE_SQUARE_BRACKET), - "missing close square bracket"}, - {ERR_REASON(CONF_R_MISSING_EQUAL_SIGN), "missing equal sign"}, - {ERR_REASON(CONF_R_MISSING_INIT_FUNCTION), "missing init function"}, - {ERR_REASON(CONF_R_MODULE_INITIALIZATION_ERROR), - "module initialization error"}, - {ERR_REASON(CONF_R_NO_CLOSE_BRACE), "no close brace"}, - {ERR_REASON(CONF_R_NO_CONF), "no conf"}, - {ERR_REASON(CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE), - "no conf or environment variable"}, - {ERR_REASON(CONF_R_NO_SECTION), "no section"}, - {ERR_REASON(CONF_R_NO_SUCH_FILE), "no such file"}, - {ERR_REASON(CONF_R_NO_VALUE), "no value"}, - {ERR_REASON(CONF_R_SSL_COMMAND_SECTION_EMPTY), - "ssl command section empty"}, - {ERR_REASON(CONF_R_SSL_COMMAND_SECTION_NOT_FOUND), - "ssl command section not found"}, - {ERR_REASON(CONF_R_SSL_SECTION_EMPTY), "ssl section empty"}, - {ERR_REASON(CONF_R_SSL_SECTION_NOT_FOUND), "ssl section not found"}, - {ERR_REASON(CONF_R_UNABLE_TO_CREATE_NEW_SECTION), - "unable to create new section"}, - {ERR_REASON(CONF_R_UNKNOWN_MODULE_NAME), "unknown module name"}, - {ERR_REASON(CONF_R_VARIABLE_EXPANSION_TOO_LONG), - "variable expansion too long"}, - {ERR_REASON(CONF_R_VARIABLE_HAS_NO_VALUE), "variable has no value"}, +static const ERR_STRING_DATA CONF_str_reasons[] = { + {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_ERROR_LOADING_DSO), "error loading dso"}, + {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_LIST_CANNOT_BE_NULL), + "list cannot be null"}, + {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_MISSING_CLOSE_SQUARE_BRACKET), + "missing close square bracket"}, + {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_MISSING_EQUAL_SIGN), + "missing equal sign"}, + {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_MISSING_INIT_FUNCTION), + "missing init function"}, + {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_MODULE_INITIALIZATION_ERROR), + "module initialization error"}, + {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_CLOSE_BRACE), "no close brace"}, + {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_CONF), "no conf"}, + {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE), + "no conf or environment variable"}, + {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_SECTION), "no section"}, + {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_SUCH_FILE), "no such file"}, + {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_VALUE), "no value"}, + {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NUMBER_TOO_LARGE), "number too large"}, + {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_RECURSIVE_DIRECTORY_INCLUDE), + "recursive directory include"}, + {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_COMMAND_SECTION_EMPTY), + "ssl command section empty"}, + {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_COMMAND_SECTION_NOT_FOUND), + "ssl command section not found"}, + {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_SECTION_EMPTY), "ssl section empty"}, + {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_SECTION_NOT_FOUND), + "ssl section not found"}, + {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_UNABLE_TO_CREATE_NEW_SECTION), + "unable to create new section"}, + {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_UNKNOWN_MODULE_NAME), + "unknown module name"}, + {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_VARIABLE_EXPANSION_TOO_LONG), + "variable expansion too long"}, + {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_VARIABLE_HAS_NO_VALUE), + "variable has no value"}, {0, NULL} }; @@ -78,10 +86,9 @@ static ERR_STRING_DATA CONF_str_reasons[] = { int ERR_load_CONF_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(CONF_str_functs[0].error) == NULL) { - ERR_load_strings(0, CONF_str_functs); - ERR_load_strings(0, CONF_str_reasons); + ERR_load_strings_const(CONF_str_functs); + ERR_load_strings_const(CONF_str_reasons); } #endif return 1; diff --git a/deps/openssl/openssl/crypto/conf/conf_lib.c b/deps/openssl/openssl/crypto/conf/conf_lib.c index 3532114917c6b5..07110d8502a4e7 100644 --- a/deps/openssl/openssl/crypto/conf/conf_lib.c +++ b/deps/openssl/openssl/crypto/conf/conf_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,15 +7,16 @@ * https://www.openssl.org/source/license.html */ +#include "e_os.h" #include #include -#include +#include "internal/conf.h" +#include "internal/ctype.h" #include #include #include #include #include -#include "e_os.h" static CONF_METHOD *default_CONF_method = NULL; @@ -123,6 +124,7 @@ long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group, int status; long result = 0; + ERR_set_mark(); if (conf == NULL) { status = NCONF_get_number_e(NULL, group, name, &result); } else { @@ -130,12 +132,8 @@ long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group, CONF_set_nconf(&ctmp, conf); status = NCONF_get_number_e(&ctmp, group, name, &result); } - - if (status == 0) { - /* This function does not believe in errors... */ - ERR_clear_error(); - } - return result; + ERR_pop_to_mark(); + return status == 0 ? 0L : result; } void CONF_free(LHASH_OF(CONF_VALUE) *conf) @@ -186,7 +184,7 @@ CONF *NCONF_new(CONF_METHOD *meth) ret = meth->create(meth); if (ret == NULL) { CONFerr(CONF_F_NCONF_NEW, ERR_R_MALLOC_FAILURE); - return (NULL); + return NULL; } return ret; @@ -277,10 +275,23 @@ char *NCONF_get_string(const CONF *conf, const char *group, const char *name) return NULL; } +static int default_is_number(const CONF *conf, char c) +{ + return ossl_isdigit(c); +} + +static int default_to_int(const CONF *conf, char c) +{ + return (int)(c - '0'); +} + int NCONF_get_number_e(const CONF *conf, const char *group, const char *name, long *result) { char *str; + long res; + int (*is_number)(const CONF *, char) = &default_is_number; + int (*to_int)(const CONF *, char) = &default_to_int; if (result == NULL) { CONFerr(CONF_F_NCONF_GET_NUMBER_E, ERR_R_PASSED_NULL_PARAMETER); @@ -292,11 +303,23 @@ int NCONF_get_number_e(const CONF *conf, const char *group, const char *name, if (str == NULL) return 0; - for (*result = 0; conf->meth->is_number(conf, *str);) { - *result = (*result) * 10 + conf->meth->to_int(conf, *str); - str++; + if (conf != NULL) { + if (conf->meth->is_number != NULL) + is_number = conf->meth->is_number; + if (conf->meth->to_int != NULL) + to_int = conf->meth->to_int; + } + for (res = 0; is_number(conf, *str); str++) { + const int d = to_int(conf, *str); + + if (res > (LONG_MAX - d) / 10L) { + CONFerr(CONF_F_NCONF_GET_NUMBER_E, CONF_R_NUMBER_TOO_LARGE); + return 0; + } + res = res * 10 + d; } + *result = res; return 1; } diff --git a/deps/openssl/openssl/crypto/conf/conf_mod.c b/deps/openssl/openssl/crypto/conf/conf_mod.c index 722fe460612555..51f262e774dd60 100644 --- a/deps/openssl/openssl/crypto/conf/conf_mod.c +++ b/deps/openssl/openssl/crypto/conf/conf_mod.c @@ -7,10 +7,10 @@ * https://www.openssl.org/source/license.html */ +#include "internal/cryptlib.h" #include #include #include -#include "internal/cryptlib.h" #include "internal/conf.h" #include "internal/dso.h" #include @@ -170,6 +170,7 @@ static int module_run(const CONF *cnf, const char *name, const char *value, if (ret <= 0) { if (!(flags & CONF_MFLAGS_SILENT)) { char rcode[DECIMAL_SIZE(ret) + 1]; + CONFerr(CONF_F_MODULE_RUN, CONF_R_MODULE_INITIALIZATION_ERROR); BIO_snprintf(rcode, sizeof(rcode), "%-8d", ret); ERR_add_error_data(6, "module=", name, ", value=", value, @@ -231,9 +232,10 @@ static CONF_MODULE *module_add(DSO *dso, const char *name, supported_modules = sk_CONF_MODULE_new_null(); if (supported_modules == NULL) return NULL; - tmod = OPENSSL_zalloc(sizeof(*tmod)); - if (tmod == NULL) + if ((tmod = OPENSSL_zalloc(sizeof(*tmod))) == NULL) { + CONFerr(CONF_F_MODULE_ADD, ERR_R_MALLOC_FAILURE); return NULL; + } tmod->dso = dso; tmod->name = OPENSSL_strdup(name); @@ -475,7 +477,7 @@ void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data) char *CONF_get1_default_config_file(void) { - char *file; + char *file, *sep = ""; int len; if ((file = ossl_safe_getenv("OPENSSL_CONF")) != NULL) @@ -484,6 +486,7 @@ char *CONF_get1_default_config_file(void) len = strlen(X509_get_default_cert_area()); #ifndef OPENSSL_SYS_VMS len++; + sep = "/"; #endif len += strlen(OPENSSL_CONF); @@ -491,11 +494,8 @@ char *CONF_get1_default_config_file(void) if (file == NULL) return NULL; - OPENSSL_strlcpy(file, X509_get_default_cert_area(), len + 1); -#ifndef OPENSSL_SYS_VMS - OPENSSL_strlcat(file, "/", len + 1); -#endif - OPENSSL_strlcat(file, OPENSSL_CONF, len + 1); + BIO_snprintf(file, len + 1, "%s%s%s", X509_get_default_cert_area(), + sep, OPENSSL_CONF); return file; } diff --git a/deps/openssl/openssl/crypto/conf/conf_sap.c b/deps/openssl/openssl/crypto/conf/conf_sap.c index bed95abea4556b..3d2e065e5b07c5 100644 --- a/deps/openssl/openssl/crypto/conf/conf_sap.c +++ b/deps/openssl/openssl/crypto/conf/conf_sap.c @@ -10,11 +10,15 @@ #include #include #include "internal/cryptlib.h" -#include +#include "internal/conf.h" #include #include #include +#ifdef _WIN32 +# define strdup _strdup +#endif + /* * This is the automatic configuration loader: it is called automatically by * OpenSSL when any of a number of standard initialisation functions are diff --git a/deps/openssl/openssl/crypto/conf/conf_ssl.c b/deps/openssl/openssl/crypto/conf/conf_ssl.c index 015c46c6da52e5..024bdb4808e394 100644 --- a/deps/openssl/openssl/crypto/conf/conf_ssl.c +++ b/deps/openssl/openssl/crypto/conf/conf_ssl.c @@ -76,6 +76,7 @@ static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf) goto err; } cnt = sk_CONF_VALUE_num(cmd_lists); + ssl_module_free(md); ssl_names = OPENSSL_zalloc(sizeof(*ssl_names) * cnt); ssl_names_count = cnt; for (i = 0; i < ssl_names_count; i++) { diff --git a/deps/openssl/openssl/crypto/conf/keysets.pl b/deps/openssl/openssl/crypto/conf/keysets.pl index 5af08ae20ab1cf..cfa230ec3a1af5 100644 --- a/deps/openssl/openssl/crypto/conf/keysets.pl +++ b/deps/openssl/openssl/crypto/conf/keysets.pl @@ -1,141 +1,116 @@ #! /usr/bin/env perl -# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy # in the file LICENSE in the source distribution or at # https://www.openssl.org/source/license.html -$NUMBER=0x01; -$UPPER=0x02; -$LOWER=0x04; -$UNDER=0x100; -$PUNCTUATION=0x200; -$WS=0x10; -$ESC=0x20; -$QUOTE=0x40; -$DQUOTE=0x400; -$COMMENT=0x80; -$FCOMMENT=0x800; -$EOF=0x08; -$HIGHBIT=0x1000; - -foreach (0 .. 255) - { - $v=0; - $c=sprintf("%c",$_); - $v|=$NUMBER if ($c =~ /[0-9]/); - $v|=$UPPER if ($c =~ /[A-Z]/); - $v|=$LOWER if ($c =~ /[a-z]/); - $v|=$UNDER if ($c =~ /_/); - $v|=$PUNCTUATION if ($c =~ /[!\.%&\*\+,\/;\?\@\^\~\|-]/); - $v|=$WS if ($c =~ /[ \t\r\n]/); - $v|=$ESC if ($c =~ /\\/); - $v|=$QUOTE if ($c =~ /['`"]/); # for emacs: "`'}/) - $v|=$COMMENT if ($c =~ /\#/); - $v|=$EOF if ($c =~ /\0/); - $v|=$HIGHBIT if ($c =~/[\x80-\xff]/); - - push(@V_def,$v); - } - -foreach (0 .. 255) - { - $v=0; - $c=sprintf("%c",$_); - $v|=$NUMBER if ($c =~ /[0-9]/); - $v|=$UPPER if ($c =~ /[A-Z]/); - $v|=$LOWER if ($c =~ /[a-z]/); - $v|=$UNDER if ($c =~ /_/); - $v|=$PUNCTUATION if ($c =~ /[!\.%&\*\+,\/;\?\@\^\~\|-]/); - $v|=$WS if ($c =~ /[ \t\r\n]/); - $v|=$DQUOTE if ($c =~ /["]/); # for emacs: "}/) - $v|=$FCOMMENT if ($c =~ /;/); - $v|=$EOF if ($c =~ /\0/); - $v|=$HIGHBIT if ($c =~/[\x80-\xff]/); - - push(@V_w32,$v); - } +use strict; +use warnings; + +my $NUMBER = 0x0001; +my $UPPER = 0x0002; +my $LOWER = 0x0004; +my $UNDER = 0x0100; +my $PUNCTUATION = 0x0200; +my $WS = 0x0010; +my $ESC = 0x0020; +my $QUOTE = 0x0040; +my $DQUOTE = 0x0400; +my $COMMENT = 0x0080; +my $FCOMMENT = 0x0800; +my $EOF = 0x0008; +my @V_def; +my @V_w32; + +my $v; +my $c; +foreach (0 .. 127) { + $c = sprintf("%c", $_); + $v = 0; + $v |= $NUMBER if $c =~ /[0-9]/; + $v |= $UPPER if $c =~ /[A-Z]/; + $v |= $LOWER if $c =~ /[a-z]/; + $v |= $UNDER if $c =~ /_/; + $v |= $PUNCTUATION if $c =~ /[!\.%&\*\+,\/;\?\@\^\~\|-]/; + $v |= $WS if $c =~ /[ \t\r\n]/; + $v |= $ESC if $c =~ /\\/; + $v |= $QUOTE if $c =~ /['`"]/; # for emacs: "`' + $v |= $COMMENT if $c =~ /\#/; + $v |= $EOF if $c =~ /\0/; + push(@V_def, $v); + + $v = 0; + $v |= $NUMBER if $c =~ /[0-9]/; + $v |= $UPPER if $c =~ /[A-Z]/; + $v |= $LOWER if $c =~ /[a-z]/; + $v |= $UNDER if $c =~ /_/; + $v |= $PUNCTUATION if $c =~ /[!\.%&\*\+,\/;\?\@\^\~\|-]/; + $v |= $WS if $c =~ /[ \t\r\n]/; + $v |= $DQUOTE if $c =~ /["]/; # for emacs: " + $v |= $FCOMMENT if $c =~ /;/; + $v |= $EOF if $c =~ /\0/; + push(@V_w32, $v); +} + +# Output year depends on the year of the script. +my $YEAR = [localtime([stat($0)]->[9])]->[5] + 1900; print <<"EOF"; /* * WARNING: do not edit! * Generated by crypto/conf/keysets.pl * - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-$YEAR The OpenSSL Project Authors. All Rights Reserved. * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ -#define CONF_NUMBER $NUMBER -#define CONF_UPPER $UPPER -#define CONF_LOWER $LOWER -#define CONF_UNDER $UNDER -#define CONF_PUNCTUATION $PUNCTUATION -#define CONF_WS $WS -#define CONF_ESC $ESC -#define CONF_QUOTE $QUOTE -#define CONF_DQUOTE $DQUOTE -#define CONF_COMMENT $COMMENT -#define CONF_FCOMMENT $FCOMMENT -#define CONF_EOF $EOF -#define CONF_HIGHBIT $HIGHBIT -#define CONF_ALPHA (CONF_UPPER|CONF_LOWER) -#define CONF_ALPHA_NUMERIC (CONF_ALPHA|CONF_NUMBER|CONF_UNDER) -#define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \\ - CONF_PUNCTUATION) - -#define KEYTYPES(c) ((const unsigned short *)((c)->meth_data)) -#ifndef CHARSET_EBCDIC -# define IS_COMMENT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_COMMENT) -# define IS_FCOMMENT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT) -# define IS_EOF(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_EOF) -# define IS_ESC(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_ESC) -# define IS_NUMBER(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_NUMBER) -# define IS_WS(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_WS) -# define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC) -# define IS_ALPHA_NUMERIC_PUNCT(c,a) \\ - (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC_PUNCT) -# define IS_QUOTE(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_QUOTE) -# define IS_DQUOTE(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE) -# define IS_HIGHBIT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT) - -#else /* CHARSET_EBCDIC */ - -# define IS_COMMENT(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_COMMENT) -# define IS_FCOMMENT(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_FCOMMENT) -# define IS_EOF(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_EOF) -# define IS_ESC(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_ESC) -# define IS_NUMBER(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_NUMBER) -# define IS_WS(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_WS) -# define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_ALPHA_NUMERIC) -# define IS_ALPHA_NUMERIC_PUNCT(c,a) \\ - (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_ALPHA_NUMERIC_PUNCT) -# define IS_QUOTE(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_QUOTE) -# define IS_DQUOTE(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_DQUOTE) -# define IS_HIGHBIT(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_HIGHBIT) -#endif /* CHARSET_EBCDIC */ +#define CONF_NUMBER $NUMBER +#define CONF_UPPER $UPPER +#define CONF_LOWER $LOWER +#define CONF_UNDER $UNDER +#define CONF_PUNCT $PUNCTUATION +#define CONF_WS $WS +#define CONF_ESC $ESC +#define CONF_QUOTE $QUOTE +#define CONF_DQUOTE $DQUOTE +#define CONF_COMMENT $COMMENT +#define CONF_FCOMMENT $FCOMMENT +#define CONF_EOF $EOF +#define CONF_ALPHA (CONF_UPPER|CONF_LOWER) +#define CONF_ALNUM (CONF_ALPHA|CONF_NUMBER|CONF_UNDER) +#define CONF_ALNUM_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER|CONF_PUNCT) + + +#define IS_COMMENT(conf,c) is_keytype(conf, c, CONF_COMMENT) +#define IS_FCOMMENT(conf,c) is_keytype(conf, c, CONF_FCOMMENT) +#define IS_EOF(conf,c) is_keytype(conf, c, CONF_EOF) +#define IS_ESC(conf,c) is_keytype(conf, c, CONF_ESC) +#define IS_NUMBER(conf,c) is_keytype(conf, c, CONF_NUMBER) +#define IS_WS(conf,c) is_keytype(conf, c, CONF_WS) +#define IS_ALNUM(conf,c) is_keytype(conf, c, CONF_ALNUM) +#define IS_ALNUM_PUNCT(conf,c) is_keytype(conf, c, CONF_ALNUM_PUNCT) +#define IS_QUOTE(conf,c) is_keytype(conf, c, CONF_QUOTE) +#define IS_DQUOTE(conf,c) is_keytype(conf, c, CONF_DQUOTE) EOF -print "static const unsigned short CONF_type_default[256] = {"; - -for ($i=0; $i<256; $i++) - { - print "\n " if ($i % 8) == 0; - printf " 0x%04X,",$V_def[$i]; - } +my $i; +print "static const unsigned short CONF_type_default[128] = {"; +for ($i = 0; $i < 128; $i++) { + print "\n " if ($i % 8) == 0; + printf " 0x%04X,", $V_def[$i]; +} print "\n};\n\n"; -print "static const unsigned short CONF_type_win32[256] = {"; - -for ($i=0; $i<256; $i++) - { - print "\n " if ($i % 8) == 0; - printf " 0x%04X,",$V_w32[$i]; - } - +print "static const unsigned short CONF_type_win32[128] = {"; +for ($i = 0; $i < 128; $i++) { + print "\n " if ($i % 8) == 0; + printf " 0x%04X,", $V_w32[$i]; +} print "\n};\n"; diff --git a/deps/openssl/openssl/crypto/cpt_err.c b/deps/openssl/openssl/crypto/cpt_err.c index c28dcf19a7cfef..4147b1cb9e23e7 100644 --- a/deps/openssl/openssl/crypto/cpt_err.c +++ b/deps/openssl/openssl/crypto/cpt_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,35 +8,58 @@ * https://www.openssl.org/source/license.html */ -#include #include -#include +#include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -# define ERR_FUNC(func) ERR_PACK(ERR_LIB_CRYPTO,func,0) -# define ERR_REASON(reason) ERR_PACK(ERR_LIB_CRYPTO,0,reason) - -static ERR_STRING_DATA CRYPTO_str_functs[] = { - {ERR_FUNC(CRYPTO_F_CRYPTO_DUP_EX_DATA), "CRYPTO_dup_ex_data"}, - {ERR_FUNC(CRYPTO_F_CRYPTO_FREE_EX_DATA), "CRYPTO_free_ex_data"}, - {ERR_FUNC(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX), "CRYPTO_get_ex_new_index"}, - {ERR_FUNC(CRYPTO_F_CRYPTO_MEMDUP), "CRYPTO_memdup"}, - {ERR_FUNC(CRYPTO_F_CRYPTO_NEW_EX_DATA), "CRYPTO_new_ex_data"}, - {ERR_FUNC(CRYPTO_F_CRYPTO_SET_EX_DATA), "CRYPTO_set_ex_data"}, - {ERR_FUNC(CRYPTO_F_FIPS_MODE_SET), "FIPS_mode_set"}, - {ERR_FUNC(CRYPTO_F_GET_AND_LOCK), "get_and_lock"}, - {ERR_FUNC(CRYPTO_F_OPENSSL_BUF2HEXSTR), "OPENSSL_buf2hexstr"}, - {ERR_FUNC(CRYPTO_F_OPENSSL_HEXSTR2BUF), "OPENSSL_hexstr2buf"}, - {ERR_FUNC(CRYPTO_F_OPENSSL_INIT_CRYPTO), "OPENSSL_init_crypto"}, +static const ERR_STRING_DATA CRYPTO_str_functs[] = { + {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CMAC_CTX_NEW, 0), "CMAC_CTX_new"}, + {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_DUP_EX_DATA, 0), + "CRYPTO_dup_ex_data"}, + {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_FREE_EX_DATA, 0), + "CRYPTO_free_ex_data"}, + {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX, 0), + "CRYPTO_get_ex_new_index"}, + {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_MEMDUP, 0), "CRYPTO_memdup"}, + {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_NEW_EX_DATA, 0), + "CRYPTO_new_ex_data"}, + {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_OCB128_COPY_CTX, 0), + "CRYPTO_ocb128_copy_ctx"}, + {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_OCB128_INIT, 0), + "CRYPTO_ocb128_init"}, + {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_SET_EX_DATA, 0), + "CRYPTO_set_ex_data"}, + {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_FIPS_MODE_SET, 0), "FIPS_mode_set"}, + {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_GET_AND_LOCK, 0), "get_and_lock"}, + {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_ATEXIT, 0), "OPENSSL_atexit"}, + {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_BUF2HEXSTR, 0), + "OPENSSL_buf2hexstr"}, + {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_FOPEN, 0), "openssl_fopen"}, + {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_HEXSTR2BUF, 0), + "OPENSSL_hexstr2buf"}, + {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_INIT_CRYPTO, 0), + "OPENSSL_init_crypto"}, + {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_LH_NEW, 0), "OPENSSL_LH_new"}, + {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_SK_DEEP_COPY, 0), + "OPENSSL_sk_deep_copy"}, + {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_SK_DUP, 0), "OPENSSL_sk_dup"}, + {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PKEY_HMAC_INIT, 0), "pkey_hmac_init"}, + {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PKEY_POLY1305_INIT, 0), + "pkey_poly1305_init"}, + {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PKEY_SIPHASH_INIT, 0), + "pkey_siphash_init"}, + {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_SK_RESERVE, 0), "sk_reserve"}, {0, NULL} }; -static ERR_STRING_DATA CRYPTO_str_reasons[] = { - {ERR_REASON(CRYPTO_R_FIPS_MODE_NOT_SUPPORTED), "fips mode not supported"}, - {ERR_REASON(CRYPTO_R_ILLEGAL_HEX_DIGIT), "illegal hex digit"}, - {ERR_REASON(CRYPTO_R_ODD_NUMBER_OF_DIGITS), "odd number of digits"}, +static const ERR_STRING_DATA CRYPTO_str_reasons[] = { + {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED), + "fips mode not supported"}, + {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_ILLEGAL_HEX_DIGIT), + "illegal hex digit"}, + {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_ODD_NUMBER_OF_DIGITS), + "odd number of digits"}, {0, NULL} }; @@ -45,10 +68,9 @@ static ERR_STRING_DATA CRYPTO_str_reasons[] = { int ERR_load_CRYPTO_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(CRYPTO_str_functs[0].error) == NULL) { - ERR_load_strings(0, CRYPTO_str_functs); - ERR_load_strings(0, CRYPTO_str_reasons); + ERR_load_strings_const(CRYPTO_str_functs); + ERR_load_strings_const(CRYPTO_str_reasons); } #endif return 1; diff --git a/deps/openssl/openssl/crypto/cryptlib.c b/deps/openssl/openssl/crypto/cryptlib.c index 9e59e03ef6f924..46b3fc49e7e57c 100644 --- a/deps/openssl/openssl/crypto/cryptlib.c +++ b/deps/openssl/openssl/crypto/cryptlib.c @@ -1,5 +1,6 @@ /* * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,12 +8,7 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECDH support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ - +#include "e_os.h" #include "internal/cryptlib_int.h" #include @@ -53,14 +49,14 @@ typedef char variant_char; # define ossl_getenv getenv # endif +# include "internal/ctype.h" + static int todigit(variant_char c) { - if (c >= '0' && c <= '9') + if (ossl_isdigit(c)) return c - '0'; - else if (c >= 'A' && c <= 'F') - return c - 'A' + 10; - else if (c >= 'a' && c <= 'f') - return c - 'a' + 10; + else if (ossl_isxdigit(c)) + return ossl_tolower(c) - 'a' + 10; /* return largest base value to make caller terminate the loop */ return 16; @@ -73,7 +69,7 @@ static uint64_t ossl_strtouint64(const variant_char *str) if (*str == '0') { base = 8, str++; - if (*str == 'x' || *str == 'X') + if (ossl_tolower(*str) == 'x') base = 16, str++; } @@ -140,11 +136,14 @@ void OPENSSL_cpuid_setup(void) vecx = ossl_strtouint64(env + off); if (off) { OPENSSL_ia32cap_P[2] &= ~(unsigned int)vecx; + OPENSSL_ia32cap_P[3] &= ~(unsigned int)(vecx >> 32); } else { OPENSSL_ia32cap_P[2] = (unsigned int)vecx; + OPENSSL_ia32cap_P[3] = (unsigned int)(vecx >> 32); } } else { OPENSSL_ia32cap_P[2] = 0; + OPENSSL_ia32cap_P[3] = 0; } } else { vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P); @@ -162,7 +161,6 @@ void OPENSSL_cpuid_setup(void) unsigned int OPENSSL_ia32cap_P[4]; # endif #endif -int OPENSSL_NONPIC_relocated = 0; #if !defined(OPENSSL_CPUID_SETUP) && !defined(OPENSSL_CPUID_OBJ) void OPENSSL_cpuid_setup(void) { @@ -184,6 +182,14 @@ void OPENSSL_cpuid_setup(void) # endif # if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333 +# ifdef OPENSSL_SYS_WIN_CORE + +int OPENSSL_isservice(void) +{ + /* OneCore API cannot interact with GUI */ + return 1; +} +# else int OPENSSL_isservice(void) { HWINSTA h; @@ -228,7 +234,7 @@ int OPENSSL_isservice(void) len++, len &= ~1; /* paranoia */ name[len / sizeof(WCHAR)] = L'\0'; /* paranoia */ -# if 1 +# if 1 /* * This doesn't cover "interactive" services [working with real * WinSta0's] nor programs started non-interactively by Task Scheduler @@ -236,14 +242,15 @@ int OPENSSL_isservice(void) */ if (wcsstr(name, L"Service-0x")) return 1; -# else +# else /* This covers all non-interactive programs such as services. */ if (!wcsstr(name, L"WinSta0")) return 1; -# endif +# endif else return 0; } +# endif # else int OPENSSL_isservice(void) { @@ -256,7 +263,13 @@ void OPENSSL_showfatal(const char *fmta, ...) va_list ap; TCHAR buf[256]; const TCHAR *fmt; -# ifdef STD_ERROR_HANDLE /* what a dirty trick! */ + /* + * First check if it's a console application, in which case the + * error message would be printed to standard error. + * Windows CE does not have a concept of a console application, + * so we need to guard the check. + */ +# ifdef STD_ERROR_HANDLE HANDLE h; if ((h = GetStdHandle(STD_ERROR_HANDLE)) != NULL && @@ -334,6 +347,24 @@ void OPENSSL_showfatal(const char *fmta, ...) va_end(ap); # if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333 +# ifdef OPENSSL_SYS_WIN_CORE + /* ONECORE is always NONGUI and NT >= 0x0601 */ + + /* + * TODO: (For non GUI and no std error cases) + * Add event logging feature here. + */ + +# if !defined(NDEBUG) + /* + * We are in a situation where we tried to report a critical + * error and this failed for some reason. As a last resort, + * in debug builds, send output to the debugger or any other + * tool like DebugView which can monitor the output. + */ + OutputDebugString(buf); +# endif +# else /* this -------------v--- guards NT-specific calls */ if (check_winnt() && OPENSSL_isservice() > 0) { HANDLE hEventLog = RegisterEventSource(NULL, _T("OpenSSL")); @@ -343,7 +374,7 @@ void OPENSSL_showfatal(const char *fmta, ...) if (!ReportEvent(hEventLog, EVENTLOG_ERROR_TYPE, 0, 0, NULL, 1, 0, &pmsg, NULL)) { -#if defined(DEBUG) +# if !defined(NDEBUG) /* * We are in a situation where we tried to report a critical * error and this failed for some reason. As a last resort, @@ -351,14 +382,18 @@ void OPENSSL_showfatal(const char *fmta, ...) * tool like DebugView which can monitor the output. */ OutputDebugString(pmsg); -#endif +# endif } (void)DeregisterEventSource(hEventLog); } - } else -# endif + } else { MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONERROR); + } +# endif +# else + MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONERROR); +# endif } #else void OPENSSL_showfatal(const char *fmta, ...) @@ -396,26 +431,16 @@ void OPENSSL_die(const char *message, const char *file, int line) } #if !defined(OPENSSL_CPUID_OBJ) -/* volatile unsigned char* pointers are there because - * 1. Accessing a variable declared volatile via a pointer - * that lacks a volatile qualifier causes undefined behavior. - * 2. When the variable itself is not volatile the compiler is - * not required to keep all those reads and can convert - * this into canonical memcmp() which doesn't read the whole block. - * Pointers to volatile resolve the first problem fully. The second - * problem cannot be resolved in any Standard-compliant way but this - * works the problem around. Compilers typically react to - * pointers to volatile by preserving the reads and writes through them. - * The latter is not required by the Standard if the memory pointed to - * is not volatile. - * Pointers themselves are volatile in the function signature to work - * around a subtle bug in gcc 4.6+ which causes writes through - * pointers to volatile to not be emitted in some rare, - * never needed in real life, pieces of code. +/* + * The volatile is used to to ensure that the compiler generates code that reads + * all values from the array and doesn't try to optimize this away. The standard + * doesn't actually require this behavior if the original data pointed to is + * not volatile, but compilers do this in practice anyway. + * + * There are also assembler versions of this function. */ -int CRYPTO_memcmp(const volatile void * volatile in_a, - const volatile void * volatile in_b, - size_t len) +# undef CRYPTO_memcmp +int CRYPTO_memcmp(const void * in_a, const void * in_b, size_t len) { size_t i; const volatile unsigned char *a = in_a; @@ -427,4 +452,12 @@ int CRYPTO_memcmp(const volatile void * volatile in_a, return x; } + +/* + * For systems that don't provide an instruction counter register or equivalent. + */ +uint32_t OPENSSL_rdtsc(void) +{ + return 0; +} #endif diff --git a/deps/openssl/openssl/crypto/ct/ct_b64.c b/deps/openssl/openssl/crypto/ct/ct_b64.c index f0bf3aff29d268..109ffcdcf24ad5 100644 --- a/deps/openssl/openssl/crypto/ct/ct_b64.c +++ b/deps/openssl/openssl/crypto/ct/ct_b64.c @@ -24,7 +24,7 @@ static int ct_base64_decode(const char *in, unsigned char **out) { size_t inlen = strlen(in); - int outlen; + int outlen, i; unsigned char *outbuf = NULL; if (inlen == 0) { @@ -45,9 +45,12 @@ static int ct_base64_decode(const char *in, unsigned char **out) goto err; } - /* Subtract padding bytes from |outlen| */ + /* Subtract padding bytes from |outlen|. Any more than 2 is malformed. */ + i = 0; while (in[--inlen] == '=') { --outlen; + if (++i > 2) + goto err; } *out = outbuf; @@ -132,7 +135,7 @@ SCT *SCT_new_from_base64(unsigned char version, const char *logid_base64, int CTLOG_new_from_base64(CTLOG **ct_log, const char *pkey_base64, const char *name) { unsigned char *pkey_der = NULL; - int pkey_der_len = ct_base64_decode(pkey_base64, &pkey_der); + int pkey_der_len; const unsigned char *p; EVP_PKEY *pkey = NULL; @@ -141,7 +144,8 @@ int CTLOG_new_from_base64(CTLOG **ct_log, const char *pkey_base64, const char *n return 0; } - if (pkey_der_len <= 0) { + pkey_der_len = ct_base64_decode(pkey_base64, &pkey_der); + if (pkey_der_len < 0) { CTerr(CT_F_CTLOG_NEW_FROM_BASE64, CT_R_LOG_CONF_INVALID_KEY); return 0; } diff --git a/deps/openssl/openssl/crypto/ct/ct_err.c b/deps/openssl/openssl/crypto/ct/ct_err.c index fe0778b2787af9..c0c62fee6c6a53 100644 --- a/deps/openssl/openssl/crypto/ct/ct_err.c +++ b/deps/openssl/openssl/crypto/ct/ct_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,67 +8,77 @@ * https://www.openssl.org/source/license.html */ -#include #include -#include +#include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -# define ERR_FUNC(func) ERR_PACK(ERR_LIB_CT,func,0) -# define ERR_REASON(reason) ERR_PACK(ERR_LIB_CT,0,reason) - -static ERR_STRING_DATA CT_str_functs[] = { - {ERR_FUNC(CT_F_CTLOG_NEW), "CTLOG_new"}, - {ERR_FUNC(CT_F_CTLOG_NEW_FROM_BASE64), "CTLOG_new_from_base64"}, - {ERR_FUNC(CT_F_CTLOG_NEW_FROM_CONF), "ctlog_new_from_conf"}, - {ERR_FUNC(CT_F_CTLOG_STORE_LOAD_CTX_NEW), "ctlog_store_load_ctx_new"}, - {ERR_FUNC(CT_F_CTLOG_STORE_LOAD_FILE), "CTLOG_STORE_load_file"}, - {ERR_FUNC(CT_F_CTLOG_STORE_LOAD_LOG), "ctlog_store_load_log"}, - {ERR_FUNC(CT_F_CTLOG_STORE_NEW), "CTLOG_STORE_new"}, - {ERR_FUNC(CT_F_CT_BASE64_DECODE), "ct_base64_decode"}, - {ERR_FUNC(CT_F_CT_POLICY_EVAL_CTX_NEW), "CT_POLICY_EVAL_CTX_new"}, - {ERR_FUNC(CT_F_CT_V1_LOG_ID_FROM_PKEY), "ct_v1_log_id_from_pkey"}, - {ERR_FUNC(CT_F_I2O_SCT), "i2o_SCT"}, - {ERR_FUNC(CT_F_I2O_SCT_LIST), "i2o_SCT_LIST"}, - {ERR_FUNC(CT_F_I2O_SCT_SIGNATURE), "i2o_SCT_signature"}, - {ERR_FUNC(CT_F_O2I_SCT), "o2i_SCT"}, - {ERR_FUNC(CT_F_O2I_SCT_LIST), "o2i_SCT_LIST"}, - {ERR_FUNC(CT_F_O2I_SCT_SIGNATURE), "o2i_SCT_signature"}, - {ERR_FUNC(CT_F_SCT_CTX_NEW), "SCT_CTX_new"}, - {ERR_FUNC(CT_F_SCT_CTX_VERIFY), "SCT_CTX_verify"}, - {ERR_FUNC(CT_F_SCT_NEW), "SCT_new"}, - {ERR_FUNC(CT_F_SCT_NEW_FROM_BASE64), "SCT_new_from_base64"}, - {ERR_FUNC(CT_F_SCT_SET0_LOG_ID), "SCT_set0_log_id"}, - {ERR_FUNC(CT_F_SCT_SET1_EXTENSIONS), "SCT_set1_extensions"}, - {ERR_FUNC(CT_F_SCT_SET1_LOG_ID), "SCT_set1_log_id"}, - {ERR_FUNC(CT_F_SCT_SET1_SIGNATURE), "SCT_set1_signature"}, - {ERR_FUNC(CT_F_SCT_SET_LOG_ENTRY_TYPE), "SCT_set_log_entry_type"}, - {ERR_FUNC(CT_F_SCT_SET_SIGNATURE_NID), "SCT_set_signature_nid"}, - {ERR_FUNC(CT_F_SCT_SET_VERSION), "SCT_set_version"}, +static const ERR_STRING_DATA CT_str_functs[] = { + {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_NEW, 0), "CTLOG_new"}, + {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_NEW_FROM_BASE64, 0), + "CTLOG_new_from_base64"}, + {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_NEW_FROM_CONF, 0), "ctlog_new_from_conf"}, + {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_LOAD_CTX_NEW, 0), + "ctlog_store_load_ctx_new"}, + {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_LOAD_FILE, 0), + "CTLOG_STORE_load_file"}, + {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_LOAD_LOG, 0), + "ctlog_store_load_log"}, + {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_NEW, 0), "CTLOG_STORE_new"}, + {ERR_PACK(ERR_LIB_CT, CT_F_CT_BASE64_DECODE, 0), "ct_base64_decode"}, + {ERR_PACK(ERR_LIB_CT, CT_F_CT_POLICY_EVAL_CTX_NEW, 0), + "CT_POLICY_EVAL_CTX_new"}, + {ERR_PACK(ERR_LIB_CT, CT_F_CT_V1_LOG_ID_FROM_PKEY, 0), + "ct_v1_log_id_from_pkey"}, + {ERR_PACK(ERR_LIB_CT, CT_F_I2O_SCT, 0), "i2o_SCT"}, + {ERR_PACK(ERR_LIB_CT, CT_F_I2O_SCT_LIST, 0), "i2o_SCT_LIST"}, + {ERR_PACK(ERR_LIB_CT, CT_F_I2O_SCT_SIGNATURE, 0), "i2o_SCT_signature"}, + {ERR_PACK(ERR_LIB_CT, CT_F_O2I_SCT, 0), "o2i_SCT"}, + {ERR_PACK(ERR_LIB_CT, CT_F_O2I_SCT_LIST, 0), "o2i_SCT_LIST"}, + {ERR_PACK(ERR_LIB_CT, CT_F_O2I_SCT_SIGNATURE, 0), "o2i_SCT_signature"}, + {ERR_PACK(ERR_LIB_CT, CT_F_SCT_CTX_NEW, 0), "SCT_CTX_new"}, + {ERR_PACK(ERR_LIB_CT, CT_F_SCT_CTX_VERIFY, 0), "SCT_CTX_verify"}, + {ERR_PACK(ERR_LIB_CT, CT_F_SCT_NEW, 0), "SCT_new"}, + {ERR_PACK(ERR_LIB_CT, CT_F_SCT_NEW_FROM_BASE64, 0), "SCT_new_from_base64"}, + {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET0_LOG_ID, 0), "SCT_set0_log_id"}, + {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET1_EXTENSIONS, 0), "SCT_set1_extensions"}, + {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET1_LOG_ID, 0), "SCT_set1_log_id"}, + {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET1_SIGNATURE, 0), "SCT_set1_signature"}, + {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET_LOG_ENTRY_TYPE, 0), + "SCT_set_log_entry_type"}, + {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET_SIGNATURE_NID, 0), + "SCT_set_signature_nid"}, + {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET_VERSION, 0), "SCT_set_version"}, {0, NULL} }; -static ERR_STRING_DATA CT_str_reasons[] = { - {ERR_REASON(CT_R_BASE64_DECODE_ERROR), "base64 decode error"}, - {ERR_REASON(CT_R_INVALID_LOG_ID_LENGTH), "invalid log id length"}, - {ERR_REASON(CT_R_LOG_CONF_INVALID), "log conf invalid"}, - {ERR_REASON(CT_R_LOG_CONF_INVALID_KEY), "log conf invalid key"}, - {ERR_REASON(CT_R_LOG_CONF_MISSING_DESCRIPTION), - "log conf missing description"}, - {ERR_REASON(CT_R_LOG_CONF_MISSING_KEY), "log conf missing key"}, - {ERR_REASON(CT_R_LOG_KEY_INVALID), "log key invalid"}, - {ERR_REASON(CT_R_SCT_FUTURE_TIMESTAMP), "sct future timestamp"}, - {ERR_REASON(CT_R_SCT_INVALID), "sct invalid"}, - {ERR_REASON(CT_R_SCT_INVALID_SIGNATURE), "sct invalid signature"}, - {ERR_REASON(CT_R_SCT_LIST_INVALID), "sct list invalid"}, - {ERR_REASON(CT_R_SCT_LOG_ID_MISMATCH), "sct log id mismatch"}, - {ERR_REASON(CT_R_SCT_NOT_SET), "sct not set"}, - {ERR_REASON(CT_R_SCT_UNSUPPORTED_VERSION), "sct unsupported version"}, - {ERR_REASON(CT_R_UNRECOGNIZED_SIGNATURE_NID), - "unrecognized signature nid"}, - {ERR_REASON(CT_R_UNSUPPORTED_ENTRY_TYPE), "unsupported entry type"}, - {ERR_REASON(CT_R_UNSUPPORTED_VERSION), "unsupported version"}, +static const ERR_STRING_DATA CT_str_reasons[] = { + {ERR_PACK(ERR_LIB_CT, 0, CT_R_BASE64_DECODE_ERROR), "base64 decode error"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_INVALID_LOG_ID_LENGTH), + "invalid log id length"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_INVALID), "log conf invalid"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_INVALID_KEY), + "log conf invalid key"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_MISSING_DESCRIPTION), + "log conf missing description"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_MISSING_KEY), + "log conf missing key"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_KEY_INVALID), "log key invalid"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_FUTURE_TIMESTAMP), + "sct future timestamp"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_INVALID), "sct invalid"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_INVALID_SIGNATURE), + "sct invalid signature"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_LIST_INVALID), "sct list invalid"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_LOG_ID_MISMATCH), "sct log id mismatch"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_NOT_SET), "sct not set"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_UNSUPPORTED_VERSION), + "sct unsupported version"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_UNRECOGNIZED_SIGNATURE_NID), + "unrecognized signature nid"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_UNSUPPORTED_ENTRY_TYPE), + "unsupported entry type"}, + {ERR_PACK(ERR_LIB_CT, 0, CT_R_UNSUPPORTED_VERSION), "unsupported version"}, {0, NULL} }; @@ -77,10 +87,9 @@ static ERR_STRING_DATA CT_str_reasons[] = { int ERR_load_CT_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(CT_str_functs[0].error) == NULL) { - ERR_load_strings(0, CT_str_functs); - ERR_load_strings(0, CT_str_reasons); + ERR_load_strings_const(CT_str_functs); + ERR_load_strings_const(CT_str_reasons); } #endif return 1; diff --git a/deps/openssl/openssl/crypto/ct/ct_log.c b/deps/openssl/openssl/crypto/ct/ct_log.c index 973bf4ddbd877d..c1bca3e1415e50 100644 --- a/deps/openssl/openssl/crypto/ct/ct_log.c +++ b/deps/openssl/openssl/crypto/ct/ct_log.c @@ -46,7 +46,7 @@ typedef struct ctlog_store_load_ctx_st { * Creates an empty context for loading a CT log store. * It should be populated before use. */ -static CTLOG_STORE_LOAD_CTX *ctlog_store_load_ctx_new(); +static CTLOG_STORE_LOAD_CTX *ctlog_store_load_ctx_new(void); /* * Deletes a CT log store load context. @@ -54,7 +54,7 @@ static CTLOG_STORE_LOAD_CTX *ctlog_store_load_ctx_new(); */ static void ctlog_store_load_ctx_free(CTLOG_STORE_LOAD_CTX* ctx); -static CTLOG_STORE_LOAD_CTX *ctlog_store_load_ctx_new() +static CTLOG_STORE_LOAD_CTX *ctlog_store_load_ctx_new(void) { CTLOG_STORE_LOAD_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); diff --git a/deps/openssl/openssl/crypto/ct/ct_sct.c b/deps/openssl/openssl/crypto/ct/ct_sct.c index cd2cf609672d5a..1dc16857ba50ba 100644 --- a/deps/openssl/openssl/crypto/ct/ct_sct.c +++ b/deps/openssl/openssl/crypto/ct/ct_sct.c @@ -70,10 +70,11 @@ int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type) case CT_LOG_ENTRY_TYPE_PRECERT: sct->entry_type = entry_type; return 1; - default: - CTerr(CT_F_SCT_SET_LOG_ENTRY_TYPE, CT_R_UNSUPPORTED_ENTRY_TYPE); - return 0; + case CT_LOG_ENTRY_TYPE_NOT_SET: + break; } + CTerr(CT_F_SCT_SET_LOG_ENTRY_TYPE, CT_R_UNSUPPORTED_ENTRY_TYPE); + return 0; } int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len) @@ -274,9 +275,11 @@ int SCT_set_source(SCT *sct, sct_source_t source) return SCT_set_log_entry_type(sct, CT_LOG_ENTRY_TYPE_X509); case SCT_SOURCE_X509V3_EXTENSION: return SCT_set_log_entry_type(sct, CT_LOG_ENTRY_TYPE_PRECERT); - default: /* if we aren't sure, leave the log entry type alone */ - return 1; + case SCT_SOURCE_UNKNOWN: + break; } + /* if we aren't sure, leave the log entry type alone */ + return 1; } sct_validation_status_t SCT_get_validation_status(const SCT *sct) diff --git a/deps/openssl/openssl/crypto/ctype.c b/deps/openssl/openssl/crypto/ctype.c new file mode 100644 index 00000000000000..813be25a074121 --- /dev/null +++ b/deps/openssl/openssl/crypto/ctype.c @@ -0,0 +1,274 @@ +/* + * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include "internal/ctype.h" +#include "openssl/ebcdic.h" + +/* + * Define the character classes for each character in the seven bit ASCII + * character set. This is independent of the host's character set, characters + * are converted to ASCII before being used as an index in to this table. + * Characters outside of the seven bit ASCII range are detected before indexing. + */ +static const unsigned short ctype_char_map[128] = { + /* 00 nul */ CTYPE_MASK_cntrl, + /* 01 soh */ CTYPE_MASK_cntrl, + /* 02 stx */ CTYPE_MASK_cntrl, + /* 03 etx */ CTYPE_MASK_cntrl, + /* 04 eot */ CTYPE_MASK_cntrl, + /* 05 enq */ CTYPE_MASK_cntrl, + /* 06 ack */ CTYPE_MASK_cntrl, + /* 07 \a */ CTYPE_MASK_cntrl, + /* 08 \b */ CTYPE_MASK_cntrl, + /* 09 \t */ CTYPE_MASK_blank | CTYPE_MASK_cntrl | CTYPE_MASK_space, + /* 0A \n */ CTYPE_MASK_cntrl | CTYPE_MASK_space, + /* 0B \v */ CTYPE_MASK_cntrl | CTYPE_MASK_space, + /* 0C \f */ CTYPE_MASK_cntrl | CTYPE_MASK_space, + /* 0D \r */ CTYPE_MASK_cntrl | CTYPE_MASK_space, + /* 0E so */ CTYPE_MASK_cntrl, + /* 0F si */ CTYPE_MASK_cntrl, + /* 10 dle */ CTYPE_MASK_cntrl, + /* 11 dc1 */ CTYPE_MASK_cntrl, + /* 12 dc2 */ CTYPE_MASK_cntrl, + /* 13 dc3 */ CTYPE_MASK_cntrl, + /* 14 dc4 */ CTYPE_MASK_cntrl, + /* 15 nak */ CTYPE_MASK_cntrl, + /* 16 syn */ CTYPE_MASK_cntrl, + /* 17 etb */ CTYPE_MASK_cntrl, + /* 18 can */ CTYPE_MASK_cntrl, + /* 19 em */ CTYPE_MASK_cntrl, + /* 1A sub */ CTYPE_MASK_cntrl, + /* 1B esc */ CTYPE_MASK_cntrl, + /* 1C fs */ CTYPE_MASK_cntrl, + /* 1D gs */ CTYPE_MASK_cntrl, + /* 1E rs */ CTYPE_MASK_cntrl, + /* 1F us */ CTYPE_MASK_cntrl, + /* 20 */ CTYPE_MASK_blank | CTYPE_MASK_print | CTYPE_MASK_space + | CTYPE_MASK_asn1print, + /* 21 ! */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, + /* 22 " */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, + /* 23 # */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, + /* 24 $ */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, + /* 25 % */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, + /* 26 & */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, + /* 27 ' */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct + | CTYPE_MASK_asn1print, + /* 28 ( */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct + | CTYPE_MASK_asn1print, + /* 29 ) */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct + | CTYPE_MASK_asn1print, + /* 2A * */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, + /* 2B + */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 2C , */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct + | CTYPE_MASK_asn1print, + /* 2D - */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct + | CTYPE_MASK_asn1print, + /* 2E . */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct + | CTYPE_MASK_asn1print, + /* 2F / */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 30 0 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print + | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 31 1 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print + | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 32 2 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print + | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 33 3 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print + | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 34 4 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print + | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 35 5 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print + | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 36 6 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print + | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 37 7 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print + | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 38 8 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print + | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 39 9 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print + | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 3A : */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct + | CTYPE_MASK_asn1print, + /* 3B ; */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, + /* 3C < */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, + /* 3D = */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 3E > */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, + /* 3F ? */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct + | CTYPE_MASK_asn1print, + /* 40 @ */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, + /* 41 A */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 42 B */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 43 C */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 44 D */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 45 E */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 46 F */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 47 G */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 48 H */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 49 I */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 4A J */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 4B K */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 4C L */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 4D M */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 4E N */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 4F O */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 50 P */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 51 Q */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 52 R */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 53 S */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 54 T */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 55 U */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 56 V */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 57 W */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 58 X */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 59 Y */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 5A Z */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 5B [ */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, + /* 5C \ */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, + /* 5D ] */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, + /* 5E ^ */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, + /* 5F _ */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, + /* 60 ` */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, + /* 61 a */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 62 b */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 63 c */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 64 d */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 65 e */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 66 f */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 67 g */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 68 h */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 69 i */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 6A j */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 6B k */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 6C l */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 6D m */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 6E n */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 6F o */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 70 p */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 71 q */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 72 r */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 73 s */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 74 t */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 75 u */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 76 v */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 77 w */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 78 x */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 79 y */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 7A z */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print + | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, + /* 7B { */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, + /* 7C | */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, + /* 7D } */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, + /* 7E ~ */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, + /* 7F del */ CTYPE_MASK_cntrl +}; + +#ifdef CHARSET_EBCDIC +int ossl_toascii(int c) +{ + if (c < -128 || c > 256 || c == EOF) + return c; + /* + * Adjust negatively signed characters. + * This is not required for ASCII because any character that sign extends + * is not seven bit and all of the checks are on the seven bit characters. + * I.e. any check must fail on sign extension. + */ + if (c < 0) + c += 256; + return os_toascii[c]; +} + +int ossl_fromascii(int c) +{ + if (c < -128 || c > 256 || c == EOF) + return c; + if (c < 0) + c += 256; + return os_toebcdic[c]; +} +#endif + +int ossl_ctype_check(int c, unsigned int mask) +{ + const int max = sizeof(ctype_char_map) / sizeof(*ctype_char_map); + const int a = ossl_toascii(c); + + return a >= 0 && a < max && (ctype_char_map[a] & mask) != 0; +} + +#if defined(CHARSET_EBCDIC) && !defined(CHARSET_EBCDIC_TEST) +static const int case_change = 0x40; +#else +static const int case_change = 0x20; +#endif + +int ossl_tolower(int c) +{ + return ossl_isupper(c) ? c ^ case_change : c; +} + +int ossl_toupper(int c) +{ + return ossl_islower(c) ? c ^ case_change : c; +} diff --git a/deps/openssl/openssl/crypto/cversion.c b/deps/openssl/openssl/crypto/cversion.c index 96d8a5b5e0e7a4..534e7eba55b367 100644 --- a/deps/openssl/openssl/crypto/cversion.c +++ b/deps/openssl/openssl/crypto/cversion.c @@ -9,9 +9,7 @@ #include "internal/cryptlib.h" -#ifndef NO_WINDOWS_BRAINDEATH -# include "buildinf.h" -#endif +#include "buildinf.h" unsigned long OpenSSL_version_num(void) { @@ -20,46 +18,27 @@ unsigned long OpenSSL_version_num(void) const char *OpenSSL_version(int t) { - if (t == OPENSSL_VERSION) + switch (t) { + case OPENSSL_VERSION: return OPENSSL_VERSION_TEXT; - if (t == OPENSSL_BUILT_ON) { -#ifdef DATE -# ifdef OPENSSL_USE_BUILD_DATE - return (DATE); -# else - return ("built on: reproducible build, date unspecified"); -# endif -#else - return ("built on: date not available"); -#endif - } - if (t == OPENSSL_CFLAGS) { -#ifdef CFLAGS - return (CFLAGS); -#else - return ("compiler: information not available"); -#endif - } - if (t == OPENSSL_PLATFORM) { -#ifdef PLATFORM - return (PLATFORM); -#else - return ("platform: information not available"); -#endif - } - if (t == OPENSSL_DIR) { + case OPENSSL_BUILT_ON: + return DATE; + case OPENSSL_CFLAGS: + return compiler_flags; + case OPENSSL_PLATFORM: + return PLATFORM; + case OPENSSL_DIR: #ifdef OPENSSLDIR return "OPENSSLDIR: \"" OPENSSLDIR "\""; #else return "OPENSSLDIR: N/A"; #endif - } - if (t == OPENSSL_ENGINES_DIR) { + case OPENSSL_ENGINES_DIR: #ifdef ENGINESDIR return "ENGINESDIR: \"" ENGINESDIR "\""; #else return "ENGINESDIR: N/A"; #endif } - return ("not available"); + return "not available"; } diff --git a/deps/openssl/openssl/crypto/des/asm/crypt586.pl b/deps/openssl/openssl/crypto/des/asm/crypt586.pl index d5911a1858237d..a02d1806314949 100644 --- a/deps/openssl/openssl/crypto/des/asm/crypt586.pl +++ b/deps/openssl/openssl/crypto/des/asm/crypt586.pl @@ -7,7 +7,7 @@ # https://www.openssl.org/source/license.html # The inner loop instruction sequence and the IP/FP modifications are from -# Svend Olaf Mikkelsen +# Svend Olaf Mikkelsen $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; push(@INC,"${dir}","${dir}../../perlasm"); @@ -16,7 +16,7 @@ $output=pop; open STDOUT,">$output"; -&asm_init($ARGV[0],"crypt586.pl"); +&asm_init($ARGV[0]); $L="edi"; $R="esi"; @@ -111,7 +111,7 @@ sub D_ENCRYPT &and( $u, "0xfcfcfcfc" ); # 2 &xor( $tmp1, $tmp1); # 1 &and( $t, "0xcfcfcfcf" ); # 2 - &xor( $tmp2, $tmp2); + &xor( $tmp2, $tmp2); &movb( &LB($tmp1), &LB($u) ); &movb( &LB($tmp2), &HB($u) ); &rotr( $t, 4 ); @@ -175,7 +175,7 @@ sub IP_new &R_PERM_OP($l,$tt,$r,14,"0x33333333",$r); &R_PERM_OP($tt,$r,$l,22,"0x03fc03fc",$r); &R_PERM_OP($l,$r,$tt, 9,"0xaaaaaaaa",$r); - + if ($lr != 3) { if (($lr-3) < 0) diff --git a/deps/openssl/openssl/crypto/des/asm/des-586.pl b/deps/openssl/openssl/crypto/des/asm/des-586.pl index 3d7c7f1b91e1a6..2bcc54ef2f2551 100644 --- a/deps/openssl/openssl/crypto/des/asm/des-586.pl +++ b/deps/openssl/openssl/crypto/des/asm/des-586.pl @@ -7,7 +7,7 @@ # https://www.openssl.org/source/license.html # The inner loop instruction sequence and the IP/FP modifications are from -# Svend Olaf Mikkelsen +# Svend Olaf Mikkelsen. $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; push(@INC,"${dir}","${dir}../../perlasm"); @@ -15,7 +15,7 @@ require "cbc.pl"; require "desboth.pl"; -# base code is in microsft +# base code is in Microsoft # op dest, source # format. # @@ -23,7 +23,7 @@ $output=pop; open STDOUT,">$output"; -&asm_init($ARGV[0],"des-586.pl"); +&asm_init($ARGV[0]); $L="edi"; $R="esi"; @@ -85,7 +85,7 @@ () &function_end_B("_x86_DES_encrypt"); } - + sub DES_decrypt_internal() { &function_begin_B("_x86_DES_decrypt"); @@ -122,7 +122,7 @@ () &function_end_B("_x86_DES_decrypt"); } - + sub DES_encrypt { local($name,$do_ip)=@_; @@ -283,7 +283,7 @@ sub IP_new &R_PERM_OP($l,$tt,$r,14,"0x33333333",$r); &R_PERM_OP($tt,$r,$l,22,"0x03fc03fc",$r); &R_PERM_OP($l,$r,$tt, 9,"0xaaaaaaaa",$r); - + if ($lr != 3) { if (($lr-3) < 0) diff --git a/deps/openssl/openssl/crypto/des/asm/des_enc.m4 b/deps/openssl/openssl/crypto/des/asm/des_enc.m4 index 2d794d3374b3bf..4a0d15620c00d9 100644 --- a/deps/openssl/openssl/crypto/des/asm/des_enc.m4 +++ b/deps/openssl/openssl/crypto/des/asm/des_enc.m4 @@ -1,4 +1,4 @@ -! Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +! Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. ! ! Licensed under the OpenSSL license (the "License"). You may not use ! this file except in compliance with the License. You can obtain a copy @@ -31,10 +31,6 @@ #include -#ifdef OPENSSL_FIPSCANISTER -#include -#endif - #if defined(__SUNPRO_C) && defined(__sparcv9) # define ABI64 /* They've said -xarch=v9 at command line */ #elif defined(__GNUC__) && defined(__arch64__) @@ -116,7 +112,7 @@ changequote({,}) ! ! Loads key first round from address in parameter 5 to out0, out1. ! -! After the the original LibDES initial permutation, the resulting left +! After the original LibDES initial permutation, the resulting left ! is in the variable initially used for right and vice versa. The macro ! implements the possibility to keep the halfs in the original registers. ! @@ -532,8 +528,8 @@ $4: ! parameter 3 1 for optional store to [in0] ! parameter 4 1 for load input/output address to local5/7 ! -! The final permutation logic switches the halfes, meaning that -! left and right ends up the the registers originally used. +! The final permutation logic switches the halves, meaning that +! left and right ends up the registers originally used. define(fp_macro, { @@ -735,7 +731,7 @@ define(fp_ip_macro, { sll $4, 3, local2 xor local4, temp2, $2 - ! reload since used as temporar: + ! reload since used as temporary: ld [out2+280], out4 ! loop counter @@ -757,7 +753,7 @@ define(fp_ip_macro, { ! parameter 1 address ! parameter 2 destination left ! parameter 3 destination right -! parameter 4 temporar +! parameter 4 temporary ! parameter 5 label define(load_little_endian, { @@ -806,7 +802,7 @@ $5a: ! parameter 1 address ! parameter 2 destination left ! parameter 3 destination right -! parameter 4 temporar +! parameter 4 temporary ! parameter 4 label ! ! adds 8 to address @@ -931,7 +927,7 @@ $7.jmp.table: ! parameter 1 address ! parameter 2 source left ! parameter 3 source right -! parameter 4 temporar +! parameter 4 temporary define(store_little_endian, { @@ -1521,7 +1517,7 @@ DES_ncbc_encrypt: ! parameter 7 1 for mov in1 to in3 ! parameter 8 1 for mov in3 to in4 - ip_macro(in5, out5, out5, in5, in4, 2, 0, 1) ! include decryprion ks in4 + ip_macro(in5, out5, out5, in5, in4, 2, 0, 1) ! include decryption ks in4 fp_macro(out5, in5, 0, 1) ! 1 for input and output address to local5/7 @@ -1567,7 +1563,7 @@ DES_ncbc_encrypt: .size DES_ncbc_encrypt, .DES_ncbc_encrypt.end-DES_ncbc_encrypt -! void DES_ede3_cbc_encrypt(input, output, lenght, ks1, ks2, ks3, ivec, enc) +! void DES_ede3_cbc_encrypt(input, output, length, ks1, ks2, ks3, ivec, enc) ! ************************************************************************** @@ -1815,7 +1811,7 @@ DES_ede3_cbc_encrypt: .byte 240, 240, 240, 240, 244, 244, 244, 244 .byte 248, 248, 248, 248, 252, 252, 252, 252 - ! 5 numbers for initil/final permutation + ! 5 numbers for initial/final permutation .word 0x0f0f0f0f ! offset 256 .word 0x0000ffff ! 260 diff --git a/deps/openssl/openssl/crypto/des/asm/desboth.pl b/deps/openssl/openssl/crypto/des/asm/desboth.pl index 76759fb2920350..ef7054e27506c9 100644 --- a/deps/openssl/openssl/crypto/des/asm/desboth.pl +++ b/deps/openssl/openssl/crypto/des/asm/desboth.pl @@ -34,7 +34,7 @@ sub DES_encrypt3 &IP_new($L,$R,"edx",0); # put them back - + if ($enc) { &mov(&DWP(4,"ebx","",0),$R); diff --git a/deps/openssl/openssl/crypto/des/asm/dest4-sparcv9.pl b/deps/openssl/openssl/crypto/des/asm/dest4-sparcv9.pl index 4a6e29fc5307ea..fe1fdc7025cf44 100644 --- a/deps/openssl/openssl/crypto/des/asm/dest4-sparcv9.pl +++ b/deps/openssl/openssl/crypto/des/asm/dest4-sparcv9.pl @@ -8,8 +8,8 @@ # ==================================================================== -# Written by David S. Miller and Andy Polyakov -# . The module is licensed under 2-clause BSD +# Written by David S. Miller and Andy Polyakov. +# The module is licensed under 2-clause BSD # license. March 2013. All rights reserved. # ==================================================================== diff --git a/deps/openssl/openssl/crypto/des/build.info b/deps/openssl/openssl/crypto/des/build.info index c0306cfd6f5a9a..05cb154cd46273 100644 --- a/deps/openssl/openssl/crypto/des/build.info +++ b/deps/openssl/openssl/crypto/des/build.info @@ -5,13 +5,15 @@ SOURCE[../../libcrypto]=\ ofb64ede.c ofb64enc.c ofb_enc.c \ str2key.c pcbc_enc.c qud_cksm.c rand_key.c \ {- $target{des_asm_src} -} \ - fcrypt.c xcbc_enc.c rpc_enc.c cbc_cksm.c + fcrypt.c xcbc_enc.c cbc_cksm.c GENERATE[des_enc-sparc.S]=asm/des_enc.m4 GENERATE[dest4-sparcv9.S]=asm/dest4-sparcv9.pl $(PERLASM_SCHEME) INCLUDE[dest4-sparcv9.o]=.. -GENERATE[des-586.s]=asm/des-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) +GENERATE[des-586.s]=asm/des-586.pl \ + $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) DEPEND[des-586.s]=../perlasm/x86asm.pl ../perlasm/cbc.pl -GENERATE[crypt586.s]=asm/crypt586.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) +GENERATE[crypt586.s]=asm/crypt586.pl \ + $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) DEPEND[crypt586.s]=../perlasm/x86asm.pl ../perlasm/cbc.pl diff --git a/deps/openssl/openssl/crypto/des/cbc_cksm.c b/deps/openssl/openssl/crypto/des/cbc_cksm.c index a7bf0689b255a5..5a1f72f82db83a 100644 --- a/deps/openssl/openssl/crypto/des/cbc_cksm.c +++ b/deps/openssl/openssl/crypto/des/cbc_cksm.c @@ -33,7 +33,6 @@ DES_LONG DES_cbc_cksum(const unsigned char *in, DES_cblock *output, tin1 ^= tout1; tin[1] = tin1; DES_encrypt1((DES_LONG *)tin, schedule, DES_ENCRYPT); - /* fix 15/10/91 eay - thanks to keithr@sco.COM */ tout0 = tin[0]; tout1 = tin[1]; } @@ -50,5 +49,5 @@ DES_LONG DES_cbc_cksum(const unsigned char *in, DES_cblock *output, | ((tout1 >> 8L) & 0x0000FF00) | ((tout1 << 8L) & 0x00FF0000) | ((tout1 << 24L) & 0xFF000000); - return (tout1); + return tout1; } diff --git a/deps/openssl/openssl/crypto/des/cfb64ede.c b/deps/openssl/openssl/crypto/des/cfb64ede.c index 5edb979e1069ee..21943f6143ead9 100644 --- a/deps/openssl/openssl/crypto/des/cfb64ede.c +++ b/deps/openssl/openssl/crypto/des/cfb64ede.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,7 +8,6 @@ */ #include "des_locl.h" -#include "e_os.h" /* * The input and output encrypted as though 64bit cfb mode is being used. diff --git a/deps/openssl/openssl/crypto/des/cfb_enc.c b/deps/openssl/openssl/crypto/des/cfb_enc.c index 6c428ba61f091e..544392e405c2cc 100644 --- a/deps/openssl/openssl/crypto/des/cfb_enc.c +++ b/deps/openssl/openssl/crypto/des/cfb_enc.c @@ -37,7 +37,7 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, unsigned int sh[4]; unsigned char *ovec = (unsigned char *)sh; - /* I kind of count that compiler optimizes away this assertioni, */ + /* I kind of count that compiler optimizes away this assertion, */ assert(sizeof(sh[0]) == 4); /* as this holds true for all, */ /* but 16-bit platforms... */ diff --git a/deps/openssl/openssl/crypto/des/des_enc.c b/deps/openssl/openssl/crypto/des/des_enc.c index 600f6df4886fcb..ed134ace8c3228 100644 --- a/deps/openssl/openssl/crypto/des/des_enc.c +++ b/deps/openssl/openssl/crypto/des/des_enc.c @@ -24,8 +24,7 @@ void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc) * Things have been modified so that the initial rotate is done outside * the loop. This required the DES_SPtrans values in sp.h to be rotated * 1 bit to the right. One perl script later and things have a 5% speed - * up on a sparc2. Thanks to Richard Outerbridge - * <71755.204@CompuServe.COM> for pointing this out. + * up on a sparc2. Thanks to Richard Outerbridge for pointing this out. */ /* clear the top bits on machines with 8byte longs */ /* shift left by 2 */ @@ -95,8 +94,7 @@ void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc) * Things have been modified so that the initial rotate is done outside * the loop. This required the DES_SPtrans values in sp.h to be rotated * 1 bit to the right. One perl script later and things have a 5% speed - * up on a sparc2. Thanks to Richard Outerbridge - * <71755.204@CompuServe.COM> for pointing this out. + * up on a sparc2. Thanks to Richard Outerbridge for pointing this out. */ /* clear the top bits on machines with 8byte longs */ r = ROTATE(r, 29) & 0xffffffffL; diff --git a/deps/openssl/openssl/crypto/des/des_locl.h b/deps/openssl/openssl/crypto/des/des_locl.h index 1fe47688354afc..f401e6f3ebe89f 100644 --- a/deps/openssl/openssl/crypto/des/des_locl.h +++ b/deps/openssl/openssl/crypto/des/des_locl.h @@ -26,10 +26,6 @@ # define ITERATIONS 16 # define HALF_ITERATIONS 8 -/* used in des_read and des_write */ -# define MAXWRITE (1024*16) -# define BSIZE (MAXWRITE+4) - # define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \ l|=((DES_LONG)(*((c)++)))<< 8L, \ l|=((DES_LONG)(*((c)++)))<<16L, \ @@ -67,7 +63,6 @@ * replacements for htonl and ntohl since I have no idea what to do when * faced with machines with 8 byte longs. */ -# define HDRSIZE 4 # define n2l(c,l) (l =((DES_LONG)(*((c)++)))<<24L, \ l|=((DES_LONG)(*((c)++)))<<16L, \ @@ -101,7 +96,7 @@ } \ } -# if (defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)) +# if defined(_MSC_VER) # define ROTATE(a,n) (_lrotr(a,n)) # elif defined(__ICC) # define ROTATE(a,n) (_rotr(a,n)) diff --git a/deps/openssl/openssl/crypto/des/ecb_enc.c b/deps/openssl/openssl/crypto/des/ecb_enc.c index 32df4600f24c82..5ed079d15fdc53 100644 --- a/deps/openssl/openssl/crypto/des/ecb_enc.c +++ b/deps/openssl/openssl/crypto/des/ecb_enc.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -15,19 +15,16 @@ const char *DES_options(void) { static int init = 1; - static char buf[32]; + static char buf[12]; if (init) { - const char *size; - if (sizeof(DES_LONG) != sizeof(long)) - size = "int"; + OPENSSL_strlcpy(buf, "des(int)", sizeof(buf)); else - size = "long"; - BIO_snprintf(buf, sizeof(buf), "des(%s)", size); + OPENSSL_strlcpy(buf, "des(long)", sizeof(buf)); init = 0; } - return (buf); + return buf; } void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output, diff --git a/deps/openssl/openssl/crypto/des/fcrypt.c b/deps/openssl/openssl/crypto/des/fcrypt.c index baede4fccf8f1d..aaee4bf236a532 100644 --- a/deps/openssl/openssl/crypto/des/fcrypt.c +++ b/deps/openssl/openssl/crypto/des/fcrypt.c @@ -23,7 +23,7 @@ /* * Added more values to handle illegal salt values the way normal crypt() - * implementations do. The patch was sent by Bjorn Gronvall + * implementations do. */ static unsigned const char con_salt[128] = { 0xD2, 0xD3, 0xD4, 0xD5, 0xD6, 0xD7, 0xD8, 0xD9, @@ -60,7 +60,7 @@ char *DES_crypt(const char *buf, const char *salt) static char buff[14]; #ifndef CHARSET_EBCDIC - return (DES_fcrypt(buf, salt, buff)); + return DES_fcrypt(buf, salt, buff); #else char e_salt[2 + 1]; char e_buf[32 + 1]; /* replace 32 by 8 ? */ @@ -145,5 +145,5 @@ char *DES_fcrypt(const char *buf, const char *salt, char *ret) ret[i] = cov_2char[c]; } ret[13] = '\0'; - return (ret); + return ret; } diff --git a/deps/openssl/openssl/crypto/des/qud_cksm.c b/deps/openssl/openssl/crypto/des/qud_cksm.c index 8710ceca9544e8..81e6be8226aaf7 100644 --- a/deps/openssl/openssl/crypto/des/qud_cksm.c +++ b/deps/openssl/openssl/crypto/des/qud_cksm.c @@ -15,7 +15,6 @@ */ #include "des_locl.h" -/* bug fix for dos - 7/6/91 - Larry hughes@logos.ucs.indiana.edu */ #define Q_B0(a) (((DES_LONG)(a))) #define Q_B1(a) (((DES_LONG)(a))<<8) #define Q_B2(a) (((DES_LONG)(a))<<16) @@ -73,5 +72,5 @@ DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[], *lp++ = z1; } } - return (z0); + return z0; } diff --git a/deps/openssl/openssl/crypto/des/rand_key.c b/deps/openssl/openssl/crypto/des/rand_key.c index 61e4f9d05dcb0f..fe8aefec370ded 100644 --- a/deps/openssl/openssl/crypto/des/rand_key.c +++ b/deps/openssl/openssl/crypto/des/rand_key.c @@ -1,5 +1,5 @@ /* - * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,9 +13,9 @@ int DES_random_key(DES_cblock *ret) { do { - if (RAND_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1) - return (0); + if (RAND_priv_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1) + return 0; } while (DES_is_weak_key(ret)); DES_set_odd_parity(ret); - return (1); + return 1; } diff --git a/deps/openssl/openssl/crypto/des/rpc_des.h b/deps/openssl/openssl/crypto/des/rpc_des.h deleted file mode 100644 index fe59e224de7541..00000000000000 --- a/deps/openssl/openssl/crypto/des/rpc_des.h +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* @(#)des.h 2.2 88/08/10 4.0 RPCSRC; from 2.7 88/02/08 SMI */ -/*- - * Sun RPC is a product of Sun Microsystems, Inc. and is provided for - * unrestricted use provided that this legend is included on all tape - * media and as a part of the software program in whole or part. Users - * may copy or modify Sun RPC without charge, but are not authorized - * to license or distribute it to anyone else except as part of a product or - * program developed by the user. - * - * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE - * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR - * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * - * Sun RPC is provided with no support and without any obligation on the - * part of Sun Microsystems, Inc. to assist in its use, correction, - * modification or enhancement. - * - * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE - * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC - * OR ANY PART THEREOF. - * - * In no event will Sun Microsystems, Inc. be liable for any lost revenue - * or profits or other special, indirect and consequential damages, even if - * Sun has been advised of the possibility of such damages. - * - * Sun Microsystems, Inc. - * 2550 Garcia Avenue - * Mountain View, California 94043 - */ -/* - * Generic DES driver interface - * Keep this file hardware independent! - * Copyright (c) 1986 by Sun Microsystems, Inc. - */ - -#define DES_MAXLEN 65536 /* maximum # of bytes to encrypt */ -#define DES_QUICKLEN 16 /* maximum # of bytes to encrypt quickly */ - -enum desdir { ENCRYPT, DECRYPT }; -enum desmode { CBC, ECB }; - -/* - * parameters to ioctl call - */ -struct desparams { - unsigned char des_key[8]; /* key (with low bit parity) */ - enum desdir des_dir; /* direction */ - enum desmode des_mode; /* mode */ - unsigned char des_ivec[8]; /* input vector */ - unsigned des_len; /* number of bytes to crypt */ - union { - unsigned char UDES_data[DES_QUICKLEN]; - unsigned char *UDES_buf; - } UDES; -#define des_data UDES.UDES_data /* direct data here if quick */ -#define des_buf UDES.UDES_buf /* otherwise, pointer to data */ -}; - -/* - * Encrypt an arbitrary sized buffer - */ -#define DESIOCBLOCK _IOWR('d', 6, struct desparams) - -/* - * Encrypt of small amount of data, quickly - */ -#define DESIOCQUICK _IOWR('d', 7, struct desparams) diff --git a/deps/openssl/openssl/crypto/des/rpc_enc.c b/deps/openssl/openssl/crypto/des/rpc_enc.c deleted file mode 100644 index bfa85115a2d76c..00000000000000 --- a/deps/openssl/openssl/crypto/des/rpc_enc.c +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "rpc_des.h" -#include "des_locl.h" - -int _des_crypt(char *buf, int len, struct desparams *desp); -int _des_crypt(char *buf, int len, struct desparams *desp) -{ - DES_key_schedule ks; - int enc; - - DES_set_key_unchecked(&desp->des_key, &ks); - enc = (desp->des_dir == ENCRYPT) ? DES_ENCRYPT : DES_DECRYPT; - - if (desp->des_mode == CBC) - DES_ecb_encrypt((const_DES_cblock *)desp->UDES.UDES_buf, - (DES_cblock *)desp->UDES.UDES_buf, &ks, enc); - else { - DES_ncbc_encrypt(desp->UDES.UDES_buf, desp->UDES.UDES_buf, - len, &ks, &desp->des_ivec, enc); - } - return (1); -} diff --git a/deps/openssl/openssl/crypto/des/set_key.c b/deps/openssl/openssl/crypto/des/set_key.c index dc88b8d041c925..adbad72362f53e 100644 --- a/deps/openssl/openssl/crypto/des/set_key.c +++ b/deps/openssl/openssl/crypto/des/set_key.c @@ -18,10 +18,9 @@ #include #include "des_locl.h" +/* defaults to false */ OPENSSL_IMPLEMENT_GLOBAL(int, DES_check_key, 0) - /* - * defaults to false - */ + static const unsigned char odd_parity[256] = { 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14, 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31, @@ -65,9 +64,9 @@ int DES_check_key_parity(const_DES_cblock *key) for (i = 0; i < DES_KEY_SZ; i++) { if ((*key)[i] != odd_parity[(*key)[i]]) - return (0); + return 0; } - return (1); + return 1; } /*- @@ -77,8 +76,6 @@ int DES_check_key_parity(const_DES_cblock *key) * %T Security for Computer Networks * %I John Wiley & Sons * %D 1984 - * Many thanks to smb@ulysses.att.com (Steven Bellovin) for the reference - * (and actual cblock values). */ #define NUM_WEAK_KEY 16 static const DES_cblock weak_keys[NUM_WEAK_KEY] = { @@ -107,15 +104,9 @@ int DES_is_weak_key(const_DES_cblock *key) int i; for (i = 0; i < NUM_WEAK_KEY; i++) - /* - * Added == 0 to comparison, I obviously don't run this section very - * often :-(, thanks to engineering@MorningStar.Com for the fix eay - * 93/06/29 Another problem, I was comparing only the first 4 bytes, - * 97/03/18 - */ if (memcmp(weak_keys[i], key, sizeof(DES_cblock)) == 0) - return (1); - return (0); + return 1; + return 0; } /*- @@ -302,9 +293,9 @@ int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule) int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule) { if (!DES_check_key_parity(key)) - return (-1); + return -1; if (DES_is_weak_key(key)) - return (-2); + return -2; DES_set_key_unchecked(key, schedule); return 0; } @@ -329,8 +320,8 @@ void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule) c2l(in, d); /* - * do PC1 in 47 simple operations :-) Thanks to John Fletcher - * (john_fletcher@lccmail.ocf.llnl.gov) for the inspiration. :-) + * do PC1 in 47 simple operations. Thanks to John Fletcher + * for the inspiration. */ PERM_OP(d, c, t, 4, 0x0f0f0f0fL); HPERM_OP(c, t, -2, 0xcccc0000L); @@ -377,13 +368,5 @@ void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule) int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule) { - return (DES_set_key(key, schedule)); + return DES_set_key(key, schedule); } - -/*- -#undef des_fixup_key_parity -void des_fixup_key_parity(des_cblock *key) - { - des_set_odd_parity(key); - } -*/ diff --git a/deps/openssl/openssl/crypto/des/spr.h b/deps/openssl/openssl/crypto/des/spr.h index 42adfbf6ee6066..2404e092d4acb0 100644 --- a/deps/openssl/openssl/crypto/des/spr.h +++ b/deps/openssl/openssl/crypto/des/spr.h @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -OPENSSL_GLOBAL const DES_LONG DES_SPtrans[8][64] = { +const DES_LONG DES_SPtrans[8][64] = { { /* nibble 0 */ 0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L, diff --git a/deps/openssl/openssl/crypto/des/str2key.c b/deps/openssl/openssl/crypto/des/str2key.c index 78998a1cd0718c..e18d726522ba31 100644 --- a/deps/openssl/openssl/crypto/des/str2key.c +++ b/deps/openssl/openssl/crypto/des/str2key.c @@ -17,10 +17,6 @@ void DES_string_to_key(const char *str, DES_cblock *key) memset(key, 0, 8); length = strlen(str); -#ifdef OLD_STR_TO_KEY - for (i = 0; i < length; i++) - (*key)[i % 8] ^= (str[i] << 1); -#else /* MIT COMPATIBLE */ for (i = 0; i < length; i++) { register unsigned char j = str[i]; @@ -34,7 +30,6 @@ void DES_string_to_key(const char *str, DES_cblock *key) (*key)[7 - (i % 8)] ^= j; } } -#endif DES_set_odd_parity(key); DES_set_key_unchecked(key, &ks); DES_cbc_cksum((const unsigned char *)str, key, length, &ks, key); @@ -50,20 +45,6 @@ void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2) memset(key1, 0, 8); memset(key2, 0, 8); length = strlen(str); -#ifdef OLD_STR_TO_KEY - if (length <= 8) { - for (i = 0; i < length; i++) { - (*key2)[i] = (*key1)[i] = (str[i] << 1); - } - } else { - for (i = 0; i < length; i++) { - if ((i / 8) & 1) - (*key2)[i % 8] ^= (str[i] << 1); - else - (*key1)[i % 8] ^= (str[i] << 1); - } - } -#else /* MIT COMPATIBLE */ for (i = 0; i < length; i++) { register unsigned char j = str[i]; @@ -84,7 +65,6 @@ void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2) } if (length <= 8) memcpy(key2, key1, 8); -#endif DES_set_odd_parity(key1); DES_set_odd_parity(key2); DES_set_key_unchecked(key1, &ks); diff --git a/deps/openssl/openssl/crypto/dh/build.info b/deps/openssl/openssl/crypto/dh/build.info index dba93066aea11f..b19ff6dbac19b2 100644 --- a/deps/openssl/openssl/crypto/dh/build.info +++ b/deps/openssl/openssl/crypto/dh/build.info @@ -1,4 +1,5 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]=\ dh_asn1.c dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c dh_depr.c \ - dh_ameth.c dh_pmeth.c dh_prn.c dh_rfc5114.c dh_kdf.c dh_meth.c + dh_ameth.c dh_pmeth.c dh_prn.c dh_rfc5114.c dh_kdf.c dh_meth.c \ + dh_rfc7919.c diff --git a/deps/openssl/openssl/crypto/dh/dh_ameth.c b/deps/openssl/openssl/crypto/dh/dh_ameth.c index cd77867dee9f7c..05a1d4227ee310 100644 --- a/deps/openssl/openssl/crypto/dh/dh_ameth.c +++ b/deps/openssl/openssl/crypto/dh/dh_ameth.c @@ -326,7 +326,7 @@ static int do_dh_print(BIO *bp, const DH *x, int indent, int ptype) goto err; } if (BIO_write(bp, "\n", 1) <= 0) - return (0); + return 0; } if (x->counter && !ASN1_bn_print(bp, "counter:", x->counter, NULL, indent)) goto err; @@ -346,7 +346,7 @@ static int do_dh_print(BIO *bp, const DH *x, int indent, int ptype) static int int_dh_size(const EVP_PKEY *pkey) { - return (DH_size(pkey->pkey.dh)); + return DH_size(pkey->pkey.dh); } static int dh_bits(const EVP_PKEY *pkey) @@ -374,13 +374,19 @@ static int dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) static int int_dh_bn_cpy(BIGNUM **dst, const BIGNUM *src) { BIGNUM *a; - if (src) { - a = BN_dup(src); - if (!a) - return 0; - } else + + /* + * If source is read only just copy the pointer, so + * we don't have to reallocate it. + */ + if (src == NULL) a = NULL; - BN_free(*dst); + else if (BN_get_flags(src, BN_FLG_STATIC_DATA) + && !BN_get_flags(src, BN_FLG_MALLOCED)) + a = (BIGNUM *)src; + else if ((a = BN_dup(src)) == NULL) + return 0; + BN_clear_free(*dst); *dst = a; return 1; } @@ -503,6 +509,25 @@ static int dh_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) } +static int dh_pkey_public_check(const EVP_PKEY *pkey) +{ + DH *dh = pkey->pkey.dh; + + if (dh->pub_key == NULL) { + DHerr(DH_F_DH_PKEY_PUBLIC_CHECK, DH_R_MISSING_PUBKEY); + return 0; + } + + return DH_check_pub_key_ex(dh, dh->pub_key); +} + +static int dh_pkey_param_check(const EVP_PKEY *pkey) +{ + DH *dh = pkey->pkey.dh; + + return DH_check_ex(dh); +} + const EVP_PKEY_ASN1_METHOD dh_asn1_meth = { EVP_PKEY_DH, EVP_PKEY_DH, @@ -533,7 +558,13 @@ const EVP_PKEY_ASN1_METHOD dh_asn1_meth = { 0, int_dh_free, - 0 + 0, + + 0, 0, 0, 0, 0, + + 0, + dh_pkey_public_check, + dh_pkey_param_check }; const EVP_PKEY_ASN1_METHOD dhx_asn1_meth = { @@ -566,7 +597,13 @@ const EVP_PKEY_ASN1_METHOD dhx_asn1_meth = { 0, int_dh_free, - dh_pkey_ctrl + dh_pkey_ctrl, + + 0, 0, 0, 0, 0, + + 0, + dh_pkey_public_check, + dh_pkey_param_check }; #ifndef OPENSSL_NO_CMS diff --git a/deps/openssl/openssl/crypto/dh/dh_asn1.c b/deps/openssl/openssl/crypto/dh/dh_asn1.c index 7c72fd64e50a33..1a40633b48065e 100644 --- a/deps/openssl/openssl/crypto/dh/dh_asn1.c +++ b/deps/openssl/openssl/crypto/dh/dh_asn1.c @@ -34,7 +34,7 @@ static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, ASN1_SEQUENCE_cb(DHparams, dh_cb) = { ASN1_SIMPLE(DH, p, BIGNUM), ASN1_SIMPLE(DH, g, BIGNUM), - ASN1_OPT(DH, length, ZLONG), + ASN1_OPT_EMBED(DH, length, ZINT32), } ASN1_SEQUENCE_END_cb(DH, DHparams) IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DH, DHparams, DHparams) diff --git a/deps/openssl/openssl/crypto/dh/dh_check.c b/deps/openssl/openssl/crypto/dh/dh_check.c index 3b0fa5903eaf88..fc45577101d03e 100644 --- a/deps/openssl/openssl/crypto/dh/dh_check.c +++ b/deps/openssl/openssl/crypto/dh/dh_check.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -18,6 +18,19 @@ * p is odd * 1 < g < p - 1 */ +int DH_check_params_ex(const DH *dh) +{ + int errflags = 0; + + (void)DH_check_params(dh, &errflags); + + if ((errflags & DH_CHECK_P_NOT_PRIME) != 0) + DHerr(DH_F_DH_CHECK_PARAMS_EX, DH_R_CHECK_P_NOT_PRIME); + if ((errflags & DH_NOT_SUITABLE_GENERATOR) != 0) + DHerr(DH_F_DH_CHECK_PARAMS_EX, DH_R_NOT_SUITABLE_GENERATOR); + + return errflags == 0; +} int DH_check_params(const DH *dh, int *ret) { @@ -49,7 +62,7 @@ int DH_check_params(const DH *dh, int *ret) BN_CTX_end(ctx); BN_CTX_free(ctx); } - return (ok); + return ok; } /*- @@ -61,6 +74,29 @@ int DH_check_params(const DH *dh, int *ret) * for 5, p mod 10 == 3 or 7 * should hold. */ +int DH_check_ex(const DH *dh) +{ + int errflags = 0; + + (void)DH_check(dh, &errflags); + + if ((errflags & DH_NOT_SUITABLE_GENERATOR) != 0) + DHerr(DH_F_DH_CHECK_EX, DH_R_NOT_SUITABLE_GENERATOR); + if ((errflags & DH_CHECK_Q_NOT_PRIME) != 0) + DHerr(DH_F_DH_CHECK_EX, DH_R_CHECK_Q_NOT_PRIME); + if ((errflags & DH_CHECK_INVALID_Q_VALUE) != 0) + DHerr(DH_F_DH_CHECK_EX, DH_R_CHECK_INVALID_Q_VALUE); + if ((errflags & DH_CHECK_INVALID_J_VALUE) != 0) + DHerr(DH_F_DH_CHECK_EX, DH_R_CHECK_INVALID_J_VALUE); + if ((errflags & DH_UNABLE_TO_CHECK_GENERATOR) != 0) + DHerr(DH_F_DH_CHECK_EX, DH_R_UNABLE_TO_CHECK_GENERATOR); + if ((errflags & DH_CHECK_P_NOT_PRIME) != 0) + DHerr(DH_F_DH_CHECK_EX, DH_R_CHECK_P_NOT_PRIME); + if ((errflags & DH_CHECK_P_NOT_SAFE_PRIME) != 0) + DHerr(DH_F_DH_CHECK_EX, DH_R_CHECK_P_NOT_SAFE_PRIME); + + return errflags == 0; +} int DH_check(const DH *dh, int *ret) { @@ -75,8 +111,6 @@ int DH_check(const DH *dh, int *ret) goto err; BN_CTX_start(ctx); t1 = BN_CTX_get(ctx); - if (t1 == NULL) - goto err; t2 = BN_CTX_get(ctx); if (t2 == NULL) goto err; @@ -132,7 +166,7 @@ int DH_check(const DH *dh, int *ret) r = BN_is_prime_ex(t1, BN_prime_checks, ctx, NULL); if (r < 0) goto err; - if (!r) + if (!r) *ret |= DH_CHECK_P_NOT_SAFE_PRIME; } ok = 1; @@ -141,7 +175,23 @@ int DH_check(const DH *dh, int *ret) BN_CTX_end(ctx); BN_CTX_free(ctx); } - return (ok); + return ok; +} + +int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key) +{ + int errflags = 0; + + (void)DH_check(dh, &errflags); + + if ((errflags & DH_CHECK_PUBKEY_TOO_SMALL) != 0) + DHerr(DH_F_DH_CHECK_PUB_KEY_EX, DH_R_CHECK_PUBKEY_TOO_SMALL); + if ((errflags & DH_CHECK_PUBKEY_TOO_LARGE) != 0) + DHerr(DH_F_DH_CHECK_PUB_KEY_EX, DH_R_CHECK_PUBKEY_TOO_LARGE); + if ((errflags & DH_CHECK_PUBKEY_INVALID) != 0) + DHerr(DH_F_DH_CHECK_PUB_KEY_EX, DH_R_CHECK_PUBKEY_INVALID); + + return errflags == 0; } int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) @@ -179,5 +229,5 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) BN_CTX_end(ctx); BN_CTX_free(ctx); } - return (ok); + return ok; } diff --git a/deps/openssl/openssl/crypto/dh/dh_err.c b/deps/openssl/openssl/crypto/dh/dh_err.c index 4e21f284bd312a..7285587b4adeba 100644 --- a/deps/openssl/openssl/crypto/dh/dh_err.c +++ b/deps/openssl/openssl/crypto/dh/dh_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,53 +8,82 @@ * https://www.openssl.org/source/license.html */ -#include #include -#include +#include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -# define ERR_FUNC(func) ERR_PACK(ERR_LIB_DH,func,0) -# define ERR_REASON(reason) ERR_PACK(ERR_LIB_DH,0,reason) - -static ERR_STRING_DATA DH_str_functs[] = { - {ERR_FUNC(DH_F_COMPUTE_KEY), "compute_key"}, - {ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"}, - {ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "dh_builtin_genparams"}, - {ERR_FUNC(DH_F_DH_CMS_DECRYPT), "dh_cms_decrypt"}, - {ERR_FUNC(DH_F_DH_CMS_SET_PEERKEY), "dh_cms_set_peerkey"}, - {ERR_FUNC(DH_F_DH_CMS_SET_SHARED_INFO), "dh_cms_set_shared_info"}, - {ERR_FUNC(DH_F_DH_METH_DUP), "DH_meth_dup"}, - {ERR_FUNC(DH_F_DH_METH_NEW), "DH_meth_new"}, - {ERR_FUNC(DH_F_DH_METH_SET1_NAME), "DH_meth_set1_name"}, - {ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"}, - {ERR_FUNC(DH_F_DH_PARAM_DECODE), "dh_param_decode"}, - {ERR_FUNC(DH_F_DH_PRIV_DECODE), "dh_priv_decode"}, - {ERR_FUNC(DH_F_DH_PRIV_ENCODE), "dh_priv_encode"}, - {ERR_FUNC(DH_F_DH_PUB_DECODE), "dh_pub_decode"}, - {ERR_FUNC(DH_F_DH_PUB_ENCODE), "dh_pub_encode"}, - {ERR_FUNC(DH_F_DO_DH_PRINT), "do_dh_print"}, - {ERR_FUNC(DH_F_GENERATE_KEY), "generate_key"}, - {ERR_FUNC(DH_F_PKEY_DH_DERIVE), "pkey_dh_derive"}, - {ERR_FUNC(DH_F_PKEY_DH_KEYGEN), "pkey_dh_keygen"}, +static const ERR_STRING_DATA DH_str_functs[] = { + {ERR_PACK(ERR_LIB_DH, DH_F_COMPUTE_KEY, 0), "compute_key"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DHPARAMS_PRINT_FP, 0), "DHparams_print_fp"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_BUILTIN_GENPARAMS, 0), + "dh_builtin_genparams"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_EX, 0), "DH_check_ex"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PARAMS_EX, 0), "DH_check_params_ex"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PUB_KEY_EX, 0), "DH_check_pub_key_ex"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_DECRYPT, 0), "dh_cms_decrypt"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_PEERKEY, 0), "dh_cms_set_peerkey"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_SHARED_INFO, 0), + "dh_cms_set_shared_info"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_DUP, 0), "DH_meth_dup"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_NEW, 0), "DH_meth_new"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_SET1_NAME, 0), "DH_meth_set1_name"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_NEW_BY_NID, 0), "DH_new_by_nid"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_NEW_METHOD, 0), "DH_new_method"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_PARAM_DECODE, 0), "dh_param_decode"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_PKEY_PUBLIC_CHECK, 0), + "dh_pkey_public_check"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_PRIV_DECODE, 0), "dh_priv_decode"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_PRIV_ENCODE, 0), "dh_priv_encode"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_PUB_DECODE, 0), "dh_pub_decode"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_PUB_ENCODE, 0), "dh_pub_encode"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DO_DH_PRINT, 0), "do_dh_print"}, + {ERR_PACK(ERR_LIB_DH, DH_F_GENERATE_KEY, 0), "generate_key"}, + {ERR_PACK(ERR_LIB_DH, DH_F_PKEY_DH_CTRL_STR, 0), "pkey_dh_ctrl_str"}, + {ERR_PACK(ERR_LIB_DH, DH_F_PKEY_DH_DERIVE, 0), "pkey_dh_derive"}, + {ERR_PACK(ERR_LIB_DH, DH_F_PKEY_DH_INIT, 0), "pkey_dh_init"}, + {ERR_PACK(ERR_LIB_DH, DH_F_PKEY_DH_KEYGEN, 0), "pkey_dh_keygen"}, {0, NULL} }; -static ERR_STRING_DATA DH_str_reasons[] = { - {ERR_REASON(DH_R_BAD_GENERATOR), "bad generator"}, - {ERR_REASON(DH_R_BN_DECODE_ERROR), "bn decode error"}, - {ERR_REASON(DH_R_BN_ERROR), "bn error"}, - {ERR_REASON(DH_R_DECODE_ERROR), "decode error"}, - {ERR_REASON(DH_R_INVALID_PUBKEY), "invalid public key"}, - {ERR_REASON(DH_R_KDF_PARAMETER_ERROR), "kdf parameter error"}, - {ERR_REASON(DH_R_KEYS_NOT_SET), "keys not set"}, - {ERR_REASON(DH_R_MODULUS_TOO_LARGE), "modulus too large"}, - {ERR_REASON(DH_R_NO_PARAMETERS_SET), "no parameters set"}, - {ERR_REASON(DH_R_NO_PRIVATE_VALUE), "no private value"}, - {ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"}, - {ERR_REASON(DH_R_PEER_KEY_ERROR), "peer key error"}, - {ERR_REASON(DH_R_SHARED_INFO_ERROR), "shared info error"}, +static const ERR_STRING_DATA DH_str_reasons[] = { + {ERR_PACK(ERR_LIB_DH, 0, DH_R_BAD_GENERATOR), "bad generator"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_BN_DECODE_ERROR), "bn decode error"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_BN_ERROR), "bn error"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_INVALID_J_VALUE), + "check invalid j value"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_INVALID_Q_VALUE), + "check invalid q value"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_PUBKEY_INVALID), + "check pubkey invalid"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_PUBKEY_TOO_LARGE), + "check pubkey too large"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_PUBKEY_TOO_SMALL), + "check pubkey too small"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_P_NOT_PRIME), "check p not prime"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_P_NOT_SAFE_PRIME), + "check p not safe prime"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_Q_NOT_PRIME), "check q not prime"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_DECODE_ERROR), "decode error"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_INVALID_PARAMETER_NAME), + "invalid parameter name"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_INVALID_PARAMETER_NID), + "invalid parameter nid"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_INVALID_PUBKEY), "invalid public key"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_KDF_PARAMETER_ERROR), "kdf parameter error"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_KEYS_NOT_SET), "keys not set"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_MISSING_PUBKEY), "missing pubkey"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_MODULUS_TOO_LARGE), "modulus too large"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_NOT_SUITABLE_GENERATOR), + "not suitable generator"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_NO_PARAMETERS_SET), "no parameters set"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_NO_PRIVATE_VALUE), "no private value"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR), + "parameter encoding error"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_SHARED_INFO_ERROR), "shared info error"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_UNABLE_TO_CHECK_GENERATOR), + "unable to check generator"}, {0, NULL} }; @@ -63,10 +92,9 @@ static ERR_STRING_DATA DH_str_reasons[] = { int ERR_load_DH_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(DH_str_functs[0].error) == NULL) { - ERR_load_strings(0, DH_str_functs); - ERR_load_strings(0, DH_str_reasons); + ERR_load_strings_const(DH_str_functs); + ERR_load_strings_const(DH_str_reasons); } #endif return 1; diff --git a/deps/openssl/openssl/crypto/dh/dh_gen.c b/deps/openssl/openssl/crypto/dh/dh_gen.c index 27ecb983d16bf5..59137e0f05aa4b 100644 --- a/deps/openssl/openssl/crypto/dh/dh_gen.c +++ b/deps/openssl/openssl/crypto/dh/dh_gen.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -43,7 +43,7 @@ int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, * for 3, p mod 12 == 5 <<<<< does not work for safe primes. * for 5, p mod 10 == 3 or 7 * - * Thanks to Phil Karn for the pointers about the + * Thanks to Phil Karn for the pointers about the * special generators and for answering some of my questions. * * I've implemented the second simple method :-). @@ -68,7 +68,7 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_CTX_start(ctx); t1 = BN_CTX_get(ctx); t2 = BN_CTX_get(ctx); - if (t1 == NULL || t2 == NULL) + if (t2 == NULL) goto err; /* Make sure 'ret' has the necessary elements */ diff --git a/deps/openssl/openssl/crypto/dh/dh_kdf.c b/deps/openssl/openssl/crypto/dh/dh_kdf.c index 2782eeee6e032c..e17122bc82e3aa 100644 --- a/deps/openssl/openssl/crypto/dh/dh_kdf.c +++ b/deps/openssl/openssl/crypto/dh/dh_kdf.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include +#include "e_os.h" #ifndef OPENSSL_NO_CMS #include diff --git a/deps/openssl/openssl/crypto/dh/dh_key.c b/deps/openssl/openssl/crypto/dh/dh_key.c index b53a0632445bf0..4f85be7e49bdf5 100644 --- a/deps/openssl/openssl/crypto/dh/dh_key.c +++ b/deps/openssl/openssl/crypto/dh/dh_key.c @@ -116,14 +116,14 @@ static int generate_key(DH *dh) if (generate_new_key) { if (dh->q) { do { - if (!BN_rand_range(priv_key, dh->q)) + if (!BN_priv_rand_range(priv_key, dh->q)) goto err; } while (BN_is_zero(priv_key) || BN_is_one(priv_key)); } else { /* secret exponent length */ l = dh->length ? dh->length : BN_num_bits(dh->p) - 1; - if (!BN_rand(priv_key, l, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) + if (!BN_priv_rand(priv_key, l, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) goto err; } } @@ -155,7 +155,7 @@ static int generate_key(DH *dh) if (priv_key != dh->priv_key) BN_free(priv_key); BN_CTX_free(ctx); - return (ok); + return ok; } static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) @@ -209,7 +209,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) BN_CTX_end(ctx); BN_CTX_free(ctx); } - return (ret); + return ret; } static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, @@ -222,11 +222,11 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, static int dh_init(DH *dh) { dh->flags |= DH_FLAG_CACHE_MONT_P; - return (1); + return 1; } static int dh_finish(DH *dh) { BN_MONT_CTX_free(dh->method_mont_p); - return (1); + return 1; } diff --git a/deps/openssl/openssl/crypto/dh/dh_lib.c b/deps/openssl/openssl/crypto/dh/dh_lib.c index 2e727df8972e61..962f864deec614 100644 --- a/deps/openssl/openssl/crypto/dh/dh_lib.c +++ b/deps/openssl/openssl/crypto/dh/dh_lib.c @@ -9,6 +9,7 @@ #include #include "internal/cryptlib.h" +#include "internal/refcount.h" #include #include "dh_locl.h" #include @@ -99,7 +100,7 @@ void DH_free(DH *r) if (r == NULL) return; - CRYPTO_atomic_add(&r->references, -1, &i, r->lock); + CRYPTO_DOWN_REF(&r->references, &i, r->lock); REF_PRINT_COUNT("DH", r); if (i > 0) return; @@ -130,7 +131,7 @@ int DH_up_ref(DH *r) { int i; - if (CRYPTO_atomic_add(&r->references, 1, &i, r->lock) <= 0) + if (CRYPTO_UP_REF(&r->references, &i, r->lock) <= 0) return 0; REF_PRINT_COUNT("DH", r); @@ -140,12 +141,12 @@ int DH_up_ref(DH *r) int DH_set_ex_data(DH *d, int idx, void *arg) { - return (CRYPTO_set_ex_data(&d->ex_data, idx, arg)); + return CRYPTO_set_ex_data(&d->ex_data, idx, arg); } void *DH_get_ex_data(DH *d, int idx) { - return (CRYPTO_get_ex_data(&d->ex_data, idx)); + return CRYPTO_get_ex_data(&d->ex_data, idx); } int DH_bits(const DH *dh) @@ -155,7 +156,7 @@ int DH_bits(const DH *dh) int DH_size(const DH *dh) { - return (BN_num_bytes(dh->p)); + return BN_num_bytes(dh->p); } int DH_security_bits(const DH *dh) @@ -244,6 +245,31 @@ int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) return 1; } +const BIGNUM *DH_get0_p(const DH *dh) +{ + return dh->p; +} + +const BIGNUM *DH_get0_q(const DH *dh) +{ + return dh->q; +} + +const BIGNUM *DH_get0_g(const DH *dh) +{ + return dh->g; +} + +const BIGNUM *DH_get0_priv_key(const DH *dh) +{ + return dh->priv_key; +} + +const BIGNUM *DH_get0_pub_key(const DH *dh) +{ + return dh->pub_key; +} + void DH_clear_flags(DH *dh, int flags) { dh->flags &= ~flags; diff --git a/deps/openssl/openssl/crypto/dh/dh_locl.h b/deps/openssl/openssl/crypto/dh/dh_locl.h index 19301c31858641..0a8391a6c00416 100644 --- a/deps/openssl/openssl/crypto/dh/dh_locl.h +++ b/deps/openssl/openssl/crypto/dh/dh_locl.h @@ -8,6 +8,7 @@ */ #include +#include "internal/refcount.h" struct dh_st { /* @@ -18,7 +19,7 @@ struct dh_st { int version; BIGNUM *p; BIGNUM *g; - long length; /* optional */ + int32_t length; /* optional */ BIGNUM *pub_key; /* g^x % p */ BIGNUM *priv_key; /* x */ int flags; @@ -29,7 +30,7 @@ struct dh_st { unsigned char *seed; int seedlen; BIGNUM *counter; - int references; + CRYPTO_REF_COUNT references; CRYPTO_EX_DATA ex_data; const DH_METHOD *meth; ENGINE *engine; diff --git a/deps/openssl/openssl/crypto/dh/dh_pmeth.c b/deps/openssl/openssl/crypto/dh/dh_pmeth.c index c3e03c7a420db0..cce2d9e26efcb9 100644 --- a/deps/openssl/openssl/crypto/dh/dh_pmeth.c +++ b/deps/openssl/openssl/crypto/dh/dh_pmeth.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -26,9 +26,11 @@ typedef struct { int generator; int use_dsa; int subprime_len; + int pad; /* message digest used for parameter generation */ const EVP_MD *md; int rfc5114_param; + int param_nid; /* Keygen callback info */ int gentmp[2]; /* KDF (if any) to use for DH */ @@ -48,9 +50,10 @@ static int pkey_dh_init(EVP_PKEY_CTX *ctx) { DH_PKEY_CTX *dctx; - dctx = OPENSSL_zalloc(sizeof(*dctx)); - if (dctx == NULL) + if ((dctx = OPENSSL_zalloc(sizeof(*dctx))) == NULL) { + DHerr(DH_F_PKEY_DH_INIT, ERR_R_MALLOC_FAILURE); return 0; + } dctx->prime_len = 1024; dctx->subprime_len = -1; dctx->generator = 2; @@ -85,8 +88,10 @@ static int pkey_dh_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) dctx->subprime_len = sctx->subprime_len; dctx->generator = sctx->generator; dctx->use_dsa = sctx->use_dsa; + dctx->pad = sctx->pad; dctx->md = sctx->md; dctx->rfc5114_param = sctx->rfc5114_param; + dctx->param_nid = sctx->param_nid; dctx->kdf_type = sctx->kdf_type; dctx->kdf_oid = OBJ_dup(sctx->kdf_oid); @@ -119,6 +124,10 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) dctx->subprime_len = p1; return 1; + case EVP_PKEY_CTRL_DH_PAD: + dctx->pad = p1; + return 1; + case EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR: if (dctx->use_dsa) return -2; @@ -137,11 +146,17 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) return 1; case EVP_PKEY_CTRL_DH_RFC5114: - if (p1 < 1 || p1 > 3) + if (p1 < 1 || p1 > 3 || dctx->param_nid != NID_undef) return -2; dctx->rfc5114_param = p1; return 1; + case EVP_PKEY_CTRL_DH_NID: + if (p1 <= 0 || dctx->rfc5114_param != 0) + return -2; + dctx->param_nid = p1; + return 1; + case EVP_PKEY_CTRL_PEER_KEY: /* Default behaviour is OK */ return 1; @@ -221,6 +236,17 @@ static int pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx, dctx->rfc5114_param = len; return 1; } + if (strcmp(type, "dh_param") == 0) { + DH_PKEY_CTX *dctx = ctx->data; + int nid = OBJ_sn2nid(value); + + if (nid == NID_undef) { + DHerr(DH_F_PKEY_DH_CTRL_STR, DH_R_INVALID_PARAMETER_NAME); + return -2; + } + dctx->param_nid = nid; + return 1; + } if (strcmp(type, "dh_paramgen_generator") == 0) { int len; len = atoi(value); @@ -236,6 +262,11 @@ static int pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx, typ = atoi(value); return EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ); } + if (strcmp(type, "dh_pad") == 0) { + int pad; + pad = atoi(value); + return EVP_PKEY_CTX_set_dh_pad(ctx, pad); + } return -2; } @@ -320,6 +351,13 @@ static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) return 1; } + if (dctx->param_nid != 0) { + if ((dh = DH_new_by_nid(dctx->param_nid)) == NULL) + return 0; + EVP_PKEY_assign(pkey, EVP_PKEY_DH, dh); + return 1; + } + if (ctx->pkey_gencb) { pcb = BN_GENCB_new(); if (pcb == NULL) @@ -359,17 +397,22 @@ static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) static int pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { + DH_PKEY_CTX *dctx = ctx->data; DH *dh = NULL; - if (ctx->pkey == NULL) { + + if (ctx->pkey == NULL && dctx->param_nid == 0) { DHerr(DH_F_PKEY_DH_KEYGEN, DH_R_NO_PARAMETERS_SET); return 0; } - dh = DH_new(); + if (dctx->param_nid != 0) + dh = DH_new_by_nid(dctx->param_nid); + else + dh = DH_new(); if (dh == NULL) return 0; EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, dh); /* Note: if error return, pkey is freed by parent routine */ - if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey)) + if (ctx->pkey != NULL && !EVP_PKEY_copy_parameters(pkey, ctx->pkey)) return 0; return DH_generate_key(pkey->pkey.dh); } @@ -392,7 +435,10 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, *keylen = DH_size(dh); return 1; } - ret = DH_compute_key(key, dhpub, dh); + if (dctx->pad) + ret = DH_compute_key_padded(key, dhpub, dh); + else + ret = DH_compute_key(key, dhpub, dh); if (ret < 0) return ret; *keylen = ret; diff --git a/deps/openssl/openssl/crypto/dh/dh_prn.c b/deps/openssl/openssl/crypto/dh/dh_prn.c index 283fb0f4a31a47..aab1733db3b3b7 100644 --- a/deps/openssl/openssl/crypto/dh/dh_prn.c +++ b/deps/openssl/openssl/crypto/dh/dh_prn.c @@ -20,11 +20,11 @@ int DHparams_print_fp(FILE *fp, const DH *x) if ((b = BIO_new(BIO_s_file())) == NULL) { DHerr(DH_F_DHPARAMS_PRINT_FP, ERR_R_BUF_LIB); - return (0); + return 0; } BIO_set_fp(b, fp, BIO_NOCLOSE); ret = DHparams_print(b, x); BIO_free(b); - return (ret); + return ret; } #endif diff --git a/deps/openssl/openssl/crypto/dh/dh_rfc7919.c b/deps/openssl/openssl/crypto/dh/dh_rfc7919.c new file mode 100644 index 00000000000000..a54b468e552ce1 --- /dev/null +++ b/deps/openssl/openssl/crypto/dh/dh_rfc7919.c @@ -0,0 +1,74 @@ +/* + * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "internal/cryptlib.h" +#include "dh_locl.h" +#include +#include +#include "internal/bn_dh.h" + +static DH *dh_param_init(const BIGNUM *p, int32_t nbits) +{ + DH *dh = DH_new(); + if (dh == NULL) + return NULL; + dh->p = (BIGNUM *)p; + dh->g = (BIGNUM *)&_bignum_const_2; + dh->length = nbits; + return dh; +} + +DH *DH_new_by_nid(int nid) +{ + switch (nid) { + case NID_ffdhe2048: + return dh_param_init(&_bignum_ffdhe2048_p, 225); + case NID_ffdhe3072: + return dh_param_init(&_bignum_ffdhe3072_p, 275); + case NID_ffdhe4096: + return dh_param_init(&_bignum_ffdhe4096_p, 325); + case NID_ffdhe6144: + return dh_param_init(&_bignum_ffdhe6144_p, 375); + case NID_ffdhe8192: + return dh_param_init(&_bignum_ffdhe8192_p, 400); + default: + DHerr(DH_F_DH_NEW_BY_NID, DH_R_INVALID_PARAMETER_NID); + return NULL; + } +} + +int DH_get_nid(const DH *dh) +{ + int nid; + + if (BN_get_word(dh->g) != 2) + return NID_undef; + if (!BN_cmp(dh->p, &_bignum_ffdhe2048_p)) + nid = NID_ffdhe2048; + else if (!BN_cmp(dh->p, &_bignum_ffdhe3072_p)) + nid = NID_ffdhe3072; + else if (!BN_cmp(dh->p, &_bignum_ffdhe4096_p)) + nid = NID_ffdhe4096; + else if (!BN_cmp(dh->p, &_bignum_ffdhe6144_p)) + nid = NID_ffdhe6144; + else if (!BN_cmp(dh->p, &_bignum_ffdhe8192_p)) + nid = NID_ffdhe8192; + else + return NID_undef; + if (dh->q != NULL) { + BIGNUM *q = BN_dup(dh->p); + + /* Check q = p * 2 + 1 we already know q is odd, so just shift right */ + if (q == NULL || !BN_rshift1(q, q) || !BN_cmp(dh->q, q)) + nid = NID_undef; + BN_free(q); + } + return nid; +} diff --git a/deps/openssl/openssl/crypto/dllmain.c b/deps/openssl/openssl/crypto/dllmain.c index 91904aad983b5a..0838c55e489749 100644 --- a/deps/openssl/openssl/crypto/dllmain.c +++ b/deps/openssl/openssl/crypto/dllmain.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,6 +7,7 @@ * https://www.openssl.org/source/license.html */ +#include "e_os.h" #include "internal/cryptlib_int.h" #if defined(_WIN32) || defined(__CYGWIN__) @@ -30,21 +31,6 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) switch (fdwReason) { case DLL_PROCESS_ATTACH: OPENSSL_cpuid_setup(); -# if defined(_WIN32_WINNT) - { - IMAGE_DOS_HEADER *dos_header = (IMAGE_DOS_HEADER *) hinstDLL; - IMAGE_NT_HEADERS *nt_headers; - - if (dos_header->e_magic == IMAGE_DOS_SIGNATURE) { - nt_headers = (IMAGE_NT_HEADERS *) ((char *)dos_header - + dos_header->e_lfanew); - if (nt_headers->Signature == IMAGE_NT_SIGNATURE && - hinstDLL != - (HINSTANCE) (nt_headers->OptionalHeader.ImageBase)) - OPENSSL_NONPIC_relocated = 1; - } - } -# endif break; case DLL_THREAD_ATTACH: break; @@ -54,7 +40,7 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) case DLL_PROCESS_DETACH: break; } - return (TRUE); + return TRUE; } #endif diff --git a/deps/openssl/openssl/crypto/dsa/dsa_ameth.c b/deps/openssl/openssl/crypto/dsa/dsa_ameth.c index d4e4066c494187..9c5b8aa02e9dbd 100644 --- a/deps/openssl/openssl/crypto/dsa/dsa_ameth.c +++ b/deps/openssl/openssl/crypto/dsa/dsa_ameth.c @@ -254,7 +254,7 @@ static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) static int int_dsa_size(const EVP_PKEY *pkey) { - return (DSA_size(pkey->pkey.dsa)); + return DSA_size(pkey->pkey.dsa); } static int dsa_bits(const EVP_PKEY *pkey) @@ -369,7 +369,7 @@ static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype) goto err; ret = 1; err: - return (ret); + return ret; } static int dsa_param_decode(EVP_PKEY *pkey, diff --git a/deps/openssl/openssl/crypto/dsa/dsa_asn1.c b/deps/openssl/openssl/crypto/dsa/dsa_asn1.c index 551c1075065016..6499e87ef31893 100644 --- a/deps/openssl/openssl/crypto/dsa/dsa_asn1.c +++ b/deps/openssl/openssl/crypto/dsa/dsa_asn1.c @@ -75,7 +75,7 @@ static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, } ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = { - ASN1_SIMPLE(DSA, version, LONG), + ASN1_EMBED(DSA, version, INT32), ASN1_SIMPLE(DSA, p, BIGNUM), ASN1_SIMPLE(DSA, q, BIGNUM), ASN1_SIMPLE(DSA, g, BIGNUM), @@ -111,15 +111,15 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, unsigned int *siglen, DSA *dsa) { DSA_SIG *s; - RAND_seed(dgst, dlen); + s = DSA_do_sign(dgst, dlen, dsa); if (s == NULL) { *siglen = 0; - return (0); + return 0; } *siglen = i2d_DSA_SIG(s, &sig); DSA_SIG_free(s); - return (1); + return 1; } /* data has already been hashed (probably with SHA or SHA-1). */ @@ -140,7 +140,7 @@ int DSA_verify(int type, const unsigned char *dgst, int dgst_len, s = DSA_SIG_new(); if (s == NULL) - return (ret); + return ret; if (d2i_DSA_SIG(&s, &p, siglen) == NULL) goto err; /* Ensure signature uses DER and doesn't have trailing garbage */ @@ -151,5 +151,5 @@ int DSA_verify(int type, const unsigned char *dgst, int dgst_len, err: OPENSSL_clear_free(der, derlen); DSA_SIG_free(s); - return (ret); + return ret; } diff --git a/deps/openssl/openssl/crypto/dsa/dsa_err.c b/deps/openssl/openssl/crypto/dsa/dsa_err.c index 132008803e5e21..8f97f6f3f9eed6 100644 --- a/deps/openssl/openssl/crypto/dsa/dsa_err.c +++ b/deps/openssl/openssl/crypto/dsa/dsa_err.c @@ -8,57 +8,57 @@ * https://www.openssl.org/source/license.html */ -#include #include -#include +#include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -# define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSA,func,0) -# define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSA,0,reason) - -static ERR_STRING_DATA DSA_str_functs[] = { - {ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"}, - {ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"}, - {ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN), "dsa_builtin_paramgen"}, - {ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN2), "dsa_builtin_paramgen2"}, - {ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"}, - {ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"}, - {ERR_FUNC(DSA_F_DSA_METH_DUP), "DSA_meth_dup"}, - {ERR_FUNC(DSA_F_DSA_METH_NEW), "DSA_meth_new"}, - {ERR_FUNC(DSA_F_DSA_METH_SET1_NAME), "DSA_meth_set1_name"}, - {ERR_FUNC(DSA_F_DSA_NEW_METHOD), "DSA_new_method"}, - {ERR_FUNC(DSA_F_DSA_PARAM_DECODE), "dsa_param_decode"}, - {ERR_FUNC(DSA_F_DSA_PRINT_FP), "DSA_print_fp"}, - {ERR_FUNC(DSA_F_DSA_PRIV_DECODE), "dsa_priv_decode"}, - {ERR_FUNC(DSA_F_DSA_PRIV_ENCODE), "dsa_priv_encode"}, - {ERR_FUNC(DSA_F_DSA_PUB_DECODE), "dsa_pub_decode"}, - {ERR_FUNC(DSA_F_DSA_PUB_ENCODE), "dsa_pub_encode"}, - {ERR_FUNC(DSA_F_DSA_SIGN), "DSA_sign"}, - {ERR_FUNC(DSA_F_DSA_SIGN_SETUP), "DSA_sign_setup"}, - {ERR_FUNC(DSA_F_DSA_SIG_NEW), "DSA_SIG_new"}, - {ERR_FUNC(DSA_F_OLD_DSA_PRIV_DECODE), "old_dsa_priv_decode"}, - {ERR_FUNC(DSA_F_PKEY_DSA_CTRL), "pkey_dsa_ctrl"}, - {ERR_FUNC(DSA_F_PKEY_DSA_CTRL_STR), "pkey_dsa_ctrl_str"}, - {ERR_FUNC(DSA_F_PKEY_DSA_KEYGEN), "pkey_dsa_keygen"}, +static const ERR_STRING_DATA DSA_str_functs[] = { + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSAPARAMS_PRINT, 0), "DSAparams_print"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSAPARAMS_PRINT_FP, 0), "DSAparams_print_fp"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_BUILTIN_PARAMGEN, 0), + "dsa_builtin_paramgen"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_BUILTIN_PARAMGEN2, 0), + "dsa_builtin_paramgen2"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_DO_SIGN, 0), "DSA_do_sign"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_DO_VERIFY, 0), "DSA_do_verify"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_DUP, 0), "DSA_meth_dup"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_NEW, 0), "DSA_meth_new"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_SET1_NAME, 0), "DSA_meth_set1_name"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_NEW_METHOD, 0), "DSA_new_method"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PARAM_DECODE, 0), "dsa_param_decode"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PRINT_FP, 0), "DSA_print_fp"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PRIV_DECODE, 0), "dsa_priv_decode"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PRIV_ENCODE, 0), "dsa_priv_encode"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PUB_DECODE, 0), "dsa_pub_decode"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PUB_ENCODE, 0), "dsa_pub_encode"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_SIGN, 0), "DSA_sign"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_SIGN_SETUP, 0), "DSA_sign_setup"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_SIG_NEW, 0), "DSA_SIG_new"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_OLD_DSA_PRIV_DECODE, 0), + "old_dsa_priv_decode"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_PKEY_DSA_CTRL, 0), "pkey_dsa_ctrl"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_PKEY_DSA_CTRL_STR, 0), "pkey_dsa_ctrl_str"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_PKEY_DSA_KEYGEN, 0), "pkey_dsa_keygen"}, {0, NULL} }; -static ERR_STRING_DATA DSA_str_reasons[] = { - {ERR_REASON(DSA_R_BAD_Q_VALUE), "bad q value"}, - {ERR_REASON(DSA_R_BN_DECODE_ERROR), "bn decode error"}, - {ERR_REASON(DSA_R_BN_ERROR), "bn error"}, - {ERR_REASON(DSA_R_DECODE_ERROR), "decode error"}, - {ERR_REASON(DSA_R_INVALID_DIGEST_TYPE), "invalid digest type"}, - {ERR_REASON(DSA_R_INVALID_PARAMETERS), "invalid parameters"}, - {ERR_REASON(DSA_R_MISSING_PARAMETERS), "missing parameters"}, - {ERR_REASON(DSA_R_MODULUS_TOO_LARGE), "modulus too large"}, - {ERR_REASON(DSA_R_NO_PARAMETERS_SET), "no parameters set"}, - {ERR_REASON(DSA_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"}, - {ERR_REASON(DSA_R_Q_NOT_PRIME), "q not prime"}, - {ERR_REASON(DSA_R_SEED_LEN_SMALL), - "seed_len is less than the length of q"}, +static const ERR_STRING_DATA DSA_str_reasons[] = { + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BAD_Q_VALUE), "bad q value"}, + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BN_DECODE_ERROR), "bn decode error"}, + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BN_ERROR), "bn error"}, + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_DECODE_ERROR), "decode error"}, + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_INVALID_DIGEST_TYPE), + "invalid digest type"}, + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_INVALID_PARAMETERS), "invalid parameters"}, + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MISSING_PARAMETERS), "missing parameters"}, + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MODULUS_TOO_LARGE), "modulus too large"}, + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NO_PARAMETERS_SET), "no parameters set"}, + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_PARAMETER_ENCODING_ERROR), + "parameter encoding error"}, + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_Q_NOT_PRIME), "q not prime"}, + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_SEED_LEN_SMALL), + "seed_len is less than the length of q"}, {0, NULL} }; @@ -67,10 +67,9 @@ static ERR_STRING_DATA DSA_str_reasons[] = { int ERR_load_DSA_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(DSA_str_functs[0].error) == NULL) { - ERR_load_strings(0, DSA_str_functs); - ERR_load_strings(0, DSA_str_reasons); + ERR_load_strings_const(DSA_str_functs); + ERR_load_strings_const(DSA_str_reasons); } #endif return 1; diff --git a/deps/openssl/openssl/crypto/dsa/dsa_gen.c b/deps/openssl/openssl/crypto/dsa/dsa_gen.c index 46f4f01ee0e491..383d853b6d3730 100644 --- a/deps/openssl/openssl/crypto/dsa/dsa_gen.c +++ b/deps/openssl/openssl/crypto/dsa/dsa_gen.c @@ -327,6 +327,12 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, if (mctx == NULL) goto err; + /* make sure L > N, otherwise we'll get trapped in an infinite loop */ + if (L <= N) { + DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_INVALID_PARAMETERS); + goto err; + } + if (evpmd == NULL) { if (N == 160) evpmd = EVP_sha1(); diff --git a/deps/openssl/openssl/crypto/dsa/dsa_key.c b/deps/openssl/openssl/crypto/dsa/dsa_key.c index 31442b1cff17ac..a48af58492914c 100644 --- a/deps/openssl/openssl/crypto/dsa/dsa_key.c +++ b/deps/openssl/openssl/crypto/dsa/dsa_key.c @@ -38,7 +38,7 @@ static int dsa_builtin_keygen(DSA *dsa) priv_key = dsa->priv_key; do - if (!BN_rand_range(priv_key, dsa->q)) + if (!BN_priv_rand_range(priv_key, dsa->q)) goto err; while (BN_is_zero(priv_key)) ; @@ -73,5 +73,5 @@ static int dsa_builtin_keygen(DSA *dsa) if (priv_key != dsa->priv_key) BN_free(priv_key); BN_CTX_free(ctx); - return (ok); + return ok; } diff --git a/deps/openssl/openssl/crypto/dsa/dsa_lib.c b/deps/openssl/openssl/crypto/dsa/dsa_lib.c index 08956b9e3dd4ce..1048601bebde38 100644 --- a/deps/openssl/openssl/crypto/dsa/dsa_lib.c +++ b/deps/openssl/openssl/crypto/dsa/dsa_lib.c @@ -7,10 +7,9 @@ * https://www.openssl.org/source/license.html */ -/* Original version from Steven Schoch */ - #include #include "internal/cryptlib.h" +#include "internal/refcount.h" #include #include "dsa_locl.h" #include @@ -108,7 +107,7 @@ void DSA_free(DSA *r) if (r == NULL) return; - CRYPTO_atomic_add(&r->references, -1, &i, r->lock); + CRYPTO_DOWN_REF(&r->references, &i, r->lock); REF_PRINT_COUNT("DSA", r); if (i > 0) return; @@ -136,7 +135,7 @@ int DSA_up_ref(DSA *r) { int i; - if (CRYPTO_atomic_add(&r->references, 1, &i, r->lock) <= 0) + if (CRYPTO_UP_REF(&r->references, &i, r->lock) <= 0) return 0; REF_PRINT_COUNT("DSA", r); @@ -163,17 +162,17 @@ int DSA_size(const DSA *r) i = i2d_ASN1_INTEGER(&bs, NULL); i += i; /* r and s */ ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE); - return (ret); + return ret; } int DSA_set_ex_data(DSA *d, int idx, void *arg) { - return (CRYPTO_set_ex_data(&d->ex_data, idx, arg)); + return CRYPTO_set_ex_data(&d->ex_data, idx, arg); } void *DSA_get_ex_data(DSA *d, int idx) { - return (CRYPTO_get_ex_data(&d->ex_data, idx)); + return CRYPTO_get_ex_data(&d->ex_data, idx); } int DSA_security_bits(const DSA *d) @@ -308,6 +307,31 @@ int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key) return 1; } +const BIGNUM *DSA_get0_p(const DSA *d) +{ + return d->p; +} + +const BIGNUM *DSA_get0_q(const DSA *d) +{ + return d->q; +} + +const BIGNUM *DSA_get0_g(const DSA *d) +{ + return d->g; +} + +const BIGNUM *DSA_get0_pub_key(const DSA *d) +{ + return d->pub_key; +} + +const BIGNUM *DSA_get0_priv_key(const DSA *d) +{ + return d->priv_key; +} + void DSA_clear_flags(DSA *d, int flags) { d->flags &= ~flags; diff --git a/deps/openssl/openssl/crypto/dsa/dsa_locl.h b/deps/openssl/openssl/crypto/dsa/dsa_locl.h index 9021fce0bf8af1..a81a4b49788d79 100644 --- a/deps/openssl/openssl/crypto/dsa/dsa_locl.h +++ b/deps/openssl/openssl/crypto/dsa/dsa_locl.h @@ -8,6 +8,7 @@ */ #include +#include "internal/refcount.h" struct dsa_st { /* @@ -15,7 +16,7 @@ struct dsa_st { * instead of of a EVP_PKEY */ int pad; - long version; + int32_t version; BIGNUM *p; BIGNUM *q; /* == 20 */ BIGNUM *g; @@ -24,7 +25,7 @@ struct dsa_st { int flags; /* Normally used to cache montgomery values */ BN_MONT_CTX *method_mont_p; - int references; + CRYPTO_REF_COUNT references; CRYPTO_EX_DATA ex_data; const DSA_METHOD *meth; /* functional reference if 'meth' is ENGINE-provided */ diff --git a/deps/openssl/openssl/crypto/dsa/dsa_meth.c b/deps/openssl/openssl/crypto/dsa/dsa_meth.c index 04203780c42b08..ff4fae44a7c309 100644 --- a/deps/openssl/openssl/crypto/dsa/dsa_meth.c +++ b/deps/openssl/openssl/crypto/dsa/dsa_meth.c @@ -132,7 +132,7 @@ int DSA_meth_set_sign_setup(DSA_METHOD *dsam, } int (*DSA_meth_get_verify(const DSA_METHOD *dsam)) - (const unsigned char *, int , DSA_SIG *, DSA *) + (const unsigned char *, int, DSA_SIG *, DSA *) { return dsam->dsa_do_verify; } diff --git a/deps/openssl/openssl/crypto/dsa/dsa_ossl.c b/deps/openssl/openssl/crypto/dsa/dsa_ossl.c index 4aa49f554af3b8..7a0b0874c54e0e 100644 --- a/deps/openssl/openssl/crypto/dsa/dsa_ossl.c +++ b/deps/openssl/openssl/crypto/dsa/dsa_ossl.c @@ -7,10 +7,9 @@ * https://www.openssl.org/source/license.html */ -/* Original version from Steven Schoch */ - #include #include "internal/cryptlib.h" +#include "internal/bn_int.h" #include #include #include "dsa_locl.h" @@ -25,6 +24,8 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa); static int dsa_init(DSA *dsa); static int dsa_finish(DSA *dsa); +static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q, + BN_CTX *ctx); static DSA_METHOD openssl_dsa_meth = { "OpenSSL DSA method", @@ -116,8 +117,8 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) /* Generate a blinding value */ do { - if (!BN_rand(blind, BN_num_bits(dsa->q) - 1, BN_RAND_TOP_ANY, - BN_RAND_BOTTOM_ANY)) + if (!BN_priv_rand(blind, BN_num_bits(dsa->q) - 1, + BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) goto err; } while (BN_is_zero(blind)); BN_set_flags(blind, BN_FLG_CONSTTIME); @@ -180,9 +181,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, { BN_CTX *ctx = NULL; BIGNUM *k, *kinv = NULL, *r = *rp; - BIGNUM *l, *m; + BIGNUM *l; int ret = 0; - int q_bits; + int q_bits, q_words; if (!dsa->p || !dsa->q || !dsa->g) { DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS); @@ -191,8 +192,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, k = BN_new(); l = BN_new(); - m = BN_new(); - if (k == NULL || l == NULL || m == NULL) + if (k == NULL || l == NULL) goto err; if (ctx_in == NULL) { @@ -203,9 +203,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, /* Preallocate space */ q_bits = BN_num_bits(dsa->q); - if (!BN_set_bit(k, q_bits) - || !BN_set_bit(l, q_bits) - || !BN_set_bit(m, q_bits)) + q_words = bn_get_top(dsa->q); + if (!bn_wexpand(k, q_words + 2) + || !bn_wexpand(l, q_words + 2)) goto err; /* Get random k */ @@ -218,11 +218,12 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, if (!BN_generate_dsa_nonce(k, dsa->q, dsa->priv_key, dgst, dlen, ctx)) goto err; - } else if (!BN_rand_range(k, dsa->q)) + } else if (!BN_priv_rand_range(k, dsa->q)) goto err; } while (BN_is_zero(k)); BN_set_flags(k, BN_FLG_CONSTTIME); + BN_set_flags(l, BN_FLG_CONSTTIME); if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p, @@ -240,14 +241,17 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, * small timing information leakage. We then choose the sum that is * one bit longer than the modulus. * - * TODO: revisit the BN_copy aiming for a memory access agnostic - * conditional copy. + * There are some concerns about the efficacy of doing this. More + * specificly refer to the discussion starting with: + * /~https://github.com/openssl/openssl/pull/7486#discussion_r228323705 + * The fix is to rework BN so these gymnastics aren't required. */ if (!BN_add(l, k, dsa->q) - || !BN_add(m, l, dsa->q) - || !BN_copy(k, BN_num_bits(l) > q_bits ? l : m)) + || !BN_add(k, l, dsa->q)) goto err; + BN_consttime_swap(BN_is_bit_set(l, q_bits), k, l, q_words + 2); + if ((dsa)->meth->bn_mod_exp != NULL) { if (!dsa->meth->bn_mod_exp(dsa, r, dsa->g, k, dsa->p, ctx, dsa->method_mont_p)) @@ -260,8 +264,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, if (!BN_mod(r, r, dsa->q, ctx)) goto err; - /* Compute part of 's = inv(k) (m + xr) mod q' */ - if ((kinv = BN_mod_inverse(NULL, k, dsa->q, ctx)) == NULL) + /* Compute part of 's = inv(k) (m + xr) mod q' */ + if ((kinv = dsa_mod_inverse_fermat(k, dsa->q, ctx)) == NULL) goto err; BN_clear_free(*kinvp); @@ -275,7 +279,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BN_CTX_free(ctx); BN_clear_free(k); BN_clear_free(l); - BN_clear_free(m); return ret; } @@ -381,17 +384,45 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, BN_free(u1); BN_free(u2); BN_free(t1); - return (ret); + return ret; } static int dsa_init(DSA *dsa) { dsa->flags |= DSA_FLAG_CACHE_MONT_P; - return (1); + return 1; } static int dsa_finish(DSA *dsa) { BN_MONT_CTX_free(dsa->method_mont_p); - return (1); + return 1; +} + +/* + * Compute the inverse of k modulo q. + * Since q is prime, Fermat's Little Theorem applies, which reduces this to + * mod-exp operation. Both the exponent and modulus are public information + * so a mod-exp that doesn't leak the base is sufficient. A newly allocated + * BIGNUM is returned which the caller must free. + */ +static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q, + BN_CTX *ctx) +{ + BIGNUM *res = NULL; + BIGNUM *r, *e; + + if ((r = BN_new()) == NULL) + return NULL; + + BN_CTX_start(ctx); + if ((e = BN_CTX_get(ctx)) != NULL + && BN_set_word(r, 2) + && BN_sub(e, q, r) + && BN_mod_exp_mont(r, k, e, q, ctx, NULL)) + res = r; + else + BN_free(r); + BN_CTX_end(ctx); + return res; } diff --git a/deps/openssl/openssl/crypto/dsa/dsa_pmeth.c b/deps/openssl/openssl/crypto/dsa/dsa_pmeth.c index d606316954823b..b4ee5a75715e31 100644 --- a/deps/openssl/openssl/crypto/dsa/dsa_pmeth.c +++ b/deps/openssl/openssl/crypto/dsa/dsa_pmeth.c @@ -31,8 +31,8 @@ typedef struct { static int pkey_dsa_init(EVP_PKEY_CTX *ctx) { - DSA_PKEY_CTX *dctx; - dctx = OPENSSL_malloc(sizeof(*dctx)); + DSA_PKEY_CTX *dctx = OPENSSL_malloc(sizeof(*dctx)); + if (dctx == NULL) return 0; dctx->nbits = 1024; @@ -50,6 +50,7 @@ static int pkey_dsa_init(EVP_PKEY_CTX *ctx) static int pkey_dsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) { DSA_PKEY_CTX *dctx, *sctx; + if (!pkey_dsa_init(dst)) return 0; sctx = src->data; @@ -106,6 +107,7 @@ static int pkey_dsa_verify(EVP_PKEY_CTX *ctx, static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { DSA_PKEY_CTX *dctx = ctx->data; + switch (type) { case EVP_PKEY_CTRL_DSA_PARAMGEN_BITS: if (p1 < 256) @@ -196,6 +198,7 @@ static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) DSA_PKEY_CTX *dctx = ctx->data; BN_GENCB *pcb; int ret; + if (ctx->pkey_gencb) { pcb = BN_GENCB_new(); if (pcb == NULL) @@ -221,6 +224,7 @@ static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) static int pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { DSA *dsa = NULL; + if (ctx->pkey == NULL) { DSAerr(DSA_F_PKEY_DSA_KEYGEN, DSA_R_NO_PARAMETERS_SET); return 0; diff --git a/deps/openssl/openssl/crypto/dsa/dsa_prn.c b/deps/openssl/openssl/crypto/dsa/dsa_prn.c index f3c20ea0ac6ce0..a4a1fd5650e457 100644 --- a/deps/openssl/openssl/crypto/dsa/dsa_prn.c +++ b/deps/openssl/openssl/crypto/dsa/dsa_prn.c @@ -20,12 +20,12 @@ int DSA_print_fp(FILE *fp, const DSA *x, int off) if ((b = BIO_new(BIO_s_file())) == NULL) { DSAerr(DSA_F_DSA_PRINT_FP, ERR_R_BUF_LIB); - return (0); + return 0; } BIO_set_fp(b, fp, BIO_NOCLOSE); ret = DSA_print(b, x, off); BIO_free(b); - return (ret); + return ret; } int DSAparams_print_fp(FILE *fp, const DSA *x) @@ -35,12 +35,12 @@ int DSAparams_print_fp(FILE *fp, const DSA *x) if ((b = BIO_new(BIO_s_file())) == NULL) { DSAerr(DSA_F_DSAPARAMS_PRINT_FP, ERR_R_BUF_LIB); - return (0); + return 0; } BIO_set_fp(b, fp, BIO_NOCLOSE); ret = DSAparams_print(b, x); BIO_free(b); - return (ret); + return ret; } #endif diff --git a/deps/openssl/openssl/crypto/dsa/dsa_sign.c b/deps/openssl/openssl/crypto/dsa/dsa_sign.c index 2e29d4008806cd..e9466b29f1d7bf 100644 --- a/deps/openssl/openssl/crypto/dsa/dsa_sign.c +++ b/deps/openssl/openssl/crypto/dsa/dsa_sign.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,8 +7,6 @@ * https://www.openssl.org/source/license.html */ -/* Original version from Steven Schoch */ - #include "internal/cryptlib.h" #include "dsa_locl.h" #include @@ -18,7 +16,9 @@ DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) return dsa->meth->dsa_do_sign(dgst, dlen, dsa); } +#if OPENSSL_API_COMPAT < 0x10200000L int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) { return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); } +#endif diff --git a/deps/openssl/openssl/crypto/dsa/dsa_vrf.c b/deps/openssl/openssl/crypto/dsa/dsa_vrf.c index a84d521283c6ef..21f98cd94e5c14 100644 --- a/deps/openssl/openssl/crypto/dsa/dsa_vrf.c +++ b/deps/openssl/openssl/crypto/dsa/dsa_vrf.c @@ -7,8 +7,6 @@ * https://www.openssl.org/source/license.html */ -/* Original version from Steven Schoch */ - #include "internal/cryptlib.h" #include "dsa_locl.h" diff --git a/deps/openssl/openssl/crypto/dso/dso_dl.c b/deps/openssl/openssl/crypto/dso/dso_dl.c index d80bf562c7f225..290d73cf3575ba 100644 --- a/deps/openssl/openssl/crypto/dso/dso_dl.c +++ b/deps/openssl/openssl/crypto/dso/dso_dl.c @@ -83,13 +83,13 @@ static int dl_load(DSO *dso) * (it also serves as the indicator that we are currently loaded). */ dso->loaded_filename = filename; - return (1); + return 1; err: /* Cleanup! */ OPENSSL_free(filename); if (ptr != NULL) shl_unload(ptr); - return (0); + return 0; } static int dl_unload(DSO *dso) @@ -97,10 +97,10 @@ static int dl_unload(DSO *dso) shl_t ptr; if (dso == NULL) { DSOerr(DSO_F_DL_UNLOAD, ERR_R_PASSED_NULL_PARAMETER); - return (0); + return 0; } if (sk_num(dso->meth_data) < 1) - return (1); + return 1; /* Is this statement legal? */ ptr = (shl_t) sk_pop(dso->meth_data); if (ptr == NULL) { @@ -109,10 +109,10 @@ static int dl_unload(DSO *dso) * Should push the value back onto the stack in case of a retry. */ sk_push(dso->meth_data, (char *)ptr); - return (0); + return 0; } shl_unload(ptr); - return (1); + return 1; } static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname) @@ -122,25 +122,25 @@ static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname) if ((dso == NULL) || (symname == NULL)) { DSOerr(DSO_F_DL_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER); - return (NULL); + return NULL; } if (sk_num(dso->meth_data) < 1) { DSOerr(DSO_F_DL_BIND_FUNC, DSO_R_STACK_ERROR); - return (NULL); + return NULL; } ptr = (shl_t) sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); if (ptr == NULL) { DSOerr(DSO_F_DL_BIND_FUNC, DSO_R_NULL_HANDLE); - return (NULL); + return NULL; } if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0) { char errbuf[160]; DSOerr(DSO_F_DL_BIND_FUNC, DSO_R_SYM_FAILURE); if (openssl_strerror_r(errno, errbuf, sizeof(errbuf))) ERR_add_error_data(4, "symname(", symname, "): ", errbuf); - return (NULL); + return NULL; } - return ((DSO_FUNC_TYPE)sym); + return (DSO_FUNC_TYPE)sym; } static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2) @@ -149,7 +149,7 @@ static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2) if (!filespec1 && !filespec2) { DSOerr(DSO_F_DL_MERGER, ERR_R_PASSED_NULL_PARAMETER); - return (NULL); + return NULL; } /* * If the first file specification is a rooted path, it rules. same goes @@ -159,7 +159,7 @@ static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2) merged = OPENSSL_strdup(filespec1); if (merged == NULL) { DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE); - return (NULL); + return NULL; } } /* @@ -169,7 +169,7 @@ static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2) merged = OPENSSL_strdup(filespec2); if (merged == NULL) { DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE); - return (NULL); + return NULL; } } else /* @@ -192,13 +192,13 @@ static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2) merged = OPENSSL_malloc(len + 2); if (merged == NULL) { DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE); - return (NULL); + return NULL; } strcpy(merged, filespec2); merged[spec2len] = '/'; strcpy(&merged[spec2len + 1], filespec1); } - return (merged); + return merged; } /* @@ -225,7 +225,7 @@ static char *dl_name_converter(DSO *dso, const char *filename) translated = OPENSSL_malloc(rsize); if (translated == NULL) { DSOerr(DSO_F_DL_NAME_CONVERTER, DSO_R_NAME_TRANSLATION_FAILED); - return (NULL); + return NULL; } if (transform) { if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) @@ -234,7 +234,7 @@ static char *dl_name_converter(DSO *dso, const char *filename) sprintf(translated, "%s%s", filename, DSO_EXTENSION); } else sprintf(translated, "%s", filename); - return (translated); + return translated; } static int dl_pathbyaddr(void *addr, char *path, int sz) diff --git a/deps/openssl/openssl/crypto/dso/dso_dlfcn.c b/deps/openssl/openssl/crypto/dso/dso_dlfcn.c index e01425bc75e895..ad8899c289a374 100644 --- a/deps/openssl/openssl/crypto/dso/dso_dlfcn.c +++ b/deps/openssl/openssl/crypto/dso/dso_dlfcn.c @@ -107,6 +107,10 @@ static int dlfcn_load(DSO *dso) # ifdef RTLD_GLOBAL if (dso->flags & DSO_FLAG_GLOBAL_SYMBOLS) flags |= RTLD_GLOBAL; +# endif +# ifdef _AIX + if (filename[strlen(filename) - 1] == ')') + flags |= RTLD_MEMBER; # endif ptr = dlopen(filename, flags); if (ptr == NULL) { @@ -120,13 +124,13 @@ static int dlfcn_load(DSO *dso) } /* Success */ dso->loaded_filename = filename; - return (1); + return 1; err: /* Cleanup! */ OPENSSL_free(filename); if (ptr != NULL) dlclose(ptr); - return (0); + return 0; } static int dlfcn_unload(DSO *dso) @@ -134,10 +138,10 @@ static int dlfcn_unload(DSO *dso) void *ptr; if (dso == NULL) { DSOerr(DSO_F_DLFCN_UNLOAD, ERR_R_PASSED_NULL_PARAMETER); - return (0); + return 0; } if (sk_void_num(dso->meth_data) < 1) - return (1); + return 1; ptr = sk_void_pop(dso->meth_data); if (ptr == NULL) { DSOerr(DSO_F_DLFCN_UNLOAD, DSO_R_NULL_HANDLE); @@ -145,11 +149,11 @@ static int dlfcn_unload(DSO *dso) * Should push the value back onto the stack in case of a retry. */ sk_void_push(dso->meth_data, ptr); - return (0); + return 0; } /* For now I'm not aware of any errors associated with dlclose() */ dlclose(ptr); - return (1); + return 1; } static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname) @@ -162,22 +166,22 @@ static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname) if ((dso == NULL) || (symname == NULL)) { DSOerr(DSO_F_DLFCN_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER); - return (NULL); + return NULL; } if (sk_void_num(dso->meth_data) < 1) { DSOerr(DSO_F_DLFCN_BIND_FUNC, DSO_R_STACK_ERROR); - return (NULL); + return NULL; } ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1); if (ptr == NULL) { DSOerr(DSO_F_DLFCN_BIND_FUNC, DSO_R_NULL_HANDLE); - return (NULL); + return NULL; } u.dlret = dlsym(ptr, symname); if (u.dlret == NULL) { DSOerr(DSO_F_DLFCN_BIND_FUNC, DSO_R_SYM_FAILURE); ERR_add_error_data(4, "symname(", symname, "): ", dlerror()); - return (NULL); + return NULL; } return u.sym; } @@ -189,7 +193,7 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1, if (!filespec1 && !filespec2) { DSOerr(DSO_F_DLFCN_MERGER, ERR_R_PASSED_NULL_PARAMETER); - return (NULL); + return NULL; } /* * If the first file specification is a rooted path, it rules. same goes @@ -199,7 +203,7 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1, merged = OPENSSL_strdup(filespec1); if (merged == NULL) { DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE); - return (NULL); + return NULL; } } /* @@ -209,7 +213,7 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1, merged = OPENSSL_strdup(filespec2); if (merged == NULL) { DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE); - return (NULL); + return NULL; } } else { /* @@ -231,13 +235,13 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1, merged = OPENSSL_malloc(len + 2); if (merged == NULL) { DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE); - return (NULL); + return NULL; } strcpy(merged, filespec2); merged[spec2len] = '/'; strcpy(&merged[spec2len + 1], filespec1); } - return (merged); + return merged; } static char *dlfcn_name_converter(DSO *dso, const char *filename) @@ -257,7 +261,7 @@ static char *dlfcn_name_converter(DSO *dso, const char *filename) translated = OPENSSL_malloc(rsize); if (translated == NULL) { DSOerr(DSO_F_DLFCN_NAME_CONVERTER, DSO_R_NAME_TRANSLATION_FAILED); - return (NULL); + return NULL; } if (transform) { if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) @@ -266,7 +270,7 @@ static char *dlfcn_name_converter(DSO *dso, const char *filename) sprintf(translated, "%s" DSO_EXTENSION, filename); } else sprintf(translated, "%s", filename); - return (translated); + return translated; } # ifdef __sgi @@ -332,7 +336,7 @@ static int dladdr(void *ptr, Dl_info *dl) unsigned int found = 0; struct ld_info *ldinfos, *next_ldi, *this_ldi; - if ((ldinfos = (struct ld_info *)OPENSSL_malloc(DLFCN_LDINFO_SIZE)) == NULL) { + if ((ldinfos = OPENSSL_malloc(DLFCN_LDINFO_SIZE)) == NULL) { errno = ENOMEM; dl->dli_fname = NULL; return 0; @@ -359,18 +363,33 @@ static int dladdr(void *ptr, Dl_info *dl) || ((addr >= (uintptr_t)this_ldi->ldinfo_dataorg) && (addr < ((uintptr_t)this_ldi->ldinfo_dataorg + this_ldi->ldinfo_datasize)))) { + char *buffer, *member; + size_t buffer_sz, member_len; + + buffer_sz = strlen(this_ldi->ldinfo_filename) + 1; + member = this_ldi->ldinfo_filename + buffer_sz; + if ((member_len = strlen(member)) > 0) + buffer_sz += 1 + member_len + 1; found = 1; - /* - * Ignoring the possibility of a member name and just returning - * the path name. See docs: sys/ldr.h, loadquery() and - * dlopen()/RTLD_MEMBER. - */ - if ((dl->dli_fname = - OPENSSL_strdup(this_ldi->ldinfo_filename)) == NULL) + if ((buffer = OPENSSL_malloc(buffer_sz)) != NULL) { + OPENSSL_strlcpy(buffer, this_ldi->ldinfo_filename, buffer_sz); + if (member_len > 0) { + /* + * Need to respect a possible member name and not just + * returning the path name in this case. See docs: + * sys/ldr.h, loadquery() and dlopen()/RTLD_MEMBER. + */ + OPENSSL_strlcat(buffer, "(", buffer_sz); + OPENSSL_strlcat(buffer, member, buffer_sz); + OPENSSL_strlcat(buffer, ")", buffer_sz); + } + dl->dli_fname = buffer; + } else { errno = ENOMEM; + } } else { - next_ldi = - (struct ld_info *)((uintptr_t)this_ldi + this_ldi->ldinfo_next); + next_ldi = (struct ld_info *)((uintptr_t)this_ldi + + this_ldi->ldinfo_next); } } while (this_ldi->ldinfo_next && !found); OPENSSL_free((void *)ldinfos); diff --git a/deps/openssl/openssl/crypto/dso/dso_err.c b/deps/openssl/openssl/crypto/dso/dso_err.c index 07588d5c399330..613072a8d6ec60 100644 --- a/deps/openssl/openssl/crypto/dso/dso_err.c +++ b/deps/openssl/openssl/crypto/dso/dso_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,73 +8,81 @@ * https://www.openssl.org/source/license.html */ -#include #include -#include "internal/dso.h" +#include "internal/dsoerr.h" -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -# define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSO,func,0) -# define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSO,0,reason) - -static ERR_STRING_DATA DSO_str_functs[] = { - {ERR_FUNC(DSO_F_DLFCN_BIND_FUNC), "dlfcn_bind_func"}, - {ERR_FUNC(DSO_F_DLFCN_LOAD), "dlfcn_load"}, - {ERR_FUNC(DSO_F_DLFCN_MERGER), "dlfcn_merger"}, - {ERR_FUNC(DSO_F_DLFCN_NAME_CONVERTER), "dlfcn_name_converter"}, - {ERR_FUNC(DSO_F_DLFCN_UNLOAD), "dlfcn_unload"}, - {ERR_FUNC(DSO_F_DL_BIND_FUNC), "dl_bind_func"}, - {ERR_FUNC(DSO_F_DL_LOAD), "dl_load"}, - {ERR_FUNC(DSO_F_DL_MERGER), "dl_merger"}, - {ERR_FUNC(DSO_F_DL_NAME_CONVERTER), "dl_name_converter"}, - {ERR_FUNC(DSO_F_DL_UNLOAD), "dl_unload"}, - {ERR_FUNC(DSO_F_DSO_BIND_FUNC), "DSO_bind_func"}, - {ERR_FUNC(DSO_F_DSO_CONVERT_FILENAME), "DSO_convert_filename"}, - {ERR_FUNC(DSO_F_DSO_CTRL), "DSO_ctrl"}, - {ERR_FUNC(DSO_F_DSO_FREE), "DSO_free"}, - {ERR_FUNC(DSO_F_DSO_GET_FILENAME), "DSO_get_filename"}, - {ERR_FUNC(DSO_F_DSO_GLOBAL_LOOKUP), "DSO_global_lookup"}, - {ERR_FUNC(DSO_F_DSO_LOAD), "DSO_load"}, - {ERR_FUNC(DSO_F_DSO_MERGE), "DSO_merge"}, - {ERR_FUNC(DSO_F_DSO_NEW_METHOD), "DSO_new_method"}, - {ERR_FUNC(DSO_F_DSO_PATHBYADDR), "DSO_pathbyaddr"}, - {ERR_FUNC(DSO_F_DSO_SET_FILENAME), "DSO_set_filename"}, - {ERR_FUNC(DSO_F_DSO_UP_REF), "DSO_up_ref"}, - {ERR_FUNC(DSO_F_VMS_BIND_SYM), "vms_bind_sym"}, - {ERR_FUNC(DSO_F_VMS_LOAD), "vms_load"}, - {ERR_FUNC(DSO_F_VMS_MERGER), "vms_merger"}, - {ERR_FUNC(DSO_F_VMS_UNLOAD), "vms_unload"}, - {ERR_FUNC(DSO_F_WIN32_BIND_FUNC), "win32_bind_func"}, - {ERR_FUNC(DSO_F_WIN32_GLOBALLOOKUP), "win32_globallookup"}, - {ERR_FUNC(DSO_F_WIN32_JOINER), "win32_joiner"}, - {ERR_FUNC(DSO_F_WIN32_LOAD), "win32_load"}, - {ERR_FUNC(DSO_F_WIN32_MERGER), "win32_merger"}, - {ERR_FUNC(DSO_F_WIN32_NAME_CONVERTER), "win32_name_converter"}, - {ERR_FUNC(DSO_F_WIN32_PATHBYADDR), "win32_pathbyaddr"}, - {ERR_FUNC(DSO_F_WIN32_SPLITTER), "win32_splitter"}, - {ERR_FUNC(DSO_F_WIN32_UNLOAD), "win32_unload"}, +static const ERR_STRING_DATA DSO_str_functs[] = { + {ERR_PACK(ERR_LIB_DSO, DSO_F_DLFCN_BIND_FUNC, 0), "dlfcn_bind_func"}, + {ERR_PACK(ERR_LIB_DSO, DSO_F_DLFCN_LOAD, 0), "dlfcn_load"}, + {ERR_PACK(ERR_LIB_DSO, DSO_F_DLFCN_MERGER, 0), "dlfcn_merger"}, + {ERR_PACK(ERR_LIB_DSO, DSO_F_DLFCN_NAME_CONVERTER, 0), + "dlfcn_name_converter"}, + {ERR_PACK(ERR_LIB_DSO, DSO_F_DLFCN_UNLOAD, 0), "dlfcn_unload"}, + {ERR_PACK(ERR_LIB_DSO, DSO_F_DL_BIND_FUNC, 0), "dl_bind_func"}, + {ERR_PACK(ERR_LIB_DSO, DSO_F_DL_LOAD, 0), "dl_load"}, + {ERR_PACK(ERR_LIB_DSO, DSO_F_DL_MERGER, 0), "dl_merger"}, + {ERR_PACK(ERR_LIB_DSO, DSO_F_DL_NAME_CONVERTER, 0), "dl_name_converter"}, + {ERR_PACK(ERR_LIB_DSO, DSO_F_DL_UNLOAD, 0), "dl_unload"}, + {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_BIND_FUNC, 0), "DSO_bind_func"}, + {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_CONVERT_FILENAME, 0), + "DSO_convert_filename"}, + {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_CTRL, 0), "DSO_ctrl"}, + {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_FREE, 0), "DSO_free"}, + {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_GET_FILENAME, 0), "DSO_get_filename"}, + {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_GLOBAL_LOOKUP, 0), "DSO_global_lookup"}, + {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_LOAD, 0), "DSO_load"}, + {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_MERGE, 0), "DSO_merge"}, + {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_NEW_METHOD, 0), "DSO_new_method"}, + {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_PATHBYADDR, 0), "DSO_pathbyaddr"}, + {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_SET_FILENAME, 0), "DSO_set_filename"}, + {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_UP_REF, 0), "DSO_up_ref"}, + {ERR_PACK(ERR_LIB_DSO, DSO_F_VMS_BIND_SYM, 0), "vms_bind_sym"}, + {ERR_PACK(ERR_LIB_DSO, DSO_F_VMS_LOAD, 0), "vms_load"}, + {ERR_PACK(ERR_LIB_DSO, DSO_F_VMS_MERGER, 0), "vms_merger"}, + {ERR_PACK(ERR_LIB_DSO, DSO_F_VMS_UNLOAD, 0), "vms_unload"}, + {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_BIND_FUNC, 0), "win32_bind_func"}, + {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_GLOBALLOOKUP, 0), "win32_globallookup"}, + {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_JOINER, 0), "win32_joiner"}, + {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_LOAD, 0), "win32_load"}, + {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_MERGER, 0), "win32_merger"}, + {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_NAME_CONVERTER, 0), + "win32_name_converter"}, + {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_PATHBYADDR, 0), ""}, + {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_SPLITTER, 0), "win32_splitter"}, + {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_UNLOAD, 0), "win32_unload"}, {0, NULL} }; -static ERR_STRING_DATA DSO_str_reasons[] = { - {ERR_REASON(DSO_R_CTRL_FAILED), "control command failed"}, - {ERR_REASON(DSO_R_DSO_ALREADY_LOADED), "dso already loaded"}, - {ERR_REASON(DSO_R_EMPTY_FILE_STRUCTURE), "empty file structure"}, - {ERR_REASON(DSO_R_FAILURE), "failure"}, - {ERR_REASON(DSO_R_FILENAME_TOO_BIG), "filename too big"}, - {ERR_REASON(DSO_R_FINISH_FAILED), "cleanup method function failed"}, - {ERR_REASON(DSO_R_INCORRECT_FILE_SYNTAX), "incorrect file syntax"}, - {ERR_REASON(DSO_R_LOAD_FAILED), "could not load the shared library"}, - {ERR_REASON(DSO_R_NAME_TRANSLATION_FAILED), "name translation failed"}, - {ERR_REASON(DSO_R_NO_FILENAME), "no filename"}, - {ERR_REASON(DSO_R_NULL_HANDLE), "a null shared library handle was used"}, - {ERR_REASON(DSO_R_SET_FILENAME_FAILED), "set filename failed"}, - {ERR_REASON(DSO_R_STACK_ERROR), "the meth_data stack is corrupt"}, - {ERR_REASON(DSO_R_SYM_FAILURE), - "could not bind to the requested symbol name"}, - {ERR_REASON(DSO_R_UNLOAD_FAILED), "could not unload the shared library"}, - {ERR_REASON(DSO_R_UNSUPPORTED), "functionality not supported"}, +static const ERR_STRING_DATA DSO_str_reasons[] = { + {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_CTRL_FAILED), "control command failed"}, + {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_DSO_ALREADY_LOADED), "dso already loaded"}, + {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_EMPTY_FILE_STRUCTURE), + "empty file structure"}, + {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_FAILURE), "failure"}, + {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_FILENAME_TOO_BIG), "filename too big"}, + {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_FINISH_FAILED), + "cleanup method function failed"}, + {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_INCORRECT_FILE_SYNTAX), + "incorrect file syntax"}, + {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_LOAD_FAILED), + "could not load the shared library"}, + {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_NAME_TRANSLATION_FAILED), + "name translation failed"}, + {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_NO_FILENAME), "no filename"}, + {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_NULL_HANDLE), + "a null shared library handle was used"}, + {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_SET_FILENAME_FAILED), + "set filename failed"}, + {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_STACK_ERROR), + "the meth_data stack is corrupt"}, + {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_SYM_FAILURE), + "could not bind to the requested symbol name"}, + {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_UNLOAD_FAILED), + "could not unload the shared library"}, + {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_UNSUPPORTED), + "functionality not supported"}, {0, NULL} }; @@ -83,10 +91,9 @@ static ERR_STRING_DATA DSO_str_reasons[] = { int ERR_load_DSO_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(DSO_str_functs[0].error) == NULL) { - ERR_load_strings(0, DSO_str_functs); - ERR_load_strings(0, DSO_str_reasons); + ERR_load_strings_const(DSO_str_functs); + ERR_load_strings_const(DSO_str_reasons); } #endif return 1; diff --git a/deps/openssl/openssl/crypto/dso/dso_lib.c b/deps/openssl/openssl/crypto/dso/dso_lib.c index f58237d64b7693..2e75021d39ea63 100644 --- a/deps/openssl/openssl/crypto/dso/dso_lib.c +++ b/deps/openssl/openssl/crypto/dso/dso_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,6 +8,7 @@ */ #include "dso_locl.h" +#include "internal/refcount.h" static DSO_METHOD *default_DSO_meth = NULL; @@ -26,14 +27,14 @@ static DSO *DSO_new_method(DSO_METHOD *meth) ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE); - return (NULL); + return NULL; } ret->meth_data = sk_void_new_null(); if (ret->meth_data == NULL) { /* sk_new doesn't generate any errors so we do */ DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE); OPENSSL_free(ret); - return (NULL); + return NULL; } ret->meth = default_DSO_meth; ret->references = 1; @@ -63,9 +64,9 @@ int DSO_free(DSO *dso) int i; if (dso == NULL) - return (1); + return 1; - if (CRYPTO_atomic_add(&dso->references, -1, &i, dso->lock) <= 0) + if (CRYPTO_DOWN_REF(&dso->references, &i, dso->lock) <= 0) return 0; REF_PRINT_COUNT("DSO", dso); @@ -107,7 +108,7 @@ int DSO_up_ref(DSO *dso) return 0; } - if (CRYPTO_atomic_add(&dso->references, 1, &i, dso->lock) <= 0) + if (CRYPTO_UP_REF(&dso->references, &i, dso->lock) <= 0) return 0; REF_PRINT_COUNT("DSO", r); @@ -162,11 +163,11 @@ DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags) goto err; } /* Load succeeded */ - return (ret); + return ret; err: if (allocated) DSO_free(ret); - return (NULL); + return NULL; } DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname) @@ -175,18 +176,18 @@ DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname) if ((dso == NULL) || (symname == NULL)) { DSOerr(DSO_F_DSO_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER); - return (NULL); + return NULL; } if (dso->meth->dso_bind_func == NULL) { DSOerr(DSO_F_DSO_BIND_FUNC, DSO_R_UNSUPPORTED); - return (NULL); + return NULL; } if ((ret = dso->meth->dso_bind_func(dso, symname)) == NULL) { DSOerr(DSO_F_DSO_BIND_FUNC, DSO_R_SYM_FAILURE); - return (NULL); + return NULL; } /* Success */ - return (ret); + return ret; } /* @@ -202,7 +203,7 @@ long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg) { if (dso == NULL) { DSOerr(DSO_F_DSO_CTRL, ERR_R_PASSED_NULL_PARAMETER); - return (-1); + return -1; } /* * We should intercept certain generic commands and only pass control to @@ -213,27 +214,27 @@ long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg) return dso->flags; case DSO_CTRL_SET_FLAGS: dso->flags = (int)larg; - return (0); + return 0; case DSO_CTRL_OR_FLAGS: dso->flags |= (int)larg; - return (0); + return 0; default: break; } if ((dso->meth == NULL) || (dso->meth->dso_ctrl == NULL)) { DSOerr(DSO_F_DSO_CTRL, DSO_R_UNSUPPORTED); - return (-1); + return -1; } - return (dso->meth->dso_ctrl(dso, cmd, larg, parg)); + return dso->meth->dso_ctrl(dso, cmd, larg, parg); } const char *DSO_get_filename(DSO *dso) { if (dso == NULL) { DSOerr(DSO_F_DSO_GET_FILENAME, ERR_R_PASSED_NULL_PARAMETER); - return (NULL); + return NULL; } - return (dso->filename); + return dso->filename; } int DSO_set_filename(DSO *dso, const char *filename) @@ -242,21 +243,21 @@ int DSO_set_filename(DSO *dso, const char *filename) if ((dso == NULL) || (filename == NULL)) { DSOerr(DSO_F_DSO_SET_FILENAME, ERR_R_PASSED_NULL_PARAMETER); - return (0); + return 0; } if (dso->loaded_filename) { DSOerr(DSO_F_DSO_SET_FILENAME, DSO_R_DSO_ALREADY_LOADED); - return (0); + return 0; } /* We'll duplicate filename */ copied = OPENSSL_strdup(filename); if (copied == NULL) { DSOerr(DSO_F_DSO_SET_FILENAME, ERR_R_MALLOC_FAILURE); - return (0); + return 0; } OPENSSL_free(dso->filename); dso->filename = copied; - return (1); + return 1; } char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2) @@ -265,7 +266,7 @@ char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2) if (dso == NULL || filespec1 == NULL) { DSOerr(DSO_F_DSO_MERGE, ERR_R_PASSED_NULL_PARAMETER); - return (NULL); + return NULL; } if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) { if (dso->merger != NULL) @@ -273,7 +274,7 @@ char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2) else if (dso->meth->dso_merger != NULL) result = dso->meth->dso_merger(dso, filespec1, filespec2); } - return (result); + return result; } char *DSO_convert_filename(DSO *dso, const char *filename) @@ -282,13 +283,13 @@ char *DSO_convert_filename(DSO *dso, const char *filename) if (dso == NULL) { DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_PASSED_NULL_PARAMETER); - return (NULL); + return NULL; } if (filename == NULL) filename = dso->filename; if (filename == NULL) { DSOerr(DSO_F_DSO_CONVERT_FILENAME, DSO_R_NO_FILENAME); - return (NULL); + return NULL; } if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) { if (dso->name_converter != NULL) @@ -300,10 +301,10 @@ char *DSO_convert_filename(DSO *dso, const char *filename) result = OPENSSL_strdup(filename); if (result == NULL) { DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_MALLOC_FAILURE); - return (NULL); + return NULL; } } - return (result); + return result; } int DSO_pathbyaddr(void *addr, char *path, int sz) diff --git a/deps/openssl/openssl/crypto/dso/dso_locl.h b/deps/openssl/openssl/crypto/dso/dso_locl.h index fbfad0544a73d1..14a0ccb7c0128d 100644 --- a/deps/openssl/openssl/crypto/dso/dso_locl.h +++ b/deps/openssl/openssl/crypto/dso/dso_locl.h @@ -11,6 +11,7 @@ #include "internal/cryptlib.h" #include "internal/dso.h" #include "internal/dso_conf.h" +#include "internal/refcount.h" /**********************************************************************/ /* The low-level handle type used to refer to a loaded shared library */ @@ -24,7 +25,7 @@ struct dso_st { * "Handles" and such go in a STACK. */ STACK_OF(void) *meth_data; - int references; + CRYPTO_REF_COUNT references; int flags; /* * For use by applications etc ... use this for your bits'n'pieces, don't diff --git a/deps/openssl/openssl/crypto/dso/dso_vms.c b/deps/openssl/openssl/crypto/dso/dso_vms.c index b9a98ddd11ecd0..178e7257983124 100644 --- a/deps/openssl/openssl/crypto/dso/dso_vms.c +++ b/deps/openssl/openssl/crypto/dso/dso_vms.c @@ -207,12 +207,12 @@ static int vms_load(DSO *dso) /* Success (for now, we lie. We actually do not know...) */ dso->loaded_filename = filename; - return (1); + return 1; err: /* Cleanup! */ OPENSSL_free(p); OPENSSL_free(filename); - return (0); + return 0; } /* @@ -225,18 +225,18 @@ static int vms_unload(DSO *dso) DSO_VMS_INTERNAL *p; if (dso == NULL) { DSOerr(DSO_F_VMS_UNLOAD, ERR_R_PASSED_NULL_PARAMETER); - return (0); + return 0; } if (sk_void_num(dso->meth_data) < 1) - return (1); + return 1; p = (DSO_VMS_INTERNAL *)sk_void_pop(dso->meth_data); if (p == NULL) { DSOerr(DSO_F_VMS_UNLOAD, DSO_R_NULL_HANDLE); - return (0); + return 0; } /* Cleanup */ OPENSSL_free(p); - return (1); + return 1; } /* @@ -263,15 +263,13 @@ static int do_find_symbol(DSO_VMS_INTERNAL *ptr, symname_dsc, sym, 0, flags); } +# ifndef LIB$M_FIS_MIXEDCASE +# define LIB$M_FIS_MIXEDCASE (1 << 4); +# endif void vms_bind_sym(DSO *dso, const char *symname, void **sym) { DSO_VMS_INTERNAL *ptr; - int status; -# ifdef LIB$M_FIS_MIXEDCASE - int flags = LIB$M_FIS_MIXEDCASE; -# else - int flags = (1 << 4); -# endif + int status = 0; struct dsc$descriptor_s symname_dsc; /* Arrange 32-bit pointer to (copied) string storage, if needed. */ @@ -314,10 +312,10 @@ void vms_bind_sym(DSO *dso, const char *symname, void **sym) return; } - if (dso->flags & DSO_FLAG_UPCASE_SYMBOL) - flags = 0; + status = do_find_symbol(ptr, &symname_dsc, sym, LIB$M_FIS_MIXEDCASE); - status = do_find_symbol(ptr, &symname_dsc, sym, flags); + if (!$VMS_STATUS_SUCCESS(status)) + status = do_find_symbol(ptr, &symname_dsc, sym, 0); if (!$VMS_STATUS_SUCCESS(status)) { unsigned short length; @@ -443,7 +441,7 @@ static char *vms_merger(DSO *dso, const char *filespec1, "filespec \"", filespec1, "\", ", "defaults \"", filespec2, "\": ", errstring); } - return (NULL); + return NULL; } merged = OPENSSL_malloc(nam.NAMX_ESL + 1); @@ -451,7 +449,7 @@ static char *vms_merger(DSO *dso, const char *filespec1, goto malloc_err; strncpy(merged, nam.NAMX_ESA, nam.NAMX_ESL); merged[nam.NAMX_ESL] = '\0'; - return (merged); + return merged; malloc_err: DSOerr(DSO_F_VMS_MERGER, ERR_R_MALLOC_FAILURE); } @@ -462,7 +460,7 @@ static char *vms_name_converter(DSO *dso, const char *filename) char *not_translated = OPENSSL_malloc(len + 1); if (not_translated != NULL) strcpy(not_translated, filename); - return (not_translated); + return not_translated; } #endif /* OPENSSL_SYS_VMS */ diff --git a/deps/openssl/openssl/crypto/dso/dso_win32.c b/deps/openssl/openssl/crypto/dso/dso_win32.c index 4a4c34abb65817..0bbf5b5189ce2e 100644 --- a/deps/openssl/openssl/crypto/dso/dso_win32.c +++ b/deps/openssl/openssl/crypto/dso/dso_win32.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,6 +7,7 @@ * https://www.openssl.org/source/license.html */ +#include "e_os.h" #include "dso_locl.h" #if defined(DSO_WIN32) @@ -119,14 +120,14 @@ static int win32_load(DSO *dso) } /* Success */ dso->loaded_filename = filename; - return (1); + return 1; err: /* Cleanup ! */ OPENSSL_free(filename); OPENSSL_free(p); if (h != NULL) FreeLibrary(h); - return (0); + return 0; } static int win32_unload(DSO *dso) @@ -134,14 +135,14 @@ static int win32_unload(DSO *dso) HINSTANCE *p; if (dso == NULL) { DSOerr(DSO_F_WIN32_UNLOAD, ERR_R_PASSED_NULL_PARAMETER); - return (0); + return 0; } if (sk_void_num(dso->meth_data) < 1) - return (1); + return 1; p = sk_void_pop(dso->meth_data); if (p == NULL) { DSOerr(DSO_F_WIN32_UNLOAD, DSO_R_NULL_HANDLE); - return (0); + return 0; } if (!FreeLibrary(*p)) { DSOerr(DSO_F_WIN32_UNLOAD, DSO_R_UNLOAD_FAILED); @@ -149,11 +150,11 @@ static int win32_unload(DSO *dso) * We should push the value back onto the stack in case of a retry. */ sk_void_push(dso->meth_data, p); - return (0); + return 0; } /* Cleanup */ OPENSSL_free(p); - return (1); + return 1; } static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname) @@ -166,24 +167,24 @@ static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname) if ((dso == NULL) || (symname == NULL)) { DSOerr(DSO_F_WIN32_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER); - return (NULL); + return NULL; } if (sk_void_num(dso->meth_data) < 1) { DSOerr(DSO_F_WIN32_BIND_FUNC, DSO_R_STACK_ERROR); - return (NULL); + return NULL; } ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1); if (ptr == NULL) { DSOerr(DSO_F_WIN32_BIND_FUNC, DSO_R_NULL_HANDLE); - return (NULL); + return NULL; } sym.f = GetProcAddress(*ptr, symname); if (sym.p == NULL) { DSOerr(DSO_F_WIN32_BIND_FUNC, DSO_R_SYM_FAILURE); ERR_add_error_data(3, "symname(", symname, ")"); - return (NULL); + return NULL; } - return ((DSO_FUNC_TYPE)sym.f); + return (DSO_FUNC_TYPE)sym.f; } struct file_st { @@ -209,16 +210,13 @@ static struct file_st *win32_splitter(DSO *dso, const char *filename, if (!filename) { DSOerr(DSO_F_WIN32_SPLITTER, DSO_R_NO_FILENAME); - /* - * goto err; - */ - return (NULL); + return NULL; } result = OPENSSL_zalloc(sizeof(*result)); if (result == NULL) { DSOerr(DSO_F_WIN32_SPLITTER, ERR_R_MALLOC_FAILURE); - return (NULL); + return NULL; } position = IN_DEVICE; @@ -237,11 +235,8 @@ static struct file_st *win32_splitter(DSO *dso, const char *filename, case ':': if (position != IN_DEVICE) { DSOerr(DSO_F_WIN32_SPLITTER, DSO_R_INCORRECT_FILE_SYNTAX); - /* - * goto err; - */ OPENSSL_free(result); - return (NULL); + return NULL; } result->device = start; result->devicelen = (int)(filename - start); @@ -302,7 +297,7 @@ static struct file_st *win32_splitter(DSO *dso, const char *filename, if (!result->filelen) result->file = NULL; - return (result); + return result; } static char *win32_joiner(DSO *dso, const struct file_st *file_split) @@ -313,7 +308,7 @@ static char *win32_joiner(DSO *dso, const struct file_st *file_split) if (!file_split) { DSOerr(DSO_F_WIN32_JOINER, ERR_R_PASSED_NULL_PARAMETER); - return (NULL); + return NULL; } if (file_split->node) { len += 2 + file_split->nodelen; /* 2 for starting \\ */ @@ -334,13 +329,13 @@ static char *win32_joiner(DSO *dso, const struct file_st *file_split) if (!len) { DSOerr(DSO_F_WIN32_JOINER, DSO_R_EMPTY_FILE_STRUCTURE); - return (NULL); + return NULL; } result = OPENSSL_malloc(len + 1); if (result == NULL) { DSOerr(DSO_F_WIN32_JOINER, ERR_R_MALLOC_FAILURE); - return (NULL); + return NULL; } if (file_split->node) { @@ -388,7 +383,7 @@ static char *win32_joiner(DSO *dso, const struct file_st *file_split) strncpy(&result[offset], file_split->file, file_split->filelen); offset += file_split->filelen; result[offset] = '\0'; - return (result); + return result; } static char *win32_merger(DSO *dso, const char *filespec1, @@ -400,33 +395,31 @@ static char *win32_merger(DSO *dso, const char *filespec1, if (!filespec1 && !filespec2) { DSOerr(DSO_F_WIN32_MERGER, ERR_R_PASSED_NULL_PARAMETER); - return (NULL); + return NULL; } if (!filespec2) { - merged = OPENSSL_malloc(strlen(filespec1) + 1); + merged = OPENSSL_strdup(filespec1); if (merged == NULL) { DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE); - return (NULL); + return NULL; } - strcpy(merged, filespec1); } else if (!filespec1) { - merged = OPENSSL_malloc(strlen(filespec2) + 1); + merged = OPENSSL_strdup(filespec2); if (merged == NULL) { DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE); - return (NULL); + return NULL; } - strcpy(merged, filespec2); } else { filespec1_split = win32_splitter(dso, filespec1, 0); if (!filespec1_split) { DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE); - return (NULL); + return NULL; } filespec2_split = win32_splitter(dso, filespec2, 1); if (!filespec2_split) { DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE); OPENSSL_free(filespec1_split); - return (NULL); + return NULL; } /* Fill in into filespec1_split */ @@ -453,7 +446,7 @@ static char *win32_merger(DSO *dso, const char *filespec1, } OPENSSL_free(filespec1_split); OPENSSL_free(filespec2_split); - return (merged); + return merged; } static char *win32_name_converter(DSO *dso, const char *filename) @@ -473,13 +466,13 @@ static char *win32_name_converter(DSO *dso, const char *filename) translated = OPENSSL_malloc(len + 1); if (translated == NULL) { DSOerr(DSO_F_WIN32_NAME_CONVERTER, DSO_R_NAME_TRANSLATION_FAILED); - return (NULL); + return NULL; } if (transform) sprintf(translated, "%s.dll", filename); else sprintf(translated, "%s", filename); - return (translated); + return translated; } static const char *openssl_strnchr(const char *string, int c, size_t len) diff --git a/deps/openssl/openssl/crypto/ebcdic.c b/deps/openssl/openssl/crypto/ebcdic.c index 68719538fb3012..2a8ca61010671e 100644 --- a/deps/openssl/openssl/crypto/ebcdic.c +++ b/deps/openssl/openssl/crypto/ebcdic.c @@ -14,11 +14,6 @@ NON_EMPTY_TRANSLATION_UNIT # include -/*- - * Initial Port for Apache-1.3 by - * Adapted for OpenSSL-0.9.4 by - */ - # ifdef CHARSET_EBCDIC_TEST /* * Here we're looking to test the EBCDIC code on an ASCII system so we don't do diff --git a/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-armv4.pl b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-armv4.pl index 4eb4c68977e4af..83abbdd895780d 100755 --- a/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-armv4.pl +++ b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-armv4.pl @@ -233,7 +233,7 @@ @ if a+b >= modulus, subtract modulus. @ @ But since comparison implies subtraction, we subtract - @ modulus and then add it back if subraction borrowed. + @ modulus and then add it back if subtraction borrowed. subs $a0,$a0,#-1 sbcs $a1,$a1,#-1 @@ -1222,7 +1222,7 @@ @ if a+b >= modulus, subtract modulus. @ @ But since comparison implies subtraction, we subtract - @ modulus and then add it back if subraction borrowed. + @ modulus and then add it back if subtraction borrowed. subs $a0,$a0,#-1 sbcs $a1,$a1,#-1 diff --git a/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-armv8.pl b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-armv8.pl index 2a39675bfd101c..1361cb395ffb20 100644 --- a/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-armv8.pl +++ b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-armv8.pl @@ -22,11 +22,10 @@ # http://eprint.iacr.org/2013/816. # # with/without -DECP_NISTZ256_ASM -# Apple A7 +120-360% -# Cortex-A53 +120-400% -# Cortex-A57 +120-350% -# X-Gene +200-330% -# Denver +140-400% +# Apple A7 +190-360% +# Cortex-A53 +190-400% +# Cortex-A57 +190-350% +# Denver +230-400% # # Ranges denote minimum and maximum improvement coefficients depending # on benchmark. Lower coefficients are for ECDSA sign, server-side @@ -109,6 +108,10 @@ .quad 0x0000000000000001,0xffffffff00000000,0xffffffffffffffff,0x00000000fffffffe .Lone: .quad 1,0,0,0 +.Lord: +.quad 0xf3b9cac2fc632551,0xbce6faada7179e84,0xffffffffffffffff,0xffffffff00000000 +.LordK: +.quad 0xccd1c8aaee00bc4f .asciz "ECP_NISTZ256 for ARMv8, CRYPTOGAMS by " // void ecp_nistz256_to_mont(BN_ULONG x0[4],const BN_ULONG x1[4]); @@ -660,7 +663,7 @@ adc $ap,xzr,xzr // zap $ap tst $acc0,#1 // is a even? - csel $acc0,$acc0,$t0,eq // ret = even ? a : a+modulus + csel $acc0,$acc0,$t0,eq // ret = even ? a : a+modulus csel $acc1,$acc1,$t1,eq csel $acc2,$acc2,$t2,eq csel $acc3,$acc3,$t3,eq @@ -1309,6 +1312,302 @@ ret .size ecp_nistz256_point_add_affine,.-ecp_nistz256_point_add_affine ___ +} +if (1) { +my ($ord0,$ord1) = ($poly1,$poly3); +my ($ord2,$ord3,$ordk,$t4) = map("x$_",(21..24)); +my $acc7 = $bi; + +$code.=<<___; +//////////////////////////////////////////////////////////////////////// +// void ecp_nistz256_ord_mul_mont(uint64_t res[4], uint64_t a[4], +// uint64_t b[4]); +.globl ecp_nistz256_ord_mul_mont +.type ecp_nistz256_ord_mul_mont,%function +.align 4 +ecp_nistz256_ord_mul_mont: + stp x29,x30,[sp,#-64]! + add x29,sp,#0 + stp x19,x20,[sp,#16] + stp x21,x22,[sp,#32] + stp x23,x24,[sp,#48] + + adr $ordk,.Lord + ldr $bi,[$bp] // bp[0] + ldp $a0,$a1,[$ap] + ldp $a2,$a3,[$ap,#16] + + ldp $ord0,$ord1,[$ordk,#0] + ldp $ord2,$ord3,[$ordk,#16] + ldr $ordk,[$ordk,#32] + + mul $acc0,$a0,$bi // a[0]*b[0] + umulh $t0,$a0,$bi + + mul $acc1,$a1,$bi // a[1]*b[0] + umulh $t1,$a1,$bi + + mul $acc2,$a2,$bi // a[2]*b[0] + umulh $t2,$a2,$bi + + mul $acc3,$a3,$bi // a[3]*b[0] + umulh $acc4,$a3,$bi + + mul $t4,$acc0,$ordk + + adds $acc1,$acc1,$t0 // accumulate high parts of multiplication + adcs $acc2,$acc2,$t1 + adcs $acc3,$acc3,$t2 + adc $acc4,$acc4,xzr + mov $acc5,xzr +___ +for ($i=1;$i<4;$i++) { + ################################################################ + # ffff0000.ffffffff.yyyyyyyy.zzzzzzzz + # * abcdefgh + # + xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx + # + # Now observing that ff..ff*x = (2^n-1)*x = 2^n*x-x, we + # rewrite above as: + # + # xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx + # - 0000abcd.efgh0000.abcdefgh.00000000.00000000 + # + abcdefgh.abcdefgh.yzayzbyz.cyzdyzey.zfyzgyzh +$code.=<<___; + ldr $bi,[$bp,#8*$i] // b[i] + + lsl $t0,$t4,#32 + subs $acc2,$acc2,$t4 + lsr $t1,$t4,#32 + sbcs $acc3,$acc3,$t0 + sbcs $acc4,$acc4,$t1 + sbc $acc5,$acc5,xzr + + subs xzr,$acc0,#1 + umulh $t1,$ord0,$t4 + mul $t2,$ord1,$t4 + umulh $t3,$ord1,$t4 + + adcs $t2,$t2,$t1 + mul $t0,$a0,$bi + adc $t3,$t3,xzr + mul $t1,$a1,$bi + + adds $acc0,$acc1,$t2 + mul $t2,$a2,$bi + adcs $acc1,$acc2,$t3 + mul $t3,$a3,$bi + adcs $acc2,$acc3,$t4 + adcs $acc3,$acc4,$t4 + adc $acc4,$acc5,xzr + + adds $acc0,$acc0,$t0 // accumulate low parts + umulh $t0,$a0,$bi + adcs $acc1,$acc1,$t1 + umulh $t1,$a1,$bi + adcs $acc2,$acc2,$t2 + umulh $t2,$a2,$bi + adcs $acc3,$acc3,$t3 + umulh $t3,$a3,$bi + adc $acc4,$acc4,xzr + mul $t4,$acc0,$ordk + adds $acc1,$acc1,$t0 // accumulate high parts + adcs $acc2,$acc2,$t1 + adcs $acc3,$acc3,$t2 + adcs $acc4,$acc4,$t3 + adc $acc5,xzr,xzr +___ +} +$code.=<<___; + lsl $t0,$t4,#32 // last reduction + subs $acc2,$acc2,$t4 + lsr $t1,$t4,#32 + sbcs $acc3,$acc3,$t0 + sbcs $acc4,$acc4,$t1 + sbc $acc5,$acc5,xzr + + subs xzr,$acc0,#1 + umulh $t1,$ord0,$t4 + mul $t2,$ord1,$t4 + umulh $t3,$ord1,$t4 + + adcs $t2,$t2,$t1 + adc $t3,$t3,xzr + + adds $acc0,$acc1,$t2 + adcs $acc1,$acc2,$t3 + adcs $acc2,$acc3,$t4 + adcs $acc3,$acc4,$t4 + adc $acc4,$acc5,xzr + + subs $t0,$acc0,$ord0 // ret -= modulus + sbcs $t1,$acc1,$ord1 + sbcs $t2,$acc2,$ord2 + sbcs $t3,$acc3,$ord3 + sbcs xzr,$acc4,xzr + + csel $acc0,$acc0,$t0,lo // ret = borrow ? ret : ret-modulus + csel $acc1,$acc1,$t1,lo + csel $acc2,$acc2,$t2,lo + stp $acc0,$acc1,[$rp] + csel $acc3,$acc3,$t3,lo + stp $acc2,$acc3,[$rp,#16] + + ldp x19,x20,[sp,#16] + ldp x21,x22,[sp,#32] + ldp x23,x24,[sp,#48] + ldr x29,[sp],#64 + ret +.size ecp_nistz256_ord_mul_mont,.-ecp_nistz256_ord_mul_mont + +//////////////////////////////////////////////////////////////////////// +// void ecp_nistz256_ord_sqr_mont(uint64_t res[4], uint64_t a[4], +// int rep); +.globl ecp_nistz256_ord_sqr_mont +.type ecp_nistz256_ord_sqr_mont,%function +.align 4 +ecp_nistz256_ord_sqr_mont: + stp x29,x30,[sp,#-64]! + add x29,sp,#0 + stp x19,x20,[sp,#16] + stp x21,x22,[sp,#32] + stp x23,x24,[sp,#48] + + adr $ordk,.Lord + ldp $a0,$a1,[$ap] + ldp $a2,$a3,[$ap,#16] + + ldp $ord0,$ord1,[$ordk,#0] + ldp $ord2,$ord3,[$ordk,#16] + ldr $ordk,[$ordk,#32] + b .Loop_ord_sqr + +.align 4 +.Loop_ord_sqr: + sub $bp,$bp,#1 + //////////////////////////////////////////////////////////////// + // | | | | | |a1*a0| | + // | | | | |a2*a0| | | + // | |a3*a2|a3*a0| | | | + // | | | |a2*a1| | | | + // | | |a3*a1| | | | | + // *| | | | | | | | 2| + // +|a3*a3|a2*a2|a1*a1|a0*a0| + // |--+--+--+--+--+--+--+--| + // |A7|A6|A5|A4|A3|A2|A1|A0|, where Ax is $accx, i.e. follow $accx + // + // "can't overflow" below mark carrying into high part of + // multiplication result, which can't overflow, because it + // can never be all ones. + + mul $acc1,$a1,$a0 // a[1]*a[0] + umulh $t1,$a1,$a0 + mul $acc2,$a2,$a0 // a[2]*a[0] + umulh $t2,$a2,$a0 + mul $acc3,$a3,$a0 // a[3]*a[0] + umulh $acc4,$a3,$a0 + + adds $acc2,$acc2,$t1 // accumulate high parts of multiplication + mul $t0,$a2,$a1 // a[2]*a[1] + umulh $t1,$a2,$a1 + adcs $acc3,$acc3,$t2 + mul $t2,$a3,$a1 // a[3]*a[1] + umulh $t3,$a3,$a1 + adc $acc4,$acc4,xzr // can't overflow + + mul $acc5,$a3,$a2 // a[3]*a[2] + umulh $acc6,$a3,$a2 + + adds $t1,$t1,$t2 // accumulate high parts of multiplication + mul $acc0,$a0,$a0 // a[0]*a[0] + adc $t2,$t3,xzr // can't overflow + + adds $acc3,$acc3,$t0 // accumulate low parts of multiplication + umulh $a0,$a0,$a0 + adcs $acc4,$acc4,$t1 + mul $t1,$a1,$a1 // a[1]*a[1] + adcs $acc5,$acc5,$t2 + umulh $a1,$a1,$a1 + adc $acc6,$acc6,xzr // can't overflow + + adds $acc1,$acc1,$acc1 // acc[1-6]*=2 + mul $t2,$a2,$a2 // a[2]*a[2] + adcs $acc2,$acc2,$acc2 + umulh $a2,$a2,$a2 + adcs $acc3,$acc3,$acc3 + mul $t3,$a3,$a3 // a[3]*a[3] + adcs $acc4,$acc4,$acc4 + umulh $a3,$a3,$a3 + adcs $acc5,$acc5,$acc5 + adcs $acc6,$acc6,$acc6 + adc $acc7,xzr,xzr + + adds $acc1,$acc1,$a0 // +a[i]*a[i] + mul $t4,$acc0,$ordk + adcs $acc2,$acc2,$t1 + adcs $acc3,$acc3,$a1 + adcs $acc4,$acc4,$t2 + adcs $acc5,$acc5,$a2 + adcs $acc6,$acc6,$t3 + adc $acc7,$acc7,$a3 +___ +for($i=0; $i<4; $i++) { # reductions +$code.=<<___; + subs xzr,$acc0,#1 + umulh $t1,$ord0,$t4 + mul $t2,$ord1,$t4 + umulh $t3,$ord1,$t4 + + adcs $t2,$t2,$t1 + adc $t3,$t3,xzr + + adds $acc0,$acc1,$t2 + adcs $acc1,$acc2,$t3 + adcs $acc2,$acc3,$t4 + adc $acc3,xzr,$t4 // can't overflow +___ +$code.=<<___ if ($i<3); + mul $t3,$acc0,$ordk +___ +$code.=<<___; + lsl $t0,$t4,#32 + subs $acc1,$acc1,$t4 + lsr $t1,$t4,#32 + sbcs $acc2,$acc2,$t0 + sbc $acc3,$acc3,$t1 // can't borrow +___ + ($t3,$t4) = ($t4,$t3); +} +$code.=<<___; + adds $acc0,$acc0,$acc4 // accumulate upper half + adcs $acc1,$acc1,$acc5 + adcs $acc2,$acc2,$acc6 + adcs $acc3,$acc3,$acc7 + adc $acc4,xzr,xzr + + subs $t0,$acc0,$ord0 // ret -= modulus + sbcs $t1,$acc1,$ord1 + sbcs $t2,$acc2,$ord2 + sbcs $t3,$acc3,$ord3 + sbcs xzr,$acc4,xzr + + csel $a0,$acc0,$t0,lo // ret = borrow ? ret : ret-modulus + csel $a1,$acc1,$t1,lo + csel $a2,$acc2,$t2,lo + csel $a3,$acc3,$t3,lo + + cbnz $bp,.Loop_ord_sqr + + stp $a0,$a1,[$rp] + stp $a2,$a3,[$rp,#16] + + ldp x19,x20,[sp,#16] + ldp x21,x22,[sp,#32] + ldp x23,x24,[sp,#48] + ldr x29,[sp],#64 + ret +.size ecp_nistz256_ord_sqr_mont,.-ecp_nistz256_ord_sqr_mont +___ } } ######################################################################## diff --git a/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-avx2.pl b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-avx2.pl index edd7d01281cab3..794e56a082fc8c 100755 --- a/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-avx2.pl +++ b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-avx2.pl @@ -1,39 +1,19 @@ #! /usr/bin/env perl # Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright (c) 2014, Intel Corporation. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy # in the file LICENSE in the source distribution or at # https://www.openssl.org/source/license.html - - -############################################################################## -# # -# Copyright 2014 Intel Corporation # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); # -# you may not use this file except in compliance with the License. # -# You may obtain a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -# # -############################################################################## -# # -# Developers and authors: # -# Shay Gueron (1, 2), and Vlad Krasnov (1) # -# (1) Intel Corporation, Israel Development Center # -# (2) University of Haifa # -# Reference: # -# S.Gueron and V.Krasnov, "Fast Prime Field Elliptic Curve Cryptography with# -# 256 Bit Primes" # -# # -############################################################################## +# +# Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1) +# (1) Intel Corporation, Israel Development Center, Haifa, Israel +# (2) University of Haifa, Israel +# +# Reference: +# S.Gueron and V.Krasnov, "Fast Prime Field Elliptic Curve Cryptography with +# 256 Bit Primes" $flavour = shift; $output = shift; @@ -157,7 +137,7 @@ { # This function receives a pointer to an array of four affine points -# (X, Y, <1>) and rearanges the data for AVX2 execution, while +# (X, Y, <1>) and rearranges the data for AVX2 execution, while # converting it to 2^29 radix redundant form my ($X0,$X1,$X2,$X3, $Y0,$Y1,$Y2,$Y3, @@ -309,7 +289,7 @@ { ################################################################################ # This function receives a pointer to an array of four AVX2 formatted points -# (X, Y, Z) convert the data to normal representation, and rearanges the data +# (X, Y, Z) convert the data to normal representation, and rearranges the data my ($D0,$D1,$D2,$D3, $D4,$D5,$D6,$D7, $D8)=map("%ymm$_",(0..8)); my ($T0,$T1,$T2,$T3, $T4,$T5,$T6)=map("%ymm$_",(9..15)); diff --git a/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-ppc64.pl b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-ppc64.pl new file mode 100755 index 00000000000000..984c7f205056c7 --- /dev/null +++ b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-ppc64.pl @@ -0,0 +1,2382 @@ +#! /usr/bin/env perl +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# ECP_NISTZ256 module for PPC64. +# +# August 2016. +# +# Original ECP_NISTZ256 submission targeting x86_64 is detailed in +# http://eprint.iacr.org/2013/816. +# +# with/without -DECP_NISTZ256_ASM +# POWER7 +260-530% +# POWER8 +220-340% + +$flavour = shift; +while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or +die "can't locate ppc-xlate.pl"; + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; + +my $sp="r1"; + +{ +my ($rp,$ap,$bp,$bi,$acc0,$acc1,$acc2,$acc3,$poly1,$poly3, + $acc4,$acc5,$a0,$a1,$a2,$a3,$t0,$t1,$t2,$t3) = + map("r$_",(3..12,22..31)); + +my ($acc6,$acc7)=($bp,$bi); # used in __ecp_nistz256_sqr_mont + +$code.=<<___; +.machine "any" +.text +___ +######################################################################## +# Convert ecp_nistz256_table.c to layout expected by ecp_nistz_gather_w7 +# +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +open TABLE,") { + s/TOBN\(\s*(0x[0-9a-f]+),\s*(0x[0-9a-f]+)\s*\)/push @arr,hex($2),hex($1)/geo; +} +close TABLE; + +# See ecp_nistz256_table.c for explanation for why it's 64*16*37. +# 64*16*37-1 is because $#arr returns last valid index or @arr, not +# amount of elements. +die "insane number of elements" if ($#arr != 64*16*37-1); + +$code.=<<___; +.type ecp_nistz256_precomputed,\@object +.globl ecp_nistz256_precomputed +.align 12 +ecp_nistz256_precomputed: +___ +######################################################################## +# this conversion smashes P256_POINT_AFFINE by individual bytes with +# 64 byte interval, similar to +# 1111222233334444 +# 1234123412341234 +for(1..37) { + @tbl = splice(@arr,0,64*16); + for($i=0;$i<64;$i++) { + undef @line; + for($j=0;$j<64;$j++) { + push @line,(@tbl[$j*16+$i/4]>>(($i%4)*8))&0xff; + } + $code.=".byte\t"; + $code.=join(',',map { sprintf "0x%02x",$_} @line); + $code.="\n"; + } +} + +$code.=<<___; +.size ecp_nistz256_precomputed,.-ecp_nistz256_precomputed +.asciz "ECP_NISTZ256 for PPC64, CRYPTOGAMS by " + +# void ecp_nistz256_mul_mont(BN_ULONG x0[4],const BN_ULONG x1[4], +# const BN_ULONG x2[4]); +.globl ecp_nistz256_mul_mont +.align 5 +ecp_nistz256_mul_mont: + stdu $sp,-128($sp) + mflr r0 + std r22,48($sp) + std r23,56($sp) + std r24,64($sp) + std r25,72($sp) + std r26,80($sp) + std r27,88($sp) + std r28,96($sp) + std r29,104($sp) + std r30,112($sp) + std r31,120($sp) + + ld $a0,0($ap) + ld $bi,0($bp) + ld $a1,8($ap) + ld $a2,16($ap) + ld $a3,24($ap) + + li $poly1,-1 + srdi $poly1,$poly1,32 # 0x00000000ffffffff + li $poly3,1 + orc $poly3,$poly3,$poly1 # 0xffffffff00000001 + + bl __ecp_nistz256_mul_mont + + mtlr r0 + ld r22,48($sp) + ld r23,56($sp) + ld r24,64($sp) + ld r25,72($sp) + ld r26,80($sp) + ld r27,88($sp) + ld r28,96($sp) + ld r29,104($sp) + ld r30,112($sp) + ld r31,120($sp) + addi $sp,$sp,128 + blr + .long 0 + .byte 0,12,4,0,0x80,10,3,0 + .long 0 +.size ecp_nistz256_mul_mont,.-ecp_nistz256_mul_mont + +# void ecp_nistz256_sqr_mont(BN_ULONG x0[4],const BN_ULONG x1[4]); +.globl ecp_nistz256_sqr_mont +.align 4 +ecp_nistz256_sqr_mont: + stdu $sp,-128($sp) + mflr r0 + std r22,48($sp) + std r23,56($sp) + std r24,64($sp) + std r25,72($sp) + std r26,80($sp) + std r27,88($sp) + std r28,96($sp) + std r29,104($sp) + std r30,112($sp) + std r31,120($sp) + + ld $a0,0($ap) + ld $a1,8($ap) + ld $a2,16($ap) + ld $a3,24($ap) + + li $poly1,-1 + srdi $poly1,$poly1,32 # 0x00000000ffffffff + li $poly3,1 + orc $poly3,$poly3,$poly1 # 0xffffffff00000001 + + bl __ecp_nistz256_sqr_mont + + mtlr r0 + ld r22,48($sp) + ld r23,56($sp) + ld r24,64($sp) + ld r25,72($sp) + ld r26,80($sp) + ld r27,88($sp) + ld r28,96($sp) + ld r29,104($sp) + ld r30,112($sp) + ld r31,120($sp) + addi $sp,$sp,128 + blr + .long 0 + .byte 0,12,4,0,0x80,10,2,0 + .long 0 +.size ecp_nistz256_sqr_mont,.-ecp_nistz256_sqr_mont + +# void ecp_nistz256_add(BN_ULONG x0[4],const BN_ULONG x1[4], +# const BN_ULONG x2[4]); +.globl ecp_nistz256_add +.align 4 +ecp_nistz256_add: + stdu $sp,-128($sp) + mflr r0 + std r28,96($sp) + std r29,104($sp) + std r30,112($sp) + std r31,120($sp) + + ld $acc0,0($ap) + ld $t0, 0($bp) + ld $acc1,8($ap) + ld $t1, 8($bp) + ld $acc2,16($ap) + ld $t2, 16($bp) + ld $acc3,24($ap) + ld $t3, 24($bp) + + li $poly1,-1 + srdi $poly1,$poly1,32 # 0x00000000ffffffff + li $poly3,1 + orc $poly3,$poly3,$poly1 # 0xffffffff00000001 + + bl __ecp_nistz256_add + + mtlr r0 + ld r28,96($sp) + ld r29,104($sp) + ld r30,112($sp) + ld r31,120($sp) + addi $sp,$sp,128 + blr + .long 0 + .byte 0,12,4,0,0x80,4,3,0 + .long 0 +.size ecp_nistz256_add,.-ecp_nistz256_add + +# void ecp_nistz256_div_by_2(BN_ULONG x0[4],const BN_ULONG x1[4]); +.globl ecp_nistz256_div_by_2 +.align 4 +ecp_nistz256_div_by_2: + stdu $sp,-128($sp) + mflr r0 + std r28,96($sp) + std r29,104($sp) + std r30,112($sp) + std r31,120($sp) + + ld $acc0,0($ap) + ld $acc1,8($ap) + ld $acc2,16($ap) + ld $acc3,24($ap) + + li $poly1,-1 + srdi $poly1,$poly1,32 # 0x00000000ffffffff + li $poly3,1 + orc $poly3,$poly3,$poly1 # 0xffffffff00000001 + + bl __ecp_nistz256_div_by_2 + + mtlr r0 + ld r28,96($sp) + ld r29,104($sp) + ld r30,112($sp) + ld r31,120($sp) + addi $sp,$sp,128 + blr + .long 0 + .byte 0,12,4,0,0x80,4,2,0 + .long 0 +.size ecp_nistz256_div_by_2,.-ecp_nistz256_div_by_2 + +# void ecp_nistz256_mul_by_2(BN_ULONG x0[4],const BN_ULONG x1[4]); +.globl ecp_nistz256_mul_by_2 +.align 4 +ecp_nistz256_mul_by_2: + stdu $sp,-128($sp) + mflr r0 + std r28,96($sp) + std r29,104($sp) + std r30,112($sp) + std r31,120($sp) + + ld $acc0,0($ap) + ld $acc1,8($ap) + ld $acc2,16($ap) + ld $acc3,24($ap) + + mr $t0,$acc0 + mr $t1,$acc1 + mr $t2,$acc2 + mr $t3,$acc3 + + li $poly1,-1 + srdi $poly1,$poly1,32 # 0x00000000ffffffff + li $poly3,1 + orc $poly3,$poly3,$poly1 # 0xffffffff00000001 + + bl __ecp_nistz256_add # ret = a+a // 2*a + + mtlr r0 + ld r28,96($sp) + ld r29,104($sp) + ld r30,112($sp) + ld r31,120($sp) + addi $sp,$sp,128 + blr + .long 0 + .byte 0,12,4,0,0x80,4,3,0 + .long 0 +.size ecp_nistz256_mul_by_2,.-ecp_nistz256_mul_by_2 + +# void ecp_nistz256_mul_by_3(BN_ULONG x0[4],const BN_ULONG x1[4]); +.globl ecp_nistz256_mul_by_3 +.align 4 +ecp_nistz256_mul_by_3: + stdu $sp,-128($sp) + mflr r0 + std r28,96($sp) + std r29,104($sp) + std r30,112($sp) + std r31,120($sp) + + ld $acc0,0($ap) + ld $acc1,8($ap) + ld $acc2,16($ap) + ld $acc3,24($ap) + + mr $t0,$acc0 + std $acc0,64($sp) + mr $t1,$acc1 + std $acc1,72($sp) + mr $t2,$acc2 + std $acc2,80($sp) + mr $t3,$acc3 + std $acc3,88($sp) + + li $poly1,-1 + srdi $poly1,$poly1,32 # 0x00000000ffffffff + li $poly3,1 + orc $poly3,$poly3,$poly1 # 0xffffffff00000001 + + bl __ecp_nistz256_add # ret = a+a // 2*a + + ld $t0,64($sp) + ld $t1,72($sp) + ld $t2,80($sp) + ld $t3,88($sp) + + bl __ecp_nistz256_add # ret += a // 2*a+a=3*a + + mtlr r0 + ld r28,96($sp) + ld r29,104($sp) + ld r30,112($sp) + ld r31,120($sp) + addi $sp,$sp,128 + blr + .long 0 + .byte 0,12,4,0,0x80,4,2,0 + .long 0 +.size ecp_nistz256_mul_by_3,.-ecp_nistz256_mul_by_3 + +# void ecp_nistz256_sub(BN_ULONG x0[4],const BN_ULONG x1[4], +# const BN_ULONG x2[4]); +.globl ecp_nistz256_sub +.align 4 +ecp_nistz256_sub: + stdu $sp,-128($sp) + mflr r0 + std r28,96($sp) + std r29,104($sp) + std r30,112($sp) + std r31,120($sp) + + ld $acc0,0($ap) + ld $acc1,8($ap) + ld $acc2,16($ap) + ld $acc3,24($ap) + + li $poly1,-1 + srdi $poly1,$poly1,32 # 0x00000000ffffffff + li $poly3,1 + orc $poly3,$poly3,$poly1 # 0xffffffff00000001 + + bl __ecp_nistz256_sub_from + + mtlr r0 + ld r28,96($sp) + ld r29,104($sp) + ld r30,112($sp) + ld r31,120($sp) + addi $sp,$sp,128 + blr + .long 0 + .byte 0,12,4,0,0x80,4,3,0 + .long 0 +.size ecp_nistz256_sub,.-ecp_nistz256_sub + +# void ecp_nistz256_neg(BN_ULONG x0[4],const BN_ULONG x1[4]); +.globl ecp_nistz256_neg +.align 4 +ecp_nistz256_neg: + stdu $sp,-128($sp) + mflr r0 + std r28,96($sp) + std r29,104($sp) + std r30,112($sp) + std r31,120($sp) + + mr $bp,$ap + li $acc0,0 + li $acc1,0 + li $acc2,0 + li $acc3,0 + + li $poly1,-1 + srdi $poly1,$poly1,32 # 0x00000000ffffffff + li $poly3,1 + orc $poly3,$poly3,$poly1 # 0xffffffff00000001 + + bl __ecp_nistz256_sub_from + + mtlr r0 + ld r28,96($sp) + ld r29,104($sp) + ld r30,112($sp) + ld r31,120($sp) + addi $sp,$sp,128 + blr + .long 0 + .byte 0,12,4,0,0x80,4,2,0 + .long 0 +.size ecp_nistz256_neg,.-ecp_nistz256_neg + +# note that __ecp_nistz256_mul_mont expects a[0-3] input pre-loaded +# to $a0-$a3 and b[0] - to $bi +.type __ecp_nistz256_mul_mont,\@function +.align 4 +__ecp_nistz256_mul_mont: + mulld $acc0,$a0,$bi # a[0]*b[0] + mulhdu $t0,$a0,$bi + + mulld $acc1,$a1,$bi # a[1]*b[0] + mulhdu $t1,$a1,$bi + + mulld $acc2,$a2,$bi # a[2]*b[0] + mulhdu $t2,$a2,$bi + + mulld $acc3,$a3,$bi # a[3]*b[0] + mulhdu $t3,$a3,$bi + ld $bi,8($bp) # b[1] + + addc $acc1,$acc1,$t0 # accumulate high parts of multiplication + sldi $t0,$acc0,32 + adde $acc2,$acc2,$t1 + srdi $t1,$acc0,32 + adde $acc3,$acc3,$t2 + addze $acc4,$t3 + li $acc5,0 +___ +for($i=1;$i<4;$i++) { + ################################################################ + # Reduction iteration is normally performed by accumulating + # result of multiplication of modulus by "magic" digit [and + # omitting least significant word, which is guaranteed to + # be 0], but thanks to special form of modulus and "magic" + # digit being equal to least significant word, it can be + # performed with additions and subtractions alone. Indeed: + # + # ffff0001.00000000.0000ffff.ffffffff + # * abcdefgh + # + xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.abcdefgh + # + # Now observing that ff..ff*x = (2^n-1)*x = 2^n*x-x, we + # rewrite above as: + # + # xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.abcdefgh + # + abcdefgh.abcdefgh.0000abcd.efgh0000.00000000 + # - 0000abcd.efgh0000.00000000.00000000.abcdefgh + # + # or marking redundant operations: + # + # xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.-------- + # + abcdefgh.abcdefgh.0000abcd.efgh0000.-------- + # - 0000abcd.efgh0000.--------.--------.-------- + +$code.=<<___; + subfc $t2,$t0,$acc0 # "*0xffff0001" + subfe $t3,$t1,$acc0 + addc $acc0,$acc1,$t0 # +=acc[0]<<96 and omit acc[0] + adde $acc1,$acc2,$t1 + adde $acc2,$acc3,$t2 # +=acc[0]*0xffff0001 + adde $acc3,$acc4,$t3 + addze $acc4,$acc5 + + mulld $t0,$a0,$bi # lo(a[0]*b[i]) + mulld $t1,$a1,$bi # lo(a[1]*b[i]) + mulld $t2,$a2,$bi # lo(a[2]*b[i]) + mulld $t3,$a3,$bi # lo(a[3]*b[i]) + addc $acc0,$acc0,$t0 # accumulate low parts of multiplication + mulhdu $t0,$a0,$bi # hi(a[0]*b[i]) + adde $acc1,$acc1,$t1 + mulhdu $t1,$a1,$bi # hi(a[1]*b[i]) + adde $acc2,$acc2,$t2 + mulhdu $t2,$a2,$bi # hi(a[2]*b[i]) + adde $acc3,$acc3,$t3 + mulhdu $t3,$a3,$bi # hi(a[3]*b[i]) + addze $acc4,$acc4 +___ +$code.=<<___ if ($i<3); + ld $bi,8*($i+1)($bp) # b[$i+1] +___ +$code.=<<___; + addc $acc1,$acc1,$t0 # accumulate high parts of multiplication + sldi $t0,$acc0,32 + adde $acc2,$acc2,$t1 + srdi $t1,$acc0,32 + adde $acc3,$acc3,$t2 + adde $acc4,$acc4,$t3 + li $acc5,0 + addze $acc5,$acc5 +___ +} +$code.=<<___; + # last reduction + subfc $t2,$t0,$acc0 # "*0xffff0001" + subfe $t3,$t1,$acc0 + addc $acc0,$acc1,$t0 # +=acc[0]<<96 and omit acc[0] + adde $acc1,$acc2,$t1 + adde $acc2,$acc3,$t2 # +=acc[0]*0xffff0001 + adde $acc3,$acc4,$t3 + addze $acc4,$acc5 + + li $t2,0 + addic $acc0,$acc0,1 # ret -= modulus + subfe $acc1,$poly1,$acc1 + subfe $acc2,$t2,$acc2 + subfe $acc3,$poly3,$acc3 + subfe $acc4,$t2,$acc4 + + addc $acc0,$acc0,$acc4 # ret += modulus if borrow + and $t1,$poly1,$acc4 + and $t3,$poly3,$acc4 + adde $acc1,$acc1,$t1 + addze $acc2,$acc2 + adde $acc3,$acc3,$t3 + + std $acc0,0($rp) + std $acc1,8($rp) + std $acc2,16($rp) + std $acc3,24($rp) + + blr + .long 0 + .byte 0,12,0x14,0,0,0,1,0 + .long 0 +.size __ecp_nistz256_mul_mont,.-__ecp_nistz256_mul_mont + +# note that __ecp_nistz256_sqr_mont expects a[0-3] input pre-loaded +# to $a0-$a3 +.type __ecp_nistz256_sqr_mont,\@function +.align 4 +__ecp_nistz256_sqr_mont: + ################################################################ + # | | | | | |a1*a0| | + # | | | | |a2*a0| | | + # | |a3*a2|a3*a0| | | | + # | | | |a2*a1| | | | + # | | |a3*a1| | | | | + # *| | | | | | | | 2| + # +|a3*a3|a2*a2|a1*a1|a0*a0| + # |--+--+--+--+--+--+--+--| + # |A7|A6|A5|A4|A3|A2|A1|A0|, where Ax is $accx, i.e. follow $accx + # + # "can't overflow" below mark carrying into high part of + # multiplication result, which can't overflow, because it + # can never be all ones. + + mulld $acc1,$a1,$a0 # a[1]*a[0] + mulhdu $t1,$a1,$a0 + mulld $acc2,$a2,$a0 # a[2]*a[0] + mulhdu $t2,$a2,$a0 + mulld $acc3,$a3,$a0 # a[3]*a[0] + mulhdu $acc4,$a3,$a0 + + addc $acc2,$acc2,$t1 # accumulate high parts of multiplication + mulld $t0,$a2,$a1 # a[2]*a[1] + mulhdu $t1,$a2,$a1 + adde $acc3,$acc3,$t2 + mulld $t2,$a3,$a1 # a[3]*a[1] + mulhdu $t3,$a3,$a1 + addze $acc4,$acc4 # can't overflow + + mulld $acc5,$a3,$a2 # a[3]*a[2] + mulhdu $acc6,$a3,$a2 + + addc $t1,$t1,$t2 # accumulate high parts of multiplication + addze $t2,$t3 # can't overflow + + addc $acc3,$acc3,$t0 # accumulate low parts of multiplication + adde $acc4,$acc4,$t1 + adde $acc5,$acc5,$t2 + addze $acc6,$acc6 # can't overflow + + addc $acc1,$acc1,$acc1 # acc[1-6]*=2 + adde $acc2,$acc2,$acc2 + adde $acc3,$acc3,$acc3 + adde $acc4,$acc4,$acc4 + adde $acc5,$acc5,$acc5 + adde $acc6,$acc6,$acc6 + li $acc7,0 + addze $acc7,$acc7 + + mulld $acc0,$a0,$a0 # a[0]*a[0] + mulhdu $a0,$a0,$a0 + mulld $t1,$a1,$a1 # a[1]*a[1] + mulhdu $a1,$a1,$a1 + mulld $t2,$a2,$a2 # a[2]*a[2] + mulhdu $a2,$a2,$a2 + mulld $t3,$a3,$a3 # a[3]*a[3] + mulhdu $a3,$a3,$a3 + addc $acc1,$acc1,$a0 # +a[i]*a[i] + sldi $t0,$acc0,32 + adde $acc2,$acc2,$t1 + srdi $t1,$acc0,32 + adde $acc3,$acc3,$a1 + adde $acc4,$acc4,$t2 + adde $acc5,$acc5,$a2 + adde $acc6,$acc6,$t3 + adde $acc7,$acc7,$a3 +___ +for($i=0;$i<3;$i++) { # reductions, see commentary in + # multiplication for details +$code.=<<___; + subfc $t2,$t0,$acc0 # "*0xffff0001" + subfe $t3,$t1,$acc0 + addc $acc0,$acc1,$t0 # +=acc[0]<<96 and omit acc[0] + sldi $t0,$acc0,32 + adde $acc1,$acc2,$t1 + srdi $t1,$acc0,32 + adde $acc2,$acc3,$t2 # +=acc[0]*0xffff0001 + addze $acc3,$t3 # can't overflow +___ +} +$code.=<<___; + subfc $t2,$t0,$acc0 # "*0xffff0001" + subfe $t3,$t1,$acc0 + addc $acc0,$acc1,$t0 # +=acc[0]<<96 and omit acc[0] + adde $acc1,$acc2,$t1 + adde $acc2,$acc3,$t2 # +=acc[0]*0xffff0001 + addze $acc3,$t3 # can't overflow + + addc $acc0,$acc0,$acc4 # accumulate upper half + adde $acc1,$acc1,$acc5 + adde $acc2,$acc2,$acc6 + adde $acc3,$acc3,$acc7 + li $t2,0 + addze $acc4,$t2 + + addic $acc0,$acc0,1 # ret -= modulus + subfe $acc1,$poly1,$acc1 + subfe $acc2,$t2,$acc2 + subfe $acc3,$poly3,$acc3 + subfe $acc4,$t2,$acc4 + + addc $acc0,$acc0,$acc4 # ret += modulus if borrow + and $t1,$poly1,$acc4 + and $t3,$poly3,$acc4 + adde $acc1,$acc1,$t1 + addze $acc2,$acc2 + adde $acc3,$acc3,$t3 + + std $acc0,0($rp) + std $acc1,8($rp) + std $acc2,16($rp) + std $acc3,24($rp) + + blr + .long 0 + .byte 0,12,0x14,0,0,0,1,0 + .long 0 +.size __ecp_nistz256_sqr_mont,.-__ecp_nistz256_sqr_mont + +# Note that __ecp_nistz256_add expects both input vectors pre-loaded to +# $a0-$a3 and $t0-$t3. This is done because it's used in multiple +# contexts, e.g. in multiplication by 2 and 3... +.type __ecp_nistz256_add,\@function +.align 4 +__ecp_nistz256_add: + addc $acc0,$acc0,$t0 # ret = a+b + adde $acc1,$acc1,$t1 + adde $acc2,$acc2,$t2 + li $t2,0 + adde $acc3,$acc3,$t3 + addze $t0,$t2 + + # if a+b >= modulus, subtract modulus + # + # But since comparison implies subtraction, we subtract + # modulus and then add it back if subtraction borrowed. + + subic $acc0,$acc0,-1 + subfe $acc1,$poly1,$acc1 + subfe $acc2,$t2,$acc2 + subfe $acc3,$poly3,$acc3 + subfe $t0,$t2,$t0 + + addc $acc0,$acc0,$t0 + and $t1,$poly1,$t0 + and $t3,$poly3,$t0 + adde $acc1,$acc1,$t1 + addze $acc2,$acc2 + adde $acc3,$acc3,$t3 + + std $acc0,0($rp) + std $acc1,8($rp) + std $acc2,16($rp) + std $acc3,24($rp) + + blr + .long 0 + .byte 0,12,0x14,0,0,0,3,0 + .long 0 +.size __ecp_nistz256_add,.-__ecp_nistz256_add + +.type __ecp_nistz256_sub_from,\@function +.align 4 +__ecp_nistz256_sub_from: + ld $t0,0($bp) + ld $t1,8($bp) + ld $t2,16($bp) + ld $t3,24($bp) + subfc $acc0,$t0,$acc0 # ret = a-b + subfe $acc1,$t1,$acc1 + subfe $acc2,$t2,$acc2 + subfe $acc3,$t3,$acc3 + subfe $t0,$t0,$t0 # t0 = borrow ? -1 : 0 + + # if a-b borrowed, add modulus + + addc $acc0,$acc0,$t0 # ret -= modulus & t0 + and $t1,$poly1,$t0 + and $t3,$poly3,$t0 + adde $acc1,$acc1,$t1 + addze $acc2,$acc2 + adde $acc3,$acc3,$t3 + + std $acc0,0($rp) + std $acc1,8($rp) + std $acc2,16($rp) + std $acc3,24($rp) + + blr + .long 0 + .byte 0,12,0x14,0,0,0,3,0 + .long 0 +.size __ecp_nistz256_sub_from,.-__ecp_nistz256_sub_from + +.type __ecp_nistz256_sub_morf,\@function +.align 4 +__ecp_nistz256_sub_morf: + ld $t0,0($bp) + ld $t1,8($bp) + ld $t2,16($bp) + ld $t3,24($bp) + subfc $acc0,$acc0,$t0 # ret = b-a + subfe $acc1,$acc1,$t1 + subfe $acc2,$acc2,$t2 + subfe $acc3,$acc3,$t3 + subfe $t0,$t0,$t0 # t0 = borrow ? -1 : 0 + + # if b-a borrowed, add modulus + + addc $acc0,$acc0,$t0 # ret -= modulus & t0 + and $t1,$poly1,$t0 + and $t3,$poly3,$t0 + adde $acc1,$acc1,$t1 + addze $acc2,$acc2 + adde $acc3,$acc3,$t3 + + std $acc0,0($rp) + std $acc1,8($rp) + std $acc2,16($rp) + std $acc3,24($rp) + + blr + .long 0 + .byte 0,12,0x14,0,0,0,3,0 + .long 0 +.size __ecp_nistz256_sub_morf,.-__ecp_nistz256_sub_morf + +.type __ecp_nistz256_div_by_2,\@function +.align 4 +__ecp_nistz256_div_by_2: + andi. $t0,$acc0,1 + addic $acc0,$acc0,-1 # a += modulus + neg $t0,$t0 + adde $acc1,$acc1,$poly1 + not $t0,$t0 + addze $acc2,$acc2 + li $t2,0 + adde $acc3,$acc3,$poly3 + and $t1,$poly1,$t0 + addze $ap,$t2 # ap = carry + and $t3,$poly3,$t0 + + subfc $acc0,$t0,$acc0 # a -= modulus if a was even + subfe $acc1,$t1,$acc1 + subfe $acc2,$t2,$acc2 + subfe $acc3,$t3,$acc3 + subfe $ap, $t2,$ap + + srdi $acc0,$acc0,1 + sldi $t0,$acc1,63 + srdi $acc1,$acc1,1 + sldi $t1,$acc2,63 + srdi $acc2,$acc2,1 + sldi $t2,$acc3,63 + srdi $acc3,$acc3,1 + sldi $t3,$ap,63 + or $acc0,$acc0,$t0 + or $acc1,$acc1,$t1 + or $acc2,$acc2,$t2 + or $acc3,$acc3,$t3 + + std $acc0,0($rp) + std $acc1,8($rp) + std $acc2,16($rp) + std $acc3,24($rp) + + blr + .long 0 + .byte 0,12,0x14,0,0,0,1,0 + .long 0 +.size __ecp_nistz256_div_by_2,.-__ecp_nistz256_div_by_2 +___ +######################################################################## +# following subroutines are "literal" implementation of those found in +# ecp_nistz256.c +# +######################################################################## +# void ecp_nistz256_point_double(P256_POINT *out,const P256_POINT *inp); +# +if (1) { +my $FRAME=64+32*4+12*8; +my ($S,$M,$Zsqr,$tmp0)=map(64+32*$_,(0..3)); +# above map() describes stack layout with 4 temporary +# 256-bit vectors on top. +my ($rp_real,$ap_real) = map("r$_",(20,21)); + +$code.=<<___; +.globl ecp_nistz256_point_double +.align 5 +ecp_nistz256_point_double: + stdu $sp,-$FRAME($sp) + mflr r0 + std r20,$FRAME-8*12($sp) + std r21,$FRAME-8*11($sp) + std r22,$FRAME-8*10($sp) + std r23,$FRAME-8*9($sp) + std r24,$FRAME-8*8($sp) + std r25,$FRAME-8*7($sp) + std r26,$FRAME-8*6($sp) + std r27,$FRAME-8*5($sp) + std r28,$FRAME-8*4($sp) + std r29,$FRAME-8*3($sp) + std r30,$FRAME-8*2($sp) + std r31,$FRAME-8*1($sp) + + li $poly1,-1 + srdi $poly1,$poly1,32 # 0x00000000ffffffff + li $poly3,1 + orc $poly3,$poly3,$poly1 # 0xffffffff00000001 +.Ldouble_shortcut: + ld $acc0,32($ap) + ld $acc1,40($ap) + ld $acc2,48($ap) + ld $acc3,56($ap) + mr $t0,$acc0 + mr $t1,$acc1 + mr $t2,$acc2 + mr $t3,$acc3 + ld $a0,64($ap) # forward load for p256_sqr_mont + ld $a1,72($ap) + ld $a2,80($ap) + ld $a3,88($ap) + mr $rp_real,$rp + mr $ap_real,$ap + addi $rp,$sp,$S + bl __ecp_nistz256_add # p256_mul_by_2(S, in_y); + + addi $rp,$sp,$Zsqr + bl __ecp_nistz256_sqr_mont # p256_sqr_mont(Zsqr, in_z); + + ld $t0,0($ap_real) + ld $t1,8($ap_real) + ld $t2,16($ap_real) + ld $t3,24($ap_real) + mr $a0,$acc0 # put Zsqr aside for p256_sub + mr $a1,$acc1 + mr $a2,$acc2 + mr $a3,$acc3 + addi $rp,$sp,$M + bl __ecp_nistz256_add # p256_add(M, Zsqr, in_x); + + addi $bp,$ap_real,0 + mr $acc0,$a0 # restore Zsqr + mr $acc1,$a1 + mr $acc2,$a2 + mr $acc3,$a3 + ld $a0,$S+0($sp) # forward load for p256_sqr_mont + ld $a1,$S+8($sp) + ld $a2,$S+16($sp) + ld $a3,$S+24($sp) + addi $rp,$sp,$Zsqr + bl __ecp_nistz256_sub_morf # p256_sub(Zsqr, in_x, Zsqr); + + addi $rp,$sp,$S + bl __ecp_nistz256_sqr_mont # p256_sqr_mont(S, S); + + ld $bi,32($ap_real) + ld $a0,64($ap_real) + ld $a1,72($ap_real) + ld $a2,80($ap_real) + ld $a3,88($ap_real) + addi $bp,$ap_real,32 + addi $rp,$sp,$tmp0 + bl __ecp_nistz256_mul_mont # p256_mul_mont(tmp0, in_z, in_y); + + mr $t0,$acc0 + mr $t1,$acc1 + mr $t2,$acc2 + mr $t3,$acc3 + ld $a0,$S+0($sp) # forward load for p256_sqr_mont + ld $a1,$S+8($sp) + ld $a2,$S+16($sp) + ld $a3,$S+24($sp) + addi $rp,$rp_real,64 + bl __ecp_nistz256_add # p256_mul_by_2(res_z, tmp0); + + addi $rp,$sp,$tmp0 + bl __ecp_nistz256_sqr_mont # p256_sqr_mont(tmp0, S); + + ld $bi,$Zsqr($sp) # forward load for p256_mul_mont + ld $a0,$M+0($sp) + ld $a1,$M+8($sp) + ld $a2,$M+16($sp) + ld $a3,$M+24($sp) + addi $rp,$rp_real,32 + bl __ecp_nistz256_div_by_2 # p256_div_by_2(res_y, tmp0); + + addi $bp,$sp,$Zsqr + addi $rp,$sp,$M + bl __ecp_nistz256_mul_mont # p256_mul_mont(M, M, Zsqr); + + mr $t0,$acc0 # duplicate M + mr $t1,$acc1 + mr $t2,$acc2 + mr $t3,$acc3 + mr $a0,$acc0 # put M aside + mr $a1,$acc1 + mr $a2,$acc2 + mr $a3,$acc3 + addi $rp,$sp,$M + bl __ecp_nistz256_add + mr $t0,$a0 # restore M + mr $t1,$a1 + mr $t2,$a2 + mr $t3,$a3 + ld $bi,0($ap_real) # forward load for p256_mul_mont + ld $a0,$S+0($sp) + ld $a1,$S+8($sp) + ld $a2,$S+16($sp) + ld $a3,$S+24($sp) + bl __ecp_nistz256_add # p256_mul_by_3(M, M); + + addi $bp,$ap_real,0 + addi $rp,$sp,$S + bl __ecp_nistz256_mul_mont # p256_mul_mont(S, S, in_x); + + mr $t0,$acc0 + mr $t1,$acc1 + mr $t2,$acc2 + mr $t3,$acc3 + ld $a0,$M+0($sp) # forward load for p256_sqr_mont + ld $a1,$M+8($sp) + ld $a2,$M+16($sp) + ld $a3,$M+24($sp) + addi $rp,$sp,$tmp0 + bl __ecp_nistz256_add # p256_mul_by_2(tmp0, S); + + addi $rp,$rp_real,0 + bl __ecp_nistz256_sqr_mont # p256_sqr_mont(res_x, M); + + addi $bp,$sp,$tmp0 + bl __ecp_nistz256_sub_from # p256_sub(res_x, res_x, tmp0); + + addi $bp,$sp,$S + addi $rp,$sp,$S + bl __ecp_nistz256_sub_morf # p256_sub(S, S, res_x); + + ld $bi,$M($sp) + mr $a0,$acc0 # copy S + mr $a1,$acc1 + mr $a2,$acc2 + mr $a3,$acc3 + addi $bp,$sp,$M + bl __ecp_nistz256_mul_mont # p256_mul_mont(S, S, M); + + addi $bp,$rp_real,32 + addi $rp,$rp_real,32 + bl __ecp_nistz256_sub_from # p256_sub(res_y, S, res_y); + + mtlr r0 + ld r20,$FRAME-8*12($sp) + ld r21,$FRAME-8*11($sp) + ld r22,$FRAME-8*10($sp) + ld r23,$FRAME-8*9($sp) + ld r24,$FRAME-8*8($sp) + ld r25,$FRAME-8*7($sp) + ld r26,$FRAME-8*6($sp) + ld r27,$FRAME-8*5($sp) + ld r28,$FRAME-8*4($sp) + ld r29,$FRAME-8*3($sp) + ld r30,$FRAME-8*2($sp) + ld r31,$FRAME-8*1($sp) + addi $sp,$sp,$FRAME + blr + .long 0 + .byte 0,12,4,0,0x80,12,2,0 + .long 0 +.size ecp_nistz256_point_double,.-ecp_nistz256_point_double +___ +} + +######################################################################## +# void ecp_nistz256_point_add(P256_POINT *out,const P256_POINT *in1, +# const P256_POINT *in2); +if (1) { +my $FRAME = 64 + 32*12 + 16*8; +my ($res_x,$res_y,$res_z, + $H,$Hsqr,$R,$Rsqr,$Hcub, + $U1,$U2,$S1,$S2)=map(64+32*$_,(0..11)); +my ($Z1sqr, $Z2sqr) = ($Hsqr, $Rsqr); +# above map() describes stack layout with 12 temporary +# 256-bit vectors on top. +my ($rp_real,$ap_real,$bp_real,$in1infty,$in2infty,$temp)=map("r$_",(16..21)); + +$code.=<<___; +.globl ecp_nistz256_point_add +.align 5 +ecp_nistz256_point_add: + stdu $sp,-$FRAME($sp) + mflr r0 + std r16,$FRAME-8*16($sp) + std r17,$FRAME-8*15($sp) + std r18,$FRAME-8*14($sp) + std r19,$FRAME-8*13($sp) + std r20,$FRAME-8*12($sp) + std r21,$FRAME-8*11($sp) + std r22,$FRAME-8*10($sp) + std r23,$FRAME-8*9($sp) + std r24,$FRAME-8*8($sp) + std r25,$FRAME-8*7($sp) + std r26,$FRAME-8*6($sp) + std r27,$FRAME-8*5($sp) + std r28,$FRAME-8*4($sp) + std r29,$FRAME-8*3($sp) + std r30,$FRAME-8*2($sp) + std r31,$FRAME-8*1($sp) + + li $poly1,-1 + srdi $poly1,$poly1,32 # 0x00000000ffffffff + li $poly3,1 + orc $poly3,$poly3,$poly1 # 0xffffffff00000001 + + ld $a0,64($bp) # in2_z + ld $a1,72($bp) + ld $a2,80($bp) + ld $a3,88($bp) + mr $rp_real,$rp + mr $ap_real,$ap + mr $bp_real,$bp + or $t0,$a0,$a1 + or $t2,$a2,$a3 + or $in2infty,$t0,$t2 + neg $t0,$in2infty + or $in2infty,$in2infty,$t0 + sradi $in2infty,$in2infty,63 # !in2infty + addi $rp,$sp,$Z2sqr + bl __ecp_nistz256_sqr_mont # p256_sqr_mont(Z2sqr, in2_z); + + ld $a0,64($ap_real) # in1_z + ld $a1,72($ap_real) + ld $a2,80($ap_real) + ld $a3,88($ap_real) + or $t0,$a0,$a1 + or $t2,$a2,$a3 + or $in1infty,$t0,$t2 + neg $t0,$in1infty + or $in1infty,$in1infty,$t0 + sradi $in1infty,$in1infty,63 # !in1infty + addi $rp,$sp,$Z1sqr + bl __ecp_nistz256_sqr_mont # p256_sqr_mont(Z1sqr, in1_z); + + ld $bi,64($bp_real) + ld $a0,$Z2sqr+0($sp) + ld $a1,$Z2sqr+8($sp) + ld $a2,$Z2sqr+16($sp) + ld $a3,$Z2sqr+24($sp) + addi $bp,$bp_real,64 + addi $rp,$sp,$S1 + bl __ecp_nistz256_mul_mont # p256_mul_mont(S1, Z2sqr, in2_z); + + ld $bi,64($ap_real) + ld $a0,$Z1sqr+0($sp) + ld $a1,$Z1sqr+8($sp) + ld $a2,$Z1sqr+16($sp) + ld $a3,$Z1sqr+24($sp) + addi $bp,$ap_real,64 + addi $rp,$sp,$S2 + bl __ecp_nistz256_mul_mont # p256_mul_mont(S2, Z1sqr, in1_z); + + ld $bi,32($ap_real) + ld $a0,$S1+0($sp) + ld $a1,$S1+8($sp) + ld $a2,$S1+16($sp) + ld $a3,$S1+24($sp) + addi $bp,$ap_real,32 + addi $rp,$sp,$S1 + bl __ecp_nistz256_mul_mont # p256_mul_mont(S1, S1, in1_y); + + ld $bi,32($bp_real) + ld $a0,$S2+0($sp) + ld $a1,$S2+8($sp) + ld $a2,$S2+16($sp) + ld $a3,$S2+24($sp) + addi $bp,$bp_real,32 + addi $rp,$sp,$S2 + bl __ecp_nistz256_mul_mont # p256_mul_mont(S2, S2, in2_y); + + addi $bp,$sp,$S1 + ld $bi,$Z2sqr($sp) # forward load for p256_mul_mont + ld $a0,0($ap_real) + ld $a1,8($ap_real) + ld $a2,16($ap_real) + ld $a3,24($ap_real) + addi $rp,$sp,$R + bl __ecp_nistz256_sub_from # p256_sub(R, S2, S1); + + or $acc0,$acc0,$acc1 # see if result is zero + or $acc2,$acc2,$acc3 + or $temp,$acc0,$acc2 + + addi $bp,$sp,$Z2sqr + addi $rp,$sp,$U1 + bl __ecp_nistz256_mul_mont # p256_mul_mont(U1, in1_x, Z2sqr); + + ld $bi,$Z1sqr($sp) + ld $a0,0($bp_real) + ld $a1,8($bp_real) + ld $a2,16($bp_real) + ld $a3,24($bp_real) + addi $bp,$sp,$Z1sqr + addi $rp,$sp,$U2 + bl __ecp_nistz256_mul_mont # p256_mul_mont(U2, in2_x, Z1sqr); + + addi $bp,$sp,$U1 + ld $a0,$R+0($sp) # forward load for p256_sqr_mont + ld $a1,$R+8($sp) + ld $a2,$R+16($sp) + ld $a3,$R+24($sp) + addi $rp,$sp,$H + bl __ecp_nistz256_sub_from # p256_sub(H, U2, U1); + + or $acc0,$acc0,$acc1 # see if result is zero + or $acc2,$acc2,$acc3 + or. $acc0,$acc0,$acc2 + bne .Ladd_proceed # is_equal(U1,U2)? + + and. $t0,$in1infty,$in2infty + beq .Ladd_proceed # (in1infty || in2infty)? + + cmpldi $temp,0 + beq .Ladd_double # is_equal(S1,S2)? + + xor $a0,$a0,$a0 + std $a0,0($rp_real) + std $a0,8($rp_real) + std $a0,16($rp_real) + std $a0,24($rp_real) + std $a0,32($rp_real) + std $a0,40($rp_real) + std $a0,48($rp_real) + std $a0,56($rp_real) + std $a0,64($rp_real) + std $a0,72($rp_real) + std $a0,80($rp_real) + std $a0,88($rp_real) + b .Ladd_done + +.align 4 +.Ladd_double: + ld $bp,0($sp) # back-link + mr $ap,$ap_real + mr $rp,$rp_real + ld r16,$FRAME-8*16($sp) + ld r17,$FRAME-8*15($sp) + ld r18,$FRAME-8*14($sp) + ld r19,$FRAME-8*13($sp) + stdu $bp,$FRAME-288($sp) # difference in stack frame sizes + b .Ldouble_shortcut + +.align 4 +.Ladd_proceed: + addi $rp,$sp,$Rsqr + bl __ecp_nistz256_sqr_mont # p256_sqr_mont(Rsqr, R); + + ld $bi,64($ap_real) + ld $a0,$H+0($sp) + ld $a1,$H+8($sp) + ld $a2,$H+16($sp) + ld $a3,$H+24($sp) + addi $bp,$ap_real,64 + addi $rp,$sp,$res_z + bl __ecp_nistz256_mul_mont # p256_mul_mont(res_z, H, in1_z); + + ld $a0,$H+0($sp) + ld $a1,$H+8($sp) + ld $a2,$H+16($sp) + ld $a3,$H+24($sp) + addi $rp,$sp,$Hsqr + bl __ecp_nistz256_sqr_mont # p256_sqr_mont(Hsqr, H); + + ld $bi,64($bp_real) + ld $a0,$res_z+0($sp) + ld $a1,$res_z+8($sp) + ld $a2,$res_z+16($sp) + ld $a3,$res_z+24($sp) + addi $bp,$bp_real,64 + addi $rp,$sp,$res_z + bl __ecp_nistz256_mul_mont # p256_mul_mont(res_z, res_z, in2_z); + + ld $bi,$H($sp) + ld $a0,$Hsqr+0($sp) + ld $a1,$Hsqr+8($sp) + ld $a2,$Hsqr+16($sp) + ld $a3,$Hsqr+24($sp) + addi $bp,$sp,$H + addi $rp,$sp,$Hcub + bl __ecp_nistz256_mul_mont # p256_mul_mont(Hcub, Hsqr, H); + + ld $bi,$Hsqr($sp) + ld $a0,$U1+0($sp) + ld $a1,$U1+8($sp) + ld $a2,$U1+16($sp) + ld $a3,$U1+24($sp) + addi $bp,$sp,$Hsqr + addi $rp,$sp,$U2 + bl __ecp_nistz256_mul_mont # p256_mul_mont(U2, U1, Hsqr); + + mr $t0,$acc0 + mr $t1,$acc1 + mr $t2,$acc2 + mr $t3,$acc3 + addi $rp,$sp,$Hsqr + bl __ecp_nistz256_add # p256_mul_by_2(Hsqr, U2); + + addi $bp,$sp,$Rsqr + addi $rp,$sp,$res_x + bl __ecp_nistz256_sub_morf # p256_sub(res_x, Rsqr, Hsqr); + + addi $bp,$sp,$Hcub + bl __ecp_nistz256_sub_from # p256_sub(res_x, res_x, Hcub); + + addi $bp,$sp,$U2 + ld $bi,$Hcub($sp) # forward load for p256_mul_mont + ld $a0,$S1+0($sp) + ld $a1,$S1+8($sp) + ld $a2,$S1+16($sp) + ld $a3,$S1+24($sp) + addi $rp,$sp,$res_y + bl __ecp_nistz256_sub_morf # p256_sub(res_y, U2, res_x); + + addi $bp,$sp,$Hcub + addi $rp,$sp,$S2 + bl __ecp_nistz256_mul_mont # p256_mul_mont(S2, S1, Hcub); + + ld $bi,$R($sp) + ld $a0,$res_y+0($sp) + ld $a1,$res_y+8($sp) + ld $a2,$res_y+16($sp) + ld $a3,$res_y+24($sp) + addi $bp,$sp,$R + addi $rp,$sp,$res_y + bl __ecp_nistz256_mul_mont # p256_mul_mont(res_y, res_y, R); + + addi $bp,$sp,$S2 + bl __ecp_nistz256_sub_from # p256_sub(res_y, res_y, S2); + + ld $t0,0($bp_real) # in2 + ld $t1,8($bp_real) + ld $t2,16($bp_real) + ld $t3,24($bp_real) + ld $a0,$res_x+0($sp) # res + ld $a1,$res_x+8($sp) + ld $a2,$res_x+16($sp) + ld $a3,$res_x+24($sp) +___ +for($i=0;$i<64;$i+=32) { # conditional moves +$code.=<<___; + ld $acc0,$i+0($ap_real) # in1 + ld $acc1,$i+8($ap_real) + ld $acc2,$i+16($ap_real) + ld $acc3,$i+24($ap_real) + andc $t0,$t0,$in1infty + andc $t1,$t1,$in1infty + andc $t2,$t2,$in1infty + andc $t3,$t3,$in1infty + and $a0,$a0,$in1infty + and $a1,$a1,$in1infty + and $a2,$a2,$in1infty + and $a3,$a3,$in1infty + or $t0,$t0,$a0 + or $t1,$t1,$a1 + or $t2,$t2,$a2 + or $t3,$t3,$a3 + andc $acc0,$acc0,$in2infty + andc $acc1,$acc1,$in2infty + andc $acc2,$acc2,$in2infty + andc $acc3,$acc3,$in2infty + and $t0,$t0,$in2infty + and $t1,$t1,$in2infty + and $t2,$t2,$in2infty + and $t3,$t3,$in2infty + or $acc0,$acc0,$t0 + or $acc1,$acc1,$t1 + or $acc2,$acc2,$t2 + or $acc3,$acc3,$t3 + + ld $t0,$i+32($bp_real) # in2 + ld $t1,$i+40($bp_real) + ld $t2,$i+48($bp_real) + ld $t3,$i+56($bp_real) + ld $a0,$res_x+$i+32($sp) + ld $a1,$res_x+$i+40($sp) + ld $a2,$res_x+$i+48($sp) + ld $a3,$res_x+$i+56($sp) + std $acc0,$i+0($rp_real) + std $acc1,$i+8($rp_real) + std $acc2,$i+16($rp_real) + std $acc3,$i+24($rp_real) +___ +} +$code.=<<___; + ld $acc0,$i+0($ap_real) # in1 + ld $acc1,$i+8($ap_real) + ld $acc2,$i+16($ap_real) + ld $acc3,$i+24($ap_real) + andc $t0,$t0,$in1infty + andc $t1,$t1,$in1infty + andc $t2,$t2,$in1infty + andc $t3,$t3,$in1infty + and $a0,$a0,$in1infty + and $a1,$a1,$in1infty + and $a2,$a2,$in1infty + and $a3,$a3,$in1infty + or $t0,$t0,$a0 + or $t1,$t1,$a1 + or $t2,$t2,$a2 + or $t3,$t3,$a3 + andc $acc0,$acc0,$in2infty + andc $acc1,$acc1,$in2infty + andc $acc2,$acc2,$in2infty + andc $acc3,$acc3,$in2infty + and $t0,$t0,$in2infty + and $t1,$t1,$in2infty + and $t2,$t2,$in2infty + and $t3,$t3,$in2infty + or $acc0,$acc0,$t0 + or $acc1,$acc1,$t1 + or $acc2,$acc2,$t2 + or $acc3,$acc3,$t3 + std $acc0,$i+0($rp_real) + std $acc1,$i+8($rp_real) + std $acc2,$i+16($rp_real) + std $acc3,$i+24($rp_real) + +.Ladd_done: + mtlr r0 + ld r16,$FRAME-8*16($sp) + ld r17,$FRAME-8*15($sp) + ld r18,$FRAME-8*14($sp) + ld r19,$FRAME-8*13($sp) + ld r20,$FRAME-8*12($sp) + ld r21,$FRAME-8*11($sp) + ld r22,$FRAME-8*10($sp) + ld r23,$FRAME-8*9($sp) + ld r24,$FRAME-8*8($sp) + ld r25,$FRAME-8*7($sp) + ld r26,$FRAME-8*6($sp) + ld r27,$FRAME-8*5($sp) + ld r28,$FRAME-8*4($sp) + ld r29,$FRAME-8*3($sp) + ld r30,$FRAME-8*2($sp) + ld r31,$FRAME-8*1($sp) + addi $sp,$sp,$FRAME + blr + .long 0 + .byte 0,12,4,0,0x80,16,3,0 + .long 0 +.size ecp_nistz256_point_add,.-ecp_nistz256_point_add +___ +} + +######################################################################## +# void ecp_nistz256_point_add_affine(P256_POINT *out,const P256_POINT *in1, +# const P256_POINT_AFFINE *in2); +if (1) { +my $FRAME = 64 + 32*10 + 16*8; +my ($res_x,$res_y,$res_z, + $U2,$S2,$H,$R,$Hsqr,$Hcub,$Rsqr)=map(64+32*$_,(0..9)); +my $Z1sqr = $S2; +# above map() describes stack layout with 10 temporary +# 256-bit vectors on top. +my ($rp_real,$ap_real,$bp_real,$in1infty,$in2infty,$temp)=map("r$_",(16..21)); + +$code.=<<___; +.globl ecp_nistz256_point_add_affine +.align 5 +ecp_nistz256_point_add_affine: + stdu $sp,-$FRAME($sp) + mflr r0 + std r16,$FRAME-8*16($sp) + std r17,$FRAME-8*15($sp) + std r18,$FRAME-8*14($sp) + std r19,$FRAME-8*13($sp) + std r20,$FRAME-8*12($sp) + std r21,$FRAME-8*11($sp) + std r22,$FRAME-8*10($sp) + std r23,$FRAME-8*9($sp) + std r24,$FRAME-8*8($sp) + std r25,$FRAME-8*7($sp) + std r26,$FRAME-8*6($sp) + std r27,$FRAME-8*5($sp) + std r28,$FRAME-8*4($sp) + std r29,$FRAME-8*3($sp) + std r30,$FRAME-8*2($sp) + std r31,$FRAME-8*1($sp) + + li $poly1,-1 + srdi $poly1,$poly1,32 # 0x00000000ffffffff + li $poly3,1 + orc $poly3,$poly3,$poly1 # 0xffffffff00000001 + + mr $rp_real,$rp + mr $ap_real,$ap + mr $bp_real,$bp + + ld $a0,64($ap) # in1_z + ld $a1,72($ap) + ld $a2,80($ap) + ld $a3,88($ap) + or $t0,$a0,$a1 + or $t2,$a2,$a3 + or $in1infty,$t0,$t2 + neg $t0,$in1infty + or $in1infty,$in1infty,$t0 + sradi $in1infty,$in1infty,63 # !in1infty + + ld $acc0,0($bp) # in2_x + ld $acc1,8($bp) + ld $acc2,16($bp) + ld $acc3,24($bp) + ld $t0,32($bp) # in2_y + ld $t1,40($bp) + ld $t2,48($bp) + ld $t3,56($bp) + or $acc0,$acc0,$acc1 + or $acc2,$acc2,$acc3 + or $acc0,$acc0,$acc2 + or $t0,$t0,$t1 + or $t2,$t2,$t3 + or $t0,$t0,$t2 + or $in2infty,$acc0,$t0 + neg $t0,$in2infty + or $in2infty,$in2infty,$t0 + sradi $in2infty,$in2infty,63 # !in2infty + + addi $rp,$sp,$Z1sqr + bl __ecp_nistz256_sqr_mont # p256_sqr_mont(Z1sqr, in1_z); + + mr $a0,$acc0 + mr $a1,$acc1 + mr $a2,$acc2 + mr $a3,$acc3 + ld $bi,0($bp_real) + addi $bp,$bp_real,0 + addi $rp,$sp,$U2 + bl __ecp_nistz256_mul_mont # p256_mul_mont(U2, Z1sqr, in2_x); + + addi $bp,$ap_real,0 + ld $bi,64($ap_real) # forward load for p256_mul_mont + ld $a0,$Z1sqr+0($sp) + ld $a1,$Z1sqr+8($sp) + ld $a2,$Z1sqr+16($sp) + ld $a3,$Z1sqr+24($sp) + addi $rp,$sp,$H + bl __ecp_nistz256_sub_from # p256_sub(H, U2, in1_x); + + addi $bp,$ap_real,64 + addi $rp,$sp,$S2 + bl __ecp_nistz256_mul_mont # p256_mul_mont(S2, Z1sqr, in1_z); + + ld $bi,64($ap_real) + ld $a0,$H+0($sp) + ld $a1,$H+8($sp) + ld $a2,$H+16($sp) + ld $a3,$H+24($sp) + addi $bp,$ap_real,64 + addi $rp,$sp,$res_z + bl __ecp_nistz256_mul_mont # p256_mul_mont(res_z, H, in1_z); + + ld $bi,32($bp_real) + ld $a0,$S2+0($sp) + ld $a1,$S2+8($sp) + ld $a2,$S2+16($sp) + ld $a3,$S2+24($sp) + addi $bp,$bp_real,32 + addi $rp,$sp,$S2 + bl __ecp_nistz256_mul_mont # p256_mul_mont(S2, S2, in2_y); + + addi $bp,$ap_real,32 + ld $a0,$H+0($sp) # forward load for p256_sqr_mont + ld $a1,$H+8($sp) + ld $a2,$H+16($sp) + ld $a3,$H+24($sp) + addi $rp,$sp,$R + bl __ecp_nistz256_sub_from # p256_sub(R, S2, in1_y); + + addi $rp,$sp,$Hsqr + bl __ecp_nistz256_sqr_mont # p256_sqr_mont(Hsqr, H); + + ld $a0,$R+0($sp) + ld $a1,$R+8($sp) + ld $a2,$R+16($sp) + ld $a3,$R+24($sp) + addi $rp,$sp,$Rsqr + bl __ecp_nistz256_sqr_mont # p256_sqr_mont(Rsqr, R); + + ld $bi,$H($sp) + ld $a0,$Hsqr+0($sp) + ld $a1,$Hsqr+8($sp) + ld $a2,$Hsqr+16($sp) + ld $a3,$Hsqr+24($sp) + addi $bp,$sp,$H + addi $rp,$sp,$Hcub + bl __ecp_nistz256_mul_mont # p256_mul_mont(Hcub, Hsqr, H); + + ld $bi,0($ap_real) + ld $a0,$Hsqr+0($sp) + ld $a1,$Hsqr+8($sp) + ld $a2,$Hsqr+16($sp) + ld $a3,$Hsqr+24($sp) + addi $bp,$ap_real,0 + addi $rp,$sp,$U2 + bl __ecp_nistz256_mul_mont # p256_mul_mont(U2, in1_x, Hsqr); + + mr $t0,$acc0 + mr $t1,$acc1 + mr $t2,$acc2 + mr $t3,$acc3 + addi $rp,$sp,$Hsqr + bl __ecp_nistz256_add # p256_mul_by_2(Hsqr, U2); + + addi $bp,$sp,$Rsqr + addi $rp,$sp,$res_x + bl __ecp_nistz256_sub_morf # p256_sub(res_x, Rsqr, Hsqr); + + addi $bp,$sp,$Hcub + bl __ecp_nistz256_sub_from # p256_sub(res_x, res_x, Hcub); + + addi $bp,$sp,$U2 + ld $bi,32($ap_real) # forward load for p256_mul_mont + ld $a0,$Hcub+0($sp) + ld $a1,$Hcub+8($sp) + ld $a2,$Hcub+16($sp) + ld $a3,$Hcub+24($sp) + addi $rp,$sp,$res_y + bl __ecp_nistz256_sub_morf # p256_sub(res_y, U2, res_x); + + addi $bp,$ap_real,32 + addi $rp,$sp,$S2 + bl __ecp_nistz256_mul_mont # p256_mul_mont(S2, in1_y, Hcub); + + ld $bi,$R($sp) + ld $a0,$res_y+0($sp) + ld $a1,$res_y+8($sp) + ld $a2,$res_y+16($sp) + ld $a3,$res_y+24($sp) + addi $bp,$sp,$R + addi $rp,$sp,$res_y + bl __ecp_nistz256_mul_mont # p256_mul_mont(res_y, res_y, R); + + addi $bp,$sp,$S2 + bl __ecp_nistz256_sub_from # p256_sub(res_y, res_y, S2); + + ld $t0,0($bp_real) # in2 + ld $t1,8($bp_real) + ld $t2,16($bp_real) + ld $t3,24($bp_real) + ld $a0,$res_x+0($sp) # res + ld $a1,$res_x+8($sp) + ld $a2,$res_x+16($sp) + ld $a3,$res_x+24($sp) +___ +for($i=0;$i<64;$i+=32) { # conditional moves +$code.=<<___; + ld $acc0,$i+0($ap_real) # in1 + ld $acc1,$i+8($ap_real) + ld $acc2,$i+16($ap_real) + ld $acc3,$i+24($ap_real) + andc $t0,$t0,$in1infty + andc $t1,$t1,$in1infty + andc $t2,$t2,$in1infty + andc $t3,$t3,$in1infty + and $a0,$a0,$in1infty + and $a1,$a1,$in1infty + and $a2,$a2,$in1infty + and $a3,$a3,$in1infty + or $t0,$t0,$a0 + or $t1,$t1,$a1 + or $t2,$t2,$a2 + or $t3,$t3,$a3 + andc $acc0,$acc0,$in2infty + andc $acc1,$acc1,$in2infty + andc $acc2,$acc2,$in2infty + andc $acc3,$acc3,$in2infty + and $t0,$t0,$in2infty + and $t1,$t1,$in2infty + and $t2,$t2,$in2infty + and $t3,$t3,$in2infty + or $acc0,$acc0,$t0 + or $acc1,$acc1,$t1 + or $acc2,$acc2,$t2 + or $acc3,$acc3,$t3 +___ +$code.=<<___ if ($i==0); + ld $t0,32($bp_real) # in2 + ld $t1,40($bp_real) + ld $t2,48($bp_real) + ld $t3,56($bp_real) +___ +$code.=<<___ if ($i==32); + li $t0,1 # Lone_mont + not $t1,$poly1 + li $t2,-1 + not $t3,$poly3 +___ +$code.=<<___; + ld $a0,$res_x+$i+32($sp) + ld $a1,$res_x+$i+40($sp) + ld $a2,$res_x+$i+48($sp) + ld $a3,$res_x+$i+56($sp) + std $acc0,$i+0($rp_real) + std $acc1,$i+8($rp_real) + std $acc2,$i+16($rp_real) + std $acc3,$i+24($rp_real) +___ +} +$code.=<<___; + ld $acc0,$i+0($ap_real) # in1 + ld $acc1,$i+8($ap_real) + ld $acc2,$i+16($ap_real) + ld $acc3,$i+24($ap_real) + andc $t0,$t0,$in1infty + andc $t1,$t1,$in1infty + andc $t2,$t2,$in1infty + andc $t3,$t3,$in1infty + and $a0,$a0,$in1infty + and $a1,$a1,$in1infty + and $a2,$a2,$in1infty + and $a3,$a3,$in1infty + or $t0,$t0,$a0 + or $t1,$t1,$a1 + or $t2,$t2,$a2 + or $t3,$t3,$a3 + andc $acc0,$acc0,$in2infty + andc $acc1,$acc1,$in2infty + andc $acc2,$acc2,$in2infty + andc $acc3,$acc3,$in2infty + and $t0,$t0,$in2infty + and $t1,$t1,$in2infty + and $t2,$t2,$in2infty + and $t3,$t3,$in2infty + or $acc0,$acc0,$t0 + or $acc1,$acc1,$t1 + or $acc2,$acc2,$t2 + or $acc3,$acc3,$t3 + std $acc0,$i+0($rp_real) + std $acc1,$i+8($rp_real) + std $acc2,$i+16($rp_real) + std $acc3,$i+24($rp_real) + + mtlr r0 + ld r16,$FRAME-8*16($sp) + ld r17,$FRAME-8*15($sp) + ld r18,$FRAME-8*14($sp) + ld r19,$FRAME-8*13($sp) + ld r20,$FRAME-8*12($sp) + ld r21,$FRAME-8*11($sp) + ld r22,$FRAME-8*10($sp) + ld r23,$FRAME-8*9($sp) + ld r24,$FRAME-8*8($sp) + ld r25,$FRAME-8*7($sp) + ld r26,$FRAME-8*6($sp) + ld r27,$FRAME-8*5($sp) + ld r28,$FRAME-8*4($sp) + ld r29,$FRAME-8*3($sp) + ld r30,$FRAME-8*2($sp) + ld r31,$FRAME-8*1($sp) + addi $sp,$sp,$FRAME + blr + .long 0 + .byte 0,12,4,0,0x80,16,3,0 + .long 0 +.size ecp_nistz256_point_add_affine,.-ecp_nistz256_point_add_affine +___ +} +if (1) { +my ($ordk,$ord0,$ord1,$t4) = map("r$_",(18..21)); +my ($ord2,$ord3,$zr) = ($poly1,$poly3,"r0"); + +$code.=<<___; +######################################################################## +# void ecp_nistz256_ord_mul_mont(uint64_t res[4], uint64_t a[4], +# uint64_t b[4]); +.globl ecp_nistz256_ord_mul_mont +.align 5 +ecp_nistz256_ord_mul_mont: + stdu $sp,-160($sp) + std r18,48($sp) + std r19,56($sp) + std r20,64($sp) + std r21,72($sp) + std r22,80($sp) + std r23,88($sp) + std r24,96($sp) + std r25,104($sp) + std r26,112($sp) + std r27,120($sp) + std r28,128($sp) + std r29,136($sp) + std r30,144($sp) + std r31,152($sp) + + ld $a0,0($ap) + ld $bi,0($bp) + ld $a1,8($ap) + ld $a2,16($ap) + ld $a3,24($ap) + + lis $ordk,0xccd1 + lis $ord0,0xf3b9 + lis $ord1,0xbce6 + ori $ordk,$ordk,0xc8aa + ori $ord0,$ord0,0xcac2 + ori $ord1,$ord1,0xfaad + sldi $ordk,$ordk,32 + sldi $ord0,$ord0,32 + sldi $ord1,$ord1,32 + oris $ordk,$ordk,0xee00 + oris $ord0,$ord0,0xfc63 + oris $ord1,$ord1,0xa717 + ori $ordk,$ordk,0xbc4f # 0xccd1c8aaee00bc4f + ori $ord0,$ord0,0x2551 # 0xf3b9cac2fc632551 + ori $ord1,$ord1,0x9e84 # 0xbce6faada7179e84 + li $ord2,-1 # 0xffffffffffffffff + sldi $ord3,$ord2,32 # 0xffffffff00000000 + li $zr,0 + + mulld $acc0,$a0,$bi # a[0]*b[0] + mulhdu $t0,$a0,$bi + + mulld $acc1,$a1,$bi # a[1]*b[0] + mulhdu $t1,$a1,$bi + + mulld $acc2,$a2,$bi # a[2]*b[0] + mulhdu $t2,$a2,$bi + + mulld $acc3,$a3,$bi # a[3]*b[0] + mulhdu $acc4,$a3,$bi + + mulld $t4,$acc0,$ordk + + addc $acc1,$acc1,$t0 # accumulate high parts of multiplication + adde $acc2,$acc2,$t1 + adde $acc3,$acc3,$t2 + addze $acc4,$acc4 + li $acc5,0 +___ +for ($i=1;$i<4;$i++) { + ################################################################ + # ffff0000.ffffffff.yyyyyyyy.zzzzzzzz + # * abcdefgh + # + xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx + # + # Now observing that ff..ff*x = (2^n-1)*x = 2^n*x-x, we + # rewrite above as: + # + # xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx + # - 0000abcd.efgh0000.abcdefgh.00000000.00000000 + # + abcdefgh.abcdefgh.yzayzbyz.cyzdyzey.zfyzgyzh +$code.=<<___; + ld $bi,8*$i($bp) # b[i] + + sldi $t0,$t4,32 + subfc $acc2,$t4,$acc2 + srdi $t1,$t4,32 + subfe $acc3,$t0,$acc3 + subfe $acc4,$t1,$acc4 + subfe $acc5,$zr,$acc5 + + addic $t0,$acc0,-1 # discarded + mulhdu $t1,$ord0,$t4 + mulld $t2,$ord1,$t4 + mulhdu $t3,$ord1,$t4 + + adde $t2,$t2,$t1 + mulld $t0,$a0,$bi + addze $t3,$t3 + mulld $t1,$a1,$bi + + addc $acc0,$acc1,$t2 + mulld $t2,$a2,$bi + adde $acc1,$acc2,$t3 + mulld $t3,$a3,$bi + adde $acc2,$acc3,$t4 + adde $acc3,$acc4,$t4 + addze $acc4,$acc5 + + addc $acc0,$acc0,$t0 # accumulate low parts + mulhdu $t0,$a0,$bi + adde $acc1,$acc1,$t1 + mulhdu $t1,$a1,$bi + adde $acc2,$acc2,$t2 + mulhdu $t2,$a2,$bi + adde $acc3,$acc3,$t3 + mulhdu $t3,$a3,$bi + addze $acc4,$acc4 + mulld $t4,$acc0,$ordk + addc $acc1,$acc1,$t0 # accumulate high parts + adde $acc2,$acc2,$t1 + adde $acc3,$acc3,$t2 + adde $acc4,$acc4,$t3 + addze $acc5,$zr +___ +} +$code.=<<___; + sldi $t0,$t4,32 # last reduction + subfc $acc2,$t4,$acc2 + srdi $t1,$t4,32 + subfe $acc3,$t0,$acc3 + subfe $acc4,$t1,$acc4 + subfe $acc5,$zr,$acc5 + + addic $t0,$acc0,-1 # discarded + mulhdu $t1,$ord0,$t4 + mulld $t2,$ord1,$t4 + mulhdu $t3,$ord1,$t4 + + adde $t2,$t2,$t1 + addze $t3,$t3 + + addc $acc0,$acc1,$t2 + adde $acc1,$acc2,$t3 + adde $acc2,$acc3,$t4 + adde $acc3,$acc4,$t4 + addze $acc4,$acc5 + + subfc $acc0,$ord0,$acc0 # ret -= modulus + subfe $acc1,$ord1,$acc1 + subfe $acc2,$ord2,$acc2 + subfe $acc3,$ord3,$acc3 + subfe $acc4,$zr,$acc4 + + and $t0,$ord0,$acc4 + and $t1,$ord1,$acc4 + addc $acc0,$acc0,$t0 # ret += modulus if borrow + and $t3,$ord3,$acc4 + adde $acc1,$acc1,$t1 + adde $acc2,$acc2,$acc4 + adde $acc3,$acc3,$t3 + + std $acc0,0($rp) + std $acc1,8($rp) + std $acc2,16($rp) + std $acc3,24($rp) + + ld r18,48($sp) + ld r19,56($sp) + ld r20,64($sp) + ld r21,72($sp) + ld r22,80($sp) + ld r23,88($sp) + ld r24,96($sp) + ld r25,104($sp) + ld r26,112($sp) + ld r27,120($sp) + ld r28,128($sp) + ld r29,136($sp) + ld r30,144($sp) + ld r31,152($sp) + addi $sp,$sp,160 + blr + .long 0 + .byte 0,12,4,0,0x80,14,3,0 + .long 0 +.size ecp_nistz256_ord_mul_mont,.-ecp_nistz256_ord_mul_mont + +################################################################################ +# void ecp_nistz256_ord_sqr_mont(uint64_t res[4], uint64_t a[4], +# int rep); +.globl ecp_nistz256_ord_sqr_mont +.align 5 +ecp_nistz256_ord_sqr_mont: + stdu $sp,-160($sp) + std r18,48($sp) + std r19,56($sp) + std r20,64($sp) + std r21,72($sp) + std r22,80($sp) + std r23,88($sp) + std r24,96($sp) + std r25,104($sp) + std r26,112($sp) + std r27,120($sp) + std r28,128($sp) + std r29,136($sp) + std r30,144($sp) + std r31,152($sp) + + mtctr $bp + + ld $a0,0($ap) + ld $a1,8($ap) + ld $a2,16($ap) + ld $a3,24($ap) + + lis $ordk,0xccd1 + lis $ord0,0xf3b9 + lis $ord1,0xbce6 + ori $ordk,$ordk,0xc8aa + ori $ord0,$ord0,0xcac2 + ori $ord1,$ord1,0xfaad + sldi $ordk,$ordk,32 + sldi $ord0,$ord0,32 + sldi $ord1,$ord1,32 + oris $ordk,$ordk,0xee00 + oris $ord0,$ord0,0xfc63 + oris $ord1,$ord1,0xa717 + ori $ordk,$ordk,0xbc4f # 0xccd1c8aaee00bc4f + ori $ord0,$ord0,0x2551 # 0xf3b9cac2fc632551 + ori $ord1,$ord1,0x9e84 # 0xbce6faada7179e84 + li $ord2,-1 # 0xffffffffffffffff + sldi $ord3,$ord2,32 # 0xffffffff00000000 + li $zr,0 + b .Loop_ord_sqr + +.align 5 +.Loop_ord_sqr: + ################################################################ + # | | | | | |a1*a0| | + # | | | | |a2*a0| | | + # | |a3*a2|a3*a0| | | | + # | | | |a2*a1| | | | + # | | |a3*a1| | | | | + # *| | | | | | | | 2| + # +|a3*a3|a2*a2|a1*a1|a0*a0| + # |--+--+--+--+--+--+--+--| + # |A7|A6|A5|A4|A3|A2|A1|A0|, where Ax is $accx, i.e. follow $accx + # + # "can't overflow" below mark carrying into high part of + # multiplication result, which can't overflow, because it + # can never be all ones. + + mulld $acc1,$a1,$a0 # a[1]*a[0] + mulhdu $t1,$a1,$a0 + mulld $acc2,$a2,$a0 # a[2]*a[0] + mulhdu $t2,$a2,$a0 + mulld $acc3,$a3,$a0 # a[3]*a[0] + mulhdu $acc4,$a3,$a0 + + addc $acc2,$acc2,$t1 # accumulate high parts of multiplication + mulld $t0,$a2,$a1 # a[2]*a[1] + mulhdu $t1,$a2,$a1 + adde $acc3,$acc3,$t2 + mulld $t2,$a3,$a1 # a[3]*a[1] + mulhdu $t3,$a3,$a1 + addze $acc4,$acc4 # can't overflow + + mulld $acc5,$a3,$a2 # a[3]*a[2] + mulhdu $acc6,$a3,$a2 + + addc $t1,$t1,$t2 # accumulate high parts of multiplication + mulld $acc0,$a0,$a0 # a[0]*a[0] + addze $t2,$t3 # can't overflow + + addc $acc3,$acc3,$t0 # accumulate low parts of multiplication + mulhdu $a0,$a0,$a0 + adde $acc4,$acc4,$t1 + mulld $t1,$a1,$a1 # a[1]*a[1] + adde $acc5,$acc5,$t2 + mulhdu $a1,$a1,$a1 + addze $acc6,$acc6 # can't overflow + + addc $acc1,$acc1,$acc1 # acc[1-6]*=2 + mulld $t2,$a2,$a2 # a[2]*a[2] + adde $acc2,$acc2,$acc2 + mulhdu $a2,$a2,$a2 + adde $acc3,$acc3,$acc3 + mulld $t3,$a3,$a3 # a[3]*a[3] + adde $acc4,$acc4,$acc4 + mulhdu $a3,$a3,$a3 + adde $acc5,$acc5,$acc5 + adde $acc6,$acc6,$acc6 + addze $acc7,$zr + + addc $acc1,$acc1,$a0 # +a[i]*a[i] + mulld $t4,$acc0,$ordk + adde $acc2,$acc2,$t1 + adde $acc3,$acc3,$a1 + adde $acc4,$acc4,$t2 + adde $acc5,$acc5,$a2 + adde $acc6,$acc6,$t3 + adde $acc7,$acc7,$a3 +___ +for($i=0; $i<4; $i++) { # reductions +$code.=<<___; + addic $t0,$acc0,-1 # discarded + mulhdu $t1,$ord0,$t4 + mulld $t2,$ord1,$t4 + mulhdu $t3,$ord1,$t4 + + adde $t2,$t2,$t1 + addze $t3,$t3 + + addc $acc0,$acc1,$t2 + adde $acc1,$acc2,$t3 + adde $acc2,$acc3,$t4 + adde $acc3,$zr,$t4 # can't overflow +___ +$code.=<<___ if ($i<3); + mulld $t3,$acc0,$ordk +___ +$code.=<<___; + sldi $t0,$t4,32 + subfc $acc1,$t4,$acc1 + srdi $t1,$t4,32 + subfe $acc2,$t0,$acc2 + subfe $acc3,$t1,$acc3 # can't borrow +___ + ($t3,$t4) = ($t4,$t3); +} +$code.=<<___; + addc $acc0,$acc0,$acc4 # accumulate upper half + adde $acc1,$acc1,$acc5 + adde $acc2,$acc2,$acc6 + adde $acc3,$acc3,$acc7 + addze $acc4,$zr + + subfc $acc0,$ord0,$acc0 # ret -= modulus + subfe $acc1,$ord1,$acc1 + subfe $acc2,$ord2,$acc2 + subfe $acc3,$ord3,$acc3 + subfe $acc4,$zr,$acc4 + + and $t0,$ord0,$acc4 + and $t1,$ord1,$acc4 + addc $a0,$acc0,$t0 # ret += modulus if borrow + and $t3,$ord3,$acc4 + adde $a1,$acc1,$t1 + adde $a2,$acc2,$acc4 + adde $a3,$acc3,$t3 + + bdnz .Loop_ord_sqr + + std $a0,0($rp) + std $a1,8($rp) + std $a2,16($rp) + std $a3,24($rp) + + ld r18,48($sp) + ld r19,56($sp) + ld r20,64($sp) + ld r21,72($sp) + ld r22,80($sp) + ld r23,88($sp) + ld r24,96($sp) + ld r25,104($sp) + ld r26,112($sp) + ld r27,120($sp) + ld r28,128($sp) + ld r29,136($sp) + ld r30,144($sp) + ld r31,152($sp) + addi $sp,$sp,160 + blr + .long 0 + .byte 0,12,4,0,0x80,14,3,0 + .long 0 +.size ecp_nistz256_ord_sqr_mont,.-ecp_nistz256_ord_sqr_mont +___ +} } + +######################################################################## +# scatter-gather subroutines +{ +my ($out,$inp,$index,$mask)=map("r$_",(3..7)); +$code.=<<___; +######################################################################## +# void ecp_nistz256_scatter_w5(void *out, const P256_POINT *inp, +# int index); +.globl ecp_nistz256_scatter_w5 +.align 4 +ecp_nistz256_scatter_w5: + slwi $index,$index,2 + add $out,$out,$index + + ld r8, 0($inp) # X + ld r9, 8($inp) + ld r10,16($inp) + ld r11,24($inp) + + stw r8, 64*0-4($out) + srdi r8, r8, 32 + stw r9, 64*1-4($out) + srdi r9, r9, 32 + stw r10,64*2-4($out) + srdi r10,r10,32 + stw r11,64*3-4($out) + srdi r11,r11,32 + stw r8, 64*4-4($out) + stw r9, 64*5-4($out) + stw r10,64*6-4($out) + stw r11,64*7-4($out) + addi $out,$out,64*8 + + ld r8, 32($inp) # Y + ld r9, 40($inp) + ld r10,48($inp) + ld r11,56($inp) + + stw r8, 64*0-4($out) + srdi r8, r8, 32 + stw r9, 64*1-4($out) + srdi r9, r9, 32 + stw r10,64*2-4($out) + srdi r10,r10,32 + stw r11,64*3-4($out) + srdi r11,r11,32 + stw r8, 64*4-4($out) + stw r9, 64*5-4($out) + stw r10,64*6-4($out) + stw r11,64*7-4($out) + addi $out,$out,64*8 + + ld r8, 64($inp) # Z + ld r9, 72($inp) + ld r10,80($inp) + ld r11,88($inp) + + stw r8, 64*0-4($out) + srdi r8, r8, 32 + stw r9, 64*1-4($out) + srdi r9, r9, 32 + stw r10,64*2-4($out) + srdi r10,r10,32 + stw r11,64*3-4($out) + srdi r11,r11,32 + stw r8, 64*4-4($out) + stw r9, 64*5-4($out) + stw r10,64*6-4($out) + stw r11,64*7-4($out) + + blr + .long 0 + .byte 0,12,0x14,0,0,0,3,0 + .long 0 +.size ecp_nistz256_scatter_w5,.-ecp_nistz256_scatter_w5 + +######################################################################## +# void ecp_nistz256_gather_w5(P256_POINT *out, const void *inp, +# int index); +.globl ecp_nistz256_gather_w5 +.align 4 +ecp_nistz256_gather_w5: + neg r0,$index + sradi r0,r0,63 + + add $index,$index,r0 + slwi $index,$index,2 + add $inp,$inp,$index + + lwz r5, 64*0($inp) + lwz r6, 64*1($inp) + lwz r7, 64*2($inp) + lwz r8, 64*3($inp) + lwz r9, 64*4($inp) + lwz r10,64*5($inp) + lwz r11,64*6($inp) + lwz r12,64*7($inp) + addi $inp,$inp,64*8 + sldi r9, r9, 32 + sldi r10,r10,32 + sldi r11,r11,32 + sldi r12,r12,32 + or r5,r5,r9 + or r6,r6,r10 + or r7,r7,r11 + or r8,r8,r12 + and r5,r5,r0 + and r6,r6,r0 + and r7,r7,r0 + and r8,r8,r0 + std r5,0($out) # X + std r6,8($out) + std r7,16($out) + std r8,24($out) + + lwz r5, 64*0($inp) + lwz r6, 64*1($inp) + lwz r7, 64*2($inp) + lwz r8, 64*3($inp) + lwz r9, 64*4($inp) + lwz r10,64*5($inp) + lwz r11,64*6($inp) + lwz r12,64*7($inp) + addi $inp,$inp,64*8 + sldi r9, r9, 32 + sldi r10,r10,32 + sldi r11,r11,32 + sldi r12,r12,32 + or r5,r5,r9 + or r6,r6,r10 + or r7,r7,r11 + or r8,r8,r12 + and r5,r5,r0 + and r6,r6,r0 + and r7,r7,r0 + and r8,r8,r0 + std r5,32($out) # Y + std r6,40($out) + std r7,48($out) + std r8,56($out) + + lwz r5, 64*0($inp) + lwz r6, 64*1($inp) + lwz r7, 64*2($inp) + lwz r8, 64*3($inp) + lwz r9, 64*4($inp) + lwz r10,64*5($inp) + lwz r11,64*6($inp) + lwz r12,64*7($inp) + sldi r9, r9, 32 + sldi r10,r10,32 + sldi r11,r11,32 + sldi r12,r12,32 + or r5,r5,r9 + or r6,r6,r10 + or r7,r7,r11 + or r8,r8,r12 + and r5,r5,r0 + and r6,r6,r0 + and r7,r7,r0 + and r8,r8,r0 + std r5,64($out) # Z + std r6,72($out) + std r7,80($out) + std r8,88($out) + + blr + .long 0 + .byte 0,12,0x14,0,0,0,3,0 + .long 0 +.size ecp_nistz256_gather_w5,.-ecp_nistz256_gather_w5 + +######################################################################## +# void ecp_nistz256_scatter_w7(void *out, const P256_POINT_AFFINE *inp, +# int index); +.globl ecp_nistz256_scatter_w7 +.align 4 +ecp_nistz256_scatter_w7: + li r0,8 + mtctr r0 + add $out,$out,$index + subi $inp,$inp,8 + +.Loop_scatter_w7: + ldu r0,8($inp) + stb r0,64*0($out) + srdi r0,r0,8 + stb r0,64*1($out) + srdi r0,r0,8 + stb r0,64*2($out) + srdi r0,r0,8 + stb r0,64*3($out) + srdi r0,r0,8 + stb r0,64*4($out) + srdi r0,r0,8 + stb r0,64*5($out) + srdi r0,r0,8 + stb r0,64*6($out) + srdi r0,r0,8 + stb r0,64*7($out) + addi $out,$out,64*8 + bdnz .Loop_scatter_w7 + + blr + .long 0 + .byte 0,12,0x14,0,0,0,3,0 + .long 0 +.size ecp_nistz256_scatter_w7,.-ecp_nistz256_scatter_w7 + +######################################################################## +# void ecp_nistz256_gather_w7(P256_POINT_AFFINE *out, const void *inp, +# int index); +.globl ecp_nistz256_gather_w7 +.align 4 +ecp_nistz256_gather_w7: + li r0,8 + mtctr r0 + neg r0,$index + sradi r0,r0,63 + + add $index,$index,r0 + add $inp,$inp,$index + subi $out,$out,8 + +.Loop_gather_w7: + lbz r5, 64*0($inp) + lbz r6, 64*1($inp) + lbz r7, 64*2($inp) + lbz r8, 64*3($inp) + lbz r9, 64*4($inp) + lbz r10,64*5($inp) + lbz r11,64*6($inp) + lbz r12,64*7($inp) + addi $inp,$inp,64*8 + + sldi r6, r6, 8 + sldi r7, r7, 16 + sldi r8, r8, 24 + sldi r9, r9, 32 + sldi r10,r10,40 + sldi r11,r11,48 + sldi r12,r12,56 + + or r5,r5,r6 + or r7,r7,r8 + or r9,r9,r10 + or r11,r11,r12 + or r5,r5,r7 + or r9,r9,r11 + or r5,r5,r9 + and r5,r5,r0 + stdu r5,8($out) + bdnz .Loop_gather_w7 + + blr + .long 0 + .byte 0,12,0x14,0,0,0,3,0 + .long 0 +.size ecp_nistz256_gather_w7,.-ecp_nistz256_gather_w7 +___ +} + +foreach (split("\n",$code)) { + s/\`([^\`]*)\`/eval $1/ge; + + print $_,"\n"; +} +close STDOUT; # enforce flush diff --git a/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-sparcv9.pl b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-sparcv9.pl index 0c1af95b134b8f..0a4def6e2bf62d 100755 --- a/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-sparcv9.pl +++ b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-sparcv9.pl @@ -413,7 +413,7 @@ ! if a+b >= modulus, subtract modulus. ! ! But since comparison implies subtraction, we subtract - ! modulus and then add it back if subraction borrowed. + ! modulus and then add it back if subtraction borrowed. subcc @acc[0],-1,@acc[0] subccc @acc[1],-1,@acc[1] @@ -1592,7 +1592,7 @@ ######################################################################## # Following subroutines are VIS3 counterparts of those above that # implement ones found in ecp_nistz256.c. Key difference is that they -# use 128-bit muliplication and addition with 64-bit carry, and in order +# use 128-bit multiplication and addition with 64-bit carry, and in order # to do that they perform conversion from uin32_t[8] to uint64_t[4] upon # entry and vice versa on return. # @@ -1874,7 +1874,7 @@ ldx [$bp+8*($i+1)],$bi ! bp[$i+1] ___ $code.=<<___; - addcc $acc1,$t0,$acc1 ! accumulate high parts of multiplication + addcc $acc1,$t0,$acc1 ! accumulate high parts of multiplication sllx $acc0,32,$t0 addxccc $acc2,$t1,$acc2 srlx $acc0,32,$t1 @@ -1977,7 +1977,7 @@ srlx $acc0,32,$t1 addxccc $acc3,$t2,$acc2 ! +=acc[0]*0xFFFFFFFF00000001 sub $acc0,$t0,$t2 ! acc0*0xFFFFFFFF00000001, low part - addxc %g0,$t3,$acc3 ! cant't overflow + addxc %g0,$t3,$acc3 ! can't overflow ___ } $code.=<<___; diff --git a/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-x86.pl b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-x86.pl index b3bec23228f312..0c6fc665bf4612 100755 --- a/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-x86.pl +++ b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-x86.pl @@ -45,7 +45,7 @@ $output=pop; open STDOUT,">$output"; -&asm_init($ARGV[0],"ecp_nistz256-x86.pl",$ARGV[$#ARGV] eq "386"); +&asm_init($ARGV[0],$ARGV[$#ARGV] eq "386"); $sse2=0; for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } @@ -443,7 +443,7 @@ &mov (&DWP(20,"esp"),"eax"); &mov (&DWP(24,"esp"),"eax"); &mov (&DWP(28,"esp"),"eax"); - + &call ("_ecp_nistz256_sub"); &stack_pop(8); diff --git a/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl index 714e852a1826da..eba6ffd430bef6 100755 --- a/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl +++ b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl @@ -1,60 +1,44 @@ #! /usr/bin/env perl -# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright (c) 2014, Intel Corporation. All Rights Reserved. +# Copyright (c) 2015 CloudFlare, Inc. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy # in the file LICENSE in the source distribution or at # https://www.openssl.org/source/license.html - - -############################################################################## -# # -# Copyright 2014 Intel Corporation # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); # -# you may not use this file except in compliance with the License. # -# You may obtain a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -# # -############################################################################## -# # -# Developers and authors: # -# Shay Gueron (1, 2), and Vlad Krasnov (1) # -# (1) Intel Corporation, Israel Development Center # -# (2) University of Haifa # -# Reference: # -# S.Gueron and V.Krasnov, "Fast Prime Field Elliptic Curve Cryptography with# -# 256 Bit Primes" # -# # -############################################################################## +# +# Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1, 3) +# (1) Intel Corporation, Israel Development Center, Haifa, Israel +# (2) University of Haifa, Israel +# (3) CloudFlare, Inc. +# +# Reference: +# S.Gueron and V.Krasnov, "Fast Prime Field Elliptic Curve Cryptography with +# 256 Bit Primes" # Further optimization by : # # this/original with/without -DECP_NISTZ256_ASM(*) -# Opteron +12-49% +110-150% -# Bulldozer +14-45% +175-210% -# P4 +18-46% n/a :-( -# Westmere +12-34% +80-87% -# Sandy Bridge +9-35% +110-120% -# Ivy Bridge +9-35% +110-125% -# Haswell +8-37% +140-160% -# Broadwell +18-58% +145-210% -# Atom +15-50% +130-180% -# VIA Nano +43-160% +300-480% +# Opteron +15-49% +150-195% +# Bulldozer +18-45% +175-240% +# P4 +24-46% +100-150% +# Westmere +18-34% +87-160% +# Sandy Bridge +14-35% +120-185% +# Ivy Bridge +11-35% +125-180% +# Haswell +10-37% +160-200% +# Broadwell +24-58% +210-270% +# Atom +20-50% +180-240% +# VIA Nano +50-160% +480-480% # # (*) "without -DECP_NISTZ256_ASM" refers to build with # "enable-ec_nistp_64_gcc_128"; # # Ranges denote minimum and maximum improvement coefficients depending -# on benchmark. Lower coefficients are for ECDSA sign, relatively fastest -# server-side operation. Keep in mind that +100% means 2x improvement. +# on benchmark. In "this/original" column lower coefficient is for +# ECDSA sign, while in "with/without" - for ECDH key agreement, and +# higher - for ECDSA sign, relatively fastest server-side operation. +# Keep in mind that +100% means 2x improvement. $flavour = shift; $output = shift; @@ -115,6 +99,12 @@ .long 3,3,3,3,3,3,3,3 .LONE_mont: .quad 0x0000000000000001, 0xffffffff00000000, 0xffffffffffffffff, 0x00000000fffffffe + +# Constants for computations modulo ord(p256) +.Lord: +.quad 0xf3b9cac2fc632551, 0xbce6faada7179e84, 0xffffffffffffffff, 0xffffffff00000000 +.LordK: +.quad 0xccd1c8aaee00bc4f ___ { @@ -131,8 +121,12 @@ .type ecp_nistz256_mul_by_2,\@function,2 .align 64 ecp_nistz256_mul_by_2: +.cfi_startproc push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 +.Lmul_by_2_body: mov 8*0($a_ptr), $a0 xor $t4,$t4 @@ -165,9 +159,15 @@ mov $a2, 8*2($r_ptr) mov $a3, 8*3($r_ptr) - pop %r13 - pop %r12 + mov 0(%rsp),%r13 +.cfi_restore %r13 + mov 8(%rsp),%r12 +.cfi_restore %r12 + lea 16(%rsp),%rsp +.cfi_adjust_cfa_offset -16 +.Lmul_by_2_epilogue: ret +.cfi_endproc .size ecp_nistz256_mul_by_2,.-ecp_nistz256_mul_by_2 ################################################################################ @@ -176,8 +176,12 @@ .type ecp_nistz256_div_by_2,\@function,2 .align 32 ecp_nistz256_div_by_2: +.cfi_startproc push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 +.Ldiv_by_2_body: mov 8*0($a_ptr), $a0 mov 8*1($a_ptr), $a1 @@ -225,9 +229,15 @@ mov $a2, 8*2($r_ptr) mov $a3, 8*3($r_ptr) - pop %r13 - pop %r12 + mov 0(%rsp),%r13 +.cfi_restore %r13 + mov 8(%rsp),%r12 +.cfi_restore %r12 + lea 16(%rsp),%rsp +.cfi_adjust_cfa_offset -16 +.Ldiv_by_2_epilogue: ret +.cfi_endproc .size ecp_nistz256_div_by_2,.-ecp_nistz256_div_by_2 ################################################################################ @@ -236,8 +246,12 @@ .type ecp_nistz256_mul_by_3,\@function,2 .align 32 ecp_nistz256_mul_by_3: +.cfi_startproc push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 +.Lmul_by_3_body: mov 8*0($a_ptr), $a0 xor $t4, $t4 @@ -291,9 +305,15 @@ mov $a2, 8*2($r_ptr) mov $a3, 8*3($r_ptr) - pop %r13 - pop %r12 + mov 0(%rsp),%r13 +.cfi_restore %r13 + mov 8(%rsp),%r12 +.cfi_restore %r12 + lea 16(%rsp),%rsp +.cfi_adjust_cfa_offset -16 +.Lmul_by_3_epilogue: ret +.cfi_endproc .size ecp_nistz256_mul_by_3,.-ecp_nistz256_mul_by_3 ################################################################################ @@ -302,8 +322,12 @@ .type ecp_nistz256_add,\@function,3 .align 32 ecp_nistz256_add: +.cfi_startproc push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 +.Ladd_body: mov 8*0($a_ptr), $a0 xor $t4, $t4 @@ -337,9 +361,15 @@ mov $a2, 8*2($r_ptr) mov $a3, 8*3($r_ptr) - pop %r13 - pop %r12 + mov 0(%rsp),%r13 +.cfi_restore %r13 + mov 8(%rsp),%r12 +.cfi_restore %r12 + lea 16(%rsp),%rsp +.cfi_adjust_cfa_offset -16 +.Ladd_epilogue: ret +.cfi_endproc .size ecp_nistz256_add,.-ecp_nistz256_add ################################################################################ @@ -348,8 +378,12 @@ .type ecp_nistz256_sub,\@function,3 .align 32 ecp_nistz256_sub: +.cfi_startproc push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 +.Lsub_body: mov 8*0($a_ptr), $a0 xor $t4, $t4 @@ -374,72 +408,1167 @@ adc 8*3($a_ptr), $a3 test $t4, $t4 - cmovz $t0, $a0 - cmovz $t1, $a1 - mov $a0, 8*0($r_ptr) - cmovz $t2, $a2 - mov $a1, 8*1($r_ptr) - cmovz $t3, $a3 - mov $a2, 8*2($r_ptr) - mov $a3, 8*3($r_ptr) + cmovz $t0, $a0 + cmovz $t1, $a1 + mov $a0, 8*0($r_ptr) + cmovz $t2, $a2 + mov $a1, 8*1($r_ptr) + cmovz $t3, $a3 + mov $a2, 8*2($r_ptr) + mov $a3, 8*3($r_ptr) + + mov 0(%rsp),%r13 +.cfi_restore %r13 + mov 8(%rsp),%r12 +.cfi_restore %r12 + lea 16(%rsp),%rsp +.cfi_adjust_cfa_offset -16 +.Lsub_epilogue: + ret +.cfi_endproc +.size ecp_nistz256_sub,.-ecp_nistz256_sub + +################################################################################ +# void ecp_nistz256_neg(uint64_t res[4], uint64_t a[4]); +.globl ecp_nistz256_neg +.type ecp_nistz256_neg,\@function,2 +.align 32 +ecp_nistz256_neg: +.cfi_startproc + push %r12 +.cfi_push %r12 + push %r13 +.cfi_push %r13 +.Lneg_body: + + xor $a0, $a0 + xor $a1, $a1 + xor $a2, $a2 + xor $a3, $a3 + xor $t4, $t4 + + sub 8*0($a_ptr), $a0 + sbb 8*1($a_ptr), $a1 + sbb 8*2($a_ptr), $a2 + mov $a0, $t0 + sbb 8*3($a_ptr), $a3 + lea .Lpoly(%rip), $a_ptr + mov $a1, $t1 + sbb \$0, $t4 + + add 8*0($a_ptr), $a0 + mov $a2, $t2 + adc 8*1($a_ptr), $a1 + adc 8*2($a_ptr), $a2 + mov $a3, $t3 + adc 8*3($a_ptr), $a3 + test $t4, $t4 + + cmovz $t0, $a0 + cmovz $t1, $a1 + mov $a0, 8*0($r_ptr) + cmovz $t2, $a2 + mov $a1, 8*1($r_ptr) + cmovz $t3, $a3 + mov $a2, 8*2($r_ptr) + mov $a3, 8*3($r_ptr) + + mov 0(%rsp),%r13 +.cfi_restore %r13 + mov 8(%rsp),%r12 +.cfi_restore %r12 + lea 16(%rsp),%rsp +.cfi_adjust_cfa_offset -16 +.Lneg_epilogue: + ret +.cfi_endproc +.size ecp_nistz256_neg,.-ecp_nistz256_neg +___ +} +{ +my ($r_ptr,$a_ptr,$b_org,$b_ptr)=("%rdi","%rsi","%rdx","%rbx"); +my ($acc0,$acc1,$acc2,$acc3,$acc4,$acc5,$acc6,$acc7)=map("%r$_",(8..15)); +my ($t0,$t1,$t2,$t3,$t4)=("%rcx","%rbp","%rbx","%rdx","%rax"); +my ($poly1,$poly3)=($acc6,$acc7); + +$code.=<<___; +################################################################################ +# void ecp_nistz256_ord_mul_mont( +# uint64_t res[4], +# uint64_t a[4], +# uint64_t b[4]); + +.globl ecp_nistz256_ord_mul_mont +.type ecp_nistz256_ord_mul_mont,\@function,3 +.align 32 +ecp_nistz256_ord_mul_mont: +.cfi_startproc +___ +$code.=<<___ if ($addx); + mov \$0x80100, %ecx + and OPENSSL_ia32cap_P+8(%rip), %ecx + cmp \$0x80100, %ecx + je .Lecp_nistz256_ord_mul_montx +___ +$code.=<<___; + push %rbp +.cfi_push %rbp + push %rbx +.cfi_push %rbx + push %r12 +.cfi_push %r12 + push %r13 +.cfi_push %r13 + push %r14 +.cfi_push %r14 + push %r15 +.cfi_push %r15 +.Lord_mul_body: + + mov 8*0($b_org), %rax + mov $b_org, $b_ptr + lea .Lord(%rip), %r14 + mov .LordK(%rip), %r15 + + ################################# * b[0] + mov %rax, $t0 + mulq 8*0($a_ptr) + mov %rax, $acc0 + mov $t0, %rax + mov %rdx, $acc1 + + mulq 8*1($a_ptr) + add %rax, $acc1 + mov $t0, %rax + adc \$0, %rdx + mov %rdx, $acc2 + + mulq 8*2($a_ptr) + add %rax, $acc2 + mov $t0, %rax + adc \$0, %rdx + + mov $acc0, $acc5 + imulq %r15,$acc0 + + mov %rdx, $acc3 + mulq 8*3($a_ptr) + add %rax, $acc3 + mov $acc0, %rax + adc \$0, %rdx + mov %rdx, $acc4 + + ################################# First reduction step + mulq 8*0(%r14) + mov $acc0, $t1 + add %rax, $acc5 # guaranteed to be zero + mov $acc0, %rax + adc \$0, %rdx + mov %rdx, $t0 + + sub $acc0, $acc2 + sbb \$0, $acc0 # can't borrow + + mulq 8*1(%r14) + add $t0, $acc1 + adc \$0, %rdx + add %rax, $acc1 + mov $t1, %rax + adc %rdx, $acc2 + mov $t1, %rdx + adc \$0, $acc0 # can't overflow + + shl \$32, %rax + shr \$32, %rdx + sub %rax, $acc3 + mov 8*1($b_ptr), %rax + sbb %rdx, $t1 # can't borrow + + add $acc0, $acc3 + adc $t1, $acc4 + adc \$0, $acc5 + + ################################# * b[1] + mov %rax, $t0 + mulq 8*0($a_ptr) + add %rax, $acc1 + mov $t0, %rax + adc \$0, %rdx + mov %rdx, $t1 + + mulq 8*1($a_ptr) + add $t1, $acc2 + adc \$0, %rdx + add %rax, $acc2 + mov $t0, %rax + adc \$0, %rdx + mov %rdx, $t1 + + mulq 8*2($a_ptr) + add $t1, $acc3 + adc \$0, %rdx + add %rax, $acc3 + mov $t0, %rax + adc \$0, %rdx + + mov $acc1, $t0 + imulq %r15, $acc1 + + mov %rdx, $t1 + mulq 8*3($a_ptr) + add $t1, $acc4 + adc \$0, %rdx + xor $acc0, $acc0 + add %rax, $acc4 + mov $acc1, %rax + adc %rdx, $acc5 + adc \$0, $acc0 + + ################################# Second reduction step + mulq 8*0(%r14) + mov $acc1, $t1 + add %rax, $t0 # guaranteed to be zero + mov $acc1, %rax + adc %rdx, $t0 + + sub $acc1, $acc3 + sbb \$0, $acc1 # can't borrow + + mulq 8*1(%r14) + add $t0, $acc2 + adc \$0, %rdx + add %rax, $acc2 + mov $t1, %rax + adc %rdx, $acc3 + mov $t1, %rdx + adc \$0, $acc1 # can't overflow + + shl \$32, %rax + shr \$32, %rdx + sub %rax, $acc4 + mov 8*2($b_ptr), %rax + sbb %rdx, $t1 # can't borrow + + add $acc1, $acc4 + adc $t1, $acc5 + adc \$0, $acc0 + + ################################## * b[2] + mov %rax, $t0 + mulq 8*0($a_ptr) + add %rax, $acc2 + mov $t0, %rax + adc \$0, %rdx + mov %rdx, $t1 + + mulq 8*1($a_ptr) + add $t1, $acc3 + adc \$0, %rdx + add %rax, $acc3 + mov $t0, %rax + adc \$0, %rdx + mov %rdx, $t1 + + mulq 8*2($a_ptr) + add $t1, $acc4 + adc \$0, %rdx + add %rax, $acc4 + mov $t0, %rax + adc \$0, %rdx + + mov $acc2, $t0 + imulq %r15, $acc2 + + mov %rdx, $t1 + mulq 8*3($a_ptr) + add $t1, $acc5 + adc \$0, %rdx + xor $acc1, $acc1 + add %rax, $acc5 + mov $acc2, %rax + adc %rdx, $acc0 + adc \$0, $acc1 + + ################################# Third reduction step + mulq 8*0(%r14) + mov $acc2, $t1 + add %rax, $t0 # guaranteed to be zero + mov $acc2, %rax + adc %rdx, $t0 + + sub $acc2, $acc4 + sbb \$0, $acc2 # can't borrow + + mulq 8*1(%r14) + add $t0, $acc3 + adc \$0, %rdx + add %rax, $acc3 + mov $t1, %rax + adc %rdx, $acc4 + mov $t1, %rdx + adc \$0, $acc2 # can't overflow + + shl \$32, %rax + shr \$32, %rdx + sub %rax, $acc5 + mov 8*3($b_ptr), %rax + sbb %rdx, $t1 # can't borrow + + add $acc2, $acc5 + adc $t1, $acc0 + adc \$0, $acc1 + + ################################# * b[3] + mov %rax, $t0 + mulq 8*0($a_ptr) + add %rax, $acc3 + mov $t0, %rax + adc \$0, %rdx + mov %rdx, $t1 + + mulq 8*1($a_ptr) + add $t1, $acc4 + adc \$0, %rdx + add %rax, $acc4 + mov $t0, %rax + adc \$0, %rdx + mov %rdx, $t1 + + mulq 8*2($a_ptr) + add $t1, $acc5 + adc \$0, %rdx + add %rax, $acc5 + mov $t0, %rax + adc \$0, %rdx + + mov $acc3, $t0 + imulq %r15, $acc3 + + mov %rdx, $t1 + mulq 8*3($a_ptr) + add $t1, $acc0 + adc \$0, %rdx + xor $acc2, $acc2 + add %rax, $acc0 + mov $acc3, %rax + adc %rdx, $acc1 + adc \$0, $acc2 + + ################################# Last reduction step + mulq 8*0(%r14) + mov $acc3, $t1 + add %rax, $t0 # guaranteed to be zero + mov $acc3, %rax + adc %rdx, $t0 + + sub $acc3, $acc5 + sbb \$0, $acc3 # can't borrow + + mulq 8*1(%r14) + add $t0, $acc4 + adc \$0, %rdx + add %rax, $acc4 + mov $t1, %rax + adc %rdx, $acc5 + mov $t1, %rdx + adc \$0, $acc3 # can't overflow + + shl \$32, %rax + shr \$32, %rdx + sub %rax, $acc0 + sbb %rdx, $t1 # can't borrow + + add $acc3, $acc0 + adc $t1, $acc1 + adc \$0, $acc2 + + ################################# Subtract ord + mov $acc4, $a_ptr + sub 8*0(%r14), $acc4 + mov $acc5, $acc3 + sbb 8*1(%r14), $acc5 + mov $acc0, $t0 + sbb 8*2(%r14), $acc0 + mov $acc1, $t1 + sbb 8*3(%r14), $acc1 + sbb \$0, $acc2 + + cmovc $a_ptr, $acc4 + cmovc $acc3, $acc5 + cmovc $t0, $acc0 + cmovc $t1, $acc1 + + mov $acc4, 8*0($r_ptr) + mov $acc5, 8*1($r_ptr) + mov $acc0, 8*2($r_ptr) + mov $acc1, 8*3($r_ptr) + + mov 0(%rsp),%r15 +.cfi_restore %r15 + mov 8(%rsp),%r14 +.cfi_restore %r14 + mov 16(%rsp),%r13 +.cfi_restore %r13 + mov 24(%rsp),%r12 +.cfi_restore %r12 + mov 32(%rsp),%rbx +.cfi_restore %rbx + mov 40(%rsp),%rbp +.cfi_restore %rbp + lea 48(%rsp),%rsp +.cfi_adjust_cfa_offset -48 +.Lord_mul_epilogue: + ret +.cfi_endproc +.size ecp_nistz256_ord_mul_mont,.-ecp_nistz256_ord_mul_mont + +################################################################################ +# void ecp_nistz256_ord_sqr_mont( +# uint64_t res[4], +# uint64_t a[4], +# int rep); + +.globl ecp_nistz256_ord_sqr_mont +.type ecp_nistz256_ord_sqr_mont,\@function,3 +.align 32 +ecp_nistz256_ord_sqr_mont: +.cfi_startproc +___ +$code.=<<___ if ($addx); + mov \$0x80100, %ecx + and OPENSSL_ia32cap_P+8(%rip), %ecx + cmp \$0x80100, %ecx + je .Lecp_nistz256_ord_sqr_montx +___ +$code.=<<___; + push %rbp +.cfi_push %rbp + push %rbx +.cfi_push %rbx + push %r12 +.cfi_push %r12 + push %r13 +.cfi_push %r13 + push %r14 +.cfi_push %r14 + push %r15 +.cfi_push %r15 +.Lord_sqr_body: + + mov 8*0($a_ptr), $acc0 + mov 8*1($a_ptr), %rax + mov 8*2($a_ptr), $acc6 + mov 8*3($a_ptr), $acc7 + lea .Lord(%rip), $a_ptr # pointer to modulus + mov $b_org, $b_ptr + jmp .Loop_ord_sqr + +.align 32 +.Loop_ord_sqr: + ################################# a[1:] * a[0] + mov %rax, $t1 # put aside a[1] + mul $acc0 # a[1] * a[0] + mov %rax, $acc1 + movq $t1, %xmm1 # offload a[1] + mov $acc6, %rax + mov %rdx, $acc2 + + mul $acc0 # a[2] * a[0] + add %rax, $acc2 + mov $acc7, %rax + movq $acc6, %xmm2 # offload a[2] + adc \$0, %rdx + mov %rdx, $acc3 + + mul $acc0 # a[3] * a[0] + add %rax, $acc3 + mov $acc7, %rax + movq $acc7, %xmm3 # offload a[3] + adc \$0, %rdx + mov %rdx, $acc4 + + ################################# a[3] * a[2] + mul $acc6 # a[3] * a[2] + mov %rax, $acc5 + mov $acc6, %rax + mov %rdx, $acc6 + + ################################# a[2:] * a[1] + mul $t1 # a[2] * a[1] + add %rax, $acc3 + mov $acc7, %rax + adc \$0, %rdx + mov %rdx, $acc7 + + mul $t1 # a[3] * a[1] + add %rax, $acc4 + adc \$0, %rdx + + add $acc7, $acc4 + adc %rdx, $acc5 + adc \$0, $acc6 # can't overflow + + ################################# *2 + xor $acc7, $acc7 + mov $acc0, %rax + add $acc1, $acc1 + adc $acc2, $acc2 + adc $acc3, $acc3 + adc $acc4, $acc4 + adc $acc5, $acc5 + adc $acc6, $acc6 + adc \$0, $acc7 + + ################################# Missing products + mul %rax # a[0] * a[0] + mov %rax, $acc0 + movq %xmm1, %rax + mov %rdx, $t1 + + mul %rax # a[1] * a[1] + add $t1, $acc1 + adc %rax, $acc2 + movq %xmm2, %rax + adc \$0, %rdx + mov %rdx, $t1 + + mul %rax # a[2] * a[2] + add $t1, $acc3 + adc %rax, $acc4 + movq %xmm3, %rax + adc \$0, %rdx + mov %rdx, $t1 + + mov $acc0, $t0 + imulq 8*4($a_ptr), $acc0 # *= .LordK + + mul %rax # a[3] * a[3] + add $t1, $acc5 + adc %rax, $acc6 + mov 8*0($a_ptr), %rax # modulus[0] + adc %rdx, $acc7 # can't overflow + + ################################# First reduction step + mul $acc0 + mov $acc0, $t1 + add %rax, $t0 # guaranteed to be zero + mov 8*1($a_ptr), %rax # modulus[1] + adc %rdx, $t0 + + sub $acc0, $acc2 + sbb \$0, $t1 # can't borrow + + mul $acc0 + add $t0, $acc1 + adc \$0, %rdx + add %rax, $acc1 + mov $acc0, %rax + adc %rdx, $acc2 + mov $acc0, %rdx + adc \$0, $t1 # can't overflow + + mov $acc1, $t0 + imulq 8*4($a_ptr), $acc1 # *= .LordK + + shl \$32, %rax + shr \$32, %rdx + sub %rax, $acc3 + mov 8*0($a_ptr), %rax + sbb %rdx, $acc0 # can't borrow + + add $t1, $acc3 + adc \$0, $acc0 # can't overflow + + ################################# Second reduction step + mul $acc1 + mov $acc1, $t1 + add %rax, $t0 # guaranteed to be zero + mov 8*1($a_ptr), %rax + adc %rdx, $t0 + + sub $acc1, $acc3 + sbb \$0, $t1 # can't borrow + + mul $acc1 + add $t0, $acc2 + adc \$0, %rdx + add %rax, $acc2 + mov $acc1, %rax + adc %rdx, $acc3 + mov $acc1, %rdx + adc \$0, $t1 # can't overflow + + mov $acc2, $t0 + imulq 8*4($a_ptr), $acc2 # *= .LordK + + shl \$32, %rax + shr \$32, %rdx + sub %rax, $acc0 + mov 8*0($a_ptr), %rax + sbb %rdx, $acc1 # can't borrow + + add $t1, $acc0 + adc \$0, $acc1 # can't overflow + + ################################# Third reduction step + mul $acc2 + mov $acc2, $t1 + add %rax, $t0 # guaranteed to be zero + mov 8*1($a_ptr), %rax + adc %rdx, $t0 + + sub $acc2, $acc0 + sbb \$0, $t1 # can't borrow + + mul $acc2 + add $t0, $acc3 + adc \$0, %rdx + add %rax, $acc3 + mov $acc2, %rax + adc %rdx, $acc0 + mov $acc2, %rdx + adc \$0, $t1 # can't overflow + + mov $acc3, $t0 + imulq 8*4($a_ptr), $acc3 # *= .LordK + + shl \$32, %rax + shr \$32, %rdx + sub %rax, $acc1 + mov 8*0($a_ptr), %rax + sbb %rdx, $acc2 # can't borrow + + add $t1, $acc1 + adc \$0, $acc2 # can't overflow + + ################################# Last reduction step + mul $acc3 + mov $acc3, $t1 + add %rax, $t0 # guaranteed to be zero + mov 8*1($a_ptr), %rax + adc %rdx, $t0 + + sub $acc3, $acc1 + sbb \$0, $t1 # can't borrow + + mul $acc3 + add $t0, $acc0 + adc \$0, %rdx + add %rax, $acc0 + mov $acc3, %rax + adc %rdx, $acc1 + mov $acc3, %rdx + adc \$0, $t1 # can't overflow + + shl \$32, %rax + shr \$32, %rdx + sub %rax, $acc2 + sbb %rdx, $acc3 # can't borrow + + add $t1, $acc2 + adc \$0, $acc3 # can't overflow + + ################################# Add bits [511:256] of the sqr result + xor %rdx, %rdx + add $acc4, $acc0 + adc $acc5, $acc1 + mov $acc0, $acc4 + adc $acc6, $acc2 + adc $acc7, $acc3 + mov $acc1, %rax + adc \$0, %rdx + + ################################# Compare to modulus + sub 8*0($a_ptr), $acc0 + mov $acc2, $acc6 + sbb 8*1($a_ptr), $acc1 + sbb 8*2($a_ptr), $acc2 + mov $acc3, $acc7 + sbb 8*3($a_ptr), $acc3 + sbb \$0, %rdx + + cmovc $acc4, $acc0 + cmovnc $acc1, %rax + cmovnc $acc2, $acc6 + cmovnc $acc3, $acc7 + + dec $b_ptr + jnz .Loop_ord_sqr + + mov $acc0, 8*0($r_ptr) + mov %rax, 8*1($r_ptr) + pxor %xmm1, %xmm1 + mov $acc6, 8*2($r_ptr) + pxor %xmm2, %xmm2 + mov $acc7, 8*3($r_ptr) + pxor %xmm3, %xmm3 + + mov 0(%rsp),%r15 +.cfi_restore %r15 + mov 8(%rsp),%r14 +.cfi_restore %r14 + mov 16(%rsp),%r13 +.cfi_restore %r13 + mov 24(%rsp),%r12 +.cfi_restore %r12 + mov 32(%rsp),%rbx +.cfi_restore %rbx + mov 40(%rsp),%rbp +.cfi_restore %rbp + lea 48(%rsp),%rsp +.cfi_adjust_cfa_offset -48 +.Lord_sqr_epilogue: + ret +.cfi_endproc +.size ecp_nistz256_ord_sqr_mont,.-ecp_nistz256_ord_sqr_mont +___ + +$code.=<<___ if ($addx); +################################################################################ +.type ecp_nistz256_ord_mul_montx,\@function,3 +.align 32 +ecp_nistz256_ord_mul_montx: +.cfi_startproc +.Lecp_nistz256_ord_mul_montx: + push %rbp +.cfi_push %rbp + push %rbx +.cfi_push %rbx + push %r12 +.cfi_push %r12 + push %r13 +.cfi_push %r13 + push %r14 +.cfi_push %r14 + push %r15 +.cfi_push %r15 +.Lord_mulx_body: + + mov $b_org, $b_ptr + mov 8*0($b_org), %rdx + mov 8*0($a_ptr), $acc1 + mov 8*1($a_ptr), $acc2 + mov 8*2($a_ptr), $acc3 + mov 8*3($a_ptr), $acc4 + lea -128($a_ptr), $a_ptr # control u-op density + lea .Lord-128(%rip), %r14 + mov .LordK(%rip), %r15 + + ################################# Multiply by b[0] + mulx $acc1, $acc0, $acc1 + mulx $acc2, $t0, $acc2 + mulx $acc3, $t1, $acc3 + add $t0, $acc1 + mulx $acc4, $t0, $acc4 + mov $acc0, %rdx + mulx %r15, %rdx, %rax + adc $t1, $acc2 + adc $t0, $acc3 + adc \$0, $acc4 + + ################################# reduction + xor $acc5, $acc5 # $acc5=0, cf=0, of=0 + mulx 8*0+128(%r14), $t0, $t1 + adcx $t0, $acc0 # guaranteed to be zero + adox $t1, $acc1 + + mulx 8*1+128(%r14), $t0, $t1 + adcx $t0, $acc1 + adox $t1, $acc2 + + mulx 8*2+128(%r14), $t0, $t1 + adcx $t0, $acc2 + adox $t1, $acc3 + + mulx 8*3+128(%r14), $t0, $t1 + mov 8*1($b_ptr), %rdx + adcx $t0, $acc3 + adox $t1, $acc4 + adcx $acc0, $acc4 + adox $acc0, $acc5 + adc \$0, $acc5 # cf=0, of=0 + + ################################# Multiply by b[1] + mulx 8*0+128($a_ptr), $t0, $t1 + adcx $t0, $acc1 + adox $t1, $acc2 + + mulx 8*1+128($a_ptr), $t0, $t1 + adcx $t0, $acc2 + adox $t1, $acc3 + + mulx 8*2+128($a_ptr), $t0, $t1 + adcx $t0, $acc3 + adox $t1, $acc4 + + mulx 8*3+128($a_ptr), $t0, $t1 + mov $acc1, %rdx + mulx %r15, %rdx, %rax + adcx $t0, $acc4 + adox $t1, $acc5 + + adcx $acc0, $acc5 + adox $acc0, $acc0 + adc \$0, $acc0 # cf=0, of=0 + + ################################# reduction + mulx 8*0+128(%r14), $t0, $t1 + adcx $t0, $acc1 # guaranteed to be zero + adox $t1, $acc2 + + mulx 8*1+128(%r14), $t0, $t1 + adcx $t0, $acc2 + adox $t1, $acc3 + + mulx 8*2+128(%r14), $t0, $t1 + adcx $t0, $acc3 + adox $t1, $acc4 + + mulx 8*3+128(%r14), $t0, $t1 + mov 8*2($b_ptr), %rdx + adcx $t0, $acc4 + adox $t1, $acc5 + adcx $acc1, $acc5 + adox $acc1, $acc0 + adc \$0, $acc0 # cf=0, of=0 + + ################################# Multiply by b[2] + mulx 8*0+128($a_ptr), $t0, $t1 + adcx $t0, $acc2 + adox $t1, $acc3 + + mulx 8*1+128($a_ptr), $t0, $t1 + adcx $t0, $acc3 + adox $t1, $acc4 + + mulx 8*2+128($a_ptr), $t0, $t1 + adcx $t0, $acc4 + adox $t1, $acc5 + + mulx 8*3+128($a_ptr), $t0, $t1 + mov $acc2, %rdx + mulx %r15, %rdx, %rax + adcx $t0, $acc5 + adox $t1, $acc0 + + adcx $acc1, $acc0 + adox $acc1, $acc1 + adc \$0, $acc1 # cf=0, of=0 + + ################################# reduction + mulx 8*0+128(%r14), $t0, $t1 + adcx $t0, $acc2 # guaranteed to be zero + adox $t1, $acc3 + + mulx 8*1+128(%r14), $t0, $t1 + adcx $t0, $acc3 + adox $t1, $acc4 + + mulx 8*2+128(%r14), $t0, $t1 + adcx $t0, $acc4 + adox $t1, $acc5 + + mulx 8*3+128(%r14), $t0, $t1 + mov 8*3($b_ptr), %rdx + adcx $t0, $acc5 + adox $t1, $acc0 + adcx $acc2, $acc0 + adox $acc2, $acc1 + adc \$0, $acc1 # cf=0, of=0 + + ################################# Multiply by b[3] + mulx 8*0+128($a_ptr), $t0, $t1 + adcx $t0, $acc3 + adox $t1, $acc4 + + mulx 8*1+128($a_ptr), $t0, $t1 + adcx $t0, $acc4 + adox $t1, $acc5 + + mulx 8*2+128($a_ptr), $t0, $t1 + adcx $t0, $acc5 + adox $t1, $acc0 + + mulx 8*3+128($a_ptr), $t0, $t1 + mov $acc3, %rdx + mulx %r15, %rdx, %rax + adcx $t0, $acc0 + adox $t1, $acc1 + + adcx $acc2, $acc1 + adox $acc2, $acc2 + adc \$0, $acc2 # cf=0, of=0 + + ################################# reduction + mulx 8*0+128(%r14), $t0, $t1 + adcx $t0, $acc3 # guranteed to be zero + adox $t1, $acc4 + + mulx 8*1+128(%r14), $t0, $t1 + adcx $t0, $acc4 + adox $t1, $acc5 + + mulx 8*2+128(%r14), $t0, $t1 + adcx $t0, $acc5 + adox $t1, $acc0 + + mulx 8*3+128(%r14), $t0, $t1 + lea 128(%r14),%r14 + mov $acc4, $t2 + adcx $t0, $acc0 + adox $t1, $acc1 + mov $acc5, $t3 + adcx $acc3, $acc1 + adox $acc3, $acc2 + adc \$0, $acc2 + + ################################# + # Branch-less conditional subtraction of P + mov $acc0, $t0 + sub 8*0(%r14), $acc4 + sbb 8*1(%r14), $acc5 + sbb 8*2(%r14), $acc0 + mov $acc1, $t1 + sbb 8*3(%r14), $acc1 + sbb \$0, $acc2 + + cmovc $t2, $acc4 + cmovc $t3, $acc5 + cmovc $t0, $acc0 + cmovc $t1, $acc1 + + mov $acc4, 8*0($r_ptr) + mov $acc5, 8*1($r_ptr) + mov $acc0, 8*2($r_ptr) + mov $acc1, 8*3($r_ptr) - pop %r13 - pop %r12 + mov 0(%rsp),%r15 +.cfi_restore %r15 + mov 8(%rsp),%r14 +.cfi_restore %r14 + mov 16(%rsp),%r13 +.cfi_restore %r13 + mov 24(%rsp),%r12 +.cfi_restore %r12 + mov 32(%rsp),%rbx +.cfi_restore %rbx + mov 40(%rsp),%rbp +.cfi_restore %rbp + lea 48(%rsp),%rsp +.cfi_adjust_cfa_offset -48 +.Lord_mulx_epilogue: ret -.size ecp_nistz256_sub,.-ecp_nistz256_sub +.cfi_endproc +.size ecp_nistz256_ord_mul_montx,.-ecp_nistz256_ord_mul_montx -################################################################################ -# void ecp_nistz256_neg(uint64_t res[4], uint64_t a[4]); -.globl ecp_nistz256_neg -.type ecp_nistz256_neg,\@function,2 +.type ecp_nistz256_ord_sqr_montx,\@function,3 .align 32 -ecp_nistz256_neg: +ecp_nistz256_ord_sqr_montx: +.cfi_startproc +.Lecp_nistz256_ord_sqr_montx: + push %rbp +.cfi_push %rbp + push %rbx +.cfi_push %rbx push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 + push %r14 +.cfi_push %r14 + push %r15 +.cfi_push %r15 +.Lord_sqrx_body: - xor $a0, $a0 - xor $a1, $a1 - xor $a2, $a2 - xor $a3, $a3 - xor $t4, $t4 + mov $b_org, $b_ptr + mov 8*0($a_ptr), %rdx + mov 8*1($a_ptr), $acc6 + mov 8*2($a_ptr), $acc7 + mov 8*3($a_ptr), $acc0 + lea .Lord(%rip), $a_ptr + jmp .Loop_ord_sqrx - sub 8*0($a_ptr), $a0 - sbb 8*1($a_ptr), $a1 - sbb 8*2($a_ptr), $a2 - mov $a0, $t0 - sbb 8*3($a_ptr), $a3 - lea .Lpoly(%rip), $a_ptr - mov $a1, $t1 - sbb \$0, $t4 +.align 32 +.Loop_ord_sqrx: + mulx $acc6, $acc1, $acc2 # a[0]*a[1] + mulx $acc7, $t0, $acc3 # a[0]*a[2] + mov %rdx, %rax # offload a[0] + movq $acc6, %xmm1 # offload a[1] + mulx $acc0, $t1, $acc4 # a[0]*a[3] + mov $acc6, %rdx + add $t0, $acc2 + movq $acc7, %xmm2 # offload a[2] + adc $t1, $acc3 + adc \$0, $acc4 + xor $acc5, $acc5 # $acc5=0,cf=0,of=0 + ################################# + mulx $acc7, $t0, $t1 # a[1]*a[2] + adcx $t0, $acc3 + adox $t1, $acc4 - add 8*0($a_ptr), $a0 - mov $a2, $t2 - adc 8*1($a_ptr), $a1 - adc 8*2($a_ptr), $a2 - mov $a3, $t3 - adc 8*3($a_ptr), $a3 - test $t4, $t4 + mulx $acc0, $t0, $t1 # a[1]*a[3] + mov $acc7, %rdx + adcx $t0, $acc4 + adox $t1, $acc5 + adc \$0, $acc5 + ################################# + mulx $acc0, $t0, $acc6 # a[2]*a[3] + mov %rax, %rdx + movq $acc0, %xmm3 # offload a[3] + xor $acc7, $acc7 # $acc7=0,cf=0,of=0 + adcx $acc1, $acc1 # acc1:6<<1 + adox $t0, $acc5 + adcx $acc2, $acc2 + adox $acc7, $acc6 # of=0 - cmovz $t0, $a0 - cmovz $t1, $a1 - mov $a0, 8*0($r_ptr) - cmovz $t2, $a2 - mov $a1, 8*1($r_ptr) - cmovz $t3, $a3 - mov $a2, 8*2($r_ptr) - mov $a3, 8*3($r_ptr) + ################################# a[i]*a[i] + mulx %rdx, $acc0, $t1 + movq %xmm1, %rdx + adcx $acc3, $acc3 + adox $t1, $acc1 + adcx $acc4, $acc4 + mulx %rdx, $t0, $t4 + movq %xmm2, %rdx + adcx $acc5, $acc5 + adox $t0, $acc2 + adcx $acc6, $acc6 + mulx %rdx, $t0, $t1 + .byte 0x67 + movq %xmm3, %rdx + adox $t4, $acc3 + adcx $acc7, $acc7 + adox $t0, $acc4 + adox $t1, $acc5 + mulx %rdx, $t0, $t4 + adox $t0, $acc6 + adox $t4, $acc7 + + ################################# reduction + mov $acc0, %rdx + mulx 8*4($a_ptr), %rdx, $t0 + + xor %rax, %rax # cf=0, of=0 + mulx 8*0($a_ptr), $t0, $t1 + adcx $t0, $acc0 # guaranteed to be zero + adox $t1, $acc1 + mulx 8*1($a_ptr), $t0, $t1 + adcx $t0, $acc1 + adox $t1, $acc2 + mulx 8*2($a_ptr), $t0, $t1 + adcx $t0, $acc2 + adox $t1, $acc3 + mulx 8*3($a_ptr), $t0, $t1 + adcx $t0, $acc3 + adox $t1, $acc0 # of=0 + adcx %rax, $acc0 # cf=0 + + ################################# + mov $acc1, %rdx + mulx 8*4($a_ptr), %rdx, $t0 + + mulx 8*0($a_ptr), $t0, $t1 + adox $t0, $acc1 # guaranteed to be zero + adcx $t1, $acc2 + mulx 8*1($a_ptr), $t0, $t1 + adox $t0, $acc2 + adcx $t1, $acc3 + mulx 8*2($a_ptr), $t0, $t1 + adox $t0, $acc3 + adcx $t1, $acc0 + mulx 8*3($a_ptr), $t0, $t1 + adox $t0, $acc0 + adcx $t1, $acc1 # cf=0 + adox %rax, $acc1 # of=0 + + ################################# + mov $acc2, %rdx + mulx 8*4($a_ptr), %rdx, $t0 + + mulx 8*0($a_ptr), $t0, $t1 + adcx $t0, $acc2 # guaranteed to be zero + adox $t1, $acc3 + mulx 8*1($a_ptr), $t0, $t1 + adcx $t0, $acc3 + adox $t1, $acc0 + mulx 8*2($a_ptr), $t0, $t1 + adcx $t0, $acc0 + adox $t1, $acc1 + mulx 8*3($a_ptr), $t0, $t1 + adcx $t0, $acc1 + adox $t1, $acc2 # of=0 + adcx %rax, $acc2 # cf=0 + + ################################# + mov $acc3, %rdx + mulx 8*4($a_ptr), %rdx, $t0 + + mulx 8*0($a_ptr), $t0, $t1 + adox $t0, $acc3 # guaranteed to be zero + adcx $t1, $acc0 + mulx 8*1($a_ptr), $t0, $t1 + adox $t0, $acc0 + adcx $t1, $acc1 + mulx 8*2($a_ptr), $t0, $t1 + adox $t0, $acc1 + adcx $t1, $acc2 + mulx 8*3($a_ptr), $t0, $t1 + adox $t0, $acc2 + adcx $t1, $acc3 + adox %rax, $acc3 + + ################################# accumulate upper half + add $acc0, $acc4 # add $acc4, $acc0 + adc $acc5, $acc1 + mov $acc4, %rdx + adc $acc6, $acc2 + adc $acc7, $acc3 + mov $acc1, $acc6 + adc \$0, %rax + + ################################# compare to modulus + sub 8*0($a_ptr), $acc4 + mov $acc2, $acc7 + sbb 8*1($a_ptr), $acc1 + sbb 8*2($a_ptr), $acc2 + mov $acc3, $acc0 + sbb 8*3($a_ptr), $acc3 + sbb \$0, %rax + + cmovnc $acc4, %rdx + cmovnc $acc1, $acc6 + cmovnc $acc2, $acc7 + cmovnc $acc3, $acc0 + + dec $b_ptr + jnz .Loop_ord_sqrx + + mov %rdx, 8*0($r_ptr) + mov $acc6, 8*1($r_ptr) + pxor %xmm1, %xmm1 + mov $acc7, 8*2($r_ptr) + pxor %xmm2, %xmm2 + mov $acc0, 8*3($r_ptr) + pxor %xmm3, %xmm3 - pop %r13 - pop %r12 + mov 0(%rsp),%r15 +.cfi_restore %r15 + mov 8(%rsp),%r14 +.cfi_restore %r14 + mov 16(%rsp),%r13 +.cfi_restore %r13 + mov 24(%rsp),%r12 +.cfi_restore %r12 + mov 32(%rsp),%rbx +.cfi_restore %rbx + mov 40(%rsp),%rbp +.cfi_restore %rbp + lea 48(%rsp),%rsp +.cfi_adjust_cfa_offset -48 +.Lord_sqrx_epilogue: ret -.size ecp_nistz256_neg,.-ecp_nistz256_neg +.cfi_endproc +.size ecp_nistz256_ord_sqr_montx,.-ecp_nistz256_ord_sqr_montx ___ -} -{ -my ($r_ptr,$a_ptr,$b_org,$b_ptr)=("%rdi","%rsi","%rdx","%rbx"); -my ($acc0,$acc1,$acc2,$acc3,$acc4,$acc5,$acc6,$acc7)=map("%r$_",(8..15)); -my ($t0,$t1,$t2,$t3,$t4)=("%rcx","%rbp","%rbx","%rdx","%rax"); -my ($poly1,$poly3)=($acc6,$acc7); $code.=<<___; ################################################################################ @@ -470,6 +1599,7 @@ .type ecp_nistz256_mul_mont,\@function,3 .align 32 ecp_nistz256_mul_mont: +.cfi_startproc ___ $code.=<<___ if ($addx); mov \$0x80100, %ecx @@ -478,11 +1608,18 @@ $code.=<<___; .Lmul_mont: push %rbp +.cfi_push %rbp push %rbx +.cfi_push %rbx push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 +.Lmul_body: ___ $code.=<<___ if ($addx); cmp \$0x80100, %ecx @@ -515,13 +1652,23 @@ ___ $code.=<<___; .Lmul_mont_done: - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbx - pop %rbp + mov 0(%rsp),%r15 +.cfi_restore %r15 + mov 8(%rsp),%r14 +.cfi_restore %r14 + mov 16(%rsp),%r13 +.cfi_restore %r13 + mov 24(%rsp),%r12 +.cfi_restore %r12 + mov 32(%rsp),%rbx +.cfi_restore %rbx + mov 40(%rsp),%rbp +.cfi_restore %rbp + lea 48(%rsp),%rsp +.cfi_adjust_cfa_offset -48 +.Lmul_epilogue: ret +.cfi_endproc .size ecp_nistz256_mul_mont,.-ecp_nistz256_mul_mont .type __ecp_nistz256_mul_montq,\@abi-omnipotent @@ -611,7 +1758,7 @@ adc \$0, $acc0 ######################################################################## - # Second reduction step + # Second reduction step mov $acc1, $t1 shl \$32, $acc1 mulq $poly3 @@ -658,7 +1805,7 @@ adc \$0, $acc1 ######################################################################## - # Third reduction step + # Third reduction step mov $acc2, $t1 shl \$32, $acc2 mulq $poly3 @@ -705,7 +1852,7 @@ adc \$0, $acc2 ######################################################################## - # Final reduction step + # Final reduction step mov $acc3, $t1 shl \$32, $acc3 mulq $poly3 @@ -718,7 +1865,7 @@ mov $acc5, $t1 adc \$0, $acc2 - ######################################################################## + ######################################################################## # Branch-less conditional subtraction of P sub \$-1, $acc4 # .Lpoly[0] mov $acc0, $t2 @@ -751,6 +1898,7 @@ .type ecp_nistz256_sqr_mont,\@function,2 .align 32 ecp_nistz256_sqr_mont: +.cfi_startproc ___ $code.=<<___ if ($addx); mov \$0x80100, %ecx @@ -758,11 +1906,18 @@ ___ $code.=<<___; push %rbp +.cfi_push %rbp push %rbx +.cfi_push %rbx push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 +.Lsqr_body: ___ $code.=<<___ if ($addx); cmp \$0x80100, %ecx @@ -791,13 +1946,23 @@ ___ $code.=<<___; .Lsqr_mont_done: - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbx - pop %rbp + mov 0(%rsp),%r15 +.cfi_restore %r15 + mov 8(%rsp),%r14 +.cfi_restore %r14 + mov 16(%rsp),%r13 +.cfi_restore %r13 + mov 24(%rsp),%r12 +.cfi_restore %r12 + mov 32(%rsp),%rbx +.cfi_restore %rbx + mov 40(%rsp),%rbp +.cfi_restore %rbp + lea 48(%rsp),%rsp +.cfi_adjust_cfa_offset -48 +.Lsqr_epilogue: ret +.cfi_endproc .size ecp_nistz256_sqr_mont,.-ecp_nistz256_sqr_mont .type __ecp_nistz256_sqr_montq,\@abi-omnipotent @@ -1278,8 +2443,12 @@ .type ecp_nistz256_from_mont,\@function,2 .align 32 ecp_nistz256_from_mont: +.cfi_startproc push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 +.Lfrom_body: mov 8*0($in_ptr), %rax mov .Lpoly+8*3(%rip), $t2 @@ -1360,9 +2529,15 @@ mov $acc2, 8*2($r_ptr) mov $acc3, 8*3($r_ptr) - pop %r13 - pop %r12 + mov 0(%rsp),%r13 +.cfi_restore %r13 + mov 8(%rsp),%r12 +.cfi_restore %r12 + lea 16(%rsp),%rsp +.cfi_adjust_cfa_offset -16 +.Lfrom_epilogue: ret +.cfi_endproc .size ecp_nistz256_from_mont,.-ecp_nistz256_from_mont ___ } @@ -1488,10 +2663,10 @@ movaps 0x80(%rsp), %xmm14 movaps 0x90(%rsp), %xmm15 lea 0xa8(%rsp), %rsp -.LSEH_end_ecp_nistz256_gather_w5: ___ $code.=<<___; ret +.LSEH_end_ecp_nistz256_gather_w5: .size ecp_nistz256_gather_w5,.-ecp_nistz256_gather_w5 ################################################################################ @@ -1593,10 +2768,10 @@ movaps 0x80(%rsp), %xmm14 movaps 0x90(%rsp), %xmm15 lea 0xa8(%rsp), %rsp -.LSEH_end_ecp_nistz256_gather_w7: ___ $code.=<<___; ret +.LSEH_end_ecp_nistz256_gather_w7: .size ecp_nistz256_gather_w7,.-ecp_nistz256_gather_w7 ___ } @@ -1617,18 +2792,19 @@ ___ $code.=<<___ if ($win64); lea -0x88(%rsp), %rax + mov %rsp,%r11 .LSEH_begin_ecp_nistz256_avx2_gather_w5: - .byte 0x48,0x8d,0x60,0xe0 #lea -0x20(%rax), %rsp - .byte 0xc5,0xf8,0x29,0x70,0xe0 #vmovaps %xmm6, -0x20(%rax) - .byte 0xc5,0xf8,0x29,0x78,0xf0 #vmovaps %xmm7, -0x10(%rax) - .byte 0xc5,0x78,0x29,0x40,0x00 #vmovaps %xmm8, 8(%rax) - .byte 0xc5,0x78,0x29,0x48,0x10 #vmovaps %xmm9, 0x10(%rax) - .byte 0xc5,0x78,0x29,0x50,0x20 #vmovaps %xmm10, 0x20(%rax) - .byte 0xc5,0x78,0x29,0x58,0x30 #vmovaps %xmm11, 0x30(%rax) - .byte 0xc5,0x78,0x29,0x60,0x40 #vmovaps %xmm12, 0x40(%rax) - .byte 0xc5,0x78,0x29,0x68,0x50 #vmovaps %xmm13, 0x50(%rax) - .byte 0xc5,0x78,0x29,0x70,0x60 #vmovaps %xmm14, 0x60(%rax) - .byte 0xc5,0x78,0x29,0x78,0x70 #vmovaps %xmm15, 0x70(%rax) + .byte 0x48,0x8d,0x60,0xe0 # lea -0x20(%rax), %rsp + .byte 0xc5,0xf8,0x29,0x70,0xe0 # vmovaps %xmm6, -0x20(%rax) + .byte 0xc5,0xf8,0x29,0x78,0xf0 # vmovaps %xmm7, -0x10(%rax) + .byte 0xc5,0x78,0x29,0x40,0x00 # vmovaps %xmm8, 8(%rax) + .byte 0xc5,0x78,0x29,0x48,0x10 # vmovaps %xmm9, 0x10(%rax) + .byte 0xc5,0x78,0x29,0x50,0x20 # vmovaps %xmm10, 0x20(%rax) + .byte 0xc5,0x78,0x29,0x58,0x30 # vmovaps %xmm11, 0x30(%rax) + .byte 0xc5,0x78,0x29,0x60,0x40 # vmovaps %xmm12, 0x40(%rax) + .byte 0xc5,0x78,0x29,0x68,0x50 # vmovaps %xmm13, 0x50(%rax) + .byte 0xc5,0x78,0x29,0x70,0x60 # vmovaps %xmm14, 0x60(%rax) + .byte 0xc5,0x78,0x29,0x78,0x70 # vmovaps %xmm15, 0x70(%rax) ___ $code.=<<___; vmovdqa .LTwo(%rip), $TWO @@ -1694,11 +2870,11 @@ movaps 0x70(%rsp), %xmm13 movaps 0x80(%rsp), %xmm14 movaps 0x90(%rsp), %xmm15 - lea 0xa8(%rsp), %rsp -.LSEH_end_ecp_nistz256_avx2_gather_w5: + lea (%r11), %rsp ___ $code.=<<___; ret +.LSEH_end_ecp_nistz256_avx2_gather_w5: .size ecp_nistz256_avx2_gather_w5,.-ecp_nistz256_avx2_gather_w5 ___ } @@ -1721,19 +2897,20 @@ vzeroupper ___ $code.=<<___ if ($win64); + mov %rsp,%r11 lea -0x88(%rsp), %rax .LSEH_begin_ecp_nistz256_avx2_gather_w7: - .byte 0x48,0x8d,0x60,0xe0 #lea -0x20(%rax), %rsp - .byte 0xc5,0xf8,0x29,0x70,0xe0 #vmovaps %xmm6, -0x20(%rax) - .byte 0xc5,0xf8,0x29,0x78,0xf0 #vmovaps %xmm7, -0x10(%rax) - .byte 0xc5,0x78,0x29,0x40,0x00 #vmovaps %xmm8, 8(%rax) - .byte 0xc5,0x78,0x29,0x48,0x10 #vmovaps %xmm9, 0x10(%rax) - .byte 0xc5,0x78,0x29,0x50,0x20 #vmovaps %xmm10, 0x20(%rax) - .byte 0xc5,0x78,0x29,0x58,0x30 #vmovaps %xmm11, 0x30(%rax) - .byte 0xc5,0x78,0x29,0x60,0x40 #vmovaps %xmm12, 0x40(%rax) - .byte 0xc5,0x78,0x29,0x68,0x50 #vmovaps %xmm13, 0x50(%rax) - .byte 0xc5,0x78,0x29,0x70,0x60 #vmovaps %xmm14, 0x60(%rax) - .byte 0xc5,0x78,0x29,0x78,0x70 #vmovaps %xmm15, 0x70(%rax) + .byte 0x48,0x8d,0x60,0xe0 # lea -0x20(%rax), %rsp + .byte 0xc5,0xf8,0x29,0x70,0xe0 # vmovaps %xmm6, -0x20(%rax) + .byte 0xc5,0xf8,0x29,0x78,0xf0 # vmovaps %xmm7, -0x10(%rax) + .byte 0xc5,0x78,0x29,0x40,0x00 # vmovaps %xmm8, 8(%rax) + .byte 0xc5,0x78,0x29,0x48,0x10 # vmovaps %xmm9, 0x10(%rax) + .byte 0xc5,0x78,0x29,0x50,0x20 # vmovaps %xmm10, 0x20(%rax) + .byte 0xc5,0x78,0x29,0x58,0x30 # vmovaps %xmm11, 0x30(%rax) + .byte 0xc5,0x78,0x29,0x60,0x40 # vmovaps %xmm12, 0x40(%rax) + .byte 0xc5,0x78,0x29,0x68,0x50 # vmovaps %xmm13, 0x50(%rax) + .byte 0xc5,0x78,0x29,0x70,0x60 # vmovaps %xmm14, 0x60(%rax) + .byte 0xc5,0x78,0x29,0x78,0x70 # vmovaps %xmm15, 0x70(%rax) ___ $code.=<<___; vmovdqa .LThree(%rip), $THREE @@ -1814,11 +2991,11 @@ movaps 0x70(%rsp), %xmm13 movaps 0x80(%rsp), %xmm14 movaps 0x90(%rsp), %xmm15 - lea 0xa8(%rsp), %rsp -.LSEH_end_ecp_nistz256_avx2_gather_w7: + lea (%r11), %rsp ___ $code.=<<___; ret +.LSEH_end_ecp_nistz256_avx2_gather_w7: .size ecp_nistz256_avx2_gather_w7,.-ecp_nistz256_avx2_gather_w7 ___ } else { @@ -2022,6 +3199,7 @@ () .type ecp_nistz256_point_double,\@function,2 .align 32 ecp_nistz256_point_double: +.cfi_startproc ___ $code.=<<___ if ($addx); mov \$0x80100, %ecx @@ -2038,17 +3216,26 @@ () .type ecp_nistz256_point_doublex,\@function,2 .align 32 ecp_nistz256_point_doublex: +.cfi_startproc .Lpoint_doublex: ___ } $code.=<<___; push %rbp +.cfi_push %rbp push %rbx +.cfi_push %rbx push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 sub \$32*5+8, %rsp +.cfi_adjust_cfa_offset 32*5+8 +.Lpoint_double${x}_body: .Lpoint_double_shortcut$x: movdqu 0x00($a_ptr), %xmm0 # copy *(P256_POINT *)$a_ptr.x @@ -2114,7 +3301,7 @@ () movq %xmm1, $r_ptr call __ecp_nistz256_sqr_mont$x # p256_sqr_mont(res_y, S); ___ -{ +{ ######## ecp_nistz256_div_by_2(res_y, res_y); ########################## # operate in 4-5-6-7 "name space" that matches squaring output # @@ -2203,7 +3390,7 @@ () lea $M(%rsp), $b_ptr mov $acc4, $acc6 # harmonize sub output and mul input xor %ecx, %ecx - mov $acc4, $S+8*0(%rsp) # have to save:-( + mov $acc4, $S+8*0(%rsp) # have to save:-( mov $acc5, $acc2 mov $acc5, $S+8*1(%rsp) cmovz $acc0, $acc3 @@ -2219,14 +3406,25 @@ () movq %xmm1, $r_ptr call __ecp_nistz256_sub_from$x # p256_sub(res_y, S, res_y); - add \$32*5+8, %rsp - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbx - pop %rbp + lea 32*5+56(%rsp), %rsi +.cfi_def_cfa %rsi,8 + mov -48(%rsi),%r15 +.cfi_restore %r15 + mov -40(%rsi),%r14 +.cfi_restore %r14 + mov -32(%rsi),%r13 +.cfi_restore %r13 + mov -24(%rsi),%r12 +.cfi_restore %r12 + mov -16(%rsi),%rbx +.cfi_restore %rbx + mov -8(%rsi),%rbp +.cfi_restore %rbp + lea (%rsi),%rsp +.cfi_def_cfa_register %rsp +.Lpoint_double${x}_epilogue: ret +.cfi_endproc .size ecp_nistz256_point_double$sfx,.-ecp_nistz256_point_double$sfx ___ } @@ -2252,6 +3450,7 @@ () .type ecp_nistz256_point_add,\@function,3 .align 32 ecp_nistz256_point_add: +.cfi_startproc ___ $code.=<<___ if ($addx); mov \$0x80100, %ecx @@ -2268,17 +3467,26 @@ () .type ecp_nistz256_point_addx,\@function,3 .align 32 ecp_nistz256_point_addx: +.cfi_startproc .Lpoint_addx: ___ } $code.=<<___; push %rbp +.cfi_push %rbp push %rbx +.cfi_push %rbx push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 sub \$32*18+8, %rsp +.cfi_adjust_cfa_offset 32*18+8 +.Lpoint_add${x}_body: movdqu 0x00($a_ptr), %xmm0 # copy *(P256_POINT *)$a_ptr movdqu 0x10($a_ptr), %xmm1 @@ -2587,14 +3795,25 @@ () movdqu %xmm3, 0x30($r_ptr) .Ladd_done$x: - add \$32*18+8, %rsp - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbx - pop %rbp + lea 32*18+56(%rsp), %rsi +.cfi_def_cfa %rsi,8 + mov -48(%rsi),%r15 +.cfi_restore %r15 + mov -40(%rsi),%r14 +.cfi_restore %r14 + mov -32(%rsi),%r13 +.cfi_restore %r13 + mov -24(%rsi),%r12 +.cfi_restore %r12 + mov -16(%rsi),%rbx +.cfi_restore %rbx + mov -8(%rsi),%rbp +.cfi_restore %rbp + lea (%rsi),%rsp +.cfi_def_cfa_register %rsp +.Lpoint_add${x}_epilogue: ret +.cfi_endproc .size ecp_nistz256_point_add$sfx,.-ecp_nistz256_point_add$sfx ___ } @@ -2619,6 +3838,7 @@ () .type ecp_nistz256_point_add_affine,\@function,3 .align 32 ecp_nistz256_point_add_affine: +.cfi_startproc ___ $code.=<<___ if ($addx); mov \$0x80100, %ecx @@ -2635,17 +3855,26 @@ () .type ecp_nistz256_point_add_affinex,\@function,3 .align 32 ecp_nistz256_point_add_affinex: +.cfi_startproc .Lpoint_add_affinex: ___ } $code.=<<___; push %rbp +.cfi_push %rbp push %rbx +.cfi_push %rbx push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 sub \$32*15+8, %rsp +.cfi_adjust_cfa_offset 32*15+8 +.Ladd_affine${x}_body: movdqu 0x00($a_ptr), %xmm0 # copy *(P256_POINT *)$a_ptr mov $b_org, $b_ptr # reassign @@ -2890,14 +4119,25 @@ () movdqu %xmm2, 0x20($r_ptr) movdqu %xmm3, 0x30($r_ptr) - add \$32*15+8, %rsp - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbx - pop %rbp + lea 32*15+56(%rsp), %rsi +.cfi_def_cfa %rsi,8 + mov -48(%rsi),%r15 +.cfi_restore %r15 + mov -40(%rsi),%r14 +.cfi_restore %r14 + mov -32(%rsi),%r13 +.cfi_restore %r13 + mov -24(%rsi),%r12 +.cfi_restore %r12 + mov -16(%rsi),%rbx +.cfi_restore %rbx + mov -8(%rsi),%rbp +.cfi_restore %rbp + lea (%rsi),%rsp +.cfi_def_cfa_register %rsp +.Ladd_affine${x}_epilogue: ret +.cfi_endproc .size ecp_nistz256_point_add_affine$sfx,.-ecp_nistz256_point_add_affine$sfx ___ } @@ -3048,11 +4288,395 @@ () } }}} +# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, +# CONTEXT *context,DISPATCHER_CONTEXT *disp) +if ($win64) { +$rec="%rcx"; +$frame="%rdx"; +$context="%r8"; +$disp="%r9"; + +$code.=<<___; +.extern __imp_RtlVirtualUnwind + +.type short_handler,\@abi-omnipotent +.align 16 +short_handler: + push %rsi + push %rdi + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + pushfq + sub \$64,%rsp + + mov 120($context),%rax # pull context->Rax + mov 248($context),%rbx # pull context->Rip + + mov 8($disp),%rsi # disp->ImageBase + mov 56($disp),%r11 # disp->HandlerData + + mov 0(%r11),%r10d # HandlerData[0] + lea (%rsi,%r10),%r10 # end of prologue label + cmp %r10,%rbx # context->RipRsp + + mov 4(%r11),%r10d # HandlerData[1] + lea (%rsi,%r10),%r10 # epilogue label + cmp %r10,%rbx # context->Rip>=epilogue label + jae .Lcommon_seh_tail + + lea 16(%rax),%rax + + mov -8(%rax),%r12 + mov -16(%rax),%r13 + mov %r12,216($context) # restore context->R12 + mov %r13,224($context) # restore context->R13 + + jmp .Lcommon_seh_tail +.size short_handler,.-short_handler + +.type full_handler,\@abi-omnipotent +.align 16 +full_handler: + push %rsi + push %rdi + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + pushfq + sub \$64,%rsp + + mov 120($context),%rax # pull context->Rax + mov 248($context),%rbx # pull context->Rip + + mov 8($disp),%rsi # disp->ImageBase + mov 56($disp),%r11 # disp->HandlerData + + mov 0(%r11),%r10d # HandlerData[0] + lea (%rsi,%r10),%r10 # end of prologue label + cmp %r10,%rbx # context->RipRsp + + mov 4(%r11),%r10d # HandlerData[1] + lea (%rsi,%r10),%r10 # epilogue label + cmp %r10,%rbx # context->Rip>=epilogue label + jae .Lcommon_seh_tail + + mov 8(%r11),%r10d # HandlerData[2] + lea (%rax,%r10),%rax + + mov -8(%rax),%rbp + mov -16(%rax),%rbx + mov -24(%rax),%r12 + mov -32(%rax),%r13 + mov -40(%rax),%r14 + mov -48(%rax),%r15 + mov %rbx,144($context) # restore context->Rbx + mov %rbp,160($context) # restore context->Rbp + mov %r12,216($context) # restore context->R12 + mov %r13,224($context) # restore context->R13 + mov %r14,232($context) # restore context->R14 + mov %r15,240($context) # restore context->R15 + +.Lcommon_seh_tail: + mov 8(%rax),%rdi + mov 16(%rax),%rsi + mov %rax,152($context) # restore context->Rsp + mov %rsi,168($context) # restore context->Rsi + mov %rdi,176($context) # restore context->Rdi + + mov 40($disp),%rdi # disp->ContextRecord + mov $context,%rsi # context + mov \$154,%ecx # sizeof(CONTEXT) + .long 0xa548f3fc # cld; rep movsq + + mov $disp,%rsi + xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER + mov 8(%rsi),%rdx # arg2, disp->ImageBase + mov 0(%rsi),%r8 # arg3, disp->ControlPc + mov 16(%rsi),%r9 # arg4, disp->FunctionEntry + mov 40(%rsi),%r10 # disp->ContextRecord + lea 56(%rsi),%r11 # &disp->HandlerData + lea 24(%rsi),%r12 # &disp->EstablisherFrame + mov %r10,32(%rsp) # arg5 + mov %r11,40(%rsp) # arg6 + mov %r12,48(%rsp) # arg7 + mov %rcx,56(%rsp) # arg8, (NULL) + call *__imp_RtlVirtualUnwind(%rip) + + mov \$1,%eax # ExceptionContinueSearch + add \$64,%rsp + popfq + pop %r15 + pop %r14 + pop %r13 + pop %r12 + pop %rbp + pop %rbx + pop %rdi + pop %rsi + ret +.size full_handler,.-full_handler + +.section .pdata +.align 4 + .rva .LSEH_begin_ecp_nistz256_mul_by_2 + .rva .LSEH_end_ecp_nistz256_mul_by_2 + .rva .LSEH_info_ecp_nistz256_mul_by_2 + + .rva .LSEH_begin_ecp_nistz256_div_by_2 + .rva .LSEH_end_ecp_nistz256_div_by_2 + .rva .LSEH_info_ecp_nistz256_div_by_2 + + .rva .LSEH_begin_ecp_nistz256_mul_by_3 + .rva .LSEH_end_ecp_nistz256_mul_by_3 + .rva .LSEH_info_ecp_nistz256_mul_by_3 + + .rva .LSEH_begin_ecp_nistz256_add + .rva .LSEH_end_ecp_nistz256_add + .rva .LSEH_info_ecp_nistz256_add + + .rva .LSEH_begin_ecp_nistz256_sub + .rva .LSEH_end_ecp_nistz256_sub + .rva .LSEH_info_ecp_nistz256_sub + + .rva .LSEH_begin_ecp_nistz256_neg + .rva .LSEH_end_ecp_nistz256_neg + .rva .LSEH_info_ecp_nistz256_neg + + .rva .LSEH_begin_ecp_nistz256_ord_mul_mont + .rva .LSEH_end_ecp_nistz256_ord_mul_mont + .rva .LSEH_info_ecp_nistz256_ord_mul_mont + + .rva .LSEH_begin_ecp_nistz256_ord_sqr_mont + .rva .LSEH_end_ecp_nistz256_ord_sqr_mont + .rva .LSEH_info_ecp_nistz256_ord_sqr_mont +___ +$code.=<<___ if ($addx); + .rva .LSEH_begin_ecp_nistz256_ord_mul_montx + .rva .LSEH_end_ecp_nistz256_ord_mul_montx + .rva .LSEH_info_ecp_nistz256_ord_mul_montx + + .rva .LSEH_begin_ecp_nistz256_ord_sqr_montx + .rva .LSEH_end_ecp_nistz256_ord_sqr_montx + .rva .LSEH_info_ecp_nistz256_ord_sqr_montx +___ +$code.=<<___; + .rva .LSEH_begin_ecp_nistz256_to_mont + .rva .LSEH_end_ecp_nistz256_to_mont + .rva .LSEH_info_ecp_nistz256_to_mont + + .rva .LSEH_begin_ecp_nistz256_mul_mont + .rva .LSEH_end_ecp_nistz256_mul_mont + .rva .LSEH_info_ecp_nistz256_mul_mont + + .rva .LSEH_begin_ecp_nistz256_sqr_mont + .rva .LSEH_end_ecp_nistz256_sqr_mont + .rva .LSEH_info_ecp_nistz256_sqr_mont + + .rva .LSEH_begin_ecp_nistz256_from_mont + .rva .LSEH_end_ecp_nistz256_from_mont + .rva .LSEH_info_ecp_nistz256_from_mont + + .rva .LSEH_begin_ecp_nistz256_gather_w5 + .rva .LSEH_end_ecp_nistz256_gather_w5 + .rva .LSEH_info_ecp_nistz256_gather_wX + + .rva .LSEH_begin_ecp_nistz256_gather_w7 + .rva .LSEH_end_ecp_nistz256_gather_w7 + .rva .LSEH_info_ecp_nistz256_gather_wX +___ +$code.=<<___ if ($avx>1); + .rva .LSEH_begin_ecp_nistz256_avx2_gather_w5 + .rva .LSEH_end_ecp_nistz256_avx2_gather_w5 + .rva .LSEH_info_ecp_nistz256_avx2_gather_wX + + .rva .LSEH_begin_ecp_nistz256_avx2_gather_w7 + .rva .LSEH_end_ecp_nistz256_avx2_gather_w7 + .rva .LSEH_info_ecp_nistz256_avx2_gather_wX +___ +$code.=<<___; + .rva .LSEH_begin_ecp_nistz256_point_double + .rva .LSEH_end_ecp_nistz256_point_double + .rva .LSEH_info_ecp_nistz256_point_double + + .rva .LSEH_begin_ecp_nistz256_point_add + .rva .LSEH_end_ecp_nistz256_point_add + .rva .LSEH_info_ecp_nistz256_point_add + + .rva .LSEH_begin_ecp_nistz256_point_add_affine + .rva .LSEH_end_ecp_nistz256_point_add_affine + .rva .LSEH_info_ecp_nistz256_point_add_affine +___ +$code.=<<___ if ($addx); + .rva .LSEH_begin_ecp_nistz256_point_doublex + .rva .LSEH_end_ecp_nistz256_point_doublex + .rva .LSEH_info_ecp_nistz256_point_doublex + + .rva .LSEH_begin_ecp_nistz256_point_addx + .rva .LSEH_end_ecp_nistz256_point_addx + .rva .LSEH_info_ecp_nistz256_point_addx + + .rva .LSEH_begin_ecp_nistz256_point_add_affinex + .rva .LSEH_end_ecp_nistz256_point_add_affinex + .rva .LSEH_info_ecp_nistz256_point_add_affinex +___ +$code.=<<___; + +.section .xdata +.align 8 +.LSEH_info_ecp_nistz256_mul_by_2: + .byte 9,0,0,0 + .rva short_handler + .rva .Lmul_by_2_body,.Lmul_by_2_epilogue # HandlerData[] +.LSEH_info_ecp_nistz256_div_by_2: + .byte 9,0,0,0 + .rva short_handler + .rva .Ldiv_by_2_body,.Ldiv_by_2_epilogue # HandlerData[] +.LSEH_info_ecp_nistz256_mul_by_3: + .byte 9,0,0,0 + .rva short_handler + .rva .Lmul_by_3_body,.Lmul_by_3_epilogue # HandlerData[] +.LSEH_info_ecp_nistz256_add: + .byte 9,0,0,0 + .rva short_handler + .rva .Ladd_body,.Ladd_epilogue # HandlerData[] +.LSEH_info_ecp_nistz256_sub: + .byte 9,0,0,0 + .rva short_handler + .rva .Lsub_body,.Lsub_epilogue # HandlerData[] +.LSEH_info_ecp_nistz256_neg: + .byte 9,0,0,0 + .rva short_handler + .rva .Lneg_body,.Lneg_epilogue # HandlerData[] +.LSEH_info_ecp_nistz256_ord_mul_mont: + .byte 9,0,0,0 + .rva full_handler + .rva .Lord_mul_body,.Lord_mul_epilogue # HandlerData[] + .long 48,0 +.LSEH_info_ecp_nistz256_ord_sqr_mont: + .byte 9,0,0,0 + .rva full_handler + .rva .Lord_sqr_body,.Lord_sqr_epilogue # HandlerData[] + .long 48,0 +___ +$code.=<<___ if ($addx); +.LSEH_info_ecp_nistz256_ord_mul_montx: + .byte 9,0,0,0 + .rva full_handler + .rva .Lord_mulx_body,.Lord_mulx_epilogue # HandlerData[] + .long 48,0 +.LSEH_info_ecp_nistz256_ord_sqr_montx: + .byte 9,0,0,0 + .rva full_handler + .rva .Lord_sqrx_body,.Lord_sqrx_epilogue # HandlerData[] + .long 48,0 +___ +$code.=<<___; +.LSEH_info_ecp_nistz256_to_mont: + .byte 9,0,0,0 + .rva full_handler + .rva .Lmul_body,.Lmul_epilogue # HandlerData[] + .long 48,0 +.LSEH_info_ecp_nistz256_mul_mont: + .byte 9,0,0,0 + .rva full_handler + .rva .Lmul_body,.Lmul_epilogue # HandlerData[] + .long 48,0 +.LSEH_info_ecp_nistz256_sqr_mont: + .byte 9,0,0,0 + .rva full_handler + .rva .Lsqr_body,.Lsqr_epilogue # HandlerData[] + .long 48,0 +.LSEH_info_ecp_nistz256_from_mont: + .byte 9,0,0,0 + .rva short_handler + .rva .Lfrom_body,.Lfrom_epilogue # HandlerData[] +.LSEH_info_ecp_nistz256_gather_wX: + .byte 0x01,0x33,0x16,0x00 + .byte 0x33,0xf8,0x09,0x00 #movaps 0x90(rsp),xmm15 + .byte 0x2e,0xe8,0x08,0x00 #movaps 0x80(rsp),xmm14 + .byte 0x29,0xd8,0x07,0x00 #movaps 0x70(rsp),xmm13 + .byte 0x24,0xc8,0x06,0x00 #movaps 0x60(rsp),xmm12 + .byte 0x1f,0xb8,0x05,0x00 #movaps 0x50(rsp),xmm11 + .byte 0x1a,0xa8,0x04,0x00 #movaps 0x40(rsp),xmm10 + .byte 0x15,0x98,0x03,0x00 #movaps 0x30(rsp),xmm9 + .byte 0x10,0x88,0x02,0x00 #movaps 0x20(rsp),xmm8 + .byte 0x0c,0x78,0x01,0x00 #movaps 0x10(rsp),xmm7 + .byte 0x08,0x68,0x00,0x00 #movaps 0x00(rsp),xmm6 + .byte 0x04,0x01,0x15,0x00 #sub rsp,0xa8 + .align 8 +___ +$code.=<<___ if ($avx>1); +.LSEH_info_ecp_nistz256_avx2_gather_wX: + .byte 0x01,0x36,0x17,0x0b + .byte 0x36,0xf8,0x09,0x00 # vmovaps 0x90(rsp),xmm15 + .byte 0x31,0xe8,0x08,0x00 # vmovaps 0x80(rsp),xmm14 + .byte 0x2c,0xd8,0x07,0x00 # vmovaps 0x70(rsp),xmm13 + .byte 0x27,0xc8,0x06,0x00 # vmovaps 0x60(rsp),xmm12 + .byte 0x22,0xb8,0x05,0x00 # vmovaps 0x50(rsp),xmm11 + .byte 0x1d,0xa8,0x04,0x00 # vmovaps 0x40(rsp),xmm10 + .byte 0x18,0x98,0x03,0x00 # vmovaps 0x30(rsp),xmm9 + .byte 0x13,0x88,0x02,0x00 # vmovaps 0x20(rsp),xmm8 + .byte 0x0e,0x78,0x01,0x00 # vmovaps 0x10(rsp),xmm7 + .byte 0x09,0x68,0x00,0x00 # vmovaps 0x00(rsp),xmm6 + .byte 0x04,0x01,0x15,0x00 # sub rsp,0xa8 + .byte 0x00,0xb3,0x00,0x00 # set_frame r11 + .align 8 +___ +$code.=<<___; +.LSEH_info_ecp_nistz256_point_double: + .byte 9,0,0,0 + .rva full_handler + .rva .Lpoint_doubleq_body,.Lpoint_doubleq_epilogue # HandlerData[] + .long 32*5+56,0 +.LSEH_info_ecp_nistz256_point_add: + .byte 9,0,0,0 + .rva full_handler + .rva .Lpoint_addq_body,.Lpoint_addq_epilogue # HandlerData[] + .long 32*18+56,0 +.LSEH_info_ecp_nistz256_point_add_affine: + .byte 9,0,0,0 + .rva full_handler + .rva .Ladd_affineq_body,.Ladd_affineq_epilogue # HandlerData[] + .long 32*15+56,0 +___ +$code.=<<___ if ($addx); +.align 8 +.LSEH_info_ecp_nistz256_point_doublex: + .byte 9,0,0,0 + .rva full_handler + .rva .Lpoint_doublex_body,.Lpoint_doublex_epilogue # HandlerData[] + .long 32*5+56,0 +.LSEH_info_ecp_nistz256_point_addx: + .byte 9,0,0,0 + .rva full_handler + .rva .Lpoint_addx_body,.Lpoint_addx_epilogue # HandlerData[] + .long 32*18+56,0 +.LSEH_info_ecp_nistz256_point_add_affinex: + .byte 9,0,0,0 + .rva full_handler + .rva .Ladd_affinex_body,.Ladd_affinex_epilogue # HandlerData[] + .long 32*15+56,0 +___ +} + ######################################################################## # Convert ecp_nistz256_table.c to layout expected by ecp_nistz_gather_w7 # -open TABLE," for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# X25519 lower-level primitives for PPC64. +# +# July 2018. +# +# Base 2^64 is faster than base 2^51 on pre-POWER8, most notably ~15% +# faster on PPC970/G5. POWER8 on the other hand seems to trip on own +# shoelaces when handling longer carry chains. As base 2^51 has just +# single-carry pairs, it's 25% faster than base 2^64. Since PPC970 is +# pretty old, base 2^64 implementation is not engaged. Comparison to +# compiler-generated code is complicated by the fact that not all +# compilers support 128-bit integers. When compiler doesn't, like xlc, +# this module delivers more than 2x improvement, and when it does, +# from 12% to 30% improvement was measured... + +$flavour = shift; +while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or +die "can't locate ppc-xlate.pl"; + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; + +my $sp = "r1"; +my ($rp,$ap,$bp) = map("r$_",3..5); + +####################################################### base 2^64 +if (0) { +my ($bi,$a0,$a1,$a2,$a3,$t0,$t1, $t2,$t3, + $acc0,$acc1,$acc2,$acc3,$acc4,$acc5,$acc6,$acc7) = + map("r$_",(6..12,22..31)); +my $zero = "r0"; +my $FRAME = 16*8; + +$code.=<<___; +.text + +.globl x25519_fe64_mul +.type x25519_fe64_mul,\@function +.align 5 +x25519_fe64_mul: + stdu $sp,-$FRAME($sp) + std r22,`$FRAME-8*10`($sp) + std r23,`$FRAME-8*9`($sp) + std r24,`$FRAME-8*8`($sp) + std r25,`$FRAME-8*7`($sp) + std r26,`$FRAME-8*6`($sp) + std r27,`$FRAME-8*5`($sp) + std r28,`$FRAME-8*4`($sp) + std r29,`$FRAME-8*3`($sp) + std r30,`$FRAME-8*2`($sp) + std r31,`$FRAME-8*1`($sp) + + ld $bi,0($bp) + ld $a0,0($ap) + xor $zero,$zero,$zero + ld $a1,8($ap) + ld $a2,16($ap) + ld $a3,24($ap) + + mulld $acc0,$a0,$bi # a[0]*b[0] + mulhdu $t0,$a0,$bi + mulld $acc1,$a1,$bi # a[1]*b[0] + mulhdu $t1,$a1,$bi + mulld $acc2,$a2,$bi # a[2]*b[0] + mulhdu $t2,$a2,$bi + mulld $acc3,$a3,$bi # a[3]*b[0] + mulhdu $t3,$a3,$bi +___ +for(my @acc=($acc0,$acc1,$acc2,$acc3,$acc4,$acc5,$acc6,$acc7), + my $i=1; $i<4; shift(@acc), $i++) { +my $acc4 = $i==1? $zero : @acc[4]; + +$code.=<<___; + ld $bi,`8*$i`($bp) + addc @acc[1],@acc[1],$t0 # accumulate high parts + mulld $t0,$a0,$bi + adde @acc[2],@acc[2],$t1 + mulld $t1,$a1,$bi + adde @acc[3],@acc[3],$t2 + mulld $t2,$a2,$bi + adde @acc[4],$acc4,$t3 + mulld $t3,$a3,$bi + addc @acc[1],@acc[1],$t0 # accumulate low parts + mulhdu $t0,$a0,$bi + adde @acc[2],@acc[2],$t1 + mulhdu $t1,$a1,$bi + adde @acc[3],@acc[3],$t2 + mulhdu $t2,$a2,$bi + adde @acc[4],@acc[4],$t3 + mulhdu $t3,$a3,$bi + adde @acc[5],$zero,$zero +___ +} +$code.=<<___; + li $bi,38 + addc $acc4,$acc4,$t0 + mulld $t0,$acc4,$bi + adde $acc5,$acc5,$t1 + mulld $t1,$acc5,$bi + adde $acc6,$acc6,$t2 + mulld $t2,$acc6,$bi + adde $acc7,$acc7,$t3 + mulld $t3,$acc7,$bi + + addc $acc0,$acc0,$t0 + mulhdu $t0,$acc4,$bi + adde $acc1,$acc1,$t1 + mulhdu $t1,$acc5,$bi + adde $acc2,$acc2,$t2 + mulhdu $t2,$acc6,$bi + adde $acc3,$acc3,$t3 + mulhdu $t3,$acc7,$bi + adde $acc4,$zero,$zero + + addc $acc1,$acc1,$t0 + adde $acc2,$acc2,$t1 + adde $acc3,$acc3,$t2 + adde $acc4,$acc4,$t3 + + mulld $acc4,$acc4,$bi + + addc $acc0,$acc0,$acc4 + addze $acc1,$acc1 + addze $acc2,$acc2 + addze $acc3,$acc3 + + subfe $acc4,$acc4,$acc4 # carry -> ~mask + std $acc1,8($rp) + andc $acc4,$bi,$acc4 + std $acc2,16($rp) + add $acc0,$acc0,$acc4 + std $acc3,24($rp) + std $acc0,0($rp) + + ld r22,`$FRAME-8*10`($sp) + ld r23,`$FRAME-8*9`($sp) + ld r24,`$FRAME-8*8`($sp) + ld r25,`$FRAME-8*7`($sp) + ld r26,`$FRAME-8*6`($sp) + ld r27,`$FRAME-8*5`($sp) + ld r28,`$FRAME-8*4`($sp) + ld r29,`$FRAME-8*3`($sp) + ld r30,`$FRAME-8*2`($sp) + ld r31,`$FRAME-8*1`($sp) + addi $sp,$sp,$FRAME + blr + .long 0 + .byte 0,12,4,0,0x80,10,3,0 + .long 0 +.size x25519_fe64_mul,.-x25519_fe64_mul + +.globl x25519_fe64_sqr +.type x25519_fe64_sqr,\@function +.align 5 +x25519_fe64_sqr: + stdu $sp,-$FRAME($sp) + std r22,`$FRAME-8*10`($sp) + std r23,`$FRAME-8*9`($sp) + std r24,`$FRAME-8*8`($sp) + std r25,`$FRAME-8*7`($sp) + std r26,`$FRAME-8*6`($sp) + std r27,`$FRAME-8*5`($sp) + std r28,`$FRAME-8*4`($sp) + std r29,`$FRAME-8*3`($sp) + std r30,`$FRAME-8*2`($sp) + std r31,`$FRAME-8*1`($sp) + + ld $a0,0($ap) + xor $zero,$zero,$zero + ld $a1,8($ap) + ld $a2,16($ap) + ld $a3,24($ap) + + ################################ + # | | | | | |a1*a0| | + # | | | | |a2*a0| | | + # | |a3*a2|a3*a0| | | | + # | | | |a2*a1| | | | + # | | |a3*a1| | | | | + # *| | | | | | | | 2| + # +|a3*a3|a2*a2|a1*a1|a0*a0| + # |--+--+--+--+--+--+--+--| + # |A7|A6|A5|A4|A3|A2|A1|A0|, where Ax is $accx, i.e. follow $accx + # + # "can't overflow" below mark carrying into high part of + # multiplication result, which can't overflow, because it + # can never be all ones. + + mulld $acc1,$a1,$a0 # a[1]*a[0] + mulhdu $t1,$a1,$a0 + mulld $acc2,$a2,$a0 # a[2]*a[0] + mulhdu $t2,$a2,$a0 + mulld $acc3,$a3,$a0 # a[3]*a[0] + mulhdu $acc4,$a3,$a0 + + addc $acc2,$acc2,$t1 # accumulate high parts of multiplication + mulld $t0,$a2,$a1 # a[2]*a[1] + mulhdu $t1,$a2,$a1 + adde $acc3,$acc3,$t2 + mulld $t2,$a3,$a1 # a[3]*a[1] + mulhdu $t3,$a3,$a1 + addze $acc4,$acc4 # can't overflow + + mulld $acc5,$a3,$a2 # a[3]*a[2] + mulhdu $acc6,$a3,$a2 + + addc $t1,$t1,$t2 # accumulate high parts of multiplication + mulld $acc0,$a0,$a0 # a[0]*a[0] + addze $t2,$t3 # can't overflow + + addc $acc3,$acc3,$t0 # accumulate low parts of multiplication + mulhdu $a0,$a0,$a0 + adde $acc4,$acc4,$t1 + mulld $t1,$a1,$a1 # a[1]*a[1] + adde $acc5,$acc5,$t2 + mulhdu $a1,$a1,$a1 + addze $acc6,$acc6 # can't overflow + + addc $acc1,$acc1,$acc1 # acc[1-6]*=2 + mulld $t2,$a2,$a2 # a[2]*a[2] + adde $acc2,$acc2,$acc2 + mulhdu $a2,$a2,$a2 + adde $acc3,$acc3,$acc3 + mulld $t3,$a3,$a3 # a[3]*a[3] + adde $acc4,$acc4,$acc4 + mulhdu $a3,$a3,$a3 + adde $acc5,$acc5,$acc5 + adde $acc6,$acc6,$acc6 + addze $acc7,$zero + + addc $acc1,$acc1,$a0 # +a[i]*a[i] + li $bi,38 + adde $acc2,$acc2,$t1 + adde $acc3,$acc3,$a1 + adde $acc4,$acc4,$t2 + adde $acc5,$acc5,$a2 + adde $acc6,$acc6,$t3 + adde $acc7,$acc7,$a3 + + mulld $t0,$acc4,$bi + mulld $t1,$acc5,$bi + mulld $t2,$acc6,$bi + mulld $t3,$acc7,$bi + + addc $acc0,$acc0,$t0 + mulhdu $t0,$acc4,$bi + adde $acc1,$acc1,$t1 + mulhdu $t1,$acc5,$bi + adde $acc2,$acc2,$t2 + mulhdu $t2,$acc6,$bi + adde $acc3,$acc3,$t3 + mulhdu $t3,$acc7,$bi + addze $acc4,$zero + + addc $acc1,$acc1,$t0 + adde $acc2,$acc2,$t1 + adde $acc3,$acc3,$t2 + adde $acc4,$acc4,$t3 + + mulld $acc4,$acc4,$bi + + addc $acc0,$acc0,$acc4 + addze $acc1,$acc1 + addze $acc2,$acc2 + addze $acc3,$acc3 + + subfe $acc4,$acc4,$acc4 # carry -> ~mask + std $acc1,8($rp) + andc $acc4,$bi,$acc4 + std $acc2,16($rp) + add $acc0,$acc0,$acc4 + std $acc3,24($rp) + std $acc0,0($rp) + + ld r22,`$FRAME-8*10`($sp) + ld r23,`$FRAME-8*9`($sp) + ld r24,`$FRAME-8*8`($sp) + ld r25,`$FRAME-8*7`($sp) + ld r26,`$FRAME-8*6`($sp) + ld r27,`$FRAME-8*5`($sp) + ld r28,`$FRAME-8*4`($sp) + ld r29,`$FRAME-8*3`($sp) + ld r30,`$FRAME-8*2`($sp) + ld r31,`$FRAME-8*1`($sp) + addi $sp,$sp,$FRAME + blr + .long 0 + .byte 0,12,4,0,0x80,10,2,0 + .long 0 +.size x25519_fe64_sqr,.-x25519_fe64_sqr + +.globl x25519_fe64_mul121666 +.type x25519_fe64_mul121666,\@function +.align 5 +x25519_fe64_mul121666: + lis $bi,`65536>>16` + ori $bi,$bi,`121666-65536` + + ld $t0,0($ap) + ld $t1,8($ap) + ld $bp,16($ap) + ld $ap,24($ap) + + mulld $a0,$t0,$bi + mulhdu $t0,$t0,$bi + mulld $a1,$t1,$bi + mulhdu $t1,$t1,$bi + mulld $a2,$bp,$bi + mulhdu $bp,$bp,$bi + mulld $a3,$ap,$bi + mulhdu $ap,$ap,$bi + + addc $a1,$a1,$t0 + adde $a2,$a2,$t1 + adde $a3,$a3,$bp + addze $ap, $ap + + mulli $ap,$ap,38 + + addc $a0,$a0,$ap + addze $a1,$a1 + addze $a2,$a2 + addze $a3,$a3 + + subfe $t1,$t1,$t1 # carry -> ~mask + std $a1,8($rp) + andc $t0,$t0,$t1 + std $a2,16($rp) + add $a0,$a0,$t0 + std $a3,24($rp) + std $a0,0($rp) + + blr + .long 0 + .byte 0,12,0x14,0,0,0,2,0 + .long 0 +.size x25519_fe64_mul121666,.-x25519_fe64_mul121666 + +.globl x25519_fe64_add +.type x25519_fe64_add,\@function +.align 5 +x25519_fe64_add: + ld $a0,0($ap) + ld $t0,0($bp) + ld $a1,8($ap) + ld $t1,8($bp) + ld $a2,16($ap) + ld $bi,16($bp) + ld $a3,24($ap) + ld $bp,24($bp) + + addc $a0,$a0,$t0 + adde $a1,$a1,$t1 + adde $a2,$a2,$bi + adde $a3,$a3,$bp + + li $t0,38 + subfe $t1,$t1,$t1 # carry -> ~mask + andc $t1,$t0,$t1 + + addc $a0,$a0,$t1 + addze $a1,$a1 + addze $a2,$a2 + addze $a3,$a3 + + subfe $t1,$t1,$t1 # carry -> ~mask + std $a1,8($rp) + andc $t0,$t0,$t1 + std $a2,16($rp) + add $a0,$a0,$t0 + std $a3,24($rp) + std $a0,0($rp) + + blr + .long 0 + .byte 0,12,0x14,0,0,0,3,0 + .long 0 +.size x25519_fe64_add,.-x25519_fe64_add + +.globl x25519_fe64_sub +.type x25519_fe64_sub,\@function +.align 5 +x25519_fe64_sub: + ld $a0,0($ap) + ld $t0,0($bp) + ld $a1,8($ap) + ld $t1,8($bp) + ld $a2,16($ap) + ld $bi,16($bp) + ld $a3,24($ap) + ld $bp,24($bp) + + subfc $a0,$t0,$a0 + subfe $a1,$t1,$a1 + subfe $a2,$bi,$a2 + subfe $a3,$bp,$a3 + + li $t0,38 + subfe $t1,$t1,$t1 # borrow -> mask + xor $zero,$zero,$zero + and $t1,$t0,$t1 + + subfc $a0,$t1,$a0 + subfe $a1,$zero,$a1 + subfe $a2,$zero,$a2 + subfe $a3,$zero,$a3 + + subfe $t1,$t1,$t1 # borrow -> mask + std $a1,8($rp) + and $t0,$t0,$t1 + std $a2,16($rp) + subf $a0,$t0,$a0 + std $a3,24($rp) + std $a0,0($rp) + + blr + .long 0 + .byte 0,12,0x14,0,0,0,3,0 + .long 0 +.size x25519_fe64_sub,.-x25519_fe64_sub + +.globl x25519_fe64_tobytes +.type x25519_fe64_tobytes,\@function +.align 5 +x25519_fe64_tobytes: + ld $a3,24($ap) + ld $a0,0($ap) + ld $a1,8($ap) + ld $a2,16($ap) + + sradi $t0,$a3,63 # most significant bit -> mask + li $t1,19 + and $t0,$t0,$t1 + sldi $a3,$a3,1 + add $t0,$t0,$t1 # compare to modulus in the same go + srdi $a3,$a3,1 # most signifcant bit cleared + + addc $a0,$a0,$t0 + addze $a1,$a1 + addze $a2,$a2 + addze $a3,$a3 + + xor $zero,$zero,$zero + sradi $t0,$a3,63 # most significant bit -> mask + sldi $a3,$a3,1 + andc $t0,$t1,$t0 + srdi $a3,$a3,1 # most signifcant bit cleared + + subi $rp,$rp,1 + subfc $a0,$t0,$a0 + subfe $a1,$zero,$a1 + subfe $a2,$zero,$a2 + subfe $a3,$zero,$a3 + +___ +for (my @a=($a0,$a1,$a2,$a3), my $i=0; $i<4; shift(@a), $i++) { +$code.=<<___; + srdi $t0,@a[0],8 + stbu @a[0],1($rp) + srdi @a[0],@a[0],16 + stbu $t0,1($rp) + srdi $t0,@a[0],8 + stbu @a[0],1($rp) + srdi @a[0],@a[0],16 + stbu $t0,1($rp) + srdi $t0,@a[0],8 + stbu @a[0],1($rp) + srdi @a[0],@a[0],16 + stbu $t0,1($rp) + srdi $t0,@a[0],8 + stbu @a[0],1($rp) + stbu $t0,1($rp) +___ +} +$code.=<<___; + blr + .long 0 + .byte 0,12,0x14,0,0,0,2,0 + .long 0 +.size x25519_fe64_tobytes,.-x25519_fe64_tobytes +___ +} +####################################################### base 2^51 +{ +my ($bi,$a0,$a1,$a2,$a3,$a4,$t0, $t1, + $h0lo,$h0hi,$h1lo,$h1hi,$h2lo,$h2hi,$h3lo,$h3hi,$h4lo,$h4hi) = + map("r$_",(6..12,21..31)); +my $mask = "r0"; +my $FRAME = 18*8; + +$code.=<<___; +.text + +.globl x25519_fe51_mul +.type x25519_fe51_mul,\@function +.align 5 +x25519_fe51_mul: + stdu $sp,-$FRAME($sp) + std r21,`$FRAME-8*11`($sp) + std r22,`$FRAME-8*10`($sp) + std r23,`$FRAME-8*9`($sp) + std r24,`$FRAME-8*8`($sp) + std r25,`$FRAME-8*7`($sp) + std r26,`$FRAME-8*6`($sp) + std r27,`$FRAME-8*5`($sp) + std r28,`$FRAME-8*4`($sp) + std r29,`$FRAME-8*3`($sp) + std r30,`$FRAME-8*2`($sp) + std r31,`$FRAME-8*1`($sp) + + ld $bi,0($bp) + ld $a0,0($ap) + ld $a1,8($ap) + ld $a2,16($ap) + ld $a3,24($ap) + ld $a4,32($ap) + + mulld $h0lo,$a0,$bi # a[0]*b[0] + mulhdu $h0hi,$a0,$bi + + mulld $h1lo,$a1,$bi # a[1]*b[0] + mulhdu $h1hi,$a1,$bi + + mulld $h4lo,$a4,$bi # a[4]*b[0] + mulhdu $h4hi,$a4,$bi + ld $ap,8($bp) + mulli $a4,$a4,19 + + mulld $h2lo,$a2,$bi # a[2]*b[0] + mulhdu $h2hi,$a2,$bi + + mulld $h3lo,$a3,$bi # a[3]*b[0] + mulhdu $h3hi,$a3,$bi +___ +for(my @a=($a0,$a1,$a2,$a3,$a4), + my $i=1; $i<4; $i++) { + ($ap,$bi) = ($bi,$ap); +$code.=<<___; + mulld $t0,@a[4],$bi + mulhdu $t1,@a[4],$bi + addc $h0lo,$h0lo,$t0 + adde $h0hi,$h0hi,$t1 + + mulld $t0,@a[0],$bi + mulhdu $t1,@a[0],$bi + addc $h1lo,$h1lo,$t0 + adde $h1hi,$h1hi,$t1 + + mulld $t0,@a[3],$bi + mulhdu $t1,@a[3],$bi + ld $ap,`8*($i+1)`($bp) + mulli @a[3],@a[3],19 + addc $h4lo,$h4lo,$t0 + adde $h4hi,$h4hi,$t1 + + mulld $t0,@a[1],$bi + mulhdu $t1,@a[1],$bi + addc $h2lo,$h2lo,$t0 + adde $h2hi,$h2hi,$t1 + + mulld $t0,@a[2],$bi + mulhdu $t1,@a[2],$bi + addc $h3lo,$h3lo,$t0 + adde $h3hi,$h3hi,$t1 +___ + unshift(@a,pop(@a)); +} + ($ap,$bi) = ($bi,$ap); +$code.=<<___; + mulld $t0,$a1,$bi + mulhdu $t1,$a1,$bi + addc $h0lo,$h0lo,$t0 + adde $h0hi,$h0hi,$t1 + + mulld $t0,$a2,$bi + mulhdu $t1,$a2,$bi + addc $h1lo,$h1lo,$t0 + adde $h1hi,$h1hi,$t1 + + mulld $t0,$a3,$bi + mulhdu $t1,$a3,$bi + addc $h2lo,$h2lo,$t0 + adde $h2hi,$h2hi,$t1 + + mulld $t0,$a4,$bi + mulhdu $t1,$a4,$bi + addc $h3lo,$h3lo,$t0 + adde $h3hi,$h3hi,$t1 + + mulld $t0,$a0,$bi + mulhdu $t1,$a0,$bi + addc $h4lo,$h4lo,$t0 + adde $h4hi,$h4hi,$t1 + +.Lfe51_reduce: + li $mask,-1 + srdi $mask,$mask,13 # 0x7ffffffffffff + + srdi $t0,$h2lo,51 + and $a2,$h2lo,$mask + insrdi $t0,$h2hi,51,0 # h2>>51 + srdi $t1,$h0lo,51 + and $a0,$h0lo,$mask + insrdi $t1,$h0hi,51,0 # h0>>51 + addc $h3lo,$h3lo,$t0 + addze $h3hi,$h3hi + addc $h1lo,$h1lo,$t1 + addze $h1hi,$h1hi + + srdi $t0,$h3lo,51 + and $a3,$h3lo,$mask + insrdi $t0,$h3hi,51,0 # h3>>51 + srdi $t1,$h1lo,51 + and $a1,$h1lo,$mask + insrdi $t1,$h1hi,51,0 # h1>>51 + addc $h4lo,$h4lo,$t0 + addze $h4hi,$h4hi + add $a2,$a2,$t1 + + srdi $t0,$h4lo,51 + and $a4,$h4lo,$mask + insrdi $t0,$h4hi,51,0 + mulli $t0,$t0,19 # (h4 >> 51) * 19 + + add $a0,$a0,$t0 + + srdi $t1,$a2,51 + and $a2,$a2,$mask + add $a3,$a3,$t1 + + srdi $t0,$a0,51 + and $a0,$a0,$mask + add $a1,$a1,$t0 + + std $a2,16($rp) + std $a3,24($rp) + std $a4,32($rp) + std $a0,0($rp) + std $a1,8($rp) + + ld r21,`$FRAME-8*11`($sp) + ld r22,`$FRAME-8*10`($sp) + ld r23,`$FRAME-8*9`($sp) + ld r24,`$FRAME-8*8`($sp) + ld r25,`$FRAME-8*7`($sp) + ld r26,`$FRAME-8*6`($sp) + ld r27,`$FRAME-8*5`($sp) + ld r28,`$FRAME-8*4`($sp) + ld r29,`$FRAME-8*3`($sp) + ld r30,`$FRAME-8*2`($sp) + ld r31,`$FRAME-8*1`($sp) + addi $sp,$sp,$FRAME + blr + .long 0 + .byte 0,12,4,0,0x80,11,3,0 + .long 0 +.size x25519_fe51_mul,.-x25519_fe51_mul +___ +{ +my ($a0,$a1,$a2,$a3,$a4,$t0,$t1) = ($a0,$a1,$a2,$a3,$a4,$t0,$t1); +$code.=<<___; +.globl x25519_fe51_sqr +.type x25519_fe51_sqr,\@function +.align 5 +x25519_fe51_sqr: + stdu $sp,-$FRAME($sp) + std r21,`$FRAME-8*11`($sp) + std r22,`$FRAME-8*10`($sp) + std r23,`$FRAME-8*9`($sp) + std r24,`$FRAME-8*8`($sp) + std r25,`$FRAME-8*7`($sp) + std r26,`$FRAME-8*6`($sp) + std r27,`$FRAME-8*5`($sp) + std r28,`$FRAME-8*4`($sp) + std r29,`$FRAME-8*3`($sp) + std r30,`$FRAME-8*2`($sp) + std r31,`$FRAME-8*1`($sp) + + ld $a0,0($ap) + ld $a1,8($ap) + ld $a2,16($ap) + ld $a3,24($ap) + ld $a4,32($ap) + + add $bi,$a0,$a0 # a[0]*2 + mulli $t1,$a4,19 # a[4]*19 + + mulld $h0lo,$a0,$a0 + mulhdu $h0hi,$a0,$a0 + mulld $h1lo,$a1,$bi + mulhdu $h1hi,$a1,$bi + mulld $h2lo,$a2,$bi + mulhdu $h2hi,$a2,$bi + mulld $h3lo,$a3,$bi + mulhdu $h3hi,$a3,$bi + mulld $h4lo,$a4,$bi + mulhdu $h4hi,$a4,$bi + add $bi,$a1,$a1 # a[1]*2 +___ + ($a4,$t1) = ($t1,$a4); +$code.=<<___; + mulld $t0,$t1,$a4 + mulhdu $t1,$t1,$a4 + addc $h3lo,$h3lo,$t0 + adde $h3hi,$h3hi,$t1 + + mulli $bp,$a3,19 # a[3]*19 + + mulld $t0,$a1,$a1 + mulhdu $t1,$a1,$a1 + addc $h2lo,$h2lo,$t0 + adde $h2hi,$h2hi,$t1 + mulld $t0,$a2,$bi + mulhdu $t1,$a2,$bi + addc $h3lo,$h3lo,$t0 + adde $h3hi,$h3hi,$t1 + mulld $t0,$a3,$bi + mulhdu $t1,$a3,$bi + addc $h4lo,$h4lo,$t0 + adde $h4hi,$h4hi,$t1 + mulld $t0,$a4,$bi + mulhdu $t1,$a4,$bi + add $bi,$a3,$a3 # a[3]*2 + addc $h0lo,$h0lo,$t0 + adde $h0hi,$h0hi,$t1 +___ + ($a3,$t1) = ($bp,$a3); +$code.=<<___; + mulld $t0,$t1,$a3 + mulhdu $t1,$t1,$a3 + addc $h1lo,$h1lo,$t0 + adde $h1hi,$h1hi,$t1 + mulld $t0,$bi,$a4 + mulhdu $t1,$bi,$a4 + add $bi,$a2,$a2 # a[2]*2 + addc $h2lo,$h2lo,$t0 + adde $h2hi,$h2hi,$t1 + + mulld $t0,$a2,$a2 + mulhdu $t1,$a2,$a2 + addc $h4lo,$h4lo,$t0 + adde $h4hi,$h4hi,$t1 + mulld $t0,$a3,$bi + mulhdu $t1,$a3,$bi + addc $h0lo,$h0lo,$t0 + adde $h0hi,$h0hi,$t1 + mulld $t0,$a4,$bi + mulhdu $t1,$a4,$bi + addc $h1lo,$h1lo,$t0 + adde $h1hi,$h1hi,$t1 + + b .Lfe51_reduce + .long 0 + .byte 0,12,4,0,0x80,11,2,0 + .long 0 +.size x25519_fe51_sqr,.-x25519_fe51_sqr +___ +} +$code.=<<___; +.globl x25519_fe51_mul121666 +.type x25519_fe51_mul121666,\@function +.align 5 +x25519_fe51_mul121666: + stdu $sp,-$FRAME($sp) + std r21,`$FRAME-8*11`($sp) + std r22,`$FRAME-8*10`($sp) + std r23,`$FRAME-8*9`($sp) + std r24,`$FRAME-8*8`($sp) + std r25,`$FRAME-8*7`($sp) + std r26,`$FRAME-8*6`($sp) + std r27,`$FRAME-8*5`($sp) + std r28,`$FRAME-8*4`($sp) + std r29,`$FRAME-8*3`($sp) + std r30,`$FRAME-8*2`($sp) + std r31,`$FRAME-8*1`($sp) + + lis $bi,`65536>>16` + ori $bi,$bi,`121666-65536` + ld $a0,0($ap) + ld $a1,8($ap) + ld $a2,16($ap) + ld $a3,24($ap) + ld $a4,32($ap) + + mulld $h0lo,$a0,$bi # a[0]*121666 + mulhdu $h0hi,$a0,$bi + mulld $h1lo,$a1,$bi # a[1]*121666 + mulhdu $h1hi,$a1,$bi + mulld $h2lo,$a2,$bi # a[2]*121666 + mulhdu $h2hi,$a2,$bi + mulld $h3lo,$a3,$bi # a[3]*121666 + mulhdu $h3hi,$a3,$bi + mulld $h4lo,$a4,$bi # a[4]*121666 + mulhdu $h4hi,$a4,$bi + + b .Lfe51_reduce + .long 0 + .byte 0,12,4,0,0x80,11,2,0 + .long 0 +.size x25519_fe51_mul121666,.-x25519_fe51_mul121666 +___ +} + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +print $code; +close STDOUT; diff --git a/deps/openssl/openssl/crypto/ec/asm/x25519-x86_64.pl b/deps/openssl/openssl/crypto/ec/asm/x25519-x86_64.pl new file mode 100755 index 00000000000000..18dc6af9fae9fa --- /dev/null +++ b/deps/openssl/openssl/crypto/ec/asm/x25519-x86_64.pl @@ -0,0 +1,1117 @@ +#!/usr/bin/env perl +# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# X25519 lower-level primitives for x86_64. +# +# February 2018. +# +# This module implements radix 2^51 multiplication and squaring, and +# radix 2^64 multiplication, squaring, addition, subtraction and final +# reduction. Latter radix is used on ADCX/ADOX-capable processors such +# as Broadwell. On related note one should mention that there are +# vector implementations that provide significantly better performance +# on some processors(*), but they are large and overly complex. Which +# in combination with them being effectively processor-specific makes +# the undertaking hard to justify. The goal for this implementation +# is rather versatility and simplicity [and ultimately formal +# verification]. +# +# (*) For example sandy2x should provide ~30% improvement on Sandy +# Bridge, but only nominal ~5% on Haswell [and big loss on +# Broadwell and successors]. +# +###################################################################### +# Improvement coefficients: +# +# amd64-51(*) gcc-5.x(**) +# +# P4 +22% +40% +# Sandy Bridge -3% +11% +# Haswell -1% +13% +# Broadwell(***) +30% +35% +# Skylake(***) +33% +47% +# Silvermont +20% +26% +# Goldmont +40% +50% +# Bulldozer +20% +9% +# Ryzen(***) +43% +40% +# VIA +170% +120% +# +# (*) amd64-51 is popular assembly implementation with 2^51 radix, +# only multiplication and squaring subroutines were linked +# for comparison, but not complete ladder step; gain on most +# processors is because this module refrains from shld, and +# minor regression on others is because this does result in +# higher instruction count; +# (**) compiler is free to inline functions, in assembly one would +# need to implement ladder step to do that, and it will improve +# performance by several percent; +# (***) ADCX/ADOX result for 2^64 radix, there is no corresponding +# C implementation, so that comparison is always against +# 2^51 radix; + +$flavour = shift; +$output = shift; +if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } + +$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or +die "can't locate x86_64-xlate.pl"; + +open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\""; +*STDOUT=*OUT; + +if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` + =~ /GNU assembler version ([2-9]\.[0-9]+)/) { + $addx = ($1>=2.23); +} + +if (!$addx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) && + `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) { + $addx = ($1>=2.10); +} + +if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && + `ml64 2>&1` =~ /Version ([0-9]+)\./) { + $addx = ($1>=12); +} + +if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) { + my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 + $addx = ($ver>=3.03); +} + +$code.=<<___; +.text + +.globl x25519_fe51_mul +.type x25519_fe51_mul,\@function,3 +.align 32 +x25519_fe51_mul: +.cfi_startproc + push %rbp +.cfi_push %rbp + push %rbx +.cfi_push %rbx + push %r12 +.cfi_push %r12 + push %r13 +.cfi_push %r13 + push %r14 +.cfi_push %r14 + push %r15 +.cfi_push %r15 + lea -8*5(%rsp),%rsp +.cfi_adjust_cfa_offset 40 +.Lfe51_mul_body: + + mov 8*0(%rsi),%rax # f[0] + mov 8*0(%rdx),%r11 # load g[0-4] + mov 8*1(%rdx),%r12 + mov 8*2(%rdx),%r13 + mov 8*3(%rdx),%rbp + mov 8*4(%rdx),%r14 + + mov %rdi,8*4(%rsp) # offload 1st argument + mov %rax,%rdi + mulq %r11 # f[0]*g[0] + mov %r11,8*0(%rsp) # offload g[0] + mov %rax,%rbx # %rbx:%rcx = h0 + mov %rdi,%rax + mov %rdx,%rcx + mulq %r12 # f[0]*g[1] + mov %r12,8*1(%rsp) # offload g[1] + mov %rax,%r8 # %r8:%r9 = h1 + mov %rdi,%rax + lea (%r14,%r14,8),%r15 + mov %rdx,%r9 + mulq %r13 # f[0]*g[2] + mov %r13,8*2(%rsp) # offload g[2] + mov %rax,%r10 # %r10:%r11 = h2 + mov %rdi,%rax + lea (%r14,%r15,2),%rdi # g[4]*19 + mov %rdx,%r11 + mulq %rbp # f[0]*g[3] + mov %rax,%r12 # %r12:%r13 = h3 + mov 8*0(%rsi),%rax # f[0] + mov %rdx,%r13 + mulq %r14 # f[0]*g[4] + mov %rax,%r14 # %r14:%r15 = h4 + mov 8*1(%rsi),%rax # f[1] + mov %rdx,%r15 + + mulq %rdi # f[1]*g[4]*19 + add %rax,%rbx + mov 8*2(%rsi),%rax # f[2] + adc %rdx,%rcx + mulq %rdi # f[2]*g[4]*19 + add %rax,%r8 + mov 8*3(%rsi),%rax # f[3] + adc %rdx,%r9 + mulq %rdi # f[3]*g[4]*19 + add %rax,%r10 + mov 8*4(%rsi),%rax # f[4] + adc %rdx,%r11 + mulq %rdi # f[4]*g[4]*19 + imulq \$19,%rbp,%rdi # g[3]*19 + add %rax,%r12 + mov 8*1(%rsi),%rax # f[1] + adc %rdx,%r13 + mulq %rbp # f[1]*g[3] + mov 8*2(%rsp),%rbp # g[2] + add %rax,%r14 + mov 8*2(%rsi),%rax # f[2] + adc %rdx,%r15 + + mulq %rdi # f[2]*g[3]*19 + add %rax,%rbx + mov 8*3(%rsi),%rax # f[3] + adc %rdx,%rcx + mulq %rdi # f[3]*g[3]*19 + add %rax,%r8 + mov 8*4(%rsi),%rax # f[4] + adc %rdx,%r9 + mulq %rdi # f[4]*g[3]*19 + imulq \$19,%rbp,%rdi # g[2]*19 + add %rax,%r10 + mov 8*1(%rsi),%rax # f[1] + adc %rdx,%r11 + mulq %rbp # f[1]*g[2] + add %rax,%r12 + mov 8*2(%rsi),%rax # f[2] + adc %rdx,%r13 + mulq %rbp # f[2]*g[2] + mov 8*1(%rsp),%rbp # g[1] + add %rax,%r14 + mov 8*3(%rsi),%rax # f[3] + adc %rdx,%r15 + + mulq %rdi # f[3]*g[2]*19 + add %rax,%rbx + mov 8*4(%rsi),%rax # f[3] + adc %rdx,%rcx + mulq %rdi # f[4]*g[2]*19 + add %rax,%r8 + mov 8*1(%rsi),%rax # f[1] + adc %rdx,%r9 + mulq %rbp # f[1]*g[1] + imulq \$19,%rbp,%rdi + add %rax,%r10 + mov 8*2(%rsi),%rax # f[2] + adc %rdx,%r11 + mulq %rbp # f[2]*g[1] + add %rax,%r12 + mov 8*3(%rsi),%rax # f[3] + adc %rdx,%r13 + mulq %rbp # f[3]*g[1] + mov 8*0(%rsp),%rbp # g[0] + add %rax,%r14 + mov 8*4(%rsi),%rax # f[4] + adc %rdx,%r15 + + mulq %rdi # f[4]*g[1]*19 + add %rax,%rbx + mov 8*1(%rsi),%rax # f[1] + adc %rdx,%rcx + mul %rbp # f[1]*g[0] + add %rax,%r8 + mov 8*2(%rsi),%rax # f[2] + adc %rdx,%r9 + mul %rbp # f[2]*g[0] + add %rax,%r10 + mov 8*3(%rsi),%rax # f[3] + adc %rdx,%r11 + mul %rbp # f[3]*g[0] + add %rax,%r12 + mov 8*4(%rsi),%rax # f[4] + adc %rdx,%r13 + mulq %rbp # f[4]*g[0] + add %rax,%r14 + adc %rdx,%r15 + + mov 8*4(%rsp),%rdi # restore 1st argument + jmp .Lreduce51 +.Lfe51_mul_epilogue: +.cfi_endproc +.size x25519_fe51_mul,.-x25519_fe51_mul + +.globl x25519_fe51_sqr +.type x25519_fe51_sqr,\@function,2 +.align 32 +x25519_fe51_sqr: +.cfi_startproc + push %rbp +.cfi_push %rbp + push %rbx +.cfi_push %rbx + push %r12 +.cfi_push %r12 + push %r13 +.cfi_push %r13 + push %r14 +.cfi_push %r14 + push %r15 +.cfi_push %r15 + lea -8*5(%rsp),%rsp +.cfi_adjust_cfa_offset 40 +.Lfe51_sqr_body: + + mov 8*0(%rsi),%rax # g[0] + mov 8*2(%rsi),%r15 # g[2] + mov 8*4(%rsi),%rbp # g[4] + + mov %rdi,8*4(%rsp) # offload 1st argument + lea (%rax,%rax),%r14 + mulq %rax # g[0]*g[0] + mov %rax,%rbx + mov 8*1(%rsi),%rax # g[1] + mov %rdx,%rcx + mulq %r14 # 2*g[0]*g[1] + mov %rax,%r8 + mov %r15,%rax + mov %r15,8*0(%rsp) # offload g[2] + mov %rdx,%r9 + mulq %r14 # 2*g[0]*g[2] + mov %rax,%r10 + mov 8*3(%rsi),%rax + mov %rdx,%r11 + imulq \$19,%rbp,%rdi # g[4]*19 + mulq %r14 # 2*g[0]*g[3] + mov %rax,%r12 + mov %rbp,%rax + mov %rdx,%r13 + mulq %r14 # 2*g[0]*g[4] + mov %rax,%r14 + mov %rbp,%rax + mov %rdx,%r15 + + mulq %rdi # g[4]*g[4]*19 + add %rax,%r12 + mov 8*1(%rsi),%rax # g[1] + adc %rdx,%r13 + + mov 8*3(%rsi),%rsi # g[3] + lea (%rax,%rax),%rbp + mulq %rax # g[1]*g[1] + add %rax,%r10 + mov 8*0(%rsp),%rax # g[2] + adc %rdx,%r11 + mulq %rbp # 2*g[1]*g[2] + add %rax,%r12 + mov %rbp,%rax + adc %rdx,%r13 + mulq %rsi # 2*g[1]*g[3] + add %rax,%r14 + mov %rbp,%rax + adc %rdx,%r15 + imulq \$19,%rsi,%rbp # g[3]*19 + mulq %rdi # 2*g[1]*g[4]*19 + add %rax,%rbx + lea (%rsi,%rsi),%rax + adc %rdx,%rcx + + mulq %rdi # 2*g[3]*g[4]*19 + add %rax,%r10 + mov %rsi,%rax + adc %rdx,%r11 + mulq %rbp # g[3]*g[3]*19 + add %rax,%r8 + mov 8*0(%rsp),%rax # g[2] + adc %rdx,%r9 + + lea (%rax,%rax),%rsi + mulq %rax # g[2]*g[2] + add %rax,%r14 + mov %rbp,%rax + adc %rdx,%r15 + mulq %rsi # 2*g[2]*g[3]*19 + add %rax,%rbx + mov %rsi,%rax + adc %rdx,%rcx + mulq %rdi # 2*g[2]*g[4]*19 + add %rax,%r8 + adc %rdx,%r9 + + mov 8*4(%rsp),%rdi # restore 1st argument + jmp .Lreduce51 + +.align 32 +.Lreduce51: + mov \$0x7ffffffffffff,%rbp + + mov %r10,%rdx + shr \$51,%r10 + shl \$13,%r11 + and %rbp,%rdx # %rdx = g2 = h2 & mask + or %r10,%r11 # h2>>51 + add %r11,%r12 + adc \$0,%r13 # h3 += h2>>51 + + mov %rbx,%rax + shr \$51,%rbx + shl \$13,%rcx + and %rbp,%rax # %rax = g0 = h0 & mask + or %rbx,%rcx # h0>>51 + add %rcx,%r8 # h1 += h0>>51 + adc \$0,%r9 + + mov %r12,%rbx + shr \$51,%r12 + shl \$13,%r13 + and %rbp,%rbx # %rbx = g3 = h3 & mask + or %r12,%r13 # h3>>51 + add %r13,%r14 # h4 += h3>>51 + adc \$0,%r15 + + mov %r8,%rcx + shr \$51,%r8 + shl \$13,%r9 + and %rbp,%rcx # %rcx = g1 = h1 & mask + or %r8,%r9 + add %r9,%rdx # g2 += h1>>51 + + mov %r14,%r10 + shr \$51,%r14 + shl \$13,%r15 + and %rbp,%r10 # %r10 = g4 = h0 & mask + or %r14,%r15 # h0>>51 + + lea (%r15,%r15,8),%r14 + lea (%r15,%r14,2),%r15 + add %r15,%rax # g0 += (h0>>51)*19 + + mov %rdx,%r8 + and %rbp,%rdx # g2 &= mask + shr \$51,%r8 + add %r8,%rbx # g3 += g2>>51 + + mov %rax,%r9 + and %rbp,%rax # g0 &= mask + shr \$51,%r9 + add %r9,%rcx # g1 += g0>>51 + + mov %rax,8*0(%rdi) # save the result + mov %rcx,8*1(%rdi) + mov %rdx,8*2(%rdi) + mov %rbx,8*3(%rdi) + mov %r10,8*4(%rdi) + + mov 8*5(%rsp),%r15 +.cfi_restore %r15 + mov 8*6(%rsp),%r14 +.cfi_restore %r14 + mov 8*7(%rsp),%r13 +.cfi_restore %r13 + mov 8*8(%rsp),%r12 +.cfi_restore %r12 + mov 8*9(%rsp),%rbx +.cfi_restore %rbx + mov 8*10(%rsp),%rbp +.cfi_restore %rbp + lea 8*11(%rsp),%rsp +.cfi_adjust_cfa_offset 88 +.Lfe51_sqr_epilogue: + ret +.cfi_endproc +.size x25519_fe51_sqr,.-x25519_fe51_sqr + +.globl x25519_fe51_mul121666 +.type x25519_fe51_mul121666,\@function,2 +.align 32 +x25519_fe51_mul121666: +.cfi_startproc + push %rbp +.cfi_push %rbp + push %rbx +.cfi_push %rbx + push %r12 +.cfi_push %r12 + push %r13 +.cfi_push %r13 + push %r14 +.cfi_push %r14 + push %r15 +.cfi_push %r15 + lea -8*5(%rsp),%rsp +.cfi_adjust_cfa_offset 40 +.Lfe51_mul121666_body: + mov \$121666,%eax + + mulq 8*0(%rsi) + mov %rax,%rbx # %rbx:%rcx = h0 + mov \$121666,%eax + mov %rdx,%rcx + mulq 8*1(%rsi) + mov %rax,%r8 # %r8:%r9 = h1 + mov \$121666,%eax + mov %rdx,%r9 + mulq 8*2(%rsi) + mov %rax,%r10 # %r10:%r11 = h2 + mov \$121666,%eax + mov %rdx,%r11 + mulq 8*3(%rsi) + mov %rax,%r12 # %r12:%r13 = h3 + mov \$121666,%eax # f[0] + mov %rdx,%r13 + mulq 8*4(%rsi) + mov %rax,%r14 # %r14:%r15 = h4 + mov %rdx,%r15 + + jmp .Lreduce51 +.Lfe51_mul121666_epilogue: +.cfi_endproc +.size x25519_fe51_mul121666,.-x25519_fe51_mul121666 +___ +######################################################################## +# Base 2^64 subroutines modulo 2*(2^255-19) +# +if ($addx) { +my ($acc0,$acc1,$acc2,$acc3,$acc4,$acc5,$acc6,$acc7) = map("%r$_",(8..15)); + +$code.=<<___; +.extern OPENSSL_ia32cap_P +.globl x25519_fe64_eligible +.type x25519_fe64_eligible,\@abi-omnipotent +.align 32 +x25519_fe64_eligible: + mov OPENSSL_ia32cap_P+8(%rip),%ecx + xor %eax,%eax + and \$0x80100,%ecx + cmp \$0x80100,%ecx + cmove %ecx,%eax + ret +.size x25519_fe64_eligible,.-x25519_fe64_eligible + +.globl x25519_fe64_mul +.type x25519_fe64_mul,\@function,3 +.align 32 +x25519_fe64_mul: +.cfi_startproc + push %rbp +.cfi_push %rbp + push %rbx +.cfi_push %rbx + push %r12 +.cfi_push %r12 + push %r13 +.cfi_push %r13 + push %r14 +.cfi_push %r14 + push %r15 +.cfi_push %r15 + push %rdi # offload dst +.cfi_push %rdi + lea -8*2(%rsp),%rsp +.cfi_adjust_cfa_offset 16 +.Lfe64_mul_body: + + mov %rdx,%rax + mov 8*0(%rdx),%rbp # b[0] + mov 8*0(%rsi),%rdx # a[0] + mov 8*1(%rax),%rcx # b[1] + mov 8*2(%rax),$acc6 # b[2] + mov 8*3(%rax),$acc7 # b[3] + + mulx %rbp,$acc0,%rax # a[0]*b[0] + xor %edi,%edi # cf=0,of=0 + mulx %rcx,$acc1,%rbx # a[0]*b[1] + adcx %rax,$acc1 + mulx $acc6,$acc2,%rax # a[0]*b[2] + adcx %rbx,$acc2 + mulx $acc7,$acc3,$acc4 # a[0]*b[3] + mov 8*1(%rsi),%rdx # a[1] + adcx %rax,$acc3 + mov $acc6,(%rsp) # offload b[2] + adcx %rdi,$acc4 # cf=0 + + mulx %rbp,%rax,%rbx # a[1]*b[0] + adox %rax,$acc1 + adcx %rbx,$acc2 + mulx %rcx,%rax,%rbx # a[1]*b[1] + adox %rax,$acc2 + adcx %rbx,$acc3 + mulx $acc6,%rax,%rbx # a[1]*b[2] + adox %rax,$acc3 + adcx %rbx,$acc4 + mulx $acc7,%rax,$acc5 # a[1]*b[3] + mov 8*2(%rsi),%rdx # a[2] + adox %rax,$acc4 + adcx %rdi,$acc5 # cf=0 + adox %rdi,$acc5 # of=0 + + mulx %rbp,%rax,%rbx # a[2]*b[0] + adcx %rax,$acc2 + adox %rbx,$acc3 + mulx %rcx,%rax,%rbx # a[2]*b[1] + adcx %rax,$acc3 + adox %rbx,$acc4 + mulx $acc6,%rax,%rbx # a[2]*b[2] + adcx %rax,$acc4 + adox %rbx,$acc5 + mulx $acc7,%rax,$acc6 # a[2]*b[3] + mov 8*3(%rsi),%rdx # a[3] + adcx %rax,$acc5 + adox %rdi,$acc6 # of=0 + adcx %rdi,$acc6 # cf=0 + + mulx %rbp,%rax,%rbx # a[3]*b[0] + adox %rax,$acc3 + adcx %rbx,$acc4 + mulx %rcx,%rax,%rbx # a[3]*b[1] + adox %rax,$acc4 + adcx %rbx,$acc5 + mulx (%rsp),%rax,%rbx # a[3]*b[2] + adox %rax,$acc5 + adcx %rbx,$acc6 + mulx $acc7,%rax,$acc7 # a[3]*b[3] + mov \$38,%edx + adox %rax,$acc6 + adcx %rdi,$acc7 # cf=0 + adox %rdi,$acc7 # of=0 + + jmp .Lreduce64 +.Lfe64_mul_epilogue: +.cfi_endproc +.size x25519_fe64_mul,.-x25519_fe64_mul + +.globl x25519_fe64_sqr +.type x25519_fe64_sqr,\@function,2 +.align 32 +x25519_fe64_sqr: +.cfi_startproc + push %rbp +.cfi_push %rbp + push %rbx +.cfi_push %rbx + push %r12 +.cfi_push %r12 + push %r13 +.cfi_push %r13 + push %r14 +.cfi_push %r14 + push %r15 +.cfi_push %r15 + push %rdi # offload dst +.cfi_push %rdi + lea -8*2(%rsp),%rsp +.cfi_adjust_cfa_offset 16 +.Lfe64_sqr_body: + + mov 8*0(%rsi),%rdx # a[0] + mov 8*1(%rsi),%rcx # a[1] + mov 8*2(%rsi),%rbp # a[2] + mov 8*3(%rsi),%rsi # a[3] + + ################################################################ + mulx %rdx,$acc0,$acc7 # a[0]*a[0] + mulx %rcx,$acc1,%rax # a[0]*a[1] + xor %edi,%edi # cf=0,of=0 + mulx %rbp,$acc2,%rbx # a[0]*a[2] + adcx %rax,$acc2 + mulx %rsi,$acc3,$acc4 # a[0]*a[3] + mov %rcx,%rdx # a[1] + adcx %rbx,$acc3 + adcx %rdi,$acc4 # cf=0 + + ################################################################ + mulx %rbp,%rax,%rbx # a[1]*a[2] + adox %rax,$acc3 + adcx %rbx,$acc4 + mulx %rsi,%rax,$acc5 # a[1]*a[3] + mov %rbp,%rdx # a[2] + adox %rax,$acc4 + adcx %rdi,$acc5 + + ################################################################ + mulx %rsi,%rax,$acc6 # a[2]*a[3] + mov %rcx,%rdx # a[1] + adox %rax,$acc5 + adcx %rdi,$acc6 # cf=0 + adox %rdi,$acc6 # of=0 + + adcx $acc1,$acc1 # acc1:6<<1 + adox $acc7,$acc1 + adcx $acc2,$acc2 + mulx %rdx,%rax,%rbx # a[1]*a[1] + mov %rbp,%rdx # a[2] + adcx $acc3,$acc3 + adox %rax,$acc2 + adcx $acc4,$acc4 + adox %rbx,$acc3 + mulx %rdx,%rax,%rbx # a[2]*a[2] + mov %rsi,%rdx # a[3] + adcx $acc5,$acc5 + adox %rax,$acc4 + adcx $acc6,$acc6 + adox %rbx,$acc5 + mulx %rdx,%rax,$acc7 # a[3]*a[3] + mov \$38,%edx + adox %rax,$acc6 + adcx %rdi,$acc7 # cf=0 + adox %rdi,$acc7 # of=0 + jmp .Lreduce64 + +.align 32 +.Lreduce64: + mulx $acc4,%rax,%rbx + adcx %rax,$acc0 + adox %rbx,$acc1 + mulx $acc5,%rax,%rbx + adcx %rax,$acc1 + adox %rbx,$acc2 + mulx $acc6,%rax,%rbx + adcx %rax,$acc2 + adox %rbx,$acc3 + mulx $acc7,%rax,$acc4 + adcx %rax,$acc3 + adox %rdi,$acc4 + adcx %rdi,$acc4 + + mov 8*2(%rsp),%rdi # restore dst + imulq %rdx,$acc4 + + add $acc4,$acc0 + adc \$0,$acc1 + adc \$0,$acc2 + adc \$0,$acc3 + + sbb %rax,%rax # cf -> mask + and \$38,%rax + + add %rax,$acc0 + mov $acc1,8*1(%rdi) + mov $acc2,8*2(%rdi) + mov $acc3,8*3(%rdi) + mov $acc0,8*0(%rdi) + + mov 8*3(%rsp),%r15 +.cfi_restore %r15 + mov 8*4(%rsp),%r14 +.cfi_restore %r14 + mov 8*5(%rsp),%r13 +.cfi_restore %r13 + mov 8*6(%rsp),%r12 +.cfi_restore %r12 + mov 8*7(%rsp),%rbx +.cfi_restore %rbx + mov 8*8(%rsp),%rbp +.cfi_restore %rbp + lea 8*9(%rsp),%rsp +.cfi_adjust_cfa_offset 88 +.Lfe64_sqr_epilogue: + ret +.cfi_endproc +.size x25519_fe64_sqr,.-x25519_fe64_sqr + +.globl x25519_fe64_mul121666 +.type x25519_fe64_mul121666,\@function,2 +.align 32 +x25519_fe64_mul121666: +.Lfe64_mul121666_body: + mov \$121666,%edx + mulx 8*0(%rsi),$acc0,%rcx + mulx 8*1(%rsi),$acc1,%rax + add %rcx,$acc1 + mulx 8*2(%rsi),$acc2,%rcx + adc %rax,$acc2 + mulx 8*3(%rsi),$acc3,%rax + adc %rcx,$acc3 + adc \$0,%rax + + imulq \$38,%rax,%rax + + add %rax,$acc0 + adc \$0,$acc1 + adc \$0,$acc2 + adc \$0,$acc3 + + sbb %rax,%rax # cf -> mask + and \$38,%rax + + add %rax,$acc0 + mov $acc1,8*1(%rdi) + mov $acc2,8*2(%rdi) + mov $acc3,8*3(%rdi) + mov $acc0,8*0(%rdi) + +.Lfe64_mul121666_epilogue: + ret +.size x25519_fe64_mul121666,.-x25519_fe64_mul121666 + +.globl x25519_fe64_add +.type x25519_fe64_add,\@function,3 +.align 32 +x25519_fe64_add: +.Lfe64_add_body: + mov 8*0(%rsi),$acc0 + mov 8*1(%rsi),$acc1 + mov 8*2(%rsi),$acc2 + mov 8*3(%rsi),$acc3 + + add 8*0(%rdx),$acc0 + adc 8*1(%rdx),$acc1 + adc 8*2(%rdx),$acc2 + adc 8*3(%rdx),$acc3 + + sbb %rax,%rax # cf -> mask + and \$38,%rax + + add %rax,$acc0 + adc \$0,$acc1 + adc \$0,$acc2 + mov $acc1,8*1(%rdi) + adc \$0,$acc3 + mov $acc2,8*2(%rdi) + sbb %rax,%rax # cf -> mask + mov $acc3,8*3(%rdi) + and \$38,%rax + + add %rax,$acc0 + mov $acc0,8*0(%rdi) + +.Lfe64_add_epilogue: + ret +.size x25519_fe64_add,.-x25519_fe64_add + +.globl x25519_fe64_sub +.type x25519_fe64_sub,\@function,3 +.align 32 +x25519_fe64_sub: +.Lfe64_sub_body: + mov 8*0(%rsi),$acc0 + mov 8*1(%rsi),$acc1 + mov 8*2(%rsi),$acc2 + mov 8*3(%rsi),$acc3 + + sub 8*0(%rdx),$acc0 + sbb 8*1(%rdx),$acc1 + sbb 8*2(%rdx),$acc2 + sbb 8*3(%rdx),$acc3 + + sbb %rax,%rax # cf -> mask + and \$38,%rax + + sub %rax,$acc0 + sbb \$0,$acc1 + sbb \$0,$acc2 + mov $acc1,8*1(%rdi) + sbb \$0,$acc3 + mov $acc2,8*2(%rdi) + sbb %rax,%rax # cf -> mask + mov $acc3,8*3(%rdi) + and \$38,%rax + + sub %rax,$acc0 + mov $acc0,8*0(%rdi) + +.Lfe64_sub_epilogue: + ret +.size x25519_fe64_sub,.-x25519_fe64_sub + +.globl x25519_fe64_tobytes +.type x25519_fe64_tobytes,\@function,2 +.align 32 +x25519_fe64_tobytes: +.Lfe64_to_body: + mov 8*0(%rsi),$acc0 + mov 8*1(%rsi),$acc1 + mov 8*2(%rsi),$acc2 + mov 8*3(%rsi),$acc3 + + ################################# reduction modulo 2^255-19 + lea ($acc3,$acc3),%rax + sar \$63,$acc3 # most significant bit -> mask + shr \$1,%rax # most significant bit cleared + and \$19,$acc3 + add \$19,$acc3 # compare to modulus in the same go + + add $acc3,$acc0 + adc \$0,$acc1 + adc \$0,$acc2 + adc \$0,%rax + + lea (%rax,%rax),$acc3 + sar \$63,%rax # most significant bit -> mask + shr \$1,$acc3 # most significant bit cleared + not %rax + and \$19,%rax + + sub %rax,$acc0 + sbb \$0,$acc1 + sbb \$0,$acc2 + sbb \$0,$acc3 + + mov $acc0,8*0(%rdi) + mov $acc1,8*1(%rdi) + mov $acc2,8*2(%rdi) + mov $acc3,8*3(%rdi) + +.Lfe64_to_epilogue: + ret +.size x25519_fe64_tobytes,.-x25519_fe64_tobytes +___ +} else { +$code.=<<___; +.globl x25519_fe64_eligible +.type x25519_fe64_eligible,\@abi-omnipotent +.align 32 +x25519_fe64_eligible: + xor %eax,%eax + ret +.size x25519_fe64_eligible,.-x25519_fe64_eligible + +.globl x25519_fe64_mul +.type x25519_fe64_mul,\@abi-omnipotent +.globl x25519_fe64_sqr +.globl x25519_fe64_mul121666 +.globl x25519_fe64_add +.globl x25519_fe64_sub +.globl x25519_fe64_tobytes +x25519_fe64_mul: +x25519_fe64_sqr: +x25519_fe64_mul121666: +x25519_fe64_add: +x25519_fe64_sub: +x25519_fe64_tobytes: + .byte 0x0f,0x0b # ud2 + ret +.size x25519_fe64_mul,.-x25519_fe64_mul +___ +} +$code.=<<___; +.asciz "X25519 primitives for x86_64, CRYPTOGAMS by " +___ + +# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, +# CONTEXT *context,DISPATCHER_CONTEXT *disp) +if ($win64) { +$rec="%rcx"; +$frame="%rdx"; +$context="%r8"; +$disp="%r9"; + +$code.=<<___; +.extern __imp_RtlVirtualUnwind + +.type short_handler,\@abi-omnipotent +.align 16 +short_handler: + push %rsi + push %rdi + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + pushfq + sub \$64,%rsp + + mov 120($context),%rax # pull context->Rax + mov 248($context),%rbx # pull context->Rip + + mov 8($disp),%rsi # disp->ImageBase + mov 56($disp),%r11 # disp->HandlerData + + mov 0(%r11),%r10d # HandlerData[0] + lea (%rsi,%r10),%r10 # end of prologue label + cmp %r10,%rbx # context->RipRsp + jmp .Lcommon_seh_tail +.size short_handler,.-short_handler + +.type full_handler,\@abi-omnipotent +.align 16 +full_handler: + push %rsi + push %rdi + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + pushfq + sub \$64,%rsp + + mov 120($context),%rax # pull context->Rax + mov 248($context),%rbx # pull context->Rip + + mov 8($disp),%rsi # disp->ImageBase + mov 56($disp),%r11 # disp->HandlerData + + mov 0(%r11),%r10d # HandlerData[0] + lea (%rsi,%r10),%r10 # end of prologue label + cmp %r10,%rbx # context->RipRsp + + mov 4(%r11),%r10d # HandlerData[1] + lea (%rsi,%r10),%r10 # epilogue label + cmp %r10,%rbx # context->Rip>=epilogue label + jae .Lcommon_seh_tail + + mov 8(%r11),%r10d # HandlerData[2] + lea (%rax,%r10),%rax + + mov -8(%rax),%rbp + mov -16(%rax),%rbx + mov -24(%rax),%r12 + mov -32(%rax),%r13 + mov -40(%rax),%r14 + mov -48(%rax),%r15 + mov %rbx,144($context) # restore context->Rbx + mov %rbp,160($context) # restore context->Rbp + mov %r12,216($context) # restore context->R12 + mov %r13,224($context) # restore context->R13 + mov %r14,232($context) # restore context->R14 + mov %r15,240($context) # restore context->R15 + +.Lcommon_seh_tail: + mov 8(%rax),%rdi + mov 16(%rax),%rsi + mov %rax,152($context) # restore context->Rsp + mov %rsi,168($context) # restore context->Rsi + mov %rdi,176($context) # restore context->Rdi + + mov 40($disp),%rdi # disp->ContextRecord + mov $context,%rsi # context + mov \$154,%ecx # sizeof(CONTEXT) + .long 0xa548f3fc # cld; rep movsq + + mov $disp,%rsi + xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER + mov 8(%rsi),%rdx # arg2, disp->ImageBase + mov 0(%rsi),%r8 # arg3, disp->ControlPc + mov 16(%rsi),%r9 # arg4, disp->FunctionEntry + mov 40(%rsi),%r10 # disp->ContextRecord + lea 56(%rsi),%r11 # &disp->HandlerData + lea 24(%rsi),%r12 # &disp->EstablisherFrame + mov %r10,32(%rsp) # arg5 + mov %r11,40(%rsp) # arg6 + mov %r12,48(%rsp) # arg7 + mov %rcx,56(%rsp) # arg8, (NULL) + call *__imp_RtlVirtualUnwind(%rip) + + mov \$1,%eax # ExceptionContinueSearch + add \$64,%rsp + popfq + pop %r15 + pop %r14 + pop %r13 + pop %r12 + pop %rbp + pop %rbx + pop %rdi + pop %rsi + ret +.size full_handler,.-full_handler + +.section .pdata +.align 4 + .rva .LSEH_begin_x25519_fe51_mul + .rva .LSEH_end_x25519_fe51_mul + .rva .LSEH_info_x25519_fe51_mul + + .rva .LSEH_begin_x25519_fe51_sqr + .rva .LSEH_end_x25519_fe51_sqr + .rva .LSEH_info_x25519_fe51_sqr + + .rva .LSEH_begin_x25519_fe51_mul121666 + .rva .LSEH_end_x25519_fe51_mul121666 + .rva .LSEH_info_x25519_fe51_mul121666 +___ +$code.=<<___ if ($addx); + .rva .LSEH_begin_x25519_fe64_mul + .rva .LSEH_end_x25519_fe64_mul + .rva .LSEH_info_x25519_fe64_mul + + .rva .LSEH_begin_x25519_fe64_sqr + .rva .LSEH_end_x25519_fe64_sqr + .rva .LSEH_info_x25519_fe64_sqr + + .rva .LSEH_begin_x25519_fe64_mul121666 + .rva .LSEH_end_x25519_fe64_mul121666 + .rva .LSEH_info_x25519_fe64_mul121666 + + .rva .LSEH_begin_x25519_fe64_add + .rva .LSEH_end_x25519_fe64_add + .rva .LSEH_info_x25519_fe64_add + + .rva .LSEH_begin_x25519_fe64_sub + .rva .LSEH_end_x25519_fe64_sub + .rva .LSEH_info_x25519_fe64_sub + + .rva .LSEH_begin_x25519_fe64_tobytes + .rva .LSEH_end_x25519_fe64_tobytes + .rva .LSEH_info_x25519_fe64_tobytes +___ +$code.=<<___; +.section .xdata +.align 8 +.LSEH_info_x25519_fe51_mul: + .byte 9,0,0,0 + .rva full_handler + .rva .Lfe51_mul_body,.Lfe51_mul_epilogue # HandlerData[] + .long 88,0 +.LSEH_info_x25519_fe51_sqr: + .byte 9,0,0,0 + .rva full_handler + .rva .Lfe51_sqr_body,.Lfe51_sqr_epilogue # HandlerData[] + .long 88,0 +.LSEH_info_x25519_fe51_mul121666: + .byte 9,0,0,0 + .rva full_handler + .rva .Lfe51_mul121666_body,.Lfe51_mul121666_epilogue # HandlerData[] + .long 88,0 +___ +$code.=<<___ if ($addx); +.LSEH_info_x25519_fe64_mul: + .byte 9,0,0,0 + .rva full_handler + .rva .Lfe64_mul_body,.Lfe64_mul_epilogue # HandlerData[] + .long 72,0 +.LSEH_info_x25519_fe64_sqr: + .byte 9,0,0,0 + .rva full_handler + .rva .Lfe64_sqr_body,.Lfe64_sqr_epilogue # HandlerData[] + .long 72,0 +.LSEH_info_x25519_fe64_mul121666: + .byte 9,0,0,0 + .rva short_handler + .rva .Lfe64_mul121666_body,.Lfe64_mul121666_epilogue # HandlerData[] +.LSEH_info_x25519_fe64_add: + .byte 9,0,0,0 + .rva short_handler + .rva .Lfe64_add_body,.Lfe64_add_epilogue # HandlerData[] +.LSEH_info_x25519_fe64_sub: + .byte 9,0,0,0 + .rva short_handler + .rva .Lfe64_sub_body,.Lfe64_sub_epilogue # HandlerData[] +.LSEH_info_x25519_fe64_tobytes: + .byte 9,0,0,0 + .rva short_handler + .rva .Lfe64_to_body,.Lfe64_to_epilogue # HandlerData[] +___ +} + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +print $code; +close STDOUT; diff --git a/deps/openssl/openssl/crypto/ec/build.info b/deps/openssl/openssl/crypto/ec/build.info index 970c2922cc2b23..a1e673e347d070 100644 --- a/deps/openssl/openssl/crypto/ec/build.info +++ b/deps/openssl/openssl/crypto/ec/build.info @@ -2,13 +2,16 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]=\ ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c \ ec_err.c ec_curve.c ec_check.c ec_print.c ec_asn1.c ec_key.c \ - ec2_smpl.c ec2_mult.c ec_ameth.c ec_pmeth.c eck_prn.c \ + ec2_smpl.c ec_ameth.c ec_pmeth.c eck_prn.c \ ecp_nistp224.c ecp_nistp256.c ecp_nistp521.c ecp_nistputil.c \ ecp_oct.c ec2_oct.c ec_oct.c ec_kmeth.c ecdh_ossl.c ecdh_kdf.c \ ecdsa_ossl.c ecdsa_sign.c ecdsa_vrf.c curve25519.c ecx_meth.c \ + curve448/arch_32/f_impl.c curve448/f_generic.c curve448/scalar.c \ + curve448/curve448_tables.c curve448/eddsa.c curve448/curve448.c \ {- $target{ec_asm_src} -} -GENERATE[ecp_nistz256-x86.s]=asm/ecp_nistz256-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR) +GENERATE[ecp_nistz256-x86.s]=asm/ecp_nistz256-x86.pl \ + $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR) GENERATE[ecp_nistz256-x86_64.s]=asm/ecp_nistz256-x86_64.pl $(PERLASM_SCHEME) @@ -21,8 +24,19 @@ GENERATE[ecp_nistz256-armv4.S]=asm/ecp_nistz256-armv4.pl $(PERLASM_SCHEME) INCLUDE[ecp_nistz256-armv4.o]=.. GENERATE[ecp_nistz256-armv8.S]=asm/ecp_nistz256-armv8.pl $(PERLASM_SCHEME) INCLUDE[ecp_nistz256-armv8.o]=.. +GENERATE[ecp_nistz256-ppc64.s]=asm/ecp_nistz256-ppc64.pl $(PERLASM_SCHEME) + +GENERATE[x25519-x86_64.s]=asm/x25519-x86_64.pl $(PERLASM_SCHEME) +GENERATE[x25519-ppc64.s]=asm/x25519-ppc64.pl $(PERLASM_SCHEME) BEGINRAW[Makefile] {- $builddir -}/ecp_nistz256-%.S: {- $sourcedir -}/asm/ecp_nistz256-%.pl CC="$(CC)" $(PERL) $< $(PERLASM_SCHEME) $@ ENDRAW[Makefile] + +INCLUDE[curve448/arch_32/f_impl.o]=curve448/arch_32 curve448 +INCLUDE[curve448/f_generic.o]=curve448/arch_32 curve448 +INCLUDE[curve448/scalar.o]=curve448/arch_32 curve448 +INCLUDE[curve448/curve448_tables.o]=curve448/arch_32 curve448 +INCLUDE[curve448/eddsa.o]=curve448/arch_32 curve448 +INCLUDE[curve448/curve448.o]=curve448/arch_32 curve448 diff --git a/deps/openssl/openssl/crypto/ec/curve25519.c b/deps/openssl/openssl/crypto/ec/curve25519.c index c8aa9aa6d503ba..abe9b9cbf6dd0e 100644 --- a/deps/openssl/openssl/crypto/ec/curve25519.c +++ b/deps/openssl/openssl/crypto/ec/curve25519.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,14 +7,750 @@ * https://www.openssl.org/source/license.html */ -/* This code is mostly taken from the ref10 version of Ed25519 in SUPERCOP - * 20141124 (http://bench.cr.yp.to/supercop.html). - * - * The field functions are shared by Ed25519 and X25519 where possible. */ - #include #include "ec_lcl.h" +#include + +#if defined(X25519_ASM) && (defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_AMD64) || defined(_M_X64)) + +# define BASE_2_64_IMPLEMENTED + +typedef uint64_t fe64[4]; + +int x25519_fe64_eligible(void); + +/* + * Following subroutines perform corresponding operations modulo + * 2^256-38, i.e. double the curve modulus. However, inputs and + * outputs are permitted to be partially reduced, i.e. to remain + * in [0..2^256) range. It's all tied up in final fe64_tobytes + * that performs full reduction modulo 2^255-19. + * + * There are no reference C implementations for these. + */ +void x25519_fe64_mul(fe64 h, const fe64 f, const fe64 g); +void x25519_fe64_sqr(fe64 h, const fe64 f); +void x25519_fe64_mul121666(fe64 h, fe64 f); +void x25519_fe64_add(fe64 h, const fe64 f, const fe64 g); +void x25519_fe64_sub(fe64 h, const fe64 f, const fe64 g); +void x25519_fe64_tobytes(uint8_t *s, const fe64 f); +# define fe64_mul x25519_fe64_mul +# define fe64_sqr x25519_fe64_sqr +# define fe64_mul121666 x25519_fe64_mul121666 +# define fe64_add x25519_fe64_add +# define fe64_sub x25519_fe64_sub +# define fe64_tobytes x25519_fe64_tobytes + +static uint64_t load_8(const uint8_t *in) +{ + uint64_t result; + + result = in[0]; + result |= ((uint64_t)in[1]) << 8; + result |= ((uint64_t)in[2]) << 16; + result |= ((uint64_t)in[3]) << 24; + result |= ((uint64_t)in[4]) << 32; + result |= ((uint64_t)in[5]) << 40; + result |= ((uint64_t)in[6]) << 48; + result |= ((uint64_t)in[7]) << 56; + + return result; +} + +static void fe64_frombytes(fe64 h, const uint8_t *s) +{ + h[0] = load_8(s); + h[1] = load_8(s + 8); + h[2] = load_8(s + 16); + h[3] = load_8(s + 24) & 0x7fffffffffffffff; +} + +static void fe64_0(fe64 h) +{ + h[0] = 0; + h[1] = 0; + h[2] = 0; + h[3] = 0; +} + +static void fe64_1(fe64 h) +{ + h[0] = 1; + h[1] = 0; + h[2] = 0; + h[3] = 0; +} + +static void fe64_copy(fe64 h, const fe64 f) +{ + h[0] = f[0]; + h[1] = f[1]; + h[2] = f[2]; + h[3] = f[3]; +} + +static void fe64_cswap(fe64 f, fe64 g, unsigned int b) +{ + int i; + uint64_t mask = 0 - (uint64_t)b; + + for (i = 0; i < 4; i++) { + uint64_t x = f[i] ^ g[i]; + x &= mask; + f[i] ^= x; + g[i] ^= x; + } +} + +static void fe64_invert(fe64 out, const fe64 z) +{ + fe64 t0; + fe64 t1; + fe64 t2; + fe64 t3; + int i; + /* + * Compute z ** -1 = z ** (2 ** 255 - 19 - 2) with the exponent as + * 2 ** 255 - 21 = (2 ** 5) * (2 ** 250 - 1) + 11. + */ + + /* t0 = z ** 2 */ + fe64_sqr(t0, z); + + /* t1 = t0 ** (2 ** 2) = z ** 8 */ + fe64_sqr(t1, t0); + fe64_sqr(t1, t1); + + /* t1 = z * t1 = z ** 9 */ + fe64_mul(t1, z, t1); + /* t0 = t0 * t1 = z ** 11 -- stash t0 away for the end. */ + fe64_mul(t0, t0, t1); + + /* t2 = t0 ** 2 = z ** 22 */ + fe64_sqr(t2, t0); + + /* t1 = t1 * t2 = z ** (2 ** 5 - 1) */ + fe64_mul(t1, t1, t2); + + /* t2 = t1 ** (2 ** 5) = z ** ((2 ** 5) * (2 ** 5 - 1)) */ + fe64_sqr(t2, t1); + for (i = 1; i < 5; ++i) + fe64_sqr(t2, t2); + + /* t1 = t1 * t2 = z ** ((2 ** 5 + 1) * (2 ** 5 - 1)) = z ** (2 ** 10 - 1) */ + fe64_mul(t1, t2, t1); + + /* Continuing similarly... */ + + /* t2 = z ** (2 ** 20 - 1) */ + fe64_sqr(t2, t1); + for (i = 1; i < 10; ++i) + fe64_sqr(t2, t2); + + fe64_mul(t2, t2, t1); + + /* t2 = z ** (2 ** 40 - 1) */ + fe64_sqr(t3, t2); + for (i = 1; i < 20; ++i) + fe64_sqr(t3, t3); + + fe64_mul(t2, t3, t2); + + /* t2 = z ** (2 ** 10) * (2 ** 40 - 1) */ + for (i = 0; i < 10; ++i) + fe64_sqr(t2, t2); + + /* t1 = z ** (2 ** 50 - 1) */ + fe64_mul(t1, t2, t1); + + /* t2 = z ** (2 ** 100 - 1) */ + fe64_sqr(t2, t1); + for (i = 1; i < 50; ++i) + fe64_sqr(t2, t2); + + fe64_mul(t2, t2, t1); + + /* t2 = z ** (2 ** 200 - 1) */ + fe64_sqr(t3, t2); + for (i = 1; i < 100; ++i) + fe64_sqr(t3, t3); + + fe64_mul(t2, t3, t2); + + /* t2 = z ** ((2 ** 50) * (2 ** 200 - 1) */ + for (i = 0; i < 50; ++i) + fe64_sqr(t2, t2); + + /* t1 = z ** (2 ** 250 - 1) */ + fe64_mul(t1, t2, t1); + + /* t1 = z ** ((2 ** 5) * (2 ** 250 - 1)) */ + for (i = 0; i < 5; ++i) + fe64_sqr(t1, t1); + + /* Recall t0 = z ** 11; out = z ** (2 ** 255 - 21) */ + fe64_mul(out, t1, t0); +} + +/* + * Duplicate of original x25519_scalar_mult_generic, but using + * fe64_* subroutines. + */ +static void x25519_scalar_mulx(uint8_t out[32], const uint8_t scalar[32], + const uint8_t point[32]) +{ + fe64 x1, x2, z2, x3, z3, tmp0, tmp1; + uint8_t e[32]; + unsigned swap = 0; + int pos; + + memcpy(e, scalar, 32); + e[0] &= 0xf8; + e[31] &= 0x7f; + e[31] |= 0x40; + fe64_frombytes(x1, point); + fe64_1(x2); + fe64_0(z2); + fe64_copy(x3, x1); + fe64_1(z3); + + for (pos = 254; pos >= 0; --pos) { + unsigned int b = 1 & (e[pos / 8] >> (pos & 7)); + + swap ^= b; + fe64_cswap(x2, x3, swap); + fe64_cswap(z2, z3, swap); + swap = b; + fe64_sub(tmp0, x3, z3); + fe64_sub(tmp1, x2, z2); + fe64_add(x2, x2, z2); + fe64_add(z2, x3, z3); + fe64_mul(z3, x2, tmp0); + fe64_mul(z2, z2, tmp1); + fe64_sqr(tmp0, tmp1); + fe64_sqr(tmp1, x2); + fe64_add(x3, z3, z2); + fe64_sub(z2, z3, z2); + fe64_mul(x2, tmp1, tmp0); + fe64_sub(tmp1, tmp1, tmp0); + fe64_sqr(z2, z2); + fe64_mul121666(z3, tmp1); + fe64_sqr(x3, x3); + fe64_add(tmp0, tmp0, z3); + fe64_mul(z3, x1, z2); + fe64_mul(z2, tmp1, tmp0); + } + + fe64_invert(z2, z2); + fe64_mul(x2, x2, z2); + fe64_tobytes(out, x2); + + OPENSSL_cleanse(e, sizeof(e)); +} +#endif + +#if defined(X25519_ASM) \ + || ( (defined(__SIZEOF_INT128__) && __SIZEOF_INT128__ == 16) \ + && !defined(__sparc__) \ + && !(defined(__ANDROID__) && !defined(__clang__)) ) +/* + * Base 2^51 implementation. It's virtually no different from reference + * base 2^25.5 implementation in respect to lax boundary conditions for + * intermediate values and even individual limbs. So that whatever you + * know about the reference, applies even here... + */ +# define BASE_2_51_IMPLEMENTED + +typedef uint64_t fe51[5]; + +static const uint64_t MASK51 = 0x7ffffffffffff; + +static uint64_t load_7(const uint8_t *in) +{ + uint64_t result; + + result = in[0]; + result |= ((uint64_t)in[1]) << 8; + result |= ((uint64_t)in[2]) << 16; + result |= ((uint64_t)in[3]) << 24; + result |= ((uint64_t)in[4]) << 32; + result |= ((uint64_t)in[5]) << 40; + result |= ((uint64_t)in[6]) << 48; + + return result; +} + +static uint64_t load_6(const uint8_t *in) +{ + uint64_t result; + + result = in[0]; + result |= ((uint64_t)in[1]) << 8; + result |= ((uint64_t)in[2]) << 16; + result |= ((uint64_t)in[3]) << 24; + result |= ((uint64_t)in[4]) << 32; + result |= ((uint64_t)in[5]) << 40; + + return result; +} + +static void fe51_frombytes(fe51 h, const uint8_t *s) +{ + uint64_t h0 = load_7(s); /* 56 bits */ + uint64_t h1 = load_6(s + 7) << 5; /* 53 bits */ + uint64_t h2 = load_7(s + 13) << 2; /* 58 bits */ + uint64_t h3 = load_6(s + 20) << 7; /* 55 bits */ + uint64_t h4 = (load_6(s + 26) & 0x7fffffffffff) << 4; /* 51 bits */ + + h1 |= h0 >> 51; h0 &= MASK51; + h2 |= h1 >> 51; h1 &= MASK51; + h3 |= h2 >> 51; h2 &= MASK51; + h4 |= h3 >> 51; h3 &= MASK51; + + h[0] = h0; + h[1] = h1; + h[2] = h2; + h[3] = h3; + h[4] = h4; +} + +static void fe51_tobytes(uint8_t *s, const fe51 h) +{ + uint64_t h0 = h[0]; + uint64_t h1 = h[1]; + uint64_t h2 = h[2]; + uint64_t h3 = h[3]; + uint64_t h4 = h[4]; + uint64_t q; + + /* compare to modulus */ + q = (h0 + 19) >> 51; + q = (h1 + q) >> 51; + q = (h2 + q) >> 51; + q = (h3 + q) >> 51; + q = (h4 + q) >> 51; + + /* full reduce */ + h0 += 19 * q; + h1 += h0 >> 51; h0 &= MASK51; + h2 += h1 >> 51; h1 &= MASK51; + h3 += h2 >> 51; h2 &= MASK51; + h4 += h3 >> 51; h3 &= MASK51; + h4 &= MASK51; + + /* smash */ + s[0] = (uint8_t)(h0 >> 0); + s[1] = (uint8_t)(h0 >> 8); + s[2] = (uint8_t)(h0 >> 16); + s[3] = (uint8_t)(h0 >> 24); + s[4] = (uint8_t)(h0 >> 32); + s[5] = (uint8_t)(h0 >> 40); + s[6] = (uint8_t)((h0 >> 48) | ((uint32_t)h1 << 3)); + s[7] = (uint8_t)(h1 >> 5); + s[8] = (uint8_t)(h1 >> 13); + s[9] = (uint8_t)(h1 >> 21); + s[10] = (uint8_t)(h1 >> 29); + s[11] = (uint8_t)(h1 >> 37); + s[12] = (uint8_t)((h1 >> 45) | ((uint32_t)h2 << 6)); + s[13] = (uint8_t)(h2 >> 2); + s[14] = (uint8_t)(h2 >> 10); + s[15] = (uint8_t)(h2 >> 18); + s[16] = (uint8_t)(h2 >> 26); + s[17] = (uint8_t)(h2 >> 34); + s[18] = (uint8_t)(h2 >> 42); + s[19] = (uint8_t)((h2 >> 50) | ((uint32_t)h3 << 1)); + s[20] = (uint8_t)(h3 >> 7); + s[21] = (uint8_t)(h3 >> 15); + s[22] = (uint8_t)(h3 >> 23); + s[23] = (uint8_t)(h3 >> 31); + s[24] = (uint8_t)(h3 >> 39); + s[25] = (uint8_t)((h3 >> 47) | ((uint32_t)h4 << 4)); + s[26] = (uint8_t)(h4 >> 4); + s[27] = (uint8_t)(h4 >> 12); + s[28] = (uint8_t)(h4 >> 20); + s[29] = (uint8_t)(h4 >> 28); + s[30] = (uint8_t)(h4 >> 36); + s[31] = (uint8_t)(h4 >> 44); +} + +# if defined(X25519_ASM) +void x25519_fe51_mul(fe51 h, const fe51 f, const fe51 g); +void x25519_fe51_sqr(fe51 h, const fe51 f); +void x25519_fe51_mul121666(fe51 h, fe51 f); +# define fe51_mul x25519_fe51_mul +# define fe51_sq x25519_fe51_sqr +# define fe51_mul121666 x25519_fe51_mul121666 +# else + +typedef __uint128_t u128; + +static void fe51_mul(fe51 h, const fe51 f, const fe51 g) +{ + u128 h0, h1, h2, h3, h4; + uint64_t f_i, g0, g1, g2, g3, g4; + + f_i = f[0]; + h0 = (u128)f_i * (g0 = g[0]); + h1 = (u128)f_i * (g1 = g[1]); + h2 = (u128)f_i * (g2 = g[2]); + h3 = (u128)f_i * (g3 = g[3]); + h4 = (u128)f_i * (g4 = g[4]); + + f_i = f[1]; + h0 += (u128)f_i * (g4 *= 19); + h1 += (u128)f_i * g0; + h2 += (u128)f_i * g1; + h3 += (u128)f_i * g2; + h4 += (u128)f_i * g3; + + f_i = f[2]; + h0 += (u128)f_i * (g3 *= 19); + h1 += (u128)f_i * g4; + h2 += (u128)f_i * g0; + h3 += (u128)f_i * g1; + h4 += (u128)f_i * g2; + + f_i = f[3]; + h0 += (u128)f_i * (g2 *= 19); + h1 += (u128)f_i * g3; + h2 += (u128)f_i * g4; + h3 += (u128)f_i * g0; + h4 += (u128)f_i * g1; + + f_i = f[4]; + h0 += (u128)f_i * (g1 *= 19); + h1 += (u128)f_i * g2; + h2 += (u128)f_i * g3; + h3 += (u128)f_i * g4; + h4 += (u128)f_i * g0; + + /* partial [lazy] reduction */ + h3 += (uint64_t)(h2 >> 51); g2 = (uint64_t)h2 & MASK51; + h1 += (uint64_t)(h0 >> 51); g0 = (uint64_t)h0 & MASK51; + + h4 += (uint64_t)(h3 >> 51); g3 = (uint64_t)h3 & MASK51; + g2 += (uint64_t)(h1 >> 51); g1 = (uint64_t)h1 & MASK51; + + g0 += (uint64_t)(h4 >> 51) * 19; g4 = (uint64_t)h4 & MASK51; + g3 += g2 >> 51; g2 &= MASK51; + g1 += g0 >> 51; g0 &= MASK51; + + h[0] = g0; + h[1] = g1; + h[2] = g2; + h[3] = g3; + h[4] = g4; +} + +static void fe51_sq(fe51 h, const fe51 f) +{ +# if defined(OPENSSL_SMALL_FOOTPRINT) + fe51_mul(h, f, f); +# else + /* dedicated squaring gives 16-25% overall improvement */ + uint64_t g0 = f[0]; + uint64_t g1 = f[1]; + uint64_t g2 = f[2]; + uint64_t g3 = f[3]; + uint64_t g4 = f[4]; + u128 h0, h1, h2, h3, h4; + + h0 = (u128)g0 * g0; g0 *= 2; + h1 = (u128)g0 * g1; + h2 = (u128)g0 * g2; + h3 = (u128)g0 * g3; + h4 = (u128)g0 * g4; + + g0 = g4; /* borrow g0 */ + h3 += (u128)g0 * (g4 *= 19); + + h2 += (u128)g1 * g1; g1 *= 2; + h3 += (u128)g1 * g2; + h4 += (u128)g1 * g3; + h0 += (u128)g1 * g4; + + g0 = g3; /* borrow g0 */ + h1 += (u128)g0 * (g3 *= 19); + h2 += (u128)(g0 * 2) * g4; + + h4 += (u128)g2 * g2; g2 *= 2; + h0 += (u128)g2 * g3; + h1 += (u128)g2 * g4; + + /* partial [lazy] reduction */ + h3 += (uint64_t)(h2 >> 51); g2 = (uint64_t)h2 & MASK51; + h1 += (uint64_t)(h0 >> 51); g0 = (uint64_t)h0 & MASK51; + + h4 += (uint64_t)(h3 >> 51); g3 = (uint64_t)h3 & MASK51; + g2 += (uint64_t)(h1 >> 51); g1 = (uint64_t)h1 & MASK51; + + g0 += (uint64_t)(h4 >> 51) * 19; g4 = (uint64_t)h4 & MASK51; + g3 += g2 >> 51; g2 &= MASK51; + g1 += g0 >> 51; g0 &= MASK51; + + h[0] = g0; + h[1] = g1; + h[2] = g2; + h[3] = g3; + h[4] = g4; +# endif +} + +static void fe51_mul121666(fe51 h, fe51 f) +{ + u128 h0 = f[0] * (u128)121666; + u128 h1 = f[1] * (u128)121666; + u128 h2 = f[2] * (u128)121666; + u128 h3 = f[3] * (u128)121666; + u128 h4 = f[4] * (u128)121666; + uint64_t g0, g1, g2, g3, g4; + + h3 += (uint64_t)(h2 >> 51); g2 = (uint64_t)h2 & MASK51; + h1 += (uint64_t)(h0 >> 51); g0 = (uint64_t)h0 & MASK51; + + h4 += (uint64_t)(h3 >> 51); g3 = (uint64_t)h3 & MASK51; + g2 += (uint64_t)(h1 >> 51); g1 = (uint64_t)h1 & MASK51; + + g0 += (uint64_t)(h4 >> 51) * 19; g4 = (uint64_t)h4 & MASK51; + g3 += g2 >> 51; g2 &= MASK51; + g1 += g0 >> 51; g0 &= MASK51; + + h[0] = g0; + h[1] = g1; + h[2] = g2; + h[3] = g3; + h[4] = g4; +} +# endif + +static void fe51_add(fe51 h, const fe51 f, const fe51 g) +{ + h[0] = f[0] + g[0]; + h[1] = f[1] + g[1]; + h[2] = f[2] + g[2]; + h[3] = f[3] + g[3]; + h[4] = f[4] + g[4]; +} + +static void fe51_sub(fe51 h, const fe51 f, const fe51 g) +{ + /* + * Add 2*modulus to ensure that result remains positive + * even if subtrahend is partially reduced. + */ + h[0] = (f[0] + 0xfffffffffffda) - g[0]; + h[1] = (f[1] + 0xffffffffffffe) - g[1]; + h[2] = (f[2] + 0xffffffffffffe) - g[2]; + h[3] = (f[3] + 0xffffffffffffe) - g[3]; + h[4] = (f[4] + 0xffffffffffffe) - g[4]; +} + +static void fe51_0(fe51 h) +{ + h[0] = 0; + h[1] = 0; + h[2] = 0; + h[3] = 0; + h[4] = 0; +} + +static void fe51_1(fe51 h) +{ + h[0] = 1; + h[1] = 0; + h[2] = 0; + h[3] = 0; + h[4] = 0; +} + +static void fe51_copy(fe51 h, const fe51 f) +{ + h[0] = f[0]; + h[1] = f[1]; + h[2] = f[2]; + h[3] = f[3]; + h[4] = f[4]; +} + +static void fe51_cswap(fe51 f, fe51 g, unsigned int b) +{ + int i; + uint64_t mask = 0 - (uint64_t)b; + + for (i = 0; i < 5; i++) { + int64_t x = f[i] ^ g[i]; + x &= mask; + f[i] ^= x; + g[i] ^= x; + } +} + +static void fe51_invert(fe51 out, const fe51 z) +{ + fe51 t0; + fe51 t1; + fe51 t2; + fe51 t3; + int i; + + /* + * Compute z ** -1 = z ** (2 ** 255 - 19 - 2) with the exponent as + * 2 ** 255 - 21 = (2 ** 5) * (2 ** 250 - 1) + 11. + */ + + /* t0 = z ** 2 */ + fe51_sq(t0, z); + + /* t1 = t0 ** (2 ** 2) = z ** 8 */ + fe51_sq(t1, t0); + fe51_sq(t1, t1); + + /* t1 = z * t1 = z ** 9 */ + fe51_mul(t1, z, t1); + /* t0 = t0 * t1 = z ** 11 -- stash t0 away for the end. */ + fe51_mul(t0, t0, t1); + + /* t2 = t0 ** 2 = z ** 22 */ + fe51_sq(t2, t0); + + /* t1 = t1 * t2 = z ** (2 ** 5 - 1) */ + fe51_mul(t1, t1, t2); + + /* t2 = t1 ** (2 ** 5) = z ** ((2 ** 5) * (2 ** 5 - 1)) */ + fe51_sq(t2, t1); + for (i = 1; i < 5; ++i) + fe51_sq(t2, t2); + + /* t1 = t1 * t2 = z ** ((2 ** 5 + 1) * (2 ** 5 - 1)) = z ** (2 ** 10 - 1) */ + fe51_mul(t1, t2, t1); + + /* Continuing similarly... */ + + /* t2 = z ** (2 ** 20 - 1) */ + fe51_sq(t2, t1); + for (i = 1; i < 10; ++i) + fe51_sq(t2, t2); + + fe51_mul(t2, t2, t1); + + /* t2 = z ** (2 ** 40 - 1) */ + fe51_sq(t3, t2); + for (i = 1; i < 20; ++i) + fe51_sq(t3, t3); + + fe51_mul(t2, t3, t2); + + /* t2 = z ** (2 ** 10) * (2 ** 40 - 1) */ + for (i = 0; i < 10; ++i) + fe51_sq(t2, t2); + + /* t1 = z ** (2 ** 50 - 1) */ + fe51_mul(t1, t2, t1); + + /* t2 = z ** (2 ** 100 - 1) */ + fe51_sq(t2, t1); + for (i = 1; i < 50; ++i) + fe51_sq(t2, t2); + + fe51_mul(t2, t2, t1); + + /* t2 = z ** (2 ** 200 - 1) */ + fe51_sq(t3, t2); + for (i = 1; i < 100; ++i) + fe51_sq(t3, t3); + + fe51_mul(t2, t3, t2); + + /* t2 = z ** ((2 ** 50) * (2 ** 200 - 1) */ + for (i = 0; i < 50; ++i) + fe51_sq(t2, t2); + + /* t1 = z ** (2 ** 250 - 1) */ + fe51_mul(t1, t2, t1); + + /* t1 = z ** ((2 ** 5) * (2 ** 250 - 1)) */ + for (i = 0; i < 5; ++i) + fe51_sq(t1, t1); + + /* Recall t0 = z ** 11; out = z ** (2 ** 255 - 21) */ + fe51_mul(out, t1, t0); +} + +/* + * Duplicate of original x25519_scalar_mult_generic, but using + * fe51_* subroutines. + */ +static void x25519_scalar_mult(uint8_t out[32], const uint8_t scalar[32], + const uint8_t point[32]) +{ + fe51 x1, x2, z2, x3, z3, tmp0, tmp1; + uint8_t e[32]; + unsigned swap = 0; + int pos; + +# ifdef BASE_2_64_IMPLEMENTED + if (x25519_fe64_eligible()) { + x25519_scalar_mulx(out, scalar, point); + return; + } +# endif + + memcpy(e, scalar, 32); + e[0] &= 0xf8; + e[31] &= 0x7f; + e[31] |= 0x40; + fe51_frombytes(x1, point); + fe51_1(x2); + fe51_0(z2); + fe51_copy(x3, x1); + fe51_1(z3); + + for (pos = 254; pos >= 0; --pos) { + unsigned int b = 1 & (e[pos / 8] >> (pos & 7)); + + swap ^= b; + fe51_cswap(x2, x3, swap); + fe51_cswap(z2, z3, swap); + swap = b; + fe51_sub(tmp0, x3, z3); + fe51_sub(tmp1, x2, z2); + fe51_add(x2, x2, z2); + fe51_add(z2, x3, z3); + fe51_mul(z3, tmp0, x2); + fe51_mul(z2, z2, tmp1); + fe51_sq(tmp0, tmp1); + fe51_sq(tmp1, x2); + fe51_add(x3, z3, z2); + fe51_sub(z2, z3, z2); + fe51_mul(x2, tmp1, tmp0); + fe51_sub(tmp1, tmp1, tmp0); + fe51_sq(z2, z2); + fe51_mul121666(z3, tmp1); + fe51_sq(x3, x3); + fe51_add(tmp0, tmp0, z3); + fe51_mul(z3, x1, z2); + fe51_mul(z2, tmp1, tmp0); + } + + fe51_invert(z2, z2); + fe51_mul(x2, x2, z2); + fe51_tobytes(out, x2); + + OPENSSL_cleanse(e, sizeof(e)); +} +#endif + +/* + * Reference base 2^25.5 implementation. + */ +/* + * This code is mostly taken from the ref10 version of Ed25519 in SUPERCOP + * 20141124 (http://bench.cr.yp.to/supercop.html). + * + * The field functions are shared by Ed25519 and X25519 where possible. + */ /* fe means field element. Here the field is \Z/(2^255-19). An element t, * entries t[0]...t[9], represents the integer t[0]+2^26 t[1]+2^51 t[2]+2^77 @@ -79,16 +815,16 @@ static void fe_frombytes(fe h, const uint8_t *s) { carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits; carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits; - h[0] = h0; - h[1] = h1; - h[2] = h2; - h[3] = h3; - h[4] = h4; - h[5] = h5; - h[6] = h6; - h[7] = h7; - h[8] = h8; - h[9] = h9; + h[0] = (int32_t)h0; + h[1] = (int32_t)h1; + h[2] = (int32_t)h2; + h[3] = (int32_t)h3; + h[4] = (int32_t)h4; + h[5] = (int32_t)h5; + h[6] = (int32_t)h6; + h[7] = (int32_t)h7; + h[8] = (int32_t)h8; + h[9] = (int32_t)h9; } /* Preconditions: @@ -159,38 +895,38 @@ static void fe_tobytes(uint8_t *s, const fe h) { * evidently 2^255 h10-2^255 q = 0. * Goal: Output h0+...+2^230 h9. */ - s[0] = h0 >> 0; - s[1] = h0 >> 8; - s[2] = h0 >> 16; - s[3] = (h0 >> 24) | ((uint32_t)(h1) << 2); - s[4] = h1 >> 6; - s[5] = h1 >> 14; - s[6] = (h1 >> 22) | ((uint32_t)(h2) << 3); - s[7] = h2 >> 5; - s[8] = h2 >> 13; - s[9] = (h2 >> 21) | ((uint32_t)(h3) << 5); - s[10] = h3 >> 3; - s[11] = h3 >> 11; - s[12] = (h3 >> 19) | ((uint32_t)(h4) << 6); - s[13] = h4 >> 2; - s[14] = h4 >> 10; - s[15] = h4 >> 18; - s[16] = h5 >> 0; - s[17] = h5 >> 8; - s[18] = h5 >> 16; - s[19] = (h5 >> 24) | ((uint32_t)(h6) << 1); - s[20] = h6 >> 7; - s[21] = h6 >> 15; - s[22] = (h6 >> 23) | ((uint32_t)(h7) << 3); - s[23] = h7 >> 5; - s[24] = h7 >> 13; - s[25] = (h7 >> 21) | ((uint32_t)(h8) << 4); - s[26] = h8 >> 4; - s[27] = h8 >> 12; - s[28] = (h8 >> 20) | ((uint32_t)(h9) << 6); - s[29] = h9 >> 2; - s[30] = h9 >> 10; - s[31] = h9 >> 18; + s[0] = (uint8_t)(h0 >> 0); + s[1] = (uint8_t)(h0 >> 8); + s[2] = (uint8_t)(h0 >> 16); + s[3] = (uint8_t)((h0 >> 24) | ((uint32_t)(h1) << 2)); + s[4] = (uint8_t)(h1 >> 6); + s[5] = (uint8_t)(h1 >> 14); + s[6] = (uint8_t)((h1 >> 22) | ((uint32_t)(h2) << 3)); + s[7] = (uint8_t)(h2 >> 5); + s[8] = (uint8_t)(h2 >> 13); + s[9] = (uint8_t)((h2 >> 21) | ((uint32_t)(h3) << 5)); + s[10] = (uint8_t)(h3 >> 3); + s[11] = (uint8_t)(h3 >> 11); + s[12] = (uint8_t)((h3 >> 19) | ((uint32_t)(h4) << 6)); + s[13] = (uint8_t)(h4 >> 2); + s[14] = (uint8_t)(h4 >> 10); + s[15] = (uint8_t)(h4 >> 18); + s[16] = (uint8_t)(h5 >> 0); + s[17] = (uint8_t)(h5 >> 8); + s[18] = (uint8_t)(h5 >> 16); + s[19] = (uint8_t)((h5 >> 24) | ((uint32_t)(h6) << 1)); + s[20] = (uint8_t)(h6 >> 7); + s[21] = (uint8_t)(h6 >> 15); + s[22] = (uint8_t)((h6 >> 23) | ((uint32_t)(h7) << 3)); + s[23] = (uint8_t)(h7 >> 5); + s[24] = (uint8_t)(h7 >> 13); + s[25] = (uint8_t)((h7 >> 21) | ((uint32_t)(h8) << 4)); + s[26] = (uint8_t)(h8 >> 4); + s[27] = (uint8_t)(h8 >> 12); + s[28] = (uint8_t)((h8 >> 20) | ((uint32_t)(h9) << 6)); + s[29] = (uint8_t)(h9 >> 2); + s[30] = (uint8_t)(h9 >> 10); + s[31] = (uint8_t)(h9 >> 18); } /* h = f */ @@ -470,16 +1206,16 @@ static void fe_mul(fe h, const fe f, const fe g) { /* |h0| <= 2^25; from now on fits into int32 unchanged */ /* |h1| <= 1.01*2^24 */ - h[0] = h0; - h[1] = h1; - h[2] = h2; - h[3] = h3; - h[4] = h4; - h[5] = h5; - h[6] = h6; - h[7] = h7; - h[8] = h8; - h[9] = h9; + h[0] = (int32_t)h0; + h[1] = (int32_t)h1; + h[2] = (int32_t)h2; + h[3] = (int32_t)h3; + h[4] = (int32_t)h4; + h[5] = (int32_t)h5; + h[6] = (int32_t)h6; + h[7] = (int32_t)h7; + h[8] = (int32_t)h8; + h[9] = (int32_t)h9; } /* h = f * f @@ -611,16 +1347,16 @@ static void fe_sq(fe h, const fe f) { carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits; - h[0] = h0; - h[1] = h1; - h[2] = h2; - h[3] = h3; - h[4] = h4; - h[5] = h5; - h[6] = h6; - h[7] = h7; - h[8] = h8; - h[9] = h9; + h[0] = (int32_t)h0; + h[1] = (int32_t)h1; + h[2] = (int32_t)h2; + h[3] = (int32_t)h3; + h[4] = (int32_t)h4; + h[5] = (int32_t)h5; + h[6] = (int32_t)h6; + h[7] = (int32_t)h7; + h[8] = (int32_t)h8; + h[9] = (int32_t)h9; } static void fe_invert(fe out, const fe z) { @@ -746,6 +1482,30 @@ static void fe_cmov(fe f, const fe g, unsigned b) { } } +/* return 0 if f == 0 + * return 1 if f != 0 + * + * Preconditions: + * |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. */ +static int fe_isnonzero(const fe f) { + uint8_t s[32]; + static const uint8_t zero[32] = {0}; + fe_tobytes(s, f); + + return CRYPTO_memcmp(s, zero, sizeof(zero)) != 0; +} + +/* return 1 if f is in {1,3,5,...,q-2} + * return 0 if f is in {0,2,4,...,q-1} + * + * Preconditions: + * |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. */ +static int fe_isnegative(const fe f) { + uint8_t s[32]; + fe_tobytes(s, f); + return s[0] & 1; +} + /* h = 2 * f * f * Can overlap h with f. * @@ -886,16 +1646,73 @@ static void fe_sq2(fe h, const fe f) { carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits; - h[0] = h0; - h[1] = h1; - h[2] = h2; - h[3] = h3; - h[4] = h4; - h[5] = h5; - h[6] = h6; - h[7] = h7; - h[8] = h8; - h[9] = h9; + h[0] = (int32_t)h0; + h[1] = (int32_t)h1; + h[2] = (int32_t)h2; + h[3] = (int32_t)h3; + h[4] = (int32_t)h4; + h[5] = (int32_t)h5; + h[6] = (int32_t)h6; + h[7] = (int32_t)h7; + h[8] = (int32_t)h8; + h[9] = (int32_t)h9; +} + +static void fe_pow22523(fe out, const fe z) { + fe t0; + fe t1; + fe t2; + int i; + + fe_sq(t0, z); + fe_sq(t1, t0); + for (i = 1; i < 2; ++i) { + fe_sq(t1, t1); + } + fe_mul(t1, z, t1); + fe_mul(t0, t0, t1); + fe_sq(t0, t0); + fe_mul(t0, t1, t0); + fe_sq(t1, t0); + for (i = 1; i < 5; ++i) { + fe_sq(t1, t1); + } + fe_mul(t0, t1, t0); + fe_sq(t1, t0); + for (i = 1; i < 10; ++i) { + fe_sq(t1, t1); + } + fe_mul(t1, t1, t0); + fe_sq(t2, t1); + for (i = 1; i < 20; ++i) { + fe_sq(t2, t2); + } + fe_mul(t1, t2, t1); + fe_sq(t1, t1); + for (i = 1; i < 10; ++i) { + fe_sq(t1, t1); + } + fe_mul(t0, t1, t0); + fe_sq(t1, t0); + for (i = 1; i < 50; ++i) { + fe_sq(t1, t1); + } + fe_mul(t1, t1, t0); + fe_sq(t2, t1); + for (i = 1; i < 100; ++i) { + fe_sq(t2, t2); + } + fe_mul(t1, t2, t1); + fe_sq(t1, t1); + for (i = 1; i < 50; ++i) { + fe_sq(t1, t1); + } + fe_mul(t0, t1, t0); + fe_sq(t0, t0); + for (i = 1; i < 2; ++i) { + fe_sq(t0, t0); + } + fe_mul(out, t0, z); } /* ge means group element. @@ -943,6 +1760,85 @@ typedef struct { fe T2d; } ge_cached; +static void ge_tobytes(uint8_t *s, const ge_p2 *h) { + fe recip; + fe x; + fe y; + + fe_invert(recip, h->Z); + fe_mul(x, h->X, recip); + fe_mul(y, h->Y, recip); + fe_tobytes(s, y); + s[31] ^= fe_isnegative(x) << 7; +} + +static void ge_p3_tobytes(uint8_t *s, const ge_p3 *h) { + fe recip; + fe x; + fe y; + + fe_invert(recip, h->Z); + fe_mul(x, h->X, recip); + fe_mul(y, h->Y, recip); + fe_tobytes(s, y); + s[31] ^= fe_isnegative(x) << 7; +} + +static const fe d = {-10913610, 13857413, -15372611, 6949391, 114729, + -8787816, -6275908, -3247719, -18696448, -12055116}; + +static const fe sqrtm1 = {-32595792, -7943725, 9377950, 3500415, 12389472, + -272473, -25146209, -2005654, 326686, 11406482}; + +static int ge_frombytes_vartime(ge_p3 *h, const uint8_t *s) { + fe u; + fe v; + fe v3; + fe vxx; + fe check; + + fe_frombytes(h->Y, s); + fe_1(h->Z); + fe_sq(u, h->Y); + fe_mul(v, u, d); + fe_sub(u, u, h->Z); /* u = y^2-1 */ + fe_add(v, v, h->Z); /* v = dy^2+1 */ + + fe_sq(v3, v); + fe_mul(v3, v3, v); /* v3 = v^3 */ + fe_sq(h->X, v3); + fe_mul(h->X, h->X, v); + fe_mul(h->X, h->X, u); /* x = uv^7 */ + + fe_pow22523(h->X, h->X); /* x = (uv^7)^((q-5)/8) */ + fe_mul(h->X, h->X, v3); + fe_mul(h->X, h->X, u); /* x = uv^3(uv^7)^((q-5)/8) */ + + fe_sq(vxx, h->X); + fe_mul(vxx, vxx, v); + fe_sub(check, vxx, u); /* vx^2-u */ + if (fe_isnonzero(check)) { + fe_add(check, vxx, u); /* vx^2+u */ + if (fe_isnonzero(check)) { + return -1; + } + fe_mul(h->X, h->X, sqrtm1); + } + + if (fe_isnegative(h->X) != (s[31] >> 7)) { + fe_neg(h->X, h->X); + } + + fe_mul(h->T, h->X, h->Y); + return 0; +} + +static void ge_p2_0(ge_p2 *h) { + fe_0(h->X); + fe_1(h->Y); + fe_1(h->Z); +} + static void ge_p3_0(ge_p3 *h) { fe_0(h->X); fe_1(h->Y); @@ -963,6 +1859,17 @@ static void ge_p3_to_p2(ge_p2 *r, const ge_p3 *p) { fe_copy(r->Z, p->Z); } +static const fe d2 = {-21827239, -5839606, -30745221, 13898782, 229458, + 15978800, -12551817, -6495438, 29715968, 9444199}; + +/* r = p */ +static void ge_p3_to_cached(ge_cached *r, const ge_p3 *p) { + fe_add(r->YplusX, p->Y, p->X); + fe_sub(r->YminusX, p->Y, p->X); + fe_copy(r->Z, p->Z); + fe_mul(r->T2d, p->T, d2); +} + /* r = p */ static void ge_p1p1_to_p2(ge_p2 *r, const ge_p1p1 *p) { fe_mul(r->X, p->X, p->T); @@ -1016,6 +1923,56 @@ static void ge_madd(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q) { fe_sub(r->T, t0, r->T); } +/* r = p - q */ +static void ge_msub(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q) { + fe t0; + + fe_add(r->X, p->Y, p->X); + fe_sub(r->Y, p->Y, p->X); + fe_mul(r->Z, r->X, q->yminusx); + fe_mul(r->Y, r->Y, q->yplusx); + fe_mul(r->T, q->xy2d, p->T); + fe_add(t0, p->Z, p->Z); + fe_sub(r->X, r->Z, r->Y); + fe_add(r->Y, r->Z, r->Y); + fe_sub(r->Z, t0, r->T); + fe_add(r->T, t0, r->T); +} + +/* r = p + q */ +static void ge_add(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q) { + fe t0; + + fe_add(r->X, p->Y, p->X); + fe_sub(r->Y, p->Y, p->X); + fe_mul(r->Z, r->X, q->YplusX); + fe_mul(r->Y, r->Y, q->YminusX); + fe_mul(r->T, q->T2d, p->T); + fe_mul(r->X, p->Z, q->Z); + fe_add(t0, r->X, r->X); + fe_sub(r->X, r->Z, r->Y); + fe_add(r->Y, r->Z, r->Y); + fe_add(r->Z, t0, r->T); + fe_sub(r->T, t0, r->T); +} + +/* r = p - q */ +static void ge_sub(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q) { + fe t0; + + fe_add(r->X, p->Y, p->X); + fe_sub(r->Y, p->Y, p->X); + fe_mul(r->Z, r->X, q->YminusX); + fe_mul(r->Y, r->Y, q->YplusX); + fe_mul(r->T, q->T2d, p->T); + fe_mul(r->X, p->Z, q->Z); + fe_add(t0, r->X, r->X); + fe_sub(r->X, r->Z, r->Y); + fe_add(r->Y, r->Z, r->Y); + fe_sub(r->Z, t0, r->T); + fe_add(r->T, t0, r->T); +} + static uint8_t equal(signed char b, signed char c) { uint8_t ub = b; uint8_t uc = c; @@ -3230,6 +4187,7 @@ static void ge_scalarmult_base(ge_p3 *h, const uint8_t *a) { OPENSSL_cleanse(e, sizeof(e)); } +#if !defined(BASE_2_51_IMPLEMENTED) /* Replace (f,g) with (g,f) if b == 1; * replace (f,g) with (f,g) if b == 0. * @@ -3297,16 +4255,16 @@ static void fe_mul121666(fe h, fe f) { carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits; carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits; - h[0] = h0; - h[1] = h1; - h[2] = h2; - h[3] = h3; - h[4] = h4; - h[5] = h5; - h[6] = h6; - h[7] = h7; - h[8] = h8; - h[9] = h9; + h[0] = (int32_t)h0; + h[1] = (int32_t)h1; + h[2] = (int32_t)h2; + h[3] = (int32_t)h3; + h[4] = (int32_t)h4; + h[5] = (int32_t)h5; + h[6] = (int32_t)h6; + h[7] = (int32_t)h7; + h[8] = (int32_t)h8; + h[9] = (int32_t)h9; } static void x25519_scalar_mult_generic(uint8_t out[32], @@ -3352,8 +4310,6 @@ static void x25519_scalar_mult_generic(uint8_t out[32], fe_mul(z3, x1, z2); fe_mul(z2, tmp1, tmp0); } - fe_cswap(x2, x3, swap); - fe_cswap(z2, z3, swap); fe_invert(z2, z2); fe_mul(x2, x2, z2); @@ -3366,6 +4322,1107 @@ static void x25519_scalar_mult(uint8_t out[32], const uint8_t scalar[32], const uint8_t point[32]) { x25519_scalar_mult_generic(out, scalar, point); } +#endif + +static void slide(signed char *r, const uint8_t *a) { + int i; + int b; + int k; + + for (i = 0; i < 256; ++i) { + r[i] = 1 & (a[i >> 3] >> (i & 7)); + } + + for (i = 0; i < 256; ++i) { + if (r[i]) { + for (b = 1; b <= 6 && i + b < 256; ++b) { + if (r[i + b]) { + if (r[i] + (r[i + b] << b) <= 15) { + r[i] += r[i + b] << b; + r[i + b] = 0; + } else if (r[i] - (r[i + b] << b) >= -15) { + r[i] -= r[i + b] << b; + for (k = i + b; k < 256; ++k) { + if (!r[k]) { + r[k] = 1; + break; + } + r[k] = 0; + } + } else { + break; + } + } + } + } + } +} + +static const ge_precomp Bi[8] = { + { + {25967493, -14356035, 29566456, 3660896, -12694345, 4014787, 27544626, + -11754271, -6079156, 2047605}, + {-12545711, 934262, -2722910, 3049990, -727428, 9406986, 12720692, + 5043384, 19500929, -15469378}, + {-8738181, 4489570, 9688441, -14785194, 10184609, -12363380, 29287919, + 11864899, -24514362, -4438546}, + }, + { + {15636291, -9688557, 24204773, -7912398, 616977, -16685262, 27787600, + -14772189, 28944400, -1550024}, + {16568933, 4717097, -11556148, -1102322, 15682896, -11807043, 16354577, + -11775962, 7689662, 11199574}, + {30464156, -5976125, -11779434, -15670865, 23220365, 15915852, 7512774, + 10017326, -17749093, -9920357}, + }, + { + {10861363, 11473154, 27284546, 1981175, -30064349, 12577861, 32867885, + 14515107, -15438304, 10819380}, + {4708026, 6336745, 20377586, 9066809, -11272109, 6594696, -25653668, + 12483688, -12668491, 5581306}, + {19563160, 16186464, -29386857, 4097519, 10237984, -4348115, 28542350, + 13850243, -23678021, -15815942}, + }, + { + {5153746, 9909285, 1723747, -2777874, 30523605, 5516873, 19480852, + 5230134, -23952439, -15175766}, + {-30269007, -3463509, 7665486, 10083793, 28475525, 1649722, 20654025, + 16520125, 30598449, 7715701}, + {28881845, 14381568, 9657904, 3680757, -20181635, 7843316, -31400660, + 1370708, 29794553, -1409300}, + }, + { + {-22518993, -6692182, 14201702, -8745502, -23510406, 8844726, 18474211, + -1361450, -13062696, 13821877}, + {-6455177, -7839871, 3374702, -4740862, -27098617, -10571707, 31655028, + -7212327, 18853322, -14220951}, + {4566830, -12963868, -28974889, -12240689, -7602672, -2830569, -8514358, + -10431137, 2207753, -3209784}, + }, + { + {-25154831, -4185821, 29681144, 7868801, -6854661, -9423865, -12437364, + -663000, -31111463, -16132436}, + {25576264, -2703214, 7349804, -11814844, 16472782, 9300885, 3844789, + 15725684, 171356, 6466918}, + {23103977, 13316479, 9739013, -16149481, 817875, -15038942, 8965339, + -14088058, -30714912, 16193877}, + }, + { + {-33521811, 3180713, -2394130, 14003687, -16903474, -16270840, 17238398, + 4729455, -18074513, 9256800}, + {-25182317, -4174131, 32336398, 5036987, -21236817, 11360617, 22616405, + 9761698, -19827198, 630305}, + {-13720693, 2639453, -24237460, -7406481, 9494427, -5774029, -6554551, + -15960994, -2449256, -14291300}, + }, + { + {-3151181, -5046075, 9282714, 6866145, -31907062, -863023, -18940575, + 15033784, 25105118, -7894876}, + {-24326370, 15950226, -31801215, -14592823, -11662737, -5090925, + 1573892, -2625887, 2198790, -15804619}, + {-3099351, 10324967, -2241613, 7453183, -5446979, -2735503, -13812022, + -16236442, -32461234, -12290683}, + }, +}; + +/* r = a * A + b * B + * where a = a[0]+256*a[1]+...+256^31 a[31]. + * and b = b[0]+256*b[1]+...+256^31 b[31]. + * B is the Ed25519 base point (x,4/5) with x positive. */ +static void ge_double_scalarmult_vartime(ge_p2 *r, const uint8_t *a, + const ge_p3 *A, const uint8_t *b) { + signed char aslide[256]; + signed char bslide[256]; + ge_cached Ai[8]; /* A,3A,5A,7A,9A,11A,13A,15A */ + ge_p1p1 t; + ge_p3 u; + ge_p3 A2; + int i; + + slide(aslide, a); + slide(bslide, b); + + ge_p3_to_cached(&Ai[0], A); + ge_p3_dbl(&t, A); + ge_p1p1_to_p3(&A2, &t); + ge_add(&t, &A2, &Ai[0]); + ge_p1p1_to_p3(&u, &t); + ge_p3_to_cached(&Ai[1], &u); + ge_add(&t, &A2, &Ai[1]); + ge_p1p1_to_p3(&u, &t); + ge_p3_to_cached(&Ai[2], &u); + ge_add(&t, &A2, &Ai[2]); + ge_p1p1_to_p3(&u, &t); + ge_p3_to_cached(&Ai[3], &u); + ge_add(&t, &A2, &Ai[3]); + ge_p1p1_to_p3(&u, &t); + ge_p3_to_cached(&Ai[4], &u); + ge_add(&t, &A2, &Ai[4]); + ge_p1p1_to_p3(&u, &t); + ge_p3_to_cached(&Ai[5], &u); + ge_add(&t, &A2, &Ai[5]); + ge_p1p1_to_p3(&u, &t); + ge_p3_to_cached(&Ai[6], &u); + ge_add(&t, &A2, &Ai[6]); + ge_p1p1_to_p3(&u, &t); + ge_p3_to_cached(&Ai[7], &u); + + ge_p2_0(r); + + for (i = 255; i >= 0; --i) { + if (aslide[i] || bslide[i]) { + break; + } + } + + for (; i >= 0; --i) { + ge_p2_dbl(&t, r); + + if (aslide[i] > 0) { + ge_p1p1_to_p3(&u, &t); + ge_add(&t, &u, &Ai[aslide[i] / 2]); + } else if (aslide[i] < 0) { + ge_p1p1_to_p3(&u, &t); + ge_sub(&t, &u, &Ai[(-aslide[i]) / 2]); + } + + if (bslide[i] > 0) { + ge_p1p1_to_p3(&u, &t); + ge_madd(&t, &u, &Bi[bslide[i] / 2]); + } else if (bslide[i] < 0) { + ge_p1p1_to_p3(&u, &t); + ge_msub(&t, &u, &Bi[(-bslide[i]) / 2]); + } + + ge_p1p1_to_p2(r, &t); + } +} + +/* The set of scalars is \Z/l + * where l = 2^252 + 27742317777372353535851937790883648493. */ + +/* Input: + * s[0]+256*s[1]+...+256^63*s[63] = s + * + * Output: + * s[0]+256*s[1]+...+256^31*s[31] = s mod l + * where l = 2^252 + 27742317777372353535851937790883648493. + * Overwrites s in place. */ +static void x25519_sc_reduce(uint8_t *s) { + int64_t s0 = 2097151 & load_3(s); + int64_t s1 = 2097151 & (load_4(s + 2) >> 5); + int64_t s2 = 2097151 & (load_3(s + 5) >> 2); + int64_t s3 = 2097151 & (load_4(s + 7) >> 7); + int64_t s4 = 2097151 & (load_4(s + 10) >> 4); + int64_t s5 = 2097151 & (load_3(s + 13) >> 1); + int64_t s6 = 2097151 & (load_4(s + 15) >> 6); + int64_t s7 = 2097151 & (load_3(s + 18) >> 3); + int64_t s8 = 2097151 & load_3(s + 21); + int64_t s9 = 2097151 & (load_4(s + 23) >> 5); + int64_t s10 = 2097151 & (load_3(s + 26) >> 2); + int64_t s11 = 2097151 & (load_4(s + 28) >> 7); + int64_t s12 = 2097151 & (load_4(s + 31) >> 4); + int64_t s13 = 2097151 & (load_3(s + 34) >> 1); + int64_t s14 = 2097151 & (load_4(s + 36) >> 6); + int64_t s15 = 2097151 & (load_3(s + 39) >> 3); + int64_t s16 = 2097151 & load_3(s + 42); + int64_t s17 = 2097151 & (load_4(s + 44) >> 5); + int64_t s18 = 2097151 & (load_3(s + 47) >> 2); + int64_t s19 = 2097151 & (load_4(s + 49) >> 7); + int64_t s20 = 2097151 & (load_4(s + 52) >> 4); + int64_t s21 = 2097151 & (load_3(s + 55) >> 1); + int64_t s22 = 2097151 & (load_4(s + 57) >> 6); + int64_t s23 = (load_4(s + 60) >> 3); + int64_t carry0; + int64_t carry1; + int64_t carry2; + int64_t carry3; + int64_t carry4; + int64_t carry5; + int64_t carry6; + int64_t carry7; + int64_t carry8; + int64_t carry9; + int64_t carry10; + int64_t carry11; + int64_t carry12; + int64_t carry13; + int64_t carry14; + int64_t carry15; + int64_t carry16; + + s11 += s23 * 666643; + s12 += s23 * 470296; + s13 += s23 * 654183; + s14 -= s23 * 997805; + s15 += s23 * 136657; + s16 -= s23 * 683901; + s23 = 0; + + s10 += s22 * 666643; + s11 += s22 * 470296; + s12 += s22 * 654183; + s13 -= s22 * 997805; + s14 += s22 * 136657; + s15 -= s22 * 683901; + s22 = 0; + + s9 += s21 * 666643; + s10 += s21 * 470296; + s11 += s21 * 654183; + s12 -= s21 * 997805; + s13 += s21 * 136657; + s14 -= s21 * 683901; + s21 = 0; + + s8 += s20 * 666643; + s9 += s20 * 470296; + s10 += s20 * 654183; + s11 -= s20 * 997805; + s12 += s20 * 136657; + s13 -= s20 * 683901; + s20 = 0; + + s7 += s19 * 666643; + s8 += s19 * 470296; + s9 += s19 * 654183; + s10 -= s19 * 997805; + s11 += s19 * 136657; + s12 -= s19 * 683901; + s19 = 0; + + s6 += s18 * 666643; + s7 += s18 * 470296; + s8 += s18 * 654183; + s9 -= s18 * 997805; + s10 += s18 * 136657; + s11 -= s18 * 683901; + s18 = 0; + + carry6 = (s6 + (1 << 20)) >> 21; + s7 += carry6; + s6 -= carry6 * (1 << 21); + carry8 = (s8 + (1 << 20)) >> 21; + s9 += carry8; + s8 -= carry8 * (1 << 21); + carry10 = (s10 + (1 << 20)) >> 21; + s11 += carry10; + s10 -= carry10 * (1 << 21); + carry12 = (s12 + (1 << 20)) >> 21; + s13 += carry12; + s12 -= carry12 * (1 << 21); + carry14 = (s14 + (1 << 20)) >> 21; + s15 += carry14; + s14 -= carry14 * (1 << 21); + carry16 = (s16 + (1 << 20)) >> 21; + s17 += carry16; + s16 -= carry16 * (1 << 21); + + carry7 = (s7 + (1 << 20)) >> 21; + s8 += carry7; + s7 -= carry7 * (1 << 21); + carry9 = (s9 + (1 << 20)) >> 21; + s10 += carry9; + s9 -= carry9 * (1 << 21); + carry11 = (s11 + (1 << 20)) >> 21; + s12 += carry11; + s11 -= carry11 * (1 << 21); + carry13 = (s13 + (1 << 20)) >> 21; + s14 += carry13; + s13 -= carry13 * (1 << 21); + carry15 = (s15 + (1 << 20)) >> 21; + s16 += carry15; + s15 -= carry15 * (1 << 21); + + s5 += s17 * 666643; + s6 += s17 * 470296; + s7 += s17 * 654183; + s8 -= s17 * 997805; + s9 += s17 * 136657; + s10 -= s17 * 683901; + s17 = 0; + + s4 += s16 * 666643; + s5 += s16 * 470296; + s6 += s16 * 654183; + s7 -= s16 * 997805; + s8 += s16 * 136657; + s9 -= s16 * 683901; + s16 = 0; + + s3 += s15 * 666643; + s4 += s15 * 470296; + s5 += s15 * 654183; + s6 -= s15 * 997805; + s7 += s15 * 136657; + s8 -= s15 * 683901; + s15 = 0; + + s2 += s14 * 666643; + s3 += s14 * 470296; + s4 += s14 * 654183; + s5 -= s14 * 997805; + s6 += s14 * 136657; + s7 -= s14 * 683901; + s14 = 0; + + s1 += s13 * 666643; + s2 += s13 * 470296; + s3 += s13 * 654183; + s4 -= s13 * 997805; + s5 += s13 * 136657; + s6 -= s13 * 683901; + s13 = 0; + + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + s12 = 0; + + carry0 = (s0 + (1 << 20)) >> 21; + s1 += carry0; + s0 -= carry0 * (1 << 21); + carry2 = (s2 + (1 << 20)) >> 21; + s3 += carry2; + s2 -= carry2 * (1 << 21); + carry4 = (s4 + (1 << 20)) >> 21; + s5 += carry4; + s4 -= carry4 * (1 << 21); + carry6 = (s6 + (1 << 20)) >> 21; + s7 += carry6; + s6 -= carry6 * (1 << 21); + carry8 = (s8 + (1 << 20)) >> 21; + s9 += carry8; + s8 -= carry8 * (1 << 21); + carry10 = (s10 + (1 << 20)) >> 21; + s11 += carry10; + s10 -= carry10 * (1 << 21); + + carry1 = (s1 + (1 << 20)) >> 21; + s2 += carry1; + s1 -= carry1 * (1 << 21); + carry3 = (s3 + (1 << 20)) >> 21; + s4 += carry3; + s3 -= carry3 * (1 << 21); + carry5 = (s5 + (1 << 20)) >> 21; + s6 += carry5; + s5 -= carry5 * (1 << 21); + carry7 = (s7 + (1 << 20)) >> 21; + s8 += carry7; + s7 -= carry7 * (1 << 21); + carry9 = (s9 + (1 << 20)) >> 21; + s10 += carry9; + s9 -= carry9 * (1 << 21); + carry11 = (s11 + (1 << 20)) >> 21; + s12 += carry11; + s11 -= carry11 * (1 << 21); + + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + s12 = 0; + + carry0 = s0 >> 21; + s1 += carry0; + s0 -= carry0 * (1 << 21); + carry1 = s1 >> 21; + s2 += carry1; + s1 -= carry1 * (1 << 21); + carry2 = s2 >> 21; + s3 += carry2; + s2 -= carry2 * (1 << 21); + carry3 = s3 >> 21; + s4 += carry3; + s3 -= carry3 * (1 << 21); + carry4 = s4 >> 21; + s5 += carry4; + s4 -= carry4 * (1 << 21); + carry5 = s5 >> 21; + s6 += carry5; + s5 -= carry5 * (1 << 21); + carry6 = s6 >> 21; + s7 += carry6; + s6 -= carry6 * (1 << 21); + carry7 = s7 >> 21; + s8 += carry7; + s7 -= carry7 * (1 << 21); + carry8 = s8 >> 21; + s9 += carry8; + s8 -= carry8 * (1 << 21); + carry9 = s9 >> 21; + s10 += carry9; + s9 -= carry9 * (1 << 21); + carry10 = s10 >> 21; + s11 += carry10; + s10 -= carry10 * (1 << 21); + carry11 = s11 >> 21; + s12 += carry11; + s11 -= carry11 * (1 << 21); + + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + s12 = 0; + + carry0 = s0 >> 21; + s1 += carry0; + s0 -= carry0 * (1 << 21); + carry1 = s1 >> 21; + s2 += carry1; + s1 -= carry1 * (1 << 21); + carry2 = s2 >> 21; + s3 += carry2; + s2 -= carry2 * (1 << 21); + carry3 = s3 >> 21; + s4 += carry3; + s3 -= carry3 * (1 << 21); + carry4 = s4 >> 21; + s5 += carry4; + s4 -= carry4 * (1 << 21); + carry5 = s5 >> 21; + s6 += carry5; + s5 -= carry5 * (1 << 21); + carry6 = s6 >> 21; + s7 += carry6; + s6 -= carry6 * (1 << 21); + carry7 = s7 >> 21; + s8 += carry7; + s7 -= carry7 * (1 << 21); + carry8 = s8 >> 21; + s9 += carry8; + s8 -= carry8 * (1 << 21); + carry9 = s9 >> 21; + s10 += carry9; + s9 -= carry9 * (1 << 21); + carry10 = s10 >> 21; + s11 += carry10; + s10 -= carry10 * (1 << 21); + + s[0] = (uint8_t)(s0 >> 0); + s[1] = (uint8_t)(s0 >> 8); + s[2] = (uint8_t)((s0 >> 16) | (s1 << 5)); + s[3] = (uint8_t)(s1 >> 3); + s[4] = (uint8_t)(s1 >> 11); + s[5] = (uint8_t)((s1 >> 19) | (s2 << 2)); + s[6] = (uint8_t)(s2 >> 6); + s[7] = (uint8_t)((s2 >> 14) | (s3 << 7)); + s[8] = (uint8_t)(s3 >> 1); + s[9] = (uint8_t)(s3 >> 9); + s[10] = (uint8_t)((s3 >> 17) | (s4 << 4)); + s[11] = (uint8_t)(s4 >> 4); + s[12] = (uint8_t)(s4 >> 12); + s[13] = (uint8_t)((s4 >> 20) | (s5 << 1)); + s[14] = (uint8_t)(s5 >> 7); + s[15] = (uint8_t)((s5 >> 15) | (s6 << 6)); + s[16] = (uint8_t)(s6 >> 2); + s[17] = (uint8_t)(s6 >> 10); + s[18] = (uint8_t)((s6 >> 18) | (s7 << 3)); + s[19] = (uint8_t)(s7 >> 5); + s[20] = (uint8_t)(s7 >> 13); + s[21] = (uint8_t)(s8 >> 0); + s[22] = (uint8_t)(s8 >> 8); + s[23] = (uint8_t)((s8 >> 16) | (s9 << 5)); + s[24] = (uint8_t)(s9 >> 3); + s[25] = (uint8_t)(s9 >> 11); + s[26] = (uint8_t)((s9 >> 19) | (s10 << 2)); + s[27] = (uint8_t)(s10 >> 6); + s[28] = (uint8_t)((s10 >> 14) | (s11 << 7)); + s[29] = (uint8_t)(s11 >> 1); + s[30] = (uint8_t)(s11 >> 9); + s[31] = (uint8_t)(s11 >> 17); +} + +/* Input: + * a[0]+256*a[1]+...+256^31*a[31] = a + * b[0]+256*b[1]+...+256^31*b[31] = b + * c[0]+256*c[1]+...+256^31*c[31] = c + * + * Output: + * s[0]+256*s[1]+...+256^31*s[31] = (ab+c) mod l + * where l = 2^252 + 27742317777372353535851937790883648493. */ +static void sc_muladd(uint8_t *s, const uint8_t *a, const uint8_t *b, + const uint8_t *c) { + int64_t a0 = 2097151 & load_3(a); + int64_t a1 = 2097151 & (load_4(a + 2) >> 5); + int64_t a2 = 2097151 & (load_3(a + 5) >> 2); + int64_t a3 = 2097151 & (load_4(a + 7) >> 7); + int64_t a4 = 2097151 & (load_4(a + 10) >> 4); + int64_t a5 = 2097151 & (load_3(a + 13) >> 1); + int64_t a6 = 2097151 & (load_4(a + 15) >> 6); + int64_t a7 = 2097151 & (load_3(a + 18) >> 3); + int64_t a8 = 2097151 & load_3(a + 21); + int64_t a9 = 2097151 & (load_4(a + 23) >> 5); + int64_t a10 = 2097151 & (load_3(a + 26) >> 2); + int64_t a11 = (load_4(a + 28) >> 7); + int64_t b0 = 2097151 & load_3(b); + int64_t b1 = 2097151 & (load_4(b + 2) >> 5); + int64_t b2 = 2097151 & (load_3(b + 5) >> 2); + int64_t b3 = 2097151 & (load_4(b + 7) >> 7); + int64_t b4 = 2097151 & (load_4(b + 10) >> 4); + int64_t b5 = 2097151 & (load_3(b + 13) >> 1); + int64_t b6 = 2097151 & (load_4(b + 15) >> 6); + int64_t b7 = 2097151 & (load_3(b + 18) >> 3); + int64_t b8 = 2097151 & load_3(b + 21); + int64_t b9 = 2097151 & (load_4(b + 23) >> 5); + int64_t b10 = 2097151 & (load_3(b + 26) >> 2); + int64_t b11 = (load_4(b + 28) >> 7); + int64_t c0 = 2097151 & load_3(c); + int64_t c1 = 2097151 & (load_4(c + 2) >> 5); + int64_t c2 = 2097151 & (load_3(c + 5) >> 2); + int64_t c3 = 2097151 & (load_4(c + 7) >> 7); + int64_t c4 = 2097151 & (load_4(c + 10) >> 4); + int64_t c5 = 2097151 & (load_3(c + 13) >> 1); + int64_t c6 = 2097151 & (load_4(c + 15) >> 6); + int64_t c7 = 2097151 & (load_3(c + 18) >> 3); + int64_t c8 = 2097151 & load_3(c + 21); + int64_t c9 = 2097151 & (load_4(c + 23) >> 5); + int64_t c10 = 2097151 & (load_3(c + 26) >> 2); + int64_t c11 = (load_4(c + 28) >> 7); + int64_t s0; + int64_t s1; + int64_t s2; + int64_t s3; + int64_t s4; + int64_t s5; + int64_t s6; + int64_t s7; + int64_t s8; + int64_t s9; + int64_t s10; + int64_t s11; + int64_t s12; + int64_t s13; + int64_t s14; + int64_t s15; + int64_t s16; + int64_t s17; + int64_t s18; + int64_t s19; + int64_t s20; + int64_t s21; + int64_t s22; + int64_t s23; + int64_t carry0; + int64_t carry1; + int64_t carry2; + int64_t carry3; + int64_t carry4; + int64_t carry5; + int64_t carry6; + int64_t carry7; + int64_t carry8; + int64_t carry9; + int64_t carry10; + int64_t carry11; + int64_t carry12; + int64_t carry13; + int64_t carry14; + int64_t carry15; + int64_t carry16; + int64_t carry17; + int64_t carry18; + int64_t carry19; + int64_t carry20; + int64_t carry21; + int64_t carry22; + + s0 = c0 + a0 * b0; + s1 = c1 + a0 * b1 + a1 * b0; + s2 = c2 + a0 * b2 + a1 * b1 + a2 * b0; + s3 = c3 + a0 * b3 + a1 * b2 + a2 * b1 + a3 * b0; + s4 = c4 + a0 * b4 + a1 * b3 + a2 * b2 + a3 * b1 + a4 * b0; + s5 = c5 + a0 * b5 + a1 * b4 + a2 * b3 + a3 * b2 + a4 * b1 + a5 * b0; + s6 = c6 + a0 * b6 + a1 * b5 + a2 * b4 + a3 * b3 + a4 * b2 + a5 * b1 + a6 * b0; + s7 = c7 + a0 * b7 + a1 * b6 + a2 * b5 + a3 * b4 + a4 * b3 + a5 * b2 + + a6 * b1 + a7 * b0; + s8 = c8 + a0 * b8 + a1 * b7 + a2 * b6 + a3 * b5 + a4 * b4 + a5 * b3 + + a6 * b2 + a7 * b1 + a8 * b0; + s9 = c9 + a0 * b9 + a1 * b8 + a2 * b7 + a3 * b6 + a4 * b5 + a5 * b4 + + a6 * b3 + a7 * b2 + a8 * b1 + a9 * b0; + s10 = c10 + a0 * b10 + a1 * b9 + a2 * b8 + a3 * b7 + a4 * b6 + a5 * b5 + + a6 * b4 + a7 * b3 + a8 * b2 + a9 * b1 + a10 * b0; + s11 = c11 + a0 * b11 + a1 * b10 + a2 * b9 + a3 * b8 + a4 * b7 + a5 * b6 + + a6 * b5 + a7 * b4 + a8 * b3 + a9 * b2 + a10 * b1 + a11 * b0; + s12 = a1 * b11 + a2 * b10 + a3 * b9 + a4 * b8 + a5 * b7 + a6 * b6 + a7 * b5 + + a8 * b4 + a9 * b3 + a10 * b2 + a11 * b1; + s13 = a2 * b11 + a3 * b10 + a4 * b9 + a5 * b8 + a6 * b7 + a7 * b6 + a8 * b5 + + a9 * b4 + a10 * b3 + a11 * b2; + s14 = a3 * b11 + a4 * b10 + a5 * b9 + a6 * b8 + a7 * b7 + a8 * b6 + a9 * b5 + + a10 * b4 + a11 * b3; + s15 = a4 * b11 + a5 * b10 + a6 * b9 + a7 * b8 + a8 * b7 + a9 * b6 + a10 * b5 + + a11 * b4; + s16 = a5 * b11 + a6 * b10 + a7 * b9 + a8 * b8 + a9 * b7 + a10 * b6 + a11 * b5; + s17 = a6 * b11 + a7 * b10 + a8 * b9 + a9 * b8 + a10 * b7 + a11 * b6; + s18 = a7 * b11 + a8 * b10 + a9 * b9 + a10 * b8 + a11 * b7; + s19 = a8 * b11 + a9 * b10 + a10 * b9 + a11 * b8; + s20 = a9 * b11 + a10 * b10 + a11 * b9; + s21 = a10 * b11 + a11 * b10; + s22 = a11 * b11; + s23 = 0; + + carry0 = (s0 + (1 << 20)) >> 21; + s1 += carry0; + s0 -= carry0 * (1 << 21); + carry2 = (s2 + (1 << 20)) >> 21; + s3 += carry2; + s2 -= carry2 * (1 << 21); + carry4 = (s4 + (1 << 20)) >> 21; + s5 += carry4; + s4 -= carry4 * (1 << 21); + carry6 = (s6 + (1 << 20)) >> 21; + s7 += carry6; + s6 -= carry6 * (1 << 21); + carry8 = (s8 + (1 << 20)) >> 21; + s9 += carry8; + s8 -= carry8 * (1 << 21); + carry10 = (s10 + (1 << 20)) >> 21; + s11 += carry10; + s10 -= carry10 * (1 << 21); + carry12 = (s12 + (1 << 20)) >> 21; + s13 += carry12; + s12 -= carry12 * (1 << 21); + carry14 = (s14 + (1 << 20)) >> 21; + s15 += carry14; + s14 -= carry14 * (1 << 21); + carry16 = (s16 + (1 << 20)) >> 21; + s17 += carry16; + s16 -= carry16 * (1 << 21); + carry18 = (s18 + (1 << 20)) >> 21; + s19 += carry18; + s18 -= carry18 * (1 << 21); + carry20 = (s20 + (1 << 20)) >> 21; + s21 += carry20; + s20 -= carry20 * (1 << 21); + carry22 = (s22 + (1 << 20)) >> 21; + s23 += carry22; + s22 -= carry22 * (1 << 21); + + carry1 = (s1 + (1 << 20)) >> 21; + s2 += carry1; + s1 -= carry1 * (1 << 21); + carry3 = (s3 + (1 << 20)) >> 21; + s4 += carry3; + s3 -= carry3 * (1 << 21); + carry5 = (s5 + (1 << 20)) >> 21; + s6 += carry5; + s5 -= carry5 * (1 << 21); + carry7 = (s7 + (1 << 20)) >> 21; + s8 += carry7; + s7 -= carry7 * (1 << 21); + carry9 = (s9 + (1 << 20)) >> 21; + s10 += carry9; + s9 -= carry9 * (1 << 21); + carry11 = (s11 + (1 << 20)) >> 21; + s12 += carry11; + s11 -= carry11 * (1 << 21); + carry13 = (s13 + (1 << 20)) >> 21; + s14 += carry13; + s13 -= carry13 * (1 << 21); + carry15 = (s15 + (1 << 20)) >> 21; + s16 += carry15; + s15 -= carry15 * (1 << 21); + carry17 = (s17 + (1 << 20)) >> 21; + s18 += carry17; + s17 -= carry17 * (1 << 21); + carry19 = (s19 + (1 << 20)) >> 21; + s20 += carry19; + s19 -= carry19 * (1 << 21); + carry21 = (s21 + (1 << 20)) >> 21; + s22 += carry21; + s21 -= carry21 * (1 << 21); + + s11 += s23 * 666643; + s12 += s23 * 470296; + s13 += s23 * 654183; + s14 -= s23 * 997805; + s15 += s23 * 136657; + s16 -= s23 * 683901; + s23 = 0; + + s10 += s22 * 666643; + s11 += s22 * 470296; + s12 += s22 * 654183; + s13 -= s22 * 997805; + s14 += s22 * 136657; + s15 -= s22 * 683901; + s22 = 0; + + s9 += s21 * 666643; + s10 += s21 * 470296; + s11 += s21 * 654183; + s12 -= s21 * 997805; + s13 += s21 * 136657; + s14 -= s21 * 683901; + s21 = 0; + + s8 += s20 * 666643; + s9 += s20 * 470296; + s10 += s20 * 654183; + s11 -= s20 * 997805; + s12 += s20 * 136657; + s13 -= s20 * 683901; + s20 = 0; + + s7 += s19 * 666643; + s8 += s19 * 470296; + s9 += s19 * 654183; + s10 -= s19 * 997805; + s11 += s19 * 136657; + s12 -= s19 * 683901; + s19 = 0; + + s6 += s18 * 666643; + s7 += s18 * 470296; + s8 += s18 * 654183; + s9 -= s18 * 997805; + s10 += s18 * 136657; + s11 -= s18 * 683901; + s18 = 0; + + carry6 = (s6 + (1 << 20)) >> 21; + s7 += carry6; + s6 -= carry6 * (1 << 21); + carry8 = (s8 + (1 << 20)) >> 21; + s9 += carry8; + s8 -= carry8 * (1 << 21); + carry10 = (s10 + (1 << 20)) >> 21; + s11 += carry10; + s10 -= carry10 * (1 << 21); + carry12 = (s12 + (1 << 20)) >> 21; + s13 += carry12; + s12 -= carry12 * (1 << 21); + carry14 = (s14 + (1 << 20)) >> 21; + s15 += carry14; + s14 -= carry14 * (1 << 21); + carry16 = (s16 + (1 << 20)) >> 21; + s17 += carry16; + s16 -= carry16 * (1 << 21); + + carry7 = (s7 + (1 << 20)) >> 21; + s8 += carry7; + s7 -= carry7 * (1 << 21); + carry9 = (s9 + (1 << 20)) >> 21; + s10 += carry9; + s9 -= carry9 * (1 << 21); + carry11 = (s11 + (1 << 20)) >> 21; + s12 += carry11; + s11 -= carry11 * (1 << 21); + carry13 = (s13 + (1 << 20)) >> 21; + s14 += carry13; + s13 -= carry13 * (1 << 21); + carry15 = (s15 + (1 << 20)) >> 21; + s16 += carry15; + s15 -= carry15 * (1 << 21); + + s5 += s17 * 666643; + s6 += s17 * 470296; + s7 += s17 * 654183; + s8 -= s17 * 997805; + s9 += s17 * 136657; + s10 -= s17 * 683901; + s17 = 0; + + s4 += s16 * 666643; + s5 += s16 * 470296; + s6 += s16 * 654183; + s7 -= s16 * 997805; + s8 += s16 * 136657; + s9 -= s16 * 683901; + s16 = 0; + + s3 += s15 * 666643; + s4 += s15 * 470296; + s5 += s15 * 654183; + s6 -= s15 * 997805; + s7 += s15 * 136657; + s8 -= s15 * 683901; + s15 = 0; + + s2 += s14 * 666643; + s3 += s14 * 470296; + s4 += s14 * 654183; + s5 -= s14 * 997805; + s6 += s14 * 136657; + s7 -= s14 * 683901; + s14 = 0; + + s1 += s13 * 666643; + s2 += s13 * 470296; + s3 += s13 * 654183; + s4 -= s13 * 997805; + s5 += s13 * 136657; + s6 -= s13 * 683901; + s13 = 0; + + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + s12 = 0; + + carry0 = (s0 + (1 << 20)) >> 21; + s1 += carry0; + s0 -= carry0 * (1 << 21); + carry2 = (s2 + (1 << 20)) >> 21; + s3 += carry2; + s2 -= carry2 * (1 << 21); + carry4 = (s4 + (1 << 20)) >> 21; + s5 += carry4; + s4 -= carry4 * (1 << 21); + carry6 = (s6 + (1 << 20)) >> 21; + s7 += carry6; + s6 -= carry6 * (1 << 21); + carry8 = (s8 + (1 << 20)) >> 21; + s9 += carry8; + s8 -= carry8 * (1 << 21); + carry10 = (s10 + (1 << 20)) >> 21; + s11 += carry10; + s10 -= carry10 * (1 << 21); + + carry1 = (s1 + (1 << 20)) >> 21; + s2 += carry1; + s1 -= carry1 * (1 << 21); + carry3 = (s3 + (1 << 20)) >> 21; + s4 += carry3; + s3 -= carry3 * (1 << 21); + carry5 = (s5 + (1 << 20)) >> 21; + s6 += carry5; + s5 -= carry5 * (1 << 21); + carry7 = (s7 + (1 << 20)) >> 21; + s8 += carry7; + s7 -= carry7 * (1 << 21); + carry9 = (s9 + (1 << 20)) >> 21; + s10 += carry9; + s9 -= carry9 * (1 << 21); + carry11 = (s11 + (1 << 20)) >> 21; + s12 += carry11; + s11 -= carry11 * (1 << 21); + + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + s12 = 0; + + carry0 = s0 >> 21; + s1 += carry0; + s0 -= carry0 * (1 << 21); + carry1 = s1 >> 21; + s2 += carry1; + s1 -= carry1 * (1 << 21); + carry2 = s2 >> 21; + s3 += carry2; + s2 -= carry2 * (1 << 21); + carry3 = s3 >> 21; + s4 += carry3; + s3 -= carry3 * (1 << 21); + carry4 = s4 >> 21; + s5 += carry4; + s4 -= carry4 * (1 << 21); + carry5 = s5 >> 21; + s6 += carry5; + s5 -= carry5 * (1 << 21); + carry6 = s6 >> 21; + s7 += carry6; + s6 -= carry6 * (1 << 21); + carry7 = s7 >> 21; + s8 += carry7; + s7 -= carry7 * (1 << 21); + carry8 = s8 >> 21; + s9 += carry8; + s8 -= carry8 * (1 << 21); + carry9 = s9 >> 21; + s10 += carry9; + s9 -= carry9 * (1 << 21); + carry10 = s10 >> 21; + s11 += carry10; + s10 -= carry10 * (1 << 21); + carry11 = s11 >> 21; + s12 += carry11; + s11 -= carry11 * (1 << 21); + + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + s12 = 0; + + carry0 = s0 >> 21; + s1 += carry0; + s0 -= carry0 * (1 << 21); + carry1 = s1 >> 21; + s2 += carry1; + s1 -= carry1 * (1 << 21); + carry2 = s2 >> 21; + s3 += carry2; + s2 -= carry2 * (1 << 21); + carry3 = s3 >> 21; + s4 += carry3; + s3 -= carry3 * (1 << 21); + carry4 = s4 >> 21; + s5 += carry4; + s4 -= carry4 * (1 << 21); + carry5 = s5 >> 21; + s6 += carry5; + s5 -= carry5 * (1 << 21); + carry6 = s6 >> 21; + s7 += carry6; + s6 -= carry6 * (1 << 21); + carry7 = s7 >> 21; + s8 += carry7; + s7 -= carry7 * (1 << 21); + carry8 = s8 >> 21; + s9 += carry8; + s8 -= carry8 * (1 << 21); + carry9 = s9 >> 21; + s10 += carry9; + s9 -= carry9 * (1 << 21); + carry10 = s10 >> 21; + s11 += carry10; + s10 -= carry10 * (1 << 21); + + s[0] = (uint8_t)(s0 >> 0); + s[1] = (uint8_t)(s0 >> 8); + s[2] = (uint8_t)((s0 >> 16) | (s1 << 5)); + s[3] = (uint8_t)(s1 >> 3); + s[4] = (uint8_t)(s1 >> 11); + s[5] = (uint8_t)((s1 >> 19) | (s2 << 2)); + s[6] = (uint8_t)(s2 >> 6); + s[7] = (uint8_t)((s2 >> 14) | (s3 << 7)); + s[8] = (uint8_t)(s3 >> 1); + s[9] = (uint8_t)(s3 >> 9); + s[10] = (uint8_t)((s3 >> 17) | (s4 << 4)); + s[11] = (uint8_t)(s4 >> 4); + s[12] = (uint8_t)(s4 >> 12); + s[13] = (uint8_t)((s4 >> 20) | (s5 << 1)); + s[14] = (uint8_t)(s5 >> 7); + s[15] = (uint8_t)((s5 >> 15) | (s6 << 6)); + s[16] = (uint8_t)(s6 >> 2); + s[17] = (uint8_t)(s6 >> 10); + s[18] = (uint8_t)((s6 >> 18) | (s7 << 3)); + s[19] = (uint8_t)(s7 >> 5); + s[20] = (uint8_t)(s7 >> 13); + s[21] = (uint8_t)(s8 >> 0); + s[22] = (uint8_t)(s8 >> 8); + s[23] = (uint8_t)((s8 >> 16) | (s9 << 5)); + s[24] = (uint8_t)(s9 >> 3); + s[25] = (uint8_t)(s9 >> 11); + s[26] = (uint8_t)((s9 >> 19) | (s10 << 2)); + s[27] = (uint8_t)(s10 >> 6); + s[28] = (uint8_t)((s10 >> 14) | (s11 << 7)); + s[29] = (uint8_t)(s11 >> 1); + s[30] = (uint8_t)(s11 >> 9); + s[31] = (uint8_t)(s11 >> 17); +} + +int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len, + const uint8_t public_key[32], const uint8_t private_key[32]) { + uint8_t az[SHA512_DIGEST_LENGTH]; + uint8_t nonce[SHA512_DIGEST_LENGTH]; + ge_p3 R; + uint8_t hram[SHA512_DIGEST_LENGTH]; + SHA512_CTX hash_ctx; + + SHA512_Init(&hash_ctx); + SHA512_Update(&hash_ctx, private_key, 32); + SHA512_Final(az, &hash_ctx); + + az[0] &= 248; + az[31] &= 63; + az[31] |= 64; + + SHA512_Init(&hash_ctx); + SHA512_Update(&hash_ctx, az + 32, 32); + SHA512_Update(&hash_ctx, message, message_len); + SHA512_Final(nonce, &hash_ctx); + + x25519_sc_reduce(nonce); + ge_scalarmult_base(&R, nonce); + ge_p3_tobytes(out_sig, &R); + + SHA512_Init(&hash_ctx); + SHA512_Update(&hash_ctx, out_sig, 32); + SHA512_Update(&hash_ctx, public_key, 32); + SHA512_Update(&hash_ctx, message, message_len); + SHA512_Final(hram, &hash_ctx); + + x25519_sc_reduce(hram); + sc_muladd(out_sig + 32, hram, az, nonce); + + OPENSSL_cleanse(&hash_ctx, sizeof(hash_ctx)); + OPENSSL_cleanse(nonce, sizeof(nonce)); + OPENSSL_cleanse(az, sizeof(az)); + + return 1; +} + +int ED25519_verify(const uint8_t *message, size_t message_len, + const uint8_t signature[64], const uint8_t public_key[32]) { + ge_p3 A; + uint8_t rcopy[32]; + uint8_t scopy[32]; + SHA512_CTX hash_ctx; + ge_p2 R; + uint8_t rcheck[32]; + uint8_t h[SHA512_DIGEST_LENGTH]; + + if ((signature[63] & 224) != 0 || + ge_frombytes_vartime(&A, public_key) != 0) { + return 0; + } + + fe_neg(A.X, A.X); + fe_neg(A.T, A.T); + + memcpy(rcopy, signature, 32); + memcpy(scopy, signature + 32, 32); + + SHA512_Init(&hash_ctx); + SHA512_Update(&hash_ctx, signature, 32); + SHA512_Update(&hash_ctx, public_key, 32); + SHA512_Update(&hash_ctx, message, message_len); + SHA512_Final(h, &hash_ctx); + + x25519_sc_reduce(h); + + ge_double_scalarmult_vartime(&R, h, &A, scopy); + + ge_tobytes(rcheck, &R); + + return CRYPTO_memcmp(rcheck, rcopy, sizeof(rcheck)) == 0; +} + +void ED25519_public_from_private(uint8_t out_public_key[32], + const uint8_t private_key[32]) { + uint8_t az[SHA512_DIGEST_LENGTH]; + ge_p3 A; + + SHA512(private_key, 32, az); + + az[0] &= 248; + az[31] &= 63; + az[31] |= 64; + + ge_scalarmult_base(&A, az); + ge_p3_tobytes(out_public_key, &A); + + OPENSSL_cleanse(az, sizeof(az)); +} int X25519(uint8_t out_shared_key[32], const uint8_t private_key[32], const uint8_t peer_public_value[32]) { diff --git a/deps/openssl/openssl/crypto/ec/curve448/arch_32/arch_intrinsics.h b/deps/openssl/openssl/crypto/ec/curve448/arch_32/arch_intrinsics.h new file mode 100644 index 00000000000000..48081c77170b08 --- /dev/null +++ b/deps/openssl/openssl/crypto/ec/curve448/arch_32/arch_intrinsics.h @@ -0,0 +1,27 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016 Cryptography Research, Inc. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + * + * Originally written by Mike Hamburg + */ + +#ifndef HEADER_ARCH_32_ARCH_INTRINSICS_H +# define HEADER_ARCH_32_ARCH_INTRINSICS_H + +#include "internal/constant_time_locl.h" + +# define ARCH_WORD_BITS 32 + +#define word_is_zero(a) constant_time_is_zero_32(a) + +static ossl_inline uint64_t widemul(uint32_t a, uint32_t b) +{ + return ((uint64_t)a) * b; +} + +#endif /* HEADER_ARCH_32_ARCH_INTRINSICS_H */ diff --git a/deps/openssl/openssl/crypto/ec/curve448/arch_32/f_impl.c b/deps/openssl/openssl/crypto/ec/curve448/arch_32/f_impl.c new file mode 100644 index 00000000000000..8a89d276edb6a4 --- /dev/null +++ b/deps/openssl/openssl/crypto/ec/curve448/arch_32/f_impl.c @@ -0,0 +1,95 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014 Cryptography Research, Inc. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + * + * Originally written by Mike Hamburg + */ + +#include "field.h" + +void gf_mul(gf_s * RESTRICT cs, const gf as, const gf bs) +{ + const uint32_t *a = as->limb, *b = bs->limb; + uint32_t *c = cs->limb; + uint64_t accum0 = 0, accum1 = 0, accum2 = 0; + uint32_t mask = (1 << 28) - 1; + uint32_t aa[8], bb[8]; + int i, j; + + for (i = 0; i < 8; i++) { + aa[i] = a[i] + a[i + 8]; + bb[i] = b[i] + b[i + 8]; + } + + for (j = 0; j < 8; j++) { + accum2 = 0; + for (i = 0; i < j + 1; i++) { + accum2 += widemul(a[j - i], b[i]); + accum1 += widemul(aa[j - i], bb[i]); + accum0 += widemul(a[8 + j - i], b[8 + i]); + } + accum1 -= accum2; + accum0 += accum2; + accum2 = 0; + for (i = j + 1; i < 8; i++) { + accum0 -= widemul(a[8 + j - i], b[i]); + accum2 += widemul(aa[8 + j - i], bb[i]); + accum1 += widemul(a[16 + j - i], b[8 + i]); + } + accum1 += accum2; + accum0 += accum2; + c[j] = ((uint32_t)(accum0)) & mask; + c[j + 8] = ((uint32_t)(accum1)) & mask; + accum0 >>= 28; + accum1 >>= 28; + } + + accum0 += accum1; + accum0 += c[8]; + accum1 += c[0]; + c[8] = ((uint32_t)(accum0)) & mask; + c[0] = ((uint32_t)(accum1)) & mask; + + accum0 >>= 28; + accum1 >>= 28; + c[9] += ((uint32_t)(accum0)); + c[1] += ((uint32_t)(accum1)); +} + +void gf_mulw_unsigned(gf_s * RESTRICT cs, const gf as, uint32_t b) +{ + const uint32_t *a = as->limb; + uint32_t *c = cs->limb; + uint64_t accum0 = 0, accum8 = 0; + uint32_t mask = (1 << 28) - 1; + int i; + + assert(b <= mask); + + for (i = 0; i < 8; i++) { + accum0 += widemul(b, a[i]); + accum8 += widemul(b, a[i + 8]); + c[i] = accum0 & mask; + accum0 >>= 28; + c[i + 8] = accum8 & mask; + accum8 >>= 28; + } + + accum0 += accum8 + c[8]; + c[8] = ((uint32_t)accum0) & mask; + c[9] += (uint32_t)(accum0 >> 28); + + accum8 += c[0]; + c[0] = ((uint32_t)accum8) & mask; + c[1] += (uint32_t)(accum8 >> 28); +} + +void gf_sqr(gf_s * RESTRICT cs, const gf as) +{ + gf_mul(cs, as, as); /* Performs better with a dedicated square */ +} diff --git a/deps/openssl/openssl/crypto/ec/curve448/arch_32/f_impl.h b/deps/openssl/openssl/crypto/ec/curve448/arch_32/f_impl.h new file mode 100644 index 00000000000000..bbde84a0389755 --- /dev/null +++ b/deps/openssl/openssl/crypto/ec/curve448/arch_32/f_impl.h @@ -0,0 +1,60 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2016 Cryptography Research, Inc. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + * + * Originally written by Mike Hamburg + */ + +#ifndef HEADER_ARCH_32_F_IMPL_H +# define HEADER_ARCH_32_F_IMPL_H + +# define GF_HEADROOM 2 +# define LIMB(x) ((x) & ((1 << 28) - 1)), ((x) >> 28) +# define FIELD_LITERAL(a, b, c, d, e, f, g, h) \ + {{LIMB(a), LIMB(b), LIMB(c), LIMB(d), LIMB(e), LIMB(f), LIMB(g), LIMB(h)}} + +# define LIMB_PLACE_VALUE(i) 28 + +void gf_add_RAW(gf out, const gf a, const gf b) +{ + unsigned int i; + + for (i = 0; i < NLIMBS; i++) + out->limb[i] = a->limb[i] + b->limb[i]; +} + +void gf_sub_RAW(gf out, const gf a, const gf b) +{ + unsigned int i; + + for (i = 0; i < NLIMBS; i++) + out->limb[i] = a->limb[i] - b->limb[i]; +} + +void gf_bias(gf a, int amt) +{ + unsigned int i; + uint32_t co1 = ((1 << 28) - 1) * amt, co2 = co1 - amt; + + for (i = 0; i < NLIMBS; i++) + a->limb[i] += (i == NLIMBS / 2) ? co2 : co1; +} + +void gf_weak_reduce(gf a) +{ + uint32_t mask = (1 << 28) - 1; + uint32_t tmp = a->limb[NLIMBS - 1] >> 28; + unsigned int i; + + a->limb[NLIMBS / 2] += tmp; + for (i = NLIMBS - 1; i > 0; i--) + a->limb[i] = (a->limb[i] & mask) + (a->limb[i - 1] >> 28); + a->limb[0] = (a->limb[0] & mask) + tmp; +} + +#endif /* HEADER_ARCH_32_F_IMPL_H */ diff --git a/deps/openssl/openssl/crypto/ec/curve448/curve448.c b/deps/openssl/openssl/crypto/ec/curve448/curve448.c new file mode 100644 index 00000000000000..7dc68c8853e1df --- /dev/null +++ b/deps/openssl/openssl/crypto/ec/curve448/curve448.c @@ -0,0 +1,727 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2016 Cryptography Research, Inc. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + * + * Originally written by Mike Hamburg + */ +#include +#include "word.h" +#include "field.h" + +#include "point_448.h" +#include "ed448.h" +#include "curve448_lcl.h" + +#define COFACTOR 4 + +#define C448_WNAF_FIXED_TABLE_BITS 5 +#define C448_WNAF_VAR_TABLE_BITS 3 + +#define EDWARDS_D (-39081) + +static const curve448_scalar_t precomputed_scalarmul_adjustment = { + { + { + SC_LIMB(0xc873d6d54a7bb0cf), SC_LIMB(0xe933d8d723a70aad), + SC_LIMB(0xbb124b65129c96fd), SC_LIMB(0x00000008335dc163) + } + } +}; + +#define TWISTED_D (EDWARDS_D - 1) + +#define WBITS C448_WORD_BITS /* NB this may be different from ARCH_WORD_BITS */ + +/* Inverse. */ +static void gf_invert(gf y, const gf x, int assert_nonzero) +{ + mask_t ret; + gf t1, t2; + + gf_sqr(t1, x); /* o^2 */ + ret = gf_isr(t2, t1); /* +-1/sqrt(o^2) = +-1/o */ + (void)ret; + if (assert_nonzero) + assert(ret); + gf_sqr(t1, t2); + gf_mul(t2, t1, x); /* not direct to y in case of alias. */ + gf_copy(y, t2); +} + +/** identity = (0,1) */ +const curve448_point_t curve448_point_identity = + { {{{{0}}}, {{{1}}}, {{{1}}}, {{{0}}}} }; + +static void point_double_internal(curve448_point_t p, const curve448_point_t q, + int before_double) +{ + gf a, b, c, d; + + gf_sqr(c, q->x); + gf_sqr(a, q->y); + gf_add_nr(d, c, a); /* 2+e */ + gf_add_nr(p->t, q->y, q->x); /* 2+e */ + gf_sqr(b, p->t); + gf_subx_nr(b, b, d, 3); /* 4+e */ + gf_sub_nr(p->t, a, c); /* 3+e */ + gf_sqr(p->x, q->z); + gf_add_nr(p->z, p->x, p->x); /* 2+e */ + gf_subx_nr(a, p->z, p->t, 4); /* 6+e */ + if (GF_HEADROOM == 5) + gf_weak_reduce(a); /* or 1+e */ + gf_mul(p->x, a, b); + gf_mul(p->z, p->t, a); + gf_mul(p->y, p->t, d); + if (!before_double) + gf_mul(p->t, b, d); +} + +void curve448_point_double(curve448_point_t p, const curve448_point_t q) +{ + point_double_internal(p, q, 0); +} + +/* Operations on [p]niels */ +static ossl_inline void cond_neg_niels(niels_t n, mask_t neg) +{ + gf_cond_swap(n->a, n->b, neg); + gf_cond_neg(n->c, neg); +} + +static void pt_to_pniels(pniels_t b, const curve448_point_t a) +{ + gf_sub(b->n->a, a->y, a->x); + gf_add(b->n->b, a->x, a->y); + gf_mulw(b->n->c, a->t, 2 * TWISTED_D); + gf_add(b->z, a->z, a->z); +} + +static void pniels_to_pt(curve448_point_t e, const pniels_t d) +{ + gf eu; + + gf_add(eu, d->n->b, d->n->a); + gf_sub(e->y, d->n->b, d->n->a); + gf_mul(e->t, e->y, eu); + gf_mul(e->x, d->z, e->y); + gf_mul(e->y, d->z, eu); + gf_sqr(e->z, d->z); +} + +static void niels_to_pt(curve448_point_t e, const niels_t n) +{ + gf_add(e->y, n->b, n->a); + gf_sub(e->x, n->b, n->a); + gf_mul(e->t, e->y, e->x); + gf_copy(e->z, ONE); +} + +static void add_niels_to_pt(curve448_point_t d, const niels_t e, + int before_double) +{ + gf a, b, c; + + gf_sub_nr(b, d->y, d->x); /* 3+e */ + gf_mul(a, e->a, b); + gf_add_nr(b, d->x, d->y); /* 2+e */ + gf_mul(d->y, e->b, b); + gf_mul(d->x, e->c, d->t); + gf_add_nr(c, a, d->y); /* 2+e */ + gf_sub_nr(b, d->y, a); /* 3+e */ + gf_sub_nr(d->y, d->z, d->x); /* 3+e */ + gf_add_nr(a, d->x, d->z); /* 2+e */ + gf_mul(d->z, a, d->y); + gf_mul(d->x, d->y, b); + gf_mul(d->y, a, c); + if (!before_double) + gf_mul(d->t, b, c); +} + +static void sub_niels_from_pt(curve448_point_t d, const niels_t e, + int before_double) +{ + gf a, b, c; + + gf_sub_nr(b, d->y, d->x); /* 3+e */ + gf_mul(a, e->b, b); + gf_add_nr(b, d->x, d->y); /* 2+e */ + gf_mul(d->y, e->a, b); + gf_mul(d->x, e->c, d->t); + gf_add_nr(c, a, d->y); /* 2+e */ + gf_sub_nr(b, d->y, a); /* 3+e */ + gf_add_nr(d->y, d->z, d->x); /* 2+e */ + gf_sub_nr(a, d->z, d->x); /* 3+e */ + gf_mul(d->z, a, d->y); + gf_mul(d->x, d->y, b); + gf_mul(d->y, a, c); + if (!before_double) + gf_mul(d->t, b, c); +} + +static void add_pniels_to_pt(curve448_point_t p, const pniels_t pn, + int before_double) +{ + gf L0; + + gf_mul(L0, p->z, pn->z); + gf_copy(p->z, L0); + add_niels_to_pt(p, pn->n, before_double); +} + +static void sub_pniels_from_pt(curve448_point_t p, const pniels_t pn, + int before_double) +{ + gf L0; + + gf_mul(L0, p->z, pn->z); + gf_copy(p->z, L0); + sub_niels_from_pt(p, pn->n, before_double); +} + +c448_bool_t curve448_point_eq(const curve448_point_t p, + const curve448_point_t q) +{ + mask_t succ; + gf a, b; + + /* equality mod 2-torsion compares x/y */ + gf_mul(a, p->y, q->x); + gf_mul(b, q->y, p->x); + succ = gf_eq(a, b); + + return mask_to_bool(succ); +} + +c448_bool_t curve448_point_valid(const curve448_point_t p) +{ + mask_t out; + gf a, b, c; + + gf_mul(a, p->x, p->y); + gf_mul(b, p->z, p->t); + out = gf_eq(a, b); + gf_sqr(a, p->x); + gf_sqr(b, p->y); + gf_sub(a, b, a); + gf_sqr(b, p->t); + gf_mulw(c, b, TWISTED_D); + gf_sqr(b, p->z); + gf_add(b, b, c); + out &= gf_eq(a, b); + out &= ~gf_eq(p->z, ZERO); + return mask_to_bool(out); +} + +static ossl_inline void constant_time_lookup_niels(niels_s * RESTRICT ni, + const niels_t * table, + int nelts, int idx) +{ + constant_time_lookup(ni, table, sizeof(niels_s), nelts, idx); +} + +void curve448_precomputed_scalarmul(curve448_point_t out, + const curve448_precomputed_s * table, + const curve448_scalar_t scalar) +{ + unsigned int i, j, k; + const unsigned int n = COMBS_N, t = COMBS_T, s = COMBS_S; + niels_t ni; + curve448_scalar_t scalar1x; + + curve448_scalar_add(scalar1x, scalar, precomputed_scalarmul_adjustment); + curve448_scalar_halve(scalar1x, scalar1x); + + for (i = s; i > 0; i--) { + if (i != s) + point_double_internal(out, out, 0); + + for (j = 0; j < n; j++) { + int tab = 0; + mask_t invert; + + for (k = 0; k < t; k++) { + unsigned int bit = (i - 1) + s * (k + j * t); + + if (bit < C448_SCALAR_BITS) + tab |= + (scalar1x->limb[bit / WBITS] >> (bit % WBITS) & 1) << k; + } + + invert = (tab >> (t - 1)) - 1; + tab ^= invert; + tab &= (1 << (t - 1)) - 1; + + constant_time_lookup_niels(ni, &table->table[j << (t - 1)], + 1 << (t - 1), tab); + + cond_neg_niels(ni, invert); + if ((i != s) || j != 0) + add_niels_to_pt(out, ni, j == n - 1 && i != 1); + else + niels_to_pt(out, ni); + } + } + + OPENSSL_cleanse(ni, sizeof(ni)); + OPENSSL_cleanse(scalar1x, sizeof(scalar1x)); +} + +void curve448_point_mul_by_ratio_and_encode_like_eddsa( + uint8_t enc[EDDSA_448_PUBLIC_BYTES], + const curve448_point_t p) +{ + gf x, y, z, t; + curve448_point_t q; + + /* The point is now on the twisted curve. Move it to untwisted. */ + curve448_point_copy(q, p); + + { + /* 4-isogeny: 2xy/(y^+x^2), (y^2-x^2)/(2z^2-y^2+x^2) */ + gf u; + + gf_sqr(x, q->x); + gf_sqr(t, q->y); + gf_add(u, x, t); + gf_add(z, q->y, q->x); + gf_sqr(y, z); + gf_sub(y, y, u); + gf_sub(z, t, x); + gf_sqr(x, q->z); + gf_add(t, x, x); + gf_sub(t, t, z); + gf_mul(x, t, y); + gf_mul(y, z, u); + gf_mul(z, u, t); + OPENSSL_cleanse(u, sizeof(u)); + } + + /* Affinize */ + gf_invert(z, z, 1); + gf_mul(t, x, z); + gf_mul(x, y, z); + + /* Encode */ + enc[EDDSA_448_PRIVATE_BYTES - 1] = 0; + gf_serialize(enc, x, 1); + enc[EDDSA_448_PRIVATE_BYTES - 1] |= 0x80 & gf_lobit(t); + + OPENSSL_cleanse(x, sizeof(x)); + OPENSSL_cleanse(y, sizeof(y)); + OPENSSL_cleanse(z, sizeof(z)); + OPENSSL_cleanse(t, sizeof(t)); + curve448_point_destroy(q); +} + +c448_error_t curve448_point_decode_like_eddsa_and_mul_by_ratio( + curve448_point_t p, + const uint8_t enc[EDDSA_448_PUBLIC_BYTES]) +{ + uint8_t enc2[EDDSA_448_PUBLIC_BYTES]; + mask_t low; + mask_t succ; + + memcpy(enc2, enc, sizeof(enc2)); + + low = ~word_is_zero(enc2[EDDSA_448_PRIVATE_BYTES - 1] & 0x80); + enc2[EDDSA_448_PRIVATE_BYTES - 1] &= ~0x80; + + succ = gf_deserialize(p->y, enc2, 1, 0); + succ &= word_is_zero(enc2[EDDSA_448_PRIVATE_BYTES - 1]); + + gf_sqr(p->x, p->y); + gf_sub(p->z, ONE, p->x); /* num = 1-y^2 */ + gf_mulw(p->t, p->x, EDWARDS_D); /* dy^2 */ + gf_sub(p->t, ONE, p->t); /* denom = 1-dy^2 or 1-d + dy^2 */ + + gf_mul(p->x, p->z, p->t); + succ &= gf_isr(p->t, p->x); /* 1/sqrt(num * denom) */ + + gf_mul(p->x, p->t, p->z); /* sqrt(num / denom) */ + gf_cond_neg(p->x, gf_lobit(p->x) ^ low); + gf_copy(p->z, ONE); + + { + gf a, b, c, d; + + /* 4-isogeny 2xy/(y^2-ax^2), (y^2+ax^2)/(2-y^2-ax^2) */ + gf_sqr(c, p->x); + gf_sqr(a, p->y); + gf_add(d, c, a); + gf_add(p->t, p->y, p->x); + gf_sqr(b, p->t); + gf_sub(b, b, d); + gf_sub(p->t, a, c); + gf_sqr(p->x, p->z); + gf_add(p->z, p->x, p->x); + gf_sub(a, p->z, d); + gf_mul(p->x, a, b); + gf_mul(p->z, p->t, a); + gf_mul(p->y, p->t, d); + gf_mul(p->t, b, d); + OPENSSL_cleanse(a, sizeof(a)); + OPENSSL_cleanse(b, sizeof(b)); + OPENSSL_cleanse(c, sizeof(c)); + OPENSSL_cleanse(d, sizeof(d)); + } + + OPENSSL_cleanse(enc2, sizeof(enc2)); + assert(curve448_point_valid(p) || ~succ); + + return c448_succeed_if(mask_to_bool(succ)); +} + +c448_error_t x448_int(uint8_t out[X_PUBLIC_BYTES], + const uint8_t base[X_PUBLIC_BYTES], + const uint8_t scalar[X_PRIVATE_BYTES]) +{ + gf x1, x2, z2, x3, z3, t1, t2; + int t; + mask_t swap = 0; + mask_t nz; + + (void)gf_deserialize(x1, base, 1, 0); + gf_copy(x2, ONE); + gf_copy(z2, ZERO); + gf_copy(x3, x1); + gf_copy(z3, ONE); + + for (t = X_PRIVATE_BITS - 1; t >= 0; t--) { + uint8_t sb = scalar[t / 8]; + mask_t k_t; + + /* Scalar conditioning */ + if (t / 8 == 0) + sb &= -(uint8_t)COFACTOR; + else if (t == X_PRIVATE_BITS - 1) + sb = -1; + + k_t = (sb >> (t % 8)) & 1; + k_t = 0 - k_t; /* set to all 0s or all 1s */ + + swap ^= k_t; + gf_cond_swap(x2, x3, swap); + gf_cond_swap(z2, z3, swap); + swap = k_t; + + /* + * The "_nr" below skips coefficient reduction. In the following + * comments, "2+e" is saying that the coefficients are at most 2+epsilon + * times the reduction limit. + */ + gf_add_nr(t1, x2, z2); /* A = x2 + z2 */ /* 2+e */ + gf_sub_nr(t2, x2, z2); /* B = x2 - z2 */ /* 3+e */ + gf_sub_nr(z2, x3, z3); /* D = x3 - z3 */ /* 3+e */ + gf_mul(x2, t1, z2); /* DA */ + gf_add_nr(z2, z3, x3); /* C = x3 + z3 */ /* 2+e */ + gf_mul(x3, t2, z2); /* CB */ + gf_sub_nr(z3, x2, x3); /* DA-CB */ /* 3+e */ + gf_sqr(z2, z3); /* (DA-CB)^2 */ + gf_mul(z3, x1, z2); /* z3 = x1(DA-CB)^2 */ + gf_add_nr(z2, x2, x3); /* (DA+CB) */ /* 2+e */ + gf_sqr(x3, z2); /* x3 = (DA+CB)^2 */ + + gf_sqr(z2, t1); /* AA = A^2 */ + gf_sqr(t1, t2); /* BB = B^2 */ + gf_mul(x2, z2, t1); /* x2 = AA*BB */ + gf_sub_nr(t2, z2, t1); /* E = AA-BB */ /* 3+e */ + + gf_mulw(t1, t2, -EDWARDS_D); /* E*-d = a24*E */ + gf_add_nr(t1, t1, z2); /* AA + a24*E */ /* 2+e */ + gf_mul(z2, t2, t1); /* z2 = E(AA+a24*E) */ + } + + /* Finish */ + gf_cond_swap(x2, x3, swap); + gf_cond_swap(z2, z3, swap); + gf_invert(z2, z2, 0); + gf_mul(x1, x2, z2); + gf_serialize(out, x1, 1); + nz = ~gf_eq(x1, ZERO); + + OPENSSL_cleanse(x1, sizeof(x1)); + OPENSSL_cleanse(x2, sizeof(x2)); + OPENSSL_cleanse(z2, sizeof(z2)); + OPENSSL_cleanse(x3, sizeof(x3)); + OPENSSL_cleanse(z3, sizeof(z3)); + OPENSSL_cleanse(t1, sizeof(t1)); + OPENSSL_cleanse(t2, sizeof(t2)); + + return c448_succeed_if(mask_to_bool(nz)); +} + +void curve448_point_mul_by_ratio_and_encode_like_x448(uint8_t + out[X_PUBLIC_BYTES], + const curve448_point_t p) +{ + curve448_point_t q; + + curve448_point_copy(q, p); + gf_invert(q->t, q->x, 0); /* 1/x */ + gf_mul(q->z, q->t, q->y); /* y/x */ + gf_sqr(q->y, q->z); /* (y/x)^2 */ + gf_serialize(out, q->y, 1); + curve448_point_destroy(q); +} + +void x448_derive_public_key(uint8_t out[X_PUBLIC_BYTES], + const uint8_t scalar[X_PRIVATE_BYTES]) +{ + /* Scalar conditioning */ + uint8_t scalar2[X_PRIVATE_BYTES]; + curve448_scalar_t the_scalar; + curve448_point_t p; + unsigned int i; + + memcpy(scalar2, scalar, sizeof(scalar2)); + scalar2[0] &= -(uint8_t)COFACTOR; + + scalar2[X_PRIVATE_BYTES - 1] &= ~((0u - 1u) << ((X_PRIVATE_BITS + 7) % 8)); + scalar2[X_PRIVATE_BYTES - 1] |= 1 << ((X_PRIVATE_BITS + 7) % 8); + + curve448_scalar_decode_long(the_scalar, scalar2, sizeof(scalar2)); + + /* Compensate for the encoding ratio */ + for (i = 1; i < X448_ENCODE_RATIO; i <<= 1) + curve448_scalar_halve(the_scalar, the_scalar); + + curve448_precomputed_scalarmul(p, curve448_precomputed_base, the_scalar); + curve448_point_mul_by_ratio_and_encode_like_x448(out, p); + curve448_point_destroy(p); +} + +/* Control for variable-time scalar multiply algorithms. */ +struct smvt_control { + int power, addend; +}; + +#if defined(__GNUC__) && (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 3)) +# define NUMTRAILINGZEROS __builtin_ctz +#else +# define NUMTRAILINGZEROS numtrailingzeros +static uint32_t numtrailingzeros(uint32_t i) +{ + uint32_t tmp; + uint32_t num = 31; + + if (i == 0) + return 32; + + tmp = i << 16; + if (tmp != 0) { + i = tmp; + num -= 16; + } + tmp = i << 8; + if (tmp != 0) { + i = tmp; + num -= 8; + } + tmp = i << 4; + if (tmp != 0) { + i = tmp; + num -= 4; + } + tmp = i << 2; + if (tmp != 0) { + i = tmp; + num -= 2; + } + tmp = i << 1; + if (tmp != 0) + num--; + + return num; +} +#endif + +static int recode_wnaf(struct smvt_control *control, + /* [nbits/(table_bits + 1) + 3] */ + const curve448_scalar_t scalar, + unsigned int table_bits) +{ + unsigned int table_size = C448_SCALAR_BITS / (table_bits + 1) + 3; + int position = table_size - 1; /* at the end */ + uint64_t current = scalar->limb[0] & 0xFFFF; + uint32_t mask = (1 << (table_bits + 1)) - 1; + unsigned int w; + const unsigned int B_OVER_16 = sizeof(scalar->limb[0]) / 2; + unsigned int n, i; + + /* place the end marker */ + control[position].power = -1; + control[position].addend = 0; + position--; + + /* + * PERF: Could negate scalar if it's large. But then would need more cases + * in the actual code that uses it, all for an expected reduction of like + * 1/5 op. Probably not worth it. + */ + + for (w = 1; w < (C448_SCALAR_BITS - 1) / 16 + 3; w++) { + if (w < (C448_SCALAR_BITS - 1) / 16 + 1) { + /* Refill the 16 high bits of current */ + current += (uint32_t)((scalar->limb[w / B_OVER_16] + >> (16 * (w % B_OVER_16))) << 16); + } + + while (current & 0xFFFF) { + uint32_t pos = NUMTRAILINGZEROS((uint32_t)current); + uint32_t odd = (uint32_t)current >> pos; + int32_t delta = odd & mask; + + assert(position >= 0); + if (odd & (1 << (table_bits + 1))) + delta -= (1 << (table_bits + 1)); + current -= delta * (1 << pos); + control[position].power = pos + 16 * (w - 1); + control[position].addend = delta; + position--; + } + current >>= 16; + } + assert(current == 0); + + position++; + n = table_size - position; + for (i = 0; i < n; i++) + control[i] = control[i + position]; + + return n - 1; +} + +static void prepare_wnaf_table(pniels_t * output, + const curve448_point_t working, + unsigned int tbits) +{ + curve448_point_t tmp; + int i; + pniels_t twop; + + pt_to_pniels(output[0], working); + + if (tbits == 0) + return; + + curve448_point_double(tmp, working); + pt_to_pniels(twop, tmp); + + add_pniels_to_pt(tmp, output[0], 0); + pt_to_pniels(output[1], tmp); + + for (i = 2; i < 1 << tbits; i++) { + add_pniels_to_pt(tmp, twop, 0); + pt_to_pniels(output[i], tmp); + } + + curve448_point_destroy(tmp); + OPENSSL_cleanse(twop, sizeof(twop)); +} + +void curve448_base_double_scalarmul_non_secret(curve448_point_t combo, + const curve448_scalar_t scalar1, + const curve448_point_t base2, + const curve448_scalar_t scalar2) +{ + const int table_bits_var = C448_WNAF_VAR_TABLE_BITS; + const int table_bits_pre = C448_WNAF_FIXED_TABLE_BITS; + struct smvt_control control_var[C448_SCALAR_BITS / + (C448_WNAF_VAR_TABLE_BITS + 1) + 3]; + struct smvt_control control_pre[C448_SCALAR_BITS / + (C448_WNAF_FIXED_TABLE_BITS + 1) + 3]; + int ncb_pre = recode_wnaf(control_pre, scalar1, table_bits_pre); + int ncb_var = recode_wnaf(control_var, scalar2, table_bits_var); + pniels_t precmp_var[1 << C448_WNAF_VAR_TABLE_BITS]; + int contp = 0, contv = 0, i; + + prepare_wnaf_table(precmp_var, base2, table_bits_var); + i = control_var[0].power; + + if (i < 0) { + curve448_point_copy(combo, curve448_point_identity); + return; + } + if (i > control_pre[0].power) { + pniels_to_pt(combo, precmp_var[control_var[0].addend >> 1]); + contv++; + } else if (i == control_pre[0].power && i >= 0) { + pniels_to_pt(combo, precmp_var[control_var[0].addend >> 1]); + add_niels_to_pt(combo, curve448_wnaf_base[control_pre[0].addend >> 1], + i); + contv++; + contp++; + } else { + i = control_pre[0].power; + niels_to_pt(combo, curve448_wnaf_base[control_pre[0].addend >> 1]); + contp++; + } + + for (i--; i >= 0; i--) { + int cv = (i == control_var[contv].power); + int cp = (i == control_pre[contp].power); + + point_double_internal(combo, combo, i && !(cv || cp)); + + if (cv) { + assert(control_var[contv].addend); + + if (control_var[contv].addend > 0) + add_pniels_to_pt(combo, + precmp_var[control_var[contv].addend >> 1], + i && !cp); + else + sub_pniels_from_pt(combo, + precmp_var[(-control_var[contv].addend) + >> 1], i && !cp); + contv++; + } + + if (cp) { + assert(control_pre[contp].addend); + + if (control_pre[contp].addend > 0) + add_niels_to_pt(combo, + curve448_wnaf_base[control_pre[contp].addend + >> 1], i); + else + sub_niels_from_pt(combo, + curve448_wnaf_base[(-control_pre + [contp].addend) >> 1], i); + contp++; + } + } + + /* This function is non-secret, but whatever this is cheap. */ + OPENSSL_cleanse(control_var, sizeof(control_var)); + OPENSSL_cleanse(control_pre, sizeof(control_pre)); + OPENSSL_cleanse(precmp_var, sizeof(precmp_var)); + + assert(contv == ncb_var); + (void)ncb_var; + assert(contp == ncb_pre); + (void)ncb_pre; +} + +void curve448_point_destroy(curve448_point_t point) +{ + OPENSSL_cleanse(point, sizeof(curve448_point_t)); +} + +int X448(uint8_t out_shared_key[56], const uint8_t private_key[56], + const uint8_t peer_public_value[56]) +{ + return x448_int(out_shared_key, peer_public_value, private_key) + == C448_SUCCESS; +} + +void X448_public_from_private(uint8_t out_public_value[56], + const uint8_t private_key[56]) +{ + x448_derive_public_key(out_public_value, private_key); +} diff --git a/deps/openssl/openssl/crypto/ec/curve448/curve448_lcl.h b/deps/openssl/openssl/crypto/ec/curve448/curve448_lcl.h new file mode 100644 index 00000000000000..2bc3bd84c86d02 --- /dev/null +++ b/deps/openssl/openssl/crypto/ec/curve448/curve448_lcl.h @@ -0,0 +1,38 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ +#ifndef HEADER_CURVE448_LCL_H +# define HEADER_CURVE448_LCL_H +# include "curve448utils.h" + +int X448(uint8_t out_shared_key[56], const uint8_t private_key[56], + const uint8_t peer_public_value[56]); + +void X448_public_from_private(uint8_t out_public_value[56], + const uint8_t private_key[56]); + +int ED448_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len, + const uint8_t public_key[57], const uint8_t private_key[57], + const uint8_t *context, size_t context_len); + +int ED448_verify(const uint8_t *message, size_t message_len, + const uint8_t signature[114], const uint8_t public_key[57], + const uint8_t *context, size_t context_len); + +int ED448ph_sign(uint8_t *out_sig, const uint8_t hash[64], + const uint8_t public_key[57], const uint8_t private_key[57], + const uint8_t *context, size_t context_len); + +int ED448ph_verify(const uint8_t hash[64], const uint8_t signature[114], + const uint8_t public_key[57], const uint8_t *context, + size_t context_len); + +int ED448_public_from_private(uint8_t out_public_key[57], + const uint8_t private_key[57]); + +#endif /* HEADER_CURVE448_LCL_H */ diff --git a/deps/openssl/openssl/crypto/ec/curve448/curve448_tables.c b/deps/openssl/openssl/crypto/ec/curve448/curve448_tables.c new file mode 100644 index 00000000000000..a1185b1eee6a6b --- /dev/null +++ b/deps/openssl/openssl/crypto/ec/curve448/curve448_tables.c @@ -0,0 +1,475 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2016 Cryptography Research, Inc. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + * + * Originally written by Mike Hamburg + */ +#include "field.h" + +#include "point_448.h" + +static const curve448_precomputed_s curve448_precomputed_base_table = { + { + {{ + {FIELD_LITERAL(0x00cc3b062366f4cc,0x003d6e34e314aa3c,0x00d51c0a7521774d,0x0094e060eec6ab8b,0x00d21291b4d80082,0x00befed12b55ef1e,0x00c3dd2df5c94518,0x00e0a7b112b8d4e6)}, + {FIELD_LITERAL(0x0019eb5608d8723a,0x00d1bab52fb3aedb,0x00270a7311ebc90c,0x0037c12b91be7f13,0x005be16cd8b5c704,0x003e181acda888e1,0x00bc1f00fc3fc6d0,0x00d3839bfa319e20)}, + {FIELD_LITERAL(0x003caeb88611909f,0x00ea8b378c4df3d4,0x00b3295b95a5a19a,0x00a65f97514bdfb5,0x00b39efba743cab1,0x0016ba98b862fd2d,0x0001508812ee71d7,0x000a75740eea114a)}, + }}, {{ + {FIELD_LITERAL(0x00ebcf0eb649f823,0x00166d332e98ea03,0x0059ddf64f5cd5f6,0x0047763123d9471b,0x00a64065c53ef62f,0x00978e44c480153d,0x000b5b2a0265f194,0x0046a24b9f32965a)}, + {FIELD_LITERAL(0x00b9eef787034df0,0x0020bc24de3390cd,0x000022160bae99bb,0x00ae66e886e97946,0x0048d4bbe02cbb8b,0x0072ba97b34e38d4,0x00eae7ec8f03e85a,0x005ba92ecf808b2c)}, + {FIELD_LITERAL(0x00c9cfbbe74258fd,0x00843a979ea9eaa7,0x000cbb4371cfbe90,0x0059bac8f7f0a628,0x004b3dff882ff530,0x0011869df4d90733,0x00595aa71f4abfc2,0x0070e2d38990c2e6)}, + }}, {{ + {FIELD_LITERAL(0x00de2010c0a01733,0x00c739a612e24297,0x00a7212643141d7c,0x00f88444f6b67c11,0x00484b7b16ec28f2,0x009c1b8856af9c68,0x00ff4669591fe9d6,0x0054974be08a32c8)}, + {FIELD_LITERAL(0x0010de3fd682ceed,0x008c07642d83ca4e,0x0013bb064e00a1cc,0x009411ae27870e11,0x00ea8e5b4d531223,0x0032fe7d2aaece2e,0x00d989e243e7bb41,0x000fe79a508e9b8b)}, + {FIELD_LITERAL(0x005e0426b9bfc5b1,0x0041a5b1d29ee4fa,0x0015b0def7774391,0x00bc164f1f51af01,0x00d543b0942797b9,0x003c129b6398099c,0x002b114c6e5adf18,0x00b4e630e4018a7b)}, + }}, {{ + {FIELD_LITERAL(0x00d490afc95f8420,0x00b096bf50c1d9b9,0x00799fd707679866,0x007c74d9334afbea,0x00efaa8be80ff4ed,0x0075c4943bb81694,0x00c21c2fca161f36,0x00e77035d492bfee)}, + {FIELD_LITERAL(0x006658a190dd6661,0x00e0e9bab38609a6,0x0028895c802237ed,0x006a0229c494f587,0x002dcde96c9916b7,0x00d158822de16218,0x00173b917a06856f,0x00ca78a79ae07326)}, + {FIELD_LITERAL(0x00e35bfc79caced4,0x0087238a3e1fe3bb,0x00bcbf0ff4ceff5b,0x00a19c1c94099b91,0x0071e102b49db976,0x0059e3d004eada1e,0x008da78afa58a47e,0x00579c8ebf269187)}, + }}, {{ + {FIELD_LITERAL(0x00a16c2905eee75f,0x009d4bcaea2c7e1d,0x00d3bd79bfad19df,0x0050da745193342c,0x006abdb8f6b29ab1,0x00a24fe0a4fef7ef,0x0063730da1057dfb,0x00a08c312c8eb108)}, + {FIELD_LITERAL(0x00b583be005375be,0x00a40c8f8a4e3df4,0x003fac4a8f5bdbf7,0x00d4481d872cd718,0x004dc8749cdbaefe,0x00cce740d5e5c975,0x000b1c1f4241fd21,0x00a76de1b4e1cd07)}, + {FIELD_LITERAL(0x007a076500d30b62,0x000a6e117b7f090f,0x00c8712ae7eebd9a,0x000fbd6c1d5f6ff7,0x003a7977246ebf11,0x00166ed969c6600e,0x00aa42e469c98bec,0x00dc58f307cf0666)}, + }}, {{ + {FIELD_LITERAL(0x004b491f65a9a28b,0x006a10309e8a55b7,0x00b67210185187ef,0x00cf6497b12d9b8f,0x0085778c56e2b1ba,0x0015b4c07a814d85,0x00686479e62da561,0x008de5d88f114916)}, + {FIELD_LITERAL(0x00e37c88d6bba7b1,0x003e4577e1b8d433,0x0050d8ea5f510ec0,0x0042fc9f2da9ef59,0x003bd074c1141420,0x00561b8b7b68774e,0x00232e5e5d1013a3,0x006b7f2cb3d7e73f)}, + {FIELD_LITERAL(0x004bdd0f0b41e6a0,0x001773057c405d24,0x006029f99915bd97,0x006a5ba70a17fe2f,0x0046111977df7e08,0x004d8124c89fb6b7,0x00580983b2bb2724,0x00207bf330d6f3fe)}, + }}, {{ + {FIELD_LITERAL(0x007efdc93972a48b,0x002f5e50e78d5fee,0x0080dc11d61c7fe5,0x0065aa598707245b,0x009abba2300641be,0x000c68787656543a,0x00ffe0fef2dc0a17,0x00007ffbd6cb4f3a)}, + {FIELD_LITERAL(0x0036012f2b836efc,0x00458c126d6b5fbc,0x00a34436d719ad1e,0x0097be6167117dea,0x0009c219c879cff3,0x0065564493e60755,0x00993ac94a8cdec0,0x002d4885a4d0dbaf)}, + {FIELD_LITERAL(0x00598b60b4c068ba,0x00c547a0be7f1afd,0x009582164acf12af,0x00af4acac4fbbe40,0x005f6ca7c539121a,0x003b6e752ebf9d66,0x00f08a30d5cac5d4,0x00e399bb5f97c5a9)}, + }}, {{ + {FIELD_LITERAL(0x007445a0409c0a66,0x00a65c369f3829c0,0x0031d248a4f74826,0x006817f34defbe8e,0x00649741d95ebf2e,0x00d46466ab16b397,0x00fdc35703bee414,0x00343b43334525f8)}, + {FIELD_LITERAL(0x001796bea93f6401,0x00090c5a42e85269,0x00672412ba1252ed,0x001201d47b6de7de,0x006877bccfe66497,0x00b554fd97a4c161,0x009753f42dbac3cf,0x00e983e3e378270a)}, + {FIELD_LITERAL(0x00ac3eff18849872,0x00f0eea3bff05690,0x00a6d72c21dd505d,0x001b832642424169,0x00a6813017b540e5,0x00a744bd71b385cd,0x0022a7d089130a7b,0x004edeec9a133486)}, + }}, {{ + {FIELD_LITERAL(0x00b2d6729196e8a9,0x0088a9bb2031cef4,0x00579e7787dc1567,0x0030f49feb059190,0x00a0b1d69c7f7d8f,0x0040bdcc6d9d806f,0x00d76c4037edd095,0x00bbf24376415dd7)}, + {FIELD_LITERAL(0x00240465ff5a7197,0x00bb97e76caf27d0,0x004b4edbf8116d39,0x001d8586f708cbaa,0x000f8ee8ff8e4a50,0x00dde5a1945dd622,0x00e6fc1c0957e07c,0x0041c9cdabfd88a0)}, + {FIELD_LITERAL(0x005344b0bf5b548c,0x002957d0b705cc99,0x00f586a70390553d,0x0075b3229f583cc3,0x00a1aa78227490e4,0x001bf09cf7957717,0x00cf6bf344325f52,0x0065bd1c23ca3ecf)}, + }}, {{ + {FIELD_LITERAL(0x009bff3b3239363c,0x00e17368796ef7c0,0x00528b0fe0971f3a,0x0008014fc8d4a095,0x00d09f2e8a521ec4,0x006713ab5dde5987,0x0003015758e0dbb1,0x00215999f1ba212d)}, + {FIELD_LITERAL(0x002c88e93527da0e,0x0077c78f3456aad5,0x0071087a0a389d1c,0x00934dac1fb96dbd,0x008470e801162697,0x005bc2196cd4ad49,0x00e535601d5087c3,0x00769888700f497f)}, + {FIELD_LITERAL(0x00da7a4b557298ad,0x0019d2589ea5df76,0x00ef3e38be0c6497,0x00a9644e1312609a,0x004592f61b2558da,0x0082c1df510d7e46,0x0042809a535c0023,0x00215bcb5afd7757)}, + }}, {{ + {FIELD_LITERAL(0x002b9df55a1a4213,0x00dcfc3b464a26be,0x00c4f9e07a8144d5,0x00c8e0617a92b602,0x008e3c93accafae0,0x00bf1bcb95b2ca60,0x004ce2426a613bf3,0x00266cac58e40921)}, + {FIELD_LITERAL(0x008456d5db76e8f0,0x0032ca9cab2ce163,0x0059f2b8bf91abcf,0x0063c2a021712788,0x00f86155af22f72d,0x00db98b2a6c005a0,0x00ac6e416a693ac4,0x007a93572af53226)}, + {FIELD_LITERAL(0x0087767520f0de22,0x0091f64012279fb5,0x001050f1f0644999,0x004f097a2477ad3c,0x006b37913a9947bd,0x001a3d78645af241,0x0057832bbb3008a7,0x002c1d902b80dc20)}, + }}, {{ + {FIELD_LITERAL(0x001a6002bf178877,0x009bce168aa5af50,0x005fc318ff04a7f5,0x0052818f55c36461,0x008768f5d4b24afb,0x0037ffbae7b69c85,0x0018195a4b61edc0,0x001e12ea088434b2)}, + {FIELD_LITERAL(0x0047d3f804e7ab07,0x00a809ab5f905260,0x00b3ffc7cdaf306d,0x00746e8ec2d6e509,0x00d0dade8887a645,0x00acceeebde0dd37,0x009bc2579054686b,0x0023804f97f1c2bf)}, + {FIELD_LITERAL(0x0043e2e2e50b80d7,0x00143aafe4427e0f,0x005594aaecab855b,0x008b12ccaaecbc01,0x002deeb091082bc3,0x009cca4be2ae7514,0x00142b96e696d047,0x00ad2a2b1c05256a)}, + }}, {{ + {FIELD_LITERAL(0x003914f2f144b78b,0x007a95dd8bee6f68,0x00c7f4384d61c8e6,0x004e51eb60f1bdb2,0x00f64be7aa4621d8,0x006797bfec2f0ac0,0x007d17aab3c75900,0x001893e73cac8bc5)}, + {FIELD_LITERAL(0x00140360b768665b,0x00b68aca4967f977,0x0001089b66195ae4,0x00fe71122185e725,0x000bca2618d49637,0x00a54f0557d7e98a,0x00cdcd2f91d6f417,0x00ab8c13741fd793)}, + {FIELD_LITERAL(0x00725ee6b1e549e0,0x007124a0769777fa,0x000b68fdad07ae42,0x0085b909cd4952df,0x0092d2e3c81606f4,0x009f22f6cac099a0,0x00f59da57f2799a8,0x00f06c090122f777)}, + }}, {{ + {FIELD_LITERAL(0x00ce0bed0a3532bc,0x001a5048a22df16b,0x00e31db4cbad8bf1,0x00e89292120cf00e,0x007d1dd1a9b00034,0x00e2a9041ff8f680,0x006a4c837ae596e7,0x00713af1068070b3)}, + {FIELD_LITERAL(0x00c4fe64ce66d04b,0x00b095d52e09b3d7,0x00758bbecb1a3a8e,0x00f35cce8d0650c0,0x002b878aa5984473,0x0062e0a3b7544ddc,0x00b25b290ed116fe,0x007b0f6abe0bebf2)}, + {FIELD_LITERAL(0x0081d4e3addae0a8,0x003410c836c7ffcc,0x00c8129ad89e4314,0x000e3d5a23922dcd,0x00d91e46f29c31f3,0x006c728cde8c5947,0x002bc655ba2566c0,0x002ca94721533108)}, + }}, {{ + {FIELD_LITERAL(0x0051e4b3f764d8a9,0x0019792d46e904a0,0x00853bc13dbc8227,0x000840208179f12d,0x0068243474879235,0x0013856fbfe374d0,0x00bda12fe8676424,0x00bbb43635926eb2)}, + {FIELD_LITERAL(0x0012cdc880a93982,0x003c495b21cd1b58,0x00b7e5c93f22a26e,0x0044aa82dfb99458,0x009ba092cdffe9c0,0x00a14b3ab2083b73,0x000271c2f70e1c4b,0x00eea9cac0f66eb8)}, + {FIELD_LITERAL(0x001a1847c4ac5480,0x00b1b412935bb03a,0x00f74285983bf2b2,0x00624138b5b5d0f1,0x008820c0b03d38bf,0x00b94e50a18c1572,0x0060f6934841798f,0x00c52f5d66d6ebe2)}, + }}, {{ + {FIELD_LITERAL(0x00da23d59f9bcea6,0x00e0f27007a06a4b,0x00128b5b43a6758c,0x000cf50190fa8b56,0x00fc877aba2b2d72,0x00623bef52edf53f,0x00e6af6b819669e2,0x00e314dc34fcaa4f)}, + {FIELD_LITERAL(0x0066e5eddd164d1e,0x00418a7c6fe28238,0x0002e2f37e962c25,0x00f01f56b5975306,0x0048842fa503875c,0x0057b0e968078143,0x00ff683024f3d134,0x0082ae28fcad12e4)}, + {FIELD_LITERAL(0x0011ddfd21260e42,0x00d05b0319a76892,0x00183ea4368e9b8f,0x00b0815662affc96,0x00b466a5e7ce7c88,0x00db93b07506e6ee,0x0033885f82f62401,0x0086f9090ec9b419)}, + }}, {{ + {FIELD_LITERAL(0x00d95d1c5fcb435a,0x0016d1ed6b5086f9,0x00792aa0b7e54d71,0x0067b65715f1925d,0x00a219755ec6176b,0x00bc3f026b12c28f,0x00700c897ffeb93e,0x0089b83f6ec50b46)}, + {FIELD_LITERAL(0x003c97e6384da36e,0x00423d53eac81a09,0x00b70d68f3cdce35,0x00ee7959b354b92c,0x00f4e9718819c8ca,0x009349f12acbffe9,0x005aee7b62cb7da6,0x00d97764154ffc86)}, + {FIELD_LITERAL(0x00526324babb46dc,0x002ee99b38d7bf9e,0x007ea51794706ef4,0x00abeb04da6e3c39,0x006b457c1d281060,0x00fe243e9a66c793,0x00378de0fb6c6ee4,0x003e4194b9c3cb93)}, + }}, {{ + {FIELD_LITERAL(0x00fed3cd80ca2292,0x0015b043a73ca613,0x000a9fd7bf9be227,0x003b5e03de2db983,0x005af72d46904ef7,0x00c0f1b5c49faa99,0x00dc86fc3bd305e1,0x00c92f08c1cb1797)}, + {FIELD_LITERAL(0x0079680ce111ed3b,0x001a1ed82806122c,0x000c2e7466d15df3,0x002c407f6f7150fd,0x00c5e7c96b1b0ce3,0x009aa44626863ff9,0x00887b8b5b80be42,0x00b6023cec964825)}, + {FIELD_LITERAL(0x00e4a8e1048970c8,0x0062887b7830a302,0x00bcf1c8cd81402b,0x0056dbb81a68f5be,0x0014eced83f12452,0x00139e1a510150df,0x00bb81140a82d1a3,0x000febcc1aaf1aa7)}, + }}, {{ + {FIELD_LITERAL(0x00a7527958238159,0x0013ec9537a84cd6,0x001d7fee7d562525,0x00b9eefa6191d5e5,0x00dbc97db70bcb8a,0x00481affc7a4d395,0x006f73d3e70c31bb,0x00183f324ed96a61)}, + {FIELD_LITERAL(0x0039dd7ce7fc6860,0x00d64f6425653da1,0x003e037c7f57d0af,0x0063477a06e2bcf2,0x001727dbb7ac67e6,0x0049589f5efafe2e,0x00fc0fef2e813d54,0x008baa5d087fb50d)}, + {FIELD_LITERAL(0x0024fb59d9b457c7,0x00a7d4e060223e4c,0x00c118d1b555fd80,0x0082e216c732f22a,0x00cd2a2993089504,0x003638e836a3e13d,0x000d855ee89b4729,0x008ec5b7d4810c91)}, + }}, {{ + {FIELD_LITERAL(0x001bf51f7d65cdfd,0x00d14cdafa16a97d,0x002c38e60fcd10e7,0x00a27446e393efbd,0x000b5d8946a71fdd,0x0063df2cde128f2f,0x006c8679569b1888,0x0059ffc4925d732d)}, + {FIELD_LITERAL(0x00ece96f95f2b66f,0x00ece7952813a27b,0x0026fc36592e489e,0x007157d1a2de0f66,0x00759dc111d86ddf,0x0012881e5780bb0f,0x00c8ccc83ad29496,0x0012b9bd1929eb71)}, + {FIELD_LITERAL(0x000fa15a20da5df0,0x00349ddb1a46cd31,0x002c512ad1d8e726,0x00047611f669318d,0x009e68fba591e17e,0x004320dffa803906,0x00a640874951a3d3,0x00b6353478baa24f)}, + }}, {{ + {FIELD_LITERAL(0x009696510000d333,0x00ec2f788bc04826,0x000e4d02b1f67ba5,0x00659aa8dace08b6,0x00d7a38a3a3ae533,0x008856defa8c746b,0x004d7a4402d3da1a,0x00ea82e06229260f)}, + {FIELD_LITERAL(0x006a15bb20f75c0c,0x0079a144027a5d0c,0x00d19116ce0b4d70,0x0059b83bcb0b268e,0x005f58f63f16c127,0x0079958318ee2c37,0x00defbb063d07f82,0x00f1f0b931d2d446)}, + {FIELD_LITERAL(0x00cb5e4c3c35d422,0x008df885ca43577f,0x00fa50b16ca3e471,0x005a0e58e17488c8,0x00b2ceccd6d34d19,0x00f01d5d235e36e9,0x00db2e7e4be6ca44,0x00260ab77f35fccd)}, + }}, {{ + {FIELD_LITERAL(0x006f6fd9baac61d5,0x002a7710a020a895,0x009de0db7fc03d4d,0x00cdedcb1875f40b,0x00050caf9b6b1e22,0x005e3a6654456ab0,0x00775fdf8c4423d4,0x0028701ea5738b5d)}, + {FIELD_LITERAL(0x009ffd90abfeae96,0x00cba3c2b624a516,0x005ef08bcee46c91,0x00e6fde30afb6185,0x00f0b4db4f818ce4,0x006c54f45d2127f5,0x00040125035854c7,0x00372658a3287e13)}, + {FIELD_LITERAL(0x00d7070fb1beb2ab,0x0078fc845a93896b,0x006894a4b2f224a6,0x005bdd8192b9dbde,0x00b38839874b3a9e,0x00f93618b04b7a57,0x003e3ec75fd2c67e,0x00bf5e6bfc29494a)}, + }}, {{ + {FIELD_LITERAL(0x00f19224ebba2aa5,0x0074f89d358e694d,0x00eea486597135ad,0x0081579a4555c7e1,0x0010b9b872930a9d,0x00f002e87a30ecc0,0x009b9d66b6de56e2,0x00a3c4f45e8004eb)}, + {FIELD_LITERAL(0x0045e8dda9400888,0x002ff12e5fc05db7,0x00a7098d54afe69c,0x00cdbe846a500585,0x00879c1593ca1882,0x003f7a7fea76c8b0,0x002cd73dd0c8e0a1,0x00645d6ce96f51fe)}, + {FIELD_LITERAL(0x002b7e83e123d6d6,0x00398346f7419c80,0x0042922e55940163,0x005e7fc5601886a3,0x00e88f2cee1d3103,0x00e7fab135f2e377,0x00b059984dbf0ded,0x0009ce080faa5bb8)}, + }}, {{ + {FIELD_LITERAL(0x0085e78af7758979,0x00275a4ee1631a3a,0x00d26bc0ed78b683,0x004f8355ea21064f,0x00d618e1a32696e5,0x008d8d7b150e5680,0x00a74cd854b278d2,0x001dd62702203ea0)}, + {FIELD_LITERAL(0x00f89335c2a59286,0x00a0f5c905d55141,0x00b41fb836ee9382,0x00e235d51730ca43,0x00a5cb37b5c0a69a,0x009b966ffe136c45,0x00cb2ea10bf80ed1,0x00fb2b370b40dc35)}, + {FIELD_LITERAL(0x00d687d16d4ee8ba,0x0071520bdd069dff,0x00de85c60d32355d,0x0087d2e3565102f4,0x00cde391b8dfc9aa,0x00e18d69efdfefe5,0x004a9d0591954e91,0x00fa36dd8b50eee5)}, + }}, {{ + {FIELD_LITERAL(0x002e788749a865f7,0x006e4dc3116861ea,0x009f1428c37276e6,0x00e7d2e0fc1e1226,0x003aeebc6b6c45f6,0x0071a8073bf500c9,0x004b22ad986b530c,0x00f439e63c0d79d4)}, + {FIELD_LITERAL(0x006bc3d53011f470,0x00032d6e692b83e8,0x00059722f497cd0b,0x0009b4e6f0c497cc,0x0058a804b7cce6c0,0x002b71d3302bbd5d,0x00e2f82a36765fce,0x008dded99524c703)}, + {FIELD_LITERAL(0x004d058953747d64,0x00701940fe79aa6f,0x00a620ac71c760bf,0x009532b611158b75,0x00547ed7f466f300,0x003cb5ab53a8401a,0x00c7763168ce3120,0x007e48e33e4b9ab2)}, + }}, {{ + {FIELD_LITERAL(0x001b2fc57bf3c738,0x006a3f918993fb80,0x0026f7a14fdec288,0x0075a2cdccef08db,0x00d3ecbc9eecdbf1,0x0048c40f06e5bf7f,0x00d63e423009896b,0x000598bc99c056a8)}, + {FIELD_LITERAL(0x002f194eaafa46dc,0x008e38f57fe87613,0x00dc8e5ae25f4ab2,0x000a17809575e6bd,0x00d3ec7923ba366a,0x003a7e72e0ad75e3,0x0010024b88436e0a,0x00ed3c5444b64051)}, + {FIELD_LITERAL(0x00831fc1340af342,0x00c9645669466d35,0x007692b4cc5a080f,0x009fd4a47ac9259f,0x001eeddf7d45928b,0x003c0446fc45f28b,0x002c0713aa3e2507,0x0095706935f0f41e)}, + }}, {{ + {FIELD_LITERAL(0x00766ae4190ec6d8,0x0065768cabc71380,0x00b902598416cdc2,0x00380021ad38df52,0x008f0b89d6551134,0x004254d4cc62c5a5,0x000d79f4484b9b94,0x00b516732ae3c50e)}, + {FIELD_LITERAL(0x001fb73475c45509,0x00d2b2e5ea43345a,0x00cb3c3842077bd1,0x0029f90ad820946e,0x007c11b2380778aa,0x009e54ece62c1704,0x004bc60c41ca01c3,0x004525679a5a0b03)}, + {FIELD_LITERAL(0x00c64fbddbed87b3,0x0040601d11731faa,0x009c22475b6f9d67,0x0024b79dae875f15,0x00616fed3f02c3b0,0x0000cf39f6af2d3b,0x00c46bac0aa9a688,0x00ab23e2800da204)}, + }}, {{ + {FIELD_LITERAL(0x000b3a37617632b0,0x00597199fe1cfb6c,0x0042a7ccdfeafdd6,0x004cc9f15ebcea17,0x00f436e596a6b4a4,0x00168861142df0d8,0x000753edfec26af5,0x000c495d7e388116)}, + {FIELD_LITERAL(0x0017085f4a346148,0x00c7cf7a37f62272,0x001776e129bc5c30,0x009955134c9eef2a,0x001ba5bdf1df07be,0x00ec39497103a55c,0x006578354fda6cfb,0x005f02719d4f15ee)}, + {FIELD_LITERAL(0x0052b9d9b5d9655d,0x00d4ec7ba1b461c3,0x00f95df4974f280b,0x003d8e5ca11aeb51,0x00d4981eb5a70b26,0x000af9a4f6659f29,0x004598c846faeb43,0x0049d9a183a47670)}, + }}, {{ + {FIELD_LITERAL(0x000a72d23dcb3f1f,0x00a3737f84011727,0x00f870c0fbbf4a47,0x00a7aadd04b5c9ca,0x000c7715c67bd072,0x00015a136afcd74e,0x0080d5caea499634,0x0026b448ec7514b7)}, + {FIELD_LITERAL(0x00b60167d9e7d065,0x00e60ba0d07381e8,0x003a4f17b725c2d4,0x006c19fe176b64fa,0x003b57b31af86ccb,0x0021047c286180fd,0x00bdc8fb00c6dbb6,0x00fe4a9f4bab4f3f)}, + {FIELD_LITERAL(0x0088ffc3a16111f7,0x009155e4245d0bc8,0x00851d68220572d5,0x00557ace1e514d29,0x0031d7c339d91022,0x00101d0ae2eaceea,0x00246ab3f837b66a,0x00d5216d381ff530)}, + }}, {{ + {FIELD_LITERAL(0x0057e7ea35f36dae,0x00f47d7ad15de22e,0x00d757ea4b105115,0x008311457d579d7e,0x00b49b75b1edd4eb,0x0081c7ff742fd63a,0x00ddda3187433df6,0x00475727d55f9c66)}, + {FIELD_LITERAL(0x00a6295218dc136a,0x00563b3af0e9c012,0x00d3753b0145db1b,0x004550389c043dc1,0x00ea94ae27401bdf,0x002b0b949f2b7956,0x00c63f780ad8e23c,0x00e591c47d6bab15)}, + {FIELD_LITERAL(0x00416c582b058eb6,0x004107da5b2cc695,0x00b3cd2556aeec64,0x00c0b418267e57a1,0x001799293579bd2e,0x0046ed44590e4d07,0x001d7459b3630a1e,0x00c6afba8b6696aa)}, + }}, {{ + {FIELD_LITERAL(0x008d6009b26da3f8,0x00898e88ca06b1ca,0x00edb22b2ed7fe62,0x00fbc93516aabe80,0x008b4b470c42ce0d,0x00e0032ba7d0dcbb,0x00d76da3a956ecc8,0x007f20fe74e3852a)}, + {FIELD_LITERAL(0x002419222c607674,0x00a7f23af89188b3,0x00ad127284e73d1c,0x008bba582fae1c51,0x00fc6aa7ca9ecab1,0x003df5319eb6c2ba,0x002a05af8a8b199a,0x004bf8354558407c)}, + {FIELD_LITERAL(0x00ce7d4a30f0fcbf,0x00d02c272629f03d,0x0048c001f7400bc2,0x002c21368011958d,0x0098a550391e96b5,0x002d80b66390f379,0x001fa878760cc785,0x001adfce54b613d5)}, + }}, {{ + {FIELD_LITERAL(0x001ed4dc71fa2523,0x005d0bff19bf9b5c,0x00c3801cee065a64,0x001ed0b504323fbf,0x0003ab9fdcbbc593,0x00df82070178b8d2,0x00a2bcaa9c251f85,0x00c628a3674bd02e)}, + {FIELD_LITERAL(0x006b7a0674f9f8de,0x00a742414e5c7cff,0x0041cbf3c6e13221,0x00e3a64fd207af24,0x0087c05f15fbe8d1,0x004c50936d9e8a33,0x001306ec21042b6d,0x00a4f4137d1141c2)}, + {FIELD_LITERAL(0x0009e6fb921568b0,0x00b3c60120219118,0x002a6c3460dd503a,0x009db1ef11654b54,0x0063e4bf0be79601,0x00670d34bb2592b9,0x00dcee2f6c4130ce,0x00b2682e88e77f54)}, + }}, {{ + {FIELD_LITERAL(0x000d5b4b3da135ab,0x00838f3e5064d81d,0x00d44eb50f6d94ed,0x0008931ab502ac6d,0x00debe01ca3d3586,0x0025c206775f0641,0x005ad4b6ae912763,0x007e2c318ad8f247)}, + {FIELD_LITERAL(0x00ddbe0750dd1add,0x004b3c7b885844b8,0x00363e7ecf12f1ae,0x0062e953e6438f9d,0x0023cc73b076afe9,0x00b09fa083b4da32,0x00c7c3d2456c541d,0x005b591ec6b694d4)}, + {FIELD_LITERAL(0x0028656e19d62fcf,0x0052a4af03df148d,0x00122765ddd14e42,0x00f2252904f67157,0x004741965b636f3a,0x006441d296132cb9,0x005e2106f956a5b7,0x00247029592d335c)}, + }}, {{ + {FIELD_LITERAL(0x003fe038eb92f894,0x000e6da1b72e8e32,0x003a1411bfcbe0fa,0x00b55d473164a9e4,0x00b9a775ac2df48d,0x0002ddf350659e21,0x00a279a69eb19cb3,0x00f844eab25cba44)}, + {FIELD_LITERAL(0x00c41d1f9c1f1ac1,0x007b2df4e9f19146,0x00b469355fd5ba7a,0x00b5e1965afc852a,0x00388d5f1e2d8217,0x0022079e4c09ae93,0x0014268acd4ef518,0x00c1dd8d9640464c)}, + {FIELD_LITERAL(0x0038526adeed0c55,0x00dd68c607e3fe85,0x00f746ddd48a5d57,0x0042f2952b963b7c,0x001cbbd6876d5ec2,0x005e341470bca5c2,0x00871d41e085f413,0x00e53ab098f45732)}, + }}, {{ + {FIELD_LITERAL(0x004d51124797c831,0x008f5ae3750347ad,0x0070ced94c1a0c8e,0x00f6db2043898e64,0x000d00c9a5750cd0,0x000741ec59bad712,0x003c9d11aab37b7f,0x00a67ba169807714)}, + {FIELD_LITERAL(0x00adb2c1566e8b8f,0x0096c68a35771a9a,0x00869933356f334a,0x00ba9c93459f5962,0x009ec73fb6e8ca4b,0x003c3802c27202e1,0x0031f5b733e0c008,0x00f9058c19611fa9)}, + {FIELD_LITERAL(0x00238f01814a3421,0x00c325a44b6cce28,0x002136f97aeb0e73,0x000cac8268a4afe2,0x0022fd218da471b3,0x009dcd8dfff8def9,0x00cb9f8181d999bb,0x00143ae56edea349)}, + }}, {{ + {FIELD_LITERAL(0x0000623bf87622c5,0x00a1966fdd069496,0x00c315b7b812f9fc,0x00bdf5efcd128b97,0x001d464f532e3e16,0x003cd94f081bfd7e,0x00ed9dae12ce4009,0x002756f5736eee70)}, + {FIELD_LITERAL(0x00a5187e6ee7341b,0x00e6d52e82d83b6e,0x00df3c41323094a7,0x00b3324f444e9de9,0x00689eb21a35bfe5,0x00f16363becd548d,0x00e187cc98e7f60f,0x00127d9062f0ccab)}, + {FIELD_LITERAL(0x004ad71b31c29e40,0x00a5fcace12fae29,0x004425b5597280ed,0x00e7ef5d716c3346,0x0010b53ada410ac8,0x0092310226060c9b,0x0091c26128729c7e,0x0088b42900f8ec3b)}, + }}, {{ + {FIELD_LITERAL(0x00f1e26e9762d4a8,0x00d9d74082183414,0x00ffec9bd57a0282,0x000919e128fd497a,0x00ab7ae7d00fe5f8,0x0054dc442851ff68,0x00c9ebeb3b861687,0x00507f7cab8b698f)}, + {FIELD_LITERAL(0x00c13c5aae3ae341,0x009c6c9ed98373e7,0x00098f26864577a8,0x0015b886e9488b45,0x0037692c42aadba5,0x00b83170b8e7791c,0x001670952ece1b44,0x00fd932a39276da2)}, + {FIELD_LITERAL(0x0081a3259bef3398,0x005480fff416107b,0x00ce4f607d21be98,0x003ffc084b41df9b,0x0043d0bb100502d1,0x00ec35f575ba3261,0x00ca18f677300ef3,0x00e8bb0a827d8548)}, + }}, {{ + {FIELD_LITERAL(0x00df76b3328ada72,0x002e20621604a7c2,0x00f910638a105b09,0x00ef4724d96ef2cd,0x00377d83d6b8a2f7,0x00b4f48805ade324,0x001cd5da8b152018,0x0045af671a20ca7f)}, + {FIELD_LITERAL(0x009ae3b93a56c404,0x004a410b7a456699,0x00023a619355e6b2,0x009cdc7297387257,0x0055b94d4ae70d04,0x002cbd607f65b005,0x003208b489697166,0x00ea2aa058867370)}, + {FIELD_LITERAL(0x00f29d2598ee3f32,0x00b4ac5385d82adc,0x007633eaf04df19b,0x00aa2d3d77ceab01,0x004a2302fcbb778a,0x00927f225d5afa34,0x004a8e9d5047f237,0x008224ae9dbce530)}, + }}, {{ + {FIELD_LITERAL(0x001cf640859b02f8,0x00758d1d5d5ce427,0x00763c784ef4604c,0x005fa81aee205270,0x00ac537bfdfc44cb,0x004b919bd342d670,0x00238508d9bf4b7a,0x00154888795644f3)}, + {FIELD_LITERAL(0x00c845923c084294,0x00072419a201bc25,0x0045f408b5f8e669,0x00e9d6a186b74dfe,0x00e19108c68fa075,0x0017b91d874177b7,0x002f0ca2c7912c5a,0x009400aa385a90a2)}, + {FIELD_LITERAL(0x0071110b01482184,0x00cfed0044f2bef8,0x0034f2901cf4662e,0x003b4ae2a67f9834,0x00cca9b96fe94810,0x00522507ae77abd0,0x00bac7422721e73e,0x0066622b0f3a62b0)}, + }}, {{ + {FIELD_LITERAL(0x00f8ac5cf4705b6a,0x00867d82dcb457e3,0x007e13ab2ccc2ce9,0x009ee9a018d3930e,0x008370f8ecb42df8,0x002d9f019add263e,0x003302385b92d196,0x00a15654536e2c0c)}, + {FIELD_LITERAL(0x0026ef1614e160af,0x00c023f9edfc9c76,0x00cff090da5f57ba,0x0076db7a66643ae9,0x0019462f8c646999,0x008fec00b3854b22,0x00d55041692a0a1c,0x0065db894215ca00)}, + {FIELD_LITERAL(0x00a925036e0a451c,0x002a0390c36b6cc1,0x00f27020d90894f4,0x008d90d52cbd3d7f,0x00e1d0137392f3b8,0x00f017c158b51a8f,0x00cac313d3ed7dbc,0x00b99a81e3eb42d3)}, + }}, {{ + {FIELD_LITERAL(0x00b54850275fe626,0x0053a3fd1ec71140,0x00e3d2d7dbe096fa,0x00e4ac7b595cce4c,0x0077bad449c0a494,0x00b7c98814afd5b3,0x0057226f58486cf9,0x00b1557154f0cc57)}, + {FIELD_LITERAL(0x008cc9cd236315c0,0x0031d9c5b39fda54,0x00a5713ef37e1171,0x00293d5ae2886325,0x00c4aba3e05015e1,0x0003f35ef78e4fc6,0x0039d6bd3ac1527b,0x0019d7c3afb77106)}, + {FIELD_LITERAL(0x007b162931a985af,0x00ad40a2e0daa713,0x006df27c4009f118,0x00503e9f4e2e8bec,0x00751a77c82c182d,0x000298937769245b,0x00ffb1e8fabf9ee5,0x0008334706e09abe)}, + }}, {{ + {FIELD_LITERAL(0x00dbca4e98a7dcd9,0x00ee29cfc78bde99,0x00e4a3b6995f52e9,0x0045d70189ae8096,0x00fd2a8a3b9b0d1b,0x00af1793b107d8e1,0x00dbf92cbe4afa20,0x00da60f798e3681d)}, + {FIELD_LITERAL(0x004246bfcecc627a,0x004ba431246c03a4,0x00bd1d101872d497,0x003b73d3f185ee16,0x001feb2e2678c0e3,0x00ff13c5a89dec76,0x00ed06042e771d8f,0x00a4fd2a897a83dd)}, + {FIELD_LITERAL(0x009a4a3be50d6597,0x00de3165fc5a1096,0x004f3f56e345b0c7,0x00f7bf721d5ab8bc,0x004313e47b098c50,0x00e4c7d5c0e1adbb,0x002e3e3db365051e,0x00a480c2cd6a96fb)}, + }}, {{ + {FIELD_LITERAL(0x00417fa30a7119ed,0x00af257758419751,0x00d358a487b463d4,0x0089703cc720b00d,0x00ce56314ff7f271,0x0064db171ade62c1,0x00640b36d4a22fed,0x00424eb88696d23f)}, + {FIELD_LITERAL(0x004ede34af2813f3,0x00d4a8e11c9e8216,0x004796d5041de8a5,0x00c4c6b4d21cc987,0x00e8a433ee07fa1e,0x0055720b5abcc5a1,0x008873ea9c74b080,0x005b3fec1ab65d48)}, + {FIELD_LITERAL(0x0047e5277db70ec5,0x000a096c66db7d6b,0x00b4164cc1730159,0x004a9f783fe720fe,0x00a8177b94449dbc,0x0095a24ff49a599f,0x0069c1c578250cbc,0x00452019213debf4)}, + }}, {{ + {FIELD_LITERAL(0x0021ce99e09ebda3,0x00fcbd9f91875ad0,0x009bbf6b7b7a0b5f,0x00388886a69b1940,0x00926a56d0f81f12,0x00e12903c3358d46,0x005dfce4e8e1ce9d,0x0044cfa94e2f7e23)}, + {FIELD_LITERAL(0x001bd59c09e982ea,0x00f72daeb937b289,0x0018b76dca908e0e,0x00edb498512384ad,0x00ce0243b6cc9538,0x00f96ff690cb4e70,0x007c77bf9f673c8d,0x005bf704c088a528)}, + {FIELD_LITERAL(0x0093d4628dcb33be,0x0095263d51d42582,0x0049b3222458fe06,0x00e7fce73b653a7f,0x003ca2ebce60b369,0x00c5de239a32bea4,0x0063b8b3d71fb6bf,0x0039aeeb78a1a839)}, + }}, {{ + {FIELD_LITERAL(0x007dc52da400336c,0x001fded1e15b9457,0x00902e00f5568e3a,0x00219bef40456d2d,0x005684161fb3dbc9,0x004a4e9be49a76ea,0x006e685ae88b78ff,0x0021c42f13042d3c)}, + {FIELD_LITERAL(0x00fb22bb5fd3ce50,0x0017b48aada7ae54,0x00fd5c44ad19a536,0x000ccc4e4e55e45c,0x00fd637d45b4c3f5,0x0038914e023c37cf,0x00ac1881d6a8d898,0x00611ed8d3d943a8)}, + {FIELD_LITERAL(0x0056e2259d113d2b,0x00594819b284ec16,0x00c7bf794bb36696,0x00721ee75097cdc6,0x00f71be9047a2892,0x00df6ba142564edf,0x0069580b7a184e8d,0x00f056e38fca0fee)}, + }}, {{ + {FIELD_LITERAL(0x009df98566a18c6d,0x00cf3a200968f219,0x0044ba60da6d9086,0x00dbc9c0e344da03,0x000f9401c4466855,0x00d46a57c5b0a8d1,0x00875a635d7ac7c6,0x00ef4a933b7e0ae6)}, + {FIELD_LITERAL(0x005e8694077a1535,0x008bef75f71c8f1d,0x000a7c1316423511,0x00906e1d70604320,0x003fc46c1a2ffbd6,0x00d1d5022e68f360,0x002515fba37bbf46,0x00ca16234e023b44)}, + {FIELD_LITERAL(0x00787c99561f4690,0x00a857a8c1561f27,0x00a10df9223c09fe,0x00b98a9562e3b154,0x004330b8744c3ed2,0x00e06812807ec5c4,0x00e4cf6a7db9f1e3,0x00d95b089f132a34)}, + }}, {{ + {FIELD_LITERAL(0x002922b39ca33eec,0x0090d12a5f3ab194,0x00ab60c02fb5f8ed,0x00188d292abba1cf,0x00e10edec9698f6e,0x0069a4d9934133c8,0x0024aac40e6d3d06,0x001702c2177661b0)}, + {FIELD_LITERAL(0x00139078397030bd,0x000e3c447e859a00,0x0064a5b334c82393,0x00b8aabeb7358093,0x00020778bb9ae73b,0x0032ee94c7892a18,0x008215253cb41bda,0x005e2797593517ae)}, + {FIELD_LITERAL(0x0083765a5f855d4a,0x0051b6d1351b8ee2,0x00116de548b0f7bb,0x0087bd88703affa0,0x0095b2cc34d7fdd2,0x0084cd81b53f0bc8,0x008562fc995350ed,0x00a39abb193651e3)}, + }}, {{ + {FIELD_LITERAL(0x0019e23f0474b114,0x00eb94c2ad3b437e,0x006ddb34683b75ac,0x00391f9209b564c6,0x00083b3bb3bff7aa,0x00eedcd0f6dceefc,0x00b50817f794fe01,0x0036474deaaa75c9)}, + {FIELD_LITERAL(0x0091868594265aa2,0x00797accae98ca6d,0x0008d8c5f0f8a184,0x00d1f4f1c2b2fe6e,0x0036783dfb48a006,0x008c165120503527,0x0025fd780058ce9b,0x0068beb007be7d27)}, + {FIELD_LITERAL(0x00d0ff88aa7c90c2,0x00b2c60dacf53394,0x0094a7284d9666d6,0x00bed9022ce7a19d,0x00c51553f0cd7682,0x00c3fb870b124992,0x008d0bc539956c9b,0x00fc8cf258bb8885)}, + }}, {{ + {FIELD_LITERAL(0x003667bf998406f8,0x0000115c43a12975,0x001e662f3b20e8fd,0x0019ffa534cb24eb,0x00016be0dc8efb45,0x00ff76a8b26243f5,0x00ae20d241a541e3,0x0069bd6af13cd430)}, + {FIELD_LITERAL(0x0045fdc16487cda3,0x00b2d8e844cf2ed7,0x00612c50e88c1607,0x00a08aabc66c1672,0x006031fdcbb24d97,0x001b639525744b93,0x004409d62639ab17,0x00a1853d0347ab1d)}, + {FIELD_LITERAL(0x0075a1a56ebf5c21,0x00a3e72be9ac53ed,0x00efcde1629170c2,0x0004225fe91ef535,0x0088049fc73dfda7,0x004abc74857e1288,0x0024e2434657317c,0x00d98cb3d3e5543c)}, + }}, {{ + {FIELD_LITERAL(0x00b4b53eab6bdb19,0x009b22d8b43711d0,0x00d948b9d961785d,0x00cb167b6f279ead,0x00191de3a678e1c9,0x00d9dd9511095c2e,0x00f284324cd43067,0x00ed74fa535151dd)}, + {FIELD_LITERAL(0x007e32c049b5c477,0x009d2bfdbd9bcfd8,0x00636e93045938c6,0x007fde4af7687298,0x0046a5184fafa5d3,0x0079b1e7f13a359b,0x00875adf1fb927d6,0x00333e21c61bcad2)}, + {FIELD_LITERAL(0x00048014f73d8b8d,0x0075684aa0966388,0x0092be7df06dc47c,0x0097cebcd0f5568a,0x005a7004d9c4c6a9,0x00b0ecbb659924c7,0x00d90332dd492a7c,0x0057fc14df11493d)}, + }}, {{ + {FIELD_LITERAL(0x0008ed8ea0ad95be,0x0041d324b9709645,0x00e25412257a19b4,0x0058df9f3423d8d2,0x00a9ab20def71304,0x009ae0dbf8ac4a81,0x00c9565977e4392a,0x003c9269444baf55)}, + {FIELD_LITERAL(0x007df6cbb926830b,0x00d336058ae37865,0x007af47dac696423,0x0048d3011ec64ac8,0x006b87666e40049f,0x0036a2e0e51303d7,0x00ba319bd79dbc55,0x003e2737ecc94f53)}, + {FIELD_LITERAL(0x00d296ff726272d9,0x00f6d097928fcf57,0x00e0e616a55d7013,0x00deaf454ed9eac7,0x0073a56bedef4d92,0x006ccfdf6fc92e19,0x009d1ee1371a7218,0x00ee3c2ee4462d80)}, + }}, {{ + {FIELD_LITERAL(0x00437bce9bccdf9d,0x00e0c8e2f85dc0a3,0x00c91a7073995a19,0x00856ec9fe294559,0x009e4b33394b156e,0x00e245b0dc497e5c,0x006a54e687eeaeff,0x00f1cd1cd00fdb7c)}, + {FIELD_LITERAL(0x008132ae5c5d8cd1,0x00121d68324a1d9f,0x00d6be9dafcb8c76,0x00684d9070edf745,0x00519fbc96d7448e,0x00388182fdc1f27e,0x000235baed41f158,0x00bf6cf6f1a1796a)}, + {FIELD_LITERAL(0x002adc4b4d148219,0x003084ada0d3a90a,0x0046de8aab0f2e4e,0x00452d342a67b5fd,0x00d4b50f01d4de21,0x00db6d9fc0cefb79,0x008c184c86a462cd,0x00e17c83764d42da)}, + }}, {{ + {FIELD_LITERAL(0x007b2743b9a1e01a,0x007847ffd42688c4,0x006c7844d610a316,0x00f0cb8b250aa4b0,0x00a19060143b3ae6,0x0014eb10b77cfd80,0x000170905729dd06,0x00063b5b9cd72477)}, + {FIELD_LITERAL(0x00ce382dc7993d92,0x00021153e938b4c8,0x00096f7567f48f51,0x0058f81ddfe4b0d5,0x00cc379a56b355c7,0x002c760770d3e819,0x00ee22d1d26e5a40,0x00de6d93d5b082d7)}, + {FIELD_LITERAL(0x000a91a42c52e056,0x00185f6b77fce7ea,0x000803c51962f6b5,0x0022528582ba563d,0x0043f8040e9856d6,0x0085a29ec81fb860,0x005f9a611549f5ff,0x00c1f974ecbd4b06)}, + }}, {{ + {FIELD_LITERAL(0x005b64c6fd65ec97,0x00c1fdd7f877bc7f,0x000d9cc6c89f841c,0x005c97b7f1aff9ad,0x0075e3c61475d47e,0x001ecb1ba8153011,0x00fe7f1c8d71d40d,0x003fa9757a229832)}, + {FIELD_LITERAL(0x00ffc5c89d2b0cba,0x00d363d42e3e6fc3,0x0019a1a0118e2e8a,0x00f7baeff48882e1,0x001bd5af28c6b514,0x0055476ca2253cb2,0x00d8eb1977e2ddf3,0x00b173b1adb228a1)}, + {FIELD_LITERAL(0x00f2cb99dd0ad707,0x00e1e08b6859ddd8,0x000008f2d0650bcc,0x00d7ed392f8615c3,0x00976750a94da27f,0x003e83bb0ecb69ba,0x00df8e8d15c14ac6,0x00f9f7174295d9c2)}, + }}, {{ + {FIELD_LITERAL(0x00f11cc8e0e70bcb,0x00e5dc689974e7dd,0x0014e409f9ee5870,0x00826e6689acbd63,0x008a6f4e3d895d88,0x00b26a8da41fd4ad,0x000fb7723f83efd7,0x009c749db0a5f6c3)}, + {FIELD_LITERAL(0x002389319450f9ba,0x003677f31aa1250a,0x0092c3db642f38cb,0x00f8b64c0dfc9773,0x00cd49fe3505b795,0x0068105a4090a510,0x00df0ba2072a8bb6,0x00eb396143afd8be)}, + {FIELD_LITERAL(0x00a0d4ecfb24cdff,0x00ddaf8008ba6479,0x00f0b3e36d4b0f44,0x003734bd3af1f146,0x00b87e2efc75527e,0x00d230df55ddab50,0x002613257ae56c1d,0x00bc0946d135934d)}, + }}, {{ + {FIELD_LITERAL(0x00468711bd994651,0x0033108fa67561bf,0x0089d760192a54b4,0x00adc433de9f1871,0x000467d05f36e050,0x007847e0f0579f7f,0x00a2314ad320052d,0x00b3a93649f0b243)}, + {FIELD_LITERAL(0x0067f8f0c4fe26c9,0x0079c4a3cc8f67b9,0x0082b1e62f23550d,0x00f2d409caefd7f5,0x0080e67dcdb26e81,0x0087ae993ea1f98a,0x00aa108becf61d03,0x001acf11efb608a3)}, + {FIELD_LITERAL(0x008225febbab50d9,0x00f3b605e4dd2083,0x00a32b28189e23d2,0x00d507e5e5eb4c97,0x005a1a84e302821f,0x0006f54c1c5f08c7,0x00a347c8cb2843f0,0x0009f73e9544bfa5)}, + }}, {{ + {FIELD_LITERAL(0x006c59c9ae744185,0x009fc32f1b4282cd,0x004d6348ca59b1ac,0x00105376881be067,0x00af4096013147dc,0x004abfb5a5cb3124,0x000d2a7f8626c354,0x009c6ed568e07431)}, + {FIELD_LITERAL(0x00e828333c297f8b,0x009ef3cf8c3f7e1f,0x00ab45f8fff31cb9,0x00c8b4178cb0b013,0x00d0c50dd3260a3f,0x0097126ac257f5bc,0x0042376cc90c705a,0x001d96fdb4a1071e)}, + {FIELD_LITERAL(0x00542d44d89ee1a8,0x00306642e0442d98,0x0090853872b87338,0x002362cbf22dc044,0x002c222adff663b8,0x0067c924495fcb79,0x000e621d983c977c,0x00df77a9eccb66fb)}, + }}, {{ + {FIELD_LITERAL(0x002809e4bbf1814a,0x00b9e854f9fafb32,0x00d35e67c10f7a67,0x008f1bcb76e748cf,0x004224d9515687d2,0x005ba0b774e620c4,0x00b5e57db5d54119,0x00e15babe5683282)}, + {FIELD_LITERAL(0x00832d02369b482c,0x00cba52ff0d93450,0x003fa9c908d554db,0x008d1e357b54122f,0x00abd91c2dc950c6,0x007eff1df4c0ec69,0x003f6aeb13fb2d31,0x00002d6179fc5b2c)}, + {FIELD_LITERAL(0x0046c9eda81c9c89,0x00b60cb71c8f62fc,0x0022f5a683baa558,0x00f87319fccdf997,0x009ca09b51ce6a22,0x005b12baf4af7d77,0x008a46524a1e33e2,0x00035a77e988be0d)}, + }}, {{ + {FIELD_LITERAL(0x00a7efe46a7dbe2f,0x002f66fd55014fe7,0x006a428afa1ff026,0x0056caaa9604ab72,0x0033f3bcd7fac8ae,0x00ccb1aa01c86764,0x00158d1edf13bf40,0x009848ee76fcf3b4)}, + {FIELD_LITERAL(0x00a9e7730a819691,0x00d9cc73c4992b70,0x00e299bde067de5a,0x008c314eb705192a,0x00e7226f17e8a3cc,0x0029dfd956e65a47,0x0053a8e839073b12,0x006f942b2ab1597e)}, + {FIELD_LITERAL(0x001c3d780ecd5e39,0x0094f247fbdcc5fe,0x00d5c786fd527764,0x00b6f4da74f0db2a,0x0080f1f8badcd5fc,0x00f36a373ad2e23b,0x00f804f9f4343bf2,0x00d1af40ec623982)}, + }}, {{ + {FIELD_LITERAL(0x0082aeace5f1b144,0x00f68b3108cf4dd3,0x00634af01dde3020,0x000beab5df5c2355,0x00e8b790d1b49b0b,0x00e48d15854e36f4,0x0040ab2d95f3db9f,0x002711c4ed9e899a)}, + {FIELD_LITERAL(0x0039343746531ebe,0x00c8509d835d429d,0x00e79eceff6b0018,0x004abfd31e8efce5,0x007bbfaaa1e20210,0x00e3be89c193e179,0x001c420f4c31d585,0x00f414a315bef5ae)}, + {FIELD_LITERAL(0x007c296a24990df8,0x00d5d07525a75588,0x00dd8e113e94b7e7,0x007bbc58febe0cc8,0x0029f51af9bfcad3,0x007e9311ec7ab6f3,0x009a884de1676343,0x0050d5f2dce84be9)}, + }}, {{ + {FIELD_LITERAL(0x005fa020cca2450a,0x00491c29db6416d8,0x0037cefe3f9f9a85,0x003d405230647066,0x0049e835f0fdbe89,0x00feb78ac1a0815c,0x00828e4b32dc9724,0x00db84f2dc8d6fd4)}, + {FIELD_LITERAL(0x0098cddc8b39549a,0x006da37e3b05d22c,0x00ce633cfd4eb3cb,0x00fda288ef526acd,0x0025338878c5d30a,0x00f34438c4e5a1b4,0x00584efea7c310f1,0x0041a551f1b660ad)}, + {FIELD_LITERAL(0x00d7f7a8fbd6437a,0x0062872413bf3753,0x00ad4bbcb43c584b,0x007fe49be601d7e3,0x0077c659789babf4,0x00eb45fcb06a741b,0x005ce244913f9708,0x0088426401736326)}, + }}, {{ + {FIELD_LITERAL(0x007bf562ca768d7c,0x006c1f3a174e387c,0x00f024b447fee939,0x007e7af75f01143f,0x003adb70b4eed89d,0x00e43544021ad79a,0x0091f7f7042011f6,0x0093c1a1ee3a0ddc)}, + {FIELD_LITERAL(0x00a0b68ec1eb72d2,0x002c03235c0d45a0,0x00553627323fe8c5,0x006186e94b17af94,0x00a9906196e29f14,0x0025b3aee6567733,0x007e0dd840080517,0x0018eb5801a4ba93)}, + {FIELD_LITERAL(0x00d7fe7017bf6a40,0x006e3f0624be0c42,0x00ffbba205358245,0x00f9fc2cf8194239,0x008d93b37bf15b4e,0x006ddf2e38be8e95,0x002b6e79bf5fcff9,0x00ab355da425e2de)}, + }}, {{ + {FIELD_LITERAL(0x00938f97e20be973,0x0099141a36aaf306,0x0057b0ca29e545a1,0x0085db571f9fbc13,0x008b333c554b4693,0x0043ab6ef3e241cb,0x0054fb20aa1e5c70,0x00be0ff852760adf)}, + {FIELD_LITERAL(0x003973d8938971d6,0x002aca26fa80c1f5,0x00108af1faa6b513,0x00daae275d7924e6,0x0053634ced721308,0x00d2355fe0bbd443,0x00357612b2d22095,0x00f9bb9dd4136cf3)}, + {FIELD_LITERAL(0x002bff12cf5e03a5,0x001bdb1fa8a19cf8,0x00c91c6793f84d39,0x00f869f1b2eba9af,0x0059bc547dc3236b,0x00d91611d6d38689,0x00e062daaa2c0214,0x00ed3c047cc2bc82)}, + }}, {{ + {FIELD_LITERAL(0x000050d70c32b31a,0x001939d576d437b3,0x00d709e598bf9fe6,0x00a885b34bd2ee9e,0x00dd4b5c08ab1a50,0x0091bebd50b55639,0x00cf79ff64acdbc6,0x006067a39d826336)}, + {FIELD_LITERAL(0x0062dd0fb31be374,0x00fcc96b84c8e727,0x003f64f1375e6ae3,0x0057d9b6dd1af004,0x00d6a167b1103c7b,0x00dd28f3180fb537,0x004ff27ad7167128,0x008934c33461f2ac)}, + {FIELD_LITERAL(0x0065b472b7900043,0x00ba7efd2ff1064b,0x000b67d6c4c3020f,0x0012d28469f4e46d,0x0031c32939703ec7,0x00b49f0bce133066,0x00f7e10416181d47,0x005c90f51867eecc)}, + }}, {{ + {FIELD_LITERAL(0x0051207abd179101,0x00fc2a5c20d9c5da,0x00fb9d5f2701b6df,0x002dd040fdea82b8,0x00f163b0738442ff,0x00d9736bd68855b8,0x00e0d8e93005e61c,0x00df5a40b3988570)}, + {FIELD_LITERAL(0x0006918f5dfce6dc,0x00d4bf1c793c57fb,0x0069a3f649435364,0x00e89a50e5b0cd6e,0x00b9f6a237e973af,0x006d4ed8b104e41d,0x00498946a3924cd2,0x00c136ec5ac9d4f7)}, + {FIELD_LITERAL(0x0011a9c290ac5336,0x002b9a2d4a6a6533,0x009a8a68c445d937,0x00361b27b07e5e5c,0x003c043b1755b974,0x00b7eb66cf1155ee,0x0077af5909eefff2,0x0098f609877cc806)}, + }}, {{ + {FIELD_LITERAL(0x00ab13af436bf8f4,0x000bcf0a0dac8574,0x00d50c864f705045,0x00c40e611debc842,0x0085010489bd5caa,0x007c5050acec026f,0x00f67d943c8da6d1,0x00de1da0278074c6)}, + {FIELD_LITERAL(0x00b373076597455f,0x00e83f1af53ac0f5,0x0041f63c01dc6840,0x0097dea19b0c6f4b,0x007f9d63b4c1572c,0x00e692d492d0f5f0,0x00cbcb392e83b4ad,0x0069c0f39ed9b1a8)}, + {FIELD_LITERAL(0x00861030012707c9,0x009fbbdc7fd4aafb,0x008f591d6b554822,0x00df08a41ea18ade,0x009d7d83e642abea,0x0098c71bda3b78ff,0x0022c89e7021f005,0x0044d29a3fe1e3c4)}, + }}, {{ + {FIELD_LITERAL(0x00e748cd7b5c52f2,0x00ea9df883f89cc3,0x0018970df156b6c7,0x00c5a46c2a33a847,0x00cbde395e32aa09,0x0072474ebb423140,0x00fb00053086a23d,0x001dafcfe22d4e1f)}, + {FIELD_LITERAL(0x00c903ee6d825540,0x00add6c4cf98473e,0x007636efed4227f1,0x00905124ae55e772,0x00e6b38fab12ed53,0x0045e132b863fe55,0x003974662edb366a,0x00b1787052be8208)}, + {FIELD_LITERAL(0x00a614b00d775c7c,0x00d7c78941cc7754,0x00422dd68b5dabc4,0x00a6110f0167d28b,0x00685a309c252886,0x00b439ffd5143660,0x003656e29ee7396f,0x00c7c9b9ed5ad854)}, + }}, {{ + {FIELD_LITERAL(0x0040f7e7c5b37bf2,0x0064e4dc81181bba,0x00a8767ae2a366b6,0x001496b4f90546f2,0x002a28493f860441,0x0021f59513049a3a,0x00852d369a8b7ee3,0x00dd2e7d8b7d30a9)}, + {FIELD_LITERAL(0x00006e34a35d9fbc,0x00eee4e48b2f019a,0x006b344743003a5f,0x00541d514f04a7e3,0x00e81f9ee7647455,0x005e2b916c438f81,0x00116f8137b7eff0,0x009bd3decc7039d1)}, + {FIELD_LITERAL(0x0005d226f434110d,0x00af8288b8ef21d5,0x004a7a52ef181c8c,0x00be0b781b4b06de,0x00e6e3627ded07e1,0x00e43aa342272b8b,0x00e86ab424577d84,0x00fb292c566e35bb)}, + }}, {{ + {FIELD_LITERAL(0x00334f5303ea1222,0x00dfb3dbeb0a5d3e,0x002940d9592335c1,0x00706a7a63e8938a,0x005a533558bc4caf,0x00558e33192022a9,0x00970d9faf74c133,0x002979fcb63493ca)}, + {FIELD_LITERAL(0x00e38abece3c82ab,0x005a51f18a2c7a86,0x009dafa2e86d592e,0x00495a62eb688678,0x00b79df74c0eb212,0x0023e8cc78b75982,0x005998cb91075e13,0x00735aa9ba61bc76)}, + {FIELD_LITERAL(0x00d9f7a82ddbe628,0x00a1fc782889ae0f,0x0071ffda12d14b66,0x0037cf4eca7fb3d5,0x00c80bc242c58808,0x0075bf8c2d08c863,0x008d41f31afc52a7,0x00197962ecf38741)}, + }}, {{ + {FIELD_LITERAL(0x006e9f475cccf2ee,0x00454b9cd506430c,0x00224a4fb79ee479,0x0062e3347ef0b5e2,0x0034fd2a3512232a,0x00b8b3cb0f457046,0x00eb20165daa38ec,0x00128eebc2d9c0f7)}, + {FIELD_LITERAL(0x00bfc5fa1e4ea21f,0x00c21d7b6bb892e6,0x00cf043f3acf0291,0x00c13f2f849b3c90,0x00d1a97ebef10891,0x0061e130a445e7fe,0x0019513fdedbf22b,0x001d60c813bff841)}, + {FIELD_LITERAL(0x0019561c7fcf0213,0x00e3dca6843ebd77,0x0068ea95b9ca920e,0x009bdfb70f253595,0x00c68f59186aa02a,0x005aee1cca1c3039,0x00ab79a8a937a1ce,0x00b9a0e549959e6f)}, + }}, {{ + {FIELD_LITERAL(0x00c79e0b6d97dfbd,0x00917c71fd2bc6e8,0x00db7529ccfb63d8,0x00be5be957f17866,0x00a9e11fdc2cdac1,0x007b91a8e1f44443,0x00a3065e4057d80f,0x004825f5b8d5f6d4)}, + {FIELD_LITERAL(0x003e4964fa8a8fc8,0x00f6a1cdbcf41689,0x00943cb18fe7fda7,0x00606dafbf34440a,0x005d37a86399c789,0x00e79a2a69417403,0x00fe34f7e68b8866,0x0011f448ed2df10e)}, + {FIELD_LITERAL(0x00f1f57efcc1fcc4,0x00513679117de154,0x002e5b5b7c86d8c3,0x009f6486561f9cfb,0x00169e74b0170cf7,0x00900205af4af696,0x006acfddb77853f3,0x00df184c90f31068)}, + }}, {{ + {FIELD_LITERAL(0x00b37396c3320791,0x00fc7b67175c5783,0x00c36d2cd73ecc38,0x0080ebcc0b328fc5,0x0043a5b22b35d35d,0x00466c9f1713c9da,0x0026ad346dcaa8da,0x007c684e701183a6)}, + {FIELD_LITERAL(0x00fd579ffb691713,0x00b76af4f81c412d,0x00f239de96110f82,0x00e965fb437f0306,0x00ca7e9436900921,0x00e487f1325fa24a,0x00633907de476380,0x00721c62ac5b8ea0)}, + {FIELD_LITERAL(0x00c0d54e542eb4f9,0x004ed657171c8dcf,0x00b743a4f7c2a39b,0x00fd9f93ed6cc567,0x00307fae3113e58b,0x0058aa577c93c319,0x00d254556f35b346,0x00491aada2203f0d)}, + }}, {{ + {FIELD_LITERAL(0x00dff3103786ff34,0x000144553b1f20c3,0x0095613baeb930e4,0x00098058275ea5d4,0x007cd1402b046756,0x0074d74e4d58aee3,0x005f93fc343ff69b,0x00873df17296b3b0)}, + {FIELD_LITERAL(0x00c4a1fb48635413,0x00b5dd54423ad59f,0x009ff5d53fd24a88,0x003c98d267fc06a7,0x002db7cb20013641,0x00bd1d6716e191f2,0x006dbc8b29094241,0x0044bbf233dafa2c)}, + {FIELD_LITERAL(0x0055838d41f531e6,0x00bf6a2dd03c81b2,0x005827a061c4839e,0x0000de2cbb36aac3,0x002efa29d9717478,0x00f9e928cc8a77ba,0x00c134b458def9ef,0x00958a182223fc48)}, + }}, {{ + {FIELD_LITERAL(0x000a9ee23c06881f,0x002c727d3d871945,0x00f47d971512d24a,0x00671e816f9ef31a,0x00883af2cfaad673,0x00601f98583d6c9a,0x00b435f5adc79655,0x00ad87b71c04bff2)}, + {FIELD_LITERAL(0x007860d99db787cf,0x00fda8983018f4a8,0x008c8866bac4743c,0x00ef471f84c82a3f,0x00abea5976d3b8e7,0x00714882896cd015,0x00b49fae584ddac5,0x008e33a1a0b69c81)}, + {FIELD_LITERAL(0x007b6ee2c9e8a9ec,0x002455dbbd89d622,0x006490cf4eaab038,0x00d925f6c3081561,0x00153b3047de7382,0x003b421f8bdceb6f,0x00761a4a5049da78,0x00980348c5202433)}, + }}, {{ + {FIELD_LITERAL(0x007f8a43da97dd5c,0x00058539c800fc7b,0x0040f3cf5a28414a,0x00d68dd0d95283d6,0x004adce9da90146e,0x00befa41c7d4f908,0x007603bc2e3c3060,0x00bdf360ab3545db)}, + {FIELD_LITERAL(0x00eebfd4e2312cc3,0x00474b2564e4fc8c,0x003303ef14b1da9b,0x003c93e0e66beb1d,0x0013619b0566925a,0x008817c24d901bf3,0x00b62bd8898d218b,0x0075a7716f1e88a2)}, + {FIELD_LITERAL(0x0009218da1e6890f,0x0026907f5fd02575,0x004dabed5f19d605,0x003abf181870249d,0x00b52fd048cc92c4,0x00b6dd51e415a5c5,0x00d9eb82bd2b4014,0x002c865a43b46b43)}, + }}, {{ + {FIELD_LITERAL(0x0070047189452f4c,0x00f7ad12e1ce78d5,0x00af1ba51ec44a8b,0x005f39f63e667cd6,0x00058eac4648425e,0x00d7fdab42bea03b,0x0028576a5688de15,0x00af973209e77c10)}, + {FIELD_LITERAL(0x00c338b915d8fef0,0x00a893292045c39a,0x0028ab4f2eba6887,0x0060743cb519fd61,0x0006213964093ac0,0x007c0b7a43f6266d,0x008e3557c4fa5bda,0x002da976de7b8d9d)}, + {FIELD_LITERAL(0x0048729f8a8b6dcd,0x00fe23b85cc4d323,0x00e7384d16e4db0e,0x004a423970678942,0x00ec0b763345d4ba,0x00c477b9f99ed721,0x00c29dad3777b230,0x001c517b466f7df6)}, + }}, {{ + {FIELD_LITERAL(0x006366c380f7b574,0x001c7d1f09ff0438,0x003e20a7301f5b22,0x00d3efb1916d28f6,0x0049f4f81060ce83,0x00c69d91ea43ced1,0x002b6f3e5cd269ed,0x005b0fb22ce9ec65)}, + {FIELD_LITERAL(0x00aa2261022d883f,0x00ebcca4548010ac,0x002528512e28a437,0x0070ca7676b66082,0x0084bda170f7c6d3,0x00581b4747c9b8bb,0x005c96a01061c7e2,0x00fb7c4a362b5273)}, + {FIELD_LITERAL(0x00c30020eb512d02,0x0060f288283a4d26,0x00b7ed13becde260,0x0075ebb74220f6e9,0x00701079fcfe8a1f,0x001c28fcdff58938,0x002e4544b8f4df6b,0x0060c5bc4f1a7d73)}, + }}, {{ + {FIELD_LITERAL(0x00ae307cf069f701,0x005859f222dd618b,0x00212d6c46ec0b0d,0x00a0fe4642afb62d,0x00420d8e4a0a8903,0x00a80ff639bdf7b0,0x0019bee1490b5d8e,0x007439e4b9c27a86)}, + {FIELD_LITERAL(0x00a94700032a093f,0x0076e96c225216e7,0x00a63a4316e45f91,0x007d8bbb4645d3b2,0x00340a6ff22793eb,0x006f935d4572aeb7,0x00b1fb69f00afa28,0x009e8f3423161ed3)}, + {FIELD_LITERAL(0x009ef49c6b5ced17,0x00a555e6269e9f0a,0x007e6f1d79ec73b5,0x009ac78695a32ac4,0x0001d77fbbcd5682,0x008cea1fee0aaeed,0x00f42bea82a53462,0x002e46ab96cafcc9)}, + }}, {{ + {FIELD_LITERAL(0x0051cfcc5885377a,0x00dce566cb1803ca,0x00430c7643f2c7d4,0x00dce1a1337bdcc0,0x0010d5bd7283c128,0x003b1b547f9b46fe,0x000f245e37e770ab,0x007b72511f022b37)}, + {FIELD_LITERAL(0x0060db815bc4786c,0x006fab25beedc434,0x00c610d06084797c,0x000c48f08537bec0,0x0031aba51c5b93da,0x007968fa6e01f347,0x0030070da52840c6,0x00c043c225a4837f)}, + {FIELD_LITERAL(0x001bcfd00649ee93,0x006dceb47e2a0fd5,0x00f2cebda0cf8fd0,0x00b6b9d9d1fbdec3,0x00815262e6490611,0x00ef7f5ce3176760,0x00e49cd0c998d58b,0x005fc6cc269ba57c)}, + }}, {{ + {FIELD_LITERAL(0x008940211aa0d633,0x00addae28136571d,0x00d68fdbba20d673,0x003bc6129bc9e21a,0x000346cf184ebe9a,0x0068774d741ebc7f,0x0019d5e9e6966557,0x0003cbd7f981b651)}, + {FIELD_LITERAL(0x004a2902926f8d3f,0x00ad79b42637ab75,0x0088f60b90f2d4e8,0x0030f54ef0e398c4,0x00021dc9bf99681e,0x007ebf66fde74ee3,0x004ade654386e9a4,0x00e7485066be4c27)}, + {FIELD_LITERAL(0x00445f1263983be0,0x004cf371dda45e6a,0x00744a89d5a310e7,0x001f20ce4f904833,0x00e746edebe66e29,0x000912ab1f6c153d,0x00f61d77d9b2444c,0x0001499cd6647610)}, + }} + } +}; +const struct curve448_precomputed_s *curve448_precomputed_base + = &curve448_precomputed_base_table; + +static const niels_t curve448_wnaf_base_table[32] = { + {{ + {FIELD_LITERAL(0x00303cda6feea532,0x00860f1d5a3850e4,0x00226b9fa4728ccd,0x00e822938a0a0c0c,0x00263a61c9ea9216,0x001204029321b828,0x006a468360983c65,0x0002846f0a782143)}, + {FIELD_LITERAL(0x00303cda6feea532,0x00860f1d5a3850e4,0x00226b9fa4728ccd,0x006822938a0a0c0c,0x00263a61c9ea9215,0x001204029321b828,0x006a468360983c65,0x0082846f0a782143)}, + {FIELD_LITERAL(0x00ef8e22b275198d,0x00b0eb141a0b0e8b,0x001f6789da3cb38c,0x006d2ff8ed39073e,0x00610bdb69a167f3,0x00571f306c9689b4,0x00f557e6f84b2df8,0x002affd38b2c86db)}, + }}, {{ + {FIELD_LITERAL(0x00cea0fc8d2e88b5,0x00821612d69f1862,0x0074c283b3e67522,0x005a195ba05a876d,0x000cddfe557feea4,0x008046c795bcc5e5,0x00540969f4d6e119,0x00d27f96d6b143d5)}, + {FIELD_LITERAL(0x000c3b1019d474e8,0x00e19533e4952284,0x00cc9810ba7c920a,0x00f103d2785945ac,0x00bfa5696cc69b34,0x00a8d3d51e9ca839,0x005623cb459586b9,0x00eae7ce1cd52e9e)}, + {FIELD_LITERAL(0x0005a178751dd7d8,0x002cc3844c69c42f,0x00acbfe5efe10539,0x009c20f43431a65a,0x008435d96374a7b3,0x009ee57566877bd3,0x0044691725ed4757,0x001e87bb2fe2c6b2)}, + }}, {{ + {FIELD_LITERAL(0x000cedc4debf7a04,0x002ffa45000470ac,0x002e9f9678201915,0x0017da1208c4fe72,0x007d558cc7d656cb,0x0037a827287cf289,0x00142472d3441819,0x009c21f166cf8dd1)}, + {FIELD_LITERAL(0x003ef83af164b2f2,0x000949a5a0525d0d,0x00f4498186cac051,0x00e77ac09ef126d2,0x0073ae0b2c9296e9,0x001c163f6922e3ed,0x0062946159321bea,0x00cfb79b22990b39)}, + {FIELD_LITERAL(0x00b001431ca9e654,0x002d7e5eabcc9a3a,0x0052e8114c2f6747,0x0079ac4f94487f92,0x00bffd919b5d749c,0x00261f92ad15e620,0x00718397b7a97895,0x00c1443e6ebbc0c4)}, + }}, {{ + {FIELD_LITERAL(0x00eacd90c1e0a049,0x008977935b149fbe,0x0004cb9ba11c93dc,0x009fbd5b3470844d,0x004bc18c9bfc22cf,0x0057679a991839f3,0x00ef15b76fb4092e,0x0074a5173a225041)}, + {FIELD_LITERAL(0x003f5f9d7ec4777b,0x00ab2e733c919c94,0x001bb6c035245ae5,0x00a325a49a883630,0x0033e9a9ea3cea2f,0x00e442a1eaa0e844,0x00b2116d5b0e71b8,0x00c16abed6d64047)}, + {FIELD_LITERAL(0x00c560b5ed051165,0x001945adc5d65094,0x00e221865710f910,0x00cc12bc9e9b8ceb,0x004faa9518914e35,0x0017476d89d42f6d,0x00b8f637c8fa1c8b,0x0088c7d2790864b8)}, + }}, {{ + {FIELD_LITERAL(0x00ef7eafc1c69be6,0x0085d3855778fbea,0x002c8d5b450cb6f5,0x004e77de5e1e7fec,0x0047c057893abded,0x001b430b85d51e16,0x00965c7b45640c3c,0x00487b2bb1162b97)}, + {FIELD_LITERAL(0x0099c73a311beec2,0x00a3eff38d8912ad,0x002efa9d1d7e8972,0x00f717ae1e14d126,0x002833f795850c8b,0x0066c12ad71486bd,0x00ae9889da4820eb,0x00d6044309555c08)}, + {FIELD_LITERAL(0x004b1c5283d15e41,0x00669d8ea308ff75,0x0004390233f762a1,0x00e1d67b83cb6cec,0x003eebaa964c78b1,0x006b0aff965eb664,0x00b313d4470bdc37,0x008814ffcb3cb9d8)}, + }}, {{ + {FIELD_LITERAL(0x009724b8ce68db70,0x007678b5ed006f3d,0x00bdf4b89c0abd73,0x00299748e04c7c6d,0x00ddd86492c3c977,0x00c5a7febfa30a99,0x00ed84715b4b02bb,0x00319568adf70486)}, + {FIELD_LITERAL(0x0070ff2d864de5bb,0x005a37eeb637ee95,0x0033741c258de160,0x00e6ca5cb1988f46,0x001ceabd92a24661,0x0030957bd500fe40,0x001c3362afe912c5,0x005187889f678bd2)}, + {FIELD_LITERAL(0x0086835fc62bbdc7,0x009c3516ca4910a1,0x00956c71f8d00783,0x0095c78fcf63235f,0x00fc7ff6ba05c222,0x00cdd8b3f8d74a52,0x00ac5ae16de8256e,0x00e9d4be8ed48624)}, + }}, {{ + {FIELD_LITERAL(0x00c0ce11405df2d8,0x004e3f37b293d7b6,0x002410172e1ac6db,0x00b8dbff4bf8143d,0x003a7b409d56eb66,0x003e0f6a0dfef9af,0x0081c4e4d3645be1,0x00ce76076b127623)}, + {FIELD_LITERAL(0x00f6ee0f98974239,0x0042d89af07d3a4f,0x00846b7fe84346b5,0x006a21fc6a8d39a1,0x00ac8bc2541ff2d9,0x006d4e2a77732732,0x009a39b694cc3f2f,0x0085c0aa2a404c8f)}, + {FIELD_LITERAL(0x00b261101a218548,0x00c1cae96424277b,0x00869da0a77dd268,0x00bc0b09f8ec83ea,0x00d61027f8e82ba9,0x00aa4c85999dce67,0x00eac3132b9f3fe1,0x00fb9b0cf1c695d2)}, + }}, {{ + {FIELD_LITERAL(0x0043079295512f0d,0x0046a009861758e0,0x003ee2842a807378,0x0034cc9d1298e4fa,0x009744eb4d31b3ee,0x00afacec96650cd0,0x00ac891b313761ae,0x00e864d6d26e708a)}, + {FIELD_LITERAL(0x00a84d7c8a23b491,0x0088e19aa868b27f,0x0005986d43e78ce9,0x00f28012f0606d28,0x0017ded7e10249b3,0x005ed4084b23af9b,0x00b9b0a940564472,0x00ad9056cceeb1f4)}, + {FIELD_LITERAL(0x00db91b357fe755e,0x00a1aa544b15359c,0x00af4931a0195574,0x007686124fe11aef,0x00d1ead3c7b9ef7e,0x00aaf5fc580f8c15,0x00e727be147ee1ec,0x003c61c1e1577b86)}, + }}, {{ + {FIELD_LITERAL(0x009d3fca983220cf,0x00cd11acbc853dc4,0x0017590409d27f1d,0x00d2176698082802,0x00fa01251b2838c8,0x00dd297a0d9b51c6,0x00d76c92c045820a,0x00534bc7c46c9033)}, + {FIELD_LITERAL(0x0080ed9bc9b07338,0x00fceac7745d2652,0x008a9d55f5f2cc69,0x0096ce72df301ac5,0x00f53232e7974d87,0x0071728c7ae73947,0x0090507602570778,0x00cb81cfd883b1b2)}, + {FIELD_LITERAL(0x005011aadea373da,0x003a8578ec896034,0x00f20a6535fa6d71,0x005152d31e5a87cf,0x002bac1c8e68ca31,0x00b0e323db4c1381,0x00f1d596b7d5ae25,0x00eae458097cb4e0)}, + }}, {{ + {FIELD_LITERAL(0x00920ac80f9b0d21,0x00f80f7f73401246,0x0086d37849b557d6,0x0002bd4b317b752e,0x00b26463993a42bb,0x002070422a73b129,0x00341acaa0380cb3,0x00541914dd66a1b2)}, + {FIELD_LITERAL(0x00c1513cd66abe8c,0x000139e01118944d,0x0064abbcb8080bbb,0x00b3b08202473142,0x00c629ef25da2403,0x00f0aec3310d9b7f,0x0050b2227472d8cd,0x00f6c8a922d41fb4)}, + {FIELD_LITERAL(0x001075ccf26b7b1f,0x00bb6bb213170433,0x00e9491ad262da79,0x009ef4f48d2d384c,0x008992770766f09d,0x001584396b6b1101,0x00af3f8676c9feef,0x0024603c40269118)}, + }}, {{ + {FIELD_LITERAL(0x009dd7b31319527c,0x001e7ac948d873a9,0x00fa54b46ef9673a,0x0066efb8d5b02fe6,0x00754b1d3928aeae,0x0004262ac72a6f6b,0x0079b7d49a6eb026,0x003126a753540102)}, + {FIELD_LITERAL(0x009666e24f693947,0x00f714311269d45f,0x0010ffac1d0c851c,0x0066e80c37363497,0x00f1f4ad010c60b0,0x0015c87408470ff7,0x00651d5e9c7766a4,0x008138819d7116de)}, + {FIELD_LITERAL(0x003934b11c57253b,0x00ef308edf21f46e,0x00e54e99c7a16198,0x0080d57135764e63,0x00751c27b946bc24,0x00dd389ce4e9e129,0x00a1a2bfd1cd84dc,0x002fae73e5149b32)}, + }}, {{ + {FIELD_LITERAL(0x00911657dffb4cdd,0x00c100b7cc553d06,0x00449d075ec467cc,0x007062100bc64e70,0x0043cf86f7bd21e7,0x00f401dc4b797dea,0x005224afb2f62e65,0x00d1ede3fb5a42be)}, + {FIELD_LITERAL(0x00f2ba36a41aa144,0x00a0c22d946ee18f,0x008aae8ef9a14f99,0x00eef4d79b19bb36,0x008e75ce3d27b1fc,0x00a65daa03b29a27,0x00d9cc83684eb145,0x009e1ed80cc2ed74)}, + {FIELD_LITERAL(0x00bed953d1997988,0x00b93ed175a24128,0x00871c5963fb6365,0x00ca2df20014a787,0x00f5d9c1d0b34322,0x00f6f5942818db0a,0x004cc091f49c9906,0x00e8a188a60bff9f)}, + }}, {{ + {FIELD_LITERAL(0x0032c7762032fae8,0x00e4087232e0bc21,0x00f767344b6e8d85,0x00bbf369b76c2aa2,0x008a1f46c6e1570c,0x001368cd9780369f,0x007359a39d079430,0x0003646512921434)}, + {FIELD_LITERAL(0x007c4b47ca7c73e7,0x005396221039734b,0x008b64ddf0e45d7e,0x00bfad5af285e6c2,0x008ec711c5b1a1a8,0x00cf663301237f98,0x00917ee3f1655126,0x004152f337efedd8)}, + {FIELD_LITERAL(0x0007c7edc9305daa,0x000a6664f273701c,0x00f6e78795e200b1,0x005d05b9ecd2473e,0x0014f5f17c865786,0x00c7fd2d166fa995,0x004939a2d8eb80e0,0x002244ba0942c199)}, + }}, {{ + {FIELD_LITERAL(0x00321e767f0262cf,0x002e57d776caf68e,0x00bf2c94814f0437,0x00c339196acd622f,0x001db4cce71e2770,0x001ded5ddba6eee2,0x0078608ab1554c8d,0x00067fe0ab76365b)}, + {FIELD_LITERAL(0x00f09758e11e3985,0x00169efdbd64fad3,0x00e8889b7d6dacd6,0x0035cdd58ea88209,0x00bcda47586d7f49,0x003cdddcb2879088,0x0016da70187e954b,0x009556ea2e92aacd)}, + {FIELD_LITERAL(0x008cab16bd1ff897,0x00b389972cdf753f,0x00ea8ed1e46dfdc0,0x004fe7ef94c589f4,0x002b8ae9b805ecf3,0x0025c08d892874a5,0x0023938e98d44c4c,0x00f759134cabf69c)}, + }}, {{ + {FIELD_LITERAL(0x006c2a84678e4b3b,0x007a194aacd1868f,0x00ed0225af424761,0x00da0a6f293c64b8,0x001062ac5c6a7a18,0x0030f5775a8aeef4,0x0002acaad76b7af0,0x00410b8fd63a579f)}, + {FIELD_LITERAL(0x001ec59db3d9590e,0x001e9e3f1c3f182d,0x0045a9c3ec2cab14,0x0008198572aeb673,0x00773b74068bd167,0x0012535eaa395434,0x0044dba9e3bbb74a,0x002fba4d3c74bd0e)}, + {FIELD_LITERAL(0x0042bf08fe66922c,0x003318b8fbb49e8c,0x00d75946004aa14c,0x00f601586b42bf1c,0x00c74cf1d912fe66,0x00abcb36974b30ad,0x007eb78720c9d2b8,0x009f54ab7bd4df85)}, + }}, {{ + {FIELD_LITERAL(0x00db9fc948f73826,0x00fa8b3746ed8ee9,0x00132cb65aafbeb2,0x00c36ff3fe7925b8,0x00837daed353d2fe,0x00ec661be0667cf4,0x005beb8ed2e90204,0x00d77dd69e564967)}, + {FIELD_LITERAL(0x0042e6268b861751,0x0008dd0469500c16,0x00b51b57c338a3fd,0x00cc4497d85cff6b,0x002f13d6b57c34a4,0x0083652eaf301105,0x00cc344294cc93a8,0x0060f4d02810e270)}, + {FIELD_LITERAL(0x00a8954363cd518b,0x00ad171124bccb7b,0x0065f46a4adaae00,0x001b1a5b2a96e500,0x0043fe24f8233285,0x0066996d8ae1f2c3,0x00c530f3264169f9,0x00c0f92d07cf6a57)}, + }}, {{ + {FIELD_LITERAL(0x0036a55c6815d943,0x008c8d1def993db3,0x002e0e1e8ff7318f,0x00d883a4b92db00a,0x002f5e781ae33906,0x001a72adb235c06d,0x00f2e59e736e9caa,0x001a4b58e3031914)}, + {FIELD_LITERAL(0x00d73bfae5e00844,0x00bf459766fb5f52,0x0061b4f5a5313cde,0x004392d4c3b95514,0x000d3551b1077523,0x0000998840ee5d71,0x006de6e340448b7b,0x00251aa504875d6e)}, + {FIELD_LITERAL(0x003bf343427ac342,0x00adc0a78642b8c5,0x0003b893175a8314,0x0061a34ade5703bc,0x00ea3ea8bb71d632,0x00be0df9a1f198c2,0x0046dd8e7c1635fb,0x00f1523fdd25d5e5)}, + }}, {{ + {FIELD_LITERAL(0x00633f63fc9dd406,0x00e713ff80e04a43,0x0060c6e970f2d621,0x00a57cd7f0df1891,0x00f2406a550650bb,0x00b064290efdc684,0x001eab0144d17916,0x00cd15f863c293ab)}, + {FIELD_LITERAL(0x0029cec55273f70d,0x007044ee275c6340,0x0040f637a93015e2,0x00338bb78db5aae9,0x001491b2a6132147,0x00a125d6cfe6bde3,0x005f7ac561ba8669,0x001d5eaea3fbaacf)}, + {FIELD_LITERAL(0x00054e9635e3be31,0x000e43f31e2872be,0x00d05b1c9e339841,0x006fac50bd81fd98,0x00cdc7852eaebb09,0x004ff519b061991b,0x009099e8107d4c85,0x00273e24c36a4a61)}, + }}, {{ + {FIELD_LITERAL(0x00070b4441ef2c46,0x00efa5b02801a109,0x00bf0b8c3ee64adf,0x008a67e0b3452e98,0x001916b1f2fa7a74,0x00d781a78ff6cdc3,0x008682ce57e5c919,0x00cc1109dd210da3)}, + {FIELD_LITERAL(0x00cae8aaff388663,0x005e983a35dda1c7,0x007ab1030d8e37f4,0x00e48940f5d032fe,0x006a36f9ef30b331,0x009be6f03958c757,0x0086231ceba91400,0x008bd0f7b823e7aa)}, + {FIELD_LITERAL(0x00cf881ebef5a45a,0x004ebea78e7c6f2c,0x0090da9209cf26a0,0x00de2b2e4c775b84,0x0071d6031c3c15ae,0x00d9e927ef177d70,0x00894ee8c23896fd,0x00e3b3b401e41aad)}, + }}, {{ + {FIELD_LITERAL(0x00204fef26864170,0x00819269c5dee0f8,0x00bfb4713ec97966,0x0026339a6f34df78,0x001f26e64c761dc2,0x00effe3af313cb60,0x00e17b70138f601b,0x00f16e1ccd9ede5e)}, + {FIELD_LITERAL(0x005d9a8353fdb2db,0x0055cc2048c698f0,0x00f6c4ac89657218,0x00525034d73faeb2,0x00435776fbda3c7d,0x0070ea5312323cbc,0x007a105d44d069fb,0x006dbc8d6dc786aa)}, + {FIELD_LITERAL(0x0017cff19cd394ec,0x00fef7b810922587,0x00e6483970dff548,0x00ddf36ad6874264,0x00e61778523fcce2,0x0093a66c0c93b24a,0x00fd367114db7f86,0x007652d7ddce26dd)}, + }}, {{ + {FIELD_LITERAL(0x00d92ced7ba12843,0x00aea9c7771e86e7,0x0046639693354f7b,0x00a628dbb6a80c47,0x003a0b0507372953,0x00421113ab45c0d9,0x00e545f08362ab7a,0x0028ce087b4d6d96)}, + {FIELD_LITERAL(0x00a67ee7cf9f99eb,0x005713b275f2ff68,0x00f1d536a841513d,0x00823b59b024712e,0x009c46b9d0d38cec,0x00cdb1595aa2d7d4,0x008375b3423d9af8,0x000ab0b516d978f7)}, + {FIELD_LITERAL(0x00428dcb3c510b0f,0x00585607ea24bb4e,0x003736bf1603687a,0x00c47e568c4fe3c7,0x003cd00282848605,0x0043a487c3b91939,0x004ffc04e1095a06,0x00a4c989a3d4b918)}, + }}, {{ + {FIELD_LITERAL(0x00a8778d0e429f7a,0x004c02b059105a68,0x0016653b609da3ff,0x00d5107bd1a12d27,0x00b4708f9a771cab,0x00bb63b662033f69,0x0072f322240e7215,0x0019445b59c69222)}, + {FIELD_LITERAL(0x00cf4f6069a658e6,0x0053ca52859436a6,0x0064b994d7e3e117,0x00cb469b9a07f534,0x00cfb68f399e9d47,0x00f0dcb8dac1c6e7,0x00f2ab67f538b3a5,0x0055544f178ab975)}, + {FIELD_LITERAL(0x0099b7a2685d538c,0x00e2f1897b7c0018,0x003adac8ce48dae3,0x00089276d5c50c0c,0x00172fca07ad6717,0x00cb1a72f54069e5,0x004ee42f133545b3,0x00785f8651362f16)}, + }}, {{ + {FIELD_LITERAL(0x0049cbac38509e11,0x0015234505d42cdf,0x00794fb0b5840f1c,0x00496437344045a5,0x0031b6d944e4f9b0,0x00b207318ac1f5d8,0x0000c840da7f5c5d,0x00526f373a5c8814)}, + {FIELD_LITERAL(0x002c7b7742d1dfd9,0x002cabeb18623c01,0x00055f5e3e044446,0x006c20f3b4ef54ba,0x00c600141ec6b35f,0x00354f437f1a32a3,0x00bac4624a3520f9,0x00c483f734a90691)}, + {FIELD_LITERAL(0x0053a737d422918d,0x00f7fca1d8758625,0x00c360336dadb04c,0x00f38e3d9158a1b8,0x0069ce3b418e84c6,0x005d1697eca16ead,0x00f8bd6a35ece13d,0x007885dfc2b5afea)}, + }}, {{ + {FIELD_LITERAL(0x00c3617ae260776c,0x00b20dc3e96922d7,0x00a1a7802246706a,0x00ca6505a5240244,0x002246b62d919782,0x001439102d7aa9b3,0x00e8af1139e6422c,0x00c888d1b52f2b05)}, + {FIELD_LITERAL(0x005b67690ffd41d9,0x005294f28df516f9,0x00a879272412fcb9,0x00098b629a6d1c8d,0x00fabd3c8050865a,0x00cd7e5b0a3879c5,0x00153238210f3423,0x00357cac101e9f42)}, + {FIELD_LITERAL(0x008917b454444fb7,0x00f59247c97e441b,0x00a6200a6815152d,0x0009a4228601d254,0x001c0360559bd374,0x007563362039cb36,0x00bd75b48d74e32b,0x0017f515ac3499e8)}, + }}, {{ + {FIELD_LITERAL(0x001532a7ffe41c5a,0x00eb1edce358d6bf,0x00ddbacc7b678a7b,0x008a7b70f3c841a3,0x00f1923bf27d3f4c,0x000b2713ed8f7873,0x00aaf67e29047902,0x0044994a70b3976d)}, + {FIELD_LITERAL(0x00d54e802082d42c,0x00a55aa0dce7cc6c,0x006477b96073f146,0x0082efe4ceb43594,0x00a922bcba026845,0x0077f19d1ab75182,0x00c2bb2737846e59,0x0004d7eec791dd33)}, + {FIELD_LITERAL(0x0044588d1a81d680,0x00b0a9097208e4f8,0x00212605350dc57e,0x0028717cd2871123,0x00fb083c100fd979,0x0045a056ce063fdf,0x00a5d604b4dd6a41,0x001dabc08ba4e236)}, + }}, {{ + {FIELD_LITERAL(0x00c4887198d7a7fa,0x00244f98fb45784a,0x0045911e15a15d01,0x001d323d374c0966,0x00967c3915196562,0x0039373abd2f3c67,0x000d2c5614312423,0x0041cf2215442ce3)}, + {FIELD_LITERAL(0x008ede889ada7f06,0x001611e91de2e135,0x00fdb9a458a471b9,0x00563484e03710d1,0x0031cc81925e3070,0x0062c97b3af80005,0x00fa733eea28edeb,0x00e82457e1ebbc88)}, + {FIELD_LITERAL(0x006a0df5fe9b6f59,0x00a0d4ff46040d92,0x004a7cedb6f93250,0x00d1df8855b8c357,0x00e73a46086fd058,0x0048fb0add6dfe59,0x001e03a28f1b4e3d,0x00a871c993308d76)}, + }}, {{ + {FIELD_LITERAL(0x0030dbb2d1766ec8,0x00586c0ad138555e,0x00d1a34f9e91c77c,0x0063408ad0e89014,0x00d61231b05f6f5b,0x0009abf569f5fd8a,0x00aec67a110f1c43,0x0031d1a790938dd7)}, + {FIELD_LITERAL(0x006cded841e2a862,0x00198d60af0ab6fb,0x0018f09db809e750,0x004e6ac676016263,0x00eafcd1620969cb,0x002c9784ca34917d,0x0054f00079796de7,0x00d9fab5c5972204)}, + {FIELD_LITERAL(0x004bd0fee2438a83,0x00b571e62b0f83bd,0x0059287d7ce74800,0x00fb3631b645c3f0,0x00a018e977f78494,0x0091e27065c27b12,0x007696c1817165e0,0x008c40be7c45ba3a)}, + }}, {{ + {FIELD_LITERAL(0x00a0f326327cb684,0x001c7d0f672680ff,0x008c1c81ffb112d1,0x00f8f801674eddc8,0x00e926d5d48c2a9d,0x005bd6d954c6fe9a,0x004c6b24b4e33703,0x00d05eb5c09105cc)}, + {FIELD_LITERAL(0x00d61731caacf2cf,0x002df0c7609e01c5,0x00306172208b1e2b,0x00b413fe4fb2b686,0x00826d360902a221,0x003f8d056e67e7f7,0x0065025b0175e989,0x00369add117865eb)}, + {FIELD_LITERAL(0x00aaf895aec2fa11,0x000f892bc313eb52,0x005b1c794dad050b,0x003f8ec4864cec14,0x00af81058d0b90e5,0x00ebe43e183997bb,0x00a9d610f9f3e615,0x007acd8eec2e88d3)}, + }}, {{ + {FIELD_LITERAL(0x0049b2fab13812a3,0x00846db32cd60431,0x000177fa578c8d6c,0x00047d0e2ad4bc51,0x00b158ba38d1e588,0x006a45daad79e3f3,0x000997b93cab887b,0x00c47ea42fa23dc3)}, + {FIELD_LITERAL(0x0012b6fef7aeb1ca,0x009412768194b6a7,0x00ff0d351f23ab93,0x007e8a14c1aff71b,0x006c1c0170c512bc,0x0016243ea02ab2e5,0x007bb6865b303f3e,0x0015ce6b29b159f4)}, + {FIELD_LITERAL(0x009961cd02e68108,0x00e2035d3a1d0836,0x005d51f69b5e1a1d,0x004bccb4ea36edcd,0x0069be6a7aeef268,0x0063f4dd9de8d5a7,0x006283783092ca35,0x0075a31af2c35409)}, + }}, {{ + {FIELD_LITERAL(0x00c412365162e8cf,0x00012283fb34388a,0x003e6543babf39e2,0x00eead6b3a804978,0x0099c0314e8b326f,0x00e98e0a8d477a4f,0x00d2eb96b127a687,0x00ed8d7df87571bb)}, + {FIELD_LITERAL(0x00777463e308cacf,0x00c8acb93950132d,0x00ebddbf4ca48b2c,0x0026ad7ca0795a0a,0x00f99a3d9a715064,0x000d60bcf9d4dfcc,0x005e65a73a437a06,0x0019d536a8db56c8)}, + {FIELD_LITERAL(0x00192d7dd558d135,0x0027cd6a8323ffa7,0x00239f1a412dc1e7,0x0046b4b3be74fc5c,0x0020c47a2bef5bce,0x00aa17e48f43862b,0x00f7e26c96342e5f,0x0008011c530f39a9)}, + }}, {{ + {FIELD_LITERAL(0x00aad4ac569bf0f1,0x00a67adc90b27740,0x0048551369a5751a,0x0031252584a3306a,0x0084e15df770e6fc,0x00d7bba1c74b5805,0x00a80ef223af1012,0x0089c85ceb843a34)}, + {FIELD_LITERAL(0x00c4545be4a54004,0x0099e11f60357e6c,0x001f3936d19515a6,0x007793df84341a6e,0x0051061886717ffa,0x00e9b0a660b28f85,0x0044ea685892de0d,0x000257d2a1fda9d9)}, + {FIELD_LITERAL(0x007e8b01b24ac8a8,0x006cf3b0b5ca1337,0x00f1607d3e36a570,0x0039b7fab82991a1,0x00231777065840c5,0x00998e5afdd346f9,0x00b7dc3e64acc85f,0x00baacc748013ad6)}, + }}, {{ + {FIELD_LITERAL(0x008ea6a4177580bf,0x005fa1953e3f0378,0x005fe409ac74d614,0x00452327f477e047,0x00a4018507fb6073,0x007b6e71951caac8,0x0012b42ab8a6ce91,0x0080eca677294ab7)}, + {FIELD_LITERAL(0x00a53edc023ba69b,0x00c6afa83ddde2e8,0x00c3f638b307b14e,0x004a357a64414062,0x00e4d94d8b582dc9,0x001739caf71695b7,0x0012431b2ae28de1,0x003b6bc98682907c)}, + {FIELD_LITERAL(0x008a9a93be1f99d6,0x0079fa627cc699c8,0x00b0cfb134ba84c8,0x001c4b778249419a,0x00df4ab3d9c44f40,0x009f596e6c1a9e3c,0x001979c0df237316,0x00501e953a919b87)}, + }} +}; +const niels_t *curve448_wnaf_base = curve448_wnaf_base_table; diff --git a/deps/openssl/openssl/crypto/ec/curve448/curve448utils.h b/deps/openssl/openssl/crypto/ec/curve448/curve448utils.h new file mode 100644 index 00000000000000..9bf837993c94bf --- /dev/null +++ b/deps/openssl/openssl/crypto/ec/curve448/curve448utils.h @@ -0,0 +1,78 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015 Cryptography Research, Inc. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + * + * Originally written by Mike Hamburg + */ + +#ifndef HEADER_CURVE448UTILS_H +# define HEADER_CURVE448UTILS_H + +# include + +/* + * Internal word types. Somewhat tricky. This could be decided separately per + * platform. However, the structs do need to be all the same size and + * alignment on a given platform to support dynamic linking, since even if you + * header was built with eg arch_neon, you might end up linking a library built + * with arch_arm32. + */ +# ifndef C448_WORD_BITS +# if (defined(__SIZEOF_INT128__) && (__SIZEOF_INT128__ == 16)) \ + && !defined(__sparc__) +# define C448_WORD_BITS 64 /* The number of bits in a word */ +# else +# define C448_WORD_BITS 32 /* The number of bits in a word */ +# endif +# endif + +# if C448_WORD_BITS == 64 +/* Word size for internal computations */ +typedef uint64_t c448_word_t; +/* Signed word size for internal computations */ +typedef int64_t c448_sword_t; +/* "Boolean" type, will be set to all-zero or all-one (i.e. -1u) */ +typedef uint64_t c448_bool_t; +/* Double-word size for internal computations */ +typedef __uint128_t c448_dword_t; +/* Signed double-word size for internal computations */ +typedef __int128_t c448_dsword_t; +# elif C448_WORD_BITS == 32 +/* Word size for internal computations */ +typedef uint32_t c448_word_t; +/* Signed word size for internal computations */ +typedef int32_t c448_sword_t; +/* "Boolean" type, will be set to all-zero or all-one (i.e. -1u) */ +typedef uint32_t c448_bool_t; +/* Double-word size for internal computations */ +typedef uint64_t c448_dword_t; +/* Signed double-word size for internal computations */ +typedef int64_t c448_dsword_t; +# else +# error "Only supporting C448_WORD_BITS = 32 or 64 for now" +# endif + +/* C448_TRUE = -1 so that C448_TRUE & x = x */ +# define C448_TRUE (0 - (c448_bool_t)1) + +/* C448_FALSE = 0 so that C448_FALSE & x = 0 */ +# define C448_FALSE 0 + +/* Another boolean type used to indicate success or failure. */ +typedef enum { + C448_SUCCESS = -1, /**< The operation succeeded. */ + C448_FAILURE = 0 /**< The operation failed. */ +} c448_error_t; + +/* Return success if x is true */ +static ossl_inline c448_error_t c448_succeed_if(c448_bool_t x) +{ + return (c448_error_t) x; +} + +#endif /* __C448_COMMON_H__ */ diff --git a/deps/openssl/openssl/crypto/ec/curve448/ed448.h b/deps/openssl/openssl/crypto/ec/curve448/ed448.h new file mode 100644 index 00000000000000..5fe939e8e19daa --- /dev/null +++ b/deps/openssl/openssl/crypto/ec/curve448/ed448.h @@ -0,0 +1,195 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2016 Cryptography Research, Inc. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + * + * Originally written by Mike Hamburg + */ + +#ifndef HEADER_ED448_H +# define HEADER_ED448_H + +# include "point_448.h" + +/* Number of bytes in an EdDSA public key. */ +# define EDDSA_448_PUBLIC_BYTES 57 + +/* Number of bytes in an EdDSA private key. */ +# define EDDSA_448_PRIVATE_BYTES EDDSA_448_PUBLIC_BYTES + +/* Number of bytes in an EdDSA private key. */ +# define EDDSA_448_SIGNATURE_BYTES (EDDSA_448_PUBLIC_BYTES + \ + EDDSA_448_PRIVATE_BYTES) + +/* EdDSA encoding ratio. */ +# define C448_EDDSA_ENCODE_RATIO 4 + +/* EdDSA decoding ratio. */ +# define C448_EDDSA_DECODE_RATIO (4 / 4) + +/* + * EdDSA key generation. This function uses a different (non-Decaf) encoding. + * + * pubkey (out): The public key. + * privkey (in): The private key. + */ +c448_error_t c448_ed448_derive_public_key( + uint8_t pubkey [EDDSA_448_PUBLIC_BYTES], + const uint8_t privkey [EDDSA_448_PRIVATE_BYTES]); + +/* + * EdDSA signing. + * + * signature (out): The signature. + * privkey (in): The private key. + * pubkey (in): The public key. + * message (in): The message to sign. + * message_len (in): The length of the message. + * prehashed (in): Nonzero if the message is actually the hash of something + * you want to sign. + * context (in): A "context" for this signature of up to 255 bytes. + * context_len (in): Length of the context. + * + * For Ed25519, it is unsafe to use the same key for both prehashed and + * non-prehashed messages, at least without some very careful protocol-level + * disambiguation. For Ed448 it is safe. + */ +c448_error_t c448_ed448_sign( + uint8_t signature[EDDSA_448_SIGNATURE_BYTES], + const uint8_t privkey[EDDSA_448_PRIVATE_BYTES], + const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], + const uint8_t *message, size_t message_len, + uint8_t prehashed, const uint8_t *context, + size_t context_len); + +/* + * EdDSA signing with prehash. + * + * signature (out): The signature. + * privkey (in): The private key. + * pubkey (in): The public key. + * hash (in): The hash of the message. This object will not be modified by the + * call. + * context (in): A "context" for this signature of up to 255 bytes. Must be the + * same as what was used for the prehash. + * context_len (in): Length of the context. + * + * For Ed25519, it is unsafe to use the same key for both prehashed and + * non-prehashed messages, at least without some very careful protocol-level + * disambiguation. For Ed448 it is safe. + */ +c448_error_t c448_ed448_sign_prehash( + uint8_t signature[EDDSA_448_SIGNATURE_BYTES], + const uint8_t privkey[EDDSA_448_PRIVATE_BYTES], + const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], + const uint8_t hash[64], + const uint8_t *context, + size_t context_len); + +/* + * EdDSA signature verification. + * + * Uses the standard (i.e. less-strict) verification formula. + * + * signature (in): The signature. + * pubkey (in): The public key. + * message (in): The message to verify. + * message_len (in): The length of the message. + * prehashed (in): Nonzero if the message is actually the hash of something you + * want to verify. + * context (in): A "context" for this signature of up to 255 bytes. + * context_len (in): Length of the context. + * + * For Ed25519, it is unsafe to use the same key for both prehashed and + * non-prehashed messages, at least without some very careful protocol-level + * disambiguation. For Ed448 it is safe. + */ +c448_error_t c448_ed448_verify(const uint8_t + signature[EDDSA_448_SIGNATURE_BYTES], + const uint8_t + pubkey[EDDSA_448_PUBLIC_BYTES], + const uint8_t *message, size_t message_len, + uint8_t prehashed, const uint8_t *context, + uint8_t context_len); + +/* + * EdDSA signature verification. + * + * Uses the standard (i.e. less-strict) verification formula. + * + * signature (in): The signature. + * pubkey (in): The public key. + * hash (in): The hash of the message. This object will not be modified by the + * call. + * context (in): A "context" for this signature of up to 255 bytes. Must be the + * same as what was used for the prehash. + * context_len (in): Length of the context. + * + * For Ed25519, it is unsafe to use the same key for both prehashed and + * non-prehashed messages, at least without some very careful protocol-level + * disambiguation. For Ed448 it is safe. + */ +c448_error_t c448_ed448_verify_prehash( + const uint8_t signature[EDDSA_448_SIGNATURE_BYTES], + const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], + const uint8_t hash[64], + const uint8_t *context, + uint8_t context_len); + +/* + * EdDSA point encoding. Used internally, exposed externally. + * Multiplies by C448_EDDSA_ENCODE_RATIO first. + * + * The multiplication is required because the EdDSA encoding represents + * the cofactor information, but the Decaf encoding ignores it (which + * is the whole point). So if you decode from EdDSA and re-encode to + * EdDSA, the cofactor info must get cleared, because the intermediate + * representation doesn't track it. + * + * The way we handle this is to multiply by C448_EDDSA_DECODE_RATIO when + * decoding, and by C448_EDDSA_ENCODE_RATIO when encoding. The product of + * these ratios is always exactly the cofactor 4, so the cofactor ends up + * cleared one way or another. But exactly how that shakes out depends on the + * base points specified in RFC 8032. + * + * The upshot is that if you pass the Decaf/Ristretto base point to + * this function, you will get C448_EDDSA_ENCODE_RATIO times the + * EdDSA base point. + * + * enc (out): The encoded point. + * p (in): The point. + */ +void curve448_point_mul_by_ratio_and_encode_like_eddsa( + uint8_t enc [EDDSA_448_PUBLIC_BYTES], + const curve448_point_t p); + +/* + * EdDSA point decoding. Multiplies by C448_EDDSA_DECODE_RATIO, and + * ignores cofactor information. + * + * See notes on curve448_point_mul_by_ratio_and_encode_like_eddsa + * + * enc (out): The encoded point. + * p (in): The point. + */ +c448_error_t curve448_point_decode_like_eddsa_and_mul_by_ratio( + curve448_point_t p, + const uint8_t enc[EDDSA_448_PUBLIC_BYTES]); + +/* + * EdDSA to ECDH private key conversion + * Using the appropriate hash function, hash the EdDSA private key + * and keep only the lower bytes to get the ECDH private key + * + * x (out): The ECDH private key as in RFC7748 + * ed (in): The EdDSA private key + */ +c448_error_t c448_ed448_convert_private_key_to_x448( + uint8_t x[X448_PRIVATE_BYTES], + const uint8_t ed[EDDSA_448_PRIVATE_BYTES]); + +#endif /* HEADER_ED448_H */ diff --git a/deps/openssl/openssl/crypto/ec/curve448/eddsa.c b/deps/openssl/openssl/crypto/ec/curve448/eddsa.c new file mode 100644 index 00000000000000..909413a535a8e9 --- /dev/null +++ b/deps/openssl/openssl/crypto/ec/curve448/eddsa.c @@ -0,0 +1,346 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2016 Cryptography Research, Inc. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + * + * Originally written by Mike Hamburg + */ +#include +#include +#include +#include "curve448_lcl.h" +#include "word.h" +#include "ed448.h" +#include "internal/numbers.h" + +#define COFACTOR 4 + +static c448_error_t oneshot_hash(uint8_t *out, size_t outlen, + const uint8_t *in, size_t inlen) +{ + EVP_MD_CTX *hashctx = EVP_MD_CTX_new(); + + if (hashctx == NULL) + return C448_FAILURE; + + if (!EVP_DigestInit_ex(hashctx, EVP_shake256(), NULL) + || !EVP_DigestUpdate(hashctx, in, inlen) + || !EVP_DigestFinalXOF(hashctx, out, outlen)) { + EVP_MD_CTX_free(hashctx); + return C448_FAILURE; + } + + EVP_MD_CTX_free(hashctx); + return C448_SUCCESS; +} + +static void clamp(uint8_t secret_scalar_ser[EDDSA_448_PRIVATE_BYTES]) +{ + secret_scalar_ser[0] &= -COFACTOR; + secret_scalar_ser[EDDSA_448_PRIVATE_BYTES - 1] = 0; + secret_scalar_ser[EDDSA_448_PRIVATE_BYTES - 2] |= 0x80; +} + +static c448_error_t hash_init_with_dom(EVP_MD_CTX *hashctx, uint8_t prehashed, + uint8_t for_prehash, + const uint8_t *context, + size_t context_len) +{ + const char *dom_s = "SigEd448"; + uint8_t dom[2]; + + if (context_len > UINT8_MAX) + return C448_FAILURE; + + dom[0] = (uint8_t)(2 - (prehashed == 0 ? 1 : 0) + - (for_prehash == 0 ? 1 : 0)); + dom[1] = (uint8_t)context_len; + + if (!EVP_DigestInit_ex(hashctx, EVP_shake256(), NULL) + || !EVP_DigestUpdate(hashctx, dom_s, strlen(dom_s)) + || !EVP_DigestUpdate(hashctx, dom, sizeof(dom)) + || !EVP_DigestUpdate(hashctx, context, context_len)) + return C448_FAILURE; + + return C448_SUCCESS; +} + +/* In this file because it uses the hash */ +c448_error_t c448_ed448_convert_private_key_to_x448( + uint8_t x[X448_PRIVATE_BYTES], + const uint8_t ed [EDDSA_448_PRIVATE_BYTES]) +{ + /* pass the private key through oneshot_hash function */ + /* and keep the first X448_PRIVATE_BYTES bytes */ + return oneshot_hash(x, X448_PRIVATE_BYTES, ed, + EDDSA_448_PRIVATE_BYTES); +} + +c448_error_t c448_ed448_derive_public_key( + uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], + const uint8_t privkey[EDDSA_448_PRIVATE_BYTES]) +{ + /* only this much used for keygen */ + uint8_t secret_scalar_ser[EDDSA_448_PRIVATE_BYTES]; + curve448_scalar_t secret_scalar; + unsigned int c; + curve448_point_t p; + + if (!oneshot_hash(secret_scalar_ser, sizeof(secret_scalar_ser), privkey, + EDDSA_448_PRIVATE_BYTES)) + return C448_FAILURE; + + clamp(secret_scalar_ser); + + curve448_scalar_decode_long(secret_scalar, secret_scalar_ser, + sizeof(secret_scalar_ser)); + + /* + * Since we are going to mul_by_cofactor during encoding, divide by it + * here. However, the EdDSA base point is not the same as the decaf base + * point if the sigma isogeny is in use: the EdDSA base point is on + * Etwist_d/(1-d) and the decaf base point is on Etwist_d, and when + * converted it effectively picks up a factor of 2 from the isogenies. So + * we might start at 2 instead of 1. + */ + for (c = 1; c < C448_EDDSA_ENCODE_RATIO; c <<= 1) + curve448_scalar_halve(secret_scalar, secret_scalar); + + curve448_precomputed_scalarmul(p, curve448_precomputed_base, secret_scalar); + + curve448_point_mul_by_ratio_and_encode_like_eddsa(pubkey, p); + + /* Cleanup */ + curve448_scalar_destroy(secret_scalar); + curve448_point_destroy(p); + OPENSSL_cleanse(secret_scalar_ser, sizeof(secret_scalar_ser)); + + return C448_SUCCESS; +} + +c448_error_t c448_ed448_sign( + uint8_t signature[EDDSA_448_SIGNATURE_BYTES], + const uint8_t privkey[EDDSA_448_PRIVATE_BYTES], + const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], + const uint8_t *message, size_t message_len, + uint8_t prehashed, const uint8_t *context, + size_t context_len) +{ + curve448_scalar_t secret_scalar; + EVP_MD_CTX *hashctx = EVP_MD_CTX_new(); + c448_error_t ret = C448_FAILURE; + curve448_scalar_t nonce_scalar; + uint8_t nonce_point[EDDSA_448_PUBLIC_BYTES] = { 0 }; + unsigned int c; + curve448_scalar_t challenge_scalar; + + if (hashctx == NULL) + return C448_FAILURE; + + { + /* + * Schedule the secret key, First EDDSA_448_PRIVATE_BYTES is serialised + * secret scalar,next EDDSA_448_PRIVATE_BYTES bytes is the seed. + */ + uint8_t expanded[EDDSA_448_PRIVATE_BYTES * 2]; + + if (!oneshot_hash(expanded, sizeof(expanded), privkey, + EDDSA_448_PRIVATE_BYTES)) + goto err; + clamp(expanded); + curve448_scalar_decode_long(secret_scalar, expanded, + EDDSA_448_PRIVATE_BYTES); + + /* Hash to create the nonce */ + if (!hash_init_with_dom(hashctx, prehashed, 0, context, context_len) + || !EVP_DigestUpdate(hashctx, + expanded + EDDSA_448_PRIVATE_BYTES, + EDDSA_448_PRIVATE_BYTES) + || !EVP_DigestUpdate(hashctx, message, message_len)) { + OPENSSL_cleanse(expanded, sizeof(expanded)); + goto err; + } + OPENSSL_cleanse(expanded, sizeof(expanded)); + } + + /* Decode the nonce */ + { + uint8_t nonce[2 * EDDSA_448_PRIVATE_BYTES]; + + if (!EVP_DigestFinalXOF(hashctx, nonce, sizeof(nonce))) + goto err; + curve448_scalar_decode_long(nonce_scalar, nonce, sizeof(nonce)); + OPENSSL_cleanse(nonce, sizeof(nonce)); + } + + { + /* Scalarmul to create the nonce-point */ + curve448_scalar_t nonce_scalar_2; + curve448_point_t p; + + curve448_scalar_halve(nonce_scalar_2, nonce_scalar); + for (c = 2; c < C448_EDDSA_ENCODE_RATIO; c <<= 1) + curve448_scalar_halve(nonce_scalar_2, nonce_scalar_2); + + curve448_precomputed_scalarmul(p, curve448_precomputed_base, + nonce_scalar_2); + curve448_point_mul_by_ratio_and_encode_like_eddsa(nonce_point, p); + curve448_point_destroy(p); + curve448_scalar_destroy(nonce_scalar_2); + } + + { + uint8_t challenge[2 * EDDSA_448_PRIVATE_BYTES]; + + /* Compute the challenge */ + if (!hash_init_with_dom(hashctx, prehashed, 0, context, context_len) + || !EVP_DigestUpdate(hashctx, nonce_point, sizeof(nonce_point)) + || !EVP_DigestUpdate(hashctx, pubkey, EDDSA_448_PUBLIC_BYTES) + || !EVP_DigestUpdate(hashctx, message, message_len) + || !EVP_DigestFinalXOF(hashctx, challenge, sizeof(challenge))) + goto err; + + curve448_scalar_decode_long(challenge_scalar, challenge, + sizeof(challenge)); + OPENSSL_cleanse(challenge, sizeof(challenge)); + } + + curve448_scalar_mul(challenge_scalar, challenge_scalar, secret_scalar); + curve448_scalar_add(challenge_scalar, challenge_scalar, nonce_scalar); + + OPENSSL_cleanse(signature, EDDSA_448_SIGNATURE_BYTES); + memcpy(signature, nonce_point, sizeof(nonce_point)); + curve448_scalar_encode(&signature[EDDSA_448_PUBLIC_BYTES], + challenge_scalar); + + curve448_scalar_destroy(secret_scalar); + curve448_scalar_destroy(nonce_scalar); + curve448_scalar_destroy(challenge_scalar); + + ret = C448_SUCCESS; + err: + EVP_MD_CTX_free(hashctx); + return ret; +} + +c448_error_t c448_ed448_sign_prehash( + uint8_t signature[EDDSA_448_SIGNATURE_BYTES], + const uint8_t privkey[EDDSA_448_PRIVATE_BYTES], + const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], + const uint8_t hash[64], const uint8_t *context, + size_t context_len) +{ + return c448_ed448_sign(signature, privkey, pubkey, hash, 64, 1, context, + context_len); +} + +c448_error_t c448_ed448_verify( + const uint8_t signature[EDDSA_448_SIGNATURE_BYTES], + const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], + const uint8_t *message, size_t message_len, + uint8_t prehashed, const uint8_t *context, + uint8_t context_len) +{ + curve448_point_t pk_point, r_point; + c448_error_t error = + curve448_point_decode_like_eddsa_and_mul_by_ratio(pk_point, pubkey); + curve448_scalar_t challenge_scalar; + curve448_scalar_t response_scalar; + + if (C448_SUCCESS != error) + return error; + + error = + curve448_point_decode_like_eddsa_and_mul_by_ratio(r_point, signature); + if (C448_SUCCESS != error) + return error; + + { + /* Compute the challenge */ + EVP_MD_CTX *hashctx = EVP_MD_CTX_new(); + uint8_t challenge[2 * EDDSA_448_PRIVATE_BYTES]; + + if (hashctx == NULL + || !hash_init_with_dom(hashctx, prehashed, 0, context, + context_len) + || !EVP_DigestUpdate(hashctx, signature, EDDSA_448_PUBLIC_BYTES) + || !EVP_DigestUpdate(hashctx, pubkey, EDDSA_448_PUBLIC_BYTES) + || !EVP_DigestUpdate(hashctx, message, message_len) + || !EVP_DigestFinalXOF(hashctx, challenge, sizeof(challenge))) { + EVP_MD_CTX_free(hashctx); + return C448_FAILURE; + } + + EVP_MD_CTX_free(hashctx); + curve448_scalar_decode_long(challenge_scalar, challenge, + sizeof(challenge)); + OPENSSL_cleanse(challenge, sizeof(challenge)); + } + curve448_scalar_sub(challenge_scalar, curve448_scalar_zero, + challenge_scalar); + + curve448_scalar_decode_long(response_scalar, + &signature[EDDSA_448_PUBLIC_BYTES], + EDDSA_448_PRIVATE_BYTES); + + /* pk_point = -c(x(P)) + (cx + k)G = kG */ + curve448_base_double_scalarmul_non_secret(pk_point, + response_scalar, + pk_point, challenge_scalar); + return c448_succeed_if(curve448_point_eq(pk_point, r_point)); +} + +c448_error_t c448_ed448_verify_prehash( + const uint8_t signature[EDDSA_448_SIGNATURE_BYTES], + const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], + const uint8_t hash[64], const uint8_t *context, + uint8_t context_len) +{ + return c448_ed448_verify(signature, pubkey, hash, 64, 1, context, + context_len); +} + +int ED448_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len, + const uint8_t public_key[57], const uint8_t private_key[57], + const uint8_t *context, size_t context_len) +{ + return c448_ed448_sign(out_sig, private_key, public_key, message, + message_len, 0, context, context_len) + == C448_SUCCESS; +} + +int ED448_verify(const uint8_t *message, size_t message_len, + const uint8_t signature[114], const uint8_t public_key[57], + const uint8_t *context, size_t context_len) +{ + return c448_ed448_verify(signature, public_key, message, message_len, 0, + context, (uint8_t)context_len) == C448_SUCCESS; +} + +int ED448ph_sign(uint8_t *out_sig, const uint8_t hash[64], + const uint8_t public_key[57], const uint8_t private_key[57], + const uint8_t *context, size_t context_len) +{ + return c448_ed448_sign_prehash(out_sig, private_key, public_key, hash, + context, context_len) == C448_SUCCESS; + +} + +int ED448ph_verify(const uint8_t hash[64], const uint8_t signature[114], + const uint8_t public_key[57], const uint8_t *context, + size_t context_len) +{ + return c448_ed448_verify_prehash(signature, public_key, hash, context, + (uint8_t)context_len) == C448_SUCCESS; +} + +int ED448_public_from_private(uint8_t out_public_key[57], + const uint8_t private_key[57]) +{ + return c448_ed448_derive_public_key(out_public_key, private_key) + == C448_SUCCESS; +} diff --git a/deps/openssl/openssl/crypto/ec/curve448/f_generic.c b/deps/openssl/openssl/crypto/ec/curve448/f_generic.c new file mode 100644 index 00000000000000..ed8f36d868f968 --- /dev/null +++ b/deps/openssl/openssl/crypto/ec/curve448/f_generic.c @@ -0,0 +1,204 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2016 Cryptography Research, Inc. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + * + * Originally written by Mike Hamburg + */ +#include "field.h" + +static const gf MODULUS = { + FIELD_LITERAL(0xffffffffffffff, 0xffffffffffffff, 0xffffffffffffff, + 0xffffffffffffff, 0xfffffffffffffe, 0xffffffffffffff, + 0xffffffffffffff, 0xffffffffffffff) +}; + +/* Serialize to wire format. */ +void gf_serialize(uint8_t serial[SER_BYTES], const gf x, int with_hibit) +{ + unsigned int j = 0, fill = 0; + dword_t buffer = 0; + int i; + gf red; + + gf_copy(red, x); + gf_strong_reduce(red); + if (!with_hibit) + assert(gf_hibit(red) == 0); + + for (i = 0; i < (with_hibit ? X_SER_BYTES : SER_BYTES); i++) { + if (fill < 8 && j < NLIMBS) { + buffer |= ((dword_t) red->limb[LIMBPERM(j)]) << fill; + fill += LIMB_PLACE_VALUE(LIMBPERM(j)); + j++; + } + serial[i] = (uint8_t)buffer; + fill -= 8; + buffer >>= 8; + } +} + +/* Return high bit of x = low bit of 2x mod p */ +mask_t gf_hibit(const gf x) +{ + gf y; + + gf_add(y, x, x); + gf_strong_reduce(y); + return 0 - (y->limb[0] & 1); +} + +/* Return high bit of x = low bit of 2x mod p */ +mask_t gf_lobit(const gf x) +{ + gf y; + + gf_copy(y, x); + gf_strong_reduce(y); + return 0 - (y->limb[0] & 1); +} + +/* Deserialize from wire format; return -1 on success and 0 on failure. */ +mask_t gf_deserialize(gf x, const uint8_t serial[SER_BYTES], int with_hibit, + uint8_t hi_nmask) +{ + unsigned int j = 0, fill = 0; + dword_t buffer = 0; + dsword_t scarry = 0; + const unsigned nbytes = with_hibit ? X_SER_BYTES : SER_BYTES; + unsigned int i; + mask_t succ; + + for (i = 0; i < NLIMBS; i++) { + while (fill < LIMB_PLACE_VALUE(LIMBPERM(i)) && j < nbytes) { + uint8_t sj; + + sj = serial[j]; + if (j == nbytes - 1) + sj &= ~hi_nmask; + buffer |= ((dword_t) sj) << fill; + fill += 8; + j++; + } + x->limb[LIMBPERM(i)] = (word_t) + ((i < NLIMBS - 1) ? buffer & LIMB_MASK(LIMBPERM(i)) : buffer); + fill -= LIMB_PLACE_VALUE(LIMBPERM(i)); + buffer >>= LIMB_PLACE_VALUE(LIMBPERM(i)); + scarry = + (scarry + x->limb[LIMBPERM(i)] - + MODULUS->limb[LIMBPERM(i)]) >> (8 * sizeof(word_t)); + } + succ = with_hibit ? 0 - (mask_t) 1 : ~gf_hibit(x); + return succ & word_is_zero((word_t)buffer) & ~word_is_zero((word_t)scarry); +} + +/* Reduce to canonical form. */ +void gf_strong_reduce(gf a) +{ + dsword_t scarry; + word_t scarry_0; + dword_t carry = 0; + unsigned int i; + + /* first, clear high */ + gf_weak_reduce(a); /* Determined to have negligible perf impact. */ + + /* now the total is less than 2p */ + + /* compute total_value - p. No need to reduce mod p. */ + scarry = 0; + for (i = 0; i < NLIMBS; i++) { + scarry = scarry + a->limb[LIMBPERM(i)] - MODULUS->limb[LIMBPERM(i)]; + a->limb[LIMBPERM(i)] = scarry & LIMB_MASK(LIMBPERM(i)); + scarry >>= LIMB_PLACE_VALUE(LIMBPERM(i)); + } + + /* + * uncommon case: it was >= p, so now scarry = 0 and this = x common case: + * it was < p, so now scarry = -1 and this = x - p + 2^255 so let's add + * back in p. will carry back off the top for 2^255. + */ + assert(scarry == 0 || scarry == -1); + + scarry_0 = (word_t)scarry; + + /* add it back */ + for (i = 0; i < NLIMBS; i++) { + carry = + carry + a->limb[LIMBPERM(i)] + + (scarry_0 & MODULUS->limb[LIMBPERM(i)]); + a->limb[LIMBPERM(i)] = carry & LIMB_MASK(LIMBPERM(i)); + carry >>= LIMB_PLACE_VALUE(LIMBPERM(i)); + } + + assert(carry < 2 && ((word_t)carry + scarry_0) == 0); +} + +/* Subtract two gf elements d=a-b */ +void gf_sub(gf d, const gf a, const gf b) +{ + gf_sub_RAW(d, a, b); + gf_bias(d, 2); + gf_weak_reduce(d); +} + +/* Add two field elements d = a+b */ +void gf_add(gf d, const gf a, const gf b) +{ + gf_add_RAW(d, a, b); + gf_weak_reduce(d); +} + +/* Compare a==b */ +mask_t gf_eq(const gf a, const gf b) +{ + gf c; + mask_t ret = 0; + unsigned int i; + + gf_sub(c, a, b); + gf_strong_reduce(c); + + for (i = 0; i < NLIMBS; i++) + ret |= c->limb[LIMBPERM(i)]; + + return word_is_zero(ret); +} + +mask_t gf_isr(gf a, const gf x) +{ + gf L0, L1, L2; + + gf_sqr(L1, x); + gf_mul(L2, x, L1); + gf_sqr(L1, L2); + gf_mul(L2, x, L1); + gf_sqrn(L1, L2, 3); + gf_mul(L0, L2, L1); + gf_sqrn(L1, L0, 3); + gf_mul(L0, L2, L1); + gf_sqrn(L2, L0, 9); + gf_mul(L1, L0, L2); + gf_sqr(L0, L1); + gf_mul(L2, x, L0); + gf_sqrn(L0, L2, 18); + gf_mul(L2, L1, L0); + gf_sqrn(L0, L2, 37); + gf_mul(L1, L2, L0); + gf_sqrn(L0, L1, 37); + gf_mul(L1, L2, L0); + gf_sqrn(L0, L1, 111); + gf_mul(L2, L1, L0); + gf_sqr(L0, L2); + gf_mul(L1, x, L0); + gf_sqrn(L0, L1, 223); + gf_mul(L1, L2, L0); + gf_sqr(L2, L1); + gf_mul(L0, L2, x); + gf_copy(a, L1); + return gf_eq(L0, ONE); +} diff --git a/deps/openssl/openssl/crypto/ec/curve448/field.h b/deps/openssl/openssl/crypto/ec/curve448/field.h new file mode 100644 index 00000000000000..d96d4c023d446f --- /dev/null +++ b/deps/openssl/openssl/crypto/ec/curve448/field.h @@ -0,0 +1,168 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014 Cryptography Research, Inc. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + * + * Originally written by Mike Hamburg + */ + +#ifndef HEADER_FIELD_H +# define HEADER_FIELD_H + +# include "internal/constant_time_locl.h" +# include +# include +# include "word.h" + +# define NLIMBS (64/sizeof(word_t)) +# define X_SER_BYTES 56 +# define SER_BYTES 56 + +# if defined(__GNUC__) || defined(__clang__) +# define INLINE_UNUSED __inline__ __attribute__((__unused__,__always_inline__)) +# define RESTRICT __restrict__ +# define ALIGNED __attribute__((__aligned__(16))) +# else +# define INLINE_UNUSED ossl_inline +# define RESTRICT +# define ALIGNED +# endif + +typedef struct gf_s { + word_t limb[NLIMBS]; +} ALIGNED gf_s, gf[1]; + +/* RFC 7748 support */ +# define X_PUBLIC_BYTES X_SER_BYTES +# define X_PRIVATE_BYTES X_PUBLIC_BYTES +# define X_PRIVATE_BITS 448 + +static INLINE_UNUSED void gf_copy(gf out, const gf a) +{ + *out = *a; +} + +static INLINE_UNUSED void gf_add_RAW(gf out, const gf a, const gf b); +static INLINE_UNUSED void gf_sub_RAW(gf out, const gf a, const gf b); +static INLINE_UNUSED void gf_bias(gf inout, int amount); +static INLINE_UNUSED void gf_weak_reduce(gf inout); + +void gf_strong_reduce(gf inout); +void gf_add(gf out, const gf a, const gf b); +void gf_sub(gf out, const gf a, const gf b); +void gf_mul(gf_s * RESTRICT out, const gf a, const gf b); +void gf_mulw_unsigned(gf_s * RESTRICT out, const gf a, uint32_t b); +void gf_sqr(gf_s * RESTRICT out, const gf a); +mask_t gf_isr(gf a, const gf x); /** a^2 x = 1, QNR, or 0 if x=0. Return true if successful */ +mask_t gf_eq(const gf x, const gf y); +mask_t gf_lobit(const gf x); +mask_t gf_hibit(const gf x); + +void gf_serialize(uint8_t *serial, const gf x, int with_highbit); +mask_t gf_deserialize(gf x, const uint8_t serial[SER_BYTES], int with_hibit, + uint8_t hi_nmask); + +# include "f_impl.h" /* Bring in the inline implementations */ + +# define LIMBPERM(i) (i) +# define LIMB_MASK(i) (((1)< 0); + if (n & 1) { + gf_sqr(y, x); + n--; + } else { + gf_sqr(tmp, x); + gf_sqr(y, tmp); + n -= 2; + } + for (; n; n -= 2) { + gf_sqr(tmp, y); + gf_sqr(y, tmp); + } +} + +# define gf_add_nr gf_add_RAW + +/* Subtract mod p. Bias by 2 and don't reduce */ +static ossl_inline void gf_sub_nr(gf c, const gf a, const gf b) +{ + gf_sub_RAW(c, a, b); + gf_bias(c, 2); + if (GF_HEADROOM < 3) + gf_weak_reduce(c); +} + +/* Subtract mod p. Bias by amt but don't reduce. */ +static ossl_inline void gf_subx_nr(gf c, const gf a, const gf b, int amt) +{ + gf_sub_RAW(c, a, b); + gf_bias(c, amt); + if (GF_HEADROOM < amt + 1) + gf_weak_reduce(c); +} + +/* Mul by signed int. Not constant-time WRT the sign of that int. */ +static ossl_inline void gf_mulw(gf c, const gf a, int32_t w) +{ + if (w > 0) { + gf_mulw_unsigned(c, a, w); + } else { + gf_mulw_unsigned(c, a, -w); + gf_sub(c, ZERO, c); + } +} + +/* Constant time, x = is_z ? z : y */ +static ossl_inline void gf_cond_sel(gf x, const gf y, const gf z, mask_t is_z) +{ + size_t i; + + for (i = 0; i < NLIMBS; i++) { +#if ARCH_WORD_BITS == 32 + x[0].limb[i] = constant_time_select_32(is_z, z[0].limb[i], + y[0].limb[i]); +#else + /* Must be 64 bit */ + x[0].limb[i] = constant_time_select_64(is_z, z[0].limb[i], + y[0].limb[i]); +#endif + } +} + +/* Constant time, if (neg) x=-x; */ +static ossl_inline void gf_cond_neg(gf x, mask_t neg) +{ + gf y; + + gf_sub(y, ZERO, x); + gf_cond_sel(x, x, y, neg); +} + +/* Constant time, if (swap) (x,y) = (y,x); */ +static ossl_inline void gf_cond_swap(gf x, gf_s * RESTRICT y, mask_t swap) +{ + size_t i; + + for (i = 0; i < NLIMBS; i++) { +#if ARCH_WORD_BITS == 32 + constant_time_cond_swap_32(swap, &(x[0].limb[i]), &(y->limb[i])); +#else + /* Must be 64 bit */ + constant_time_cond_swap_64(swap, &(x[0].limb[i]), &(y->limb[i])); +#endif + } +} + +#endif /* HEADER_FIELD_H */ diff --git a/deps/openssl/openssl/crypto/ec/curve448/point_448.h b/deps/openssl/openssl/crypto/ec/curve448/point_448.h new file mode 100644 index 00000000000000..9dabb89090b69e --- /dev/null +++ b/deps/openssl/openssl/crypto/ec/curve448/point_448.h @@ -0,0 +1,301 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2016 Cryptography Research, Inc. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + * + * Originally written by Mike Hamburg + */ + +#ifndef HEADER_POINT_448_H +# define HEADER_POINT_448_H + +# include "curve448utils.h" +# include "field.h" + +/* Comb config: number of combs, n, t, s. */ +#define COMBS_N 5 +#define COMBS_T 5 +#define COMBS_S 18 + +/* Projective Niels coordinates */ +typedef struct { + gf a, b, c; +} niels_s, niels_t[1]; +typedef struct { + niels_t n; + gf z; +} pniels_t[1]; + +/* Precomputed base */ +struct curve448_precomputed_s { + niels_t table[COMBS_N << (COMBS_T - 1)]; +}; + +# define C448_SCALAR_LIMBS ((446-1)/C448_WORD_BITS+1) + +/* The number of bits in a scalar */ +# define C448_SCALAR_BITS 446 + +/* Number of bytes in a serialized scalar. */ +# define C448_SCALAR_BYTES 56 + +/* X448 encoding ratio. */ +# define X448_ENCODE_RATIO 2 + +/* Number of bytes in an x448 public key */ +# define X448_PUBLIC_BYTES 56 + +/* Number of bytes in an x448 private key */ +# define X448_PRIVATE_BYTES 56 + +/* Twisted Edwards extended homogeneous coordinates */ +typedef struct curve448_point_s { + gf x, y, z, t; +} curve448_point_t[1]; + +/* Precomputed table based on a point. Can be trivial implementation. */ +struct curve448_precomputed_s; + +/* Precomputed table based on a point. Can be trivial implementation. */ +typedef struct curve448_precomputed_s curve448_precomputed_s; + +/* Scalar is stored packed, because we don't need the speed. */ +typedef struct curve448_scalar_s { + c448_word_t limb[C448_SCALAR_LIMBS]; +} curve448_scalar_t[1]; + +/* A scalar equal to 1. */ +extern const curve448_scalar_t curve448_scalar_one; + +/* A scalar equal to 0. */ +extern const curve448_scalar_t curve448_scalar_zero; + +/* The identity point on the curve. */ +extern const curve448_point_t curve448_point_identity; + +/* Precomputed table for the base point on the curve. */ +extern const struct curve448_precomputed_s *curve448_precomputed_base; +extern const niels_t *curve448_wnaf_base; + +/* + * Read a scalar from wire format or from bytes. + * + * ser (in): Serialized form of a scalar. + * out (out): Deserialized form. + * + * Returns: + * C448_SUCCESS: The scalar was correctly encoded. + * C448_FAILURE: The scalar was greater than the modulus, and has been reduced + * modulo that modulus. + */ +c448_error_t curve448_scalar_decode(curve448_scalar_t out, + const unsigned char ser[C448_SCALAR_BYTES]); + +/* + * Read a scalar from wire format or from bytes. Reduces mod scalar prime. + * + * ser (in): Serialized form of a scalar. + * ser_len (in): Length of serialized form. + * out (out): Deserialized form. + */ +void curve448_scalar_decode_long(curve448_scalar_t out, + const unsigned char *ser, size_t ser_len); + +/* + * Serialize a scalar to wire format. + * + * ser (out): Serialized form of a scalar. + * s (in): Deserialized scalar. + */ +void curve448_scalar_encode(unsigned char ser[C448_SCALAR_BYTES], + const curve448_scalar_t s); + +/* + * Add two scalars. |a|, |b| and |out| may alias each other. + * + * a (in): One scalar. + * b (in): Another scalar. + * out (out): a+b. + */ +void curve448_scalar_add(curve448_scalar_t out, + const curve448_scalar_t a, const curve448_scalar_t b); + +/* + * Subtract two scalars. |a|, |b| and |out| may alias each other. + * a (in): One scalar. + * b (in): Another scalar. + * out (out): a-b. + */ +void curve448_scalar_sub(curve448_scalar_t out, + const curve448_scalar_t a, const curve448_scalar_t b); + +/* + * Multiply two scalars. |a|, |b| and |out| may alias each other. + * + * a (in): One scalar. + * b (in): Another scalar. + * out (out): a*b. + */ +void curve448_scalar_mul(curve448_scalar_t out, + const curve448_scalar_t a, const curve448_scalar_t b); + +/* +* Halve a scalar. |a| and |out| may alias each other. +* +* a (in): A scalar. +* out (out): a/2. +*/ +void curve448_scalar_halve(curve448_scalar_t out, const curve448_scalar_t a); + +/* + * Copy a scalar. The scalars may alias each other, in which case this + * function does nothing. + * + * a (in): A scalar. + * out (out): Will become a copy of a. + */ +static ossl_inline void curve448_scalar_copy(curve448_scalar_t out, + const curve448_scalar_t a) +{ + *out = *a; +} + +/* + * Copy a point. The input and output may alias, in which case this function + * does nothing. + * + * a (out): A copy of the point. + * b (in): Any point. + */ +static ossl_inline void curve448_point_copy(curve448_point_t a, + const curve448_point_t b) +{ + *a = *b; +} + +/* + * Test whether two points are equal. If yes, return C448_TRUE, else return + * C448_FALSE. + * + * a (in): A point. + * b (in): Another point. + * + * Returns: + * C448_TRUE: The points are equal. + * C448_FALSE: The points are not equal. + */ +__owur c448_bool_t curve448_point_eq(const curve448_point_t a, + const curve448_point_t b); + +/* + * Double a point. Equivalent to curve448_point_add(two_a,a,a), but potentially + * faster. + * + * two_a (out): The sum a+a. + * a (in): A point. + */ +void curve448_point_double(curve448_point_t two_a, const curve448_point_t a); + +/* + * RFC 7748 Diffie-Hellman scalarmul. This function uses a different + * (non-Decaf) encoding. + * + * out (out): The scaled point base*scalar + * base (in): The point to be scaled. + * scalar (in): The scalar to multiply by. + * + * Returns: + * C448_SUCCESS: The scalarmul succeeded. + * C448_FAILURE: The scalarmul didn't succeed, because the base point is in a + * small subgroup. + */ +__owur c448_error_t x448_int(uint8_t out[X448_PUBLIC_BYTES], + const uint8_t base[X448_PUBLIC_BYTES], + const uint8_t scalar[X448_PRIVATE_BYTES]); + +/* + * Multiply a point by X448_ENCODE_RATIO, then encode it like RFC 7748. + * + * This function is mainly used internally, but is exported in case + * it will be useful. + * + * The ratio is necessary because the internal representation doesn't + * track the cofactor information, so on output we must clear the cofactor. + * This would multiply by the cofactor, but in fact internally points are always + * even, so it multiplies by half the cofactor instead. + * + * As it happens, this aligns with the base point definitions; that is, + * if you pass the Decaf/Ristretto base point to this function, the result + * will be X448_ENCODE_RATIO times the X448 + * base point. + * + * out (out): The scaled and encoded point. + * p (in): The point to be scaled and encoded. + */ +void curve448_point_mul_by_ratio_and_encode_like_x448( + uint8_t out[X448_PUBLIC_BYTES], + const curve448_point_t p); + +/* + * RFC 7748 Diffie-Hellman base point scalarmul. This function uses a different + * (non-Decaf) encoding. + * + * out (out): The scaled point base*scalar + * scalar (in): The scalar to multiply by. + */ +void x448_derive_public_key(uint8_t out[X448_PUBLIC_BYTES], + const uint8_t scalar[X448_PRIVATE_BYTES]); + +/* + * Multiply a precomputed base point by a scalar: out = scalar*base. + * + * scaled (out): The scaled point base*scalar + * base (in): The point to be scaled. + * scalar (in): The scalar to multiply by. + */ +void curve448_precomputed_scalarmul(curve448_point_t scaled, + const curve448_precomputed_s * base, + const curve448_scalar_t scalar); + +/* + * Multiply two base points by two scalars: + * combo = scalar1*curve448_point_base + scalar2*base2. + * + * Otherwise equivalent to curve448_point_double_scalarmul, but may be + * faster at the expense of being variable time. + * + * combo (out): The linear combination scalar1*base + scalar2*base2. + * scalar1 (in): A first scalar to multiply by. + * base2 (in): A second point to be scaled. + * scalar2 (in) A second scalar to multiply by. + * + * Warning: This function takes variable time, and may leak the scalars used. + * It is designed for signature verification. + */ +void curve448_base_double_scalarmul_non_secret(curve448_point_t combo, + const curve448_scalar_t scalar1, + const curve448_point_t base2, + const curve448_scalar_t scalar2); + +/* + * Test that a point is valid, for debugging purposes. + * + * to_test (in): The point to test. + * + * Returns: + * C448_TRUE The point is valid. + * C448_FALSE The point is invalid. + */ +__owur c448_bool_t curve448_point_valid(const curve448_point_t to_test); + +/* Overwrite scalar with zeros. */ +void curve448_scalar_destroy(curve448_scalar_t scalar); + +/* Overwrite point with zeros. */ +void curve448_point_destroy(curve448_point_t point); + +#endif /* HEADER_POINT_448_H */ diff --git a/deps/openssl/openssl/crypto/ec/curve448/scalar.c b/deps/openssl/openssl/crypto/ec/curve448/scalar.c new file mode 100644 index 00000000000000..b5702c02557093 --- /dev/null +++ b/deps/openssl/openssl/crypto/ec/curve448/scalar.c @@ -0,0 +1,235 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2016 Cryptography Research, Inc. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + * + * Originally written by Mike Hamburg + */ +#include + +#include "word.h" +#include "point_448.h" + +static const c448_word_t MONTGOMERY_FACTOR = (c448_word_t) 0x3bd440fae918bc5; +static const curve448_scalar_t sc_p = { + { + { + SC_LIMB(0x2378c292ab5844f3), SC_LIMB(0x216cc2728dc58f55), + SC_LIMB(0xc44edb49aed63690), SC_LIMB(0xffffffff7cca23e9), + SC_LIMB(0xffffffffffffffff), SC_LIMB(0xffffffffffffffff), + SC_LIMB(0x3fffffffffffffff) + } + } +}, sc_r2 = { + { + { + + SC_LIMB(0xe3539257049b9b60), SC_LIMB(0x7af32c4bc1b195d9), + SC_LIMB(0x0d66de2388ea1859), SC_LIMB(0xae17cf725ee4d838), + SC_LIMB(0x1a9cc14ba3c47c44), SC_LIMB(0x2052bcb7e4d070af), + SC_LIMB(0x3402a939f823b729) + } + } +}; + +#define WBITS C448_WORD_BITS /* NB this may be different from ARCH_WORD_BITS */ + +const curve448_scalar_t curve448_scalar_one = {{{1}}}; +const curve448_scalar_t curve448_scalar_zero = {{{0}}}; + +/* + * {extra,accum} - sub +? p + * Must have extra <= 1 + */ +static void sc_subx(curve448_scalar_t out, + const c448_word_t accum[C448_SCALAR_LIMBS], + const curve448_scalar_t sub, + const curve448_scalar_t p, c448_word_t extra) +{ + c448_dsword_t chain = 0; + unsigned int i; + c448_word_t borrow; + + for (i = 0; i < C448_SCALAR_LIMBS; i++) { + chain = (chain + accum[i]) - sub->limb[i]; + out->limb[i] = (c448_word_t)chain; + chain >>= WBITS; + } + borrow = (c448_word_t)chain + extra; /* = 0 or -1 */ + + chain = 0; + for (i = 0; i < C448_SCALAR_LIMBS; i++) { + chain = (chain + out->limb[i]) + (p->limb[i] & borrow); + out->limb[i] = (c448_word_t)chain; + chain >>= WBITS; + } +} + +static void sc_montmul(curve448_scalar_t out, const curve448_scalar_t a, + const curve448_scalar_t b) +{ + unsigned int i, j; + c448_word_t accum[C448_SCALAR_LIMBS + 1] = { 0 }; + c448_word_t hi_carry = 0; + + for (i = 0; i < C448_SCALAR_LIMBS; i++) { + c448_word_t mand = a->limb[i]; + const c448_word_t *mier = b->limb; + + c448_dword_t chain = 0; + for (j = 0; j < C448_SCALAR_LIMBS; j++) { + chain += ((c448_dword_t) mand) * mier[j] + accum[j]; + accum[j] = (c448_word_t)chain; + chain >>= WBITS; + } + accum[j] = (c448_word_t)chain; + + mand = accum[0] * MONTGOMERY_FACTOR; + chain = 0; + mier = sc_p->limb; + for (j = 0; j < C448_SCALAR_LIMBS; j++) { + chain += (c448_dword_t) mand *mier[j] + accum[j]; + if (j) + accum[j - 1] = (c448_word_t)chain; + chain >>= WBITS; + } + chain += accum[j]; + chain += hi_carry; + accum[j - 1] = (c448_word_t)chain; + hi_carry = chain >> WBITS; + } + + sc_subx(out, accum, sc_p, sc_p, hi_carry); +} + +void curve448_scalar_mul(curve448_scalar_t out, const curve448_scalar_t a, + const curve448_scalar_t b) +{ + sc_montmul(out, a, b); + sc_montmul(out, out, sc_r2); +} + +void curve448_scalar_sub(curve448_scalar_t out, const curve448_scalar_t a, + const curve448_scalar_t b) +{ + sc_subx(out, a->limb, b, sc_p, 0); +} + +void curve448_scalar_add(curve448_scalar_t out, const curve448_scalar_t a, + const curve448_scalar_t b) +{ + c448_dword_t chain = 0; + unsigned int i; + + for (i = 0; i < C448_SCALAR_LIMBS; i++) { + chain = (chain + a->limb[i]) + b->limb[i]; + out->limb[i] = (c448_word_t)chain; + chain >>= WBITS; + } + sc_subx(out, out->limb, sc_p, sc_p, (c448_word_t)chain); +} + +static ossl_inline void scalar_decode_short(curve448_scalar_t s, + const unsigned char *ser, + size_t nbytes) +{ + size_t i, j, k = 0; + + for (i = 0; i < C448_SCALAR_LIMBS; i++) { + c448_word_t out = 0; + + for (j = 0; j < sizeof(c448_word_t) && k < nbytes; j++, k++) + out |= ((c448_word_t) ser[k]) << (8 * j); + s->limb[i] = out; + } +} + +c448_error_t curve448_scalar_decode( + curve448_scalar_t s, + const unsigned char ser[C448_SCALAR_BYTES]) +{ + unsigned int i; + c448_dsword_t accum = 0; + + scalar_decode_short(s, ser, C448_SCALAR_BYTES); + for (i = 0; i < C448_SCALAR_LIMBS; i++) + accum = (accum + s->limb[i] - sc_p->limb[i]) >> WBITS; + /* Here accum == 0 or -1 */ + + curve448_scalar_mul(s, s, curve448_scalar_one); /* ham-handed reduce */ + + return c448_succeed_if(~word_is_zero((uint32_t)accum)); +} + +void curve448_scalar_destroy(curve448_scalar_t scalar) +{ + OPENSSL_cleanse(scalar, sizeof(curve448_scalar_t)); +} + +void curve448_scalar_decode_long(curve448_scalar_t s, + const unsigned char *ser, size_t ser_len) +{ + size_t i; + curve448_scalar_t t1, t2; + + if (ser_len == 0) { + curve448_scalar_copy(s, curve448_scalar_zero); + return; + } + + i = ser_len - (ser_len % C448_SCALAR_BYTES); + if (i == ser_len) + i -= C448_SCALAR_BYTES; + + scalar_decode_short(t1, &ser[i], ser_len - i); + + if (ser_len == sizeof(curve448_scalar_t)) { + assert(i == 0); + /* ham-handed reduce */ + curve448_scalar_mul(s, t1, curve448_scalar_one); + curve448_scalar_destroy(t1); + return; + } + + while (i) { + i -= C448_SCALAR_BYTES; + sc_montmul(t1, t1, sc_r2); + (void)curve448_scalar_decode(t2, ser + i); + curve448_scalar_add(t1, t1, t2); + } + + curve448_scalar_copy(s, t1); + curve448_scalar_destroy(t1); + curve448_scalar_destroy(t2); +} + +void curve448_scalar_encode(unsigned char ser[C448_SCALAR_BYTES], + const curve448_scalar_t s) +{ + unsigned int i, j, k = 0; + + for (i = 0; i < C448_SCALAR_LIMBS; i++) { + for (j = 0; j < sizeof(c448_word_t); j++, k++) + ser[k] = s->limb[i] >> (8 * j); + } +} + +void curve448_scalar_halve(curve448_scalar_t out, const curve448_scalar_t a) +{ + c448_word_t mask = 0 - (a->limb[0] & 1); + c448_dword_t chain = 0; + unsigned int i; + + for (i = 0; i < C448_SCALAR_LIMBS; i++) { + chain = (chain + a->limb[i]) + (sc_p->limb[i] & mask); + out->limb[i] = (c448_word_t)chain; + chain >>= C448_WORD_BITS; + } + for (i = 0; i < C448_SCALAR_LIMBS - 1; i++) + out->limb[i] = out->limb[i] >> 1 | out->limb[i + 1] << (WBITS - 1); + out->limb[i] = out->limb[i] >> 1 | (c448_word_t)(chain << (WBITS - 1)); +} diff --git a/deps/openssl/openssl/crypto/ec/curve448/word.h b/deps/openssl/openssl/crypto/ec/curve448/word.h new file mode 100644 index 00000000000000..a48b9e053a5c9e --- /dev/null +++ b/deps/openssl/openssl/crypto/ec/curve448/word.h @@ -0,0 +1,81 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014 Cryptography Research, Inc. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + * + * Originally written by Mike Hamburg + */ + +#ifndef HEADER_WORD_H +# define HEADER_WORD_H + +# include +# include +# include +# include +# include "arch_intrinsics.h" +# include "curve448utils.h" + +# if (ARCH_WORD_BITS == 64) +typedef uint64_t word_t, mask_t; +typedef __uint128_t dword_t; +typedef int32_t hsword_t; +typedef int64_t sword_t; +typedef __int128_t dsword_t; +# elif (ARCH_WORD_BITS == 32) +typedef uint32_t word_t, mask_t; +typedef uint64_t dword_t; +typedef int16_t hsword_t; +typedef int32_t sword_t; +typedef int64_t dsword_t; +# else +# error "For now, we only support 32- and 64-bit architectures." +# endif + +/* + * Scalar limbs are keyed off of the API word size instead of the arch word + * size. + */ +# if C448_WORD_BITS == 64 +# define SC_LIMB(x) (x) +# elif C448_WORD_BITS == 32 +# define SC_LIMB(x) ((uint32_t)(x)),((x) >> 32) +# else +# error "For now we only support 32- and 64-bit architectures." +# endif + +/* + * The plan on booleans: The external interface uses c448_bool_t, but this + * might be a different size than our particular arch's word_t (and thus + * mask_t). Also, the caller isn't guaranteed to pass it as nonzero. So + * bool_to_mask converts word sizes and checks nonzero. On the flip side, + * mask_t is always -1 or 0, but it might be a different size than + * c448_bool_t. On the third hand, we have success vs boolean types, but + * that's handled in common.h: it converts between c448_bool_t and + * c448_error_t. + */ +static ossl_inline c448_bool_t mask_to_bool(mask_t m) +{ + return (c448_sword_t)(sword_t)m; +} + +static ossl_inline mask_t bool_to_mask(c448_bool_t m) +{ + /* On most arches this will be optimized to a simple cast. */ + mask_t ret = 0; + unsigned int i; + unsigned int limit = sizeof(c448_bool_t) / sizeof(mask_t); + + if (limit < 1) + limit = 1; + for (i = 0; i < limit; i++) + ret |= ~word_is_zero(m >> (i * 8 * sizeof(word_t))); + + return ret; +} + +#endif /* HEADER_WORD_H */ diff --git a/deps/openssl/openssl/crypto/ec/ec2_mult.c b/deps/openssl/openssl/crypto/ec/ec2_mult.c deleted file mode 100644 index e4a1ec5737ff63..00000000000000 --- a/deps/openssl/openssl/crypto/ec/ec2_mult.c +++ /dev/null @@ -1,418 +0,0 @@ -/* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * - * The Elliptic Curve Public-Key Crypto Library (ECC Code) included - * herein is developed by SUN MICROSYSTEMS, INC., and is contributed - * to the OpenSSL project. - * - * The ECC Code is licensed pursuant to the OpenSSL open source - * license provided below. - * - * The software is originally written by Sheueling Chang Shantz and - * Douglas Stebila of Sun Microsystems Laboratories. - * - */ - -#include - -#include "internal/bn_int.h" -#include "ec_lcl.h" - -#ifndef OPENSSL_NO_EC2M - -/*- - * Compute the x-coordinate x/z for the point 2*(x/z) in Montgomery projective - * coordinates. - * Uses algorithm Mdouble in appendix of - * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over - * GF(2^m) without precomputation" (CHES '99, LNCS 1717). - * modified to not require precomputation of c=b^{2^{m-1}}. - */ -static int gf2m_Mdouble(const EC_GROUP *group, BIGNUM *x, BIGNUM *z, - BN_CTX *ctx) -{ - BIGNUM *t1; - int ret = 0; - - /* Since Mdouble is static we can guarantee that ctx != NULL. */ - BN_CTX_start(ctx); - t1 = BN_CTX_get(ctx); - if (t1 == NULL) - goto err; - - if (!group->meth->field_sqr(group, x, x, ctx)) - goto err; - if (!group->meth->field_sqr(group, t1, z, ctx)) - goto err; - if (!group->meth->field_mul(group, z, x, t1, ctx)) - goto err; - if (!group->meth->field_sqr(group, x, x, ctx)) - goto err; - if (!group->meth->field_sqr(group, t1, t1, ctx)) - goto err; - if (!group->meth->field_mul(group, t1, group->b, t1, ctx)) - goto err; - if (!BN_GF2m_add(x, x, t1)) - goto err; - - ret = 1; - - err: - BN_CTX_end(ctx); - return ret; -} - -/*- - * Compute the x-coordinate x1/z1 for the point (x1/z1)+(x2/x2) in Montgomery - * projective coordinates. - * Uses algorithm Madd in appendix of - * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over - * GF(2^m) without precomputation" (CHES '99, LNCS 1717). - */ -static int gf2m_Madd(const EC_GROUP *group, const BIGNUM *x, BIGNUM *x1, - BIGNUM *z1, const BIGNUM *x2, const BIGNUM *z2, - BN_CTX *ctx) -{ - BIGNUM *t1, *t2; - int ret = 0; - - /* Since Madd is static we can guarantee that ctx != NULL. */ - BN_CTX_start(ctx); - t1 = BN_CTX_get(ctx); - t2 = BN_CTX_get(ctx); - if (t2 == NULL) - goto err; - - if (!BN_copy(t1, x)) - goto err; - if (!group->meth->field_mul(group, x1, x1, z2, ctx)) - goto err; - if (!group->meth->field_mul(group, z1, z1, x2, ctx)) - goto err; - if (!group->meth->field_mul(group, t2, x1, z1, ctx)) - goto err; - if (!BN_GF2m_add(z1, z1, x1)) - goto err; - if (!group->meth->field_sqr(group, z1, z1, ctx)) - goto err; - if (!group->meth->field_mul(group, x1, z1, t1, ctx)) - goto err; - if (!BN_GF2m_add(x1, x1, t2)) - goto err; - - ret = 1; - - err: - BN_CTX_end(ctx); - return ret; -} - -/*- - * Compute the x, y affine coordinates from the point (x1, z1) (x2, z2) - * using Montgomery point multiplication algorithm Mxy() in appendix of - * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over - * GF(2^m) without precomputation" (CHES '99, LNCS 1717). - * Returns: - * 0 on error - * 1 if return value should be the point at infinity - * 2 otherwise - */ -static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, - BIGNUM *x1, BIGNUM *z1, BIGNUM *x2, BIGNUM *z2, - BN_CTX *ctx) -{ - BIGNUM *t3, *t4, *t5; - int ret = 0; - - if (BN_is_zero(z1)) { - BN_zero(x2); - BN_zero(z2); - return 1; - } - - if (BN_is_zero(z2)) { - if (!BN_copy(x2, x)) - return 0; - if (!BN_GF2m_add(z2, x, y)) - return 0; - return 2; - } - - /* Since Mxy is static we can guarantee that ctx != NULL. */ - BN_CTX_start(ctx); - t3 = BN_CTX_get(ctx); - t4 = BN_CTX_get(ctx); - t5 = BN_CTX_get(ctx); - if (t5 == NULL) - goto err; - - if (!BN_one(t5)) - goto err; - - if (!group->meth->field_mul(group, t3, z1, z2, ctx)) - goto err; - - if (!group->meth->field_mul(group, z1, z1, x, ctx)) - goto err; - if (!BN_GF2m_add(z1, z1, x1)) - goto err; - if (!group->meth->field_mul(group, z2, z2, x, ctx)) - goto err; - if (!group->meth->field_mul(group, x1, z2, x1, ctx)) - goto err; - if (!BN_GF2m_add(z2, z2, x2)) - goto err; - - if (!group->meth->field_mul(group, z2, z2, z1, ctx)) - goto err; - if (!group->meth->field_sqr(group, t4, x, ctx)) - goto err; - if (!BN_GF2m_add(t4, t4, y)) - goto err; - if (!group->meth->field_mul(group, t4, t4, t3, ctx)) - goto err; - if (!BN_GF2m_add(t4, t4, z2)) - goto err; - - if (!group->meth->field_mul(group, t3, t3, x, ctx)) - goto err; - if (!group->meth->field_div(group, t3, t5, t3, ctx)) - goto err; - if (!group->meth->field_mul(group, t4, t3, t4, ctx)) - goto err; - if (!group->meth->field_mul(group, x2, x1, t3, ctx)) - goto err; - if (!BN_GF2m_add(z2, x2, x)) - goto err; - - if (!group->meth->field_mul(group, z2, z2, t4, ctx)) - goto err; - if (!BN_GF2m_add(z2, z2, y)) - goto err; - - ret = 2; - - err: - BN_CTX_end(ctx); - return ret; -} - -/*- - * Computes scalar*point and stores the result in r. - * point can not equal r. - * Uses a modified algorithm 2P of - * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over - * GF(2^m) without precomputation" (CHES '99, LNCS 1717). - * - * To protect against side-channel attack the function uses constant time swap, - * avoiding conditional branches. - */ -static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, - EC_POINT *r, - const BIGNUM *scalar, - const EC_POINT *point, - BN_CTX *ctx) -{ - BIGNUM *x1, *x2, *z1, *z2; - int ret = 0, i, group_top; - BN_ULONG mask, word; - - if (r == point) { - ECerr(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY, EC_R_INVALID_ARGUMENT); - return 0; - } - - /* if result should be point at infinity */ - if ((scalar == NULL) || BN_is_zero(scalar) || (point == NULL) || - EC_POINT_is_at_infinity(group, point)) { - return EC_POINT_set_to_infinity(group, r); - } - - /* only support affine coordinates */ - if (!point->Z_is_one) - return 0; - - /* - * Since point_multiply is static we can guarantee that ctx != NULL. - */ - BN_CTX_start(ctx); - x1 = BN_CTX_get(ctx); - z1 = BN_CTX_get(ctx); - if (z1 == NULL) - goto err; - - x2 = r->X; - z2 = r->Y; - - group_top = bn_get_top(group->field); - if (bn_wexpand(x1, group_top) == NULL - || bn_wexpand(z1, group_top) == NULL - || bn_wexpand(x2, group_top) == NULL - || bn_wexpand(z2, group_top) == NULL) - goto err; - - if (!BN_GF2m_mod_arr(x1, point->X, group->poly)) - goto err; /* x1 = x */ - if (!BN_one(z1)) - goto err; /* z1 = 1 */ - if (!group->meth->field_sqr(group, z2, x1, ctx)) - goto err; /* z2 = x1^2 = x^2 */ - if (!group->meth->field_sqr(group, x2, z2, ctx)) - goto err; - if (!BN_GF2m_add(x2, x2, group->b)) - goto err; /* x2 = x^4 + b */ - - /* find top most bit and go one past it */ - i = bn_get_top(scalar) - 1; - mask = BN_TBIT; - word = bn_get_words(scalar)[i]; - while (!(word & mask)) - mask >>= 1; - mask >>= 1; - /* if top most bit was at word break, go to next word */ - if (!mask) { - i--; - mask = BN_TBIT; - } - - for (; i >= 0; i--) { - word = bn_get_words(scalar)[i]; - while (mask) { - BN_consttime_swap(word & mask, x1, x2, group_top); - BN_consttime_swap(word & mask, z1, z2, group_top); - if (!gf2m_Madd(group, point->X, x2, z2, x1, z1, ctx)) - goto err; - if (!gf2m_Mdouble(group, x1, z1, ctx)) - goto err; - BN_consttime_swap(word & mask, x1, x2, group_top); - BN_consttime_swap(word & mask, z1, z2, group_top); - mask >>= 1; - } - mask = BN_TBIT; - } - - /* convert out of "projective" coordinates */ - i = gf2m_Mxy(group, point->X, point->Y, x1, z1, x2, z2, ctx); - if (i == 0) - goto err; - else if (i == 1) { - if (!EC_POINT_set_to_infinity(group, r)) - goto err; - } else { - if (!BN_one(r->Z)) - goto err; - r->Z_is_one = 1; - } - - /* GF(2^m) field elements should always have BIGNUM::neg = 0 */ - BN_set_negative(r->X, 0); - BN_set_negative(r->Y, 0); - - ret = 1; - - err: - BN_CTX_end(ctx); - return ret; -} - -/*- - * Computes the sum - * scalar*group->generator + scalars[0]*points[0] + ... + scalars[num-1]*points[num-1] - * gracefully ignoring NULL scalar values. - */ -int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, size_t num, - const EC_POINT *points[], const BIGNUM *scalars[], - BN_CTX *ctx) -{ - BN_CTX *new_ctx = NULL; - int ret = 0; - size_t i; - EC_POINT *p = NULL; - EC_POINT *acc = NULL; - - if (ctx == NULL) { - ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) - return 0; - } - - /* - * This implementation is more efficient than the wNAF implementation for - * 2 or fewer points. Use the ec_wNAF_mul implementation for 3 or more - * points, or if we can perform a fast multiplication based on - * precomputation. - */ - if ((scalar && (num > 1)) || (num > 2) - || (num == 0 && EC_GROUP_have_precompute_mult(group))) { - ret = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); - goto err; - } - - if ((p = EC_POINT_new(group)) == NULL) - goto err; - if ((acc = EC_POINT_new(group)) == NULL) - goto err; - - if (!EC_POINT_set_to_infinity(group, acc)) - goto err; - - if (scalar) { - if (!ec_GF2m_montgomery_point_multiply - (group, p, scalar, group->generator, ctx)) - goto err; - if (BN_is_negative(scalar)) - if (!group->meth->invert(group, p, ctx)) - goto err; - if (!group->meth->add(group, acc, acc, p, ctx)) - goto err; - } - - for (i = 0; i < num; i++) { - if (!ec_GF2m_montgomery_point_multiply - (group, p, scalars[i], points[i], ctx)) - goto err; - if (BN_is_negative(scalars[i])) - if (!group->meth->invert(group, p, ctx)) - goto err; - if (!group->meth->add(group, acc, acc, p, ctx)) - goto err; - } - - if (!EC_POINT_copy(r, acc)) - goto err; - - ret = 1; - - err: - EC_POINT_free(p); - EC_POINT_free(acc); - BN_CTX_free(new_ctx); - return ret; -} - -/* - * Precomputation for point multiplication: fall back to wNAF methods because - * ec_GF2m_simple_mul() uses ec_wNAF_mul() if appropriate - */ - -int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx) -{ - return ec_wNAF_precompute_mult(group, ctx); -} - -int ec_GF2m_have_precompute_mult(const EC_GROUP *group) -{ - return ec_wNAF_have_precompute_mult(group); -} - -#endif diff --git a/deps/openssl/openssl/crypto/ec/ec2_oct.c b/deps/openssl/openssl/crypto/ec/ec2_oct.c index ea88ce860a9a05..0867f994ea50f5 100644 --- a/deps/openssl/openssl/crypto/ec/ec2_oct.c +++ b/deps/openssl/openssl/crypto/ec/ec2_oct.c @@ -1,5 +1,6 @@ /* - * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,21 +8,6 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * - * The Elliptic Curve Public-Key Crypto Library (ECC Code) included - * herein is developed by SUN MICROSYSTEMS, INC., and is contributed - * to the OpenSSL project. - * - * The ECC Code is licensed pursuant to the OpenSSL open source - * license provided below. - * - * The software is originally written by Sheueling Chang Shantz and - * Douglas Stebila of Sun Microsystems Laboratories. - * - */ - #include #include "ec_lcl.h" @@ -108,7 +94,7 @@ int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group, } } - if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx)) + if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx)) goto err; ret = 1; @@ -180,7 +166,7 @@ size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, if (yxi == NULL) goto err; - if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx)) + if (!EC_POINT_get_affine_coordinates(group, point, x, y, ctx)) goto err; buf[0] = form; @@ -315,8 +301,7 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point, } if (form == POINT_CONVERSION_COMPRESSED) { - if (!EC_POINT_set_compressed_coordinates_GF2m - (group, point, x, y_bit, ctx)) + if (!EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx)) goto err; } else { if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) @@ -335,10 +320,10 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point, } /* - * EC_POINT_set_affine_coordinates_GF2m is responsible for checking that + * EC_POINT_set_affine_coordinates is responsible for checking that * the point is on the curve. */ - if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx)) + if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx)) goto err; } diff --git a/deps/openssl/openssl/crypto/ec/ec2_smpl.c b/deps/openssl/openssl/crypto/ec/ec2_smpl.c index cdacce61acf97b..87f7ce56911d9c 100644 --- a/deps/openssl/openssl/crypto/ec/ec2_smpl.c +++ b/deps/openssl/openssl/crypto/ec/ec2_smpl.c @@ -1,5 +1,6 @@ /* * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,21 +8,6 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * - * The Elliptic Curve Public-Key Crypto Library (ECC Code) included - * herein is developed by SUN MICROSYSTEMS, INC., and is contributed - * to the OpenSSL project. - * - * The ECC Code is licensed pursuant to the OpenSSL open source - * license provided below. - * - * The software is originally written by Sheueling Chang Shantz and - * Douglas Stebila of Sun Microsystems Laboratories. - * - */ - #include #include "internal/bn_int.h" @@ -29,67 +15,6 @@ #ifndef OPENSSL_NO_EC2M -const EC_METHOD *EC_GF2m_simple_method(void) -{ - static const EC_METHOD ret = { - EC_FLAGS_DEFAULT_OCT, - NID_X9_62_characteristic_two_field, - ec_GF2m_simple_group_init, - ec_GF2m_simple_group_finish, - ec_GF2m_simple_group_clear_finish, - ec_GF2m_simple_group_copy, - ec_GF2m_simple_group_set_curve, - ec_GF2m_simple_group_get_curve, - ec_GF2m_simple_group_get_degree, - ec_group_simple_order_bits, - ec_GF2m_simple_group_check_discriminant, - ec_GF2m_simple_point_init, - ec_GF2m_simple_point_finish, - ec_GF2m_simple_point_clear_finish, - ec_GF2m_simple_point_copy, - ec_GF2m_simple_point_set_to_infinity, - 0 /* set_Jprojective_coordinates_GFp */ , - 0 /* get_Jprojective_coordinates_GFp */ , - ec_GF2m_simple_point_set_affine_coordinates, - ec_GF2m_simple_point_get_affine_coordinates, - 0, 0, 0, - ec_GF2m_simple_add, - ec_GF2m_simple_dbl, - ec_GF2m_simple_invert, - ec_GF2m_simple_is_at_infinity, - ec_GF2m_simple_is_on_curve, - ec_GF2m_simple_cmp, - ec_GF2m_simple_make_affine, - ec_GF2m_simple_points_make_affine, - - /* - * the following three method functions are defined in ec2_mult.c - */ - ec_GF2m_simple_mul, - ec_GF2m_precompute_mult, - ec_GF2m_have_precompute_mult, - - ec_GF2m_simple_field_mul, - ec_GF2m_simple_field_sqr, - ec_GF2m_simple_field_div, - 0 /* field_encode */ , - 0 /* field_decode */ , - 0, /* field_set_to_one */ - ec_key_simple_priv2oct, - ec_key_simple_oct2priv, - 0, /* set private */ - ec_key_simple_generate_key, - ec_key_simple_check_key, - ec_key_simple_generate_public_key, - 0, /* keycopy */ - 0, /* keyfinish */ - ecdh_simple_compute_key, - 0 /* blind_coordinates */ - }; - - return &ret; -} - /* * Initialize a GF(2^m)-based EC_GROUP structure. Note that all other members * are handled by EC_GROUP_new. @@ -465,7 +390,7 @@ int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, if (!BN_copy(y0, a->Y)) goto err; } else { - if (!EC_POINT_get_affine_coordinates_GF2m(group, a, x0, y0, ctx)) + if (!EC_POINT_get_affine_coordinates(group, a, x0, y0, ctx)) goto err; } if (b->Z_is_one) { @@ -474,7 +399,7 @@ int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, if (!BN_copy(y1, b->Y)) goto err; } else { - if (!EC_POINT_get_affine_coordinates_GF2m(group, b, x1, y1, ctx)) + if (!EC_POINT_get_affine_coordinates(group, b, x1, y1, ctx)) goto err; } @@ -522,7 +447,7 @@ int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, if (!BN_GF2m_add(y2, y2, y1)) goto err; - if (!EC_POINT_set_affine_coordinates_GF2m(group, r, x2, y2, ctx)) + if (!EC_POINT_set_affine_coordinates(group, r, x2, y2, ctx)) goto err; ret = 1; @@ -619,9 +544,9 @@ int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, if (!BN_GF2m_add(lh, lh, y2)) goto err; ret = BN_is_zero(lh); + err: - if (ctx) - BN_CTX_end(ctx); + BN_CTX_end(ctx); BN_CTX_free(new_ctx); return ret; } @@ -665,15 +590,14 @@ int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a, if (bY == NULL) goto err; - if (!EC_POINT_get_affine_coordinates_GF2m(group, a, aX, aY, ctx)) + if (!EC_POINT_get_affine_coordinates(group, a, aX, aY, ctx)) goto err; - if (!EC_POINT_get_affine_coordinates_GF2m(group, b, bX, bY, ctx)) + if (!EC_POINT_get_affine_coordinates(group, b, bX, bY, ctx)) goto err; ret = ((BN_cmp(aX, bX) == 0) && BN_cmp(aY, bY) == 0) ? 0 : 1; err: - if (ctx) - BN_CTX_end(ctx); + BN_CTX_end(ctx); BN_CTX_free(new_ctx); return ret; } @@ -701,7 +625,7 @@ int ec_GF2m_simple_make_affine(const EC_GROUP *group, EC_POINT *point, if (y == NULL) goto err; - if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx)) + if (!EC_POINT_get_affine_coordinates(group, point, x, y, ctx)) goto err; if (!BN_copy(point->X, x)) goto err; @@ -714,8 +638,7 @@ int ec_GF2m_simple_make_affine(const EC_GROUP *group, EC_POINT *point, ret = 1; err: - if (ctx) - BN_CTX_end(ctx); + BN_CTX_end(ctx); BN_CTX_free(new_ctx); return ret; } @@ -757,4 +680,275 @@ int ec_GF2m_simple_field_div(const EC_GROUP *group, BIGNUM *r, return BN_GF2m_mod_div(r, a, b, group->field, ctx); } +/*- + * Lopez-Dahab ladder, pre step. + * See e.g. "Guide to ECC" Alg 3.40. + * Modified to blind s and r independently. + * s:= p, r := 2p + */ +static +int ec_GF2m_simple_ladder_pre(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx) +{ + /* if p is not affine, something is wrong */ + if (p->Z_is_one == 0) + return 0; + + /* s blinding: make sure lambda (s->Z here) is not zero */ + do { + if (!BN_priv_rand(s->Z, BN_num_bits(group->field) - 1, + BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) { + ECerr(EC_F_EC_GF2M_SIMPLE_LADDER_PRE, ERR_R_BN_LIB); + return 0; + } + } while (BN_is_zero(s->Z)); + + /* if field_encode defined convert between representations */ + if ((group->meth->field_encode != NULL + && !group->meth->field_encode(group, s->Z, s->Z, ctx)) + || !group->meth->field_mul(group, s->X, p->X, s->Z, ctx)) + return 0; + + /* r blinding: make sure lambda (r->Y here for storage) is not zero */ + do { + if (!BN_priv_rand(r->Y, BN_num_bits(group->field) - 1, + BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) { + ECerr(EC_F_EC_GF2M_SIMPLE_LADDER_PRE, ERR_R_BN_LIB); + return 0; + } + } while (BN_is_zero(r->Y)); + + if ((group->meth->field_encode != NULL + && !group->meth->field_encode(group, r->Y, r->Y, ctx)) + || !group->meth->field_sqr(group, r->Z, p->X, ctx) + || !group->meth->field_sqr(group, r->X, r->Z, ctx) + || !BN_GF2m_add(r->X, r->X, group->b) + || !group->meth->field_mul(group, r->Z, r->Z, r->Y, ctx) + || !group->meth->field_mul(group, r->X, r->X, r->Y, ctx)) + return 0; + + s->Z_is_one = 0; + r->Z_is_one = 0; + + return 1; +} + +/*- + * Ladder step: differential addition-and-doubling, mixed Lopez-Dahab coords. + * http://www.hyperelliptic.org/EFD/g12o/auto-code/shortw/xz/ladder/mladd-2003-s.op3 + * s := r + s, r := 2r + */ +static +int ec_GF2m_simple_ladder_step(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx) +{ + if (!group->meth->field_mul(group, r->Y, r->Z, s->X, ctx) + || !group->meth->field_mul(group, s->X, r->X, s->Z, ctx) + || !group->meth->field_sqr(group, s->Y, r->Z, ctx) + || !group->meth->field_sqr(group, r->Z, r->X, ctx) + || !BN_GF2m_add(s->Z, r->Y, s->X) + || !group->meth->field_sqr(group, s->Z, s->Z, ctx) + || !group->meth->field_mul(group, s->X, r->Y, s->X, ctx) + || !group->meth->field_mul(group, r->Y, s->Z, p->X, ctx) + || !BN_GF2m_add(s->X, s->X, r->Y) + || !group->meth->field_sqr(group, r->Y, r->Z, ctx) + || !group->meth->field_mul(group, r->Z, r->Z, s->Y, ctx) + || !group->meth->field_sqr(group, s->Y, s->Y, ctx) + || !group->meth->field_mul(group, s->Y, s->Y, group->b, ctx) + || !BN_GF2m_add(r->X, r->Y, s->Y)) + return 0; + + return 1; +} + +/*- + * Recover affine (x,y) result from Lopez-Dahab r and s, affine p. + * See e.g. "Fast Multiplication on Elliptic Curves over GF(2**m) + * without Precomputation" (Lopez and Dahab, CHES 1999), + * Appendix Alg Mxy. + */ +static +int ec_GF2m_simple_ladder_post(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx) +{ + int ret = 0; + BIGNUM *t0, *t1, *t2 = NULL; + + if (BN_is_zero(r->Z)) + return EC_POINT_set_to_infinity(group, r); + + if (BN_is_zero(s->Z)) { + if (!EC_POINT_copy(r, p) + || !EC_POINT_invert(group, r, ctx)) { + ECerr(EC_F_EC_GF2M_SIMPLE_LADDER_POST, ERR_R_EC_LIB); + return 0; + } + return 1; + } + + BN_CTX_start(ctx); + t0 = BN_CTX_get(ctx); + t1 = BN_CTX_get(ctx); + t2 = BN_CTX_get(ctx); + if (t2 == NULL) { + ECerr(EC_F_EC_GF2M_SIMPLE_LADDER_POST, ERR_R_MALLOC_FAILURE); + goto err; + } + + if (!group->meth->field_mul(group, t0, r->Z, s->Z, ctx) + || !group->meth->field_mul(group, t1, p->X, r->Z, ctx) + || !BN_GF2m_add(t1, r->X, t1) + || !group->meth->field_mul(group, t2, p->X, s->Z, ctx) + || !group->meth->field_mul(group, r->Z, r->X, t2, ctx) + || !BN_GF2m_add(t2, t2, s->X) + || !group->meth->field_mul(group, t1, t1, t2, ctx) + || !group->meth->field_sqr(group, t2, p->X, ctx) + || !BN_GF2m_add(t2, p->Y, t2) + || !group->meth->field_mul(group, t2, t2, t0, ctx) + || !BN_GF2m_add(t1, t2, t1) + || !group->meth->field_mul(group, t2, p->X, t0, ctx) + || !BN_GF2m_mod_inv(t2, t2, group->field, ctx) + || !group->meth->field_mul(group, t1, t1, t2, ctx) + || !group->meth->field_mul(group, r->X, r->Z, t2, ctx) + || !BN_GF2m_add(t2, p->X, r->X) + || !group->meth->field_mul(group, t2, t2, t1, ctx) + || !BN_GF2m_add(r->Y, p->Y, t2) + || !BN_one(r->Z)) + goto err; + + r->Z_is_one = 1; + + /* GF(2^m) field elements should always have BIGNUM::neg = 0 */ + BN_set_negative(r->X, 0); + BN_set_negative(r->Y, 0); + + ret = 1; + + err: + BN_CTX_end(ctx); + return ret; +} + +static +int ec_GF2m_simple_points_mul(const EC_GROUP *group, EC_POINT *r, + const BIGNUM *scalar, size_t num, + const EC_POINT *points[], + const BIGNUM *scalars[], + BN_CTX *ctx) +{ + int ret = 0; + EC_POINT *t = NULL; + + /*- + * We limit use of the ladder only to the following cases: + * - r := scalar * G + * Fixed point mul: scalar != NULL && num == 0; + * - r := scalars[0] * points[0] + * Variable point mul: scalar == NULL && num == 1; + * - r := scalar * G + scalars[0] * points[0] + * used, e.g., in ECDSA verification: scalar != NULL && num == 1 + * + * In any other case (num > 1) we use the default wNAF implementation. + * + * We also let the default implementation handle degenerate cases like group + * order or cofactor set to 0. + */ + if (num > 1 || BN_is_zero(group->order) || BN_is_zero(group->cofactor)) + return ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); + + if (scalar != NULL && num == 0) + /* Fixed point multiplication */ + return ec_scalar_mul_ladder(group, r, scalar, NULL, ctx); + + if (scalar == NULL && num == 1) + /* Variable point multiplication */ + return ec_scalar_mul_ladder(group, r, scalars[0], points[0], ctx); + + /*- + * Double point multiplication: + * r := scalar * G + scalars[0] * points[0] + */ + + if ((t = EC_POINT_new(group)) == NULL) { + ECerr(EC_F_EC_GF2M_SIMPLE_POINTS_MUL, ERR_R_MALLOC_FAILURE); + return 0; + } + + if (!ec_scalar_mul_ladder(group, t, scalar, NULL, ctx) + || !ec_scalar_mul_ladder(group, r, scalars[0], points[0], ctx) + || !EC_POINT_add(group, r, t, r, ctx)) + goto err; + + ret = 1; + + err: + EC_POINT_free(t); + return ret; +} + +const EC_METHOD *EC_GF2m_simple_method(void) +{ + static const EC_METHOD ret = { + EC_FLAGS_DEFAULT_OCT, + NID_X9_62_characteristic_two_field, + ec_GF2m_simple_group_init, + ec_GF2m_simple_group_finish, + ec_GF2m_simple_group_clear_finish, + ec_GF2m_simple_group_copy, + ec_GF2m_simple_group_set_curve, + ec_GF2m_simple_group_get_curve, + ec_GF2m_simple_group_get_degree, + ec_group_simple_order_bits, + ec_GF2m_simple_group_check_discriminant, + ec_GF2m_simple_point_init, + ec_GF2m_simple_point_finish, + ec_GF2m_simple_point_clear_finish, + ec_GF2m_simple_point_copy, + ec_GF2m_simple_point_set_to_infinity, + 0, /* set_Jprojective_coordinates_GFp */ + 0, /* get_Jprojective_coordinates_GFp */ + ec_GF2m_simple_point_set_affine_coordinates, + ec_GF2m_simple_point_get_affine_coordinates, + 0, /* point_set_compressed_coordinates */ + 0, /* point2oct */ + 0, /* oct2point */ + ec_GF2m_simple_add, + ec_GF2m_simple_dbl, + ec_GF2m_simple_invert, + ec_GF2m_simple_is_at_infinity, + ec_GF2m_simple_is_on_curve, + ec_GF2m_simple_cmp, + ec_GF2m_simple_make_affine, + ec_GF2m_simple_points_make_affine, + ec_GF2m_simple_points_mul, + 0, /* precompute_mult */ + 0, /* have_precompute_mult */ + ec_GF2m_simple_field_mul, + ec_GF2m_simple_field_sqr, + ec_GF2m_simple_field_div, + 0, /* field_encode */ + 0, /* field_decode */ + 0, /* field_set_to_one */ + ec_key_simple_priv2oct, + ec_key_simple_oct2priv, + 0, /* set private */ + ec_key_simple_generate_key, + ec_key_simple_check_key, + ec_key_simple_generate_public_key, + 0, /* keycopy */ + 0, /* keyfinish */ + ecdh_simple_compute_key, + 0, /* field_inverse_mod_ord */ + 0, /* blind_coordinates */ + ec_GF2m_simple_ladder_pre, + ec_GF2m_simple_ladder_step, + ec_GF2m_simple_ladder_post + }; + + return &ret; +} + #endif diff --git a/deps/openssl/openssl/crypto/ec/ec_ameth.c b/deps/openssl/openssl/crypto/ec/ec_ameth.c index f8f1e2c842cebb..a3164b5b2ed974 100644 --- a/deps/openssl/openssl/crypto/ec/ec_ameth.c +++ b/deps/openssl/openssl/crypto/ec/ec_ameth.c @@ -521,6 +521,48 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) } +static int ec_pkey_check(const EVP_PKEY *pkey) +{ + EC_KEY *eckey = pkey->pkey.ec; + + /* stay consistent to what EVP_PKEY_check demands */ + if (eckey->priv_key == NULL) { + ECerr(EC_F_EC_PKEY_CHECK, EC_R_MISSING_PRIVATE_KEY); + return 0; + } + + return EC_KEY_check_key(eckey); +} + +static int ec_pkey_public_check(const EVP_PKEY *pkey) +{ + EC_KEY *eckey = pkey->pkey.ec; + + /* + * Note: it unnecessary to check eckey->pub_key here since + * it will be checked in EC_KEY_check_key(). In fact, the + * EC_KEY_check_key() mainly checks the public key, and checks + * the private key optionally (only if there is one). So if + * someone passes a whole EC key (public + private), this + * will also work... + */ + + return EC_KEY_check_key(eckey); +} + +static int ec_pkey_param_check(const EVP_PKEY *pkey) +{ + EC_KEY *eckey = pkey->pkey.ec; + + /* stay consistent to what EVP_PKEY_check demands */ + if (eckey->group == NULL) { + ECerr(EC_F_EC_PKEY_PARAM_CHECK, EC_R_MISSING_PARAMETERS); + return 0; + } + + return EC_GROUP_check(eckey->group, NULL); +} + const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = { EVP_PKEY_EC, EVP_PKEY_EC, @@ -552,9 +594,23 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = { int_ec_free, ec_pkey_ctrl, old_ec_priv_decode, - old_ec_priv_encode + old_ec_priv_encode, + + 0, 0, 0, + + ec_pkey_check, + ec_pkey_public_check, + ec_pkey_param_check }; +#if !defined(OPENSSL_NO_SM2) +const EVP_PKEY_ASN1_METHOD sm2_asn1_meth = { + EVP_PKEY_SM2, + EVP_PKEY_EC, + ASN1_PKEY_ALIAS +}; +#endif + int EC_KEY_print(BIO *bp, const EC_KEY *x, int off) { int private = EC_KEY_get0_private_key(x) != NULL; @@ -643,7 +699,7 @@ static int ecdh_cms_set_kdf_param(EVP_PKEY_CTX *pctx, int eckdf_nid) if (EVP_PKEY_CTX_set_ecdh_cofactor_mode(pctx, cofactor) <= 0) return 0; - if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_62) <= 0) + if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_63) <= 0) return 0; kdf_md = EVP_get_digestbynid(kdfmd_nid); @@ -808,7 +864,7 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri) ecdh_nid = NID_dh_cofactor_kdf; if (kdf_type == EVP_PKEY_ECDH_KDF_NONE) { - kdf_type = EVP_PKEY_ECDH_KDF_X9_62; + kdf_type = EVP_PKEY_ECDH_KDF_X9_63; if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, kdf_type) <= 0) goto err; } else diff --git a/deps/openssl/openssl/crypto/ec/ec_asn1.c b/deps/openssl/openssl/crypto/ec/ec_asn1.c index 271178f82e8955..13c56a621dd75f 100644 --- a/deps/openssl/openssl/crypto/ec/ec_asn1.c +++ b/deps/openssl/openssl/crypto/ec/ec_asn1.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,6 +12,7 @@ #include #include #include +#include "internal/nelem.h" int EC_GROUP_get_basis_type(const EC_GROUP *group) { @@ -87,13 +88,13 @@ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1, /* some structures needed for the asn1 encoding */ typedef struct x9_62_pentanomial_st { - long k1; - long k2; - long k3; + int32_t k1; + int32_t k2; + int32_t k3; } X9_62_PENTANOMIAL; typedef struct x9_62_characteristic_two_st { - long m; + int32_t m; ASN1_OBJECT *type; union { char *ptr; @@ -128,7 +129,7 @@ typedef struct x9_62_curve_st { } X9_62_CURVE; struct ec_parameters_st { - long version; + int32_t version; X9_62_FIELDID *fieldID; X9_62_CURVE *curve; ASN1_OCTET_STRING *base; @@ -147,7 +148,7 @@ struct ecpk_parameters_st { /* SEC1 ECPrivateKey */ typedef struct ec_privatekey_st { - long version; + int32_t version; ASN1_OCTET_STRING *privateKey; ECPKPARAMETERS *parameters; ASN1_BIT_STRING *publicKey; @@ -155,9 +156,9 @@ typedef struct ec_privatekey_st { /* the OpenSSL ASN.1 definitions */ ASN1_SEQUENCE(X9_62_PENTANOMIAL) = { - ASN1_SIMPLE(X9_62_PENTANOMIAL, k1, LONG), - ASN1_SIMPLE(X9_62_PENTANOMIAL, k2, LONG), - ASN1_SIMPLE(X9_62_PENTANOMIAL, k3, LONG) + ASN1_EMBED(X9_62_PENTANOMIAL, k1, INT32), + ASN1_EMBED(X9_62_PENTANOMIAL, k2, INT32), + ASN1_EMBED(X9_62_PENTANOMIAL, k3, INT32) } static_ASN1_SEQUENCE_END(X9_62_PENTANOMIAL) DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL) @@ -172,7 +173,7 @@ ASN1_ADB(X9_62_CHARACTERISTIC_TWO) = { } ASN1_ADB_END(X9_62_CHARACTERISTIC_TWO, 0, type, 0, &char_two_def_tt, NULL); ASN1_SEQUENCE(X9_62_CHARACTERISTIC_TWO) = { - ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, m, LONG), + ASN1_EMBED(X9_62_CHARACTERISTIC_TWO, m, INT32), ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, type, ASN1_OBJECT), ASN1_ADB_OBJECT(X9_62_CHARACTERISTIC_TWO) } static_ASN1_SEQUENCE_END(X9_62_CHARACTERISTIC_TWO) @@ -199,7 +200,7 @@ ASN1_SEQUENCE(X9_62_CURVE) = { } static_ASN1_SEQUENCE_END(X9_62_CURVE) ASN1_SEQUENCE(ECPARAMETERS) = { - ASN1_SIMPLE(ECPARAMETERS, version, LONG), + ASN1_EMBED(ECPARAMETERS, version, INT32), ASN1_SIMPLE(ECPARAMETERS, fieldID, X9_62_FIELDID), ASN1_SIMPLE(ECPARAMETERS, curve, X9_62_CURVE), ASN1_SIMPLE(ECPARAMETERS, base, ASN1_OCTET_STRING), @@ -221,7 +222,7 @@ DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECPKPARAMETERS, ECPKPARAMETERS) IMPLEMENT_ASN1_FUNCTIONS_const(ECPKPARAMETERS) ASN1_SEQUENCE(EC_PRIVATEKEY) = { - ASN1_SIMPLE(EC_PRIVATEKEY, version, LONG), + ASN1_EMBED(EC_PRIVATEKEY, version, INT32), ASN1_SIMPLE(EC_PRIVATEKEY, privateKey, ASN1_OCTET_STRING), ASN1_EXP_OPT(EC_PRIVATEKEY, parameters, ECPKPARAMETERS, 0), ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1) @@ -265,7 +266,7 @@ static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field) goto err; } /* the parameters are specified by the prime number p */ - if (!EC_GROUP_get_curve_GFp(group, tmp, NULL, NULL, NULL)) { + if (!EC_GROUP_get_curve(group, tmp, NULL, NULL, NULL)) { ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB); goto err; } @@ -359,17 +360,15 @@ static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field) err: BN_free(tmp); - return (ok); + return ok; } static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve) { - int ok = 0, nid; + int ok = 0; BIGNUM *tmp_1 = NULL, *tmp_2 = NULL; - unsigned char *buffer_1 = NULL, *buffer_2 = NULL, - *a_buf = NULL, *b_buf = NULL; - size_t len_1, len_2; - unsigned char char_zero = 0; + unsigned char *a_buf = NULL, *b_buf = NULL; + size_t len; if (!group || !curve || !curve->a || !curve->b) return 0; @@ -379,62 +378,32 @@ static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve) goto err; } - nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); - /* get a and b */ - if (nid == NID_X9_62_prime_field) { - if (!EC_GROUP_get_curve_GFp(group, NULL, tmp_1, tmp_2, NULL)) { - ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB); - goto err; - } - } -#ifndef OPENSSL_NO_EC2M - else { /* nid == NID_X9_62_characteristic_two_field */ - - if (!EC_GROUP_get_curve_GF2m(group, NULL, tmp_1, tmp_2, NULL)) { - ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB); - goto err; - } + if (!EC_GROUP_get_curve(group, NULL, tmp_1, tmp_2, NULL)) { + ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB); + goto err; } -#endif - len_1 = (size_t)BN_num_bytes(tmp_1); - len_2 = (size_t)BN_num_bytes(tmp_2); - if (len_1 == 0) { - /* len_1 == 0 => a == 0 */ - a_buf = &char_zero; - len_1 = 1; - } else { - if ((buffer_1 = OPENSSL_malloc(len_1)) == NULL) { - ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); - goto err; - } - if ((len_1 = BN_bn2bin(tmp_1, buffer_1)) == 0) { - ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB); - goto err; - } - a_buf = buffer_1; + /* + * Per SEC 1, the curve coefficients must be padded up to size. See C.2's + * definition of Curve, C.1's definition of FieldElement, and 2.3.5's + * definition of how to encode the field elements. + */ + len = ((size_t)EC_GROUP_get_degree(group) + 7) / 8; + if ((a_buf = OPENSSL_malloc(len)) == NULL + || (b_buf = OPENSSL_malloc(len)) == NULL) { + ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); + goto err; } - - if (len_2 == 0) { - /* len_2 == 0 => b == 0 */ - b_buf = &char_zero; - len_2 = 1; - } else { - if ((buffer_2 = OPENSSL_malloc(len_2)) == NULL) { - ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); - goto err; - } - if ((len_2 = BN_bn2bin(tmp_2, buffer_2)) == 0) { - ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB); - goto err; - } - b_buf = buffer_2; + if (BN_bn2binpad(tmp_1, a_buf, len) < 0 + || BN_bn2binpad(tmp_2, b_buf, len) < 0) { + ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB); + goto err; } /* set a and b */ - if (!ASN1_OCTET_STRING_set(curve->a, a_buf, len_1) || - !ASN1_OCTET_STRING_set(curve->b, b_buf, len_2)) { + if (!ASN1_OCTET_STRING_set(curve->a, a_buf, len) + || !ASN1_OCTET_STRING_set(curve->b, b_buf, len)) { ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB); goto err; } @@ -461,11 +430,11 @@ static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve) ok = 1; err: - OPENSSL_free(buffer_1); - OPENSSL_free(buffer_2); + OPENSSL_free(a_buf); + OPENSSL_free(b_buf); BN_free(tmp_1); BN_free(tmp_2); - return (ok); + return ok; } ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, @@ -571,7 +540,7 @@ ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, if (EC_GROUP_get_asn1_flag(group)) { /* - * use the asn1 OID to describe the the elliptic curve parameters + * use the asn1 OID to describe the elliptic curve parameters */ tmp = EC_GROUP_get_curve_name(group); if (tmp) { @@ -610,7 +579,12 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) goto err; } - /* now extract the curve parameters a and b */ + /* + * Now extract the curve parameters a and b. Note that, although SEC 1 + * specifies the length of their encodings, historical versions of OpenSSL + * encoded them incorrectly, so we must accept any length for backwards + * compatibility. + */ if (!params->curve || !params->curve->a || !params->curve->a->data || !params->curve->b || !params->curve->b->data) { @@ -827,7 +801,7 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) BN_free(a); BN_free(b); EC_POINT_free(point); - return (ret); + return ret; } EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params) @@ -855,7 +829,7 @@ EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params) ECerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, ERR_R_EC_LIB); return NULL; } - EC_GROUP_set_asn1_flag(ret, 0x0); + EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_EXPLICIT_CURVE); } else if (params->type == 2) { /* implicitlyCA */ return NULL; } else { @@ -893,7 +867,7 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len) ECPKPARAMETERS_free(params); *in = p; - return (group); + return group; } int i2d_ECPKParameters(const EC_GROUP *a, unsigned char **out) @@ -910,7 +884,7 @@ int i2d_ECPKParameters(const EC_GROUP *a, unsigned char **out) return 0; } ECPKPARAMETERS_free(tmp); - return (ret); + return ret; } /* some EC_KEY functions */ @@ -985,7 +959,7 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) *a = ret; EC_PRIVATEKEY_free(priv_key); *in = p; - return (ret); + return ret; err: if (a == NULL || *a != ret) @@ -1197,6 +1171,16 @@ void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) *ps = sig->s; } +const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig) +{ + return sig->r; +} + +const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig) +{ + return sig->s; +} + int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) { if (r == NULL || s == NULL) @@ -1233,5 +1217,5 @@ int ECDSA_size(const EC_KEY *r) i = i2d_ASN1_INTEGER(&bs, NULL); i += i; /* r and s */ ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE); - return (ret); + return ret; } diff --git a/deps/openssl/openssl/crypto/ec/ec_curve.c b/deps/openssl/openssl/crypto/ec/ec_curve.c index b022528be2fd5a..bb1ce196d0fa6b 100644 --- a/deps/openssl/openssl/crypto/ec/ec_curve.c +++ b/deps/openssl/openssl/crypto/ec/ec_curve.c @@ -1,5 +1,6 @@ /* * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,26 +8,12 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * - * Portions of the attached software ("Contribution") are developed by - * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. - * - * The Contribution is licensed pursuant to the OpenSSL open source - * license provided above. - * - * The elliptic curve binary polynomial software is originally written by - * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. - * - */ - #include #include "ec_lcl.h" #include #include #include -#include "e_os.h" +#include "internal/nelem.h" typedef struct { int field_type, /* either NID_X9_62_prime_field or @@ -2217,7 +2204,7 @@ static const struct { #endif /* - * These curves were added by Annie Yousar + * These curves were added by Annie Yousar. * For the definition of RFC 5639 curves see * http://www.ietf.org/rfc/rfc5639.txt These curves are generated verifiable * at random, nevertheless the seed is omitted as parameter because the @@ -2764,6 +2751,45 @@ static const struct { } }; +#ifndef OPENSSL_NO_SM2 +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 32 * 6]; +} _EC_sm2p256v1 = { + { + NID_X9_62_prime_field, 0, 32, 1 + }, + { + /* no seed */ + + /* p */ + 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + /* a */ + 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc, + /* b */ + 0x28, 0xe9, 0xfa, 0x9e, 0x9d, 0x9f, 0x5e, 0x34, 0x4d, 0x5a, 0x9e, 0x4b, + 0xcf, 0x65, 0x09, 0xa7, 0xf3, 0x97, 0x89, 0xf5, 0x15, 0xab, 0x8f, 0x92, + 0xdd, 0xbc, 0xbd, 0x41, 0x4d, 0x94, 0x0e, 0x93, + /* x */ + 0x32, 0xc4, 0xae, 0x2c, 0x1f, 0x19, 0x81, 0x19, 0x5f, 0x99, 0x04, 0x46, + 0x6a, 0x39, 0xc9, 0x94, 0x8f, 0xe3, 0x0b, 0xbf, 0xf2, 0x66, 0x0b, 0xe1, + 0x71, 0x5a, 0x45, 0x89, 0x33, 0x4c, 0x74, 0xc7, + /* y */ + 0xbc, 0x37, 0x36, 0xa2, 0xf4, 0xf6, 0x77, 0x9c, 0x59, 0xbd, 0xce, 0xe3, + 0x6b, 0x69, 0x21, 0x53, 0xd0, 0xa9, 0x87, 0x7c, 0xc6, 0x2a, 0x47, 0x40, + 0x02, 0xdf, 0x32, 0xe5, 0x21, 0x39, 0xf0, 0xa0, + /* order */ + 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0x72, 0x03, 0xdf, 0x6b, 0x21, 0xc6, 0x05, 0x2b, + 0x53, 0xbb, 0xf4, 0x09, 0x39, 0xd5, 0x41, 0x23, + } +}; +#endif /* OPENSSL_NO_SM2 */ + typedef struct _ec_list_element_st { int nid; const EC_CURVE_DATA *data; @@ -2973,6 +2999,10 @@ static const ec_list_element curve_list[] = { "RFC 5639 curve over a 512 bit prime field"}, {NID_brainpoolP512t1, &_EC_brainpoolP512t1.h, 0, "RFC 5639 curve over a 512 bit prime field"}, +#ifndef OPENSSL_NO_SM2 + {NID_sm2, &_EC_sm2p256v1.h, 0, + "SM2 curve over a 256 bit prime field"}, +#endif }; #define curve_list_length OSSL_NELEM(curve_list) @@ -3048,7 +3078,7 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve) ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); goto err; } - if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) { + if (!EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) { ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); goto err; } diff --git a/deps/openssl/openssl/crypto/ec/ec_cvt.c b/deps/openssl/openssl/crypto/ec/ec_cvt.c index bfff6d65f7b4f0..0ec346c125ade1 100644 --- a/deps/openssl/openssl/crypto/ec/ec_cvt.c +++ b/deps/openssl/openssl/crypto/ec/ec_cvt.c @@ -1,5 +1,6 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,20 +8,6 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * - * Portions of the attached software ("Contribution") are developed by - * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. - * - * The Contribution is licensed pursuant to the OpenSSL open source - * license provided above. - * - * The elliptic curve binary polynomial software is originally written by - * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. - * - */ - #include #include "ec_lcl.h" @@ -64,7 +51,7 @@ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, if (ret == NULL) return NULL; - if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx)) { + if (!EC_GROUP_set_curve(ret, p, a, b, ctx)) { EC_GROUP_clear_free(ret); return NULL; } @@ -85,7 +72,7 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, if (ret == NULL) return NULL; - if (!EC_GROUP_set_curve_GF2m(ret, p, a, b, ctx)) { + if (!EC_GROUP_set_curve(ret, p, a, b, ctx)) { EC_GROUP_clear_free(ret); return NULL; } diff --git a/deps/openssl/openssl/crypto/ec/ec_err.c b/deps/openssl/openssl/crypto/ec/ec_err.c index 717c92e9845916..8f4911abec79a0 100644 --- a/deps/openssl/openssl/crypto/ec/ec_err.c +++ b/deps/openssl/openssl/crypto/ec/ec_err.c @@ -8,272 +8,368 @@ * https://www.openssl.org/source/license.html */ -#include #include -#include +#include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -# define ERR_FUNC(func) ERR_PACK(ERR_LIB_EC,func,0) -# define ERR_REASON(reason) ERR_PACK(ERR_LIB_EC,0,reason) - -static ERR_STRING_DATA EC_str_functs[] = { - {ERR_FUNC(EC_F_BN_TO_FELEM), "BN_to_felem"}, - {ERR_FUNC(EC_F_D2I_ECPARAMETERS), "d2i_ECParameters"}, - {ERR_FUNC(EC_F_D2I_ECPKPARAMETERS), "d2i_ECPKParameters"}, - {ERR_FUNC(EC_F_D2I_ECPRIVATEKEY), "d2i_ECPrivateKey"}, - {ERR_FUNC(EC_F_DO_EC_KEY_PRINT), "do_EC_KEY_print"}, - {ERR_FUNC(EC_F_ECDH_CMS_DECRYPT), "ecdh_cms_decrypt"}, - {ERR_FUNC(EC_F_ECDH_CMS_SET_SHARED_INFO), "ecdh_cms_set_shared_info"}, - {ERR_FUNC(EC_F_ECDH_COMPUTE_KEY), "ECDH_compute_key"}, - {ERR_FUNC(EC_F_ECDH_SIMPLE_COMPUTE_KEY), "ecdh_simple_compute_key"}, - {ERR_FUNC(EC_F_ECDSA_DO_SIGN_EX), "ECDSA_do_sign_ex"}, - {ERR_FUNC(EC_F_ECDSA_DO_VERIFY), "ECDSA_do_verify"}, - {ERR_FUNC(EC_F_ECDSA_SIGN_EX), "ECDSA_sign_ex"}, - {ERR_FUNC(EC_F_ECDSA_SIGN_SETUP), "ECDSA_sign_setup"}, - {ERR_FUNC(EC_F_ECDSA_SIG_NEW), "ECDSA_SIG_new"}, - {ERR_FUNC(EC_F_ECDSA_VERIFY), "ECDSA_verify"}, - {ERR_FUNC(EC_F_ECKEY_PARAM2TYPE), "eckey_param2type"}, - {ERR_FUNC(EC_F_ECKEY_PARAM_DECODE), "eckey_param_decode"}, - {ERR_FUNC(EC_F_ECKEY_PRIV_DECODE), "eckey_priv_decode"}, - {ERR_FUNC(EC_F_ECKEY_PRIV_ENCODE), "eckey_priv_encode"}, - {ERR_FUNC(EC_F_ECKEY_PUB_DECODE), "eckey_pub_decode"}, - {ERR_FUNC(EC_F_ECKEY_PUB_ENCODE), "eckey_pub_encode"}, - {ERR_FUNC(EC_F_ECKEY_TYPE2PARAM), "eckey_type2param"}, - {ERR_FUNC(EC_F_ECPARAMETERS_PRINT), "ECParameters_print"}, - {ERR_FUNC(EC_F_ECPARAMETERS_PRINT_FP), "ECParameters_print_fp"}, - {ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT), "ECPKParameters_print"}, - {ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT_FP), "ECPKParameters_print_fp"}, - {ERR_FUNC(EC_F_ECP_NISTZ256_GET_AFFINE), "ecp_nistz256_get_affine"}, - {ERR_FUNC(EC_F_ECP_NISTZ256_MULT_PRECOMPUTE), +static const ERR_STRING_DATA EC_str_functs[] = { + {ERR_PACK(ERR_LIB_EC, EC_F_BN_TO_FELEM, 0), "BN_to_felem"}, + {ERR_PACK(ERR_LIB_EC, EC_F_D2I_ECPARAMETERS, 0), "d2i_ECParameters"}, + {ERR_PACK(ERR_LIB_EC, EC_F_D2I_ECPKPARAMETERS, 0), "d2i_ECPKParameters"}, + {ERR_PACK(ERR_LIB_EC, EC_F_D2I_ECPRIVATEKEY, 0), "d2i_ECPrivateKey"}, + {ERR_PACK(ERR_LIB_EC, EC_F_DO_EC_KEY_PRINT, 0), "do_EC_KEY_print"}, + {ERR_PACK(ERR_LIB_EC, EC_F_ECDH_CMS_DECRYPT, 0), "ecdh_cms_decrypt"}, + {ERR_PACK(ERR_LIB_EC, EC_F_ECDH_CMS_SET_SHARED_INFO, 0), + "ecdh_cms_set_shared_info"}, + {ERR_PACK(ERR_LIB_EC, EC_F_ECDH_COMPUTE_KEY, 0), "ECDH_compute_key"}, + {ERR_PACK(ERR_LIB_EC, EC_F_ECDH_SIMPLE_COMPUTE_KEY, 0), + "ecdh_simple_compute_key"}, + {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_DO_SIGN_EX, 0), "ECDSA_do_sign_ex"}, + {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_DO_VERIFY, 0), "ECDSA_do_verify"}, + {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIGN_EX, 0), "ECDSA_sign_ex"}, + {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIGN_SETUP, 0), "ECDSA_sign_setup"}, + {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIG_NEW, 0), "ECDSA_SIG_new"}, + {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_VERIFY, 0), "ECDSA_verify"}, + {ERR_PACK(ERR_LIB_EC, EC_F_ECD_ITEM_VERIFY, 0), "ecd_item_verify"}, + {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PARAM2TYPE, 0), "eckey_param2type"}, + {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PARAM_DECODE, 0), "eckey_param_decode"}, + {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PRIV_DECODE, 0), "eckey_priv_decode"}, + {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PRIV_ENCODE, 0), "eckey_priv_encode"}, + {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PUB_DECODE, 0), "eckey_pub_decode"}, + {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PUB_ENCODE, 0), "eckey_pub_encode"}, + {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_TYPE2PARAM, 0), "eckey_type2param"}, + {ERR_PACK(ERR_LIB_EC, EC_F_ECPARAMETERS_PRINT, 0), "ECParameters_print"}, + {ERR_PACK(ERR_LIB_EC, EC_F_ECPARAMETERS_PRINT_FP, 0), + "ECParameters_print_fp"}, + {ERR_PACK(ERR_LIB_EC, EC_F_ECPKPARAMETERS_PRINT, 0), + "ECPKParameters_print"}, + {ERR_PACK(ERR_LIB_EC, EC_F_ECPKPARAMETERS_PRINT_FP, 0), + "ECPKParameters_print_fp"}, + {ERR_PACK(ERR_LIB_EC, EC_F_ECP_NISTZ256_GET_AFFINE, 0), + "ecp_nistz256_get_affine"}, + {ERR_PACK(ERR_LIB_EC, EC_F_ECP_NISTZ256_INV_MOD_ORD, 0), + "ecp_nistz256_inv_mod_ord"}, + {ERR_PACK(ERR_LIB_EC, EC_F_ECP_NISTZ256_MULT_PRECOMPUTE, 0), "ecp_nistz256_mult_precompute"}, - {ERR_FUNC(EC_F_ECP_NISTZ256_POINTS_MUL), "ecp_nistz256_points_mul"}, - {ERR_FUNC(EC_F_ECP_NISTZ256_PRE_COMP_NEW), "ecp_nistz256_pre_comp_new"}, - {ERR_FUNC(EC_F_ECP_NISTZ256_WINDOWED_MUL), "ecp_nistz256_windowed_mul"}, - {ERR_FUNC(EC_F_ECX_KEY_OP), "ecx_key_op"}, - {ERR_FUNC(EC_F_ECX_PRIV_ENCODE), "ecx_priv_encode"}, - {ERR_FUNC(EC_F_ECX_PUB_ENCODE), "ecx_pub_encode"}, - {ERR_FUNC(EC_F_EC_ASN1_GROUP2CURVE), "ec_asn1_group2curve"}, - {ERR_FUNC(EC_F_EC_ASN1_GROUP2FIELDID), "ec_asn1_group2fieldid"}, - {ERR_FUNC(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY), + {ERR_PACK(ERR_LIB_EC, EC_F_ECP_NISTZ256_POINTS_MUL, 0), + "ecp_nistz256_points_mul"}, + {ERR_PACK(ERR_LIB_EC, EC_F_ECP_NISTZ256_PRE_COMP_NEW, 0), + "ecp_nistz256_pre_comp_new"}, + {ERR_PACK(ERR_LIB_EC, EC_F_ECP_NISTZ256_WINDOWED_MUL, 0), + "ecp_nistz256_windowed_mul"}, + {ERR_PACK(ERR_LIB_EC, EC_F_ECX_KEY_OP, 0), "ecx_key_op"}, + {ERR_PACK(ERR_LIB_EC, EC_F_ECX_PRIV_ENCODE, 0), "ecx_priv_encode"}, + {ERR_PACK(ERR_LIB_EC, EC_F_ECX_PUB_ENCODE, 0), "ecx_pub_encode"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_ASN1_GROUP2CURVE, 0), "ec_asn1_group2curve"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_ASN1_GROUP2FIELDID, 0), + "ec_asn1_group2fieldid"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY, 0), "ec_GF2m_montgomery_point_multiply"}, - {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT), + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT, 0), "ec_GF2m_simple_group_check_discriminant"}, - {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE), + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE, 0), "ec_GF2m_simple_group_set_curve"}, - {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_OCT2POINT), "ec_GF2m_simple_oct2point"}, - {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT2OCT), "ec_GF2m_simple_point2oct"}, - {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES), + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_LADDER_POST, 0), + "ec_GF2m_simple_ladder_post"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_LADDER_PRE, 0), + "ec_GF2m_simple_ladder_pre"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_OCT2POINT, 0), + "ec_GF2m_simple_oct2point"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_POINT2OCT, 0), + "ec_GF2m_simple_point2oct"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_POINTS_MUL, 0), + "ec_GF2m_simple_points_mul"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES, 0), "ec_GF2m_simple_point_get_affine_coordinates"}, - {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES), + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES, 0), "ec_GF2m_simple_point_set_affine_coordinates"}, - {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES), + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES, 0), "ec_GF2m_simple_set_compressed_coordinates"}, - {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_DECODE), "ec_GFp_mont_field_decode"}, - {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_ENCODE), "ec_GFp_mont_field_encode"}, - {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_MUL), "ec_GFp_mont_field_mul"}, - {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE), + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_DECODE, 0), + "ec_GFp_mont_field_decode"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_ENCODE, 0), + "ec_GFp_mont_field_encode"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_MUL, 0), + "ec_GFp_mont_field_mul"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE, 0), "ec_GFp_mont_field_set_to_one"}, - {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SQR), "ec_GFp_mont_field_sqr"}, - {ERR_FUNC(EC_F_EC_GFP_MONT_GROUP_SET_CURVE), + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_SQR, 0), + "ec_GFp_mont_field_sqr"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_GROUP_SET_CURVE, 0), "ec_GFp_mont_group_set_curve"}, - {ERR_FUNC(EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE), + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE, 0), "ec_GFp_nistp224_group_set_curve"}, - {ERR_FUNC(EC_F_EC_GFP_NISTP224_POINTS_MUL), "ec_GFp_nistp224_points_mul"}, - {ERR_FUNC(EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES), + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP224_POINTS_MUL, 0), + "ec_GFp_nistp224_points_mul"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES, 0), "ec_GFp_nistp224_point_get_affine_coordinates"}, - {ERR_FUNC(EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE), + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE, 0), "ec_GFp_nistp256_group_set_curve"}, - {ERR_FUNC(EC_F_EC_GFP_NISTP256_POINTS_MUL), "ec_GFp_nistp256_points_mul"}, - {ERR_FUNC(EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES), + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP256_POINTS_MUL, 0), + "ec_GFp_nistp256_points_mul"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES, 0), "ec_GFp_nistp256_point_get_affine_coordinates"}, - {ERR_FUNC(EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE), + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE, 0), "ec_GFp_nistp521_group_set_curve"}, - {ERR_FUNC(EC_F_EC_GFP_NISTP521_POINTS_MUL), "ec_GFp_nistp521_points_mul"}, - {ERR_FUNC(EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES), + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP521_POINTS_MUL, 0), + "ec_GFp_nistp521_points_mul"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES, 0), "ec_GFp_nistp521_point_get_affine_coordinates"}, - {ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_MUL), "ec_GFp_nist_field_mul"}, - {ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_SQR), "ec_GFp_nist_field_sqr"}, - {ERR_FUNC(EC_F_EC_GFP_NIST_GROUP_SET_CURVE), + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NIST_FIELD_MUL, 0), + "ec_GFp_nist_field_mul"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NIST_FIELD_SQR, 0), + "ec_GFp_nist_field_sqr"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NIST_GROUP_SET_CURVE, 0), "ec_GFp_nist_group_set_curve"}, - {ERR_FUNC(EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES), + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES, 0), "ec_GFp_simple_blind_coordinates"}, - {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT), + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT, 0), "ec_GFp_simple_group_check_discriminant"}, - {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE), + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, 0), "ec_GFp_simple_group_set_curve"}, - {ERR_FUNC(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE), "ec_GFp_simple_make_affine"}, - {ERR_FUNC(EC_F_EC_GFP_SIMPLE_OCT2POINT), "ec_GFp_simple_oct2point"}, - {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT2OCT), "ec_GFp_simple_point2oct"}, - {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE), + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_MAKE_AFFINE, 0), + "ec_GFp_simple_make_affine"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_OCT2POINT, 0), + "ec_GFp_simple_oct2point"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_POINT2OCT, 0), + "ec_GFp_simple_point2oct"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, 0), "ec_GFp_simple_points_make_affine"}, - {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES), + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES, 0), "ec_GFp_simple_point_get_affine_coordinates"}, - {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES), + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES, 0), "ec_GFp_simple_point_set_affine_coordinates"}, - {ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES), + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, 0), "ec_GFp_simple_set_compressed_coordinates"}, - {ERR_FUNC(EC_F_EC_GROUP_CHECK), "EC_GROUP_check"}, - {ERR_FUNC(EC_F_EC_GROUP_CHECK_DISCRIMINANT), + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_CHECK, 0), "EC_GROUP_check"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_CHECK_DISCRIMINANT, 0), "EC_GROUP_check_discriminant"}, - {ERR_FUNC(EC_F_EC_GROUP_COPY), "EC_GROUP_copy"}, - {ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GF2M), "EC_GROUP_get_curve_GF2m"}, - {ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GFP), "EC_GROUP_get_curve_GFp"}, - {ERR_FUNC(EC_F_EC_GROUP_GET_DEGREE), "EC_GROUP_get_degree"}, - {ERR_FUNC(EC_F_EC_GROUP_GET_ECPARAMETERS), "EC_GROUP_get_ecparameters"}, - {ERR_FUNC(EC_F_EC_GROUP_GET_ECPKPARAMETERS), + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_COPY, 0), "EC_GROUP_copy"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_CURVE, 0), "EC_GROUP_get_curve"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_CURVE_GF2M, 0), + "EC_GROUP_get_curve_GF2m"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_CURVE_GFP, 0), + "EC_GROUP_get_curve_GFp"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_DEGREE, 0), "EC_GROUP_get_degree"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_ECPARAMETERS, 0), + "EC_GROUP_get_ecparameters"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_ECPKPARAMETERS, 0), "EC_GROUP_get_ecpkparameters"}, - {ERR_FUNC(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS), + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS, 0), "EC_GROUP_get_pentanomial_basis"}, - {ERR_FUNC(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS), + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_TRINOMIAL_BASIS, 0), "EC_GROUP_get_trinomial_basis"}, - {ERR_FUNC(EC_F_EC_GROUP_NEW), "EC_GROUP_new"}, - {ERR_FUNC(EC_F_EC_GROUP_NEW_BY_CURVE_NAME), "EC_GROUP_new_by_curve_name"}, - {ERR_FUNC(EC_F_EC_GROUP_NEW_FROM_DATA), "ec_group_new_from_data"}, - {ERR_FUNC(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS), + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_NEW, 0), "EC_GROUP_new"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_NEW_BY_CURVE_NAME, 0), + "EC_GROUP_new_by_curve_name"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_NEW_FROM_DATA, 0), + "ec_group_new_from_data"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, 0), "EC_GROUP_new_from_ecparameters"}, - {ERR_FUNC(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS), + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, 0), "EC_GROUP_new_from_ecpkparameters"}, - {ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GF2M), "EC_GROUP_set_curve_GF2m"}, - {ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GFP), "EC_GROUP_set_curve_GFp"}, - {ERR_FUNC(EC_F_EC_GROUP_SET_GENERATOR), "EC_GROUP_set_generator"}, - {ERR_FUNC(EC_F_EC_KEY_CHECK_KEY), "EC_KEY_check_key"}, - {ERR_FUNC(EC_F_EC_KEY_COPY), "EC_KEY_copy"}, - {ERR_FUNC(EC_F_EC_KEY_GENERATE_KEY), "EC_KEY_generate_key"}, - {ERR_FUNC(EC_F_EC_KEY_NEW), "EC_KEY_new"}, - {ERR_FUNC(EC_F_EC_KEY_NEW_METHOD), "EC_KEY_new_method"}, - {ERR_FUNC(EC_F_EC_KEY_OCT2PRIV), "EC_KEY_oct2priv"}, - {ERR_FUNC(EC_F_EC_KEY_PRINT), "EC_KEY_print"}, - {ERR_FUNC(EC_F_EC_KEY_PRINT_FP), "EC_KEY_print_fp"}, - {ERR_FUNC(EC_F_EC_KEY_PRIV2OCT), "EC_KEY_priv2oct"}, - {ERR_FUNC(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES), + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_SET_CURVE, 0), "EC_GROUP_set_curve"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_SET_CURVE_GF2M, 0), + "EC_GROUP_set_curve_GF2m"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_SET_CURVE_GFP, 0), + "EC_GROUP_set_curve_GFp"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_SET_GENERATOR, 0), + "EC_GROUP_set_generator"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_SET_SEED, 0), "EC_GROUP_set_seed"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_CHECK_KEY, 0), "EC_KEY_check_key"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_COPY, 0), "EC_KEY_copy"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_GENERATE_KEY, 0), "EC_KEY_generate_key"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_NEW, 0), "EC_KEY_new"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_NEW_METHOD, 0), "EC_KEY_new_method"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_OCT2PRIV, 0), "EC_KEY_oct2priv"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PRINT, 0), "EC_KEY_print"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PRINT_FP, 0), "EC_KEY_print_fp"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PRIV2BUF, 0), "EC_KEY_priv2buf"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PRIV2OCT, 0), "EC_KEY_priv2oct"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES, 0), "EC_KEY_set_public_key_affine_coordinates"}, - {ERR_FUNC(EC_F_EC_KEY_SIMPLE_CHECK_KEY), "ec_key_simple_check_key"}, - {ERR_FUNC(EC_F_EC_KEY_SIMPLE_OCT2PRIV), "ec_key_simple_oct2priv"}, - {ERR_FUNC(EC_F_EC_KEY_SIMPLE_PRIV2OCT), "ec_key_simple_priv2oct"}, - {ERR_FUNC(EC_F_EC_POINTS_MAKE_AFFINE), "EC_POINTs_make_affine"}, - {ERR_FUNC(EC_F_EC_POINT_ADD), "EC_POINT_add"}, - {ERR_FUNC(EC_F_EC_POINT_CMP), "EC_POINT_cmp"}, - {ERR_FUNC(EC_F_EC_POINT_COPY), "EC_POINT_copy"}, - {ERR_FUNC(EC_F_EC_POINT_DBL), "EC_POINT_dbl"}, - {ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M), + {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_SIMPLE_CHECK_KEY, 0), + "ec_key_simple_check_key"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_SIMPLE_OCT2PRIV, 0), + "ec_key_simple_oct2priv"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_SIMPLE_PRIV2OCT, 0), + "ec_key_simple_priv2oct"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_PKEY_CHECK, 0), "ec_pkey_check"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_PKEY_PARAM_CHECK, 0), "ec_pkey_param_check"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINTS_MAKE_AFFINE, 0), + "EC_POINTs_make_affine"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINTS_MUL, 0), "EC_POINTs_mul"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_ADD, 0), "EC_POINT_add"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_BN2POINT, 0), "EC_POINT_bn2point"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_CMP, 0), "EC_POINT_cmp"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_COPY, 0), "EC_POINT_copy"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_DBL, 0), "EC_POINT_dbl"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_GET_AFFINE_COORDINATES, 0), + "EC_POINT_get_affine_coordinates"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, 0), "EC_POINT_get_affine_coordinates_GF2m"}, - {ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP), + {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, 0), "EC_POINT_get_affine_coordinates_GFp"}, - {ERR_FUNC(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP), + {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, 0), "EC_POINT_get_Jprojective_coordinates_GFp"}, - {ERR_FUNC(EC_F_EC_POINT_INVERT), "EC_POINT_invert"}, - {ERR_FUNC(EC_F_EC_POINT_IS_AT_INFINITY), "EC_POINT_is_at_infinity"}, - {ERR_FUNC(EC_F_EC_POINT_IS_ON_CURVE), "EC_POINT_is_on_curve"}, - {ERR_FUNC(EC_F_EC_POINT_MAKE_AFFINE), "EC_POINT_make_affine"}, - {ERR_FUNC(EC_F_EC_POINT_NEW), "EC_POINT_new"}, - {ERR_FUNC(EC_F_EC_POINT_OCT2POINT), "EC_POINT_oct2point"}, - {ERR_FUNC(EC_F_EC_POINT_POINT2OCT), "EC_POINT_point2oct"}, - {ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M), + {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_INVERT, 0), "EC_POINT_invert"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_IS_AT_INFINITY, 0), + "EC_POINT_is_at_infinity"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_IS_ON_CURVE, 0), + "EC_POINT_is_on_curve"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_MAKE_AFFINE, 0), + "EC_POINT_make_affine"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_NEW, 0), "EC_POINT_new"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_OCT2POINT, 0), "EC_POINT_oct2point"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_POINT2BUF, 0), "EC_POINT_point2buf"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_POINT2OCT, 0), "EC_POINT_point2oct"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_AFFINE_COORDINATES, 0), + "EC_POINT_set_affine_coordinates"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, 0), "EC_POINT_set_affine_coordinates_GF2m"}, - {ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP), + {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, 0), "EC_POINT_set_affine_coordinates_GFp"}, - {ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M), + {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_COMPRESSED_COORDINATES, 0), + "EC_POINT_set_compressed_coordinates"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, 0), "EC_POINT_set_compressed_coordinates_GF2m"}, - {ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP), + {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, 0), "EC_POINT_set_compressed_coordinates_GFp"}, - {ERR_FUNC(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP), + {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, 0), "EC_POINT_set_Jprojective_coordinates_GFp"}, - {ERR_FUNC(EC_F_EC_POINT_SET_TO_INFINITY), "EC_POINT_set_to_infinity"}, - {ERR_FUNC(EC_F_EC_PRE_COMP_NEW), "ec_pre_comp_new"}, - {ERR_FUNC(EC_F_EC_WNAF_MUL), "ec_wNAF_mul"}, - {ERR_FUNC(EC_F_EC_WNAF_PRECOMPUTE_MULT), "ec_wNAF_precompute_mult"}, - {ERR_FUNC(EC_F_I2D_ECPARAMETERS), "i2d_ECParameters"}, - {ERR_FUNC(EC_F_I2D_ECPKPARAMETERS), "i2d_ECPKParameters"}, - {ERR_FUNC(EC_F_I2D_ECPRIVATEKEY), "i2d_ECPrivateKey"}, - {ERR_FUNC(EC_F_I2O_ECPUBLICKEY), "i2o_ECPublicKey"}, - {ERR_FUNC(EC_F_NISTP224_PRE_COMP_NEW), "nistp224_pre_comp_new"}, - {ERR_FUNC(EC_F_NISTP256_PRE_COMP_NEW), "nistp256_pre_comp_new"}, - {ERR_FUNC(EC_F_NISTP521_PRE_COMP_NEW), "nistp521_pre_comp_new"}, - {ERR_FUNC(EC_F_O2I_ECPUBLICKEY), "o2i_ECPublicKey"}, - {ERR_FUNC(EC_F_OLD_EC_PRIV_DECODE), "old_ec_priv_decode"}, - {ERR_FUNC(EC_F_OSSL_ECDH_COMPUTE_KEY), "ossl_ecdh_compute_key"}, - {ERR_FUNC(EC_F_OSSL_ECDSA_SIGN_SIG), "ossl_ecdsa_sign_sig"}, - {ERR_FUNC(EC_F_OSSL_ECDSA_VERIFY_SIG), "ossl_ecdsa_verify_sig"}, - {ERR_FUNC(EC_F_PKEY_ECX_DERIVE), "pkey_ecx_derive"}, - {ERR_FUNC(EC_F_PKEY_EC_CTRL), "pkey_ec_ctrl"}, - {ERR_FUNC(EC_F_PKEY_EC_CTRL_STR), "pkey_ec_ctrl_str"}, - {ERR_FUNC(EC_F_PKEY_EC_DERIVE), "pkey_ec_derive"}, - {ERR_FUNC(EC_F_PKEY_EC_KEYGEN), "pkey_ec_keygen"}, - {ERR_FUNC(EC_F_PKEY_EC_PARAMGEN), "pkey_ec_paramgen"}, - {ERR_FUNC(EC_F_PKEY_EC_SIGN), "pkey_ec_sign"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_TO_INFINITY, 0), + "EC_POINT_set_to_infinity"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_PRE_COMP_NEW, 0), "ec_pre_comp_new"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_SCALAR_MUL_LADDER, 0), + "ec_scalar_mul_ladder"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_WNAF_MUL, 0), "ec_wNAF_mul"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_WNAF_PRECOMPUTE_MULT, 0), + "ec_wNAF_precompute_mult"}, + {ERR_PACK(ERR_LIB_EC, EC_F_I2D_ECPARAMETERS, 0), "i2d_ECParameters"}, + {ERR_PACK(ERR_LIB_EC, EC_F_I2D_ECPKPARAMETERS, 0), "i2d_ECPKParameters"}, + {ERR_PACK(ERR_LIB_EC, EC_F_I2D_ECPRIVATEKEY, 0), "i2d_ECPrivateKey"}, + {ERR_PACK(ERR_LIB_EC, EC_F_I2O_ECPUBLICKEY, 0), "i2o_ECPublicKey"}, + {ERR_PACK(ERR_LIB_EC, EC_F_NISTP224_PRE_COMP_NEW, 0), + "nistp224_pre_comp_new"}, + {ERR_PACK(ERR_LIB_EC, EC_F_NISTP256_PRE_COMP_NEW, 0), + "nistp256_pre_comp_new"}, + {ERR_PACK(ERR_LIB_EC, EC_F_NISTP521_PRE_COMP_NEW, 0), + "nistp521_pre_comp_new"}, + {ERR_PACK(ERR_LIB_EC, EC_F_O2I_ECPUBLICKEY, 0), "o2i_ECPublicKey"}, + {ERR_PACK(ERR_LIB_EC, EC_F_OLD_EC_PRIV_DECODE, 0), "old_ec_priv_decode"}, + {ERR_PACK(ERR_LIB_EC, EC_F_OSSL_ECDH_COMPUTE_KEY, 0), + "ossl_ecdh_compute_key"}, + {ERR_PACK(ERR_LIB_EC, EC_F_OSSL_ECDSA_SIGN_SIG, 0), "ossl_ecdsa_sign_sig"}, + {ERR_PACK(ERR_LIB_EC, EC_F_OSSL_ECDSA_VERIFY_SIG, 0), + "ossl_ecdsa_verify_sig"}, + {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECD_CTRL, 0), "pkey_ecd_ctrl"}, + {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECD_DIGESTSIGN, 0), "pkey_ecd_digestsign"}, + {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECD_DIGESTSIGN25519, 0), + "pkey_ecd_digestsign25519"}, + {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECD_DIGESTSIGN448, 0), + "pkey_ecd_digestsign448"}, + {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECX_DERIVE, 0), "pkey_ecx_derive"}, + {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_CTRL, 0), "pkey_ec_ctrl"}, + {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_CTRL_STR, 0), "pkey_ec_ctrl_str"}, + {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_DERIVE, 0), "pkey_ec_derive"}, + {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_INIT, 0), "pkey_ec_init"}, + {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_KDF_DERIVE, 0), "pkey_ec_kdf_derive"}, + {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_KEYGEN, 0), "pkey_ec_keygen"}, + {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_PARAMGEN, 0), "pkey_ec_paramgen"}, + {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_SIGN, 0), "pkey_ec_sign"}, + {ERR_PACK(ERR_LIB_EC, EC_F_VALIDATE_ECX_DERIVE, 0), "validate_ecx_derive"}, {0, NULL} }; -static ERR_STRING_DATA EC_str_reasons[] = { - {ERR_REASON(EC_R_ASN1_ERROR), "asn1 error"}, - {ERR_REASON(EC_R_BAD_SIGNATURE), "bad signature"}, - {ERR_REASON(EC_R_BIGNUM_OUT_OF_RANGE), "bignum out of range"}, - {ERR_REASON(EC_R_BUFFER_TOO_SMALL), "buffer too small"}, - {ERR_REASON(EC_R_COORDINATES_OUT_OF_RANGE), "coordinates out of range"}, - {ERR_REASON(EC_R_CURVE_DOES_NOT_SUPPORT_ECDH), - "curve does not support ecdh"}, - {ERR_REASON(EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING), - "curve does not support signing"}, - {ERR_REASON(EC_R_D2I_ECPKPARAMETERS_FAILURE), - "d2i ecpkparameters failure"}, - {ERR_REASON(EC_R_DECODE_ERROR), "decode error"}, - {ERR_REASON(EC_R_DISCRIMINANT_IS_ZERO), "discriminant is zero"}, - {ERR_REASON(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE), - "ec group new by name failure"}, - {ERR_REASON(EC_R_FIELD_TOO_LARGE), "field too large"}, - {ERR_REASON(EC_R_GF2M_NOT_SUPPORTED), "gf2m not supported"}, - {ERR_REASON(EC_R_GROUP2PKPARAMETERS_FAILURE), - "group2pkparameters failure"}, - {ERR_REASON(EC_R_I2D_ECPKPARAMETERS_FAILURE), - "i2d ecpkparameters failure"}, - {ERR_REASON(EC_R_INCOMPATIBLE_OBJECTS), "incompatible objects"}, - {ERR_REASON(EC_R_INVALID_ARGUMENT), "invalid argument"}, - {ERR_REASON(EC_R_INVALID_COMPRESSED_POINT), "invalid compressed point"}, - {ERR_REASON(EC_R_INVALID_COMPRESSION_BIT), "invalid compression bit"}, - {ERR_REASON(EC_R_INVALID_CURVE), "invalid curve"}, - {ERR_REASON(EC_R_INVALID_DIGEST), "invalid digest"}, - {ERR_REASON(EC_R_INVALID_DIGEST_TYPE), "invalid digest type"}, - {ERR_REASON(EC_R_INVALID_ENCODING), "invalid encoding"}, - {ERR_REASON(EC_R_INVALID_FIELD), "invalid field"}, - {ERR_REASON(EC_R_INVALID_FORM), "invalid form"}, - {ERR_REASON(EC_R_INVALID_GROUP_ORDER), "invalid group order"}, - {ERR_REASON(EC_R_INVALID_KEY), "invalid key"}, - {ERR_REASON(EC_R_INVALID_OUTPUT_LENGTH), "invalid output length"}, - {ERR_REASON(EC_R_INVALID_PEER_KEY), "invalid peer key"}, - {ERR_REASON(EC_R_INVALID_PENTANOMIAL_BASIS), "invalid pentanomial basis"}, - {ERR_REASON(EC_R_INVALID_PRIVATE_KEY), "invalid private key"}, - {ERR_REASON(EC_R_INVALID_TRINOMIAL_BASIS), "invalid trinomial basis"}, - {ERR_REASON(EC_R_KDF_PARAMETER_ERROR), "kdf parameter error"}, - {ERR_REASON(EC_R_KEYS_NOT_SET), "keys not set"}, - {ERR_REASON(EC_R_MISSING_PARAMETERS), "missing parameters"}, - {ERR_REASON(EC_R_MISSING_PRIVATE_KEY), "missing private key"}, - {ERR_REASON(EC_R_NEED_NEW_SETUP_VALUES), "need new setup values"}, - {ERR_REASON(EC_R_NOT_A_NIST_PRIME), "not a NIST prime"}, - {ERR_REASON(EC_R_NOT_IMPLEMENTED), "not implemented"}, - {ERR_REASON(EC_R_NOT_INITIALIZED), "not initialized"}, - {ERR_REASON(EC_R_NO_PARAMETERS_SET), "no parameters set"}, - {ERR_REASON(EC_R_NO_PRIVATE_VALUE), "no private value"}, - {ERR_REASON(EC_R_OPERATION_NOT_SUPPORTED), "operation not supported"}, - {ERR_REASON(EC_R_PASSED_NULL_PARAMETER), "passed null parameter"}, - {ERR_REASON(EC_R_PEER_KEY_ERROR), "peer key error"}, - {ERR_REASON(EC_R_PKPARAMETERS2GROUP_FAILURE), - "pkparameters2group failure"}, - {ERR_REASON(EC_R_POINT_ARITHMETIC_FAILURE), "point arithmetic failure"}, - {ERR_REASON(EC_R_POINT_AT_INFINITY), "point at infinity"}, - {ERR_REASON(EC_R_POINT_IS_NOT_ON_CURVE), "point is not on curve"}, - {ERR_REASON(EC_R_RANDOM_NUMBER_GENERATION_FAILED), - "random number generation failed"}, - {ERR_REASON(EC_R_SHARED_INFO_ERROR), "shared info error"}, - {ERR_REASON(EC_R_SLOT_FULL), "slot full"}, - {ERR_REASON(EC_R_UNDEFINED_GENERATOR), "undefined generator"}, - {ERR_REASON(EC_R_UNDEFINED_ORDER), "undefined order"}, - {ERR_REASON(EC_R_UNKNOWN_GROUP), "unknown group"}, - {ERR_REASON(EC_R_UNKNOWN_ORDER), "unknown order"}, - {ERR_REASON(EC_R_UNSUPPORTED_FIELD), "unsupported field"}, - {ERR_REASON(EC_R_WRONG_CURVE_PARAMETERS), "wrong curve parameters"}, - {ERR_REASON(EC_R_WRONG_ORDER), "wrong order"}, +static const ERR_STRING_DATA EC_str_reasons[] = { + {ERR_PACK(ERR_LIB_EC, 0, EC_R_ASN1_ERROR), "asn1 error"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_BAD_SIGNATURE), "bad signature"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_BIGNUM_OUT_OF_RANGE), "bignum out of range"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_BUFFER_TOO_SMALL), "buffer too small"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_COORDINATES_OUT_OF_RANGE), + "coordinates out of range"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH), + "curve does not support ecdh"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING), + "curve does not support signing"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_D2I_ECPKPARAMETERS_FAILURE), + "d2i ecpkparameters failure"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_DECODE_ERROR), "decode error"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_DISCRIMINANT_IS_ZERO), + "discriminant is zero"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_EC_GROUP_NEW_BY_NAME_FAILURE), + "ec group new by name failure"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_FIELD_TOO_LARGE), "field too large"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_GF2M_NOT_SUPPORTED), "gf2m not supported"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_GROUP2PKPARAMETERS_FAILURE), + "group2pkparameters failure"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_I2D_ECPKPARAMETERS_FAILURE), + "i2d ecpkparameters failure"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_INCOMPATIBLE_OBJECTS), + "incompatible objects"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_ARGUMENT), "invalid argument"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_COMPRESSED_POINT), + "invalid compressed point"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_COMPRESSION_BIT), + "invalid compression bit"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_CURVE), "invalid curve"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_DIGEST), "invalid digest"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_DIGEST_TYPE), "invalid digest type"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_ENCODING), "invalid encoding"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_FIELD), "invalid field"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_FORM), "invalid form"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_GROUP_ORDER), "invalid group order"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_KEY), "invalid key"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_OUTPUT_LENGTH), + "invalid output length"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_PEER_KEY), "invalid peer key"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_PENTANOMIAL_BASIS), + "invalid pentanomial basis"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_PRIVATE_KEY), "invalid private key"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_TRINOMIAL_BASIS), + "invalid trinomial basis"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_KDF_PARAMETER_ERROR), "kdf parameter error"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_KEYS_NOT_SET), "keys not set"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_POST_FAILURE), "ladder post failure"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_PRE_FAILURE), "ladder pre failure"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_STEP_FAILURE), "ladder step failure"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_PARAMETERS), "missing parameters"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_PRIVATE_KEY), "missing private key"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_NEED_NEW_SETUP_VALUES), + "need new setup values"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_NOT_A_NIST_PRIME), "not a NIST prime"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_NOT_IMPLEMENTED), "not implemented"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_NOT_INITIALIZED), "not initialized"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_NO_PARAMETERS_SET), "no parameters set"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_NO_PRIVATE_VALUE), "no private value"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_OPERATION_NOT_SUPPORTED), + "operation not supported"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_PASSED_NULL_PARAMETER), + "passed null parameter"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_PEER_KEY_ERROR), "peer key error"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_PKPARAMETERS2GROUP_FAILURE), + "pkparameters2group failure"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_POINT_ARITHMETIC_FAILURE), + "point arithmetic failure"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_POINT_AT_INFINITY), "point at infinity"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_POINT_COORDINATES_BLIND_FAILURE), + "point coordinates blind failure"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_POINT_IS_NOT_ON_CURVE), + "point is not on curve"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_RANDOM_NUMBER_GENERATION_FAILED), + "random number generation failed"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_SHARED_INFO_ERROR), "shared info error"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_SLOT_FULL), "slot full"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNDEFINED_GENERATOR), "undefined generator"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNDEFINED_ORDER), "undefined order"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNKNOWN_COFACTOR), "unknown cofactor"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNKNOWN_GROUP), "unknown group"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNKNOWN_ORDER), "unknown order"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNSUPPORTED_FIELD), "unsupported field"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_WRONG_CURVE_PARAMETERS), + "wrong curve parameters"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_WRONG_ORDER), "wrong order"}, {0, NULL} }; @@ -282,10 +378,9 @@ static ERR_STRING_DATA EC_str_reasons[] = { int ERR_load_EC_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(EC_str_functs[0].error) == NULL) { - ERR_load_strings(0, EC_str_functs); - ERR_load_strings(0, EC_str_reasons); + ERR_load_strings_const(EC_str_functs); + ERR_load_strings_const(EC_str_reasons); } #endif return 1; diff --git a/deps/openssl/openssl/crypto/ec/ec_key.c b/deps/openssl/openssl/crypto/ec/ec_key.c index 462156f204e131..9349abf03079fe 100644 --- a/deps/openssl/openssl/crypto/ec/ec_key.c +++ b/deps/openssl/openssl/crypto/ec/ec_key.c @@ -1,5 +1,6 @@ /* * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,15 +8,10 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * Portions originally developed by SUN MICROSYSTEMS, INC., and - * contributed to the OpenSSL project. - */ - -#include +#include "internal/cryptlib.h" #include #include "ec_lcl.h" +#include "internal/refcount.h" #include #include @@ -49,7 +45,7 @@ void EC_KEY_free(EC_KEY *r) if (r == NULL) return; - CRYPTO_atomic_add(&r->references, -1, &i, r->lock); + CRYPTO_DOWN_REF(&r->references, &i, r->lock); REF_PRINT_COUNT("EC_KEY", r); if (i > 0) return; @@ -169,7 +165,7 @@ int EC_KEY_up_ref(EC_KEY *r) { int i; - if (CRYPTO_atomic_add(&r->references, 1, &i, r->lock) <= 0) + if (CRYPTO_UP_REF(&r->references, &i, r->lock) <= 0) return 0; REF_PRINT_COUNT("EC_KEY", r); @@ -177,6 +173,11 @@ int EC_KEY_up_ref(EC_KEY *r) return ((i > 1) ? 1 : 0); } +ENGINE *EC_KEY_get0_engine(const EC_KEY *eckey) +{ + return eckey->engine; +} + int EC_KEY_generate_key(EC_KEY *eckey) { if (eckey == NULL || eckey->group == NULL) { @@ -191,7 +192,6 @@ int EC_KEY_generate_key(EC_KEY *eckey) int ossl_ec_key_gen(EC_KEY *eckey) { - OPENSSL_assert(eckey->group->meth->keygen != NULL); return eckey->group->meth->keygen(eckey); } @@ -218,7 +218,7 @@ int ec_key_simple_generate_key(EC_KEY *eckey) goto err; do - if (!BN_rand_range(priv_key, order)) + if (!BN_priv_rand_range(priv_key, order)) goto err; while (BN_is_zero(priv_key)) ; @@ -341,9 +341,6 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *tx, *ty; EC_POINT *point = NULL; int ok = 0; -#ifndef OPENSSL_NO_EC2M - int tmp_nid, is_char_two = 0; -#endif if (key == NULL || key->group == NULL || x == NULL || y == NULL) { ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES, @@ -365,29 +362,11 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, if (ty == NULL) goto err; -#ifndef OPENSSL_NO_EC2M - tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(key->group)); - - if (tmp_nid == NID_X9_62_characteristic_two_field) - is_char_two = 1; + if (!EC_POINT_set_affine_coordinates(key->group, point, x, y, ctx)) + goto err; + if (!EC_POINT_get_affine_coordinates(key->group, point, tx, ty, ctx)) + goto err; - if (is_char_two) { - if (!EC_POINT_set_affine_coordinates_GF2m(key->group, point, - x, y, ctx)) - goto err; - if (!EC_POINT_get_affine_coordinates_GF2m(key->group, point, - tx, ty, ctx)) - goto err; - } else -#endif - { - if (!EC_POINT_set_affine_coordinates_GFp(key->group, point, - x, y, ctx)) - goto err; - if (!EC_POINT_get_affine_coordinates_GFp(key->group, point, - tx, ty, ctx)) - goto err; - } /* * Check if retrieved coordinates match originals and are less than field * order: if not values are out of range. @@ -613,12 +592,14 @@ size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf) { size_t len; unsigned char *buf; + len = EC_KEY_priv2oct(eckey, NULL, 0); if (len == 0) return 0; - buf = OPENSSL_malloc(len); - if (buf == NULL) + if ((buf = OPENSSL_malloc(len)) == NULL) { + ECerr(EC_F_EC_KEY_PRIV2BUF, ERR_R_MALLOC_FAILURE); return 0; + } len = EC_KEY_priv2oct(eckey, buf, len); if (len == 0) { OPENSSL_free(buf); diff --git a/deps/openssl/openssl/crypto/ec/ec_lcl.h b/deps/openssl/openssl/crypto/ec/ec_lcl.h index ca1776efdb1f72..e055ddab1c76e0 100644 --- a/deps/openssl/openssl/crypto/ec/ec_lcl.h +++ b/deps/openssl/openssl/crypto/ec/ec_lcl.h @@ -1,5 +1,6 @@ /* * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,27 +8,14 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * - * Portions of the attached software ("Contribution") are developed by - * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. - * - * The Contribution is licensed pursuant to the OpenSSL open source - * license provided above. - * - * The elliptic curve binary polynomial software is originally written by - * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. - * - */ - #include #include #include #include - -#include "e_os.h" +#include "internal/refcount.h" +#include "internal/ec_int.h" +#include "curve448/curve448_lcl.h" #if defined(__SUNPRO_C) # if __SUNPRO_C >= 0x520 @@ -62,8 +50,7 @@ struct ec_method_st { void (*group_finish) (EC_GROUP *); void (*group_clear_finish) (EC_GROUP *); int (*group_copy) (EC_GROUP *, const EC_GROUP *); - /* used by EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, */ - /* EC_GROUP_set_curve_GF2m, and EC_GROUP_get_curve_GF2m: */ + /* used by EC_GROUP_set_curve, EC_GROUP_get_curve: */ int (*group_set_curve) (EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); int (*group_get_curve) (const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, @@ -85,9 +72,9 @@ struct ec_method_st { * used by EC_POINT_set_to_infinity, * EC_POINT_set_Jprojective_coordinates_GFp, * EC_POINT_get_Jprojective_coordinates_GFp, - * EC_POINT_set_affine_coordinates_GFp, ..._GF2m, - * EC_POINT_get_affine_coordinates_GFp, ..._GF2m, - * EC_POINT_set_compressed_coordinates_GFp, ..._GF2m: + * EC_POINT_set_affine_coordinates, + * EC_POINT_get_affine_coordinates, + * EC_POINT_set_compressed_coordinates: */ int (*point_set_to_infinity) (const EC_GROUP *, EC_POINT *); int (*point_set_Jprojective_coordinates_GFp) (const EC_GROUP *, @@ -133,6 +120,23 @@ struct ec_method_st { * EC_POINT_have_precompute_mult (default implementations are used if the * 'mul' pointer is 0): */ + /*- + * mul() calculates the value + * + * r := generator * scalar + * + points[0] * scalars[0] + * + ... + * + points[num-1] * scalars[num-1]. + * + * For a fixed point multiplication (scalar != NULL, num == 0) + * or a variable point multiplication (scalar == NULL, num == 1), + * mul() must use a constant time algorithm: in both cases callers + * should provide an input scalar (either scalar or scalars[0]) + * in the range [0, ec_group_order); for robustness, implementers + * should handle the case when the scalar has not been reduced, but + * may treat it as an unusual input, without any constant-timeness + * guarantee. + */ int (*mul) (const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *); @@ -169,7 +173,19 @@ struct ec_method_st { /* custom ECDH operation */ int (*ecdh_compute_key)(unsigned char **pout, size_t *poutlen, const EC_POINT *pub_key, const EC_KEY *ecdh); + /* Inverse modulo order */ + int (*field_inverse_mod_ord)(const EC_GROUP *, BIGNUM *r, + const BIGNUM *x, BN_CTX *); int (*blind_coordinates)(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx); + int (*ladder_pre)(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx); + int (*ladder_step)(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx); + int (*ladder_post)(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx); }; /* @@ -262,7 +278,7 @@ struct ec_key_st { BIGNUM *priv_key; unsigned int enc_flag; point_conversion_form_t conv_form; - int references; + CRYPTO_REF_COUNT references; int flags; CRYPTO_EX_DATA ex_data; CRYPTO_RWLOCK *lock; @@ -284,7 +300,6 @@ struct ec_point_st { * special case */ }; - static ossl_inline int ec_point_is_compat(const EC_POINT *point, const EC_GROUP *group) { @@ -297,7 +312,6 @@ static ossl_inline int ec_point_is_compat(const EC_POINT *point, return 1; } - NISTP224_PRE_COMP *EC_nistp224_pre_comp_dup(NISTP224_PRE_COMP *); NISTP256_PRE_COMP *EC_nistp256_pre_comp_dup(NISTP256_PRE_COMP *); NISTP521_PRE_COMP *EC_nistp521_pre_comp_dup(NISTP521_PRE_COMP *); @@ -378,6 +392,15 @@ int ec_GFp_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); int ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx); +int ec_GFp_simple_ladder_pre(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx); +int ec_GFp_simple_ladder_step(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx); +int ec_GFp_simple_ladder_post(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx); /* method functions in ecp_mont.c */ int ec_GFp_mont_group_init(EC_GROUP *); @@ -455,14 +478,6 @@ int ec_GF2m_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, int ec_GF2m_simple_field_div(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); -/* method functions in ec2_mult.c */ -int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, size_t num, - const EC_POINT *points[], const BIGNUM *scalars[], - BN_CTX *); -int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx); -int ec_GF2m_have_precompute_mult(const EC_GROUP *group); - #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 /* method functions in ecp_nistp224.c */ int ec_GFp_nistp224_group_init(EC_GROUP *group); @@ -553,7 +568,6 @@ void ec_GFp_nistp_points_make_affine_internal(size_t num, void *point_array, void ec_GFp_nistp_recode_scalar_bits(unsigned char *sign, unsigned char *digit, unsigned char in); #endif -int ec_precompute_mont_data(EC_GROUP *); int ec_group_simple_order_bits(const EC_GROUP *group); #ifdef ECP_NISTZ256_ASM @@ -626,9 +640,88 @@ int ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len, int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, EC_KEY *eckey); +int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len, + const uint8_t public_key[32], const uint8_t private_key[32]); +int ED25519_verify(const uint8_t *message, size_t message_len, + const uint8_t signature[64], const uint8_t public_key[32]); +void ED25519_public_from_private(uint8_t out_public_key[32], + const uint8_t private_key[32]); + int X25519(uint8_t out_shared_key[32], const uint8_t private_key[32], const uint8_t peer_public_value[32]); void X25519_public_from_private(uint8_t out_public_value[32], const uint8_t private_key[32]); +/*- + * This functions computes a single point multiplication over the EC group, + * using, at a high level, a Montgomery ladder with conditional swaps, with + * various timing attack defenses. + * + * It performs either a fixed point multiplication + * (scalar * generator) + * when point is NULL, or a variable point multiplication + * (scalar * point) + * when point is not NULL. + * + * `scalar` cannot be NULL and should be in the range [0,n) otherwise all + * constant time bets are off (where n is the cardinality of the EC group). + * + * This function expects `group->order` and `group->cardinality` to be well + * defined and non-zero: it fails with an error code otherwise. + * + * NB: This says nothing about the constant-timeness of the ladder step + * implementation (i.e., the default implementation is based on EC_POINT_add and + * EC_POINT_dbl, which of course are not constant time themselves) or the + * underlying multiprecision arithmetic. + * + * The product is stored in `r`. + * + * This is an internal function: callers are in charge of ensuring that the + * input parameters `group`, `r`, `scalar` and `ctx` are not NULL. + * + * Returns 1 on success, 0 otherwise. + */ +int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r, + const BIGNUM *scalar, const EC_POINT *point, + BN_CTX *ctx); + int ec_point_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx); + +static ossl_inline int ec_point_ladder_pre(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx) +{ + if (group->meth->ladder_pre != NULL) + return group->meth->ladder_pre(group, r, s, p, ctx); + + if (!EC_POINT_copy(s, p) + || !EC_POINT_dbl(group, r, s, ctx)) + return 0; + + return 1; +} + +static ossl_inline int ec_point_ladder_step(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx) +{ + if (group->meth->ladder_step != NULL) + return group->meth->ladder_step(group, r, s, p, ctx); + + if (!EC_POINT_add(group, s, r, s, ctx) + || !EC_POINT_dbl(group, r, r, ctx)) + return 0; + + return 1; + +} + +static ossl_inline int ec_point_ladder_post(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx) +{ + if (group->meth->ladder_post != NULL) + return group->meth->ladder_post(group, r, s, p, ctx); + + return 1; +} diff --git a/deps/openssl/openssl/crypto/ec/ec_lib.c b/deps/openssl/openssl/crypto/ec/ec_lib.c index a7be03b627eecd..b89e3979d9dcb7 100644 --- a/deps/openssl/openssl/crypto/ec/ec_lib.c +++ b/deps/openssl/openssl/crypto/ec/ec_lib.c @@ -1,5 +1,6 @@ /* * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,12 +8,6 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * Binary polynomial ECC support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ - #include #include @@ -66,13 +61,13 @@ EC_GROUP *EC_GROUP_new(const EC_METHOD *meth) void EC_pre_comp_free(EC_GROUP *group) { switch (group->pre_comp_type) { - default: + case PCT_none: break; -#ifdef ECP_NISTZ256_REFERENCE_IMPLEMENTATION case PCT_nistz256: +#ifdef ECP_NISTZ256_ASM EC_nistz256_pre_comp_free(group->pre_comp.nistz256); - break; #endif + break; #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 case PCT_nistp224: EC_nistp224_pre_comp_free(group->pre_comp.nistp224); @@ -83,6 +78,11 @@ void EC_pre_comp_free(EC_GROUP *group) case PCT_nistp521: EC_nistp521_pre_comp_free(group->pre_comp.nistp521); break; +#else + case PCT_nistp224: + case PCT_nistp256: + case PCT_nistp521: + break; #endif case PCT_ec: EC_ec_pre_comp_free(group->pre_comp.ec); @@ -145,14 +145,14 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) /* Copy precomputed */ dest->pre_comp_type = src->pre_comp_type; switch (src->pre_comp_type) { - default: + case PCT_none: dest->pre_comp.ec = NULL; break; -#ifdef ECP_NISTZ256_REFERENCE_IMPLEMENTATION case PCT_nistz256: +#ifdef ECP_NISTZ256_ASM dest->pre_comp.nistz256 = EC_nistz256_pre_comp_dup(src->pre_comp.nistz256); - break; #endif + break; #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 case PCT_nistp224: dest->pre_comp.nistp224 = EC_nistp224_pre_comp_dup(src->pre_comp.nistp224); @@ -163,6 +163,11 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) case PCT_nistp521: dest->pre_comp.nistp521 = EC_nistp521_pre_comp_dup(src->pre_comp.nistp521); break; +#else + case PCT_nistp224: + case PCT_nistp256: + case PCT_nistp521: + break; #endif case PCT_ec: dest->pre_comp.ec = EC_ec_pre_comp_dup(src->pre_comp.ec); @@ -209,9 +214,10 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) if (src->seed) { OPENSSL_free(dest->seed); - dest->seed = OPENSSL_malloc(src->seed_len); - if (dest->seed == NULL) + if ((dest->seed = OPENSSL_malloc(src->seed_len)) == NULL) { + ECerr(EC_F_EC_GROUP_COPY, ERR_R_MALLOC_FAILURE); return 0; + } if (!memcpy(dest->seed, src->seed, src->seed_len)) return 0; dest->seed_len = src->seed_len; @@ -233,7 +239,7 @@ EC_GROUP *EC_GROUP_dup(const EC_GROUP *a) return NULL; if ((t = EC_GROUP_new(a->meth)) == NULL) - return (NULL); + return NULL; if (!EC_GROUP_copy(t, a)) goto err; @@ -257,6 +263,8 @@ int EC_METHOD_get_field_type(const EC_METHOD *meth) return meth->field_type; } +static int ec_precompute_mont_data(EC_GROUP *); + int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor) { @@ -326,7 +334,6 @@ const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group) int EC_GROUP_order_bits(const EC_GROUP *group) { - OPENSSL_assert(group->meth->group_order_bits != NULL); return group->meth->group_order_bits(group); } @@ -388,8 +395,10 @@ size_t EC_GROUP_set_seed(EC_GROUP *group, const unsigned char *p, size_t len) if (!len || !p) return 1; - if ((group->seed = OPENSSL_malloc(len)) == NULL) + if ((group->seed = OPENSSL_malloc(len)) == NULL) { + ECerr(EC_F_EC_GROUP_SET_SEED, ERR_R_MALLOC_FAILURE); return 0; + } memcpy(group->seed, p, len); group->seed_len = len; @@ -406,48 +415,52 @@ size_t EC_GROUP_get_seed_len(const EC_GROUP *group) return group->seed_len; } -int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, - const BIGNUM *b, BN_CTX *ctx) +int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx) { if (group->meth->group_set_curve == 0) { - ECerr(EC_F_EC_GROUP_SET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + ECerr(EC_F_EC_GROUP_SET_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } return group->meth->group_set_curve(group, p, a, b, ctx); } -int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, - BIGNUM *b, BN_CTX *ctx) +int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, + BN_CTX *ctx) { - if (group->meth->group_get_curve == 0) { - ECerr(EC_F_EC_GROUP_GET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + if (group->meth->group_get_curve == NULL) { + ECerr(EC_F_EC_GROUP_GET_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } return group->meth->group_get_curve(group, p, a, b, ctx); } -#ifndef OPENSSL_NO_EC2M +#if OPENSSL_API_COMPAT < 0x10200000L +int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx) +{ + return EC_GROUP_set_curve(group, p, a, b, ctx); +} + +int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, + BIGNUM *b, BN_CTX *ctx) +{ + return EC_GROUP_get_curve(group, p, a, b, ctx); +} + +# ifndef OPENSSL_NO_EC2M int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { - if (group->meth->group_set_curve == 0) { - ECerr(EC_F_EC_GROUP_SET_CURVE_GF2M, - ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - return group->meth->group_set_curve(group, p, a, b, ctx); + return EC_GROUP_set_curve(group, p, a, b, ctx); } int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx) { - if (group->meth->group_get_curve == 0) { - ECerr(EC_F_EC_GROUP_GET_CURVE_GF2M, - ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - return group->meth->group_get_curve(group, p, a, b, ctx); + return EC_GROUP_get_curve(group, p, a, b, ctx); } +# endif #endif int EC_GROUP_get_degree(const EC_GROUP *group) @@ -552,7 +565,7 @@ EC_POINT *EC_POINT_new(const EC_GROUP *group) ECerr(EC_F_EC_POINT_NEW, ERR_R_PASSED_NULL_PARAMETER); return NULL; } - if (group->meth->point_init == 0) { + if (group->meth->point_init == NULL) { ECerr(EC_F_EC_POINT_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return NULL; } @@ -624,7 +637,7 @@ EC_POINT *EC_POINT_dup(const EC_POINT *a, const EC_GROUP *group) t = EC_POINT_new(group); if (t == NULL) - return (NULL); + return NULL; r = EC_POINT_copy(t, a); if (!r) { EC_POINT_free(t); @@ -690,102 +703,83 @@ int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, y, z, ctx); } -int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, - EC_POINT *point, const BIGNUM *x, - const BIGNUM *y, BN_CTX *ctx) +int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *point, + const BIGNUM *x, const BIGNUM *y, + BN_CTX *ctx) { - if (group->meth->point_set_affine_coordinates == 0) { - ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, + if (group->meth->point_set_affine_coordinates == NULL) { + ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } if (!ec_point_is_compat(point, group)) { - ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, - EC_R_INCOMPATIBLE_OBJECTS); + ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES, EC_R_INCOMPATIBLE_OBJECTS); return 0; } if (!group->meth->point_set_affine_coordinates(group, point, x, y, ctx)) return 0; if (EC_POINT_is_on_curve(group, point, ctx) <= 0) { - ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, - EC_R_POINT_IS_NOT_ON_CURVE); + ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES, EC_R_POINT_IS_NOT_ON_CURVE); return 0; } return 1; } -#ifndef OPENSSL_NO_EC2M +#if OPENSSL_API_COMPAT < 0x10200000L +int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, + EC_POINT *point, const BIGNUM *x, + const BIGNUM *y, BN_CTX *ctx) +{ + return EC_POINT_set_affine_coordinates(group, point, x, y, ctx); +} + +# ifndef OPENSSL_NO_EC2M int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point, const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx) { - if (group->meth->point_set_affine_coordinates == 0) { - ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, - ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (!ec_point_is_compat(point, group)) { - ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, - EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - if (!group->meth->point_set_affine_coordinates(group, point, x, y, ctx)) - return 0; - - if (EC_POINT_is_on_curve(group, point, ctx) <= 0) { - ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, - EC_R_POINT_IS_NOT_ON_CURVE); - return 0; - } - return 1; + return EC_POINT_set_affine_coordinates(group, point, x, y, ctx); } +# endif #endif -int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, - const EC_POINT *point, BIGNUM *x, - BIGNUM *y, BN_CTX *ctx) +int EC_POINT_get_affine_coordinates(const EC_GROUP *group, + const EC_POINT *point, BIGNUM *x, BIGNUM *y, + BN_CTX *ctx) { - if (group->meth->point_get_affine_coordinates == 0) { - ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, + if (group->meth->point_get_affine_coordinates == NULL) { + ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } if (!ec_point_is_compat(point, group)) { - ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, - EC_R_INCOMPATIBLE_OBJECTS); + ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES, EC_R_INCOMPATIBLE_OBJECTS); return 0; } if (EC_POINT_is_at_infinity(group, point)) { - ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, - EC_R_POINT_AT_INFINITY); + ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES, EC_R_POINT_AT_INFINITY); return 0; } return group->meth->point_get_affine_coordinates(group, point, x, y, ctx); } -#ifndef OPENSSL_NO_EC2M +#if OPENSSL_API_COMPAT < 0x10200000L +int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, + const EC_POINT *point, BIGNUM *x, + BIGNUM *y, BN_CTX *ctx) +{ + return EC_POINT_get_affine_coordinates(group, point, x, y, ctx); +} + +# ifndef OPENSSL_NO_EC2M int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, const EC_POINT *point, BIGNUM *x, BIGNUM *y, BN_CTX *ctx) { - if (group->meth->point_get_affine_coordinates == 0) { - ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, - ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (!ec_point_is_compat(point, group)) { - ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, - EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - if (EC_POINT_is_at_infinity(group, point)) { - ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, - EC_R_POINT_AT_INFINITY); - return 0; - } - return group->meth->point_get_affine_coordinates(group, point, x, y, ctx); + return EC_POINT_get_affine_coordinates(group, point, x, y, ctx); } +# endif #endif int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, @@ -920,11 +914,38 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx) { - if (group->meth->mul == 0) + int ret = 0; + size_t i = 0; + BN_CTX *new_ctx = NULL; + + if ((scalar == NULL) && (num == 0)) { + return EC_POINT_set_to_infinity(group, r); + } + + if (!ec_point_is_compat(r, group)) { + ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS); + return 0; + } + for (i = 0; i < num; i++) { + if (!ec_point_is_compat(points[i], group)) { + ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS); + return 0; + } + } + + if (ctx == NULL && (ctx = new_ctx = BN_CTX_secure_new()) == NULL) { + ECerr(EC_F_EC_POINTS_MUL, ERR_R_INTERNAL_ERROR); + return 0; + } + + if (group->meth->mul != NULL) + ret = group->meth->mul(group, r, scalar, num, points, scalars, ctx); + else /* use default */ - return ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); + ret = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); - return group->meth->mul(group, r, scalar, num, points, scalars, ctx); + BN_CTX_free(new_ctx); + return ret; } int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, @@ -972,7 +993,7 @@ int EC_GROUP_have_precompute_mult(const EC_GROUP *group) * ec_precompute_mont_data sets |group->mont_data| from |group->order| and * returns one on success. On error it returns zero. */ -int ec_precompute_mont_data(EC_GROUP *group) +static int ec_precompute_mont_data(EC_GROUP *group) { BN_CTX *ctx = BN_CTX_new(); int ret = 0; @@ -1018,6 +1039,69 @@ int ec_group_simple_order_bits(const EC_GROUP *group) return BN_num_bits(group->order); } +static int ec_field_inverse_mod_ord(const EC_GROUP *group, BIGNUM *r, + const BIGNUM *x, BN_CTX *ctx) +{ + BIGNUM *e = NULL; + BN_CTX *new_ctx = NULL; + int ret = 0; + + if (group->mont_data == NULL) + return 0; + + if (ctx == NULL && (ctx = new_ctx = BN_CTX_secure_new()) == NULL) + return 0; + + BN_CTX_start(ctx); + if ((e = BN_CTX_get(ctx)) == NULL) + goto err; + + /*- + * We want inverse in constant time, therefore we utilize the fact + * order must be prime and use Fermats Little Theorem instead. + */ + if (!BN_set_word(e, 2)) + goto err; + if (!BN_sub(e, group->order, e)) + goto err; + /*- + * Exponent e is public. + * No need for scatter-gather or BN_FLG_CONSTTIME. + */ + if (!BN_mod_exp_mont(r, x, e, group->order, ctx, group->mont_data)) + goto err; + + ret = 1; + + err: + if (ctx != NULL) + BN_CTX_end(ctx); + BN_CTX_free(new_ctx); + return ret; +} + +/*- + * Default behavior, if group->meth->field_inverse_mod_ord is NULL: + * - When group->order is even, this function returns an error. + * - When group->order is otherwise composite, the correctness + * of the output is not guaranteed. + * - When x is outside the range [1, group->order), the correctness + * of the output is not guaranteed. + * - Otherwise, this function returns the multiplicative inverse in the + * range [1, group->order). + * + * EC_METHODs must implement their own field_inverse_mod_ord for + * other functionality. + */ +int ec_group_do_inverse_ord(const EC_GROUP *group, BIGNUM *res, + const BIGNUM *x, BN_CTX *ctx) +{ + if (group->meth->field_inverse_mod_ord != NULL) + return group->meth->field_inverse_mod_ord(group, res, x, ctx); + else + return ec_field_inverse_mod_ord(group, res, x, ctx); +} + /*- * Coordinate blinding for EC_POINT. * diff --git a/deps/openssl/openssl/crypto/ec/ec_mult.c b/deps/openssl/openssl/crypto/ec/ec_mult.c index 22bb30ffa1bc82..0e0a5e1394affb 100644 --- a/deps/openssl/openssl/crypto/ec/ec_mult.c +++ b/deps/openssl/openssl/crypto/ec/ec_mult.c @@ -1,5 +1,6 @@ /* * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,18 +8,13 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * Portions of this software developed by SUN MICROSYSTEMS, INC., - * and contributed to the OpenSSL project. - */ - #include #include #include "internal/cryptlib.h" #include "internal/bn_int.h" #include "ec_lcl.h" +#include "internal/refcount.h" /* * This file implements the wNAF-based interleaving multi-exponentiation method @@ -42,7 +38,7 @@ struct ec_pre_comp_st { * generator: 'num' pointers to EC_POINT * objects followed by a NULL */ size_t num; /* numblocks * 2^(w-1) */ - int references; + CRYPTO_REF_COUNT references; CRYPTO_RWLOCK *lock; }; @@ -77,7 +73,7 @@ EC_PRE_COMP *EC_ec_pre_comp_dup(EC_PRE_COMP *pre) { int i; if (pre != NULL) - CRYPTO_atomic_add(&pre->references, 1, &i, pre->lock); + CRYPTO_UP_REF(&pre->references, &i, pre->lock); return pre; } @@ -88,7 +84,7 @@ void EC_ec_pre_comp_free(EC_PRE_COMP *pre) if (pre == NULL) return; - CRYPTO_atomic_add(&pre->references, -1, &i, pre->lock); + CRYPTO_DOWN_REF(&pre->references, &i, pre->lock); REF_PRINT_COUNT("EC_ec", pre); if (i > 0) return; @@ -112,62 +108,95 @@ void EC_ec_pre_comp_free(EC_PRE_COMP *pre) } while(0) /*- - * This functions computes (in constant time) a point multiplication over the - * EC group. + * This functions computes a single point multiplication over the EC group, + * using, at a high level, a Montgomery ladder with conditional swaps, with + * various timing attack defenses. * - * At a high level, it is Montgomery ladder with conditional swaps. - * - * It performs either a fixed scalar point multiplication + * It performs either a fixed point multiplication * (scalar * generator) - * when point is NULL, or a generic scalar point multiplication + * when point is NULL, or a variable point multiplication * (scalar * point) * when point is not NULL. * - * scalar should be in the range [0,n) otherwise all constant time bets are off. + * `scalar` cannot be NULL and should be in the range [0,n) otherwise all + * constant time bets are off (where n is the cardinality of the EC group). + * + * This function expects `group->order` and `group->cardinality` to be well + * defined and non-zero: it fails with an error code otherwise. * - * NB: This says nothing about EC_POINT_add and EC_POINT_dbl, - * which of course are not constant time themselves. + * NB: This says nothing about the constant-timeness of the ladder step + * implementation (i.e., the default implementation is based on EC_POINT_add and + * EC_POINT_dbl, which of course are not constant time themselves) or the + * underlying multiprecision arithmetic. * - * The product is stored in r. + * The product is stored in `r`. + * + * This is an internal function: callers are in charge of ensuring that the + * input parameters `group`, `r`, `scalar` and `ctx` are not NULL. * * Returns 1 on success, 0 otherwise. */ -static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, const EC_POINT *point, - BN_CTX *ctx) +int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r, + const BIGNUM *scalar, const EC_POINT *point, + BN_CTX *ctx) { int i, cardinality_bits, group_top, kbit, pbit, Z_is_one; + EC_POINT *p = NULL; EC_POINT *s = NULL; BIGNUM *k = NULL; BIGNUM *lambda = NULL; BIGNUM *cardinality = NULL; - BN_CTX *new_ctx = NULL; int ret = 0; - if (ctx == NULL && (ctx = new_ctx = BN_CTX_secure_new()) == NULL) + /* early exit if the input point is the point at infinity */ + if (point != NULL && EC_POINT_is_at_infinity(group, point)) + return EC_POINT_set_to_infinity(group, r); + + if (BN_is_zero(group->order)) { + ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_UNKNOWN_ORDER); return 0; + } + if (BN_is_zero(group->cofactor)) { + ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_UNKNOWN_COFACTOR); + return 0; + } BN_CTX_start(ctx); - s = EC_POINT_new(group); - if (s == NULL) + if (((p = EC_POINT_new(group)) == NULL) + || ((s = EC_POINT_new(group)) == NULL)) { + ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_MALLOC_FAILURE); goto err; + } if (point == NULL) { - if (!EC_POINT_copy(s, group->generator)) + if (!EC_POINT_copy(p, group->generator)) { + ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_EC_LIB); goto err; + } } else { - if (!EC_POINT_copy(s, point)) + if (!EC_POINT_copy(p, point)) { + ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_EC_LIB); goto err; + } } + EC_POINT_BN_set_flags(p, BN_FLG_CONSTTIME); + EC_POINT_BN_set_flags(r, BN_FLG_CONSTTIME); EC_POINT_BN_set_flags(s, BN_FLG_CONSTTIME); cardinality = BN_CTX_get(ctx); lambda = BN_CTX_get(ctx); k = BN_CTX_get(ctx); - if (k == NULL || !BN_mul(cardinality, group->order, group->cofactor, ctx)) + if (k == NULL) { + ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_MALLOC_FAILURE); goto err; + } + + if (!BN_mul(cardinality, group->order, group->cofactor, ctx)) { + ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB); + goto err; + } /* * Group cardinalities are often on a word boundary. @@ -177,12 +206,16 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r, */ cardinality_bits = BN_num_bits(cardinality); group_top = bn_get_top(cardinality); - if ((bn_wexpand(k, group_top + 1) == NULL) - || (bn_wexpand(lambda, group_top + 1) == NULL)) + if ((bn_wexpand(k, group_top + 2) == NULL) + || (bn_wexpand(lambda, group_top + 2) == NULL)) { + ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB); goto err; + } - if (!BN_copy(k, scalar)) + if (!BN_copy(k, scalar)) { + ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB); goto err; + } BN_set_flags(k, BN_FLG_CONSTTIME); @@ -191,21 +224,27 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r, * this is an unusual input, and we don't guarantee * constant-timeness */ - if (!BN_nnmod(k, k, cardinality, ctx)) + if (!BN_nnmod(k, k, cardinality, ctx)) { + ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB); goto err; + } } - if (!BN_add(lambda, k, cardinality)) + if (!BN_add(lambda, k, cardinality)) { + ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB); goto err; + } BN_set_flags(lambda, BN_FLG_CONSTTIME); - if (!BN_add(k, lambda, cardinality)) + if (!BN_add(k, lambda, cardinality)) { + ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB); goto err; + } /* * lambda := scalar + cardinality * k := scalar + 2*cardinality */ kbit = BN_is_bit_set(lambda, cardinality_bits); - BN_consttime_swap(kbit, k, lambda, group_top + 1); + BN_consttime_swap(kbit, k, lambda, group_top + 2); group_top = bn_get_top(group->field); if ((bn_wexpand(s->X, group_top) == NULL) @@ -213,8 +252,13 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r, || (bn_wexpand(s->Z, group_top) == NULL) || (bn_wexpand(r->X, group_top) == NULL) || (bn_wexpand(r->Y, group_top) == NULL) - || (bn_wexpand(r->Z, group_top) == NULL)) + || (bn_wexpand(r->Z, group_top) == NULL) + || (bn_wexpand(p->X, group_top) == NULL) + || (bn_wexpand(p->Y, group_top) == NULL) + || (bn_wexpand(p->Z, group_top) == NULL)) { + ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB); goto err; + } /*- * Apply coordinate blinding for EC_POINT. @@ -224,19 +268,19 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r, * success or if coordinate blinding is not implemented for this * group. */ - if (!ec_point_blind_coordinates(group, s, ctx)) + if (!ec_point_blind_coordinates(group, p, ctx)) { + ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_POINT_COORDINATES_BLIND_FAILURE); goto err; + } - /* top bit is a 1, in a fixed pos */ - if (!EC_POINT_copy(r, s)) - goto err; - - EC_POINT_BN_set_flags(r, BN_FLG_CONSTTIME); - - if (!EC_POINT_dbl(group, s, s, ctx)) + /* Initialize the Montgomery ladder */ + if (!ec_point_ladder_pre(group, r, s, p, ctx)) { + ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_LADDER_PRE_FAILURE); goto err; + } - pbit = 0; + /* top bit is a 1, in a fixed pos */ + pbit = 1; #define EC_POINT_CSWAP(c, a, b, w, t) do { \ BN_consttime_swap(c, (a)->X, (b)->X, w); \ @@ -308,10 +352,12 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r, for (i = cardinality_bits - 1; i >= 0; i--) { kbit = BN_is_bit_set(k, i) ^ pbit; EC_POINT_CSWAP(kbit, r, s, group_top, Z_is_one); - if (!EC_POINT_add(group, s, r, s, ctx)) - goto err; - if (!EC_POINT_dbl(group, r, r, ctx)) + + /* Perform a single step of the Montgomery ladder */ + if (!ec_point_ladder_step(group, r, s, p, ctx)) { + ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_LADDER_STEP_FAILURE); goto err; + } /* * pbit logic merges this cswap with that of the * next iteration @@ -322,12 +368,18 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r, EC_POINT_CSWAP(pbit, r, s, group_top, Z_is_one); #undef EC_POINT_CSWAP + /* Finalize ladder (and recover full point coordinates) */ + if (!ec_point_ladder_post(group, r, s, p, ctx)) { + ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_LADDER_POST_FAILURE); + goto err; + } + ret = 1; err: + EC_POINT_free(p); EC_POINT_free(s); BN_CTX_end(ctx); - BN_CTX_free(new_ctx); return ret; } @@ -359,7 +411,6 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx) { - BN_CTX *new_ctx = NULL; const EC_POINT *generator = NULL; EC_POINT *tmp = NULL; size_t totalnum; @@ -384,56 +435,35 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, * precomputation is not available */ int ret = 0; - if (!ec_point_is_compat(r, group)) { - ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - - if ((scalar == NULL) && (num == 0)) { - return EC_POINT_set_to_infinity(group, r); - } - if (!BN_is_zero(group->order) && !BN_is_zero(group->cofactor)) { /*- - * Handle the common cases where the scalar is secret, enforcing a constant - * time scalar multiplication algorithm. + * Handle the common cases where the scalar is secret, enforcing a + * scalar multiplication implementation based on a Montgomery ladder, + * with various timing attack defenses. */ if ((scalar != NULL) && (num == 0)) { /*- * In this case we want to compute scalar * GeneratorPoint: this - * codepath is reached most prominently by (ephemeral) key generation - * of EC cryptosystems (i.e. ECDSA keygen and sign setup, ECDH - * keygen/first half), where the scalar is always secret. This is why - * we ignore if BN_FLG_CONSTTIME is actually set and we always call the - * constant time version. + * codepath is reached most prominently by (ephemeral) key + * generation of EC cryptosystems (i.e. ECDSA keygen and sign setup, + * ECDH keygen/first half), where the scalar is always secret. This + * is why we ignore if BN_FLG_CONSTTIME is actually set and we + * always call the ladder version. */ - return ec_mul_consttime(group, r, scalar, NULL, ctx); + return ec_scalar_mul_ladder(group, r, scalar, NULL, ctx); } if ((scalar == NULL) && (num == 1)) { /*- - * In this case we want to compute scalar * GenericPoint: this codepath - * is reached most prominently by the second half of ECDH, where the - * secret scalar is multiplied by the peer's public point. To protect - * the secret scalar, we ignore if BN_FLG_CONSTTIME is actually set and - * we always call the constant time version. + * In this case we want to compute scalar * VariablePoint: this + * codepath is reached most prominently by the second half of ECDH, + * where the secret scalar is multiplied by the peer's public point. + * To protect the secret scalar, we ignore if BN_FLG_CONSTTIME is + * actually set and we always call the ladder version. */ - return ec_mul_consttime(group, r, scalars[0], points[0], ctx); - } - } - - for (i = 0; i < num; i++) { - if (!ec_point_is_compat(points[i], group)) { - ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS); - return 0; + return ec_scalar_mul_ladder(group, r, scalars[0], points[0], ctx); } } - if (ctx == NULL) { - ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) - goto err; - } - if (scalar != NULL) { generator = EC_GROUP_get0_generator(group); if (generator == NULL) { @@ -740,7 +770,6 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, ret = 1; err: - BN_CTX_free(new_ctx); EC_POINT_free(tmp); OPENSSL_free(wsize); OPENSSL_free(wNAF_len); diff --git a/deps/openssl/openssl/crypto/ec/ec_oct.c b/deps/openssl/openssl/crypto/ec/ec_oct.c index e185df6edfd531..522f79e67360d7 100644 --- a/deps/openssl/openssl/crypto/ec/ec_oct.c +++ b/deps/openssl/openssl/crypto/ec/ec_oct.c @@ -1,5 +1,6 @@ /* * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,12 +8,6 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * Binary polynomial ECC support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ - #include #include @@ -20,18 +15,17 @@ #include "ec_lcl.h" -int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, - EC_POINT *point, const BIGNUM *x, - int y_bit, BN_CTX *ctx) +int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point, + const BIGNUM *x, int y_bit, BN_CTX *ctx) { - if (group->meth->point_set_compressed_coordinates == 0 + if (group->meth->point_set_compressed_coordinates == NULL && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) { - ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, + ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } if (!ec_point_is_compat(point, group)) { - ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, + ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -42,7 +36,7 @@ int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, else #ifdef OPENSSL_NO_EC2M { - ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, + ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES, EC_R_GF2M_NOT_SUPPORTED); return 0; } @@ -55,33 +49,22 @@ int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, y_bit, ctx); } -#ifndef OPENSSL_NO_EC2M +#if OPENSSL_API_COMPAT < 0x10200000L +int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, + EC_POINT *point, const BIGNUM *x, + int y_bit, BN_CTX *ctx) +{ + return EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx); +} + +# ifndef OPENSSL_NO_EC2M int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point, const BIGNUM *x, int y_bit, BN_CTX *ctx) { - if (group->meth->point_set_compressed_coordinates == 0 - && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) { - ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, - ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (!ec_point_is_compat(point, group)) { - ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, - EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) { - if (group->meth->field_type == NID_X9_62_prime_field) - return ec_GFp_simple_set_compressed_coordinates(group, point, x, - y_bit, ctx); - else - return ec_GF2m_simple_set_compressed_coordinates(group, point, x, - y_bit, ctx); - } - return group->meth->point_set_compressed_coordinates(group, point, x, - y_bit, ctx); + return EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx); } +# endif #endif size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point, @@ -149,12 +132,14 @@ size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point, { size_t len; unsigned char *buf; + len = EC_POINT_point2oct(group, point, form, NULL, 0, NULL); if (len == 0) return 0; - buf = OPENSSL_malloc(len); - if (buf == NULL) + if ((buf = OPENSSL_malloc(len)) == NULL) { + ECerr(EC_F_EC_POINT_POINT2BUF, ERR_R_MALLOC_FAILURE); return 0; + } len = EC_POINT_point2oct(group, point, form, buf, len, ctx); if (len == 0) { OPENSSL_free(buf); diff --git a/deps/openssl/openssl/crypto/ec/ec_pmeth.c b/deps/openssl/openssl/crypto/ec/ec_pmeth.c index 68ff2bbccf45f4..f4ad0749ef4586 100644 --- a/deps/openssl/openssl/crypto/ec/ec_pmeth.c +++ b/deps/openssl/openssl/crypto/ec/ec_pmeth.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -42,9 +42,10 @@ static int pkey_ec_init(EVP_PKEY_CTX *ctx) { EC_PKEY_CTX *dctx; - dctx = OPENSSL_zalloc(sizeof(*dctx)); - if (dctx == NULL) + if ((dctx = OPENSSL_zalloc(sizeof(*dctx))) == NULL) { + ECerr(EC_F_PKEY_EC_INIT, ERR_R_MALLOC_FAILURE); return 0; + } dctx->cofactor_mode = -1; dctx->kdf_type = EVP_PKEY_ECDH_KDF_NONE; @@ -87,11 +88,12 @@ static int pkey_ec_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) static void pkey_ec_cleanup(EVP_PKEY_CTX *ctx) { EC_PKEY_CTX *dctx = ctx->data; - if (dctx) { + if (dctx != NULL) { EC_GROUP_free(dctx->gen_group); EC_KEY_free(dctx->co_key); OPENSSL_free(dctx->kdf_ukm); OPENSSL_free(dctx); + ctx->data = NULL; } } @@ -102,19 +104,23 @@ static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, unsigned int sltmp; EC_PKEY_CTX *dctx = ctx->data; EC_KEY *ec = ctx->pkey->pkey.ec; + const int sig_sz = ECDSA_size(ec); + + /* ensure cast to size_t is safe */ + if (!ossl_assert(sig_sz > 0)) + return 0; - if (!sig) { - *siglen = ECDSA_size(ec); + if (sig == NULL) { + *siglen = (size_t)sig_sz; return 1; - } else if (*siglen < (size_t)ECDSA_size(ec)) { + } + + if (*siglen < (size_t)sig_sz) { ECerr(EC_F_PKEY_EC_SIGN, EC_R_BUFFER_TOO_SMALL); return 0; } - if (dctx->md) - type = EVP_MD_type(dctx->md); - else - type = NID_sha1; + type = (dctx->md != NULL) ? EVP_MD_type(dctx->md) : NID_sha1; ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec); @@ -143,8 +149,7 @@ static int pkey_ec_verify(EVP_PKEY_CTX *ctx, } #ifndef OPENSSL_NO_EC -static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, - size_t *keylen) +static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) { int ret; size_t outlen; @@ -197,13 +202,14 @@ static int pkey_ec_kdf_derive(EVP_PKEY_CTX *ctx, return 0; if (!pkey_ec_derive(ctx, NULL, &ktmplen)) return 0; - ktmp = OPENSSL_malloc(ktmplen); - if (ktmp == NULL) + if ((ktmp = OPENSSL_malloc(ktmplen)) == NULL) { + ECerr(EC_F_PKEY_EC_KDF_DERIVE, ERR_R_MALLOC_FAILURE); return 0; + } if (!pkey_ec_derive(ctx, ktmp, &ktmplen)) goto err; /* Do KDF stuff */ - if (!ECDH_KDF_X9_62(key, *keylen, ktmp, ktmplen, + if (!ecdh_KDF_X9_63(key, *keylen, ktmp, ktmplen, dctx->kdf_ukm, dctx->kdf_ukmlen, dctx->kdf_md)) goto err; rv = 1; @@ -244,8 +250,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) return dctx->cofactor_mode; else { EC_KEY *ec_key = ctx->pkey->pkey.ec; - return EC_KEY_get_flags(ec_key) & EC_FLAG_COFACTOR_ECDH ? 1 : - 0; + return EC_KEY_get_flags(ec_key) & EC_FLAG_COFACTOR_ECDH ? 1 : 0; } } else if (p1 < -1 || p1 > 1) return -2; @@ -276,7 +281,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) case EVP_PKEY_CTRL_EC_KDF_TYPE: if (p1 == -2) return dctx->kdf_type; - if (p1 != EVP_PKEY_ECDH_KDF_NONE && p1 != EVP_PKEY_ECDH_KDF_X9_62) + if (p1 != EVP_PKEY_ECDH_KDF_NONE && p1 != EVP_PKEY_ECDH_KDF_X9_63) return -2; dctx->kdf_type = p1; return 1; @@ -386,7 +391,8 @@ static int pkey_ec_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { EC_KEY *ec = NULL; EC_PKEY_CTX *dctx = ctx->data; - int ret = 0; + int ret; + if (dctx->gen_group == NULL) { ECerr(EC_F_PKEY_EC_PARAMGEN, EC_R_NO_PARAMETERS_SET); return 0; @@ -394,10 +400,8 @@ static int pkey_ec_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) ec = EC_KEY_new(); if (ec == NULL) return 0; - ret = EC_KEY_set_group(ec, dctx->gen_group); - if (ret) - EVP_PKEY_assign_EC_KEY(pkey, ec); - else + if (!(ret = EC_KEY_set_group(ec, dctx->gen_group)) + || !ossl_assert(ret = EVP_PKEY_assign_EC_KEY(pkey, ec))) EC_KEY_free(ec); return ret; } @@ -406,23 +410,26 @@ static int pkey_ec_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { EC_KEY *ec = NULL; EC_PKEY_CTX *dctx = ctx->data; + int ret; + if (ctx->pkey == NULL && dctx->gen_group == NULL) { ECerr(EC_F_PKEY_EC_KEYGEN, EC_R_NO_PARAMETERS_SET); return 0; } ec = EC_KEY_new(); - if (!ec) + if (ec == NULL) + return 0; + if (!ossl_assert(EVP_PKEY_assign_EC_KEY(pkey, ec))) { + EC_KEY_free(ec); return 0; - EVP_PKEY_assign_EC_KEY(pkey, ec); - if (ctx->pkey) { - /* Note: if error return, pkey is freed by parent routine */ - if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey)) - return 0; - } else { - if (!EC_KEY_set_group(ec, dctx->gen_group)) - return 0; } - return EC_KEY_generate_key(pkey->pkey.ec); + /* Note: if error is returned, we count on caller to free pkey->pkey.ec */ + if (ctx->pkey != NULL) + ret = EVP_PKEY_copy_parameters(pkey, ctx->pkey); + else + ret = EC_KEY_set_group(ec, dctx->gen_group); + + return ret ? EC_KEY_generate_key(ec) : 0; } const EVP_PKEY_METHOD ec_pkey_meth = { @@ -448,9 +455,11 @@ const EVP_PKEY_METHOD ec_pkey_meth = { 0, 0, 0, 0, - 0, 0, + 0, + 0, - 0, 0, + 0, + 0, 0, #ifndef OPENSSL_NO_EC diff --git a/deps/openssl/openssl/crypto/ec/ec_print.c b/deps/openssl/openssl/crypto/ec/ec_print.c index 1afa2ce875a7e4..027a51928aab85 100644 --- a/deps/openssl/openssl/crypto/ec/ec_print.c +++ b/deps/openssl/openssl/crypto/ec/ec_print.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,6 +8,7 @@ */ #include +#include #include "ec_lcl.h" BIGNUM *EC_POINT_point2bn(const EC_GROUP *group, @@ -39,9 +40,10 @@ EC_POINT *EC_POINT_bn2point(const EC_GROUP *group, if ((buf_len = BN_num_bytes(bn)) == 0) return NULL; - buf = OPENSSL_malloc(buf_len); - if (buf == NULL) + if ((buf = OPENSSL_malloc(buf_len)) == NULL) { + ECerr(EC_F_EC_POINT_BN2POINT, ERR_R_MALLOC_FAILURE); return NULL; + } if (!BN_bn2bin(bn, buf)) { OPENSSL_free(buf); diff --git a/deps/openssl/openssl/crypto/ec/ecdh_kdf.c b/deps/openssl/openssl/crypto/ec/ecdh_kdf.c index d47486eb346da2..d686f9d897df1a 100644 --- a/deps/openssl/openssl/crypto/ec/ecdh_kdf.c +++ b/deps/openssl/openssl/crypto/ec/ecdh_kdf.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,12 +10,13 @@ #include #include #include +#include "ec_lcl.h" -/* Key derivation function from X9.62/SECG */ +/* Key derivation function from X9.63/SECG */ /* Way more than we will ever need */ #define ECDH_KDF_MAX (1 << 30) -int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, +int ecdh_KDF_X9_63(unsigned char *out, size_t outlen, const unsigned char *Z, size_t Zlen, const unsigned char *sinfo, size_t sinfolen, const EVP_MD *md) @@ -66,3 +67,15 @@ int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, EVP_MD_CTX_free(mctx); return rv; } + +/*- + * The old name for ecdh_KDF_X9_63 + * Retained for ABI compatibility + */ +int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, + const unsigned char *Z, size_t Zlen, + const unsigned char *sinfo, size_t sinfolen, + const EVP_MD *md) +{ + return ecdh_KDF_X9_63(out, outlen, Z, Zlen, sinfo, sinfolen, md); +} diff --git a/deps/openssl/openssl/crypto/ec/ecdh_ossl.c b/deps/openssl/openssl/crypto/ec/ecdh_ossl.c index a865145974d14f..bd93793a180a31 100644 --- a/deps/openssl/openssl/crypto/ec/ecdh_ossl.c +++ b/deps/openssl/openssl/crypto/ec/ecdh_ossl.c @@ -1,5 +1,6 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,21 +8,6 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * - * The Elliptic Curve Public-Key Crypto Library (ECC Code) included - * herein is developed by SUN MICROSYSTEMS, INC., and is contributed - * to the OpenSSL project. - * - * The ECC Code is licensed pursuant to the OpenSSL open source - * license provided below. - * - * The ECDH software is originally written by Douglas Stebila of - * Sun Microsystems Laboratories. - * - */ - #include #include @@ -54,7 +40,7 @@ int ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen, { BN_CTX *ctx; EC_POINT *tmp = NULL; - BIGNUM *x = NULL, *y = NULL; + BIGNUM *x = NULL; const BIGNUM *priv_key; const EC_GROUP *group; int ret = 0; @@ -65,8 +51,7 @@ int ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen, goto err; BN_CTX_start(ctx); x = BN_CTX_get(ctx); - y = BN_CTX_get(ctx); - if (y == NULL) { + if (x == NULL) { ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); goto err; } @@ -98,21 +83,10 @@ int ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen, goto err; } - if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == - NID_X9_62_prime_field) { - if (!EC_POINT_get_affine_coordinates_GFp(group, tmp, x, y, ctx)) { - ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, EC_R_POINT_ARITHMETIC_FAILURE); - goto err; - } - } -#ifndef OPENSSL_NO_EC2M - else { - if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp, x, y, ctx)) { - ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, EC_R_POINT_ARITHMETIC_FAILURE); - goto err; - } + if (!EC_POINT_get_affine_coordinates(group, tmp, x, NULL, ctx)) { + ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, EC_R_POINT_ARITHMETIC_FAILURE); + goto err; } -#endif buflen = (EC_GROUP_get_degree(group) + 7) / 8; len = BN_num_bytes(x); diff --git a/deps/openssl/openssl/crypto/ec/ecdsa_ossl.c b/deps/openssl/openssl/crypto/ec/ecdsa_ossl.c index 9e4a68d9ca35cf..e35c7600d8668d 100644 --- a/deps/openssl/openssl/crypto/ec/ecdsa_ossl.c +++ b/deps/openssl/openssl/crypto/ec/ecdsa_ossl.c @@ -19,7 +19,7 @@ int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen, const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey) { ECDSA_SIG *s; - RAND_seed(dgst, dlen); + s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey); if (s == NULL) { *siglen = 0; @@ -91,7 +91,7 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, goto err; } } else { - if (!BN_rand_range(k, order)) { + if (!BN_priv_rand_range(k, order)) { ECerr(EC_F_ECDSA_SIGN_SETUP, EC_R_RANDOM_NUMBER_GENERATION_FAILED); goto err; @@ -99,45 +99,17 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, } } while (BN_is_zero(k)); - /* - * We do not want timing information to leak the length of k, so we - * compute G*k using an equivalent scalar of fixed bit-length. - * - * We unconditionally perform both of these additions to prevent a - * small timing information leakage. We then choose the sum that is - * one bit longer than the order. This guarantees the code - * path used in the constant time implementations elsewhere. - * - * TODO: revisit the BN_copy aiming for a memory access agnostic - * conditional copy. - */ - if (!BN_add(r, k, order) - || !BN_add(X, r, order) - || !BN_copy(k, BN_num_bits(r) > order_bits ? r : X)) - goto err; - /* compute r the x-coordinate of generator * k */ if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) { ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); goto err; } - if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == - NID_X9_62_prime_field) { - if (!EC_POINT_get_affine_coordinates_GFp(group, tmp_point, X, - NULL, ctx)) { - ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); - goto err; - } - } -#ifndef OPENSSL_NO_EC2M - else { /* NID_X9_62_characteristic_two_field */ - if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp_point, X, - NULL, ctx)) { - ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); - goto err; - } + + if (!EC_POINT_get_affine_coordinates(group, tmp_point, X, NULL, ctx)) { + ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); + goto err; } -#endif + if (!BN_nnmod(r, X, order, ctx)) { ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); goto err; @@ -145,30 +117,9 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, } while (BN_is_zero(r)); /* compute the inverse of k */ - if (EC_GROUP_get_mont_data(group) != NULL) { - /* - * We want inverse in constant time, therefore we utilize the fact - * order must be prime and use Fermats Little Theorem instead. - */ - if (!BN_set_word(X, 2)) { - ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); - goto err; - } - if (!BN_mod_sub(X, order, X, order, ctx)) { - ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); - goto err; - } - BN_set_flags(X, BN_FLG_CONSTTIME); - if (!BN_mod_exp_mont_consttime - (k, k, X, order, ctx, EC_GROUP_get_mont_data(group))) { - ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); - goto err; - } - } else { - if (!BN_mod_inverse(k, k, order, ctx)) { - ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); - goto err; - } + if (!ec_group_do_inverse_ord(group, k, k, ctx)) { + ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); + goto err; } /* clear old values if necessary */ @@ -187,7 +138,7 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BN_CTX_free(ctx); EC_POINT_free(tmp_point); BN_clear_free(X); - return (ret); + return ret; } int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, @@ -299,7 +250,7 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, if (BN_is_zero(s)) { /* - * if kinv and r have been supplied by the caller don't to + * if kinv and r have been supplied by the caller, don't * generate new kinv and r values */ if (in_kinv != NULL && in_r != NULL) { @@ -341,7 +292,7 @@ int ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len, s = ECDSA_SIG_new(); if (s == NULL) - return (ret); + return ret; if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL) goto err; /* Ensure signature uses DER and doesn't have trailing garbage */ @@ -352,7 +303,7 @@ int ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len, err: OPENSSL_clear_free(der, derlen); ECDSA_SIG_free(s); - return (ret); + return ret; } int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, @@ -407,7 +358,7 @@ int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, goto err; } /* calculate tmp1 = inv(S) mod order */ - if (!BN_mod_inverse(u2, sig->s, order, ctx)) { + if (!ec_group_do_inverse_ord(group, u2, sig->s, ctx)) { ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB); goto err; } @@ -446,22 +397,12 @@ int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB); goto err; } - if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == - NID_X9_62_prime_field) { - if (!EC_POINT_get_affine_coordinates_GFp(group, point, X, NULL, ctx)) { - ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB); - goto err; - } - } -#ifndef OPENSSL_NO_EC2M - else { /* NID_X9_62_characteristic_two_field */ - if (!EC_POINT_get_affine_coordinates_GF2m(group, point, X, NULL, ctx)) { - ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB); - goto err; - } + if (!EC_POINT_get_affine_coordinates(group, point, X, NULL, ctx)) { + ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB); + goto err; } -#endif + if (!BN_nnmod(u1, X, order, ctx)) { ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB); goto err; diff --git a/deps/openssl/openssl/crypto/ec/eck_prn.c b/deps/openssl/openssl/crypto/ec/eck_prn.c index 3e826cb138f8e6..b538fadcb10cae 100644 --- a/deps/openssl/openssl/crypto/ec/eck_prn.c +++ b/deps/openssl/openssl/crypto/ec/eck_prn.c @@ -1,5 +1,6 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,12 +8,6 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * Portions originally developed by SUN MICROSYSTEMS, INC., and - * contributed to the OpenSSL project. - */ - #include #include "internal/cryptlib.h" #include @@ -27,12 +22,12 @@ int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off) if ((b = BIO_new(BIO_s_file())) == NULL) { ECerr(EC_F_ECPKPARAMETERS_PRINT_FP, ERR_R_BUF_LIB); - return (0); + return 0; } BIO_set_fp(b, fp, BIO_NOCLOSE); ret = ECPKParameters_print(b, x, off); BIO_free(b); - return (ret); + return ret; } int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off) @@ -42,12 +37,12 @@ int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off) if ((b = BIO_new(BIO_s_file())) == NULL) { ECerr(EC_F_EC_KEY_PRINT_FP, ERR_R_BIO_LIB); - return (0); + return 0; } BIO_set_fp(b, fp, BIO_NOCLOSE); ret = EC_KEY_print(b, x, off); BIO_free(b); - return (ret); + return ret; } int ECParameters_print_fp(FILE *fp, const EC_KEY *x) @@ -57,12 +52,12 @@ int ECParameters_print_fp(FILE *fp, const EC_KEY *x) if ((b = BIO_new(BIO_s_file())) == NULL) { ECerr(EC_F_ECPARAMETERS_PRINT_FP, ERR_R_BIO_LIB); - return (0); + return 0; } BIO_set_fp(b, fp, BIO_NOCLOSE); ret = ECParameters_print(b, x); BIO_free(b); - return (ret); + return ret; } #endif @@ -130,19 +125,10 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off) reason = ERR_R_MALLOC_FAILURE; goto err; } -#ifndef OPENSSL_NO_EC2M - if (is_char_two) { - if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx)) { - reason = ERR_R_EC_LIB; - goto err; - } - } else /* prime field */ -#endif - { - if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx)) { - reason = ERR_R_EC_LIB; - goto err; - } + + if (!EC_GROUP_get_curve(x, p, a, b, ctx)) { + reason = ERR_R_EC_LIB; + goto err; } if ((point = EC_GROUP_get0_generator(x)) == NULL) { @@ -231,7 +217,7 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off) BN_free(b); BN_free(gen); BN_CTX_free(ctx); - return (ret); + return ret; } static int print_bin(BIO *fp, const char *name, const unsigned char *buf, diff --git a/deps/openssl/openssl/crypto/ec/ecp_mont.c b/deps/openssl/openssl/crypto/ec/ecp_mont.c index d837d4d465ab92..36682e5cfbd184 100644 --- a/deps/openssl/openssl/crypto/ec/ecp_mont.c +++ b/deps/openssl/openssl/crypto/ec/ecp_mont.c @@ -1,5 +1,6 @@ /* * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,12 +8,6 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * Portions of this software developed by SUN MICROSYSTEMS, INC., - * and contributed to the OpenSSL project. - */ - #include #include "ec_lcl.h" @@ -67,7 +62,11 @@ const EC_METHOD *EC_GFp_mont_method(void) 0, /* keycopy */ 0, /* keyfinish */ ecdh_simple_compute_key, - ec_GFp_simple_blind_coordinates + 0, /* field_inverse_mod_ord */ + ec_GFp_simple_blind_coordinates, + ec_GFp_simple_ladder_pre, + ec_GFp_simple_ladder_step, + ec_GFp_simple_ladder_post }; return &ret; diff --git a/deps/openssl/openssl/crypto/ec/ecp_nist.c b/deps/openssl/openssl/crypto/ec/ecp_nist.c index 143f21f3f9bb73..f53de1a1638bd4 100644 --- a/deps/openssl/openssl/crypto/ec/ecp_nist.c +++ b/deps/openssl/openssl/crypto/ec/ecp_nist.c @@ -1,5 +1,6 @@ /* * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,12 +8,6 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * Portions of this software developed by SUN MICROSYSTEMS, INC., - * and contributed to the OpenSSL project. - */ - #include #include @@ -69,7 +64,11 @@ const EC_METHOD *EC_GFp_nist_method(void) 0, /* keycopy */ 0, /* keyfinish */ ecdh_simple_compute_key, - ec_GFp_simple_blind_coordinates + 0, /* field_inverse_mod_ord */ + ec_GFp_simple_blind_coordinates, + ec_GFp_simple_ladder_pre, + ec_GFp_simple_ladder_step, + ec_GFp_simple_ladder_post }; return &ret; diff --git a/deps/openssl/openssl/crypto/ec/ecp_nistp224.c b/deps/openssl/openssl/crypto/ec/ecp_nistp224.c index 52056ff591006e..555bf307dd031a 100644 --- a/deps/openssl/openssl/crypto/ec/ecp_nistp224.c +++ b/deps/openssl/openssl/crypto/ec/ecp_nistp224.c @@ -40,12 +40,12 @@ NON_EMPTY_TRANSLATION_UNIT # include # include "ec_lcl.h" -# if defined(__GNUC__) && (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 1)) +# if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16 /* even with gcc, the typedef won't work for 32-bit platforms */ typedef __uint128_t uint128_t; /* nonstandard; implemented by gcc on 64-bit * platforms */ # else -# error "Need GCC 3.1 or later to define type uint128_t" +# error "Your compiler doesn't appear to support 128-bit integer types" # endif typedef uint8_t u8; @@ -78,7 +78,7 @@ typedef limb felem[4]; typedef widelimb widefelem[7]; /* - * Field element represented as a byte arrary. 28*8 = 224 bits is also the + * Field element represented as a byte array. 28*8 = 224 bits is also the * group order size for the elliptic curve, and we also use this type for * scalars for point multiplication. */ @@ -235,7 +235,7 @@ static const felem gmul[2][16][3] = { /* Precomputation for the group generator. */ struct nistp224_pre_comp_st { felem g_pre_comp[2][16][3]; - int references; + CRYPTO_REF_COUNT references; CRYPTO_RWLOCK *lock; }; @@ -291,7 +291,11 @@ const EC_METHOD *EC_GFp_nistp224_method(void) 0, /* keycopy */ 0, /* keyfinish */ ecdh_simple_compute_key, - 0 /* blind_coordinates */ + 0, /* field_inverse_mod_ord */ + 0, /* blind_coordinates */ + 0, /* ladder_pre */ + 0, /* ladder_step */ + 0 /* ladder_post */ }; return &ret; @@ -396,22 +400,6 @@ static void felem_sum(felem out, const felem in) out[3] += in[3]; } -/* Get negative value: out = -in */ -/* Assumes in[i] < 2^57 */ -static void felem_neg(felem out, const felem in) -{ - static const limb two58p2 = (((limb) 1) << 58) + (((limb) 1) << 2); - static const limb two58m2 = (((limb) 1) << 58) - (((limb) 1) << 2); - static const limb two58m42m2 = (((limb) 1) << 58) - - (((limb) 1) << 42) - (((limb) 1) << 2); - - /* Set to 0 mod 2^224-2^96+1 to ensure out > in */ - out[0] = two58p2 - in[0]; - out[1] = two58m42m2 - in[1]; - out[2] = two58m2 - in[2]; - out[3] = two58m2 - in[3]; -} - /* Subtract field elements: out -= in */ /* Assumes in[i] < 2^57 */ static void felem_diff(felem out, const felem in) @@ -680,6 +668,18 @@ static void felem_contract(felem out, const felem in) out[3] = tmp[3]; } +/* + * Get negative value: out = -in + * Requires in[i] < 2^63, + * ensures out[0] < 2^56, out[1] < 2^56, out[2] < 2^56, out[3] <= 2^56 + 2^16 + */ +static void felem_neg(felem out, const felem in) +{ + widefelem tmp = {0}; + felem_diff_128_64(tmp, in); + felem_reduce(out, tmp); +} + /* * Zero-check: returns 1 if input is 0, and 0 otherwise. We know that field * elements are reduced to in < 2^225, so we only need to check three cases: @@ -818,7 +818,7 @@ static void copy_conditional(felem out, const felem in, limb icopy) * Double an elliptic curve point: * (X', Y', Z') = 2 * (X, Y, Z), where * X' = (3 * (X - Z^2) * (X + Z^2))^2 - 8 * X * Y^2 - * Y' = 3 * (X - Z^2) * (X + Z^2) * (4 * X * Y^2 - X') - 8 * Y^2 + * Y' = 3 * (X - Z^2) * (X + Z^2) * (4 * X * Y^2 - X') - 8 * Y^4 * Z' = (Y + Z)^2 - Y^2 - Z^2 = 2 * Y * Z * Outputs can equal corresponding inputs, i.e., x_out == x_in is allowed, * while x_out == y_in is not (maybe this works, but it's not tested). @@ -1215,7 +1215,7 @@ static void batch_mul(felem x_out, felem y_out, felem z_out, * FUNCTIONS TO MANAGE PRECOMPUTATION */ -static NISTP224_PRE_COMP *nistp224_pre_comp_new() +static NISTP224_PRE_COMP *nistp224_pre_comp_new(void) { NISTP224_PRE_COMP *ret = OPENSSL_zalloc(sizeof(*ret)); @@ -1239,7 +1239,7 @@ NISTP224_PRE_COMP *EC_nistp224_pre_comp_dup(NISTP224_PRE_COMP *p) { int i; if (p != NULL) - CRYPTO_atomic_add(&p->references, 1, &i, p->lock); + CRYPTO_UP_REF(&p->references, &i, p->lock); return p; } @@ -1250,7 +1250,7 @@ void EC_nistp224_pre_comp_free(NISTP224_PRE_COMP *p) if (p == NULL) return; - CRYPTO_atomic_add(&p->references, -1, &i, p->lock); + CRYPTO_DOWN_REF(&p->references, &i, p->lock); REF_PRINT_COUNT("EC_nistp224", x); if (i > 0) return; @@ -1285,9 +1285,10 @@ int ec_GFp_nistp224_group_set_curve(EC_GROUP *group, const BIGNUM *p, if ((ctx = new_ctx = BN_CTX_new()) == NULL) return 0; BN_CTX_start(ctx); - if (((curve_p = BN_CTX_get(ctx)) == NULL) || - ((curve_a = BN_CTX_get(ctx)) == NULL) || - ((curve_b = BN_CTX_get(ctx)) == NULL)) + curve_p = BN_CTX_get(ctx); + curve_a = BN_CTX_get(ctx); + curve_b = BN_CTX_get(ctx); + if (curve_b == NULL) goto err; BN_bin2bn(nistp224_curve_params[0], sizeof(felem_bytearray), curve_p); BN_bin2bn(nistp224_curve_params[1], sizeof(felem_bytearray), curve_a); @@ -1395,7 +1396,6 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, int j; unsigned i; int mixed = 0; - BN_CTX *new_ctx = NULL; BIGNUM *x, *y, *z, *tmp_scalar; felem_bytearray g_secret; felem_bytearray *secrets = NULL; @@ -1412,14 +1412,12 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, const EC_POINT *p = NULL; const BIGNUM *p_scalar = NULL; - if (ctx == NULL) - if ((ctx = new_ctx = BN_CTX_new()) == NULL) - return 0; BN_CTX_start(ctx); - if (((x = BN_CTX_get(ctx)) == NULL) || - ((y = BN_CTX_get(ctx)) == NULL) || - ((z = BN_CTX_get(ctx)) == NULL) || - ((tmp_scalar = BN_CTX_get(ctx)) == NULL)) + x = BN_CTX_get(ctx); + y = BN_CTX_get(ctx); + z = BN_CTX_get(ctx); + tmp_scalar = BN_CTX_get(ctx); + if (tmp_scalar == NULL) goto err; if (scalar != NULL) { @@ -1576,7 +1574,6 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, err: BN_CTX_end(ctx); EC_POINT_free(generator); - BN_CTX_free(new_ctx); OPENSSL_free(secrets); OPENSSL_free(pre_comp); OPENSSL_free(tmp_felems); @@ -1599,7 +1596,9 @@ int ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx) if ((ctx = new_ctx = BN_CTX_new()) == NULL) return 0; BN_CTX_start(ctx); - if (((x = BN_CTX_get(ctx)) == NULL) || ((y = BN_CTX_get(ctx)) == NULL)) + x = BN_CTX_get(ctx); + y = BN_CTX_get(ctx); + if (y == NULL) goto err; /* get the generator */ if (group->generator == NULL) @@ -1609,7 +1608,7 @@ int ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx) goto err; BN_bin2bn(nistp224_curve_params[3], sizeof(felem_bytearray), x); BN_bin2bn(nistp224_curve_params[4], sizeof(felem_bytearray), y); - if (!EC_POINT_set_affine_coordinates_GFp(group, generator, x, y, ctx)) + if (!EC_POINT_set_affine_coordinates(group, generator, x, y, ctx)) goto err; if ((pre = nistp224_pre_comp_new()) == NULL) goto err; diff --git a/deps/openssl/openssl/crypto/ec/ecp_nistp256.c b/deps/openssl/openssl/crypto/ec/ecp_nistp256.c index ffd2a7d93a065b..c87a5e548d369b 100644 --- a/deps/openssl/openssl/crypto/ec/ecp_nistp256.c +++ b/deps/openssl/openssl/crypto/ec/ecp_nistp256.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -41,13 +41,13 @@ NON_EMPTY_TRANSLATION_UNIT # include # include "ec_lcl.h" -# if defined(__GNUC__) && (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 1)) +# if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16 /* even with gcc, the typedef won't work for 32-bit platforms */ typedef __uint128_t uint128_t; /* nonstandard; implemented by gcc on 64-bit * platforms */ typedef __int128_t int128_t; # else -# error "Need GCC 3.1 or later to define type uint128_t" +# error "Your compiler doesn't appear to support 128-bit integer types" # endif typedef uint8_t u8; @@ -1766,7 +1766,7 @@ static void batch_mul(felem x_out, felem y_out, felem z_out, /* Precomputation for the group generator. */ struct nistp256_pre_comp_st { smallfelem g_pre_comp[2][16][3]; - int references; + CRYPTO_REF_COUNT references; CRYPTO_RWLOCK *lock; }; @@ -1821,7 +1821,12 @@ const EC_METHOD *EC_GFp_nistp256_method(void) ec_key_simple_generate_public_key, 0, /* keycopy */ 0, /* keyfinish */ - ecdh_simple_compute_key + ecdh_simple_compute_key, + 0, /* field_inverse_mod_ord */ + 0, /* blind_coordinates */ + 0, /* ladder_pre */ + 0, /* ladder_step */ + 0 /* ladder_post */ }; return &ret; @@ -1832,7 +1837,7 @@ const EC_METHOD *EC_GFp_nistp256_method(void) * FUNCTIONS TO MANAGE PRECOMPUTATION */ -static NISTP256_PRE_COMP *nistp256_pre_comp_new() +static NISTP256_PRE_COMP *nistp256_pre_comp_new(void) { NISTP256_PRE_COMP *ret = OPENSSL_zalloc(sizeof(*ret)); @@ -1856,7 +1861,7 @@ NISTP256_PRE_COMP *EC_nistp256_pre_comp_dup(NISTP256_PRE_COMP *p) { int i; if (p != NULL) - CRYPTO_atomic_add(&p->references, 1, &i, p->lock); + CRYPTO_UP_REF(&p->references, &i, p->lock); return p; } @@ -1867,7 +1872,7 @@ void EC_nistp256_pre_comp_free(NISTP256_PRE_COMP *pre) if (pre == NULL) return; - CRYPTO_atomic_add(&pre->references, -1, &i, pre->lock); + CRYPTO_DOWN_REF(&pre->references, &i, pre->lock); REF_PRINT_COUNT("EC_nistp256", x); if (i > 0) return; @@ -1902,9 +1907,10 @@ int ec_GFp_nistp256_group_set_curve(EC_GROUP *group, const BIGNUM *p, if ((ctx = new_ctx = BN_CTX_new()) == NULL) return 0; BN_CTX_start(ctx); - if (((curve_p = BN_CTX_get(ctx)) == NULL) || - ((curve_a = BN_CTX_get(ctx)) == NULL) || - ((curve_b = BN_CTX_get(ctx)) == NULL)) + curve_p = BN_CTX_get(ctx); + curve_a = BN_CTX_get(ctx); + curve_b = BN_CTX_get(ctx); + if (curve_b == NULL) goto err; BN_bin2bn(nistp256_curve_params[0], sizeof(felem_bytearray), curve_p); BN_bin2bn(nistp256_curve_params[1], sizeof(felem_bytearray), curve_a); @@ -2012,7 +2018,6 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, int ret = 0; int j; int mixed = 0; - BN_CTX *new_ctx = NULL; BIGNUM *x, *y, *z, *tmp_scalar; felem_bytearray g_secret; felem_bytearray *secrets = NULL; @@ -2030,14 +2035,12 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, const EC_POINT *p = NULL; const BIGNUM *p_scalar = NULL; - if (ctx == NULL) - if ((ctx = new_ctx = BN_CTX_new()) == NULL) - return 0; BN_CTX_start(ctx); - if (((x = BN_CTX_get(ctx)) == NULL) || - ((y = BN_CTX_get(ctx)) == NULL) || - ((z = BN_CTX_get(ctx)) == NULL) || - ((tmp_scalar = BN_CTX_get(ctx)) == NULL)) + x = BN_CTX_get(ctx); + y = BN_CTX_get(ctx); + z = BN_CTX_get(ctx); + tmp_scalar = BN_CTX_get(ctx); + if (tmp_scalar == NULL) goto err; if (scalar != NULL) { @@ -2200,7 +2203,6 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, err: BN_CTX_end(ctx); EC_POINT_free(generator); - BN_CTX_free(new_ctx); OPENSSL_free(secrets); OPENSSL_free(pre_comp); OPENSSL_free(tmp_smallfelems); @@ -2224,7 +2226,9 @@ int ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx) if ((ctx = new_ctx = BN_CTX_new()) == NULL) return 0; BN_CTX_start(ctx); - if (((x = BN_CTX_get(ctx)) == NULL) || ((y = BN_CTX_get(ctx)) == NULL)) + x = BN_CTX_get(ctx); + y = BN_CTX_get(ctx); + if (y == NULL) goto err; /* get the generator */ if (group->generator == NULL) @@ -2234,7 +2238,7 @@ int ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx) goto err; BN_bin2bn(nistp256_curve_params[3], sizeof(felem_bytearray), x); BN_bin2bn(nistp256_curve_params[4], sizeof(felem_bytearray), y); - if (!EC_POINT_set_affine_coordinates_GFp(group, generator, x, y, ctx)) + if (!EC_POINT_set_affine_coordinates(group, generator, x, y, ctx)) goto err; if ((pre = nistp256_pre_comp_new()) == NULL) goto err; diff --git a/deps/openssl/openssl/crypto/ec/ecp_nistp521.c b/deps/openssl/openssl/crypto/ec/ecp_nistp521.c index 0a82abca1b00f4..14f2feeb699962 100644 --- a/deps/openssl/openssl/crypto/ec/ecp_nistp521.c +++ b/deps/openssl/openssl/crypto/ec/ecp_nistp521.c @@ -40,12 +40,12 @@ NON_EMPTY_TRANSLATION_UNIT # include # include "ec_lcl.h" -# if defined(__GNUC__) && (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 1)) +# if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16 /* even with gcc, the typedef won't work for 32-bit platforms */ typedef __uint128_t uint128_t; /* nonstandard; implemented by gcc on 64-bit * platforms */ # else -# error "Need GCC 3.1 or later to define type uint128_t" +# error "Your compiler doesn't appear to support 128-bit integer types" # endif typedef uint8_t u8; @@ -1156,9 +1156,9 @@ static void copy_conditional(felem out, const felem in, limb mask) * adapted for mixed addition (z2 = 1, or z2 = 0 for the point at infinity). * * This function includes a branch for checking whether the two input points - * are equal (while not equal to the point at infinity). This case never - * happens during single point multiplication, so there is no timing leak for - * ECDH or ECDSA signing. */ + * are equal (while not equal to the point at infinity). See comment below + * on constant-time. + */ static void point_add(felem x3, felem y3, felem z3, const felem x1, const felem y1, const felem z1, const int mixed, const felem x2, const felem y2, @@ -1252,6 +1252,22 @@ static void point_add(felem x3, felem y3, felem z3, /* ftmp5[i] < 2^61 */ if (x_equal && y_equal && !z1_is_zero && !z2_is_zero) { + /* + * This is obviously not constant-time but it will almost-never happen + * for ECDH / ECDSA. The case where it can happen is during scalar-mult + * where the intermediate value gets very close to the group order. + * Since |ec_GFp_nistp_recode_scalar_bits| produces signed digits for + * the scalar, it's possible for the intermediate value to be a small + * negative multiple of the base point, and for the final signed digit + * to be the same value. We believe that this only occurs for the scalar + * 1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff + * ffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb + * 71e913863f7, in that case the penultimate intermediate is -9G and + * the final digit is also -9G. Since this only happens for a single + * scalar, the timing leak is irrelevent. (Any attacker who wanted to + * check whether a secret scalar was that exact value, can already do + * so.) + */ point_double(x3, y3, z3, x1, y1, z1); return; } @@ -1587,7 +1603,7 @@ static void batch_mul(felem x_out, felem y_out, felem z_out, /* Precomputation for the group generator. */ struct nistp521_pre_comp_st { felem g_pre_comp[16][3]; - int references; + CRYPTO_REF_COUNT references; CRYPTO_RWLOCK *lock; }; @@ -1643,7 +1659,11 @@ const EC_METHOD *EC_GFp_nistp521_method(void) 0, /* keycopy */ 0, /* keyfinish */ ecdh_simple_compute_key, - 0 /* blind_coordinates */ + 0, /* field_inverse_mod_ord */ + 0, /* blind_coordinates */ + 0, /* ladder_pre */ + 0, /* ladder_step */ + 0 /* ladder_post */ }; return &ret; @@ -1654,7 +1674,7 @@ const EC_METHOD *EC_GFp_nistp521_method(void) * FUNCTIONS TO MANAGE PRECOMPUTATION */ -static NISTP521_PRE_COMP *nistp521_pre_comp_new() +static NISTP521_PRE_COMP *nistp521_pre_comp_new(void) { NISTP521_PRE_COMP *ret = OPENSSL_zalloc(sizeof(*ret)); @@ -1678,7 +1698,7 @@ NISTP521_PRE_COMP *EC_nistp521_pre_comp_dup(NISTP521_PRE_COMP *p) { int i; if (p != NULL) - CRYPTO_atomic_add(&p->references, 1, &i, p->lock); + CRYPTO_UP_REF(&p->references, &i, p->lock); return p; } @@ -1689,7 +1709,7 @@ void EC_nistp521_pre_comp_free(NISTP521_PRE_COMP *p) if (p == NULL) return; - CRYPTO_atomic_add(&p->references, -1, &i, p->lock); + CRYPTO_DOWN_REF(&p->references, &i, p->lock); REF_PRINT_COUNT("EC_nistp521", x); if (i > 0) return; @@ -1724,9 +1744,10 @@ int ec_GFp_nistp521_group_set_curve(EC_GROUP *group, const BIGNUM *p, if ((ctx = new_ctx = BN_CTX_new()) == NULL) return 0; BN_CTX_start(ctx); - if (((curve_p = BN_CTX_get(ctx)) == NULL) || - ((curve_a = BN_CTX_get(ctx)) == NULL) || - ((curve_b = BN_CTX_get(ctx)) == NULL)) + curve_p = BN_CTX_get(ctx); + curve_a = BN_CTX_get(ctx); + curve_b = BN_CTX_get(ctx); + if (curve_b == NULL) goto err; BN_bin2bn(nistp521_curve_params[0], sizeof(felem_bytearray), curve_p); BN_bin2bn(nistp521_curve_params[1], sizeof(felem_bytearray), curve_a); @@ -1834,7 +1855,6 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, int ret = 0; int j; int mixed = 0; - BN_CTX *new_ctx = NULL; BIGNUM *x, *y, *z, *tmp_scalar; felem_bytearray g_secret; felem_bytearray *secrets = NULL; @@ -1851,14 +1871,12 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, const EC_POINT *p = NULL; const BIGNUM *p_scalar = NULL; - if (ctx == NULL) - if ((ctx = new_ctx = BN_CTX_new()) == NULL) - return 0; BN_CTX_start(ctx); - if (((x = BN_CTX_get(ctx)) == NULL) || - ((y = BN_CTX_get(ctx)) == NULL) || - ((z = BN_CTX_get(ctx)) == NULL) || - ((tmp_scalar = BN_CTX_get(ctx)) == NULL)) + x = BN_CTX_get(ctx); + y = BN_CTX_get(ctx); + z = BN_CTX_get(ctx); + tmp_scalar = BN_CTX_get(ctx); + if (tmp_scalar == NULL) goto err; if (scalar != NULL) { @@ -2019,7 +2037,6 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, err: BN_CTX_end(ctx); EC_POINT_free(generator); - BN_CTX_free(new_ctx); OPENSSL_free(secrets); OPENSSL_free(pre_comp); OPENSSL_free(tmp_felems); @@ -2042,7 +2059,9 @@ int ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx) if ((ctx = new_ctx = BN_CTX_new()) == NULL) return 0; BN_CTX_start(ctx); - if (((x = BN_CTX_get(ctx)) == NULL) || ((y = BN_CTX_get(ctx)) == NULL)) + x = BN_CTX_get(ctx); + y = BN_CTX_get(ctx); + if (y == NULL) goto err; /* get the generator */ if (group->generator == NULL) @@ -2052,7 +2071,7 @@ int ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx) goto err; BN_bin2bn(nistp521_curve_params[3], sizeof(felem_bytearray), x); BN_bin2bn(nistp521_curve_params[4], sizeof(felem_bytearray), y); - if (!EC_POINT_set_affine_coordinates_GFp(group, generator, x, y, ctx)) + if (!EC_POINT_set_affine_coordinates(group, generator, x, y, ctx)) goto err; if ((pre = nistp521_pre_comp_new()) == NULL) goto err; diff --git a/deps/openssl/openssl/crypto/ec/ecp_nistz256.c b/deps/openssl/openssl/crypto/ec/ecp_nistz256.c index 7eafce649b4517..b0564bdbd04c56 100644 --- a/deps/openssl/openssl/crypto/ec/ecp_nistz256.c +++ b/deps/openssl/openssl/crypto/ec/ecp_nistz256.c @@ -1,45 +1,29 @@ /* * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2014, Intel Corporation. All Rights Reserved. + * Copyright (c) 2015, CloudFlare, Inc. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html + * + * Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1, 3) + * (1) Intel Corporation, Israel Development Center, Haifa, Israel + * (2) University of Haifa, Israel + * (3) CloudFlare, Inc. + * + * Reference: + * S.Gueron and V.Krasnov, "Fast Prime Field Elliptic Curve Cryptography with + * 256 Bit Primes" */ -/****************************************************************************** - * * - * Copyright 2014 Intel Corporation * - * * - * Licensed under the Apache License, Version 2.0 (the "License"); * - * you may not use this file except in compliance with the License. * - * You may obtain a copy of the License at * - * * - * http://www.apache.org/licenses/LICENSE-2.0 * - * * - * Unless required by applicable law or agreed to in writing, software * - * distributed under the License is distributed on an "AS IS" BASIS, * - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * - * See the License for the specific language governing permissions and * - * limitations under the License. * - * * - ****************************************************************************** - * * - * Developers and authors: * - * Shay Gueron (1, 2), and Vlad Krasnov (1) * - * (1) Intel Corporation, Israel Development Center * - * (2) University of Haifa * - * Reference: * - * S.Gueron and V.Krasnov, "Fast Prime Field Elliptic Curve Cryptography with * - * 256 Bit Primes" * - * * - ******************************************************************************/ - #include #include "internal/cryptlib.h" #include "internal/bn_int.h" #include "ec_lcl.h" +#include "internal/refcount.h" #if BN_BITS2 != 64 # define TOBN(hi,lo) lo,hi @@ -84,7 +68,7 @@ struct nistz256_pre_comp_st { */ PRECOMP256_ROW *precomp; void *precomp_storage; - int references; + CRYPTO_REF_COUNT references; CRYPTO_RWLOCK *lock; }; @@ -254,6 +238,16 @@ static BN_ULONG is_one(const BIGNUM *z) return res; } +/* + * For reference, this macro is used only when new ecp_nistz256 assembly + * module is being developed. For example, configure with + * -DECP_NISTZ256_REFERENCE_IMPLEMENTATION and implement only functions + * performing simplest arithmetic operations on 256-bit vectors. Then + * work on implementation of higher-level functions performing point + * operations. Then remove ECP_NISTZ256_REFERENCE_IMPLEMENTATION + * and never define it again. (The correct macro denoting presence of + * ecp_nistz256 module is ECP_NISTZ256_ASM.) + */ #ifndef ECP_NISTZ256_REFERENCE_IMPLEMENTATION void ecp_nistz256_point_double(P256_POINT *r, const P256_POINT *a); void ecp_nistz256_point_add(P256_POINT *r, @@ -916,7 +910,7 @@ __owur static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx) */ #if defined(ECP_NISTZ256_AVX2) # if !(defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_MX64)) || \ + defined(_M_AMD64) || defined(_M_X64)) || \ !(defined(__GNUC__) || defined(_MSC_VER)) /* this is for ALIGN32 */ # undef ECP_NISTZ256_AVX2 # else @@ -1129,12 +1123,10 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group, const BIGNUM *scalars[], BN_CTX *ctx) { int i = 0, ret = 0, no_precomp_for_generator = 0, p_is_infinity = 0; - size_t j; unsigned char p_str[33] = { 0 }; const PRECOMP256_ROW *preComputedTable = NULL; const NISTZ256_PRE_COMP *pre_comp = NULL; const EC_POINT *generator = NULL; - BN_CTX *new_ctx = NULL; const BIGNUM **new_scalars = NULL; const EC_POINT **new_points = NULL; unsigned int idx = 0; @@ -1152,27 +1144,6 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group, return 0; } - if (!ec_point_is_compat(r, group)) { - ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - - if ((scalar == NULL) && (num == 0)) - return EC_POINT_set_to_infinity(group, r); - - for (j = 0; j < num; j++) { - if (!ec_point_is_compat(points[j], group)) { - ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - } - - if (ctx == NULL) { - ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) - goto err; - } - BN_CTX_start(ctx); if (scalar) { @@ -1368,9 +1339,7 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group, ret = 1; err: - if (ctx) - BN_CTX_end(ctx); - BN_CTX_free(new_ctx); + BN_CTX_end(ctx); OPENSSL_free(new_points); OPENSSL_free(new_scalars); return ret; @@ -1451,7 +1420,7 @@ NISTZ256_PRE_COMP *EC_nistz256_pre_comp_dup(NISTZ256_PRE_COMP *p) { int i; if (p != NULL) - CRYPTO_atomic_add(&p->references, 1, &i, p->lock); + CRYPTO_UP_REF(&p->references, &i, p->lock); return p; } @@ -1462,7 +1431,7 @@ void EC_nistz256_pre_comp_free(NISTZ256_PRE_COMP *pre) if (pre == NULL) return; - CRYPTO_atomic_add(&pre->references, -1, &i, pre->lock); + CRYPTO_DOWN_REF(&pre->references, &i, pre->lock); REF_PRINT_COUNT("EC_nistz256", x); if (i > 0) return; @@ -1487,6 +1456,189 @@ static int ecp_nistz256_window_have_precompute_mult(const EC_GROUP *group) return HAVEPRECOMP(group, nistz256); } +#if defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_AMD64) || defined(_M_X64) || \ + defined(__powerpc64__) || defined(_ARCH_PP64) || \ + defined(__aarch64__) +/* + * Montgomery mul modulo Order(P): res = a*b*2^-256 mod Order(P) + */ +void ecp_nistz256_ord_mul_mont(BN_ULONG res[P256_LIMBS], + const BN_ULONG a[P256_LIMBS], + const BN_ULONG b[P256_LIMBS]); +void ecp_nistz256_ord_sqr_mont(BN_ULONG res[P256_LIMBS], + const BN_ULONG a[P256_LIMBS], + int rep); + +static int ecp_nistz256_inv_mod_ord(const EC_GROUP *group, BIGNUM *r, + const BIGNUM *x, BN_CTX *ctx) +{ + /* RR = 2^512 mod ord(p256) */ + static const BN_ULONG RR[P256_LIMBS] = { + TOBN(0x83244c95,0xbe79eea2), TOBN(0x4699799c,0x49bd6fa6), + TOBN(0x2845b239,0x2b6bec59), TOBN(0x66e12d94,0xf3d95620) + }; + /* The constant 1 (unlike ONE that is one in Montgomery representation) */ + static const BN_ULONG one[P256_LIMBS] = { + TOBN(0,1), TOBN(0,0), TOBN(0,0), TOBN(0,0) + }; + /* + * We don't use entry 0 in the table, so we omit it and address + * with -1 offset. + */ + BN_ULONG table[15][P256_LIMBS]; + BN_ULONG out[P256_LIMBS], t[P256_LIMBS]; + int i, ret = 0; + enum { + i_1 = 0, i_10, i_11, i_101, i_111, i_1010, i_1111, + i_10101, i_101010, i_101111, i_x6, i_x8, i_x16, i_x32 + }; + + /* + * Catch allocation failure early. + */ + if (bn_wexpand(r, P256_LIMBS) == NULL) { + ECerr(EC_F_ECP_NISTZ256_INV_MOD_ORD, ERR_R_BN_LIB); + goto err; + } + + if ((BN_num_bits(x) > 256) || BN_is_negative(x)) { + BIGNUM *tmp; + + if ((tmp = BN_CTX_get(ctx)) == NULL + || !BN_nnmod(tmp, x, group->order, ctx)) { + ECerr(EC_F_ECP_NISTZ256_INV_MOD_ORD, ERR_R_BN_LIB); + goto err; + } + x = tmp; + } + + if (!ecp_nistz256_bignum_to_field_elem(t, x)) { + ECerr(EC_F_ECP_NISTZ256_INV_MOD_ORD, EC_R_COORDINATES_OUT_OF_RANGE); + goto err; + } + + ecp_nistz256_ord_mul_mont(table[0], t, RR); +#if 0 + /* + * Original sparse-then-fixed-window algorithm, retained for reference. + */ + for (i = 2; i < 16; i += 2) { + ecp_nistz256_ord_sqr_mont(table[i-1], table[i/2-1], 1); + ecp_nistz256_ord_mul_mont(table[i], table[i-1], table[0]); + } + + /* + * The top 128bit of the exponent are highly redudndant, so we + * perform an optimized flow + */ + ecp_nistz256_ord_sqr_mont(t, table[15-1], 4); /* f0 */ + ecp_nistz256_ord_mul_mont(t, t, table[15-1]); /* ff */ + + ecp_nistz256_ord_sqr_mont(out, t, 8); /* ff00 */ + ecp_nistz256_ord_mul_mont(out, out, t); /* ffff */ + + ecp_nistz256_ord_sqr_mont(t, out, 16); /* ffff0000 */ + ecp_nistz256_ord_mul_mont(t, t, out); /* ffffffff */ + + ecp_nistz256_ord_sqr_mont(out, t, 64); /* ffffffff0000000000000000 */ + ecp_nistz256_ord_mul_mont(out, out, t); /* ffffffff00000000ffffffff */ + + ecp_nistz256_ord_sqr_mont(out, out, 32); /* ffffffff00000000ffffffff00000000 */ + ecp_nistz256_ord_mul_mont(out, out, t); /* ffffffff00000000ffffffffffffffff */ + + /* + * The bottom 128 bit of the exponent are processed with fixed 4-bit window + */ + for(i = 0; i < 32; i++) { + /* expLo - the low 128 bits of the exponent we use (ord(p256) - 2), + * split into nibbles */ + static const unsigned char expLo[32] = { + 0xb,0xc,0xe,0x6,0xf,0xa,0xa,0xd,0xa,0x7,0x1,0x7,0x9,0xe,0x8,0x4, + 0xf,0x3,0xb,0x9,0xc,0xa,0xc,0x2,0xf,0xc,0x6,0x3,0x2,0x5,0x4,0xf + }; + + ecp_nistz256_ord_sqr_mont(out, out, 4); + /* The exponent is public, no need in constant-time access */ + ecp_nistz256_ord_mul_mont(out, out, table[expLo[i]-1]); + } +#else + /* + * https://briansmith.org/ecc-inversion-addition-chains-01#p256_scalar_inversion + * + * Even though this code path spares 12 squarings, 4.5%, and 13 + * multiplications, 25%, on grand scale sign operation is not that + * much faster, not more that 2%... + */ + + /* pre-calculate powers */ + ecp_nistz256_ord_sqr_mont(table[i_10], table[i_1], 1); + + ecp_nistz256_ord_mul_mont(table[i_11], table[i_1], table[i_10]); + + ecp_nistz256_ord_mul_mont(table[i_101], table[i_11], table[i_10]); + + ecp_nistz256_ord_mul_mont(table[i_111], table[i_101], table[i_10]); + + ecp_nistz256_ord_sqr_mont(table[i_1010], table[i_101], 1); + + ecp_nistz256_ord_mul_mont(table[i_1111], table[i_1010], table[i_101]); + + ecp_nistz256_ord_sqr_mont(table[i_10101], table[i_1010], 1); + ecp_nistz256_ord_mul_mont(table[i_10101], table[i_10101], table[i_1]); + + ecp_nistz256_ord_sqr_mont(table[i_101010], table[i_10101], 1); + + ecp_nistz256_ord_mul_mont(table[i_101111], table[i_101010], table[i_101]); + + ecp_nistz256_ord_mul_mont(table[i_x6], table[i_101010], table[i_10101]); + + ecp_nistz256_ord_sqr_mont(table[i_x8], table[i_x6], 2); + ecp_nistz256_ord_mul_mont(table[i_x8], table[i_x8], table[i_11]); + + ecp_nistz256_ord_sqr_mont(table[i_x16], table[i_x8], 8); + ecp_nistz256_ord_mul_mont(table[i_x16], table[i_x16], table[i_x8]); + + ecp_nistz256_ord_sqr_mont(table[i_x32], table[i_x16], 16); + ecp_nistz256_ord_mul_mont(table[i_x32], table[i_x32], table[i_x16]); + + /* calculations */ + ecp_nistz256_ord_sqr_mont(out, table[i_x32], 64); + ecp_nistz256_ord_mul_mont(out, out, table[i_x32]); + + for (i = 0; i < 27; i++) { + static const struct { unsigned char p, i; } chain[27] = { + { 32, i_x32 }, { 6, i_101111 }, { 5, i_111 }, + { 4, i_11 }, { 5, i_1111 }, { 5, i_10101 }, + { 4, i_101 }, { 3, i_101 }, { 3, i_101 }, + { 5, i_111 }, { 9, i_101111 }, { 6, i_1111 }, + { 2, i_1 }, { 5, i_1 }, { 6, i_1111 }, + { 5, i_111 }, { 4, i_111 }, { 5, i_111 }, + { 5, i_101 }, { 3, i_11 }, { 10, i_101111 }, + { 2, i_11 }, { 5, i_11 }, { 5, i_11 }, + { 3, i_1 }, { 7, i_10101 }, { 6, i_1111 } + }; + + ecp_nistz256_ord_sqr_mont(out, out, chain[i].p); + ecp_nistz256_ord_mul_mont(out, out, table[chain[i].i]); + } +#endif + ecp_nistz256_ord_mul_mont(out, out, one); + + /* + * Can't fail, but check return code to be consistent anyway. + */ + if (!bn_set_words(r, out, P256_LIMBS)) + goto err; + + ret = 1; +err: + return ret; +} +#else +# define ecp_nistz256_inv_mod_ord NULL +#endif + const EC_METHOD *EC_GFp_nistz256_method(void) { static const EC_METHOD ret = { @@ -1537,7 +1689,11 @@ const EC_METHOD *EC_GFp_nistz256_method(void) 0, /* keycopy */ 0, /* keyfinish */ ecdh_simple_compute_key, - 0 /* blind_coordinates */ + ecp_nistz256_inv_mod_ord, /* can be #define-d NULL */ + 0, /* blind_coordinates */ + 0, /* ladder_pre */ + 0, /* ladder_step */ + 0 /* ladder_post */ }; return &ret; diff --git a/deps/openssl/openssl/crypto/ec/ecp_oct.c b/deps/openssl/openssl/crypto/ec/ecp_oct.c index 4d142a4ab96cee..7ade1b3d217321 100644 --- a/deps/openssl/openssl/crypto/ec/ecp_oct.c +++ b/deps/openssl/openssl/crypto/ec/ecp_oct.c @@ -1,5 +1,6 @@ /* - * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,12 +8,6 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * Portions of this software developed by SUN MICROSYSTEMS, INC., - * and contributed to the OpenSSL project. - */ - #include #include @@ -130,7 +125,7 @@ int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group, EC_R_INVALID_COMPRESSION_BIT); else /* - * BN_mod_sqrt() should have cought this error (not a square) + * BN_mod_sqrt() should have caught this error (not a square) */ ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT); @@ -145,7 +140,7 @@ int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group, goto err; } - if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) + if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx)) goto err; ret = 1; @@ -211,7 +206,7 @@ size_t ec_GFp_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, if (y == NULL) goto err; - if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) + if (!EC_POINT_get_affine_coordinates(group, point, x, y, ctx)) goto err; if ((form == POINT_CONVERSION_COMPRESSED @@ -338,8 +333,7 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point, } if (form == POINT_CONVERSION_COMPRESSED) { - if (!EC_POINT_set_compressed_coordinates_GFp - (group, point, x, y_bit, ctx)) + if (!EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx)) goto err; } else { if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) @@ -356,10 +350,10 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point, } /* - * EC_POINT_set_affine_coordinates_GFp is responsible for checking that + * EC_POINT_set_affine_coordinates is responsible for checking that * the point is on the curve. */ - if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) + if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx)) goto err; } diff --git a/deps/openssl/openssl/crypto/ec/ecp_smpl.c b/deps/openssl/openssl/crypto/ec/ecp_smpl.c index adfb1945766699..d0c5557ff4ddaf 100644 --- a/deps/openssl/openssl/crypto/ec/ecp_smpl.c +++ b/deps/openssl/openssl/crypto/ec/ecp_smpl.c @@ -1,5 +1,6 @@ /* * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,12 +8,6 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * Portions of this software developed by SUN MICROSYSTEMS, INC., - * and contributed to the OpenSSL project. - */ - #include #include @@ -68,7 +63,11 @@ const EC_METHOD *EC_GFp_simple_method(void) 0, /* keycopy */ 0, /* keyfinish */ ecdh_simple_compute_key, - ec_GFp_simple_blind_coordinates + 0, /* field_inverse_mod_ord */ + ec_GFp_simple_blind_coordinates, + ec_GFp_simple_ladder_pre, + ec_GFp_simple_ladder_step, + ec_GFp_simple_ladder_post }; return &ret; @@ -1182,9 +1181,9 @@ int ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point, if (y == NULL) goto err; - if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) + if (!EC_POINT_get_affine_coordinates(group, point, x, y, ctx)) goto err; - if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) + if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx)) goto err; if (!point->Z_is_one) { ECerr(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE, ERR_R_INTERNAL_ERROR); @@ -1220,7 +1219,7 @@ int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, BN_CTX_start(ctx); tmp = BN_CTX_get(ctx); tmp_Z = BN_CTX_get(ctx); - if (tmp == NULL || tmp_Z == NULL) + if (tmp_Z == NULL) goto err; prod_Z = OPENSSL_malloc(num * sizeof(prod_Z[0])); @@ -1394,7 +1393,7 @@ int ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p, /* make sure lambda is not zero */ do { - if (!BN_rand_range(lambda, group->field)) { + if (!BN_priv_rand_range(lambda, group->field)) { ECerr(EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES, ERR_R_BN_LIB); goto err; } @@ -1419,6 +1418,227 @@ int ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p, ret = 1; err: - BN_CTX_end(ctx); - return ret; + BN_CTX_end(ctx); + return ret; +} + +/*- + * Set s := p, r := 2p. + * + * For doubling we use Formula 3 from Izu-Takagi "A fast parallel elliptic curve + * multiplication resistant against side channel attacks" appendix, as described + * at + * https://hyperelliptic.org/EFD/g1p/auto-shortw-xz.html#doubling-dbl-2002-it-2 + * + * The input point p will be in randomized Jacobian projective coords: + * x = X/Z**2, y=Y/Z**3 + * + * The output points p, s, and r are converted to standard (homogeneous) + * projective coords: + * x = X/Z, y=Y/Z + */ +int ec_GFp_simple_ladder_pre(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx) +{ + BIGNUM *t1, *t2, *t3, *t4, *t5, *t6 = NULL; + + t1 = r->Z; + t2 = r->Y; + t3 = s->X; + t4 = r->X; + t5 = s->Y; + t6 = s->Z; + + /* convert p: (X,Y,Z) -> (XZ,Y,Z**3) */ + if (!group->meth->field_mul(group, p->X, p->X, p->Z, ctx) + || !group->meth->field_sqr(group, t1, p->Z, ctx) + || !group->meth->field_mul(group, p->Z, p->Z, t1, ctx) + /* r := 2p */ + || !group->meth->field_sqr(group, t2, p->X, ctx) + || !group->meth->field_sqr(group, t3, p->Z, ctx) + || !group->meth->field_mul(group, t4, t3, group->a, ctx) + || !BN_mod_sub_quick(t5, t2, t4, group->field) + || !BN_mod_add_quick(t2, t2, t4, group->field) + || !group->meth->field_sqr(group, t5, t5, ctx) + || !group->meth->field_mul(group, t6, t3, group->b, ctx) + || !group->meth->field_mul(group, t1, p->X, p->Z, ctx) + || !group->meth->field_mul(group, t4, t1, t6, ctx) + || !BN_mod_lshift_quick(t4, t4, 3, group->field) + /* r->X coord output */ + || !BN_mod_sub_quick(r->X, t5, t4, group->field) + || !group->meth->field_mul(group, t1, t1, t2, ctx) + || !group->meth->field_mul(group, t2, t3, t6, ctx) + || !BN_mod_add_quick(t1, t1, t2, group->field) + /* r->Z coord output */ + || !BN_mod_lshift_quick(r->Z, t1, 2, group->field) + || !EC_POINT_copy(s, p)) + return 0; + + r->Z_is_one = 0; + s->Z_is_one = 0; + p->Z_is_one = 0; + + return 1; +} + +/*- + * Differential addition-and-doubling using Eq. (9) and (10) from Izu-Takagi + * "A fast parallel elliptic curve multiplication resistant against side channel + * attacks", as described at + * https://hyperelliptic.org/EFD/g1p/auto-shortw-xz.html#ladder-ladd-2002-it-4 + */ +int ec_GFp_simple_ladder_step(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx) +{ + int ret = 0; + BIGNUM *t0, *t1, *t2, *t3, *t4, *t5, *t6, *t7 = NULL; + + BN_CTX_start(ctx); + t0 = BN_CTX_get(ctx); + t1 = BN_CTX_get(ctx); + t2 = BN_CTX_get(ctx); + t3 = BN_CTX_get(ctx); + t4 = BN_CTX_get(ctx); + t5 = BN_CTX_get(ctx); + t6 = BN_CTX_get(ctx); + t7 = BN_CTX_get(ctx); + + if (t7 == NULL + || !group->meth->field_mul(group, t0, r->X, s->X, ctx) + || !group->meth->field_mul(group, t1, r->Z, s->Z, ctx) + || !group->meth->field_mul(group, t2, r->X, s->Z, ctx) + || !group->meth->field_mul(group, t3, r->Z, s->X, ctx) + || !group->meth->field_mul(group, t4, group->a, t1, ctx) + || !BN_mod_add_quick(t0, t0, t4, group->field) + || !BN_mod_add_quick(t4, t3, t2, group->field) + || !group->meth->field_mul(group, t0, t4, t0, ctx) + || !group->meth->field_sqr(group, t1, t1, ctx) + || !BN_mod_lshift_quick(t7, group->b, 2, group->field) + || !group->meth->field_mul(group, t1, t7, t1, ctx) + || !BN_mod_lshift1_quick(t0, t0, group->field) + || !BN_mod_add_quick(t0, t1, t0, group->field) + || !BN_mod_sub_quick(t1, t2, t3, group->field) + || !group->meth->field_sqr(group, t1, t1, ctx) + || !group->meth->field_mul(group, t3, t1, p->X, ctx) + || !group->meth->field_mul(group, t0, p->Z, t0, ctx) + /* s->X coord output */ + || !BN_mod_sub_quick(s->X, t0, t3, group->field) + /* s->Z coord output */ + || !group->meth->field_mul(group, s->Z, p->Z, t1, ctx) + || !group->meth->field_sqr(group, t3, r->X, ctx) + || !group->meth->field_sqr(group, t2, r->Z, ctx) + || !group->meth->field_mul(group, t4, t2, group->a, ctx) + || !BN_mod_add_quick(t5, r->X, r->Z, group->field) + || !group->meth->field_sqr(group, t5, t5, ctx) + || !BN_mod_sub_quick(t5, t5, t3, group->field) + || !BN_mod_sub_quick(t5, t5, t2, group->field) + || !BN_mod_sub_quick(t6, t3, t4, group->field) + || !group->meth->field_sqr(group, t6, t6, ctx) + || !group->meth->field_mul(group, t0, t2, t5, ctx) + || !group->meth->field_mul(group, t0, t7, t0, ctx) + /* r->X coord output */ + || !BN_mod_sub_quick(r->X, t6, t0, group->field) + || !BN_mod_add_quick(t6, t3, t4, group->field) + || !group->meth->field_sqr(group, t3, t2, ctx) + || !group->meth->field_mul(group, t7, t3, t7, ctx) + || !group->meth->field_mul(group, t5, t5, t6, ctx) + || !BN_mod_lshift1_quick(t5, t5, group->field) + /* r->Z coord output */ + || !BN_mod_add_quick(r->Z, t7, t5, group->field)) + goto err; + + ret = 1; + + err: + BN_CTX_end(ctx); + return ret; +} + +/*- + * Recovers the y-coordinate of r using Eq. (8) from Brier-Joye, "Weierstrass + * Elliptic Curves and Side-Channel Attacks", modified to work in projective + * coordinates and return r in Jacobian projective coordinates. + * + * X4 = two*Y1*X2*Z3*Z2*Z1; + * Y4 = two*b*Z3*SQR(Z2*Z1) + Z3*(a*Z2*Z1+X1*X2)*(X1*Z2+X2*Z1) - X3*SQR(X1*Z2-X2*Z1); + * Z4 = two*Y1*Z3*SQR(Z2)*Z1; + * + * Z4 != 0 because: + * - Z1==0 implies p is at infinity, which would have caused an early exit in + * the caller; + * - Z2==0 implies r is at infinity (handled by the BN_is_zero(r->Z) branch); + * - Z3==0 implies s is at infinity (handled by the BN_is_zero(s->Z) branch); + * - Y1==0 implies p has order 2, so either r or s are infinity and handled by + * one of the BN_is_zero(...) branches. + */ +int ec_GFp_simple_ladder_post(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx) +{ + int ret = 0; + BIGNUM *t0, *t1, *t2, *t3, *t4, *t5, *t6 = NULL; + + if (BN_is_zero(r->Z)) + return EC_POINT_set_to_infinity(group, r); + + if (BN_is_zero(s->Z)) { + /* (X,Y,Z) -> (XZ,YZ**2,Z) */ + if (!group->meth->field_mul(group, r->X, p->X, p->Z, ctx) + || !group->meth->field_sqr(group, r->Z, p->Z, ctx) + || !group->meth->field_mul(group, r->Y, p->Y, r->Z, ctx) + || !BN_copy(r->Z, p->Z) + || !EC_POINT_invert(group, r, ctx)) + return 0; + return 1; + } + + BN_CTX_start(ctx); + t0 = BN_CTX_get(ctx); + t1 = BN_CTX_get(ctx); + t2 = BN_CTX_get(ctx); + t3 = BN_CTX_get(ctx); + t4 = BN_CTX_get(ctx); + t5 = BN_CTX_get(ctx); + t6 = BN_CTX_get(ctx); + + if (t6 == NULL + || !BN_mod_lshift1_quick(t0, p->Y, group->field) + || !group->meth->field_mul(group, t1, r->X, p->Z, ctx) + || !group->meth->field_mul(group, t2, r->Z, s->Z, ctx) + || !group->meth->field_mul(group, t2, t1, t2, ctx) + || !group->meth->field_mul(group, t3, t2, t0, ctx) + || !group->meth->field_mul(group, t2, r->Z, p->Z, ctx) + || !group->meth->field_sqr(group, t4, t2, ctx) + || !BN_mod_lshift1_quick(t5, group->b, group->field) + || !group->meth->field_mul(group, t4, t4, t5, ctx) + || !group->meth->field_mul(group, t6, t2, group->a, ctx) + || !group->meth->field_mul(group, t5, r->X, p->X, ctx) + || !BN_mod_add_quick(t5, t6, t5, group->field) + || !group->meth->field_mul(group, t6, r->Z, p->X, ctx) + || !BN_mod_add_quick(t2, t6, t1, group->field) + || !group->meth->field_mul(group, t5, t5, t2, ctx) + || !BN_mod_sub_quick(t6, t6, t1, group->field) + || !group->meth->field_sqr(group, t6, t6, ctx) + || !group->meth->field_mul(group, t6, t6, s->X, ctx) + || !BN_mod_add_quick(t4, t5, t4, group->field) + || !group->meth->field_mul(group, t4, t4, s->Z, ctx) + || !BN_mod_sub_quick(t4, t4, t6, group->field) + || !group->meth->field_sqr(group, t5, r->Z, ctx) + || !group->meth->field_mul(group, r->Z, p->Z, s->Z, ctx) + || !group->meth->field_mul(group, r->Z, t5, r->Z, ctx) + || !group->meth->field_mul(group, r->Z, r->Z, t0, ctx) + /* t3 := X, t4 := Y */ + /* (X,Y,Z) -> (XZ,YZ**2,Z) */ + || !group->meth->field_mul(group, r->X, t3, r->Z, ctx) + || !group->meth->field_sqr(group, t3, r->Z, ctx) + || !group->meth->field_mul(group, r->Y, t4, t3, ctx)) + goto err; + + ret = 1; + + err: + BN_CTX_end(ctx); + return ret; } diff --git a/deps/openssl/openssl/crypto/ec/ecx_meth.c b/deps/openssl/openssl/crypto/ec/ecx_meth.c index 018a9419f070aa..b76bfdb6dc342f 100644 --- a/deps/openssl/openssl/crypto/ec/ecx_meth.c +++ b/deps/openssl/openssl/crypto/ec/ecx_meth.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -16,28 +16,39 @@ #include "internal/evp_int.h" #include "ec_lcl.h" -#define X25519_KEYLEN 32 #define X25519_BITS 253 #define X25519_SECURITY_BITS 128 -typedef struct { - unsigned char pubkey[X25519_KEYLEN]; - unsigned char *privkey; -} X25519_KEY; +#define ED25519_SIGSIZE 64 + +#define X448_BITS 448 +#define ED448_BITS 456 +#define X448_SECURITY_BITS 224 + +#define ED448_SIGSIZE 114 + +#define ISX448(id) ((id) == EVP_PKEY_X448) +#define IS25519(id) ((id) == EVP_PKEY_X25519 || (id) == EVP_PKEY_ED25519) +#define KEYLENID(id) (IS25519(id) ? X25519_KEYLEN \ + : ((id) == EVP_PKEY_X448 ? X448_KEYLEN \ + : ED448_KEYLEN)) +#define KEYLEN(p) KEYLENID((p)->ameth->pkey_id) + typedef enum { - X25519_PUBLIC, - X25519_PRIVATE, - X25519_KEYGEN + KEY_OP_PUBLIC, + KEY_OP_PRIVATE, + KEY_OP_KEYGEN } ecx_key_op_t; /* Setup EVP_PKEY using public, private or generation */ -static int ecx_key_op(EVP_PKEY *pkey, const X509_ALGOR *palg, +static int ecx_key_op(EVP_PKEY *pkey, int id, const X509_ALGOR *palg, const unsigned char *p, int plen, ecx_key_op_t op) { - X25519_KEY *xkey; + ECX_KEY *key = NULL; + unsigned char *privkey, *pubkey; - if (op != X25519_KEYGEN) { + if (op != KEY_OP_KEYGEN) { if (palg != NULL) { int ptype; @@ -49,64 +60,85 @@ static int ecx_key_op(EVP_PKEY *pkey, const X509_ALGOR *palg, } } - if (p == NULL || plen != X25519_KEYLEN) { + if (p == NULL || plen != KEYLENID(id)) { ECerr(EC_F_ECX_KEY_OP, EC_R_INVALID_ENCODING); return 0; } } - xkey = OPENSSL_zalloc(sizeof(*xkey)); - if (xkey == NULL) { + key = OPENSSL_zalloc(sizeof(*key)); + if (key == NULL) { ECerr(EC_F_ECX_KEY_OP, ERR_R_MALLOC_FAILURE); return 0; } + pubkey = key->pubkey; - if (op == X25519_PUBLIC) { - memcpy(xkey->pubkey, p, plen); + if (op == KEY_OP_PUBLIC) { + memcpy(pubkey, p, plen); } else { - xkey->privkey = OPENSSL_secure_malloc(X25519_KEYLEN); - if (xkey->privkey == NULL) { + privkey = key->privkey = OPENSSL_secure_malloc(KEYLENID(id)); + if (privkey == NULL) { ECerr(EC_F_ECX_KEY_OP, ERR_R_MALLOC_FAILURE); - OPENSSL_free(xkey); - return 0; + goto err; } - if (op == X25519_KEYGEN) { - if (RAND_bytes(xkey->privkey, X25519_KEYLEN) <= 0) { - OPENSSL_secure_free(xkey->privkey); - OPENSSL_free(xkey); - return 0; + if (op == KEY_OP_KEYGEN) { + if (RAND_priv_bytes(privkey, KEYLENID(id)) <= 0) { + OPENSSL_secure_free(privkey); + key->privkey = NULL; + goto err; + } + if (id == EVP_PKEY_X25519) { + privkey[0] &= 248; + privkey[X25519_KEYLEN - 1] &= 127; + privkey[X25519_KEYLEN - 1] |= 64; + } else if (id == EVP_PKEY_X448) { + privkey[0] &= 252; + privkey[X448_KEYLEN - 1] |= 128; } - xkey->privkey[0] &= 248; - xkey->privkey[31] &= 127; - xkey->privkey[31] |= 64; } else { - memcpy(xkey->privkey, p, X25519_KEYLEN); + memcpy(privkey, p, KEYLENID(id)); + } + switch (id) { + case EVP_PKEY_X25519: + X25519_public_from_private(pubkey, privkey); + break; + case EVP_PKEY_ED25519: + ED25519_public_from_private(pubkey, privkey); + break; + case EVP_PKEY_X448: + X448_public_from_private(pubkey, privkey); + break; + case EVP_PKEY_ED448: + ED448_public_from_private(pubkey, privkey); + break; } - X25519_public_from_private(xkey->pubkey, xkey->privkey); } - EVP_PKEY_assign(pkey, NID_X25519, xkey); + EVP_PKEY_assign(pkey, id, key); return 1; + err: + OPENSSL_free(key); + return 0; } static int ecx_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) { - const X25519_KEY *xkey = pkey->pkey.ptr; + const ECX_KEY *ecxkey = pkey->pkey.ecx; unsigned char *penc; - if (xkey == NULL) { + if (ecxkey == NULL) { ECerr(EC_F_ECX_PUB_ENCODE, EC_R_INVALID_KEY); return 0; } - penc = OPENSSL_memdup(xkey->pubkey, X25519_KEYLEN); + penc = OPENSSL_memdup(ecxkey->pubkey, KEYLEN(pkey)); if (penc == NULL) { ECerr(EC_F_ECX_PUB_ENCODE, ERR_R_MALLOC_FAILURE); return 0; } - if (!X509_PUBKEY_set0_param(pk, OBJ_nid2obj(NID_X25519), V_ASN1_UNDEF, - NULL, penc, X25519_KEYLEN)) { + if (!X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id), + V_ASN1_UNDEF, NULL, penc, KEYLEN(pkey))) { OPENSSL_free(penc); ECerr(EC_F_ECX_PUB_ENCODE, ERR_R_MALLOC_FAILURE); return 0; @@ -122,17 +154,19 @@ static int ecx_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey)) return 0; - return ecx_key_op(pkey, palg, p, pklen, X25519_PUBLIC); + return ecx_key_op(pkey, pkey->ameth->pkey_id, palg, p, pklen, + KEY_OP_PUBLIC); } static int ecx_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) { - const X25519_KEY *akey = a->pkey.ptr; - const X25519_KEY *bkey = b->pkey.ptr; + const ECX_KEY *akey = a->pkey.ecx; + const ECX_KEY *bkey = b->pkey.ecx; if (akey == NULL || bkey == NULL) return -2; - return !CRYPTO_memcmp(akey->pubkey, bkey->pubkey, X25519_KEYLEN); + + return CRYPTO_memcmp(akey->pubkey, bkey->pubkey, KEYLEN(a)) == 0; } static int ecx_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) @@ -155,25 +189,25 @@ static int ecx_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) plen = ASN1_STRING_length(oct); } - rv = ecx_key_op(pkey, palg, p, plen, X25519_PRIVATE); + rv = ecx_key_op(pkey, pkey->ameth->pkey_id, palg, p, plen, KEY_OP_PRIVATE); ASN1_OCTET_STRING_free(oct); return rv; } static int ecx_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) { - const X25519_KEY *xkey = pkey->pkey.ptr; + const ECX_KEY *ecxkey = pkey->pkey.ecx; ASN1_OCTET_STRING oct; unsigned char *penc = NULL; int penclen; - if (xkey == NULL || xkey->privkey == NULL) { + if (ecxkey == NULL || ecxkey->privkey == NULL) { ECerr(EC_F_ECX_PRIV_ENCODE, EC_R_INVALID_PRIVATE_KEY); return 0; } - oct.data = xkey->privkey; - oct.length = X25519_KEYLEN; + oct.data = ecxkey->privkey; + oct.length = KEYLEN(pkey); oct.flags = 0; penclen = i2d_ASN1_OCTET_STRING(&oct, &penc); @@ -182,7 +216,7 @@ static int ecx_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) return 0; } - if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X25519), 0, + if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0, V_ASN1_UNDEF, NULL, penc, penclen)) { OPENSSL_clear_free(penc, penclen); ECerr(EC_F_ECX_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); @@ -194,26 +228,34 @@ static int ecx_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) static int ecx_size(const EVP_PKEY *pkey) { - return X25519_KEYLEN; + return KEYLEN(pkey); } static int ecx_bits(const EVP_PKEY *pkey) { - return X25519_BITS; + if (IS25519(pkey->ameth->pkey_id)) { + return X25519_BITS; + } else if(ISX448(pkey->ameth->pkey_id)) { + return X448_BITS; + } else { + return ED448_BITS; + } } static int ecx_security_bits(const EVP_PKEY *pkey) { - return X25519_SECURITY_BITS; + if (IS25519(pkey->ameth->pkey_id)) { + return X25519_SECURITY_BITS; + } else { + return X448_SECURITY_BITS; + } } static void ecx_free(EVP_PKEY *pkey) { - X25519_KEY *xkey = pkey->pkey.ptr; - - if (xkey) - OPENSSL_secure_clear_free(xkey->privkey, X25519_KEYLEN); - OPENSSL_free(xkey); + if (pkey->pkey.ecx != NULL) + OPENSSL_secure_clear_free(pkey->pkey.ecx->privkey, KEYLEN(pkey)); + OPENSSL_free(pkey->pkey.ecx); } /* "parameters" are always equal */ @@ -225,32 +267,36 @@ static int ecx_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) static int ecx_key_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx, ecx_key_op_t op) { - const X25519_KEY *xkey = pkey->pkey.ptr; + const ECX_KEY *ecxkey = pkey->pkey.ecx; + const char *nm = OBJ_nid2ln(pkey->ameth->pkey_id); - if (op == X25519_PRIVATE) { - if (xkey == NULL || xkey->privkey == NULL) { + if (op == KEY_OP_PRIVATE) { + if (ecxkey == NULL || ecxkey->privkey == NULL) { if (BIO_printf(bp, "%*s\n", indent, "") <= 0) return 0; return 1; } - if (BIO_printf(bp, "%*sX25519 Private-Key:\n", indent, "") <= 0) + if (BIO_printf(bp, "%*s%s Private-Key:\n", indent, "", nm) <= 0) return 0; if (BIO_printf(bp, "%*spriv:\n", indent, "") <= 0) return 0; - if (ASN1_buf_print(bp, xkey->privkey, X25519_KEYLEN, indent + 4) == 0) + if (ASN1_buf_print(bp, ecxkey->privkey, KEYLEN(pkey), + indent + 4) == 0) return 0; } else { - if (xkey == NULL) { + if (ecxkey == NULL) { if (BIO_printf(bp, "%*s\n", indent, "") <= 0) return 0; return 1; } - if (BIO_printf(bp, "%*sX25519 Public-Key:\n", indent, "") <= 0) + if (BIO_printf(bp, "%*s%s Public-Key:\n", indent, "", nm) <= 0) return 0; } if (BIO_printf(bp, "%*spub:\n", indent, "") <= 0) return 0; - if (ASN1_buf_print(bp, xkey->pubkey, X25519_KEYLEN, indent + 4) == 0) + + if (ASN1_buf_print(bp, ecxkey->pubkey, KEYLEN(pkey), + indent + 4) == 0) return 0; return 1; } @@ -258,13 +304,13 @@ static int ecx_key_print(BIO *bp, const EVP_PKEY *pkey, int indent, static int ecx_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx) { - return ecx_key_print(bp, pkey, indent, ctx, X25519_PRIVATE); + return ecx_key_print(bp, pkey, indent, ctx, KEY_OP_PRIVATE); } static int ecx_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx) { - return ecx_key_print(bp, pkey, indent, ctx, X25519_PUBLIC); + return ecx_key_print(bp, pkey, indent, ctx, KEY_OP_PUBLIC); } static int ecx_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) @@ -272,20 +318,31 @@ static int ecx_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) switch (op) { case ASN1_PKEY_CTRL_SET1_TLS_ENCPT: - return ecx_key_op(pkey, NULL, arg2, arg1, X25519_PUBLIC); + return ecx_key_op(pkey, pkey->ameth->pkey_id, NULL, arg2, arg1, + KEY_OP_PUBLIC); case ASN1_PKEY_CTRL_GET1_TLS_ENCPT: - if (pkey->pkey.ptr != NULL) { - const X25519_KEY *xkey = pkey->pkey.ptr; + if (pkey->pkey.ecx != NULL) { unsigned char **ppt = arg2; - *ppt = OPENSSL_memdup(xkey->pubkey, X25519_KEYLEN); + + *ppt = OPENSSL_memdup(pkey->pkey.ecx->pubkey, KEYLEN(pkey)); if (*ppt != NULL) - return X25519_KEYLEN; + return KEYLEN(pkey); } return 0; + default: + return -2; + + } +} + +static int ecd_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) +{ + switch (op) { case ASN1_PKEY_CTRL_DEFAULT_MD_NID: - *(int *)arg2 = NID_sha256; + /* We currently only support Pure EdDSA which takes no digest */ + *(int *)arg2 = NID_undef; return 2; default: @@ -294,9 +351,63 @@ static int ecx_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) } } +static int ecx_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv, + size_t len) +{ + return ecx_key_op(pkey, pkey->ameth->pkey_id, NULL, priv, len, + KEY_OP_PRIVATE); +} + +static int ecx_set_pub_key(EVP_PKEY *pkey, const unsigned char *pub, size_t len) +{ + return ecx_key_op(pkey, pkey->ameth->pkey_id, NULL, pub, len, + KEY_OP_PUBLIC); +} + +static int ecx_get_priv_key(const EVP_PKEY *pkey, unsigned char *priv, + size_t *len) +{ + const ECX_KEY *key = pkey->pkey.ecx; + + if (priv == NULL) { + *len = KEYLENID(pkey->ameth->pkey_id); + return 1; + } + + if (key == NULL + || key->privkey == NULL + || *len < (size_t)KEYLENID(pkey->ameth->pkey_id)) + return 0; + + *len = KEYLENID(pkey->ameth->pkey_id); + memcpy(priv, key->privkey, *len); + + return 1; +} + +static int ecx_get_pub_key(const EVP_PKEY *pkey, unsigned char *pub, + size_t *len) +{ + const ECX_KEY *key = pkey->pkey.ecx; + + if (pub == NULL) { + *len = KEYLENID(pkey->ameth->pkey_id); + return 1; + } + + if (key == NULL + || *len < (size_t)KEYLENID(pkey->ameth->pkey_id)) + return 0; + + *len = KEYLENID(pkey->ameth->pkey_id); + memcpy(pub, key->pubkey, *len); + + return 1; +} + const EVP_PKEY_ASN1_METHOD ecx25519_asn1_meth = { - NID_X25519, - NID_X25519, + EVP_PKEY_X25519, + EVP_PKEY_X25519, 0, "X25519", "OpenSSL X25519 algorithm", @@ -321,36 +432,277 @@ const EVP_PKEY_ASN1_METHOD ecx25519_asn1_meth = { ecx_free, ecx_ctrl, NULL, - NULL + NULL, + + NULL, + NULL, + NULL, + + NULL, + NULL, + NULL, + + ecx_set_priv_key, + ecx_set_pub_key, + ecx_get_priv_key, + ecx_get_pub_key, +}; + +const EVP_PKEY_ASN1_METHOD ecx448_asn1_meth = { + EVP_PKEY_X448, + EVP_PKEY_X448, + 0, + "X448", + "OpenSSL X448 algorithm", + + ecx_pub_decode, + ecx_pub_encode, + ecx_pub_cmp, + ecx_pub_print, + + ecx_priv_decode, + ecx_priv_encode, + ecx_priv_print, + + ecx_size, + ecx_bits, + ecx_security_bits, + + 0, 0, 0, 0, + ecx_cmp_parameters, + 0, 0, + + ecx_free, + ecx_ctrl, + NULL, + NULL, + + NULL, + NULL, + NULL, + + NULL, + NULL, + NULL, + + ecx_set_priv_key, + ecx_set_pub_key, + ecx_get_priv_key, + ecx_get_pub_key, +}; + +static int ecd_size25519(const EVP_PKEY *pkey) +{ + return ED25519_SIGSIZE; +} + +static int ecd_size448(const EVP_PKEY *pkey) +{ + return ED448_SIGSIZE; +} + +static int ecd_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, + X509_ALGOR *sigalg, ASN1_BIT_STRING *str, + EVP_PKEY *pkey) +{ + const ASN1_OBJECT *obj; + int ptype; + int nid; + + /* Sanity check: make sure it is ED25519/ED448 with absent parameters */ + X509_ALGOR_get0(&obj, &ptype, NULL, sigalg); + nid = OBJ_obj2nid(obj); + if ((nid != NID_ED25519 && nid != NID_ED448) || ptype != V_ASN1_UNDEF) { + ECerr(EC_F_ECD_ITEM_VERIFY, EC_R_INVALID_ENCODING); + return 0; + } + + if (!EVP_DigestVerifyInit(ctx, NULL, NULL, NULL, pkey)) + return 0; + + return 2; +} + +static int ecd_item_sign25519(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, + X509_ALGOR *alg1, X509_ALGOR *alg2, + ASN1_BIT_STRING *str) +{ + /* Set algorithms identifiers */ + X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_ED25519), V_ASN1_UNDEF, NULL); + if (alg2) + X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_ED25519), V_ASN1_UNDEF, NULL); + /* Algorithm idetifiers set: carry on as normal */ + return 3; +} + +static int ecd_sig_info_set25519(X509_SIG_INFO *siginf, const X509_ALGOR *alg, + const ASN1_STRING *sig) +{ + X509_SIG_INFO_set(siginf, NID_undef, NID_ED25519, X25519_SECURITY_BITS, + X509_SIG_INFO_TLS); + return 1; +} + +static int ecd_item_sign448(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, + X509_ALGOR *alg1, X509_ALGOR *alg2, + ASN1_BIT_STRING *str) +{ + /* Set algorithm identifier */ + X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_ED448), V_ASN1_UNDEF, NULL); + if (alg2 != NULL) + X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_ED448), V_ASN1_UNDEF, NULL); + /* Algorithm identifier set: carry on as normal */ + return 3; +} + +static int ecd_sig_info_set448(X509_SIG_INFO *siginf, const X509_ALGOR *alg, + const ASN1_STRING *sig) +{ + X509_SIG_INFO_set(siginf, NID_undef, NID_ED448, X448_SECURITY_BITS, + X509_SIG_INFO_TLS); + return 1; +} + + +const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth = { + EVP_PKEY_ED25519, + EVP_PKEY_ED25519, + 0, + "ED25519", + "OpenSSL ED25519 algorithm", + + ecx_pub_decode, + ecx_pub_encode, + ecx_pub_cmp, + ecx_pub_print, + + ecx_priv_decode, + ecx_priv_encode, + ecx_priv_print, + + ecd_size25519, + ecx_bits, + ecx_security_bits, + + 0, 0, 0, 0, + ecx_cmp_parameters, + 0, 0, + + ecx_free, + ecd_ctrl, + NULL, + NULL, + ecd_item_verify, + ecd_item_sign25519, + ecd_sig_info_set25519, + + NULL, + NULL, + NULL, + + ecx_set_priv_key, + ecx_set_pub_key, + ecx_get_priv_key, + ecx_get_pub_key, +}; + +const EVP_PKEY_ASN1_METHOD ed448_asn1_meth = { + EVP_PKEY_ED448, + EVP_PKEY_ED448, + 0, + "ED448", + "OpenSSL ED448 algorithm", + + ecx_pub_decode, + ecx_pub_encode, + ecx_pub_cmp, + ecx_pub_print, + + ecx_priv_decode, + ecx_priv_encode, + ecx_priv_print, + + ecd_size448, + ecx_bits, + ecx_security_bits, + + 0, 0, 0, 0, + ecx_cmp_parameters, + 0, 0, + + ecx_free, + ecd_ctrl, + NULL, + NULL, + ecd_item_verify, + ecd_item_sign448, + ecd_sig_info_set448, + + NULL, + NULL, + NULL, + + ecx_set_priv_key, + ecx_set_pub_key, + ecx_get_priv_key, + ecx_get_pub_key, }; static int pkey_ecx_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { - return ecx_key_op(pkey, NULL, NULL, 0, X25519_KEYGEN); + return ecx_key_op(pkey, ctx->pmeth->pkey_id, NULL, NULL, 0, KEY_OP_KEYGEN); } -static int pkey_ecx_derive(EVP_PKEY_CTX *ctx, unsigned char *key, - size_t *keylen) +static int validate_ecx_derive(EVP_PKEY_CTX *ctx, unsigned char *key, + size_t *keylen, + const unsigned char **privkey, + const unsigned char **pubkey) { - const X25519_KEY *pkey, *peerkey; + const ECX_KEY *ecxkey, *peerkey; if (ctx->pkey == NULL || ctx->peerkey == NULL) { - ECerr(EC_F_PKEY_ECX_DERIVE, EC_R_KEYS_NOT_SET); + ECerr(EC_F_VALIDATE_ECX_DERIVE, EC_R_KEYS_NOT_SET); return 0; } - pkey = ctx->pkey->pkey.ptr; - peerkey = ctx->peerkey->pkey.ptr; - if (pkey == NULL || pkey->privkey == NULL) { - ECerr(EC_F_PKEY_ECX_DERIVE, EC_R_INVALID_PRIVATE_KEY); + ecxkey = ctx->pkey->pkey.ecx; + peerkey = ctx->peerkey->pkey.ecx; + if (ecxkey == NULL || ecxkey->privkey == NULL) { + ECerr(EC_F_VALIDATE_ECX_DERIVE, EC_R_INVALID_PRIVATE_KEY); return 0; } if (peerkey == NULL) { - ECerr(EC_F_PKEY_ECX_DERIVE, EC_R_INVALID_PEER_KEY); + ECerr(EC_F_VALIDATE_ECX_DERIVE, EC_R_INVALID_PEER_KEY); return 0; } + *privkey = ecxkey->privkey; + *pubkey = peerkey->pubkey; + + return 1; +} + +static int pkey_ecx_derive25519(EVP_PKEY_CTX *ctx, unsigned char *key, + size_t *keylen) +{ + const unsigned char *privkey, *pubkey; + + if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey) + || (key != NULL + && X25519(key, privkey, pubkey) == 0)) + return 0; *keylen = X25519_KEYLEN; - if (key != NULL && X25519(key, pkey->privkey, peerkey->pubkey) == 0) + return 1; +} + +static int pkey_ecx_derive448(EVP_PKEY_CTX *ctx, unsigned char *key, + size_t *keylen) +{ + const unsigned char *privkey, *pubkey; + + if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey) + || (key != NULL + && X448(key, privkey, pubkey) == 0)) return 0; + *keylen = X448_KEYLEN; return 1; } @@ -363,11 +715,126 @@ static int pkey_ecx_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) } const EVP_PKEY_METHOD ecx25519_pkey_meth = { - NID_X25519, + EVP_PKEY_X25519, + 0, 0, 0, 0, 0, 0, 0, + pkey_ecx_keygen, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + pkey_ecx_derive25519, + pkey_ecx_ctrl, + 0 +}; + +const EVP_PKEY_METHOD ecx448_pkey_meth = { + EVP_PKEY_X448, 0, 0, 0, 0, 0, 0, 0, pkey_ecx_keygen, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - pkey_ecx_derive, + pkey_ecx_derive448, pkey_ecx_ctrl, 0 }; + +static int pkey_ecd_digestsign25519(EVP_MD_CTX *ctx, unsigned char *sig, + size_t *siglen, const unsigned char *tbs, + size_t tbslen) +{ + const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx; + + if (sig == NULL) { + *siglen = ED25519_SIGSIZE; + return 1; + } + if (*siglen < ED25519_SIGSIZE) { + ECerr(EC_F_PKEY_ECD_DIGESTSIGN25519, EC_R_BUFFER_TOO_SMALL); + return 0; + } + + if (ED25519_sign(sig, tbs, tbslen, edkey->pubkey, edkey->privkey) == 0) + return 0; + *siglen = ED25519_SIGSIZE; + return 1; +} + +static int pkey_ecd_digestsign448(EVP_MD_CTX *ctx, unsigned char *sig, + size_t *siglen, const unsigned char *tbs, + size_t tbslen) +{ + const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx; + + if (sig == NULL) { + *siglen = ED448_SIGSIZE; + return 1; + } + if (*siglen < ED448_SIGSIZE) { + ECerr(EC_F_PKEY_ECD_DIGESTSIGN448, EC_R_BUFFER_TOO_SMALL); + return 0; + } + + if (ED448_sign(sig, tbs, tbslen, edkey->pubkey, edkey->privkey, NULL, + 0) == 0) + return 0; + *siglen = ED448_SIGSIZE; + return 1; +} + +static int pkey_ecd_digestverify25519(EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen, const unsigned char *tbs, + size_t tbslen) +{ + const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx; + + if (siglen != ED25519_SIGSIZE) + return 0; + + return ED25519_verify(tbs, tbslen, sig, edkey->pubkey); +} + +static int pkey_ecd_digestverify448(EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen, const unsigned char *tbs, + size_t tbslen) +{ + const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx; + + if (siglen != ED448_SIGSIZE) + return 0; + + return ED448_verify(tbs, tbslen, sig, edkey->pubkey, NULL, 0); +} + +static int pkey_ecd_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) +{ + switch (type) { + case EVP_PKEY_CTRL_MD: + /* Only NULL allowed as digest */ + if (p2 == NULL || (const EVP_MD *)p2 == EVP_md_null()) + return 1; + ECerr(EC_F_PKEY_ECD_CTRL, EC_R_INVALID_DIGEST_TYPE); + return 0; + + case EVP_PKEY_CTRL_DIGESTINIT: + return 1; + } + return -2; +} + +const EVP_PKEY_METHOD ed25519_pkey_meth = { + EVP_PKEY_ED25519, EVP_PKEY_FLAG_SIGCTX_CUSTOM, + 0, 0, 0, 0, 0, 0, + pkey_ecx_keygen, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + pkey_ecd_ctrl, + 0, + pkey_ecd_digestsign25519, + pkey_ecd_digestverify25519 +}; + +const EVP_PKEY_METHOD ed448_pkey_meth = { + EVP_PKEY_ED448, EVP_PKEY_FLAG_SIGCTX_CUSTOM, + 0, 0, 0, 0, 0, 0, + pkey_ecx_keygen, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + pkey_ecd_ctrl, + 0, + pkey_ecd_digestsign448, + pkey_ecd_digestverify448 +}; diff --git a/deps/openssl/openssl/crypto/engine/README b/deps/openssl/openssl/crypto/engine/README index 41baa184c3ec77..0050b9e50951cc 100644 --- a/deps/openssl/openssl/crypto/engine/README +++ b/deps/openssl/openssl/crypto/engine/README @@ -161,7 +161,7 @@ actually qualitatively different depending on 'nid' (the "des_cbc" EVP_CIPHER is not an interoperable implementation of "aes_256_cbc"), RSA_METHODs are necessarily interoperable and don't have different flavours, only different implementations. In other words, the ENGINE_TABLE for RSA will either be empty, -or will have a single ENGING_PILE hashed to by the 'nid' 1 and that pile +or will have a single ENGINE_PILE hashed to by the 'nid' 1 and that pile represents ENGINEs that implement the single "type" of RSA there is. Cleanup - the registration and unregistration may pose questions about how @@ -188,7 +188,7 @@ state will be unchanged. Thus, no cleanup is required unless registration takes place. ENGINE_cleanup() will simply iterate across a list of registered cleanup callbacks calling each in turn, and will then internally delete its own storage (a STACK). When a cleanup callback is next registered (eg. if the cleanup() is -part of a gracefull restart and the application wants to cleanup all state then +part of a graceful restart and the application wants to cleanup all state then start again), the internal STACK storage will be freshly allocated. This is much the same as the situation in the ENGINE_TABLE instantiations ... NULL is the initialised state, so only modification operations (not queries) will cause that @@ -204,8 +204,8 @@ exists) - the idea of providing an ENGINE_cpy() function probably wasn't a good one and now certainly doesn't make sense in any generalised way. Some of the RSA, DSA, DH, and RAND functions that were fiddled during the original ENGINE changes have now, as a consequence, been reverted back. This is because the -hooking of ENGINE is now automatic (and passive, it can interally use a NULL +hooking of ENGINE is now automatic (and passive, it can internally use a NULL ENGINE pointer to simply ignore ENGINE from then on). -Hell, that should be enough for now ... comments welcome: geoff@openssl.org +Hell, that should be enough for now ... comments welcome. diff --git a/deps/openssl/openssl/crypto/engine/build.info b/deps/openssl/openssl/crypto/engine/build.info index 161dad4d028189..e00802a3fd55b6 100644 --- a/deps/openssl/openssl/crypto/engine/build.info +++ b/deps/openssl/openssl/crypto/engine/build.info @@ -4,5 +4,8 @@ SOURCE[../../libcrypto]=\ eng_table.c eng_pkey.c eng_fat.c eng_all.c \ tb_rsa.c tb_dsa.c tb_dh.c tb_rand.c \ tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c tb_eckey.c \ - eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c \ + eng_openssl.c eng_cnf.c eng_dyn.c \ eng_rdrand.c +IF[{- !$disabled{devcryptoeng} -}] + SOURCE[../../libcrypto]=eng_devcrypto.c +ENDIF diff --git a/deps/openssl/openssl/crypto/engine/eng_all.c b/deps/openssl/openssl/crypto/engine/eng_all.c index ebe0277370c6df..af306ccffc12a9 100644 --- a/deps/openssl/openssl/crypto/engine/eng_all.c +++ b/deps/openssl/openssl/crypto/engine/eng_all.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -18,14 +18,8 @@ void ENGINE_load_builtin_engines(void) OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL); } -#if (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)) && !defined(OPENSSL_NO_DEPRECATED) +#if (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__)) && OPENSSL_API_COMPAT < 0x10100000L void ENGINE_setup_bsd_cryptodev(void) { - static int bsd_cryptodev_default_loaded = 0; - if (!bsd_cryptodev_default_loaded) { - OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CRYPTODEV, NULL); - ENGINE_register_all_complete(); - } - bsd_cryptodev_default_loaded = 1; } #endif diff --git a/deps/openssl/openssl/crypto/engine/eng_cryptodev.c b/deps/openssl/openssl/crypto/engine/eng_cryptodev.c deleted file mode 100644 index 5572735008d9e8..00000000000000 --- a/deps/openssl/openssl/crypto/engine/eng_cryptodev.c +++ /dev/null @@ -1,1757 +0,0 @@ -/* - * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Copyright (c) 2002 Bob Beck - * Copyright (c) 2002 Theo de Raadt - * Copyright (c) 2002 Markus Friedl - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY - * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY - * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND - * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#include -#include -#include -#include -#include - -#if (defined(__unix__) || defined(unix)) && !defined(USG) && \ - (defined(OpenBSD) || defined(__FreeBSD__)) -# include -# if (defined(OpenBSD) && (OpenBSD >= 200112)) || \ - (defined(__FreeBSD_version) && \ - ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || \ - __FreeBSD_version >= 500041)) -# define HAVE_CRYPTODEV -# endif -# if defined(OpenBSD) && (OpenBSD >= 200110) -# define HAVE_SYSLOG_R -# endif -#endif - -#include -#ifdef HAVE_CRYPTODEV -# include -# include -# include -# include -# include -# include -# include -# include -# include -# include -#endif -#include -#include -#include -#include - -#ifndef HAVE_CRYPTODEV - -void engine_load_cryptodev_int(void) -{ - /* This is a NOP on platforms without /dev/crypto */ - return; -} - -#else - -struct dev_crypto_state { - struct session_op d_sess; - int d_fd; -# ifdef USE_CRYPTODEV_DIGESTS - char dummy_mac_key[HASH_MAX_LEN]; - unsigned char digest_res[HASH_MAX_LEN]; - char *mac_data; - int mac_len; -# endif -}; - -static u_int32_t cryptodev_asymfeat = 0; - -static RSA_METHOD *cryptodev_rsa; -#ifndef OPENSSL_NO_DSA -static DSA_METHOD *cryptodev_dsa = NULL; -#endif -#ifndef OPENSSL_NO_DH -static DH_METHOD *cryptodev_dh; -#endif - -static int get_asym_dev_crypto(void); -static int open_dev_crypto(void); -static int get_dev_crypto(void); -static int get_cryptodev_ciphers(const int **cnids); -# ifdef USE_CRYPTODEV_DIGESTS -static int get_cryptodev_digests(const int **cnids); -# endif -static int cryptodev_usable_ciphers(const int **nids); -static int cryptodev_usable_digests(const int **nids); -static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl); -static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); -static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx); -static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - const int **nids, int nid); -static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, - const int **nids, int nid); -static int bn2crparam(const BIGNUM *a, struct crparam *crp); -static int crparam2bn(struct crparam *crp, BIGNUM *a); -static void zapparams(struct crypt_kop *kop); -static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, - int slen, BIGNUM *s); - -static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); -static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, - BN_CTX *ctx); -static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, - BN_CTX *ctx); -#ifndef OPENSSL_NO_DSA -static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, const BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, - BN_CTX *ctx, BN_MONT_CTX *m_ctx); -static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, const BIGNUM *g, - const BIGNUM *u1, const BIGNUM *pub_key, - const BIGNUM *u2, const BIGNUM *p, - BN_CTX *ctx, BN_MONT_CTX *mont); -static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, - DSA *dsa); -static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len, - DSA_SIG *sig, DSA *dsa); -#endif -#ifndef OPENSSL_NO_DH -static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); -static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, - DH *dh); -#endif -static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, - void (*f) (void)); -void engine_load_cryptodev_int(void); - -static const ENGINE_CMD_DEFN cryptodev_defns[] = { - {0, NULL, NULL, 0} -}; - -static struct { - int id; - int nid; - int ivmax; - int keylen; -} ciphers[] = { - { - CRYPTO_ARC4, NID_rc4, 0, 16, - }, - { - CRYPTO_DES_CBC, NID_des_cbc, 8, 8, - }, - { - CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, - }, - { - CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, - }, - { - CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, - }, - { - CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, - }, -# ifdef CRYPTO_AES_CTR - { - CRYPTO_AES_CTR, NID_aes_128_ctr, 14, 16, - }, - { - CRYPTO_AES_CTR, NID_aes_192_ctr, 14, 24, - }, - { - CRYPTO_AES_CTR, NID_aes_256_ctr, 14, 32, - }, -# endif - { - CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, - }, - { - CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, - }, - { - CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, - }, - { - 0, NID_undef, 0, 0, - }, -}; - -# ifdef USE_CRYPTODEV_DIGESTS -static struct { - int id; - int nid; - int keylen; -} digests[] = { - { - CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16 - }, - { - CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20 - }, - { - CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16 - /* ? */ - }, - { - CRYPTO_MD5_KPDK, NID_undef, 0 - }, - { - CRYPTO_SHA1_KPDK, NID_undef, 0 - }, - { - CRYPTO_MD5, NID_md5, 16 - }, - { - CRYPTO_SHA1, NID_sha1, 20 - }, - { - 0, NID_undef, 0 - }, -}; -# endif - -/* - * Return a fd if /dev/crypto seems usable, 0 otherwise. - */ -static int open_dev_crypto(void) -{ - static int fd = -1; - - if (fd == -1) { - if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1) - return (-1); - /* close on exec */ - if (fcntl(fd, F_SETFD, 1) == -1) { - close(fd); - fd = -1; - return (-1); - } - } - return (fd); -} - -static int get_dev_crypto(void) -{ - int fd, retfd; - - if ((fd = open_dev_crypto()) == -1) - return (-1); -# ifndef CRIOGET_NOT_NEEDED - if (ioctl(fd, CRIOGET, &retfd) == -1) - return (-1); - - /* close on exec */ - if (fcntl(retfd, F_SETFD, 1) == -1) { - close(retfd); - return (-1); - } -# else - retfd = fd; -# endif - return (retfd); -} - -static void put_dev_crypto(int fd) -{ -# ifndef CRIOGET_NOT_NEEDED - close(fd); -# endif -} - -/* Caching version for asym operations */ -static int get_asym_dev_crypto(void) -{ - static int fd = -1; - - if (fd == -1) - fd = get_dev_crypto(); - return fd; -} - -/* - * Find out what ciphers /dev/crypto will let us have a session for. - * XXX note, that some of these openssl doesn't deal with yet! - * returning them here is harmless, as long as we return NULL - * when asked for a handler in the cryptodev_engine_ciphers routine - */ -static int get_cryptodev_ciphers(const int **cnids) -{ - static int nids[CRYPTO_ALGORITHM_MAX]; - struct session_op sess; - int fd, i, count = 0; - - if ((fd = get_dev_crypto()) < 0) { - *cnids = NULL; - return (0); - } - memset(&sess, 0, sizeof(sess)); - sess.key = (caddr_t) "123456789abcdefghijklmno"; - - for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { - if (ciphers[i].nid == NID_undef) - continue; - sess.cipher = ciphers[i].id; - sess.keylen = ciphers[i].keylen; - sess.mac = 0; - if (ioctl(fd, CIOCGSESSION, &sess) != -1 && - ioctl(fd, CIOCFSESSION, &sess.ses) != -1) - nids[count++] = ciphers[i].nid; - } - put_dev_crypto(fd); - - if (count > 0) - *cnids = nids; - else - *cnids = NULL; - return (count); -} - -# ifdef USE_CRYPTODEV_DIGESTS -/* - * Find out what digests /dev/crypto will let us have a session for. - * XXX note, that some of these openssl doesn't deal with yet! - * returning them here is harmless, as long as we return NULL - * when asked for a handler in the cryptodev_engine_digests routine - */ -static int get_cryptodev_digests(const int **cnids) -{ - static int nids[CRYPTO_ALGORITHM_MAX]; - struct session_op sess; - int fd, i, count = 0; - - if ((fd = get_dev_crypto()) < 0) { - *cnids = NULL; - return (0); - } - memset(&sess, 0, sizeof(sess)); - sess.mackey = (caddr_t) "123456789abcdefghijklmno"; - for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { - if (digests[i].nid == NID_undef) - continue; - sess.mac = digests[i].id; - sess.mackeylen = digests[i].keylen; - sess.cipher = 0; - if (ioctl(fd, CIOCGSESSION, &sess) != -1 && - ioctl(fd, CIOCFSESSION, &sess.ses) != -1) - nids[count++] = digests[i].nid; - } - put_dev_crypto(fd); - - if (count > 0) - *cnids = nids; - else - *cnids = NULL; - return (count); -} -# endif /* 0 */ - -/* - * Find the useable ciphers|digests from dev/crypto - this is the first - * thing called by the engine init crud which determines what it - * can use for ciphers from this engine. We want to return - * only what we can do, anything else is handled by software. - * - * If we can't initialize the device to do anything useful for - * any reason, we want to return a NULL array, and 0 length, - * which forces everything to be done is software. By putting - * the initialization of the device in here, we ensure we can - * use this engine as the default, and if for whatever reason - * /dev/crypto won't do what we want it will just be done in - * software - * - * This can (should) be greatly expanded to perhaps take into - * account speed of the device, and what we want to do. - * (although the disabling of particular alg's could be controlled - * by the device driver with sysctl's.) - this is where we - * want most of the decisions made about what we actually want - * to use from /dev/crypto. - */ -static int cryptodev_usable_ciphers(const int **nids) -{ - return (get_cryptodev_ciphers(nids)); -} - -static int cryptodev_usable_digests(const int **nids) -{ -# ifdef USE_CRYPTODEV_DIGESTS - return (get_cryptodev_digests(nids)); -# else - /* - * XXXX just disable all digests for now, because it sucks. - * we need a better way to decide this - i.e. I may not - * want digests on slow cards like hifn on fast machines, - * but might want them on slow or loaded machines, etc. - * will also want them when using crypto cards that don't - * suck moose gonads - would be nice to be able to decide something - * as reasonable default without having hackery that's card dependent. - * of course, the default should probably be just do everything, - * with perhaps a sysctl to turn algorithms off (or have them off - * by default) on cards that generally suck like the hifn. - */ - *nids = NULL; - return (0); -# endif -} - -static int -cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ - struct crypt_op cryp; - struct dev_crypto_state *state = EVP_CIPHER_CTX_get_cipher_data(ctx); - struct session_op *sess = &state->d_sess; - const void *iiv; - unsigned char save_iv[EVP_MAX_IV_LENGTH]; - - if (state->d_fd < 0) - return (0); - if (!inl) - return (1); - if ((inl % EVP_CIPHER_CTX_block_size(ctx)) != 0) - return (0); - - memset(&cryp, 0, sizeof(cryp)); - - cryp.ses = sess->ses; - cryp.flags = 0; - cryp.len = inl; - cryp.src = (caddr_t) in; - cryp.dst = (caddr_t) out; - cryp.mac = 0; - - cryp.op = EVP_CIPHER_CTX_encrypting(ctx) ? COP_ENCRYPT : COP_DECRYPT; - - if (EVP_CIPHER_CTX_iv_length(ctx) > 0) { - cryp.iv = (caddr_t) EVP_CIPHER_CTX_iv(ctx); - if (!EVP_CIPHER_CTX_encrypting(ctx)) { - iiv = in + inl - EVP_CIPHER_CTX_iv_length(ctx); - memcpy(save_iv, iiv, EVP_CIPHER_CTX_iv_length(ctx)); - } - } else - cryp.iv = NULL; - - if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) { - /* - * XXX need better error handling this can fail for a number of - * different reasons. - */ - return (0); - } - - if (EVP_CIPHER_CTX_iv_length(ctx) > 0) { - if (EVP_CIPHER_CTX_encrypting(ctx)) - iiv = out + inl - EVP_CIPHER_CTX_iv_length(ctx); - else - iiv = save_iv; - memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iiv, - EVP_CIPHER_CTX_iv_length(ctx)); - } - return (1); -} - -static int -cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - struct dev_crypto_state *state = EVP_CIPHER_CTX_get_cipher_data(ctx); - struct session_op *sess = &state->d_sess; - int cipher = -1, i; - - for (i = 0; ciphers[i].id; i++) - if (EVP_CIPHER_CTX_nid(ctx) == ciphers[i].nid && - EVP_CIPHER_CTX_iv_length(ctx) <= ciphers[i].ivmax && - EVP_CIPHER_CTX_key_length(ctx) == ciphers[i].keylen) { - cipher = ciphers[i].id; - break; - } - - if (!ciphers[i].id) { - state->d_fd = -1; - return (0); - } - - memset(sess, 0, sizeof(*sess)); - - if ((state->d_fd = get_dev_crypto()) < 0) - return (0); - - sess->key = (caddr_t) key; - sess->keylen = EVP_CIPHER_CTX_key_length(ctx); - sess->cipher = cipher; - - if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { - put_dev_crypto(state->d_fd); - state->d_fd = -1; - return (0); - } - return (1); -} - -/* - * free anything we allocated earlier when initing a - * session, and close the session. - */ -static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx) -{ - int ret = 0; - struct dev_crypto_state *state = EVP_CIPHER_CTX_get_cipher_data(ctx); - struct session_op *sess = &state->d_sess; - - if (state->d_fd < 0) - return (0); - - /* - * XXX if this ioctl fails, something's wrong. the invoker may have called - * us with a bogus ctx, or we could have a device that for whatever - * reason just doesn't want to play ball - it's not clear what's right - * here - should this be an error? should it just increase a counter, - * hmm. For right now, we return 0 - I don't believe that to be "right". - * we could call the gorpy openssl lib error handlers that print messages - * to users of the library. hmm.. - */ - - if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) { - ret = 0; - } else { - ret = 1; - } - put_dev_crypto(state->d_fd); - state->d_fd = -1; - - return (ret); -} - -/* - * libcrypto EVP stuff - this is how we get wired to EVP so the engine - * gets called when libcrypto requests a cipher NID. - */ - -/* RC4 */ -static EVP_CIPHER *rc4_cipher = NULL; -static const EVP_CIPHER *cryptodev_rc4(void) -{ - if (rc4_cipher == NULL) { - EVP_CIPHER *cipher; - - if ((cipher = EVP_CIPHER_meth_new(NID_rc4, 1, 16)) == NULL - || !EVP_CIPHER_meth_set_iv_length(cipher, 0) - || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_VARIABLE_LENGTH) - || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key) - || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher) - || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup) - || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state))) { - EVP_CIPHER_meth_free(cipher); - cipher = NULL; - } - rc4_cipher = cipher; - } - return rc4_cipher; -} - -/* DES CBC EVP */ -static EVP_CIPHER *des_cbc_cipher = NULL; -static const EVP_CIPHER *cryptodev_des_cbc(void) -{ - if (des_cbc_cipher == NULL) { - EVP_CIPHER *cipher; - - if ((cipher = EVP_CIPHER_meth_new(NID_des_cbc, 8, 8)) == NULL - || !EVP_CIPHER_meth_set_iv_length(cipher, 8) - || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE) - || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key) - || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher) - || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup) - || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state)) - || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv) - || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) { - EVP_CIPHER_meth_free(cipher); - cipher = NULL; - } - des_cbc_cipher = cipher; - } - return des_cbc_cipher; -} - -/* 3DES CBC EVP */ -static EVP_CIPHER *des3_cbc_cipher = NULL; -static const EVP_CIPHER *cryptodev_3des_cbc(void) -{ - if (des3_cbc_cipher == NULL) { - EVP_CIPHER *cipher; - - if ((cipher = EVP_CIPHER_meth_new(NID_des_ede3_cbc, 8, 24)) == NULL - || !EVP_CIPHER_meth_set_iv_length(cipher, 8) - || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE) - || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key) - || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher) - || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup) - || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state)) - || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv) - || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) { - EVP_CIPHER_meth_free(cipher); - cipher = NULL; - } - des3_cbc_cipher = cipher; - } - return des3_cbc_cipher; -} - -static EVP_CIPHER *bf_cbc_cipher = NULL; -static const EVP_CIPHER *cryptodev_bf_cbc(void) -{ - if (bf_cbc_cipher == NULL) { - EVP_CIPHER *cipher; - - if ((cipher = EVP_CIPHER_meth_new(NID_bf_cbc, 8, 16)) == NULL - || !EVP_CIPHER_meth_set_iv_length(cipher, 8) - || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE) - || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key) - || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher) - || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup) - || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state)) - || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv) - || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) { - EVP_CIPHER_meth_free(cipher); - cipher = NULL; - } - bf_cbc_cipher = cipher; - } - return bf_cbc_cipher; -} - -static EVP_CIPHER *cast_cbc_cipher = NULL; -static const EVP_CIPHER *cryptodev_cast_cbc(void) -{ - if (cast_cbc_cipher == NULL) { - EVP_CIPHER *cipher; - - if ((cipher = EVP_CIPHER_meth_new(NID_cast5_cbc, 8, 16)) == NULL - || !EVP_CIPHER_meth_set_iv_length(cipher, 8) - || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE) - || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key) - || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher) - || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup) - || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state)) - || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv) - || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) { - EVP_CIPHER_meth_free(cipher); - cipher = NULL; - } - cast_cbc_cipher = cipher; - } - return cast_cbc_cipher; -} - -static EVP_CIPHER *aes_cbc_cipher = NULL; -static const EVP_CIPHER *cryptodev_aes_cbc(void) -{ - if (aes_cbc_cipher == NULL) { - EVP_CIPHER *cipher; - - if ((cipher = EVP_CIPHER_meth_new(NID_aes_128_cbc, 16, 16)) == NULL - || !EVP_CIPHER_meth_set_iv_length(cipher, 16) - || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE) - || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key) - || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher) - || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup) - || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state)) - || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv) - || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) { - EVP_CIPHER_meth_free(cipher); - cipher = NULL; - } - aes_cbc_cipher = cipher; - } - return aes_cbc_cipher; -} - -static EVP_CIPHER *aes_192_cbc_cipher = NULL; -static const EVP_CIPHER *cryptodev_aes_192_cbc(void) -{ - if (aes_192_cbc_cipher == NULL) { - EVP_CIPHER *cipher; - - if ((cipher = EVP_CIPHER_meth_new(NID_aes_192_cbc, 16, 24)) == NULL - || !EVP_CIPHER_meth_set_iv_length(cipher, 16) - || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE) - || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key) - || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher) - || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup) - || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state)) - || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv) - || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) { - EVP_CIPHER_meth_free(cipher); - cipher = NULL; - } - aes_192_cbc_cipher = cipher; - } - return aes_192_cbc_cipher; -} - -static EVP_CIPHER *aes_256_cbc_cipher = NULL; -static const EVP_CIPHER *cryptodev_aes_256_cbc(void) -{ - if (aes_256_cbc_cipher == NULL) { - EVP_CIPHER *cipher; - - if ((cipher = EVP_CIPHER_meth_new(NID_aes_256_cbc, 16, 32)) == NULL - || !EVP_CIPHER_meth_set_iv_length(cipher, 16) - || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CBC_MODE) - || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key) - || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher) - || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup) - || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state)) - || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv) - || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) { - EVP_CIPHER_meth_free(cipher); - cipher = NULL; - } - aes_256_cbc_cipher = cipher; - } - return aes_256_cbc_cipher; -} - -# ifdef CRYPTO_AES_CTR -static EVP_CIPHER *aes_ctr_cipher = NULL; -static const EVP_CIPHER *cryptodev_aes_ctr(void) -{ - if (aes_ctr_cipher == NULL) { - EVP_CIPHER *cipher; - - if ((cipher = EVP_CIPHER_meth_new(NID_aes_128_ctr, 16, 16)) == NULL - || !EVP_CIPHER_meth_set_iv_length(cipher, 14) - || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CTR_MODE) - || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key) - || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher) - || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup) - || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state)) - || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv) - || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) { - EVP_CIPHER_meth_free(cipher); - cipher = NULL; - } - aes_ctr_cipher = cipher; - } - return aes_ctr_cipher; -} - -static EVP_CIPHER *aes_192_ctr_cipher = NULL; -static const EVP_CIPHER *cryptodev_aes_192_ctr(void) -{ - if (aes_192_ctr_cipher == NULL) { - EVP_CIPHER *cipher; - - if ((cipher = EVP_CIPHER_meth_new(NID_aes_192_ctr, 16, 24)) == NULL - || !EVP_CIPHER_meth_set_iv_length(cipher, 14) - || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CTR_MODE) - || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key) - || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher) - || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup) - || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state)) - || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv) - || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) { - EVP_CIPHER_meth_free(cipher); - cipher = NULL; - } - aes_192_ctr_cipher = cipher; - } - return aes_192_ctr_cipher; -} - -static EVP_CIPHER *aes_256_ctr_cipher = NULL; -static const EVP_CIPHER *cryptodev_aes_256_ctr(void) -{ - if (aes_256_ctr_cipher == NULL) { - EVP_CIPHER *cipher; - - if ((cipher = EVP_CIPHER_meth_new(NID_aes_256_ctr, 16, 32)) == NULL - || !EVP_CIPHER_meth_set_iv_length(cipher, 14) - || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_CTR_MODE) - || !EVP_CIPHER_meth_set_init(cipher, cryptodev_init_key) - || !EVP_CIPHER_meth_set_do_cipher(cipher, cryptodev_cipher) - || !EVP_CIPHER_meth_set_cleanup(cipher, cryptodev_cleanup) - || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(struct dev_crypto_state)) - || !EVP_CIPHER_meth_set_set_asn1_params(cipher, EVP_CIPHER_set_asn1_iv) - || !EVP_CIPHER_meth_set_get_asn1_params(cipher, EVP_CIPHER_get_asn1_iv)) { - EVP_CIPHER_meth_free(cipher); - cipher = NULL; - } - aes_256_ctr_cipher = cipher; - } - return aes_256_ctr_cipher; -} -# endif -/* - * Registered by the ENGINE when used to find out how to deal with - * a particular NID in the ENGINE. this says what we'll do at the - * top level - note, that list is restricted by what we answer with - */ -static int -cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - const int **nids, int nid) -{ - if (!cipher) - return (cryptodev_usable_ciphers(nids)); - - switch (nid) { - case NID_rc4: - *cipher = cryptodev_rc4(); - break; - case NID_des_ede3_cbc: - *cipher = cryptodev_3des_cbc(); - break; - case NID_des_cbc: - *cipher = cryptodev_des_cbc(); - break; - case NID_bf_cbc: - *cipher = cryptodev_bf_cbc(); - break; - case NID_cast5_cbc: - *cipher = cryptodev_cast_cbc(); - break; - case NID_aes_128_cbc: - *cipher = cryptodev_aes_cbc(); - break; - case NID_aes_192_cbc: - *cipher = cryptodev_aes_192_cbc(); - break; - case NID_aes_256_cbc: - *cipher = cryptodev_aes_256_cbc(); - break; -# ifdef CRYPTO_AES_CTR - case NID_aes_128_ctr: - *cipher = cryptodev_aes_ctr(); - break; - case NID_aes_192_ctr: - *cipher = cryptodev_aes_192_ctr(); - break; - case NID_aes_256_ctr: - *cipher = cryptodev_aes_256_ctr(); - break; -# endif - default: - *cipher = NULL; - break; - } - return (*cipher != NULL); -} - -# ifdef USE_CRYPTODEV_DIGESTS - -/* convert digest type to cryptodev */ -static int digest_nid_to_cryptodev(int nid) -{ - int i; - - for (i = 0; digests[i].id; i++) - if (digests[i].nid == nid) - return (digests[i].id); - return (0); -} - -static int digest_key_length(int nid) -{ - int i; - - for (i = 0; digests[i].id; i++) - if (digests[i].nid == nid) - return digests[i].keylen; - return (0); -} - -static int cryptodev_digest_init(EVP_MD_CTX *ctx) -{ - struct dev_crypto_state *state = EVP_MD_CTX_md_data(ctx); - struct session_op *sess = &state->d_sess; - int digest; - - if ((digest = digest_nid_to_cryptodev(EVP_MD_CTX_type(ctx))) == NID_undef) { - printf("cryptodev_digest_init: Can't get digest \n"); - return (0); - } - - memset(state, 0, sizeof(*state)); - - if ((state->d_fd = get_dev_crypto()) < 0) { - printf("cryptodev_digest_init: Can't get Dev \n"); - return (0); - } - - sess->mackey = state->dummy_mac_key; - sess->mackeylen = digest_key_length(EVP_MD_CTX_type(ctx)); - sess->mac = digest; - - if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) { - put_dev_crypto(state->d_fd); - state->d_fd = -1; - printf("cryptodev_digest_init: Open session failed\n"); - return (0); - } - - return (1); -} - -static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data, - size_t count) -{ - struct crypt_op cryp; - struct dev_crypto_state *state = EVP_MD_CTX_md_data(ctx); - struct session_op *sess = &state->d_sess; - char *new_mac_data; - - if (!data || state->d_fd < 0) { - printf("cryptodev_digest_update: illegal inputs \n"); - return (0); - } - - if (!count) { - return (0); - } - - if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT)) { - /* if application doesn't support one buffer */ - new_mac_data = - OPENSSL_realloc(state->mac_data, state->mac_len + count); - - if (!new_mac_data) { - printf("cryptodev_digest_update: realloc failed\n"); - return (0); - } - state->mac_data = new_mac_data; - - memcpy(state->mac_data + state->mac_len, data, count); - state->mac_len += count; - - return (1); - } - - memset(&cryp, 0, sizeof(cryp)); - - cryp.ses = sess->ses; - cryp.flags = 0; - cryp.len = count; - cryp.src = (caddr_t) data; - cryp.dst = NULL; - cryp.mac = (caddr_t) state->digest_res; - if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { - printf("cryptodev_digest_update: digest failed\n"); - return (0); - } - return (1); -} - -static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md) -{ - struct crypt_op cryp; - struct dev_crypto_state *state = EVP_MD_CTX_md_data(ctx); - struct session_op *sess = &state->d_sess; - - int ret = 1; - - if (!md || state->d_fd < 0) { - printf("cryptodev_digest_final: illegal input\n"); - return (0); - } - - if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT)) { - /* if application doesn't support one buffer */ - memset(&cryp, 0, sizeof(cryp)); - cryp.ses = sess->ses; - cryp.flags = 0; - cryp.len = state->mac_len; - cryp.src = state->mac_data; - cryp.dst = NULL; - cryp.mac = (caddr_t) md; - if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { - printf("cryptodev_digest_final: digest failed\n"); - return (0); - } - - return 1; - } - - memcpy(md, state->digest_res, EVP_MD_CTX_size(ctx)); - - return (ret); -} - -static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx) -{ - int ret = 1; - struct dev_crypto_state *state = EVP_MD_CTX_md_data(ctx); - struct session_op *sess = &state->d_sess; - - if (state == NULL) - return 0; - - if (state->d_fd < 0) { - printf("cryptodev_digest_cleanup: illegal input\n"); - return (0); - } - - OPENSSL_free(state->mac_data); - state->mac_data = NULL; - state->mac_len = 0; - - if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) { - printf("cryptodev_digest_cleanup: failed to close session\n"); - ret = 0; - } else { - ret = 1; - } - put_dev_crypto(state->d_fd); - state->d_fd = -1; - - return (ret); -} - -static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) -{ - struct dev_crypto_state *fstate = EVP_MD_CTX_md_data(from); - struct dev_crypto_state *dstate = EVP_MD_CTX_md_data(to); - struct session_op *sess; - int digest; - - if (dstate == NULL || fstate == NULL) - return 1; - - memcpy(dstate, fstate, sizeof(struct dev_crypto_state)); - - sess = &dstate->d_sess; - - digest = digest_nid_to_cryptodev(EVP_MD_CTX_type(to)); - - sess->mackey = dstate->dummy_mac_key; - sess->mackeylen = digest_key_length(EVP_MD_CTX_type(to)); - sess->mac = digest; - - dstate->d_fd = get_dev_crypto(); - - if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) { - put_dev_crypto(dstate->d_fd); - dstate->d_fd = -1; - printf("cryptodev_digest_copy: Open session failed\n"); - return (0); - } - - if (fstate->mac_len != 0) { - if (fstate->mac_data != NULL) { - dstate->mac_data = OPENSSL_malloc(fstate->mac_len); - if (dstate->mac_data == NULL) { - printf("cryptodev_digest_copy: mac_data allocation failed\n"); - return (0); - } - memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len); - dstate->mac_len = fstate->mac_len; - } - } - - return 1; -} - -static EVP_MD *sha1_md = NULL; -static const EVP_MD *cryptodev_sha1(void) -{ - if (sha1_md == NULL) { - EVP_MD *md; - - if ((md = EVP_MD_meth_new(NID_sha1, NID_undef)) == NULL - || !EVP_MD_meth_set_result_size(md, SHA_DIGEST_LENGTH) - || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_ONESHOT) - || !EVP_MD_meth_set_input_blocksize(md, SHA_CBLOCK) - || !EVP_MD_meth_set_app_datasize(md, - sizeof(struct dev_crypto_state)) - || !EVP_MD_meth_set_init(md, cryptodev_digest_init) - || !EVP_MD_meth_set_update(md, cryptodev_digest_update) - || !EVP_MD_meth_set_final(md, cryptodev_digest_final) - || !EVP_MD_meth_set_copy(md, cryptodev_digest_copy) - || !EVP_MD_meth_set_cleanup(md, cryptodev_digest_cleanup)) { - EVP_MD_meth_free(md); - md = NULL; - } - sha1_md = md; - } - return sha1_md; -} - -static EVP_MD *md5_md = NULL; -static const EVP_MD *cryptodev_md5(void) -{ - if (md5_md == NULL) { - EVP_MD *md; - - if ((md = EVP_MD_meth_new(NID_md5, NID_undef)) == NULL - || !EVP_MD_meth_set_result_size(md, 16 /* MD5_DIGEST_LENGTH */) - || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_ONESHOT) - || !EVP_MD_meth_set_input_blocksize(md, 64 /* MD5_CBLOCK */) - || !EVP_MD_meth_set_app_datasize(md, - sizeof(struct dev_crypto_state)) - || !EVP_MD_meth_set_init(md, cryptodev_digest_init) - || !EVP_MD_meth_set_update(md, cryptodev_digest_update) - || !EVP_MD_meth_set_final(md, cryptodev_digest_final) - || !EVP_MD_meth_set_copy(md, cryptodev_digest_copy) - || !EVP_MD_meth_set_cleanup(md, cryptodev_digest_cleanup)) { - EVP_MD_meth_free(md); - md = NULL; - } - md5_md = md; - } - return md5_md; -} - -# endif /* USE_CRYPTODEV_DIGESTS */ - -static int -cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, - const int **nids, int nid) -{ - if (!digest) - return (cryptodev_usable_digests(nids)); - - switch (nid) { -# ifdef USE_CRYPTODEV_DIGESTS - case NID_md5: - *digest = cryptodev_md5(); - break; - case NID_sha1: - *digest = cryptodev_sha1(); - break; - default: -# endif /* USE_CRYPTODEV_DIGESTS */ - *digest = NULL; - break; - } - return (*digest != NULL); -} - -static int cryptodev_engine_destroy(ENGINE *e) -{ - EVP_CIPHER_meth_free(rc4_cipher); - rc4_cipher = NULL; - EVP_CIPHER_meth_free(des_cbc_cipher); - des_cbc_cipher = NULL; - EVP_CIPHER_meth_free(des3_cbc_cipher); - des3_cbc_cipher = NULL; - EVP_CIPHER_meth_free(bf_cbc_cipher); - bf_cbc_cipher = NULL; - EVP_CIPHER_meth_free(cast_cbc_cipher); - cast_cbc_cipher = NULL; - EVP_CIPHER_meth_free(aes_cbc_cipher); - aes_cbc_cipher = NULL; - EVP_CIPHER_meth_free(aes_192_cbc_cipher); - aes_192_cbc_cipher = NULL; - EVP_CIPHER_meth_free(aes_256_cbc_cipher); - aes_256_cbc_cipher = NULL; -# ifdef CRYPTO_AES_CTR - EVP_CIPHER_meth_free(aes_ctr_cipher); - aes_ctr_cipher = NULL; - EVP_CIPHER_meth_free(aes_192_ctr_cipher); - aes_192_ctr_cipher = NULL; - EVP_CIPHER_meth_free(aes_256_ctr_cipher); - aes_256_ctr_cipher = NULL; -# endif -# ifdef USE_CRYPTODEV_DIGESTS - EVP_MD_meth_free(sha1_md); - sha1_md = NULL; - EVP_MD_meth_free(md5_md); - md5_md = NULL; -# endif - RSA_meth_free(cryptodev_rsa); - cryptodev_rsa = NULL; -#ifndef OPENSSL_NO_DSA - DSA_meth_free(cryptodev_dsa); - cryptodev_dsa = NULL; -#endif -#ifndef OPENSSL_NO_DH - DH_meth_free(cryptodev_dh); - cryptodev_dh = NULL; -#endif - return 1; -} - -/* - * Convert a BIGNUM to the representation that /dev/crypto needs. - * Upon completion of use, the caller is responsible for freeing - * crp->crp_p. - */ -static int bn2crparam(const BIGNUM *a, struct crparam *crp) -{ - ssize_t bytes, bits; - u_char *b; - - crp->crp_p = NULL; - crp->crp_nbits = 0; - - bits = BN_num_bits(a); - bytes = BN_num_bytes(a); - - b = OPENSSL_zalloc(bytes); - if (b == NULL) - return (1); - - crp->crp_p = (caddr_t) b; - crp->crp_nbits = bits; - - BN_bn2bin(a, b); - return (0); -} - -/* Convert a /dev/crypto parameter to a BIGNUM */ -static int crparam2bn(struct crparam *crp, BIGNUM *a) -{ - u_int8_t *pd; - int i, bytes; - - bytes = (crp->crp_nbits + 7) / 8; - - if (bytes == 0) - return (-1); - - if ((pd = OPENSSL_malloc(bytes)) == NULL) - return (-1); - - for (i = 0; i < bytes; i++) - pd[i] = crp->crp_p[bytes - i - 1]; - - BN_bin2bn(pd, bytes, a); - free(pd); - - return (0); -} - -static void zapparams(struct crypt_kop *kop) -{ - int i; - - for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) { - OPENSSL_free(kop->crk_param[i].crp_p); - kop->crk_param[i].crp_p = NULL; - kop->crk_param[i].crp_nbits = 0; - } -} - -static int -cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, - BIGNUM *s) -{ - int fd, ret = -1; - - if ((fd = get_asym_dev_crypto()) < 0) - return ret; - - if (r) { - kop->crk_param[kop->crk_iparams].crp_p = OPENSSL_zalloc(rlen); - if (kop->crk_param[kop->crk_iparams].crp_p == NULL) - return ret; - kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8; - kop->crk_oparams++; - } - if (s) { - kop->crk_param[kop->crk_iparams + 1].crp_p = - OPENSSL_zalloc(slen); - /* No need to free the kop->crk_iparams parameter if it was allocated, - * callers of this routine have to free allocated parameters through - * zapparams both in case of success and failure - */ - if (kop->crk_param[kop->crk_iparams+1].crp_p == NULL) - return ret; - kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8; - kop->crk_oparams++; - } - - if (ioctl(fd, CIOCKEY, kop) == 0) { - if (r) - crparam2bn(&kop->crk_param[kop->crk_iparams], r); - if (s) - crparam2bn(&kop->crk_param[kop->crk_iparams + 1], s); - ret = 0; - } - - return ret; -} - -static int -cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) -{ - struct crypt_kop kop; - int ret = 1; - - /* - * Currently, we know we can do mod exp iff we can do any asymmetric - * operations at all. - */ - if (cryptodev_asymfeat == 0) { - ret = BN_mod_exp(r, a, p, m, ctx); - return (ret); - } - - memset(&kop, 0, sizeof(kop)); - kop.crk_op = CRK_MOD_EXP; - - /* inputs: a^p % m */ - if (bn2crparam(a, &kop.crk_param[0])) - goto err; - if (bn2crparam(p, &kop.crk_param[1])) - goto err; - if (bn2crparam(m, &kop.crk_param[2])) - goto err; - kop.crk_iparams = 3; - - if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) { - const RSA_METHOD *meth = RSA_PKCS1_OpenSSL(); - printf("OCF asym process failed, Running in software\n"); - ret = RSA_meth_get_bn_mod_exp(meth)(r, a, p, m, ctx, in_mont); - - } else if (ECANCELED == kop.crk_status) { - const RSA_METHOD *meth = RSA_PKCS1_OpenSSL(); - printf("OCF hardware operation cancelled. Running in Software\n"); - ret = RSA_meth_get_bn_mod_exp(meth)(r, a, p, m, ctx, in_mont); - } - /* else cryptodev operation worked ok ==> ret = 1 */ - - err: - zapparams(&kop); - return (ret); -} - -static int -cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, - BN_CTX *ctx) -{ - int r; - const BIGNUM *n = NULL; - const BIGNUM *d = NULL; - - ctx = BN_CTX_new(); - RSA_get0_key(rsa, &n, NULL, &d); - r = cryptodev_bn_mod_exp(r0, I, d, n, ctx, NULL); - BN_CTX_free(ctx); - return (r); -} - -static int -cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) -{ - struct crypt_kop kop; - int ret = 1; - const BIGNUM *p = NULL; - const BIGNUM *q = NULL; - const BIGNUM *dmp1 = NULL; - const BIGNUM *dmq1 = NULL; - const BIGNUM *iqmp = NULL; - const BIGNUM *n = NULL; - - RSA_get0_factors(rsa, &p, &q); - RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp); - RSA_get0_key(rsa, &n, NULL, NULL); - - if (!p || !q || !dmp1 || !dmq1 || !iqmp) { - /* XXX 0 means failure?? */ - return (0); - } - - memset(&kop, 0, sizeof(kop)); - kop.crk_op = CRK_MOD_EXP_CRT; - /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */ - if (bn2crparam(p, &kop.crk_param[0])) - goto err; - if (bn2crparam(q, &kop.crk_param[1])) - goto err; - if (bn2crparam(I, &kop.crk_param[2])) - goto err; - if (bn2crparam(dmp1, &kop.crk_param[3])) - goto err; - if (bn2crparam(dmq1, &kop.crk_param[4])) - goto err; - if (bn2crparam(iqmp, &kop.crk_param[5])) - goto err; - kop.crk_iparams = 6; - - if (cryptodev_asym(&kop, BN_num_bytes(n), r0, 0, NULL)) { - const RSA_METHOD *meth = RSA_PKCS1_OpenSSL(); - printf("OCF asym process failed, running in Software\n"); - ret = RSA_meth_get_mod_exp(meth)(r0, I, rsa, ctx); - - } else if (ECANCELED == kop.crk_status) { - const RSA_METHOD *meth = RSA_PKCS1_OpenSSL(); - printf("OCF hardware operation cancelled. Running in Software\n"); - ret = RSA_meth_get_mod_exp(meth)(r0, I, rsa, ctx); - } - /* else cryptodev operation worked ok ==> ret = 1 */ - - err: - zapparams(&kop); - return (ret); -} - -#ifndef OPENSSL_NO_DSA -static int -cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) -{ - return cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx); -} - -static int -cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, const BIGNUM *g, - const BIGNUM *u1, const BIGNUM *pub_key, - const BIGNUM *u2, const BIGNUM *p, BN_CTX *ctx, - BN_MONT_CTX *mont) -{ - const BIGNUM *dsag, *dsap, *dsapub_key; - BIGNUM *t2; - int ret = 0; - const DSA_METHOD *meth; - int (*bn_mod_exp)(DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, - BN_CTX *, BN_MONT_CTX *); - - t2 = BN_new(); - if (t2 == NULL) - goto err; - - /* v = ( g^u1 * y^u2 mod p ) mod q */ - /* let t1 = g ^ u1 mod p */ - ret = 0; - - DSA_get0_pqg(dsa, &dsap, NULL, &dsag); - DSA_get0_key(dsa, &dsapub_key, NULL); - - meth = DSA_get_method(dsa); - if (meth == NULL) - goto err; - bn_mod_exp = DSA_meth_get_bn_mod_exp(meth); - if (bn_mod_exp == NULL) - goto err; - - if (!bn_mod_exp(dsa, t1, dsag, u1, dsap, ctx, mont)) - goto err; - - /* let t2 = y ^ u2 mod p */ - if (!bn_mod_exp(dsa, t2, dsapub_key, u2, dsap, ctx, mont)) - goto err; - /* let t1 = t1 * t2 mod p */ - if (!BN_mod_mul(t1, t1, t2, dsap, ctx)) - goto err; - - ret = 1; - err: - BN_free(t2); - return (ret); -} - -static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, - DSA *dsa) -{ - struct crypt_kop kop; - BIGNUM *r, *s; - const BIGNUM *dsap = NULL, *dsaq = NULL, *dsag = NULL; - const BIGNUM *priv_key = NULL; - DSA_SIG *dsasig, *dsaret = NULL; - - dsasig = DSA_SIG_new(); - if (dsasig == NULL) - goto err; - - memset(&kop, 0, sizeof(kop)); - kop.crk_op = CRK_DSA_SIGN; - - /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ - kop.crk_param[0].crp_p = (caddr_t) dgst; - kop.crk_param[0].crp_nbits = dlen * 8; - DSA_get0_pqg(dsa, &dsap, &dsaq, &dsag); - DSA_get0_key(dsa, NULL, &priv_key); - if (bn2crparam(dsap, &kop.crk_param[1])) - goto err; - if (bn2crparam(dsaq, &kop.crk_param[2])) - goto err; - if (bn2crparam(dsag, &kop.crk_param[3])) - goto err; - if (bn2crparam(priv_key, &kop.crk_param[4])) - goto err; - kop.crk_iparams = 5; - - r = BN_new(); - if (r == NULL) - goto err; - s = BN_new(); - if (s == NULL) - goto err; - if (cryptodev_asym(&kop, BN_num_bytes(dsaq), r, - BN_num_bytes(dsaq), s) == 0) { - DSA_SIG_set0(dsasig, r, s); - dsaret = dsasig; - } else { - dsaret = DSA_meth_get_sign(DSA_OpenSSL())(dgst, dlen, dsa); - } - err: - if (dsaret != dsasig) - DSA_SIG_free(dsasig); - kop.crk_param[0].crp_p = NULL; - zapparams(&kop); - return dsaret; -} - -static int -cryptodev_dsa_verify(const unsigned char *dgst, int dlen, - DSA_SIG *sig, DSA *dsa) -{ - struct crypt_kop kop; - int dsaret = 1; - const BIGNUM *pr, *ps, *p = NULL, *q = NULL, *g = NULL, *pub_key = NULL; - - memset(&kop, 0, sizeof(kop)); - kop.crk_op = CRK_DSA_VERIFY; - - /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ - kop.crk_param[0].crp_p = (caddr_t) dgst; - kop.crk_param[0].crp_nbits = dlen * 8; - DSA_get0_pqg(dsa, &p, &q, &g); - if (bn2crparam(p, &kop.crk_param[1])) - goto err; - if (bn2crparam(q, &kop.crk_param[2])) - goto err; - if (bn2crparam(g, &kop.crk_param[3])) - goto err; - DSA_get0_key(dsa, &pub_key, NULL); - if (bn2crparam(pub_key, &kop.crk_param[4])) - goto err; - DSA_SIG_get0(sig, &pr, &ps); - if (bn2crparam(pr, &kop.crk_param[5])) - goto err; - if (bn2crparam(ps, &kop.crk_param[6])) - goto err; - kop.crk_iparams = 7; - - if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { - /* - * OCF success value is 0, if not zero, change dsaret to fail - */ - if (0 != kop.crk_status) - dsaret = 0; - } else { - dsaret = DSA_meth_get_verify(DSA_OpenSSL())(dgst, dlen, sig, dsa); - } - err: - kop.crk_param[0].crp_p = NULL; - zapparams(&kop); - return (dsaret); -} -#endif - -#ifndef OPENSSL_NO_DH -static int -cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx) -{ - return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); -} - -static int -cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) -{ - struct crypt_kop kop; - int dhret = 1; - int fd, keylen; - const BIGNUM *p = NULL; - const BIGNUM *priv_key = NULL; - - if ((fd = get_asym_dev_crypto()) < 0) { - const DH_METHOD *meth = DH_OpenSSL(); - - return DH_meth_get_compute_key(meth)(key, pub_key, dh); - } - - DH_get0_pqg(dh, &p, NULL, NULL); - DH_get0_key(dh, NULL, &priv_key); - - keylen = BN_num_bits(p); - - memset(&kop, 0, sizeof(kop)); - kop.crk_op = CRK_DH_COMPUTE_KEY; - - /* inputs: dh->priv_key pub_key dh->p key */ - if (bn2crparam(priv_key, &kop.crk_param[0])) - goto err; - if (bn2crparam(pub_key, &kop.crk_param[1])) - goto err; - if (bn2crparam(p, &kop.crk_param[2])) - goto err; - kop.crk_iparams = 3; - - kop.crk_param[3].crp_p = (caddr_t) key; - kop.crk_param[3].crp_nbits = keylen * 8; - kop.crk_oparams = 1; - - if (ioctl(fd, CIOCKEY, &kop) == -1) { - const DH_METHOD *meth = DH_OpenSSL(); - - dhret = DH_meth_get_compute_key(meth)(key, pub_key, dh); - } - err: - kop.crk_param[3].crp_p = NULL; - zapparams(&kop); - return (dhret); -} - -#endif /* ndef OPENSSL_NO_DH */ - -/* - * ctrl right now is just a wrapper that doesn't do much - * but I expect we'll want some options soon. - */ -static int -cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) -{ -# ifdef HAVE_SYSLOG_R - struct syslog_data sd = SYSLOG_DATA_INIT; -# endif - - switch (cmd) { - default: -# ifdef HAVE_SYSLOG_R - syslog_r(LOG_ERR, &sd, "cryptodev_ctrl: unknown command %d", cmd); -# else - syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd); -# endif - break; - } - return (1); -} - -void engine_load_cryptodev_int(void) -{ - ENGINE *engine = ENGINE_new(); - int fd; - - if (engine == NULL) - return; - if ((fd = get_dev_crypto()) < 0) { - ENGINE_free(engine); - return; - } - - /* - * find out what asymmetric crypto algorithms we support - */ - if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) { - put_dev_crypto(fd); - ENGINE_free(engine); - return; - } - put_dev_crypto(fd); - - if (!ENGINE_set_id(engine, "cryptodev") || - !ENGINE_set_name(engine, "BSD cryptodev engine") || - !ENGINE_set_destroy_function(engine, cryptodev_engine_destroy) || - !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || - !ENGINE_set_digests(engine, cryptodev_engine_digests) || - !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) || - !ENGINE_set_cmd_defns(engine, cryptodev_defns)) { - ENGINE_free(engine); - return; - } - - cryptodev_rsa = RSA_meth_dup(RSA_PKCS1_OpenSSL()); - if (cryptodev_rsa != NULL) { - RSA_meth_set1_name(cryptodev_rsa, "cryptodev RSA method"); - RSA_meth_set_flags(cryptodev_rsa, 0); - if (ENGINE_set_RSA(engine, cryptodev_rsa)) { - if (cryptodev_asymfeat & CRF_MOD_EXP) { - RSA_meth_set_bn_mod_exp(cryptodev_rsa, cryptodev_bn_mod_exp); - if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) - RSA_meth_set_mod_exp(cryptodev_rsa, cryptodev_rsa_mod_exp); - else - RSA_meth_set_mod_exp(cryptodev_rsa, - cryptodev_rsa_nocrt_mod_exp); - } - } - } else { - ENGINE_free(engine); - return; - } - -#ifndef OPENSSL_NO_DSA - cryptodev_dsa = DSA_meth_dup(DSA_OpenSSL()); - if (cryptodev_dsa != NULL) { - DSA_meth_set1_name(cryptodev_dsa, "cryptodev DSA method"); - DSA_meth_set_flags(cryptodev_dsa, 0); - if (ENGINE_set_DSA(engine, cryptodev_dsa)) { - if (cryptodev_asymfeat & CRF_DSA_SIGN) - DSA_meth_set_sign(cryptodev_dsa, cryptodev_dsa_do_sign); - if (cryptodev_asymfeat & CRF_MOD_EXP) { - DSA_meth_set_bn_mod_exp(cryptodev_dsa, - cryptodev_dsa_bn_mod_exp); - DSA_meth_set_mod_exp(cryptodev_dsa, cryptodev_dsa_dsa_mod_exp); - } - if (cryptodev_asymfeat & CRF_DSA_VERIFY) - DSA_meth_set_verify(cryptodev_dsa, cryptodev_dsa_verify); - } - } else { - ENGINE_free(engine); - return; - } -#endif - -#ifndef OPENSSL_NO_DH - cryptodev_dh = DH_meth_dup(DH_OpenSSL()); - if (cryptodev_dh != NULL) { - DH_meth_set1_name(cryptodev_dh, "cryptodev DH method"); - DH_meth_set_flags(cryptodev_dh, 0); - if (ENGINE_set_DH(engine, cryptodev_dh)) { - if (cryptodev_asymfeat & CRF_MOD_EXP) { - DH_meth_set_bn_mod_exp(cryptodev_dh, cryptodev_mod_exp_dh); - if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) - DH_meth_set_compute_key(cryptodev_dh, - cryptodev_dh_compute_key); - } - } - } else { - ENGINE_free(engine); - return; - } -#endif - - ENGINE_add(engine); - ENGINE_free(engine); - ERR_clear_error(); -} - -#endif /* HAVE_CRYPTODEV */ diff --git a/deps/openssl/openssl/crypto/engine/eng_ctrl.c b/deps/openssl/openssl/crypto/engine/eng_ctrl.c index 7925f4fadfd453..3bc4aab16feda6 100644 --- a/deps/openssl/openssl/crypto/engine/eng_ctrl.c +++ b/deps/openssl/openssl/crypto/engine/eng_ctrl.c @@ -63,6 +63,8 @@ static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, { int idx; char *s = (char *)p; + const ENGINE_CMD_DEFN *cdp; + /* Take care of the easy one first (eg. it requires no searches) */ if (cmd == ENGINE_CTRL_GET_FIRST_CMD_TYPE) { if ((e->cmd_defns == NULL) || int_ctrl_cmd_is_null(e->cmd_defns)) @@ -91,39 +93,29 @@ static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, * For the rest of the commands, the 'long' argument must specify a valid * command number - so we need to conduct a search. */ - if ((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_num(e->cmd_defns, - (unsigned int) - i)) < 0)) { + if ((e->cmd_defns == NULL) + || ((idx = int_ctrl_cmd_by_num(e->cmd_defns, (unsigned int)i)) < 0)) { ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ENGINE_R_INVALID_CMD_NUMBER); return -1; } /* Now the logic splits depending on command type */ + cdp = &e->cmd_defns[idx]; switch (cmd) { case ENGINE_CTRL_GET_NEXT_CMD_TYPE: - idx++; - if (int_ctrl_cmd_is_null(e->cmd_defns + idx)) - /* end-of-list */ - return 0; - else - return e->cmd_defns[idx].cmd_num; + cdp++; + return int_ctrl_cmd_is_null(cdp) ? 0 : cdp->cmd_num; case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD: - return strlen(e->cmd_defns[idx].cmd_name); + return strlen(cdp->cmd_name); case ENGINE_CTRL_GET_NAME_FROM_CMD: - return BIO_snprintf(s, strlen(e->cmd_defns[idx].cmd_name) + 1, - "%s", e->cmd_defns[idx].cmd_name); + return strlen(strcpy(s, cdp->cmd_name)); case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD: - if (e->cmd_defns[idx].cmd_desc) - return strlen(e->cmd_defns[idx].cmd_desc); - return strlen(int_no_description); + return strlen(cdp->cmd_desc == NULL ? int_no_description + : cdp->cmd_desc); case ENGINE_CTRL_GET_DESC_FROM_CMD: - if (e->cmd_defns[idx].cmd_desc) - return BIO_snprintf(s, - strlen(e->cmd_defns[idx].cmd_desc) + 1, - "%s", e->cmd_defns[idx].cmd_desc); - return BIO_snprintf(s, strlen(int_no_description) + 1, "%s", - int_no_description); + return strlen(strcpy(s, cdp->cmd_desc == NULL ? int_no_description + : cdp->cmd_desc)); case ENGINE_CTRL_GET_CMD_FLAGS: - return e->cmd_defns[idx].cmd_flags; + return cdp->cmd_flags; } /* Shouldn't really be here ... */ ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ENGINE_R_INTERNAL_LIST_ERROR); diff --git a/deps/openssl/openssl/crypto/engine/eng_devcrypto.c b/deps/openssl/openssl/crypto/engine/eng_devcrypto.c new file mode 100644 index 00000000000000..4a0ba09a38bec1 --- /dev/null +++ b/deps/openssl/openssl/crypto/engine/eng_devcrypto.c @@ -0,0 +1,688 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "e_os.h" +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +#include "internal/engine.h" + +#ifdef CRYPTO_ALGORITHM_MIN +# define CHECK_BSD_STYLE_MACROS +#endif + +/* + * ONE global file descriptor for all sessions. This allows operations + * such as digest session data copying (see digest_copy()), but is also + * saner... why re-open /dev/crypto for every session? + */ +static int cfd; + +/****************************************************************************** + * + * Ciphers + * + * Because they all do the same basic operation, we have only one set of + * method functions for them all to share, and a mapping table between + * NIDs and cryptodev IDs, with all the necessary size data. + * + *****/ + +struct cipher_ctx { + struct session_op sess; + + /* to pass from init to do_cipher */ + const unsigned char *iv; + int op; /* COP_ENCRYPT or COP_DECRYPT */ +}; + +static const struct cipher_data_st { + int nid; + int blocksize; + int keylen; + int ivlen; + int flags; + int devcryptoid; +} cipher_data[] = { +#ifndef OPENSSL_NO_DES + { NID_des_cbc, 8, 8, 8, EVP_CIPH_CBC_MODE, CRYPTO_DES_CBC }, + { NID_des_ede3_cbc, 8, 24, 8, EVP_CIPH_CBC_MODE, CRYPTO_3DES_CBC }, +#endif +#ifndef OPENSSL_NO_BF + { NID_bf_cbc, 8, 16, 8, EVP_CIPH_CBC_MODE, CRYPTO_BLF_CBC }, +#endif +#ifndef OPENSSL_NO_CAST + { NID_cast5_cbc, 8, 16, 8, EVP_CIPH_CBC_MODE, CRYPTO_CAST_CBC }, +#endif + { NID_aes_128_cbc, 16, 128 / 8, 16, EVP_CIPH_CBC_MODE, CRYPTO_AES_CBC }, + { NID_aes_192_cbc, 16, 192 / 8, 16, EVP_CIPH_CBC_MODE, CRYPTO_AES_CBC }, + { NID_aes_256_cbc, 16, 256 / 8, 16, EVP_CIPH_CBC_MODE, CRYPTO_AES_CBC }, +#ifndef OPENSSL_NO_RC4 + { NID_rc4, 1, 16, 0, EVP_CIPH_STREAM_CIPHER, CRYPTO_ARC4 }, +#endif +#if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_AES_CTR) + { NID_aes_128_ctr, 16, 128 / 8, 16, EVP_CIPH_CTR_MODE, CRYPTO_AES_CTR }, + { NID_aes_192_ctr, 16, 192 / 8, 16, EVP_CIPH_CTR_MODE, CRYPTO_AES_CTR }, + { NID_aes_256_ctr, 16, 256 / 8, 16, EVP_CIPH_CTR_MODE, CRYPTO_AES_CTR }, +#endif +#if 0 /* Not yet supported */ + { NID_aes_128_xts, 16, 128 / 8 * 2, 16, EVP_CIPH_XTS_MODE, CRYPTO_AES_XTS }, + { NID_aes_256_xts, 16, 256 / 8 * 2, 16, EVP_CIPH_XTS_MODE, CRYPTO_AES_XTS }, +#endif +#if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_AES_ECB) + { NID_aes_128_ecb, 16, 128 / 8, 16, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB }, + { NID_aes_192_ecb, 16, 192 / 8, 16, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB }, + { NID_aes_256_ecb, 16, 256 / 8, 16, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB }, +#endif +#if 0 /* Not yet supported */ + { NID_aes_128_gcm, 16, 128 / 8, 16, EVP_CIPH_GCM_MODE, CRYPTO_AES_GCM }, + { NID_aes_192_gcm, 16, 192 / 8, 16, EVP_CIPH_GCM_MODE, CRYPTO_AES_GCM }, + { NID_aes_256_gcm, 16, 256 / 8, 16, EVP_CIPH_GCM_MODE, CRYPTO_AES_GCM }, +#endif +#ifndef OPENSSL_NO_CAMELLIA + { NID_camellia_128_cbc, 16, 128 / 8, 16, EVP_CIPH_CBC_MODE, + CRYPTO_CAMELLIA_CBC }, + { NID_camellia_192_cbc, 16, 192 / 8, 16, EVP_CIPH_CBC_MODE, + CRYPTO_CAMELLIA_CBC }, + { NID_camellia_256_cbc, 16, 256 / 8, 16, EVP_CIPH_CBC_MODE, + CRYPTO_CAMELLIA_CBC }, +#endif +}; + +static size_t get_cipher_data_index(int nid) +{ + size_t i; + + for (i = 0; i < OSSL_NELEM(cipher_data); i++) + if (nid == cipher_data[i].nid) + return i; + + /* + * Code further down must make sure that only NIDs in the table above + * are used. If any other NID reaches this function, there's a grave + * coding error further down. + */ + assert("Code that never should be reached" == NULL); + return -1; +} + +static const struct cipher_data_st *get_cipher_data(int nid) +{ + return &cipher_data[get_cipher_data_index(nid)]; +} + +/* + * Following are the three necessary functions to map OpenSSL functionality + * with cryptodev. + */ + +static int cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + struct cipher_ctx *cipher_ctx = + (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); + const struct cipher_data_st *cipher_d = + get_cipher_data(EVP_CIPHER_CTX_nid(ctx)); + + memset(&cipher_ctx->sess, 0, sizeof(cipher_ctx->sess)); + cipher_ctx->sess.cipher = cipher_d->devcryptoid; + cipher_ctx->sess.keylen = cipher_d->keylen; + cipher_ctx->sess.key = (void *)key; + cipher_ctx->op = enc ? COP_ENCRYPT : COP_DECRYPT; + if (ioctl(cfd, CIOCGSESSION, &cipher_ctx->sess) < 0) { + SYSerr(SYS_F_IOCTL, errno); + return 0; + } + + return 1; +} + +static int cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) +{ + struct cipher_ctx *cipher_ctx = + (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); + struct crypt_op cryp; +#if !defined(COP_FLAG_WRITE_IV) + unsigned char saved_iv[EVP_MAX_IV_LENGTH]; +#endif + + memset(&cryp, 0, sizeof(cryp)); + cryp.ses = cipher_ctx->sess.ses; + cryp.len = inl; + cryp.src = (void *)in; + cryp.dst = (void *)out; + cryp.iv = (void *)EVP_CIPHER_CTX_iv_noconst(ctx); + cryp.op = cipher_ctx->op; +#if !defined(COP_FLAG_WRITE_IV) + cryp.flags = 0; + + if (EVP_CIPHER_CTX_iv_length(ctx) > 0) { + assert(inl >= EVP_CIPHER_CTX_iv_length(ctx)); + if (!EVP_CIPHER_CTX_encrypting(ctx)) { + unsigned char *ivptr = in + inl - EVP_CIPHER_CTX_iv_length(ctx); + + memcpy(saved_iv, ivptr, EVP_CIPHER_CTX_iv_length(ctx)); + } + } +#else + cryp.flags = COP_FLAG_WRITE_IV; +#endif + + if (ioctl(cfd, CIOCCRYPT, &cryp) < 0) { + SYSerr(SYS_F_IOCTL, errno); + return 0; + } + +#if !defined(COP_FLAG_WRITE_IV) + if (EVP_CIPHER_CTX_iv_length(ctx) > 0) { + unsigned char *ivptr = saved_iv; + + assert(inl >= EVP_CIPHER_CTX_iv_length(ctx)); + if (!EVP_CIPHER_CTX_encrypting(ctx)) + ivptr = out + inl - EVP_CIPHER_CTX_iv_length(ctx); + + memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), ivptr, + EVP_CIPHER_CTX_iv_length(ctx)); + } +#endif + + return 1; +} + +static int cipher_cleanup(EVP_CIPHER_CTX *ctx) +{ + struct cipher_ctx *cipher_ctx = + (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); + + if (ioctl(cfd, CIOCFSESSION, &cipher_ctx->sess.ses) < 0) { + SYSerr(SYS_F_IOCTL, errno); + return 0; + } + + return 1; +} + +/* + * Keep a table of known nids and associated methods. + * Note that known_cipher_nids[] isn't necessarily indexed the same way as + * cipher_data[] above, which known_cipher_methods[] is. + */ +static int known_cipher_nids[OSSL_NELEM(cipher_data)]; +static int known_cipher_nids_amount = -1; /* -1 indicates not yet initialised */ +static EVP_CIPHER *known_cipher_methods[OSSL_NELEM(cipher_data)] = { NULL, }; + +static void prepare_cipher_methods(void) +{ + size_t i; + struct session_op sess; + + memset(&sess, 0, sizeof(sess)); + sess.key = (void *)"01234567890123456789012345678901234567890123456789"; + + for (i = 0, known_cipher_nids_amount = 0; + i < OSSL_NELEM(cipher_data); i++) { + + /* + * Check that the algo is really availably by trying to open and close + * a session. + */ + sess.cipher = cipher_data[i].devcryptoid; + sess.keylen = cipher_data[i].keylen; + if (ioctl(cfd, CIOCGSESSION, &sess) < 0 + || ioctl(cfd, CIOCFSESSION, &sess.ses) < 0) + continue; + + if ((known_cipher_methods[i] = + EVP_CIPHER_meth_new(cipher_data[i].nid, + cipher_data[i].blocksize, + cipher_data[i].keylen)) == NULL + || !EVP_CIPHER_meth_set_iv_length(known_cipher_methods[i], + cipher_data[i].ivlen) + || !EVP_CIPHER_meth_set_flags(known_cipher_methods[i], + cipher_data[i].flags + | EVP_CIPH_FLAG_DEFAULT_ASN1) + || !EVP_CIPHER_meth_set_init(known_cipher_methods[i], cipher_init) + || !EVP_CIPHER_meth_set_do_cipher(known_cipher_methods[i], + cipher_do_cipher) + || !EVP_CIPHER_meth_set_cleanup(known_cipher_methods[i], + cipher_cleanup) + || !EVP_CIPHER_meth_set_impl_ctx_size(known_cipher_methods[i], + sizeof(struct cipher_ctx))) { + EVP_CIPHER_meth_free(known_cipher_methods[i]); + known_cipher_methods[i] = NULL; + } else { + known_cipher_nids[known_cipher_nids_amount++] = + cipher_data[i].nid; + } + } +} + +static const EVP_CIPHER *get_cipher_method(int nid) +{ + size_t i = get_cipher_data_index(nid); + + if (i == (size_t)-1) + return NULL; + return known_cipher_methods[i]; +} + +static int get_cipher_nids(const int **nids) +{ + *nids = known_cipher_nids; + return known_cipher_nids_amount; +} + +static void destroy_cipher_method(int nid) +{ + size_t i = get_cipher_data_index(nid); + + EVP_CIPHER_meth_free(known_cipher_methods[i]); + known_cipher_methods[i] = NULL; +} + +static void destroy_all_cipher_methods(void) +{ + size_t i; + + for (i = 0; i < OSSL_NELEM(cipher_data); i++) + destroy_cipher_method(cipher_data[i].nid); +} + +static int devcrypto_ciphers(ENGINE *e, const EVP_CIPHER **cipher, + const int **nids, int nid) +{ + if (cipher == NULL) + return get_cipher_nids(nids); + + *cipher = get_cipher_method(nid); + + return *cipher != NULL; +} + +/* + * We only support digests if the cryptodev implementation supports multiple + * data updates and session copying. Otherwise, we would be forced to maintain + * a cache, which is perilous if there's a lot of data coming in (if someone + * wants to checksum an OpenSSL tarball, for example). + */ +#if defined(CIOCCPHASH) && defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL) +#define IMPLEMENT_DIGEST + +/****************************************************************************** + * + * Digests + * + * Because they all do the same basic operation, we have only one set of + * method functions for them all to share, and a mapping table between + * NIDs and cryptodev IDs, with all the necessary size data. + * + *****/ + +struct digest_ctx { + struct session_op sess; + int init; +}; + +static const struct digest_data_st { + int nid; + int digestlen; + int devcryptoid; +} digest_data[] = { +#ifndef OPENSSL_NO_MD5 + { NID_md5, 16, CRYPTO_MD5 }, +#endif + { NID_sha1, 20, CRYPTO_SHA1 }, +#ifndef OPENSSL_NO_RMD160 +# if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_RIPEMD160) + { NID_ripemd160, 20, CRYPTO_RIPEMD160 }, +# endif +#endif +#if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_224) + { NID_sha224, 224 / 8, CRYPTO_SHA2_224 }, +#endif +#if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_256) + { NID_sha256, 256 / 8, CRYPTO_SHA2_256 }, +#endif +#if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_384) + { NID_sha384, 384 / 8, CRYPTO_SHA2_384 }, +#endif +#if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_512) + { NID_sha512, 512 / 8, CRYPTO_SHA2_512 }, +#endif +}; + +static size_t get_digest_data_index(int nid) +{ + size_t i; + + for (i = 0; i < OSSL_NELEM(digest_data); i++) + if (nid == digest_data[i].nid) + return i; + + /* + * Code further down must make sure that only NIDs in the table above + * are used. If any other NID reaches this function, there's a grave + * coding error further down. + */ + assert("Code that never should be reached" == NULL); + return -1; +} + +static const struct digest_data_st *get_digest_data(int nid) +{ + return &digest_data[get_digest_data_index(nid)]; +} + +/* + * Following are the four necessary functions to map OpenSSL functionality + * with cryptodev. + */ + +static int digest_init(EVP_MD_CTX *ctx) +{ + struct digest_ctx *digest_ctx = + (struct digest_ctx *)EVP_MD_CTX_md_data(ctx); + const struct digest_data_st *digest_d = + get_digest_data(EVP_MD_CTX_type(ctx)); + + digest_ctx->init = 1; + + memset(&digest_ctx->sess, 0, sizeof(digest_ctx->sess)); + digest_ctx->sess.mac = digest_d->devcryptoid; + if (ioctl(cfd, CIOCGSESSION, &digest_ctx->sess) < 0) { + SYSerr(SYS_F_IOCTL, errno); + return 0; + } + + return 1; +} + +static int digest_op(struct digest_ctx *ctx, const void *src, size_t srclen, + void *res, unsigned int flags) +{ + struct crypt_op cryp; + + memset(&cryp, 0, sizeof(cryp)); + cryp.ses = ctx->sess.ses; + cryp.len = srclen; + cryp.src = (void *)src; + cryp.dst = NULL; + cryp.mac = res; + cryp.flags = flags; + return ioctl(cfd, CIOCCRYPT, &cryp); +} + +static int digest_update(EVP_MD_CTX *ctx, const void *data, size_t count) +{ + struct digest_ctx *digest_ctx = + (struct digest_ctx *)EVP_MD_CTX_md_data(ctx); + + if (count == 0) + return 1; + + if (digest_op(digest_ctx, data, count, NULL, COP_FLAG_UPDATE) < 0) { + SYSerr(SYS_F_IOCTL, errno); + return 0; + } + + return 1; +} + +static int digest_final(EVP_MD_CTX *ctx, unsigned char *md) +{ + struct digest_ctx *digest_ctx = + (struct digest_ctx *)EVP_MD_CTX_md_data(ctx); + + if (digest_op(digest_ctx, NULL, 0, md, COP_FLAG_FINAL) < 0) { + SYSerr(SYS_F_IOCTL, errno); + return 0; + } + if (ioctl(cfd, CIOCFSESSION, &digest_ctx->sess.ses) < 0) { + SYSerr(SYS_F_IOCTL, errno); + return 0; + } + + return 1; +} + +static int digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) +{ + struct digest_ctx *digest_from = + (struct digest_ctx *)EVP_MD_CTX_md_data(from); + struct digest_ctx *digest_to = + (struct digest_ctx *)EVP_MD_CTX_md_data(to); + struct cphash_op cphash; + + if (digest_from == NULL) + return 1; + + if (digest_from->init != 1) { + SYSerr(SYS_F_IOCTL, EINVAL); + return 0; + } + + if (!digest_init(to)) { + SYSerr(SYS_F_IOCTL, errno); + return 0; + } + + cphash.src_ses = digest_from->sess.ses; + cphash.dst_ses = digest_to->sess.ses; + if (ioctl(cfd, CIOCCPHASH, &cphash) < 0) { + SYSerr(SYS_F_IOCTL, errno); + return 0; + } + return 1; +} + +static int digest_cleanup(EVP_MD_CTX *ctx) +{ + return 1; +} + +/* + * Keep a table of known nids and associated methods. + * Note that known_digest_nids[] isn't necessarily indexed the same way as + * digest_data[] above, which known_digest_methods[] is. + */ +static int known_digest_nids[OSSL_NELEM(digest_data)]; +static int known_digest_nids_amount = -1; /* -1 indicates not yet initialised */ +static EVP_MD *known_digest_methods[OSSL_NELEM(digest_data)] = { NULL, }; + +static void prepare_digest_methods(void) +{ + size_t i; + struct session_op sess; + + memset(&sess, 0, sizeof(sess)); + + for (i = 0, known_digest_nids_amount = 0; i < OSSL_NELEM(digest_data); + i++) { + + /* + * Check that the algo is really availably by trying to open and close + * a session. + */ + sess.mac = digest_data[i].devcryptoid; + if (ioctl(cfd, CIOCGSESSION, &sess) < 0 + || ioctl(cfd, CIOCFSESSION, &sess.ses) < 0) + continue; + + if ((known_digest_methods[i] = EVP_MD_meth_new(digest_data[i].nid, + NID_undef)) == NULL + || !EVP_MD_meth_set_result_size(known_digest_methods[i], + digest_data[i].digestlen) + || !EVP_MD_meth_set_init(known_digest_methods[i], digest_init) + || !EVP_MD_meth_set_update(known_digest_methods[i], digest_update) + || !EVP_MD_meth_set_final(known_digest_methods[i], digest_final) + || !EVP_MD_meth_set_copy(known_digest_methods[i], digest_copy) + || !EVP_MD_meth_set_cleanup(known_digest_methods[i], digest_cleanup) + || !EVP_MD_meth_set_app_datasize(known_digest_methods[i], + sizeof(struct digest_ctx))) { + EVP_MD_meth_free(known_digest_methods[i]); + known_digest_methods[i] = NULL; + } else { + known_digest_nids[known_digest_nids_amount++] = digest_data[i].nid; + } + } +} + +static const EVP_MD *get_digest_method(int nid) +{ + size_t i = get_digest_data_index(nid); + + if (i == (size_t)-1) + return NULL; + return known_digest_methods[i]; +} + +static int get_digest_nids(const int **nids) +{ + *nids = known_digest_nids; + return known_digest_nids_amount; +} + +static void destroy_digest_method(int nid) +{ + size_t i = get_digest_data_index(nid); + + EVP_MD_meth_free(known_digest_methods[i]); + known_digest_methods[i] = NULL; +} + +static void destroy_all_digest_methods(void) +{ + size_t i; + + for (i = 0; i < OSSL_NELEM(digest_data); i++) + destroy_digest_method(digest_data[i].nid); +} + +static int devcrypto_digests(ENGINE *e, const EVP_MD **digest, + const int **nids, int nid) +{ + if (digest == NULL) + return get_digest_nids(nids); + + *digest = get_digest_method(nid); + + return *digest != NULL; +} + +#endif + +/****************************************************************************** + * + * LOAD / UNLOAD + * + *****/ + +static int devcrypto_unload(ENGINE *e) +{ + destroy_all_cipher_methods(); +#ifdef IMPLEMENT_DIGEST + destroy_all_digest_methods(); +#endif + + close(cfd); + + return 1; +} +/* + * This engine is always built into libcrypto, so it doesn't offer any + * ability to be dynamically loadable. + */ +void engine_load_devcrypto_int() +{ + ENGINE *e = NULL; + + if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0) { + fprintf(stderr, "Could not open /dev/crypto: %s\n", strerror(errno)); + return; + } + + prepare_cipher_methods(); +#ifdef IMPLEMENT_DIGEST + prepare_digest_methods(); +#endif + + if ((e = ENGINE_new()) == NULL + || !ENGINE_set_destroy_function(e, devcrypto_unload)) { + ENGINE_free(e); + /* + * We know that devcrypto_unload() won't be called when one of the + * above two calls have failed, so we close cfd explicitly here to + * avoid leaking resources. + */ + close(cfd); + return; + } + + if (!ENGINE_set_id(e, "devcrypto") + || !ENGINE_set_name(e, "/dev/crypto engine") + +/* + * Asymmetric ciphers aren't well supported with /dev/crypto. Among the BSD + * implementations, it seems to only exist in FreeBSD, and regarding the + * parameters in its crypt_kop, the manual crypto(4) has this to say: + * + * The semantics of these arguments are currently undocumented. + * + * Reading through the FreeBSD source code doesn't give much more than + * their CRK_MOD_EXP implementation for ubsec. + * + * It doesn't look much better with cryptodev-linux. They have the crypt_kop + * structure as well as the command (CRK_*) in cryptodev.h, but no support + * seems to be implemented at all for the moment. + * + * At the time of writing, it seems impossible to write proper support for + * FreeBSD's asym features without some very deep knowledge and access to + * specific kernel modules. + * + * /Richard Levitte, 2017-05-11 + */ +#if 0 +# ifndef OPENSSL_NO_RSA + || !ENGINE_set_RSA(e, devcrypto_rsa) +# endif +# ifndef OPENSSL_NO_DSA + || !ENGINE_set_DSA(e, devcrypto_dsa) +# endif +# ifndef OPENSSL_NO_DH + || !ENGINE_set_DH(e, devcrypto_dh) +# endif +# ifndef OPENSSL_NO_EC + || !ENGINE_set_EC(e, devcrypto_ec) +# endif +#endif + || !ENGINE_set_ciphers(e, devcrypto_ciphers) +#ifdef IMPLEMENT_DIGEST + || !ENGINE_set_digests(e, devcrypto_digests) +#endif + ) { + ENGINE_free(e); + return; + } + + ENGINE_add(e); + ENGINE_free(e); /* Loose our local reference */ + ERR_clear_error(); +} diff --git a/deps/openssl/openssl/crypto/engine/eng_err.c b/deps/openssl/openssl/crypto/engine/eng_err.c index 5e9d16f3cd7e9f..bd1aefa185ecb4 100644 --- a/deps/openssl/openssl/crypto/engine/eng_err.c +++ b/deps/openssl/openssl/crypto/engine/eng_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,103 +8,135 @@ * https://www.openssl.org/source/license.html */ -#include #include -#include +#include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -# define ERR_FUNC(func) ERR_PACK(ERR_LIB_ENGINE,func,0) -# define ERR_REASON(reason) ERR_PACK(ERR_LIB_ENGINE,0,reason) - -static ERR_STRING_DATA ENGINE_str_functs[] = { - {ERR_FUNC(ENGINE_F_DYNAMIC_CTRL), "dynamic_ctrl"}, - {ERR_FUNC(ENGINE_F_DYNAMIC_GET_DATA_CTX), "dynamic_get_data_ctx"}, - {ERR_FUNC(ENGINE_F_DYNAMIC_LOAD), "dynamic_load"}, - {ERR_FUNC(ENGINE_F_DYNAMIC_SET_DATA_CTX), "dynamic_set_data_ctx"}, - {ERR_FUNC(ENGINE_F_ENGINE_ADD), "ENGINE_add"}, - {ERR_FUNC(ENGINE_F_ENGINE_BY_ID), "ENGINE_by_id"}, - {ERR_FUNC(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE), "ENGINE_cmd_is_executable"}, - {ERR_FUNC(ENGINE_F_ENGINE_CTRL), "ENGINE_ctrl"}, - {ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD), "ENGINE_ctrl_cmd"}, - {ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD_STRING), "ENGINE_ctrl_cmd_string"}, - {ERR_FUNC(ENGINE_F_ENGINE_FINISH), "ENGINE_finish"}, - {ERR_FUNC(ENGINE_F_ENGINE_GET_CIPHER), "ENGINE_get_cipher"}, - {ERR_FUNC(ENGINE_F_ENGINE_GET_DIGEST), "ENGINE_get_digest"}, - {ERR_FUNC(ENGINE_F_ENGINE_GET_FIRST), "ENGINE_get_first"}, - {ERR_FUNC(ENGINE_F_ENGINE_GET_LAST), "ENGINE_get_last"}, - {ERR_FUNC(ENGINE_F_ENGINE_GET_NEXT), "ENGINE_get_next"}, - {ERR_FUNC(ENGINE_F_ENGINE_GET_PKEY_ASN1_METH), +static const ERR_STRING_DATA ENGINE_str_functs[] = { + {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_DIGEST_UPDATE, 0), "digest_update"}, + {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_DYNAMIC_CTRL, 0), "dynamic_ctrl"}, + {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_DYNAMIC_GET_DATA_CTX, 0), + "dynamic_get_data_ctx"}, + {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_DYNAMIC_LOAD, 0), "dynamic_load"}, + {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_DYNAMIC_SET_DATA_CTX, 0), + "dynamic_set_data_ctx"}, + {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_ADD, 0), "ENGINE_add"}, + {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_BY_ID, 0), "ENGINE_by_id"}, + {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_CMD_IS_EXECUTABLE, 0), + "ENGINE_cmd_is_executable"}, + {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_CTRL, 0), "ENGINE_ctrl"}, + {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_CTRL_CMD, 0), "ENGINE_ctrl_cmd"}, + {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_CTRL_CMD_STRING, 0), + "ENGINE_ctrl_cmd_string"}, + {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_FINISH, 0), "ENGINE_finish"}, + {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_CIPHER, 0), + "ENGINE_get_cipher"}, + {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_DIGEST, 0), + "ENGINE_get_digest"}, + {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_FIRST, 0), + "ENGINE_get_first"}, + {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_LAST, 0), "ENGINE_get_last"}, + {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_NEXT, 0), "ENGINE_get_next"}, + {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_PKEY_ASN1_METH, 0), "ENGINE_get_pkey_asn1_meth"}, - {ERR_FUNC(ENGINE_F_ENGINE_GET_PKEY_METH), "ENGINE_get_pkey_meth"}, - {ERR_FUNC(ENGINE_F_ENGINE_GET_PREV), "ENGINE_get_prev"}, - {ERR_FUNC(ENGINE_F_ENGINE_INIT), "ENGINE_init"}, - {ERR_FUNC(ENGINE_F_ENGINE_LIST_ADD), "engine_list_add"}, - {ERR_FUNC(ENGINE_F_ENGINE_LIST_REMOVE), "engine_list_remove"}, - {ERR_FUNC(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY), "ENGINE_load_private_key"}, - {ERR_FUNC(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY), "ENGINE_load_public_key"}, - {ERR_FUNC(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT), + {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_PKEY_METH, 0), + "ENGINE_get_pkey_meth"}, + {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_PREV, 0), "ENGINE_get_prev"}, + {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_INIT, 0), "ENGINE_init"}, + {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_LIST_ADD, 0), "engine_list_add"}, + {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_LIST_REMOVE, 0), + "engine_list_remove"}, + {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, 0), + "ENGINE_load_private_key"}, + {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, 0), + "ENGINE_load_public_key"}, + {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT, 0), "ENGINE_load_ssl_client_cert"}, - {ERR_FUNC(ENGINE_F_ENGINE_NEW), "ENGINE_new"}, - {ERR_FUNC(ENGINE_F_ENGINE_PKEY_ASN1_FIND_STR), + {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_NEW, 0), "ENGINE_new"}, + {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_PKEY_ASN1_FIND_STR, 0), "ENGINE_pkey_asn1_find_str"}, - {ERR_FUNC(ENGINE_F_ENGINE_REMOVE), "ENGINE_remove"}, - {ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_STRING), + {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_REMOVE, 0), "ENGINE_remove"}, + {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_SET_DEFAULT_STRING, 0), "ENGINE_set_default_string"}, - {ERR_FUNC(ENGINE_F_ENGINE_SET_ID), "ENGINE_set_id"}, - {ERR_FUNC(ENGINE_F_ENGINE_SET_NAME), "ENGINE_set_name"}, - {ERR_FUNC(ENGINE_F_ENGINE_TABLE_REGISTER), "engine_table_register"}, - {ERR_FUNC(ENGINE_F_ENGINE_UNLOCKED_FINISH), "engine_unlocked_finish"}, - {ERR_FUNC(ENGINE_F_ENGINE_UP_REF), "ENGINE_up_ref"}, - {ERR_FUNC(ENGINE_F_INT_CTRL_HELPER), "int_ctrl_helper"}, - {ERR_FUNC(ENGINE_F_INT_ENGINE_CONFIGURE), "int_engine_configure"}, - {ERR_FUNC(ENGINE_F_INT_ENGINE_MODULE_INIT), "int_engine_module_init"}, + {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_SET_ID, 0), "ENGINE_set_id"}, + {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_SET_NAME, 0), "ENGINE_set_name"}, + {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_TABLE_REGISTER, 0), + "engine_table_register"}, + {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_UNLOCKED_FINISH, 0), + "engine_unlocked_finish"}, + {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_UP_REF, 0), "ENGINE_up_ref"}, + {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_INT_CLEANUP_ITEM, 0), + "int_cleanup_item"}, + {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_INT_CTRL_HELPER, 0), "int_ctrl_helper"}, + {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_INT_ENGINE_CONFIGURE, 0), + "int_engine_configure"}, + {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_INT_ENGINE_MODULE_INIT, 0), + "int_engine_module_init"}, + {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_OSSL_HMAC_INIT, 0), "ossl_hmac_init"}, {0, NULL} }; -static ERR_STRING_DATA ENGINE_str_reasons[] = { - {ERR_REASON(ENGINE_R_ALREADY_LOADED), "already loaded"}, - {ERR_REASON(ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER), - "argument is not a number"}, - {ERR_REASON(ENGINE_R_CMD_NOT_EXECUTABLE), "cmd not executable"}, - {ERR_REASON(ENGINE_R_COMMAND_TAKES_INPUT), "command takes input"}, - {ERR_REASON(ENGINE_R_COMMAND_TAKES_NO_INPUT), "command takes no input"}, - {ERR_REASON(ENGINE_R_CONFLICTING_ENGINE_ID), "conflicting engine id"}, - {ERR_REASON(ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED), - "ctrl command not implemented"}, - {ERR_REASON(ENGINE_R_DSO_FAILURE), "DSO failure"}, - {ERR_REASON(ENGINE_R_DSO_NOT_FOUND), "dso not found"}, - {ERR_REASON(ENGINE_R_ENGINES_SECTION_ERROR), "engines section error"}, - {ERR_REASON(ENGINE_R_ENGINE_CONFIGURATION_ERROR), - "engine configuration error"}, - {ERR_REASON(ENGINE_R_ENGINE_IS_NOT_IN_LIST), "engine is not in the list"}, - {ERR_REASON(ENGINE_R_ENGINE_SECTION_ERROR), "engine section error"}, - {ERR_REASON(ENGINE_R_FAILED_LOADING_PRIVATE_KEY), - "failed loading private key"}, - {ERR_REASON(ENGINE_R_FAILED_LOADING_PUBLIC_KEY), - "failed loading public key"}, - {ERR_REASON(ENGINE_R_FINISH_FAILED), "finish failed"}, - {ERR_REASON(ENGINE_R_ID_OR_NAME_MISSING), "'id' or 'name' missing"}, - {ERR_REASON(ENGINE_R_INIT_FAILED), "init failed"}, - {ERR_REASON(ENGINE_R_INTERNAL_LIST_ERROR), "internal list error"}, - {ERR_REASON(ENGINE_R_INVALID_ARGUMENT), "invalid argument"}, - {ERR_REASON(ENGINE_R_INVALID_CMD_NAME), "invalid cmd name"}, - {ERR_REASON(ENGINE_R_INVALID_CMD_NUMBER), "invalid cmd number"}, - {ERR_REASON(ENGINE_R_INVALID_INIT_VALUE), "invalid init value"}, - {ERR_REASON(ENGINE_R_INVALID_STRING), "invalid string"}, - {ERR_REASON(ENGINE_R_NOT_INITIALISED), "not initialised"}, - {ERR_REASON(ENGINE_R_NOT_LOADED), "not loaded"}, - {ERR_REASON(ENGINE_R_NO_CONTROL_FUNCTION), "no control function"}, - {ERR_REASON(ENGINE_R_NO_INDEX), "no index"}, - {ERR_REASON(ENGINE_R_NO_LOAD_FUNCTION), "no load function"}, - {ERR_REASON(ENGINE_R_NO_REFERENCE), "no reference"}, - {ERR_REASON(ENGINE_R_NO_SUCH_ENGINE), "no such engine"}, - {ERR_REASON(ENGINE_R_UNIMPLEMENTED_CIPHER), "unimplemented cipher"}, - {ERR_REASON(ENGINE_R_UNIMPLEMENTED_DIGEST), "unimplemented digest"}, - {ERR_REASON(ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD), - "unimplemented public key method"}, - {ERR_REASON(ENGINE_R_VERSION_INCOMPATIBILITY), "version incompatibility"}, +static const ERR_STRING_DATA ENGINE_str_reasons[] = { + {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ALREADY_LOADED), "already loaded"}, + {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER), + "argument is not a number"}, + {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_CMD_NOT_EXECUTABLE), + "cmd not executable"}, + {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_COMMAND_TAKES_INPUT), + "command takes input"}, + {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_COMMAND_TAKES_NO_INPUT), + "command takes no input"}, + {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_CONFLICTING_ENGINE_ID), + "conflicting engine id"}, + {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED), + "ctrl command not implemented"}, + {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_DSO_FAILURE), "DSO failure"}, + {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_DSO_NOT_FOUND), "dso not found"}, + {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ENGINES_SECTION_ERROR), + "engines section error"}, + {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ENGINE_CONFIGURATION_ERROR), + "engine configuration error"}, + {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ENGINE_IS_NOT_IN_LIST), + "engine is not in the list"}, + {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ENGINE_SECTION_ERROR), + "engine section error"}, + {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_FAILED_LOADING_PRIVATE_KEY), + "failed loading private key"}, + {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_FAILED_LOADING_PUBLIC_KEY), + "failed loading public key"}, + {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_FINISH_FAILED), "finish failed"}, + {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ID_OR_NAME_MISSING), + "'id' or 'name' missing"}, + {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INIT_FAILED), "init failed"}, + {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INTERNAL_LIST_ERROR), + "internal list error"}, + {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_ARGUMENT), + "invalid argument"}, + {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_CMD_NAME), + "invalid cmd name"}, + {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_CMD_NUMBER), + "invalid cmd number"}, + {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_INIT_VALUE), + "invalid init value"}, + {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_STRING), "invalid string"}, + {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NOT_INITIALISED), "not initialised"}, + {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NOT_LOADED), "not loaded"}, + {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_CONTROL_FUNCTION), + "no control function"}, + {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_INDEX), "no index"}, + {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_LOAD_FUNCTION), + "no load function"}, + {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_REFERENCE), "no reference"}, + {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_SUCH_ENGINE), "no such engine"}, + {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_UNIMPLEMENTED_CIPHER), + "unimplemented cipher"}, + {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_UNIMPLEMENTED_DIGEST), + "unimplemented digest"}, + {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD), + "unimplemented public key method"}, + {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_VERSION_INCOMPATIBILITY), + "version incompatibility"}, {0, NULL} }; @@ -113,10 +145,9 @@ static ERR_STRING_DATA ENGINE_str_reasons[] = { int ERR_load_ENGINE_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(ENGINE_str_functs[0].error) == NULL) { - ERR_load_strings(0, ENGINE_str_functs); - ERR_load_strings(0, ENGINE_str_reasons); + ERR_load_strings_const(ENGINE_str_functs); + ERR_load_strings_const(ENGINE_str_reasons); } #endif return 1; diff --git a/deps/openssl/openssl/crypto/engine/eng_fat.c b/deps/openssl/openssl/crypto/engine/eng_fat.c index 5cb81874292576..591fddc8e4fb6c 100644 --- a/deps/openssl/openssl/crypto/engine/eng_fat.c +++ b/deps/openssl/openssl/crypto/engine/eng_fat.c @@ -1,5 +1,6 @@ /* * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,12 +8,6 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECDH support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ - #include "eng_int.h" #include diff --git a/deps/openssl/openssl/crypto/engine/eng_init.c b/deps/openssl/openssl/crypto/engine/eng_init.c index 8be7c6fc8658b6..7c235fc472a246 100644 --- a/deps/openssl/openssl/crypto/engine/eng_init.c +++ b/deps/openssl/openssl/crypto/engine/eng_init.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,6 +7,7 @@ * https://www.openssl.org/source/license.html */ +#include "e_os.h" #include "eng_int.h" /* diff --git a/deps/openssl/openssl/crypto/engine/eng_int.h b/deps/openssl/openssl/crypto/engine/eng_int.h index c604faddd7a0ca..b95483341e2003 100644 --- a/deps/openssl/openssl/crypto/engine/eng_int.h +++ b/deps/openssl/openssl/crypto/engine/eng_int.h @@ -1,5 +1,6 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,22 +8,13 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECDH support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ - #ifndef HEADER_ENGINE_INT_H # define HEADER_ENGINE_INT_H # include "internal/cryptlib.h" -# include -# include - -#ifdef __cplusplus -extern "C" { -#endif +# include "internal/engine.h" +# include "internal/thread_once.h" +# include "internal/refcount.h" extern CRYPTO_RWLOCK *global_engine_lock; @@ -103,7 +95,7 @@ void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb, */ int engine_unlocked_init(ENGINE *e); int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers); -int engine_free_util(ENGINE *e, int locked); +int engine_free_util(ENGINE *e, int not_locked); /* * This function will reset all "set"able values in an ENGINE to NULL. This @@ -156,7 +148,7 @@ struct engine_st { const ENGINE_CMD_DEFN *cmd_defns; int flags; /* reference count on the structure itself */ - int struct_ref; + CRYPTO_REF_COUNT struct_ref; /* * reference count on usability of the engine type. NB: This controls the * loading and initialisation of any functionality required by this @@ -176,8 +168,4 @@ typedef struct st_engine_pile ENGINE_PILE; DEFINE_LHASH_OF(ENGINE_PILE); -#ifdef __cplusplus -} -#endif - #endif /* HEADER_ENGINE_INT_H */ diff --git a/deps/openssl/openssl/crypto/engine/eng_lib.c b/deps/openssl/openssl/crypto/engine/eng_lib.c index ef8e99550334ea..9e00f2df045feb 100644 --- a/deps/openssl/openssl/crypto/engine/eng_lib.c +++ b/deps/openssl/openssl/crypto/engine/eng_lib.c @@ -7,8 +7,10 @@ * https://www.openssl.org/source/license.html */ +#include "e_os.h" #include "eng_int.h" #include +#include "internal/refcount.h" CRYPTO_RWLOCK *global_engine_lock; @@ -67,17 +69,17 @@ void engine_set_all_null(ENGINE *e) e->flags = 0; } -int engine_free_util(ENGINE *e, int locked) +int engine_free_util(ENGINE *e, int not_locked) { int i; if (e == NULL) return 1; - if (locked) - CRYPTO_atomic_add(&e->struct_ref, -1, &i, global_engine_lock); + if (not_locked) + CRYPTO_DOWN_REF(&e->struct_ref, &i, global_engine_lock); else i = --e->struct_ref; - engine_ref_debug(e, 0, -1) + engine_ref_debug(e, 0, -1); if (i > 0) return 1; REF_ASSERT_ISNT(i < 0); @@ -121,9 +123,12 @@ static int int_cleanup_check(int create) static ENGINE_CLEANUP_ITEM *int_cleanup_item(ENGINE_CLEANUP_CB *cb) { - ENGINE_CLEANUP_ITEM *item = OPENSSL_malloc(sizeof(*item)); - if (item == NULL) + ENGINE_CLEANUP_ITEM *item; + + if ((item = OPENSSL_malloc(sizeof(*item))) == NULL) { + ENGINEerr(ENGINE_F_INT_CLEANUP_ITEM, ERR_R_MALLOC_FAILURE); return NULL; + } item->cb = cb; return item; } @@ -131,6 +136,7 @@ static ENGINE_CLEANUP_ITEM *int_cleanup_item(ENGINE_CLEANUP_CB *cb) void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb) { ENGINE_CLEANUP_ITEM *item; + if (!int_cleanup_check(1)) return; item = int_cleanup_item(cb); @@ -171,12 +177,12 @@ void engine_cleanup_int(void) int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg) { - return (CRYPTO_set_ex_data(&e->ex_data, idx, arg)); + return CRYPTO_set_ex_data(&e->ex_data, idx, arg); } void *ENGINE_get_ex_data(const ENGINE *e, int idx) { - return (CRYPTO_get_ex_data(&e->ex_data, idx)); + return CRYPTO_get_ex_data(&e->ex_data, idx); } /* diff --git a/deps/openssl/openssl/crypto/engine/eng_list.c b/deps/openssl/openssl/crypto/engine/eng_list.c index f8d74c1d330fd7..45c339c54157a4 100644 --- a/deps/openssl/openssl/crypto/engine/eng_list.c +++ b/deps/openssl/openssl/crypto/engine/eng_list.c @@ -1,5 +1,6 @@ /* * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,19 +8,13 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECDH support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ - #include "eng_int.h" /* * The linked-list of pointers to engine types. engine_list_head incorporates * an implicit structural reference but engine_list_tail does not - the - * latter is a computational niceity and only points to something that is - * already pointed to by its predecessor in the list (or engine_list_head + * latter is a computational optimization and only points to something that + * is already pointed to by its predecessor in the list (or engine_list_head * itself). In the same way, the use of the "prev" pointer in each ENGINE is * to save excessive list iteration, it doesn't correspond to an extra * structural reference. Hence, engine_list_head, and each non-null "next" @@ -349,6 +344,6 @@ int ENGINE_up_ref(ENGINE *e) ENGINEerr(ENGINE_F_ENGINE_UP_REF, ERR_R_PASSED_NULL_PARAMETER); return 0; } - CRYPTO_atomic_add(&e->struct_ref, 1, &i, global_engine_lock); + CRYPTO_UP_REF(&e->struct_ref, &i, global_engine_lock); return 1; } diff --git a/deps/openssl/openssl/crypto/engine/eng_openssl.c b/deps/openssl/openssl/crypto/engine/eng_openssl.c index 9208f7eafc5026..f7ad7a5f46da59 100644 --- a/deps/openssl/openssl/crypto/engine/eng_openssl.c +++ b/deps/openssl/openssl/crypto/engine/eng_openssl.c @@ -1,5 +1,6 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,16 +8,10 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECDH support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ - #include #include #include "internal/cryptlib.h" -#include +#include "internal/engine.h" #include #include #include @@ -436,9 +431,10 @@ static int ossl_hmac_init(EVP_PKEY_CTX *ctx) { OSSL_HMAC_PKEY_CTX *hctx; - hctx = OPENSSL_zalloc(sizeof(*hctx)); - if (hctx == NULL) + if ((hctx = OPENSSL_zalloc(sizeof(*hctx))) == NULL) { + ENGINEerr(ENGINE_F_OSSL_HMAC_INIT, ERR_R_MALLOC_FAILURE); return 0; + } hctx->ktmp.type = V_ASN1_OCTET_STRING; hctx->ctx = HMAC_CTX_new(); if (hctx->ctx == NULL) { diff --git a/deps/openssl/openssl/crypto/engine/eng_rdrand.c b/deps/openssl/openssl/crypto/engine/eng_rdrand.c index b3defcbe4fdb69..261e5debbfd73b 100644 --- a/deps/openssl/openssl/crypto/engine/eng_rdrand.c +++ b/deps/openssl/openssl/crypto/engine/eng_rdrand.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,7 +11,7 @@ #include #include -#include +#include "internal/engine.h" #include #include #include @@ -20,28 +20,15 @@ defined(__x86_64) || defined(__x86_64__) || \ defined(_M_AMD64) || defined (_M_X64)) && defined(OPENSSL_CPUID_OBJ) -size_t OPENSSL_ia32_rdrand(void); +size_t OPENSSL_ia32_rdrand_bytes(unsigned char *buf, size_t len); static int get_random_bytes(unsigned char *buf, int num) { - size_t rnd; - - while (num >= (int)sizeof(size_t)) { - if ((rnd = OPENSSL_ia32_rdrand()) == 0) - return 0; - - *((size_t *)buf) = rnd; - buf += sizeof(size_t); - num -= sizeof(size_t); - } - if (num) { - if ((rnd = OPENSSL_ia32_rdrand()) == 0) - return 0; - - memcpy(buf, &rnd, num); + if (num < 0) { + return 0; } - return 1; + return (size_t)num == OPENSSL_ia32_rdrand_bytes(buf, (size_t)num); } static int random_status(void) diff --git a/deps/openssl/openssl/crypto/engine/tb_asnmth.c b/deps/openssl/openssl/crypto/engine/tb_asnmth.c index 5c7b16170390e4..4bcc76136a1098 100644 --- a/deps/openssl/openssl/crypto/engine/tb_asnmth.c +++ b/deps/openssl/openssl/crypto/engine/tb_asnmth.c @@ -7,6 +7,7 @@ * https://www.openssl.org/source/license.html */ +#include "e_os.h" #include "eng_int.h" #include #include "internal/asn1_int.h" diff --git a/deps/openssl/openssl/crypto/engine/tb_cipher.c b/deps/openssl/openssl/crypto/engine/tb_cipher.c index ac4914111540d3..faa967c475f5df 100644 --- a/deps/openssl/openssl/crypto/engine/tb_cipher.c +++ b/deps/openssl/openssl/crypto/engine/tb_cipher.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -34,7 +34,7 @@ int ENGINE_register_ciphers(ENGINE *e) return 1; } -void ENGINE_register_all_ciphers() +void ENGINE_register_all_ciphers(void) { ENGINE *e; diff --git a/deps/openssl/openssl/crypto/engine/tb_dh.c b/deps/openssl/openssl/crypto/engine/tb_dh.c index c6440df2076d82..785119f65af9de 100644 --- a/deps/openssl/openssl/crypto/engine/tb_dh.c +++ b/deps/openssl/openssl/crypto/engine/tb_dh.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -31,7 +31,7 @@ int ENGINE_register_DH(ENGINE *e) return 1; } -void ENGINE_register_all_DH() +void ENGINE_register_all_DH(void) { ENGINE *e; diff --git a/deps/openssl/openssl/crypto/engine/tb_digest.c b/deps/openssl/openssl/crypto/engine/tb_digest.c index 194b9c7e8944d7..d644b1b0a825b2 100644 --- a/deps/openssl/openssl/crypto/engine/tb_digest.c +++ b/deps/openssl/openssl/crypto/engine/tb_digest.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -34,7 +34,7 @@ int ENGINE_register_digests(ENGINE *e) return 1; } -void ENGINE_register_all_digests() +void ENGINE_register_all_digests(void) { ENGINE *e; diff --git a/deps/openssl/openssl/crypto/engine/tb_dsa.c b/deps/openssl/openssl/crypto/engine/tb_dsa.c index fdb80cd79f7e86..65b6ea8d3a0ef1 100644 --- a/deps/openssl/openssl/crypto/engine/tb_dsa.c +++ b/deps/openssl/openssl/crypto/engine/tb_dsa.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -31,7 +31,7 @@ int ENGINE_register_DSA(ENGINE *e) return 1; } -void ENGINE_register_all_DSA() +void ENGINE_register_all_DSA(void) { ENGINE *e; diff --git a/deps/openssl/openssl/crypto/engine/tb_eckey.c b/deps/openssl/openssl/crypto/engine/tb_eckey.c index 75750b29fca00a..1e50736854107d 100644 --- a/deps/openssl/openssl/crypto/engine/tb_eckey.c +++ b/deps/openssl/openssl/crypto/engine/tb_eckey.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -31,7 +31,7 @@ int ENGINE_register_EC(ENGINE *e) return 1; } -void ENGINE_register_all_EC() +void ENGINE_register_all_EC(void) { ENGINE *e; diff --git a/deps/openssl/openssl/crypto/engine/tb_pkmeth.c b/deps/openssl/openssl/crypto/engine/tb_pkmeth.c index 2e82d8551efb24..03cd1e69dd6dec 100644 --- a/deps/openssl/openssl/crypto/engine/tb_pkmeth.c +++ b/deps/openssl/openssl/crypto/engine/tb_pkmeth.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -35,7 +35,7 @@ int ENGINE_register_pkey_meths(ENGINE *e) return 1; } -void ENGINE_register_all_pkey_meths() +void ENGINE_register_all_pkey_meths(void) { ENGINE *e; diff --git a/deps/openssl/openssl/crypto/engine/tb_rand.c b/deps/openssl/openssl/crypto/engine/tb_rand.c index 225e7c81dccd26..98a98073cdd0d8 100644 --- a/deps/openssl/openssl/crypto/engine/tb_rand.c +++ b/deps/openssl/openssl/crypto/engine/tb_rand.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -31,7 +31,7 @@ int ENGINE_register_RAND(ENGINE *e) return 1; } -void ENGINE_register_all_RAND() +void ENGINE_register_all_RAND(void) { ENGINE *e; diff --git a/deps/openssl/openssl/crypto/engine/tb_rsa.c b/deps/openssl/openssl/crypto/engine/tb_rsa.c index e2cc680a9c8d78..d8d2e34f848bec 100644 --- a/deps/openssl/openssl/crypto/engine/tb_rsa.c +++ b/deps/openssl/openssl/crypto/engine/tb_rsa.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -31,7 +31,7 @@ int ENGINE_register_RSA(ENGINE *e) return 1; } -void ENGINE_register_all_RSA() +void ENGINE_register_all_RSA(void) { ENGINE *e; diff --git a/deps/openssl/openssl/crypto/err/err.c b/deps/openssl/openssl/crypto/err/err.c index 08c27a3e838518..03cbd738e19328 100644 --- a/deps/openssl/openssl/crypto/err/err.c +++ b/deps/openssl/openssl/crypto/err/err.c @@ -10,17 +10,17 @@ #include #include #include -#include -#include -#include -#include +#include "internal/cryptlib_int.h" +#include "internal/err.h" +#include "internal/err_int.h" +#include #include #include #include #include -#include +#include "internal/thread_once.h" -static void err_load_strings(int lib, ERR_STRING_DATA *str); +static int err_load_strings(const ERR_STRING_DATA *str); static void ERR_STATE_free(ERR_STATE *s); #ifndef OPENSSL_NO_ERR @@ -59,6 +59,8 @@ static ERR_STRING_DATA ERR_str_libraries[] = { {ERR_PACK(ERR_LIB_CT, 0, 0), "CT routines"}, {ERR_PACK(ERR_LIB_ASYNC, 0, 0), "ASYNC routines"}, {ERR_PACK(ERR_LIB_KDF, 0, 0), "KDF routines"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, 0), "STORE routines"}, + {ERR_PACK(ERR_LIB_SM2, 0, 0), "SM2 routines"}, {0, NULL}, }; @@ -83,6 +85,12 @@ static ERR_STRING_DATA ERR_str_functs[] = { {ERR_PACK(0, SYS_F_GETSOCKNAME, 0), "getsockname"}, {ERR_PACK(0, SYS_F_GETHOSTBYNAME, 0), "gethostbyname"}, {ERR_PACK(0, SYS_F_FFLUSH, 0), "fflush"}, + {ERR_PACK(0, SYS_F_OPEN, 0), "open"}, + {ERR_PACK(0, SYS_F_CLOSE, 0), "close"}, + {ERR_PACK(0, SYS_F_IOCTL, 0), "ioctl"}, + {ERR_PACK(0, SYS_F_STAT, 0), "stat"}, + {ERR_PACK(0, SYS_F_FCNTL, 0), "fcntl"}, + {ERR_PACK(0, SYS_F_FSTAT, 0), "fstat"}, {0, NULL}, }; @@ -103,6 +111,8 @@ static ERR_STRING_DATA ERR_str_reasons[] = { {ERR_R_PKCS7_LIB, "PKCS7 lib"}, {ERR_R_X509V3_LIB, "X509V3 lib"}, {ERR_R_ENGINE_LIB, "ENGINE lib"}, + {ERR_R_UI_LIB, "UI lib"}, + {ERR_R_OSSL_STORE_LIB, "STORE lib"}, {ERR_R_ECDSA_LIB, "ECDSA lib"}, {ERR_R_NESTED_ASN1_ERROR, "nested asn1 error"}, @@ -116,6 +126,7 @@ static ERR_STRING_DATA ERR_str_reasons[] = { {ERR_R_INTERNAL_ERROR, "internal error"}, {ERR_R_DISABLED, "called a function that was disabled at compile-time"}, {ERR_R_INIT_FAIL, "init fail"}, + {ERR_R_OPERATION_FAIL, "operation fail"}, {0, NULL}, }; @@ -153,7 +164,9 @@ static unsigned long err_string_data_hash(const ERR_STRING_DATA *a) static int err_string_data_cmp(const ERR_STRING_DATA *a, const ERR_STRING_DATA *b) { - return (int)(a->error - b->error); + if (a->error == b->error) + return 0; + return a->error > b->error ? 1 : -1; } static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d) @@ -161,8 +174,7 @@ static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d) ERR_STRING_DATA *p = NULL; CRYPTO_THREAD_read_lock(err_string_lock); - if (int_error_hash != NULL) - p = lh_ERR_STRING_DATA_retrieve(int_error_hash, d); + p = lh_ERR_STRING_DATA_retrieve(int_error_hash, d); CRYPTO_THREAD_unlock(err_string_lock); return p; @@ -199,7 +211,7 @@ static void build_SYS_str_reasons(void) for (i = 1; i <= NUM_SYS_STR_REASONS; i++) { ERR_STRING_DATA *str = &SYS_str_reasons[i - 1]; - str->error = (unsigned long)i; + str->error = ERR_PACK(ERR_LIB_SYS, 0, i); if (str->string == NULL) { char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]); if (openssl_strerror_r(i, *dest, sizeof(*dest))) @@ -217,27 +229,27 @@ static void build_SYS_str_reasons(void) init = 0; CRYPTO_THREAD_unlock(err_string_lock); + err_load_strings(SYS_str_reasons); } #endif -#define err_clear_data(p,i) \ +#define err_clear_data(p, i) \ do { \ - if ((p)->err_data_flags[i] & ERR_TXT_MALLOCED) \ - { \ + if ((p)->err_data_flags[i] & ERR_TXT_MALLOCED) {\ OPENSSL_free((p)->err_data[i]); \ - (p)->err_data[i]=NULL; \ - } \ - (p)->err_data_flags[i]=0; \ - } while(0) + (p)->err_data[i] = NULL; \ + } \ + (p)->err_data_flags[i] = 0; \ + } while (0) -#define err_clear(p,i) \ +#define err_clear(p, i) \ do { \ - (p)->err_flags[i]=0; \ - (p)->err_buffer[i]=0; \ - err_clear_data(p,i); \ - (p)->err_file[i]=NULL; \ - (p)->err_line[i]= -1; \ - } while(0) + err_clear_data(p, i); \ + (p)->err_flags[i] = 0; \ + (p)->err_buffer[i] = 0; \ + (p)->err_file[i] = NULL; \ + (p)->err_line[i] = -1; \ + } while (0) static void ERR_STATE_free(ERR_STATE *s) { @@ -245,7 +257,6 @@ static void ERR_STATE_free(ERR_STATE *s) if (s == NULL) return; - for (i = 0; i < ERR_NUM_ERRORS; i++) { err_clear_data(s, i); } @@ -257,7 +268,16 @@ DEFINE_RUN_ONCE_STATIC(do_err_strings_init) if (!OPENSSL_init_crypto(0, NULL)) return 0; err_string_lock = CRYPTO_THREAD_lock_new(); - return err_string_lock != NULL; + if (err_string_lock == NULL) + return 0; + int_error_hash = lh_ERR_STRING_DATA_new(err_string_data_hash, + err_string_data_cmp); + if (int_error_hash == NULL) { + CRYPTO_THREAD_lock_free(err_string_lock); + err_string_lock = NULL; + return 0; + } + return 1; } void err_cleanup(void) @@ -266,6 +286,32 @@ void err_cleanup(void) CRYPTO_THREAD_cleanup_local(&err_thread_local); CRYPTO_THREAD_lock_free(err_string_lock); err_string_lock = NULL; + lh_ERR_STRING_DATA_free(int_error_hash); + int_error_hash = NULL; +} + +/* + * Legacy; pack in the library. + */ +static void err_patch(int lib, ERR_STRING_DATA *str) +{ + unsigned long plib = ERR_PACK(lib, 0, 0); + + for (; str->error != 0; str++) + str->error |= plib; +} + +/* + * Hash in |str| error strings. Assumes the URN_ONCE was done. + */ +static int err_load_strings(const ERR_STRING_DATA *str) +{ + CRYPTO_THREAD_write_lock(err_string_lock); + for (; str->error; str++) + (void)lh_ERR_STRING_DATA_insert(int_error_hash, + (ERR_STRING_DATA *)str); + CRYPTO_THREAD_unlock(err_string_lock); + return 1; } int ERR_load_ERR_strings(void) @@ -274,36 +320,30 @@ int ERR_load_ERR_strings(void) if (!RUN_ONCE(&err_string_init, do_err_strings_init)) return 0; - err_load_strings(0, ERR_str_libraries); - err_load_strings(0, ERR_str_reasons); - err_load_strings(ERR_LIB_SYS, ERR_str_functs); + err_load_strings(ERR_str_libraries); + err_load_strings(ERR_str_reasons); + err_patch(ERR_LIB_SYS, ERR_str_functs); + err_load_strings(ERR_str_functs); build_SYS_str_reasons(); - err_load_strings(ERR_LIB_SYS, SYS_str_reasons); #endif return 1; } -static void err_load_strings(int lib, ERR_STRING_DATA *str) +int ERR_load_strings(int lib, ERR_STRING_DATA *str) { - CRYPTO_THREAD_write_lock(err_string_lock); - if (int_error_hash == NULL) - int_error_hash = lh_ERR_STRING_DATA_new(err_string_data_hash, - err_string_data_cmp); - if (int_error_hash != NULL) { - for (; str->error; str++) { - if (lib) - str->error |= ERR_PACK(lib, 0, 0); - (void)lh_ERR_STRING_DATA_insert(int_error_hash, str); - } - } - CRYPTO_THREAD_unlock(err_string_lock); + if (ERR_load_ERR_strings() == 0) + return 0; + + err_patch(lib, str); + err_load_strings(str); + return 1; } -int ERR_load_strings(int lib, ERR_STRING_DATA *str) +int ERR_load_strings_const(const ERR_STRING_DATA *str) { if (ERR_load_ERR_strings() == 0) return 0; - err_load_strings(lib, str); + err_load_strings(str); return 1; } @@ -313,13 +353,12 @@ int ERR_unload_strings(int lib, ERR_STRING_DATA *str) return 0; CRYPTO_THREAD_write_lock(err_string_lock); - if (int_error_hash != NULL) { - for (; str->error; str++) { - if (lib) - str->error |= ERR_PACK(lib, 0, 0); - (void)lh_ERR_STRING_DATA_delete(int_error_hash, str); - } - } + /* + * We don't need to ERR_PACK the lib, since that was done (to + * the table) when it was loaded. + */ + for (; str->error; str++) + (void)lh_ERR_STRING_DATA_delete(int_error_hash, str); CRYPTO_THREAD_unlock(err_string_lock); return 1; @@ -329,11 +368,6 @@ void err_free_strings_int(void) { if (!RUN_ONCE(&err_string_init, do_err_strings_init)) return; - - CRYPTO_THREAD_write_lock(err_string_lock); - lh_ERR_STRING_DATA_free(int_error_hash); - int_error_hash = NULL; - CRYPTO_THREAD_unlock(err_string_lock); } /********************************************************/ @@ -392,50 +426,50 @@ void ERR_clear_error(void) unsigned long ERR_get_error(void) { - return (get_error_values(1, 0, NULL, NULL, NULL, NULL)); + return get_error_values(1, 0, NULL, NULL, NULL, NULL); } unsigned long ERR_get_error_line(const char **file, int *line) { - return (get_error_values(1, 0, file, line, NULL, NULL)); + return get_error_values(1, 0, file, line, NULL, NULL); } unsigned long ERR_get_error_line_data(const char **file, int *line, const char **data, int *flags) { - return (get_error_values(1, 0, file, line, data, flags)); + return get_error_values(1, 0, file, line, data, flags); } unsigned long ERR_peek_error(void) { - return (get_error_values(0, 0, NULL, NULL, NULL, NULL)); + return get_error_values(0, 0, NULL, NULL, NULL, NULL); } unsigned long ERR_peek_error_line(const char **file, int *line) { - return (get_error_values(0, 0, file, line, NULL, NULL)); + return get_error_values(0, 0, file, line, NULL, NULL); } unsigned long ERR_peek_error_line_data(const char **file, int *line, const char **data, int *flags) { - return (get_error_values(0, 0, file, line, data, flags)); + return get_error_values(0, 0, file, line, data, flags); } unsigned long ERR_peek_last_error(void) { - return (get_error_values(0, 1, NULL, NULL, NULL, NULL)); + return get_error_values(0, 1, NULL, NULL, NULL, NULL); } unsigned long ERR_peek_last_error_line(const char **file, int *line) { - return (get_error_values(0, 1, file, line, NULL, NULL)); + return get_error_values(0, 1, file, line, NULL, NULL); } unsigned long ERR_peek_last_error_line_data(const char **file, int *line, const char **data, int *flags) { - return (get_error_values(0, 1, file, line, data, flags)); + return get_error_values(0, 1, file, line, data, flags); } static unsigned long get_error_values(int inc, int top, const char **file, @@ -476,15 +510,13 @@ static unsigned long get_error_values(int inc, int top, const char **file, es->err_buffer[i] = 0; } - if ((file != NULL) && (line != NULL)) { + if (file != NULL && line != NULL) { if (es->err_file[i] == NULL) { *file = "NA"; - if (line != NULL) - *line = 0; + *line = 0; } else { *file = es->err_file[i]; - if (line != NULL) - *line = es->err_line[i]; + *line = es->err_line[i]; } } @@ -516,45 +548,30 @@ void ERR_error_string_n(unsigned long e, char *buf, size_t len) return; l = ERR_GET_LIB(e); - f = ERR_GET_FUNC(e); - r = ERR_GET_REASON(e); - ls = ERR_lib_error_string(e); - fs = ERR_func_error_string(e); - rs = ERR_reason_error_string(e); - - if (ls == NULL) + if (ls == NULL) { BIO_snprintf(lsbuf, sizeof(lsbuf), "lib(%lu)", l); - if (fs == NULL) + ls = lsbuf; + } + + fs = ERR_func_error_string(e); + f = ERR_GET_FUNC(e); + if (fs == NULL) { BIO_snprintf(fsbuf, sizeof(fsbuf), "func(%lu)", f); - if (rs == NULL) + fs = fsbuf; + } + + rs = ERR_reason_error_string(e); + r = ERR_GET_REASON(e); + if (rs == NULL) { BIO_snprintf(rsbuf, sizeof(rsbuf), "reason(%lu)", r); + rs = rsbuf; + } - BIO_snprintf(buf, len, "error:%08lX:%s:%s:%s", e, ls ? ls : lsbuf, - fs ? fs : fsbuf, rs ? rs : rsbuf); + BIO_snprintf(buf, len, "error:%08lX:%s:%s:%s", e, ls, fs, rs); if (strlen(buf) == len - 1) { - /* - * output may be truncated; make sure we always have 5 - * colon-separated fields, i.e. 4 colons ... - */ -#define NUM_COLONS 4 - if (len > NUM_COLONS) { /* ... if possible */ - int i; - char *s = buf; - - for (i = 0; i < NUM_COLONS; i++) { - char *colon = strchr(s, ':'); - if (colon == NULL || colon > &buf[len - 1] - NUM_COLONS + i) { - /* - * set colon no. i at last possible position (buf[len-1] - * is the terminating 0) - */ - colon = &buf[len - 1] - NUM_COLONS + i; - *colon = ':'; - } - s = colon + 1; - } - } + /* Didn't fit; use a minimal format. */ + BIO_snprintf(buf, len, "err:%lx:%lx:%lx:%lx", e, l, f, r); } } @@ -568,8 +585,7 @@ char *ERR_error_string(unsigned long e, char *ret) if (ret == NULL) ret = buf; - ERR_error_string_n(e, ret, 256); - + ERR_error_string_n(e, ret, (int)sizeof(buf)); return ret; } @@ -761,28 +777,28 @@ void ERR_add_error_vdata(int num, va_list args) char *str, *p, *a; s = 80; - str = OPENSSL_malloc(s + 1); - if (str == NULL) + if ((str = OPENSSL_malloc(s + 1)) == NULL) { + /* ERRerr(ERR_F_ERR_ADD_ERROR_VDATA, ERR_R_MALLOC_FAILURE); */ return; + } str[0] = '\0'; n = 0; for (i = 0; i < num; i++) { a = va_arg(args, char *); - /* ignore NULLs, thanks to Bob Beck */ - if (a != NULL) { - n += strlen(a); - if (n > s) { - s = n + 20; - p = OPENSSL_realloc(str, s + 1); - if (p == NULL) { - OPENSSL_free(str); - return; - } - str = p; + if (a == NULL) + a = ""; + n += strlen(a); + if (n > s) { + s = n + 20; + p = OPENSSL_realloc(str, s + 1); + if (p == NULL) { + OPENSSL_free(str); + return; } - OPENSSL_strlcat(str, a, (size_t)s + 1); + str = p; } + OPENSSL_strlcat(str, a, (size_t)s + 1); } ERR_set_error_data(str, ERR_TXT_MALLOCED | ERR_TXT_STRING); } @@ -812,9 +828,7 @@ int ERR_pop_to_mark(void) while (es->bottom != es->top && (es->err_flags[es->top] & ERR_FLAG_MARK) == 0) { err_clear(es, es->top); - es->top -= 1; - if (es->top == -1) - es->top = ERR_NUM_ERRORS - 1; + es->top = es->top > 0 ? es->top - 1 : ERR_NUM_ERRORS - 1; } if (es->bottom == es->top) @@ -822,3 +836,24 @@ int ERR_pop_to_mark(void) es->err_flags[es->top] &= ~ERR_FLAG_MARK; return 1; } + +int ERR_clear_last_mark(void) +{ + ERR_STATE *es; + int top; + + es = ERR_get_state(); + if (es == NULL) + return 0; + + top = es->top; + while (es->bottom != top + && (es->err_flags[top] & ERR_FLAG_MARK) == 0) { + top = top > 0 ? top - 1 : ERR_NUM_ERRORS - 1; + } + + if (es->bottom == top) + return 0; + es->err_flags[top] &= ~ERR_FLAG_MARK; + return 1; +} diff --git a/deps/openssl/openssl/crypto/err/err_all.c b/deps/openssl/openssl/crypto/err/err_all.c index 3b1304f8e0956e..d9ec04b60676c3 100644 --- a/deps/openssl/openssl/crypto/err/err_all.c +++ b/deps/openssl/openssl/crypto/err/err_all.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,43 +9,39 @@ #include #include "internal/err_int.h" -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include #include "internal/dso.h" -#include -#include -#include +#include +#include +#include #include -#ifdef OPENSSL_FIPS -# include -#endif -#include -#include -#include -#include -#include +#include +#include +#include +#include +#include +#include int err_load_crypto_strings_int(void) { if ( -#ifdef OPENSSL_FIPS - FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata) == 0 || -#endif #ifndef OPENSSL_NO_ERR ERR_load_ERR_strings() == 0 || /* include error strings for SYSerr */ ERR_load_BN_strings() == 0 || @@ -88,12 +84,7 @@ int err_load_crypto_strings_int(void) # ifndef OPENSSL_NO_OCSP ERR_load_OCSP_strings() == 0 || # endif -#ifndef OPENSSL_NO_UI ERR_load_UI_strings() == 0 || -#endif -# ifdef OPENSSL_FIPS - ERR_load_FIPS_strings() == 0 || -# endif # ifndef OPENSSL_NO_CMS ERR_load_CMS_strings() == 0 || # endif @@ -102,7 +93,8 @@ int err_load_crypto_strings_int(void) # endif ERR_load_ASYNC_strings() == 0 || #endif - ERR_load_KDF_strings() == 0) + ERR_load_KDF_strings() == 0 || + ERR_load_OSSL_STORE_strings() == 0) return 0; return 1; diff --git a/deps/openssl/openssl/crypto/err/err_prn.c b/deps/openssl/openssl/crypto/err/err_prn.c index 6ae12515f4264e..c82e62947ed3c3 100644 --- a/deps/openssl/openssl/crypto/err/err_prn.c +++ b/deps/openssl/openssl/crypto/err/err_prn.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,7 +9,6 @@ #include #include "internal/cryptlib.h" -#include #include #include #include diff --git a/deps/openssl/openssl/crypto/err/openssl.ec b/deps/openssl/openssl/crypto/err/openssl.ec index 15d151f3af9249..3e092eae0a2b87 100644 --- a/deps/openssl/openssl/crypto/err/openssl.ec +++ b/deps/openssl/openssl/crypto/err/openssl.ec @@ -1,99 +1,78 @@ -# crypto/err/openssl.ec - # configuration file for util/mkerr.pl -# files that may have to be rewritten by util/mkerr.pl -L ERR NONE NONE -L BN include/openssl/bn.h crypto/bn/bn_err.c -L RSA include/openssl/rsa.h crypto/rsa/rsa_err.c -L DH include/openssl/dh.h crypto/dh/dh_err.c -L EVP include/openssl/evp.h crypto/evp/evp_err.c -L BUF include/openssl/buffer.h crypto/buffer/buf_err.c -L OBJ include/openssl/objects.h crypto/objects/obj_err.c -L PEM include/openssl/pem.h crypto/pem/pem_err.c -L DSA include/openssl/dsa.h crypto/dsa/dsa_err.c -L X509 include/openssl/x509.h crypto/x509/x509_err.c -L ASN1 include/openssl/asn1.h crypto/asn1/asn1_err.c -L CONF include/openssl/conf.h crypto/conf/conf_err.c -L CRYPTO include/openssl/crypto.h crypto/cpt_err.c -L EC include/openssl/ec.h crypto/ec/ec_err.c -L SSL include/openssl/ssl.h ssl/ssl_err.c -L BIO include/openssl/bio.h crypto/bio/bio_err.c -L PKCS7 include/openssl/pkcs7.h crypto/pkcs7/pkcs7err.c -L X509V3 include/openssl/x509v3.h crypto/x509v3/v3err.c -L PKCS12 include/openssl/pkcs12.h crypto/pkcs12/pk12err.c -L RAND include/openssl/rand.h crypto/rand/rand_err.c -L DSO include/internal/dso.h crypto/dso/dso_err.c -L ENGINE include/openssl/engine.h crypto/engine/eng_err.c -L OCSP include/openssl/ocsp.h crypto/ocsp/ocsp_err.c -L UI include/openssl/ui.h crypto/ui/ui_err.c -L COMP include/openssl/comp.h crypto/comp/comp_err.c -L TS include/openssl/ts.h crypto/ts/ts_err.c -#L HMAC include/openssl/hmac.h crypto/hmac/hmac_err.c -L CMS include/openssl/cms.h crypto/cms/cms_err.c -#L FIPS include/openssl/fips.h crypto/fips_err.h -L CT include/openssl/ct.h crypto/ct/ct_err.c -L ASYNC include/openssl/async.h crypto/async/async_err.c -L KDF include/openssl/kdf.h crypto/kdf/kdf_err.c +# The INPUT HEADER is scanned for declarations +# LIBNAME INPUT HEADER ERROR-TABLE FILE +L ERR NONE NONE +L BN include/openssl/bn.h crypto/bn/bn_err.c +L RSA include/openssl/rsa.h crypto/rsa/rsa_err.c +L DH include/openssl/dh.h crypto/dh/dh_err.c +L EVP include/openssl/evp.h crypto/evp/evp_err.c +L BUF include/openssl/buffer.h crypto/buffer/buf_err.c +L OBJ include/openssl/objects.h crypto/objects/obj_err.c +L PEM include/openssl/pem.h crypto/pem/pem_err.c +L DSA include/openssl/dsa.h crypto/dsa/dsa_err.c +L X509 include/openssl/x509.h crypto/x509/x509_err.c +L ASN1 include/openssl/asn1.h crypto/asn1/asn1_err.c +L CONF include/openssl/conf.h crypto/conf/conf_err.c +L CRYPTO include/openssl/crypto.h crypto/cpt_err.c +L EC include/openssl/ec.h crypto/ec/ec_err.c +L SSL include/openssl/ssl.h ssl/ssl_err.c +L BIO include/openssl/bio.h crypto/bio/bio_err.c +L PKCS7 include/openssl/pkcs7.h crypto/pkcs7/pkcs7err.c +L X509V3 include/openssl/x509v3.h crypto/x509v3/v3err.c +L PKCS12 include/openssl/pkcs12.h crypto/pkcs12/pk12err.c +L RAND include/openssl/rand.h crypto/rand/rand_err.c +L DSO include/internal/dso.h crypto/dso/dso_err.c +L ENGINE include/openssl/engine.h crypto/engine/eng_err.c +L OCSP include/openssl/ocsp.h crypto/ocsp/ocsp_err.c +L UI include/openssl/ui.h crypto/ui/ui_err.c +L COMP include/openssl/comp.h crypto/comp/comp_err.c +L TS include/openssl/ts.h crypto/ts/ts_err.c +L CMS include/openssl/cms.h crypto/cms/cms_err.c +L CT include/openssl/ct.h crypto/ct/ct_err.c +L ASYNC include/openssl/async.h crypto/async/async_err.c +L KDF include/openssl/kdf.h crypto/kdf/kdf_err.c +L SM2 crypto/include/internal/sm2.h crypto/sm2/sm2_err.c +L OSSL_STORE include/openssl/store.h crypto/store/store_err.c # additional header files to be scanned for function names -L NONE include/openssl/x509_vfy.h NONE -L NONE crypto/ec/ec_lcl.h NONE -L NONE crypto/cms/cms_lcl.h NONE -L NONE crypto/ct/ct_locl.h NONE -#L NONE fips/rand/fips_rand.h NONE -L NONE ssl/ssl_locl.h NONE - -F RSAREF_F_RSA_BN2BIN -F RSAREF_F_RSA_PRIVATE_DECRYPT -F RSAREF_F_RSA_PRIVATE_ENCRYPT -F RSAREF_F_RSA_PUBLIC_DECRYPT -F RSAREF_F_RSA_PUBLIC_ENCRYPT - -R SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 -R SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 -R SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 -R SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 -R SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030 -R SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 -R SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 -R SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 -R SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 -R SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044 -R SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 -R SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046 -R SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 -R SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 -R SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 -R SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 -R SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 -R SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 -R SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 -R SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 -R SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 -R SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 -R SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 -R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 -R SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 -R SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 -R SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 -R SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 -R SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 -R TLS1_AD_UNKNOWN_PSK_IDENTITY 1115 -R TLS1_AD_NO_APPLICATION_PROTOCOL 1120 - -R RSAREF_R_CONTENT_ENCODING 0x0400 -R RSAREF_R_DATA 0x0401 -R RSAREF_R_DIGEST_ALGORITHM 0x0402 -R RSAREF_R_ENCODING 0x0403 -R RSAREF_R_KEY 0x0404 -R RSAREF_R_KEY_ENCODING 0x0405 -R RSAREF_R_LEN 0x0406 -R RSAREF_R_MODULUS_LEN 0x0407 -R RSAREF_R_NEED_RANDOM 0x0408 -R RSAREF_R_PRIVATE_KEY 0x0409 -R RSAREF_R_PUBLIC_KEY 0x040a -R RSAREF_R_SIGNATURE 0x040b -R RSAREF_R_SIGNATURE_ENCODING 0x040c -R RSAREF_R_ENCRYPTION_ALGORITHM 0x040d +L NONE include/openssl/x509_vfy.h NONE +L NONE crypto/ec/ec_lcl.h NONE +L NONE crypto/cms/cms_lcl.h NONE +L NONE crypto/ct/ct_locl.h NONE +L NONE ssl/ssl_locl.h NONE +# SSL/TLS alerts +R SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 +R SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 +R SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 +R SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 +R SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030 +R SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 +R SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 +R SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 +R SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 +R SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044 +R SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 +R SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046 +R SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 +R SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 +R SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 +R SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 +R SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 +R SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 +R SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 +R SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 +R SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 +R SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 +R SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 +R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 +R SSL_R_TLSV13_ALERT_MISSING_EXTENSION 1109 +R SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 +R SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 +R SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 +R SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 +R SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 +R TLS1_AD_UNKNOWN_PSK_IDENTITY 1115 +R SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED 1116 +R TLS1_AD_NO_APPLICATION_PROTOCOL 1120 diff --git a/deps/openssl/openssl/crypto/err/openssl.txt b/deps/openssl/openssl/crypto/err/openssl.txt new file mode 100644 index 00000000000000..5003d8735a4d23 --- /dev/null +++ b/deps/openssl/openssl/crypto/err/openssl.txt @@ -0,0 +1,3026 @@ +# Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# Function codes +ASN1_F_A2D_ASN1_OBJECT:100:a2d_ASN1_OBJECT +ASN1_F_A2I_ASN1_INTEGER:102:a2i_ASN1_INTEGER +ASN1_F_A2I_ASN1_STRING:103:a2i_ASN1_STRING +ASN1_F_APPEND_EXP:176:append_exp +ASN1_F_ASN1_BIO_INIT:113:asn1_bio_init +ASN1_F_ASN1_BIT_STRING_SET_BIT:183:ASN1_BIT_STRING_set_bit +ASN1_F_ASN1_CB:177:asn1_cb +ASN1_F_ASN1_CHECK_TLEN:104:asn1_check_tlen +ASN1_F_ASN1_COLLECT:106:asn1_collect +ASN1_F_ASN1_D2I_EX_PRIMITIVE:108:asn1_d2i_ex_primitive +ASN1_F_ASN1_D2I_FP:109:ASN1_d2i_fp +ASN1_F_ASN1_D2I_READ_BIO:107:asn1_d2i_read_bio +ASN1_F_ASN1_DIGEST:184:ASN1_digest +ASN1_F_ASN1_DO_ADB:110:asn1_do_adb +ASN1_F_ASN1_DO_LOCK:233:asn1_do_lock +ASN1_F_ASN1_DUP:111:ASN1_dup +ASN1_F_ASN1_ENC_SAVE:115:asn1_enc_save +ASN1_F_ASN1_EX_C2I:204:asn1_ex_c2i +ASN1_F_ASN1_FIND_END:190:asn1_find_end +ASN1_F_ASN1_GENERALIZEDTIME_ADJ:216:ASN1_GENERALIZEDTIME_adj +ASN1_F_ASN1_GENERATE_V3:178:ASN1_generate_v3 +ASN1_F_ASN1_GET_INT64:224:asn1_get_int64 +ASN1_F_ASN1_GET_OBJECT:114:ASN1_get_object +ASN1_F_ASN1_GET_UINT64:225:asn1_get_uint64 +ASN1_F_ASN1_I2D_BIO:116:ASN1_i2d_bio +ASN1_F_ASN1_I2D_FP:117:ASN1_i2d_fp +ASN1_F_ASN1_ITEM_D2I_FP:206:ASN1_item_d2i_fp +ASN1_F_ASN1_ITEM_DUP:191:ASN1_item_dup +ASN1_F_ASN1_ITEM_EMBED_D2I:120:asn1_item_embed_d2i +ASN1_F_ASN1_ITEM_EMBED_NEW:121:asn1_item_embed_new +ASN1_F_ASN1_ITEM_FLAGS_I2D:118:asn1_item_flags_i2d +ASN1_F_ASN1_ITEM_I2D_BIO:192:ASN1_item_i2d_bio +ASN1_F_ASN1_ITEM_I2D_FP:193:ASN1_item_i2d_fp +ASN1_F_ASN1_ITEM_PACK:198:ASN1_item_pack +ASN1_F_ASN1_ITEM_SIGN:195:ASN1_item_sign +ASN1_F_ASN1_ITEM_SIGN_CTX:220:ASN1_item_sign_ctx +ASN1_F_ASN1_ITEM_UNPACK:199:ASN1_item_unpack +ASN1_F_ASN1_ITEM_VERIFY:197:ASN1_item_verify +ASN1_F_ASN1_MBSTRING_NCOPY:122:ASN1_mbstring_ncopy +ASN1_F_ASN1_OBJECT_NEW:123:ASN1_OBJECT_new +ASN1_F_ASN1_OUTPUT_DATA:214:asn1_output_data +ASN1_F_ASN1_PCTX_NEW:205:ASN1_PCTX_new +ASN1_F_ASN1_PRIMITIVE_NEW:119:asn1_primitive_new +ASN1_F_ASN1_SCTX_NEW:221:ASN1_SCTX_new +ASN1_F_ASN1_SIGN:128:ASN1_sign +ASN1_F_ASN1_STR2TYPE:179:asn1_str2type +ASN1_F_ASN1_STRING_GET_INT64:227:asn1_string_get_int64 +ASN1_F_ASN1_STRING_GET_UINT64:230:asn1_string_get_uint64 +ASN1_F_ASN1_STRING_SET:186:ASN1_STRING_set +ASN1_F_ASN1_STRING_TABLE_ADD:129:ASN1_STRING_TABLE_add +ASN1_F_ASN1_STRING_TO_BN:228:asn1_string_to_bn +ASN1_F_ASN1_STRING_TYPE_NEW:130:ASN1_STRING_type_new +ASN1_F_ASN1_TEMPLATE_EX_D2I:132:asn1_template_ex_d2i +ASN1_F_ASN1_TEMPLATE_NEW:133:asn1_template_new +ASN1_F_ASN1_TEMPLATE_NOEXP_D2I:131:asn1_template_noexp_d2i +ASN1_F_ASN1_TIME_ADJ:217:ASN1_TIME_adj +ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING:134:ASN1_TYPE_get_int_octetstring +ASN1_F_ASN1_TYPE_GET_OCTETSTRING:135:ASN1_TYPE_get_octetstring +ASN1_F_ASN1_UTCTIME_ADJ:218:ASN1_UTCTIME_adj +ASN1_F_ASN1_VERIFY:137:ASN1_verify +ASN1_F_B64_READ_ASN1:209:b64_read_asn1 +ASN1_F_B64_WRITE_ASN1:210:B64_write_ASN1 +ASN1_F_BIO_NEW_NDEF:208:BIO_new_NDEF +ASN1_F_BITSTR_CB:180:bitstr_cb +ASN1_F_BN_TO_ASN1_STRING:229:bn_to_asn1_string +ASN1_F_C2I_ASN1_BIT_STRING:189:c2i_ASN1_BIT_STRING +ASN1_F_C2I_ASN1_INTEGER:194:c2i_ASN1_INTEGER +ASN1_F_C2I_ASN1_OBJECT:196:c2i_ASN1_OBJECT +ASN1_F_C2I_IBUF:226:c2i_ibuf +ASN1_F_C2I_UINT64_INT:101:c2i_uint64_int +ASN1_F_COLLECT_DATA:140:collect_data +ASN1_F_D2I_ASN1_OBJECT:147:d2i_ASN1_OBJECT +ASN1_F_D2I_ASN1_UINTEGER:150:d2i_ASN1_UINTEGER +ASN1_F_D2I_AUTOPRIVATEKEY:207:d2i_AutoPrivateKey +ASN1_F_D2I_PRIVATEKEY:154:d2i_PrivateKey +ASN1_F_D2I_PUBLICKEY:155:d2i_PublicKey +ASN1_F_DO_BUF:142:do_buf +ASN1_F_DO_CREATE:124:do_create +ASN1_F_DO_DUMP:125:do_dump +ASN1_F_DO_TCREATE:222:do_tcreate +ASN1_F_I2A_ASN1_OBJECT:126:i2a_ASN1_OBJECT +ASN1_F_I2D_ASN1_BIO_STREAM:211:i2d_ASN1_bio_stream +ASN1_F_I2D_ASN1_OBJECT:143:i2d_ASN1_OBJECT +ASN1_F_I2D_DSA_PUBKEY:161:i2d_DSA_PUBKEY +ASN1_F_I2D_EC_PUBKEY:181:i2d_EC_PUBKEY +ASN1_F_I2D_PRIVATEKEY:163:i2d_PrivateKey +ASN1_F_I2D_PUBLICKEY:164:i2d_PublicKey +ASN1_F_I2D_RSA_PUBKEY:165:i2d_RSA_PUBKEY +ASN1_F_LONG_C2I:166:long_c2i +ASN1_F_NDEF_PREFIX:127:ndef_prefix +ASN1_F_NDEF_SUFFIX:136:ndef_suffix +ASN1_F_OID_MODULE_INIT:174:oid_module_init +ASN1_F_PARSE_TAGGING:182:parse_tagging +ASN1_F_PKCS5_PBE2_SET_IV:167:PKCS5_pbe2_set_iv +ASN1_F_PKCS5_PBE2_SET_SCRYPT:231:PKCS5_pbe2_set_scrypt +ASN1_F_PKCS5_PBE_SET:202:PKCS5_pbe_set +ASN1_F_PKCS5_PBE_SET0_ALGOR:215:PKCS5_pbe_set0_algor +ASN1_F_PKCS5_PBKDF2_SET:219:PKCS5_pbkdf2_set +ASN1_F_PKCS5_SCRYPT_SET:232:pkcs5_scrypt_set +ASN1_F_SMIME_READ_ASN1:212:SMIME_read_ASN1 +ASN1_F_SMIME_TEXT:213:SMIME_text +ASN1_F_STABLE_GET:138:stable_get +ASN1_F_STBL_MODULE_INIT:223:stbl_module_init +ASN1_F_UINT32_C2I:105:uint32_c2i +ASN1_F_UINT32_NEW:139:uint32_new +ASN1_F_UINT64_C2I:112:uint64_c2i +ASN1_F_UINT64_NEW:141:uint64_new +ASN1_F_X509_CRL_ADD0_REVOKED:169:X509_CRL_add0_revoked +ASN1_F_X509_INFO_NEW:170:X509_INFO_new +ASN1_F_X509_NAME_ENCODE:203:x509_name_encode +ASN1_F_X509_NAME_EX_D2I:158:x509_name_ex_d2i +ASN1_F_X509_NAME_EX_NEW:171:x509_name_ex_new +ASN1_F_X509_PKEY_NEW:173:X509_PKEY_new +ASYNC_F_ASYNC_CTX_NEW:100:async_ctx_new +ASYNC_F_ASYNC_INIT_THREAD:101:ASYNC_init_thread +ASYNC_F_ASYNC_JOB_NEW:102:async_job_new +ASYNC_F_ASYNC_PAUSE_JOB:103:ASYNC_pause_job +ASYNC_F_ASYNC_START_FUNC:104:async_start_func +ASYNC_F_ASYNC_START_JOB:105:ASYNC_start_job +ASYNC_F_ASYNC_WAIT_CTX_SET_WAIT_FD:106:ASYNC_WAIT_CTX_set_wait_fd +BIO_F_ACPT_STATE:100:acpt_state +BIO_F_ADDRINFO_WRAP:148:addrinfo_wrap +BIO_F_ADDR_STRINGS:134:addr_strings +BIO_F_BIO_ACCEPT:101:BIO_accept +BIO_F_BIO_ACCEPT_EX:137:BIO_accept_ex +BIO_F_BIO_ACCEPT_NEW:152:BIO_ACCEPT_new +BIO_F_BIO_ADDR_NEW:144:BIO_ADDR_new +BIO_F_BIO_BIND:147:BIO_bind +BIO_F_BIO_CALLBACK_CTRL:131:BIO_callback_ctrl +BIO_F_BIO_CONNECT:138:BIO_connect +BIO_F_BIO_CONNECT_NEW:153:BIO_CONNECT_new +BIO_F_BIO_CTRL:103:BIO_ctrl +BIO_F_BIO_GETS:104:BIO_gets +BIO_F_BIO_GET_HOST_IP:106:BIO_get_host_ip +BIO_F_BIO_GET_NEW_INDEX:102:BIO_get_new_index +BIO_F_BIO_GET_PORT:107:BIO_get_port +BIO_F_BIO_LISTEN:139:BIO_listen +BIO_F_BIO_LOOKUP:135:BIO_lookup +BIO_F_BIO_LOOKUP_EX:143:BIO_lookup_ex +BIO_F_BIO_MAKE_PAIR:121:bio_make_pair +BIO_F_BIO_METH_NEW:146:BIO_meth_new +BIO_F_BIO_NEW:108:BIO_new +BIO_F_BIO_NEW_DGRAM_SCTP:145:BIO_new_dgram_sctp +BIO_F_BIO_NEW_FILE:109:BIO_new_file +BIO_F_BIO_NEW_MEM_BUF:126:BIO_new_mem_buf +BIO_F_BIO_NREAD:123:BIO_nread +BIO_F_BIO_NREAD0:124:BIO_nread0 +BIO_F_BIO_NWRITE:125:BIO_nwrite +BIO_F_BIO_NWRITE0:122:BIO_nwrite0 +BIO_F_BIO_PARSE_HOSTSERV:136:BIO_parse_hostserv +BIO_F_BIO_PUTS:110:BIO_puts +BIO_F_BIO_READ:111:BIO_read +BIO_F_BIO_READ_EX:105:BIO_read_ex +BIO_F_BIO_READ_INTERN:120:bio_read_intern +BIO_F_BIO_SOCKET:140:BIO_socket +BIO_F_BIO_SOCKET_NBIO:142:BIO_socket_nbio +BIO_F_BIO_SOCK_INFO:141:BIO_sock_info +BIO_F_BIO_SOCK_INIT:112:BIO_sock_init +BIO_F_BIO_WRITE:113:BIO_write +BIO_F_BIO_WRITE_EX:119:BIO_write_ex +BIO_F_BIO_WRITE_INTERN:128:bio_write_intern +BIO_F_BUFFER_CTRL:114:buffer_ctrl +BIO_F_CONN_CTRL:127:conn_ctrl +BIO_F_CONN_STATE:115:conn_state +BIO_F_DGRAM_SCTP_NEW:149:dgram_sctp_new +BIO_F_DGRAM_SCTP_READ:132:dgram_sctp_read +BIO_F_DGRAM_SCTP_WRITE:133:dgram_sctp_write +BIO_F_DOAPR_OUTCH:150:doapr_outch +BIO_F_FILE_CTRL:116:file_ctrl +BIO_F_FILE_READ:130:file_read +BIO_F_LINEBUFFER_CTRL:129:linebuffer_ctrl +BIO_F_LINEBUFFER_NEW:151:linebuffer_new +BIO_F_MEM_WRITE:117:mem_write +BIO_F_NBIOF_NEW:154:nbiof_new +BIO_F_SLG_WRITE:155:slg_write +BIO_F_SSL_NEW:118:SSL_new +BN_F_BNRAND:127:bnrand +BN_F_BNRAND_RANGE:138:bnrand_range +BN_F_BN_BLINDING_CONVERT_EX:100:BN_BLINDING_convert_ex +BN_F_BN_BLINDING_CREATE_PARAM:128:BN_BLINDING_create_param +BN_F_BN_BLINDING_INVERT_EX:101:BN_BLINDING_invert_ex +BN_F_BN_BLINDING_NEW:102:BN_BLINDING_new +BN_F_BN_BLINDING_UPDATE:103:BN_BLINDING_update +BN_F_BN_BN2DEC:104:BN_bn2dec +BN_F_BN_BN2HEX:105:BN_bn2hex +BN_F_BN_COMPUTE_WNAF:142:bn_compute_wNAF +BN_F_BN_CTX_GET:116:BN_CTX_get +BN_F_BN_CTX_NEW:106:BN_CTX_new +BN_F_BN_CTX_START:129:BN_CTX_start +BN_F_BN_DIV:107:BN_div +BN_F_BN_DIV_RECP:130:BN_div_recp +BN_F_BN_EXP:123:BN_exp +BN_F_BN_EXPAND_INTERNAL:120:bn_expand_internal +BN_F_BN_GENCB_NEW:143:BN_GENCB_new +BN_F_BN_GENERATE_DSA_NONCE:140:BN_generate_dsa_nonce +BN_F_BN_GENERATE_PRIME_EX:141:BN_generate_prime_ex +BN_F_BN_GF2M_MOD:131:BN_GF2m_mod +BN_F_BN_GF2M_MOD_EXP:132:BN_GF2m_mod_exp +BN_F_BN_GF2M_MOD_MUL:133:BN_GF2m_mod_mul +BN_F_BN_GF2M_MOD_SOLVE_QUAD:134:BN_GF2m_mod_solve_quad +BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR:135:BN_GF2m_mod_solve_quad_arr +BN_F_BN_GF2M_MOD_SQR:136:BN_GF2m_mod_sqr +BN_F_BN_GF2M_MOD_SQRT:137:BN_GF2m_mod_sqrt +BN_F_BN_LSHIFT:145:BN_lshift +BN_F_BN_MOD_EXP2_MONT:118:BN_mod_exp2_mont +BN_F_BN_MOD_EXP_MONT:109:BN_mod_exp_mont +BN_F_BN_MOD_EXP_MONT_CONSTTIME:124:BN_mod_exp_mont_consttime +BN_F_BN_MOD_EXP_MONT_WORD:117:BN_mod_exp_mont_word +BN_F_BN_MOD_EXP_RECP:125:BN_mod_exp_recp +BN_F_BN_MOD_EXP_SIMPLE:126:BN_mod_exp_simple +BN_F_BN_MOD_INVERSE:110:BN_mod_inverse +BN_F_BN_MOD_INVERSE_NO_BRANCH:139:BN_mod_inverse_no_branch +BN_F_BN_MOD_LSHIFT_QUICK:119:BN_mod_lshift_quick +BN_F_BN_MOD_SQRT:121:BN_mod_sqrt +BN_F_BN_MONT_CTX_NEW:149:BN_MONT_CTX_new +BN_F_BN_MPI2BN:112:BN_mpi2bn +BN_F_BN_NEW:113:BN_new +BN_F_BN_POOL_GET:147:BN_POOL_get +BN_F_BN_RAND:114:BN_rand +BN_F_BN_RAND_RANGE:122:BN_rand_range +BN_F_BN_RECP_CTX_NEW:150:BN_RECP_CTX_new +BN_F_BN_RSHIFT:146:BN_rshift +BN_F_BN_SET_WORDS:144:bn_set_words +BN_F_BN_STACK_PUSH:148:BN_STACK_push +BN_F_BN_USUB:115:BN_usub +BUF_F_BUF_MEM_GROW:100:BUF_MEM_grow +BUF_F_BUF_MEM_GROW_CLEAN:105:BUF_MEM_grow_clean +BUF_F_BUF_MEM_NEW:101:BUF_MEM_new +CMS_F_CHECK_CONTENT:99:check_content +CMS_F_CMS_ADD0_CERT:164:CMS_add0_cert +CMS_F_CMS_ADD0_RECIPIENT_KEY:100:CMS_add0_recipient_key +CMS_F_CMS_ADD0_RECIPIENT_PASSWORD:165:CMS_add0_recipient_password +CMS_F_CMS_ADD1_RECEIPTREQUEST:158:CMS_add1_ReceiptRequest +CMS_F_CMS_ADD1_RECIPIENT_CERT:101:CMS_add1_recipient_cert +CMS_F_CMS_ADD1_SIGNER:102:CMS_add1_signer +CMS_F_CMS_ADD1_SIGNINGTIME:103:cms_add1_signingTime +CMS_F_CMS_COMPRESS:104:CMS_compress +CMS_F_CMS_COMPRESSEDDATA_CREATE:105:cms_CompressedData_create +CMS_F_CMS_COMPRESSEDDATA_INIT_BIO:106:cms_CompressedData_init_bio +CMS_F_CMS_COPY_CONTENT:107:cms_copy_content +CMS_F_CMS_COPY_MESSAGEDIGEST:108:cms_copy_messageDigest +CMS_F_CMS_DATA:109:CMS_data +CMS_F_CMS_DATAFINAL:110:CMS_dataFinal +CMS_F_CMS_DATAINIT:111:CMS_dataInit +CMS_F_CMS_DECRYPT:112:CMS_decrypt +CMS_F_CMS_DECRYPT_SET1_KEY:113:CMS_decrypt_set1_key +CMS_F_CMS_DECRYPT_SET1_PASSWORD:166:CMS_decrypt_set1_password +CMS_F_CMS_DECRYPT_SET1_PKEY:114:CMS_decrypt_set1_pkey +CMS_F_CMS_DIGESTALGORITHM_FIND_CTX:115:cms_DigestAlgorithm_find_ctx +CMS_F_CMS_DIGESTALGORITHM_INIT_BIO:116:cms_DigestAlgorithm_init_bio +CMS_F_CMS_DIGESTEDDATA_DO_FINAL:117:cms_DigestedData_do_final +CMS_F_CMS_DIGEST_VERIFY:118:CMS_digest_verify +CMS_F_CMS_ENCODE_RECEIPT:161:cms_encode_Receipt +CMS_F_CMS_ENCRYPT:119:CMS_encrypt +CMS_F_CMS_ENCRYPTEDCONTENT_INIT:179:cms_EncryptedContent_init +CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO:120:cms_EncryptedContent_init_bio +CMS_F_CMS_ENCRYPTEDDATA_DECRYPT:121:CMS_EncryptedData_decrypt +CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT:122:CMS_EncryptedData_encrypt +CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY:123:CMS_EncryptedData_set1_key +CMS_F_CMS_ENVELOPEDDATA_CREATE:124:CMS_EnvelopedData_create +CMS_F_CMS_ENVELOPEDDATA_INIT_BIO:125:cms_EnvelopedData_init_bio +CMS_F_CMS_ENVELOPED_DATA_INIT:126:cms_enveloped_data_init +CMS_F_CMS_ENV_ASN1_CTRL:171:cms_env_asn1_ctrl +CMS_F_CMS_FINAL:127:CMS_final +CMS_F_CMS_GET0_CERTIFICATE_CHOICES:128:cms_get0_certificate_choices +CMS_F_CMS_GET0_CONTENT:129:CMS_get0_content +CMS_F_CMS_GET0_ECONTENT_TYPE:130:cms_get0_econtent_type +CMS_F_CMS_GET0_ENVELOPED:131:cms_get0_enveloped +CMS_F_CMS_GET0_REVOCATION_CHOICES:132:cms_get0_revocation_choices +CMS_F_CMS_GET0_SIGNED:133:cms_get0_signed +CMS_F_CMS_MSGSIGDIGEST_ADD1:162:cms_msgSigDigest_add1 +CMS_F_CMS_RECEIPTREQUEST_CREATE0:159:CMS_ReceiptRequest_create0 +CMS_F_CMS_RECEIPT_VERIFY:160:cms_Receipt_verify +CMS_F_CMS_RECIPIENTINFO_DECRYPT:134:CMS_RecipientInfo_decrypt +CMS_F_CMS_RECIPIENTINFO_ENCRYPT:169:CMS_RecipientInfo_encrypt +CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT:178:cms_RecipientInfo_kari_encrypt +CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG:175:CMS_RecipientInfo_kari_get0_alg +CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID:173:\ + CMS_RecipientInfo_kari_get0_orig_id +CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS:172:CMS_RecipientInfo_kari_get0_reks +CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP:174:CMS_RecipientInfo_kari_orig_id_cmp +CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT:135:cms_RecipientInfo_kekri_decrypt +CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT:136:cms_RecipientInfo_kekri_encrypt +CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID:137:CMS_RecipientInfo_kekri_get0_id +CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP:138:CMS_RecipientInfo_kekri_id_cmp +CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP:139:CMS_RecipientInfo_ktri_cert_cmp +CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT:140:cms_RecipientInfo_ktri_decrypt +CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT:141:cms_RecipientInfo_ktri_encrypt +CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS:142:CMS_RecipientInfo_ktri_get0_algs +CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID:143:\ + CMS_RecipientInfo_ktri_get0_signer_id +CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT:167:cms_RecipientInfo_pwri_crypt +CMS_F_CMS_RECIPIENTINFO_SET0_KEY:144:CMS_RecipientInfo_set0_key +CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD:168:CMS_RecipientInfo_set0_password +CMS_F_CMS_RECIPIENTINFO_SET0_PKEY:145:CMS_RecipientInfo_set0_pkey +CMS_F_CMS_SD_ASN1_CTRL:170:cms_sd_asn1_ctrl +CMS_F_CMS_SET1_IAS:176:cms_set1_ias +CMS_F_CMS_SET1_KEYID:177:cms_set1_keyid +CMS_F_CMS_SET1_SIGNERIDENTIFIER:146:cms_set1_SignerIdentifier +CMS_F_CMS_SET_DETACHED:147:CMS_set_detached +CMS_F_CMS_SIGN:148:CMS_sign +CMS_F_CMS_SIGNED_DATA_INIT:149:cms_signed_data_init +CMS_F_CMS_SIGNERINFO_CONTENT_SIGN:150:cms_SignerInfo_content_sign +CMS_F_CMS_SIGNERINFO_SIGN:151:CMS_SignerInfo_sign +CMS_F_CMS_SIGNERINFO_VERIFY:152:CMS_SignerInfo_verify +CMS_F_CMS_SIGNERINFO_VERIFY_CERT:153:cms_signerinfo_verify_cert +CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT:154:CMS_SignerInfo_verify_content +CMS_F_CMS_SIGN_RECEIPT:163:CMS_sign_receipt +CMS_F_CMS_STREAM:155:CMS_stream +CMS_F_CMS_UNCOMPRESS:156:CMS_uncompress +CMS_F_CMS_VERIFY:157:CMS_verify +CMS_F_KEK_UNWRAP_KEY:180:kek_unwrap_key +COMP_F_BIO_ZLIB_FLUSH:99:bio_zlib_flush +COMP_F_BIO_ZLIB_NEW:100:bio_zlib_new +COMP_F_BIO_ZLIB_READ:101:bio_zlib_read +COMP_F_BIO_ZLIB_WRITE:102:bio_zlib_write +COMP_F_COMP_CTX_NEW:103:COMP_CTX_new +CONF_F_CONF_DUMP_FP:104:CONF_dump_fp +CONF_F_CONF_LOAD:100:CONF_load +CONF_F_CONF_LOAD_FP:103:CONF_load_fp +CONF_F_CONF_PARSE_LIST:119:CONF_parse_list +CONF_F_DEF_LOAD:120:def_load +CONF_F_DEF_LOAD_BIO:121:def_load_bio +CONF_F_GET_NEXT_FILE:107:get_next_file +CONF_F_MODULE_ADD:122:module_add +CONF_F_MODULE_INIT:115:module_init +CONF_F_MODULE_LOAD_DSO:117:module_load_dso +CONF_F_MODULE_RUN:118:module_run +CONF_F_NCONF_DUMP_BIO:105:NCONF_dump_bio +CONF_F_NCONF_DUMP_FP:106:NCONF_dump_fp +CONF_F_NCONF_GET_NUMBER_E:112:NCONF_get_number_e +CONF_F_NCONF_GET_SECTION:108:NCONF_get_section +CONF_F_NCONF_GET_STRING:109:NCONF_get_string +CONF_F_NCONF_LOAD:113:NCONF_load +CONF_F_NCONF_LOAD_BIO:110:NCONF_load_bio +CONF_F_NCONF_LOAD_FP:114:NCONF_load_fp +CONF_F_NCONF_NEW:111:NCONF_new +CONF_F_PROCESS_INCLUDE:116:process_include +CONF_F_SSL_MODULE_INIT:123:ssl_module_init +CONF_F_STR_COPY:101:str_copy +CRYPTO_F_CMAC_CTX_NEW:120:CMAC_CTX_new +CRYPTO_F_CRYPTO_DUP_EX_DATA:110:CRYPTO_dup_ex_data +CRYPTO_F_CRYPTO_FREE_EX_DATA:111:CRYPTO_free_ex_data +CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX:100:CRYPTO_get_ex_new_index +CRYPTO_F_CRYPTO_MEMDUP:115:CRYPTO_memdup +CRYPTO_F_CRYPTO_NEW_EX_DATA:112:CRYPTO_new_ex_data +CRYPTO_F_CRYPTO_OCB128_COPY_CTX:121:CRYPTO_ocb128_copy_ctx +CRYPTO_F_CRYPTO_OCB128_INIT:122:CRYPTO_ocb128_init +CRYPTO_F_CRYPTO_SET_EX_DATA:102:CRYPTO_set_ex_data +CRYPTO_F_FIPS_MODE_SET:109:FIPS_mode_set +CRYPTO_F_GET_AND_LOCK:113:get_and_lock +CRYPTO_F_OPENSSL_ATEXIT:114:OPENSSL_atexit +CRYPTO_F_OPENSSL_BUF2HEXSTR:117:OPENSSL_buf2hexstr +CRYPTO_F_OPENSSL_FOPEN:119:openssl_fopen +CRYPTO_F_OPENSSL_HEXSTR2BUF:118:OPENSSL_hexstr2buf +CRYPTO_F_OPENSSL_INIT_CRYPTO:116:OPENSSL_init_crypto +CRYPTO_F_OPENSSL_LH_NEW:126:OPENSSL_LH_new +CRYPTO_F_OPENSSL_SK_DEEP_COPY:127:OPENSSL_sk_deep_copy +CRYPTO_F_OPENSSL_SK_DUP:128:OPENSSL_sk_dup +CRYPTO_F_PKEY_HMAC_INIT:123:pkey_hmac_init +CRYPTO_F_PKEY_POLY1305_INIT:124:pkey_poly1305_init +CRYPTO_F_PKEY_SIPHASH_INIT:125:pkey_siphash_init +CRYPTO_F_SK_RESERVE:129:sk_reserve +CT_F_CTLOG_NEW:117:CTLOG_new +CT_F_CTLOG_NEW_FROM_BASE64:118:CTLOG_new_from_base64 +CT_F_CTLOG_NEW_FROM_CONF:119:ctlog_new_from_conf +CT_F_CTLOG_STORE_LOAD_CTX_NEW:122:ctlog_store_load_ctx_new +CT_F_CTLOG_STORE_LOAD_FILE:123:CTLOG_STORE_load_file +CT_F_CTLOG_STORE_LOAD_LOG:130:ctlog_store_load_log +CT_F_CTLOG_STORE_NEW:131:CTLOG_STORE_new +CT_F_CT_BASE64_DECODE:124:ct_base64_decode +CT_F_CT_POLICY_EVAL_CTX_NEW:133:CT_POLICY_EVAL_CTX_new +CT_F_CT_V1_LOG_ID_FROM_PKEY:125:ct_v1_log_id_from_pkey +CT_F_I2O_SCT:107:i2o_SCT +CT_F_I2O_SCT_LIST:108:i2o_SCT_LIST +CT_F_I2O_SCT_SIGNATURE:109:i2o_SCT_signature +CT_F_O2I_SCT:110:o2i_SCT +CT_F_O2I_SCT_LIST:111:o2i_SCT_LIST +CT_F_O2I_SCT_SIGNATURE:112:o2i_SCT_signature +CT_F_SCT_CTX_NEW:126:SCT_CTX_new +CT_F_SCT_CTX_VERIFY:128:SCT_CTX_verify +CT_F_SCT_NEW:100:SCT_new +CT_F_SCT_NEW_FROM_BASE64:127:SCT_new_from_base64 +CT_F_SCT_SET0_LOG_ID:101:SCT_set0_log_id +CT_F_SCT_SET1_EXTENSIONS:114:SCT_set1_extensions +CT_F_SCT_SET1_LOG_ID:115:SCT_set1_log_id +CT_F_SCT_SET1_SIGNATURE:116:SCT_set1_signature +CT_F_SCT_SET_LOG_ENTRY_TYPE:102:SCT_set_log_entry_type +CT_F_SCT_SET_SIGNATURE_NID:103:SCT_set_signature_nid +CT_F_SCT_SET_VERSION:104:SCT_set_version +DH_F_COMPUTE_KEY:102:compute_key +DH_F_DHPARAMS_PRINT_FP:101:DHparams_print_fp +DH_F_DH_BUILTIN_GENPARAMS:106:dh_builtin_genparams +DH_F_DH_CHECK_EX:121:DH_check_ex +DH_F_DH_CHECK_PARAMS_EX:122:DH_check_params_ex +DH_F_DH_CHECK_PUB_KEY_EX:123:DH_check_pub_key_ex +DH_F_DH_CMS_DECRYPT:114:dh_cms_decrypt +DH_F_DH_CMS_SET_PEERKEY:115:dh_cms_set_peerkey +DH_F_DH_CMS_SET_SHARED_INFO:116:dh_cms_set_shared_info +DH_F_DH_METH_DUP:117:DH_meth_dup +DH_F_DH_METH_NEW:118:DH_meth_new +DH_F_DH_METH_SET1_NAME:119:DH_meth_set1_name +DH_F_DH_NEW_BY_NID:104:DH_new_by_nid +DH_F_DH_NEW_METHOD:105:DH_new_method +DH_F_DH_PARAM_DECODE:107:dh_param_decode +DH_F_DH_PKEY_PUBLIC_CHECK:124:dh_pkey_public_check +DH_F_DH_PRIV_DECODE:110:dh_priv_decode +DH_F_DH_PRIV_ENCODE:111:dh_priv_encode +DH_F_DH_PUB_DECODE:108:dh_pub_decode +DH_F_DH_PUB_ENCODE:109:dh_pub_encode +DH_F_DO_DH_PRINT:100:do_dh_print +DH_F_GENERATE_KEY:103:generate_key +DH_F_PKEY_DH_CTRL_STR:120:pkey_dh_ctrl_str +DH_F_PKEY_DH_DERIVE:112:pkey_dh_derive +DH_F_PKEY_DH_INIT:125:pkey_dh_init +DH_F_PKEY_DH_KEYGEN:113:pkey_dh_keygen +DSA_F_DSAPARAMS_PRINT:100:DSAparams_print +DSA_F_DSAPARAMS_PRINT_FP:101:DSAparams_print_fp +DSA_F_DSA_BUILTIN_PARAMGEN:125:dsa_builtin_paramgen +DSA_F_DSA_BUILTIN_PARAMGEN2:126:dsa_builtin_paramgen2 +DSA_F_DSA_DO_SIGN:112:DSA_do_sign +DSA_F_DSA_DO_VERIFY:113:DSA_do_verify +DSA_F_DSA_METH_DUP:127:DSA_meth_dup +DSA_F_DSA_METH_NEW:128:DSA_meth_new +DSA_F_DSA_METH_SET1_NAME:129:DSA_meth_set1_name +DSA_F_DSA_NEW_METHOD:103:DSA_new_method +DSA_F_DSA_PARAM_DECODE:119:dsa_param_decode +DSA_F_DSA_PRINT_FP:105:DSA_print_fp +DSA_F_DSA_PRIV_DECODE:115:dsa_priv_decode +DSA_F_DSA_PRIV_ENCODE:116:dsa_priv_encode +DSA_F_DSA_PUB_DECODE:117:dsa_pub_decode +DSA_F_DSA_PUB_ENCODE:118:dsa_pub_encode +DSA_F_DSA_SIGN:106:DSA_sign +DSA_F_DSA_SIGN_SETUP:107:DSA_sign_setup +DSA_F_DSA_SIG_NEW:102:DSA_SIG_new +DSA_F_OLD_DSA_PRIV_DECODE:122:old_dsa_priv_decode +DSA_F_PKEY_DSA_CTRL:120:pkey_dsa_ctrl +DSA_F_PKEY_DSA_CTRL_STR:104:pkey_dsa_ctrl_str +DSA_F_PKEY_DSA_KEYGEN:121:pkey_dsa_keygen +DSO_F_DLFCN_BIND_FUNC:100:dlfcn_bind_func +DSO_F_DLFCN_LOAD:102:dlfcn_load +DSO_F_DLFCN_MERGER:130:dlfcn_merger +DSO_F_DLFCN_NAME_CONVERTER:123:dlfcn_name_converter +DSO_F_DLFCN_UNLOAD:103:dlfcn_unload +DSO_F_DL_BIND_FUNC:104:dl_bind_func +DSO_F_DL_LOAD:106:dl_load +DSO_F_DL_MERGER:131:dl_merger +DSO_F_DL_NAME_CONVERTER:124:dl_name_converter +DSO_F_DL_UNLOAD:107:dl_unload +DSO_F_DSO_BIND_FUNC:108:DSO_bind_func +DSO_F_DSO_CONVERT_FILENAME:126:DSO_convert_filename +DSO_F_DSO_CTRL:110:DSO_ctrl +DSO_F_DSO_FREE:111:DSO_free +DSO_F_DSO_GET_FILENAME:127:DSO_get_filename +DSO_F_DSO_GLOBAL_LOOKUP:139:DSO_global_lookup +DSO_F_DSO_LOAD:112:DSO_load +DSO_F_DSO_MERGE:132:DSO_merge +DSO_F_DSO_NEW_METHOD:113:DSO_new_method +DSO_F_DSO_PATHBYADDR:105:DSO_pathbyaddr +DSO_F_DSO_SET_FILENAME:129:DSO_set_filename +DSO_F_DSO_UP_REF:114:DSO_up_ref +DSO_F_VMS_BIND_SYM:115:vms_bind_sym +DSO_F_VMS_LOAD:116:vms_load +DSO_F_VMS_MERGER:133:vms_merger +DSO_F_VMS_UNLOAD:117:vms_unload +DSO_F_WIN32_BIND_FUNC:101:win32_bind_func +DSO_F_WIN32_GLOBALLOOKUP:142:win32_globallookup +DSO_F_WIN32_JOINER:135:win32_joiner +DSO_F_WIN32_LOAD:120:win32_load +DSO_F_WIN32_MERGER:134:win32_merger +DSO_F_WIN32_NAME_CONVERTER:125:win32_name_converter +DSO_F_WIN32_PATHBYADDR:109:* +DSO_F_WIN32_SPLITTER:136:win32_splitter +DSO_F_WIN32_UNLOAD:121:win32_unload +EC_F_BN_TO_FELEM:224:BN_to_felem +EC_F_D2I_ECPARAMETERS:144:d2i_ECParameters +EC_F_D2I_ECPKPARAMETERS:145:d2i_ECPKParameters +EC_F_D2I_ECPRIVATEKEY:146:d2i_ECPrivateKey +EC_F_DO_EC_KEY_PRINT:221:do_EC_KEY_print +EC_F_ECDH_CMS_DECRYPT:238:ecdh_cms_decrypt +EC_F_ECDH_CMS_SET_SHARED_INFO:239:ecdh_cms_set_shared_info +EC_F_ECDH_COMPUTE_KEY:246:ECDH_compute_key +EC_F_ECDH_SIMPLE_COMPUTE_KEY:257:ecdh_simple_compute_key +EC_F_ECDSA_DO_SIGN_EX:251:ECDSA_do_sign_ex +EC_F_ECDSA_DO_VERIFY:252:ECDSA_do_verify +EC_F_ECDSA_SIGN_EX:254:ECDSA_sign_ex +EC_F_ECDSA_SIGN_SETUP:248:ECDSA_sign_setup +EC_F_ECDSA_SIG_NEW:265:ECDSA_SIG_new +EC_F_ECDSA_VERIFY:253:ECDSA_verify +EC_F_ECD_ITEM_VERIFY:270:ecd_item_verify +EC_F_ECKEY_PARAM2TYPE:223:eckey_param2type +EC_F_ECKEY_PARAM_DECODE:212:eckey_param_decode +EC_F_ECKEY_PRIV_DECODE:213:eckey_priv_decode +EC_F_ECKEY_PRIV_ENCODE:214:eckey_priv_encode +EC_F_ECKEY_PUB_DECODE:215:eckey_pub_decode +EC_F_ECKEY_PUB_ENCODE:216:eckey_pub_encode +EC_F_ECKEY_TYPE2PARAM:220:eckey_type2param +EC_F_ECPARAMETERS_PRINT:147:ECParameters_print +EC_F_ECPARAMETERS_PRINT_FP:148:ECParameters_print_fp +EC_F_ECPKPARAMETERS_PRINT:149:ECPKParameters_print +EC_F_ECPKPARAMETERS_PRINT_FP:150:ECPKParameters_print_fp +EC_F_ECP_NISTZ256_GET_AFFINE:240:ecp_nistz256_get_affine +EC_F_ECP_NISTZ256_INV_MOD_ORD:275:ecp_nistz256_inv_mod_ord +EC_F_ECP_NISTZ256_MULT_PRECOMPUTE:243:ecp_nistz256_mult_precompute +EC_F_ECP_NISTZ256_POINTS_MUL:241:ecp_nistz256_points_mul +EC_F_ECP_NISTZ256_PRE_COMP_NEW:244:ecp_nistz256_pre_comp_new +EC_F_ECP_NISTZ256_WINDOWED_MUL:242:ecp_nistz256_windowed_mul +EC_F_ECX_KEY_OP:266:ecx_key_op +EC_F_ECX_PRIV_ENCODE:267:ecx_priv_encode +EC_F_ECX_PUB_ENCODE:268:ecx_pub_encode +EC_F_EC_ASN1_GROUP2CURVE:153:ec_asn1_group2curve +EC_F_EC_ASN1_GROUP2FIELDID:154:ec_asn1_group2fieldid +EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY:208:ec_GF2m_montgomery_point_multiply +EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT:159:\ + ec_GF2m_simple_group_check_discriminant +EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE:195:ec_GF2m_simple_group_set_curve +EC_F_EC_GF2M_SIMPLE_LADDER_POST:285:ec_GF2m_simple_ladder_post +EC_F_EC_GF2M_SIMPLE_LADDER_PRE:288:ec_GF2m_simple_ladder_pre +EC_F_EC_GF2M_SIMPLE_OCT2POINT:160:ec_GF2m_simple_oct2point +EC_F_EC_GF2M_SIMPLE_POINT2OCT:161:ec_GF2m_simple_point2oct +EC_F_EC_GF2M_SIMPLE_POINTS_MUL:289:ec_GF2m_simple_points_mul +EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES:162:\ + ec_GF2m_simple_point_get_affine_coordinates +EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES:163:\ + ec_GF2m_simple_point_set_affine_coordinates +EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES:164:\ + ec_GF2m_simple_set_compressed_coordinates +EC_F_EC_GFP_MONT_FIELD_DECODE:133:ec_GFp_mont_field_decode +EC_F_EC_GFP_MONT_FIELD_ENCODE:134:ec_GFp_mont_field_encode +EC_F_EC_GFP_MONT_FIELD_MUL:131:ec_GFp_mont_field_mul +EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE:209:ec_GFp_mont_field_set_to_one +EC_F_EC_GFP_MONT_FIELD_SQR:132:ec_GFp_mont_field_sqr +EC_F_EC_GFP_MONT_GROUP_SET_CURVE:189:ec_GFp_mont_group_set_curve +EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE:225:ec_GFp_nistp224_group_set_curve +EC_F_EC_GFP_NISTP224_POINTS_MUL:228:ec_GFp_nistp224_points_mul +EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES:226:\ + ec_GFp_nistp224_point_get_affine_coordinates +EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE:230:ec_GFp_nistp256_group_set_curve +EC_F_EC_GFP_NISTP256_POINTS_MUL:231:ec_GFp_nistp256_points_mul +EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES:232:\ + ec_GFp_nistp256_point_get_affine_coordinates +EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE:233:ec_GFp_nistp521_group_set_curve +EC_F_EC_GFP_NISTP521_POINTS_MUL:234:ec_GFp_nistp521_points_mul +EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES:235:\ + ec_GFp_nistp521_point_get_affine_coordinates +EC_F_EC_GFP_NIST_FIELD_MUL:200:ec_GFp_nist_field_mul +EC_F_EC_GFP_NIST_FIELD_SQR:201:ec_GFp_nist_field_sqr +EC_F_EC_GFP_NIST_GROUP_SET_CURVE:202:ec_GFp_nist_group_set_curve +EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES:287:ec_GFp_simple_blind_coordinates +EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT:165:\ + ec_GFp_simple_group_check_discriminant +EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE:166:ec_GFp_simple_group_set_curve +EC_F_EC_GFP_SIMPLE_MAKE_AFFINE:102:ec_GFp_simple_make_affine +EC_F_EC_GFP_SIMPLE_OCT2POINT:103:ec_GFp_simple_oct2point +EC_F_EC_GFP_SIMPLE_POINT2OCT:104:ec_GFp_simple_point2oct +EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE:137:ec_GFp_simple_points_make_affine +EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES:167:\ + ec_GFp_simple_point_get_affine_coordinates +EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES:168:\ + ec_GFp_simple_point_set_affine_coordinates +EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES:169:\ + ec_GFp_simple_set_compressed_coordinates +EC_F_EC_GROUP_CHECK:170:EC_GROUP_check +EC_F_EC_GROUP_CHECK_DISCRIMINANT:171:EC_GROUP_check_discriminant +EC_F_EC_GROUP_COPY:106:EC_GROUP_copy +EC_F_EC_GROUP_GET_CURVE:291:EC_GROUP_get_curve +EC_F_EC_GROUP_GET_CURVE_GF2M:172:EC_GROUP_get_curve_GF2m +EC_F_EC_GROUP_GET_CURVE_GFP:130:EC_GROUP_get_curve_GFp +EC_F_EC_GROUP_GET_DEGREE:173:EC_GROUP_get_degree +EC_F_EC_GROUP_GET_ECPARAMETERS:261:EC_GROUP_get_ecparameters +EC_F_EC_GROUP_GET_ECPKPARAMETERS:262:EC_GROUP_get_ecpkparameters +EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS:193:EC_GROUP_get_pentanomial_basis +EC_F_EC_GROUP_GET_TRINOMIAL_BASIS:194:EC_GROUP_get_trinomial_basis +EC_F_EC_GROUP_NEW:108:EC_GROUP_new +EC_F_EC_GROUP_NEW_BY_CURVE_NAME:174:EC_GROUP_new_by_curve_name +EC_F_EC_GROUP_NEW_FROM_DATA:175:ec_group_new_from_data +EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS:263:EC_GROUP_new_from_ecparameters +EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS:264:EC_GROUP_new_from_ecpkparameters +EC_F_EC_GROUP_SET_CURVE:292:EC_GROUP_set_curve +EC_F_EC_GROUP_SET_CURVE_GF2M:176:EC_GROUP_set_curve_GF2m +EC_F_EC_GROUP_SET_CURVE_GFP:109:EC_GROUP_set_curve_GFp +EC_F_EC_GROUP_SET_GENERATOR:111:EC_GROUP_set_generator +EC_F_EC_GROUP_SET_SEED:286:EC_GROUP_set_seed +EC_F_EC_KEY_CHECK_KEY:177:EC_KEY_check_key +EC_F_EC_KEY_COPY:178:EC_KEY_copy +EC_F_EC_KEY_GENERATE_KEY:179:EC_KEY_generate_key +EC_F_EC_KEY_NEW:182:EC_KEY_new +EC_F_EC_KEY_NEW_METHOD:245:EC_KEY_new_method +EC_F_EC_KEY_OCT2PRIV:255:EC_KEY_oct2priv +EC_F_EC_KEY_PRINT:180:EC_KEY_print +EC_F_EC_KEY_PRINT_FP:181:EC_KEY_print_fp +EC_F_EC_KEY_PRIV2BUF:279:EC_KEY_priv2buf +EC_F_EC_KEY_PRIV2OCT:256:EC_KEY_priv2oct +EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES:229:\ + EC_KEY_set_public_key_affine_coordinates +EC_F_EC_KEY_SIMPLE_CHECK_KEY:258:ec_key_simple_check_key +EC_F_EC_KEY_SIMPLE_OCT2PRIV:259:ec_key_simple_oct2priv +EC_F_EC_KEY_SIMPLE_PRIV2OCT:260:ec_key_simple_priv2oct +EC_F_EC_PKEY_CHECK:273:ec_pkey_check +EC_F_EC_PKEY_PARAM_CHECK:274:ec_pkey_param_check +EC_F_EC_POINTS_MAKE_AFFINE:136:EC_POINTs_make_affine +EC_F_EC_POINTS_MUL:290:EC_POINTs_mul +EC_F_EC_POINT_ADD:112:EC_POINT_add +EC_F_EC_POINT_BN2POINT:280:EC_POINT_bn2point +EC_F_EC_POINT_CMP:113:EC_POINT_cmp +EC_F_EC_POINT_COPY:114:EC_POINT_copy +EC_F_EC_POINT_DBL:115:EC_POINT_dbl +EC_F_EC_POINT_GET_AFFINE_COORDINATES:293:EC_POINT_get_affine_coordinates +EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M:183:\ + EC_POINT_get_affine_coordinates_GF2m +EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP:116:EC_POINT_get_affine_coordinates_GFp +EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP:117:\ + EC_POINT_get_Jprojective_coordinates_GFp +EC_F_EC_POINT_INVERT:210:EC_POINT_invert +EC_F_EC_POINT_IS_AT_INFINITY:118:EC_POINT_is_at_infinity +EC_F_EC_POINT_IS_ON_CURVE:119:EC_POINT_is_on_curve +EC_F_EC_POINT_MAKE_AFFINE:120:EC_POINT_make_affine +EC_F_EC_POINT_NEW:121:EC_POINT_new +EC_F_EC_POINT_OCT2POINT:122:EC_POINT_oct2point +EC_F_EC_POINT_POINT2BUF:281:EC_POINT_point2buf +EC_F_EC_POINT_POINT2OCT:123:EC_POINT_point2oct +EC_F_EC_POINT_SET_AFFINE_COORDINATES:294:EC_POINT_set_affine_coordinates +EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M:185:\ + EC_POINT_set_affine_coordinates_GF2m +EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP:124:EC_POINT_set_affine_coordinates_GFp +EC_F_EC_POINT_SET_COMPRESSED_COORDINATES:295:EC_POINT_set_compressed_coordinates +EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M:186:\ + EC_POINT_set_compressed_coordinates_GF2m +EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP:125:\ + EC_POINT_set_compressed_coordinates_GFp +EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP:126:\ + EC_POINT_set_Jprojective_coordinates_GFp +EC_F_EC_POINT_SET_TO_INFINITY:127:EC_POINT_set_to_infinity +EC_F_EC_PRE_COMP_NEW:196:ec_pre_comp_new +EC_F_EC_SCALAR_MUL_LADDER:284:ec_scalar_mul_ladder +EC_F_EC_WNAF_MUL:187:ec_wNAF_mul +EC_F_EC_WNAF_PRECOMPUTE_MULT:188:ec_wNAF_precompute_mult +EC_F_I2D_ECPARAMETERS:190:i2d_ECParameters +EC_F_I2D_ECPKPARAMETERS:191:i2d_ECPKParameters +EC_F_I2D_ECPRIVATEKEY:192:i2d_ECPrivateKey +EC_F_I2O_ECPUBLICKEY:151:i2o_ECPublicKey +EC_F_NISTP224_PRE_COMP_NEW:227:nistp224_pre_comp_new +EC_F_NISTP256_PRE_COMP_NEW:236:nistp256_pre_comp_new +EC_F_NISTP521_PRE_COMP_NEW:237:nistp521_pre_comp_new +EC_F_O2I_ECPUBLICKEY:152:o2i_ECPublicKey +EC_F_OLD_EC_PRIV_DECODE:222:old_ec_priv_decode +EC_F_OSSL_ECDH_COMPUTE_KEY:247:ossl_ecdh_compute_key +EC_F_OSSL_ECDSA_SIGN_SIG:249:ossl_ecdsa_sign_sig +EC_F_OSSL_ECDSA_VERIFY_SIG:250:ossl_ecdsa_verify_sig +EC_F_PKEY_ECD_CTRL:271:pkey_ecd_ctrl +EC_F_PKEY_ECD_DIGESTSIGN:272:pkey_ecd_digestsign +EC_F_PKEY_ECD_DIGESTSIGN25519:276:pkey_ecd_digestsign25519 +EC_F_PKEY_ECD_DIGESTSIGN448:277:pkey_ecd_digestsign448 +EC_F_PKEY_ECX_DERIVE:269:pkey_ecx_derive +EC_F_PKEY_EC_CTRL:197:pkey_ec_ctrl +EC_F_PKEY_EC_CTRL_STR:198:pkey_ec_ctrl_str +EC_F_PKEY_EC_DERIVE:217:pkey_ec_derive +EC_F_PKEY_EC_INIT:282:pkey_ec_init +EC_F_PKEY_EC_KDF_DERIVE:283:pkey_ec_kdf_derive +EC_F_PKEY_EC_KEYGEN:199:pkey_ec_keygen +EC_F_PKEY_EC_PARAMGEN:219:pkey_ec_paramgen +EC_F_PKEY_EC_SIGN:218:pkey_ec_sign +EC_F_VALIDATE_ECX_DERIVE:278:validate_ecx_derive +ENGINE_F_DIGEST_UPDATE:198:digest_update +ENGINE_F_DYNAMIC_CTRL:180:dynamic_ctrl +ENGINE_F_DYNAMIC_GET_DATA_CTX:181:dynamic_get_data_ctx +ENGINE_F_DYNAMIC_LOAD:182:dynamic_load +ENGINE_F_DYNAMIC_SET_DATA_CTX:183:dynamic_set_data_ctx +ENGINE_F_ENGINE_ADD:105:ENGINE_add +ENGINE_F_ENGINE_BY_ID:106:ENGINE_by_id +ENGINE_F_ENGINE_CMD_IS_EXECUTABLE:170:ENGINE_cmd_is_executable +ENGINE_F_ENGINE_CTRL:142:ENGINE_ctrl +ENGINE_F_ENGINE_CTRL_CMD:178:ENGINE_ctrl_cmd +ENGINE_F_ENGINE_CTRL_CMD_STRING:171:ENGINE_ctrl_cmd_string +ENGINE_F_ENGINE_FINISH:107:ENGINE_finish +ENGINE_F_ENGINE_GET_CIPHER:185:ENGINE_get_cipher +ENGINE_F_ENGINE_GET_DIGEST:186:ENGINE_get_digest +ENGINE_F_ENGINE_GET_FIRST:195:ENGINE_get_first +ENGINE_F_ENGINE_GET_LAST:196:ENGINE_get_last +ENGINE_F_ENGINE_GET_NEXT:115:ENGINE_get_next +ENGINE_F_ENGINE_GET_PKEY_ASN1_METH:193:ENGINE_get_pkey_asn1_meth +ENGINE_F_ENGINE_GET_PKEY_METH:192:ENGINE_get_pkey_meth +ENGINE_F_ENGINE_GET_PREV:116:ENGINE_get_prev +ENGINE_F_ENGINE_INIT:119:ENGINE_init +ENGINE_F_ENGINE_LIST_ADD:120:engine_list_add +ENGINE_F_ENGINE_LIST_REMOVE:121:engine_list_remove +ENGINE_F_ENGINE_LOAD_PRIVATE_KEY:150:ENGINE_load_private_key +ENGINE_F_ENGINE_LOAD_PUBLIC_KEY:151:ENGINE_load_public_key +ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT:194:ENGINE_load_ssl_client_cert +ENGINE_F_ENGINE_NEW:122:ENGINE_new +ENGINE_F_ENGINE_PKEY_ASN1_FIND_STR:197:ENGINE_pkey_asn1_find_str +ENGINE_F_ENGINE_REMOVE:123:ENGINE_remove +ENGINE_F_ENGINE_SET_DEFAULT_STRING:189:ENGINE_set_default_string +ENGINE_F_ENGINE_SET_ID:129:ENGINE_set_id +ENGINE_F_ENGINE_SET_NAME:130:ENGINE_set_name +ENGINE_F_ENGINE_TABLE_REGISTER:184:engine_table_register +ENGINE_F_ENGINE_UNLOCKED_FINISH:191:engine_unlocked_finish +ENGINE_F_ENGINE_UP_REF:190:ENGINE_up_ref +ENGINE_F_INT_CLEANUP_ITEM:199:int_cleanup_item +ENGINE_F_INT_CTRL_HELPER:172:int_ctrl_helper +ENGINE_F_INT_ENGINE_CONFIGURE:188:int_engine_configure +ENGINE_F_INT_ENGINE_MODULE_INIT:187:int_engine_module_init +ENGINE_F_OSSL_HMAC_INIT:200:ossl_hmac_init +EVP_F_AESNI_INIT_KEY:165:aesni_init_key +EVP_F_AES_GCM_CTRL:196:aes_gcm_ctrl +EVP_F_AES_INIT_KEY:133:aes_init_key +EVP_F_AES_OCB_CIPHER:169:aes_ocb_cipher +EVP_F_AES_T4_INIT_KEY:178:aes_t4_init_key +EVP_F_AES_WRAP_CIPHER:170:aes_wrap_cipher +EVP_F_ALG_MODULE_INIT:177:alg_module_init +EVP_F_ARIA_CCM_INIT_KEY:175:aria_ccm_init_key +EVP_F_ARIA_GCM_CTRL:197:aria_gcm_ctrl +EVP_F_ARIA_GCM_INIT_KEY:176:aria_gcm_init_key +EVP_F_ARIA_INIT_KEY:185:aria_init_key +EVP_F_B64_NEW:198:b64_new +EVP_F_CAMELLIA_INIT_KEY:159:camellia_init_key +EVP_F_CHACHA20_POLY1305_CTRL:182:chacha20_poly1305_ctrl +EVP_F_CMLL_T4_INIT_KEY:179:cmll_t4_init_key +EVP_F_DES_EDE3_WRAP_CIPHER:171:des_ede3_wrap_cipher +EVP_F_DO_SIGVER_INIT:161:do_sigver_init +EVP_F_ENC_NEW:199:enc_new +EVP_F_EVP_CIPHERINIT_EX:123:EVP_CipherInit_ex +EVP_F_EVP_CIPHER_ASN1_TO_PARAM:204:EVP_CIPHER_asn1_to_param +EVP_F_EVP_CIPHER_CTX_COPY:163:EVP_CIPHER_CTX_copy +EVP_F_EVP_CIPHER_CTX_CTRL:124:EVP_CIPHER_CTX_ctrl +EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH:122:EVP_CIPHER_CTX_set_key_length +EVP_F_EVP_CIPHER_PARAM_TO_ASN1:205:EVP_CIPHER_param_to_asn1 +EVP_F_EVP_DECRYPTFINAL_EX:101:EVP_DecryptFinal_ex +EVP_F_EVP_DECRYPTUPDATE:166:EVP_DecryptUpdate +EVP_F_EVP_DIGESTFINALXOF:174:EVP_DigestFinalXOF +EVP_F_EVP_DIGESTINIT_EX:128:EVP_DigestInit_ex +EVP_F_EVP_ENCRYPTFINAL_EX:127:EVP_EncryptFinal_ex +EVP_F_EVP_ENCRYPTUPDATE:167:EVP_EncryptUpdate +EVP_F_EVP_MD_CTX_COPY_EX:110:EVP_MD_CTX_copy_ex +EVP_F_EVP_MD_SIZE:162:EVP_MD_size +EVP_F_EVP_OPENINIT:102:EVP_OpenInit +EVP_F_EVP_PBE_ALG_ADD:115:EVP_PBE_alg_add +EVP_F_EVP_PBE_ALG_ADD_TYPE:160:EVP_PBE_alg_add_type +EVP_F_EVP_PBE_CIPHERINIT:116:EVP_PBE_CipherInit +EVP_F_EVP_PBE_SCRYPT:181:EVP_PBE_scrypt +EVP_F_EVP_PKCS82PKEY:111:EVP_PKCS82PKEY +EVP_F_EVP_PKEY2PKCS8:113:EVP_PKEY2PKCS8 +EVP_F_EVP_PKEY_ASN1_ADD0:188:EVP_PKEY_asn1_add0 +EVP_F_EVP_PKEY_CHECK:186:EVP_PKEY_check +EVP_F_EVP_PKEY_COPY_PARAMETERS:103:EVP_PKEY_copy_parameters +EVP_F_EVP_PKEY_CTX_CTRL:137:EVP_PKEY_CTX_ctrl +EVP_F_EVP_PKEY_CTX_CTRL_STR:150:EVP_PKEY_CTX_ctrl_str +EVP_F_EVP_PKEY_CTX_DUP:156:EVP_PKEY_CTX_dup +EVP_F_EVP_PKEY_CTX_MD:168:EVP_PKEY_CTX_md +EVP_F_EVP_PKEY_DECRYPT:104:EVP_PKEY_decrypt +EVP_F_EVP_PKEY_DECRYPT_INIT:138:EVP_PKEY_decrypt_init +EVP_F_EVP_PKEY_DECRYPT_OLD:151:EVP_PKEY_decrypt_old +EVP_F_EVP_PKEY_DERIVE:153:EVP_PKEY_derive +EVP_F_EVP_PKEY_DERIVE_INIT:154:EVP_PKEY_derive_init +EVP_F_EVP_PKEY_DERIVE_SET_PEER:155:EVP_PKEY_derive_set_peer +EVP_F_EVP_PKEY_ENCRYPT:105:EVP_PKEY_encrypt +EVP_F_EVP_PKEY_ENCRYPT_INIT:139:EVP_PKEY_encrypt_init +EVP_F_EVP_PKEY_ENCRYPT_OLD:152:EVP_PKEY_encrypt_old +EVP_F_EVP_PKEY_GET0_DH:119:EVP_PKEY_get0_DH +EVP_F_EVP_PKEY_GET0_DSA:120:EVP_PKEY_get0_DSA +EVP_F_EVP_PKEY_GET0_EC_KEY:131:EVP_PKEY_get0_EC_KEY +EVP_F_EVP_PKEY_GET0_HMAC:183:EVP_PKEY_get0_hmac +EVP_F_EVP_PKEY_GET0_POLY1305:184:EVP_PKEY_get0_poly1305 +EVP_F_EVP_PKEY_GET0_RSA:121:EVP_PKEY_get0_RSA +EVP_F_EVP_PKEY_GET0_SIPHASH:172:EVP_PKEY_get0_siphash +EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY:202:EVP_PKEY_get_raw_private_key +EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY:203:EVP_PKEY_get_raw_public_key +EVP_F_EVP_PKEY_KEYGEN:146:EVP_PKEY_keygen +EVP_F_EVP_PKEY_KEYGEN_INIT:147:EVP_PKEY_keygen_init +EVP_F_EVP_PKEY_METH_ADD0:194:EVP_PKEY_meth_add0 +EVP_F_EVP_PKEY_METH_NEW:195:EVP_PKEY_meth_new +EVP_F_EVP_PKEY_NEW:106:EVP_PKEY_new +EVP_F_EVP_PKEY_NEW_CMAC_KEY:193:EVP_PKEY_new_CMAC_key +EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY:191:EVP_PKEY_new_raw_private_key +EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY:192:EVP_PKEY_new_raw_public_key +EVP_F_EVP_PKEY_PARAMGEN:148:EVP_PKEY_paramgen +EVP_F_EVP_PKEY_PARAMGEN_INIT:149:EVP_PKEY_paramgen_init +EVP_F_EVP_PKEY_PARAM_CHECK:189:EVP_PKEY_param_check +EVP_F_EVP_PKEY_PUBLIC_CHECK:190:EVP_PKEY_public_check +EVP_F_EVP_PKEY_SET1_ENGINE:187:EVP_PKEY_set1_engine +EVP_F_EVP_PKEY_SET_ALIAS_TYPE:206:EVP_PKEY_set_alias_type +EVP_F_EVP_PKEY_SIGN:140:EVP_PKEY_sign +EVP_F_EVP_PKEY_SIGN_INIT:141:EVP_PKEY_sign_init +EVP_F_EVP_PKEY_VERIFY:142:EVP_PKEY_verify +EVP_F_EVP_PKEY_VERIFY_INIT:143:EVP_PKEY_verify_init +EVP_F_EVP_PKEY_VERIFY_RECOVER:144:EVP_PKEY_verify_recover +EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT:145:EVP_PKEY_verify_recover_init +EVP_F_EVP_SIGNFINAL:107:EVP_SignFinal +EVP_F_EVP_VERIFYFINAL:108:EVP_VerifyFinal +EVP_F_INT_CTX_NEW:157:int_ctx_new +EVP_F_OK_NEW:200:ok_new +EVP_F_PKCS5_PBE_KEYIVGEN:117:PKCS5_PBE_keyivgen +EVP_F_PKCS5_V2_PBE_KEYIVGEN:118:PKCS5_v2_PBE_keyivgen +EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN:164:PKCS5_v2_PBKDF2_keyivgen +EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN:180:PKCS5_v2_scrypt_keyivgen +EVP_F_PKEY_SET_TYPE:158:pkey_set_type +EVP_F_RC2_MAGIC_TO_METH:109:rc2_magic_to_meth +EVP_F_RC5_CTRL:125:rc5_ctrl +EVP_F_S390X_AES_GCM_CTRL:201:s390x_aes_gcm_ctrl +EVP_F_UPDATE:173:update +KDF_F_PKEY_HKDF_CTRL_STR:103:pkey_hkdf_ctrl_str +KDF_F_PKEY_HKDF_DERIVE:102:pkey_hkdf_derive +KDF_F_PKEY_HKDF_INIT:108:pkey_hkdf_init +KDF_F_PKEY_SCRYPT_CTRL_STR:104:pkey_scrypt_ctrl_str +KDF_F_PKEY_SCRYPT_CTRL_UINT64:105:pkey_scrypt_ctrl_uint64 +KDF_F_PKEY_SCRYPT_DERIVE:109:pkey_scrypt_derive +KDF_F_PKEY_SCRYPT_INIT:106:pkey_scrypt_init +KDF_F_PKEY_SCRYPT_SET_MEMBUF:107:pkey_scrypt_set_membuf +KDF_F_PKEY_TLS1_PRF_CTRL_STR:100:pkey_tls1_prf_ctrl_str +KDF_F_PKEY_TLS1_PRF_DERIVE:101:pkey_tls1_prf_derive +KDF_F_PKEY_TLS1_PRF_INIT:110:pkey_tls1_prf_init +KDF_F_TLS1_PRF_ALG:111:tls1_prf_alg +OBJ_F_OBJ_ADD_OBJECT:105:OBJ_add_object +OBJ_F_OBJ_ADD_SIGID:107:OBJ_add_sigid +OBJ_F_OBJ_CREATE:100:OBJ_create +OBJ_F_OBJ_DUP:101:OBJ_dup +OBJ_F_OBJ_NAME_NEW_INDEX:106:OBJ_NAME_new_index +OBJ_F_OBJ_NID2LN:102:OBJ_nid2ln +OBJ_F_OBJ_NID2OBJ:103:OBJ_nid2obj +OBJ_F_OBJ_NID2SN:104:OBJ_nid2sn +OBJ_F_OBJ_TXT2OBJ:108:OBJ_txt2obj +OCSP_F_D2I_OCSP_NONCE:102:d2i_ocsp_nonce +OCSP_F_OCSP_BASIC_ADD1_STATUS:103:OCSP_basic_add1_status +OCSP_F_OCSP_BASIC_SIGN:104:OCSP_basic_sign +OCSP_F_OCSP_BASIC_SIGN_CTX:119:OCSP_basic_sign_ctx +OCSP_F_OCSP_BASIC_VERIFY:105:OCSP_basic_verify +OCSP_F_OCSP_CERT_ID_NEW:101:OCSP_cert_id_new +OCSP_F_OCSP_CHECK_DELEGATED:106:ocsp_check_delegated +OCSP_F_OCSP_CHECK_IDS:107:ocsp_check_ids +OCSP_F_OCSP_CHECK_ISSUER:108:ocsp_check_issuer +OCSP_F_OCSP_CHECK_VALIDITY:115:OCSP_check_validity +OCSP_F_OCSP_MATCH_ISSUERID:109:ocsp_match_issuerid +OCSP_F_OCSP_PARSE_URL:114:OCSP_parse_url +OCSP_F_OCSP_REQUEST_SIGN:110:OCSP_request_sign +OCSP_F_OCSP_REQUEST_VERIFY:116:OCSP_request_verify +OCSP_F_OCSP_RESPONSE_GET1_BASIC:111:OCSP_response_get1_basic +OCSP_F_PARSE_HTTP_LINE1:118:parse_http_line1 +OSSL_STORE_F_FILE_CTRL:129:file_ctrl +OSSL_STORE_F_FILE_FIND:138:file_find +OSSL_STORE_F_FILE_GET_PASS:118:file_get_pass +OSSL_STORE_F_FILE_LOAD:119:file_load +OSSL_STORE_F_FILE_LOAD_TRY_DECODE:124:file_load_try_decode +OSSL_STORE_F_FILE_NAME_TO_URI:126:file_name_to_uri +OSSL_STORE_F_FILE_OPEN:120:file_open +OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO:127:ossl_store_attach_pem_bio +OSSL_STORE_F_OSSL_STORE_EXPECT:130:OSSL_STORE_expect +OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT:128:\ + ossl_store_file_attach_pem_bio_int +OSSL_STORE_F_OSSL_STORE_FIND:131:OSSL_STORE_find +OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT:100:ossl_store_get0_loader_int +OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT:101:OSSL_STORE_INFO_get1_CERT +OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL:102:OSSL_STORE_INFO_get1_CRL +OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME:103:OSSL_STORE_INFO_get1_NAME +OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION:135:\ + OSSL_STORE_INFO_get1_NAME_description +OSSL_STORE_F_OSSL_STORE_INFO_GET1_PARAMS:104:OSSL_STORE_INFO_get1_PARAMS +OSSL_STORE_F_OSSL_STORE_INFO_GET1_PKEY:105:OSSL_STORE_INFO_get1_PKEY +OSSL_STORE_F_OSSL_STORE_INFO_NEW_CERT:106:OSSL_STORE_INFO_new_CERT +OSSL_STORE_F_OSSL_STORE_INFO_NEW_CRL:107:OSSL_STORE_INFO_new_CRL +OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED:123:ossl_store_info_new_EMBEDDED +OSSL_STORE_F_OSSL_STORE_INFO_NEW_NAME:109:OSSL_STORE_INFO_new_NAME +OSSL_STORE_F_OSSL_STORE_INFO_NEW_PARAMS:110:OSSL_STORE_INFO_new_PARAMS +OSSL_STORE_F_OSSL_STORE_INFO_NEW_PKEY:111:OSSL_STORE_INFO_new_PKEY +OSSL_STORE_F_OSSL_STORE_INFO_SET0_NAME_DESCRIPTION:134:\ + OSSL_STORE_INFO_set0_NAME_description +OSSL_STORE_F_OSSL_STORE_INIT_ONCE:112:ossl_store_init_once +OSSL_STORE_F_OSSL_STORE_LOADER_NEW:113:OSSL_STORE_LOADER_new +OSSL_STORE_F_OSSL_STORE_OPEN:114:OSSL_STORE_open +OSSL_STORE_F_OSSL_STORE_OPEN_INT:115:* +OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT:117:ossl_store_register_loader_int +OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ALIAS:132:OSSL_STORE_SEARCH_by_alias +OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ISSUER_SERIAL:133:\ + OSSL_STORE_SEARCH_by_issuer_serial +OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT:136:\ + OSSL_STORE_SEARCH_by_key_fingerprint +OSSL_STORE_F_OSSL_STORE_SEARCH_BY_NAME:137:OSSL_STORE_SEARCH_by_name +OSSL_STORE_F_OSSL_STORE_UNREGISTER_LOADER_INT:116:\ + ossl_store_unregister_loader_int +OSSL_STORE_F_TRY_DECODE_PARAMS:121:try_decode_params +OSSL_STORE_F_TRY_DECODE_PKCS12:122:try_decode_PKCS12 +OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED:125:try_decode_PKCS8Encrypted +PEM_F_B2I_DSS:127:b2i_dss +PEM_F_B2I_PVK_BIO:128:b2i_PVK_bio +PEM_F_B2I_RSA:129:b2i_rsa +PEM_F_CHECK_BITLEN_DSA:130:check_bitlen_dsa +PEM_F_CHECK_BITLEN_RSA:131:check_bitlen_rsa +PEM_F_D2I_PKCS8PRIVATEKEY_BIO:120:d2i_PKCS8PrivateKey_bio +PEM_F_D2I_PKCS8PRIVATEKEY_FP:121:d2i_PKCS8PrivateKey_fp +PEM_F_DO_B2I:132:do_b2i +PEM_F_DO_B2I_BIO:133:do_b2i_bio +PEM_F_DO_BLOB_HEADER:134:do_blob_header +PEM_F_DO_I2B:146:do_i2b +PEM_F_DO_PK8PKEY:126:do_pk8pkey +PEM_F_DO_PK8PKEY_FP:125:do_pk8pkey_fp +PEM_F_DO_PVK_BODY:135:do_PVK_body +PEM_F_DO_PVK_HEADER:136:do_PVK_header +PEM_F_GET_HEADER_AND_DATA:143:get_header_and_data +PEM_F_GET_NAME:144:get_name +PEM_F_I2B_PVK:137:i2b_PVK +PEM_F_I2B_PVK_BIO:138:i2b_PVK_bio +PEM_F_LOAD_IV:101:load_iv +PEM_F_PEM_ASN1_READ:102:PEM_ASN1_read +PEM_F_PEM_ASN1_READ_BIO:103:PEM_ASN1_read_bio +PEM_F_PEM_ASN1_WRITE:104:PEM_ASN1_write +PEM_F_PEM_ASN1_WRITE_BIO:105:PEM_ASN1_write_bio +PEM_F_PEM_DEF_CALLBACK:100:PEM_def_callback +PEM_F_PEM_DO_HEADER:106:PEM_do_header +PEM_F_PEM_GET_EVP_CIPHER_INFO:107:PEM_get_EVP_CIPHER_INFO +PEM_F_PEM_READ:108:PEM_read +PEM_F_PEM_READ_BIO:109:PEM_read_bio +PEM_F_PEM_READ_BIO_DHPARAMS:141:PEM_read_bio_DHparams +PEM_F_PEM_READ_BIO_EX:145:PEM_read_bio_ex +PEM_F_PEM_READ_BIO_PARAMETERS:140:PEM_read_bio_Parameters +PEM_F_PEM_READ_BIO_PRIVATEKEY:123:PEM_read_bio_PrivateKey +PEM_F_PEM_READ_DHPARAMS:142:PEM_read_DHparams +PEM_F_PEM_READ_PRIVATEKEY:124:PEM_read_PrivateKey +PEM_F_PEM_SIGNFINAL:112:PEM_SignFinal +PEM_F_PEM_WRITE:113:PEM_write +PEM_F_PEM_WRITE_BIO:114:PEM_write_bio +PEM_F_PEM_WRITE_PRIVATEKEY:139:PEM_write_PrivateKey +PEM_F_PEM_X509_INFO_READ:115:PEM_X509_INFO_read +PEM_F_PEM_X509_INFO_READ_BIO:116:PEM_X509_INFO_read_bio +PEM_F_PEM_X509_INFO_WRITE_BIO:117:PEM_X509_INFO_write_bio +PKCS12_F_OPENSSL_ASC2UNI:121:OPENSSL_asc2uni +PKCS12_F_OPENSSL_UNI2ASC:124:OPENSSL_uni2asc +PKCS12_F_OPENSSL_UNI2UTF8:127:OPENSSL_uni2utf8 +PKCS12_F_OPENSSL_UTF82UNI:129:OPENSSL_utf82uni +PKCS12_F_PKCS12_CREATE:105:PKCS12_create +PKCS12_F_PKCS12_GEN_MAC:107:PKCS12_gen_mac +PKCS12_F_PKCS12_INIT:109:PKCS12_init +PKCS12_F_PKCS12_ITEM_DECRYPT_D2I:106:PKCS12_item_decrypt_d2i +PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT:108:PKCS12_item_i2d_encrypt +PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG:117:PKCS12_item_pack_safebag +PKCS12_F_PKCS12_KEY_GEN_ASC:110:PKCS12_key_gen_asc +PKCS12_F_PKCS12_KEY_GEN_UNI:111:PKCS12_key_gen_uni +PKCS12_F_PKCS12_KEY_GEN_UTF8:116:PKCS12_key_gen_utf8 +PKCS12_F_PKCS12_NEWPASS:128:PKCS12_newpass +PKCS12_F_PKCS12_PACK_P7DATA:114:PKCS12_pack_p7data +PKCS12_F_PKCS12_PACK_P7ENCDATA:115:PKCS12_pack_p7encdata +PKCS12_F_PKCS12_PARSE:118:PKCS12_parse +PKCS12_F_PKCS12_PBE_CRYPT:119:PKCS12_pbe_crypt +PKCS12_F_PKCS12_PBE_KEYIVGEN:120:PKCS12_PBE_keyivgen +PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF:112:PKCS12_SAFEBAG_create0_p8inf +PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8:113:PKCS12_SAFEBAG_create0_pkcs8 +PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT:133:\ + PKCS12_SAFEBAG_create_pkcs8_encrypt +PKCS12_F_PKCS12_SETUP_MAC:122:PKCS12_setup_mac +PKCS12_F_PKCS12_SET_MAC:123:PKCS12_set_mac +PKCS12_F_PKCS12_UNPACK_AUTHSAFES:130:PKCS12_unpack_authsafes +PKCS12_F_PKCS12_UNPACK_P7DATA:131:PKCS12_unpack_p7data +PKCS12_F_PKCS12_VERIFY_MAC:126:PKCS12_verify_mac +PKCS12_F_PKCS8_ENCRYPT:125:PKCS8_encrypt +PKCS12_F_PKCS8_SET0_PBE:132:PKCS8_set0_pbe +PKCS7_F_DO_PKCS7_SIGNED_ATTRIB:136:do_pkcs7_signed_attrib +PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME:135:PKCS7_add0_attrib_signing_time +PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP:118:PKCS7_add_attrib_smimecap +PKCS7_F_PKCS7_ADD_CERTIFICATE:100:PKCS7_add_certificate +PKCS7_F_PKCS7_ADD_CRL:101:PKCS7_add_crl +PKCS7_F_PKCS7_ADD_RECIPIENT_INFO:102:PKCS7_add_recipient_info +PKCS7_F_PKCS7_ADD_SIGNATURE:131:PKCS7_add_signature +PKCS7_F_PKCS7_ADD_SIGNER:103:PKCS7_add_signer +PKCS7_F_PKCS7_BIO_ADD_DIGEST:125:PKCS7_bio_add_digest +PKCS7_F_PKCS7_COPY_EXISTING_DIGEST:138:pkcs7_copy_existing_digest +PKCS7_F_PKCS7_CTRL:104:PKCS7_ctrl +PKCS7_F_PKCS7_DATADECODE:112:PKCS7_dataDecode +PKCS7_F_PKCS7_DATAFINAL:128:PKCS7_dataFinal +PKCS7_F_PKCS7_DATAINIT:105:PKCS7_dataInit +PKCS7_F_PKCS7_DATAVERIFY:107:PKCS7_dataVerify +PKCS7_F_PKCS7_DECRYPT:114:PKCS7_decrypt +PKCS7_F_PKCS7_DECRYPT_RINFO:133:pkcs7_decrypt_rinfo +PKCS7_F_PKCS7_ENCODE_RINFO:132:pkcs7_encode_rinfo +PKCS7_F_PKCS7_ENCRYPT:115:PKCS7_encrypt +PKCS7_F_PKCS7_FINAL:134:PKCS7_final +PKCS7_F_PKCS7_FIND_DIGEST:127:PKCS7_find_digest +PKCS7_F_PKCS7_GET0_SIGNERS:124:PKCS7_get0_signers +PKCS7_F_PKCS7_RECIP_INFO_SET:130:PKCS7_RECIP_INFO_set +PKCS7_F_PKCS7_SET_CIPHER:108:PKCS7_set_cipher +PKCS7_F_PKCS7_SET_CONTENT:109:PKCS7_set_content +PKCS7_F_PKCS7_SET_DIGEST:126:PKCS7_set_digest +PKCS7_F_PKCS7_SET_TYPE:110:PKCS7_set_type +PKCS7_F_PKCS7_SIGN:116:PKCS7_sign +PKCS7_F_PKCS7_SIGNATUREVERIFY:113:PKCS7_signatureVerify +PKCS7_F_PKCS7_SIGNER_INFO_SET:129:PKCS7_SIGNER_INFO_set +PKCS7_F_PKCS7_SIGNER_INFO_SIGN:139:PKCS7_SIGNER_INFO_sign +PKCS7_F_PKCS7_SIGN_ADD_SIGNER:137:PKCS7_sign_add_signer +PKCS7_F_PKCS7_SIMPLE_SMIMECAP:119:PKCS7_simple_smimecap +PKCS7_F_PKCS7_VERIFY:117:PKCS7_verify +RAND_F_DRBG_BYTES:101:drbg_bytes +RAND_F_DRBG_GET_ENTROPY:105:drbg_get_entropy +RAND_F_DRBG_SETUP:117:drbg_setup +RAND_F_GET_ENTROPY:106:get_entropy +RAND_F_RAND_BYTES:100:RAND_bytes +RAND_F_RAND_DRBG_ENABLE_LOCKING:119:rand_drbg_enable_locking +RAND_F_RAND_DRBG_GENERATE:107:RAND_DRBG_generate +RAND_F_RAND_DRBG_GET_ENTROPY:120:rand_drbg_get_entropy +RAND_F_RAND_DRBG_GET_NONCE:123:rand_drbg_get_nonce +RAND_F_RAND_DRBG_INSTANTIATE:108:RAND_DRBG_instantiate +RAND_F_RAND_DRBG_NEW:109:RAND_DRBG_new +RAND_F_RAND_DRBG_RESEED:110:RAND_DRBG_reseed +RAND_F_RAND_DRBG_RESTART:102:rand_drbg_restart +RAND_F_RAND_DRBG_SET:104:RAND_DRBG_set +RAND_F_RAND_DRBG_SET_DEFAULTS:121:RAND_DRBG_set_defaults +RAND_F_RAND_DRBG_UNINSTANTIATE:118:RAND_DRBG_uninstantiate +RAND_F_RAND_LOAD_FILE:111:RAND_load_file +RAND_F_RAND_POOL_ACQUIRE_ENTROPY:122:rand_pool_acquire_entropy +RAND_F_RAND_POOL_ADD:103:rand_pool_add +RAND_F_RAND_POOL_ADD_BEGIN:113:rand_pool_add_begin +RAND_F_RAND_POOL_ADD_END:114:rand_pool_add_end +RAND_F_RAND_POOL_ATTACH:124:rand_pool_attach +RAND_F_RAND_POOL_BYTES_NEEDED:115:rand_pool_bytes_needed +RAND_F_RAND_POOL_NEW:116:rand_pool_new +RAND_F_RAND_WRITE_FILE:112:RAND_write_file +RSA_F_CHECK_PADDING_MD:140:check_padding_md +RSA_F_ENCODE_PKCS1:146:encode_pkcs1 +RSA_F_INT_RSA_VERIFY:145:int_rsa_verify +RSA_F_OLD_RSA_PRIV_DECODE:147:old_rsa_priv_decode +RSA_F_PKEY_PSS_INIT:165:pkey_pss_init +RSA_F_PKEY_RSA_CTRL:143:pkey_rsa_ctrl +RSA_F_PKEY_RSA_CTRL_STR:144:pkey_rsa_ctrl_str +RSA_F_PKEY_RSA_SIGN:142:pkey_rsa_sign +RSA_F_PKEY_RSA_VERIFY:149:pkey_rsa_verify +RSA_F_PKEY_RSA_VERIFYRECOVER:141:pkey_rsa_verifyrecover +RSA_F_RSA_ALGOR_TO_MD:156:rsa_algor_to_md +RSA_F_RSA_BUILTIN_KEYGEN:129:rsa_builtin_keygen +RSA_F_RSA_CHECK_KEY:123:RSA_check_key +RSA_F_RSA_CHECK_KEY_EX:160:RSA_check_key_ex +RSA_F_RSA_CMS_DECRYPT:159:rsa_cms_decrypt +RSA_F_RSA_CMS_VERIFY:158:rsa_cms_verify +RSA_F_RSA_ITEM_VERIFY:148:rsa_item_verify +RSA_F_RSA_METH_DUP:161:RSA_meth_dup +RSA_F_RSA_METH_NEW:162:RSA_meth_new +RSA_F_RSA_METH_SET1_NAME:163:RSA_meth_set1_name +RSA_F_RSA_MGF1_TO_MD:157:* +RSA_F_RSA_MULTIP_INFO_NEW:166:rsa_multip_info_new +RSA_F_RSA_NEW_METHOD:106:RSA_new_method +RSA_F_RSA_NULL:124:* +RSA_F_RSA_NULL_PRIVATE_DECRYPT:132:* +RSA_F_RSA_NULL_PRIVATE_ENCRYPT:133:* +RSA_F_RSA_NULL_PUBLIC_DECRYPT:134:* +RSA_F_RSA_NULL_PUBLIC_ENCRYPT:135:* +RSA_F_RSA_OSSL_PRIVATE_DECRYPT:101:rsa_ossl_private_decrypt +RSA_F_RSA_OSSL_PRIVATE_ENCRYPT:102:rsa_ossl_private_encrypt +RSA_F_RSA_OSSL_PUBLIC_DECRYPT:103:rsa_ossl_public_decrypt +RSA_F_RSA_OSSL_PUBLIC_ENCRYPT:104:rsa_ossl_public_encrypt +RSA_F_RSA_PADDING_ADD_NONE:107:RSA_padding_add_none +RSA_F_RSA_PADDING_ADD_PKCS1_OAEP:121:RSA_padding_add_PKCS1_OAEP +RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1:154:RSA_padding_add_PKCS1_OAEP_mgf1 +RSA_F_RSA_PADDING_ADD_PKCS1_PSS:125:RSA_padding_add_PKCS1_PSS +RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1:152:RSA_padding_add_PKCS1_PSS_mgf1 +RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1:108:RSA_padding_add_PKCS1_type_1 +RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2:109:RSA_padding_add_PKCS1_type_2 +RSA_F_RSA_PADDING_ADD_SSLV23:110:RSA_padding_add_SSLv23 +RSA_F_RSA_PADDING_ADD_X931:127:RSA_padding_add_X931 +RSA_F_RSA_PADDING_CHECK_NONE:111:RSA_padding_check_none +RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP:122:RSA_padding_check_PKCS1_OAEP +RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1:153:RSA_padding_check_PKCS1_OAEP_mgf1 +RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1:112:RSA_padding_check_PKCS1_type_1 +RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2:113:RSA_padding_check_PKCS1_type_2 +RSA_F_RSA_PADDING_CHECK_SSLV23:114:RSA_padding_check_SSLv23 +RSA_F_RSA_PADDING_CHECK_X931:128:RSA_padding_check_X931 +RSA_F_RSA_PARAM_DECODE:164:rsa_param_decode +RSA_F_RSA_PRINT:115:RSA_print +RSA_F_RSA_PRINT_FP:116:RSA_print_fp +RSA_F_RSA_PRIV_DECODE:150:rsa_priv_decode +RSA_F_RSA_PRIV_ENCODE:138:rsa_priv_encode +RSA_F_RSA_PSS_GET_PARAM:151:rsa_pss_get_param +RSA_F_RSA_PSS_TO_CTX:155:rsa_pss_to_ctx +RSA_F_RSA_PUB_DECODE:139:rsa_pub_decode +RSA_F_RSA_SETUP_BLINDING:136:RSA_setup_blinding +RSA_F_RSA_SIGN:117:RSA_sign +RSA_F_RSA_SIGN_ASN1_OCTET_STRING:118:RSA_sign_ASN1_OCTET_STRING +RSA_F_RSA_VERIFY:119:RSA_verify +RSA_F_RSA_VERIFY_ASN1_OCTET_STRING:120:RSA_verify_ASN1_OCTET_STRING +RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1:126:RSA_verify_PKCS1_PSS_mgf1 +RSA_F_SETUP_TBUF:167:setup_tbuf +SM2_F_PKEY_SM2_COPY:115:pkey_sm2_copy +SM2_F_PKEY_SM2_CTRL:109:pkey_sm2_ctrl +SM2_F_PKEY_SM2_CTRL_STR:110:pkey_sm2_ctrl_str +SM2_F_PKEY_SM2_DIGEST_CUSTOM:114:pkey_sm2_digest_custom +SM2_F_PKEY_SM2_INIT:111:pkey_sm2_init +SM2_F_PKEY_SM2_SIGN:112:pkey_sm2_sign +SM2_F_SM2_COMPUTE_MSG_HASH:100:sm2_compute_msg_hash +SM2_F_SM2_COMPUTE_USERID_DIGEST:101:sm2_compute_userid_digest +SM2_F_SM2_COMPUTE_Z_DIGEST:113:sm2_compute_z_digest +SM2_F_SM2_DECRYPT:102:sm2_decrypt +SM2_F_SM2_ENCRYPT:103:sm2_encrypt +SM2_F_SM2_PLAINTEXT_SIZE:104:sm2_plaintext_size +SM2_F_SM2_SIGN:105:sm2_sign +SM2_F_SM2_SIG_GEN:106:sm2_sig_gen +SM2_F_SM2_SIG_VERIFY:107:sm2_sig_verify +SM2_F_SM2_VERIFY:108:sm2_verify +SSL_F_ADD_CLIENT_KEY_SHARE_EXT:438:* +SSL_F_ADD_KEY_SHARE:512:add_key_share +SSL_F_BYTES_TO_CIPHER_LIST:519:bytes_to_cipher_list +SSL_F_CHECK_SUITEB_CIPHER_LIST:331:check_suiteb_cipher_list +SSL_F_CIPHERSUITE_CB:622:ciphersuite_cb +SSL_F_CONSTRUCT_CA_NAMES:552:construct_ca_names +SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS:553:construct_key_exchange_tbs +SSL_F_CONSTRUCT_STATEFUL_TICKET:636:construct_stateful_ticket +SSL_F_CONSTRUCT_STATELESS_TICKET:637:construct_stateless_ticket +SSL_F_CREATE_SYNTHETIC_MESSAGE_HASH:539:create_synthetic_message_hash +SSL_F_CREATE_TICKET_PREQUEL:638:create_ticket_prequel +SSL_F_CT_MOVE_SCTS:345:ct_move_scts +SSL_F_CT_STRICT:349:ct_strict +SSL_F_CUSTOM_EXT_ADD:554:custom_ext_add +SSL_F_CUSTOM_EXT_PARSE:555:custom_ext_parse +SSL_F_D2I_SSL_SESSION:103:d2i_SSL_SESSION +SSL_F_DANE_CTX_ENABLE:347:dane_ctx_enable +SSL_F_DANE_MTYPE_SET:393:dane_mtype_set +SSL_F_DANE_TLSA_ADD:394:dane_tlsa_add +SSL_F_DERIVE_SECRET_KEY_AND_IV:514:derive_secret_key_and_iv +SSL_F_DO_DTLS1_WRITE:245:do_dtls1_write +SSL_F_DO_SSL3_WRITE:104:do_ssl3_write +SSL_F_DTLS1_BUFFER_RECORD:247:dtls1_buffer_record +SSL_F_DTLS1_CHECK_TIMEOUT_NUM:318:dtls1_check_timeout_num +SSL_F_DTLS1_HEARTBEAT:305:* +SSL_F_DTLS1_HM_FRAGMENT_NEW:623:dtls1_hm_fragment_new +SSL_F_DTLS1_PREPROCESS_FRAGMENT:288:dtls1_preprocess_fragment +SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS:424:dtls1_process_buffered_records +SSL_F_DTLS1_PROCESS_RECORD:257:dtls1_process_record +SSL_F_DTLS1_READ_BYTES:258:dtls1_read_bytes +SSL_F_DTLS1_READ_FAILED:339:dtls1_read_failed +SSL_F_DTLS1_RETRANSMIT_MESSAGE:390:dtls1_retransmit_message +SSL_F_DTLS1_WRITE_APP_DATA_BYTES:268:dtls1_write_app_data_bytes +SSL_F_DTLS1_WRITE_BYTES:545:dtls1_write_bytes +SSL_F_DTLSV1_LISTEN:350:DTLSv1_listen +SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC:371:dtls_construct_change_cipher_spec +SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST:385:\ + dtls_construct_hello_verify_request +SSL_F_DTLS_GET_REASSEMBLED_MESSAGE:370:dtls_get_reassembled_message +SSL_F_DTLS_PROCESS_HELLO_VERIFY:386:dtls_process_hello_verify +SSL_F_DTLS_RECORD_LAYER_NEW:635:DTLS_RECORD_LAYER_new +SSL_F_DTLS_WAIT_FOR_DRY:592:dtls_wait_for_dry +SSL_F_EARLY_DATA_COUNT_OK:532:early_data_count_ok +SSL_F_FINAL_EARLY_DATA:556:final_early_data +SSL_F_FINAL_EC_PT_FORMATS:485:final_ec_pt_formats +SSL_F_FINAL_EMS:486:final_ems +SSL_F_FINAL_KEY_SHARE:503:final_key_share +SSL_F_FINAL_MAXFRAGMENTLEN:557:final_maxfragmentlen +SSL_F_FINAL_RENEGOTIATE:483:final_renegotiate +SSL_F_FINAL_SERVER_NAME:558:final_server_name +SSL_F_FINAL_SIG_ALGS:497:final_sig_algs +SSL_F_GET_CERT_VERIFY_TBS_DATA:588:get_cert_verify_tbs_data +SSL_F_NSS_KEYLOG_INT:500:nss_keylog_int +SSL_F_OPENSSL_INIT_SSL:342:OPENSSL_init_ssl +SSL_F_OSSL_STATEM_CLIENT13_READ_TRANSITION:436:* +SSL_F_OSSL_STATEM_CLIENT13_WRITE_TRANSITION:598:\ + ossl_statem_client13_write_transition +SSL_F_OSSL_STATEM_CLIENT_CONSTRUCT_MESSAGE:430:* +SSL_F_OSSL_STATEM_CLIENT_POST_PROCESS_MESSAGE:593:\ + ossl_statem_client_post_process_message +SSL_F_OSSL_STATEM_CLIENT_PROCESS_MESSAGE:594:ossl_statem_client_process_message +SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION:417:ossl_statem_client_read_transition +SSL_F_OSSL_STATEM_CLIENT_WRITE_TRANSITION:599:\ + ossl_statem_client_write_transition +SSL_F_OSSL_STATEM_SERVER13_READ_TRANSITION:437:* +SSL_F_OSSL_STATEM_SERVER13_WRITE_TRANSITION:600:\ + ossl_statem_server13_write_transition +SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE:431:* +SSL_F_OSSL_STATEM_SERVER_POST_PROCESS_MESSAGE:601:\ + ossl_statem_server_post_process_message +SSL_F_OSSL_STATEM_SERVER_POST_WORK:602:ossl_statem_server_post_work +SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE:603:ossl_statem_server_process_message +SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION:418:ossl_statem_server_read_transition +SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION:604:\ + ossl_statem_server_write_transition +SSL_F_PARSE_CA_NAMES:541:parse_ca_names +SSL_F_PITEM_NEW:624:pitem_new +SSL_F_PQUEUE_NEW:625:pqueue_new +SSL_F_PROCESS_KEY_SHARE_EXT:439:* +SSL_F_READ_STATE_MACHINE:352:read_state_machine +SSL_F_SET_CLIENT_CIPHERSUITE:540:set_client_ciphersuite +SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET:595:srp_generate_client_master_secret +SSL_F_SRP_GENERATE_SERVER_MASTER_SECRET:589:srp_generate_server_master_secret +SSL_F_SRP_VERIFY_SERVER_PARAM:596:srp_verify_server_param +SSL_F_SSL3_CHANGE_CIPHER_STATE:129:ssl3_change_cipher_state +SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM:130:ssl3_check_cert_and_algorithm +SSL_F_SSL3_CTRL:213:ssl3_ctrl +SSL_F_SSL3_CTX_CTRL:133:ssl3_ctx_ctrl +SSL_F_SSL3_DIGEST_CACHED_RECORDS:293:ssl3_digest_cached_records +SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC:292:ssl3_do_change_cipher_spec +SSL_F_SSL3_ENC:608:ssl3_enc +SSL_F_SSL3_FINAL_FINISH_MAC:285:ssl3_final_finish_mac +SSL_F_SSL3_FINISH_MAC:587:ssl3_finish_mac +SSL_F_SSL3_GENERATE_KEY_BLOCK:238:ssl3_generate_key_block +SSL_F_SSL3_GENERATE_MASTER_SECRET:388:ssl3_generate_master_secret +SSL_F_SSL3_GET_RECORD:143:ssl3_get_record +SSL_F_SSL3_INIT_FINISHED_MAC:397:ssl3_init_finished_mac +SSL_F_SSL3_OUTPUT_CERT_CHAIN:147:ssl3_output_cert_chain +SSL_F_SSL3_READ_BYTES:148:ssl3_read_bytes +SSL_F_SSL3_READ_N:149:ssl3_read_n +SSL_F_SSL3_SETUP_KEY_BLOCK:157:ssl3_setup_key_block +SSL_F_SSL3_SETUP_READ_BUFFER:156:ssl3_setup_read_buffer +SSL_F_SSL3_SETUP_WRITE_BUFFER:291:ssl3_setup_write_buffer +SSL_F_SSL3_WRITE_BYTES:158:ssl3_write_bytes +SSL_F_SSL3_WRITE_PENDING:159:ssl3_write_pending +SSL_F_SSL_ADD_CERT_CHAIN:316:ssl_add_cert_chain +SSL_F_SSL_ADD_CERT_TO_BUF:319:* +SSL_F_SSL_ADD_CERT_TO_WPACKET:493:ssl_add_cert_to_wpacket +SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT:298:* +SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT:277:* +SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT:307:* +SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK:215:SSL_add_dir_cert_subjects_to_stack +SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK:216:\ + SSL_add_file_cert_subjects_to_stack +SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT:299:* +SSL_F_SSL_ADD_SERVERHELLO_TLSEXT:278:* +SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT:308:* +SSL_F_SSL_BAD_METHOD:160:ssl_bad_method +SSL_F_SSL_BUILD_CERT_CHAIN:332:ssl_build_cert_chain +SSL_F_SSL_BYTES_TO_CIPHER_LIST:161:SSL_bytes_to_cipher_list +SSL_F_SSL_CACHE_CIPHERLIST:520:ssl_cache_cipherlist +SSL_F_SSL_CERT_ADD0_CHAIN_CERT:346:ssl_cert_add0_chain_cert +SSL_F_SSL_CERT_DUP:221:ssl_cert_dup +SSL_F_SSL_CERT_NEW:162:ssl_cert_new +SSL_F_SSL_CERT_SET0_CHAIN:340:ssl_cert_set0_chain +SSL_F_SSL_CHECK_PRIVATE_KEY:163:SSL_check_private_key +SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT:280:* +SSL_F_SSL_CHECK_SRP_EXT_CLIENTHELLO:606:ssl_check_srp_ext_ClientHello +SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG:279:ssl_check_srvr_ecc_cert_and_alg +SSL_F_SSL_CHOOSE_CLIENT_VERSION:607:ssl_choose_client_version +SSL_F_SSL_CIPHER_DESCRIPTION:626:SSL_CIPHER_description +SSL_F_SSL_CIPHER_LIST_TO_BYTES:425:ssl_cipher_list_to_bytes +SSL_F_SSL_CIPHER_PROCESS_RULESTR:230:ssl_cipher_process_rulestr +SSL_F_SSL_CIPHER_STRENGTH_SORT:231:ssl_cipher_strength_sort +SSL_F_SSL_CLEAR:164:SSL_clear +SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT:627:\ + SSL_client_hello_get1_extensions_present +SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD:165:SSL_COMP_add_compression_method +SSL_F_SSL_CONF_CMD:334:SSL_CONF_cmd +SSL_F_SSL_CREATE_CIPHER_LIST:166:ssl_create_cipher_list +SSL_F_SSL_CTRL:232:SSL_ctrl +SSL_F_SSL_CTX_CHECK_PRIVATE_KEY:168:SSL_CTX_check_private_key +SSL_F_SSL_CTX_ENABLE_CT:398:SSL_CTX_enable_ct +SSL_F_SSL_CTX_MAKE_PROFILES:309:ssl_ctx_make_profiles +SSL_F_SSL_CTX_NEW:169:SSL_CTX_new +SSL_F_SSL_CTX_SET_ALPN_PROTOS:343:SSL_CTX_set_alpn_protos +SSL_F_SSL_CTX_SET_CIPHER_LIST:269:SSL_CTX_set_cipher_list +SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE:290:SSL_CTX_set_client_cert_engine +SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK:396:SSL_CTX_set_ct_validation_callback +SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT:219:SSL_CTX_set_session_id_context +SSL_F_SSL_CTX_SET_SSL_VERSION:170:SSL_CTX_set_ssl_version +SSL_F_SSL_CTX_SET_TLSEXT_MAX_FRAGMENT_LENGTH:551:\ + SSL_CTX_set_tlsext_max_fragment_length +SSL_F_SSL_CTX_USE_CERTIFICATE:171:SSL_CTX_use_certificate +SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1:172:SSL_CTX_use_certificate_ASN1 +SSL_F_SSL_CTX_USE_CERTIFICATE_FILE:173:SSL_CTX_use_certificate_file +SSL_F_SSL_CTX_USE_PRIVATEKEY:174:SSL_CTX_use_PrivateKey +SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1:175:SSL_CTX_use_PrivateKey_ASN1 +SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE:176:SSL_CTX_use_PrivateKey_file +SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT:272:SSL_CTX_use_psk_identity_hint +SSL_F_SSL_CTX_USE_RSAPRIVATEKEY:177:SSL_CTX_use_RSAPrivateKey +SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1:178:SSL_CTX_use_RSAPrivateKey_ASN1 +SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE:179:SSL_CTX_use_RSAPrivateKey_file +SSL_F_SSL_CTX_USE_SERVERINFO:336:SSL_CTX_use_serverinfo +SSL_F_SSL_CTX_USE_SERVERINFO_EX:543:SSL_CTX_use_serverinfo_ex +SSL_F_SSL_CTX_USE_SERVERINFO_FILE:337:SSL_CTX_use_serverinfo_file +SSL_F_SSL_DANE_DUP:403:ssl_dane_dup +SSL_F_SSL_DANE_ENABLE:395:SSL_dane_enable +SSL_F_SSL_DERIVE:590:ssl_derive +SSL_F_SSL_DO_CONFIG:391:ssl_do_config +SSL_F_SSL_DO_HANDSHAKE:180:SSL_do_handshake +SSL_F_SSL_DUP_CA_LIST:408:SSL_dup_CA_list +SSL_F_SSL_ENABLE_CT:402:SSL_enable_ct +SSL_F_SSL_GENERATE_PKEY_GROUP:559:ssl_generate_pkey_group +SSL_F_SSL_GENERATE_SESSION_ID:547:ssl_generate_session_id +SSL_F_SSL_GET_NEW_SESSION:181:ssl_get_new_session +SSL_F_SSL_GET_PREV_SESSION:217:ssl_get_prev_session +SSL_F_SSL_GET_SERVER_CERT_INDEX:322:* +SSL_F_SSL_GET_SIGN_PKEY:183:* +SSL_F_SSL_HANDSHAKE_HASH:560:ssl_handshake_hash +SSL_F_SSL_INIT_WBIO_BUFFER:184:ssl_init_wbio_buffer +SSL_F_SSL_KEY_UPDATE:515:SSL_key_update +SSL_F_SSL_LOAD_CLIENT_CA_FILE:185:SSL_load_client_CA_file +SSL_F_SSL_LOG_MASTER_SECRET:498:* +SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE:499:ssl_log_rsa_client_key_exchange +SSL_F_SSL_MODULE_INIT:392:ssl_module_init +SSL_F_SSL_NEW:186:SSL_new +SSL_F_SSL_NEXT_PROTO_VALIDATE:565:ssl_next_proto_validate +SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT:300:* +SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT:302:* +SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT:310:* +SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT:301:* +SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT:303:* +SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT:311:* +SSL_F_SSL_PEEK:270:SSL_peek +SSL_F_SSL_PEEK_EX:432:SSL_peek_ex +SSL_F_SSL_PEEK_INTERNAL:522:ssl_peek_internal +SSL_F_SSL_READ:223:SSL_read +SSL_F_SSL_READ_EARLY_DATA:529:SSL_read_early_data +SSL_F_SSL_READ_EX:434:SSL_read_ex +SSL_F_SSL_READ_INTERNAL:523:ssl_read_internal +SSL_F_SSL_RENEGOTIATE:516:SSL_renegotiate +SSL_F_SSL_RENEGOTIATE_ABBREVIATED:546:SSL_renegotiate_abbreviated +SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT:320:* +SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT:321:* +SSL_F_SSL_SESSION_DUP:348:ssl_session_dup +SSL_F_SSL_SESSION_NEW:189:SSL_SESSION_new +SSL_F_SSL_SESSION_PRINT_FP:190:SSL_SESSION_print_fp +SSL_F_SSL_SESSION_SET1_ID:423:SSL_SESSION_set1_id +SSL_F_SSL_SESSION_SET1_ID_CONTEXT:312:SSL_SESSION_set1_id_context +SSL_F_SSL_SET_ALPN_PROTOS:344:SSL_set_alpn_protos +SSL_F_SSL_SET_CERT:191:ssl_set_cert +SSL_F_SSL_SET_CERT_AND_KEY:621:ssl_set_cert_and_key +SSL_F_SSL_SET_CIPHER_LIST:271:SSL_set_cipher_list +SSL_F_SSL_SET_CT_VALIDATION_CALLBACK:399:SSL_set_ct_validation_callback +SSL_F_SSL_SET_FD:192:SSL_set_fd +SSL_F_SSL_SET_PKEY:193:ssl_set_pkey +SSL_F_SSL_SET_RFD:194:SSL_set_rfd +SSL_F_SSL_SET_SESSION:195:SSL_set_session +SSL_F_SSL_SET_SESSION_ID_CONTEXT:218:SSL_set_session_id_context +SSL_F_SSL_SET_SESSION_TICKET_EXT:294:SSL_set_session_ticket_ext +SSL_F_SSL_SET_TLSEXT_MAX_FRAGMENT_LENGTH:550:SSL_set_tlsext_max_fragment_length +SSL_F_SSL_SET_WFD:196:SSL_set_wfd +SSL_F_SSL_SHUTDOWN:224:SSL_shutdown +SSL_F_SSL_SRP_CTX_INIT:313:SSL_SRP_CTX_init +SSL_F_SSL_START_ASYNC_JOB:389:ssl_start_async_job +SSL_F_SSL_UNDEFINED_FUNCTION:197:ssl_undefined_function +SSL_F_SSL_UNDEFINED_VOID_FUNCTION:244:ssl_undefined_void_function +SSL_F_SSL_USE_CERTIFICATE:198:SSL_use_certificate +SSL_F_SSL_USE_CERTIFICATE_ASN1:199:SSL_use_certificate_ASN1 +SSL_F_SSL_USE_CERTIFICATE_FILE:200:SSL_use_certificate_file +SSL_F_SSL_USE_PRIVATEKEY:201:SSL_use_PrivateKey +SSL_F_SSL_USE_PRIVATEKEY_ASN1:202:SSL_use_PrivateKey_ASN1 +SSL_F_SSL_USE_PRIVATEKEY_FILE:203:SSL_use_PrivateKey_file +SSL_F_SSL_USE_PSK_IDENTITY_HINT:273:SSL_use_psk_identity_hint +SSL_F_SSL_USE_RSAPRIVATEKEY:204:SSL_use_RSAPrivateKey +SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1:205:SSL_use_RSAPrivateKey_ASN1 +SSL_F_SSL_USE_RSAPRIVATEKEY_FILE:206:SSL_use_RSAPrivateKey_file +SSL_F_SSL_VALIDATE_CT:400:ssl_validate_ct +SSL_F_SSL_VERIFY_CERT_CHAIN:207:ssl_verify_cert_chain +SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE:616:SSL_verify_client_post_handshake +SSL_F_SSL_WRITE:208:SSL_write +SSL_F_SSL_WRITE_EARLY_DATA:526:SSL_write_early_data +SSL_F_SSL_WRITE_EARLY_FINISH:527:* +SSL_F_SSL_WRITE_EX:433:SSL_write_ex +SSL_F_SSL_WRITE_INTERNAL:524:ssl_write_internal +SSL_F_STATE_MACHINE:353:state_machine +SSL_F_TLS12_CHECK_PEER_SIGALG:333:tls12_check_peer_sigalg +SSL_F_TLS12_COPY_SIGALGS:533:tls12_copy_sigalgs +SSL_F_TLS13_CHANGE_CIPHER_STATE:440:tls13_change_cipher_state +SSL_F_TLS13_ENC:609:tls13_enc +SSL_F_TLS13_FINAL_FINISH_MAC:605:tls13_final_finish_mac +SSL_F_TLS13_GENERATE_SECRET:591:tls13_generate_secret +SSL_F_TLS13_HKDF_EXPAND:561:tls13_hkdf_expand +SSL_F_TLS13_RESTORE_HANDSHAKE_DIGEST_FOR_PHA:617:\ + tls13_restore_handshake_digest_for_pha +SSL_F_TLS13_SAVE_HANDSHAKE_DIGEST_FOR_PHA:618:\ + tls13_save_handshake_digest_for_pha +SSL_F_TLS13_SETUP_KEY_BLOCK:441:tls13_setup_key_block +SSL_F_TLS1_CHANGE_CIPHER_STATE:209:tls1_change_cipher_state +SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS:341:* +SSL_F_TLS1_ENC:401:tls1_enc +SSL_F_TLS1_EXPORT_KEYING_MATERIAL:314:tls1_export_keying_material +SSL_F_TLS1_GET_CURVELIST:338:tls1_get_curvelist +SSL_F_TLS1_PRF:284:tls1_PRF +SSL_F_TLS1_SAVE_U16:628:tls1_save_u16 +SSL_F_TLS1_SETUP_KEY_BLOCK:211:tls1_setup_key_block +SSL_F_TLS1_SET_GROUPS:629:tls1_set_groups +SSL_F_TLS1_SET_RAW_SIGALGS:630:tls1_set_raw_sigalgs +SSL_F_TLS1_SET_SERVER_SIGALGS:335:tls1_set_server_sigalgs +SSL_F_TLS1_SET_SHARED_SIGALGS:631:tls1_set_shared_sigalgs +SSL_F_TLS1_SET_SIGALGS:632:tls1_set_sigalgs +SSL_F_TLS_CHOOSE_SIGALG:513:tls_choose_sigalg +SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK:354:tls_client_key_exchange_post_work +SSL_F_TLS_COLLECT_EXTENSIONS:435:tls_collect_extensions +SSL_F_TLS_CONSTRUCT_CERTIFICATE_AUTHORITIES:542:\ + tls_construct_certificate_authorities +SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST:372:tls_construct_certificate_request +SSL_F_TLS_CONSTRUCT_CERT_STATUS:429:* +SSL_F_TLS_CONSTRUCT_CERT_STATUS_BODY:494:tls_construct_cert_status_body +SSL_F_TLS_CONSTRUCT_CERT_VERIFY:496:tls_construct_cert_verify +SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC:427:tls_construct_change_cipher_spec +SSL_F_TLS_CONSTRUCT_CKE_DHE:404:tls_construct_cke_dhe +SSL_F_TLS_CONSTRUCT_CKE_ECDHE:405:tls_construct_cke_ecdhe +SSL_F_TLS_CONSTRUCT_CKE_GOST:406:tls_construct_cke_gost +SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE:407:tls_construct_cke_psk_preamble +SSL_F_TLS_CONSTRUCT_CKE_RSA:409:tls_construct_cke_rsa +SSL_F_TLS_CONSTRUCT_CKE_SRP:410:tls_construct_cke_srp +SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE:484:tls_construct_client_certificate +SSL_F_TLS_CONSTRUCT_CLIENT_HELLO:487:tls_construct_client_hello +SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE:488:tls_construct_client_key_exchange +SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY:489:* +SSL_F_TLS_CONSTRUCT_CTOS_ALPN:466:tls_construct_ctos_alpn +SSL_F_TLS_CONSTRUCT_CTOS_CERTIFICATE:355:* +SSL_F_TLS_CONSTRUCT_CTOS_COOKIE:535:tls_construct_ctos_cookie +SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA:530:tls_construct_ctos_early_data +SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS:467:tls_construct_ctos_ec_pt_formats +SSL_F_TLS_CONSTRUCT_CTOS_EMS:468:tls_construct_ctos_ems +SSL_F_TLS_CONSTRUCT_CTOS_ETM:469:tls_construct_ctos_etm +SSL_F_TLS_CONSTRUCT_CTOS_HELLO:356:* +SSL_F_TLS_CONSTRUCT_CTOS_KEY_EXCHANGE:357:* +SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE:470:tls_construct_ctos_key_share +SSL_F_TLS_CONSTRUCT_CTOS_MAXFRAGMENTLEN:549:tls_construct_ctos_maxfragmentlen +SSL_F_TLS_CONSTRUCT_CTOS_NPN:471:tls_construct_ctos_npn +SSL_F_TLS_CONSTRUCT_CTOS_PADDING:472:tls_construct_ctos_padding +SSL_F_TLS_CONSTRUCT_CTOS_POST_HANDSHAKE_AUTH:619:\ + tls_construct_ctos_post_handshake_auth +SSL_F_TLS_CONSTRUCT_CTOS_PSK:501:tls_construct_ctos_psk +SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES:509:tls_construct_ctos_psk_kex_modes +SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE:473:tls_construct_ctos_renegotiate +SSL_F_TLS_CONSTRUCT_CTOS_SCT:474:tls_construct_ctos_sct +SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME:475:tls_construct_ctos_server_name +SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET:476:tls_construct_ctos_session_ticket +SSL_F_TLS_CONSTRUCT_CTOS_SIG_ALGS:477:tls_construct_ctos_sig_algs +SSL_F_TLS_CONSTRUCT_CTOS_SRP:478:tls_construct_ctos_srp +SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST:479:tls_construct_ctos_status_request +SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS:480:\ + tls_construct_ctos_supported_groups +SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS:481:\ + tls_construct_ctos_supported_versions +SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP:482:tls_construct_ctos_use_srtp +SSL_F_TLS_CONSTRUCT_CTOS_VERIFY:358:* +SSL_F_TLS_CONSTRUCT_ENCRYPTED_EXTENSIONS:443:tls_construct_encrypted_extensions +SSL_F_TLS_CONSTRUCT_END_OF_EARLY_DATA:536:tls_construct_end_of_early_data +SSL_F_TLS_CONSTRUCT_EXTENSIONS:447:tls_construct_extensions +SSL_F_TLS_CONSTRUCT_FINISHED:359:tls_construct_finished +SSL_F_TLS_CONSTRUCT_HELLO_REQUEST:373:* +SSL_F_TLS_CONSTRUCT_HELLO_RETRY_REQUEST:510:tls_construct_hello_retry_request +SSL_F_TLS_CONSTRUCT_KEY_UPDATE:517:tls_construct_key_update +SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET:428:tls_construct_new_session_ticket +SSL_F_TLS_CONSTRUCT_NEXT_PROTO:426:tls_construct_next_proto +SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE:490:tls_construct_server_certificate +SSL_F_TLS_CONSTRUCT_SERVER_HELLO:491:tls_construct_server_hello +SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE:492:tls_construct_server_key_exchange +SSL_F_TLS_CONSTRUCT_STOC_ALPN:451:tls_construct_stoc_alpn +SSL_F_TLS_CONSTRUCT_STOC_CERTIFICATE:374:* +SSL_F_TLS_CONSTRUCT_STOC_COOKIE:613:tls_construct_stoc_cookie +SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG:452:tls_construct_stoc_cryptopro_bug +SSL_F_TLS_CONSTRUCT_STOC_DONE:375:* +SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA:531:tls_construct_stoc_early_data +SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA_INFO:525:* +SSL_F_TLS_CONSTRUCT_STOC_EC_PT_FORMATS:453:tls_construct_stoc_ec_pt_formats +SSL_F_TLS_CONSTRUCT_STOC_EMS:454:tls_construct_stoc_ems +SSL_F_TLS_CONSTRUCT_STOC_ETM:455:tls_construct_stoc_etm +SSL_F_TLS_CONSTRUCT_STOC_HELLO:376:* +SSL_F_TLS_CONSTRUCT_STOC_KEY_EXCHANGE:377:* +SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE:456:tls_construct_stoc_key_share +SSL_F_TLS_CONSTRUCT_STOC_MAXFRAGMENTLEN:548:tls_construct_stoc_maxfragmentlen +SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG:457:tls_construct_stoc_next_proto_neg +SSL_F_TLS_CONSTRUCT_STOC_PSK:504:tls_construct_stoc_psk +SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE:458:tls_construct_stoc_renegotiate +SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME:459:tls_construct_stoc_server_name +SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET:460:tls_construct_stoc_session_ticket +SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST:461:tls_construct_stoc_status_request +SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS:544:\ + tls_construct_stoc_supported_groups +SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS:611:\ + tls_construct_stoc_supported_versions +SSL_F_TLS_CONSTRUCT_STOC_USE_SRTP:462:tls_construct_stoc_use_srtp +SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO:521:\ + tls_early_post_process_client_hello +SSL_F_TLS_FINISH_HANDSHAKE:597:tls_finish_handshake +SSL_F_TLS_GET_MESSAGE_BODY:351:tls_get_message_body +SSL_F_TLS_GET_MESSAGE_HEADER:387:tls_get_message_header +SSL_F_TLS_HANDLE_ALPN:562:tls_handle_alpn +SSL_F_TLS_HANDLE_STATUS_REQUEST:563:tls_handle_status_request +SSL_F_TLS_PARSE_CERTIFICATE_AUTHORITIES:566:tls_parse_certificate_authorities +SSL_F_TLS_PARSE_CLIENTHELLO_TLSEXT:449:* +SSL_F_TLS_PARSE_CTOS_ALPN:567:tls_parse_ctos_alpn +SSL_F_TLS_PARSE_CTOS_COOKIE:614:tls_parse_ctos_cookie +SSL_F_TLS_PARSE_CTOS_EARLY_DATA:568:tls_parse_ctos_early_data +SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS:569:tls_parse_ctos_ec_pt_formats +SSL_F_TLS_PARSE_CTOS_EMS:570:tls_parse_ctos_ems +SSL_F_TLS_PARSE_CTOS_KEY_SHARE:463:tls_parse_ctos_key_share +SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN:571:tls_parse_ctos_maxfragmentlen +SSL_F_TLS_PARSE_CTOS_POST_HANDSHAKE_AUTH:620:tls_parse_ctos_post_handshake_auth +SSL_F_TLS_PARSE_CTOS_PSK:505:tls_parse_ctos_psk +SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES:572:tls_parse_ctos_psk_kex_modes +SSL_F_TLS_PARSE_CTOS_RENEGOTIATE:464:tls_parse_ctos_renegotiate +SSL_F_TLS_PARSE_CTOS_SERVER_NAME:573:tls_parse_ctos_server_name +SSL_F_TLS_PARSE_CTOS_SESSION_TICKET:574:tls_parse_ctos_session_ticket +SSL_F_TLS_PARSE_CTOS_SIG_ALGS:575:tls_parse_ctos_sig_algs +SSL_F_TLS_PARSE_CTOS_SIG_ALGS_CERT:615:tls_parse_ctos_sig_algs_cert +SSL_F_TLS_PARSE_CTOS_SRP:576:tls_parse_ctos_srp +SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST:577:tls_parse_ctos_status_request +SSL_F_TLS_PARSE_CTOS_SUPPORTED_GROUPS:578:tls_parse_ctos_supported_groups +SSL_F_TLS_PARSE_CTOS_USE_SRTP:465:tls_parse_ctos_use_srtp +SSL_F_TLS_PARSE_STOC_ALPN:579:tls_parse_stoc_alpn +SSL_F_TLS_PARSE_STOC_COOKIE:534:tls_parse_stoc_cookie +SSL_F_TLS_PARSE_STOC_EARLY_DATA:538:tls_parse_stoc_early_data +SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO:528:* +SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS:580:tls_parse_stoc_ec_pt_formats +SSL_F_TLS_PARSE_STOC_KEY_SHARE:445:tls_parse_stoc_key_share +SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN:581:tls_parse_stoc_maxfragmentlen +SSL_F_TLS_PARSE_STOC_NPN:582:tls_parse_stoc_npn +SSL_F_TLS_PARSE_STOC_PSK:502:tls_parse_stoc_psk +SSL_F_TLS_PARSE_STOC_RENEGOTIATE:448:tls_parse_stoc_renegotiate +SSL_F_TLS_PARSE_STOC_SCT:564:tls_parse_stoc_sct +SSL_F_TLS_PARSE_STOC_SERVER_NAME:583:tls_parse_stoc_server_name +SSL_F_TLS_PARSE_STOC_SESSION_TICKET:584:tls_parse_stoc_session_ticket +SSL_F_TLS_PARSE_STOC_STATUS_REQUEST:585:tls_parse_stoc_status_request +SSL_F_TLS_PARSE_STOC_SUPPORTED_VERSIONS:612:tls_parse_stoc_supported_versions +SSL_F_TLS_PARSE_STOC_USE_SRTP:446:tls_parse_stoc_use_srtp +SSL_F_TLS_POST_PROCESS_CLIENT_HELLO:378:tls_post_process_client_hello +SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE:384:\ + tls_post_process_client_key_exchange +SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE:360:tls_prepare_client_certificate +SSL_F_TLS_PROCESS_AS_HELLO_RETRY_REQUEST:610:tls_process_as_hello_retry_request +SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST:361:tls_process_certificate_request +SSL_F_TLS_PROCESS_CERT_STATUS:362:* +SSL_F_TLS_PROCESS_CERT_STATUS_BODY:495:tls_process_cert_status_body +SSL_F_TLS_PROCESS_CERT_VERIFY:379:tls_process_cert_verify +SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC:363:tls_process_change_cipher_spec +SSL_F_TLS_PROCESS_CKE_DHE:411:tls_process_cke_dhe +SSL_F_TLS_PROCESS_CKE_ECDHE:412:tls_process_cke_ecdhe +SSL_F_TLS_PROCESS_CKE_GOST:413:tls_process_cke_gost +SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE:414:tls_process_cke_psk_preamble +SSL_F_TLS_PROCESS_CKE_RSA:415:tls_process_cke_rsa +SSL_F_TLS_PROCESS_CKE_SRP:416:tls_process_cke_srp +SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE:380:tls_process_client_certificate +SSL_F_TLS_PROCESS_CLIENT_HELLO:381:tls_process_client_hello +SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE:382:tls_process_client_key_exchange +SSL_F_TLS_PROCESS_ENCRYPTED_EXTENSIONS:444:tls_process_encrypted_extensions +SSL_F_TLS_PROCESS_END_OF_EARLY_DATA:537:tls_process_end_of_early_data +SSL_F_TLS_PROCESS_FINISHED:364:tls_process_finished +SSL_F_TLS_PROCESS_HELLO_REQ:507:tls_process_hello_req +SSL_F_TLS_PROCESS_HELLO_RETRY_REQUEST:511:tls_process_hello_retry_request +SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT:442:tls_process_initial_server_flight +SSL_F_TLS_PROCESS_KEY_EXCHANGE:365:tls_process_key_exchange +SSL_F_TLS_PROCESS_KEY_UPDATE:518:tls_process_key_update +SSL_F_TLS_PROCESS_NEW_SESSION_TICKET:366:tls_process_new_session_ticket +SSL_F_TLS_PROCESS_NEXT_PROTO:383:tls_process_next_proto +SSL_F_TLS_PROCESS_SERVER_CERTIFICATE:367:tls_process_server_certificate +SSL_F_TLS_PROCESS_SERVER_DONE:368:tls_process_server_done +SSL_F_TLS_PROCESS_SERVER_HELLO:369:tls_process_server_hello +SSL_F_TLS_PROCESS_SKE_DHE:419:tls_process_ske_dhe +SSL_F_TLS_PROCESS_SKE_ECDHE:420:tls_process_ske_ecdhe +SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE:421:tls_process_ske_psk_preamble +SSL_F_TLS_PROCESS_SKE_SRP:422:tls_process_ske_srp +SSL_F_TLS_PSK_DO_BINDER:506:tls_psk_do_binder +SSL_F_TLS_SCAN_CLIENTHELLO_TLSEXT:450:* +SSL_F_TLS_SETUP_HANDSHAKE:508:tls_setup_handshake +SSL_F_USE_CERTIFICATE_CHAIN_FILE:220:use_certificate_chain_file +SSL_F_WPACKET_INTERN_INIT_LEN:633:wpacket_intern_init_len +SSL_F_WPACKET_START_SUB_PACKET_LEN__:634:WPACKET_start_sub_packet_len__ +SSL_F_WRITE_STATE_MACHINE:586:write_state_machine +TS_F_DEF_SERIAL_CB:110:def_serial_cb +TS_F_DEF_TIME_CB:111:def_time_cb +TS_F_ESS_ADD_SIGNING_CERT:112:ess_add_signing_cert +TS_F_ESS_ADD_SIGNING_CERT_V2:147:ess_add_signing_cert_v2 +TS_F_ESS_CERT_ID_NEW_INIT:113:ess_CERT_ID_new_init +TS_F_ESS_CERT_ID_V2_NEW_INIT:156:ess_cert_id_v2_new_init +TS_F_ESS_SIGNING_CERT_NEW_INIT:114:ess_SIGNING_CERT_new_init +TS_F_ESS_SIGNING_CERT_V2_NEW_INIT:157:ess_signing_cert_v2_new_init +TS_F_INT_TS_RESP_VERIFY_TOKEN:149:int_ts_RESP_verify_token +TS_F_PKCS7_TO_TS_TST_INFO:148:PKCS7_to_TS_TST_INFO +TS_F_TS_ACCURACY_SET_MICROS:115:TS_ACCURACY_set_micros +TS_F_TS_ACCURACY_SET_MILLIS:116:TS_ACCURACY_set_millis +TS_F_TS_ACCURACY_SET_SECONDS:117:TS_ACCURACY_set_seconds +TS_F_TS_CHECK_IMPRINTS:100:ts_check_imprints +TS_F_TS_CHECK_NONCES:101:ts_check_nonces +TS_F_TS_CHECK_POLICY:102:ts_check_policy +TS_F_TS_CHECK_SIGNING_CERTS:103:ts_check_signing_certs +TS_F_TS_CHECK_STATUS_INFO:104:ts_check_status_info +TS_F_TS_COMPUTE_IMPRINT:145:ts_compute_imprint +TS_F_TS_CONF_INVALID:151:ts_CONF_invalid +TS_F_TS_CONF_LOAD_CERT:153:TS_CONF_load_cert +TS_F_TS_CONF_LOAD_CERTS:154:TS_CONF_load_certs +TS_F_TS_CONF_LOAD_KEY:155:TS_CONF_load_key +TS_F_TS_CONF_LOOKUP_FAIL:152:ts_CONF_lookup_fail +TS_F_TS_CONF_SET_DEFAULT_ENGINE:146:TS_CONF_set_default_engine +TS_F_TS_GET_STATUS_TEXT:105:ts_get_status_text +TS_F_TS_MSG_IMPRINT_SET_ALGO:118:TS_MSG_IMPRINT_set_algo +TS_F_TS_REQ_SET_MSG_IMPRINT:119:TS_REQ_set_msg_imprint +TS_F_TS_REQ_SET_NONCE:120:TS_REQ_set_nonce +TS_F_TS_REQ_SET_POLICY_ID:121:TS_REQ_set_policy_id +TS_F_TS_RESP_CREATE_RESPONSE:122:TS_RESP_create_response +TS_F_TS_RESP_CREATE_TST_INFO:123:ts_RESP_create_tst_info +TS_F_TS_RESP_CTX_ADD_FAILURE_INFO:124:TS_RESP_CTX_add_failure_info +TS_F_TS_RESP_CTX_ADD_MD:125:TS_RESP_CTX_add_md +TS_F_TS_RESP_CTX_ADD_POLICY:126:TS_RESP_CTX_add_policy +TS_F_TS_RESP_CTX_NEW:127:TS_RESP_CTX_new +TS_F_TS_RESP_CTX_SET_ACCURACY:128:TS_RESP_CTX_set_accuracy +TS_F_TS_RESP_CTX_SET_CERTS:129:TS_RESP_CTX_set_certs +TS_F_TS_RESP_CTX_SET_DEF_POLICY:130:TS_RESP_CTX_set_def_policy +TS_F_TS_RESP_CTX_SET_SIGNER_CERT:131:TS_RESP_CTX_set_signer_cert +TS_F_TS_RESP_CTX_SET_STATUS_INFO:132:TS_RESP_CTX_set_status_info +TS_F_TS_RESP_GET_POLICY:133:ts_RESP_get_policy +TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION:134:TS_RESP_set_genTime_with_precision +TS_F_TS_RESP_SET_STATUS_INFO:135:TS_RESP_set_status_info +TS_F_TS_RESP_SET_TST_INFO:150:TS_RESP_set_tst_info +TS_F_TS_RESP_SIGN:136:ts_RESP_sign +TS_F_TS_RESP_VERIFY_SIGNATURE:106:TS_RESP_verify_signature +TS_F_TS_TST_INFO_SET_ACCURACY:137:TS_TST_INFO_set_accuracy +TS_F_TS_TST_INFO_SET_MSG_IMPRINT:138:TS_TST_INFO_set_msg_imprint +TS_F_TS_TST_INFO_SET_NONCE:139:TS_TST_INFO_set_nonce +TS_F_TS_TST_INFO_SET_POLICY_ID:140:TS_TST_INFO_set_policy_id +TS_F_TS_TST_INFO_SET_SERIAL:141:TS_TST_INFO_set_serial +TS_F_TS_TST_INFO_SET_TIME:142:TS_TST_INFO_set_time +TS_F_TS_TST_INFO_SET_TSA:143:TS_TST_INFO_set_tsa +TS_F_TS_VERIFY:108:* +TS_F_TS_VERIFY_CERT:109:ts_verify_cert +TS_F_TS_VERIFY_CTX_NEW:144:TS_VERIFY_CTX_new +UI_F_CLOSE_CONSOLE:115:close_console +UI_F_ECHO_CONSOLE:116:echo_console +UI_F_GENERAL_ALLOCATE_BOOLEAN:108:general_allocate_boolean +UI_F_GENERAL_ALLOCATE_PROMPT:109:general_allocate_prompt +UI_F_NOECHO_CONSOLE:117:noecho_console +UI_F_OPEN_CONSOLE:114:open_console +UI_F_UI_CONSTRUCT_PROMPT:121:UI_construct_prompt +UI_F_UI_CREATE_METHOD:112:UI_create_method +UI_F_UI_CTRL:111:UI_ctrl +UI_F_UI_DUP_ERROR_STRING:101:UI_dup_error_string +UI_F_UI_DUP_INFO_STRING:102:UI_dup_info_string +UI_F_UI_DUP_INPUT_BOOLEAN:110:UI_dup_input_boolean +UI_F_UI_DUP_INPUT_STRING:103:UI_dup_input_string +UI_F_UI_DUP_USER_DATA:118:UI_dup_user_data +UI_F_UI_DUP_VERIFY_STRING:106:UI_dup_verify_string +UI_F_UI_GET0_RESULT:107:UI_get0_result +UI_F_UI_GET_RESULT_LENGTH:119:UI_get_result_length +UI_F_UI_NEW_METHOD:104:UI_new_method +UI_F_UI_PROCESS:113:UI_process +UI_F_UI_SET_RESULT:105:UI_set_result +UI_F_UI_SET_RESULT_EX:120:UI_set_result_ex +X509V3_F_A2I_GENERAL_NAME:164:a2i_GENERAL_NAME +X509V3_F_ADDR_VALIDATE_PATH_INTERNAL:166:addr_validate_path_internal +X509V3_F_ASIDENTIFIERCHOICE_CANONIZE:161:ASIdentifierChoice_canonize +X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL:162:ASIdentifierChoice_is_canonical +X509V3_F_BIGNUM_TO_STRING:167:bignum_to_string +X509V3_F_COPY_EMAIL:122:copy_email +X509V3_F_COPY_ISSUER:123:copy_issuer +X509V3_F_DO_DIRNAME:144:do_dirname +X509V3_F_DO_EXT_I2D:135:do_ext_i2d +X509V3_F_DO_EXT_NCONF:151:do_ext_nconf +X509V3_F_GNAMES_FROM_SECTNAME:156:gnames_from_sectname +X509V3_F_I2S_ASN1_ENUMERATED:121:i2s_ASN1_ENUMERATED +X509V3_F_I2S_ASN1_IA5STRING:149:i2s_ASN1_IA5STRING +X509V3_F_I2S_ASN1_INTEGER:120:i2s_ASN1_INTEGER +X509V3_F_I2V_AUTHORITY_INFO_ACCESS:138:i2v_AUTHORITY_INFO_ACCESS +X509V3_F_LEVEL_ADD_NODE:168:level_add_node +X509V3_F_NOTICE_SECTION:132:notice_section +X509V3_F_NREF_NOS:133:nref_nos +X509V3_F_POLICY_CACHE_CREATE:169:policy_cache_create +X509V3_F_POLICY_CACHE_NEW:170:policy_cache_new +X509V3_F_POLICY_DATA_NEW:171:policy_data_new +X509V3_F_POLICY_SECTION:131:policy_section +X509V3_F_PROCESS_PCI_VALUE:150:process_pci_value +X509V3_F_R2I_CERTPOL:130:r2i_certpol +X509V3_F_R2I_PCI:155:r2i_pci +X509V3_F_S2I_ASN1_IA5STRING:100:s2i_ASN1_IA5STRING +X509V3_F_S2I_ASN1_INTEGER:108:s2i_ASN1_INTEGER +X509V3_F_S2I_ASN1_OCTET_STRING:112:s2i_ASN1_OCTET_STRING +X509V3_F_S2I_SKEY_ID:115:s2i_skey_id +X509V3_F_SET_DIST_POINT_NAME:158:set_dist_point_name +X509V3_F_SXNET_ADD_ID_ASC:125:SXNET_add_id_asc +X509V3_F_SXNET_ADD_ID_INTEGER:126:SXNET_add_id_INTEGER +X509V3_F_SXNET_ADD_ID_ULONG:127:SXNET_add_id_ulong +X509V3_F_SXNET_GET_ID_ASC:128:SXNET_get_id_asc +X509V3_F_SXNET_GET_ID_ULONG:129:SXNET_get_id_ulong +X509V3_F_TREE_INIT:172:tree_init +X509V3_F_V2I_ASIDENTIFIERS:163:v2i_ASIdentifiers +X509V3_F_V2I_ASN1_BIT_STRING:101:v2i_ASN1_BIT_STRING +X509V3_F_V2I_AUTHORITY_INFO_ACCESS:139:v2i_AUTHORITY_INFO_ACCESS +X509V3_F_V2I_AUTHORITY_KEYID:119:v2i_AUTHORITY_KEYID +X509V3_F_V2I_BASIC_CONSTRAINTS:102:v2i_BASIC_CONSTRAINTS +X509V3_F_V2I_CRLD:134:v2i_crld +X509V3_F_V2I_EXTENDED_KEY_USAGE:103:v2i_EXTENDED_KEY_USAGE +X509V3_F_V2I_GENERAL_NAMES:118:v2i_GENERAL_NAMES +X509V3_F_V2I_GENERAL_NAME_EX:117:v2i_GENERAL_NAME_ex +X509V3_F_V2I_IDP:157:v2i_idp +X509V3_F_V2I_IPADDRBLOCKS:159:v2i_IPAddrBlocks +X509V3_F_V2I_ISSUER_ALT:153:v2i_issuer_alt +X509V3_F_V2I_NAME_CONSTRAINTS:147:v2i_NAME_CONSTRAINTS +X509V3_F_V2I_POLICY_CONSTRAINTS:146:v2i_POLICY_CONSTRAINTS +X509V3_F_V2I_POLICY_MAPPINGS:145:v2i_POLICY_MAPPINGS +X509V3_F_V2I_SUBJECT_ALT:154:v2i_subject_alt +X509V3_F_V2I_TLS_FEATURE:165:v2i_TLS_FEATURE +X509V3_F_V3_GENERIC_EXTENSION:116:v3_generic_extension +X509V3_F_X509V3_ADD1_I2D:140:X509V3_add1_i2d +X509V3_F_X509V3_ADD_VALUE:105:X509V3_add_value +X509V3_F_X509V3_EXT_ADD:104:X509V3_EXT_add +X509V3_F_X509V3_EXT_ADD_ALIAS:106:X509V3_EXT_add_alias +X509V3_F_X509V3_EXT_I2D:136:X509V3_EXT_i2d +X509V3_F_X509V3_EXT_NCONF:152:X509V3_EXT_nconf +X509V3_F_X509V3_GET_SECTION:142:X509V3_get_section +X509V3_F_X509V3_GET_STRING:143:X509V3_get_string +X509V3_F_X509V3_GET_VALUE_BOOL:110:X509V3_get_value_bool +X509V3_F_X509V3_PARSE_LIST:109:X509V3_parse_list +X509V3_F_X509_PURPOSE_ADD:137:X509_PURPOSE_add +X509V3_F_X509_PURPOSE_SET:141:X509_PURPOSE_set +X509_F_ADD_CERT_DIR:100:add_cert_dir +X509_F_BUILD_CHAIN:106:build_chain +X509_F_BY_FILE_CTRL:101:by_file_ctrl +X509_F_CHECK_NAME_CONSTRAINTS:149:check_name_constraints +X509_F_CHECK_POLICY:145:check_policy +X509_F_DANE_I2D:107:dane_i2d +X509_F_DIR_CTRL:102:dir_ctrl +X509_F_GET_CERT_BY_SUBJECT:103:get_cert_by_subject +X509_F_I2D_X509_AUX:151:i2d_X509_AUX +X509_F_LOOKUP_CERTS_SK:152:lookup_certs_sk +X509_F_NETSCAPE_SPKI_B64_DECODE:129:NETSCAPE_SPKI_b64_decode +X509_F_NETSCAPE_SPKI_B64_ENCODE:130:NETSCAPE_SPKI_b64_encode +X509_F_NEW_DIR:153:new_dir +X509_F_X509AT_ADD1_ATTR:135:X509at_add1_attr +X509_F_X509V3_ADD_EXT:104:X509v3_add_ext +X509_F_X509_ATTRIBUTE_CREATE_BY_NID:136:X509_ATTRIBUTE_create_by_NID +X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ:137:X509_ATTRIBUTE_create_by_OBJ +X509_F_X509_ATTRIBUTE_CREATE_BY_TXT:140:X509_ATTRIBUTE_create_by_txt +X509_F_X509_ATTRIBUTE_GET0_DATA:139:X509_ATTRIBUTE_get0_data +X509_F_X509_ATTRIBUTE_SET1_DATA:138:X509_ATTRIBUTE_set1_data +X509_F_X509_CHECK_PRIVATE_KEY:128:X509_check_private_key +X509_F_X509_CRL_DIFF:105:X509_CRL_diff +X509_F_X509_CRL_METHOD_NEW:154:X509_CRL_METHOD_new +X509_F_X509_CRL_PRINT_FP:147:X509_CRL_print_fp +X509_F_X509_EXTENSION_CREATE_BY_NID:108:X509_EXTENSION_create_by_NID +X509_F_X509_EXTENSION_CREATE_BY_OBJ:109:X509_EXTENSION_create_by_OBJ +X509_F_X509_GET_PUBKEY_PARAMETERS:110:X509_get_pubkey_parameters +X509_F_X509_LOAD_CERT_CRL_FILE:132:X509_load_cert_crl_file +X509_F_X509_LOAD_CERT_FILE:111:X509_load_cert_file +X509_F_X509_LOAD_CRL_FILE:112:X509_load_crl_file +X509_F_X509_LOOKUP_METH_NEW:160:X509_LOOKUP_meth_new +X509_F_X509_LOOKUP_NEW:155:X509_LOOKUP_new +X509_F_X509_NAME_ADD_ENTRY:113:X509_NAME_add_entry +X509_F_X509_NAME_CANON:156:x509_name_canon +X509_F_X509_NAME_ENTRY_CREATE_BY_NID:114:X509_NAME_ENTRY_create_by_NID +X509_F_X509_NAME_ENTRY_CREATE_BY_TXT:131:X509_NAME_ENTRY_create_by_txt +X509_F_X509_NAME_ENTRY_SET_OBJECT:115:X509_NAME_ENTRY_set_object +X509_F_X509_NAME_ONELINE:116:X509_NAME_oneline +X509_F_X509_NAME_PRINT:117:X509_NAME_print +X509_F_X509_OBJECT_NEW:150:X509_OBJECT_new +X509_F_X509_PRINT_EX_FP:118:X509_print_ex_fp +X509_F_X509_PUBKEY_DECODE:148:x509_pubkey_decode +X509_F_X509_PUBKEY_GET0:119:X509_PUBKEY_get0 +X509_F_X509_PUBKEY_SET:120:X509_PUBKEY_set +X509_F_X509_REQ_CHECK_PRIVATE_KEY:144:X509_REQ_check_private_key +X509_F_X509_REQ_PRINT_EX:121:X509_REQ_print_ex +X509_F_X509_REQ_PRINT_FP:122:X509_REQ_print_fp +X509_F_X509_REQ_TO_X509:123:X509_REQ_to_X509 +X509_F_X509_STORE_ADD_CERT:124:X509_STORE_add_cert +X509_F_X509_STORE_ADD_CRL:125:X509_STORE_add_crl +X509_F_X509_STORE_ADD_LOOKUP:157:X509_STORE_add_lookup +X509_F_X509_STORE_CTX_GET1_ISSUER:146:X509_STORE_CTX_get1_issuer +X509_F_X509_STORE_CTX_INIT:143:X509_STORE_CTX_init +X509_F_X509_STORE_CTX_NEW:142:X509_STORE_CTX_new +X509_F_X509_STORE_CTX_PURPOSE_INHERIT:134:X509_STORE_CTX_purpose_inherit +X509_F_X509_STORE_NEW:158:X509_STORE_new +X509_F_X509_TO_X509_REQ:126:X509_to_X509_REQ +X509_F_X509_TRUST_ADD:133:X509_TRUST_add +X509_F_X509_TRUST_SET:141:X509_TRUST_set +X509_F_X509_VERIFY_CERT:127:X509_verify_cert +X509_F_X509_VERIFY_PARAM_NEW:159:X509_VERIFY_PARAM_new + +#Reason codes +ASN1_R_ADDING_OBJECT:171:adding object +ASN1_R_ASN1_PARSE_ERROR:203:asn1 parse error +ASN1_R_ASN1_SIG_PARSE_ERROR:204:asn1 sig parse error +ASN1_R_AUX_ERROR:100:aux error +ASN1_R_BAD_OBJECT_HEADER:102:bad object header +ASN1_R_BMPSTRING_IS_WRONG_LENGTH:214:bmpstring is wrong length +ASN1_R_BN_LIB:105:bn lib +ASN1_R_BOOLEAN_IS_WRONG_LENGTH:106:boolean is wrong length +ASN1_R_BUFFER_TOO_SMALL:107:buffer too small +ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER:108:cipher has no object identifier +ASN1_R_CONTEXT_NOT_INITIALISED:217:context not initialised +ASN1_R_DATA_IS_WRONG:109:data is wrong +ASN1_R_DECODE_ERROR:110:decode error +ASN1_R_DEPTH_EXCEEDED:174:depth exceeded +ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED:198:digest and key type not supported +ASN1_R_ENCODE_ERROR:112:encode error +ASN1_R_ERROR_GETTING_TIME:173:error getting time +ASN1_R_ERROR_LOADING_SECTION:172:error loading section +ASN1_R_ERROR_SETTING_CIPHER_PARAMS:114:error setting cipher params +ASN1_R_EXPECTING_AN_INTEGER:115:expecting an integer +ASN1_R_EXPECTING_AN_OBJECT:116:expecting an object +ASN1_R_EXPLICIT_LENGTH_MISMATCH:119:explicit length mismatch +ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED:120:explicit tag not constructed +ASN1_R_FIELD_MISSING:121:field missing +ASN1_R_FIRST_NUM_TOO_LARGE:122:first num too large +ASN1_R_HEADER_TOO_LONG:123:header too long +ASN1_R_ILLEGAL_BITSTRING_FORMAT:175:illegal bitstring format +ASN1_R_ILLEGAL_BOOLEAN:176:illegal boolean +ASN1_R_ILLEGAL_CHARACTERS:124:illegal characters +ASN1_R_ILLEGAL_FORMAT:177:illegal format +ASN1_R_ILLEGAL_HEX:178:illegal hex +ASN1_R_ILLEGAL_IMPLICIT_TAG:179:illegal implicit tag +ASN1_R_ILLEGAL_INTEGER:180:illegal integer +ASN1_R_ILLEGAL_NEGATIVE_VALUE:226:illegal negative value +ASN1_R_ILLEGAL_NESTED_TAGGING:181:illegal nested tagging +ASN1_R_ILLEGAL_NULL:125:illegal null +ASN1_R_ILLEGAL_NULL_VALUE:182:illegal null value +ASN1_R_ILLEGAL_OBJECT:183:illegal object +ASN1_R_ILLEGAL_OPTIONAL_ANY:126:illegal optional any +ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE:170:illegal options on item template +ASN1_R_ILLEGAL_PADDING:221:illegal padding +ASN1_R_ILLEGAL_TAGGED_ANY:127:illegal tagged any +ASN1_R_ILLEGAL_TIME_VALUE:184:illegal time value +ASN1_R_ILLEGAL_ZERO_CONTENT:222:illegal zero content +ASN1_R_INTEGER_NOT_ASCII_FORMAT:185:integer not ascii format +ASN1_R_INTEGER_TOO_LARGE_FOR_LONG:128:integer too large for long +ASN1_R_INVALID_BIT_STRING_BITS_LEFT:220:invalid bit string bits left +ASN1_R_INVALID_BMPSTRING_LENGTH:129:invalid bmpstring length +ASN1_R_INVALID_DIGIT:130:invalid digit +ASN1_R_INVALID_MIME_TYPE:205:invalid mime type +ASN1_R_INVALID_MODIFIER:186:invalid modifier +ASN1_R_INVALID_NUMBER:187:invalid number +ASN1_R_INVALID_OBJECT_ENCODING:216:invalid object encoding +ASN1_R_INVALID_SCRYPT_PARAMETERS:227:invalid scrypt parameters +ASN1_R_INVALID_SEPARATOR:131:invalid separator +ASN1_R_INVALID_STRING_TABLE_VALUE:218:invalid string table value +ASN1_R_INVALID_UNIVERSALSTRING_LENGTH:133:invalid universalstring length +ASN1_R_INVALID_UTF8STRING:134:invalid utf8string +ASN1_R_INVALID_VALUE:219:invalid value +ASN1_R_LIST_ERROR:188:list error +ASN1_R_MIME_NO_CONTENT_TYPE:206:mime no content type +ASN1_R_MIME_PARSE_ERROR:207:mime parse error +ASN1_R_MIME_SIG_PARSE_ERROR:208:mime sig parse error +ASN1_R_MISSING_EOC:137:missing eoc +ASN1_R_MISSING_SECOND_NUMBER:138:missing second number +ASN1_R_MISSING_VALUE:189:missing value +ASN1_R_MSTRING_NOT_UNIVERSAL:139:mstring not universal +ASN1_R_MSTRING_WRONG_TAG:140:mstring wrong tag +ASN1_R_NESTED_ASN1_STRING:197:nested asn1 string +ASN1_R_NESTED_TOO_DEEP:201:nested too deep +ASN1_R_NON_HEX_CHARACTERS:141:non hex characters +ASN1_R_NOT_ASCII_FORMAT:190:not ascii format +ASN1_R_NOT_ENOUGH_DATA:142:not enough data +ASN1_R_NO_CONTENT_TYPE:209:no content type +ASN1_R_NO_MATCHING_CHOICE_TYPE:143:no matching choice type +ASN1_R_NO_MULTIPART_BODY_FAILURE:210:no multipart body failure +ASN1_R_NO_MULTIPART_BOUNDARY:211:no multipart boundary +ASN1_R_NO_SIG_CONTENT_TYPE:212:no sig content type +ASN1_R_NULL_IS_WRONG_LENGTH:144:null is wrong length +ASN1_R_OBJECT_NOT_ASCII_FORMAT:191:object not ascii format +ASN1_R_ODD_NUMBER_OF_CHARS:145:odd number of chars +ASN1_R_SECOND_NUMBER_TOO_LARGE:147:second number too large +ASN1_R_SEQUENCE_LENGTH_MISMATCH:148:sequence length mismatch +ASN1_R_SEQUENCE_NOT_CONSTRUCTED:149:sequence not constructed +ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG:192:sequence or set needs config +ASN1_R_SHORT_LINE:150:short line +ASN1_R_SIG_INVALID_MIME_TYPE:213:sig invalid mime type +ASN1_R_STREAMING_NOT_SUPPORTED:202:streaming not supported +ASN1_R_STRING_TOO_LONG:151:string too long +ASN1_R_STRING_TOO_SHORT:152:string too short +ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD:154:\ + the asn1 object identifier is not known for this md +ASN1_R_TIME_NOT_ASCII_FORMAT:193:time not ascii format +ASN1_R_TOO_LARGE:223:too large +ASN1_R_TOO_LONG:155:too long +ASN1_R_TOO_SMALL:224:too small +ASN1_R_TYPE_NOT_CONSTRUCTED:156:type not constructed +ASN1_R_TYPE_NOT_PRIMITIVE:195:type not primitive +ASN1_R_UNEXPECTED_EOC:159:unexpected eoc +ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH:215:universalstring is wrong length +ASN1_R_UNKNOWN_FORMAT:160:unknown format +ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM:161:unknown message digest algorithm +ASN1_R_UNKNOWN_OBJECT_TYPE:162:unknown object type +ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE:163:unknown public key type +ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM:199:unknown signature algorithm +ASN1_R_UNKNOWN_TAG:194:unknown tag +ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE:164:unsupported any defined by type +ASN1_R_UNSUPPORTED_CIPHER:228:unsupported cipher +ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE:167:unsupported public key type +ASN1_R_UNSUPPORTED_TYPE:196:unsupported type +ASN1_R_WRONG_INTEGER_TYPE:225:wrong integer type +ASN1_R_WRONG_PUBLIC_KEY_TYPE:200:wrong public key type +ASN1_R_WRONG_TAG:168:wrong tag +ASYNC_R_FAILED_TO_SET_POOL:101:failed to set pool +ASYNC_R_FAILED_TO_SWAP_CONTEXT:102:failed to swap context +ASYNC_R_INIT_FAILED:105:init failed +ASYNC_R_INVALID_POOL_SIZE:103:invalid pool size +BIO_R_ACCEPT_ERROR:100:accept error +BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET:141:addrinfo addr is not af inet +BIO_R_AMBIGUOUS_HOST_OR_SERVICE:129:ambiguous host or service +BIO_R_BAD_FOPEN_MODE:101:bad fopen mode +BIO_R_BROKEN_PIPE:124:broken pipe +BIO_R_CONNECT_ERROR:103:connect error +BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET:107:gethostbyname addr is not af inet +BIO_R_GETSOCKNAME_ERROR:132:getsockname error +BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS:133:getsockname truncated address +BIO_R_GETTING_SOCKTYPE:134:getting socktype +BIO_R_INVALID_ARGUMENT:125:invalid argument +BIO_R_INVALID_SOCKET:135:invalid socket +BIO_R_IN_USE:123:in use +BIO_R_LENGTH_TOO_LONG:102:length too long +BIO_R_LISTEN_V6_ONLY:136:listen v6 only +BIO_R_LOOKUP_RETURNED_NOTHING:142:lookup returned nothing +BIO_R_MALFORMED_HOST_OR_SERVICE:130:malformed host or service +BIO_R_NBIO_CONNECT_ERROR:110:nbio connect error +BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED:143:\ + no accept addr or service specified +BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED:144:no hostname or service specified +BIO_R_NO_PORT_DEFINED:113:no port defined +BIO_R_NO_SUCH_FILE:128:no such file +BIO_R_NULL_PARAMETER:115:null parameter +BIO_R_UNABLE_TO_BIND_SOCKET:117:unable to bind socket +BIO_R_UNABLE_TO_CREATE_SOCKET:118:unable to create socket +BIO_R_UNABLE_TO_KEEPALIVE:137:unable to keepalive +BIO_R_UNABLE_TO_LISTEN_SOCKET:119:unable to listen socket +BIO_R_UNABLE_TO_NODELAY:138:unable to nodelay +BIO_R_UNABLE_TO_REUSEADDR:139:unable to reuseaddr +BIO_R_UNAVAILABLE_IP_FAMILY:145:unavailable ip family +BIO_R_UNINITIALIZED:120:uninitialized +BIO_R_UNKNOWN_INFO_TYPE:140:unknown info type +BIO_R_UNSUPPORTED_IP_FAMILY:146:unsupported ip family +BIO_R_UNSUPPORTED_METHOD:121:unsupported method +BIO_R_UNSUPPORTED_PROTOCOL_FAMILY:131:unsupported protocol family +BIO_R_WRITE_TO_READ_ONLY_BIO:126:write to read only BIO +BIO_R_WSASTARTUP:122:WSAStartup +BN_R_ARG2_LT_ARG3:100:arg2 lt arg3 +BN_R_BAD_RECIPROCAL:101:bad reciprocal +BN_R_BIGNUM_TOO_LONG:114:bignum too long +BN_R_BITS_TOO_SMALL:118:bits too small +BN_R_CALLED_WITH_EVEN_MODULUS:102:called with even modulus +BN_R_DIV_BY_ZERO:103:div by zero +BN_R_ENCODING_ERROR:104:encoding error +BN_R_EXPAND_ON_STATIC_BIGNUM_DATA:105:expand on static bignum data +BN_R_INPUT_NOT_REDUCED:110:input not reduced +BN_R_INVALID_LENGTH:106:invalid length +BN_R_INVALID_RANGE:115:invalid range +BN_R_INVALID_SHIFT:119:invalid shift +BN_R_NOT_A_SQUARE:111:not a square +BN_R_NOT_INITIALIZED:107:not initialized +BN_R_NO_INVERSE:108:no inverse +BN_R_NO_SOLUTION:116:no solution +BN_R_PRIVATE_KEY_TOO_LARGE:117:private key too large +BN_R_P_IS_NOT_PRIME:112:p is not prime +BN_R_TOO_MANY_ITERATIONS:113:too many iterations +BN_R_TOO_MANY_TEMPORARY_VARIABLES:109:too many temporary variables +CMS_R_ADD_SIGNER_ERROR:99:add signer error +CMS_R_CERTIFICATE_ALREADY_PRESENT:175:certificate already present +CMS_R_CERTIFICATE_HAS_NO_KEYID:160:certificate has no keyid +CMS_R_CERTIFICATE_VERIFY_ERROR:100:certificate verify error +CMS_R_CIPHER_INITIALISATION_ERROR:101:cipher initialisation error +CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR:102:\ + cipher parameter initialisation error +CMS_R_CMS_DATAFINAL_ERROR:103:cms datafinal error +CMS_R_CMS_LIB:104:cms lib +CMS_R_CONTENTIDENTIFIER_MISMATCH:170:contentidentifier mismatch +CMS_R_CONTENT_NOT_FOUND:105:content not found +CMS_R_CONTENT_TYPE_MISMATCH:171:content type mismatch +CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA:106:content type not compressed data +CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA:107:content type not enveloped data +CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA:108:content type not signed data +CMS_R_CONTENT_VERIFY_ERROR:109:content verify error +CMS_R_CTRL_ERROR:110:ctrl error +CMS_R_CTRL_FAILURE:111:ctrl failure +CMS_R_DECRYPT_ERROR:112:decrypt error +CMS_R_ERROR_GETTING_PUBLIC_KEY:113:error getting public key +CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE:114:\ + error reading messagedigest attribute +CMS_R_ERROR_SETTING_KEY:115:error setting key +CMS_R_ERROR_SETTING_RECIPIENTINFO:116:error setting recipientinfo +CMS_R_INVALID_ENCRYPTED_KEY_LENGTH:117:invalid encrypted key length +CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER:176:invalid key encryption parameter +CMS_R_INVALID_KEY_LENGTH:118:invalid key length +CMS_R_MD_BIO_INIT_ERROR:119:md bio init error +CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH:120:\ + messagedigest attribute wrong length +CMS_R_MESSAGEDIGEST_WRONG_LENGTH:121:messagedigest wrong length +CMS_R_MSGSIGDIGEST_ERROR:172:msgsigdigest error +CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE:162:msgsigdigest verification failure +CMS_R_MSGSIGDIGEST_WRONG_LENGTH:163:msgsigdigest wrong length +CMS_R_NEED_ONE_SIGNER:164:need one signer +CMS_R_NOT_A_SIGNED_RECEIPT:165:not a signed receipt +CMS_R_NOT_ENCRYPTED_DATA:122:not encrypted data +CMS_R_NOT_KEK:123:not kek +CMS_R_NOT_KEY_AGREEMENT:181:not key agreement +CMS_R_NOT_KEY_TRANSPORT:124:not key transport +CMS_R_NOT_PWRI:177:not pwri +CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE:125:not supported for this key type +CMS_R_NO_CIPHER:126:no cipher +CMS_R_NO_CONTENT:127:no content +CMS_R_NO_CONTENT_TYPE:173:no content type +CMS_R_NO_DEFAULT_DIGEST:128:no default digest +CMS_R_NO_DIGEST_SET:129:no digest set +CMS_R_NO_KEY:130:no key +CMS_R_NO_KEY_OR_CERT:174:no key or cert +CMS_R_NO_MATCHING_DIGEST:131:no matching digest +CMS_R_NO_MATCHING_RECIPIENT:132:no matching recipient +CMS_R_NO_MATCHING_SIGNATURE:166:no matching signature +CMS_R_NO_MSGSIGDIGEST:167:no msgsigdigest +CMS_R_NO_PASSWORD:178:no password +CMS_R_NO_PRIVATE_KEY:133:no private key +CMS_R_NO_PUBLIC_KEY:134:no public key +CMS_R_NO_RECEIPT_REQUEST:168:no receipt request +CMS_R_NO_SIGNERS:135:no signers +CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE:136:\ + private key does not match certificate +CMS_R_RECEIPT_DECODE_ERROR:169:receipt decode error +CMS_R_RECIPIENT_ERROR:137:recipient error +CMS_R_SIGNER_CERTIFICATE_NOT_FOUND:138:signer certificate not found +CMS_R_SIGNFINAL_ERROR:139:signfinal error +CMS_R_SMIME_TEXT_ERROR:140:smime text error +CMS_R_STORE_INIT_ERROR:141:store init error +CMS_R_TYPE_NOT_COMPRESSED_DATA:142:type not compressed data +CMS_R_TYPE_NOT_DATA:143:type not data +CMS_R_TYPE_NOT_DIGESTED_DATA:144:type not digested data +CMS_R_TYPE_NOT_ENCRYPTED_DATA:145:type not encrypted data +CMS_R_TYPE_NOT_ENVELOPED_DATA:146:type not enveloped data +CMS_R_UNABLE_TO_FINALIZE_CONTEXT:147:unable to finalize context +CMS_R_UNKNOWN_CIPHER:148:unknown cipher +CMS_R_UNKNOWN_DIGEST_ALGORITHM:149:unknown digest algorithm +CMS_R_UNKNOWN_ID:150:unknown id +CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM:151:unsupported compression algorithm +CMS_R_UNSUPPORTED_CONTENT_TYPE:152:unsupported content type +CMS_R_UNSUPPORTED_KEK_ALGORITHM:153:unsupported kek algorithm +CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM:179:\ + unsupported key encryption algorithm +CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE:155:unsupported recipientinfo type +CMS_R_UNSUPPORTED_RECIPIENT_TYPE:154:unsupported recipient type +CMS_R_UNSUPPORTED_TYPE:156:unsupported type +CMS_R_UNWRAP_ERROR:157:unwrap error +CMS_R_UNWRAP_FAILURE:180:unwrap failure +CMS_R_VERIFICATION_FAILURE:158:verification failure +CMS_R_WRAP_ERROR:159:wrap error +COMP_R_ZLIB_DEFLATE_ERROR:99:zlib deflate error +COMP_R_ZLIB_INFLATE_ERROR:100:zlib inflate error +COMP_R_ZLIB_NOT_SUPPORTED:101:zlib not supported +CONF_R_ERROR_LOADING_DSO:110:error loading dso +CONF_R_LIST_CANNOT_BE_NULL:115:list cannot be null +CONF_R_MISSING_CLOSE_SQUARE_BRACKET:100:missing close square bracket +CONF_R_MISSING_EQUAL_SIGN:101:missing equal sign +CONF_R_MISSING_INIT_FUNCTION:112:missing init function +CONF_R_MODULE_INITIALIZATION_ERROR:109:module initialization error +CONF_R_NO_CLOSE_BRACE:102:no close brace +CONF_R_NO_CONF:105:no conf +CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE:106:no conf or environment variable +CONF_R_NO_SECTION:107:no section +CONF_R_NO_SUCH_FILE:114:no such file +CONF_R_NO_VALUE:108:no value +CONF_R_NUMBER_TOO_LARGE:121:number too large +CONF_R_RECURSIVE_DIRECTORY_INCLUDE:111:recursive directory include +CONF_R_SSL_COMMAND_SECTION_EMPTY:117:ssl command section empty +CONF_R_SSL_COMMAND_SECTION_NOT_FOUND:118:ssl command section not found +CONF_R_SSL_SECTION_EMPTY:119:ssl section empty +CONF_R_SSL_SECTION_NOT_FOUND:120:ssl section not found +CONF_R_UNABLE_TO_CREATE_NEW_SECTION:103:unable to create new section +CONF_R_UNKNOWN_MODULE_NAME:113:unknown module name +CONF_R_VARIABLE_EXPANSION_TOO_LONG:116:variable expansion too long +CONF_R_VARIABLE_HAS_NO_VALUE:104:variable has no value +CRYPTO_R_FIPS_MODE_NOT_SUPPORTED:101:fips mode not supported +CRYPTO_R_ILLEGAL_HEX_DIGIT:102:illegal hex digit +CRYPTO_R_ODD_NUMBER_OF_DIGITS:103:odd number of digits +CT_R_BASE64_DECODE_ERROR:108:base64 decode error +CT_R_INVALID_LOG_ID_LENGTH:100:invalid log id length +CT_R_LOG_CONF_INVALID:109:log conf invalid +CT_R_LOG_CONF_INVALID_KEY:110:log conf invalid key +CT_R_LOG_CONF_MISSING_DESCRIPTION:111:log conf missing description +CT_R_LOG_CONF_MISSING_KEY:112:log conf missing key +CT_R_LOG_KEY_INVALID:113:log key invalid +CT_R_SCT_FUTURE_TIMESTAMP:116:sct future timestamp +CT_R_SCT_INVALID:104:sct invalid +CT_R_SCT_INVALID_SIGNATURE:107:sct invalid signature +CT_R_SCT_LIST_INVALID:105:sct list invalid +CT_R_SCT_LOG_ID_MISMATCH:114:sct log id mismatch +CT_R_SCT_NOT_SET:106:sct not set +CT_R_SCT_UNSUPPORTED_VERSION:115:sct unsupported version +CT_R_UNRECOGNIZED_SIGNATURE_NID:101:unrecognized signature nid +CT_R_UNSUPPORTED_ENTRY_TYPE:102:unsupported entry type +CT_R_UNSUPPORTED_VERSION:103:unsupported version +DH_R_BAD_GENERATOR:101:bad generator +DH_R_BN_DECODE_ERROR:109:bn decode error +DH_R_BN_ERROR:106:bn error +DH_R_CHECK_INVALID_J_VALUE:115:check invalid j value +DH_R_CHECK_INVALID_Q_VALUE:116:check invalid q value +DH_R_CHECK_PUBKEY_INVALID:122:check pubkey invalid +DH_R_CHECK_PUBKEY_TOO_LARGE:123:check pubkey too large +DH_R_CHECK_PUBKEY_TOO_SMALL:124:check pubkey too small +DH_R_CHECK_P_NOT_PRIME:117:check p not prime +DH_R_CHECK_P_NOT_SAFE_PRIME:118:check p not safe prime +DH_R_CHECK_Q_NOT_PRIME:119:check q not prime +DH_R_DECODE_ERROR:104:decode error +DH_R_INVALID_PARAMETER_NAME:110:invalid parameter name +DH_R_INVALID_PARAMETER_NID:114:invalid parameter nid +DH_R_INVALID_PUBKEY:102:invalid public key +DH_R_KDF_PARAMETER_ERROR:112:kdf parameter error +DH_R_KEYS_NOT_SET:108:keys not set +DH_R_MISSING_PUBKEY:125:missing pubkey +DH_R_MODULUS_TOO_LARGE:103:modulus too large +DH_R_NOT_SUITABLE_GENERATOR:120:not suitable generator +DH_R_NO_PARAMETERS_SET:107:no parameters set +DH_R_NO_PRIVATE_VALUE:100:no private value +DH_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error +DH_R_PEER_KEY_ERROR:111:peer key error +DH_R_SHARED_INFO_ERROR:113:shared info error +DH_R_UNABLE_TO_CHECK_GENERATOR:121:unable to check generator +DSA_R_BAD_Q_VALUE:102:bad q value +DSA_R_BN_DECODE_ERROR:108:bn decode error +DSA_R_BN_ERROR:109:bn error +DSA_R_DECODE_ERROR:104:decode error +DSA_R_INVALID_DIGEST_TYPE:106:invalid digest type +DSA_R_INVALID_PARAMETERS:112:invalid parameters +DSA_R_MISSING_PARAMETERS:101:missing parameters +DSA_R_MODULUS_TOO_LARGE:103:modulus too large +DSA_R_NO_PARAMETERS_SET:107:no parameters set +DSA_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error +DSA_R_Q_NOT_PRIME:113:q not prime +DSA_R_SEED_LEN_SMALL:110:seed_len is less than the length of q +DSO_R_CTRL_FAILED:100:control command failed +DSO_R_DSO_ALREADY_LOADED:110:dso already loaded +DSO_R_EMPTY_FILE_STRUCTURE:113:empty file structure +DSO_R_FAILURE:114:failure +DSO_R_FILENAME_TOO_BIG:101:filename too big +DSO_R_FINISH_FAILED:102:cleanup method function failed +DSO_R_INCORRECT_FILE_SYNTAX:115:incorrect file syntax +DSO_R_LOAD_FAILED:103:could not load the shared library +DSO_R_NAME_TRANSLATION_FAILED:109:name translation failed +DSO_R_NO_FILENAME:111:no filename +DSO_R_NULL_HANDLE:104:a null shared library handle was used +DSO_R_SET_FILENAME_FAILED:112:set filename failed +DSO_R_STACK_ERROR:105:the meth_data stack is corrupt +DSO_R_SYM_FAILURE:106:could not bind to the requested symbol name +DSO_R_UNLOAD_FAILED:107:could not unload the shared library +DSO_R_UNSUPPORTED:108:functionality not supported +EC_R_ASN1_ERROR:115:asn1 error +EC_R_BAD_SIGNATURE:156:bad signature +EC_R_BIGNUM_OUT_OF_RANGE:144:bignum out of range +EC_R_BUFFER_TOO_SMALL:100:buffer too small +EC_R_COORDINATES_OUT_OF_RANGE:146:coordinates out of range +EC_R_CURVE_DOES_NOT_SUPPORT_ECDH:160:curve does not support ecdh +EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING:159:curve does not support signing +EC_R_D2I_ECPKPARAMETERS_FAILURE:117:d2i ecpkparameters failure +EC_R_DECODE_ERROR:142:decode error +EC_R_DISCRIMINANT_IS_ZERO:118:discriminant is zero +EC_R_EC_GROUP_NEW_BY_NAME_FAILURE:119:ec group new by name failure +EC_R_FIELD_TOO_LARGE:143:field too large +EC_R_GF2M_NOT_SUPPORTED:147:gf2m not supported +EC_R_GROUP2PKPARAMETERS_FAILURE:120:group2pkparameters failure +EC_R_I2D_ECPKPARAMETERS_FAILURE:121:i2d ecpkparameters failure +EC_R_INCOMPATIBLE_OBJECTS:101:incompatible objects +EC_R_INVALID_ARGUMENT:112:invalid argument +EC_R_INVALID_COMPRESSED_POINT:110:invalid compressed point +EC_R_INVALID_COMPRESSION_BIT:109:invalid compression bit +EC_R_INVALID_CURVE:141:invalid curve +EC_R_INVALID_DIGEST:151:invalid digest +EC_R_INVALID_DIGEST_TYPE:138:invalid digest type +EC_R_INVALID_ENCODING:102:invalid encoding +EC_R_INVALID_FIELD:103:invalid field +EC_R_INVALID_FORM:104:invalid form +EC_R_INVALID_GROUP_ORDER:122:invalid group order +EC_R_INVALID_KEY:116:invalid key +EC_R_INVALID_OUTPUT_LENGTH:161:invalid output length +EC_R_INVALID_PEER_KEY:133:invalid peer key +EC_R_INVALID_PENTANOMIAL_BASIS:132:invalid pentanomial basis +EC_R_INVALID_PRIVATE_KEY:123:invalid private key +EC_R_INVALID_TRINOMIAL_BASIS:137:invalid trinomial basis +EC_R_KDF_PARAMETER_ERROR:148:kdf parameter error +EC_R_KEYS_NOT_SET:140:keys not set +EC_R_LADDER_POST_FAILURE:136:ladder post failure +EC_R_LADDER_PRE_FAILURE:153:ladder pre failure +EC_R_LADDER_STEP_FAILURE:162:ladder step failure +EC_R_MISSING_PARAMETERS:124:missing parameters +EC_R_MISSING_PRIVATE_KEY:125:missing private key +EC_R_NEED_NEW_SETUP_VALUES:157:need new setup values +EC_R_NOT_A_NIST_PRIME:135:not a NIST prime +EC_R_NOT_IMPLEMENTED:126:not implemented +EC_R_NOT_INITIALIZED:111:not initialized +EC_R_NO_PARAMETERS_SET:139:no parameters set +EC_R_NO_PRIVATE_VALUE:154:no private value +EC_R_OPERATION_NOT_SUPPORTED:152:operation not supported +EC_R_PASSED_NULL_PARAMETER:134:passed null parameter +EC_R_PEER_KEY_ERROR:149:peer key error +EC_R_PKPARAMETERS2GROUP_FAILURE:127:pkparameters2group failure +EC_R_POINT_ARITHMETIC_FAILURE:155:point arithmetic failure +EC_R_POINT_AT_INFINITY:106:point at infinity +EC_R_POINT_COORDINATES_BLIND_FAILURE:163:point coordinates blind failure +EC_R_POINT_IS_NOT_ON_CURVE:107:point is not on curve +EC_R_RANDOM_NUMBER_GENERATION_FAILED:158:random number generation failed +EC_R_SHARED_INFO_ERROR:150:shared info error +EC_R_SLOT_FULL:108:slot full +EC_R_UNDEFINED_GENERATOR:113:undefined generator +EC_R_UNDEFINED_ORDER:128:undefined order +EC_R_UNKNOWN_COFACTOR:164:unknown cofactor +EC_R_UNKNOWN_GROUP:129:unknown group +EC_R_UNKNOWN_ORDER:114:unknown order +EC_R_UNSUPPORTED_FIELD:131:unsupported field +EC_R_WRONG_CURVE_PARAMETERS:145:wrong curve parameters +EC_R_WRONG_ORDER:130:wrong order +ENGINE_R_ALREADY_LOADED:100:already loaded +ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER:133:argument is not a number +ENGINE_R_CMD_NOT_EXECUTABLE:134:cmd not executable +ENGINE_R_COMMAND_TAKES_INPUT:135:command takes input +ENGINE_R_COMMAND_TAKES_NO_INPUT:136:command takes no input +ENGINE_R_CONFLICTING_ENGINE_ID:103:conflicting engine id +ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED:119:ctrl command not implemented +ENGINE_R_DSO_FAILURE:104:DSO failure +ENGINE_R_DSO_NOT_FOUND:132:dso not found +ENGINE_R_ENGINES_SECTION_ERROR:148:engines section error +ENGINE_R_ENGINE_CONFIGURATION_ERROR:102:engine configuration error +ENGINE_R_ENGINE_IS_NOT_IN_LIST:105:engine is not in the list +ENGINE_R_ENGINE_SECTION_ERROR:149:engine section error +ENGINE_R_FAILED_LOADING_PRIVATE_KEY:128:failed loading private key +ENGINE_R_FAILED_LOADING_PUBLIC_KEY:129:failed loading public key +ENGINE_R_FINISH_FAILED:106:finish failed +ENGINE_R_ID_OR_NAME_MISSING:108:'id' or 'name' missing +ENGINE_R_INIT_FAILED:109:init failed +ENGINE_R_INTERNAL_LIST_ERROR:110:internal list error +ENGINE_R_INVALID_ARGUMENT:143:invalid argument +ENGINE_R_INVALID_CMD_NAME:137:invalid cmd name +ENGINE_R_INVALID_CMD_NUMBER:138:invalid cmd number +ENGINE_R_INVALID_INIT_VALUE:151:invalid init value +ENGINE_R_INVALID_STRING:150:invalid string +ENGINE_R_NOT_INITIALISED:117:not initialised +ENGINE_R_NOT_LOADED:112:not loaded +ENGINE_R_NO_CONTROL_FUNCTION:120:no control function +ENGINE_R_NO_INDEX:144:no index +ENGINE_R_NO_LOAD_FUNCTION:125:no load function +ENGINE_R_NO_REFERENCE:130:no reference +ENGINE_R_NO_SUCH_ENGINE:116:no such engine +ENGINE_R_UNIMPLEMENTED_CIPHER:146:unimplemented cipher +ENGINE_R_UNIMPLEMENTED_DIGEST:147:unimplemented digest +ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD:101:unimplemented public key method +ENGINE_R_VERSION_INCOMPATIBILITY:145:version incompatibility +EVP_R_AES_KEY_SETUP_FAILED:143:aes key setup failed +EVP_R_ARIA_KEY_SETUP_FAILED:176:aria key setup failed +EVP_R_BAD_DECRYPT:100:bad decrypt +EVP_R_BUFFER_TOO_SMALL:155:buffer too small +EVP_R_CAMELLIA_KEY_SETUP_FAILED:157:camellia key setup failed +EVP_R_CIPHER_PARAMETER_ERROR:122:cipher parameter error +EVP_R_COMMAND_NOT_SUPPORTED:147:command not supported +EVP_R_COPY_ERROR:173:copy error +EVP_R_CTRL_NOT_IMPLEMENTED:132:ctrl not implemented +EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED:133:ctrl operation not implemented +EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH:138:data not multiple of block length +EVP_R_DECODE_ERROR:114:decode error +EVP_R_DIFFERENT_KEY_TYPES:101:different key types +EVP_R_DIFFERENT_PARAMETERS:153:different parameters +EVP_R_ERROR_LOADING_SECTION:165:error loading section +EVP_R_ERROR_SETTING_FIPS_MODE:166:error setting fips mode +EVP_R_EXPECTING_AN_HMAC_KEY:174:expecting an hmac key +EVP_R_EXPECTING_AN_RSA_KEY:127:expecting an rsa key +EVP_R_EXPECTING_A_DH_KEY:128:expecting a dh key +EVP_R_EXPECTING_A_DSA_KEY:129:expecting a dsa key +EVP_R_EXPECTING_A_EC_KEY:142:expecting a ec key +EVP_R_EXPECTING_A_POLY1305_KEY:164:expecting a poly1305 key +EVP_R_EXPECTING_A_SIPHASH_KEY:175:expecting a siphash key +EVP_R_FIPS_MODE_NOT_SUPPORTED:167:fips mode not supported +EVP_R_GET_RAW_KEY_FAILED:182:get raw key failed +EVP_R_ILLEGAL_SCRYPT_PARAMETERS:171:illegal scrypt parameters +EVP_R_INITIALIZATION_ERROR:134:initialization error +EVP_R_INPUT_NOT_INITIALIZED:111:input not initialized +EVP_R_INVALID_DIGEST:152:invalid digest +EVP_R_INVALID_FIPS_MODE:168:invalid fips mode +EVP_R_INVALID_KEY:163:invalid key +EVP_R_INVALID_KEY_LENGTH:130:invalid key length +EVP_R_INVALID_OPERATION:148:invalid operation +EVP_R_KEYGEN_FAILURE:120:keygen failure +EVP_R_KEY_SETUP_FAILED:180:key setup failed +EVP_R_MEMORY_LIMIT_EXCEEDED:172:memory limit exceeded +EVP_R_MESSAGE_DIGEST_IS_NULL:159:message digest is null +EVP_R_METHOD_NOT_SUPPORTED:144:method not supported +EVP_R_MISSING_PARAMETERS:103:missing parameters +EVP_R_NOT_XOF_OR_INVALID_LENGTH:178:not XOF or invalid length +EVP_R_NO_CIPHER_SET:131:no cipher set +EVP_R_NO_DEFAULT_DIGEST:158:no default digest +EVP_R_NO_DIGEST_SET:139:no digest set +EVP_R_NO_KEY_SET:154:no key set +EVP_R_NO_OPERATION_SET:149:no operation set +EVP_R_ONLY_ONESHOT_SUPPORTED:177:only oneshot supported +EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:150:\ + operation not supported for this keytype +EVP_R_OPERATON_NOT_INITIALIZED:151:operaton not initialized +EVP_R_PARTIALLY_OVERLAPPING:162:partially overlapping buffers +EVP_R_PBKDF2_ERROR:181:pbkdf2 error +EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\ + pkey application asn1 method already registered +EVP_R_PRIVATE_KEY_DECODE_ERROR:145:private key decode error +EVP_R_PRIVATE_KEY_ENCODE_ERROR:146:private key encode error +EVP_R_PUBLIC_KEY_NOT_RSA:106:public key not rsa +EVP_R_UNKNOWN_CIPHER:160:unknown cipher +EVP_R_UNKNOWN_DIGEST:161:unknown digest +EVP_R_UNKNOWN_OPTION:169:unknown option +EVP_R_UNKNOWN_PBE_ALGORITHM:121:unknown pbe algorithm +EVP_R_UNSUPPORTED_ALGORITHM:156:unsupported algorithm +EVP_R_UNSUPPORTED_CIPHER:107:unsupported cipher +EVP_R_UNSUPPORTED_KEYLENGTH:123:unsupported keylength +EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION:124:\ + unsupported key derivation function +EVP_R_UNSUPPORTED_KEY_SIZE:108:unsupported key size +EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS:135:unsupported number of rounds +EVP_R_UNSUPPORTED_PRF:125:unsupported prf +EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM:118:unsupported private key algorithm +EVP_R_UNSUPPORTED_SALT_TYPE:126:unsupported salt type +EVP_R_WRAP_MODE_NOT_ALLOWED:170:wrap mode not allowed +EVP_R_WRONG_FINAL_BLOCK_LENGTH:109:wrong final block length +KDF_R_INVALID_DIGEST:100:invalid digest +KDF_R_MISSING_ITERATION_COUNT:109:missing iteration count +KDF_R_MISSING_KEY:104:missing key +KDF_R_MISSING_MESSAGE_DIGEST:105:missing message digest +KDF_R_MISSING_PARAMETER:101:missing parameter +KDF_R_MISSING_PASS:110:missing pass +KDF_R_MISSING_SALT:111:missing salt +KDF_R_MISSING_SECRET:107:missing secret +KDF_R_MISSING_SEED:106:missing seed +KDF_R_UNKNOWN_PARAMETER_TYPE:103:unknown parameter type +KDF_R_VALUE_ERROR:108:value error +KDF_R_VALUE_MISSING:102:value missing +OBJ_R_OID_EXISTS:102:oid exists +OBJ_R_UNKNOWN_NID:101:unknown nid +OCSP_R_CERTIFICATE_VERIFY_ERROR:101:certificate verify error +OCSP_R_DIGEST_ERR:102:digest err +OCSP_R_ERROR_IN_NEXTUPDATE_FIELD:122:error in nextupdate field +OCSP_R_ERROR_IN_THISUPDATE_FIELD:123:error in thisupdate field +OCSP_R_ERROR_PARSING_URL:121:error parsing url +OCSP_R_MISSING_OCSPSIGNING_USAGE:103:missing ocspsigning usage +OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE:124:nextupdate before thisupdate +OCSP_R_NOT_BASIC_RESPONSE:104:not basic response +OCSP_R_NO_CERTIFICATES_IN_CHAIN:105:no certificates in chain +OCSP_R_NO_RESPONSE_DATA:108:no response data +OCSP_R_NO_REVOKED_TIME:109:no revoked time +OCSP_R_NO_SIGNER_KEY:130:no signer key +OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE:110:\ + private key does not match certificate +OCSP_R_REQUEST_NOT_SIGNED:128:request not signed +OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA:111:\ + response contains no revocation data +OCSP_R_ROOT_CA_NOT_TRUSTED:112:root ca not trusted +OCSP_R_SERVER_RESPONSE_ERROR:114:server response error +OCSP_R_SERVER_RESPONSE_PARSE_ERROR:115:server response parse error +OCSP_R_SIGNATURE_FAILURE:117:signature failure +OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND:118:signer certificate not found +OCSP_R_STATUS_EXPIRED:125:status expired +OCSP_R_STATUS_NOT_YET_VALID:126:status not yet valid +OCSP_R_STATUS_TOO_OLD:127:status too old +OCSP_R_UNKNOWN_MESSAGE_DIGEST:119:unknown message digest +OCSP_R_UNKNOWN_NID:120:unknown nid +OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE:129:unsupported requestorname type +OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE:107:ambiguous content type +OSSL_STORE_R_BAD_PASSWORD_READ:115:bad password read +OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC:113:error verifying pkcs12 mac +OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST:121:\ + fingerprint size does not match digest +OSSL_STORE_R_INVALID_SCHEME:106:invalid scheme +OSSL_STORE_R_IS_NOT_A:112:is not a +OSSL_STORE_R_LOADER_INCOMPLETE:116:loader incomplete +OSSL_STORE_R_LOADING_STARTED:117:loading started +OSSL_STORE_R_NOT_A_CERTIFICATE:100:not a certificate +OSSL_STORE_R_NOT_A_CRL:101:not a crl +OSSL_STORE_R_NOT_A_KEY:102:not a key +OSSL_STORE_R_NOT_A_NAME:103:not a name +OSSL_STORE_R_NOT_PARAMETERS:104:not parameters +OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR:114:passphrase callback error +OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE:108:path must be absolute +OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES:119:\ + search only supported for directories +OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED:109:\ + ui process interrupted or cancelled +OSSL_STORE_R_UNREGISTERED_SCHEME:105:unregistered scheme +OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE:110:unsupported content type +OSSL_STORE_R_UNSUPPORTED_OPERATION:118:unsupported operation +OSSL_STORE_R_UNSUPPORTED_SEARCH_TYPE:120:unsupported search type +OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED:111:uri authority unsupported +PEM_R_BAD_BASE64_DECODE:100:bad base64 decode +PEM_R_BAD_DECRYPT:101:bad decrypt +PEM_R_BAD_END_LINE:102:bad end line +PEM_R_BAD_IV_CHARS:103:bad iv chars +PEM_R_BAD_MAGIC_NUMBER:116:bad magic number +PEM_R_BAD_PASSWORD_READ:104:bad password read +PEM_R_BAD_VERSION_NUMBER:117:bad version number +PEM_R_BIO_WRITE_FAILURE:118:bio write failure +PEM_R_CIPHER_IS_NULL:127:cipher is null +PEM_R_ERROR_CONVERTING_PRIVATE_KEY:115:error converting private key +PEM_R_EXPECTING_PRIVATE_KEY_BLOB:119:expecting private key blob +PEM_R_EXPECTING_PUBLIC_KEY_BLOB:120:expecting public key blob +PEM_R_HEADER_TOO_LONG:128:header too long +PEM_R_INCONSISTENT_HEADER:121:inconsistent header +PEM_R_KEYBLOB_HEADER_PARSE_ERROR:122:keyblob header parse error +PEM_R_KEYBLOB_TOO_SHORT:123:keyblob too short +PEM_R_MISSING_DEK_IV:129:missing dek iv +PEM_R_NOT_DEK_INFO:105:not dek info +PEM_R_NOT_ENCRYPTED:106:not encrypted +PEM_R_NOT_PROC_TYPE:107:not proc type +PEM_R_NO_START_LINE:108:no start line +PEM_R_PROBLEMS_GETTING_PASSWORD:109:problems getting password +PEM_R_PVK_DATA_TOO_SHORT:124:pvk data too short +PEM_R_PVK_TOO_SHORT:125:pvk too short +PEM_R_READ_KEY:111:read key +PEM_R_SHORT_HEADER:112:short header +PEM_R_UNEXPECTED_DEK_IV:130:unexpected dek iv +PEM_R_UNSUPPORTED_CIPHER:113:unsupported cipher +PEM_R_UNSUPPORTED_ENCRYPTION:114:unsupported encryption +PEM_R_UNSUPPORTED_KEY_COMPONENTS:126:unsupported key components +PKCS12_R_CANT_PACK_STRUCTURE:100:cant pack structure +PKCS12_R_CONTENT_TYPE_NOT_DATA:121:content type not data +PKCS12_R_DECODE_ERROR:101:decode error +PKCS12_R_ENCODE_ERROR:102:encode error +PKCS12_R_ENCRYPT_ERROR:103:encrypt error +PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE:120:error setting encrypted data type +PKCS12_R_INVALID_NULL_ARGUMENT:104:invalid null argument +PKCS12_R_INVALID_NULL_PKCS12_POINTER:105:invalid null pkcs12 pointer +PKCS12_R_IV_GEN_ERROR:106:iv gen error +PKCS12_R_KEY_GEN_ERROR:107:key gen error +PKCS12_R_MAC_ABSENT:108:mac absent +PKCS12_R_MAC_GENERATION_ERROR:109:mac generation error +PKCS12_R_MAC_SETUP_ERROR:110:mac setup error +PKCS12_R_MAC_STRING_SET_ERROR:111:mac string set error +PKCS12_R_MAC_VERIFY_FAILURE:113:mac verify failure +PKCS12_R_PARSE_ERROR:114:parse error +PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR:115:pkcs12 algor cipherinit error +PKCS12_R_PKCS12_CIPHERFINAL_ERROR:116:pkcs12 cipherfinal error +PKCS12_R_PKCS12_PBE_CRYPT_ERROR:117:pkcs12 pbe crypt error +PKCS12_R_UNKNOWN_DIGEST_ALGORITHM:118:unknown digest algorithm +PKCS12_R_UNSUPPORTED_PKCS12_MODE:119:unsupported pkcs12 mode +PKCS7_R_CERTIFICATE_VERIFY_ERROR:117:certificate verify error +PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER:144:cipher has no object identifier +PKCS7_R_CIPHER_NOT_INITIALIZED:116:cipher not initialized +PKCS7_R_CONTENT_AND_DATA_PRESENT:118:content and data present +PKCS7_R_CTRL_ERROR:152:ctrl error +PKCS7_R_DECRYPT_ERROR:119:decrypt error +PKCS7_R_DIGEST_FAILURE:101:digest failure +PKCS7_R_ENCRYPTION_CTRL_FAILURE:149:encryption ctrl failure +PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE:150:\ + encryption not supported for this key type +PKCS7_R_ERROR_ADDING_RECIPIENT:120:error adding recipient +PKCS7_R_ERROR_SETTING_CIPHER:121:error setting cipher +PKCS7_R_INVALID_NULL_POINTER:143:invalid null pointer +PKCS7_R_INVALID_SIGNED_DATA_TYPE:155:invalid signed data type +PKCS7_R_NO_CONTENT:122:no content +PKCS7_R_NO_DEFAULT_DIGEST:151:no default digest +PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND:154:no matching digest type found +PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE:115:no recipient matches certificate +PKCS7_R_NO_SIGNATURES_ON_DATA:123:no signatures on data +PKCS7_R_NO_SIGNERS:142:no signers +PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE:104:\ + operation not supported on this type +PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR:124:pkcs7 add signature error +PKCS7_R_PKCS7_ADD_SIGNER_ERROR:153:pkcs7 add signer error +PKCS7_R_PKCS7_DATASIGN:145:pkcs7 datasign +PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE:127:\ + private key does not match certificate +PKCS7_R_SIGNATURE_FAILURE:105:signature failure +PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND:128:signer certificate not found +PKCS7_R_SIGNING_CTRL_FAILURE:147:signing ctrl failure +PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE:148:\ + signing not supported for this key type +PKCS7_R_SMIME_TEXT_ERROR:129:smime text error +PKCS7_R_UNABLE_TO_FIND_CERTIFICATE:106:unable to find certificate +PKCS7_R_UNABLE_TO_FIND_MEM_BIO:107:unable to find mem bio +PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST:108:unable to find message digest +PKCS7_R_UNKNOWN_DIGEST_TYPE:109:unknown digest type +PKCS7_R_UNKNOWN_OPERATION:110:unknown operation +PKCS7_R_UNSUPPORTED_CIPHER_TYPE:111:unsupported cipher type +PKCS7_R_UNSUPPORTED_CONTENT_TYPE:112:unsupported content type +PKCS7_R_WRONG_CONTENT_TYPE:113:wrong content type +PKCS7_R_WRONG_PKCS7_TYPE:114:wrong pkcs7 type +RAND_R_ADDITIONAL_INPUT_TOO_LONG:102:additional input too long +RAND_R_ALREADY_INSTANTIATED:103:already instantiated +RAND_R_ARGUMENT_OUT_OF_RANGE:105:argument out of range +RAND_R_CANNOT_OPEN_FILE:121:Cannot open file +RAND_R_DRBG_ALREADY_INITIALIZED:129:drbg already initialized +RAND_R_DRBG_NOT_INITIALISED:104:drbg not initialised +RAND_R_ENTROPY_INPUT_TOO_LONG:106:entropy input too long +RAND_R_ENTROPY_OUT_OF_RANGE:124:entropy out of range +RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED:127:error entropy pool was ignored +RAND_R_ERROR_INITIALISING_DRBG:107:error initialising drbg +RAND_R_ERROR_INSTANTIATING_DRBG:108:error instantiating drbg +RAND_R_ERROR_RETRIEVING_ADDITIONAL_INPUT:109:error retrieving additional input +RAND_R_ERROR_RETRIEVING_ENTROPY:110:error retrieving entropy +RAND_R_ERROR_RETRIEVING_NONCE:111:error retrieving nonce +RAND_R_FAILED_TO_CREATE_LOCK:126:failed to create lock +RAND_R_FUNC_NOT_IMPLEMENTED:101:Function not implemented +RAND_R_FWRITE_ERROR:123:Error writing file +RAND_R_GENERATE_ERROR:112:generate error +RAND_R_INTERNAL_ERROR:113:internal error +RAND_R_IN_ERROR_STATE:114:in error state +RAND_R_NOT_A_REGULAR_FILE:122:Not a regular file +RAND_R_NOT_INSTANTIATED:115:not instantiated +RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED:128:no drbg implementation selected +RAND_R_PARENT_LOCKING_NOT_ENABLED:130:parent locking not enabled +RAND_R_PARENT_STRENGTH_TOO_WEAK:131:parent strength too weak +RAND_R_PERSONALISATION_STRING_TOO_LONG:116:personalisation string too long +RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED:133:\ + prediction resistance not supported +RAND_R_PRNG_NOT_SEEDED:100:PRNG not seeded +RAND_R_RANDOM_POOL_OVERFLOW:125:random pool overflow +RAND_R_RANDOM_POOL_UNDERFLOW:134:random pool underflow +RAND_R_REQUEST_TOO_LARGE_FOR_DRBG:117:request too large for drbg +RAND_R_RESEED_ERROR:118:reseed error +RAND_R_SELFTEST_FAILURE:119:selftest failure +RAND_R_TOO_LITTLE_NONCE_REQUESTED:135:too little nonce requested +RAND_R_TOO_MUCH_NONCE_REQUESTED:136:too much nonce requested +RAND_R_UNSUPPORTED_DRBG_FLAGS:132:unsupported drbg flags +RAND_R_UNSUPPORTED_DRBG_TYPE:120:unsupported drbg type +RSA_R_ALGORITHM_MISMATCH:100:algorithm mismatch +RSA_R_BAD_E_VALUE:101:bad e value +RSA_R_BAD_FIXED_HEADER_DECRYPT:102:bad fixed header decrypt +RSA_R_BAD_PAD_BYTE_COUNT:103:bad pad byte count +RSA_R_BAD_SIGNATURE:104:bad signature +RSA_R_BLOCK_TYPE_IS_NOT_01:106:block type is not 01 +RSA_R_BLOCK_TYPE_IS_NOT_02:107:block type is not 02 +RSA_R_DATA_GREATER_THAN_MOD_LEN:108:data greater than mod len +RSA_R_DATA_TOO_LARGE:109:data too large +RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE:110:data too large for key size +RSA_R_DATA_TOO_LARGE_FOR_MODULUS:132:data too large for modulus +RSA_R_DATA_TOO_SMALL:111:data too small +RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE:122:data too small for key size +RSA_R_DIGEST_DOES_NOT_MATCH:158:digest does not match +RSA_R_DIGEST_NOT_ALLOWED:145:digest not allowed +RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY:112:digest too big for rsa key +RSA_R_DMP1_NOT_CONGRUENT_TO_D:124:dmp1 not congruent to d +RSA_R_DMQ1_NOT_CONGRUENT_TO_D:125:dmq1 not congruent to d +RSA_R_D_E_NOT_CONGRUENT_TO_1:123:d e not congruent to 1 +RSA_R_FIRST_OCTET_INVALID:133:first octet invalid +RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE:144:\ + illegal or unsupported padding mode +RSA_R_INVALID_DIGEST:157:invalid digest +RSA_R_INVALID_DIGEST_LENGTH:143:invalid digest length +RSA_R_INVALID_HEADER:137:invalid header +RSA_R_INVALID_LABEL:160:invalid label +RSA_R_INVALID_MESSAGE_LENGTH:131:invalid message length +RSA_R_INVALID_MGF1_MD:156:invalid mgf1 md +RSA_R_INVALID_MULTI_PRIME_KEY:167:invalid multi prime key +RSA_R_INVALID_OAEP_PARAMETERS:161:invalid oaep parameters +RSA_R_INVALID_PADDING:138:invalid padding +RSA_R_INVALID_PADDING_MODE:141:invalid padding mode +RSA_R_INVALID_PSS_PARAMETERS:149:invalid pss parameters +RSA_R_INVALID_PSS_SALTLEN:146:invalid pss saltlen +RSA_R_INVALID_SALT_LENGTH:150:invalid salt length +RSA_R_INVALID_TRAILER:139:invalid trailer +RSA_R_INVALID_X931_DIGEST:142:invalid x931 digest +RSA_R_IQMP_NOT_INVERSE_OF_Q:126:iqmp not inverse of q +RSA_R_KEY_PRIME_NUM_INVALID:165:key prime num invalid +RSA_R_KEY_SIZE_TOO_SMALL:120:key size too small +RSA_R_LAST_OCTET_INVALID:134:last octet invalid +RSA_R_MGF1_DIGEST_NOT_ALLOWED:152:mgf1 digest not allowed +RSA_R_MODULUS_TOO_LARGE:105:modulus too large +RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R:168:mp coefficient not inverse of r +RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D:169:mp exponent not congruent to d +RSA_R_MP_R_NOT_PRIME:170:mp r not prime +RSA_R_NO_PUBLIC_EXPONENT:140:no public exponent +RSA_R_NULL_BEFORE_BLOCK_MISSING:113:null before block missing +RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES:172:n does not equal product of primes +RSA_R_N_DOES_NOT_EQUAL_P_Q:127:n does not equal p q +RSA_R_OAEP_DECODING_ERROR:121:oaep decoding error +RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:148:\ + operation not supported for this keytype +RSA_R_PADDING_CHECK_FAILED:114:padding check failed +RSA_R_PKCS_DECODING_ERROR:159:pkcs decoding error +RSA_R_PSS_SALTLEN_TOO_SMALL:164:pss saltlen too small +RSA_R_P_NOT_PRIME:128:p not prime +RSA_R_Q_NOT_PRIME:129:q not prime +RSA_R_RSA_OPERATIONS_NOT_SUPPORTED:130:rsa operations not supported +RSA_R_SLEN_CHECK_FAILED:136:salt length check failed +RSA_R_SLEN_RECOVERY_FAILED:135:salt length recovery failed +RSA_R_SSLV3_ROLLBACK_ATTACK:115:sslv3 rollback attack +RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD:116:\ + the asn1 object identifier is not known for this md +RSA_R_UNKNOWN_ALGORITHM_TYPE:117:unknown algorithm type +RSA_R_UNKNOWN_DIGEST:166:unknown digest +RSA_R_UNKNOWN_MASK_DIGEST:151:unknown mask digest +RSA_R_UNKNOWN_PADDING_TYPE:118:unknown padding type +RSA_R_UNSUPPORTED_ENCRYPTION_TYPE:162:unsupported encryption type +RSA_R_UNSUPPORTED_LABEL_SOURCE:163:unsupported label source +RSA_R_UNSUPPORTED_MASK_ALGORITHM:153:unsupported mask algorithm +RSA_R_UNSUPPORTED_MASK_PARAMETER:154:unsupported mask parameter +RSA_R_UNSUPPORTED_SIGNATURE_TYPE:155:unsupported signature type +RSA_R_VALUE_MISSING:147:value missing +RSA_R_WRONG_SIGNATURE_LENGTH:119:wrong signature length +SM2_R_ASN1_ERROR:100:asn1 error +SM2_R_BAD_SIGNATURE:101:bad signature +SM2_R_BUFFER_TOO_SMALL:107:buffer too small +SM2_R_DIST_ID_TOO_LARGE:110:dist id too large +SM2_R_ID_NOT_SET:112:id not set +SM2_R_ID_TOO_LARGE:111:id too large +SM2_R_INVALID_CURVE:108:invalid curve +SM2_R_INVALID_DIGEST:102:invalid digest +SM2_R_INVALID_DIGEST_TYPE:103:invalid digest type +SM2_R_INVALID_ENCODING:104:invalid encoding +SM2_R_INVALID_FIELD:105:invalid field +SM2_R_NO_PARAMETERS_SET:109:no parameters set +SM2_R_USER_ID_TOO_LARGE:106:user id too large +SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY:291:\ + application data after close notify +SSL_R_APP_DATA_IN_HANDSHAKE:100:app data in handshake +SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT:272:\ + attempt to reuse session in different context +SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE:143:\ + at least TLS 1.0 needed in FIPS mode +SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE:158:\ + at least (D)TLS 1.2 needed in Suite B mode +SSL_R_BAD_CHANGE_CIPHER_SPEC:103:bad change cipher spec +SSL_R_BAD_CIPHER:186:bad cipher +SSL_R_BAD_DATA:390:bad data +SSL_R_BAD_DATA_RETURNED_BY_CALLBACK:106:bad data returned by callback +SSL_R_BAD_DECOMPRESSION:107:bad decompression +SSL_R_BAD_DH_VALUE:102:bad dh value +SSL_R_BAD_DIGEST_LENGTH:111:bad digest length +SSL_R_BAD_EARLY_DATA:233:bad early data +SSL_R_BAD_ECC_CERT:304:bad ecc cert +SSL_R_BAD_ECPOINT:306:bad ecpoint +SSL_R_BAD_EXTENSION:110:bad extension +SSL_R_BAD_HANDSHAKE_LENGTH:332:bad handshake length +SSL_R_BAD_HANDSHAKE_STATE:236:bad handshake state +SSL_R_BAD_HELLO_REQUEST:105:bad hello request +SSL_R_BAD_HRR_VERSION:263:bad hrr version +SSL_R_BAD_KEY_SHARE:108:bad key share +SSL_R_BAD_KEY_UPDATE:122:bad key update +SSL_R_BAD_LEGACY_VERSION:292:bad legacy version +SSL_R_BAD_LENGTH:271:bad length +SSL_R_BAD_PACKET:240:bad packet +SSL_R_BAD_PACKET_LENGTH:115:bad packet length +SSL_R_BAD_PROTOCOL_VERSION_NUMBER:116:bad protocol version number +SSL_R_BAD_PSK:219:bad psk +SSL_R_BAD_PSK_IDENTITY:114:bad psk identity +SSL_R_BAD_RECORD_TYPE:443:bad record type +SSL_R_BAD_RSA_ENCRYPT:119:bad rsa encrypt +SSL_R_BAD_SIGNATURE:123:bad signature +SSL_R_BAD_SRP_A_LENGTH:347:bad srp a length +SSL_R_BAD_SRP_PARAMETERS:371:bad srp parameters +SSL_R_BAD_SRTP_MKI_VALUE:352:bad srtp mki value +SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST:353:bad srtp protection profile list +SSL_R_BAD_SSL_FILETYPE:124:bad ssl filetype +SSL_R_BAD_VALUE:384:bad value +SSL_R_BAD_WRITE_RETRY:127:bad write retry +SSL_R_BINDER_DOES_NOT_VERIFY:253:binder does not verify +SSL_R_BIO_NOT_SET:128:bio not set +SSL_R_BLOCK_CIPHER_PAD_IS_WRONG:129:block cipher pad is wrong +SSL_R_BN_LIB:130:bn lib +SSL_R_CALLBACK_FAILED:234:callback failed +SSL_R_CANNOT_CHANGE_CIPHER:109:cannot change cipher +SSL_R_CA_DN_LENGTH_MISMATCH:131:ca dn length mismatch +SSL_R_CA_KEY_TOO_SMALL:397:ca key too small +SSL_R_CA_MD_TOO_WEAK:398:ca md too weak +SSL_R_CCS_RECEIVED_EARLY:133:ccs received early +SSL_R_CERTIFICATE_VERIFY_FAILED:134:certificate verify failed +SSL_R_CERT_CB_ERROR:377:cert cb error +SSL_R_CERT_LENGTH_MISMATCH:135:cert length mismatch +SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED:218:ciphersuite digest has changed +SSL_R_CIPHER_CODE_WRONG_LENGTH:137:cipher code wrong length +SSL_R_CIPHER_OR_HASH_UNAVAILABLE:138:cipher or hash unavailable +SSL_R_CLIENTHELLO_TLSEXT:226:clienthello tlsext +SSL_R_COMPRESSED_LENGTH_TOO_LONG:140:compressed length too long +SSL_R_COMPRESSION_DISABLED:343:compression disabled +SSL_R_COMPRESSION_FAILURE:141:compression failure +SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE:307:\ + compression id not within private range +SSL_R_COMPRESSION_LIBRARY_ERROR:142:compression library error +SSL_R_CONNECTION_TYPE_NOT_SET:144:connection type not set +SSL_R_CONTEXT_NOT_DANE_ENABLED:167:context not dane enabled +SSL_R_COOKIE_GEN_CALLBACK_FAILURE:400:cookie gen callback failure +SSL_R_COOKIE_MISMATCH:308:cookie mismatch +SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED:206:\ + custom ext handler already installed +SSL_R_DANE_ALREADY_ENABLED:172:dane already enabled +SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL:173:dane cannot override mtype full +SSL_R_DANE_NOT_ENABLED:175:dane not enabled +SSL_R_DANE_TLSA_BAD_CERTIFICATE:180:dane tlsa bad certificate +SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE:184:dane tlsa bad certificate usage +SSL_R_DANE_TLSA_BAD_DATA_LENGTH:189:dane tlsa bad data length +SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH:192:dane tlsa bad digest length +SSL_R_DANE_TLSA_BAD_MATCHING_TYPE:200:dane tlsa bad matching type +SSL_R_DANE_TLSA_BAD_PUBLIC_KEY:201:dane tlsa bad public key +SSL_R_DANE_TLSA_BAD_SELECTOR:202:dane tlsa bad selector +SSL_R_DANE_TLSA_NULL_DATA:203:dane tlsa null data +SSL_R_DATA_BETWEEN_CCS_AND_FINISHED:145:data between ccs and finished +SSL_R_DATA_LENGTH_TOO_LONG:146:data length too long +SSL_R_DECRYPTION_FAILED:147:decryption failed +SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC:281:\ + decryption failed or bad record mac +SSL_R_DH_KEY_TOO_SMALL:394:dh key too small +SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG:148:dh public value length is wrong +SSL_R_DIGEST_CHECK_FAILED:149:digest check failed +SSL_R_DTLS_MESSAGE_TOO_BIG:334:dtls message too big +SSL_R_DUPLICATE_COMPRESSION_ID:309:duplicate compression id +SSL_R_ECC_CERT_NOT_FOR_SIGNING:318:ecc cert not for signing +SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE:374:ecdh required for suiteb mode +SSL_R_EE_KEY_TOO_SMALL:399:ee key too small +SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST:354:empty srtp protection profile list +SSL_R_ENCRYPTED_LENGTH_TOO_LONG:150:encrypted length too long +SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST:151:error in received cipher list +SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN:204:error setting tlsa base domain +SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE:194:exceeds max fragment size +SSL_R_EXCESSIVE_MESSAGE_SIZE:152:excessive message size +SSL_R_EXTENSION_NOT_RECEIVED:279:extension not received +SSL_R_EXTRA_DATA_IN_MESSAGE:153:extra data in message +SSL_R_EXT_LENGTH_MISMATCH:163:ext length mismatch +SSL_R_FAILED_TO_INIT_ASYNC:405:failed to init async +SSL_R_FRAGMENTED_CLIENT_HELLO:401:fragmented client hello +SSL_R_GOT_A_FIN_BEFORE_A_CCS:154:got a fin before a ccs +SSL_R_HTTPS_PROXY_REQUEST:155:https proxy request +SSL_R_HTTP_REQUEST:156:http request +SSL_R_ILLEGAL_POINT_COMPRESSION:162:illegal point compression +SSL_R_ILLEGAL_SUITEB_DIGEST:380:illegal Suite B digest +SSL_R_INAPPROPRIATE_FALLBACK:373:inappropriate fallback +SSL_R_INCONSISTENT_COMPRESSION:340:inconsistent compression +SSL_R_INCONSISTENT_EARLY_DATA_ALPN:222:inconsistent early data alpn +SSL_R_INCONSISTENT_EARLY_DATA_SNI:231:inconsistent early data sni +SSL_R_INCONSISTENT_EXTMS:104:inconsistent extms +SSL_R_INSUFFICIENT_SECURITY:241:insufficient security +SSL_R_INVALID_ALERT:205:invalid alert +SSL_R_INVALID_CCS_MESSAGE:260:invalid ccs message +SSL_R_INVALID_CERTIFICATE_OR_ALG:238:invalid certificate or alg +SSL_R_INVALID_COMMAND:280:invalid command +SSL_R_INVALID_COMPRESSION_ALGORITHM:341:invalid compression algorithm +SSL_R_INVALID_CONFIG:283:invalid config +SSL_R_INVALID_CONFIGURATION_NAME:113:invalid configuration name +SSL_R_INVALID_CONTEXT:282:invalid context +SSL_R_INVALID_CT_VALIDATION_TYPE:212:invalid ct validation type +SSL_R_INVALID_KEY_UPDATE_TYPE:120:invalid key update type +SSL_R_INVALID_MAX_EARLY_DATA:174:invalid max early data +SSL_R_INVALID_NULL_CMD_NAME:385:invalid null cmd name +SSL_R_INVALID_SEQUENCE_NUMBER:402:invalid sequence number +SSL_R_INVALID_SERVERINFO_DATA:388:invalid serverinfo data +SSL_R_INVALID_SESSION_ID:999:invalid session id +SSL_R_INVALID_SRP_USERNAME:357:invalid srp username +SSL_R_INVALID_STATUS_RESPONSE:328:invalid status response +SSL_R_INVALID_TICKET_KEYS_LENGTH:325:invalid ticket keys length +SSL_R_LENGTH_MISMATCH:159:length mismatch +SSL_R_LENGTH_TOO_LONG:404:length too long +SSL_R_LENGTH_TOO_SHORT:160:length too short +SSL_R_LIBRARY_BUG:274:library bug +SSL_R_LIBRARY_HAS_NO_CIPHERS:161:library has no ciphers +SSL_R_MISSING_DSA_SIGNING_CERT:165:missing dsa signing cert +SSL_R_MISSING_ECDSA_SIGNING_CERT:381:missing ecdsa signing cert +SSL_R_MISSING_FATAL:256:missing fatal +SSL_R_MISSING_PARAMETERS:290:missing parameters +SSL_R_MISSING_RSA_CERTIFICATE:168:missing rsa certificate +SSL_R_MISSING_RSA_ENCRYPTING_CERT:169:missing rsa encrypting cert +SSL_R_MISSING_RSA_SIGNING_CERT:170:missing rsa signing cert +SSL_R_MISSING_SIGALGS_EXTENSION:112:missing sigalgs extension +SSL_R_MISSING_SIGNING_CERT:221:missing signing cert +SSL_R_MISSING_SRP_PARAM:358:can't find SRP server param +SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION:209:missing supported groups extension +SSL_R_MISSING_TMP_DH_KEY:171:missing tmp dh key +SSL_R_MISSING_TMP_ECDH_KEY:311:missing tmp ecdh key +SSL_R_NOT_ON_RECORD_BOUNDARY:182:not on record boundary +SSL_R_NOT_REPLACING_CERTIFICATE:289:not replacing certificate +SSL_R_NOT_SERVER:284:not server +SSL_R_NO_APPLICATION_PROTOCOL:235:no application protocol +SSL_R_NO_CERTIFICATES_RETURNED:176:no certificates returned +SSL_R_NO_CERTIFICATE_ASSIGNED:177:no certificate assigned +SSL_R_NO_CERTIFICATE_SET:179:no certificate set +SSL_R_NO_CHANGE_FOLLOWING_HRR:214:no change following hrr +SSL_R_NO_CIPHERS_AVAILABLE:181:no ciphers available +SSL_R_NO_CIPHERS_SPECIFIED:183:no ciphers specified +SSL_R_NO_CIPHER_MATCH:185:no cipher match +SSL_R_NO_CLIENT_CERT_METHOD:331:no client cert method +SSL_R_NO_COMPRESSION_SPECIFIED:187:no compression specified +SSL_R_NO_COOKIE_CALLBACK_SET:287:no cookie callback set +SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER:330:\ + Peer haven't sent GOST certificate, required for selected ciphersuite +SSL_R_NO_METHOD_SPECIFIED:188:no method specified +SSL_R_NO_PEM_EXTENSIONS:389:no pem extensions +SSL_R_NO_PRIVATE_KEY_ASSIGNED:190:no private key assigned +SSL_R_NO_PROTOCOLS_AVAILABLE:191:no protocols available +SSL_R_NO_RENEGOTIATION:339:no renegotiation +SSL_R_NO_REQUIRED_DIGEST:324:no required digest +SSL_R_NO_SHARED_CIPHER:193:no shared cipher +SSL_R_NO_SHARED_GROUPS:410:no shared groups +SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS:376:no shared signature algorithms +SSL_R_NO_SRTP_PROFILES:359:no srtp profiles +SSL_R_NO_SUITABLE_KEY_SHARE:101:no suitable key share +SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM:118:no suitable signature algorithm +SSL_R_NO_VALID_SCTS:216:no valid scts +SSL_R_NO_VERIFY_COOKIE_CALLBACK:403:no verify cookie callback +SSL_R_NULL_SSL_CTX:195:null ssl ctx +SSL_R_NULL_SSL_METHOD_PASSED:196:null ssl method passed +SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED:197:old session cipher not returned +SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED:344:\ + old session compression algorithm not returned +SSL_R_OVERFLOW_ERROR:237:overflow error +SSL_R_PACKET_LENGTH_TOO_LONG:198:packet length too long +SSL_R_PARSE_TLSEXT:227:parse tlsext +SSL_R_PATH_TOO_LONG:270:path too long +SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE:199:peer did not return a certificate +SSL_R_PEM_NAME_BAD_PREFIX:391:pem name bad prefix +SSL_R_PEM_NAME_TOO_SHORT:392:pem name too short +SSL_R_PIPELINE_FAILURE:406:pipeline failure +SSL_R_POST_HANDSHAKE_AUTH_ENCODING_ERR:278:post handshake auth encoding err +SSL_R_PRIVATE_KEY_MISMATCH:288:private key mismatch +SSL_R_PROTOCOL_IS_SHUTDOWN:207:protocol is shutdown +SSL_R_PSK_IDENTITY_NOT_FOUND:223:psk identity not found +SSL_R_PSK_NO_CLIENT_CB:224:psk no client cb +SSL_R_PSK_NO_SERVER_CB:225:psk no server cb +SSL_R_READ_BIO_NOT_SET:211:read bio not set +SSL_R_READ_TIMEOUT_EXPIRED:312:read timeout expired +SSL_R_RECORD_LENGTH_MISMATCH:213:record length mismatch +SSL_R_RECORD_TOO_SMALL:298:record too small +SSL_R_RENEGOTIATE_EXT_TOO_LONG:335:renegotiate ext too long +SSL_R_RENEGOTIATION_ENCODING_ERR:336:renegotiation encoding err +SSL_R_RENEGOTIATION_MISMATCH:337:renegotiation mismatch +SSL_R_REQUEST_PENDING:285:request pending +SSL_R_REQUEST_SENT:286:request sent +SSL_R_REQUIRED_CIPHER_MISSING:215:required cipher missing +SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING:342:\ + required compression algorithm missing +SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING:345:scsv received when renegotiating +SSL_R_SCT_VERIFICATION_FAILED:208:sct verification failed +SSL_R_SERVERHELLO_TLSEXT:275:serverhello tlsext +SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED:277:session id context uninitialized +SSL_R_SHUTDOWN_WHILE_IN_INIT:407:shutdown while in init +SSL_R_SIGNATURE_ALGORITHMS_ERROR:360:signature algorithms error +SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE:220:\ + signature for non signing certificate +SSL_R_SRP_A_CALC:361:error with the srp params +SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES:362:srtp could not allocate profiles +SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG:363:\ + srtp protection profile list too long +SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE:364:srtp unknown protection profile +SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH:232:\ + ssl3 ext invalid max fragment length +SSL_R_SSL3_EXT_INVALID_SERVERNAME:319:ssl3 ext invalid servername +SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE:320:ssl3 ext invalid servername type +SSL_R_SSL3_SESSION_ID_TOO_LONG:300:ssl3 session id too long +SSL_R_SSL_COMMAND_SECTION_EMPTY:117:ssl command section empty +SSL_R_SSL_COMMAND_SECTION_NOT_FOUND:125:ssl command section not found +SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION:228:ssl ctx has no default ssl version +SSL_R_SSL_HANDSHAKE_FAILURE:229:ssl handshake failure +SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS:230:ssl library has no ciphers +SSL_R_SSL_NEGATIVE_LENGTH:372:ssl negative length +SSL_R_SSL_SECTION_EMPTY:126:ssl section empty +SSL_R_SSL_SECTION_NOT_FOUND:136:ssl section not found +SSL_R_SSL_SESSION_ID_CALLBACK_FAILED:301:ssl session id callback failed +SSL_R_SSL_SESSION_ID_CONFLICT:302:ssl session id conflict +SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG:273:ssl session id context too long +SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH:303:ssl session id has bad length +SSL_R_SSL_SESSION_ID_TOO_LONG:408:ssl session id too long +SSL_R_SSL_SESSION_VERSION_MISMATCH:210:ssl session version mismatch +SSL_R_STILL_IN_INIT:121:still in init +SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT:365:peer does not accept heartbeats +SSL_R_TLS_HEARTBEAT_PENDING:366:heartbeat request already pending +SSL_R_TLS_ILLEGAL_EXPORTER_LABEL:367:tls illegal exporter label +SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST:157:tls invalid ecpointformat list +SSL_R_TOO_MANY_KEY_UPDATES:132:too many key updates +SSL_R_TOO_MANY_WARN_ALERTS:409:too many warn alerts +SSL_R_TOO_MUCH_EARLY_DATA:164:too much early data +SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS:314:unable to find ecdh parameters +SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS:239:\ + unable to find public key parameters +SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES:242:unable to load ssl3 md5 routines +SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES:243:unable to load ssl3 sha1 routines +SSL_R_UNEXPECTED_CCS_MESSAGE:262:unexpected ccs message +SSL_R_UNEXPECTED_END_OF_EARLY_DATA:178:unexpected end of early data +SSL_R_UNEXPECTED_MESSAGE:244:unexpected message +SSL_R_UNEXPECTED_RECORD:245:unexpected record +SSL_R_UNINITIALIZED:276:uninitialized +SSL_R_UNKNOWN_ALERT_TYPE:246:unknown alert type +SSL_R_UNKNOWN_CERTIFICATE_TYPE:247:unknown certificate type +SSL_R_UNKNOWN_CIPHER_RETURNED:248:unknown cipher returned +SSL_R_UNKNOWN_CIPHER_TYPE:249:unknown cipher type +SSL_R_UNKNOWN_CMD_NAME:386:unknown cmd name +SSL_R_UNKNOWN_COMMAND:139:unknown command +SSL_R_UNKNOWN_DIGEST:368:unknown digest +SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE:250:unknown key exchange type +SSL_R_UNKNOWN_PKEY_TYPE:251:unknown pkey type +SSL_R_UNKNOWN_PROTOCOL:252:unknown protocol +SSL_R_UNKNOWN_SSL_VERSION:254:unknown ssl version +SSL_R_UNKNOWN_STATE:255:unknown state +SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED:338:\ + unsafe legacy renegotiation disabled +SSL_R_UNSOLICITED_EXTENSION:217:unsolicited extension +SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM:257:unsupported compression algorithm +SSL_R_UNSUPPORTED_ELLIPTIC_CURVE:315:unsupported elliptic curve +SSL_R_UNSUPPORTED_PROTOCOL:258:unsupported protocol +SSL_R_UNSUPPORTED_SSL_VERSION:259:unsupported ssl version +SSL_R_UNSUPPORTED_STATUS_TYPE:329:unsupported status type +SSL_R_USE_SRTP_NOT_NEGOTIATED:369:use srtp not negotiated +SSL_R_VERSION_TOO_HIGH:166:version too high +SSL_R_VERSION_TOO_LOW:396:version too low +SSL_R_WRONG_CERTIFICATE_TYPE:383:wrong certificate type +SSL_R_WRONG_CIPHER_RETURNED:261:wrong cipher returned +SSL_R_WRONG_CURVE:378:wrong curve +SSL_R_WRONG_SIGNATURE_LENGTH:264:wrong signature length +SSL_R_WRONG_SIGNATURE_SIZE:265:wrong signature size +SSL_R_WRONG_SIGNATURE_TYPE:370:wrong signature type +SSL_R_WRONG_SSL_VERSION:266:wrong ssl version +SSL_R_WRONG_VERSION_NUMBER:267:wrong version number +SSL_R_X509_LIB:268:x509 lib +SSL_R_X509_VERIFICATION_SETUP_PROBLEMS:269:x509 verification setup problems +TS_R_BAD_PKCS7_TYPE:132:bad pkcs7 type +TS_R_BAD_TYPE:133:bad type +TS_R_CANNOT_LOAD_CERT:137:cannot load certificate +TS_R_CANNOT_LOAD_KEY:138:cannot load private key +TS_R_CERTIFICATE_VERIFY_ERROR:100:certificate verify error +TS_R_COULD_NOT_SET_ENGINE:127:could not set engine +TS_R_COULD_NOT_SET_TIME:115:could not set time +TS_R_DETACHED_CONTENT:134:detached content +TS_R_ESS_ADD_SIGNING_CERT_ERROR:116:ess add signing cert error +TS_R_ESS_ADD_SIGNING_CERT_V2_ERROR:139:ess add signing cert v2 error +TS_R_ESS_SIGNING_CERTIFICATE_ERROR:101:ess signing certificate error +TS_R_INVALID_NULL_POINTER:102:invalid null pointer +TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE:117:invalid signer certificate purpose +TS_R_MESSAGE_IMPRINT_MISMATCH:103:message imprint mismatch +TS_R_NONCE_MISMATCH:104:nonce mismatch +TS_R_NONCE_NOT_RETURNED:105:nonce not returned +TS_R_NO_CONTENT:106:no content +TS_R_NO_TIME_STAMP_TOKEN:107:no time stamp token +TS_R_PKCS7_ADD_SIGNATURE_ERROR:118:pkcs7 add signature error +TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR:119:pkcs7 add signed attr error +TS_R_PKCS7_TO_TS_TST_INFO_FAILED:129:pkcs7 to ts tst info failed +TS_R_POLICY_MISMATCH:108:policy mismatch +TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE:120:\ + private key does not match certificate +TS_R_RESPONSE_SETUP_ERROR:121:response setup error +TS_R_SIGNATURE_FAILURE:109:signature failure +TS_R_THERE_MUST_BE_ONE_SIGNER:110:there must be one signer +TS_R_TIME_SYSCALL_ERROR:122:time syscall error +TS_R_TOKEN_NOT_PRESENT:130:token not present +TS_R_TOKEN_PRESENT:131:token present +TS_R_TSA_NAME_MISMATCH:111:tsa name mismatch +TS_R_TSA_UNTRUSTED:112:tsa untrusted +TS_R_TST_INFO_SETUP_ERROR:123:tst info setup error +TS_R_TS_DATASIGN:124:ts datasign +TS_R_UNACCEPTABLE_POLICY:125:unacceptable policy +TS_R_UNSUPPORTED_MD_ALGORITHM:126:unsupported md algorithm +TS_R_UNSUPPORTED_VERSION:113:unsupported version +TS_R_VAR_BAD_VALUE:135:var bad value +TS_R_VAR_LOOKUP_FAILURE:136:cannot find config variable +TS_R_WRONG_CONTENT_TYPE:114:wrong content type +UI_R_COMMON_OK_AND_CANCEL_CHARACTERS:104:common ok and cancel characters +UI_R_INDEX_TOO_LARGE:102:index too large +UI_R_INDEX_TOO_SMALL:103:index too small +UI_R_NO_RESULT_BUFFER:105:no result buffer +UI_R_PROCESSING_ERROR:107:processing error +UI_R_RESULT_TOO_LARGE:100:result too large +UI_R_RESULT_TOO_SMALL:101:result too small +UI_R_SYSASSIGN_ERROR:109:sys$assign error +UI_R_SYSDASSGN_ERROR:110:sys$dassgn error +UI_R_SYSQIOW_ERROR:111:sys$qiow error +UI_R_UNKNOWN_CONTROL_COMMAND:106:unknown control command +UI_R_UNKNOWN_TTYGET_ERRNO_VALUE:108:unknown ttyget errno value +UI_R_USER_DATA_DUPLICATION_UNSUPPORTED:112:user data duplication unsupported +X509V3_R_BAD_IP_ADDRESS:118:bad ip address +X509V3_R_BAD_OBJECT:119:bad object +X509V3_R_BN_DEC2BN_ERROR:100:bn dec2bn error +X509V3_R_BN_TO_ASN1_INTEGER_ERROR:101:bn to asn1 integer error +X509V3_R_DIRNAME_ERROR:149:dirname error +X509V3_R_DISTPOINT_ALREADY_SET:160:distpoint already set +X509V3_R_DUPLICATE_ZONE_ID:133:duplicate zone id +X509V3_R_ERROR_CONVERTING_ZONE:131:error converting zone +X509V3_R_ERROR_CREATING_EXTENSION:144:error creating extension +X509V3_R_ERROR_IN_EXTENSION:128:error in extension +X509V3_R_EXPECTED_A_SECTION_NAME:137:expected a section name +X509V3_R_EXTENSION_EXISTS:145:extension exists +X509V3_R_EXTENSION_NAME_ERROR:115:extension name error +X509V3_R_EXTENSION_NOT_FOUND:102:extension not found +X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED:103:extension setting not supported +X509V3_R_EXTENSION_VALUE_ERROR:116:extension value error +X509V3_R_ILLEGAL_EMPTY_EXTENSION:151:illegal empty extension +X509V3_R_INCORRECT_POLICY_SYNTAX_TAG:152:incorrect policy syntax tag +X509V3_R_INVALID_ASNUMBER:162:invalid asnumber +X509V3_R_INVALID_ASRANGE:163:invalid asrange +X509V3_R_INVALID_BOOLEAN_STRING:104:invalid boolean string +X509V3_R_INVALID_EXTENSION_STRING:105:invalid extension string +X509V3_R_INVALID_INHERITANCE:165:invalid inheritance +X509V3_R_INVALID_IPADDRESS:166:invalid ipaddress +X509V3_R_INVALID_MULTIPLE_RDNS:161:invalid multiple rdns +X509V3_R_INVALID_NAME:106:invalid name +X509V3_R_INVALID_NULL_ARGUMENT:107:invalid null argument +X509V3_R_INVALID_NULL_NAME:108:invalid null name +X509V3_R_INVALID_NULL_VALUE:109:invalid null value +X509V3_R_INVALID_NUMBER:140:invalid number +X509V3_R_INVALID_NUMBERS:141:invalid numbers +X509V3_R_INVALID_OBJECT_IDENTIFIER:110:invalid object identifier +X509V3_R_INVALID_OPTION:138:invalid option +X509V3_R_INVALID_POLICY_IDENTIFIER:134:invalid policy identifier +X509V3_R_INVALID_PROXY_POLICY_SETTING:153:invalid proxy policy setting +X509V3_R_INVALID_PURPOSE:146:invalid purpose +X509V3_R_INVALID_SAFI:164:invalid safi +X509V3_R_INVALID_SECTION:135:invalid section +X509V3_R_INVALID_SYNTAX:143:invalid syntax +X509V3_R_ISSUER_DECODE_ERROR:126:issuer decode error +X509V3_R_MISSING_VALUE:124:missing value +X509V3_R_NEED_ORGANIZATION_AND_NUMBERS:142:need organization and numbers +X509V3_R_NO_CONFIG_DATABASE:136:no config database +X509V3_R_NO_ISSUER_CERTIFICATE:121:no issuer certificate +X509V3_R_NO_ISSUER_DETAILS:127:no issuer details +X509V3_R_NO_POLICY_IDENTIFIER:139:no policy identifier +X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED:154:\ + no proxy cert policy language defined +X509V3_R_NO_PUBLIC_KEY:114:no public key +X509V3_R_NO_SUBJECT_DETAILS:125:no subject details +X509V3_R_OPERATION_NOT_DEFINED:148:operation not defined +X509V3_R_OTHERNAME_ERROR:147:othername error +X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED:155:policy language already defined +X509V3_R_POLICY_PATH_LENGTH:156:policy path length +X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED:157:\ + policy path length already defined +X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY:159:\ + policy when proxy language requires no policy +X509V3_R_SECTION_NOT_FOUND:150:section not found +X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS:122:unable to get issuer details +X509V3_R_UNABLE_TO_GET_ISSUER_KEYID:123:unable to get issuer keyid +X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT:111:unknown bit string argument +X509V3_R_UNKNOWN_EXTENSION:129:unknown extension +X509V3_R_UNKNOWN_EXTENSION_NAME:130:unknown extension name +X509V3_R_UNKNOWN_OPTION:120:unknown option +X509V3_R_UNSUPPORTED_OPTION:117:unsupported option +X509V3_R_UNSUPPORTED_TYPE:167:unsupported type +X509V3_R_USER_TOO_LONG:132:user too long +X509_R_AKID_MISMATCH:110:akid mismatch +X509_R_BAD_SELECTOR:133:bad selector +X509_R_BAD_X509_FILETYPE:100:bad x509 filetype +X509_R_BASE64_DECODE_ERROR:118:base64 decode error +X509_R_CANT_CHECK_DH_KEY:114:cant check dh key +X509_R_CERT_ALREADY_IN_HASH_TABLE:101:cert already in hash table +X509_R_CRL_ALREADY_DELTA:127:crl already delta +X509_R_CRL_VERIFY_FAILURE:131:crl verify failure +X509_R_IDP_MISMATCH:128:idp mismatch +X509_R_INVALID_DIRECTORY:113:invalid directory +X509_R_INVALID_FIELD_NAME:119:invalid field name +X509_R_INVALID_TRUST:123:invalid trust +X509_R_ISSUER_MISMATCH:129:issuer mismatch +X509_R_KEY_TYPE_MISMATCH:115:key type mismatch +X509_R_KEY_VALUES_MISMATCH:116:key values mismatch +X509_R_LOADING_CERT_DIR:103:loading cert dir +X509_R_LOADING_DEFAULTS:104:loading defaults +X509_R_METHOD_NOT_SUPPORTED:124:method not supported +X509_R_NAME_TOO_LONG:134:name too long +X509_R_NEWER_CRL_NOT_NEWER:132:newer crl not newer +X509_R_NO_CERTIFICATE_FOUND:135:no certificate found +X509_R_NO_CERTIFICATE_OR_CRL_FOUND:136:no certificate or crl found +X509_R_NO_CERT_SET_FOR_US_TO_VERIFY:105:no cert set for us to verify +X509_R_NO_CRL_FOUND:137:no crl found +X509_R_NO_CRL_NUMBER:130:no crl number +X509_R_PUBLIC_KEY_DECODE_ERROR:125:public key decode error +X509_R_PUBLIC_KEY_ENCODE_ERROR:126:public key encode error +X509_R_SHOULD_RETRY:106:should retry +X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN:107:unable to find parameters in chain +X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY:108:unable to get certs public key +X509_R_UNKNOWN_KEY_TYPE:117:unknown key type +X509_R_UNKNOWN_NID:109:unknown nid +X509_R_UNKNOWN_PURPOSE_ID:121:unknown purpose id +X509_R_UNKNOWN_TRUST_ID:120:unknown trust id +X509_R_UNSUPPORTED_ALGORITHM:111:unsupported algorithm +X509_R_WRONG_LOOKUP_TYPE:112:wrong lookup type +X509_R_WRONG_TYPE:122:wrong type diff --git a/deps/openssl/openssl/crypto/evp/bio_b64.c b/deps/openssl/openssl/crypto/evp/bio_b64.c index a86e8db0bf72bd..9f891f7626a616 100644 --- a/deps/openssl/openssl/crypto/evp/bio_b64.c +++ b/deps/openssl/openssl/crypto/evp/bio_b64.c @@ -17,9 +17,6 @@ static int b64_write(BIO *h, const char *buf, int num); static int b64_read(BIO *h, char *buf, int size); static int b64_puts(BIO *h, const char *str); -/* - * static int b64_gets(BIO *h, char *str, int size); - */ static long b64_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int b64_new(BIO *h); static int b64_free(BIO *data); @@ -49,7 +46,11 @@ typedef struct b64_struct { static const BIO_METHOD methods_b64 = { BIO_TYPE_BASE64, "base64 encoding", + /* TODO: Convert to new style write function */ + bwrite_conv, b64_write, + /* TODO: Convert to new style read function */ + bread_conv, b64_read, b64_puts, NULL, /* b64_gets, */ @@ -69,9 +70,10 @@ static int b64_new(BIO *bi) { BIO_B64_CTX *ctx; - ctx = OPENSSL_zalloc(sizeof(*ctx)); - if (ctx == NULL) + if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) { + EVPerr(EVP_F_B64_NEW, ERR_R_MALLOC_FAILURE); return 0; + } ctx->cont = 1; ctx->start = 1; @@ -113,7 +115,7 @@ static int b64_read(BIO *b, char *out, int outl) BIO *next; if (out == NULL) - return (0); + return 0; ctx = (BIO_B64_CTX *)BIO_get_data(b); next = BIO_next(b); @@ -354,7 +356,7 @@ static int b64_write(BIO *b, const char *in, int inl) i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n); if (i <= 0) { BIO_copy_next_retry(b); - return (i); + return i; } OPENSSL_assert(i <= n); ctx->buf_off += i; @@ -367,7 +369,7 @@ static int b64_write(BIO *b, const char *in, int inl) ctx->buf_len = 0; if ((in == NULL) || (inl <= 0)) - return (0); + return 0; while (inl > 0) { n = (inl > B64_BLOCK_SIZE) ? B64_BLOCK_SIZE : inl; @@ -440,7 +442,7 @@ static int b64_write(BIO *b, const char *in, int inl) ctx->buf_len = 0; ctx->buf_off = 0; } - return (ret); + return ret; } static long b64_ctrl(BIO *b, int cmd, long num, void *ptr) @@ -542,7 +544,7 @@ static long b64_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) ret = BIO_callback_ctrl(next, cmd, fp); break; } - return (ret); + return ret; } static int b64_puts(BIO *b, const char *str) diff --git a/deps/openssl/openssl/crypto/evp/bio_enc.c b/deps/openssl/openssl/crypto/evp/bio_enc.c index e62d1dfda8004f..6639061eae9ae3 100644 --- a/deps/openssl/openssl/crypto/evp/bio_enc.c +++ b/deps/openssl/openssl/crypto/evp/bio_enc.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -16,12 +16,6 @@ static int enc_write(BIO *h, const char *buf, int num); static int enc_read(BIO *h, char *buf, int size); -/* - * static int enc_puts(BIO *h, const char *str); - */ -/* - * static int enc_gets(BIO *h, char *str, int size); - */ static long enc_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int enc_new(BIO *h); static int enc_free(BIO *data); @@ -48,7 +42,11 @@ typedef struct enc_struct { static const BIO_METHOD methods_enc = { BIO_TYPE_CIPHER, "cipher", + /* TODO: Convert to new style write function */ + bwrite_conv, enc_write, + /* TODO: Convert to new style read function */ + bread_conv, enc_read, NULL, /* enc_puts, */ NULL, /* enc_gets, */ @@ -60,16 +58,17 @@ static const BIO_METHOD methods_enc = { const BIO_METHOD *BIO_f_cipher(void) { - return (&methods_enc); + return &methods_enc; } static int enc_new(BIO *bi) { BIO_ENC_CTX *ctx; - ctx = OPENSSL_zalloc(sizeof(*ctx)); - if (ctx == NULL) + if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) { + EVPerr(EVP_F_ENC_NEW, ERR_R_MALLOC_FAILURE); return 0; + } ctx->cipher = EVP_CIPHER_CTX_new(); if (ctx->cipher == NULL) { @@ -111,7 +110,7 @@ static int enc_read(BIO *b, char *out, int outl) BIO *next; if (out == NULL) - return (0); + return 0; ctx = BIO_get_data(b); next = BIO_next(b); @@ -251,7 +250,7 @@ static int enc_write(BIO *b, const char *in, int inl) i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n); if (i <= 0) { BIO_copy_next_retry(b); - return (i); + return i; } ctx->buf_off += i; n -= i; @@ -259,7 +258,7 @@ static int enc_write(BIO *b, const char *in, int inl) /* at this point all pending data has been written */ if ((in == NULL) || (inl <= 0)) - return (0); + return 0; ctx->buf_off = 0; while (inl > 0) { @@ -289,7 +288,7 @@ static int enc_write(BIO *b, const char *in, int inl) ctx->buf_off = 0; } BIO_copy_next_retry(b); - return (ret); + return ret; } static long enc_ctrl(BIO *b, int cmd, long num, void *ptr) @@ -384,7 +383,7 @@ static long enc_ctrl(BIO *b, int cmd, long num, void *ptr) ret = BIO_ctrl(next, cmd, num, ptr); break; } - return (ret); + return ret; } static long enc_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) @@ -393,35 +392,15 @@ static long enc_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) BIO *next = BIO_next(b); if (next == NULL) - return (0); + return 0; switch (cmd) { default: ret = BIO_callback_ctrl(next, cmd, fp); break; } - return (ret); + return ret; } -/*- -void BIO_set_cipher_ctx(b,c) -BIO *b; -EVP_CIPHER_ctx *c; - { - if (b == NULL) return; - - if ((b->callback != NULL) && - (b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0)) - return; - - b->init=1; - ctx=(BIO_ENC_CTX *)b->ptr; - memcpy(ctx->cipher,c,sizeof(EVP_CIPHER_CTX)); - - if (b->callback != NULL) - b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L); - } -*/ - int BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, const unsigned char *i, int e) { diff --git a/deps/openssl/openssl/crypto/evp/bio_md.c b/deps/openssl/openssl/crypto/evp/bio_md.c index 2f0f2831df6521..288dee01b2203c 100644 --- a/deps/openssl/openssl/crypto/evp/bio_md.c +++ b/deps/openssl/openssl/crypto/evp/bio_md.c @@ -22,9 +22,6 @@ static int md_write(BIO *h, char const *buf, int num); static int md_read(BIO *h, char *buf, int size); -/* - * static int md_puts(BIO *h, const char *str); - */ static int md_gets(BIO *h, char *str, int size); static long md_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int md_new(BIO *h); @@ -34,7 +31,11 @@ static long md_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); static const BIO_METHOD methods_md = { BIO_TYPE_MD, "message digest", + /* TODO: Convert to new style write function */ + bwrite_conv, md_write, + /* TODO: Convert to new style read function */ + bread_conv, md_read, NULL, /* md_puts, */ md_gets, @@ -46,7 +47,7 @@ static const BIO_METHOD methods_md = { const BIO_METHOD *BIO_f_md(void) { - return (&methods_md); + return &methods_md; } static int md_new(BIO *bi) @@ -55,7 +56,7 @@ static int md_new(BIO *bi) ctx = EVP_MD_CTX_new(); if (ctx == NULL) - return (0); + return 0; BIO_set_init(bi, 1); BIO_set_data(bi, ctx); @@ -66,7 +67,7 @@ static int md_new(BIO *bi) static int md_free(BIO *a) { if (a == NULL) - return (0); + return 0; EVP_MD_CTX_free(BIO_get_data(a)); BIO_set_data(a, NULL); BIO_set_init(a, 0); @@ -81,25 +82,25 @@ static int md_read(BIO *b, char *out, int outl) BIO *next; if (out == NULL) - return (0); + return 0; ctx = BIO_get_data(b); next = BIO_next(b); if ((ctx == NULL) || (next == NULL)) - return (0); + return 0; ret = BIO_read(next, out, outl); if (BIO_get_init(b)) { if (ret > 0) { if (EVP_DigestUpdate(ctx, (unsigned char *)out, (unsigned int)ret) <= 0) - return (-1); + return -1; } } BIO_clear_retry_flags(b); BIO_copy_next_retry(b); - return (ret); + return ret; } static int md_write(BIO *b, const char *in, int inl) @@ -194,7 +195,7 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr) ret = BIO_ctrl(next, cmd, num, ptr); break; } - return (ret); + return ret; } static long md_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) @@ -212,7 +213,7 @@ static long md_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) ret = BIO_callback_ctrl(next, cmd, fp); break; } - return (ret); + return ret; } static int md_gets(BIO *bp, char *buf, int size) @@ -228,5 +229,5 @@ static int md_gets(BIO *bp, char *buf, int size) if (EVP_DigestFinal_ex(ctx, (unsigned char *)buf, &ret) <= 0) return -1; - return ((int)ret); + return (int)ret; } diff --git a/deps/openssl/openssl/crypto/evp/bio_ok.c b/deps/openssl/openssl/crypto/evp/bio_ok.c index b156e62efda19b..a0462219beb7ee 100644 --- a/deps/openssl/openssl/crypto/evp/bio_ok.c +++ b/deps/openssl/openssl/crypto/evp/bio_ok.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,7 +8,7 @@ */ /*- - From: Arne Ansper + From: Arne Ansper Why BIO_f_reliable? @@ -110,7 +110,11 @@ typedef struct ok_struct { static const BIO_METHOD methods_ok = { BIO_TYPE_CIPHER, "reliable", + /* TODO: Convert to new style write function */ + bwrite_conv, ok_write, + /* TODO: Convert to new style read function */ + bread_conv, ok_read, NULL, /* ok_puts, */ NULL, /* ok_gets, */ @@ -122,16 +126,17 @@ static const BIO_METHOD methods_ok = { const BIO_METHOD *BIO_f_reliable(void) { - return (&methods_ok); + return &methods_ok; } static int ok_new(BIO *bi) { BIO_OK_CTX *ctx; - ctx = OPENSSL_zalloc(sizeof(*ctx)); - if (ctx == NULL) + if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) { + EVPerr(EVP_F_OK_NEW, ERR_R_MALLOC_FAILURE); return 0; + } ctx->cont = 1; ctx->sigio = 1; @@ -263,7 +268,7 @@ static int ok_write(BIO *b, const char *in, int inl) ret = inl; if ((ctx == NULL) || (next == NULL) || (BIO_get_init(b) == 0)) - return (0); + return 0; if (ctx->sigio && !sig_out(b)) return 0; @@ -277,7 +282,7 @@ static int ok_write(BIO *b, const char *in, int inl) BIO_copy_next_retry(b); if (!BIO_should_retry(b)) ctx->cont = 0; - return (i); + return i; } ctx->buf_off += i; n -= i; @@ -291,7 +296,7 @@ static int ok_write(BIO *b, const char *in, int inl) } if ((in == NULL) || (inl <= 0)) - return (0); + return 0; n = (inl + ctx->buf_len > OK_BLOCK_SIZE + OK_BLOCK_BLOCK) ? (int)(OK_BLOCK_SIZE + OK_BLOCK_BLOCK - ctx->buf_len) : inl; @@ -311,7 +316,7 @@ static int ok_write(BIO *b, const char *in, int inl) BIO_clear_retry_flags(b); BIO_copy_next_retry(b); - return (ret); + return ret; } static long ok_ctrl(BIO *b, int cmd, long num, void *ptr) diff --git a/deps/openssl/openssl/crypto/evp/build.info b/deps/openssl/openssl/crypto/evp/build.info index bf633dc7138eee..cc33ac3c494293 100644 --- a/deps/openssl/openssl/crypto/evp/build.info +++ b/deps/openssl/openssl/crypto/evp/build.info @@ -2,14 +2,14 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]=\ encode.c digest.c evp_enc.c evp_key.c evp_cnf.c \ e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c\ - e_rc4.c e_aes.c names.c e_seed.c \ + e_rc4.c e_aes.c names.c e_seed.c e_aria.c e_sm4.c \ e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \ m_null.c m_md2.c m_md4.c m_md5.c m_sha1.c m_wp.c \ - m_md5_sha1.c m_mdc2.c m_ripemd.c \ + m_md5_sha1.c m_mdc2.c m_ripemd.c m_sha3.c \ p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \ bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \ c_allc.c c_alld.c evp_lib.c bio_ok.c \ - evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c scrypt.c \ + evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c pbe_scrypt.c \ e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \ e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c \ e_chacha20_poly1305.c cmeth_lib.c @@ -17,6 +17,9 @@ SOURCE[../../libcrypto]=\ INCLUDE[e_aes.o]=.. ../modes INCLUDE[e_aes_cbc_hmac_sha1.o]=../modes INCLUDE[e_aes_cbc_hmac_sha256.o]=../modes +INCLUDE[e_aria.o]=.. ../modes INCLUDE[e_camellia.o]=.. ../modes +INCLUDE[e_sm4.o]=.. ../modes INCLUDE[e_des.o]=.. INCLUDE[e_des3.o]=.. +INCLUDE[m_sha3.o]=.. diff --git a/deps/openssl/openssl/crypto/evp/c_allc.c b/deps/openssl/openssl/crypto/evp/c_allc.c index 6ed31edbcb6d57..086b3c4d51b400 100644 --- a/deps/openssl/openssl/crypto/evp/c_allc.c +++ b/deps/openssl/openssl/crypto/evp/c_allc.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,7 +10,7 @@ #include #include "internal/cryptlib.h" #include -#include +#include "internal/evp_int.h" #include #include @@ -79,6 +79,16 @@ void openssl_add_all_ciphers_int(void) EVP_add_cipher_alias(SN_seed_cbc, "seed"); #endif +#ifndef OPENSSL_NO_SM4 + EVP_add_cipher(EVP_sm4_ecb()); + EVP_add_cipher(EVP_sm4_cbc()); + EVP_add_cipher(EVP_sm4_cfb()); + EVP_add_cipher(EVP_sm4_ofb()); + EVP_add_cipher(EVP_sm4_ctr()); + EVP_add_cipher_alias(SN_sm4_cbc, "SM4"); + EVP_add_cipher_alias(SN_sm4_cbc, "sm4"); +#endif + #ifndef OPENSSL_NO_RC2 EVP_add_cipher(EVP_rc2_ecb()); EVP_add_cipher(EVP_rc2_cfb()); @@ -181,6 +191,42 @@ void openssl_add_all_ciphers_int(void) EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256()); EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256()); +#ifndef OPENSSL_NO_ARIA + EVP_add_cipher(EVP_aria_128_ecb()); + EVP_add_cipher(EVP_aria_128_cbc()); + EVP_add_cipher(EVP_aria_128_cfb()); + EVP_add_cipher(EVP_aria_128_cfb1()); + EVP_add_cipher(EVP_aria_128_cfb8()); + EVP_add_cipher(EVP_aria_128_ctr()); + EVP_add_cipher(EVP_aria_128_ofb()); + EVP_add_cipher(EVP_aria_128_gcm()); + EVP_add_cipher(EVP_aria_128_ccm()); + EVP_add_cipher_alias(SN_aria_128_cbc, "ARIA128"); + EVP_add_cipher_alias(SN_aria_128_cbc, "aria128"); + EVP_add_cipher(EVP_aria_192_ecb()); + EVP_add_cipher(EVP_aria_192_cbc()); + EVP_add_cipher(EVP_aria_192_cfb()); + EVP_add_cipher(EVP_aria_192_cfb1()); + EVP_add_cipher(EVP_aria_192_cfb8()); + EVP_add_cipher(EVP_aria_192_ctr()); + EVP_add_cipher(EVP_aria_192_ofb()); + EVP_add_cipher(EVP_aria_192_gcm()); + EVP_add_cipher(EVP_aria_192_ccm()); + EVP_add_cipher_alias(SN_aria_192_cbc, "ARIA192"); + EVP_add_cipher_alias(SN_aria_192_cbc, "aria192"); + EVP_add_cipher(EVP_aria_256_ecb()); + EVP_add_cipher(EVP_aria_256_cbc()); + EVP_add_cipher(EVP_aria_256_cfb()); + EVP_add_cipher(EVP_aria_256_cfb1()); + EVP_add_cipher(EVP_aria_256_cfb8()); + EVP_add_cipher(EVP_aria_256_ctr()); + EVP_add_cipher(EVP_aria_256_ofb()); + EVP_add_cipher(EVP_aria_256_gcm()); + EVP_add_cipher(EVP_aria_256_ccm()); + EVP_add_cipher_alias(SN_aria_256_cbc, "ARIA256"); + EVP_add_cipher_alias(SN_aria_256_cbc, "aria256"); +#endif + #ifndef OPENSSL_NO_CAMELLIA EVP_add_cipher(EVP_camellia_128_ecb()); EVP_add_cipher(EVP_camellia_128_cbc()); diff --git a/deps/openssl/openssl/crypto/evp/c_alld.c b/deps/openssl/openssl/crypto/evp/c_alld.c index ec79734e67634a..1267531a7d23b8 100644 --- a/deps/openssl/openssl/crypto/evp/c_alld.c +++ b/deps/openssl/openssl/crypto/evp/c_alld.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,7 +10,7 @@ #include #include "internal/cryptlib.h" #include -#include +#include "internal/evp_int.h" #include #include @@ -39,11 +39,22 @@ void openssl_add_all_digests_int(void) EVP_add_digest(EVP_sha256()); EVP_add_digest(EVP_sha384()); EVP_add_digest(EVP_sha512()); + EVP_add_digest(EVP_sha512_224()); + EVP_add_digest(EVP_sha512_256()); #ifndef OPENSSL_NO_WHIRLPOOL EVP_add_digest(EVP_whirlpool()); #endif +#ifndef OPENSSL_NO_SM3 + EVP_add_digest(EVP_sm3()); +#endif #ifndef OPENSSL_NO_BLAKE2 EVP_add_digest(EVP_blake2b512()); EVP_add_digest(EVP_blake2s256()); #endif + EVP_add_digest(EVP_sha3_224()); + EVP_add_digest(EVP_sha3_256()); + EVP_add_digest(EVP_sha3_384()); + EVP_add_digest(EVP_sha3_512()); + EVP_add_digest(EVP_shake128()); + EVP_add_digest(EVP_shake256()); } diff --git a/deps/openssl/openssl/crypto/evp/digest.c b/deps/openssl/openssl/crypto/evp/digest.c index 65eff7c8c1bf75..f78dab7678654a 100644 --- a/deps/openssl/openssl/crypto/evp/digest.c +++ b/deps/openssl/openssl/crypto/evp/digest.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -32,7 +32,12 @@ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) { OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); } - EVP_PKEY_CTX_free(ctx->pctx); + /* + * pctx should be freed by the user of EVP_MD_CTX + * if EVP_MD_CTX_FLAG_KEEP_PKEY_CTX is set + */ + if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX)) + EVP_PKEY_CTX_free(ctx->pctx); #ifndef OPENSSL_NO_ENGINE ENGINE_finish(ctx->engine); #endif @@ -174,6 +179,27 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) return ret; } +int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t size) +{ + int ret = 0; + + if (ctx->digest->flags & EVP_MD_FLAG_XOF + && size <= INT_MAX + && ctx->digest->md_ctrl(ctx, EVP_MD_CTRL_XOF_LEN, (int)size, NULL)) { + ret = ctx->digest->final(ctx, md); + + if (ctx->digest->cleanup != NULL) { + ctx->digest->cleanup(ctx); + EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); + } + OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size); + } else { + EVPerr(EVP_F_EVP_DIGESTFINALXOF, EVP_R_NOT_XOF_OR_INVALID_LENGTH); + } + + return ret; +} + int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in) { EVP_MD_CTX_reset(out); @@ -203,6 +229,9 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) EVP_MD_CTX_reset(out); memcpy(out, in, sizeof(*out)); + /* copied EVP_MD_CTX should free the copied EVP_PKEY_CTX */ + EVP_MD_CTX_clear_flags(out, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX); + /* Null these variables, since they are getting fixed up * properly below. Anything else may cause a memleak and/or * double free if any of the memory allocations below fail diff --git a/deps/openssl/openssl/crypto/evp/e_aes.c b/deps/openssl/openssl/crypto/evp/e_aes.c index 3f36d7072d3d3d..39eb4f379a99a1 100644 --- a/deps/openssl/openssl/crypto/evp/e_aes.c +++ b/deps/openssl/openssl/crypto/evp/e_aes.c @@ -136,14 +136,30 @@ void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out, const unsigned char ivec[AES_BLOCK_SIZE]); #endif #ifdef AES_XTS_ASM -void AES_xts_encrypt(const char *inp, char *out, size_t len, +void AES_xts_encrypt(const unsigned char *inp, unsigned char *out, size_t len, const AES_KEY *key1, const AES_KEY *key2, const unsigned char iv[16]); -void AES_xts_decrypt(const char *inp, char *out, size_t len, +void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len, const AES_KEY *key1, const AES_KEY *key2, const unsigned char iv[16]); #endif +/* increment counter (64-bit int) by 1 */ +static void ctr64_inc(unsigned char *counter) +{ + int n = 8; + unsigned char c; + + do { + --n; + c = counter[n]; + ++c; + counter[n] = c; + if (c) + return; + } while (n); +} + #if defined(OPENSSL_CPUID_OBJ) && (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC)) # include "ppc_arch.h" # ifdef VPAES_ASM @@ -807,148 +823,1663 @@ static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, } } - aes_t4_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2, - EVP_CIPHER_CTX_key_length(ctx) * 4, - &xctx->ks2.ks); - xctx->xts.block2 = (block128_f) aes_t4_encrypt; + aes_t4_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2, + EVP_CIPHER_CTX_key_length(ctx) * 4, + &xctx->ks2.ks); + xctx->xts.block2 = (block128_f) aes_t4_encrypt; + + xctx->xts.key1 = &xctx->ks1; + } + + if (iv) { + xctx->xts.key2 = &xctx->ks2; + memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 16); + } + + return 1; +} + +# define aes_t4_xts_cipher aes_xts_cipher +static int aes_t4_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +static int aes_t4_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx); + if (!iv && !key) + return 1; + if (key) { + int bits = EVP_CIPHER_CTX_key_length(ctx) * 8; + aes_t4_set_encrypt_key(key, bits, &cctx->ks.ks); + CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, + &cctx->ks, (block128_f) aes_t4_encrypt); + cctx->str = NULL; + cctx->key_set = 1; + } + if (iv) { + memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 15 - cctx->L); + cctx->iv_set = 1; + } + return 1; +} + +# define aes_t4_ccm_cipher aes_ccm_cipher +static int aes_t4_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +# ifndef OPENSSL_NO_OCB +static int aes_t4_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx); + if (!iv && !key) + return 1; + if (key) { + do { + /* + * We set both the encrypt and decrypt key here because decrypt + * needs both. We could possibly optimise to remove setting the + * decrypt for an encryption operation. + */ + aes_t4_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + &octx->ksenc.ks); + aes_t4_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + &octx->ksdec.ks); + if (!CRYPTO_ocb128_init(&octx->ocb, + &octx->ksenc.ks, &octx->ksdec.ks, + (block128_f) aes_t4_encrypt, + (block128_f) aes_t4_decrypt, + NULL)) + return 0; + } + while (0); + + /* + * If we have an iv we can set it directly, otherwise use saved IV. + */ + if (iv == NULL && octx->iv_set) + iv = octx->iv; + if (iv) { + if (CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen) + != 1) + return 0; + octx->iv_set = 1; + } + octx->key_set = 1; + } else { + /* If key set use IV, otherwise copy */ + if (octx->key_set) + CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen); + else + memcpy(octx->iv, iv, octx->ivlen); + octx->iv_set = 1; + } + return 1; +} + +# define aes_t4_ocb_cipher aes_ocb_cipher +static int aes_t4_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); +# endif /* OPENSSL_NO_OCB */ + +# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ +static const EVP_CIPHER aes_t4_##keylen##_##mode = { \ + nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ + flags|EVP_CIPH_##MODE##_MODE, \ + aes_t4_init_key, \ + aes_t4_##mode##_cipher, \ + NULL, \ + sizeof(EVP_AES_KEY), \ + NULL,NULL,NULL,NULL }; \ +static const EVP_CIPHER aes_##keylen##_##mode = { \ + nid##_##keylen##_##nmode,blocksize, \ + keylen/8,ivlen, \ + flags|EVP_CIPH_##MODE##_MODE, \ + aes_init_key, \ + aes_##mode##_cipher, \ + NULL, \ + sizeof(EVP_AES_KEY), \ + NULL,NULL,NULL,NULL }; \ +const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ +{ return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; } + +# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \ +static const EVP_CIPHER aes_t4_##keylen##_##mode = { \ + nid##_##keylen##_##mode,blocksize, \ + (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \ + flags|EVP_CIPH_##MODE##_MODE, \ + aes_t4_##mode##_init_key, \ + aes_t4_##mode##_cipher, \ + aes_##mode##_cleanup, \ + sizeof(EVP_AES_##MODE##_CTX), \ + NULL,NULL,aes_##mode##_ctrl,NULL }; \ +static const EVP_CIPHER aes_##keylen##_##mode = { \ + nid##_##keylen##_##mode,blocksize, \ + (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \ + flags|EVP_CIPH_##MODE##_MODE, \ + aes_##mode##_init_key, \ + aes_##mode##_cipher, \ + aes_##mode##_cleanup, \ + sizeof(EVP_AES_##MODE##_CTX), \ + NULL,NULL,aes_##mode##_ctrl,NULL }; \ +const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ +{ return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; } + +#elif defined(OPENSSL_CPUID_OBJ) && defined(__s390__) +/* + * IBM S390X support + */ +# include "s390x_arch.h" + +typedef struct { + union { + double align; + /*- + * KM-AES parameter block - begin + * (see z/Architecture Principles of Operation >= SA22-7832-06) + */ + struct { + unsigned char k[32]; + } param; + /* KM-AES parameter block - end */ + } km; + unsigned int fc; +} S390X_AES_ECB_CTX; + +typedef struct { + union { + double align; + /*- + * KMO-AES parameter block - begin + * (see z/Architecture Principles of Operation >= SA22-7832-08) + */ + struct { + unsigned char cv[16]; + unsigned char k[32]; + } param; + /* KMO-AES parameter block - end */ + } kmo; + unsigned int fc; + + int res; +} S390X_AES_OFB_CTX; + +typedef struct { + union { + double align; + /*- + * KMF-AES parameter block - begin + * (see z/Architecture Principles of Operation >= SA22-7832-08) + */ + struct { + unsigned char cv[16]; + unsigned char k[32]; + } param; + /* KMF-AES parameter block - end */ + } kmf; + unsigned int fc; + + int res; +} S390X_AES_CFB_CTX; + +typedef struct { + union { + double align; + /*- + * KMA-GCM-AES parameter block - begin + * (see z/Architecture Principles of Operation >= SA22-7832-11) + */ + struct { + unsigned char reserved[12]; + union { + unsigned int w; + unsigned char b[4]; + } cv; + union { + unsigned long long g[2]; + unsigned char b[16]; + } t; + unsigned char h[16]; + unsigned long long taadl; + unsigned long long tpcl; + union { + unsigned long long g[2]; + unsigned int w[4]; + } j0; + unsigned char k[32]; + } param; + /* KMA-GCM-AES parameter block - end */ + } kma; + unsigned int fc; + int key_set; + + unsigned char *iv; + int ivlen; + int iv_set; + int iv_gen; + + int taglen; + + unsigned char ares[16]; + unsigned char mres[16]; + unsigned char kres[16]; + int areslen; + int mreslen; + int kreslen; + + int tls_aad_len; +} S390X_AES_GCM_CTX; + +typedef struct { + union { + double align; + /*- + * Padding is chosen so that ccm.kmac_param.k overlaps with key.k and + * ccm.fc with key.k.rounds. Remember that on s390x, an AES_KEY's + * rounds field is used to store the function code and that the key + * schedule is not stored (if aes hardware support is detected). + */ + struct { + unsigned char pad[16]; + AES_KEY k; + } key; + + struct { + /*- + * KMAC-AES parameter block - begin + * (see z/Architecture Principles of Operation >= SA22-7832-08) + */ + struct { + union { + unsigned long long g[2]; + unsigned char b[16]; + } icv; + unsigned char k[32]; + } kmac_param; + /* KMAC-AES paramater block - end */ + + union { + unsigned long long g[2]; + unsigned char b[16]; + } nonce; + union { + unsigned long long g[2]; + unsigned char b[16]; + } buf; + + unsigned long long blocks; + int l; + int m; + int tls_aad_len; + int iv_set; + int tag_set; + int len_set; + int key_set; + + unsigned char pad[140]; + unsigned int fc; + } ccm; + } aes; +} S390X_AES_CCM_CTX; + +/* Convert key size to function code: [16,24,32] -> [18,19,20]. */ +# define S390X_AES_FC(keylen) (S390X_AES_128 + ((((keylen) << 3) - 128) >> 6)) + +/* Most modes of operation need km for partial block processing. */ +# define S390X_aes_128_CAPABLE (OPENSSL_s390xcap_P.km[0] & \ + S390X_CAPBIT(S390X_AES_128)) +# define S390X_aes_192_CAPABLE (OPENSSL_s390xcap_P.km[0] & \ + S390X_CAPBIT(S390X_AES_192)) +# define S390X_aes_256_CAPABLE (OPENSSL_s390xcap_P.km[0] & \ + S390X_CAPBIT(S390X_AES_256)) + +# define s390x_aes_init_key aes_init_key +static int s390x_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); + +# define S390X_aes_128_cbc_CAPABLE 1 /* checked by callee */ +# define S390X_aes_192_cbc_CAPABLE 1 +# define S390X_aes_256_cbc_CAPABLE 1 +# define S390X_AES_CBC_CTX EVP_AES_KEY + +# define s390x_aes_cbc_init_key aes_init_key + +# define s390x_aes_cbc_cipher aes_cbc_cipher +static int s390x_aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +# define S390X_aes_128_ecb_CAPABLE S390X_aes_128_CAPABLE +# define S390X_aes_192_ecb_CAPABLE S390X_aes_192_CAPABLE +# define S390X_aes_256_ecb_CAPABLE S390X_aes_256_CAPABLE + +static int s390x_aes_ecb_init_key(EVP_CIPHER_CTX *ctx, + const unsigned char *key, + const unsigned char *iv, int enc) +{ + S390X_AES_ECB_CTX *cctx = EVP_C_DATA(S390X_AES_ECB_CTX, ctx); + const int keylen = EVP_CIPHER_CTX_key_length(ctx); + + cctx->fc = S390X_AES_FC(keylen); + if (!enc) + cctx->fc |= S390X_DECRYPT; + + memcpy(cctx->km.param.k, key, keylen); + return 1; +} + +static int s390x_aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) +{ + S390X_AES_ECB_CTX *cctx = EVP_C_DATA(S390X_AES_ECB_CTX, ctx); + + s390x_km(in, len, out, cctx->fc, &cctx->km.param); + return 1; +} + +# define S390X_aes_128_ofb_CAPABLE (S390X_aes_128_CAPABLE && \ + (OPENSSL_s390xcap_P.kmo[0] & \ + S390X_CAPBIT(S390X_AES_128))) +# define S390X_aes_192_ofb_CAPABLE (S390X_aes_192_CAPABLE && \ + (OPENSSL_s390xcap_P.kmo[0] & \ + S390X_CAPBIT(S390X_AES_192))) +# define S390X_aes_256_ofb_CAPABLE (S390X_aes_256_CAPABLE && \ + (OPENSSL_s390xcap_P.kmo[0] & \ + S390X_CAPBIT(S390X_AES_256))) + +static int s390x_aes_ofb_init_key(EVP_CIPHER_CTX *ctx, + const unsigned char *key, + const unsigned char *ivec, int enc) +{ + S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx); + const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx); + const int keylen = EVP_CIPHER_CTX_key_length(ctx); + const int ivlen = EVP_CIPHER_CTX_iv_length(ctx); + + memcpy(cctx->kmo.param.cv, iv, ivlen); + memcpy(cctx->kmo.param.k, key, keylen); + cctx->fc = S390X_AES_FC(keylen); + cctx->res = 0; + return 1; +} + +static int s390x_aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) +{ + S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx); + int n = cctx->res; + int rem; + + while (n && len) { + *out = *in ^ cctx->kmo.param.cv[n]; + n = (n + 1) & 0xf; + --len; + ++in; + ++out; + } + + rem = len & 0xf; + + len &= ~(size_t)0xf; + if (len) { + s390x_kmo(in, len, out, cctx->fc, &cctx->kmo.param); + + out += len; + in += len; + } + + if (rem) { + s390x_km(cctx->kmo.param.cv, 16, cctx->kmo.param.cv, cctx->fc, + cctx->kmo.param.k); + + while (rem--) { + out[n] = in[n] ^ cctx->kmo.param.cv[n]; + ++n; + } + } + + cctx->res = n; + return 1; +} + +# define S390X_aes_128_cfb_CAPABLE (S390X_aes_128_CAPABLE && \ + (OPENSSL_s390xcap_P.kmf[0] & \ + S390X_CAPBIT(S390X_AES_128))) +# define S390X_aes_192_cfb_CAPABLE (S390X_aes_192_CAPABLE && \ + (OPENSSL_s390xcap_P.kmf[0] & \ + S390X_CAPBIT(S390X_AES_192))) +# define S390X_aes_256_cfb_CAPABLE (S390X_aes_256_CAPABLE && \ + (OPENSSL_s390xcap_P.kmf[0] & \ + S390X_CAPBIT(S390X_AES_256))) + +static int s390x_aes_cfb_init_key(EVP_CIPHER_CTX *ctx, + const unsigned char *key, + const unsigned char *ivec, int enc) +{ + S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx); + const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx); + const int keylen = EVP_CIPHER_CTX_key_length(ctx); + const int ivlen = EVP_CIPHER_CTX_iv_length(ctx); + + cctx->fc = S390X_AES_FC(keylen); + cctx->fc |= 16 << 24; /* 16 bytes cipher feedback */ + if (!enc) + cctx->fc |= S390X_DECRYPT; + + cctx->res = 0; + memcpy(cctx->kmf.param.cv, iv, ivlen); + memcpy(cctx->kmf.param.k, key, keylen); + return 1; +} + +static int s390x_aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) +{ + S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx); + const int keylen = EVP_CIPHER_CTX_key_length(ctx); + const int enc = EVP_CIPHER_CTX_encrypting(ctx); + int n = cctx->res; + int rem; + unsigned char tmp; + + while (n && len) { + tmp = *in; + *out = cctx->kmf.param.cv[n] ^ tmp; + cctx->kmf.param.cv[n] = enc ? *out : tmp; + n = (n + 1) & 0xf; + --len; + ++in; + ++out; + } + + rem = len & 0xf; + + len &= ~(size_t)0xf; + if (len) { + s390x_kmf(in, len, out, cctx->fc, &cctx->kmf.param); + + out += len; + in += len; + } + + if (rem) { + s390x_km(cctx->kmf.param.cv, 16, cctx->kmf.param.cv, + S390X_AES_FC(keylen), cctx->kmf.param.k); + + while (rem--) { + tmp = in[n]; + out[n] = cctx->kmf.param.cv[n] ^ tmp; + cctx->kmf.param.cv[n] = enc ? out[n] : tmp; + ++n; + } + } + + cctx->res = n; + return 1; +} + +# define S390X_aes_128_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \ + S390X_CAPBIT(S390X_AES_128)) +# define S390X_aes_192_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \ + S390X_CAPBIT(S390X_AES_192)) +# define S390X_aes_256_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \ + S390X_CAPBIT(S390X_AES_256)) + +static int s390x_aes_cfb8_init_key(EVP_CIPHER_CTX *ctx, + const unsigned char *key, + const unsigned char *ivec, int enc) +{ + S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx); + const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx); + const int keylen = EVP_CIPHER_CTX_key_length(ctx); + const int ivlen = EVP_CIPHER_CTX_iv_length(ctx); + + cctx->fc = S390X_AES_FC(keylen); + cctx->fc |= 1 << 24; /* 1 byte cipher feedback */ + if (!enc) + cctx->fc |= S390X_DECRYPT; + + memcpy(cctx->kmf.param.cv, iv, ivlen); + memcpy(cctx->kmf.param.k, key, keylen); + return 1; +} + +static int s390x_aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) +{ + S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx); + + s390x_kmf(in, len, out, cctx->fc, &cctx->kmf.param); + return 1; +} + +# define S390X_aes_128_cfb1_CAPABLE 0 +# define S390X_aes_192_cfb1_CAPABLE 0 +# define S390X_aes_256_cfb1_CAPABLE 0 + +# define s390x_aes_cfb1_init_key aes_init_key + +# define s390x_aes_cfb1_cipher aes_cfb1_cipher +static int s390x_aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +# define S390X_aes_128_ctr_CAPABLE 1 /* checked by callee */ +# define S390X_aes_192_ctr_CAPABLE 1 +# define S390X_aes_256_ctr_CAPABLE 1 +# define S390X_AES_CTR_CTX EVP_AES_KEY + +# define s390x_aes_ctr_init_key aes_init_key + +# define s390x_aes_ctr_cipher aes_ctr_cipher +static int s390x_aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +# define S390X_aes_128_gcm_CAPABLE (S390X_aes_128_CAPABLE && \ + (OPENSSL_s390xcap_P.kma[0] & \ + S390X_CAPBIT(S390X_AES_128))) +# define S390X_aes_192_gcm_CAPABLE (S390X_aes_192_CAPABLE && \ + (OPENSSL_s390xcap_P.kma[0] & \ + S390X_CAPBIT(S390X_AES_192))) +# define S390X_aes_256_gcm_CAPABLE (S390X_aes_256_CAPABLE && \ + (OPENSSL_s390xcap_P.kma[0] & \ + S390X_CAPBIT(S390X_AES_256))) + +/* iv + padding length for iv lenghts != 12 */ +# define S390X_gcm_ivpadlen(i) ((((i) + 15) >> 4 << 4) + 16) + +/*- + * Process additional authenticated data. Returns 0 on success. Code is + * big-endian. + */ +static int s390x_aes_gcm_aad(S390X_AES_GCM_CTX *ctx, const unsigned char *aad, + size_t len) +{ + unsigned long long alen; + int n, rem; + + if (ctx->kma.param.tpcl) + return -2; + + alen = ctx->kma.param.taadl + len; + if (alen > (U64(1) << 61) || (sizeof(len) == 8 && alen < len)) + return -1; + ctx->kma.param.taadl = alen; + + n = ctx->areslen; + if (n) { + while (n && len) { + ctx->ares[n] = *aad; + n = (n + 1) & 0xf; + ++aad; + --len; + } + /* ctx->ares contains a complete block if offset has wrapped around */ + if (!n) { + s390x_kma(ctx->ares, 16, NULL, 0, NULL, ctx->fc, &ctx->kma.param); + ctx->fc |= S390X_KMA_HS; + } + ctx->areslen = n; + } + + rem = len & 0xf; + + len &= ~(size_t)0xf; + if (len) { + s390x_kma(aad, len, NULL, 0, NULL, ctx->fc, &ctx->kma.param); + aad += len; + ctx->fc |= S390X_KMA_HS; + } + + if (rem) { + ctx->areslen = rem; + + do { + --rem; + ctx->ares[rem] = aad[rem]; + } while (rem); + } + return 0; +} + +/*- + * En/de-crypt plain/cipher-text and authenticate ciphertext. Returns 0 for + * success. Code is big-endian. + */ +static int s390x_aes_gcm(S390X_AES_GCM_CTX *ctx, const unsigned char *in, + unsigned char *out, size_t len) +{ + const unsigned char *inptr; + unsigned long long mlen; + union { + unsigned int w[4]; + unsigned char b[16]; + } buf; + size_t inlen; + int n, rem, i; + + mlen = ctx->kma.param.tpcl + len; + if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len)) + return -1; + ctx->kma.param.tpcl = mlen; + + n = ctx->mreslen; + if (n) { + inptr = in; + inlen = len; + while (n && inlen) { + ctx->mres[n] = *inptr; + n = (n + 1) & 0xf; + ++inptr; + --inlen; + } + /* ctx->mres contains a complete block if offset has wrapped around */ + if (!n) { + s390x_kma(ctx->ares, ctx->areslen, ctx->mres, 16, buf.b, + ctx->fc | S390X_KMA_LAAD, &ctx->kma.param); + ctx->fc |= S390X_KMA_HS; + ctx->areslen = 0; + + /* previous call already encrypted/decrypted its remainder, + * see comment below */ + n = ctx->mreslen; + while (n) { + *out = buf.b[n]; + n = (n + 1) & 0xf; + ++out; + ++in; + --len; + } + ctx->mreslen = 0; + } + } + + rem = len & 0xf; + + len &= ~(size_t)0xf; + if (len) { + s390x_kma(ctx->ares, ctx->areslen, in, len, out, + ctx->fc | S390X_KMA_LAAD, &ctx->kma.param); + in += len; + out += len; + ctx->fc |= S390X_KMA_HS; + ctx->areslen = 0; + } + + /*- + * If there is a remainder, it has to be saved such that it can be + * processed by kma later. However, we also have to do the for-now + * unauthenticated encryption/decryption part here and now... + */ + if (rem) { + if (!ctx->mreslen) { + buf.w[0] = ctx->kma.param.j0.w[0]; + buf.w[1] = ctx->kma.param.j0.w[1]; + buf.w[2] = ctx->kma.param.j0.w[2]; + buf.w[3] = ctx->kma.param.cv.w + 1; + s390x_km(buf.b, 16, ctx->kres, ctx->fc & 0x1f, &ctx->kma.param.k); + } + + n = ctx->mreslen; + for (i = 0; i < rem; i++) { + ctx->mres[n + i] = in[i]; + out[i] = in[i] ^ ctx->kres[n + i]; + } + + ctx->mreslen += rem; + } + return 0; +} + +/*- + * Initialize context structure. Code is big-endian. + */ +static void s390x_aes_gcm_setiv(S390X_AES_GCM_CTX *ctx, + const unsigned char *iv) +{ + ctx->kma.param.t.g[0] = 0; + ctx->kma.param.t.g[1] = 0; + ctx->kma.param.tpcl = 0; + ctx->kma.param.taadl = 0; + ctx->mreslen = 0; + ctx->areslen = 0; + ctx->kreslen = 0; + + if (ctx->ivlen == 12) { + memcpy(&ctx->kma.param.j0, iv, ctx->ivlen); + ctx->kma.param.j0.w[3] = 1; + ctx->kma.param.cv.w = 1; + } else { + /* ctx->iv has the right size and is already padded. */ + memcpy(ctx->iv, iv, ctx->ivlen); + s390x_kma(ctx->iv, S390X_gcm_ivpadlen(ctx->ivlen), NULL, 0, NULL, + ctx->fc, &ctx->kma.param); + ctx->fc |= S390X_KMA_HS; + + ctx->kma.param.j0.g[0] = ctx->kma.param.t.g[0]; + ctx->kma.param.j0.g[1] = ctx->kma.param.t.g[1]; + ctx->kma.param.cv.w = ctx->kma.param.j0.w[3]; + ctx->kma.param.t.g[0] = 0; + ctx->kma.param.t.g[1] = 0; + } +} + +/*- + * Performs various operations on the context structure depending on control + * type. Returns 1 for success, 0 for failure and -1 for unknown control type. + * Code is big-endian. + */ +static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) +{ + S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, c); + S390X_AES_GCM_CTX *gctx_out; + EVP_CIPHER_CTX *out; + unsigned char *buf, *iv; + int ivlen, enc, len; + + switch (type) { + case EVP_CTRL_INIT: + ivlen = EVP_CIPHER_CTX_iv_length(c); + iv = EVP_CIPHER_CTX_iv_noconst(c); + gctx->key_set = 0; + gctx->iv_set = 0; + gctx->ivlen = ivlen; + gctx->iv = iv; + gctx->taglen = -1; + gctx->iv_gen = 0; + gctx->tls_aad_len = -1; + return 1; + + case EVP_CTRL_AEAD_SET_IVLEN: + if (arg <= 0) + return 0; + + if (arg != 12) { + iv = EVP_CIPHER_CTX_iv_noconst(c); + len = S390X_gcm_ivpadlen(arg); + + /* Allocate memory for iv if needed. */ + if (gctx->ivlen == 12 || len > S390X_gcm_ivpadlen(gctx->ivlen)) { + if (gctx->iv != iv) + OPENSSL_free(gctx->iv); + + if ((gctx->iv = OPENSSL_malloc(len)) == NULL) { + EVPerr(EVP_F_S390X_AES_GCM_CTRL, ERR_R_MALLOC_FAILURE); + return 0; + } + } + /* Add padding. */ + memset(gctx->iv + arg, 0, len - arg - 8); + *((unsigned long long *)(gctx->iv + len - 8)) = arg << 3; + } + gctx->ivlen = arg; + return 1; + + case EVP_CTRL_AEAD_SET_TAG: + buf = EVP_CIPHER_CTX_buf_noconst(c); + enc = EVP_CIPHER_CTX_encrypting(c); + if (arg <= 0 || arg > 16 || enc) + return 0; + + memcpy(buf, ptr, arg); + gctx->taglen = arg; + return 1; + + case EVP_CTRL_AEAD_GET_TAG: + enc = EVP_CIPHER_CTX_encrypting(c); + if (arg <= 0 || arg > 16 || !enc || gctx->taglen < 0) + return 0; + + memcpy(ptr, gctx->kma.param.t.b, arg); + return 1; + + case EVP_CTRL_GCM_SET_IV_FIXED: + /* Special case: -1 length restores whole iv */ + if (arg == -1) { + memcpy(gctx->iv, ptr, gctx->ivlen); + gctx->iv_gen = 1; + return 1; + } + /* + * Fixed field must be at least 4 bytes and invocation field at least + * 8. + */ + if ((arg < 4) || (gctx->ivlen - arg) < 8) + return 0; + + if (arg) + memcpy(gctx->iv, ptr, arg); + + enc = EVP_CIPHER_CTX_encrypting(c); + if (enc && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0) + return 0; + + gctx->iv_gen = 1; + return 1; + + case EVP_CTRL_GCM_IV_GEN: + if (gctx->iv_gen == 0 || gctx->key_set == 0) + return 0; + + s390x_aes_gcm_setiv(gctx, gctx->iv); + + if (arg <= 0 || arg > gctx->ivlen) + arg = gctx->ivlen; + + memcpy(ptr, gctx->iv + gctx->ivlen - arg, arg); + /* + * Invocation field will be at least 8 bytes in size and so no need + * to check wrap around or increment more than last 8 bytes. + */ + ctr64_inc(gctx->iv + gctx->ivlen - 8); + gctx->iv_set = 1; + return 1; + + case EVP_CTRL_GCM_SET_IV_INV: + enc = EVP_CIPHER_CTX_encrypting(c); + if (gctx->iv_gen == 0 || gctx->key_set == 0 || enc) + return 0; + + memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg); + s390x_aes_gcm_setiv(gctx, gctx->iv); + gctx->iv_set = 1; + return 1; + + case EVP_CTRL_AEAD_TLS1_AAD: + /* Save the aad for later use. */ + if (arg != EVP_AEAD_TLS1_AAD_LEN) + return 0; + + buf = EVP_CIPHER_CTX_buf_noconst(c); + memcpy(buf, ptr, arg); + gctx->tls_aad_len = arg; + + len = buf[arg - 2] << 8 | buf[arg - 1]; + /* Correct length for explicit iv. */ + if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN) + return 0; + len -= EVP_GCM_TLS_EXPLICIT_IV_LEN; + + /* If decrypting correct for tag too. */ + enc = EVP_CIPHER_CTX_encrypting(c); + if (!enc) { + if (len < EVP_GCM_TLS_TAG_LEN) + return 0; + len -= EVP_GCM_TLS_TAG_LEN; + } + buf[arg - 2] = len >> 8; + buf[arg - 1] = len & 0xff; + /* Extra padding: tag appended to record. */ + return EVP_GCM_TLS_TAG_LEN; + + case EVP_CTRL_COPY: + out = ptr; + gctx_out = EVP_C_DATA(S390X_AES_GCM_CTX, out); + iv = EVP_CIPHER_CTX_iv_noconst(c); + + if (gctx->iv == iv) { + gctx_out->iv = EVP_CIPHER_CTX_iv_noconst(out); + } else { + len = S390X_gcm_ivpadlen(gctx->ivlen); + + if ((gctx_out->iv = OPENSSL_malloc(len)) == NULL) { + EVPerr(EVP_F_S390X_AES_GCM_CTRL, ERR_R_MALLOC_FAILURE); + return 0; + } + + memcpy(gctx_out->iv, gctx->iv, len); + } + return 1; + + default: + return -1; + } +} + +/*- + * Set key and/or iv. Returns 1 on success. Otherwise 0 is returned. + */ +static int s390x_aes_gcm_init_key(EVP_CIPHER_CTX *ctx, + const unsigned char *key, + const unsigned char *iv, int enc) +{ + S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx); + int keylen; + + if (iv == NULL && key == NULL) + return 1; + + if (key != NULL) { + keylen = EVP_CIPHER_CTX_key_length(ctx); + memcpy(&gctx->kma.param.k, key, keylen); + + gctx->fc = S390X_AES_FC(keylen); + if (!enc) + gctx->fc |= S390X_DECRYPT; + + if (iv == NULL && gctx->iv_set) + iv = gctx->iv; + + if (iv != NULL) { + s390x_aes_gcm_setiv(gctx, iv); + gctx->iv_set = 1; + } + gctx->key_set = 1; + } else { + if (gctx->key_set) + s390x_aes_gcm_setiv(gctx, iv); + else + memcpy(gctx->iv, iv, gctx->ivlen); + + gctx->iv_set = 1; + gctx->iv_gen = 0; + } + return 1; +} + +/*- + * En/de-crypt and authenticate TLS packet. Returns the number of bytes written + * if successful. Otherwise -1 is returned. Code is big-endian. + */ +static int s390x_aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) +{ + S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx); + const unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx); + const int enc = EVP_CIPHER_CTX_encrypting(ctx); + int rv = -1; + + if (out != in || len < (EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN)) + return -1; + + if (EVP_CIPHER_CTX_ctrl(ctx, enc ? EVP_CTRL_GCM_IV_GEN + : EVP_CTRL_GCM_SET_IV_INV, + EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0) + goto err; + + in += EVP_GCM_TLS_EXPLICIT_IV_LEN; + out += EVP_GCM_TLS_EXPLICIT_IV_LEN; + len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN; + + gctx->kma.param.taadl = gctx->tls_aad_len << 3; + gctx->kma.param.tpcl = len << 3; + s390x_kma(buf, gctx->tls_aad_len, in, len, out, + gctx->fc | S390X_KMA_LAAD | S390X_KMA_LPC, &gctx->kma.param); + + if (enc) { + memcpy(out + len, gctx->kma.param.t.b, EVP_GCM_TLS_TAG_LEN); + rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN; + } else { + if (CRYPTO_memcmp(gctx->kma.param.t.b, in + len, + EVP_GCM_TLS_TAG_LEN)) { + OPENSSL_cleanse(out, len); + goto err; + } + rv = len; + } +err: + gctx->iv_set = 0; + gctx->tls_aad_len = -1; + return rv; +} + +/*- + * Called from EVP layer to initialize context, process additional + * authenticated data, en/de-crypt plain/cipher-text and authenticate + * ciphertext or process a TLS packet, depending on context. Returns bytes + * written on success. Otherwise -1 is returned. Code is big-endian. + */ +static int s390x_aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) +{ + S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx); + unsigned char *buf, tmp[16]; + int enc; + + if (!gctx->key_set) + return -1; + + if (gctx->tls_aad_len >= 0) + return s390x_aes_gcm_tls_cipher(ctx, out, in, len); + + if (!gctx->iv_set) + return -1; + + if (in != NULL) { + if (out == NULL) { + if (s390x_aes_gcm_aad(gctx, in, len)) + return -1; + } else { + if (s390x_aes_gcm(gctx, in, out, len)) + return -1; + } + return len; + } else { + gctx->kma.param.taadl <<= 3; + gctx->kma.param.tpcl <<= 3; + s390x_kma(gctx->ares, gctx->areslen, gctx->mres, gctx->mreslen, tmp, + gctx->fc | S390X_KMA_LAAD | S390X_KMA_LPC, &gctx->kma.param); + /* recall that we already did en-/decrypt gctx->mres + * and returned it to caller... */ + OPENSSL_cleanse(tmp, gctx->mreslen); + gctx->iv_set = 0; + + enc = EVP_CIPHER_CTX_encrypting(ctx); + if (enc) { + gctx->taglen = 16; + } else { + if (gctx->taglen < 0) + return -1; + + buf = EVP_CIPHER_CTX_buf_noconst(ctx); + if (CRYPTO_memcmp(buf, gctx->kma.param.t.b, gctx->taglen)) + return -1; + } + return 0; + } +} + +static int s390x_aes_gcm_cleanup(EVP_CIPHER_CTX *c) +{ + S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, c); + const unsigned char *iv; + + if (gctx == NULL) + return 0; + + iv = EVP_CIPHER_CTX_iv(c); + if (iv != gctx->iv) + OPENSSL_free(gctx->iv); + + OPENSSL_cleanse(gctx, sizeof(*gctx)); + return 1; +} + +# define S390X_AES_XTS_CTX EVP_AES_XTS_CTX +# define S390X_aes_128_xts_CAPABLE 1 /* checked by callee */ +# define S390X_aes_256_xts_CAPABLE 1 + +# define s390x_aes_xts_init_key aes_xts_init_key +static int s390x_aes_xts_init_key(EVP_CIPHER_CTX *ctx, + const unsigned char *key, + const unsigned char *iv, int enc); +# define s390x_aes_xts_cipher aes_xts_cipher +static int s390x_aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); +# define s390x_aes_xts_ctrl aes_xts_ctrl +static int s390x_aes_xts_ctrl(EVP_CIPHER_CTX *, int type, int arg, void *ptr); +# define s390x_aes_xts_cleanup aes_xts_cleanup + +# define S390X_aes_128_ccm_CAPABLE (S390X_aes_128_CAPABLE && \ + (OPENSSL_s390xcap_P.kmac[0] & \ + S390X_CAPBIT(S390X_AES_128))) +# define S390X_aes_192_ccm_CAPABLE (S390X_aes_192_CAPABLE && \ + (OPENSSL_s390xcap_P.kmac[0] & \ + S390X_CAPBIT(S390X_AES_192))) +# define S390X_aes_256_ccm_CAPABLE (S390X_aes_256_CAPABLE && \ + (OPENSSL_s390xcap_P.kmac[0] & \ + S390X_CAPBIT(S390X_AES_256))) + +# define S390X_CCM_AAD_FLAG 0x40 + +/*- + * Set nonce and length fields. Code is big-endian. + */ +static inline void s390x_aes_ccm_setiv(S390X_AES_CCM_CTX *ctx, + const unsigned char *nonce, + size_t mlen) +{ + ctx->aes.ccm.nonce.b[0] &= ~S390X_CCM_AAD_FLAG; + ctx->aes.ccm.nonce.g[1] = mlen; + memcpy(ctx->aes.ccm.nonce.b + 1, nonce, 15 - ctx->aes.ccm.l); +} + +/*- + * Process additional authenticated data. Code is big-endian. + */ +static void s390x_aes_ccm_aad(S390X_AES_CCM_CTX *ctx, const unsigned char *aad, + size_t alen) +{ + unsigned char *ptr; + int i, rem; + + if (!alen) + return; + + ctx->aes.ccm.nonce.b[0] |= S390X_CCM_AAD_FLAG; + + /* Suppress 'type-punned pointer dereference' warning. */ + ptr = ctx->aes.ccm.buf.b; + + if (alen < ((1 << 16) - (1 << 8))) { + *(uint16_t *)ptr = alen; + i = 2; + } else if (sizeof(alen) == 8 + && alen >= (size_t)1 << (32 % (sizeof(alen) * 8))) { + *(uint16_t *)ptr = 0xffff; + *(uint64_t *)(ptr + 2) = alen; + i = 10; + } else { + *(uint16_t *)ptr = 0xfffe; + *(uint32_t *)(ptr + 2) = alen; + i = 6; + } + + while (i < 16 && alen) { + ctx->aes.ccm.buf.b[i] = *aad; + ++aad; + --alen; + ++i; + } + while (i < 16) { + ctx->aes.ccm.buf.b[i] = 0; + ++i; + } + + ctx->aes.ccm.kmac_param.icv.g[0] = 0; + ctx->aes.ccm.kmac_param.icv.g[1] = 0; + s390x_kmac(ctx->aes.ccm.nonce.b, 32, ctx->aes.ccm.fc, + &ctx->aes.ccm.kmac_param); + ctx->aes.ccm.blocks += 2; + + rem = alen & 0xf; + alen &= ~(size_t)0xf; + if (alen) { + s390x_kmac(aad, alen, ctx->aes.ccm.fc, &ctx->aes.ccm.kmac_param); + ctx->aes.ccm.blocks += alen >> 4; + aad += alen; + } + if (rem) { + for (i = 0; i < rem; i++) + ctx->aes.ccm.kmac_param.icv.b[i] ^= aad[i]; + + s390x_km(ctx->aes.ccm.kmac_param.icv.b, 16, + ctx->aes.ccm.kmac_param.icv.b, ctx->aes.ccm.fc, + ctx->aes.ccm.kmac_param.k); + ctx->aes.ccm.blocks++; + } +} + +/*- + * En/de-crypt plain/cipher-text. Compute tag from plaintext. Returns 0 for + * success. + */ +static int s390x_aes_ccm(S390X_AES_CCM_CTX *ctx, const unsigned char *in, + unsigned char *out, size_t len, int enc) +{ + size_t n, rem; + unsigned int i, l, num; + unsigned char flags; + + flags = ctx->aes.ccm.nonce.b[0]; + if (!(flags & S390X_CCM_AAD_FLAG)) { + s390x_km(ctx->aes.ccm.nonce.b, 16, ctx->aes.ccm.kmac_param.icv.b, + ctx->aes.ccm.fc, ctx->aes.ccm.kmac_param.k); + ctx->aes.ccm.blocks++; + } + l = flags & 0x7; + ctx->aes.ccm.nonce.b[0] = l; + + /*- + * Reconstruct length from encoded length field + * and initialize it with counter value. + */ + n = 0; + for (i = 15 - l; i < 15; i++) { + n |= ctx->aes.ccm.nonce.b[i]; + ctx->aes.ccm.nonce.b[i] = 0; + n <<= 8; + } + n |= ctx->aes.ccm.nonce.b[15]; + ctx->aes.ccm.nonce.b[15] = 1; + + if (n != len) + return -1; /* length mismatch */ + + if (enc) { + /* Two operations per block plus one for tag encryption */ + ctx->aes.ccm.blocks += (((len + 15) >> 4) << 1) + 1; + if (ctx->aes.ccm.blocks > (1ULL << 61)) + return -2; /* too much data */ + } + + num = 0; + rem = len & 0xf; + len &= ~(size_t)0xf; + + if (enc) { + /* mac-then-encrypt */ + if (len) + s390x_kmac(in, len, ctx->aes.ccm.fc, &ctx->aes.ccm.kmac_param); + if (rem) { + for (i = 0; i < rem; i++) + ctx->aes.ccm.kmac_param.icv.b[i] ^= in[len + i]; + + s390x_km(ctx->aes.ccm.kmac_param.icv.b, 16, + ctx->aes.ccm.kmac_param.icv.b, ctx->aes.ccm.fc, + ctx->aes.ccm.kmac_param.k); + } + + CRYPTO_ctr128_encrypt_ctr32(in, out, len + rem, &ctx->aes.key.k, + ctx->aes.ccm.nonce.b, ctx->aes.ccm.buf.b, + &num, (ctr128_f)AES_ctr32_encrypt); + } else { + /* decrypt-then-mac */ + CRYPTO_ctr128_encrypt_ctr32(in, out, len + rem, &ctx->aes.key.k, + ctx->aes.ccm.nonce.b, ctx->aes.ccm.buf.b, + &num, (ctr128_f)AES_ctr32_encrypt); + + if (len) + s390x_kmac(out, len, ctx->aes.ccm.fc, &ctx->aes.ccm.kmac_param); + if (rem) { + for (i = 0; i < rem; i++) + ctx->aes.ccm.kmac_param.icv.b[i] ^= out[len + i]; + + s390x_km(ctx->aes.ccm.kmac_param.icv.b, 16, + ctx->aes.ccm.kmac_param.icv.b, ctx->aes.ccm.fc, + ctx->aes.ccm.kmac_param.k); + } + } + /* encrypt tag */ + for (i = 15 - l; i < 16; i++) + ctx->aes.ccm.nonce.b[i] = 0; + + s390x_km(ctx->aes.ccm.nonce.b, 16, ctx->aes.ccm.buf.b, ctx->aes.ccm.fc, + ctx->aes.ccm.kmac_param.k); + ctx->aes.ccm.kmac_param.icv.g[0] ^= ctx->aes.ccm.buf.g[0]; + ctx->aes.ccm.kmac_param.icv.g[1] ^= ctx->aes.ccm.buf.g[1]; + + ctx->aes.ccm.nonce.b[0] = flags; /* restore flags field */ + return 0; +} + +/*- + * En/de-crypt and authenticate TLS packet. Returns the number of bytes written + * if successful. Otherwise -1 is returned. + */ +static int s390x_aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) +{ + S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx); + unsigned char *ivec = EVP_CIPHER_CTX_iv_noconst(ctx); + unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx); + const int enc = EVP_CIPHER_CTX_encrypting(ctx); + + if (out != in + || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->aes.ccm.m)) + return -1; + + if (enc) { + /* Set explicit iv (sequence number). */ + memcpy(out, buf, EVP_CCM_TLS_EXPLICIT_IV_LEN); + } + + len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->aes.ccm.m; + /*- + * Get explicit iv (sequence number). We already have fixed iv + * (server/client_write_iv) here. + */ + memcpy(ivec + EVP_CCM_TLS_FIXED_IV_LEN, in, EVP_CCM_TLS_EXPLICIT_IV_LEN); + s390x_aes_ccm_setiv(cctx, ivec, len); + + /* Process aad (sequence number|type|version|length) */ + s390x_aes_ccm_aad(cctx, buf, cctx->aes.ccm.tls_aad_len); + + in += EVP_CCM_TLS_EXPLICIT_IV_LEN; + out += EVP_CCM_TLS_EXPLICIT_IV_LEN; + + if (enc) { + if (s390x_aes_ccm(cctx, in, out, len, enc)) + return -1; + + memcpy(out + len, cctx->aes.ccm.kmac_param.icv.b, cctx->aes.ccm.m); + return len + EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->aes.ccm.m; + } else { + if (!s390x_aes_ccm(cctx, in, out, len, enc)) { + if (!CRYPTO_memcmp(cctx->aes.ccm.kmac_param.icv.b, in + len, + cctx->aes.ccm.m)) + return len; + } + + OPENSSL_cleanse(out, len); + return -1; + } +} + +/*- + * Set key and flag field and/or iv. Returns 1 if successful. Otherwise 0 is + * returned. + */ +static int s390x_aes_ccm_init_key(EVP_CIPHER_CTX *ctx, + const unsigned char *key, + const unsigned char *iv, int enc) +{ + S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx); + unsigned char *ivec; + int keylen; - xctx->xts.key1 = &xctx->ks1; + if (iv == NULL && key == NULL) + return 1; + + if (key != NULL) { + keylen = EVP_CIPHER_CTX_key_length(ctx); + cctx->aes.ccm.fc = S390X_AES_FC(keylen); + memcpy(cctx->aes.ccm.kmac_param.k, key, keylen); + + /* Store encoded m and l. */ + cctx->aes.ccm.nonce.b[0] = ((cctx->aes.ccm.l - 1) & 0x7) + | (((cctx->aes.ccm.m - 2) >> 1) & 0x7) << 3; + memset(cctx->aes.ccm.nonce.b + 1, 0, + sizeof(cctx->aes.ccm.nonce.b)); + cctx->aes.ccm.blocks = 0; + + cctx->aes.ccm.key_set = 1; } - if (iv) { - xctx->xts.key2 = &xctx->ks2; - memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 16); + if (iv != NULL) { + ivec = EVP_CIPHER_CTX_iv_noconst(ctx); + memcpy(ivec, iv, 15 - cctx->aes.ccm.l); + + cctx->aes.ccm.iv_set = 1; } return 1; } -# define aes_t4_xts_cipher aes_xts_cipher -static int aes_t4_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -static int aes_t4_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) +/*- + * Called from EVP layer to initialize context, process additional + * authenticated data, en/de-crypt plain/cipher-text and authenticate + * plaintext or process a TLS packet, depending on context. Returns bytes + * written on success. Otherwise -1 is returned. + */ +static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) { - EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx); - if (!iv && !key) - return 1; - if (key) { - int bits = EVP_CIPHER_CTX_key_length(ctx) * 8; - aes_t4_set_encrypt_key(key, bits, &cctx->ks.ks); - CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, - &cctx->ks, (block128_f) aes_t4_encrypt); - cctx->str = NULL; - cctx->key_set = 1; + S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx); + const int enc = EVP_CIPHER_CTX_encrypting(ctx); + int rv; + unsigned char *buf, *ivec; + + if (!cctx->aes.ccm.key_set) + return -1; + + if (cctx->aes.ccm.tls_aad_len >= 0) + return s390x_aes_ccm_tls_cipher(ctx, out, in, len); + + /*- + * Final(): Does not return any data. Recall that ccm is mac-then-encrypt + * so integrity must be checked already at Update() i.e., before + * potentially corrupted data is output. + */ + if (in == NULL && out != NULL) + return 0; + + if (!cctx->aes.ccm.iv_set) + return -1; + + if (!enc && !cctx->aes.ccm.tag_set) + return -1; + + if (out == NULL) { + /* Update(): Pass message length. */ + if (in == NULL) { + ivec = EVP_CIPHER_CTX_iv_noconst(ctx); + s390x_aes_ccm_setiv(cctx, ivec, len); + + cctx->aes.ccm.len_set = 1; + return len; + } + + /* Update(): Process aad. */ + if (!cctx->aes.ccm.len_set && len) + return -1; + + s390x_aes_ccm_aad(cctx, in, len); + return len; } - if (iv) { - memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 15 - cctx->L); - cctx->iv_set = 1; + + /* Update(): Process message. */ + + if (!cctx->aes.ccm.len_set) { + /*- + * In case message length was not previously set explicitly via + * Update(), set it now. + */ + ivec = EVP_CIPHER_CTX_iv_noconst(ctx); + s390x_aes_ccm_setiv(cctx, ivec, len); + + cctx->aes.ccm.len_set = 1; } - return 1; -} -# define aes_t4_ccm_cipher aes_ccm_cipher -static int aes_t4_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); + if (enc) { + if (s390x_aes_ccm(cctx, in, out, len, enc)) + return -1; -# ifndef OPENSSL_NO_OCB -static int aes_t4_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + cctx->aes.ccm.tag_set = 1; + return len; + } else { + rv = -1; + + if (!s390x_aes_ccm(cctx, in, out, len, enc)) { + buf = EVP_CIPHER_CTX_buf_noconst(ctx); + if (!CRYPTO_memcmp(cctx->aes.ccm.kmac_param.icv.b, buf, + cctx->aes.ccm.m)) + rv = len; + } + + if (rv == -1) + OPENSSL_cleanse(out, len); + + cctx->aes.ccm.iv_set = 0; + cctx->aes.ccm.tag_set = 0; + cctx->aes.ccm.len_set = 0; + return rv; + } +} + +/*- + * Performs various operations on the context structure depending on control + * type. Returns 1 for success, 0 for failure and -1 for unknown control type. + * Code is big-endian. + */ +static int s390x_aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { - EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx); - if (!iv && !key) + S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, c); + unsigned char *buf, *iv; + int enc, len; + + switch (type) { + case EVP_CTRL_INIT: + cctx->aes.ccm.key_set = 0; + cctx->aes.ccm.iv_set = 0; + cctx->aes.ccm.l = 8; + cctx->aes.ccm.m = 12; + cctx->aes.ccm.tag_set = 0; + cctx->aes.ccm.len_set = 0; + cctx->aes.ccm.tls_aad_len = -1; return 1; - if (key) { - do { - /* - * We set both the encrypt and decrypt key here because decrypt - * needs both. We could possibly optimise to remove setting the - * decrypt for an encryption operation. - */ - aes_t4_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, - &octx->ksenc.ks); - aes_t4_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, - &octx->ksdec.ks); - if (!CRYPTO_ocb128_init(&octx->ocb, - &octx->ksenc.ks, &octx->ksdec.ks, - (block128_f) aes_t4_encrypt, - (block128_f) aes_t4_decrypt, - NULL)) + + case EVP_CTRL_AEAD_TLS1_AAD: + if (arg != EVP_AEAD_TLS1_AAD_LEN) + return 0; + + /* Save the aad for later use. */ + buf = EVP_CIPHER_CTX_buf_noconst(c); + memcpy(buf, ptr, arg); + cctx->aes.ccm.tls_aad_len = arg; + + len = buf[arg - 2] << 8 | buf[arg - 1]; + if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN) + return 0; + + /* Correct length for explicit iv. */ + len -= EVP_CCM_TLS_EXPLICIT_IV_LEN; + + enc = EVP_CIPHER_CTX_encrypting(c); + if (!enc) { + if (len < cctx->aes.ccm.m) return 0; + + /* Correct length for tag. */ + len -= cctx->aes.ccm.m; } - while (0); - /* - * If we have an iv we can set it directly, otherwise use saved IV. - */ - if (iv == NULL && octx->iv_set) - iv = octx->iv; - if (iv) { - if (CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen) - != 1) - return 0; - octx->iv_set = 1; + buf[arg - 2] = len >> 8; + buf[arg - 1] = len & 0xff; + + /* Extra padding: tag appended to record. */ + return cctx->aes.ccm.m; + + case EVP_CTRL_CCM_SET_IV_FIXED: + if (arg != EVP_CCM_TLS_FIXED_IV_LEN) + return 0; + + /* Copy to first part of the iv. */ + iv = EVP_CIPHER_CTX_iv_noconst(c); + memcpy(iv, ptr, arg); + return 1; + + case EVP_CTRL_AEAD_SET_IVLEN: + arg = 15 - arg; + /* fall-through */ + + case EVP_CTRL_CCM_SET_L: + if (arg < 2 || arg > 8) + return 0; + + cctx->aes.ccm.l = arg; + return 1; + + case EVP_CTRL_AEAD_SET_TAG: + if ((arg & 1) || arg < 4 || arg > 16) + return 0; + + enc = EVP_CIPHER_CTX_encrypting(c); + if (enc && ptr) + return 0; + + if (ptr) { + cctx->aes.ccm.tag_set = 1; + buf = EVP_CIPHER_CTX_buf_noconst(c); + memcpy(buf, ptr, arg); } - octx->key_set = 1; - } else { - /* If key set use IV, otherwise copy */ - if (octx->key_set) - CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen); - else - memcpy(octx->iv, iv, octx->ivlen); - octx->iv_set = 1; + + cctx->aes.ccm.m = arg; + return 1; + + case EVP_CTRL_AEAD_GET_TAG: + enc = EVP_CIPHER_CTX_encrypting(c); + if (!enc || !cctx->aes.ccm.tag_set) + return 0; + + if(arg < cctx->aes.ccm.m) + return 0; + + memcpy(ptr, cctx->aes.ccm.kmac_param.icv.b, cctx->aes.ccm.m); + cctx->aes.ccm.tag_set = 0; + cctx->aes.ccm.iv_set = 0; + cctx->aes.ccm.len_set = 0; + return 1; + + case EVP_CTRL_COPY: + return 1; + + default: + return -1; } - return 1; } -# define aes_t4_ocb_cipher aes_ocb_cipher -static int aes_t4_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); -# endif /* OPENSSL_NO_OCB */ +# define s390x_aes_ccm_cleanup aes_ccm_cleanup -# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ -static const EVP_CIPHER aes_t4_##keylen##_##mode = { \ - nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ - flags|EVP_CIPH_##MODE##_MODE, \ - aes_t4_init_key, \ - aes_t4_##mode##_cipher, \ - NULL, \ - sizeof(EVP_AES_KEY), \ - NULL,NULL,NULL,NULL }; \ -static const EVP_CIPHER aes_##keylen##_##mode = { \ - nid##_##keylen##_##nmode,blocksize, \ - keylen/8,ivlen, \ - flags|EVP_CIPH_##MODE##_MODE, \ - aes_init_key, \ - aes_##mode##_cipher, \ - NULL, \ - sizeof(EVP_AES_KEY), \ - NULL,NULL,NULL,NULL }; \ -const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ -{ return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; } +# ifndef OPENSSL_NO_OCB +# define S390X_AES_OCB_CTX EVP_AES_OCB_CTX +# define S390X_aes_128_ocb_CAPABLE 0 +# define S390X_aes_192_ocb_CAPABLE 0 +# define S390X_aes_256_ocb_CAPABLE 0 + +# define s390x_aes_ocb_init_key aes_ocb_init_key +static int s390x_aes_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); +# define s390x_aes_ocb_cipher aes_ocb_cipher +static int s390x_aes_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); +# define s390x_aes_ocb_cleanup aes_ocb_cleanup +static int s390x_aes_ocb_cleanup(EVP_CIPHER_CTX *); +# define s390x_aes_ocb_ctrl aes_ocb_ctrl +static int s390x_aes_ocb_ctrl(EVP_CIPHER_CTX *, int type, int arg, void *ptr); +# endif -# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \ -static const EVP_CIPHER aes_t4_##keylen##_##mode = { \ - nid##_##keylen##_##mode,blocksize, \ - (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \ - flags|EVP_CIPH_##MODE##_MODE, \ - aes_t4_##mode##_init_key, \ - aes_t4_##mode##_cipher, \ - aes_##mode##_cleanup, \ - sizeof(EVP_AES_##MODE##_CTX), \ - NULL,NULL,aes_##mode##_ctrl,NULL }; \ -static const EVP_CIPHER aes_##keylen##_##mode = { \ - nid##_##keylen##_##mode,blocksize, \ - (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \ - flags|EVP_CIPH_##MODE##_MODE, \ - aes_##mode##_init_key, \ - aes_##mode##_cipher, \ - aes_##mode##_cleanup, \ - sizeof(EVP_AES_##MODE##_CTX), \ - NULL,NULL,aes_##mode##_ctrl,NULL }; \ -const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ -{ return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; } +# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode, \ + MODE,flags) \ +static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \ + nid##_##keylen##_##nmode,blocksize, \ + keylen / 8, \ + ivlen, \ + flags | EVP_CIPH_##MODE##_MODE, \ + s390x_aes_##mode##_init_key, \ + s390x_aes_##mode##_cipher, \ + NULL, \ + sizeof(S390X_AES_##MODE##_CTX), \ + NULL, \ + NULL, \ + NULL, \ + NULL \ +}; \ +static const EVP_CIPHER aes_##keylen##_##mode = { \ + nid##_##keylen##_##nmode, \ + blocksize, \ + keylen / 8, \ + ivlen, \ + flags | EVP_CIPH_##MODE##_MODE, \ + aes_init_key, \ + aes_##mode##_cipher, \ + NULL, \ + sizeof(EVP_AES_KEY), \ + NULL, \ + NULL, \ + NULL, \ + NULL \ +}; \ +const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ +{ \ + return S390X_aes_##keylen##_##mode##_CAPABLE ? \ + &s390x_aes_##keylen##_##mode : &aes_##keylen##_##mode; \ +} + +# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags)\ +static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \ + nid##_##keylen##_##mode, \ + blocksize, \ + (EVP_CIPH_##MODE##_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) * keylen / 8, \ + ivlen, \ + flags | EVP_CIPH_##MODE##_MODE, \ + s390x_aes_##mode##_init_key, \ + s390x_aes_##mode##_cipher, \ + s390x_aes_##mode##_cleanup, \ + sizeof(S390X_AES_##MODE##_CTX), \ + NULL, \ + NULL, \ + s390x_aes_##mode##_ctrl, \ + NULL \ +}; \ +static const EVP_CIPHER aes_##keylen##_##mode = { \ + nid##_##keylen##_##mode,blocksize, \ + (EVP_CIPH_##MODE##_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) * keylen / 8, \ + ivlen, \ + flags | EVP_CIPH_##MODE##_MODE, \ + aes_##mode##_init_key, \ + aes_##mode##_cipher, \ + aes_##mode##_cleanup, \ + sizeof(EVP_AES_##MODE##_CTX), \ + NULL, \ + NULL, \ + aes_##mode##_ctrl, \ + NULL \ +}; \ +const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ +{ \ + return S390X_aes_##keylen##_##mode##_CAPABLE ? \ + &s390x_aes_##keylen##_##mode : &aes_##keylen##_##mode; \ +} #else @@ -1278,22 +2809,6 @@ static int aes_gcm_cleanup(EVP_CIPHER_CTX *c) return 1; } -/* increment counter (64-bit int) by 1 */ -static void ctr64_inc(unsigned char *counter) -{ - int n = 8; - unsigned char c; - - do { - --n; - c = counter[n]; - ++c; - counter[n] = c; - if (c) - return; - } while (n); -} - static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,c); @@ -1301,8 +2816,8 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) case EVP_CTRL_INIT: gctx->key_set = 0; gctx->iv_set = 0; - gctx->ivlen = EVP_CIPHER_CTX_iv_length(c); - gctx->iv = EVP_CIPHER_CTX_iv_noconst(c); + gctx->ivlen = c->cipher->iv_len; + gctx->iv = c->iv; gctx->taglen = -1; gctx->iv_gen = 0; gctx->tls_aad_len = -1; @@ -1313,27 +2828,28 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) return 0; /* Allocate memory for IV if needed */ if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) { - if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(c)) + if (gctx->iv != c->iv) OPENSSL_free(gctx->iv); - gctx->iv = OPENSSL_malloc(arg); - if (gctx->iv == NULL) + if ((gctx->iv = OPENSSL_malloc(arg)) == NULL) { + EVPerr(EVP_F_AES_GCM_CTRL, ERR_R_MALLOC_FAILURE); return 0; + } } gctx->ivlen = arg; return 1; case EVP_CTRL_AEAD_SET_TAG: - if (arg <= 0 || arg > 16 || EVP_CIPHER_CTX_encrypting(c)) + if (arg <= 0 || arg > 16 || c->encrypt) return 0; - memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg); + memcpy(c->buf, ptr, arg); gctx->taglen = arg; return 1; case EVP_CTRL_AEAD_GET_TAG: - if (arg <= 0 || arg > 16 || !EVP_CIPHER_CTX_encrypting(c) + if (arg <= 0 || arg > 16 || !c->encrypt || gctx->taglen < 0) return 0; - memcpy(ptr, EVP_CIPHER_CTX_buf_noconst(c), arg); + memcpy(ptr, c->buf, arg); return 1; case EVP_CTRL_GCM_SET_IV_FIXED: @@ -1351,8 +2867,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) return 0; if (arg) memcpy(gctx->iv, ptr, arg); - if (EVP_CIPHER_CTX_encrypting(c) - && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0) + if (c->encrypt && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0) return 0; gctx->iv_gen = 1; return 1; @@ -1373,8 +2888,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) return 1; case EVP_CTRL_GCM_SET_IV_INV: - if (gctx->iv_gen == 0 || gctx->key_set == 0 - || EVP_CIPHER_CTX_encrypting(c)) + if (gctx->iv_gen == 0 || gctx->key_set == 0 || c->encrypt) return 0; memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg); CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen); @@ -1385,24 +2899,22 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) /* Save the AAD for later use */ if (arg != EVP_AEAD_TLS1_AAD_LEN) return 0; - memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg); + memcpy(c->buf, ptr, arg); gctx->tls_aad_len = arg; { - unsigned int len = - EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] << 8 - | EVP_CIPHER_CTX_buf_noconst(c)[arg - 1]; + unsigned int len = c->buf[arg - 2] << 8 | c->buf[arg - 1]; /* Correct length for explicit IV */ if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN) return 0; len -= EVP_GCM_TLS_EXPLICIT_IV_LEN; /* If decrypting correct for tag too */ - if (!EVP_CIPHER_CTX_encrypting(c)) { + if (!c->encrypt) { if (len < EVP_GCM_TLS_TAG_LEN) return 0; len -= EVP_GCM_TLS_TAG_LEN; } - EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] = len >> 8; - EVP_CIPHER_CTX_buf_noconst(c)[arg - 1] = len & 0xff; + c->buf[arg - 2] = len >> 8; + c->buf[arg - 1] = len & 0xff; } /* Extra padding: tag appended to record */ return EVP_GCM_TLS_TAG_LEN; @@ -1416,12 +2928,13 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) return 0; gctx_out->gcm.key = &gctx_out->ks; } - if (gctx->iv == EVP_CIPHER_CTX_iv_noconst(c)) - gctx_out->iv = EVP_CIPHER_CTX_iv_noconst(out); + if (gctx->iv == c->iv) + gctx_out->iv = out->iv; else { - gctx_out->iv = OPENSSL_malloc(gctx->ivlen); - if (gctx_out->iv == NULL) + if ((gctx_out->iv = OPENSSL_malloc(gctx->ivlen)) == NULL) { + EVPerr(EVP_F_AES_GCM_CTRL, ERR_R_MALLOC_FAILURE); return 0; + } memcpy(gctx_out->iv, gctx->iv, gctx->ivlen); } return 1; @@ -1443,8 +2956,7 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, do { #ifdef HWAES_CAPABLE if (HWAES_CAPABLE) { - HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, - &gctx->ks.ks); + HWAES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks); CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f) HWAES_encrypt); # ifdef HWAES_ctr32_encrypt_blocks @@ -1457,8 +2969,7 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, #endif #ifdef BSAES_CAPABLE if (BSAES_CAPABLE) { - AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, - &gctx->ks.ks); + AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks); CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f) AES_encrypt); gctx->ctr = (ctr128_f) bsaes_ctr32_encrypt_blocks; @@ -1467,8 +2978,7 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, #endif #ifdef VPAES_CAPABLE if (VPAES_CAPABLE) { - vpaes_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, - &gctx->ks.ks); + vpaes_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks); CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f) vpaes_encrypt); gctx->ctr = NULL; @@ -1477,8 +2987,7 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, #endif (void)0; /* terminate potentially open 'else' */ - AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, - &gctx->ks.ks); + AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks); CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f) AES_encrypt); #ifdef AES_CTR_ASM @@ -1530,19 +3039,18 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, * Set IV from start of buffer or generate IV and write to start of * buffer. */ - if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CIPHER_CTX_encrypting(ctx) ? - EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV, + if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ? EVP_CTRL_GCM_IV_GEN + : EVP_CTRL_GCM_SET_IV_INV, EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0) goto err; /* Use saved AAD */ - if (CRYPTO_gcm128_aad(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx), - gctx->tls_aad_len)) + if (CRYPTO_gcm128_aad(&gctx->gcm, ctx->buf, gctx->tls_aad_len)) goto err; /* Fix buffer and length to point to payload */ in += EVP_GCM_TLS_EXPLICIT_IV_LEN; out += EVP_GCM_TLS_EXPLICIT_IV_LEN; len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN; - if (EVP_CIPHER_CTX_encrypting(ctx)) { + if (ctx->encrypt) { /* Encrypt payload */ if (gctx->ctr) { size_t bulk = 0; @@ -1621,11 +3129,9 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, goto err; } /* Retrieve tag */ - CRYPTO_gcm128_tag(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx), - EVP_GCM_TLS_TAG_LEN); + CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, EVP_GCM_TLS_TAG_LEN); /* If tag mismatch wipe buffer */ - if (CRYPTO_memcmp(EVP_CIPHER_CTX_buf_noconst(ctx), in + len, - EVP_GCM_TLS_TAG_LEN)) { + if (CRYPTO_memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) { OPENSSL_cleanse(out, len); goto err; } @@ -1655,7 +3161,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (out == NULL) { if (CRYPTO_gcm128_aad(&gctx->gcm, in, len)) return -1; - } else if (EVP_CIPHER_CTX_encrypting(ctx)) { + } else if (ctx->encrypt) { if (gctx->ctr) { size_t bulk = 0; #if defined(AES_GCM_ASM) @@ -1746,17 +3252,15 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } return len; } else { - if (!EVP_CIPHER_CTX_encrypting(ctx)) { + if (!ctx->encrypt) { if (gctx->taglen < 0) return -1; - if (CRYPTO_gcm128_finish(&gctx->gcm, - EVP_CIPHER_CTX_buf_noconst(ctx), - gctx->taglen) != 0) + if (CRYPTO_gcm128_finish(&gctx->gcm, ctx->buf, gctx->taglen) != 0) return -1; gctx->iv_set = 0; return 0; } - CRYPTO_gcm128_tag(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx), 16); + CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, 16); gctx->taglen = 16; /* Don't reuse the IV */ gctx->iv_set = 0; @@ -2132,6 +3636,10 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (cctx->tls_aad_len >= 0) return aes_ccm_tls_cipher(ctx, out, in, len); + /* EVP_*Final() doesn't return any data */ + if (in == NULL && out != NULL) + return 0; + if (!cctx->iv_set) return -1; @@ -2151,9 +3659,6 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, CRYPTO_ccm128_aad(ccm, in, len); return len; } - /* EVP_*Final() doesn't return any data */ - if (!in) - return 0; /* If not set length yet do it */ if (!cctx->len_set) { if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx), diff --git a/deps/openssl/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c b/deps/openssl/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c index f30f722e404563..09d24dc3d02a02 100644 --- a/deps/openssl/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c +++ b/deps/openssl/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c @@ -570,7 +570,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } # endif -# if 1 +# if 1 /* see original reference version in #else */ len -= SHA_DIGEST_LENGTH; /* amend mac */ if (len >= (256 + SHA_CBLOCK)) { j = (len - (256 + SHA_CBLOCK)) & (0 - SHA_CBLOCK); @@ -664,7 +664,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } # endif len += SHA_DIGEST_LENGTH; -# else +# else /* pre-lucky-13 reference version of above */ SHA1_Update(&key->md, out, inp_len); res = key->md.num; SHA1_Final(pmac->c, &key->md); @@ -691,7 +691,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, /* verify HMAC */ out += inp_len; len -= inp_len; -# if 1 +# if 1 /* see original reference version in #else */ { unsigned char *p = out + len - 1 - maxpad - SHA_DIGEST_LENGTH; size_t off = out - p; @@ -713,7 +713,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1)); ret &= (int)~res; } -# else +# else /* pre-lucky-13 reference version of above */ for (res = 0, i = 0; i < SHA_DIGEST_LENGTH; i++) res |= out[i] ^ pmac->c[i]; res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1)); diff --git a/deps/openssl/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c b/deps/openssl/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c index 13973f110d5f75..caac0c9d3da236 100644 --- a/deps/openssl/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c +++ b/deps/openssl/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c @@ -559,7 +559,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, key->md = key->head; SHA256_Update(&key->md, key->aux.tls_aad, plen); -# if 1 +# if 1 /* see original reference version in #else */ len -= SHA256_DIGEST_LENGTH; /* amend mac */ if (len >= (256 + SHA256_CBLOCK)) { j = (len - (256 + SHA256_CBLOCK)) & (0 - SHA256_CBLOCK); @@ -687,7 +687,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, for (; inp_blocks < pad_blocks; inp_blocks++) sha1_block_data_order(&key->md, data, 1); } -# endif +# endif /* pre-lucky-13 reference version of above */ key->md = key->tail; SHA256_Update(&key->md, pmac->c, SHA256_DIGEST_LENGTH); SHA256_Final(pmac->c, &key->md); @@ -695,7 +695,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, /* verify HMAC */ out += inp_len; len -= inp_len; -# if 1 +# if 1 /* see original reference version in #else */ { unsigned char *p = out + len - 1 - maxpad - SHA256_DIGEST_LENGTH; @@ -718,7 +718,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1)); ret &= (int)~res; } -# else +# else /* pre-lucky-13 reference version of above */ for (res = 0, i = 0; i < SHA256_DIGEST_LENGTH; i++) res |= out[i] ^ pmac->c[i]; res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1)); diff --git a/deps/openssl/openssl/crypto/evp/e_aria.c b/deps/openssl/openssl/crypto/evp/e_aria.c new file mode 100644 index 00000000000000..81c8a7eaf1d33c --- /dev/null +++ b/deps/openssl/openssl/crypto/evp/e_aria.c @@ -0,0 +1,756 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "internal/cryptlib.h" +#ifndef OPENSSL_NO_ARIA +# include +# include +# include +# include +# include "internal/aria.h" +# include "internal/evp_int.h" +# include "modes_lcl.h" +# include "evp_locl.h" + +/* ARIA subkey Structure */ +typedef struct { + ARIA_KEY ks; +} EVP_ARIA_KEY; + +/* ARIA GCM context */ +typedef struct { + union { + double align; + ARIA_KEY ks; + } ks; /* ARIA subkey to use */ + int key_set; /* Set if key initialised */ + int iv_set; /* Set if an iv is set */ + GCM128_CONTEXT gcm; + unsigned char *iv; /* Temporary IV store */ + int ivlen; /* IV length */ + int taglen; + int iv_gen; /* It is OK to generate IVs */ + int tls_aad_len; /* TLS AAD length */ +} EVP_ARIA_GCM_CTX; + +/* ARIA CCM context */ +typedef struct { + union { + double align; + ARIA_KEY ks; + } ks; /* ARIA key schedule to use */ + int key_set; /* Set if key initialised */ + int iv_set; /* Set if an iv is set */ + int tag_set; /* Set if tag is valid */ + int len_set; /* Set if message length set */ + int L, M; /* L and M parameters from RFC3610 */ + int tls_aad_len; /* TLS AAD length */ + CCM128_CONTEXT ccm; + ccm128_f str; +} EVP_ARIA_CCM_CTX; + +/* The subkey for ARIA is generated. */ +static int aria_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + int ret; + int mode = EVP_CIPHER_CTX_mode(ctx); + + if (enc || (mode != EVP_CIPH_ECB_MODE && mode != EVP_CIPH_CBC_MODE)) + ret = aria_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + EVP_CIPHER_CTX_get_cipher_data(ctx)); + else + ret = aria_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + EVP_CIPHER_CTX_get_cipher_data(ctx)); + if (ret < 0) { + EVPerr(EVP_F_ARIA_INIT_KEY,EVP_R_ARIA_KEY_SETUP_FAILED); + return 0; + } + return 1; +} + +static void aria_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const ARIA_KEY *key, + unsigned char *ivec, const int enc) +{ + + if (enc) + CRYPTO_cbc128_encrypt(in, out, len, key, ivec, + (block128_f) aria_encrypt); + else + CRYPTO_cbc128_decrypt(in, out, len, key, ivec, + (block128_f) aria_encrypt); +} + +static void aria_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const ARIA_KEY *key, + unsigned char *ivec, int *num, const int enc) +{ + + CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc, + (block128_f) aria_encrypt); +} + +static void aria_cfb1_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const ARIA_KEY *key, + unsigned char *ivec, int *num, const int enc) +{ + CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc, + (block128_f) aria_encrypt); +} + +static void aria_cfb8_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const ARIA_KEY *key, + unsigned char *ivec, int *num, const int enc) +{ + CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc, + (block128_f) aria_encrypt); +} + +static void aria_ecb_encrypt(const unsigned char *in, unsigned char *out, + const ARIA_KEY *key, const int enc) +{ + aria_encrypt(in, out, key); +} + +static void aria_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const ARIA_KEY *key, + unsigned char *ivec, int *num) +{ + CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num, + (block128_f) aria_encrypt); +} + +IMPLEMENT_BLOCK_CIPHER(aria_128, ks, aria, EVP_ARIA_KEY, + NID_aria_128, 16, 16, 16, 128, + 0, aria_init_key, NULL, + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL) +IMPLEMENT_BLOCK_CIPHER(aria_192, ks, aria, EVP_ARIA_KEY, + NID_aria_192, 16, 24, 16, 128, + 0, aria_init_key, NULL, + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL) +IMPLEMENT_BLOCK_CIPHER(aria_256, ks, aria, EVP_ARIA_KEY, + NID_aria_256, 16, 32, 16, 128, + 0, aria_init_key, NULL, + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL) + +# define IMPLEMENT_ARIA_CFBR(ksize,cbits) \ + IMPLEMENT_CFBR(aria,aria,EVP_ARIA_KEY,ks,ksize,cbits,16,0) +IMPLEMENT_ARIA_CFBR(128,1) +IMPLEMENT_ARIA_CFBR(192,1) +IMPLEMENT_ARIA_CFBR(256,1) +IMPLEMENT_ARIA_CFBR(128,8) +IMPLEMENT_ARIA_CFBR(192,8) +IMPLEMENT_ARIA_CFBR(256,8) + +# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ +static const EVP_CIPHER aria_##keylen##_##mode = { \ + nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ + flags|EVP_CIPH_##MODE##_MODE, \ + aria_init_key, \ + aria_##mode##_cipher, \ + NULL, \ + sizeof(EVP_ARIA_KEY), \ + NULL,NULL,NULL,NULL }; \ +const EVP_CIPHER *EVP_aria_##keylen##_##mode(void) \ +{ return &aria_##keylen##_##mode; } + +static int aria_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) +{ + unsigned int num = EVP_CIPHER_CTX_num(ctx); + EVP_ARIA_KEY *dat = EVP_C_DATA(EVP_ARIA_KEY,ctx); + + CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, + EVP_CIPHER_CTX_iv_noconst(ctx), + EVP_CIPHER_CTX_buf_noconst(ctx), &num, + (block128_f) aria_encrypt); + EVP_CIPHER_CTX_set_num(ctx, num); + return 1; +} + +BLOCK_CIPHER_generic(NID_aria, 128, 1, 16, ctr, ctr, CTR, 0) +BLOCK_CIPHER_generic(NID_aria, 192, 1, 16, ctr, ctr, CTR, 0) +BLOCK_CIPHER_generic(NID_aria, 256, 1, 16, ctr, ctr, CTR, 0) + +/* Authenticated cipher modes (GCM/CCM) */ + +/* increment counter (64-bit int) by 1 */ +static void ctr64_inc(unsigned char *counter) +{ + int n = 8; + unsigned char c; + + do { + --n; + c = counter[n]; + ++c; + counter[n] = c; + if (c) + return; + } while (n); +} + +static int aria_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + int ret; + EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX,ctx); + + if (!iv && !key) + return 1; + if (key) { + ret = aria_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + &gctx->ks.ks); + CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, + (block128_f) aria_encrypt); + if (ret < 0) { + EVPerr(EVP_F_ARIA_GCM_INIT_KEY,EVP_R_ARIA_KEY_SETUP_FAILED); + return 0; + } + + /* + * If we have an iv can set it directly, otherwise use saved IV. + */ + if (iv == NULL && gctx->iv_set) + iv = gctx->iv; + if (iv) { + CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); + gctx->iv_set = 1; + } + gctx->key_set = 1; + } else { + /* If key set use IV, otherwise copy */ + if (gctx->key_set) + CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); + else + memcpy(gctx->iv, iv, gctx->ivlen); + gctx->iv_set = 1; + gctx->iv_gen = 0; + } + return 1; +} + +static int aria_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) +{ + EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX,c); + + switch (type) { + case EVP_CTRL_INIT: + gctx->key_set = 0; + gctx->iv_set = 0; + gctx->ivlen = EVP_CIPHER_CTX_iv_length(c); + gctx->iv = EVP_CIPHER_CTX_iv_noconst(c); + gctx->taglen = -1; + gctx->iv_gen = 0; + gctx->tls_aad_len = -1; + return 1; + + case EVP_CTRL_AEAD_SET_IVLEN: + if (arg <= 0) + return 0; + /* Allocate memory for IV if needed */ + if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) { + if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(c)) + OPENSSL_free(gctx->iv); + if ((gctx->iv = OPENSSL_malloc(arg)) == NULL) { + EVPerr(EVP_F_ARIA_GCM_CTRL, ERR_R_MALLOC_FAILURE); + return 0; + } + } + gctx->ivlen = arg; + return 1; + + case EVP_CTRL_AEAD_SET_TAG: + if (arg <= 0 || arg > 16 || EVP_CIPHER_CTX_encrypting(c)) + return 0; + memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg); + gctx->taglen = arg; + return 1; + + case EVP_CTRL_AEAD_GET_TAG: + if (arg <= 0 || arg > 16 || !EVP_CIPHER_CTX_encrypting(c) + || gctx->taglen < 0) + return 0; + memcpy(ptr, EVP_CIPHER_CTX_buf_noconst(c), arg); + return 1; + + case EVP_CTRL_GCM_SET_IV_FIXED: + /* Special case: -1 length restores whole IV */ + if (arg == -1) { + memcpy(gctx->iv, ptr, gctx->ivlen); + gctx->iv_gen = 1; + return 1; + } + /* + * Fixed field must be at least 4 bytes and invocation field at least + * 8. + */ + if ((arg < 4) || (gctx->ivlen - arg) < 8) + return 0; + if (arg) + memcpy(gctx->iv, ptr, arg); + if (EVP_CIPHER_CTX_encrypting(c) + && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0) + return 0; + gctx->iv_gen = 1; + return 1; + + case EVP_CTRL_GCM_IV_GEN: + if (gctx->iv_gen == 0 || gctx->key_set == 0) + return 0; + CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen); + if (arg <= 0 || arg > gctx->ivlen) + arg = gctx->ivlen; + memcpy(ptr, gctx->iv + gctx->ivlen - arg, arg); + /* + * Invocation field will be at least 8 bytes in size and so no need + * to check wrap around or increment more than last 8 bytes. + */ + ctr64_inc(gctx->iv + gctx->ivlen - 8); + gctx->iv_set = 1; + return 1; + + case EVP_CTRL_GCM_SET_IV_INV: + if (gctx->iv_gen == 0 || gctx->key_set == 0 + || EVP_CIPHER_CTX_encrypting(c)) + return 0; + memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg); + CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen); + gctx->iv_set = 1; + return 1; + + case EVP_CTRL_AEAD_TLS1_AAD: + /* Save the AAD for later use */ + if (arg != EVP_AEAD_TLS1_AAD_LEN) + return 0; + memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg); + gctx->tls_aad_len = arg; + { + unsigned int len = + EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] << 8 + | EVP_CIPHER_CTX_buf_noconst(c)[arg - 1]; + /* Correct length for explicit IV */ + if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN) + return 0; + len -= EVP_GCM_TLS_EXPLICIT_IV_LEN; + /* If decrypting correct for tag too */ + if (!EVP_CIPHER_CTX_encrypting(c)) { + if (len < EVP_GCM_TLS_TAG_LEN) + return 0; + len -= EVP_GCM_TLS_TAG_LEN; + } + EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] = len >> 8; + EVP_CIPHER_CTX_buf_noconst(c)[arg - 1] = len & 0xff; + } + /* Extra padding: tag appended to record */ + return EVP_GCM_TLS_TAG_LEN; + + case EVP_CTRL_COPY: + { + EVP_CIPHER_CTX *out = ptr; + EVP_ARIA_GCM_CTX *gctx_out = EVP_C_DATA(EVP_ARIA_GCM_CTX,out); + if (gctx->gcm.key) { + if (gctx->gcm.key != &gctx->ks) + return 0; + gctx_out->gcm.key = &gctx_out->ks; + } + if (gctx->iv == EVP_CIPHER_CTX_iv_noconst(c)) + gctx_out->iv = EVP_CIPHER_CTX_iv_noconst(out); + else { + if ((gctx_out->iv = OPENSSL_malloc(gctx->ivlen)) == NULL) { + EVPerr(EVP_F_ARIA_GCM_CTRL, ERR_R_MALLOC_FAILURE); + return 0; + } + memcpy(gctx_out->iv, gctx->iv, gctx->ivlen); + } + return 1; + } + + default: + return -1; + + } +} + +static int aria_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) +{ + EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX,ctx); + int rv = -1; + + /* Encrypt/decrypt must be performed in place */ + if (out != in + || len < (EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN)) + return -1; + /* + * Set IV from start of buffer or generate IV and write to start of + * buffer. + */ + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CIPHER_CTX_encrypting(ctx) ? + EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV, + EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0) + goto err; + /* Use saved AAD */ + if (CRYPTO_gcm128_aad(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx), + gctx->tls_aad_len)) + goto err; + /* Fix buffer and length to point to payload */ + in += EVP_GCM_TLS_EXPLICIT_IV_LEN; + out += EVP_GCM_TLS_EXPLICIT_IV_LEN; + len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN; + if (EVP_CIPHER_CTX_encrypting(ctx)) { + /* Encrypt payload */ + if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, len)) + goto err; + out += len; + /* Finally write tag */ + CRYPTO_gcm128_tag(&gctx->gcm, out, EVP_GCM_TLS_TAG_LEN); + rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN; + } else { + /* Decrypt */ + if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, len)) + goto err; + /* Retrieve tag */ + CRYPTO_gcm128_tag(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx), + EVP_GCM_TLS_TAG_LEN); + /* If tag mismatch wipe buffer */ + if (CRYPTO_memcmp(EVP_CIPHER_CTX_buf_noconst(ctx), in + len, + EVP_GCM_TLS_TAG_LEN)) { + OPENSSL_cleanse(out, len); + goto err; + } + rv = len; + } + + err: + gctx->iv_set = 0; + gctx->tls_aad_len = -1; + return rv; +} + +static int aria_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) +{ + EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX,ctx); + + /* If not set up, return error */ + if (!gctx->key_set) + return -1; + + if (gctx->tls_aad_len >= 0) + return aria_gcm_tls_cipher(ctx, out, in, len); + + if (!gctx->iv_set) + return -1; + if (in) { + if (out == NULL) { + if (CRYPTO_gcm128_aad(&gctx->gcm, in, len)) + return -1; + } else if (EVP_CIPHER_CTX_encrypting(ctx)) { + if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, len)) + return -1; + } else { + if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, len)) + return -1; + } + return len; + } + if (!EVP_CIPHER_CTX_encrypting(ctx)) { + if (gctx->taglen < 0) + return -1; + if (CRYPTO_gcm128_finish(&gctx->gcm, + EVP_CIPHER_CTX_buf_noconst(ctx), + gctx->taglen) != 0) + return -1; + gctx->iv_set = 0; + return 0; + } + CRYPTO_gcm128_tag(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx), 16); + gctx->taglen = 16; + /* Don't reuse the IV */ + gctx->iv_set = 0; + return 0; +} + +static int aria_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + int ret; + EVP_ARIA_CCM_CTX *cctx = EVP_C_DATA(EVP_ARIA_CCM_CTX,ctx); + + if (!iv && !key) + return 1; + + if (key) { + ret = aria_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + &cctx->ks.ks); + CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, + &cctx->ks, (block128_f) aria_encrypt); + if (ret < 0) { + EVPerr(EVP_F_ARIA_CCM_INIT_KEY,EVP_R_ARIA_KEY_SETUP_FAILED); + return 0; + } + cctx->str = NULL; + cctx->key_set = 1; + } + if (iv) { + memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 15 - cctx->L); + cctx->iv_set = 1; + } + return 1; +} + +static int aria_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) +{ + EVP_ARIA_CCM_CTX *cctx = EVP_C_DATA(EVP_ARIA_CCM_CTX,c); + + switch (type) { + case EVP_CTRL_INIT: + cctx->key_set = 0; + cctx->iv_set = 0; + cctx->L = 8; + cctx->M = 12; + cctx->tag_set = 0; + cctx->len_set = 0; + cctx->tls_aad_len = -1; + return 1; + + case EVP_CTRL_AEAD_TLS1_AAD: + /* Save the AAD for later use */ + if (arg != EVP_AEAD_TLS1_AAD_LEN) + return 0; + memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg); + cctx->tls_aad_len = arg; + { + uint16_t len = + EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] << 8 + | EVP_CIPHER_CTX_buf_noconst(c)[arg - 1]; + /* Correct length for explicit IV */ + if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN) + return 0; + len -= EVP_CCM_TLS_EXPLICIT_IV_LEN; + /* If decrypting correct for tag too */ + if (!EVP_CIPHER_CTX_encrypting(c)) { + if (len < cctx->M) + return 0; + len -= cctx->M; + } + EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] = len >> 8; + EVP_CIPHER_CTX_buf_noconst(c)[arg - 1] = len & 0xff; + } + /* Extra padding: tag appended to record */ + return cctx->M; + + case EVP_CTRL_CCM_SET_IV_FIXED: + /* Sanity check length */ + if (arg != EVP_CCM_TLS_FIXED_IV_LEN) + return 0; + /* Just copy to first part of IV */ + memcpy(EVP_CIPHER_CTX_iv_noconst(c), ptr, arg); + return 1; + + case EVP_CTRL_AEAD_SET_IVLEN: + arg = 15 - arg; + /* fall thru */ + case EVP_CTRL_CCM_SET_L: + if (arg < 2 || arg > 8) + return 0; + cctx->L = arg; + return 1; + case EVP_CTRL_AEAD_SET_TAG: + if ((arg & 1) || arg < 4 || arg > 16) + return 0; + if (EVP_CIPHER_CTX_encrypting(c) && ptr) + return 0; + if (ptr) { + cctx->tag_set = 1; + memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg); + } + cctx->M = arg; + return 1; + + case EVP_CTRL_AEAD_GET_TAG: + if (!EVP_CIPHER_CTX_encrypting(c) || !cctx->tag_set) + return 0; + if (!CRYPTO_ccm128_tag(&cctx->ccm, ptr, (size_t)arg)) + return 0; + cctx->tag_set = 0; + cctx->iv_set = 0; + cctx->len_set = 0; + return 1; + + case EVP_CTRL_COPY: + { + EVP_CIPHER_CTX *out = ptr; + EVP_ARIA_CCM_CTX *cctx_out = EVP_C_DATA(EVP_ARIA_CCM_CTX,out); + if (cctx->ccm.key) { + if (cctx->ccm.key != &cctx->ks) + return 0; + cctx_out->ccm.key = &cctx_out->ks; + } + return 1; + } + + default: + return -1; + } +} + +static int aria_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) +{ + EVP_ARIA_CCM_CTX *cctx = EVP_C_DATA(EVP_ARIA_CCM_CTX,ctx); + CCM128_CONTEXT *ccm = &cctx->ccm; + + /* Encrypt/decrypt must be performed in place */ + if (out != in || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->M)) + return -1; + /* If encrypting set explicit IV from sequence number (start of AAD) */ + if (EVP_CIPHER_CTX_encrypting(ctx)) + memcpy(out, EVP_CIPHER_CTX_buf_noconst(ctx), + EVP_CCM_TLS_EXPLICIT_IV_LEN); + /* Get rest of IV from explicit IV */ + memcpy(EVP_CIPHER_CTX_iv_noconst(ctx) + EVP_CCM_TLS_FIXED_IV_LEN, in, + EVP_CCM_TLS_EXPLICIT_IV_LEN); + /* Correct length value */ + len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M; + if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx), 15 - cctx->L, + len)) + return -1; + /* Use saved AAD */ + CRYPTO_ccm128_aad(ccm, EVP_CIPHER_CTX_buf_noconst(ctx), cctx->tls_aad_len); + /* Fix buffer to point to payload */ + in += EVP_CCM_TLS_EXPLICIT_IV_LEN; + out += EVP_CCM_TLS_EXPLICIT_IV_LEN; + if (EVP_CIPHER_CTX_encrypting(ctx)) { + if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, cctx->str) + : CRYPTO_ccm128_encrypt(ccm, in, out, len)) + return -1; + if (!CRYPTO_ccm128_tag(ccm, out + len, cctx->M)) + return -1; + return len + EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M; + } else { + if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len, cctx->str) + : !CRYPTO_ccm128_decrypt(ccm, in, out, len)) { + unsigned char tag[16]; + if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) { + if (!CRYPTO_memcmp(tag, in + len, cctx->M)) + return len; + } + } + OPENSSL_cleanse(out, len); + return -1; + } +} + +static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) +{ + EVP_ARIA_CCM_CTX *cctx = EVP_C_DATA(EVP_ARIA_CCM_CTX,ctx); + CCM128_CONTEXT *ccm = &cctx->ccm; + + /* If not set up, return error */ + if (!cctx->key_set) + return -1; + + if (cctx->tls_aad_len >= 0) + return aria_ccm_tls_cipher(ctx, out, in, len); + + /* EVP_*Final() doesn't return any data */ + if (in == NULL && out != NULL) + return 0; + + if (!cctx->iv_set) + return -1; + + if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set) + return -1; + if (!out) { + if (!in) { + if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx), + 15 - cctx->L, len)) + return -1; + cctx->len_set = 1; + return len; + } + /* If have AAD need message length */ + if (!cctx->len_set && len) + return -1; + CRYPTO_ccm128_aad(ccm, in, len); + return len; + } + /* If not set length yet do it */ + if (!cctx->len_set) { + if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx), + 15 - cctx->L, len)) + return -1; + cctx->len_set = 1; + } + if (EVP_CIPHER_CTX_encrypting(ctx)) { + if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, cctx->str) + : CRYPTO_ccm128_encrypt(ccm, in, out, len)) + return -1; + cctx->tag_set = 1; + return len; + } else { + int rv = -1; + if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len, + cctx->str) : + !CRYPTO_ccm128_decrypt(ccm, in, out, len)) { + unsigned char tag[16]; + if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) { + if (!CRYPTO_memcmp(tag, EVP_CIPHER_CTX_buf_noconst(ctx), + cctx->M)) + rv = len; + } + } + if (rv == -1) + OPENSSL_cleanse(out, len); + cctx->iv_set = 0; + cctx->tag_set = 0; + cctx->len_set = 0; + return rv; + } +} + +#define ARIA_AUTH_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \ + | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ + | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \ + | EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_AEAD_CIPHER) + +#define BLOCK_CIPHER_aead(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ +static const EVP_CIPHER aria_##keylen##_##mode = { \ + nid##_##keylen##_##nmode, \ + blocksize, keylen/8, ivlen, \ + ARIA_AUTH_FLAGS|EVP_CIPH_##MODE##_MODE, \ + aria_##mode##_init_key, \ + aria_##mode##_cipher, \ + NULL, \ + sizeof(EVP_ARIA_##MODE##_CTX), \ + NULL,NULL,aria_##mode##_ctrl,NULL }; \ +const EVP_CIPHER *EVP_aria_##keylen##_##mode(void) \ +{ return (EVP_CIPHER*)&aria_##keylen##_##mode; } + +BLOCK_CIPHER_aead(NID_aria, 128, 1, 12, gcm, gcm, GCM, 0) +BLOCK_CIPHER_aead(NID_aria, 192, 1, 12, gcm, gcm, GCM, 0) +BLOCK_CIPHER_aead(NID_aria, 256, 1, 12, gcm, gcm, GCM, 0) + +BLOCK_CIPHER_aead(NID_aria, 128, 1, 12, ccm, ccm, CCM, 0) +BLOCK_CIPHER_aead(NID_aria, 192, 1, 12, ccm, ccm, CCM, 0) +BLOCK_CIPHER_aead(NID_aria, 256, 1, 12, ccm, ccm, CCM, 0) + +#endif diff --git a/deps/openssl/openssl/crypto/evp/e_chacha20_poly1305.c b/deps/openssl/openssl/crypto/evp/e_chacha20_poly1305.c index 7fd4f8dfe7fd2b..c1917bb86a6b81 100644 --- a/deps/openssl/openssl/crypto/evp/e_chacha20_poly1305.c +++ b/deps/openssl/openssl/crypto/evp/e_chacha20_poly1305.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -140,7 +140,7 @@ static const EVP_CIPHER chacha20 = { const EVP_CIPHER *EVP_chacha20(void) { - return (&chacha20); + return &chacha20; } # ifndef OPENSSL_NO_POLY1305 @@ -150,6 +150,7 @@ typedef struct { EVP_CHACHA_KEY key; unsigned int nonce[12/4]; unsigned char tag[POLY1305_BLOCK_SIZE]; + unsigned char tls_aad[POLY1305_BLOCK_SIZE]; struct { uint64_t aad, text; } len; int aad, mac_inited, tag_len, nonce_len; size_t tls_payload_length; @@ -179,7 +180,8 @@ static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx, /* pad on the left */ if (actx->nonce_len <= CHACHA_CTR_SIZE) - memcpy(temp + CHACHA_CTR_SIZE - actx->nonce_len, iv, actx->nonce_len); + memcpy(temp + CHACHA_CTR_SIZE - actx->nonce_len, iv, + actx->nonce_len); chacha_init_key(ctx, inkey, temp, enc); @@ -193,23 +195,196 @@ static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx, return 1; } +# if !defined(OPENSSL_SMALL_FOOTPRINT) + +# if defined(POLY1305_ASM) && (defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_AMD64) || defined(_M_X64)) +# define XOR128_HELPERS +void *xor128_encrypt_n_pad(void *out, const void *inp, void *otp, size_t len); +void *xor128_decrypt_n_pad(void *out, const void *inp, void *otp, size_t len); +static const unsigned char zero[4 * CHACHA_BLK_SIZE] = { 0 }; +# else +static const unsigned char zero[2 * CHACHA_BLK_SIZE] = { 0 }; +# endif + +static int chacha20_poly1305_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) +{ + EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx); + size_t tail, tohash_len, buf_len, plen = actx->tls_payload_length; + unsigned char *buf, *tohash, *ctr, storage[sizeof(zero) + 32]; + + if (len != plen + POLY1305_BLOCK_SIZE) + return -1; + + buf = storage + ((0 - (size_t)storage) & 15); /* align */ + ctr = buf + CHACHA_BLK_SIZE; + tohash = buf + CHACHA_BLK_SIZE - POLY1305_BLOCK_SIZE; + +# ifdef XOR128_HELPERS + if (plen <= 3 * CHACHA_BLK_SIZE) { + actx->key.counter[0] = 0; + buf_len = (plen + 2 * CHACHA_BLK_SIZE - 1) & (0 - CHACHA_BLK_SIZE); + ChaCha20_ctr32(buf, zero, buf_len, actx->key.key.d, + actx->key.counter); + Poly1305_Init(POLY1305_ctx(actx), buf); + actx->key.partial_len = 0; + memcpy(tohash, actx->tls_aad, POLY1305_BLOCK_SIZE); + tohash_len = POLY1305_BLOCK_SIZE; + actx->len.aad = EVP_AEAD_TLS1_AAD_LEN; + actx->len.text = plen; + + if (plen) { + if (ctx->encrypt) + ctr = xor128_encrypt_n_pad(out, in, ctr, plen); + else + ctr = xor128_decrypt_n_pad(out, in, ctr, plen); + + in += plen; + out += plen; + tohash_len = (size_t)(ctr - tohash); + } + } +# else + if (plen <= CHACHA_BLK_SIZE) { + size_t i; + + actx->key.counter[0] = 0; + ChaCha20_ctr32(buf, zero, (buf_len = 2 * CHACHA_BLK_SIZE), + actx->key.key.d, actx->key.counter); + Poly1305_Init(POLY1305_ctx(actx), buf); + actx->key.partial_len = 0; + memcpy(tohash, actx->tls_aad, POLY1305_BLOCK_SIZE); + tohash_len = POLY1305_BLOCK_SIZE; + actx->len.aad = EVP_AEAD_TLS1_AAD_LEN; + actx->len.text = plen; + + if (ctx->encrypt) { + for (i = 0; i < plen; i++) { + out[i] = ctr[i] ^= in[i]; + } + } else { + for (i = 0; i < plen; i++) { + unsigned char c = in[i]; + out[i] = ctr[i] ^ c; + ctr[i] = c; + } + } + + in += i; + out += i; + + tail = (0 - i) & (POLY1305_BLOCK_SIZE - 1); + memset(ctr + i, 0, tail); + ctr += i + tail; + tohash_len += i + tail; + } +# endif + else { + actx->key.counter[0] = 0; + ChaCha20_ctr32(buf, zero, (buf_len = CHACHA_BLK_SIZE), + actx->key.key.d, actx->key.counter); + Poly1305_Init(POLY1305_ctx(actx), buf); + actx->key.counter[0] = 1; + actx->key.partial_len = 0; + Poly1305_Update(POLY1305_ctx(actx), actx->tls_aad, POLY1305_BLOCK_SIZE); + tohash = ctr; + tohash_len = 0; + actx->len.aad = EVP_AEAD_TLS1_AAD_LEN; + actx->len.text = plen; + + if (ctx->encrypt) { + ChaCha20_ctr32(out, in, plen, actx->key.key.d, actx->key.counter); + Poly1305_Update(POLY1305_ctx(actx), out, plen); + } else { + Poly1305_Update(POLY1305_ctx(actx), in, plen); + ChaCha20_ctr32(out, in, plen, actx->key.key.d, actx->key.counter); + } + + in += plen; + out += plen; + tail = (0 - plen) & (POLY1305_BLOCK_SIZE - 1); + Poly1305_Update(POLY1305_ctx(actx), zero, tail); + } + + { + const union { + long one; + char little; + } is_endian = { 1 }; + + if (is_endian.little) { + memcpy(ctr, (unsigned char *)&actx->len, POLY1305_BLOCK_SIZE); + } else { + ctr[0] = (unsigned char)(actx->len.aad); + ctr[1] = (unsigned char)(actx->len.aad>>8); + ctr[2] = (unsigned char)(actx->len.aad>>16); + ctr[3] = (unsigned char)(actx->len.aad>>24); + ctr[4] = (unsigned char)(actx->len.aad>>32); + ctr[5] = (unsigned char)(actx->len.aad>>40); + ctr[6] = (unsigned char)(actx->len.aad>>48); + ctr[7] = (unsigned char)(actx->len.aad>>56); + + ctr[8] = (unsigned char)(actx->len.text); + ctr[9] = (unsigned char)(actx->len.text>>8); + ctr[10] = (unsigned char)(actx->len.text>>16); + ctr[11] = (unsigned char)(actx->len.text>>24); + ctr[12] = (unsigned char)(actx->len.text>>32); + ctr[13] = (unsigned char)(actx->len.text>>40); + ctr[14] = (unsigned char)(actx->len.text>>48); + ctr[15] = (unsigned char)(actx->len.text>>56); + } + tohash_len += POLY1305_BLOCK_SIZE; + } + + Poly1305_Update(POLY1305_ctx(actx), tohash, tohash_len); + OPENSSL_cleanse(buf, buf_len); + Poly1305_Final(POLY1305_ctx(actx), ctx->encrypt ? actx->tag + : tohash); + + actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH; + + if (ctx->encrypt) { + memcpy(out, actx->tag, POLY1305_BLOCK_SIZE); + } else { + if (CRYPTO_memcmp(tohash, in, POLY1305_BLOCK_SIZE)) { + memset(out - (len - POLY1305_BLOCK_SIZE), 0, + len - POLY1305_BLOCK_SIZE); + return -1; + } + } + + return len; +} +# else +static const unsigned char zero[CHACHA_BLK_SIZE] = { 0 }; +# endif + static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx); size_t rem, plen = actx->tls_payload_length; - static const unsigned char zero[POLY1305_BLOCK_SIZE] = { 0 }; if (!actx->mac_inited) { +# if !defined(OPENSSL_SMALL_FOOTPRINT) + if (plen != NO_TLS_PAYLOAD_LENGTH && out != NULL) + return chacha20_poly1305_tls_cipher(ctx, out, in, len); +# endif actx->key.counter[0] = 0; - memset(actx->key.buf, 0, sizeof(actx->key.buf)); - ChaCha20_ctr32(actx->key.buf, actx->key.buf, CHACHA_BLK_SIZE, + ChaCha20_ctr32(actx->key.buf, zero, CHACHA_BLK_SIZE, actx->key.key.d, actx->key.counter); Poly1305_Init(POLY1305_ctx(actx), actx->key.buf); actx->key.counter[0] = 1; actx->key.partial_len = 0; actx->len.aad = actx->len.text = 0; actx->mac_inited = 1; + if (plen != NO_TLS_PAYLOAD_LENGTH) { + Poly1305_Update(POLY1305_ctx(actx), actx->tls_aad, + EVP_AEAD_TLS1_AAD_LEN); + actx->len.aad = EVP_AEAD_TLS1_AAD_LEN; + actx->aad = 1; + } } if (in) { /* aad or text */ @@ -341,6 +516,7 @@ static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, actx->tag_len = 0; actx->nonce_len = 12; actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH; + memset(actx->tls_aad, 0, POLY1305_BLOCK_SIZE); return 1; case EVP_CTRL_COPY: @@ -393,18 +569,18 @@ static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, return 0; { unsigned int len; - unsigned char *aad = ptr, temp[POLY1305_BLOCK_SIZE]; + unsigned char *aad = ptr; + memcpy(actx->tls_aad, ptr, EVP_AEAD_TLS1_AAD_LEN); len = aad[EVP_AEAD_TLS1_AAD_LEN - 2] << 8 | aad[EVP_AEAD_TLS1_AAD_LEN - 1]; + aad = actx->tls_aad; if (!ctx->encrypt) { if (len < POLY1305_BLOCK_SIZE) return 0; len -= POLY1305_BLOCK_SIZE; /* discount attached tag */ - memcpy(temp, aad, EVP_AEAD_TLS1_AAD_LEN - 2); - aad = temp; - temp[EVP_AEAD_TLS1_AAD_LEN - 2] = (unsigned char)(len >> 8); - temp[EVP_AEAD_TLS1_AAD_LEN - 1] = (unsigned char)len; + aad[EVP_AEAD_TLS1_AAD_LEN - 2] = (unsigned char)(len >> 8); + aad[EVP_AEAD_TLS1_AAD_LEN - 1] = (unsigned char)len; } actx->tls_payload_length = len; @@ -415,7 +591,7 @@ static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, actx->key.counter[2] = actx->nonce[1] ^ CHACHA_U8TOU32(aad); actx->key.counter[3] = actx->nonce[2] ^ CHACHA_U8TOU32(aad+4); actx->mac_inited = 0; - chacha20_poly1305_cipher(ctx, NULL, aad, EVP_AEAD_TLS1_AAD_LEN); + return POLY1305_BLOCK_SIZE; /* tag length */ } diff --git a/deps/openssl/openssl/crypto/evp/e_des.c b/deps/openssl/openssl/crypto/evp/e_des.c index 9b2facfecfce98..c13fb3e25a9b24 100644 --- a/deps/openssl/openssl/crypto/evp/e_des.c +++ b/deps/openssl/openssl/crypto/evp/e_des.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -229,7 +229,7 @@ static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) switch (type) { case EVP_CTRL_RAND_KEY: - if (RAND_bytes(ptr, 8) <= 0) + if (RAND_priv_bytes(ptr, 8) <= 0) return 0; DES_set_odd_parity((DES_cblock *)ptr); return 1; diff --git a/deps/openssl/openssl/crypto/evp/e_des3.c b/deps/openssl/openssl/crypto/evp/e_des3.c index da77936c969cbf..6b492ce4702390 100644 --- a/deps/openssl/openssl/crypto/evp/e_des3.c +++ b/deps/openssl/openssl/crypto/evp/e_des3.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -283,7 +283,7 @@ static int des3_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) switch (type) { case EVP_CTRL_RAND_KEY: - if (RAND_bytes(ptr, EVP_CIPHER_CTX_key_length(ctx)) <= 0) + if (RAND_priv_bytes(ptr, EVP_CIPHER_CTX_key_length(ctx)) <= 0) return 0; DES_set_odd_parity(deskey); if (EVP_CIPHER_CTX_key_length(ctx) >= 16) diff --git a/deps/openssl/openssl/crypto/evp/e_null.c b/deps/openssl/openssl/crypto/evp/e_null.c index 0dfc48abf5a18a..18a8468216a01e 100644 --- a/deps/openssl/openssl/crypto/evp/e_null.c +++ b/deps/openssl/openssl/crypto/evp/e_null.c @@ -32,7 +32,7 @@ static const EVP_CIPHER n_cipher = { const EVP_CIPHER *EVP_enc_null(void) { - return (&n_cipher); + return &n_cipher; } static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, diff --git a/deps/openssl/openssl/crypto/evp/e_rc2.c b/deps/openssl/openssl/crypto/evp/e_rc2.c index ed10bb33248df5..aa0d1401868782 100644 --- a/deps/openssl/openssl/crypto/evp/e_rc2.c +++ b/deps/openssl/openssl/crypto/evp/e_rc2.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -72,12 +72,12 @@ static const EVP_CIPHER r2_40_cbc_cipher = { const EVP_CIPHER *EVP_rc2_64_cbc(void) { - return (&r2_64_cbc_cipher); + return &r2_64_cbc_cipher; } const EVP_CIPHER *EVP_rc2_40_cbc(void) { - return (&r2_40_cbc_cipher); + return &r2_40_cbc_cipher; } static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, @@ -92,15 +92,16 @@ static int rc2_meth_to_magic(EVP_CIPHER_CTX *e) { int i; - EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i); + if (EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i) <= 0) + return 0; if (i == 128) - return (RC2_128_MAGIC); + return RC2_128_MAGIC; else if (i == 64) - return (RC2_64_MAGIC); + return RC2_64_MAGIC; else if (i == 40) - return (RC2_40_MAGIC); + return RC2_40_MAGIC; else - return (0); + return 0; } static int rc2_magic_to_meth(int i) @@ -113,7 +114,7 @@ static int rc2_magic_to_meth(int i) return 40; else { EVPerr(EVP_F_RC2_MAGIC_TO_METH, EVP_R_UNSUPPORTED_KEY_SIZE); - return (0); + return 0; } } @@ -136,8 +137,9 @@ static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) return -1; if (i > 0 && !EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1)) return -1; - EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL); - if (EVP_CIPHER_CTX_set_key_length(c, key_bits / 8) <= 0) + if (EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, + NULL) <= 0 + || EVP_CIPHER_CTX_set_key_length(c, key_bits / 8) <= 0) return -1; } return i; @@ -155,7 +157,7 @@ static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) (unsigned char *)EVP_CIPHER_CTX_original_iv(c), j); } - return (i); + return i; } static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) diff --git a/deps/openssl/openssl/crypto/evp/e_rc4.c b/deps/openssl/openssl/crypto/evp/e_rc4.c index ea95deab8ff3bc..d16abdd0d2d75d 100644 --- a/deps/openssl/openssl/crypto/evp/e_rc4.c +++ b/deps/openssl/openssl/crypto/evp/e_rc4.c @@ -58,12 +58,12 @@ static const EVP_CIPHER r4_40_cipher = { const EVP_CIPHER *EVP_rc4(void) { - return (&r4_cipher); + return &r4_cipher; } const EVP_CIPHER *EVP_rc4_40(void) { - return (&r4_40_cipher); + return &r4_40_cipher; } static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, diff --git a/deps/openssl/openssl/crypto/evp/e_rc4_hmac_md5.c b/deps/openssl/openssl/crypto/evp/e_rc4_hmac_md5.c index 8ab18c1413a46c..b1e8ccd6ddca8f 100644 --- a/deps/openssl/openssl/crypto/evp/e_rc4_hmac_md5.c +++ b/deps/openssl/openssl/crypto/evp/e_rc4_hmac_md5.c @@ -257,6 +257,6 @@ static EVP_CIPHER r4_hmac_md5_cipher = { const EVP_CIPHER *EVP_rc4_hmac_md5(void) { - return (&r4_hmac_md5_cipher); + return &r4_hmac_md5_cipher; } #endif diff --git a/deps/openssl/openssl/crypto/evp/e_rc5.c b/deps/openssl/openssl/crypto/evp/e_rc5.c index f69ba5b2f53348..a2f26d8c5f23bd 100644 --- a/deps/openssl/openssl/crypto/evp/e_rc5.c +++ b/deps/openssl/openssl/crypto/evp/e_rc5.c @@ -13,7 +13,7 @@ #ifndef OPENSSL_NO_RC5 # include -# include +# include "internal/evp_int.h" # include # include "evp_locl.h" # include diff --git a/deps/openssl/openssl/crypto/evp/e_sm4.c b/deps/openssl/openssl/crypto/evp/e_sm4.c new file mode 100644 index 00000000000000..79deb6563646c3 --- /dev/null +++ b/deps/openssl/openssl/crypto/evp/e_sm4.c @@ -0,0 +1,100 @@ +/* + * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017 Ribose Inc. All Rights Reserved. + * Ported from Ribose contributions from Botan. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "internal/cryptlib.h" +#ifndef OPENSSL_NO_SM4 +# include +# include +# include "internal/sm4.h" +# include "internal/evp_int.h" + +typedef struct { + SM4_KEY ks; +} EVP_SM4_KEY; + +static int sm4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + SM4_set_key(key, EVP_CIPHER_CTX_get_cipher_data(ctx)); + return 1; +} + +static void sm4_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const SM4_KEY *key, + unsigned char *ivec, const int enc) +{ + if (enc) + CRYPTO_cbc128_encrypt(in, out, len, key, ivec, + (block128_f)SM4_encrypt); + else + CRYPTO_cbc128_decrypt(in, out, len, key, ivec, + (block128_f)SM4_decrypt); +} + +static void sm4_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const SM4_KEY *key, + unsigned char *ivec, int *num, const int enc) +{ + CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc, + (block128_f)SM4_encrypt); +} + +static void sm4_ecb_encrypt(const unsigned char *in, unsigned char *out, + const SM4_KEY *key, const int enc) +{ + if (enc) + SM4_encrypt(in, out, key); + else + SM4_decrypt(in, out, key); +} + +static void sm4_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const SM4_KEY *key, + unsigned char *ivec, int *num) +{ + CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num, + (block128_f)SM4_encrypt); +} + +IMPLEMENT_BLOCK_CIPHER(sm4, ks, sm4, EVP_SM4_KEY, NID_sm4, + 16, 16, 16, 128, EVP_CIPH_FLAG_DEFAULT_ASN1, + sm4_init_key, 0, 0, 0, 0) + +static int sm4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) +{ + unsigned int num = EVP_CIPHER_CTX_num(ctx); + EVP_SM4_KEY *dat = EVP_C_DATA(EVP_SM4_KEY, ctx); + + CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, + EVP_CIPHER_CTX_iv_noconst(ctx), + EVP_CIPHER_CTX_buf_noconst(ctx), &num, + (block128_f)SM4_encrypt); + EVP_CIPHER_CTX_set_num(ctx, num); + return 1; +} + +static const EVP_CIPHER sm4_ctr_mode = { + NID_sm4_ctr, 1, 16, 16, + EVP_CIPH_CTR_MODE, + sm4_init_key, + sm4_ctr_cipher, + NULL, + sizeof(EVP_SM4_KEY), + NULL, NULL, NULL, NULL +}; + +const EVP_CIPHER *EVP_sm4_ctr(void) +{ + return &sm4_ctr_mode; +} + +#endif diff --git a/deps/openssl/openssl/crypto/evp/e_xcbc_d.c b/deps/openssl/openssl/crypto/evp/e_xcbc_d.c index effaf5cc617332..57ce813da824fd 100644 --- a/deps/openssl/openssl/crypto/evp/e_xcbc_d.c +++ b/deps/openssl/openssl/crypto/evp/e_xcbc_d.c @@ -46,7 +46,7 @@ static const EVP_CIPHER d_xcbc_cipher = { const EVP_CIPHER *EVP_desx_cbc(void) { - return (&d_xcbc_cipher); + return &d_xcbc_cipher; } static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, diff --git a/deps/openssl/openssl/crypto/evp/encode.c b/deps/openssl/openssl/crypto/evp/encode.c index abb1044378c398..da32d4fd19734e 100644 --- a/deps/openssl/openssl/crypto/evp/encode.c +++ b/deps/openssl/openssl/crypto/evp/encode.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,10 +12,17 @@ #include "internal/cryptlib.h" #include #include "evp_locl.h" +#include "internal/evp_int.h" + +static unsigned char conv_ascii2bin(unsigned char a, + const unsigned char *table); +static int evp_encodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t, + const unsigned char *f, int dlen); +static int evp_decodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t, + const unsigned char *f, int n); -static unsigned char conv_ascii2bin(unsigned char a); #ifndef CHARSET_EBCDIC -# define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f]) +# define conv_bin2ascii(a, table) ((table)[(a)&0x3f]) #else /* * We assume that PEM encoded files are EBCDIC files (i.e., printable text @@ -23,7 +30,7 @@ static unsigned char conv_ascii2bin(unsigned char a); * (text) format again. (No need for conversion in the conv_bin2ascii macro, * as the underlying textstring data_bin2ascii[] is already EBCDIC) */ -# define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f]) +# define conv_bin2ascii(a, table) ((table)[(a)&0x3f]) #endif /*- @@ -38,8 +45,13 @@ static unsigned char conv_ascii2bin(unsigned char a); #define CHUNKS_PER_LINE (64/4) #define CHAR_PER_LINE (64+1) -static const unsigned char data_bin2ascii[65] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ\ -abcdefghijklmnopqrstuvwxyz0123456789+/"; +static const unsigned char data_bin2ascii[65] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + +/* SRP uses a different base64 alphabet */ +static const unsigned char srpdata_bin2ascii[65] = + "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./"; + /*- * 0xF0 is a EOLN @@ -76,20 +88,39 @@ static const unsigned char data_ascii2bin[128] = { 0x31, 0x32, 0x33, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, }; +static const unsigned char srpdata_ascii2bin[128] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xE0, 0xF0, 0xFF, 0xFF, 0xF1, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xE0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xF2, 0x3E, 0x3F, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0xFF, 0xFF, 0xFF, 0x00, 0xFF, 0xFF, + 0xFF, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, + 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, + 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, + 0x21, 0x22, 0x23, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, + 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, + 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, + 0x3B, 0x3C, 0x3D, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +}; + #ifndef CHARSET_EBCDIC -static unsigned char conv_ascii2bin(unsigned char a) +static unsigned char conv_ascii2bin(unsigned char a, const unsigned char *table) { if (a & 0x80) return B64_ERROR; - return data_ascii2bin[a]; + return table[a]; } #else -static unsigned char conv_ascii2bin(unsigned char a) +static unsigned char conv_ascii2bin(unsigned char a, const unsigned char *table) { a = os_toascii[a]; if (a & 0x80) return B64_ERROR; - return data_ascii2bin[a]; + return table[a]; } #endif @@ -115,11 +146,17 @@ int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx) return ctx->num; } +void evp_encode_ctx_set_flags(EVP_ENCODE_CTX *ctx, unsigned int flags) +{ + ctx->flags = flags; +} + void EVP_EncodeInit(EVP_ENCODE_CTX *ctx) { ctx->length = 48; ctx->num = 0; ctx->line_num = 0; + ctx->flags = 0; } int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, @@ -142,21 +179,27 @@ int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, memcpy(&(ctx->enc_data[ctx->num]), in, i); in += i; inl -= i; - j = EVP_EncodeBlock(out, ctx->enc_data, ctx->length); + j = evp_encodeblock_int(ctx, out, ctx->enc_data, ctx->length); ctx->num = 0; out += j; - *(out++) = '\n'; + total = j; + if ((ctx->flags & EVP_ENCODE_CTX_NO_NEWLINES) == 0) { + *(out++) = '\n'; + total++; + } *out = '\0'; - total = j + 1; } while (inl >= ctx->length && total <= INT_MAX) { - j = EVP_EncodeBlock(out, in, ctx->length); + j = evp_encodeblock_int(ctx, out, in, ctx->length); in += ctx->length; inl -= ctx->length; out += j; - *(out++) = '\n'; + total += j; + if ((ctx->flags & EVP_ENCODE_CTX_NO_NEWLINES) == 0) { + *(out++) = '\n'; + total++; + } *out = '\0'; - total += j + 1; } if (total > INT_MAX) { /* Too much output data! */ @@ -176,35 +219,43 @@ void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl) unsigned int ret = 0; if (ctx->num != 0) { - ret = EVP_EncodeBlock(out, ctx->enc_data, ctx->num); - out[ret++] = '\n'; + ret = evp_encodeblock_int(ctx, out, ctx->enc_data, ctx->num); + if ((ctx->flags & EVP_ENCODE_CTX_NO_NEWLINES) == 0) + out[ret++] = '\n'; out[ret] = '\0'; ctx->num = 0; } *outl = ret; } -int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen) +static int evp_encodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t, + const unsigned char *f, int dlen) { int i, ret = 0; unsigned long l; + const unsigned char *table; + + if (ctx != NULL && (ctx->flags & EVP_ENCODE_CTX_USE_SRP_ALPHABET) != 0) + table = srpdata_bin2ascii; + else + table = data_bin2ascii; for (i = dlen; i > 0; i -= 3) { if (i >= 3) { l = (((unsigned long)f[0]) << 16L) | (((unsigned long)f[1]) << 8L) | f[2]; - *(t++) = conv_bin2ascii(l >> 18L); - *(t++) = conv_bin2ascii(l >> 12L); - *(t++) = conv_bin2ascii(l >> 6L); - *(t++) = conv_bin2ascii(l); + *(t++) = conv_bin2ascii(l >> 18L, table); + *(t++) = conv_bin2ascii(l >> 12L, table); + *(t++) = conv_bin2ascii(l >> 6L, table); + *(t++) = conv_bin2ascii(l, table); } else { l = ((unsigned long)f[0]) << 16L; if (i == 2) l |= ((unsigned long)f[1] << 8L); - *(t++) = conv_bin2ascii(l >> 18L); - *(t++) = conv_bin2ascii(l >> 12L); - *(t++) = (i == 1) ? '=' : conv_bin2ascii(l >> 6L); + *(t++) = conv_bin2ascii(l >> 18L, table); + *(t++) = conv_bin2ascii(l >> 12L, table); + *(t++) = (i == 1) ? '=' : conv_bin2ascii(l >> 6L, table); *(t++) = '='; } ret += 4; @@ -212,16 +263,21 @@ int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen) } *t = '\0'; - return (ret); + return ret; +} + +int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen) +{ + return evp_encodeblock_int(NULL, t, f, dlen); } void EVP_DecodeInit(EVP_ENCODE_CTX *ctx) { - /* Only ctx->num is used during decoding. */ + /* Only ctx->num and ctx->flags are used during decoding. */ ctx->num = 0; ctx->length = 0; ctx->line_num = 0; - ctx->expect_nl = 0; + ctx->flags = 0; } /*- @@ -249,6 +305,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, { int seof = 0, eof = 0, rv = -1, ret = 0, i, v, tmp, n, decoded_len; unsigned char *d; + const unsigned char *table; n = ctx->num; d = ctx->enc_data; @@ -265,9 +322,14 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, goto end; } + if ((ctx->flags & EVP_ENCODE_CTX_USE_SRP_ALPHABET) != 0) + table = srpdata_ascii2bin; + else + table = data_ascii2bin; + for (i = 0; i < inl; i++) { tmp = *(in++); - v = conv_ascii2bin(tmp); + v = conv_ascii2bin(tmp, table); if (v == B64_ERROR) { rv = -1; goto end; @@ -307,7 +369,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, } if (n == 64) { - decoded_len = EVP_DecodeBlock(out, d, n); + decoded_len = evp_decodeblock_int(ctx, out, d, n); n = 0; if (decoded_len < 0 || eof > decoded_len) { rv = -1; @@ -326,7 +388,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, tail: if (n > 0) { if ((n & 3) == 0) { - decoded_len = EVP_DecodeBlock(out, d, n); + decoded_len = evp_decodeblock_int(ctx, out, d, n); n = 0; if (decoded_len < 0 || eof > decoded_len) { rv = -1; @@ -345,16 +407,23 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, /* Legacy behaviour. This should probably rather be zeroed on error. */ *outl = ret; ctx->num = n; - return (rv); + return rv; } -int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n) +static int evp_decodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t, + const unsigned char *f, int n) { int i, ret = 0, a, b, c, d; unsigned long l; + const unsigned char *table; + + if (ctx != NULL && (ctx->flags & EVP_ENCODE_CTX_USE_SRP_ALPHABET) != 0) + table = srpdata_ascii2bin; + else + table = data_ascii2bin; /* trim white space from the start of the line. */ - while ((conv_ascii2bin(*f) == B64_WS) && (n > 0)) { + while ((conv_ascii2bin(*f, table) == B64_WS) && (n > 0)) { f++; n--; } @@ -363,19 +432,19 @@ int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n) * strip off stuff at the end of the line ascii2bin values B64_WS, * B64_EOLN, B64_EOLN and B64_EOF */ - while ((n > 3) && (B64_NOT_BASE64(conv_ascii2bin(f[n - 1])))) + while ((n > 3) && (B64_NOT_BASE64(conv_ascii2bin(f[n - 1], table)))) n--; if (n % 4 != 0) - return (-1); + return -1; for (i = 0; i < n; i += 4) { - a = conv_ascii2bin(*(f++)); - b = conv_ascii2bin(*(f++)); - c = conv_ascii2bin(*(f++)); - d = conv_ascii2bin(*(f++)); + a = conv_ascii2bin(*(f++), table); + b = conv_ascii2bin(*(f++), table); + c = conv_ascii2bin(*(f++), table); + d = conv_ascii2bin(*(f++), table); if ((a & 0x80) || (b & 0x80) || (c & 0x80) || (d & 0x80)) - return (-1); + return -1; l = ((((unsigned long)a) << 18L) | (((unsigned long)b) << 12L) | (((unsigned long)c) << 6L) | (((unsigned long)d))); @@ -384,7 +453,12 @@ int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n) *(t++) = (unsigned char)(l) & 0xff; ret += 3; } - return (ret); + return ret; +} + +int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n) +{ + return evp_decodeblock_int(NULL, t, f, n); } int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl) @@ -393,12 +467,12 @@ int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl) *outl = 0; if (ctx->num != 0) { - i = EVP_DecodeBlock(out, ctx->enc_data, ctx->num); + i = evp_decodeblock_int(ctx, out, ctx->enc_data, ctx->num); if (i < 0) - return (-1); + return -1; ctx->num = 0; *outl = i; - return (1); + return 1; } else - return (1); + return 1; } diff --git a/deps/openssl/openssl/crypto/evp/evp_cnf.c b/deps/openssl/openssl/crypto/evp/evp_cnf.c index 71d13b8df07580..8df2c06e1f529d 100644 --- a/deps/openssl/openssl/crypto/evp/evp_cnf.c +++ b/deps/openssl/openssl/crypto/evp/evp_cnf.c @@ -1,5 +1,5 @@ /* - * Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2012-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,7 +8,6 @@ */ #include -#include #include #include "internal/cryptlib.h" #include @@ -38,16 +37,8 @@ static int alg_module_init(CONF_IMODULE *md, const CONF *cnf) return 0; } if (m > 0) { -#ifdef OPENSSL_FIPS - if (!FIPS_mode() && !FIPS_mode_set(1)) { - EVPerr(EVP_F_ALG_MODULE_INIT, - EVP_R_ERROR_SETTING_FIPS_MODE); - return 0; - } -#else EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_FIPS_MODE_NOT_SUPPORTED); return 0; -#endif } } else { EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_UNKNOWN_OPTION); diff --git a/deps/openssl/openssl/crypto/evp/evp_enc.c b/deps/openssl/openssl/crypto/evp/evp_enc.c index e5807edd6522c1..38633410cd1ab4 100644 --- a/deps/openssl/openssl/crypto/evp/evp_enc.c +++ b/deps/openssl/openssl/crypto/evp/evp_enc.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,6 +13,7 @@ #include #include #include +#include #include #include "internal/evp_int.h" #include "evp_locl.h" @@ -523,7 +524,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) if (b > 1) { if (ctx->buf_len || !ctx->final_used) { EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH); - return (0); + return 0; } OPENSSL_assert(b <= sizeof(ctx->final)); @@ -534,12 +535,12 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) n = ctx->final[b - 1]; if (n == 0 || n > (int)b) { EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT); - return (0); + return 0; } for (i = 0; i < n; i++) { if (ctx->final[--b] != n) { EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT); - return (0); + return 0; } } n = ctx->cipher->block_size - n; @@ -548,7 +549,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) *outl = n; } else *outl = 0; - return (1); + return 1; } int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) @@ -577,6 +578,7 @@ int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad) int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) { int ret; + if (!ctx->cipher) { EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET); return 0; @@ -600,7 +602,7 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) { if (ctx->cipher->flags & EVP_CIPH_RAND_KEY) return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key); - if (RAND_bytes(key, ctx->key_len) <= 0) + if (RAND_priv_bytes(key, ctx->key_len) <= 0) return 0; return 1; } diff --git a/deps/openssl/openssl/crypto/evp/evp_err.c b/deps/openssl/openssl/crypto/evp/evp_err.c index 3543d44cb41680..3e14a7b509496a 100644 --- a/deps/openssl/openssl/crypto/evp/evp_err.c +++ b/deps/openssl/openssl/crypto/evp/evp_err.c @@ -8,169 +8,262 @@ * https://www.openssl.org/source/license.html */ -#include #include -#include +#include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -# define ERR_FUNC(func) ERR_PACK(ERR_LIB_EVP,func,0) -# define ERR_REASON(reason) ERR_PACK(ERR_LIB_EVP,0,reason) - -static ERR_STRING_DATA EVP_str_functs[] = { - {ERR_FUNC(EVP_F_AESNI_INIT_KEY), "aesni_init_key"}, - {ERR_FUNC(EVP_F_AES_INIT_KEY), "aes_init_key"}, - {ERR_FUNC(EVP_F_AES_OCB_CIPHER), "aes_ocb_cipher"}, - {ERR_FUNC(EVP_F_AES_T4_INIT_KEY), "aes_t4_init_key"}, - {ERR_FUNC(EVP_F_AES_WRAP_CIPHER), "aes_wrap_cipher"}, - {ERR_FUNC(EVP_F_ALG_MODULE_INIT), "alg_module_init"}, - {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "camellia_init_key"}, - {ERR_FUNC(EVP_F_CHACHA20_POLY1305_CTRL), "chacha20_poly1305_ctrl"}, - {ERR_FUNC(EVP_F_CMLL_T4_INIT_KEY), "cmll_t4_init_key"}, - {ERR_FUNC(EVP_F_DES_EDE3_WRAP_CIPHER), "des_ede3_wrap_cipher"}, - {ERR_FUNC(EVP_F_DO_SIGVER_INIT), "do_sigver_init"}, - {ERR_FUNC(EVP_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"}, - {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_COPY), "EVP_CIPHER_CTX_copy"}, - {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"}, - {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH), +static const ERR_STRING_DATA EVP_str_functs[] = { + {ERR_PACK(ERR_LIB_EVP, EVP_F_AESNI_INIT_KEY, 0), "aesni_init_key"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_GCM_CTRL, 0), "aes_gcm_ctrl"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_INIT_KEY, 0), "aes_init_key"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_OCB_CIPHER, 0), "aes_ocb_cipher"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_T4_INIT_KEY, 0), "aes_t4_init_key"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_WRAP_CIPHER, 0), "aes_wrap_cipher"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_ALG_MODULE_INIT, 0), "alg_module_init"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_CCM_INIT_KEY, 0), "aria_ccm_init_key"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_GCM_CTRL, 0), "aria_gcm_ctrl"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_GCM_INIT_KEY, 0), "aria_gcm_init_key"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_INIT_KEY, 0), "aria_init_key"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_B64_NEW, 0), "b64_new"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_CAMELLIA_INIT_KEY, 0), "camellia_init_key"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_CHACHA20_POLY1305_CTRL, 0), + "chacha20_poly1305_ctrl"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_CMLL_T4_INIT_KEY, 0), "cmll_t4_init_key"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_DES_EDE3_WRAP_CIPHER, 0), + "des_ede3_wrap_cipher"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_DO_SIGVER_INIT, 0), "do_sigver_init"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_ENC_NEW, 0), "enc_new"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHERINIT_EX, 0), "EVP_CipherInit_ex"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_ASN1_TO_PARAM, 0), + "EVP_CIPHER_asn1_to_param"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_CTX_COPY, 0), + "EVP_CIPHER_CTX_copy"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_CTX_CTRL, 0), + "EVP_CIPHER_CTX_ctrl"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH, 0), "EVP_CIPHER_CTX_set_key_length"}, - {ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"}, - {ERR_FUNC(EVP_F_EVP_DECRYPTUPDATE), "EVP_DecryptUpdate"}, - {ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"}, - {ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"}, - {ERR_FUNC(EVP_F_EVP_ENCRYPTUPDATE), "EVP_EncryptUpdate"}, - {ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"}, - {ERR_FUNC(EVP_F_EVP_MD_SIZE), "EVP_MD_size"}, - {ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"}, - {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"}, - {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD_TYPE), "EVP_PBE_alg_add_type"}, - {ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT), "EVP_PBE_CipherInit"}, - {ERR_FUNC(EVP_F_EVP_PBE_SCRYPT), "EVP_PBE_scrypt"}, - {ERR_FUNC(EVP_F_EVP_PKCS82PKEY), "EVP_PKCS82PKEY"}, - {ERR_FUNC(EVP_F_EVP_PKEY2PKCS8), "EVP_PKEY2PKCS8"}, - {ERR_FUNC(EVP_F_EVP_PKEY_ASN1_ADD0), "EVP_PKEY_asn1_add0"}, - {ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS), "EVP_PKEY_copy_parameters"}, - {ERR_FUNC(EVP_F_EVP_PKEY_CTX_CTRL), "EVP_PKEY_CTX_ctrl"}, - {ERR_FUNC(EVP_F_EVP_PKEY_CTX_CTRL_STR), "EVP_PKEY_CTX_ctrl_str"}, - {ERR_FUNC(EVP_F_EVP_PKEY_CTX_DUP), "EVP_PKEY_CTX_dup"}, - {ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT), "EVP_PKEY_decrypt"}, - {ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT_INIT), "EVP_PKEY_decrypt_init"}, - {ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT_OLD), "EVP_PKEY_decrypt_old"}, - {ERR_FUNC(EVP_F_EVP_PKEY_DERIVE), "EVP_PKEY_derive"}, - {ERR_FUNC(EVP_F_EVP_PKEY_DERIVE_INIT), "EVP_PKEY_derive_init"}, - {ERR_FUNC(EVP_F_EVP_PKEY_DERIVE_SET_PEER), "EVP_PKEY_derive_set_peer"}, - {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT), "EVP_PKEY_encrypt"}, - {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_INIT), "EVP_PKEY_encrypt_init"}, - {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_OLD), "EVP_PKEY_encrypt_old"}, - {ERR_FUNC(EVP_F_EVP_PKEY_GET0_DH), "EVP_PKEY_get0_DH"}, - {ERR_FUNC(EVP_F_EVP_PKEY_GET0_DSA), "EVP_PKEY_get0_DSA"}, - {ERR_FUNC(EVP_F_EVP_PKEY_GET0_EC_KEY), "EVP_PKEY_get0_EC_KEY"}, - {ERR_FUNC(EVP_F_EVP_PKEY_GET0_HMAC), "EVP_PKEY_get0_hmac"}, - {ERR_FUNC(EVP_F_EVP_PKEY_GET0_RSA), "EVP_PKEY_get0_RSA"}, - {ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN), "EVP_PKEY_keygen"}, - {ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN_INIT), "EVP_PKEY_keygen_init"}, - {ERR_FUNC(EVP_F_EVP_PKEY_METH_ADD0), "EVP_PKEY_meth_add0"}, - {ERR_FUNC(EVP_F_EVP_PKEY_METH_NEW), "EVP_PKEY_meth_new"}, - {ERR_FUNC(EVP_F_EVP_PKEY_NEW), "EVP_PKEY_new"}, - {ERR_FUNC(EVP_F_EVP_PKEY_PARAMGEN), "EVP_PKEY_paramgen"}, - {ERR_FUNC(EVP_F_EVP_PKEY_PARAMGEN_INIT), "EVP_PKEY_paramgen_init"}, - {ERR_FUNC(EVP_F_EVP_PKEY_SET1_ENGINE), "EVP_PKEY_set1_engine"}, - {ERR_FUNC(EVP_F_EVP_PKEY_SIGN), "EVP_PKEY_sign"}, - {ERR_FUNC(EVP_F_EVP_PKEY_SIGN_INIT), "EVP_PKEY_sign_init"}, - {ERR_FUNC(EVP_F_EVP_PKEY_VERIFY), "EVP_PKEY_verify"}, - {ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_INIT), "EVP_PKEY_verify_init"}, - {ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_RECOVER), "EVP_PKEY_verify_recover"}, - {ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT), + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_PARAM_TO_ASN1, 0), + "EVP_CIPHER_param_to_asn1"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DECRYPTFINAL_EX, 0), + "EVP_DecryptFinal_ex"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DECRYPTUPDATE, 0), "EVP_DecryptUpdate"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DIGESTFINALXOF, 0), "EVP_DigestFinalXOF"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DIGESTINIT_EX, 0), "EVP_DigestInit_ex"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTFINAL_EX, 0), + "EVP_EncryptFinal_ex"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTUPDATE, 0), "EVP_EncryptUpdate"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MD_CTX_COPY_EX, 0), "EVP_MD_CTX_copy_ex"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MD_SIZE, 0), "EVP_MD_size"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_OPENINIT, 0), "EVP_OpenInit"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PBE_ALG_ADD, 0), "EVP_PBE_alg_add"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PBE_ALG_ADD_TYPE, 0), + "EVP_PBE_alg_add_type"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PBE_CIPHERINIT, 0), "EVP_PBE_CipherInit"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PBE_SCRYPT, 0), "EVP_PBE_scrypt"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKCS82PKEY, 0), "EVP_PKCS82PKEY"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY2PKCS8, 0), "EVP_PKEY2PKCS8"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_ASN1_ADD0, 0), "EVP_PKEY_asn1_add0"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_CHECK, 0), "EVP_PKEY_check"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_COPY_PARAMETERS, 0), + "EVP_PKEY_copy_parameters"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_CTX_CTRL, 0), "EVP_PKEY_CTX_ctrl"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_CTX_CTRL_STR, 0), + "EVP_PKEY_CTX_ctrl_str"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_CTX_DUP, 0), "EVP_PKEY_CTX_dup"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_CTX_MD, 0), "EVP_PKEY_CTX_md"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_DECRYPT, 0), "EVP_PKEY_decrypt"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_DECRYPT_INIT, 0), + "EVP_PKEY_decrypt_init"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_DECRYPT_OLD, 0), + "EVP_PKEY_decrypt_old"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_DERIVE, 0), "EVP_PKEY_derive"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_DERIVE_INIT, 0), + "EVP_PKEY_derive_init"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_DERIVE_SET_PEER, 0), + "EVP_PKEY_derive_set_peer"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_ENCRYPT, 0), "EVP_PKEY_encrypt"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_ENCRYPT_INIT, 0), + "EVP_PKEY_encrypt_init"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_ENCRYPT_OLD, 0), + "EVP_PKEY_encrypt_old"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET0_DH, 0), "EVP_PKEY_get0_DH"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET0_DSA, 0), "EVP_PKEY_get0_DSA"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET0_EC_KEY, 0), + "EVP_PKEY_get0_EC_KEY"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET0_HMAC, 0), "EVP_PKEY_get0_hmac"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET0_POLY1305, 0), + "EVP_PKEY_get0_poly1305"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET0_RSA, 0), "EVP_PKEY_get0_RSA"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET0_SIPHASH, 0), + "EVP_PKEY_get0_siphash"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY, 0), + "EVP_PKEY_get_raw_private_key"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY, 0), + "EVP_PKEY_get_raw_public_key"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_KEYGEN, 0), "EVP_PKEY_keygen"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_KEYGEN_INIT, 0), + "EVP_PKEY_keygen_init"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_METH_ADD0, 0), "EVP_PKEY_meth_add0"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_METH_NEW, 0), "EVP_PKEY_meth_new"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_NEW, 0), "EVP_PKEY_new"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_NEW_CMAC_KEY, 0), + "EVP_PKEY_new_CMAC_key"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY, 0), + "EVP_PKEY_new_raw_private_key"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY, 0), + "EVP_PKEY_new_raw_public_key"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_PARAMGEN, 0), "EVP_PKEY_paramgen"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_PARAMGEN_INIT, 0), + "EVP_PKEY_paramgen_init"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_PARAM_CHECK, 0), + "EVP_PKEY_param_check"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_PUBLIC_CHECK, 0), + "EVP_PKEY_public_check"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_SET1_ENGINE, 0), + "EVP_PKEY_set1_engine"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_SET_ALIAS_TYPE, 0), + "EVP_PKEY_set_alias_type"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_SIGN, 0), "EVP_PKEY_sign"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_SIGN_INIT, 0), "EVP_PKEY_sign_init"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_VERIFY, 0), "EVP_PKEY_verify"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_VERIFY_INIT, 0), + "EVP_PKEY_verify_init"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_VERIFY_RECOVER, 0), + "EVP_PKEY_verify_recover"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT, 0), "EVP_PKEY_verify_recover_init"}, - {ERR_FUNC(EVP_F_EVP_SIGNFINAL), "EVP_SignFinal"}, - {ERR_FUNC(EVP_F_EVP_VERIFYFINAL), "EVP_VerifyFinal"}, - {ERR_FUNC(EVP_F_INT_CTX_NEW), "int_ctx_new"}, - {ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"}, - {ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"}, - {ERR_FUNC(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN), "PKCS5_v2_PBKDF2_keyivgen"}, - {ERR_FUNC(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN), "PKCS5_v2_scrypt_keyivgen"}, - {ERR_FUNC(EVP_F_PKEY_SET_TYPE), "pkey_set_type"}, - {ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "rc2_magic_to_meth"}, - {ERR_FUNC(EVP_F_RC5_CTRL), "rc5_ctrl"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_SIGNFINAL, 0), "EVP_SignFinal"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_VERIFYFINAL, 0), "EVP_VerifyFinal"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_INT_CTX_NEW, 0), "int_ctx_new"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_OK_NEW, 0), "ok_new"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_PKCS5_PBE_KEYIVGEN, 0), "PKCS5_PBE_keyivgen"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_PKCS5_V2_PBE_KEYIVGEN, 0), + "PKCS5_v2_PBE_keyivgen"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, 0), + "PKCS5_v2_PBKDF2_keyivgen"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, 0), + "PKCS5_v2_scrypt_keyivgen"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_PKEY_SET_TYPE, 0), "pkey_set_type"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_RC2_MAGIC_TO_METH, 0), "rc2_magic_to_meth"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_RC5_CTRL, 0), "rc5_ctrl"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_S390X_AES_GCM_CTRL, 0), "s390x_aes_gcm_ctrl"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_UPDATE, 0), "update"}, {0, NULL} }; -static ERR_STRING_DATA EVP_str_reasons[] = { - {ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED), "aes key setup failed"}, - {ERR_REASON(EVP_R_BAD_DECRYPT), "bad decrypt"}, - {ERR_REASON(EVP_R_BUFFER_TOO_SMALL), "buffer too small"}, - {ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED), - "camellia key setup failed"}, - {ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR), "cipher parameter error"}, - {ERR_REASON(EVP_R_COMMAND_NOT_SUPPORTED), "command not supported"}, - {ERR_REASON(EVP_R_COPY_ERROR), "copy error"}, - {ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED), "ctrl not implemented"}, - {ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED), - "ctrl operation not implemented"}, - {ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH), - "data not multiple of block length"}, - {ERR_REASON(EVP_R_DECODE_ERROR), "decode error"}, - {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES), "different key types"}, - {ERR_REASON(EVP_R_DIFFERENT_PARAMETERS), "different parameters"}, - {ERR_REASON(EVP_R_ERROR_LOADING_SECTION), "error loading section"}, - {ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE), "error setting fips mode"}, - {ERR_REASON(EVP_R_EXPECTING_AN_HMAC_KEY), "expecting an hmac key"}, - {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY), "expecting an rsa key"}, - {ERR_REASON(EVP_R_EXPECTING_A_DH_KEY), "expecting a dh key"}, - {ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY), "expecting a dsa key"}, - {ERR_REASON(EVP_R_EXPECTING_A_EC_KEY), "expecting a ec key"}, - {ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED), "fips mode not supported"}, - {ERR_REASON(EVP_R_ILLEGAL_SCRYPT_PARAMETERS), - "illegal scrypt parameters"}, - {ERR_REASON(EVP_R_INITIALIZATION_ERROR), "initialization error"}, - {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED), "input not initialized"}, - {ERR_REASON(EVP_R_INVALID_DIGEST), "invalid digest"}, - {ERR_REASON(EVP_R_INVALID_FIPS_MODE), "invalid fips mode"}, - {ERR_REASON(EVP_R_INVALID_KEY), "invalid key"}, - {ERR_REASON(EVP_R_INVALID_KEY_LENGTH), "invalid key length"}, - {ERR_REASON(EVP_R_INVALID_OPERATION), "invalid operation"}, - {ERR_REASON(EVP_R_KEYGEN_FAILURE), "keygen failure"}, - {ERR_REASON(EVP_R_MEMORY_LIMIT_EXCEEDED), "memory limit exceeded"}, - {ERR_REASON(EVP_R_MESSAGE_DIGEST_IS_NULL), "message digest is null"}, - {ERR_REASON(EVP_R_METHOD_NOT_SUPPORTED), "method not supported"}, - {ERR_REASON(EVP_R_MISSING_PARAMETERS), "missing parameters"}, - {ERR_REASON(EVP_R_NO_CIPHER_SET), "no cipher set"}, - {ERR_REASON(EVP_R_NO_DEFAULT_DIGEST), "no default digest"}, - {ERR_REASON(EVP_R_NO_DIGEST_SET), "no digest set"}, - {ERR_REASON(EVP_R_NO_KEY_SET), "no key set"}, - {ERR_REASON(EVP_R_NO_OPERATION_SET), "no operation set"}, - {ERR_REASON(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), - "operation not supported for this keytype"}, - {ERR_REASON(EVP_R_OPERATON_NOT_INITIALIZED), "operaton not initialized"}, - {ERR_REASON(EVP_R_PARTIALLY_OVERLAPPING), - "partially overlapping buffers"}, - {ERR_REASON(EVP_R_PBKDF2_ERROR), "pbkdf2 error"}, - {ERR_REASON(EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED), - "pkey application asn1 method already registered"}, - {ERR_REASON(EVP_R_PKEY_ASN1_METHOD_ALREADY_REGISTERED), - "pkey asn1 method already registered"}, - {ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR), "private key decode error"}, - {ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR), "private key encode error"}, - {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"}, - {ERR_REASON(EVP_R_UNKNOWN_CIPHER), "unknown cipher"}, - {ERR_REASON(EVP_R_UNKNOWN_DIGEST), "unknown digest"}, - {ERR_REASON(EVP_R_UNKNOWN_OPTION), "unknown option"}, - {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM), "unknown pbe algorithm"}, - {ERR_REASON(EVP_R_UNSUPPORTED_ALGORITHM), "unsupported algorithm"}, - {ERR_REASON(EVP_R_UNSUPPORTED_CIPHER), "unsupported cipher"}, - {ERR_REASON(EVP_R_UNSUPPORTED_KEYLENGTH), "unsupported keylength"}, - {ERR_REASON(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION), - "unsupported key derivation function"}, - {ERR_REASON(EVP_R_UNSUPPORTED_KEY_SIZE), "unsupported key size"}, - {ERR_REASON(EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS), - "unsupported number of rounds"}, - {ERR_REASON(EVP_R_UNSUPPORTED_PRF), "unsupported prf"}, - {ERR_REASON(EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM), - "unsupported private key algorithm"}, - {ERR_REASON(EVP_R_UNSUPPORTED_SALT_TYPE), "unsupported salt type"}, - {ERR_REASON(EVP_R_WRAP_MODE_NOT_ALLOWED), "wrap mode not allowed"}, - {ERR_REASON(EVP_R_WRONG_FINAL_BLOCK_LENGTH), "wrong final block length"}, +static const ERR_STRING_DATA EVP_str_reasons[] = { + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_AES_KEY_SETUP_FAILED), + "aes key setup failed"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ARIA_KEY_SETUP_FAILED), + "aria key setup failed"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BAD_DECRYPT), "bad decrypt"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BUFFER_TOO_SMALL), "buffer too small"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CAMELLIA_KEY_SETUP_FAILED), + "camellia key setup failed"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CIPHER_PARAMETER_ERROR), + "cipher parameter error"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_COMMAND_NOT_SUPPORTED), + "command not supported"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_COPY_ERROR), "copy error"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CTRL_NOT_IMPLEMENTED), + "ctrl not implemented"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED), + "ctrl operation not implemented"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH), + "data not multiple of block length"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DECODE_ERROR), "decode error"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DIFFERENT_KEY_TYPES), + "different key types"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DIFFERENT_PARAMETERS), + "different parameters"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_LOADING_SECTION), + "error loading section"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_SETTING_FIPS_MODE), + "error setting fips mode"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_AN_HMAC_KEY), + "expecting an hmac key"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_AN_RSA_KEY), + "expecting an rsa key"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_DH_KEY), "expecting a dh key"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_DSA_KEY), + "expecting a dsa key"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_EC_KEY), "expecting a ec key"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_POLY1305_KEY), + "expecting a poly1305 key"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_SIPHASH_KEY), + "expecting a siphash key"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_FIPS_MODE_NOT_SUPPORTED), + "fips mode not supported"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_GET_RAW_KEY_FAILED), "get raw key failed"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ILLEGAL_SCRYPT_PARAMETERS), + "illegal scrypt parameters"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INITIALIZATION_ERROR), + "initialization error"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INPUT_NOT_INITIALIZED), + "input not initialized"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_DIGEST), "invalid digest"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_FIPS_MODE), "invalid fips mode"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY), "invalid key"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY_LENGTH), "invalid key length"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_OPERATION), "invalid operation"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_KEYGEN_FAILURE), "keygen failure"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_KEY_SETUP_FAILED), "key setup failed"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_MEMORY_LIMIT_EXCEEDED), + "memory limit exceeded"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_MESSAGE_DIGEST_IS_NULL), + "message digest is null"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_METHOD_NOT_SUPPORTED), + "method not supported"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_MISSING_PARAMETERS), "missing parameters"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NOT_XOF_OR_INVALID_LENGTH), + "not XOF or invalid length"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_CIPHER_SET), "no cipher set"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_DEFAULT_DIGEST), "no default digest"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_DIGEST_SET), "no digest set"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_KEY_SET), "no key set"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_OPERATION_SET), "no operation set"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ONLY_ONESHOT_SUPPORTED), + "only oneshot supported"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), + "operation not supported for this keytype"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATON_NOT_INITIALIZED), + "operaton not initialized"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING), + "partially overlapping buffers"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PBKDF2_ERROR), "pbkdf2 error"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED), + "pkey application asn1 method already registered"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PRIVATE_KEY_DECODE_ERROR), + "private key decode error"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PRIVATE_KEY_ENCODE_ERROR), + "private key encode error"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_CIPHER), "unknown cipher"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_DIGEST), "unknown digest"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_OPTION), "unknown option"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_PBE_ALGORITHM), + "unknown pbe algorithm"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_ALGORITHM), + "unsupported algorithm"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_CIPHER), "unsupported cipher"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_KEYLENGTH), + "unsupported keylength"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION), + "unsupported key derivation function"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_KEY_SIZE), + "unsupported key size"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS), + "unsupported number of rounds"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_PRF), "unsupported prf"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM), + "unsupported private key algorithm"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_SALT_TYPE), + "unsupported salt type"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_WRAP_MODE_NOT_ALLOWED), + "wrap mode not allowed"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_WRONG_FINAL_BLOCK_LENGTH), + "wrong final block length"}, {0, NULL} }; @@ -179,10 +272,9 @@ static ERR_STRING_DATA EVP_str_reasons[] = { int ERR_load_EVP_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(EVP_str_functs[0].error) == NULL) { - ERR_load_strings(0, EVP_str_functs); - ERR_load_strings(0, EVP_str_reasons); + ERR_load_strings_const(EVP_str_functs); + ERR_load_strings_const(EVP_str_reasons); } #endif return 1; diff --git a/deps/openssl/openssl/crypto/evp/evp_key.c b/deps/openssl/openssl/crypto/evp/evp_key.c index 52011307ade3f1..e5ac107c385c57 100644 --- a/deps/openssl/openssl/crypto/evp/evp_key.c +++ b/deps/openssl/openssl/crypto/evp/evp_key.c @@ -14,7 +14,6 @@ #include #include -#ifndef OPENSSL_NO_UI /* should be init to zeros. */ static char prompt_string[80]; @@ -31,9 +30,9 @@ void EVP_set_pw_prompt(const char *prompt) char *EVP_get_pw_prompt(void) { if (prompt_string[0] == '\0') - return (NULL); + return NULL; else - return (prompt_string); + return prompt_string; } /* @@ -71,7 +70,6 @@ int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt, UI_free(ui); return ret; } -#endif /* OPENSSL_NO_UI */ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, const unsigned char *salt, const unsigned char *data, @@ -89,7 +87,7 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH); if (data == NULL) - return (nkey); + return nkey; c = EVP_MD_CTX_new(); if (c == NULL) diff --git a/deps/openssl/openssl/crypto/evp/evp_lib.c b/deps/openssl/openssl/crypto/evp/evp_lib.c index 0c76db5a99f84b..1b3c9840c6fc53 100644 --- a/deps/openssl/openssl/crypto/evp/evp_lib.c +++ b/deps/openssl/openssl/crypto/evp/evp_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -32,7 +32,7 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) case EVP_CIPH_CCM_MODE: case EVP_CIPH_XTS_MODE: case EVP_CIPH_OCB_MODE: - ret = -1; + ret = -2; break; default: @@ -40,7 +40,13 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) } } else ret = -1; - return (ret); + if (ret <= 0) + EVPerr(EVP_F_EVP_CIPHER_PARAM_TO_ASN1, ret == -2 ? + ASN1_R_UNSUPPORTED_CIPHER : + EVP_R_CIPHER_PARAMETER_ERROR); + if (ret < -1) + ret = -1; + return ret; } int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) @@ -60,7 +66,7 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) case EVP_CIPH_CCM_MODE: case EVP_CIPH_XTS_MODE: case EVP_CIPH_OCB_MODE: - ret = -1; + ret = -2; break; default: @@ -69,7 +75,13 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) } } else ret = -1; - return (ret); + if (ret <= 0) + EVPerr(EVP_F_EVP_CIPHER_ASN1_TO_PARAM, ret == -2 ? + EVP_R_UNSUPPORTED_CIPHER : + EVP_R_CIPHER_PARAMETER_ERROR); + if (ret < -1) + ret = -1; + return ret; } int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) @@ -82,11 +94,11 @@ int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) OPENSSL_assert(l <= sizeof(c->iv)); i = ASN1_TYPE_get_octetstring(type, c->oiv, l); if (i != (int)l) - return (-1); + return -1; else if (i > 0) memcpy(c->iv, c->oiv, l); } - return (i); + return i; } int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) @@ -99,7 +111,7 @@ int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) OPENSSL_assert(j <= sizeof(c->iv)); i = ASN1_TYPE_set_octetstring(type, c->oiv, j); } - return (i); + return i; } /* Convert the various cipher NIDs and dummies to a proper OID NID */ @@ -448,6 +460,25 @@ EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx) return ctx->pctx; } +void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx) +{ + /* + * it's reasonable to set NULL pctx (a.k.a clear the ctx->pctx), so + * we have to deal with the cleanup job here. + */ + if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX)) + EVP_PKEY_CTX_free(ctx->pctx); + + ctx->pctx = pctx; + + if (pctx != NULL) { + /* make sure pctx is not freed when destroying EVP_MD_CTX */ + EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX); + } else { + EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX); + } +} + void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx) { return ctx->md_data; diff --git a/deps/openssl/openssl/crypto/evp/evp_locl.h b/deps/openssl/openssl/crypto/evp/evp_locl.h index 209577b7c22342..f1589d68289428 100644 --- a/deps/openssl/openssl/crypto/evp/evp_locl.h +++ b/deps/openssl/openssl/crypto/evp/evp_locl.h @@ -1,5 +1,5 @@ /* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -59,7 +59,7 @@ struct evp_Encode_Ctx_st { unsigned char enc_data[80]; /* number read on current line */ int line_num; - int expect_nl; + unsigned int flags; }; typedef struct evp_pbe_st EVP_PBE_CTL; diff --git a/deps/openssl/openssl/crypto/evp/evp_pbe.c b/deps/openssl/openssl/crypto/evp/evp_pbe.c index eb7344c253bd3e..5a88817b4aa91c 100644 --- a/deps/openssl/openssl/crypto/evp/evp_pbe.c +++ b/deps/openssl/openssl/crypto/evp/evp_pbe.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -61,6 +61,8 @@ static const EVP_PBE_CTL builtin_pbe[] = { NID_des_cbc, NID_sha1, PKCS5_PBE_keyivgen}, {EVP_PBE_TYPE_PRF, NID_hmacWithSHA1, -1, NID_sha1, 0}, + {EVP_PBE_TYPE_PRF, NID_hmac_md5, -1, NID_md5, 0}, + {EVP_PBE_TYPE_PRF, NID_hmac_sha1, -1, NID_sha1, 0}, {EVP_PBE_TYPE_PRF, NID_hmacWithMD5, -1, NID_md5, 0}, {EVP_PBE_TYPE_PRF, NID_hmacWithSHA224, -1, NID_sha224, 0}, {EVP_PBE_TYPE_PRF, NID_hmacWithSHA256, -1, NID_sha256, 0}, @@ -71,6 +73,8 @@ static const EVP_PBE_CTL builtin_pbe[] = { NID_id_GostR3411_2012_256, 0}, {EVP_PBE_TYPE_PRF, NID_id_tc26_hmac_gost_3411_2012_512, -1, NID_id_GostR3411_2012_512, 0}, + {EVP_PBE_TYPE_PRF, NID_hmacWithSHA512_224, -1, NID_sha512_224, 0}, + {EVP_PBE_TYPE_PRF, NID_hmacWithSHA512_256, -1, NID_sha512_256, 0}, {EVP_PBE_TYPE_KDF, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen}, #ifndef OPENSSL_NO_SCRYPT {EVP_PBE_TYPE_KDF, NID_id_scrypt, -1, -1, PKCS5_v2_scrypt_keyivgen} @@ -213,10 +217,9 @@ int EVP_PBE_find(int type, int pbe_nid, pbelu.pbe_type = type; pbelu.pbe_nid = pbe_nid; - if (pbe_algs) { + if (pbe_algs != NULL) { i = sk_EVP_PBE_CTL_find(pbe_algs, &pbelu); - if (i != -1) - pbetmp = sk_EVP_PBE_CTL_value(pbe_algs, i); + pbetmp = sk_EVP_PBE_CTL_value(pbe_algs, i); } if (pbetmp == NULL) { pbetmp = OBJ_bsearch_pbe2(&pbelu, builtin_pbe, OSSL_NELEM(builtin_pbe)); diff --git a/deps/openssl/openssl/crypto/evp/evp_pkey.c b/deps/openssl/openssl/crypto/evp/evp_pkey.c index 81bffa6d91ada0..e61a8761a92d29 100644 --- a/deps/openssl/openssl/crypto/evp/evp_pkey.c +++ b/deps/openssl/openssl/crypto/evp/evp_pkey.c @@ -80,7 +80,6 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey) EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); goto error; } - RAND_add(p8->pkey->data, p8->pkey->length, 0.0); return p8; error: PKCS8_PRIV_KEY_INFO_free(p8); diff --git a/deps/openssl/openssl/crypto/evp/m_md4.c b/deps/openssl/openssl/crypto/evp/m_md4.c index f3decaaf0fc7fd..0efc586dbaff0b 100644 --- a/deps/openssl/openssl/crypto/evp/m_md4.c +++ b/deps/openssl/openssl/crypto/evp/m_md4.c @@ -50,6 +50,6 @@ static const EVP_MD md4_md = { const EVP_MD *EVP_md4(void) { - return (&md4_md); + return &md4_md; } #endif diff --git a/deps/openssl/openssl/crypto/evp/m_md5.c b/deps/openssl/openssl/crypto/evp/m_md5.c index f4dc0c43f4067f..3d96ae93b6c4a5 100644 --- a/deps/openssl/openssl/crypto/evp/m_md5.c +++ b/deps/openssl/openssl/crypto/evp/m_md5.c @@ -50,6 +50,6 @@ static const EVP_MD md5_md = { const EVP_MD *EVP_md5(void) { - return (&md5_md); + return &md5_md; } #endif diff --git a/deps/openssl/openssl/crypto/evp/m_mdc2.c b/deps/openssl/openssl/crypto/evp/m_mdc2.c index b7f0fd8c19e428..1051a9070f973d 100644 --- a/deps/openssl/openssl/crypto/evp/m_mdc2.c +++ b/deps/openssl/openssl/crypto/evp/m_mdc2.c @@ -50,6 +50,6 @@ static const EVP_MD mdc2_md = { const EVP_MD *EVP_mdc2(void) { - return (&mdc2_md); + return &mdc2_md; } #endif diff --git a/deps/openssl/openssl/crypto/evp/m_null.c b/deps/openssl/openssl/crypto/evp/m_null.c index 6c4daf56b1b28a..5dce1d510e28c9 100644 --- a/deps/openssl/openssl/crypto/evp/m_null.c +++ b/deps/openssl/openssl/crypto/evp/m_null.c @@ -45,5 +45,5 @@ static const EVP_MD null_md = { const EVP_MD *EVP_md_null(void) { - return (&null_md); + return &null_md; } diff --git a/deps/openssl/openssl/crypto/evp/m_ripemd.c b/deps/openssl/openssl/crypto/evp/m_ripemd.c index 07b46bd51887d1..7ab320843cee97 100644 --- a/deps/openssl/openssl/crypto/evp/m_ripemd.c +++ b/deps/openssl/openssl/crypto/evp/m_ripemd.c @@ -50,6 +50,6 @@ static const EVP_MD ripemd160_md = { const EVP_MD *EVP_ripemd160(void) { - return (&ripemd160_md); + return &ripemd160_md; } #endif diff --git a/deps/openssl/openssl/crypto/evp/m_sha1.c b/deps/openssl/openssl/crypto/evp/m_sha1.c index e68f32a0441dc9..ac52417855b3a7 100644 --- a/deps/openssl/openssl/crypto/evp/m_sha1.c +++ b/deps/openssl/openssl/crypto/evp/m_sha1.c @@ -15,6 +15,7 @@ #include #include #include "internal/evp_int.h" +#include "internal/sha.h" static int init(EVP_MD_CTX *ctx) { @@ -107,7 +108,7 @@ static const EVP_MD sha1_md = { const EVP_MD *EVP_sha1(void) { - return (&sha1_md); + return &sha1_md; } static int init224(EVP_MD_CTX *ctx) @@ -156,7 +157,7 @@ static const EVP_MD sha224_md = { const EVP_MD *EVP_sha224(void) { - return (&sha224_md); + return &sha224_md; } static const EVP_MD sha256_md = { @@ -175,7 +176,17 @@ static const EVP_MD sha256_md = { const EVP_MD *EVP_sha256(void) { - return (&sha256_md); + return &sha256_md; +} + +static int init512_224(EVP_MD_CTX *ctx) +{ + return sha512_224_init(EVP_MD_CTX_md_data(ctx)); +} + +static int init512_256(EVP_MD_CTX *ctx) +{ + return sha512_256_init(EVP_MD_CTX_md_data(ctx)); } static int init384(EVP_MD_CTX *ctx) @@ -209,6 +220,44 @@ static int final512(EVP_MD_CTX *ctx, unsigned char *md) return SHA512_Final(md, EVP_MD_CTX_md_data(ctx)); } +static const EVP_MD sha512_224_md = { + NID_sha512_224, + NID_sha512_224WithRSAEncryption, + SHA224_DIGEST_LENGTH, + EVP_MD_FLAG_DIGALGID_ABSENT, + init512_224, + update512, + final512, + NULL, + NULL, + SHA512_CBLOCK, + sizeof(EVP_MD *) + sizeof(SHA512_CTX), +}; + +const EVP_MD *EVP_sha512_224(void) +{ + return &sha512_224_md; +} + +static const EVP_MD sha512_256_md = { + NID_sha512_256, + NID_sha512_256WithRSAEncryption, + SHA256_DIGEST_LENGTH, + EVP_MD_FLAG_DIGALGID_ABSENT, + init512_256, + update512, + final512, + NULL, + NULL, + SHA512_CBLOCK, + sizeof(EVP_MD *) + sizeof(SHA512_CTX), +}; + +const EVP_MD *EVP_sha512_256(void) +{ + return &sha512_256_md; +} + static const EVP_MD sha384_md = { NID_sha384, NID_sha384WithRSAEncryption, @@ -225,7 +274,7 @@ static const EVP_MD sha384_md = { const EVP_MD *EVP_sha384(void) { - return (&sha384_md); + return &sha384_md; } static const EVP_MD sha512_md = { @@ -244,5 +293,5 @@ static const EVP_MD sha512_md = { const EVP_MD *EVP_sha512(void) { - return (&sha512_md); + return &sha512_md; } diff --git a/deps/openssl/openssl/crypto/evp/m_sha3.c b/deps/openssl/openssl/crypto/evp/m_sha3.c new file mode 100644 index 00000000000000..31379c0f6b9953 --- /dev/null +++ b/deps/openssl/openssl/crypto/evp/m_sha3.c @@ -0,0 +1,406 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include + +#include +#include +#include "internal/evp_int.h" +#include "evp_locl.h" + +size_t SHA3_absorb(uint64_t A[5][5], const unsigned char *inp, size_t len, + size_t r); +void SHA3_squeeze(uint64_t A[5][5], unsigned char *out, size_t len, size_t r); + +#define KECCAK1600_WIDTH 1600 + +typedef struct { + uint64_t A[5][5]; + size_t block_size; /* cached ctx->digest->block_size */ + size_t md_size; /* output length, variable in XOF */ + size_t num; /* used bytes in below buffer */ + unsigned char buf[KECCAK1600_WIDTH / 8 - 32]; + unsigned char pad; +} KECCAK1600_CTX; + +static int init(EVP_MD_CTX *evp_ctx, unsigned char pad) +{ + KECCAK1600_CTX *ctx = evp_ctx->md_data; + size_t bsz = evp_ctx->digest->block_size; + + if (bsz <= sizeof(ctx->buf)) { + memset(ctx->A, 0, sizeof(ctx->A)); + + ctx->num = 0; + ctx->block_size = bsz; + ctx->md_size = evp_ctx->digest->md_size; + ctx->pad = pad; + + return 1; + } + + return 0; +} + +static int sha3_init(EVP_MD_CTX *evp_ctx) +{ + return init(evp_ctx, '\x06'); +} + +static int shake_init(EVP_MD_CTX *evp_ctx) +{ + return init(evp_ctx, '\x1f'); +} + +static int sha3_update(EVP_MD_CTX *evp_ctx, const void *_inp, size_t len) +{ + KECCAK1600_CTX *ctx = evp_ctx->md_data; + const unsigned char *inp = _inp; + size_t bsz = ctx->block_size; + size_t num, rem; + + if (len == 0) + return 1; + + if ((num = ctx->num) != 0) { /* process intermediate buffer? */ + rem = bsz - num; + + if (len < rem) { + memcpy(ctx->buf + num, inp, len); + ctx->num += len; + return 1; + } + /* + * We have enough data to fill or overflow the intermediate + * buffer. So we append |rem| bytes and process the block, + * leaving the rest for later processing... + */ + memcpy(ctx->buf + num, inp, rem); + inp += rem, len -= rem; + (void)SHA3_absorb(ctx->A, ctx->buf, bsz, bsz); + ctx->num = 0; + /* ctx->buf is processed, ctx->num is guaranteed to be zero */ + } + + if (len >= bsz) + rem = SHA3_absorb(ctx->A, inp, len, bsz); + else + rem = len; + + if (rem) { + memcpy(ctx->buf, inp + len - rem, rem); + ctx->num = rem; + } + + return 1; +} + +static int sha3_final(EVP_MD_CTX *evp_ctx, unsigned char *md) +{ + KECCAK1600_CTX *ctx = evp_ctx->md_data; + size_t bsz = ctx->block_size; + size_t num = ctx->num; + + /* + * Pad the data with 10*1. Note that |num| can be |bsz - 1| + * in which case both byte operations below are performed on + * same byte... + */ + memset(ctx->buf + num, 0, bsz - num); + ctx->buf[num] = ctx->pad; + ctx->buf[bsz - 1] |= 0x80; + + (void)SHA3_absorb(ctx->A, ctx->buf, bsz, bsz); + + SHA3_squeeze(ctx->A, md, ctx->md_size, bsz); + + return 1; +} + +static int shake_ctrl(EVP_MD_CTX *evp_ctx, int cmd, int p1, void *p2) +{ + KECCAK1600_CTX *ctx = evp_ctx->md_data; + + switch (cmd) { + case EVP_MD_CTRL_XOF_LEN: + ctx->md_size = p1; + return 1; + default: + return 0; + } +} + +#if defined(OPENSSL_CPUID_OBJ) && defined(__s390__) && defined(KECCAK1600_ASM) +/* + * IBM S390X support + */ +# include "s390x_arch.h" + +# define S390X_SHA3_FC(ctx) ((ctx)->pad) + +# define S390X_sha3_224_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] & \ + S390X_CAPBIT(S390X_SHA3_224)) && \ + (OPENSSL_s390xcap_P.klmd[0] & \ + S390X_CAPBIT(S390X_SHA3_224))) +# define S390X_sha3_256_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] & \ + S390X_CAPBIT(S390X_SHA3_256)) && \ + (OPENSSL_s390xcap_P.klmd[0] & \ + S390X_CAPBIT(S390X_SHA3_256))) +# define S390X_sha3_384_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] & \ + S390X_CAPBIT(S390X_SHA3_384)) && \ + (OPENSSL_s390xcap_P.klmd[0] & \ + S390X_CAPBIT(S390X_SHA3_384))) +# define S390X_sha3_512_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] & \ + S390X_CAPBIT(S390X_SHA3_512)) && \ + (OPENSSL_s390xcap_P.klmd[0] & \ + S390X_CAPBIT(S390X_SHA3_512))) +# define S390X_shake128_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] & \ + S390X_CAPBIT(S390X_SHAKE_128)) && \ + (OPENSSL_s390xcap_P.klmd[0] & \ + S390X_CAPBIT(S390X_SHAKE_128))) +# define S390X_shake256_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] & \ + S390X_CAPBIT(S390X_SHAKE_256)) && \ + (OPENSSL_s390xcap_P.klmd[0] & \ + S390X_CAPBIT(S390X_SHAKE_256))) + +/* Convert md-size to block-size. */ +# define S390X_KECCAK1600_BSZ(n) ((KECCAK1600_WIDTH - ((n) << 1)) >> 3) + +static int s390x_sha3_init(EVP_MD_CTX *evp_ctx) +{ + KECCAK1600_CTX *ctx = evp_ctx->md_data; + const size_t bsz = evp_ctx->digest->block_size; + + /*- + * KECCAK1600_CTX structure's pad field is used to store the KIMD/KLMD + * function code. + */ + switch (bsz) { + case S390X_KECCAK1600_BSZ(224): + ctx->pad = S390X_SHA3_224; + break; + case S390X_KECCAK1600_BSZ(256): + ctx->pad = S390X_SHA3_256; + break; + case S390X_KECCAK1600_BSZ(384): + ctx->pad = S390X_SHA3_384; + break; + case S390X_KECCAK1600_BSZ(512): + ctx->pad = S390X_SHA3_512; + break; + default: + return 0; + } + + memset(ctx->A, 0, sizeof(ctx->A)); + ctx->num = 0; + ctx->block_size = bsz; + ctx->md_size = evp_ctx->digest->md_size; + return 1; +} + +static int s390x_shake_init(EVP_MD_CTX *evp_ctx) +{ + KECCAK1600_CTX *ctx = evp_ctx->md_data; + const size_t bsz = evp_ctx->digest->block_size; + + /*- + * KECCAK1600_CTX structure's pad field is used to store the KIMD/KLMD + * function code. + */ + switch (bsz) { + case S390X_KECCAK1600_BSZ(128): + ctx->pad = S390X_SHAKE_128; + break; + case S390X_KECCAK1600_BSZ(256): + ctx->pad = S390X_SHAKE_256; + break; + default: + return 0; + } + + memset(ctx->A, 0, sizeof(ctx->A)); + ctx->num = 0; + ctx->block_size = bsz; + ctx->md_size = evp_ctx->digest->md_size; + return 1; +} + +static int s390x_sha3_update(EVP_MD_CTX *evp_ctx, const void *_inp, size_t len) +{ + KECCAK1600_CTX *ctx = evp_ctx->md_data; + const unsigned char *inp = _inp; + const size_t bsz = ctx->block_size; + size_t num, rem; + + if (len == 0) + return 1; + + if ((num = ctx->num) != 0) { + rem = bsz - num; + + if (len < rem) { + memcpy(ctx->buf + num, inp, len); + ctx->num += len; + return 1; + } + memcpy(ctx->buf + num, inp, rem); + inp += rem; + len -= rem; + s390x_kimd(ctx->buf, bsz, ctx->pad, ctx->A); + ctx->num = 0; + } + rem = len % bsz; + + s390x_kimd(inp, len - rem, ctx->pad, ctx->A); + + if (rem) { + memcpy(ctx->buf, inp + len - rem, rem); + ctx->num = rem; + } + return 1; +} + +static int s390x_sha3_final(EVP_MD_CTX *evp_ctx, unsigned char *md) +{ + KECCAK1600_CTX *ctx = evp_ctx->md_data; + + s390x_klmd(ctx->buf, ctx->num, NULL, 0, ctx->pad, ctx->A); + memcpy(md, ctx->A, ctx->md_size); + return 1; +} + +static int s390x_shake_final(EVP_MD_CTX *evp_ctx, unsigned char *md) +{ + KECCAK1600_CTX *ctx = evp_ctx->md_data; + + s390x_klmd(ctx->buf, ctx->num, md, ctx->md_size, ctx->pad, ctx->A); + return 1; +} + +# define EVP_MD_SHA3(bitlen) \ +const EVP_MD *EVP_sha3_##bitlen(void) \ +{ \ + static const EVP_MD s390x_sha3_##bitlen##_md = { \ + NID_sha3_##bitlen, \ + NID_RSA_SHA3_##bitlen, \ + bitlen / 8, \ + EVP_MD_FLAG_DIGALGID_ABSENT, \ + s390x_sha3_init, \ + s390x_sha3_update, \ + s390x_sha3_final, \ + NULL, \ + NULL, \ + (KECCAK1600_WIDTH - bitlen * 2) / 8, \ + sizeof(KECCAK1600_CTX), \ + }; \ + static const EVP_MD sha3_##bitlen##_md = { \ + NID_sha3_##bitlen, \ + NID_RSA_SHA3_##bitlen, \ + bitlen / 8, \ + EVP_MD_FLAG_DIGALGID_ABSENT, \ + sha3_init, \ + sha3_update, \ + sha3_final, \ + NULL, \ + NULL, \ + (KECCAK1600_WIDTH - bitlen * 2) / 8, \ + sizeof(KECCAK1600_CTX), \ + }; \ + return S390X_sha3_##bitlen##_CAPABLE ? \ + &s390x_sha3_##bitlen##_md : \ + &sha3_##bitlen##_md; \ +} + +# define EVP_MD_SHAKE(bitlen) \ +const EVP_MD *EVP_shake##bitlen(void) \ +{ \ + static const EVP_MD s390x_shake##bitlen##_md = { \ + NID_shake##bitlen, \ + 0, \ + bitlen / 8, \ + EVP_MD_FLAG_XOF, \ + s390x_shake_init, \ + s390x_sha3_update, \ + s390x_shake_final, \ + NULL, \ + NULL, \ + (KECCAK1600_WIDTH - bitlen * 2) / 8, \ + sizeof(KECCAK1600_CTX), \ + shake_ctrl \ + }; \ + static const EVP_MD shake##bitlen##_md = { \ + NID_shake##bitlen, \ + 0, \ + bitlen / 8, \ + EVP_MD_FLAG_XOF, \ + shake_init, \ + sha3_update, \ + sha3_final, \ + NULL, \ + NULL, \ + (KECCAK1600_WIDTH - bitlen * 2) / 8, \ + sizeof(KECCAK1600_CTX), \ + shake_ctrl \ + }; \ + return S390X_shake##bitlen##_CAPABLE ? \ + &s390x_shake##bitlen##_md : \ + &shake##bitlen##_md; \ +} + +#else + +# define EVP_MD_SHA3(bitlen) \ +const EVP_MD *EVP_sha3_##bitlen(void) \ +{ \ + static const EVP_MD sha3_##bitlen##_md = { \ + NID_sha3_##bitlen, \ + NID_RSA_SHA3_##bitlen, \ + bitlen / 8, \ + EVP_MD_FLAG_DIGALGID_ABSENT, \ + sha3_init, \ + sha3_update, \ + sha3_final, \ + NULL, \ + NULL, \ + (KECCAK1600_WIDTH - bitlen * 2) / 8, \ + sizeof(KECCAK1600_CTX), \ + }; \ + return &sha3_##bitlen##_md; \ +} + +# define EVP_MD_SHAKE(bitlen) \ +const EVP_MD *EVP_shake##bitlen(void) \ +{ \ + static const EVP_MD shake##bitlen##_md = { \ + NID_shake##bitlen, \ + 0, \ + bitlen / 8, \ + EVP_MD_FLAG_XOF, \ + shake_init, \ + sha3_update, \ + sha3_final, \ + NULL, \ + NULL, \ + (KECCAK1600_WIDTH - bitlen * 2) / 8, \ + sizeof(KECCAK1600_CTX), \ + shake_ctrl \ + }; \ + return &shake##bitlen##_md; \ +} +#endif + +EVP_MD_SHA3(224) +EVP_MD_SHA3(256) +EVP_MD_SHA3(384) +EVP_MD_SHA3(512) + +EVP_MD_SHAKE(128) +EVP_MD_SHAKE(256) diff --git a/deps/openssl/openssl/crypto/evp/m_sigver.c b/deps/openssl/openssl/crypto/evp/m_sigver.c index 582e563d50312d..94e37f02b22eb4 100644 --- a/deps/openssl/openssl/crypto/evp/m_sigver.c +++ b/deps/openssl/openssl/crypto/evp/m_sigver.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -15,6 +15,12 @@ #include "internal/evp_int.h" #include "evp_locl.h" +static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen) +{ + EVPerr(EVP_F_UPDATE, EVP_R_ONLY_ONESHOT_SUPPORTED); + return 0; +} + static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey, int ver) @@ -43,15 +49,23 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, if (ctx->pctx->pmeth->verifyctx_init(ctx->pctx, ctx) <= 0) return 0; ctx->pctx->operation = EVP_PKEY_OP_VERIFYCTX; - } else if (EVP_PKEY_verify_init(ctx->pctx) <= 0) + } else if (ctx->pctx->pmeth->digestverify != 0) { + ctx->pctx->operation = EVP_PKEY_OP_VERIFY; + ctx->update = update; + } else if (EVP_PKEY_verify_init(ctx->pctx) <= 0) { return 0; + } } else { if (ctx->pctx->pmeth->signctx_init) { if (ctx->pctx->pmeth->signctx_init(ctx->pctx, ctx) <= 0) return 0; ctx->pctx->operation = EVP_PKEY_OP_SIGNCTX; - } else if (EVP_PKEY_sign_init(ctx->pctx) <= 0) + } else if (ctx->pctx->pmeth->digestsign != 0) { + ctx->pctx->operation = EVP_PKEY_OP_SIGN; + ctx->update = update; + } else if (EVP_PKEY_sign_init(ctx->pctx) <= 0) { return 0; + } } if (EVP_PKEY_CTX_set_signature_md(ctx->pctx, type) <= 0) return 0; @@ -61,6 +75,13 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, return 1; if (!EVP_DigestInit_ex(ctx, type, e)) return 0; + /* + * This indicates the current algorithm requires + * special treatment before hashing the tbs-message. + */ + if (ctx->pctx->pmeth->digest_custom != NULL) + return ctx->pctx->pmeth->digest_custom(ctx->pctx, ctx); + return 1; } @@ -139,6 +160,16 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, return 1; } +int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen, + const unsigned char *tbs, size_t tbslen) +{ + if (ctx->pctx->pmeth->digestsign != NULL) + return ctx->pctx->pmeth->digestsign(ctx, sigret, siglen, tbs, tbslen); + if (sigret != NULL && EVP_DigestSignUpdate(ctx, tbs, tbslen) <= 0) + return 0; + return EVP_DigestSignFinal(ctx, sigret, siglen); +} + int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, size_t siglen) { @@ -152,9 +183,9 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, else vctx = 0; if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) { - if (vctx) { + if (vctx) r = ctx->pctx->pmeth->verifyctx(ctx->pctx, sig, siglen, ctx); - } else + else r = EVP_DigestFinal_ex(ctx, md, &mdlen); } else { EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new(); @@ -164,10 +195,10 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, EVP_MD_CTX_free(tmp_ctx); return -1; } - if (vctx) { + if (vctx) r = tmp_ctx->pctx->pmeth->verifyctx(tmp_ctx->pctx, sig, siglen, tmp_ctx); - } else + else r = EVP_DigestFinal_ex(tmp_ctx, md, &mdlen); EVP_MD_CTX_free(tmp_ctx); } @@ -175,3 +206,13 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, return r; return EVP_PKEY_verify(ctx->pctx, sig, siglen, md, mdlen); } + +int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, + size_t siglen, const unsigned char *tbs, size_t tbslen) +{ + if (ctx->pctx->pmeth->digestverify != NULL) + return ctx->pctx->pmeth->digestverify(ctx, sigret, siglen, tbs, tbslen); + if (EVP_DigestVerifyUpdate(ctx, tbs, tbslen) <= 0) + return -1; + return EVP_DigestVerifyFinal(ctx, sigret, siglen); +} diff --git a/deps/openssl/openssl/crypto/evp/m_wp.c b/deps/openssl/openssl/crypto/evp/m_wp.c index 94fac226b69f33..27e2b3c5cab8a3 100644 --- a/deps/openssl/openssl/crypto/evp/m_wp.c +++ b/deps/openssl/openssl/crypto/evp/m_wp.c @@ -49,6 +49,6 @@ static const EVP_MD whirlpool_md = { const EVP_MD *EVP_whirlpool(void) { - return (&whirlpool_md); + return &whirlpool_md; } #endif diff --git a/deps/openssl/openssl/crypto/evp/names.c b/deps/openssl/openssl/crypto/evp/names.c index a92be1fedf18a9..077c2a6c4b9a38 100644 --- a/deps/openssl/openssl/crypto/evp/names.c +++ b/deps/openssl/openssl/crypto/evp/names.c @@ -10,7 +10,7 @@ #include #include "internal/cryptlib.h" #include -#include +#include "internal/objects.h" #include #include "internal/evp_int.h" @@ -24,10 +24,10 @@ int EVP_add_cipher(const EVP_CIPHER *c) r = OBJ_NAME_add(OBJ_nid2sn(c->nid), OBJ_NAME_TYPE_CIPHER_METH, (const char *)c); if (r == 0) - return (0); + return 0; r = OBJ_NAME_add(OBJ_nid2ln(c->nid), OBJ_NAME_TYPE_CIPHER_METH, (const char *)c); - return (r); + return r; } int EVP_add_digest(const EVP_MD *md) @@ -38,21 +38,21 @@ int EVP_add_digest(const EVP_MD *md) name = OBJ_nid2sn(md->type); r = OBJ_NAME_add(name, OBJ_NAME_TYPE_MD_METH, (const char *)md); if (r == 0) - return (0); + return 0; r = OBJ_NAME_add(OBJ_nid2ln(md->type), OBJ_NAME_TYPE_MD_METH, (const char *)md); if (r == 0) - return (0); + return 0; if (md->pkey_type && md->type != md->pkey_type) { r = OBJ_NAME_add(OBJ_nid2sn(md->pkey_type), OBJ_NAME_TYPE_MD_METH | OBJ_NAME_ALIAS, name); if (r == 0) - return (0); + return 0; r = OBJ_NAME_add(OBJ_nid2ln(md->pkey_type), OBJ_NAME_TYPE_MD_METH | OBJ_NAME_ALIAS, name); } - return (r); + return r; } const EVP_CIPHER *EVP_get_cipherbyname(const char *name) @@ -63,7 +63,7 @@ const EVP_CIPHER *EVP_get_cipherbyname(const char *name) return NULL; cp = (const EVP_CIPHER *)OBJ_NAME_get(name, OBJ_NAME_TYPE_CIPHER_METH); - return (cp); + return cp; } const EVP_MD *EVP_get_digestbyname(const char *name) @@ -74,7 +74,7 @@ const EVP_MD *EVP_get_digestbyname(const char *name) return NULL; cp = (const EVP_MD *)OBJ_NAME_get(name, OBJ_NAME_TYPE_MD_METH); - return (cp); + return cp; } void evp_cleanup_int(void) @@ -90,6 +90,8 @@ void evp_cleanup_int(void) EVP_PBE_cleanup(); OBJ_sigid_free(); + + evp_app_cleanup_int(); } struct doall_cipher { diff --git a/deps/openssl/openssl/crypto/evp/p5_crpt2.c b/deps/openssl/openssl/crypto/evp/p5_crpt2.c index 6d5f289b519568..e819eb9b47dcb4 100644 --- a/deps/openssl/openssl/crypto/evp/p5_crpt2.c +++ b/deps/openssl/openssl/crypto/evp/p5_crpt2.c @@ -25,8 +25,7 @@ static void h__dump(const unsigned char *p, int len); /* * This is an implementation of PKCS#5 v2.0 password based encryption key * derivation function PBKDF2. SHA1 version verified against test vectors - * posted by Peter Gutmann to the PKCS-TNG - * mailing list. + * posted by Peter Gutmann to the PKCS-TNG mailing list. */ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, @@ -88,7 +87,6 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, HMAC_CTX_free(hctx_tpl); return 0; } - HMAC_CTX_reset(hctx); memcpy(p, digtmp, cplen); for (j = 1; j < iter; j++) { if (!HMAC_CTX_copy(hctx, hctx_tpl)) { @@ -102,7 +100,6 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, HMAC_CTX_free(hctx_tpl); return 0; } - HMAC_CTX_reset(hctx); for (k = 0; k < cplen; k++) p[k] ^= digtmp[k]; } @@ -132,18 +129,6 @@ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, keylen, out); } -# ifdef DO_TEST -main() -{ - unsigned char out[4]; - unsigned char salt[] = { 0x12, 0x34, 0x56, 0x78 }; - PKCS5_PBKDF2_HMAC_SHA1("password", -1, salt, 4, 5, 4, out); - fprintf(stderr, "Out %02X %02X %02X %02X\n", - out[0], out[1], out[2], out[3]); -} - -# endif - /* * Now the key derivation function itself. This is a bit evil because it has * to check the ASN1 parameters are valid: and there are quite a few of diff --git a/deps/openssl/openssl/crypto/evp/p_dec.c b/deps/openssl/openssl/crypto/evp/p_dec.c index 6bec4062c8fffe..a150a26e092c70 100644 --- a/deps/openssl/openssl/crypto/evp/p_dec.c +++ b/deps/openssl/openssl/crypto/evp/p_dec.c @@ -32,5 +32,5 @@ int EVP_PKEY_decrypt_old(unsigned char *key, const unsigned char *ek, int ekl, RSA_PKCS1_PADDING); err: #endif - return (ret); + return ret; } diff --git a/deps/openssl/openssl/crypto/evp/p_enc.c b/deps/openssl/openssl/crypto/evp/p_enc.c index 3277fbb006a443..04d67cb50f2469 100644 --- a/deps/openssl/openssl/crypto/evp/p_enc.c +++ b/deps/openssl/openssl/crypto/evp/p_enc.c @@ -31,5 +31,5 @@ int EVP_PKEY_encrypt_old(unsigned char *ek, const unsigned char *key, RSA_PKCS1_PADDING); err: #endif - return (ret); + return ret; } diff --git a/deps/openssl/openssl/crypto/evp/p_lib.c b/deps/openssl/openssl/crypto/evp/p_lib.c index d7372aa129f7a1..9429be97e3f93a 100644 --- a/deps/openssl/openssl/crypto/evp/p_lib.c +++ b/deps/openssl/openssl/crypto/evp/p_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,6 +9,7 @@ #include #include "internal/cryptlib.h" +#include "internal/refcount.h" #include #include #include @@ -17,6 +18,7 @@ #include #include #include +#include #include #include "internal/asn1_int.h" @@ -55,7 +57,7 @@ int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode) if (mode >= 0) pkey->save_parameters = mode; - return (ret); + return ret; } #endif #ifndef OPENSSL_NO_EC @@ -64,10 +66,10 @@ int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode) if (mode >= 0) pkey->save_parameters = mode; - return (ret); + return ret; } #endif - return (0); + return 0; } int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) @@ -160,7 +162,7 @@ int EVP_PKEY_up_ref(EVP_PKEY *pkey) { int i; - if (CRYPTO_atomic_add(&pkey->references, 1, &i, pkey->lock) <= 0) + if (CRYPTO_UP_REF(&pkey->references, &i, pkey->lock) <= 0) return 0; REF_PRINT_COUNT("EVP_PKEY", pkey); @@ -173,10 +175,12 @@ int EVP_PKEY_up_ref(EVP_PKEY *pkey) * is NULL just return 1 or 0 if the algorithm exists. */ -static int pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len) +static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, + int len) { const EVP_PKEY_ASN1_METHOD *ameth; - ENGINE *e = NULL; + ENGINE **eptr = (e == NULL) ? &e : NULL; + if (pkey) { if (pkey->pkey.ptr) EVP_PKEY_free_it(pkey); @@ -195,11 +199,11 @@ static int pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len) #endif } if (str) - ameth = EVP_PKEY_asn1_find_str(&e, str, len); + ameth = EVP_PKEY_asn1_find_str(eptr, str, len); else - ameth = EVP_PKEY_asn1_find(&e, type); + ameth = EVP_PKEY_asn1_find(eptr, type); #ifndef OPENSSL_NO_ENGINE - if (pkey == NULL) + if (pkey == NULL && eptr != NULL) ENGINE_finish(e); #endif if (ameth == NULL) { @@ -216,15 +220,162 @@ static int pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len) return 1; } +EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e, + const unsigned char *priv, + size_t len) +{ + EVP_PKEY *ret = EVP_PKEY_new(); + + if (ret == NULL + || !pkey_set_type(ret, e, type, NULL, -1)) { + /* EVPerr already called */ + goto err; + } + + if (ret->ameth->set_priv_key == NULL) { + EVPerr(EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + goto err; + } + + if (!ret->ameth->set_priv_key(ret, priv, len)) { + EVPerr(EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY, EVP_R_KEY_SETUP_FAILED); + goto err; + } + + return ret; + + err: + EVP_PKEY_free(ret); + return NULL; +} + +EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e, + const unsigned char *pub, + size_t len) +{ + EVP_PKEY *ret = EVP_PKEY_new(); + + if (ret == NULL + || !pkey_set_type(ret, e, type, NULL, -1)) { + /* EVPerr already called */ + goto err; + } + + if (ret->ameth->set_pub_key == NULL) { + EVPerr(EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + goto err; + } + + if (!ret->ameth->set_pub_key(ret, pub, len)) { + EVPerr(EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY, EVP_R_KEY_SETUP_FAILED); + goto err; + } + + return ret; + + err: + EVP_PKEY_free(ret); + return NULL; +} + +int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, unsigned char *priv, + size_t *len) +{ + if (pkey->ameth->get_priv_key == NULL) { + EVPerr(EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return 0; + } + + if (!pkey->ameth->get_priv_key(pkey, priv, len)) { + EVPerr(EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY, EVP_R_GET_RAW_KEY_FAILED); + return 0; + } + + return 1; +} + +int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub, + size_t *len) +{ + if (pkey->ameth->get_pub_key == NULL) { + EVPerr(EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return 0; + } + + if (!pkey->ameth->get_pub_key(pkey, pub, len)) { + EVPerr(EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY, EVP_R_GET_RAW_KEY_FAILED); + return 0; + } + + return 1; +} + +EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, + size_t len, const EVP_CIPHER *cipher) +{ +#ifndef OPENSSL_NO_CMAC + EVP_PKEY *ret = EVP_PKEY_new(); + CMAC_CTX *cmctx = CMAC_CTX_new(); + + if (ret == NULL + || cmctx == NULL + || !pkey_set_type(ret, e, EVP_PKEY_CMAC, NULL, -1)) { + /* EVPerr already called */ + goto err; + } + + if (!CMAC_Init(cmctx, priv, len, cipher, e)) { + EVPerr(EVP_F_EVP_PKEY_NEW_CMAC_KEY, EVP_R_KEY_SETUP_FAILED); + goto err; + } + + ret->pkey.ptr = cmctx; + return ret; + + err: + EVP_PKEY_free(ret); + CMAC_CTX_free(cmctx); + return NULL; +#else + EVPerr(EVP_F_EVP_PKEY_NEW_CMAC_KEY, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return NULL; +#endif +} + int EVP_PKEY_set_type(EVP_PKEY *pkey, int type) { - return pkey_set_type(pkey, type, NULL, -1); + return pkey_set_type(pkey, NULL, type, NULL, -1); } int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len) { - return pkey_set_type(pkey, EVP_PKEY_NONE, str, len); + return pkey_set_type(pkey, NULL, EVP_PKEY_NONE, str, len); +} + +int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type) +{ + if (pkey->type == type) { + return 1; /* it already is that type */ + } + + /* + * The application is requesting to alias this to a different pkey type, + * but not one that resolves to the base type. + */ + if (EVP_PKEY_type(type) != EVP_PKEY_base_id(pkey)) { + EVPerr(EVP_F_EVP_PKEY_SET_ALIAS_TYPE, EVP_R_UNSUPPORTED_ALGORITHM); + return 0; + } + + pkey->type = type; + return 1; } + #ifndef OPENSSL_NO_ENGINE int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *e) { @@ -269,6 +420,35 @@ const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len) return os->data; } +#ifndef OPENSSL_NO_POLY1305 +const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len) +{ + ASN1_OCTET_STRING *os = NULL; + if (pkey->type != EVP_PKEY_POLY1305) { + EVPerr(EVP_F_EVP_PKEY_GET0_POLY1305, EVP_R_EXPECTING_A_POLY1305_KEY); + return NULL; + } + os = EVP_PKEY_get0(pkey); + *len = os->length; + return os->data; +} +#endif + +#ifndef OPENSSL_NO_SIPHASH +const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len) +{ + ASN1_OCTET_STRING *os = NULL; + + if (pkey->type != EVP_PKEY_SIPHASH) { + EVPerr(EVP_F_EVP_PKEY_GET0_SIPHASH, EVP_R_EXPECTING_A_SIPHASH_KEY); + return NULL; + } + os = EVP_PKEY_get0(pkey); + *len = os->length; + return os->data; +} +#endif + #ifndef OPENSSL_NO_RSA int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key) { @@ -412,7 +592,7 @@ void EVP_PKEY_free(EVP_PKEY *x) if (x == NULL) return; - CRYPTO_atomic_add(&x->references, -1, &i, x->lock); + CRYPTO_DOWN_REF(&x->references, &i, x->lock); REF_PRINT_COUNT("EVP_PKEY", x); if (i > 0) return; diff --git a/deps/openssl/openssl/crypto/evp/p_open.c b/deps/openssl/openssl/crypto/evp/p_open.c index b65bc74ed1424e..f2976f8a994aef 100644 --- a/deps/openssl/openssl/crypto/evp/p_open.c +++ b/deps/openssl/openssl/crypto/evp/p_open.c @@ -58,7 +58,7 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, ret = 1; err: OPENSSL_clear_free(key, size); - return (ret); + return ret; } int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) @@ -68,6 +68,6 @@ int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) i = EVP_DecryptFinal_ex(ctx, out, outl); if (i) i = EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL); - return (i); + return i; } #endif diff --git a/deps/openssl/openssl/crypto/evp/p_seal.c b/deps/openssl/openssl/crypto/evp/p_seal.c index 6f026e7c4fe75b..e851d7ab8b569d 100644 --- a/deps/openssl/openssl/crypto/evp/p_seal.c +++ b/deps/openssl/openssl/crypto/evp/p_seal.c @@ -55,18 +55,6 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, return rv; } -/*- MACRO -void EVP_SealUpdate(ctx,out,outl,in,inl) -EVP_CIPHER_CTX *ctx; -unsigned char *out; -int *outl; -unsigned char *in; -int inl; - { - EVP_EncryptUpdate(ctx,out,outl,in,inl); - } -*/ - int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { int i; diff --git a/deps/openssl/openssl/crypto/evp/scrypt.c b/deps/openssl/openssl/crypto/evp/pbe_scrypt.c similarity index 90% rename from deps/openssl/openssl/crypto/evp/scrypt.c rename to deps/openssl/openssl/crypto/evp/pbe_scrypt.c index 3543df540337ca..57da82f3fe4c0d 100644 --- a/deps/openssl/openssl/crypto/evp/scrypt.c +++ b/deps/openssl/openssl/crypto/evp/pbe_scrypt.c @@ -12,7 +12,7 @@ #include #include #include -#include +#include "internal/numbers.h" #ifndef OPENSSL_NO_SCRYPT @@ -164,7 +164,6 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, unsigned char *B; uint32_t *X, *V, *T; uint64_t i, Blen, Vlen; - size_t allocsize; /* Sanity check parameters */ /* initial check, r,p must be non zero, N >= 2 and a power of 2 */ @@ -196,10 +195,17 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, * p * r < SCRYPT_PR_MAX */ Blen = p * 128 * r; + /* + * Yet we pass it as integer to PKCS5_PBKDF2_HMAC... [This would + * have to be revised when/if PKCS5_PBKDF2_HMAC accepts size_t.] + */ + if (Blen > INT_MAX) { + EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED); + return 0; + } /* - * Check 32 * r * (N + 2) * sizeof(uint32_t) fits in - * uint64_t and also size_t (their sizes are unrelated). + * Check 32 * r * (N + 2) * sizeof(uint32_t) fits in uint64_t * This is combined size V, X and T (section 4) */ i = UINT64_MAX / (32 * sizeof(uint32_t)); @@ -214,16 +220,15 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED); return 0; } - /* check total allocated size fits in size_t */ - if (Blen > SIZE_MAX - Vlen) - return 0; - - allocsize = (size_t)(Blen + Vlen); if (maxmem == 0) maxmem = SCRYPT_MAX_MEM; - if (allocsize > maxmem) { + /* Check that the maximum memory doesn't exceed a size_t limits */ + if (maxmem > SIZE_MAX) + maxmem = SIZE_MAX; + + if (Blen + Vlen > maxmem) { EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED); return 0; } @@ -232,7 +237,7 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, if (key == NULL) return 1; - B = OPENSSL_malloc(allocsize); + B = OPENSSL_malloc((size_t)(Blen + Vlen)); if (B == NULL) { EVPerr(EVP_F_EVP_PBE_SCRYPT, ERR_R_MALLOC_FAILURE); return 0; @@ -241,13 +246,13 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, T = X + 32 * r; V = T + 32 * r; if (PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, 1, EVP_sha256(), - Blen, B) == 0) + (int)Blen, B) == 0) goto err; for (i = 0; i < p; i++) scryptROMix(B + 128 * r * i, r, N, X, T, V); - if (PKCS5_PBKDF2_HMAC(pass, passlen, B, Blen, 1, EVP_sha256(), + if (PKCS5_PBKDF2_HMAC(pass, passlen, B, (int)Blen, 1, EVP_sha256(), keylen, key) == 0) goto err; rv = 1; @@ -255,7 +260,7 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, if (rv == 0) EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_PBKDF2_ERROR); - OPENSSL_clear_free(B, allocsize); + OPENSSL_clear_free(B, (size_t)(Blen + Vlen)); return rv; } #endif diff --git a/deps/openssl/openssl/crypto/evp/pmeth_fn.c b/deps/openssl/openssl/crypto/evp/pmeth_fn.c index eb638019ce077f..de1c07e171144b 100644 --- a/deps/openssl/openssl/crypto/evp/pmeth_fn.c +++ b/deps/openssl/openssl/crypto/evp/pmeth_fn.c @@ -255,7 +255,7 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer) } /* - * ran@cryptocom.ru: For clarity. The error is if parameters in peer are + * For clarity. The error is if parameters in peer are * present (!missing) but don't match. EVP_PKEY_cmp_parameters may return * 1 (match), 0 (don't match) and -2 (comparison is not defined). -1 * (different key types) is impossible here because it is checked earlier. diff --git a/deps/openssl/openssl/crypto/evp/pmeth_gn.c b/deps/openssl/openssl/crypto/evp/pmeth_gn.c index 6adc3a9c19867e..e14965f3338453 100644 --- a/deps/openssl/openssl/crypto/evp/pmeth_gn.c +++ b/deps/openssl/openssl/crypto/evp/pmeth_gn.c @@ -13,6 +13,7 @@ #include #include #include "internal/bn_int.h" +#include "internal/asn1_int.h" #include "internal/evp_int.h" int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx) @@ -167,3 +168,72 @@ EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, EVP_PKEY_CTX_free(mac_ctx); return mac_key; } + +int EVP_PKEY_check(EVP_PKEY_CTX *ctx) +{ + EVP_PKEY *pkey = ctx->pkey; + + if (pkey == NULL) { + EVPerr(EVP_F_EVP_PKEY_CHECK, EVP_R_NO_KEY_SET); + return 0; + } + + /* call customized check function first */ + if (ctx->pmeth->check != NULL) + return ctx->pmeth->check(pkey); + + /* use default check function in ameth */ + if (pkey->ameth == NULL || pkey->ameth->pkey_check == NULL) { + EVPerr(EVP_F_EVP_PKEY_CHECK, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + + return pkey->ameth->pkey_check(pkey); +} + +int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx) +{ + EVP_PKEY *pkey = ctx->pkey; + + if (pkey == NULL) { + EVPerr(EVP_F_EVP_PKEY_PUBLIC_CHECK, EVP_R_NO_KEY_SET); + return 0; + } + + /* call customized public key check function first */ + if (ctx->pmeth->public_check != NULL) + return ctx->pmeth->public_check(pkey); + + /* use default public key check function in ameth */ + if (pkey->ameth == NULL || pkey->ameth->pkey_public_check == NULL) { + EVPerr(EVP_F_EVP_PKEY_PUBLIC_CHECK, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + + return pkey->ameth->pkey_public_check(pkey); +} + +int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx) +{ + EVP_PKEY *pkey = ctx->pkey; + + if (pkey == NULL) { + EVPerr(EVP_F_EVP_PKEY_PARAM_CHECK, EVP_R_NO_KEY_SET); + return 0; + } + + /* call customized param check function first */ + if (ctx->pmeth->param_check != NULL) + return ctx->pmeth->param_check(pkey); + + /* use default param check function in ameth */ + if (pkey->ameth == NULL || pkey->ameth->pkey_param_check == NULL) { + EVPerr(EVP_F_EVP_PKEY_PARAM_CHECK, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + + return pkey->ameth->pkey_param_check(pkey); +} diff --git a/deps/openssl/openssl/crypto/evp/pmeth_lib.c b/deps/openssl/openssl/crypto/evp/pmeth_lib.c index f623db34836afa..7fbf895e073216 100644 --- a/deps/openssl/openssl/crypto/evp/pmeth_lib.c +++ b/deps/openssl/openssl/crypto/evp/pmeth_lib.c @@ -21,6 +21,7 @@ typedef int sk_cmp_fn_type(const char *const *a, const char *const *b); static STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL; +/* This array needs to be in order of NIDs */ static const EVP_PKEY_METHOD *standard_methods[] = { #ifndef OPENSSL_NO_RSA &rsa_pkey_meth, @@ -38,14 +39,34 @@ static const EVP_PKEY_METHOD *standard_methods[] = { #ifndef OPENSSL_NO_CMAC &cmac_pkey_meth, #endif +#ifndef OPENSSL_NO_RSA + &rsa_pss_pkey_meth, +#endif #ifndef OPENSSL_NO_DH &dhx_pkey_meth, +#endif +#ifndef OPENSSL_NO_SCRYPT + &scrypt_pkey_meth, #endif &tls1_prf_pkey_meth, #ifndef OPENSSL_NO_EC &ecx25519_pkey_meth, + &ecx448_pkey_meth, +#endif + &hkdf_pkey_meth, +#ifndef OPENSSL_NO_POLY1305 + &poly1305_pkey_meth, +#endif +#ifndef OPENSSL_NO_SIPHASH + &siphash_pkey_meth, +#endif +#ifndef OPENSSL_NO_EC + &ed25519_pkey_meth, + &ed448_pkey_meth, +#endif +#ifndef OPENSSL_NO_SM2 + &sm2_pkey_meth, #endif - &hkdf_pkey_meth }; DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *, @@ -83,10 +104,11 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) { EVP_PKEY_CTX *ret; const EVP_PKEY_METHOD *pmeth; + if (id == -1) { - if (!pkey || !pkey->ameth) - return NULL; - id = pkey->ameth->pkey_id; + if (pkey == NULL) + return 0; + id = pkey->type; } #ifndef OPENSSL_NO_ENGINE if (e == NULL && pkey != NULL) @@ -105,7 +127,6 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) * If an ENGINE handled this method look it up. Otherwise use internal * tables. */ - if (e) pmeth = ENGINE_get_pkey_meth(e, id); else @@ -132,7 +153,7 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) ret->pmeth = pmeth; ret->operation = EVP_PKEY_OP_UNDEFINED; ret->pkey = pkey; - if (pkey) + if (pkey != NULL) EVP_PKEY_up_ref(pkey); if (pmeth->init) { @@ -209,6 +230,8 @@ void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src) dst->ctrl = src->ctrl; dst->ctrl_str = src->ctrl_str; + + dst->check = src->check; } void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth) @@ -277,7 +300,7 @@ int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth) { if (app_pkey_methods == NULL) { app_pkey_methods = sk_EVP_PKEY_METHOD_new(pmeth_cmp); - if (app_pkey_methods == NULL) { + if (app_pkey_methods == NULL){ EVPerr(EVP_F_EVP_PKEY_METH_ADD0, ERR_R_MALLOC_FAILURE); return 0; } @@ -290,6 +313,42 @@ int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth) return 1; } +void evp_app_cleanup_int(void) +{ + if (app_pkey_methods != NULL) + sk_EVP_PKEY_METHOD_pop_free(app_pkey_methods, EVP_PKEY_meth_free); +} + +int EVP_PKEY_meth_remove(const EVP_PKEY_METHOD *pmeth) +{ + const EVP_PKEY_METHOD *ret; + + ret = sk_EVP_PKEY_METHOD_delete_ptr(app_pkey_methods, pmeth); + + return ret == NULL ? 0 : 1; +} + +size_t EVP_PKEY_meth_get_count(void) +{ + size_t rv = OSSL_NELEM(standard_methods); + + if (app_pkey_methods) + rv += sk_EVP_PKEY_METHOD_num(app_pkey_methods); + return rv; +} + +const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx) +{ + if (idx < OSSL_NELEM(standard_methods)) + return standard_methods[idx]; + if (app_pkey_methods == NULL) + return NULL; + idx -= OSSL_NELEM(standard_methods); + if (idx >= (size_t)sk_EVP_PKEY_METHOD_num(app_pkey_methods)) + return NULL; + return sk_EVP_PKEY_METHOD_value(app_pkey_methods, idx); +} + void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx) { if (ctx == NULL) @@ -308,6 +367,7 @@ int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, int cmd, int p1, void *p2) { int ret; + if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl) { EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED); return -2; @@ -315,6 +375,10 @@ int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, if ((keytype != -1) && (ctx->pmeth->pkey_id != keytype)) return -1; + /* Skip the operation checks since this is called in a very early stage */ + if (ctx->pmeth->digest_custom != NULL) + goto doit; + if (ctx->operation == EVP_PKEY_OP_UNDEFINED) { EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_NO_OPERATION_SET); return -1; @@ -325,13 +389,19 @@ int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, return -1; } + doit: ret = ctx->pmeth->ctrl(ctx, cmd, p1, p2); if (ret == -2) EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED); return ret; +} +int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype, + int cmd, uint64_t value) +{ + return EVP_PKEY_CTX_ctrl(ctx, keytype, optype, cmd, 0, &value); } int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, @@ -341,14 +411,9 @@ int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR, EVP_R_COMMAND_NOT_SUPPORTED); return -2; } - if (strcmp(name, "digest") == 0) { - const EVP_MD *md; - if (value == NULL || (md = EVP_get_digestbyname(value)) == NULL) { - EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR, EVP_R_INVALID_DIGEST); - return 0; - } - return EVP_PKEY_CTX_set_signature_md(ctx, md); - } + if (strcmp(name, "digest") == 0) + return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_TYPE_SIG, EVP_PKEY_CTRL_MD, + value); return ctx->pmeth->ctrl_str(ctx, name, value); } @@ -379,6 +444,18 @@ int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex) return rv; } +/* Pass a message digest to a ctrl */ +int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md) +{ + const EVP_MD *m; + + if (md == NULL || (m = EVP_get_digestbyname(md)) == NULL) { + EVPerr(EVP_F_EVP_PKEY_CTX_MD, EVP_R_INVALID_DIGEST); + return 0; + } + return EVP_PKEY_CTX_ctrl(ctx, -1, optype, cmd, 0, (void *)m); +} + int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx) { return ctx->operation; @@ -565,6 +642,31 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, pmeth->ctrl_str = ctrl_str; } +void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, + int (*check) (EVP_PKEY *pkey)) +{ + pmeth->check = check; +} + +void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth, + int (*check) (EVP_PKEY *pkey)) +{ + pmeth->public_check = check; +} + +void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth, + int (*check) (EVP_PKEY *pkey)) +{ + pmeth->param_check = check; +} + +void EVP_PKEY_meth_set_digest_custom(EVP_PKEY_METHOD *pmeth, + int (*digest_custom) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx)) +{ + pmeth->digest_custom = digest_custom; +} + void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD *pmeth, int (**pinit) (EVP_PKEY_CTX *ctx)) { @@ -731,3 +833,32 @@ void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth, if (pctrl_str) *pctrl_str = pmeth->ctrl_str; } + +void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth, + int (**pcheck) (EVP_PKEY *pkey)) +{ + if (pcheck != NULL) + *pcheck = pmeth->check; +} + +void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD *pmeth, + int (**pcheck) (EVP_PKEY *pkey)) +{ + if (pcheck != NULL) + *pcheck = pmeth->public_check; +} + +void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth, + int (**pcheck) (EVP_PKEY *pkey)) +{ + if (pcheck != NULL) + *pcheck = pmeth->param_check; +} + +void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD *pmeth, + int (**pdigest_custom) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx)) +{ + if (pdigest_custom != NULL) + *pdigest_custom = pmeth->digest_custom; +} diff --git a/deps/openssl/openssl/crypto/ex_data.c b/deps/openssl/openssl/crypto/ex_data.c index 6e3072f2a9480c..08dc7c40734dec 100644 --- a/deps/openssl/openssl/crypto/ex_data.c +++ b/deps/openssl/openssl/crypto/ex_data.c @@ -9,7 +9,6 @@ #include "internal/cryptlib_int.h" #include "internal/thread_once.h" -#include /* * Each structure type (sometimes called a class), that supports diff --git a/deps/openssl/openssl/crypto/hmac/hm_ameth.c b/deps/openssl/openssl/crypto/hmac/hm_ameth.c index 78ae0ea63a867c..fa204e9068e402 100644 --- a/deps/openssl/openssl/crypto/hmac/hm_ameth.c +++ b/deps/openssl/openssl/crypto/hmac/hm_ameth.c @@ -1,5 +1,5 @@ /* - * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,8 +11,7 @@ #include "internal/cryptlib.h" #include #include "internal/asn1_int.h" - -#define HMAC_TEST_PRIVATE_KEY_FORMAT +#include "internal/evp_int.h" /* * HMAC "ASN1" method. This is just here to indicate the maximum HMAC output @@ -51,52 +50,46 @@ static int hmac_pkey_public_cmp(const EVP_PKEY *a, const EVP_PKEY *b) return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b)); } -#ifdef HMAC_TEST_PRIVATE_KEY_FORMAT -/* - * A bogus private key format for test purposes. This is simply the HMAC key - * with "HMAC PRIVATE KEY" in the headers. When enabled the genpkey utility - * can be used to "generate" HMAC keys. - */ - -static int old_hmac_decode(EVP_PKEY *pkey, - const unsigned char **pder, int derlen) +static int hmac_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv, + size_t len) { ASN1_OCTET_STRING *os; + + if (pkey->pkey.ptr != NULL) + return 0; + os = ASN1_OCTET_STRING_new(); - if (os == NULL || !ASN1_OCTET_STRING_set(os, *pder, derlen)) - goto err; - if (!EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, os)) - goto err; - return 1; + if (os == NULL) + return 0; + + + if (!ASN1_OCTET_STRING_set(os, priv, len)) { + ASN1_OCTET_STRING_free(os); + return 0; + } - err: - ASN1_OCTET_STRING_free(os); - return 0; + pkey->pkey.ptr = os; + return 1; } -static int old_hmac_encode(const EVP_PKEY *pkey, unsigned char **pder) +static int hmac_get_priv_key(const EVP_PKEY *pkey, unsigned char *priv, + size_t *len) { - int inc; - ASN1_OCTET_STRING *os = EVP_PKEY_get0(pkey); - if (pder) { - if (!*pder) { - *pder = OPENSSL_malloc(os->length); - if (*pder == NULL) - return -1; - inc = 0; - } else - inc = 1; - - memcpy(*pder, os->data, os->length); - - if (inc) - *pder += os->length; + ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING *)pkey->pkey.ptr; + + if (priv == NULL) { + *len = ASN1_STRING_length(os); + return 1; } - return os->length; -} + if (os == NULL || *len < (size_t)ASN1_STRING_length(os)) + return 0; -#endif + *len = ASN1_STRING_length(os); + memcpy(priv, ASN1_STRING_get0_data(os), *len); + + return 1; +} const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = { EVP_PKEY_HMAC, @@ -116,10 +109,19 @@ const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = { hmac_key_free, hmac_pkey_ctrl, -#ifdef HMAC_TEST_PRIVATE_KEY_FORMAT - old_hmac_decode, - old_hmac_encode -#else - 0, 0 -#endif + NULL, + NULL, + + NULL, + NULL, + NULL, + + NULL, + NULL, + NULL, + + hmac_set_priv_key, + NULL, + hmac_get_priv_key, + NULL, }; diff --git a/deps/openssl/openssl/crypto/hmac/hm_pmeth.c b/deps/openssl/openssl/crypto/hmac/hm_pmeth.c index 5b98477f9cfc3c..55dd27d63b5ce5 100644 --- a/deps/openssl/openssl/crypto/hmac/hm_pmeth.c +++ b/deps/openssl/openssl/crypto/hmac/hm_pmeth.c @@ -1,5 +1,5 @@ /* - * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,6 +13,7 @@ #include #include #include +#include #include "internal/evp_int.h" /* HMAC pkey context structure */ @@ -27,9 +28,10 @@ static int pkey_hmac_init(EVP_PKEY_CTX *ctx) { HMAC_PKEY_CTX *hctx; - hctx = OPENSSL_zalloc(sizeof(*hctx)); - if (hctx == NULL) + if ((hctx = OPENSSL_zalloc(sizeof(*hctx))) == NULL) { + CRYPTOerr(CRYPTO_F_PKEY_HMAC_INIT, ERR_R_MALLOC_FAILURE); return 0; + } hctx->ktmp.type = V_ASN1_OCTET_STRING; hctx->ctx = HMAC_CTX_new(); if (hctx->ctx == NULL) { diff --git a/deps/openssl/openssl/crypto/hmac/hmac.c b/deps/openssl/openssl/crypto/hmac/hmac.c index 3374105cbb9412..e4031b44a576c6 100644 --- a/deps/openssl/openssl/crypto/hmac/hmac.c +++ b/deps/openssl/openssl/crypto/hmac/hmac.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -18,8 +18,9 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md, ENGINE *impl) { + int rv = 0; int i, j, reset = 0; - unsigned char pad[HMAC_MAX_MD_CBLOCK]; + unsigned char pad[HMAC_MAX_MD_CBLOCK_SIZE]; /* If we are changing MD then we must have a key */ if (md != NULL && md != ctx->md && (key == NULL || len < 0)) @@ -37,46 +38,45 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, if (key != NULL) { reset = 1; j = EVP_MD_block_size(md); - OPENSSL_assert(j <= (int)sizeof(ctx->key)); + if (!ossl_assert(j <= (int)sizeof(ctx->key))) + return 0; if (j < len) { - if (!EVP_DigestInit_ex(ctx->md_ctx, md, impl)) - goto err; - if (!EVP_DigestUpdate(ctx->md_ctx, key, len)) - goto err; - if (!EVP_DigestFinal_ex(ctx->md_ctx, ctx->key, - &ctx->key_length)) - goto err; + if (!EVP_DigestInit_ex(ctx->md_ctx, md, impl) + || !EVP_DigestUpdate(ctx->md_ctx, key, len) + || !EVP_DigestFinal_ex(ctx->md_ctx, ctx->key, + &ctx->key_length)) + return 0; } else { if (len < 0 || len > (int)sizeof(ctx->key)) return 0; memcpy(ctx->key, key, len); ctx->key_length = len; } - if (ctx->key_length != HMAC_MAX_MD_CBLOCK) + if (ctx->key_length != HMAC_MAX_MD_CBLOCK_SIZE) memset(&ctx->key[ctx->key_length], 0, - HMAC_MAX_MD_CBLOCK - ctx->key_length); + HMAC_MAX_MD_CBLOCK_SIZE - ctx->key_length); } if (reset) { - for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++) + for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++) pad[i] = 0x36 ^ ctx->key[i]; - if (!EVP_DigestInit_ex(ctx->i_ctx, md, impl)) - goto err; - if (!EVP_DigestUpdate(ctx->i_ctx, pad, EVP_MD_block_size(md))) + if (!EVP_DigestInit_ex(ctx->i_ctx, md, impl) + || !EVP_DigestUpdate(ctx->i_ctx, pad, EVP_MD_block_size(md))) goto err; - for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++) + for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++) pad[i] = 0x5c ^ ctx->key[i]; - if (!EVP_DigestInit_ex(ctx->o_ctx, md, impl)) - goto err; - if (!EVP_DigestUpdate(ctx->o_ctx, pad, EVP_MD_block_size(md))) + if (!EVP_DigestInit_ex(ctx->o_ctx, md, impl) + || !EVP_DigestUpdate(ctx->o_ctx, pad, EVP_MD_block_size(md))) goto err; } if (!EVP_MD_CTX_copy_ex(ctx->md_ctx, ctx->i_ctx)) goto err; - return 1; + rv = 1; err: - return 0; + if (reset) + OPENSSL_cleanse(pad, sizeof(pad)); + return rv; } #if OPENSSL_API_COMPAT < 0x10100000L @@ -118,7 +118,9 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) size_t HMAC_size(const HMAC_CTX *ctx) { - return EVP_MD_size((ctx)->md); + int size = EVP_MD_size((ctx)->md); + + return (size < 0) ? 0 : size; } HMAC_CTX *HMAC_CTX_new(void) @@ -155,31 +157,36 @@ void HMAC_CTX_free(HMAC_CTX *ctx) } } -int HMAC_CTX_reset(HMAC_CTX *ctx) +static int hmac_ctx_alloc_mds(HMAC_CTX *ctx) { - hmac_ctx_cleanup(ctx); if (ctx->i_ctx == NULL) ctx->i_ctx = EVP_MD_CTX_new(); if (ctx->i_ctx == NULL) - goto err; + return 0; if (ctx->o_ctx == NULL) ctx->o_ctx = EVP_MD_CTX_new(); if (ctx->o_ctx == NULL) - goto err; + return 0; if (ctx->md_ctx == NULL) ctx->md_ctx = EVP_MD_CTX_new(); if (ctx->md_ctx == NULL) - goto err; - ctx->md = NULL; + return 0; return 1; - err: +} + +int HMAC_CTX_reset(HMAC_CTX *ctx) +{ hmac_ctx_cleanup(ctx); - return 0; + if (!hmac_ctx_alloc_mds(ctx)) { + hmac_ctx_cleanup(ctx); + return 0; + } + return 1; } int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx) { - if (!HMAC_CTX_reset(dctx)) + if (!hmac_ctx_alloc_mds(dctx)) goto err; if (!EVP_MD_CTX_copy_ex(dctx->i_ctx, sctx->i_ctx)) goto err; @@ -187,7 +194,7 @@ int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx) goto err; if (!EVP_MD_CTX_copy_ex(dctx->md_ctx, sctx->md_ctx)) goto err; - memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK); + memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK_SIZE); dctx->key_length = sctx->key_length; dctx->md = sctx->md; return 1; diff --git a/deps/openssl/openssl/crypto/hmac/hmac_lcl.h b/deps/openssl/openssl/crypto/hmac/hmac_lcl.h index 4c156dc126c229..8fd8345694a26b 100644 --- a/deps/openssl/openssl/crypto/hmac/hmac_lcl.h +++ b/deps/openssl/openssl/crypto/hmac/hmac_lcl.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,12 +10,8 @@ #ifndef HEADER_HMAC_LCL_H # define HEADER_HMAC_LCL_H -#ifdef __cplusplus -extern "C" { -#endif -#if 0 /* emacs indentation fix */ -} -#endif +/* The current largest case is for SHA3-224 */ +#define HMAC_MAX_MD_CBLOCK_SIZE 144 struct hmac_ctx_st { const EVP_MD *md; @@ -23,11 +19,7 @@ struct hmac_ctx_st { EVP_MD_CTX *i_ctx; EVP_MD_CTX *o_ctx; unsigned int key_length; - unsigned char key[HMAC_MAX_MD_CBLOCK]; + unsigned char key[HMAC_MAX_MD_CBLOCK_SIZE]; }; -#ifdef __cplusplus -} /* extern "C" */ -#endif - #endif diff --git a/deps/openssl/openssl/crypto/idea/i_ecb.c b/deps/openssl/openssl/crypto/idea/i_ecb.c index 2208287e321635..058d0c14c005ab 100644 --- a/deps/openssl/openssl/crypto/idea/i_ecb.c +++ b/deps/openssl/openssl/crypto/idea/i_ecb.c @@ -13,7 +13,7 @@ const char *IDEA_options(void) { - return ("idea(int)"); + return "idea(int)"; } void IDEA_ecb_encrypt(const unsigned char *in, unsigned char *out, diff --git a/deps/openssl/openssl/crypto/idea/i_skey.c b/deps/openssl/openssl/crypto/idea/i_skey.c index 02853246dca4f2..9d9145580fcf21 100644 --- a/deps/openssl/openssl/crypto/idea/i_skey.c +++ b/deps/openssl/openssl/crypto/idea/i_skey.c @@ -108,5 +108,5 @@ static IDEA_INT inverse(unsigned int xin) } } while (r != 0); } - return ((IDEA_INT) b2); + return (IDEA_INT)b2; } diff --git a/deps/openssl/openssl/crypto/idea/idea_lcl.h b/deps/openssl/openssl/crypto/idea/idea_lcl.h index 825d00066d7eaa..50f81dfd8dee60 100644 --- a/deps/openssl/openssl/crypto/idea/idea_lcl.h +++ b/deps/openssl/openssl/crypto/idea/idea_lcl.h @@ -7,11 +7,6 @@ * https://www.openssl.org/source/license.html */ -/* - * The new form of this macro (check if the a*b == 0) was suggested by Colin - * Plumb - */ -/* Removal of the inner if from from Wei Dai 24/4/96 */ #define idea_mul(r,a,b,ul) \ ul=(unsigned long)a*b; \ if (ul != 0) \ @@ -22,16 +17,6 @@ if (ul != 0) \ else \ r=(-(int)a-b+1); /* assuming a or b is 0 and in range */ -/* - * 7/12/95 - Many thanks to Rhys Weatherley for - * pointing out that I was assuming little endian byte order for all - * quantities what idea actually used bigendian. No where in the spec does - * it mention this, it is all in terms of 16 bit numbers and even the example - * does not use byte streams for the input example :-(. If you byte swap each - * pair of input, keys and iv, the functions would produce the output as the - * old version :-(. - */ - /* NOTE - c is not incremented as per n2l */ #define n2ln(c,l1,l2,n) { \ c+=n; \ diff --git a/deps/openssl/openssl/crypto/include/internal/__DECC_INCLUDE_EPILOGUE.H b/deps/openssl/openssl/crypto/include/internal/__DECC_INCLUDE_EPILOGUE.H index 5f63860808b6d2..c350018ad19067 100644 --- a/deps/openssl/openssl/crypto/include/internal/__DECC_INCLUDE_EPILOGUE.H +++ b/deps/openssl/openssl/crypto/include/internal/__DECC_INCLUDE_EPILOGUE.H @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/crypto/include/internal/__DECC_INCLUDE_PROLOGUE.H b/deps/openssl/openssl/crypto/include/internal/__DECC_INCLUDE_PROLOGUE.H index 78b2a87d886831..9a9c777f93f8a0 100644 --- a/deps/openssl/openssl/crypto/include/internal/__DECC_INCLUDE_PROLOGUE.H +++ b/deps/openssl/openssl/crypto/include/internal/__DECC_INCLUDE_PROLOGUE.H @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/crypto/include/internal/aria.h b/deps/openssl/openssl/crypto/include/internal/aria.h new file mode 100644 index 00000000000000..355abe5398059b --- /dev/null +++ b/deps/openssl/openssl/crypto/include/internal/aria.h @@ -0,0 +1,50 @@ +/* + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + + /* Copyright (c) 2017 National Security Research Institute. All rights reserved. */ + +#ifndef HEADER_ARIA_H +# define HEADER_ARIA_H + +# include + +# ifdef OPENSSL_NO_ARIA +# error ARIA is disabled. +# endif + +# define ARIA_ENCRYPT 1 +# define ARIA_DECRYPT 0 + +# define ARIA_BLOCK_SIZE 16 /* Size of each encryption/decryption block */ +# define ARIA_MAX_KEYS 17 /* Number of keys needed in the worst case */ + +typedef union { + unsigned char c[ARIA_BLOCK_SIZE]; + unsigned int u[ARIA_BLOCK_SIZE / sizeof(unsigned int)]; +} ARIA_u128; + +typedef unsigned char ARIA_c128[ARIA_BLOCK_SIZE]; + +struct aria_key_st { + ARIA_u128 rd_key[ARIA_MAX_KEYS]; + unsigned int rounds; +}; +typedef struct aria_key_st ARIA_KEY; + + +int aria_set_encrypt_key(const unsigned char *userKey, const int bits, + ARIA_KEY *key); +int aria_set_decrypt_key(const unsigned char *userKey, const int bits, + ARIA_KEY *key); + +void aria_encrypt(const unsigned char *in, unsigned char *out, + const ARIA_KEY *key); + +#endif diff --git a/deps/openssl/openssl/crypto/include/internal/asn1_int.h b/deps/openssl/openssl/crypto/include/internal/asn1_int.h index ba9c062702c545..9c9b4d897456ab 100644 --- a/deps/openssl/openssl/crypto/include/internal/asn1_int.h +++ b/deps/openssl/openssl/crypto/include/internal/asn1_int.h @@ -52,6 +52,17 @@ struct evp_pkey_asn1_method_st { int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, X509_ALGOR *alg1, X509_ALGOR *alg2, ASN1_BIT_STRING *sig); + int (*siginf_set) (X509_SIG_INFO *siginf, const X509_ALGOR *alg, + const ASN1_STRING *sig); + /* Check */ + int (*pkey_check) (const EVP_PKEY *pk); + int (*pkey_public_check) (const EVP_PKEY *pk); + int (*pkey_param_check) (const EVP_PKEY *pk); + /* Get/set raw private/public key data */ + int (*set_priv_key) (EVP_PKEY *pk, const unsigned char *priv, size_t len); + int (*set_pub_key) (EVP_PKEY *pk, const unsigned char *pub, size_t len); + int (*get_priv_key) (const EVP_PKEY *pk, unsigned char *priv, size_t *len); + int (*get_pub_key) (const EVP_PKEY *pk, unsigned char *pub, size_t *len); } /* EVP_PKEY_ASN1_METHOD */ ; DEFINE_STACK_OF_CONST(EVP_PKEY_ASN1_METHOD) @@ -62,8 +73,16 @@ extern const EVP_PKEY_ASN1_METHOD dhx_asn1_meth; extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[5]; extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth; extern const EVP_PKEY_ASN1_METHOD ecx25519_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD ecx448_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD ed448_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD sm2_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD poly1305_asn1_meth; + extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth; extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2]; +extern const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD siphash_asn1_meth; /* * These are used internally in the ASN1_OBJECT to keep track of whether the @@ -90,3 +109,5 @@ struct asn1_pctx_st { unsigned long oid_flags; unsigned long str_flags; } /* ASN1_PCTX */ ; + +int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb); diff --git a/deps/openssl/openssl/crypto/include/internal/bn_conf.h b/deps/openssl/openssl/crypto/include/internal/bn_conf.h deleted file mode 100644 index 79400c6472a49c..00000000000000 --- a/deps/openssl/openssl/crypto/include/internal/bn_conf.h +++ /dev/null @@ -1 +0,0 @@ -#include "../../../config/bn_conf.h" diff --git a/deps/openssl/openssl/crypto/include/internal/bn_dh.h b/deps/openssl/openssl/crypto/include/internal/bn_dh.h index f49f039835b3da..70ebca28753c24 100644 --- a/deps/openssl/openssl/crypto/include/internal/bn_dh.h +++ b/deps/openssl/openssl/crypto/include/internal/bn_dh.h @@ -15,3 +15,10 @@ declare_dh_bn(1024_160) declare_dh_bn(2048_224) declare_dh_bn(2048_256) + +extern const BIGNUM _bignum_ffdhe2048_p; +extern const BIGNUM _bignum_ffdhe3072_p; +extern const BIGNUM _bignum_ffdhe4096_p; +extern const BIGNUM _bignum_ffdhe6144_p; +extern const BIGNUM _bignum_ffdhe8192_p; +extern const BIGNUM _bignum_const_2; diff --git a/deps/openssl/openssl/crypto/include/internal/bn_int.h b/deps/openssl/openssl/crypto/include/internal/bn_int.h index 2be7fdd0d30f8d..cffe5cfc16507e 100644 --- a/deps/openssl/openssl/crypto/include/internal/bn_int.h +++ b/deps/openssl/openssl/crypto/include/internal/bn_int.h @@ -13,10 +13,6 @@ # include # include -#ifdef __cplusplus -extern "C" { -#endif - BIGNUM *bn_wexpand(BIGNUM *a, int words); BIGNUM *bn_expand2(BIGNUM *a, int words); @@ -34,8 +30,6 @@ signed char *bn_compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len); int bn_get_top(const BIGNUM *a); -void bn_set_top(BIGNUM *a, int top); - int bn_get_dmax(const BIGNUM *a); /* Set all words to zero */ @@ -66,14 +60,6 @@ void bn_set_static_words(BIGNUM *a, const BN_ULONG *words, int size); */ int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words); -size_t bn_sizeof_BIGNUM(void); - -/* - * Return element el from an array of BIGNUMs starting at base (required - * because callers do not know the size of BIGNUM at compilation time) - */ -BIGNUM *bn_array_el(BIGNUM *base, int el); - /* * Some BIGNUM functions assume most significant limb to be non-zero, which * is customarily arranged by bn_correct_top. Output from below functions @@ -94,8 +80,4 @@ int bn_mod_sub_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, int bn_mul_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); int bn_sqr_fixed_top(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); -#ifdef __cplusplus -} -#endif - #endif diff --git a/deps/openssl/openssl/crypto/include/internal/chacha.h b/deps/openssl/openssl/crypto/include/internal/chacha.h index 7d4366ea253381..67243f22280166 100644 --- a/deps/openssl/openssl/crypto/include/internal/chacha.h +++ b/deps/openssl/openssl/crypto/include/internal/chacha.h @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,10 +12,6 @@ #include -#ifdef __cplusplus -extern "C" { -#endif - /* * ChaCha20_ctr32 encrypts |len| bytes from |inp| with the given key and * nonce and writes the result to |out|, which may be equal to |inp|. @@ -43,7 +39,4 @@ void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp, #define CHACHA_CTR_SIZE 16 #define CHACHA_BLK_SIZE 64 -#ifdef __cplusplus -} -#endif #endif diff --git a/deps/openssl/openssl/crypto/include/internal/cryptlib_int.h b/deps/openssl/openssl/crypto/include/internal/cryptlib_int.h index ceeb63ddd0d68a..38b5dac9a364c0 100644 --- a/deps/openssl/openssl/crypto/include/internal/cryptlib_int.h +++ b/deps/openssl/openssl/crypto/include/internal/cryptlib_int.h @@ -7,13 +7,14 @@ * https://www.openssl.org/source/license.html */ -#include +#include "internal/cryptlib.h" /* This file is not scanned by mkdef.pl, whereas cryptlib.h is */ struct thread_local_inits_st { int async; int err_state; + int rand; }; int ossl_init_thread_start(uint64_t opts); @@ -29,4 +30,6 @@ int ossl_init_thread_start(uint64_t opts); /* OPENSSL_INIT_THREAD flags */ # define OPENSSL_INIT_THREAD_ASYNC 0x01 # define OPENSSL_INIT_THREAD_ERR_STATE 0x02 +# define OPENSSL_INIT_THREAD_RAND 0x04 +void ossl_malloc_setup_failures(void); diff --git a/deps/openssl/openssl/crypto/include/internal/ctype.h b/deps/openssl/openssl/crypto/include/internal/ctype.h new file mode 100644 index 00000000000000..a35b12bfbff654 --- /dev/null +++ b/deps/openssl/openssl/crypto/include/internal/ctype.h @@ -0,0 +1,80 @@ +/* + * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * This version of ctype.h provides a standardised and platform + * independent implementation that supports seven bit ASCII characters. + * The specific intent is to not pass extended ASCII characters (> 127) + * even if the host operating system would. + * + * There is EBCDIC support included for machines which use this. However, + * there are a number of concerns about how well EBCDIC is supported + * throughout the rest of the source code. Refer to issue #4154 for + * details. + */ +#ifndef INTERNAL_CTYPE_H +# define INTERNAL_CTYPE_H + +# define CTYPE_MASK_lower 0x1 +# define CTYPE_MASK_upper 0x2 +# define CTYPE_MASK_digit 0x4 +# define CTYPE_MASK_space 0x8 +# define CTYPE_MASK_xdigit 0x10 +# define CTYPE_MASK_blank 0x20 +# define CTYPE_MASK_cntrl 0x40 +# define CTYPE_MASK_graph 0x80 +# define CTYPE_MASK_print 0x100 +# define CTYPE_MASK_punct 0x200 +# define CTYPE_MASK_base64 0x400 +# define CTYPE_MASK_asn1print 0x800 + +# define CTYPE_MASK_alpha (CTYPE_MASK_lower | CTYPE_MASK_upper) +# define CTYPE_MASK_alnum (CTYPE_MASK_alpha | CTYPE_MASK_digit) + +/* + * The ascii mask assumes that any other classification implies that + * the character is ASCII and that there are no ASCII characters + * that aren't in any of the classifications. + * + * This assumption holds at the moment, but it might not in the future. + */ +# define CTYPE_MASK_ascii (~0) + +# ifdef CHARSET_EBCDIC +int ossl_toascii(int c); +int ossl_fromascii(int c); +# else +# define ossl_toascii(c) (c) +# define ossl_fromascii(c) (c) +# endif +int ossl_ctype_check(int c, unsigned int mask); +int ossl_tolower(int c); +int ossl_toupper(int c); + +# define ossl_isalnum(c) (ossl_ctype_check((c), CTYPE_MASK_alnum)) +# define ossl_isalpha(c) (ossl_ctype_check((c), CTYPE_MASK_alpha)) +# ifdef CHARSET_EBCDIC +# define ossl_isascii(c) (ossl_ctype_check((c), CTYPE_MASK_ascii)) +# else +# define ossl_isascii(c) (((c) & ~127) == 0) +# endif +# define ossl_isblank(c) (ossl_ctype_check((c), CTYPE_MASK_blank)) +# define ossl_iscntrl(c) (ossl_ctype_check((c), CTYPE_MASK_cntrl)) +# define ossl_isdigit(c) (ossl_ctype_check((c), CTYPE_MASK_digit)) +# define ossl_isgraph(c) (ossl_ctype_check((c), CTYPE_MASK_graph)) +# define ossl_islower(c) (ossl_ctype_check((c), CTYPE_MASK_lower)) +# define ossl_isprint(c) (ossl_ctype_check((c), CTYPE_MASK_print)) +# define ossl_ispunct(c) (ossl_ctype_check((c), CTYPE_MASK_punct)) +# define ossl_isspace(c) (ossl_ctype_check((c), CTYPE_MASK_space)) +# define ossl_isupper(c) (ossl_ctype_check((c), CTYPE_MASK_upper)) +# define ossl_isxdigit(c) (ossl_ctype_check((c), CTYPE_MASK_xdigit)) +# define ossl_isbase64(c) (ossl_ctype_check((c), CTYPE_MASK_base64)) +# define ossl_isasn1print(c) (ossl_ctype_check((c), CTYPE_MASK_asn1print)) + +#endif diff --git a/deps/openssl/openssl/crypto/include/internal/dso_conf.h b/deps/openssl/openssl/crypto/include/internal/dso_conf.h deleted file mode 100644 index e7f2afa9872320..00000000000000 --- a/deps/openssl/openssl/crypto/include/internal/dso_conf.h +++ /dev/null @@ -1 +0,0 @@ -#include "../../../config/dso_conf.h" diff --git a/deps/openssl/openssl/crypto/include/internal/dso_conf.h.in b/deps/openssl/openssl/crypto/include/internal/dso_conf.h.in index daa5e247a39130..d6e9d1b1baae18 100644 --- a/deps/openssl/openssl/crypto/include/internal/dso_conf.h.in +++ b/deps/openssl/openssl/crypto/include/internal/dso_conf.h.in @@ -1,6 +1,6 @@ {- join("\n",map { "/* $_ */" } @autowarntext) -} /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,6 +10,21 @@ #ifndef HEADER_DSO_CONF_H # define HEADER_DSO_CONF_H - +{- output_off() if $disabled{dso} -} +{- # The DSO code currently always implements all functions so that no + # applications will have to worry about that from a compilation point + # of view. However, the "method"s may return zero unless that platform + # has support compiled in for them. Currently each method is enabled + # by a define "DSO_" ... we translate the "dso_scheme" config + # string entry into using the following logic; + my $scheme = uc $target{dso_scheme}; + my @macros = ( "DSO_$scheme" ); + if ($scheme eq 'DLFCN') { + @macros = ( "DSO_DLFCN", "HAVE_DLFCN_H" ); + } elsif ($scheme eq "DLFCN_NO_H") { + @macros = ( "DSO_DLFCN" ); + } + join("\n", map { "# define $_" } @macros); -} # define DSO_EXTENSION "{- $target{dso_extension} -}" +{- output_on() if $disabled{dso} -} #endif diff --git a/deps/openssl/openssl/crypto/include/internal/ec_int.h b/deps/openssl/openssl/crypto/include/internal/ec_int.h new file mode 100644 index 00000000000000..182c39cc80566e --- /dev/null +++ b/deps/openssl/openssl/crypto/include/internal/ec_int.h @@ -0,0 +1,53 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Internal EC functions for other submodules: not for application use */ + +#ifndef HEADER_OSSL_EC_INTERNAL_H +# define HEADER_OSSL_EC_INTERNAL_H +# include + +# ifndef OPENSSL_NO_EC + +# include + +/*- + * Computes the multiplicative inverse of x in the range + * [1,EC_GROUP::order), where EC_GROUP::order is the cardinality of the + * subgroup generated by the generator G: + * + * res := x^(-1) (mod EC_GROUP::order). + * + * This function expects the following two conditions to hold: + * - the EC_GROUP order is prime, and + * - x is included in the range [1, EC_GROUP::order). + * + * This function returns 1 on success, 0 on error. + * + * If the EC_GROUP order is even, this function explicitly returns 0 as + * an error. + * In case any of the two conditions stated above is not satisfied, + * the correctness of its output is not guaranteed, even if the return + * value could still be 1 (as primality testing and a conditional modular + * reduction round on the input can be omitted by the underlying + * implementations for better SCA properties on regular input values). + */ +__owur int ec_group_do_inverse_ord(const EC_GROUP *group, BIGNUM *res, + const BIGNUM *x, BN_CTX *ctx); + +/*- + * ECDH Key Derivation Function as defined in ANSI X9.63 + */ +int ecdh_KDF_X9_63(unsigned char *out, size_t outlen, + const unsigned char *Z, size_t Zlen, + const unsigned char *sinfo, size_t sinfolen, + const EVP_MD *md); + +# endif /* OPENSSL_NO_EC */ +#endif diff --git a/deps/openssl/openssl/crypto/include/internal/engine.h b/deps/openssl/openssl/crypto/include/internal/engine.h index 977cf06d434f11..f80ae3ec30c93d 100644 --- a/deps/openssl/openssl/crypto/include/internal/engine.h +++ b/deps/openssl/openssl/crypto/include/internal/engine.h @@ -10,7 +10,7 @@ #include void engine_load_openssl_int(void); -void engine_load_cryptodev_int(void); +void engine_load_devcrypto_int(void); void engine_load_rdrand_int(void); void engine_load_dynamic_int(void); void engine_load_padlock_int(void); diff --git a/deps/openssl/openssl/crypto/include/internal/evp_int.h b/deps/openssl/openssl/crypto/include/internal/evp_int.h index f34699bfa86a8c..d86aed36f075a6 100644 --- a/deps/openssl/openssl/crypto/include/internal/evp_int.h +++ b/deps/openssl/openssl/crypto/include/internal/evp_int.h @@ -7,6 +7,15 @@ * https://www.openssl.org/source/license.html */ +#include +#include "internal/refcount.h" + +/* + * Don't free up md_ctx->pctx in EVP_MD_CTX_reset, use the reserved flag + * values in evp.h + */ +#define EVP_MD_CTX_FLAG_KEEP_PKEY_CTX 0x0400 + struct evp_pkey_ctx_st { /* Method associated with this operation */ const EVP_PKEY_METHOD *pmeth; @@ -68,6 +77,16 @@ struct evp_pkey_method_st { int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2); int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value); + int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen); + int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen, const unsigned char *tbs, + size_t tbslen); + int (*check) (EVP_PKEY *pkey); + int (*public_check) (EVP_PKEY *pkey); + int (*param_check) (EVP_PKEY *pkey); + + int (*digest_custom) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); } /* EVP_PKEY_METHOD */ ; DEFINE_STACK_OF_CONST(EVP_PKEY_METHOD) @@ -79,11 +98,19 @@ extern const EVP_PKEY_METHOD dh_pkey_meth; extern const EVP_PKEY_METHOD dhx_pkey_meth; extern const EVP_PKEY_METHOD dsa_pkey_meth; extern const EVP_PKEY_METHOD ec_pkey_meth; +extern const EVP_PKEY_METHOD sm2_pkey_meth; extern const EVP_PKEY_METHOD ecx25519_pkey_meth; +extern const EVP_PKEY_METHOD ecx448_pkey_meth; +extern const EVP_PKEY_METHOD ed25519_pkey_meth; +extern const EVP_PKEY_METHOD ed448_pkey_meth; extern const EVP_PKEY_METHOD hmac_pkey_meth; extern const EVP_PKEY_METHOD rsa_pkey_meth; +extern const EVP_PKEY_METHOD rsa_pss_pkey_meth; +extern const EVP_PKEY_METHOD scrypt_pkey_meth; extern const EVP_PKEY_METHOD tls1_prf_pkey_meth; extern const EVP_PKEY_METHOD hkdf_pkey_meth; +extern const EVP_PKEY_METHOD poly1305_pkey_meth; +extern const EVP_PKEY_METHOD siphash_pkey_meth; struct evp_md_st { int type; @@ -346,6 +373,21 @@ const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; } cipher##_init_key, NULL, NULL, NULL, NULL) +# ifndef OPENSSL_NO_EC + +#define X25519_KEYLEN 32 +#define X448_KEYLEN 56 +#define ED448_KEYLEN 57 + +#define MAX_KEYLEN ED448_KEYLEN + +typedef struct { + unsigned char pubkey[MAX_KEYLEN]; + unsigned char *privkey; +} ECX_KEY; + +#endif + /* * Type needs to be a bit field Sub-type needs to be for variations on the * method, as in, can it do arbitrary encryption.... @@ -353,7 +395,7 @@ const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; } struct evp_pkey_st { int type; int save_type; - int references; + CRYPTO_REF_COUNT references; const EVP_PKEY_ASN1_METHOD *ameth; ENGINE *engine; ENGINE *pmeth_engine; /* If not NULL public key ENGINE to use */ @@ -370,6 +412,7 @@ struct evp_pkey_st { # endif # ifndef OPENSSL_NO_EC struct ec_key_st *ec; /* ECC */ + ECX_KEY *ecx; /* X25519, X448, Ed25519, Ed448 */ # endif } pkey; int save_parameters; @@ -381,10 +424,19 @@ struct evp_pkey_st { void openssl_add_all_ciphers_int(void); void openssl_add_all_digests_int(void); void evp_cleanup_int(void); +void evp_app_cleanup_int(void); -/* Pulling defines out of C soure files */ +/* Pulling defines out of C source files */ #define EVP_RC4_KEY_SIZE 16 #ifndef TLS1_1_VERSION # define TLS1_1_VERSION 0x0302 #endif + +void evp_encode_ctx_set_flags(EVP_ENCODE_CTX *ctx, unsigned int flags); + +/* EVP_ENCODE_CTX flags */ +/* Don't generate new lines when encoding */ +#define EVP_ENCODE_CTX_NO_NEWLINES 1 +/* Use the SRP base64 alphabet instead of the standard one */ +#define EVP_ENCODE_CTX_USE_SRP_ALPHABET 2 diff --git a/deps/openssl/openssl/crypto/include/internal/md32_common.h b/deps/openssl/openssl/crypto/include/internal/md32_common.h index 6e4ce14e99cb10..1124e9c24b2a21 100644 --- a/deps/openssl/openssl/crypto/include/internal/md32_common.h +++ b/deps/openssl/openssl/crypto/include/internal/md32_common.h @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -22,7 +22,7 @@ * HASH_CBLOCK * size of a unit chunk HASH_BLOCK operates on. * HASH_LONG - * has to be at lest 32 bit wide. + * has to be at least 32 bit wide. * HASH_CTX * context structure that at least contains following * members: @@ -48,7 +48,7 @@ * name of "block" function capable of treating *unaligned* input * message in original (data) byte order, implemented externally. * HASH_MAKE_STRING - * macro convering context variables to an ASCII hash string. + * macro converting context variables to an ASCII hash string. * * MD5 example: * @@ -61,8 +61,6 @@ * #define HASH_TRANSFORM MD5_Transform * #define HASH_FINAL MD5_Final * #define HASH_BLOCK_DATA_ORDER md5_block_data_order - * - * */ #include @@ -95,155 +93,36 @@ # error "HASH_BLOCK_DATA_ORDER must be defined!" #endif -/* - * Engage compiler specific rotate intrinsic function if available. - */ -#undef ROTATE -#ifndef PEDANTIC -# if defined(_MSC_VER) -# define ROTATE(a,n) _lrotl(a,n) -# elif defined(__ICC) -# define ROTATE(a,n) _rotl(a,n) -# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) - /* - * Some GNU C inline assembler templates. Note that these are - * rotates by *constant* number of bits! But that's exactly - * what we need here... - * - */ -# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) -# define ROTATE(a,n) ({ register unsigned int ret; \ - asm ( \ - "roll %1,%0" \ - : "=r"(ret) \ - : "I"(n), "0"((unsigned int)(a)) \ - : "cc"); \ - ret; \ - }) -# elif defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \ - defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__) -# define ROTATE(a,n) ({ register unsigned int ret; \ - asm ( \ - "rlwinm %0,%1,%2,0,31" \ - : "=r"(ret) \ - : "r"(a), "I"(n)); \ - ret; \ - }) -# elif defined(__s390x__) -# define ROTATE(a,n) ({ register unsigned int ret; \ - asm ("rll %0,%1,%2" \ - : "=r"(ret) \ - : "r"(a), "I"(n)); \ - ret; \ - }) -# endif -# endif -#endif /* PEDANTIC */ - -#ifndef ROTATE -# define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n)))) -#endif +#define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n)))) #if defined(DATA_ORDER_IS_BIG_ENDIAN) -# ifndef PEDANTIC -# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) -# if ((defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)) || \ - (defined(__x86_64) || defined(__x86_64__)) -# if !defined(B_ENDIAN) - /* - * This gives ~30-40% performance improvement in SHA-256 compiled - * with gcc [on P4]. Well, first macro to be frank. We can pull - * this trick on x86* platforms only, because these CPUs can fetch - * unaligned data without raising an exception. - */ -# define HOST_c2l(c,l) ({ unsigned int r=*((const unsigned int *)(c)); \ - asm ("bswapl %0":"=r"(r):"0"(r)); \ - (c)+=4; (l)=r; }) -# define HOST_l2c(l,c) ({ unsigned int r=(l); \ - asm ("bswapl %0":"=r"(r):"0"(r)); \ - *((unsigned int *)(c))=r; (c)+=4; r; }) -# endif -# elif defined(__aarch64__) -# if defined(__BYTE_ORDER__) -# if defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__ -# define HOST_c2l(c,l) ({ unsigned int r; \ - asm ("rev %w0,%w1" \ - :"=r"(r) \ - :"r"(*((const unsigned int *)(c))));\ - (c)+=4; (l)=r; }) -# define HOST_l2c(l,c) ({ unsigned int r; \ - asm ("rev %w0,%w1" \ - :"=r"(r) \ - :"r"((unsigned int)(l)));\ - *((unsigned int *)(c))=r; (c)+=4; r; }) -# elif defined(__ORDER_BIG_ENDIAN__) && __BYTE_ORDER__==__ORDER_BIG_ENDIAN__ -# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l)) -# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l)) -# endif -# endif -# endif -# endif -# if defined(__s390__) || defined(__s390x__) -# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l)) -# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l)) -# endif -# endif - -# ifndef HOST_c2l -# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \ +# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \ l|=(((unsigned long)(*((c)++)))<<16), \ l|=(((unsigned long)(*((c)++)))<< 8), \ l|=(((unsigned long)(*((c)++))) ) ) -# endif -# ifndef HOST_l2c -# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ +# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ *((c)++)=(unsigned char)(((l)>>16)&0xff), \ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ *((c)++)=(unsigned char)(((l) )&0xff), \ l) -# endif #elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) -# ifndef PEDANTIC -# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) -# if defined(__s390x__) -# define HOST_c2l(c,l) ({ asm ("lrv %0,%1" \ - :"=d"(l) :"m"(*(const unsigned int *)(c)));\ - (c)+=4; (l); }) -# define HOST_l2c(l,c) ({ asm ("strv %1,%0" \ - :"=m"(*(unsigned int *)(c)) :"d"(l));\ - (c)+=4; (l); }) -# endif -# endif -# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) -# ifndef B_ENDIAN - /* See comment in DATA_ORDER_IS_BIG_ENDIAN section. */ -# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, l) -# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, l) -# endif -# endif -# endif - -# ifndef HOST_c2l -# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \ +# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \ l|=(((unsigned long)(*((c)++)))<< 8), \ l|=(((unsigned long)(*((c)++)))<<16), \ l|=(((unsigned long)(*((c)++)))<<24) ) -# endif -# ifndef HOST_l2c -# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ +# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ *((c)++)=(unsigned char)(((l)>>16)&0xff), \ *((c)++)=(unsigned char)(((l)>>24)&0xff), \ l) -# endif #endif /* - * Time for some action:-) + * Time for some action :-) */ int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len) @@ -257,10 +136,6 @@ int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len) return 1; l = (c->Nl + (((HASH_LONG) len) << 3)) & 0xffffffffUL; - /* - * 95-05-24 eay Fixed a bug with the overflow handling, thanks to Wei Dai - * for pointing it out. - */ if (l < c->Nl) /* overflow */ c->Nh++; c->Nh += (HASH_LONG) (len >> 29); /* might cause compiler warning on @@ -368,7 +243,6 @@ int HASH_FINAL(unsigned char *md, HASH_CTX *c) * improvement under SPARC Solaris7/64 and 5% under AlphaLinux. * Well, to be honest it should say that this *prevents* * performance degradation. - * */ # else /* @@ -376,7 +250,6 @@ int HASH_FINAL(unsigned char *md, HASH_CTX *c) * generate better code if MD32_REG_T is defined int. The above * pre-processor condition reflects the circumstances under which * the conclusion was made and is subject to further extension. - * */ # define MD32_REG_T int # endif diff --git a/deps/openssl/openssl/crypto/include/internal/poly1305.h b/deps/openssl/openssl/crypto/include/internal/poly1305.h index 1bc8716fca2763..5fef239d0f8fa3 100644 --- a/deps/openssl/openssl/crypto/include/internal/poly1305.h +++ b/deps/openssl/openssl/crypto/include/internal/poly1305.h @@ -9,7 +9,9 @@ #include -#define POLY1305_BLOCK_SIZE 16 +#define POLY1305_BLOCK_SIZE 16 +#define POLY1305_DIGEST_SIZE 16 +#define POLY1305_KEY_SIZE 32 typedef struct poly1305_context POLY1305; diff --git a/deps/openssl/openssl/crypto/include/internal/rand.h b/deps/openssl/openssl/crypto/include/internal/rand.h deleted file mode 100644 index 30887c4a7cbff0..00000000000000 --- a/deps/openssl/openssl/crypto/include/internal/rand.h +++ /dev/null @@ -1,20 +0,0 @@ -/* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Licensed under the OpenSSL licenses, (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * https://www.openssl.org/source/license.html - * or in the file LICENSE in the source distribution. - */ - -#include - -void rand_cleanup_int(void); diff --git a/deps/openssl/openssl/crypto/include/internal/rand_int.h b/deps/openssl/openssl/crypto/include/internal/rand_int.h new file mode 100644 index 00000000000000..888cab1b8f6644 --- /dev/null +++ b/deps/openssl/openssl/crypto/include/internal/rand_int.h @@ -0,0 +1,134 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Licensed under the OpenSSL licenses, (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * https://www.openssl.org/source/license.html + * or in the file LICENSE in the source distribution. + */ + +#ifndef HEADER_RAND_INT_H +# define HEADER_RAND_INT_H + +# include + +/* forward declaration */ +typedef struct rand_pool_st RAND_POOL; + +void rand_cleanup_int(void); +void rand_drbg_cleanup_int(void); +void drbg_delete_thread_state(void); +void rand_fork(void); + +/* Hardware-based seeding functions. */ +size_t rand_acquire_entropy_from_tsc(RAND_POOL *pool); +size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool); + +/* DRBG entropy callbacks. */ +size_t rand_drbg_get_entropy(RAND_DRBG *drbg, + unsigned char **pout, + int entropy, size_t min_len, size_t max_len, + int prediction_resistance); +void rand_drbg_cleanup_entropy(RAND_DRBG *drbg, + unsigned char *out, size_t outlen); +size_t rand_drbg_get_nonce(RAND_DRBG *drbg, + unsigned char **pout, + int entropy, size_t min_len, size_t max_len); +void rand_drbg_cleanup_nonce(RAND_DRBG *drbg, + unsigned char *out, size_t outlen); + +size_t rand_drbg_get_additional_data(RAND_POOL *pool, unsigned char **pout); + +void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out); + +/* + * RAND_POOL functions + */ +RAND_POOL *rand_pool_new(int entropy_requested, size_t min_len, size_t max_len); +RAND_POOL *rand_pool_attach(const unsigned char *buffer, size_t len, + size_t entropy); +void rand_pool_free(RAND_POOL *pool); + +const unsigned char *rand_pool_buffer(RAND_POOL *pool); +unsigned char *rand_pool_detach(RAND_POOL *pool); +void rand_pool_reattach(RAND_POOL *pool, unsigned char *buffer); + +size_t rand_pool_entropy(RAND_POOL *pool); +size_t rand_pool_length(RAND_POOL *pool); + +size_t rand_pool_entropy_available(RAND_POOL *pool); +size_t rand_pool_entropy_needed(RAND_POOL *pool); +/* |entropy_factor| expresses how many bits of data contain 1 bit of entropy */ +size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_factor); +size_t rand_pool_bytes_remaining(RAND_POOL *pool); + +int rand_pool_add(RAND_POOL *pool, + const unsigned char *buffer, size_t len, size_t entropy); +unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len); +int rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy); + + +/* + * Add random bytes to the pool to acquire requested amount of entropy + * + * This function is platform specific and tries to acquire the requested + * amount of entropy by polling platform specific entropy sources. + * + * If the function succeeds in acquiring at least |entropy_requested| bits + * of entropy, the total entropy count is returned. If it fails, it returns + * an entropy count of 0. + */ +size_t rand_pool_acquire_entropy(RAND_POOL *pool); + +/* + * Add some application specific nonce data + * + * This function is platform specific and adds some application specific + * data to the nonce used for instantiating the drbg. + * + * This data currently consists of the process and thread id, and a high + * resolution timestamp. The data does not include an atomic counter, + * because that is added by the calling function rand_drbg_get_nonce(). + * + * Returns 1 on success and 0 on failure. + */ +int rand_pool_add_nonce_data(RAND_POOL *pool); + + +/* + * Add some platform specific additional data + * + * This function is platform specific and adds some random noise to the + * additional data used for generating random bytes and for reseeding + * the drbg. + * + * Returns 1 on success and 0 on failure. + */ +int rand_pool_add_additional_data(RAND_POOL *pool); + +/* + * Initialise the random pool reseeding sources. + * + * Returns 1 on success and 0 on failure. + */ +int rand_pool_init(void); + +/* + * Finalise the random pool reseeding sources. + */ +void rand_pool_cleanup(void); + +/* + * Control the random pool use of open file descriptors. + */ +void rand_pool_keep_random_devices_open(int keep); + +#endif diff --git a/deps/openssl/openssl/crypto/include/internal/sha.h b/deps/openssl/openssl/crypto/include/internal/sha.h new file mode 100644 index 00000000000000..458a75e89d4a78 --- /dev/null +++ b/deps/openssl/openssl/crypto/include/internal/sha.h @@ -0,0 +1,19 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_INTERNAL_SHA_H +# define HEADER_INTERNAL_SHA_H + +# include + +int sha512_224_init(SHA512_CTX *); +int sha512_256_init(SHA512_CTX *); + +#endif diff --git a/deps/openssl/openssl/crypto/include/internal/siphash.h b/deps/openssl/openssl/crypto/include/internal/siphash.h new file mode 100644 index 00000000000000..9573680f0f15a2 --- /dev/null +++ b/deps/openssl/openssl/crypto/include/internal/siphash.h @@ -0,0 +1,25 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +#define SIPHASH_BLOCK_SIZE 8 +#define SIPHASH_KEY_SIZE 16 +#define SIPHASH_MIN_DIGEST_SIZE 8 +#define SIPHASH_MAX_DIGEST_SIZE 16 + +typedef struct siphash_st SIPHASH; + +size_t SipHash_ctx_size(void); +size_t SipHash_hash_size(SIPHASH *ctx); +int SipHash_set_hash_size(SIPHASH *ctx, size_t hash_size); +int SipHash_Init(SIPHASH *ctx, const unsigned char *k, + int crounds, int drounds); +void SipHash_Update(SIPHASH *ctx, const unsigned char *in, size_t inlen); +int SipHash_Final(SIPHASH *ctx, unsigned char *out, size_t outlen); diff --git a/deps/openssl/openssl/crypto/include/internal/sm2.h b/deps/openssl/openssl/crypto/include/internal/sm2.h new file mode 100644 index 00000000000000..5c5cd4b4f56725 --- /dev/null +++ b/deps/openssl/openssl/crypto/include/internal/sm2.h @@ -0,0 +1,78 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017 Ribose Inc. All Rights Reserved. + * Ported from Ribose contributions from Botan. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_SM2_H +# define HEADER_SM2_H +# include + +# ifndef OPENSSL_NO_SM2 + +# include + +/* The default user id as specified in GM/T 0009-2012 */ +# define SM2_DEFAULT_USERID "1234567812345678" + +int sm2_compute_z_digest(uint8_t *out, + const EVP_MD *digest, + const uint8_t *id, + const size_t id_len, + const EC_KEY *key); + +/* + * SM2 signature operation. Computes Z and then signs H(Z || msg) using SM2 + */ +ECDSA_SIG *sm2_do_sign(const EC_KEY *key, + const EVP_MD *digest, + const uint8_t *id, + const size_t id_len, + const uint8_t *msg, size_t msg_len); + +int sm2_do_verify(const EC_KEY *key, + const EVP_MD *digest, + const ECDSA_SIG *signature, + const uint8_t *id, + const size_t id_len, + const uint8_t *msg, size_t msg_len); + +/* + * SM2 signature generation. + */ +int sm2_sign(const unsigned char *dgst, int dgstlen, + unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); + +/* + * SM2 signature verification. + */ +int sm2_verify(const unsigned char *dgst, int dgstlen, + const unsigned char *sig, int siglen, EC_KEY *eckey); + +/* + * SM2 encryption + */ +int sm2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len, + size_t *ct_size); + +int sm2_plaintext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len, + size_t *pt_size); + +int sm2_encrypt(const EC_KEY *key, + const EVP_MD *digest, + const uint8_t *msg, + size_t msg_len, + uint8_t *ciphertext_buf, size_t *ciphertext_len); + +int sm2_decrypt(const EC_KEY *key, + const EVP_MD *digest, + const uint8_t *ciphertext, + size_t ciphertext_len, uint8_t *ptext_buf, size_t *ptext_len); + +# endif /* OPENSSL_NO_SM2 */ +#endif diff --git a/deps/openssl/openssl/crypto/include/internal/sm2err.h b/deps/openssl/openssl/crypto/include/internal/sm2err.h new file mode 100644 index 00000000000000..a4db1b73d728c8 --- /dev/null +++ b/deps/openssl/openssl/crypto/include/internal/sm2err.h @@ -0,0 +1,61 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_SM2ERR_H +# define HEADER_SM2ERR_H + +# include + +# ifndef OPENSSL_NO_SM2 + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_SM2_strings(void); + +/* + * SM2 function codes. + */ +# define SM2_F_PKEY_SM2_COPY 115 +# define SM2_F_PKEY_SM2_CTRL 109 +# define SM2_F_PKEY_SM2_CTRL_STR 110 +# define SM2_F_PKEY_SM2_DIGEST_CUSTOM 114 +# define SM2_F_PKEY_SM2_INIT 111 +# define SM2_F_PKEY_SM2_SIGN 112 +# define SM2_F_SM2_COMPUTE_MSG_HASH 100 +# define SM2_F_SM2_COMPUTE_USERID_DIGEST 101 +# define SM2_F_SM2_COMPUTE_Z_DIGEST 113 +# define SM2_F_SM2_DECRYPT 102 +# define SM2_F_SM2_ENCRYPT 103 +# define SM2_F_SM2_PLAINTEXT_SIZE 104 +# define SM2_F_SM2_SIGN 105 +# define SM2_F_SM2_SIG_GEN 106 +# define SM2_F_SM2_SIG_VERIFY 107 +# define SM2_F_SM2_VERIFY 108 + +/* + * SM2 reason codes. + */ +# define SM2_R_ASN1_ERROR 100 +# define SM2_R_BAD_SIGNATURE 101 +# define SM2_R_BUFFER_TOO_SMALL 107 +# define SM2_R_DIST_ID_TOO_LARGE 110 +# define SM2_R_ID_NOT_SET 112 +# define SM2_R_ID_TOO_LARGE 111 +# define SM2_R_INVALID_CURVE 108 +# define SM2_R_INVALID_DIGEST 102 +# define SM2_R_INVALID_DIGEST_TYPE 103 +# define SM2_R_INVALID_ENCODING 104 +# define SM2_R_INVALID_FIELD 105 +# define SM2_R_NO_PARAMETERS_SET 109 +# define SM2_R_USER_ID_TOO_LARGE 106 + +# endif +#endif diff --git a/deps/openssl/openssl/crypto/include/internal/sm3.h b/deps/openssl/openssl/crypto/include/internal/sm3.h new file mode 100644 index 00000000000000..27eb471c283132 --- /dev/null +++ b/deps/openssl/openssl/crypto/include/internal/sm3.h @@ -0,0 +1,39 @@ +/* + * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017 Ribose Inc. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_SM3_H +# define HEADER_SM3_H + +# include + +# ifdef OPENSSL_NO_SM3 +# error SM3 is disabled. +# endif + +# define SM3_DIGEST_LENGTH 32 +# define SM3_WORD unsigned int + +# define SM3_CBLOCK 64 +# define SM3_LBLOCK (SM3_CBLOCK/4) + +typedef struct SM3state_st { + SM3_WORD A, B, C, D, E, F, G, H; + SM3_WORD Nl, Nh; + SM3_WORD data[SM3_LBLOCK]; + unsigned int num; +} SM3_CTX; + +int sm3_init(SM3_CTX *c); +int sm3_update(SM3_CTX *c, const void *data, size_t len); +int sm3_final(unsigned char *md, SM3_CTX *c); + +void sm3_block_data_order(SM3_CTX *c, const void *p, size_t num); + +#endif diff --git a/deps/openssl/openssl/crypto/include/internal/sm4.h b/deps/openssl/openssl/crypto/include/internal/sm4.h new file mode 100644 index 00000000000000..f1f157ef535162 --- /dev/null +++ b/deps/openssl/openssl/crypto/include/internal/sm4.h @@ -0,0 +1,37 @@ +/* + * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017 Ribose Inc. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_SM4_H +# define HEADER_SM4_H + +# include +# include + +# ifdef OPENSSL_NO_SM4 +# error SM4 is disabled. +# endif + +# define SM4_ENCRYPT 1 +# define SM4_DECRYPT 0 + +# define SM4_BLOCK_SIZE 16 +# define SM4_KEY_SCHEDULE 32 + +typedef struct SM4_KEY_st { + uint32_t rk[SM4_KEY_SCHEDULE]; +} SM4_KEY; + +int SM4_set_key(const uint8_t *key, SM4_KEY *ks); + +void SM4_encrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks); + +void SM4_decrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks); + +#endif diff --git a/deps/openssl/openssl/test/r160test.c b/deps/openssl/openssl/crypto/include/internal/store.h similarity index 71% rename from deps/openssl/openssl/test/r160test.c rename to deps/openssl/openssl/crypto/include/internal/store.h index 06033eb91f8336..f5013dc36795fd 100644 --- a/deps/openssl/openssl/test/r160test.c +++ b/deps/openssl/openssl/crypto/include/internal/store.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,3 +7,4 @@ * https://www.openssl.org/source/license.html */ +void ossl_store_cleanup_int(void); diff --git a/deps/openssl/openssl/crypto/include/internal/store_int.h b/deps/openssl/openssl/crypto/include/internal/store_int.h new file mode 100644 index 00000000000000..6f31e019ea219d --- /dev/null +++ b/deps/openssl/openssl/crypto/include/internal/store_int.h @@ -0,0 +1,26 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_STORE_INT_H +# define HEADER_STORE_INT_H + +# include +# include +# include + +/* + * Two functions to read PEM data off an already opened BIO. To be used + * instead of OSSLSTORE_open() and OSSLSTORE_close(). Everything is done + * as usual with OSSLSTORE_load() and OSSLSTORE_eof(). + */ +OSSL_STORE_CTX *ossl_store_attach_pem_bio(BIO *bp, const UI_METHOD *ui_method, + void *ui_data); +int ossl_store_detach_pem_bio(OSSL_STORE_CTX *ctx); + +#endif diff --git a/deps/openssl/openssl/crypto/include/internal/x509_int.h b/deps/openssl/openssl/crypto/include/internal/x509_int.h index eb439977049b72..b53c2b03c39ec4 100644 --- a/deps/openssl/openssl/crypto/include/internal/x509_int.h +++ b/deps/openssl/openssl/crypto/include/internal/x509_int.h @@ -7,6 +7,8 @@ * https://www.openssl.org/source/license.html */ +#include "internal/refcount.h" + /* Internal X509 structures and functions: not for application use */ /* Note: unless otherwise stated a field pointer is mandatory and should @@ -35,6 +37,19 @@ struct X509_name_st { int canon_enclen; } /* X509_NAME */ ; +/* Signature info structure */ + +struct x509_sig_info_st { + /* NID of message digest */ + int mdnid; + /* NID of public key algorithm */ + int pknid; + /* Security bits */ + int secbits; + /* Various flags */ + uint32_t flags; +}; + /* PKCS#10 certificate request */ struct X509_req_info_st { @@ -54,7 +69,7 @@ struct X509_req_st { X509_REQ_INFO req_info; /* signed certificate request data */ X509_ALGOR sig_alg; /* signature algorithm */ ASN1_BIT_STRING *signature; /* signature */ - int references; + CRYPTO_REF_COUNT references; CRYPTO_RWLOCK *lock; }; @@ -73,7 +88,7 @@ struct X509_crl_st { X509_CRL_INFO crl; /* signed CRL data */ X509_ALGOR sig_alg; /* CRL signature algorithm */ ASN1_BIT_STRING signature; /* CRL signature */ - int references; + CRYPTO_REF_COUNT references; int flags; /* * Cached copies of decoded extension values, since extensions @@ -144,7 +159,8 @@ struct x509_st { X509_CINF cert_info; X509_ALGOR sig_alg; ASN1_BIT_STRING signature; - int references; + X509_SIG_INFO siginf; + CRYPTO_REF_COUNT references; CRYPTO_EX_DATA ex_data; /* These contain copies of various extension values */ long ex_pathlen; @@ -266,3 +282,5 @@ struct x509_object_st { int a2i_ipadd(unsigned char *ipout, const char *ipasc); int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm); + +void x509_init_sig_info(X509 *x); diff --git a/deps/openssl/openssl/crypto/init.c b/deps/openssl/openssl/crypto/init.c index 2ad946c5bf7728..209d1a483daebe 100644 --- a/deps/openssl/openssl/crypto/init.c +++ b/deps/openssl/openssl/crypto/init.c @@ -7,23 +7,26 @@ * https://www.openssl.org/source/license.html */ -#include +#include "e_os.h" +#include "internal/cryptlib_int.h" #include -#include -#include +#include "internal/rand_int.h" +#include "internal/bio.h" #include -#include -#include -#include -#include -#include -#include -#include -#include +#include "internal/evp_int.h" +#include "internal/conf.h" +#include "internal/async.h" +#include "internal/engine.h" +#include "internal/comp.h" +#include "internal/err.h" +#include "internal/err_int.h" +#include "internal/objects.h" #include #include -#include -#include +#include "internal/thread_once.h" +#include "internal/dso_conf.h" +#include "internal/dso.h" +#include "internal/store.h" static int stopped = 0; @@ -89,6 +92,9 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_base) #ifdef OPENSSL_INIT_DEBUG fprintf(stderr, "OPENSSL_INIT: ossl_init_base: Setting up stop handlers\n"); +#endif +#ifndef OPENSSL_NO_CRYPTO_MDEBUG + ossl_malloc_setup_failures(); #endif if (!CRYPTO_THREAD_init_local(&key, ossl_init_thread_destructor)) return 0; @@ -191,7 +197,7 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings) # endif ret = err_load_crypto_strings_int(); load_crypto_strings_inited = 1; -#endif +#endif return ret; } @@ -284,16 +290,15 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_engine_openssl) engine_load_openssl_int(); return 1; } -# if !defined(OPENSSL_NO_HW) && \ - (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)) -static CRYPTO_ONCE engine_cryptodev = CRYPTO_ONCE_STATIC_INIT; -DEFINE_RUN_ONCE_STATIC(ossl_init_engine_cryptodev) +# ifndef OPENSSL_NO_DEVCRYPTOENG +static CRYPTO_ONCE engine_devcrypto = CRYPTO_ONCE_STATIC_INIT; +DEFINE_RUN_ONCE_STATIC(ossl_init_engine_devcrypto) { # ifdef OPENSSL_INIT_DEBUG - fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_cryptodev: " - "engine_load_cryptodev_int()\n"); + fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_devcrypto: " + "engine_load_devcrypto_int()\n"); # endif - engine_load_cryptodev_int(); + engine_load_devcrypto_int(); return 1; } # endif @@ -394,6 +399,14 @@ static void ossl_init_thread_stop(struct thread_local_inits_st *locals) err_delete_thread_state(); } + if (locals->rand) { +#ifdef OPENSSL_INIT_DEBUG + fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: " + "drbg_delete_thread_state()\n"); +#endif + drbg_delete_thread_state(); + } + OPENSSL_free(locals); } @@ -431,6 +444,14 @@ int ossl_init_thread_start(uint64_t opts) locals->err_state = 1; } + if (opts & OPENSSL_INIT_THREAD_RAND) { +#ifdef OPENSSL_INIT_DEBUG + fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: " + "marking thread for rand\n"); +#endif + locals->rand = 1; + } + return 1; } @@ -464,6 +485,7 @@ void OPENSSL_cleanup(void) stop_handlers = NULL; CRYPTO_THREAD_lock_free(init_lock); + init_lock = NULL; /* * We assume we are single-threaded for this function, i.e. no race @@ -534,16 +556,20 @@ void OPENSSL_cleanup(void) * obj_cleanup_int() must be called last */ rand_cleanup_int(); + rand_drbg_cleanup_int(); conf_modules_free_int(); #ifndef OPENSSL_NO_ENGINE engine_cleanup_int(); #endif + ossl_store_cleanup_int(); crypto_cleanup_all_ex_data_int(); bio_cleanup(); evp_cleanup_int(); obj_cleanup_int(); err_cleanup(); + CRYPTO_secure_malloc_done(); + base_inited = 0; } @@ -593,6 +619,10 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) && !RUN_ONCE(&add_all_digests, ossl_init_add_all_digests)) return 0; + if ((opts & OPENSSL_INIT_ATFORK) + && !openssl_init_fork_handlers()) + return 0; + if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG) && !RUN_ONCE(&config, ossl_init_no_config)) return 0; @@ -615,10 +645,9 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) if ((opts & OPENSSL_INIT_ENGINE_OPENSSL) && !RUN_ONCE(&engine_openssl, ossl_init_engine_openssl)) return 0; -# if !defined(OPENSSL_NO_HW) && \ - (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)) +# if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_DEVCRYPTOENG) if ((opts & OPENSSL_INIT_ENGINE_CRYPTODEV) - && !RUN_ONCE(&engine_cryptodev, ossl_init_engine_cryptodev)) + && !RUN_ONCE(&engine_devcrypto, ossl_init_engine_devcrypto)) return 0; # endif # ifndef OPENSSL_NO_RDRAND @@ -715,9 +744,10 @@ int OPENSSL_atexit(void (*handler)(void)) } #endif - newhand = OPENSSL_malloc(sizeof(*newhand)); - if (newhand == NULL) + if ((newhand = OPENSSL_malloc(sizeof(*newhand))) == NULL) { + CRYPTOerr(CRYPTO_F_OPENSSL_ATEXIT, ERR_R_MALLOC_FAILURE); return 0; + } newhand->handler = handler; newhand->next = stop_handlers; @@ -725,3 +755,29 @@ int OPENSSL_atexit(void (*handler)(void)) return 1; } + +#ifdef OPENSSL_SYS_UNIX +/* + * The following three functions are for OpenSSL developers. This is + * where we set/reset state across fork (called via pthread_atfork when + * it exists, or manually by the application when it doesn't). + * + * WARNING! If you put code in either OPENSSL_fork_parent or + * OPENSSL_fork_child, you MUST MAKE SURE that they are async-signal- + * safe. See this link, for example: + * http://man7.org/linux/man-pages/man7/signal-safety.7.html + */ + +void OPENSSL_fork_prepare(void) +{ +} + +void OPENSSL_fork_parent(void) +{ +} + +void OPENSSL_fork_child(void) +{ + rand_fork(); +} +#endif diff --git a/deps/openssl/openssl/crypto/kdf/build.info b/deps/openssl/openssl/crypto/kdf/build.info index cbe2080ed7caec..c166399d0ce723 100644 --- a/deps/openssl/openssl/crypto/kdf/build.info +++ b/deps/openssl/openssl/crypto/kdf/build.info @@ -1,3 +1,3 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]=\ - tls1_prf.c kdf_err.c hkdf.c + tls1_prf.c kdf_err.c hkdf.c scrypt.c diff --git a/deps/openssl/openssl/crypto/kdf/hkdf.c b/deps/openssl/openssl/crypto/kdf/hkdf.c index 0fb55e9c651c09..ae46fad609ac99 100644 --- a/deps/openssl/openssl/crypto/kdf/hkdf.c +++ b/deps/openssl/openssl/crypto/kdf/hkdf.c @@ -34,6 +34,7 @@ static unsigned char *HKDF_Expand(const EVP_MD *evp_md, unsigned char *okm, size_t okm_len); typedef struct { + int mode; const EVP_MD *md; unsigned char *salt; size_t salt_len; @@ -47,9 +48,10 @@ static int pkey_hkdf_init(EVP_PKEY_CTX *ctx) { HKDF_PKEY_CTX *kctx; - kctx = OPENSSL_zalloc(sizeof(*kctx)); - if (kctx == NULL) + if ((kctx = OPENSSL_zalloc(sizeof(*kctx))) == NULL) { + KDFerr(KDF_F_PKEY_HKDF_INIT, ERR_R_MALLOC_FAILURE); return 0; + } ctx->data = kctx; @@ -77,6 +79,10 @@ static int pkey_hkdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) kctx->md = p2; return 1; + case EVP_PKEY_CTRL_HKDF_MODE: + kctx->mode = p1; + return 1; + case EVP_PKEY_CTRL_HKDF_SALT: if (p1 == 0 || p2 == NULL) return 1; @@ -128,8 +134,24 @@ static int pkey_hkdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) static int pkey_hkdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value) { + if (strcmp(type, "mode") == 0) { + int mode; + + if (strcmp(value, "EXTRACT_AND_EXPAND") == 0) + mode = EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND; + else if (strcmp(value, "EXTRACT_ONLY") == 0) + mode = EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY; + else if (strcmp(value, "EXPAND_ONLY") == 0) + mode = EVP_PKEY_HKDEF_MODE_EXPAND_ONLY; + else + return 0; + + return EVP_PKEY_CTX_hkdf_mode(ctx, mode); + } + if (strcmp(type, "md") == 0) - return EVP_PKEY_CTX_set_hkdf_md(ctx, EVP_get_digestbyname(value)); + return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_DERIVE, + EVP_PKEY_CTRL_HKDF_MD, value); if (strcmp(type, "salt") == 0) return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_HKDF_SALT, value); @@ -149,24 +171,57 @@ static int pkey_hkdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, if (strcmp(type, "hexinfo") == 0) return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_HKDF_INFO, value); + KDFerr(KDF_F_PKEY_HKDF_CTRL_STR, KDF_R_UNKNOWN_PARAMETER_TYPE); return -2; } +static int pkey_hkdf_derive_init(EVP_PKEY_CTX *ctx) +{ + HKDF_PKEY_CTX *kctx = ctx->data; + + OPENSSL_clear_free(kctx->key, kctx->key_len); + OPENSSL_clear_free(kctx->salt, kctx->salt_len); + OPENSSL_cleanse(kctx->info, kctx->info_len); + memset(kctx, 0, sizeof(*kctx)); + + return 1; +} + static int pkey_hkdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) { HKDF_PKEY_CTX *kctx = ctx->data; - if (kctx->md == NULL || kctx->key == NULL) + if (kctx->md == NULL) { + KDFerr(KDF_F_PKEY_HKDF_DERIVE, KDF_R_MISSING_MESSAGE_DIGEST); return 0; - - if (HKDF(kctx->md, kctx->salt, kctx->salt_len, kctx->key, kctx->key_len, - kctx->info, kctx->info_len, key, *keylen) == NULL) - { + } + if (kctx->key == NULL) { + KDFerr(KDF_F_PKEY_HKDF_DERIVE, KDF_R_MISSING_KEY); return 0; } - return 1; + switch (kctx->mode) { + case EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND: + return HKDF(kctx->md, kctx->salt, kctx->salt_len, kctx->key, + kctx->key_len, kctx->info, kctx->info_len, key, + *keylen) != NULL; + + case EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY: + if (key == NULL) { + *keylen = EVP_MD_size(kctx->md); + return 1; + } + return HKDF_Extract(kctx->md, kctx->salt, kctx->salt_len, kctx->key, + kctx->key_len, key, keylen) != NULL; + + case EVP_PKEY_HKDEF_MODE_EXPAND_ONLY: + return HKDF_Expand(kctx->md, kctx->key, kctx->key_len, kctx->info, + kctx->info_len, key, *keylen) != NULL; + + default: + return 0; + } } const EVP_PKEY_METHOD hkdf_pkey_meth = { @@ -193,7 +248,7 @@ const EVP_PKEY_METHOD hkdf_pkey_meth = { 0, 0, - 0, + pkey_hkdf_derive_init, pkey_hkdf_derive, pkey_hkdf_ctrl, pkey_hkdf_ctrl_str @@ -206,12 +261,16 @@ static unsigned char *HKDF(const EVP_MD *evp_md, unsigned char *okm, size_t okm_len) { unsigned char prk[EVP_MAX_MD_SIZE]; + unsigned char *ret; size_t prk_len; if (!HKDF_Extract(evp_md, salt, salt_len, key, key_len, prk, &prk_len)) return NULL; - return HKDF_Expand(evp_md, prk, prk_len, info, info_len, okm, okm_len); + ret = HKDF_Expand(evp_md, prk, prk_len, info, info_len, okm, okm_len); + OPENSSL_cleanse(prk, sizeof(prk)); + + return ret; } static unsigned char *HKDF_Extract(const EVP_MD *evp_md, @@ -246,7 +305,7 @@ static unsigned char *HKDF_Expand(const EVP_MD *evp_md, if (okm_len % dig_len) n++; - if (n > 255) + if (n > 255 || okm == NULL) return NULL; if ((hmac = HMAC_CTX_new()) == NULL) diff --git a/deps/openssl/openssl/crypto/kdf/kdf_err.c b/deps/openssl/openssl/crypto/kdf/kdf_err.c index d7d71b35e40a52..1627c0a394b421 100644 --- a/deps/openssl/openssl/crypto/kdf/kdf_err.c +++ b/deps/openssl/openssl/crypto/kdf/kdf_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,26 +8,48 @@ * https://www.openssl.org/source/license.html */ -#include #include -#include +#include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -# define ERR_FUNC(func) ERR_PACK(ERR_LIB_KDF,func,0) -# define ERR_REASON(reason) ERR_PACK(ERR_LIB_KDF,0,reason) - -static ERR_STRING_DATA KDF_str_functs[] = { - {ERR_FUNC(KDF_F_PKEY_TLS1_PRF_CTRL_STR), "pkey_tls1_prf_ctrl_str"}, - {ERR_FUNC(KDF_F_PKEY_TLS1_PRF_DERIVE), "pkey_tls1_prf_derive"}, +static const ERR_STRING_DATA KDF_str_functs[] = { + {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_CTRL_STR, 0), "pkey_hkdf_ctrl_str"}, + {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_DERIVE, 0), "pkey_hkdf_derive"}, + {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_INIT, 0), "pkey_hkdf_init"}, + {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_CTRL_STR, 0), + "pkey_scrypt_ctrl_str"}, + {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_CTRL_UINT64, 0), + "pkey_scrypt_ctrl_uint64"}, + {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_DERIVE, 0), "pkey_scrypt_derive"}, + {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_INIT, 0), "pkey_scrypt_init"}, + {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_SET_MEMBUF, 0), + "pkey_scrypt_set_membuf"}, + {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_CTRL_STR, 0), + "pkey_tls1_prf_ctrl_str"}, + {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_DERIVE, 0), + "pkey_tls1_prf_derive"}, + {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_INIT, 0), "pkey_tls1_prf_init"}, + {ERR_PACK(ERR_LIB_KDF, KDF_F_TLS1_PRF_ALG, 0), "tls1_prf_alg"}, {0, NULL} }; -static ERR_STRING_DATA KDF_str_reasons[] = { - {ERR_REASON(KDF_R_INVALID_DIGEST), "invalid digest"}, - {ERR_REASON(KDF_R_MISSING_PARAMETER), "missing parameter"}, - {ERR_REASON(KDF_R_VALUE_MISSING), "value missing"}, +static const ERR_STRING_DATA KDF_str_reasons[] = { + {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_INVALID_DIGEST), "invalid digest"}, + {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_ITERATION_COUNT), + "missing iteration count"}, + {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_KEY), "missing key"}, + {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_MESSAGE_DIGEST), + "missing message digest"}, + {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_PARAMETER), "missing parameter"}, + {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_PASS), "missing pass"}, + {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_SALT), "missing salt"}, + {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_SECRET), "missing secret"}, + {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_SEED), "missing seed"}, + {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_UNKNOWN_PARAMETER_TYPE), + "unknown parameter type"}, + {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_VALUE_ERROR), "value error"}, + {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_VALUE_MISSING), "value missing"}, {0, NULL} }; @@ -36,10 +58,9 @@ static ERR_STRING_DATA KDF_str_reasons[] = { int ERR_load_KDF_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(KDF_str_functs[0].error) == NULL) { - ERR_load_strings(0, KDF_str_functs); - ERR_load_strings(0, KDF_str_reasons); + ERR_load_strings_const(KDF_str_functs); + ERR_load_strings_const(KDF_str_reasons); } #endif return 1; diff --git a/deps/openssl/openssl/crypto/kdf/scrypt.c b/deps/openssl/openssl/crypto/kdf/scrypt.c new file mode 100644 index 00000000000000..61fd390e95f076 --- /dev/null +++ b/deps/openssl/openssl/crypto/kdf/scrypt.c @@ -0,0 +1,266 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include +#include "internal/cryptlib.h" +#include "internal/evp_int.h" + +#ifndef OPENSSL_NO_SCRYPT + +static int atou64(const char *nptr, uint64_t *result); + +typedef struct { + unsigned char *pass; + size_t pass_len; + unsigned char *salt; + size_t salt_len; + uint64_t N, r, p; + uint64_t maxmem_bytes; +} SCRYPT_PKEY_CTX; + +/* Custom uint64_t parser since we do not have strtoull */ +static int atou64(const char *nptr, uint64_t *result) +{ + uint64_t value = 0; + + while (*nptr) { + unsigned int digit; + uint64_t new_value; + + if ((*nptr < '0') || (*nptr > '9')) { + return 0; + } + digit = (unsigned int)(*nptr - '0'); + new_value = (value * 10) + digit; + if ((new_value < digit) || ((new_value - digit) / 10 != value)) { + /* Overflow */ + return 0; + } + value = new_value; + nptr++; + } + *result = value; + return 1; +} + +static int pkey_scrypt_init(EVP_PKEY_CTX *ctx) +{ + SCRYPT_PKEY_CTX *kctx; + + kctx = OPENSSL_zalloc(sizeof(*kctx)); + if (kctx == NULL) { + KDFerr(KDF_F_PKEY_SCRYPT_INIT, ERR_R_MALLOC_FAILURE); + return 0; + } + + /* Default values are the most conservative recommendation given in the + * original paper of C. Percival. Derivation uses roughly 1 GiB of memory + * for this parameter choice (approx. 128 * r * (N + p) bytes). + */ + kctx->N = 1 << 20; + kctx->r = 8; + kctx->p = 1; + kctx->maxmem_bytes = 1025 * 1024 * 1024; + + ctx->data = kctx; + + return 1; +} + +static void pkey_scrypt_cleanup(EVP_PKEY_CTX *ctx) +{ + SCRYPT_PKEY_CTX *kctx = ctx->data; + + OPENSSL_clear_free(kctx->salt, kctx->salt_len); + OPENSSL_clear_free(kctx->pass, kctx->pass_len); + OPENSSL_free(kctx); +} + +static int pkey_scrypt_set_membuf(unsigned char **buffer, size_t *buflen, + const unsigned char *new_buffer, + const int new_buflen) +{ + if (new_buffer == NULL) + return 1; + + if (new_buflen < 0) + return 0; + + if (*buffer != NULL) + OPENSSL_clear_free(*buffer, *buflen); + + if (new_buflen > 0) { + *buffer = OPENSSL_memdup(new_buffer, new_buflen); + } else { + *buffer = OPENSSL_malloc(1); + } + if (*buffer == NULL) { + KDFerr(KDF_F_PKEY_SCRYPT_SET_MEMBUF, ERR_R_MALLOC_FAILURE); + return 0; + } + + *buflen = new_buflen; + return 1; +} + +static int is_power_of_two(uint64_t value) +{ + return (value != 0) && ((value & (value - 1)) == 0); +} + +static int pkey_scrypt_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) +{ + SCRYPT_PKEY_CTX *kctx = ctx->data; + uint64_t u64_value; + + switch (type) { + case EVP_PKEY_CTRL_PASS: + return pkey_scrypt_set_membuf(&kctx->pass, &kctx->pass_len, p2, p1); + + case EVP_PKEY_CTRL_SCRYPT_SALT: + return pkey_scrypt_set_membuf(&kctx->salt, &kctx->salt_len, p2, p1); + + case EVP_PKEY_CTRL_SCRYPT_N: + u64_value = *((uint64_t *)p2); + if ((u64_value <= 1) || !is_power_of_two(u64_value)) + return 0; + kctx->N = u64_value; + return 1; + + case EVP_PKEY_CTRL_SCRYPT_R: + u64_value = *((uint64_t *)p2); + if (u64_value < 1) + return 0; + kctx->r = u64_value; + return 1; + + case EVP_PKEY_CTRL_SCRYPT_P: + u64_value = *((uint64_t *)p2); + if (u64_value < 1) + return 0; + kctx->p = u64_value; + return 1; + + case EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES: + u64_value = *((uint64_t *)p2); + if (u64_value < 1) + return 0; + kctx->maxmem_bytes = u64_value; + return 1; + + default: + return -2; + + } +} + +static int pkey_scrypt_ctrl_uint64(EVP_PKEY_CTX *ctx, int type, + const char *value) +{ + uint64_t int_value; + + if (!atou64(value, &int_value)) { + KDFerr(KDF_F_PKEY_SCRYPT_CTRL_UINT64, KDF_R_VALUE_ERROR); + return 0; + } + return pkey_scrypt_ctrl(ctx, type, 0, &int_value); +} + +static int pkey_scrypt_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, + const char *value) +{ + if (value == NULL) { + KDFerr(KDF_F_PKEY_SCRYPT_CTRL_STR, KDF_R_VALUE_MISSING); + return 0; + } + + if (strcmp(type, "pass") == 0) + return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_PASS, value); + + if (strcmp(type, "hexpass") == 0) + return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_PASS, value); + + if (strcmp(type, "salt") == 0) + return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_SCRYPT_SALT, value); + + if (strcmp(type, "hexsalt") == 0) + return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_SCRYPT_SALT, value); + + if (strcmp(type, "N") == 0) + return pkey_scrypt_ctrl_uint64(ctx, EVP_PKEY_CTRL_SCRYPT_N, value); + + if (strcmp(type, "r") == 0) + return pkey_scrypt_ctrl_uint64(ctx, EVP_PKEY_CTRL_SCRYPT_R, value); + + if (strcmp(type, "p") == 0) + return pkey_scrypt_ctrl_uint64(ctx, EVP_PKEY_CTRL_SCRYPT_P, value); + + if (strcmp(type, "maxmem_bytes") == 0) + return pkey_scrypt_ctrl_uint64(ctx, EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES, + value); + + KDFerr(KDF_F_PKEY_SCRYPT_CTRL_STR, KDF_R_UNKNOWN_PARAMETER_TYPE); + return -2; +} + +static int pkey_scrypt_derive(EVP_PKEY_CTX *ctx, unsigned char *key, + size_t *keylen) +{ + SCRYPT_PKEY_CTX *kctx = ctx->data; + + if (kctx->pass == NULL) { + KDFerr(KDF_F_PKEY_SCRYPT_DERIVE, KDF_R_MISSING_PASS); + return 0; + } + + if (kctx->salt == NULL) { + KDFerr(KDF_F_PKEY_SCRYPT_DERIVE, KDF_R_MISSING_SALT); + return 0; + } + + return EVP_PBE_scrypt((char *)kctx->pass, kctx->pass_len, kctx->salt, + kctx->salt_len, kctx->N, kctx->r, kctx->p, + kctx->maxmem_bytes, key, *keylen); +} + +const EVP_PKEY_METHOD scrypt_pkey_meth = { + EVP_PKEY_SCRYPT, + 0, + pkey_scrypt_init, + 0, + pkey_scrypt_cleanup, + + 0, 0, + 0, 0, + + 0, + 0, + + 0, + 0, + + 0, 0, + + 0, 0, 0, 0, + + 0, 0, + + 0, 0, + + 0, + pkey_scrypt_derive, + pkey_scrypt_ctrl, + pkey_scrypt_ctrl_str +}; + +#endif diff --git a/deps/openssl/openssl/crypto/kdf/tls1_prf.c b/deps/openssl/openssl/crypto/kdf/tls1_prf.c index fa13732bbf9219..49f7ecced90615 100644 --- a/deps/openssl/openssl/crypto/kdf/tls1_prf.c +++ b/deps/openssl/openssl/crypto/kdf/tls1_prf.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -37,9 +37,10 @@ static int pkey_tls1_prf_init(EVP_PKEY_CTX *ctx) { TLS1_PRF_PKEY_CTX *kctx; - kctx = OPENSSL_zalloc(sizeof(*kctx)); - if (kctx == NULL) + if ((kctx = OPENSSL_zalloc(sizeof(*kctx))) == NULL) { + KDFerr(KDF_F_PKEY_TLS1_PRF_INIT, ERR_R_MALLOC_FAILURE); return 0; + } ctx->data = kctx; return 1; @@ -115,6 +116,8 @@ static int pkey_tls1_prf_ctrl_str(EVP_PKEY_CTX *ctx, return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_TLS_SEED, value); if (strcmp(type, "hexseed") == 0) return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_TLS_SEED, value); + + KDFerr(KDF_F_PKEY_TLS1_PRF_CTRL_STR, KDF_R_UNKNOWN_PARAMETER_TYPE); return -2; } @@ -122,8 +125,16 @@ static int pkey_tls1_prf_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) { TLS1_PRF_PKEY_CTX *kctx = ctx->data; - if (kctx->md == NULL || kctx->sec == NULL || kctx->seedlen == 0) { - KDFerr(KDF_F_PKEY_TLS1_PRF_DERIVE, KDF_R_MISSING_PARAMETER); + if (kctx->md == NULL) { + KDFerr(KDF_F_PKEY_TLS1_PRF_DERIVE, KDF_R_MISSING_MESSAGE_DIGEST); + return 0; + } + if (kctx->sec == NULL) { + KDFerr(KDF_F_PKEY_TLS1_PRF_DERIVE, KDF_R_MISSING_SECRET); + return 0; + } + if (kctx->seedlen == 0) { + KDFerr(KDF_F_PKEY_TLS1_PRF_DERIVE, KDF_R_MISSING_SEED); return 0; } return tls1_prf_alg(kctx->md, kctx->sec, kctx->seclen, @@ -174,7 +185,8 @@ static int tls1_prf_P_hash(const EVP_MD *md, int ret = 0; chunk = EVP_MD_size(md); - OPENSSL_assert(chunk >= 0); + if (!ossl_assert(chunk > 0)) + goto err; ctx = EVP_MD_CTX_new(); ctx_tmp = EVP_MD_CTX_new(); @@ -182,7 +194,7 @@ static int tls1_prf_P_hash(const EVP_MD *md, if (ctx == NULL || ctx_tmp == NULL || ctx_init == NULL) goto err; EVP_MD_CTX_set_flags(ctx_init, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len); + mac_key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, sec, sec_len); if (mac_key == NULL) goto err; if (!EVP_DigestSignInit(ctx_init, NULL, md, NULL, mac_key)) @@ -245,9 +257,10 @@ static int tls1_prf_alg(const EVP_MD *md, seed, seed_len, out, olen)) return 0; - tmp = OPENSSL_malloc(olen); - if (tmp == NULL) + if ((tmp = OPENSSL_malloc(olen)) == NULL) { + KDFerr(KDF_F_TLS1_PRF_ALG, ERR_R_MALLOC_FAILURE); return 0; + } if (!tls1_prf_P_hash(EVP_sha1(), sec + slen/2, slen/2 + (slen & 1), seed, seed_len, tmp, olen)) { OPENSSL_clear_free(tmp, olen); diff --git a/deps/openssl/openssl/crypto/lhash/lh_stats.c b/deps/openssl/openssl/crypto/lhash/lh_stats.c index 5586afa0d8b346..65b91e1ef415e6 100644 --- a/deps/openssl/openssl/crypto/lhash/lh_stats.c +++ b/deps/openssl/openssl/crypto/lhash/lh_stats.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -61,35 +61,22 @@ void OPENSSL_LH_node_usage_stats(const OPENSSL_LHASH *lh, FILE *fp) void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out) { - OPENSSL_LHASH *lh_mut = (OPENSSL_LHASH *) lh; - int ret; - BIO_printf(out, "num_items = %lu\n", lh->num_items); - BIO_printf(out, "num_nodes = %u\n", lh->num_nodes); - BIO_printf(out, "num_alloc_nodes = %u\n", lh->num_alloc_nodes); + BIO_printf(out, "num_nodes = %u\n", lh->num_nodes); + BIO_printf(out, "num_alloc_nodes = %u\n", lh->num_alloc_nodes); BIO_printf(out, "num_expands = %lu\n", lh->num_expands); BIO_printf(out, "num_expand_reallocs = %lu\n", lh->num_expand_reallocs); BIO_printf(out, "num_contracts = %lu\n", lh->num_contracts); - BIO_printf(out, "num_contract_reallocs = %lu\n", - lh->num_contract_reallocs); - CRYPTO_atomic_add(&lh_mut->num_hash_calls, 0, &ret, - lh->retrieve_stats_lock); - BIO_printf(out, "num_hash_calls = %d\n", ret); - CRYPTO_atomic_add(&lh_mut->num_comp_calls, 0, &ret, - lh->retrieve_stats_lock); - BIO_printf(out, "num_comp_calls = %d\n", ret); + BIO_printf(out, "num_contract_reallocs = %lu\n", lh->num_contract_reallocs); + BIO_printf(out, "num_hash_calls = %lu\n", lh->num_hash_calls); + BIO_printf(out, "num_comp_calls = %lu\n", lh->num_comp_calls); BIO_printf(out, "num_insert = %lu\n", lh->num_insert); BIO_printf(out, "num_replace = %lu\n", lh->num_replace); BIO_printf(out, "num_delete = %lu\n", lh->num_delete); BIO_printf(out, "num_no_delete = %lu\n", lh->num_no_delete); - CRYPTO_atomic_add(&lh_mut->num_retrieve, 0, &ret, lh->retrieve_stats_lock); - BIO_printf(out, "num_retrieve = %d\n", ret); - CRYPTO_atomic_add(&lh_mut->num_retrieve_miss, 0, &ret, - lh->retrieve_stats_lock); - BIO_printf(out, "num_retrieve_miss = %d\n", ret); - CRYPTO_atomic_add(&lh_mut->num_hash_comps, 0, &ret, - lh->retrieve_stats_lock); - BIO_printf(out, "num_hash_comps = %d\n", ret); + BIO_printf(out, "num_retrieve = %lu\n", lh->num_retrieve); + BIO_printf(out, "num_retrieve_miss = %lu\n", lh->num_retrieve_miss); + BIO_printf(out, "num_hash_comps = %lu\n", lh->num_hash_comps); } void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH *lh, BIO *out) diff --git a/deps/openssl/openssl/crypto/lhash/lhash.c b/deps/openssl/openssl/crypto/lhash/lhash.c index ea83bf900fbbe1..8d9f933df368c9 100644 --- a/deps/openssl/openssl/crypto/lhash/lhash.c +++ b/deps/openssl/openssl/crypto/lhash/lhash.c @@ -12,13 +12,14 @@ #include #include #include -#include +#include +#include "internal/ctype.h" #include "internal/lhash.h" #include "lhash_lcl.h" /* * A hashing implementation that appears to be based on the linear hashing - * algorithm: + * alogrithm: * https://en.wikipedia.org/wiki/Linear_hashing * * Litwin, Witold (1980), "Linear hashing: A new tool for file and table @@ -47,12 +48,16 @@ OPENSSL_LHASH *OPENSSL_LH_new(OPENSSL_LH_HASHFUNC h, OPENSSL_LH_COMPFUNC c) { OPENSSL_LHASH *ret; - if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) + if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) { + /* + * Do not set the error code, because the ERR code uses LHASH + * and we want to avoid possible endless error loop. + * CRYPTOerr(CRYPTO_F_OPENSSL_LH_NEW, ERR_R_MALLOC_FAILURE); + */ return NULL; + } if ((ret->b = OPENSSL_zalloc(sizeof(*ret->b) * MIN_NODES)) == NULL) goto err; - if ((ret->retrieve_stats_lock = CRYPTO_THREAD_lock_new()) == NULL) - goto err; ret->comp = ((c == NULL) ? (OPENSSL_LH_COMPFUNC)strcmp : c); ret->hash = ((h == NULL) ? (OPENSSL_LH_HASHFUNC)OPENSSL_LH_strhash : h); ret->num_nodes = MIN_NODES / 2; @@ -60,7 +65,7 @@ OPENSSL_LHASH *OPENSSL_LH_new(OPENSSL_LH_HASHFUNC h, OPENSSL_LH_COMPFUNC c) ret->pmax = MIN_NODES / 2; ret->up_load = UP_LOAD; ret->down_load = DOWN_LOAD; - return (ret); + return ret; err: OPENSSL_free(ret->b); @@ -84,7 +89,6 @@ void OPENSSL_LH_free(OPENSSL_LHASH *lh) n = nn; } } - CRYPTO_THREAD_lock_free(lh->retrieve_stats_lock); OPENSSL_free(lh->b); OPENSSL_free(lh); } @@ -104,7 +108,7 @@ void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data) if (*rn == NULL) { if ((nn = OPENSSL_malloc(sizeof(*nn))) == NULL) { lh->error++; - return (NULL); + return NULL; } nn->data = data; nn->next = NULL; @@ -114,12 +118,11 @@ void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data) lh->num_insert++; lh->num_items++; } else { /* replace same key */ - ret = (*rn)->data; (*rn)->data = data; lh->num_replace++; } - return (ret); + return ret; } void *OPENSSL_LH_delete(OPENSSL_LHASH *lh, const void *data) @@ -133,7 +136,7 @@ void *OPENSSL_LH_delete(OPENSSL_LHASH *lh, const void *data) if (*rn == NULL) { lh->num_no_delete++; - return (NULL); + return NULL; } else { nn = *rn; *rn = nn->next; @@ -147,7 +150,7 @@ void *OPENSSL_LH_delete(OPENSSL_LHASH *lh, const void *data) (lh->down_load >= (lh->num_items * LH_LOAD_MULT / lh->num_nodes))) contract(lh); - return (ret); + return ret; } void *OPENSSL_LH_retrieve(OPENSSL_LHASH *lh, const void *data) @@ -155,18 +158,19 @@ void *OPENSSL_LH_retrieve(OPENSSL_LHASH *lh, const void *data) unsigned long hash; OPENSSL_LH_NODE **rn; void *ret; - int scratch; - lh->error = 0; + tsan_store((TSAN_QUALIFIER int *)&lh->error, 0); + rn = getrn(lh, data, &hash); if (*rn == NULL) { - CRYPTO_atomic_add(&lh->num_retrieve_miss, 1, &scratch, lh->retrieve_stats_lock); + tsan_counter(&lh->num_retrieve_miss); return NULL; } else { ret = (*rn)->data; - CRYPTO_atomic_add(&lh->num_retrieve, 1, &scratch, lh->retrieve_stats_lock); + tsan_counter(&lh->num_retrieve); } + return ret; } @@ -294,10 +298,9 @@ static OPENSSL_LH_NODE **getrn(OPENSSL_LHASH *lh, OPENSSL_LH_NODE **ret, *n1; unsigned long hash, nn; OPENSSL_LH_COMPFUNC cf; - int scratch; hash = (*(lh->hash)) (data); - CRYPTO_atomic_add(&lh->num_hash_calls, 1, &scratch, lh->retrieve_stats_lock); + tsan_counter(&lh->num_hash_calls); *rhash = hash; nn = hash % lh->pmax; @@ -307,17 +310,17 @@ static OPENSSL_LH_NODE **getrn(OPENSSL_LHASH *lh, cf = lh->comp; ret = &(lh->b[(int)nn]); for (n1 = *ret; n1 != NULL; n1 = n1->next) { - CRYPTO_atomic_add(&lh->num_hash_comps, 1, &scratch, lh->retrieve_stats_lock); + tsan_counter(&lh->num_hash_comps); if (n1->hash != hash) { ret = &(n1->next); continue; } - CRYPTO_atomic_add(&lh->num_comp_calls, 1, &scratch, lh->retrieve_stats_lock); + tsan_counter(&lh->num_comp_calls); if (cf(n1->data, data) == 0) break; ret = &(n1->next); } - return (ret); + return ret; } /* @@ -333,12 +336,7 @@ unsigned long OPENSSL_LH_strhash(const char *c) int r; if ((c == NULL) || (*c == '\0')) - return (ret); -/*- - unsigned char b[16]; - MD5(c,strlen(c),b); - return(b[0]|(b[1]<<8)|(b[2]<<16)|(b[3]<<24)); -*/ + return ret; n = 0x100; while (*c) { @@ -350,7 +348,7 @@ unsigned long OPENSSL_LH_strhash(const char *c) ret ^= v * v; c++; } - return ((ret >> 16) ^ ret); + return (ret >> 16) ^ ret; } unsigned long openssl_lh_strcasehash(const char *c) @@ -364,7 +362,7 @@ unsigned long openssl_lh_strcasehash(const char *c) return ret; for (n = 0x100; *c != '\0'; n += 0x100) { - v = n | tolower(*c); + v = n | ossl_tolower(*c); r = (int)((v >> 2) ^ v) & 0x0f; ret = (ret << r) | (ret >> (32 - r)); ret &= 0xFFFFFFFFL; diff --git a/deps/openssl/openssl/crypto/lhash/lhash_lcl.h b/deps/openssl/openssl/crypto/lhash/lhash_lcl.h index 01d463fb3637ef..678224acd5d5ef 100644 --- a/deps/openssl/openssl/crypto/lhash/lhash_lcl.h +++ b/deps/openssl/openssl/crypto/lhash/lhash_lcl.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,6 +8,8 @@ */ #include +#include "internal/tsan_assist.h" + struct lhash_node_st { void *data; struct lhash_node_st *next; @@ -18,13 +20,6 @@ struct lhash_st { OPENSSL_LH_NODE **b; OPENSSL_LH_COMPFUNC comp; OPENSSL_LH_HASHFUNC hash; - /* - * some stats are updated on lookup, which callers aren't expecting to have - * to take an exclusive lock around. This lock protects them on platforms - * without atomics, and their types are int rather than unsigned long below - * so they can be adjusted with CRYPTO_atomic_add. - */ - CRYPTO_RWLOCK *retrieve_stats_lock; unsigned int num_nodes; unsigned int num_alloc_nodes; unsigned int p; @@ -36,14 +31,14 @@ struct lhash_st { unsigned long num_expand_reallocs; unsigned long num_contracts; unsigned long num_contract_reallocs; - int num_hash_calls; - int num_comp_calls; + TSAN_QUALIFIER unsigned long num_hash_calls; + TSAN_QUALIFIER unsigned long num_comp_calls; unsigned long num_insert; unsigned long num_replace; unsigned long num_delete; unsigned long num_no_delete; - int num_retrieve; - int num_retrieve_miss; - int num_hash_comps; + TSAN_QUALIFIER unsigned long num_retrieve; + TSAN_QUALIFIER unsigned long num_retrieve_miss; + TSAN_QUALIFIER unsigned long num_hash_comps; int error; }; diff --git a/deps/openssl/openssl/crypto/lhash/num.pl b/deps/openssl/openssl/crypto/lhash/num.pl deleted file mode 100644 index 8a8c42c8a03081..00000000000000 --- a/deps/openssl/openssl/crypto/lhash/num.pl +++ /dev/null @@ -1,23 +0,0 @@ -#! /usr/bin/env perl -# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the OpenSSL license (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -#node 10 -> 4 - -while (<>) - { - next unless /^node/; - s|\R$||; # Better chomp - @a=split; - $num{$a[3]}++; - } - -@a=sort {$a <=> $b } keys %num; -foreach (0 .. $a[$#a]) - { - printf "%4d:%4d\n",$_,$num{$_}; - } diff --git a/deps/openssl/openssl/crypto/md2/md2_dgst.c b/deps/openssl/openssl/crypto/md2/md2_dgst.c index ff062fd4727309..faa9393f2e46f5 100644 --- a/deps/openssl/openssl/crypto/md2/md2_dgst.c +++ b/deps/openssl/openssl/crypto/md2/md2_dgst.c @@ -63,9 +63,9 @@ static const MD2_INT S[256] = { const char *MD2_options(void) { if (sizeof(MD2_INT) == 1) - return ("md2(char)"); + return "md2(char)"; else - return ("md2(int)"); + return "md2(int)"; } int MD2_Init(MD2_CTX *c) diff --git a/deps/openssl/openssl/crypto/md2/md2_one.c b/deps/openssl/openssl/crypto/md2/md2_one.c index 460f96e475a54e..5502b21696d470 100644 --- a/deps/openssl/openssl/crypto/md2/md2_one.c +++ b/deps/openssl/openssl/crypto/md2/md2_one.c @@ -43,5 +43,5 @@ unsigned char *MD2(const unsigned char *d, size_t n, unsigned char *md) #endif MD2_Final(md, &c); OPENSSL_cleanse(&c, sizeof(c)); /* Security consideration */ - return (md); + return md; } diff --git a/deps/openssl/openssl/crypto/md4/md4_locl.h b/deps/openssl/openssl/crypto/md4/md4_locl.h index 6aec556266607f..a6c4003fdbc295 100644 --- a/deps/openssl/openssl/crypto/md4/md4_locl.h +++ b/deps/openssl/openssl/crypto/md4/md4_locl.h @@ -39,9 +39,9 @@ void md4_block_data_order(MD4_CTX *c, const void *p, size_t num); */ /* - * As pointed out by Wei Dai , the above can be simplified - * to the code below. Wei attributes these optimizations to Peter Gutmann's - * SHS code, and he attributes it to Rich Schroeppel. + * As pointed out by Wei Dai, the above can be simplified to the code + * below. Wei attributes these optimizations to Peter Gutmann's SHS code, + * and he attributes it to Rich Schroeppel. */ #define F(b,c,d) ((((c) ^ (d)) & (b)) ^ (d)) #define G(b,c,d) (((b) & (c)) | ((b) & (d)) | ((c) & (d))) diff --git a/deps/openssl/openssl/crypto/md4/md4_one.c b/deps/openssl/openssl/crypto/md4/md4_one.c index 9f0989fad6af65..9e52303c2fca85 100644 --- a/deps/openssl/openssl/crypto/md4/md4_one.c +++ b/deps/openssl/openssl/crypto/md4/md4_one.c @@ -43,5 +43,5 @@ unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md) #endif MD4_Final(md, &c); OPENSSL_cleanse(&c, sizeof(c)); /* security consideration */ - return (md); + return md; } diff --git a/deps/openssl/openssl/crypto/md5/asm/md5-586.pl b/deps/openssl/openssl/crypto/md5/asm/md5-586.pl index 24f68af546acb7..15e14864d1950d 100644 --- a/deps/openssl/openssl/crypto/md5/asm/md5-586.pl +++ b/deps/openssl/openssl/crypto/md5/asm/md5-586.pl @@ -21,7 +21,7 @@ $output=pop; open STDOUT,">$output"; -&asm_init($ARGV[0],$0); +&asm_init($ARGV[0]); $A="eax"; $B="ebx"; @@ -57,7 +57,7 @@ sub R0 local($pos,$a,$b,$c,$d,$K,$ki,$s,$t)=@_; &mov($tmp1,$C) if $pos < 0; - &mov($tmp2,&DWP($xo[$ki]*4,$K,"",0)) if $pos < 0; # very first one + &mov($tmp2,&DWP($xo[$ki]*4,$K,"",0)) if $pos < 0; # very first one # body proper diff --git a/deps/openssl/openssl/crypto/md5/asm/md5-ia64.S b/deps/openssl/openssl/crypto/md5/asm/md5-ia64.S deleted file mode 100644 index c20467b47b12e5..00000000000000 --- a/deps/openssl/openssl/crypto/md5/asm/md5-ia64.S +++ /dev/null @@ -1,1002 +0,0 @@ -/* - * - * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* Copyright (c) 2005 Hewlett-Packard Development Company, L.P. - -Permission is hereby granted, free of charge, to any person obtaining -a copy of this software and associated documentation files (the -"Software"), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to -permit persons to whom the Software is furnished to do so, subject to -the following conditions: - -The above copyright notice and this permission notice shall be -included in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE -LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION -OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION -WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ - -// Common registers are assigned as follows: -// -// COMMON -// -// t0 Const Tbl Ptr TPtr -// t1 Round Constant TRound -// t4 Block residual LenResid -// t5 Residual Data DTmp -// -// {in,out}0 Block 0 Cycle RotateM0 -// {in,out}1 Block Value 12 M12 -// {in,out}2 Block Value 8 M8 -// {in,out}3 Block Value 4 M4 -// {in,out}4 Block Value 0 M0 -// {in,out}5 Block 1 Cycle RotateM1 -// {in,out}6 Block Value 13 M13 -// {in,out}7 Block Value 9 M9 -// {in,out}8 Block Value 5 M5 -// {in,out}9 Block Value 1 M1 -// {in,out}10 Block 2 Cycle RotateM2 -// {in,out}11 Block Value 14 M14 -// {in,out}12 Block Value 10 M10 -// {in,out}13 Block Value 6 M6 -// {in,out}14 Block Value 2 M2 -// {in,out}15 Block 3 Cycle RotateM3 -// {in,out}16 Block Value 15 M15 -// {in,out}17 Block Value 11 M11 -// {in,out}18 Block Value 7 M7 -// {in,out}19 Block Value 3 M3 -// {in,out}20 Scratch Z -// {in,out}21 Scratch Y -// {in,out}22 Scratch X -// {in,out}23 Scratch W -// {in,out}24 Digest A A -// {in,out}25 Digest B B -// {in,out}26 Digest C C -// {in,out}27 Digest D D -// {in,out}28 Active Data Ptr DPtr -// in28 Dummy Value - -// out28 Dummy Value - -// bt0 Coroutine Link QUICK_RTN -// -/// These predicates are used for computing the padding block(s) and -/// are shared between the driver and digest co-routines -// -// pt0 Extra Pad Block pExtra -// pt1 Load next word pLoad -// pt2 Skip next word pSkip -// pt3 Search for Pad pNoPad -// pt4 Pad Word 0 pPad0 -// pt5 Pad Word 1 pPad1 -// pt6 Pad Word 2 pPad2 -// pt7 Pad Word 3 pPad3 - -#define DTmp r19 -#define LenResid r18 -#define QUICK_RTN b6 -#define TPtr r14 -#define TRound r15 -#define pExtra p6 -#define pLoad p7 -#define pNoPad p9 -#define pPad0 p10 -#define pPad1 p11 -#define pPad2 p12 -#define pPad3 p13 -#define pSkip p8 - -#define A_ out24 -#define B_ out25 -#define C_ out26 -#define D_ out27 -#define DPtr_ out28 -#define M0_ out4 -#define M1_ out9 -#define M10_ out12 -#define M11_ out17 -#define M12_ out1 -#define M13_ out6 -#define M14_ out11 -#define M15_ out16 -#define M2_ out14 -#define M3_ out19 -#define M4_ out3 -#define M5_ out8 -#define M6_ out13 -#define M7_ out18 -#define M8_ out2 -#define M9_ out7 -#define RotateM0_ out0 -#define RotateM1_ out5 -#define RotateM2_ out10 -#define RotateM3_ out15 -#define W_ out23 -#define X_ out22 -#define Y_ out21 -#define Z_ out20 - -#define A in24 -#define B in25 -#define C in26 -#define D in27 -#define DPtr in28 -#define M0 in4 -#define M1 in9 -#define M10 in12 -#define M11 in17 -#define M12 in1 -#define M13 in6 -#define M14 in11 -#define M15 in16 -#define M2 in14 -#define M3 in19 -#define M4 in3 -#define M5 in8 -#define M6 in13 -#define M7 in18 -#define M8 in2 -#define M9 in7 -#define RotateM0 in0 -#define RotateM1 in5 -#define RotateM2 in10 -#define RotateM3 in15 -#define W in23 -#define X in22 -#define Y in21 -#define Z in20 - -/* register stack configuration for md5_block_asm_data_order(): */ -#define MD5_NINP 3 -#define MD5_NLOC 0 -#define MD5_NOUT 29 -#define MD5_NROT 0 - -/* register stack configuration for helpers: */ -#define _NINPUTS MD5_NOUT -#define _NLOCALS 0 -#define _NOUTPUT 0 -#define _NROTATE 24 /* this must be <= _NINPUTS */ - -#if defined(_HPUX_SOURCE) && !defined(_LP64) -#define ADDP addp4 -#else -#define ADDP add -#endif - -#if defined(_HPUX_SOURCE) || defined(B_ENDIAN) -#define HOST_IS_BIG_ENDIAN -#endif - -// Macros for getting the left and right portions of little-endian words - -#define GETLW(dst, src, align) dep.z dst = src, 32 - 8 * align, 8 * align -#define GETRW(dst, src, align) extr.u dst = src, 8 * align, 32 - 8 * align - -// MD5 driver -// -// Reads an input block, then calls the digest block -// subroutine and adds the results to the accumulated -// digest. It allocates 32 outs which the subroutine -// uses as it's inputs and rotating -// registers. Initializes the round constant pointer and -// takes care of saving/restoring ar.lc -// -/// INPUT -// -// in0 Context Ptr CtxPtr0 -// in1 Input Data Ptr DPtrIn -// in2 Integral Blocks BlockCount -// rp Return Address - -// -/// CODE -// -// v2 Input Align InAlign -// t0 Shared w/digest - -// t1 Shared w/digest - -// t2 Shared w/digest - -// t3 Shared w/digest - -// t4 Shared w/digest - -// t5 Shared w/digest - -// t6 PFS Save PFSSave -// t7 ar.lc Save LCSave -// t8 Saved PR PRSave -// t9 2nd CtxPtr CtxPtr1 -// t10 Table Base CTable -// t11 Table[0] CTable0 -// t13 Accumulator A AccumA -// t14 Accumulator B AccumB -// t15 Accumulator C AccumC -// t16 Accumulator D AccumD -// pt0 Shared w/digest - -// pt1 Shared w/digest - -// pt2 Shared w/digest - -// pt3 Shared w/digest - -// pt4 Shared w/digest - -// pt5 Shared w/digest - -// pt6 Shared w/digest - -// pt7 Shared w/digest - -// pt8 Not Aligned pOff -// pt8 Blocks Left pAgain - -#define AccumA r27 -#define AccumB r28 -#define AccumC r29 -#define AccumD r30 -#define CTable r24 -#define CTable0 r25 -#define CtxPtr0 in0 -#define CtxPtr1 r23 -#define DPtrIn in1 -#define BlockCount in2 -#define InAlign r10 -#define LCSave r21 -#define PFSSave r20 -#define PRSave r22 -#define pAgain p63 -#define pOff p63 - - .text - -/* md5_block_asm_data_order(MD5_CTX *c, const void *data, size_t num) - - where: - c: a pointer to a structure of this type: - - typedef struct MD5state_st - { - MD5_LONG A,B,C,D; - MD5_LONG Nl,Nh; - MD5_LONG data[MD5_LBLOCK]; - unsigned int num; - } - MD5_CTX; - - data: a pointer to the input data (may be misaligned) - num: the number of 16-byte blocks to hash (i.e., the length - of DATA is 16*NUM. - - */ - - .type md5_block_asm_data_order, @function - .global md5_block_asm_data_order - .align 32 - .proc md5_block_asm_data_order -md5_block_asm_data_order: -.md5_block: - .prologue -{ .mmi - .save ar.pfs, PFSSave - alloc PFSSave = ar.pfs, MD5_NINP, MD5_NLOC, MD5_NOUT, MD5_NROT - ADDP CtxPtr1 = 8, CtxPtr0 - mov CTable = ip -} -{ .mmi - ADDP DPtrIn = 0, DPtrIn - ADDP CtxPtr0 = 0, CtxPtr0 - .save ar.lc, LCSave - mov LCSave = ar.lc -} -;; -{ .mmi - add CTable = .md5_tbl_data_order#-.md5_block#, CTable - and InAlign = 0x3, DPtrIn -} - -{ .mmi - ld4 AccumA = [CtxPtr0], 4 - ld4 AccumC = [CtxPtr1], 4 - .save pr, PRSave - mov PRSave = pr - .body -} -;; -{ .mmi - ld4 AccumB = [CtxPtr0] - ld4 AccumD = [CtxPtr1] - dep DPtr_ = 0, DPtrIn, 0, 2 -} ;; -#ifdef HOST_IS_BIG_ENDIAN - rum psr.be;; // switch to little-endian -#endif -{ .mmb - ld4 CTable0 = [CTable], 4 - cmp.ne pOff, p0 = 0, InAlign -(pOff) br.cond.spnt.many .md5_unaligned -} ;; - -// The FF load/compute loop rotates values three times, so that -// loading into M12 here produces the M0 value, M13 -> M1, etc. - -.md5_block_loop0: -{ .mmi - ld4 M12_ = [DPtr_], 4 - mov TPtr = CTable - mov TRound = CTable0 -} ;; -{ .mmi - ld4 M13_ = [DPtr_], 4 - mov A_ = AccumA - mov B_ = AccumB -} ;; -{ .mmi - ld4 M14_ = [DPtr_], 4 - mov C_ = AccumC - mov D_ = AccumD -} ;; -{ .mmb - ld4 M15_ = [DPtr_], 4 - add BlockCount = -1, BlockCount - br.call.sptk.many QUICK_RTN = md5_digest_block0 -} ;; - -// Now, we add the new digest values and do some clean-up -// before checking if there's another full block to process - -{ .mmi - add AccumA = AccumA, A_ - add AccumB = AccumB, B_ - cmp.ne pAgain, p0 = 0, BlockCount -} -{ .mib - add AccumC = AccumC, C_ - add AccumD = AccumD, D_ -(pAgain) br.cond.dptk.many .md5_block_loop0 -} ;; - -.md5_exit: -#ifdef HOST_IS_BIG_ENDIAN - sum psr.be;; // switch back to big-endian mode -#endif -{ .mmi - st4 [CtxPtr0] = AccumB, -4 - st4 [CtxPtr1] = AccumD, -4 - mov pr = PRSave, 0x1ffff ;; -} -{ .mmi - st4 [CtxPtr0] = AccumA - st4 [CtxPtr1] = AccumC - mov ar.lc = LCSave -} ;; -{ .mib - mov ar.pfs = PFSSave - br.ret.sptk.few rp -} ;; - -#define MD5UNALIGNED(offset) \ -.md5_process##offset: \ -{ .mib ; \ - nop 0x0 ; \ - GETRW(DTmp, DTmp, offset) ; \ -} ;; \ -.md5_block_loop##offset: \ -{ .mmi ; \ - ld4 Y_ = [DPtr_], 4 ; \ - mov TPtr = CTable ; \ - mov TRound = CTable0 ; \ -} ;; \ -{ .mmi ; \ - ld4 M13_ = [DPtr_], 4 ; \ - mov A_ = AccumA ; \ - mov B_ = AccumB ; \ -} ;; \ -{ .mii ; \ - ld4 M14_ = [DPtr_], 4 ; \ - GETLW(W_, Y_, offset) ; \ - mov C_ = AccumC ; \ -} \ -{ .mmi ; \ - mov D_ = AccumD ;; \ - or M12_ = W_, DTmp ; \ - GETRW(DTmp, Y_, offset) ; \ -} \ -{ .mib ; \ - ld4 M15_ = [DPtr_], 4 ; \ - add BlockCount = -1, BlockCount ; \ - br.call.sptk.many QUICK_RTN = md5_digest_block##offset; \ -} ;; \ -{ .mmi ; \ - add AccumA = AccumA, A_ ; \ - add AccumB = AccumB, B_ ; \ - cmp.ne pAgain, p0 = 0, BlockCount ; \ -} \ -{ .mib ; \ - add AccumC = AccumC, C_ ; \ - add AccumD = AccumD, D_ ; \ -(pAgain) br.cond.dptk.many .md5_block_loop##offset ; \ -} ;; \ -{ .mib ; \ - nop 0x0 ; \ - nop 0x0 ; \ - br.cond.sptk.many .md5_exit ; \ -} ;; - - .align 32 -.md5_unaligned: -// -// Because variable shifts are expensive, we special case each of -// the four alignements. In practice, this won't hurt too much -// since only one working set of code will be loaded. -// -{ .mib - ld4 DTmp = [DPtr_], 4 - cmp.eq pOff, p0 = 1, InAlign -(pOff) br.cond.dpnt.many .md5_process1 -} ;; -{ .mib - cmp.eq pOff, p0 = 2, InAlign - nop 0x0 -(pOff) br.cond.dpnt.many .md5_process2 -} ;; - MD5UNALIGNED(3) - MD5UNALIGNED(1) - MD5UNALIGNED(2) - - .endp md5_block_asm_data_order - - -// MD5 Perform the F function and load -// -// Passed the first 4 words (M0 - M3) and initial (A, B, C, D) values, -// computes the FF() round of functions, then branches to the common -// digest code to finish up with GG(), HH, and II(). -// -// INPUT -// -// rp Return Address - -// -// CODE -// -// v0 PFS bit bucket PFS -// v1 Loop Trip Count LTrip -// pt0 Load next word pMore - -/* For F round: */ -#define LTrip r9 -#define PFS r8 -#define pMore p6 - -/* For GHI rounds: */ -#define T r9 -#define U r10 -#define V r11 - -#define COMPUTE(a, b, s, M, R) \ -{ \ - .mii ; \ - ld4 TRound = [TPtr], 4 ; \ - dep.z Y = Z, 32, 32 ;; \ - shrp Z = Z, Y, 64 - s ; \ -} ;; \ -{ \ - .mmi ; \ - add a = Z, b ; \ - mov R = M ; \ - nop 0x0 ; \ -} ;; - -#define LOOP(a, b, s, M, R, label) \ -{ .mii ; \ - ld4 TRound = [TPtr], 4 ; \ - dep.z Y = Z, 32, 32 ;; \ - shrp Z = Z, Y, 64 - s ; \ -} ;; \ -{ .mib ; \ - add a = Z, b ; \ - mov R = M ; \ - br.ctop.sptk.many label ; \ -} ;; - -// G(B, C, D) = (B & D) | (C & ~D) - -#define G(a, b, c, d, M) \ -{ .mmi ; \ - add Z = M, TRound ; \ - and Y = b, d ; \ - andcm X = c, d ; \ -} ;; \ -{ .mii ; \ - add Z = Z, a ; \ - or Y = Y, X ;; \ - add Z = Z, Y ; \ -} ;; - -// H(B, C, D) = B ^ C ^ D - -#define H(a, b, c, d, M) \ -{ .mmi ; \ - add Z = M, TRound ; \ - xor Y = b, c ; \ - nop 0x0 ; \ -} ;; \ -{ .mii ; \ - add Z = Z, a ; \ - xor Y = Y, d ;; \ - add Z = Z, Y ; \ -} ;; - -// I(B, C, D) = C ^ (B | ~D) -// -// However, since we have an andcm operator, we use the fact that -// -// Y ^ Z == ~Y ^ ~Z -// -// to rewrite the expression as -// -// I(B, C, D) = ~C ^ (~B & D) - -#define I(a, b, c, d, M) \ -{ .mmi ; \ - add Z = M, TRound ; \ - andcm Y = d, b ; \ - andcm X = -1, c ; \ -} ;; \ -{ .mii ; \ - add Z = Z, a ; \ - xor Y = Y, X ;; \ - add Z = Z, Y ; \ -} ;; - -#define GG4(label) \ - G(A, B, C, D, M0) \ - COMPUTE(A, B, 5, M0, RotateM0) \ - G(D, A, B, C, M1) \ - COMPUTE(D, A, 9, M1, RotateM1) \ - G(C, D, A, B, M2) \ - COMPUTE(C, D, 14, M2, RotateM2) \ - G(B, C, D, A, M3) \ - LOOP(B, C, 20, M3, RotateM3, label) - -#define HH4(label) \ - H(A, B, C, D, M0) \ - COMPUTE(A, B, 4, M0, RotateM0) \ - H(D, A, B, C, M1) \ - COMPUTE(D, A, 11, M1, RotateM1) \ - H(C, D, A, B, M2) \ - COMPUTE(C, D, 16, M2, RotateM2) \ - H(B, C, D, A, M3) \ - LOOP(B, C, 23, M3, RotateM3, label) - -#define II4(label) \ - I(A, B, C, D, M0) \ - COMPUTE(A, B, 6, M0, RotateM0) \ - I(D, A, B, C, M1) \ - COMPUTE(D, A, 10, M1, RotateM1) \ - I(C, D, A, B, M2) \ - COMPUTE(C, D, 15, M2, RotateM2) \ - I(B, C, D, A, M3) \ - LOOP(B, C, 21, M3, RotateM3, label) - -#define FFLOAD(a, b, c, d, M, N, s) \ -{ .mii ; \ -(pMore) ld4 N = [DPtr], 4 ; \ - add Z = M, TRound ; \ - and Y = c, b ; \ -} \ -{ .mmi ; \ - andcm X = d, b ;; \ - add Z = Z, a ; \ - or Y = Y, X ; \ -} ;; \ -{ .mii ; \ - ld4 TRound = [TPtr], 4 ; \ - add Z = Z, Y ;; \ - dep.z Y = Z, 32, 32 ; \ -} ;; \ -{ .mii ; \ - nop 0x0 ; \ - shrp Z = Z, Y, 64 - s ;; \ - add a = Z, b ; \ -} ;; - -#define FFLOOP(a, b, c, d, M, N, s, dest) \ -{ .mii ; \ -(pMore) ld4 N = [DPtr], 4 ; \ - add Z = M, TRound ; \ - and Y = c, b ; \ -} \ -{ .mmi ; \ - andcm X = d, b ;; \ - add Z = Z, a ; \ - or Y = Y, X ; \ -} ;; \ -{ .mii ; \ - ld4 TRound = [TPtr], 4 ; \ - add Z = Z, Y ;; \ - dep.z Y = Z, 32, 32 ; \ -} ;; \ -{ .mii ; \ - nop 0x0 ; \ - shrp Z = Z, Y, 64 - s ;; \ - add a = Z, b ; \ -} \ -{ .mib ; \ - cmp.ne pMore, p0 = 0, LTrip ; \ - add LTrip = -1, LTrip ; \ - br.ctop.dptk.many dest ; \ -} ;; - - .type md5_digest_block0, @function - .align 32 - - .proc md5_digest_block0 - .prologue -md5_digest_block0: - .altrp QUICK_RTN - .body -{ .mmi - alloc PFS = ar.pfs, _NINPUTS, _NLOCALS, _NOUTPUT, _NROTATE - mov LTrip = 2 - mov ar.lc = 3 -} ;; -{ .mii - cmp.eq pMore, p0 = r0, r0 - mov ar.ec = 0 - nop 0x0 -} ;; - -.md5_FF_round0: - FFLOAD(A, B, C, D, M12, RotateM0, 7) - FFLOAD(D, A, B, C, M13, RotateM1, 12) - FFLOAD(C, D, A, B, M14, RotateM2, 17) - FFLOOP(B, C, D, A, M15, RotateM3, 22, .md5_FF_round0) - // - // !!! Fall through to md5_digest_GHI - // - .endp md5_digest_block0 - - .type md5_digest_GHI, @function - .align 32 - - .proc md5_digest_GHI - .prologue - .regstk _NINPUTS, _NLOCALS, _NOUTPUT, _NROTATE -md5_digest_GHI: - .altrp QUICK_RTN - .body -// -// The following sequence shuffles the block counstants round for the -// next round: -// -// 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 -// 1 6 11 0 5 10 14 4 9 14 3 8 13 2 7 12 -// -{ .mmi - mov Z = M0 - mov Y = M15 - mov ar.lc = 3 -} -{ .mmi - mov X = M2 - mov W = M9 - mov V = M4 -} ;; - -{ .mmi - mov M0 = M1 - mov M15 = M12 - mov ar.ec = 1 -} -{ .mmi - mov M2 = M11 - mov M9 = M14 - mov M4 = M5 -} ;; - -{ .mmi - mov M1 = M6 - mov M12 = M13 - mov U = M3 -} -{ .mmi - mov M11 = M8 - mov M14 = M7 - mov M5 = M10 -} ;; - -{ .mmi - mov M6 = Y - mov M13 = X - mov M3 = Z -} -{ .mmi - mov M8 = W - mov M7 = V - mov M10 = U -} ;; - -.md5_GG_round: - GG4(.md5_GG_round) - -// The following sequence shuffles the block constants round for the -// next round: -// -// 1 6 11 0 5 10 14 4 9 14 3 8 13 2 7 12 -// 5 8 11 14 1 4 7 10 13 0 3 6 9 12 15 2 - -{ .mmi - mov Z = M0 - mov Y = M1 - mov ar.lc = 3 -} -{ .mmi - mov X = M3 - mov W = M5 - mov V = M6 -} ;; - -{ .mmi - mov M0 = M4 - mov M1 = M11 - mov ar.ec = 1 -} -{ .mmi - mov M3 = M9 - mov U = M8 - mov T = M13 -} ;; - -{ .mmi - mov M4 = Z - mov M11 = Y - mov M5 = M7 -} -{ .mmi - mov M6 = M14 - mov M8 = M12 - mov M13 = M15 -} ;; - -{ .mmi - mov M7 = W - mov M14 = V - nop 0x0 -} -{ .mmi - mov M9 = X - mov M12 = U - mov M15 = T -} ;; - -.md5_HH_round: - HH4(.md5_HH_round) - -// The following sequence shuffles the block constants round for the -// next round: -// -// 5 8 11 14 1 4 7 10 13 0 3 6 9 12 15 2 -// 0 7 14 5 12 3 10 1 8 15 6 13 4 11 2 9 - -{ .mmi - mov Z = M0 - mov Y = M15 - mov ar.lc = 3 -} -{ .mmi - mov X = M10 - mov W = M1 - mov V = M4 -} ;; - -{ .mmi - mov M0 = M9 - mov M15 = M12 - mov ar.ec = 1 -} -{ .mmi - mov M10 = M11 - mov M1 = M6 - mov M4 = M13 -} ;; - -{ .mmi - mov M9 = M14 - mov M12 = M5 - mov U = M3 -} -{ .mmi - mov M11 = M8 - mov M6 = M7 - mov M13 = M2 -} ;; - -{ .mmi - mov M14 = Y - mov M5 = X - mov M3 = Z -} -{ .mmi - mov M8 = W - mov M7 = V - mov M2 = U -} ;; - -.md5_II_round: - II4(.md5_II_round) - -{ .mib - nop 0x0 - nop 0x0 - br.ret.sptk.many QUICK_RTN -} ;; - - .endp md5_digest_GHI - -#define FFLOADU(a, b, c, d, M, P, N, s, offset) \ -{ .mii ; \ -(pMore) ld4 N = [DPtr], 4 ; \ - add Z = M, TRound ; \ - and Y = c, b ; \ -} \ -{ .mmi ; \ - andcm X = d, b ;; \ - add Z = Z, a ; \ - or Y = Y, X ; \ -} ;; \ -{ .mii ; \ - ld4 TRound = [TPtr], 4 ; \ - GETLW(W, P, offset) ; \ - add Z = Z, Y ; \ -} ;; \ -{ .mii ; \ - or W = W, DTmp ; \ - dep.z Y = Z, 32, 32 ;; \ - shrp Z = Z, Y, 64 - s ; \ -} ;; \ -{ .mii ; \ - add a = Z, b ; \ - GETRW(DTmp, P, offset) ; \ - mov P = W ; \ -} ;; - -#define FFLOOPU(a, b, c, d, M, P, N, s, offset) \ -{ .mii ; \ -(pMore) ld4 N = [DPtr], 4 ; \ - add Z = M, TRound ; \ - and Y = c, b ; \ -} \ -{ .mmi ; \ - andcm X = d, b ;; \ - add Z = Z, a ; \ - or Y = Y, X ; \ -} ;; \ -{ .mii ; \ - ld4 TRound = [TPtr], 4 ; \ -(pMore) GETLW(W, P, offset) ; \ - add Z = Z, Y ; \ -} ;; \ -{ .mii ; \ -(pMore) or W = W, DTmp ; \ - dep.z Y = Z, 32, 32 ;; \ - shrp Z = Z, Y, 64 - s ; \ -} ;; \ -{ .mii ; \ - add a = Z, b ; \ -(pMore) GETRW(DTmp, P, offset) ; \ -(pMore) mov P = W ; \ -} \ -{ .mib ; \ - cmp.ne pMore, p0 = 0, LTrip ; \ - add LTrip = -1, LTrip ; \ - br.ctop.sptk.many .md5_FF_round##offset ; \ -} ;; - -#define MD5FBLOCK(offset) \ - .type md5_digest_block##offset, @function ; \ - \ - .align 32 ; \ - .proc md5_digest_block##offset ; \ - .prologue ; \ - .altrp QUICK_RTN ; \ - .body ; \ -md5_digest_block##offset: \ -{ .mmi ; \ - alloc PFS = ar.pfs, _NINPUTS, _NLOCALS, _NOUTPUT, _NROTATE ; \ - mov LTrip = 2 ; \ - mov ar.lc = 3 ; \ -} ;; \ -{ .mii ; \ - cmp.eq pMore, p0 = r0, r0 ; \ - mov ar.ec = 0 ; \ - nop 0x0 ; \ -} ;; \ - \ - .pred.rel "mutex", pLoad, pSkip ; \ -.md5_FF_round##offset: \ - FFLOADU(A, B, C, D, M12, M13, RotateM0, 7, offset) \ - FFLOADU(D, A, B, C, M13, M14, RotateM1, 12, offset) \ - FFLOADU(C, D, A, B, M14, M15, RotateM2, 17, offset) \ - FFLOOPU(B, C, D, A, M15, RotateM0, RotateM3, 22, offset) \ - \ -{ .mib ; \ - nop 0x0 ; \ - nop 0x0 ; \ - br.cond.sptk.many md5_digest_GHI ; \ -} ;; \ - .endp md5_digest_block##offset - -MD5FBLOCK(1) -MD5FBLOCK(2) -MD5FBLOCK(3) - - .align 64 - .type md5_constants, @object -md5_constants: -.md5_tbl_data_order: // To ensure little-endian data - // order, code as bytes. - data1 0x78, 0xa4, 0x6a, 0xd7 // 0 - data1 0x56, 0xb7, 0xc7, 0xe8 // 1 - data1 0xdb, 0x70, 0x20, 0x24 // 2 - data1 0xee, 0xce, 0xbd, 0xc1 // 3 - data1 0xaf, 0x0f, 0x7c, 0xf5 // 4 - data1 0x2a, 0xc6, 0x87, 0x47 // 5 - data1 0x13, 0x46, 0x30, 0xa8 // 6 - data1 0x01, 0x95, 0x46, 0xfd // 7 - data1 0xd8, 0x98, 0x80, 0x69 // 8 - data1 0xaf, 0xf7, 0x44, 0x8b // 9 - data1 0xb1, 0x5b, 0xff, 0xff // 10 - data1 0xbe, 0xd7, 0x5c, 0x89 // 11 - data1 0x22, 0x11, 0x90, 0x6b // 12 - data1 0x93, 0x71, 0x98, 0xfd // 13 - data1 0x8e, 0x43, 0x79, 0xa6 // 14 - data1 0x21, 0x08, 0xb4, 0x49 // 15 - data1 0x62, 0x25, 0x1e, 0xf6 // 16 - data1 0x40, 0xb3, 0x40, 0xc0 // 17 - data1 0x51, 0x5a, 0x5e, 0x26 // 18 - data1 0xaa, 0xc7, 0xb6, 0xe9 // 19 - data1 0x5d, 0x10, 0x2f, 0xd6 // 20 - data1 0x53, 0x14, 0x44, 0x02 // 21 - data1 0x81, 0xe6, 0xa1, 0xd8 // 22 - data1 0xc8, 0xfb, 0xd3, 0xe7 // 23 - data1 0xe6, 0xcd, 0xe1, 0x21 // 24 - data1 0xd6, 0x07, 0x37, 0xc3 // 25 - data1 0x87, 0x0d, 0xd5, 0xf4 // 26 - data1 0xed, 0x14, 0x5a, 0x45 // 27 - data1 0x05, 0xe9, 0xe3, 0xa9 // 28 - data1 0xf8, 0xa3, 0xef, 0xfc // 29 - data1 0xd9, 0x02, 0x6f, 0x67 // 30 - data1 0x8a, 0x4c, 0x2a, 0x8d // 31 - data1 0x42, 0x39, 0xfa, 0xff // 32 - data1 0x81, 0xf6, 0x71, 0x87 // 33 - data1 0x22, 0x61, 0x9d, 0x6d // 34 - data1 0x0c, 0x38, 0xe5, 0xfd // 35 - data1 0x44, 0xea, 0xbe, 0xa4 // 36 - data1 0xa9, 0xcf, 0xde, 0x4b // 37 - data1 0x60, 0x4b, 0xbb, 0xf6 // 38 - data1 0x70, 0xbc, 0xbf, 0xbe // 39 - data1 0xc6, 0x7e, 0x9b, 0x28 // 40 - data1 0xfa, 0x27, 0xa1, 0xea // 41 - data1 0x85, 0x30, 0xef, 0xd4 // 42 - data1 0x05, 0x1d, 0x88, 0x04 // 43 - data1 0x39, 0xd0, 0xd4, 0xd9 // 44 - data1 0xe5, 0x99, 0xdb, 0xe6 // 45 - data1 0xf8, 0x7c, 0xa2, 0x1f // 46 - data1 0x65, 0x56, 0xac, 0xc4 // 47 - data1 0x44, 0x22, 0x29, 0xf4 // 48 - data1 0x97, 0xff, 0x2a, 0x43 // 49 - data1 0xa7, 0x23, 0x94, 0xab // 50 - data1 0x39, 0xa0, 0x93, 0xfc // 51 - data1 0xc3, 0x59, 0x5b, 0x65 // 52 - data1 0x92, 0xcc, 0x0c, 0x8f // 53 - data1 0x7d, 0xf4, 0xef, 0xff // 54 - data1 0xd1, 0x5d, 0x84, 0x85 // 55 - data1 0x4f, 0x7e, 0xa8, 0x6f // 56 - data1 0xe0, 0xe6, 0x2c, 0xfe // 57 - data1 0x14, 0x43, 0x01, 0xa3 // 58 - data1 0xa1, 0x11, 0x08, 0x4e // 59 - data1 0x82, 0x7e, 0x53, 0xf7 // 60 - data1 0x35, 0xf2, 0x3a, 0xbd // 61 - data1 0xbb, 0xd2, 0xd7, 0x2a // 62 - data1 0x91, 0xd3, 0x86, 0xeb // 63 -.size md5_constants#,64*4 diff --git a/deps/openssl/openssl/crypto/md5/asm/md5-sparcv9.pl b/deps/openssl/openssl/crypto/md5/asm/md5-sparcv9.pl index 09e6d7139a8b67..6a62c62531899f 100644 --- a/deps/openssl/openssl/crypto/md5/asm/md5-sparcv9.pl +++ b/deps/openssl/openssl/crypto/md5/asm/md5-sparcv9.pl @@ -13,7 +13,7 @@ # CRYPTOGAMS licenses depending on where you obtain it. For further # details see http://www.openssl.org/~appro/cryptogams/. # -# Hardware SPARC T4 support by David S. Miller . +# Hardware SPARC T4 support by David S. Miller. # ==================================================================== # MD5 for SPARCv9, 6.9 cycles per byte on UltraSPARC, >40% faster than @@ -242,7 +242,7 @@ sub R3 { ldd [%o1 + 0x20], %f16 ldd [%o1 + 0x28], %f18 ldd [%o1 + 0x30], %f20 - subcc %o2, 1, %o2 ! done yet? + subcc %o2, 1, %o2 ! done yet? ldd [%o1 + 0x38], %f22 add %o1, 0x40, %o1 prefetch [%o1 + 63], 20 diff --git a/deps/openssl/openssl/crypto/md5/asm/md5-x86_64.pl b/deps/openssl/openssl/crypto/md5/asm/md5-x86_64.pl index 3f656dc0b2b8c7..386d8048ec02b2 100755 --- a/deps/openssl/openssl/crypto/md5/asm/md5-x86_64.pl +++ b/deps/openssl/openssl/crypto/md5/asm/md5-x86_64.pl @@ -140,11 +140,17 @@ sub round4_step .globl md5_block_asm_data_order .type md5_block_asm_data_order,\@function,3 md5_block_asm_data_order: +.cfi_startproc push %rbp +.cfi_push %rbp push %rbx +.cfi_push %rbx push %r12 +.cfi_push %r12 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 .Lprologue: # rdi = arg #1 (ctx, MD5_CTX pointer) @@ -261,13 +267,20 @@ sub round4_step mov %edx, 3*4(%rbp) # ctx->D = D mov (%rsp),%r15 +.cfi_restore %r15 mov 8(%rsp),%r14 +.cfi_restore %r14 mov 16(%rsp),%r12 +.cfi_restore %r12 mov 24(%rsp),%rbx +.cfi_restore %rbx mov 32(%rsp),%rbp +.cfi_restore %rbp add \$40,%rsp +.cfi_adjust_cfa_offset -40 .Lepilogue: ret +.cfi_endproc .size md5_block_asm_data_order,.-md5_block_asm_data_order EOF diff --git a/deps/openssl/openssl/crypto/md5/build.info b/deps/openssl/openssl/crypto/md5/build.info index 38323a3fc216f9..e641fecd0d6e69 100644 --- a/deps/openssl/openssl/crypto/md5/build.info +++ b/deps/openssl/openssl/crypto/md5/build.info @@ -2,21 +2,10 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]=\ md5_dgst.c md5_one.c {- $target{md5_asm_src} -} -GENERATE[md5-586.s]=asm/md5-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) +GENERATE[md5-586.s]=asm/md5-586.pl \ + $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) GENERATE[md5-x86_64.s]=asm/md5-x86_64.pl $(PERLASM_SCHEME) GENERATE[md5-sparcv9.S]=asm/md5-sparcv9.pl $(PERLASM_SCHEME) INCLUDE[md5-sparcv9.o]=.. - -BEGINRAW[makefile(windows)] -{- $builddir -}\md5-ia64.asm: {- $sourcedir -}\asm\md5-ia64.S - $(CC) $(CFLAGS) -EP {- $sourcedir -}\asm\md5-ia64.S > $@.i && move /Y $@.i $@ -ENDRAW[makefile(windows)] - -BEGINRAW[Makefile] -{- $builddir -}/md5-ia64.s: {- $sourcedir -}/asm/md5-ia64.S - $(CC) $(CFLAGS) -E {- $sourcedir -}/asm/md5-ia64.S | \ - $(PERL) -ne 's/;\s+/;\n/g; print;' > $@ - -ENDRAW[Makefile] diff --git a/deps/openssl/openssl/crypto/md5/md5_locl.h b/deps/openssl/openssl/crypto/md5/md5_locl.h index 9c7aade840aa41..4eb7e50ef4d0f0 100644 --- a/deps/openssl/openssl/crypto/md5/md5_locl.h +++ b/deps/openssl/openssl/crypto/md5/md5_locl.h @@ -50,8 +50,8 @@ void md5_block_data_order(MD5_CTX *c, const void *p, size_t num); */ /* - * As pointed out by Wei Dai , the above can be simplified - * to the code below. Wei attributes these optimizations to Peter Gutmann's + * As pointed out by Wei Dai, the above can be simplified to the code + * below. Wei attributes these optimizations to Peter Gutmann's * SHS code, and he attributes it to Rich Schroeppel. */ #define F(b,c,d) ((((c) ^ (d)) & (b)) ^ (d)) diff --git a/deps/openssl/openssl/crypto/md5/md5_one.c b/deps/openssl/openssl/crypto/md5/md5_one.c index becd87e4d6021c..c3bf2f88f0bad5 100644 --- a/deps/openssl/openssl/crypto/md5/md5_one.c +++ b/deps/openssl/openssl/crypto/md5/md5_one.c @@ -43,5 +43,5 @@ unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md) #endif MD5_Final(md, &c); OPENSSL_cleanse(&c, sizeof(c)); /* security consideration */ - return (md); + return md; } diff --git a/deps/openssl/openssl/crypto/mdc2/mdc2_one.c b/deps/openssl/openssl/crypto/mdc2/mdc2_one.c index 472a5ec2e0dbe7..58e1e0fdf6c796 100644 --- a/deps/openssl/openssl/crypto/mdc2/mdc2_one.c +++ b/deps/openssl/openssl/crypto/mdc2/mdc2_one.c @@ -23,5 +23,5 @@ unsigned char *MDC2(const unsigned char *d, size_t n, unsigned char *md) MDC2_Update(&c, d, n); MDC2_Final(md, &c); OPENSSL_cleanse(&c, sizeof(c)); /* security consideration */ - return (md); + return md; } diff --git a/deps/openssl/openssl/crypto/mdc2/mdc2dgst.c b/deps/openssl/openssl/crypto/mdc2/mdc2dgst.c index 37d99f48a5ebca..14233b9aba0837 100644 --- a/deps/openssl/openssl/crypto/mdc2/mdc2dgst.c +++ b/deps/openssl/openssl/crypto/mdc2/mdc2dgst.c @@ -124,24 +124,3 @@ int MDC2_Final(unsigned char *md, MDC2_CTX *c) memcpy(&(md[MDC2_BLOCK]), (char *)c->hh, MDC2_BLOCK); return 1; } - -#undef TEST - -#ifdef TEST -main() -{ - unsigned char md[MDC2_DIGEST_LENGTH]; - int i; - MDC2_CTX c; - static char *text = "Now is the time for all "; - - MDC2_Init(&c); - MDC2_Update(&c, text, strlen(text)); - MDC2_Final(&(md[0]), &c); - - for (i = 0; i < MDC2_DIGEST_LENGTH; i++) - printf("%02X", md[i]); - printf("\n"); -} - -#endif diff --git a/deps/openssl/openssl/crypto/mem.c b/deps/openssl/openssl/crypto/mem.c index 72b04c821467c1..780053ffeff1e2 100644 --- a/deps/openssl/openssl/crypto/mem.c +++ b/deps/openssl/openssl/crypto/mem.c @@ -7,11 +7,16 @@ * https://www.openssl.org/source/license.html */ +#include "e_os.h" +#include "internal/cryptlib.h" +#include "internal/cryptlib_int.h" #include #include #include #include -#include "internal/cryptlib.h" +#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE +# include +#endif /* * the following pointers may be changed as long as 'allow_customize' is set @@ -26,9 +31,30 @@ static void (*free_impl)(void *, const char *, int) = CRYPTO_free; #ifndef OPENSSL_NO_CRYPTO_MDEBUG +# include "internal/tsan_assist.h" + +static TSAN_QUALIFIER int malloc_count; +static TSAN_QUALIFIER int realloc_count; +static TSAN_QUALIFIER int free_count; + +# define INCREMENT(x) tsan_counter(&(x)) + +static char *md_failstring; +static long md_count; +static int md_fail_percent = 0; +static int md_tracefd = -1; static int call_malloc_debug = 1; + +static void parseit(void); +static int shouldfail(void); + +# define FAILTEST() if (shouldfail()) return NULL + #else static int call_malloc_debug = 0; + +# define INCREMENT(x) /* empty */ +# define FAILTEST() /* empty */ #endif int CRYPTO_set_mem_functions( @@ -68,16 +94,113 @@ void CRYPTO_get_mem_functions( *f = free_impl; } +#ifndef OPENSSL_NO_CRYPTO_MDEBUG +void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount) +{ + if (mcount != NULL) + *mcount = tsan_load(&malloc_count); + if (rcount != NULL) + *rcount = tsan_load(&realloc_count); + if (fcount != NULL) + *fcount = tsan_load(&free_count); +} + +/* + * Parse a "malloc failure spec" string. This likes like a set of fields + * separated by semicolons. Each field has a count and an optional failure + * percentage. For example: + * 100@0;100@25;0@0 + * or 100;100@25;0 + * This means 100 mallocs succeed, then next 100 fail 25% of the time, and + * all remaining (count is zero) succeed. + */ +static void parseit(void) +{ + char *semi = strchr(md_failstring, ';'); + char *atsign; + + if (semi != NULL) + *semi++ = '\0'; + + /* Get the count (atol will stop at the @ if there), and percentage */ + md_count = atol(md_failstring); + atsign = strchr(md_failstring, '@'); + md_fail_percent = atsign == NULL ? 0 : atoi(atsign + 1); + + if (semi != NULL) + md_failstring = semi; +} + +/* + * Windows doesn't have random(), but it has rand() + * Some rand() implementations aren't good, but we're not + * dealing with secure randomness here. + */ +# ifdef _WIN32 +# define random() rand() +# endif +/* + * See if the current malloc should fail. + */ +static int shouldfail(void) +{ + int roll = (int)(random() % 100); + int shoulditfail = roll < md_fail_percent; +# ifndef _WIN32 +/* suppressed on Windows as POSIX-like file descriptors are non-inheritable */ + int len; + char buff[80]; + + if (md_tracefd > 0) { + BIO_snprintf(buff, sizeof(buff), + "%c C%ld %%%d R%d\n", + shoulditfail ? '-' : '+', md_count, md_fail_percent, roll); + len = strlen(buff); + if (write(md_tracefd, buff, len) != len) + perror("shouldfail write failed"); +# ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE + if (shoulditfail) { + void *addrs[30]; + int num = backtrace(addrs, OSSL_NELEM(addrs)); + + backtrace_symbols_fd(addrs, num, md_tracefd); + } +# endif + } +# endif + + if (md_count) { + /* If we used up this one, go to the next. */ + if (--md_count == 0) + parseit(); + } + + return shoulditfail; +} + +void ossl_malloc_setup_failures(void) +{ + const char *cp = getenv("OPENSSL_MALLOC_FAILURES"); + + if (cp != NULL && (md_failstring = strdup(cp)) != NULL) + parseit(); + if ((cp = getenv("OPENSSL_MALLOC_FD")) != NULL) + md_tracefd = atoi(cp); +} +#endif + void *CRYPTO_malloc(size_t num, const char *file, int line) { void *ret = NULL; + INCREMENT(malloc_count); if (malloc_impl != NULL && malloc_impl != CRYPTO_malloc) return malloc_impl(num, file, line); if (num == 0) return NULL; + FAILTEST(); if (allow_customize) { /* * Disallow customization after the first allocation. We only set this @@ -95,7 +218,7 @@ void *CRYPTO_malloc(size_t num, const char *file, int line) ret = malloc(num); } #else - osslargused(file); osslargused(line); + (void)(file); (void)(line); ret = malloc(num); #endif @@ -106,6 +229,7 @@ void *CRYPTO_zalloc(size_t num, const char *file, int line) { void *ret = CRYPTO_malloc(num, file, line); + FAILTEST(); if (ret != NULL) memset(ret, 0, num); return ret; @@ -113,9 +237,11 @@ void *CRYPTO_zalloc(size_t num, const char *file, int line) void *CRYPTO_realloc(void *str, size_t num, const char *file, int line) { + INCREMENT(realloc_count); if (realloc_impl != NULL && realloc_impl != &CRYPTO_realloc) return realloc_impl(str, num, file, line); + FAILTEST(); if (str == NULL) return CRYPTO_malloc(num, file, line); @@ -133,7 +259,7 @@ void *CRYPTO_realloc(void *str, size_t num, const char *file, int line) return ret; } #else - osslargused(file); osslargused(line); + (void)(file); (void)(line); #endif return realloc(str, num); @@ -168,6 +294,7 @@ void *CRYPTO_clear_realloc(void *str, size_t old_len, size_t num, void CRYPTO_free(void *str, const char *file, int line) { + INCREMENT(free_count); if (free_impl != NULL && free_impl != &CRYPTO_free) { free_impl(str, file, line); return; diff --git a/deps/openssl/openssl/crypto/mem_dbg.c b/deps/openssl/openssl/crypto/mem_dbg.c index c884078e773d7b..0489e97adbda02 100644 --- a/deps/openssl/openssl/crypto/mem_dbg.c +++ b/deps/openssl/openssl/crypto/mem_dbg.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -56,8 +56,8 @@ struct app_mem_info_st { }; static CRYPTO_ONCE memdbg_init = CRYPTO_ONCE_STATIC_INIT; -static CRYPTO_RWLOCK *malloc_lock = NULL; -static CRYPTO_RWLOCK *long_malloc_lock = NULL; +CRYPTO_RWLOCK *memdbg_lock; +static CRYPTO_RWLOCK *long_memdbg_lock; static CRYPTO_THREAD_LOCAL appinfokey; /* memory-block description */ @@ -76,28 +76,31 @@ struct mem_st { #endif }; -static LHASH_OF(MEM) *mh = NULL; /* hash-table of memory requests (address as - * key); access requires MALLOC2 lock */ +/* + * hash-table of memory requests (address as * key); access requires + * long_memdbg_lock lock + */ +static LHASH_OF(MEM) *mh = NULL; /* num_disable > 0 iff mh_mode == CRYPTO_MEM_CHECK_ON (w/o ..._ENABLE) */ static unsigned int num_disable = 0; /* - * Valid iff num_disable > 0. long_malloc_lock is locked exactly in this + * Valid iff num_disable > 0. long_memdbg_lock is locked exactly in this * case (by the thread named in disabling_thread). */ static CRYPTO_THREAD_ID disabling_threadid; DEFINE_RUN_ONCE_STATIC(do_memdbg_init) { - malloc_lock = CRYPTO_THREAD_lock_new(); - long_malloc_lock = CRYPTO_THREAD_lock_new(); - if (malloc_lock == NULL || long_malloc_lock == NULL + memdbg_lock = CRYPTO_THREAD_lock_new(); + long_memdbg_lock = CRYPTO_THREAD_lock_new(); + if (memdbg_lock == NULL || long_memdbg_lock == NULL || !CRYPTO_THREAD_init_local(&appinfokey, NULL)) { - CRYPTO_THREAD_lock_free(malloc_lock); - malloc_lock = NULL; - CRYPTO_THREAD_lock_free(long_malloc_lock); - long_malloc_lock = NULL; + CRYPTO_THREAD_lock_free(memdbg_lock); + memdbg_lock = NULL; + CRYPTO_THREAD_lock_free(long_memdbg_lock); + long_memdbg_lock = NULL; return 0; } return 1; @@ -105,7 +108,7 @@ DEFINE_RUN_ONCE_STATIC(do_memdbg_init) static void app_info_free(APP_INFO *inf) { - if (!inf) + if (inf == NULL) return; if (--(inf->references) <= 0) { app_info_free(inf->next); @@ -124,7 +127,7 @@ int CRYPTO_mem_ctrl(int mode) if (!RUN_ONCE(&memdbg_init, do_memdbg_init)) return -1; - CRYPTO_THREAD_write_lock(malloc_lock); + CRYPTO_THREAD_write_lock(memdbg_lock); switch (mode) { default: break; @@ -143,26 +146,26 @@ int CRYPTO_mem_ctrl(int mode) case CRYPTO_MEM_CHECK_DISABLE: if (mh_mode & CRYPTO_MEM_CHECK_ON) { CRYPTO_THREAD_ID cur = CRYPTO_THREAD_get_current_id(); - /* see if we don't have long_malloc_lock already */ + /* see if we don't have long_memdbg_lock already */ if (!num_disable || !CRYPTO_THREAD_compare_id(disabling_threadid, cur)) { /* - * Long-time lock long_malloc_lock must not be claimed - * while we're holding malloc_lock, or we'll deadlock - * if somebody else holds long_malloc_lock (and cannot + * Long-time lock long_memdbg_lock must not be claimed + * while we're holding memdbg_lock, or we'll deadlock + * if somebody else holds long_memdbg_lock (and cannot * release it because we block entry to this function). Give * them a chance, first, and then claim the locks in * appropriate order (long-time lock first). */ - CRYPTO_THREAD_unlock(malloc_lock); + CRYPTO_THREAD_unlock(memdbg_lock); /* - * Note that after we have waited for long_malloc_lock and - * malloc_lock, we'll still be in the right "case" and + * Note that after we have waited for long_memdbg_lock and + * memdbg_lock, we'll still be in the right "case" and * "if" branch because MemCheck_start and MemCheck_stop may * never be used while there are multiple OpenSSL threads. */ - CRYPTO_THREAD_write_lock(long_malloc_lock); - CRYPTO_THREAD_write_lock(malloc_lock); + CRYPTO_THREAD_write_lock(long_memdbg_lock); + CRYPTO_THREAD_write_lock(memdbg_lock); mh_mode &= ~CRYPTO_MEM_CHECK_ENABLE; disabling_threadid = cur; } @@ -176,14 +179,14 @@ int CRYPTO_mem_ctrl(int mode) num_disable--; if (num_disable == 0) { mh_mode |= CRYPTO_MEM_CHECK_ENABLE; - CRYPTO_THREAD_unlock(long_malloc_lock); + CRYPTO_THREAD_unlock(long_memdbg_lock); } } } break; } - CRYPTO_THREAD_unlock(malloc_lock); - return (ret); + CRYPTO_THREAD_unlock(memdbg_lock); + return ret; #endif } @@ -199,14 +202,14 @@ static int mem_check_on(void) return 0; cur = CRYPTO_THREAD_get_current_id(); - CRYPTO_THREAD_read_lock(malloc_lock); + CRYPTO_THREAD_read_lock(memdbg_lock); ret = (mh_mode & CRYPTO_MEM_CHECK_ENABLE) || !CRYPTO_THREAD_compare_id(disabling_threadid, cur); - CRYPTO_THREAD_unlock(malloc_lock); + CRYPTO_THREAD_unlock(memdbg_lock); } - return (ret); + return ret; } static int mem_cmp(const MEM *a, const MEM *b) @@ -231,7 +234,7 @@ static unsigned long mem_hash(const MEM *a) ret = (size_t)a->addr; ret = ret * 17851 + (ret >> 14) * 7 + (ret >> 4) * 251; - return (ret); + return ret; } /* returns 1 if there was an info to pop, 0 if the stack was empty. */ @@ -292,7 +295,7 @@ int CRYPTO_mem_debug_push(const char *info, const char *file, int line) CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); } - return (ret); + return ret; } int CRYPTO_mem_debug_pop(void) @@ -304,7 +307,7 @@ int CRYPTO_mem_debug_pop(void) ret = pop_info(); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); } - return (ret); + return ret; } static unsigned long break_order_num = 0; @@ -443,7 +446,8 @@ void CRYPTO_mem_debug_realloc(void *addr1, void *addr2, size_t num, } typedef struct mem_leak_st { - BIO *bio; + int (*print_cb) (const char *str, size_t len, void *u); + void *print_cb_arg; int chunks; long bytes; } MEM_LEAK; @@ -452,8 +456,9 @@ static void print_leak(const MEM *m, MEM_LEAK *l) { char buf[1024]; char *bufp = buf; + size_t len = sizeof(buf), ami_cnt; APP_INFO *amip; - int ami_cnt; + int n; struct tm *lcl = NULL; /* * Convert between CRYPTO_THREAD_ID (which could be anything at all) and @@ -466,27 +471,38 @@ static void print_leak(const MEM *m, MEM_LEAK *l) } tid; CRYPTO_THREAD_ID ti; -#define BUF_REMAIN (sizeof(buf) - (size_t)(bufp - buf)) - lcl = localtime(&m->time); - BIO_snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ", - lcl->tm_hour, lcl->tm_min, lcl->tm_sec); - bufp += strlen(bufp); + n = BIO_snprintf(bufp, len, "[%02d:%02d:%02d] ", + lcl->tm_hour, lcl->tm_min, lcl->tm_sec); + if (n <= 0) { + bufp[0] = '\0'; + return; + } + bufp += n; + len -= n; - BIO_snprintf(bufp, BUF_REMAIN, "%5lu file=%s, line=%d, ", - m->order, m->file, m->line); - bufp += strlen(bufp); + n = BIO_snprintf(bufp, len, "%5lu file=%s, line=%d, ", + m->order, m->file, m->line); + if (n <= 0) + return; + bufp += n; + len -= n; tid.ltid = 0; tid.tid = m->threadid; - BIO_snprintf(bufp, BUF_REMAIN, "thread=%lu, ", tid.ltid); - bufp += strlen(bufp); + n = BIO_snprintf(bufp, len, "thread=%lu, ", tid.ltid); + if (n <= 0) + return; + bufp += n; + len -= n; - BIO_snprintf(bufp, BUF_REMAIN, "number=%d, address=%p\n", - m->num, m->addr); - bufp += strlen(bufp); + n = BIO_snprintf(bufp, len, "number=%d, address=%p\n", m->num, m->addr); + if (n <= 0) + return; + bufp += n; + len -= n; - BIO_puts(l->bio, buf); + l->print_cb(buf, (size_t)(bufp - buf), l->print_cb_arg); l->chunks++; l->bytes += m->num; @@ -502,25 +518,34 @@ static void print_leak(const MEM *m, MEM_LEAK *l) int info_len; ami_cnt++; + if (ami_cnt >= sizeof(buf) - 1) + break; memset(buf, '>', ami_cnt); + buf[ami_cnt] = '\0'; tid.ltid = 0; tid.tid = amip->threadid; - BIO_snprintf(buf + ami_cnt, sizeof(buf) - ami_cnt, - " thread=%lu, file=%s, line=%d, info=\"", - tid.ltid, amip->file, - amip->line); - buf_len = strlen(buf); + n = BIO_snprintf(buf + ami_cnt, sizeof(buf) - ami_cnt, + " thread=%lu, file=%s, line=%d, info=\"", + tid.ltid, amip->file, amip->line); + if (n <= 0) + break; + buf_len = ami_cnt + n; info_len = strlen(amip->info); if (128 - buf_len - 3 < info_len) { memcpy(buf + buf_len, amip->info, 128 - buf_len - 3); buf_len = 128 - 3; } else { - OPENSSL_strlcpy(buf + buf_len, amip->info, sizeof(buf) - buf_len); - buf_len = strlen(buf); + n = BIO_snprintf(buf + buf_len, sizeof(buf) - buf_len, "%s", + amip->info); + if (n < 0) + break; + buf_len += n; } - BIO_snprintf(buf + buf_len, sizeof(buf) - buf_len, "\"\n"); + n = BIO_snprintf(buf + buf_len, sizeof(buf) - buf_len, "\"\n"); + if (n <= 0) + break; - BIO_puts(l->bio, buf); + l->print_cb(buf, buf_len + n, l->print_cb_arg); amip = amip->next; } @@ -541,16 +566,11 @@ static void print_leak(const MEM *m, MEM_LEAK *l) IMPLEMENT_LHASH_DOALL_ARG_CONST(MEM, MEM_LEAK); -int CRYPTO_mem_leaks(BIO *b) +int CRYPTO_mem_leaks_cb(int (*cb) (const char *str, size_t len, void *u), + void *u) { MEM_LEAK ml; - /* - * OPENSSL_cleanup() will free the ex_data locks so we can't have any - * ex_data hanging around - */ - bio_free_ex_data(b); - /* Ensure all resources are released */ OPENSSL_cleanup(); @@ -559,14 +579,19 @@ int CRYPTO_mem_leaks(BIO *b) CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); - ml.bio = b; + ml.print_cb = cb; + ml.print_cb_arg = u; ml.bytes = 0; ml.chunks = 0; if (mh != NULL) lh_MEM_doall_MEM_LEAK(mh, print_leak, &ml); if (ml.chunks != 0) { - BIO_printf(b, "%ld bytes leaked in %d chunks\n", ml.bytes, ml.chunks); + char buf[256]; + + BIO_snprintf(buf, sizeof(buf), "%ld bytes leaked in %d chunks\n", + ml.bytes, ml.chunks); + cb(buf, strlen(buf), u); } else { /* * Make sure that, if we found no leaks, memory-leak debugging itself @@ -576,7 +601,7 @@ int CRYPTO_mem_leaks(BIO *b) */ int old_mh_mode; - CRYPTO_THREAD_write_lock(malloc_lock); + CRYPTO_THREAD_write_lock(memdbg_lock); /* * avoid deadlock when lh_free() uses CRYPTO_mem_debug_free(), which uses @@ -589,20 +614,36 @@ int CRYPTO_mem_leaks(BIO *b) mh = NULL; mh_mode = old_mh_mode; - CRYPTO_THREAD_unlock(malloc_lock); + CRYPTO_THREAD_unlock(memdbg_lock); } CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF); /* Clean up locks etc */ CRYPTO_THREAD_cleanup_local(&appinfokey); - CRYPTO_THREAD_lock_free(malloc_lock); - CRYPTO_THREAD_lock_free(long_malloc_lock); - malloc_lock = NULL; - long_malloc_lock = NULL; + CRYPTO_THREAD_lock_free(memdbg_lock); + CRYPTO_THREAD_lock_free(long_memdbg_lock); + memdbg_lock = NULL; + long_memdbg_lock = NULL; return ml.chunks == 0 ? 1 : 0; } +static int print_bio(const char *str, size_t len, void *b) +{ + return BIO_write((BIO *)b, str, len); +} + +int CRYPTO_mem_leaks(BIO *b) +{ + /* + * OPENSSL_cleanup() will free the ex_data locks so we can't have any + * ex_data hanging around + */ + bio_free_ex_data(b); + + return CRYPTO_mem_leaks_cb(print_bio, b); +} + # ifndef OPENSSL_NO_STDIO int CRYPTO_mem_leaks_fp(FILE *fp) { @@ -620,7 +661,7 @@ int CRYPTO_mem_leaks_fp(FILE *fp) if (b == NULL) return -1; BIO_set_fp(b, fp, BIO_NOCLOSE); - ret = CRYPTO_mem_leaks(b); + ret = CRYPTO_mem_leaks_cb(print_bio, b); BIO_free(b); return ret; } diff --git a/deps/openssl/openssl/crypto/mem_sec.c b/deps/openssl/openssl/crypto/mem_sec.c index 1ccf68cc9335b0..9e0f6702f4069d 100644 --- a/deps/openssl/openssl/crypto/mem_sec.c +++ b/deps/openssl/openssl/crypto/mem_sec.c @@ -1,5 +1,6 @@ /* * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2014, Akamai Technologies. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,11 +8,6 @@ * https://www.openssl.org/source/license.html */ -/* - * Copyright 2004-2014, Akamai Technologies. All Rights Reserved. - * This file is distributed under the terms of the OpenSSL license. - */ - /* * This file is in two halves. The first half implements the public API * to be used by external consumers, and to be used by OpenSSL to store @@ -19,22 +15,25 @@ * For details on that implementation, see below (look for uppercase * "SECURE HEAP IMPLEMENTATION"). */ +#include "e_os.h" #include -#include #include -/* e_os.h includes unistd.h, which defines _POSIX_VERSION */ -#if !defined(OPENSSL_NO_SECURE_MEMORY) && defined(OPENSSL_SYS_UNIX) \ - && ( (defined(_POSIX_VERSION) && _POSIX_VERSION >= 200112L) \ - || defined(__sun) || defined(__hpux) || defined(__sgi) \ - || defined(__osf__) ) -# define IMPLEMENTED +/* e_os.h defines OPENSSL_SECURE_MEMORY if secure memory can be implemented */ +#ifdef OPENSSL_SECURE_MEMORY # include # include # include # include # include +# if defined(OPENSSL_SYS_LINUX) +# include +# if defined(SYS_mlock2) +# include +# include +# endif +# endif # include # include # include @@ -48,7 +47,7 @@ # define MAP_ANON MAP_ANONYMOUS #endif -#ifdef IMPLEMENTED +#ifdef OPENSSL_SECURE_MEMORY static size_t secure_mem_used; static int secure_mem_initialized; @@ -59,8 +58,8 @@ static CRYPTO_RWLOCK *sec_malloc_lock = NULL; * These are the functions that must be implemented by a secure heap (sh). */ static int sh_init(size_t size, int minsize); -static char *sh_malloc(size_t size); -static void sh_free(char *ptr); +static void *sh_malloc(size_t size); +static void sh_free(void *ptr); static void sh_done(void); static size_t sh_actual_size(char *ptr); static int sh_allocated(const char *ptr); @@ -68,7 +67,7 @@ static int sh_allocated(const char *ptr); int CRYPTO_secure_malloc_init(size_t size, int minsize) { -#ifdef IMPLEMENTED +#ifdef OPENSSL_SECURE_MEMORY int ret = 0; if (!secure_mem_initialized) { @@ -86,12 +85,12 @@ int CRYPTO_secure_malloc_init(size_t size, int minsize) return ret; #else return 0; -#endif /* IMPLEMENTED */ +#endif /* OPENSSL_SECURE_MEMORY */ } -int CRYPTO_secure_malloc_done() +int CRYPTO_secure_malloc_done(void) { -#ifdef IMPLEMENTED +#ifdef OPENSSL_SECURE_MEMORY if (secure_mem_used == 0) { sh_done(); secure_mem_initialized = 0; @@ -99,22 +98,22 @@ int CRYPTO_secure_malloc_done() sec_malloc_lock = NULL; return 1; } -#endif /* IMPLEMENTED */ +#endif /* OPENSSL_SECURE_MEMORY */ return 0; } -int CRYPTO_secure_malloc_initialized() +int CRYPTO_secure_malloc_initialized(void) { -#ifdef IMPLEMENTED +#ifdef OPENSSL_SECURE_MEMORY return secure_mem_initialized; #else return 0; -#endif /* IMPLEMENTED */ +#endif /* OPENSSL_SECURE_MEMORY */ } void *CRYPTO_secure_malloc(size_t num, const char *file, int line) { -#ifdef IMPLEMENTED +#ifdef OPENSSL_SECURE_MEMORY void *ret; size_t actual_size; @@ -129,12 +128,12 @@ void *CRYPTO_secure_malloc(size_t num, const char *file, int line) return ret; #else return CRYPTO_malloc(num, file, line); -#endif /* IMPLEMENTED */ +#endif /* OPENSSL_SECURE_MEMORY */ } void *CRYPTO_secure_zalloc(size_t num, const char *file, int line) { -#ifdef IMPLEMENTED +#ifdef OPENSSL_SECURE_MEMORY if (secure_mem_initialized) /* CRYPTO_secure_malloc() zeroes allocations when it is implemented */ return CRYPTO_secure_malloc(num, file, line); @@ -144,7 +143,7 @@ void *CRYPTO_secure_zalloc(size_t num, const char *file, int line) void CRYPTO_secure_free(void *ptr, const char *file, int line) { -#ifdef IMPLEMENTED +#ifdef OPENSSL_SECURE_MEMORY size_t actual_size; if (ptr == NULL) @@ -161,13 +160,13 @@ void CRYPTO_secure_free(void *ptr, const char *file, int line) CRYPTO_THREAD_unlock(sec_malloc_lock); #else CRYPTO_free(ptr, file, line); -#endif /* IMPLEMENTED */ +#endif /* OPENSSL_SECURE_MEMORY */ } void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *file, int line) { -#ifdef IMPLEMENTED +#ifdef OPENSSL_SECURE_MEMORY size_t actual_size; if (ptr == NULL) @@ -188,12 +187,12 @@ void CRYPTO_secure_clear_free(void *ptr, size_t num, return; OPENSSL_cleanse(ptr, num); CRYPTO_free(ptr, file, line); -#endif /* IMPLEMENTED */ +#endif /* OPENSSL_SECURE_MEMORY */ } int CRYPTO_secure_allocated(const void *ptr) { -#ifdef IMPLEMENTED +#ifdef OPENSSL_SECURE_MEMORY int ret; if (!secure_mem_initialized) @@ -204,21 +203,21 @@ int CRYPTO_secure_allocated(const void *ptr) return ret; #else return 0; -#endif /* IMPLEMENTED */ +#endif /* OPENSSL_SECURE_MEMORY */ } -size_t CRYPTO_secure_used() +size_t CRYPTO_secure_used(void) { -#ifdef IMPLEMENTED +#ifdef OPENSSL_SECURE_MEMORY return secure_mem_used; #else return 0; -#endif /* IMPLEMENTED */ +#endif /* OPENSSL_SECURE_MEMORY */ } size_t CRYPTO_secure_actual_size(void *ptr) { -#ifdef IMPLEMENTED +#ifdef OPENSSL_SECURE_MEMORY size_t actual_size; CRYPTO_THREAD_write_lock(sec_malloc_lock); @@ -236,7 +235,7 @@ size_t CRYPTO_secure_actual_size(void *ptr) /* * SECURE HEAP IMPLEMENTATION */ -#ifdef IMPLEMENTED +#ifdef OPENSSL_SECURE_MEMORY /* @@ -473,8 +472,19 @@ static int sh_init(size_t size, int minsize) if (mprotect(sh.map_result + aligned, pgsize, PROT_NONE) < 0) ret = 2; +#if defined(OPENSSL_SYS_LINUX) && defined(MLOCK_ONFAULT) && defined(SYS_mlock2) + if (syscall(SYS_mlock2, sh.arena, sh.arena_size, MLOCK_ONFAULT) < 0) { + if (errno == ENOSYS) { + if (mlock(sh.arena, sh.arena_size) < 0) + ret = 2; + } else { + ret = 2; + } + } +#else if (mlock(sh.arena, sh.arena_size) < 0) ret = 2; +#endif #ifdef MADV_DONTDUMP if (madvise(sh.arena, sh.arena_size, MADV_DONTDUMP) < 0) ret = 2; @@ -487,7 +497,7 @@ static int sh_init(size_t size, int minsize) return 0; } -static void sh_done() +static void sh_done(void) { OPENSSL_free(sh.freelist); OPENSSL_free(sh.bittable); @@ -516,7 +526,7 @@ static char *sh_find_my_buddy(char *ptr, int list) return chunk; } -static char *sh_malloc(size_t size) +static void *sh_malloc(size_t size) { ossl_ssize_t list, slist; size_t i; @@ -581,10 +591,10 @@ static char *sh_malloc(size_t size) return chunk; } -static void sh_free(char *ptr) +static void sh_free(void *ptr) { size_t list; - char *buddy; + void *buddy; if (ptr == NULL) return; @@ -633,4 +643,4 @@ static size_t sh_actual_size(char *ptr) OPENSSL_assert(sh_testbit(ptr, list, sh.bittable)); return sh.arena_size / (ONE << list); } -#endif /* IMPLEMENTED */ +#endif /* OPENSSL_SECURE_MEMORY */ diff --git a/deps/openssl/openssl/crypto/mips_arch.h b/deps/openssl/openssl/crypto/mips_arch.h new file mode 100644 index 00000000000000..75043e79d337df --- /dev/null +++ b/deps/openssl/openssl/crypto/mips_arch.h @@ -0,0 +1,40 @@ +/* + * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef __MIPS_ARCH_H__ +# define __MIPS_ARCH_H__ + +# if (defined(__mips_smartmips) || defined(_MIPS_ARCH_MIPS32R3) || \ + defined(_MIPS_ARCH_MIPS32R5) || defined(_MIPS_ARCH_MIPS32R6)) + && !defined(_MIPS_ARCH_MIPS32R2) +# define _MIPS_ARCH_MIPS32R2 +# endif + +# if (defined(_MIPS_ARCH_MIPS64R3) || defined(_MIPS_ARCH_MIPS64R5) || \ + defined(_MIPS_ARCH_MIPS64R6)) \ + && !defined(_MIPS_ARCH_MIPS64R2) +# define _MIPS_ARCH_MIPS64R2 +# endif + +# if defined(_MIPS_ARCH_MIPS64R6) +# define dmultu(rs,rt) +# define mflo(rd,rs,rt) dmulu rd,rs,rt +# define mfhi(rd,rs,rt) dmuhu rd,rs,rt +# elif defined(_MIPS_ARCH_MIPS32R6) +# define multu(rs,rt) +# define mflo(rd,rs,rt) mulu rd,rs,rt +# define mfhi(rd,rs,rt) muhu rd,rs,rt +# else +# define dmultu(rs,rt) dmultu rs,rt +# define multu(rs,rt) multu rs,rt +# define mflo(rd,rs,rt) mflo rd +# define mfhi(rd,rs,rt) mfhi rd +# endif + +#endif diff --git a/deps/openssl/openssl/crypto/modes/asm/aesni-gcm-x86_64.pl b/deps/openssl/openssl/crypto/modes/asm/aesni-gcm-x86_64.pl index 5ad62b39798159..b42016101ebc66 100644 --- a/deps/openssl/openssl/crypto/modes/asm/aesni-gcm-x86_64.pl +++ b/deps/openssl/openssl/crypto/modes/asm/aesni-gcm-x86_64.pl @@ -35,6 +35,8 @@ # Applications using the EVP interface will observe a few percent # worse performance.] # +# Knights Landing processes 1 byte in 1.25 cycles (measured with EVP). +# # [1] http://rt.openssl.org/Ticket/Display.html?id=2900&user=guest&pass=guest # [2] http://www.intel.com/content/dam/www/public/us/en/documents/software-support/enabling-high-performance-gcm.pdf @@ -116,23 +118,6 @@ vpxor $rndkey,$inout3,$inout3 vmovups 0x10-0x80($key),$T2 # borrow $T2 for $rndkey vpclmulqdq \$0x01,$Hkey,$Z3,$Z2 - - # At this point, the current block of 96 (0x60) bytes has already been - # loaded into registers. Concurrently with processing it, we want to - # load the next 96 bytes of input for the next round. Obviously, we can - # only do this if there are at least 96 more bytes of input beyond the - # input we're currently processing, or else we'd read past the end of - # the input buffer. Here, we set |%r12| to 96 if there are at least 96 - # bytes of input beyond the 96 bytes we're already processing, and we - # set |%r12| to 0 otherwise. In the case where we set |%r12| to 96, - # we'll read in the next block so that it is in registers for the next - # loop iteration. In the case where we set |%r12| to 0, we'll re-read - # the current block and then ignore what we re-read. - # - # At this point, |$in0| points to the current (already read into - # registers) block, and |$end0| points to 2*96 bytes before the end of - # the input. Thus, |$in0| > |$end0| means that we do not have the next - # 96-byte block to read in, and |$in0| <= |$end0| means we do. xor %r12,%r12 cmp $in0,$end0 @@ -424,20 +409,25 @@ .type aesni_gcm_decrypt,\@function,6 .align 32 aesni_gcm_decrypt: +.cfi_startproc xor $ret,$ret - - # We call |_aesni_ctr32_ghash_6x|, which requires at least 96 (0x60) - # bytes of input. cmp \$0x60,$len # minimal accepted length jb .Lgcm_dec_abort lea (%rsp),%rax # save stack pointer +.cfi_def_cfa_register %rax push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 ___ $code.=<<___ if ($win64); lea -0xa8(%rsp),%rsp @@ -482,15 +472,7 @@ vmovdqu 0x50($inp),$Z3 # I[5] lea ($inp),$in0 vmovdqu 0x40($inp),$Z0 - - # |_aesni_ctr32_ghash_6x| requires |$end0| to point to 2*96 (0xc0) - # bytes before the end of the input. Note, in particular, that this is - # correct even if |$len| is not an even multiple of 96 or 16. XXX: This - # seems to require that |$inp| + |$len| >= 2*96 (0xc0); i.e. |$inp| must - # not be near the very beginning of the address space when |$len| < 2*96 - # (0xc0). lea -0xc0($inp,$len),$end0 - vmovdqu 0x30($inp),$Z1 shr \$4,$len xor $ret,$ret @@ -537,15 +519,23 @@ ___ $code.=<<___; mov -48(%rax),%r15 +.cfi_restore %r15 mov -40(%rax),%r14 +.cfi_restore %r14 mov -32(%rax),%r13 +.cfi_restore %r13 mov -24(%rax),%r12 +.cfi_restore %r12 mov -16(%rax),%rbp +.cfi_restore %rbp mov -8(%rax),%rbx +.cfi_restore %rbx lea (%rax),%rsp # restore %rsp +.cfi_def_cfa_register %rsp .Lgcm_dec_abort: mov $ret,%rax # return value ret +.cfi_endproc .size aesni_gcm_decrypt,.-aesni_gcm_decrypt ___ @@ -645,21 +635,25 @@ .type aesni_gcm_encrypt,\@function,6 .align 32 aesni_gcm_encrypt: +.cfi_startproc xor $ret,$ret - - # We call |_aesni_ctr32_6x| twice, each call consuming 96 bytes of - # input. Then we call |_aesni_ctr32_ghash_6x|, which requires at - # least 96 more bytes of input. cmp \$0x60*3,$len # minimal accepted length jb .Lgcm_enc_abort lea (%rsp),%rax # save stack pointer +.cfi_def_cfa_register %rax push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 ___ $code.=<<___ if ($win64); lea -0xa8(%rsp),%rsp @@ -699,16 +693,7 @@ .Lenc_no_key_aliasing: lea ($out),$in0 - - # |_aesni_ctr32_ghash_6x| requires |$end0| to point to 2*96 (0xc0) - # bytes before the end of the input. Note, in particular, that this is - # correct even if |$len| is not an even multiple of 96 or 16. Unlike in - # the decryption case, there's no caveat that |$out| must not be near - # the very beginning of the address space, because we know that - # |$len| >= 3*96 from the check above, and so we know - # |$out| + |$len| >= 2*96 (0xc0). lea -0xc0($out,$len),$end0 - shr \$4,$len call _aesni_ctr32_6x @@ -931,15 +916,23 @@ ___ $code.=<<___; mov -48(%rax),%r15 +.cfi_restore %r15 mov -40(%rax),%r14 +.cfi_restore %r14 mov -32(%rax),%r13 +.cfi_restore %r13 mov -24(%rax),%r12 +.cfi_restore %r12 mov -16(%rax),%rbp +.cfi_restore %rbp mov -8(%rax),%rbx +.cfi_restore %rbx lea (%rax),%rsp # restore %rsp +.cfi_def_cfa_register %rsp .Lgcm_enc_abort: mov $ret,%rax # return value ret +.cfi_endproc .size aesni_gcm_encrypt,.-aesni_gcm_encrypt ___ diff --git a/deps/openssl/openssl/crypto/modes/asm/ghash-armv4.pl b/deps/openssl/openssl/crypto/modes/asm/ghash-armv4.pl index 1cf14a6c9f76d1..dcc23f7d7dbe40 100644 --- a/deps/openssl/openssl/crypto/modes/asm/ghash-armv4.pl +++ b/deps/openssl/openssl/crypto/modes/asm/ghash-armv4.pl @@ -54,7 +54,7 @@ # # Câmara, D.; Gouvêa, C. P. L.; López, J. & Dahab, R.: Fast Software # Polynomial Multiplication on ARM Processors using the NEON Engine. -# +# # http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf # ==================================================================== @@ -525,7 +525,7 @@ sub clmul64x64 { #ifdef __ARMEL__ vrev64.8 $Xl,$Xl #endif - sub $Xi,#16 + sub $Xi,#16 vst1.64 $Xl#hi,[$Xi]! @ write out Xi vst1.64 $Xl#lo,[$Xi] diff --git a/deps/openssl/openssl/crypto/modes/asm/ghash-ia64.pl b/deps/openssl/openssl/crypto/modes/asm/ghash-ia64.pl index 81e75f71a80033..eb9ded91e5b655 100755 --- a/deps/openssl/openssl/crypto/modes/asm/ghash-ia64.pl +++ b/deps/openssl/openssl/crypto/modes/asm/ghash-ia64.pl @@ -156,7 +156,7 @@ () ___ ###################################################################### -# "528B" (well, "512B" actualy) streamed GHASH +# "528B" (well, "512B" actually) streamed GHASH # $Xip="in0"; $Htbl="in1"; diff --git a/deps/openssl/openssl/crypto/modes/asm/ghash-parisc.pl b/deps/openssl/openssl/crypto/modes/asm/ghash-parisc.pl index 1d6254543bae9b..a614c99c22ce28 100644 --- a/deps/openssl/openssl/crypto/modes/asm/ghash-parisc.pl +++ b/deps/openssl/openssl/crypto/modes/asm/ghash-parisc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -705,7 +705,7 @@ my ($mod,$args) = @_; my $orig = "depd$mod\t$args"; - # I only have ",z" completer, it's impicitly encoded... + # I only have ",z" completer, it's implicitly encoded... if ($args =~ /%r([0-9]+),([0-9]+),([0-9]+),%r([0-9]+)/) # format 16 { my $opcode=(0x3c<<26)|($4<<21)|($1<<16); my $cpos=63-$2; @@ -724,6 +724,11 @@ sub assemble { ref($opcode) eq 'CODE' ? &$opcode($mod,$args) : "\t$mnemonic$mod\t$args"; } +if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` + =~ /GNU assembler/) { + $gnuas = 1; +} + foreach (split("\n",$code)) { s/\`([^\`]*)\`/eval $1/ge; if ($SIZE_T==4) { @@ -731,7 +736,12 @@ sub assemble { s/cmpb,\*/comb,/; s/,\*/,/; } - s/\bbv\b/bve/ if ($SIZE_T==8); + + s/(\.LEVEL\s+2\.0)W/$1w/ if ($gnuas && $SIZE_T==8); + s/\.SPACE\s+\$TEXT\$/.text/ if ($gnuas && $SIZE_T==8); + s/\.SUBSPA.*// if ($gnuas && $SIZE_T==8); + s/\bbv\b/bve/ if ($SIZE_T==8); + print $_,"\n"; } diff --git a/deps/openssl/openssl/crypto/modes/asm/ghash-s390x.pl b/deps/openssl/openssl/crypto/modes/asm/ghash-s390x.pl index 6e628d88238a0a..17dc375053c5c0 100644 --- a/deps/openssl/openssl/crypto/modes/asm/ghash-s390x.pl +++ b/deps/openssl/openssl/crypto/modes/asm/ghash-s390x.pl @@ -80,6 +80,8 @@ $sp="%r15"; $code.=<<___; +#include "s390x_arch.h" + .text .globl gcm_gmult_4bit @@ -89,12 +91,13 @@ $code.=<<___ if(!$softonly && 0); # hardware is slow for single block... larl %r1,OPENSSL_s390xcap_P lghi %r0,0 - lg %r1,24(%r1) # load second word of kimd capabilities vector + lg %r1,S390X_KIMD+8(%r1) # load second word of kimd capabilities + # vector tmhh %r1,0x4000 # check for function 65 jz .Lsoft_gmult stg %r0,16($sp) # arrange 16 bytes of zero input stg %r0,24($sp) - lghi %r0,65 # function 65 + lghi %r0,S390X_GHASH # function 65 la %r1,0($Xi) # H lies right after Xi in gcm128_context la $inp,16($sp) lghi $len,16 @@ -123,10 +126,11 @@ ___ $code.=<<___ if(!$softonly); larl %r1,OPENSSL_s390xcap_P - lg %r0,24(%r1) # load second word of kimd capabilities vector + lg %r0,S390X_KIMD+8(%r1) # load second word of kimd capabilities + # vector tmhh %r0,0x4000 # check for function 65 jz .Lsoft_ghash - lghi %r0,65 # function 65 + lghi %r0,S390X_GHASH # function 65 la %r1,0($Xi) # H lies right after Xi in gcm128_context .long 0xb93e0004 # kimd %r0,$inp brc 1,.-4 # pay attention to "partial completion" @@ -149,7 +153,7 @@ lg $Zhi,0+1($Xi) lghi $tmp,0 .Louter: - xg $Zhi,0($inp) # Xi ^= inp + xg $Zhi,0($inp) # Xi ^= inp xg $Zlo,8($inp) xgr $Zhi,$tmp stg $Zlo,8+1($Xi) diff --git a/deps/openssl/openssl/crypto/modes/asm/ghash-x86.pl b/deps/openssl/openssl/crypto/modes/asm/ghash-x86.pl index cd8458256ea1ab..bcbe6e399d13e8 100644 --- a/deps/openssl/openssl/crypto/modes/asm/ghash-x86.pl +++ b/deps/openssl/openssl/crypto/modes/asm/ghash-x86.pl @@ -103,14 +103,13 @@ # # Does it make sense to increase Naggr? To start with it's virtually # impossible in 32-bit mode, because of limited register bank -# capacity. Otherwise improvement has to be weighed agiainst slower +# capacity. Otherwise improvement has to be weighed against slower # setup, as well as code size and complexity increase. As even # optimistic estimate doesn't promise 30% performance improvement, # there are currently no plans to increase Naggr. # -# Special thanks to David Woodhouse for -# providing access to a Westmere-based system on behalf of Intel -# Open Source Technology Centre. +# Special thanks to David Woodhouse for providing access to a +# Westmere-based system on behalf of Intel Open Source Technology Centre. # January 2010 # @@ -139,7 +138,7 @@ $output=pop; open STDOUT,">$output"; -&asm_init($ARGV[0],"ghash-x86.pl",$x86only = $ARGV[$#ARGV] eq "386"); +&asm_init($ARGV[0],$x86only = $ARGV[$#ARGV] eq "386"); $sse2=0; for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } @@ -811,7 +810,7 @@ () &bswap ($dat); &pshufw ($Zhi,$Zhi,0b00011011); # 76543210 &bswap ("ebx"); - + &cmp ("ecx",&DWP(528+16+8,"esp")); # are we done? &jne (&label("outer")); } @@ -915,7 +914,7 @@ sub reduction_alg9 { # 17/11 times faster than Intel version &psllq ($Xi,57); # &movdqa ($T1,$Xi); # &pslldq ($Xi,8); - &psrldq ($T1,8); # + &psrldq ($T1,8); # &pxor ($Xi,$T2); &pxor ($Xhi,$T1); # @@ -1085,7 +1084,7 @@ sub reduction_alg9 { # 17/11 times faster than Intel version &psllq ($Xi,57); # &movdqa ($T1,$Xi); # &pslldq ($Xi,8); - &psrldq ($T1,8); # + &psrldq ($T1,8); # &pxor ($Xi,$T2); &pxor ($Xhi,$T1); # &pshufd ($T1,$Xhn,0b01001110); diff --git a/deps/openssl/openssl/crypto/modes/asm/ghash-x86_64.pl b/deps/openssl/openssl/crypto/modes/asm/ghash-x86_64.pl index 387e3f854efa7b..afc30c3e72a435 100644 --- a/deps/openssl/openssl/crypto/modes/asm/ghash-x86_64.pl +++ b/deps/openssl/openssl/crypto/modes/asm/ghash-x86_64.pl @@ -44,9 +44,8 @@ # See ghash-x86.pl for background information and details about coding # techniques. # -# Special thanks to David Woodhouse for -# providing access to a Westmere-based system on behalf of Intel -# Open Source Technology Centre. +# Special thanks to David Woodhouse for providing access to a +# Westmere-based system on behalf of Intel Open Source Technology Centre. # December 2012 # @@ -74,6 +73,7 @@ # Skylake 0.44(+110%)(if system doesn't support AVX) # Bulldozer 1.49(+27%) # Silvermont 2.88(+13%) +# Knights L 2.12(-) (if system doesn't support AVX) # Goldmont 1.08(+24%) # March 2013 @@ -86,6 +86,8 @@ # it performs in 0.41 cycles per byte on Haswell processor, in # 0.29 on Broadwell, and in 0.36 on Skylake. # +# Knights Landing achieves 1.09 cpb. +# # [1] http://rt.openssl.org/Ticket/Display.html?id=2900&user=guest&pass=guest $flavour = shift; @@ -236,9 +238,21 @@ () .type gcm_gmult_4bit,\@function,2 .align 16 gcm_gmult_4bit: +.cfi_startproc push %rbx - push %rbp # %rbp and %r12 are pushed exclusively in +.cfi_push %rbx + push %rbp # %rbp and others are pushed exclusively in +.cfi_push %rbp push %r12 # order to reuse Win64 exception handler... +.cfi_push %r12 + push %r13 +.cfi_push %r13 + push %r14 +.cfi_push %r14 + push %r15 +.cfi_push %r15 + sub \$280,%rsp +.cfi_adjust_cfa_offset 280 .Lgmult_prologue: movzb 15($Xi),$Zlo @@ -249,10 +263,15 @@ () mov $Zlo,8($Xi) mov $Zhi,($Xi) - mov 16(%rsp),%rbx - lea 24(%rsp),%rsp + lea 280+48(%rsp),%rsi +.cfi_def_cfa %rsi,8 + mov -8(%rsi),%rbx +.cfi_restore %rbx + lea (%rsi),%rsp +.cfi_def_cfa_register %rsp .Lgmult_epilogue: ret +.cfi_endproc .size gcm_gmult_4bit,.-gcm_gmult_4bit ___ @@ -266,13 +285,21 @@ () .type gcm_ghash_4bit,\@function,4 .align 16 gcm_ghash_4bit: +.cfi_startproc push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 sub \$280,%rsp +.cfi_adjust_cfa_offset 280 .Lghash_prologue: mov $inp,%r14 # reassign couple of args mov $len,%r15 @@ -400,16 +427,25 @@ () mov $Zlo,8($Xi) mov $Zhi,($Xi) - lea 280(%rsp),%rsi - mov 0(%rsi),%r15 - mov 8(%rsi),%r14 - mov 16(%rsi),%r13 - mov 24(%rsi),%r12 - mov 32(%rsi),%rbp - mov 40(%rsi),%rbx - lea 48(%rsi),%rsp + lea 280+48(%rsp),%rsi +.cfi_def_cfa %rsi,8 + mov -48(%rsi),%r15 +.cfi_restore %r15 + mov -40(%rsi),%r14 +.cfi_restore %r14 + mov -32(%rsi),%r13 +.cfi_restore %r13 + mov -24(%rsi),%r12 +.cfi_restore %r12 + mov -16(%rsi),%rbp +.cfi_restore %rbp + mov -8(%rsi),%rbx +.cfi_restore %rbx + lea 0(%rsi),%rsp +.cfi_def_cfa_register %rsp .Lghash_epilogue: ret +.cfi_endproc .size gcm_ghash_4bit,.-gcm_ghash_4bit ___ @@ -469,7 +505,7 @@ sub reduction_alg9 { # 17/11 times faster than Intel version psllq \$57,$Xi # movdqa $Xi,$T1 # pslldq \$8,$Xi - psrldq \$8,$T1 # + psrldq \$8,$T1 # pxor $T2,$Xi pxor $T1,$Xhi # @@ -583,7 +619,7 @@ sub reduction_alg9 { # 17/11 times faster than Intel version &clmul64x64_T2 ($Xhi,$Xi,$Hkey,$T2); $code.=<<___ if (0 || (&reduction_alg9($Xhi,$Xi)&&0)); # experimental alternative. special thing about is that there - # no dependency between the two multiplications... + # no dependency between the two multiplications... mov \$`0xE1<<1`,%eax mov \$0xA040608020C0E000,%r10 # ((7..0)·0xE0)&0xff mov \$0x07,%r11d @@ -758,7 +794,7 @@ sub reduction_alg9 { # 17/11 times faster than Intel version movdqa $T2,$T1 # pslldq \$8,$T2 pclmulqdq \$0x00,$Hkey2,$Xln - psrldq \$8,$T1 # + psrldq \$8,$T1 # pxor $T2,$Xi pxor $T1,$Xhi # movdqu 0($inp),$T1 @@ -894,7 +930,7 @@ sub reduction_alg9 { # 17/11 times faster than Intel version psllq \$57,$Xi # movdqa $Xi,$T1 # pslldq \$8,$Xi - psrldq \$8,$T1 # + psrldq \$8,$T1 # pxor $T2,$Xi pshufd \$0b01001110,$Xhn,$Xmn pxor $T1,$Xhi # @@ -1648,14 +1684,20 @@ sub reduction_avx { cmp %r10,%rbx # context->Rip>=epilogue label jae .Lin_prologue - lea 24(%rax),%rax # adjust "rsp" + lea 48+280(%rax),%rax # adjust "rsp" mov -8(%rax),%rbx mov -16(%rax),%rbp mov -24(%rax),%r12 + mov -32(%rax),%r13 + mov -40(%rax),%r14 + mov -48(%rax),%r15 mov %rbx,144($context) # restore context->Rbx mov %rbp,160($context) # restore context->Rbp mov %r12,216($context) # restore context->R12 + mov %r13,224($context) # restore context->R13 + mov %r14,232($context) # restore context->R14 + mov %r15,240($context) # restore context->R15 .Lin_prologue: mov 8(%rax),%rdi diff --git a/deps/openssl/openssl/crypto/modes/asm/ghashp8-ppc.pl b/deps/openssl/openssl/crypto/modes/asm/ghashp8-ppc.pl index f0598cb28c2a91..6a2ac712950b47 100755 --- a/deps/openssl/openssl/crypto/modes/asm/ghashp8-ppc.pl +++ b/deps/openssl/openssl/crypto/modes/asm/ghashp8-ppc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -23,13 +23,14 @@ # Relative comparison is therefore more informative. This initial # version is ~2.1x slower than hardware-assisted AES-128-CTR, ~12x # faster than "4-bit" integer-only compiler-generated 64-bit code. -# "Initial version" means that there is room for futher improvement. +# "Initial version" means that there is room for further improvement. # May 2016 # # 2x aggregated reduction improves performance by 50% (resulting # performance on POWER8 is 1 cycle per processed byte), and 4x # aggregated reduction - by 170% or 2.7x (resulting in 0.55 cpb). +# POWER9 delivers 0.51 cpb. $flavour=shift; $output =shift; diff --git a/deps/openssl/openssl/crypto/modes/asm/ghashv8-armx.pl b/deps/openssl/openssl/crypto/modes/asm/ghashv8-armx.pl index e13c70901920c8..47e8820080693f 100644 --- a/deps/openssl/openssl/crypto/modes/asm/ghashv8-armx.pl +++ b/deps/openssl/openssl/crypto/modes/asm/ghashv8-armx.pl @@ -19,23 +19,29 @@ # June 2014 # # Initial version was developed in tight cooperation with Ard -# Biesheuvel from bits-n-pieces from -# other assembly modules. Just like aesv8-armx.pl this module -# supports both AArch32 and AArch64 execution modes. +# Biesheuvel of Linaro from bits-n-pieces from other assembly modules. +# Just like aesv8-armx.pl this module supports both AArch32 and +# AArch64 execution modes. # # July 2014 # # Implement 2x aggregated reduction [see ghash-x86.pl for background # information]. # +# November 2017 +# +# AArch64 register bank to "accommodate" 4x aggregated reduction and +# improve performance by 20-70% depending on processor. +# # Current performance in cycles per processed byte: # -# PMULL[2] 32-bit NEON(*) -# Apple A7 0.92 5.62 -# Cortex-A53 1.01 8.39 -# Cortex-A57 1.17 7.61 -# Denver 0.71 6.02 -# Mongoose 1.10 8.06 +# 64-bit PMULL 32-bit PMULL 32-bit NEON(*) +# Apple A7 0.58 0.92 5.62 +# Cortex-A53 0.85 1.01 8.39 +# Cortex-A57 0.73 1.17 7.61 +# Denver 0.51 0.65 6.02 +# Mongoose 0.65 1.10 8.06 +# Kryo 0.76 1.16 8.00 # # (*) presented for reference/comparison purposes; @@ -131,8 +137,56 @@ vext.8 $t1,$H2,$H2,#8 @ Karatsuba pre-processing veor $t1,$t1,$H2 vext.8 $Hhl,$t0,$t1,#8 @ pack Karatsuba pre-processed - vst1.64 {$Hhl-$H2},[x0] @ store Htable[1..2] + vst1.64 {$Hhl-$H2},[x0],#32 @ store Htable[1..2] +___ +if ($flavour =~ /64/) { +my ($t3,$Yl,$Ym,$Yh) = map("q$_",(4..7)); +$code.=<<___; + @ calculate H^3 and H^4 + vpmull.p64 $Xl,$H, $H2 + vpmull.p64 $Yl,$H2,$H2 + vpmull2.p64 $Xh,$H, $H2 + vpmull2.p64 $Yh,$H2,$H2 + vpmull.p64 $Xm,$t0,$t1 + vpmull.p64 $Ym,$t1,$t1 + + vext.8 $t0,$Xl,$Xh,#8 @ Karatsuba post-processing + vext.8 $t1,$Yl,$Yh,#8 + veor $t2,$Xl,$Xh + veor $Xm,$Xm,$t0 + veor $t3,$Yl,$Yh + veor $Ym,$Ym,$t1 + veor $Xm,$Xm,$t2 + vpmull.p64 $t2,$Xl,$xC2 @ 1st phase + veor $Ym,$Ym,$t3 + vpmull.p64 $t3,$Yl,$xC2 + + vmov $Xh#lo,$Xm#hi @ Xh|Xm - 256-bit result + vmov $Yh#lo,$Ym#hi + vmov $Xm#hi,$Xl#lo @ Xm is rotated Xl + vmov $Ym#hi,$Yl#lo + veor $Xl,$Xm,$t2 + veor $Yl,$Ym,$t3 + + vext.8 $t2,$Xl,$Xl,#8 @ 2nd phase + vext.8 $t3,$Yl,$Yl,#8 + vpmull.p64 $Xl,$Xl,$xC2 + vpmull.p64 $Yl,$Yl,$xC2 + veor $t2,$t2,$Xh + veor $t3,$t3,$Yh + veor $H, $Xl,$t2 @ H^3 + veor $H2,$Yl,$t3 @ H^4 + + vext.8 $t0,$H, $H,#8 @ Karatsuba pre-processing + vext.8 $t1,$H2,$H2,#8 + veor $t0,$t0,$H + veor $t1,$t1,$H2 + vext.8 $Hhl,$t0,$t1,#8 @ pack Karatsuba pre-processed + vst1.64 {$H-$H2},[x0] @ store Htable[3..5] +___ +} +$code.=<<___; ret .size gcm_init_v8,.-gcm_init_v8 ___ @@ -201,6 +255,10 @@ .align 4 gcm_ghash_v8: ___ +$code.=<<___ if ($flavour =~ /64/); + cmp $len,#64 + b.hs .Lgcm_ghash_v8_4x +___ $code.=<<___ if ($flavour !~ /64/); vstmdb sp!,{d8-d15} @ 32-bit ABI says so ___ @@ -210,13 +268,13 @@ @ loaded value would have @ to be rotated in order to @ make it appear as in - @ alorithm specification + @ algorithm specification subs $len,$len,#32 @ see if $len is 32 or larger mov $inc,#16 @ $inc is used as post- @ increment for input pointer; @ as loop is modulo-scheduled @ $inc is zeroed just in time - @ to preclude oversteping + @ to preclude overstepping @ inp[len], which means that @ last block[s] are actually @ loaded twice, but last @@ -348,7 +406,297 @@ ret .size gcm_ghash_v8,.-gcm_ghash_v8 ___ + +if ($flavour =~ /64/) { # 4x subroutine +my ($I0,$j1,$j2,$j3, + $I1,$I2,$I3,$H3,$H34,$H4,$Yl,$Ym,$Yh) = map("q$_",(4..7,15..23)); + +$code.=<<___; +.type gcm_ghash_v8_4x,%function +.align 4 +gcm_ghash_v8_4x: +.Lgcm_ghash_v8_4x: + vld1.64 {$Xl},[$Xi] @ load [rotated] Xi + vld1.64 {$H-$H2},[$Htbl],#48 @ load twisted H, ..., H^2 + vmov.i8 $xC2,#0xe1 + vld1.64 {$H3-$H4},[$Htbl] @ load twisted H^3, ..., H^4 + vshl.u64 $xC2,$xC2,#57 @ compose 0xc2.0 constant + + vld1.64 {$I0-$j3},[$inp],#64 +#ifndef __ARMEB__ + vrev64.8 $Xl,$Xl + vrev64.8 $j1,$j1 + vrev64.8 $j2,$j2 + vrev64.8 $j3,$j3 + vrev64.8 $I0,$I0 +#endif + vext.8 $I3,$j3,$j3,#8 + vext.8 $I2,$j2,$j2,#8 + vext.8 $I1,$j1,$j1,#8 + + vpmull.p64 $Yl,$H,$I3 @ H·Ii+3 + veor $j3,$j3,$I3 + vpmull2.p64 $Yh,$H,$I3 + vpmull.p64 $Ym,$Hhl,$j3 + + vpmull.p64 $t0,$H2,$I2 @ H^2·Ii+2 + veor $j2,$j2,$I2 + vpmull2.p64 $I2,$H2,$I2 + vpmull2.p64 $j2,$Hhl,$j2 + + veor $Yl,$Yl,$t0 + veor $Yh,$Yh,$I2 + veor $Ym,$Ym,$j2 + + vpmull.p64 $j3,$H3,$I1 @ H^3·Ii+1 + veor $j1,$j1,$I1 + vpmull2.p64 $I1,$H3,$I1 + vpmull.p64 $j1,$H34,$j1 + + veor $Yl,$Yl,$j3 + veor $Yh,$Yh,$I1 + veor $Ym,$Ym,$j1 + + subs $len,$len,#128 + b.lo .Ltail4x + + b .Loop4x + +.align 4 +.Loop4x: + veor $t0,$I0,$Xl + vld1.64 {$I0-$j3},[$inp],#64 + vext.8 $IN,$t0,$t0,#8 +#ifndef __ARMEB__ + vrev64.8 $j1,$j1 + vrev64.8 $j2,$j2 + vrev64.8 $j3,$j3 + vrev64.8 $I0,$I0 +#endif + + vpmull.p64 $Xl,$H4,$IN @ H^4·(Xi+Ii) + veor $t0,$t0,$IN + vpmull2.p64 $Xh,$H4,$IN + vext.8 $I3,$j3,$j3,#8 + vpmull2.p64 $Xm,$H34,$t0 + + veor $Xl,$Xl,$Yl + veor $Xh,$Xh,$Yh + vext.8 $I2,$j2,$j2,#8 + veor $Xm,$Xm,$Ym + vext.8 $I1,$j1,$j1,#8 + + vext.8 $t1,$Xl,$Xh,#8 @ Karatsuba post-processing + veor $t2,$Xl,$Xh + vpmull.p64 $Yl,$H,$I3 @ H·Ii+3 + veor $j3,$j3,$I3 + veor $Xm,$Xm,$t1 + vpmull2.p64 $Yh,$H,$I3 + veor $Xm,$Xm,$t2 + vpmull.p64 $Ym,$Hhl,$j3 + + vpmull.p64 $t2,$Xl,$xC2 @ 1st phase of reduction + vmov $Xh#lo,$Xm#hi @ Xh|Xm - 256-bit result + vmov $Xm#hi,$Xl#lo @ Xm is rotated Xl + vpmull.p64 $t0,$H2,$I2 @ H^2·Ii+2 + veor $j2,$j2,$I2 + vpmull2.p64 $I2,$H2,$I2 + veor $Xl,$Xm,$t2 + vpmull2.p64 $j2,$Hhl,$j2 + + veor $Yl,$Yl,$t0 + veor $Yh,$Yh,$I2 + veor $Ym,$Ym,$j2 + + vext.8 $t2,$Xl,$Xl,#8 @ 2nd phase of reduction + vpmull.p64 $Xl,$Xl,$xC2 + vpmull.p64 $j3,$H3,$I1 @ H^3·Ii+1 + veor $j1,$j1,$I1 + veor $t2,$t2,$Xh + vpmull2.p64 $I1,$H3,$I1 + vpmull.p64 $j1,$H34,$j1 + + veor $Xl,$Xl,$t2 + veor $Yl,$Yl,$j3 + veor $Yh,$Yh,$I1 + vext.8 $Xl,$Xl,$Xl,#8 + veor $Ym,$Ym,$j1 + + subs $len,$len,#64 + b.hs .Loop4x + +.Ltail4x: + veor $t0,$I0,$Xl + vext.8 $IN,$t0,$t0,#8 + + vpmull.p64 $Xl,$H4,$IN @ H^4·(Xi+Ii) + veor $t0,$t0,$IN + vpmull2.p64 $Xh,$H4,$IN + vpmull2.p64 $Xm,$H34,$t0 + + veor $Xl,$Xl,$Yl + veor $Xh,$Xh,$Yh + veor $Xm,$Xm,$Ym + + adds $len,$len,#64 + b.eq .Ldone4x + + cmp $len,#32 + b.lo .Lone + b.eq .Ltwo +.Lthree: + vext.8 $t1,$Xl,$Xh,#8 @ Karatsuba post-processing + veor $t2,$Xl,$Xh + veor $Xm,$Xm,$t1 + vld1.64 {$I0-$j2},[$inp] + veor $Xm,$Xm,$t2 +#ifndef __ARMEB__ + vrev64.8 $j1,$j1 + vrev64.8 $j2,$j2 + vrev64.8 $I0,$I0 +#endif + + vpmull.p64 $t2,$Xl,$xC2 @ 1st phase of reduction + vmov $Xh#lo,$Xm#hi @ Xh|Xm - 256-bit result + vmov $Xm#hi,$Xl#lo @ Xm is rotated Xl + vext.8 $I2,$j2,$j2,#8 + vext.8 $I1,$j1,$j1,#8 + veor $Xl,$Xm,$t2 + + vpmull.p64 $Yl,$H,$I2 @ H·Ii+2 + veor $j2,$j2,$I2 + + vext.8 $t2,$Xl,$Xl,#8 @ 2nd phase of reduction + vpmull.p64 $Xl,$Xl,$xC2 + veor $t2,$t2,$Xh + vpmull2.p64 $Yh,$H,$I2 + vpmull.p64 $Ym,$Hhl,$j2 + veor $Xl,$Xl,$t2 + vpmull.p64 $j3,$H2,$I1 @ H^2·Ii+1 + veor $j1,$j1,$I1 + vext.8 $Xl,$Xl,$Xl,#8 + + vpmull2.p64 $I1,$H2,$I1 + veor $t0,$I0,$Xl + vpmull2.p64 $j1,$Hhl,$j1 + vext.8 $IN,$t0,$t0,#8 + + veor $Yl,$Yl,$j3 + veor $Yh,$Yh,$I1 + veor $Ym,$Ym,$j1 + + vpmull.p64 $Xl,$H3,$IN @ H^3·(Xi+Ii) + veor $t0,$t0,$IN + vpmull2.p64 $Xh,$H3,$IN + vpmull.p64 $Xm,$H34,$t0 + + veor $Xl,$Xl,$Yl + veor $Xh,$Xh,$Yh + veor $Xm,$Xm,$Ym + b .Ldone4x + +.align 4 +.Ltwo: + vext.8 $t1,$Xl,$Xh,#8 @ Karatsuba post-processing + veor $t2,$Xl,$Xh + veor $Xm,$Xm,$t1 + vld1.64 {$I0-$j1},[$inp] + veor $Xm,$Xm,$t2 +#ifndef __ARMEB__ + vrev64.8 $j1,$j1 + vrev64.8 $I0,$I0 +#endif + + vpmull.p64 $t2,$Xl,$xC2 @ 1st phase of reduction + vmov $Xh#lo,$Xm#hi @ Xh|Xm - 256-bit result + vmov $Xm#hi,$Xl#lo @ Xm is rotated Xl + vext.8 $I1,$j1,$j1,#8 + veor $Xl,$Xm,$t2 + + vext.8 $t2,$Xl,$Xl,#8 @ 2nd phase of reduction + vpmull.p64 $Xl,$Xl,$xC2 + veor $t2,$t2,$Xh + veor $Xl,$Xl,$t2 + vext.8 $Xl,$Xl,$Xl,#8 + + vpmull.p64 $Yl,$H,$I1 @ H·Ii+1 + veor $j1,$j1,$I1 + + veor $t0,$I0,$Xl + vext.8 $IN,$t0,$t0,#8 + + vpmull2.p64 $Yh,$H,$I1 + vpmull.p64 $Ym,$Hhl,$j1 + + vpmull.p64 $Xl,$H2,$IN @ H^2·(Xi+Ii) + veor $t0,$t0,$IN + vpmull2.p64 $Xh,$H2,$IN + vpmull2.p64 $Xm,$Hhl,$t0 + + veor $Xl,$Xl,$Yl + veor $Xh,$Xh,$Yh + veor $Xm,$Xm,$Ym + b .Ldone4x + +.align 4 +.Lone: + vext.8 $t1,$Xl,$Xh,#8 @ Karatsuba post-processing + veor $t2,$Xl,$Xh + veor $Xm,$Xm,$t1 + vld1.64 {$I0},[$inp] + veor $Xm,$Xm,$t2 +#ifndef __ARMEB__ + vrev64.8 $I0,$I0 +#endif + + vpmull.p64 $t2,$Xl,$xC2 @ 1st phase of reduction + vmov $Xh#lo,$Xm#hi @ Xh|Xm - 256-bit result + vmov $Xm#hi,$Xl#lo @ Xm is rotated Xl + veor $Xl,$Xm,$t2 + + vext.8 $t2,$Xl,$Xl,#8 @ 2nd phase of reduction + vpmull.p64 $Xl,$Xl,$xC2 + veor $t2,$t2,$Xh + veor $Xl,$Xl,$t2 + vext.8 $Xl,$Xl,$Xl,#8 + + veor $t0,$I0,$Xl + vext.8 $IN,$t0,$t0,#8 + + vpmull.p64 $Xl,$H,$IN + veor $t0,$t0,$IN + vpmull2.p64 $Xh,$H,$IN + vpmull.p64 $Xm,$Hhl,$t0 + +.Ldone4x: + vext.8 $t1,$Xl,$Xh,#8 @ Karatsuba post-processing + veor $t2,$Xl,$Xh + veor $Xm,$Xm,$t1 + veor $Xm,$Xm,$t2 + + vpmull.p64 $t2,$Xl,$xC2 @ 1st phase of reduction + vmov $Xh#lo,$Xm#hi @ Xh|Xm - 256-bit result + vmov $Xm#hi,$Xl#lo @ Xm is rotated Xl + veor $Xl,$Xm,$t2 + + vext.8 $t2,$Xl,$Xl,#8 @ 2nd phase of reduction + vpmull.p64 $Xl,$Xl,$xC2 + veor $t2,$t2,$Xh + veor $Xl,$Xl,$t2 + vext.8 $Xl,$Xl,$Xl,#8 + +#ifndef __ARMEB__ + vrev64.8 $Xl,$Xl +#endif + vst1.64 {$Xl},[$Xi] @ write out Xi + + ret +.size gcm_ghash_v8_4x,.-gcm_ghash_v8_4x +___ + } +} + $code.=<<___; .asciz "GHASH for ARMv8, CRYPTOGAMS by " .align 2 @@ -360,7 +708,8 @@ my $arg=shift; $arg =~ m/q([0-9]+)#(lo|hi),\s*q([0-9]+)#(lo|hi)/o && - sprintf "ins v%d.d[%d],v%d.d[%d]",$1,($2 eq "lo")?0:1,$3,($4 eq "lo")?0:1; + sprintf "ins v%d.d[%d],v%d.d[%d]",$1<8?$1:$1+8,($2 eq "lo")?0:1, + $3<8?$3:$3+8,($4 eq "lo")?0:1; } foreach(split("\n",$code)) { s/cclr\s+([wx])([^,]+),\s*([a-z]+)/csel $1$2,$1zr,$1$2,$3/o or @@ -375,7 +724,7 @@ s/\bq([0-9]+)\b/"v".($1<8?$1:$1+8).".16b"/geo; # old->new registers s/@\s/\/\//o; # old->new style commentary - # fix up remainig legacy suffixes + # fix up remaining legacy suffixes s/\.[ui]?8(\s)/$1/o; s/\.[uis]?32//o and s/\.16b/\.4s/go; m/\.p64/o and s/\.16b/\.1q/o; # 1st pmull argument @@ -415,7 +764,7 @@ s/\bv([0-9])\.[12468]+[bsd]\b/q$1/go; # new->old registers s/\/\/\s?/@ /o; # new->old style commentary - # fix up remainig new-style suffixes + # fix up remaining new-style suffixes s/\],#[0-9]+/]!/o; s/cclr\s+([^,]+),\s*([a-z]+)/mov$2 $1,#0/o or diff --git a/deps/openssl/openssl/crypto/modes/build.info b/deps/openssl/openssl/crypto/modes/build.info index b794c5041a87e7..821340eb909a29 100644 --- a/deps/openssl/openssl/crypto/modes/build.info +++ b/deps/openssl/openssl/crypto/modes/build.info @@ -6,8 +6,9 @@ SOURCE[../../libcrypto]=\ INCLUDE[gcm128.o]=.. -GENERATE[ghash-ia64.s]=asm/ghash-ia64.pl $(CFLAGS) $(LIB_CFLAGS) -GENERATE[ghash-x86.s]=asm/ghash-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR) +GENERATE[ghash-ia64.s]=asm/ghash-ia64.pl $(LIB_CFLAGS) $(LIB_CPPFLAGS) +GENERATE[ghash-x86.s]=asm/ghash-x86.pl \ + $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR) GENERATE[ghash-x86_64.s]=asm/ghash-x86_64.pl $(PERLASM_SCHEME) GENERATE[aesni-gcm-x86_64.s]=asm/aesni-gcm-x86_64.pl $(PERLASM_SCHEME) GENERATE[ghash-sparcv9.S]=asm/ghash-sparcv9.pl $(PERLASM_SCHEME) diff --git a/deps/openssl/openssl/crypto/modes/cts128.c b/deps/openssl/openssl/crypto/modes/cts128.c index 77ec994b4f608c..93826a1e2f06c8 100644 --- a/deps/openssl/openssl/crypto/modes/cts128.c +++ b/deps/openssl/openssl/crypto/modes/cts128.c @@ -328,196 +328,3 @@ size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out, #endif return 16 + len + residue; } - -#if defined(SELFTEST) -# include -# include - -/* test vectors from RFC 3962 */ -static const unsigned char test_key[16] = "chicken teriyaki"; -static const unsigned char test_input[64] = - "I would like the" " General Gau's C" - "hicken, please, " "and wonton soup."; -static const unsigned char test_iv[16] = - { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; - -static const unsigned char vector_17[17] = { - 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4, - 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f, - 0x97 -}; - -static const unsigned char vector_31[31] = { - 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1, - 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22, - 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, - 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5 -}; - -static const unsigned char vector_32[32] = { - 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, - 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8, - 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, - 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84 -}; - -static const unsigned char vector_47[47] = { - 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, - 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, - 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c, - 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e, - 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, - 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5 -}; - -static const unsigned char vector_48[48] = { - 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, - 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, - 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0, - 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8, - 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, - 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8 -}; - -static const unsigned char vector_64[64] = { - 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, - 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, - 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, - 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8, - 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5, - 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40, - 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0, - 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8 -}; - -static AES_KEY encks, decks; - -void test_vector(const unsigned char *vector, size_t len) -{ - unsigned char iv[sizeof(test_iv)]; - unsigned char cleartext[64], ciphertext[64]; - size_t tail; - - printf("vector_%d\n", len); - fflush(stdout); - - if ((tail = len % 16) == 0) - tail = 16; - tail += 16; - - /* test block-based encryption */ - memcpy(iv, test_iv, sizeof(test_iv)); - CRYPTO_cts128_encrypt_block(test_input, ciphertext, len, &encks, iv, - (block128_f) AES_encrypt); - if (memcmp(ciphertext, vector, len)) - fprintf(stderr, "output_%d mismatch\n", len), exit(1); - if (memcmp(iv, vector + len - tail, sizeof(iv))) - fprintf(stderr, "iv_%d mismatch\n", len), exit(1); - - /* test block-based decryption */ - memcpy(iv, test_iv, sizeof(test_iv)); - CRYPTO_cts128_decrypt_block(ciphertext, cleartext, len, &decks, iv, - (block128_f) AES_decrypt); - if (memcmp(cleartext, test_input, len)) - fprintf(stderr, "input_%d mismatch\n", len), exit(2); - if (memcmp(iv, vector + len - tail, sizeof(iv))) - fprintf(stderr, "iv_%d mismatch\n", len), exit(2); - - /* test streamed encryption */ - memcpy(iv, test_iv, sizeof(test_iv)); - CRYPTO_cts128_encrypt(test_input, ciphertext, len, &encks, iv, - (cbc128_f) AES_cbc_encrypt); - if (memcmp(ciphertext, vector, len)) - fprintf(stderr, "output_%d mismatch\n", len), exit(3); - if (memcmp(iv, vector + len - tail, sizeof(iv))) - fprintf(stderr, "iv_%d mismatch\n", len), exit(3); - - /* test streamed decryption */ - memcpy(iv, test_iv, sizeof(test_iv)); - CRYPTO_cts128_decrypt(ciphertext, cleartext, len, &decks, iv, - (cbc128_f) AES_cbc_encrypt); - if (memcmp(cleartext, test_input, len)) - fprintf(stderr, "input_%d mismatch\n", len), exit(4); - if (memcmp(iv, vector + len - tail, sizeof(iv))) - fprintf(stderr, "iv_%d mismatch\n", len), exit(4); -} - -void test_nistvector(const unsigned char *vector, size_t len) -{ - unsigned char iv[sizeof(test_iv)]; - unsigned char cleartext[64], ciphertext[64], nistvector[64]; - size_t tail; - - printf("nistvector_%d\n", len); - fflush(stdout); - - if ((tail = len % 16) == 0) - tail = 16; - - len -= 16 + tail; - memcpy(nistvector, vector, len); - /* flip two last blocks */ - memcpy(nistvector + len, vector + len + 16, tail); - memcpy(nistvector + len + tail, vector + len, 16); - len += 16 + tail; - tail = 16; - - /* test block-based encryption */ - memcpy(iv, test_iv, sizeof(test_iv)); - CRYPTO_nistcts128_encrypt_block(test_input, ciphertext, len, &encks, iv, - (block128_f) AES_encrypt); - if (memcmp(ciphertext, nistvector, len)) - fprintf(stderr, "output_%d mismatch\n", len), exit(1); - if (memcmp(iv, nistvector + len - tail, sizeof(iv))) - fprintf(stderr, "iv_%d mismatch\n", len), exit(1); - - /* test block-based decryption */ - memcpy(iv, test_iv, sizeof(test_iv)); - CRYPTO_nistcts128_decrypt_block(ciphertext, cleartext, len, &decks, iv, - (block128_f) AES_decrypt); - if (memcmp(cleartext, test_input, len)) - fprintf(stderr, "input_%d mismatch\n", len), exit(2); - if (memcmp(iv, nistvector + len - tail, sizeof(iv))) - fprintf(stderr, "iv_%d mismatch\n", len), exit(2); - - /* test streamed encryption */ - memcpy(iv, test_iv, sizeof(test_iv)); - CRYPTO_nistcts128_encrypt(test_input, ciphertext, len, &encks, iv, - (cbc128_f) AES_cbc_encrypt); - if (memcmp(ciphertext, nistvector, len)) - fprintf(stderr, "output_%d mismatch\n", len), exit(3); - if (memcmp(iv, nistvector + len - tail, sizeof(iv))) - fprintf(stderr, "iv_%d mismatch\n", len), exit(3); - - /* test streamed decryption */ - memcpy(iv, test_iv, sizeof(test_iv)); - CRYPTO_nistcts128_decrypt(ciphertext, cleartext, len, &decks, iv, - (cbc128_f) AES_cbc_encrypt); - if (memcmp(cleartext, test_input, len)) - fprintf(stderr, "input_%d mismatch\n", len), exit(4); - if (memcmp(iv, nistvector + len - tail, sizeof(iv))) - fprintf(stderr, "iv_%d mismatch\n", len), exit(4); -} - -int main() -{ - AES_set_encrypt_key(test_key, 128, &encks); - AES_set_decrypt_key(test_key, 128, &decks); - - test_vector(vector_17, sizeof(vector_17)); - test_vector(vector_31, sizeof(vector_31)); - test_vector(vector_32, sizeof(vector_32)); - test_vector(vector_47, sizeof(vector_47)); - test_vector(vector_48, sizeof(vector_48)); - test_vector(vector_64, sizeof(vector_64)); - - test_nistvector(vector_17, sizeof(vector_17)); - test_nistvector(vector_31, sizeof(vector_31)); - test_nistvector(vector_32, sizeof(vector_32)); - test_nistvector(vector_47, sizeof(vector_47)); - test_nistvector(vector_48, sizeof(vector_48)); - test_nistvector(vector_64, sizeof(vector_64)); - - return 0; -} -#endif diff --git a/deps/openssl/openssl/crypto/modes/gcm128.c b/deps/openssl/openssl/crypto/modes/gcm128.c index a2b05c4d6c3f13..15f76e3e86bc77 100644 --- a/deps/openssl/openssl/crypto/modes/gcm128.c +++ b/deps/openssl/openssl/crypto/modes/gcm128.c @@ -1,5 +1,5 @@ /* - * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -209,7 +209,7 @@ static void gcm_gmult_8bit(u64 Xi[2], const u128 Htable[256]) } } -# define GCM_MUL(ctx,Xi) gcm_gmult_8bit(ctx->Xi.u,ctx->Htable) +# define GCM_MUL(ctx) gcm_gmult_8bit(ctx->Xi.u,ctx->Htable) #elif TABLE_BITS==4 @@ -550,7 +550,7 @@ void gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16], const u8 *inp, size_t len); # endif -# define GCM_MUL(ctx,Xi) gcm_gmult_4bit(ctx->Xi.u,ctx->Htable) +# define GCM_MUL(ctx) gcm_gmult_4bit(ctx->Xi.u,ctx->Htable) # if defined(GHASH_ASM) || !defined(OPENSSL_SMALL_FOOTPRINT) # define GHASH(ctx,in,len) gcm_ghash_4bit((ctx)->Xi.u,(ctx)->Htable,in,len) /* @@ -624,7 +624,7 @@ static void gcm_gmult_1bit(u64 Xi[2], const u64 H[2]) } } -# define GCM_MUL(ctx,Xi) gcm_gmult_1bit(ctx->Xi.u,ctx->H.u) +# define GCM_MUL(ctx) gcm_gmult_1bit(ctx->Xi.u,ctx->H.u) #endif @@ -703,7 +703,7 @@ void gcm_ghash_p8(u64 Xi[2], const u128 Htable[16], const u8 *inp, #ifdef GCM_FUNCREF_4BIT # undef GCM_MUL -# define GCM_MUL(ctx,Xi) (*gcm_gmult_p)(ctx->Xi.u,ctx->Htable) +# define GCM_MUL(ctx) (*gcm_gmult_p)(ctx->Xi.u,ctx->Htable) # ifdef GHASH # undef GHASH # define GHASH(ctx,in,len) (*gcm_ghash_p)(ctx->Xi.u,ctx->Htable,in,len) @@ -836,10 +836,6 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv, void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; #endif - ctx->Yi.u[0] = 0; - ctx->Yi.u[1] = 0; - ctx->Xi.u[0] = 0; - ctx->Xi.u[1] = 0; ctx->len.u[0] = 0; /* AAD length */ ctx->len.u[1] = 0; /* message length */ ctx->ares = 0; @@ -847,53 +843,68 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv, if (len == 12) { memcpy(ctx->Yi.c, iv, 12); + ctx->Yi.c[12] = 0; + ctx->Yi.c[13] = 0; + ctx->Yi.c[14] = 0; ctx->Yi.c[15] = 1; ctr = 1; } else { size_t i; u64 len0 = len; + /* Borrow ctx->Xi to calculate initial Yi */ + ctx->Xi.u[0] = 0; + ctx->Xi.u[1] = 0; + while (len >= 16) { for (i = 0; i < 16; ++i) - ctx->Yi.c[i] ^= iv[i]; - GCM_MUL(ctx, Yi); + ctx->Xi.c[i] ^= iv[i]; + GCM_MUL(ctx); iv += 16; len -= 16; } if (len) { for (i = 0; i < len; ++i) - ctx->Yi.c[i] ^= iv[i]; - GCM_MUL(ctx, Yi); + ctx->Xi.c[i] ^= iv[i]; + GCM_MUL(ctx); } len0 <<= 3; if (is_endian.little) { #ifdef BSWAP8 - ctx->Yi.u[1] ^= BSWAP8(len0); + ctx->Xi.u[1] ^= BSWAP8(len0); #else - ctx->Yi.c[8] ^= (u8)(len0 >> 56); - ctx->Yi.c[9] ^= (u8)(len0 >> 48); - ctx->Yi.c[10] ^= (u8)(len0 >> 40); - ctx->Yi.c[11] ^= (u8)(len0 >> 32); - ctx->Yi.c[12] ^= (u8)(len0 >> 24); - ctx->Yi.c[13] ^= (u8)(len0 >> 16); - ctx->Yi.c[14] ^= (u8)(len0 >> 8); - ctx->Yi.c[15] ^= (u8)(len0); + ctx->Xi.c[8] ^= (u8)(len0 >> 56); + ctx->Xi.c[9] ^= (u8)(len0 >> 48); + ctx->Xi.c[10] ^= (u8)(len0 >> 40); + ctx->Xi.c[11] ^= (u8)(len0 >> 32); + ctx->Xi.c[12] ^= (u8)(len0 >> 24); + ctx->Xi.c[13] ^= (u8)(len0 >> 16); + ctx->Xi.c[14] ^= (u8)(len0 >> 8); + ctx->Xi.c[15] ^= (u8)(len0); #endif - } else - ctx->Yi.u[1] ^= len0; + } else { + ctx->Xi.u[1] ^= len0; + } - GCM_MUL(ctx, Yi); + GCM_MUL(ctx); if (is_endian.little) #ifdef BSWAP4 - ctr = BSWAP4(ctx->Yi.d[3]); + ctr = BSWAP4(ctx->Xi.d[3]); #else - ctr = GETU32(ctx->Yi.c + 12); + ctr = GETU32(ctx->Xi.c + 12); #endif else - ctr = ctx->Yi.d[3]; + ctr = ctx->Xi.d[3]; + + /* Copy borrowed Xi to Yi */ + ctx->Yi.u[0] = ctx->Xi.u[0]; + ctx->Yi.u[1] = ctx->Xi.u[1]; } + ctx->Xi.u[0] = 0; + ctx->Xi.u[1] = 0; + (*ctx->block) (ctx->Yi.c, ctx->EK0.c, ctx->key); ++ctr; if (is_endian.little) @@ -936,7 +947,7 @@ int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const unsigned char *aad, n = (n + 1) % 16; } if (n == 0) - GCM_MUL(ctx, Xi); + GCM_MUL(ctx); else { ctx->ares = n; return 0; @@ -952,7 +963,7 @@ int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const unsigned char *aad, while (len >= 16) { for (i = 0; i < 16; ++i) ctx->Xi.c[i] ^= aad[i]; - GCM_MUL(ctx, Xi); + GCM_MUL(ctx); aad += 16; len -= 16; } @@ -975,7 +986,7 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, long one; char little; } is_endian = { 1 }; - unsigned int n, ctr; + unsigned int n, ctr, mres; size_t i; u64 mlen = ctx->len.u[1]; block128_f block = ctx->block; @@ -993,9 +1004,23 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, return -1; ctx->len.u[1] = mlen; + mres = ctx->mres; + if (ctx->ares) { /* First call to encrypt finalizes GHASH(AAD) */ - GCM_MUL(ctx, Xi); +#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) + if (len == 0) { + GCM_MUL(ctx); + ctx->ares = 0; + return 0; + } + memcpy(ctx->Xn, ctx->Xi.c, sizeof(ctx->Xi)); + ctx->Xi.u[0] = 0; + ctx->Xi.u[1] = 0; + mres = sizeof(ctx->Xi); +#else + GCM_MUL(ctx); +#endif ctx->ares = 0; } @@ -1008,28 +1033,48 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, else ctr = ctx->Yi.d[3]; - n = ctx->mres; + n = mres % 16; #if !defined(OPENSSL_SMALL_FOOTPRINT) if (16 % sizeof(size_t) == 0) { /* always true actually */ do { if (n) { +# if defined(GHASH) + while (n && len) { + ctx->Xn[mres++] = *(out++) = *(in++) ^ ctx->EKi.c[n]; + --len; + n = (n + 1) % 16; + } + if (n == 0) { + GHASH(ctx, ctx->Xn, mres); + mres = 0; + } else { + ctx->mres = mres; + return 0; + } +# else while (n && len) { ctx->Xi.c[n] ^= *(out++) = *(in++) ^ ctx->EKi.c[n]; --len; n = (n + 1) % 16; } - if (n == 0) - GCM_MUL(ctx, Xi); - else { + if (n == 0) { + GCM_MUL(ctx); + mres = 0; + } else { ctx->mres = n; return 0; } +# endif } # if defined(STRICT_ALIGNMENT) if (((size_t)in | (size_t)out) % sizeof(size_t) != 0) break; # endif # if defined(GHASH) + if (len >= 16 && mres) { + GHASH(ctx, ctx->Xn, mres); + mres = 0; + } # if defined(GHASH_CHUNK) while (len >= GHASH_CHUNK) { size_t j = GHASH_CHUNK; @@ -1100,7 +1145,7 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, ctx->Yi.d[3] = ctr; for (i = 0; i < 16 / sizeof(size_t); ++i) ctx->Xi.t[i] ^= out_t[i] = in_t[i] ^ ctx->EKi.t[i]; - GCM_MUL(ctx, Xi); + GCM_MUL(ctx); out += 16; in += 16; len -= 16; @@ -1117,13 +1162,21 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, # endif else ctx->Yi.d[3] = ctr; +# if defined(GHASH) + while (len--) { + ctx->Xn[mres++] = out[n] = in[n] ^ ctx->EKi.c[n]; + ++n; + } +# else while (len--) { ctx->Xi.c[n] ^= out[n] = in[n] ^ ctx->EKi.c[n]; ++n; } + mres = n; +# endif } - ctx->mres = n; + ctx->mres = mres; return 0; } while (0); } @@ -1141,13 +1194,22 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, else ctx->Yi.d[3] = ctr; } - ctx->Xi.c[n] ^= out[i] = in[i] ^ ctx->EKi.c[n]; +#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) + ctx->Xn[mres++] = out[i] = in[i] ^ ctx->EKi.c[n]; n = (n + 1) % 16; + if (mres == sizeof(ctx->Xn)) { + GHASH(ctx,ctx->Xn,sizeof(ctx->Xn)); + mres = 0; + } +#else + ctx->Xi.c[n] ^= out[i] = in[i] ^ ctx->EKi.c[n]; + mres = n = (n + 1) % 16; if (n == 0) - GCM_MUL(ctx, Xi); + GCM_MUL(ctx); +#endif } - ctx->mres = n; + ctx->mres = mres; return 0; } @@ -1159,7 +1221,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, long one; char little; } is_endian = { 1 }; - unsigned int n, ctr; + unsigned int n, ctr, mres; size_t i; u64 mlen = ctx->len.u[1]; block128_f block = ctx->block; @@ -1177,9 +1239,23 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, return -1; ctx->len.u[1] = mlen; + mres = ctx->mres; + if (ctx->ares) { /* First call to decrypt finalizes GHASH(AAD) */ - GCM_MUL(ctx, Xi); +#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) + if (len == 0) { + GCM_MUL(ctx); + ctx->ares = 0; + return 0; + } + memcpy(ctx->Xn, ctx->Xi.c, sizeof(ctx->Xi)); + ctx->Xi.u[0] = 0; + ctx->Xi.u[1] = 0; + mres = sizeof(ctx->Xi); +#else + GCM_MUL(ctx); +#endif ctx->ares = 0; } @@ -1192,11 +1268,25 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, else ctr = ctx->Yi.d[3]; - n = ctx->mres; + n = mres % 16; #if !defined(OPENSSL_SMALL_FOOTPRINT) if (16 % sizeof(size_t) == 0) { /* always true actually */ do { if (n) { +# if defined(GHASH) + while (n && len) { + *(out++) = (ctx->Xn[mres++] = *(in++)) ^ ctx->EKi.c[n]; + --len; + n = (n + 1) % 16; + } + if (n == 0) { + GHASH(ctx, ctx->Xn, mres); + mres = 0; + } else { + ctx->mres = mres; + return 0; + } +# else while (n && len) { u8 c = *(in++); *(out++) = c ^ ctx->EKi.c[n]; @@ -1204,18 +1294,24 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, --len; n = (n + 1) % 16; } - if (n == 0) - GCM_MUL(ctx, Xi); - else { + if (n == 0) { + GCM_MUL(ctx); + mres = 0; + } else { ctx->mres = n; return 0; } +# endif } # if defined(STRICT_ALIGNMENT) if (((size_t)in | (size_t)out) % sizeof(size_t) != 0) break; # endif # if defined(GHASH) + if (len >= 16 && mres) { + GHASH(ctx, ctx->Xn, mres); + mres = 0; + } # if defined(GHASH_CHUNK) while (len >= GHASH_CHUNK) { size_t j = GHASH_CHUNK; @@ -1287,7 +1383,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, out[i] = c ^ ctx->EKi.t[i]; ctx->Xi.t[i] ^= c; } - GCM_MUL(ctx, Xi); + GCM_MUL(ctx); out += 16; in += 16; len -= 16; @@ -1304,15 +1400,23 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, # endif else ctx->Yi.d[3] = ctr; +# if defined(GHASH) + while (len--) { + out[n] = (ctx->Xn[mres++] = in[n]) ^ ctx->EKi.c[n]; + ++n; + } +# else while (len--) { u8 c = in[n]; ctx->Xi.c[n] ^= c; out[n] = c ^ ctx->EKi.c[n]; ++n; } + mres = n; +# endif } - ctx->mres = n; + ctx->mres = mres; return 0; } while (0); } @@ -1331,15 +1435,24 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, else ctx->Yi.d[3] = ctr; } +#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) + out[i] = (ctx->Xn[mres++] = c = in[i]) ^ ctx->EKi.c[n]; + n = (n + 1) % 16; + if (mres == sizeof(ctx->Xn)) { + GHASH(ctx,ctx->Xn,sizeof(ctx->Xn)); + mres = 0; + } +#else c = in[i]; out[i] = c ^ ctx->EKi.c[n]; ctx->Xi.c[n] ^= c; - n = (n + 1) % 16; + mres = n = (n + 1) % 16; if (n == 0) - GCM_MUL(ctx, Xi); + GCM_MUL(ctx); +#endif } - ctx->mres = n; + ctx->mres = mres; return 0; } @@ -1354,7 +1467,7 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, long one; char little; } is_endian = { 1 }; - unsigned int n, ctr; + unsigned int n, ctr, mres; size_t i; u64 mlen = ctx->len.u[1]; void *key = ctx->key; @@ -1371,9 +1484,23 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, return -1; ctx->len.u[1] = mlen; + mres = ctx->mres; + if (ctx->ares) { /* First call to encrypt finalizes GHASH(AAD) */ - GCM_MUL(ctx, Xi); +#if defined(GHASH) + if (len == 0) { + GCM_MUL(ctx); + ctx->ares = 0; + return 0; + } + memcpy(ctx->Xn, ctx->Xi.c, sizeof(ctx->Xi)); + ctx->Xi.u[0] = 0; + ctx->Xi.u[1] = 0; + mres = sizeof(ctx->Xi); +#else + GCM_MUL(ctx); +#endif ctx->ares = 0; } @@ -1386,30 +1513,51 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, else ctr = ctx->Yi.d[3]; - n = ctx->mres; + n = mres % 16; if (n) { +# if defined(GHASH) + while (n && len) { + ctx->Xn[mres++] = *(out++) = *(in++) ^ ctx->EKi.c[n]; + --len; + n = (n + 1) % 16; + } + if (n == 0) { + GHASH(ctx, ctx->Xn, mres); + mres = 0; + } else { + ctx->mres = mres; + return 0; + } +# else while (n && len) { ctx->Xi.c[n] ^= *(out++) = *(in++) ^ ctx->EKi.c[n]; --len; n = (n + 1) % 16; } - if (n == 0) - GCM_MUL(ctx, Xi); - else { + if (n == 0) { + GCM_MUL(ctx); + mres = 0; + } else { ctx->mres = n; return 0; } +# endif } -# if defined(GHASH) && defined(GHASH_CHUNK) +# if defined(GHASH) + if (len >= 16 && mres) { + GHASH(ctx, ctx->Xn, mres); + mres = 0; + } +# if defined(GHASH_CHUNK) while (len >= GHASH_CHUNK) { (*stream) (in, out, GHASH_CHUNK / 16, key, ctx->Yi.c); ctr += GHASH_CHUNK / 16; if (is_endian.little) -# ifdef BSWAP4 +# ifdef BSWAP4 ctx->Yi.d[3] = BSWAP4(ctr); -# else +# else PUTU32(ctx->Yi.c + 12, ctr); -# endif +# endif else ctx->Yi.d[3] = ctr; GHASH(ctx, out, GHASH_CHUNK); @@ -1417,6 +1565,7 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, in += GHASH_CHUNK; len -= GHASH_CHUNK; } +# endif # endif if ((i = (len & (size_t)-16))) { size_t j = i / 16; @@ -1440,7 +1589,7 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, while (j--) { for (i = 0; i < 16; ++i) ctx->Xi.c[i] ^= out[i]; - GCM_MUL(ctx, Xi); + GCM_MUL(ctx); out += 16; } # endif @@ -1457,12 +1606,16 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, else ctx->Yi.d[3] = ctr; while (len--) { - ctx->Xi.c[n] ^= out[n] = in[n] ^ ctx->EKi.c[n]; +# if defined(GHASH) + ctx->Xn[mres++] = out[n] = in[n] ^ ctx->EKi.c[n]; +# else + ctx->Xi.c[mres++] ^= out[n] = in[n] ^ ctx->EKi.c[n]; +# endif ++n; } } - ctx->mres = n; + ctx->mres = mres; return 0; #endif } @@ -1478,7 +1631,7 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, long one; char little; } is_endian = { 1 }; - unsigned int n, ctr; + unsigned int n, ctr, mres; size_t i; u64 mlen = ctx->len.u[1]; void *key = ctx->key; @@ -1495,9 +1648,23 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, return -1; ctx->len.u[1] = mlen; + mres = ctx->mres; + if (ctx->ares) { /* First call to decrypt finalizes GHASH(AAD) */ - GCM_MUL(ctx, Xi); +# if defined(GHASH) + if (len == 0) { + GCM_MUL(ctx); + ctx->ares = 0; + return 0; + } + memcpy(ctx->Xn, ctx->Xi.c, sizeof(ctx->Xi)); + ctx->Xi.u[0] = 0; + ctx->Xi.u[1] = 0; + mres = sizeof(ctx->Xi); +# else + GCM_MUL(ctx); +# endif ctx->ares = 0; } @@ -1510,8 +1677,22 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, else ctr = ctx->Yi.d[3]; - n = ctx->mres; + n = mres % 16; if (n) { +# if defined(GHASH) + while (n && len) { + *(out++) = (ctx->Xn[mres++] = *(in++)) ^ ctx->EKi.c[n]; + --len; + n = (n + 1) % 16; + } + if (n == 0) { + GHASH(ctx, ctx->Xn, mres); + mres = 0; + } else { + ctx->mres = mres; + return 0; + } +# else while (n && len) { u8 c = *(in++); *(out++) = c ^ ctx->EKi.c[n]; @@ -1519,30 +1700,38 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, --len; n = (n + 1) % 16; } - if (n == 0) - GCM_MUL(ctx, Xi); - else { + if (n == 0) { + GCM_MUL(ctx); + mres = 0; + } else { ctx->mres = n; return 0; } +# endif } -# if defined(GHASH) && defined(GHASH_CHUNK) +# if defined(GHASH) + if (len >= 16 && mres) { + GHASH(ctx, ctx->Xn, mres); + mres = 0; + } +# if defined(GHASH_CHUNK) while (len >= GHASH_CHUNK) { GHASH(ctx, in, GHASH_CHUNK); (*stream) (in, out, GHASH_CHUNK / 16, key, ctx->Yi.c); ctr += GHASH_CHUNK / 16; if (is_endian.little) -# ifdef BSWAP4 +# ifdef BSWAP4 ctx->Yi.d[3] = BSWAP4(ctr); -# else +# else PUTU32(ctx->Yi.c + 12, ctr); -# endif +# endif else ctx->Yi.d[3] = ctr; out += GHASH_CHUNK; in += GHASH_CHUNK; len -= GHASH_CHUNK; } +# endif # endif if ((i = (len & (size_t)-16))) { size_t j = i / 16; @@ -1554,7 +1743,7 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, size_t k; for (k = 0; k < 16; ++k) ctx->Xi.c[k] ^= in[k]; - GCM_MUL(ctx, Xi); + GCM_MUL(ctx); in += 16; } j = i / 16; @@ -1586,14 +1775,18 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, else ctx->Yi.d[3] = ctr; while (len--) { +# if defined(GHASH) + out[n] = (ctx->Xn[mres++] = in[n]) ^ ctx->EKi.c[n]; +# else u8 c = in[n]; - ctx->Xi.c[n] ^= c; + ctx->Xi.c[mres++] ^= c; out[n] = c ^ ctx->EKi.c[n]; +# endif ++n; } } - ctx->mres = n; + ctx->mres = mres; return 0; #endif } @@ -1609,10 +1802,32 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag, u64 clen = ctx->len.u[1] << 3; #ifdef GCM_FUNCREF_4BIT void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; +# if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) + void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16], + const u8 *inp, size_t len) = ctx->ghash; +# endif #endif +#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) + u128 bitlen; + unsigned int mres = ctx->mres; + + if (mres) { + unsigned blocks = (mres + 15) & -16; + + memset(ctx->Xn + mres, 0, blocks - mres); + mres = blocks; + if (mres == sizeof(ctx->Xn)) { + GHASH(ctx, ctx->Xn, mres); + mres = 0; + } + } else if (ctx->ares) { + GCM_MUL(ctx); + } +#else if (ctx->mres || ctx->ares) - GCM_MUL(ctx, Xi); + GCM_MUL(ctx); +#endif if (is_endian.little) { #ifdef BSWAP8 @@ -1629,9 +1844,17 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag, #endif } +#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) + bitlen.hi = alen; + bitlen.lo = clen; + memcpy(ctx->Xn + mres, &bitlen, sizeof(bitlen)); + mres += sizeof(bitlen); + GHASH(ctx, ctx->Xn, mres); +#else ctx->Xi.u[0] ^= alen; ctx->Xi.u[1] ^= clen; - GCM_MUL(ctx, Xi); + GCM_MUL(ctx); +#endif ctx->Xi.u[0] ^= ctx->EK0.u[0]; ctx->Xi.u[1] ^= ctx->EK0.u[1]; @@ -1663,639 +1886,3 @@ void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx) { OPENSSL_clear_free(ctx, sizeof(*ctx)); } - -#if defined(SELFTEST) -# include -# include - -/* Test Case 1 */ -static const u8 K1[16], *P1 = NULL, *A1 = NULL, IV1[12], *C1 = NULL; -static const u8 T1[] = { - 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61, - 0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a -}; - -/* Test Case 2 */ -# define K2 K1 -# define A2 A1 -# define IV2 IV1 -static const u8 P2[16]; -static const u8 C2[] = { - 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92, - 0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78 -}; - -static const u8 T2[] = { - 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd, - 0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf -}; - -/* Test Case 3 */ -# define A3 A2 -static const u8 K3[] = { - 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, - 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 -}; - -static const u8 P3[] = { - 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, - 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, - 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, - 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, - 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, - 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, - 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, - 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 -}; - -static const u8 IV3[] = { - 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, - 0xde, 0xca, 0xf8, 0x88 -}; - -static const u8 C3[] = { - 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24, - 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c, - 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0, - 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e, - 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c, - 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05, - 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97, - 0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85 -}; - -static const u8 T3[] = { - 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6, - 0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4 -}; - -/* Test Case 4 */ -# define K4 K3 -# define IV4 IV3 -static const u8 P4[] = { - 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, - 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, - 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, - 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, - 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, - 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, - 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, - 0xba, 0x63, 0x7b, 0x39 -}; - -static const u8 A4[] = { - 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, - 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, - 0xab, 0xad, 0xda, 0xd2 -}; - -static const u8 C4[] = { - 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24, - 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c, - 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0, - 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e, - 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c, - 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05, - 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97, - 0x3d, 0x58, 0xe0, 0x91 -}; - -static const u8 T4[] = { - 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb, - 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47 -}; - -/* Test Case 5 */ -# define K5 K4 -# define P5 P4 -# define A5 A4 -static const u8 IV5[] = { - 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad -}; - -static const u8 C5[] = { - 0x61, 0x35, 0x3b, 0x4c, 0x28, 0x06, 0x93, 0x4a, - 0x77, 0x7f, 0xf5, 0x1f, 0xa2, 0x2a, 0x47, 0x55, - 0x69, 0x9b, 0x2a, 0x71, 0x4f, 0xcd, 0xc6, 0xf8, - 0x37, 0x66, 0xe5, 0xf9, 0x7b, 0x6c, 0x74, 0x23, - 0x73, 0x80, 0x69, 0x00, 0xe4, 0x9f, 0x24, 0xb2, - 0x2b, 0x09, 0x75, 0x44, 0xd4, 0x89, 0x6b, 0x42, - 0x49, 0x89, 0xb5, 0xe1, 0xeb, 0xac, 0x0f, 0x07, - 0xc2, 0x3f, 0x45, 0x98 -}; - -static const u8 T5[] = { - 0x36, 0x12, 0xd2, 0xe7, 0x9e, 0x3b, 0x07, 0x85, - 0x56, 0x1b, 0xe1, 0x4a, 0xac, 0xa2, 0xfc, 0xcb -}; - -/* Test Case 6 */ -# define K6 K5 -# define P6 P5 -# define A6 A5 -static const u8 IV6[] = { - 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5, - 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa, - 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1, - 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28, - 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39, - 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54, - 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57, - 0xa6, 0x37, 0xb3, 0x9b -}; - -static const u8 C6[] = { - 0x8c, 0xe2, 0x49, 0x98, 0x62, 0x56, 0x15, 0xb6, - 0x03, 0xa0, 0x33, 0xac, 0xa1, 0x3f, 0xb8, 0x94, - 0xbe, 0x91, 0x12, 0xa5, 0xc3, 0xa2, 0x11, 0xa8, - 0xba, 0x26, 0x2a, 0x3c, 0xca, 0x7e, 0x2c, 0xa7, - 0x01, 0xe4, 0xa9, 0xa4, 0xfb, 0xa4, 0x3c, 0x90, - 0xcc, 0xdc, 0xb2, 0x81, 0xd4, 0x8c, 0x7c, 0x6f, - 0xd6, 0x28, 0x75, 0xd2, 0xac, 0xa4, 0x17, 0x03, - 0x4c, 0x34, 0xae, 0xe5 -}; - -static const u8 T6[] = { - 0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa, - 0x46, 0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50 -}; - -/* Test Case 7 */ -static const u8 K7[24], *P7 = NULL, *A7 = NULL, IV7[12], *C7 = NULL; -static const u8 T7[] = { - 0xcd, 0x33, 0xb2, 0x8a, 0xc7, 0x73, 0xf7, 0x4b, - 0xa0, 0x0e, 0xd1, 0xf3, 0x12, 0x57, 0x24, 0x35 -}; - -/* Test Case 8 */ -# define K8 K7 -# define IV8 IV7 -# define A8 A7 -static const u8 P8[16]; -static const u8 C8[] = { - 0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41, - 0x1c, 0x26, 0x7e, 0x43, 0x84, 0xb0, 0xf6, 0x00 -}; - -static const u8 T8[] = { - 0x2f, 0xf5, 0x8d, 0x80, 0x03, 0x39, 0x27, 0xab, - 0x8e, 0xf4, 0xd4, 0x58, 0x75, 0x14, 0xf0, 0xfb -}; - -/* Test Case 9 */ -# define A9 A8 -static const u8 K9[] = { - 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, - 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, - 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c -}; - -static const u8 P9[] = { - 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, - 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, - 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, - 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, - 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, - 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, - 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, - 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 -}; - -static const u8 IV9[] = { - 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, - 0xde, 0xca, 0xf8, 0x88 -}; - -static const u8 C9[] = { - 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41, - 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57, - 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84, - 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c, - 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25, - 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47, - 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9, - 0xcc, 0xda, 0x27, 0x10, 0xac, 0xad, 0xe2, 0x56 -}; - -static const u8 T9[] = { - 0x99, 0x24, 0xa7, 0xc8, 0x58, 0x73, 0x36, 0xbf, - 0xb1, 0x18, 0x02, 0x4d, 0xb8, 0x67, 0x4a, 0x14 -}; - -/* Test Case 10 */ -# define K10 K9 -# define IV10 IV9 -static const u8 P10[] = { - 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, - 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, - 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, - 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, - 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, - 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, - 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, - 0xba, 0x63, 0x7b, 0x39 -}; - -static const u8 A10[] = { - 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, - 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, - 0xab, 0xad, 0xda, 0xd2 -}; - -static const u8 C10[] = { - 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41, - 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57, - 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84, - 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c, - 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25, - 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47, - 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9, - 0xcc, 0xda, 0x27, 0x10 -}; - -static const u8 T10[] = { - 0x25, 0x19, 0x49, 0x8e, 0x80, 0xf1, 0x47, 0x8f, - 0x37, 0xba, 0x55, 0xbd, 0x6d, 0x27, 0x61, 0x8c -}; - -/* Test Case 11 */ -# define K11 K10 -# define P11 P10 -# define A11 A10 -static const u8 IV11[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad }; - -static const u8 C11[] = { - 0x0f, 0x10, 0xf5, 0x99, 0xae, 0x14, 0xa1, 0x54, - 0xed, 0x24, 0xb3, 0x6e, 0x25, 0x32, 0x4d, 0xb8, - 0xc5, 0x66, 0x63, 0x2e, 0xf2, 0xbb, 0xb3, 0x4f, - 0x83, 0x47, 0x28, 0x0f, 0xc4, 0x50, 0x70, 0x57, - 0xfd, 0xdc, 0x29, 0xdf, 0x9a, 0x47, 0x1f, 0x75, - 0xc6, 0x65, 0x41, 0xd4, 0xd4, 0xda, 0xd1, 0xc9, - 0xe9, 0x3a, 0x19, 0xa5, 0x8e, 0x8b, 0x47, 0x3f, - 0xa0, 0xf0, 0x62, 0xf7 -}; - -static const u8 T11[] = { - 0x65, 0xdc, 0xc5, 0x7f, 0xcf, 0x62, 0x3a, 0x24, - 0x09, 0x4f, 0xcc, 0xa4, 0x0d, 0x35, 0x33, 0xf8 -}; - -/* Test Case 12 */ -# define K12 K11 -# define P12 P11 -# define A12 A11 -static const u8 IV12[] = { - 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5, - 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa, - 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1, - 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28, - 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39, - 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54, - 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57, - 0xa6, 0x37, 0xb3, 0x9b -}; - -static const u8 C12[] = { - 0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c, - 0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff, - 0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef, - 0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45, - 0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9, - 0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3, - 0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7, - 0xe9, 0xb7, 0x37, 0x3b -}; - -static const u8 T12[] = { - 0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb, - 0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9 -}; - -/* Test Case 13 */ -static const u8 K13[32], *P13 = NULL, *A13 = NULL, IV13[12], *C13 = NULL; -static const u8 T13[] = { - 0x53, 0x0f, 0x8a, 0xfb, 0xc7, 0x45, 0x36, 0xb9, - 0xa9, 0x63, 0xb4, 0xf1, 0xc4, 0xcb, 0x73, 0x8b -}; - -/* Test Case 14 */ -# define K14 K13 -# define A14 A13 -static const u8 P14[16], IV14[12]; -static const u8 C14[] = { - 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, - 0x07, 0x4e, 0xc5, 0xd3, 0xba, 0xf3, 0x9d, 0x18 -}; - -static const u8 T14[] = { - 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, - 0x26, 0x5b, 0x98, 0xb5, 0xd4, 0x8a, 0xb9, 0x19 -}; - -/* Test Case 15 */ -# define A15 A14 -static const u8 K15[] = { - 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, - 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, - 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, - 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 -}; - -static const u8 P15[] = { - 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, - 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, - 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, - 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, - 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, - 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, - 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, - 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 -}; - -static const u8 IV15[] = { - 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, - 0xde, 0xca, 0xf8, 0x88 -}; - -static const u8 C15[] = { - 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, - 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d, - 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, - 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, - 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d, - 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, - 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, - 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad -}; - -static const u8 T15[] = { - 0xb0, 0x94, 0xda, 0xc5, 0xd9, 0x34, 0x71, 0xbd, - 0xec, 0x1a, 0x50, 0x22, 0x70, 0xe3, 0xcc, 0x6c -}; - -/* Test Case 16 */ -# define K16 K15 -# define IV16 IV15 -static const u8 P16[] = { - 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, - 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, - 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, - 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, - 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, - 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, - 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, - 0xba, 0x63, 0x7b, 0x39 -}; - -static const u8 A16[] = { - 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, - 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, - 0xab, 0xad, 0xda, 0xd2 -}; - -static const u8 C16[] = { - 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, - 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d, - 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, - 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, - 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d, - 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, - 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, - 0xbc, 0xc9, 0xf6, 0x62 -}; - -static const u8 T16[] = { - 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, - 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b -}; - -/* Test Case 17 */ -# define K17 K16 -# define P17 P16 -# define A17 A16 -static const u8 IV17[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad }; - -static const u8 C17[] = { - 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, - 0xae, 0x47, 0xc1, 0x3b, 0xf1, 0x98, 0x44, 0xcb, - 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa, - 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, - 0xfe, 0xb5, 0x82, 0xd3, 0x39, 0x34, 0xa4, 0xf0, - 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78, - 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, - 0xf4, 0x7c, 0x9b, 0x1f -}; - -static const u8 T17[] = { - 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, - 0x5e, 0x45, 0x49, 0x13, 0xfe, 0x2e, 0xa8, 0xf2 -}; - -/* Test Case 18 */ -# define K18 K17 -# define P18 P17 -# define A18 A17 -static const u8 IV18[] = { - 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5, - 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa, - 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1, - 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28, - 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39, - 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54, - 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57, - 0xa6, 0x37, 0xb3, 0x9b -}; - -static const u8 C18[] = { - 0x5a, 0x8d, 0xef, 0x2f, 0x0c, 0x9e, 0x53, 0xf1, - 0xf7, 0x5d, 0x78, 0x53, 0x65, 0x9e, 0x2a, 0x20, - 0xee, 0xb2, 0xb2, 0x2a, 0xaf, 0xde, 0x64, 0x19, - 0xa0, 0x58, 0xab, 0x4f, 0x6f, 0x74, 0x6b, 0xf4, - 0x0f, 0xc0, 0xc3, 0xb7, 0x80, 0xf2, 0x44, 0x45, - 0x2d, 0xa3, 0xeb, 0xf1, 0xc5, 0xd8, 0x2c, 0xde, - 0xa2, 0x41, 0x89, 0x97, 0x20, 0x0e, 0xf8, 0x2e, - 0x44, 0xae, 0x7e, 0x3f -}; - -static const u8 T18[] = { - 0xa4, 0x4a, 0x82, 0x66, 0xee, 0x1c, 0x8e, 0xb0, - 0xc8, 0xb5, 0xd4, 0xcf, 0x5a, 0xe9, 0xf1, 0x9a -}; - -/* Test Case 19 */ -# define K19 K1 -# define P19 P1 -# define IV19 IV1 -# define C19 C1 -static const u8 A19[] = { - 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, - 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, - 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, - 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, - 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, - 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, - 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, - 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55, - 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, - 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d, - 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, - 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, - 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d, - 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, - 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, - 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad -}; - -static const u8 T19[] = { - 0x5f, 0xea, 0x79, 0x3a, 0x2d, 0x6f, 0x97, 0x4d, - 0x37, 0xe6, 0x8e, 0x0c, 0xb8, 0xff, 0x94, 0x92 -}; - -/* Test Case 20 */ -# define K20 K1 -# define A20 A1 -/* this results in 0xff in counter LSB */ -static const u8 IV20[64] = { 0xff, 0xff, 0xff, 0xff }; - -static const u8 P20[288]; -static const u8 C20[] = { - 0x56, 0xb3, 0x37, 0x3c, 0xa9, 0xef, 0x6e, 0x4a, - 0x2b, 0x64, 0xfe, 0x1e, 0x9a, 0x17, 0xb6, 0x14, - 0x25, 0xf1, 0x0d, 0x47, 0xa7, 0x5a, 0x5f, 0xce, - 0x13, 0xef, 0xc6, 0xbc, 0x78, 0x4a, 0xf2, 0x4f, - 0x41, 0x41, 0xbd, 0xd4, 0x8c, 0xf7, 0xc7, 0x70, - 0x88, 0x7a, 0xfd, 0x57, 0x3c, 0xca, 0x54, 0x18, - 0xa9, 0xae, 0xff, 0xcd, 0x7c, 0x5c, 0xed, 0xdf, - 0xc6, 0xa7, 0x83, 0x97, 0xb9, 0xa8, 0x5b, 0x49, - 0x9d, 0xa5, 0x58, 0x25, 0x72, 0x67, 0xca, 0xab, - 0x2a, 0xd0, 0xb2, 0x3c, 0xa4, 0x76, 0xa5, 0x3c, - 0xb1, 0x7f, 0xb4, 0x1c, 0x4b, 0x8b, 0x47, 0x5c, - 0xb4, 0xf3, 0xf7, 0x16, 0x50, 0x94, 0xc2, 0x29, - 0xc9, 0xe8, 0xc4, 0xdc, 0x0a, 0x2a, 0x5f, 0xf1, - 0x90, 0x3e, 0x50, 0x15, 0x11, 0x22, 0x13, 0x76, - 0xa1, 0xcd, 0xb8, 0x36, 0x4c, 0x50, 0x61, 0xa2, - 0x0c, 0xae, 0x74, 0xbc, 0x4a, 0xcd, 0x76, 0xce, - 0xb0, 0xab, 0xc9, 0xfd, 0x32, 0x17, 0xef, 0x9f, - 0x8c, 0x90, 0xbe, 0x40, 0x2d, 0xdf, 0x6d, 0x86, - 0x97, 0xf4, 0xf8, 0x80, 0xdf, 0xf1, 0x5b, 0xfb, - 0x7a, 0x6b, 0x28, 0x24, 0x1e, 0xc8, 0xfe, 0x18, - 0x3c, 0x2d, 0x59, 0xe3, 0xf9, 0xdf, 0xff, 0x65, - 0x3c, 0x71, 0x26, 0xf0, 0xac, 0xb9, 0xe6, 0x42, - 0x11, 0xf4, 0x2b, 0xae, 0x12, 0xaf, 0x46, 0x2b, - 0x10, 0x70, 0xbe, 0xf1, 0xab, 0x5e, 0x36, 0x06, - 0x87, 0x2c, 0xa1, 0x0d, 0xee, 0x15, 0xb3, 0x24, - 0x9b, 0x1a, 0x1b, 0x95, 0x8f, 0x23, 0x13, 0x4c, - 0x4b, 0xcc, 0xb7, 0xd0, 0x32, 0x00, 0xbc, 0xe4, - 0x20, 0xa2, 0xf8, 0xeb, 0x66, 0xdc, 0xf3, 0x64, - 0x4d, 0x14, 0x23, 0xc1, 0xb5, 0x69, 0x90, 0x03, - 0xc1, 0x3e, 0xce, 0xf4, 0xbf, 0x38, 0xa3, 0xb6, - 0x0e, 0xed, 0xc3, 0x40, 0x33, 0xba, 0xc1, 0x90, - 0x27, 0x83, 0xdc, 0x6d, 0x89, 0xe2, 0xe7, 0x74, - 0x18, 0x8a, 0x43, 0x9c, 0x7e, 0xbc, 0xc0, 0x67, - 0x2d, 0xbd, 0xa4, 0xdd, 0xcf, 0xb2, 0x79, 0x46, - 0x13, 0xb0, 0xbe, 0x41, 0x31, 0x5e, 0xf7, 0x78, - 0x70, 0x8a, 0x70, 0xee, 0x7d, 0x75, 0x16, 0x5c -}; - -static const u8 T20[] = { - 0x8b, 0x30, 0x7f, 0x6b, 0x33, 0x28, 0x6d, 0x0a, - 0xb0, 0x26, 0xa9, 0xed, 0x3f, 0xe1, 0xe8, 0x5f -}; - -# define TEST_CASE(n) do { \ - u8 out[sizeof(P##n)]; \ - AES_set_encrypt_key(K##n,sizeof(K##n)*8,&key); \ - CRYPTO_gcm128_init(&ctx,&key,(block128_f)AES_encrypt); \ - CRYPTO_gcm128_setiv(&ctx,IV##n,sizeof(IV##n)); \ - memset(out,0,sizeof(out)); \ - if (A##n) CRYPTO_gcm128_aad(&ctx,A##n,sizeof(A##n)); \ - if (P##n) CRYPTO_gcm128_encrypt(&ctx,P##n,out,sizeof(out)); \ - if (CRYPTO_gcm128_finish(&ctx,T##n,16) || \ - (C##n && memcmp(out,C##n,sizeof(out)))) \ - ret++, printf ("encrypt test#%d failed.\n",n); \ - CRYPTO_gcm128_setiv(&ctx,IV##n,sizeof(IV##n)); \ - memset(out,0,sizeof(out)); \ - if (A##n) CRYPTO_gcm128_aad(&ctx,A##n,sizeof(A##n)); \ - if (C##n) CRYPTO_gcm128_decrypt(&ctx,C##n,out,sizeof(out)); \ - if (CRYPTO_gcm128_finish(&ctx,T##n,16) || \ - (P##n && memcmp(out,P##n,sizeof(out)))) \ - ret++, printf ("decrypt test#%d failed.\n",n); \ - } while(0) - -int main() -{ - GCM128_CONTEXT ctx; - AES_KEY key; - int ret = 0; - - TEST_CASE(1); - TEST_CASE(2); - TEST_CASE(3); - TEST_CASE(4); - TEST_CASE(5); - TEST_CASE(6); - TEST_CASE(7); - TEST_CASE(8); - TEST_CASE(9); - TEST_CASE(10); - TEST_CASE(11); - TEST_CASE(12); - TEST_CASE(13); - TEST_CASE(14); - TEST_CASE(15); - TEST_CASE(16); - TEST_CASE(17); - TEST_CASE(18); - TEST_CASE(19); - TEST_CASE(20); - -# ifdef OPENSSL_CPUID_OBJ - { - size_t start, stop, gcm_t, ctr_t, OPENSSL_rdtsc(); - union { - u64 u; - u8 c[1024]; - } buf; - int i; - - AES_set_encrypt_key(K1, sizeof(K1) * 8, &key); - CRYPTO_gcm128_init(&ctx, &key, (block128_f) AES_encrypt); - CRYPTO_gcm128_setiv(&ctx, IV1, sizeof(IV1)); - - CRYPTO_gcm128_encrypt(&ctx, buf.c, buf.c, sizeof(buf)); - start = OPENSSL_rdtsc(); - CRYPTO_gcm128_encrypt(&ctx, buf.c, buf.c, sizeof(buf)); - gcm_t = OPENSSL_rdtsc() - start; - - CRYPTO_ctr128_encrypt(buf.c, buf.c, sizeof(buf), - &key, ctx.Yi.c, ctx.EKi.c, &ctx.mres, - (block128_f) AES_encrypt); - start = OPENSSL_rdtsc(); - CRYPTO_ctr128_encrypt(buf.c, buf.c, sizeof(buf), - &key, ctx.Yi.c, ctx.EKi.c, &ctx.mres, - (block128_f) AES_encrypt); - ctr_t = OPENSSL_rdtsc() - start; - - printf("%.2f-%.2f=%.2f\n", - gcm_t / (double)sizeof(buf), - ctr_t / (double)sizeof(buf), - (gcm_t - ctr_t) / (double)sizeof(buf)); -# ifdef GHASH - { - void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16], - const u8 *inp, size_t len) = ctx.ghash; - - GHASH((&ctx), buf.c, sizeof(buf)); - start = OPENSSL_rdtsc(); - for (i = 0; i < 100; ++i) - GHASH((&ctx), buf.c, sizeof(buf)); - gcm_t = OPENSSL_rdtsc() - start; - printf("%.2f\n", gcm_t / (double)sizeof(buf) / (double)i); - } -# endif - } -# endif - - return ret; -} -#endif diff --git a/deps/openssl/openssl/crypto/modes/modes_lcl.h b/deps/openssl/openssl/crypto/modes/modes_lcl.h index 4fc32e190fb3ea..f2ae01d11afd2a 100644 --- a/deps/openssl/openssl/crypto/modes/modes_lcl.h +++ b/deps/openssl/openssl/crypto/modes/modes_lcl.h @@ -73,6 +73,7 @@ typedef unsigned char u8; # endif # elif defined(_MSC_VER) # if _MSC_VER>=1300 +# include # pragma intrinsic(_byteswap_uint64,_byteswap_ulong) # define BSWAP8(x) _byteswap_uint64((u64)(x)) # define BSWAP4(x) _byteswap_ulong((u32)(x)) @@ -127,6 +128,9 @@ struct gcm128_context { unsigned int mres, ares; block128_f block; void *key; +#if !defined(OPENSSL_SMALL_FOOTPRINT) + unsigned char Xn[48]; +#endif }; struct xts128_context { diff --git a/deps/openssl/openssl/crypto/modes/ocb128.c b/deps/openssl/openssl/crypto/modes/ocb128.c index fc92b246bd5170..713b9aaf19d5ff 100644 --- a/deps/openssl/openssl/crypto/modes/ocb128.c +++ b/deps/openssl/openssl/crypto/modes/ocb128.c @@ -9,6 +9,7 @@ #include #include +#include #include "modes_lcl.h" #ifndef OPENSSL_NO_OCB @@ -41,22 +42,13 @@ static u32 ocb_ntz(u64 n) static void ocb_block_lshift(const unsigned char *in, size_t shift, unsigned char *out) { - unsigned char shift_mask; int i; - unsigned char mask[15]; + unsigned char carry = 0, carry_next; - shift_mask = 0xff; - shift_mask <<= (8 - shift); for (i = 15; i >= 0; i--) { - if (i > 0) { - mask[i - 1] = in[i] & shift_mask; - mask[i - 1] >>= 8 - shift; - } - out[i] = in[i] << shift; - - if (i != 15) { - out[i] ^= mask[i]; - } + carry_next = in[i] >> (8 - shift); + out[i] = (in[i] << shift) | carry; + carry = carry_next; } } @@ -73,7 +65,7 @@ static void ocb_double(OCB_BLOCK *in, OCB_BLOCK *out) */ mask = in->c[0] & 0x80; mask >>= 7; - mask *= 135; + mask = (0 - mask) & 0x87; ocb_block_lshift(in->c, 1, out->c); @@ -118,8 +110,7 @@ static OCB_BLOCK *ocb_lookup_l(OCB128_CONTEXT *ctx, size_t idx) * the index. */ ctx->max_l_index += (idx - ctx->max_l_index + 4) & ~3; - tmp_ptr = - OPENSSL_realloc(ctx->l, ctx->max_l_index * sizeof(OCB_BLOCK)); + tmp_ptr = OPENSSL_realloc(ctx->l, ctx->max_l_index * sizeof(OCB_BLOCK)); if (tmp_ptr == NULL) /* prevent ctx->l from being clobbered */ return NULL; ctx->l = tmp_ptr; @@ -164,9 +155,10 @@ int CRYPTO_ocb128_init(OCB128_CONTEXT *ctx, void *keyenc, void *keydec, memset(ctx, 0, sizeof(*ctx)); ctx->l_index = 0; ctx->max_l_index = 5; - ctx->l = OPENSSL_malloc(ctx->max_l_index * 16); - if (ctx->l == NULL) + if ((ctx->l = OPENSSL_malloc(ctx->max_l_index * 16)) == NULL) { + CRYPTOerr(CRYPTO_F_CRYPTO_OCB128_INIT, ERR_R_MALLOC_FAILURE); return 0; + } /* * We set both the encryption and decryption key schedules - decryption @@ -210,9 +202,10 @@ int CRYPTO_ocb128_copy_ctx(OCB128_CONTEXT *dest, OCB128_CONTEXT *src, if (keydec) dest->keydec = keydec; if (src->l) { - dest->l = OPENSSL_malloc(src->max_l_index * 16); - if (dest->l == NULL) + if ((dest->l = OPENSSL_malloc(src->max_l_index * 16)) == NULL) { + CRYPTOerr(CRYPTO_F_CRYPTO_OCB128_COPY_CTX, ERR_R_MALLOC_FAILURE); return 0; + } memcpy(dest->l, src->l, (src->l_index + 1) * 16); } return 1; diff --git a/deps/openssl/openssl/crypto/modes/wrap128.c b/deps/openssl/openssl/crypto/modes/wrap128.c index 46809a0e742dfc..d7e56cc260adbf 100644 --- a/deps/openssl/openssl/crypto/modes/wrap128.c +++ b/deps/openssl/openssl/crypto/modes/wrap128.c @@ -1,5 +1,5 @@ /* - * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -237,7 +237,7 @@ size_t CRYPTO_128_wrap_pad(void *key, const unsigned char *icv, * * @param[in] key Key value. * @param[in] icv (Non-standard) IV, 4 bytes. NULL = use default_aiv. - * @param[out] out Plaintext. Minimal buffer length = inlen bytes. + * @param[out] out Plaintext. Minimal buffer length = (inlen - 8) bytes. * Input and output buffers can overlap if block function * supports that. * @param[in] in Ciphertext as n 64-bit blocks. @@ -267,7 +267,6 @@ size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv, if ((inlen & 0x7) != 0 || inlen < 16 || inlen >= CRYPTO128_WRAP_MAX) return 0; - memmove(out, in, inlen); if (inlen == 16) { /* * Section 4.2 - special case in step 1: When n=1, the ciphertext @@ -275,14 +274,17 @@ size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv, * single AES block using AES in ECB mode: AIV | P[1] = DEC(K, C[0] | * C[1]) */ - block(out, out, key); - memcpy(aiv, out, 8); + unsigned char buff[16]; + + block(in, buff, key); + memcpy(aiv, buff, 8); /* Remove AIV */ - memmove(out, out + 8, 8); + memcpy(out, buff + 8, 8); padded_len = 8; + OPENSSL_cleanse(buff, inlen); } else { padded_len = inlen - 8; - ret = crypto_128_unwrap_raw(key, aiv, out, out, inlen, block); + ret = crypto_128_unwrap_raw(key, aiv, out, in, inlen, block); if (padded_len != ret) { OPENSSL_cleanse(out, inlen); return 0; diff --git a/deps/openssl/openssl/crypto/o_dir.c b/deps/openssl/openssl/crypto/o_dir.c index 7019383dd01e66..fca9c75e053385 100644 --- a/deps/openssl/openssl/crypto/o_dir.c +++ b/deps/openssl/openssl/crypto/o_dir.c @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ +#include "e_os.h" #include -#include /* * The routines really come from the Levitte Programming, so to make life diff --git a/deps/openssl/openssl/crypto/o_fips.c b/deps/openssl/openssl/crypto/o_fips.c index bf6db65fedc02e..050ea9c216cf6a 100644 --- a/deps/openssl/openssl/crypto/o_fips.c +++ b/deps/openssl/openssl/crypto/o_fips.c @@ -8,27 +8,17 @@ */ #include "internal/cryptlib.h" -#ifdef OPENSSL_FIPS -# include -#endif int FIPS_mode(void) { -#ifdef OPENSSL_FIPS - return FIPS_module_mode(); -#else + /* This version of the library does not support FIPS mode. */ return 0; -#endif } int FIPS_mode_set(int r) { -#ifdef OPENSSL_FIPS - return FIPS_module_mode_set(r); -#else if (r == 0) return 1; CRYPTOerr(CRYPTO_F_FIPS_MODE_SET, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED); return 0; -#endif } diff --git a/deps/openssl/openssl/crypto/o_fopen.c b/deps/openssl/openssl/crypto/o_fopen.c index bfd5af1151d4ed..7d51ad725426c5 100644 --- a/deps/openssl/openssl/crypto/o_fopen.c +++ b/deps/openssl/openssl/crypto/o_fopen.c @@ -25,11 +25,15 @@ # endif # endif +#include "e_os.h" #include "internal/cryptlib.h" #if !defined(OPENSSL_NO_STDIO) # include +# ifdef __DJGPP__ +# include +# endif FILE *openssl_fopen(const char *filename, const char *mode) { @@ -79,13 +83,14 @@ FILE *openssl_fopen(const char *filename, const char *mode) { char *newname = NULL; - if (!HAS_LFN_SUPPORT(filename)) { + if (pathconf(filename, _PC_NAME_MAX) <= 12) { /* 8.3 file system? */ char *iterator; char lastchar; - newname = OPENSSL_malloc(strlen(filename) + 1); - if (newname == NULL) + if ((newname = OPENSSL_malloc(strlen(filename) + 1)) == NULL) { + CRYPTOerr(CRYPTO_F_OPENSSL_FOPEN, ERR_R_MALLOC_FAILURE); return NULL; + } for (iterator = newname, lastchar = '\0'; *filename; filename++, iterator++) { diff --git a/deps/openssl/openssl/crypto/o_init.c b/deps/openssl/openssl/crypto/o_init.c index 2e0c126095f6c2..ed6b1303d8adf5 100644 --- a/deps/openssl/openssl/crypto/o_init.c +++ b/deps/openssl/openssl/crypto/o_init.c @@ -7,28 +7,15 @@ * https://www.openssl.org/source/license.html */ -#include +#include "e_os.h" #include -#ifdef OPENSSL_FIPS -# include -# include -#endif /* - * Perform any essential OpenSSL initialization operations. Currently only - * sets FIPS callbacks + * Perform any essential OpenSSL initialization operations. Currently does + * nothing. */ void OPENSSL_init(void) { - static int done = 0; - if (done) - return; - done = 1; -#ifdef OPENSSL_FIPS - FIPS_set_locking_callbacks(CRYPTO_lock, CRYPTO_add_lock); - FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata); - FIPS_set_malloc_callbacks(CRYPTO_malloc, CRYPTO_free); - RAND_init_fips(); -#endif + return; } diff --git a/deps/openssl/openssl/crypto/o_str.c b/deps/openssl/openssl/crypto/o_str.c index 528655aa8ce8a8..a8357691ad66e9 100644 --- a/deps/openssl/openssl/crypto/o_str.c +++ b/deps/openssl/openssl/crypto/o_str.c @@ -1,5 +1,5 @@ /* - * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2003-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,9 +7,8 @@ * https://www.openssl.org/source/license.html */ -#include +#include "e_os.h" #include -#include #include #include "internal/cryptlib.h" #include "internal/o_str.h" @@ -28,14 +27,12 @@ int OPENSSL_memcmp(const void *v1, const void *v2, size_t n) char *CRYPTO_strdup(const char *str, const char* file, int line) { char *ret; - size_t size; if (str == NULL) return NULL; - size = strlen(str) + 1; - ret = CRYPTO_malloc(size, file, line); + ret = CRYPTO_malloc(strlen(str) + 1, file, line); if (ret != NULL) - memcpy(ret, str, size); + strcpy(ret, str); return ret; } diff --git a/deps/openssl/openssl/crypto/objects/README b/deps/openssl/openssl/crypto/objects/README index cb1d216ce8a7cd..700f9c5e54f964 100644 --- a/deps/openssl/openssl/crypto/objects/README +++ b/deps/openssl/openssl/crypto/objects/README @@ -16,7 +16,7 @@ The basic syntax for adding an object is as follows: create the C macros SN_base, LN_base, NID_base and OBJ_base. Note that if the base name contains spaces, dashes or periods, - those will be converte to underscore. + those will be converted to underscore. Then there are some extra commands: diff --git a/deps/openssl/openssl/crypto/objects/o_names.c b/deps/openssl/openssl/crypto/objects/o_names.c index 7fb0136c58f887..c4355370cb154b 100644 --- a/deps/openssl/openssl/crypto/objects/o_names.c +++ b/deps/openssl/openssl/crypto/objects/o_names.c @@ -44,7 +44,7 @@ static int obj_strcasecmp(const char *a, const char *b) */ static LHASH_OF(OBJ_NAME) *names_lh = NULL; static int names_type_num = OBJ_NAME_TYPE_NUM; -static CRYPTO_RWLOCK *lock = NULL; +static CRYPTO_RWLOCK *obj_lock = NULL; struct name_funcs_st { unsigned long (*hash_func) (const char *name); @@ -68,9 +68,9 @@ DEFINE_RUN_ONCE_STATIC(o_names_init) { CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); names_lh = lh_OBJ_NAME_new(obj_name_hash, obj_name_cmp); - lock = CRYPTO_THREAD_lock_new(); + obj_lock = CRYPTO_THREAD_lock_new(); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); - return names_lh != NULL && lock != NULL; + return names_lh != NULL && obj_lock != NULL; } int OBJ_NAME_init(void) @@ -88,7 +88,7 @@ int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *), if (!OBJ_NAME_init()) return 0; - CRYPTO_THREAD_write_lock(lock); + CRYPTO_THREAD_write_lock(obj_lock); if (name_funcs_stack == NULL) { CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); @@ -133,7 +133,7 @@ int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *), name_funcs->free_func = free_func; out: - CRYPTO_THREAD_unlock(lock); + CRYPTO_THREAD_unlock(obj_lock); return ret; } @@ -179,7 +179,7 @@ const char *OBJ_NAME_get(const char *name, int type) return NULL; if (!OBJ_NAME_init()) return NULL; - CRYPTO_THREAD_read_lock(lock); + CRYPTO_THREAD_read_lock(obj_lock); alias = type & OBJ_NAME_ALIAS; type &= ~OBJ_NAME_ALIAS; @@ -201,7 +201,7 @@ const char *OBJ_NAME_get(const char *name, int type) } } - CRYPTO_THREAD_unlock(lock); + CRYPTO_THREAD_unlock(obj_lock); return value; } @@ -211,7 +211,7 @@ int OBJ_NAME_add(const char *name, int type, const char *data) int alias, ok = 0; if (!OBJ_NAME_init()) - return 0; + return 0; alias = type & OBJ_NAME_ALIAS; type &= ~OBJ_NAME_ALIAS; @@ -227,7 +227,7 @@ int OBJ_NAME_add(const char *name, int type, const char *data) onp->type = type; onp->data = data; - CRYPTO_THREAD_write_lock(lock); + CRYPTO_THREAD_write_lock(obj_lock); ret = lh_OBJ_NAME_insert(names_lh, onp); if (ret != NULL) { @@ -254,7 +254,7 @@ int OBJ_NAME_add(const char *name, int type, const char *data) ok = 1; unlock: - CRYPTO_THREAD_unlock(lock); + CRYPTO_THREAD_unlock(obj_lock); return ok; } @@ -266,7 +266,7 @@ int OBJ_NAME_remove(const char *name, int type) if (!OBJ_NAME_init()) return 0; - CRYPTO_THREAD_write_lock(lock); + CRYPTO_THREAD_write_lock(obj_lock); type &= ~OBJ_NAME_ALIAS; on.name = name; @@ -288,7 +288,7 @@ int OBJ_NAME_remove(const char *name, int type) ok = 1; } - CRYPTO_THREAD_unlock(lock); + CRYPTO_THREAD_unlock(obj_lock); return ok; } @@ -397,10 +397,10 @@ void OBJ_NAME_cleanup(int type) if (type < 0) { lh_OBJ_NAME_free(names_lh); sk_NAME_FUNCS_pop_free(name_funcs_stack, name_funcs_free); - CRYPTO_THREAD_lock_free(lock); + CRYPTO_THREAD_lock_free(obj_lock); names_lh = NULL; name_funcs_stack = NULL; - lock = NULL; + obj_lock = NULL; } else lh_OBJ_NAME_set_down_load(names_lh, down_load); } diff --git a/deps/openssl/openssl/crypto/objects/obj_dat.c b/deps/openssl/openssl/crypto/objects/obj_dat.c index 21a1f05befebd4..ef2d1e0ddaf2c1 100644 --- a/deps/openssl/openssl/crypto/objects/obj_dat.c +++ b/deps/openssl/openssl/crypto/objects/obj_dat.c @@ -8,7 +8,7 @@ */ #include -#include +#include "internal/ctype.h" #include #include "internal/cryptlib.h" #include @@ -40,14 +40,14 @@ static LHASH_OF(ADDED_OBJ) *added = NULL; static int sn_cmp(const ASN1_OBJECT *const *a, const unsigned int *b) { - return (strcmp((*a)->sn, nid_objs[*b].sn)); + return strcmp((*a)->sn, nid_objs[*b].sn); } IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, sn); static int ln_cmp(const ASN1_OBJECT *const *a, const unsigned int *b) { - return (strcmp((*a)->ln, nid_objs[*b].ln)); + return strcmp((*a)->ln, nid_objs[*b].ln); } IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, ln); @@ -82,7 +82,7 @@ static unsigned long added_obj_hash(const ADDED_OBJ *ca) } ret &= 0x3fffffffL; ret |= ((unsigned long)ca->type) << 30L; - return (ret); + return ret; } static int added_obj_cmp(const ADDED_OBJ *ca, const ADDED_OBJ *cb) @@ -92,31 +92,31 @@ static int added_obj_cmp(const ADDED_OBJ *ca, const ADDED_OBJ *cb) i = ca->type - cb->type; if (i) - return (i); + return i; a = ca->obj; b = cb->obj; switch (ca->type) { case ADDED_DATA: i = (a->length - b->length); if (i) - return (i); - return (memcmp(a->data, b->data, (size_t)a->length)); + return i; + return memcmp(a->data, b->data, (size_t)a->length); case ADDED_SNAME: if (a->sn == NULL) - return (-1); + return -1; else if (b->sn == NULL) - return (1); + return 1; else - return (strcmp(a->sn, b->sn)); + return strcmp(a->sn, b->sn); case ADDED_LNAME: if (a->ln == NULL) - return (-1); + return -1; else if (b->ln == NULL) - return (1); + return 1; else - return (strcmp(a->ln, b->ln)); + return strcmp(a->ln, b->ln); case ADDED_NID: - return (a->nid - b->nid); + return a->nid - b->nid; default: /* abort(); */ return 0; @@ -126,9 +126,9 @@ static int added_obj_cmp(const ADDED_OBJ *ca, const ADDED_OBJ *cb) static int init_added(void) { if (added != NULL) - return (1); + return 1; added = lh_ADDED_OBJ_new(added_obj_hash, added_obj_cmp); - return (added != NULL); + return added != NULL; } static void cleanup1_doall(ADDED_OBJ *a) @@ -168,7 +168,7 @@ int OBJ_new_nid(int num) i = new_nid; new_nid += num; - return (i); + return i; } int OBJ_add_object(const ASN1_OBJECT *obj) @@ -179,7 +179,7 @@ int OBJ_add_object(const ASN1_OBJECT *obj) if (added == NULL) if (!init_added()) - return (0); + return 0; if ((o = OBJ_dup(obj)) == NULL) goto err; if ((ao[ADDED_NID] = OPENSSL_malloc(sizeof(*ao[0]))) == NULL) @@ -207,7 +207,7 @@ int OBJ_add_object(const ASN1_OBJECT *obj) ~(ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS | ASN1_OBJECT_FLAG_DYNAMIC_DATA); - return (o->nid); + return o->nid; err2: OBJerr(OBJ_F_OBJ_ADD_OBJECT, ERR_R_MALLOC_FAILURE); err: @@ -225,21 +225,21 @@ ASN1_OBJECT *OBJ_nid2obj(int n) if ((n >= 0) && (n < NUM_NID)) { if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) { OBJerr(OBJ_F_OBJ_NID2OBJ, OBJ_R_UNKNOWN_NID); - return (NULL); + return NULL; } - return ((ASN1_OBJECT *)&(nid_objs[n])); + return (ASN1_OBJECT *)&(nid_objs[n]); } else if (added == NULL) - return (NULL); + return NULL; else { ad.type = ADDED_NID; ad.obj = &ob; ob.nid = n; adp = lh_ADDED_OBJ_retrieve(added, &ad); if (adp != NULL) - return (adp->obj); + return adp->obj; else { OBJerr(OBJ_F_OBJ_NID2OBJ, OBJ_R_UNKNOWN_NID); - return (NULL); + return NULL; } } } @@ -252,21 +252,21 @@ const char *OBJ_nid2sn(int n) if ((n >= 0) && (n < NUM_NID)) { if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) { OBJerr(OBJ_F_OBJ_NID2SN, OBJ_R_UNKNOWN_NID); - return (NULL); + return NULL; } - return (nid_objs[n].sn); + return nid_objs[n].sn; } else if (added == NULL) - return (NULL); + return NULL; else { ad.type = ADDED_NID; ad.obj = &ob; ob.nid = n; adp = lh_ADDED_OBJ_retrieve(added, &ad); if (adp != NULL) - return (adp->obj->sn); + return adp->obj->sn; else { OBJerr(OBJ_F_OBJ_NID2SN, OBJ_R_UNKNOWN_NID); - return (NULL); + return NULL; } } } @@ -279,21 +279,21 @@ const char *OBJ_nid2ln(int n) if ((n >= 0) && (n < NUM_NID)) { if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) { OBJerr(OBJ_F_OBJ_NID2LN, OBJ_R_UNKNOWN_NID); - return (NULL); + return NULL; } - return (nid_objs[n].ln); + return nid_objs[n].ln; } else if (added == NULL) - return (NULL); + return NULL; else { ad.type = ADDED_NID; ad.obj = &ob; ob.nid = n; adp = lh_ADDED_OBJ_retrieve(added, &ad); if (adp != NULL) - return (adp->obj->ln); + return adp->obj->ln; else { OBJerr(OBJ_F_OBJ_NID2LN, OBJ_R_UNKNOWN_NID); - return (NULL); + return NULL; } } } @@ -306,10 +306,10 @@ static int obj_cmp(const ASN1_OBJECT *const *ap, const unsigned int *bp) j = (a->length - b->length); if (j) - return (j); + return j; if (a->length == 0) return 0; - return (memcmp(a->data, b->data, a->length)); + return memcmp(a->data, b->data, a->length); } IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, obj); @@ -320,9 +320,9 @@ int OBJ_obj2nid(const ASN1_OBJECT *a) ADDED_OBJ ad, *adp; if (a == NULL) - return (NID_undef); + return NID_undef; if (a->nid != 0) - return (a->nid); + return a->nid; if (a->length == 0) return NID_undef; @@ -332,12 +332,12 @@ int OBJ_obj2nid(const ASN1_OBJECT *a) ad.obj = (ASN1_OBJECT *)a; /* XXX: ugly but harmless */ adp = lh_ADDED_OBJ_retrieve(added, &ad); if (adp != NULL) - return (adp->obj->nid); + return adp->obj->nid; } op = OBJ_bsearch_obj(&a, obj_objs, NUM_OBJ); if (op == NULL) - return (NID_undef); - return (nid_objs[*op].nid); + return NID_undef; + return nid_objs[*op].nid; } /* @@ -350,7 +350,7 @@ int OBJ_obj2nid(const ASN1_OBJECT *a) ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name) { int nid = NID_undef; - ASN1_OBJECT *op = NULL; + ASN1_OBJECT *op; unsigned char *buf; unsigned char *p; const unsigned char *cp; @@ -376,8 +376,10 @@ ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name) if (j < 0) return NULL; - if ((buf = OPENSSL_malloc(j)) == NULL) + if ((buf = OPENSSL_malloc(j)) == NULL) { + OBJerr(OBJ_F_OBJ_TXT2OBJ, ERR_R_MALLOC_FAILURE); return NULL; + } p = buf; /* Write out tag+length */ @@ -404,7 +406,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) buf[0] = '\0'; if ((a == NULL) || (a->data == NULL)) - return (0); + return 0; if (!no_name && (nid = OBJ_obj2nid(a)) != NID_undef) { const char *s; @@ -548,12 +550,12 @@ int OBJ_ln2nid(const char *s) ad.obj = &o; adp = lh_ADDED_OBJ_retrieve(added, &ad); if (adp != NULL) - return (adp->obj->nid); + return adp->obj->nid; } op = OBJ_bsearch_ln(&oo, ln_objs, NUM_LN); if (op == NULL) - return (NID_undef); - return (nid_objs[*op].nid); + return NID_undef; + return nid_objs[*op].nid; } int OBJ_sn2nid(const char *s) @@ -569,12 +571,12 @@ int OBJ_sn2nid(const char *s) ad.obj = &o; adp = lh_ADDED_OBJ_retrieve(added, &ad); if (adp != NULL) - return (adp->obj->nid); + return adp->obj->nid; } op = OBJ_bsearch_sn(&oo, sn_objs, NUM_SN); if (op == NULL) - return (NID_undef); - return (nid_objs[*op].nid); + return NID_undef; + return nid_objs[*op].nid; } const void *OBJ_bsearch_(const void *key, const void *base, int num, int size, @@ -593,7 +595,7 @@ const void *OBJ_bsearch_ex_(const void *key, const void *base_, int num, const char *p = NULL; if (num == 0) - return (NULL); + return NULL; l = 0; h = num; while (l < h) { @@ -629,7 +631,7 @@ const void *OBJ_bsearch_ex_(const void *key, const void *base_, int num, i--; p = &(base[i * size]); } - return (p); + return p; } /* @@ -646,26 +648,26 @@ int OBJ_create_objects(BIO *in) s = o = NULL; i = BIO_gets(in, buf, 512); if (i <= 0) - return (num); + return num; buf[i - 1] = '\0'; - if (!isalnum((unsigned char)buf[0])) - return (num); + if (!ossl_isalnum(buf[0])) + return num; o = s = buf; - while (isdigit((unsigned char)*s) || (*s == '.')) + while (ossl_isdigit(*s) || *s == '.') s++; if (*s != '\0') { *(s++) = '\0'; - while (isspace((unsigned char)*s)) + while (ossl_isspace(*s)) s++; if (*s == '\0') { s = NULL; } else { l = s; - while ((*l != '\0') && !isspace((unsigned char)*l)) + while (*l != '\0' && !ossl_isspace(*l)) l++; if (*l != '\0') { *(l++) = '\0'; - while (isspace((unsigned char)*l)) + while (ossl_isspace(*l)) l++; if (*l == '\0') { l = NULL; @@ -680,10 +682,9 @@ int OBJ_create_objects(BIO *in) if (*o == '\0') return num; if (!OBJ_create(o, s, l)) - return (num); + return num; num++; } - /* return(num); */ } int OBJ_create(const char *oid, const char *sn, const char *ln) diff --git a/deps/openssl/openssl/crypto/objects/obj_dat.h b/deps/openssl/openssl/crypto/objects/obj_dat.h index e1fc64f7c9b098..e931f7f516ca88 100644 --- a/deps/openssl/openssl/crypto/objects/obj_dat.h +++ b/deps/openssl/openssl/crypto/objects/obj_dat.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/objects/obj_dat.pl * - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at @@ -10,7 +10,7 @@ */ /* Serialized OID's */ -static const unsigned char so[6765] = { +static const unsigned char so[7762] = { 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */ @@ -861,109 +861,224 @@ static const unsigned char so[6765] = { 0x55,0x1D,0x25,0x00, /* [ 5946] OBJ_anyExtendedKeyUsage */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x08, /* [ 5950] OBJ_mgf1 */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0A, /* [ 5959] OBJ_rsassaPss */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x07, /* [ 5968] OBJ_rsaesOaep */ - 0x2A,0x86,0x48,0xCE,0x3E,0x02,0x01, /* [ 5977] OBJ_dhpublicnumber */ - 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x01, /* [ 5984] OBJ_brainpoolP160r1 */ - 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x02, /* [ 5993] OBJ_brainpoolP160t1 */ - 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x03, /* [ 6002] OBJ_brainpoolP192r1 */ - 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x04, /* [ 6011] OBJ_brainpoolP192t1 */ - 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x05, /* [ 6020] OBJ_brainpoolP224r1 */ - 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x06, /* [ 6029] OBJ_brainpoolP224t1 */ - 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07, /* [ 6038] OBJ_brainpoolP256r1 */ - 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x08, /* [ 6047] OBJ_brainpoolP256t1 */ - 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x09, /* [ 6056] OBJ_brainpoolP320r1 */ - 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0A, /* [ 6065] OBJ_brainpoolP320t1 */ - 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0B, /* [ 6074] OBJ_brainpoolP384r1 */ - 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0C, /* [ 6083] OBJ_brainpoolP384t1 */ - 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0D, /* [ 6092] OBJ_brainpoolP512r1 */ - 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0E, /* [ 6101] OBJ_brainpoolP512t1 */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x09, /* [ 6110] OBJ_pSpecified */ - 0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x02, /* [ 6119] OBJ_dhSinglePass_stdDH_sha1kdf_scheme */ - 0x2B,0x81,0x04,0x01,0x0B,0x00, /* [ 6128] OBJ_dhSinglePass_stdDH_sha224kdf_scheme */ - 0x2B,0x81,0x04,0x01,0x0B,0x01, /* [ 6134] OBJ_dhSinglePass_stdDH_sha256kdf_scheme */ - 0x2B,0x81,0x04,0x01,0x0B,0x02, /* [ 6140] OBJ_dhSinglePass_stdDH_sha384kdf_scheme */ - 0x2B,0x81,0x04,0x01,0x0B,0x03, /* [ 6146] OBJ_dhSinglePass_stdDH_sha512kdf_scheme */ - 0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x03, /* [ 6152] OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme */ - 0x2B,0x81,0x04,0x01,0x0E,0x00, /* [ 6161] OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme */ - 0x2B,0x81,0x04,0x01,0x0E,0x01, /* [ 6167] OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme */ - 0x2B,0x81,0x04,0x01,0x0E,0x02, /* [ 6173] OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme */ - 0x2B,0x81,0x04,0x01,0x0E,0x03, /* [ 6179] OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme */ - 0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x02, /* [ 6185] OBJ_ct_precert_scts */ - 0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x03, /* [ 6195] OBJ_ct_precert_poison */ - 0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x04, /* [ 6205] OBJ_ct_precert_signer */ - 0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x05, /* [ 6215] OBJ_ct_cert_scts */ - 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x01, /* [ 6225] OBJ_jurisdictionLocalityName */ - 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x02, /* [ 6236] OBJ_jurisdictionStateOrProvinceName */ - 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x03, /* [ 6247] OBJ_jurisdictionCountryName */ - 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x06, /* [ 6258] OBJ_camellia_128_gcm */ - 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x07, /* [ 6266] OBJ_camellia_128_ccm */ - 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x09, /* [ 6274] OBJ_camellia_128_ctr */ - 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x0A, /* [ 6282] OBJ_camellia_128_cmac */ - 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1A, /* [ 6290] OBJ_camellia_192_gcm */ - 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1B, /* [ 6298] OBJ_camellia_192_ccm */ - 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1D, /* [ 6306] OBJ_camellia_192_ctr */ - 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1E, /* [ 6314] OBJ_camellia_192_cmac */ - 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2E, /* [ 6322] OBJ_camellia_256_gcm */ - 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2F, /* [ 6330] OBJ_camellia_256_ccm */ - 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x31, /* [ 6338] OBJ_camellia_256_ctr */ - 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x32, /* [ 6346] OBJ_camellia_256_cmac */ - 0x2B,0x06,0x01,0x04,0x01,0xDA,0x47,0x04,0x0B, /* [ 6354] OBJ_id_scrypt */ - 0x2A,0x85,0x03,0x07,0x01, /* [ 6363] OBJ_id_tc26 */ - 0x2A,0x85,0x03,0x07,0x01,0x01, /* [ 6368] OBJ_id_tc26_algorithms */ - 0x2A,0x85,0x03,0x07,0x01,0x01,0x01, /* [ 6374] OBJ_id_tc26_sign */ - 0x2A,0x85,0x03,0x07,0x01,0x01,0x01,0x01, /* [ 6381] OBJ_id_GostR3410_2012_256 */ - 0x2A,0x85,0x03,0x07,0x01,0x01,0x01,0x02, /* [ 6389] OBJ_id_GostR3410_2012_512 */ - 0x2A,0x85,0x03,0x07,0x01,0x01,0x02, /* [ 6397] OBJ_id_tc26_digest */ - 0x2A,0x85,0x03,0x07,0x01,0x01,0x02,0x02, /* [ 6404] OBJ_id_GostR3411_2012_256 */ - 0x2A,0x85,0x03,0x07,0x01,0x01,0x02,0x03, /* [ 6412] OBJ_id_GostR3411_2012_512 */ - 0x2A,0x85,0x03,0x07,0x01,0x01,0x03, /* [ 6420] OBJ_id_tc26_signwithdigest */ - 0x2A,0x85,0x03,0x07,0x01,0x01,0x03,0x02, /* [ 6427] OBJ_id_tc26_signwithdigest_gost3410_2012_256 */ - 0x2A,0x85,0x03,0x07,0x01,0x01,0x03,0x03, /* [ 6435] OBJ_id_tc26_signwithdigest_gost3410_2012_512 */ - 0x2A,0x85,0x03,0x07,0x01,0x01,0x04, /* [ 6443] OBJ_id_tc26_mac */ - 0x2A,0x85,0x03,0x07,0x01,0x01,0x04,0x01, /* [ 6450] OBJ_id_tc26_hmac_gost_3411_2012_256 */ - 0x2A,0x85,0x03,0x07,0x01,0x01,0x04,0x02, /* [ 6458] OBJ_id_tc26_hmac_gost_3411_2012_512 */ - 0x2A,0x85,0x03,0x07,0x01,0x01,0x05, /* [ 6466] OBJ_id_tc26_cipher */ - 0x2A,0x85,0x03,0x07,0x01,0x01,0x06, /* [ 6473] OBJ_id_tc26_agreement */ - 0x2A,0x85,0x03,0x07,0x01,0x01,0x06,0x01, /* [ 6480] OBJ_id_tc26_agreement_gost_3410_2012_256 */ - 0x2A,0x85,0x03,0x07,0x01,0x01,0x06,0x02, /* [ 6488] OBJ_id_tc26_agreement_gost_3410_2012_512 */ - 0x2A,0x85,0x03,0x07,0x01,0x02, /* [ 6496] OBJ_id_tc26_constants */ - 0x2A,0x85,0x03,0x07,0x01,0x02,0x01, /* [ 6502] OBJ_id_tc26_sign_constants */ - 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02, /* [ 6509] OBJ_id_tc26_gost_3410_2012_512_constants */ - 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x00, /* [ 6517] OBJ_id_tc26_gost_3410_2012_512_paramSetTest */ - 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x01, /* [ 6526] OBJ_id_tc26_gost_3410_2012_512_paramSetA */ - 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x02, /* [ 6535] OBJ_id_tc26_gost_3410_2012_512_paramSetB */ - 0x2A,0x85,0x03,0x07,0x01,0x02,0x02, /* [ 6544] OBJ_id_tc26_digest_constants */ - 0x2A,0x85,0x03,0x07,0x01,0x02,0x05, /* [ 6551] OBJ_id_tc26_cipher_constants */ - 0x2A,0x85,0x03,0x07,0x01,0x02,0x05,0x01, /* [ 6558] OBJ_id_tc26_gost_28147_constants */ - 0x2A,0x85,0x03,0x07,0x01,0x02,0x05,0x01,0x01, /* [ 6566] OBJ_id_tc26_gost_28147_param_Z */ - 0x2A,0x85,0x03,0x03,0x81,0x03,0x01,0x01, /* [ 6575] OBJ_INN */ - 0x2A,0x85,0x03,0x64,0x01, /* [ 6583] OBJ_OGRN */ - 0x2A,0x85,0x03,0x64,0x03, /* [ 6588] OBJ_SNILS */ - 0x2A,0x85,0x03,0x64,0x6F, /* [ 6593] OBJ_subjectSignTool */ - 0x2A,0x85,0x03,0x64,0x70, /* [ 6598] OBJ_issuerSignTool */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x18, /* [ 6603] OBJ_tlsfeature */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x11, /* [ 6611] OBJ_ipsec_IKE */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x12, /* [ 6619] OBJ_capwapAC */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x13, /* [ 6627] OBJ_capwapWTP */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x15, /* [ 6635] OBJ_sshClient */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x16, /* [ 6643] OBJ_sshServer */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x17, /* [ 6651] OBJ_sendRouter */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x18, /* [ 6659] OBJ_sendProxiedRouter */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x19, /* [ 6667] OBJ_sendOwner */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x1A, /* [ 6675] OBJ_sendProxiedOwner */ - 0x2B,0x06,0x01,0x05,0x02,0x03, /* [ 6683] OBJ_id_pkinit */ - 0x2B,0x06,0x01,0x05,0x02,0x03,0x04, /* [ 6689] OBJ_pkInitClientAuth */ - 0x2B,0x06,0x01,0x05,0x02,0x03,0x05, /* [ 6696] OBJ_pkInitKDC */ - 0x2B,0x65,0x6E, /* [ 6703] OBJ_X25519 */ - 0x2B,0x65,0x6F, /* [ 6706] OBJ_X448 */ - 0x2B,0x06,0x01,0x04,0x01,0x8D,0x3A,0x0C,0x02,0x01,0x10, /* [ 6709] OBJ_blake2b512 */ - 0x2B,0x06,0x01,0x04,0x01,0x8D,0x3A,0x0C,0x02,0x02,0x08, /* [ 6720] OBJ_blake2s256 */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x13, /* [ 6731] OBJ_id_smime_ct_contentCollection */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x17, /* [ 6742] OBJ_id_smime_ct_authEnvelopedData */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1C, /* [ 6753] OBJ_id_ct_xml */ + 0x2B,0x6F,0x02,0x8C,0x53,0x00,0x01,0x01, /* [ 5968] OBJ_aes_128_xts */ + 0x2B,0x6F,0x02,0x8C,0x53,0x00,0x01,0x02, /* [ 5976] OBJ_aes_256_xts */ + 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x07, /* [ 5984] OBJ_rsaesOaep */ + 0x2A,0x86,0x48,0xCE,0x3E,0x02,0x01, /* [ 5993] OBJ_dhpublicnumber */ + 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x01, /* [ 6000] OBJ_brainpoolP160r1 */ + 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x02, /* [ 6009] OBJ_brainpoolP160t1 */ + 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x03, /* [ 6018] OBJ_brainpoolP192r1 */ + 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x04, /* [ 6027] OBJ_brainpoolP192t1 */ + 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x05, /* [ 6036] OBJ_brainpoolP224r1 */ + 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x06, /* [ 6045] OBJ_brainpoolP224t1 */ + 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07, /* [ 6054] OBJ_brainpoolP256r1 */ + 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x08, /* [ 6063] OBJ_brainpoolP256t1 */ + 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x09, /* [ 6072] OBJ_brainpoolP320r1 */ + 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0A, /* [ 6081] OBJ_brainpoolP320t1 */ + 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0B, /* [ 6090] OBJ_brainpoolP384r1 */ + 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0C, /* [ 6099] OBJ_brainpoolP384t1 */ + 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0D, /* [ 6108] OBJ_brainpoolP512r1 */ + 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0E, /* [ 6117] OBJ_brainpoolP512t1 */ + 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x09, /* [ 6126] OBJ_pSpecified */ + 0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x02, /* [ 6135] OBJ_dhSinglePass_stdDH_sha1kdf_scheme */ + 0x2B,0x81,0x04,0x01,0x0B,0x00, /* [ 6144] OBJ_dhSinglePass_stdDH_sha224kdf_scheme */ + 0x2B,0x81,0x04,0x01,0x0B,0x01, /* [ 6150] OBJ_dhSinglePass_stdDH_sha256kdf_scheme */ + 0x2B,0x81,0x04,0x01,0x0B,0x02, /* [ 6156] OBJ_dhSinglePass_stdDH_sha384kdf_scheme */ + 0x2B,0x81,0x04,0x01,0x0B,0x03, /* [ 6162] OBJ_dhSinglePass_stdDH_sha512kdf_scheme */ + 0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x03, /* [ 6168] OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme */ + 0x2B,0x81,0x04,0x01,0x0E,0x00, /* [ 6177] OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme */ + 0x2B,0x81,0x04,0x01,0x0E,0x01, /* [ 6183] OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme */ + 0x2B,0x81,0x04,0x01,0x0E,0x02, /* [ 6189] OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme */ + 0x2B,0x81,0x04,0x01,0x0E,0x03, /* [ 6195] OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme */ + 0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x02, /* [ 6201] OBJ_ct_precert_scts */ + 0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x03, /* [ 6211] OBJ_ct_precert_poison */ + 0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x04, /* [ 6221] OBJ_ct_precert_signer */ + 0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x05, /* [ 6231] OBJ_ct_cert_scts */ + 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x01, /* [ 6241] OBJ_jurisdictionLocalityName */ + 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x02, /* [ 6252] OBJ_jurisdictionStateOrProvinceName */ + 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x03, /* [ 6263] OBJ_jurisdictionCountryName */ + 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x06, /* [ 6274] OBJ_camellia_128_gcm */ + 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x07, /* [ 6282] OBJ_camellia_128_ccm */ + 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x09, /* [ 6290] OBJ_camellia_128_ctr */ + 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x0A, /* [ 6298] OBJ_camellia_128_cmac */ + 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1A, /* [ 6306] OBJ_camellia_192_gcm */ + 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1B, /* [ 6314] OBJ_camellia_192_ccm */ + 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1D, /* [ 6322] OBJ_camellia_192_ctr */ + 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1E, /* [ 6330] OBJ_camellia_192_cmac */ + 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2E, /* [ 6338] OBJ_camellia_256_gcm */ + 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2F, /* [ 6346] OBJ_camellia_256_ccm */ + 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x31, /* [ 6354] OBJ_camellia_256_ctr */ + 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x32, /* [ 6362] OBJ_camellia_256_cmac */ + 0x2B,0x06,0x01,0x04,0x01,0xDA,0x47,0x04,0x0B, /* [ 6370] OBJ_id_scrypt */ + 0x2A,0x85,0x03,0x07,0x01, /* [ 6379] OBJ_id_tc26 */ + 0x2A,0x85,0x03,0x07,0x01,0x01, /* [ 6384] OBJ_id_tc26_algorithms */ + 0x2A,0x85,0x03,0x07,0x01,0x01,0x01, /* [ 6390] OBJ_id_tc26_sign */ + 0x2A,0x85,0x03,0x07,0x01,0x01,0x01,0x01, /* [ 6397] OBJ_id_GostR3410_2012_256 */ + 0x2A,0x85,0x03,0x07,0x01,0x01,0x01,0x02, /* [ 6405] OBJ_id_GostR3410_2012_512 */ + 0x2A,0x85,0x03,0x07,0x01,0x01,0x02, /* [ 6413] OBJ_id_tc26_digest */ + 0x2A,0x85,0x03,0x07,0x01,0x01,0x02,0x02, /* [ 6420] OBJ_id_GostR3411_2012_256 */ + 0x2A,0x85,0x03,0x07,0x01,0x01,0x02,0x03, /* [ 6428] OBJ_id_GostR3411_2012_512 */ + 0x2A,0x85,0x03,0x07,0x01,0x01,0x03, /* [ 6436] OBJ_id_tc26_signwithdigest */ + 0x2A,0x85,0x03,0x07,0x01,0x01,0x03,0x02, /* [ 6443] OBJ_id_tc26_signwithdigest_gost3410_2012_256 */ + 0x2A,0x85,0x03,0x07,0x01,0x01,0x03,0x03, /* [ 6451] OBJ_id_tc26_signwithdigest_gost3410_2012_512 */ + 0x2A,0x85,0x03,0x07,0x01,0x01,0x04, /* [ 6459] OBJ_id_tc26_mac */ + 0x2A,0x85,0x03,0x07,0x01,0x01,0x04,0x01, /* [ 6466] OBJ_id_tc26_hmac_gost_3411_2012_256 */ + 0x2A,0x85,0x03,0x07,0x01,0x01,0x04,0x02, /* [ 6474] OBJ_id_tc26_hmac_gost_3411_2012_512 */ + 0x2A,0x85,0x03,0x07,0x01,0x01,0x05, /* [ 6482] OBJ_id_tc26_cipher */ + 0x2A,0x85,0x03,0x07,0x01,0x01,0x06, /* [ 6489] OBJ_id_tc26_agreement */ + 0x2A,0x85,0x03,0x07,0x01,0x01,0x06,0x01, /* [ 6496] OBJ_id_tc26_agreement_gost_3410_2012_256 */ + 0x2A,0x85,0x03,0x07,0x01,0x01,0x06,0x02, /* [ 6504] OBJ_id_tc26_agreement_gost_3410_2012_512 */ + 0x2A,0x85,0x03,0x07,0x01,0x02, /* [ 6512] OBJ_id_tc26_constants */ + 0x2A,0x85,0x03,0x07,0x01,0x02,0x01, /* [ 6518] OBJ_id_tc26_sign_constants */ + 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02, /* [ 6525] OBJ_id_tc26_gost_3410_2012_512_constants */ + 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x00, /* [ 6533] OBJ_id_tc26_gost_3410_2012_512_paramSetTest */ + 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x01, /* [ 6542] OBJ_id_tc26_gost_3410_2012_512_paramSetA */ + 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x02, /* [ 6551] OBJ_id_tc26_gost_3410_2012_512_paramSetB */ + 0x2A,0x85,0x03,0x07,0x01,0x02,0x02, /* [ 6560] OBJ_id_tc26_digest_constants */ + 0x2A,0x85,0x03,0x07,0x01,0x02,0x05, /* [ 6567] OBJ_id_tc26_cipher_constants */ + 0x2A,0x85,0x03,0x07,0x01,0x02,0x05,0x01, /* [ 6574] OBJ_id_tc26_gost_28147_constants */ + 0x2A,0x85,0x03,0x07,0x01,0x02,0x05,0x01,0x01, /* [ 6582] OBJ_id_tc26_gost_28147_param_Z */ + 0x2A,0x85,0x03,0x03,0x81,0x03,0x01,0x01, /* [ 6591] OBJ_INN */ + 0x2A,0x85,0x03,0x64,0x01, /* [ 6599] OBJ_OGRN */ + 0x2A,0x85,0x03,0x64,0x03, /* [ 6604] OBJ_SNILS */ + 0x2A,0x85,0x03,0x64,0x6F, /* [ 6609] OBJ_subjectSignTool */ + 0x2A,0x85,0x03,0x64,0x70, /* [ 6614] OBJ_issuerSignTool */ + 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x18, /* [ 6619] OBJ_tlsfeature */ + 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x11, /* [ 6627] OBJ_ipsec_IKE */ + 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x12, /* [ 6635] OBJ_capwapAC */ + 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x13, /* [ 6643] OBJ_capwapWTP */ + 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x15, /* [ 6651] OBJ_sshClient */ + 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x16, /* [ 6659] OBJ_sshServer */ + 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x17, /* [ 6667] OBJ_sendRouter */ + 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x18, /* [ 6675] OBJ_sendProxiedRouter */ + 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x19, /* [ 6683] OBJ_sendOwner */ + 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x1A, /* [ 6691] OBJ_sendProxiedOwner */ + 0x2B,0x06,0x01,0x05,0x02,0x03, /* [ 6699] OBJ_id_pkinit */ + 0x2B,0x06,0x01,0x05,0x02,0x03,0x04, /* [ 6705] OBJ_pkInitClientAuth */ + 0x2B,0x06,0x01,0x05,0x02,0x03,0x05, /* [ 6712] OBJ_pkInitKDC */ + 0x2B,0x65,0x6E, /* [ 6719] OBJ_X25519 */ + 0x2B,0x65,0x6F, /* [ 6722] OBJ_X448 */ + 0x2B,0x06,0x01,0x04,0x01,0x8D,0x3A,0x0C,0x02,0x01,0x10, /* [ 6725] OBJ_blake2b512 */ + 0x2B,0x06,0x01,0x04,0x01,0x8D,0x3A,0x0C,0x02,0x02,0x08, /* [ 6736] OBJ_blake2s256 */ + 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x13, /* [ 6747] OBJ_id_smime_ct_contentCollection */ + 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x17, /* [ 6758] OBJ_id_smime_ct_authEnvelopedData */ + 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1C, /* [ 6769] OBJ_id_ct_xml */ + 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x01, /* [ 6780] OBJ_aria_128_ecb */ + 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x02, /* [ 6789] OBJ_aria_128_cbc */ + 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x03, /* [ 6798] OBJ_aria_128_cfb128 */ + 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x04, /* [ 6807] OBJ_aria_128_ofb128 */ + 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x05, /* [ 6816] OBJ_aria_128_ctr */ + 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x06, /* [ 6825] OBJ_aria_192_ecb */ + 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x07, /* [ 6834] OBJ_aria_192_cbc */ + 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x08, /* [ 6843] OBJ_aria_192_cfb128 */ + 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x09, /* [ 6852] OBJ_aria_192_ofb128 */ + 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x0A, /* [ 6861] OBJ_aria_192_ctr */ + 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x0B, /* [ 6870] OBJ_aria_256_ecb */ + 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x0C, /* [ 6879] OBJ_aria_256_cbc */ + 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x0D, /* [ 6888] OBJ_aria_256_cfb128 */ + 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x0E, /* [ 6897] OBJ_aria_256_ofb128 */ + 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x0F, /* [ 6906] OBJ_aria_256_ctr */ + 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x2F, /* [ 6915] OBJ_id_smime_aa_signingCertificateV2 */ + 0x2B,0x65,0x70, /* [ 6926] OBJ_ED25519 */ + 0x2B,0x65,0x71, /* [ 6929] OBJ_ED448 */ + 0x55,0x04,0x61, /* [ 6932] OBJ_organizationIdentifier */ + 0x55,0x04,0x62, /* [ 6935] OBJ_countryCode3c */ + 0x55,0x04,0x63, /* [ 6938] OBJ_countryCode3n */ + 0x55,0x04,0x64, /* [ 6941] OBJ_dnsName */ + 0x2B,0x24,0x08,0x03,0x03, /* [ 6944] OBJ_x509ExtAdmission */ + 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x05, /* [ 6949] OBJ_sha512_224 */ + 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x06, /* [ 6958] OBJ_sha512_256 */ + 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x07, /* [ 6967] OBJ_sha3_224 */ + 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x08, /* [ 6976] OBJ_sha3_256 */ + 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x09, /* [ 6985] OBJ_sha3_384 */ + 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0A, /* [ 6994] OBJ_sha3_512 */ + 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0B, /* [ 7003] OBJ_shake128 */ + 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0C, /* [ 7012] OBJ_shake256 */ + 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0D, /* [ 7021] OBJ_hmac_sha3_224 */ + 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0E, /* [ 7030] OBJ_hmac_sha3_256 */ + 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0F, /* [ 7039] OBJ_hmac_sha3_384 */ + 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x10, /* [ 7048] OBJ_hmac_sha3_512 */ + 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x03, /* [ 7057] OBJ_dsa_with_SHA384 */ + 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x04, /* [ 7066] OBJ_dsa_with_SHA512 */ + 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x05, /* [ 7075] OBJ_dsa_with_SHA3_224 */ + 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x06, /* [ 7084] OBJ_dsa_with_SHA3_256 */ + 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x07, /* [ 7093] OBJ_dsa_with_SHA3_384 */ + 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x08, /* [ 7102] OBJ_dsa_with_SHA3_512 */ + 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x09, /* [ 7111] OBJ_ecdsa_with_SHA3_224 */ + 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0A, /* [ 7120] OBJ_ecdsa_with_SHA3_256 */ + 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0B, /* [ 7129] OBJ_ecdsa_with_SHA3_384 */ + 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0C, /* [ 7138] OBJ_ecdsa_with_SHA3_512 */ + 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0D, /* [ 7147] OBJ_RSA_SHA3_224 */ + 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0E, /* [ 7156] OBJ_RSA_SHA3_256 */ + 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0F, /* [ 7165] OBJ_RSA_SHA3_384 */ + 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x10, /* [ 7174] OBJ_RSA_SHA3_512 */ + 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x25, /* [ 7183] OBJ_aria_128_ccm */ + 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x26, /* [ 7192] OBJ_aria_192_ccm */ + 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x27, /* [ 7201] OBJ_aria_256_ccm */ + 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x22, /* [ 7210] OBJ_aria_128_gcm */ + 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x23, /* [ 7219] OBJ_aria_192_gcm */ + 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x24, /* [ 7228] OBJ_aria_256_gcm */ + 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x1B, /* [ 7237] OBJ_cmcCA */ + 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x1C, /* [ 7245] OBJ_cmcRA */ + 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x01, /* [ 7253] OBJ_sm4_ecb */ + 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x02, /* [ 7261] OBJ_sm4_cbc */ + 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x03, /* [ 7269] OBJ_sm4_ofb128 */ + 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x05, /* [ 7277] OBJ_sm4_cfb1 */ + 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x04, /* [ 7285] OBJ_sm4_cfb128 */ + 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x06, /* [ 7293] OBJ_sm4_cfb8 */ + 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x07, /* [ 7301] OBJ_sm4_ctr */ + 0x2A,0x81,0x1C, /* [ 7309] OBJ_ISO_CN */ + 0x2A,0x81,0x1C,0xCF,0x55, /* [ 7312] OBJ_oscca */ + 0x2A,0x81,0x1C,0xCF,0x55,0x01, /* [ 7317] OBJ_sm_scheme */ + 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x11, /* [ 7323] OBJ_sm3 */ + 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x78, /* [ 7331] OBJ_sm3WithRSAEncryption */ + 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0F, /* [ 7339] OBJ_sha512_224WithRSAEncryption */ + 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x10, /* [ 7348] OBJ_sha512_256WithRSAEncryption */ + 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01, /* [ 7357] OBJ_id_tc26_gost_3410_2012_256_constants */ + 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x01, /* [ 7365] OBJ_id_tc26_gost_3410_2012_256_paramSetA */ + 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x03, /* [ 7374] OBJ_id_tc26_gost_3410_2012_512_paramSetC */ + 0x2A,0x86,0x24, /* [ 7383] OBJ_ISO_UA */ + 0x2A,0x86,0x24,0x02,0x01,0x01,0x01, /* [ 7386] OBJ_ua_pki */ + 0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x01,0x01, /* [ 7393] OBJ_dstu28147 */ + 0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x01,0x01,0x02, /* [ 7403] OBJ_dstu28147_ofb */ + 0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x01,0x01,0x03, /* [ 7414] OBJ_dstu28147_cfb */ + 0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x01,0x01,0x05, /* [ 7425] OBJ_dstu28147_wrap */ + 0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x01,0x02, /* [ 7436] OBJ_hmacWithDstu34311 */ + 0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x02,0x01, /* [ 7446] OBJ_dstu34311 */ + 0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01, /* [ 7456] OBJ_dstu4145le */ + 0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x01,0x01, /* [ 7467] OBJ_dstu4145be */ + 0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x00, /* [ 7480] OBJ_uacurve0 */ + 0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x01, /* [ 7493] OBJ_uacurve1 */ + 0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x02, /* [ 7506] OBJ_uacurve2 */ + 0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x03, /* [ 7519] OBJ_uacurve3 */ + 0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x04, /* [ 7532] OBJ_uacurve4 */ + 0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x05, /* [ 7545] OBJ_uacurve5 */ + 0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x06, /* [ 7558] OBJ_uacurve6 */ + 0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x07, /* [ 7571] OBJ_uacurve7 */ + 0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x08, /* [ 7584] OBJ_uacurve8 */ + 0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x09, /* [ 7597] OBJ_uacurve9 */ + 0x2B,0x6F, /* [ 7610] OBJ_ieee */ + 0x2B,0x6F,0x02,0x8C,0x53, /* [ 7612] OBJ_ieee_siswg */ + 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D, /* [ 7617] OBJ_sm2 */ + 0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x01, /* [ 7625] OBJ_id_tc26_cipher_gostr3412_2015_magma */ + 0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x01,0x01, /* [ 7633] OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm */ + 0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x01,0x02, /* [ 7642] OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac */ + 0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x02, /* [ 7651] OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik */ + 0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x02,0x01, /* [ 7659] OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm */ + 0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x02,0x02, /* [ 7668] OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac */ + 0x2A,0x85,0x03,0x07,0x01,0x01,0x07, /* [ 7677] OBJ_id_tc26_wrap */ + 0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x01, /* [ 7684] OBJ_id_tc26_wrap_gostr3412_2015_magma */ + 0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x01,0x01, /* [ 7692] OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15 */ + 0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x02, /* [ 7701] OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik */ + 0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x01,0x01, /* [ 7709] OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 */ + 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x02, /* [ 7718] OBJ_id_tc26_gost_3410_2012_256_paramSetB */ + 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x03, /* [ 7727] OBJ_id_tc26_gost_3410_2012_256_paramSetC */ + 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x04, /* [ 7736] OBJ_id_tc26_gost_3410_2012_256_paramSetD */ + 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0C, /* [ 7745] OBJ_hmacWithSHA512_224 */ + 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0D, /* [ 7753] OBJ_hmacWithSHA512_256 */ }; -#define NUM_NID 1061 +#define NUM_NID 1195 static const ASN1_OBJECT nid_objs[NUM_NID] = { {"UNDEF", "undefined", NID_undef}, {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]}, @@ -1878,102 +1993,102 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = { {"anyExtendedKeyUsage", "Any Extended Key Usage", NID_anyExtendedKeyUsage, 4, &so[5946]}, {"MGF1", "mgf1", NID_mgf1, 9, &so[5950]}, {"RSASSA-PSS", "rsassaPss", NID_rsassaPss, 9, &so[5959]}, - {"AES-128-XTS", "aes-128-xts", NID_aes_128_xts}, - {"AES-256-XTS", "aes-256-xts", NID_aes_256_xts}, + {"AES-128-XTS", "aes-128-xts", NID_aes_128_xts, 8, &so[5968]}, + {"AES-256-XTS", "aes-256-xts", NID_aes_256_xts, 8, &so[5976]}, {"RC4-HMAC-MD5", "rc4-hmac-md5", NID_rc4_hmac_md5}, {"AES-128-CBC-HMAC-SHA1", "aes-128-cbc-hmac-sha1", NID_aes_128_cbc_hmac_sha1}, {"AES-192-CBC-HMAC-SHA1", "aes-192-cbc-hmac-sha1", NID_aes_192_cbc_hmac_sha1}, {"AES-256-CBC-HMAC-SHA1", "aes-256-cbc-hmac-sha1", NID_aes_256_cbc_hmac_sha1}, - {"RSAES-OAEP", "rsaesOaep", NID_rsaesOaep, 9, &so[5968]}, - {"dhpublicnumber", "X9.42 DH", NID_dhpublicnumber, 7, &so[5977]}, - {"brainpoolP160r1", "brainpoolP160r1", NID_brainpoolP160r1, 9, &so[5984]}, - {"brainpoolP160t1", "brainpoolP160t1", NID_brainpoolP160t1, 9, &so[5993]}, - {"brainpoolP192r1", "brainpoolP192r1", NID_brainpoolP192r1, 9, &so[6002]}, - {"brainpoolP192t1", "brainpoolP192t1", NID_brainpoolP192t1, 9, &so[6011]}, - {"brainpoolP224r1", "brainpoolP224r1", NID_brainpoolP224r1, 9, &so[6020]}, - {"brainpoolP224t1", "brainpoolP224t1", NID_brainpoolP224t1, 9, &so[6029]}, - {"brainpoolP256r1", "brainpoolP256r1", NID_brainpoolP256r1, 9, &so[6038]}, - {"brainpoolP256t1", "brainpoolP256t1", NID_brainpoolP256t1, 9, &so[6047]}, - {"brainpoolP320r1", "brainpoolP320r1", NID_brainpoolP320r1, 9, &so[6056]}, - {"brainpoolP320t1", "brainpoolP320t1", NID_brainpoolP320t1, 9, &so[6065]}, - {"brainpoolP384r1", "brainpoolP384r1", NID_brainpoolP384r1, 9, &so[6074]}, - {"brainpoolP384t1", "brainpoolP384t1", NID_brainpoolP384t1, 9, &so[6083]}, - {"brainpoolP512r1", "brainpoolP512r1", NID_brainpoolP512r1, 9, &so[6092]}, - {"brainpoolP512t1", "brainpoolP512t1", NID_brainpoolP512t1, 9, &so[6101]}, - {"PSPECIFIED", "pSpecified", NID_pSpecified, 9, &so[6110]}, - {"dhSinglePass-stdDH-sha1kdf-scheme", "dhSinglePass-stdDH-sha1kdf-scheme", NID_dhSinglePass_stdDH_sha1kdf_scheme, 9, &so[6119]}, - {"dhSinglePass-stdDH-sha224kdf-scheme", "dhSinglePass-stdDH-sha224kdf-scheme", NID_dhSinglePass_stdDH_sha224kdf_scheme, 6, &so[6128]}, - {"dhSinglePass-stdDH-sha256kdf-scheme", "dhSinglePass-stdDH-sha256kdf-scheme", NID_dhSinglePass_stdDH_sha256kdf_scheme, 6, &so[6134]}, - {"dhSinglePass-stdDH-sha384kdf-scheme", "dhSinglePass-stdDH-sha384kdf-scheme", NID_dhSinglePass_stdDH_sha384kdf_scheme, 6, &so[6140]}, - {"dhSinglePass-stdDH-sha512kdf-scheme", "dhSinglePass-stdDH-sha512kdf-scheme", NID_dhSinglePass_stdDH_sha512kdf_scheme, 6, &so[6146]}, - {"dhSinglePass-cofactorDH-sha1kdf-scheme", "dhSinglePass-cofactorDH-sha1kdf-scheme", NID_dhSinglePass_cofactorDH_sha1kdf_scheme, 9, &so[6152]}, - {"dhSinglePass-cofactorDH-sha224kdf-scheme", "dhSinglePass-cofactorDH-sha224kdf-scheme", NID_dhSinglePass_cofactorDH_sha224kdf_scheme, 6, &so[6161]}, - {"dhSinglePass-cofactorDH-sha256kdf-scheme", "dhSinglePass-cofactorDH-sha256kdf-scheme", NID_dhSinglePass_cofactorDH_sha256kdf_scheme, 6, &so[6167]}, - {"dhSinglePass-cofactorDH-sha384kdf-scheme", "dhSinglePass-cofactorDH-sha384kdf-scheme", NID_dhSinglePass_cofactorDH_sha384kdf_scheme, 6, &so[6173]}, - {"dhSinglePass-cofactorDH-sha512kdf-scheme", "dhSinglePass-cofactorDH-sha512kdf-scheme", NID_dhSinglePass_cofactorDH_sha512kdf_scheme, 6, &so[6179]}, + {"RSAES-OAEP", "rsaesOaep", NID_rsaesOaep, 9, &so[5984]}, + {"dhpublicnumber", "X9.42 DH", NID_dhpublicnumber, 7, &so[5993]}, + {"brainpoolP160r1", "brainpoolP160r1", NID_brainpoolP160r1, 9, &so[6000]}, + {"brainpoolP160t1", "brainpoolP160t1", NID_brainpoolP160t1, 9, &so[6009]}, + {"brainpoolP192r1", "brainpoolP192r1", NID_brainpoolP192r1, 9, &so[6018]}, + {"brainpoolP192t1", "brainpoolP192t1", NID_brainpoolP192t1, 9, &so[6027]}, + {"brainpoolP224r1", "brainpoolP224r1", NID_brainpoolP224r1, 9, &so[6036]}, + {"brainpoolP224t1", "brainpoolP224t1", NID_brainpoolP224t1, 9, &so[6045]}, + {"brainpoolP256r1", "brainpoolP256r1", NID_brainpoolP256r1, 9, &so[6054]}, + {"brainpoolP256t1", "brainpoolP256t1", NID_brainpoolP256t1, 9, &so[6063]}, + {"brainpoolP320r1", "brainpoolP320r1", NID_brainpoolP320r1, 9, &so[6072]}, + {"brainpoolP320t1", "brainpoolP320t1", NID_brainpoolP320t1, 9, &so[6081]}, + {"brainpoolP384r1", "brainpoolP384r1", NID_brainpoolP384r1, 9, &so[6090]}, + {"brainpoolP384t1", "brainpoolP384t1", NID_brainpoolP384t1, 9, &so[6099]}, + {"brainpoolP512r1", "brainpoolP512r1", NID_brainpoolP512r1, 9, &so[6108]}, + {"brainpoolP512t1", "brainpoolP512t1", NID_brainpoolP512t1, 9, &so[6117]}, + {"PSPECIFIED", "pSpecified", NID_pSpecified, 9, &so[6126]}, + {"dhSinglePass-stdDH-sha1kdf-scheme", "dhSinglePass-stdDH-sha1kdf-scheme", NID_dhSinglePass_stdDH_sha1kdf_scheme, 9, &so[6135]}, + {"dhSinglePass-stdDH-sha224kdf-scheme", "dhSinglePass-stdDH-sha224kdf-scheme", NID_dhSinglePass_stdDH_sha224kdf_scheme, 6, &so[6144]}, + {"dhSinglePass-stdDH-sha256kdf-scheme", "dhSinglePass-stdDH-sha256kdf-scheme", NID_dhSinglePass_stdDH_sha256kdf_scheme, 6, &so[6150]}, + {"dhSinglePass-stdDH-sha384kdf-scheme", "dhSinglePass-stdDH-sha384kdf-scheme", NID_dhSinglePass_stdDH_sha384kdf_scheme, 6, &so[6156]}, + {"dhSinglePass-stdDH-sha512kdf-scheme", "dhSinglePass-stdDH-sha512kdf-scheme", NID_dhSinglePass_stdDH_sha512kdf_scheme, 6, &so[6162]}, + {"dhSinglePass-cofactorDH-sha1kdf-scheme", "dhSinglePass-cofactorDH-sha1kdf-scheme", NID_dhSinglePass_cofactorDH_sha1kdf_scheme, 9, &so[6168]}, + {"dhSinglePass-cofactorDH-sha224kdf-scheme", "dhSinglePass-cofactorDH-sha224kdf-scheme", NID_dhSinglePass_cofactorDH_sha224kdf_scheme, 6, &so[6177]}, + {"dhSinglePass-cofactorDH-sha256kdf-scheme", "dhSinglePass-cofactorDH-sha256kdf-scheme", NID_dhSinglePass_cofactorDH_sha256kdf_scheme, 6, &so[6183]}, + {"dhSinglePass-cofactorDH-sha384kdf-scheme", "dhSinglePass-cofactorDH-sha384kdf-scheme", NID_dhSinglePass_cofactorDH_sha384kdf_scheme, 6, &so[6189]}, + {"dhSinglePass-cofactorDH-sha512kdf-scheme", "dhSinglePass-cofactorDH-sha512kdf-scheme", NID_dhSinglePass_cofactorDH_sha512kdf_scheme, 6, &so[6195]}, {"dh-std-kdf", "dh-std-kdf", NID_dh_std_kdf}, {"dh-cofactor-kdf", "dh-cofactor-kdf", NID_dh_cofactor_kdf}, {"AES-128-CBC-HMAC-SHA256", "aes-128-cbc-hmac-sha256", NID_aes_128_cbc_hmac_sha256}, {"AES-192-CBC-HMAC-SHA256", "aes-192-cbc-hmac-sha256", NID_aes_192_cbc_hmac_sha256}, {"AES-256-CBC-HMAC-SHA256", "aes-256-cbc-hmac-sha256", NID_aes_256_cbc_hmac_sha256}, - {"ct_precert_scts", "CT Precertificate SCTs", NID_ct_precert_scts, 10, &so[6185]}, - {"ct_precert_poison", "CT Precertificate Poison", NID_ct_precert_poison, 10, &so[6195]}, - {"ct_precert_signer", "CT Precertificate Signer", NID_ct_precert_signer, 10, &so[6205]}, - {"ct_cert_scts", "CT Certificate SCTs", NID_ct_cert_scts, 10, &so[6215]}, - {"jurisdictionL", "jurisdictionLocalityName", NID_jurisdictionLocalityName, 11, &so[6225]}, - {"jurisdictionST", "jurisdictionStateOrProvinceName", NID_jurisdictionStateOrProvinceName, 11, &so[6236]}, - {"jurisdictionC", "jurisdictionCountryName", NID_jurisdictionCountryName, 11, &so[6247]}, + {"ct_precert_scts", "CT Precertificate SCTs", NID_ct_precert_scts, 10, &so[6201]}, + {"ct_precert_poison", "CT Precertificate Poison", NID_ct_precert_poison, 10, &so[6211]}, + {"ct_precert_signer", "CT Precertificate Signer", NID_ct_precert_signer, 10, &so[6221]}, + {"ct_cert_scts", "CT Certificate SCTs", NID_ct_cert_scts, 10, &so[6231]}, + {"jurisdictionL", "jurisdictionLocalityName", NID_jurisdictionLocalityName, 11, &so[6241]}, + {"jurisdictionST", "jurisdictionStateOrProvinceName", NID_jurisdictionStateOrProvinceName, 11, &so[6252]}, + {"jurisdictionC", "jurisdictionCountryName", NID_jurisdictionCountryName, 11, &so[6263]}, {"AES-128-OCB", "aes-128-ocb", NID_aes_128_ocb}, {"AES-192-OCB", "aes-192-ocb", NID_aes_192_ocb}, {"AES-256-OCB", "aes-256-ocb", NID_aes_256_ocb}, - {"CAMELLIA-128-GCM", "camellia-128-gcm", NID_camellia_128_gcm, 8, &so[6258]}, - {"CAMELLIA-128-CCM", "camellia-128-ccm", NID_camellia_128_ccm, 8, &so[6266]}, - {"CAMELLIA-128-CTR", "camellia-128-ctr", NID_camellia_128_ctr, 8, &so[6274]}, - {"CAMELLIA-128-CMAC", "camellia-128-cmac", NID_camellia_128_cmac, 8, &so[6282]}, - {"CAMELLIA-192-GCM", "camellia-192-gcm", NID_camellia_192_gcm, 8, &so[6290]}, - {"CAMELLIA-192-CCM", "camellia-192-ccm", NID_camellia_192_ccm, 8, &so[6298]}, - {"CAMELLIA-192-CTR", "camellia-192-ctr", NID_camellia_192_ctr, 8, &so[6306]}, - {"CAMELLIA-192-CMAC", "camellia-192-cmac", NID_camellia_192_cmac, 8, &so[6314]}, - {"CAMELLIA-256-GCM", "camellia-256-gcm", NID_camellia_256_gcm, 8, &so[6322]}, - {"CAMELLIA-256-CCM", "camellia-256-ccm", NID_camellia_256_ccm, 8, &so[6330]}, - {"CAMELLIA-256-CTR", "camellia-256-ctr", NID_camellia_256_ctr, 8, &so[6338]}, - {"CAMELLIA-256-CMAC", "camellia-256-cmac", NID_camellia_256_cmac, 8, &so[6346]}, - {"id-scrypt", "id-scrypt", NID_id_scrypt, 9, &so[6354]}, - {"id-tc26", "id-tc26", NID_id_tc26, 5, &so[6363]}, + {"CAMELLIA-128-GCM", "camellia-128-gcm", NID_camellia_128_gcm, 8, &so[6274]}, + {"CAMELLIA-128-CCM", "camellia-128-ccm", NID_camellia_128_ccm, 8, &so[6282]}, + {"CAMELLIA-128-CTR", "camellia-128-ctr", NID_camellia_128_ctr, 8, &so[6290]}, + {"CAMELLIA-128-CMAC", "camellia-128-cmac", NID_camellia_128_cmac, 8, &so[6298]}, + {"CAMELLIA-192-GCM", "camellia-192-gcm", NID_camellia_192_gcm, 8, &so[6306]}, + {"CAMELLIA-192-CCM", "camellia-192-ccm", NID_camellia_192_ccm, 8, &so[6314]}, + {"CAMELLIA-192-CTR", "camellia-192-ctr", NID_camellia_192_ctr, 8, &so[6322]}, + {"CAMELLIA-192-CMAC", "camellia-192-cmac", NID_camellia_192_cmac, 8, &so[6330]}, + {"CAMELLIA-256-GCM", "camellia-256-gcm", NID_camellia_256_gcm, 8, &so[6338]}, + {"CAMELLIA-256-CCM", "camellia-256-ccm", NID_camellia_256_ccm, 8, &so[6346]}, + {"CAMELLIA-256-CTR", "camellia-256-ctr", NID_camellia_256_ctr, 8, &so[6354]}, + {"CAMELLIA-256-CMAC", "camellia-256-cmac", NID_camellia_256_cmac, 8, &so[6362]}, + {"id-scrypt", "scrypt", NID_id_scrypt, 9, &so[6370]}, + {"id-tc26", "id-tc26", NID_id_tc26, 5, &so[6379]}, {"gost89-cnt-12", "gost89-cnt-12", NID_gost89_cnt_12}, {"gost-mac-12", "gost-mac-12", NID_gost_mac_12}, - {"id-tc26-algorithms", "id-tc26-algorithms", NID_id_tc26_algorithms, 6, &so[6368]}, - {"id-tc26-sign", "id-tc26-sign", NID_id_tc26_sign, 7, &so[6374]}, - {"gost2012_256", "GOST R 34.10-2012 with 256 bit modulus", NID_id_GostR3410_2012_256, 8, &so[6381]}, - {"gost2012_512", "GOST R 34.10-2012 with 512 bit modulus", NID_id_GostR3410_2012_512, 8, &so[6389]}, - {"id-tc26-digest", "id-tc26-digest", NID_id_tc26_digest, 7, &so[6397]}, - {"md_gost12_256", "GOST R 34.11-2012 with 256 bit hash", NID_id_GostR3411_2012_256, 8, &so[6404]}, - {"md_gost12_512", "GOST R 34.11-2012 with 512 bit hash", NID_id_GostR3411_2012_512, 8, &so[6412]}, - {"id-tc26-signwithdigest", "id-tc26-signwithdigest", NID_id_tc26_signwithdigest, 7, &so[6420]}, - {"id-tc26-signwithdigest-gost3410-2012-256", "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)", NID_id_tc26_signwithdigest_gost3410_2012_256, 8, &so[6427]}, - {"id-tc26-signwithdigest-gost3410-2012-512", "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)", NID_id_tc26_signwithdigest_gost3410_2012_512, 8, &so[6435]}, - {"id-tc26-mac", "id-tc26-mac", NID_id_tc26_mac, 7, &so[6443]}, - {"id-tc26-hmac-gost-3411-2012-256", "HMAC GOST 34.11-2012 256 bit", NID_id_tc26_hmac_gost_3411_2012_256, 8, &so[6450]}, - {"id-tc26-hmac-gost-3411-2012-512", "HMAC GOST 34.11-2012 512 bit", NID_id_tc26_hmac_gost_3411_2012_512, 8, &so[6458]}, - {"id-tc26-cipher", "id-tc26-cipher", NID_id_tc26_cipher, 7, &so[6466]}, - {"id-tc26-agreement", "id-tc26-agreement", NID_id_tc26_agreement, 7, &so[6473]}, - {"id-tc26-agreement-gost-3410-2012-256", "id-tc26-agreement-gost-3410-2012-256", NID_id_tc26_agreement_gost_3410_2012_256, 8, &so[6480]}, - {"id-tc26-agreement-gost-3410-2012-512", "id-tc26-agreement-gost-3410-2012-512", NID_id_tc26_agreement_gost_3410_2012_512, 8, &so[6488]}, - {"id-tc26-constants", "id-tc26-constants", NID_id_tc26_constants, 6, &so[6496]}, - {"id-tc26-sign-constants", "id-tc26-sign-constants", NID_id_tc26_sign_constants, 7, &so[6502]}, - {"id-tc26-gost-3410-2012-512-constants", "id-tc26-gost-3410-2012-512-constants", NID_id_tc26_gost_3410_2012_512_constants, 8, &so[6509]}, - {"id-tc26-gost-3410-2012-512-paramSetTest", "GOST R 34.10-2012 (512 bit) testing parameter set", NID_id_tc26_gost_3410_2012_512_paramSetTest, 9, &so[6517]}, - {"id-tc26-gost-3410-2012-512-paramSetA", "GOST R 34.10-2012 (512 bit) ParamSet A", NID_id_tc26_gost_3410_2012_512_paramSetA, 9, &so[6526]}, - {"id-tc26-gost-3410-2012-512-paramSetB", "GOST R 34.10-2012 (512 bit) ParamSet B", NID_id_tc26_gost_3410_2012_512_paramSetB, 9, &so[6535]}, - {"id-tc26-digest-constants", "id-tc26-digest-constants", NID_id_tc26_digest_constants, 7, &so[6544]}, - {"id-tc26-cipher-constants", "id-tc26-cipher-constants", NID_id_tc26_cipher_constants, 7, &so[6551]}, - {"id-tc26-gost-28147-constants", "id-tc26-gost-28147-constants", NID_id_tc26_gost_28147_constants, 8, &so[6558]}, - {"id-tc26-gost-28147-param-Z", "GOST 28147-89 TC26 parameter set", NID_id_tc26_gost_28147_param_Z, 9, &so[6566]}, - {"INN", "INN", NID_INN, 8, &so[6575]}, - {"OGRN", "OGRN", NID_OGRN, 5, &so[6583]}, - {"SNILS", "SNILS", NID_SNILS, 5, &so[6588]}, - {"subjectSignTool", "Signing Tool of Subject", NID_subjectSignTool, 5, &so[6593]}, - {"issuerSignTool", "Signing Tool of Issuer", NID_issuerSignTool, 5, &so[6598]}, + {"id-tc26-algorithms", "id-tc26-algorithms", NID_id_tc26_algorithms, 6, &so[6384]}, + {"id-tc26-sign", "id-tc26-sign", NID_id_tc26_sign, 7, &so[6390]}, + {"gost2012_256", "GOST R 34.10-2012 with 256 bit modulus", NID_id_GostR3410_2012_256, 8, &so[6397]}, + {"gost2012_512", "GOST R 34.10-2012 with 512 bit modulus", NID_id_GostR3410_2012_512, 8, &so[6405]}, + {"id-tc26-digest", "id-tc26-digest", NID_id_tc26_digest, 7, &so[6413]}, + {"md_gost12_256", "GOST R 34.11-2012 with 256 bit hash", NID_id_GostR3411_2012_256, 8, &so[6420]}, + {"md_gost12_512", "GOST R 34.11-2012 with 512 bit hash", NID_id_GostR3411_2012_512, 8, &so[6428]}, + {"id-tc26-signwithdigest", "id-tc26-signwithdigest", NID_id_tc26_signwithdigest, 7, &so[6436]}, + {"id-tc26-signwithdigest-gost3410-2012-256", "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)", NID_id_tc26_signwithdigest_gost3410_2012_256, 8, &so[6443]}, + {"id-tc26-signwithdigest-gost3410-2012-512", "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)", NID_id_tc26_signwithdigest_gost3410_2012_512, 8, &so[6451]}, + {"id-tc26-mac", "id-tc26-mac", NID_id_tc26_mac, 7, &so[6459]}, + {"id-tc26-hmac-gost-3411-2012-256", "HMAC GOST 34.11-2012 256 bit", NID_id_tc26_hmac_gost_3411_2012_256, 8, &so[6466]}, + {"id-tc26-hmac-gost-3411-2012-512", "HMAC GOST 34.11-2012 512 bit", NID_id_tc26_hmac_gost_3411_2012_512, 8, &so[6474]}, + {"id-tc26-cipher", "id-tc26-cipher", NID_id_tc26_cipher, 7, &so[6482]}, + {"id-tc26-agreement", "id-tc26-agreement", NID_id_tc26_agreement, 7, &so[6489]}, + {"id-tc26-agreement-gost-3410-2012-256", "id-tc26-agreement-gost-3410-2012-256", NID_id_tc26_agreement_gost_3410_2012_256, 8, &so[6496]}, + {"id-tc26-agreement-gost-3410-2012-512", "id-tc26-agreement-gost-3410-2012-512", NID_id_tc26_agreement_gost_3410_2012_512, 8, &so[6504]}, + {"id-tc26-constants", "id-tc26-constants", NID_id_tc26_constants, 6, &so[6512]}, + {"id-tc26-sign-constants", "id-tc26-sign-constants", NID_id_tc26_sign_constants, 7, &so[6518]}, + {"id-tc26-gost-3410-2012-512-constants", "id-tc26-gost-3410-2012-512-constants", NID_id_tc26_gost_3410_2012_512_constants, 8, &so[6525]}, + {"id-tc26-gost-3410-2012-512-paramSetTest", "GOST R 34.10-2012 (512 bit) testing parameter set", NID_id_tc26_gost_3410_2012_512_paramSetTest, 9, &so[6533]}, + {"id-tc26-gost-3410-2012-512-paramSetA", "GOST R 34.10-2012 (512 bit) ParamSet A", NID_id_tc26_gost_3410_2012_512_paramSetA, 9, &so[6542]}, + {"id-tc26-gost-3410-2012-512-paramSetB", "GOST R 34.10-2012 (512 bit) ParamSet B", NID_id_tc26_gost_3410_2012_512_paramSetB, 9, &so[6551]}, + {"id-tc26-digest-constants", "id-tc26-digest-constants", NID_id_tc26_digest_constants, 7, &so[6560]}, + {"id-tc26-cipher-constants", "id-tc26-cipher-constants", NID_id_tc26_cipher_constants, 7, &so[6567]}, + {"id-tc26-gost-28147-constants", "id-tc26-gost-28147-constants", NID_id_tc26_gost_28147_constants, 8, &so[6574]}, + {"id-tc26-gost-28147-param-Z", "GOST 28147-89 TC26 parameter set", NID_id_tc26_gost_28147_param_Z, 9, &so[6582]}, + {"INN", "INN", NID_INN, 8, &so[6591]}, + {"OGRN", "OGRN", NID_OGRN, 5, &so[6599]}, + {"SNILS", "SNILS", NID_SNILS, 5, &so[6604]}, + {"subjectSignTool", "Signing Tool of Subject", NID_subjectSignTool, 5, &so[6609]}, + {"issuerSignTool", "Signing Tool of Issuer", NID_issuerSignTool, 5, &so[6614]}, {"gost89-cbc", "gost89-cbc", NID_gost89_cbc}, {"gost89-ecb", "gost89-ecb", NID_gost89_ecb}, {"gost89-ctr", "gost89-ctr", NID_gost89_ctr}, @@ -1985,22 +2100,22 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = { {"grasshopper-mac", "grasshopper-mac", NID_grasshopper_mac}, {"ChaCha20-Poly1305", "chacha20-poly1305", NID_chacha20_poly1305}, {"ChaCha20", "chacha20", NID_chacha20}, - {"tlsfeature", "TLS Feature", NID_tlsfeature, 8, &so[6603]}, + {"tlsfeature", "TLS Feature", NID_tlsfeature, 8, &so[6619]}, {"TLS1-PRF", "tls1-prf", NID_tls1_prf}, - {"ipsecIKE", "ipsec Internet Key Exchange", NID_ipsec_IKE, 8, &so[6611]}, - {"capwapAC", "Ctrl/provision WAP Access", NID_capwapAC, 8, &so[6619]}, - {"capwapWTP", "Ctrl/Provision WAP Termination", NID_capwapWTP, 8, &so[6627]}, - {"secureShellClient", "SSH Client", NID_sshClient, 8, &so[6635]}, - {"secureShellServer", "SSH Server", NID_sshServer, 8, &so[6643]}, - {"sendRouter", "Send Router", NID_sendRouter, 8, &so[6651]}, - {"sendProxiedRouter", "Send Proxied Router", NID_sendProxiedRouter, 8, &so[6659]}, - {"sendOwner", "Send Owner", NID_sendOwner, 8, &so[6667]}, - {"sendProxiedOwner", "Send Proxied Owner", NID_sendProxiedOwner, 8, &so[6675]}, - {"id-pkinit", "id-pkinit", NID_id_pkinit, 6, &so[6683]}, - {"pkInitClientAuth", "PKINIT Client Auth", NID_pkInitClientAuth, 7, &so[6689]}, - {"pkInitKDC", "Signing KDC Response", NID_pkInitKDC, 7, &so[6696]}, - {"X25519", "X25519", NID_X25519, 3, &so[6703]}, - {"X448", "X448", NID_X448, 3, &so[6706]}, + {"ipsecIKE", "ipsec Internet Key Exchange", NID_ipsec_IKE, 8, &so[6627]}, + {"capwapAC", "Ctrl/provision WAP Access", NID_capwapAC, 8, &so[6635]}, + {"capwapWTP", "Ctrl/Provision WAP Termination", NID_capwapWTP, 8, &so[6643]}, + {"secureShellClient", "SSH Client", NID_sshClient, 8, &so[6651]}, + {"secureShellServer", "SSH Server", NID_sshServer, 8, &so[6659]}, + {"sendRouter", "Send Router", NID_sendRouter, 8, &so[6667]}, + {"sendProxiedRouter", "Send Proxied Router", NID_sendProxiedRouter, 8, &so[6675]}, + {"sendOwner", "Send Owner", NID_sendOwner, 8, &so[6683]}, + {"sendProxiedOwner", "Send Proxied Owner", NID_sendProxiedOwner, 8, &so[6691]}, + {"id-pkinit", "id-pkinit", NID_id_pkinit, 6, &so[6699]}, + {"pkInitClientAuth", "PKINIT Client Auth", NID_pkInitClientAuth, 7, &so[6705]}, + {"pkInitKDC", "Signing KDC Response", NID_pkInitKDC, 7, &so[6712]}, + {"X25519", "X25519", NID_X25519, 3, &so[6719]}, + {"X448", "X448", NID_X448, 3, &so[6722]}, {"HKDF", "hkdf", NID_hkdf}, {"KxRSA", "kx-rsa", NID_kx_rsa}, {"KxECDHE", "kx-ecdhe", NID_kx_ecdhe}, @@ -2021,14 +2136,148 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = { {"AuthNULL", "auth-null", NID_auth_null}, { NULL, NULL, NID_undef }, { NULL, NULL, NID_undef }, - {"BLAKE2b512", "blake2b512", NID_blake2b512, 11, &so[6709]}, - {"BLAKE2s256", "blake2s256", NID_blake2s256, 11, &so[6720]}, - {"id-smime-ct-contentCollection", "id-smime-ct-contentCollection", NID_id_smime_ct_contentCollection, 11, &so[6731]}, - {"id-smime-ct-authEnvelopedData", "id-smime-ct-authEnvelopedData", NID_id_smime_ct_authEnvelopedData, 11, &so[6742]}, - {"id-ct-xml", "id-ct-xml", NID_id_ct_xml, 11, &so[6753]}, + {"BLAKE2b512", "blake2b512", NID_blake2b512, 11, &so[6725]}, + {"BLAKE2s256", "blake2s256", NID_blake2s256, 11, &so[6736]}, + {"id-smime-ct-contentCollection", "id-smime-ct-contentCollection", NID_id_smime_ct_contentCollection, 11, &so[6747]}, + {"id-smime-ct-authEnvelopedData", "id-smime-ct-authEnvelopedData", NID_id_smime_ct_authEnvelopedData, 11, &so[6758]}, + {"id-ct-xml", "id-ct-xml", NID_id_ct_xml, 11, &so[6769]}, + {"Poly1305", "poly1305", NID_poly1305}, + {"SipHash", "siphash", NID_siphash}, + {"KxANY", "kx-any", NID_kx_any}, + {"AuthANY", "auth-any", NID_auth_any}, + {"ARIA-128-ECB", "aria-128-ecb", NID_aria_128_ecb, 9, &so[6780]}, + {"ARIA-128-CBC", "aria-128-cbc", NID_aria_128_cbc, 9, &so[6789]}, + {"ARIA-128-CFB", "aria-128-cfb", NID_aria_128_cfb128, 9, &so[6798]}, + {"ARIA-128-OFB", "aria-128-ofb", NID_aria_128_ofb128, 9, &so[6807]}, + {"ARIA-128-CTR", "aria-128-ctr", NID_aria_128_ctr, 9, &so[6816]}, + {"ARIA-192-ECB", "aria-192-ecb", NID_aria_192_ecb, 9, &so[6825]}, + {"ARIA-192-CBC", "aria-192-cbc", NID_aria_192_cbc, 9, &so[6834]}, + {"ARIA-192-CFB", "aria-192-cfb", NID_aria_192_cfb128, 9, &so[6843]}, + {"ARIA-192-OFB", "aria-192-ofb", NID_aria_192_ofb128, 9, &so[6852]}, + {"ARIA-192-CTR", "aria-192-ctr", NID_aria_192_ctr, 9, &so[6861]}, + {"ARIA-256-ECB", "aria-256-ecb", NID_aria_256_ecb, 9, &so[6870]}, + {"ARIA-256-CBC", "aria-256-cbc", NID_aria_256_cbc, 9, &so[6879]}, + {"ARIA-256-CFB", "aria-256-cfb", NID_aria_256_cfb128, 9, &so[6888]}, + {"ARIA-256-OFB", "aria-256-ofb", NID_aria_256_ofb128, 9, &so[6897]}, + {"ARIA-256-CTR", "aria-256-ctr", NID_aria_256_ctr, 9, &so[6906]}, + {"ARIA-128-CFB1", "aria-128-cfb1", NID_aria_128_cfb1}, + {"ARIA-192-CFB1", "aria-192-cfb1", NID_aria_192_cfb1}, + {"ARIA-256-CFB1", "aria-256-cfb1", NID_aria_256_cfb1}, + {"ARIA-128-CFB8", "aria-128-cfb8", NID_aria_128_cfb8}, + {"ARIA-192-CFB8", "aria-192-cfb8", NID_aria_192_cfb8}, + {"ARIA-256-CFB8", "aria-256-cfb8", NID_aria_256_cfb8}, + {"id-smime-aa-signingCertificateV2", "id-smime-aa-signingCertificateV2", NID_id_smime_aa_signingCertificateV2, 11, &so[6915]}, + {"ED25519", "ED25519", NID_ED25519, 3, &so[6926]}, + {"ED448", "ED448", NID_ED448, 3, &so[6929]}, + {"organizationIdentifier", "organizationIdentifier", NID_organizationIdentifier, 3, &so[6932]}, + {"c3", "countryCode3c", NID_countryCode3c, 3, &so[6935]}, + {"n3", "countryCode3n", NID_countryCode3n, 3, &so[6938]}, + {"dnsName", "dnsName", NID_dnsName, 3, &so[6941]}, + {"x509ExtAdmission", "Professional Information or basis for Admission", NID_x509ExtAdmission, 5, &so[6944]}, + {"SHA512-224", "sha512-224", NID_sha512_224, 9, &so[6949]}, + {"SHA512-256", "sha512-256", NID_sha512_256, 9, &so[6958]}, + {"SHA3-224", "sha3-224", NID_sha3_224, 9, &so[6967]}, + {"SHA3-256", "sha3-256", NID_sha3_256, 9, &so[6976]}, + {"SHA3-384", "sha3-384", NID_sha3_384, 9, &so[6985]}, + {"SHA3-512", "sha3-512", NID_sha3_512, 9, &so[6994]}, + {"SHAKE128", "shake128", NID_shake128, 9, &so[7003]}, + {"SHAKE256", "shake256", NID_shake256, 9, &so[7012]}, + {"id-hmacWithSHA3-224", "hmac-sha3-224", NID_hmac_sha3_224, 9, &so[7021]}, + {"id-hmacWithSHA3-256", "hmac-sha3-256", NID_hmac_sha3_256, 9, &so[7030]}, + {"id-hmacWithSHA3-384", "hmac-sha3-384", NID_hmac_sha3_384, 9, &so[7039]}, + {"id-hmacWithSHA3-512", "hmac-sha3-512", NID_hmac_sha3_512, 9, &so[7048]}, + {"id-dsa-with-sha384", "dsa_with_SHA384", NID_dsa_with_SHA384, 9, &so[7057]}, + {"id-dsa-with-sha512", "dsa_with_SHA512", NID_dsa_with_SHA512, 9, &so[7066]}, + {"id-dsa-with-sha3-224", "dsa_with_SHA3-224", NID_dsa_with_SHA3_224, 9, &so[7075]}, + {"id-dsa-with-sha3-256", "dsa_with_SHA3-256", NID_dsa_with_SHA3_256, 9, &so[7084]}, + {"id-dsa-with-sha3-384", "dsa_with_SHA3-384", NID_dsa_with_SHA3_384, 9, &so[7093]}, + {"id-dsa-with-sha3-512", "dsa_with_SHA3-512", NID_dsa_with_SHA3_512, 9, &so[7102]}, + {"id-ecdsa-with-sha3-224", "ecdsa_with_SHA3-224", NID_ecdsa_with_SHA3_224, 9, &so[7111]}, + {"id-ecdsa-with-sha3-256", "ecdsa_with_SHA3-256", NID_ecdsa_with_SHA3_256, 9, &so[7120]}, + {"id-ecdsa-with-sha3-384", "ecdsa_with_SHA3-384", NID_ecdsa_with_SHA3_384, 9, &so[7129]}, + {"id-ecdsa-with-sha3-512", "ecdsa_with_SHA3-512", NID_ecdsa_with_SHA3_512, 9, &so[7138]}, + {"id-rsassa-pkcs1-v1_5-with-sha3-224", "RSA-SHA3-224", NID_RSA_SHA3_224, 9, &so[7147]}, + {"id-rsassa-pkcs1-v1_5-with-sha3-256", "RSA-SHA3-256", NID_RSA_SHA3_256, 9, &so[7156]}, + {"id-rsassa-pkcs1-v1_5-with-sha3-384", "RSA-SHA3-384", NID_RSA_SHA3_384, 9, &so[7165]}, + {"id-rsassa-pkcs1-v1_5-with-sha3-512", "RSA-SHA3-512", NID_RSA_SHA3_512, 9, &so[7174]}, + {"ARIA-128-CCM", "aria-128-ccm", NID_aria_128_ccm, 9, &so[7183]}, + {"ARIA-192-CCM", "aria-192-ccm", NID_aria_192_ccm, 9, &so[7192]}, + {"ARIA-256-CCM", "aria-256-ccm", NID_aria_256_ccm, 9, &so[7201]}, + {"ARIA-128-GCM", "aria-128-gcm", NID_aria_128_gcm, 9, &so[7210]}, + {"ARIA-192-GCM", "aria-192-gcm", NID_aria_192_gcm, 9, &so[7219]}, + {"ARIA-256-GCM", "aria-256-gcm", NID_aria_256_gcm, 9, &so[7228]}, + {"ffdhe2048", "ffdhe2048", NID_ffdhe2048}, + {"ffdhe3072", "ffdhe3072", NID_ffdhe3072}, + {"ffdhe4096", "ffdhe4096", NID_ffdhe4096}, + {"ffdhe6144", "ffdhe6144", NID_ffdhe6144}, + {"ffdhe8192", "ffdhe8192", NID_ffdhe8192}, + {"cmcCA", "CMC Certificate Authority", NID_cmcCA, 8, &so[7237]}, + {"cmcRA", "CMC Registration Authority", NID_cmcRA, 8, &so[7245]}, + {"SM4-ECB", "sm4-ecb", NID_sm4_ecb, 8, &so[7253]}, + {"SM4-CBC", "sm4-cbc", NID_sm4_cbc, 8, &so[7261]}, + {"SM4-OFB", "sm4-ofb", NID_sm4_ofb128, 8, &so[7269]}, + {"SM4-CFB1", "sm4-cfb1", NID_sm4_cfb1, 8, &so[7277]}, + {"SM4-CFB", "sm4-cfb", NID_sm4_cfb128, 8, &so[7285]}, + {"SM4-CFB8", "sm4-cfb8", NID_sm4_cfb8, 8, &so[7293]}, + {"SM4-CTR", "sm4-ctr", NID_sm4_ctr, 8, &so[7301]}, + {"ISO-CN", "ISO CN Member Body", NID_ISO_CN, 3, &so[7309]}, + {"oscca", "oscca", NID_oscca, 5, &so[7312]}, + {"sm-scheme", "sm-scheme", NID_sm_scheme, 6, &so[7317]}, + {"SM3", "sm3", NID_sm3, 8, &so[7323]}, + {"RSA-SM3", "sm3WithRSAEncryption", NID_sm3WithRSAEncryption, 8, &so[7331]}, + {"RSA-SHA512/224", "sha512-224WithRSAEncryption", NID_sha512_224WithRSAEncryption, 9, &so[7339]}, + {"RSA-SHA512/256", "sha512-256WithRSAEncryption", NID_sha512_256WithRSAEncryption, 9, &so[7348]}, + {"id-tc26-gost-3410-2012-256-constants", "id-tc26-gost-3410-2012-256-constants", NID_id_tc26_gost_3410_2012_256_constants, 8, &so[7357]}, + {"id-tc26-gost-3410-2012-256-paramSetA", "GOST R 34.10-2012 (256 bit) ParamSet A", NID_id_tc26_gost_3410_2012_256_paramSetA, 9, &so[7365]}, + {"id-tc26-gost-3410-2012-512-paramSetC", "GOST R 34.10-2012 (512 bit) ParamSet C", NID_id_tc26_gost_3410_2012_512_paramSetC, 9, &so[7374]}, + {"ISO-UA", "ISO-UA", NID_ISO_UA, 3, &so[7383]}, + {"ua-pki", "ua-pki", NID_ua_pki, 7, &so[7386]}, + {"dstu28147", "DSTU Gost 28147-2009", NID_dstu28147, 10, &so[7393]}, + {"dstu28147-ofb", "DSTU Gost 28147-2009 OFB mode", NID_dstu28147_ofb, 11, &so[7403]}, + {"dstu28147-cfb", "DSTU Gost 28147-2009 CFB mode", NID_dstu28147_cfb, 11, &so[7414]}, + {"dstu28147-wrap", "DSTU Gost 28147-2009 key wrap", NID_dstu28147_wrap, 11, &so[7425]}, + {"hmacWithDstu34311", "HMAC DSTU Gost 34311-95", NID_hmacWithDstu34311, 10, &so[7436]}, + {"dstu34311", "DSTU Gost 34311-95", NID_dstu34311, 10, &so[7446]}, + {"dstu4145le", "DSTU 4145-2002 little endian", NID_dstu4145le, 11, &so[7456]}, + {"dstu4145be", "DSTU 4145-2002 big endian", NID_dstu4145be, 13, &so[7467]}, + {"uacurve0", "DSTU curve 0", NID_uacurve0, 13, &so[7480]}, + {"uacurve1", "DSTU curve 1", NID_uacurve1, 13, &so[7493]}, + {"uacurve2", "DSTU curve 2", NID_uacurve2, 13, &so[7506]}, + {"uacurve3", "DSTU curve 3", NID_uacurve3, 13, &so[7519]}, + {"uacurve4", "DSTU curve 4", NID_uacurve4, 13, &so[7532]}, + {"uacurve5", "DSTU curve 5", NID_uacurve5, 13, &so[7545]}, + {"uacurve6", "DSTU curve 6", NID_uacurve6, 13, &so[7558]}, + {"uacurve7", "DSTU curve 7", NID_uacurve7, 13, &so[7571]}, + {"uacurve8", "DSTU curve 8", NID_uacurve8, 13, &so[7584]}, + {"uacurve9", "DSTU curve 9", NID_uacurve9, 13, &so[7597]}, + {"ieee", "ieee", NID_ieee, 2, &so[7610]}, + {"ieee-siswg", "IEEE Security in Storage Working Group", NID_ieee_siswg, 5, &so[7612]}, + {"SM2", "sm2", NID_sm2, 8, &so[7617]}, + {"id-tc26-cipher-gostr3412-2015-magma", "id-tc26-cipher-gostr3412-2015-magma", NID_id_tc26_cipher_gostr3412_2015_magma, 8, &so[7625]}, + {"id-tc26-cipher-gostr3412-2015-magma-ctracpkm", "id-tc26-cipher-gostr3412-2015-magma-ctracpkm", NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm, 9, &so[7633]}, + {"id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac", "id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac", NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac, 9, &so[7642]}, + {"id-tc26-cipher-gostr3412-2015-kuznyechik", "id-tc26-cipher-gostr3412-2015-kuznyechik", NID_id_tc26_cipher_gostr3412_2015_kuznyechik, 8, &so[7651]}, + {"id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm", "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm", NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm, 9, &so[7659]}, + {"id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac", "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac", NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac, 9, &so[7668]}, + {"id-tc26-wrap", "id-tc26-wrap", NID_id_tc26_wrap, 7, &so[7677]}, + {"id-tc26-wrap-gostr3412-2015-magma", "id-tc26-wrap-gostr3412-2015-magma", NID_id_tc26_wrap_gostr3412_2015_magma, 8, &so[7684]}, + {"id-tc26-wrap-gostr3412-2015-magma-kexp15", "id-tc26-wrap-gostr3412-2015-magma-kexp15", NID_id_tc26_wrap_gostr3412_2015_magma_kexp15, 9, &so[7692]}, + {"id-tc26-wrap-gostr3412-2015-kuznyechik", "id-tc26-wrap-gostr3412-2015-kuznyechik", NID_id_tc26_wrap_gostr3412_2015_kuznyechik, 8, &so[7701]}, + {"id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15", "id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15", NID_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15, 9, &so[7709]}, + {"id-tc26-gost-3410-2012-256-paramSetB", "GOST R 34.10-2012 (256 bit) ParamSet B", NID_id_tc26_gost_3410_2012_256_paramSetB, 9, &so[7718]}, + {"id-tc26-gost-3410-2012-256-paramSetC", "GOST R 34.10-2012 (256 bit) ParamSet C", NID_id_tc26_gost_3410_2012_256_paramSetC, 9, &so[7727]}, + {"id-tc26-gost-3410-2012-256-paramSetD", "GOST R 34.10-2012 (256 bit) ParamSet D", NID_id_tc26_gost_3410_2012_256_paramSetD, 9, &so[7736]}, + {"magma-ecb", "magma-ecb", NID_magma_ecb}, + {"magma-ctr", "magma-ctr", NID_magma_ctr}, + {"magma-ofb", "magma-ofb", NID_magma_ofb}, + {"magma-cbc", "magma-cbc", NID_magma_cbc}, + {"magma-cfb", "magma-cfb", NID_magma_cfb}, + {"magma-mac", "magma-mac", NID_magma_mac}, + {"hmacWithSHA512-224", "hmacWithSHA512-224", NID_hmacWithSHA512_224, 8, &so[7745]}, + {"hmacWithSHA512-256", "hmacWithSHA512-256", NID_hmacWithSHA512_256, 8, &so[7753]}, }; -#define NUM_SN 1052 +#define NUM_SN 1186 static const unsigned int sn_objs[NUM_SN] = { 364, /* "AD_DVCS" */ 419, /* "AES-128-CBC" */ @@ -2063,6 +2312,34 @@ static const unsigned int sn_objs[NUM_SN] = { 960, /* "AES-256-OCB" */ 428, /* "AES-256-OFB" */ 914, /* "AES-256-XTS" */ + 1066, /* "ARIA-128-CBC" */ + 1120, /* "ARIA-128-CCM" */ + 1067, /* "ARIA-128-CFB" */ + 1080, /* "ARIA-128-CFB1" */ + 1083, /* "ARIA-128-CFB8" */ + 1069, /* "ARIA-128-CTR" */ + 1065, /* "ARIA-128-ECB" */ + 1123, /* "ARIA-128-GCM" */ + 1068, /* "ARIA-128-OFB" */ + 1071, /* "ARIA-192-CBC" */ + 1121, /* "ARIA-192-CCM" */ + 1072, /* "ARIA-192-CFB" */ + 1081, /* "ARIA-192-CFB1" */ + 1084, /* "ARIA-192-CFB8" */ + 1074, /* "ARIA-192-CTR" */ + 1070, /* "ARIA-192-ECB" */ + 1124, /* "ARIA-192-GCM" */ + 1073, /* "ARIA-192-OFB" */ + 1076, /* "ARIA-256-CBC" */ + 1122, /* "ARIA-256-CCM" */ + 1077, /* "ARIA-256-CFB" */ + 1082, /* "ARIA-256-CFB1" */ + 1085, /* "ARIA-256-CFB8" */ + 1079, /* "ARIA-256-CTR" */ + 1075, /* "ARIA-256-ECB" */ + 1125, /* "ARIA-256-GCM" */ + 1078, /* "ARIA-256-OFB" */ + 1064, /* "AuthANY" */ 1049, /* "AuthDSS" */ 1047, /* "AuthECDSA" */ 1050, /* "AuthGOST01" */ @@ -2145,6 +2422,8 @@ static const unsigned int sn_objs[NUM_SN] = { 70, /* "DSA-SHA1-old" */ 67, /* "DSA-old" */ 297, /* "DVCS" */ + 1087, /* "ED25519" */ + 1088, /* "ED448" */ 99, /* "GN" */ 1036, /* "HKDF" */ 855, /* "HMAC" */ @@ -2157,10 +2436,13 @@ static const unsigned int sn_objs[NUM_SN] = { 46, /* "IDEA-OFB" */ 1004, /* "INN" */ 181, /* "ISO" */ + 1140, /* "ISO-CN" */ + 1150, /* "ISO-UA" */ 183, /* "ISO-US" */ 645, /* "ITU-T" */ 646, /* "JOINT-ISO-ITU-T" */ 773, /* "KISA" */ + 1063, /* "KxANY" */ 1039, /* "KxDHE" */ 1041, /* "KxDHE-PSK" */ 1038, /* "KxECDHE" */ @@ -2208,6 +2490,7 @@ static const unsigned int sn_objs[NUM_SN] = { 162, /* "PBMAC1" */ 127, /* "PKIX" */ 935, /* "PSPECIFIED" */ + 1061, /* "Poly1305" */ 98, /* "RC2-40-CBC" */ 166, /* "RC2-64-CBC" */ 37, /* "RC2-CBC" */ @@ -2236,6 +2519,9 @@ static const unsigned int sn_objs[NUM_SN] = { 668, /* "RSA-SHA256" */ 669, /* "RSA-SHA384" */ 670, /* "RSA-SHA512" */ + 1145, /* "RSA-SHA512/224" */ + 1146, /* "RSA-SHA512/256" */ + 1144, /* "RSA-SM3" */ 919, /* "RSAES-OAEP" */ 912, /* "RSASSA-PSS" */ 777, /* "SEED-CBC" */ @@ -2246,14 +2532,32 @@ static const unsigned int sn_objs[NUM_SN] = { 64, /* "SHA1" */ 675, /* "SHA224" */ 672, /* "SHA256" */ + 1096, /* "SHA3-224" */ + 1097, /* "SHA3-256" */ + 1098, /* "SHA3-384" */ + 1099, /* "SHA3-512" */ 673, /* "SHA384" */ 674, /* "SHA512" */ + 1094, /* "SHA512-224" */ + 1095, /* "SHA512-256" */ + 1100, /* "SHAKE128" */ + 1101, /* "SHAKE256" */ + 1172, /* "SM2" */ + 1143, /* "SM3" */ + 1134, /* "SM4-CBC" */ + 1137, /* "SM4-CFB" */ + 1136, /* "SM4-CFB1" */ + 1138, /* "SM4-CFB8" */ + 1139, /* "SM4-CTR" */ + 1133, /* "SM4-ECB" */ + 1135, /* "SM4-OFB" */ 188, /* "SMIME" */ 167, /* "SMIME-CAPS" */ 100, /* "SN" */ 1006, /* "SNILS" */ 16, /* "ST" */ 143, /* "SXNetID" */ + 1062, /* "SipHash" */ 1021, /* "TLS1-PRF" */ 458, /* "UID" */ 0, /* "UNDEF" */ @@ -2323,6 +2627,7 @@ static const unsigned int sn_objs[NUM_SN] = { 696, /* "c2tnb239v3" */ 701, /* "c2tnb359v1" */ 703, /* "c2tnb431r1" */ + 1090, /* "c3" */ 881, /* "cACertificate" */ 483, /* "cNAMERecord" */ 179, /* "caIssuers" */ @@ -2339,6 +2644,8 @@ static const unsigned int sn_objs[NUM_SN] = { 407, /* "characteristic-two-field" */ 395, /* "clearance" */ 130, /* "clientAuth" */ + 1131, /* "cmcCA" */ + 1132, /* "cmcRA" */ 131, /* "codeSigning" */ 50, /* "contentType" */ 53, /* "countersignature" */ @@ -2379,6 +2686,7 @@ static const unsigned int sn_objs[NUM_SN] = { 887, /* "distinguishedName" */ 892, /* "dmdName" */ 174, /* "dnQualifier" */ + 1092, /* "dnsName" */ 447, /* "document" */ 471, /* "documentAuthor" */ 468, /* "documentIdentifier" */ @@ -2391,6 +2699,13 @@ static const unsigned int sn_objs[NUM_SN] = { 452, /* "domainRelatedObject" */ 802, /* "dsa_with_SHA224" */ 803, /* "dsa_with_SHA256" */ + 1152, /* "dstu28147" */ + 1154, /* "dstu28147-cfb" */ + 1153, /* "dstu28147-ofb" */ + 1155, /* "dstu28147-wrap" */ + 1157, /* "dstu34311" */ + 1159, /* "dstu4145be" */ + 1158, /* "dstu4145le" */ 791, /* "ecdsa-with-Recommended" */ 416, /* "ecdsa-with-SHA1" */ 793, /* "ecdsa-with-SHA224" */ @@ -2409,6 +2724,11 @@ static const unsigned int sn_objs[NUM_SN] = { 372, /* "extendedStatus" */ 867, /* "facsimileTelephoneNumber" */ 462, /* "favouriteDrink" */ + 1126, /* "ffdhe2048" */ + 1127, /* "ffdhe3072" */ + 1128, /* "ffdhe4096" */ + 1129, /* "ffdhe6144" */ + 1130, /* "ffdhe8192" */ 857, /* "freshestCRL" */ 453, /* "friendlyCountry" */ 490, /* "friendlyCountryName" */ @@ -2434,12 +2754,15 @@ static const unsigned int sn_objs[NUM_SN] = { 1012, /* "grasshopper-ecb" */ 1017, /* "grasshopper-mac" */ 1014, /* "grasshopper-ofb" */ + 1156, /* "hmacWithDstu34311" */ 797, /* "hmacWithMD5" */ 163, /* "hmacWithSHA1" */ 798, /* "hmacWithSHA224" */ 799, /* "hmacWithSHA256" */ 800, /* "hmacWithSHA384" */ 801, /* "hmacWithSHA512" */ + 1193, /* "hmacWithSHA512-224" */ + 1194, /* "hmacWithSHA512-256" */ 432, /* "holdInstructionCallIssuer" */ 430, /* "holdInstructionCode" */ 431, /* "holdInstructionNone" */ @@ -2548,9 +2871,23 @@ static const unsigned int sn_objs[NUM_SN] = { 331, /* "id-cmc-transactionId" */ 787, /* "id-ct-asciiTextWithCRLF" */ 1060, /* "id-ct-xml" */ + 1108, /* "id-dsa-with-sha3-224" */ + 1109, /* "id-dsa-with-sha3-256" */ + 1110, /* "id-dsa-with-sha3-384" */ + 1111, /* "id-dsa-with-sha3-512" */ + 1106, /* "id-dsa-with-sha384" */ + 1107, /* "id-dsa-with-sha512" */ 408, /* "id-ecPublicKey" */ + 1112, /* "id-ecdsa-with-sha3-224" */ + 1113, /* "id-ecdsa-with-sha3-256" */ + 1114, /* "id-ecdsa-with-sha3-384" */ + 1115, /* "id-ecdsa-with-sha3-512" */ 508, /* "id-hex-multipart-message" */ 507, /* "id-hex-partial-message" */ + 1102, /* "id-hmacWithSHA3-224" */ + 1103, /* "id-hmacWithSHA3-256" */ + 1104, /* "id-hmacWithSHA3-384" */ + 1105, /* "id-hmacWithSHA3-512" */ 260, /* "id-it" */ 302, /* "id-it-caKeyUpdateInfo" */ 298, /* "id-it-caProtEncCert" */ @@ -2617,6 +2954,10 @@ static const unsigned int sn_objs[NUM_SN] = { 314, /* "id-regInfo" */ 322, /* "id-regInfo-certReq" */ 321, /* "id-regInfo-utf8Pairs" */ + 1116, /* "id-rsassa-pkcs1-v1_5-with-sha3-224" */ + 1117, /* "id-rsassa-pkcs1-v1_5-with-sha3-256" */ + 1118, /* "id-rsassa-pkcs1-v1_5-with-sha3-384" */ + 1119, /* "id-rsassa-pkcs1-v1_5-with-sha3-512" */ 973, /* "id-scrypt" */ 512, /* "id-set" */ 191, /* "id-smime-aa" */ @@ -2647,6 +2988,7 @@ static const unsigned int sn_objs[NUM_SN] = { 213, /* "id-smime-aa-securityLabel" */ 239, /* "id-smime-aa-signatureType" */ 223, /* "id-smime-aa-signingCertificate" */ + 1086, /* "id-smime-aa-signingCertificateV2" */ 224, /* "id-smime-aa-smimeEncryptCerts" */ 225, /* "id-smime-aa-timeStampToken" */ 192, /* "id-smime-alg" */ @@ -2697,14 +3039,26 @@ static const unsigned int sn_objs[NUM_SN] = { 977, /* "id-tc26-algorithms" */ 990, /* "id-tc26-cipher" */ 1001, /* "id-tc26-cipher-constants" */ + 1176, /* "id-tc26-cipher-gostr3412-2015-kuznyechik" */ + 1177, /* "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm" */ + 1178, /* "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac" */ + 1173, /* "id-tc26-cipher-gostr3412-2015-magma" */ + 1174, /* "id-tc26-cipher-gostr3412-2015-magma-ctracpkm" */ + 1175, /* "id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac" */ 994, /* "id-tc26-constants" */ 981, /* "id-tc26-digest" */ 1000, /* "id-tc26-digest-constants" */ 1002, /* "id-tc26-gost-28147-constants" */ 1003, /* "id-tc26-gost-28147-param-Z" */ + 1147, /* "id-tc26-gost-3410-2012-256-constants" */ + 1148, /* "id-tc26-gost-3410-2012-256-paramSetA" */ + 1184, /* "id-tc26-gost-3410-2012-256-paramSetB" */ + 1185, /* "id-tc26-gost-3410-2012-256-paramSetC" */ + 1186, /* "id-tc26-gost-3410-2012-256-paramSetD" */ 996, /* "id-tc26-gost-3410-2012-512-constants" */ 998, /* "id-tc26-gost-3410-2012-512-paramSetA" */ 999, /* "id-tc26-gost-3410-2012-512-paramSetB" */ + 1149, /* "id-tc26-gost-3410-2012-512-paramSetC" */ 997, /* "id-tc26-gost-3410-2012-512-paramSetTest" */ 988, /* "id-tc26-hmac-gost-3411-2012-256" */ 989, /* "id-tc26-hmac-gost-3411-2012-512" */ @@ -2714,7 +3068,14 @@ static const unsigned int sn_objs[NUM_SN] = { 984, /* "id-tc26-signwithdigest" */ 985, /* "id-tc26-signwithdigest-gost3410-2012-256" */ 986, /* "id-tc26-signwithdigest-gost3410-2012-512" */ + 1179, /* "id-tc26-wrap" */ + 1182, /* "id-tc26-wrap-gostr3412-2015-kuznyechik" */ + 1183, /* "id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15" */ + 1180, /* "id-tc26-wrap-gostr3412-2015-magma" */ + 1181, /* "id-tc26-wrap-gostr3412-2015-magma-kexp15" */ 676, /* "identified-organization" */ + 1170, /* "ieee" */ + 1171, /* "ieee-siswg" */ 461, /* "info" */ 748, /* "inhibitAnyPolicy" */ 101, /* "initials" */ @@ -2738,6 +3099,12 @@ static const unsigned int sn_objs[NUM_SN] = { 476, /* "lastModifiedTime" */ 157, /* "localKeyID" */ 480, /* "mXRecord" */ + 1190, /* "magma-cbc" */ + 1191, /* "magma-cfb" */ + 1188, /* "magma-ctr" */ + 1187, /* "magma-ecb" */ + 1192, /* "magma-mac" */ + 1189, /* "magma-ofb" */ 460, /* "mail" */ 493, /* "mailPreferenceOption" */ 467, /* "manager" */ @@ -2760,6 +3127,7 @@ static const unsigned int sn_objs[NUM_SN] = { 137, /* "msSGC" */ 648, /* "msSmartcardLogin" */ 649, /* "msUPN" */ + 1091, /* "n3" */ 481, /* "nSRecord" */ 173, /* "name" */ 666, /* "nameConstraints" */ @@ -2778,7 +3146,9 @@ static const unsigned int sn_objs[NUM_SN] = { 139, /* "nsSGC" */ 77, /* "nsSslServerName" */ 681, /* "onBasis" */ + 1089, /* "organizationIdentifier" */ 491, /* "organizationalStatus" */ + 1141, /* "oscca" */ 475, /* "otherMailbox" */ 876, /* "owner" */ 489, /* "pagerTelephoneNumber" */ @@ -3033,6 +3403,7 @@ static const unsigned int sn_objs[NUM_SN] = { 52, /* "signingTime" */ 454, /* "simpleSecurityObject" */ 496, /* "singleLevelQuality" */ + 1142, /* "sm-scheme" */ 387, /* "snmpv2" */ 660, /* "street" */ 85, /* "subjectAltName" */ @@ -3055,6 +3426,17 @@ static const unsigned int sn_objs[NUM_SN] = { 1020, /* "tlsfeature" */ 682, /* "tpBasis" */ 375, /* "trustRoot" */ + 1151, /* "ua-pki" */ + 1160, /* "uacurve0" */ + 1161, /* "uacurve1" */ + 1162, /* "uacurve2" */ + 1163, /* "uacurve3" */ + 1164, /* "uacurve4" */ + 1165, /* "uacurve5" */ + 1166, /* "uacurve6" */ + 1167, /* "uacurve7" */ + 1168, /* "uacurve8" */ + 1169, /* "uacurve9" */ 436, /* "ucl" */ 102, /* "uid" */ 888, /* "uniqueMember" */ @@ -3082,9 +3464,10 @@ static const unsigned int sn_objs[NUM_SN] = { 503, /* "x500UniqueIdentifier" */ 158, /* "x509Certificate" */ 160, /* "x509Crl" */ + 1093, /* "x509ExtAdmission" */ }; -#define NUM_LN 1052 +#define NUM_LN 1186 static const unsigned int ln_objs[NUM_LN] = { 363, /* "AD Time Stamping" */ 405, /* "ANSI X9.62" */ @@ -3096,6 +3479,8 @@ static const unsigned int ln_objs[NUM_LN] = { 285, /* "Biometric Info" */ 179, /* "CA Issuers" */ 785, /* "CA Repository" */ + 1131, /* "CMC Certificate Authority" */ + 1132, /* "CMC Registration Authority" */ 954, /* "CT Certificate SCTs" */ 952, /* "CT Precertificate Poison" */ 951, /* "CT Precertificate SCTs" */ @@ -3103,10 +3488,29 @@ static const unsigned int ln_objs[NUM_LN] = { 131, /* "Code Signing" */ 1024, /* "Ctrl/Provision WAP Termination" */ 1023, /* "Ctrl/provision WAP Access" */ + 1159, /* "DSTU 4145-2002 big endian" */ + 1158, /* "DSTU 4145-2002 little endian" */ + 1152, /* "DSTU Gost 28147-2009" */ + 1154, /* "DSTU Gost 28147-2009 CFB mode" */ + 1153, /* "DSTU Gost 28147-2009 OFB mode" */ + 1155, /* "DSTU Gost 28147-2009 key wrap" */ + 1157, /* "DSTU Gost 34311-95" */ + 1160, /* "DSTU curve 0" */ + 1161, /* "DSTU curve 1" */ + 1162, /* "DSTU curve 2" */ + 1163, /* "DSTU curve 3" */ + 1164, /* "DSTU curve 4" */ + 1165, /* "DSTU curve 5" */ + 1166, /* "DSTU curve 6" */ + 1167, /* "DSTU curve 7" */ + 1168, /* "DSTU curve 8" */ + 1169, /* "DSTU curve 9" */ 783, /* "Diffie-Hellman based MAC" */ 382, /* "Directory" */ 392, /* "Domain" */ 132, /* "E-mail Protection" */ + 1087, /* "ED25519" */ + 1088, /* "ED448" */ 389, /* "Enterprises" */ 384, /* "Experimental" */ 372, /* "Extended OCSP Status" */ @@ -3119,8 +3523,13 @@ static const unsigned int ln_objs[NUM_LN] = { 850, /* "GOST 34.10-94 Cryptocom" */ 811, /* "GOST R 34.10-2001" */ 817, /* "GOST R 34.10-2001 DH" */ + 1148, /* "GOST R 34.10-2012 (256 bit) ParamSet A" */ + 1184, /* "GOST R 34.10-2012 (256 bit) ParamSet B" */ + 1185, /* "GOST R 34.10-2012 (256 bit) ParamSet C" */ + 1186, /* "GOST R 34.10-2012 (256 bit) ParamSet D" */ 998, /* "GOST R 34.10-2012 (512 bit) ParamSet A" */ 999, /* "GOST R 34.10-2012 (512 bit) ParamSet B" */ + 1149, /* "GOST R 34.10-2012 (512 bit) ParamSet C" */ 997, /* "GOST R 34.10-2012 (512 bit) testing parameter set" */ 979, /* "GOST R 34.10-2012 with 256 bit modulus" */ 980, /* "GOST R 34.10-2012 with 512 bit modulus" */ @@ -3137,6 +3546,7 @@ static const unsigned int ln_objs[NUM_LN] = { 808, /* "GOST R 34.11-94 with GOST R 34.10-94" */ 852, /* "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" */ 854, /* "GOST R 3410-2001 Parameter Set Cryptocom" */ + 1156, /* "HMAC DSTU Gost 34311-95" */ 988, /* "HMAC GOST 34.11-2012 256 bit" */ 989, /* "HMAC GOST 34.11-2012 512 bit" */ 810, /* "HMAC GOST 34.11-94" */ @@ -3145,12 +3555,15 @@ static const unsigned int ln_objs[NUM_LN] = { 431, /* "Hold Instruction None" */ 433, /* "Hold Instruction Reject" */ 634, /* "ICC or token signature" */ + 1171, /* "IEEE Security in Storage Working Group" */ 1004, /* "INN" */ 294, /* "IPSec End System" */ 295, /* "IPSec Tunnel" */ 296, /* "IPSec User" */ + 1140, /* "ISO CN Member Body" */ 182, /* "ISO Member Body" */ 183, /* "ISO US Member Body" */ + 1150, /* "ISO-UA" */ 667, /* "Independent" */ 665, /* "Inherit all" */ 647, /* "International Organizations" */ @@ -3200,9 +3613,14 @@ static const unsigned int ln_objs[NUM_LN] = { 164, /* "Policy Qualifier CPS" */ 165, /* "Policy Qualifier User Notice" */ 385, /* "Private" */ + 1093, /* "Professional Information or basis for Admission" */ 663, /* "Proxy Certificate Information" */ 1, /* "RSA Data Security, Inc." */ 2, /* "RSA Data Security, Inc. PKCS" */ + 1116, /* "RSA-SHA3-224" */ + 1117, /* "RSA-SHA3-256" */ + 1118, /* "RSA-SHA3-384" */ + 1119, /* "RSA-SHA3-512" */ 188, /* "S/MIME" */ 167, /* "S/MIME Capabilities" */ 1006, /* "SNILS" */ @@ -3303,9 +3721,37 @@ static const unsigned int ln_objs[NUM_LN] = { 428, /* "aes-256-ofb" */ 914, /* "aes-256-xts" */ 376, /* "algorithm" */ + 1066, /* "aria-128-cbc" */ + 1120, /* "aria-128-ccm" */ + 1067, /* "aria-128-cfb" */ + 1080, /* "aria-128-cfb1" */ + 1083, /* "aria-128-cfb8" */ + 1069, /* "aria-128-ctr" */ + 1065, /* "aria-128-ecb" */ + 1123, /* "aria-128-gcm" */ + 1068, /* "aria-128-ofb" */ + 1071, /* "aria-192-cbc" */ + 1121, /* "aria-192-ccm" */ + 1072, /* "aria-192-cfb" */ + 1081, /* "aria-192-cfb1" */ + 1084, /* "aria-192-cfb8" */ + 1074, /* "aria-192-ctr" */ + 1070, /* "aria-192-ecb" */ + 1124, /* "aria-192-gcm" */ + 1073, /* "aria-192-ofb" */ + 1076, /* "aria-256-cbc" */ + 1122, /* "aria-256-ccm" */ + 1077, /* "aria-256-cfb" */ + 1082, /* "aria-256-cfb1" */ + 1085, /* "aria-256-cfb8" */ + 1079, /* "aria-256-ctr" */ + 1075, /* "aria-256-ecb" */ + 1125, /* "aria-256-gcm" */ + 1078, /* "aria-256-ofb" */ 484, /* "associatedDomain" */ 485, /* "associatedName" */ 501, /* "audio" */ + 1064, /* "auth-any" */ 1049, /* "auth-dss" */ 1047, /* "auth-ecdsa" */ 1050, /* "auth-gost01" */ @@ -3409,6 +3855,8 @@ static const unsigned int ln_objs[NUM_LN] = { 513, /* "content types" */ 50, /* "contentType" */ 53, /* "countersignature" */ + 1090, /* "countryCode3c" */ + 1091, /* "countryCode3n" */ 14, /* "countryName" */ 153, /* "crlBag" */ 884, /* "crossCertificatePair" */ @@ -3458,6 +3906,7 @@ static const unsigned int ln_objs[NUM_LN] = { 887, /* "distinguishedName" */ 892, /* "dmdName" */ 174, /* "dnQualifier" */ + 1092, /* "dnsName" */ 447, /* "document" */ 471, /* "documentAuthor" */ 468, /* "documentIdentifier" */ @@ -3476,6 +3925,12 @@ static const unsigned int ln_objs[NUM_LN] = { 70, /* "dsaWithSHA1-old" */ 802, /* "dsa_with_SHA224" */ 803, /* "dsa_with_SHA256" */ + 1108, /* "dsa_with_SHA3-224" */ + 1109, /* "dsa_with_SHA3-256" */ + 1110, /* "dsa_with_SHA3-384" */ + 1111, /* "dsa_with_SHA3-512" */ + 1106, /* "dsa_with_SHA384" */ + 1107, /* "dsa_with_SHA512" */ 297, /* "dvcs" */ 791, /* "ecdsa-with-Recommended" */ 416, /* "ecdsa-with-SHA1" */ @@ -3484,12 +3939,21 @@ static const unsigned int ln_objs[NUM_LN] = { 795, /* "ecdsa-with-SHA384" */ 796, /* "ecdsa-with-SHA512" */ 792, /* "ecdsa-with-Specified" */ + 1112, /* "ecdsa_with_SHA3-224" */ + 1113, /* "ecdsa_with_SHA3-256" */ + 1114, /* "ecdsa_with_SHA3-384" */ + 1115, /* "ecdsa_with_SHA3-512" */ 48, /* "emailAddress" */ 632, /* "encrypted track 2" */ 885, /* "enhancedSearchGuide" */ 56, /* "extendedCertificateAttributes" */ 867, /* "facsimileTelephoneNumber" */ 462, /* "favouriteDrink" */ + 1126, /* "ffdhe2048" */ + 1127, /* "ffdhe3072" */ + 1128, /* "ffdhe4096" */ + 1129, /* "ffdhe6144" */ + 1130, /* "ffdhe8192" */ 453, /* "friendlyCountry" */ 490, /* "friendlyCountryName" */ 156, /* "friendlyName" */ @@ -3513,12 +3977,18 @@ static const unsigned int ln_objs[NUM_LN] = { 855, /* "hmac" */ 780, /* "hmac-md5" */ 781, /* "hmac-sha1" */ + 1102, /* "hmac-sha3-224" */ + 1103, /* "hmac-sha3-256" */ + 1104, /* "hmac-sha3-384" */ + 1105, /* "hmac-sha3-512" */ 797, /* "hmacWithMD5" */ 163, /* "hmacWithSHA1" */ 798, /* "hmacWithSHA224" */ 799, /* "hmacWithSHA256" */ 800, /* "hmacWithSHA384" */ 801, /* "hmacWithSHA512" */ + 1193, /* "hmacWithSHA512-224" */ + 1194, /* "hmacWithSHA512-256" */ 486, /* "homePostalAddress" */ 473, /* "homeTelephoneNumber" */ 466, /* "host" */ @@ -3670,7 +4140,6 @@ static const unsigned int ln_objs[NUM_LN] = { 314, /* "id-regInfo" */ 322, /* "id-regInfo-certReq" */ 321, /* "id-regInfo-utf8Pairs" */ - 973, /* "id-scrypt" */ 191, /* "id-smime-aa" */ 215, /* "id-smime-aa-contentHint" */ 218, /* "id-smime-aa-contentIdentifier" */ @@ -3699,6 +4168,7 @@ static const unsigned int ln_objs[NUM_LN] = { 213, /* "id-smime-aa-securityLabel" */ 239, /* "id-smime-aa-signatureType" */ 223, /* "id-smime-aa-signingCertificate" */ + 1086, /* "id-smime-aa-signingCertificateV2" */ 224, /* "id-smime-aa-smimeEncryptCerts" */ 225, /* "id-smime-aa-timeStampToken" */ 192, /* "id-smime-alg" */ @@ -3749,20 +4219,33 @@ static const unsigned int ln_objs[NUM_LN] = { 977, /* "id-tc26-algorithms" */ 990, /* "id-tc26-cipher" */ 1001, /* "id-tc26-cipher-constants" */ + 1176, /* "id-tc26-cipher-gostr3412-2015-kuznyechik" */ + 1177, /* "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm" */ + 1178, /* "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac" */ + 1173, /* "id-tc26-cipher-gostr3412-2015-magma" */ + 1174, /* "id-tc26-cipher-gostr3412-2015-magma-ctracpkm" */ + 1175, /* "id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac" */ 994, /* "id-tc26-constants" */ 981, /* "id-tc26-digest" */ 1000, /* "id-tc26-digest-constants" */ 1002, /* "id-tc26-gost-28147-constants" */ + 1147, /* "id-tc26-gost-3410-2012-256-constants" */ 996, /* "id-tc26-gost-3410-2012-512-constants" */ 987, /* "id-tc26-mac" */ 978, /* "id-tc26-sign" */ 995, /* "id-tc26-sign-constants" */ 984, /* "id-tc26-signwithdigest" */ + 1179, /* "id-tc26-wrap" */ + 1182, /* "id-tc26-wrap-gostr3412-2015-kuznyechik" */ + 1183, /* "id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15" */ + 1180, /* "id-tc26-wrap-gostr3412-2015-magma" */ + 1181, /* "id-tc26-wrap-gostr3412-2015-magma-kexp15" */ 34, /* "idea-cbc" */ 35, /* "idea-cfb" */ 36, /* "idea-ecb" */ 46, /* "idea-ofb" */ 676, /* "identified-organization" */ + 1170, /* "ieee" */ 461, /* "info" */ 101, /* "initials" */ 869, /* "internationaliSDNNumber" */ @@ -3779,6 +4262,7 @@ static const unsigned int ln_objs[NUM_LN] = { 956, /* "jurisdictionStateOrProvinceName" */ 150, /* "keyBag" */ 773, /* "kisa" */ + 1063, /* "kx-any" */ 1039, /* "kx-dhe" */ 1041, /* "kx-dhe-psk" */ 1038, /* "kx-ecdhe" */ @@ -3793,6 +4277,12 @@ static const unsigned int ln_objs[NUM_LN] = { 157, /* "localKeyID" */ 15, /* "localityName" */ 480, /* "mXRecord" */ + 1190, /* "magma-cbc" */ + 1191, /* "magma-cfb" */ + 1188, /* "magma-ctr" */ + 1187, /* "magma-ecb" */ + 1192, /* "magma-mac" */ + 1189, /* "magma-ofb" */ 493, /* "mailPreferenceOption" */ 467, /* "manager" */ 3, /* "md2" */ @@ -3817,9 +4307,11 @@ static const unsigned int ln_objs[NUM_LN] = { 173, /* "name" */ 681, /* "onBasis" */ 379, /* "org" */ + 1089, /* "organizationIdentifier" */ 17, /* "organizationName" */ 491, /* "organizationalStatus" */ 18, /* "organizationalUnitName" */ + 1141, /* "oscca" */ 475, /* "otherMailbox" */ 876, /* "owner" */ 935, /* "pSpecified" */ @@ -3866,6 +4358,7 @@ static const unsigned int ln_objs[NUM_LN] = { 22, /* "pkcs7-signedData" */ 151, /* "pkcs8ShroudedKeyBag" */ 47, /* "pkcs9" */ + 1061, /* "poly1305" */ 862, /* "postOfficeBox" */ 861, /* "postalAddress" */ 661, /* "postalCode" */ @@ -3918,6 +4411,7 @@ static const unsigned int ln_objs[NUM_LN] = { 291, /* "sbgp-autonomousSysNum" */ 290, /* "sbgp-ipAddrBlock" */ 292, /* "sbgp-routerIdentifier" */ + 973, /* "scrypt" */ 159, /* "sdsiCertificate" */ 859, /* "searchGuide" */ 704, /* "secp112r1" */ @@ -4085,14 +4579,36 @@ static const unsigned int ln_objs[NUM_LN] = { 671, /* "sha224WithRSAEncryption" */ 672, /* "sha256" */ 668, /* "sha256WithRSAEncryption" */ + 1096, /* "sha3-224" */ + 1097, /* "sha3-256" */ + 1098, /* "sha3-384" */ + 1099, /* "sha3-512" */ 673, /* "sha384" */ 669, /* "sha384WithRSAEncryption" */ 674, /* "sha512" */ + 1094, /* "sha512-224" */ + 1145, /* "sha512-224WithRSAEncryption" */ + 1095, /* "sha512-256" */ + 1146, /* "sha512-256WithRSAEncryption" */ 670, /* "sha512WithRSAEncryption" */ 42, /* "shaWithRSAEncryption" */ + 1100, /* "shake128" */ + 1101, /* "shake256" */ 52, /* "signingTime" */ 454, /* "simpleSecurityObject" */ 496, /* "singleLevelQuality" */ + 1062, /* "siphash" */ + 1142, /* "sm-scheme" */ + 1172, /* "sm2" */ + 1143, /* "sm3" */ + 1144, /* "sm3WithRSAEncryption" */ + 1134, /* "sm4-cbc" */ + 1137, /* "sm4-cfb" */ + 1136, /* "sm4-cfb1" */ + 1138, /* "sm4-cfb8" */ + 1139, /* "sm4-ctr" */ + 1133, /* "sm4-ecb" */ + 1135, /* "sm4-ofb" */ 16, /* "stateOrProvinceName" */ 660, /* "streetAddress" */ 498, /* "subtreeMaximumQuality" */ @@ -4108,6 +4624,7 @@ static const unsigned int ln_objs[NUM_LN] = { 106, /* "title" */ 1021, /* "tls1-prf" */ 682, /* "tpBasis" */ + 1151, /* "ua-pki" */ 436, /* "ucl" */ 0, /* "undefined" */ 102, /* "uniqueIdentifier" */ @@ -4140,7 +4657,7 @@ static const unsigned int ln_objs[NUM_LN] = { 125, /* "zlib compression" */ }; -#define NUM_OBJ 956 +#define NUM_OBJ 1071 static const unsigned int obj_objs[NUM_OBJ] = { 0, /* OBJ_undef 0 */ 181, /* OBJ_iso 1 */ @@ -4155,16 +4672,21 @@ static const unsigned int obj_objs[NUM_OBJ] = { 11, /* OBJ_X500 2 5 */ 647, /* OBJ_international_organizations 2 23 */ 380, /* OBJ_dod 1 3 6 */ + 1170, /* OBJ_ieee 1 3 111 */ 12, /* OBJ_X509 2 5 4 */ 378, /* OBJ_X500algorithms 2 5 8 */ 81, /* OBJ_id_ce 2 5 29 */ 512, /* OBJ_id_set 2 23 42 */ 678, /* OBJ_wap 2 23 43 */ 435, /* OBJ_pss 0 9 2342 */ + 1140, /* OBJ_ISO_CN 1 2 156 */ + 1150, /* OBJ_ISO_UA 1 2 804 */ 183, /* OBJ_ISO_US 1 2 840 */ 381, /* OBJ_iana 1 3 6 1 */ 1034, /* OBJ_X25519 1 3 101 110 */ 1035, /* OBJ_X448 1 3 101 111 */ + 1087, /* OBJ_ED25519 1 3 101 112 */ + 1088, /* OBJ_ED448 1 3 101 113 */ 677, /* OBJ_certicom_arc 1 3 132 */ 394, /* OBJ_selected_attribute_types 2 5 1 5 */ 13, /* OBJ_commonName 2 5 4 3 */ @@ -4221,6 +4743,10 @@ static const unsigned int obj_objs[NUM_OBJ] = { 892, /* OBJ_dmdName 2 5 4 54 */ 510, /* OBJ_pseudonym 2 5 4 65 */ 400, /* OBJ_role 2 5 4 72 */ + 1089, /* OBJ_organizationIdentifier 2 5 4 97 */ + 1090, /* OBJ_countryCode3c 2 5 4 98 */ + 1091, /* OBJ_countryCode3n 2 5 4 99 */ + 1092, /* OBJ_dnsName 2 5 4 100 */ 769, /* OBJ_subject_directory_attributes 2 5 29 9 */ 82, /* OBJ_subject_key_identifier 2 5 29 14 */ 83, /* OBJ_key_usage 2 5 29 15 */ @@ -4378,6 +4904,7 @@ static const unsigned int obj_objs[NUM_OBJ] = { 637, /* OBJ_set_brand_Diners 2 23 42 8 30 */ 638, /* OBJ_set_brand_AmericanExpress 2 23 42 8 34 */ 639, /* OBJ_set_brand_JCB 2 23 42 8 35 */ + 1141, /* OBJ_oscca 1 2 156 10197 */ 805, /* OBJ_cryptopro 1 2 643 2 2 */ 806, /* OBJ_cryptocom 1 2 643 2 9 */ 974, /* OBJ_id_tc26 1 2 643 7 1 */ @@ -4404,7 +4931,9 @@ static const unsigned int obj_objs[NUM_OBJ] = { 70, /* OBJ_dsaWithSHA1_2 1 3 14 3 2 27 */ 115, /* OBJ_sha1WithRSA 1 3 14 3 2 29 */ 117, /* OBJ_ripemd160 1 3 36 3 2 1 */ + 1093, /* OBJ_x509ExtAdmission 1 3 36 8 3 3 */ 143, /* OBJ_sxnet 1 3 101 1 4 1 */ + 1171, /* OBJ_ieee_siswg 1 3 111 2 1619 */ 721, /* OBJ_sect163k1 1 3 132 0 1 */ 722, /* OBJ_sect163r1 1 3 132 0 2 */ 728, /* OBJ_sect239k1 1 3 132 0 3 */ @@ -4456,6 +4985,7 @@ static const unsigned int obj_objs[NUM_OBJ] = { 744, /* OBJ_wap_wsg_idm_ecid_wtls11 2 23 43 1 4 11 */ 745, /* OBJ_wap_wsg_idm_ecid_wtls12 2 23 43 1 4 12 */ 804, /* OBJ_whirlpool 1 0 10118 3 0 55 */ + 1142, /* OBJ_sm_scheme 1 2 156 10197 1 */ 773, /* OBJ_kisa 1 2 410 200004 */ 807, /* OBJ_id_GostR3411_94_with_GostR3410_2001 1 2 643 2 2 3 */ 808, /* OBJ_id_GostR3411_94_with_GostR3410_94 1 2 643 2 2 4 */ @@ -4527,9 +5057,11 @@ static const unsigned int obj_objs[NUM_OBJ] = { 987, /* OBJ_id_tc26_mac 1 2 643 7 1 1 4 */ 990, /* OBJ_id_tc26_cipher 1 2 643 7 1 1 5 */ 991, /* OBJ_id_tc26_agreement 1 2 643 7 1 1 6 */ + 1179, /* OBJ_id_tc26_wrap 1 2 643 7 1 1 7 */ 995, /* OBJ_id_tc26_sign_constants 1 2 643 7 1 2 1 */ 1000, /* OBJ_id_tc26_digest_constants 1 2 643 7 1 2 2 */ 1001, /* OBJ_id_tc26_cipher_constants 1 2 643 7 1 2 5 */ + 1151, /* OBJ_ua_pki 1 2 804 2 1 1 1 */ 2, /* OBJ_pkcs 1 2 840 113549 1 */ 431, /* OBJ_hold_instruction_none 1 2 840 10040 2 1 */ 432, /* OBJ_hold_instruction_call_issuer 1 2 840 10040 2 2 */ @@ -4585,6 +5117,16 @@ static const unsigned int obj_objs[NUM_OBJ] = { 971, /* OBJ_camellia_256_ctr 0 3 4401 5 3 1 9 49 */ 972, /* OBJ_camellia_256_cmac 0 3 4401 5 3 1 9 50 */ 437, /* OBJ_pilot 0 9 2342 19200300 100 */ + 1133, /* OBJ_sm4_ecb 1 2 156 10197 1 104 1 */ + 1134, /* OBJ_sm4_cbc 1 2 156 10197 1 104 2 */ + 1135, /* OBJ_sm4_ofb128 1 2 156 10197 1 104 3 */ + 1137, /* OBJ_sm4_cfb128 1 2 156 10197 1 104 4 */ + 1136, /* OBJ_sm4_cfb1 1 2 156 10197 1 104 5 */ + 1138, /* OBJ_sm4_cfb8 1 2 156 10197 1 104 6 */ + 1139, /* OBJ_sm4_ctr 1 2 156 10197 1 104 7 */ + 1172, /* OBJ_sm2 1 2 156 10197 1 301 */ + 1143, /* OBJ_sm3 1 2 156 10197 1 401 */ + 1144, /* OBJ_sm3WithRSAEncryption 1 2 156 10197 1 504 */ 776, /* OBJ_seed_ecb 1 2 410 200004 1 3 */ 777, /* OBJ_seed_cbc 1 2 410 200004 1 4 */ 779, /* OBJ_seed_cfb128 1 2 410 200004 1 5 */ @@ -4604,8 +5146,13 @@ static const unsigned int obj_objs[NUM_OBJ] = { 986, /* OBJ_id_tc26_signwithdigest_gost3410_2012_512 1 2 643 7 1 1 3 3 */ 988, /* OBJ_id_tc26_hmac_gost_3411_2012_256 1 2 643 7 1 1 4 1 */ 989, /* OBJ_id_tc26_hmac_gost_3411_2012_512 1 2 643 7 1 1 4 2 */ + 1173, /* OBJ_id_tc26_cipher_gostr3412_2015_magma 1 2 643 7 1 1 5 1 */ + 1176, /* OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik 1 2 643 7 1 1 5 2 */ 992, /* OBJ_id_tc26_agreement_gost_3410_2012_256 1 2 643 7 1 1 6 1 */ 993, /* OBJ_id_tc26_agreement_gost_3410_2012_512 1 2 643 7 1 1 6 2 */ + 1180, /* OBJ_id_tc26_wrap_gostr3412_2015_magma 1 2 643 7 1 1 7 1 */ + 1182, /* OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik 1 2 643 7 1 1 7 2 */ + 1147, /* OBJ_id_tc26_gost_3410_2012_256_constants 1 2 643 7 1 2 1 1 */ 996, /* OBJ_id_tc26_gost_3410_2012_512_constants 1 2 643 7 1 2 1 2 */ 1002, /* OBJ_id_tc26_gost_28147_constants 1 2 643 7 1 2 5 1 */ 186, /* OBJ_pkcs1 1 2 840 113549 1 1 */ @@ -4622,6 +5169,8 @@ static const unsigned int obj_objs[NUM_OBJ] = { 799, /* OBJ_hmacWithSHA256 1 2 840 113549 2 9 */ 800, /* OBJ_hmacWithSHA384 1 2 840 113549 2 10 */ 801, /* OBJ_hmacWithSHA512 1 2 840 113549 2 11 */ + 1193, /* OBJ_hmacWithSHA512_224 1 2 840 113549 2 12 */ + 1194, /* OBJ_hmacWithSHA512_256 1 2 840 113549 2 13 */ 37, /* OBJ_rc2_cbc 1 2 840 113549 3 2 */ 5, /* OBJ_rc4 1 2 840 113549 3 4 */ 44, /* OBJ_des_ede3_cbc 1 2 840 113549 3 7 */ @@ -4710,6 +5259,8 @@ static const unsigned int obj_objs[NUM_OBJ] = { 1028, /* OBJ_sendProxiedRouter 1 3 6 1 5 5 7 3 24 */ 1029, /* OBJ_sendOwner 1 3 6 1 5 5 7 3 25 */ 1030, /* OBJ_sendProxiedOwner 1 3 6 1 5 5 7 3 26 */ + 1131, /* OBJ_cmcCA 1 3 6 1 5 5 7 3 27 */ + 1132, /* OBJ_cmcRA 1 3 6 1 5 5 7 3 28 */ 298, /* OBJ_id_it_caProtEncCert 1 3 6 1 5 5 7 4 1 */ 299, /* OBJ_id_it_signKeyPairTypes 1 3 6 1 5 5 7 4 2 */ 300, /* OBJ_id_it_encKeyPairTypes 1 3 6 1 5 5 7 4 3 */ @@ -4779,15 +5330,49 @@ static const unsigned int obj_objs[NUM_OBJ] = { 785, /* OBJ_caRepository 1 3 6 1 5 5 7 48 5 */ 780, /* OBJ_hmac_md5 1 3 6 1 5 5 8 1 1 */ 781, /* OBJ_hmac_sha1 1 3 6 1 5 5 8 1 2 */ + 913, /* OBJ_aes_128_xts 1 3 111 2 1619 0 1 1 */ + 914, /* OBJ_aes_256_xts 1 3 111 2 1619 0 1 2 */ 58, /* OBJ_netscape_cert_extension 2 16 840 1 113730 1 */ 59, /* OBJ_netscape_data_type 2 16 840 1 113730 2 */ 438, /* OBJ_pilotAttributeType 0 9 2342 19200300 100 1 */ 439, /* OBJ_pilotAttributeSyntax 0 9 2342 19200300 100 3 */ 440, /* OBJ_pilotObjectClass 0 9 2342 19200300 100 4 */ 441, /* OBJ_pilotGroups 0 9 2342 19200300 100 10 */ + 1065, /* OBJ_aria_128_ecb 1 2 410 200046 1 1 1 */ + 1066, /* OBJ_aria_128_cbc 1 2 410 200046 1 1 2 */ + 1067, /* OBJ_aria_128_cfb128 1 2 410 200046 1 1 3 */ + 1068, /* OBJ_aria_128_ofb128 1 2 410 200046 1 1 4 */ + 1069, /* OBJ_aria_128_ctr 1 2 410 200046 1 1 5 */ + 1070, /* OBJ_aria_192_ecb 1 2 410 200046 1 1 6 */ + 1071, /* OBJ_aria_192_cbc 1 2 410 200046 1 1 7 */ + 1072, /* OBJ_aria_192_cfb128 1 2 410 200046 1 1 8 */ + 1073, /* OBJ_aria_192_ofb128 1 2 410 200046 1 1 9 */ + 1074, /* OBJ_aria_192_ctr 1 2 410 200046 1 1 10 */ + 1075, /* OBJ_aria_256_ecb 1 2 410 200046 1 1 11 */ + 1076, /* OBJ_aria_256_cbc 1 2 410 200046 1 1 12 */ + 1077, /* OBJ_aria_256_cfb128 1 2 410 200046 1 1 13 */ + 1078, /* OBJ_aria_256_ofb128 1 2 410 200046 1 1 14 */ + 1079, /* OBJ_aria_256_ctr 1 2 410 200046 1 1 15 */ + 1123, /* OBJ_aria_128_gcm 1 2 410 200046 1 1 34 */ + 1124, /* OBJ_aria_192_gcm 1 2 410 200046 1 1 35 */ + 1125, /* OBJ_aria_256_gcm 1 2 410 200046 1 1 36 */ + 1120, /* OBJ_aria_128_ccm 1 2 410 200046 1 1 37 */ + 1121, /* OBJ_aria_192_ccm 1 2 410 200046 1 1 38 */ + 1122, /* OBJ_aria_256_ccm 1 2 410 200046 1 1 39 */ + 1174, /* OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm 1 2 643 7 1 1 5 1 1 */ + 1175, /* OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac 1 2 643 7 1 1 5 1 2 */ + 1177, /* OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm 1 2 643 7 1 1 5 2 1 */ + 1178, /* OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac 1 2 643 7 1 1 5 2 2 */ + 1181, /* OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15 1 2 643 7 1 1 7 1 1 */ + 1183, /* OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 1 2 643 7 1 1 7 1 1 */ + 1148, /* OBJ_id_tc26_gost_3410_2012_256_paramSetA 1 2 643 7 1 2 1 1 1 */ + 1184, /* OBJ_id_tc26_gost_3410_2012_256_paramSetB 1 2 643 7 1 2 1 1 2 */ + 1185, /* OBJ_id_tc26_gost_3410_2012_256_paramSetC 1 2 643 7 1 2 1 1 3 */ + 1186, /* OBJ_id_tc26_gost_3410_2012_256_paramSetD 1 2 643 7 1 2 1 1 4 */ 997, /* OBJ_id_tc26_gost_3410_2012_512_paramSetTest 1 2 643 7 1 2 1 2 0 */ 998, /* OBJ_id_tc26_gost_3410_2012_512_paramSetA 1 2 643 7 1 2 1 2 1 */ 999, /* OBJ_id_tc26_gost_3410_2012_512_paramSetB 1 2 643 7 1 2 1 2 2 */ + 1149, /* OBJ_id_tc26_gost_3410_2012_512_paramSetC 1 2 643 7 1 2 1 2 3 */ 1003, /* OBJ_id_tc26_gost_28147_param_Z 1 2 643 7 1 2 5 1 1 */ 108, /* OBJ_cast5_cbc 1 2 840 113533 7 66 10 */ 112, /* OBJ_pbeWithMD5AndCast5_CBC 1 2 840 113533 7 66 12 */ @@ -4807,6 +5392,8 @@ static const unsigned int obj_objs[NUM_OBJ] = { 669, /* OBJ_sha384WithRSAEncryption 1 2 840 113549 1 1 12 */ 670, /* OBJ_sha512WithRSAEncryption 1 2 840 113549 1 1 13 */ 671, /* OBJ_sha224WithRSAEncryption 1 2 840 113549 1 1 14 */ + 1145, /* OBJ_sha512_224WithRSAEncryption 1 2 840 113549 1 1 15 */ + 1146, /* OBJ_sha512_256WithRSAEncryption 1 2 840 113549 1 1 16 */ 28, /* OBJ_dhKeyAgreement 1 2 840 113549 1 3 1 */ 9, /* OBJ_pbeWithMD2AndDES_CBC 1 2 840 113549 1 5 1 */ 10, /* OBJ_pbeWithMD5AndDES_CBC 1 2 840 113549 1 5 3 */ @@ -4908,8 +5495,34 @@ static const unsigned int obj_objs[NUM_OBJ] = { 673, /* OBJ_sha384 2 16 840 1 101 3 4 2 2 */ 674, /* OBJ_sha512 2 16 840 1 101 3 4 2 3 */ 675, /* OBJ_sha224 2 16 840 1 101 3 4 2 4 */ + 1094, /* OBJ_sha512_224 2 16 840 1 101 3 4 2 5 */ + 1095, /* OBJ_sha512_256 2 16 840 1 101 3 4 2 6 */ + 1096, /* OBJ_sha3_224 2 16 840 1 101 3 4 2 7 */ + 1097, /* OBJ_sha3_256 2 16 840 1 101 3 4 2 8 */ + 1098, /* OBJ_sha3_384 2 16 840 1 101 3 4 2 9 */ + 1099, /* OBJ_sha3_512 2 16 840 1 101 3 4 2 10 */ + 1100, /* OBJ_shake128 2 16 840 1 101 3 4 2 11 */ + 1101, /* OBJ_shake256 2 16 840 1 101 3 4 2 12 */ + 1102, /* OBJ_hmac_sha3_224 2 16 840 1 101 3 4 2 13 */ + 1103, /* OBJ_hmac_sha3_256 2 16 840 1 101 3 4 2 14 */ + 1104, /* OBJ_hmac_sha3_384 2 16 840 1 101 3 4 2 15 */ + 1105, /* OBJ_hmac_sha3_512 2 16 840 1 101 3 4 2 16 */ 802, /* OBJ_dsa_with_SHA224 2 16 840 1 101 3 4 3 1 */ 803, /* OBJ_dsa_with_SHA256 2 16 840 1 101 3 4 3 2 */ + 1106, /* OBJ_dsa_with_SHA384 2 16 840 1 101 3 4 3 3 */ + 1107, /* OBJ_dsa_with_SHA512 2 16 840 1 101 3 4 3 4 */ + 1108, /* OBJ_dsa_with_SHA3_224 2 16 840 1 101 3 4 3 5 */ + 1109, /* OBJ_dsa_with_SHA3_256 2 16 840 1 101 3 4 3 6 */ + 1110, /* OBJ_dsa_with_SHA3_384 2 16 840 1 101 3 4 3 7 */ + 1111, /* OBJ_dsa_with_SHA3_512 2 16 840 1 101 3 4 3 8 */ + 1112, /* OBJ_ecdsa_with_SHA3_224 2 16 840 1 101 3 4 3 9 */ + 1113, /* OBJ_ecdsa_with_SHA3_256 2 16 840 1 101 3 4 3 10 */ + 1114, /* OBJ_ecdsa_with_SHA3_384 2 16 840 1 101 3 4 3 11 */ + 1115, /* OBJ_ecdsa_with_SHA3_512 2 16 840 1 101 3 4 3 12 */ + 1116, /* OBJ_RSA_SHA3_224 2 16 840 1 101 3 4 3 13 */ + 1117, /* OBJ_RSA_SHA3_256 2 16 840 1 101 3 4 3 14 */ + 1118, /* OBJ_RSA_SHA3_384 2 16 840 1 101 3 4 3 15 */ + 1119, /* OBJ_RSA_SHA3_512 2 16 840 1 101 3 4 3 16 */ 71, /* OBJ_netscape_cert_type 2 16 840 1 113730 1 1 */ 72, /* OBJ_netscape_base_url 2 16 840 1 113730 1 2 */ 73, /* OBJ_netscape_revocation_url 2 16 840 1 113730 1 3 */ @@ -4984,6 +5597,9 @@ static const unsigned int obj_objs[NUM_OBJ] = { 455, /* OBJ_pilotOrganization 0 9 2342 19200300 100 4 20 */ 456, /* OBJ_pilotDSA 0 9 2342 19200300 100 4 21 */ 457, /* OBJ_qualityLabelledData 0 9 2342 19200300 100 4 22 */ + 1152, /* OBJ_dstu28147 1 2 804 2 1 1 1 1 1 1 */ + 1156, /* OBJ_hmacWithDstu34311 1 2 804 2 1 1 1 1 1 2 */ + 1157, /* OBJ_dstu34311 1 2 804 2 1 1 1 1 2 1 */ 189, /* OBJ_id_smime_mod 1 2 840 113549 1 9 16 0 */ 190, /* OBJ_id_smime_ct 1 2 840 113549 1 9 16 1 */ 191, /* OBJ_id_smime_aa 1 2 840 113549 1 9 16 2 */ @@ -5018,6 +5634,10 @@ static const unsigned int obj_objs[NUM_OBJ] = { 907, /* OBJ_id_camellia128_wrap 1 2 392 200011 61 1 1 3 2 */ 908, /* OBJ_id_camellia192_wrap 1 2 392 200011 61 1 1 3 3 */ 909, /* OBJ_id_camellia256_wrap 1 2 392 200011 61 1 1 3 4 */ + 1153, /* OBJ_dstu28147_ofb 1 2 804 2 1 1 1 1 1 1 2 */ + 1154, /* OBJ_dstu28147_cfb 1 2 804 2 1 1 1 1 1 1 3 */ + 1155, /* OBJ_dstu28147_wrap 1 2 804 2 1 1 1 1 1 1 5 */ + 1158, /* OBJ_dstu4145le 1 2 804 2 1 1 1 1 3 1 1 */ 196, /* OBJ_id_smime_mod_cms 1 2 840 113549 1 9 16 0 1 */ 197, /* OBJ_id_smime_mod_ess 1 2 840 113549 1 9 16 0 2 */ 198, /* OBJ_id_smime_mod_oid 1 2 840 113549 1 9 16 0 3 */ @@ -5068,6 +5688,7 @@ static const unsigned int obj_objs[NUM_OBJ] = { 238, /* OBJ_id_smime_aa_ets_archiveTimeStamp 1 2 840 113549 1 9 16 2 27 */ 239, /* OBJ_id_smime_aa_signatureType 1 2 840 113549 1 9 16 2 28 */ 240, /* OBJ_id_smime_aa_dvcs_dvc 1 2 840 113549 1 9 16 2 29 */ + 1086, /* OBJ_id_smime_aa_signingCertificateV2 1 2 840 113549 1 9 16 2 47 */ 241, /* OBJ_id_smime_alg_ESDHwith3DES 1 2 840 113549 1 9 16 3 1 */ 242, /* OBJ_id_smime_alg_ESDHwithRC2 1 2 840 113549 1 9 16 3 2 */ 243, /* OBJ_id_smime_alg_3DESwrap 1 2 840 113549 1 9 16 3 3 */ @@ -5098,4 +5719,15 @@ static const unsigned int obj_objs[NUM_OBJ] = { 957, /* OBJ_jurisdictionCountryName 1 3 6 1 4 1 311 60 2 1 3 */ 1056, /* OBJ_blake2b512 1 3 6 1 4 1 1722 12 2 1 16 */ 1057, /* OBJ_blake2s256 1 3 6 1 4 1 1722 12 2 2 8 */ + 1159, /* OBJ_dstu4145be 1 2 804 2 1 1 1 1 3 1 1 1 1 */ + 1160, /* OBJ_uacurve0 1 2 804 2 1 1 1 1 3 1 1 2 0 */ + 1161, /* OBJ_uacurve1 1 2 804 2 1 1 1 1 3 1 1 2 1 */ + 1162, /* OBJ_uacurve2 1 2 804 2 1 1 1 1 3 1 1 2 2 */ + 1163, /* OBJ_uacurve3 1 2 804 2 1 1 1 1 3 1 1 2 3 */ + 1164, /* OBJ_uacurve4 1 2 804 2 1 1 1 1 3 1 1 2 4 */ + 1165, /* OBJ_uacurve5 1 2 804 2 1 1 1 1 3 1 1 2 5 */ + 1166, /* OBJ_uacurve6 1 2 804 2 1 1 1 1 3 1 1 2 6 */ + 1167, /* OBJ_uacurve7 1 2 804 2 1 1 1 1 3 1 1 2 7 */ + 1168, /* OBJ_uacurve8 1 2 804 2 1 1 1 1 3 1 1 2 8 */ + 1169, /* OBJ_uacurve9 1 2 804 2 1 1 1 1 3 1 1 2 9 */ }; diff --git a/deps/openssl/openssl/crypto/objects/obj_dat.pl b/deps/openssl/openssl/crypto/objects/obj_dat.pl index 1cb3d1c9af5ec1..e80900d09d2687 100644 --- a/deps/openssl/openssl/crypto/objects/obj_dat.pl +++ b/deps/openssl/openssl/crypto/objects/obj_dat.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -36,6 +36,10 @@ sub der_it return $ret; } +# Output year depends on the year of the script and the input file. +my $YEAR = [localtime([stat($0)]->[9])]->[5] + 1900; +my $iYEAR = [localtime([stat($ARGV[0])]->[9])]->[5] + 1900; +$YEAR = $iYEAR if $iYEAR > $YEAR; # Read input, parse all #define's into OID name and value. # Populate %ln and %sn with long and short names (%dupln and %dupsn) @@ -148,13 +152,12 @@ sub der_it } # Finally ready to generate the output. -open(OUT, ">$ARGV[1]") || die "Can't open output file $ARGV[1], $!"; -print OUT <<'EOF'; +print <<"EOF"; /* * WARNING: do not edit! * Generated by crypto/objects/obj_dat.pl * - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-$YEAR The OpenSSL Project Authors. All Rights Reserved. * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at @@ -163,44 +166,44 @@ sub der_it EOF -print OUT "/* Serialized OID's */\n"; -printf OUT "static const unsigned char so[%d] = {\n", $lvalues + 1; -print OUT @lvalues; -print OUT "};\n\n"; +print "/* Serialized OID's */\n"; +printf "static const unsigned char so[%d] = {\n", $lvalues + 1; +print @lvalues; +print "};\n\n"; -printf OUT "#define NUM_NID %d\n", $n; -printf OUT "static const ASN1_OBJECT nid_objs[NUM_NID] = {\n"; -print OUT @out; -print OUT "};\n\n"; +printf "#define NUM_NID %d\n", $n; +printf "static const ASN1_OBJECT nid_objs[NUM_NID] = {\n"; +print @out; +print "};\n\n"; { no warnings "uninitialized"; @a = grep(defined $sn{$nid{$_}}, 0 .. $n); } -printf OUT "#define NUM_SN %d\n", $#a + 1; -printf OUT "static const unsigned int sn_objs[NUM_SN] = {\n"; +printf "#define NUM_SN %d\n", $#a + 1; +printf "static const unsigned int sn_objs[NUM_SN] = {\n"; foreach (sort { $sn{$nid{$a}} cmp $sn{$nid{$b}} } @a) { - printf OUT " %4d, /* \"$sn{$nid{$_}}\" */\n", $_; + printf " %4d, /* \"$sn{$nid{$_}}\" */\n", $_; } -print OUT "};\n\n"; +print "};\n\n"; { no warnings "uninitialized"; @a = grep(defined $ln{$nid{$_}}, 0 .. $n); } -printf OUT "#define NUM_LN %d\n", $#a + 1; -printf OUT "static const unsigned int ln_objs[NUM_LN] = {\n"; +printf "#define NUM_LN %d\n", $#a + 1; +printf "static const unsigned int ln_objs[NUM_LN] = {\n"; foreach (sort { $ln{$nid{$a}} cmp $ln{$nid{$b}} } @a) { - printf OUT " %4d, /* \"$ln{$nid{$_}}\" */\n", $_; + printf " %4d, /* \"$ln{$nid{$_}}\" */\n", $_; } -print OUT "};\n\n"; +print "};\n\n"; { no warnings "uninitialized"; @a = grep(defined $obj{$nid{$_}}, 0 .. $n); } -printf OUT "#define NUM_OBJ %d\n", $#a + 1; -printf OUT "static const unsigned int obj_objs[NUM_OBJ] = {\n"; +printf "#define NUM_OBJ %d\n", $#a + 1; +printf "static const unsigned int obj_objs[NUM_OBJ] = {\n"; # Compare DER; prefer shorter; if some length, use the "smaller" encoding. sub obj_cmp @@ -220,8 +223,6 @@ sub obj_cmp my $v = $objd{$m}; $v =~ s/L//g; $v =~ s/,/ /g; - printf OUT " %4d, /* %-32s %s */\n", $_, $m, $v; + printf " %4d, /* %-32s %s */\n", $_, $m, $v; } -print OUT "};\n"; - -close OUT; +print "};\n"; diff --git a/deps/openssl/openssl/crypto/objects/obj_err.c b/deps/openssl/openssl/crypto/objects/obj_err.c index 4677b67367bdc9..be4f11ca208b0e 100644 --- a/deps/openssl/openssl/crypto/objects/obj_err.c +++ b/deps/openssl/openssl/crypto/objects/obj_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,30 +8,27 @@ * https://www.openssl.org/source/license.html */ -#include #include -#include +#include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -# define ERR_FUNC(func) ERR_PACK(ERR_LIB_OBJ,func,0) -# define ERR_REASON(reason) ERR_PACK(ERR_LIB_OBJ,0,reason) - -static ERR_STRING_DATA OBJ_str_functs[] = { - {ERR_FUNC(OBJ_F_OBJ_ADD_OBJECT), "OBJ_add_object"}, - {ERR_FUNC(OBJ_F_OBJ_CREATE), "OBJ_create"}, - {ERR_FUNC(OBJ_F_OBJ_DUP), "OBJ_dup"}, - {ERR_FUNC(OBJ_F_OBJ_NAME_NEW_INDEX), "OBJ_NAME_new_index"}, - {ERR_FUNC(OBJ_F_OBJ_NID2LN), "OBJ_nid2ln"}, - {ERR_FUNC(OBJ_F_OBJ_NID2OBJ), "OBJ_nid2obj"}, - {ERR_FUNC(OBJ_F_OBJ_NID2SN), "OBJ_nid2sn"}, +static const ERR_STRING_DATA OBJ_str_functs[] = { + {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_ADD_OBJECT, 0), "OBJ_add_object"}, + {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_ADD_SIGID, 0), "OBJ_add_sigid"}, + {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_CREATE, 0), "OBJ_create"}, + {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_DUP, 0), "OBJ_dup"}, + {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_NAME_NEW_INDEX, 0), "OBJ_NAME_new_index"}, + {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_NID2LN, 0), "OBJ_nid2ln"}, + {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_NID2OBJ, 0), "OBJ_nid2obj"}, + {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_NID2SN, 0), "OBJ_nid2sn"}, + {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_TXT2OBJ, 0), "OBJ_txt2obj"}, {0, NULL} }; -static ERR_STRING_DATA OBJ_str_reasons[] = { - {ERR_REASON(OBJ_R_OID_EXISTS), "oid exists"}, - {ERR_REASON(OBJ_R_UNKNOWN_NID), "unknown nid"}, +static const ERR_STRING_DATA OBJ_str_reasons[] = { + {ERR_PACK(ERR_LIB_OBJ, 0, OBJ_R_OID_EXISTS), "oid exists"}, + {ERR_PACK(ERR_LIB_OBJ, 0, OBJ_R_UNKNOWN_NID), "unknown nid"}, {0, NULL} }; @@ -40,10 +37,9 @@ static ERR_STRING_DATA OBJ_str_reasons[] = { int ERR_load_OBJ_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(OBJ_str_functs[0].error) == NULL) { - ERR_load_strings(0, OBJ_str_functs); - ERR_load_strings(0, OBJ_str_reasons); + ERR_load_strings_const(OBJ_str_functs); + ERR_load_strings_const(OBJ_str_reasons); } #endif return 1; diff --git a/deps/openssl/openssl/crypto/objects/obj_lib.c b/deps/openssl/openssl/crypto/objects/obj_lib.c index 33075e6451742b..acbdeec2c9806b 100644 --- a/deps/openssl/openssl/crypto/objects/obj_lib.c +++ b/deps/openssl/openssl/crypto/objects/obj_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,7 +9,6 @@ #include #include "internal/cryptlib.h" -#include #include #include #include "internal/asn1_int.h" @@ -22,12 +21,12 @@ ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o) return NULL; /* If object isn't dynamic it's an internal OID which is never freed */ if (!(o->flags & ASN1_OBJECT_FLAG_DYNAMIC)) - return ((ASN1_OBJECT *)o); + return (ASN1_OBJECT *)o; r = ASN1_OBJECT_new(); if (r == NULL) { OBJerr(OBJ_F_OBJ_DUP, ERR_R_ASN1_LIB); - return (NULL); + return NULL; } /* Set dynamic flags so everything gets freed up on error */ @@ -61,6 +60,6 @@ int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b) ret = (a->length - b->length); if (ret) - return (ret); - return (memcmp(a->data, b->data, a->length)); + return ret; + return memcmp(a->data, b->data, a->length); } diff --git a/deps/openssl/openssl/crypto/objects/obj_mac.num b/deps/openssl/openssl/crypto/objects/obj_mac.num index a5995a513b08ae..1b6a9c61a1c873 100644 --- a/deps/openssl/openssl/crypto/objects/obj_mac.num +++ b/deps/openssl/openssl/crypto/objects/obj_mac.num @@ -1058,3 +1058,137 @@ blake2s256 1057 id_smime_ct_contentCollection 1058 id_smime_ct_authEnvelopedData 1059 id_ct_xml 1060 +poly1305 1061 +siphash 1062 +kx_any 1063 +auth_any 1064 +aria_128_ecb 1065 +aria_128_cbc 1066 +aria_128_cfb128 1067 +aria_128_ofb128 1068 +aria_128_ctr 1069 +aria_192_ecb 1070 +aria_192_cbc 1071 +aria_192_cfb128 1072 +aria_192_ofb128 1073 +aria_192_ctr 1074 +aria_256_ecb 1075 +aria_256_cbc 1076 +aria_256_cfb128 1077 +aria_256_ofb128 1078 +aria_256_ctr 1079 +aria_128_cfb1 1080 +aria_192_cfb1 1081 +aria_256_cfb1 1082 +aria_128_cfb8 1083 +aria_192_cfb8 1084 +aria_256_cfb8 1085 +id_smime_aa_signingCertificateV2 1086 +ED25519 1087 +ED448 1088 +organizationIdentifier 1089 +countryCode3c 1090 +countryCode3n 1091 +dnsName 1092 +x509ExtAdmission 1093 +sha512_224 1094 +sha512_256 1095 +sha3_224 1096 +sha3_256 1097 +sha3_384 1098 +sha3_512 1099 +shake128 1100 +shake256 1101 +hmac_sha3_224 1102 +hmac_sha3_256 1103 +hmac_sha3_384 1104 +hmac_sha3_512 1105 +dsa_with_SHA384 1106 +dsa_with_SHA512 1107 +dsa_with_SHA3_224 1108 +dsa_with_SHA3_256 1109 +dsa_with_SHA3_384 1110 +dsa_with_SHA3_512 1111 +ecdsa_with_SHA3_224 1112 +ecdsa_with_SHA3_256 1113 +ecdsa_with_SHA3_384 1114 +ecdsa_with_SHA3_512 1115 +RSA_SHA3_224 1116 +RSA_SHA3_256 1117 +RSA_SHA3_384 1118 +RSA_SHA3_512 1119 +aria_128_ccm 1120 +aria_192_ccm 1121 +aria_256_ccm 1122 +aria_128_gcm 1123 +aria_192_gcm 1124 +aria_256_gcm 1125 +ffdhe2048 1126 +ffdhe3072 1127 +ffdhe4096 1128 +ffdhe6144 1129 +ffdhe8192 1130 +cmcCA 1131 +cmcRA 1132 +sm4_ecb 1133 +sm4_cbc 1134 +sm4_ofb128 1135 +sm4_cfb1 1136 +sm4_cfb128 1137 +sm4_cfb8 1138 +sm4_ctr 1139 +ISO_CN 1140 +oscca 1141 +sm_scheme 1142 +sm3 1143 +sm3WithRSAEncryption 1144 +sha512_224WithRSAEncryption 1145 +sha512_256WithRSAEncryption 1146 +id_tc26_gost_3410_2012_256_constants 1147 +id_tc26_gost_3410_2012_256_paramSetA 1148 +id_tc26_gost_3410_2012_512_paramSetC 1149 +ISO_UA 1150 +ua_pki 1151 +dstu28147 1152 +dstu28147_ofb 1153 +dstu28147_cfb 1154 +dstu28147_wrap 1155 +hmacWithDstu34311 1156 +dstu34311 1157 +dstu4145le 1158 +dstu4145be 1159 +uacurve0 1160 +uacurve1 1161 +uacurve2 1162 +uacurve3 1163 +uacurve4 1164 +uacurve5 1165 +uacurve6 1166 +uacurve7 1167 +uacurve8 1168 +uacurve9 1169 +ieee 1170 +ieee_siswg 1171 +sm2 1172 +id_tc26_cipher_gostr3412_2015_magma 1173 +id_tc26_cipher_gostr3412_2015_magma_ctracpkm 1174 +id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac 1175 +id_tc26_cipher_gostr3412_2015_kuznyechik 1176 +id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm 1177 +id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac 1178 +id_tc26_wrap 1179 +id_tc26_wrap_gostr3412_2015_magma 1180 +id_tc26_wrap_gostr3412_2015_magma_kexp15 1181 +id_tc26_wrap_gostr3412_2015_kuznyechik 1182 +id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 1183 +id_tc26_gost_3410_2012_256_paramSetB 1184 +id_tc26_gost_3410_2012_256_paramSetC 1185 +id_tc26_gost_3410_2012_256_paramSetD 1186 +magma_ecb 1187 +magma_ctr 1188 +magma_ofb 1189 +magma_cbc 1190 +magma_cfb 1191 +magma_mac 1192 +hmacWithSHA512_224 1193 +hmacWithSHA512_256 1194 diff --git a/deps/openssl/openssl/crypto/objects/obj_xref.c b/deps/openssl/openssl/crypto/objects/obj_xref.c index 627f5bca2fb9b9..faf59eb20c8307 100644 --- a/deps/openssl/openssl/crypto/objects/obj_xref.c +++ b/deps/openssl/openssl/crypto/objects/obj_xref.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,7 +9,8 @@ #include #include "obj_xref.h" -#include "e_os.h" +#include "internal/nelem.h" +#include static STACK_OF(nid_triple) *sig_app, *sigx_app; @@ -45,10 +46,9 @@ int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid) const nid_triple *rv = NULL; tmp.sign_id = signid; - if (sig_app) { + if (sig_app != NULL) { int idx = sk_nid_triple_find(sig_app, &tmp); - if (idx >= 0) - rv = sk_nid_triple_value(sig_app, idx); + rv = sk_nid_triple_value(sig_app, idx); } #ifndef OBJ_XREF_TEST2 if (rv == NULL) { @@ -103,9 +103,10 @@ int OBJ_add_sigid(int signid, int dig_id, int pkey_id) sigx_app = sk_nid_triple_new(sigx_cmp); if (sigx_app == NULL) return 0; - ntr = OPENSSL_malloc(sizeof(*ntr)); - if (ntr == NULL) + if ((ntr = OPENSSL_malloc(sizeof(*ntr))) == NULL) { + OBJerr(OBJ_F_OBJ_ADD_SIGID, ERR_R_MALLOC_FAILURE); return 0; + } ntr->sign_id = signid; ntr->hash_id = dig_id; ntr->pkey_id = pkey_id; @@ -136,30 +137,3 @@ void OBJ_sigid_free(void) sk_nid_triple_free(sigx_app); sigx_app = NULL; } - -#ifdef OBJ_XREF_TEST - -main() -{ - int n1, n2, n3; - - int i, rv; -# ifdef OBJ_XREF_TEST2 - for (i = 0; i < OSSL_NELEM(sigoid_srt); i++) { - OBJ_add_sigid(sigoid_srt[i][0], sigoid_srt[i][1], sigoid_srt[i][2]); - } -# endif - - for (i = 0; i < OSSL_NELEM(sigoid_srt); i++) { - n1 = sigoid_srt[i][0]; - rv = OBJ_find_sigid_algs(n1, &n2, &n3); - printf("Forward: %d, %s %s %s\n", rv, - OBJ_nid2ln(n1), OBJ_nid2ln(n2), OBJ_nid2ln(n3)); - n1 = 0; - rv = OBJ_find_sigid_by_algs(&n1, n2, n3); - printf("Reverse: %d, %s %s %s\n", rv, - OBJ_nid2ln(n1), OBJ_nid2ln(n2), OBJ_nid2ln(n3)); - } -} - -#endif diff --git a/deps/openssl/openssl/crypto/objects/obj_xref.h b/deps/openssl/openssl/crypto/objects/obj_xref.h index d09aa71f4e2dd2..9606e57d6191e4 100644 --- a/deps/openssl/openssl/crypto/objects/obj_xref.h +++ b/deps/openssl/openssl/crypto/objects/obj_xref.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by objxref.pl * - * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -73,6 +73,12 @@ static const nid_triple sigoid_srt[] = { NID_id_GostR3410_2012_256}, {NID_id_tc26_signwithdigest_gost3410_2012_512, NID_id_GostR3411_2012_512, NID_id_GostR3410_2012_512}, + {NID_ED25519, NID_undef, NID_ED25519}, + {NID_ED448, NID_undef, NID_ED448}, + {NID_RSA_SHA3_224, NID_sha3_224, NID_rsaEncryption}, + {NID_RSA_SHA3_256, NID_sha3_256, NID_rsaEncryption}, + {NID_RSA_SHA3_384, NID_sha3_384, NID_rsaEncryption}, + {NID_RSA_SHA3_512, NID_sha3_512, NID_rsaEncryption}, }; static const nid_triple *const sigoid_srt_xref[] = { @@ -115,4 +121,8 @@ static const nid_triple *const sigoid_srt_xref[] = { &sigoid_srt[28], &sigoid_srt[40], &sigoid_srt[41], + &sigoid_srt[44], + &sigoid_srt[45], + &sigoid_srt[46], + &sigoid_srt[47], }; diff --git a/deps/openssl/openssl/crypto/objects/obj_xref.txt b/deps/openssl/openssl/crypto/objects/obj_xref.txt index 981103b36d7f6b..ca3e74461d6c7e 100644 --- a/deps/openssl/openssl/crypto/objects/obj_xref.txt +++ b/deps/openssl/openssl/crypto/objects/obj_xref.txt @@ -13,10 +13,16 @@ sha512WithRSAEncryption sha512 rsaEncryption sha224WithRSAEncryption sha224 rsaEncryption mdc2WithRSA mdc2 rsaEncryption ripemd160WithRSA ripemd160 rsaEncryption +RSA_SHA3_224 sha3_224 rsaEncryption +RSA_SHA3_256 sha3_256 rsaEncryption +RSA_SHA3_384 sha3_384 rsaEncryption +RSA_SHA3_512 sha3_512 rsaEncryption # For PSS the digest algorithm can vary and depends on the included # AlgorithmIdentifier. The digest "undef" indicates the public key # method should handle this explicitly. rsassaPss undef rsaEncryption +ED25519 undef ED25519 +ED448 undef ED448 # Alternative deprecated OIDs. By using the older "rsa" OID this # type will be recognized by not normally used. diff --git a/deps/openssl/openssl/crypto/objects/objects.pl b/deps/openssl/openssl/crypto/objects/objects.pl index 3b40277a23e670..8f9b67f95991ad 100644 --- a/deps/openssl/openssl/crypto/objects/objects.pl +++ b/deps/openssl/openssl/crypto/objects/objects.pl @@ -1,11 +1,23 @@ #! /usr/bin/env perl -# Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy # in the file LICENSE in the source distribution or at # https://www.openssl.org/source/license.html +use Getopt::Std; + +our($opt_n); +getopts('n'); + +# Output year depends on the year of the script and the input file. +my $YEAR = [localtime([stat($0)]->[9])]->[5] + 1900; +my $iYEAR = [localtime([stat($ARGV[0])]->[9])]->[5] + 1900; +$YEAR = $iYEAR if $iYEAR > $YEAR; +$iYEAR = [localtime([stat($ARGV[1])]->[9])]->[5] + 1900; +$YEAR = $iYEAR if $iYEAR > $YEAR; + open (NUMIN,"$ARGV[1]") || die "Can't open number file $ARGV[1]"; $max_nid=0; $o=0; @@ -116,20 +128,20 @@ } close IN; -open (NUMOUT,">$ARGV[1]") || die "Can't open output file $ARGV[1]"; -foreach (sort { $a <=> $b } keys %nidn) - { - print NUMOUT $nidn{$_},"\t\t",$_,"\n"; - } -close NUMOUT; +if ( $opt_n ) { + foreach (sort { $a <=> $b } keys %nidn) + { + print $nidn{$_},"\t\t",$_,"\n"; + } + exit; +} -open (OUT,">$ARGV[2]") || die "Can't open output file $ARGV[2]"; -print OUT <<'EOF'; +print <<"EOF"; /* * WARNING: do not edit! * Generated by crypto/objects/objects.pl * - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-$YEAR The OpenSSL Project Authors. All Rights Reserved. * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at @@ -154,15 +166,13 @@ sub expand foreach (sort { $a <=> $b } keys %ordern) { $Cname=$ordern{$_}; - print OUT "\n"; - print OUT expand("#define SN_$Cname\t\t\"$sn{$Cname}\"\n") if $sn{$Cname} ne ""; - print OUT expand("#define LN_$Cname\t\t\"$ln{$Cname}\"\n") if $ln{$Cname} ne ""; - print OUT expand("#define NID_$Cname\t\t$nid{$Cname}\n") if $nid{$Cname} ne ""; - print OUT expand("#define OBJ_$Cname\t\t$obj{$Cname}\n") if $obj{$Cname} ne ""; + print "\n"; + print expand("#define SN_$Cname\t\t\"$sn{$Cname}\"\n") if $sn{$Cname} ne ""; + print expand("#define LN_$Cname\t\t\"$ln{$Cname}\"\n") if $ln{$Cname} ne ""; + print expand("#define NID_$Cname\t\t$nid{$Cname}\n") if $nid{$Cname} ne ""; + print expand("#define OBJ_$Cname\t\t$obj{$Cname}\n") if $obj{$Cname} ne ""; } -close OUT; - sub process_oid { local($oid)=@_; diff --git a/deps/openssl/openssl/crypto/objects/objects.txt b/deps/openssl/openssl/crypto/objects/objects.txt index fc0781d1c9f059..6dbc41ce372711 100644 --- a/deps/openssl/openssl/crypto/objects/objects.txt +++ b/deps/openssl/openssl/crypto/objects/objects.txt @@ -15,8 +15,14 @@ iso 3 : identified-organization identified-organization 6 1 5 5 8 1 1 : HMAC-MD5 : hmac-md5 identified-organization 6 1 5 5 8 1 2 : HMAC-SHA1 : hmac-sha1 +# "1.3.36.8.3.3" +identified-organization 36 8 3 3 : x509ExtAdmission : Professional Information or basis for Admission + identified-organization 132 : certicom-arc +identified-organization 111 : ieee +ieee 2 1619 : ieee-siswg : IEEE Security in Storage Working Group + joint-iso-itu-t 23 : international-organizations : International Organizations international-organizations 43 : wap @@ -30,6 +36,10 @@ member-body 840 : ISO-US : ISO US Member Body ISO-US 10040 : X9-57 : X9.57 X9-57 4 : X9cm : X9.57 CM ? +member-body 156 : ISO-CN : ISO CN Member Body +ISO-CN 10197 : oscca +oscca 1 : sm-scheme + !Cname dsa X9cm 1 : DSA : dsaEncryption X9cm 3 : DSA-SHA1 : dsaWithSHA1 @@ -175,6 +185,8 @@ pkcs1 11 : RSA-SHA256 : sha256WithRSAEncryption pkcs1 12 : RSA-SHA384 : sha384WithRSAEncryption pkcs1 13 : RSA-SHA512 : sha512WithRSAEncryption pkcs1 14 : RSA-SHA224 : sha224WithRSAEncryption +pkcs1 15 : RSA-SHA512/224 : sha512-224WithRSAEncryption +pkcs1 16 : RSA-SHA512/256 : sha512-256WithRSAEncryption pkcs 3 : pkcs3 pkcs3 1 : : dhKeyAgreement @@ -294,6 +306,7 @@ id-smime-aa 26 : id-smime-aa-ets-certCRLTimestamp id-smime-aa 27 : id-smime-aa-ets-archiveTimeStamp id-smime-aa 28 : id-smime-aa-signatureType id-smime-aa 29 : id-smime-aa-dvcs-dvc +id-smime-aa 47 : id-smime-aa-signingCertificateV2 # S/MIME Algorithm Identifiers # obsolete @@ -367,12 +380,21 @@ rsadsi 2 5 : MD5 : md5 rsadsi 2 6 : : hmacWithMD5 rsadsi 2 7 : : hmacWithSHA1 +sm-scheme 301 : SM2 : sm2 + +sm-scheme 401 : SM3 : sm3 +sm-scheme 504 : RSA-SM3 : sm3WithRSAEncryption + # From RFC4231 rsadsi 2 8 : : hmacWithSHA224 rsadsi 2 9 : : hmacWithSHA256 rsadsi 2 10 : : hmacWithSHA384 rsadsi 2 11 : : hmacWithSHA512 +# From RFC8018 +rsadsi 2 12 : : hmacWithSHA512-224 +rsadsi 2 13 : : hmacWithSHA512-256 + rsadsi 3 2 : RC2-CBC : rc2-cbc : RC2-ECB : rc2-ecb !Cname rc2-cfb64 @@ -512,6 +534,8 @@ id-kp 23 : sendRouter : Send Router id-kp 24 : sendProxiedRouter : Send Proxied Router id-kp 25 : sendOwner : Send Owner id-kp 26 : sendProxiedOwner : Send Proxied Owner +id-kp 27 : cmcCA : CMC Certificate Authority +id-kp 28 : cmcRA : CMC Registration Authority # CMP information types id-it 1 : id-it-caProtEncCert @@ -575,7 +599,7 @@ id-cmc 19 : id-cmc-responseInfo id-cmc 21 : id-cmc-queryPending id-cmc 22 : id-cmc-popLinkRandom id-cmc 23 : id-cmc-popLinkWitness -id-cmc 24 : id-cmc-confirmCertAcceptance +id-cmc 24 : id-cmc-confirmCertAcceptance # other names id-on 1 : id-on-personalData @@ -737,6 +761,11 @@ X509 53 : : deltaRevocationList X509 54 : dmdName : X509 65 : : pseudonym X509 72 : role : role +X509 97 : : organizationIdentifier +X509 98 : c3 : countryCode3c +X509 99 : n3 : countryCode3n +X509 100 : : dnsName + X500 8 : X500algorithms : directory services - algorithms X500algorithms 1 1 : RSA : rsa @@ -841,7 +870,7 @@ internet 6 : snmpv2 : SNMPv2 # Documents refer to "internet 7" as "mail". This however leads to ambiguities # with RFC2798, Section 9.1.3, where "mail" is defined as the short name for # rfc822Mailbox. The short name is therefore here left out for a reason. -# Subclasses of "mail", e.g. "MIME MHS" don't consitute a problem, as +# Subclasses of "mail", e.g. "MIME MHS" don't constitute a problem, as # references are realized via long name "Mail" (with capital M). internet 7 : : Mail @@ -900,6 +929,9 @@ aes 46 : id-aes256-GCM : aes-256-gcm aes 47 : id-aes256-CCM : aes-256-ccm aes 48 : id-aes256-wrap-pad +ieee-siswg 0 1 1 : AES-128-XTS : aes-128-xts +ieee-siswg 0 1 2 : AES-256-XTS : aes-256-xts + # There are no OIDs for these modes... : AES-128-CFB1 : aes-128-cfb1 @@ -914,24 +946,57 @@ aes 48 : id-aes256-wrap-pad : AES-128-OCB : aes-128-ocb : AES-192-OCB : aes-192-ocb : AES-256-OCB : aes-256-ocb - : AES-128-XTS : aes-128-xts - : AES-256-XTS : aes-256-xts : DES-CFB1 : des-cfb1 : DES-CFB8 : des-cfb8 : DES-EDE3-CFB1 : des-ede3-cfb1 : DES-EDE3-CFB8 : des-ede3-cfb8 -# OIDs for SHA224, SHA256, SHA385 and SHA512, according to x9.84. +# OIDs for SHA224, SHA256, SHA385 and SHA512, according to x9.84 and +# http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html +# "Middle" names are specified to be id-sha256, id-sha384, etc., but +# we adhere to unprefixed capitals for backward compatibility... !Alias nist_hashalgs nistAlgorithms 2 nist_hashalgs 1 : SHA256 : sha256 nist_hashalgs 2 : SHA384 : sha384 nist_hashalgs 3 : SHA512 : sha512 nist_hashalgs 4 : SHA224 : sha224 +nist_hashalgs 5 : SHA512-224 : sha512-224 +nist_hashalgs 6 : SHA512-256 : sha512-256 +nist_hashalgs 7 : SHA3-224 : sha3-224 +nist_hashalgs 8 : SHA3-256 : sha3-256 +nist_hashalgs 9 : SHA3-384 : sha3-384 +nist_hashalgs 10 : SHA3-512 : sha3-512 +nist_hashalgs 11 : SHAKE128 : shake128 +nist_hashalgs 12 : SHAKE256 : shake256 +nist_hashalgs 13 : id-hmacWithSHA3-224 : hmac-sha3-224 +nist_hashalgs 14 : id-hmacWithSHA3-256 : hmac-sha3-256 +nist_hashalgs 15 : id-hmacWithSHA3-384 : hmac-sha3-384 +nist_hashalgs 16 : id-hmacWithSHA3-512 : hmac-sha3-512 +# Below two are incomplete OIDs, to be uncommented when we figure out +# how to handle them... +# nist_hashalgs 17 : id-shake128-len : shake128-len +# nist_hashalgs 18 : id-shake256-len : shake256-len # OIDs for dsa-with-sha224 and dsa-with-sha256 !Alias dsa_with_sha2 nistAlgorithms 3 dsa_with_sha2 1 : dsa_with_SHA224 dsa_with_sha2 2 : dsa_with_SHA256 +# Above two belong below, but kept as they are for backward compatibility +!Alias sigAlgs nistAlgorithms 3 +sigAlgs 3 : id-dsa-with-sha384 : dsa_with_SHA384 +sigAlgs 4 : id-dsa-with-sha512 : dsa_with_SHA512 +sigAlgs 5 : id-dsa-with-sha3-224 : dsa_with_SHA3-224 +sigAlgs 6 : id-dsa-with-sha3-256 : dsa_with_SHA3-256 +sigAlgs 7 : id-dsa-with-sha3-384 : dsa_with_SHA3-384 +sigAlgs 8 : id-dsa-with-sha3-512 : dsa_with_SHA3-512 +sigAlgs 9 : id-ecdsa-with-sha3-224 : ecdsa_with_SHA3-224 +sigAlgs 10 : id-ecdsa-with-sha3-256 : ecdsa_with_SHA3-256 +sigAlgs 11 : id-ecdsa-with-sha3-384 : ecdsa_with_SHA3-384 +sigAlgs 12 : id-ecdsa-with-sha3-512 : ecdsa_with_SHA3-512 +sigAlgs 13 : id-rsassa-pkcs1-v1_5-with-sha3-224 : RSA-SHA3-224 +sigAlgs 14 : id-rsassa-pkcs1-v1_5-with-sha3-256 : RSA-SHA3-256 +sigAlgs 15 : id-rsassa-pkcs1-v1_5-with-sha3-384 : RSA-SHA3-384 +sigAlgs 16 : id-rsassa-pkcs1-v1_5-with-sha3-512 : RSA-SHA3-512 # Hold instruction CRL entry extension !Cname hold-instruction-code @@ -1278,18 +1343,36 @@ id-tc26-mac 1 : id-tc26-hmac-gost-3411-2012-256 : HMAC GOST 34.11-2012 256 bit id-tc26-mac 2 : id-tc26-hmac-gost-3411-2012-512 : HMAC GOST 34.11-2012 512 bit id-tc26-algorithms 5 : id-tc26-cipher +id-tc26-cipher 1 : id-tc26-cipher-gostr3412-2015-magma +id-tc26-cipher-gostr3412-2015-magma 1 : id-tc26-cipher-gostr3412-2015-magma-ctracpkm +id-tc26-cipher-gostr3412-2015-magma 2 : id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac +id-tc26-cipher 2 : id-tc26-cipher-gostr3412-2015-kuznyechik +id-tc26-cipher-gostr3412-2015-kuznyechik 1 : id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm +id-tc26-cipher-gostr3412-2015-kuznyechik 2 : id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac id-tc26-algorithms 6 : id-tc26-agreement id-tc26-agreement 1 : id-tc26-agreement-gost-3410-2012-256 id-tc26-agreement 2 : id-tc26-agreement-gost-3410-2012-512 +id-tc26-algorithms 7 : id-tc26-wrap +id-tc26-wrap 1 : id-tc26-wrap-gostr3412-2015-magma +id-tc26-wrap-gostr3412-2015-magma 1 : id-tc26-wrap-gostr3412-2015-magma-kexp15 +id-tc26-wrap 2 : id-tc26-wrap-gostr3412-2015-kuznyechik +id-tc26-wrap-gostr3412-2015-magma 1 : id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15 + id-tc26 2 : id-tc26-constants id-tc26-constants 1 : id-tc26-sign-constants +id-tc26-sign-constants 1: id-tc26-gost-3410-2012-256-constants +id-tc26-gost-3410-2012-256-constants 1 : id-tc26-gost-3410-2012-256-paramSetA: GOST R 34.10-2012 (256 bit) ParamSet A +id-tc26-gost-3410-2012-256-constants 2 : id-tc26-gost-3410-2012-256-paramSetB: GOST R 34.10-2012 (256 bit) ParamSet B +id-tc26-gost-3410-2012-256-constants 3 : id-tc26-gost-3410-2012-256-paramSetC: GOST R 34.10-2012 (256 bit) ParamSet C +id-tc26-gost-3410-2012-256-constants 4 : id-tc26-gost-3410-2012-256-paramSetD: GOST R 34.10-2012 (256 bit) ParamSet D id-tc26-sign-constants 2: id-tc26-gost-3410-2012-512-constants id-tc26-gost-3410-2012-512-constants 0 : id-tc26-gost-3410-2012-512-paramSetTest: GOST R 34.10-2012 (512 bit) testing parameter set id-tc26-gost-3410-2012-512-constants 1 : id-tc26-gost-3410-2012-512-paramSetA: GOST R 34.10-2012 (512 bit) ParamSet A id-tc26-gost-3410-2012-512-constants 2 : id-tc26-gost-3410-2012-512-paramSetB: GOST R 34.10-2012 (512 bit) ParamSet B +id-tc26-gost-3410-2012-512-constants 3 : id-tc26-gost-3410-2012-512-paramSetC: GOST R 34.10-2012 (512 bit) ParamSet C id-tc26-constants 2 : id-tc26-digest-constants id-tc26-constants 5 : id-tc26-cipher-constants @@ -1310,6 +1393,14 @@ member-body 643 100 112 : issuerSignTool : Signing Tool of Issuer : grasshopper-cfb : grasshopper-mac +#GOST R34.13-2015 Magma + : magma-ecb + : magma-ctr + : magma-ofb + : magma-cbc + : magma-cfb + : magma-mac + # Definitions for Camellia cipher - CBC MODE 1 2 392 200011 61 1 1 1 2 : CAMELLIA-128-CBC : camellia-128-cbc @@ -1322,7 +1413,7 @@ member-body 643 100 112 : issuerSignTool : Signing Tool of Issuer # Definitions for Camellia cipher - ECB, CFB, OFB MODE !Alias ntt-ds 0 3 4401 5 -!Alias camellia ntt-ds 3 1 9 +!Alias camellia ntt-ds 3 1 9 camellia 1 : CAMELLIA-128-ECB : camellia-128-ecb !Cname camellia-128-ofb128 @@ -1363,6 +1454,48 @@ camellia 50 : CAMELLIA-256-CMAC : camellia-256-cmac : CAMELLIA-192-CFB8 : camellia-192-cfb8 : CAMELLIA-256-CFB8 : camellia-256-cfb8 +# Definitions for ARIA cipher + +!Alias aria 1 2 410 200046 1 1 +aria 1 : ARIA-128-ECB : aria-128-ecb +aria 2 : ARIA-128-CBC : aria-128-cbc +!Cname aria-128-cfb128 +aria 3 : ARIA-128-CFB : aria-128-cfb +!Cname aria-128-ofb128 +aria 4 : ARIA-128-OFB : aria-128-ofb +aria 5 : ARIA-128-CTR : aria-128-ctr + +aria 6 : ARIA-192-ECB : aria-192-ecb +aria 7 : ARIA-192-CBC : aria-192-cbc +!Cname aria-192-cfb128 +aria 8 : ARIA-192-CFB : aria-192-cfb +!Cname aria-192-ofb128 +aria 9 : ARIA-192-OFB : aria-192-ofb +aria 10 : ARIA-192-CTR : aria-192-ctr + +aria 11 : ARIA-256-ECB : aria-256-ecb +aria 12 : ARIA-256-CBC : aria-256-cbc +!Cname aria-256-cfb128 +aria 13 : ARIA-256-CFB : aria-256-cfb +!Cname aria-256-ofb128 +aria 14 : ARIA-256-OFB : aria-256-ofb +aria 15 : ARIA-256-CTR : aria-256-ctr + +# There are no OIDs for these ARIA modes... + : ARIA-128-CFB1 : aria-128-cfb1 + : ARIA-192-CFB1 : aria-192-cfb1 + : ARIA-256-CFB1 : aria-256-cfb1 + : ARIA-128-CFB8 : aria-128-cfb8 + : ARIA-192-CFB8 : aria-192-cfb8 + : ARIA-256-CFB8 : aria-256-cfb8 + +aria 37 : ARIA-128-CCM : aria-128-ccm +aria 38 : ARIA-192-CCM : aria-192-ccm +aria 39 : ARIA-256-CCM : aria-256-ccm +aria 34 : ARIA-128-GCM : aria-128-gcm +aria 35 : ARIA-192-GCM : aria-192-gcm +aria 36 : ARIA-256-GCM : aria-256-gcm + # Definitions for SEED cipher - ECB, CBC, OFB mode member-body 410 200004 : KISA : kisa @@ -1373,6 +1506,19 @@ kisa 1 5 : SEED-CFB : seed-cfb !Cname seed-ofb128 kisa 1 6 : SEED-OFB : seed-ofb + +# Definitions for SM4 cipher + +sm-scheme 104 1 : SM4-ECB : sm4-ecb +sm-scheme 104 2 : SM4-CBC : sm4-cbc +!Cname sm4-ofb128 +sm-scheme 104 3 : SM4-OFB : sm4-ofb +!Cname sm4-cfb128 +sm-scheme 104 4 : SM4-CFB : sm4-cfb +sm-scheme 104 5 : SM4-CFB1 : sm4-cfb1 +sm-scheme 104 6 : SM4-CFB8 : sm4-cfb8 +sm-scheme 104 7 : SM4-CTR : sm4-ctr + # There is no OID that just denotes "HMAC" oddly enough... : HMAC : hmac @@ -1394,7 +1540,7 @@ ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH # RFC 5639 curve OIDs (see http://www.ietf.org/rfc/rfc5639.txt) # versionOne OBJECT IDENTIFIER ::= { -# iso(1) identifified-organization(3) teletrust(36) algorithm(3) +# iso(1) identified-organization(3) teletrust(36) algorithm(3) # signature-algorithm(3) ecSign(2) ecStdCurvesAndGeneration(8) # ellipticCurve(1) 1 } 1 3 36 3 3 2 8 1 1 1 : brainpoolP160r1 @@ -1410,7 +1556,7 @@ ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH 1 3 36 3 3 2 8 1 1 11 : brainpoolP384r1 1 3 36 3 3 2 8 1 1 12 : brainpoolP384t1 1 3 36 3 3 2 8 1 1 13 : brainpoolP512r1 -1 3 36 3 3 2 8 1 1 14 : brainpoolP512t1 +1 3 36 3 3 2 8 1 1 14 : brainpoolP512t1 # ECDH schemes from RFC5753 !Alias x9-63-scheme 1 3 133 16 840 63 0 @@ -1445,7 +1591,8 @@ secg-scheme 14 3 : dhSinglePass-cofactorDH-sha512kdf-scheme 1 3 6 1 4 1 311 60 2 1 3 : jurisdictionC : jurisdictionCountryName # SCRYPT algorithm -1 3 6 1 4 1 11591 4 11 : id-scrypt +!Cname id-scrypt +1 3 6 1 4 1 11591 4 11 : id-scrypt : scrypt # NID for TLS1 PRF : TLS1-PRF : tls1-prf @@ -1458,9 +1605,12 @@ secg-scheme 14 3 : dhSinglePass-cofactorDH-sha512kdf-scheme id-pkinit 4 : pkInitClientAuth : PKINIT Client Auth id-pkinit 5 : pkInitKDC : Signing KDC Response -# New curves from draft-ietf-curdle-pkix-00 +# From RFC8410 1 3 101 110 : X25519 1 3 101 111 : X448 +1 3 101 112 : ED25519 +1 3 101 113 : ED448 + # NIDs for cipher key exchange : KxRSA : kx-rsa @@ -1472,6 +1622,7 @@ id-pkinit 5 : pkInitKDC : Signing KDC Response : KxPSK : kx-psk : KxSRP : kx-srp : KxGOST : kx-gost + : KxANY : kx-any # NIDs for cipher authentication : AuthRSA : auth-rsa @@ -1482,4 +1633,45 @@ id-pkinit 5 : pkInitKDC : Signing KDC Response : AuthGOST12 : auth-gost12 : AuthSRP : auth-srp : AuthNULL : auth-null - + : AuthANY : auth-any +# NID for Poly1305 + : Poly1305 : poly1305 +# NID for SipHash + : SipHash : siphash + +# NIDs for RFC7919 DH parameters + : ffdhe2048 + : ffdhe3072 + : ffdhe4096 + : ffdhe6144 + : ffdhe8192 + +# OIDs for DSTU-4145/DSTU-7564 (http://zakon2.rada.gov.ua/laws/show/z0423-17) + +# DSTU OIDs +member-body 804 : ISO-UA +ISO-UA 2 1 1 1 : ua-pki +ua-pki 1 1 1 : dstu28147 : DSTU Gost 28147-2009 +dstu28147 2 : dstu28147-ofb : DSTU Gost 28147-2009 OFB mode +dstu28147 3 : dstu28147-cfb : DSTU Gost 28147-2009 CFB mode +dstu28147 5 : dstu28147-wrap : DSTU Gost 28147-2009 key wrap + +ua-pki 1 1 2 : hmacWithDstu34311 : HMAC DSTU Gost 34311-95 +ua-pki 1 2 1 : dstu34311 : DSTU Gost 34311-95 + +ua-pki 1 3 1 1 : dstu4145le : DSTU 4145-2002 little endian +dstu4145le 1 1 : dstu4145be : DSTU 4145-2002 big endian + +# 1.2.804. 2.1.1.1 1.3.1.1 .2.6 +# UA ua-pki 4145 le +# DSTU named curves +dstu4145le 2 0 : uacurve0 : DSTU curve 0 +dstu4145le 2 1 : uacurve1 : DSTU curve 1 +dstu4145le 2 2 : uacurve2 : DSTU curve 2 +dstu4145le 2 3 : uacurve3 : DSTU curve 3 +dstu4145le 2 4 : uacurve4 : DSTU curve 4 +dstu4145le 2 5 : uacurve5 : DSTU curve 5 +dstu4145le 2 6 : uacurve6 : DSTU curve 6 +dstu4145le 2 7 : uacurve7 : DSTU curve 7 +dstu4145le 2 8 : uacurve8 : DSTU curve 8 +dstu4145le 2 9 : uacurve9 : DSTU curve 9 diff --git a/deps/openssl/openssl/crypto/objects/objxref.pl b/deps/openssl/openssl/crypto/objects/objxref.pl index 53f9bd604c3866..0ec63f067e3cfb 100644 --- a/deps/openssl/openssl/crypto/objects/objxref.pl +++ b/deps/openssl/openssl/crypto/objects/objxref.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -14,6 +14,13 @@ my ($mac_file, $xref_file) = @ARGV; +# Output year depends on the year of the script and the input file. +my $YEAR = [localtime([stat($0)]->[9])]->[5] + 1900; +my $iYEAR = [localtime([stat($mac_file)]->[9])]->[5] + 1900; +$YEAR = $iYEAR if $iYEAR > $YEAR; +$iYEAR = [localtime([stat($xref_file)]->[9])]->[5] + 1900; +$YEAR = $iYEAR if $iYEAR > $YEAR; + open(IN, $mac_file) || die "Can't open $mac_file, $!\n"; # Read in OID nid values for a lookup table. @@ -71,7 +78,7 @@ * WARNING: do not edit! * Generated by $pname * - * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-$YEAR The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/crypto/ocsp/ocsp_cl.c b/deps/openssl/openssl/crypto/ocsp/ocsp_cl.c index b638694e2d72c7..739ac01807a07a 100644 --- a/deps/openssl/openssl/crypto/ocsp/ocsp_cl.c +++ b/deps/openssl/openssl/crypto/ocsp/ocsp_cl.c @@ -10,6 +10,7 @@ #include #include #include "internal/cryptlib.h" +#include #include #include #include @@ -209,9 +210,9 @@ const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs) int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, const ASN1_OCTET_STRING **pid, const X509_NAME **pname) - { const OCSP_RESPID *rid = &bs->tbsResponseData.responderId; + if (rid->type == V_OCSP_RESPID_NAME) { *pname = rid->value.byName; *pid = NULL; @@ -224,6 +225,26 @@ int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, return 1; } +int OCSP_resp_get1_id(const OCSP_BASICRESP *bs, + ASN1_OCTET_STRING **pid, + X509_NAME **pname) +{ + const OCSP_RESPID *rid = &bs->tbsResponseData.responderId; + + if (rid->type == V_OCSP_RESPID_NAME) { + *pname = X509_NAME_dup(rid->value.byName); + *pid = NULL; + } else if (rid->type == V_OCSP_RESPID_KEY) { + *pid = ASN1_OCTET_STRING_dup(rid->value.byKey); + *pname = NULL; + } else { + return 0; + } + if (*pname == NULL && *pid == NULL) + return 0; + return 1; +} + /* Look single response matching a given certificate ID */ int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last) diff --git a/deps/openssl/openssl/crypto/ocsp/ocsp_err.c b/deps/openssl/openssl/crypto/ocsp/ocsp_err.c index a2d96e9c9f5b4f..660e193665c1ec 100644 --- a/deps/openssl/openssl/crypto/ocsp/ocsp_err.c +++ b/deps/openssl/openssl/crypto/ocsp/ocsp_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,71 +8,82 @@ * https://www.openssl.org/source/license.html */ -#include #include -#include +#include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -# define ERR_FUNC(func) ERR_PACK(ERR_LIB_OCSP,func,0) -# define ERR_REASON(reason) ERR_PACK(ERR_LIB_OCSP,0,reason) - -static ERR_STRING_DATA OCSP_str_functs[] = { - {ERR_FUNC(OCSP_F_D2I_OCSP_NONCE), "d2i_ocsp_nonce"}, - {ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS), "OCSP_basic_add1_status"}, - {ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN), "OCSP_basic_sign"}, - {ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY), "OCSP_basic_verify"}, - {ERR_FUNC(OCSP_F_OCSP_CERT_ID_NEW), "OCSP_cert_id_new"}, - {ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "ocsp_check_delegated"}, - {ERR_FUNC(OCSP_F_OCSP_CHECK_IDS), "ocsp_check_ids"}, - {ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER), "ocsp_check_issuer"}, - {ERR_FUNC(OCSP_F_OCSP_CHECK_VALIDITY), "OCSP_check_validity"}, - {ERR_FUNC(OCSP_F_OCSP_MATCH_ISSUERID), "ocsp_match_issuerid"}, - {ERR_FUNC(OCSP_F_OCSP_PARSE_URL), "OCSP_parse_url"}, - {ERR_FUNC(OCSP_F_OCSP_REQUEST_SIGN), "OCSP_request_sign"}, - {ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"}, - {ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"}, - {ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1), "parse_http_line1"}, +static const ERR_STRING_DATA OCSP_str_functs[] = { + {ERR_PACK(ERR_LIB_OCSP, OCSP_F_D2I_OCSP_NONCE, 0), "d2i_ocsp_nonce"}, + {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_BASIC_ADD1_STATUS, 0), + "OCSP_basic_add1_status"}, + {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_BASIC_SIGN, 0), "OCSP_basic_sign"}, + {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_BASIC_SIGN_CTX, 0), + "OCSP_basic_sign_ctx"}, + {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_BASIC_VERIFY, 0), "OCSP_basic_verify"}, + {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_CERT_ID_NEW, 0), "OCSP_cert_id_new"}, + {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_CHECK_DELEGATED, 0), + "ocsp_check_delegated"}, + {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_CHECK_IDS, 0), "ocsp_check_ids"}, + {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_CHECK_ISSUER, 0), "ocsp_check_issuer"}, + {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_CHECK_VALIDITY, 0), + "OCSP_check_validity"}, + {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_MATCH_ISSUERID, 0), + "ocsp_match_issuerid"}, + {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_PARSE_URL, 0), "OCSP_parse_url"}, + {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_REQUEST_SIGN, 0), "OCSP_request_sign"}, + {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_REQUEST_VERIFY, 0), + "OCSP_request_verify"}, + {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_RESPONSE_GET1_BASIC, 0), + "OCSP_response_get1_basic"}, + {ERR_PACK(ERR_LIB_OCSP, OCSP_F_PARSE_HTTP_LINE1, 0), "parse_http_line1"}, {0, NULL} }; -static ERR_STRING_DATA OCSP_str_reasons[] = { - {ERR_REASON(OCSP_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"}, - {ERR_REASON(OCSP_R_DIGEST_ERR), "digest err"}, - {ERR_REASON(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD), - "error in nextupdate field"}, - {ERR_REASON(OCSP_R_ERROR_IN_THISUPDATE_FIELD), - "error in thisupdate field"}, - {ERR_REASON(OCSP_R_ERROR_PARSING_URL), "error parsing url"}, - {ERR_REASON(OCSP_R_MISSING_OCSPSIGNING_USAGE), - "missing ocspsigning usage"}, - {ERR_REASON(OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE), - "nextupdate before thisupdate"}, - {ERR_REASON(OCSP_R_NOT_BASIC_RESPONSE), "not basic response"}, - {ERR_REASON(OCSP_R_NO_CERTIFICATES_IN_CHAIN), "no certificates in chain"}, - {ERR_REASON(OCSP_R_NO_RESPONSE_DATA), "no response data"}, - {ERR_REASON(OCSP_R_NO_REVOKED_TIME), "no revoked time"}, - {ERR_REASON(OCSP_R_NO_SIGNER_KEY), "no signer key"}, - {ERR_REASON(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), - "private key does not match certificate"}, - {ERR_REASON(OCSP_R_REQUEST_NOT_SIGNED), "request not signed"}, - {ERR_REASON(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA), - "response contains no revocation data"}, - {ERR_REASON(OCSP_R_ROOT_CA_NOT_TRUSTED), "root ca not trusted"}, - {ERR_REASON(OCSP_R_SERVER_RESPONSE_ERROR), "server response error"}, - {ERR_REASON(OCSP_R_SERVER_RESPONSE_PARSE_ERROR), - "server response parse error"}, - {ERR_REASON(OCSP_R_SIGNATURE_FAILURE), "signature failure"}, - {ERR_REASON(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND), - "signer certificate not found"}, - {ERR_REASON(OCSP_R_STATUS_EXPIRED), "status expired"}, - {ERR_REASON(OCSP_R_STATUS_NOT_YET_VALID), "status not yet valid"}, - {ERR_REASON(OCSP_R_STATUS_TOO_OLD), "status too old"}, - {ERR_REASON(OCSP_R_UNKNOWN_MESSAGE_DIGEST), "unknown message digest"}, - {ERR_REASON(OCSP_R_UNKNOWN_NID), "unknown nid"}, - {ERR_REASON(OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE), - "unsupported requestorname type"}, +static const ERR_STRING_DATA OCSP_str_reasons[] = { + {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_CERTIFICATE_VERIFY_ERROR), + "certificate verify error"}, + {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_DIGEST_ERR), "digest err"}, + {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_ERROR_IN_NEXTUPDATE_FIELD), + "error in nextupdate field"}, + {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_ERROR_IN_THISUPDATE_FIELD), + "error in thisupdate field"}, + {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_ERROR_PARSING_URL), "error parsing url"}, + {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_MISSING_OCSPSIGNING_USAGE), + "missing ocspsigning usage"}, + {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE), + "nextupdate before thisupdate"}, + {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NOT_BASIC_RESPONSE), + "not basic response"}, + {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NO_CERTIFICATES_IN_CHAIN), + "no certificates in chain"}, + {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NO_RESPONSE_DATA), "no response data"}, + {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NO_REVOKED_TIME), "no revoked time"}, + {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NO_SIGNER_KEY), "no signer key"}, + {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), + "private key does not match certificate"}, + {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_REQUEST_NOT_SIGNED), + "request not signed"}, + {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA), + "response contains no revocation data"}, + {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_ROOT_CA_NOT_TRUSTED), + "root ca not trusted"}, + {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_SERVER_RESPONSE_ERROR), + "server response error"}, + {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_SERVER_RESPONSE_PARSE_ERROR), + "server response parse error"}, + {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_SIGNATURE_FAILURE), "signature failure"}, + {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND), + "signer certificate not found"}, + {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_STATUS_EXPIRED), "status expired"}, + {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_STATUS_NOT_YET_VALID), + "status not yet valid"}, + {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_STATUS_TOO_OLD), "status too old"}, + {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_UNKNOWN_MESSAGE_DIGEST), + "unknown message digest"}, + {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_UNKNOWN_NID), "unknown nid"}, + {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE), + "unsupported requestorname type"}, {0, NULL} }; @@ -81,10 +92,9 @@ static ERR_STRING_DATA OCSP_str_reasons[] = { int ERR_load_OCSP_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(OCSP_str_functs[0].error) == NULL) { - ERR_load_strings(0, OCSP_str_functs); - ERR_load_strings(0, OCSP_str_reasons); + ERR_load_strings_const(OCSP_str_functs); + ERR_load_strings_const(OCSP_str_reasons); } #endif return 1; diff --git a/deps/openssl/openssl/crypto/ocsp/ocsp_ext.c b/deps/openssl/openssl/crypto/ocsp/ocsp_ext.c index b829b2e4e3cb43..27ee21245944a0 100644 --- a/deps/openssl/openssl/crypto/ocsp/ocsp_ext.c +++ b/deps/openssl/openssl/crypto/ocsp/ocsp_ext.c @@ -22,7 +22,7 @@ int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x) { - return (X509v3_get_ext_count(x->tbsRequest.requestExtensions)); + return X509v3_get_ext_count(x->tbsRequest.requestExtensions); } int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos) @@ -46,12 +46,12 @@ int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos) X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc) { - return (X509v3_get_ext(x->tbsRequest.requestExtensions, loc)); + return X509v3_get_ext(x->tbsRequest.requestExtensions, loc); } X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc) { - return (X509v3_delete_ext(x->tbsRequest.requestExtensions, loc)); + return X509v3_delete_ext(x->tbsRequest.requestExtensions, loc); } void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx) @@ -76,18 +76,18 @@ int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc) int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x) { - return (X509v3_get_ext_count(x->singleRequestExtensions)); + return X509v3_get_ext_count(x->singleRequestExtensions); } int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos) { - return (X509v3_get_ext_by_NID(x->singleRequestExtensions, nid, lastpos)); + return X509v3_get_ext_by_NID(x->singleRequestExtensions, nid, lastpos); } int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, const ASN1_OBJECT *obj, int lastpos) { - return (X509v3_get_ext_by_OBJ(x->singleRequestExtensions, obj, lastpos)); + return X509v3_get_ext_by_OBJ(x->singleRequestExtensions, obj, lastpos); } int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos) @@ -98,12 +98,12 @@ int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos) X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc) { - return (X509v3_get_ext(x->singleRequestExtensions, loc)); + return X509v3_get_ext(x->singleRequestExtensions, loc); } X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc) { - return (X509v3_delete_ext(x->singleRequestExtensions, loc)); + return X509v3_delete_ext(x->singleRequestExtensions, loc); } void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx) @@ -127,7 +127,7 @@ int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc) int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x) { - return (X509v3_get_ext_count(x->tbsResponseData.responseExtensions)); + return X509v3_get_ext_count(x->tbsResponseData.responseExtensions); } int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos) @@ -152,12 +152,12 @@ int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc) { - return (X509v3_get_ext(x->tbsResponseData.responseExtensions, loc)); + return X509v3_get_ext(x->tbsResponseData.responseExtensions, loc); } X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc) { - return (X509v3_delete_ext(x->tbsResponseData.responseExtensions, loc)); + return X509v3_delete_ext(x->tbsResponseData.responseExtensions, loc); } void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, @@ -184,34 +184,34 @@ int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc) int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x) { - return (X509v3_get_ext_count(x->singleExtensions)); + return X509v3_get_ext_count(x->singleExtensions); } int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos) { - return (X509v3_get_ext_by_NID(x->singleExtensions, nid, lastpos)); + return X509v3_get_ext_by_NID(x->singleExtensions, nid, lastpos); } int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, const ASN1_OBJECT *obj, int lastpos) { - return (X509v3_get_ext_by_OBJ(x->singleExtensions, obj, lastpos)); + return X509v3_get_ext_by_OBJ(x->singleExtensions, obj, lastpos); } int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, int lastpos) { - return (X509v3_get_ext_by_critical(x->singleExtensions, crit, lastpos)); + return X509v3_get_ext_by_critical(x->singleExtensions, crit, lastpos); } X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc) { - return (X509v3_get_ext(x->singleExtensions, loc)); + return X509v3_get_ext(x->singleExtensions, loc); } X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc) { - return (X509v3_delete_ext(x->singleExtensions, loc)); + return X509v3_delete_ext(x->singleExtensions, loc); } void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, diff --git a/deps/openssl/openssl/crypto/ocsp/ocsp_ht.c b/deps/openssl/openssl/crypto/ocsp/ocsp_ht.c index d8796ca6bf54cf..42c36864313534 100644 --- a/deps/openssl/openssl/crypto/ocsp/ocsp_ht.c +++ b/deps/openssl/openssl/crypto/ocsp/ocsp_ht.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,11 +7,11 @@ * https://www.openssl.org/source/license.html */ +#include "e_os.h" #include #include -#include +#include "internal/ctype.h" #include -#include "e_os.h" #include #include #include @@ -209,7 +209,7 @@ static int parse_http_line1(char *line) char *p, *q, *r; /* Skip to first white space (passed protocol info) */ - for (p = line; *p && !isspace((unsigned char)*p); p++) + for (p = line; *p && !ossl_isspace(*p); p++) continue; if (!*p) { OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_PARSE_ERROR); @@ -217,7 +217,7 @@ static int parse_http_line1(char *line) } /* Skip past white space to start of response code */ - while (*p && isspace((unsigned char)*p)) + while (*p && ossl_isspace(*p)) p++; if (!*p) { @@ -226,7 +226,7 @@ static int parse_http_line1(char *line) } /* Find end of response code: first whitespace after start of code */ - for (q = p; *q && !isspace((unsigned char)*q); q++) + for (q = p; *q && !ossl_isspace(*q); q++) continue; if (!*q) { @@ -244,7 +244,7 @@ static int parse_http_line1(char *line) return 0; /* Skip over any leading white space in message */ - while (*q && isspace((unsigned char)*q)) + while (*q && ossl_isspace(*q)) q++; if (*q) { @@ -253,7 +253,7 @@ static int parse_http_line1(char *line) */ /* We know q has a non white space character so this is OK */ - for (r = q + strlen(q) - 1; isspace((unsigned char)*r); r--) + for (r = q + strlen(q) - 1; ossl_isspace(*r); r--) *r = 0; } if (retcode != 200) { diff --git a/deps/openssl/openssl/crypto/ocsp/ocsp_lcl.h b/deps/openssl/openssl/crypto/ocsp/ocsp_lcl.h index d1cf1583f4b08c..36646fdfc97a78 100644 --- a/deps/openssl/openssl/crypto/ocsp/ocsp_lcl.h +++ b/deps/openssl/openssl/crypto/ocsp/ocsp_lcl.h @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -224,6 +224,10 @@ struct ocsp_service_locator_st { ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),&(o)->signatureAlgorithm,\ NULL,(o)->signature,&(o)->tbsResponseData,pkey,md) +# define OCSP_BASICRESP_sign_ctx(o,ctx,d) \ + ASN1_item_sign_ctx(ASN1_ITEM_rptr(OCSP_RESPDATA),&(o)->signatureAlgorithm,\ + NULL,(o)->signature,&(o)->tbsResponseData,ctx) + # define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\ &(a)->optionalSignature->signatureAlgorithm,\ (a)->optionalSignature->signature,&(a)->tbsRequest,r) diff --git a/deps/openssl/openssl/crypto/ocsp/ocsp_srv.c b/deps/openssl/openssl/crypto/ocsp/ocsp_srv.c index 46a4bf7852a3b4..6bd6f7b6d89283 100644 --- a/deps/openssl/openssl/crypto/ocsp/ocsp_srv.c +++ b/deps/openssl/openssl/crypto/ocsp/ocsp_srv.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -168,15 +168,28 @@ int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert) return 1; } -int OCSP_basic_sign(OCSP_BASICRESP *brsp, - X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, +/* + * Sign an OCSP response using the parameters contained in the digest context, + * set the responderID to the subject name in the signer's certificate, and + * include one or more optional certificates in the response. + */ + +int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp, + X509 *signer, EVP_MD_CTX *ctx, STACK_OF(X509) *certs, unsigned long flags) { int i; OCSP_RESPID *rid; + EVP_PKEY *pkey; - if (!X509_check_private_key(signer, key)) { - OCSPerr(OCSP_F_OCSP_BASIC_SIGN, + if (ctx == NULL || EVP_MD_CTX_pkey_ctx(ctx) == NULL) { + OCSPerr(OCSP_F_OCSP_BASIC_SIGN_CTX, OCSP_R_NO_SIGNER_KEY); + goto err; + } + + pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx)); + if (pkey == NULL || !X509_check_private_key(signer, pkey)) { + OCSPerr(OCSP_F_OCSP_BASIC_SIGN_CTX, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); goto err; } @@ -208,7 +221,7 @@ int OCSP_basic_sign(OCSP_BASICRESP *brsp, * -- Richard Levitte */ - if (!OCSP_BASICRESP_sign(brsp, key, dgst, 0)) + if (!OCSP_BASICRESP_sign_ctx(brsp, ctx, 0)) goto err; return 1; @@ -216,6 +229,26 @@ int OCSP_basic_sign(OCSP_BASICRESP *brsp, return 0; } +int OCSP_basic_sign(OCSP_BASICRESP *brsp, + X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, + STACK_OF(X509) *certs, unsigned long flags) +{ + EVP_MD_CTX *ctx = EVP_MD_CTX_new(); + EVP_PKEY_CTX *pkctx = NULL; + int i; + + if (ctx == NULL) + return 0; + + if (!EVP_DigestSignInit(ctx, &pkctx, dgst, NULL, key)) { + EVP_MD_CTX_free(ctx); + return 0; + } + i = OCSP_basic_sign_ctx(brsp, signer, ctx, certs, flags); + EVP_MD_CTX_free(ctx); + return i; +} + int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert) { if (!X509_NAME_set(&respid->value.byName, X509_get_subject_name(cert))) @@ -265,7 +298,7 @@ int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert) return (ASN1_STRING_length(respid->value.byKey) == SHA_DIGEST_LENGTH) && (memcmp(ASN1_STRING_get0_data(respid->value.byKey), md, SHA_DIGEST_LENGTH) == 0); - } else if(respid->type == V_OCSP_RESPID_NAME) { + } else if (respid->type == V_OCSP_RESPID_NAME) { if (respid->value.byName == NULL) return 0; diff --git a/deps/openssl/openssl/crypto/pariscid.pl b/deps/openssl/openssl/crypto/pariscid.pl index 3d4a5f8aef8668..5a231c49f02a0a 100644 --- a/deps/openssl/openssl/crypto/pariscid.pl +++ b/deps/openssl/openssl/crypto/pariscid.pl @@ -255,9 +255,22 @@ .PROCEND ___ } -$code =~ s/cmpib,\*/comib,/gm if ($SIZE_T==4); -$code =~ s/,\*/,/gm if ($SIZE_T==4); -$code =~ s/\bbv\b/bve/gm if ($SIZE_T==8); -print $code; + +if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` + =~ /GNU assembler/) { + $gnuas = 1; +} + +foreach(split("\n",$code)) { + + s/(\.LEVEL\s+2\.0)W/$1w/ if ($gnuas && $SIZE_T==8); + s/\.SPACE\s+\$TEXT\$/.text/ if ($gnuas && $SIZE_T==8); + s/\.SUBSPA.*// if ($gnuas && $SIZE_T==8); + s/cmpib,\*/comib,/ if ($SIZE_T==4); + s/,\*/,/ if ($SIZE_T==4); + s/\bbv\b/bve/ if ($SIZE_T==8); + + print $_,"\n"; +} close STDOUT; diff --git a/deps/openssl/openssl/crypto/pem/pem_err.c b/deps/openssl/openssl/crypto/pem/pem_err.c index f36d89324bdd66..f642030aa539ff 100644 --- a/deps/openssl/openssl/crypto/pem/pem_err.c +++ b/deps/openssl/openssl/crypto/pem/pem_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,95 +8,107 @@ * https://www.openssl.org/source/license.html */ -#include #include -#include +#include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -# define ERR_FUNC(func) ERR_PACK(ERR_LIB_PEM,func,0) -# define ERR_REASON(reason) ERR_PACK(ERR_LIB_PEM,0,reason) - -static ERR_STRING_DATA PEM_str_functs[] = { - {ERR_FUNC(PEM_F_B2I_DSS), "b2i_dss"}, - {ERR_FUNC(PEM_F_B2I_PVK_BIO), "b2i_PVK_bio"}, - {ERR_FUNC(PEM_F_B2I_RSA), "b2i_rsa"}, - {ERR_FUNC(PEM_F_CHECK_BITLEN_DSA), "check_bitlen_dsa"}, - {ERR_FUNC(PEM_F_CHECK_BITLEN_RSA), "check_bitlen_rsa"}, - {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO), "d2i_PKCS8PrivateKey_bio"}, - {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP), "d2i_PKCS8PrivateKey_fp"}, - {ERR_FUNC(PEM_F_DO_B2I), "do_b2i"}, - {ERR_FUNC(PEM_F_DO_B2I_BIO), "do_b2i_bio"}, - {ERR_FUNC(PEM_F_DO_BLOB_HEADER), "do_blob_header"}, - {ERR_FUNC(PEM_F_DO_PK8PKEY), "do_pk8pkey"}, - {ERR_FUNC(PEM_F_DO_PK8PKEY_FP), "do_pk8pkey_fp"}, - {ERR_FUNC(PEM_F_DO_PVK_BODY), "do_PVK_body"}, - {ERR_FUNC(PEM_F_DO_PVK_HEADER), "do_PVK_header"}, - {ERR_FUNC(PEM_F_I2B_PVK), "i2b_PVK"}, - {ERR_FUNC(PEM_F_I2B_PVK_BIO), "i2b_PVK_bio"}, - {ERR_FUNC(PEM_F_LOAD_IV), "load_iv"}, - {ERR_FUNC(PEM_F_PEM_ASN1_READ), "PEM_ASN1_read"}, - {ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO), "PEM_ASN1_read_bio"}, - {ERR_FUNC(PEM_F_PEM_ASN1_WRITE), "PEM_ASN1_write"}, - {ERR_FUNC(PEM_F_PEM_ASN1_WRITE_BIO), "PEM_ASN1_write_bio"}, - {ERR_FUNC(PEM_F_PEM_DEF_CALLBACK), "PEM_def_callback"}, - {ERR_FUNC(PEM_F_PEM_DO_HEADER), "PEM_do_header"}, - {ERR_FUNC(PEM_F_PEM_GET_EVP_CIPHER_INFO), "PEM_get_EVP_CIPHER_INFO"}, - {ERR_FUNC(PEM_F_PEM_READ), "PEM_read"}, - {ERR_FUNC(PEM_F_PEM_READ_BIO), "PEM_read_bio"}, - {ERR_FUNC(PEM_F_PEM_READ_BIO_DHPARAMS), "PEM_read_bio_DHparams"}, - {ERR_FUNC(PEM_F_PEM_READ_BIO_PARAMETERS), "PEM_read_bio_Parameters"}, - {ERR_FUNC(PEM_F_PEM_READ_BIO_PRIVATEKEY), "PEM_read_bio_PrivateKey"}, - {ERR_FUNC(PEM_F_PEM_READ_DHPARAMS), "PEM_read_DHparams"}, - {ERR_FUNC(PEM_F_PEM_READ_PRIVATEKEY), "PEM_read_PrivateKey"}, - {ERR_FUNC(PEM_F_PEM_SIGNFINAL), "PEM_SignFinal"}, - {ERR_FUNC(PEM_F_PEM_WRITE), "PEM_write"}, - {ERR_FUNC(PEM_F_PEM_WRITE_BIO), "PEM_write_bio"}, - {ERR_FUNC(PEM_F_PEM_WRITE_PRIVATEKEY), "PEM_write_PrivateKey"}, - {ERR_FUNC(PEM_F_PEM_X509_INFO_READ), "PEM_X509_INFO_read"}, - {ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO), "PEM_X509_INFO_read_bio"}, - {ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO), "PEM_X509_INFO_write_bio"}, +static const ERR_STRING_DATA PEM_str_functs[] = { + {ERR_PACK(ERR_LIB_PEM, PEM_F_B2I_DSS, 0), "b2i_dss"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_B2I_PVK_BIO, 0), "b2i_PVK_bio"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_B2I_RSA, 0), "b2i_rsa"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_CHECK_BITLEN_DSA, 0), "check_bitlen_dsa"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_CHECK_BITLEN_RSA, 0), "check_bitlen_rsa"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_D2I_PKCS8PRIVATEKEY_BIO, 0), + "d2i_PKCS8PrivateKey_bio"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_D2I_PKCS8PRIVATEKEY_FP, 0), + "d2i_PKCS8PrivateKey_fp"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_B2I, 0), "do_b2i"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_B2I_BIO, 0), "do_b2i_bio"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_BLOB_HEADER, 0), "do_blob_header"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_I2B, 0), "do_i2b"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_PK8PKEY, 0), "do_pk8pkey"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_PK8PKEY_FP, 0), "do_pk8pkey_fp"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_PVK_BODY, 0), "do_PVK_body"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_PVK_HEADER, 0), "do_PVK_header"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_GET_HEADER_AND_DATA, 0), + "get_header_and_data"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_GET_NAME, 0), "get_name"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_I2B_PVK, 0), "i2b_PVK"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_I2B_PVK_BIO, 0), "i2b_PVK_bio"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_LOAD_IV, 0), "load_iv"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_ASN1_READ, 0), "PEM_ASN1_read"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_ASN1_READ_BIO, 0), "PEM_ASN1_read_bio"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_ASN1_WRITE, 0), "PEM_ASN1_write"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_ASN1_WRITE_BIO, 0), "PEM_ASN1_write_bio"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_DEF_CALLBACK, 0), "PEM_def_callback"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_DO_HEADER, 0), "PEM_do_header"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_GET_EVP_CIPHER_INFO, 0), + "PEM_get_EVP_CIPHER_INFO"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ, 0), "PEM_read"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_BIO, 0), "PEM_read_bio"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_BIO_DHPARAMS, 0), + "PEM_read_bio_DHparams"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_BIO_EX, 0), "PEM_read_bio_ex"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_BIO_PARAMETERS, 0), + "PEM_read_bio_Parameters"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_BIO_PRIVATEKEY, 0), + "PEM_read_bio_PrivateKey"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_DHPARAMS, 0), "PEM_read_DHparams"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_PRIVATEKEY, 0), + "PEM_read_PrivateKey"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_SIGNFINAL, 0), "PEM_SignFinal"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_WRITE, 0), "PEM_write"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_WRITE_BIO, 0), "PEM_write_bio"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_WRITE_PRIVATEKEY, 0), + "PEM_write_PrivateKey"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_X509_INFO_READ, 0), "PEM_X509_INFO_read"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_X509_INFO_READ_BIO, 0), + "PEM_X509_INFO_read_bio"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_X509_INFO_WRITE_BIO, 0), + "PEM_X509_INFO_write_bio"}, {0, NULL} }; -static ERR_STRING_DATA PEM_str_reasons[] = { - {ERR_REASON(PEM_R_BAD_BASE64_DECODE), "bad base64 decode"}, - {ERR_REASON(PEM_R_BAD_DECRYPT), "bad decrypt"}, - {ERR_REASON(PEM_R_BAD_END_LINE), "bad end line"}, - {ERR_REASON(PEM_R_BAD_IV_CHARS), "bad iv chars"}, - {ERR_REASON(PEM_R_BAD_MAGIC_NUMBER), "bad magic number"}, - {ERR_REASON(PEM_R_BAD_PASSWORD_READ), "bad password read"}, - {ERR_REASON(PEM_R_BAD_VERSION_NUMBER), "bad version number"}, - {ERR_REASON(PEM_R_BIO_WRITE_FAILURE), "bio write failure"}, - {ERR_REASON(PEM_R_CIPHER_IS_NULL), "cipher is null"}, - {ERR_REASON(PEM_R_ERROR_CONVERTING_PRIVATE_KEY), - "error converting private key"}, - {ERR_REASON(PEM_R_EXPECTING_PRIVATE_KEY_BLOB), - "expecting private key blob"}, - {ERR_REASON(PEM_R_EXPECTING_PUBLIC_KEY_BLOB), - "expecting public key blob"}, - {ERR_REASON(PEM_R_HEADER_TOO_LONG), "header too long"}, - {ERR_REASON(PEM_R_INCONSISTENT_HEADER), "inconsistent header"}, - {ERR_REASON(PEM_R_KEYBLOB_HEADER_PARSE_ERROR), - "keyblob header parse error"}, - {ERR_REASON(PEM_R_KEYBLOB_TOO_SHORT), "keyblob too short"}, - {ERR_REASON(PEM_R_MISSING_DEK_IV), "missing dek iv"}, - {ERR_REASON(PEM_R_NOT_DEK_INFO), "not dek info"}, - {ERR_REASON(PEM_R_NOT_ENCRYPTED), "not encrypted"}, - {ERR_REASON(PEM_R_NOT_PROC_TYPE), "not proc type"}, - {ERR_REASON(PEM_R_NO_START_LINE), "no start line"}, - {ERR_REASON(PEM_R_PROBLEMS_GETTING_PASSWORD), - "problems getting password"}, - {ERR_REASON(PEM_R_PVK_DATA_TOO_SHORT), "pvk data too short"}, - {ERR_REASON(PEM_R_PVK_TOO_SHORT), "pvk too short"}, - {ERR_REASON(PEM_R_READ_KEY), "read key"}, - {ERR_REASON(PEM_R_SHORT_HEADER), "short header"}, - {ERR_REASON(PEM_R_UNEXPECTED_DEK_IV), "unexpected dek iv"}, - {ERR_REASON(PEM_R_UNSUPPORTED_CIPHER), "unsupported cipher"}, - {ERR_REASON(PEM_R_UNSUPPORTED_ENCRYPTION), "unsupported encryption"}, - {ERR_REASON(PEM_R_UNSUPPORTED_KEY_COMPONENTS), - "unsupported key components"}, +static const ERR_STRING_DATA PEM_str_reasons[] = { + {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_BASE64_DECODE), "bad base64 decode"}, + {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_DECRYPT), "bad decrypt"}, + {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_END_LINE), "bad end line"}, + {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_IV_CHARS), "bad iv chars"}, + {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_MAGIC_NUMBER), "bad magic number"}, + {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_PASSWORD_READ), "bad password read"}, + {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_VERSION_NUMBER), "bad version number"}, + {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BIO_WRITE_FAILURE), "bio write failure"}, + {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_CIPHER_IS_NULL), "cipher is null"}, + {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_ERROR_CONVERTING_PRIVATE_KEY), + "error converting private key"}, + {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_EXPECTING_PRIVATE_KEY_BLOB), + "expecting private key blob"}, + {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_EXPECTING_PUBLIC_KEY_BLOB), + "expecting public key blob"}, + {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_HEADER_TOO_LONG), "header too long"}, + {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_INCONSISTENT_HEADER), + "inconsistent header"}, + {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_KEYBLOB_HEADER_PARSE_ERROR), + "keyblob header parse error"}, + {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_KEYBLOB_TOO_SHORT), "keyblob too short"}, + {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_MISSING_DEK_IV), "missing dek iv"}, + {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_NOT_DEK_INFO), "not dek info"}, + {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_NOT_ENCRYPTED), "not encrypted"}, + {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_NOT_PROC_TYPE), "not proc type"}, + {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_NO_START_LINE), "no start line"}, + {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_PROBLEMS_GETTING_PASSWORD), + "problems getting password"}, + {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_PVK_DATA_TOO_SHORT), "pvk data too short"}, + {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_PVK_TOO_SHORT), "pvk too short"}, + {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_READ_KEY), "read key"}, + {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_SHORT_HEADER), "short header"}, + {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNEXPECTED_DEK_IV), "unexpected dek iv"}, + {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNSUPPORTED_CIPHER), "unsupported cipher"}, + {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNSUPPORTED_ENCRYPTION), + "unsupported encryption"}, + {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNSUPPORTED_KEY_COMPONENTS), + "unsupported key components"}, {0, NULL} }; @@ -105,10 +117,9 @@ static ERR_STRING_DATA PEM_str_reasons[] = { int ERR_load_PEM_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(PEM_str_functs[0].error) == NULL) { - ERR_load_strings(0, PEM_str_functs); - ERR_load_strings(0, PEM_str_reasons); + ERR_load_strings_const(PEM_str_functs); + ERR_load_strings_const(PEM_str_reasons); } #endif return 1; diff --git a/deps/openssl/openssl/crypto/pem/pem_info.c b/deps/openssl/openssl/crypto/pem/pem_info.c index 78d4476a2a22f4..25dd55e72be42d 100644 --- a/deps/openssl/openssl/crypto/pem/pem_info.c +++ b/deps/openssl/openssl/crypto/pem/pem_info.c @@ -26,12 +26,12 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, if ((b = BIO_new(BIO_s_file())) == NULL) { PEMerr(PEM_F_PEM_X509_INFO_READ, ERR_R_BUF_LIB); - return (0); + return 0; } BIO_set_fp(b, fp, BIO_NOCLOSE); ret = PEM_X509_INFO_read_bio(b, sk, cb, u); BIO_free(b); - return (ret); + return ret; } #endif @@ -240,7 +240,7 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, OPENSSL_free(name); OPENSSL_free(header); OPENSSL_free(data); - return (ret); + return ret; } /* A TJH addition */ @@ -256,7 +256,13 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, if (enc != NULL) { objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc)); - if (objstr == NULL) { + if (objstr == NULL + /* + * Check "Proc-Type: 4,Encrypted\nDEK-Info: objstr,hex-iv\n" + * fits into buf + */ + || (strlen(objstr) + 23 + 2 * EVP_CIPHER_iv_length(enc) + 13) + > sizeof(buf)) { PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER); goto err; } @@ -291,10 +297,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, goto err; } - /* create the right magic header stuff */ - OPENSSL_assert(strlen(objstr) + 23 - + 2 * EVP_CIPHER_iv_length(enc) + 13 <= - sizeof(buf)); + /* Create the right magic header stuff */ buf[0] = '\0'; PEM_proc_type(buf, PEM_TYPE_ENCRYPTED); PEM_dek_info(buf, objstr, EVP_CIPHER_iv_length(enc), @@ -330,5 +333,5 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, err: OPENSSL_cleanse(buf, PEM_BUFSIZE); - return (ret); + return ret; } diff --git a/deps/openssl/openssl/crypto/pem/pem_lib.c b/deps/openssl/openssl/crypto/pem/pem_lib.c index 6f06c5291fbb25..4bb86463fae5f2 100644 --- a/deps/openssl/openssl/crypto/pem/pem_lib.c +++ b/deps/openssl/openssl/crypto/pem/pem_lib.c @@ -8,7 +8,7 @@ */ #include -#include +#include "internal/ctype.h" #include #include "internal/cryptlib.h" #include @@ -30,11 +30,8 @@ int pem_check_suffix(const char *pem_str, const char *suffix); int PEM_def_callback(char *buf, int num, int rwflag, void *userdata) { - int i; -#ifndef OPENSSL_NO_UI - int min_len; + int i, min_len; const char *prompt; -#endif /* We assume that the user passes a default password as userdata */ if (userdata) { @@ -44,10 +41,6 @@ int PEM_def_callback(char *buf, int num, int rwflag, void *userdata) return i; } -#ifdef OPENSSL_NO_UI - PEMerr(PEM_F_PEM_DEF_CALLBACK, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return -1; -#else prompt = EVP_get_pw_prompt(); if (prompt == NULL) prompt = "Enter PEM pass phrase:"; @@ -68,12 +61,12 @@ int PEM_def_callback(char *buf, int num, int rwflag, void *userdata) return -1; } return strlen(buf); -#endif } void PEM_proc_type(char *buf, int type) { const char *str; + char *p = buf + strlen(buf); if (type == PEM_TYPE_ENCRYPTED) str = "ENCRYPTED"; @@ -84,29 +77,29 @@ void PEM_proc_type(char *buf, int type) else str = "BAD-TYPE"; - OPENSSL_strlcat(buf, "Proc-Type: 4,", PEM_BUFSIZE); - OPENSSL_strlcat(buf, str, PEM_BUFSIZE); - OPENSSL_strlcat(buf, "\n", PEM_BUFSIZE); + BIO_snprintf(p, PEM_BUFSIZE - (size_t)(p - buf), "Proc-Type: 4,%s\n", str); } void PEM_dek_info(char *buf, const char *type, int len, char *str) { - static const unsigned char map[17] = "0123456789ABCDEF"; long i; - int j; - - OPENSSL_strlcat(buf, "DEK-Info: ", PEM_BUFSIZE); - OPENSSL_strlcat(buf, type, PEM_BUFSIZE); - OPENSSL_strlcat(buf, ",", PEM_BUFSIZE); - j = strlen(buf); - if (j + (len * 2) + 1 > PEM_BUFSIZE) - return; - for (i = 0; i < len; i++) { - buf[j + i * 2] = map[(str[i] >> 4) & 0x0f]; - buf[j + i * 2 + 1] = map[(str[i]) & 0x0f]; - } - buf[j + i * 2] = '\n'; - buf[j + i * 2 + 1] = '\0'; + char *p = buf + strlen(buf); + int j = PEM_BUFSIZE - (size_t)(p - buf), n; + + n = BIO_snprintf(p, j, "DEK-Info: %s,", type); + if (n > 0) { + j -= n; + p += n; + for (i = 0; i < len; i++) { + n = BIO_snprintf(p, j, "%02X", 0xff & str[i]); + if (n <= 0) + return; + j -= n; + p += n; + } + if (j > 1) + strcpy(p, "\n"); + } } #ifndef OPENSSL_NO_STDIO @@ -118,12 +111,12 @@ void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, if ((b = BIO_new(BIO_s_file())) == NULL) { PEMerr(PEM_F_PEM_ASN1_READ, ERR_R_BUF_LIB); - return (0); + return 0; } BIO_set_fp(b, fp, BIO_NOCLOSE); ret = PEM_ASN1_read_bio(d2i, name, b, x, cb, u); BIO_free(b); - return (ret); + return ret; } #endif @@ -222,28 +215,41 @@ static int check_pem(const char *nm, const char *name) return 0; } -int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, - const char *name, BIO *bp, pem_password_cb *cb, - void *u) +static void pem_free(void *p, unsigned int flags, size_t num) +{ + if (flags & PEM_FLAG_SECURE) + OPENSSL_secure_clear_free(p, num); + else + OPENSSL_free(p); +} + +static void *pem_malloc(int num, unsigned int flags) +{ + return (flags & PEM_FLAG_SECURE) ? OPENSSL_secure_malloc(num) + : OPENSSL_malloc(num); +} + +static int pem_bytes_read_bio_flags(unsigned char **pdata, long *plen, + char **pnm, const char *name, BIO *bp, + pem_password_cb *cb, void *u, + unsigned int flags) { EVP_CIPHER_INFO cipher; char *nm = NULL, *header = NULL; unsigned char *data = NULL; - long len; + long len = 0; int ret = 0; - for (;;) { - if (!PEM_read_bio(bp, &nm, &header, &data, &len)) { + do { + pem_free(nm, flags, 0); + pem_free(header, flags, 0); + pem_free(data, flags, len); + if (!PEM_read_bio_ex(bp, &nm, &header, &data, &len, flags)) { if (ERR_GET_REASON(ERR_peek_error()) == PEM_R_NO_START_LINE) ERR_add_error_data(2, "Expecting: ", name); return 0; } - if (check_pem(nm, name)) - break; - OPENSSL_free(nm); - OPENSSL_free(header); - OPENSSL_free(data); - } + } while (!check_pem(nm, name)); if (!PEM_get_EVP_CIPHER_INFO(header, &cipher)) goto err; if (!PEM_do_header(&cipher, data, &len, cb, u)) @@ -252,20 +258,34 @@ int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, *pdata = data; *plen = len; - if (pnm) + if (pnm != NULL) *pnm = nm; ret = 1; err: - if (!ret || !pnm) - OPENSSL_free(nm); - OPENSSL_free(header); + if (!ret || pnm == NULL) + pem_free(nm, flags, 0); + pem_free(header, flags, 0); if (!ret) - OPENSSL_free(data); + pem_free(data, flags, len); return ret; } +int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, + const char *name, BIO *bp, pem_password_cb *cb, + void *u) { + return pem_bytes_read_bio_flags(pdata, plen, pnm, name, bp, cb, u, + PEM_FLAG_EAY_COMPATIBLE); +} + +int PEM_bytes_read_bio_secmem(unsigned char **pdata, long *plen, char **pnm, + const char *name, BIO *bp, pem_password_cb *cb, + void *u) { + return pem_bytes_read_bio_flags(pdata, plen, pnm, name, bp, cb, u, + PEM_FLAG_SECURE | PEM_FLAG_EAY_COMPATIBLE); +} + #ifndef OPENSSL_NO_STDIO int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, void *x, const EVP_CIPHER *enc, unsigned char *kstr, @@ -276,12 +296,12 @@ int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, if ((b = BIO_new(BIO_s_file())) == NULL) { PEMerr(PEM_F_PEM_ASN1_WRITE, ERR_R_BUF_LIB); - return (0); + return 0; } BIO_set_fp(b, fp, BIO_NOCLOSE); ret = PEM_ASN1_write_bio(i2d, name, b, x, enc, kstr, klen, callback, u); BIO_free(b); - return (ret); + return ret; } #endif @@ -299,7 +319,14 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, if (enc != NULL) { objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc)); - if (objstr == NULL || EVP_CIPHER_iv_length(enc) == 0) { + if (objstr == NULL || EVP_CIPHER_iv_length(enc) == 0 + || EVP_CIPHER_iv_length(enc) > (int)sizeof(iv) + /* + * Check "Proc-Type: 4,Encrypted\nDEK-Info: objstr,hex-iv\n" + * fits into buf + */ + || (strlen(objstr) + 23 + 2 * EVP_CIPHER_iv_length(enc) + 13) + > sizeof(buf)) { PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER); goto err; } @@ -336,8 +363,6 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, #endif kstr = (unsigned char *)buf; } - RAND_add(data, i, 0); /* put in the RSA key. */ - OPENSSL_assert(EVP_CIPHER_iv_length(enc) <= (int)sizeof(iv)); if (RAND_bytes(iv, EVP_CIPHER_iv_length(enc)) <= 0) /* Generate a salt */ goto err; /* @@ -350,9 +375,6 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf, PEM_BUFSIZE); - OPENSSL_assert(strlen(objstr) + 23 + 2 * EVP_CIPHER_iv_length(enc) + 13 - <= sizeof(buf)); - buf[0] = '\0'; PEM_proc_type(buf, PEM_TYPE_ENCRYPTED); PEM_dek_info(buf, objstr, EVP_CIPHER_iv_length(enc), (char *)iv); @@ -380,7 +402,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, EVP_CIPHER_CTX_free(ctx); OPENSSL_cleanse(buf, PEM_BUFSIZE); OPENSSL_clear_free(data, (unsigned int)dsize); - return (ret); + return ret; } int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, @@ -549,14 +571,14 @@ static int load_iv(char **fromp, unsigned char *to, int num) v = OPENSSL_hexchar2int(*from); if (v < 0) { PEMerr(PEM_F_LOAD_IV, PEM_R_BAD_IV_CHARS); - return (0); + return 0; } from++; to[i / 2] |= v << (long)((!(i & 1)) * 4); } *fromp = from; - return (1); + return 1; } #ifndef OPENSSL_NO_STDIO @@ -568,12 +590,12 @@ int PEM_write(FILE *fp, const char *name, const char *header, if ((b = BIO_new(BIO_s_file())) == NULL) { PEMerr(PEM_F_PEM_WRITE, ERR_R_BUF_LIB); - return (0); + return 0; } BIO_set_fp(b, fp, BIO_NOCLOSE); ret = PEM_write_bio(b, name, header, data, len); BIO_free(b); - return (ret); + return ret; } #endif @@ -584,6 +606,7 @@ int PEM_write_bio(BIO *bp, const char *name, const char *header, unsigned char *buf = NULL; EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new(); int reason = ERR_R_BUF_LIB; + int retval = 0; if (ctx == NULL) { reason = ERR_R_MALLOC_FAILURE; @@ -628,14 +651,14 @@ int PEM_write_bio(BIO *bp, const char *name, const char *header, (BIO_write(bp, name, nlen) != nlen) || (BIO_write(bp, "-----\n", 6) != 6)) goto err; - OPENSSL_clear_free(buf, PEM_BUFSIZE * 8); - EVP_ENCODE_CTX_free(ctx); - return (i + outl); + retval = i + outl; + err: - OPENSSL_clear_free(buf, PEM_BUFSIZE * 8); + if (retval == 0) + PEMerr(PEM_F_PEM_WRITE_BIO, reason); EVP_ENCODE_CTX_free(ctx); - PEMerr(PEM_F_PEM_WRITE_BIO, reason); - return (0); + OPENSSL_clear_free(buf, PEM_BUFSIZE * 8); + return retval; } #ifndef OPENSSL_NO_STDIO @@ -647,186 +670,299 @@ int PEM_read(FILE *fp, char **name, char **header, unsigned char **data, if ((b = BIO_new(BIO_s_file())) == NULL) { PEMerr(PEM_F_PEM_READ, ERR_R_BUF_LIB); - return (0); + return 0; } BIO_set_fp(b, fp, BIO_NOCLOSE); ret = PEM_read_bio(b, name, header, data, len); BIO_free(b); - return (ret); + return ret; } #endif -int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, - long *len) +/* Some helpers for PEM_read_bio_ex(). */ +static int sanitize_line(char *linebuf, int len, unsigned int flags) { - EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new(); - int end = 0, i, k, bl = 0, hl = 0, nohead = 0; - char buf[256]; - BUF_MEM *nameB; - BUF_MEM *headerB; - BUF_MEM *dataB, *tmpB; + int i; - if (ctx == NULL) { - PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE); - return (0); + if (flags & PEM_FLAG_EAY_COMPATIBLE) { + /* Strip trailing whitespace */ + while ((len >= 0) && (linebuf[len] <= ' ')) + len--; + /* Go back to whitespace before applying uniform line ending. */ + len++; + } else if (flags & PEM_FLAG_ONLY_B64) { + for (i = 0; i < len; ++i) { + if (!ossl_isbase64(linebuf[i]) || linebuf[i] == '\n' + || linebuf[i] == '\r') + break; + } + len = i; + } else { + /* EVP_DecodeBlock strips leading and trailing whitespace, so just strip + * control characters in-place and let everything through. */ + for (i = 0; i < len; ++i) { + if (linebuf[i] == '\n' || linebuf[i] == '\r') + break; + if (ossl_iscntrl(linebuf[i])) + linebuf[i] = ' '; + } + len = i; } + /* The caller allocated LINESIZE+1, so this is safe. */ + linebuf[len++] = '\n'; + linebuf[len] = '\0'; + return len; +} - nameB = BUF_MEM_new(); - headerB = BUF_MEM_new(); - dataB = BUF_MEM_new(); - if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL)) { - goto err; +#define LINESIZE 255 +/* Note trailing spaces for begin and end. */ +static const char beginstr[] = "-----BEGIN "; +static const char endstr[] = "-----END "; +static const char tailstr[] = "-----\n"; +#define BEGINLEN ((int)(sizeof(beginstr) - 1)) +#define ENDLEN ((int)(sizeof(endstr) - 1)) +#define TAILLEN ((int)(sizeof(tailstr) - 1)) +static int get_name(BIO *bp, char **name, unsigned int flags) +{ + char *linebuf; + int ret = 0; + int len; + + /* + * Need to hold trailing NUL (accounted for by BIO_gets() and the newline + * that will be added by sanitize_line() (the extra '1'). + */ + linebuf = pem_malloc(LINESIZE + 1, flags); + if (linebuf == NULL) { + PEMerr(PEM_F_GET_NAME, ERR_R_MALLOC_FAILURE); + return 0; } - buf[254] = '\0'; - for (;;) { - i = BIO_gets(bp, buf, 254); + do { + len = BIO_gets(bp, linebuf, LINESIZE); - if (i <= 0) { - PEMerr(PEM_F_PEM_READ_BIO, PEM_R_NO_START_LINE); + if (len <= 0) { + PEMerr(PEM_F_GET_NAME, PEM_R_NO_START_LINE); goto err; } - while ((i >= 0) && (buf[i] <= ' ')) - i--; - buf[++i] = '\n'; - buf[++i] = '\0'; + /* Strip trailing garbage and standardize ending. */ + len = sanitize_line(linebuf, len, flags & ~PEM_FLAG_ONLY_B64); + + /* Allow leading empty or non-matching lines. */ + } while (strncmp(linebuf, beginstr, BEGINLEN) != 0 + || len < TAILLEN + || strncmp(linebuf + len - TAILLEN, tailstr, TAILLEN) != 0); + linebuf[len - TAILLEN] = '\0'; + len = len - BEGINLEN - TAILLEN + 1; + *name = pem_malloc(len, flags); + if (*name == NULL) { + PEMerr(PEM_F_GET_NAME, ERR_R_MALLOC_FAILURE); + goto err; + } + memcpy(*name, linebuf + BEGINLEN, len); + ret = 1; + +err: + pem_free(linebuf, flags, LINESIZE + 1); + return ret; +} + +/* Keep track of how much of a header we've seen. */ +enum header_status { + MAYBE_HEADER, + IN_HEADER, + POST_HEADER +}; + +/** + * Extract the optional PEM header, with details on the type of content and + * any encryption used on the contents, and the bulk of the data from the bio. + * The end of the header is marked by a blank line; if the end-of-input marker + * is reached prior to a blank line, there is no header. + * + * The header and data arguments are BIO** since we may have to swap them + * if there is no header, for efficiency. + * + * We need the name of the PEM-encoded type to verify the end string. + */ +static int get_header_and_data(BIO *bp, BIO **header, BIO **data, char *name, + unsigned int flags) +{ + BIO *tmp = *header; + char *linebuf, *p; + int len, line, ret = 0, end = 0; + /* 0 if not seen (yet), 1 if reading header, 2 if finished header */ + enum header_status got_header = MAYBE_HEADER; + unsigned int flags_mask; + size_t namelen; + + /* Need to hold trailing NUL (accounted for by BIO_gets() and the newline + * that will be added by sanitize_line() (the extra '1'). */ + linebuf = pem_malloc(LINESIZE + 1, flags); + if (linebuf == NULL) { + PEMerr(PEM_F_GET_HEADER_AND_DATA, ERR_R_MALLOC_FAILURE); + return 0; + } - if (strncmp(buf, "-----BEGIN ", 11) == 0) { - i = strlen(&(buf[11])); + for (line = 0; ; line++) { + flags_mask = ~0u; + len = BIO_gets(bp, linebuf, LINESIZE); + if (len <= 0) { + PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_SHORT_HEADER); + goto err; + } - if (strncmp(&(buf[11 + i - 6]), "-----\n", 6) != 0) - continue; - if (!BUF_MEM_grow(nameB, i + 9)) { - PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE); + if (got_header == MAYBE_HEADER) { + if (memchr(linebuf, ':', len) != NULL) + got_header = IN_HEADER; + } + if (!strncmp(linebuf, endstr, ENDLEN) || got_header == IN_HEADER) + flags_mask &= ~PEM_FLAG_ONLY_B64; + len = sanitize_line(linebuf, len, flags & flags_mask); + + /* Check for end of header. */ + if (linebuf[0] == '\n') { + if (got_header == POST_HEADER) { + /* Another blank line is an error. */ + PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_BAD_END_LINE); goto err; } - memcpy(nameB->data, &(buf[11]), i - 6); - nameB->data[i - 6] = '\0'; - break; + got_header = POST_HEADER; + tmp = *data; + continue; } - } - hl = 0; - if (!BUF_MEM_grow(headerB, 256)) { - PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE); - goto err; - } - headerB->data[0] = '\0'; - for (;;) { - i = BIO_gets(bp, buf, 254); - if (i <= 0) - break; - while ((i >= 0) && (buf[i] <= ' ')) - i--; - buf[++i] = '\n'; - buf[++i] = '\0'; - - if (buf[0] == '\n') + /* Check for end of stream (which means there is no header). */ + if (strncmp(linebuf, endstr, ENDLEN) == 0) { + p = linebuf + ENDLEN; + namelen = strlen(name); + if (strncmp(p, name, namelen) != 0 || + strncmp(p + namelen, tailstr, TAILLEN) != 0) { + PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_BAD_END_LINE); + goto err; + } + if (got_header == MAYBE_HEADER) { + *header = *data; + *data = tmp; + } break; - if (!BUF_MEM_grow(headerB, hl + i + 9)) { - PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE); + } else if (end) { + /* Malformed input; short line not at end of data. */ + PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_BAD_END_LINE); goto err; } - if (strncmp(buf, "-----END ", 9) == 0) { - nohead = 1; - break; + /* + * Else, a line of text -- could be header or data; we don't + * know yet. Just pass it through. + */ + if (BIO_puts(tmp, linebuf) < 0) + goto err; + /* + * Only encrypted files need the line length check applied. + */ + if (got_header == POST_HEADER) { + /* 65 includes the trailing newline */ + if (len > 65) + goto err; + if (len < 65) + end = 1; } - memcpy(&(headerB->data[hl]), buf, i); - headerB->data[hl + i] = '\0'; - hl += i; } - bl = 0; - if (!BUF_MEM_grow(dataB, 1024)) { - PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE); - goto err; - } - dataB->data[0] = '\0'; - if (!nohead) { - for (;;) { - i = BIO_gets(bp, buf, 254); - if (i <= 0) - break; - - while ((i >= 0) && (buf[i] <= ' ')) - i--; - buf[++i] = '\n'; - buf[++i] = '\0'; + ret = 1; +err: + pem_free(linebuf, flags, LINESIZE + 1); + return ret; +} - if (i != 65) - end = 1; - if (strncmp(buf, "-----END ", 9) == 0) - break; - if (i > 65) - break; - if (!BUF_MEM_grow_clean(dataB, i + bl + 9)) { - PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE); - goto err; - } - memcpy(&(dataB->data[bl]), buf, i); - dataB->data[bl + i] = '\0'; - bl += i; - if (end) { - buf[0] = '\0'; - i = BIO_gets(bp, buf, 254); - if (i <= 0) - break; - - while ((i >= 0) && (buf[i] <= ' ')) - i--; - buf[++i] = '\n'; - buf[++i] = '\0'; +/** + * Read in PEM-formatted data from the given BIO. + * + * By nature of the PEM format, all content must be printable ASCII (except + * for line endings). Other characters are malformed input and will be rejected. + */ +int PEM_read_bio_ex(BIO *bp, char **name_out, char **header, + unsigned char **data, long *len_out, unsigned int flags) +{ + EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new(); + const BIO_METHOD *bmeth; + BIO *headerB = NULL, *dataB = NULL; + char *name = NULL; + int len, taillen, headerlen, ret = 0; + BUF_MEM * buf_mem; - break; - } - } - } else { - tmpB = headerB; - headerB = dataB; - dataB = tmpB; - bl = hl; - } - i = strlen(nameB->data); - if ((strncmp(buf, "-----END ", 9) != 0) || - (strncmp(nameB->data, &(buf[9]), i) != 0) || - (strncmp(&(buf[9 + i]), "-----\n", 6) != 0)) { - PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_END_LINE); - goto err; + if (ctx == NULL) { + PEMerr(PEM_F_PEM_READ_BIO_EX, ERR_R_MALLOC_FAILURE); + return 0; } - EVP_DecodeInit(ctx); - i = EVP_DecodeUpdate(ctx, - (unsigned char *)dataB->data, &bl, - (unsigned char *)dataB->data, bl); - if (i < 0) { - PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_BASE64_DECODE); - goto err; + *len_out = 0; + *name_out = *header = NULL; + *data = NULL; + if ((flags & PEM_FLAG_EAY_COMPATIBLE) && (flags & PEM_FLAG_ONLY_B64)) { + /* These two are mutually incompatible; bail out. */ + PEMerr(PEM_F_PEM_READ_BIO_EX, ERR_R_PASSED_INVALID_ARGUMENT); + goto end; } - i = EVP_DecodeFinal(ctx, (unsigned char *)&(dataB->data[bl]), &k); - if (i < 0) { - PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_BASE64_DECODE); - goto err; + bmeth = (flags & PEM_FLAG_SECURE) ? BIO_s_secmem() : BIO_s_mem(); + + headerB = BIO_new(bmeth); + dataB = BIO_new(bmeth); + if (headerB == NULL || dataB == NULL) { + PEMerr(PEM_F_PEM_READ_BIO_EX, ERR_R_MALLOC_FAILURE); + goto end; } - bl += k; - if (bl == 0) - goto err; - *name = nameB->data; - *header = headerB->data; - *data = (unsigned char *)dataB->data; - *len = bl; - OPENSSL_free(nameB); - OPENSSL_free(headerB); - OPENSSL_free(dataB); - EVP_ENCODE_CTX_free(ctx); - return (1); - err: - BUF_MEM_free(nameB); - BUF_MEM_free(headerB); - BUF_MEM_free(dataB); + if (!get_name(bp, &name, flags)) + goto end; + if (!get_header_and_data(bp, &headerB, &dataB, name, flags)) + goto end; + + EVP_DecodeInit(ctx); + BIO_get_mem_ptr(dataB, &buf_mem); + len = buf_mem->length; + if (EVP_DecodeUpdate(ctx, (unsigned char*)buf_mem->data, &len, + (unsigned char*)buf_mem->data, len) < 0 + || EVP_DecodeFinal(ctx, (unsigned char*)&(buf_mem->data[len]), + &taillen) < 0) { + PEMerr(PEM_F_PEM_READ_BIO_EX, PEM_R_BAD_BASE64_DECODE); + goto end; + } + len += taillen; + buf_mem->length = len; + + /* There was no data in the PEM file; avoid malloc(0). */ + if (len == 0) + goto end; + headerlen = BIO_get_mem_data(headerB, NULL); + *header = pem_malloc(headerlen + 1, flags); + *data = pem_malloc(len, flags); + if (*header == NULL || *data == NULL) { + pem_free(*header, flags, 0); + pem_free(*data, flags, 0); + goto end; + } + BIO_read(headerB, *header, headerlen); + (*header)[headerlen] = '\0'; + BIO_read(dataB, *data, len); + *len_out = len; + *name_out = name; + name = NULL; + ret = 1; + +end: EVP_ENCODE_CTX_free(ctx); - return (0); + pem_free(name, flags, 0); + BIO_free(headerB); + BIO_free(dataB); + return ret; +} + +int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, + long *len) +{ + return PEM_read_bio_ex(bp, name, header, data, len, PEM_FLAG_EAY_COMPATIBLE); } /* diff --git a/deps/openssl/openssl/crypto/pem/pem_oth.c b/deps/openssl/openssl/crypto/pem/pem_oth.c index cc7a8dbec49d09..566205331f8ae7 100644 --- a/deps/openssl/openssl/crypto/pem/pem_oth.c +++ b/deps/openssl/openssl/crypto/pem/pem_oth.c @@ -32,5 +32,5 @@ void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x, if (ret == NULL) PEMerr(PEM_F_PEM_ASN1_READ_BIO, ERR_R_ASN1_LIB); OPENSSL_free(data); - return (ret); + return ret; } diff --git a/deps/openssl/openssl/crypto/pem/pem_pk8.c b/deps/openssl/openssl/crypto/pem/pem_pk8.c index a8363b39b9dfab..ab6c4c6bde30a1 100644 --- a/deps/openssl/openssl/crypto/pem/pem_pk8.c +++ b/deps/openssl/openssl/crypto/pem/pem_pk8.c @@ -183,7 +183,7 @@ static int do_pk8pkey_fp(FILE *fp, EVP_PKEY *x, int isder, int nid, if ((bp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) { PEMerr(PEM_F_DO_PK8PKEY_FP, ERR_R_BUF_LIB); - return (0); + return 0; } ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u); BIO_free(bp); diff --git a/deps/openssl/openssl/crypto/pem/pem_pkey.c b/deps/openssl/openssl/crypto/pem/pem_pkey.c index 7dadc1391cf491..aa032d2b1cac28 100644 --- a/deps/openssl/openssl/crypto/pem/pem_pkey.c +++ b/deps/openssl/openssl/crypto/pem/pem_pkey.c @@ -32,7 +32,8 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, int slen; EVP_PKEY *ret = NULL; - if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u)) + if (!PEM_bytes_read_bio_secmem(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, + cb, u)) return NULL; p = data; @@ -86,9 +87,9 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, if (ret == NULL) PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, ERR_R_ASN1_LIB); err: - OPENSSL_free(nm); - OPENSSL_clear_free(data, len); - return (ret); + OPENSSL_secure_free(nm); + OPENSSL_secure_clear_free(data, len); + return ret; } int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, @@ -147,7 +148,7 @@ EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x) PEMerr(PEM_F_PEM_READ_BIO_PARAMETERS, ERR_R_ASN1_LIB); OPENSSL_free(nm); OPENSSL_free(data); - return (ret); + return ret; } int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x) @@ -170,12 +171,12 @@ EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, if ((b = BIO_new(BIO_s_file())) == NULL) { PEMerr(PEM_F_PEM_READ_PRIVATEKEY, ERR_R_BUF_LIB); - return (0); + return 0; } BIO_set_fp(b, fp, BIO_NOCLOSE); ret = PEM_read_bio_PrivateKey(b, x, cb, u); BIO_free(b); - return (ret); + return ret; } int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, @@ -232,12 +233,12 @@ DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u) if ((b = BIO_new(BIO_s_file())) == NULL) { PEMerr(PEM_F_PEM_READ_DHPARAMS, ERR_R_BUF_LIB); - return (0); + return 0; } BIO_set_fp(b, fp, BIO_NOCLOSE); ret = PEM_read_bio_DHparams(b, x, cb, u); BIO_free(b); - return (ret); + return ret; } # endif diff --git a/deps/openssl/openssl/crypto/pem/pem_sign.c b/deps/openssl/openssl/crypto/pem/pem_sign.c index 12ad97450a3f88..9662eb14dbc9d5 100644 --- a/deps/openssl/openssl/crypto/pem/pem_sign.c +++ b/deps/openssl/openssl/crypto/pem/pem_sign.c @@ -46,5 +46,5 @@ int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, err: /* ctx has been zeroed by EVP_SignFinal() */ OPENSSL_free(m); - return (ret); + return ret; } diff --git a/deps/openssl/openssl/crypto/pem/pvkfmt.c b/deps/openssl/openssl/crypto/pem/pvkfmt.c index 96a82eb52035cc..e39c2438140d05 100644 --- a/deps/openssl/openssl/crypto/pem/pvkfmt.c +++ b/deps/openssl/openssl/crypto/pem/pvkfmt.c @@ -444,9 +444,10 @@ static int do_i2b(unsigned char **out, EVP_PKEY *pk, int ispub) if (*out) p = *out; else { - p = OPENSSL_malloc(outlen); - if (p == NULL) + if ((p = OPENSSL_malloc(outlen)) == NULL) { + PEMerr(PEM_F_DO_I2B, ERR_R_MALLOC_FAILURE); return -1; + } *out = p; noinc = 1; } diff --git a/deps/openssl/openssl/crypto/perlasm/README b/deps/openssl/openssl/crypto/perlasm/README index e90bd8e01459e6..3177c371654254 100644 --- a/deps/openssl/openssl/crypto/perlasm/README +++ b/deps/openssl/openssl/crypto/perlasm/README @@ -9,7 +9,7 @@ require "x86asm.pl"; The first thing we do is setup the file and type of assembler -&asm_init($ARGV[0],$0); +&asm_init($ARGV[0]); The first argument is the 'type'. Currently 'cpp', 'sol', 'a.out', 'elf' or 'win32'. @@ -62,7 +62,7 @@ So a very simple version of this function could be coded as push(@INC,"perlasm","../../perlasm"); require "x86asm.pl"; - &asm_init($ARGV[0],"cacl.pl"); + &asm_init($ARGV[0]); &external_label("other"); diff --git a/deps/openssl/openssl/crypto/perlasm/cbc.pl b/deps/openssl/openssl/crypto/perlasm/cbc.pl index ad79b2407bee39..01bafe457d6807 100644 --- a/deps/openssl/openssl/crypto/perlasm/cbc.pl +++ b/deps/openssl/openssl/crypto/perlasm/cbc.pl @@ -15,7 +15,7 @@ # des_cblock (*ivec); # int enc; # -# calls +# calls # des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); # @@ -36,7 +36,7 @@ sub cbc # name is the function name # enc_func and dec_func and the functions to call for encrypt/decrypt # swap is true if byte order needs to be reversed - # iv_off is parameter number for the iv + # iv_off is parameter number for the iv # enc_off is parameter number for the encrypt/decrypt flag # p1,p2,p3 are the offsets for parameters to be passed to the # underlying calls. @@ -114,7 +114,7 @@ sub cbc ############################################################# &set_label("encrypt_loop"); - # encrypt start + # encrypt start # "eax" and "ebx" hold iv (or the last cipher text) &mov("ecx", &DWP(0,$in,"",0)); # load first 4 bytes @@ -208,7 +208,7 @@ sub cbc ############################################################# ############################################################# &set_label("decrypt",1); - # decrypt start + # decrypt start &and($count,0xfffffff8); # The next 2 instructions are only for if the jz is taken &mov("eax", &DWP($data_off+8,"esp","",0)); # get iv[0] @@ -350,7 +350,7 @@ sub cbc &align(64); &function_end_B($name); - + } 1; diff --git a/deps/openssl/openssl/crypto/perlasm/ppc-xlate.pl b/deps/openssl/openssl/crypto/perlasm/ppc-xlate.pl index 2d46e24482ce9f..d220c6245b563b 100755 --- a/deps/openssl/openssl/crypto/perlasm/ppc-xlate.pl +++ b/deps/openssl/openssl/crypto/perlasm/ppc-xlate.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -11,40 +11,65 @@ open STDOUT,">$output" || die "can't open $output: $!"; my %GLOBALS; +my %TYPES; my $dotinlocallabels=($flavour=~/linux/)?1:0; ################################################################ # directives which need special treatment on different platforms ################################################################ +my $type = sub { + my ($dir,$name,$type) = @_; + + $TYPES{$name} = $type; + if ($flavour =~ /linux/) { + $name =~ s|^\.||; + ".type $name,$type"; + } else { + ""; + } +}; my $globl = sub { my $junk = shift; my $name = shift; my $global = \$GLOBALS{$name}; + my $type = \$TYPES{$name}; my $ret; - $name =~ s|^[\.\_]||; - + $name =~ s|^\.||; + SWITCH: for ($flavour) { - /aix/ && do { $name = ".$name"; + /aix/ && do { if (!$$type) { + $$type = "\@function"; + } + if ($$type =~ /function/) { + $name = ".$name"; + } last; }; /osx/ && do { $name = "_$name"; last; }; /linux.*(32|64le)/ - && do { $ret .= ".globl $name\n"; - $ret .= ".type $name,\@function"; + && do { $ret .= ".globl $name"; + if (!$$type) { + $ret .= "\n.type $name,\@function"; + $$type = "\@function"; + } last; }; - /linux.*64/ && do { $ret .= ".globl $name\n"; - $ret .= ".type $name,\@function\n"; - $ret .= ".section \".opd\",\"aw\"\n"; - $ret .= ".align 3\n"; - $ret .= "$name:\n"; - $ret .= ".quad .$name,.TOC.\@tocbase,0\n"; - $ret .= ".previous\n"; - - $name = ".$name"; + /linux.*64/ && do { $ret .= ".globl $name"; + if (!$$type) { + $ret .= "\n.type $name,\@function"; + $$type = "\@function"; + } + if ($$type =~ /function/) { + $ret .= "\n.section \".opd\",\"aw\""; + $ret .= "\n.align 3"; + $ret .= "\n$name:"; + $ret .= "\n.quad .$name,.TOC.\@tocbase,0"; + $ret .= "\n.previous"; + $name = ".$name"; + } last; }; } @@ -70,9 +95,13 @@ my $size = sub { if ($flavour =~ /linux/) { shift; - my $name = shift; $name =~ s|^[\.\_]||; - my $ret = ".size $name,.-".($flavour=~/64$/?".":"").$name; - $ret .= "\n.size .$name,.-.$name" if ($flavour=~/64$/); + my $name = shift; + my $real = $GLOBALS{$name} ? \$GLOBALS{$name} : \$name; + my $ret = ".size $$real,.-$$real"; + $name =~ s|^\.||; + if ($$real ne $name) { + $ret .= "\n.size $name,.-$$real"; + } $ret; } else @@ -187,12 +216,23 @@ sub vsxmem_op { my $stvdx_u = sub { vsxmem_op(@_, 716); }; # stxsdx my $lvx_4w = sub { vsxmem_op(@_, 780); }; # lxvw4x my $stvx_4w = sub { vsxmem_op(@_, 908); }; # stxvw4x +my $lvx_splt = sub { vsxmem_op(@_, 332); }; # lxvdsx +# VSX instruction[s] masqueraded as made-up AltiVec/VMX +my $vpermdi = sub { # xxpermdi + my ($f, $vrt, $vra, $vrb, $dm) = @_; + $dm = oct($dm) if ($dm =~ /^0/); + " .long ".sprintf "0x%X",(60<<26)|($vrt<<21)|($vra<<16)|($vrb<<11)|($dm<<8)|(10<<3)|7; +}; # PowerISA 2.07 stuff sub vcrypto_op { my ($f, $vrt, $vra, $vrb, $op) = @_; " .long ".sprintf "0x%X",(4<<26)|($vrt<<21)|($vra<<16)|($vrb<<11)|$op; } +sub vfour { + my ($f, $vrt, $vra, $vrb, $vrc, $op) = @_; + " .long ".sprintf "0x%X",(4<<26)|($vrt<<21)|($vra<<16)|($vrb<<11)|($vrc<<6)|$op; +}; my $vcipher = sub { vcrypto_op(@_, 1288); }; my $vcipherlast = sub { vcrypto_op(@_, 1289); }; my $vncipher = sub { vcrypto_op(@_, 1352); }; @@ -204,27 +244,61 @@ sub vcrypto_op { my $vpmsumd = sub { vcrypto_op(@_, 1224); }; my $vpmsubh = sub { vcrypto_op(@_, 1096); }; my $vpmsumw = sub { vcrypto_op(@_, 1160); }; +# These are not really crypto, but vcrypto_op template works my $vaddudm = sub { vcrypto_op(@_, 192); }; +my $vadduqm = sub { vcrypto_op(@_, 256); }; +my $vmuleuw = sub { vcrypto_op(@_, 648); }; +my $vmulouw = sub { vcrypto_op(@_, 136); }; +my $vrld = sub { vcrypto_op(@_, 196); }; +my $vsld = sub { vcrypto_op(@_, 1476); }; +my $vsrd = sub { vcrypto_op(@_, 1732); }; +my $vsubudm = sub { vcrypto_op(@_, 1216); }; +my $vaddcuq = sub { vcrypto_op(@_, 320); }; +my $vaddeuqm = sub { vfour(@_,60); }; +my $vaddecuq = sub { vfour(@_,61); }; +my $vmrgew = sub { vfour(@_,0,1932); }; +my $vmrgow = sub { vfour(@_,0,1676); }; my $mtsle = sub { my ($f, $arg) = @_; " .long ".sprintf "0x%X",(31<<26)|($arg<<21)|(147*2); }; -# PowerISA 3.0 stuff -my $maddhdu = sub { - my ($f, $rt, $ra, $rb, $rc) = @_; - " .long ".sprintf "0x%X",(4<<26)|($rt<<21)|($ra<<16)|($rb<<11)|($rc<<6)|49; +# VSX instructions masqueraded as AltiVec/VMX +my $mtvrd = sub { + my ($f, $vrt, $ra) = @_; + " .long ".sprintf "0x%X",(31<<26)|($vrt<<21)|($ra<<16)|(179<<1)|1; }; -my $maddld = sub { - my ($f, $rt, $ra, $rb, $rc) = @_; - " .long ".sprintf "0x%X",(4<<26)|($rt<<21)|($ra<<16)|($rb<<11)|($rc<<6)|51; +my $mtvrwz = sub { + my ($f, $vrt, $ra) = @_; + " .long ".sprintf "0x%X",(31<<26)|($vrt<<21)|($ra<<16)|(243<<1)|1; }; +# PowerISA 3.0 stuff +my $maddhdu = sub { vfour(@_,49); }; +my $maddld = sub { vfour(@_,51); }; my $darn = sub { my ($f, $rt, $l) = @_; " .long ".sprintf "0x%X",(31<<26)|($rt<<21)|($l<<16)|(755<<1); }; +my $iseleq = sub { + my ($f, $rt, $ra, $rb) = @_; + " .long ".sprintf "0x%X",(31<<26)|($rt<<21)|($ra<<16)|($rb<<11)|(2<<6)|30; +}; +# VSX instruction[s] masqueraded as made-up AltiVec/VMX +my $vspltib = sub { # xxspltib + my ($f, $vrt, $imm8) = @_; + $imm8 = oct($imm8) if ($imm8 =~ /^0/); + $imm8 &= 0xff; + " .long ".sprintf "0x%X",(60<<26)|($vrt<<21)|($imm8<<11)|(360<<1)|1; +}; + +# PowerISA 3.0B stuff +my $addex = sub { + my ($f, $rt, $ra, $rb, $cy) = @_; # only cy==0 is specified in 3.0B + " .long ".sprintf "0x%X",(31<<26)|($rt<<21)|($ra<<16)|($rb<<11)|($cy<<9)|(170<<1); +}; +my $vmsumudm = sub { vfour(@_,35); }; while($line=<>) { @@ -234,7 +308,7 @@ sub vcrypto_op { $line =~ s|\s+$||; # ... and at the end { - $line =~ s|\b\.L(\w+)|L$1|g; # common denominator for Locallabel + $line =~ s|\.L(\w+)|L$1|g; # common denominator for Locallabel $line =~ s|\bL(\w+)|\.L$1|g if ($dotinlocallabels); } @@ -242,8 +316,13 @@ sub vcrypto_op { $line =~ s|(^[\.\w]+)\:\s*||; my $label = $1; if ($label) { - printf "%s:",($GLOBALS{$label} or $label); - printf "\n.localentry\t$GLOBALS{$label},0" if ($GLOBALS{$label} && $flavour =~ /linux.*64le/); + my $xlated = ($GLOBALS{$label} or $label); + print "$xlated:"; + if ($flavour =~ /linux.*64le/) { + if ($TYPES{$label} =~ /function/) { + printf "\n.localentry %s,0\n",$xlated; + } + } } } @@ -254,7 +333,7 @@ sub vcrypto_op { my $f = $3; my $opcode = eval("\$$mnemonic"); $line =~ s/\b(c?[rf]|v|vs)([0-9]+)\b/$2/g if ($c ne "." and $flavour !~ /osx/); - if (ref($opcode) eq 'CODE') { $line = &$opcode($f,split(',',$line)); } + if (ref($opcode) eq 'CODE') { $line = &$opcode($f,split(/,\s*/,$line)); } elsif ($mnemonic) { $line = $c.$mnemonic.$f."\t".$line; } } diff --git a/deps/openssl/openssl/crypto/perlasm/sparcv9_modes.pl b/deps/openssl/openssl/crypto/perlasm/sparcv9_modes.pl index bfdada8540be67..b9922e031893cd 100644 --- a/deps/openssl/openssl/crypto/perlasm/sparcv9_modes.pl +++ b/deps/openssl/openssl/crypto/perlasm/sparcv9_modes.pl @@ -117,7 +117,7 @@ sub alg_cbc_encrypt_implement { brnz,pn $ooff, 2f sub $len, 1, $len - + std %f0, [$out + 0] std %f2, [$out + 8] brnz,pt $len, .L${bits}_cbc_enc_loop @@ -224,7 +224,7 @@ sub alg_cbc_encrypt_implement { call _${alg}${bits}_encrypt_1x add $inp, 16, $inp sub $len, 1, $len - + stda %f0, [$out]0xe2 ! ASI_BLK_INIT, T4-specific add $out, 8, $out stda %f2, [$out]0xe2 ! ASI_BLK_INIT, T4-specific @@ -339,7 +339,7 @@ sub alg_cbc_decrypt_implement { brnz,pn $ooff, 2f sub $len, 1, $len - + std %f0, [$out + 0] std %f2, [$out + 8] brnz,pt $len, .L${bits}_cbc_dec_loop2x @@ -445,7 +445,7 @@ sub alg_cbc_decrypt_implement { brnz,pn $ooff, 2f sub $len, 2, $len - + std %f0, [$out + 0] std %f2, [$out + 8] std %f4, [$out + 16] @@ -702,7 +702,7 @@ sub alg_ctr32_implement { brnz,pn $ooff, 2f sub $len, 1, $len - + std %f0, [$out + 0] std %f2, [$out + 8] brnz,pt $len, .L${bits}_ctr32_loop2x @@ -791,7 +791,7 @@ sub alg_ctr32_implement { brnz,pn $ooff, 2f sub $len, 2, $len - + std %f0, [$out + 0] std %f2, [$out + 8] std %f4, [$out + 16] @@ -1024,7 +1024,7 @@ sub alg_xts_implement { brnz,pn $ooff, 2f sub $len, 1, $len - + std %f0, [$out + 0] std %f2, [$out + 8] brnz,pt $len, .L${bits}_xts_${dir}loop2x @@ -1135,7 +1135,7 @@ sub alg_xts_implement { brnz,pn $ooff, 2f sub $len, 2, $len - + std %f0, [$out + 0] std %f2, [$out + 8] std %f4, [$out + 16] diff --git a/deps/openssl/openssl/crypto/perlasm/x86_64-xlate.pl b/deps/openssl/openssl/crypto/perlasm/x86_64-xlate.pl index 6eaefcfd93dd85..f8380f2e9cfa9f 100755 --- a/deps/openssl/openssl/crypto/perlasm/x86_64-xlate.pl +++ b/deps/openssl/openssl/crypto/perlasm/x86_64-xlate.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -51,12 +51,7 @@ # 7. Stick to explicit ip-relative addressing. If you have to use # GOTPCREL addressing, stick to mov symbol@GOTPCREL(%rip),%r??. # Both are recognized and translated to proper Win64 addressing -# modes. To support legacy code a synthetic directive, .picmeup, -# is implemented. It puts address of the *next* instruction into -# target register, e.g.: -# -# .picmeup %rax -# lea .Label-.(%rax),%rax +# modes. # # 8. In order to provide for structured exception handling unified # Win64 prologue copies %rsp value to %rax. For further details @@ -100,7 +95,7 @@ { $nasm = $1 + $2*0.01; $PTR=""; } elsif (`ml64 2>&1` =~ m/Version ([0-9]+)\.([0-9]+)(\.([0-9]+))?/) { $masm = $1 + $2*2**-16 + $4*2**-32; } - die "no assembler found on %PATH" if (!($nasm || $masm)); + die "no assembler found on %PATH%" if (!($nasm || $masm)); $win64=1; $elf=0; $decor="\$L\$"; @@ -130,7 +125,7 @@ $self->{sz} = ""; } elsif ($self->{op} =~ /^p/ && $' !~ /^(ush|op|insrw)/) { # SSEn $self->{sz} = ""; - } elsif ($self->{op} =~ /^v/) { # VEX + } elsif ($self->{op} =~ /^[vk]/) { # VEX or k* such as kmov $self->{sz} = ""; } elsif ($self->{op} =~ /mov[dq]/ && $$line =~ /%xmm/) { $self->{sz} = ""; @@ -151,7 +146,7 @@ if ($gas) { if ($self->{op} eq "movz") { # movz is pain... sprintf "%s%s%s",$self->{op},$self->{sz},shift; - } elsif ($self->{op} =~ /^set/) { + } elsif ($self->{op} =~ /^set/) { "$self->{op}"; } elsif ($self->{op} eq "ret") { my $epilogue = ""; @@ -178,7 +173,7 @@ $self->{op} .= $self->{sz}; } elsif ($self->{op} eq "call" && $current_segment eq ".CRT\$XCU") { $self->{op} = "\tDQ"; - } + } $self->{op}; } } @@ -224,18 +219,26 @@ } } { package ea; # pick up effective addresses: expr(%reg,%reg,scale) + + my %szmap = ( b=>"BYTE$PTR", w=>"WORD$PTR", + l=>"DWORD$PTR", d=>"DWORD$PTR", + q=>"QWORD$PTR", o=>"OWORD$PTR", + x=>"XMMWORD$PTR", y=>"YMMWORD$PTR", + z=>"ZMMWORD$PTR" ) if (!$gas); + sub re { my ($class, $line, $opcode) = @_; my $self = {}; my $ret; # optional * ----vvv--- appears in indirect jmp/call - if ($$line =~ /^(\*?)([^\(,]*)\(([%\w,]+)\)/) { + if ($$line =~ /^(\*?)([^\(,]*)\(([%\w,]+)\)((?:{[^}]+})*)/) { bless $self, $class; $self->{asterisk} = $1; $self->{label} = $2; ($self->{base},$self->{index},$self->{scale})=split(/,/,$3); $self->{scale} = 1 if (!defined($self->{scale})); + $self->{opmask} = $4; $ret = $self; $$line = substr($$line,@+[0]); $$line =~ s/^\s+//; @@ -276,6 +279,8 @@ $self->{label} =~ s/\b([0-9]+)\b/$1>>0/eg; } + # if base register is %rbp or %r13, see if it's possible to + # flip base and index registers [for better performance] if (!$self->{label} && $self->{index} && $self->{scale}==1 && $self->{base} =~ /(rbp|r13)/) { $self->{base} = $self->{index}; $self->{index} = $1; @@ -285,19 +290,16 @@ $self->{label} =~ s/^___imp_/__imp__/ if ($flavour eq "mingw64"); if (defined($self->{index})) { - sprintf "%s%s(%s,%%%s,%d)",$self->{asterisk}, - $self->{label}, + sprintf "%s%s(%s,%%%s,%d)%s", + $self->{asterisk},$self->{label}, $self->{base}?"%$self->{base}":"", - $self->{index},$self->{scale}; + $self->{index},$self->{scale}, + $self->{opmask}; } else { - sprintf "%s%s(%%%s)", $self->{asterisk},$self->{label},$self->{base}; + sprintf "%s%s(%%%s)%s", $self->{asterisk},$self->{label}, + $self->{base},$self->{opmask}; } } else { - my %szmap = ( b=>"BYTE$PTR", w=>"WORD$PTR", - l=>"DWORD$PTR", d=>"DWORD$PTR", - q=>"QWORD$PTR", o=>"OWORD$PTR", - x=>"XMMWORD$PTR", y=>"YMMWORD$PTR", z=>"ZMMWORD$PTR" ); - $self->{label} =~ s/\./\$/g; $self->{label} =~ s/(?{label} = "($self->{label})" if ($self->{label} =~ /[\*\+\-\/]/); @@ -309,17 +311,20 @@ ($mnemonic =~ /^vpbroadcast([qdwb])$/) && ($sz=$1) || ($mnemonic =~ /^v(?!perm)[a-z]+[fi]128$/) && ($sz="x"); + $self->{opmask} =~ s/%(k[0-7])/$1/; + if (defined($self->{index})) { - sprintf "%s[%s%s*%d%s]",$szmap{$sz}, + sprintf "%s[%s%s*%d%s]%s",$szmap{$sz}, $self->{label}?"$self->{label}+":"", $self->{index},$self->{scale}, - $self->{base}?"+$self->{base}":""; + $self->{base}?"+$self->{base}":"", + $self->{opmask}; } elsif ($self->{base} eq "rip") { sprintf "%s[%s]",$szmap{$sz},$self->{label}; } else { - sprintf "%s[%s%s]",$szmap{$sz}, + sprintf "%s[%s%s]%s", $szmap{$sz}, $self->{label}?"$self->{label}+":"", - $self->{base}; + $self->{base},$self->{opmask}; } } } @@ -331,10 +336,11 @@ my $ret; # optional * ----vvv--- appears in indirect jmp/call - if ($$line =~ /^(\*?)%(\w+)/) { + if ($$line =~ /^(\*?)%(\w+)((?:{[^}]+})*)/) { bless $self,$class; $self->{asterisk} = $1; $self->{value} = $2; + $self->{opmask} = $3; $opcode->size($self->size()); $ret = $self; $$line = substr($$line,@+[0]); $$line =~ s/^\s+//; @@ -358,8 +364,11 @@ } sub out { my $self = shift; - if ($gas) { sprintf "%s%%%s",$self->{asterisk},$self->{value}; } - else { $self->{value}; } + if ($gas) { sprintf "%s%%%s%s", $self->{asterisk}, + $self->{value}, + $self->{opmask}; } + else { $self->{opmask} =~ s/%(k[0-7])/$1/; + $self->{value}.$self->{opmask}; } } } { package label; # pick up labels, which end with : @@ -383,9 +392,8 @@ if ($gas) { my $func = ($globals{$self->{value}} or $self->{value}) . ":"; - if ($win64 && - $current_function->{name} eq $self->{value} && - $current_function->{abi} eq "svr4") { + if ($win64 && $current_function->{name} eq $self->{value} + && $current_function->{abi} eq "svr4") { $func .= "\n"; $func .= " movq %rdi,8(%rsp)\n"; $func .= " movq %rsi,16(%rsp)\n"; @@ -458,21 +466,251 @@ } } } +{ package cfi_directive; + # CFI directives annotate instructions that are significant for + # stack unwinding procedure compliant with DWARF specification, + # see http://dwarfstd.org/. Besides naturally expected for this + # script platform-specific filtering function, this module adds + # three auxiliary synthetic directives not recognized by [GNU] + # assembler: + # + # - .cfi_push to annotate push instructions in prologue, which + # translates to .cfi_adjust_cfa_offset (if needed) and + # .cfi_offset; + # - .cfi_pop to annotate pop instructions in epilogue, which + # translates to .cfi_adjust_cfa_offset (if needed) and + # .cfi_restore; + # - [and most notably] .cfi_cfa_expression which encodes + # DW_CFA_def_cfa_expression and passes it to .cfi_escape as + # byte vector; + # + # CFA expressions were introduced in DWARF specification version + # 3 and describe how to deduce CFA, Canonical Frame Address. This + # becomes handy if your stack frame is variable and you can't + # spare register for [previous] frame pointer. Suggested directive + # syntax is made-up mix of DWARF operator suffixes [subset of] + # and references to registers with optional bias. Following example + # describes offloaded *original* stack pointer at specific offset + # from *current* stack pointer: + # + # .cfi_cfa_expression %rsp+40,deref,+8 + # + # Final +8 has everything to do with the fact that CFA is defined + # as reference to top of caller's stack, and on x86_64 call to + # subroutine pushes 8-byte return address. In other words original + # stack pointer upon entry to a subroutine is 8 bytes off from CFA. + + # Below constants are taken from "DWARF Expressions" section of the + # DWARF specification, section is numbered 7.7 in versions 3 and 4. + my %DW_OP_simple = ( # no-arg operators, mapped directly + deref => 0x06, dup => 0x12, + drop => 0x13, over => 0x14, + pick => 0x15, swap => 0x16, + rot => 0x17, xderef => 0x18, + + abs => 0x19, and => 0x1a, + div => 0x1b, minus => 0x1c, + mod => 0x1d, mul => 0x1e, + neg => 0x1f, not => 0x20, + or => 0x21, plus => 0x22, + shl => 0x24, shr => 0x25, + shra => 0x26, xor => 0x27, + ); + + my %DW_OP_complex = ( # used in specific subroutines + constu => 0x10, # uleb128 + consts => 0x11, # sleb128 + plus_uconst => 0x23, # uleb128 + lit0 => 0x30, # add 0-31 to opcode + reg0 => 0x50, # add 0-31 to opcode + breg0 => 0x70, # add 0-31 to opcole, sleb128 + regx => 0x90, # uleb28 + fbreg => 0x91, # sleb128 + bregx => 0x92, # uleb128, sleb128 + piece => 0x93, # uleb128 + ); + + # Following constants are defined in x86_64 ABI supplement, for + # example available at https://www.uclibc.org/docs/psABI-x86_64.pdf, + # see section 3.7 "Stack Unwind Algorithm". + my %DW_reg_idx = ( + "%rax"=>0, "%rdx"=>1, "%rcx"=>2, "%rbx"=>3, + "%rsi"=>4, "%rdi"=>5, "%rbp"=>6, "%rsp"=>7, + "%r8" =>8, "%r9" =>9, "%r10"=>10, "%r11"=>11, + "%r12"=>12, "%r13"=>13, "%r14"=>14, "%r15"=>15 + ); + + my ($cfa_reg, $cfa_rsp); + + # [us]leb128 format is variable-length integer representation base + # 2^128, with most significant bit of each byte being 0 denoting + # *last* most significant digit. See "Variable Length Data" in the + # DWARF specification, numbered 7.6 at least in versions 3 and 4. + sub sleb128 { + use integer; # get right shift extend sign + + my $val = shift; + my $sign = ($val < 0) ? -1 : 0; + my @ret = (); + + while(1) { + push @ret, $val&0x7f; + + # see if remaining bits are same and equal to most + # significant bit of the current digit, if so, it's + # last digit... + last if (($val>>6) == $sign); + + @ret[-1] |= 0x80; + $val >>= 7; + } + + return @ret; + } + sub uleb128 { + my $val = shift; + my @ret = (); + + while(1) { + push @ret, $val&0x7f; + + # see if it's last significant digit... + last if (($val >>= 7) == 0); + + @ret[-1] |= 0x80; + } + + return @ret; + } + sub const { + my $val = shift; + + if ($val >= 0 && $val < 32) { + return ($DW_OP_complex{lit0}+$val); + } + return ($DW_OP_complex{consts}, sleb128($val)); + } + sub reg { + my $val = shift; + + return if ($val !~ m/^(%r\w+)(?:([\+\-])((?:0x)?[0-9a-f]+))?/); + + my $reg = $DW_reg_idx{$1}; + my $off = eval ("0 $2 $3"); + + return (($DW_OP_complex{breg0} + $reg), sleb128($off)); + # Yes, we use DW_OP_bregX+0 to push register value and not + # DW_OP_regX, because latter would require even DW_OP_piece, + # which would be a waste under the circumstances. If you have + # to use DWP_OP_reg, use "regx:N"... + } + sub cfa_expression { + my $line = shift; + my @ret; + + foreach my $token (split(/,\s*/,$line)) { + if ($token =~ /^%r/) { + push @ret,reg($token); + } elsif ($token =~ /((?:0x)?[0-9a-f]+)\((%r\w+)\)/) { + push @ret,reg("$2+$1"); + } elsif ($token =~ /(\w+):(\-?(?:0x)?[0-9a-f]+)(U?)/i) { + my $i = 1*eval($2); + push @ret,$DW_OP_complex{$1}, ($3 ? uleb128($i) : sleb128($i)); + } elsif (my $i = 1*eval($token) or $token eq "0") { + if ($token =~ /^\+/) { + push @ret,$DW_OP_complex{plus_uconst},uleb128($i); + } else { + push @ret,const($i); + } + } else { + push @ret,$DW_OP_simple{$token}; + } + } + + # Finally we return DW_CFA_def_cfa_expression, 15, followed by + # length of the expression and of course the expression itself. + return (15,scalar(@ret),@ret); + } + sub re { + my ($class, $line) = @_; + my $self = {}; + my $ret; + + if ($$line =~ s/^\s*\.cfi_(\w+)\s*//) { + bless $self,$class; + $ret = $self; + undef $self->{value}; + my $dir = $1; + + SWITCH: for ($dir) { + # What is $cfa_rsp? Effectively it's difference between %rsp + # value and current CFA, Canonical Frame Address, which is + # why it starts with -8. Recall that CFA is top of caller's + # stack... + /startproc/ && do { ($cfa_reg, $cfa_rsp) = ("%rsp", -8); last; }; + /endproc/ && do { ($cfa_reg, $cfa_rsp) = ("%rsp", 0); last; }; + /def_cfa_register/ + && do { $cfa_reg = $$line; last; }; + /def_cfa_offset/ + && do { $cfa_rsp = -1*eval($$line) if ($cfa_reg eq "%rsp"); + last; + }; + /adjust_cfa_offset/ + && do { $cfa_rsp -= 1*eval($$line) if ($cfa_reg eq "%rsp"); + last; + }; + /def_cfa/ && do { if ($$line =~ /(%r\w+)\s*,\s*(.+)/) { + $cfa_reg = $1; + $cfa_rsp = -1*eval($2) if ($cfa_reg eq "%rsp"); + } + last; + }; + /push/ && do { $dir = undef; + $cfa_rsp -= 8; + if ($cfa_reg eq "%rsp") { + $self->{value} = ".cfi_adjust_cfa_offset\t8\n"; + } + $self->{value} .= ".cfi_offset\t$$line,$cfa_rsp"; + last; + }; + /pop/ && do { $dir = undef; + $cfa_rsp += 8; + if ($cfa_reg eq "%rsp") { + $self->{value} = ".cfi_adjust_cfa_offset\t-8\n"; + } + $self->{value} .= ".cfi_restore\t$$line"; + last; + }; + /cfa_expression/ + && do { $dir = undef; + $self->{value} = ".cfi_escape\t" . + join(",", map(sprintf("0x%02x", $_), + cfa_expression($$line))); + last; + }; + } + + $self->{value} = ".cfi_$dir\t$$line" if ($dir); + + $$line = ""; + } + + return $ret; + } + sub out { + my $self = shift; + return ($elf ? $self->{value} : undef); + } +} { package directive; # pick up directives, which start with . sub re { my ($class, $line) = @_; my $self = {}; my $ret; my $dir; - my %opcode = # lea 2f-1f(%rip),%dst; 1: nop; 2: - ( "%rax"=>0x01058d48, "%rcx"=>0x010d8d48, - "%rdx"=>0x01158d48, "%rbx"=>0x011d8d48, - "%rsp"=>0x01258d48, "%rbp"=>0x012d8d48, - "%rsi"=>0x01358d48, "%rdi"=>0x013d8d48, - "%r8" =>0x01058d4c, "%r9" =>0x010d8d4c, - "%r10"=>0x01158d4c, "%r11"=>0x011d8d4c, - "%r12"=>0x01258d4c, "%r13"=>0x012d8d4c, - "%r14"=>0x01358d4c, "%r15"=>0x013d8d4c ); + + # chain-call to cfi_directive + $ret = cfi_directive->re($line) and return $ret; if ($$line =~ /^\s*(\.\w+)/) { bless $self,$class; @@ -482,12 +720,6 @@ $$line = substr($$line,@+[0]); $$line =~ s/^\s+//; SWITCH: for ($dir) { - /\.picmeup/ && do { if ($$line =~ /(%r[\w]+)/i) { - $dir="\t.long"; - $$line=sprintf "0x%x,0x90000000",$opcode{$1}; - } - last; - }; /\.global|\.globl|\.extern/ && do { $globals{$$line} = $prefix . $$line; $$line = $globals{$$line} if ($prefix); @@ -645,9 +877,9 @@ $var=~s/^(0b[0-1]+)/oct($1)/eig; $var=~s/^0x([0-9a-f]+)/0$1h/ig if ($masm); if ($sz eq "D" && ($current_segment=~/.[px]data/ || $dir eq ".rva")) - { $var=~s/([_a-z\$\@][_a-z0-9\$\@]*)/$nasm?"$1 wrt ..imagebase":"imagerel $1"/egi; } + { $var=~s/^([_a-z\$\@][_a-z0-9\$\@]*)/$nasm?"$1 wrt ..imagebase":"imagerel $1"/egi; } $var; - }; + }; $sz =~ tr/bvlrq/BWDDQ/; $self->{value} = "\tD$sz\t"; @@ -657,7 +889,7 @@ }; /\.byte/ && do { my @str=split(/,\s*/,$$line); map(s/(0b[0-1]+)/oct($1)/eig,@str); - map(s/0x([0-9a-f]+)/0$1h/ig,@str) if ($masm); + map(s/0x([0-9a-f]+)/0$1h/ig,@str) if ($masm); while ($#str>15) { $self->{value}.="DB\t" .join(",",@str[0..15])."\n"; @@ -692,15 +924,6 @@ } } -sub rex { - my $opcode=shift; - my ($dst,$src,$rex)=@_; - - $rex|=0x04 if($dst>=8); - $rex|=0x01 if($src>=8); - push @$opcode,($rex|0x40) if ($rex); -} - # Upon initial x86_64 introduction SSE>2 extensions were not introduced # yet. In order not to be bothered by tracing exact assembler versions, # but at the same time to provide a bare security minimum of AES-NI, we @@ -711,6 +934,15 @@ sub rex { my %regrm = ( "%eax"=>0, "%ecx"=>1, "%edx"=>2, "%ebx"=>3, "%esp"=>4, "%ebp"=>5, "%esi"=>6, "%edi"=>7 ); +sub rex { + my $opcode=shift; + my ($dst,$src,$rex)=@_; + + $rex|=0x04 if($dst>=8); + $rex|=0x01 if($src>=8); + push @$opcode,($rex|0x40) if ($rex); +} + my $movq = sub { # elderly gas can't handle inter-register movq my $arg = shift; my @opcode=(0x66); @@ -834,6 +1066,10 @@ sub rex { } }; +# Not all AVX-capable assemblers recognize AMD XOP extension. Since we +# are using only two instructions hand-code them in order to be excused +# from chasing assembler versions... + sub rxb { my $opcode=shift; my ($dst,$src1,$src2,$rxb)=@_; @@ -873,10 +1109,15 @@ sub rxb { } }; +# Intel Control-flow Enforcement Technology extension. All functions and +# indirect branch targets will have to start with this instruction... + my $endbranch = sub { (0xf3,0x0f,0x1e,0xfa); }; +######################################################################## + if ($nasm) { print <<___; default rel @@ -904,7 +1145,7 @@ sub rxb { printf "%s",$directive->out(); } elsif (my $opcode=opcode->re(\$line)) { my $asm = eval("\$".$opcode->mnemonic()); - + if ((ref($asm) eq 'CODE') && scalar(my @bytes=&$asm($line))) { print $gas?".byte\t":"DB\t",join(',',@bytes),"\n"; next; @@ -982,7 +1223,7 @@ sub rxb { # %r13 - - # %r14 - - # %r15 - - -# +# # (*) volatile register # (-) preserved by callee # (#) Nth argument, volatile @@ -1063,6 +1304,7 @@ sub rxb { # movq -16(%rcx),%rbx # movq -8(%rcx),%r15 # movq %rcx,%rsp # restore original rsp +# magic_epilogue: # ret # .size function,.-function # @@ -1075,11 +1317,16 @@ sub rxb { # EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, # CONTEXT *context,DISPATCHER_CONTEXT *disp) # { ULONG64 *rsp = (ULONG64 *)context->Rax; -# if (context->Rip >= magic_point) -# { rsp = ((ULONG64 **)context->Rsp)[0]; -# context->Rbp = rsp[-3]; -# context->Rbx = rsp[-2]; -# context->R15 = rsp[-1]; +# ULONG64 rip = context->Rip; +# +# if (rip >= magic_point) +# { rsp = (ULONG64 *)context->Rsp; +# if (rip < magic_epilogue) +# { rsp = (ULONG64 *)rsp[0]; +# context->Rbp = rsp[-3]; +# context->Rbx = rsp[-2]; +# context->R15 = rsp[-1]; +# } # } # context->Rsp = (ULONG64)rsp; # context->Rdi = rsp[1]; @@ -1171,16 +1418,15 @@ sub rxb { # instruction and reflecting it in finer grade unwind logic in handler. # After all, isn't it why it's called *language-specific* handler... # -# Attentive reader can notice that exceptions would be mishandled in -# auto-generated "gear" epilogue. Well, exception effectively can't -# occur there, because if memory area used by it was subject to -# segmentation violation, then it would be raised upon call to the -# function (and as already mentioned be accounted to caller, which is -# not a problem). If you're still not comfortable, then define tail -# "magic point" just prior ret instruction and have handler treat it... +# SE handlers are also involved in unwinding stack when executable is +# profiled or debugged. Profiling implies additional limitations that +# are too subtle to discuss here. For now it's sufficient to say that +# in order to simplify handlers one should either a) offload original +# %rsp to stack (like discussed above); or b) if you have a register to +# spare for frame pointer, choose volatile one. # # (*) Note that we're talking about run-time, not debug-time. Lack of # unwind information makes debugging hard on both Windows and -# Unix. "Unlike" referes to the fact that on Unix signal handler +# Unix. "Unlike" refers to the fact that on Unix signal handler # will always be invoked, core dumped and appropriate exit code # returned to parent (for user notification). diff --git a/deps/openssl/openssl/crypto/perlasm/x86asm.pl b/deps/openssl/openssl/crypto/perlasm/x86asm.pl index 1ff46c92ccd305..29dc1a2cfbc973 100644 --- a/deps/openssl/openssl/crypto/perlasm/x86asm.pl +++ b/deps/openssl/openssl/crypto/perlasm/x86asm.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -8,7 +8,7 @@ # require 'x86asm.pl'; -# &asm_init(,"des-586.pl"[,$i386only]); +# &asm_init([,$i386only]); # &function_begin("foo"); # ... # &function_end("foo"); @@ -259,12 +259,11 @@ sub ::asm_finish } sub ::asm_init -{ my ($type,$fn,$cpu)=@_; +{ my ($type,$cpu)=@_; - $filename=$fn; $i386=$cpu; - $elf=$cpp=$coff=$aout=$macosx=$win32=$netware=$mwerks=$android=0; + $elf=$cpp=$coff=$aout=$macosx=$win32=$mwerks=$android=0; if (($type eq "elf")) { $elf=1; require "x86gas.pl"; } elsif (($type eq "elf-1")) @@ -275,10 +274,6 @@ sub ::asm_init { $coff=1; require "x86gas.pl"; } elsif (($type eq "win32n")) { $win32=1; require "x86nasm.pl"; } - elsif (($type eq "nw-nasm")) - { $netware=1; require "x86nasm.pl"; } - #elsif (($type eq "nw-mwasm")) - #{ $netware=1; $mwerks=1; require "x86nasm.pl"; } elsif (($type eq "win32")) { $win32=1; require "x86masm.pl"; } elsif (($type eq "macosx")) @@ -292,7 +287,6 @@ sub ::asm_init a.out - DJGPP, elder OpenBSD, etc. coff - GAS/COFF such as Win32 targets win32n - Windows 95/Windows NT NASM format - nw-nasm - NetWare NASM format macosx - Mac OS X EOF exit(1); @@ -301,8 +295,7 @@ sub ::asm_init $pic=0; for (@ARGV) { $pic=1 if (/\-[fK]PIC/i); } - $filename =~ s/\.pl$//; - &file($filename); + &file(); } sub ::hidden {} diff --git a/deps/openssl/openssl/crypto/perlasm/x86gas.pl b/deps/openssl/openssl/crypto/perlasm/x86gas.pl index 2c8fce077939f4..5c7ea3880e4d39 100644 --- a/deps/openssl/openssl/crypto/perlasm/x86gas.pl +++ b/deps/openssl/openssl/crypto/perlasm/x86gas.pl @@ -104,7 +104,7 @@ sub ::DWP sub ::DWC { @_; } sub ::file -{ push(@out,".file\t\"$_[0].s\"\n.text\n"); } +{ push(@out,".text\n"); } sub ::function_begin_B { my $func=shift; diff --git a/deps/openssl/openssl/crypto/perlasm/x86masm.pl b/deps/openssl/openssl/crypto/perlasm/x86masm.pl index d352f47055ea11..dffee762115f8e 100644 --- a/deps/openssl/openssl/crypto/perlasm/x86masm.pl +++ b/deps/openssl/openssl/crypto/perlasm/x86masm.pl @@ -85,7 +85,6 @@ sub get_mem sub ::file { my $tmp=<<___; -TITLE $_[0].asm IF \@Version LT 800 ECHO MASM version 8.00 or later is strongly recommended. ENDIF diff --git a/deps/openssl/openssl/crypto/perlasm/x86nasm.pl b/deps/openssl/openssl/crypto/perlasm/x86nasm.pl index 4b664a870b4411..4e64dad92d12a3 100644 --- a/deps/openssl/openssl/crypto/perlasm/x86nasm.pl +++ b/deps/openssl/openssl/crypto/perlasm/x86nasm.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -12,7 +12,7 @@ package x86nasm; *out=\@::out; $::lbdecor="L\$"; # local label decoration -$nmdecor=$::netware?"":"_"; # external name decoration +$nmdecor="_"; # external name decoration $drdecor=$::mwerks?".":""; # directive decoration $initseg=""; @@ -132,7 +132,7 @@ sub ::file_end grep {s/(^extern\s+${nmdecor}OPENSSL_ia32cap_P)/\;$1/} @out; push (@out,$comm) } - push (@out,$initseg) if ($initseg); + push (@out,$initseg) if ($initseg); } sub ::comment { foreach (@_) { push(@out,"\t; $_\n"); } } diff --git a/deps/openssl/openssl/crypto/pkcs12/p12_key.c b/deps/openssl/openssl/crypto/pkcs12/p12_key.c index 9c13a451e02c38..ab31a6129500eb 100644 --- a/deps/openssl/openssl/crypto/pkcs12/p12_key.c +++ b/deps/openssl/openssl/crypto/pkcs12/p12_key.c @@ -78,10 +78,9 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, unsigned char *out, const EVP_MD *md_type) { unsigned char *B = NULL, *D = NULL, *I = NULL, *p = NULL, *Ai = NULL; - int Slen, Plen, Ilen, Ijlen; + int Slen, Plen, Ilen; int i, j, u, v; int ret = 0; - BIGNUM *Ij = NULL, *Bpl1 = NULL; /* These hold Ij and B + 1 */ EVP_MD_CTX *ctx = NULL; #ifdef OPENSSL_DEBUG_KEYGEN unsigned char *tmpout = out; @@ -114,10 +113,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, Plen = 0; Ilen = Slen + Plen; I = OPENSSL_malloc(Ilen); - Ij = BN_new(); - Bpl1 = BN_new(); - if (D == NULL || Ai == NULL || B == NULL || I == NULL || Ij == NULL - || Bpl1 == NULL) + if (D == NULL || Ai == NULL || B == NULL || I == NULL) goto err; for (i = 0; i < v; i++) D[i] = id; @@ -151,33 +147,17 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, out += u; for (j = 0; j < v; j++) B[j] = Ai[j % u]; - /* Work out B + 1 first then can use B as tmp space */ - if (!BN_bin2bn(B, v, Bpl1)) - goto err; - if (!BN_add_word(Bpl1, 1)) - goto err; for (j = 0; j < Ilen; j += v) { - if (!BN_bin2bn(I + j, v, Ij)) - goto err; - if (!BN_add(Ij, Ij, Bpl1)) - goto err; - if (!BN_bn2bin(Ij, B)) - goto err; - Ijlen = BN_num_bytes(Ij); - /* If more than 2^(v*8) - 1 cut off MSB */ - if (Ijlen > v) { - if (!BN_bn2bin(Ij, B)) - goto err; - memcpy(I + j, B + 1, v); -#ifndef PKCS12_BROKEN_KEYGEN - /* If less than v bytes pad with zeroes */ - } else if (Ijlen < v) { - memset(I + j, 0, v - Ijlen); - if (!BN_bn2bin(Ij, I + j + v - Ijlen)) - goto err; -#endif - } else if (!BN_bn2bin(Ij, I + j)) - goto err; + int k; + unsigned char *Ij = I + j; + uint16_t c = 1; + + /* Work out Ij = Ij + B + 1 */ + for (k = v - 1; k >= 0; k--) { + c += Ij[k] + B[k]; + Ij[k] = (unsigned char)c; + c >>= 8; + } } } @@ -189,8 +169,6 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, OPENSSL_free(B); OPENSSL_free(D); OPENSSL_free(I); - BN_free(Ij); - BN_free(Bpl1); EVP_MD_CTX_free(ctx); return ret; } diff --git a/deps/openssl/openssl/crypto/pkcs12/p12_sbag.c b/deps/openssl/openssl/crypto/pkcs12/p12_sbag.c index 4a3d2599307306..a09c5b93132afe 100644 --- a/deps/openssl/openssl/crypto/pkcs12/p12_sbag.c +++ b/deps/openssl/openssl/crypto/pkcs12/p12_sbag.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -146,25 +146,17 @@ PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid, X509_SIG *p8; pbe_ciph = EVP_get_cipherbynid(pbe_nid); - if (pbe_ciph) pbe_nid = -1; p8 = PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter, p8inf); - - if (p8 == NULL) { - PKCS12err(PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE); + if (p8 == NULL) return NULL; - } bag = PKCS12_SAFEBAG_create0_pkcs8(p8); - - if (bag == NULL) { - PKCS12err(PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE); + if (bag == NULL) X509_SIG_free(p8); - return NULL; - } return bag; } diff --git a/deps/openssl/openssl/crypto/pkcs12/p12_utl.c b/deps/openssl/openssl/crypto/pkcs12/p12_utl.c index 07014786f69bef..43b9e3a5941ada 100644 --- a/deps/openssl/openssl/crypto/pkcs12/p12_utl.c +++ b/deps/openssl/openssl/crypto/pkcs12/p12_utl.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -22,8 +22,10 @@ unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, if (asclen == -1) asclen = strlen(asc); ulen = asclen * 2 + 2; - if ((unitmp = OPENSSL_malloc(ulen)) == NULL) + if ((unitmp = OPENSSL_malloc(ulen)) == NULL) { + PKCS12err(PKCS12_F_OPENSSL_ASC2UNI, ERR_R_MALLOC_FAILURE); return NULL; + } for (i = 0; i < ulen - 2; i += 2) { unitmp[i] = 0; unitmp[i + 1] = asc[i >> 1]; @@ -50,8 +52,10 @@ char *OPENSSL_uni2asc(const unsigned char *uni, int unilen) if (!unilen || uni[unilen - 1]) asclen++; uni++; - if ((asctmp = OPENSSL_malloc(asclen)) == NULL) + if ((asctmp = OPENSSL_malloc(asclen)) == NULL) { + PKCS12err(PKCS12_F_OPENSSL_UNI2ASC, ERR_R_MALLOC_FAILURE); return NULL; + } for (i = 0; i < unilen; i += 2) asctmp[i >> 1] = uni[i]; asctmp[asclen - 1] = 0; @@ -97,10 +101,10 @@ unsigned char *OPENSSL_utf82uni(const char *asc, int asclen, * decoding failure... */ if (j < 0) - return OPENSSL_asc2uni(asc, asclen, uni, unilen); + return OPENSSL_asc2uni(asc, asclen, uni, unilen); if (utf32chr > 0x10FFFF) /* UTF-16 cap */ - return NULL; + return NULL; if (utf32chr >= 0x10000) /* pair of UTF-16 characters */ ulen += 2*2; @@ -110,9 +114,10 @@ unsigned char *OPENSSL_utf82uni(const char *asc, int asclen, ulen += 2; /* for trailing UTF16 zero */ - if ((ret = OPENSSL_malloc(ulen)) == NULL) + if ((ret = OPENSSL_malloc(ulen)) == NULL) { + PKCS12err(PKCS12_F_OPENSSL_UTF82UNI, ERR_R_MALLOC_FAILURE); return NULL; - + } /* re-run the loop writing down UTF-16 characters in big-endian order */ for (unitmp = ret, i = 0; i < asclen; i += j) { j = UTF8_getc((const unsigned char *)asc+i, asclen-i, &utf32chr); @@ -194,8 +199,10 @@ char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen) if (!unilen || (uni[unilen-2]||uni[unilen - 1])) asclen++; - if ((asctmp = OPENSSL_malloc(asclen)) == NULL) + if ((asctmp = OPENSSL_malloc(asclen)) == NULL) { + PKCS12err(PKCS12_F_OPENSSL_UNI2UTF8, ERR_R_MALLOC_FAILURE); return NULL; + } /* re-run the loop emitting UTF-8 string */ for (asclen = 0, i = 0; i < unilen; ) { diff --git a/deps/openssl/openssl/crypto/pkcs12/pk12err.c b/deps/openssl/openssl/crypto/pkcs12/pk12err.c index f705084a2ae54e..38ce5197eeeec9 100644 --- a/deps/openssl/openssl/crypto/pkcs12/pk12err.c +++ b/deps/openssl/openssl/crypto/pkcs12/pk12err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,75 +8,98 @@ * https://www.openssl.org/source/license.html */ -#include #include -#include +#include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -# define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS12,func,0) -# define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS12,0,reason) - -static ERR_STRING_DATA PKCS12_str_functs[] = { - {ERR_FUNC(PKCS12_F_PKCS12_CREATE), "PKCS12_create"}, - {ERR_FUNC(PKCS12_F_PKCS12_GEN_MAC), "PKCS12_gen_mac"}, - {ERR_FUNC(PKCS12_F_PKCS12_INIT), "PKCS12_init"}, - {ERR_FUNC(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I), "PKCS12_item_decrypt_d2i"}, - {ERR_FUNC(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT), "PKCS12_item_i2d_encrypt"}, - {ERR_FUNC(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG), "PKCS12_item_pack_safebag"}, - {ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_ASC), "PKCS12_key_gen_asc"}, - {ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_UNI), "PKCS12_key_gen_uni"}, - {ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_UTF8), "PKCS12_key_gen_utf8"}, - {ERR_FUNC(PKCS12_F_PKCS12_NEWPASS), "PKCS12_newpass"}, - {ERR_FUNC(PKCS12_F_PKCS12_PACK_P7DATA), "PKCS12_pack_p7data"}, - {ERR_FUNC(PKCS12_F_PKCS12_PACK_P7ENCDATA), "PKCS12_pack_p7encdata"}, - {ERR_FUNC(PKCS12_F_PKCS12_PARSE), "PKCS12_parse"}, - {ERR_FUNC(PKCS12_F_PKCS12_PBE_CRYPT), "PKCS12_pbe_crypt"}, - {ERR_FUNC(PKCS12_F_PKCS12_PBE_KEYIVGEN), "PKCS12_PBE_keyivgen"}, - {ERR_FUNC(PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF), +static const ERR_STRING_DATA PKCS12_str_functs[] = { + {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_OPENSSL_ASC2UNI, 0), "OPENSSL_asc2uni"}, + {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_OPENSSL_UNI2ASC, 0), "OPENSSL_uni2asc"}, + {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_OPENSSL_UNI2UTF8, 0), + "OPENSSL_uni2utf8"}, + {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_OPENSSL_UTF82UNI, 0), + "OPENSSL_utf82uni"}, + {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_CREATE, 0), "PKCS12_create"}, + {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_GEN_MAC, 0), "PKCS12_gen_mac"}, + {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_INIT, 0), "PKCS12_init"}, + {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_ITEM_DECRYPT_D2I, 0), + "PKCS12_item_decrypt_d2i"}, + {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, 0), + "PKCS12_item_i2d_encrypt"}, + {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, 0), + "PKCS12_item_pack_safebag"}, + {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_KEY_GEN_ASC, 0), + "PKCS12_key_gen_asc"}, + {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_KEY_GEN_UNI, 0), + "PKCS12_key_gen_uni"}, + {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_KEY_GEN_UTF8, 0), + "PKCS12_key_gen_utf8"}, + {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_NEWPASS, 0), "PKCS12_newpass"}, + {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_PACK_P7DATA, 0), + "PKCS12_pack_p7data"}, + {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_PACK_P7ENCDATA, 0), + "PKCS12_pack_p7encdata"}, + {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_PARSE, 0), "PKCS12_parse"}, + {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_PBE_CRYPT, 0), + "PKCS12_pbe_crypt"}, + {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_PBE_KEYIVGEN, 0), + "PKCS12_PBE_keyivgen"}, + {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF, 0), "PKCS12_SAFEBAG_create0_p8inf"}, - {ERR_FUNC(PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8), + {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8, 0), "PKCS12_SAFEBAG_create0_pkcs8"}, - {ERR_FUNC(PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT), + {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT, 0), "PKCS12_SAFEBAG_create_pkcs8_encrypt"}, - {ERR_FUNC(PKCS12_F_PKCS12_SETUP_MAC), "PKCS12_setup_mac"}, - {ERR_FUNC(PKCS12_F_PKCS12_SET_MAC), "PKCS12_set_mac"}, - {ERR_FUNC(PKCS12_F_PKCS12_UNPACK_AUTHSAFES), "PKCS12_unpack_authsafes"}, - {ERR_FUNC(PKCS12_F_PKCS12_UNPACK_P7DATA), "PKCS12_unpack_p7data"}, - {ERR_FUNC(PKCS12_F_PKCS12_VERIFY_MAC), "PKCS12_verify_mac"}, - {ERR_FUNC(PKCS12_F_PKCS8_ENCRYPT), "PKCS8_encrypt"}, - {ERR_FUNC(PKCS12_F_PKCS8_SET0_PBE), "PKCS8_set0_pbe"}, + {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_SETUP_MAC, 0), + "PKCS12_setup_mac"}, + {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_SET_MAC, 0), "PKCS12_set_mac"}, + {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_UNPACK_AUTHSAFES, 0), + "PKCS12_unpack_authsafes"}, + {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_UNPACK_P7DATA, 0), + "PKCS12_unpack_p7data"}, + {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_VERIFY_MAC, 0), + "PKCS12_verify_mac"}, + {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS8_ENCRYPT, 0), "PKCS8_encrypt"}, + {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS8_SET0_PBE, 0), "PKCS8_set0_pbe"}, {0, NULL} }; -static ERR_STRING_DATA PKCS12_str_reasons[] = { - {ERR_REASON(PKCS12_R_CANT_PACK_STRUCTURE), "cant pack structure"}, - {ERR_REASON(PKCS12_R_CONTENT_TYPE_NOT_DATA), "content type not data"}, - {ERR_REASON(PKCS12_R_DECODE_ERROR), "decode error"}, - {ERR_REASON(PKCS12_R_ENCODE_ERROR), "encode error"}, - {ERR_REASON(PKCS12_R_ENCRYPT_ERROR), "encrypt error"}, - {ERR_REASON(PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE), - "error setting encrypted data type"}, - {ERR_REASON(PKCS12_R_INVALID_NULL_ARGUMENT), "invalid null argument"}, - {ERR_REASON(PKCS12_R_INVALID_NULL_PKCS12_POINTER), - "invalid null pkcs12 pointer"}, - {ERR_REASON(PKCS12_R_IV_GEN_ERROR), "iv gen error"}, - {ERR_REASON(PKCS12_R_KEY_GEN_ERROR), "key gen error"}, - {ERR_REASON(PKCS12_R_MAC_ABSENT), "mac absent"}, - {ERR_REASON(PKCS12_R_MAC_GENERATION_ERROR), "mac generation error"}, - {ERR_REASON(PKCS12_R_MAC_SETUP_ERROR), "mac setup error"}, - {ERR_REASON(PKCS12_R_MAC_STRING_SET_ERROR), "mac string set error"}, - {ERR_REASON(PKCS12_R_MAC_VERIFY_FAILURE), "mac verify failure"}, - {ERR_REASON(PKCS12_R_PARSE_ERROR), "parse error"}, - {ERR_REASON(PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR), - "pkcs12 algor cipherinit error"}, - {ERR_REASON(PKCS12_R_PKCS12_CIPHERFINAL_ERROR), - "pkcs12 cipherfinal error"}, - {ERR_REASON(PKCS12_R_PKCS12_PBE_CRYPT_ERROR), "pkcs12 pbe crypt error"}, - {ERR_REASON(PKCS12_R_UNKNOWN_DIGEST_ALGORITHM), - "unknown digest algorithm"}, - {ERR_REASON(PKCS12_R_UNSUPPORTED_PKCS12_MODE), "unsupported pkcs12 mode"}, +static const ERR_STRING_DATA PKCS12_str_reasons[] = { + {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_CANT_PACK_STRUCTURE), + "cant pack structure"}, + {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_CONTENT_TYPE_NOT_DATA), + "content type not data"}, + {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_DECODE_ERROR), "decode error"}, + {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_ENCODE_ERROR), "encode error"}, + {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_ENCRYPT_ERROR), "encrypt error"}, + {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE), + "error setting encrypted data type"}, + {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_INVALID_NULL_ARGUMENT), + "invalid null argument"}, + {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_INVALID_NULL_PKCS12_POINTER), + "invalid null pkcs12 pointer"}, + {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_IV_GEN_ERROR), "iv gen error"}, + {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_KEY_GEN_ERROR), "key gen error"}, + {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_ABSENT), "mac absent"}, + {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_GENERATION_ERROR), + "mac generation error"}, + {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_SETUP_ERROR), "mac setup error"}, + {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_STRING_SET_ERROR), + "mac string set error"}, + {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_VERIFY_FAILURE), + "mac verify failure"}, + {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_PARSE_ERROR), "parse error"}, + {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR), + "pkcs12 algor cipherinit error"}, + {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_PKCS12_CIPHERFINAL_ERROR), + "pkcs12 cipherfinal error"}, + {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_PKCS12_PBE_CRYPT_ERROR), + "pkcs12 pbe crypt error"}, + {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM), + "unknown digest algorithm"}, + {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_UNSUPPORTED_PKCS12_MODE), + "unsupported pkcs12 mode"}, {0, NULL} }; @@ -85,10 +108,9 @@ static ERR_STRING_DATA PKCS12_str_reasons[] = { int ERR_load_PKCS12_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(PKCS12_str_functs[0].error) == NULL) { - ERR_load_strings(0, PKCS12_str_functs); - ERR_load_strings(0, PKCS12_str_reasons); + ERR_load_strings_const(PKCS12_str_functs); + ERR_load_strings_const(PKCS12_str_reasons); } #endif return 1; diff --git a/deps/openssl/openssl/crypto/pkcs7/pk7_doit.c b/deps/openssl/openssl/crypto/pkcs7/pk7_doit.c index e6e80f08d30b9d..ee08e602a1eb91 100644 --- a/deps/openssl/openssl/crypto/pkcs7/pk7_doit.c +++ b/deps/openssl/openssl/crypto/pkcs7/pk7_doit.c @@ -809,13 +809,13 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) ret = 1; err: EVP_MD_CTX_free(ctx_tmp); - return (ret); + return ret; } int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) { EVP_MD_CTX *mctx; - EVP_PKEY_CTX *pctx; + EVP_PKEY_CTX *pctx = NULL; unsigned char *abuf = NULL; int alen; size_t siglen; @@ -1041,7 +1041,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, ret = 1; err: EVP_MD_CTX_free(mdc_tmp); - return (ret); + return ret; } PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx) @@ -1059,19 +1059,19 @@ PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx) if (rsk == NULL) return NULL; if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) - return (NULL); + return NULL; ri = sk_PKCS7_RECIP_INFO_value(rsk, idx); - return (ri->issuer_and_serial); + return ri->issuer_and_serial; } ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid) { - return (get_attribute(si->auth_attr, nid)); + return get_attribute(si->auth_attr, nid); } ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid) { - return (get_attribute(si->unauth_attr, nid)); + return get_attribute(si->unauth_attr, nid); } static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid) @@ -1105,9 +1105,9 @@ int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value (sk, i)))) == NULL) - return (0); + return 0; } - return (1); + return 1; } int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, @@ -1124,21 +1124,21 @@ int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value (sk, i)))) == NULL) - return (0); + return 0; } - return (1); + return 1; } int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, void *value) { - return (add_attribute(&(p7si->auth_attr), nid, atrtype, value)); + return add_attribute(&(p7si->auth_attr), nid, atrtype, value); } int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, void *value) { - return (add_attribute(&(p7si->unauth_attr), nid, atrtype, value)); + return add_attribute(&(p7si->unauth_attr), nid, atrtype, value); } static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, @@ -1176,5 +1176,5 @@ static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, goto new_attrib; } end: - return (1); + return 1; } diff --git a/deps/openssl/openssl/crypto/pkcs7/pk7_enc.c b/deps/openssl/openssl/crypto/pkcs7/pk7_enc.c deleted file mode 100644 index 3c59f9c8c571ef..00000000000000 --- a/deps/openssl/openssl/crypto/pkcs7/pk7_enc.c +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include - -PKCS7_in_bio(PKCS7 *p7, BIO *in); -PKCS7_out_bio(PKCS7 *p7, BIO *out); - -PKCS7_add_signer(PKCS7 *p7, X509 *cert, EVP_PKEY *key); -PKCS7_cipher(PKCS7 *p7, EVP_CIPHER *cipher); - -PKCS7_Init(PKCS7 *p7); -PKCS7_Update(PKCS7 *p7); -PKCS7_Finish(PKCS7 *p7); diff --git a/deps/openssl/openssl/crypto/pkcs7/pk7_lib.c b/deps/openssl/openssl/crypto/pkcs7/pk7_lib.c index 371b9c99fff102..16b76431d1bd3c 100644 --- a/deps/openssl/openssl/crypto/pkcs7/pk7_lib.c +++ b/deps/openssl/openssl/crypto/pkcs7/pk7_lib.c @@ -57,7 +57,7 @@ long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg) PKCS7err(PKCS7_F_PKCS7_CTRL, PKCS7_R_UNKNOWN_OPERATION); ret = 0; } - return (ret); + return ret; } int PKCS7_content_new(PKCS7 *p7, int type) @@ -71,10 +71,10 @@ int PKCS7_content_new(PKCS7 *p7, int type) if (!PKCS7_set_content(p7, ret)) goto err; - return (1); + return 1; err: PKCS7_free(ret); - return (0); + return 0; } int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data) @@ -99,9 +99,9 @@ int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data) PKCS7err(PKCS7_F_PKCS7_SET_CONTENT, PKCS7_R_UNSUPPORTED_CONTENT_TYPE); goto err; } - return (1); + return 1; err: - return (0); + return 0; } int PKCS7_set_type(PKCS7 *p7, int type) @@ -170,9 +170,9 @@ int PKCS7_set_type(PKCS7 *p7, int type) PKCS7err(PKCS7_F_PKCS7_SET_TYPE, PKCS7_R_UNSUPPORTED_CONTENT_TYPE); goto err; } - return (1); + return 1; err: - return (0); + return 0; } int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other) @@ -201,7 +201,7 @@ int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi) break; default: PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER, PKCS7_R_WRONG_CONTENT_TYPE); - return (0); + return 0; } nid = OBJ_obj2nid(psi->digest_alg->algorithm); @@ -220,7 +220,7 @@ int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi) || (alg->parameter = ASN1_TYPE_new()) == NULL) { X509_ALGOR_free(alg); PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER, ERR_R_MALLOC_FAILURE); - return (0); + return 0; } alg->algorithm = OBJ_nid2obj(nid); alg->parameter->type = V_ASN1_NULL; @@ -232,7 +232,7 @@ int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi) if (!sk_PKCS7_SIGNER_INFO_push(signer_sk, psi)) return 0; - return (1); + return 1; } int PKCS7_add_certificate(PKCS7 *p7, X509 *x509) @@ -250,7 +250,7 @@ int PKCS7_add_certificate(PKCS7 *p7, X509 *x509) break; default: PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, PKCS7_R_WRONG_CONTENT_TYPE); - return (0); + return 0; } if (*sk == NULL) @@ -264,7 +264,7 @@ int PKCS7_add_certificate(PKCS7 *p7, X509 *x509) X509_free(x509); return 0; } - return (1); + return 1; } int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl) @@ -282,7 +282,7 @@ int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl) break; default: PKCS7err(PKCS7_F_PKCS7_ADD_CRL, PKCS7_R_WRONG_CONTENT_TYPE); - return (0); + return 0; } if (*sk == NULL) @@ -297,7 +297,7 @@ int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl) X509_CRL_free(crl); return 0; } - return (1); + return 1; } int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, @@ -368,10 +368,10 @@ PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey, goto err; if (!PKCS7_add_signer(p7, si)) goto err; - return (si); + return si; err: PKCS7_SIGNER_INFO_free(si); - return (NULL); + return NULL; } int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md) @@ -395,11 +395,11 @@ STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7) if (p7 == NULL || p7->d.ptr == NULL) return NULL; if (PKCS7_type_is_signed(p7)) { - return (p7->d.sign->signer_info); + return p7->d.sign->signer_info; } else if (PKCS7_type_is_signedAndEnveloped(p7)) { - return (p7->d.signed_and_enveloped->signer_info); + return p7->d.signed_and_enveloped->signer_info; } else - return (NULL); + return NULL; } void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk, @@ -451,12 +451,12 @@ int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri) default: PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO, PKCS7_R_WRONG_CONTENT_TYPE); - return (0); + return 0; } if (!sk_PKCS7_RECIP_INFO_push(sk, ri)) return 0; - return (1); + return 1; } int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509) @@ -511,7 +511,7 @@ X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si) si-> issuer_and_serial->serial)); else - return (NULL); + return NULL; } int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher) @@ -529,7 +529,7 @@ int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher) break; default: PKCS7err(PKCS7_F_PKCS7_SET_CIPHER, PKCS7_R_WRONG_CONTENT_TYPE); - return (0); + return 0; } /* Check cipher OID exists and has data in it */ @@ -537,7 +537,7 @@ int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher) if (i == NID_undef) { PKCS7err(PKCS7_F_PKCS7_SET_CIPHER, PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); - return (0); + return 0; } ec->cipher = cipher; diff --git a/deps/openssl/openssl/crypto/pkcs7/pk7_mime.c b/deps/openssl/openssl/crypto/pkcs7/pk7_mime.c index 97474cf5194a74..19e6868148b8df 100644 --- a/deps/openssl/openssl/crypto/pkcs7/pk7_mime.c +++ b/deps/openssl/openssl/crypto/pkcs7/pk7_mime.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,7 +8,6 @@ */ #include -#include #include "internal/cryptlib.h" #include #include diff --git a/deps/openssl/openssl/crypto/pkcs7/pkcs7err.c b/deps/openssl/openssl/crypto/pkcs7/pkcs7err.c index d5baa9b832f97c..07490c1a5878d8 100644 --- a/deps/openssl/openssl/crypto/pkcs7/pkcs7err.c +++ b/deps/openssl/openssl/crypto/pkcs7/pkcs7err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,111 +8,137 @@ * https://www.openssl.org/source/license.html */ -#include #include -#include +#include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -# define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS7,func,0) -# define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS7,0,reason) - -static ERR_STRING_DATA PKCS7_str_functs[] = { - {ERR_FUNC(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB), "do_pkcs7_signed_attrib"}, - {ERR_FUNC(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME), +static const ERR_STRING_DATA PKCS7_str_functs[] = { + {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, 0), + "do_pkcs7_signed_attrib"}, + {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME, 0), "PKCS7_add0_attrib_signing_time"}, - {ERR_FUNC(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP), + {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP, 0), "PKCS7_add_attrib_smimecap"}, - {ERR_FUNC(PKCS7_F_PKCS7_ADD_CERTIFICATE), "PKCS7_add_certificate"}, - {ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL), "PKCS7_add_crl"}, - {ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO), "PKCS7_add_recipient_info"}, - {ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNATURE), "PKCS7_add_signature"}, - {ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNER), "PKCS7_add_signer"}, - {ERR_FUNC(PKCS7_F_PKCS7_BIO_ADD_DIGEST), "PKCS7_bio_add_digest"}, - {ERR_FUNC(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST), + {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ADD_CERTIFICATE, 0), + "PKCS7_add_certificate"}, + {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ADD_CRL, 0), "PKCS7_add_crl"}, + {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ADD_RECIPIENT_INFO, 0), + "PKCS7_add_recipient_info"}, + {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ADD_SIGNATURE, 0), + "PKCS7_add_signature"}, + {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ADD_SIGNER, 0), "PKCS7_add_signer"}, + {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_BIO_ADD_DIGEST, 0), + "PKCS7_bio_add_digest"}, + {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_COPY_EXISTING_DIGEST, 0), "pkcs7_copy_existing_digest"}, - {ERR_FUNC(PKCS7_F_PKCS7_CTRL), "PKCS7_ctrl"}, - {ERR_FUNC(PKCS7_F_PKCS7_DATADECODE), "PKCS7_dataDecode"}, - {ERR_FUNC(PKCS7_F_PKCS7_DATAFINAL), "PKCS7_dataFinal"}, - {ERR_FUNC(PKCS7_F_PKCS7_DATAINIT), "PKCS7_dataInit"}, - {ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY), "PKCS7_dataVerify"}, - {ERR_FUNC(PKCS7_F_PKCS7_DECRYPT), "PKCS7_decrypt"}, - {ERR_FUNC(PKCS7_F_PKCS7_DECRYPT_RINFO), "pkcs7_decrypt_rinfo"}, - {ERR_FUNC(PKCS7_F_PKCS7_ENCODE_RINFO), "pkcs7_encode_rinfo"}, - {ERR_FUNC(PKCS7_F_PKCS7_ENCRYPT), "PKCS7_encrypt"}, - {ERR_FUNC(PKCS7_F_PKCS7_FINAL), "PKCS7_final"}, - {ERR_FUNC(PKCS7_F_PKCS7_FIND_DIGEST), "PKCS7_find_digest"}, - {ERR_FUNC(PKCS7_F_PKCS7_GET0_SIGNERS), "PKCS7_get0_signers"}, - {ERR_FUNC(PKCS7_F_PKCS7_RECIP_INFO_SET), "PKCS7_RECIP_INFO_set"}, - {ERR_FUNC(PKCS7_F_PKCS7_SET_CIPHER), "PKCS7_set_cipher"}, - {ERR_FUNC(PKCS7_F_PKCS7_SET_CONTENT), "PKCS7_set_content"}, - {ERR_FUNC(PKCS7_F_PKCS7_SET_DIGEST), "PKCS7_set_digest"}, - {ERR_FUNC(PKCS7_F_PKCS7_SET_TYPE), "PKCS7_set_type"}, - {ERR_FUNC(PKCS7_F_PKCS7_SIGN), "PKCS7_sign"}, - {ERR_FUNC(PKCS7_F_PKCS7_SIGNATUREVERIFY), "PKCS7_signatureVerify"}, - {ERR_FUNC(PKCS7_F_PKCS7_SIGNER_INFO_SET), "PKCS7_SIGNER_INFO_set"}, - {ERR_FUNC(PKCS7_F_PKCS7_SIGNER_INFO_SIGN), "PKCS7_SIGNER_INFO_sign"}, - {ERR_FUNC(PKCS7_F_PKCS7_SIGN_ADD_SIGNER), "PKCS7_sign_add_signer"}, - {ERR_FUNC(PKCS7_F_PKCS7_SIMPLE_SMIMECAP), "PKCS7_simple_smimecap"}, - {ERR_FUNC(PKCS7_F_PKCS7_VERIFY), "PKCS7_verify"}, + {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_CTRL, 0), "PKCS7_ctrl"}, + {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_DATADECODE, 0), "PKCS7_dataDecode"}, + {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_DATAFINAL, 0), "PKCS7_dataFinal"}, + {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_DATAINIT, 0), "PKCS7_dataInit"}, + {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_DATAVERIFY, 0), "PKCS7_dataVerify"}, + {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_DECRYPT, 0), "PKCS7_decrypt"}, + {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_DECRYPT_RINFO, 0), + "pkcs7_decrypt_rinfo"}, + {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ENCODE_RINFO, 0), + "pkcs7_encode_rinfo"}, + {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ENCRYPT, 0), "PKCS7_encrypt"}, + {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_FINAL, 0), "PKCS7_final"}, + {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_FIND_DIGEST, 0), + "PKCS7_find_digest"}, + {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_GET0_SIGNERS, 0), + "PKCS7_get0_signers"}, + {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_RECIP_INFO_SET, 0), + "PKCS7_RECIP_INFO_set"}, + {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SET_CIPHER, 0), "PKCS7_set_cipher"}, + {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SET_CONTENT, 0), + "PKCS7_set_content"}, + {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SET_DIGEST, 0), "PKCS7_set_digest"}, + {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SET_TYPE, 0), "PKCS7_set_type"}, + {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SIGN, 0), "PKCS7_sign"}, + {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SIGNATUREVERIFY, 0), + "PKCS7_signatureVerify"}, + {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SIGNER_INFO_SET, 0), + "PKCS7_SIGNER_INFO_set"}, + {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SIGNER_INFO_SIGN, 0), + "PKCS7_SIGNER_INFO_sign"}, + {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SIGN_ADD_SIGNER, 0), + "PKCS7_sign_add_signer"}, + {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SIMPLE_SMIMECAP, 0), + "PKCS7_simple_smimecap"}, + {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_VERIFY, 0), "PKCS7_verify"}, {0, NULL} }; -static ERR_STRING_DATA PKCS7_str_reasons[] = { - {ERR_REASON(PKCS7_R_CERTIFICATE_VERIFY_ERROR), - "certificate verify error"}, - {ERR_REASON(PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER), - "cipher has no object identifier"}, - {ERR_REASON(PKCS7_R_CIPHER_NOT_INITIALIZED), "cipher not initialized"}, - {ERR_REASON(PKCS7_R_CONTENT_AND_DATA_PRESENT), - "content and data present"}, - {ERR_REASON(PKCS7_R_CTRL_ERROR), "ctrl error"}, - {ERR_REASON(PKCS7_R_DECRYPT_ERROR), "decrypt error"}, - {ERR_REASON(PKCS7_R_DIGEST_FAILURE), "digest failure"}, - {ERR_REASON(PKCS7_R_ENCRYPTION_CTRL_FAILURE), "encryption ctrl failure"}, - {ERR_REASON(PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE), - "encryption not supported for this key type"}, - {ERR_REASON(PKCS7_R_ERROR_ADDING_RECIPIENT), "error adding recipient"}, - {ERR_REASON(PKCS7_R_ERROR_SETTING_CIPHER), "error setting cipher"}, - {ERR_REASON(PKCS7_R_INVALID_NULL_POINTER), "invalid null pointer"}, - {ERR_REASON(PKCS7_R_INVALID_SIGNED_DATA_TYPE), - "invalid signed data type"}, - {ERR_REASON(PKCS7_R_NO_CONTENT), "no content"}, - {ERR_REASON(PKCS7_R_NO_DEFAULT_DIGEST), "no default digest"}, - {ERR_REASON(PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND), - "no matching digest type found"}, - {ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE), - "no recipient matches certificate"}, - {ERR_REASON(PKCS7_R_NO_SIGNATURES_ON_DATA), "no signatures on data"}, - {ERR_REASON(PKCS7_R_NO_SIGNERS), "no signers"}, - {ERR_REASON(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE), - "operation not supported on this type"}, - {ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR), - "pkcs7 add signature error"}, - {ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNER_ERROR), "pkcs7 add signer error"}, - {ERR_REASON(PKCS7_R_PKCS7_DATASIGN), "pkcs7 datasign"}, - {ERR_REASON(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), - "private key does not match certificate"}, - {ERR_REASON(PKCS7_R_SIGNATURE_FAILURE), "signature failure"}, - {ERR_REASON(PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND), - "signer certificate not found"}, - {ERR_REASON(PKCS7_R_SIGNING_CTRL_FAILURE), "signing ctrl failure"}, - {ERR_REASON(PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE), - "signing not supported for this key type"}, - {ERR_REASON(PKCS7_R_SMIME_TEXT_ERROR), "smime text error"}, - {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE), - "unable to find certificate"}, - {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MEM_BIO), "unable to find mem bio"}, - {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST), - "unable to find message digest"}, - {ERR_REASON(PKCS7_R_UNKNOWN_DIGEST_TYPE), "unknown digest type"}, - {ERR_REASON(PKCS7_R_UNKNOWN_OPERATION), "unknown operation"}, - {ERR_REASON(PKCS7_R_UNSUPPORTED_CIPHER_TYPE), "unsupported cipher type"}, - {ERR_REASON(PKCS7_R_UNSUPPORTED_CONTENT_TYPE), - "unsupported content type"}, - {ERR_REASON(PKCS7_R_WRONG_CONTENT_TYPE), "wrong content type"}, - {ERR_REASON(PKCS7_R_WRONG_PKCS7_TYPE), "wrong pkcs7 type"}, +static const ERR_STRING_DATA PKCS7_str_reasons[] = { + {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_CERTIFICATE_VERIFY_ERROR), + "certificate verify error"}, + {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER), + "cipher has no object identifier"}, + {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_CIPHER_NOT_INITIALIZED), + "cipher not initialized"}, + {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_CONTENT_AND_DATA_PRESENT), + "content and data present"}, + {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_CTRL_ERROR), "ctrl error"}, + {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_DECRYPT_ERROR), "decrypt error"}, + {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_DIGEST_FAILURE), "digest failure"}, + {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_ENCRYPTION_CTRL_FAILURE), + "encryption ctrl failure"}, + {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE), + "encryption not supported for this key type"}, + {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_ERROR_ADDING_RECIPIENT), + "error adding recipient"}, + {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_ERROR_SETTING_CIPHER), + "error setting cipher"}, + {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_INVALID_NULL_POINTER), + "invalid null pointer"}, + {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_INVALID_SIGNED_DATA_TYPE), + "invalid signed data type"}, + {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_CONTENT), "no content"}, + {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_DEFAULT_DIGEST), + "no default digest"}, + {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND), + "no matching digest type found"}, + {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE), + "no recipient matches certificate"}, + {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_SIGNATURES_ON_DATA), + "no signatures on data"}, + {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_SIGNERS), "no signers"}, + {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE), + "operation not supported on this type"}, + {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR), + "pkcs7 add signature error"}, + {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_PKCS7_ADD_SIGNER_ERROR), + "pkcs7 add signer error"}, + {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_PKCS7_DATASIGN), "pkcs7 datasign"}, + {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), + "private key does not match certificate"}, + {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_SIGNATURE_FAILURE), + "signature failure"}, + {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND), + "signer certificate not found"}, + {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_SIGNING_CTRL_FAILURE), + "signing ctrl failure"}, + {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE), + "signing not supported for this key type"}, + {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_SMIME_TEXT_ERROR), "smime text error"}, + {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNABLE_TO_FIND_CERTIFICATE), + "unable to find certificate"}, + {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNABLE_TO_FIND_MEM_BIO), + "unable to find mem bio"}, + {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST), + "unable to find message digest"}, + {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNKNOWN_DIGEST_TYPE), + "unknown digest type"}, + {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNKNOWN_OPERATION), + "unknown operation"}, + {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNSUPPORTED_CIPHER_TYPE), + "unsupported cipher type"}, + {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNSUPPORTED_CONTENT_TYPE), + "unsupported content type"}, + {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_WRONG_CONTENT_TYPE), + "wrong content type"}, + {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_WRONG_PKCS7_TYPE), "wrong pkcs7 type"}, {0, NULL} }; @@ -121,10 +147,9 @@ static ERR_STRING_DATA PKCS7_str_reasons[] = { int ERR_load_PKCS7_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(PKCS7_str_functs[0].error) == NULL) { - ERR_load_strings(0, PKCS7_str_functs); - ERR_load_strings(0, PKCS7_str_reasons); + ERR_load_strings_const(PKCS7_str_functs); + ERR_load_strings_const(PKCS7_str_reasons); } #endif return 1; diff --git a/deps/openssl/openssl/crypto/poly1305/asm/poly1305-armv8.pl b/deps/openssl/openssl/crypto/poly1305/asm/poly1305-armv8.pl index 0fc8667ac7b167..ac06457b65301a 100755 --- a/deps/openssl/openssl/crypto/poly1305/asm/poly1305-armv8.pl +++ b/deps/openssl/openssl/crypto/poly1305/asm/poly1305-armv8.pl @@ -28,6 +28,7 @@ # Denver 1.64/+50% 1.18(*) # X-Gene 2.13/+68% 2.27 # Mongoose 1.77/+75% 1.12 +# Kryo 2.70/+55% 1.13 # # (*) estimate based on resources availability is less than 1.0, # i.e. measured result is worse than expected, presumably binary diff --git a/deps/openssl/openssl/crypto/poly1305/asm/poly1305-mips.pl b/deps/openssl/openssl/crypto/poly1305/asm/poly1305-mips.pl index d2b3e90d93f045..28b6772ee5fe79 100755 --- a/deps/openssl/openssl/crypto/poly1305/asm/poly1305-mips.pl +++ b/deps/openssl/openssl/crypto/poly1305/asm/poly1305-mips.pl @@ -67,6 +67,8 @@ ($in0,$in1,$tmp0,$tmp1,$tmp2,$tmp3,$tmp4) = ($a4,$a5,$a6,$a7,$at,$t0,$t1); $code.=<<___; +#include "mips_arch.h" + #ifdef MIPSEB # define MSB 0 # define LSB 7 @@ -92,10 +94,15 @@ beqz $inp,.Lno_key +#if defined(_MIPS_ARCH_MIPS64R6) + ld $in0,0($inp) + ld $in1,8($inp) +#else ldl $in0,0+MSB($inp) ldl $in1,8+MSB($inp) ldr $in0,0+LSB($inp) ldr $in1,8+LSB($inp) +#endif #ifdef MIPSEB # if defined(_MIPS_ARCH_MIPS64R2) dsbh $in0,$in0 # byte swap @@ -182,7 +189,7 @@ .frame $sp,6*8,$ra .mask $SAVED_REGS_MASK,-8 .set noreorder - dsub $sp,6*8 + dsubu $sp,6*8 sd $s5,40($sp) sd $s4,32($sp) ___ @@ -204,11 +211,16 @@ ld $s1,40($ctx) .Loop: +#if defined(_MIPS_ARCH_MIPS64R6) + ld $in0,0($inp) # load input + ld $in1,8($inp) +#else ldl $in0,0+MSB($inp) # load input ldl $in1,8+MSB($inp) ldr $in0,0+LSB($inp) - daddiu $len,-1 ldr $in1,8+LSB($inp) +#endif + daddiu $len,-1 daddiu $inp,16 #ifdef MIPSEB # if defined(_MIPS_ARCH_MIPS64R2) @@ -258,42 +270,42 @@ sltu $tmp1,$h1,$in1 daddu $h1,$tmp0 - dmultu $r0,$h0 # h0*r0 + dmultu ($r0,$h0) # h0*r0 daddu $h2,$padbit sltu $tmp0,$h1,$tmp0 - mflo $d0 - mfhi $d1 + mflo ($d0,$r0,$h0) + mfhi ($d1,$r0,$h0) - dmultu $s1,$h1 # h1*5*r1 + dmultu ($s1,$h1) # h1*5*r1 daddu $tmp0,$tmp1 daddu $h2,$tmp0 - mflo $tmp0 - mfhi $tmp1 + mflo ($tmp0,$s1,$h1) + mfhi ($tmp1,$s1,$h1) - dmultu $r1,$h0 # h0*r1 + dmultu ($r1,$h0) # h0*r1 daddu $d0,$tmp0 daddu $d1,$tmp1 - mflo $tmp2 - mfhi $d2 + mflo ($tmp2,$r1,$h0) + mfhi ($d2,$r1,$h0) sltu $tmp0,$d0,$tmp0 daddu $d1,$tmp0 - dmultu $r0,$h1 # h1*r0 + dmultu ($r0,$h1) # h1*r0 daddu $d1,$tmp2 sltu $tmp2,$d1,$tmp2 - mflo $tmp0 - mfhi $tmp1 + mflo ($tmp0,$r0,$h1) + mfhi ($tmp1,$r0,$h1) daddu $d2,$tmp2 - dmultu $s1,$h2 # h2*5*r1 + dmultu ($s1,$h2) # h2*5*r1 daddu $d1,$tmp0 daddu $d2,$tmp1 - mflo $tmp2 + mflo ($tmp2,$s1,$h2) - dmultu $r0,$h2 # h2*r0 + dmultu ($r0,$h2) # h2*r0 sltu $tmp0,$d1,$tmp0 daddu $d2,$tmp0 - mflo $tmp3 + mflo ($tmp3,$r0,$h2) daddu $d1,$tmp2 daddu $d2,$tmp3 @@ -329,7 +341,7 @@ ___ $code.=<<___; jr $ra - dadd $sp,6*8 + daddu $sp,6*8 .end poly1305_blocks_internal ___ } diff --git a/deps/openssl/openssl/crypto/poly1305/asm/poly1305-ppc.pl b/deps/openssl/openssl/crypto/poly1305/asm/poly1305-ppc.pl index ab65910282e28a..0c6d015d585bee 100755 --- a/deps/openssl/openssl/crypto/poly1305/asm/poly1305-ppc.pl +++ b/deps/openssl/openssl/crypto/poly1305/asm/poly1305-ppc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -28,6 +28,7 @@ # PPC970 7.00/+114% 3.51/+205% # POWER7 3.75/+260% 1.93/+100% # POWER8 - 2.03/+200% +# POWER9 - 2.00/+150% # # Do we need floating-point implementation for PPC? Results presented # in poly1305_ieee754.c are tricky to compare to, because they are for diff --git a/deps/openssl/openssl/crypto/poly1305/asm/poly1305-ppcfp.pl b/deps/openssl/openssl/crypto/poly1305/asm/poly1305-ppcfp.pl index 49f70a8c03d3b5..09f81858484274 100755 --- a/deps/openssl/openssl/crypto/poly1305/asm/poly1305-ppcfp.pl +++ b/deps/openssl/openssl/crypto/poly1305/asm/poly1305-ppcfp.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/crypto/poly1305/asm/poly1305-x86.pl b/deps/openssl/openssl/crypto/poly1305/asm/poly1305-x86.pl index 93179e37d5e1bc..1e09ddcc10d75c 100755 --- a/deps/openssl/openssl/crypto/poly1305/asm/poly1305-x86.pl +++ b/deps/openssl/openssl/crypto/poly1305/asm/poly1305-x86.pl @@ -29,6 +29,7 @@ # Westmere 4.58/+100% 1.43 # Sandy Bridge 3.90/+100% 1.36 # Haswell 3.88/+70% 1.18 0.72 +# Skylake 3.10/+60% 1.14 0.62 # Silvermont 11.0/+40% 4.80 # Goldmont 4.10/+200% 2.10 # VIA Nano 6.71/+90% 2.47 @@ -49,7 +50,7 @@ $output=pop; open STDOUT,">$output"; -&asm_init($ARGV[0],"poly1305-x86.pl",$ARGV[$#ARGV] eq "386"); +&asm_init($ARGV[0],$ARGV[$#ARGV] eq "386"); $sse2=$avx=0; for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } @@ -729,7 +730,7 @@ sub lazy_reduction { &movdqa ($T0,$T1); # -> base 2^26 ... &pand ($T1,$MASK); - &paddd ($D0,$T1); # ... and accumuate + &paddd ($D0,$T1); # ... and accumulate &movdqa ($T1,$T0); &psrlq ($T0,26); diff --git a/deps/openssl/openssl/crypto/poly1305/asm/poly1305-x86_64.pl b/deps/openssl/openssl/crypto/poly1305/asm/poly1305-x86_64.pl index 4c22ded58024ba..342ad7f18aa715 100755 --- a/deps/openssl/openssl/crypto/poly1305/asm/poly1305-x86_64.pl +++ b/deps/openssl/openssl/crypto/poly1305/asm/poly1305-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -18,21 +18,39 @@ # # March 2015 # +# Initial release. +# +# December 2016 +# +# Add AVX512F+VL+BW code path. +# +# November 2017 +# +# Convert AVX512F+VL+BW code path to pure AVX512F, so that it can be +# executed even on Knights Landing. Trigger for modification was +# observation that AVX512 code paths can negatively affect overall +# Skylake-X system performance. Since we are likely to suppress +# AVX512F capability flag [at least on Skylake-X], conversion serves +# as kind of "investment protection". Note that next *lake processor, +# Cannolake, has AVX512IFMA code path to execute... +# # Numbers are cycles per processed byte with poly1305_blocks alone, # measured with rdtsc at fixed clock frequency. # -# IALU/gcc-4.8(*) AVX(**) AVX2 +# IALU/gcc-4.8(*) AVX(**) AVX2 AVX-512 # P4 4.46/+120% - # Core 2 2.41/+90% - # Westmere 1.88/+120% - # Sandy Bridge 1.39/+140% 1.10 # Haswell 1.14/+175% 1.11 0.65 -# Skylake 1.13/+120% 0.96 0.51 +# Skylake[-X] 1.13/+120% 0.96 0.51 [0.35] # Silvermont 2.83/+95% - +# Knights L 3.60/? 1.65 1.10 0.41(***) # Goldmont 1.70/+180% - # VIA Nano 1.82/+150% - # Sledgehammer 1.38/+160% - # Bulldozer 2.30/+130% 0.97 +# Ryzen 1.15/+200% 1.08 1.18 # # (*) improvement coefficients relative to clang are more modest and # are ~50% on most processors, in both cases we are comparing to @@ -42,6 +60,8 @@ # Core processors, 50-30%, less newer processor is, but slower on # contemporary ones, for example almost 2x slower on Atom, and as # former are naturally disappearing, SSE2 is deemed unnecessary; +# (***) strangely enough performance seems to vary from core to core, +# listed result is best case; $flavour = shift; $output = shift; @@ -56,12 +76,13 @@ if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` =~ /GNU assembler version ([2-9]\.[0-9]+)/) { - $avx = ($1>=2.19) + ($1>=2.22); + $avx = ($1>=2.19) + ($1>=2.22) + ($1>=2.25) + ($1>=2.26); } if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) && - `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) { - $avx = ($1>=2.09) + ($1>=2.10); + `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)(?:\.([0-9]+))?/) { + $avx = ($1>=2.09) + ($1>=2.10) + 2 * ($1>=2.12); + $avx += 2 if ($1==2.11 && $2>=8); } if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && @@ -171,6 +192,13 @@ sub poly1305_iteration { bt \$`5+32`,%r9 # AVX2? cmovc %rax,%r10 ___ +$code.=<<___ if ($avx>3); + mov \$`(1<<31|1<<21|1<<16)`,%rax + shr \$32,%r9 + and %rax,%r9 + cmp %rax,%r9 + je .Linit_base2_44 +___ $code.=<<___; mov \$0x0ffffffc0fffffff,%rax mov \$0x0ffffffc0ffffffc,%rcx @@ -196,16 +224,23 @@ sub poly1305_iteration { .type poly1305_blocks,\@function,4 .align 32 poly1305_blocks: +.cfi_startproc .Lblocks: shr \$4,$len jz .Lno_data # too short push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 .Lblocks_body: mov $len,%r15 # reassign $len @@ -241,15 +276,23 @@ sub poly1305_iteration { mov $h2,16($ctx) mov 0(%rsp),%r15 +.cfi_restore %r15 mov 8(%rsp),%r14 +.cfi_restore %r14 mov 16(%rsp),%r13 +.cfi_restore %r13 mov 24(%rsp),%r12 +.cfi_restore %r12 mov 32(%rsp),%rbp +.cfi_restore %rbp mov 40(%rsp),%rbx +.cfi_restore %rbx lea 48(%rsp),%rsp +.cfi_adjust_cfa_offset -48 .Lno_data: .Lblocks_epilogue: ret +.cfi_endproc .size poly1305_blocks,.-poly1305_blocks .type poly1305_emit,\@function,3 @@ -265,7 +308,7 @@ sub poly1305_iteration { mov %r9,%rcx adc \$0,%r9 adc \$0,%r10 - shr \$2,%r10 # did 130-bit value overfow? + shr \$2,%r10 # did 130-bit value overflow? cmovnz %r8,%rax cmovnz %r9,%rcx @@ -470,6 +513,7 @@ sub poly1305_iteration { .type poly1305_blocks_avx,\@function,4 .align 32 poly1305_blocks_avx: +.cfi_startproc mov 20($ctx),%r8d # is_base2_26 cmp \$128,$len jae .Lblocks_avx @@ -489,11 +533,17 @@ sub poly1305_iteration { jz .Leven_avx push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 .Lblocks_avx_body: mov $len,%r15 # reassign $len @@ -596,24 +646,39 @@ sub poly1305_iteration { .align 16 .Ldone_avx: mov 0(%rsp),%r15 +.cfi_restore %r15 mov 8(%rsp),%r14 +.cfi_restore %r14 mov 16(%rsp),%r13 +.cfi_restore %r13 mov 24(%rsp),%r12 +.cfi_restore %r12 mov 32(%rsp),%rbp +.cfi_restore %rbp mov 40(%rsp),%rbx +.cfi_restore %rbx lea 48(%rsp),%rsp +.cfi_adjust_cfa_offset -48 .Lno_data_avx: .Lblocks_avx_epilogue: ret +.cfi_endproc .align 32 .Lbase2_64_avx: +.cfi_startproc push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 .Lbase2_64_avx_body: mov $len,%r15 # reassign $len @@ -673,18 +738,27 @@ sub poly1305_iteration { mov %r15,$len mov 0(%rsp),%r15 +.cfi_restore %r15 mov 8(%rsp),%r14 +.cfi_restore %r14 mov 16(%rsp),%r13 +.cfi_restore %r13 mov 24(%rsp),%r12 +.cfi_restore %r12 mov 32(%rsp),%rbp +.cfi_restore %rbp mov 40(%rsp),%rbx +.cfi_restore %rbx lea 48(%rsp),%rax lea 48(%rsp),%rsp +.cfi_adjust_cfa_offset -48 .Lbase2_64_avx_epilogue: jmp .Ldo_avx +.cfi_endproc .align 32 .Leven_avx: +.cfi_startproc vmovd 4*0($ctx),$H0 # load hash value vmovd 4*1($ctx),$H1 vmovd 4*2($ctx),$H2 @@ -695,6 +769,7 @@ sub poly1305_iteration { ___ $code.=<<___ if (!$win64); lea -0x58(%rsp),%r11 +.cfi_def_cfa %r11,0x60 sub \$0x178,%rsp ___ $code.=<<___ if ($win64); @@ -1287,10 +1362,12 @@ sub poly1305_iteration { ___ $code.=<<___ if (!$win64); lea 0x58(%r11),%rsp +.cfi_def_cfa %rsp,8 ___ $code.=<<___; vzeroupper ret +.cfi_endproc .size poly1305_blocks_avx,.-poly1305_blocks_avx .type poly1305_emit_avx,\@function,3 @@ -1336,7 +1413,7 @@ sub poly1305_iteration { mov %r9,%rcx adc \$0,%r9 adc \$0,%r10 - shr \$2,%r10 # did 130-bit value overfow? + shr \$2,%r10 # did 130-bit value overflow? cmovnz %r8,%rax cmovnz %r9,%rcx @@ -1358,6 +1435,7 @@ sub poly1305_iteration { .type poly1305_blocks_avx2,\@function,4 .align 32 poly1305_blocks_avx2: +.cfi_startproc mov 20($ctx),%r8d # is_base2_26 cmp \$128,$len jae .Lblocks_avx2 @@ -1377,11 +1455,17 @@ sub poly1305_iteration { jz .Leven_avx2 push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 .Lblocks_avx2_body: mov $len,%r15 # reassign $len @@ -1490,24 +1574,39 @@ sub poly1305_iteration { .align 16 .Ldone_avx2: mov 0(%rsp),%r15 +.cfi_restore %r15 mov 8(%rsp),%r14 +.cfi_restore %r14 mov 16(%rsp),%r13 +.cfi_restore %r13 mov 24(%rsp),%r12 +.cfi_restore %r12 mov 32(%rsp),%rbp +.cfi_restore %rbp mov 40(%rsp),%rbx +.cfi_restore %rbx lea 48(%rsp),%rsp +.cfi_adjust_cfa_offset -48 .Lno_data_avx2: .Lblocks_avx2_epilogue: ret +.cfi_endproc .align 32 .Lbase2_64_avx2: +.cfi_startproc push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 .Lbase2_64_avx2_body: mov $len,%r15 # reassign $len @@ -1569,21 +1668,33 @@ sub poly1305_iteration { call __poly1305_init_avx .Lproceed_avx2: - mov %r15,$len + mov %r15,$len # restore $len + mov OPENSSL_ia32cap_P+8(%rip),%r10d + mov \$`(1<<31|1<<30|1<<16)`,%r11d mov 0(%rsp),%r15 +.cfi_restore %r15 mov 8(%rsp),%r14 +.cfi_restore %r14 mov 16(%rsp),%r13 +.cfi_restore %r13 mov 24(%rsp),%r12 +.cfi_restore %r12 mov 32(%rsp),%rbp +.cfi_restore %rbp mov 40(%rsp),%rbx +.cfi_restore %rbx lea 48(%rsp),%rax lea 48(%rsp),%rsp +.cfi_adjust_cfa_offset -48 .Lbase2_64_avx2_epilogue: jmp .Ldo_avx2 +.cfi_endproc .align 32 .Leven_avx2: +.cfi_startproc + mov OPENSSL_ia32cap_P+8(%rip),%r10d vmovd 4*0($ctx),%x#$H0 # load hash value base 2^26 vmovd 4*1($ctx),%x#$H1 vmovd 4*2($ctx),%x#$H2 @@ -1592,8 +1703,17 @@ sub poly1305_iteration { .Ldo_avx2: ___ +$code.=<<___ if ($avx>2); + cmp \$512,$len + jb .Lskip_avx512 + and %r11d,%r10d + test \$`1<<16`,%r10d # check for AVX512F + jnz .Lblocks_avx512 +.Lskip_avx512: +___ $code.=<<___ if (!$win64); lea -8(%rsp),%r11 +.cfi_def_cfa %r11,16 sub \$0x128,%rsp ___ $code.=<<___ if ($win64); @@ -1612,8 +1732,9 @@ sub poly1305_iteration { .Ldo_avx2_body: ___ $code.=<<___; - lea 48+64($ctx),$ctx # size optimization lea .Lconst(%rip),%rcx + lea 48+64($ctx),$ctx # size optimization + vmovdqa 96(%rcx),$T0 # .Lpermd_avx2 # expand and copy pre-calculated table to stack vmovdqu `16*0-64`($ctx),%x#$T2 @@ -1623,36 +1744,28 @@ sub poly1305_iteration { vmovdqu `16*3-64`($ctx),%x#$D0 vmovdqu `16*4-64`($ctx),%x#$D1 vmovdqu `16*5-64`($ctx),%x#$D2 + lea 0x90(%rsp),%rax # size optimization vmovdqu `16*6-64`($ctx),%x#$D3 - vpermq \$0x15,$T2,$T2 # 00003412 -> 12343434 + vpermd $T2,$T0,$T2 # 00003412 -> 14243444 vmovdqu `16*7-64`($ctx),%x#$D4 - vpermq \$0x15,$T3,$T3 - vpshufd \$0xc8,$T2,$T2 # 12343434 -> 14243444 + vpermd $T3,$T0,$T3 vmovdqu `16*8-64`($ctx),%x#$MASK - vpermq \$0x15,$T4,$T4 - vpshufd \$0xc8,$T3,$T3 + vpermd $T4,$T0,$T4 vmovdqa $T2,0x00(%rsp) - vpermq \$0x15,$D0,$D0 - vpshufd \$0xc8,$T4,$T4 - vmovdqa $T3,0x20(%rsp) - vpermq \$0x15,$D1,$D1 - vpshufd \$0xc8,$D0,$D0 - vmovdqa $T4,0x40(%rsp) - vpermq \$0x15,$D2,$D2 - vpshufd \$0xc8,$D1,$D1 - vmovdqa $D0,0x60(%rsp) - vpermq \$0x15,$D3,$D3 - vpshufd \$0xc8,$D2,$D2 - vmovdqa $D1,0x80(%rsp) - vpermq \$0x15,$D4,$D4 - vpshufd \$0xc8,$D3,$D3 - vmovdqa $D2,0xa0(%rsp) - vpermq \$0x15,$MASK,$MASK - vpshufd \$0xc8,$D4,$D4 - vmovdqa $D3,0xc0(%rsp) - vpshufd \$0xc8,$MASK,$MASK - vmovdqa $D4,0xe0(%rsp) - vmovdqa $MASK,0x100(%rsp) + vpermd $D0,$T0,$D0 + vmovdqa $T3,0x20-0x90(%rax) + vpermd $D1,$T0,$D1 + vmovdqa $T4,0x40-0x90(%rax) + vpermd $D2,$T0,$D2 + vmovdqa $D0,0x60-0x90(%rax) + vpermd $D3,$T0,$D3 + vmovdqa $D1,0x80-0x90(%rax) + vpermd $D4,$T0,$D4 + vmovdqa $D2,0xa0-0x90(%rax) + vpermd $MASK,$T0,$MASK + vmovdqa $D3,0xc0-0x90(%rax) + vmovdqa $D4,0xe0-0x90(%rax) + vmovdqa $MASK,0x100-0x90(%rax) vmovdqa 64(%rcx),$MASK # .Lmask26 ################################################################ @@ -1679,7 +1792,6 @@ sub poly1305_iteration { vpand $MASK,$T3,$T3 # 3 vpor 32(%rcx),$T4,$T4 # padbit, yes, always - lea 0x90(%rsp),%rax # size optimization vpaddq $H2,$T2,$H2 # accumulate input sub \$64,$len jz .Ltail_avx2 @@ -1688,11 +1800,11 @@ sub poly1305_iteration { .align 32 .Loop_avx2: ################################################################ - # ((inp[0]*r^4+r[4])*r^4+r[8])*r^4 - # ((inp[1]*r^4+r[5])*r^4+r[9])*r^3 - # ((inp[2]*r^4+r[6])*r^4+r[10])*r^2 - # ((inp[3]*r^4+r[7])*r^4+r[11])*r^1 - # \________/\________/ + # ((inp[0]*r^4+inp[4])*r^4+inp[ 8])*r^4 + # ((inp[1]*r^4+inp[5])*r^4+inp[ 9])*r^3 + # ((inp[2]*r^4+inp[6])*r^4+inp[10])*r^2 + # ((inp[3]*r^4+inp[7])*r^4+inp[11])*r^1 + # \________/\__________/ ################################################################ #vpaddq $H2,$T2,$H2 # accumulate input vpaddq $H0,$T0,$H0 @@ -1990,13 +2102,1657 @@ sub poly1305_iteration { ___ $code.=<<___ if (!$win64); lea 8(%r11),%rsp +.cfi_def_cfa %rsp,8 ___ $code.=<<___; vzeroupper ret +.cfi_endproc .size poly1305_blocks_avx2,.-poly1305_blocks_avx2 ___ +####################################################################### +if ($avx>2) { +# On entry we have input length divisible by 64. But since inner loop +# processes 128 bytes per iteration, cases when length is not divisible +# by 128 are handled by passing tail 64 bytes to .Ltail_avx2. For this +# reason stack layout is kept identical to poly1305_blocks_avx2. If not +# for this tail, we wouldn't have to even allocate stack frame... + +my ($R0,$R1,$R2,$R3,$R4, $S1,$S2,$S3,$S4) = map("%zmm$_",(16..24)); +my ($M0,$M1,$M2,$M3,$M4) = map("%zmm$_",(25..29)); +my $PADBIT="%zmm30"; + +map(s/%y/%z/,($T4,$T0,$T1,$T2,$T3)); # switch to %zmm domain +map(s/%y/%z/,($D0,$D1,$D2,$D3,$D4)); +map(s/%y/%z/,($H0,$H1,$H2,$H3,$H4)); +map(s/%y/%z/,($MASK)); + +$code.=<<___; +.type poly1305_blocks_avx512,\@function,4 +.align 32 +poly1305_blocks_avx512: +.cfi_startproc +.Lblocks_avx512: + mov \$15,%eax + kmovw %eax,%k2 +___ +$code.=<<___ if (!$win64); + lea -8(%rsp),%r11 +.cfi_def_cfa %r11,16 + sub \$0x128,%rsp +___ +$code.=<<___ if ($win64); + lea -0xf8(%rsp),%r11 + sub \$0x1c8,%rsp + vmovdqa %xmm6,0x50(%r11) + vmovdqa %xmm7,0x60(%r11) + vmovdqa %xmm8,0x70(%r11) + vmovdqa %xmm9,0x80(%r11) + vmovdqa %xmm10,0x90(%r11) + vmovdqa %xmm11,0xa0(%r11) + vmovdqa %xmm12,0xb0(%r11) + vmovdqa %xmm13,0xc0(%r11) + vmovdqa %xmm14,0xd0(%r11) + vmovdqa %xmm15,0xe0(%r11) +.Ldo_avx512_body: +___ +$code.=<<___; + lea .Lconst(%rip),%rcx + lea 48+64($ctx),$ctx # size optimization + vmovdqa 96(%rcx),%y#$T2 # .Lpermd_avx2 + + # expand pre-calculated table + vmovdqu `16*0-64`($ctx),%x#$D0 # will become expanded ${R0} + and \$-512,%rsp + vmovdqu `16*1-64`($ctx),%x#$D1 # will become ... ${R1} + mov \$0x20,%rax + vmovdqu `16*2-64`($ctx),%x#$T0 # ... ${S1} + vmovdqu `16*3-64`($ctx),%x#$D2 # ... ${R2} + vmovdqu `16*4-64`($ctx),%x#$T1 # ... ${S2} + vmovdqu `16*5-64`($ctx),%x#$D3 # ... ${R3} + vmovdqu `16*6-64`($ctx),%x#$T3 # ... ${S3} + vmovdqu `16*7-64`($ctx),%x#$D4 # ... ${R4} + vmovdqu `16*8-64`($ctx),%x#$T4 # ... ${S4} + vpermd $D0,$T2,$R0 # 00003412 -> 14243444 + vpbroadcastq 64(%rcx),$MASK # .Lmask26 + vpermd $D1,$T2,$R1 + vpermd $T0,$T2,$S1 + vpermd $D2,$T2,$R2 + vmovdqa64 $R0,0x00(%rsp){%k2} # save in case $len%128 != 0 + vpsrlq \$32,$R0,$T0 # 14243444 -> 01020304 + vpermd $T1,$T2,$S2 + vmovdqu64 $R1,0x00(%rsp,%rax){%k2} + vpsrlq \$32,$R1,$T1 + vpermd $D3,$T2,$R3 + vmovdqa64 $S1,0x40(%rsp){%k2} + vpermd $T3,$T2,$S3 + vpermd $D4,$T2,$R4 + vmovdqu64 $R2,0x40(%rsp,%rax){%k2} + vpermd $T4,$T2,$S4 + vmovdqa64 $S2,0x80(%rsp){%k2} + vmovdqu64 $R3,0x80(%rsp,%rax){%k2} + vmovdqa64 $S3,0xc0(%rsp){%k2} + vmovdqu64 $R4,0xc0(%rsp,%rax){%k2} + vmovdqa64 $S4,0x100(%rsp){%k2} + + ################################################################ + # calculate 5th through 8th powers of the key + # + # d0 = r0'*r0 + r1'*5*r4 + r2'*5*r3 + r3'*5*r2 + r4'*5*r1 + # d1 = r0'*r1 + r1'*r0 + r2'*5*r4 + r3'*5*r3 + r4'*5*r2 + # d2 = r0'*r2 + r1'*r1 + r2'*r0 + r3'*5*r4 + r4'*5*r3 + # d3 = r0'*r3 + r1'*r2 + r2'*r1 + r3'*r0 + r4'*5*r4 + # d4 = r0'*r4 + r1'*r3 + r2'*r2 + r3'*r1 + r4'*r0 + + vpmuludq $T0,$R0,$D0 # d0 = r0'*r0 + vpmuludq $T0,$R1,$D1 # d1 = r0'*r1 + vpmuludq $T0,$R2,$D2 # d2 = r0'*r2 + vpmuludq $T0,$R3,$D3 # d3 = r0'*r3 + vpmuludq $T0,$R4,$D4 # d4 = r0'*r4 + vpsrlq \$32,$R2,$T2 + + vpmuludq $T1,$S4,$M0 + vpmuludq $T1,$R0,$M1 + vpmuludq $T1,$R1,$M2 + vpmuludq $T1,$R2,$M3 + vpmuludq $T1,$R3,$M4 + vpsrlq \$32,$R3,$T3 + vpaddq $M0,$D0,$D0 # d0 += r1'*5*r4 + vpaddq $M1,$D1,$D1 # d1 += r1'*r0 + vpaddq $M2,$D2,$D2 # d2 += r1'*r1 + vpaddq $M3,$D3,$D3 # d3 += r1'*r2 + vpaddq $M4,$D4,$D4 # d4 += r1'*r3 + + vpmuludq $T2,$S3,$M0 + vpmuludq $T2,$S4,$M1 + vpmuludq $T2,$R1,$M3 + vpmuludq $T2,$R2,$M4 + vpmuludq $T2,$R0,$M2 + vpsrlq \$32,$R4,$T4 + vpaddq $M0,$D0,$D0 # d0 += r2'*5*r3 + vpaddq $M1,$D1,$D1 # d1 += r2'*5*r4 + vpaddq $M3,$D3,$D3 # d3 += r2'*r1 + vpaddq $M4,$D4,$D4 # d4 += r2'*r2 + vpaddq $M2,$D2,$D2 # d2 += r2'*r0 + + vpmuludq $T3,$S2,$M0 + vpmuludq $T3,$R0,$M3 + vpmuludq $T3,$R1,$M4 + vpmuludq $T3,$S3,$M1 + vpmuludq $T3,$S4,$M2 + vpaddq $M0,$D0,$D0 # d0 += r3'*5*r2 + vpaddq $M3,$D3,$D3 # d3 += r3'*r0 + vpaddq $M4,$D4,$D4 # d4 += r3'*r1 + vpaddq $M1,$D1,$D1 # d1 += r3'*5*r3 + vpaddq $M2,$D2,$D2 # d2 += r3'*5*r4 + + vpmuludq $T4,$S4,$M3 + vpmuludq $T4,$R0,$M4 + vpmuludq $T4,$S1,$M0 + vpmuludq $T4,$S2,$M1 + vpmuludq $T4,$S3,$M2 + vpaddq $M3,$D3,$D3 # d3 += r2'*5*r4 + vpaddq $M4,$D4,$D4 # d4 += r2'*r0 + vpaddq $M0,$D0,$D0 # d0 += r2'*5*r1 + vpaddq $M1,$D1,$D1 # d1 += r2'*5*r2 + vpaddq $M2,$D2,$D2 # d2 += r2'*5*r3 + + ################################################################ + # load input + vmovdqu64 16*0($inp),%z#$T3 + vmovdqu64 16*4($inp),%z#$T4 + lea 16*8($inp),$inp + + ################################################################ + # lazy reduction + + vpsrlq \$26,$D3,$M3 + vpandq $MASK,$D3,$D3 + vpaddq $M3,$D4,$D4 # d3 -> d4 + + vpsrlq \$26,$D0,$M0 + vpandq $MASK,$D0,$D0 + vpaddq $M0,$D1,$D1 # d0 -> d1 + + vpsrlq \$26,$D4,$M4 + vpandq $MASK,$D4,$D4 + + vpsrlq \$26,$D1,$M1 + vpandq $MASK,$D1,$D1 + vpaddq $M1,$D2,$D2 # d1 -> d2 + + vpaddq $M4,$D0,$D0 + vpsllq \$2,$M4,$M4 + vpaddq $M4,$D0,$D0 # d4 -> d0 + + vpsrlq \$26,$D2,$M2 + vpandq $MASK,$D2,$D2 + vpaddq $M2,$D3,$D3 # d2 -> d3 + + vpsrlq \$26,$D0,$M0 + vpandq $MASK,$D0,$D0 + vpaddq $M0,$D1,$D1 # d0 -> d1 + + vpsrlq \$26,$D3,$M3 + vpandq $MASK,$D3,$D3 + vpaddq $M3,$D4,$D4 # d3 -> d4 + + ################################################################ + # at this point we have 14243444 in $R0-$S4 and 05060708 in + # $D0-$D4, ... + + vpunpcklqdq $T4,$T3,$T0 # transpose input + vpunpckhqdq $T4,$T3,$T4 + + # ... since input 64-bit lanes are ordered as 73625140, we could + # "vperm" it to 76543210 (here and in each loop iteration), *or* + # we could just flow along, hence the goal for $R0-$S4 is + # 1858286838784888 ... + + vmovdqa32 128(%rcx),$M0 # .Lpermd_avx512: + mov \$0x7777,%eax + kmovw %eax,%k1 + + vpermd $R0,$M0,$R0 # 14243444 -> 1---2---3---4--- + vpermd $R1,$M0,$R1 + vpermd $R2,$M0,$R2 + vpermd $R3,$M0,$R3 + vpermd $R4,$M0,$R4 + + vpermd $D0,$M0,${R0}{%k1} # 05060708 -> 1858286838784888 + vpermd $D1,$M0,${R1}{%k1} + vpermd $D2,$M0,${R2}{%k1} + vpermd $D3,$M0,${R3}{%k1} + vpermd $D4,$M0,${R4}{%k1} + + vpslld \$2,$R1,$S1 # *5 + vpslld \$2,$R2,$S2 + vpslld \$2,$R3,$S3 + vpslld \$2,$R4,$S4 + vpaddd $R1,$S1,$S1 + vpaddd $R2,$S2,$S2 + vpaddd $R3,$S3,$S3 + vpaddd $R4,$S4,$S4 + + vpbroadcastq 32(%rcx),$PADBIT # .L129 + + vpsrlq \$52,$T0,$T2 # splat input + vpsllq \$12,$T4,$T3 + vporq $T3,$T2,$T2 + vpsrlq \$26,$T0,$T1 + vpsrlq \$14,$T4,$T3 + vpsrlq \$40,$T4,$T4 # 4 + vpandq $MASK,$T2,$T2 # 2 + vpandq $MASK,$T0,$T0 # 0 + #vpandq $MASK,$T1,$T1 # 1 + #vpandq $MASK,$T3,$T3 # 3 + #vporq $PADBIT,$T4,$T4 # padbit, yes, always + + vpaddq $H2,$T2,$H2 # accumulate input + sub \$192,$len + jbe .Ltail_avx512 + jmp .Loop_avx512 + +.align 32 +.Loop_avx512: + ################################################################ + # ((inp[0]*r^8+inp[ 8])*r^8+inp[16])*r^8 + # ((inp[1]*r^8+inp[ 9])*r^8+inp[17])*r^7 + # ((inp[2]*r^8+inp[10])*r^8+inp[18])*r^6 + # ((inp[3]*r^8+inp[11])*r^8+inp[19])*r^5 + # ((inp[4]*r^8+inp[12])*r^8+inp[20])*r^4 + # ((inp[5]*r^8+inp[13])*r^8+inp[21])*r^3 + # ((inp[6]*r^8+inp[14])*r^8+inp[22])*r^2 + # ((inp[7]*r^8+inp[15])*r^8+inp[23])*r^1 + # \________/\___________/ + ################################################################ + #vpaddq $H2,$T2,$H2 # accumulate input + + # d4 = h4*r0 + h3*r1 + h2*r2 + h1*r3 + h0*r4 + # d3 = h3*r0 + h2*r1 + h1*r2 + h0*r3 + h4*5*r4 + # d2 = h2*r0 + h1*r1 + h0*r2 + h4*5*r3 + h3*5*r4 + # d1 = h1*r0 + h0*r1 + h4*5*r2 + h3*5*r3 + h2*5*r4 + # d0 = h0*r0 + h4*5*r1 + h3*5*r2 + h2*5*r3 + h1*5*r4 + # + # however, as h2 is "chronologically" first one available pull + # corresponding operations up, so it's + # + # d3 = h2*r1 + h0*r3 + h1*r2 + h3*r0 + h4*5*r4 + # d4 = h2*r2 + h0*r4 + h1*r3 + h3*r1 + h4*r0 + # d0 = h2*5*r3 + h0*r0 + h1*5*r4 + h3*5*r2 + h4*5*r1 + # d1 = h2*5*r4 + h0*r1 + h1*r0 + h3*5*r3 + h4*5*r2 + # d2 = h2*r0 + h0*r2 + h1*r1 + h3*5*r4 + h4*5*r3 + + vpmuludq $H2,$R1,$D3 # d3 = h2*r1 + vpaddq $H0,$T0,$H0 + vpmuludq $H2,$R2,$D4 # d4 = h2*r2 + vpandq $MASK,$T1,$T1 # 1 + vpmuludq $H2,$S3,$D0 # d0 = h2*s3 + vpandq $MASK,$T3,$T3 # 3 + vpmuludq $H2,$S4,$D1 # d1 = h2*s4 + vporq $PADBIT,$T4,$T4 # padbit, yes, always + vpmuludq $H2,$R0,$D2 # d2 = h2*r0 + vpaddq $H1,$T1,$H1 # accumulate input + vpaddq $H3,$T3,$H3 + vpaddq $H4,$T4,$H4 + + vmovdqu64 16*0($inp),$T3 # load input + vmovdqu64 16*4($inp),$T4 + lea 16*8($inp),$inp + vpmuludq $H0,$R3,$M3 + vpmuludq $H0,$R4,$M4 + vpmuludq $H0,$R0,$M0 + vpmuludq $H0,$R1,$M1 + vpaddq $M3,$D3,$D3 # d3 += h0*r3 + vpaddq $M4,$D4,$D4 # d4 += h0*r4 + vpaddq $M0,$D0,$D0 # d0 += h0*r0 + vpaddq $M1,$D1,$D1 # d1 += h0*r1 + + vpmuludq $H1,$R2,$M3 + vpmuludq $H1,$R3,$M4 + vpmuludq $H1,$S4,$M0 + vpmuludq $H0,$R2,$M2 + vpaddq $M3,$D3,$D3 # d3 += h1*r2 + vpaddq $M4,$D4,$D4 # d4 += h1*r3 + vpaddq $M0,$D0,$D0 # d0 += h1*s4 + vpaddq $M2,$D2,$D2 # d2 += h0*r2 + + vpunpcklqdq $T4,$T3,$T0 # transpose input + vpunpckhqdq $T4,$T3,$T4 + + vpmuludq $H3,$R0,$M3 + vpmuludq $H3,$R1,$M4 + vpmuludq $H1,$R0,$M1 + vpmuludq $H1,$R1,$M2 + vpaddq $M3,$D3,$D3 # d3 += h3*r0 + vpaddq $M4,$D4,$D4 # d4 += h3*r1 + vpaddq $M1,$D1,$D1 # d1 += h1*r0 + vpaddq $M2,$D2,$D2 # d2 += h1*r1 + + vpmuludq $H4,$S4,$M3 + vpmuludq $H4,$R0,$M4 + vpmuludq $H3,$S2,$M0 + vpmuludq $H3,$S3,$M1 + vpaddq $M3,$D3,$D3 # d3 += h4*s4 + vpmuludq $H3,$S4,$M2 + vpaddq $M4,$D4,$D4 # d4 += h4*r0 + vpaddq $M0,$D0,$D0 # d0 += h3*s2 + vpaddq $M1,$D1,$D1 # d1 += h3*s3 + vpaddq $M2,$D2,$D2 # d2 += h3*s4 + + vpmuludq $H4,$S1,$M0 + vpmuludq $H4,$S2,$M1 + vpmuludq $H4,$S3,$M2 + vpaddq $M0,$D0,$H0 # h0 = d0 + h4*s1 + vpaddq $M1,$D1,$H1 # h1 = d2 + h4*s2 + vpaddq $M2,$D2,$H2 # h2 = d3 + h4*s3 + + ################################################################ + # lazy reduction (interleaved with input splat) + + vpsrlq \$52,$T0,$T2 # splat input + vpsllq \$12,$T4,$T3 + + vpsrlq \$26,$D3,$H3 + vpandq $MASK,$D3,$D3 + vpaddq $H3,$D4,$H4 # h3 -> h4 + + vporq $T3,$T2,$T2 + + vpsrlq \$26,$H0,$D0 + vpandq $MASK,$H0,$H0 + vpaddq $D0,$H1,$H1 # h0 -> h1 + + vpandq $MASK,$T2,$T2 # 2 + + vpsrlq \$26,$H4,$D4 + vpandq $MASK,$H4,$H4 + + vpsrlq \$26,$H1,$D1 + vpandq $MASK,$H1,$H1 + vpaddq $D1,$H2,$H2 # h1 -> h2 + + vpaddq $D4,$H0,$H0 + vpsllq \$2,$D4,$D4 + vpaddq $D4,$H0,$H0 # h4 -> h0 + + vpaddq $T2,$H2,$H2 # modulo-scheduled + vpsrlq \$26,$T0,$T1 + + vpsrlq \$26,$H2,$D2 + vpandq $MASK,$H2,$H2 + vpaddq $D2,$D3,$H3 # h2 -> h3 + + vpsrlq \$14,$T4,$T3 + + vpsrlq \$26,$H0,$D0 + vpandq $MASK,$H0,$H0 + vpaddq $D0,$H1,$H1 # h0 -> h1 + + vpsrlq \$40,$T4,$T4 # 4 + + vpsrlq \$26,$H3,$D3 + vpandq $MASK,$H3,$H3 + vpaddq $D3,$H4,$H4 # h3 -> h4 + + vpandq $MASK,$T0,$T0 # 0 + #vpandq $MASK,$T1,$T1 # 1 + #vpandq $MASK,$T3,$T3 # 3 + #vporq $PADBIT,$T4,$T4 # padbit, yes, always + + sub \$128,$len + ja .Loop_avx512 + +.Ltail_avx512: + ################################################################ + # while above multiplications were by r^8 in all lanes, in last + # iteration we multiply least significant lane by r^8 and most + # significant one by r, that's why table gets shifted... + + vpsrlq \$32,$R0,$R0 # 0105020603070408 + vpsrlq \$32,$R1,$R1 + vpsrlq \$32,$R2,$R2 + vpsrlq \$32,$S3,$S3 + vpsrlq \$32,$S4,$S4 + vpsrlq \$32,$R3,$R3 + vpsrlq \$32,$R4,$R4 + vpsrlq \$32,$S1,$S1 + vpsrlq \$32,$S2,$S2 + + ################################################################ + # load either next or last 64 byte of input + lea ($inp,$len),$inp + + #vpaddq $H2,$T2,$H2 # accumulate input + vpaddq $H0,$T0,$H0 + + vpmuludq $H2,$R1,$D3 # d3 = h2*r1 + vpmuludq $H2,$R2,$D4 # d4 = h2*r2 + vpmuludq $H2,$S3,$D0 # d0 = h2*s3 + vpandq $MASK,$T1,$T1 # 1 + vpmuludq $H2,$S4,$D1 # d1 = h2*s4 + vpandq $MASK,$T3,$T3 # 3 + vpmuludq $H2,$R0,$D2 # d2 = h2*r0 + vporq $PADBIT,$T4,$T4 # padbit, yes, always + vpaddq $H1,$T1,$H1 # accumulate input + vpaddq $H3,$T3,$H3 + vpaddq $H4,$T4,$H4 + + vmovdqu 16*0($inp),%x#$T0 + vpmuludq $H0,$R3,$M3 + vpmuludq $H0,$R4,$M4 + vpmuludq $H0,$R0,$M0 + vpmuludq $H0,$R1,$M1 + vpaddq $M3,$D3,$D3 # d3 += h0*r3 + vpaddq $M4,$D4,$D4 # d4 += h0*r4 + vpaddq $M0,$D0,$D0 # d0 += h0*r0 + vpaddq $M1,$D1,$D1 # d1 += h0*r1 + + vmovdqu 16*1($inp),%x#$T1 + vpmuludq $H1,$R2,$M3 + vpmuludq $H1,$R3,$M4 + vpmuludq $H1,$S4,$M0 + vpmuludq $H0,$R2,$M2 + vpaddq $M3,$D3,$D3 # d3 += h1*r2 + vpaddq $M4,$D4,$D4 # d4 += h1*r3 + vpaddq $M0,$D0,$D0 # d0 += h1*s4 + vpaddq $M2,$D2,$D2 # d2 += h0*r2 + + vinserti128 \$1,16*2($inp),%y#$T0,%y#$T0 + vpmuludq $H3,$R0,$M3 + vpmuludq $H3,$R1,$M4 + vpmuludq $H1,$R0,$M1 + vpmuludq $H1,$R1,$M2 + vpaddq $M3,$D3,$D3 # d3 += h3*r0 + vpaddq $M4,$D4,$D4 # d4 += h3*r1 + vpaddq $M1,$D1,$D1 # d1 += h1*r0 + vpaddq $M2,$D2,$D2 # d2 += h1*r1 + + vinserti128 \$1,16*3($inp),%y#$T1,%y#$T1 + vpmuludq $H4,$S4,$M3 + vpmuludq $H4,$R0,$M4 + vpmuludq $H3,$S2,$M0 + vpmuludq $H3,$S3,$M1 + vpmuludq $H3,$S4,$M2 + vpaddq $M3,$D3,$H3 # h3 = d3 + h4*s4 + vpaddq $M4,$D4,$D4 # d4 += h4*r0 + vpaddq $M0,$D0,$D0 # d0 += h3*s2 + vpaddq $M1,$D1,$D1 # d1 += h3*s3 + vpaddq $M2,$D2,$D2 # d2 += h3*s4 + + vpmuludq $H4,$S1,$M0 + vpmuludq $H4,$S2,$M1 + vpmuludq $H4,$S3,$M2 + vpaddq $M0,$D0,$H0 # h0 = d0 + h4*s1 + vpaddq $M1,$D1,$H1 # h1 = d2 + h4*s2 + vpaddq $M2,$D2,$H2 # h2 = d3 + h4*s3 + + ################################################################ + # horizontal addition + + mov \$1,%eax + vpermq \$0xb1,$H3,$D3 + vpermq \$0xb1,$D4,$H4 + vpermq \$0xb1,$H0,$D0 + vpermq \$0xb1,$H1,$D1 + vpermq \$0xb1,$H2,$D2 + vpaddq $D3,$H3,$H3 + vpaddq $D4,$H4,$H4 + vpaddq $D0,$H0,$H0 + vpaddq $D1,$H1,$H1 + vpaddq $D2,$H2,$H2 + + kmovw %eax,%k3 + vpermq \$0x2,$H3,$D3 + vpermq \$0x2,$H4,$D4 + vpermq \$0x2,$H0,$D0 + vpermq \$0x2,$H1,$D1 + vpermq \$0x2,$H2,$D2 + vpaddq $D3,$H3,$H3 + vpaddq $D4,$H4,$H4 + vpaddq $D0,$H0,$H0 + vpaddq $D1,$H1,$H1 + vpaddq $D2,$H2,$H2 + + vextracti64x4 \$0x1,$H3,%y#$D3 + vextracti64x4 \$0x1,$H4,%y#$D4 + vextracti64x4 \$0x1,$H0,%y#$D0 + vextracti64x4 \$0x1,$H1,%y#$D1 + vextracti64x4 \$0x1,$H2,%y#$D2 + vpaddq $D3,$H3,${H3}{%k3}{z} # keep single qword in case + vpaddq $D4,$H4,${H4}{%k3}{z} # it's passed to .Ltail_avx2 + vpaddq $D0,$H0,${H0}{%k3}{z} + vpaddq $D1,$H1,${H1}{%k3}{z} + vpaddq $D2,$H2,${H2}{%k3}{z} +___ +map(s/%z/%y/,($T0,$T1,$T2,$T3,$T4, $PADBIT)); +map(s/%z/%y/,($H0,$H1,$H2,$H3,$H4, $D0,$D1,$D2,$D3,$D4, $MASK)); +$code.=<<___; + ################################################################ + # lazy reduction (interleaved with input splat) + + vpsrlq \$26,$H3,$D3 + vpand $MASK,$H3,$H3 + vpsrldq \$6,$T0,$T2 # splat input + vpsrldq \$6,$T1,$T3 + vpunpckhqdq $T1,$T0,$T4 # 4 + vpaddq $D3,$H4,$H4 # h3 -> h4 + + vpsrlq \$26,$H0,$D0 + vpand $MASK,$H0,$H0 + vpunpcklqdq $T3,$T2,$T2 # 2:3 + vpunpcklqdq $T1,$T0,$T0 # 0:1 + vpaddq $D0,$H1,$H1 # h0 -> h1 + + vpsrlq \$26,$H4,$D4 + vpand $MASK,$H4,$H4 + + vpsrlq \$26,$H1,$D1 + vpand $MASK,$H1,$H1 + vpsrlq \$30,$T2,$T3 + vpsrlq \$4,$T2,$T2 + vpaddq $D1,$H2,$H2 # h1 -> h2 + + vpaddq $D4,$H0,$H0 + vpsllq \$2,$D4,$D4 + vpsrlq \$26,$T0,$T1 + vpsrlq \$40,$T4,$T4 # 4 + vpaddq $D4,$H0,$H0 # h4 -> h0 + + vpsrlq \$26,$H2,$D2 + vpand $MASK,$H2,$H2 + vpand $MASK,$T2,$T2 # 2 + vpand $MASK,$T0,$T0 # 0 + vpaddq $D2,$H3,$H3 # h2 -> h3 + + vpsrlq \$26,$H0,$D0 + vpand $MASK,$H0,$H0 + vpaddq $H2,$T2,$H2 # accumulate input for .Ltail_avx2 + vpand $MASK,$T1,$T1 # 1 + vpaddq $D0,$H1,$H1 # h0 -> h1 + + vpsrlq \$26,$H3,$D3 + vpand $MASK,$H3,$H3 + vpand $MASK,$T3,$T3 # 3 + vpor 32(%rcx),$T4,$T4 # padbit, yes, always + vpaddq $D3,$H4,$H4 # h3 -> h4 + + lea 0x90(%rsp),%rax # size optimization for .Ltail_avx2 + add \$64,$len + jnz .Ltail_avx2 + + vpsubq $T2,$H2,$H2 # undo input accumulation + vmovd %x#$H0,`4*0-48-64`($ctx)# save partially reduced + vmovd %x#$H1,`4*1-48-64`($ctx) + vmovd %x#$H2,`4*2-48-64`($ctx) + vmovd %x#$H3,`4*3-48-64`($ctx) + vmovd %x#$H4,`4*4-48-64`($ctx) + vzeroall +___ +$code.=<<___ if ($win64); + movdqa 0x50(%r11),%xmm6 + movdqa 0x60(%r11),%xmm7 + movdqa 0x70(%r11),%xmm8 + movdqa 0x80(%r11),%xmm9 + movdqa 0x90(%r11),%xmm10 + movdqa 0xa0(%r11),%xmm11 + movdqa 0xb0(%r11),%xmm12 + movdqa 0xc0(%r11),%xmm13 + movdqa 0xd0(%r11),%xmm14 + movdqa 0xe0(%r11),%xmm15 + lea 0xf8(%r11),%rsp +.Ldo_avx512_epilogue: +___ +$code.=<<___ if (!$win64); + lea 8(%r11),%rsp +.cfi_def_cfa %rsp,8 +___ +$code.=<<___; + ret +.cfi_endproc +.size poly1305_blocks_avx512,.-poly1305_blocks_avx512 +___ +if ($avx>3) { +######################################################################## +# VPMADD52 version using 2^44 radix. +# +# One can argue that base 2^52 would be more natural. Well, even though +# some operations would be more natural, one has to recognize couple of +# things. Base 2^52 doesn't provide advantage over base 2^44 if you look +# at amount of multiply-n-accumulate operations. Secondly, it makes it +# impossible to pre-compute multiples of 5 [referred to as s[]/sN in +# reference implementations], which means that more such operations +# would have to be performed in inner loop, which in turn makes critical +# path longer. In other words, even though base 2^44 reduction might +# look less elegant, overall critical path is actually shorter... + +######################################################################## +# Layout of opaque area is following. +# +# unsigned __int64 h[3]; # current hash value base 2^44 +# unsigned __int64 s[2]; # key value*20 base 2^44 +# unsigned __int64 r[3]; # key value base 2^44 +# struct { unsigned __int64 r^1, r^3, r^2, r^4; } R[4]; +# # r^n positions reflect +# # placement in register, not +# # memory, R[3] is R[1]*20 + +$code.=<<___; +.type poly1305_init_base2_44,\@function,3 +.align 32 +poly1305_init_base2_44: + xor %rax,%rax + mov %rax,0($ctx) # initialize hash value + mov %rax,8($ctx) + mov %rax,16($ctx) + +.Linit_base2_44: + lea poly1305_blocks_vpmadd52(%rip),%r10 + lea poly1305_emit_base2_44(%rip),%r11 + + mov \$0x0ffffffc0fffffff,%rax + mov \$0x0ffffffc0ffffffc,%rcx + and 0($inp),%rax + mov \$0x00000fffffffffff,%r8 + and 8($inp),%rcx + mov \$0x00000fffffffffff,%r9 + and %rax,%r8 + shrd \$44,%rcx,%rax + mov %r8,40($ctx) # r0 + and %r9,%rax + shr \$24,%rcx + mov %rax,48($ctx) # r1 + lea (%rax,%rax,4),%rax # *5 + mov %rcx,56($ctx) # r2 + shl \$2,%rax # magic <<2 + lea (%rcx,%rcx,4),%rcx # *5 + shl \$2,%rcx # magic <<2 + mov %rax,24($ctx) # s1 + mov %rcx,32($ctx) # s2 + movq \$-1,64($ctx) # write impossible value +___ +$code.=<<___ if ($flavour !~ /elf32/); + mov %r10,0(%rdx) + mov %r11,8(%rdx) +___ +$code.=<<___ if ($flavour =~ /elf32/); + mov %r10d,0(%rdx) + mov %r11d,4(%rdx) +___ +$code.=<<___; + mov \$1,%eax + ret +.size poly1305_init_base2_44,.-poly1305_init_base2_44 +___ +{ +my ($H0,$H1,$H2,$r2r1r0,$r1r0s2,$r0s2s1,$Dlo,$Dhi) = map("%ymm$_",(0..5,16,17)); +my ($T0,$inp_permd,$inp_shift,$PAD) = map("%ymm$_",(18..21)); +my ($reduc_mask,$reduc_rght,$reduc_left) = map("%ymm$_",(22..25)); + +$code.=<<___; +.type poly1305_blocks_vpmadd52,\@function,4 +.align 32 +poly1305_blocks_vpmadd52: + shr \$4,$len + jz .Lno_data_vpmadd52 # too short + + shl \$40,$padbit + mov 64($ctx),%r8 # peek on power of the key + + # if powers of the key are not calculated yet, process up to 3 + # blocks with this single-block subroutine, otherwise ensure that + # length is divisible by 2 blocks and pass the rest down to next + # subroutine... + + mov \$3,%rax + mov \$1,%r10 + cmp \$4,$len # is input long + cmovae %r10,%rax + test %r8,%r8 # is power value impossible? + cmovns %r10,%rax + + and $len,%rax # is input of favourable length? + jz .Lblocks_vpmadd52_4x + + sub %rax,$len + mov \$7,%r10d + mov \$1,%r11d + kmovw %r10d,%k7 + lea .L2_44_inp_permd(%rip),%r10 + kmovw %r11d,%k1 + + vmovq $padbit,%x#$PAD + vmovdqa64 0(%r10),$inp_permd # .L2_44_inp_permd + vmovdqa64 32(%r10),$inp_shift # .L2_44_inp_shift + vpermq \$0xcf,$PAD,$PAD + vmovdqa64 64(%r10),$reduc_mask # .L2_44_mask + + vmovdqu64 0($ctx),${Dlo}{%k7}{z} # load hash value + vmovdqu64 40($ctx),${r2r1r0}{%k7}{z} # load keys + vmovdqu64 32($ctx),${r1r0s2}{%k7}{z} + vmovdqu64 24($ctx),${r0s2s1}{%k7}{z} + + vmovdqa64 96(%r10),$reduc_rght # .L2_44_shift_rgt + vmovdqa64 128(%r10),$reduc_left # .L2_44_shift_lft + + jmp .Loop_vpmadd52 + +.align 32 +.Loop_vpmadd52: + vmovdqu32 0($inp),%x#$T0 # load input as ----3210 + lea 16($inp),$inp + + vpermd $T0,$inp_permd,$T0 # ----3210 -> --322110 + vpsrlvq $inp_shift,$T0,$T0 + vpandq $reduc_mask,$T0,$T0 + vporq $PAD,$T0,$T0 + + vpaddq $T0,$Dlo,$Dlo # accumulate input + + vpermq \$0,$Dlo,${H0}{%k7}{z} # smash hash value + vpermq \$0b01010101,$Dlo,${H1}{%k7}{z} + vpermq \$0b10101010,$Dlo,${H2}{%k7}{z} + + vpxord $Dlo,$Dlo,$Dlo + vpxord $Dhi,$Dhi,$Dhi + + vpmadd52luq $r2r1r0,$H0,$Dlo + vpmadd52huq $r2r1r0,$H0,$Dhi + + vpmadd52luq $r1r0s2,$H1,$Dlo + vpmadd52huq $r1r0s2,$H1,$Dhi + + vpmadd52luq $r0s2s1,$H2,$Dlo + vpmadd52huq $r0s2s1,$H2,$Dhi + + vpsrlvq $reduc_rght,$Dlo,$T0 # 0 in topmost qword + vpsllvq $reduc_left,$Dhi,$Dhi # 0 in topmost qword + vpandq $reduc_mask,$Dlo,$Dlo + + vpaddq $T0,$Dhi,$Dhi + + vpermq \$0b10010011,$Dhi,$Dhi # 0 in lowest qword + + vpaddq $Dhi,$Dlo,$Dlo # note topmost qword :-) + + vpsrlvq $reduc_rght,$Dlo,$T0 # 0 in topmost word + vpandq $reduc_mask,$Dlo,$Dlo + + vpermq \$0b10010011,$T0,$T0 + + vpaddq $T0,$Dlo,$Dlo + + vpermq \$0b10010011,$Dlo,${T0}{%k1}{z} + + vpaddq $T0,$Dlo,$Dlo + vpsllq \$2,$T0,$T0 + + vpaddq $T0,$Dlo,$Dlo + + dec %rax # len-=16 + jnz .Loop_vpmadd52 + + vmovdqu64 $Dlo,0($ctx){%k7} # store hash value + + test $len,$len + jnz .Lblocks_vpmadd52_4x + +.Lno_data_vpmadd52: + ret +.size poly1305_blocks_vpmadd52,.-poly1305_blocks_vpmadd52 +___ } +{ +######################################################################## +# As implied by its name 4x subroutine processes 4 blocks in parallel +# (but handles even 4*n+2 blocks lengths). It takes up to 4th key power +# and is handled in 256-bit %ymm registers. + +my ($H0,$H1,$H2,$R0,$R1,$R2,$S1,$S2) = map("%ymm$_",(0..5,16,17)); +my ($D0lo,$D0hi,$D1lo,$D1hi,$D2lo,$D2hi) = map("%ymm$_",(18..23)); +my ($T0,$T1,$T2,$T3,$mask44,$mask42,$tmp,$PAD) = map("%ymm$_",(24..31)); + +$code.=<<___; +.type poly1305_blocks_vpmadd52_4x,\@function,4 +.align 32 +poly1305_blocks_vpmadd52_4x: + shr \$4,$len + jz .Lno_data_vpmadd52_4x # too short + + shl \$40,$padbit + mov 64($ctx),%r8 # peek on power of the key + +.Lblocks_vpmadd52_4x: + vpbroadcastq $padbit,$PAD + + vmovdqa64 .Lx_mask44(%rip),$mask44 + mov \$5,%eax + vmovdqa64 .Lx_mask42(%rip),$mask42 + kmovw %eax,%k1 # used in 2x path + + test %r8,%r8 # is power value impossible? + js .Linit_vpmadd52 # if it is, then init R[4] + + vmovq 0($ctx),%x#$H0 # load current hash value + vmovq 8($ctx),%x#$H1 + vmovq 16($ctx),%x#$H2 + + test \$3,$len # is length 4*n+2? + jnz .Lblocks_vpmadd52_2x_do + +.Lblocks_vpmadd52_4x_do: + vpbroadcastq 64($ctx),$R0 # load 4th power of the key + vpbroadcastq 96($ctx),$R1 + vpbroadcastq 128($ctx),$R2 + vpbroadcastq 160($ctx),$S1 + +.Lblocks_vpmadd52_4x_key_loaded: + vpsllq \$2,$R2,$S2 # S2 = R2*5*4 + vpaddq $R2,$S2,$S2 + vpsllq \$2,$S2,$S2 + + test \$7,$len # is len 8*n? + jz .Lblocks_vpmadd52_8x + + vmovdqu64 16*0($inp),$T2 # load data + vmovdqu64 16*2($inp),$T3 + lea 16*4($inp),$inp + + vpunpcklqdq $T3,$T2,$T1 # transpose data + vpunpckhqdq $T3,$T2,$T3 + + # at this point 64-bit lanes are ordered as 3-1-2-0 + + vpsrlq \$24,$T3,$T2 # splat the data + vporq $PAD,$T2,$T2 + vpaddq $T2,$H2,$H2 # accumulate input + vpandq $mask44,$T1,$T0 + vpsrlq \$44,$T1,$T1 + vpsllq \$20,$T3,$T3 + vporq $T3,$T1,$T1 + vpandq $mask44,$T1,$T1 + + sub \$4,$len + jz .Ltail_vpmadd52_4x + jmp .Loop_vpmadd52_4x + ud2 + +.align 32 +.Linit_vpmadd52: + vmovq 24($ctx),%x#$S1 # load key + vmovq 56($ctx),%x#$H2 + vmovq 32($ctx),%x#$S2 + vmovq 40($ctx),%x#$R0 + vmovq 48($ctx),%x#$R1 + + vmovdqa $R0,$H0 + vmovdqa $R1,$H1 + vmovdqa $H2,$R2 + + mov \$2,%eax + +.Lmul_init_vpmadd52: + vpxorq $D0lo,$D0lo,$D0lo + vpmadd52luq $H2,$S1,$D0lo + vpxorq $D0hi,$D0hi,$D0hi + vpmadd52huq $H2,$S1,$D0hi + vpxorq $D1lo,$D1lo,$D1lo + vpmadd52luq $H2,$S2,$D1lo + vpxorq $D1hi,$D1hi,$D1hi + vpmadd52huq $H2,$S2,$D1hi + vpxorq $D2lo,$D2lo,$D2lo + vpmadd52luq $H2,$R0,$D2lo + vpxorq $D2hi,$D2hi,$D2hi + vpmadd52huq $H2,$R0,$D2hi + + vpmadd52luq $H0,$R0,$D0lo + vpmadd52huq $H0,$R0,$D0hi + vpmadd52luq $H0,$R1,$D1lo + vpmadd52huq $H0,$R1,$D1hi + vpmadd52luq $H0,$R2,$D2lo + vpmadd52huq $H0,$R2,$D2hi + + vpmadd52luq $H1,$S2,$D0lo + vpmadd52huq $H1,$S2,$D0hi + vpmadd52luq $H1,$R0,$D1lo + vpmadd52huq $H1,$R0,$D1hi + vpmadd52luq $H1,$R1,$D2lo + vpmadd52huq $H1,$R1,$D2hi + + ################################################################ + # partial reduction + vpsrlq \$44,$D0lo,$tmp + vpsllq \$8,$D0hi,$D0hi + vpandq $mask44,$D0lo,$H0 + vpaddq $tmp,$D0hi,$D0hi + + vpaddq $D0hi,$D1lo,$D1lo + + vpsrlq \$44,$D1lo,$tmp + vpsllq \$8,$D1hi,$D1hi + vpandq $mask44,$D1lo,$H1 + vpaddq $tmp,$D1hi,$D1hi + + vpaddq $D1hi,$D2lo,$D2lo + + vpsrlq \$42,$D2lo,$tmp + vpsllq \$10,$D2hi,$D2hi + vpandq $mask42,$D2lo,$H2 + vpaddq $tmp,$D2hi,$D2hi + + vpaddq $D2hi,$H0,$H0 + vpsllq \$2,$D2hi,$D2hi + + vpaddq $D2hi,$H0,$H0 + + vpsrlq \$44,$H0,$tmp # additional step + vpandq $mask44,$H0,$H0 + + vpaddq $tmp,$H1,$H1 + + dec %eax + jz .Ldone_init_vpmadd52 + + vpunpcklqdq $R1,$H1,$R1 # 1,2 + vpbroadcastq %x#$H1,%x#$H1 # 2,2 + vpunpcklqdq $R2,$H2,$R2 + vpbroadcastq %x#$H2,%x#$H2 + vpunpcklqdq $R0,$H0,$R0 + vpbroadcastq %x#$H0,%x#$H0 + + vpsllq \$2,$R1,$S1 # S1 = R1*5*4 + vpsllq \$2,$R2,$S2 # S2 = R2*5*4 + vpaddq $R1,$S1,$S1 + vpaddq $R2,$S2,$S2 + vpsllq \$2,$S1,$S1 + vpsllq \$2,$S2,$S2 + + jmp .Lmul_init_vpmadd52 + ud2 + +.align 32 +.Ldone_init_vpmadd52: + vinserti128 \$1,%x#$R1,$H1,$R1 # 1,2,3,4 + vinserti128 \$1,%x#$R2,$H2,$R2 + vinserti128 \$1,%x#$R0,$H0,$R0 + + vpermq \$0b11011000,$R1,$R1 # 1,3,2,4 + vpermq \$0b11011000,$R2,$R2 + vpermq \$0b11011000,$R0,$R0 + + vpsllq \$2,$R1,$S1 # S1 = R1*5*4 + vpaddq $R1,$S1,$S1 + vpsllq \$2,$S1,$S1 + + vmovq 0($ctx),%x#$H0 # load current hash value + vmovq 8($ctx),%x#$H1 + vmovq 16($ctx),%x#$H2 + + test \$3,$len # is length 4*n+2? + jnz .Ldone_init_vpmadd52_2x + + vmovdqu64 $R0,64($ctx) # save key powers + vpbroadcastq %x#$R0,$R0 # broadcast 4th power + vmovdqu64 $R1,96($ctx) + vpbroadcastq %x#$R1,$R1 + vmovdqu64 $R2,128($ctx) + vpbroadcastq %x#$R2,$R2 + vmovdqu64 $S1,160($ctx) + vpbroadcastq %x#$S1,$S1 + + jmp .Lblocks_vpmadd52_4x_key_loaded + ud2 + +.align 32 +.Ldone_init_vpmadd52_2x: + vmovdqu64 $R0,64($ctx) # save key powers + vpsrldq \$8,$R0,$R0 # 0-1-0-2 + vmovdqu64 $R1,96($ctx) + vpsrldq \$8,$R1,$R1 + vmovdqu64 $R2,128($ctx) + vpsrldq \$8,$R2,$R2 + vmovdqu64 $S1,160($ctx) + vpsrldq \$8,$S1,$S1 + jmp .Lblocks_vpmadd52_2x_key_loaded + ud2 + +.align 32 +.Lblocks_vpmadd52_2x_do: + vmovdqu64 128+8($ctx),${R2}{%k1}{z}# load 2nd and 1st key powers + vmovdqu64 160+8($ctx),${S1}{%k1}{z} + vmovdqu64 64+8($ctx),${R0}{%k1}{z} + vmovdqu64 96+8($ctx),${R1}{%k1}{z} + +.Lblocks_vpmadd52_2x_key_loaded: + vmovdqu64 16*0($inp),$T2 # load data + vpxorq $T3,$T3,$T3 + lea 16*2($inp),$inp + + vpunpcklqdq $T3,$T2,$T1 # transpose data + vpunpckhqdq $T3,$T2,$T3 + + # at this point 64-bit lanes are ordered as x-1-x-0 + + vpsrlq \$24,$T3,$T2 # splat the data + vporq $PAD,$T2,$T2 + vpaddq $T2,$H2,$H2 # accumulate input + vpandq $mask44,$T1,$T0 + vpsrlq \$44,$T1,$T1 + vpsllq \$20,$T3,$T3 + vporq $T3,$T1,$T1 + vpandq $mask44,$T1,$T1 + + jmp .Ltail_vpmadd52_2x + ud2 + +.align 32 +.Loop_vpmadd52_4x: + #vpaddq $T2,$H2,$H2 # accumulate input + vpaddq $T0,$H0,$H0 + vpaddq $T1,$H1,$H1 + + vpxorq $D0lo,$D0lo,$D0lo + vpmadd52luq $H2,$S1,$D0lo + vpxorq $D0hi,$D0hi,$D0hi + vpmadd52huq $H2,$S1,$D0hi + vpxorq $D1lo,$D1lo,$D1lo + vpmadd52luq $H2,$S2,$D1lo + vpxorq $D1hi,$D1hi,$D1hi + vpmadd52huq $H2,$S2,$D1hi + vpxorq $D2lo,$D2lo,$D2lo + vpmadd52luq $H2,$R0,$D2lo + vpxorq $D2hi,$D2hi,$D2hi + vpmadd52huq $H2,$R0,$D2hi + + vmovdqu64 16*0($inp),$T2 # load data + vmovdqu64 16*2($inp),$T3 + lea 16*4($inp),$inp + vpmadd52luq $H0,$R0,$D0lo + vpmadd52huq $H0,$R0,$D0hi + vpmadd52luq $H0,$R1,$D1lo + vpmadd52huq $H0,$R1,$D1hi + vpmadd52luq $H0,$R2,$D2lo + vpmadd52huq $H0,$R2,$D2hi + + vpunpcklqdq $T3,$T2,$T1 # transpose data + vpunpckhqdq $T3,$T2,$T3 + vpmadd52luq $H1,$S2,$D0lo + vpmadd52huq $H1,$S2,$D0hi + vpmadd52luq $H1,$R0,$D1lo + vpmadd52huq $H1,$R0,$D1hi + vpmadd52luq $H1,$R1,$D2lo + vpmadd52huq $H1,$R1,$D2hi + + ################################################################ + # partial reduction (interleaved with data splat) + vpsrlq \$44,$D0lo,$tmp + vpsllq \$8,$D0hi,$D0hi + vpandq $mask44,$D0lo,$H0 + vpaddq $tmp,$D0hi,$D0hi + + vpsrlq \$24,$T3,$T2 + vporq $PAD,$T2,$T2 + vpaddq $D0hi,$D1lo,$D1lo + + vpsrlq \$44,$D1lo,$tmp + vpsllq \$8,$D1hi,$D1hi + vpandq $mask44,$D1lo,$H1 + vpaddq $tmp,$D1hi,$D1hi + + vpandq $mask44,$T1,$T0 + vpsrlq \$44,$T1,$T1 + vpsllq \$20,$T3,$T3 + vpaddq $D1hi,$D2lo,$D2lo + + vpsrlq \$42,$D2lo,$tmp + vpsllq \$10,$D2hi,$D2hi + vpandq $mask42,$D2lo,$H2 + vpaddq $tmp,$D2hi,$D2hi + + vpaddq $T2,$H2,$H2 # accumulate input + vpaddq $D2hi,$H0,$H0 + vpsllq \$2,$D2hi,$D2hi + + vpaddq $D2hi,$H0,$H0 + vporq $T3,$T1,$T1 + vpandq $mask44,$T1,$T1 + + vpsrlq \$44,$H0,$tmp # additional step + vpandq $mask44,$H0,$H0 + + vpaddq $tmp,$H1,$H1 + + sub \$4,$len # len-=64 + jnz .Loop_vpmadd52_4x + +.Ltail_vpmadd52_4x: + vmovdqu64 128($ctx),$R2 # load all key powers + vmovdqu64 160($ctx),$S1 + vmovdqu64 64($ctx),$R0 + vmovdqu64 96($ctx),$R1 + +.Ltail_vpmadd52_2x: + vpsllq \$2,$R2,$S2 # S2 = R2*5*4 + vpaddq $R2,$S2,$S2 + vpsllq \$2,$S2,$S2 + + #vpaddq $T2,$H2,$H2 # accumulate input + vpaddq $T0,$H0,$H0 + vpaddq $T1,$H1,$H1 + + vpxorq $D0lo,$D0lo,$D0lo + vpmadd52luq $H2,$S1,$D0lo + vpxorq $D0hi,$D0hi,$D0hi + vpmadd52huq $H2,$S1,$D0hi + vpxorq $D1lo,$D1lo,$D1lo + vpmadd52luq $H2,$S2,$D1lo + vpxorq $D1hi,$D1hi,$D1hi + vpmadd52huq $H2,$S2,$D1hi + vpxorq $D2lo,$D2lo,$D2lo + vpmadd52luq $H2,$R0,$D2lo + vpxorq $D2hi,$D2hi,$D2hi + vpmadd52huq $H2,$R0,$D2hi + + vpmadd52luq $H0,$R0,$D0lo + vpmadd52huq $H0,$R0,$D0hi + vpmadd52luq $H0,$R1,$D1lo + vpmadd52huq $H0,$R1,$D1hi + vpmadd52luq $H0,$R2,$D2lo + vpmadd52huq $H0,$R2,$D2hi + + vpmadd52luq $H1,$S2,$D0lo + vpmadd52huq $H1,$S2,$D0hi + vpmadd52luq $H1,$R0,$D1lo + vpmadd52huq $H1,$R0,$D1hi + vpmadd52luq $H1,$R1,$D2lo + vpmadd52huq $H1,$R1,$D2hi + + ################################################################ + # horizontal addition + + mov \$1,%eax + kmovw %eax,%k1 + vpsrldq \$8,$D0lo,$T0 + vpsrldq \$8,$D0hi,$H0 + vpsrldq \$8,$D1lo,$T1 + vpsrldq \$8,$D1hi,$H1 + vpaddq $T0,$D0lo,$D0lo + vpaddq $H0,$D0hi,$D0hi + vpsrldq \$8,$D2lo,$T2 + vpsrldq \$8,$D2hi,$H2 + vpaddq $T1,$D1lo,$D1lo + vpaddq $H1,$D1hi,$D1hi + vpermq \$0x2,$D0lo,$T0 + vpermq \$0x2,$D0hi,$H0 + vpaddq $T2,$D2lo,$D2lo + vpaddq $H2,$D2hi,$D2hi + + vpermq \$0x2,$D1lo,$T1 + vpermq \$0x2,$D1hi,$H1 + vpaddq $T0,$D0lo,${D0lo}{%k1}{z} + vpaddq $H0,$D0hi,${D0hi}{%k1}{z} + vpermq \$0x2,$D2lo,$T2 + vpermq \$0x2,$D2hi,$H2 + vpaddq $T1,$D1lo,${D1lo}{%k1}{z} + vpaddq $H1,$D1hi,${D1hi}{%k1}{z} + vpaddq $T2,$D2lo,${D2lo}{%k1}{z} + vpaddq $H2,$D2hi,${D2hi}{%k1}{z} + + ################################################################ + # partial reduction + vpsrlq \$44,$D0lo,$tmp + vpsllq \$8,$D0hi,$D0hi + vpandq $mask44,$D0lo,$H0 + vpaddq $tmp,$D0hi,$D0hi + + vpaddq $D0hi,$D1lo,$D1lo + + vpsrlq \$44,$D1lo,$tmp + vpsllq \$8,$D1hi,$D1hi + vpandq $mask44,$D1lo,$H1 + vpaddq $tmp,$D1hi,$D1hi + + vpaddq $D1hi,$D2lo,$D2lo + + vpsrlq \$42,$D2lo,$tmp + vpsllq \$10,$D2hi,$D2hi + vpandq $mask42,$D2lo,$H2 + vpaddq $tmp,$D2hi,$D2hi + + vpaddq $D2hi,$H0,$H0 + vpsllq \$2,$D2hi,$D2hi + + vpaddq $D2hi,$H0,$H0 + + vpsrlq \$44,$H0,$tmp # additional step + vpandq $mask44,$H0,$H0 + + vpaddq $tmp,$H1,$H1 + # at this point $len is + # either 4*n+2 or 0... + sub \$2,$len # len-=32 + ja .Lblocks_vpmadd52_4x_do + + vmovq %x#$H0,0($ctx) + vmovq %x#$H1,8($ctx) + vmovq %x#$H2,16($ctx) + vzeroall + +.Lno_data_vpmadd52_4x: + ret +.size poly1305_blocks_vpmadd52_4x,.-poly1305_blocks_vpmadd52_4x +___ +} +{ +######################################################################## +# As implied by its name 8x subroutine processes 8 blocks in parallel... +# This is intermediate version, as it's used only in cases when input +# length is either 8*n, 8*n+1 or 8*n+2... + +my ($H0,$H1,$H2,$R0,$R1,$R2,$S1,$S2) = map("%ymm$_",(0..5,16,17)); +my ($D0lo,$D0hi,$D1lo,$D1hi,$D2lo,$D2hi) = map("%ymm$_",(18..23)); +my ($T0,$T1,$T2,$T3,$mask44,$mask42,$tmp,$PAD) = map("%ymm$_",(24..31)); +my ($RR0,$RR1,$RR2,$SS1,$SS2) = map("%ymm$_",(6..10)); + +$code.=<<___; +.type poly1305_blocks_vpmadd52_8x,\@function,4 +.align 32 +poly1305_blocks_vpmadd52_8x: + shr \$4,$len + jz .Lno_data_vpmadd52_8x # too short + + shl \$40,$padbit + mov 64($ctx),%r8 # peek on power of the key + + vmovdqa64 .Lx_mask44(%rip),$mask44 + vmovdqa64 .Lx_mask42(%rip),$mask42 + + test %r8,%r8 # is power value impossible? + js .Linit_vpmadd52 # if it is, then init R[4] + + vmovq 0($ctx),%x#$H0 # load current hash value + vmovq 8($ctx),%x#$H1 + vmovq 16($ctx),%x#$H2 + +.Lblocks_vpmadd52_8x: + ################################################################ + # fist we calculate more key powers + + vmovdqu64 128($ctx),$R2 # load 1-3-2-4 powers + vmovdqu64 160($ctx),$S1 + vmovdqu64 64($ctx),$R0 + vmovdqu64 96($ctx),$R1 + + vpsllq \$2,$R2,$S2 # S2 = R2*5*4 + vpaddq $R2,$S2,$S2 + vpsllq \$2,$S2,$S2 + + vpbroadcastq %x#$R2,$RR2 # broadcast 4th power + vpbroadcastq %x#$R0,$RR0 + vpbroadcastq %x#$R1,$RR1 + + vpxorq $D0lo,$D0lo,$D0lo + vpmadd52luq $RR2,$S1,$D0lo + vpxorq $D0hi,$D0hi,$D0hi + vpmadd52huq $RR2,$S1,$D0hi + vpxorq $D1lo,$D1lo,$D1lo + vpmadd52luq $RR2,$S2,$D1lo + vpxorq $D1hi,$D1hi,$D1hi + vpmadd52huq $RR2,$S2,$D1hi + vpxorq $D2lo,$D2lo,$D2lo + vpmadd52luq $RR2,$R0,$D2lo + vpxorq $D2hi,$D2hi,$D2hi + vpmadd52huq $RR2,$R0,$D2hi + + vpmadd52luq $RR0,$R0,$D0lo + vpmadd52huq $RR0,$R0,$D0hi + vpmadd52luq $RR0,$R1,$D1lo + vpmadd52huq $RR0,$R1,$D1hi + vpmadd52luq $RR0,$R2,$D2lo + vpmadd52huq $RR0,$R2,$D2hi + + vpmadd52luq $RR1,$S2,$D0lo + vpmadd52huq $RR1,$S2,$D0hi + vpmadd52luq $RR1,$R0,$D1lo + vpmadd52huq $RR1,$R0,$D1hi + vpmadd52luq $RR1,$R1,$D2lo + vpmadd52huq $RR1,$R1,$D2hi + + ################################################################ + # partial reduction + vpsrlq \$44,$D0lo,$tmp + vpsllq \$8,$D0hi,$D0hi + vpandq $mask44,$D0lo,$RR0 + vpaddq $tmp,$D0hi,$D0hi + + vpaddq $D0hi,$D1lo,$D1lo + + vpsrlq \$44,$D1lo,$tmp + vpsllq \$8,$D1hi,$D1hi + vpandq $mask44,$D1lo,$RR1 + vpaddq $tmp,$D1hi,$D1hi + + vpaddq $D1hi,$D2lo,$D2lo + + vpsrlq \$42,$D2lo,$tmp + vpsllq \$10,$D2hi,$D2hi + vpandq $mask42,$D2lo,$RR2 + vpaddq $tmp,$D2hi,$D2hi + + vpaddq $D2hi,$RR0,$RR0 + vpsllq \$2,$D2hi,$D2hi + + vpaddq $D2hi,$RR0,$RR0 + + vpsrlq \$44,$RR0,$tmp # additional step + vpandq $mask44,$RR0,$RR0 + + vpaddq $tmp,$RR1,$RR1 + + ################################################################ + # At this point Rx holds 1324 powers, RRx - 5768, and the goal + # is 15263748, which reflects how data is loaded... + + vpunpcklqdq $R2,$RR2,$T2 # 3748 + vpunpckhqdq $R2,$RR2,$R2 # 1526 + vpunpcklqdq $R0,$RR0,$T0 + vpunpckhqdq $R0,$RR0,$R0 + vpunpcklqdq $R1,$RR1,$T1 + vpunpckhqdq $R1,$RR1,$R1 +___ +######## switch to %zmm +map(s/%y/%z/, $H0,$H1,$H2,$R0,$R1,$R2,$S1,$S2); +map(s/%y/%z/, $D0lo,$D0hi,$D1lo,$D1hi,$D2lo,$D2hi); +map(s/%y/%z/, $T0,$T1,$T2,$T3,$mask44,$mask42,$tmp,$PAD); +map(s/%y/%z/, $RR0,$RR1,$RR2,$SS1,$SS2); + +$code.=<<___; + vshufi64x2 \$0x44,$R2,$T2,$RR2 # 15263748 + vshufi64x2 \$0x44,$R0,$T0,$RR0 + vshufi64x2 \$0x44,$R1,$T1,$RR1 + + vmovdqu64 16*0($inp),$T2 # load data + vmovdqu64 16*4($inp),$T3 + lea 16*8($inp),$inp + + vpsllq \$2,$RR2,$SS2 # S2 = R2*5*4 + vpsllq \$2,$RR1,$SS1 # S1 = R1*5*4 + vpaddq $RR2,$SS2,$SS2 + vpaddq $RR1,$SS1,$SS1 + vpsllq \$2,$SS2,$SS2 + vpsllq \$2,$SS1,$SS1 + + vpbroadcastq $padbit,$PAD + vpbroadcastq %x#$mask44,$mask44 + vpbroadcastq %x#$mask42,$mask42 + + vpbroadcastq %x#$SS1,$S1 # broadcast 8th power + vpbroadcastq %x#$SS2,$S2 + vpbroadcastq %x#$RR0,$R0 + vpbroadcastq %x#$RR1,$R1 + vpbroadcastq %x#$RR2,$R2 + + vpunpcklqdq $T3,$T2,$T1 # transpose data + vpunpckhqdq $T3,$T2,$T3 + + # at this point 64-bit lanes are ordered as 73625140 + + vpsrlq \$24,$T3,$T2 # splat the data + vporq $PAD,$T2,$T2 + vpaddq $T2,$H2,$H2 # accumulate input + vpandq $mask44,$T1,$T0 + vpsrlq \$44,$T1,$T1 + vpsllq \$20,$T3,$T3 + vporq $T3,$T1,$T1 + vpandq $mask44,$T1,$T1 + + sub \$8,$len + jz .Ltail_vpmadd52_8x + jmp .Loop_vpmadd52_8x + +.align 32 +.Loop_vpmadd52_8x: + #vpaddq $T2,$H2,$H2 # accumulate input + vpaddq $T0,$H0,$H0 + vpaddq $T1,$H1,$H1 + + vpxorq $D0lo,$D0lo,$D0lo + vpmadd52luq $H2,$S1,$D0lo + vpxorq $D0hi,$D0hi,$D0hi + vpmadd52huq $H2,$S1,$D0hi + vpxorq $D1lo,$D1lo,$D1lo + vpmadd52luq $H2,$S2,$D1lo + vpxorq $D1hi,$D1hi,$D1hi + vpmadd52huq $H2,$S2,$D1hi + vpxorq $D2lo,$D2lo,$D2lo + vpmadd52luq $H2,$R0,$D2lo + vpxorq $D2hi,$D2hi,$D2hi + vpmadd52huq $H2,$R0,$D2hi + + vmovdqu64 16*0($inp),$T2 # load data + vmovdqu64 16*4($inp),$T3 + lea 16*8($inp),$inp + vpmadd52luq $H0,$R0,$D0lo + vpmadd52huq $H0,$R0,$D0hi + vpmadd52luq $H0,$R1,$D1lo + vpmadd52huq $H0,$R1,$D1hi + vpmadd52luq $H0,$R2,$D2lo + vpmadd52huq $H0,$R2,$D2hi + + vpunpcklqdq $T3,$T2,$T1 # transpose data + vpunpckhqdq $T3,$T2,$T3 + vpmadd52luq $H1,$S2,$D0lo + vpmadd52huq $H1,$S2,$D0hi + vpmadd52luq $H1,$R0,$D1lo + vpmadd52huq $H1,$R0,$D1hi + vpmadd52luq $H1,$R1,$D2lo + vpmadd52huq $H1,$R1,$D2hi + + ################################################################ + # partial reduction (interleaved with data splat) + vpsrlq \$44,$D0lo,$tmp + vpsllq \$8,$D0hi,$D0hi + vpandq $mask44,$D0lo,$H0 + vpaddq $tmp,$D0hi,$D0hi + + vpsrlq \$24,$T3,$T2 + vporq $PAD,$T2,$T2 + vpaddq $D0hi,$D1lo,$D1lo + + vpsrlq \$44,$D1lo,$tmp + vpsllq \$8,$D1hi,$D1hi + vpandq $mask44,$D1lo,$H1 + vpaddq $tmp,$D1hi,$D1hi + + vpandq $mask44,$T1,$T0 + vpsrlq \$44,$T1,$T1 + vpsllq \$20,$T3,$T3 + vpaddq $D1hi,$D2lo,$D2lo + + vpsrlq \$42,$D2lo,$tmp + vpsllq \$10,$D2hi,$D2hi + vpandq $mask42,$D2lo,$H2 + vpaddq $tmp,$D2hi,$D2hi + + vpaddq $T2,$H2,$H2 # accumulate input + vpaddq $D2hi,$H0,$H0 + vpsllq \$2,$D2hi,$D2hi + + vpaddq $D2hi,$H0,$H0 + vporq $T3,$T1,$T1 + vpandq $mask44,$T1,$T1 + + vpsrlq \$44,$H0,$tmp # additional step + vpandq $mask44,$H0,$H0 + + vpaddq $tmp,$H1,$H1 + + sub \$8,$len # len-=128 + jnz .Loop_vpmadd52_8x + +.Ltail_vpmadd52_8x: + #vpaddq $T2,$H2,$H2 # accumulate input + vpaddq $T0,$H0,$H0 + vpaddq $T1,$H1,$H1 + + vpxorq $D0lo,$D0lo,$D0lo + vpmadd52luq $H2,$SS1,$D0lo + vpxorq $D0hi,$D0hi,$D0hi + vpmadd52huq $H2,$SS1,$D0hi + vpxorq $D1lo,$D1lo,$D1lo + vpmadd52luq $H2,$SS2,$D1lo + vpxorq $D1hi,$D1hi,$D1hi + vpmadd52huq $H2,$SS2,$D1hi + vpxorq $D2lo,$D2lo,$D2lo + vpmadd52luq $H2,$RR0,$D2lo + vpxorq $D2hi,$D2hi,$D2hi + vpmadd52huq $H2,$RR0,$D2hi + + vpmadd52luq $H0,$RR0,$D0lo + vpmadd52huq $H0,$RR0,$D0hi + vpmadd52luq $H0,$RR1,$D1lo + vpmadd52huq $H0,$RR1,$D1hi + vpmadd52luq $H0,$RR2,$D2lo + vpmadd52huq $H0,$RR2,$D2hi + + vpmadd52luq $H1,$SS2,$D0lo + vpmadd52huq $H1,$SS2,$D0hi + vpmadd52luq $H1,$RR0,$D1lo + vpmadd52huq $H1,$RR0,$D1hi + vpmadd52luq $H1,$RR1,$D2lo + vpmadd52huq $H1,$RR1,$D2hi + + ################################################################ + # horizontal addition + + mov \$1,%eax + kmovw %eax,%k1 + vpsrldq \$8,$D0lo,$T0 + vpsrldq \$8,$D0hi,$H0 + vpsrldq \$8,$D1lo,$T1 + vpsrldq \$8,$D1hi,$H1 + vpaddq $T0,$D0lo,$D0lo + vpaddq $H0,$D0hi,$D0hi + vpsrldq \$8,$D2lo,$T2 + vpsrldq \$8,$D2hi,$H2 + vpaddq $T1,$D1lo,$D1lo + vpaddq $H1,$D1hi,$D1hi + vpermq \$0x2,$D0lo,$T0 + vpermq \$0x2,$D0hi,$H0 + vpaddq $T2,$D2lo,$D2lo + vpaddq $H2,$D2hi,$D2hi + + vpermq \$0x2,$D1lo,$T1 + vpermq \$0x2,$D1hi,$H1 + vpaddq $T0,$D0lo,$D0lo + vpaddq $H0,$D0hi,$D0hi + vpermq \$0x2,$D2lo,$T2 + vpermq \$0x2,$D2hi,$H2 + vpaddq $T1,$D1lo,$D1lo + vpaddq $H1,$D1hi,$D1hi + vextracti64x4 \$1,$D0lo,%y#$T0 + vextracti64x4 \$1,$D0hi,%y#$H0 + vpaddq $T2,$D2lo,$D2lo + vpaddq $H2,$D2hi,$D2hi + + vextracti64x4 \$1,$D1lo,%y#$T1 + vextracti64x4 \$1,$D1hi,%y#$H1 + vextracti64x4 \$1,$D2lo,%y#$T2 + vextracti64x4 \$1,$D2hi,%y#$H2 +___ +######## switch back to %ymm +map(s/%z/%y/, $H0,$H1,$H2,$R0,$R1,$R2,$S1,$S2); +map(s/%z/%y/, $D0lo,$D0hi,$D1lo,$D1hi,$D2lo,$D2hi); +map(s/%z/%y/, $T0,$T1,$T2,$T3,$mask44,$mask42,$tmp,$PAD); + +$code.=<<___; + vpaddq $T0,$D0lo,${D0lo}{%k1}{z} + vpaddq $H0,$D0hi,${D0hi}{%k1}{z} + vpaddq $T1,$D1lo,${D1lo}{%k1}{z} + vpaddq $H1,$D1hi,${D1hi}{%k1}{z} + vpaddq $T2,$D2lo,${D2lo}{%k1}{z} + vpaddq $H2,$D2hi,${D2hi}{%k1}{z} + + ################################################################ + # partial reduction + vpsrlq \$44,$D0lo,$tmp + vpsllq \$8,$D0hi,$D0hi + vpandq $mask44,$D0lo,$H0 + vpaddq $tmp,$D0hi,$D0hi + + vpaddq $D0hi,$D1lo,$D1lo + + vpsrlq \$44,$D1lo,$tmp + vpsllq \$8,$D1hi,$D1hi + vpandq $mask44,$D1lo,$H1 + vpaddq $tmp,$D1hi,$D1hi + + vpaddq $D1hi,$D2lo,$D2lo + + vpsrlq \$42,$D2lo,$tmp + vpsllq \$10,$D2hi,$D2hi + vpandq $mask42,$D2lo,$H2 + vpaddq $tmp,$D2hi,$D2hi + + vpaddq $D2hi,$H0,$H0 + vpsllq \$2,$D2hi,$D2hi + + vpaddq $D2hi,$H0,$H0 + + vpsrlq \$44,$H0,$tmp # additional step + vpandq $mask44,$H0,$H0 + + vpaddq $tmp,$H1,$H1 + + ################################################################ + + vmovq %x#$H0,0($ctx) + vmovq %x#$H1,8($ctx) + vmovq %x#$H2,16($ctx) + vzeroall + +.Lno_data_vpmadd52_8x: + ret +.size poly1305_blocks_vpmadd52_8x,.-poly1305_blocks_vpmadd52_8x +___ +} +$code.=<<___; +.type poly1305_emit_base2_44,\@function,3 +.align 32 +poly1305_emit_base2_44: + mov 0($ctx),%r8 # load hash value + mov 8($ctx),%r9 + mov 16($ctx),%r10 + + mov %r9,%rax + shr \$20,%r9 + shl \$44,%rax + mov %r10,%rcx + shr \$40,%r10 + shl \$24,%rcx + + add %rax,%r8 + adc %rcx,%r9 + adc \$0,%r10 + + mov %r8,%rax + add \$5,%r8 # compare to modulus + mov %r9,%rcx + adc \$0,%r9 + adc \$0,%r10 + shr \$2,%r10 # did 130-bit value overflow? + cmovnz %r8,%rax + cmovnz %r9,%rcx + + add 0($nonce),%rax # accumulate nonce + adc 8($nonce),%rcx + mov %rax,0($mac) # write result + mov %rcx,8($mac) + + ret +.size poly1305_emit_base2_44,.-poly1305_emit_base2_44 +___ +} } } $code.=<<___; .align 64 .Lconst: @@ -2006,16 +3762,140 @@ sub poly1305_iteration { .long `1<<24`,0,`1<<24`,0,`1<<24`,0,`1<<24`,0 .Lmask26: .long 0x3ffffff,0,0x3ffffff,0,0x3ffffff,0,0x3ffffff,0 -.Lfive: -.long 5,0,5,0,5,0,5,0 +.Lpermd_avx2: +.long 2,2,2,3,2,0,2,1 +.Lpermd_avx512: +.long 0,0,0,1, 0,2,0,3, 0,4,0,5, 0,6,0,7 + +.L2_44_inp_permd: +.long 0,1,1,2,2,3,7,7 +.L2_44_inp_shift: +.quad 0,12,24,64 +.L2_44_mask: +.quad 0xfffffffffff,0xfffffffffff,0x3ffffffffff,0xffffffffffffffff +.L2_44_shift_rgt: +.quad 44,44,42,64 +.L2_44_shift_lft: +.quad 8,8,10,64 + +.align 64 +.Lx_mask44: +.quad 0xfffffffffff,0xfffffffffff,0xfffffffffff,0xfffffffffff +.quad 0xfffffffffff,0xfffffffffff,0xfffffffffff,0xfffffffffff +.Lx_mask42: +.quad 0x3ffffffffff,0x3ffffffffff,0x3ffffffffff,0x3ffffffffff +.quad 0x3ffffffffff,0x3ffffffffff,0x3ffffffffff,0x3ffffffffff ___ } - $code.=<<___; .asciz "Poly1305 for x86_64, CRYPTOGAMS by " .align 16 ___ +{ # chacha20-poly1305 helpers +my ($out,$inp,$otp,$len)=$win64 ? ("%rcx","%rdx","%r8", "%r9") : # Win64 order + ("%rdi","%rsi","%rdx","%rcx"); # Unix order +$code.=<<___; +.globl xor128_encrypt_n_pad +.type xor128_encrypt_n_pad,\@abi-omnipotent +.align 16 +xor128_encrypt_n_pad: + sub $otp,$inp + sub $otp,$out + mov $len,%r10 # put len aside + shr \$4,$len # len / 16 + jz .Ltail_enc + nop +.Loop_enc_xmm: + movdqu ($inp,$otp),%xmm0 + pxor ($otp),%xmm0 + movdqu %xmm0,($out,$otp) + movdqa %xmm0,($otp) + lea 16($otp),$otp + dec $len + jnz .Loop_enc_xmm + + and \$15,%r10 # len % 16 + jz .Ldone_enc + +.Ltail_enc: + mov \$16,$len + sub %r10,$len + xor %eax,%eax +.Loop_enc_byte: + mov ($inp,$otp),%al + xor ($otp),%al + mov %al,($out,$otp) + mov %al,($otp) + lea 1($otp),$otp + dec %r10 + jnz .Loop_enc_byte + + xor %eax,%eax +.Loop_enc_pad: + mov %al,($otp) + lea 1($otp),$otp + dec $len + jnz .Loop_enc_pad + +.Ldone_enc: + mov $otp,%rax + ret +.size xor128_encrypt_n_pad,.-xor128_encrypt_n_pad + +.globl xor128_decrypt_n_pad +.type xor128_decrypt_n_pad,\@abi-omnipotent +.align 16 +xor128_decrypt_n_pad: + sub $otp,$inp + sub $otp,$out + mov $len,%r10 # put len aside + shr \$4,$len # len / 16 + jz .Ltail_dec + nop +.Loop_dec_xmm: + movdqu ($inp,$otp),%xmm0 + movdqa ($otp),%xmm1 + pxor %xmm0,%xmm1 + movdqu %xmm1,($out,$otp) + movdqa %xmm0,($otp) + lea 16($otp),$otp + dec $len + jnz .Loop_dec_xmm + + pxor %xmm1,%xmm1 + and \$15,%r10 # len % 16 + jz .Ldone_dec + +.Ltail_dec: + mov \$16,$len + sub %r10,$len + xor %eax,%eax + xor %r11,%r11 +.Loop_dec_byte: + mov ($inp,$otp),%r11b + mov ($otp),%al + xor %r11b,%al + mov %al,($out,$otp) + mov %r11b,($otp) + lea 1($otp),$otp + dec %r10 + jnz .Loop_dec_byte + + xor %eax,%eax +.Loop_dec_pad: + mov %al,($otp) + lea 1($otp),$otp + dec $len + jnz .Loop_dec_pad + +.Ldone_dec: + mov $otp,%rax + ret +.size xor128_decrypt_n_pad,.-xor128_decrypt_n_pad +___ +} + # EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, # CONTEXT *context,DISPATCHER_CONTEXT *disp) if ($win64) { @@ -2200,6 +4080,11 @@ sub poly1305_iteration { .rva .LSEH_end_poly1305_blocks_avx2 .rva .LSEH_info_poly1305_blocks_avx2_3 ___ +$code.=<<___ if ($avx>2); + .rva .LSEH_begin_poly1305_blocks_avx512 + .rva .LSEH_end_poly1305_blocks_avx512 + .rva .LSEH_info_poly1305_blocks_avx512 +___ $code.=<<___; .section .xdata .align 8 @@ -2255,13 +4140,19 @@ sub poly1305_iteration { .rva avx_handler .rva .Ldo_avx2_body,.Ldo_avx2_epilogue # HandlerData[] ___ +$code.=<<___ if ($avx>2); +.LSEH_info_poly1305_blocks_avx512: + .byte 9,0,0,0 + .rva avx_handler + .rva .Ldo_avx512_body,.Ldo_avx512_epilogue # HandlerData[] +___ } foreach (split('\n',$code)) { s/\`([^\`]*)\`/eval($1)/ge; s/%r([a-z]+)#d/%e$1/g; s/%r([0-9]+)#d/%r$1d/g; - s/%x#%y/%x/g; + s/%x#%[yz]/%x/g or s/%y#%z/%y/g or s/%z#%[yz]/%z/g; print $_,"\n"; } diff --git a/deps/openssl/openssl/crypto/poly1305/build.info b/deps/openssl/openssl/crypto/poly1305/build.info index f90ce2b9500a73..631b32b8e099ac 100644 --- a/deps/openssl/openssl/crypto/poly1305/build.info +++ b/deps/openssl/openssl/crypto/poly1305/build.info @@ -1,10 +1,13 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]=\ + poly1305_pmeth.c \ + poly1305_ameth.c \ poly1305.c {- $target{poly1305_asm_src} -} GENERATE[poly1305-sparcv9.S]=asm/poly1305-sparcv9.pl $(PERLASM_SCHEME) INCLUDE[poly1305-sparcv9.o]=.. -GENERATE[poly1305-x86.s]=asm/poly1305-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR) +GENERATE[poly1305-x86.s]=asm/poly1305-x86.pl \ + $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR) GENERATE[poly1305-x86_64.s]=asm/poly1305-x86_64.pl $(PERLASM_SCHEME) GENERATE[poly1305-ppc.s]=asm/poly1305-ppc.pl $(PERLASM_SCHEME) GENERATE[poly1305-ppcfp.s]=asm/poly1305-ppcfp.pl $(PERLASM_SCHEME) @@ -13,8 +16,7 @@ INCLUDE[poly1305-armv4.o]=.. GENERATE[poly1305-armv8.S]=asm/poly1305-armv8.pl $(PERLASM_SCHEME) INCLUDE[poly1305-armv8.o]=.. GENERATE[poly1305-mips.S]=asm/poly1305-mips.pl $(PERLASM_SCHEME) -GENERATE[poly1305-s390x.S]=asm/poly1305-s390x.pl $(PERLASM_SCHEME) -INCLUDE[poly1305-s390x.o]=.. +INCLUDE[poly1305-mips.o]=.. BEGINRAW[Makefile(unix)] {- $builddir -}/poly1305-%.S: {- $sourcedir -}/asm/poly1305-%.pl diff --git a/deps/openssl/openssl/crypto/poly1305/poly1305.c b/deps/openssl/openssl/crypto/poly1305/poly1305.c index eec4d67f0c66f6..1d182364aee435 100644 --- a/deps/openssl/openssl/crypto/poly1305/poly1305.c +++ b/deps/openssl/openssl/crypto/poly1305/poly1305.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,27 +12,9 @@ #include #include "internal/poly1305.h" +#include "poly1305_local.h" -typedef void (*poly1305_blocks_f) (void *ctx, const unsigned char *inp, - size_t len, unsigned int padbit); -typedef void (*poly1305_emit_f) (void *ctx, unsigned char mac[16], - const unsigned int nonce[4]); - -struct poly1305_context { - double opaque[24]; /* large enough to hold internal state, declared - * 'double' to ensure at least 64-bit invariant - * alignment across all platforms and - * configurations */ - unsigned int nonce[4]; - unsigned char data[POLY1305_BLOCK_SIZE]; - size_t num; - struct { - poly1305_blocks_f blocks; - poly1305_emit_f emit; - } func; -}; - -size_t Poly1305_ctx_size () +size_t Poly1305_ctx_size(void) { return sizeof(struct poly1305_context); } @@ -113,12 +95,11 @@ poly1305_blocks(void *ctx, const unsigned char *inp, size_t len, u32 padbit); (a ^ ((a ^ b) | ((a - b) ^ b))) >> (sizeof(a) * 8 - 1) \ ) -# if !defined(PEDANTIC) && \ - (defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16) && \ +# if (defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16) && \ (defined(__SIZEOF_LONG__) && __SIZEOF_LONG__==8) typedef unsigned long u64; -typedef unsigned __int128 u128; +typedef __uint128_t u128; typedef struct { u64 h[3]; @@ -548,490 +529,3 @@ void Poly1305_Final(POLY1305 *ctx, unsigned char mac[16]) /* zero out the state */ OPENSSL_cleanse(ctx, sizeof(*ctx)); } - -#ifdef SELFTEST -#include - -struct poly1305_test { - const char *inputhex; - const char *keyhex; - const char *outhex; -}; - -static const struct poly1305_test poly1305_tests[] = { - /* - * RFC7539 - */ - { - "43727970746f6772617068696320466f72756d2052657365617263682047726f" - "7570", - "85d6be7857556d337f4452fe42d506a8""0103808afb0db2fd4abff6af4149f51b", - "a8061dc1305136c6c22b8baf0c0127a9" - }, - /* - * test vectors from "The Poly1305-AES message-authentication code" - */ - { - "f3f6", - "851fc40c3467ac0be05cc20404f3f700""580b3b0f9447bb1e69d095b5928b6dbc", - "f4c633c3044fc145f84f335cb81953de" - }, - { - "", - "a0f3080000f46400d0c7e9076c834403""dd3fab2251f11ac759f0887129cc2ee7", - "dd3fab2251f11ac759f0887129cc2ee7" - }, - { - "663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136", - "48443d0bb0d21109c89a100b5ce2c208""83149c69b561dd88298a1798b10716ef", - "0ee1c16bb73f0f4fd19881753c01cdbe" - }, - { - "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0" - "990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9", - "12976a08c4426d0ce8a82407c4f48207""80f8c20aa71202d1e29179cbcb555a57", - "5154ad0d2cb26e01274fc51148491f1b" - }, - /* - * self-generated vectors exercise "significant" lengths, such that - * are handled by different code paths - */ - { - "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0" - "990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af", - "12976a08c4426d0ce8a82407c4f48207""80f8c20aa71202d1e29179cbcb555a57", - "812059a5da198637cac7c4a631bee466" - }, - { - "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0" - "990c62e48b8018b2c3e4a0fa3134cb67", - "12976a08c4426d0ce8a82407c4f48207""80f8c20aa71202d1e29179cbcb555a57", - "5b88d7f6228b11e2e28579a5c0c1f761" - }, - { - "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0" - "990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af" - "663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136", - "12976a08c4426d0ce8a82407c4f48207""80f8c20aa71202d1e29179cbcb555a57", - "bbb613b2b6d753ba07395b916aaece15" - }, - { - "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0" - "990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af" - "48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef" - "663cea190ffb83d89593f3f476b6bc24", - "12976a08c4426d0ce8a82407c4f48207""80f8c20aa71202d1e29179cbcb555a57", - "c794d7057d1778c4bbee0a39b3d97342" - }, - { - "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0" - "990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af" - "48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef" - "663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136", - "12976a08c4426d0ce8a82407c4f48207""80f8c20aa71202d1e29179cbcb555a57", - "ffbcb9b371423152d7fca5ad042fbaa9" - }, - { - "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0" - "990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af" - "48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef" - "663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136" - "812059a5da198637cac7c4a631bee466", - "12976a08c4426d0ce8a82407c4f48207""80f8c20aa71202d1e29179cbcb555a57", - "069ed6b8ef0f207b3e243bb1019fe632" - }, - { - "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0" - "990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af" - "48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef" - "663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136" - "812059a5da198637cac7c4a631bee4665b88d7f6228b11e2e28579a5c0c1f761", - "12976a08c4426d0ce8a82407c4f48207""80f8c20aa71202d1e29179cbcb555a57", - "cca339d9a45fa2368c2c68b3a4179133" - }, - { - "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0" - "990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af" - "48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef" - "663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136" - "812059a5da198637cac7c4a631bee4665b88d7f6228b11e2e28579a5c0c1f761" - "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0" - "990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af" - "48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef" - "663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136", - "12976a08c4426d0ce8a82407c4f48207""80f8c20aa71202d1e29179cbcb555a57", - "53f6e828a2f0fe0ee815bf0bd5841a34" - }, - { - "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0" - "990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af" - "48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef" - "663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136" - "812059a5da198637cac7c4a631bee4665b88d7f6228b11e2e28579a5c0c1f761" - "ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0" - "990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af" - "48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef" - "663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136" - "812059a5da198637cac7c4a631bee4665b88d7f6228b11e2e28579a5c0c1f761", - "12976a08c4426d0ce8a82407c4f48207""80f8c20aa71202d1e29179cbcb555a57", - "b846d44e9bbd53cedffbfbb6b7fa4933" - }, - /* - * 4th power of the key spills to 131th bit in SIMD key setup - */ - { - "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", - "ad628107e8351d0f2c231a05dc4a4106""00000000000000000000000000000000", - "07145a4c02fe5fa32036de68fabe9066" - }, - { - /* - * poly1305_ieee754.c failed this in final stage - */ - "842364e156336c0998b933a6237726180d9e3fdcbde4cd5d17080fc3beb49614" - "d7122c037463ff104d73f19c12704628d417c4c54a3fe30d3c3d7714382d43b0" - "382a50a5dee54be844b076e8df88201a1cd43b90eb21643fa96f39b518aa8340" - "c942ff3c31baf7c9bdbf0f31ae3fa096bf8c63030609829fe72e179824890bc8" - "e08c315c1cce2a83144dbbff09f74e3efc770b54d0984a8f19b14719e6363564" - "1d6b1eedf63efbf080e1783d32445412114c20de0b837a0dfa33d6b82825fff4" - "4c9a70ea54ce47f07df698e6b03323b53079364a5fc3e9dd034392bdde86dccd" - "da94321c5e44060489336cb65bf3989c36f7282c2f5d2b882c171e74", - "95d5c005503e510d8cd0aa072c4a4d06""6eabc52d11653df47fbf63ab198bcc26", - "f248312e578d9d58f8b7bb4d19105431" - }, - /* - * AVX2 in poly1305-x86.pl failed this with 176+32 split - */ - { - "248ac31085b6c2adaaa38259a0d7192c5c35d1bb4ef39ad94c38d1c82479e2dd" - "2159a077024b0589bc8a20101b506f0a1ad0bbab76e83a83f1b94be6beae74e8" - "74cab692c5963a75436b776121ec9f62399a3e66b2d22707dae81933b6277f3c" - "8516bcbe26dbbd86f373103d7cf4cad1888c952118fbfbd0d7b4bedc4ae4936a" - "ff91157e7aa47c54442ea78d6ac251d324a0fbe49d89cc3521b66d16e9c66a37" - "09894e4eb0a4eedc4ae19468e66b81f2" - "71351b1d921ea551047abcc6b87a901fde7db79fa1818c11336dbc07244a40eb", - "000102030405060708090a0b0c0d0e0f""00000000000000000000000000000000", - "bc939bc5281480fa99c6d68c258ec42f" - }, - /* - * test vectors from Google - */ - { - "", - "c8afaac331ee372cd6082de134943b17""4710130e9f6fea8d72293850a667d86c", - "4710130e9f6fea8d72293850a667d86c", - }, - { - "48656c6c6f20776f726c6421", - "746869732069732033322d6279746520""6b657920666f7220506f6c7931333035", - "a6f745008f81c916a20dcc74eef2b2f0" - }, - { - "0000000000000000000000000000000000000000000000000000000000000000", - "746869732069732033322d6279746520""6b657920666f7220506f6c7931333035", - "49ec78090e481ec6c26b33b91ccc0307" - }, - { - "89dab80b7717c1db5db437860a3f70218e93e1b8f461fb677f16f35f6f87e2a9" - "1c99bc3a47ace47640cc95c345be5ecca5a3523c35cc01893af0b64a62033427" - "0372ec12482d1b1e363561698a578b359803495bb4e2ef1930b17a5190b580f1" - "41300df30adbeca28f6427a8bc1a999fd51c554a017d095d8c3e3127daf9f595", - "2d773be37adb1e4d683bf0075e79c4ee""037918535a7f99ccb7040fb5f5f43aea", - "c85d15ed44c378d6b00e23064c7bcd51" - }, - { - "000000000000000b1703030200000000" - "06db1f1f368d696a810a349c0c714c9a5e7850c2407d721acded95e018d7a852" - "66a6e1289cdb4aeb18da5ac8a2b0026d24a59ad485227f3eaedbb2e7e35e1c66" - "cd60f9abf716dcc9ac42682dd7dab287a7024c4eefc321cc0574e16793e37cec" - "03c5bda42b54c114a80b57af26416c7be742005e20855c73e21dc8e2edc9d435" - "cb6f6059280011c270b71570051c1c9b3052126620bc1e2730fa066c7a509d53" - "c60e5ae1b40aa6e39e49669228c90eecb4a50db32a50bc49e90b4f4b359a1dfd" - "11749cd3867fcf2fb7bb6cd4738f6a4ad6f7ca5058f7618845af9f020f6c3b96" - "7b8f4cd4a91e2813b507ae66f2d35c18284f7292186062e10fd5510d18775351" - "ef334e7634ab4743f5b68f49adcab384d3fd75f7390f4006ef2a295c8c7a076a" - "d54546cd25d2107fbe1436c840924aaebe5b370893cd63d1325b8616fc481088" - "6bc152c53221b6df373119393255ee72bcaa880174f1717f9184fa91646f17a2" - "4ac55d16bfddca9581a92eda479201f0edbf633600d6066d1ab36d5d2415d713" - "51bbcd608a25108d25641992c1f26c531cf9f90203bc4cc19f5927d834b0a471" - "16d3884bbb164b8ec883d1ac832e56b3918a98601a08d171881541d594db399c" - "6ae6151221745aec814c45b0b05b565436fd6f137aa10a0c0b643761dbd6f9a9" - "dcb99b1a6e690854ce0769cde39761d82fcdec15f0d92d7d8e94ade8eb83fbe0", - "99e5822dd4173c995e3dae0ddefb9774""3fde3b080134b39f76e9bf8d0e88d546", - "2637408fe13086ea73f971e3425e2820" - }, - /* - * test vectors from Hanno Böck - */ - { - "cccccccccccccccccccccccccccccccccccccccccccccccccc80cccccccccccc" - "cccccccccccccccccccccccccccccccccccccccccccccccccccccccccecccccc" - "ccccccccccccccccccccccccccccccc5cccccccccccccccccccccccccccccccc" - "cccccccccce3cccccccccccccccccccccccccccccccccccccccccccccccccccc" - "ccccccccaccccccccccccccccccccce6cccccccccc000000afcccccccccccccc" - "ccccfffffff50000000000000000000000000000000000000000000000000000" - "00ffffffe7000000000000000000000000000000000000000000000000000000" - "0000000000000000000000000000000000000000000000000000719205a8521d" - "fc", - "7f1b0264000000000000000000000000""0000000000000000cccccccccccccccc", - "8559b876eceed66eb37798c0457baff9" - }, - { - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa0000000000" - "00000000800264", - "e0001600000000000000000000000000""0000aaaaaaaaaaaaaaaaaaaaaaaaaaaa", - "00bd1258978e205444c9aaaa82006fed" - }, - { - "02fc", - "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c""0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c", - "06120c0c0c0c0c0c0c0c0c0c0c0c0c0c" - }, - { - "7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b" - "7b7b7b7b7b7b7a7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b" - "7b7b5c7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b" - "7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b6e7b007b7b7b7b7b7b7b7b7b" - "7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7a7b7b7b7b7b7b7b7b7b7b7b7b" - "7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b5c7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b" - "7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b" - "7b6e7b001300000000b300000000000000000000000000000000000000000000" - "f20000000000000000000000000000000000002000efff000900000000000000" - "0000000000100000000009000000640000000000000000000000001300000000" - "b300000000000000000000000000000000000000000000f20000000000000000" - "000000000000000000002000efff00090000000000000000007a000010000000" - "000900000064000000000000000000000000000000000000000000000000fc", - "00ff0000000000000000000000000000""00000000001e00000000000000007b7b", - "33205bbf9e9f8f7212ab9e2ab9b7e4a5" - }, - { - "7777777777777777777777777777777777777777777777777777777777777777" - "7777777777777777777777777777777777777777777777777777777777777777" - "777777777777777777777777ffffffe9e9acacacacacacacacacacac0000acac" - "ec0100acacac2caca2acacacacacacacacacacac64f2", - "0000007f0000007f0100002000000000""0000cf77777777777777777777777777", - "02ee7c8c546ddeb1a467e4c3981158b9" - }, - /* - * test vectors from Andrew Moon - */ - { /* nacl */ - "8e993b9f48681273c29650ba32fc76ce48332ea7164d96a4476fb8c531a1186a" - "c0dfc17c98dce87b4da7f011ec48c97271d2c20f9b928fe2270d6fb863d51738" - "b48eeee314a7cc8ab932164548e526ae90224368517acfeabd6bb3732bc0e9da" - "99832b61ca01b6de56244a9e88d5f9b37973f622a43d14a6599b1f654cb45a74" - "e355a5", - "eea6a7251c1e72916d11c2cb214d3c25""2539121d8e234e652d651fa4c8cff880", - "f3ffc7703f9400e52a7dfb4b3d3305d9" - }, - { /* wrap 2^130-5 */ - "ffffffffffffffffffffffffffffffff", - "02000000000000000000000000000000""00000000000000000000000000000000", - "03000000000000000000000000000000" - }, - { /* wrap 2^128 */ - "02000000000000000000000000000000", - "02000000000000000000000000000000""ffffffffffffffffffffffffffffffff", - "03000000000000000000000000000000" - }, - { /* limb carry */ - "fffffffffffffffffffffffffffffffff0ffffffffffffffffffffffffffffff" - "11000000000000000000000000000000", - "01000000000000000000000000000000""00000000000000000000000000000000", - "05000000000000000000000000000000" - }, - { /* 2^130-5 */ - "fffffffffffffffffffffffffffffffffbfefefefefefefefefefefefefefefe" - "01010101010101010101010101010101", - "01000000000000000000000000000000""00000000000000000000000000000000", - "00000000000000000000000000000000" - }, - { /* 2^130-6 */ - "fdffffffffffffffffffffffffffffff", - "02000000000000000000000000000000""00000000000000000000000000000000", - "faffffffffffffffffffffffffffffff" - }, - { /* 5*H+L reduction intermediate */ - "e33594d7505e43b900000000000000003394d7505e4379cd0100000000000000" - "0000000000000000000000000000000001000000000000000000000000000000", - "01000000000000000400000000000000""00000000000000000000000000000000", - "14000000000000005500000000000000" - }, - { /* 5*H+L reduction final */ - "e33594d7505e43b900000000000000003394d7505e4379cd0100000000000000" - "00000000000000000000000000000000", - "01000000000000000400000000000000""00000000000000000000000000000000", - "13000000000000000000000000000000" - } -}; - -static unsigned char hex_digit(char h) -{ - int i = OPENSSL_hexchar2int(h); - - if (i < 0) - abort(); - return i; -} - -static void hex_decode(unsigned char *out, const char *hex) -{ - size_t j = 0; - - while (*hex != 0) { - unsigned char v = hex_digit(*hex++); - v <<= 4; - v |= hex_digit(*hex++); - out[j++] = v; - } -} - -static void hexdump(unsigned char *a, size_t len) -{ - size_t i; - - for (i = 0; i < len; i++) - printf("%02x", a[i]); -} - -int main() -{ - static const unsigned num_tests = - sizeof(poly1305_tests) / sizeof(struct poly1305_test); - unsigned i; - unsigned char key[32], out[16], expected[16]; - POLY1305 poly1305; - - for (i = 0; i < num_tests; i++) { - const struct poly1305_test *test = &poly1305_tests[i]; - unsigned char *in; - size_t inlen = strlen(test->inputhex); - - if (strlen(test->keyhex) != sizeof(key) * 2 || - strlen(test->outhex) != sizeof(out) * 2 || (inlen & 1) == 1) - return 1; - - inlen /= 2; - - hex_decode(key, test->keyhex); - hex_decode(expected, test->outhex); - - in = malloc(inlen); - - hex_decode(in, test->inputhex); - - Poly1305_Init(&poly1305, key); - Poly1305_Update(&poly1305, in, inlen); - Poly1305_Final(&poly1305, out); - - if (memcmp(out, expected, sizeof(expected)) != 0) { - printf("Poly1305 test #%d failed.\n", i); - printf("got: "); - hexdump(out, sizeof(out)); - printf("\nexpected: "); - hexdump(expected, sizeof(expected)); - printf("\n"); - return 1; - } - - if (inlen > 16) { - Poly1305_Init(&poly1305, key); - Poly1305_Update(&poly1305, in, 1); - Poly1305_Update(&poly1305, in+1, inlen-1); - Poly1305_Final(&poly1305, out); - - if (memcmp(out, expected, sizeof(expected)) != 0) { - printf("Poly1305 test #%d/1+(N-1) failed.\n", i); - printf("got: "); - hexdump(out, sizeof(out)); - printf("\nexpected: "); - hexdump(expected, sizeof(expected)); - printf("\n"); - return 1; - } - } - - if (inlen > 32) { - size_t half = inlen / 2; - - Poly1305_Init(&poly1305, key); - Poly1305_Update(&poly1305, in, half); - Poly1305_Update(&poly1305, in+half, inlen-half); - Poly1305_Final(&poly1305, out); - - if (memcmp(out, expected, sizeof(expected)) != 0) { - printf("Poly1305 test #%d/2 failed.\n", i); - printf("got: "); - hexdump(out, sizeof(out)); - printf("\nexpected: "); - hexdump(expected, sizeof(expected)); - printf("\n"); - return 1; - } - - for (half = 16; half < inlen; half += 16) { - Poly1305_Init(&poly1305, key); - Poly1305_Update(&poly1305, in, half); - Poly1305_Update(&poly1305, in+half, inlen-half); - Poly1305_Final(&poly1305, out); - - if (memcmp(out, expected, sizeof(expected)) != 0) { - printf("Poly1305 test #%d/%d+%d failed.\n", - i, half, inlen-half); - printf("got: "); - hexdump(out, sizeof(out)); - printf("\nexpected: "); - hexdump(expected, sizeof(expected)); - printf("\n"); - return 1; - } - } - } - - free(in); - } - - printf("PASS\n"); - -# ifdef OPENSSL_CPUID_OBJ - { - unsigned char buf[8192]; - unsigned long long stopwatch; - unsigned long long OPENSSL_rdtsc(); - - memset (buf,0x55,sizeof(buf)); - memset (key,0xAA,sizeof(key)); - - Poly1305_Init(&poly1305, key); - - for (i=0;i<100000;i++) - Poly1305_Update(&poly1305,buf,sizeof(buf)); - - stopwatch = OPENSSL_rdtsc(); - for (i=0;i<10000;i++) - Poly1305_Update(&poly1305,buf,sizeof(buf)); - stopwatch = OPENSSL_rdtsc() - stopwatch; - - printf("%g\n",stopwatch/(double)(i*sizeof(buf))); - - stopwatch = OPENSSL_rdtsc(); - for (i=0;i<10000;i++) { - Poly1305_Init(&poly1305, key); - Poly1305_Update(&poly1305,buf,16); - Poly1305_Final(&poly1305,buf); - } - stopwatch = OPENSSL_rdtsc() - stopwatch; - - printf("%g\n",stopwatch/(double)(i)); - } -# endif - return 0; -} -#endif diff --git a/deps/openssl/openssl/crypto/poly1305/poly1305_ameth.c b/deps/openssl/openssl/crypto/poly1305/poly1305_ameth.c new file mode 100644 index 00000000000000..033ee8cd969973 --- /dev/null +++ b/deps/openssl/openssl/crypto/poly1305/poly1305_ameth.c @@ -0,0 +1,122 @@ +/* + * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "internal/cryptlib.h" +#include +#include "internal/asn1_int.h" +#include "internal/poly1305.h" +#include "poly1305_local.h" +#include "internal/evp_int.h" + +/* + * POLY1305 "ASN1" method. This is just here to indicate the maximum + * POLY1305 output length and to free up a POLY1305 key. + */ + +static int poly1305_size(const EVP_PKEY *pkey) +{ + return POLY1305_DIGEST_SIZE; +} + +static void poly1305_key_free(EVP_PKEY *pkey) +{ + ASN1_OCTET_STRING *os = EVP_PKEY_get0(pkey); + if (os != NULL) { + if (os->data != NULL) + OPENSSL_cleanse(os->data, os->length); + ASN1_OCTET_STRING_free(os); + } +} + +static int poly1305_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) +{ + /* nothing, (including ASN1_PKEY_CTRL_DEFAULT_MD_NID), is supported */ + return -2; +} + +static int poly1305_pkey_public_cmp(const EVP_PKEY *a, const EVP_PKEY *b) +{ + return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b)); +} + +static int poly1305_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv, + size_t len) +{ + ASN1_OCTET_STRING *os; + + if (pkey->pkey.ptr != NULL || len != POLY1305_KEY_SIZE) + return 0; + + os = ASN1_OCTET_STRING_new(); + if (os == NULL) + return 0; + + if (!ASN1_OCTET_STRING_set(os, priv, len)) { + ASN1_OCTET_STRING_free(os); + return 0; + } + + pkey->pkey.ptr = os; + return 1; +} + +static int poly1305_get_priv_key(const EVP_PKEY *pkey, unsigned char *priv, + size_t *len) +{ + ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING *)pkey->pkey.ptr; + + if (priv == NULL) { + *len = POLY1305_KEY_SIZE; + return 1; + } + + if (os == NULL || *len < POLY1305_KEY_SIZE) + return 0; + + memcpy(priv, ASN1_STRING_get0_data(os), ASN1_STRING_length(os)); + *len = POLY1305_KEY_SIZE; + + return 1; +} + +const EVP_PKEY_ASN1_METHOD poly1305_asn1_meth = { + EVP_PKEY_POLY1305, + EVP_PKEY_POLY1305, + 0, + + "POLY1305", + "OpenSSL POLY1305 method", + + 0, 0, poly1305_pkey_public_cmp, 0, + + 0, 0, 0, + + poly1305_size, + 0, 0, + 0, 0, 0, 0, 0, 0, 0, + + poly1305_key_free, + poly1305_pkey_ctrl, + NULL, + NULL, + + NULL, + NULL, + NULL, + + NULL, + NULL, + NULL, + + poly1305_set_priv_key, + NULL, + poly1305_get_priv_key, + NULL, +}; diff --git a/deps/openssl/openssl/crypto/poly1305/poly1305_base2_44.c b/deps/openssl/openssl/crypto/poly1305/poly1305_base2_44.c new file mode 100644 index 00000000000000..b6313d01ba4e11 --- /dev/null +++ b/deps/openssl/openssl/crypto/poly1305/poly1305_base2_44.c @@ -0,0 +1,171 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * This module is meant to be used as template for base 2^44 assembly + * implementation[s]. On side note compiler-generated code is not + * slower than compiler-generated base 2^64 code on [high-end] x86_64, + * even though amount of multiplications is 50% higher. Go figure... + */ +#include + +typedef unsigned char u8; +typedef unsigned int u32; +typedef unsigned long u64; +typedef unsigned __int128 u128; + +typedef struct { + u64 h[3]; + u64 s[2]; + u64 r[3]; +} poly1305_internal; + +#define POLY1305_BLOCK_SIZE 16 + +/* pick 64-bit unsigned integer in little endian order */ +static u64 U8TOU64(const unsigned char *p) +{ + return (((u64)(p[0] & 0xff)) | + ((u64)(p[1] & 0xff) << 8) | + ((u64)(p[2] & 0xff) << 16) | + ((u64)(p[3] & 0xff) << 24) | + ((u64)(p[4] & 0xff) << 32) | + ((u64)(p[5] & 0xff) << 40) | + ((u64)(p[6] & 0xff) << 48) | + ((u64)(p[7] & 0xff) << 56)); +} + +/* store a 64-bit unsigned integer in little endian */ +static void U64TO8(unsigned char *p, u64 v) +{ + p[0] = (unsigned char)((v) & 0xff); + p[1] = (unsigned char)((v >> 8) & 0xff); + p[2] = (unsigned char)((v >> 16) & 0xff); + p[3] = (unsigned char)((v >> 24) & 0xff); + p[4] = (unsigned char)((v >> 32) & 0xff); + p[5] = (unsigned char)((v >> 40) & 0xff); + p[6] = (unsigned char)((v >> 48) & 0xff); + p[7] = (unsigned char)((v >> 56) & 0xff); +} + +int poly1305_init(void *ctx, const unsigned char key[16]) +{ + poly1305_internal *st = (poly1305_internal *)ctx; + u64 r0, r1; + + /* h = 0 */ + st->h[0] = 0; + st->h[1] = 0; + st->h[2] = 0; + + r0 = U8TOU64(&key[0]) & 0x0ffffffc0fffffff; + r1 = U8TOU64(&key[8]) & 0x0ffffffc0ffffffc; + + /* break r1:r0 to three 44-bit digits, masks are 1<<44-1 */ + st->r[0] = r0 & 0x0fffffffffff; + st->r[1] = ((r0 >> 44) | (r1 << 20)) & 0x0fffffffffff; + st->r[2] = (r1 >> 24); + + st->s[0] = (st->r[1] + (st->r[1] << 2)) << 2; + st->s[1] = (st->r[2] + (st->r[2] << 2)) << 2; + + return 0; +} + +void poly1305_blocks(void *ctx, const unsigned char *inp, size_t len, + u32 padbit) +{ + poly1305_internal *st = (poly1305_internal *)ctx; + u64 r0, r1, r2; + u64 s1, s2; + u64 h0, h1, h2, c; + u128 d0, d1, d2; + u64 pad = (u64)padbit << 40; + + r0 = st->r[0]; + r1 = st->r[1]; + r2 = st->r[2]; + + s1 = st->s[0]; + s2 = st->s[1]; + + h0 = st->h[0]; + h1 = st->h[1]; + h2 = st->h[2]; + + while (len >= POLY1305_BLOCK_SIZE) { + u64 m0, m1; + + m0 = U8TOU64(inp + 0); + m1 = U8TOU64(inp + 8); + + /* h += m[i], m[i] is broken to 44-bit digits */ + h0 += m0 & 0x0fffffffffff; + h1 += ((m0 >> 44) | (m1 << 20)) & 0x0fffffffffff; + h2 += (m1 >> 24) + pad; + + /* h *= r "%" p, where "%" stands for "partial remainder" */ + d0 = ((u128)h0 * r0) + ((u128)h1 * s2) + ((u128)h2 * s1); + d1 = ((u128)h0 * r1) + ((u128)h1 * r0) + ((u128)h2 * s2); + d2 = ((u128)h0 * r2) + ((u128)h1 * r1) + ((u128)h2 * r0); + + /* "lazy" reduction step */ + h0 = (u64)d0 & 0x0fffffffffff; + h1 = (u64)(d1 += (u64)(d0 >> 44)) & 0x0fffffffffff; + h2 = (u64)(d2 += (u64)(d1 >> 44)) & 0x03ffffffffff; /* last 42 bits */ + + c = (d2 >> 42); + h0 += c + (c << 2); + + inp += POLY1305_BLOCK_SIZE; + len -= POLY1305_BLOCK_SIZE; + } + + st->h[0] = h0; + st->h[1] = h1; + st->h[2] = h2; +} + +void poly1305_emit(void *ctx, unsigned char mac[16], const u32 nonce[4]) +{ + poly1305_internal *st = (poly1305_internal *) ctx; + u64 h0, h1, h2; + u64 g0, g1, g2; + u128 t; + u64 mask; + + h0 = st->h[0]; + h1 = st->h[1]; + h2 = st->h[2]; + + /* after "lazy" reduction, convert 44+bit digits to 64-bit ones */ + h0 = (u64)(t = (u128)h0 + (h1 << 44)); h1 >>= 20; + h1 = (u64)(t = (u128)h1 + (h2 << 24) + (t >> 64)); h2 >>= 40; + h2 += (u64)(t >> 64); + + /* compare to modulus by computing h + -p */ + g0 = (u64)(t = (u128)h0 + 5); + g1 = (u64)(t = (u128)h1 + (t >> 64)); + g2 = h2 + (u64)(t >> 64); + + /* if there was carry into 131st bit, h1:h0 = g1:g0 */ + mask = 0 - (g2 >> 2); + g0 &= mask; + g1 &= mask; + mask = ~mask; + h0 = (h0 & mask) | g0; + h1 = (h1 & mask) | g1; + + /* mac = (h + nonce) % (2^128) */ + h0 = (u64)(t = (u128)h0 + nonce[0] + ((u64)nonce[1]<<32)); + h1 = (u64)(t = (u128)h1 + nonce[2] + ((u64)nonce[3]<<32) + (t >> 64)); + + U64TO8(mac + 0, h0); + U64TO8(mac + 8, h1); +} diff --git a/deps/openssl/openssl/crypto/poly1305/poly1305_ieee754.c b/deps/openssl/openssl/crypto/poly1305/poly1305_ieee754.c index 08a5b58c2a8df7..7cfd968645ffe4 100644 --- a/deps/openssl/openssl/crypto/poly1305/poly1305_ieee754.c +++ b/deps/openssl/openssl/crypto/poly1305/poly1305_ieee754.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -20,30 +20,30 @@ * for x86_64 code. And since we are at it, just for sense of it, * large-block performance in cycles per processed byte for *this* code * is: - * gcc-4.8 icc-15.0 clang-3.4(*) + * gcc-4.8 icc-15.0 clang-3.4(*) * - * Westmere 4.96 5.09 4.37 - * Sandy Bridge 4.95 4.90 4.17 - * Haswell 4.92 4.87 3.78 - * Bulldozer 4.67 4.49 4.68 - * VIA Nano 7.07 7.05 5.98 - * Silvermont 10.6 9.61 12.6 + * Westmere 4.96 5.09 4.37 + * Sandy Bridge 4.95 4.90 4.17 + * Haswell 4.92 4.87 3.78 + * Bulldozer 4.67 4.49 4.68 + * VIA Nano 7.07 7.05 5.98 + * Silvermont 10.6 9.61 12.6 * - * (*) clang managed to discover parallelism and deployed SIMD; + * (*) clang managed to discover parallelism and deployed SIMD; * * And for range of other platforms with unspecified gcc versions: * - * Freescale e300 12.5 - * PPC74x0 10.8 - * POWER6 4.92 - * POWER7 4.50 - * POWER8 4.10 + * Freescale e300 12.5 + * PPC74x0 10.8 + * POWER6 4.92 + * POWER7 4.50 + * POWER8 4.10 * - * z10 11.2 - * z196+ 7.30 + * z10 11.2 + * z196+ 7.30 * - * UltraSPARC III 16.0 - * SPARC T4 16.1 + * UltraSPARC III 16.0 + * SPARC T4 16.1 */ #if !(defined(__GNUC__) && __GNUC__>=2) @@ -57,33 +57,33 @@ typedef unsigned int u32; typedef unsigned long long u64; typedef union { double d; u64 u; } elem64; -#define TWO(p) ((double)(1ULL<<(p))) -#define TWO0 TWO(0) -#define TWO32 TWO(32) -#define TWO64 (TWO32*TWO(32)) -#define TWO96 (TWO64*TWO(32)) -#define TWO130 (TWO96*TWO(34)) +#define TWO(p) ((double)(1ULL<<(p))) +#define TWO0 TWO(0) +#define TWO32 TWO(32) +#define TWO64 (TWO32*TWO(32)) +#define TWO96 (TWO64*TWO(32)) +#define TWO130 (TWO96*TWO(34)) -#define EXP(p) ((1023ULL+(p))<<52) +#define EXP(p) ((1023ULL+(p))<<52) #if defined(__x86_64__) || (defined(__PPC__) && defined(__LITTLE_ENDIAN__)) -# define U8TOU32(p) (*(const u32 *)(p)) -# define U32TO8(p,v) (*(u32 *)(p) = (v)) +# define U8TOU32(p) (*(const u32 *)(p)) +# define U32TO8(p,v) (*(u32 *)(p) = (v)) #elif defined(__PPC__) -# define U8TOU32(p) ({u32 ret; asm ("lwbrx %0,0,%1":"=r"(ret):"b"(p)); ret; }) -# define U32TO8(p,v) asm ("stwbrx %0,0,%1"::"r"(v),"b"(p):"memory") +# define U8TOU32(p) ({u32 ret; asm ("lwbrx %0,0,%1":"=r"(ret):"b"(p)); ret; }) +# define U32TO8(p,v) asm ("stwbrx %0,0,%1"::"r"(v),"b"(p):"memory") #elif defined(__s390x__) -# define U8TOU32(p) ({u32 ret; asm ("lrv %0,%1":"=d"(ret):"m"(*(u32 *)(p))); ret; }) -# define U32TO8(p,v) asm ("strv %1,%0":"=m"(*(u32 *)(p)):"d"(v)) +# define U8TOU32(p) ({u32 ret; asm ("lrv %0,%1":"=d"(ret):"m"(*(u32 *)(p))); ret; }) +# define U32TO8(p,v) asm ("strv %1,%0":"=m"(*(u32 *)(p)):"d"(v)) #endif #ifndef U8TOU32 -# define U8TOU32(p) ((u32)(p)[0] | (u32)(p)[1]<<8 | \ - (u32)(p)[2]<<16 | (u32)(p)[3]<<24 ) +# define U8TOU32(p) ((u32)(p)[0] | (u32)(p)[1]<<8 | \ + (u32)(p)[2]<<16 | (u32)(p)[3]<<24 ) #endif #ifndef U32TO8 -# define U32TO8(p,v) ((p)[0] = (u8)(v), (p)[1] = (u8)((v)>>8), \ - (p)[2] = (u8)((v)>>16), (p)[3] = (u8)((v)>>24) ) +# define U32TO8(p,v) ((p)[0] = (u8)(v), (p)[1] = (u8)((v)>>8), \ + (p)[2] = (u8)((v)>>16), (p)[3] = (u8)((v)>>24) ) #endif typedef struct { @@ -101,6 +101,8 @@ static const u64 one = 1; static const u32 fpc = 1; #elif defined(__sparc__) static const u64 fsr = 1ULL<<30; +#elif defined(__mips__) +static const u32 fcsr = 1; #else #error "unrecognized platform" #endif @@ -147,6 +149,11 @@ int poly1305_init(void *ctx, const unsigned char key[16]) asm volatile ("stx %%fsr,%0":"=m"(fsr_orig)); asm volatile ("ldx %0,%%fsr"::"m"(fsr)); +#elif defined(__mips__) + u32 fcsr_orig; + + asm volatile ("cfc1 %0,$31":"=r"(fcsr_orig)); + asm volatile ("ctc1 %0,$31"::"r"(fcsr)); #endif /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */ @@ -206,6 +213,8 @@ int poly1305_init(void *ctx, const unsigned char key[16]) asm volatile ("lfpc %0"::"m"(fpc_orig)); #elif defined(__sparc__) asm volatile ("ldx %0,%%fsr"::"m"(fsr_orig)); +#elif defined(__mips__) + asm volatile ("ctc1 %0,$31"::"r"(fcsr_orig)); #endif } @@ -262,6 +271,11 @@ void poly1305_blocks(void *ctx, const unsigned char *inp, size_t len, asm volatile ("stx %%fsr,%0":"=m"(fsr_orig)); asm volatile ("ldx %0,%%fsr"::"m"(fsr)); +#elif defined(__mips__) + u32 fcsr_orig; + + asm volatile ("cfc1 %0,$31":"=r"(fcsr_orig)); + asm volatile ("ctc1 %0,$31"::"r"(fcsr)); #endif /* @@ -345,9 +359,9 @@ void poly1305_blocks(void *ctx, const unsigned char *inp, size_t len, #ifndef __clang__ fast_entry: #endif - /* - * base 2^32 * base 2^16 = base 2^48 - */ + /* + * base 2^32 * base 2^16 = base 2^48 + */ h0lo = s3lo * x1 + s2lo * x2 + s1lo * x3 + r0lo * x0; h1lo = r0lo * x1 + s3lo * x2 + s2lo * x3 + r1lo * x0; h2lo = r1lo * x1 + r0lo * x2 + s3lo * x3 + r2lo * x0; @@ -408,6 +422,8 @@ void poly1305_blocks(void *ctx, const unsigned char *inp, size_t len, asm volatile ("lfpc %0"::"m"(fpc_orig)); #elif defined(__sparc__) asm volatile ("ldx %0,%%fsr"::"m"(fsr_orig)); +#elif defined(__mips__) + asm volatile ("ctc1 %0,$31"::"r"(fcsr_orig)); #endif } diff --git a/deps/openssl/openssl/crypto/poly1305/poly1305_local.h b/deps/openssl/openssl/crypto/poly1305/poly1305_local.h new file mode 100644 index 00000000000000..6d4d9dc5b62169 --- /dev/null +++ b/deps/openssl/openssl/crypto/poly1305/poly1305_local.h @@ -0,0 +1,27 @@ +/* + * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +typedef void (*poly1305_blocks_f) (void *ctx, const unsigned char *inp, + size_t len, unsigned int padbit); +typedef void (*poly1305_emit_f) (void *ctx, unsigned char mac[16], + const unsigned int nonce[4]); + +struct poly1305_context { + double opaque[24]; /* large enough to hold internal state, declared + * 'double' to ensure at least 64-bit invariant + * alignment across all platforms and + * configurations */ + unsigned int nonce[4]; + unsigned char data[POLY1305_BLOCK_SIZE]; + size_t num; + struct { + poly1305_blocks_f blocks; + poly1305_emit_f emit; + } func; +}; diff --git a/deps/openssl/openssl/crypto/poly1305/poly1305_pmeth.c b/deps/openssl/openssl/crypto/poly1305/poly1305_pmeth.c new file mode 100644 index 00000000000000..3bc24c98cd6147 --- /dev/null +++ b/deps/openssl/openssl/crypto/poly1305/poly1305_pmeth.c @@ -0,0 +1,194 @@ +/* + * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "internal/cryptlib.h" +#include +#include +#include +#include +#include "internal/poly1305.h" +#include "poly1305_local.h" +#include "internal/evp_int.h" + +/* POLY1305 pkey context structure */ + +typedef struct { + ASN1_OCTET_STRING ktmp; /* Temp storage for key */ + POLY1305 ctx; +} POLY1305_PKEY_CTX; + +static int pkey_poly1305_init(EVP_PKEY_CTX *ctx) +{ + POLY1305_PKEY_CTX *pctx; + + if ((pctx = OPENSSL_zalloc(sizeof(*pctx))) == NULL) { + CRYPTOerr(CRYPTO_F_PKEY_POLY1305_INIT, ERR_R_MALLOC_FAILURE); + return 0; + } + pctx->ktmp.type = V_ASN1_OCTET_STRING; + + EVP_PKEY_CTX_set_data(ctx, pctx); + EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0); + return 1; +} + +static void pkey_poly1305_cleanup(EVP_PKEY_CTX *ctx) +{ + POLY1305_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx); + + if (pctx != NULL) { + OPENSSL_clear_free(pctx->ktmp.data, pctx->ktmp.length); + OPENSSL_clear_free(pctx, sizeof(*pctx)); + EVP_PKEY_CTX_set_data(ctx, NULL); + } +} + +static int pkey_poly1305_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) +{ + POLY1305_PKEY_CTX *sctx, *dctx; + + /* allocate memory for dst->data and a new POLY1305_CTX in dst->data->ctx */ + if (!pkey_poly1305_init(dst)) + return 0; + sctx = EVP_PKEY_CTX_get_data(src); + dctx = EVP_PKEY_CTX_get_data(dst); + if (ASN1_STRING_get0_data(&sctx->ktmp) != NULL && + !ASN1_STRING_copy(&dctx->ktmp, &sctx->ktmp)) { + /* cleanup and free the POLY1305_PKEY_CTX in dst->data */ + pkey_poly1305_cleanup(dst); + return 0; + } + memcpy(&dctx->ctx, &sctx->ctx, sizeof(POLY1305)); + return 1; +} + +static int pkey_poly1305_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) +{ + ASN1_OCTET_STRING *key; + POLY1305_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx); + + if (ASN1_STRING_get0_data(&pctx->ktmp) == NULL) + return 0; + key = ASN1_OCTET_STRING_dup(&pctx->ktmp); + if (key == NULL) + return 0; + return EVP_PKEY_assign_POLY1305(pkey, key); +} + +static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count) +{ + POLY1305_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(EVP_MD_CTX_pkey_ctx(ctx)); + + Poly1305_Update(&pctx->ctx, data, count); + return 1; +} + +static int poly1305_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) +{ + POLY1305_PKEY_CTX *pctx = ctx->data; + ASN1_OCTET_STRING *key = (ASN1_OCTET_STRING *)ctx->pkey->pkey.ptr; + + if (key->length != POLY1305_KEY_SIZE) + return 0; + EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT); + EVP_MD_CTX_set_update_fn(mctx, int_update); + Poly1305_Init(&pctx->ctx, key->data); + return 1; +} +static int poly1305_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + EVP_MD_CTX *mctx) +{ + POLY1305_PKEY_CTX *pctx = ctx->data; + + *siglen = POLY1305_DIGEST_SIZE; + if (sig != NULL) + Poly1305_Final(&pctx->ctx, sig); + return 1; +} + +static int pkey_poly1305_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) +{ + POLY1305_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx); + const unsigned char *key; + size_t len; + + switch (type) { + + case EVP_PKEY_CTRL_MD: + /* ignore */ + break; + + case EVP_PKEY_CTRL_SET_MAC_KEY: + case EVP_PKEY_CTRL_DIGESTINIT: + if (type == EVP_PKEY_CTRL_SET_MAC_KEY) { + /* user explicitly setting the key */ + key = p2; + len = p1; + } else { + /* user indirectly setting the key via EVP_DigestSignInit */ + key = EVP_PKEY_get0_poly1305(EVP_PKEY_CTX_get0_pkey(ctx), &len); + } + if (key == NULL || len != POLY1305_KEY_SIZE || + !ASN1_OCTET_STRING_set(&pctx->ktmp, key, len)) + return 0; + Poly1305_Init(&pctx->ctx, ASN1_STRING_get0_data(&pctx->ktmp)); + break; + + default: + return -2; + + } + return 1; +} + +static int pkey_poly1305_ctrl_str(EVP_PKEY_CTX *ctx, + const char *type, const char *value) +{ + if (value == NULL) + return 0; + if (strcmp(type, "key") == 0) + return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value); + if (strcmp(type, "hexkey") == 0) + return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value); + return -2; +} + +const EVP_PKEY_METHOD poly1305_pkey_meth = { + EVP_PKEY_POLY1305, + EVP_PKEY_FLAG_SIGCTX_CUSTOM, /* we don't deal with a separate MD */ + pkey_poly1305_init, + pkey_poly1305_copy, + pkey_poly1305_cleanup, + + 0, 0, + + 0, + pkey_poly1305_keygen, + + 0, 0, + + 0, 0, + + 0, 0, + + poly1305_signctx_init, + poly1305_signctx, + + 0, 0, + + 0, 0, + + 0, 0, + + 0, 0, + + pkey_poly1305_ctrl, + pkey_poly1305_ctrl_str +}; diff --git a/deps/openssl/openssl/crypto/ppccap.c b/deps/openssl/openssl/crypto/ppccap.c index 3baf9f7b76c1d0..8b7d765c3aa231 100644 --- a/deps/openssl/openssl/crypto/ppccap.c +++ b/deps/openssl/openssl/crypto/ppccap.c @@ -1,5 +1,5 @@ /* - * Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -28,6 +28,9 @@ #endif #include #include +#include +#include +#include "bn/bn_lcl.h" #include "ppc_arch.h" @@ -39,38 +42,24 @@ static sigset_t all_masked; int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np, const BN_ULONG *n0, int num) { - int bn_mul_mont_fpu64(BN_ULONG *rp, const BN_ULONG *ap, - const BN_ULONG *bp, const BN_ULONG *np, - const BN_ULONG *n0, int num); int bn_mul_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np, const BN_ULONG *n0, int num); + int bn_mul4x_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, + const BN_ULONG *np, const BN_ULONG *n0, int num); - if (sizeof(size_t) == 4) { -# if 1 || (defined(__APPLE__) && defined(__MACH__)) - if (num >= 8 && (num & 3) == 0 && (OPENSSL_ppccap_P & PPC_FPU64)) - return bn_mul_mont_fpu64(rp, ap, bp, np, n0, num); -# else - /* - * boundary of 32 was experimentally determined on Linux 2.6.22, - * might have to be adjusted on AIX... - */ - if (num >= 32 && (num & 3) == 0 && (OPENSSL_ppccap_P & PPC_FPU64)) { - sigset_t oset; - int ret; - - sigprocmask(SIG_SETMASK, &all_masked, &oset); - ret = bn_mul_mont_fpu64(rp, ap, bp, np, n0, num); - sigprocmask(SIG_SETMASK, &oset, NULL); - - return ret; - } -# endif - } else if ((OPENSSL_ppccap_P & PPC_FPU64)) - /* - * this is a "must" on POWER6, but run-time detection is not - * implemented yet... - */ - return bn_mul_mont_fpu64(rp, ap, bp, np, n0, num); + if (num < 4) + return 0; + + if ((num & 3) == 0) + return bn_mul4x_mont_int(rp, ap, bp, np, n0, num); + + /* + * There used to be [optional] call to bn_mul_mont_fpu64 here, + * but above subroutine is faster on contemporary processors. + * Formulation means that there might be old processors where + * FPU code path would be faster, POWER6 perhaps, but there was + * no opportunity to figure it out... + */ return bn_mul_mont_int(rp, ap, bp, np, n0, num); } @@ -78,6 +67,7 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, void sha256_block_p8(void *ctx, const void *inp, size_t len); void sha256_block_ppc(void *ctx, const void *inp, size_t len); +void sha256_block_data_order(void *ctx, const void *inp, size_t len); void sha256_block_data_order(void *ctx, const void *inp, size_t len) { OPENSSL_ppccap_P & PPC_CRYPTO207 ? sha256_block_p8(ctx, inp, len) : @@ -86,6 +76,7 @@ void sha256_block_data_order(void *ctx, const void *inp, size_t len) void sha512_block_p8(void *ctx, const void *inp, size_t len); void sha512_block_ppc(void *ctx, const void *inp, size_t len); +void sha512_block_data_order(void *ctx, const void *inp, size_t len); void sha512_block_data_order(void *ctx, const void *inp, size_t len) { OPENSSL_ppccap_P & PPC_CRYPTO207 ? sha512_block_p8(ctx, inp, len) : @@ -99,13 +90,18 @@ void ChaCha20_ctr32_int(unsigned char *out, const unsigned char *inp, void ChaCha20_ctr32_vmx(unsigned char *out, const unsigned char *inp, size_t len, const unsigned int key[8], const unsigned int counter[4]); +void ChaCha20_ctr32_vsx(unsigned char *out, const unsigned char *inp, + size_t len, const unsigned int key[8], + const unsigned int counter[4]); void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp, size_t len, const unsigned int key[8], const unsigned int counter[4]) { - OPENSSL_ppccap_P & PPC_ALTIVEC - ? ChaCha20_ctr32_vmx(out, inp, len, key, counter) - : ChaCha20_ctr32_int(out, inp, len, key, counter); + OPENSSL_ppccap_P & PPC_CRYPTO207 + ? ChaCha20_ctr32_vsx(out, inp, len, key, counter) + : OPENSSL_ppccap_P & PPC_ALTIVEC + ? ChaCha20_ctr32_vmx(out, inp, len, key, counter) + : ChaCha20_ctr32_int(out, inp, len, key, counter); } #endif @@ -120,21 +116,46 @@ void poly1305_blocks_fpu(void *ctx, const unsigned char *inp, size_t len, unsigned int padbit); void poly1305_emit_fpu(void *ctx, unsigned char mac[16], const unsigned int nonce[4]); +int poly1305_init(void *ctx, const unsigned char key[16], void *func[2]); int poly1305_init(void *ctx, const unsigned char key[16], void *func[2]) { if (sizeof(size_t) == 4 && (OPENSSL_ppccap_P & PPC_FPU)) { poly1305_init_fpu(ctx, key); - func[0] = poly1305_blocks_fpu; - func[1] = poly1305_emit_fpu; + func[0] = (void*)(uintptr_t)poly1305_blocks_fpu; + func[1] = (void*)(uintptr_t)poly1305_emit_fpu; } else { poly1305_init_int(ctx, key); - func[0] = poly1305_blocks; - func[1] = poly1305_emit; + func[0] = (void*)(uintptr_t)poly1305_blocks; + func[1] = (void*)(uintptr_t)poly1305_emit; } return 1; } #endif +#ifdef ECP_NISTZ256_ASM +void ecp_nistz256_mul_mont(unsigned long res[4], const unsigned long a[4], + const unsigned long b[4]); + +void ecp_nistz256_to_mont(unsigned long res[4], const unsigned long in[4]); +void ecp_nistz256_to_mont(unsigned long res[4], const unsigned long in[4]) +{ + static const unsigned long RR[] = { 0x0000000000000003U, + 0xfffffffbffffffffU, + 0xfffffffffffffffeU, + 0x00000004fffffffdU }; + + ecp_nistz256_mul_mont(res, in, RR); +} + +void ecp_nistz256_from_mont(unsigned long res[4], const unsigned long in[4]); +void ecp_nistz256_from_mont(unsigned long res[4], const unsigned long in[4]) +{ + static const unsigned long one[] = { 1, 0, 0, 0 }; + + ecp_nistz256_mul_mont(res, in, one); +} +#endif + static sigjmp_buf ill_jmp; static void ill_handler(int sig) { diff --git a/deps/openssl/openssl/crypto/rand/build.info b/deps/openssl/openssl/crypto/rand/build.info index 3ad50e2590cef5..df9bac67f04ccb 100644 --- a/deps/openssl/openssl/crypto/rand/build.info +++ b/deps/openssl/openssl/crypto/rand/build.info @@ -1,4 +1,4 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]=\ - md_rand.c randfile.c rand_lib.c rand_err.c rand_egd.c \ - rand_win.c rand_unix.c rand_vms.c + randfile.c rand_lib.c rand_err.c rand_egd.c \ + rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c diff --git a/deps/openssl/openssl/crypto/rand/drbg_ctr.c b/deps/openssl/openssl/crypto/rand/drbg_ctr.c new file mode 100644 index 00000000000000..a243361b56e401 --- /dev/null +++ b/deps/openssl/openssl/crypto/rand/drbg_ctr.c @@ -0,0 +1,438 @@ +/* + * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include +#include "internal/thread_once.h" +#include "internal/thread_once.h" +#include "rand_lcl.h" +/* + * Implementation of NIST SP 800-90A CTR DRBG. + */ + +static void inc_128(RAND_DRBG_CTR *ctr) +{ + int i; + unsigned char c; + unsigned char *p = &ctr->V[15]; + + for (i = 0; i < 16; i++, p--) { + c = *p; + c++; + *p = c; + if (c != 0) { + /* If we didn't wrap around, we're done. */ + break; + } + } +} + +static void ctr_XOR(RAND_DRBG_CTR *ctr, const unsigned char *in, size_t inlen) +{ + size_t i, n; + + if (in == NULL || inlen == 0) + return; + + /* + * Any zero padding will have no effect on the result as we + * are XORing. So just process however much input we have. + */ + n = inlen < ctr->keylen ? inlen : ctr->keylen; + for (i = 0; i < n; i++) + ctr->K[i] ^= in[i]; + if (inlen <= ctr->keylen) + return; + + n = inlen - ctr->keylen; + if (n > 16) { + /* Should never happen */ + n = 16; + } + for (i = 0; i < n; i++) + ctr->V[i] ^= in[i + ctr->keylen]; +} + +/* + * Process a complete block using BCC algorithm of SP 800-90A 10.3.3 + */ +__owur static int ctr_BCC_block(RAND_DRBG_CTR *ctr, unsigned char *out, + const unsigned char *in) +{ + int i, outlen = AES_BLOCK_SIZE; + + for (i = 0; i < 16; i++) + out[i] ^= in[i]; + + if (!EVP_CipherUpdate(ctr->ctx_df, out, &outlen, out, AES_BLOCK_SIZE) + || outlen != AES_BLOCK_SIZE) + return 0; + return 1; +} + + +/* + * Handle several BCC operations for as much data as we need for K and X + */ +__owur static int ctr_BCC_blocks(RAND_DRBG_CTR *ctr, const unsigned char *in) +{ + if (!ctr_BCC_block(ctr, ctr->KX, in) + || !ctr_BCC_block(ctr, ctr->KX + 16, in)) + return 0; + if (ctr->keylen != 16 && !ctr_BCC_block(ctr, ctr->KX + 32, in)) + return 0; + return 1; +} + +/* + * Initialise BCC blocks: these have the value 0,1,2 in leftmost positions: + * see 10.3.1 stage 7. + */ +__owur static int ctr_BCC_init(RAND_DRBG_CTR *ctr) +{ + memset(ctr->KX, 0, 48); + memset(ctr->bltmp, 0, 16); + if (!ctr_BCC_block(ctr, ctr->KX, ctr->bltmp)) + return 0; + ctr->bltmp[3] = 1; + if (!ctr_BCC_block(ctr, ctr->KX + 16, ctr->bltmp)) + return 0; + if (ctr->keylen != 16) { + ctr->bltmp[3] = 2; + if (!ctr_BCC_block(ctr, ctr->KX + 32, ctr->bltmp)) + return 0; + } + return 1; +} + +/* + * Process several blocks into BCC algorithm, some possibly partial + */ +__owur static int ctr_BCC_update(RAND_DRBG_CTR *ctr, + const unsigned char *in, size_t inlen) +{ + if (in == NULL || inlen == 0) + return 1; + + /* If we have partial block handle it first */ + if (ctr->bltmp_pos) { + size_t left = 16 - ctr->bltmp_pos; + + /* If we now have a complete block process it */ + if (inlen >= left) { + memcpy(ctr->bltmp + ctr->bltmp_pos, in, left); + if (!ctr_BCC_blocks(ctr, ctr->bltmp)) + return 0; + ctr->bltmp_pos = 0; + inlen -= left; + in += left; + } + } + + /* Process zero or more complete blocks */ + for (; inlen >= 16; in += 16, inlen -= 16) { + if (!ctr_BCC_blocks(ctr, in)) + return 0; + } + + /* Copy any remaining partial block to the temporary buffer */ + if (inlen > 0) { + memcpy(ctr->bltmp + ctr->bltmp_pos, in, inlen); + ctr->bltmp_pos += inlen; + } + return 1; +} + +__owur static int ctr_BCC_final(RAND_DRBG_CTR *ctr) +{ + if (ctr->bltmp_pos) { + memset(ctr->bltmp + ctr->bltmp_pos, 0, 16 - ctr->bltmp_pos); + if (!ctr_BCC_blocks(ctr, ctr->bltmp)) + return 0; + } + return 1; +} + +__owur static int ctr_df(RAND_DRBG_CTR *ctr, + const unsigned char *in1, size_t in1len, + const unsigned char *in2, size_t in2len, + const unsigned char *in3, size_t in3len) +{ + static unsigned char c80 = 0x80; + size_t inlen; + unsigned char *p = ctr->bltmp; + int outlen = AES_BLOCK_SIZE; + + if (!ctr_BCC_init(ctr)) + return 0; + if (in1 == NULL) + in1len = 0; + if (in2 == NULL) + in2len = 0; + if (in3 == NULL) + in3len = 0; + inlen = in1len + in2len + in3len; + /* Initialise L||N in temporary block */ + *p++ = (inlen >> 24) & 0xff; + *p++ = (inlen >> 16) & 0xff; + *p++ = (inlen >> 8) & 0xff; + *p++ = inlen & 0xff; + + /* NB keylen is at most 32 bytes */ + *p++ = 0; + *p++ = 0; + *p++ = 0; + *p = (unsigned char)((ctr->keylen + 16) & 0xff); + ctr->bltmp_pos = 8; + if (!ctr_BCC_update(ctr, in1, in1len) + || !ctr_BCC_update(ctr, in2, in2len) + || !ctr_BCC_update(ctr, in3, in3len) + || !ctr_BCC_update(ctr, &c80, 1) + || !ctr_BCC_final(ctr)) + return 0; + /* Set up key K */ + if (!EVP_CipherInit_ex(ctr->ctx, ctr->cipher, NULL, ctr->KX, NULL, 1)) + return 0; + /* X follows key K */ + if (!EVP_CipherUpdate(ctr->ctx, ctr->KX, &outlen, ctr->KX + ctr->keylen, + AES_BLOCK_SIZE) + || outlen != AES_BLOCK_SIZE) + return 0; + if (!EVP_CipherUpdate(ctr->ctx, ctr->KX + 16, &outlen, ctr->KX, + AES_BLOCK_SIZE) + || outlen != AES_BLOCK_SIZE) + return 0; + if (ctr->keylen != 16) + if (!EVP_CipherUpdate(ctr->ctx, ctr->KX + 32, &outlen, ctr->KX + 16, + AES_BLOCK_SIZE) + || outlen != AES_BLOCK_SIZE) + return 0; + return 1; +} + +/* + * NB the no-df Update in SP800-90A specifies a constant input length + * of seedlen, however other uses of this algorithm pad the input with + * zeroes if necessary and have up to two parameters XORed together, + * so we handle both cases in this function instead. + */ +__owur static int ctr_update(RAND_DRBG *drbg, + const unsigned char *in1, size_t in1len, + const unsigned char *in2, size_t in2len, + const unsigned char *nonce, size_t noncelen) +{ + RAND_DRBG_CTR *ctr = &drbg->data.ctr; + int outlen = AES_BLOCK_SIZE; + + /* correct key is already set up. */ + inc_128(ctr); + if (!EVP_CipherUpdate(ctr->ctx, ctr->K, &outlen, ctr->V, AES_BLOCK_SIZE) + || outlen != AES_BLOCK_SIZE) + return 0; + + /* If keylen longer than 128 bits need extra encrypt */ + if (ctr->keylen != 16) { + inc_128(ctr); + if (!EVP_CipherUpdate(ctr->ctx, ctr->K+16, &outlen, ctr->V, + AES_BLOCK_SIZE) + || outlen != AES_BLOCK_SIZE) + return 0; + } + inc_128(ctr); + if (!EVP_CipherUpdate(ctr->ctx, ctr->V, &outlen, ctr->V, AES_BLOCK_SIZE) + || outlen != AES_BLOCK_SIZE) + return 0; + + /* If 192 bit key part of V is on end of K */ + if (ctr->keylen == 24) { + memcpy(ctr->V + 8, ctr->V, 8); + memcpy(ctr->V, ctr->K + 24, 8); + } + + if ((drbg->flags & RAND_DRBG_FLAG_CTR_NO_DF) == 0) { + /* If no input reuse existing derived value */ + if (in1 != NULL || nonce != NULL || in2 != NULL) + if (!ctr_df(ctr, in1, in1len, nonce, noncelen, in2, in2len)) + return 0; + /* If this a reuse input in1len != 0 */ + if (in1len) + ctr_XOR(ctr, ctr->KX, drbg->seedlen); + } else { + ctr_XOR(ctr, in1, in1len); + ctr_XOR(ctr, in2, in2len); + } + + if (!EVP_CipherInit_ex(ctr->ctx, ctr->cipher, NULL, ctr->K, NULL, 1)) + return 0; + return 1; +} + +__owur static int drbg_ctr_instantiate(RAND_DRBG *drbg, + const unsigned char *entropy, size_t entropylen, + const unsigned char *nonce, size_t noncelen, + const unsigned char *pers, size_t perslen) +{ + RAND_DRBG_CTR *ctr = &drbg->data.ctr; + + if (entropy == NULL) + return 0; + + memset(ctr->K, 0, sizeof(ctr->K)); + memset(ctr->V, 0, sizeof(ctr->V)); + if (!EVP_CipherInit_ex(ctr->ctx, ctr->cipher, NULL, ctr->K, NULL, 1)) + return 0; + if (!ctr_update(drbg, entropy, entropylen, pers, perslen, nonce, noncelen)) + return 0; + return 1; +} + +__owur static int drbg_ctr_reseed(RAND_DRBG *drbg, + const unsigned char *entropy, size_t entropylen, + const unsigned char *adin, size_t adinlen) +{ + if (entropy == NULL) + return 0; + if (!ctr_update(drbg, entropy, entropylen, adin, adinlen, NULL, 0)) + return 0; + return 1; +} + +__owur static int drbg_ctr_generate(RAND_DRBG *drbg, + unsigned char *out, size_t outlen, + const unsigned char *adin, size_t adinlen) +{ + RAND_DRBG_CTR *ctr = &drbg->data.ctr; + + if (adin != NULL && adinlen != 0) { + if (!ctr_update(drbg, adin, adinlen, NULL, 0, NULL, 0)) + return 0; + /* This means we reuse derived value */ + if ((drbg->flags & RAND_DRBG_FLAG_CTR_NO_DF) == 0) { + adin = NULL; + adinlen = 1; + } + } else { + adinlen = 0; + } + + for ( ; ; ) { + int outl = AES_BLOCK_SIZE; + + inc_128(ctr); + if (outlen < 16) { + /* Use K as temp space as it will be updated */ + if (!EVP_CipherUpdate(ctr->ctx, ctr->K, &outl, ctr->V, + AES_BLOCK_SIZE) + || outl != AES_BLOCK_SIZE) + return 0; + memcpy(out, ctr->K, outlen); + break; + } + if (!EVP_CipherUpdate(ctr->ctx, out, &outl, ctr->V, AES_BLOCK_SIZE) + || outl != AES_BLOCK_SIZE) + return 0; + out += 16; + outlen -= 16; + if (outlen == 0) + break; + } + + if (!ctr_update(drbg, adin, adinlen, NULL, 0, NULL, 0)) + return 0; + return 1; +} + +static int drbg_ctr_uninstantiate(RAND_DRBG *drbg) +{ + EVP_CIPHER_CTX_free(drbg->data.ctr.ctx); + EVP_CIPHER_CTX_free(drbg->data.ctr.ctx_df); + OPENSSL_cleanse(&drbg->data.ctr, sizeof(drbg->data.ctr)); + return 1; +} + +static RAND_DRBG_METHOD drbg_ctr_meth = { + drbg_ctr_instantiate, + drbg_ctr_reseed, + drbg_ctr_generate, + drbg_ctr_uninstantiate +}; + +int drbg_ctr_init(RAND_DRBG *drbg) +{ + RAND_DRBG_CTR *ctr = &drbg->data.ctr; + size_t keylen; + + switch (drbg->type) { + default: + /* This can't happen, but silence the compiler warning. */ + return 0; + case NID_aes_128_ctr: + keylen = 16; + ctr->cipher = EVP_aes_128_ecb(); + break; + case NID_aes_192_ctr: + keylen = 24; + ctr->cipher = EVP_aes_192_ecb(); + break; + case NID_aes_256_ctr: + keylen = 32; + ctr->cipher = EVP_aes_256_ecb(); + break; + } + + drbg->meth = &drbg_ctr_meth; + + ctr->keylen = keylen; + if (ctr->ctx == NULL) + ctr->ctx = EVP_CIPHER_CTX_new(); + if (ctr->ctx == NULL) + return 0; + drbg->strength = keylen * 8; + drbg->seedlen = keylen + 16; + + if ((drbg->flags & RAND_DRBG_FLAG_CTR_NO_DF) == 0) { + /* df initialisation */ + static const unsigned char df_key[32] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f + }; + + if (ctr->ctx_df == NULL) + ctr->ctx_df = EVP_CIPHER_CTX_new(); + if (ctr->ctx_df == NULL) + return 0; + /* Set key schedule for df_key */ + if (!EVP_CipherInit_ex(ctr->ctx_df, ctr->cipher, NULL, df_key, NULL, 1)) + return 0; + + drbg->min_entropylen = ctr->keylen; + drbg->max_entropylen = DRBG_MAX_LENGTH; + drbg->min_noncelen = drbg->min_entropylen / 2; + drbg->max_noncelen = DRBG_MAX_LENGTH; + drbg->max_perslen = DRBG_MAX_LENGTH; + drbg->max_adinlen = DRBG_MAX_LENGTH; + } else { + drbg->min_entropylen = drbg->seedlen; + drbg->max_entropylen = drbg->seedlen; + /* Nonce not used */ + drbg->min_noncelen = 0; + drbg->max_noncelen = 0; + drbg->max_perslen = drbg->seedlen; + drbg->max_adinlen = drbg->seedlen; + } + + drbg->max_request = 1 << 16; + + return 1; +} diff --git a/deps/openssl/openssl/crypto/rand/drbg_lib.c b/deps/openssl/openssl/crypto/rand/drbg_lib.c new file mode 100644 index 00000000000000..a13282181d6d1b --- /dev/null +++ b/deps/openssl/openssl/crypto/rand/drbg_lib.c @@ -0,0 +1,1159 @@ +/* + * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include "rand_lcl.h" +#include "internal/thread_once.h" +#include "internal/rand_int.h" +#include "internal/cryptlib_int.h" + +/* + * Support framework for NIST SP 800-90A DRBG + * + * See manual page RAND_DRBG(7) for a general overview. + * + * The OpenSSL model is to have new and free functions, and that new + * does all initialization. That is not the NIST model, which has + * instantiation and un-instantiate, and re-use within a new/free + * lifecycle. (No doubt this comes from the desire to support hardware + * DRBG, where allocation of resources on something like an HSM is + * a much bigger deal than just re-setting an allocated resource.) + */ + +/* + * The three shared DRBG instances + * + * There are three shared DRBG instances: , , and . + */ + +/* + * The DRBG + * + * Not used directly by the application, only for reseeding the two other + * DRBGs. It reseeds itself by pulling either randomness from os entropy + * sources or by consuming randomness which was added by RAND_add(). + * + * The DRBG is a global instance which is accessed concurrently by + * all threads. The necessary locking is managed automatically by its child + * DRBG instances during reseeding. + */ +static RAND_DRBG *master_drbg; +/* + * The DRBG + * + * Used by default for generating random bytes using RAND_bytes(). + * + * The DRBG is thread-local, i.e., there is one instance per thread. + */ +static CRYPTO_THREAD_LOCAL public_drbg; +/* + * The DRBG + * + * Used by default for generating private keys using RAND_priv_bytes() + * + * The DRBG is thread-local, i.e., there is one instance per thread. + */ +static CRYPTO_THREAD_LOCAL private_drbg; + + + +/* NIST SP 800-90A DRBG recommends the use of a personalization string. */ +static const char ossl_pers_string[] = "OpenSSL NIST SP 800-90A DRBG"; + +static CRYPTO_ONCE rand_drbg_init = CRYPTO_ONCE_STATIC_INIT; + + + +static int rand_drbg_type = RAND_DRBG_TYPE; +static unsigned int rand_drbg_flags = RAND_DRBG_FLAGS; + +static unsigned int master_reseed_interval = MASTER_RESEED_INTERVAL; +static unsigned int slave_reseed_interval = SLAVE_RESEED_INTERVAL; + +static time_t master_reseed_time_interval = MASTER_RESEED_TIME_INTERVAL; +static time_t slave_reseed_time_interval = SLAVE_RESEED_TIME_INTERVAL; + +/* A logical OR of all used DRBG flag bits (currently there is only one) */ +static const unsigned int rand_drbg_used_flags = + RAND_DRBG_FLAG_CTR_NO_DF; + +static RAND_DRBG *drbg_setup(RAND_DRBG *parent); + +static RAND_DRBG *rand_drbg_new(int secure, + int type, + unsigned int flags, + RAND_DRBG *parent); + +/* + * Set/initialize |drbg| to be of type |type|, with optional |flags|. + * + * If |type| and |flags| are zero, use the defaults + * + * Returns 1 on success, 0 on failure. + */ +int RAND_DRBG_set(RAND_DRBG *drbg, int type, unsigned int flags) +{ + int ret = 1; + + if (type == 0 && flags == 0) { + type = rand_drbg_type; + flags = rand_drbg_flags; + } + + /* If set is called multiple times - clear the old one */ + if (drbg->type != 0 && (type != drbg->type || flags != drbg->flags)) { + drbg->meth->uninstantiate(drbg); + rand_pool_free(drbg->adin_pool); + drbg->adin_pool = NULL; + } + + drbg->state = DRBG_UNINITIALISED; + drbg->flags = flags; + drbg->type = type; + + switch (type) { + default: + drbg->type = 0; + drbg->flags = 0; + drbg->meth = NULL; + RANDerr(RAND_F_RAND_DRBG_SET, RAND_R_UNSUPPORTED_DRBG_TYPE); + return 0; + case 0: + /* Uninitialized; that's okay. */ + drbg->meth = NULL; + return 1; + case NID_aes_128_ctr: + case NID_aes_192_ctr: + case NID_aes_256_ctr: + ret = drbg_ctr_init(drbg); + break; + } + + if (ret == 0) { + drbg->state = DRBG_ERROR; + RANDerr(RAND_F_RAND_DRBG_SET, RAND_R_ERROR_INITIALISING_DRBG); + } + return ret; +} + +/* + * Set/initialize default |type| and |flag| for new drbg instances. + * + * Returns 1 on success, 0 on failure. + */ +int RAND_DRBG_set_defaults(int type, unsigned int flags) +{ + int ret = 1; + + switch (type) { + default: + RANDerr(RAND_F_RAND_DRBG_SET_DEFAULTS, RAND_R_UNSUPPORTED_DRBG_TYPE); + return 0; + case NID_aes_128_ctr: + case NID_aes_192_ctr: + case NID_aes_256_ctr: + break; + } + + if ((flags & ~rand_drbg_used_flags) != 0) { + RANDerr(RAND_F_RAND_DRBG_SET_DEFAULTS, RAND_R_UNSUPPORTED_DRBG_FLAGS); + return 0; + } + + rand_drbg_type = type; + rand_drbg_flags = flags; + + return ret; +} + + +/* + * Allocate memory and initialize a new DRBG. The DRBG is allocated on + * the secure heap if |secure| is nonzero and the secure heap is enabled. + * The |parent|, if not NULL, will be used as random source for reseeding. + * + * Returns a pointer to the new DRBG instance on success, NULL on failure. + */ +static RAND_DRBG *rand_drbg_new(int secure, + int type, + unsigned int flags, + RAND_DRBG *parent) +{ + RAND_DRBG *drbg = secure ? + OPENSSL_secure_zalloc(sizeof(*drbg)) : OPENSSL_zalloc(sizeof(*drbg)); + + if (drbg == NULL) { + RANDerr(RAND_F_RAND_DRBG_NEW, ERR_R_MALLOC_FAILURE); + return NULL; + } + + drbg->secure = secure && CRYPTO_secure_allocated(drbg); + drbg->fork_count = rand_fork_count; + drbg->parent = parent; + + if (parent == NULL) { + drbg->get_entropy = rand_drbg_get_entropy; + drbg->cleanup_entropy = rand_drbg_cleanup_entropy; +#ifndef RAND_DRBG_GET_RANDOM_NONCE + drbg->get_nonce = rand_drbg_get_nonce; + drbg->cleanup_nonce = rand_drbg_cleanup_nonce; +#endif + + drbg->reseed_interval = master_reseed_interval; + drbg->reseed_time_interval = master_reseed_time_interval; + } else { + drbg->get_entropy = rand_drbg_get_entropy; + drbg->cleanup_entropy = rand_drbg_cleanup_entropy; + /* + * Do not provide nonce callbacks, the child DRBGs will + * obtain their nonce using random bits from the parent. + */ + + drbg->reseed_interval = slave_reseed_interval; + drbg->reseed_time_interval = slave_reseed_time_interval; + } + + if (RAND_DRBG_set(drbg, type, flags) == 0) + goto err; + + if (parent != NULL) { + rand_drbg_lock(parent); + if (drbg->strength > parent->strength) { + /* + * We currently don't support the algorithm from NIST SP 800-90C + * 10.1.2 to use a weaker DRBG as source + */ + rand_drbg_unlock(parent); + RANDerr(RAND_F_RAND_DRBG_NEW, RAND_R_PARENT_STRENGTH_TOO_WEAK); + goto err; + } + rand_drbg_unlock(parent); + } + + return drbg; + + err: + RAND_DRBG_free(drbg); + + return NULL; +} + +RAND_DRBG *RAND_DRBG_new(int type, unsigned int flags, RAND_DRBG *parent) +{ + return rand_drbg_new(0, type, flags, parent); +} + +RAND_DRBG *RAND_DRBG_secure_new(int type, unsigned int flags, RAND_DRBG *parent) +{ + return rand_drbg_new(1, type, flags, parent); +} + +/* + * Uninstantiate |drbg| and free all memory. + */ +void RAND_DRBG_free(RAND_DRBG *drbg) +{ + if (drbg == NULL) + return; + + if (drbg->meth != NULL) + drbg->meth->uninstantiate(drbg); + rand_pool_free(drbg->adin_pool); + CRYPTO_THREAD_lock_free(drbg->lock); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DRBG, drbg, &drbg->ex_data); + + if (drbg->secure) + OPENSSL_secure_clear_free(drbg, sizeof(*drbg)); + else + OPENSSL_clear_free(drbg, sizeof(*drbg)); +} + +/* + * Instantiate |drbg|, after it has been initialized. Use |pers| and + * |perslen| as prediction-resistance input. + * + * Requires that drbg->lock is already locked for write, if non-null. + * + * Returns 1 on success, 0 on failure. + */ +int RAND_DRBG_instantiate(RAND_DRBG *drbg, + const unsigned char *pers, size_t perslen) +{ + unsigned char *nonce = NULL, *entropy = NULL; + size_t noncelen = 0, entropylen = 0; + size_t min_entropy = drbg->strength; + size_t min_entropylen = drbg->min_entropylen; + size_t max_entropylen = drbg->max_entropylen; + + if (perslen > drbg->max_perslen) { + RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, + RAND_R_PERSONALISATION_STRING_TOO_LONG); + goto end; + } + + if (drbg->meth == NULL) { + RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, + RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED); + goto end; + } + + if (drbg->state != DRBG_UNINITIALISED) { + RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, + drbg->state == DRBG_ERROR ? RAND_R_IN_ERROR_STATE + : RAND_R_ALREADY_INSTANTIATED); + goto end; + } + + drbg->state = DRBG_ERROR; + + /* + * NIST SP800-90Ar1 section 9.1 says you can combine getting the entropy + * and nonce in 1 call by increasing the entropy with 50% and increasing + * the minimum length to accomadate the length of the nonce. + * We do this in case a nonce is require and get_nonce is NULL. + */ + if (drbg->min_noncelen > 0 && drbg->get_nonce == NULL) { + min_entropy += drbg->strength / 2; + min_entropylen += drbg->min_noncelen; + max_entropylen += drbg->max_noncelen; + } + + drbg->reseed_next_counter = tsan_load(&drbg->reseed_prop_counter); + if (drbg->reseed_next_counter) { + drbg->reseed_next_counter++; + if(!drbg->reseed_next_counter) + drbg->reseed_next_counter = 1; + } + + if (drbg->get_entropy != NULL) + entropylen = drbg->get_entropy(drbg, &entropy, min_entropy, + min_entropylen, max_entropylen, 0); + if (entropylen < min_entropylen + || entropylen > max_entropylen) { + RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, RAND_R_ERROR_RETRIEVING_ENTROPY); + goto end; + } + + if (drbg->min_noncelen > 0 && drbg->get_nonce != NULL) { + noncelen = drbg->get_nonce(drbg, &nonce, drbg->strength / 2, + drbg->min_noncelen, drbg->max_noncelen); + if (noncelen < drbg->min_noncelen || noncelen > drbg->max_noncelen) { + RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, RAND_R_ERROR_RETRIEVING_NONCE); + goto end; + } + } + + if (!drbg->meth->instantiate(drbg, entropy, entropylen, + nonce, noncelen, pers, perslen)) { + RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, RAND_R_ERROR_INSTANTIATING_DRBG); + goto end; + } + + drbg->state = DRBG_READY; + drbg->reseed_gen_counter = 1; + drbg->reseed_time = time(NULL); + tsan_store(&drbg->reseed_prop_counter, drbg->reseed_next_counter); + + end: + if (entropy != NULL && drbg->cleanup_entropy != NULL) + drbg->cleanup_entropy(drbg, entropy, entropylen); + if (nonce != NULL && drbg->cleanup_nonce != NULL) + drbg->cleanup_nonce(drbg, nonce, noncelen); + if (drbg->state == DRBG_READY) + return 1; + return 0; +} + +/* + * Uninstantiate |drbg|. Must be instantiated before it can be used. + * + * Requires that drbg->lock is already locked for write, if non-null. + * + * Returns 1 on success, 0 on failure. + */ +int RAND_DRBG_uninstantiate(RAND_DRBG *drbg) +{ + if (drbg->meth == NULL) { + drbg->state = DRBG_ERROR; + RANDerr(RAND_F_RAND_DRBG_UNINSTANTIATE, + RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED); + return 0; + } + + /* Clear the entire drbg->ctr struct, then reset some important + * members of the drbg->ctr struct (e.g. keysize, df_ks) to their + * initial values. + */ + drbg->meth->uninstantiate(drbg); + return RAND_DRBG_set(drbg, drbg->type, drbg->flags); +} + +/* + * Reseed |drbg|, mixing in the specified data + * + * Requires that drbg->lock is already locked for write, if non-null. + * + * Returns 1 on success, 0 on failure. + */ +int RAND_DRBG_reseed(RAND_DRBG *drbg, + const unsigned char *adin, size_t adinlen, + int prediction_resistance) +{ + unsigned char *entropy = NULL; + size_t entropylen = 0; + + if (drbg->state == DRBG_ERROR) { + RANDerr(RAND_F_RAND_DRBG_RESEED, RAND_R_IN_ERROR_STATE); + return 0; + } + if (drbg->state == DRBG_UNINITIALISED) { + RANDerr(RAND_F_RAND_DRBG_RESEED, RAND_R_NOT_INSTANTIATED); + return 0; + } + + if (adin == NULL) { + adinlen = 0; + } else if (adinlen > drbg->max_adinlen) { + RANDerr(RAND_F_RAND_DRBG_RESEED, RAND_R_ADDITIONAL_INPUT_TOO_LONG); + return 0; + } + + drbg->state = DRBG_ERROR; + + drbg->reseed_next_counter = tsan_load(&drbg->reseed_prop_counter); + if (drbg->reseed_next_counter) { + drbg->reseed_next_counter++; + if(!drbg->reseed_next_counter) + drbg->reseed_next_counter = 1; + } + + if (drbg->get_entropy != NULL) + entropylen = drbg->get_entropy(drbg, &entropy, drbg->strength, + drbg->min_entropylen, + drbg->max_entropylen, + prediction_resistance); + if (entropylen < drbg->min_entropylen + || entropylen > drbg->max_entropylen) { + RANDerr(RAND_F_RAND_DRBG_RESEED, RAND_R_ERROR_RETRIEVING_ENTROPY); + goto end; + } + + if (!drbg->meth->reseed(drbg, entropy, entropylen, adin, adinlen)) + goto end; + + drbg->state = DRBG_READY; + drbg->reseed_gen_counter = 1; + drbg->reseed_time = time(NULL); + tsan_store(&drbg->reseed_prop_counter, drbg->reseed_next_counter); + + end: + if (entropy != NULL && drbg->cleanup_entropy != NULL) + drbg->cleanup_entropy(drbg, entropy, entropylen); + if (drbg->state == DRBG_READY) + return 1; + return 0; +} + +/* + * Restart |drbg|, using the specified entropy or additional input + * + * Tries its best to get the drbg instantiated by all means, + * regardless of its current state. + * + * Optionally, a |buffer| of |len| random bytes can be passed, + * which is assumed to contain at least |entropy| bits of entropy. + * + * If |entropy| > 0, the buffer content is used as entropy input. + * + * If |entropy| == 0, the buffer content is used as additional input + * + * Returns 1 on success, 0 on failure. + * + * This function is used internally only. + */ +int rand_drbg_restart(RAND_DRBG *drbg, + const unsigned char *buffer, size_t len, size_t entropy) +{ + int reseeded = 0; + const unsigned char *adin = NULL; + size_t adinlen = 0; + + if (drbg->seed_pool != NULL) { + RANDerr(RAND_F_RAND_DRBG_RESTART, ERR_R_INTERNAL_ERROR); + drbg->state = DRBG_ERROR; + rand_pool_free(drbg->seed_pool); + drbg->seed_pool = NULL; + return 0; + } + + if (buffer != NULL) { + if (entropy > 0) { + if (drbg->max_entropylen < len) { + RANDerr(RAND_F_RAND_DRBG_RESTART, + RAND_R_ENTROPY_INPUT_TOO_LONG); + drbg->state = DRBG_ERROR; + return 0; + } + + if (entropy > 8 * len) { + RANDerr(RAND_F_RAND_DRBG_RESTART, RAND_R_ENTROPY_OUT_OF_RANGE); + drbg->state = DRBG_ERROR; + return 0; + } + + /* will be picked up by the rand_drbg_get_entropy() callback */ + drbg->seed_pool = rand_pool_attach(buffer, len, entropy); + if (drbg->seed_pool == NULL) + return 0; + } else { + if (drbg->max_adinlen < len) { + RANDerr(RAND_F_RAND_DRBG_RESTART, + RAND_R_ADDITIONAL_INPUT_TOO_LONG); + drbg->state = DRBG_ERROR; + return 0; + } + adin = buffer; + adinlen = len; + } + } + + /* repair error state */ + if (drbg->state == DRBG_ERROR) + RAND_DRBG_uninstantiate(drbg); + + /* repair uninitialized state */ + if (drbg->state == DRBG_UNINITIALISED) { + /* reinstantiate drbg */ + RAND_DRBG_instantiate(drbg, + (const unsigned char *) ossl_pers_string, + sizeof(ossl_pers_string) - 1); + /* already reseeded. prevent second reseeding below */ + reseeded = (drbg->state == DRBG_READY); + } + + /* refresh current state if entropy or additional input has been provided */ + if (drbg->state == DRBG_READY) { + if (adin != NULL) { + /* + * mix in additional input without reseeding + * + * Similar to RAND_DRBG_reseed(), but the provided additional + * data |adin| is mixed into the current state without pulling + * entropy from the trusted entropy source using get_entropy(). + * This is not a reseeding in the strict sense of NIST SP 800-90A. + */ + drbg->meth->reseed(drbg, adin, adinlen, NULL, 0); + } else if (reseeded == 0) { + /* do a full reseeding if it has not been done yet above */ + RAND_DRBG_reseed(drbg, NULL, 0, 0); + } + } + + rand_pool_free(drbg->seed_pool); + drbg->seed_pool = NULL; + + return drbg->state == DRBG_READY; +} + +/* + * Generate |outlen| bytes into the buffer at |out|. Reseed if we need + * to or if |prediction_resistance| is set. Additional input can be + * sent in |adin| and |adinlen|. + * + * Requires that drbg->lock is already locked for write, if non-null. + * + * Returns 1 on success, 0 on failure. + * + */ +int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, + int prediction_resistance, + const unsigned char *adin, size_t adinlen) +{ + int reseed_required = 0; + + if (drbg->state != DRBG_READY) { + /* try to recover from previous errors */ + rand_drbg_restart(drbg, NULL, 0, 0); + + if (drbg->state == DRBG_ERROR) { + RANDerr(RAND_F_RAND_DRBG_GENERATE, RAND_R_IN_ERROR_STATE); + return 0; + } + if (drbg->state == DRBG_UNINITIALISED) { + RANDerr(RAND_F_RAND_DRBG_GENERATE, RAND_R_NOT_INSTANTIATED); + return 0; + } + } + + if (outlen > drbg->max_request) { + RANDerr(RAND_F_RAND_DRBG_GENERATE, RAND_R_REQUEST_TOO_LARGE_FOR_DRBG); + return 0; + } + if (adinlen > drbg->max_adinlen) { + RANDerr(RAND_F_RAND_DRBG_GENERATE, RAND_R_ADDITIONAL_INPUT_TOO_LONG); + return 0; + } + + if (drbg->fork_count != rand_fork_count) { + drbg->fork_count = rand_fork_count; + reseed_required = 1; + } + + if (drbg->reseed_interval > 0) { + if (drbg->reseed_gen_counter >= drbg->reseed_interval) + reseed_required = 1; + } + if (drbg->reseed_time_interval > 0) { + time_t now = time(NULL); + if (now < drbg->reseed_time + || now - drbg->reseed_time >= drbg->reseed_time_interval) + reseed_required = 1; + } + if (drbg->parent != NULL) { + unsigned int reseed_counter = tsan_load(&drbg->reseed_prop_counter); + if (reseed_counter > 0 + && tsan_load(&drbg->parent->reseed_prop_counter) + != reseed_counter) + reseed_required = 1; + } + + if (reseed_required || prediction_resistance) { + if (!RAND_DRBG_reseed(drbg, adin, adinlen, prediction_resistance)) { + RANDerr(RAND_F_RAND_DRBG_GENERATE, RAND_R_RESEED_ERROR); + return 0; + } + adin = NULL; + adinlen = 0; + } + + if (!drbg->meth->generate(drbg, out, outlen, adin, adinlen)) { + drbg->state = DRBG_ERROR; + RANDerr(RAND_F_RAND_DRBG_GENERATE, RAND_R_GENERATE_ERROR); + return 0; + } + + drbg->reseed_gen_counter++; + + return 1; +} + +/* + * Generates |outlen| random bytes and stores them in |out|. It will + * using the given |drbg| to generate the bytes. + * + * Requires that drbg->lock is already locked for write, if non-null. + * + * Returns 1 on success 0 on failure. + */ +int RAND_DRBG_bytes(RAND_DRBG *drbg, unsigned char *out, size_t outlen) +{ + unsigned char *additional = NULL; + size_t additional_len; + size_t chunk; + size_t ret = 0; + + if (drbg->adin_pool == NULL) { + if (drbg->type == 0) + goto err; + drbg->adin_pool = rand_pool_new(0, 0, drbg->max_adinlen); + if (drbg->adin_pool == NULL) + goto err; + } + + additional_len = rand_drbg_get_additional_data(drbg->adin_pool, + &additional); + + for ( ; outlen > 0; outlen -= chunk, out += chunk) { + chunk = outlen; + if (chunk > drbg->max_request) + chunk = drbg->max_request; + ret = RAND_DRBG_generate(drbg, out, chunk, 0, additional, additional_len); + if (!ret) + goto err; + } + ret = 1; + + err: + if (additional != NULL) + rand_drbg_cleanup_additional_data(drbg->adin_pool, additional); + + return ret; +} + +/* + * Set the RAND_DRBG callbacks for obtaining entropy and nonce. + * + * Setting the callbacks is allowed only if the drbg has not been + * initialized yet. Otherwise, the operation will fail. + * + * Returns 1 on success, 0 on failure. + */ +int RAND_DRBG_set_callbacks(RAND_DRBG *drbg, + RAND_DRBG_get_entropy_fn get_entropy, + RAND_DRBG_cleanup_entropy_fn cleanup_entropy, + RAND_DRBG_get_nonce_fn get_nonce, + RAND_DRBG_cleanup_nonce_fn cleanup_nonce) +{ + if (drbg->state != DRBG_UNINITIALISED + || drbg->parent != NULL) + return 0; + drbg->get_entropy = get_entropy; + drbg->cleanup_entropy = cleanup_entropy; + drbg->get_nonce = get_nonce; + drbg->cleanup_nonce = cleanup_nonce; + return 1; +} + +/* + * Set the reseed interval. + * + * The drbg will reseed automatically whenever the number of generate + * requests exceeds the given reseed interval. If the reseed interval + * is 0, then this feature is disabled. + * + * Returns 1 on success, 0 on failure. + */ +int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg, unsigned int interval) +{ + if (interval > MAX_RESEED_INTERVAL) + return 0; + drbg->reseed_interval = interval; + return 1; +} + +/* + * Set the reseed time interval. + * + * The drbg will reseed automatically whenever the time elapsed since + * the last reseeding exceeds the given reseed time interval. For safety, + * a reseeding will also occur if the clock has been reset to a smaller + * value. + * + * Returns 1 on success, 0 on failure. + */ +int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, time_t interval) +{ + if (interval > MAX_RESEED_TIME_INTERVAL) + return 0; + drbg->reseed_time_interval = interval; + return 1; +} + +/* + * Set the default values for reseed (time) intervals of new DRBG instances + * + * The default values can be set independently for master DRBG instances + * (without a parent) and slave DRBG instances (with parent). + * + * Returns 1 on success, 0 on failure. + */ + +int RAND_DRBG_set_reseed_defaults( + unsigned int _master_reseed_interval, + unsigned int _slave_reseed_interval, + time_t _master_reseed_time_interval, + time_t _slave_reseed_time_interval + ) +{ + if (_master_reseed_interval > MAX_RESEED_INTERVAL + || _slave_reseed_interval > MAX_RESEED_INTERVAL) + return 0; + + if (_master_reseed_time_interval > MAX_RESEED_TIME_INTERVAL + || _slave_reseed_time_interval > MAX_RESEED_TIME_INTERVAL) + return 0; + + master_reseed_interval = _master_reseed_interval; + slave_reseed_interval = _slave_reseed_interval; + + master_reseed_time_interval = _master_reseed_time_interval; + slave_reseed_time_interval = _slave_reseed_time_interval; + + return 1; +} + +/* + * Locks the given drbg. Locking a drbg which does not have locking + * enabled is considered a successful no-op. + * + * Returns 1 on success, 0 on failure. + */ +int rand_drbg_lock(RAND_DRBG *drbg) +{ + if (drbg->lock != NULL) + return CRYPTO_THREAD_write_lock(drbg->lock); + + return 1; +} + +/* + * Unlocks the given drbg. Unlocking a drbg which does not have locking + * enabled is considered a successful no-op. + * + * Returns 1 on success, 0 on failure. + */ +int rand_drbg_unlock(RAND_DRBG *drbg) +{ + if (drbg->lock != NULL) + return CRYPTO_THREAD_unlock(drbg->lock); + + return 1; +} + +/* + * Enables locking for the given drbg + * + * Locking can only be enabled if the random generator + * is in the uninitialized state. + * + * Returns 1 on success, 0 on failure. + */ +int rand_drbg_enable_locking(RAND_DRBG *drbg) +{ + if (drbg->state != DRBG_UNINITIALISED) { + RANDerr(RAND_F_RAND_DRBG_ENABLE_LOCKING, + RAND_R_DRBG_ALREADY_INITIALIZED); + return 0; + } + + if (drbg->lock == NULL) { + if (drbg->parent != NULL && drbg->parent->lock == NULL) { + RANDerr(RAND_F_RAND_DRBG_ENABLE_LOCKING, + RAND_R_PARENT_LOCKING_NOT_ENABLED); + return 0; + } + + drbg->lock = CRYPTO_THREAD_lock_new(); + if (drbg->lock == NULL) { + RANDerr(RAND_F_RAND_DRBG_ENABLE_LOCKING, + RAND_R_FAILED_TO_CREATE_LOCK); + return 0; + } + } + + return 1; +} + +/* + * Get and set the EXDATA + */ +int RAND_DRBG_set_ex_data(RAND_DRBG *drbg, int idx, void *arg) +{ + return CRYPTO_set_ex_data(&drbg->ex_data, idx, arg); +} + +void *RAND_DRBG_get_ex_data(const RAND_DRBG *drbg, int idx) +{ + return CRYPTO_get_ex_data(&drbg->ex_data, idx); +} + + +/* + * The following functions provide a RAND_METHOD that works on the + * global DRBG. They lock. + */ + +/* + * Allocates a new global DRBG on the secure heap (if enabled) and + * initializes it with default settings. + * + * Returns a pointer to the new DRBG instance on success, NULL on failure. + */ +static RAND_DRBG *drbg_setup(RAND_DRBG *parent) +{ + RAND_DRBG *drbg; + + drbg = RAND_DRBG_secure_new(rand_drbg_type, rand_drbg_flags, parent); + if (drbg == NULL) + return NULL; + + /* Only the master DRBG needs to have a lock */ + if (parent == NULL && rand_drbg_enable_locking(drbg) == 0) + goto err; + + /* enable seed propagation */ + tsan_store(&drbg->reseed_prop_counter, 1); + + /* + * Ignore instantiation error to support just-in-time instantiation. + * + * The state of the drbg will be checked in RAND_DRBG_generate() and + * an automatic recovery is attempted. + */ + (void)RAND_DRBG_instantiate(drbg, + (const unsigned char *) ossl_pers_string, + sizeof(ossl_pers_string) - 1); + return drbg; + +err: + RAND_DRBG_free(drbg); + return NULL; +} + +/* + * Initialize the global DRBGs on first use. + * Returns 1 on success, 0 on failure. + */ +DEFINE_RUN_ONCE_STATIC(do_rand_drbg_init) +{ + /* + * ensure that libcrypto is initialized, otherwise the + * DRBG locks are not cleaned up properly + */ + if (!OPENSSL_init_crypto(0, NULL)) + return 0; + + if (!CRYPTO_THREAD_init_local(&private_drbg, NULL)) + return 0; + + if (!CRYPTO_THREAD_init_local(&public_drbg, NULL)) + goto err1; + + master_drbg = drbg_setup(NULL); + if (master_drbg == NULL) + goto err2; + + return 1; + +err2: + CRYPTO_THREAD_cleanup_local(&public_drbg); +err1: + CRYPTO_THREAD_cleanup_local(&private_drbg); + return 0; +} + +/* Clean up the global DRBGs before exit */ +void rand_drbg_cleanup_int(void) +{ + if (master_drbg != NULL) { + RAND_DRBG_free(master_drbg); + master_drbg = NULL; + + CRYPTO_THREAD_cleanup_local(&private_drbg); + CRYPTO_THREAD_cleanup_local(&public_drbg); + } +} + +void drbg_delete_thread_state(void) +{ + RAND_DRBG *drbg; + + drbg = CRYPTO_THREAD_get_local(&public_drbg); + CRYPTO_THREAD_set_local(&public_drbg, NULL); + RAND_DRBG_free(drbg); + + drbg = CRYPTO_THREAD_get_local(&private_drbg); + CRYPTO_THREAD_set_local(&private_drbg, NULL); + RAND_DRBG_free(drbg); +} + +/* Implements the default OpenSSL RAND_bytes() method */ +static int drbg_bytes(unsigned char *out, int count) +{ + int ret; + RAND_DRBG *drbg = RAND_DRBG_get0_public(); + + if (drbg == NULL) + return 0; + + ret = RAND_DRBG_bytes(drbg, out, count); + + return ret; +} + +/* + * Calculates the minimum length of a full entropy buffer + * which is necessary to seed (i.e. instantiate) the DRBG + * successfully. + */ +size_t rand_drbg_seedlen(RAND_DRBG *drbg) +{ + /* + * If no os entropy source is available then RAND_seed(buffer, bufsize) + * is expected to succeed if and only if the buffer length satisfies + * the following requirements, which follow from the calculations + * in RAND_DRBG_instantiate(). + */ + size_t min_entropy = drbg->strength; + size_t min_entropylen = drbg->min_entropylen; + + /* + * Extra entropy for the random nonce in the absence of a + * get_nonce callback, see comment in RAND_DRBG_instantiate(). + */ + if (drbg->min_noncelen > 0 && drbg->get_nonce == NULL) { + min_entropy += drbg->strength / 2; + min_entropylen += drbg->min_noncelen; + } + + /* + * Convert entropy requirement from bits to bytes + * (dividing by 8 without rounding upwards, because + * all entropy requirements are divisible by 8). + */ + min_entropy >>= 3; + + /* Return a value that satisfies both requirements */ + return min_entropy > min_entropylen ? min_entropy : min_entropylen; +} + +/* Implements the default OpenSSL RAND_add() method */ +static int drbg_add(const void *buf, int num, double randomness) +{ + int ret = 0; + RAND_DRBG *drbg = RAND_DRBG_get0_master(); + size_t buflen; + size_t seedlen; + + if (drbg == NULL) + return 0; + + if (num < 0 || randomness < 0.0) + return 0; + + rand_drbg_lock(drbg); + seedlen = rand_drbg_seedlen(drbg); + + buflen = (size_t)num; + + if (buflen < seedlen || randomness < (double) seedlen) { +#if defined(OPENSSL_RAND_SEED_NONE) + /* + * If no os entropy source is available, a reseeding will fail + * inevitably. So we use a trick to mix the buffer contents into + * the DRBG state without forcing a reseeding: we generate a + * dummy random byte, using the buffer content as additional data. + * Note: This won't work with RAND_DRBG_FLAG_CTR_NO_DF. + */ + unsigned char dummy[1]; + + ret = RAND_DRBG_generate(drbg, dummy, sizeof(dummy), 0, buf, buflen); + rand_drbg_unlock(drbg); + return ret; +#else + /* + * If an os entropy source is avaible then we declare the buffer content + * as additional data by setting randomness to zero and trigger a regular + * reseeding. + */ + randomness = 0.0; +#endif + } + + + if (randomness > (double)seedlen) { + /* + * The purpose of this check is to bound |randomness| by a + * relatively small value in order to prevent an integer + * overflow when multiplying by 8 in the rand_drbg_restart() + * call below. Note that randomness is measured in bytes, + * not bits, so this value corresponds to eight times the + * security strength. + */ + randomness = (double)seedlen; + } + + ret = rand_drbg_restart(drbg, buf, buflen, (size_t)(8 * randomness)); + rand_drbg_unlock(drbg); + + return ret; +} + +/* Implements the default OpenSSL RAND_seed() method */ +static int drbg_seed(const void *buf, int num) +{ + return drbg_add(buf, num, num); +} + +/* Implements the default OpenSSL RAND_status() method */ +static int drbg_status(void) +{ + int ret; + RAND_DRBG *drbg = RAND_DRBG_get0_master(); + + if (drbg == NULL) + return 0; + + rand_drbg_lock(drbg); + ret = drbg->state == DRBG_READY ? 1 : 0; + rand_drbg_unlock(drbg); + return ret; +} + +/* + * Get the master DRBG. + * Returns pointer to the DRBG on success, NULL on failure. + * + */ +RAND_DRBG *RAND_DRBG_get0_master(void) +{ + if (!RUN_ONCE(&rand_drbg_init, do_rand_drbg_init)) + return NULL; + + return master_drbg; +} + +/* + * Get the public DRBG. + * Returns pointer to the DRBG on success, NULL on failure. + */ +RAND_DRBG *RAND_DRBG_get0_public(void) +{ + RAND_DRBG *drbg; + + if (!RUN_ONCE(&rand_drbg_init, do_rand_drbg_init)) + return NULL; + + drbg = CRYPTO_THREAD_get_local(&public_drbg); + if (drbg == NULL) { + if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_RAND)) + return NULL; + drbg = drbg_setup(master_drbg); + CRYPTO_THREAD_set_local(&public_drbg, drbg); + } + return drbg; +} + +/* + * Get the private DRBG. + * Returns pointer to the DRBG on success, NULL on failure. + */ +RAND_DRBG *RAND_DRBG_get0_private(void) +{ + RAND_DRBG *drbg; + + if (!RUN_ONCE(&rand_drbg_init, do_rand_drbg_init)) + return NULL; + + drbg = CRYPTO_THREAD_get_local(&private_drbg); + if (drbg == NULL) { + if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_RAND)) + return NULL; + drbg = drbg_setup(master_drbg); + CRYPTO_THREAD_set_local(&private_drbg, drbg); + } + return drbg; +} + +RAND_METHOD rand_meth = { + drbg_seed, + drbg_bytes, + NULL, + drbg_add, + drbg_bytes, + drbg_status +}; + +RAND_METHOD *RAND_OpenSSL(void) +{ + return &rand_meth; +} diff --git a/deps/openssl/openssl/crypto/rand/md_rand.c b/deps/openssl/openssl/crypto/rand/md_rand.c deleted file mode 100644 index eb6a14b14f3511..00000000000000 --- a/deps/openssl/openssl/crypto/rand/md_rand.c +++ /dev/null @@ -1,665 +0,0 @@ -/* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include - -#include "e_os.h" - -#if !(defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_DSPBIOS)) -# include -#endif -#if defined(OPENSSL_SYS_VXWORKS) -# include -#endif - -#include -#include -#include -#include -#include "rand_lcl.h" - -#include - -#include - -#ifdef OPENSSL_FIPS -# include -#endif - -#ifdef BN_DEBUG -# define PREDICT -#endif - -/* #define PREDICT 1 */ - -#define STATE_SIZE 1023 -static size_t state_num = 0, state_index = 0; -static unsigned char state[STATE_SIZE + MD_DIGEST_LENGTH]; -static unsigned char md[MD_DIGEST_LENGTH]; -static long md_count[2] = { 0, 0 }; - -static double entropy = 0; -static int initialized = 0; - -static CRYPTO_RWLOCK *rand_lock = NULL; -static CRYPTO_RWLOCK *rand_tmp_lock = NULL; -static CRYPTO_ONCE rand_lock_init = CRYPTO_ONCE_STATIC_INIT; - -/* May be set only when a thread holds rand_lock (to prevent double locking) */ -static unsigned int crypto_lock_rand = 0; -/* access to locking_threadid is synchronized by rand_tmp_lock */ -/* valid iff crypto_lock_rand is set */ -static CRYPTO_THREAD_ID locking_threadid; - -#ifdef PREDICT -int rand_predictable = 0; -#endif - -static int rand_hw_seed(EVP_MD_CTX *ctx); - -static void rand_cleanup(void); -static int rand_seed(const void *buf, int num); -static int rand_add(const void *buf, int num, double add_entropy); -static int rand_bytes(unsigned char *buf, int num, int pseudo); -static int rand_nopseudo_bytes(unsigned char *buf, int num); -#if OPENSSL_API_COMPAT < 0x10100000L -static int rand_pseudo_bytes(unsigned char *buf, int num); -#endif -static int rand_status(void); - -static RAND_METHOD rand_meth = { - rand_seed, - rand_nopseudo_bytes, - rand_cleanup, - rand_add, -#if OPENSSL_API_COMPAT < 0x10100000L - rand_pseudo_bytes, -#else - NULL, -#endif - rand_status -}; - -DEFINE_RUN_ONCE_STATIC(do_rand_lock_init) -{ - OPENSSL_init_crypto(0, NULL); - rand_lock = CRYPTO_THREAD_lock_new(); - rand_tmp_lock = CRYPTO_THREAD_lock_new(); - return rand_lock != NULL && rand_tmp_lock != NULL; -} - -RAND_METHOD *RAND_OpenSSL(void) -{ - return (&rand_meth); -} - -static void rand_cleanup(void) -{ - OPENSSL_cleanse(state, sizeof(state)); - state_num = 0; - state_index = 0; - OPENSSL_cleanse(md, MD_DIGEST_LENGTH); - md_count[0] = 0; - md_count[1] = 0; - entropy = 0; - initialized = 0; - CRYPTO_THREAD_lock_free(rand_lock); - CRYPTO_THREAD_lock_free(rand_tmp_lock); -} - -static int rand_add(const void *buf, int num, double add) -{ - int i, j, k, st_idx; - long md_c[2]; - unsigned char local_md[MD_DIGEST_LENGTH]; - EVP_MD_CTX *m; - int do_not_lock; - int rv = 0; - - if (!num) - return 1; - - /* - * (Based on the rand(3) manpage) - * - * The input is chopped up into units of 20 bytes (or less for - * the last block). Each of these blocks is run through the hash - * function as follows: The data passed to the hash function - * is the current 'md', the same number of bytes from the 'state' - * (the location determined by in incremented looping index) as - * the current 'block', the new key data 'block', and 'count' - * (which is incremented after each use). - * The result of this is kept in 'md' and also xored into the - * 'state' at the same locations that were used as input into the - * hash function. - */ - - m = EVP_MD_CTX_new(); - if (m == NULL) - goto err; - - if (!RUN_ONCE(&rand_lock_init, do_rand_lock_init)) - goto err; - - /* check if we already have the lock */ - if (crypto_lock_rand) { - CRYPTO_THREAD_ID cur = CRYPTO_THREAD_get_current_id(); - CRYPTO_THREAD_read_lock(rand_tmp_lock); - do_not_lock = CRYPTO_THREAD_compare_id(locking_threadid, cur); - CRYPTO_THREAD_unlock(rand_tmp_lock); - } else - do_not_lock = 0; - - if (!do_not_lock) - CRYPTO_THREAD_write_lock(rand_lock); - st_idx = state_index; - - /* - * use our own copies of the counters so that even if a concurrent thread - * seeds with exactly the same data and uses the same subarray there's - * _some_ difference - */ - md_c[0] = md_count[0]; - md_c[1] = md_count[1]; - - memcpy(local_md, md, sizeof(md)); - - /* state_index <= state_num <= STATE_SIZE */ - state_index += num; - if (state_index >= STATE_SIZE) { - state_index %= STATE_SIZE; - state_num = STATE_SIZE; - } else if (state_num < STATE_SIZE) { - if (state_index > state_num) - state_num = state_index; - } - /* state_index <= state_num <= STATE_SIZE */ - - /* - * state[st_idx], ..., state[(st_idx + num - 1) % STATE_SIZE] are what we - * will use now, but other threads may use them as well - */ - - md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0); - - if (!do_not_lock) - CRYPTO_THREAD_unlock(rand_lock); - - for (i = 0; i < num; i += MD_DIGEST_LENGTH) { - j = (num - i); - j = (j > MD_DIGEST_LENGTH) ? MD_DIGEST_LENGTH : j; - - if (!MD_Init(m)) - goto err; - if (!MD_Update(m, local_md, MD_DIGEST_LENGTH)) - goto err; - k = (st_idx + j) - STATE_SIZE; - if (k > 0) { - if (!MD_Update(m, &(state[st_idx]), j - k)) - goto err; - if (!MD_Update(m, &(state[0]), k)) - goto err; - } else if (!MD_Update(m, &(state[st_idx]), j)) - goto err; - - /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */ - if (!MD_Update(m, buf, j)) - goto err; - /* - * We know that line may cause programs such as purify and valgrind - * to complain about use of uninitialized data. The problem is not, - * it's with the caller. Removing that line will make sure you get - * really bad randomness and thereby other problems such as very - * insecure keys. - */ - - if (!MD_Update(m, (unsigned char *)&(md_c[0]), sizeof(md_c))) - goto err; - if (!MD_Final(m, local_md)) - goto err; - md_c[1]++; - - buf = (const char *)buf + j; - - for (k = 0; k < j; k++) { - /* - * Parallel threads may interfere with this, but always each byte - * of the new state is the XOR of some previous value of its and - * local_md (intermediate values may be lost). Alway using locking - * could hurt performance more than necessary given that - * conflicts occur only when the total seeding is longer than the - * random state. - */ - state[st_idx++] ^= local_md[k]; - if (st_idx >= STATE_SIZE) - st_idx = 0; - } - } - - if (!do_not_lock) - CRYPTO_THREAD_write_lock(rand_lock); - /* - * Don't just copy back local_md into md -- this could mean that other - * thread's seeding remains without effect (except for the incremented - * counter). By XORing it we keep at least as much entropy as fits into - * md. - */ - for (k = 0; k < (int)sizeof(md); k++) { - md[k] ^= local_md[k]; - } - if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */ - entropy += add; - if (!do_not_lock) - CRYPTO_THREAD_unlock(rand_lock); - - rv = 1; - err: - EVP_MD_CTX_free(m); - return rv; -} - -static int rand_seed(const void *buf, int num) -{ - return rand_add(buf, num, (double)num); -} - -static int rand_bytes(unsigned char *buf, int num, int pseudo) -{ - static volatile int stirred_pool = 0; - int i, j, k; - size_t num_ceil, st_idx, st_num; - long md_c[2]; - unsigned char local_md[MD_DIGEST_LENGTH]; - EVP_MD_CTX *m; -#ifndef GETPID_IS_MEANINGLESS - pid_t curr_pid = getpid(); -#endif - time_t curr_time = time(NULL); - int do_stir_pool = 0; -/* time value for various platforms */ -#ifdef OPENSSL_SYS_WIN32 - FILETIME tv; -# ifdef _WIN32_WCE - SYSTEMTIME t; - GetSystemTime(&t); - SystemTimeToFileTime(&t, &tv); -# else - GetSystemTimeAsFileTime(&tv); -# endif -#elif defined(OPENSSL_SYS_VXWORKS) - struct timespec tv; - clock_gettime(CLOCK_REALTIME, &ts); -#elif defined(OPENSSL_SYS_DSPBIOS) - unsigned long long tv, OPENSSL_rdtsc(); - tv = OPENSSL_rdtsc(); -#else - struct timeval tv; - gettimeofday(&tv, NULL); -#endif - -#ifdef PREDICT - if (rand_predictable) { - static unsigned char val = 0; - - for (i = 0; i < num; i++) - buf[i] = val++; - return (1); - } -#endif - - if (num <= 0) - return 1; - - m = EVP_MD_CTX_new(); - if (m == NULL) - goto err_mem; - - /* round upwards to multiple of MD_DIGEST_LENGTH/2 */ - num_ceil = - (1 + (num - 1) / (MD_DIGEST_LENGTH / 2)) * (MD_DIGEST_LENGTH / 2); - - /* - * (Based on the rand(3) manpage:) - * - * For each group of 10 bytes (or less), we do the following: - * - * Input into the hash function the local 'md' (which is initialized from - * the global 'md' before any bytes are generated), the bytes that are to - * be overwritten by the random bytes, and bytes from the 'state' - * (incrementing looping index). From this digest output (which is kept - * in 'md'), the top (up to) 10 bytes are returned to the caller and the - * bottom 10 bytes are xored into the 'state'. - * - * Finally, after we have finished 'num' random bytes for the - * caller, 'count' (which is incremented) and the local and global 'md' - * are fed into the hash function and the results are kept in the - * global 'md'. - */ - - if (!RUN_ONCE(&rand_lock_init, do_rand_lock_init)) - goto err_mem; - - CRYPTO_THREAD_write_lock(rand_lock); - /* - * We could end up in an async engine while holding this lock so ensure - * we don't pause and cause a deadlock - */ - ASYNC_block_pause(); - - /* prevent rand_bytes() from trying to obtain the lock again */ - CRYPTO_THREAD_write_lock(rand_tmp_lock); - locking_threadid = CRYPTO_THREAD_get_current_id(); - CRYPTO_THREAD_unlock(rand_tmp_lock); - crypto_lock_rand = 1; - - if (!initialized) { - RAND_poll(); - initialized = (entropy >= ENTROPY_NEEDED); - } - - if (!stirred_pool) - do_stir_pool = 1; - - if (!initialized) { - /* - * If the PRNG state is not yet unpredictable, then seeing the PRNG - * output may help attackers to determine the new state; thus we have - * to decrease the entropy estimate. Once we've had enough initial - * seeding we don't bother to adjust the entropy count, though, - * because we're not ambitious to provide *information-theoretic* - * randomness. NOTE: This approach fails if the program forks before - * we have enough entropy. Entropy should be collected in a separate - * input pool and be transferred to the output pool only when the - * entropy limit has been reached. - */ - entropy -= num; - if (entropy < 0) - entropy = 0; - } - - if (do_stir_pool) { - /* - * In the output function only half of 'md' remains secret, so we - * better make sure that the required entropy gets 'evenly - * distributed' through 'state', our randomness pool. The input - * function (rand_add) chains all of 'md', which makes it more - * suitable for this purpose. - */ - - int n = STATE_SIZE; /* so that the complete pool gets accessed */ - while (n > 0) { -#if MD_DIGEST_LENGTH > 20 -# error "Please adjust DUMMY_SEED." -#endif -#define DUMMY_SEED "...................." /* at least MD_DIGEST_LENGTH */ - /* - * Note that the seed does not matter, it's just that - * rand_add expects to have something to hash. - */ - rand_add(DUMMY_SEED, MD_DIGEST_LENGTH, 0.0); - n -= MD_DIGEST_LENGTH; - } - if (initialized) - stirred_pool = 1; - } - - st_idx = state_index; - st_num = state_num; - md_c[0] = md_count[0]; - md_c[1] = md_count[1]; - memcpy(local_md, md, sizeof(md)); - - state_index += num_ceil; - if (state_index > state_num) - state_index %= state_num; - - /* - * state[st_idx], ..., state[(st_idx + num_ceil - 1) % st_num] are now - * ours (but other threads may use them too) - */ - - md_count[0] += 1; - - /* before unlocking, we must clear 'crypto_lock_rand' */ - crypto_lock_rand = 0; - ASYNC_unblock_pause(); - CRYPTO_THREAD_unlock(rand_lock); - - while (num > 0) { - /* num_ceil -= MD_DIGEST_LENGTH/2 */ - j = (num >= MD_DIGEST_LENGTH / 2) ? MD_DIGEST_LENGTH / 2 : num; - num -= j; - if (!MD_Init(m)) - goto err; -#ifndef GETPID_IS_MEANINGLESS - if (curr_pid) { /* just in the first iteration to save time */ - if (!MD_Update(m, (unsigned char *)&curr_pid, sizeof(curr_pid))) - goto err; - curr_pid = 0; - } -#endif - if (curr_time) { /* just in the first iteration to save time */ - if (!MD_Update(m, (unsigned char *)&curr_time, sizeof(curr_time))) - goto err; - if (!MD_Update(m, (unsigned char *)&tv, sizeof(tv))) - goto err; - curr_time = 0; - if (!rand_hw_seed(m)) - goto err; - } - if (!MD_Update(m, local_md, MD_DIGEST_LENGTH)) - goto err; - if (!MD_Update(m, (unsigned char *)&(md_c[0]), sizeof(md_c))) - goto err; - - k = (st_idx + MD_DIGEST_LENGTH / 2) - st_num; - if (k > 0) { - if (!MD_Update(m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 - k)) - goto err; - if (!MD_Update(m, &(state[0]), k)) - goto err; - } else if (!MD_Update(m, &(state[st_idx]), MD_DIGEST_LENGTH / 2)) - goto err; - if (!MD_Final(m, local_md)) - goto err; - - for (i = 0; i < MD_DIGEST_LENGTH / 2; i++) { - /* may compete with other threads */ - state[st_idx++] ^= local_md[i]; - if (st_idx >= st_num) - st_idx = 0; - if (i < j) - *(buf++) = local_md[i + MD_DIGEST_LENGTH / 2]; - } - } - - if (!MD_Init(m) - || !MD_Update(m, (unsigned char *)&(md_c[0]), sizeof(md_c)) - || !MD_Update(m, local_md, MD_DIGEST_LENGTH)) - goto err; - CRYPTO_THREAD_write_lock(rand_lock); - /* - * Prevent deadlocks if we end up in an async engine - */ - ASYNC_block_pause(); - if (!MD_Update(m, md, MD_DIGEST_LENGTH) || !MD_Final(m, md)) { - ASYNC_unblock_pause(); - CRYPTO_THREAD_unlock(rand_lock); - goto err; - } - ASYNC_unblock_pause(); - CRYPTO_THREAD_unlock(rand_lock); - - EVP_MD_CTX_free(m); - if (initialized) - return (1); - else if (pseudo) - return 0; - else { - RANDerr(RAND_F_RAND_BYTES, RAND_R_PRNG_NOT_SEEDED); - ERR_add_error_data(1, "You need to read the OpenSSL FAQ, " - "https://www.openssl.org/docs/faq.html"); - return (0); - } - err: - RANDerr(RAND_F_RAND_BYTES, ERR_R_EVP_LIB); - EVP_MD_CTX_free(m); - return 0; - err_mem: - RANDerr(RAND_F_RAND_BYTES, ERR_R_MALLOC_FAILURE); - EVP_MD_CTX_free(m); - return 0; - -} - -static int rand_nopseudo_bytes(unsigned char *buf, int num) -{ - return rand_bytes(buf, num, 0); -} - -#if OPENSSL_API_COMPAT < 0x10100000L -/* - * pseudo-random bytes that are guaranteed to be unique but not unpredictable - */ -static int rand_pseudo_bytes(unsigned char *buf, int num) -{ - return rand_bytes(buf, num, 1); -} -#endif - -static int rand_status(void) -{ - CRYPTO_THREAD_ID cur; - int ret; - int do_not_lock; - - if (!RUN_ONCE(&rand_lock_init, do_rand_lock_init)) - return 0; - - cur = CRYPTO_THREAD_get_current_id(); - /* - * check if we already have the lock (could happen if a RAND_poll() - * implementation calls RAND_status()) - */ - if (crypto_lock_rand) { - CRYPTO_THREAD_read_lock(rand_tmp_lock); - do_not_lock = CRYPTO_THREAD_compare_id(locking_threadid, cur); - CRYPTO_THREAD_unlock(rand_tmp_lock); - } else - do_not_lock = 0; - - if (!do_not_lock) { - CRYPTO_THREAD_write_lock(rand_lock); - /* - * Prevent deadlocks in case we end up in an async engine - */ - ASYNC_block_pause(); - - /* - * prevent rand_bytes() from trying to obtain the lock again - */ - CRYPTO_THREAD_write_lock(rand_tmp_lock); - locking_threadid = cur; - CRYPTO_THREAD_unlock(rand_tmp_lock); - crypto_lock_rand = 1; - } - - if (!initialized) { - RAND_poll(); - initialized = 1; - } - - ret = entropy >= ENTROPY_NEEDED; - - if (!do_not_lock) { - /* before unlocking, we must clear 'crypto_lock_rand' */ - crypto_lock_rand = 0; - - ASYNC_unblock_pause(); - CRYPTO_THREAD_unlock(rand_lock); - } - - return ret; -} - -/* - * rand_hw_seed: get seed data from any available hardware RNG. only - * currently supports rdrand. - */ - -/* Adapted from eng_rdrand.c */ - -#if (defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ - defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined (_M_X64)) && defined(OPENSSL_CPUID_OBJ) \ - && !defined(OPENSSL_NO_RDRAND) - -# define RDRAND_CALLS 4 - -size_t OPENSSL_ia32_rdrand(void); -extern unsigned int OPENSSL_ia32cap_P[]; - -static int rand_hw_seed(EVP_MD_CTX *ctx) -{ - int i; - if (!(OPENSSL_ia32cap_P[1] & (1 << (62 - 32)))) - return 1; - for (i = 0; i < RDRAND_CALLS; i++) { - size_t rnd; - rnd = OPENSSL_ia32_rdrand(); - if (rnd == 0) - return 1; - if (!MD_Update(ctx, (unsigned char *)&rnd, sizeof(size_t))) - return 0; - } - return 1; -} - -/* XOR an existing buffer with random data */ - -void rand_hw_xor(unsigned char *buf, size_t num) -{ - size_t rnd; - if (!(OPENSSL_ia32cap_P[1] & (1 << (62 - 32)))) - return; - while (num >= sizeof(size_t)) { - rnd = OPENSSL_ia32_rdrand(); - if (rnd == 0) - return; - *((size_t *)buf) ^= rnd; - buf += sizeof(size_t); - num -= sizeof(size_t); - } - if (num) { - rnd = OPENSSL_ia32_rdrand(); - if (rnd == 0) - return; - while (num) { - *buf ^= rnd & 0xff; - rnd >>= 8; - buf++; - num--; - } - } -} - -#else - -static int rand_hw_seed(EVP_MD_CTX *ctx) -{ - return 1; -} - -void rand_hw_xor(unsigned char *buf, size_t num) -{ - return; -} - -#endif diff --git a/deps/openssl/openssl/crypto/rand/rand_egd.c b/deps/openssl/openssl/crypto/rand/rand_egd.c index 50963b8e4829ec..da3017df314248 100644 --- a/deps/openssl/openssl/crypto/rand/rand_egd.c +++ b/deps/openssl/openssl/crypto/rand/rand_egd.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -16,60 +16,28 @@ NON_EMPTY_TRANSLATION_UNIT # include # include -/*- - * Query the EGD . - * - * This module supplies three routines: - * - * RAND_query_egd_bytes(path, buf, bytes) - * will actually query "bytes" bytes of entropy form the egd-socket located - * at path and will write them to buf (if supplied) or will directly feed - * it to RAND_seed() if buf==NULL. - * The number of bytes is not limited by the maximum chunk size of EGD, - * which is 255 bytes. If more than 255 bytes are wanted, several chunks - * of entropy bytes are requested. The connection is left open until the - * query is competed. - * RAND_query_egd_bytes() returns with - * -1 if an error occurred during connection or communication. - * num the number of bytes read from the EGD socket. This number is either - * the number of bytes requested or smaller, if the EGD pool is - * drained and the daemon signals that the pool is empty. - * This routine does not touch any RAND_status(). This is necessary, since - * PRNG functions may call it during initialization. - * - * RAND_egd_bytes(path, bytes) will query "bytes" bytes and have them - * used to seed the PRNG. - * RAND_egd_bytes() is a wrapper for RAND_query_egd_bytes() with buf=NULL. - * Unlike RAND_query_egd_bytes(), RAND_status() is used to test the - * seed status so that the return value can reflect the seed state: - * -1 if an error occurred during connection or communication _or_ - * if the PRNG has still not received the required seeding. - * num the number of bytes read from the EGD socket. This number is either - * the number of bytes requested or smaller, if the EGD pool is - * drained and the daemon signals that the pool is empty. - * - * RAND_egd(path) will query 255 bytes and use the bytes retrieved to seed - * the PRNG. - * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255. +/* + * Query an EGD */ # if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_UEFI) int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) { - return (-1); + return -1; } int RAND_egd(const char *path) { - return (-1); + return -1; } int RAND_egd_bytes(const char *path, int bytes) { - return (-1); + return -1; } + # else -# include + # include OPENSSL_UNISTD # include # include @@ -91,157 +59,98 @@ struct sockaddr_un { int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) { - int ret = 0; + FILE *fp = NULL; struct sockaddr_un addr; - int len, num, numbytes; - int fd = -1; - int success; - unsigned char egdbuf[2], tempbuf[255], *retrievebuf; + int mybuffer, ret = -1, i, numbytes, fd; + unsigned char tempbuf[255]; + + if (bytes > (int)sizeof(tempbuf)) + return -1; + /* Make socket. */ memset(&addr, 0, sizeof(addr)); addr.sun_family = AF_UNIX; if (strlen(path) >= sizeof(addr.sun_path)) - return (-1); - OPENSSL_strlcpy(addr.sun_path, path, sizeof(addr.sun_path)); - len = offsetof(struct sockaddr_un, sun_path) + strlen(path); + return -1; + strcpy(addr.sun_path, path); + i = offsetof(struct sockaddr_un, sun_path) + strlen(path); fd = socket(AF_UNIX, SOCK_STREAM, 0); - if (fd == -1) - return (-1); - success = 0; - while (!success) { - if (connect(fd, (struct sockaddr *)&addr, len) == 0) - success = 1; - else { - switch (errno) { -# ifdef EINTR - case EINTR: -# endif -# ifdef EAGAIN - case EAGAIN: -# endif -# ifdef EINPROGRESS - case EINPROGRESS: -# endif -# ifdef EALREADY - case EALREADY: -# endif - /* No error, try again */ - break; + if (fd == -1 || (fp = fdopen(fd, "r+")) == NULL) + return -1; + setbuf(fp, NULL); + + /* Try to connect */ + for ( ; ; ) { + if (connect(fd, (struct sockaddr *)&addr, i) == 0) + break; # ifdef EISCONN - case EISCONN: - success = 1; - break; + if (errno == EISCONN) + break; # endif - default: - ret = -1; - goto err; /* failure */ - } - } - } - - while (bytes > 0) { - egdbuf[0] = 1; - egdbuf[1] = bytes < 255 ? bytes : 255; - numbytes = 0; - while (numbytes != 2) { - num = write(fd, egdbuf + numbytes, 2 - numbytes); - if (num >= 0) - numbytes += num; - else { - switch (errno) { + switch (errno) { # ifdef EINTR - case EINTR: + case EINTR: # endif # ifdef EAGAIN - case EAGAIN: + case EAGAIN: # endif - /* No error, try again */ - break; - default: - ret = -1; - goto err; /* failure */ - } - } - } - numbytes = 0; - while (numbytes != 1) { - num = read(fd, egdbuf, 1); - if (num == 0) - goto err; /* descriptor closed */ - else if (num > 0) - numbytes += num; - else { - switch (errno) { -# ifdef EINTR - case EINTR: +# ifdef EINPROGRESS + case EINPROGRESS: # endif -# ifdef EAGAIN - case EAGAIN: +# ifdef EALREADY + case EALREADY: # endif - /* No error, try again */ - break; - default: - ret = -1; - goto err; /* failure */ - } - } - } - if (egdbuf[0] == 0) + /* No error, try again */ + break; + default: + ret = -1; goto err; - if (buf) - retrievebuf = buf + ret; - else - retrievebuf = tempbuf; - numbytes = 0; - while (numbytes != egdbuf[0]) { - num = read(fd, retrievebuf + numbytes, egdbuf[0] - numbytes); - if (num == 0) - goto err; /* descriptor closed */ - else if (num > 0) - numbytes += num; - else { - switch (errno) { -# ifdef EINTR - case EINTR: -# endif -# ifdef EAGAIN - case EAGAIN: -# endif - /* No error, try again */ - break; - default: - ret = -1; - goto err; /* failure */ - } - } } - ret += egdbuf[0]; - bytes -= egdbuf[0]; - if (!buf) - RAND_seed(tempbuf, egdbuf[0]); } + + /* Make request, see how many bytes we can get back. */ + tempbuf[0] = 1; + tempbuf[1] = bytes; + if (fwrite(tempbuf, sizeof(char), 2, fp) != 2 || fflush(fp) == EOF) + goto err; + if (fread(tempbuf, sizeof(char), 1, fp) != 1 || tempbuf[0] == 0) + goto err; + numbytes = tempbuf[0]; + + /* Which buffer are we using? */ + mybuffer = buf == NULL; + if (mybuffer) + buf = tempbuf; + + /* Read bytes. */ + i = fread(buf, sizeof(char), numbytes, fp); + if (i < numbytes) + goto err; + ret = numbytes; + if (mybuffer) + RAND_add(tempbuf, i, i); + err: - if (fd != -1) - close(fd); - return (ret); + if (fp != NULL) + fclose(fp); + return ret; } int RAND_egd_bytes(const char *path, int bytes) { - int num, ret = -1; + int num; num = RAND_query_egd_bytes(path, NULL, bytes); if (num < 0) - goto err; - if (RAND_status() == 1) - ret = num; - err: - return (ret); + return -1; + if (RAND_status() != 1) + return -1; + return num; } int RAND_egd(const char *path) { - return (RAND_egd_bytes(path, 255)); + return RAND_egd_bytes(path, 255); } # endif diff --git a/deps/openssl/openssl/crypto/rand/rand_err.c b/deps/openssl/openssl/crypto/rand/rand_err.c index 55431264a0866e..6a870455d50a8a 100644 --- a/deps/openssl/openssl/crypto/rand/rand_err.c +++ b/deps/openssl/openssl/crypto/rand/rand_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,23 +8,116 @@ * https://www.openssl.org/source/license.html */ -#include #include -#include +#include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -# define ERR_FUNC(func) ERR_PACK(ERR_LIB_RAND,func,0) -# define ERR_REASON(reason) ERR_PACK(ERR_LIB_RAND,0,reason) - -static ERR_STRING_DATA RAND_str_functs[] = { - {ERR_FUNC(RAND_F_RAND_BYTES), "RAND_bytes"}, +static const ERR_STRING_DATA RAND_str_functs[] = { + {ERR_PACK(ERR_LIB_RAND, RAND_F_DRBG_BYTES, 0), "drbg_bytes"}, + {ERR_PACK(ERR_LIB_RAND, RAND_F_DRBG_GET_ENTROPY, 0), "drbg_get_entropy"}, + {ERR_PACK(ERR_LIB_RAND, RAND_F_DRBG_SETUP, 0), "drbg_setup"}, + {ERR_PACK(ERR_LIB_RAND, RAND_F_GET_ENTROPY, 0), "get_entropy"}, + {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_BYTES, 0), "RAND_bytes"}, + {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_ENABLE_LOCKING, 0), + "rand_drbg_enable_locking"}, + {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_GENERATE, 0), + "RAND_DRBG_generate"}, + {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_GET_ENTROPY, 0), + "rand_drbg_get_entropy"}, + {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_GET_NONCE, 0), + "rand_drbg_get_nonce"}, + {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_INSTANTIATE, 0), + "RAND_DRBG_instantiate"}, + {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_NEW, 0), "RAND_DRBG_new"}, + {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_RESEED, 0), "RAND_DRBG_reseed"}, + {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_RESTART, 0), "rand_drbg_restart"}, + {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_SET, 0), "RAND_DRBG_set"}, + {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_SET_DEFAULTS, 0), + "RAND_DRBG_set_defaults"}, + {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_UNINSTANTIATE, 0), + "RAND_DRBG_uninstantiate"}, + {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_LOAD_FILE, 0), "RAND_load_file"}, + {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ACQUIRE_ENTROPY, 0), + "rand_pool_acquire_entropy"}, + {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD, 0), "rand_pool_add"}, + {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD_BEGIN, 0), + "rand_pool_add_begin"}, + {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD_END, 0), "rand_pool_add_end"}, + {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ATTACH, 0), "rand_pool_attach"}, + {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_BYTES_NEEDED, 0), + "rand_pool_bytes_needed"}, + {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_NEW, 0), "rand_pool_new"}, + {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_WRITE_FILE, 0), "RAND_write_file"}, {0, NULL} }; -static ERR_STRING_DATA RAND_str_reasons[] = { - {ERR_REASON(RAND_R_PRNG_NOT_SEEDED), "PRNG not seeded"}, +static const ERR_STRING_DATA RAND_str_reasons[] = { + {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ADDITIONAL_INPUT_TOO_LONG), + "additional input too long"}, + {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ALREADY_INSTANTIATED), + "already instantiated"}, + {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ARGUMENT_OUT_OF_RANGE), + "argument out of range"}, + {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_CANNOT_OPEN_FILE), "Cannot open file"}, + {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_DRBG_ALREADY_INITIALIZED), + "drbg already initialized"}, + {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_DRBG_NOT_INITIALISED), + "drbg not initialised"}, + {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ENTROPY_INPUT_TOO_LONG), + "entropy input too long"}, + {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ENTROPY_OUT_OF_RANGE), + "entropy out of range"}, + {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED), + "error entropy pool was ignored"}, + {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_INITIALISING_DRBG), + "error initialising drbg"}, + {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_INSTANTIATING_DRBG), + "error instantiating drbg"}, + {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_RETRIEVING_ADDITIONAL_INPUT), + "error retrieving additional input"}, + {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_RETRIEVING_ENTROPY), + "error retrieving entropy"}, + {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_RETRIEVING_NONCE), + "error retrieving nonce"}, + {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_FAILED_TO_CREATE_LOCK), + "failed to create lock"}, + {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_FUNC_NOT_IMPLEMENTED), + "Function not implemented"}, + {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_FWRITE_ERROR), "Error writing file"}, + {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_GENERATE_ERROR), "generate error"}, + {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_INTERNAL_ERROR), "internal error"}, + {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_IN_ERROR_STATE), "in error state"}, + {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_NOT_A_REGULAR_FILE), + "Not a regular file"}, + {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_NOT_INSTANTIATED), "not instantiated"}, + {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED), + "no drbg implementation selected"}, + {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PARENT_LOCKING_NOT_ENABLED), + "parent locking not enabled"}, + {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PARENT_STRENGTH_TOO_WEAK), + "parent strength too weak"}, + {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PERSONALISATION_STRING_TOO_LONG), + "personalisation string too long"}, + {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED), + "prediction resistance not supported"}, + {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PRNG_NOT_SEEDED), "PRNG not seeded"}, + {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_RANDOM_POOL_OVERFLOW), + "random pool overflow"}, + {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_RANDOM_POOL_UNDERFLOW), + "random pool underflow"}, + {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_REQUEST_TOO_LARGE_FOR_DRBG), + "request too large for drbg"}, + {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_RESEED_ERROR), "reseed error"}, + {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_SELFTEST_FAILURE), "selftest failure"}, + {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_TOO_LITTLE_NONCE_REQUESTED), + "too little nonce requested"}, + {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_TOO_MUCH_NONCE_REQUESTED), + "too much nonce requested"}, + {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNSUPPORTED_DRBG_FLAGS), + "unsupported drbg flags"}, + {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNSUPPORTED_DRBG_TYPE), + "unsupported drbg type"}, {0, NULL} }; @@ -33,10 +126,9 @@ static ERR_STRING_DATA RAND_str_reasons[] = { int ERR_load_RAND_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(RAND_str_functs[0].error) == NULL) { - ERR_load_strings(0, RAND_str_functs); - ERR_load_strings(0, RAND_str_reasons); + ERR_load_strings_const(RAND_str_functs); + ERR_load_strings_const(RAND_str_reasons); } #endif return 1; diff --git a/deps/openssl/openssl/crypto/rand/rand_lcl.h b/deps/openssl/openssl/crypto/rand/rand_lcl.h index d98c90e2ac39f5..c3e9804dc07e5b 100644 --- a/deps/openssl/openssl/crypto/rand/rand_lcl.h +++ b/deps/openssl/openssl/crypto/rand/rand_lcl.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,37 +10,284 @@ #ifndef HEADER_RAND_LCL_H # define HEADER_RAND_LCL_H -# define ENTROPY_NEEDED 32 /* require 256 bits = 32 bytes of randomness */ +# include +# include +# include +# include +# include +# include +# include "internal/tsan_assist.h" -# if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND) -# define USE_SHA1_RAND -# endif +# include "internal/numbers.h" -# include -# define MD_Update(a,b,c) EVP_DigestUpdate(a,b,c) -# define MD_Final(a,b) EVP_DigestFinal_ex(a,b,NULL) -# if defined(USE_MD5_RAND) -# include -# define MD_DIGEST_LENGTH MD5_DIGEST_LENGTH -# define MD_Init(a) EVP_DigestInit_ex(a,EVP_md5(), NULL) -# define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_md5(), NULL) -# elif defined(USE_SHA1_RAND) -# include -# define MD_DIGEST_LENGTH SHA_DIGEST_LENGTH -# define MD_Init(a) EVP_DigestInit_ex(a,EVP_sha1(), NULL) -# define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_sha1(), NULL) -# elif defined(USE_MDC2_RAND) -# include -# define MD_DIGEST_LENGTH MDC2_DIGEST_LENGTH -# define MD_Init(a) EVP_DigestInit_ex(a,EVP_mdc2(), NULL) -# define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_mdc2(), NULL) -# elif defined(USE_MD2_RAND) -# include -# define MD_DIGEST_LENGTH MD2_DIGEST_LENGTH -# define MD_Init(a) EVP_DigestInit_ex(a,EVP_md2(), NULL) -# define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_md2(), NULL) -# endif - -void rand_hw_xor(unsigned char *buf, size_t num); +/* How many times to read the TSC as a randomness source. */ +# define TSC_READ_COUNT 4 + +/* Maximum reseed intervals */ +# define MAX_RESEED_INTERVAL (1 << 24) +# define MAX_RESEED_TIME_INTERVAL (1 << 20) /* approx. 12 days */ + +/* Default reseed intervals */ +# define MASTER_RESEED_INTERVAL (1 << 8) +# define SLAVE_RESEED_INTERVAL (1 << 16) +# define MASTER_RESEED_TIME_INTERVAL (60*60) /* 1 hour */ +# define SLAVE_RESEED_TIME_INTERVAL (7*60) /* 7 minutes */ + + + +/* + * Maximum input size for the DRBG (entropy, nonce, personalization string) + * + * NIST SP800 90Ar1 allows a maximum of (1 << 35) bits i.e., (1 << 32) bytes. + * + * We lower it to 'only' INT32_MAX bytes, which is equivalent to 2 gigabytes. + */ +# define DRBG_MAX_LENGTH INT32_MAX + + + +/* + * Maximum allocation size for RANDOM_POOL buffers + * + * The max_len value for the buffer provided to the rand_drbg_get_entropy() + * callback is currently 2^31 bytes (2 gigabytes), if a derivation function + * is used. Since this is much too large to be allocated, the rand_pool_new() + * function chooses more modest values as default pool length, bounded + * by RAND_POOL_MIN_LENGTH and RAND_POOL_MAX_LENGTH + * + * The choice of the RAND_POOL_FACTOR is large enough such that the + * RAND_POOL can store a random input which has a lousy entropy rate of + * 8/256 (= 0.03125) bits per byte. This input will be sent through the + * derivation function which 'compresses' the low quality input into a + * high quality output. + * + * The factor 1.5 below is the pessimistic estimate for the extra amount + * of entropy required when no get_nonce() callback is defined. + */ +# define RAND_POOL_FACTOR 256 +# define RAND_POOL_MAX_LENGTH (RAND_POOL_FACTOR * \ + 3 * (RAND_DRBG_STRENGTH / 16)) +/* + * = (RAND_POOL_FACTOR * \ + * 1.5 * (RAND_DRBG_STRENGTH / 8)) + */ + + +/* DRBG status values */ +typedef enum drbg_status_e { + DRBG_UNINITIALISED, + DRBG_READY, + DRBG_ERROR +} DRBG_STATUS; + + +/* instantiate */ +typedef int (*RAND_DRBG_instantiate_fn)(RAND_DRBG *ctx, + const unsigned char *ent, + size_t entlen, + const unsigned char *nonce, + size_t noncelen, + const unsigned char *pers, + size_t perslen); +/* reseed */ +typedef int (*RAND_DRBG_reseed_fn)(RAND_DRBG *ctx, + const unsigned char *ent, + size_t entlen, + const unsigned char *adin, + size_t adinlen); +/* generate output */ +typedef int (*RAND_DRBG_generate_fn)(RAND_DRBG *ctx, + unsigned char *out, + size_t outlen, + const unsigned char *adin, + size_t adinlen); +/* uninstantiate */ +typedef int (*RAND_DRBG_uninstantiate_fn)(RAND_DRBG *ctx); + + +/* + * The DRBG methods + */ + +typedef struct rand_drbg_method_st { + RAND_DRBG_instantiate_fn instantiate; + RAND_DRBG_reseed_fn reseed; + RAND_DRBG_generate_fn generate; + RAND_DRBG_uninstantiate_fn uninstantiate; +} RAND_DRBG_METHOD; + + +/* + * The state of a DRBG AES-CTR. + */ +typedef struct rand_drbg_ctr_st { + EVP_CIPHER_CTX *ctx; + EVP_CIPHER_CTX *ctx_df; + const EVP_CIPHER *cipher; + size_t keylen; + unsigned char K[32]; + unsigned char V[16]; + /* Temporary block storage used by ctr_df */ + unsigned char bltmp[16]; + size_t bltmp_pos; + unsigned char KX[48]; +} RAND_DRBG_CTR; + + +/* + * The 'random pool' acts as a dumb container for collecting random + * input from various entropy sources. The pool has no knowledge about + * whether its randomness is fed into a legacy RAND_METHOD via RAND_add() + * or into a new style RAND_DRBG. It is the callers duty to 1) initialize the + * random pool, 2) pass it to the polling callbacks, 3) seed the RNG, and + * 4) cleanup the random pool again. + * + * The random pool contains no locking mechanism because its scope and + * lifetime is intended to be restricted to a single stack frame. + */ +struct rand_pool_st { + unsigned char *buffer; /* points to the beginning of the random pool */ + size_t len; /* current number of random bytes contained in the pool */ + + int attached; /* true pool was attached to existing buffer */ + + size_t min_len; /* minimum number of random bytes requested */ + size_t max_len; /* maximum number of random bytes (allocated buffer size) */ + size_t entropy; /* current entropy count in bits */ + size_t entropy_requested; /* requested entropy count in bits */ +}; + +/* + * The state of all types of DRBGs, even though we only have CTR mode + * right now. + */ +struct rand_drbg_st { + CRYPTO_RWLOCK *lock; + RAND_DRBG *parent; + int secure; /* 1: allocated on the secure heap, 0: otherwise */ + int type; /* the nid of the underlying algorithm */ + /* + * Stores the value of the rand_fork_count global as of when we last + * reseeded. The DRBG reseeds automatically whenever drbg->fork_count != + * rand_fork_count. Used to provide fork-safety and reseed this DRBG in + * the child process. + */ + int fork_count; + unsigned short flags; /* various external flags */ + + /* + * The random_data is used by RAND_add()/drbg_add() to attach random + * data to the global drbg, such that the rand_drbg_get_entropy() callback + * can pull it during instantiation and reseeding. This is necessary to + * reconcile the different philosophies of the RAND and the RAND_DRBG + * with respect to how randomness is added to the RNG during reseeding + * (see PR #4328). + */ + struct rand_pool_st *seed_pool; + + /* + * Auxiliary pool for additional data. + */ + struct rand_pool_st *adin_pool; + + /* + * The following parameters are setup by the per-type "init" function. + * + * Currently the only type is CTR_DRBG, its init function is drbg_ctr_init(). + * + * The parameters are closely related to the ones described in + * section '10.2.1 CTR_DRBG' of [NIST SP 800-90Ar1], with one + * crucial difference: In the NIST standard, all counts are given + * in bits, whereas in OpenSSL entropy counts are given in bits + * and buffer lengths are given in bytes. + * + * Since this difference has lead to some confusion in the past, + * (see [GitHub Issue #2443], formerly [rt.openssl.org #4055]) + * the 'len' suffix has been added to all buffer sizes for + * clarification. + */ + + int strength; + size_t max_request; + size_t min_entropylen, max_entropylen; + size_t min_noncelen, max_noncelen; + size_t max_perslen, max_adinlen; + + /* Counts the number of generate requests since the last reseed. */ + unsigned int reseed_gen_counter; + /* + * Maximum number of generate requests until a reseed is required. + * This value is ignored if it is zero. + */ + unsigned int reseed_interval; + /* Stores the time when the last reseeding occurred */ + time_t reseed_time; + /* + * Specifies the maximum time interval (in seconds) between reseeds. + * This value is ignored if it is zero. + */ + time_t reseed_time_interval; + /* + * Counts the number of reseeds since instantiation. + * This value is ignored if it is zero. + * + * This counter is used only for seed propagation from the DRBG + * to its two children, the and DRBG. This feature is + * very special and its sole purpose is to ensure that any randomness which + * is added by RAND_add() or RAND_seed() will have an immediate effect on + * the output of RAND_bytes() resp. RAND_priv_bytes(). + */ + TSAN_QUALIFIER unsigned int reseed_prop_counter; + unsigned int reseed_next_counter; + + size_t seedlen; + DRBG_STATUS state; + + /* Application data, mainly used in the KATs. */ + CRYPTO_EX_DATA ex_data; + + /* Implementation specific data (currently only one implementation) */ + union { + RAND_DRBG_CTR ctr; + } data; + + /* Implementation specific methods */ + RAND_DRBG_METHOD *meth; + + /* Callback functions. See comments in rand_lib.c */ + RAND_DRBG_get_entropy_fn get_entropy; + RAND_DRBG_cleanup_entropy_fn cleanup_entropy; + RAND_DRBG_get_nonce_fn get_nonce; + RAND_DRBG_cleanup_nonce_fn cleanup_nonce; +}; + +/* The global RAND method, and the global buffer and DRBG instance. */ +extern RAND_METHOD rand_meth; + +/* + * A "generation count" of forks. Incremented in the child process after a + * fork. Since rand_fork_count is increment-only, and only ever written to in + * the child process of the fork, which is guaranteed to be single-threaded, no + * locking is needed for normal (read) accesses; the rest of pthread fork + * processing is assumed to introduce the necessary memory barriers. Sibling + * children of a given parent will produce duplicate values, but this is not + * problematic because the reseeding process pulls input from the system CSPRNG + * and/or other global sources, so the siblings will end up generating + * different output streams. + */ +extern int rand_fork_count; + +/* DRBG helpers */ +int rand_drbg_restart(RAND_DRBG *drbg, + const unsigned char *buffer, size_t len, size_t entropy); +size_t rand_drbg_seedlen(RAND_DRBG *drbg); +/* locking api */ +int rand_drbg_lock(RAND_DRBG *drbg); +int rand_drbg_unlock(RAND_DRBG *drbg); +int rand_drbg_enable_locking(RAND_DRBG *drbg); + + +/* initializes the AES-CTR DRBG implementation */ +int drbg_ctr_init(RAND_DRBG *drbg); #endif diff --git a/deps/openssl/openssl/crypto/rand/rand_lib.c b/deps/openssl/openssl/crypto/rand/rand_lib.c index 62770d49d8cc07..d8639c4a03f36b 100644 --- a/deps/openssl/openssl/crypto/rand/rand_lib.c +++ b/deps/openssl/openssl/crypto/rand/rand_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,39 +11,717 @@ #include #include "internal/cryptlib.h" #include -#include "internal/rand.h" +#include "internal/rand_int.h" #include #include "internal/thread_once.h" - -#ifdef OPENSSL_FIPS -# include -# include -#endif +#include "rand_lcl.h" +#include "e_os.h" #ifndef OPENSSL_NO_ENGINE /* non-NULL if default_RAND_meth is ENGINE-provided */ -static ENGINE *funct_ref = NULL; -static CRYPTO_RWLOCK *rand_engine_lock = NULL; +static ENGINE *funct_ref; +static CRYPTO_RWLOCK *rand_engine_lock; +#endif +static CRYPTO_RWLOCK *rand_meth_lock; +static const RAND_METHOD *default_RAND_meth; +static CRYPTO_ONCE rand_init = CRYPTO_ONCE_STATIC_INIT; + +int rand_fork_count; + +static CRYPTO_RWLOCK *rand_nonce_lock; +static int rand_nonce_count; + +static int rand_inited = 0; + +#ifdef OPENSSL_RAND_SEED_RDTSC +/* + * IMPORTANT NOTE: It is not currently possible to use this code + * because we are not sure about the amount of randomness it provides. + * Some SP900 tests have been run, but there is internal skepticism. + * So for now this code is not used. + */ +# error "RDTSC enabled? Should not be possible!" + +/* + * Acquire entropy from high-speed clock + * + * Since we get some randomness from the low-order bits of the + * high-speed clock, it can help. + * + * Returns the total entropy count, if it exceeds the requested + * entropy count. Otherwise, returns an entropy count of 0. + */ +size_t rand_acquire_entropy_from_tsc(RAND_POOL *pool) +{ + unsigned char c; + int i; + + if ((OPENSSL_ia32cap_P[0] & (1 << 4)) != 0) { + for (i = 0; i < TSC_READ_COUNT; i++) { + c = (unsigned char)(OPENSSL_rdtsc() & 0xFF); + rand_pool_add(pool, &c, 1, 4); + } + } + return rand_pool_entropy_available(pool); +} +#endif + +#ifdef OPENSSL_RAND_SEED_RDCPU +size_t OPENSSL_ia32_rdseed_bytes(unsigned char *buf, size_t len); +size_t OPENSSL_ia32_rdrand_bytes(unsigned char *buf, size_t len); + +extern unsigned int OPENSSL_ia32cap_P[]; + +/* + * Acquire entropy using Intel-specific cpu instructions + * + * Uses the RDSEED instruction if available, otherwise uses + * RDRAND if available. + * + * For the differences between RDSEED and RDRAND, and why RDSEED + * is the preferred choice, see https://goo.gl/oK3KcN + * + * Returns the total entropy count, if it exceeds the requested + * entropy count. Otherwise, returns an entropy count of 0. + */ +size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool) +{ + size_t bytes_needed; + unsigned char *buffer; + + bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); + if (bytes_needed > 0) { + buffer = rand_pool_add_begin(pool, bytes_needed); + + if (buffer != NULL) { + /* Whichever comes first, use RDSEED, RDRAND or nothing */ + if ((OPENSSL_ia32cap_P[2] & (1 << 18)) != 0) { + if (OPENSSL_ia32_rdseed_bytes(buffer, bytes_needed) + == bytes_needed) { + rand_pool_add_end(pool, bytes_needed, 8 * bytes_needed); + } + } else if ((OPENSSL_ia32cap_P[1] & (1 << (62 - 32))) != 0) { + if (OPENSSL_ia32_rdrand_bytes(buffer, bytes_needed) + == bytes_needed) { + rand_pool_add_end(pool, bytes_needed, 8 * bytes_needed); + } + } else { + rand_pool_add_end(pool, 0, 0); + } + } + } + + return rand_pool_entropy_available(pool); +} #endif -static const RAND_METHOD *default_RAND_meth = NULL; -static CRYPTO_RWLOCK *rand_meth_lock = NULL; -static CRYPTO_ONCE rand_lock_init = CRYPTO_ONCE_STATIC_INIT; -DEFINE_RUN_ONCE_STATIC(do_rand_lock_init) + +/* + * Implements the get_entropy() callback (see RAND_DRBG_set_callbacks()) + * + * If the DRBG has a parent, then the required amount of entropy input + * is fetched using the parent's RAND_DRBG_generate(). + * + * Otherwise, the entropy is polled from the system entropy sources + * using rand_pool_acquire_entropy(). + * + * If a random pool has been added to the DRBG using RAND_add(), then + * its entropy will be used up first. + */ +size_t rand_drbg_get_entropy(RAND_DRBG *drbg, + unsigned char **pout, + int entropy, size_t min_len, size_t max_len, + int prediction_resistance) +{ + size_t ret = 0; + size_t entropy_available = 0; + RAND_POOL *pool; + + if (drbg->parent && drbg->strength > drbg->parent->strength) { + /* + * We currently don't support the algorithm from NIST SP 800-90C + * 10.1.2 to use a weaker DRBG as source + */ + RANDerr(RAND_F_RAND_DRBG_GET_ENTROPY, RAND_R_PARENT_STRENGTH_TOO_WEAK); + return 0; + } + + if (drbg->seed_pool != NULL) { + pool = drbg->seed_pool; + pool->entropy_requested = entropy; + } else { + pool = rand_pool_new(entropy, min_len, max_len); + if (pool == NULL) + return 0; + } + + if (drbg->parent) { + size_t bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); + unsigned char *buffer = rand_pool_add_begin(pool, bytes_needed); + + if (buffer != NULL) { + size_t bytes = 0; + + /* + * Get random from parent, include our state as additional input. + * Our lock is already held, but we need to lock our parent before + * generating bits from it. (Note: taking the lock will be a no-op + * if locking if drbg->parent->lock == NULL.) + */ + rand_drbg_lock(drbg->parent); + if (RAND_DRBG_generate(drbg->parent, + buffer, bytes_needed, + prediction_resistance, + NULL, 0) != 0) + bytes = bytes_needed; + drbg->reseed_next_counter + = tsan_load(&drbg->parent->reseed_prop_counter); + rand_drbg_unlock(drbg->parent); + + rand_pool_add_end(pool, bytes, 8 * bytes); + entropy_available = rand_pool_entropy_available(pool); + } + + } else { + if (prediction_resistance) { + /* + * We don't have any entropy sources that comply with the NIST + * standard to provide prediction resistance (see NIST SP 800-90C, + * Section 5.4). + */ + RANDerr(RAND_F_RAND_DRBG_GET_ENTROPY, + RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED); + goto err; + } + + /* Get entropy by polling system entropy sources. */ + entropy_available = rand_pool_acquire_entropy(pool); + } + + if (entropy_available > 0) { + ret = rand_pool_length(pool); + *pout = rand_pool_detach(pool); + } + + err: + if (drbg->seed_pool == NULL) + rand_pool_free(pool); + return ret; +} + +/* + * Implements the cleanup_entropy() callback (see RAND_DRBG_set_callbacks()) + * + */ +void rand_drbg_cleanup_entropy(RAND_DRBG *drbg, + unsigned char *out, size_t outlen) +{ + if (drbg->seed_pool == NULL) + OPENSSL_secure_clear_free(out, outlen); +} + + +/* + * Implements the get_nonce() callback (see RAND_DRBG_set_callbacks()) + * + */ +size_t rand_drbg_get_nonce(RAND_DRBG *drbg, + unsigned char **pout, + int entropy, size_t min_len, size_t max_len) +{ + size_t ret = 0; + RAND_POOL *pool; + + struct { + void * instance; + int count; + } data = { 0 }; + + pool = rand_pool_new(0, min_len, max_len); + if (pool == NULL) + return 0; + + if (rand_pool_add_nonce_data(pool) == 0) + goto err; + + data.instance = drbg; + CRYPTO_atomic_add(&rand_nonce_count, 1, &data.count, rand_nonce_lock); + + if (rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0) == 0) + goto err; + + ret = rand_pool_length(pool); + *pout = rand_pool_detach(pool); + + err: + rand_pool_free(pool); + + return ret; +} + +/* + * Implements the cleanup_nonce() callback (see RAND_DRBG_set_callbacks()) + * + */ +void rand_drbg_cleanup_nonce(RAND_DRBG *drbg, + unsigned char *out, size_t outlen) +{ + OPENSSL_secure_clear_free(out, outlen); +} + +/* + * Generate additional data that can be used for the drbg. The data does + * not need to contain entropy, but it's useful if it contains at least + * some bits that are unpredictable. + * + * Returns 0 on failure. + * + * On success it allocates a buffer at |*pout| and returns the length of + * the data. The buffer should get freed using OPENSSL_secure_clear_free(). + */ +size_t rand_drbg_get_additional_data(RAND_POOL *pool, unsigned char **pout) +{ + size_t ret = 0; + + if (rand_pool_add_additional_data(pool) == 0) + goto err; + + ret = rand_pool_length(pool); + *pout = rand_pool_detach(pool); + + err: + return ret; +} + +void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out) +{ + rand_pool_reattach(pool, out); +} + +void rand_fork(void) +{ + rand_fork_count++; +} + +DEFINE_RUN_ONCE_STATIC(do_rand_init) { - int ret = 1; #ifndef OPENSSL_NO_ENGINE rand_engine_lock = CRYPTO_THREAD_lock_new(); - ret &= rand_engine_lock != NULL; + if (rand_engine_lock == NULL) + return 0; #endif + rand_meth_lock = CRYPTO_THREAD_lock_new(); - ret &= rand_meth_lock != NULL; + if (rand_meth_lock == NULL) + goto err1; + + rand_nonce_lock = CRYPTO_THREAD_lock_new(); + if (rand_nonce_lock == NULL) + goto err2; + + if (!rand_pool_init()) + goto err3; + + rand_inited = 1; + return 1; + +err3: + CRYPTO_THREAD_lock_free(rand_nonce_lock); + rand_nonce_lock = NULL; +err2: + CRYPTO_THREAD_lock_free(rand_meth_lock); + rand_meth_lock = NULL; +err1: +#ifndef OPENSSL_NO_ENGINE + CRYPTO_THREAD_lock_free(rand_engine_lock); + rand_engine_lock = NULL; +#endif + return 0; +} + +void rand_cleanup_int(void) +{ + const RAND_METHOD *meth = default_RAND_meth; + + if (!rand_inited) + return; + + if (meth != NULL && meth->cleanup != NULL) + meth->cleanup(); + RAND_set_rand_method(NULL); + rand_pool_cleanup(); +#ifndef OPENSSL_NO_ENGINE + CRYPTO_THREAD_lock_free(rand_engine_lock); + rand_engine_lock = NULL; +#endif + CRYPTO_THREAD_lock_free(rand_meth_lock); + rand_meth_lock = NULL; + CRYPTO_THREAD_lock_free(rand_nonce_lock); + rand_nonce_lock = NULL; + rand_inited = 0; +} + +/* + * RAND_close_seed_files() ensures that any seed file decriptors are + * closed after use. + */ +void RAND_keep_random_devices_open(int keep) +{ + if (RUN_ONCE(&rand_init, do_rand_init)) + rand_pool_keep_random_devices_open(keep); +} + +/* + * RAND_poll() reseeds the default RNG using random input + * + * The random input is obtained from polling various entropy + * sources which depend on the operating system and are + * configurable via the --with-rand-seed configure option. + */ +int RAND_poll(void) +{ + int ret = 0; + + RAND_POOL *pool = NULL; + + const RAND_METHOD *meth = RAND_get_rand_method(); + + if (meth == RAND_OpenSSL()) { + /* fill random pool and seed the master DRBG */ + RAND_DRBG *drbg = RAND_DRBG_get0_master(); + + if (drbg == NULL) + return 0; + + rand_drbg_lock(drbg); + ret = rand_drbg_restart(drbg, NULL, 0, 0); + rand_drbg_unlock(drbg); + + return ret; + + } else { + /* fill random pool and seed the current legacy RNG */ + pool = rand_pool_new(RAND_DRBG_STRENGTH, + RAND_DRBG_STRENGTH / 8, + RAND_POOL_MAX_LENGTH); + if (pool == NULL) + return 0; + + if (rand_pool_acquire_entropy(pool) == 0) + goto err; + + if (meth->add == NULL + || meth->add(rand_pool_buffer(pool), + rand_pool_length(pool), + (rand_pool_entropy(pool) / 8.0)) == 0) + goto err; + + ret = 1; + } + +err: + rand_pool_free(pool); return ret; } +/* + * Allocate memory and initialize a new random pool + */ + +RAND_POOL *rand_pool_new(int entropy_requested, size_t min_len, size_t max_len) +{ + RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool)); + + if (pool == NULL) { + RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE); + return NULL; + } + + pool->min_len = min_len; + pool->max_len = (max_len > RAND_POOL_MAX_LENGTH) ? + RAND_POOL_MAX_LENGTH : max_len; + + pool->buffer = OPENSSL_secure_zalloc(pool->max_len); + if (pool->buffer == NULL) { + RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE); + goto err; + } + + pool->entropy_requested = entropy_requested; + + return pool; + +err: + OPENSSL_free(pool); + return NULL; +} + +/* + * Attach new random pool to the given buffer + * + * This function is intended to be used only for feeding random data + * provided by RAND_add() and RAND_seed() into the DRBG. + */ +RAND_POOL *rand_pool_attach(const unsigned char *buffer, size_t len, + size_t entropy) +{ + RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool)); + + if (pool == NULL) { + RANDerr(RAND_F_RAND_POOL_ATTACH, ERR_R_MALLOC_FAILURE); + return NULL; + } + + /* + * The const needs to be cast away, but attached buffers will not be + * modified (in contrary to allocated buffers which are zeroed and + * freed in the end). + */ + pool->buffer = (unsigned char *) buffer; + pool->len = len; + + pool->attached = 1; + + pool->min_len = pool->max_len = pool->len; + pool->entropy = entropy; + + return pool; +} + +/* + * Free |pool|, securely erasing its buffer. + */ +void rand_pool_free(RAND_POOL *pool) +{ + if (pool == NULL) + return; + + /* + * Although it would be advisable from a cryptographical viewpoint, + * we are not allowed to clear attached buffers, since they are passed + * to rand_pool_attach() as `const unsigned char*`. + * (see corresponding comment in rand_pool_attach()). + */ + if (!pool->attached) + OPENSSL_secure_clear_free(pool->buffer, pool->max_len); + OPENSSL_free(pool); +} + +/* + * Return the |pool|'s buffer to the caller (readonly). + */ +const unsigned char *rand_pool_buffer(RAND_POOL *pool) +{ + return pool->buffer; +} + +/* + * Return the |pool|'s entropy to the caller. + */ +size_t rand_pool_entropy(RAND_POOL *pool) +{ + return pool->entropy; +} + +/* + * Return the |pool|'s buffer length to the caller. + */ +size_t rand_pool_length(RAND_POOL *pool) +{ + return pool->len; +} + +/* + * Detach the |pool| buffer and return it to the caller. + * It's the responsibility of the caller to free the buffer + * using OPENSSL_secure_clear_free() or to re-attach it + * again to the pool using rand_pool_reattach(). + */ +unsigned char *rand_pool_detach(RAND_POOL *pool) +{ + unsigned char *ret = pool->buffer; + pool->buffer = NULL; + pool->entropy = 0; + return ret; +} + +/* + * Re-attach the |pool| buffer. It is only allowed to pass + * the |buffer| which was previously detached from the same pool. + */ +void rand_pool_reattach(RAND_POOL *pool, unsigned char *buffer) +{ + pool->buffer = buffer; + OPENSSL_cleanse(pool->buffer, pool->len); + pool->len = 0; +} + +/* + * If |entropy_factor| bits contain 1 bit of entropy, how many bytes does one + * need to obtain at least |bits| bits of entropy? + */ +#define ENTROPY_TO_BYTES(bits, entropy_factor) \ + (((bits) * (entropy_factor) + 7) / 8) + + +/* + * Checks whether the |pool|'s entropy is available to the caller. + * This is the case when entropy count and buffer length are high enough. + * Returns + * + * |entropy| if the entropy count and buffer size is large enough + * 0 otherwise + */ +size_t rand_pool_entropy_available(RAND_POOL *pool) +{ + if (pool->entropy < pool->entropy_requested) + return 0; + + if (pool->len < pool->min_len) + return 0; + + return pool->entropy; +} + +/* + * Returns the (remaining) amount of entropy needed to fill + * the random pool. + */ + +size_t rand_pool_entropy_needed(RAND_POOL *pool) +{ + if (pool->entropy < pool->entropy_requested) + return pool->entropy_requested - pool->entropy; + + return 0; +} + +/* + * Returns the number of bytes needed to fill the pool, assuming + * the input has 1 / |entropy_factor| entropy bits per data bit. + * In case of an error, 0 is returned. + */ + +size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_factor) +{ + size_t bytes_needed; + size_t entropy_needed = rand_pool_entropy_needed(pool); + + if (entropy_factor < 1) { + RANDerr(RAND_F_RAND_POOL_BYTES_NEEDED, RAND_R_ARGUMENT_OUT_OF_RANGE); + return 0; + } + + bytes_needed = ENTROPY_TO_BYTES(entropy_needed, entropy_factor); + + if (bytes_needed > pool->max_len - pool->len) { + /* not enough space left */ + RANDerr(RAND_F_RAND_POOL_BYTES_NEEDED, RAND_R_RANDOM_POOL_OVERFLOW); + return 0; + } + + if (pool->len < pool->min_len && + bytes_needed < pool->min_len - pool->len) + /* to meet the min_len requirement */ + bytes_needed = pool->min_len - pool->len; + + return bytes_needed; +} + +/* Returns the remaining number of bytes available */ +size_t rand_pool_bytes_remaining(RAND_POOL *pool) +{ + return pool->max_len - pool->len; +} + +/* + * Add random bytes to the random pool. + * + * It is expected that the |buffer| contains |len| bytes of + * random input which contains at least |entropy| bits of + * randomness. + * + * Returns 1 if the added amount is adequate, otherwise 0 + */ +int rand_pool_add(RAND_POOL *pool, + const unsigned char *buffer, size_t len, size_t entropy) +{ + if (len > pool->max_len - pool->len) { + RANDerr(RAND_F_RAND_POOL_ADD, RAND_R_ENTROPY_INPUT_TOO_LONG); + return 0; + } + + if (pool->buffer == NULL) { + RANDerr(RAND_F_RAND_POOL_ADD, ERR_R_INTERNAL_ERROR); + return 0; + } + + if (len > 0) { + memcpy(pool->buffer + pool->len, buffer, len); + pool->len += len; + pool->entropy += entropy; + } + + return 1; +} + +/* + * Start to add random bytes to the random pool in-place. + * + * Reserves the next |len| bytes for adding random bytes in-place + * and returns a pointer to the buffer. + * The caller is allowed to copy up to |len| bytes into the buffer. + * If |len| == 0 this is considered a no-op and a NULL pointer + * is returned without producing an error message. + * + * After updating the buffer, rand_pool_add_end() needs to be called + * to finish the udpate operation (see next comment). + */ +unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len) +{ + if (len == 0) + return NULL; + + if (len > pool->max_len - pool->len) { + RANDerr(RAND_F_RAND_POOL_ADD_BEGIN, RAND_R_RANDOM_POOL_OVERFLOW); + return NULL; + } + + if (pool->buffer == NULL) { + RANDerr(RAND_F_RAND_POOL_ADD_BEGIN, ERR_R_INTERNAL_ERROR); + return 0; + } + + return pool->buffer + pool->len; +} + +/* + * Finish to add random bytes to the random pool in-place. + * + * Finishes an in-place update of the random pool started by + * rand_pool_add_begin() (see previous comment). + * It is expected that |len| bytes of random input have been added + * to the buffer which contain at least |entropy| bits of randomness. + * It is allowed to add less bytes than originally reserved. + */ +int rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy) +{ + if (len > pool->max_len - pool->len) { + RANDerr(RAND_F_RAND_POOL_ADD_END, RAND_R_RANDOM_POOL_OVERFLOW); + return 0; + } + + if (len > 0) { + pool->len += len; + pool->entropy += entropy; + } + + return 1; +} + int RAND_set_rand_method(const RAND_METHOD *meth) { - if (!RUN_ONCE(&rand_lock_init, do_rand_lock_init)) + if (!RUN_ONCE(&rand_init, do_rand_init)) return 0; CRYPTO_THREAD_write_lock(rand_meth_lock); @@ -60,25 +738,26 @@ const RAND_METHOD *RAND_get_rand_method(void) { const RAND_METHOD *tmp_meth = NULL; - if (!RUN_ONCE(&rand_lock_init, do_rand_lock_init)) + if (!RUN_ONCE(&rand_init, do_rand_init)) return NULL; CRYPTO_THREAD_write_lock(rand_meth_lock); - if (!default_RAND_meth) { + if (default_RAND_meth == NULL) { #ifndef OPENSSL_NO_ENGINE - ENGINE *e = ENGINE_get_default_RAND(); - if (e) { - default_RAND_meth = ENGINE_get_RAND(e); - if (default_RAND_meth == NULL) { - ENGINE_finish(e); - e = NULL; - } - } - if (e) + ENGINE *e; + + /* If we have an engine that can do RAND, use it. */ + if ((e = ENGINE_get_default_RAND()) != NULL + && (tmp_meth = ENGINE_get_RAND(e)) != NULL) { funct_ref = e; - else + default_RAND_meth = tmp_meth; + } else { + ENGINE_finish(e); + default_RAND_meth = &rand_meth; + } +#else + default_RAND_meth = &rand_meth; #endif - default_RAND_meth = RAND_OpenSSL(); } tmp_meth = default_RAND_meth; CRYPTO_THREAD_unlock(rand_meth_lock); @@ -90,10 +769,10 @@ int RAND_set_rand_engine(ENGINE *engine) { const RAND_METHOD *tmp_meth = NULL; - if (!RUN_ONCE(&rand_lock_init, do_rand_lock_init)) + if (!RUN_ONCE(&rand_init, do_rand_init)) return 0; - if (engine) { + if (engine != NULL) { if (!ENGINE_init(engine)) return 0; tmp_meth = ENGINE_get_RAND(engine); @@ -111,54 +790,70 @@ int RAND_set_rand_engine(ENGINE *engine) } #endif -void rand_cleanup_int(void) +void RAND_seed(const void *buf, int num) { - const RAND_METHOD *meth = default_RAND_meth; - if (meth && meth->cleanup) - meth->cleanup(); - RAND_set_rand_method(NULL); - CRYPTO_THREAD_lock_free(rand_meth_lock); -#ifndef OPENSSL_NO_ENGINE - CRYPTO_THREAD_lock_free(rand_engine_lock); -#endif + const RAND_METHOD *meth = RAND_get_rand_method(); + + if (meth->seed != NULL) + meth->seed(buf, num); } -void RAND_seed(const void *buf, int num) +void RAND_add(const void *buf, int num, double randomness) { const RAND_METHOD *meth = RAND_get_rand_method(); - if (meth && meth->seed) - meth->seed(buf, num); + + if (meth->add != NULL) + meth->add(buf, num, randomness); } -void RAND_add(const void *buf, int num, double entropy) +/* + * This function is not part of RAND_METHOD, so if we're not using + * the default method, then just call RAND_bytes(). Otherwise make + * sure we're instantiated and use the private DRBG. + */ +int RAND_priv_bytes(unsigned char *buf, int num) { const RAND_METHOD *meth = RAND_get_rand_method(); - if (meth && meth->add) - meth->add(buf, num, entropy); + RAND_DRBG *drbg; + int ret; + + if (meth != RAND_OpenSSL()) + return RAND_bytes(buf, num); + + drbg = RAND_DRBG_get0_private(); + if (drbg == NULL) + return 0; + + ret = RAND_DRBG_bytes(drbg, buf, num); + return ret; } int RAND_bytes(unsigned char *buf, int num) { const RAND_METHOD *meth = RAND_get_rand_method(); - if (meth && meth->bytes) + + if (meth->bytes != NULL) return meth->bytes(buf, num); - return (-1); + RANDerr(RAND_F_RAND_BYTES, RAND_R_FUNC_NOT_IMPLEMENTED); + return -1; } #if OPENSSL_API_COMPAT < 0x10100000L int RAND_pseudo_bytes(unsigned char *buf, int num) { const RAND_METHOD *meth = RAND_get_rand_method(); - if (meth && meth->pseudorand) + + if (meth->pseudorand != NULL) return meth->pseudorand(buf, num); - return (-1); + return -1; } #endif int RAND_status(void) { const RAND_METHOD *meth = RAND_get_rand_method(); - if (meth && meth->status) + + if (meth->status != NULL) return meth->status(); return 0; } diff --git a/deps/openssl/openssl/crypto/rand/rand_unix.c b/deps/openssl/openssl/crypto/rand/rand_unix.c index 7a5a948430cd90..9d8ffdd5379651 100644 --- a/deps/openssl/openssl/crypto/rand/rand_unix.c +++ b/deps/openssl/openssl/crypto/rand/rand_unix.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,91 +7,141 @@ * https://www.openssl.org/source/license.html */ -#include - -#define USE_SOCKETS +#ifndef _GNU_SOURCE +# define _GNU_SOURCE +#endif #include "e_os.h" +#include #include "internal/cryptlib.h" #include #include "rand_lcl.h" +#include "internal/rand_int.h" +#include +#include "internal/dso.h" +#if defined(__linux) +# include +#endif +#if defined(__FreeBSD__) +# include +# include +# include +#endif +#if defined(__OpenBSD__) || defined(__NetBSD__) +# include +#endif -#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)) - +#if defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) # include -# include -# include # include # include # include -# include -# if defined(OPENSSL_SYS_LINUX) /* should actually be available virtually - * everywhere */ -# include -# endif -# include -# ifndef FD_SETSIZE -# define FD_SETSIZE (8*sizeof(fd_set)) +# include + +static uint64_t get_time_stamp(void); +static uint64_t get_timer_bits(void); + +/* Macro to convert two thirty two bit values into a sixty four bit one */ +# define TWO32TO64(a, b) ((((uint64_t)(a)) << 32) + (b)) + +/* + * Check for the existence and support of POSIX timers. The standard + * says that the _POSIX_TIMERS macro will have a positive value if they + * are available. + * + * However, we want an additional constraint: that the timer support does + * not require an extra library dependency. Early versions of glibc + * require -lrt to be specified on the link line to access the timers, + * so this needs to be checked for. + * + * It is worse because some libraries define __GLIBC__ but don't + * support the version testing macro (e.g. uClibc). This means + * an extra check is needed. + * + * The final condition is: + * "have posix timers and either not glibc or glibc without -lrt" + * + * The nested #if sequences are required to avoid using a parameterised + * macro that might be undefined. + */ +# undef OSSL_POSIX_TIMER_OKAY +# if defined(_POSIX_TIMERS) && _POSIX_TIMERS > 0 +# if defined(__GLIBC__) +# if defined(__GLIBC_PREREQ) +# if __GLIBC_PREREQ(2, 17) +# define OSSL_POSIX_TIMER_OKAY +# endif +# endif +# else +# define OSSL_POSIX_TIMER_OKAY +# endif # endif +#endif /* defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) */ + +#if defined(OPENSSL_RAND_SEED_NONE) +/* none means none. this simplifies the following logic */ +# undef OPENSSL_RAND_SEED_OS +# undef OPENSSL_RAND_SEED_GETRANDOM +# undef OPENSSL_RAND_SEED_LIBRANDOM +# undef OPENSSL_RAND_SEED_DEVRANDOM +# undef OPENSSL_RAND_SEED_RDTSC +# undef OPENSSL_RAND_SEED_RDCPU +# undef OPENSSL_RAND_SEED_EGD +#endif + +#if (defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)) && \ + !defined(OPENSSL_RAND_SEED_NONE) +# error "UEFI and VXWorks only support seeding NONE" +#endif + +#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) \ + || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_VXWORKS) \ + || defined(OPENSSL_SYS_UEFI)) # if defined(OPENSSL_SYS_VOS) +# ifndef OPENSSL_RAND_SEED_OS +# error "Unsupported seeding method configured; must be os" +# endif + +# if defined(OPENSSL_SYS_VOS_HPPA) && defined(OPENSSL_SYS_VOS_IA32) +# error "Unsupported HP-PA and IA32 at the same time." +# endif +# if !defined(OPENSSL_SYS_VOS_HPPA) && !defined(OPENSSL_SYS_VOS_IA32) +# error "Must have one of HP-PA or IA32" +# endif + /* * The following algorithm repeatedly samples the real-time clock (RTC) to * generate a sequence of unpredictable data. The algorithm relies upon the * uneven execution speed of the code (due to factors such as cache misses, * interrupts, bus activity, and scheduling) and upon the rather large * relative difference between the speed of the clock and the rate at which - * it can be read. + * it can be read. If it is ported to an environment where execution speed + * is more constant or where the RTC ticks at a much slower rate, or the + * clock can be read with fewer instructions, it is likely that the results + * would be far more predictable. This should only be used for legacy + * platforms. * - * If this code is ported to an environment where execution speed is more - * constant or where the RTC ticks at a much slower rate, or the clock can be - * read with fewer instructions, it is likely that the results would be far - * more predictable. - * - * As a precaution, we generate 4 times the minimum required amount of seed - * data. + * As a precaution, we assume only 2 bits of entropy per byte. */ - -int RAND_poll(void) +size_t rand_pool_acquire_entropy(RAND_POOL *pool) { short int code; - gid_t curr_gid; - pid_t curr_pid; - uid_t curr_uid; int i, k; + size_t bytes_needed; struct timespec ts; unsigned char v; - # ifdef OPENSSL_SYS_VOS_HPPA long duration; extern void s$sleep(long *_duration, short int *_code); # else -# ifdef OPENSSL_SYS_VOS_IA32 long long duration; extern void s$sleep2(long long *_duration, short int *_code); -# else -# error "Unsupported Platform." -# endif /* OPENSSL_SYS_VOS_IA32 */ -# endif /* OPENSSL_SYS_VOS_HPPA */ - - /* - * Seed with the gid, pid, and uid, to ensure *some* variation between - * different processes. - */ - - curr_gid = getgid(); - RAND_add(&curr_gid, sizeof(curr_gid), 1); - curr_gid = 0; - - curr_pid = getpid(); - RAND_add(&curr_pid, sizeof(curr_pid), 1); - curr_pid = 0; +# endif - curr_uid = getuid(); - RAND_add(&curr_uid, sizeof(curr_uid), 1); - curr_uid = 0; + bytes_needed = rand_pool_bytes_needed(pool, 4 /*entropy_factor*/); - for (i = 0; i < (ENTROPY_NEEDED * 4); i++) { + for (i = 0; i < bytes_needed; i++) { /* * burn some cpu; hope for interrupts, cache collisions, bus * interference, etc. @@ -104,221 +154,533 @@ int RAND_poll(void) duration = 1; s$sleep(&duration, &code); # else -# ifdef OPENSSL_SYS_VOS_IA32 /* sleep for 1/65536 of a second (15 us). */ duration = 1; s$sleep2(&duration, &code); -# endif /* OPENSSL_SYS_VOS_IA32 */ -# endif /* OPENSSL_SYS_VOS_HPPA */ +# endif - /* get wall clock time. */ + /* Get wall clock time, take 8 bits. */ clock_gettime(CLOCK_REALTIME, &ts); - - /* take 8 bits */ - v = (unsigned char)(ts.tv_nsec % 256); - RAND_add(&v, sizeof(v), 1); - v = 0; + v = (unsigned char)(ts.tv_nsec & 0xFF); + rand_pool_add(pool, arg, &v, sizeof(v) , 2); } - return 1; + return rand_pool_entropy_available(pool); } -# elif defined __OpenBSD__ -int RAND_poll(void) -{ - u_int32_t rnd = 0, i; - unsigned char buf[ENTROPY_NEEDED]; - - for (i = 0; i < sizeof(buf); i++) { - if (i % 4 == 0) - rnd = arc4random(); - buf[i] = rnd; - rnd >>= 8; - } - RAND_add(buf, sizeof(buf), ENTROPY_NEEDED); - OPENSSL_cleanse(buf, sizeof(buf)); - return 1; +void rand_pool_cleanup(void) +{ } -# else /* !defined(__OpenBSD__) */ -int RAND_poll(void) + +void rand_pool_keep_random_devices_open(int keep) { - unsigned long l; - pid_t curr_pid = getpid(); -# if defined(DEVRANDOM) || (!defined(OPENSS_NO_EGD) && defined(DEVRANDOM_EGD)) - unsigned char tmpbuf[ENTROPY_NEEDED]; - int n = 0; +} + +# else + +# if defined(OPENSSL_RAND_SEED_EGD) && \ + (defined(OPENSSL_NO_EGD) || !defined(DEVRANDOM_EGD)) +# error "Seeding uses EGD but EGD is turned off or no device given" # endif -# ifdef DEVRANDOM - static const char *randomfiles[] = { DEVRANDOM }; - struct stat randomstats[OSSL_NELEM(randomfiles)]; - int fd; - unsigned int i; + +# if defined(OPENSSL_RAND_SEED_DEVRANDOM) && !defined(DEVRANDOM) +# error "Seeding uses urandom but DEVRANDOM is not configured" # endif -# if !defined(OPENSSL_NO_EGD) && defined(DEVRANDOM_EGD) - static const char *egdsockets[] = { DEVRANDOM_EGD, NULL }; - const char **egdsocket = NULL; + +# if defined(OPENSSL_RAND_SEED_OS) +# if !defined(DEVRANDOM) +# error "OS seeding requires DEVRANDOM to be configured" +# endif +# define OPENSSL_RAND_SEED_GETRANDOM +# define OPENSSL_RAND_SEED_DEVRANDOM +# endif + +# if defined(OPENSSL_RAND_SEED_LIBRANDOM) +# error "librandom not (yet) supported" # endif -# ifdef DEVRANDOM - memset(randomstats, 0, sizeof(randomstats)); +# if (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND) +/* + * sysctl_random(): Use sysctl() to read a random number from the kernel + * Returns the number of bytes returned in buf on success, -1 on failure. + */ +static ssize_t sysctl_random(char *buf, size_t buflen) +{ + int mib[2]; + size_t done = 0; + size_t len; + /* - * Use a random entropy pool device. Linux, FreeBSD and OpenBSD have - * this. Use /dev/urandom if you can as /dev/random may block if it runs - * out of random entries. + * Note: sign conversion between size_t and ssize_t is safe even + * without a range check, see comment in syscall_random() */ - for (i = 0; (i < OSSL_NELEM(randomfiles)) && (n < ENTROPY_NEEDED); i++) { - if ((fd = open(randomfiles[i], O_RDONLY -# ifdef O_NONBLOCK - | O_NONBLOCK -# endif -# ifdef O_BINARY - | O_BINARY + /* + * On FreeBSD old implementations returned longs, newer versions support + * variable sizes up to 256 byte. The code below would not work properly + * when the sysctl returns long and we want to request something not a + * multiple of longs, which should never be the case. + */ + if (!ossl_assert(buflen % sizeof(long) == 0)) { + errno = EINVAL; + return -1; + } + + /* + * On NetBSD before 4.0 KERN_ARND was an alias for KERN_URND, and only + * filled in an int, leaving the rest uninitialized. Since NetBSD 4.0 + * it returns a variable number of bytes with the current version supporting + * up to 256 bytes. + * Just return an error on older NetBSD versions. + */ +#if defined(__NetBSD__) && __NetBSD_Version__ < 400000000 + errno = ENOSYS; + return -1; +#endif + + mib[0] = CTL_KERN; + mib[1] = KERN_ARND; + + do { + len = buflen; + if (sysctl(mib, 2, buf, &len, NULL, 0) == -1) + return done > 0 ? done : -1; + done += len; + buf += len; + buflen -= len; + } while (buflen > 0); + + return done; +} +# endif + +# if defined(OPENSSL_RAND_SEED_GETRANDOM) +/* + * syscall_random(): Try to get random data using a system call + * returns the number of bytes returned in buf, or < 0 on error. + */ +static ssize_t syscall_random(void *buf, size_t buflen) +{ + /* + * Note: 'buflen' equals the size of the buffer which is used by the + * get_entropy() callback of the RAND_DRBG. It is roughly bounded by + * + * 2 * RAND_POOL_FACTOR * (RAND_DRBG_STRENGTH / 8) = 2^14 + * + * which is way below the OSSL_SSIZE_MAX limit. Therefore sign conversion + * between size_t and ssize_t is safe even without a range check. + */ + + /* + * Do runtime detection to find getentropy(). + * + * Known OSs that should support this: + * - Darwin since 16 (OSX 10.12, IOS 10.0). + * - Solaris since 11.3 + * - OpenBSD since 5.6 + * - Linux since 3.17 with glibc 2.25 + * - FreeBSD since 12.0 (1200061) + */ +# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux) + extern int getentropy(void *buffer, size_t length) __attribute__((weak)); + + if (getentropy != NULL) + return getentropy(buf, buflen) == 0 ? (ssize_t)buflen : -1; +# else + union { + void *p; + int (*f)(void *buffer, size_t length); + } p_getentropy; + + /* + * We could cache the result of the lookup, but we normally don't + * call this function often. + */ + ERR_set_mark(); + p_getentropy.p = DSO_global_lookup("getentropy"); + ERR_pop_to_mark(); + if (p_getentropy.p != NULL) + return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1; +# endif + + /* Linux supports this since version 3.17 */ +# if defined(__linux) && defined(SYS_getrandom) + return syscall(SYS_getrandom, buf, buflen, 0); +# elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND) + return sysctl_random(buf, buflen); +# else + errno = ENOSYS; + return -1; +# endif +} +# endif /* defined(OPENSSL_RAND_SEED_GETRANDOM) */ + +# if defined(OPENSSL_RAND_SEED_DEVRANDOM) +static const char *random_device_paths[] = { DEVRANDOM }; +static struct random_device { + int fd; + dev_t dev; + ino_t ino; + mode_t mode; + dev_t rdev; +} random_devices[OSSL_NELEM(random_device_paths)]; +static int keep_random_devices_open = 1; + +/* + * Verify that the file descriptor associated with the random source is + * still valid. The rationale for doing this is the fact that it is not + * uncommon for daemons to close all open file handles when daemonizing. + * So the handle might have been closed or even reused for opening + * another file. + */ +static int check_random_device(struct random_device * rd) +{ + struct stat st; + + return rd->fd != -1 + && fstat(rd->fd, &st) != -1 + && rd->dev == st.st_dev + && rd->ino == st.st_ino + && ((rd->mode ^ st.st_mode) & ~(S_IRWXU | S_IRWXG | S_IRWXO)) == 0 + && rd->rdev == st.st_rdev; +} + +/* + * Open a random device if required and return its file descriptor or -1 on error + */ +static int get_random_device(size_t n) +{ + struct stat st; + struct random_device * rd = &random_devices[n]; + + /* reuse existing file descriptor if it is (still) valid */ + if (check_random_device(rd)) + return rd->fd; + + /* open the random device ... */ + if ((rd->fd = open(random_device_paths[n], O_RDONLY)) == -1) + return rd->fd; + + /* ... and cache its relevant stat(2) data */ + if (fstat(rd->fd, &st) != -1) { + rd->dev = st.st_dev; + rd->ino = st.st_ino; + rd->mode = st.st_mode; + rd->rdev = st.st_rdev; + } else { + close(rd->fd); + rd->fd = -1; + } + + return rd->fd; +} + +/* + * Close a random device making sure it is a random device + */ +static void close_random_device(size_t n) +{ + struct random_device * rd = &random_devices[n]; + + if (check_random_device(rd)) + close(rd->fd); + rd->fd = -1; +} + +int rand_pool_init(void) +{ + size_t i; + + for (i = 0; i < OSSL_NELEM(random_devices); i++) + random_devices[i].fd = -1; + + return 1; +} + +void rand_pool_cleanup(void) +{ + size_t i; + + for (i = 0; i < OSSL_NELEM(random_devices); i++) + close_random_device(i); +} + +void rand_pool_keep_random_devices_open(int keep) +{ + if (!keep) + rand_pool_cleanup(); + + keep_random_devices_open = keep; +} + +# else /* !defined(OPENSSL_RAND_SEED_DEVRANDOM) */ + +int rand_pool_init(void) +{ + return 1; +} + +void rand_pool_cleanup(void) +{ +} + +void rand_pool_keep_random_devices_open(int keep) +{ +} + +# endif /* defined(OPENSSL_RAND_SEED_DEVRANDOM) */ + +/* + * Try the various seeding methods in turn, exit when successful. + * + * TODO(DRBG): If more than one entropy source is available, is it + * preferable to stop as soon as enough entropy has been collected + * (as favored by @rsalz) or should one rather be defensive and add + * more entropy than requested and/or from different sources? + * + * Currently, the user can select multiple entropy sources in the + * configure step, yet in practice only the first available source + * will be used. A more flexible solution has been requested, but + * currently it is not clear how this can be achieved without + * overengineering the problem. There are many parameters which + * could be taken into account when selecting the order and amount + * of input from the different entropy sources (trust, quality, + * possibility of blocking). + */ +size_t rand_pool_acquire_entropy(RAND_POOL *pool) +{ +# if defined(OPENSSL_RAND_SEED_NONE) + return rand_pool_entropy_available(pool); +# else + size_t bytes_needed; + size_t entropy_available = 0; + unsigned char *buffer; + +# if defined(OPENSSL_RAND_SEED_GETRANDOM) + { + ssize_t bytes; + /* Maximum allowed number of consecutive unsuccessful attempts */ + int attempts = 3; + + bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); + while (bytes_needed != 0 && attempts-- > 0) { + buffer = rand_pool_add_begin(pool, bytes_needed); + bytes = syscall_random(buffer, bytes_needed); + if (bytes > 0) { + rand_pool_add_end(pool, bytes, 8 * bytes); + bytes_needed -= bytes; + attempts = 3; /* reset counter after successful attempt */ + } else if (bytes < 0 && errno != EINTR) { + break; + } + } + } + entropy_available = rand_pool_entropy_available(pool); + if (entropy_available > 0) + return entropy_available; # endif -# ifdef O_NOCTTY /* If it happens to be a TTY (god forbid), do - * not make it our controlling tty */ - | O_NOCTTY + +# if defined(OPENSSL_RAND_SEED_LIBRANDOM) + { + /* Not yet implemented. */ + } # endif - )) >= 0) { - int usec = 10 * 1000; /* spend 10ms on each file */ - int r; - unsigned int j; - struct stat *st = &randomstats[i]; - - /* - * Avoid using same input... Used to be O_NOFOLLOW above, but - * it's not universally appropriate... - */ - if (fstat(fd, st) != 0) { - close(fd); + +# if defined(OPENSSL_RAND_SEED_DEVRANDOM) + bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); + { + size_t i; + + for (i = 0; bytes_needed > 0 && i < OSSL_NELEM(random_device_paths); i++) { + ssize_t bytes = 0; + /* Maximum allowed number of consecutive unsuccessful attempts */ + int attempts = 3; + const int fd = get_random_device(i); + + if (fd == -1) continue; - } - for (j = 0; j < i; j++) { - if (randomstats[j].st_ino == st->st_ino && - randomstats[j].st_dev == st->st_dev) + + while (bytes_needed != 0 && attempts-- > 0) { + buffer = rand_pool_add_begin(pool, bytes_needed); + bytes = read(fd, buffer, bytes_needed); + + if (bytes > 0) { + rand_pool_add_end(pool, bytes, 8 * bytes); + bytes_needed -= bytes; + attempts = 3; /* reset counter after successful attempt */ + } else if (bytes < 0 && errno != EINTR) { break; + } } - if (j < i) { - close(fd); - continue; - } + if (bytes < 0 || !keep_random_devices_open) + close_random_device(i); - do { - int try_read = 0; - -# if defined(OPENSSL_SYS_LINUX) - /* use poll() */ - struct pollfd pset; - - pset.fd = fd; - pset.events = POLLIN; - pset.revents = 0; - - if (poll(&pset, 1, usec / 1000) < 0) - usec = 0; - else - try_read = (pset.revents & POLLIN) != 0; - -# else - /* use select() */ - fd_set fset; - struct timeval t; - - t.tv_sec = 0; - t.tv_usec = usec; - - if (FD_SETSIZE > 0 && (unsigned)fd >= FD_SETSIZE) { - /* - * can't use select, so just try to read once anyway - */ - try_read = 1; - } else { - FD_ZERO(&fset); - FD_SET(fd, &fset); - - if (select(fd + 1, &fset, NULL, NULL, &t) >= 0) { - usec = t.tv_usec; - if (FD_ISSET(fd, &fset)) - try_read = 1; - } else - usec = 0; - } + bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); + } + entropy_available = rand_pool_entropy_available(pool); + if (entropy_available > 0) + return entropy_available; + } # endif - if (try_read) { - r = read(fd, (unsigned char *)tmpbuf + n, - ENTROPY_NEEDED - n); - if (r > 0) - n += r; - } else - r = -1; - - /* - * Some Unixen will update t in select(), some won't. For - * those who won't, or if we didn't use select() in the first - * place, give up here, otherwise, we will do this once again - * for the remaining time. - */ - if (usec == 10 * 1000) - usec = 0; - } - while ((r > 0 || - (errno == EINTR || errno == EAGAIN)) && usec != 0 - && n < ENTROPY_NEEDED); +# if defined(OPENSSL_RAND_SEED_RDTSC) + entropy_available = rand_acquire_entropy_from_tsc(pool); + if (entropy_available > 0) + return entropy_available; +# endif + +# if defined(OPENSSL_RAND_SEED_RDCPU) + entropy_available = rand_acquire_entropy_from_cpu(pool); + if (entropy_available > 0) + return entropy_available; +# endif - close(fd); +# if defined(OPENSSL_RAND_SEED_EGD) + bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); + if (bytes_needed > 0) { + static const char *paths[] = { DEVRANDOM_EGD, NULL }; + int i; + + for (i = 0; paths[i] != NULL; i++) { + buffer = rand_pool_add_begin(pool, bytes_needed); + if (buffer != NULL) { + size_t bytes = 0; + int num = RAND_query_egd_bytes(paths[i], + buffer, (int)bytes_needed); + if (num == (int)bytes_needed) + bytes = bytes_needed; + + rand_pool_add_end(pool, bytes, 8 * bytes); + entropy_available = rand_pool_entropy_available(pool); + } + if (entropy_available > 0) + return entropy_available; } } -# endif /* defined(DEVRANDOM) */ +# endif + + return rand_pool_entropy_available(pool); +# endif +} +# endif +#endif + +#if defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) +int rand_pool_add_nonce_data(RAND_POOL *pool) +{ + struct { + pid_t pid; + CRYPTO_THREAD_ID tid; + uint64_t time; + } data = { 0 }; + + /* + * Add process id, thread id, and a high resolution timestamp to + * ensure that the nonce is unique with high probability for + * different process instances. + */ + data.pid = getpid(); + data.tid = CRYPTO_THREAD_get_current_id(); + data.time = get_time_stamp(); + + return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0); +} + +int rand_pool_add_additional_data(RAND_POOL *pool) +{ + struct { + CRYPTO_THREAD_ID tid; + uint64_t time; + } data = { 0 }; -# if !defined(OPENSSL_NO_EGD) && defined(DEVRANDOM_EGD) /* - * Use an EGD socket to read entropy from an EGD or PRNGD entropy - * collecting daemon. + * Add some noise from the thread id and a high resolution timer. + * The thread id adds a little randomness if the drbg is accessed + * concurrently (which is the case for the drbg). */ + data.tid = CRYPTO_THREAD_get_current_id(); + data.time = get_timer_bits(); + + return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0); +} - for (egdsocket = egdsockets; *egdsocket && n < ENTROPY_NEEDED; - egdsocket++) { - int r; - r = RAND_query_egd_bytes(*egdsocket, (unsigned char *)tmpbuf + n, - ENTROPY_NEEDED - n); - if (r > 0) - n += r; +/* + * Get the current time with the highest possible resolution + * + * The time stamp is added to the nonce, so it is optimized for not repeating. + * The current time is ideal for this purpose, provided the computer's clock + * is synchronized. + */ +static uint64_t get_time_stamp(void) +{ +# if defined(OSSL_POSIX_TIMER_OKAY) + { + struct timespec ts; + + if (clock_gettime(CLOCK_REALTIME, &ts) == 0) + return TWO32TO64(ts.tv_sec, ts.tv_nsec); } -# endif /* defined(DEVRANDOM_EGD) */ +# endif +# if defined(__unix__) \ + || (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L) + { + struct timeval tv; -# if defined(DEVRANDOM) || (!defined(OPENSSL_NO_EGD) && defined(DEVRANDOM_EGD)) - if (n > 0) { - RAND_add(tmpbuf, sizeof(tmpbuf), (double)n); - OPENSSL_cleanse(tmpbuf, n); + if (gettimeofday(&tv, NULL) == 0) + return TWO32TO64(tv.tv_sec, tv.tv_usec); } -# endif +# endif + return time(NULL); +} + +/* + * Get an arbitrary timer value of the highest possible resolution + * + * The timer value is added as random noise to the additional data, + * which is not considered a trusted entropy sourec, so any result + * is acceptable. + */ +static uint64_t get_timer_bits(void) +{ + uint64_t res = OPENSSL_rdtsc(); - /* put in some default random data, we need more than just this */ - l = curr_pid; - RAND_add(&l, sizeof(l), 0.0); - l = getuid(); - RAND_add(&l, sizeof(l), 0.0); + if (res != 0) + return res; - l = time(NULL); - RAND_add(&l, sizeof(l), 0.0); +# if defined(__sun) || defined(__hpux) + return gethrtime(); +# elif defined(_AIX) + { + timebasestruct_t t; -# if defined(DEVRANDOM) || (!defined(OPENSSL_NO_EGD) && defined(DEVRANDOM_EGD)) - return 1; + read_wall_time(&t, TIMEBASE_SZ); + return TWO32TO64(t.tb_high, t.tb_low); + } +# elif defined(OSSL_POSIX_TIMER_OKAY) + { + struct timespec ts; + +# ifdef CLOCK_BOOTTIME +# define CLOCK_TYPE CLOCK_BOOTTIME +# elif defined(_POSIX_MONOTONIC_CLOCK) +# define CLOCK_TYPE CLOCK_MONOTONIC # else - return 0; +# define CLOCK_TYPE CLOCK_REALTIME # endif -} -# endif /* defined(__OpenBSD__) */ -#endif /* !(defined(OPENSSL_SYS_WINDOWS) || - * defined(OPENSSL_SYS_WIN32) || - * defined(OPENSSL_SYS_VMS) || - * defined(OPENSSL_SYS_VXWORKS) */ + if (clock_gettime(CLOCK_TYPE, &ts) == 0) + return TWO32TO64(ts.tv_sec, ts.tv_nsec); + } +# endif +# if defined(__unix__) \ + || (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L) + { + struct timeval tv; -#if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI) -int RAND_poll(void) -{ - return 0; + if (gettimeofday(&tv, NULL) == 0) + return TWO32TO64(tv.tv_sec, tv.tv_usec); + } +# endif + return time(NULL); } -#endif +#endif /* defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) */ diff --git a/deps/openssl/openssl/crypto/rand/rand_vms.c b/deps/openssl/openssl/crypto/rand/rand_vms.c index 9c462dd374911f..bfcf6f0a86c508 100644 --- a/deps/openssl/openssl/crypto/rand/rand_vms.c +++ b/deps/openssl/openssl/crypto/rand/rand_vms.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,127 +7,522 @@ * https://www.openssl.org/source/license.html */ -/* - * Modified by VMS Software, Inc (2016) - * Eliminate looping through all processes (performance) - * Add additional randomizations using rand() function - */ - -#include -#include "rand_lcl.h" +#include "e_os.h" #if defined(OPENSSL_SYS_VMS) +# define __NEW_STARLET 1 /* New starlet definitions since VMS 7.0 */ +# include +# include "internal/cryptlib.h" +# include +# include "internal/rand_int.h" +# include "rand_lcl.h" # include +# include # include +# include +# include # include # include -# include +# include +# include +# include +# include +# include # ifdef __DECC # pragma message disable DOLLARID # endif -/* - * Use 32-bit pointers almost everywhere. Define the type to which to cast a - * pointer passed to an external function. - */ +# ifndef OPENSSL_RAND_SEED_OS +# error "Unsupported seeding method configured; must be os" +# endif + +/* We need to make sure we have the right size pointer in some cases */ # if __INITIAL_POINTER_SIZE == 64 -# define PTR_T __void_ptr64 # pragma pointer_size save # pragma pointer_size 32 -# else /* __INITIAL_POINTER_SIZE == 64 */ -# define PTR_T void * -# endif /* __INITIAL_POINTER_SIZE == 64 [else] */ +# endif +typedef uint32_t *uint32_t__ptr32; +# if __INITIAL_POINTER_SIZE == 64 +# pragma pointer_size restore +# endif -static struct items_data_st { +struct item_st { short length, code; /* length is number of bytes */ -} items_data[] = { - {4, JPI$_BUFIO}, - {4, JPI$_CPUTIM}, - {4, JPI$_DIRIO}, - {4, JPI$_IMAGECOUNT}, - {8, JPI$_LAST_LOGIN_I}, - {8, JPI$_LOGINTIM}, - {4, JPI$_PAGEFLTS}, - {4, JPI$_PID}, - {4, JPI$_PPGCNT}, - {4, JPI$_WSPEAK}, - {4, JPI$_FINALEXC}, - {0, 0} /* zero terminated */ }; -int RAND_poll(void) +static const struct item_st DVI_item_data[] = { + {4, DVI$_ERRCNT}, + {4, DVI$_REFCNT}, +}; + +static const struct item_st JPI_item_data[] = { + {4, JPI$_BUFIO}, + {4, JPI$_CPUTIM}, + {4, JPI$_DIRIO}, + {4, JPI$_IMAGECOUNT}, + {4, JPI$_PAGEFLTS}, + {4, JPI$_PID}, + {4, JPI$_PPGCNT}, + {4, JPI$_WSPEAK}, + /* + * Note: the direct result is just a 32-bit address. However, it points + * to a list of 4 32-bit words, so we make extra space for them so we can + * do in-place replacement of values + */ + {16, JPI$_FINALEXC}, +}; + +static const struct item_st JPI_item_data_64bit[] = { + {8, JPI$_LAST_LOGIN_I}, + {8, JPI$_LOGINTIM}, +}; + +static const struct item_st RMI_item_data[] = { + {4, RMI$_COLPG}, + {4, RMI$_MWAIT}, + {4, RMI$_CEF}, + {4, RMI$_PFW}, + {4, RMI$_LEF}, + {4, RMI$_LEFO}, + {4, RMI$_HIB}, + {4, RMI$_HIBO}, + {4, RMI$_SUSP}, + {4, RMI$_SUSPO}, + {4, RMI$_FPG}, + {4, RMI$_COM}, + {4, RMI$_COMO}, + {4, RMI$_CUR}, +#if defined __alpha + {4, RMI$_FRLIST}, + {4, RMI$_MODLIST}, +#endif + {4, RMI$_FAULTS}, + {4, RMI$_PREADS}, + {4, RMI$_PWRITES}, + {4, RMI$_PWRITIO}, + {4, RMI$_PREADIO}, + {4, RMI$_GVALFLTS}, + {4, RMI$_WRTINPROG}, + {4, RMI$_FREFLTS}, + {4, RMI$_DZROFLTS}, + {4, RMI$_SYSFAULTS}, + {4, RMI$_ISWPCNT}, + {4, RMI$_DIRIO}, + {4, RMI$_BUFIO}, + {4, RMI$_MBREADS}, + {4, RMI$_MBWRITES}, + {4, RMI$_LOGNAM}, + {4, RMI$_FCPCALLS}, + {4, RMI$_FCPREAD}, + {4, RMI$_FCPWRITE}, + {4, RMI$_FCPCACHE}, + {4, RMI$_FCPCPU}, + {4, RMI$_FCPHIT}, + {4, RMI$_FCPSPLIT}, + {4, RMI$_FCPFAULT}, + {4, RMI$_ENQNEW}, + {4, RMI$_ENQCVT}, + {4, RMI$_DEQ}, + {4, RMI$_BLKAST}, + {4, RMI$_ENQWAIT}, + {4, RMI$_ENQNOTQD}, + {4, RMI$_DLCKSRCH}, + {4, RMI$_DLCKFND}, + {4, RMI$_NUMLOCKS}, + {4, RMI$_NUMRES}, + {4, RMI$_ARRLOCPK}, + {4, RMI$_DEPLOCPK}, + {4, RMI$_ARRTRAPK}, + {4, RMI$_TRCNGLOS}, + {4, RMI$_RCVBUFFL}, + {4, RMI$_ENQNEWLOC}, + {4, RMI$_ENQNEWIN}, + {4, RMI$_ENQNEWOUT}, + {4, RMI$_ENQCVTLOC}, + {4, RMI$_ENQCVTIN}, + {4, RMI$_ENQCVTOUT}, + {4, RMI$_DEQLOC}, + {4, RMI$_DEQIN}, + {4, RMI$_DEQOUT}, + {4, RMI$_BLKLOC}, + {4, RMI$_BLKIN}, + {4, RMI$_BLKOUT}, + {4, RMI$_DIRIN}, + {4, RMI$_DIROUT}, + /* We currently get a fault when trying these. TODO: To be figured out. */ +#if 0 + {140, RMI$_MSCP_EVERYTHING}, /* 35 32-bit words */ + {152, RMI$_DDTM_ALL}, /* 38 32-bit words */ + {80, RMI$_TMSCP_EVERYTHING} /* 20 32-bit words */ +#endif + {4, RMI$_LPZ_PAGCNT}, + {4, RMI$_LPZ_HITS}, + {4, RMI$_LPZ_MISSES}, + {4, RMI$_LPZ_EXPCNT}, + {4, RMI$_LPZ_ALLOCF}, + {4, RMI$_LPZ_ALLOC2}, + {4, RMI$_ACCESS}, + {4, RMI$_ALLOC}, + {4, RMI$_FCPCREATE}, + {4, RMI$_VOLWAIT}, + {4, RMI$_FCPTURN}, + {4, RMI$_FCPERASE}, + {4, RMI$_OPENS}, + {4, RMI$_FIDHIT}, + {4, RMI$_FIDMISS}, + {4, RMI$_FILHDR_HIT}, + {4, RMI$_DIRFCB_HIT}, + {4, RMI$_DIRFCB_MISS}, + {4, RMI$_DIRDATA_HIT}, + {4, RMI$_EXTHIT}, + {4, RMI$_EXTMISS}, + {4, RMI$_QUOHIT}, + {4, RMI$_QUOMISS}, + {4, RMI$_STORAGMAP_HIT}, + {4, RMI$_VOLLCK}, + {4, RMI$_SYNCHLCK}, + {4, RMI$_SYNCHWAIT}, + {4, RMI$_ACCLCK}, + {4, RMI$_XQPCACHEWAIT}, + {4, RMI$_DIRDATA_MISS}, + {4, RMI$_FILHDR_MISS}, + {4, RMI$_STORAGMAP_MISS}, + {4, RMI$_PROCCNTMAX}, + {4, RMI$_PROCBATCNT}, + {4, RMI$_PROCINTCNT}, + {4, RMI$_PROCNETCNT}, + {4, RMI$_PROCSWITCHCNT}, + {4, RMI$_PROCBALSETCNT}, + {4, RMI$_PROCLOADCNT}, + {4, RMI$_BADFLTS}, + {4, RMI$_EXEFAULTS}, + {4, RMI$_HDRINSWAPS}, + {4, RMI$_HDROUTSWAPS}, + {4, RMI$_IOPAGCNT}, + {4, RMI$_ISWPCNTPG}, + {4, RMI$_OSWPCNT}, + {4, RMI$_OSWPCNTPG}, + {4, RMI$_RDFAULTS}, + {4, RMI$_TRANSFLTS}, + {4, RMI$_WRTFAULTS}, +#if defined __alpha + {4, RMI$_USERPAGES}, +#endif + {4, RMI$_VMSPAGES}, + {4, RMI$_TTWRITES}, + {4, RMI$_BUFOBJPAG}, + {4, RMI$_BUFOBJPAGPEAK}, + {4, RMI$_BUFOBJPAGS01}, + {4, RMI$_BUFOBJPAGS2}, + {4, RMI$_BUFOBJPAGMAXS01}, + {4, RMI$_BUFOBJPAGMAXS2}, + {4, RMI$_BUFOBJPAGPEAKS01}, + {4, RMI$_BUFOBJPAGPEAKS2}, + {4, RMI$_BUFOBJPGLTMAXS01}, + {4, RMI$_BUFOBJPGLTMAXS2}, + {4, RMI$_DLCK_INCMPLT}, + {4, RMI$_DLCKMSGS_IN}, + {4, RMI$_DLCKMSGS_OUT}, + {4, RMI$_MCHKERRS}, + {4, RMI$_MEMERRS}, +}; + +static const struct item_st RMI_item_data_64bit[] = { +#if defined __ia64 + {8, RMI$_FRLIST}, + {8, RMI$_MODLIST}, +#endif + {8, RMI$_LCKMGR_REQCNT}, + {8, RMI$_LCKMGR_REQTIME}, + {8, RMI$_LCKMGR_SPINCNT}, + {8, RMI$_LCKMGR_SPINTIME}, + {8, RMI$_CPUINTSTK}, + {8, RMI$_CPUMPSYNCH}, + {8, RMI$_CPUKERNEL}, + {8, RMI$_CPUEXEC}, + {8, RMI$_CPUSUPER}, + {8, RMI$_CPUUSER}, +#if defined __ia64 + {8, RMI$_USERPAGES}, +#endif + {8, RMI$_TQETOTAL}, + {8, RMI$_TQESYSUB}, + {8, RMI$_TQEUSRTIMR}, + {8, RMI$_TQEUSRWAKE}, +}; + +static const struct item_st SYI_item_data[] = { + {4, SYI$_PAGEFILE_FREE}, +}; + +/* + * Input: + * items_data - an array of lengths and codes + * items_data_num - number of elements in that array + * + * Output: + * items - pre-allocated ILE3 array to be filled. + * It's assumed to have items_data_num elements plus + * one extra for the terminating NULL element + * databuffer - pre-allocated 32-bit word array. + * + * Returns the number of elements used in databuffer + */ +static size_t prepare_item_list(const struct item_st *items_input, + size_t items_input_num, + ILE3 *items, + uint32_t__ptr32 databuffer) { + size_t data_sz = 0; - /* determine the number of items in the JPI array */ + for (; items_input_num-- > 0; items_input++, items++) { - struct items_data_st item_entry; - int item_entry_count = sizeof(items_data)/sizeof(item_entry); + items->ile3$w_code = items_input->code; + /* Special treatment of JPI$_FINALEXC */ + if (items->ile3$w_code == JPI$_FINALEXC) + items->ile3$w_length = 4; + else + items->ile3$w_length = items_input->length; - /* Create the JPI itemlist array to hold item_data content */ + items->ile3$ps_bufaddr = databuffer; + items->ile3$ps_retlen_addr = 0; - struct { - short length, code; - int *buffer; - int *retlen; - } item[item_entry_count], *pitem; /* number of entries in items_data */ - - struct items_data_st *pitems_data; - int data_buffer[(item_entry_count*2)+4]; /* 8 bytes per entry max */ - int iosb[2]; - int sys_time[2]; - int *ptr; - int i, j ; - int tmp_length = 0; - int total_length = 0; - - pitems_data = items_data; - pitem = item; - - - /* Setup itemlist for GETJPI */ - while (pitems_data->length) { - pitem->length = pitems_data->length; - pitem->code = pitems_data->code; - pitem->buffer = &data_buffer[total_length]; - pitem->retlen = 0; - /* total_length is in longwords */ - total_length += pitems_data->length/4; - pitems_data++; - pitem ++; + databuffer += items_input->length / sizeof(databuffer[0]); + data_sz += items_input->length; } - pitem->length = pitem->code = 0; - - /* Fill data_buffer with various info bits from this process */ - /* and twist that data to seed the SSL random number init */ - - if (sys$getjpiw(EFN$C_ENF, NULL, NULL, item, &iosb, 0, 0) == SS$_NORMAL) { - for (i = 0; i < total_length; i++) { - sys$gettim((struct _generic_64 *)&sys_time[0]); - srand(sys_time[0] * data_buffer[0] * data_buffer[1] + i); - - if (i == (total_length - 1)) { /* for JPI$_FINALEXC */ - ptr = &data_buffer[i]; - for (j = 0; j < 4; j++) { - data_buffer[i + j] = ptr[j]; - /* OK to use rand() just to scramble the seed */ - data_buffer[i + j] ^= (sys_time[0] ^ rand()); - tmp_length++; - } - } else { - /* OK to use rand() just to scramble the seed */ - data_buffer[i] ^= (sys_time[0] ^ rand()); - } + /* Terminating NULL entry */ + items->ile3$w_length = items->ile3$w_code = 0; + items->ile3$ps_bufaddr = items->ile3$ps_retlen_addr = NULL; + + return data_sz / sizeof(databuffer[0]); +} + +static void massage_JPI(ILE3 *items) +{ + /* + * Special treatment of JPI$_FINALEXC + * The result of that item's data buffer is a 32-bit address to a list of + * 4 32-bit words. + */ + for (; items->ile3$w_length != 0; items++) { + if (items->ile3$w_code == JPI$_FINALEXC) { + uint32_t *data = items->ile3$ps_bufaddr; + uint32_t *ptr = (uint32_t *)*data; + size_t j; + + /* + * We know we made space for 4 32-bit words, so we can do in-place + * replacement. + */ + for (j = 0; j < 4; j++) + data[j] = ptr[j]; + + break; + } + } +} + +/* + * This number expresses how many bits of data contain 1 bit of entropy. + * + * For the moment, we assume about 0.05 entropy bits per data bit, or 1 + * bit of entropy per 20 data bits. + */ +#define ENTROPY_FACTOR 20 + +size_t rand_pool_acquire_entropy(RAND_POOL *pool) +{ + ILE3 JPI_items_64bit[OSSL_NELEM(JPI_item_data_64bit) + 1]; + ILE3 RMI_items_64bit[OSSL_NELEM(RMI_item_data_64bit) + 1]; + ILE3 DVI_items[OSSL_NELEM(DVI_item_data) + 1]; + ILE3 JPI_items[OSSL_NELEM(JPI_item_data) + 1]; + ILE3 RMI_items[OSSL_NELEM(RMI_item_data) + 1]; + ILE3 SYI_items[OSSL_NELEM(SYI_item_data) + 1]; + union { + /* This ensures buffer starts at 64 bit boundary */ + uint64_t dummy; + uint32_t buffer[OSSL_NELEM(JPI_item_data_64bit) * 2 + + OSSL_NELEM(RMI_item_data_64bit) * 2 + + OSSL_NELEM(DVI_item_data) + + OSSL_NELEM(JPI_item_data) + + OSSL_NELEM(RMI_item_data) + + OSSL_NELEM(SYI_item_data) + + 4 /* For JPI$_FINALEXC */]; + } data; + size_t total_elems = 0; + size_t total_length = 0; + size_t bytes_needed = rand_pool_bytes_needed(pool, ENTROPY_FACTOR); + size_t bytes_remaining = rand_pool_bytes_remaining(pool); + + /* Take all the 64-bit items first, to ensure proper alignment of data */ + total_elems += + prepare_item_list(JPI_item_data_64bit, OSSL_NELEM(JPI_item_data_64bit), + JPI_items_64bit, &data.buffer[total_elems]); + total_elems += + prepare_item_list(RMI_item_data_64bit, OSSL_NELEM(RMI_item_data_64bit), + RMI_items_64bit, &data.buffer[total_elems]); + /* Now the 32-bit items */ + total_elems += prepare_item_list(DVI_item_data, OSSL_NELEM(DVI_item_data), + DVI_items, &data.buffer[total_elems]); + total_elems += prepare_item_list(JPI_item_data, OSSL_NELEM(JPI_item_data), + JPI_items, &data.buffer[total_elems]); + total_elems += prepare_item_list(RMI_item_data, OSSL_NELEM(RMI_item_data), + RMI_items, &data.buffer[total_elems]); + total_elems += prepare_item_list(SYI_item_data, OSSL_NELEM(SYI_item_data), + SYI_items, &data.buffer[total_elems]); + total_length = total_elems * sizeof(data.buffer[0]); + + /* Fill data.buffer with various info bits from this process */ + { + uint32_t status; + uint32_t efn; + IOSB iosb; + $DESCRIPTOR(SYSDEVICE,"SYS$SYSDEVICE:"); + + if ((status = sys$getdviw(EFN$C_ENF, 0, &SYSDEVICE, DVI_items, + 0, 0, 0, 0, 0)) != SS$_NORMAL) { + lib$signal(status); + return 0; + } + if ((status = sys$getjpiw(EFN$C_ENF, 0, 0, JPI_items_64bit, 0, 0, 0)) + != SS$_NORMAL) { + lib$signal(status); + return 0; + } + if ((status = sys$getjpiw(EFN$C_ENF, 0, 0, JPI_items, 0, 0, 0)) + != SS$_NORMAL) { + lib$signal(status); + return 0; + } + if ((status = sys$getsyiw(EFN$C_ENF, 0, 0, SYI_items, 0, 0, 0)) + != SS$_NORMAL) { + lib$signal(status); + return 0; + } + /* + * The RMI service is a bit special, as there is no synchronous + * variant, so we MUST create an event flag to synchronise on. + */ + if ((status = lib$get_ef(&efn)) != SS$_NORMAL) { + lib$signal(status); + return 0; } + if ((status = sys$getrmi(efn, 0, 0, RMI_items_64bit, &iosb, 0, 0)) + != SS$_NORMAL) { + lib$signal(status); + return 0; + } + if ((status = sys$synch(efn, &iosb)) != SS$_NORMAL) { + lib$signal(status); + return 0; + } + if (iosb.iosb$l_getxxi_status != SS$_NORMAL) { + lib$signal(iosb.iosb$l_getxxi_status); + return 0; + } + if ((status = sys$getrmi(efn, 0, 0, RMI_items, &iosb, 0, 0)) + != SS$_NORMAL) { + lib$signal(status); + return 0; + } + if ((status = sys$synch(efn, &iosb)) != SS$_NORMAL) { + lib$signal(status); + return 0; + } + if (iosb.iosb$l_getxxi_status != SS$_NORMAL) { + lib$signal(iosb.iosb$l_getxxi_status); + return 0; + } + if ((status = lib$free_ef(&efn)) != SS$_NORMAL) { + lib$signal(status); + return 0; + } + } + + massage_JPI(JPI_items); - total_length += (tmp_length - 1); + /* + * If we can't feed the requirements from the caller, we're in deep trouble. + */ + if (!ossl_assert(total_length >= bytes_needed)) { + char neededstr[20]; + char availablestr[20]; - /* size of seed is total_length*4 bytes (64bytes) */ - RAND_add((PTR_T) data_buffer, total_length*4, total_length * 2); - } else { + BIO_snprintf(neededstr, sizeof(neededstr), "%zu", bytes_needed); + BIO_snprintf(availablestr, sizeof(availablestr), "%zu", total_length); + RANDerr(RAND_F_RAND_POOL_ACQUIRE_ENTROPY, + RAND_R_RANDOM_POOL_UNDERFLOW); + ERR_add_error_data(4, "Needed: ", neededstr, ", Available: ", + availablestr); return 0; } + /* + * Try not to overfeed the pool + */ + if (total_length > bytes_remaining) + total_length = bytes_remaining; + + /* We give the pessimistic value for the amount of entropy */ + rand_pool_add(pool, (unsigned char *)data.buffer, total_length, + 8 * total_length / ENTROPY_FACTOR); + return rand_pool_entropy_available(pool); +} + +int rand_pool_add_nonce_data(RAND_POOL *pool) +{ + struct { + pid_t pid; + CRYPTO_THREAD_ID tid; + uint64_t time; + } data = { 0 }; + + /* + * Add process id, thread id, and a high resolution timestamp + * (where available, which is OpenVMS v8.4 and up) to ensure that + * the nonce is unique whith high probability for different process + * instances. + */ + data.pid = getpid(); + data.tid = CRYPTO_THREAD_get_current_id(); +#if __CRTL_VER >= 80400000 + sys$gettim_prec(&data.time); +#else + sys$gettim((void*)&data.time); +#endif + + return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0); +} + +int rand_pool_add_additional_data(RAND_POOL *pool) +{ + struct { + CRYPTO_THREAD_ID tid; + uint64_t time; + } data = { 0 }; + + /* + * Add some noise from the thread id and a high resolution timer. + * The thread id adds a little randomness if the drbg is accessed + * concurrently (which is the case for the drbg). + */ + data.tid = CRYPTO_THREAD_get_current_id(); + sys$gettim_prec(&data.time); + + return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0); +} + +int rand_pool_init(void) +{ return 1; } +void rand_pool_cleanup(void) +{ +} + +void rand_pool_keep_random_devices_open(int keep) +{ +} + #endif diff --git a/deps/openssl/openssl/crypto/rand/rand_win.c b/deps/openssl/openssl/crypto/rand/rand_win.c index 1be0ed3c9a58b3..d2039eb226ec11 100644 --- a/deps/openssl/openssl/crypto/rand/rand_win.c +++ b/deps/openssl/openssl/crypto/rand/rand_win.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,15 +10,20 @@ #include "internal/cryptlib.h" #include #include "rand_lcl.h" - +#include "internal/rand_int.h" #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) + +# ifndef OPENSSL_RAND_SEED_OS +# error "Unsupported seeding method configured; must be os" +# endif + # include /* On Windows 7 or higher use BCrypt instead of the legacy CryptoAPI */ -# if defined(_MSC_VER) && defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0601 -# define RAND_WINDOWS_USE_BCRYPT +# if defined(_MSC_VER) && defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x0601 +# define USE_BCRYPTGENRANDOM # endif -# ifdef RAND_WINDOWS_USE_BCRYPT +# ifdef USE_BCRYPTGENRANDOM # include # pragma comment(lib, "bcrypt.lib") # ifndef STATUS_SUCCESS @@ -34,55 +39,124 @@ # define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider" # endif -static void readtimer(void); - -int RAND_poll(void) +size_t rand_pool_acquire_entropy(RAND_POOL *pool) { - MEMORYSTATUS mst; -# ifndef RAND_WINDOWS_USE_BCRYPT +# ifndef USE_BCRYPTGENRANDOM HCRYPTPROV hProvider; # endif - DWORD w; - BYTE buf[64]; + unsigned char *buffer; + size_t bytes_needed; + size_t entropy_available = 0; + + +# ifdef OPENSSL_RAND_SEED_RDTSC + entropy_available = rand_acquire_entropy_from_tsc(pool); + if (entropy_available > 0) + return entropy_available; +# endif -# ifdef RAND_WINDOWS_USE_BCRYPT - if (BCryptGenRandom(NULL, buf, (ULONG)sizeof(buf), BCRYPT_USE_SYSTEM_PREFERRED_RNG) == STATUS_SUCCESS) { - RAND_add(buf, sizeof(buf), sizeof(buf)); +# ifdef OPENSSL_RAND_SEED_RDCPU + entropy_available = rand_acquire_entropy_from_cpu(pool); + if (entropy_available > 0) + return entropy_available; +# endif + +# ifdef USE_BCRYPTGENRANDOM + bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); + buffer = rand_pool_add_begin(pool, bytes_needed); + if (buffer != NULL) { + size_t bytes = 0; + if (BCryptGenRandom(NULL, buffer, bytes_needed, + BCRYPT_USE_SYSTEM_PREFERRED_RNG) == STATUS_SUCCESS) + bytes = bytes_needed; + + rand_pool_add_end(pool, bytes, 8 * bytes); + entropy_available = rand_pool_entropy_available(pool); } + if (entropy_available > 0) + return entropy_available; # else - /* poll the CryptoAPI PRNG */ - /* The CryptoAPI returns sizeof(buf) bytes of randomness */ - if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) { - if (CryptGenRandom(hProvider, (DWORD)sizeof(buf), buf) != 0) { - RAND_add(buf, sizeof(buf), sizeof(buf)); + bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); + buffer = rand_pool_add_begin(pool, bytes_needed); + if (buffer != NULL) { + size_t bytes = 0; + /* poll the CryptoAPI PRNG */ + if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL, + CRYPT_VERIFYCONTEXT | CRYPT_SILENT) != 0) { + if (CryptGenRandom(hProvider, bytes_needed, buffer) != 0) + bytes = bytes_needed; + + CryptReleaseContext(hProvider, 0); } - CryptReleaseContext(hProvider, 0); - } - /* poll the Pentium PRG with CryptoAPI */ - if (CryptAcquireContextW(&hProvider, NULL, INTEL_DEF_PROV, PROV_INTEL_SEC, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) { - if (CryptGenRandom(hProvider, (DWORD)sizeof(buf), buf) != 0) { - RAND_add(buf, sizeof(buf), sizeof(buf)); + rand_pool_add_end(pool, bytes, 8 * bytes); + entropy_available = rand_pool_entropy_available(pool); + } + if (entropy_available > 0) + return entropy_available; + + bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); + buffer = rand_pool_add_begin(pool, bytes_needed); + if (buffer != NULL) { + size_t bytes = 0; + /* poll the Pentium PRG with CryptoAPI */ + if (CryptAcquireContextW(&hProvider, NULL, + INTEL_DEF_PROV, PROV_INTEL_SEC, + CRYPT_VERIFYCONTEXT | CRYPT_SILENT) != 0) { + if (CryptGenRandom(hProvider, bytes_needed, buffer) != 0) + bytes = bytes_needed; + + CryptReleaseContext(hProvider, 0); } - CryptReleaseContext(hProvider, 0); + rand_pool_add_end(pool, bytes, 8 * bytes); + entropy_available = rand_pool_entropy_available(pool); } + if (entropy_available > 0) + return entropy_available; # endif - /* timer data */ - readtimer(); + return rand_pool_entropy_available(pool); +} - /* memory usage statistics */ - GlobalMemoryStatus(&mst); - RAND_add(&mst, sizeof(mst), 1); - /* process ID */ - w = GetCurrentProcessId(); - RAND_add(&w, sizeof(w), 1); +int rand_pool_add_nonce_data(RAND_POOL *pool) +{ + struct { + DWORD pid; + DWORD tid; + FILETIME time; + } data = { 0 }; + + /* + * Add process id, thread id, and a high resolution timestamp to + * ensure that the nonce is unique whith high probability for + * different process instances. + */ + data.pid = GetCurrentProcessId(); + data.tid = GetCurrentThreadId(); + GetSystemTimeAsFileTime(&data.time); + + return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0); +} - return (1); +int rand_pool_add_additional_data(RAND_POOL *pool) +{ + struct { + DWORD tid; + LARGE_INTEGER time; + } data = { 0 }; + + /* + * Add some noise from the thread id and a high resolution timer. + * The thread id adds a little randomness if the drbg is accessed + * concurrently (which is the case for the drbg). + */ + data.tid = GetCurrentThreadId(); + QueryPerformanceCounter(&data.time); + return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0); } -#if OPENSSL_API_COMPAT < 0x10100000L +# if OPENSSL_API_COMPAT < 0x10100000L int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam) { RAND_poll(); @@ -93,43 +167,19 @@ void RAND_screen(void) { RAND_poll(); } -#endif +# endif -/* feed timing information to the PRNG */ -static void readtimer(void) +int rand_pool_init(void) { - DWORD w; - LARGE_INTEGER l; - static int have_perfc = 1; -# if defined(_MSC_VER) && defined(_M_X86) - static int have_tsc = 1; - DWORD cyclecount; - - if (have_tsc) { - __try { - __asm { - _emit 0x0f _emit 0x31 mov cyclecount, eax} - RAND_add(&cyclecount, sizeof(cyclecount), 1); - } - __except(EXCEPTION_EXECUTE_HANDLER) { - have_tsc = 0; - } - } -# else -# define have_tsc 0 -# endif + return 1; +} - if (have_perfc) { - if (QueryPerformanceCounter(&l) == 0) - have_perfc = 0; - else - RAND_add(&l, sizeof(l), 0); - } +void rand_pool_cleanup(void) +{ +} - if (!have_tsc && !have_perfc) { - w = GetTickCount(); - RAND_add(&w, sizeof(w), 0); - } +void rand_pool_keep_random_devices_open(int keep) +{ } #endif diff --git a/deps/openssl/openssl/crypto/rand/randfile.c b/deps/openssl/openssl/crypto/rand/randfile.c index c8274077050d4e..1b737d1ba2ba33 100644 --- a/deps/openssl/openssl/crypto/rand/randfile.c +++ b/deps/openssl/openssl/crypto/rand/randfile.c @@ -16,6 +16,7 @@ #include #include +#include #include #ifdef OPENSSL_SYS_VMS @@ -25,6 +26,18 @@ #ifndef OPENSSL_NO_POSIX_IO # include # include +# ifdef _WIN32 +# include +# include +# define stat _stat +# define chmod _chmod +# define open _open +# define fdopen _fdopen +# define fstat _fstat +# define fileno _fileno +# endif +#endif + /* * Following should not be needed, and we could have been stricter * and demand S_IS*. But some systems just don't comply... Formally @@ -32,184 +45,151 @@ * would look like ((m) & MASK == TYPE), but since MASK availability * is as questionable, we settle for this poor-man fallback... */ -# if !defined(S_ISBLK) -# if defined(_S_IFBLK) -# define S_ISBLK(m) ((m) & _S_IFBLK) -# elif defined(S_IFBLK) -# define S_ISBLK(m) ((m) & S_IFBLK) -# elif defined(_WIN32) -# define S_ISBLK(m) 0 /* no concept of block devices on Windows */ -# endif -# endif -# if !defined(S_ISCHR) -# if defined(_S_IFCHR) -# define S_ISCHR(m) ((m) & _S_IFCHR) -# elif defined(S_IFCHR) -# define S_ISCHR(m) ((m) & S_IFCHR) -# endif +# if !defined(S_ISREG) +# define S_ISREG(m) ((m) & S_IFREG) # endif -#endif -#ifdef _WIN32 -# define stat _stat -# define chmod _chmod -# define open _open -# define fdopen _fdopen -# define fstat _fstat -# define fileno _fileno -#endif - -#undef BUFSIZE -#define BUFSIZE 1024 -#define RAND_DATA 1024 +#define RAND_BUF_SIZE 1024 +#define RFILE ".rnd" #ifdef OPENSSL_SYS_VMS /* - * Misc hacks needed for specific cases. - * * __FILE_ptr32 is a type provided by DEC C headers (types.h specifically) * to make sure the FILE* is a 32-bit pointer no matter what. We know that - * stdio function return this type (a study of stdio.h proves it). - * Additionally, we create a similar char pointer type for the sake of - * vms_setbuf below. - */ -# if __INITIAL_POINTER_SIZE == 64 -# pragma pointer_size save -# pragma pointer_size 32 -typedef char *char_ptr32; -# pragma pointer_size restore -/* - * On VMS, setbuf() will only take 32-bit pointers, and a compilation - * with /POINTER_SIZE=64 will give off a MAYLOSEDATA2 warning here. - * Since we know that the FILE* really is a 32-bit pointer expanded to - * 64 bits, we also know it's safe to convert it back to a 32-bit pointer. - * As for the buffer parameter, we only use NULL here, so that passes as - * well... - */ -# define setbuf(fp,buf) (setbuf)((__FILE_ptr32)(fp), (char_ptr32)(buf)) -# endif - -/* + * stdio functions return this type (a study of stdio.h proves it). + * * This declaration is a nasty hack to get around vms' extension to fopen for * passing in sharing options being disabled by /STANDARD=ANSI89 */ static __FILE_ptr32 (*const vms_fopen)(const char *, const char *, ...) = - (__FILE_ptr32 (*)(const char *, const char *, ...))fopen; -# define VMS_OPEN_ATTRS "shr=get,put,upd,del","ctx=bin,stm","rfm=stm","rat=none","mrs=0" - -# define openssl_fopen(fname,mode) vms_fopen((fname), (mode), VMS_OPEN_ATTRS) + (__FILE_ptr32 (*)(const char *, const char *, ...))fopen; +# define VMS_OPEN_ATTRS \ + "shr=get,put,upd,del","ctx=bin,stm","rfm=stm","rat=none","mrs=0" +# define openssl_fopen(fname, mode) vms_fopen((fname), (mode), VMS_OPEN_ATTRS) #endif -#define RFILE ".rnd" - /* * Note that these functions are intended for seed files only. Entropy - * devices and EGD sockets are handled in rand_unix.c + * devices and EGD sockets are handled in rand_unix.c If |bytes| is + * -1 read the complete file; otherwise read the specified amount. */ - int RAND_load_file(const char *file, long bytes) { - /*- - * If bytes >= 0, read up to 'bytes' bytes. - * if bytes == -1, read complete file. + /* + * The load buffer size exceeds the chunk size by the comfortable amount + * of 'RAND_DRBG_STRENGTH' bytes (not bits!). This is done on purpose + * to avoid calling RAND_add() with a small final chunk. Instead, such + * a small final chunk will be added together with the previous chunk + * (unless it's the only one). */ +#define RAND_LOAD_BUF_SIZE (RAND_BUF_SIZE + RAND_DRBG_STRENGTH) + unsigned char buf[RAND_LOAD_BUF_SIZE]; - unsigned char buf[BUFSIZE]; #ifndef OPENSSL_NO_POSIX_IO struct stat sb; #endif - int i, ret = 0, n; - FILE *in = NULL; - - if (file == NULL) - return 0; + int i, n, ret = 0; + FILE *in; if (bytes == 0) - return ret; + return 0; - in = openssl_fopen(file, "rb"); - if (in == NULL) - goto err; + if ((in = openssl_fopen(file, "rb")) == NULL) { + RANDerr(RAND_F_RAND_LOAD_FILE, RAND_R_CANNOT_OPEN_FILE); + ERR_add_error_data(2, "Filename=", file); + return -1; + } #ifndef OPENSSL_NO_POSIX_IO - /* - * struct stat can have padding and unused fields that may not be - * initialized in the call to stat(). We need to clear the entire - * structure before calling RAND_add() to avoid complaints from - * applications such as Valgrind. - */ - memset(&sb, 0, sizeof(sb)); - if (fstat(fileno(in), &sb) < 0) - goto err; - RAND_add(&sb, sizeof(sb), 0.0); + if (fstat(fileno(in), &sb) < 0) { + RANDerr(RAND_F_RAND_LOAD_FILE, RAND_R_INTERNAL_ERROR); + ERR_add_error_data(2, "Filename=", file); + fclose(in); + return -1; + } -# if defined(S_ISBLK) && defined(S_ISCHR) - if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) { - /* - * this file is a device. we don't want read an infinite number of - * bytes from a random device, nor do we want to use buffered I/O - * because we will waste system entropy. - */ - bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */ - setbuf(in, NULL); /* don't do buffered reads */ + if (bytes < 0) { + if (S_ISREG(sb.st_mode)) + bytes = sb.st_size; + else + bytes = RAND_DRBG_STRENGTH; } -# endif #endif - for (;;) { + /* + * On VMS, setbuf() will only take 32-bit pointers, and a compilation + * with /POINTER_SIZE=64 will give off a MAYLOSEDATA2 warning here. + * However, we trust that the C RTL will never give us a FILE pointer + * above the first 4 GB of memory, so we simply turn off the warning + * temporarily. + */ +#if defined(OPENSSL_SYS_VMS) && defined(__DECC) +# pragma environment save +# pragma message disable maylosedata2 +#endif + /* + * Don't buffer, because even if |file| is regular file, we have + * no control over the buffer, so why would we want a copy of its + * contents lying around? + */ + setbuf(in, NULL); +#if defined(OPENSSL_SYS_VMS) && defined(__DECC) +# pragma environment restore +#endif + + for ( ; ; ) { if (bytes > 0) - n = (bytes < BUFSIZE) ? (int)bytes : BUFSIZE; + n = (bytes <= RAND_LOAD_BUF_SIZE) ? (int)bytes : RAND_BUF_SIZE; else - n = BUFSIZE; + n = RAND_LOAD_BUF_SIZE; i = fread(buf, 1, n, in); - if (i <= 0) +#ifdef EINTR + if (ferror(in) && errno == EINTR){ + clearerr(in); + if (i == 0) + continue; + } +#endif + if (i == 0) break; RAND_add(buf, i, (double)i); ret += i; - if (bytes > 0) { - bytes -= n; - if (bytes <= 0) - break; - } + + /* If given a bytecount, and we did it, break. */ + if (bytes > 0 && (bytes -= i) <= 0) + break; } - OPENSSL_cleanse(buf, BUFSIZE); - err: - if (in != NULL) - fclose(in); + + OPENSSL_cleanse(buf, sizeof(buf)); + fclose(in); + if (!RAND_status()) { + RANDerr(RAND_F_RAND_LOAD_FILE, RAND_R_RESEED_ERROR); + ERR_add_error_data(2, "Filename=", file); + return -1; + } + return ret; } int RAND_write_file(const char *file) { - unsigned char buf[BUFSIZE]; - int i, ret = 0, rand_err = 0; + unsigned char buf[RAND_BUF_SIZE]; + int ret = -1; FILE *out = NULL; - int n; #ifndef OPENSSL_NO_POSIX_IO struct stat sb; -# if defined(S_ISBLK) && defined(S_ISCHR) -# ifdef _WIN32 - /* - * Check for |file| being a driver as "ASCII-safe" on Windows, - * because driver paths are always ASCII. - */ -# endif - i = stat(file, &sb); - if (i != -1) { - if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) { - /* - * this file is a device. we don't write back to it. we - * "succeed" on the assumption this is some sort of random - * device. Otherwise attempting to write to and chmod the device - * causes problems. - */ - return 1; - } + if (stat(file, &sb) >= 0 && !S_ISREG(sb.st_mode)) { + RANDerr(RAND_F_RAND_WRITE_FILE, RAND_R_NOT_A_REGULAR_FILE); + ERR_add_error_data(2, "Filename=", file); + return -1; } -# endif #endif + /* Collect enough random data. */ + if (RAND_priv_bytes(buf, (int)sizeof(buf)) != 1) + return -1; + #if defined(O_CREAT) && !defined(OPENSSL_NO_POSIX_IO) && \ !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS) { @@ -244,69 +224,57 @@ int RAND_write_file(const char *file) * application level. Also consider whether or not you NEED a persistent * rand file in a concurrent use situation. */ - out = openssl_fopen(file, "rb+"); #endif + if (out == NULL) out = openssl_fopen(file, "wb"); - if (out == NULL) - goto err; + if (out == NULL) { + RANDerr(RAND_F_RAND_WRITE_FILE, RAND_R_CANNOT_OPEN_FILE); + ERR_add_error_data(2, "Filename=", file); + return -1; + } #if !defined(NO_CHMOD) && !defined(OPENSSL_NO_POSIX_IO) + /* + * Yes it's late to do this (see above comment), but better than nothing. + */ chmod(file, 0600); #endif - n = RAND_DATA; - for (;;) { - i = (n > BUFSIZE) ? BUFSIZE : n; - n -= BUFSIZE; - if (RAND_bytes(buf, i) <= 0) - rand_err = 1; - i = fwrite(buf, 1, i, out); - if (i <= 0) { - ret = 0; - break; - } - ret += i; - if (n <= 0) - break; - } + ret = fwrite(buf, 1, RAND_BUF_SIZE, out); fclose(out); - OPENSSL_cleanse(buf, BUFSIZE); - err: - return (rand_err ? -1 : ret); + OPENSSL_cleanse(buf, RAND_BUF_SIZE); + return ret; } const char *RAND_file_name(char *buf, size_t size) { char *s = NULL; + size_t len; int use_randfile = 1; -#ifdef __OpenBSD__ - struct stat sb; -#endif #if defined(_WIN32) && defined(CP_UTF8) - DWORD len; - WCHAR *var, *val; - - if ((var = L"RANDFILE", - len = GetEnvironmentVariableW(var, NULL, 0)) == 0 - && (var = L"HOME", use_randfile = 0, - len = GetEnvironmentVariableW(var, NULL, 0)) == 0 - && (var = L"USERPROFILE", - len = GetEnvironmentVariableW(var, NULL, 0)) == 0) { - var = L"SYSTEMROOT", - len = GetEnvironmentVariableW(var, NULL, 0); + DWORD envlen; + WCHAR *var; + + /* Look up various environment variables. */ + if ((envlen = GetEnvironmentVariableW(var = L"RANDFILE", NULL, 0)) == 0) { + use_randfile = 0; + if ((envlen = GetEnvironmentVariableW(var = L"HOME", NULL, 0)) == 0 + && (envlen = GetEnvironmentVariableW(var = L"USERPROFILE", + NULL, 0)) == 0) + envlen = GetEnvironmentVariableW(var = L"SYSTEMROOT", NULL, 0); } - if (len != 0) { + /* If we got a value, allocate space to hold it and then get it. */ + if (envlen != 0) { int sz; + WCHAR *val = _alloca(envlen * sizeof(WCHAR)); - val = _alloca(len * sizeof(WCHAR)); - - if (GetEnvironmentVariableW(var, val, len) < len - && (sz = WideCharToMultiByte(CP_UTF8, 0, val, -1, NULL, 0, - NULL, NULL)) != 0) { + if (GetEnvironmentVariableW(var, val, envlen) < envlen + && (sz = WideCharToMultiByte(CP_UTF8, 0, val, -1, NULL, 0, + NULL, NULL)) != 0) { s = _alloca(sz); if (WideCharToMultiByte(CP_UTF8, 0, val, -1, s, sz, NULL, NULL) == 0) @@ -319,41 +287,28 @@ const char *RAND_file_name(char *buf, size_t size) s = ossl_safe_getenv("HOME"); } #endif + #ifdef DEFAULT_HOME - if (!use_randfile && s == NULL) { + if (!use_randfile && s == NULL) s = DEFAULT_HOME; - } #endif - if (s != NULL && *s) { - size_t len = strlen(s); - - if (use_randfile && len + 1 < size) { - if (OPENSSL_strlcpy(buf, s, size) >= size) - return NULL; - } else if (len + strlen(RFILE) + 2 < size) { - OPENSSL_strlcpy(buf, s, size); + if (s == NULL || *s == '\0') + return NULL; + + len = strlen(s); + if (use_randfile) { + if (len + 1 >= size) + return NULL; + strcpy(buf, s); + } else { + if (len + 1 + strlen(RFILE) + 1 >= size) + return NULL; + strcpy(buf, s); #ifndef OPENSSL_SYS_VMS - OPENSSL_strlcat(buf, "/", size); + strcat(buf, "/"); #endif - OPENSSL_strlcat(buf, RFILE, size); - } - } else { - buf[0] = '\0'; /* no file name */ + strcat(buf, RFILE); } -#ifdef __OpenBSD__ - /* - * given that all random loads just fail if the file can't be seen on a - * stat, we stat the file we're returning, if it fails, use /dev/arandom - * instead. this allows the user to use their own source for good random - * data, but defaults to something hopefully decent if that isn't - * available. - */ - - if (!buf[0] || stat(buf, &sb) == -1) - if (OPENSSL_strlcpy(buf, "/dev/arandom", size) >= size) { - return NULL; - } -#endif - return buf[0] ? buf : NULL; + return buf; } diff --git a/deps/openssl/openssl/crypto/rc2/rc2_ecb.c b/deps/openssl/openssl/crypto/rc2/rc2_ecb.c index b87931f2a6c4fb..fb2f78273d8ee6 100644 --- a/deps/openssl/openssl/crypto/rc2/rc2_ecb.c +++ b/deps/openssl/openssl/crypto/rc2/rc2_ecb.c @@ -14,7 +14,6 @@ /*- * RC2 as implemented frm a posting from * Newsgroups: sci.crypt - * Sender: pgut01@cs.auckland.ac.nz (Peter Gutmann) * Subject: Specification for Ron Rivests Cipher No.2 * Message-ID: <4fk39f$f70@net.auckland.ac.nz> * Date: 11 Feb 1996 06:45:03 GMT diff --git a/deps/openssl/openssl/crypto/rc2/tab.c b/deps/openssl/openssl/crypto/rc2/tab.c deleted file mode 100644 index bc95dc4040f160..00000000000000 --- a/deps/openssl/openssl/crypto/rc2/tab.c +++ /dev/null @@ -1,93 +0,0 @@ -/* - * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -unsigned char ebits_to_num[256] = { - 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, - 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, - 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, - 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a, - 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, - 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36, - 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, - 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c, - 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, - 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60, - 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, - 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa, - 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, - 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e, - 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, - 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf, - 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, - 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6, - 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, - 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3, - 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, - 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c, - 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, - 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2, - 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, - 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5, - 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, - 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5, - 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, - 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, - 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, - 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab, -}; - -unsigned char num_to_ebits[256] = { - 0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, - 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5, - 0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, - 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5, - 0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, - 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef, - 0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, - 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d, - 0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, - 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb, - 0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, - 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d, - 0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, - 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3, - 0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, - 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61, - 0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, - 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1, - 0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, - 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21, - 0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, - 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42, - 0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, - 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f, - 0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, - 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7, - 0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, - 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15, - 0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, - 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7, - 0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, - 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd, -}; - -main() -{ - int i, j; - - for (i = 0; i < 256; i++) { - for (j = 0; j < 256; j++) - if (ebits_to_num[j] == i) { - printf("0x%02x,", j); - break; - } - } -} diff --git a/deps/openssl/openssl/crypto/rc4/asm/rc4-586.pl b/deps/openssl/openssl/crypto/rc4/asm/rc4-586.pl index 7d6f97c59efba3..8c5cf87d05cecf 100644 --- a/deps/openssl/openssl/crypto/rc4/asm/rc4-586.pl +++ b/deps/openssl/openssl/crypto/rc4/asm/rc4-586.pl @@ -8,7 +8,7 @@ # ==================================================================== -# [Re]written by Andy Polyakov for the OpenSSL +# [Re]written by Andy Polyakov for the OpenSSL # project. The module is, however, dual licensed under OpenSSL and # CRYPTOGAMS licenses depending on where you obtain it. For further # details see http://www.openssl.org/~appro/cryptogams/. @@ -32,8 +32,6 @@ # performance on the same Opteron machine. # (**) This number requires compressed key schedule set up by # RC4_set_key [see commentary below for further details]. -# -# # May 2011 # @@ -73,7 +71,7 @@ $output=pop; open STDOUT,">$output"; -&asm_init($ARGV[0],"rc4-586.pl",$x86only = $ARGV[$#ARGV] eq "386"); +&asm_init($ARGV[0],$x86only = $ARGV[$#ARGV] eq "386"); $xx="eax"; $yy="ebx"; @@ -136,7 +134,7 @@ sub RC4_loop { push (@XX,shift(@XX)) if ($i>=0); } } else { - # Using pinsrw here improves performane on Intel CPUs by 2-3%, but + # Using pinsrw here improves performance on Intel CPUs by 2-3%, but # brings down AMD by 7%... $RC4_loop_mmx = sub { my $i=shift; diff --git a/deps/openssl/openssl/crypto/rc4/asm/rc4-c64xplus.pl b/deps/openssl/openssl/crypto/rc4/asm/rc4-c64xplus.pl index 184922c1284751..1354d182149335 100644 --- a/deps/openssl/openssl/crypto/rc4/asm/rc4-c64xplus.pl +++ b/deps/openssl/openssl/crypto/rc4/asm/rc4-c64xplus.pl @@ -89,7 +89,7 @@ || NOP 5 STB $XX,*${KEYA}[-2] ; key->x || SUB4 $YY,$TX,$YY -|| BNOP B3 +|| BNOP B3 STB $YY,*${KEYB}[-1] ; key->y || NOP 5 .endasmfunc diff --git a/deps/openssl/openssl/crypto/rc4/asm/rc4-ia64.pl b/deps/openssl/openssl/crypto/rc4/asm/rc4-ia64.pl deleted file mode 100644 index 5e8f5f55b24078..00000000000000 --- a/deps/openssl/openssl/crypto/rc4/asm/rc4-ia64.pl +++ /dev/null @@ -1,767 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the OpenSSL license (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by David Mosberger based on the -# Itanium optimized Crypto code which was released by HP Labs at -# http://www.hpl.hp.com/research/linux/crypto/. -# -# Copyright (c) 2005 Hewlett-Packard Development Company, L.P. -# -# Permission is hereby granted, free of charge, to any person obtaining -# a copy of this software and associated documentation files (the -# "Software"), to deal in the Software without restriction, including -# without limitation the rights to use, copy, modify, merge, publish, -# distribute, sublicense, and/or sell copies of the Software, and to -# permit persons to whom the Software is furnished to do so, subject to -# the following conditions: -# -# The above copyright notice and this permission notice shall be -# included in all copies or substantial portions of the Software. - -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE -# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION -# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION -# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ - - - -# This is a little helper program which generates a software-pipelined -# for RC4 encryption. The basic algorithm looks like this: -# -# for (counter = 0; counter < len; ++counter) -# { -# in = inp[counter]; -# SI = S[I]; -# J = (SI + J) & 0xff; -# SJ = S[J]; -# T = (SI + SJ) & 0xff; -# S[I] = SJ, S[J] = SI; -# ST = S[T]; -# outp[counter] = in ^ ST; -# I = (I + 1) & 0xff; -# } -# -# Pipelining this loop isn't easy, because the stores to the S[] array -# need to be observed in the right order. The loop generated by the -# code below has the following pipeline diagram: -# -# cycle -# | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 |10 |11 |12 |13 |14 |15 |16 |17 | -# iter -# 1: xxx LDI xxx xxx xxx LDJ xxx SWP xxx LDT xxx xxx -# 2: xxx LDI xxx xxx xxx LDJ xxx SWP xxx LDT xxx xxx -# 3: xxx LDI xxx xxx xxx LDJ xxx SWP xxx LDT xxx xxx -# -# where: -# LDI = load of S[I] -# LDJ = load of S[J] -# SWP = swap of S[I] and S[J] -# LDT = load of S[T] -# -# Note that in the above diagram, the major trouble-spot is that LDI -# of the 2nd iteration is performed BEFORE the SWP of the first -# iteration. Fortunately, this is easy to detect (I of the 1st -# iteration will be equal to J of the 2nd iteration) and when this -# happens, we simply forward the proper value from the 1st iteration -# to the 2nd one. The proper value in this case is simply the value -# of S[I] from the first iteration (thanks to the fact that SWP -# simply swaps the contents of S[I] and S[J]). -# -# Another potential trouble-spot is in cycle 7, where SWP of the 1st -# iteration issues at the same time as the LDI of the 3rd iteration. -# However, thanks to IA-64 execution semantics, this can be taken -# care of simply by placing LDI later in the instruction-group than -# SWP. IA-64 CPUs will automatically forward the value if they -# detect that the SWP and LDI are accessing the same memory-location. - -# The core-loop that can be pipelined then looks like this (annotated -# with McKinley/Madison issue port & latency numbers, assuming L1 -# cache hits for the most part): - -# operation: instruction: issue-ports: latency -# ------------------ ----------------------------- ------------- ------- - -# Data = *inp++ ld1 data = [inp], 1 M0-M1 1 cyc c0 -# shladd Iptr = I, KeyTable, 3 M0-M3, I0, I1 1 cyc -# I = (I + 1) & 0xff padd1 nextI = I, one M0-M3, I0, I1 3 cyc -# ;; -# SI = S[I] ld8 SI = [Iptr] M0-M1 1 cyc c1 * after SWAP! -# ;; -# cmp.eq.unc pBypass = I, J * after J is valid! -# J = SI + J add J = J, SI M0-M3, I0, I1 1 cyc c2 -# (pBypass) br.cond.spnt Bypass -# ;; -# --------------------------------------------------------------------------------------- -# J = J & 0xff zxt1 J = J I0, I1, 1 cyc c3 -# ;; -# shladd Jptr = J, KeyTable, 3 M0-M3, I0, I1 1 cyc c4 -# ;; -# SJ = S[J] ld8 SJ = [Jptr] M0-M1 1 cyc c5 -# ;; -# --------------------------------------------------------------------------------------- -# T = (SI + SJ) add T = SI, SJ M0-M3, I0, I1 1 cyc c6 -# ;; -# T = T & 0xff zxt1 T = T I0, I1 1 cyc -# S[I] = SJ st8 [Iptr] = SJ M2-M3 c7 -# S[J] = SI st8 [Jptr] = SI M2-M3 -# ;; -# shladd Tptr = T, KeyTable, 3 M0-M3, I0, I1 1 cyc c8 -# ;; -# --------------------------------------------------------------------------------------- -# T = S[T] ld8 T = [Tptr] M0-M1 1 cyc c9 -# ;; -# data ^= T xor data = data, T M0-M3, I0, I1 1 cyc c10 -# ;; -# *out++ = Data ^ T dep word = word, data, 8, POS I0, I1 1 cyc c11 -# ;; -# --------------------------------------------------------------------------------------- - -# There are several points worth making here: - -# - Note that due to the bypass/forwarding-path, the first two -# phases of the loop are strangly mingled together. In -# particular, note that the first stage of the pipeline is -# using the value of "J", as calculated by the second stage. -# - Each bundle-pair will have exactly 6 instructions. -# - Pipelined, the loop can execute in 3 cycles/iteration and -# 4 stages. However, McKinley/Madison can issue "st1" to -# the same bank at a rate of at most one per 4 cycles. Thus, -# instead of storing each byte, we accumulate them in a word -# and then write them back at once with a single "st8" (this -# implies that the setup code needs to ensure that the output -# buffer is properly aligned, if need be, by encoding the -# first few bytes separately). -# - There is no space for a "br.ctop" instruction. For this -# reason we can't use module-loop support in IA-64 and have -# to do a traditional, purely software-pipelined loop. -# - We can't replace any of the remaining "add/zxt1" pairs with -# "padd1" because the latency for that instruction is too high -# and would push the loop to the point where more bypasses -# would be needed, which we don't have space for. -# - The above loop runs at around 3.26 cycles/byte, or roughly -# 440 MByte/sec on a 1.5GHz Madison. This is well below the -# system bus bandwidth and hence with judicious use of -# "lfetch" this loop can run at (almost) peak speed even when -# the input and output data reside in memory. The -# max. latency that can be tolerated is (PREFETCH_DISTANCE * -# L2_LINE_SIZE * 3 cyc), or about 384 cycles assuming (at -# least) 1-ahead prefetching of 128 byte cache-lines. Note -# that we do NOT prefetch into L1, since that would only -# interfere with the S[] table values stored there. This is -# acceptable because there is a 10 cycle latency between -# load and first use of the input data. -# - We use a branch to out-of-line bypass-code of cycle-pressure: -# we calculate the next J, check for the need to activate the -# bypass path, and activate the bypass path ALL IN THE SAME -# CYCLE. If we didn't have these constraints, we could do -# the bypass with a simple conditional move instruction. -# Fortunately, the bypass paths get activated relatively -# infrequently, so the extra branches don't cost all that much -# (about 0.04 cycles/byte, measured on a 16396 byte file with -# random input data). -# - -$output = pop; -open STDOUT,">$output"; - -$phases = 4; # number of stages/phases in the pipelined-loop -$unroll_count = 6; # number of times we unrolled it -$pComI = (1 << 0); -$pComJ = (1 << 1); -$pComT = (1 << 2); -$pOut = (1 << 3); - -$NData = 4; -$NIP = 3; -$NJP = 2; -$NI = 2; -$NSI = 3; -$NSJ = 2; -$NT = 2; -$NOutWord = 2; - -# -# $threshold is the minimum length before we attempt to use the -# big software-pipelined loop. It MUST be greater-or-equal -# to: -# PHASES * (UNROLL_COUNT + 1) + 7 -# -# The "+ 7" comes from the fact we may have to encode up to -# 7 bytes separately before the output pointer is aligned. -# -$threshold = (3 * ($phases * ($unroll_count + 1)) + 7); - -sub I { - local *code = shift; - local $format = shift; - $code .= sprintf ("\t\t".$format."\n", @_); -} - -sub P { - local *code = shift; - local $format = shift; - $code .= sprintf ($format."\n", @_); -} - -sub STOP { - local *code = shift; - $code .=<<___; - ;; -___ -} - -sub emit_body { - local *c = shift; - local *bypass = shift; - local ($iteration, $p) = @_; - - local $i0 = $iteration; - local $i1 = $iteration - 1; - local $i2 = $iteration - 2; - local $i3 = $iteration - 3; - local $iw0 = ($iteration - 3) / 8; - local $iw1 = ($iteration > 3) ? ($iteration - 4) / 8 : 1; - local $byte_num = ($iteration - 3) % 8; - local $label = $iteration + 1; - local $pAny = ($p & 0xf) == 0xf; - local $pByp = (($p & $pComI) && ($iteration > 0)); - - $c.=<<___; -////////////////////////////////////////////////// -___ - - if (($p & 0xf) == 0) { - $c.="#ifdef HOST_IS_BIG_ENDIAN\n"; - &I(\$c,"shr.u OutWord[%u] = OutWord[%u], 32;;", - $iw1 % $NOutWord, $iw1 % $NOutWord); - $c.="#endif\n"; - &I(\$c, "st4 [OutPtr] = OutWord[%u], 4", $iw1 % $NOutWord); - return; - } - - # Cycle 0 - &I(\$c, "{ .mmi") if ($pAny); - &I(\$c, "ld1 Data[%u] = [InPtr], 1", $i0 % $NData) if ($p & $pComI); - &I(\$c, "padd1 I[%u] = One, I[%u]", $i0 % $NI, $i1 % $NI)if ($p & $pComI); - &I(\$c, "zxt1 J = J") if ($p & $pComJ); - &I(\$c, "}") if ($pAny); - &I(\$c, "{ .mmi") if ($pAny); - &I(\$c, "LKEY T[%u] = [T[%u]]", $i1 % $NT, $i1 % $NT) if ($p & $pOut); - &I(\$c, "add T[%u] = SI[%u], SJ[%u]", - $i0 % $NT, $i2 % $NSI, $i1 % $NSJ) if ($p & $pComT); - &I(\$c, "KEYADDR(IPr[%u], I[%u])", $i0 % $NIP, $i1 % $NI) if ($p & $pComI); - &I(\$c, "}") if ($pAny); - &STOP(\$c); - - # Cycle 1 - &I(\$c, "{ .mmi") if ($pAny); - &I(\$c, "SKEY [IPr[%u]] = SJ[%u]", $i2 % $NIP, $i1%$NSJ)if ($p & $pComT); - &I(\$c, "SKEY [JP[%u]] = SI[%u]", $i1 % $NJP, $i2%$NSI) if ($p & $pComT); - &I(\$c, "zxt1 T[%u] = T[%u]", $i0 % $NT, $i0 % $NT) if ($p & $pComT); - &I(\$c, "}") if ($pAny); - &I(\$c, "{ .mmi") if ($pAny); - &I(\$c, "LKEY SI[%u] = [IPr[%u]]", $i0 % $NSI, $i0%$NIP)if ($p & $pComI); - &I(\$c, "KEYADDR(JP[%u], J)", $i0 % $NJP) if ($p & $pComJ); - &I(\$c, "xor Data[%u] = Data[%u], T[%u]", - $i3 % $NData, $i3 % $NData, $i1 % $NT) if ($p & $pOut); - &I(\$c, "}") if ($pAny); - &STOP(\$c); - - # Cycle 2 - &I(\$c, "{ .mmi") if ($pAny); - &I(\$c, "LKEY SJ[%u] = [JP[%u]]", $i0 % $NSJ, $i0%$NJP) if ($p & $pComJ); - &I(\$c, "cmp.eq pBypass, p0 = I[%u], J", $i1 % $NI) if ($pByp); - &I(\$c, "dep OutWord[%u] = Data[%u], OutWord[%u], BYTE_POS(%u), 8", - $iw0%$NOutWord, $i3%$NData, $iw1%$NOutWord, $byte_num) if ($p & $pOut); - &I(\$c, "}") if ($pAny); - &I(\$c, "{ .mmb") if ($pAny); - &I(\$c, "add J = J, SI[%u]", $i0 % $NSI) if ($p & $pComI); - &I(\$c, "KEYADDR(T[%u], T[%u])", $i0 % $NT, $i0 % $NT) if ($p & $pComT); - &P(\$c, "(pBypass)\tbr.cond.spnt.many .rc4Bypass%u",$label)if ($pByp); - &I(\$c, "}") if ($pAny); - &STOP(\$c); - - &P(\$c, ".rc4Resume%u:", $label) if ($pByp); - if ($byte_num == 0 && $iteration >= $phases) { - &I(\$c, "st8 [OutPtr] = OutWord[%u], 8", - $iw1 % $NOutWord) if ($p & $pOut); - if ($iteration == (1 + $unroll_count) * $phases - 1) { - if ($unroll_count == 6) { - &I(\$c, "mov OutWord[%u] = OutWord[%u]", - $iw1 % $NOutWord, $iw0 % $NOutWord); - } - &I(\$c, "lfetch.nt1 [InPrefetch], %u", - $unroll_count * $phases); - &I(\$c, "lfetch.excl.nt1 [OutPrefetch], %u", - $unroll_count * $phases); - &I(\$c, "br.cloop.sptk.few .rc4Loop"); - } - } - - if ($pByp) { - &P(\$bypass, ".rc4Bypass%u:", $label); - &I(\$bypass, "sub J = J, SI[%u]", $i0 % $NSI); - &I(\$bypass, "nop 0"); - &I(\$bypass, "nop 0"); - &I(\$bypass, ";;"); - &I(\$bypass, "add J = J, SI[%u]", $i1 % $NSI); - &I(\$bypass, "mov SI[%u] = SI[%u]", $i0 % $NSI, $i1 % $NSI); - &I(\$bypass, "br.sptk.many .rc4Resume%u\n", $label); - &I(\$bypass, ";;"); - } -} - -$code=<<___; -.ident \"rc4-ia64.s, version 3.0\" -.ident \"Copyright (c) 2005 Hewlett-Packard Development Company, L.P.\" - -#define LCSave r8 -#define PRSave r9 - -/* Inputs become invalid once rotation begins! */ - -#define StateTable in0 -#define DataLen in1 -#define InputBuffer in2 -#define OutputBuffer in3 - -#define KTable r14 -#define J r15 -#define InPtr r16 -#define OutPtr r17 -#define InPrefetch r18 -#define OutPrefetch r19 -#define One r20 -#define LoopCount r21 -#define Remainder r22 -#define IFinal r23 -#define EndPtr r24 - -#define tmp0 r25 -#define tmp1 r26 - -#define pBypass p6 -#define pDone p7 -#define pSmall p8 -#define pAligned p9 -#define pUnaligned p10 - -#define pComputeI pPhase[0] -#define pComputeJ pPhase[1] -#define pComputeT pPhase[2] -#define pOutput pPhase[3] - -#define RetVal r8 -#define L_OK p7 -#define L_NOK p8 - -#define _NINPUTS 4 -#define _NOUTPUT 0 - -#define _NROTATE 24 -#define _NLOCALS (_NROTATE - _NINPUTS - _NOUTPUT) - -#ifndef SZ -# define SZ 4 // this must be set to sizeof(RC4_INT) -#endif - -#if SZ == 1 -# define LKEY ld1 -# define SKEY st1 -# define KEYADDR(dst, i) add dst = i, KTable -#elif SZ == 2 -# define LKEY ld2 -# define SKEY st2 -# define KEYADDR(dst, i) shladd dst = i, 1, KTable -#elif SZ == 4 -# define LKEY ld4 -# define SKEY st4 -# define KEYADDR(dst, i) shladd dst = i, 2, KTable -#else -# define LKEY ld8 -# define SKEY st8 -# define KEYADDR(dst, i) shladd dst = i, 3, KTable -#endif - -#if defined(_HPUX_SOURCE) && !defined(_LP64) -# define ADDP addp4 -#else -# define ADDP add -#endif - -/* Define a macro for the bit number of the n-th byte: */ - -#if defined(_HPUX_SOURCE) || defined(B_ENDIAN) -# define HOST_IS_BIG_ENDIAN -# define BYTE_POS(n) (56 - (8 * (n))) -#else -# define BYTE_POS(n) (8 * (n)) -#endif - -/* - We must perform the first phase of the pipeline explicitly since - we will always load from the stable the first time. The br.cexit - will never be taken since regardless of the number of bytes because - the epilogue count is 4. -*/ -/* MODSCHED_RC4 macro was split to _PROLOGUE and _LOOP, because HP-UX - assembler failed on original macro with syntax error. */ -#define MODSCHED_RC4_PROLOGUE \\ - { \\ - ld1 Data[0] = [InPtr], 1; \\ - add IFinal = 1, I[1]; \\ - KEYADDR(IPr[0], I[1]); \\ - } ;; \\ - { \\ - LKEY SI[0] = [IPr[0]]; \\ - mov pr.rot = 0x10000; \\ - mov ar.ec = 4; \\ - } ;; \\ - { \\ - add J = J, SI[0]; \\ - zxt1 I[0] = IFinal; \\ - br.cexit.spnt.few .+16; /* never taken */ \\ - } ;; -#define MODSCHED_RC4_LOOP(label) \\ -label: \\ - { .mmi; \\ - (pComputeI) ld1 Data[0] = [InPtr], 1; \\ - (pComputeI) add IFinal = 1, I[1]; \\ - (pComputeJ) zxt1 J = J; \\ - }{ .mmi; \\ - (pOutput) LKEY T[1] = [T[1]]; \\ - (pComputeT) add T[0] = SI[2], SJ[1]; \\ - (pComputeI) KEYADDR(IPr[0], I[1]); \\ - } ;; \\ - { .mmi; \\ - (pComputeT) SKEY [IPr[2]] = SJ[1]; \\ - (pComputeT) SKEY [JP[1]] = SI[2]; \\ - (pComputeT) zxt1 T[0] = T[0]; \\ - }{ .mmi; \\ - (pComputeI) LKEY SI[0] = [IPr[0]]; \\ - (pComputeJ) KEYADDR(JP[0], J); \\ - (pComputeI) cmp.eq.unc pBypass, p0 = I[1], J; \\ - } ;; \\ - { .mmi; \\ - (pComputeJ) LKEY SJ[0] = [JP[0]]; \\ - (pOutput) xor Data[3] = Data[3], T[1]; \\ - nop 0x0; \\ - }{ .mmi; \\ - (pComputeT) KEYADDR(T[0], T[0]); \\ - (pBypass) mov SI[0] = SI[1]; \\ - (pComputeI) zxt1 I[0] = IFinal; \\ - } ;; \\ - { .mmb; \\ - (pOutput) st1 [OutPtr] = Data[3], 1; \\ - (pComputeI) add J = J, SI[0]; \\ - br.ctop.sptk.few label; \\ - } ;; - - .text - - .align 32 - - .type RC4, \@function - .global RC4 - - .proc RC4 - .prologue - -RC4: - { - .mmi - alloc r2 = ar.pfs, _NINPUTS, _NLOCALS, _NOUTPUT, _NROTATE - - .rotr Data[4], I[2], IPr[3], SI[3], JP[2], SJ[2], T[2], \\ - OutWord[2] - .rotp pPhase[4] - - ADDP InPrefetch = 0, InputBuffer - ADDP KTable = 0, StateTable - } - { - .mmi - ADDP InPtr = 0, InputBuffer - ADDP OutPtr = 0, OutputBuffer - mov RetVal = r0 - } - ;; - { - .mmi - lfetch.nt1 [InPrefetch], 0x80 - ADDP OutPrefetch = 0, OutputBuffer - } - { // Return 0 if the input length is nonsensical - .mib - ADDP StateTable = 0, StateTable - cmp.ge.unc L_NOK, L_OK = r0, DataLen - (L_NOK) br.ret.sptk.few rp - } - ;; - { - .mib - cmp.eq.or L_NOK, L_OK = r0, InPtr - cmp.eq.or L_NOK, L_OK = r0, OutPtr - nop 0x0 - } - { - .mib - cmp.eq.or L_NOK, L_OK = r0, StateTable - nop 0x0 - (L_NOK) br.ret.sptk.few rp - } - ;; - LKEY I[1] = [KTable], SZ -/* Prefetch the state-table. It contains 256 elements of size SZ */ - -#if SZ == 1 - ADDP tmp0 = 1*128, StateTable -#elif SZ == 2 - ADDP tmp0 = 3*128, StateTable - ADDP tmp1 = 2*128, StateTable -#elif SZ == 4 - ADDP tmp0 = 7*128, StateTable - ADDP tmp1 = 6*128, StateTable -#elif SZ == 8 - ADDP tmp0 = 15*128, StateTable - ADDP tmp1 = 14*128, StateTable -#endif - ;; -#if SZ >= 8 - lfetch.fault.nt1 [tmp0], -256 // 15 - lfetch.fault.nt1 [tmp1], -256;; - lfetch.fault.nt1 [tmp0], -256 // 13 - lfetch.fault.nt1 [tmp1], -256;; - lfetch.fault.nt1 [tmp0], -256 // 11 - lfetch.fault.nt1 [tmp1], -256;; - lfetch.fault.nt1 [tmp0], -256 // 9 - lfetch.fault.nt1 [tmp1], -256;; -#endif -#if SZ >= 4 - lfetch.fault.nt1 [tmp0], -256 // 7 - lfetch.fault.nt1 [tmp1], -256;; - lfetch.fault.nt1 [tmp0], -256 // 5 - lfetch.fault.nt1 [tmp1], -256;; -#endif -#if SZ >= 2 - lfetch.fault.nt1 [tmp0], -256 // 3 - lfetch.fault.nt1 [tmp1], -256;; -#endif - { - .mii - lfetch.fault.nt1 [tmp0] // 1 - add I[1]=1,I[1];; - zxt1 I[1]=I[1] - } - { - .mmi - lfetch.nt1 [InPrefetch], 0x80 - lfetch.excl.nt1 [OutPrefetch], 0x80 - .save pr, PRSave - mov PRSave = pr - } ;; - { - .mmi - lfetch.excl.nt1 [OutPrefetch], 0x80 - LKEY J = [KTable], SZ - ADDP EndPtr = DataLen, InPtr - } ;; - { - .mmi - ADDP EndPtr = -1, EndPtr // Make it point to - // last data byte. - mov One = 1 - .save ar.lc, LCSave - mov LCSave = ar.lc - .body - } ;; - { - .mmb - sub Remainder = 0, OutPtr - cmp.gtu pSmall, p0 = $threshold, DataLen -(pSmall) br.cond.dpnt .rc4Remainder // Data too small for - // big loop. - } ;; - { - .mmi - and Remainder = 0x7, Remainder - ;; - cmp.eq pAligned, pUnaligned = Remainder, r0 - nop 0x0 - } ;; - { - .mmb -.pred.rel "mutex",pUnaligned,pAligned -(pUnaligned) add Remainder = -1, Remainder -(pAligned) sub Remainder = EndPtr, InPtr -(pAligned) br.cond.dptk.many .rc4Aligned - } ;; - { - .mmi - nop 0x0 - nop 0x0 - mov.i ar.lc = Remainder - } - -/* Do the initial few bytes via the compact, modulo-scheduled loop - until the output pointer is 8-byte-aligned. */ - - MODSCHED_RC4_PROLOGUE - MODSCHED_RC4_LOOP(.RC4AlignLoop) - - { - .mib - sub Remainder = EndPtr, InPtr - zxt1 IFinal = IFinal - clrrrb // Clear CFM.rrb.pr so - ;; // next "mov pr.rot = N" - // does the right thing. - } - { - .mmi - mov I[1] = IFinal - nop 0x0 - nop 0x0 - } ;; - - -.rc4Aligned: - -/* - Unrolled loop count = (Remainder - ($unroll_count+1)*$phases)/($unroll_count*$phases) - */ - - { - .mlx - add LoopCount = 1 - ($unroll_count + 1)*$phases, Remainder - movl Remainder = 0xaaaaaaaaaaaaaaab - } ;; - { - .mmi - setf.sig f6 = LoopCount // M2, M3 6 cyc - setf.sig f7 = Remainder // M2, M3 6 cyc - nop 0x0 - } ;; - { - .mfb - nop 0x0 - xmpy.hu f6 = f6, f7 - nop 0x0 - } ;; - { - .mmi - getf.sig LoopCount = f6;; // M2 5 cyc - nop 0x0 - shr.u LoopCount = LoopCount, 4 - } ;; - { - .mmi - nop 0x0 - nop 0x0 - mov.i ar.lc = LoopCount - } ;; - -/* Now comes the unrolled loop: */ - -.rc4Prologue: -___ - -$iteration = 0; - -# Generate the prologue: -$predicates = 1; -for ($i = 0; $i < $phases; ++$i) { - &emit_body (\$code, \$bypass, $iteration++, $predicates); - $predicates = ($predicates << 1) | 1; -} - -$code.=<<___; -.rc4Loop: -___ - -# Generate the body: -for ($i = 0; $i < $unroll_count*$phases; ++$i) { - &emit_body (\$code, \$bypass, $iteration++, $predicates); -} - -$code.=<<___; -.rc4Epilogue: -___ - -# Generate the epilogue: -for ($i = 0; $i < $phases; ++$i) { - $predicates <<= 1; - &emit_body (\$code, \$bypass, $iteration++, $predicates); -} - -$code.=<<___; - { - .mmi - lfetch.nt1 [EndPtr] // fetch line with last byte - mov IFinal = I[1] - nop 0x0 - } - -.rc4Remainder: - { - .mmi - sub Remainder = EndPtr, InPtr // Calculate - // # of bytes - // left - 1 - nop 0x0 - nop 0x0 - } ;; - { - .mib - cmp.eq pDone, p0 = -1, Remainder // done already? - mov.i ar.lc = Remainder -(pDone) br.cond.dptk.few .rc4Complete - } - -/* Do the remaining bytes via the compact, modulo-scheduled loop */ - - MODSCHED_RC4_PROLOGUE - MODSCHED_RC4_LOOP(.RC4RestLoop) - -.rc4Complete: - { - .mmi - add KTable = -SZ, KTable - add IFinal = -1, IFinal - mov ar.lc = LCSave - } ;; - { - .mii - SKEY [KTable] = J,-SZ - zxt1 IFinal = IFinal - mov pr = PRSave, 0x1FFFF - } ;; - { - .mib - SKEY [KTable] = IFinal - add RetVal = 1, r0 - br.ret.sptk.few rp - } ;; -___ - -# Last but not least, emit the code for the bypass-code of the unrolled loop: - -$code.=$bypass; - -$code.=<<___; - .endp RC4 -___ - -print $code; - -close STDOUT; diff --git a/deps/openssl/openssl/crypto/rc4/asm/rc4-md5-x86_64.pl b/deps/openssl/openssl/crypto/rc4/asm/rc4-md5-x86_64.pl index 890161bac52d07..74e5191051eb7b 100644 --- a/deps/openssl/openssl/crypto/rc4/asm/rc4-md5-x86_64.pl +++ b/deps/openssl/openssl/crypto/rc4/asm/rc4-md5-x86_64.pl @@ -51,7 +51,7 @@ my $D="#" if (!$md5); # if set to "#", MD5 is stitched into RC4(), # but its result is discarded. Idea here is # to be able to use 'openssl speed rc4' for - # benchmarking the stitched subroutine... + # benchmarking the stitched subroutine... my $flavour = shift; my $output = shift; @@ -124,15 +124,23 @@ .globl $func .type $func,\@function,$nargs $func: +.cfi_startproc cmp \$0,$len je .Labort push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 sub \$40,%rsp +.cfi_adjust_cfa_offset 40 .Lbody: ___ if ($rc4) { @@ -419,7 +427,7 @@ sub R3 { and \$63,$len # remaining bytes jnz .Loop1 jmp .Ldone - + .align 16 .Loop1: add $TX[0]#b,$YY#b @@ -444,15 +452,23 @@ sub R3 { #rc4# movl $YY#d,-4($dat) mov 40(%rsp),%r15 +.cfi_restore %r15 mov 48(%rsp),%r14 +.cfi_restore %r14 mov 56(%rsp),%r13 +.cfi_restore %r13 mov 64(%rsp),%r12 +.cfi_restore %r12 mov 72(%rsp),%rbp +.cfi_restore %rbp mov 80(%rsp),%rbx +.cfi_restore %rbx lea 88(%rsp),%rsp +.cfi_adjust_cfa_offset -88 .Lepilogue: .Labort: ret +.cfi_endproc .size $func,.-$func ___ diff --git a/deps/openssl/openssl/crypto/rc4/asm/rc4-parisc.pl b/deps/openssl/openssl/crypto/rc4/asm/rc4-parisc.pl index 006b6b01af7d2a..4111f339dae4f6 100644 --- a/deps/openssl/openssl/crypto/rc4/asm/rc4-parisc.pl +++ b/deps/openssl/openssl/crypto/rc4/asm/rc4-parisc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -8,7 +8,7 @@ # ==================================================================== -# Written by Andy Polyakov for the OpenSSL +# Written by Andy Polyakov for the OpenSSL # project. The module is, however, dual licensed under OpenSSL and # CRYPTOGAMS licenses depending on where you obtain it. For further # details see http://www.openssl.org/~appro/cryptogams/. @@ -98,7 +98,7 @@ sub unrolledloopbody { for ($i=0;$i<4;$i++) { $code.=<<___; ldo 1($XX[0]),$XX[1] - `sprintf("$LDX %$TY(%$key),%$dat1") if ($i>0)` + `sprintf("$LDX %$TY(%$key),%$dat1") if ($i>0)` and $mask,$XX[1],$XX[1] $LDX $YY($key),$TY $MKX $YY,$key,$ix @@ -166,7 +166,7 @@ sub foldedloop { ldo `2*$SZ`($key),$key ldi 0xff,$mask - ldi 3,$dat0 + ldi 3,$dat0 ldo 1($XX[0]),$XX[0] ; warm up loop and $mask,$XX[0],$XX[0] @@ -313,9 +313,21 @@ sub foldedloop { .STRINGZ "rc4(4x,`$SZ==1?"char":"int"`)" .STRINGZ "RC4 for PA-RISC, CRYPTOGAMS by " ___ -$code =~ s/\`([^\`]*)\`/eval $1/gem; -$code =~ s/cmpib,\*/comib,/gm if ($SIZE_T==4); -$code =~ s/\bbv\b/bve/gm if ($SIZE_T==8); -print $code; +if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` + =~ /GNU assembler/) { + $gnuas = 1; +} + +foreach(split("\n",$code)) { + s/\`([^\`]*)\`/eval $1/ge; + + s/(\.LEVEL\s+2\.0)W/$1w/ if ($gnuas && $SIZE_T==8); + s/\.SPACE\s+\$TEXT\$/.text/ if ($gnuas && $SIZE_T==8); + s/\.SUBSPA.*// if ($gnuas && $SIZE_T==8); + s/cmpib,\*/comib,/ if ($SIZE_T==4); + s/\bbv\b/bve/ if ($SIZE_T==8); + + print $_,"\n"; +} close STDOUT; diff --git a/deps/openssl/openssl/crypto/rc4/asm/rc4-s390x.pl b/deps/openssl/openssl/crypto/rc4/asm/rc4-s390x.pl index 5589503aa24453..469f110fafeec2 100644 --- a/deps/openssl/openssl/crypto/rc4/asm/rc4-s390x.pl +++ b/deps/openssl/openssl/crypto/rc4/asm/rc4-s390x.pl @@ -8,7 +8,7 @@ # # ==================================================================== -# Written by Andy Polyakov for the OpenSSL +# Written by Andy Polyakov for the OpenSSL # project. The module is, however, dual licensed under OpenSSL and # CRYPTOGAMS licenses depending on where you obtain it. For further # details see http://www.openssl.org/~appro/cryptogams/. diff --git a/deps/openssl/openssl/crypto/rc4/asm/rc4-x86_64.pl b/deps/openssl/openssl/crypto/rc4/asm/rc4-x86_64.pl index aaed2b1e616708..1a9cc47d7253d2 100755 --- a/deps/openssl/openssl/crypto/rc4/asm/rc4-x86_64.pl +++ b/deps/openssl/openssl/crypto/rc4/asm/rc4-x86_64.pl @@ -8,7 +8,7 @@ # # ==================================================================== -# Written by Andy Polyakov for the OpenSSL +# Written by Andy Polyakov for the OpenSSL # project. The module is, however, dual licensed under OpenSSL and # CRYPTOGAMS licenses depending on where you obtain it. For further # details see http://www.openssl.org/~appro/cryptogams/. @@ -48,7 +48,7 @@ # April 2005 # -# P4 EM64T core appears to be "allergic" to 64-bit inc/dec. Replacing +# P4 EM64T core appears to be "allergic" to 64-bit inc/dec. Replacing # those with add/sub results in 50% performance improvement of folded # loop... @@ -88,7 +88,7 @@ # The only code path that was not modified is P4-specific one. Non-P4 # Intel code path optimization is heavily based on submission by Maxim # Perminov, Maxim Locktyukhin and Jim Guilford of Intel. I've used -# some of the ideas even in attempt to optmize the original RC4_INT +# some of the ideas even in attempt to optimize the original RC4_INT # code path... Current performance in cycles per processed byte (less # is better) and improvement coefficients relative to previous # version of this module are: @@ -142,9 +142,13 @@ jne .Lentry ret .Lentry: +.cfi_startproc push %rbx +.cfi_push %rbx push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 .Lprologue: mov $len,%r11 mov $inp,%r12 @@ -427,11 +431,16 @@ sub RC4_loop { movl $YY#d,-4($dat) mov (%rsp),%r13 +.cfi_restore %r13 mov 8(%rsp),%r12 +.cfi_restore %r12 mov 16(%rsp),%rbx +.cfi_restore %rbx add \$24,%rsp +.cfi_adjust_cfa_offset -24 .Lepilogue: ret +.cfi_endproc .size RC4,.-RC4 ___ } diff --git a/deps/openssl/openssl/crypto/rc4/build.info b/deps/openssl/openssl/crypto/rc4/build.info index 000fd6bc0d8ac5..46ee66b61c68a2 100644 --- a/deps/openssl/openssl/crypto/rc4/build.info +++ b/deps/openssl/openssl/crypto/rc4/build.info @@ -2,7 +2,8 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]=\ {- $target{rc4_asm_src} -} -GENERATE[rc4-586.s]=asm/rc4-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR) +GENERATE[rc4-586.s]=asm/rc4-586.pl \ + $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR) DEPEND[rc4-586.s]=../perlasm/x86asm.pl GENERATE[rc4-x86_64.s]=asm/rc4-x86_64.pl $(PERLASM_SCHEME) @@ -10,25 +11,7 @@ GENERATE[rc4-md5-x86_64.s]=asm/rc4-md5-x86_64.pl $(PERLASM_SCHEME) GENERATE[rc4-parisc.s]=asm/rc4-parisc.pl $(PERLASM_SCHEME) -GENERATE[rc4-s390x.s]=asm/rc4-s390x.pl $(PERLASM_SCHEME) - -BEGINRAW[makefile(windows)] -{- $builddir -}\rc4-ia64.asm: {- $sourcedir -}\asm\rc4-ia64.pl - $(PERL) {- $sourcedir -}\asm\rc4-ia64.pl $@.S - $(CC) -DSZ=4 -EP $@.S > $@.i && move /Y $@.i $@ - del /Q $@.S -ENDRAW[makefile(windows)] - BEGINRAW[Makefile] -{- $builddir -}/rc4-ia64.s: {- $sourcedir -}/asm/rc4-ia64.pl - @(trap "rm $@.*" INT 0; \ - $(PERL) {- $sourcedir -}/asm/rc4-ia64.pl $(CFLAGS) $(LIB_CFLAGS) $@.S; \ - case `awk '/^#define RC4_INT/{print$$NF}' $(BLDDIR)/include/openssl/opensslconf.h` in \ - int) set -x; $(CC) $(CFLAGS) $(LIB_CFLAGS) -DSZ=4 -E $@.S > $@.i && mv -f $@.i $@;; \ - char) set -x; $(CC) $(CFLAGS) $(LIB_CFLAGS) -DSZ=1 -E $@.S > $@.i && mv -f $@.i $@;; \ - *) exit 1 ;; \ - esac ) - # GNU make "catch all" {- $builddir -}/rc4-%.s: {- $sourcedir -}/asm/rc4-%.pl CC="$(CC)" $(PERL) $< $(PERLASM_SCHEME) $@ diff --git a/deps/openssl/openssl/crypto/rc4/rc4_enc.c b/deps/openssl/openssl/crypto/rc4/rc4_enc.c index be11bade7bc027..638a75bb06a939 100644 --- a/deps/openssl/openssl/crypto/rc4/rc4_enc.c +++ b/deps/openssl/openssl/crypto/rc4/rc4_enc.c @@ -13,7 +13,6 @@ /*- * RC4 as implemented from a posting from * Newsgroups: sci.crypt - * From: sterndark@netcom.com (David Sterndark) * Subject: RC4 Algorithm revealed. * Message-ID: * Date: Wed, 14 Sep 1994 06:35:31 GMT diff --git a/deps/openssl/openssl/crypto/rc4/rc4_skey.c b/deps/openssl/openssl/crypto/rc4/rc4_skey.c index 16f81a4d3e9208..e9007331eb33e4 100644 --- a/deps/openssl/openssl/crypto/rc4/rc4_skey.c +++ b/deps/openssl/openssl/crypto/rc4/rc4_skey.c @@ -14,15 +14,14 @@ const char *RC4_options(void) { if (sizeof(RC4_INT) == 1) - return ("rc4(char)"); + return "rc4(char)"; else - return ("rc4(int)"); + return "rc4(int)"; } /*- * RC4 as implemented from a posting from * Newsgroups: sci.crypt - * From: sterndark@netcom.com (David Sterndark) * Subject: RC4 Algorithm revealed. * Message-ID: * Date: Wed, 14 Sep 1994 06:35:31 GMT diff --git a/deps/openssl/openssl/crypto/rc5/asm/rc5-586.pl b/deps/openssl/openssl/crypto/rc5/asm/rc5-586.pl index e3e1c64242958e..e58a98bc83b609 100644 --- a/deps/openssl/openssl/crypto/rc5/asm/rc5-586.pl +++ b/deps/openssl/openssl/crypto/rc5/asm/rc5-586.pl @@ -15,7 +15,7 @@ $output = pop; open STDOUT,">$output"; -&asm_init($ARGV[0],"rc5-586.pl"); +&asm_init($ARGV[0]); $RC5_MAX_ROUNDS=16; $RC5_32_OFF=($RC5_MAX_ROUNDS+2)*4; diff --git a/deps/openssl/openssl/crypto/rc5/build.info b/deps/openssl/openssl/crypto/rc5/build.info index baf8a0effed42d..928a62cd85bfe6 100644 --- a/deps/openssl/openssl/crypto/rc5/build.info +++ b/deps/openssl/openssl/crypto/rc5/build.info @@ -2,5 +2,6 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]=\ rc5_skey.c rc5_ecb.c {- $target{rc5_asm_src} -} rc5cfb64.c rc5ofb64.c -GENERATE[rc5-586.s]=asm/rc5-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) +GENERATE[rc5-586.s]=asm/rc5-586.pl \ + $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) DEPEND[rc5-586.s]=../perlasm/x86asm.pl ../perlasm/cbc.pl diff --git a/deps/openssl/openssl/crypto/ripemd/asm/rmd-586.pl b/deps/openssl/openssl/crypto/ripemd/asm/rmd-586.pl index 544c496f078327..53f736c6586b71 100644 --- a/deps/openssl/openssl/crypto/ripemd/asm/rmd-586.pl +++ b/deps/openssl/openssl/crypto/ripemd/asm/rmd-586.pl @@ -19,7 +19,7 @@ $output=pop; open STDOUT,">$output"; -&asm_init($ARGV[0],$0); +&asm_init($ARGV[0]); $A="ecx"; $B="esi"; @@ -34,7 +34,7 @@ $KL3=0x8F1BBCDC; $KL4=0xA953FD4E; $KR0=0x50A28BE6; -$KR1=0x5C4DD124; +$KR1=0x5C4DD124; $KR2=0x6D703EF3; $KR3=0x7A6D76E9; @@ -339,7 +339,6 @@ sub ripemd160_block # aligned. The good news are that gcc-2.95 # and later does keep first argument at # least double-wise aligned. - # &set_label("start") unless $normal; &comment(""); @@ -543,28 +542,28 @@ sub ripemd160_block # &mov($tmp2, &wparam(0)); # Moved into last round &mov($tmp1, &DWP( 4,$tmp2,"",0)); # ctx->B - &add($D, $tmp1); + &add($D, $tmp1); &mov($tmp1, &swtmp(16+2)); # $c &add($D, $tmp1); &mov($tmp1, &DWP( 8,$tmp2,"",0)); # ctx->C - &add($E, $tmp1); + &add($E, $tmp1); &mov($tmp1, &swtmp(16+3)); # $d &add($E, $tmp1); &mov($tmp1, &DWP(12,$tmp2,"",0)); # ctx->D - &add($A, $tmp1); + &add($A, $tmp1); &mov($tmp1, &swtmp(16+4)); # $e &add($A, $tmp1); &mov($tmp1, &DWP(16,$tmp2,"",0)); # ctx->E - &add($B, $tmp1); + &add($B, $tmp1); &mov($tmp1, &swtmp(16+0)); # $a &add($B, $tmp1); &mov($tmp1, &DWP( 0,$tmp2,"",0)); # ctx->A - &add($C, $tmp1); + &add($C, $tmp1); &mov($tmp1, &swtmp(16+1)); # $b &add($C, $tmp1); diff --git a/deps/openssl/openssl/crypto/ripemd/build.info b/deps/openssl/openssl/crypto/ripemd/build.info index c45050cb2984fc..a4a894e2d1f9ed 100644 --- a/deps/openssl/openssl/crypto/ripemd/build.info +++ b/deps/openssl/openssl/crypto/ripemd/build.info @@ -2,5 +2,6 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]=\ rmd_dgst.c rmd_one.c {- $target{rmd160_asm_src} -} -GENERATE[rmd-586.s]=asm/rmd-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) +GENERATE[rmd-586.s]=asm/rmd-586.pl \ + $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) DEPEND[rmd-586.s]=../perlasm/x86asm.pl diff --git a/deps/openssl/openssl/crypto/ripemd/rmd_locl.h b/deps/openssl/openssl/crypto/ripemd/rmd_locl.h index 9c5ba15130e621..f1ae4323ca9bf4 100644 --- a/deps/openssl/openssl/crypto/ripemd/rmd_locl.h +++ b/deps/openssl/openssl/crypto/ripemd/rmd_locl.h @@ -15,7 +15,6 @@ /* * DO EXAMINE COMMENTS IN crypto/md5/md5_locl.h & crypto/md5/md5_dgst.c * FOR EXPLANATIONS ON FOLLOWING "CODE." - * */ #ifdef RMD160_ASM # if defined(__i386) || defined(__i386__) || defined(_M_IX86) @@ -46,7 +45,7 @@ void ripemd160_block_data_order(RIPEMD160_CTX *c, const void *p, size_t num); #include "internal/md32_common.h" /* - * Transformed F2 and F4 are courtesy of Wei Dai + * Transformed F2 and F4 are courtesy of Wei Dai */ #define F1(x,y,z) ((x) ^ (y) ^ (z)) #define F2(x,y,z) ((((y) ^ (z)) & (x)) ^ (z)) diff --git a/deps/openssl/openssl/crypto/ripemd/rmd_one.c b/deps/openssl/openssl/crypto/ripemd/rmd_one.c index c3193bd72380bb..cc01f15c7f1c87 100644 --- a/deps/openssl/openssl/crypto/ripemd/rmd_one.c +++ b/deps/openssl/openssl/crypto/ripemd/rmd_one.c @@ -24,5 +24,5 @@ unsigned char *RIPEMD160(const unsigned char *d, size_t n, unsigned char *md) RIPEMD160_Update(&c, d, n); RIPEMD160_Final(md, &c); OPENSSL_cleanse(&c, sizeof(c)); /* security consideration */ - return (md); + return md; } diff --git a/deps/openssl/openssl/crypto/rsa/build.info b/deps/openssl/openssl/crypto/rsa/build.info index 39b7464b0e0d0f..87f924922f636c 100644 --- a/deps/openssl/openssl/crypto/rsa/build.info +++ b/deps/openssl/openssl/crypto/rsa/build.info @@ -1,6 +1,6 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]=\ rsa_ossl.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \ - rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c \ + rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c \ rsa_pss.c rsa_x931.c rsa_asn1.c rsa_depr.c rsa_ameth.c rsa_prn.c \ - rsa_pmeth.c rsa_crpt.c rsa_x931g.c rsa_meth.c + rsa_pmeth.c rsa_crpt.c rsa_x931g.c rsa_meth.c rsa_mp.c diff --git a/deps/openssl/openssl/crypto/rsa/rsa_ameth.c b/deps/openssl/openssl/crypto/rsa/rsa_ameth.c index 4a12276a310513..a6595aec05420e 100644 --- a/deps/openssl/openssl/crypto/rsa/rsa_ameth.c +++ b/deps/openssl/openssl/crypto/rsa/rsa_ameth.c @@ -24,15 +24,68 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri); static int rsa_cms_encrypt(CMS_RecipientInfo *ri); #endif +static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg); + +/* Set any parameters associated with pkey */ +static int rsa_param_encode(const EVP_PKEY *pkey, + ASN1_STRING **pstr, int *pstrtype) +{ + const RSA *rsa = pkey->pkey.rsa; + + *pstr = NULL; + /* If RSA it's just NULL type */ + if (pkey->ameth->pkey_id == EVP_PKEY_RSA) { + *pstrtype = V_ASN1_NULL; + return 1; + } + /* If no PSS parameters we omit parameters entirely */ + if (rsa->pss == NULL) { + *pstrtype = V_ASN1_UNDEF; + return 1; + } + /* Encode PSS parameters */ + if (ASN1_item_pack(rsa->pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), pstr) == NULL) + return 0; + + *pstrtype = V_ASN1_SEQUENCE; + return 1; +} +/* Decode any parameters and set them in RSA structure */ +static int rsa_param_decode(RSA *rsa, const X509_ALGOR *alg) +{ + const ASN1_OBJECT *algoid; + const void *algp; + int algptype; + + X509_ALGOR_get0(&algoid, &algptype, &algp, alg); + if (OBJ_obj2nid(algoid) == EVP_PKEY_RSA) + return 1; + if (algptype == V_ASN1_UNDEF) + return 1; + if (algptype != V_ASN1_SEQUENCE) { + RSAerr(RSA_F_RSA_PARAM_DECODE, RSA_R_INVALID_PSS_PARAMETERS); + return 0; + } + rsa->pss = rsa_pss_decode(alg); + if (rsa->pss == NULL) + return 0; + return 1; +} + static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) { unsigned char *penc = NULL; int penclen; + ASN1_STRING *str; + int strtype; + + if (!rsa_param_encode(pkey, &str, &strtype)) + return 0; penclen = i2d_RSAPublicKey(pkey->pkey.rsa, &penc); if (penclen <= 0) return 0; - if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_RSA), - V_ASN1_NULL, NULL, penc, penclen)) + if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id), + strtype, str, penc, penclen)) return 1; OPENSSL_free(penc); @@ -43,15 +96,20 @@ static int rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) { const unsigned char *p; int pklen; + X509_ALGOR *alg; RSA *rsa = NULL; - if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, NULL, pubkey)) + if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &alg, pubkey)) return 0; if ((rsa = d2i_RSAPublicKey(NULL, &p, pklen)) == NULL) { RSAerr(RSA_F_RSA_PUB_DECODE, ERR_R_RSA_LIB); return 0; } - EVP_PKEY_assign_RSA(pkey, rsa); + if (!rsa_param_decode(rsa, alg)) { + RSA_free(rsa); + return 0; + } + EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa); return 1; } @@ -72,7 +130,7 @@ static int old_rsa_priv_decode(EVP_PKEY *pkey, RSAerr(RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB); return 0; } - EVP_PKEY_assign_RSA(pkey, rsa); + EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa); return 1; } @@ -85,16 +143,23 @@ static int rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) { unsigned char *rk = NULL; int rklen; + ASN1_STRING *str; + int strtype; + + if (!rsa_param_encode(pkey, &str, &strtype)) + return 0; rklen = i2d_RSAPrivateKey(pkey->pkey.rsa, &rk); if (rklen <= 0) { RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); + ASN1_STRING_free(str); return 0; } - if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_rsaEncryption), 0, - V_ASN1_NULL, NULL, rk, rklen)) { + if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0, + strtype, str, rk, rklen)) { RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); + ASN1_STRING_free(str); return 0; } @@ -104,10 +169,23 @@ static int rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) static int rsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) { const unsigned char *p; + RSA *rsa; int pklen; - if (!PKCS8_pkey_get0(NULL, &p, &pklen, NULL, p8)) + const X509_ALGOR *alg; + + if (!PKCS8_pkey_get0(NULL, &p, &pklen, &alg, p8)) return 0; - return old_rsa_priv_decode(pkey, &p, pklen); + rsa = d2i_RSAPrivateKey(NULL, &p, pklen); + if (rsa == NULL) { + RSAerr(RSA_F_RSA_PRIV_DECODE, ERR_R_RSA_LIB); + return 0; + } + if (!rsa_param_decode(rsa, alg)) { + RSA_free(rsa); + return 0; + } + EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa); + return 1; } static int int_rsa_size(const EVP_PKEY *pkey) @@ -130,104 +208,40 @@ static void int_rsa_free(EVP_PKEY *pkey) RSA_free(pkey->pkey.rsa); } -static int do_rsa_print(BIO *bp, const RSA *x, int off, int priv) -{ - char *str; - const char *s; - int ret = 0, mod_len = 0; - - if (x->n != NULL) - mod_len = BN_num_bits(x->n); - - if (!BIO_indent(bp, off, 128)) - goto err; - - if (priv && x->d) { - if (BIO_printf(bp, "Private-Key: (%d bit)\n", mod_len) <= 0) - goto err; - str = "modulus:"; - s = "publicExponent:"; - } else { - if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) <= 0) - goto err; - str = "Modulus:"; - s = "Exponent:"; - } - if (!ASN1_bn_print(bp, str, x->n, NULL, off)) - goto err; - if (!ASN1_bn_print(bp, s, x->e, NULL, off)) - goto err; - if (priv) { - if (!ASN1_bn_print(bp, "privateExponent:", x->d, NULL, off)) - goto err; - if (!ASN1_bn_print(bp, "prime1:", x->p, NULL, off)) - goto err; - if (!ASN1_bn_print(bp, "prime2:", x->q, NULL, off)) - goto err; - if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, NULL, off)) - goto err; - if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, NULL, off)) - goto err; - if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, NULL, off)) - goto err; - } - ret = 1; - err: - return (ret); -} - -static int rsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) -{ - return do_rsa_print(bp, pkey->pkey.rsa, indent, 0); -} - -static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) -{ - return do_rsa_print(bp, pkey->pkey.rsa, indent, 1); -} - -/* Given an MGF1 Algorithm ID decode to an Algorithm Identifier */ static X509_ALGOR *rsa_mgf1_decode(X509_ALGOR *alg) { - if (alg == NULL) - return NULL; if (OBJ_obj2nid(alg->algorithm) != NID_mgf1) return NULL; return ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(X509_ALGOR), alg->parameter); } -static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg, - X509_ALGOR **pmaskHash) -{ - RSA_PSS_PARAMS *pss; - - *pmaskHash = NULL; - - pss = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_PSS_PARAMS), - alg->parameter); - - if (!pss) - return NULL; - - *pmaskHash = rsa_mgf1_decode(pss->maskGenAlgorithm); - - return pss; -} - -static int rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss, - X509_ALGOR *maskHash, int indent) +static int rsa_pss_param_print(BIO *bp, int pss_key, RSA_PSS_PARAMS *pss, + int indent) { int rv = 0; - if (!pss) { - if (BIO_puts(bp, " (INVALID PSS PARAMETERS)\n") <= 0) + X509_ALGOR *maskHash = NULL; + + if (!BIO_indent(bp, indent, 128)) + goto err; + if (pss_key) { + if (pss == NULL) { + if (BIO_puts(bp, "No PSS parameter restrictions\n") <= 0) + return 0; + return 1; + } else { + if (BIO_puts(bp, "PSS parameter restrictions:") <= 0) + return 0; + } + } else if (pss == NULL) { + if (BIO_puts(bp,"(INVALID PSS PARAMETERS)\n") <= 0) return 0; return 1; } if (BIO_puts(bp, "\n") <= 0) goto err; + if (pss_key) + indent += 2; if (!BIO_indent(bp, indent, 128)) goto err; if (BIO_puts(bp, "Hash Algorithm: ") <= 0) @@ -236,8 +250,9 @@ static int rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss, if (pss->hashAlgorithm) { if (i2a_ASN1_OBJECT(bp, pss->hashAlgorithm->algorithm) <= 0) goto err; - } else if (BIO_puts(bp, "sha1 (default)") <= 0) + } else if (BIO_puts(bp, "sha1 (default)") <= 0) { goto err; + } if (BIO_puts(bp, "\n") <= 0) goto err; @@ -252,24 +267,28 @@ static int rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss, goto err; if (BIO_puts(bp, " with ") <= 0) goto err; - if (maskHash) { + maskHash = rsa_mgf1_decode(pss->maskGenAlgorithm); + if (maskHash != NULL) { if (i2a_ASN1_OBJECT(bp, maskHash->algorithm) <= 0) goto err; - } else if (BIO_puts(bp, "INVALID") <= 0) + } else if (BIO_puts(bp, "INVALID") <= 0) { goto err; - } else if (BIO_puts(bp, "mgf1 with sha1 (default)") <= 0) + } + } else if (BIO_puts(bp, "mgf1 with sha1 (default)") <= 0) { goto err; + } BIO_puts(bp, "\n"); if (!BIO_indent(bp, indent, 128)) goto err; - if (BIO_puts(bp, "Salt Length: 0x") <= 0) + if (BIO_printf(bp, "%s Salt Length: 0x", pss_key ? "Minimum" : "") <= 0) goto err; if (pss->saltLength) { if (i2a_ASN1_INTEGER(bp, pss->saltLength) <= 0) goto err; - } else if (BIO_puts(bp, "14 (default)") <= 0) + } else if (BIO_puts(bp, "14 (default)") <= 0) { goto err; + } BIO_puts(bp, "\n"); if (!BIO_indent(bp, indent, 128)) @@ -279,32 +298,155 @@ static int rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss, if (pss->trailerField) { if (i2a_ASN1_INTEGER(bp, pss->trailerField) <= 0) goto err; - } else if (BIO_puts(bp, "BC (default)") <= 0) + } else if (BIO_puts(bp, "BC (default)") <= 0) { goto err; + } BIO_puts(bp, "\n"); rv = 1; err: + X509_ALGOR_free(maskHash); return rv; } +static int pkey_rsa_print(BIO *bp, const EVP_PKEY *pkey, int off, int priv) +{ + const RSA *x = pkey->pkey.rsa; + char *str; + const char *s; + int ret = 0, mod_len = 0, ex_primes; + + if (x->n != NULL) + mod_len = BN_num_bits(x->n); + ex_primes = sk_RSA_PRIME_INFO_num(x->prime_infos); + + if (!BIO_indent(bp, off, 128)) + goto err; + + if (BIO_printf(bp, "%s ", pkey_is_pss(pkey) ? "RSA-PSS" : "RSA") <= 0) + goto err; + + if (priv && x->d) { + if (BIO_printf(bp, "Private-Key: (%d bit, %d primes)\n", + mod_len, ex_primes <= 0 ? 2 : ex_primes + 2) <= 0) + goto err; + str = "modulus:"; + s = "publicExponent:"; + } else { + if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) <= 0) + goto err; + str = "Modulus:"; + s = "Exponent:"; + } + if (!ASN1_bn_print(bp, str, x->n, NULL, off)) + goto err; + if (!ASN1_bn_print(bp, s, x->e, NULL, off)) + goto err; + if (priv) { + int i; + + if (!ASN1_bn_print(bp, "privateExponent:", x->d, NULL, off)) + goto err; + if (!ASN1_bn_print(bp, "prime1:", x->p, NULL, off)) + goto err; + if (!ASN1_bn_print(bp, "prime2:", x->q, NULL, off)) + goto err; + if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, NULL, off)) + goto err; + if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, NULL, off)) + goto err; + if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, NULL, off)) + goto err; + for (i = 0; i < sk_RSA_PRIME_INFO_num(x->prime_infos); i++) { + /* print multi-prime info */ + BIGNUM *bn = NULL; + RSA_PRIME_INFO *pinfo; + int j; + + pinfo = sk_RSA_PRIME_INFO_value(x->prime_infos, i); + for (j = 0; j < 3; j++) { + if (!BIO_indent(bp, off, 128)) + goto err; + switch (j) { + case 0: + if (BIO_printf(bp, "prime%d:", i + 3) <= 0) + goto err; + bn = pinfo->r; + break; + case 1: + if (BIO_printf(bp, "exponent%d:", i + 3) <= 0) + goto err; + bn = pinfo->d; + break; + case 2: + if (BIO_printf(bp, "coefficient%d:", i + 3) <= 0) + goto err; + bn = pinfo->t; + break; + default: + break; + } + if (!ASN1_bn_print(bp, "", bn, NULL, off)) + goto err; + } + } + } + if (pkey_is_pss(pkey) && !rsa_pss_param_print(bp, 1, x->pss, off)) + goto err; + ret = 1; + err: + return ret; +} + +static int rsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *ctx) +{ + return pkey_rsa_print(bp, pkey, indent, 0); +} + +static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *ctx) +{ + return pkey_rsa_print(bp, pkey, indent, 1); +} + +static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg) +{ + RSA_PSS_PARAMS *pss; + + pss = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_PSS_PARAMS), + alg->parameter); + + if (pss == NULL) + return NULL; + + if (pss->maskGenAlgorithm != NULL) { + pss->maskHash = rsa_mgf1_decode(pss->maskGenAlgorithm); + if (pss->maskHash == NULL) { + RSA_PSS_PARAMS_free(pss); + return NULL; + } + } + + return pss; +} + static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx) { - if (OBJ_obj2nid(sigalg->algorithm) == NID_rsassaPss) { + if (OBJ_obj2nid(sigalg->algorithm) == EVP_PKEY_RSA_PSS) { int rv; - RSA_PSS_PARAMS *pss; - X509_ALGOR *maskHash; - pss = rsa_pss_decode(sigalg, &maskHash); - rv = rsa_pss_param_print(bp, pss, maskHash, indent); + RSA_PSS_PARAMS *pss = rsa_pss_decode(sigalg); + + rv = rsa_pss_param_print(bp, 0, pss, indent); RSA_PSS_PARAMS_free(pss); - X509_ALGOR_free(maskHash); if (!rv) return 0; - } else if (!sig && BIO_puts(bp, "\n") <= 0) + } else if (!sig && BIO_puts(bp, "\n") <= 0) { return 0; + } if (sig) return X509_signature_dump(bp, sig, indent); return 1; @@ -313,6 +455,7 @@ static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) { X509_ALGOR *alg = NULL; + switch (op) { case ASN1_PKEY_CTRL_PKCS7_SIGN: @@ -321,6 +464,8 @@ static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) break; case ASN1_PKEY_CTRL_PKCS7_ENCRYPT: + if (pkey_is_pss(pkey)) + return -2; if (arg1 == 0) PKCS7_RECIP_INFO_get0_alg(arg2, &alg); break; @@ -333,6 +478,8 @@ static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) break; case ASN1_PKEY_CTRL_CMS_ENVELOPE: + if (pkey_is_pss(pkey)) + return -2; if (arg1 == 0) return rsa_cms_encrypt(arg2); else if (arg1 == 1) @@ -340,6 +487,8 @@ static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) break; case ASN1_PKEY_CTRL_CMS_RI_TYPE: + if (pkey_is_pss(pkey)) + return -2; *(int *)arg2 = CMS_RECIPINFO_TRANS; return 1; #endif @@ -363,7 +512,7 @@ static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) /* allocate and set algorithm ID from EVP_MD, default SHA1 */ static int rsa_md_to_algor(X509_ALGOR **palg, const EVP_MD *md) { - if (EVP_MD_type(md) == NID_sha1) + if (md == NULL || EVP_MD_type(md) == NID_sha1) return 1; *palg = X509_ALGOR_new(); if (*palg == NULL) @@ -377,13 +526,14 @@ static int rsa_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md) { X509_ALGOR *algtmp = NULL; ASN1_STRING *stmp = NULL; + *palg = NULL; - if (EVP_MD_type(mgf1md) == NID_sha1) + if (mgf1md == NULL || EVP_MD_type(mgf1md) == NID_sha1) return 1; /* need to embed algorithm ID inside another */ if (!rsa_md_to_algor(&algtmp, mgf1md)) goto err; - if (!ASN1_item_pack(algtmp, ASN1_ITEM_rptr(X509_ALGOR), &stmp)) + if (ASN1_item_pack(algtmp, ASN1_ITEM_rptr(X509_ALGOR), &stmp) == NULL) goto err; *palg = X509_ALGOR_new(); if (*palg == NULL) @@ -402,6 +552,7 @@ static int rsa_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md) static const EVP_MD *rsa_algor_to_md(X509_ALGOR *alg) { const EVP_MD *md; + if (!alg) return EVP_sha1(); md = EVP_get_digestbyobj(alg->algorithm); @@ -410,55 +561,39 @@ static const EVP_MD *rsa_algor_to_md(X509_ALGOR *alg) return md; } -/* convert MGF1 algorithm ID to EVP_MD, default SHA1 */ -static const EVP_MD *rsa_mgf1_to_md(X509_ALGOR *alg, X509_ALGOR *maskHash) -{ - const EVP_MD *md; - if (!alg) - return EVP_sha1(); - /* Check mask and lookup mask hash algorithm */ - if (OBJ_obj2nid(alg->algorithm) != NID_mgf1) { - RSAerr(RSA_F_RSA_MGF1_TO_MD, RSA_R_UNSUPPORTED_MASK_ALGORITHM); - return NULL; - } - if (!maskHash) { - RSAerr(RSA_F_RSA_MGF1_TO_MD, RSA_R_UNSUPPORTED_MASK_PARAMETER); - return NULL; - } - md = EVP_get_digestbyobj(maskHash->algorithm); - if (md == NULL) { - RSAerr(RSA_F_RSA_MGF1_TO_MD, RSA_R_UNKNOWN_MASK_DIGEST); - return NULL; - } - return md; -} - /* - * Convert EVP_PKEY_CTX is PSS mode into corresponding algorithm parameter, + * Convert EVP_PKEY_CTX in PSS mode into corresponding algorithm parameter, * suitable for setting an AlgorithmIdentifier. */ -static ASN1_STRING *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx) +static RSA_PSS_PARAMS *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx) { const EVP_MD *sigmd, *mgf1md; - RSA_PSS_PARAMS *pss = NULL; - ASN1_STRING *os = NULL; EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx); - int saltlen, rv = 0; + int saltlen; + if (EVP_PKEY_CTX_get_signature_md(pkctx, &sigmd) <= 0) - goto err; + return NULL; if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0) - goto err; + return NULL; if (!EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen)) - goto err; - if (saltlen == -1) + return NULL; + if (saltlen == -1) { saltlen = EVP_MD_size(sigmd); - else if (saltlen == -2) { + } else if (saltlen == -2) { saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2; - if (((EVP_PKEY_bits(pk) - 1) & 0x7) == 0) + if ((EVP_PKEY_bits(pk) & 0x7) == 1) saltlen--; } - pss = RSA_PSS_PARAMS_new(); + + return rsa_pss_params_create(sigmd, mgf1md, saltlen); +} + +RSA_PSS_PARAMS *rsa_pss_params_create(const EVP_MD *sigmd, + const EVP_MD *mgf1md, int saltlen) +{ + RSA_PSS_PARAMS *pss = RSA_PSS_PARAMS_new(); + if (pss == NULL) goto err; if (saltlen != 20) { @@ -470,20 +605,31 @@ static ASN1_STRING *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx) } if (!rsa_md_to_algor(&pss->hashAlgorithm, sigmd)) goto err; + if (mgf1md == NULL) + mgf1md = sigmd; if (!rsa_md_to_mgf1(&pss->maskGenAlgorithm, mgf1md)) goto err; - /* Finally create string with pss parameter encoding. */ - if (!ASN1_item_pack(pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), &os)) - goto err; - rv = 1; + if (!rsa_md_to_algor(&pss->maskHash, mgf1md)) + goto err; + return pss; err: RSA_PSS_PARAMS_free(pss); - if (rv) - return os; - ASN1_STRING_free(os); return NULL; } +static ASN1_STRING *rsa_ctx_to_pss_string(EVP_PKEY_CTX *pkctx) +{ + RSA_PSS_PARAMS *pss = rsa_ctx_to_pss(pkctx); + ASN1_STRING *os; + + if (pss == NULL) + return NULL; + + os = ASN1_item_pack(pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), NULL); + RSA_PSS_PARAMS_free(pss); + return os; +} + /* * From PSS AlgorithmIdentifier set public key parameters. If pkey isn't NULL * then the EVP_MD_CTX is setup and initialised. If it is NULL parameters are @@ -497,51 +643,21 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx, int saltlen; const EVP_MD *mgf1md = NULL, *md = NULL; RSA_PSS_PARAMS *pss; - X509_ALGOR *maskHash; + /* Sanity check: make sure it is PSS */ - if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss) { + if (OBJ_obj2nid(sigalg->algorithm) != EVP_PKEY_RSA_PSS) { RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_UNSUPPORTED_SIGNATURE_TYPE); return -1; } /* Decode PSS parameters */ - pss = rsa_pss_decode(sigalg, &maskHash); + pss = rsa_pss_decode(sigalg); - if (pss == NULL) { + if (!rsa_pss_get_param(pss, &md, &mgf1md, &saltlen)) { RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_INVALID_PSS_PARAMETERS); goto err; } - mgf1md = rsa_mgf1_to_md(pss->maskGenAlgorithm, maskHash); - if (!mgf1md) - goto err; - md = rsa_algor_to_md(pss->hashAlgorithm); - if (!md) - goto err; - - if (pss->saltLength) { - saltlen = ASN1_INTEGER_get(pss->saltLength); - - /* - * Could perform more salt length sanity checks but the main RSA - * routines will trap other invalid values anyway. - */ - if (saltlen < 0) { - RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_INVALID_SALT_LENGTH); - goto err; - } - } else - saltlen = 20; - - /* - * low-level routines support only trailer field 0xbc (value 1) and - * PKCS#1 says we should reject any other value anyway. - */ - if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1) { - RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_INVALID_TRAILER); - goto err; - } /* We have all parameters now set up context */ - if (pkey) { if (!EVP_DigestVerifyInit(ctx, &pkctx, md, NULL, pkey)) goto err; @@ -568,22 +684,60 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx, err: RSA_PSS_PARAMS_free(pss); - X509_ALGOR_free(maskHash); return rv; } +int rsa_pss_get_param(const RSA_PSS_PARAMS *pss, const EVP_MD **pmd, + const EVP_MD **pmgf1md, int *psaltlen) +{ + if (pss == NULL) + return 0; + *pmd = rsa_algor_to_md(pss->hashAlgorithm); + if (*pmd == NULL) + return 0; + *pmgf1md = rsa_algor_to_md(pss->maskHash); + if (*pmgf1md == NULL) + return 0; + if (pss->saltLength) { + *psaltlen = ASN1_INTEGER_get(pss->saltLength); + if (*psaltlen < 0) { + RSAerr(RSA_F_RSA_PSS_GET_PARAM, RSA_R_INVALID_SALT_LENGTH); + return 0; + } + } else { + *psaltlen = 20; + } + + /* + * low-level routines support only trailer field 0xbc (value 1) and + * PKCS#1 says we should reject any other value anyway. + */ + if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1) { + RSAerr(RSA_F_RSA_PSS_GET_PARAM, RSA_R_INVALID_TRAILER); + return 0; + } + + return 1; +} + #ifndef OPENSSL_NO_CMS static int rsa_cms_verify(CMS_SignerInfo *si) { int nid, nid2; X509_ALGOR *alg; EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si); + CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg); nid = OBJ_obj2nid(alg->algorithm); + if (nid == EVP_PKEY_RSA_PSS) + return rsa_pss_to_ctx(NULL, pkctx, alg, NULL); + /* Only PSS allowed for PSS keys */ + if (pkey_ctx_is_pss(pkctx)) { + RSAerr(RSA_F_RSA_CMS_VERIFY, RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE); + return 0; + } if (nid == NID_rsaEncryption) return 1; - if (nid == NID_rsassaPss) - return rsa_pss_to_ctx(NULL, pkctx, alg, NULL); /* Workaround for some implementation that use a signature OID */ if (OBJ_find_sigid_algs(nid, NULL, &nid2)) { if (nid2 == NID_rsaEncryption) @@ -603,7 +757,7 @@ static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, EVP_PKEY *pkey) { /* Sanity check: make sure it is PSS */ - if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss) { + if (OBJ_obj2nid(sigalg->algorithm) != EVP_PKEY_RSA_PSS) { RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE); return -1; } @@ -621,6 +775,7 @@ static int rsa_cms_sign(CMS_SignerInfo *si) X509_ALGOR *alg; EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si); ASN1_STRING *os = NULL; + CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg); if (pkctx) { if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0) @@ -633,10 +788,10 @@ static int rsa_cms_sign(CMS_SignerInfo *si) /* We don't support it */ if (pad_mode != RSA_PKCS1_PSS_PADDING) return 0; - os = rsa_ctx_to_pss(pkctx); + os = rsa_ctx_to_pss_string(pkctx); if (!os) return 0; - X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os); + X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_PKEY_RSA_PSS), V_ASN1_SEQUENCE, os); return 1; } #endif @@ -647,13 +802,14 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, { int pad_mode; EVP_PKEY_CTX *pkctx = EVP_MD_CTX_pkey_ctx(ctx); + if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0) return 0; if (pad_mode == RSA_PKCS1_PADDING) return 2; if (pad_mode == RSA_PKCS1_PSS_PADDING) { ASN1_STRING *os1 = NULL; - os1 = rsa_ctx_to_pss(pkctx); + os1 = rsa_ctx_to_pss_string(pkctx); if (!os1) return 0; /* Duplicate parameters if we have to */ @@ -663,33 +819,70 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, ASN1_STRING_free(os1); return 0; } - X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_rsassaPss), + X509_ALGOR_set0(alg2, OBJ_nid2obj(EVP_PKEY_RSA_PSS), V_ASN1_SEQUENCE, os2); } - X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_rsassaPss), + X509_ALGOR_set0(alg1, OBJ_nid2obj(EVP_PKEY_RSA_PSS), V_ASN1_SEQUENCE, os1); return 3; } return 2; } -#ifndef OPENSSL_NO_CMS -static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg, - X509_ALGOR **pmaskHash) +static int rsa_sig_info_set(X509_SIG_INFO *siginf, const X509_ALGOR *sigalg, + const ASN1_STRING *sig) { - RSA_OAEP_PARAMS *pss; + int rv = 0; + int mdnid, saltlen; + uint32_t flags; + const EVP_MD *mgf1md = NULL, *md = NULL; + RSA_PSS_PARAMS *pss; - *pmaskHash = NULL; + /* Sanity check: make sure it is PSS */ + if (OBJ_obj2nid(sigalg->algorithm) != EVP_PKEY_RSA_PSS) + return 0; + /* Decode PSS parameters */ + pss = rsa_pss_decode(sigalg); + if (!rsa_pss_get_param(pss, &md, &mgf1md, &saltlen)) + goto err; + mdnid = EVP_MD_type(md); + /* + * For TLS need SHA256, SHA384 or SHA512, digest and MGF1 digest must + * match and salt length must equal digest size + */ + if ((mdnid == NID_sha256 || mdnid == NID_sha384 || mdnid == NID_sha512) + && mdnid == EVP_MD_type(mgf1md) && saltlen == EVP_MD_size(md)) + flags = X509_SIG_INFO_TLS; + else + flags = 0; + /* Note: security bits half number of digest bits */ + X509_SIG_INFO_set(siginf, mdnid, EVP_PKEY_RSA_PSS, EVP_MD_size(md) * 4, + flags); + rv = 1; + err: + RSA_PSS_PARAMS_free(pss); + return rv; +} - pss = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_OAEP_PARAMS), - alg->parameter); +#ifndef OPENSSL_NO_CMS +static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg) +{ + RSA_OAEP_PARAMS *oaep; - if (!pss) - return NULL; + oaep = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_OAEP_PARAMS), + alg->parameter); - *pmaskHash = rsa_mgf1_decode(pss->maskGenFunc); + if (oaep == NULL) + return NULL; - return pss; + if (oaep->maskGenFunc != NULL) { + oaep->maskHash = rsa_mgf1_decode(oaep->maskGenFunc); + if (oaep->maskHash == NULL) { + RSA_OAEP_PARAMS_free(oaep); + return NULL; + } + } + return oaep; } static int rsa_cms_decrypt(CMS_RecipientInfo *ri) @@ -702,9 +895,9 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri) int labellen = 0; const EVP_MD *mgf1md = NULL, *md = NULL; RSA_OAEP_PARAMS *oaep; - X509_ALGOR *maskHash; + pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri); - if (!pkctx) + if (pkctx == NULL) return 0; if (!CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &cmsalg)) return -1; @@ -716,22 +909,23 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri) return -1; } /* Decode OAEP parameters */ - oaep = rsa_oaep_decode(cmsalg, &maskHash); + oaep = rsa_oaep_decode(cmsalg); if (oaep == NULL) { RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_INVALID_OAEP_PARAMETERS); goto err; } - mgf1md = rsa_mgf1_to_md(oaep->maskGenFunc, maskHash); - if (!mgf1md) + mgf1md = rsa_algor_to_md(oaep->maskHash); + if (mgf1md == NULL) goto err; md = rsa_algor_to_md(oaep->hashFunc); - if (!md) + if (md == NULL) goto err; - if (oaep->pSourceFunc) { + if (oaep->pSourceFunc != NULL) { X509_ALGOR *plab = oaep->pSourceFunc; + if (OBJ_obj2nid(plab->algorithm) != NID_pSpecified) { RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_UNSUPPORTED_LABEL_SOURCE); goto err; @@ -760,7 +954,6 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri) err: RSA_OAEP_PARAMS_free(oaep); - X509_ALGOR_free(maskHash); return rv; } @@ -773,6 +966,7 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri) EVP_PKEY_CTX *pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri); int pad_mode = RSA_PKCS1_PADDING, rv = 0, labellen; unsigned char *label; + if (CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &alg) <= 0) return 0; if (pkctx) { @@ -828,6 +1022,11 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri) } #endif +static int rsa_pkey_check(const EVP_PKEY *pkey) +{ + return RSA_check_key_ex(pkey->pkey.rsa, NULL); +} + const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2] = { { EVP_PKEY_RSA, @@ -858,10 +1057,46 @@ const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2] = { old_rsa_priv_decode, old_rsa_priv_encode, rsa_item_verify, - rsa_item_sign}, + rsa_item_sign, + rsa_sig_info_set, + rsa_pkey_check + }, { EVP_PKEY_RSA2, EVP_PKEY_RSA, ASN1_PKEY_ALIAS} }; + +const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth = { + EVP_PKEY_RSA_PSS, + EVP_PKEY_RSA_PSS, + ASN1_PKEY_SIGPARAM_NULL, + + "RSA-PSS", + "OpenSSL RSA-PSS method", + + rsa_pub_decode, + rsa_pub_encode, + rsa_pub_cmp, + rsa_pub_print, + + rsa_priv_decode, + rsa_priv_encode, + rsa_priv_print, + + int_rsa_size, + rsa_bits, + rsa_security_bits, + + 0, 0, 0, 0, 0, 0, + + rsa_sig_print, + int_rsa_free, + rsa_pkey_ctrl, + 0, 0, + rsa_item_verify, + rsa_item_sign, + 0, + rsa_pkey_check +}; diff --git a/deps/openssl/openssl/crypto/rsa/rsa_asn1.c b/deps/openssl/openssl/crypto/rsa/rsa_asn1.c index 20f8ebfa8a5a18..9fe62c82eb2fe4 100644 --- a/deps/openssl/openssl/crypto/rsa/rsa_asn1.c +++ b/deps/openssl/openssl/crypto/rsa/rsa_asn1.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,7 +14,11 @@ #include #include "rsa_locl.h" -/* Override the default free and new methods */ +/* + * Override the default free and new methods, + * and calculate helper products for multi-prime + * RSA keys. + */ static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) { @@ -27,12 +31,25 @@ static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, RSA_free((RSA *)*pval); *pval = NULL; return 2; + } else if (operation == ASN1_OP_D2I_POST) { + if (((RSA *)*pval)->version != RSA_ASN1_VERSION_MULTI) { + /* not a multi-prime key, skip */ + return 1; + } + return (rsa_multip_calc_product((RSA *)*pval) == 1) ? 2 : 0; } return 1; } +/* Based on definitions in RFC 8017 appendix A.1.2 */ +ASN1_SEQUENCE(RSA_PRIME_INFO) = { + ASN1_SIMPLE(RSA_PRIME_INFO, r, CBIGNUM), + ASN1_SIMPLE(RSA_PRIME_INFO, d, CBIGNUM), + ASN1_SIMPLE(RSA_PRIME_INFO, t, CBIGNUM), +} ASN1_SEQUENCE_END(RSA_PRIME_INFO) + ASN1_SEQUENCE_cb(RSAPrivateKey, rsa_cb) = { - ASN1_SIMPLE(RSA, version, LONG), + ASN1_EMBED(RSA, version, INT32), ASN1_SIMPLE(RSA, n, BIGNUM), ASN1_SIMPLE(RSA, e, BIGNUM), ASN1_SIMPLE(RSA, d, CBIGNUM), @@ -40,7 +57,8 @@ ASN1_SEQUENCE_cb(RSAPrivateKey, rsa_cb) = { ASN1_SIMPLE(RSA, q, CBIGNUM), ASN1_SIMPLE(RSA, dmp1, CBIGNUM), ASN1_SIMPLE(RSA, dmq1, CBIGNUM), - ASN1_SIMPLE(RSA, iqmp, CBIGNUM) + ASN1_SIMPLE(RSA, iqmp, CBIGNUM), + ASN1_SEQUENCE_OF_OPT(RSA, prime_infos, RSA_PRIME_INFO) } ASN1_SEQUENCE_END_cb(RSA, RSAPrivateKey) @@ -49,20 +67,42 @@ ASN1_SEQUENCE_cb(RSAPublicKey, rsa_cb) = { ASN1_SIMPLE(RSA, e, BIGNUM), } ASN1_SEQUENCE_END_cb(RSA, RSAPublicKey) -ASN1_SEQUENCE(RSA_PSS_PARAMS) = { +/* Free up maskHash */ +static int rsa_pss_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, + void *exarg) +{ + if (operation == ASN1_OP_FREE_PRE) { + RSA_PSS_PARAMS *pss = (RSA_PSS_PARAMS *)*pval; + X509_ALGOR_free(pss->maskHash); + } + return 1; +} + +ASN1_SEQUENCE_cb(RSA_PSS_PARAMS, rsa_pss_cb) = { ASN1_EXP_OPT(RSA_PSS_PARAMS, hashAlgorithm, X509_ALGOR,0), ASN1_EXP_OPT(RSA_PSS_PARAMS, maskGenAlgorithm, X509_ALGOR,1), ASN1_EXP_OPT(RSA_PSS_PARAMS, saltLength, ASN1_INTEGER,2), ASN1_EXP_OPT(RSA_PSS_PARAMS, trailerField, ASN1_INTEGER,3) -} ASN1_SEQUENCE_END(RSA_PSS_PARAMS) +} ASN1_SEQUENCE_END_cb(RSA_PSS_PARAMS, RSA_PSS_PARAMS) IMPLEMENT_ASN1_FUNCTIONS(RSA_PSS_PARAMS) -ASN1_SEQUENCE(RSA_OAEP_PARAMS) = { +/* Free up maskHash */ +static int rsa_oaep_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, + void *exarg) +{ + if (operation == ASN1_OP_FREE_PRE) { + RSA_OAEP_PARAMS *oaep = (RSA_OAEP_PARAMS *)*pval; + X509_ALGOR_free(oaep->maskHash); + } + return 1; +} + +ASN1_SEQUENCE_cb(RSA_OAEP_PARAMS, rsa_oaep_cb) = { ASN1_EXP_OPT(RSA_OAEP_PARAMS, hashFunc, X509_ALGOR, 0), ASN1_EXP_OPT(RSA_OAEP_PARAMS, maskGenFunc, X509_ALGOR, 1), ASN1_EXP_OPT(RSA_OAEP_PARAMS, pSourceFunc, X509_ALGOR, 2), -} ASN1_SEQUENCE_END(RSA_OAEP_PARAMS) +} ASN1_SEQUENCE_END_cb(RSA_OAEP_PARAMS, RSA_OAEP_PARAMS) IMPLEMENT_ASN1_FUNCTIONS(RSA_OAEP_PARAMS) diff --git a/deps/openssl/openssl/crypto/rsa/rsa_chk.c b/deps/openssl/openssl/crypto/rsa/rsa_chk.c index 00260fb18e98cf..1b69be30ca41db 100644 --- a/deps/openssl/openssl/crypto/rsa/rsa_chk.c +++ b/deps/openssl/openssl/crypto/rsa/rsa_chk.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -20,7 +20,8 @@ int RSA_check_key_ex(const RSA *key, BN_GENCB *cb) { BIGNUM *i, *j, *k, *l, *m; BN_CTX *ctx; - int ret = 1; + int ret = 1, ex_primes = 0, idx; + RSA_PRIME_INFO *pinfo; if (key->p == NULL || key->q == NULL || key->n == NULL || key->e == NULL || key->d == NULL) { @@ -28,6 +29,16 @@ int RSA_check_key_ex(const RSA *key, BN_GENCB *cb) return 0; } + /* multi-prime? */ + if (key->version == RSA_ASN1_VERSION_MULTI) { + ex_primes = sk_RSA_PRIME_INFO_num(key->prime_infos); + if (ex_primes <= 0 + || (ex_primes + 2) > rsa_multip_cap(BN_num_bits(key->n))) { + RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_INVALID_MULTI_PRIME_KEY); + return 0; + } + } + i = BN_new(); j = BN_new(); k = BN_new(); @@ -62,17 +73,37 @@ int RSA_check_key_ex(const RSA *key, BN_GENCB *cb) RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_Q_NOT_PRIME); } - /* n = p*q? */ + /* r_i prime? */ + for (idx = 0; idx < ex_primes; idx++) { + pinfo = sk_RSA_PRIME_INFO_value(key->prime_infos, idx); + if (BN_is_prime_ex(pinfo->r, BN_prime_checks, NULL, cb) != 1) { + ret = 0; + RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_MP_R_NOT_PRIME); + } + } + + /* n = p*q * r_3...r_i? */ if (!BN_mul(i, key->p, key->q, ctx)) { ret = -1; goto err; } + for (idx = 0; idx < ex_primes; idx++) { + pinfo = sk_RSA_PRIME_INFO_value(key->prime_infos, idx); + if (!BN_mul(i, i, pinfo->r, ctx)) { + ret = -1; + goto err; + } + } if (BN_cmp(i, key->n) != 0) { ret = 0; - RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_N_DOES_NOT_EQUAL_P_Q); + if (ex_primes) + RSAerr(RSA_F_RSA_CHECK_KEY_EX, + RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES); + else + RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_N_DOES_NOT_EQUAL_P_Q); } - /* d*e = 1 mod lcm(p-1,q-1)? */ + /* d*e = 1 mod \lambda(n)? */ if (!BN_sub(i, key->p, BN_value_one())) { ret = -1; goto err; @@ -82,7 +113,7 @@ int RSA_check_key_ex(const RSA *key, BN_GENCB *cb) goto err; } - /* now compute k = lcm(i,j) */ + /* now compute k = \lambda(n) = LCM(i, j, r_3 - 1...) */ if (!BN_mul(l, i, j, ctx)) { ret = -1; goto err; @@ -91,6 +122,21 @@ int RSA_check_key_ex(const RSA *key, BN_GENCB *cb) ret = -1; goto err; } + for (idx = 0; idx < ex_primes; idx++) { + pinfo = sk_RSA_PRIME_INFO_value(key->prime_infos, idx); + if (!BN_sub(k, pinfo->r, BN_value_one())) { + ret = -1; + goto err; + } + if (!BN_mul(l, l, k, ctx)) { + ret = -1; + goto err; + } + if (!BN_gcd(m, m, k, ctx)) { + ret = -1; + goto err; + } + } if (!BN_div(k, NULL, l, m, ctx)) { /* remainder is 0 */ ret = -1; goto err; @@ -145,6 +191,32 @@ int RSA_check_key_ex(const RSA *key, BN_GENCB *cb) } } + for (idx = 0; idx < ex_primes; idx++) { + pinfo = sk_RSA_PRIME_INFO_value(key->prime_infos, idx); + /* d_i = d mod (r_i - 1)? */ + if (!BN_sub(i, pinfo->r, BN_value_one())) { + ret = -1; + goto err; + } + if (!BN_mod(j, key->d, i, ctx)) { + ret = -1; + goto err; + } + if (BN_cmp(j, pinfo->d) != 0) { + ret = 0; + RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D); + } + /* t_i = R_i ^ -1 mod r_i ? */ + if (!BN_mod_inverse(i, pinfo->pp, pinfo->r, ctx)) { + ret = -1; + goto err; + } + if (BN_cmp(i, pinfo->t) != 0) { + ret = 0; + RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R); + } + } + err: BN_free(i); BN_free(j); diff --git a/deps/openssl/openssl/crypto/rsa/rsa_crpt.c b/deps/openssl/openssl/crypto/rsa/rsa_crpt.c index 9cd733b2c338cd..f4ef8b4381f71e 100644 --- a/deps/openssl/openssl/crypto/rsa/rsa_crpt.c +++ b/deps/openssl/openssl/crypto/rsa/rsa_crpt.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,48 +10,47 @@ #include #include #include "internal/cryptlib.h" -#include #include "internal/bn_int.h" #include #include "rsa_locl.h" int RSA_bits(const RSA *r) { - return (BN_num_bits(r->n)); + return BN_num_bits(r->n); } int RSA_size(const RSA *r) { - return (BN_num_bytes(r->n)); + return BN_num_bytes(r->n); } int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { - return (rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding)); + return rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding); } int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { - return (rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding)); + return rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding); } int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { - return (rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding)); + return rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding); } int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { - return (rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding)); + return rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding); } int RSA_flags(const RSA *r) { - return ((r == NULL) ? 0 : r->meth->flags); + return r == NULL ? 0 : r->meth->flags; } void RSA_blinding_off(RSA *rsa) @@ -77,7 +76,7 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *ctx) rsa->flags &= ~RSA_FLAG_NO_BLINDING; ret = 1; err: - return (ret); + return ret; } static BIGNUM *rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p, @@ -117,8 +116,9 @@ BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx) if (in_ctx == NULL) { if ((ctx = BN_CTX_new()) == NULL) return 0; - } else + } else { ctx = in_ctx; + } BN_CTX_start(ctx); e = BN_CTX_get(ctx); @@ -133,17 +133,8 @@ BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx) RSAerr(RSA_F_RSA_SETUP_BLINDING, RSA_R_NO_PUBLIC_EXPONENT); goto err; } - } else + } else { e = rsa->e; - - if ((RAND_status() == 0) && rsa->d != NULL - && bn_get_words(rsa->d) != NULL) { - /* - * if PRNG is not properly seeded, resort to secret exponent as - * unpredictable seed - */ - RAND_add(bn_get_words(rsa->d), bn_get_dmax(rsa->d) * sizeof(BN_ULONG), - 0.0); } { diff --git a/deps/openssl/openssl/crypto/rsa/rsa_err.c b/deps/openssl/openssl/crypto/rsa/rsa_err.c index bf54095b7090d5..62fd9e0b114d22 100644 --- a/deps/openssl/openssl/crypto/rsa/rsa_err.c +++ b/deps/openssl/openssl/crypto/rsa/rsa_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,165 +8,227 @@ * https://www.openssl.org/source/license.html */ -#include #include -#include +#include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -# define ERR_FUNC(func) ERR_PACK(ERR_LIB_RSA,func,0) -# define ERR_REASON(reason) ERR_PACK(ERR_LIB_RSA,0,reason) - -static ERR_STRING_DATA RSA_str_functs[] = { - {ERR_FUNC(RSA_F_CHECK_PADDING_MD), "check_padding_md"}, - {ERR_FUNC(RSA_F_ENCODE_PKCS1), "encode_pkcs1"}, - {ERR_FUNC(RSA_F_INT_RSA_VERIFY), "int_rsa_verify"}, - {ERR_FUNC(RSA_F_OLD_RSA_PRIV_DECODE), "old_rsa_priv_decode"}, - {ERR_FUNC(RSA_F_PKEY_RSA_CTRL), "pkey_rsa_ctrl"}, - {ERR_FUNC(RSA_F_PKEY_RSA_CTRL_STR), "pkey_rsa_ctrl_str"}, - {ERR_FUNC(RSA_F_PKEY_RSA_SIGN), "pkey_rsa_sign"}, - {ERR_FUNC(RSA_F_PKEY_RSA_VERIFY), "pkey_rsa_verify"}, - {ERR_FUNC(RSA_F_PKEY_RSA_VERIFYRECOVER), "pkey_rsa_verifyrecover"}, - {ERR_FUNC(RSA_F_RSA_ALGOR_TO_MD), "rsa_algor_to_md"}, - {ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "rsa_builtin_keygen"}, - {ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"}, - {ERR_FUNC(RSA_F_RSA_CHECK_KEY_EX), "RSA_check_key_ex"}, - {ERR_FUNC(RSA_F_RSA_CMS_DECRYPT), "rsa_cms_decrypt"}, - {ERR_FUNC(RSA_F_RSA_ITEM_VERIFY), "rsa_item_verify"}, - {ERR_FUNC(RSA_F_RSA_METH_DUP), "RSA_meth_dup"}, - {ERR_FUNC(RSA_F_RSA_METH_NEW), "RSA_meth_new"}, - {ERR_FUNC(RSA_F_RSA_METH_SET1_NAME), "RSA_meth_set1_name"}, - {ERR_FUNC(RSA_F_RSA_MGF1_TO_MD), "rsa_mgf1_to_md"}, - {ERR_FUNC(RSA_F_RSA_NEW_METHOD), "RSA_new_method"}, - {ERR_FUNC(RSA_F_RSA_NULL), "RSA_NULL"}, - {ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_DECRYPT), "RSA_null_private_decrypt"}, - {ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_ENCRYPT), "RSA_null_private_encrypt"}, - {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_DECRYPT), "RSA_null_public_decrypt"}, - {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_ENCRYPT), "RSA_null_public_encrypt"}, - {ERR_FUNC(RSA_F_RSA_OSSL_PRIVATE_DECRYPT), "rsa_ossl_private_decrypt"}, - {ERR_FUNC(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT), "rsa_ossl_private_encrypt"}, - {ERR_FUNC(RSA_F_RSA_OSSL_PUBLIC_DECRYPT), "rsa_ossl_public_decrypt"}, - {ERR_FUNC(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT), "rsa_ossl_public_encrypt"}, - {ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE), "RSA_padding_add_none"}, - {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP), +static const ERR_STRING_DATA RSA_str_functs[] = { + {ERR_PACK(ERR_LIB_RSA, RSA_F_CHECK_PADDING_MD, 0), "check_padding_md"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_ENCODE_PKCS1, 0), "encode_pkcs1"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_INT_RSA_VERIFY, 0), "int_rsa_verify"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_OLD_RSA_PRIV_DECODE, 0), + "old_rsa_priv_decode"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_PSS_INIT, 0), "pkey_pss_init"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_RSA_CTRL, 0), "pkey_rsa_ctrl"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_RSA_CTRL_STR, 0), "pkey_rsa_ctrl_str"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_RSA_SIGN, 0), "pkey_rsa_sign"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_RSA_VERIFY, 0), "pkey_rsa_verify"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_RSA_VERIFYRECOVER, 0), + "pkey_rsa_verifyrecover"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_ALGOR_TO_MD, 0), "rsa_algor_to_md"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_BUILTIN_KEYGEN, 0), "rsa_builtin_keygen"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CHECK_KEY, 0), "RSA_check_key"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CHECK_KEY_EX, 0), "RSA_check_key_ex"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CMS_DECRYPT, 0), "rsa_cms_decrypt"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CMS_VERIFY, 0), "rsa_cms_verify"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_ITEM_VERIFY, 0), "rsa_item_verify"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_METH_DUP, 0), "RSA_meth_dup"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_METH_NEW, 0), "RSA_meth_new"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_METH_SET1_NAME, 0), "RSA_meth_set1_name"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_MGF1_TO_MD, 0), ""}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_MULTIP_INFO_NEW, 0), + "rsa_multip_info_new"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_NEW_METHOD, 0), "RSA_new_method"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_NULL, 0), ""}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_NULL_PRIVATE_DECRYPT, 0), ""}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_NULL_PRIVATE_ENCRYPT, 0), ""}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_NULL_PUBLIC_DECRYPT, 0), ""}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_NULL_PUBLIC_ENCRYPT, 0), ""}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PRIVATE_DECRYPT, 0), + "rsa_ossl_private_decrypt"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, 0), + "rsa_ossl_private_encrypt"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PUBLIC_DECRYPT, 0), + "rsa_ossl_public_decrypt"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, 0), + "rsa_ossl_public_encrypt"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_NONE, 0), + "RSA_padding_add_none"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, 0), "RSA_padding_add_PKCS1_OAEP"}, - {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1), + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1, 0), "RSA_padding_add_PKCS1_OAEP_mgf1"}, - {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS), "RSA_padding_add_PKCS1_PSS"}, - {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1), + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_PKCS1_PSS, 0), + "RSA_padding_add_PKCS1_PSS"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1, 0), "RSA_padding_add_PKCS1_PSS_mgf1"}, - {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1), + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1, 0), "RSA_padding_add_PKCS1_type_1"}, - {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2), + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2, 0), "RSA_padding_add_PKCS1_type_2"}, - {ERR_FUNC(RSA_F_RSA_PADDING_ADD_SSLV23), "RSA_padding_add_SSLv23"}, - {ERR_FUNC(RSA_F_RSA_PADDING_ADD_X931), "RSA_padding_add_X931"}, - {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_NONE), "RSA_padding_check_none"}, - {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP), + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_SSLV23, 0), + "RSA_padding_add_SSLv23"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_X931, 0), + "RSA_padding_add_X931"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_CHECK_NONE, 0), + "RSA_padding_check_none"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, 0), "RSA_padding_check_PKCS1_OAEP"}, - {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1), + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, 0), "RSA_padding_check_PKCS1_OAEP_mgf1"}, - {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1), + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1, 0), "RSA_padding_check_PKCS1_type_1"}, - {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2), + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, 0), "RSA_padding_check_PKCS1_type_2"}, - {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_SSLV23), "RSA_padding_check_SSLv23"}, - {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"}, - {ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"}, - {ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"}, - {ERR_FUNC(RSA_F_RSA_PRIV_ENCODE), "rsa_priv_encode"}, - {ERR_FUNC(RSA_F_RSA_PSS_TO_CTX), "rsa_pss_to_ctx"}, - {ERR_FUNC(RSA_F_RSA_PUB_DECODE), "rsa_pub_decode"}, - {ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"}, - {ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"}, - {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_CHECK_SSLV23, 0), + "RSA_padding_check_SSLv23"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_CHECK_X931, 0), + "RSA_padding_check_X931"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PARAM_DECODE, 0), "rsa_param_decode"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRINT, 0), "RSA_print"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRINT_FP, 0), "RSA_print_fp"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIV_DECODE, 0), "rsa_priv_decode"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIV_ENCODE, 0), "rsa_priv_encode"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PSS_GET_PARAM, 0), "rsa_pss_get_param"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PSS_TO_CTX, 0), "rsa_pss_to_ctx"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PUB_DECODE, 0), "rsa_pub_decode"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SETUP_BLINDING, 0), "RSA_setup_blinding"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SIGN, 0), "RSA_sign"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SIGN_ASN1_OCTET_STRING, 0), "RSA_sign_ASN1_OCTET_STRING"}, - {ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"}, - {ERR_FUNC(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING), + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_VERIFY, 0), "RSA_verify"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_VERIFY_ASN1_OCTET_STRING, 0), "RSA_verify_ASN1_OCTET_STRING"}, - {ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1), "RSA_verify_PKCS1_PSS_mgf1"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, 0), + "RSA_verify_PKCS1_PSS_mgf1"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_SETUP_TBUF, 0), "setup_tbuf"}, {0, NULL} }; -static ERR_STRING_DATA RSA_str_reasons[] = { - {ERR_REASON(RSA_R_ALGORITHM_MISMATCH), "algorithm mismatch"}, - {ERR_REASON(RSA_R_BAD_E_VALUE), "bad e value"}, - {ERR_REASON(RSA_R_BAD_FIXED_HEADER_DECRYPT), "bad fixed header decrypt"}, - {ERR_REASON(RSA_R_BAD_PAD_BYTE_COUNT), "bad pad byte count"}, - {ERR_REASON(RSA_R_BAD_SIGNATURE), "bad signature"}, - {ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_01), "block type is not 01"}, - {ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_02), "block type is not 02"}, - {ERR_REASON(RSA_R_DATA_GREATER_THAN_MOD_LEN), - "data greater than mod len"}, - {ERR_REASON(RSA_R_DATA_TOO_LARGE), "data too large"}, - {ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE), - "data too large for key size"}, - {ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_MODULUS), - "data too large for modulus"}, - {ERR_REASON(RSA_R_DATA_TOO_SMALL), "data too small"}, - {ERR_REASON(RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE), - "data too small for key size"}, - {ERR_REASON(RSA_R_DIGEST_DOES_NOT_MATCH), "digest does not match"}, - {ERR_REASON(RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY), - "digest too big for rsa key"}, - {ERR_REASON(RSA_R_DMP1_NOT_CONGRUENT_TO_D), "dmp1 not congruent to d"}, - {ERR_REASON(RSA_R_DMQ1_NOT_CONGRUENT_TO_D), "dmq1 not congruent to d"}, - {ERR_REASON(RSA_R_D_E_NOT_CONGRUENT_TO_1), "d e not congruent to 1"}, - {ERR_REASON(RSA_R_FIRST_OCTET_INVALID), "first octet invalid"}, - {ERR_REASON(RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE), - "illegal or unsupported padding mode"}, - {ERR_REASON(RSA_R_INVALID_DIGEST), "invalid digest"}, - {ERR_REASON(RSA_R_INVALID_DIGEST_LENGTH), "invalid digest length"}, - {ERR_REASON(RSA_R_INVALID_HEADER), "invalid header"}, - {ERR_REASON(RSA_R_INVALID_LABEL), "invalid label"}, - {ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH), "invalid message length"}, - {ERR_REASON(RSA_R_INVALID_MGF1_MD), "invalid mgf1 md"}, - {ERR_REASON(RSA_R_INVALID_OAEP_PARAMETERS), "invalid oaep parameters"}, - {ERR_REASON(RSA_R_INVALID_PADDING), "invalid padding"}, - {ERR_REASON(RSA_R_INVALID_PADDING_MODE), "invalid padding mode"}, - {ERR_REASON(RSA_R_INVALID_PSS_PARAMETERS), "invalid pss parameters"}, - {ERR_REASON(RSA_R_INVALID_PSS_SALTLEN), "invalid pss saltlen"}, - {ERR_REASON(RSA_R_INVALID_SALT_LENGTH), "invalid salt length"}, - {ERR_REASON(RSA_R_INVALID_TRAILER), "invalid trailer"}, - {ERR_REASON(RSA_R_INVALID_X931_DIGEST), "invalid x931 digest"}, - {ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q), "iqmp not inverse of q"}, - {ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL), "key size too small"}, - {ERR_REASON(RSA_R_LAST_OCTET_INVALID), "last octet invalid"}, - {ERR_REASON(RSA_R_MODULUS_TOO_LARGE), "modulus too large"}, - {ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT), "no public exponent"}, - {ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING), - "null before block missing"}, - {ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q), "n does not equal p q"}, - {ERR_REASON(RSA_R_OAEP_DECODING_ERROR), "oaep decoding error"}, - {ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), - "operation not supported for this keytype"}, - {ERR_REASON(RSA_R_PADDING_CHECK_FAILED), "padding check failed"}, - {ERR_REASON(RSA_R_PKCS_DECODING_ERROR), "pkcs decoding error"}, - {ERR_REASON(RSA_R_P_NOT_PRIME), "p not prime"}, - {ERR_REASON(RSA_R_Q_NOT_PRIME), "q not prime"}, - {ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED), - "rsa operations not supported"}, - {ERR_REASON(RSA_R_SLEN_CHECK_FAILED), "salt length check failed"}, - {ERR_REASON(RSA_R_SLEN_RECOVERY_FAILED), "salt length recovery failed"}, - {ERR_REASON(RSA_R_SSLV3_ROLLBACK_ATTACK), "sslv3 rollback attack"}, - {ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD), - "the asn1 object identifier is not known for this md"}, - {ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE), "unknown algorithm type"}, - {ERR_REASON(RSA_R_UNKNOWN_DIGEST), "unknown digest"}, - {ERR_REASON(RSA_R_UNKNOWN_MASK_DIGEST), "unknown mask digest"}, - {ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE), "unknown padding type"}, - {ERR_REASON(RSA_R_UNSUPPORTED_ENCRYPTION_TYPE), - "unsupported encryption type"}, - {ERR_REASON(RSA_R_UNSUPPORTED_LABEL_SOURCE), "unsupported label source"}, - {ERR_REASON(RSA_R_UNSUPPORTED_MASK_ALGORITHM), - "unsupported mask algorithm"}, - {ERR_REASON(RSA_R_UNSUPPORTED_MASK_PARAMETER), - "unsupported mask parameter"}, - {ERR_REASON(RSA_R_UNSUPPORTED_SIGNATURE_TYPE), - "unsupported signature type"}, - {ERR_REASON(RSA_R_VALUE_MISSING), "value missing"}, - {ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"}, +static const ERR_STRING_DATA RSA_str_reasons[] = { + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_ALGORITHM_MISMATCH), "algorithm mismatch"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BAD_E_VALUE), "bad e value"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BAD_FIXED_HEADER_DECRYPT), + "bad fixed header decrypt"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BAD_PAD_BYTE_COUNT), "bad pad byte count"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BAD_SIGNATURE), "bad signature"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BLOCK_TYPE_IS_NOT_01), + "block type is not 01"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BLOCK_TYPE_IS_NOT_02), + "block type is not 02"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_GREATER_THAN_MOD_LEN), + "data greater than mod len"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_LARGE), "data too large"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE), + "data too large for key size"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_LARGE_FOR_MODULUS), + "data too large for modulus"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_SMALL), "data too small"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE), + "data too small for key size"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DIGEST_DOES_NOT_MATCH), + "digest does not match"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DIGEST_NOT_ALLOWED), "digest not allowed"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY), + "digest too big for rsa key"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DMP1_NOT_CONGRUENT_TO_D), + "dmp1 not congruent to d"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DMQ1_NOT_CONGRUENT_TO_D), + "dmq1 not congruent to d"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_D_E_NOT_CONGRUENT_TO_1), + "d e not congruent to 1"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_FIRST_OCTET_INVALID), + "first octet invalid"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE), + "illegal or unsupported padding mode"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_DIGEST), "invalid digest"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_DIGEST_LENGTH), + "invalid digest length"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_HEADER), "invalid header"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_LABEL), "invalid label"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_MESSAGE_LENGTH), + "invalid message length"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_MGF1_MD), "invalid mgf1 md"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_MULTI_PRIME_KEY), + "invalid multi prime key"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_OAEP_PARAMETERS), + "invalid oaep parameters"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_PADDING), "invalid padding"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_PADDING_MODE), + "invalid padding mode"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_PSS_PARAMETERS), + "invalid pss parameters"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_PSS_SALTLEN), + "invalid pss saltlen"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_SALT_LENGTH), + "invalid salt length"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_TRAILER), "invalid trailer"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_X931_DIGEST), + "invalid x931 digest"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_IQMP_NOT_INVERSE_OF_Q), + "iqmp not inverse of q"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_KEY_PRIME_NUM_INVALID), + "key prime num invalid"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_KEY_SIZE_TOO_SMALL), "key size too small"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_LAST_OCTET_INVALID), "last octet invalid"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MGF1_DIGEST_NOT_ALLOWED), + "mgf1 digest not allowed"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MODULUS_TOO_LARGE), "modulus too large"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R), + "mp coefficient not inverse of r"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D), + "mp exponent not congruent to d"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MP_R_NOT_PRIME), "mp r not prime"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NO_PUBLIC_EXPONENT), "no public exponent"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NULL_BEFORE_BLOCK_MISSING), + "null before block missing"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES), + "n does not equal product of primes"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_N_DOES_NOT_EQUAL_P_Q), + "n does not equal p q"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OAEP_DECODING_ERROR), + "oaep decoding error"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), + "operation not supported for this keytype"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PADDING_CHECK_FAILED), + "padding check failed"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PKCS_DECODING_ERROR), + "pkcs decoding error"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PSS_SALTLEN_TOO_SMALL), + "pss saltlen too small"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_P_NOT_PRIME), "p not prime"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_Q_NOT_PRIME), "q not prime"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED), + "rsa operations not supported"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_SLEN_CHECK_FAILED), + "salt length check failed"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_SLEN_RECOVERY_FAILED), + "salt length recovery failed"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_SSLV3_ROLLBACK_ATTACK), + "sslv3 rollback attack"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD), + "the asn1 object identifier is not known for this md"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNKNOWN_ALGORITHM_TYPE), + "unknown algorithm type"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNKNOWN_DIGEST), "unknown digest"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNKNOWN_MASK_DIGEST), + "unknown mask digest"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNKNOWN_PADDING_TYPE), + "unknown padding type"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_ENCRYPTION_TYPE), + "unsupported encryption type"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_LABEL_SOURCE), + "unsupported label source"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_MASK_ALGORITHM), + "unsupported mask algorithm"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_MASK_PARAMETER), + "unsupported mask parameter"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_SIGNATURE_TYPE), + "unsupported signature type"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_VALUE_MISSING), "value missing"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_WRONG_SIGNATURE_LENGTH), + "wrong signature length"}, {0, NULL} }; @@ -175,10 +237,9 @@ static ERR_STRING_DATA RSA_str_reasons[] = { int ERR_load_RSA_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(RSA_str_functs[0].error) == NULL) { - ERR_load_strings(0, RSA_str_functs); - ERR_load_strings(0, RSA_str_reasons); + ERR_load_strings_const(RSA_str_functs); + ERR_load_strings_const(RSA_str_reasons); } #endif return 1; diff --git a/deps/openssl/openssl/crypto/rsa/rsa_gen.c b/deps/openssl/openssl/crypto/rsa/rsa_gen.c index 79f77e3eafdf56..7f0a25648140c4 100644 --- a/deps/openssl/openssl/crypto/rsa/rsa_gen.c +++ b/deps/openssl/openssl/crypto/rsa/rsa_gen.c @@ -19,7 +19,7 @@ #include #include "rsa_locl.h" -static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, +static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value, BN_GENCB *cb); /* @@ -31,29 +31,60 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, */ int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) { - if (rsa->meth->rsa_keygen) + if (rsa->meth->rsa_keygen != NULL) return rsa->meth->rsa_keygen(rsa, bits, e_value, cb); - return rsa_builtin_keygen(rsa, bits, e_value, cb); + + return RSA_generate_multi_prime_key(rsa, bits, RSA_DEFAULT_PRIME_NUM, + e_value, cb); } -static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, +int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes, + BIGNUM *e_value, BN_GENCB *cb) +{ + /* multi-prime is only supported with the builtin key generation */ + if (rsa->meth->rsa_multi_prime_keygen != NULL) { + return rsa->meth->rsa_multi_prime_keygen(rsa, bits, primes, + e_value, cb); + } else if (rsa->meth->rsa_keygen != NULL) { + /* + * However, if rsa->meth implements only rsa_keygen, then we + * have to honour it in 2-prime case and assume that it wouldn't + * know what to do with multi-prime key generated by builtin + * subroutine... + */ + if (primes == 2) + return rsa->meth->rsa_keygen(rsa, bits, e_value, cb); + else + return 0; + } + + return rsa_builtin_keygen(rsa, bits, primes, e_value, cb); +} + +static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value, BN_GENCB *cb) { - BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL, *tmp; - int bitsp, bitsq, ok = -1, n = 0; + BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *tmp, *prime; + int ok = -1, n = 0, bitsr[RSA_MAX_PRIME_NUM], bitse = 0; + int i = 0, quo = 0, rmd = 0, adj = 0, retries = 0; + RSA_PRIME_INFO *pinfo = NULL; + STACK_OF(RSA_PRIME_INFO) *prime_infos = NULL; BN_CTX *ctx = NULL; + BN_ULONG bitst = 0; unsigned long error = 0; - /* - * When generating ridiculously small keys, we can get stuck - * continually regenerating the same prime values. - */ - if (bits < 16) { + if (bits < RSA_MIN_MODULUS_BITS) { ok = 0; /* we set our own err */ RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_SIZE_TOO_SMALL); goto err; } + if (primes < RSA_DEFAULT_PRIME_NUM || primes > rsa_multip_cap(bits)) { + ok = 0; /* we set our own err */ + RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_PRIME_NUM_INVALID); + goto err; + } + ctx = BN_CTX_new(); if (ctx == NULL) goto err; @@ -61,12 +92,15 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, r0 = BN_CTX_get(ctx); r1 = BN_CTX_get(ctx); r2 = BN_CTX_get(ctx); - r3 = BN_CTX_get(ctx); - if (r3 == NULL) + if (r2 == NULL) goto err; - bitsp = (bits + 1) / 2; - bitsq = bits - bitsp; + /* divide bits into 'primes' pieces evenly */ + quo = bits / primes; + rmd = bits % primes; + + for (i = 0; i < primes; i++) + bitsr[i] = (i < rmd) ? quo + 1 : quo; /* We need the RSA components non-NULL */ if (!rsa->n && ((rsa->n = BN_new()) == NULL)) @@ -86,83 +120,202 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, if (!rsa->iqmp && ((rsa->iqmp = BN_secure_new()) == NULL)) goto err; - if (BN_copy(rsa->e, e_value) == NULL) - goto err; - - BN_set_flags(rsa->p, BN_FLG_CONSTTIME); - BN_set_flags(rsa->q, BN_FLG_CONSTTIME); - BN_set_flags(r2, BN_FLG_CONSTTIME); - /* generate p and q */ - for (;;) { - if (!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb)) - goto err; - if (!BN_sub(r2, rsa->p, BN_value_one())) + /* initialize multi-prime components */ + if (primes > RSA_DEFAULT_PRIME_NUM) { + rsa->version = RSA_ASN1_VERSION_MULTI; + prime_infos = sk_RSA_PRIME_INFO_new_reserve(NULL, primes - 2); + if (prime_infos == NULL) goto err; - ERR_set_mark(); - if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) { - /* GCD == 1 since inverse exists */ - break; + if (rsa->prime_infos != NULL) { + /* could this happen? */ + sk_RSA_PRIME_INFO_pop_free(rsa->prime_infos, rsa_multip_info_free); } - error = ERR_peek_last_error(); - if (ERR_GET_LIB(error) == ERR_LIB_BN - && ERR_GET_REASON(error) == BN_R_NO_INVERSE) { - /* GCD != 1 */ - ERR_pop_to_mark(); - } else { - goto err; + rsa->prime_infos = prime_infos; + + /* prime_info from 2 to |primes| -1 */ + for (i = 2; i < primes; i++) { + pinfo = rsa_multip_info_new(); + if (pinfo == NULL) + goto err; + (void)sk_RSA_PRIME_INFO_push(prime_infos, pinfo); } - if (!BN_GENCB_call(cb, 2, n++)) - goto err; } - if (!BN_GENCB_call(cb, 3, 0)) + + if (BN_copy(rsa->e, e_value) == NULL) goto err; - for (;;) { - do { - if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb)) + + /* generate p, q and other primes (if any) */ + for (i = 0; i < primes; i++) { + adj = 0; + retries = 0; + + if (i == 0) { + prime = rsa->p; + } else if (i == 1) { + prime = rsa->q; + } else { + pinfo = sk_RSA_PRIME_INFO_value(prime_infos, i - 2); + prime = pinfo->r; + } + BN_set_flags(prime, BN_FLG_CONSTTIME); + + for (;;) { + redo: + if (!BN_generate_prime_ex(prime, bitsr[i] + adj, 0, NULL, NULL, cb)) + goto err; + /* + * prime should not be equal to p, q, r_3... + * (those primes prior to this one) + */ + { + int j; + + for (j = 0; j < i; j++) { + BIGNUM *prev_prime; + + if (j == 0) + prev_prime = rsa->p; + else if (j == 1) + prev_prime = rsa->q; + else + prev_prime = sk_RSA_PRIME_INFO_value(prime_infos, + j - 2)->r; + + if (!BN_cmp(prime, prev_prime)) { + goto redo; + } + } + } + if (!BN_sub(r2, prime, BN_value_one())) + goto err; + ERR_set_mark(); + BN_set_flags(r2, BN_FLG_CONSTTIME); + if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) { + /* GCD == 1 since inverse exists */ + break; + } + error = ERR_peek_last_error(); + if (ERR_GET_LIB(error) == ERR_LIB_BN + && ERR_GET_REASON(error) == BN_R_NO_INVERSE) { + /* GCD != 1 */ + ERR_pop_to_mark(); + } else { + goto err; + } + if (!BN_GENCB_call(cb, 2, n++)) goto err; - } while (BN_cmp(rsa->p, rsa->q) == 0); - if (!BN_sub(r2, rsa->q, BN_value_one())) - goto err; - ERR_set_mark(); - if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) { - /* GCD == 1 since inverse exists */ - break; } - error = ERR_peek_last_error(); - if (ERR_GET_LIB(error) == ERR_LIB_BN - && ERR_GET_REASON(error) == BN_R_NO_INVERSE) { - /* GCD != 1 */ - ERR_pop_to_mark(); + + bitse += bitsr[i]; + + /* calculate n immediately to see if it's sufficient */ + if (i == 1) { + /* we get at least 2 primes */ + if (!BN_mul(r1, rsa->p, rsa->q, ctx)) + goto err; + } else if (i != 0) { + /* modulus n = p * q * r_3 * r_4 ... */ + if (!BN_mul(r1, rsa->n, prime, ctx)) + goto err; } else { + /* i == 0, do nothing */ + if (!BN_GENCB_call(cb, 3, i)) + goto err; + continue; + } + /* + * if |r1|, product of factors so far, is not as long as expected + * (by checking the first 4 bits are less than 0x9 or greater than + * 0xF). If so, re-generate the last prime. + * + * NOTE: This actually can't happen in two-prime case, because of + * the way factors are generated. + * + * Besides, another consideration is, for multi-prime case, even the + * length modulus is as long as expected, the modulus could start at + * 0x8, which could be utilized to distinguish a multi-prime private + * key by using the modulus in a certificate. This is also covered + * by checking the length should not be less than 0x9. + */ + if (!BN_rshift(r2, r1, bitse - 4)) goto err; + bitst = BN_get_word(r2); + + if (bitst < 0x9 || bitst > 0xF) { + /* + * For keys with more than 4 primes, we attempt longer factor to + * meet length requirement. + * + * Otherwise, we just re-generate the prime with the same length. + * + * This strategy has the following goals: + * + * 1. 1024-bit factors are effcient when using 3072 and 4096-bit key + * 2. stay the same logic with normal 2-prime key + */ + bitse -= bitsr[i]; + if (!BN_GENCB_call(cb, 2, n++)) + goto err; + if (primes > 4) { + if (bitst < 0x9) + adj++; + else + adj--; + } else if (retries == 4) { + /* + * re-generate all primes from scratch, mainly used + * in 4 prime case to avoid long loop. Max retry times + * is set to 4. + */ + i = -1; + bitse = 0; + continue; + } + retries++; + goto redo; } - if (!BN_GENCB_call(cb, 2, n++)) + /* save product of primes for further use, for multi-prime only */ + if (i > 1 && BN_copy(pinfo->pp, rsa->n) == NULL) + goto err; + if (BN_copy(rsa->n, r1) == NULL) + goto err; + if (!BN_GENCB_call(cb, 3, i)) goto err; } - if (!BN_GENCB_call(cb, 3, 1)) - goto err; + if (BN_cmp(rsa->p, rsa->q) < 0) { tmp = rsa->p; rsa->p = rsa->q; rsa->q = tmp; } - /* calculate n */ - if (!BN_mul(rsa->n, rsa->p, rsa->q, ctx)) - goto err; - /* calculate d */ + + /* p - 1 */ if (!BN_sub(r1, rsa->p, BN_value_one())) - goto err; /* p-1 */ + goto err; + /* q - 1 */ if (!BN_sub(r2, rsa->q, BN_value_one())) - goto err; /* q-1 */ + goto err; + /* (p - 1)(q - 1) */ if (!BN_mul(r0, r1, r2, ctx)) - goto err; /* (p-1)(q-1) */ + goto err; + /* multi-prime */ + for (i = 2; i < primes; i++) { + pinfo = sk_RSA_PRIME_INFO_value(prime_infos, i - 2); + /* save r_i - 1 to pinfo->d temporarily */ + if (!BN_sub(pinfo->d, pinfo->r, BN_value_one())) + goto err; + if (!BN_mul(r0, r0, pinfo->d, ctx)) + goto err; + } + { BIGNUM *pr0 = BN_new(); if (pr0 == NULL) goto err; + BN_with_flags(pr0, r0, BN_FLG_CONSTTIME); if (!BN_mod_inverse(rsa->d, rsa->e, pr0, ctx)) { BN_free(pr0); @@ -177,15 +330,26 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, if (d == NULL) goto err; + BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); - if ( /* calculate d mod (p-1) */ - !BN_mod(rsa->dmp1, d, r1, ctx) - /* calculate d mod (q-1) */ + /* calculate d mod (p-1) and d mod (q - 1) */ + if (!BN_mod(rsa->dmp1, d, r1, ctx) || !BN_mod(rsa->dmq1, d, r2, ctx)) { BN_free(d); goto err; } + + /* calculate CRT exponents */ + for (i = 2; i < primes; i++) { + pinfo = sk_RSA_PRIME_INFO_value(prime_infos, i - 2); + /* pinfo->d == r_i - 1 */ + if (!BN_mod(pinfo->d, d, pinfo->d, ctx)) { + BN_free(d); + goto err; + } + } + /* We MUST free d before any further use of rsa->d */ BN_free(d); } @@ -202,6 +366,17 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_free(p); goto err; } + + /* calculate CRT coefficient for other primes */ + for (i = 2; i < primes; i++) { + pinfo = sk_RSA_PRIME_INFO_value(prime_infos, i - 2); + BN_with_flags(p, pinfo->r, BN_FLG_CONSTTIME); + if (!BN_mod_inverse(pinfo->t, pinfo->pp, p, ctx)) { + BN_free(p); + goto err; + } + } + /* We MUST free p before any further use of rsa->p */ BN_free(p); } @@ -215,6 +390,5 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, if (ctx != NULL) BN_CTX_end(ctx); BN_CTX_free(ctx); - return ok; } diff --git a/deps/openssl/openssl/crypto/rsa/rsa_lib.c b/deps/openssl/openssl/crypto/rsa/rsa_lib.c index d99d04916d430d..49c34b7c36c918 100644 --- a/deps/openssl/openssl/crypto/rsa/rsa_lib.c +++ b/deps/openssl/openssl/crypto/rsa/rsa_lib.c @@ -10,9 +10,11 @@ #include #include #include "internal/cryptlib.h" -#include +#include "internal/refcount.h" #include "internal/bn_int.h" #include +#include +#include "internal/evp_int.h" #include "rsa_locl.h" RSA *RSA_new(void) @@ -71,8 +73,9 @@ RSA *RSA_new_method(ENGINE *engine) goto err; } ret->engine = engine; - } else + } else { ret->engine = ENGINE_get_default_RSA(); + } if (ret->engine) { ret->meth = ENGINE_get_RSA(ret->engine); if (ret->meth == NULL) { @@ -106,7 +109,7 @@ void RSA_free(RSA *r) if (r == NULL) return; - CRYPTO_atomic_add(&r->references, -1, &i, r->lock); + CRYPTO_DOWN_REF(&r->references, &i, r->lock); REF_PRINT_COUNT("RSA", r); if (i > 0) return; @@ -122,14 +125,16 @@ void RSA_free(RSA *r) CRYPTO_THREAD_lock_free(r->lock); - BN_clear_free(r->n); - BN_clear_free(r->e); + BN_free(r->n); + BN_free(r->e); BN_clear_free(r->d); BN_clear_free(r->p); BN_clear_free(r->q); BN_clear_free(r->dmp1); BN_clear_free(r->dmq1); BN_clear_free(r->iqmp); + RSA_PSS_PARAMS_free(r->pss); + sk_RSA_PRIME_INFO_pop_free(r->prime_infos, rsa_multip_info_free); BN_BLINDING_free(r->blinding); BN_BLINDING_free(r->mt_blinding); OPENSSL_free(r->bignum_data); @@ -140,27 +145,36 @@ int RSA_up_ref(RSA *r) { int i; - if (CRYPTO_atomic_add(&r->references, 1, &i, r->lock) <= 0) + if (CRYPTO_UP_REF(&r->references, &i, r->lock) <= 0) return 0; REF_PRINT_COUNT("RSA", r); REF_ASSERT_ISNT(i < 2); - return ((i > 1) ? 1 : 0); + return i > 1 ? 1 : 0; } int RSA_set_ex_data(RSA *r, int idx, void *arg) { - return (CRYPTO_set_ex_data(&r->ex_data, idx, arg)); + return CRYPTO_set_ex_data(&r->ex_data, idx, arg); } void *RSA_get_ex_data(const RSA *r, int idx) { - return (CRYPTO_get_ex_data(&r->ex_data, idx)); + return CRYPTO_get_ex_data(&r->ex_data, idx); } int RSA_security_bits(const RSA *rsa) { - return BN_security_bits(BN_num_bits(rsa->n), -1); + int bits = BN_num_bits(rsa->n); + + if (rsa->version == RSA_ASN1_VERSION_MULTI) { + /* This ought to mean that we have private key at hand. */ + int ex_primes = sk_RSA_PRIME_INFO_num(rsa->prime_infos); + + if (ex_primes <= 0 || (ex_primes + 2) > rsa_multip_cap(bits)) + return 0; + } + return BN_security_bits(bits, -1); } int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) @@ -182,7 +196,7 @@ int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) r->e = e; } if (d != NULL) { - BN_free(r->d); + BN_clear_free(r->d); r->d = d; } @@ -199,11 +213,11 @@ int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) return 0; if (p != NULL) { - BN_free(r->p); + BN_clear_free(r->p); r->p = p; } if (q != NULL) { - BN_free(r->q); + BN_clear_free(r->q); r->q = q; } @@ -221,21 +235,86 @@ int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) return 0; if (dmp1 != NULL) { - BN_free(r->dmp1); + BN_clear_free(r->dmp1); r->dmp1 = dmp1; } if (dmq1 != NULL) { - BN_free(r->dmq1); + BN_clear_free(r->dmq1); r->dmq1 = dmq1; } if (iqmp != NULL) { - BN_free(r->iqmp); + BN_clear_free(r->iqmp); r->iqmp = iqmp; } return 1; } +/* + * Is it better to export RSA_PRIME_INFO structure + * and related functions to let user pass a triplet? + */ +int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[], + BIGNUM *coeffs[], int pnum) +{ + STACK_OF(RSA_PRIME_INFO) *prime_infos, *old = NULL; + RSA_PRIME_INFO *pinfo; + int i; + + if (primes == NULL || exps == NULL || coeffs == NULL || pnum == 0) + return 0; + + prime_infos = sk_RSA_PRIME_INFO_new_reserve(NULL, pnum); + if (prime_infos == NULL) + return 0; + + if (r->prime_infos != NULL) + old = r->prime_infos; + + for (i = 0; i < pnum; i++) { + pinfo = rsa_multip_info_new(); + if (pinfo == NULL) + goto err; + if (primes[i] != NULL && exps[i] != NULL && coeffs[i] != NULL) { + BN_free(pinfo->r); + BN_free(pinfo->d); + BN_free(pinfo->t); + pinfo->r = primes[i]; + pinfo->d = exps[i]; + pinfo->t = coeffs[i]; + } else { + rsa_multip_info_free(pinfo); + goto err; + } + (void)sk_RSA_PRIME_INFO_push(prime_infos, pinfo); + } + + r->prime_infos = prime_infos; + + if (!rsa_multip_calc_product(r)) { + r->prime_infos = old; + goto err; + } + + if (old != NULL) { + /* + * This is hard to deal with, since the old infos could + * also be set by this function and r, d, t should not + * be freed in that case. So currently, stay consistent + * with other *set0* functions: just free it... + */ + sk_RSA_PRIME_INFO_pop_free(old, rsa_multip_info_free); + } + + r->version = RSA_ASN1_VERSION_MULTI; + + return 1; + err: + /* r, d, t should not be freed */ + sk_RSA_PRIME_INFO_pop_free(prime_infos, rsa_multip_info_free_ex); + return 0; +} + void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) { @@ -255,6 +334,36 @@ void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) *q = r->q; } +int RSA_get_multi_prime_extra_count(const RSA *r) +{ + int pnum; + + pnum = sk_RSA_PRIME_INFO_num(r->prime_infos); + if (pnum <= 0) + pnum = 0; + return pnum; +} + +int RSA_get0_multi_prime_factors(const RSA *r, const BIGNUM *primes[]) +{ + int pnum, i; + RSA_PRIME_INFO *pinfo; + + if ((pnum = RSA_get_multi_prime_extra_count(r)) == 0) + return 0; + + /* + * return other primes + * it's caller's responsibility to allocate oth_primes[pnum] + */ + for (i = 0; i < pnum; i++) { + pinfo = sk_RSA_PRIME_INFO_value(r->prime_infos, i); + primes[i] = pinfo->r; + } + + return 1; +} + void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, const BIGNUM **iqmp) @@ -267,6 +376,72 @@ void RSA_get0_crt_params(const RSA *r, *iqmp = r->iqmp; } +int RSA_get0_multi_prime_crt_params(const RSA *r, const BIGNUM *exps[], + const BIGNUM *coeffs[]) +{ + int pnum; + + if ((pnum = RSA_get_multi_prime_extra_count(r)) == 0) + return 0; + + /* return other primes */ + if (exps != NULL || coeffs != NULL) { + RSA_PRIME_INFO *pinfo; + int i; + + /* it's the user's job to guarantee the buffer length */ + for (i = 0; i < pnum; i++) { + pinfo = sk_RSA_PRIME_INFO_value(r->prime_infos, i); + if (exps != NULL) + exps[i] = pinfo->d; + if (coeffs != NULL) + coeffs[i] = pinfo->t; + } + } + + return 1; +} + +const BIGNUM *RSA_get0_n(const RSA *r) +{ + return r->n; +} + +const BIGNUM *RSA_get0_e(const RSA *r) +{ + return r->e; +} + +const BIGNUM *RSA_get0_d(const RSA *r) +{ + return r->d; +} + +const BIGNUM *RSA_get0_p(const RSA *r) +{ + return r->p; +} + +const BIGNUM *RSA_get0_q(const RSA *r) +{ + return r->q; +} + +const BIGNUM *RSA_get0_dmp1(const RSA *r) +{ + return r->dmp1; +} + +const BIGNUM *RSA_get0_dmq1(const RSA *r) +{ + return r->dmq1; +} + +const BIGNUM *RSA_get0_iqmp(const RSA *r) +{ + return r->iqmp; +} + void RSA_clear_flags(RSA *r, int flags) { r->flags &= ~flags; @@ -282,7 +457,23 @@ void RSA_set_flags(RSA *r, int flags) r->flags |= flags; } +int RSA_get_version(RSA *r) +{ + /* { two-prime(0), multi(1) } */ + return r->version; +} + ENGINE *RSA_get0_engine(const RSA *r) { return r->engine; } + +int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2) +{ + /* If key type not RSA or RSA-PSS return error */ + if (ctx != NULL && ctx->pmeth != NULL + && ctx->pmeth->pkey_id != EVP_PKEY_RSA + && ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS) + return -1; + return EVP_PKEY_CTX_ctrl(ctx, -1, optype, cmd, p1, p2); +} diff --git a/deps/openssl/openssl/crypto/rsa/rsa_locl.h b/deps/openssl/openssl/crypto/rsa/rsa_locl.h index 5d16aa6f4372ff..2b94462a94c6f5 100644 --- a/deps/openssl/openssl/crypto/rsa/rsa_locl.h +++ b/deps/openssl/openssl/crypto/rsa/rsa_locl.h @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,14 +8,30 @@ */ #include +#include "internal/refcount.h" + +#define RSA_MAX_PRIME_NUM 5 +#define RSA_MIN_MODULUS_BITS 512 + +typedef struct rsa_prime_info_st { + BIGNUM *r; + BIGNUM *d; + BIGNUM *t; + /* save product of primes prior to this one */ + BIGNUM *pp; + BN_MONT_CTX *m; +} RSA_PRIME_INFO; + +DECLARE_ASN1_ITEM(RSA_PRIME_INFO) +DEFINE_STACK_OF(RSA_PRIME_INFO) struct rsa_st { /* * The first parameter is used to pickup errors where this is passed - * instead of aEVP_PKEY, it is set to 0 + * instead of an EVP_PKEY, it is set to 0 */ int pad; - long version; + int32_t version; const RSA_METHOD *meth; /* functional reference if 'meth' is ENGINE-provided */ ENGINE *engine; @@ -27,9 +43,13 @@ struct rsa_st { BIGNUM *dmp1; BIGNUM *dmq1; BIGNUM *iqmp; + /* for multi-prime RSA, defined in RFC 8017 */ + STACK_OF(RSA_PRIME_INFO) *prime_infos; + /* If a PSS only key this contains the parameter restrictions */ + RSA_PSS_PARAMS *pss; /* be careful using this if the RSA structure is shared */ CRYPTO_EX_DATA ex_data; - int references; + CRYPTO_REF_COUNT references; int flags; /* Used to cache montgomery values */ BN_MONT_CTX *_method_mod_n; @@ -88,9 +108,25 @@ struct rsa_meth_st { * things as "builtin software" implementations. */ int (*rsa_keygen) (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); + int (*rsa_multi_prime_keygen) (RSA *rsa, int bits, int primes, + BIGNUM *e, BN_GENCB *cb); }; extern int int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len, unsigned char *rm, size_t *prm_len, const unsigned char *sigbuf, size_t siglen, RSA *rsa); +/* Macros to test if a pkey or ctx is for a PSS key */ +#define pkey_is_pss(pkey) (pkey->ameth->pkey_id == EVP_PKEY_RSA_PSS) +#define pkey_ctx_is_pss(ctx) (ctx->pmeth->pkey_id == EVP_PKEY_RSA_PSS) + +RSA_PSS_PARAMS *rsa_pss_params_create(const EVP_MD *sigmd, + const EVP_MD *mgf1md, int saltlen); +int rsa_pss_get_param(const RSA_PSS_PARAMS *pss, const EVP_MD **pmd, + const EVP_MD **pmgf1md, int *psaltlen); +/* internal function to clear and free multi-prime parameters */ +void rsa_multip_info_free_ex(RSA_PRIME_INFO *pinfo); +void rsa_multip_info_free(RSA_PRIME_INFO *pinfo); +RSA_PRIME_INFO *rsa_multip_info_new(void); +int rsa_multip_calc_product(RSA *rsa); +int rsa_multip_cap(int bits); diff --git a/deps/openssl/openssl/crypto/rsa/rsa_meth.c b/deps/openssl/openssl/crypto/rsa/rsa_meth.c index ba40cff2870a0e..def19f375f920b 100644 --- a/deps/openssl/openssl/crypto/rsa/rsa_meth.c +++ b/deps/openssl/openssl/crypto/rsa/rsa_meth.c @@ -271,3 +271,17 @@ int RSA_meth_set_keygen(RSA_METHOD *meth, return 1; } +int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth)) + (RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb) +{ + return meth->rsa_multi_prime_keygen; +} + +int RSA_meth_set_multi_prime_keygen(RSA_METHOD *meth, + int (*keygen) (RSA *rsa, int bits, + int primes, BIGNUM *e, + BN_GENCB *cb)) +{ + meth->rsa_multi_prime_keygen = keygen; + return 1; +} diff --git a/deps/openssl/openssl/crypto/rsa/rsa_mp.c b/deps/openssl/openssl/crypto/rsa/rsa_mp.c new file mode 100644 index 00000000000000..e7e810823b2778 --- /dev/null +++ b/deps/openssl/openssl/crypto/rsa/rsa_mp.c @@ -0,0 +1,115 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017 BaishanCloud. All rights reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include "rsa_locl.h" + +void rsa_multip_info_free_ex(RSA_PRIME_INFO *pinfo) +{ + /* free pp and pinfo only */ + BN_clear_free(pinfo->pp); + OPENSSL_free(pinfo); +} + +void rsa_multip_info_free(RSA_PRIME_INFO *pinfo) +{ + /* free a RSA_PRIME_INFO structure */ + BN_clear_free(pinfo->r); + BN_clear_free(pinfo->d); + BN_clear_free(pinfo->t); + rsa_multip_info_free_ex(pinfo); +} + +RSA_PRIME_INFO *rsa_multip_info_new(void) +{ + RSA_PRIME_INFO *pinfo; + + /* create a RSA_PRIME_INFO structure */ + if ((pinfo = OPENSSL_zalloc(sizeof(RSA_PRIME_INFO))) == NULL) { + RSAerr(RSA_F_RSA_MULTIP_INFO_NEW, ERR_R_MALLOC_FAILURE); + return NULL; + } + if ((pinfo->r = BN_secure_new()) == NULL) + goto err; + if ((pinfo->d = BN_secure_new()) == NULL) + goto err; + if ((pinfo->t = BN_secure_new()) == NULL) + goto err; + if ((pinfo->pp = BN_secure_new()) == NULL) + goto err; + + return pinfo; + + err: + BN_free(pinfo->r); + BN_free(pinfo->d); + BN_free(pinfo->t); + BN_free(pinfo->pp); + OPENSSL_free(pinfo); + return NULL; +} + +/* Refill products of primes */ +int rsa_multip_calc_product(RSA *rsa) +{ + RSA_PRIME_INFO *pinfo; + BIGNUM *p1 = NULL, *p2 = NULL; + BN_CTX *ctx = NULL; + int i, rv = 0, ex_primes; + + if ((ex_primes = sk_RSA_PRIME_INFO_num(rsa->prime_infos)) <= 0) { + /* invalid */ + goto err; + } + + if ((ctx = BN_CTX_new()) == NULL) + goto err; + + /* calculate pinfo->pp = p * q for first 'extra' prime */ + p1 = rsa->p; + p2 = rsa->q; + + for (i = 0; i < ex_primes; i++) { + pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i); + if (pinfo->pp == NULL) { + pinfo->pp = BN_secure_new(); + if (pinfo->pp == NULL) + goto err; + } + if (!BN_mul(pinfo->pp, p1, p2, ctx)) + goto err; + /* save previous one */ + p1 = pinfo->pp; + p2 = pinfo->r; + } + + rv = 1; + err: + BN_CTX_free(ctx); + return rv; +} + +int rsa_multip_cap(int bits) +{ + int cap = 5; + + if (bits < 1024) + cap = 2; + else if (bits < 4096) + cap = 3; + else if (bits < 8192) + cap = 4; + + if (cap > RSA_MAX_PRIME_NUM) + cap = RSA_MAX_PRIME_NUM; + + return cap; +} diff --git a/deps/openssl/openssl/crypto/rsa/rsa_none.c b/deps/openssl/openssl/crypto/rsa/rsa_none.c index b78756d186af5b..f16cc67066d7fc 100644 --- a/deps/openssl/openssl/crypto/rsa/rsa_none.c +++ b/deps/openssl/openssl/crypto/rsa/rsa_none.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -16,16 +16,16 @@ int RSA_padding_add_none(unsigned char *to, int tlen, { if (flen > tlen) { RSAerr(RSA_F_RSA_PADDING_ADD_NONE, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); - return (0); + return 0; } if (flen < tlen) { RSAerr(RSA_F_RSA_PADDING_ADD_NONE, RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE); - return (0); + return 0; } memcpy(to, from, (unsigned int)flen); - return (1); + return 1; } int RSA_padding_check_none(unsigned char *to, int tlen, @@ -34,10 +34,10 @@ int RSA_padding_check_none(unsigned char *to, int tlen, if (flen > tlen) { RSAerr(RSA_F_RSA_PADDING_CHECK_NONE, RSA_R_DATA_TOO_LARGE); - return (-1); + return -1; } memset(to, 0, tlen - flen); memcpy(to + tlen - flen, from, flen); - return (tlen); + return tlen; } diff --git a/deps/openssl/openssl/crypto/rsa/rsa_null.c b/deps/openssl/openssl/crypto/rsa/rsa_null.c deleted file mode 100644 index d33949412022d9..00000000000000 --- a/deps/openssl/openssl/crypto/rsa/rsa_null.c +++ /dev/null @@ -1,93 +0,0 @@ -/* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include "rsa_locl.h" - -/* - * This is a dummy RSA implementation that just returns errors when called. - * It is designed to allow some RSA functions to work while stopping those - * covered by the RSA patent. That is RSA, encryption, decryption, signing - * and verify is not allowed but RSA key generation, key checking and other - * operations (like storing RSA keys) are permitted. - */ - -static int RSA_null_public_encrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); -static int RSA_null_private_encrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); -static int RSA_null_public_decrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); -static int RSA_null_private_decrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); -static int RSA_null_init(RSA *rsa); -static int RSA_null_finish(RSA *rsa); -static RSA_METHOD rsa_null_meth = { - "Null RSA", - RSA_null_public_encrypt, - RSA_null_public_decrypt, - RSA_null_private_encrypt, - RSA_null_private_decrypt, - NULL, - NULL, - RSA_null_init, - RSA_null_finish, - 0, - NULL, - NULL, - NULL, - NULL -}; - -const RSA_METHOD *RSA_null_method(void) -{ - return (&rsa_null_meth); -} - -static int RSA_null_public_encrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) -{ - RSAerr(RSA_F_RSA_NULL_PUBLIC_ENCRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); - return -1; -} - -static int RSA_null_private_encrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) -{ - RSAerr(RSA_F_RSA_NULL_PRIVATE_ENCRYPT, - RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); - return -1; -} - -static int RSA_null_private_decrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) -{ - RSAerr(RSA_F_RSA_NULL_PRIVATE_DECRYPT, - RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); - return -1; -} - -static int RSA_null_public_decrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) -{ - RSAerr(RSA_F_RSA_NULL_PUBLIC_DECRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); - return -1; -} - -static int RSA_null_init(RSA *rsa) -{ - return (1); -} - -static int RSA_null_finish(RSA *rsa) -{ - return (1); -} diff --git a/deps/openssl/openssl/crypto/rsa/rsa_oaep.c b/deps/openssl/openssl/crypto/rsa/rsa_oaep.c index df08a2f53ecd85..f13c6fc9e50636 100644 --- a/deps/openssl/openssl/crypto/rsa/rsa_oaep.c +++ b/deps/openssl/openssl/crypto/rsa/rsa_oaep.c @@ -81,12 +81,6 @@ int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, if (RAND_bytes(seed, mdlen) <= 0) goto err; -#ifdef PKCS_TESTVECT - memcpy(seed, - "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f", - 20); -#endif - dbmask_len = emlen - mdlen; dbmask = OPENSSL_malloc(dbmask_len); if (dbmask == NULL) { diff --git a/deps/openssl/openssl/crypto/rsa/rsa_ossl.c b/deps/openssl/openssl/crypto/rsa/rsa_ossl.c index 23f948fbbb91fb..2b1b006c2801db 100644 --- a/deps/openssl/openssl/crypto/rsa/rsa_ossl.c +++ b/deps/openssl/openssl/crypto/rsa/rsa_ossl.c @@ -38,7 +38,8 @@ static RSA_METHOD rsa_pkcs1_ossl_meth = { NULL, 0, /* rsa_sign */ 0, /* rsa_verify */ - NULL /* rsa_keygen */ + NULL, /* rsa_keygen */ + NULL /* rsa_multi_prime_keygen */ }; static const RSA_METHOD *default_RSA_meth = &rsa_pkcs1_ossl_meth; @@ -58,6 +59,11 @@ const RSA_METHOD *RSA_PKCS1_OpenSSL(void) return &rsa_pkcs1_ossl_meth; } +const RSA_METHOD *RSA_null_method(void) +{ + return NULL; +} + static int rsa_ossl_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { @@ -91,7 +97,7 @@ static int rsa_ossl_public_encrypt(int flen, const unsigned char *from, ret = BN_CTX_get(ctx); num = BN_num_bytes(rsa->n); buf = OPENSSL_malloc(num); - if (f == NULL || ret == NULL || buf == NULL) { + if (ret == NULL || buf == NULL) { RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, ERR_R_MALLOC_FAILURE); goto err; } @@ -145,7 +151,7 @@ static int rsa_ossl_public_encrypt(int flen, const unsigned char *from, BN_CTX_end(ctx); BN_CTX_free(ctx); OPENSSL_clear_free(buf, num); - return (r); + return r; } static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx) @@ -190,12 +196,12 @@ static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx) static int rsa_blinding_convert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind, BN_CTX *ctx) { - if (unblind == NULL) + if (unblind == NULL) { /* * Local blinding: store the unblinding factor in BN_BLINDING. */ return BN_BLINDING_convert_ex(f, NULL, b, ctx); - else { + } else { /* * Shared blinding: store the unblinding factor outside BN_BLINDING. */ @@ -247,7 +253,7 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, ret = BN_CTX_get(ctx); num = BN_num_bytes(rsa->n); buf = OPENSSL_malloc(num); - if (f == NULL || ret == NULL || buf == NULL) { + if (ret == NULL || buf == NULL) { RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE); goto err; } @@ -298,6 +304,7 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, } if ((rsa->flags & RSA_FLAG_EXT_PKEY) || + (rsa->version == RSA_ASN1_VERSION_MULTI) || ((rsa->p != NULL) && (rsa->q != NULL) && (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) { @@ -338,8 +345,9 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, res = f; else res = ret; - } else + } else { res = ret; + } /* * BN_bn2binpad puts in leading 0 bytes if the number is less than @@ -351,7 +359,7 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, BN_CTX_end(ctx); BN_CTX_free(ctx); OPENSSL_clear_free(buf, num); - return (r); + return r; } static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, @@ -377,7 +385,7 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, ret = BN_CTX_get(ctx); num = BN_num_bytes(rsa->n); buf = OPENSSL_malloc(num); - if (f == NULL || ret == NULL || buf == NULL) { + if (ret == NULL || buf == NULL) { RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE); goto err; } @@ -421,6 +429,7 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, /* do the decrypt */ if ((rsa->flags & RSA_FLAG_EXT_PKEY) || + (rsa->version == RSA_ASN1_VERSION_MULTI) || ((rsa->p != NULL) && (rsa->q != NULL) && (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) { @@ -480,7 +489,7 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, BN_CTX_end(ctx); BN_CTX_free(ctx); OPENSSL_clear_free(buf, num); - return (r); + return r; } /* signature verification */ @@ -517,7 +526,7 @@ static int rsa_ossl_public_decrypt(int flen, const unsigned char *from, ret = BN_CTX_get(ctx); num = BN_num_bytes(rsa->n); buf = OPENSSL_malloc(num); - if (f == NULL || ret == NULL || buf == NULL) { + if (ret == NULL || buf == NULL) { RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, ERR_R_MALLOC_FAILURE); goto err; } @@ -577,22 +586,29 @@ static int rsa_ossl_public_decrypt(int flen, const unsigned char *from, BN_CTX_end(ctx); BN_CTX_free(ctx); OPENSSL_clear_free(buf, num); - return (r); + return r; } static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { - BIGNUM *r1, *m1, *vrfy; - int ret = 0, smooth = 0; + BIGNUM *r1, *m1, *vrfy, *r2, *m[RSA_MAX_PRIME_NUM - 2]; + int ret = 0, i, ex_primes = 0, smooth = 0; + RSA_PRIME_INFO *pinfo; BN_CTX_start(ctx); r1 = BN_CTX_get(ctx); + r2 = BN_CTX_get(ctx); m1 = BN_CTX_get(ctx); vrfy = BN_CTX_get(ctx); if (vrfy == NULL) goto err; + if (rsa->version == RSA_ASN1_VERSION_MULTI + && ((ex_primes = sk_RSA_PRIME_INFO_num(rsa->prime_infos)) <= 0 + || ex_primes > RSA_MAX_PRIME_NUM - 2)) + goto err; + if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) { BIGNUM *factor = BN_new(); @@ -612,12 +628,21 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) BN_free(factor); goto err; } + for (i = 0; i < ex_primes; i++) { + pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i); + BN_with_flags(factor, pinfo->r, BN_FLG_CONSTTIME); + if (!BN_MONT_CTX_set_locked(&pinfo->m, rsa->lock, factor, ctx)) { + BN_free(factor); + goto err; + } + } /* * We MUST free |factor| before any further use of the prime factors */ BN_free(factor); - smooth = (rsa->meth->bn_mod_exp == BN_mod_exp_mont) + smooth = (ex_primes == 0) + && (rsa->meth->bn_mod_exp == BN_mod_exp_mont) && (BN_num_bits(rsa->q) == BN_num_bits(rsa->p)); } @@ -723,6 +748,56 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) BN_free(dmp1); } + /* + * calculate m_i in multi-prime case + * + * TODO: + * 1. squash the following two loops and calculate |m_i| there. + * 2. remove cc and reuse |c|. + * 3. remove |dmq1| and |dmp1| in previous block and use |di|. + * + * If these things are done, the code will be more readable. + */ + if (ex_primes > 0) { + BIGNUM *di = BN_new(), *cc = BN_new(); + + if (cc == NULL || di == NULL) { + BN_free(cc); + BN_free(di); + goto err; + } + + for (i = 0; i < ex_primes; i++) { + /* prepare m_i */ + if ((m[i] = BN_CTX_get(ctx)) == NULL) { + BN_free(cc); + BN_free(di); + goto err; + } + + pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i); + + /* prepare c and d_i */ + BN_with_flags(cc, I, BN_FLG_CONSTTIME); + BN_with_flags(di, pinfo->d, BN_FLG_CONSTTIME); + + if (!BN_mod(r1, cc, pinfo->r, ctx)) { + BN_free(cc); + BN_free(di); + goto err; + } + /* compute r1 ^ d_i mod r_i */ + if (!rsa->meth->bn_mod_exp(m[i], r1, di, pinfo->r, ctx, pinfo->m)) { + BN_free(cc); + BN_free(di); + goto err; + } + } + + BN_free(cc); + BN_free(di); + } + if (!BN_sub(r0, r0, m1)) goto err; /* @@ -765,6 +840,49 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) if (!BN_add(r0, r1, m1)) goto err; + /* add m_i to m in multi-prime case */ + if (ex_primes > 0) { + BIGNUM *pr2 = BN_new(); + + if (pr2 == NULL) + goto err; + + for (i = 0; i < ex_primes; i++) { + pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i); + if (!BN_sub(r1, m[i], r0)) { + BN_free(pr2); + goto err; + } + + if (!BN_mul(r2, r1, pinfo->t, ctx)) { + BN_free(pr2); + goto err; + } + + BN_with_flags(pr2, r2, BN_FLG_CONSTTIME); + + if (!BN_mod(r1, pr2, pinfo->r, ctx)) { + BN_free(pr2); + goto err; + } + + if (BN_is_negative(r1)) + if (!BN_add(r1, r1, pinfo->r)) { + BN_free(pr2); + goto err; + } + if (!BN_mul(r1, r1, pinfo->pp, ctx)) { + BN_free(pr2); + goto err; + } + if (!BN_add(r0, r0, r1)) { + BN_free(pr2); + goto err; + } + } + BN_free(pr2); + } + tail: if (rsa->e && rsa->n) { if (rsa->meth->bn_mod_exp == BN_mod_exp_mont) { @@ -828,19 +946,26 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) ret = 1; err: BN_CTX_end(ctx); - return (ret); + return ret; } static int rsa_ossl_init(RSA *rsa) { rsa->flags |= RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE; - return (1); + return 1; } static int rsa_ossl_finish(RSA *rsa) { + int i; + RSA_PRIME_INFO *pinfo; + BN_MONT_CTX_free(rsa->_method_mod_n); BN_MONT_CTX_free(rsa->_method_mod_p); BN_MONT_CTX_free(rsa->_method_mod_q); - return (1); + for (i = 0; i < sk_RSA_PRIME_INFO_num(rsa->prime_infos); i++) { + pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i); + BN_MONT_CTX_free(pinfo->m); + } + return 1; } diff --git a/deps/openssl/openssl/crypto/rsa/rsa_pk1.c b/deps/openssl/openssl/crypto/rsa/rsa_pk1.c index 63d6c3a3b8dd9f..d07c0d6f852b99 100644 --- a/deps/openssl/openssl/crypto/rsa/rsa_pk1.c +++ b/deps/openssl/openssl/crypto/rsa/rsa_pk1.c @@ -24,7 +24,7 @@ int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, if (flen > (tlen - RSA_PKCS1_PADDING_SIZE)) { RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); - return (0); + return 0; } p = (unsigned char *)to; @@ -38,7 +38,7 @@ int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, p += j; *(p++) = '\0'; memcpy(p, from, (unsigned int)flen); - return (1); + return 1; } int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, @@ -73,7 +73,7 @@ int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, if ((num != (flen + 1)) || (*(p++) != 0x01)) { RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1, RSA_R_BLOCK_TYPE_IS_NOT_01); - return (-1); + return -1; } /* scan over padding data */ @@ -86,7 +86,7 @@ int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, } else { RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1, RSA_R_BAD_FIXED_HEADER_DECRYPT); - return (-1); + return -1; } } p++; @@ -95,23 +95,23 @@ int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, if (i == j) { RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1, RSA_R_NULL_BEFORE_BLOCK_MISSING); - return (-1); + return -1; } if (i < 8) { RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1, RSA_R_BAD_PAD_BYTE_COUNT); - return (-1); + return -1; } i++; /* Skip over the '\0' */ j -= i; if (j > tlen) { RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1, RSA_R_DATA_TOO_LARGE); - return (-1); + return -1; } memcpy(to, p, (unsigned int)j); - return (j); + return j; } int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, @@ -123,7 +123,7 @@ int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, if (flen > (tlen - 11)) { RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); - return (0); + return 0; } p = (unsigned char *)to; @@ -135,12 +135,12 @@ int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, j = tlen - 3 - flen; if (RAND_bytes(p, j) <= 0) - return (0); + return 0; for (i = 0; i < j; i++) { if (*p == '\0') do { if (RAND_bytes(p, 1) <= 0) - return (0); + return 0; } while (*p == '\0'); p++; } @@ -148,7 +148,7 @@ int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, *(p++) = '\0'; memcpy(p, from, (unsigned int)flen); - return (1); + return 1; } int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, diff --git a/deps/openssl/openssl/crypto/rsa/rsa_pmeth.c b/deps/openssl/openssl/crypto/rsa/rsa_pmeth.c index 2d1dffbbb58260..c10669f8a91b48 100644 --- a/deps/openssl/openssl/crypto/rsa/rsa_pmeth.c +++ b/deps/openssl/openssl/crypto/rsa/rsa_pmeth.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -25,6 +25,7 @@ typedef struct { /* Key gen parameters */ int nbits; BIGNUM *pub_exp; + int primes; /* Keygen callback info */ int gentmp[2]; /* RSA padding mode */ @@ -35,6 +36,8 @@ typedef struct { const EVP_MD *mgf1md; /* PSS salt length */ int saltlen; + /* Minimum salt length or -1 if no PSS parameter restriction */ + int min_saltlen; /* Temp buffer */ unsigned char *tbuf; /* OAEP label */ @@ -42,15 +45,24 @@ typedef struct { size_t oaep_labellen; } RSA_PKEY_CTX; +/* True if PSS parameters are restricted */ +#define rsa_pss_restricted(rctx) (rctx->min_saltlen != -1) + static int pkey_rsa_init(EVP_PKEY_CTX *ctx) { - RSA_PKEY_CTX *rctx; - rctx = OPENSSL_zalloc(sizeof(*rctx)); + RSA_PKEY_CTX *rctx = OPENSSL_zalloc(sizeof(*rctx)); + if (rctx == NULL) return 0; rctx->nbits = 1024; - rctx->pad_mode = RSA_PKCS1_PADDING; - rctx->saltlen = -2; + rctx->primes = RSA_DEFAULT_PRIME_NUM; + if (pkey_ctx_is_pss(ctx)) + rctx->pad_mode = RSA_PKCS1_PSS_PADDING; + else + rctx->pad_mode = RSA_PKCS1_PADDING; + /* Maximum for sign, auto for verify */ + rctx->saltlen = RSA_PSS_SALTLEN_AUTO; + rctx->min_saltlen = -1; ctx->data = rctx; ctx->keygen_info = rctx->gentmp; ctx->keygen_info_count = 2; @@ -61,6 +73,7 @@ static int pkey_rsa_init(EVP_PKEY_CTX *ctx) static int pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) { RSA_PKEY_CTX *dctx, *sctx; + if (!pkey_rsa_init(dst)) return 0; sctx = src->data; @@ -86,11 +99,12 @@ static int pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) static int setup_tbuf(RSA_PKEY_CTX *ctx, EVP_PKEY_CTX *pk) { - if (ctx->tbuf) + if (ctx->tbuf != NULL) return 1; - ctx->tbuf = OPENSSL_malloc(EVP_PKEY_size(pk->pkey)); - if (ctx->tbuf == NULL) + if ((ctx->tbuf = OPENSSL_malloc(EVP_PKEY_size(pk->pkey))) == NULL) { + RSAerr(RSA_F_SETUP_TBUF, ERR_R_MALLOC_FAILURE); return 0; + } return 1; } @@ -159,11 +173,13 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, return -1; ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf, sig, rsa, RSA_NO_PADDING); - } else + } else { return -1; - } else + } + } else { ret = RSA_private_encrypt(tbslen, tbs, sig, ctx->pkey->pkey.rsa, rctx->pad_mode); + } if (ret < 0) return ret; *siglen = ret; @@ -207,11 +223,13 @@ static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx, if (ret <= 0) return 0; ret = sltmp; - } else + } else { return -1; - } else + } + } else { ret = RSA_public_decrypt(siglen, sig, rout, ctx->pkey->pkey.rsa, rctx->pad_mode); + } if (ret < 0) return ret; *routlen = ret; @@ -225,6 +243,7 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx, RSA_PKEY_CTX *rctx = ctx->data; RSA *rsa = ctx->pkey->pkey.rsa; size_t rslen; + if (rctx->md) { if (rctx->pad_mode == RSA_PKCS1_PADDING) return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen, @@ -250,8 +269,9 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx, if (ret <= 0) return 0; return 1; - } else + } else { return -1; + } } else { if (!setup_tbuf(rctx, ctx)) return -1; @@ -274,6 +294,7 @@ static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx, { int ret; RSA_PKEY_CTX *rctx = ctx->data; + if (rctx->pad_mode == RSA_PKCS1_OAEP_PADDING) { int klen = RSA_size(ctx->pkey->pkey.rsa); if (!setup_tbuf(rctx, ctx)) @@ -286,9 +307,10 @@ static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx, return -1; ret = RSA_public_encrypt(klen, rctx->tbuf, out, ctx->pkey->pkey.rsa, RSA_NO_PADDING); - } else + } else { ret = RSA_public_encrypt(inlen, in, out, ctx->pkey->pkey.rsa, rctx->pad_mode); + } if (ret < 0) return ret; *outlen = ret; @@ -301,6 +323,7 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, { int ret; RSA_PKEY_CTX *rctx = ctx->data; + if (rctx->pad_mode == RSA_PKCS1_OAEP_PADDING) { if (!setup_tbuf(rctx, ctx)) return -1; @@ -313,9 +336,10 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, rctx->oaep_label, rctx->oaep_labellen, rctx->md, rctx->mgf1md); - } else + } else { ret = RSA_private_decrypt(inlen, in, out, ctx->pkey->pkey.rsa, rctx->pad_mode); + } if (ret < 0) return ret; *outlen = ret; @@ -325,6 +349,7 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, static int check_padding_md(const EVP_MD *md, int padding) { int mdnid; + if (!md) return 1; @@ -354,6 +379,10 @@ static int check_padding_md(const EVP_MD *md, int padding) case NID_md4: case NID_mdc2: case NID_ripemd160: + case NID_sha3_224: + case NID_sha3_256: + case NID_sha3_384: + case NID_sha3_512: return 1; default: @@ -369,6 +398,7 @@ static int check_padding_md(const EVP_MD *md, int padding) static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { RSA_PKEY_CTX *rctx = ctx->data; + switch (type) { case EVP_PKEY_CTRL_RSA_PADDING: if ((p1 >= RSA_PKCS1_PADDING) && (p1 <= RSA_PKCS1_PSS_PADDING)) { @@ -380,6 +410,8 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) goto bad_pad; if (!rctx->md) rctx->md = EVP_sha1(); + } else if (pkey_ctx_is_pss(ctx)) { + goto bad_pad; } if (p1 == RSA_PKCS1_OAEP_PADDING) { if (!(ctx->operation & EVP_PKEY_OP_TYPE_CRYPT)) @@ -405,17 +437,30 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PSS_SALTLEN); return -2; } - if (type == EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN) + if (type == EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN) { *(int *)p2 = rctx->saltlen; - else { - if (p1 < -2) + } else { + if (p1 < RSA_PSS_SALTLEN_MAX) return -2; + if (rsa_pss_restricted(rctx)) { + if (p1 == RSA_PSS_SALTLEN_AUTO + && ctx->operation == EVP_PKEY_OP_VERIFY) { + RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PSS_SALTLEN); + return -2; + } + if ((p1 == RSA_PSS_SALTLEN_DIGEST + && rctx->min_saltlen > EVP_MD_size(rctx->md)) + || (p1 >= 0 && p1 < rctx->min_saltlen)) { + RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_PSS_SALTLEN_TOO_SMALL); + return 0; + } + } rctx->saltlen = p1; } return 1; case EVP_PKEY_CTRL_RSA_KEYGEN_BITS: - if (p1 < 512) { + if (p1 < RSA_MIN_MODULUS_BITS) { RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_KEY_SIZE_TOO_SMALL); return -2; } @@ -431,6 +476,14 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) rctx->pub_exp = p2; return 1; + case EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES: + if (p1 < RSA_DEFAULT_PRIME_NUM || p1 > RSA_MAX_PRIME_NUM) { + RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_KEY_PRIME_NUM_INVALID); + return -2; + } + rctx->primes = p1; + return 1; + case EVP_PKEY_CTRL_RSA_OAEP_MD: case EVP_PKEY_CTRL_GET_RSA_OAEP_MD: if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) { @@ -446,6 +499,12 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) case EVP_PKEY_CTRL_MD: if (!check_padding_md(p2, rctx->pad_mode)) return 0; + if (rsa_pss_restricted(rctx)) { + if (EVP_MD_type(rctx->md) == EVP_MD_type(p2)) + return 1; + RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_DIGEST_NOT_ALLOWED); + return 0; + } rctx->md = p2; return 1; @@ -465,8 +524,15 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) *(const EVP_MD **)p2 = rctx->mgf1md; else *(const EVP_MD **)p2 = rctx->md; - } else + } else { + if (rsa_pss_restricted(rctx)) { + if (EVP_MD_type(rctx->mgf1md) == EVP_MD_type(p2)) + return 1; + RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_MGF1_DIGEST_NOT_ALLOWED); + return 0; + } rctx->mgf1md = p2; + } return 1; case EVP_PKEY_CTRL_RSA_OAEP_LABEL: @@ -493,16 +559,21 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) return rctx->oaep_labellen; case EVP_PKEY_CTRL_DIGESTINIT: + case EVP_PKEY_CTRL_PKCS7_SIGN: +#ifndef OPENSSL_NO_CMS + case EVP_PKEY_CTRL_CMS_SIGN: +#endif + return 1; + case EVP_PKEY_CTRL_PKCS7_ENCRYPT: case EVP_PKEY_CTRL_PKCS7_DECRYPT: - case EVP_PKEY_CTRL_PKCS7_SIGN: - return 1; #ifndef OPENSSL_NO_CMS case EVP_PKEY_CTRL_CMS_DECRYPT: case EVP_PKEY_CTRL_CMS_ENCRYPT: - case EVP_PKEY_CTRL_CMS_SIGN: - return 1; #endif + if (!pkey_ctx_is_pss(ctx)) + return 1; + /* fall through */ case EVP_PKEY_CTRL_PEER_KEY: RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); @@ -517,27 +588,28 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value) { - if (!value) { + if (value == NULL) { RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_VALUE_MISSING); return 0; } if (strcmp(type, "rsa_padding_mode") == 0) { int pm; - if (strcmp(value, "pkcs1") == 0) + + if (strcmp(value, "pkcs1") == 0) { pm = RSA_PKCS1_PADDING; - else if (strcmp(value, "sslv23") == 0) + } else if (strcmp(value, "sslv23") == 0) { pm = RSA_SSLV23_PADDING; - else if (strcmp(value, "none") == 0) + } else if (strcmp(value, "none") == 0) { pm = RSA_NO_PADDING; - else if (strcmp(value, "oeap") == 0) + } else if (strcmp(value, "oeap") == 0) { pm = RSA_PKCS1_OAEP_PADDING; - else if (strcmp(value, "oaep") == 0) + } else if (strcmp(value, "oaep") == 0) { pm = RSA_PKCS1_OAEP_PADDING; - else if (strcmp(value, "x931") == 0) + } else if (strcmp(value, "x931") == 0) { pm = RSA_X931_PADDING; - else if (strcmp(value, "pss") == 0) + } else if (strcmp(value, "pss") == 0) { pm = RSA_PKCS1_PSS_PADDING; - else { + } else { RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_UNKNOWN_PADDING_TYPE); return -2; } @@ -546,18 +618,27 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, if (strcmp(type, "rsa_pss_saltlen") == 0) { int saltlen; - saltlen = atoi(value); + + if (!strcmp(value, "digest")) + saltlen = RSA_PSS_SALTLEN_DIGEST; + else if (!strcmp(value, "max")) + saltlen = RSA_PSS_SALTLEN_MAX; + else if (!strcmp(value, "auto")) + saltlen = RSA_PSS_SALTLEN_AUTO; + else + saltlen = atoi(value); return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen); } if (strcmp(type, "rsa_keygen_bits") == 0) { - int nbits; - nbits = atoi(value); + int nbits = atoi(value); + return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, nbits); } if (strcmp(type, "rsa_keygen_pubexp") == 0) { int ret; + BIGNUM *pubexp = NULL; if (!BN_asc2bn(&pubexp, value)) return 0; @@ -567,27 +648,43 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, return ret; } - if (strcmp(type, "rsa_mgf1_md") == 0) { - const EVP_MD *md; - if ((md = EVP_get_digestbyname(value)) == NULL) { - RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_INVALID_DIGEST); - return 0; - } - return EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md); + if (strcmp(type, "rsa_keygen_primes") == 0) { + int nprimes = atoi(value); + + return EVP_PKEY_CTX_set_rsa_keygen_primes(ctx, nprimes); } - if (strcmp(type, "rsa_oaep_md") == 0) { - const EVP_MD *md; - if ((md = EVP_get_digestbyname(value)) == NULL) { - RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_INVALID_DIGEST); - return 0; + if (strcmp(type, "rsa_mgf1_md") == 0) + return EVP_PKEY_CTX_md(ctx, + EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, + EVP_PKEY_CTRL_RSA_MGF1_MD, value); + + if (pkey_ctx_is_pss(ctx)) { + + if (strcmp(type, "rsa_pss_keygen_mgf1_md") == 0) + return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_KEYGEN, + EVP_PKEY_CTRL_RSA_MGF1_MD, value); + + if (strcmp(type, "rsa_pss_keygen_md") == 0) + return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_KEYGEN, + EVP_PKEY_CTRL_MD, value); + + if (strcmp(type, "rsa_pss_keygen_saltlen") == 0) { + int saltlen = atoi(value); + + return EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(ctx, saltlen); } - return EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md); } + + if (strcmp(type, "rsa_oaep_md") == 0) + return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_TYPE_CRYPT, + EVP_PKEY_CTRL_RSA_OAEP_MD, value); + if (strcmp(type, "rsa_oaep_label") == 0) { unsigned char *lab; long lablen; int ret; + lab = OPENSSL_hexstr2buf(value, &lablen); if (!lab) return 0; @@ -600,12 +697,30 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, return -2; } +/* Set PSS parameters when generating a key, if necessary */ +static int rsa_set_pss_param(RSA *rsa, EVP_PKEY_CTX *ctx) +{ + RSA_PKEY_CTX *rctx = ctx->data; + + if (!pkey_ctx_is_pss(ctx)) + return 1; + /* If all parameters are default values don't set pss */ + if (rctx->md == NULL && rctx->mgf1md == NULL && rctx->saltlen == -2) + return 1; + rsa->pss = rsa_pss_params_create(rctx->md, rctx->mgf1md, + rctx->saltlen == -2 ? 0 : rctx->saltlen); + if (rsa->pss == NULL) + return 0; + return 1; +} + static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { RSA *rsa = NULL; RSA_PKEY_CTX *rctx = ctx->data; BN_GENCB *pcb; int ret; + if (rctx->pub_exp == NULL) { rctx->pub_exp = BN_new(); if (rctx->pub_exp == NULL || !BN_set_word(rctx->pub_exp, RSA_F4)) @@ -621,12 +736,18 @@ static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) return 0; } evp_pkey_set_cb_translate(pcb, ctx); - } else + } else { pcb = NULL; - ret = RSA_generate_key_ex(rsa, rctx->nbits, rctx->pub_exp, pcb); + } + ret = RSA_generate_multi_prime_key(rsa, rctx->nbits, rctx->primes, + rctx->pub_exp, pcb); BN_GENCB_free(pcb); + if (ret > 0 && !rsa_set_pss_param(rsa, ctx)) { + RSA_free(rsa); + return 0; + } if (ret > 0) - EVP_PKEY_assign_RSA(pkey, rsa); + EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, rsa); else RSA_free(rsa); return ret; @@ -666,3 +787,74 @@ const EVP_PKEY_METHOD rsa_pkey_meth = { pkey_rsa_ctrl, pkey_rsa_ctrl_str }; + +/* + * Called for PSS sign or verify initialisation: checks PSS parameter + * sanity and sets any restrictions on key usage. + */ + +static int pkey_pss_init(EVP_PKEY_CTX *ctx) +{ + RSA *rsa; + RSA_PKEY_CTX *rctx = ctx->data; + const EVP_MD *md; + const EVP_MD *mgf1md; + int min_saltlen, max_saltlen; + + /* Should never happen */ + if (!pkey_ctx_is_pss(ctx)) + return 0; + rsa = ctx->pkey->pkey.rsa; + /* If no restrictions just return */ + if (rsa->pss == NULL) + return 1; + /* Get and check parameters */ + if (!rsa_pss_get_param(rsa->pss, &md, &mgf1md, &min_saltlen)) + return 0; + + /* See if minimum salt length exceeds maximum possible */ + max_saltlen = RSA_size(rsa) - EVP_MD_size(md); + if ((RSA_bits(rsa) & 0x7) == 1) + max_saltlen--; + if (min_saltlen > max_saltlen) { + RSAerr(RSA_F_PKEY_PSS_INIT, RSA_R_INVALID_SALT_LENGTH); + return 0; + } + + rctx->min_saltlen = min_saltlen; + + /* + * Set PSS restrictions as defaults: we can then block any attempt to + * use invalid values in pkey_rsa_ctrl + */ + + rctx->md = md; + rctx->mgf1md = mgf1md; + rctx->saltlen = min_saltlen; + + return 1; +} + +const EVP_PKEY_METHOD rsa_pss_pkey_meth = { + EVP_PKEY_RSA_PSS, + EVP_PKEY_FLAG_AUTOARGLEN, + pkey_rsa_init, + pkey_rsa_copy, + pkey_rsa_cleanup, + + 0, 0, + + 0, + pkey_rsa_keygen, + + pkey_pss_init, + pkey_rsa_sign, + + pkey_pss_init, + pkey_rsa_verify, + + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + + pkey_rsa_ctrl, + pkey_rsa_ctrl_str +}; diff --git a/deps/openssl/openssl/crypto/rsa/rsa_prn.c b/deps/openssl/openssl/crypto/rsa/rsa_prn.c index 5e6c599e46d511..b5f4bce2a3e654 100644 --- a/deps/openssl/openssl/crypto/rsa/rsa_prn.c +++ b/deps/openssl/openssl/crypto/rsa/rsa_prn.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -20,12 +20,12 @@ int RSA_print_fp(FILE *fp, const RSA *x, int off) if ((b = BIO_new(BIO_s_file())) == NULL) { RSAerr(RSA_F_RSA_PRINT_FP, ERR_R_BUF_LIB); - return (0); + return 0; } BIO_set_fp(b, fp, BIO_NOCLOSE); ret = RSA_print(b, x, off); BIO_free(b); - return (ret); + return ret; } #endif diff --git a/deps/openssl/openssl/crypto/rsa/rsa_pss.c b/deps/openssl/openssl/crypto/rsa/rsa_pss.c index 4a1e599ed5dccd..f7c575d00ab123 100644 --- a/deps/openssl/openssl/crypto/rsa/rsa_pss.c +++ b/deps/openssl/openssl/crypto/rsa/rsa_pss.c @@ -41,7 +41,6 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, EVP_MD_CTX *ctx = EVP_MD_CTX_new(); unsigned char H_[EVP_MAX_MD_SIZE]; - if (ctx == NULL) goto err; @@ -55,13 +54,12 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, * Negative sLen has special meanings: * -1 sLen == hLen * -2 salt length is autorecovered from signature + * -3 salt length is maximized * -N reserved */ - if (sLen == -1) + if (sLen == RSA_PSS_SALTLEN_DIGEST) { sLen = hLen; - else if (sLen == -2) - sLen = -2; - else if (sLen < -2) { + } else if (sLen < RSA_PSS_SALTLEN_MAX) { RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_SLEN_CHECK_FAILED); goto err; } @@ -80,7 +78,9 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_DATA_TOO_LARGE); goto err; } - if (sLen > emLen - hLen - 2) { /* sLen can be small negative */ + if (sLen == RSA_PSS_SALTLEN_MAX) { + sLen = emLen - hLen - 2; + } else if (sLen > emLen - hLen - 2) { /* sLen can be small negative */ RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_DATA_TOO_LARGE); goto err; } @@ -106,7 +106,7 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_SLEN_RECOVERY_FAILED); goto err; } - if (sLen >= 0 && (maskedDBLen - i) != sLen) { + if (sLen != RSA_PSS_SALTLEN_AUTO && (maskedDBLen - i) != sLen) { RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_SLEN_CHECK_FAILED); goto err; } @@ -123,8 +123,9 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, if (memcmp(H_, H, hLen)) { RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_BAD_SIGNATURE); ret = 0; - } else + } else { ret = 1; + } err: OPENSSL_free(DB); @@ -162,13 +163,14 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, * Negative sLen has special meanings: * -1 sLen == hLen * -2 salt length is maximized + * -3 same as above (on signing) * -N reserved */ - if (sLen == -1) + if (sLen == RSA_PSS_SALTLEN_DIGEST) { sLen = hLen; - else if (sLen == -2) - sLen = -2; - else if (sLen < -2) { + } else if (sLen == RSA_PSS_SALTLEN_MAX_SIGN) { + sLen = RSA_PSS_SALTLEN_MAX; + } else if (sLen < RSA_PSS_SALTLEN_MAX) { RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1, RSA_R_SLEN_CHECK_FAILED); goto err; } @@ -184,7 +186,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); goto err; } - if (sLen == -2) { + if (sLen == RSA_PSS_SALTLEN_MAX) { sLen = emLen - hLen - 2; } else if (sLen > emLen - hLen - 2) { RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1, @@ -242,7 +244,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, err: EVP_MD_CTX_free(ctx); - OPENSSL_clear_free(salt, sLen); + OPENSSL_clear_free(salt, (size_t)sLen); /* salt != NULL implies sLen > 0 */ return ret; diff --git a/deps/openssl/openssl/crypto/rsa/rsa_saos.c b/deps/openssl/openssl/crypto/rsa/rsa_saos.c index 9e5fff450b84f5..8336f32f1687f5 100644 --- a/deps/openssl/openssl/crypto/rsa/rsa_saos.c +++ b/deps/openssl/openssl/crypto/rsa/rsa_saos.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -32,12 +32,12 @@ int RSA_sign_ASN1_OCTET_STRING(int type, if (i > (j - RSA_PKCS1_PADDING_SIZE)) { RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); - return (0); + return 0; } s = OPENSSL_malloc((unsigned int)j + 1); if (s == NULL) { RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE); - return (0); + return 0; } p = s; i2d_ASN1_OCTET_STRING(&sig, &p); @@ -48,7 +48,7 @@ int RSA_sign_ASN1_OCTET_STRING(int type, *siglen = i; OPENSSL_clear_free(s, (unsigned int)j + 1); - return (ret); + return ret; } int RSA_verify_ASN1_OCTET_STRING(int dtype, @@ -64,7 +64,7 @@ int RSA_verify_ASN1_OCTET_STRING(int dtype, if (siglen != (unsigned int)RSA_size(rsa)) { RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING, RSA_R_WRONG_SIGNATURE_LENGTH); - return (0); + return 0; } s = OPENSSL_malloc((unsigned int)siglen); @@ -85,10 +85,11 @@ int RSA_verify_ASN1_OCTET_STRING(int dtype, if (((unsigned int)sig->length != m_len) || (memcmp(m, sig->data, m_len) != 0)) { RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING, RSA_R_BAD_SIGNATURE); - } else + } else { ret = 1; + } err: ASN1_OCTET_STRING_free(sig); OPENSSL_clear_free(s, (unsigned int)siglen); - return (ret); + return ret; } diff --git a/deps/openssl/openssl/crypto/rsa/rsa_ssl.c b/deps/openssl/openssl/crypto/rsa/rsa_ssl.c index 77b28b46f2b453..286d0a42de0f04 100644 --- a/deps/openssl/openssl/crypto/rsa/rsa_ssl.c +++ b/deps/openssl/openssl/crypto/rsa/rsa_ssl.c @@ -22,7 +22,7 @@ int RSA_padding_add_SSLv23(unsigned char *to, int tlen, if (flen > (tlen - 11)) { RSAerr(RSA_F_RSA_PADDING_ADD_SSLV23, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); - return (0); + return 0; } p = (unsigned char *)to; @@ -34,12 +34,12 @@ int RSA_padding_add_SSLv23(unsigned char *to, int tlen, j = tlen - 3 - 8 - flen; if (RAND_bytes(p, j) <= 0) - return (0); + return 0; for (i = 0; i < j; i++) { if (*p == '\0') do { if (RAND_bytes(p, 1) <= 0) - return (0); + return 0; } while (*p == '\0'); p++; } @@ -49,7 +49,7 @@ int RSA_padding_add_SSLv23(unsigned char *to, int tlen, *(p++) = '\0'; memcpy(p, from, (unsigned int)flen); - return (1); + return 1; } int RSA_padding_check_SSLv23(unsigned char *to, int tlen, @@ -61,7 +61,7 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, p = from; if (flen < 10) { RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_SMALL); - return (-1); + return -1; } /* Accept even zero-padded input */ if (flen == num) { @@ -73,7 +73,7 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, } if ((num != (flen + 1)) || (*(p++) != 02)) { RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_BLOCK_TYPE_IS_NOT_02); - return (-1); + return -1; } /* scan over padding data */ @@ -85,7 +85,7 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, if ((i == j) || (i < 8)) { RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_NULL_BEFORE_BLOCK_MISSING); - return (-1); + return -1; } for (k = -9; k < -1; k++) { if (p[k] != 0x03) @@ -93,16 +93,16 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, } if (k == -1) { RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_SSLV3_ROLLBACK_ATTACK); - return (-1); + return -1; } i++; /* Skip over the '\0' */ j -= i; if (j > tlen) { RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_LARGE); - return (-1); + return -1; } memcpy(to, p, (unsigned int)j); - return (j); + return j; } diff --git a/deps/openssl/openssl/crypto/rsa/rsa_x931.c b/deps/openssl/openssl/crypto/rsa/rsa_x931.c index b9301f372504ce..7b0486c0f263f5 100644 --- a/deps/openssl/openssl/crypto/rsa/rsa_x931.c +++ b/deps/openssl/openssl/crypto/rsa/rsa_x931.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -34,9 +34,9 @@ int RSA_padding_add_X931(unsigned char *to, int tlen, p = (unsigned char *)to; /* If no padding start and end nibbles are in one byte */ - if (j == 0) + if (j == 0) { *p++ = 0x6A; - else { + } else { *p++ = 0x6B; if (j > 1) { memset(p, 0xBB, j - 1); @@ -47,7 +47,7 @@ int RSA_padding_add_X931(unsigned char *to, int tlen, memcpy(p, from, (unsigned int)flen); p += flen; *p = 0xCC; - return (1); + return 1; } int RSA_padding_check_X931(unsigned char *to, int tlen, @@ -81,8 +81,9 @@ int RSA_padding_check_X931(unsigned char *to, int tlen, return -1; } - } else + } else { j = flen - 2; + } if (p[j] != 0xCC) { RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_TRAILER); @@ -91,7 +92,7 @@ int RSA_padding_check_X931(unsigned char *to, int tlen, memcpy(to, p, (unsigned int)j); - return (j); + return j; } /* Translate between X931 hash ids and NIDs */ diff --git a/deps/openssl/openssl/crypto/rsa/rsa_x931g.c b/deps/openssl/openssl/crypto/rsa/rsa_x931g.c index 877ee2219ced60..3563670a12acaf 100644 --- a/deps/openssl/openssl/crypto/rsa/rsa_x931g.c +++ b/deps/openssl/openssl/crypto/rsa/rsa_x931g.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -44,8 +44,9 @@ int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, rsa->e = BN_dup(e); if (!rsa->e) goto err; - } else + } else { e = rsa->e; + } /* * If not all parameters present only calculate what we can. This allows diff --git a/deps/openssl/openssl/crypto/s390x_arch.h b/deps/openssl/openssl/crypto/s390x_arch.h new file mode 100644 index 00000000000000..4a775a927db762 --- /dev/null +++ b/deps/openssl/openssl/crypto/s390x_arch.h @@ -0,0 +1,103 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef S390X_ARCH_H +# define S390X_ARCH_H + +# ifndef __ASSEMBLER__ + +void s390x_kimd(const unsigned char *in, size_t len, unsigned int fc, + void *param); +void s390x_klmd(const unsigned char *in, size_t inlen, unsigned char *out, + size_t outlen, unsigned int fc, void *param); +void s390x_km(const unsigned char *in, size_t len, unsigned char *out, + unsigned int fc, void *param); +void s390x_kmac(const unsigned char *in, size_t len, unsigned int fc, + void *param); +void s390x_kmo(const unsigned char *in, size_t len, unsigned char *out, + unsigned int fc, void *param); +void s390x_kmf(const unsigned char *in, size_t len, unsigned char *out, + unsigned int fc, void *param); +void s390x_kma(const unsigned char *aad, size_t alen, const unsigned char *in, + size_t len, unsigned char *out, unsigned int fc, void *param); + +/* + * The field elements of OPENSSL_s390xcap_P are the 64-bit words returned by + * the STFLE instruction followed by the 64-bit word pairs returned by + * instructions' QUERY functions. If STFLE returns fewer data or an instruction + * is not supported, the corresponding field elements are zero. + */ +struct OPENSSL_s390xcap_st { + unsigned long long stfle[4]; + unsigned long long kimd[2]; + unsigned long long klmd[2]; + unsigned long long km[2]; + unsigned long long kmc[2]; + unsigned long long kmac[2]; + unsigned long long kmctr[2]; + unsigned long long kmo[2]; + unsigned long long kmf[2]; + unsigned long long prno[2]; + unsigned long long kma[2]; +}; + +extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P; + +/* convert facility bit number or function code to bit mask */ +# define S390X_CAPBIT(i) (1ULL << (63 - (i) % 64)) + +# endif + +/* OPENSSL_s390xcap_P offsets [bytes] */ +# define S390X_STFLE 0x00 +# define S390X_KIMD 0x20 +# define S390X_KLMD 0x30 +# define S390X_KM 0x40 +# define S390X_KMC 0x50 +# define S390X_KMAC 0x60 +# define S390X_KMCTR 0x70 +# define S390X_KMO 0x80 +# define S390X_KMF 0x90 +# define S390X_PRNO 0xa0 +# define S390X_KMA 0xb0 + +/* Facility Bit Numbers */ +# define S390X_VX 129 +# define S390X_VXD 134 +# define S390X_VXE 135 + +/* Function Codes */ + +/* all instructions */ +# define S390X_QUERY 0 + +/* kimd/klmd */ +# define S390X_SHA3_224 32 +# define S390X_SHA3_256 33 +# define S390X_SHA3_384 34 +# define S390X_SHA3_512 35 +# define S390X_SHAKE_128 36 +# define S390X_SHAKE_256 37 +# define S390X_GHASH 65 + +/* km/kmc/kmac/kmctr/kmo/kmf/kma */ +# define S390X_AES_128 18 +# define S390X_AES_192 19 +# define S390X_AES_256 20 + +/* prno */ +# define S390X_TRNG 114 + +/* Register 0 Flags */ +# define S390X_DECRYPT 0x80 +# define S390X_KMA_LPC 0x100 +# define S390X_KMA_LAAD 0x200 +# define S390X_KMA_HS 0x400 + +#endif diff --git a/deps/openssl/openssl/crypto/s390xcap.c b/deps/openssl/openssl/crypto/s390xcap.c index 272c55174800c6..e7c7f0a357f20c 100644 --- a/deps/openssl/openssl/crypto/s390xcap.c +++ b/deps/openssl/openssl/crypto/s390xcap.c @@ -1,5 +1,5 @@ /* - * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2010-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,8 +12,8 @@ #include #include #include - -unsigned long long OPENSSL_s390xcap_P[10]; +#include "internal/cryptlib.h" +#include "s390x_arch.h" static sigjmp_buf ill_jmp; static void ill_handler(int sig) @@ -21,30 +21,47 @@ static void ill_handler(int sig) siglongjmp(ill_jmp, sig); } -unsigned long OPENSSL_s390x_facilities(void); +void OPENSSL_s390x_facilities(void); +void OPENSSL_vx_probe(void); + +struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P; void OPENSSL_cpuid_setup(void) { sigset_t oset; struct sigaction ill_act, oact; - if (OPENSSL_s390xcap_P[0]) + if (OPENSSL_s390xcap_P.stfle[0]) return; - OPENSSL_s390xcap_P[0] = 1UL << (8 * sizeof(unsigned long) - 1); + /* set a bit that will not be tested later */ + OPENSSL_s390xcap_P.stfle[0] |= S390X_CAPBIT(0); memset(&ill_act, 0, sizeof(ill_act)); ill_act.sa_handler = ill_handler; sigfillset(&ill_act.sa_mask); sigdelset(&ill_act.sa_mask, SIGILL); + sigdelset(&ill_act.sa_mask, SIGFPE); sigdelset(&ill_act.sa_mask, SIGTRAP); sigprocmask(SIG_SETMASK, &ill_act.sa_mask, &oset); sigaction(SIGILL, &ill_act, &oact); + sigaction(SIGFPE, &ill_act, &oact); /* protection against missing store-facility-list-extended */ if (sigsetjmp(ill_jmp, 1) == 0) OPENSSL_s390x_facilities(); + /* protection against disabled vector facility */ + if ((OPENSSL_s390xcap_P.stfle[2] & S390X_CAPBIT(S390X_VX)) + && (sigsetjmp(ill_jmp, 1) == 0)) { + OPENSSL_vx_probe(); + } else { + OPENSSL_s390xcap_P.stfle[2] &= ~(S390X_CAPBIT(S390X_VX) + | S390X_CAPBIT(S390X_VXD) + | S390X_CAPBIT(S390X_VXE)); + } + + sigaction(SIGFPE, &oact, NULL); sigaction(SIGILL, &oact, NULL); sigprocmask(SIG_SETMASK, &oset, NULL); } diff --git a/deps/openssl/openssl/crypto/s390xcpuid.S b/deps/openssl/openssl/crypto/s390xcpuid.S deleted file mode 100644 index fc141d92756cf7..00000000000000 --- a/deps/openssl/openssl/crypto/s390xcpuid.S +++ /dev/null @@ -1,178 +0,0 @@ -.text -// Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved. -// -// Licensed under the OpenSSL license (the "License"). You may not use -// this file except in compliance with the License. You can obtain a copy -// in the file LICENSE in the source distribution or at -// https://www.openssl.org/source/license.html - -.globl OPENSSL_s390x_facilities -.type OPENSSL_s390x_facilities,@function -.align 16 -OPENSSL_s390x_facilities: - lghi %r0,0 - larl %r4,OPENSSL_s390xcap_P - stg %r0,8(%r4) # wipe capability vectors - stg %r0,16(%r4) - stg %r0,24(%r4) - stg %r0,32(%r4) - stg %r0,40(%r4) - stg %r0,48(%r4) - stg %r0,56(%r4) - stg %r0,64(%r4) - stg %r0,72(%r4) - - .long 0xb2b04000 # stfle 0(%r4) - brc 8,.Ldone - lghi %r0,1 - .long 0xb2b04000 # stfle 0(%r4) -.Ldone: - lmg %r2,%r3,0(%r4) - tmhl %r2,0x4000 # check for message-security-assist - jz .Lret - - lghi %r0,0 # query kimd capabilities - la %r1,16(%r4) - .long 0xb93e0002 # kimd %r0,%r2 - - lghi %r0,0 # query km capability vector - la %r1,32(%r4) - .long 0xb92e0042 # km %r4,%r2 - - lghi %r0,0 # query kmc capability vector - la %r1,48(%r4) - .long 0xb92f0042 # kmc %r4,%r2 - - tmhh %r3,0x0004 # check for message-security-assist-4 - jz .Lret - - lghi %r0,0 # query kmctr capability vector - la %r1,64(%r4) - .long 0xb92d2042 # kmctr %r4,%r2,%r2 - -.Lret: - br %r14 -.size OPENSSL_s390x_facilities,.-OPENSSL_s390x_facilities - -.globl OPENSSL_rdtsc -.type OPENSSL_rdtsc,@function -.align 16 -OPENSSL_rdtsc: - stck 16(%r15) - lg %r2,16(%r15) - br %r14 -.size OPENSSL_rdtsc,.-OPENSSL_rdtsc - -.globl OPENSSL_atomic_add -.type OPENSSL_atomic_add,@function -.align 16 -OPENSSL_atomic_add: - l %r1,0(%r2) -.Lspin: lr %r0,%r1 - ar %r0,%r3 - cs %r1,%r0,0(%r2) - brc 4,.Lspin - lgfr %r2,%r0 # OpenSSL expects the new value - br %r14 -.size OPENSSL_atomic_add,.-OPENSSL_atomic_add - -.globl OPENSSL_wipe_cpu -.type OPENSSL_wipe_cpu,@function -.align 16 -OPENSSL_wipe_cpu: - xgr %r0,%r0 - xgr %r1,%r1 - lgr %r2,%r15 - xgr %r3,%r3 - xgr %r4,%r4 - lzdr %f0 - lzdr %f1 - lzdr %f2 - lzdr %f3 - lzdr %f4 - lzdr %f5 - lzdr %f6 - lzdr %f7 - br %r14 -.size OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu - -.globl OPENSSL_cleanse -.type OPENSSL_cleanse,@function -.align 16 -OPENSSL_cleanse: -#if !defined(__s390x__) && !defined(__s390x) - llgfr %r3,%r3 -#endif - lghi %r4,15 - lghi %r0,0 - clgr %r3,%r4 - jh .Lot - clgr %r3,%r0 - bcr 8,%r14 -.Little: - stc %r0,0(%r2) - la %r2,1(%r2) - brctg %r3,.Little - br %r14 -.align 4 -.Lot: tmll %r2,7 - jz .Laligned - stc %r0,0(%r2) - la %r2,1(%r2) - brctg %r3,.Lot -.Laligned: - srlg %r4,%r3,3 -.Loop: stg %r0,0(%r2) - la %r2,8(%r2) - brctg %r4,.Loop - lghi %r4,7 - ngr %r3,%r4 - jnz .Little - br %r14 -.size OPENSSL_cleanse,.-OPENSSL_cleanse - -.globl CRYPTO_memcmp -.type CRYPTO_memcmp,@function -.align 16 -CRYPTO_memcmp: -#if !defined(__s390x__) && !defined(__s390x) - llgfr %r4,%r4 -#endif - lghi %r5,0 - clgr %r4,%r5 - je .Lno_data - -.Loop_cmp: - llgc %r0,0(%r2) - la %r2,1(%r2) - llgc %r1,0(%r3) - la %r3,1(%r3) - xr %r1,%r0 - or %r5,%r1 - brctg %r4,.Loop_cmp - - lnr %r5,%r5 - srl %r5,31 -.Lno_data: - lgr %r2,%r5 - br %r14 -.size CRYPTO_memcmp,.-CRYPTO_memcmp - -.globl OPENSSL_instrument_bus -.type OPENSSL_instrument_bus,@function -.align 16 -OPENSSL_instrument_bus: - lghi %r2,0 - br %r14 -.size OPENSSL_instrument_bus,.-OPENSSL_instrument_bus - -.globl OPENSSL_instrument_bus2 -.type OPENSSL_instrument_bus2,@function -.align 16 -OPENSSL_instrument_bus2: - lghi %r2,0 - br %r14 -.size OPENSSL_instrument_bus2,.-OPENSSL_instrument_bus2 - -.section .init - brasl %r14,OPENSSL_cpuid_setup diff --git a/deps/openssl/openssl/crypto/s390xcpuid.pl b/deps/openssl/openssl/crypto/s390xcpuid.pl new file mode 100755 index 00000000000000..ec700a47d98e92 --- /dev/null +++ b/deps/openssl/openssl/crypto/s390xcpuid.pl @@ -0,0 +1,421 @@ +#! /usr/bin/env perl +# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +$flavour = shift; + +if ($flavour =~ /3[12]/) { + $SIZE_T=4; + $g=""; +} else { + $SIZE_T=8; + $g="g"; +} + +while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} +open STDOUT,">$output"; + +$ra="%r14"; +$sp="%r15"; +$stdframe=16*$SIZE_T+4*8; + +$code=<<___; +#include "s390x_arch.h" + +.text + +.globl OPENSSL_s390x_facilities +.type OPENSSL_s390x_facilities,\@function +.align 16 +OPENSSL_s390x_facilities: + lghi %r0,0 + larl %r4,OPENSSL_s390xcap_P + + stg %r0,S390X_STFLE+8(%r4) # wipe capability vectors + stg %r0,S390X_STFLE+16(%r4) + stg %r0,S390X_STFLE+24(%r4) + stg %r0,S390X_KIMD(%r4) + stg %r0,S390X_KIMD+8(%r4) + stg %r0,S390X_KLMD(%r4) + stg %r0,S390X_KLMD+8(%r4) + stg %r0,S390X_KM(%r4) + stg %r0,S390X_KM+8(%r4) + stg %r0,S390X_KMC(%r4) + stg %r0,S390X_KMC+8(%r4) + stg %r0,S390X_KMAC(%r4) + stg %r0,S390X_KMAC+8(%r4) + stg %r0,S390X_KMCTR(%r4) + stg %r0,S390X_KMCTR+8(%r4) + stg %r0,S390X_KMO(%r4) + stg %r0,S390X_KMO+8(%r4) + stg %r0,S390X_KMF(%r4) + stg %r0,S390X_KMF+8(%r4) + stg %r0,S390X_PRNO(%r4) + stg %r0,S390X_PRNO+8(%r4) + stg %r0,S390X_KMA(%r4) + stg %r0,S390X_KMA+8(%r4) + + .long 0xb2b04000 # stfle 0(%r4) + brc 8,.Ldone + lghi %r0,1 + .long 0xb2b04000 # stfle 0(%r4) + brc 8,.Ldone + lghi %r0,2 + .long 0xb2b04000 # stfle 0(%r4) +.Ldone: + lmg %r2,%r3,S390X_STFLE(%r4) + tmhl %r2,0x4000 # check for message-security-assist + jz .Lret + + lghi %r0,S390X_QUERY # query kimd capabilities + la %r1,S390X_KIMD(%r4) + .long 0xb93e0002 # kimd %r0,%r2 + + lghi %r0,S390X_QUERY # query klmd capabilities + la %r1,S390X_KLMD(%r4) + .long 0xb93f0002 # klmd %r0,%r2 + + lghi %r0,S390X_QUERY # query km capability vector + la %r1,S390X_KM(%r4) + .long 0xb92e0042 # km %r4,%r2 + + lghi %r0,S390X_QUERY # query kmc capability vector + la %r1,S390X_KMC(%r4) + .long 0xb92f0042 # kmc %r4,%r2 + + lghi %r0,S390X_QUERY # query kmac capability vector + la %r1,S390X_KMAC(%r4) + .long 0xb91e0042 # kmac %r4,%r2 + + tmhh %r3,0x0004 # check for message-security-assist-4 + jz .Lret + + lghi %r0,S390X_QUERY # query kmctr capability vector + la %r1,S390X_KMCTR(%r4) + .long 0xb92d2042 # kmctr %r4,%r2,%r2 + + lghi %r0,S390X_QUERY # query kmo capability vector + la %r1,S390X_KMO(%r4) + .long 0xb92b0042 # kmo %r4,%r2 + + lghi %r0,S390X_QUERY # query kmf capability vector + la %r1,S390X_KMF(%r4) + .long 0xb92a0042 # kmf %r4,%r2 + + tml %r2,0x40 # check for message-security-assist-5 + jz .Lret + + lghi %r0,S390X_QUERY # query prno capability vector + la %r1,S390X_PRNO(%r4) + .long 0xb93c0042 # prno %r4,%r2 + + lg %r2,S390X_STFLE+16(%r4) + tmhl %r2,0x2000 # check for message-security-assist-8 + jz .Lret + + lghi %r0,S390X_QUERY # query kma capability vector + la %r1,S390X_KMA(%r4) + .long 0xb9294022 # kma %r2,%r4,%r2 + +.Lret: + br $ra +.size OPENSSL_s390x_facilities,.-OPENSSL_s390x_facilities + +.globl OPENSSL_rdtsc +.type OPENSSL_rdtsc,\@function +.align 16 +OPENSSL_rdtsc: + larl %r4,OPENSSL_s390xcap_P + tm S390X_STFLE+3(%r4),0x40 # check for store-clock-fast facility + jz .Lstck + + .long 0xb27cf010 # stckf 16($sp) + lg %r2,16($sp) + br $ra +.Lstck: + stck 16($sp) + lg %r2,16($sp) + br $ra +.size OPENSSL_rdtsc,.-OPENSSL_rdtsc + +.globl OPENSSL_atomic_add +.type OPENSSL_atomic_add,\@function +.align 16 +OPENSSL_atomic_add: + l %r1,0(%r2) +.Lspin: lr %r0,%r1 + ar %r0,%r3 + cs %r1,%r0,0(%r2) + brc 4,.Lspin + lgfr %r2,%r0 # OpenSSL expects the new value + br $ra +.size OPENSSL_atomic_add,.-OPENSSL_atomic_add + +.globl OPENSSL_wipe_cpu +.type OPENSSL_wipe_cpu,\@function +.align 16 +OPENSSL_wipe_cpu: + xgr %r0,%r0 + xgr %r1,%r1 + lgr %r2,$sp + xgr %r3,%r3 + xgr %r4,%r4 + lzdr %f0 + lzdr %f1 + lzdr %f2 + lzdr %f3 + lzdr %f4 + lzdr %f5 + lzdr %f6 + lzdr %f7 + br $ra +.size OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu + +.globl OPENSSL_cleanse +.type OPENSSL_cleanse,\@function +.align 16 +OPENSSL_cleanse: +#if !defined(__s390x__) && !defined(__s390x) + llgfr %r3,%r3 +#endif + lghi %r4,15 + lghi %r0,0 + clgr %r3,%r4 + jh .Lot + clgr %r3,%r0 + bcr 8,%r14 +.Little: + stc %r0,0(%r2) + la %r2,1(%r2) + brctg %r3,.Little + br %r14 +.align 4 +.Lot: tmll %r2,7 + jz .Laligned + stc %r0,0(%r2) + la %r2,1(%r2) + brctg %r3,.Lot +.Laligned: + srlg %r4,%r3,3 +.Loop: stg %r0,0(%r2) + la %r2,8(%r2) + brctg %r4,.Loop + lghi %r4,7 + ngr %r3,%r4 + jnz .Little + br $ra +.size OPENSSL_cleanse,.-OPENSSL_cleanse + +.globl CRYPTO_memcmp +.type CRYPTO_memcmp,\@function +.align 16 +CRYPTO_memcmp: +#if !defined(__s390x__) && !defined(__s390x) + llgfr %r4,%r4 +#endif + lghi %r5,0 + clgr %r4,%r5 + je .Lno_data + +.Loop_cmp: + llgc %r0,0(%r2) + la %r2,1(%r2) + llgc %r1,0(%r3) + la %r3,1(%r3) + xr %r1,%r0 + or %r5,%r1 + brctg %r4,.Loop_cmp + + lnr %r5,%r5 + srl %r5,31 +.Lno_data: + lgr %r2,%r5 + br $ra +.size CRYPTO_memcmp,.-CRYPTO_memcmp + +.globl OPENSSL_instrument_bus +.type OPENSSL_instrument_bus,\@function +.align 16 +OPENSSL_instrument_bus: + lghi %r2,0 + br %r14 +.size OPENSSL_instrument_bus,.-OPENSSL_instrument_bus + +.globl OPENSSL_instrument_bus2 +.type OPENSSL_instrument_bus2,\@function +.align 16 +OPENSSL_instrument_bus2: + lghi %r2,0 + br $ra +.size OPENSSL_instrument_bus2,.-OPENSSL_instrument_bus2 + +.globl OPENSSL_vx_probe +.type OPENSSL_vx_probe,\@function +.align 16 +OPENSSL_vx_probe: + .word 0xe700,0x0000,0x0044 # vzero %v0 + br $ra +.size OPENSSL_vx_probe,.-OPENSSL_vx_probe +___ + +{ +################ +# void s390x_kimd(const unsigned char *in, size_t len, unsigned int fc, +# void *param) +my ($in,$len,$fc,$param) = map("%r$_",(2..5)); +$code.=<<___; +.globl s390x_kimd +.type s390x_kimd,\@function +.align 16 +s390x_kimd: + llgfr %r0,$fc + lgr %r1,$param + + .long 0xb93e0002 # kimd %r0,%r2 + brc 1,.-4 # pay attention to "partial completion" + + br $ra +.size s390x_kimd,.-s390x_kimd +___ +} + +{ +################ +# void s390x_klmd(const unsigned char *in, size_t inlen, unsigned char *out, +# size_t outlen, unsigned int fc, void *param) +my ($in,$inlen,$out,$outlen,$fc) = map("%r$_",(2..6)); +$code.=<<___; +.globl s390x_klmd +.type s390x_klmd,\@function +.align 32 +s390x_klmd: + llgfr %r0,$fc + l${g} %r1,$stdframe($sp) + + .long 0xb93f0042 # klmd %r4,%r2 + brc 1,.-4 # pay attention to "partial completion" + + br $ra +.size s390x_klmd,.-s390x_klmd +___ +} + +################ +# void s390x_km(const unsigned char *in, size_t len, unsigned char *out, +# unsigned int fc, void *param) +{ +my ($in,$len,$out,$fc,$param) = map("%r$_",(2..6)); +$code.=<<___; +.globl s390x_km +.type s390x_km,\@function +.align 16 +s390x_km: + lr %r0,$fc + l${g}r %r1,$param + + .long 0xb92e0042 # km $out,$in + brc 1,.-4 # pay attention to "partial completion" + + br $ra +.size s390x_km,.-s390x_km +___ +} + +################ +# void s390x_kmac(const unsigned char *in, size_t len, unsigned int fc, +# void *param) +{ +my ($in,$len,$fc,$param) = map("%r$_",(2..5)); +$code.=<<___; +.globl s390x_kmac +.type s390x_kmac,\@function +.align 16 +s390x_kmac: + lr %r0,$fc + l${g}r %r1,$param + + .long 0xb91e0002 # kmac %r0,$in + brc 1,.-4 # pay attention to "partial completion" + + br $ra +.size s390x_kmac,.-s390x_kmac +___ +} + +################ +# void s390x_kmo(const unsigned char *in, size_t len, unsigned char *out, +# unsigned int fc, void *param) +{ +my ($in,$len,$out,$fc,$param) = map("%r$_",(2..6)); +$code.=<<___; +.globl s390x_kmo +.type s390x_kmo,\@function +.align 16 +s390x_kmo: + lr %r0,$fc + l${g}r %r1,$param + + .long 0xb92b0042 # kmo $out,$in + brc 1,.-4 # pay attention to "partial completion" + + br $ra +.size s390x_kmo,.-s390x_kmo +___ +} + +################ +# void s390x_kmf(const unsigned char *in, size_t len, unsigned char *out, +# unsigned int fc, void *param) +{ +my ($in,$len,$out,$fc,$param) = map("%r$_",(2..6)); +$code.=<<___; +.globl s390x_kmf +.type s390x_kmf,\@function +.align 16 +s390x_kmf: + lr %r0,$fc + l${g}r %r1,$param + + .long 0xb92a0042 # kmf $out,$in + brc 1,.-4 # pay attention to "partial completion" + + br $ra +.size s390x_kmf,.-s390x_kmf +___ +} + +################ +# void s390x_kma(const unsigned char *aad, size_t alen, +# const unsigned char *in, size_t len, +# unsigned char *out, unsigned int fc, void *param) +{ +my ($aad,$alen,$in,$len,$out) = map("%r$_",(2..6)); +$code.=<<___; +.globl s390x_kma +.type s390x_kma,\@function +.align 16 +s390x_kma: + st${g} $out,6*$SIZE_T($sp) + lm${g} %r0,%r1,$stdframe($sp) + + .long 0xb9292064 # kma $out,$aad,$in + brc 1,.-4 # pay attention to "partial completion" + + l${g} $out,6*$SIZE_T($sp) + br $ra +.size s390x_kma,.-s390x_kma +___ +} + +$code.=<<___; +.section .init + brasl $ra,OPENSSL_cpuid_setup +___ + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +print $code; +close STDOUT; # force flush diff --git a/deps/openssl/openssl/crypto/seed/seed_locl.h b/deps/openssl/openssl/crypto/seed/seed_locl.h index d4a03fc4aa85f5..ac2950d97c2b30 100644 --- a/deps/openssl/openssl/crypto/seed/seed_locl.h +++ b/deps/openssl/openssl/crypto/seed/seed_locl.h @@ -1,5 +1,5 @@ /* - * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -45,10 +45,6 @@ typedef unsigned int seed_word; # endif -#ifdef __cplusplus -extern "C" { -#endif - # define char2word(c, i) \ (i) = ((((seed_word)(c)[0]) << 24) | (((seed_word)(c)[1]) << 16) | (((seed_word)(c)[2]) << 8) | ((seed_word)(c)[3])) @@ -113,8 +109,4 @@ extern "C" { (X1) ^= (T0); \ (X2) ^= (T1) -#ifdef __cplusplus -} -#endif - #endif /* HEADER_SEED_LOCL_H */ diff --git a/deps/openssl/openssl/crypto/sha/asm/keccak1600-armv4.pl b/deps/openssl/openssl/crypto/sha/asm/keccak1600-armv4.pl new file mode 100755 index 00000000000000..8bf665c8b38d64 --- /dev/null +++ b/deps/openssl/openssl/crypto/sha/asm/keccak1600-armv4.pl @@ -0,0 +1,1606 @@ +#!/usr/bin/env perl +# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# Keccak-1600 for ARMv4. +# +# June 2017. +# +# Non-NEON code is KECCAK_1X variant (see sha/keccak1600.c) with bit +# interleaving. How does it compare to Keccak Code Package? It's as +# fast, but several times smaller, and is endian- and ISA-neutral. ISA +# neutrality means that minimum ISA requirement is ARMv4, yet it can +# be assembled even as Thumb-2. NEON code path is KECCAK_1X_ALT with +# register layout taken from Keccak Code Package. It's also as fast, +# in fact faster by 10-15% on some processors, and endian-neutral. +# +# August 2017. +# +# Switch to KECCAK_2X variant for non-NEON code and merge almost 1/2 +# of rotate instructions with logical ones. This resulted in ~10% +# improvement on most processors. Switch to KECCAK_2X effectively +# minimizes re-loads from temporary storage, and merged rotates just +# eliminate corresponding instructions. As for latter. When examining +# code you'll notice commented ror instructions. These are eliminated +# ones, and you should trace destination register below to see what's +# going on. Just in case, why not all rotates are eliminated. Trouble +# is that you have operations that require both inputs to be rotated, +# e.g. 'eor a,b>>>x,c>>>y'. This conundrum is resolved by using +# 'eor a,b,c>>>(x-y)' and then merge-rotating 'a' in next operation +# that takes 'a' as input. And thing is that this next operation can +# be in next round. It's totally possible to "carry" rotate "factors" +# to the next round, but it makes code more complex. And the last word +# is the keyword, i.e. "almost 1/2" is kind of complexity cap [for the +# time being]... +# +# Reduce per-round instruction count in Thumb-2 case by 16%. This is +# achieved by folding ldr/str pairs to their double-word counterparts. +# Theoretically this should have improved performance on single-issue +# cores, such as Cortex-A5/A7, by 19%. Reality is a bit different, as +# usual... +# +######################################################################## +# Numbers are cycles per processed byte. Non-NEON results account even +# for input bit interleaving. +# +# r=1088(*) Thumb-2(**) NEON +# +# ARM11xx 82/+150% +# Cortex-A5 88/+160%, 86, 36 +# Cortex-A7 78/+160%, 68, 34 +# Cortex-A8 51/+230%, 57, 30 +# Cortex-A9 53/+210%, 51, 26 +# Cortex-A15 42/+160%, 38, 18 +# Snapdragon S4 43/+210%, 38, 24 +# +# (*) Corresponds to SHA3-256. Percentage after slash is improvement +# over compiler-generated KECCAK_2X reference code. +# (**) Thumb-2 results for Cortex-A5/A7 are likely to apply even to +# Cortex-Mx, x>=3. Otherwise, non-NEON results for NEON-capable +# processors are presented mostly for reference purposes. + +$flavour = shift; +if ($flavour=~/\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; } +else { while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} } + +if ($flavour && $flavour ne "void") { + $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; + ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or + ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or + die "can't locate arm-xlate.pl"; + + open STDOUT,"| \"$^X\" $xlate $flavour $output"; +} else { + open STDOUT,">$output"; +} + +my @C = map("r$_",(0..9)); +my @E = map("r$_",(10..12,14)); + +######################################################################## +# Stack layout +# ----->+-----------------------+ +# | uint64_t A[5][5] | +# | ... | +# +200->+-----------------------+ +# | uint64_t D[5] | +# | ... | +# +240->+-----------------------+ +# | uint64_t T[5][5] | +# | ... | +# +440->+-----------------------+ +# | saved lr | +# +444->+-----------------------+ +# | loop counter | +# +448->+-----------------------+ +# | ... + +my @A = map([ 8*$_, 8*($_+1), 8*($_+2), 8*($_+3), 8*($_+4) ], (0,5,10,15,20)); +my @D = map(8*$_, (25..29)); +my @T = map([ 8*$_, 8*($_+1), 8*($_+2), 8*($_+3), 8*($_+4) ], (30,35,40,45,50)); + +$code.=<<___; +#include "arm_arch.h" + +.text + +#if defined(__thumb2__) +.syntax unified +.thumb +#else +.code 32 +#endif + +.type iotas32, %object +.align 5 +iotas32: + .long 0x00000001, 0x00000000 + .long 0x00000000, 0x00000089 + .long 0x00000000, 0x8000008b + .long 0x00000000, 0x80008080 + .long 0x00000001, 0x0000008b + .long 0x00000001, 0x00008000 + .long 0x00000001, 0x80008088 + .long 0x00000001, 0x80000082 + .long 0x00000000, 0x0000000b + .long 0x00000000, 0x0000000a + .long 0x00000001, 0x00008082 + .long 0x00000000, 0x00008003 + .long 0x00000001, 0x0000808b + .long 0x00000001, 0x8000000b + .long 0x00000001, 0x8000008a + .long 0x00000001, 0x80000081 + .long 0x00000000, 0x80000081 + .long 0x00000000, 0x80000008 + .long 0x00000000, 0x00000083 + .long 0x00000000, 0x80008003 + .long 0x00000001, 0x80008088 + .long 0x00000000, 0x80000088 + .long 0x00000001, 0x00008000 + .long 0x00000000, 0x80008082 +.size iotas32,.-iotas32 + +.type KeccakF1600_int, %function +.align 5 +KeccakF1600_int: + add @C[9],sp,#$A[4][2] + add @E[2],sp,#$A[0][0] + add @E[0],sp,#$A[1][0] + ldmia @C[9],{@C[4]-@C[9]} @ A[4][2..4] +KeccakF1600_enter: + str lr,[sp,#440] + eor @E[1],@E[1],@E[1] + str @E[1],[sp,#444] + b .Lround2x + +.align 4 +.Lround2x: +___ +sub Round { +my (@A,@R); (@A[0..4],@R) = @_; + +$code.=<<___; + ldmia @E[2],{@C[0]-@C[3]} @ A[0][0..1] + ldmia @E[0],{@E[0]-@E[2],@E[3]} @ A[1][0..1] +#ifdef __thumb2__ + eor @C[0],@C[0],@E[0] + eor @C[1],@C[1],@E[1] + eor @C[2],@C[2],@E[2] + ldrd @E[0],@E[1],[sp,#$A[1][2]] + eor @C[3],@C[3],@E[3] + ldrd @E[2],@E[3],[sp,#$A[1][3]] + eor @C[4],@C[4],@E[0] + eor @C[5],@C[5],@E[1] + eor @C[6],@C[6],@E[2] + ldrd @E[0],@E[1],[sp,#$A[1][4]] + eor @C[7],@C[7],@E[3] + ldrd @E[2],@E[3],[sp,#$A[2][0]] + eor @C[8],@C[8],@E[0] + eor @C[9],@C[9],@E[1] + eor @C[0],@C[0],@E[2] + ldrd @E[0],@E[1],[sp,#$A[2][1]] + eor @C[1],@C[1],@E[3] + ldrd @E[2],@E[3],[sp,#$A[2][2]] + eor @C[2],@C[2],@E[0] + eor @C[3],@C[3],@E[1] + eor @C[4],@C[4],@E[2] + ldrd @E[0],@E[1],[sp,#$A[2][3]] + eor @C[5],@C[5],@E[3] + ldrd @E[2],@E[3],[sp,#$A[2][4]] + eor @C[6],@C[6],@E[0] + eor @C[7],@C[7],@E[1] + eor @C[8],@C[8],@E[2] + ldrd @E[0],@E[1],[sp,#$A[3][0]] + eor @C[9],@C[9],@E[3] + ldrd @E[2],@E[3],[sp,#$A[3][1]] + eor @C[0],@C[0],@E[0] + eor @C[1],@C[1],@E[1] + eor @C[2],@C[2],@E[2] + ldrd @E[0],@E[1],[sp,#$A[3][2]] + eor @C[3],@C[3],@E[3] + ldrd @E[2],@E[3],[sp,#$A[3][3]] + eor @C[4],@C[4],@E[0] + eor @C[5],@C[5],@E[1] + eor @C[6],@C[6],@E[2] + ldrd @E[0],@E[1],[sp,#$A[3][4]] + eor @C[7],@C[7],@E[3] + ldrd @E[2],@E[3],[sp,#$A[4][0]] + eor @C[8],@C[8],@E[0] + eor @C[9],@C[9],@E[1] + eor @C[0],@C[0],@E[2] + ldrd @E[0],@E[1],[sp,#$A[4][1]] + eor @C[1],@C[1],@E[3] + ldrd @E[2],@E[3],[sp,#$A[0][2]] + eor @C[2],@C[2],@E[0] + eor @C[3],@C[3],@E[1] + eor @C[4],@C[4],@E[2] + ldrd @E[0],@E[1],[sp,#$A[0][3]] + eor @C[5],@C[5],@E[3] + ldrd @E[2],@E[3],[sp,#$A[0][4]] +#else + eor @C[0],@C[0],@E[0] + add @E[0],sp,#$A[1][2] + eor @C[1],@C[1],@E[1] + eor @C[2],@C[2],@E[2] + eor @C[3],@C[3],@E[3] + ldmia @E[0],{@E[0]-@E[2],@E[3]} @ A[1][2..3] + eor @C[4],@C[4],@E[0] + add @E[0],sp,#$A[1][4] + eor @C[5],@C[5],@E[1] + eor @C[6],@C[6],@E[2] + eor @C[7],@C[7],@E[3] + ldmia @E[0],{@E[0]-@E[2],@E[3]} @ A[1][4]..A[2][0] + eor @C[8],@C[8],@E[0] + add @E[0],sp,#$A[2][1] + eor @C[9],@C[9],@E[1] + eor @C[0],@C[0],@E[2] + eor @C[1],@C[1],@E[3] + ldmia @E[0],{@E[0]-@E[2],@E[3]} @ A[2][1..2] + eor @C[2],@C[2],@E[0] + add @E[0],sp,#$A[2][3] + eor @C[3],@C[3],@E[1] + eor @C[4],@C[4],@E[2] + eor @C[5],@C[5],@E[3] + ldmia @E[0],{@E[0]-@E[2],@E[3]} @ A[2][3..4] + eor @C[6],@C[6],@E[0] + add @E[0],sp,#$A[3][0] + eor @C[7],@C[7],@E[1] + eor @C[8],@C[8],@E[2] + eor @C[9],@C[9],@E[3] + ldmia @E[0],{@E[0]-@E[2],@E[3]} @ A[3][0..1] + eor @C[0],@C[0],@E[0] + add @E[0],sp,#$A[3][2] + eor @C[1],@C[1],@E[1] + eor @C[2],@C[2],@E[2] + eor @C[3],@C[3],@E[3] + ldmia @E[0],{@E[0]-@E[2],@E[3]} @ A[3][2..3] + eor @C[4],@C[4],@E[0] + add @E[0],sp,#$A[3][4] + eor @C[5],@C[5],@E[1] + eor @C[6],@C[6],@E[2] + eor @C[7],@C[7],@E[3] + ldmia @E[0],{@E[0]-@E[2],@E[3]} @ A[3][4]..A[4][0] + eor @C[8],@C[8],@E[0] + ldr @E[0],[sp,#$A[4][1]] @ A[4][1] + eor @C[9],@C[9],@E[1] + ldr @E[1],[sp,#$A[4][1]+4] + eor @C[0],@C[0],@E[2] + ldr @E[2],[sp,#$A[0][2]] @ A[0][2] + eor @C[1],@C[1],@E[3] + ldr @E[3],[sp,#$A[0][2]+4] + eor @C[2],@C[2],@E[0] + add @E[0],sp,#$A[0][3] + eor @C[3],@C[3],@E[1] + eor @C[4],@C[4],@E[2] + eor @C[5],@C[5],@E[3] + ldmia @E[0],{@E[0]-@E[2],@E[3]} @ A[0][3..4] +#endif + eor @C[6],@C[6],@E[0] + eor @C[7],@C[7],@E[1] + eor @C[8],@C[8],@E[2] + eor @C[9],@C[9],@E[3] + + eor @E[0],@C[0],@C[5],ror#32-1 @ E[0] = ROL64(C[2], 1) ^ C[0]; + str.l @E[0],[sp,#$D[1]] @ D[1] = E[0] + eor @E[1],@C[1],@C[4] + str.h @E[1],[sp,#$D[1]+4] + eor @E[2],@C[6],@C[1],ror#32-1 @ E[1] = ROL64(C[0], 1) ^ C[3]; + eor @E[3],@C[7],@C[0] + str.l @E[2],[sp,#$D[4]] @ D[4] = E[1] + eor @C[0],@C[8],@C[3],ror#32-1 @ C[0] = ROL64(C[1], 1) ^ C[4]; + str.h @E[3],[sp,#$D[4]+4] + eor @C[1],@C[9],@C[2] + str.l @C[0],[sp,#$D[0]] @ D[0] = C[0] + eor @C[2],@C[2],@C[7],ror#32-1 @ C[1] = ROL64(C[3], 1) ^ C[1]; + ldr.l @C[7],[sp,#$A[3][3]] + eor @C[3],@C[3],@C[6] + str.h @C[1],[sp,#$D[0]+4] + ldr.h @C[6],[sp,#$A[3][3]+4] + str.l @C[2],[sp,#$D[2]] @ D[2] = C[1] + eor @C[4],@C[4],@C[9],ror#32-1 @ C[2] = ROL64(C[4], 1) ^ C[2]; + str.h @C[3],[sp,#$D[2]+4] + eor @C[5],@C[5],@C[8] + + ldr.l @C[8],[sp,#$A[4][4]] + ldr.h @C[9],[sp,#$A[4][4]+4] + str.l @C[4],[sp,#$D[3]] @ D[3] = C[2] + eor @C[7],@C[7],@C[4] + str.h @C[5],[sp,#$D[3]+4] + eor @C[6],@C[6],@C[5] + ldr.l @C[4],[sp,#$A[0][0]] + @ ror @C[7],@C[7],#32-10 @ C[3] = ROL64(A[3][3] ^ C[2], rhotates[3][3]); /* D[3] */ + @ ror @C[6],@C[6],#32-11 + ldr.h @C[5],[sp,#$A[0][0]+4] + eor @C[8],@C[8],@E[2] + eor @C[9],@C[9],@E[3] + ldr.l @E[2],[sp,#$A[2][2]] + eor @C[0],@C[0],@C[4] + ldr.h @E[3],[sp,#$A[2][2]+4] + @ ror @C[8],@C[8],#32-7 @ C[4] = ROL64(A[4][4] ^ E[1], rhotates[4][4]); /* D[4] */ + @ ror @C[9],@C[9],#32-7 + eor @C[1],@C[1],@C[5] @ C[0] = A[0][0] ^ C[0]; /* rotate by 0 */ /* D[0] */ + eor @E[2],@E[2],@C[2] + ldr.l @C[2],[sp,#$A[1][1]] + eor @E[3],@E[3],@C[3] + ldr.h @C[3],[sp,#$A[1][1]+4] + ror @C[5],@E[2],#32-21 @ C[2] = ROL64(A[2][2] ^ C[1], rhotates[2][2]); /* D[2] */ + ldr @E[2],[sp,#444] @ load counter + eor @C[2],@C[2],@E[0] + adr @E[0],iotas32 + ror @C[4],@E[3],#32-22 + add @E[3],@E[0],@E[2] + eor @C[3],@C[3],@E[1] +___ +$code.=<<___ if ($A[0][0] != $T[0][0]); + ldmia @E[3],{@E[0],@E[1]} @ iotas[i] +___ +$code.=<<___ if ($A[0][0] == $T[0][0]); + ldr.l @E[0],[@E[3],#8] @ iotas[i].lo + add @E[2],@E[2],#16 + ldr.h @E[1],[@E[3],#12] @ iotas[i].hi + cmp @E[2],#192 + str @E[2],[sp,#444] @ store counter +___ +$code.=<<___; + bic @E[2],@C[4],@C[2],ror#32-22 + bic @E[3],@C[5],@C[3],ror#32-22 + ror @C[2],@C[2],#32-22 @ C[1] = ROL64(A[1][1] ^ E[0], rhotates[1][1]); /* D[1] */ + ror @C[3],@C[3],#32-22 + eor @E[2],@E[2],@C[0] + eor @E[3],@E[3],@C[1] + eor @E[0],@E[0],@E[2] + eor @E[1],@E[1],@E[3] + str.l @E[0],[sp,#$R[0][0]] @ R[0][0] = C[0] ^ (~C[1] & C[2]) ^ iotas[i]; + bic @E[2],@C[6],@C[4],ror#11 + str.h @E[1],[sp,#$R[0][0]+4] + bic @E[3],@C[7],@C[5],ror#10 + bic @E[0],@C[8],@C[6],ror#32-(11-7) + bic @E[1],@C[9],@C[7],ror#32-(10-7) + eor @E[2],@C[2],@E[2],ror#32-11 + str.l @E[2],[sp,#$R[0][1]] @ R[0][1] = C[1] ^ (~C[2] & C[3]); + eor @E[3],@C[3],@E[3],ror#32-10 + str.h @E[3],[sp,#$R[0][1]+4] + eor @E[0],@C[4],@E[0],ror#32-7 + eor @E[1],@C[5],@E[1],ror#32-7 + str.l @E[0],[sp,#$R[0][2]] @ R[0][2] = C[2] ^ (~C[3] & C[4]); + bic @E[2],@C[0],@C[8],ror#32-7 + str.h @E[1],[sp,#$R[0][2]+4] + bic @E[3],@C[1],@C[9],ror#32-7 + eor @E[2],@E[2],@C[6],ror#32-11 + str.l @E[2],[sp,#$R[0][3]] @ R[0][3] = C[3] ^ (~C[4] & C[0]); + eor @E[3],@E[3],@C[7],ror#32-10 + str.h @E[3],[sp,#$R[0][3]+4] + bic @E[0],@C[2],@C[0] + add @E[3],sp,#$D[3] + ldr.l @C[0],[sp,#$A[0][3]] @ A[0][3] + bic @E[1],@C[3],@C[1] + ldr.h @C[1],[sp,#$A[0][3]+4] + eor @E[0],@E[0],@C[8],ror#32-7 + eor @E[1],@E[1],@C[9],ror#32-7 + str.l @E[0],[sp,#$R[0][4]] @ R[0][4] = C[4] ^ (~C[0] & C[1]); + add @C[9],sp,#$D[0] + str.h @E[1],[sp,#$R[0][4]+4] + + ldmia @E[3],{@E[0]-@E[2],@E[3]} @ D[3..4] + ldmia @C[9],{@C[6]-@C[9]} @ D[0..1] + + ldr.l @C[2],[sp,#$A[1][4]] @ A[1][4] + eor @C[0],@C[0],@E[0] + ldr.h @C[3],[sp,#$A[1][4]+4] + eor @C[1],@C[1],@E[1] + @ ror @C[0],@C[0],#32-14 @ C[0] = ROL64(A[0][3] ^ D[3], rhotates[0][3]); + ldr.l @E[0],[sp,#$A[3][1]] @ A[3][1] + @ ror @C[1],@C[1],#32-14 + ldr.h @E[1],[sp,#$A[3][1]+4] + + eor @C[2],@C[2],@E[2] + ldr.l @C[4],[sp,#$A[2][0]] @ A[2][0] + eor @C[3],@C[3],@E[3] + ldr.h @C[5],[sp,#$A[2][0]+4] + @ ror @C[2],@C[2],#32-10 @ C[1] = ROL64(A[1][4] ^ D[4], rhotates[1][4]); + @ ror @C[3],@C[3],#32-10 + + eor @C[6],@C[6],@C[4] + ldr.l @E[2],[sp,#$D[2]] @ D[2] + eor @C[7],@C[7],@C[5] + ldr.h @E[3],[sp,#$D[2]+4] + ror @C[5],@C[6],#32-1 @ C[2] = ROL64(A[2][0] ^ D[0], rhotates[2][0]); + ror @C[4],@C[7],#32-2 + + eor @E[0],@E[0],@C[8] + ldr.l @C[8],[sp,#$A[4][2]] @ A[4][2] + eor @E[1],@E[1],@C[9] + ldr.h @C[9],[sp,#$A[4][2]+4] + ror @C[7],@E[0],#32-22 @ C[3] = ROL64(A[3][1] ^ D[1], rhotates[3][1]); + ror @C[6],@E[1],#32-23 + + bic @E[0],@C[4],@C[2],ror#32-10 + bic @E[1],@C[5],@C[3],ror#32-10 + eor @E[2],@E[2],@C[8] + eor @E[3],@E[3],@C[9] + ror @C[9],@E[2],#32-30 @ C[4] = ROL64(A[4][2] ^ D[2], rhotates[4][2]); + ror @C[8],@E[3],#32-31 + eor @E[0],@E[0],@C[0],ror#32-14 + eor @E[1],@E[1],@C[1],ror#32-14 + str.l @E[0],[sp,#$R[1][0]] @ R[1][0] = C[0] ^ (~C[1] & C[2]) + bic @E[2],@C[6],@C[4] + str.h @E[1],[sp,#$R[1][0]+4] + bic @E[3],@C[7],@C[5] + eor @E[2],@E[2],@C[2],ror#32-10 + str.l @E[2],[sp,#$R[1][1]] @ R[1][1] = C[1] ^ (~C[2] & C[3]); + eor @E[3],@E[3],@C[3],ror#32-10 + str.h @E[3],[sp,#$R[1][1]+4] + bic @E[0],@C[8],@C[6] + bic @E[1],@C[9],@C[7] + bic @E[2],@C[0],@C[8],ror#14 + bic @E[3],@C[1],@C[9],ror#14 + eor @E[0],@E[0],@C[4] + eor @E[1],@E[1],@C[5] + str.l @E[0],[sp,#$R[1][2]] @ R[1][2] = C[2] ^ (~C[3] & C[4]); + bic @C[2],@C[2],@C[0],ror#32-(14-10) + str.h @E[1],[sp,#$R[1][2]+4] + eor @E[2],@C[6],@E[2],ror#32-14 + bic @E[1],@C[3],@C[1],ror#32-(14-10) + str.l @E[2],[sp,#$R[1][3]] @ R[1][3] = C[3] ^ (~C[4] & C[0]); + eor @E[3],@C[7],@E[3],ror#32-14 + str.h @E[3],[sp,#$R[1][3]+4] + add @E[2],sp,#$D[1] + ldr.l @C[1],[sp,#$A[0][1]] @ A[0][1] + eor @E[0],@C[8],@C[2],ror#32-10 + ldr.h @C[0],[sp,#$A[0][1]+4] + eor @E[1],@C[9],@E[1],ror#32-10 + str.l @E[0],[sp,#$R[1][4]] @ R[1][4] = C[4] ^ (~C[0] & C[1]); + str.h @E[1],[sp,#$R[1][4]+4] + + add @C[9],sp,#$D[3] + ldmia @E[2],{@E[0]-@E[2],@E[3]} @ D[1..2] + ldr.l @C[2],[sp,#$A[1][2]] @ A[1][2] + ldr.h @C[3],[sp,#$A[1][2]+4] + ldmia @C[9],{@C[6]-@C[9]} @ D[3..4] + + eor @C[1],@C[1],@E[0] + ldr.l @C[4],[sp,#$A[2][3]] @ A[2][3] + eor @C[0],@C[0],@E[1] + ldr.h @C[5],[sp,#$A[2][3]+4] + ror @C[0],@C[0],#32-1 @ C[0] = ROL64(A[0][1] ^ D[1], rhotates[0][1]); + + eor @C[2],@C[2],@E[2] + ldr.l @E[0],[sp,#$A[3][4]] @ A[3][4] + eor @C[3],@C[3],@E[3] + ldr.h @E[1],[sp,#$A[3][4]+4] + @ ror @C[2],@C[2],#32-3 @ C[1] = ROL64(A[1][2] ^ D[2], rhotates[1][2]); + ldr.l @E[2],[sp,#$D[0]] @ D[0] + @ ror @C[3],@C[3],#32-3 + ldr.h @E[3],[sp,#$D[0]+4] + + eor @C[4],@C[4],@C[6] + eor @C[5],@C[5],@C[7] + @ ror @C[5],@C[6],#32-12 @ C[2] = ROL64(A[2][3] ^ D[3], rhotates[2][3]); + @ ror @C[4],@C[7],#32-13 @ [track reverse order below] + + eor @E[0],@E[0],@C[8] + ldr.l @C[8],[sp,#$A[4][0]] @ A[4][0] + eor @E[1],@E[1],@C[9] + ldr.h @C[9],[sp,#$A[4][0]+4] + ror @C[6],@E[0],#32-4 @ C[3] = ROL64(A[3][4] ^ D[4], rhotates[3][4]); + ror @C[7],@E[1],#32-4 + + eor @E[2],@E[2],@C[8] + eor @E[3],@E[3],@C[9] + ror @C[8],@E[2],#32-9 @ C[4] = ROL64(A[4][0] ^ D[0], rhotates[4][0]); + ror @C[9],@E[3],#32-9 + + bic @E[0],@C[5],@C[2],ror#13-3 + bic @E[1],@C[4],@C[3],ror#12-3 + bic @E[2],@C[6],@C[5],ror#32-13 + bic @E[3],@C[7],@C[4],ror#32-12 + eor @E[0],@C[0],@E[0],ror#32-13 + eor @E[1],@C[1],@E[1],ror#32-12 + str.l @E[0],[sp,#$R[2][0]] @ R[2][0] = C[0] ^ (~C[1] & C[2]) + eor @E[2],@E[2],@C[2],ror#32-3 + str.h @E[1],[sp,#$R[2][0]+4] + eor @E[3],@E[3],@C[3],ror#32-3 + str.l @E[2],[sp,#$R[2][1]] @ R[2][1] = C[1] ^ (~C[2] & C[3]); + bic @E[0],@C[8],@C[6] + bic @E[1],@C[9],@C[7] + str.h @E[3],[sp,#$R[2][1]+4] + eor @E[0],@E[0],@C[5],ror#32-13 + eor @E[1],@E[1],@C[4],ror#32-12 + str.l @E[0],[sp,#$R[2][2]] @ R[2][2] = C[2] ^ (~C[3] & C[4]); + bic @E[2],@C[0],@C[8] + str.h @E[1],[sp,#$R[2][2]+4] + bic @E[3],@C[1],@C[9] + eor @E[2],@E[2],@C[6] + eor @E[3],@E[3],@C[7] + str.l @E[2],[sp,#$R[2][3]] @ R[2][3] = C[3] ^ (~C[4] & C[0]); + bic @E[0],@C[2],@C[0],ror#3 + str.h @E[3],[sp,#$R[2][3]+4] + bic @E[1],@C[3],@C[1],ror#3 + ldr.l @C[1],[sp,#$A[0][4]] @ A[0][4] [in reverse order] + eor @E[0],@C[8],@E[0],ror#32-3 + ldr.h @C[0],[sp,#$A[0][4]+4] + eor @E[1],@C[9],@E[1],ror#32-3 + str.l @E[0],[sp,#$R[2][4]] @ R[2][4] = C[4] ^ (~C[0] & C[1]); + add @C[9],sp,#$D[1] + str.h @E[1],[sp,#$R[2][4]+4] + + ldr.l @E[0],[sp,#$D[4]] @ D[4] + ldr.h @E[1],[sp,#$D[4]+4] + ldr.l @E[2],[sp,#$D[0]] @ D[0] + ldr.h @E[3],[sp,#$D[0]+4] + + ldmia @C[9],{@C[6]-@C[9]} @ D[1..2] + + eor @C[1],@C[1],@E[0] + ldr.l @C[2],[sp,#$A[1][0]] @ A[1][0] + eor @C[0],@C[0],@E[1] + ldr.h @C[3],[sp,#$A[1][0]+4] + @ ror @C[1],@E[0],#32-13 @ C[0] = ROL64(A[0][4] ^ D[4], rhotates[0][4]); + ldr.l @C[4],[sp,#$A[2][1]] @ A[2][1] + @ ror @C[0],@E[1],#32-14 @ [was loaded in reverse order] + ldr.h @C[5],[sp,#$A[2][1]+4] + + eor @C[2],@C[2],@E[2] + ldr.l @E[0],[sp,#$A[3][2]] @ A[3][2] + eor @C[3],@C[3],@E[3] + ldr.h @E[1],[sp,#$A[3][2]+4] + @ ror @C[2],@C[2],#32-18 @ C[1] = ROL64(A[1][0] ^ D[0], rhotates[1][0]); + ldr.l @E[2],[sp,#$D[3]] @ D[3] + @ ror @C[3],@C[3],#32-18 + ldr.h @E[3],[sp,#$D[3]+4] + + eor @C[6],@C[6],@C[4] + eor @C[7],@C[7],@C[5] + ror @C[4],@C[6],#32-5 @ C[2] = ROL64(A[2][1] ^ D[1], rhotates[2][1]); + ror @C[5],@C[7],#32-5 + + eor @E[0],@E[0],@C[8] + ldr.l @C[8],[sp,#$A[4][3]] @ A[4][3] + eor @E[1],@E[1],@C[9] + ldr.h @C[9],[sp,#$A[4][3]+4] + ror @C[7],@E[0],#32-7 @ C[3] = ROL64(A[3][2] ^ D[2], rhotates[3][2]); + ror @C[6],@E[1],#32-8 + + eor @E[2],@E[2],@C[8] + eor @E[3],@E[3],@C[9] + ror @C[8],@E[2],#32-28 @ C[4] = ROL64(A[4][3] ^ D[3], rhotates[4][3]); + ror @C[9],@E[3],#32-28 + + bic @E[0],@C[4],@C[2],ror#32-18 + bic @E[1],@C[5],@C[3],ror#32-18 + eor @E[0],@E[0],@C[0],ror#32-14 + eor @E[1],@E[1],@C[1],ror#32-13 + str.l @E[0],[sp,#$R[3][0]] @ R[3][0] = C[0] ^ (~C[1] & C[2]) + bic @E[2],@C[6],@C[4] + str.h @E[1],[sp,#$R[3][0]+4] + bic @E[3],@C[7],@C[5] + eor @E[2],@E[2],@C[2],ror#32-18 + str.l @E[2],[sp,#$R[3][1]] @ R[3][1] = C[1] ^ (~C[2] & C[3]); + eor @E[3],@E[3],@C[3],ror#32-18 + str.h @E[3],[sp,#$R[3][1]+4] + bic @E[0],@C[8],@C[6] + bic @E[1],@C[9],@C[7] + bic @E[2],@C[0],@C[8],ror#14 + bic @E[3],@C[1],@C[9],ror#13 + eor @E[0],@E[0],@C[4] + eor @E[1],@E[1],@C[5] + str.l @E[0],[sp,#$R[3][2]] @ R[3][2] = C[2] ^ (~C[3] & C[4]); + bic @C[2],@C[2],@C[0],ror#18-14 + str.h @E[1],[sp,#$R[3][2]+4] + eor @E[2],@C[6],@E[2],ror#32-14 + bic @E[1],@C[3],@C[1],ror#18-13 + eor @E[3],@C[7],@E[3],ror#32-13 + str.l @E[2],[sp,#$R[3][3]] @ R[3][3] = C[3] ^ (~C[4] & C[0]); + str.h @E[3],[sp,#$R[3][3]+4] + add @E[3],sp,#$D[2] + ldr.l @C[0],[sp,#$A[0][2]] @ A[0][2] + eor @E[0],@C[8],@C[2],ror#32-18 + ldr.h @C[1],[sp,#$A[0][2]+4] + eor @E[1],@C[9],@E[1],ror#32-18 + str.l @E[0],[sp,#$R[3][4]] @ R[3][4] = C[4] ^ (~C[0] & C[1]); + str.h @E[1],[sp,#$R[3][4]+4] + + ldmia @E[3],{@E[0]-@E[2],@E[3]} @ D[2..3] + ldr.l @C[2],[sp,#$A[1][3]] @ A[1][3] + ldr.h @C[3],[sp,#$A[1][3]+4] + ldr.l @C[6],[sp,#$D[4]] @ D[4] + ldr.h @C[7],[sp,#$D[4]+4] + + eor @C[0],@C[0],@E[0] + ldr.l @C[4],[sp,#$A[2][4]] @ A[2][4] + eor @C[1],@C[1],@E[1] + ldr.h @C[5],[sp,#$A[2][4]+4] + @ ror @C[0],@C[0],#32-31 @ C[0] = ROL64(A[0][2] ^ D[2], rhotates[0][2]); + ldr.l @C[8],[sp,#$D[0]] @ D[0] + @ ror @C[1],@C[1],#32-31 + ldr.h @C[9],[sp,#$D[0]+4] + + eor @E[2],@E[2],@C[2] + ldr.l @E[0],[sp,#$A[3][0]] @ A[3][0] + eor @E[3],@E[3],@C[3] + ldr.h @E[1],[sp,#$A[3][0]+4] + ror @C[3],@E[2],#32-27 @ C[1] = ROL64(A[1][3] ^ D[3], rhotates[1][3]); + ldr.l @E[2],[sp,#$D[1]] @ D[1] + ror @C[2],@E[3],#32-28 + ldr.h @E[3],[sp,#$D[1]+4] + + eor @C[6],@C[6],@C[4] + eor @C[7],@C[7],@C[5] + ror @C[5],@C[6],#32-19 @ C[2] = ROL64(A[2][4] ^ D[4], rhotates[2][4]); + ror @C[4],@C[7],#32-20 + + eor @E[0],@E[0],@C[8] + ldr.l @C[8],[sp,#$A[4][1]] @ A[4][1] + eor @E[1],@E[1],@C[9] + ldr.h @C[9],[sp,#$A[4][1]+4] + ror @C[7],@E[0],#32-20 @ C[3] = ROL64(A[3][0] ^ D[0], rhotates[3][0]); + ror @C[6],@E[1],#32-21 + + eor @C[8],@C[8],@E[2] + eor @C[9],@C[9],@E[3] + @ ror @C[8],@C[2],#32-1 @ C[4] = ROL64(A[4][1] ^ D[1], rhotates[4][1]); + @ ror @C[9],@C[3],#32-1 + + bic @E[0],@C[4],@C[2] + bic @E[1],@C[5],@C[3] + eor @E[0],@E[0],@C[0],ror#32-31 + str.l @E[0],[sp,#$R[4][0]] @ R[4][0] = C[0] ^ (~C[1] & C[2]) + eor @E[1],@E[1],@C[1],ror#32-31 + str.h @E[1],[sp,#$R[4][0]+4] + bic @E[2],@C[6],@C[4] + bic @E[3],@C[7],@C[5] + eor @E[2],@E[2],@C[2] + eor @E[3],@E[3],@C[3] + str.l @E[2],[sp,#$R[4][1]] @ R[4][1] = C[1] ^ (~C[2] & C[3]); + bic @E[0],@C[8],@C[6],ror#1 + str.h @E[3],[sp,#$R[4][1]+4] + bic @E[1],@C[9],@C[7],ror#1 + bic @E[2],@C[0],@C[8],ror#31-1 + bic @E[3],@C[1],@C[9],ror#31-1 + eor @C[4],@C[4],@E[0],ror#32-1 + str.l @C[4],[sp,#$R[4][2]] @ R[4][2] = C[2] ^= (~C[3] & C[4]); + eor @C[5],@C[5],@E[1],ror#32-1 + str.h @C[5],[sp,#$R[4][2]+4] + eor @C[6],@C[6],@E[2],ror#32-31 + eor @C[7],@C[7],@E[3],ror#32-31 + str.l @C[6],[sp,#$R[4][3]] @ R[4][3] = C[3] ^= (~C[4] & C[0]); + bic @E[0],@C[2],@C[0],ror#32-31 + str.h @C[7],[sp,#$R[4][3]+4] + bic @E[1],@C[3],@C[1],ror#32-31 + add @E[2],sp,#$R[0][0] + eor @C[8],@E[0],@C[8],ror#32-1 + add @E[0],sp,#$R[1][0] + eor @C[9],@E[1],@C[9],ror#32-1 + str.l @C[8],[sp,#$R[4][4]] @ R[4][4] = C[4] ^= (~C[0] & C[1]); + str.h @C[9],[sp,#$R[4][4]+4] +___ +} + Round(@A,@T); + Round(@T,@A); +$code.=<<___; + blo .Lround2x + + ldr pc,[sp,#440] +.size KeccakF1600_int,.-KeccakF1600_int + +.type KeccakF1600, %function +.align 5 +KeccakF1600: + stmdb sp!,{r0,r4-r11,lr} + sub sp,sp,#440+16 @ space for A[5][5],D[5],T[5][5],... + + add @E[0],r0,#$A[1][0] + add @E[1],sp,#$A[1][0] + ldmia r0, {@C[0]-@C[9]} @ copy A[5][5] to stack + stmia sp, {@C[0]-@C[9]} + ldmia @E[0]!,{@C[0]-@C[9]} + stmia @E[1]!,{@C[0]-@C[9]} + ldmia @E[0]!,{@C[0]-@C[9]} + stmia @E[1]!,{@C[0]-@C[9]} + ldmia @E[0]!,{@C[0]-@C[9]} + stmia @E[1]!,{@C[0]-@C[9]} + ldmia @E[0], {@C[0]-@C[9]} + add @E[2],sp,#$A[0][0] + add @E[0],sp,#$A[1][0] + stmia @E[1], {@C[0]-@C[9]} + + bl KeccakF1600_enter + + ldr @E[1], [sp,#440+16] @ restore pointer to A + ldmia sp, {@C[0]-@C[9]} + stmia @E[1]!,{@C[0]-@C[9]} @ return A[5][5] + ldmia @E[0]!,{@C[0]-@C[9]} + stmia @E[1]!,{@C[0]-@C[9]} + ldmia @E[0]!,{@C[0]-@C[9]} + stmia @E[1]!,{@C[0]-@C[9]} + ldmia @E[0]!,{@C[0]-@C[9]} + stmia @E[1]!,{@C[0]-@C[9]} + ldmia @E[0], {@C[0]-@C[9]} + stmia @E[1], {@C[0]-@C[9]} + + add sp,sp,#440+20 + ldmia sp!,{r4-r11,pc} +.size KeccakF1600,.-KeccakF1600 +___ +{ my ($A_flat,$inp,$len,$bsz) = map("r$_",(10..12,14)); + +######################################################################## +# Stack layout +# ----->+-----------------------+ +# | uint64_t A[5][5] | +# | ... | +# | ... | +# +456->+-----------------------+ +# | 0x55555555 | +# +460->+-----------------------+ +# | 0x33333333 | +# +464->+-----------------------+ +# | 0x0f0f0f0f | +# +468->+-----------------------+ +# | 0x00ff00ff | +# +472->+-----------------------+ +# | uint64_t *A | +# +476->+-----------------------+ +# | const void *inp | +# +480->+-----------------------+ +# | size_t len | +# +484->+-----------------------+ +# | size_t bs | +# +488->+-----------------------+ +# | .... + +$code.=<<___; +.global SHA3_absorb +.type SHA3_absorb,%function +.align 5 +SHA3_absorb: + stmdb sp!,{r0-r12,lr} + sub sp,sp,#456+16 + + add $A_flat,r0,#$A[1][0] + @ mov $inp,r1 + mov $len,r2 + mov $bsz,r3 + cmp r2,r3 + blo .Labsorb_abort + + add $inp,sp,#0 + ldmia r0, {@C[0]-@C[9]} @ copy A[5][5] to stack + stmia $inp!, {@C[0]-@C[9]} + ldmia $A_flat!,{@C[0]-@C[9]} + stmia $inp!, {@C[0]-@C[9]} + ldmia $A_flat!,{@C[0]-@C[9]} + stmia $inp!, {@C[0]-@C[9]} + ldmia $A_flat!,{@C[0]-@C[9]} + stmia $inp!, {@C[0]-@C[9]} + ldmia $A_flat!,{@C[0]-@C[9]} + stmia $inp, {@C[0]-@C[9]} + + ldr $inp,[sp,#476] @ restore $inp +#ifdef __thumb2__ + mov r9,#0x00ff00ff + mov r8,#0x0f0f0f0f + mov r7,#0x33333333 + mov r6,#0x55555555 +#else + mov r6,#0x11 @ compose constants + mov r8,#0x0f + mov r9,#0xff + orr r6,r6,r6,lsl#8 + orr r8,r8,r8,lsl#8 + orr r6,r6,r6,lsl#16 @ 0x11111111 + orr r9,r9,r9,lsl#16 @ 0x00ff00ff + orr r8,r8,r8,lsl#16 @ 0x0f0f0f0f + orr r7,r6,r6,lsl#1 @ 0x33333333 + orr r6,r6,r6,lsl#2 @ 0x55555555 +#endif + str r9,[sp,#468] + str r8,[sp,#464] + str r7,[sp,#460] + str r6,[sp,#456] + b .Loop_absorb + +.align 4 +.Loop_absorb: + subs r0,$len,$bsz + blo .Labsorbed + add $A_flat,sp,#0 + str r0,[sp,#480] @ save len - bsz + +.align 4 +.Loop_block: + ldrb r0,[$inp],#1 + ldrb r1,[$inp],#1 + ldrb r2,[$inp],#1 + ldrb r3,[$inp],#1 + ldrb r4,[$inp],#1 + orr r0,r0,r1,lsl#8 + ldrb r1,[$inp],#1 + orr r0,r0,r2,lsl#16 + ldrb r2,[$inp],#1 + orr r0,r0,r3,lsl#24 @ lo + ldrb r3,[$inp],#1 + orr r1,r4,r1,lsl#8 + orr r1,r1,r2,lsl#16 + orr r1,r1,r3,lsl#24 @ hi + + and r2,r0,r6 @ &=0x55555555 + and r0,r0,r6,lsl#1 @ &=0xaaaaaaaa + and r3,r1,r6 @ &=0x55555555 + and r1,r1,r6,lsl#1 @ &=0xaaaaaaaa + orr r2,r2,r2,lsr#1 + orr r0,r0,r0,lsl#1 + orr r3,r3,r3,lsr#1 + orr r1,r1,r1,lsl#1 + and r2,r2,r7 @ &=0x33333333 + and r0,r0,r7,lsl#2 @ &=0xcccccccc + and r3,r3,r7 @ &=0x33333333 + and r1,r1,r7,lsl#2 @ &=0xcccccccc + orr r2,r2,r2,lsr#2 + orr r0,r0,r0,lsl#2 + orr r3,r3,r3,lsr#2 + orr r1,r1,r1,lsl#2 + and r2,r2,r8 @ &=0x0f0f0f0f + and r0,r0,r8,lsl#4 @ &=0xf0f0f0f0 + and r3,r3,r8 @ &=0x0f0f0f0f + and r1,r1,r8,lsl#4 @ &=0xf0f0f0f0 + ldmia $A_flat,{r4-r5} @ A_flat[i] + orr r2,r2,r2,lsr#4 + orr r0,r0,r0,lsl#4 + orr r3,r3,r3,lsr#4 + orr r1,r1,r1,lsl#4 + and r2,r2,r9 @ &=0x00ff00ff + and r0,r0,r9,lsl#8 @ &=0xff00ff00 + and r3,r3,r9 @ &=0x00ff00ff + and r1,r1,r9,lsl#8 @ &=0xff00ff00 + orr r2,r2,r2,lsr#8 + orr r0,r0,r0,lsl#8 + orr r3,r3,r3,lsr#8 + orr r1,r1,r1,lsl#8 + + lsl r2,r2,#16 + lsr r1,r1,#16 + eor r4,r4,r3,lsl#16 + eor r5,r5,r0,lsr#16 + eor r4,r4,r2,lsr#16 + eor r5,r5,r1,lsl#16 + stmia $A_flat!,{r4-r5} @ A_flat[i++] ^= BitInterleave(inp[0..7]) + + subs $bsz,$bsz,#8 + bhi .Loop_block + + str $inp,[sp,#476] + + bl KeccakF1600_int + + add r14,sp,#456 + ldmia r14,{r6-r12,r14} @ restore constants and variables + b .Loop_absorb + +.align 4 +.Labsorbed: + add $inp,sp,#$A[1][0] + ldmia sp, {@C[0]-@C[9]} + stmia $A_flat!,{@C[0]-@C[9]} @ return A[5][5] + ldmia $inp!, {@C[0]-@C[9]} + stmia $A_flat!,{@C[0]-@C[9]} + ldmia $inp!, {@C[0]-@C[9]} + stmia $A_flat!,{@C[0]-@C[9]} + ldmia $inp!, {@C[0]-@C[9]} + stmia $A_flat!,{@C[0]-@C[9]} + ldmia $inp, {@C[0]-@C[9]} + stmia $A_flat, {@C[0]-@C[9]} + +.Labsorb_abort: + add sp,sp,#456+32 + mov r0,$len @ return value + ldmia sp!,{r4-r12,pc} +.size SHA3_absorb,.-SHA3_absorb +___ +} +{ my ($out,$len,$A_flat,$bsz) = map("r$_", (4,5,10,12)); + +$code.=<<___; +.global SHA3_squeeze +.type SHA3_squeeze,%function +.align 5 +SHA3_squeeze: + stmdb sp!,{r0,r3-r10,lr} + + mov $A_flat,r0 + mov $out,r1 + mov $len,r2 + mov $bsz,r3 + +#ifdef __thumb2__ + mov r9,#0x00ff00ff + mov r8,#0x0f0f0f0f + mov r7,#0x33333333 + mov r6,#0x55555555 +#else + mov r6,#0x11 @ compose constants + mov r8,#0x0f + mov r9,#0xff + orr r6,r6,r6,lsl#8 + orr r8,r8,r8,lsl#8 + orr r6,r6,r6,lsl#16 @ 0x11111111 + orr r9,r9,r9,lsl#16 @ 0x00ff00ff + orr r8,r8,r8,lsl#16 @ 0x0f0f0f0f + orr r7,r6,r6,lsl#1 @ 0x33333333 + orr r6,r6,r6,lsl#2 @ 0x55555555 +#endif + stmdb sp!,{r6-r9} + + mov r14,$A_flat + b .Loop_squeeze + +.align 4 +.Loop_squeeze: + ldmia $A_flat!,{r0,r1} @ A_flat[i++] + + lsl r2,r0,#16 + lsl r3,r1,#16 @ r3 = r1 << 16 + lsr r2,r2,#16 @ r2 = r0 & 0x0000ffff + lsr r1,r1,#16 + lsr r0,r0,#16 @ r0 = r0 >> 16 + lsl r1,r1,#16 @ r1 = r1 & 0xffff0000 + + orr r2,r2,r2,lsl#8 + orr r3,r3,r3,lsr#8 + orr r0,r0,r0,lsl#8 + orr r1,r1,r1,lsr#8 + and r2,r2,r9 @ &=0x00ff00ff + and r3,r3,r9,lsl#8 @ &=0xff00ff00 + and r0,r0,r9 @ &=0x00ff00ff + and r1,r1,r9,lsl#8 @ &=0xff00ff00 + orr r2,r2,r2,lsl#4 + orr r3,r3,r3,lsr#4 + orr r0,r0,r0,lsl#4 + orr r1,r1,r1,lsr#4 + and r2,r2,r8 @ &=0x0f0f0f0f + and r3,r3,r8,lsl#4 @ &=0xf0f0f0f0 + and r0,r0,r8 @ &=0x0f0f0f0f + and r1,r1,r8,lsl#4 @ &=0xf0f0f0f0 + orr r2,r2,r2,lsl#2 + orr r3,r3,r3,lsr#2 + orr r0,r0,r0,lsl#2 + orr r1,r1,r1,lsr#2 + and r2,r2,r7 @ &=0x33333333 + and r3,r3,r7,lsl#2 @ &=0xcccccccc + and r0,r0,r7 @ &=0x33333333 + and r1,r1,r7,lsl#2 @ &=0xcccccccc + orr r2,r2,r2,lsl#1 + orr r3,r3,r3,lsr#1 + orr r0,r0,r0,lsl#1 + orr r1,r1,r1,lsr#1 + and r2,r2,r6 @ &=0x55555555 + and r3,r3,r6,lsl#1 @ &=0xaaaaaaaa + and r0,r0,r6 @ &=0x55555555 + and r1,r1,r6,lsl#1 @ &=0xaaaaaaaa + + orr r2,r2,r3 + orr r0,r0,r1 + + cmp $len,#8 + blo .Lsqueeze_tail + lsr r1,r2,#8 + strb r2,[$out],#1 + lsr r3,r2,#16 + strb r1,[$out],#1 + lsr r2,r2,#24 + strb r3,[$out],#1 + strb r2,[$out],#1 + + lsr r1,r0,#8 + strb r0,[$out],#1 + lsr r3,r0,#16 + strb r1,[$out],#1 + lsr r0,r0,#24 + strb r3,[$out],#1 + strb r0,[$out],#1 + subs $len,$len,#8 + beq .Lsqueeze_done + + subs $bsz,$bsz,#8 @ bsz -= 8 + bhi .Loop_squeeze + + mov r0,r14 @ original $A_flat + + bl KeccakF1600 + + ldmia sp,{r6-r10,r12} @ restore constants and variables + mov r14,$A_flat + b .Loop_squeeze + +.align 4 +.Lsqueeze_tail: + strb r2,[$out],#1 + lsr r2,r2,#8 + subs $len,$len,#1 + beq .Lsqueeze_done + strb r2,[$out],#1 + lsr r2,r2,#8 + subs $len,$len,#1 + beq .Lsqueeze_done + strb r2,[$out],#1 + lsr r2,r2,#8 + subs $len,$len,#1 + beq .Lsqueeze_done + strb r2,[$out],#1 + subs $len,$len,#1 + beq .Lsqueeze_done + + strb r0,[$out],#1 + lsr r0,r0,#8 + subs $len,$len,#1 + beq .Lsqueeze_done + strb r0,[$out],#1 + lsr r0,r0,#8 + subs $len,$len,#1 + beq .Lsqueeze_done + strb r0,[$out] + b .Lsqueeze_done + +.align 4 +.Lsqueeze_done: + add sp,sp,#24 + ldmia sp!,{r4-r10,pc} +.size SHA3_squeeze,.-SHA3_squeeze +___ +} + +$code.=<<___; +#if __ARM_MAX_ARCH__>=7 +.fpu neon + +.type iotas64, %object +.align 5 +iotas64: + .quad 0x0000000000000001 + .quad 0x0000000000008082 + .quad 0x800000000000808a + .quad 0x8000000080008000 + .quad 0x000000000000808b + .quad 0x0000000080000001 + .quad 0x8000000080008081 + .quad 0x8000000000008009 + .quad 0x000000000000008a + .quad 0x0000000000000088 + .quad 0x0000000080008009 + .quad 0x000000008000000a + .quad 0x000000008000808b + .quad 0x800000000000008b + .quad 0x8000000000008089 + .quad 0x8000000000008003 + .quad 0x8000000000008002 + .quad 0x8000000000000080 + .quad 0x000000000000800a + .quad 0x800000008000000a + .quad 0x8000000080008081 + .quad 0x8000000000008080 + .quad 0x0000000080000001 + .quad 0x8000000080008008 +.size iotas64,.-iotas64 + +.type KeccakF1600_neon, %function +.align 5 +KeccakF1600_neon: + add r1, r0, #16 + adr r2, iotas64 + mov r3, #24 @ loop counter + b .Loop_neon + +.align 4 +.Loop_neon: + @ Theta + vst1.64 {q4}, [r0:64] @ offload A[0..1][4] + veor q13, q0, q5 @ A[0..1][0]^A[2..3][0] + vst1.64 {d18}, [r1:64] @ offload A[2][4] + veor q14, q1, q6 @ A[0..1][1]^A[2..3][1] + veor q15, q2, q7 @ A[0..1][2]^A[2..3][2] + veor d26, d26, d27 @ C[0]=A[0][0]^A[1][0]^A[2][0]^A[3][0] + veor d27, d28, d29 @ C[1]=A[0][1]^A[1][1]^A[2][1]^A[3][1] + veor q14, q3, q8 @ A[0..1][3]^A[2..3][3] + veor q4, q4, q9 @ A[0..1][4]^A[2..3][4] + veor d30, d30, d31 @ C[2]=A[0][2]^A[1][2]^A[2][2]^A[3][2] + veor d31, d28, d29 @ C[3]=A[0][3]^A[1][3]^A[2][3]^A[3][3] + veor d25, d8, d9 @ C[4]=A[0][4]^A[1][4]^A[2][4]^A[3][4] + veor q13, q13, q10 @ C[0..1]^=A[4][0..1] + veor q14, q15, q11 @ C[2..3]^=A[4][2..3] + veor d25, d25, d24 @ C[4]^=A[4][4] + + vadd.u64 q4, q13, q13 @ C[0..1]<<1 + vadd.u64 q15, q14, q14 @ C[2..3]<<1 + vadd.u64 d18, d25, d25 @ C[4]<<1 + vsri.u64 q4, q13, #63 @ ROL64(C[0..1],1) + vsri.u64 q15, q14, #63 @ ROL64(C[2..3],1) + vsri.u64 d18, d25, #63 @ ROL64(C[4],1) + veor d25, d25, d9 @ D[0] = C[4] ^= ROL64(C[1],1) + veor q13, q13, q15 @ D[1..2] = C[0..1] ^ ROL64(C[2..3],1) + veor d28, d28, d18 @ D[3] = C[2] ^= ROL64(C[4],1) + veor d29, d29, d8 @ D[4] = C[3] ^= ROL64(C[0],1) + + veor d0, d0, d25 @ A[0][0] ^= C[4] + veor d1, d1, d25 @ A[1][0] ^= C[4] + veor d10, d10, d25 @ A[2][0] ^= C[4] + veor d11, d11, d25 @ A[3][0] ^= C[4] + veor d20, d20, d25 @ A[4][0] ^= C[4] + + veor d2, d2, d26 @ A[0][1] ^= D[1] + veor d3, d3, d26 @ A[1][1] ^= D[1] + veor d12, d12, d26 @ A[2][1] ^= D[1] + veor d13, d13, d26 @ A[3][1] ^= D[1] + veor d21, d21, d26 @ A[4][1] ^= D[1] + vmov d26, d27 + + veor d6, d6, d28 @ A[0][3] ^= C[2] + veor d7, d7, d28 @ A[1][3] ^= C[2] + veor d16, d16, d28 @ A[2][3] ^= C[2] + veor d17, d17, d28 @ A[3][3] ^= C[2] + veor d23, d23, d28 @ A[4][3] ^= C[2] + vld1.64 {q4}, [r0:64] @ restore A[0..1][4] + vmov d28, d29 + + vld1.64 {d18}, [r1:64] @ restore A[2][4] + veor q2, q2, q13 @ A[0..1][2] ^= D[2] + veor q7, q7, q13 @ A[2..3][2] ^= D[2] + veor d22, d22, d27 @ A[4][2] ^= D[2] + + veor q4, q4, q14 @ A[0..1][4] ^= C[3] + veor q9, q9, q14 @ A[2..3][4] ^= C[3] + veor d24, d24, d29 @ A[4][4] ^= C[3] + + @ Rho + Pi + vmov d26, d2 @ C[1] = A[0][1] + vshl.u64 d2, d3, #44 + vmov d27, d4 @ C[2] = A[0][2] + vshl.u64 d4, d14, #43 + vmov d28, d6 @ C[3] = A[0][3] + vshl.u64 d6, d17, #21 + vmov d29, d8 @ C[4] = A[0][4] + vshl.u64 d8, d24, #14 + vsri.u64 d2, d3, #64-44 @ A[0][1] = ROL64(A[1][1], rhotates[1][1]) + vsri.u64 d4, d14, #64-43 @ A[0][2] = ROL64(A[2][2], rhotates[2][2]) + vsri.u64 d6, d17, #64-21 @ A[0][3] = ROL64(A[3][3], rhotates[3][3]) + vsri.u64 d8, d24, #64-14 @ A[0][4] = ROL64(A[4][4], rhotates[4][4]) + + vshl.u64 d3, d9, #20 + vshl.u64 d14, d16, #25 + vshl.u64 d17, d15, #15 + vshl.u64 d24, d21, #2 + vsri.u64 d3, d9, #64-20 @ A[1][1] = ROL64(A[1][4], rhotates[1][4]) + vsri.u64 d14, d16, #64-25 @ A[2][2] = ROL64(A[2][3], rhotates[2][3]) + vsri.u64 d17, d15, #64-15 @ A[3][3] = ROL64(A[3][2], rhotates[3][2]) + vsri.u64 d24, d21, #64-2 @ A[4][4] = ROL64(A[4][1], rhotates[4][1]) + + vshl.u64 d9, d22, #61 + @ vshl.u64 d16, d19, #8 + vshl.u64 d15, d12, #10 + vshl.u64 d21, d7, #55 + vsri.u64 d9, d22, #64-61 @ A[1][4] = ROL64(A[4][2], rhotates[4][2]) + vext.8 d16, d19, d19, #8-1 @ A[2][3] = ROL64(A[3][4], rhotates[3][4]) + vsri.u64 d15, d12, #64-10 @ A[3][2] = ROL64(A[2][1], rhotates[2][1]) + vsri.u64 d21, d7, #64-55 @ A[4][1] = ROL64(A[1][3], rhotates[1][3]) + + vshl.u64 d22, d18, #39 + @ vshl.u64 d19, d23, #56 + vshl.u64 d12, d5, #6 + vshl.u64 d7, d13, #45 + vsri.u64 d22, d18, #64-39 @ A[4][2] = ROL64(A[2][4], rhotates[2][4]) + vext.8 d19, d23, d23, #8-7 @ A[3][4] = ROL64(A[4][3], rhotates[4][3]) + vsri.u64 d12, d5, #64-6 @ A[2][1] = ROL64(A[1][2], rhotates[1][2]) + vsri.u64 d7, d13, #64-45 @ A[1][3] = ROL64(A[3][1], rhotates[3][1]) + + vshl.u64 d18, d20, #18 + vshl.u64 d23, d11, #41 + vshl.u64 d5, d10, #3 + vshl.u64 d13, d1, #36 + vsri.u64 d18, d20, #64-18 @ A[2][4] = ROL64(A[4][0], rhotates[4][0]) + vsri.u64 d23, d11, #64-41 @ A[4][3] = ROL64(A[3][0], rhotates[3][0]) + vsri.u64 d5, d10, #64-3 @ A[1][2] = ROL64(A[2][0], rhotates[2][0]) + vsri.u64 d13, d1, #64-36 @ A[3][1] = ROL64(A[1][0], rhotates[1][0]) + + vshl.u64 d1, d28, #28 + vshl.u64 d10, d26, #1 + vshl.u64 d11, d29, #27 + vshl.u64 d20, d27, #62 + vsri.u64 d1, d28, #64-28 @ A[1][0] = ROL64(C[3], rhotates[0][3]) + vsri.u64 d10, d26, #64-1 @ A[2][0] = ROL64(C[1], rhotates[0][1]) + vsri.u64 d11, d29, #64-27 @ A[3][0] = ROL64(C[4], rhotates[0][4]) + vsri.u64 d20, d27, #64-62 @ A[4][0] = ROL64(C[2], rhotates[0][2]) + + @ Chi + Iota + vbic q13, q2, q1 + vbic q14, q3, q2 + vbic q15, q4, q3 + veor q13, q13, q0 @ A[0..1][0] ^ (~A[0..1][1] & A[0..1][2]) + veor q14, q14, q1 @ A[0..1][1] ^ (~A[0..1][2] & A[0..1][3]) + veor q2, q2, q15 @ A[0..1][2] ^= (~A[0..1][3] & A[0..1][4]) + vst1.64 {q13}, [r0:64] @ offload A[0..1][0] + vbic q13, q0, q4 + vbic q15, q1, q0 + vmov q1, q14 @ A[0..1][1] + veor q3, q3, q13 @ A[0..1][3] ^= (~A[0..1][4] & A[0..1][0]) + veor q4, q4, q15 @ A[0..1][4] ^= (~A[0..1][0] & A[0..1][1]) + + vbic q13, q7, q6 + vmov q0, q5 @ A[2..3][0] + vbic q14, q8, q7 + vmov q15, q6 @ A[2..3][1] + veor q5, q5, q13 @ A[2..3][0] ^= (~A[2..3][1] & A[2..3][2]) + vbic q13, q9, q8 + veor q6, q6, q14 @ A[2..3][1] ^= (~A[2..3][2] & A[2..3][3]) + vbic q14, q0, q9 + veor q7, q7, q13 @ A[2..3][2] ^= (~A[2..3][3] & A[2..3][4]) + vbic q13, q15, q0 + veor q8, q8, q14 @ A[2..3][3] ^= (~A[2..3][4] & A[2..3][0]) + vmov q14, q10 @ A[4][0..1] + veor q9, q9, q13 @ A[2..3][4] ^= (~A[2..3][0] & A[2..3][1]) + + vld1.64 d25, [r2:64]! @ Iota[i++] + vbic d26, d22, d21 + vbic d27, d23, d22 + vld1.64 {q0}, [r0:64] @ restore A[0..1][0] + veor d20, d20, d26 @ A[4][0] ^= (~A[4][1] & A[4][2]) + vbic d26, d24, d23 + veor d21, d21, d27 @ A[4][1] ^= (~A[4][2] & A[4][3]) + vbic d27, d28, d24 + veor d22, d22, d26 @ A[4][2] ^= (~A[4][3] & A[4][4]) + vbic d26, d29, d28 + veor d23, d23, d27 @ A[4][3] ^= (~A[4][4] & A[4][0]) + veor d0, d0, d25 @ A[0][0] ^= Iota[i] + veor d24, d24, d26 @ A[4][4] ^= (~A[4][0] & A[4][1]) + + subs r3, r3, #1 + bne .Loop_neon + + bx lr +.size KeccakF1600_neon,.-KeccakF1600_neon + +.global SHA3_absorb_neon +.type SHA3_absorb_neon, %function +.align 5 +SHA3_absorb_neon: + stmdb sp!, {r4-r6,lr} + vstmdb sp!, {d8-d15} + + mov r4, r1 @ inp + mov r5, r2 @ len + mov r6, r3 @ bsz + + vld1.32 {d0}, [r0:64]! @ A[0][0] + vld1.32 {d2}, [r0:64]! @ A[0][1] + vld1.32 {d4}, [r0:64]! @ A[0][2] + vld1.32 {d6}, [r0:64]! @ A[0][3] + vld1.32 {d8}, [r0:64]! @ A[0][4] + + vld1.32 {d1}, [r0:64]! @ A[1][0] + vld1.32 {d3}, [r0:64]! @ A[1][1] + vld1.32 {d5}, [r0:64]! @ A[1][2] + vld1.32 {d7}, [r0:64]! @ A[1][3] + vld1.32 {d9}, [r0:64]! @ A[1][4] + + vld1.32 {d10}, [r0:64]! @ A[2][0] + vld1.32 {d12}, [r0:64]! @ A[2][1] + vld1.32 {d14}, [r0:64]! @ A[2][2] + vld1.32 {d16}, [r0:64]! @ A[2][3] + vld1.32 {d18}, [r0:64]! @ A[2][4] + + vld1.32 {d11}, [r0:64]! @ A[3][0] + vld1.32 {d13}, [r0:64]! @ A[3][1] + vld1.32 {d15}, [r0:64]! @ A[3][2] + vld1.32 {d17}, [r0:64]! @ A[3][3] + vld1.32 {d19}, [r0:64]! @ A[3][4] + + vld1.32 {d20-d23}, [r0:64]! @ A[4][0..3] + vld1.32 {d24}, [r0:64] @ A[4][4] + sub r0, r0, #24*8 @ rewind + b .Loop_absorb_neon + +.align 4 +.Loop_absorb_neon: + subs r12, r5, r6 @ len - bsz + blo .Labsorbed_neon + mov r5, r12 + + vld1.8 {d31}, [r4]! @ endian-neutral loads... + cmp r6, #8*2 + veor d0, d0, d31 @ A[0][0] ^= *inp++ + blo .Lprocess_neon + vld1.8 {d31}, [r4]! + veor d2, d2, d31 @ A[0][1] ^= *inp++ + beq .Lprocess_neon + vld1.8 {d31}, [r4]! + cmp r6, #8*4 + veor d4, d4, d31 @ A[0][2] ^= *inp++ + blo .Lprocess_neon + vld1.8 {d31}, [r4]! + veor d6, d6, d31 @ A[0][3] ^= *inp++ + beq .Lprocess_neon + vld1.8 {d31},[r4]! + cmp r6, #8*6 + veor d8, d8, d31 @ A[0][4] ^= *inp++ + blo .Lprocess_neon + + vld1.8 {d31}, [r4]! + veor d1, d1, d31 @ A[1][0] ^= *inp++ + beq .Lprocess_neon + vld1.8 {d31}, [r4]! + cmp r6, #8*8 + veor d3, d3, d31 @ A[1][1] ^= *inp++ + blo .Lprocess_neon + vld1.8 {d31}, [r4]! + veor d5, d5, d31 @ A[1][2] ^= *inp++ + beq .Lprocess_neon + vld1.8 {d31}, [r4]! + cmp r6, #8*10 + veor d7, d7, d31 @ A[1][3] ^= *inp++ + blo .Lprocess_neon + vld1.8 {d31}, [r4]! + veor d9, d9, d31 @ A[1][4] ^= *inp++ + beq .Lprocess_neon + + vld1.8 {d31}, [r4]! + cmp r6, #8*12 + veor d10, d10, d31 @ A[2][0] ^= *inp++ + blo .Lprocess_neon + vld1.8 {d31}, [r4]! + veor d12, d12, d31 @ A[2][1] ^= *inp++ + beq .Lprocess_neon + vld1.8 {d31}, [r4]! + cmp r6, #8*14 + veor d14, d14, d31 @ A[2][2] ^= *inp++ + blo .Lprocess_neon + vld1.8 {d31}, [r4]! + veor d16, d16, d31 @ A[2][3] ^= *inp++ + beq .Lprocess_neon + vld1.8 {d31}, [r4]! + cmp r6, #8*16 + veor d18, d18, d31 @ A[2][4] ^= *inp++ + blo .Lprocess_neon + + vld1.8 {d31}, [r4]! + veor d11, d11, d31 @ A[3][0] ^= *inp++ + beq .Lprocess_neon + vld1.8 {d31}, [r4]! + cmp r6, #8*18 + veor d13, d13, d31 @ A[3][1] ^= *inp++ + blo .Lprocess_neon + vld1.8 {d31}, [r4]! + veor d15, d15, d31 @ A[3][2] ^= *inp++ + beq .Lprocess_neon + vld1.8 {d31}, [r4]! + cmp r6, #8*20 + veor d17, d17, d31 @ A[3][3] ^= *inp++ + blo .Lprocess_neon + vld1.8 {d31}, [r4]! + veor d19, d19, d31 @ A[3][4] ^= *inp++ + beq .Lprocess_neon + + vld1.8 {d31}, [r4]! + cmp r6, #8*22 + veor d20, d20, d31 @ A[4][0] ^= *inp++ + blo .Lprocess_neon + vld1.8 {d31}, [r4]! + veor d21, d21, d31 @ A[4][1] ^= *inp++ + beq .Lprocess_neon + vld1.8 {d31}, [r4]! + cmp r6, #8*24 + veor d22, d22, d31 @ A[4][2] ^= *inp++ + blo .Lprocess_neon + vld1.8 {d31}, [r4]! + veor d23, d23, d31 @ A[4][3] ^= *inp++ + beq .Lprocess_neon + vld1.8 {d31}, [r4]! + veor d24, d24, d31 @ A[4][4] ^= *inp++ + +.Lprocess_neon: + bl KeccakF1600_neon + b .Loop_absorb_neon + +.align 4 +.Labsorbed_neon: + vst1.32 {d0}, [r0:64]! @ A[0][0..4] + vst1.32 {d2}, [r0:64]! + vst1.32 {d4}, [r0:64]! + vst1.32 {d6}, [r0:64]! + vst1.32 {d8}, [r0:64]! + + vst1.32 {d1}, [r0:64]! @ A[1][0..4] + vst1.32 {d3}, [r0:64]! + vst1.32 {d5}, [r0:64]! + vst1.32 {d7}, [r0:64]! + vst1.32 {d9}, [r0:64]! + + vst1.32 {d10}, [r0:64]! @ A[2][0..4] + vst1.32 {d12}, [r0:64]! + vst1.32 {d14}, [r0:64]! + vst1.32 {d16}, [r0:64]! + vst1.32 {d18}, [r0:64]! + + vst1.32 {d11}, [r0:64]! @ A[3][0..4] + vst1.32 {d13}, [r0:64]! + vst1.32 {d15}, [r0:64]! + vst1.32 {d17}, [r0:64]! + vst1.32 {d19}, [r0:64]! + + vst1.32 {d20-d23}, [r0:64]! @ A[4][0..4] + vst1.32 {d24}, [r0:64] + + mov r0, r5 @ return value + vldmia sp!, {d8-d15} + ldmia sp!, {r4-r6,pc} +.size SHA3_absorb_neon,.-SHA3_absorb_neon + +.global SHA3_squeeze_neon +.type SHA3_squeeze_neon, %function +.align 5 +SHA3_squeeze_neon: + stmdb sp!, {r4-r6,lr} + + mov r4, r1 @ out + mov r5, r2 @ len + mov r6, r3 @ bsz + mov r12, r0 @ A_flat + mov r14, r3 @ bsz + b .Loop_squeeze_neon + +.align 4 +.Loop_squeeze_neon: + cmp r5, #8 + blo .Lsqueeze_neon_tail + vld1.32 {d0}, [r12]! + vst1.8 {d0}, [r4]! @ endian-neutral store + + subs r5, r5, #8 @ len -= 8 + beq .Lsqueeze_neon_done + + subs r14, r14, #8 @ bsz -= 8 + bhi .Loop_squeeze_neon + + vstmdb sp!, {d8-d15} + + vld1.32 {d0}, [r0:64]! @ A[0][0..4] + vld1.32 {d2}, [r0:64]! + vld1.32 {d4}, [r0:64]! + vld1.32 {d6}, [r0:64]! + vld1.32 {d8}, [r0:64]! + + vld1.32 {d1}, [r0:64]! @ A[1][0..4] + vld1.32 {d3}, [r0:64]! + vld1.32 {d5}, [r0:64]! + vld1.32 {d7}, [r0:64]! + vld1.32 {d9}, [r0:64]! + + vld1.32 {d10}, [r0:64]! @ A[2][0..4] + vld1.32 {d12}, [r0:64]! + vld1.32 {d14}, [r0:64]! + vld1.32 {d16}, [r0:64]! + vld1.32 {d18}, [r0:64]! + + vld1.32 {d11}, [r0:64]! @ A[3][0..4] + vld1.32 {d13}, [r0:64]! + vld1.32 {d15}, [r0:64]! + vld1.32 {d17}, [r0:64]! + vld1.32 {d19}, [r0:64]! + + vld1.32 {d20-d23}, [r0:64]! @ A[4][0..4] + vld1.32 {d24}, [r0:64] + sub r0, r0, #24*8 @ rewind + + bl KeccakF1600_neon + + mov r12, r0 @ A_flat + vst1.32 {d0}, [r0:64]! @ A[0][0..4] + vst1.32 {d2}, [r0:64]! + vst1.32 {d4}, [r0:64]! + vst1.32 {d6}, [r0:64]! + vst1.32 {d8}, [r0:64]! + + vst1.32 {d1}, [r0:64]! @ A[1][0..4] + vst1.32 {d3}, [r0:64]! + vst1.32 {d5}, [r0:64]! + vst1.32 {d7}, [r0:64]! + vst1.32 {d9}, [r0:64]! + + vst1.32 {d10}, [r0:64]! @ A[2][0..4] + vst1.32 {d12}, [r0:64]! + vst1.32 {d14}, [r0:64]! + vst1.32 {d16}, [r0:64]! + vst1.32 {d18}, [r0:64]! + + vst1.32 {d11}, [r0:64]! @ A[3][0..4] + vst1.32 {d13}, [r0:64]! + vst1.32 {d15}, [r0:64]! + vst1.32 {d17}, [r0:64]! + vst1.32 {d19}, [r0:64]! + + vst1.32 {d20-d23}, [r0:64]! @ A[4][0..4] + mov r14, r6 @ bsz + vst1.32 {d24}, [r0:64] + mov r0, r12 @ rewind + + vldmia sp!, {d8-d15} + b .Loop_squeeze_neon + +.align 4 +.Lsqueeze_neon_tail: + ldmia r12, {r2,r3} + cmp r5, #2 + strb r2, [r4],#1 @ endian-neutral store + lsr r2, r2, #8 + blo .Lsqueeze_neon_done + strb r2, [r4], #1 + lsr r2, r2, #8 + beq .Lsqueeze_neon_done + strb r2, [r4], #1 + lsr r2, r2, #8 + cmp r5, #4 + blo .Lsqueeze_neon_done + strb r2, [r4], #1 + beq .Lsqueeze_neon_done + + strb r3, [r4], #1 + lsr r3, r3, #8 + cmp r5, #6 + blo .Lsqueeze_neon_done + strb r3, [r4], #1 + lsr r3, r3, #8 + beq .Lsqueeze_neon_done + strb r3, [r4], #1 + +.Lsqueeze_neon_done: + ldmia sp!, {r4-r6,pc} +.size SHA3_squeeze_neon,.-SHA3_squeeze_neon +#endif +.asciz "Keccak-1600 absorb and squeeze for ARMv4/NEON, CRYPTOGAMS by " +.align 2 +___ + +{ + my %ldr, %str; + + sub ldrd { + my ($mnemonic,$half,$reg,$ea) = @_; + my $op = $mnemonic eq "ldr" ? \%ldr : \%str; + + if ($half eq "l") { + $$op{reg} = $reg; + $$op{ea} = $ea; + sprintf "#ifndef __thumb2__\n" . + " %s\t%s,%s\n" . + "#endif", $mnemonic,$reg,$ea; + } else { + sprintf "#ifndef __thumb2__\n" . + " %s\t%s,%s\n" . + "#else\n" . + " %sd\t%s,%s,%s\n" . + "#endif", $mnemonic,$reg,$ea, + $mnemonic,$$op{reg},$reg,$$op{ea}; + } + } +} + +foreach (split($/,$code)) { + s/\`([^\`]*)\`/eval $1/ge; + + s/^\s+(ldr|str)\.([lh])\s+(r[0-9]+),\s*(\[.*)/ldrd($1,$2,$3,$4)/ge or + s/\b(ror|ls[rl])\s+(r[0-9]+.*)#/mov $2$1#/g or + s/\bret\b/bx lr/g or + s/\bbx\s+lr\b/.word\t0xe12fff1e/g; # make it possible to compile with -march=armv4 + + print $_,"\n"; +} + +close STDOUT; # enforce flush diff --git a/deps/openssl/openssl/crypto/sha/asm/keccak1600-armv8.pl b/deps/openssl/openssl/crypto/sha/asm/keccak1600-armv8.pl new file mode 100755 index 00000000000000..704ab4a7e45a87 --- /dev/null +++ b/deps/openssl/openssl/crypto/sha/asm/keccak1600-armv8.pl @@ -0,0 +1,866 @@ +#!/usr/bin/env perl +# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# Keccak-1600 for ARMv8. +# +# June 2017. +# +# This is straightforward KECCAK_1X_ALT implementation. It makes no +# sense to attempt SIMD/NEON implementation for following reason. +# 64-bit lanes of vector registers can't be addressed as easily as in +# 32-bit mode. This means that 64-bit NEON is bound to be slower than +# 32-bit NEON, and this implementation is faster than 32-bit NEON on +# same processor. Even though it takes more scalar xor's and andn's, +# it gets compensated by availability of rotate. Not to forget that +# most processors achieve higher issue rate with scalar instructions. +# +# February 2018. +# +# Add hardware-assisted ARMv8.2 implementation. It's KECCAK_1X_ALT +# variant with register permutation/rotation twist that allows to +# eliminate copies to temporary registers. If you look closely you'll +# notice that it uses only one lane of vector registers. The new +# instructions effectively facilitate parallel hashing, which we don't +# support [yet?]. But lowest-level core procedure is prepared for it. +# The inner round is 67 [vector] instructions, so it's not actually +# obvious that it will provide performance improvement [in serial +# hash] as long as vector instructions issue rate is limited to 1 per +# cycle... +# +###################################################################### +# Numbers are cycles per processed byte. +# +# r=1088(*) +# +# Cortex-A53 13 +# Cortex-A57 12 +# X-Gene 14 +# Mongoose 10 +# Kryo 12 +# Denver 7.8 +# Apple A7 7.2 +# +# (*) Corresponds to SHA3-256. No improvement coefficients are listed +# because they vary too much from compiler to compiler. Newer +# compiler does much better and improvement varies from 5% on +# Cortex-A57 to 25% on Cortex-A53. While in comparison to older +# compiler this code is at least 2x faster... + +$flavour = shift; +$output = shift; + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or +die "can't locate arm-xlate.pl"; + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; + +my @rhotates = ([ 0, 1, 62, 28, 27 ], + [ 36, 44, 6, 55, 20 ], + [ 3, 10, 43, 25, 39 ], + [ 41, 45, 15, 21, 8 ], + [ 18, 2, 61, 56, 14 ]); + +$code.=<<___; +.text + +.align 8 // strategic alignment and padding that allows to use + // address value as loop termination condition... + .quad 0,0,0,0,0,0,0,0 +.type iotas,%object +iotas: + .quad 0x0000000000000001 + .quad 0x0000000000008082 + .quad 0x800000000000808a + .quad 0x8000000080008000 + .quad 0x000000000000808b + .quad 0x0000000080000001 + .quad 0x8000000080008081 + .quad 0x8000000000008009 + .quad 0x000000000000008a + .quad 0x0000000000000088 + .quad 0x0000000080008009 + .quad 0x000000008000000a + .quad 0x000000008000808b + .quad 0x800000000000008b + .quad 0x8000000000008089 + .quad 0x8000000000008003 + .quad 0x8000000000008002 + .quad 0x8000000000000080 + .quad 0x000000000000800a + .quad 0x800000008000000a + .quad 0x8000000080008081 + .quad 0x8000000000008080 + .quad 0x0000000080000001 + .quad 0x8000000080008008 +.size iotas,.-iotas +___ + {{{ +my @A = map([ "x$_", "x".($_+1), "x".($_+2), "x".($_+3), "x".($_+4) ], + (0, 5, 10, 15, 20)); + $A[3][3] = "x25"; # x18 is reserved + +my @C = map("x$_", (26,27,28,30)); + +$code.=<<___; +.type KeccakF1600_int,%function +.align 5 +KeccakF1600_int: + adr $C[2],iotas + stp $C[2],x30,[sp,#16] // 32 bytes on top are mine + b .Loop +.align 4 +.Loop: + ////////////////////////////////////////// Theta + eor $C[0],$A[0][0],$A[1][0] + stp $A[0][4],$A[1][4],[sp,#0] // offload pair... + eor $C[1],$A[0][1],$A[1][1] + eor $C[2],$A[0][2],$A[1][2] + eor $C[3],$A[0][3],$A[1][3] +___ + $C[4]=$A[0][4]; + $C[5]=$A[1][4]; +$code.=<<___; + eor $C[4],$A[0][4],$A[1][4] + eor $C[0],$C[0],$A[2][0] + eor $C[1],$C[1],$A[2][1] + eor $C[2],$C[2],$A[2][2] + eor $C[3],$C[3],$A[2][3] + eor $C[4],$C[4],$A[2][4] + eor $C[0],$C[0],$A[3][0] + eor $C[1],$C[1],$A[3][1] + eor $C[2],$C[2],$A[3][2] + eor $C[3],$C[3],$A[3][3] + eor $C[4],$C[4],$A[3][4] + eor $C[0],$C[0],$A[4][0] + eor $C[2],$C[2],$A[4][2] + eor $C[1],$C[1],$A[4][1] + eor $C[3],$C[3],$A[4][3] + eor $C[4],$C[4],$A[4][4] + + eor $C[5],$C[0],$C[2],ror#63 + + eor $A[0][1],$A[0][1],$C[5] + eor $A[1][1],$A[1][1],$C[5] + eor $A[2][1],$A[2][1],$C[5] + eor $A[3][1],$A[3][1],$C[5] + eor $A[4][1],$A[4][1],$C[5] + + eor $C[5],$C[1],$C[3],ror#63 + eor $C[2],$C[2],$C[4],ror#63 + eor $C[3],$C[3],$C[0],ror#63 + eor $C[4],$C[4],$C[1],ror#63 + + eor $C[1], $A[0][2],$C[5] // mov $C[1],$A[0][2] + eor $A[1][2],$A[1][2],$C[5] + eor $A[2][2],$A[2][2],$C[5] + eor $A[3][2],$A[3][2],$C[5] + eor $A[4][2],$A[4][2],$C[5] + + eor $A[0][0],$A[0][0],$C[4] + eor $A[1][0],$A[1][0],$C[4] + eor $A[2][0],$A[2][0],$C[4] + eor $A[3][0],$A[3][0],$C[4] + eor $A[4][0],$A[4][0],$C[4] +___ + $C[4]=undef; + $C[5]=undef; +$code.=<<___; + ldp $A[0][4],$A[1][4],[sp,#0] // re-load offloaded data + eor $C[0], $A[0][3],$C[2] // mov $C[0],$A[0][3] + eor $A[1][3],$A[1][3],$C[2] + eor $A[2][3],$A[2][3],$C[2] + eor $A[3][3],$A[3][3],$C[2] + eor $A[4][3],$A[4][3],$C[2] + + eor $C[2], $A[0][4],$C[3] // mov $C[2],$A[0][4] + eor $A[1][4],$A[1][4],$C[3] + eor $A[2][4],$A[2][4],$C[3] + eor $A[3][4],$A[3][4],$C[3] + eor $A[4][4],$A[4][4],$C[3] + + ////////////////////////////////////////// Rho+Pi + mov $C[3],$A[0][1] + ror $A[0][1],$A[1][1],#64-$rhotates[1][1] + //mov $C[1],$A[0][2] + ror $A[0][2],$A[2][2],#64-$rhotates[2][2] + //mov $C[0],$A[0][3] + ror $A[0][3],$A[3][3],#64-$rhotates[3][3] + //mov $C[2],$A[0][4] + ror $A[0][4],$A[4][4],#64-$rhotates[4][4] + + ror $A[1][1],$A[1][4],#64-$rhotates[1][4] + ror $A[2][2],$A[2][3],#64-$rhotates[2][3] + ror $A[3][3],$A[3][2],#64-$rhotates[3][2] + ror $A[4][4],$A[4][1],#64-$rhotates[4][1] + + ror $A[1][4],$A[4][2],#64-$rhotates[4][2] + ror $A[2][3],$A[3][4],#64-$rhotates[3][4] + ror $A[3][2],$A[2][1],#64-$rhotates[2][1] + ror $A[4][1],$A[1][3],#64-$rhotates[1][3] + + ror $A[4][2],$A[2][4],#64-$rhotates[2][4] + ror $A[3][4],$A[4][3],#64-$rhotates[4][3] + ror $A[2][1],$A[1][2],#64-$rhotates[1][2] + ror $A[1][3],$A[3][1],#64-$rhotates[3][1] + + ror $A[2][4],$A[4][0],#64-$rhotates[4][0] + ror $A[4][3],$A[3][0],#64-$rhotates[3][0] + ror $A[1][2],$A[2][0],#64-$rhotates[2][0] + ror $A[3][1],$A[1][0],#64-$rhotates[1][0] + + ror $A[1][0],$C[0],#64-$rhotates[0][3] + ror $A[2][0],$C[3],#64-$rhotates[0][1] + ror $A[3][0],$C[2],#64-$rhotates[0][4] + ror $A[4][0],$C[1],#64-$rhotates[0][2] + + ////////////////////////////////////////// Chi+Iota + bic $C[0],$A[0][2],$A[0][1] + bic $C[1],$A[0][3],$A[0][2] + bic $C[2],$A[0][0],$A[0][4] + bic $C[3],$A[0][1],$A[0][0] + eor $A[0][0],$A[0][0],$C[0] + bic $C[0],$A[0][4],$A[0][3] + eor $A[0][1],$A[0][1],$C[1] + ldr $C[1],[sp,#16] + eor $A[0][3],$A[0][3],$C[2] + eor $A[0][4],$A[0][4],$C[3] + eor $A[0][2],$A[0][2],$C[0] + ldr $C[3],[$C[1]],#8 // Iota[i++] + + bic $C[0],$A[1][2],$A[1][1] + tst $C[1],#255 // are we done? + str $C[1],[sp,#16] + bic $C[1],$A[1][3],$A[1][2] + bic $C[2],$A[1][0],$A[1][4] + eor $A[0][0],$A[0][0],$C[3] // A[0][0] ^= Iota + bic $C[3],$A[1][1],$A[1][0] + eor $A[1][0],$A[1][0],$C[0] + bic $C[0],$A[1][4],$A[1][3] + eor $A[1][1],$A[1][1],$C[1] + eor $A[1][3],$A[1][3],$C[2] + eor $A[1][4],$A[1][4],$C[3] + eor $A[1][2],$A[1][2],$C[0] + + bic $C[0],$A[2][2],$A[2][1] + bic $C[1],$A[2][3],$A[2][2] + bic $C[2],$A[2][0],$A[2][4] + bic $C[3],$A[2][1],$A[2][0] + eor $A[2][0],$A[2][0],$C[0] + bic $C[0],$A[2][4],$A[2][3] + eor $A[2][1],$A[2][1],$C[1] + eor $A[2][3],$A[2][3],$C[2] + eor $A[2][4],$A[2][4],$C[3] + eor $A[2][2],$A[2][2],$C[0] + + bic $C[0],$A[3][2],$A[3][1] + bic $C[1],$A[3][3],$A[3][2] + bic $C[2],$A[3][0],$A[3][4] + bic $C[3],$A[3][1],$A[3][0] + eor $A[3][0],$A[3][0],$C[0] + bic $C[0],$A[3][4],$A[3][3] + eor $A[3][1],$A[3][1],$C[1] + eor $A[3][3],$A[3][3],$C[2] + eor $A[3][4],$A[3][4],$C[3] + eor $A[3][2],$A[3][2],$C[0] + + bic $C[0],$A[4][2],$A[4][1] + bic $C[1],$A[4][3],$A[4][2] + bic $C[2],$A[4][0],$A[4][4] + bic $C[3],$A[4][1],$A[4][0] + eor $A[4][0],$A[4][0],$C[0] + bic $C[0],$A[4][4],$A[4][3] + eor $A[4][1],$A[4][1],$C[1] + eor $A[4][3],$A[4][3],$C[2] + eor $A[4][4],$A[4][4],$C[3] + eor $A[4][2],$A[4][2],$C[0] + + bne .Loop + + ldr x30,[sp,#24] + ret +.size KeccakF1600_int,.-KeccakF1600_int + +.type KeccakF1600,%function +.align 5 +KeccakF1600: + stp x29,x30,[sp,#-128]! + add x29,sp,#0 + stp x19,x20,[sp,#16] + stp x21,x22,[sp,#32] + stp x23,x24,[sp,#48] + stp x25,x26,[sp,#64] + stp x27,x28,[sp,#80] + sub sp,sp,#48 + + str x0,[sp,#32] // offload argument + mov $C[0],x0 + ldp $A[0][0],$A[0][1],[x0,#16*0] + ldp $A[0][2],$A[0][3],[$C[0],#16*1] + ldp $A[0][4],$A[1][0],[$C[0],#16*2] + ldp $A[1][1],$A[1][2],[$C[0],#16*3] + ldp $A[1][3],$A[1][4],[$C[0],#16*4] + ldp $A[2][0],$A[2][1],[$C[0],#16*5] + ldp $A[2][2],$A[2][3],[$C[0],#16*6] + ldp $A[2][4],$A[3][0],[$C[0],#16*7] + ldp $A[3][1],$A[3][2],[$C[0],#16*8] + ldp $A[3][3],$A[3][4],[$C[0],#16*9] + ldp $A[4][0],$A[4][1],[$C[0],#16*10] + ldp $A[4][2],$A[4][3],[$C[0],#16*11] + ldr $A[4][4],[$C[0],#16*12] + + bl KeccakF1600_int + + ldr $C[0],[sp,#32] + stp $A[0][0],$A[0][1],[$C[0],#16*0] + stp $A[0][2],$A[0][3],[$C[0],#16*1] + stp $A[0][4],$A[1][0],[$C[0],#16*2] + stp $A[1][1],$A[1][2],[$C[0],#16*3] + stp $A[1][3],$A[1][4],[$C[0],#16*4] + stp $A[2][0],$A[2][1],[$C[0],#16*5] + stp $A[2][2],$A[2][3],[$C[0],#16*6] + stp $A[2][4],$A[3][0],[$C[0],#16*7] + stp $A[3][1],$A[3][2],[$C[0],#16*8] + stp $A[3][3],$A[3][4],[$C[0],#16*9] + stp $A[4][0],$A[4][1],[$C[0],#16*10] + stp $A[4][2],$A[4][3],[$C[0],#16*11] + str $A[4][4],[$C[0],#16*12] + + ldp x19,x20,[x29,#16] + add sp,sp,#48 + ldp x21,x22,[x29,#32] + ldp x23,x24,[x29,#48] + ldp x25,x26,[x29,#64] + ldp x27,x28,[x29,#80] + ldp x29,x30,[sp],#128 + ret +.size KeccakF1600,.-KeccakF1600 + +.globl SHA3_absorb +.type SHA3_absorb,%function +.align 5 +SHA3_absorb: + stp x29,x30,[sp,#-128]! + add x29,sp,#0 + stp x19,x20,[sp,#16] + stp x21,x22,[sp,#32] + stp x23,x24,[sp,#48] + stp x25,x26,[sp,#64] + stp x27,x28,[sp,#80] + sub sp,sp,#64 + + stp x0,x1,[sp,#32] // offload arguments + stp x2,x3,[sp,#48] + + mov $C[0],x0 // uint64_t A[5][5] + mov $C[1],x1 // const void *inp + mov $C[2],x2 // size_t len + mov $C[3],x3 // size_t bsz + ldp $A[0][0],$A[0][1],[$C[0],#16*0] + ldp $A[0][2],$A[0][3],[$C[0],#16*1] + ldp $A[0][4],$A[1][0],[$C[0],#16*2] + ldp $A[1][1],$A[1][2],[$C[0],#16*3] + ldp $A[1][3],$A[1][4],[$C[0],#16*4] + ldp $A[2][0],$A[2][1],[$C[0],#16*5] + ldp $A[2][2],$A[2][3],[$C[0],#16*6] + ldp $A[2][4],$A[3][0],[$C[0],#16*7] + ldp $A[3][1],$A[3][2],[$C[0],#16*8] + ldp $A[3][3],$A[3][4],[$C[0],#16*9] + ldp $A[4][0],$A[4][1],[$C[0],#16*10] + ldp $A[4][2],$A[4][3],[$C[0],#16*11] + ldr $A[4][4],[$C[0],#16*12] + b .Loop_absorb + +.align 4 +.Loop_absorb: + subs $C[0],$C[2],$C[3] // len - bsz + blo .Labsorbed + + str $C[0],[sp,#48] // save len - bsz +___ +for (my $i=0; $i<24; $i+=2) { +my $j = $i+1; +$code.=<<___; + ldr $C[0],[$C[1]],#8 // *inp++ +#ifdef __AARCH64EB__ + rev $C[0],$C[0] +#endif + eor $A[$i/5][$i%5],$A[$i/5][$i%5],$C[0] + cmp $C[3],#8*($i+2) + blo .Lprocess_block + ldr $C[0],[$C[1]],#8 // *inp++ +#ifdef __AARCH64EB__ + rev $C[0],$C[0] +#endif + eor $A[$j/5][$j%5],$A[$j/5][$j%5],$C[0] + beq .Lprocess_block +___ +} +$code.=<<___; + ldr $C[0],[$C[1]],#8 // *inp++ +#ifdef __AARCH64EB__ + rev $C[0],$C[0] +#endif + eor $A[4][4],$A[4][4],$C[0] + +.Lprocess_block: + str $C[1],[sp,#40] // save inp + + bl KeccakF1600_int + + ldr $C[1],[sp,#40] // restore arguments + ldp $C[2],$C[3],[sp,#48] + b .Loop_absorb + +.align 4 +.Labsorbed: + ldr $C[1],[sp,#32] + stp $A[0][0],$A[0][1],[$C[1],#16*0] + stp $A[0][2],$A[0][3],[$C[1],#16*1] + stp $A[0][4],$A[1][0],[$C[1],#16*2] + stp $A[1][1],$A[1][2],[$C[1],#16*3] + stp $A[1][3],$A[1][4],[$C[1],#16*4] + stp $A[2][0],$A[2][1],[$C[1],#16*5] + stp $A[2][2],$A[2][3],[$C[1],#16*6] + stp $A[2][4],$A[3][0],[$C[1],#16*7] + stp $A[3][1],$A[3][2],[$C[1],#16*8] + stp $A[3][3],$A[3][4],[$C[1],#16*9] + stp $A[4][0],$A[4][1],[$C[1],#16*10] + stp $A[4][2],$A[4][3],[$C[1],#16*11] + str $A[4][4],[$C[1],#16*12] + + mov x0,$C[2] // return value + ldp x19,x20,[x29,#16] + add sp,sp,#64 + ldp x21,x22,[x29,#32] + ldp x23,x24,[x29,#48] + ldp x25,x26,[x29,#64] + ldp x27,x28,[x29,#80] + ldp x29,x30,[sp],#128 + ret +.size SHA3_absorb,.-SHA3_absorb +___ +{ +my ($A_flat,$out,$len,$bsz) = map("x$_",(19..22)); +$code.=<<___; +.globl SHA3_squeeze +.type SHA3_squeeze,%function +.align 5 +SHA3_squeeze: + stp x29,x30,[sp,#-48]! + add x29,sp,#0 + stp x19,x20,[sp,#16] + stp x21,x22,[sp,#32] + + mov $A_flat,x0 // put aside arguments + mov $out,x1 + mov $len,x2 + mov $bsz,x3 + +.Loop_squeeze: + ldr x4,[x0],#8 + cmp $len,#8 + blo .Lsqueeze_tail +#ifdef __AARCH64EB__ + rev x4,x4 +#endif + str x4,[$out],#8 + subs $len,$len,#8 + beq .Lsqueeze_done + + subs x3,x3,#8 + bhi .Loop_squeeze + + mov x0,$A_flat + bl KeccakF1600 + mov x0,$A_flat + mov x3,$bsz + b .Loop_squeeze + +.align 4 +.Lsqueeze_tail: + strb w4,[$out],#1 + lsr x4,x4,#8 + subs $len,$len,#1 + beq .Lsqueeze_done + strb w4,[$out],#1 + lsr x4,x4,#8 + subs $len,$len,#1 + beq .Lsqueeze_done + strb w4,[$out],#1 + lsr x4,x4,#8 + subs $len,$len,#1 + beq .Lsqueeze_done + strb w4,[$out],#1 + lsr x4,x4,#8 + subs $len,$len,#1 + beq .Lsqueeze_done + strb w4,[$out],#1 + lsr x4,x4,#8 + subs $len,$len,#1 + beq .Lsqueeze_done + strb w4,[$out],#1 + lsr x4,x4,#8 + subs $len,$len,#1 + beq .Lsqueeze_done + strb w4,[$out],#1 + +.Lsqueeze_done: + ldp x19,x20,[sp,#16] + ldp x21,x22,[sp,#32] + ldp x29,x30,[sp],#48 + ret +.size SHA3_squeeze,.-SHA3_squeeze +___ +} }}} + {{{ +my @A = map([ "v".$_.".16b", "v".($_+1).".16b", "v".($_+2).".16b", + "v".($_+3).".16b", "v".($_+4).".16b" ], + (0, 5, 10, 15, 20)); + +my @C = map("v$_.16b", (25..31)); + +$code.=<<___; +.type KeccakF1600_ce,%function +.align 5 +KeccakF1600_ce: + mov x9,#12 + adr x10,iotas + b .Loop_ce +.align 4 +.Loop_ce: +___ +for($i=0; $i<2; $i++) { +$code.=<<___; + ////////////////////////////////////////////////// Theta + eor3 $C[0],$A[0][0],$A[1][0],$A[2][0] + eor3 $C[1],$A[0][1],$A[1][1],$A[2][1] + eor3 $C[2],$A[0][2],$A[1][2],$A[2][2] + eor3 $C[3],$A[0][3],$A[1][3],$A[2][3] + eor3 $C[4],$A[0][4],$A[1][4],$A[2][4] + eor3 $C[0],$C[0], $A[3][0],$A[4][0] + eor3 $C[1],$C[1], $A[3][1],$A[4][1] + eor3 $C[2],$C[2], $A[3][2],$A[4][2] + eor3 $C[3],$C[3], $A[3][3],$A[4][3] + eor3 $C[4],$C[4], $A[3][4],$A[4][4] + + rax1 $C[5],$C[0],$C[2] // D[1] + rax1 $C[6],$C[1],$C[3] // D[2] + rax1 $C[2],$C[2],$C[4] // D[3] + rax1 $C[3],$C[3],$C[0] // D[4] + rax1 $C[4],$C[4],$C[1] // D[0] + + ////////////////////////////////////////////////// Theta+Rho+Pi + xar $C[0], $A[1][1],$C[5],#64-$rhotates[1][1] // C[0]=A[0][1] + xar $A[1][1],$A[1][4],$C[3],#64-$rhotates[1][4] + xar $A[1][4],$A[4][2],$C[6],#64-$rhotates[4][2] + xar $A[4][2],$A[2][4],$C[3],#64-$rhotates[2][4] + xar $A[2][4],$A[4][0],$C[4],#64-$rhotates[4][0] + + xar $A[4][0],$A[0][2],$C[6],#64-$rhotates[0][2] + + xar $A[0][2],$A[2][2],$C[6],#64-$rhotates[2][2] + xar $A[2][2],$A[2][3],$C[2],#64-$rhotates[2][3] + xar $A[2][3],$A[3][4],$C[3],#64-$rhotates[3][4] + xar $A[3][4],$A[4][3],$C[2],#64-$rhotates[4][3] + xar $A[4][3],$A[3][0],$C[4],#64-$rhotates[3][0] + + xar $A[3][0],$A[0][4],$C[3],#64-$rhotates[0][4] + + eor $A[0][0],$A[0][0],$C[4] + ldr x11,[x10],#8 + + xar $C[1], $A[3][3],$C[2],#64-$rhotates[3][3] // C[1]=A[0][3] + xar $A[3][3],$A[3][2],$C[6],#64-$rhotates[3][2] + xar $A[3][2],$A[2][1],$C[5],#64-$rhotates[2][1] + xar $A[2][1],$A[1][2],$C[6],#64-$rhotates[1][2] + xar $A[1][2],$A[2][0],$C[4],#64-$rhotates[2][0] + + xar $A[2][0],$A[0][1],$C[5],#64-$rhotates[0][1] // * + + xar $A[0][4],$A[4][4],$C[3],#64-$rhotates[4][4] + xar $A[4][4],$A[4][1],$C[5],#64-$rhotates[4][1] + xar $A[4][1],$A[1][3],$C[2],#64-$rhotates[1][3] + xar $A[1][3],$A[3][1],$C[5],#64-$rhotates[3][1] + xar $A[3][1],$A[1][0],$C[4],#64-$rhotates[1][0] + + xar $C[2], $A[0][3],$C[2],#64-$rhotates[0][3] // C[2]=A[1][0] + + ////////////////////////////////////////////////// Chi+Iota + dup $C[6],x11 // borrow C[6] + bcax $C[3], $A[0][0],$A[0][2],$C[0] // * + bcax $A[0][1],$C[0], $C[1], $A[0][2] // * + bcax $A[0][2],$A[0][2],$A[0][4],$C[1] + bcax $A[0][3],$C[1], $A[0][0],$A[0][4] + bcax $A[0][4],$A[0][4],$C[0], $A[0][0] + + bcax $A[1][0],$C[2], $A[1][2],$A[1][1] // * + bcax $C[0], $A[1][1],$A[1][3],$A[1][2] // * + bcax $A[1][2],$A[1][2],$A[1][4],$A[1][3] + bcax $A[1][3],$A[1][3],$C[2], $A[1][4] + bcax $A[1][4],$A[1][4],$A[1][1],$C[2] + + eor $A[0][0],$C[3],$C[6] // Iota + + bcax $C[1], $A[2][0],$A[2][2],$A[2][1] // * + bcax $C[2], $A[2][1],$A[2][3],$A[2][2] // * + bcax $A[2][2],$A[2][2],$A[2][4],$A[2][3] + bcax $A[2][3],$A[2][3],$A[2][0],$A[2][4] + bcax $A[2][4],$A[2][4],$A[2][1],$A[2][0] + + bcax $C[3], $A[3][0],$A[3][2],$A[3][1] // * + bcax $C[4], $A[3][1],$A[3][3],$A[3][2] // * + bcax $A[3][2],$A[3][2],$A[3][4],$A[3][3] + bcax $A[3][3],$A[3][3],$A[3][0],$A[3][4] + bcax $A[3][4],$A[3][4],$A[3][1],$A[3][0] + + bcax $C[5], $A[4][0],$A[4][2],$A[4][1] // * + bcax $C[6], $A[4][1],$A[4][3],$A[4][2] // * + bcax $A[4][2],$A[4][2],$A[4][4],$A[4][3] + bcax $A[4][3],$A[4][3],$A[4][0],$A[4][4] + bcax $A[4][4],$A[4][4],$A[4][1],$A[4][0] +___ + ( $A[1][1], $C[0]) = ( $C[0], $A[1][1]); + ($A[2][0],$A[2][1], $C[1],$C[2]) = ($C[1],$C[2], $A[2][0],$A[2][1]); + ($A[3][0],$A[3][1], $C[3],$C[4]) = ($C[3],$C[4], $A[3][0],$A[3][1]); + ($A[4][0],$A[4][1], $C[5],$C[6]) = ($C[5],$C[6], $A[4][0],$A[4][1]); +} +$code.=<<___; + subs x9,x9,#1 + bne .Loop_ce + + ret +.size KeccakF1600_ce,.-KeccakF1600_ce + +.type KeccakF1600_cext,%function +.align 5 +KeccakF1600_cext: + stp x29,x30,[sp,#-80]! + add x29,sp,#0 + stp d8,d9,[sp,#16] // per ABI requirement + stp d10,d11,[sp,#32] + stp d12,d13,[sp,#48] + stp d14,d15,[sp,#64] +___ +for($i=0; $i<24; $i+=2) { # load A[5][5] +my $j=$i+1; +$code.=<<___; + ldp d$i,d$j,[x0,#8*$i] +___ +} +$code.=<<___; + ldr d24,[x0,#8*$i] + bl KeccakF1600_ce + ldr x30,[sp,#8] +___ +for($i=0; $i<24; $i+=2) { # store A[5][5] +my $j=$i+1; +$code.=<<___; + stp d$i,d$j,[x0,#8*$i] +___ +} +$code.=<<___; + str d24,[x0,#8*$i] + + ldp d8,d9,[sp,#16] + ldp d10,d11,[sp,#32] + ldp d12,d13,[sp,#48] + ldp d14,d15,[sp,#64] + ldr x29,[sp],#80 + ret +.size KeccakF1600_cext,.-KeccakF1600_cext +___ + +{ +my ($ctx,$inp,$len,$bsz) = map("x$_",(0..3)); + +$code.=<<___; +.globl SHA3_absorb_cext +.type SHA3_absorb_cext,%function +.align 5 +SHA3_absorb_cext: + stp x29,x30,[sp,#-80]! + add x29,sp,#0 + stp d8,d9,[sp,#16] // per ABI requirement + stp d10,d11,[sp,#32] + stp d12,d13,[sp,#48] + stp d14,d15,[sp,#64] +___ +for($i=0; $i<24; $i+=2) { # load A[5][5] +my $j=$i+1; +$code.=<<___; + ldp d$i,d$j,[x0,#8*$i] +___ +} +$code.=<<___; + ldr d24,[x0,#8*$i] + b .Loop_absorb_ce + +.align 4 +.Loop_absorb_ce: + subs $len,$len,$bsz // len - bsz + blo .Labsorbed_ce +___ +for (my $i=0; $i<24; $i+=2) { +my $j = $i+1; +$code.=<<___; + ldr d31,[$inp],#8 // *inp++ +#ifdef __AARCH64EB__ + rev64 v31.16b,v31.16b +#endif + eor $A[$i/5][$i%5],$A[$i/5][$i%5],v31.16b + cmp $bsz,#8*($i+2) + blo .Lprocess_block_ce + ldr d31,[$inp],#8 // *inp++ +#ifdef __AARCH64EB__ + rev v31.16b,v31.16b +#endif + eor $A[$j/5][$j%5],$A[$j/5][$j%5],v31.16b + beq .Lprocess_block_ce +___ +} +$code.=<<___; + ldr d31,[$inp],#8 // *inp++ +#ifdef __AARCH64EB__ + rev v31.16b,v31.16b +#endif + eor $A[4][4],$A[4][4],v31.16b + +.Lprocess_block_ce: + + bl KeccakF1600_ce + + b .Loop_absorb_ce + +.align 4 +.Labsorbed_ce: +___ +for($i=0; $i<24; $i+=2) { # store A[5][5] +my $j=$i+1; +$code.=<<___; + stp d$i,d$j,[x0,#8*$i] +___ +} +$code.=<<___; + str d24,[x0,#8*$i] + add x0,$len,$bsz // return value + + ldp d8,d9,[sp,#16] + ldp d10,d11,[sp,#32] + ldp d12,d13,[sp,#48] + ldp d14,d15,[sp,#64] + ldp x29,x30,[sp],#80 + ret +.size SHA3_absorb_cext,.-SHA3_absorb_cext +___ +} +{ +my ($ctx,$out,$len,$bsz) = map("x$_",(0..3)); +$code.=<<___; +.globl SHA3_squeeze_cext +.type SHA3_squeeze_cext,%function +.align 5 +SHA3_squeeze_cext: + stp x29,x30,[sp,#-16]! + add x29,sp,#0 + mov x9,$ctx + mov x10,$bsz + +.Loop_squeeze_ce: + ldr x4,[x9],#8 + cmp $len,#8 + blo .Lsqueeze_tail_ce +#ifdef __AARCH64EB__ + rev x4,x4 +#endif + str x4,[$out],#8 + beq .Lsqueeze_done_ce + + sub $len,$len,#8 + subs x10,x10,#8 + bhi .Loop_squeeze_ce + + bl KeccakF1600_cext + ldr x30,[sp,#8] + mov x9,$ctx + mov x10,$bsz + b .Loop_squeeze_ce + +.align 4 +.Lsqueeze_tail_ce: + strb w4,[$out],#1 + lsr x4,x4,#8 + subs $len,$len,#1 + beq .Lsqueeze_done_ce + strb w4,[$out],#1 + lsr x4,x4,#8 + subs $len,$len,#1 + beq .Lsqueeze_done_ce + strb w4,[$out],#1 + lsr x4,x4,#8 + subs $len,$len,#1 + beq .Lsqueeze_done_ce + strb w4,[$out],#1 + lsr x4,x4,#8 + subs $len,$len,#1 + beq .Lsqueeze_done_ce + strb w4,[$out],#1 + lsr x4,x4,#8 + subs $len,$len,#1 + beq .Lsqueeze_done_ce + strb w4,[$out],#1 + lsr x4,x4,#8 + subs $len,$len,#1 + beq .Lsqueeze_done_ce + strb w4,[$out],#1 + +.Lsqueeze_done_ce: + ldr x29,[sp],#16 + ret +.size SHA3_squeeze_cext,.-SHA3_squeeze_cext +___ +} }}} +$code.=<<___; +.asciz "Keccak-1600 absorb and squeeze for ARMv8, CRYPTOGAMS by " +___ + +{ my %opcode = ( + "rax1" => 0xce608c00, "eor3" => 0xce000000, + "bcax" => 0xce200000, "xar" => 0xce800000 ); + + sub unsha3 { + my ($mnemonic,$arg)=@_; + + $arg =~ m/[qv]([0-9]+)[^,]*,\s*[qv]([0-9]+)[^,]*(?:,\s*[qv]([0-9]+)[^,]*(?:,\s*[qv#]([0-9\-]+))?)?/ + && + sprintf ".inst\t0x%08x\t//%s %s", + $opcode{$mnemonic}|$1|($2<<5)|($3<<16)|(eval($4)<<10), + $mnemonic,$arg; + } +} + +foreach(split("\n",$code)) { + + s/\`([^\`]*)\`/eval($1)/ge; + + m/\bdup\b/ and s/\.16b/.2d/g or + s/\b(eor3|rax1|xar|bcax)\s+(v.*)/unsha3($1,$2)/ge; + + print $_,"\n"; +} + +close STDOUT; diff --git a/deps/openssl/openssl/crypto/sha/asm/keccak1600-avx2.pl b/deps/openssl/openssl/crypto/sha/asm/keccak1600-avx2.pl new file mode 100755 index 00000000000000..d9fc1c59ec29d0 --- /dev/null +++ b/deps/openssl/openssl/crypto/sha/asm/keccak1600-avx2.pl @@ -0,0 +1,482 @@ +#!/usr/bin/env perl +# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# Keccak-1600 for AVX2. +# +# July 2017. +# +# To paraphrase Gilles Van Assche, if you contemplate Fig. 2.3 on page +# 20 of The Keccak reference [or Fig. 5 of FIPS PUB 202], and load data +# other than A[0][0] in magic order into 6 [256-bit] registers, *each +# dedicated to one axis*, Pi permutation is reduced to intra-register +# shuffles... +# +# It makes other steps more intricate, but overall, is it a win? To be +# more specific index permutations organized by quadruples are: +# +# [4][4] [3][3] [2][2] [1][1]<-+ +# [0][4] [0][3] [0][2] [0][1]<-+ +# [3][0] [1][0] [4][0] [2][0] | +# [4][3] [3][1] [2][4] [1][2] | +# [3][4] [1][3] [4][2] [2][1] | +# [2][3] [4][1] [1][4] [3][2] | +# [2][2] [4][4] [1][1] [3][3] -+ +# +# This however is highly impractical for Theta and Chi. What would help +# Theta is if x indices were aligned column-wise, or in other words: +# +# [0][4] [0][3] [0][2] [0][1] +# [3][0] [1][0] [4][0] [2][0] +#vpermq([4][3] [3][1] [2][4] [1][2], 0b01110010) +# [2][4] [4][3] [1][2] [3][1] +#vpermq([4][2] [3][4] [2][1] [1][3], 0b10001101) +# [3][4] [1][3] [4][2] [2][1] +#vpermq([2][3] [4][1] [1][4] [3][2], 0b01110010) +# [1][4] [2][3] [3][2] [4][1] +#vpermq([1][1] [2][2] [3][3] [4][4], 0b00011011) +# [4][4] [3][3] [2][2] [1][1] +# +# So here we have it, lines not marked with vpermq() represent the magic +# order in which data is to be loaded and maintained. [And lines marked +# with vpermq() represent Pi circular permutation in chosen layout. Note +# that first step is permutation-free.] A[0][0] is loaded to register of +# its own, to all lanes. [A[0][0] is not part of Pi permutation or Rho.] +# Digits in variables' names denote right-most coordinates: + +my ($A00, # [0][0] [0][0] [0][0] [0][0] # %ymm0 + $A01, # [0][4] [0][3] [0][2] [0][1] # %ymm1 + $A20, # [3][0] [1][0] [4][0] [2][0] # %ymm2 + $A31, # [2][4] [4][3] [1][2] [3][1] # %ymm3 + $A21, # [3][4] [1][3] [4][2] [2][1] # %ymm4 + $A41, # [1][4] [2][3] [3][2] [4][1] # %ymm5 + $A11) = # [4][4] [3][3] [2][2] [1][1] # %ymm6 + map("%ymm$_",(0..6)); + +# We also need to map the magic order into offsets within structure: + +my @A_jagged = ([0,0], [1,0], [1,1], [1,2], [1,3], # [0][0..4] + [2,2], [6,0], [3,1], [4,2], [5,3], # [1][0..4] + [2,0], [4,0], [6,1], [5,2], [3,3], # [2][0..4] + [2,3], [3,0], [5,1], [6,2], [4,3], # [3][0..4] + [2,1], [5,0], [4,1], [3,2], [6,3]); # [4][0..4] + @A_jagged = map(8*($$_[0]*4+$$_[1]), @A_jagged); # ... and now linear + +# But on the other hand Chi is much better off if y indices were aligned +# column-wise, not x. For this reason we have to shuffle data prior +# Chi and revert it afterwards. Prior shuffle is naturally merged with +# Pi itself: +# +# [0][4] [0][3] [0][2] [0][1] +# [3][0] [1][0] [4][0] [2][0] +#vpermq([4][3] [3][1] [2][4] [1][2], 0b01110010) +#vpermq([2][4] [4][3] [1][2] [3][1], 0b00011011) = 0b10001101 +# [3][1] [1][2] [4][3] [2][4] +#vpermq([4][2] [3][4] [2][1] [1][3], 0b10001101) +#vpermq([3][4] [1][3] [4][2] [2][1], 0b11100100) = 0b10001101 +# [3][4] [1][3] [4][2] [2][1] +#vpermq([2][3] [4][1] [1][4] [3][2], 0b01110010) +#vpermq([1][4] [2][3] [3][2] [4][1], 0b01110010) = 0b00011011 +# [3][2] [1][4] [4][1] [2][3] +#vpermq([1][1] [2][2] [3][3] [4][4], 0b00011011) +#vpermq([4][4] [3][3] [2][2] [1][1], 0b10001101) = 0b01110010 +# [3][3] [1][1] [4][4] [2][2] +# +# And reverse post-Chi permutation: +# +# [0][4] [0][3] [0][2] [0][1] +# [3][0] [1][0] [4][0] [2][0] +#vpermq([3][1] [1][2] [4][3] [2][4], 0b00011011) +# [2][4] [4][3] [1][2] [3][1] +#vpermq([3][4] [1][3] [4][2] [2][1], 0b11100100) = nop :-) +# [3][4] [1][3] [4][2] [2][1] +#vpermq([3][2] [1][4] [4][1] [2][3], 0b10001101) +# [1][4] [2][3] [3][2] [4][1] +#vpermq([3][3] [1][1] [4][4] [2][2], 0b01110010) +# [4][4] [3][3] [2][2] [1][1] +# +######################################################################## +# Numbers are cycles per processed byte out of large message. +# +# r=1088(*) +# +# Haswell 8.7/+10% +# Skylake 7.8/+20% +# Ryzen 17(**) +# +# (*) Corresponds to SHA3-256. Percentage after slash is improvement +# coefficient in comparison to scalar keccak1600-x86_64.pl. +# (**) It's expected that Ryzen performs poorly, because instruction +# issue rate is limited to two AVX2 instructions per cycle and +# in addition vpblendd is reportedly bound to specific port. +# Obviously this code path should not be executed on Ryzen. + +my @T = map("%ymm$_",(7..15)); +my ($C14,$C00,$D00,$D14) = @T[5..8]; + +$code.=<<___; +.text + +.type __KeccakF1600,\@function +.align 32 +__KeccakF1600: + lea rhotates_left+96(%rip),%r8 + lea rhotates_right+96(%rip),%r9 + lea iotas(%rip),%r10 + mov \$24,%eax + jmp .Loop_avx2 + +.align 32 +.Loop_avx2: + ######################################### Theta + vpshufd \$0b01001110,$A20,$C00 + vpxor $A31,$A41,$C14 + vpxor $A11,$A21,@T[2] + vpxor $A01,$C14,$C14 + vpxor @T[2],$C14,$C14 # C[1..4] + + vpermq \$0b10010011,$C14,@T[4] + vpxor $A20,$C00,$C00 + vpermq \$0b01001110,$C00,@T[0] + + vpsrlq \$63,$C14,@T[1] + vpaddq $C14,$C14,@T[2] + vpor @T[2],@T[1],@T[1] # ROL64(C[1..4],1) + + vpermq \$0b00111001,@T[1],$D14 + vpxor @T[4],@T[1],$D00 + vpermq \$0b00000000,$D00,$D00 # D[0..0] = ROL64(C[1],1) ^ C[4] + + vpxor $A00,$C00,$C00 + vpxor @T[0],$C00,$C00 # C[0..0] + + vpsrlq \$63,$C00,@T[0] + vpaddq $C00,$C00,@T[1] + vpor @T[0],@T[1],@T[1] # ROL64(C[0..0],1) + + vpxor $D00,$A20,$A20 # ^= D[0..0] + vpxor $D00,$A00,$A00 # ^= D[0..0] + + vpblendd \$0b11000000,@T[1],$D14,$D14 + vpblendd \$0b00000011,$C00,@T[4],@T[4] + vpxor @T[4],$D14,$D14 # D[1..4] = ROL64(C[2..4,0),1) ^ C[0..3] + + ######################################### Rho + Pi + pre-Chi shuffle + vpsllvq 0*32-96(%r8),$A20,@T[3] + vpsrlvq 0*32-96(%r9),$A20,$A20 + vpor @T[3],$A20,$A20 + + vpxor $D14,$A31,$A31 # ^= D[1..4] from Theta + vpsllvq 2*32-96(%r8),$A31,@T[4] + vpsrlvq 2*32-96(%r9),$A31,$A31 + vpor @T[4],$A31,$A31 + + vpxor $D14,$A21,$A21 # ^= D[1..4] from Theta + vpsllvq 3*32-96(%r8),$A21,@T[5] + vpsrlvq 3*32-96(%r9),$A21,$A21 + vpor @T[5],$A21,$A21 + + vpxor $D14,$A41,$A41 # ^= D[1..4] from Theta + vpsllvq 4*32-96(%r8),$A41,@T[6] + vpsrlvq 4*32-96(%r9),$A41,$A41 + vpor @T[6],$A41,$A41 + + vpxor $D14,$A11,$A11 # ^= D[1..4] from Theta + vpermq \$0b10001101,$A20,@T[3] # $A20 -> future $A31 + vpermq \$0b10001101,$A31,@T[4] # $A31 -> future $A21 + vpsllvq 5*32-96(%r8),$A11,@T[7] + vpsrlvq 5*32-96(%r9),$A11,@T[1] + vpor @T[7],@T[1],@T[1] # $A11 -> future $A01 + + vpxor $D14,$A01,$A01 # ^= D[1..4] from Theta + vpermq \$0b00011011,$A21,@T[5] # $A21 -> future $A41 + vpermq \$0b01110010,$A41,@T[6] # $A41 -> future $A11 + vpsllvq 1*32-96(%r8),$A01,@T[8] + vpsrlvq 1*32-96(%r9),$A01,@T[2] + vpor @T[8],@T[2],@T[2] # $A01 -> future $A20 + + ######################################### Chi + vpsrldq \$8,@T[1],@T[7] + vpandn @T[7],@T[1],@T[0] # tgting [0][0] [0][0] [0][0] [0][0] + + vpblendd \$0b00001100,@T[6],@T[2],$A31 # [4][4] [2][0] + vpblendd \$0b00001100,@T[2],@T[4],@T[8] # [4][0] [2][1] + vpblendd \$0b00001100,@T[4],@T[3],$A41 # [4][2] [2][4] + vpblendd \$0b00001100,@T[3],@T[2],@T[7] # [4][3] [2][0] + vpblendd \$0b00110000,@T[4],$A31,$A31 # [1][3] [4][4] [2][0] + vpblendd \$0b00110000,@T[5],@T[8],@T[8] # [1][4] [4][0] [2][1] + vpblendd \$0b00110000,@T[2],$A41,$A41 # [1][0] [4][2] [2][4] + vpblendd \$0b00110000,@T[6],@T[7],@T[7] # [1][1] [4][3] [2][0] + vpblendd \$0b11000000,@T[5],$A31,$A31 # [3][2] [1][3] [4][4] [2][0] + vpblendd \$0b11000000,@T[6],@T[8],@T[8] # [3][3] [1][4] [4][0] [2][1] + vpblendd \$0b11000000,@T[6],$A41,$A41 # [3][3] [1][0] [4][2] [2][4] + vpblendd \$0b11000000,@T[4],@T[7],@T[7] # [3][4] [1][1] [4][3] [2][0] + vpandn @T[8],$A31,$A31 # tgting [3][1] [1][2] [4][3] [2][4] + vpandn @T[7],$A41,$A41 # tgting [3][2] [1][4] [4][1] [2][3] + + vpblendd \$0b00001100,@T[2],@T[5],$A11 # [4][0] [2][3] + vpblendd \$0b00001100,@T[5],@T[3],@T[8] # [4][1] [2][4] + vpxor @T[3],$A31,$A31 + vpblendd \$0b00110000,@T[3],$A11,$A11 # [1][2] [4][0] [2][3] + vpblendd \$0b00110000,@T[4],@T[8],@T[8] # [1][3] [4][1] [2][4] + vpxor @T[5],$A41,$A41 + vpblendd \$0b11000000,@T[4],$A11,$A11 # [3][4] [1][2] [4][0] [2][3] + vpblendd \$0b11000000,@T[2],@T[8],@T[8] # [3][0] [1][3] [4][1] [2][4] + vpandn @T[8],$A11,$A11 # tgting [3][3] [1][1] [4][4] [2][2] + vpxor @T[6],$A11,$A11 + + vpermq \$0b00011110,@T[1],$A21 # [0][1] [0][2] [0][4] [0][3] + vpblendd \$0b00110000,$A00,$A21,@T[8] # [0][1] [0][0] [0][4] [0][3] + vpermq \$0b00111001,@T[1],$A01 # [0][1] [0][4] [0][3] [0][2] + vpblendd \$0b11000000,$A00,$A01,$A01 # [0][0] [0][4] [0][3] [0][2] + vpandn @T[8],$A01,$A01 # tgting [0][4] [0][3] [0][2] [0][1] + + vpblendd \$0b00001100,@T[5],@T[4],$A20 # [4][1] [2][1] + vpblendd \$0b00001100,@T[4],@T[6],@T[7] # [4][2] [2][2] + vpblendd \$0b00110000,@T[6],$A20,$A20 # [1][1] [4][1] [2][1] + vpblendd \$0b00110000,@T[3],@T[7],@T[7] # [1][2] [4][2] [2][2] + vpblendd \$0b11000000,@T[3],$A20,$A20 # [3][1] [1][1] [4][1] [2][1] + vpblendd \$0b11000000,@T[5],@T[7],@T[7] # [3][2] [1][2] [4][2] [2][2] + vpandn @T[7],$A20,$A20 # tgting [3][0] [1][0] [4][0] [2][0] + vpxor @T[2],$A20,$A20 + + vpermq \$0b00000000,@T[0],@T[0] # [0][0] [0][0] [0][0] [0][0] + vpermq \$0b00011011,$A31,$A31 # post-Chi shuffle + vpermq \$0b10001101,$A41,$A41 + vpermq \$0b01110010,$A11,$A11 + + vpblendd \$0b00001100,@T[3],@T[6],$A21 # [4][3] [2][2] + vpblendd \$0b00001100,@T[6],@T[5],@T[7] # [4][4] [2][3] + vpblendd \$0b00110000,@T[5],$A21,$A21 # [1][4] [4][3] [2][2] + vpblendd \$0b00110000,@T[2],@T[7],@T[7] # [1][0] [4][4] [2][3] + vpblendd \$0b11000000,@T[2],$A21,$A21 # [3][0] [1][4] [4][3] [2][2] + vpblendd \$0b11000000,@T[3],@T[7],@T[7] # [3][1] [1][0] [4][4] [2][3] + vpandn @T[7],$A21,$A21 # tgting [3][4] [1][3] [4][2] [2][1] + + vpxor @T[0],$A00,$A00 + vpxor @T[1],$A01,$A01 + vpxor @T[4],$A21,$A21 + + ######################################### Iota + vpxor (%r10),$A00,$A00 + lea 32(%r10),%r10 + + dec %eax + jnz .Loop_avx2 + + ret +.size __KeccakF1600,.-__KeccakF1600 +___ +my ($A_flat,$inp,$len,$bsz) = ("%rdi","%rsi","%rdx","%rcx"); +my $out = $inp; # in squeeze + +$code.=<<___; +.globl SHA3_absorb +.type SHA3_absorb,\@function +.align 32 +SHA3_absorb: + mov %rsp,%r11 + + lea -240(%rsp),%rsp + and \$-32,%rsp + + lea 96($A_flat),$A_flat + lea 96($inp),$inp + lea 96(%rsp),%r10 + + vzeroupper + + vpbroadcastq -96($A_flat),$A00 # load A[5][5] + vmovdqu 8+32*0-96($A_flat),$A01 + vmovdqu 8+32*1-96($A_flat),$A20 + vmovdqu 8+32*2-96($A_flat),$A31 + vmovdqu 8+32*3-96($A_flat),$A21 + vmovdqu 8+32*4-96($A_flat),$A41 + vmovdqu 8+32*5-96($A_flat),$A11 + + vpxor @T[0],@T[0],@T[0] + vmovdqa @T[0],32*2-96(%r10) # zero transfer area on stack + vmovdqa @T[0],32*3-96(%r10) + vmovdqa @T[0],32*4-96(%r10) + vmovdqa @T[0],32*5-96(%r10) + vmovdqa @T[0],32*6-96(%r10) + +.Loop_absorb_avx2: + mov $bsz,%rax + sub $bsz,$len + jc .Ldone_absorb_avx2 + + shr \$3,%eax + vpbroadcastq 0-96($inp),@T[0] + vmovdqu 8-96($inp),@T[1] + sub \$4,%eax +___ +for(my $i=5; $i<25; $i++) { +$code.=<<___ + dec %eax + jz .Labsorved_avx2 + mov 8*$i-96($inp),%r8 + mov %r8,$A_jagged[$i]-96(%r10) +___ +} +$code.=<<___; +.Labsorved_avx2: + lea ($inp,$bsz),$inp + + vpxor @T[0],$A00,$A00 + vpxor @T[1],$A01,$A01 + vpxor 32*2-96(%r10),$A20,$A20 + vpxor 32*3-96(%r10),$A31,$A31 + vpxor 32*4-96(%r10),$A21,$A21 + vpxor 32*5-96(%r10),$A41,$A41 + vpxor 32*6-96(%r10),$A11,$A11 + + call __KeccakF1600 + + lea 96(%rsp),%r10 + jmp .Loop_absorb_avx2 + +.Ldone_absorb_avx2: + vmovq %xmm0,-96($A_flat) + vmovdqu $A01,8+32*0-96($A_flat) + vmovdqu $A20,8+32*1-96($A_flat) + vmovdqu $A31,8+32*2-96($A_flat) + vmovdqu $A21,8+32*3-96($A_flat) + vmovdqu $A41,8+32*4-96($A_flat) + vmovdqu $A11,8+32*5-96($A_flat) + + vzeroupper + + lea (%r11),%rsp + lea ($len,$bsz),%rax # return value + ret +.size SHA3_absorb,.-SHA3_absorb + +.globl SHA3_squeeze +.type SHA3_squeeze,\@function +.align 32 +SHA3_squeeze: + mov %rsp,%r11 + + lea 96($A_flat),$A_flat + shr \$3,$bsz + + vzeroupper + + vpbroadcastq -96($A_flat),$A00 + vpxor @T[0],@T[0],@T[0] + vmovdqu 8+32*0-96($A_flat),$A01 + vmovdqu 8+32*1-96($A_flat),$A20 + vmovdqu 8+32*2-96($A_flat),$A31 + vmovdqu 8+32*3-96($A_flat),$A21 + vmovdqu 8+32*4-96($A_flat),$A41 + vmovdqu 8+32*5-96($A_flat),$A11 + + mov $bsz,%rax + +.Loop_squeeze_avx2: + mov @A_jagged[$i]-96($A_flat),%r8 +___ +for (my $i=0; $i<25; $i++) { +$code.=<<___; + sub \$8,$len + jc .Ltail_squeeze_avx2 + mov %r8,($out) + lea 8($out),$out + je .Ldone_squeeze_avx2 + dec %eax + je .Lextend_output_avx2 + mov @A_jagged[$i+1]-120($A_flat),%r8 +___ +} +$code.=<<___; +.Lextend_output_avx2: + call __KeccakF1600 + + vmovq %xmm0,-96($A_flat) + vmovdqu $A01,8+32*0-96($A_flat) + vmovdqu $A20,8+32*1-96($A_flat) + vmovdqu $A31,8+32*2-96($A_flat) + vmovdqu $A21,8+32*3-96($A_flat) + vmovdqu $A41,8+32*4-96($A_flat) + vmovdqu $A11,8+32*5-96($A_flat) + + mov $bsz,%rax + jmp .Loop_squeeze_avx2 + + +.Ltail_squeeze_avx2: + add \$8,$len +.Loop_tail_avx2: + mov %r8b,($out) + lea 1($out),$out + shr \$8,%r8 + dec $len + jnz .Loop_tail_avx2 + +.Ldone_squeeze_avx2: + vzeroupper + + lea (%r11),%rsp + ret +.size SHA3_squeeze,.-SHA3_squeeze + +.align 64 +rhotates_left: + .quad 3, 18, 36, 41 # [2][0] [4][0] [1][0] [3][0] + .quad 1, 62, 28, 27 # [0][1] [0][2] [0][3] [0][4] + .quad 45, 6, 56, 39 # [3][1] [1][2] [4][3] [2][4] + .quad 10, 61, 55, 8 # [2][1] [4][2] [1][3] [3][4] + .quad 2, 15, 25, 20 # [4][1] [3][2] [2][3] [1][4] + .quad 44, 43, 21, 14 # [1][1] [2][2] [3][3] [4][4] +rhotates_right: + .quad 64-3, 64-18, 64-36, 64-41 + .quad 64-1, 64-62, 64-28, 64-27 + .quad 64-45, 64-6, 64-56, 64-39 + .quad 64-10, 64-61, 64-55, 64-8 + .quad 64-2, 64-15, 64-25, 64-20 + .quad 64-44, 64-43, 64-21, 64-14 +iotas: + .quad 0x0000000000000001, 0x0000000000000001, 0x0000000000000001, 0x0000000000000001 + .quad 0x0000000000008082, 0x0000000000008082, 0x0000000000008082, 0x0000000000008082 + .quad 0x800000000000808a, 0x800000000000808a, 0x800000000000808a, 0x800000000000808a + .quad 0x8000000080008000, 0x8000000080008000, 0x8000000080008000, 0x8000000080008000 + .quad 0x000000000000808b, 0x000000000000808b, 0x000000000000808b, 0x000000000000808b + .quad 0x0000000080000001, 0x0000000080000001, 0x0000000080000001, 0x0000000080000001 + .quad 0x8000000080008081, 0x8000000080008081, 0x8000000080008081, 0x8000000080008081 + .quad 0x8000000000008009, 0x8000000000008009, 0x8000000000008009, 0x8000000000008009 + .quad 0x000000000000008a, 0x000000000000008a, 0x000000000000008a, 0x000000000000008a + .quad 0x0000000000000088, 0x0000000000000088, 0x0000000000000088, 0x0000000000000088 + .quad 0x0000000080008009, 0x0000000080008009, 0x0000000080008009, 0x0000000080008009 + .quad 0x000000008000000a, 0x000000008000000a, 0x000000008000000a, 0x000000008000000a + .quad 0x000000008000808b, 0x000000008000808b, 0x000000008000808b, 0x000000008000808b + .quad 0x800000000000008b, 0x800000000000008b, 0x800000000000008b, 0x800000000000008b + .quad 0x8000000000008089, 0x8000000000008089, 0x8000000000008089, 0x8000000000008089 + .quad 0x8000000000008003, 0x8000000000008003, 0x8000000000008003, 0x8000000000008003 + .quad 0x8000000000008002, 0x8000000000008002, 0x8000000000008002, 0x8000000000008002 + .quad 0x8000000000000080, 0x8000000000000080, 0x8000000000000080, 0x8000000000000080 + .quad 0x000000000000800a, 0x000000000000800a, 0x000000000000800a, 0x000000000000800a + .quad 0x800000008000000a, 0x800000008000000a, 0x800000008000000a, 0x800000008000000a + .quad 0x8000000080008081, 0x8000000080008081, 0x8000000080008081, 0x8000000080008081 + .quad 0x8000000000008080, 0x8000000000008080, 0x8000000000008080, 0x8000000000008080 + .quad 0x0000000080000001, 0x0000000080000001, 0x0000000080000001, 0x0000000080000001 + .quad 0x8000000080008008, 0x8000000080008008, 0x8000000080008008, 0x8000000080008008 + +.asciz "Keccak-1600 absorb and squeeze for AVX2, CRYPTOGAMS by " +___ + +$output=pop; +open STDOUT,">$output"; +print $code; +close STDOUT; diff --git a/deps/openssl/openssl/crypto/sha/asm/keccak1600-avx512.pl b/deps/openssl/openssl/crypto/sha/asm/keccak1600-avx512.pl new file mode 100755 index 00000000000000..9074ff02dec33b --- /dev/null +++ b/deps/openssl/openssl/crypto/sha/asm/keccak1600-avx512.pl @@ -0,0 +1,551 @@ +#!/usr/bin/env perl +# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# Keccak-1600 for AVX-512F. +# +# July 2017. +# +# Below code is KECCAK_1X_ALT implementation (see sha/keccak1600.c). +# Pretty straightforward, the only "magic" is data layout in registers. +# It's impossible to have one that is optimal for every step, hence +# it's changing as algorithm progresses. Data is saved in linear order, +# but in-register order morphs between rounds. Even rounds take in +# linear layout, and odd rounds - transposed, or "verticaly-shaped"... +# +######################################################################## +# Numbers are cycles per processed byte out of large message. +# +# r=1088(*) +# +# Knights Landing 7.6 +# Skylake-X 5.7 +# +# (*) Corresponds to SHA3-256. + +######################################################################## +# Below code is combination of two ideas. One is taken from Keccak Code +# Package, hereafter KCP, and another one from initial version of this +# module. What is common is observation that Pi's input and output are +# "mostly transposed", i.e. if input is aligned by x coordinate, then +# output is [mostly] aligned by y. Both versions, KCP and predecessor, +# were trying to use one of them from round to round, which resulted in +# some kind of transposition in each round. This version still does +# transpose data, but only every second round. Another essential factor +# is that KCP transposition has to be performed with instructions that +# turned to be rather expensive on Knights Landing, both latency- and +# throughput-wise. Not to mention that some of them have to depend on +# each other. On the other hand initial version of this module was +# relying heavily on blend instructions. There were lots of them, +# resulting in higher instruction count, yet it performed better on +# Knights Landing, because processor can execute pair of them each +# cycle and they have minimal latency. This module is an attempt to +# bring best parts together:-) +# +# Coordinates below correspond to those in sha/keccak1600.c. Input +# layout is straight linear: +# +# [0][4] [0][3] [0][2] [0][1] [0][0] +# [1][4] [1][3] [1][2] [1][1] [1][0] +# [2][4] [2][3] [2][2] [2][1] [2][0] +# [3][4] [3][3] [3][2] [3][1] [3][0] +# [4][4] [4][3] [4][2] [4][1] [4][0] +# +# It's perfect for Theta, while Pi is reduced to intra-register +# permutations which yield layout perfect for Chi: +# +# [4][0] [3][0] [2][0] [1][0] [0][0] +# [4][1] [3][1] [2][1] [1][1] [0][1] +# [4][2] [3][2] [2][2] [1][2] [0][2] +# [4][3] [3][3] [2][3] [1][3] [0][3] +# [4][4] [3][4] [2][4] [1][4] [0][4] +# +# Now instead of performing full transposition and feeding it to next +# identical round, we perform kind of diagonal transposition to layout +# from initial version of this module, and make it suitable for Theta: +# +# [4][4] [3][3] [2][2] [1][1] [0][0]>4.3.2.1.0>[4][4] [3][3] [2][2] [1][1] [0][0] +# [4][0] [3][4] [2][3] [1][2] [0][1]>3.2.1.0.4>[3][4] [2][3] [1][2] [0][1] [4][0] +# [4][1] [3][0] [2][4] [1][3] [0][2]>2.1.0.4.3>[2][4] [1][3] [0][2] [4][1] [3][0] +# [4][2] [3][1] [2][0] [1][4] [0][3]>1.0.4.3.2>[1][4] [0][3] [4][2] [3][1] [2][0] +# [4][3] [3][2] [2][1] [1][0] [0][4]>0.4.3.2.1>[0][4] [4][3] [3][2] [2][1] [1][0] +# +# Now intra-register permutations yield initial [almost] straight +# linear layout: +# +# [4][4] [3][3] [2][2] [1][1] [0][0] +##[0][4] [0][3] [0][2] [0][1] [0][0] +# [3][4] [2][3] [1][2] [0][1] [4][0] +##[2][3] [2][2] [2][1] [2][0] [2][4] +# [2][4] [1][3] [0][2] [4][1] [3][0] +##[4][2] [4][1] [4][0] [4][4] [4][3] +# [1][4] [0][3] [4][2] [3][1] [2][0] +##[1][1] [1][0] [1][4] [1][3] [1][2] +# [0][4] [4][3] [3][2] [2][1] [1][0] +##[3][0] [3][4] [3][3] [3][2] [3][1] +# +# This means that odd round Chi is performed in less suitable layout, +# with a number of additional permutations. But overall it turned to be +# a win. Permutations are fastest possible on Knights Landing and they +# are laid down to be independent of each other. In the essence I traded +# 20 blend instructions for 3 permutations. The result is 13% faster +# than KCP on Skylake-X, and >40% on Knights Landing. +# +# As implied, data is loaded in straight linear order. Digits in +# variables' names represent coordinates of right-most element of +# loaded data chunk: + +my ($A00, # [0][4] [0][3] [0][2] [0][1] [0][0] + $A10, # [1][4] [1][3] [1][2] [1][1] [1][0] + $A20, # [2][4] [2][3] [2][2] [2][1] [2][0] + $A30, # [3][4] [3][3] [3][2] [3][1] [3][0] + $A40) = # [4][4] [4][3] [4][2] [4][1] [4][0] + map("%zmm$_",(0..4)); + +# We also need to map the magic order into offsets within structure: + +my @A_jagged = ([0,0], [0,1], [0,2], [0,3], [0,4], + [1,0], [1,1], [1,2], [1,3], [1,4], + [2,0], [2,1], [2,2], [2,3], [2,4], + [3,0], [3,1], [3,2], [3,3], [3,4], + [4,0], [4,1], [4,2], [4,3], [4,4]); + @A_jagged = map(8*($$_[0]*8+$$_[1]), @A_jagged); # ... and now linear + +my @T = map("%zmm$_",(5..12)); +my @Theta = map("%zmm$_",(33,13..16)); # invalid @Theta[0] is not typo +my @Pi0 = map("%zmm$_",(17..21)); +my @Rhotate0 = map("%zmm$_",(22..26)); +my @Rhotate1 = map("%zmm$_",(27..31)); + +my ($C00,$D00) = @T[0..1]; +my ($k00001,$k00010,$k00100,$k01000,$k10000,$k11111) = map("%k$_",(1..6)); + +$code.=<<___; +.text + +.type __KeccakF1600,\@function +.align 32 +__KeccakF1600: + lea iotas(%rip),%r10 + mov \$12,%eax + jmp .Loop_avx512 + +.align 32 +.Loop_avx512: + ######################################### Theta, even round + vmovdqa64 $A00,@T[0] # put aside original A00 + vpternlogq \$0x96,$A20,$A10,$A00 # and use it as "C00" + vpternlogq \$0x96,$A40,$A30,$A00 + + vprolq \$1,$A00,$D00 + vpermq $A00,@Theta[1],$A00 + vpermq $D00,@Theta[4],$D00 + + vpternlogq \$0x96,$A00,$D00,@T[0] # T[0] is original A00 + vpternlogq \$0x96,$A00,$D00,$A10 + vpternlogq \$0x96,$A00,$D00,$A20 + vpternlogq \$0x96,$A00,$D00,$A30 + vpternlogq \$0x96,$A00,$D00,$A40 + + ######################################### Rho + vprolvq @Rhotate0[0],@T[0],$A00 # T[0] is original A00 + vprolvq @Rhotate0[1],$A10,$A10 + vprolvq @Rhotate0[2],$A20,$A20 + vprolvq @Rhotate0[3],$A30,$A30 + vprolvq @Rhotate0[4],$A40,$A40 + + ######################################### Pi + vpermq $A00,@Pi0[0],$A00 + vpermq $A10,@Pi0[1],$A10 + vpermq $A20,@Pi0[2],$A20 + vpermq $A30,@Pi0[3],$A30 + vpermq $A40,@Pi0[4],$A40 + + ######################################### Chi + vmovdqa64 $A00,@T[0] + vmovdqa64 $A10,@T[1] + vpternlogq \$0xD2,$A20,$A10,$A00 + vpternlogq \$0xD2,$A30,$A20,$A10 + vpternlogq \$0xD2,$A40,$A30,$A20 + vpternlogq \$0xD2,@T[0],$A40,$A30 + vpternlogq \$0xD2,@T[1],@T[0],$A40 + + ######################################### Iota + vpxorq (%r10),$A00,${A00}{$k00001} + lea 16(%r10),%r10 + + ######################################### Harmonize rounds + vpblendmq $A20,$A10,@{T[1]}{$k00010} + vpblendmq $A30,$A20,@{T[2]}{$k00010} + vpblendmq $A40,$A30,@{T[3]}{$k00010} + vpblendmq $A10,$A00,@{T[0]}{$k00010} + vpblendmq $A00,$A40,@{T[4]}{$k00010} + + vpblendmq $A30,@T[1],@{T[1]}{$k00100} + vpblendmq $A40,@T[2],@{T[2]}{$k00100} + vpblendmq $A20,@T[0],@{T[0]}{$k00100} + vpblendmq $A00,@T[3],@{T[3]}{$k00100} + vpblendmq $A10,@T[4],@{T[4]}{$k00100} + + vpblendmq $A40,@T[1],@{T[1]}{$k01000} + vpblendmq $A30,@T[0],@{T[0]}{$k01000} + vpblendmq $A00,@T[2],@{T[2]}{$k01000} + vpblendmq $A10,@T[3],@{T[3]}{$k01000} + vpblendmq $A20,@T[4],@{T[4]}{$k01000} + + vpblendmq $A40,@T[0],@{T[0]}{$k10000} + vpblendmq $A00,@T[1],@{T[1]}{$k10000} + vpblendmq $A10,@T[2],@{T[2]}{$k10000} + vpblendmq $A20,@T[3],@{T[3]}{$k10000} + vpblendmq $A30,@T[4],@{T[4]}{$k10000} + + #vpermq @T[0],@Theta[0],$A00 # doesn't actually change order + vpermq @T[1],@Theta[1],$A10 + vpermq @T[2],@Theta[2],$A20 + vpermq @T[3],@Theta[3],$A30 + vpermq @T[4],@Theta[4],$A40 + + ######################################### Theta, odd round + vmovdqa64 $T[0],$A00 # real A00 + vpternlogq \$0x96,$A20,$A10,$C00 # C00 is @T[0]'s alias + vpternlogq \$0x96,$A40,$A30,$C00 + + vprolq \$1,$C00,$D00 + vpermq $C00,@Theta[1],$C00 + vpermq $D00,@Theta[4],$D00 + + vpternlogq \$0x96,$C00,$D00,$A00 + vpternlogq \$0x96,$C00,$D00,$A30 + vpternlogq \$0x96,$C00,$D00,$A10 + vpternlogq \$0x96,$C00,$D00,$A40 + vpternlogq \$0x96,$C00,$D00,$A20 + + ######################################### Rho + vprolvq @Rhotate1[0],$A00,$A00 + vprolvq @Rhotate1[3],$A30,@T[1] + vprolvq @Rhotate1[1],$A10,@T[2] + vprolvq @Rhotate1[4],$A40,@T[3] + vprolvq @Rhotate1[2],$A20,@T[4] + + vpermq $A00,@Theta[4],@T[5] + vpermq $A00,@Theta[3],@T[6] + + ######################################### Iota + vpxorq -8(%r10),$A00,${A00}{$k00001} + + ######################################### Pi + vpermq @T[1],@Theta[2],$A10 + vpermq @T[2],@Theta[4],$A20 + vpermq @T[3],@Theta[1],$A30 + vpermq @T[4],@Theta[3],$A40 + + ######################################### Chi + vpternlogq \$0xD2,@T[6],@T[5],$A00 + + vpermq @T[1],@Theta[1],@T[7] + #vpermq @T[1],@Theta[0],@T[1] + vpternlogq \$0xD2,@T[1],@T[7],$A10 + + vpermq @T[2],@Theta[3],@T[0] + vpermq @T[2],@Theta[2],@T[2] + vpternlogq \$0xD2,@T[2],@T[0],$A20 + + #vpermq @T[3],@Theta[0],@T[3] + vpermq @T[3],@Theta[4],@T[1] + vpternlogq \$0xD2,@T[1],@T[3],$A30 + + vpermq @T[4],@Theta[2],@T[0] + vpermq @T[4],@Theta[1],@T[4] + vpternlogq \$0xD2,@T[4],@T[0],$A40 + + dec %eax + jnz .Loop_avx512 + + ret +.size __KeccakF1600,.-__KeccakF1600 +___ + +my ($A_flat,$inp,$len,$bsz) = ("%rdi","%rsi","%rdx","%rcx"); +my $out = $inp; # in squeeze + +$code.=<<___; +.globl SHA3_absorb +.type SHA3_absorb,\@function +.align 32 +SHA3_absorb: + mov %rsp,%r11 + + lea -320(%rsp),%rsp + and \$-64,%rsp + + lea 96($A_flat),$A_flat + lea 96($inp),$inp + lea 128(%rsp),%r9 + + lea theta_perm(%rip),%r8 + + kxnorw $k11111,$k11111,$k11111 + kshiftrw \$15,$k11111,$k00001 + kshiftrw \$11,$k11111,$k11111 + kshiftlw \$1,$k00001,$k00010 + kshiftlw \$2,$k00001,$k00100 + kshiftlw \$3,$k00001,$k01000 + kshiftlw \$4,$k00001,$k10000 + + #vmovdqa64 64*0(%r8),@Theta[0] + vmovdqa64 64*1(%r8),@Theta[1] + vmovdqa64 64*2(%r8),@Theta[2] + vmovdqa64 64*3(%r8),@Theta[3] + vmovdqa64 64*4(%r8),@Theta[4] + + vmovdqa64 64*5(%r8),@Rhotate1[0] + vmovdqa64 64*6(%r8),@Rhotate1[1] + vmovdqa64 64*7(%r8),@Rhotate1[2] + vmovdqa64 64*8(%r8),@Rhotate1[3] + vmovdqa64 64*9(%r8),@Rhotate1[4] + + vmovdqa64 64*10(%r8),@Rhotate0[0] + vmovdqa64 64*11(%r8),@Rhotate0[1] + vmovdqa64 64*12(%r8),@Rhotate0[2] + vmovdqa64 64*13(%r8),@Rhotate0[3] + vmovdqa64 64*14(%r8),@Rhotate0[4] + + vmovdqa64 64*15(%r8),@Pi0[0] + vmovdqa64 64*16(%r8),@Pi0[1] + vmovdqa64 64*17(%r8),@Pi0[2] + vmovdqa64 64*18(%r8),@Pi0[3] + vmovdqa64 64*19(%r8),@Pi0[4] + + vmovdqu64 40*0-96($A_flat),${A00}{$k11111}{z} + vpxorq @T[0],@T[0],@T[0] + vmovdqu64 40*1-96($A_flat),${A10}{$k11111}{z} + vmovdqu64 40*2-96($A_flat),${A20}{$k11111}{z} + vmovdqu64 40*3-96($A_flat),${A30}{$k11111}{z} + vmovdqu64 40*4-96($A_flat),${A40}{$k11111}{z} + + vmovdqa64 @T[0],0*64-128(%r9) # zero transfer area on stack + vmovdqa64 @T[0],1*64-128(%r9) + vmovdqa64 @T[0],2*64-128(%r9) + vmovdqa64 @T[0],3*64-128(%r9) + vmovdqa64 @T[0],4*64-128(%r9) + jmp .Loop_absorb_avx512 + +.align 32 +.Loop_absorb_avx512: + mov $bsz,%rax + sub $bsz,$len + jc .Ldone_absorb_avx512 + + shr \$3,%eax +___ +for(my $i=0; $i<25; $i++) { +$code.=<<___ + mov 8*$i-96($inp),%r8 + mov %r8,$A_jagged[$i]-128(%r9) + dec %eax + jz .Labsorved_avx512 +___ +} +$code.=<<___; +.Labsorved_avx512: + lea ($inp,$bsz),$inp + + vpxorq 64*0-128(%r9),$A00,$A00 + vpxorq 64*1-128(%r9),$A10,$A10 + vpxorq 64*2-128(%r9),$A20,$A20 + vpxorq 64*3-128(%r9),$A30,$A30 + vpxorq 64*4-128(%r9),$A40,$A40 + + call __KeccakF1600 + + jmp .Loop_absorb_avx512 + +.align 32 +.Ldone_absorb_avx512: + vmovdqu64 $A00,40*0-96($A_flat){$k11111} + vmovdqu64 $A10,40*1-96($A_flat){$k11111} + vmovdqu64 $A20,40*2-96($A_flat){$k11111} + vmovdqu64 $A30,40*3-96($A_flat){$k11111} + vmovdqu64 $A40,40*4-96($A_flat){$k11111} + + vzeroupper + + lea (%r11),%rsp + lea ($len,$bsz),%rax # return value + ret +.size SHA3_absorb,.-SHA3_absorb + +.globl SHA3_squeeze +.type SHA3_squeeze,\@function +.align 32 +SHA3_squeeze: + mov %rsp,%r11 + + lea 96($A_flat),$A_flat + cmp $bsz,$len + jbe .Lno_output_extension_avx512 + + lea theta_perm(%rip),%r8 + + kxnorw $k11111,$k11111,$k11111 + kshiftrw \$15,$k11111,$k00001 + kshiftrw \$11,$k11111,$k11111 + kshiftlw \$1,$k00001,$k00010 + kshiftlw \$2,$k00001,$k00100 + kshiftlw \$3,$k00001,$k01000 + kshiftlw \$4,$k00001,$k10000 + + #vmovdqa64 64*0(%r8),@Theta[0] + vmovdqa64 64*1(%r8),@Theta[1] + vmovdqa64 64*2(%r8),@Theta[2] + vmovdqa64 64*3(%r8),@Theta[3] + vmovdqa64 64*4(%r8),@Theta[4] + + vmovdqa64 64*5(%r8),@Rhotate1[0] + vmovdqa64 64*6(%r8),@Rhotate1[1] + vmovdqa64 64*7(%r8),@Rhotate1[2] + vmovdqa64 64*8(%r8),@Rhotate1[3] + vmovdqa64 64*9(%r8),@Rhotate1[4] + + vmovdqa64 64*10(%r8),@Rhotate0[0] + vmovdqa64 64*11(%r8),@Rhotate0[1] + vmovdqa64 64*12(%r8),@Rhotate0[2] + vmovdqa64 64*13(%r8),@Rhotate0[3] + vmovdqa64 64*14(%r8),@Rhotate0[4] + + vmovdqa64 64*15(%r8),@Pi0[0] + vmovdqa64 64*16(%r8),@Pi0[1] + vmovdqa64 64*17(%r8),@Pi0[2] + vmovdqa64 64*18(%r8),@Pi0[3] + vmovdqa64 64*19(%r8),@Pi0[4] + + vmovdqu64 40*0-96($A_flat),${A00}{$k11111}{z} + vmovdqu64 40*1-96($A_flat),${A10}{$k11111}{z} + vmovdqu64 40*2-96($A_flat),${A20}{$k11111}{z} + vmovdqu64 40*3-96($A_flat),${A30}{$k11111}{z} + vmovdqu64 40*4-96($A_flat),${A40}{$k11111}{z} + +.Lno_output_extension_avx512: + shr \$3,$bsz + lea -96($A_flat),%r9 + mov $bsz,%rax + jmp .Loop_squeeze_avx512 + +.align 32 +.Loop_squeeze_avx512: + cmp \$8,$len + jb .Ltail_squeeze_avx512 + + mov (%r9),%r8 + lea 8(%r9),%r9 + mov %r8,($out) + lea 8($out),$out + sub \$8,$len # len -= 8 + jz .Ldone_squeeze_avx512 + + sub \$1,%rax # bsz-- + jnz .Loop_squeeze_avx512 + + #vpermq @Theta[4],@Theta[4],@Theta[3] + #vpermq @Theta[3],@Theta[4],@Theta[2] + #vpermq @Theta[3],@Theta[3],@Theta[1] + + call __KeccakF1600 + + vmovdqu64 $A00,40*0-96($A_flat){$k11111} + vmovdqu64 $A10,40*1-96($A_flat){$k11111} + vmovdqu64 $A20,40*2-96($A_flat){$k11111} + vmovdqu64 $A30,40*3-96($A_flat){$k11111} + vmovdqu64 $A40,40*4-96($A_flat){$k11111} + + lea -96($A_flat),%r9 + mov $bsz,%rax + jmp .Loop_squeeze_avx512 + +.Ltail_squeeze_avx512: + mov $out,%rdi + mov %r9,%rsi + mov $len,%rcx + .byte 0xf3,0xa4 # rep movsb + +.Ldone_squeeze_avx512: + vzeroupper + + lea (%r11),%rsp + ret +.size SHA3_squeeze,.-SHA3_squeeze + +.align 64 +theta_perm: + .quad 0, 1, 2, 3, 4, 5, 6, 7 # [not used] + .quad 4, 0, 1, 2, 3, 5, 6, 7 + .quad 3, 4, 0, 1, 2, 5, 6, 7 + .quad 2, 3, 4, 0, 1, 5, 6, 7 + .quad 1, 2, 3, 4, 0, 5, 6, 7 + +rhotates1: + .quad 0, 44, 43, 21, 14, 0, 0, 0 # [0][0] [1][1] [2][2] [3][3] [4][4] + .quad 18, 1, 6, 25, 8, 0, 0, 0 # [4][0] [0][1] [1][2] [2][3] [3][4] + .quad 41, 2, 62, 55, 39, 0, 0, 0 # [3][0] [4][1] [0][2] [1][3] [2][4] + .quad 3, 45, 61, 28, 20, 0, 0, 0 # [2][0] [3][1] [4][2] [0][3] [1][4] + .quad 36, 10, 15, 56, 27, 0, 0, 0 # [1][0] [2][1] [3][2] [4][3] [0][4] + +rhotates0: + .quad 0, 1, 62, 28, 27, 0, 0, 0 + .quad 36, 44, 6, 55, 20, 0, 0, 0 + .quad 3, 10, 43, 25, 39, 0, 0, 0 + .quad 41, 45, 15, 21, 8, 0, 0, 0 + .quad 18, 2, 61, 56, 14, 0, 0, 0 + +pi0_perm: + .quad 0, 3, 1, 4, 2, 5, 6, 7 + .quad 1, 4, 2, 0, 3, 5, 6, 7 + .quad 2, 0, 3, 1, 4, 5, 6, 7 + .quad 3, 1, 4, 2, 0, 5, 6, 7 + .quad 4, 2, 0, 3, 1, 5, 6, 7 + + +iotas: + .quad 0x0000000000000001 + .quad 0x0000000000008082 + .quad 0x800000000000808a + .quad 0x8000000080008000 + .quad 0x000000000000808b + .quad 0x0000000080000001 + .quad 0x8000000080008081 + .quad 0x8000000000008009 + .quad 0x000000000000008a + .quad 0x0000000000000088 + .quad 0x0000000080008009 + .quad 0x000000008000000a + .quad 0x000000008000808b + .quad 0x800000000000008b + .quad 0x8000000000008089 + .quad 0x8000000000008003 + .quad 0x8000000000008002 + .quad 0x8000000000000080 + .quad 0x000000000000800a + .quad 0x800000008000000a + .quad 0x8000000080008081 + .quad 0x8000000000008080 + .quad 0x0000000080000001 + .quad 0x8000000080008008 + +.asciz "Keccak-1600 absorb and squeeze for AVX-512F, CRYPTOGAMS by " +___ + +$output=pop; +open STDOUT,">$output"; +print $code; +close STDOUT; diff --git a/deps/openssl/openssl/crypto/sha/asm/keccak1600-avx512vl.pl b/deps/openssl/openssl/crypto/sha/asm/keccak1600-avx512vl.pl new file mode 100755 index 00000000000000..a21bb8615a7cb9 --- /dev/null +++ b/deps/openssl/openssl/crypto/sha/asm/keccak1600-avx512vl.pl @@ -0,0 +1,392 @@ +#!/usr/bin/env perl +# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# Keccak-1600 for AVX512VL. +# +# December 2017. +# +# This is an adaptation of AVX2 module that reuses register data +# layout, but utilizes new 256-bit AVX512VL instructions. See AVX2 +# module for further information on layout. +# +######################################################################## +# Numbers are cycles per processed byte out of large message. +# +# r=1088(*) +# +# Skylake-X 6.4/+47% +# +# (*) Corresponds to SHA3-256. Percentage after slash is improvement +# coefficient in comparison to scalar keccak1600-x86_64.pl. + +# Digits in variables' names denote right-most coordinates: + +my ($A00, # [0][0] [0][0] [0][0] [0][0] # %ymm0 + $A01, # [0][4] [0][3] [0][2] [0][1] # %ymm1 + $A20, # [3][0] [1][0] [4][0] [2][0] # %ymm2 + $A31, # [2][4] [4][3] [1][2] [3][1] # %ymm3 + $A21, # [3][4] [1][3] [4][2] [2][1] # %ymm4 + $A41, # [1][4] [2][3] [3][2] [4][1] # %ymm5 + $A11) = # [4][4] [3][3] [2][2] [1][1] # %ymm6 + map("%ymm$_",(0..6)); + +# We also need to map the magic order into offsets within structure: + +my @A_jagged = ([0,0], [1,0], [1,1], [1,2], [1,3], # [0][0..4] + [2,2], [6,0], [3,1], [4,2], [5,3], # [1][0..4] + [2,0], [4,0], [6,1], [5,2], [3,3], # [2][0..4] + [2,3], [3,0], [5,1], [6,2], [4,3], # [3][0..4] + [2,1], [5,0], [4,1], [3,2], [6,3]); # [4][0..4] + @A_jagged = map(8*($$_[0]*4+$$_[1]), @A_jagged); # ... and now linear + +my @T = map("%ymm$_",(7..15)); +my ($C14,$C00,$D00,$D14) = @T[5..8]; +my ($R20,$R01,$R31,$R21,$R41,$R11) = map("%ymm$_",(16..21)); + +$code.=<<___; +.text + +.type __KeccakF1600,\@function +.align 32 +__KeccakF1600: + lea iotas(%rip),%r10 + mov \$24,%eax + jmp .Loop_avx512vl + +.align 32 +.Loop_avx512vl: + ######################################### Theta + vpshufd \$0b01001110,$A20,$C00 + vpxor $A31,$A41,$C14 + vpxor $A11,$A21,@T[2] + vpternlogq \$0x96,$A01,$T[2],$C14 # C[1..4] + + vpxor $A20,$C00,$C00 + vpermq \$0b01001110,$C00,@T[0] + + vpermq \$0b10010011,$C14,@T[4] + vprolq \$1,$C14,@T[1] # ROL64(C[1..4],1) + + vpermq \$0b00111001,@T[1],$D14 + vpxor @T[4],@T[1],$D00 + vpermq \$0b00000000,$D00,$D00 # D[0..0] = ROL64(C[1],1) ^ C[4] + + vpternlogq \$0x96,@T[0],$A00,$C00 # C[0..0] + vprolq \$1,$C00,@T[1] # ROL64(C[0..0],1) + + vpxor $D00,$A00,$A00 # ^= D[0..0] + + vpblendd \$0b11000000,@T[1],$D14,$D14 + vpblendd \$0b00000011,$C00,@T[4],@T[0] + + ######################################### Rho + Pi + pre-Chi shuffle + vpxor $D00,$A20,$A20 # ^= D[0..0] from Theta + vprolvq $R20,$A20,$A20 + + vpternlogq \$0x96,@T[0],$D14,$A31 # ^= D[1..4] from Theta + vprolvq $R31,$A31,$A31 + + vpternlogq \$0x96,@T[0],$D14,$A21 # ^= D[1..4] from Theta + vprolvq $R21,$A21,$A21 + + vpternlogq \$0x96,@T[0],$D14,$A41 # ^= D[1..4] from Theta + vprolvq $R41,$A41,$A41 + + vpermq \$0b10001101,$A20,@T[3] # $A20 -> future $A31 + vpermq \$0b10001101,$A31,@T[4] # $A31 -> future $A21 + vpternlogq \$0x96,@T[0],$D14,$A11 # ^= D[1..4] from Theta + vprolvq $R11,$A11,@T[1] # $A11 -> future $A01 + + vpermq \$0b00011011,$A21,@T[5] # $A21 -> future $A41 + vpermq \$0b01110010,$A41,@T[6] # $A41 -> future $A11 + vpternlogq \$0x96,@T[0],$D14,$A01 # ^= D[1..4] from Theta + vprolvq $R01,$A01,@T[2] # $A01 -> future $A20 + + ######################################### Chi + vpblendd \$0b00001100,@T[6],@T[2],$A31 # [4][4] [2][0] + vpblendd \$0b00001100,@T[2],@T[4],@T[8] # [4][0] [2][1] + vpblendd \$0b00001100,@T[4],@T[3],$A41 # [4][2] [2][4] + vpblendd \$0b00001100,@T[3],@T[2],@T[7] # [4][3] [2][0] + vpblendd \$0b00110000,@T[4],$A31,$A31 # [1][3] [4][4] [2][0] + vpblendd \$0b00110000,@T[5],@T[8],@T[8] # [1][4] [4][0] [2][1] + vpblendd \$0b00110000,@T[2],$A41,$A41 # [1][0] [4][2] [2][4] + vpblendd \$0b00110000,@T[6],@T[7],@T[7] # [1][1] [4][3] [2][0] + vpblendd \$0b11000000,@T[5],$A31,$A31 # [3][2] [1][3] [4][4] [2][0] + vpblendd \$0b11000000,@T[6],@T[8],@T[8] # [3][3] [1][4] [4][0] [2][1] + vpblendd \$0b11000000,@T[6],$A41,$A41 # [3][3] [1][0] [4][2] [2][4] + vpblendd \$0b11000000,@T[4],@T[7],@T[7] # [3][4] [1][1] [4][3] [2][0] + vpternlogq \$0xC6,@T[8],@T[3],$A31 # [3][1] [1][2] [4][3] [2][4] + vpternlogq \$0xC6,@T[7],@T[5],$A41 # [3][2] [1][4] [4][1] [2][3] + + vpsrldq \$8,@T[1],@T[0] + vpandn @T[0],@T[1],@T[0] # tgting [0][0] [0][0] [0][0] [0][0] + + vpblendd \$0b00001100,@T[2],@T[5],$A11 # [4][0] [2][3] + vpblendd \$0b00001100,@T[5],@T[3],@T[8] # [4][1] [2][4] + vpblendd \$0b00110000,@T[3],$A11,$A11 # [1][2] [4][0] [2][3] + vpblendd \$0b00110000,@T[4],@T[8],@T[8] # [1][3] [4][1] [2][4] + vpblendd \$0b11000000,@T[4],$A11,$A11 # [3][4] [1][2] [4][0] [2][3] + vpblendd \$0b11000000,@T[2],@T[8],@T[8] # [3][0] [1][3] [4][1] [2][4] + vpternlogq \$0xC6,@T[8],@T[6],$A11 # [3][3] [1][1] [4][4] [2][2] + + vpermq \$0b00011110,@T[1],$A21 # [0][1] [0][2] [0][4] [0][3] + vpblendd \$0b00110000,$A00,$A21,@T[8] # [0][1] [0][0] [0][4] [0][3] + vpermq \$0b00111001,@T[1],$A01 # [0][1] [0][4] [0][3] [0][2] + vpblendd \$0b11000000,$A00,$A01,$A01 # [0][0] [0][4] [0][3] [0][2] + + vpblendd \$0b00001100,@T[5],@T[4],$A20 # [4][1] [2][1] + vpblendd \$0b00001100,@T[4],@T[6],@T[7] # [4][2] [2][2] + vpblendd \$0b00110000,@T[6],$A20,$A20 # [1][1] [4][1] [2][1] + vpblendd \$0b00110000,@T[3],@T[7],@T[7] # [1][2] [4][2] [2][2] + vpblendd \$0b11000000,@T[3],$A20,$A20 # [3][1] [1][1] [4][1] [2][1] + vpblendd \$0b11000000,@T[5],@T[7],@T[7] # [3][2] [1][2] [4][2] [2][2] + vpternlogq \$0xC6,@T[7],@T[2],$A20 # [3][0] [1][0] [4][0] [2][0] + + vpermq \$0b00000000,@T[0],@T[0] # [0][0] [0][0] [0][0] [0][0] + vpermq \$0b00011011,$A31,$A31 # post-Chi shuffle + vpermq \$0b10001101,$A41,$A41 + vpermq \$0b01110010,$A11,$A11 + + vpblendd \$0b00001100,@T[3],@T[6],$A21 # [4][3] [2][2] + vpblendd \$0b00001100,@T[6],@T[5],@T[7] # [4][4] [2][3] + vpblendd \$0b00110000,@T[5],$A21,$A21 # [1][4] [4][3] [2][2] + vpblendd \$0b00110000,@T[2],@T[7],@T[7] # [1][0] [4][4] [2][3] + vpblendd \$0b11000000,@T[2],$A21,$A21 # [3][0] [1][4] [4][3] [2][2] + vpblendd \$0b11000000,@T[3],@T[7],@T[7] # [3][1] [1][0] [4][4] [2][3] + + vpternlogq \$0xC6,@T[8],@T[1],$A01 # [0][4] [0][3] [0][2] [0][1] + vpternlogq \$0xC6,@T[7],@T[4],$A21 # [3][4] [1][3] [4][2] [2][1] + + ######################################### Iota + vpternlogq \$0x96,(%r10),@T[0],$A00 + lea 32(%r10),%r10 + + dec %eax + jnz .Loop_avx512vl + + ret +.size __KeccakF1600,.-__KeccakF1600 +___ +my ($A_flat,$inp,$len,$bsz) = ("%rdi","%rsi","%rdx","%rcx"); +my $out = $inp; # in squeeze + +$code.=<<___; +.globl SHA3_absorb +.type SHA3_absorb,\@function +.align 32 +SHA3_absorb: + mov %rsp,%r11 + + lea -240(%rsp),%rsp + and \$-32,%rsp + + lea 96($A_flat),$A_flat + lea 96($inp),$inp + lea 96(%rsp),%r10 + lea rhotates_left(%rip),%r8 + + vzeroupper + + vpbroadcastq -96($A_flat),$A00 # load A[5][5] + vmovdqu 8+32*0-96($A_flat),$A01 + vmovdqu 8+32*1-96($A_flat),$A20 + vmovdqu 8+32*2-96($A_flat),$A31 + vmovdqu 8+32*3-96($A_flat),$A21 + vmovdqu 8+32*4-96($A_flat),$A41 + vmovdqu 8+32*5-96($A_flat),$A11 + + vmovdqa64 0*32(%r8),$R20 # load "rhotate" indices + vmovdqa64 1*32(%r8),$R01 + vmovdqa64 2*32(%r8),$R31 + vmovdqa64 3*32(%r8),$R21 + vmovdqa64 4*32(%r8),$R41 + vmovdqa64 5*32(%r8),$R11 + + vpxor @T[0],@T[0],@T[0] + vmovdqa @T[0],32*2-96(%r10) # zero transfer area on stack + vmovdqa @T[0],32*3-96(%r10) + vmovdqa @T[0],32*4-96(%r10) + vmovdqa @T[0],32*5-96(%r10) + vmovdqa @T[0],32*6-96(%r10) + +.Loop_absorb_avx512vl: + mov $bsz,%rax + sub $bsz,$len + jc .Ldone_absorb_avx512vl + + shr \$3,%eax + vpbroadcastq 0-96($inp),@T[0] + vmovdqu 8-96($inp),@T[1] + sub \$4,%eax +___ +for(my $i=5; $i<25; $i++) { +$code.=<<___ + dec %eax + jz .Labsorved_avx512vl + mov 8*$i-96($inp),%r8 + mov %r8,$A_jagged[$i]-96(%r10) +___ +} +$code.=<<___; +.Labsorved_avx512vl: + lea ($inp,$bsz),$inp + + vpxor @T[0],$A00,$A00 + vpxor @T[1],$A01,$A01 + vpxor 32*2-96(%r10),$A20,$A20 + vpxor 32*3-96(%r10),$A31,$A31 + vpxor 32*4-96(%r10),$A21,$A21 + vpxor 32*5-96(%r10),$A41,$A41 + vpxor 32*6-96(%r10),$A11,$A11 + + call __KeccakF1600 + + lea 96(%rsp),%r10 + jmp .Loop_absorb_avx512vl + +.Ldone_absorb_avx512vl: + vmovq %xmm0,-96($A_flat) + vmovdqu $A01,8+32*0-96($A_flat) + vmovdqu $A20,8+32*1-96($A_flat) + vmovdqu $A31,8+32*2-96($A_flat) + vmovdqu $A21,8+32*3-96($A_flat) + vmovdqu $A41,8+32*4-96($A_flat) + vmovdqu $A11,8+32*5-96($A_flat) + + vzeroupper + + lea (%r11),%rsp + lea ($len,$bsz),%rax # return value + ret +.size SHA3_absorb,.-SHA3_absorb + +.globl SHA3_squeeze +.type SHA3_squeeze,\@function +.align 32 +SHA3_squeeze: + mov %rsp,%r11 + + lea 96($A_flat),$A_flat + lea rhotates_left(%rip),%r8 + shr \$3,$bsz + + vzeroupper + + vpbroadcastq -96($A_flat),$A00 + vpxor @T[0],@T[0],@T[0] + vmovdqu 8+32*0-96($A_flat),$A01 + vmovdqu 8+32*1-96($A_flat),$A20 + vmovdqu 8+32*2-96($A_flat),$A31 + vmovdqu 8+32*3-96($A_flat),$A21 + vmovdqu 8+32*4-96($A_flat),$A41 + vmovdqu 8+32*5-96($A_flat),$A11 + + vmovdqa64 0*32(%r8),$R20 # load "rhotate" indices + vmovdqa64 1*32(%r8),$R01 + vmovdqa64 2*32(%r8),$R31 + vmovdqa64 3*32(%r8),$R21 + vmovdqa64 4*32(%r8),$R41 + vmovdqa64 5*32(%r8),$R11 + + mov $bsz,%rax + +.Loop_squeeze_avx512vl: + mov @A_jagged[$i]-96($A_flat),%r8 +___ +for (my $i=0; $i<25; $i++) { +$code.=<<___; + sub \$8,$len + jc .Ltail_squeeze_avx512vl + mov %r8,($out) + lea 8($out),$out + je .Ldone_squeeze_avx512vl + dec %eax + je .Lextend_output_avx512vl + mov @A_jagged[$i+1]-120($A_flat),%r8 +___ +} +$code.=<<___; +.Lextend_output_avx512vl: + call __KeccakF1600 + + vmovq %xmm0,-96($A_flat) + vmovdqu $A01,8+32*0-96($A_flat) + vmovdqu $A20,8+32*1-96($A_flat) + vmovdqu $A31,8+32*2-96($A_flat) + vmovdqu $A21,8+32*3-96($A_flat) + vmovdqu $A41,8+32*4-96($A_flat) + vmovdqu $A11,8+32*5-96($A_flat) + + mov $bsz,%rax + jmp .Loop_squeeze_avx512vl + + +.Ltail_squeeze_avx512vl: + add \$8,$len +.Loop_tail_avx512vl: + mov %r8b,($out) + lea 1($out),$out + shr \$8,%r8 + dec $len + jnz .Loop_tail_avx512vl + +.Ldone_squeeze_avx512vl: + vzeroupper + + lea (%r11),%rsp + ret +.size SHA3_squeeze,.-SHA3_squeeze + +.align 64 +rhotates_left: + .quad 3, 18, 36, 41 # [2][0] [4][0] [1][0] [3][0] + .quad 1, 62, 28, 27 # [0][1] [0][2] [0][3] [0][4] + .quad 45, 6, 56, 39 # [3][1] [1][2] [4][3] [2][4] + .quad 10, 61, 55, 8 # [2][1] [4][2] [1][3] [3][4] + .quad 2, 15, 25, 20 # [4][1] [3][2] [2][3] [1][4] + .quad 44, 43, 21, 14 # [1][1] [2][2] [3][3] [4][4] +iotas: + .quad 0x0000000000000001, 0x0000000000000001, 0x0000000000000001, 0x0000000000000001 + .quad 0x0000000000008082, 0x0000000000008082, 0x0000000000008082, 0x0000000000008082 + .quad 0x800000000000808a, 0x800000000000808a, 0x800000000000808a, 0x800000000000808a + .quad 0x8000000080008000, 0x8000000080008000, 0x8000000080008000, 0x8000000080008000 + .quad 0x000000000000808b, 0x000000000000808b, 0x000000000000808b, 0x000000000000808b + .quad 0x0000000080000001, 0x0000000080000001, 0x0000000080000001, 0x0000000080000001 + .quad 0x8000000080008081, 0x8000000080008081, 0x8000000080008081, 0x8000000080008081 + .quad 0x8000000000008009, 0x8000000000008009, 0x8000000000008009, 0x8000000000008009 + .quad 0x000000000000008a, 0x000000000000008a, 0x000000000000008a, 0x000000000000008a + .quad 0x0000000000000088, 0x0000000000000088, 0x0000000000000088, 0x0000000000000088 + .quad 0x0000000080008009, 0x0000000080008009, 0x0000000080008009, 0x0000000080008009 + .quad 0x000000008000000a, 0x000000008000000a, 0x000000008000000a, 0x000000008000000a + .quad 0x000000008000808b, 0x000000008000808b, 0x000000008000808b, 0x000000008000808b + .quad 0x800000000000008b, 0x800000000000008b, 0x800000000000008b, 0x800000000000008b + .quad 0x8000000000008089, 0x8000000000008089, 0x8000000000008089, 0x8000000000008089 + .quad 0x8000000000008003, 0x8000000000008003, 0x8000000000008003, 0x8000000000008003 + .quad 0x8000000000008002, 0x8000000000008002, 0x8000000000008002, 0x8000000000008002 + .quad 0x8000000000000080, 0x8000000000000080, 0x8000000000000080, 0x8000000000000080 + .quad 0x000000000000800a, 0x000000000000800a, 0x000000000000800a, 0x000000000000800a + .quad 0x800000008000000a, 0x800000008000000a, 0x800000008000000a, 0x800000008000000a + .quad 0x8000000080008081, 0x8000000080008081, 0x8000000080008081, 0x8000000080008081 + .quad 0x8000000000008080, 0x8000000000008080, 0x8000000000008080, 0x8000000000008080 + .quad 0x0000000080000001, 0x0000000080000001, 0x0000000080000001, 0x0000000080000001 + .quad 0x8000000080008008, 0x8000000080008008, 0x8000000080008008, 0x8000000080008008 + +.asciz "Keccak-1600 absorb and squeeze for AVX512VL, CRYPTOGAMS by " +___ + +$output=pop; +open STDOUT,">$output"; +print $code; +close STDOUT; diff --git a/deps/openssl/openssl/crypto/sha/asm/keccak1600-c64x.pl b/deps/openssl/openssl/crypto/sha/asm/keccak1600-c64x.pl new file mode 100755 index 00000000000000..b00af9af91d84c --- /dev/null +++ b/deps/openssl/openssl/crypto/sha/asm/keccak1600-c64x.pl @@ -0,0 +1,885 @@ +#!/usr/bin/env perl +# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# [ABI- and endian-neutral] Keccak-1600 for C64x. +# +# June 2017. +# +# This is straightforward KECCAK_1X_ALT variant (see sha/keccak1600.c) +# with bit interleaving. 64-bit values are simply split between A- and +# B-files, with A-file holding least significant halves. This works +# out perfectly, because all operations including cross-communications +# [in rotate operations] are always complementary. Performance is +# [incredible for a 32-bit processor] 10.9 cycles per processed byte +# for r=1088, which corresponds to SHA3-256. This is >15x faster than +# compiler-generated KECCAK_1X_ALT code, and >10x than other variants. +# On average processor ends up issuing ~4.5 instructions per cycle... + +my @A = map([ $_, ($_+1), ($_+2), ($_+3), ($_+4) ], (5,10,16,21,26)); + $A[1][4] = 31; # B14 is reserved, A14 is used as iota[] + ($A[3][0],$A[4][1]) = ($A[4][1],$A[3][0]); +my @C = (0..4,$A[3][0],$A[4][0]); +my $iotas = "A14"; + +my @rhotates = ([ 0, 1, 62, 28, 27 ], + [ 36, 44, 6, 55, 20 ], + [ 3, 10, 43, 25, 39 ], + [ 41, 45, 15, 21, 8 ], + [ 18, 2, 61, 56, 14 ]); + +sub ROL64 { + my ($src,$rot,$dst,$p) = @_; + + if ($rot&1) { +$code.=<<___; +$p ROTL B$src,$rot/2+1,A$dst +|| ROTL A$src,$rot/2, B$dst +___ + } else { +$code.=<<___; +$p ROTL A$src,$rot/2,A$dst +|| ROTL B$src,$rot/2,B$dst +___ + } +} + +######################################################################## +# Stack frame layout +# +# SP--->+------+------+ +# | | | +# +1--->+------+------+<- -9 below 4 slots are used by KeccakF1600_int +# | | | +# +2--->+------+------+<- -8 +# | | | +# +3--->+------+------+<- -7 +# | A2 | A3 | A3:A2 are preserved by KeccakF1600_int +# +4--->+------+------+<- -6 +# | B2 | B3 | B3:B2 are preserved by KeccakF1600_int +# +5--->+------+------+<- -5 below is ABI-compliant layout +# | A10 | A11 | +# +6--->+------+------+<- -4 +# | A12 | A13 | +# +7--->+------+------+<- -3 +# | A14 | B3 | +# +8--->+------+------+<- -2 +# | B10 | B11 | +# +9--->+------+------+<- -1 +# | B12 | B13 | +# +------+------+<---FP +# | A15 | +# +------+-- + +$code.=<<___; + .text + + .if .ASSEMBLER_VERSION<7000000 + .asg 0,__TI_EABI__ + .endif + .if __TI_EABI__ + .nocmp + .asg KeccakF1600,_KeccakF1600 + .asg SHA3_absorb,_SHA3_absorb + .asg SHA3_squeeze,_SHA3_squeeze + .endif + + .asg B3,RA + .asg A15,FP + .asg B15,SP + + .align 32 +_KeccakF1600_int: + .asmfunc + STDW A3:A2,*FP[-7] +|| STDW B3:B2,*SP[4] +_KeccakF1600_cheat: + .if __TI_EABI__ + ADDKPC _KeccakF1600_int,B0 +|| MVKL \$PCR_OFFSET(iotas,_KeccakF1600_int),$iotas + MVKH \$PCR_OFFSET(iotas,_KeccakF1600_int),$iotas + .else + ADDKPC _KeccakF1600_int,B0 +|| MVKL (iotas-_KeccakF1600_int),$iotas + MVKH (iotas-_KeccakF1600_int),$iotas + .endif + ADD B0,$iotas,$iotas +loop?: + XOR A$A[0][2],A$A[1][2],A$C[2] ; Theta +|| XOR B$A[0][2],B$A[1][2],B$C[2] +|| XOR A$A[0][3],A$A[1][3],A$C[3] +|| XOR B$A[0][3],B$A[1][3],B$C[3] +|| XOR A$A[0][0],A$A[1][0],A$C[0] +|| XOR B$A[0][0],B$A[1][0],B$C[0] + XOR A$A[2][2],A$C[2],A$C[2] +|| XOR B$A[2][2],B$C[2],B$C[2] +|| XOR A$A[2][3],A$C[3],A$C[3] +|| XOR B$A[2][3],B$C[3],B$C[3] +|| XOR A$A[2][0],A$C[0],A$C[0] +|| XOR B$A[2][0],B$C[0],B$C[0] + XOR A$A[3][2],A$C[2],A$C[2] +|| XOR B$A[3][2],B$C[2],B$C[2] +|| XOR A$A[3][3],A$C[3],A$C[3] +|| XOR B$A[3][3],B$C[3],B$C[3] +|| XOR A$A[3][0],A$C[0],A$C[0] +|| XOR B$A[3][0],B$C[0],B$C[0] + XOR A$A[4][2],A$C[2],A$C[2] +|| XOR B$A[4][2],B$C[2],B$C[2] +|| XOR A$A[4][3],A$C[3],A$C[3] +|| XOR B$A[4][3],B$C[3],B$C[3] +|| XOR A$A[4][0],A$C[0],A$C[0] +|| XOR B$A[4][0],B$C[0],B$C[0] + XOR A$A[0][4],A$A[1][4],A$C[4] +|| XOR B$A[0][4],B$A[1][4],B$C[4] +|| XOR A$A[0][1],A$A[1][1],A$C[1] +|| XOR B$A[0][1],B$A[1][1],B$C[1] +|| STDW A$A[3][0]:A$A[4][0],*SP[1] ; offload some data + STDW B$A[3][0]:B$A[4][0],*SP[2] +|| XOR A$A[2][4],A$C[4],A$C[4] +|| XOR B$A[2][4],B$C[4],B$C[4] +|| XOR A$A[2][1],A$C[1],A$C[1] +|| XOR B$A[2][1],B$C[1],B$C[1] +|| ROTL B$C[2],1,A$C[5] ; ROL64(C[2],1) +|| ROTL A$C[2],0,B$C[5] + XOR A$A[3][4],A$C[4],A$C[4] +|| XOR B$A[3][4],B$C[4],B$C[4] +|| XOR A$A[3][1],A$C[1],A$C[1] +|| XOR B$A[3][1],B$C[1],B$C[1] +|| ROTL B$C[3],1,A$C[6] ; ROL64(C[3],1) +|| ROTL A$C[3],0,B$C[6] + XOR A$A[4][4],A$C[4],A$C[4] +|| XOR B$A[4][4],B$C[4],B$C[4] +|| XOR A$A[4][1],A$C[1],A$C[1] +|| XOR B$A[4][1],B$C[1],B$C[1] +|| XOR A$C[0],A$C[5],A$C[5] ; C[0] ^ ROL64(C[2],1) +|| XOR B$C[0],B$C[5],B$C[5] + XOR A$C[5],A$A[0][1],A$A[0][1] +|| XOR B$C[5],B$A[0][1],B$A[0][1] +|| XOR A$C[5],A$A[1][1],A$A[1][1] +|| XOR B$C[5],B$A[1][1],B$A[1][1] +|| XOR A$C[5],A$A[2][1],A$A[2][1] +|| XOR B$C[5],B$A[2][1],B$A[2][1] + XOR A$C[5],A$A[3][1],A$A[3][1] +|| XOR B$C[5],B$A[3][1],B$A[3][1] +|| XOR A$C[5],A$A[4][1],A$A[4][1] +|| XOR B$C[5],B$A[4][1],B$A[4][1] +|| ROTL B$C[4],1,A$C[5] ; ROL64(C[4],1) +|| ROTL A$C[4],0,B$C[5] +|| XOR A$C[1],A$C[6],A$C[6] ; C[1] ^ ROL64(C[3],1) +|| XOR B$C[1],B$C[6],B$C[6] + XOR A$C[6],A$A[0][2],A$A[0][2] +|| XOR B$C[6],B$A[0][2],B$A[0][2] +|| XOR A$C[6],A$A[1][2],A$A[1][2] +|| XOR B$C[6],B$A[1][2],B$A[1][2] +|| XOR A$C[6],A$A[2][2],A$A[2][2] +|| XOR B$C[6],B$A[2][2],B$A[2][2] +|| ROTL B$C[1],1,A$C[1] ; ROL64(C[1],1) +|| ROTL A$C[1],0,B$C[1] + XOR A$C[6],A$A[3][2],A$A[3][2] +|| XOR B$C[6],B$A[3][2],B$A[3][2] +|| XOR A$C[6],A$A[4][2],A$A[4][2] +|| XOR B$C[6],B$A[4][2],B$A[4][2] +|| ROTL B$C[0],1,A$C[6] ; ROL64(C[0],1) +|| ROTL A$C[0],0,B$C[6] +|| XOR A$C[5],A$C[2],A$C[2] ; C[2] ^= ROL64(C[4],1) +|| XOR B$C[5],B$C[2],B$C[2] + XOR A$C[2],A$A[0][3],A$A[0][3] +|| XOR B$C[2],B$A[0][3],B$A[0][3] +|| XOR A$C[2],A$A[1][3],A$A[1][3] +|| XOR B$C[2],B$A[1][3],B$A[1][3] +|| XOR A$C[2],A$A[2][3],A$A[2][3] +|| XOR B$C[2],B$A[2][3],B$A[2][3] + XOR A$C[6],A$C[3],A$C[3] ; C[3] ^= ROL64(C[0],1) +|| XOR B$C[6],B$C[3],B$C[3] +|| LDDW *FP[-9],A$A[3][0]:A$A[4][0] ; restore offloaded data +|| LDDW *SP[2],B$A[3][0]:B$A[4][0] +|| XOR A$C[2],A$A[3][3],A$A[3][3] +|| XOR B$C[2],B$A[3][3],B$A[3][3] + XOR A$C[2],A$A[4][3],A$A[4][3] +|| XOR B$C[2],B$A[4][3],B$A[4][3] +|| XOR A$C[3],A$A[0][4],A$A[0][4] +|| XOR B$C[3],B$A[0][4],B$A[0][4] +|| XOR A$C[3],A$A[1][4],A$A[1][4] +|| XOR B$C[3],B$A[1][4],B$A[1][4] + XOR A$C[3],A$A[2][4],A$A[2][4] +|| XOR B$C[3],B$A[2][4],B$A[2][4] +|| XOR A$C[3],A$A[3][4],A$A[3][4] +|| XOR B$C[3],B$A[3][4],B$A[3][4] +|| XOR A$C[3],A$A[4][4],A$A[4][4] +|| XOR B$C[3],B$A[4][4],B$A[4][4] + XOR A$C[1],A$C[4],A$C[4] ; C[4] ^= ROL64(C[1],1) +|| XOR B$C[1],B$C[4],B$C[4] +|| MV A$A[0][1],A$C[1] ; Rho+Pi, "early start" +|| MV B$A[0][1],B$C[1] +___ + &ROL64 ($A[1][1],$rhotates[1][1],$A[0][1],"||"); +$code.=<<___; + XOR A$C[4],A$A[0][0],A$A[0][0] +|| XOR B$C[4],B$A[0][0],B$A[0][0] +|| XOR A$C[4],A$A[1][0],A$A[1][0] +|| XOR B$C[4],B$A[1][0],B$A[1][0] +|| MV A$A[0][3],A$C[3] +|| MV B$A[0][3],B$C[3] +___ + &ROL64 ($A[3][3],$rhotates[3][3],$A[0][3],"||"); +$code.=<<___; + XOR A$C[4],A$A[2][0],A$A[2][0] +|| XOR B$C[4],B$A[2][0],B$A[2][0] +|| XOR A$C[4],A$A[3][0],A$A[3][0] +|| XOR B$C[4],B$A[3][0],B$A[3][0] +|| MV A$A[0][2],A$C[2] +|| MV B$A[0][2],B$C[2] +___ + &ROL64 ($A[2][2],$rhotates[2][2],$A[0][2],"||"); +$code.=<<___; + XOR A$C[4],A$A[4][0],A$A[4][0] +|| XOR B$C[4],B$A[4][0],B$A[4][0] +|| MV A$A[0][4],A$C[4] +|| MV B$A[0][4],B$C[4] +___ + &ROL64 ($A[4][4],$rhotates[4][4],$A[0][4],"||"); + + &ROL64 ($A[1][4],$rhotates[1][4],$A[1][1]); +$code.=<<___; +|| LDW *${iotas}++[2],A$C[0] +___ + &ROL64 ($A[2][3],$rhotates[2][3],$A[2][2]); +$code.=<<___; +|| LDW *${iotas}[-1],B$C[0] +___ + &ROL64 ($A[3][2],$rhotates[3][2],$A[3][3]); + &ROL64 ($A[4][1],$rhotates[4][1],$A[4][4]); + + &ROL64 ($A[4][2],$rhotates[4][2],$A[1][4]); + &ROL64 ($A[3][4],$rhotates[3][4],$A[2][3]); + &ROL64 ($A[2][1],$rhotates[2][1],$A[3][2]); + &ROL64 ($A[1][3],$rhotates[1][3],$A[4][1]); + + &ROL64 ($A[2][4],$rhotates[2][4],$A[4][2]); + &ROL64 ($A[4][3],$rhotates[4][3],$A[3][4]); + &ROL64 ($A[1][2],$rhotates[1][2],$A[2][1]); + &ROL64 ($A[3][1],$rhotates[3][1],$A[1][3]); + + &ROL64 ($A[4][0],$rhotates[4][0],$A[2][4]); + &ROL64 ($A[3][0],$rhotates[3][0],$A[4][3]); + &ROL64 ($A[2][0],$rhotates[2][0],$A[1][2]); + &ROL64 ($A[1][0],$rhotates[1][0],$A[3][1]); + + #&ROL64 ($C[3], $rhotates[0][3],$A[1][0]); # moved below + &ROL64 ($C[1], $rhotates[0][1],$A[2][0]); + &ROL64 ($C[4], $rhotates[0][4],$A[3][0]); + &ROL64 ($C[2], $rhotates[0][2],$A[4][0]); +$code.=<<___; +|| ANDN A$A[0][2],A$A[0][1],A$C[4] ; Chi+Iota +|| ANDN B$A[0][2],B$A[0][1],B$C[4] +|| ANDN A$A[0][3],A$A[0][2],A$C[1] +|| ANDN B$A[0][3],B$A[0][2],B$C[1] +|| ANDN A$A[0][4],A$A[0][3],A$C[2] +|| ANDN B$A[0][4],B$A[0][3],B$C[2] +___ + &ROL64 ($C[3], $rhotates[0][3],$A[1][0]); +$code.=<<___; +|| ANDN A$A[0][0],A$A[0][4],A$C[3] +|| ANDN B$A[0][0],B$A[0][4],B$C[3] +|| XOR A$C[4],A$A[0][0],A$A[0][0] +|| XOR B$C[4],B$A[0][0],B$A[0][0] +|| ANDN A$A[0][1],A$A[0][0],A$C[4] +|| ANDN B$A[0][1],B$A[0][0],B$C[4] + XOR A$C[1],A$A[0][1],A$A[0][1] +|| XOR B$C[1],B$A[0][1],B$A[0][1] +|| XOR A$C[2],A$A[0][2],A$A[0][2] +|| XOR B$C[2],B$A[0][2],B$A[0][2] +|| XOR A$C[3],A$A[0][3],A$A[0][3] +|| XOR B$C[3],B$A[0][3],B$A[0][3] + XOR A$C[4],A$A[0][4],A$A[0][4] +|| XOR B$C[4],B$A[0][4],B$A[0][4] +|| XOR A$C[0],A$A[0][0],A$A[0][0] ; A[0][0] ^= iotas[i++]; +|| XOR B$C[0],B$A[0][0],B$A[0][0] +|| EXTU $iotas,24,24,A0 ; A0 is A$C[0], as we done? + + ANDN A$A[1][2],A$A[1][1],A$C[4] +|| ANDN B$A[1][2],B$A[1][1],B$C[4] +|| ANDN A$A[1][3],A$A[1][2],A$C[1] +|| ANDN B$A[1][3],B$A[1][2],B$C[1] +|| ANDN A$A[1][4],A$A[1][3],A$C[2] +|| ANDN B$A[1][4],B$A[1][3],B$C[2] + ANDN A$A[1][0],A$A[1][4],A$C[3] +|| ANDN B$A[1][0],B$A[1][4],B$C[3] +|| XOR A$C[4],A$A[1][0],A$A[1][0] +|| XOR B$C[4],B$A[1][0],B$A[1][0] +|| ANDN A$A[1][1],A$A[1][0],A$C[4] +|| ANDN B$A[1][1],B$A[1][0],B$C[4] + XOR A$C[1],A$A[1][1],A$A[1][1] +|| XOR B$C[1],B$A[1][1],B$A[1][1] +|| XOR A$C[2],A$A[1][2],A$A[1][2] +|| XOR B$C[2],B$A[1][2],B$A[1][2] +|| XOR A$C[3],A$A[1][3],A$A[1][3] +|| XOR B$C[3],B$A[1][3],B$A[1][3] + XOR A$C[4],A$A[1][4],A$A[1][4] +|| XOR B$C[4],B$A[1][4],B$A[1][4] + +|| ANDN A$A[2][2],A$A[2][1],A$C[4] +|| ANDN B$A[2][2],B$A[2][1],B$C[4] +|| ANDN A$A[2][3],A$A[2][2],A$C[1] +|| ANDN B$A[2][3],B$A[2][2],B$C[1] + ANDN A$A[2][4],A$A[2][3],A$C[2] +|| ANDN B$A[2][4],B$A[2][3],B$C[2] +|| ANDN A$A[2][0],A$A[2][4],A$C[3] +|| ANDN B$A[2][0],B$A[2][4],B$C[3] +|| XOR A$C[4],A$A[2][0],A$A[2][0] +|| XOR B$C[4],B$A[2][0],B$A[2][0] + ANDN A$A[2][1],A$A[2][0],A$C[4] +|| ANDN B$A[2][1],B$A[2][0],B$C[4] +|| XOR A$C[1],A$A[2][1],A$A[2][1] +|| XOR B$C[1],B$A[2][1],B$A[2][1] +|| XOR A$C[2],A$A[2][2],A$A[2][2] +|| XOR B$C[2],B$A[2][2],B$A[2][2] + XOR A$C[3],A$A[2][3],A$A[2][3] +|| XOR B$C[3],B$A[2][3],B$A[2][3] +|| XOR A$C[4],A$A[2][4],A$A[2][4] +|| XOR B$C[4],B$A[2][4],B$A[2][4] + + ANDN A$A[3][2],A$A[3][1],A$C[4] +|| ANDN B$A[3][2],B$A[3][1],B$C[4] +|| ANDN A$A[3][3],A$A[3][2],A$C[1] +|| ANDN B$A[3][3],B$A[3][2],B$C[1] +|| ANDN A$A[3][4],A$A[3][3],A$C[2] +|| ANDN B$A[3][4],B$A[3][3],B$C[2] + ANDN A$A[3][0],A$A[3][4],A$C[3] +|| ANDN B$A[3][0],B$A[3][4],B$C[3] +|| XOR A$C[4],A$A[3][0],A$A[3][0] +|| XOR B$C[4],B$A[3][0],B$A[3][0] +|| ANDN A$A[3][1],A$A[3][0],A$C[4] +|| ANDN B$A[3][1],B$A[3][0],B$C[4] + XOR A$C[1],A$A[3][1],A$A[3][1] +|| XOR B$C[1],B$A[3][1],B$A[3][1] +|| XOR A$C[2],A$A[3][2],A$A[3][2] +|| XOR B$C[2],B$A[3][2],B$A[3][2] +|| XOR A$C[3],A$A[3][3],A$A[3][3] +||[A0] BNOP loop? + XOR B$C[3],B$A[3][3],B$A[3][3] +|| XOR A$C[4],A$A[3][4],A$A[3][4] +|| XOR B$C[4],B$A[3][4],B$A[3][4] +||[!A0] LDDW *FP[-7],A3:A2 +||[!A0] LDDW *SP[4], RA:B2 + + ANDN A$A[4][2],A$A[4][1],A$C[4] +|| ANDN B$A[4][2],B$A[4][1],B$C[4] +|| ANDN A$A[4][3],A$A[4][2],A$C[1] +|| ANDN B$A[4][3],B$A[4][2],B$C[1] +|| ANDN A$A[4][4],A$A[4][3],A$C[2] +|| ANDN B$A[4][4],B$A[4][3],B$C[2] + ANDN A$A[4][0],A$A[4][4],A$C[3] +|| ANDN B$A[4][0],B$A[4][4],B$C[3] +|| XOR A$C[4],A$A[4][0],A$A[4][0] +|| XOR B$C[4],B$A[4][0],B$A[4][0] +|| ANDN A$A[4][1],A$A[4][0],A$C[4] +|| ANDN B$A[4][1],B$A[4][0],B$C[4] + XOR A$C[1],A$A[4][1],A$A[4][1] +|| XOR B$C[1],B$A[4][1],B$A[4][1] +|| XOR A$C[2],A$A[4][2],A$A[4][2] +|| XOR B$C[2],B$A[4][2],B$A[4][2] +|| XOR A$C[3],A$A[4][3],A$A[4][3] +|| XOR B$C[3],B$A[4][3],B$A[4][3] + XOR A$C[4],A$A[4][4],A$A[4][4] +|| XOR B$C[4],B$A[4][4],B$A[4][4] +;;===== branch to loop? is taken here + + BNOP RA,5 + .endasmfunc + + .newblock + .global _KeccakF1600 + .align 32 +_KeccakF1600: + .asmfunc stack_usage(80) + STW FP,*SP--(80) ; save frame pointer +|| MV SP,FP + STDW B13:B12,*SP[9] +|| STDW A13:A12,*FP[-4] + STDW B11:B10,*SP[8] +|| STDW A11:A10,*FP[-5] + STW RA, *SP[15] +|| STW A14,*FP[-6] +|| MV A4,A2 +|| ADD 4,A4,B2 + + LDW *A2++[2],A$A[0][0] ; load A[5][5] +|| LDW *B2++[2],B$A[0][0] + LDW *A2++[2],A$A[0][1] +|| LDW *B2++[2],B$A[0][1] + LDW *A2++[2],A$A[0][2] +|| LDW *B2++[2],B$A[0][2] + LDW *A2++[2],A$A[0][3] +|| LDW *B2++[2],B$A[0][3] + LDW *A2++[2],A$A[0][4] +|| LDW *B2++[2],B$A[0][4] + + LDW *A2++[2],A$A[1][0] +|| LDW *B2++[2],B$A[1][0] + LDW *A2++[2],A$A[1][1] +|| LDW *B2++[2],B$A[1][1] + LDW *A2++[2],A$A[1][2] +|| LDW *B2++[2],B$A[1][2] + LDW *A2++[2],A$A[1][3] +|| LDW *B2++[2],B$A[1][3] + LDW *A2++[2],A$A[1][4] +|| LDW *B2++[2],B$A[1][4] + + LDW *A2++[2],A$A[2][0] +|| LDW *B2++[2],B$A[2][0] + LDW *A2++[2],A$A[2][1] +|| LDW *B2++[2],B$A[2][1] + LDW *A2++[2],A$A[2][2] +|| LDW *B2++[2],B$A[2][2] + LDW *A2++[2],A$A[2][3] +|| LDW *B2++[2],B$A[2][3] + LDW *A2++[2],A$A[2][4] +|| LDW *B2++[2],B$A[2][4] + + LDW *A2++[2],A$A[3][0] +|| LDW *B2++[2],B$A[3][0] + LDW *A2++[2],A$A[3][1] +|| LDW *B2++[2],B$A[3][1] + LDW *A2++[2],A$A[3][2] +|| LDW *B2++[2],B$A[3][2] + LDW *A2++[2],A$A[3][3] +|| LDW *B2++[2],B$A[3][3] + LDW *A2++[2],A$A[3][4] +|| LDW *B2++[2],B$A[3][4] +|| BNOP _KeccakF1600_int + + ADDKPC ret?,RA +|| LDW *A2++[2],A$A[4][0] +|| LDW *B2++[2],B$A[4][0] + LDW *A2++[2],A$A[4][1] +|| LDW *B2++[2],B$A[4][1] + LDW *A2++[2],A$A[4][2] +|| LDW *B2++[2],B$A[4][2] + LDW *A2++[2],A$A[4][3] +|| LDW *B2++[2],B$A[4][3] + LDW *A2,A$A[4][4] +|| LDW *B2,B$A[4][4] +|| ADDK -192,A2 ; rewind +|| ADDK -192,B2 + + .align 16 +ret?: + STW A$A[0][0],*A2++[2] ; store A[5][5] +|| STW B$A[0][0],*B2++[2] + STW A$A[0][1],*A2++[2] +|| STW B$A[0][1],*B2++[2] + STW A$A[0][2],*A2++[2] +|| STW B$A[0][2],*B2++[2] + STW A$A[0][3],*A2++[2] +|| STW B$A[0][3],*B2++[2] + STW A$A[0][4],*A2++[2] +|| STW B$A[0][4],*B2++[2] + + STW A$A[1][0],*A2++[2] +|| STW B$A[1][0],*B2++[2] + STW A$A[1][1],*A2++[2] +|| STW B$A[1][1],*B2++[2] + STW A$A[1][2],*A2++[2] +|| STW B$A[1][2],*B2++[2] + STW A$A[1][3],*A2++[2] +|| STW B$A[1][3],*B2++[2] + STW A$A[1][4],*A2++[2] +|| STW B$A[1][4],*B2++[2] + + STW A$A[2][0],*A2++[2] +|| STW B$A[2][0],*B2++[2] + STW A$A[2][1],*A2++[2] +|| STW B$A[2][1],*B2++[2] + STW A$A[2][2],*A2++[2] +|| STW B$A[2][2],*B2++[2] + STW A$A[2][3],*A2++[2] +|| STW B$A[2][3],*B2++[2] + STW A$A[2][4],*A2++[2] +|| STW B$A[2][4],*B2++[2] + + STW A$A[3][0],*A2++[2] +|| STW B$A[3][0],*B2++[2] + STW A$A[3][1],*A2++[2] +|| STW B$A[3][1],*B2++[2] + STW A$A[3][2],*A2++[2] +|| STW B$A[3][2],*B2++[2] + STW A$A[3][3],*A2++[2] +|| STW B$A[3][3],*B2++[2] + STW A$A[3][4],*A2++[2] +|| STW B$A[3][4],*B2++[2] + + LDW *SP[15],RA +|| LDW *FP[-6],A14 + + STW A$A[4][0],*A2++[2] +|| STW B$A[4][0],*B2++[2] + STW A$A[4][1],*A2++[2] +|| STW B$A[4][1],*B2++[2] + STW A$A[4][2],*A2++[2] +|| STW B$A[4][2],*B2++[2] + STW A$A[4][3],*A2++[2] +|| STW B$A[4][3],*B2++[2] + STW A$A[4][4],*A2 +|| STW B$A[4][4],*B2 +|| ADDK -192,A2 ; rewind + + MV A2,A4 ; return original A4 +|| LDDW *SP[8], B11:B10 +|| LDDW *FP[-5],A11:A10 + LDDW *SP[9], B13:B12 +|| LDDW *FP[-4],A13:A12 +|| BNOP RA + LDW *++SP(80),FP ; restore frame pointer + NOP 4 ; wait till FP is committed + .endasmfunc + + .newblock + .asg B2,BSZ + .asg A2,INP + .asg A3,LEN + .global _SHA3_absorb + .align 32 +_SHA3_absorb: + .asmfunc stack_usage(80) + STW FP,*SP--(80) ; save frame pointer +|| MV SP,FP + STDW B13:B12,*SP[9] +|| STDW A13:A12,*FP[-4] + STDW B11:B10,*SP[8] +|| STDW A11:A10,*FP[-5] + STW RA, *SP[15] +|| STW A14,*FP[-6] + + STW A4,*SP[1] ; save A[][] +|| MV B4,INP ; reassign arguments +|| MV A6,LEN +|| MV B6,BSZ +|| ADD 4,A4,B4 + + LDW *A4++[2],A$A[0][0] ; load A[5][5] +|| LDW *B4++[2],B$A[0][0] + LDW *A4++[2],A$A[0][1] +|| LDW *B4++[2],B$A[0][1] + LDW *A4++[2],A$A[0][2] +|| LDW *B4++[2],B$A[0][2] + LDW *A4++[2],A$A[0][3] +|| LDW *B4++[2],B$A[0][3] + LDW *A4++[2],A$A[0][4] +|| LDW *B4++[2],B$A[0][4] + + LDW *A4++[2],A$A[1][0] +|| LDW *B4++[2],B$A[1][0] + LDW *A4++[2],A$A[1][1] +|| LDW *B4++[2],B$A[1][1] + LDW *A4++[2],A$A[1][2] +|| LDW *B4++[2],B$A[1][2] + LDW *A4++[2],A$A[1][3] +|| LDW *B4++[2],B$A[1][3] + LDW *A4++[2],A$A[1][4] +|| LDW *B4++[2],B$A[1][4] + + LDW *A4++[2],A$A[2][0] +|| LDW *B4++[2],B$A[2][0] + LDW *A4++[2],A$A[2][1] +|| LDW *B4++[2],B$A[2][1] + LDW *A4++[2],A$A[2][2] +|| LDW *B4++[2],B$A[2][2] + LDW *A4++[2],A$A[2][3] +|| LDW *B4++[2],B$A[2][3] + LDW *A4++[2],A$A[2][4] +|| LDW *B4++[2],B$A[2][4] + + LDW *A4++[2],A$A[3][0] +|| LDW *B4++[2],B$A[3][0] + LDW *A4++[2],A$A[3][1] +|| LDW *B4++[2],B$A[3][1] + LDW *A4++[2],A$A[3][2] +|| LDW *B4++[2],B$A[3][2] + LDW *A4++[2],A$A[3][3] +|| LDW *B4++[2],B$A[3][3] + LDW *A4++[2],A$A[3][4] +|| LDW *B4++[2],B$A[3][4] + + LDW *A4++[2],A$A[4][0] +|| LDW *B4++[2],B$A[4][0] + LDW *A4++[2],A$A[4][1] +|| LDW *B4++[2],B$A[4][1] + LDW *A4++[2],A$A[4][2] +|| LDW *B4++[2],B$A[4][2] + LDW *A4++[2],A$A[4][3] +|| LDW *B4++[2],B$A[4][3] + LDW *A4,A$A[4][4] +|| LDW *B4,B$A[4][4] +|| ADDKPC loop?,RA + STDW RA:BSZ,*SP[4] + +loop?: + CMPLTU LEN,BSZ,A0 ; len < bsz? +|| SHRU BSZ,3,BSZ + [A0] BNOP ret? +||[A0] ZERO BSZ +||[A0] LDW *SP[1],A2 ; pull A[][] + [BSZ] LDNDW *INP++,A1:A0 +||[BSZ] SUB LEN,8,LEN +||[BSZ] SUB BSZ,1,BSZ + NOP 4 +___ +for ($y = 0; $y < 5; $y++) { + for ($x = 0; $x < ($y<4 ? 5 : 4); $x++) { +$code.=<<___; + .if .BIG_ENDIAN + SWAP2 A0,A1 +|| SWAP2 A1,A0 + SWAP4 A0,A0 + SWAP4 A1,A1 +||[!BSZ]BNOP _KeccakF1600_cheat +||[!BSZ]STDW LEN:INP,*SP[3] +|| DEAL A0,A0 + .else + [!BSZ]BNOP _KeccakF1600_cheat +||[!BSZ]STDW LEN:INP,*SP[3] +|| DEAL A0,A0 + .endif + [BSZ] LDNDW *INP++,A1:A0 +|| DEAL A1,A1 + [BSZ] SUB LEN,8,LEN +||[BSZ] SUB BSZ,1,BSZ + PACK2 A1,A0,A0 +|| PACKH2 A1,A0,A1 + XOR A0,A$A[$y][$x],A$A[$y][$x] + XOR A1,B$A[$y][$x],B$A[$y][$x] +___ + } +} +$code.=<<___; + .if .BIG_ENDIAN + SWAP2 A0,A1 +|| SWAP2 A1,A0 + SWAP4 A0,A0 + SWAP4 A1,A1 + .endif + BNOP _KeccakF1600_cheat +|| STDW LEN:INP,*SP[3] +|| DEAL A0,A0 + DEAL A1,A1 + NOP + PACK2 A1,A0,A0 +|| PACKH2 A1,A0,A1 + XOR A0,A$A[4][4],A$A[4][4] + XOR A1,B$A[4][4],B$A[4][4] + + .align 16 +ret?: + MV LEN,A4 ; return value +|| ADD 4,A2,B2 + + STW A$A[0][0],*A2++[2] ; store A[5][5] +|| STW B$A[0][0],*B2++[2] + STW A$A[0][1],*A2++[2] +|| STW B$A[0][1],*B2++[2] + STW A$A[0][2],*A2++[2] +|| STW B$A[0][2],*B2++[2] + STW A$A[0][3],*A2++[2] +|| STW B$A[0][3],*B2++[2] + STW A$A[0][4],*A2++[2] +|| STW B$A[0][4],*B2++[2] + + STW A$A[1][0],*A2++[2] +|| STW B$A[1][0],*B2++[2] + STW A$A[1][1],*A2++[2] +|| STW B$A[1][1],*B2++[2] + STW A$A[1][2],*A2++[2] +|| STW B$A[1][2],*B2++[2] + STW A$A[1][3],*A2++[2] +|| STW B$A[1][3],*B2++[2] + STW A$A[1][4],*A2++[2] +|| STW B$A[1][4],*B2++[2] + + STW A$A[2][0],*A2++[2] +|| STW B$A[2][0],*B2++[2] + STW A$A[2][1],*A2++[2] +|| STW B$A[2][1],*B2++[2] + STW A$A[2][2],*A2++[2] +|| STW B$A[2][2],*B2++[2] + STW A$A[2][3],*A2++[2] +|| STW B$A[2][3],*B2++[2] + STW A$A[2][4],*A2++[2] +|| STW B$A[2][4],*B2++[2] + + LDW *SP[15],RA +|| LDW *FP[-6],A14 + + STW A$A[3][0],*A2++[2] +|| STW B$A[3][0],*B2++[2] + STW A$A[3][1],*A2++[2] +|| STW B$A[3][1],*B2++[2] + STW A$A[3][2],*A2++[2] +|| STW B$A[3][2],*B2++[2] + STW A$A[3][3],*A2++[2] +|| STW B$A[3][3],*B2++[2] + STW A$A[3][4],*A2++[2] +|| STW B$A[3][4],*B2++[2] + + LDDW *SP[8], B11:B10 +|| LDDW *FP[-5],A11:A10 + LDDW *SP[9], B13:B12 +|| LDDW *FP[-4],A13:A12 + BNOP RA +|| LDW *++SP(80),FP ; restore frame pointer + + STW A$A[4][0],*A2++[2] +|| STW B$A[4][0],*B2++[2] + STW A$A[4][1],*A2++[2] +|| STW B$A[4][1],*B2++[2] + STW A$A[4][2],*A2++[2] +|| STW B$A[4][2],*B2++[2] + STW A$A[4][3],*A2++[2] +|| STW B$A[4][3],*B2++[2] + STW A$A[4][4],*A2++[2] +|| STW B$A[4][4],*B2++[2] + .endasmfunc + + .newblock + .global _SHA3_squeeze + .asg A12,OUT + .asg A13,LEN + .asg A14,BSZ + .align 32 +_SHA3_squeeze: + .asmfunc stack_usage(24) + STW FP,*SP--(24) ; save frame pointer +|| MV SP,FP + STW RA, *SP[5] +|| STW A14,*FP[-2] + STDW A13:A12,*FP[-2] +|| MV B4,OUT ; reassign arguments + MV A6,LEN +|| MV B6,BSZ + +loop?: + LDW *SP[5],RA ; reload RA +|| SHRU BSZ,3,A1 +|| MV A4,A8 +|| ADD 4,A4,B8 +block?: + CMPLTU LEN,8,A0 ; len < 8? + [A0] BNOP tail? + LDW *A8++[2],A9 +|| LDW *B8++[2],B9 +|| SUB LEN,8,LEN ; len -= 8 + MV LEN,A0 +|| SUB A1,1,A1 ; bsz-- +|| NOP 4 + .if .BIG_ENDIAN + SWAP4 A9,A9 +|| SWAP4 B9,B9 + SWAP2 A9,A9 +|| SWAP2 B9,B9 + .endif + [!A0] BNOP ret? +||[!A0] ZERO A1 + PACK2 B9,A9,B7 +||[A1] BNOP block? + PACKH2 B9,A9,B9 +|| SHFL B7,B7 + SHFL B9,B9 + STNW B7,*OUT++ + STNW B9,*OUT++ + NOP + + BNOP _KeccakF1600,4 + ADDKPC loop?,RA + + .align 16 +tail?: + .if .BIG_ENDIAN + SWAP4 A9,A9 +|| SWAP4 B9,B9 + SWAP2 A9,A9 +|| SWAP2 B9,B9 + .endif + PACK2 B9,A9,B7 + PACKH2 B9,A9,B9 +|| SHFL B7,B7 + SHFL B9,B9 + + STB B7,*OUT++ +|| SHRU B7,8,B7 +|| ADD LEN,7,A0 + [A0] STB B7,*OUT++ +||[A0] SHRU B7,8,B7 +||[A0] SUB A0,1,A0 + [A0] STB B7,*OUT++ +||[A0] SHRU B7,8,B7 +||[A0] SUB A0,1,A0 + [A0] STB B7,*OUT++ +||[A0] SUB A0,1,A0 + [A0] STB B9,*OUT++ +||[A0] SHRU B9,8,B9 +||[A0] SUB A0,1,A0 + [A0] STB B9,*OUT++ +||[A0] SHRU B9,8,B9 +||[A0] SUB A0,1,A0 + [A0] STB B9,*OUT++ + +ret?: + LDDW *FP[-2],A13:A12 + BNOP RA +|| LDW *FP[-2],A14 + LDW *++SP(24),FP ; restore frame pointer + NOP 4 ; wait till FP is committed + .endasmfunc + + .if __TI_EABI__ + .sect ".text:sha_asm.const" + .else + .sect ".const:sha_asm" + .endif + .align 256 + .uword 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +iotas: + .uword 0x00000001, 0x00000000 + .uword 0x00000000, 0x00000089 + .uword 0x00000000, 0x8000008b + .uword 0x00000000, 0x80008080 + .uword 0x00000001, 0x0000008b + .uword 0x00000001, 0x00008000 + .uword 0x00000001, 0x80008088 + .uword 0x00000001, 0x80000082 + .uword 0x00000000, 0x0000000b + .uword 0x00000000, 0x0000000a + .uword 0x00000001, 0x00008082 + .uword 0x00000000, 0x00008003 + .uword 0x00000001, 0x0000808b + .uword 0x00000001, 0x8000000b + .uword 0x00000001, 0x8000008a + .uword 0x00000001, 0x80000081 + .uword 0x00000000, 0x80000081 + .uword 0x00000000, 0x80000008 + .uword 0x00000000, 0x00000083 + .uword 0x00000000, 0x80008003 + .uword 0x00000001, 0x80008088 + .uword 0x00000000, 0x80000088 + .uword 0x00000001, 0x00008000 + .uword 0x00000000, 0x80008082 + + .cstring "Keccak-1600 absorb and squeeze for C64x, CRYPTOGAMS by " + .align 4 +___ + +$output=pop; +open STDOUT,">$output"; +print $code; +close STDOUT; diff --git a/deps/openssl/openssl/crypto/sha/asm/keccak1600-mmx.pl b/deps/openssl/openssl/crypto/sha/asm/keccak1600-mmx.pl new file mode 100755 index 00000000000000..c7685add79dd85 --- /dev/null +++ b/deps/openssl/openssl/crypto/sha/asm/keccak1600-mmx.pl @@ -0,0 +1,440 @@ +#!/usr/bin/env perl +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# Keccak-1600 for x86 MMX. +# +# June 2017. +# +# Below code is KECCAK_2X implementation (see sha/keccak1600.c) with +# C[5] held in register bank and D[5] offloaded to memory. Though +# instead of actually unrolling the loop pair-wise I simply flip +# pointers to T[][] and A[][] and the end of round. Since number of +# rounds is even, last round writes to A[][] and everything works out. +# It's argued that MMX is the only code path meaningful to implement +# for x86. This is because non-MMX-capable processors is an extinct +# breed, and they as well can lurk executing compiler-generated code. +# For reference gcc-5.x-generated KECCAK_2X code takes 89 cycles per +# processed byte on Pentium. Which is fair result. But older compilers +# produce worse code. On the other hand one can wonder why not 128-bit +# SSE2? Well, SSE2 won't provide double improvement, rather far from +# that, if any at all on some processors, because it will take extra +# permutations and inter-bank data trasfers. Besides, contemporary +# CPUs are better off executing 64-bit code, and it makes lesser sense +# to invest into fancy 32-bit code. And the decision doesn't seem to +# be inadequate, if one compares below results to "64-bit platforms in +# 32-bit mode" SIMD data points available at +# http://keccak.noekeon.org/sw_performance.html. +# +######################################################################## +# Numbers are cycles per processed byte out of large message. +# +# r=1088(i) +# +# PIII 30/+150% +# Pentium M 27/+150% +# P4 40/+85% +# Core 2 19/+170% +# Sandy Bridge(ii) 18/+140% +# Atom 33/+180% +# Silvermont(ii) 30/+180% +# VIA Nano(ii) 43/+60% +# Sledgehammer(ii)(iii) 24/+130% +# +# (i) Corresponds to SHA3-256. Numbers after slash are improvement +# coefficients over KECCAK_2X [with bit interleave and lane +# complementing] position-independent *scalar* code generated +# by gcc-5.x. It's not exactly fair comparison, but it's a +# datapoint... +# (ii) 64-bit processor executing 32-bit code. +# (iii) Result is considered to be representative even for older AMD +# processors. + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}","${dir}../../perlasm"); +require "x86asm.pl"; + +$output=pop; +open STDOUT,">$output"; + +&asm_init($ARGV[0],$ARGV[$#ARGV] eq "386"); + +my @C = map("mm$_",(0..4)); +my @T = map("mm$_",(5..7)); +my @A = map([ 8*$_-100, 8*($_+1)-100, 8*($_+2)-100, + 8*($_+3)-100, 8*($_+4)-100 ], (0,5,10,15,20)); +my @D = map(8*$_+4, (0..4)); +my @rhotates = ([ 0, 1, 62, 28, 27 ], + [ 36, 44, 6, 55, 20 ], + [ 3, 10, 43, 25, 39 ], + [ 41, 45, 15, 21, 8 ], + [ 18, 2, 61, 56, 14 ]); + +&static_label("iotas"); + +&function_begin_B("_KeccakF1600"); + &movq (@C[0],&QWP($A[4][0],"esi")); + &movq (@C[1],&QWP($A[4][1],"esi")); + &movq (@C[2],&QWP($A[4][2],"esi")); + &movq (@C[3],&QWP($A[4][3],"esi")); + &movq (@C[4],&QWP($A[4][4],"esi")); + + &mov ("ecx",24); # loop counter + &jmp (&label("loop")); + + &set_label("loop",16); + ######################################### Theta + &pxor (@C[0],&QWP($A[0][0],"esi")); + &pxor (@C[1],&QWP($A[0][1],"esi")); + &pxor (@C[2],&QWP($A[0][2],"esi")); + &pxor (@C[3],&QWP($A[0][3],"esi")); + &pxor (@C[4],&QWP($A[0][4],"esi")); + + &pxor (@C[0],&QWP($A[1][0],"esi")); + &pxor (@C[1],&QWP($A[1][1],"esi")); + &pxor (@C[2],&QWP($A[1][2],"esi")); + &pxor (@C[3],&QWP($A[1][3],"esi")); + &pxor (@C[4],&QWP($A[1][4],"esi")); + + &pxor (@C[0],&QWP($A[2][0],"esi")); + &pxor (@C[1],&QWP($A[2][1],"esi")); + &pxor (@C[2],&QWP($A[2][2],"esi")); + &pxor (@C[3],&QWP($A[2][3],"esi")); + &pxor (@C[4],&QWP($A[2][4],"esi")); + + &pxor (@C[2],&QWP($A[3][2],"esi")); + &pxor (@C[0],&QWP($A[3][0],"esi")); + &pxor (@C[1],&QWP($A[3][1],"esi")); + &pxor (@C[3],&QWP($A[3][3],"esi")); + &movq (@T[0],@C[2]); + &pxor (@C[4],&QWP($A[3][4],"esi")); + + &movq (@T[2],@C[2]); + &psrlq (@T[0],63); + &movq (@T[1],@C[0]); + &psllq (@T[2],1); + &pxor (@T[0],@C[0]); + &psrlq (@C[0],63); + &pxor (@T[0],@T[2]); + &psllq (@T[1],1); + &movq (@T[2],@C[1]); + &movq (&QWP(@D[1],"esp"),@T[0]); # D[1] = E[0] = ROL64(C[2], 1) ^ C[0]; + + &pxor (@T[1],@C[0]); + &psrlq (@T[2],63); + &pxor (@T[1],@C[3]); + &movq (@C[0],@C[1]); + &movq (&QWP(@D[4],"esp"),@T[1]); # D[4] = E[1] = ROL64(C[0], 1) ^ C[3]; + + &psllq (@C[0],1); + &pxor (@T[2],@C[4]); + &pxor (@C[0],@T[2]); + + &movq (@T[2],@C[3]); + &psrlq (@C[3],63); + &movq (&QWP(@D[0],"esp"),@C[0]); # D[0] = C[0] = ROL64(C[1], 1) ^ C[4]; + &psllq (@T[2],1); + &movq (@T[0],@C[4]); + &psrlq (@C[4],63); + &pxor (@C[1],@C[3]); + &psllq (@T[0],1); + &pxor (@C[1],@T[2]); + &pxor (@C[2],@C[4]); + &movq (&QWP(@D[2],"esp"),@C[1]); # D[2] = C[1] = ROL64(C[3], 1) ^ C[1]; + &pxor (@C[2],@T[0]); + + ######################################### first Rho(0) is special + &movq (@C[3],&QWP($A[3][3],"esi")); + &movq (&QWP(@D[3],"esp"),@C[2]); # D[3] = C[2] = ROL64(C[4], 1) ^ C[2]; + &pxor (@C[3],@C[2]); + &movq (@C[4],&QWP($A[4][4],"esi")); + &movq (@T[2],@C[3]); + &psrlq (@C[3],64-$rhotates[3][3]); + &pxor (@C[4],@T[1]); + &psllq (@T[2],$rhotates[3][3]); + &movq (@T[1],@C[4]); + &psrlq (@C[4],64-$rhotates[4][4]); + &por (@C[3],@T[2]); # C[3] = ROL64(A[3][3] ^ C[2], rhotates[3][3]); /* D[3] */ + &psllq (@T[1],$rhotates[4][4]); + + &movq (@C[2],&QWP($A[2][2],"esi")); + &por (@C[4],@T[1]); # C[4] = ROL64(A[4][4] ^ E[1], rhotates[4][4]); /* D[4] */ + &pxor (@C[2],@C[1]); + &movq (@C[1],&QWP($A[1][1],"esi")); + &movq (@T[1],@C[2]); + &psrlq (@C[2],64-$rhotates[2][2]); + &pxor (@C[1],&QWP(@D[1],"esp")); + &psllq (@T[1],$rhotates[2][2]); + + &movq (@T[2],@C[1]); + &psrlq (@C[1],64-$rhotates[1][1]); + &por (@C[2],@T[1]); # C[2] = ROL64(A[2][2] ^ C[1], rhotates[2][2]); /* D[2] */ + &psllq (@T[2],$rhotates[1][1]); + &pxor (@C[0],&QWP($A[0][0],"esi")); # /* rotate by 0 */ /* D[0] */ + &por (@C[1],@T[2]); # C[1] = ROL64(A[1][1] ^ D[1], rhotates[1][1]); + +sub Chi() { ######### regular Chi step + my ($y,$xrho) = @_; + + &movq (@T[0],@C[1]); + &movq (@T[1],@C[2]); + &pandn (@T[0],@C[2]); + &pandn (@C[2],@C[3]); + &pxor (@T[0],@C[0]); + &pxor (@C[2],@C[1]); + &pxor (@T[0],&QWP(0,"ebx")) if ($y == 0); + &lea ("ebx",&DWP(8,"ebx")) if ($y == 0); + + &movq (@T[2],@C[3]); + &movq (&QWP($A[$y][0],"edi"),@T[0]); # R[0][0] = C[0] ^ (~C[1] & C[2]) ^ iotas[i]; + &movq (@T[0],@C[4]); + &pandn (@C[3],@C[4]); + &pandn (@C[4],@C[0]); + &pxor (@C[3],@T[1]); + &movq (&QWP($A[$y][1],"edi"),@C[2]); # R[0][1] = C[1] ^ (~C[2] & C[3]); + &pxor (@C[4],@T[2]); + &movq (@T[2],&QWP($A[0][$xrho],"esi")) if (defined($xrho)); + + &movq (&QWP($A[$y][2],"edi"),@C[3]); # R[0][2] = C[2] ^ (~C[3] & C[4]); + &pandn (@C[0],@C[1]); + &movq (&QWP($A[$y][3],"edi"),@C[4]); # R[0][3] = C[3] ^ (~C[4] & C[0]); + &pxor (@C[0],@T[0]); + &pxor (@T[2],&QWP(@D[$xrho],"esp")) if (defined($xrho)); + &movq (&QWP($A[$y][4],"edi"),@C[0]); # R[0][4] = C[4] ^ (~C[0] & C[1]); +} + &Chi (0, 3); + +sub Rho() { ######### regular Rho step + my $x = shift; + + #&movq (@T[2],&QWP($A[0][$x],"esi")); # moved to Chi + #&pxor (@T[2],&QWP(@D[$x],"esp")); # moved to Chi + &movq (@C[0],@T[2]); + &psrlq (@T[2],64-$rhotates[0][$x]); + &movq (@C[1],&QWP($A[1][($x+1)%5],"esi")); + &psllq (@C[0],$rhotates[0][$x]); + &pxor (@C[1],&QWP(@D[($x+1)%5],"esp")); + &por (@C[0],@T[2]); # C[0] = ROL64(A[0][3] ^ D[3], rhotates[0][3]); + + &movq (@T[1],@C[1]); + &psrlq (@C[1],64-$rhotates[1][($x+1)%5]); + &movq (@C[2],&QWP($A[2][($x+2)%5],"esi")); + &psllq (@T[1],$rhotates[1][($x+1)%5]); + &pxor (@C[2],&QWP(@D[($x+2)%5],"esp")); + &por (@C[1],@T[1]); # C[1] = ROL64(A[1][4] ^ D[4], rhotates[1][4]); + + &movq (@T[2],@C[2]); + &psrlq (@C[2],64-$rhotates[2][($x+2)%5]); + &movq (@C[3],&QWP($A[3][($x+3)%5],"esi")); + &psllq (@T[2],$rhotates[2][($x+2)%5]); + &pxor (@C[3],&QWP(@D[($x+3)%5],"esp")); + &por (@C[2],@T[2]); # C[2] = ROL64(A[2][0] ^ D[0], rhotates[2][0]); + + &movq (@T[0],@C[3]); + &psrlq (@C[3],64-$rhotates[3][($x+3)%5]); + &movq (@C[4],&QWP($A[4][($x+4)%5],"esi")); + &psllq (@T[0],$rhotates[3][($x+3)%5]); + &pxor (@C[4],&QWP(@D[($x+4)%5],"esp")); + &por (@C[3],@T[0]); # C[3] = ROL64(A[3][1] ^ D[1], rhotates[3][1]); + + &movq (@T[1],@C[4]); + &psrlq (@C[4],64-$rhotates[4][($x+4)%5]); + &psllq (@T[1],$rhotates[4][($x+4)%5]); + &por (@C[4],@T[1]); # C[4] = ROL64(A[4][2] ^ D[2], rhotates[4][2]); +} + &Rho (3); &Chi (1, 1); + &Rho (1); &Chi (2, 4); + &Rho (4); &Chi (3, 2); + &Rho (2); ###&Chi (4); + + &movq (@T[0],@C[0]); ######### last Chi(4) is special + &xor ("edi","esi"); # &xchg ("esi","edi"); + &movq (&QWP(@D[1],"esp"),@C[1]); + &xor ("esi","edi"); + &xor ("edi","esi"); + + &movq (@T[1],@C[1]); + &movq (@T[2],@C[2]); + &pandn (@T[1],@C[2]); + &pandn (@T[2],@C[3]); + &pxor (@C[0],@T[1]); + &pxor (@C[1],@T[2]); + + &movq (@T[1],@C[3]); + &movq (&QWP($A[4][0],"esi"),@C[0]); # R[4][0] = C[0] ^= (~C[1] & C[2]); + &pandn (@T[1],@C[4]); + &movq (&QWP($A[4][1],"esi"),@C[1]); # R[4][1] = C[1] ^= (~C[2] & C[3]); + &pxor (@C[2],@T[1]); + &movq (@T[2],@C[4]); + &movq (&QWP($A[4][2],"esi"),@C[2]); # R[4][2] = C[2] ^= (~C[3] & C[4]); + + &pandn (@T[2],@T[0]); + &pandn (@T[0],&QWP(@D[1],"esp")); + &pxor (@C[3],@T[2]); + &pxor (@C[4],@T[0]); + &movq (&QWP($A[4][3],"esi"),@C[3]); # R[4][3] = C[3] ^= (~C[4] & D[0]); + &sub ("ecx",1); + &movq (&QWP($A[4][4],"esi"),@C[4]); # R[4][4] = C[4] ^= (~D[0] & D[1]); + &jnz (&label("loop")); + + &lea ("ebx",&DWP(-192,"ebx")); # rewind iotas + &ret (); +&function_end_B("_KeccakF1600"); + +&function_begin("KeccakF1600"); + &mov ("esi",&wparam(0)); + &mov ("ebp","esp"); + &sub ("esp",240); + &call (&label("pic_point")); + &set_label("pic_point"); + &blindpop("ebx"); + &lea ("ebx",&DWP(&label("iotas")."-".&label("pic_point"),"ebx")); + &and ("esp",-8); + &lea ("esi",&DWP(100,"esi")); # size optimization + &lea ("edi",&DWP(8*5+100,"esp")); # size optimization + + &call ("_KeccakF1600"); + + &mov ("esp","ebp"); + &emms (); +&function_end("KeccakF1600"); + +&function_begin("SHA3_absorb"); + &mov ("esi",&wparam(0)); # A[][] + &mov ("eax",&wparam(1)); # inp + &mov ("ecx",&wparam(2)); # len + &mov ("edx",&wparam(3)); # bsz + &mov ("ebp","esp"); + &sub ("esp",240+8); + &call (&label("pic_point")); + &set_label("pic_point"); + &blindpop("ebx"); + &lea ("ebx",&DWP(&label("iotas")."-".&label("pic_point"),"ebx")); + &and ("esp",-8); + + &mov ("edi","esi"); + &lea ("esi",&DWP(100,"esi")); # size optimization + &mov (&DWP(-4,"ebp"),"edx"); # save bsz + &jmp (&label("loop")); + +&set_label("loop",16); + &cmp ("ecx","edx"); # len < bsz? + &jc (&label("absorbed")); + + &shr ("edx",3); # bsz /= 8 +&set_label("block"); + &movq ("mm0",&QWP(0,"eax")); + &lea ("eax",&DWP(8,"eax")); + &pxor ("mm0",&QWP(0,"edi")); + &lea ("edi",&DWP(8,"edi")); + &sub ("ecx",8); # len -= 8 + &movq (&QWP(-8,"edi"),"mm0"); + &dec ("edx"); # bsz-- + &jnz (&label("block")); + + &lea ("edi",&DWP(8*5+100,"esp")); # size optimization + &mov (&DWP(-8,"ebp"),"ecx"); # save len + &call ("_KeccakF1600"); + &mov ("ecx",&DWP(-8,"ebp")); # pull len + &mov ("edx",&DWP(-4,"ebp")); # pull bsz + &lea ("edi",&DWP(-100,"esi")); + &jmp (&label("loop")); + +&set_label("absorbed",16); + &mov ("eax","ecx"); # return value + &mov ("esp","ebp"); + &emms (); +&function_end("SHA3_absorb"); + +&function_begin("SHA3_squeeze"); + &mov ("esi",&wparam(0)); # A[][] + &mov ("eax",&wparam(1)); # out + &mov ("ecx",&wparam(2)); # len + &mov ("edx",&wparam(3)); # bsz + &mov ("ebp","esp"); + &sub ("esp",240+8); + &call (&label("pic_point")); + &set_label("pic_point"); + &blindpop("ebx"); + &lea ("ebx",&DWP(&label("iotas")."-".&label("pic_point"),"ebx")); + &and ("esp",-8); + + &shr ("edx",3); # bsz /= 8 + &mov ("edi","esi"); + &lea ("esi",&DWP(100,"esi")); # size optimization + &mov (&DWP(-4,"ebp"),"edx"); # save bsz + &jmp (&label("loop")); + +&set_label("loop",16); + &cmp ("ecx",8); # len < 8? + &jc (&label("tail")); + + &movq ("mm0",&QWP(0,"edi")); + &lea ("edi",&DWP(8,"edi")); + &movq (&QWP(0,"eax"),"mm0"); + &lea ("eax",&DWP(8,"eax")); + &sub ("ecx",8); # len -= 8 + &jz (&label("done")); + + &dec ("edx"); # bsz-- + &jnz (&label("loop")); + + &lea ("edi",&DWP(8*5+100,"esp")); # size optimization + &mov (&DWP(-8,"ebp"),"ecx"); # save len + &call ("_KeccakF1600"); + &mov ("ecx",&DWP(-8,"ebp")); # pull len + &mov ("edx",&DWP(-4,"ebp")); # pull bsz + &lea ("edi",&DWP(-100,"esi")); + &jmp (&label("loop")); + +&set_label("tail",16); + &mov ("esi","edi"); + &mov ("edi","eax"); + &data_word("0xA4F39066"); # rep movsb + +&set_label("done"); + &mov ("esp","ebp"); + &emms (); +&function_end("SHA3_squeeze"); + +&set_label("iotas",32); + &data_word(0x00000001,0x00000000); + &data_word(0x00008082,0x00000000); + &data_word(0x0000808a,0x80000000); + &data_word(0x80008000,0x80000000); + &data_word(0x0000808b,0x00000000); + &data_word(0x80000001,0x00000000); + &data_word(0x80008081,0x80000000); + &data_word(0x00008009,0x80000000); + &data_word(0x0000008a,0x00000000); + &data_word(0x00000088,0x00000000); + &data_word(0x80008009,0x00000000); + &data_word(0x8000000a,0x00000000); + &data_word(0x8000808b,0x00000000); + &data_word(0x0000008b,0x80000000); + &data_word(0x00008089,0x80000000); + &data_word(0x00008003,0x80000000); + &data_word(0x00008002,0x80000000); + &data_word(0x00000080,0x80000000); + &data_word(0x0000800a,0x00000000); + &data_word(0x8000000a,0x80000000); + &data_word(0x80008081,0x80000000); + &data_word(0x00008080,0x80000000); + &data_word(0x80000001,0x00000000); + &data_word(0x80008008,0x80000000); +&asciz("Keccak-1600 absorb and squeeze for MMX, CRYPTOGAMS by "); + +&asm_finish(); + +close STDOUT; diff --git a/deps/openssl/openssl/crypto/sha/asm/keccak1600-ppc64.pl b/deps/openssl/openssl/crypto/sha/asm/keccak1600-ppc64.pl new file mode 100755 index 00000000000000..30e70c5d6d7b9b --- /dev/null +++ b/deps/openssl/openssl/crypto/sha/asm/keccak1600-ppc64.pl @@ -0,0 +1,758 @@ +#!/usr/bin/env perl +# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# Keccak-1600 for PPC64. +# +# June 2017. +# +# This is straightforward KECCAK_1X_ALT implementation that works on +# *any* PPC64. Then PowerISA 2.07 adds 2x64-bit vector rotate, and +# it's possible to achieve performance better than below, but that is +# naturally option only for POWER8 and successors... +# +###################################################################### +# Numbers are cycles per processed byte. +# +# r=1088(*) +# +# PPC970/G5 14.6/+120% +# POWER7 10.3/+100% +# POWER8 11.5/+85% +# POWER9 9.4/+45% +# +# (*) Corresponds to SHA3-256. Percentage after slash is improvement +# over gcc-4.x-generated KECCAK_1X_ALT code. Newer compilers do +# much better (but watch out for them generating code specific +# to processor they execute on). + +$flavour = shift; + +if ($flavour =~ /64/) { + $SIZE_T =8; + $LRSAVE =2*$SIZE_T; + $UCMP ="cmpld"; + $STU ="stdu"; + $POP ="ld"; + $PUSH ="std"; +} else { die "nonsense $flavour"; } + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or +die "can't locate ppc-xlate.pl"; + +open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!"; + +$FRAME=24*$SIZE_T+6*$SIZE_T+32; +$LOCALS=6*$SIZE_T; +$TEMP=$LOCALS+6*$SIZE_T; + +my $sp ="r1"; + +my @A = map([ "r$_", "r".($_+1), "r".($_+2), "r".($_+3), "r".($_+4) ], + (7, 12, 17, 22, 27)); + $A[1][1] = "r6"; # r13 is reserved + +my @C = map("r$_", (0,3,4,5)); + +my @rhotates = ([ 0, 1, 62, 28, 27 ], + [ 36, 44, 6, 55, 20 ], + [ 3, 10, 43, 25, 39 ], + [ 41, 45, 15, 21, 8 ], + [ 18, 2, 61, 56, 14 ]); + +$code.=<<___; +.text + +.type KeccakF1600_int,\@function +.align 5 +KeccakF1600_int: + li r0,24 + mtctr r0 + b .Loop +.align 4 +.Loop: + xor $C[0],$A[0][0],$A[1][0] ; Theta + std $A[0][4],`$TEMP+0`($sp) + xor $C[1],$A[0][1],$A[1][1] + std $A[1][4],`$TEMP+8`($sp) + xor $C[2],$A[0][2],$A[1][2] + std $A[2][4],`$TEMP+16`($sp) + xor $C[3],$A[0][3],$A[1][3] + std $A[3][4],`$TEMP+24`($sp) +___ + $C[4]=$A[0][4]; + $C[5]=$A[1][4]; + $C[6]=$A[2][4]; + $C[7]=$A[3][4]; +$code.=<<___; + xor $C[4],$A[0][4],$A[1][4] + xor $C[0],$C[0],$A[2][0] + xor $C[1],$C[1],$A[2][1] + xor $C[2],$C[2],$A[2][2] + xor $C[3],$C[3],$A[2][3] + xor $C[4],$C[4],$A[2][4] + xor $C[0],$C[0],$A[3][0] + xor $C[1],$C[1],$A[3][1] + xor $C[2],$C[2],$A[3][2] + xor $C[3],$C[3],$A[3][3] + xor $C[4],$C[4],$A[3][4] + xor $C[0],$C[0],$A[4][0] + xor $C[2],$C[2],$A[4][2] + xor $C[1],$C[1],$A[4][1] + xor $C[3],$C[3],$A[4][3] + rotldi $C[5],$C[2],1 + xor $C[4],$C[4],$A[4][4] + rotldi $C[6],$C[3],1 + xor $C[5],$C[5],$C[0] + rotldi $C[7],$C[4],1 + + xor $A[0][1],$A[0][1],$C[5] + xor $A[1][1],$A[1][1],$C[5] + xor $A[2][1],$A[2][1],$C[5] + xor $A[3][1],$A[3][1],$C[5] + xor $A[4][1],$A[4][1],$C[5] + + rotldi $C[5],$C[0],1 + xor $C[6],$C[6],$C[1] + xor $C[2],$C[2],$C[7] + rotldi $C[7],$C[1],1 + xor $C[3],$C[3],$C[5] + xor $C[4],$C[4],$C[7] + + xor $C[1], $A[0][2],$C[6] ;mr $C[1],$A[0][2] + xor $A[1][2],$A[1][2],$C[6] + xor $A[2][2],$A[2][2],$C[6] + xor $A[3][2],$A[3][2],$C[6] + xor $A[4][2],$A[4][2],$C[6] + + xor $A[0][0],$A[0][0],$C[4] + xor $A[1][0],$A[1][0],$C[4] + xor $A[2][0],$A[2][0],$C[4] + xor $A[3][0],$A[3][0],$C[4] + xor $A[4][0],$A[4][0],$C[4] +___ + $C[4]=undef; + $C[5]=undef; + $C[6]=undef; + $C[7]=undef; +$code.=<<___; + ld $A[0][4],`$TEMP+0`($sp) + xor $C[0], $A[0][3],$C[2] ;mr $C[0],$A[0][3] + ld $A[1][4],`$TEMP+8`($sp) + xor $A[1][3],$A[1][3],$C[2] + ld $A[2][4],`$TEMP+16`($sp) + xor $A[2][3],$A[2][3],$C[2] + ld $A[3][4],`$TEMP+24`($sp) + xor $A[3][3],$A[3][3],$C[2] + xor $A[4][3],$A[4][3],$C[2] + + xor $C[2], $A[0][4],$C[3] ;mr $C[2],$A[0][4] + xor $A[1][4],$A[1][4],$C[3] + xor $A[2][4],$A[2][4],$C[3] + xor $A[3][4],$A[3][4],$C[3] + xor $A[4][4],$A[4][4],$C[3] + + mr $C[3],$A[0][1] ; Rho+Pi + rotldi $A[0][1],$A[1][1],$rhotates[1][1] + ;mr $C[1],$A[0][2] + rotldi $A[0][2],$A[2][2],$rhotates[2][2] + ;mr $C[0],$A[0][3] + rotldi $A[0][3],$A[3][3],$rhotates[3][3] + ;mr $C[2],$A[0][4] + rotldi $A[0][4],$A[4][4],$rhotates[4][4] + + rotldi $A[1][1],$A[1][4],$rhotates[1][4] + rotldi $A[2][2],$A[2][3],$rhotates[2][3] + rotldi $A[3][3],$A[3][2],$rhotates[3][2] + rotldi $A[4][4],$A[4][1],$rhotates[4][1] + + rotldi $A[1][4],$A[4][2],$rhotates[4][2] + rotldi $A[2][3],$A[3][4],$rhotates[3][4] + rotldi $A[3][2],$A[2][1],$rhotates[2][1] + rotldi $A[4][1],$A[1][3],$rhotates[1][3] + + rotldi $A[4][2],$A[2][4],$rhotates[2][4] + rotldi $A[3][4],$A[4][3],$rhotates[4][3] + rotldi $A[2][1],$A[1][2],$rhotates[1][2] + rotldi $A[1][3],$A[3][1],$rhotates[3][1] + + rotldi $A[2][4],$A[4][0],$rhotates[4][0] + rotldi $A[4][3],$A[3][0],$rhotates[3][0] + rotldi $A[1][2],$A[2][0],$rhotates[2][0] + rotldi $A[3][1],$A[1][0],$rhotates[1][0] + + rotldi $A[1][0],$C[0],$rhotates[0][3] + rotldi $A[2][0],$C[3],$rhotates[0][1] + rotldi $A[3][0],$C[2],$rhotates[0][4] + rotldi $A[4][0],$C[1],$rhotates[0][2] + + andc $C[0],$A[0][2],$A[0][1] ; Chi+Iota + andc $C[1],$A[0][3],$A[0][2] + andc $C[2],$A[0][0],$A[0][4] + andc $C[3],$A[0][1],$A[0][0] + xor $A[0][0],$A[0][0],$C[0] + andc $C[0],$A[0][4],$A[0][3] + xor $A[0][1],$A[0][1],$C[1] + ld $C[1],`$LOCALS+4*$SIZE_T`($sp) + xor $A[0][3],$A[0][3],$C[2] + xor $A[0][4],$A[0][4],$C[3] + xor $A[0][2],$A[0][2],$C[0] + ldu $C[3],8($C[1]) ; Iota[i++] + + andc $C[0],$A[1][2],$A[1][1] + std $C[1],`$LOCALS+4*$SIZE_T`($sp) + andc $C[1],$A[1][3],$A[1][2] + andc $C[2],$A[1][0],$A[1][4] + xor $A[0][0],$A[0][0],$C[3] ; A[0][0] ^= Iota + andc $C[3],$A[1][1],$A[1][0] + xor $A[1][0],$A[1][0],$C[0] + andc $C[0],$A[1][4],$A[1][3] + xor $A[1][1],$A[1][1],$C[1] + xor $A[1][3],$A[1][3],$C[2] + xor $A[1][4],$A[1][4],$C[3] + xor $A[1][2],$A[1][2],$C[0] + + andc $C[0],$A[2][2],$A[2][1] + andc $C[1],$A[2][3],$A[2][2] + andc $C[2],$A[2][0],$A[2][4] + andc $C[3],$A[2][1],$A[2][0] + xor $A[2][0],$A[2][0],$C[0] + andc $C[0],$A[2][4],$A[2][3] + xor $A[2][1],$A[2][1],$C[1] + xor $A[2][3],$A[2][3],$C[2] + xor $A[2][4],$A[2][4],$C[3] + xor $A[2][2],$A[2][2],$C[0] + + andc $C[0],$A[3][2],$A[3][1] + andc $C[1],$A[3][3],$A[3][2] + andc $C[2],$A[3][0],$A[3][4] + andc $C[3],$A[3][1],$A[3][0] + xor $A[3][0],$A[3][0],$C[0] + andc $C[0],$A[3][4],$A[3][3] + xor $A[3][1],$A[3][1],$C[1] + xor $A[3][3],$A[3][3],$C[2] + xor $A[3][4],$A[3][4],$C[3] + xor $A[3][2],$A[3][2],$C[0] + + andc $C[0],$A[4][2],$A[4][1] + andc $C[1],$A[4][3],$A[4][2] + andc $C[2],$A[4][0],$A[4][4] + andc $C[3],$A[4][1],$A[4][0] + xor $A[4][0],$A[4][0],$C[0] + andc $C[0],$A[4][4],$A[4][3] + xor $A[4][1],$A[4][1],$C[1] + xor $A[4][3],$A[4][3],$C[2] + xor $A[4][4],$A[4][4],$C[3] + xor $A[4][2],$A[4][2],$C[0] + + bdnz .Loop + + blr + .long 0 + .byte 0,12,0x14,0,0,0,0,0 +.size KeccakF1600_int,.-KeccakF1600_int + +.type KeccakF1600,\@function +.align 5 +KeccakF1600: + $STU $sp,-$FRAME($sp) + mflr r0 + $PUSH r14,`$FRAME-$SIZE_T*18`($sp) + $PUSH r15,`$FRAME-$SIZE_T*17`($sp) + $PUSH r16,`$FRAME-$SIZE_T*16`($sp) + $PUSH r17,`$FRAME-$SIZE_T*15`($sp) + $PUSH r18,`$FRAME-$SIZE_T*14`($sp) + $PUSH r19,`$FRAME-$SIZE_T*13`($sp) + $PUSH r20,`$FRAME-$SIZE_T*12`($sp) + $PUSH r21,`$FRAME-$SIZE_T*11`($sp) + $PUSH r22,`$FRAME-$SIZE_T*10`($sp) + $PUSH r23,`$FRAME-$SIZE_T*9`($sp) + $PUSH r24,`$FRAME-$SIZE_T*8`($sp) + $PUSH r25,`$FRAME-$SIZE_T*7`($sp) + $PUSH r26,`$FRAME-$SIZE_T*6`($sp) + $PUSH r27,`$FRAME-$SIZE_T*5`($sp) + $PUSH r28,`$FRAME-$SIZE_T*4`($sp) + $PUSH r29,`$FRAME-$SIZE_T*3`($sp) + $PUSH r30,`$FRAME-$SIZE_T*2`($sp) + $PUSH r31,`$FRAME-$SIZE_T*1`($sp) + $PUSH r0,`$FRAME+$LRSAVE`($sp) + + bl PICmeup + subi r12,r12,8 ; prepare for ldu + + $PUSH r3,`$LOCALS+0*$SIZE_T`($sp) + ;$PUSH r4,`$LOCALS+1*$SIZE_T`($sp) + ;$PUSH r5,`$LOCALS+2*$SIZE_T`($sp) + ;$PUSH r6,`$LOCALS+3*$SIZE_T`($sp) + $PUSH r12,`$LOCALS+4*$SIZE_T`($sp) + + ld $A[0][0],`8*0`(r3) ; load A[5][5] + ld $A[0][1],`8*1`(r3) + ld $A[0][2],`8*2`(r3) + ld $A[0][3],`8*3`(r3) + ld $A[0][4],`8*4`(r3) + ld $A[1][0],`8*5`(r3) + ld $A[1][1],`8*6`(r3) + ld $A[1][2],`8*7`(r3) + ld $A[1][3],`8*8`(r3) + ld $A[1][4],`8*9`(r3) + ld $A[2][0],`8*10`(r3) + ld $A[2][1],`8*11`(r3) + ld $A[2][2],`8*12`(r3) + ld $A[2][3],`8*13`(r3) + ld $A[2][4],`8*14`(r3) + ld $A[3][0],`8*15`(r3) + ld $A[3][1],`8*16`(r3) + ld $A[3][2],`8*17`(r3) + ld $A[3][3],`8*18`(r3) + ld $A[3][4],`8*19`(r3) + ld $A[4][0],`8*20`(r3) + ld $A[4][1],`8*21`(r3) + ld $A[4][2],`8*22`(r3) + ld $A[4][3],`8*23`(r3) + ld $A[4][4],`8*24`(r3) + + bl KeccakF1600_int + + $POP r3,`$LOCALS+0*$SIZE_T`($sp) + std $A[0][0],`8*0`(r3) ; return A[5][5] + std $A[0][1],`8*1`(r3) + std $A[0][2],`8*2`(r3) + std $A[0][3],`8*3`(r3) + std $A[0][4],`8*4`(r3) + std $A[1][0],`8*5`(r3) + std $A[1][1],`8*6`(r3) + std $A[1][2],`8*7`(r3) + std $A[1][3],`8*8`(r3) + std $A[1][4],`8*9`(r3) + std $A[2][0],`8*10`(r3) + std $A[2][1],`8*11`(r3) + std $A[2][2],`8*12`(r3) + std $A[2][3],`8*13`(r3) + std $A[2][4],`8*14`(r3) + std $A[3][0],`8*15`(r3) + std $A[3][1],`8*16`(r3) + std $A[3][2],`8*17`(r3) + std $A[3][3],`8*18`(r3) + std $A[3][4],`8*19`(r3) + std $A[4][0],`8*20`(r3) + std $A[4][1],`8*21`(r3) + std $A[4][2],`8*22`(r3) + std $A[4][3],`8*23`(r3) + std $A[4][4],`8*24`(r3) + + $POP r0,`$FRAME+$LRSAVE`($sp) + $POP r14,`$FRAME-$SIZE_T*18`($sp) + $POP r15,`$FRAME-$SIZE_T*17`($sp) + $POP r16,`$FRAME-$SIZE_T*16`($sp) + $POP r17,`$FRAME-$SIZE_T*15`($sp) + $POP r18,`$FRAME-$SIZE_T*14`($sp) + $POP r19,`$FRAME-$SIZE_T*13`($sp) + $POP r20,`$FRAME-$SIZE_T*12`($sp) + $POP r21,`$FRAME-$SIZE_T*11`($sp) + $POP r22,`$FRAME-$SIZE_T*10`($sp) + $POP r23,`$FRAME-$SIZE_T*9`($sp) + $POP r24,`$FRAME-$SIZE_T*8`($sp) + $POP r25,`$FRAME-$SIZE_T*7`($sp) + $POP r26,`$FRAME-$SIZE_T*6`($sp) + $POP r27,`$FRAME-$SIZE_T*5`($sp) + $POP r28,`$FRAME-$SIZE_T*4`($sp) + $POP r29,`$FRAME-$SIZE_T*3`($sp) + $POP r30,`$FRAME-$SIZE_T*2`($sp) + $POP r31,`$FRAME-$SIZE_T*1`($sp) + mtlr r0 + addi $sp,$sp,$FRAME + blr + .long 0 + .byte 0,12,4,1,0x80,18,1,0 + .long 0 +.size KeccakF1600,.-KeccakF1600 + +.type dword_le_load,\@function +.align 5 +dword_le_load: + lbzu r0,1(r3) + lbzu r4,1(r3) + lbzu r5,1(r3) + insrdi r0,r4,8,48 + lbzu r4,1(r3) + insrdi r0,r5,8,40 + lbzu r5,1(r3) + insrdi r0,r4,8,32 + lbzu r4,1(r3) + insrdi r0,r5,8,24 + lbzu r5,1(r3) + insrdi r0,r4,8,16 + lbzu r4,1(r3) + insrdi r0,r5,8,8 + insrdi r0,r4,8,0 + blr + .long 0 + .byte 0,12,0x14,0,0,0,1,0 + .long 0 +.size dword_le_load,.-dword_le_load + +.globl SHA3_absorb +.type SHA3_absorb,\@function +.align 5 +SHA3_absorb: + $STU $sp,-$FRAME($sp) + mflr r0 + $PUSH r14,`$FRAME-$SIZE_T*18`($sp) + $PUSH r15,`$FRAME-$SIZE_T*17`($sp) + $PUSH r16,`$FRAME-$SIZE_T*16`($sp) + $PUSH r17,`$FRAME-$SIZE_T*15`($sp) + $PUSH r18,`$FRAME-$SIZE_T*14`($sp) + $PUSH r19,`$FRAME-$SIZE_T*13`($sp) + $PUSH r20,`$FRAME-$SIZE_T*12`($sp) + $PUSH r21,`$FRAME-$SIZE_T*11`($sp) + $PUSH r22,`$FRAME-$SIZE_T*10`($sp) + $PUSH r23,`$FRAME-$SIZE_T*9`($sp) + $PUSH r24,`$FRAME-$SIZE_T*8`($sp) + $PUSH r25,`$FRAME-$SIZE_T*7`($sp) + $PUSH r26,`$FRAME-$SIZE_T*6`($sp) + $PUSH r27,`$FRAME-$SIZE_T*5`($sp) + $PUSH r28,`$FRAME-$SIZE_T*4`($sp) + $PUSH r29,`$FRAME-$SIZE_T*3`($sp) + $PUSH r30,`$FRAME-$SIZE_T*2`($sp) + $PUSH r31,`$FRAME-$SIZE_T*1`($sp) + $PUSH r0,`$FRAME+$LRSAVE`($sp) + + bl PICmeup + subi r4,r4,1 ; prepare for lbzu + subi r12,r12,8 ; prepare for ldu + + $PUSH r3,`$LOCALS+0*$SIZE_T`($sp) ; save A[][] + $PUSH r4,`$LOCALS+1*$SIZE_T`($sp) ; save inp + $PUSH r5,`$LOCALS+2*$SIZE_T`($sp) ; save len + $PUSH r6,`$LOCALS+3*$SIZE_T`($sp) ; save bsz + mr r0,r6 + $PUSH r12,`$LOCALS+4*$SIZE_T`($sp) + + ld $A[0][0],`8*0`(r3) ; load A[5][5] + ld $A[0][1],`8*1`(r3) + ld $A[0][2],`8*2`(r3) + ld $A[0][3],`8*3`(r3) + ld $A[0][4],`8*4`(r3) + ld $A[1][0],`8*5`(r3) + ld $A[1][1],`8*6`(r3) + ld $A[1][2],`8*7`(r3) + ld $A[1][3],`8*8`(r3) + ld $A[1][4],`8*9`(r3) + ld $A[2][0],`8*10`(r3) + ld $A[2][1],`8*11`(r3) + ld $A[2][2],`8*12`(r3) + ld $A[2][3],`8*13`(r3) + ld $A[2][4],`8*14`(r3) + ld $A[3][0],`8*15`(r3) + ld $A[3][1],`8*16`(r3) + ld $A[3][2],`8*17`(r3) + ld $A[3][3],`8*18`(r3) + ld $A[3][4],`8*19`(r3) + ld $A[4][0],`8*20`(r3) + ld $A[4][1],`8*21`(r3) + ld $A[4][2],`8*22`(r3) + ld $A[4][3],`8*23`(r3) + ld $A[4][4],`8*24`(r3) + + mr r3,r4 + mr r4,r5 + mr r5,r0 + + b .Loop_absorb + +.align 4 +.Loop_absorb: + $UCMP r4,r5 ; len < bsz? + blt .Labsorbed + + sub r4,r4,r5 ; len -= bsz + srwi r5,r5,3 + $PUSH r4,`$LOCALS+2*$SIZE_T`($sp) ; save len + mtctr r5 + bl dword_le_load ; *inp++ + xor $A[0][0],$A[0][0],r0 + bdz .Lprocess_block + bl dword_le_load ; *inp++ + xor $A[0][1],$A[0][1],r0 + bdz .Lprocess_block + bl dword_le_load ; *inp++ + xor $A[0][2],$A[0][2],r0 + bdz .Lprocess_block + bl dword_le_load ; *inp++ + xor $A[0][3],$A[0][3],r0 + bdz .Lprocess_block + bl dword_le_load ; *inp++ + xor $A[0][4],$A[0][4],r0 + bdz .Lprocess_block + bl dword_le_load ; *inp++ + xor $A[1][0],$A[1][0],r0 + bdz .Lprocess_block + bl dword_le_load ; *inp++ + xor $A[1][1],$A[1][1],r0 + bdz .Lprocess_block + bl dword_le_load ; *inp++ + xor $A[1][2],$A[1][2],r0 + bdz .Lprocess_block + bl dword_le_load ; *inp++ + xor $A[1][3],$A[1][3],r0 + bdz .Lprocess_block + bl dword_le_load ; *inp++ + xor $A[1][4],$A[1][4],r0 + bdz .Lprocess_block + bl dword_le_load ; *inp++ + xor $A[2][0],$A[2][0],r0 + bdz .Lprocess_block + bl dword_le_load ; *inp++ + xor $A[2][1],$A[2][1],r0 + bdz .Lprocess_block + bl dword_le_load ; *inp++ + xor $A[2][2],$A[2][2],r0 + bdz .Lprocess_block + bl dword_le_load ; *inp++ + xor $A[2][3],$A[2][3],r0 + bdz .Lprocess_block + bl dword_le_load ; *inp++ + xor $A[2][4],$A[2][4],r0 + bdz .Lprocess_block + bl dword_le_load ; *inp++ + xor $A[3][0],$A[3][0],r0 + bdz .Lprocess_block + bl dword_le_load ; *inp++ + xor $A[3][1],$A[3][1],r0 + bdz .Lprocess_block + bl dword_le_load ; *inp++ + xor $A[3][2],$A[3][2],r0 + bdz .Lprocess_block + bl dword_le_load ; *inp++ + xor $A[3][3],$A[3][3],r0 + bdz .Lprocess_block + bl dword_le_load ; *inp++ + xor $A[3][4],$A[3][4],r0 + bdz .Lprocess_block + bl dword_le_load ; *inp++ + xor $A[4][0],$A[4][0],r0 + bdz .Lprocess_block + bl dword_le_load ; *inp++ + xor $A[4][1],$A[4][1],r0 + bdz .Lprocess_block + bl dword_le_load ; *inp++ + xor $A[4][2],$A[4][2],r0 + bdz .Lprocess_block + bl dword_le_load ; *inp++ + xor $A[4][3],$A[4][3],r0 + bdz .Lprocess_block + bl dword_le_load ; *inp++ + xor $A[4][4],$A[4][4],r0 + +.Lprocess_block: + $PUSH r3,`$LOCALS+1*$SIZE_T`($sp) ; save inp + + bl KeccakF1600_int + + $POP r0,`$LOCALS+4*$SIZE_T`($sp) ; pull iotas[24] + $POP r5,`$LOCALS+3*$SIZE_T`($sp) ; restore bsz + $POP r4,`$LOCALS+2*$SIZE_T`($sp) ; restore len + $POP r3,`$LOCALS+1*$SIZE_T`($sp) ; restore inp + addic r0,r0,`-8*24` ; rewind iotas + $PUSH r0,`$LOCALS+4*$SIZE_T`($sp) + + b .Loop_absorb + +.align 4 +.Labsorbed: + $POP r3,`$LOCALS+0*$SIZE_T`($sp) + std $A[0][0],`8*0`(r3) ; return A[5][5] + std $A[0][1],`8*1`(r3) + std $A[0][2],`8*2`(r3) + std $A[0][3],`8*3`(r3) + std $A[0][4],`8*4`(r3) + std $A[1][0],`8*5`(r3) + std $A[1][1],`8*6`(r3) + std $A[1][2],`8*7`(r3) + std $A[1][3],`8*8`(r3) + std $A[1][4],`8*9`(r3) + std $A[2][0],`8*10`(r3) + std $A[2][1],`8*11`(r3) + std $A[2][2],`8*12`(r3) + std $A[2][3],`8*13`(r3) + std $A[2][4],`8*14`(r3) + std $A[3][0],`8*15`(r3) + std $A[3][1],`8*16`(r3) + std $A[3][2],`8*17`(r3) + std $A[3][3],`8*18`(r3) + std $A[3][4],`8*19`(r3) + std $A[4][0],`8*20`(r3) + std $A[4][1],`8*21`(r3) + std $A[4][2],`8*22`(r3) + std $A[4][3],`8*23`(r3) + std $A[4][4],`8*24`(r3) + + mr r3,r4 ; return value + $POP r0,`$FRAME+$LRSAVE`($sp) + $POP r14,`$FRAME-$SIZE_T*18`($sp) + $POP r15,`$FRAME-$SIZE_T*17`($sp) + $POP r16,`$FRAME-$SIZE_T*16`($sp) + $POP r17,`$FRAME-$SIZE_T*15`($sp) + $POP r18,`$FRAME-$SIZE_T*14`($sp) + $POP r19,`$FRAME-$SIZE_T*13`($sp) + $POP r20,`$FRAME-$SIZE_T*12`($sp) + $POP r21,`$FRAME-$SIZE_T*11`($sp) + $POP r22,`$FRAME-$SIZE_T*10`($sp) + $POP r23,`$FRAME-$SIZE_T*9`($sp) + $POP r24,`$FRAME-$SIZE_T*8`($sp) + $POP r25,`$FRAME-$SIZE_T*7`($sp) + $POP r26,`$FRAME-$SIZE_T*6`($sp) + $POP r27,`$FRAME-$SIZE_T*5`($sp) + $POP r28,`$FRAME-$SIZE_T*4`($sp) + $POP r29,`$FRAME-$SIZE_T*3`($sp) + $POP r30,`$FRAME-$SIZE_T*2`($sp) + $POP r31,`$FRAME-$SIZE_T*1`($sp) + mtlr r0 + addi $sp,$sp,$FRAME + blr + .long 0 + .byte 0,12,4,1,0x80,18,4,0 + .long 0 +.size SHA3_absorb,.-SHA3_absorb +___ +{ +my ($A_flat,$out,$len,$bsz) = map("r$_",(28..31)); +$code.=<<___; +.globl SHA3_squeeze +.type SHA3_squeeze,\@function +.align 5 +SHA3_squeeze: + $STU $sp,`-10*$SIZE_T`($sp) + mflr r0 + $PUSH r28,`6*$SIZE_T`($sp) + $PUSH r29,`7*$SIZE_T`($sp) + $PUSH r30,`8*$SIZE_T`($sp) + $PUSH r31,`9*$SIZE_T`($sp) + $PUSH r0,`10*$SIZE_T+$LRSAVE`($sp) + + mr $A_flat,r3 + subi r3,r3,8 ; prepare for ldu + subi $out,r4,1 ; prepare for stbu + mr $len,r5 + mr $bsz,r6 + b .Loop_squeeze + +.align 4 +.Loop_squeeze: + ldu r0,8(r3) + ${UCMP}i $len,8 + blt .Lsqueeze_tail + + stbu r0,1($out) + srdi r0,r0,8 + stbu r0,1($out) + srdi r0,r0,8 + stbu r0,1($out) + srdi r0,r0,8 + stbu r0,1($out) + srdi r0,r0,8 + stbu r0,1($out) + srdi r0,r0,8 + stbu r0,1($out) + srdi r0,r0,8 + stbu r0,1($out) + srdi r0,r0,8 + stbu r0,1($out) + + subic. $len,$len,8 + beq .Lsqueeze_done + + subic. r6,r6,8 + bgt .Loop_squeeze + + mr r3,$A_flat + bl KeccakF1600 + subi r3,$A_flat,8 ; prepare for ldu + mr r6,$bsz + b .Loop_squeeze + +.align 4 +.Lsqueeze_tail: + mtctr $len +.Loop_tail: + stbu r0,1($out) + srdi r0,r0,8 + bdnz .Loop_tail + +.Lsqueeze_done: + $POP r0,`10*$SIZE_T+$LRSAVE`($sp) + $POP r28,`6*$SIZE_T`($sp) + $POP r29,`7*$SIZE_T`($sp) + $POP r30,`8*$SIZE_T`($sp) + $POP r31,`9*$SIZE_T`($sp) + mtlr r0 + addi $sp,$sp,`10*$SIZE_T` + blr + .long 0 + .byte 0,12,4,1,0x80,4,4,0 + .long 0 +.size SHA3_squeeze,.-SHA3_squeeze +___ +} + +# Ugly hack here, because PPC assembler syntax seem to vary too +# much from platforms to platform... +$code.=<<___; +.align 6 +PICmeup: + mflr r0 + bcl 20,31,\$+4 + mflr r12 ; vvvvvv "distance" between . and 1st data entry + addi r12,r12,`64-8` + mtlr r0 + blr + .long 0 + .byte 0,12,0x14,0,0,0,0,0 + .space `64-9*4` +.type iotas,\@object +iotas: + .quad 0x0000000000000001 + .quad 0x0000000000008082 + .quad 0x800000000000808a + .quad 0x8000000080008000 + .quad 0x000000000000808b + .quad 0x0000000080000001 + .quad 0x8000000080008081 + .quad 0x8000000000008009 + .quad 0x000000000000008a + .quad 0x0000000000000088 + .quad 0x0000000080008009 + .quad 0x000000008000000a + .quad 0x000000008000808b + .quad 0x800000000000008b + .quad 0x8000000000008089 + .quad 0x8000000000008003 + .quad 0x8000000000008002 + .quad 0x8000000000000080 + .quad 0x000000000000800a + .quad 0x800000008000000a + .quad 0x8000000080008081 + .quad 0x8000000000008080 + .quad 0x0000000080000001 + .quad 0x8000000080008008 +.size iotas,.-iotas +.asciz "Keccak-1600 absorb and squeeze for PPC64, CRYPTOGAMS by " +___ + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +print $code; +close STDOUT; diff --git a/deps/openssl/openssl/crypto/sha/asm/keccak1600-s390x.pl b/deps/openssl/openssl/crypto/sha/asm/keccak1600-s390x.pl new file mode 100755 index 00000000000000..1184cf233eba2e --- /dev/null +++ b/deps/openssl/openssl/crypto/sha/asm/keccak1600-s390x.pl @@ -0,0 +1,560 @@ +#!/usr/bin/env perl +# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# Keccak-1600 for s390x. +# +# June 2017. +# +# Below code is [lane complementing] KECCAK_2X implementation (see +# sha/keccak1600.c) with C[5] and D[5] held in register bank. Though +# instead of actually unrolling the loop pair-wise I simply flip +# pointers to T[][] and A[][] at the end of round. Since number of +# rounds is even, last round writes to A[][] and everything works out. +# In the nutshell it's transliteration of x86_64 module, because both +# architectures have similar capabilities/limitations. Performance +# measurement is problematic as I don't have access to an idle system. +# It looks like z13 processes one byte [out of long message] in ~14 +# cycles. At least the result is consistent with estimate based on +# amount of instruction and assumed instruction issue rate. It's ~2.5x +# faster than compiler-generated code. + +$flavour = shift; + +if ($flavour =~ /3[12]/) { + $SIZE_T=4; + $g=""; +} else { + $SIZE_T=8; + $g="g"; +} + +while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} +open STDOUT,">$output"; + +my @A = map([ 8*$_, 8*($_+1), 8*($_+2), 8*($_+3), 8*($_+4) ], (0,5,10,15,20)); + +my @C = map("%r$_",(0,1,5..7)); +my @D = map("%r$_",(8..12)); +my @T = map("%r$_",(13..14)); +my ($src,$dst,$iotas) = map("%r$_",(2..4)); +my $sp = "%r15"; + +$stdframe=16*$SIZE_T+4*8; +$frame=$stdframe+25*8; + +my @rhotates = ([ 0, 1, 62, 28, 27 ], + [ 36, 44, 6, 55, 20 ], + [ 3, 10, 43, 25, 39 ], + [ 41, 45, 15, 21, 8 ], + [ 18, 2, 61, 56, 14 ]); + +{ my @C = @C; # copy, because we mess them up... + my @D = @D; + +$code.=<<___; +.text + +.type __KeccakF1600,\@function +.align 32 +__KeccakF1600: + st${g} %r14,$SIZE_T*14($sp) + lg @C[0],$A[4][0]($src) + lg @C[1],$A[4][1]($src) + lg @C[2],$A[4][2]($src) + lg @C[3],$A[4][3]($src) + lg @C[4],$A[4][4]($src) + larl $iotas,iotas + j .Loop + +.align 16 +.Loop: + lg @D[0],$A[0][0]($src) + lg @D[1],$A[1][1]($src) + lg @D[2],$A[2][2]($src) + lg @D[3],$A[3][3]($src) + + xgr @C[0],@D[0] + xg @C[1],$A[0][1]($src) + xg @C[2],$A[0][2]($src) + xg @C[3],$A[0][3]($src) + lgr @D[4],@C[4] + xg @C[4],$A[0][4]($src) + + xg @C[0],$A[1][0]($src) + xgr @C[1],@D[1] + xg @C[2],$A[1][2]($src) + xg @C[3],$A[1][3]($src) + xg @C[4],$A[1][4]($src) + + xg @C[0],$A[2][0]($src) + xg @C[1],$A[2][1]($src) + xgr @C[2],@D[2] + xg @C[3],$A[2][3]($src) + xg @C[4],$A[2][4]($src) + + xg @C[0],$A[3][0]($src) + xg @C[1],$A[3][1]($src) + xg @C[2],$A[3][2]($src) + xgr @C[3],@D[3] + xg @C[4],$A[3][4]($src) + + lgr @T[0],@C[2] + rllg @C[2],@C[2],1 + xgr @C[2],@C[0] # D[1] = ROL64(C[2], 1) ^ C[0] + + rllg @C[0],@C[0],1 + xgr @C[0],@C[3] # D[4] = ROL64(C[0], 1) ^ C[3] + + rllg @C[3],@C[3],1 + xgr @C[3],@C[1] # D[2] = ROL64(C[3], 1) ^ C[1] + + rllg @C[1],@C[1],1 + xgr @C[1],@C[4] # D[0] = ROL64(C[1], 1) ^ C[4] + + rllg @C[4],@C[4],1 + xgr @C[4],@T[0] # D[3] = ROL64(C[4], 1) ^ C[2] +___ + (@D[0..4], @C) = (@C[1..4,0], @D); +$code.=<<___; + xgr @C[1],@D[1] + xgr @C[2],@D[2] + xgr @C[3],@D[3] + rllg @C[1],@C[1],$rhotates[1][1] + xgr @C[4],@D[4] + rllg @C[2],@C[2],$rhotates[2][2] + xgr @C[0],@D[0] + + lgr @T[0],@C[1] + ogr @C[1],@C[2] + rllg @C[3],@C[3],$rhotates[3][3] + xgr @C[1],@C[0] # C[0] ^ ( C[1] | C[2]) + rllg @C[4],@C[4],$rhotates[4][4] + xg @C[1],0($iotas) + la $iotas,8($iotas) + stg @C[1],$A[0][0]($dst) # R[0][0] = C[0] ^ ( C[1] | C[2]) ^ iotas[i] + + lgr @T[1],@C[4] + ngr @C[4],@C[3] + lghi @C[1],-1 # no 'not' instruction :-( + xgr @C[4],@C[2] # C[2] ^ ( C[4] & C[3]) + xgr @C[2],@C[1] # not @C[2] + stg @C[4],$A[0][2]($dst) # R[0][2] = C[2] ^ ( C[4] & C[3]) + ogr @C[2],@C[3] + xgr @C[2],@T[0] # C[1] ^ (~C[2] | C[3]) + + ngr @T[0],@C[0] + stg @C[2],$A[0][1]($dst) # R[0][1] = C[1] ^ (~C[2] | C[3]) + xgr @T[0],@T[1] # C[4] ^ ( C[1] & C[0]) + ogr @T[1],@C[0] + stg @T[0],$A[0][4]($dst) # R[0][4] = C[4] ^ ( C[1] & C[0]) + xgr @T[1],@C[3] # C[3] ^ ( C[4] | C[0]) + stg @T[1],$A[0][3]($dst) # R[0][3] = C[3] ^ ( C[4] | C[0]) + + + lg @C[0],$A[0][3]($src) + lg @C[4],$A[4][2]($src) + lg @C[3],$A[3][1]($src) + lg @C[1],$A[1][4]($src) + lg @C[2],$A[2][0]($src) + + xgr @C[0],@D[3] + xgr @C[4],@D[2] + rllg @C[0],@C[0],$rhotates[0][3] + xgr @C[3],@D[1] + rllg @C[4],@C[4],$rhotates[4][2] + xgr @C[1],@D[4] + rllg @C[3],@C[3],$rhotates[3][1] + xgr @C[2],@D[0] + + lgr @T[0],@C[0] + ogr @C[0],@C[4] + rllg @C[1],@C[1],$rhotates[1][4] + xgr @C[0],@C[3] # C[3] ^ (C[0] | C[4]) + rllg @C[2],@C[2],$rhotates[2][0] + stg @C[0],$A[1][3]($dst) # R[1][3] = C[3] ^ (C[0] | C[4]) + + lgr @T[1],@C[1] + ngr @C[1],@T[0] + lghi @C[0],-1 # no 'not' instruction :-( + xgr @C[1],@C[4] # C[4] ^ (C[1] & C[0]) + xgr @C[4],@C[0] # not @C[4] + stg @C[1],$A[1][4]($dst) # R[1][4] = C[4] ^ (C[1] & C[0]) + + ogr @C[4],@C[3] + xgr @C[4],@C[2] # C[2] ^ (~C[4] | C[3]) + + ngr @C[3],@C[2] + stg @C[4],$A[1][2]($dst) # R[1][2] = C[2] ^ (~C[4] | C[3]) + xgr @C[3],@T[1] # C[1] ^ (C[3] & C[2]) + ogr @T[1],@C[2] + stg @C[3],$A[1][1]($dst) # R[1][1] = C[1] ^ (C[3] & C[2]) + xgr @T[1],@T[0] # C[0] ^ (C[1] | C[2]) + stg @T[1],$A[1][0]($dst) # R[1][0] = C[0] ^ (C[1] | C[2]) + + + lg @C[2],$A[2][3]($src) + lg @C[3],$A[3][4]($src) + lg @C[1],$A[1][2]($src) + lg @C[4],$A[4][0]($src) + lg @C[0],$A[0][1]($src) + + xgr @C[2],@D[3] + xgr @C[3],@D[4] + rllg @C[2],@C[2],$rhotates[2][3] + xgr @C[1],@D[2] + rllg @C[3],@C[3],$rhotates[3][4] + xgr @C[4],@D[0] + rllg @C[1],@C[1],$rhotates[1][2] + xgr @C[0],@D[1] + + lgr @T[0],@C[2] + ngr @C[2],@C[3] + rllg @C[4],@C[4],$rhotates[4][0] + xgr @C[2],@C[1] # C[1] ^ ( C[2] & C[3]) + lghi @T[1],-1 # no 'not' instruction :-( + stg @C[2],$A[2][1]($dst) # R[2][1] = C[1] ^ ( C[2] & C[3]) + + xgr @C[3],@T[1] # not @C[3] + lgr @T[1],@C[4] + ngr @C[4],@C[3] + rllg @C[0],@C[0],$rhotates[0][1] + xgr @C[4],@T[0] # C[2] ^ ( C[4] & ~C[3]) + ogr @T[0],@C[1] + stg @C[4],$A[2][2]($dst) # R[2][2] = C[2] ^ ( C[4] & ~C[3]) + xgr @T[0],@C[0] # C[0] ^ ( C[2] | C[1]) + + ngr @C[1],@C[0] + stg @T[0],$A[2][0]($dst) # R[2][0] = C[0] ^ ( C[2] | C[1]) + xgr @C[1],@T[1] # C[4] ^ ( C[1] & C[0]) + ogr @C[0],@T[1] + stg @C[1],$A[2][4]($dst) # R[2][4] = C[4] ^ ( C[1] & C[0]) + xgr @C[0],@C[3] # ~C[3] ^ ( C[0] | C[4]) + stg @C[0],$A[2][3]($dst) # R[2][3] = ~C[3] ^ ( C[0] | C[4]) + + + lg @C[2],$A[2][1]($src) + lg @C[3],$A[3][2]($src) + lg @C[1],$A[1][0]($src) + lg @C[4],$A[4][3]($src) + lg @C[0],$A[0][4]($src) + + xgr @C[2],@D[1] + xgr @C[3],@D[2] + rllg @C[2],@C[2],$rhotates[2][1] + xgr @C[1],@D[0] + rllg @C[3],@C[3],$rhotates[3][2] + xgr @C[4],@D[3] + rllg @C[1],@C[1],$rhotates[1][0] + xgr @C[0],@D[4] + rllg @C[4],@C[4],$rhotates[4][3] + + lgr @T[0],@C[2] + ogr @C[2],@C[3] + lghi @T[1],-1 # no 'not' instruction :-( + xgr @C[2],@C[1] # C[1] ^ ( C[2] | C[3]) + xgr @C[3],@T[1] # not @C[3] + stg @C[2],$A[3][1]($dst) # R[3][1] = C[1] ^ ( C[2] | C[3]) + + lgr @T[1],@C[4] + ogr @C[4],@C[3] + rllg @C[0],@C[0],$rhotates[0][4] + xgr @C[4],@T[0] # C[2] ^ ( C[4] | ~C[3]) + ngr @T[0],@C[1] + stg @C[4],$A[3][2]($dst) # R[3][2] = C[2] ^ ( C[4] | ~C[3]) + xgr @T[0],@C[0] # C[0] ^ ( C[2] & C[1]) + + ogr @C[1],@C[0] + stg @T[0],$A[3][0]($dst) # R[3][0] = C[0] ^ ( C[2] & C[1]) + xgr @C[1],@T[1] # C[4] ^ ( C[1] | C[0]) + ngr @C[0],@T[1] + stg @C[1],$A[3][4]($dst) # R[3][4] = C[4] ^ ( C[1] | C[0]) + xgr @C[0],@C[3] # ~C[3] ^ ( C[0] & C[4]) + stg @C[0],$A[3][3]($dst) # R[3][3] = ~C[3] ^ ( C[0] & C[4]) + + + xg @D[2],$A[0][2]($src) + xg @D[3],$A[1][3]($src) + xg @D[1],$A[4][1]($src) + xg @D[4],$A[2][4]($src) + xgr $dst,$src # xchg $dst,$src + rllg @D[2],@D[2],$rhotates[0][2] + xg @D[0],$A[3][0]($src) + rllg @D[3],@D[3],$rhotates[1][3] + xgr $src,$dst + rllg @D[1],@D[1],$rhotates[4][1] + xgr $dst,$src + rllg @D[4],@D[4],$rhotates[2][4] +___ + @C = @D[2..4,0,1]; +$code.=<<___; + lgr @T[0],@C[0] + ngr @C[0],@C[1] + lghi @T[1],-1 # no 'not' instruction :-( + xgr @C[0],@C[4] # C[4] ^ ( C[0] & C[1]) + xgr @C[1],@T[1] # not @C[1] + stg @C[0],$A[4][4]($src) # R[4][4] = C[4] ^ ( C[0] & C[1]) + + lgr @T[1],@C[2] + ngr @C[2],@C[1] + rllg @D[0],@D[0],$rhotates[3][0] + xgr @C[2],@T[0] # C[0] ^ ( C[2] & ~C[1]) + ogr @T[0],@C[4] + stg @C[2],$A[4][0]($src) # R[4][0] = C[0] ^ ( C[2] & ~C[1]) + xgr @T[0],@C[3] # C[3] ^ ( C[0] | C[4]) + + ngr @C[4],@C[3] + stg @T[0],$A[4][3]($src) # R[4][3] = C[3] ^ ( C[0] | C[4]) + xgr @C[4],@T[1] # C[2] ^ ( C[4] & C[3]) + ogr @C[3],@T[1] + stg @C[4],$A[4][2]($src) # R[4][2] = C[2] ^ ( C[4] & C[3]) + xgr @C[3],@C[1] # ~C[1] ^ ( C[2] | C[3]) + + lgr @C[1],@C[0] # harmonize with the loop top + lgr @C[0],@T[0] + stg @C[3],$A[4][1]($src) # R[4][1] = ~C[1] ^ ( C[2] | C[3]) + + tmll $iotas,255 + jnz .Loop + + l${g} %r14,$SIZE_T*14($sp) + br %r14 +.size __KeccakF1600,.-__KeccakF1600 +___ +} +{ +$code.=<<___; +.type KeccakF1600,\@function +.align 32 +KeccakF1600: +.LKeccakF1600: + lghi %r1,-$frame + stm${g} %r6,%r15,$SIZE_T*6($sp) + lgr %r0,$sp + la $sp,0(%r1,$sp) + st${g} %r0,0($sp) + + lghi @D[0],-1 # no 'not' instruction :-( + lghi @D[1],-1 + lghi @D[2],-1 + lghi @D[3],-1 + lghi @D[4],-1 + lghi @T[0],-1 + xg @D[0],$A[0][1]($src) + xg @D[1],$A[0][2]($src) + xg @D[2],$A[1][3]($src) + xg @D[3],$A[2][2]($src) + xg @D[4],$A[3][2]($src) + xg @T[0],$A[4][0]($src) + stmg @D[0],@D[1],$A[0][1]($src) + stg @D[2],$A[1][3]($src) + stg @D[3],$A[2][2]($src) + stg @D[4],$A[3][2]($src) + stg @T[0],$A[4][0]($src) + + la $dst,$stdframe($sp) + + bras %r14,__KeccakF1600 + + lghi @D[0],-1 # no 'not' instruction :-( + lghi @D[1],-1 + lghi @D[2],-1 + lghi @D[3],-1 + lghi @D[4],-1 + lghi @T[0],-1 + xg @D[0],$A[0][1]($src) + xg @D[1],$A[0][2]($src) + xg @D[2],$A[1][3]($src) + xg @D[3],$A[2][2]($src) + xg @D[4],$A[3][2]($src) + xg @T[0],$A[4][0]($src) + stmg @D[0],@D[1],$A[0][1]($src) + stg @D[2],$A[1][3]($src) + stg @D[3],$A[2][2]($src) + stg @D[4],$A[3][2]($src) + stg @T[0],$A[4][0]($src) + + lm${g} %r6,%r15,$frame+6*$SIZE_T($sp) + br %r14 +.size KeccakF1600,.-KeccakF1600 +___ +} +{ my ($A_flat,$inp,$len,$bsz) = map("%r$_",(2..5)); + +$code.=<<___; +.globl SHA3_absorb +.type SHA3_absorb,\@function +.align 32 +SHA3_absorb: + lghi %r1,-$frame + stm${g} %r5,%r15,$SIZE_T*5($sp) + lgr %r0,$sp + la $sp,0(%r1,$sp) + st${g} %r0,0($sp) + + lghi @D[0],-1 # no 'not' instruction :-( + lghi @D[1],-1 + lghi @D[2],-1 + lghi @D[3],-1 + lghi @D[4],-1 + lghi @T[0],-1 + xg @D[0],$A[0][1]($src) + xg @D[1],$A[0][2]($src) + xg @D[2],$A[1][3]($src) + xg @D[3],$A[2][2]($src) + xg @D[4],$A[3][2]($src) + xg @T[0],$A[4][0]($src) + stmg @D[0],@D[1],$A[0][1]($src) + stg @D[2],$A[1][3]($src) + stg @D[3],$A[2][2]($src) + stg @D[4],$A[3][2]($src) + stg @T[0],$A[4][0]($src) + +.Loop_absorb: + cl${g}r $len,$bsz + jl .Ldone_absorb + + srl${g} $bsz,3 + la %r1,0($A_flat) + +.Lblock_absorb: + lrvg %r0,0($inp) + la $inp,8($inp) + xg %r0,0(%r1) + a${g}hi $len,-8 + stg %r0,0(%r1) + la %r1,8(%r1) + brct $bsz,.Lblock_absorb + + stm${g} $inp,$len,$frame+3*$SIZE_T($sp) + la $dst,$stdframe($sp) + bras %r14,__KeccakF1600 + lm${g} $inp,$bsz,$frame+3*$SIZE_T($sp) + j .Loop_absorb + +.align 16 +.Ldone_absorb: + lghi @D[0],-1 # no 'not' instruction :-( + lghi @D[1],-1 + lghi @D[2],-1 + lghi @D[3],-1 + lghi @D[4],-1 + lghi @T[0],-1 + xg @D[0],$A[0][1]($src) + xg @D[1],$A[0][2]($src) + xg @D[2],$A[1][3]($src) + xg @D[3],$A[2][2]($src) + xg @D[4],$A[3][2]($src) + xg @T[0],$A[4][0]($src) + stmg @D[0],@D[1],$A[0][1]($src) + stg @D[2],$A[1][3]($src) + stg @D[3],$A[2][2]($src) + stg @D[4],$A[3][2]($src) + stg @T[0],$A[4][0]($src) + + lgr %r2,$len # return value + + lm${g} %r6,%r15,$frame+6*$SIZE_T($sp) + br %r14 +.size SHA3_absorb,.-SHA3_absorb +___ +} +{ my ($A_flat,$out,$len,$bsz) = map("%r$_",(2..5)); + +$code.=<<___; +.globl SHA3_squeeze +.type SHA3_squeeze,\@function +.align 32 +SHA3_squeeze: + srl${g} $bsz,3 + st${g} %r14,2*$SIZE_T($sp) + lghi %r14,8 + st${g} $bsz,5*$SIZE_T($sp) + la %r1,0($A_flat) + + j .Loop_squeeze + +.align 16 +.Loop_squeeze: + cl${g}r $len,%r14 + jl .Ltail_squeeze + + lrvg %r0,0(%r1) + la %r1,8(%r1) + stg %r0,0($out) + la $out,8($out) + a${g}hi $len,-8 # len -= 8 + jz .Ldone_squeeze + + brct $bsz,.Loop_squeeze # bsz-- + + stm${g} $out,$len,3*$SIZE_T($sp) + bras %r14,.LKeccakF1600 + lm${g} $out,$bsz,3*$SIZE_T($sp) + lghi %r14,8 + la %r1,0($A_flat) + j .Loop_squeeze + +.Ltail_squeeze: + lg %r0,0(%r1) +.Loop_tail_squeeze: + stc %r0,0($out) + la $out,1($out) + srlg %r0,8 + brct $len,.Loop_tail_squeeze + +.Ldone_squeeze: + l${g} %r14,2*$SIZE_T($sp) + br %r14 +.size SHA3_squeeze,.-SHA3_squeeze +___ +} +$code.=<<___; +.align 256 + .quad 0,0,0,0,0,0,0,0 +.type iotas,\@object +iotas: + .quad 0x0000000000000001 + .quad 0x0000000000008082 + .quad 0x800000000000808a + .quad 0x8000000080008000 + .quad 0x000000000000808b + .quad 0x0000000080000001 + .quad 0x8000000080008081 + .quad 0x8000000000008009 + .quad 0x000000000000008a + .quad 0x0000000000000088 + .quad 0x0000000080008009 + .quad 0x000000008000000a + .quad 0x000000008000808b + .quad 0x800000000000008b + .quad 0x8000000000008089 + .quad 0x8000000000008003 + .quad 0x8000000000008002 + .quad 0x8000000000000080 + .quad 0x000000000000800a + .quad 0x800000008000000a + .quad 0x8000000080008081 + .quad 0x8000000000008080 + .quad 0x0000000080000001 + .quad 0x8000000080008008 +.size iotas,.-iotas +.asciz "Keccak-1600 absorb and squeeze for s390x, CRYPTOGAMS by " +___ + +# unlike 32-bit shift 64-bit one takes three arguments +$code =~ s/(srlg\s+)(%r[0-9]+),/$1$2,$2,/gm; + +print $code; +close STDOUT; diff --git a/deps/openssl/openssl/crypto/sha/asm/keccak1600-x86_64.pl b/deps/openssl/openssl/crypto/sha/asm/keccak1600-x86_64.pl new file mode 100755 index 00000000000000..42de5bf123447f --- /dev/null +++ b/deps/openssl/openssl/crypto/sha/asm/keccak1600-x86_64.pl @@ -0,0 +1,607 @@ +#!/usr/bin/env perl +# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# Keccak-1600 for x86_64. +# +# June 2017. +# +# Below code is [lane complementing] KECCAK_2X implementation (see +# sha/keccak1600.c) with C[5] and D[5] held in register bank. Though +# instead of actually unrolling the loop pair-wise I simply flip +# pointers to T[][] and A[][] at the end of round. Since number of +# rounds is even, last round writes to A[][] and everything works out. +# How does it compare to x86_64 assembly module in Keccak Code Package? +# Depending on processor it's either as fast or faster by up to 15%... +# +######################################################################## +# Numbers are cycles per processed byte out of large message. +# +# r=1088(*) +# +# P4 25.8 +# Core 2 12.9 +# Westmere 13.7 +# Sandy Bridge 12.9(**) +# Haswell 9.6 +# Skylake 9.4 +# Silvermont 22.8 +# Goldmont 15.8 +# VIA Nano 17.3 +# Sledgehammer 13.3 +# Bulldozer 16.5 +# Ryzen 8.8 +# +# (*) Corresponds to SHA3-256. Improvement over compiler-generate +# varies a lot, most commont coefficient is 15% in comparison to +# gcc-5.x, 50% for gcc-4.x, 90% for gcc-3.x. +# (**) Sandy Bridge has broken rotate instruction. Performance can be +# improved by 14% by replacing rotates with double-precision +# shift with same register as source and destination. + +$flavour = shift; +$output = shift; +if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } + +$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or +die "can't locate x86_64-xlate.pl"; + +open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\""; +*STDOUT=*OUT; + +my @A = map([ 8*$_-100, 8*($_+1)-100, 8*($_+2)-100, + 8*($_+3)-100, 8*($_+4)-100 ], (0,5,10,15,20)); + +my @C = ("%rax","%rbx","%rcx","%rdx","%rbp"); +my @D = map("%r$_",(8..12)); +my @T = map("%r$_",(13..14)); +my $iotas = "%r15"; + +my @rhotates = ([ 0, 1, 62, 28, 27 ], + [ 36, 44, 6, 55, 20 ], + [ 3, 10, 43, 25, 39 ], + [ 41, 45, 15, 21, 8 ], + [ 18, 2, 61, 56, 14 ]); + +$code.=<<___; +.text + +.type __KeccakF1600,\@abi-omnipotent +.align 32 +__KeccakF1600: + mov $A[4][0](%rdi),@C[0] + mov $A[4][1](%rdi),@C[1] + mov $A[4][2](%rdi),@C[2] + mov $A[4][3](%rdi),@C[3] + mov $A[4][4](%rdi),@C[4] + jmp .Loop + +.align 32 +.Loop: + mov $A[0][0](%rdi),@D[0] + mov $A[1][1](%rdi),@D[1] + mov $A[2][2](%rdi),@D[2] + mov $A[3][3](%rdi),@D[3] + + xor $A[0][2](%rdi),@C[2] + xor $A[0][3](%rdi),@C[3] + xor @D[0], @C[0] + xor $A[0][1](%rdi),@C[1] + xor $A[1][2](%rdi),@C[2] + xor $A[1][0](%rdi),@C[0] + mov @C[4],@D[4] + xor $A[0][4](%rdi),@C[4] + + xor @D[2], @C[2] + xor $A[2][0](%rdi),@C[0] + xor $A[1][3](%rdi),@C[3] + xor @D[1], @C[1] + xor $A[1][4](%rdi),@C[4] + + xor $A[3][2](%rdi),@C[2] + xor $A[3][0](%rdi),@C[0] + xor $A[2][3](%rdi),@C[3] + xor $A[2][1](%rdi),@C[1] + xor $A[2][4](%rdi),@C[4] + + mov @C[2],@T[0] + rol \$1,@C[2] + xor @C[0],@C[2] # D[1] = ROL64(C[2], 1) ^ C[0] + xor @D[3], @C[3] + + rol \$1,@C[0] + xor @C[3],@C[0] # D[4] = ROL64(C[0], 1) ^ C[3] + xor $A[3][1](%rdi),@C[1] + + rol \$1,@C[3] + xor @C[1],@C[3] # D[2] = ROL64(C[3], 1) ^ C[1] + xor $A[3][4](%rdi),@C[4] + + rol \$1,@C[1] + xor @C[4],@C[1] # D[0] = ROL64(C[1], 1) ^ C[4] + + rol \$1,@C[4] + xor @T[0],@C[4] # D[3] = ROL64(C[4], 1) ^ C[2] +___ + (@D[0..4], @C) = (@C[1..4,0], @D); +$code.=<<___; + xor @D[1],@C[1] + xor @D[2],@C[2] + rol \$$rhotates[1][1],@C[1] + xor @D[3],@C[3] + xor @D[4],@C[4] + rol \$$rhotates[2][2],@C[2] + xor @D[0],@C[0] + mov @C[1],@T[0] + rol \$$rhotates[3][3],@C[3] + or @C[2],@C[1] + xor @C[0],@C[1] # C[0] ^ ( C[1] | C[2]) + rol \$$rhotates[4][4],@C[4] + + xor ($iotas),@C[1] + lea 8($iotas),$iotas + + mov @C[4],@T[1] + and @C[3],@C[4] + mov @C[1],$A[0][0](%rsi) # R[0][0] = C[0] ^ ( C[1] | C[2]) ^ iotas[i] + xor @C[2],@C[4] # C[2] ^ ( C[4] & C[3]) + not @C[2] + mov @C[4],$A[0][2](%rsi) # R[0][2] = C[2] ^ ( C[4] & C[3]) + + or @C[3],@C[2] + mov $A[4][2](%rdi),@C[4] + xor @T[0],@C[2] # C[1] ^ (~C[2] | C[3]) + mov @C[2],$A[0][1](%rsi) # R[0][1] = C[1] ^ (~C[2] | C[3]) + + and @C[0],@T[0] + mov $A[1][4](%rdi),@C[1] + xor @T[1],@T[0] # C[4] ^ ( C[1] & C[0]) + mov $A[2][0](%rdi),@C[2] + mov @T[0],$A[0][4](%rsi) # R[0][4] = C[4] ^ ( C[1] & C[0]) + + or @C[0],@T[1] + mov $A[0][3](%rdi),@C[0] + xor @C[3],@T[1] # C[3] ^ ( C[4] | C[0]) + mov $A[3][1](%rdi),@C[3] + mov @T[1],$A[0][3](%rsi) # R[0][3] = C[3] ^ ( C[4] | C[0]) + + + xor @D[3],@C[0] + xor @D[2],@C[4] + rol \$$rhotates[0][3],@C[0] + xor @D[1],@C[3] + xor @D[4],@C[1] + rol \$$rhotates[4][2],@C[4] + rol \$$rhotates[3][1],@C[3] + xor @D[0],@C[2] + rol \$$rhotates[1][4],@C[1] + mov @C[0],@T[0] + or @C[4],@C[0] + rol \$$rhotates[2][0],@C[2] + + xor @C[3],@C[0] # C[3] ^ (C[0] | C[4]) + mov @C[0],$A[1][3](%rsi) # R[1][3] = C[3] ^ (C[0] | C[4]) + + mov @C[1],@T[1] + and @T[0],@C[1] + mov $A[0][1](%rdi),@C[0] + xor @C[4],@C[1] # C[4] ^ (C[1] & C[0]) + not @C[4] + mov @C[1],$A[1][4](%rsi) # R[1][4] = C[4] ^ (C[1] & C[0]) + + or @C[3],@C[4] + mov $A[1][2](%rdi),@C[1] + xor @C[2],@C[4] # C[2] ^ (~C[4] | C[3]) + mov @C[4],$A[1][2](%rsi) # R[1][2] = C[2] ^ (~C[4] | C[3]) + + and @C[2],@C[3] + mov $A[4][0](%rdi),@C[4] + xor @T[1],@C[3] # C[1] ^ (C[3] & C[2]) + mov @C[3],$A[1][1](%rsi) # R[1][1] = C[1] ^ (C[3] & C[2]) + + or @C[2],@T[1] + mov $A[2][3](%rdi),@C[2] + xor @T[0],@T[1] # C[0] ^ (C[1] | C[2]) + mov $A[3][4](%rdi),@C[3] + mov @T[1],$A[1][0](%rsi) # R[1][0] = C[0] ^ (C[1] | C[2]) + + + xor @D[3],@C[2] + xor @D[4],@C[3] + rol \$$rhotates[2][3],@C[2] + xor @D[2],@C[1] + rol \$$rhotates[3][4],@C[3] + xor @D[0],@C[4] + rol \$$rhotates[1][2],@C[1] + xor @D[1],@C[0] + rol \$$rhotates[4][0],@C[4] + mov @C[2],@T[0] + and @C[3],@C[2] + rol \$$rhotates[0][1],@C[0] + + not @C[3] + xor @C[1],@C[2] # C[1] ^ ( C[2] & C[3]) + mov @C[2],$A[2][1](%rsi) # R[2][1] = C[1] ^ ( C[2] & C[3]) + + mov @C[4],@T[1] + and @C[3],@C[4] + mov $A[2][1](%rdi),@C[2] + xor @T[0],@C[4] # C[2] ^ ( C[4] & ~C[3]) + mov @C[4],$A[2][2](%rsi) # R[2][2] = C[2] ^ ( C[4] & ~C[3]) + + or @C[1],@T[0] + mov $A[4][3](%rdi),@C[4] + xor @C[0],@T[0] # C[0] ^ ( C[2] | C[1]) + mov @T[0],$A[2][0](%rsi) # R[2][0] = C[0] ^ ( C[2] | C[1]) + + and @C[0],@C[1] + xor @T[1],@C[1] # C[4] ^ ( C[1] & C[0]) + mov @C[1],$A[2][4](%rsi) # R[2][4] = C[4] ^ ( C[1] & C[0]) + + or @C[0],@T[1] + mov $A[1][0](%rdi),@C[1] + xor @C[3],@T[1] # ~C[3] ^ ( C[0] | C[4]) + mov $A[3][2](%rdi),@C[3] + mov @T[1],$A[2][3](%rsi) # R[2][3] = ~C[3] ^ ( C[0] | C[4]) + + + mov $A[0][4](%rdi),@C[0] + + xor @D[1],@C[2] + xor @D[2],@C[3] + rol \$$rhotates[2][1],@C[2] + xor @D[0],@C[1] + rol \$$rhotates[3][2],@C[3] + xor @D[3],@C[4] + rol \$$rhotates[1][0],@C[1] + xor @D[4],@C[0] + rol \$$rhotates[4][3],@C[4] + mov @C[2],@T[0] + or @C[3],@C[2] + rol \$$rhotates[0][4],@C[0] + + not @C[3] + xor @C[1],@C[2] # C[1] ^ ( C[2] | C[3]) + mov @C[2],$A[3][1](%rsi) # R[3][1] = C[1] ^ ( C[2] | C[3]) + + mov @C[4],@T[1] + or @C[3],@C[4] + xor @T[0],@C[4] # C[2] ^ ( C[4] | ~C[3]) + mov @C[4],$A[3][2](%rsi) # R[3][2] = C[2] ^ ( C[4] | ~C[3]) + + and @C[1],@T[0] + xor @C[0],@T[0] # C[0] ^ ( C[2] & C[1]) + mov @T[0],$A[3][0](%rsi) # R[3][0] = C[0] ^ ( C[2] & C[1]) + + or @C[0],@C[1] + xor @T[1],@C[1] # C[4] ^ ( C[1] | C[0]) + mov @C[1],$A[3][4](%rsi) # R[3][4] = C[4] ^ ( C[1] | C[0]) + + and @T[1],@C[0] + xor @C[3],@C[0] # ~C[3] ^ ( C[0] & C[4]) + mov @C[0],$A[3][3](%rsi) # R[3][3] = ~C[3] ^ ( C[0] & C[4]) + + + xor $A[0][2](%rdi),@D[2] + xor $A[1][3](%rdi),@D[3] + rol \$$rhotates[0][2],@D[2] + xor $A[4][1](%rdi),@D[1] + rol \$$rhotates[1][3],@D[3] + xor $A[2][4](%rdi),@D[4] + rol \$$rhotates[4][1],@D[1] + xor $A[3][0](%rdi),@D[0] + xchg %rsi,%rdi + rol \$$rhotates[2][4],@D[4] + rol \$$rhotates[3][0],@D[0] +___ + @C = @D[2..4,0,1]; +$code.=<<___; + mov @C[0],@T[0] + and @C[1],@C[0] + not @C[1] + xor @C[4],@C[0] # C[4] ^ ( C[0] & C[1]) + mov @C[0],$A[4][4](%rdi) # R[4][4] = C[4] ^ ( C[0] & C[1]) + + mov @C[2],@T[1] + and @C[1],@C[2] + xor @T[0],@C[2] # C[0] ^ ( C[2] & ~C[1]) + mov @C[2],$A[4][0](%rdi) # R[4][0] = C[0] ^ ( C[2] & ~C[1]) + + or @C[4],@T[0] + xor @C[3],@T[0] # C[3] ^ ( C[0] | C[4]) + mov @T[0],$A[4][3](%rdi) # R[4][3] = C[3] ^ ( C[0] | C[4]) + + and @C[3],@C[4] + xor @T[1],@C[4] # C[2] ^ ( C[4] & C[3]) + mov @C[4],$A[4][2](%rdi) # R[4][2] = C[2] ^ ( C[4] & C[3]) + + or @T[1],@C[3] + xor @C[1],@C[3] # ~C[1] ^ ( C[2] | C[3]) + mov @C[3],$A[4][1](%rdi) # R[4][1] = ~C[1] ^ ( C[2] | C[3]) + + mov @C[0],@C[1] # harmonize with the loop top + mov @T[0],@C[0] + + test \$255,$iotas + jnz .Loop + + lea -192($iotas),$iotas # rewind iotas + ret +.size __KeccakF1600,.-__KeccakF1600 + +.type KeccakF1600,\@abi-omnipotent +.align 32 +KeccakF1600: +.cfi_startproc + push %rbx +.cfi_push %rbx + push %rbp +.cfi_push %rbp + push %r12 +.cfi_push %r12 + push %r13 +.cfi_push %r13 + push %r14 +.cfi_push %r14 + push %r15 +.cfi_push %r15 + + lea 100(%rdi),%rdi # size optimization + sub \$200,%rsp +.cfi_adjust_cfa_offset 200 + + notq $A[0][1](%rdi) + notq $A[0][2](%rdi) + notq $A[1][3](%rdi) + notq $A[2][2](%rdi) + notq $A[3][2](%rdi) + notq $A[4][0](%rdi) + + lea iotas(%rip),$iotas + lea 100(%rsp),%rsi # size optimization + + call __KeccakF1600 + + notq $A[0][1](%rdi) + notq $A[0][2](%rdi) + notq $A[1][3](%rdi) + notq $A[2][2](%rdi) + notq $A[3][2](%rdi) + notq $A[4][0](%rdi) + lea -100(%rdi),%rdi # preserve A[][] + + add \$200,%rsp +.cfi_adjust_cfa_offset -200 + + pop %r15 +.cfi_pop %r15 + pop %r14 +.cfi_pop %r14 + pop %r13 +.cfi_pop %r13 + pop %r12 +.cfi_pop %r12 + pop %rbp +.cfi_pop %rbp + pop %rbx +.cfi_pop %rbx + ret +.cfi_endproc +.size KeccakF1600,.-KeccakF1600 +___ + +{ my ($A_flat,$inp,$len,$bsz) = ("%rdi","%rsi","%rdx","%rcx"); + ($A_flat,$inp) = ("%r8","%r9"); +$code.=<<___; +.globl SHA3_absorb +.type SHA3_absorb,\@function,4 +.align 32 +SHA3_absorb: +.cfi_startproc + push %rbx +.cfi_push %rbx + push %rbp +.cfi_push %rbp + push %r12 +.cfi_push %r12 + push %r13 +.cfi_push %r13 + push %r14 +.cfi_push %r14 + push %r15 +.cfi_push %r15 + + lea 100(%rdi),%rdi # size optimization + sub \$232,%rsp +.cfi_adjust_cfa_offset 232 + + mov %rsi,$inp + lea 100(%rsp),%rsi # size optimization + + notq $A[0][1](%rdi) + notq $A[0][2](%rdi) + notq $A[1][3](%rdi) + notq $A[2][2](%rdi) + notq $A[3][2](%rdi) + notq $A[4][0](%rdi) + lea iotas(%rip),$iotas + + mov $bsz,216-100(%rsi) # save bsz + +.Loop_absorb: + cmp $bsz,$len + jc .Ldone_absorb + + shr \$3,$bsz + lea -100(%rdi),$A_flat + +.Lblock_absorb: + mov ($inp),%rax + lea 8($inp),$inp + xor ($A_flat),%rax + lea 8($A_flat),$A_flat + sub \$8,$len + mov %rax,-8($A_flat) + sub \$1,$bsz + jnz .Lblock_absorb + + mov $inp,200-100(%rsi) # save inp + mov $len,208-100(%rsi) # save len + call __KeccakF1600 + mov 200-100(%rsi),$inp # pull inp + mov 208-100(%rsi),$len # pull len + mov 216-100(%rsi),$bsz # pull bsz + jmp .Loop_absorb + +.align 32 +.Ldone_absorb: + mov $len,%rax # return value + + notq $A[0][1](%rdi) + notq $A[0][2](%rdi) + notq $A[1][3](%rdi) + notq $A[2][2](%rdi) + notq $A[3][2](%rdi) + notq $A[4][0](%rdi) + + add \$232,%rsp +.cfi_adjust_cfa_offset -232 + + pop %r15 +.cfi_pop %r15 + pop %r14 +.cfi_pop %r14 + pop %r13 +.cfi_pop %r13 + pop %r12 +.cfi_pop %r12 + pop %rbp +.cfi_pop %rbp + pop %rbx +.cfi_pop %rbx + ret +.cfi_endproc +.size SHA3_absorb,.-SHA3_absorb +___ +} +{ my ($A_flat,$out,$len,$bsz) = ("%rdi","%rsi","%rdx","%rcx"); + ($out,$len,$bsz) = ("%r12","%r13","%r14"); + +$code.=<<___; +.globl SHA3_squeeze +.type SHA3_squeeze,\@function,4 +.align 32 +SHA3_squeeze: +.cfi_startproc + push %r12 +.cfi_push %r12 + push %r13 +.cfi_push %r13 + push %r14 +.cfi_push %r14 + + shr \$3,%rcx + mov $A_flat,%r8 + mov %rsi,$out + mov %rdx,$len + mov %rcx,$bsz + jmp .Loop_squeeze + +.align 32 +.Loop_squeeze: + cmp \$8,$len + jb .Ltail_squeeze + + mov (%r8),%rax + lea 8(%r8),%r8 + mov %rax,($out) + lea 8($out),$out + sub \$8,$len # len -= 8 + jz .Ldone_squeeze + + sub \$1,%rcx # bsz-- + jnz .Loop_squeeze + + call KeccakF1600 + mov $A_flat,%r8 + mov $bsz,%rcx + jmp .Loop_squeeze + +.Ltail_squeeze: + mov %r8, %rsi + mov $out,%rdi + mov $len,%rcx + .byte 0xf3,0xa4 # rep movsb + +.Ldone_squeeze: + pop %r14 +.cfi_pop %r14 + pop %r13 +.cfi_pop %r13 + pop %r12 +.cfi_pop %r13 + ret +.cfi_endproc +.size SHA3_squeeze,.-SHA3_squeeze +___ +} +$code.=<<___; +.align 256 + .quad 0,0,0,0,0,0,0,0 +.type iotas,\@object +iotas: + .quad 0x0000000000000001 + .quad 0x0000000000008082 + .quad 0x800000000000808a + .quad 0x8000000080008000 + .quad 0x000000000000808b + .quad 0x0000000080000001 + .quad 0x8000000080008081 + .quad 0x8000000000008009 + .quad 0x000000000000008a + .quad 0x0000000000000088 + .quad 0x0000000080008009 + .quad 0x000000008000000a + .quad 0x000000008000808b + .quad 0x800000000000008b + .quad 0x8000000000008089 + .quad 0x8000000000008003 + .quad 0x8000000000008002 + .quad 0x8000000000000080 + .quad 0x000000000000800a + .quad 0x800000008000000a + .quad 0x8000000080008081 + .quad 0x8000000000008080 + .quad 0x0000000080000001 + .quad 0x8000000080008008 +.size iotas,.-iotas +.asciz "Keccak-1600 absorb and squeeze for x86_64, CRYPTOGAMS by " +___ + +foreach (split("\n",$code)) { + # Below replacement results in 11.2 on Sandy Bridge, 9.4 on + # Haswell, but it hurts other processors by up to 2-3-4x... + #s/rol\s+(\$[0-9]+),(%[a-z][a-z0-9]+)/shld\t$1,$2,$2/; + # Below replacement results in 9.3 on Haswell [as well as + # on Ryzen, i.e. it *hurts* Ryzen]... + #s/rol\s+\$([0-9]+),(%[a-z][a-z0-9]+)/rorx\t\$64-$1,$2,$2/; + + print $_, "\n"; +} + +close STDOUT; diff --git a/deps/openssl/openssl/crypto/sha/asm/keccak1600p8-ppc.pl b/deps/openssl/openssl/crypto/sha/asm/keccak1600p8-ppc.pl new file mode 100755 index 00000000000000..de2bcd660a0926 --- /dev/null +++ b/deps/openssl/openssl/crypto/sha/asm/keccak1600p8-ppc.pl @@ -0,0 +1,850 @@ +#!/usr/bin/env perl +# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# Keccak-1600 for PowerISA 2.07. +# +# June 2017. +# +# This is straightforward KECCAK_1X_ALT SIMD implementation, but with +# disjoint Rho and Pi. The module is ABI-bitness- and endian-neutral. +# POWER8 processor spends 9.8 cycles to process byte out of large +# buffer for r=1088, which matches SHA3-256. This is 17% better than +# scalar PPC64 code. It probably should be noted that if POWER8's +# successor can achieve higher scalar instruction issue rate, then +# this module will loose... And it does on POWER9 with 12.0 vs. 9.4. + +$flavour = shift; + +if ($flavour =~ /64/) { + $SIZE_T =8; + $LRSAVE =2*$SIZE_T; + $UCMP ="cmpld"; + $STU ="stdu"; + $POP ="ld"; + $PUSH ="std"; +} elsif ($flavour =~ /32/) { + $SIZE_T =4; + $LRSAVE =$SIZE_T; + $STU ="stwu"; + $POP ="lwz"; + $PUSH ="stw"; + $UCMP ="cmplw"; +} else { die "nonsense $flavour"; } + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or +die "can't locate ppc-xlate.pl"; + +open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!"; + +$FRAME=6*$SIZE_T+13*16; # 13*16 is for v20-v31 offload + +my $sp ="r1"; + +my $iotas = "r12"; + +######################################################################## +# Register layout: +# +# v0 A[0][0] A[1][0] +# v1 A[0][1] A[1][1] +# v2 A[0][2] A[1][2] +# v3 A[0][3] A[1][3] +# v4 A[0][4] A[1][4] +# +# v5 A[2][0] A[3][0] +# v6 A[2][1] A[3][1] +# v7 A[2][2] A[3][2] +# v8 A[2][3] A[3][3] +# v9 A[2][4] A[3][4] +# +# v10 A[4][0] A[4][1] +# v11 A[4][2] A[4][3] +# v12 A[4][4] A[4][4] +# +# v13..25 rhotates[][] +# v26..31 volatile +# +$code.=<<___; +.machine "any" +.text + +.type KeccakF1600_int,\@function +.align 5 +KeccakF1600_int: + li r0,24 + mtctr r0 + li r0,0 + b .Loop + +.align 4 +.Loop: + ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Theta + vxor v26,v0, v5 ; A[0..1][0]^A[2..3][0] + vxor v27,v1, v6 ; A[0..1][1]^A[2..3][1] + vxor v28,v2, v7 ; A[0..1][2]^A[2..3][2] + vxor v29,v3, v8 ; A[0..1][3]^A[2..3][3] + vxor v30,v4, v9 ; A[0..1][4]^A[2..3][4] + vpermdi v31,v26,v27,0b00 ; A[0][0..1]^A[2][0..1] + vpermdi v26,v26,v27,0b11 ; A[1][0..1]^A[3][0..1] + vpermdi v27,v28,v29,0b00 ; A[0][2..3]^A[2][2..3] + vpermdi v28,v28,v29,0b11 ; A[1][2..3]^A[3][2..3] + vpermdi v29,v30,v30,0b10 ; A[1..0][4]^A[3..2][4] + vxor v26,v26,v31 ; C[0..1] + vxor v27,v27,v28 ; C[2..3] + vxor v28,v29,v30 ; C[4..4] + vspltisb v31,1 + vxor v26,v26,v10 ; C[0..1] ^= A[4][0..1] + vxor v27,v27,v11 ; C[2..3] ^= A[4][2..3] + vxor v28,v28,v12 ; C[4..4] ^= A[4][4..4], low! + + vrld v29,v26,v31 ; ROL64(C[0..1],1) + vrld v30,v27,v31 ; ROL64(C[2..3],1) + vrld v31,v28,v31 ; ROL64(C[4..4],1) + vpermdi v31,v31,v29,0b10 + vxor v26,v26,v30 ; C[0..1] ^= ROL64(C[2..3],1) + vxor v27,v27,v31 ; C[2..3] ^= ROL64(C[4..0],1) + vxor v28,v28,v29 ; C[4..4] ^= ROL64(C[0..1],1), low! + + vpermdi v29,v26,v26,0b00 ; C[0..0] + vpermdi v30,v28,v26,0b10 ; C[4..0] + vpermdi v31,v28,v28,0b11 ; C[4..4] + vxor v1, v1, v29 ; A[0..1][1] ^= C[0..0] + vxor v6, v6, v29 ; A[2..3][1] ^= C[0..0] + vxor v10,v10,v30 ; A[4][0..1] ^= C[4..0] + vxor v0, v0, v31 ; A[0..1][0] ^= C[4..4] + vxor v5, v5, v31 ; A[2..3][0] ^= C[4..4] + + vpermdi v29,v27,v27,0b00 ; C[2..2] + vpermdi v30,v26,v26,0b11 ; C[1..1] + vpermdi v31,v26,v27,0b10 ; C[1..2] + vxor v3, v3, v29 ; A[0..1][3] ^= C[2..2] + vxor v8, v8, v29 ; A[2..3][3] ^= C[2..2] + vxor v2, v2, v30 ; A[0..1][2] ^= C[1..1] + vxor v7, v7, v30 ; A[2..3][2] ^= C[1..1] + vxor v11,v11,v31 ; A[4][2..3] ^= C[1..2] + + vpermdi v29,v27,v27,0b11 ; C[3..3] + vxor v4, v4, v29 ; A[0..1][4] ^= C[3..3] + vxor v9, v9, v29 ; A[2..3][4] ^= C[3..3] + vxor v12,v12,v29 ; A[4..4][4] ^= C[3..3] + + ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Rho + vrld v26,v0, v13 ; v0 + vrld v1, v1, v14 + vrld v27,v2, v15 ; v2 + vrld v28,v3, v16 ; v3 + vrld v4, v4, v17 + vrld v5, v5, v18 + vrld v6, v6, v19 + vrld v29,v7, v20 ; v7 + vrld v8, v8, v21 + vrld v9, v9, v22 + vrld v10,v10,v23 + vrld v30,v11,v24 ; v11 + vrld v12,v12,v25 + + ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Pi + vpermdi v0, v26,v28,0b00 ; [0][0] [1][0] < [0][0] [0][3] + vpermdi v2, v29,v5, 0b00 ; [0][2] [1][2] < [2][2] [2][0] + vpermdi v11,v9, v5, 0b01 ; [4][2] [4][3] < [2][4] [3][0] + vpermdi v5, v1, v4, 0b00 ; [2][0] [3][0] < [0][1] [0][4] + vpermdi v1, v1, v4, 0b11 ; [0][1] [1][1] < [1][1] [1][4] + vpermdi v3, v8, v6, 0b11 ; [0][3] [1][3] < [3][3] [3][1] + vpermdi v4, v12,v30,0b10 ; [0][4] [1][4] < [4][4] [4][2] + vpermdi v7, v8, v6, 0b00 ; [2][2] [3][2] < [2][3] [2][1] + vpermdi v6, v27,v26,0b11 ; [2][1] [3][1] < [1][2] [1][0] + vpermdi v8, v9, v29,0b11 ; [2][3] [3][3] < [3][4] [3][2] + vpermdi v12,v10,v10,0b11 ; [4][4] [4][4] < [4][1] [4][1] + vpermdi v9, v10,v30,0b01 ; [2][4] [3][4] < [4][0] [4][3] + vpermdi v10,v27,v28,0b01 ; [4][0] [4][1] < [0][2] [1][3] + + ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Chi + Iota + lvx_u v31,$iotas,r0 ; iotas[index] + addic r0,r0,16 ; index++ + + vandc v26,v2, v1 ; (~A[0..1][1] & A[0..1][2]) + vandc v27,v3, v2 ; (~A[0..1][2] & A[0..1][3]) + vandc v28,v4, v3 ; (~A[0..1][3] & A[0..1][4]) + vandc v29,v0, v4 ; (~A[0..1][4] & A[0..1][0]) + vandc v30,v1, v0 ; (~A[0..1][0] & A[0..1][1]) + vxor v0, v0, v26 ; A[0..1][0] ^= (~A[0..1][1] & A[0..1][2]) + vxor v1, v1, v27 ; A[0..1][1] ^= (~A[0..1][2] & A[0..1][3]) + vxor v2, v2, v28 ; A[0..1][2] ^= (~A[0..1][3] & A[0..1][4]) + vxor v3, v3, v29 ; A[0..1][3] ^= (~A[0..1][4] & A[0..1][0]) + vxor v4, v4, v30 ; A[0..1][4] ^= (~A[0..1][0] & A[0..1][1]) + + vandc v26,v7, v6 ; (~A[2..3][1] & A[2..3][2]) + vandc v27,v8, v7 ; (~A[2..3][2] & A[2..3][3]) + vandc v28,v9, v8 ; (~A[2..3][3] & A[2..3][4]) + vandc v29,v5, v9 ; (~A[2..3][4] & A[2..3][0]) + vandc v30,v6, v5 ; (~A[2..3][0] & A[2..3][1]) + vxor v5, v5, v26 ; A[2..3][0] ^= (~A[2..3][1] & A[2..3][2]) + vxor v6, v6, v27 ; A[2..3][1] ^= (~A[2..3][2] & A[2..3][3]) + vxor v7, v7, v28 ; A[2..3][2] ^= (~A[2..3][3] & A[2..3][4]) + vxor v8, v8, v29 ; A[2..3][3] ^= (~A[2..3][4] & A[2..3][0]) + vxor v9, v9, v30 ; A[2..3][4] ^= (~A[2..3][0] & A[2..3][1]) + + vxor v0, v0, v31 ; A[0][0] ^= iotas[index++] + + vpermdi v26,v10,v11,0b10 ; A[4][1..2] + vpermdi v27,v12,v10,0b00 ; A[4][4..0] + vpermdi v28,v11,v12,0b10 ; A[4][3..4] + vpermdi v29,v10,v10,0b10 ; A[4][1..0] + vandc v26,v11,v26 ; (~A[4][1..2] & A[4][2..3]) + vandc v27,v27,v28 ; (~A[4][3..4] & A[4][4..0]) + vandc v28,v10,v29 ; (~A[4][1..0] & A[4][0..1]) + vxor v10,v10,v26 ; A[4][0..1] ^= (~A[4][1..2] & A[4][2..3]) + vxor v11,v11,v27 ; A[4][2..3] ^= (~A[4][3..4] & A[4][4..0]) + vxor v12,v12,v28 ; A[4][4..4] ^= (~A[4][0..1] & A[4][1..0]) + + bdnz .Loop + + vpermdi v12,v12,v12,0b11 ; broadcast A[4][4] + blr + .long 0 + .byte 0,12,0x14,0,0,0,0,0 +.size KeccakF1600_int,.-KeccakF1600_int + +.type KeccakF1600,\@function +.align 5 +KeccakF1600: + $STU $sp,-$FRAME($sp) + li r10,`15+6*$SIZE_T` + li r11,`31+6*$SIZE_T` + mflr r8 + mfspr r7, 256 ; save vrsave + stvx v20,r10,$sp + addi r10,r10,32 + stvx v21,r11,$sp + addi r11,r11,32 + stvx v22,r10,$sp + addi r10,r10,32 + stvx v23,r11,$sp + addi r11,r11,32 + stvx v24,r10,$sp + addi r10,r10,32 + stvx v25,r11,$sp + addi r11,r11,32 + stvx v26,r10,$sp + addi r10,r10,32 + stvx v27,r11,$sp + addi r11,r11,32 + stvx v28,r10,$sp + addi r10,r10,32 + stvx v29,r11,$sp + addi r11,r11,32 + stvx v30,r10,$sp + stvx v31,r11,$sp + stw r7,`$FRAME-4`($sp) ; save vrsave + li r0, -1 + $PUSH r8,`$FRAME+$LRSAVE`($sp) + mtspr 256, r0 ; preserve all AltiVec registers + + li r11,16 + lvx_4w v0,0,r3 ; load A[5][5] + li r10,32 + lvx_4w v1,r11,r3 + addi r11,r11,32 + lvx_4w v2,r10,r3 + addi r10,r10,32 + lvx_4w v3,r11,r3 + addi r11,r11,32 + lvx_4w v4,r10,r3 + addi r10,r10,32 + lvx_4w v5,r11,r3 + addi r11,r11,32 + lvx_4w v6,r10,r3 + addi r10,r10,32 + lvx_4w v7,r11,r3 + addi r11,r11,32 + lvx_4w v8,r10,r3 + addi r10,r10,32 + lvx_4w v9,r11,r3 + addi r11,r11,32 + lvx_4w v10,r10,r3 + addi r10,r10,32 + lvx_4w v11,r11,r3 + lvx_splt v12,r10,r3 + + bl PICmeup + + li r11,16 + lvx_u v13,0,r12 ; load rhotates + li r10,32 + lvx_u v14,r11,r12 + addi r11,r11,32 + lvx_u v15,r10,r12 + addi r10,r10,32 + lvx_u v16,r11,r12 + addi r11,r11,32 + lvx_u v17,r10,r12 + addi r10,r10,32 + lvx_u v18,r11,r12 + addi r11,r11,32 + lvx_u v19,r10,r12 + addi r10,r10,32 + lvx_u v20,r11,r12 + addi r11,r11,32 + lvx_u v21,r10,r12 + addi r10,r10,32 + lvx_u v22,r11,r12 + addi r11,r11,32 + lvx_u v23,r10,r12 + addi r10,r10,32 + lvx_u v24,r11,r12 + lvx_u v25,r10,r12 + addi r12,r12,`16*16` ; points at iotas + + bl KeccakF1600_int + + li r11,16 + stvx_4w v0,0,r3 ; return A[5][5] + li r10,32 + stvx_4w v1,r11,r3 + addi r11,r11,32 + stvx_4w v2,r10,r3 + addi r10,r10,32 + stvx_4w v3,r11,r3 + addi r11,r11,32 + stvx_4w v4,r10,r3 + addi r10,r10,32 + stvx_4w v5,r11,r3 + addi r11,r11,32 + stvx_4w v6,r10,r3 + addi r10,r10,32 + stvx_4w v7,r11,r3 + addi r11,r11,32 + stvx_4w v8,r10,r3 + addi r10,r10,32 + stvx_4w v9,r11,r3 + addi r11,r11,32 + stvx_4w v10,r10,r3 + addi r10,r10,32 + stvx_4w v11,r11,r3 + stvdx_u v12,r10,r3 + + li r10,`15+6*$SIZE_T` + li r11,`31+6*$SIZE_T` + mtlr r8 + mtspr 256, r7 ; restore vrsave + lvx v20,r10,$sp + addi r10,r10,32 + lvx v21,r11,$sp + addi r11,r11,32 + lvx v22,r10,$sp + addi r10,r10,32 + lvx v23,r11,$sp + addi r11,r11,32 + lvx v24,r10,$sp + addi r10,r10,32 + lvx v25,r11,$sp + addi r11,r11,32 + lvx v26,r10,$sp + addi r10,r10,32 + lvx v27,r11,$sp + addi r11,r11,32 + lvx v28,r10,$sp + addi r10,r10,32 + lvx v29,r11,$sp + addi r11,r11,32 + lvx v30,r10,$sp + lvx v31,r11,$sp + addi $sp,$sp,$FRAME + blr + .long 0 + .byte 0,12,0x04,1,0x80,0,1,0 + .long 0 +.size KeccakF1600,.-KeccakF1600 +___ +{ +my ($A_jagged,$inp,$len,$bsz) = map("r$_",(3..6)); + +$code.=<<___; +.globl SHA3_absorb +.type SHA3_absorb,\@function +.align 5 +SHA3_absorb: + $STU $sp,-$FRAME($sp) + li r10,`15+6*$SIZE_T` + li r11,`31+6*$SIZE_T` + mflr r8 + mfspr r7, 256 ; save vrsave + stvx v20,r10,$sp + addi r10,r10,32 + stvx v21,r11,$sp + addi r11,r11,32 + stvx v22,r10,$sp + addi r10,r10,32 + stvx v23,r11,$sp + addi r11,r11,32 + stvx v24,r10,$sp + addi r10,r10,32 + stvx v25,r11,$sp + addi r11,r11,32 + stvx v26,r10,$sp + addi r10,r10,32 + stvx v27,r11,$sp + addi r11,r11,32 + stvx v28,r10,$sp + addi r10,r10,32 + stvx v29,r11,$sp + addi r11,r11,32 + stvx v30,r10,$sp + stvx v31,r11,$sp + stw r7,`$FRAME-4`($sp) ; save vrsave + li r0, -1 + $PUSH r8,`$FRAME+$LRSAVE`($sp) + mtspr 256, r0 ; preserve all AltiVec registers + + li r11,16 + lvx_4w v0,0,$A_jagged ; load A[5][5] + li r10,32 + lvx_4w v1,r11,$A_jagged + addi r11,r11,32 + lvx_4w v2,r10,$A_jagged + addi r10,r10,32 + lvx_4w v3,r11,$A_jagged + addi r11,r11,32 + lvx_4w v4,r10,$A_jagged + addi r10,r10,32 + lvx_4w v5,r11,$A_jagged + addi r11,r11,32 + lvx_4w v6,r10,$A_jagged + addi r10,r10,32 + lvx_4w v7,r11,$A_jagged + addi r11,r11,32 + lvx_4w v8,r10,$A_jagged + addi r10,r10,32 + lvx_4w v9,r11,$A_jagged + addi r11,r11,32 + lvx_4w v10,r10,$A_jagged + addi r10,r10,32 + lvx_4w v11,r11,$A_jagged + lvx_splt v12,r10,$A_jagged + + bl PICmeup + + li r11,16 + lvx_u v13,0,r12 ; load rhotates + li r10,32 + lvx_u v14,r11,r12 + addi r11,r11,32 + lvx_u v15,r10,r12 + addi r10,r10,32 + lvx_u v16,r11,r12 + addi r11,r11,32 + lvx_u v17,r10,r12 + addi r10,r10,32 + lvx_u v18,r11,r12 + addi r11,r11,32 + lvx_u v19,r10,r12 + addi r10,r10,32 + lvx_u v20,r11,r12 + addi r11,r11,32 + lvx_u v21,r10,r12 + addi r10,r10,32 + lvx_u v22,r11,r12 + addi r11,r11,32 + lvx_u v23,r10,r12 + addi r10,r10,32 + lvx_u v24,r11,r12 + lvx_u v25,r10,r12 + li r10,-32 + li r11,-16 + addi r12,r12,`16*16` ; points at iotas + b .Loop_absorb + +.align 4 +.Loop_absorb: + $UCMP $len,$bsz ; len < bsz? + blt .Labsorbed + + sub $len,$len,$bsz ; len -= bsz + srwi r0,$bsz,3 + mtctr r0 + + lvx_u v30,r10,r12 ; permutation masks + lvx_u v31,r11,r12 + ?vspltisb v27,7 ; prepare masks for byte swap + ?vxor v30,v30,v27 ; on big-endian + ?vxor v31,v31,v27 + + vxor v27,v27,v27 ; zero + lvdx_u v26,0,$inp + addi $inp,$inp,8 + vperm v26,v26,v27,v30 + vxor v0, v0, v26 + bdz .Lprocess_block + lvdx_u v26,0,$inp + addi $inp,$inp,8 + vperm v26,v26,v27,v30 + vxor v1, v1, v26 + bdz .Lprocess_block + lvdx_u v26,0,$inp + addi $inp,$inp,8 + vperm v26,v26,v27,v30 + vxor v2, v2, v26 + bdz .Lprocess_block + lvdx_u v26,0,$inp + addi $inp,$inp,8 + vperm v26,v26,v27,v30 + vxor v3, v3, v26 + bdz .Lprocess_block + lvdx_u v26,0,$inp + addi $inp,$inp,8 + vperm v26,v26,v27,v30 + vxor v4, v4, v26 + bdz .Lprocess_block + lvdx_u v26,0,$inp + addi $inp,$inp,8 + vperm v26,v26,v27,v31 + vxor v0, v0, v26 + bdz .Lprocess_block + lvdx_u v26,0,$inp + addi $inp,$inp,8 + vperm v26,v26,v27,v31 + vxor v1, v1, v26 + bdz .Lprocess_block + lvdx_u v26,0,$inp + addi $inp,$inp,8 + vperm v26,v26,v27,v31 + vxor v2, v2, v26 + bdz .Lprocess_block + lvdx_u v26,0,$inp + addi $inp,$inp,8 + vperm v26,v26,v27,v31 + vxor v3, v3, v26 + bdz .Lprocess_block + lvdx_u v26,0,$inp + addi $inp,$inp,8 + vperm v26,v26,v27,v31 + vxor v4, v4, v26 + bdz .Lprocess_block + lvdx_u v26,0,$inp + addi $inp,$inp,8 + vperm v26,v26,v27,v30 + vxor v5, v5, v26 + bdz .Lprocess_block + lvdx_u v26,0,$inp + addi $inp,$inp,8 + vperm v26,v26,v27,v30 + vxor v6, v6, v26 + bdz .Lprocess_block + lvdx_u v26,0,$inp + addi $inp,$inp,8 + vperm v26,v26,v27,v30 + vxor v7, v7, v26 + bdz .Lprocess_block + lvdx_u v26,0,$inp + addi $inp,$inp,8 + vperm v26,v26,v27,v30 + vxor v8, v8, v26 + bdz .Lprocess_block + lvdx_u v26,0,$inp + addi $inp,$inp,8 + vperm v26,v26,v27,v30 + vxor v9, v9, v26 + bdz .Lprocess_block + lvdx_u v26,0,$inp + addi $inp,$inp,8 + vperm v26,v26,v27,v31 + vxor v5, v5, v26 + bdz .Lprocess_block + lvdx_u v26,0,$inp + addi $inp,$inp,8 + vperm v26,v26,v27,v31 + vxor v6, v6, v26 + bdz .Lprocess_block + lvdx_u v26,0,$inp + addi $inp,$inp,8 + vperm v26,v26,v27,v31 + vxor v7, v7, v26 + bdz .Lprocess_block + lvdx_u v26,0,$inp + addi $inp,$inp,8 + vperm v26,v26,v27,v31 + vxor v8, v8, v26 + bdz .Lprocess_block + lvdx_u v26,0,$inp + addi $inp,$inp,8 + vperm v26,v26,v27,v31 + vxor v9, v9, v26 + bdz .Lprocess_block + lvdx_u v26,0,$inp + addi $inp,$inp,8 + vperm v26,v26,v27,v30 + vxor v10, v10, v26 + bdz .Lprocess_block + lvdx_u v26,0,$inp + addi $inp,$inp,8 + vperm v26,v26,v27,v31 + vxor v10, v10, v26 + bdz .Lprocess_block + lvdx_u v26,0,$inp + addi $inp,$inp,8 + vperm v26,v26,v27,v30 + vxor v11, v11, v26 + bdz .Lprocess_block + lvdx_u v26,0,$inp + addi $inp,$inp,8 + vperm v26,v26,v27,v31 + vxor v11, v11, v26 + bdz .Lprocess_block + lvdx_u v26,0,$inp + addi $inp,$inp,8 + vperm v26,v26,v27,v31 + vxor v12, v12, v26 + +.Lprocess_block: + bl KeccakF1600_int + + b .Loop_absorb + +.align 4 +.Labsorbed: + li r11,16 + stvx_4w v0,0,$A_jagged ; return A[5][5] + li r10,32 + stvx_4w v1,r11,$A_jagged + addi r11,r11,32 + stvx_4w v2,r10,$A_jagged + addi r10,r10,32 + stvx_4w v3,r11,$A_jagged + addi r11,r11,32 + stvx_4w v4,r10,$A_jagged + addi r10,r10,32 + stvx_4w v5,r11,$A_jagged + addi r11,r11,32 + stvx_4w v6,r10,$A_jagged + addi r10,r10,32 + stvx_4w v7,r11,$A_jagged + addi r11,r11,32 + stvx_4w v8,r10,$A_jagged + addi r10,r10,32 + stvx_4w v9,r11,$A_jagged + addi r11,r11,32 + stvx_4w v10,r10,$A_jagged + addi r10,r10,32 + stvx_4w v11,r11,$A_jagged + stvdx_u v12,r10,$A_jagged + + mr r3,$len ; return value + li r10,`15+6*$SIZE_T` + li r11,`31+6*$SIZE_T` + mtlr r8 + mtspr 256, r7 ; restore vrsave + lvx v20,r10,$sp + addi r10,r10,32 + lvx v21,r11,$sp + addi r11,r11,32 + lvx v22,r10,$sp + addi r10,r10,32 + lvx v23,r11,$sp + addi r11,r11,32 + lvx v24,r10,$sp + addi r10,r10,32 + lvx v25,r11,$sp + addi r11,r11,32 + lvx v26,r10,$sp + addi r10,r10,32 + lvx v27,r11,$sp + addi r11,r11,32 + lvx v28,r10,$sp + addi r10,r10,32 + lvx v29,r11,$sp + addi r11,r11,32 + lvx v30,r10,$sp + lvx v31,r11,$sp + addi $sp,$sp,$FRAME + blr + .long 0 + .byte 0,12,0x04,1,0x80,0,4,0 + .long 0 +.size SHA3_absorb,.-SHA3_absorb +___ +} +{ +my ($A_jagged,$out,$len,$bsz) = map("r$_",(3..6)); + +$code.=<<___; +.globl SHA3_squeeze +.type SHA3_squeeze,\@function +.align 5 +SHA3_squeeze: + mflr r9 ; r9 is not touched by KeccakF1600 + subi $out,$out,1 ; prepare for stbu + addi r8,$A_jagged,4 ; prepare volatiles + mr r10,$bsz + li r11,0 + b .Loop_squeeze +.align 4 +.Loop_squeeze: + lwzx r7,r11,r8 ; lo + lwzx r0,r11,$A_jagged ; hi + ${UCMP}i $len,8 + blt .Lsqueeze_tail + + stbu r7,1($out) ; write lo + srwi r7,r7,8 + stbu r7,1($out) + srwi r7,r7,8 + stbu r7,1($out) + srwi r7,r7,8 + stbu r7,1($out) + stbu r0,1($out) ; write hi + srwi r0,r0,8 + stbu r0,1($out) + srwi r0,r0,8 + stbu r0,1($out) + srwi r0,r0,8 + stbu r0,1($out) + + subic. $len,$len,8 + beqlr ; return if done + + subic. r10,r10,8 + ble .Loutput_expand + + addi r11,r11,16 ; calculate jagged index + cmplwi r11,`16*5` + blt .Loop_squeeze + subi r11,r11,72 + beq .Loop_squeeze + addi r11,r11,72 + cmplwi r11,`16*5+8` + subi r11,r11,8 + beq .Loop_squeeze + addi r11,r11,8 + cmplwi r11,`16*10` + subi r11,r11,72 + beq .Loop_squeeze + addi r11,r11,72 + blt .Loop_squeeze + subi r11,r11,8 + b .Loop_squeeze + +.align 4 +.Loutput_expand: + bl KeccakF1600 + mtlr r9 + + addi r8,$A_jagged,4 ; restore volatiles + mr r10,$bsz + li r11,0 + b .Loop_squeeze + +.align 4 +.Lsqueeze_tail: + mtctr $len + subic. $len,$len,4 + ble .Loop_tail_lo + li r8,4 + mtctr r8 +.Loop_tail_lo: + stbu r7,1($out) + srdi r7,r7,8 + bdnz .Loop_tail_lo + ble .Lsqueeze_done + mtctr $len +.Loop_tail_hi: + stbu r0,1($out) + srdi r0,r0,8 + bdnz .Loop_tail_hi + +.Lsqueeze_done: + blr + .long 0 + .byte 0,12,0x14,0,0,0,4,0 + .long 0 +.size SHA3_squeeze,.-SHA3_squeeze +___ +} +$code.=<<___; +.align 6 +PICmeup: + mflr r0 + bcl 20,31,\$+4 + mflr r12 ; vvvvvv "distance" between . and 1st data entry + addi r12,r12,`64-8` + mtlr r0 + blr + .long 0 + .byte 0,12,0x14,0,0,0,0,0 + .space `64-9*4` +.type rhotates,\@object +.align 6 +rhotates: + .quad 0, 36 + .quad 1, 44 + .quad 62, 6 + .quad 28, 55 + .quad 27, 20 + .quad 3, 41 + .quad 10, 45 + .quad 43, 15 + .quad 25, 21 + .quad 39, 8 + .quad 18, 2 + .quad 61, 56 + .quad 14, 14 +.size rhotates,.-rhotates + .quad 0,0 + .quad 0x0001020304050607,0x1011121314151617 + .quad 0x1011121314151617,0x0001020304050607 +.type iotas,\@object +iotas: + .quad 0x0000000000000001,0 + .quad 0x0000000000008082,0 + .quad 0x800000000000808a,0 + .quad 0x8000000080008000,0 + .quad 0x000000000000808b,0 + .quad 0x0000000080000001,0 + .quad 0x8000000080008081,0 + .quad 0x8000000000008009,0 + .quad 0x000000000000008a,0 + .quad 0x0000000000000088,0 + .quad 0x0000000080008009,0 + .quad 0x000000008000000a,0 + .quad 0x000000008000808b,0 + .quad 0x800000000000008b,0 + .quad 0x8000000000008089,0 + .quad 0x8000000000008003,0 + .quad 0x8000000000008002,0 + .quad 0x8000000000000080,0 + .quad 0x000000000000800a,0 + .quad 0x800000008000000a,0 + .quad 0x8000000080008081,0 + .quad 0x8000000000008080,0 + .quad 0x0000000080000001,0 + .quad 0x8000000080008008,0 +.size iotas,.-iotas +.asciz "Keccak-1600 absorb and squeeze for PowerISA 2.07, CRYPTOGAMS by " +___ + +foreach (split("\n",$code)) { + s/\`([^\`]*)\`/eval $1/ge; + + if ($flavour =~ /le$/) { # little-endian + s/\?([a-z]+)/;$1/; + } else { # big-endian + s/\?([a-z]+)/$1/; + } + + print $_,"\n"; +} + +close STDOUT; diff --git a/deps/openssl/openssl/crypto/sha/asm/sha1-586.pl b/deps/openssl/openssl/crypto/sha/asm/sha1-586.pl index cf34b2c2936cd3..9d4ff7f39a52f0 100644 --- a/deps/openssl/openssl/crypto/sha/asm/sha1-586.pl +++ b/deps/openssl/openssl/crypto/sha/asm/sha1-586.pl @@ -35,10 +35,9 @@ # P4 +85%(!) +45% # # As you can see Pentium came out as looser:-( Yet I reckoned that -# improvement on P4 outweights the loss and incorporate this +# improvement on P4 outweighs the loss and incorporate this # re-tuned code to 0.9.7 and later. # ---------------------------------------------------------------- -# # August 2009. # @@ -104,10 +103,12 @@ # Sandy Bridge 8.8 6.2/+40% 5.1(**)/+73% # Ivy Bridge 7.2 4.8/+51% 4.7(**)/+53% # Haswell 6.5 4.3/+51% 4.1(**)/+58% +# Skylake 6.4 4.1/+55% 4.1(**)/+55% # Bulldozer 11.6 6.0/+92% # VIA Nano 10.6 7.5/+41% # Atom 12.5 9.3(*)/+35% # Silvermont 14.5 9.9(*)/+46% +# Goldmont 8.8 6.7/+30% 1.7(***)/+415% # # (*) Loop is 1056 instructions long and expected result is ~8.25. # The discrepancy is because of front-end limitations, so @@ -115,6 +116,8 @@ # limited parallelism. # # (**) As per above comment, the result is for AVX *plus* sh[rl]d. +# +# (***) SHAEXT result $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; push(@INC,"${dir}","${dir}../../perlasm"); @@ -123,7 +126,7 @@ $output=pop; open STDOUT,">$output"; -&asm_init($ARGV[0],"sha1-586.pl",$ARGV[$#ARGV] eq "386"); +&asm_init($ARGV[0],$ARGV[$#ARGV] eq "386"); $xmm=$ymm=0; for (@ARGV) { $xmm=1 if (/-DOPENSSL_IA32_SSE2/); } @@ -133,7 +136,7 @@ =~ /GNU assembler version ([2-9]\.[0-9]+)/ && $1>=2.19); # first version supporting AVX -$ymm=1 if ($xmm && !$ymm && $ARGV[0] eq "win32n" && +$ymm=1 if ($xmm && !$ymm && $ARGV[0] eq "win32n" && `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/ && $1>=2.03); # first version supporting AVX @@ -546,7 +549,7 @@ sub sha1op38 { # being implemented in SSSE3). Once 8 quadruples or 32 elements are # collected, it switches to routine proposed by Max Locktyukhin. # -# Calculations inevitably require temporary reqisters, and there are +# Calculations inevitably require temporary registers, and there are # no %xmm registers left to spare. For this reason part of the ring # buffer, X[2..4] to be specific, is offloaded to 3 quadriples ring # buffer on the stack. Keep in mind that X[2] is alias X[-6], X[3] - diff --git a/deps/openssl/openssl/crypto/sha/asm/sha1-alpha.pl b/deps/openssl/openssl/crypto/sha/asm/sha1-alpha.pl index 4124958f781653..c1a0b0c6904124 100644 --- a/deps/openssl/openssl/crypto/sha/asm/sha1-alpha.pl +++ b/deps/openssl/openssl/crypto/sha/asm/sha1-alpha.pl @@ -8,7 +8,7 @@ # ==================================================================== -# Written by Andy Polyakov for the OpenSSL +# Written by Andy Polyakov for the OpenSSL # project. The module is, however, dual licensed under OpenSSL and # CRYPTOGAMS licenses depending on where you obtain it. For further # details see http://www.openssl.org/~appro/cryptogams/. diff --git a/deps/openssl/openssl/crypto/sha/asm/sha1-armv8.pl b/deps/openssl/openssl/crypto/sha/asm/sha1-armv8.pl index 84a00bf2afe80b..3ba871fedee65f 100644 --- a/deps/openssl/openssl/crypto/sha/asm/sha1-armv8.pl +++ b/deps/openssl/openssl/crypto/sha/asm/sha1-armv8.pl @@ -26,6 +26,7 @@ # Denver 2.13 3.97 (+0%)(**) # X-Gene 8.80 (+200%) # Mongoose 2.05 6.50 (+160%) +# Kryo 1.88 8.00 (+90%) # # (*) Software results are presented mostly for reference purposes. # (**) Keep in mind that Denver relies on binary translation, which diff --git a/deps/openssl/openssl/crypto/sha/asm/sha1-ia64.pl b/deps/openssl/openssl/crypto/sha/asm/sha1-ia64.pl index dec21f92d58216..bf1d2ebeb0ab0c 100644 --- a/deps/openssl/openssl/crypto/sha/asm/sha1-ia64.pl +++ b/deps/openssl/openssl/crypto/sha/asm/sha1-ia64.pl @@ -8,7 +8,7 @@ # # ==================================================================== -# Written by Andy Polyakov for the OpenSSL +# Written by Andy Polyakov for the OpenSSL # project. The module is, however, dual licensed under OpenSSL and # CRYPTOGAMS licenses depending on where you obtain it. For further # details see http://www.openssl.org/~appro/cryptogams/. diff --git a/deps/openssl/openssl/crypto/sha/asm/sha1-mb-x86_64.pl b/deps/openssl/openssl/crypto/sha/asm/sha1-mb-x86_64.pl index 51c73c05ace70a..443b649830f454 100644 --- a/deps/openssl/openssl/crypto/sha/asm/sha1-mb-x86_64.pl +++ b/deps/openssl/openssl/crypto/sha/asm/sha1-mb-x86_64.pl @@ -95,7 +95,7 @@ if (1) { # Atom-specific optimization aiming to eliminate pshufb with high - # registers [and thus get rid of 48 cycles accumulated penalty] + # registers [and thus get rid of 48 cycles accumulated penalty] @Xi=map("%xmm$_",(0..4)); ($tx,$t0,$t1,$t2,$t3)=map("%xmm$_",(5..9)); @V=($A,$B,$C,$D,$E)=map("%xmm$_",(10..14)); @@ -126,7 +126,7 @@ sub BODY_00_19 { # ... # $i==13: 14,15,15,15, # $i==14: 15 -# +# # Then at $i==15 Xupdate is applied one iteration in advance... $code.=<<___ if ($i==0); movd (@ptr[0]),@Xi[0] @@ -363,6 +363,7 @@ sub BODY_40_59 { .type sha1_multi_block,\@function,3 .align 32 sha1_multi_block: +.cfi_startproc mov OPENSSL_ia32cap_P+4(%rip),%rcx bt \$61,%rcx # check SHA bit jc _shaext_shortcut @@ -373,8 +374,11 @@ sub BODY_40_59 { ___ $code.=<<___; mov %rsp,%rax +.cfi_def_cfa_register %rax push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbx ___ $code.=<<___ if ($win64); lea -0xa8(%rsp),%rsp @@ -393,6 +397,7 @@ sub BODY_40_59 { sub \$`$REG_SZ*18`,%rsp and \$-256,%rsp mov %rax,`$REG_SZ*17`(%rsp) # original %rsp +.cfi_cfa_expression %rsp+`$REG_SZ*17`,deref,+8 .Lbody: lea K_XX_XX(%rip),$Tbl lea `$REG_SZ*16`(%rsp),%rbx @@ -439,7 +444,7 @@ sub BODY_40_59 { $code.=<<___; movdqa (%rbx),@Xi[0] # pull counters mov \$1,%ecx - cmp 4*0(%rbx),%ecx # examinte counters + cmp 4*0(%rbx),%ecx # examine counters pxor $t2,$t2 cmovge $Tbl,@ptr[0] # cancel input cmp 4*1(%rbx),%ecx @@ -487,6 +492,7 @@ sub BODY_40_59 { .Ldone: mov `$REG_SZ*17`(%rsp),%rax # original %rsp +.cfi_def_cfa %rax,8 ___ $code.=<<___ if ($win64); movaps -0xb8(%rax),%xmm6 @@ -502,10 +508,14 @@ sub BODY_40_59 { ___ $code.=<<___; mov -16(%rax),%rbp +.cfi_restore %rbp mov -8(%rax),%rbx +.cfi_restore %rbx lea (%rax),%rsp +.cfi_def_cfa_register %rsp .Lepilogue: ret +.cfi_endproc .size sha1_multi_block,.-sha1_multi_block ___ {{{ @@ -517,10 +527,14 @@ sub BODY_40_59 { .type sha1_multi_block_shaext,\@function,3 .align 32 sha1_multi_block_shaext: +.cfi_startproc _shaext_shortcut: mov %rsp,%rax +.cfi_def_cfa_register %rax push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp ___ $code.=<<___ if ($win64); lea -0xa8(%rsp),%rsp @@ -756,10 +770,14 @@ sub BODY_40_59 { ___ $code.=<<___; mov -16(%rax),%rbp +.cfi_restore %rbp mov -8(%rax),%rbx +.cfi_restore %rbx lea (%rax),%rsp +.cfi_def_cfa_register %rsp .Lepilogue_shaext: ret +.cfi_endproc .size sha1_multi_block_shaext,.-sha1_multi_block_shaext ___ }}} @@ -1002,6 +1020,7 @@ sub BODY_40_59_avx { .type sha1_multi_block_avx,\@function,3 .align 32 sha1_multi_block_avx: +.cfi_startproc _avx_shortcut: ___ $code.=<<___ if ($avx>1); @@ -1016,8 +1035,11 @@ sub BODY_40_59_avx { ___ $code.=<<___; mov %rsp,%rax +.cfi_def_cfa_register %rax push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp ___ $code.=<<___ if ($win64); lea -0xa8(%rsp),%rsp @@ -1036,6 +1058,7 @@ sub BODY_40_59_avx { sub \$`$REG_SZ*18`, %rsp and \$-256,%rsp mov %rax,`$REG_SZ*17`(%rsp) # original %rsp +.cfi_cfa_expression %rsp+`$REG_SZ*17`,deref,+8 .Lbody_avx: lea K_XX_XX(%rip),$Tbl lea `$REG_SZ*16`(%rsp),%rbx @@ -1125,6 +1148,7 @@ sub BODY_40_59_avx { .Ldone_avx: mov `$REG_SZ*17`(%rsp),%rax # original %rsp +.cfi_def_cfa %rax,8 vzeroupper ___ $code.=<<___ if ($win64); @@ -1141,10 +1165,14 @@ sub BODY_40_59_avx { ___ $code.=<<___; mov -16(%rax),%rbp +.cfi_restore %rbp mov -8(%rax),%rbx +.cfi_restore %rbx lea (%rax),%rsp +.cfi_def_cfa_register %rsp .Lepilogue_avx: ret +.cfi_endproc .size sha1_multi_block_avx,.-sha1_multi_block_avx ___ @@ -1164,14 +1192,22 @@ sub BODY_40_59_avx { .type sha1_multi_block_avx2,\@function,3 .align 32 sha1_multi_block_avx2: +.cfi_startproc _avx2_shortcut: mov %rsp,%rax +.cfi_def_cfa_register %rax push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 ___ $code.=<<___ if ($win64); lea -0xa8(%rsp),%rsp @@ -1190,6 +1226,7 @@ sub BODY_40_59_avx { sub \$`$REG_SZ*18`, %rsp and \$-256,%rsp mov %rax,`$REG_SZ*17`(%rsp) # original %rsp +.cfi_cfa_expression %rsp+`$REG_SZ*17`,deref,+8 .Lbody_avx2: lea K_XX_XX(%rip),$Tbl shr \$1,$num @@ -1280,6 +1317,7 @@ sub BODY_40_59_avx { .Ldone_avx2: mov `$REG_SZ*17`(%rsp),%rax # original %rsp +.cfi_def_cfa %rax,8 vzeroupper ___ $code.=<<___ if ($win64); @@ -1296,14 +1334,22 @@ sub BODY_40_59_avx { ___ $code.=<<___; mov -48(%rax),%r15 +.cfi_restore %r15 mov -40(%rax),%r14 +.cfi_restore %r14 mov -32(%rax),%r13 +.cfi_restore %r13 mov -24(%rax),%r12 +.cfi_restore %r12 mov -16(%rax),%rbp +.cfi_restore %rbp mov -8(%rax),%rbx +.cfi_restore %rbx lea (%rax),%rsp +.cfi_def_cfa_register %rsp .Lepilogue_avx2: ret +.cfi_endproc .size sha1_multi_block_avx2,.-sha1_multi_block_avx2 ___ } }}} @@ -1462,10 +1508,10 @@ sub BODY_40_59_avx { mov -48(%rax),%r15 mov %rbx,144($context) # restore context->Rbx mov %rbp,160($context) # restore context->Rbp - mov %r12,216($context) # restore cotnext->R12 - mov %r13,224($context) # restore cotnext->R13 - mov %r14,232($context) # restore cotnext->R14 - mov %r15,240($context) # restore cotnext->R15 + mov %r12,216($context) # restore context->R12 + mov %r13,224($context) # restore context->R13 + mov %r14,232($context) # restore context->R14 + mov %r15,240($context) # restore context->R15 lea -56-10*16(%rax),%rsi lea 512($context),%rdi # &context.Xmm6 diff --git a/deps/openssl/openssl/crypto/sha/asm/sha1-mips.pl b/deps/openssl/openssl/crypto/sha/asm/sha1-mips.pl index 882f9731cf0d42..08f84bc3b3d9bb 100644 --- a/deps/openssl/openssl/crypto/sha/asm/sha1-mips.pl +++ b/deps/openssl/openssl/crypto/sha/asm/sha1-mips.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -8,7 +8,7 @@ # ==================================================================== -# Written by Andy Polyakov for the OpenSSL +# Written by Andy Polyakov for the OpenSSL # project. The module is, however, dual licensed under OpenSSL and # CRYPTOGAMS licenses depending on where you obtain it. For further # details see http://www.openssl.org/~appro/cryptogams/. @@ -56,15 +56,15 @@ $flavour = shift || "o32"; # supported flavours are o32,n32,64,nubi32,nubi64 if ($flavour =~ /64|n32/i) { - $PTR_ADD="dadd"; # incidentally works even on n32 - $PTR_SUB="dsub"; # incidentally works even on n32 + $PTR_ADD="daddu"; # incidentally works even on n32 + $PTR_SUB="dsubu"; # incidentally works even on n32 $REG_S="sd"; $REG_L="ld"; $PTR_SLL="dsll"; # incidentally works even on n32 $SZREG=8; } else { - $PTR_ADD="add"; - $PTR_SUB="sub"; + $PTR_ADD="addu"; + $PTR_SUB="subu"; $REG_S="sw"; $REG_L="lw"; $PTR_SLL="sll"; @@ -75,7 +75,7 @@ # ###################################################################### -$big_endian=(`echo MIPSEL | $ENV{CC} -E -`=~/MIPSEL/)?1:0 if ($ENV{CC}); +$big_endian=(`echo MIPSEB | $ENV{CC} -E -`=~/MIPSEB/)?0:1 if ($ENV{CC}); for (@ARGV) { $output=$_ if (/\w[\w\-]*\.\w+$/); } open STDOUT,">$output"; @@ -126,10 +126,14 @@ sub BODY_00_14 { addu $e,$K # $i xor $t0,$c,$d rotr $t1,$a,27 - lwl @X[$j],$j*4+$MSB($inp) and $t0,$b addu $e,$t1 +#if defined(_MIPS_ARCH_MIPS32R6) || defined(_MIPS_ARCH_MIPS64R6) + lw @X[$j],$j*4($inp) +#else + lwl @X[$j],$j*4+$MSB($inp) lwr @X[$j],$j*4+$LSB($inp) +#endif xor $t0,$d addu $e,@X[$i] rotr $b,$b,2 @@ -336,13 +340,7 @@ sub BODY_40_59 { $SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? "0xc0fff008" : "0xc0ff0000"; $code=<<___; -#ifdef OPENSSL_FIPSCANISTER -# include -#endif - -#if defined(__mips_smartmips) && !defined(_MIPS_ARCH_MIPS32R2) -#define _MIPS_ARCH_MIPS32R2 -#endif +#include "mips_arch.h" .text @@ -387,10 +385,16 @@ sub BODY_40_59 { .align 4 .Loop: .set reorder +#if defined(_MIPS_ARCH_MIPS32R6) || defined(_MIPS_ARCH_MIPS64R6) + lui $K,0x5a82 + lw @X[0],($inp) + ori $K,0x7999 # K_00_19 +#else lwl @X[0],$MSB($inp) lui $K,0x5a82 lwr @X[0],$LSB($inp) ori $K,0x7999 # K_00_19 +#endif ___ for ($i=0;$i<15;$i++) { &BODY_00_14($i,@V); unshift(@V,pop(@V)); } for (;$i<20;$i++) { &BODY_15_19($i,@V); unshift(@V,pop(@V)); } diff --git a/deps/openssl/openssl/crypto/sha/asm/sha1-parisc.pl b/deps/openssl/openssl/crypto/sha/asm/sha1-parisc.pl index a85d126ff06091..b001be16a23cd1 100644 --- a/deps/openssl/openssl/crypto/sha/asm/sha1-parisc.pl +++ b/deps/openssl/openssl/crypto/sha/asm/sha1-parisc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -8,7 +8,7 @@ # ==================================================================== -# Written by Andy Polyakov for the OpenSSL +# Written by Andy Polyakov for the OpenSSL # project. The module is, however, dual licensed under OpenSSL and # CRYPTOGAMS licenses depending on where you obtain it. For further # details see http://www.openssl.org/~appro/cryptogams/. @@ -260,8 +260,20 @@ sub BODY_40_59 { .STRINGZ "SHA1 block transform for PA-RISC, CRYPTOGAMS by " ___ -$code =~ s/\`([^\`]*)\`/eval $1/gem; -$code =~ s/,\*/,/gm if ($SIZE_T==4); -$code =~ s/\bbv\b/bve/gm if ($SIZE_T==8); -print $code; +if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` + =~ /GNU assembler/) { + $gnuas = 1; +} + +foreach(split("\n",$code)) { + s/\`([^\`]*)\`/eval $1/ge; + + s/(\.LEVEL\s+2\.0)W/$1w/ if ($gnuas && $SIZE_T==8); + s/\.SPACE\s+\$TEXT\$/.text/ if ($gnuas && $SIZE_T==8); + s/\.SUBSPA.*// if ($gnuas && $SIZE_T==8); + s/,\*/,/ if ($SIZE_T==4); + s/\bbv\b/bve/ if ($SIZE_T==8); + + print $_,"\n"; +} close STDOUT; diff --git a/deps/openssl/openssl/crypto/sha/asm/sha1-ppc.pl b/deps/openssl/openssl/crypto/sha/asm/sha1-ppc.pl index add5a9ea5c97b6..0cda0a3e151755 100755 --- a/deps/openssl/openssl/crypto/sha/asm/sha1-ppc.pl +++ b/deps/openssl/openssl/crypto/sha/asm/sha1-ppc.pl @@ -8,7 +8,7 @@ # ==================================================================== -# Written by Andy Polyakov for the OpenSSL +# Written by Andy Polyakov for the OpenSSL # project. The module is, however, dual licensed under OpenSSL and # CRYPTOGAMS licenses depending on where you obtain it. For further # details see http://www.openssl.org/~appro/cryptogams/. diff --git a/deps/openssl/openssl/crypto/sha/asm/sha1-s390x.pl b/deps/openssl/openssl/crypto/sha/asm/sha1-s390x.pl index 79df1ffdad616b..5729c30898771f 100644 --- a/deps/openssl/openssl/crypto/sha/asm/sha1-s390x.pl +++ b/deps/openssl/openssl/crypto/sha/asm/sha1-s390x.pl @@ -8,7 +8,7 @@ # ==================================================================== -# Written by Andy Polyakov for the OpenSSL +# Written by Andy Polyakov for the OpenSSL # project. The module is, however, dual licensed under OpenSSL and # CRYPTOGAMS licenses depending on where you obtain it. For further # details see http://www.openssl.org/~appro/cryptogams/. @@ -160,6 +160,8 @@ sub BODY_40_59 { } $code.=<<___; +#include "s390x_arch.h" + .text .align 64 .type Ktable,\@object @@ -172,7 +174,7 @@ sub BODY_40_59 { ___ $code.=<<___ if ($kimdfunc); larl %r1,OPENSSL_s390xcap_P - lg %r0,16(%r1) # check kimd capabilities + lg %r0,S390X_KIMD(%r1) # check kimd capabilities tmhh %r0,`0x8000>>$kimdfunc` jz .Lsoftware lghi %r0,$kimdfunc diff --git a/deps/openssl/openssl/crypto/sha/asm/sha1-sparcv9.pl b/deps/openssl/openssl/crypto/sha/asm/sha1-sparcv9.pl index 7437ff4f05fa5b..3e612e3d5f68f7 100644 --- a/deps/openssl/openssl/crypto/sha/asm/sha1-sparcv9.pl +++ b/deps/openssl/openssl/crypto/sha/asm/sha1-sparcv9.pl @@ -8,12 +8,12 @@ # ==================================================================== -# Written by Andy Polyakov for the OpenSSL +# Written by Andy Polyakov for the OpenSSL # project. The module is, however, dual licensed under OpenSSL and # CRYPTOGAMS licenses depending on where you obtain it. For further # details see http://www.openssl.org/~appro/cryptogams/. # -# Hardware SPARC T4 support by David S. Miller . +# Hardware SPARC T4 support by David S. Miller # ==================================================================== # Performance improvement is not really impressive on pre-T1 CPU: +8% @@ -227,7 +227,7 @@ sub BODY_40_59 { ldd [%o1 + 0x20], %f16 ldd [%o1 + 0x28], %f18 ldd [%o1 + 0x30], %f20 - subcc %o2, 1, %o2 ! done yet? + subcc %o2, 1, %o2 ! done yet? ldd [%o1 + 0x38], %f22 add %o1, 0x40, %o1 prefetch [%o1 + 63], 20 diff --git a/deps/openssl/openssl/crypto/sha/asm/sha1-sparcv9a.pl b/deps/openssl/openssl/crypto/sha/asm/sha1-sparcv9a.pl index f9ed5630e828f9..50d3e136a12db4 100644 --- a/deps/openssl/openssl/crypto/sha/asm/sha1-sparcv9a.pl +++ b/deps/openssl/openssl/crypto/sha/asm/sha1-sparcv9a.pl @@ -8,7 +8,7 @@ # ==================================================================== -# Written by Andy Polyakov for the OpenSSL +# Written by Andy Polyakov for the OpenSSL # project. The module is, however, dual licensed under OpenSSL and # CRYPTOGAMS licenses depending on where you obtain it. For further # details see http://www.openssl.org/~appro/cryptogams/. @@ -519,7 +519,7 @@ sub BODY_70_79 { mov $Cctx,$C mov $Dctx,$D mov $Ectx,$E - alignaddr %g0,$tmp0,%g0 + alignaddr %g0,$tmp0,%g0 dec 1,$len ba .Loop mov $nXfer,$Xfer diff --git a/deps/openssl/openssl/crypto/sha/asm/sha1-thumb.pl b/deps/openssl/openssl/crypto/sha/asm/sha1-thumb.pl index 661fd9f9ff2750..ac74a25d6ead1e 100644 --- a/deps/openssl/openssl/crypto/sha/asm/sha1-thumb.pl +++ b/deps/openssl/openssl/crypto/sha/asm/sha1-thumb.pl @@ -8,7 +8,7 @@ # ==================================================================== -# Written by Andy Polyakov for the OpenSSL +# Written by Andy Polyakov for the OpenSSL # project. The module is, however, dual licensed under OpenSSL and # CRYPTOGAMS licenses depending on where you obtain it. For further # details see http://www.openssl.org/~appro/cryptogams/. @@ -21,7 +21,7 @@ # The code does not present direct interest to OpenSSL, because of low # performance. Its purpose is to establish _size_ benchmark. Pretty # useless one I must say, because 30% or 88 bytes larger ARMv4 code -# [avialable on demand] is almost _twice_ as fast. It should also be +# [available on demand] is almost _twice_ as fast. It should also be # noted that in-lining of .Lcommon and .Lrotate improves performance # by over 40%, while code increases by only 10% or 32 bytes. But once # again, the goal was to establish _size_ benchmark, not performance. diff --git a/deps/openssl/openssl/crypto/sha/asm/sha1-x86_64.pl b/deps/openssl/openssl/crypto/sha/asm/sha1-x86_64.pl index 6a3378ba4cc12f..60819f61867c52 100755 --- a/deps/openssl/openssl/crypto/sha/asm/sha1-x86_64.pl +++ b/deps/openssl/openssl/crypto/sha/asm/sha1-x86_64.pl @@ -82,9 +82,11 @@ # Haswell 5.45 4.15/+31% 3.57/+53% # Skylake 5.18 4.06/+28% 3.54/+46% # Bulldozer 9.11 5.95/+53% +# Ryzen 4.75 3.80/+24% 1.93/+150%(**) # VIA Nano 9.32 7.15/+30% # Atom 10.3 9.17/+12% # Silvermont 13.1(*) 9.37/+40% +# Knights L 13.2(*) 9.68/+36% 8.30/+59% # Goldmont 8.13 6.42/+27% 1.70/+380%(**) # # (*) obviously suboptimal result, nothing was done about it, @@ -257,6 +259,7 @@ sub BODY_40_59 { .type sha1_block_data_order,\@function,3 .align 16 sha1_block_data_order: +.cfi_startproc mov OPENSSL_ia32cap_P+0(%rip),%r9d mov OPENSSL_ia32cap_P+4(%rip),%r8d mov OPENSSL_ia32cap_P+8(%rip),%r10d @@ -264,7 +267,7 @@ sub BODY_40_59 { jz .Lialu ___ $code.=<<___ if ($shaext); - test \$`1<<29`,%r10d # check SHA bit + test \$`1<<29`,%r10d # check SHA bit jnz _shaext_shortcut ___ $code.=<<___ if ($avx>1); @@ -285,17 +288,24 @@ sub BODY_40_59 { .align 16 .Lialu: mov %rsp,%rax +.cfi_def_cfa_register %rax push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 mov %rdi,$ctx # reassigned argument sub \$`8+16*4`,%rsp mov %rsi,$inp # reassigned argument and \$-64,%rsp mov %rdx,$num # reassigned argument mov %rax,`16*4`(%rsp) +.cfi_cfa_expression %rsp+64,deref,+8 .Lprologue: mov 0($ctx),$A @@ -329,14 +339,22 @@ sub BODY_40_59 { jnz .Lloop mov `16*4`(%rsp),%rsi +.cfi_def_cfa %rsi,8 mov -40(%rsi),%r14 +.cfi_restore %r14 mov -32(%rsi),%r13 +.cfi_restore %r13 mov -24(%rsi),%r12 +.cfi_restore %r12 mov -16(%rsi),%rbp +.cfi_restore %rbp mov -8(%rsi),%rbx +.cfi_restore %rbx lea (%rsi),%rsp +.cfi_def_cfa_register %rsp .Lepilogue: ret +.cfi_endproc .size sha1_block_data_order,.-sha1_block_data_order ___ if ($shaext) {{{ @@ -352,6 +370,7 @@ sub BODY_40_59 { .align 32 sha1_block_data_order_shaext: _shaext_shortcut: +.cfi_startproc ___ $code.=<<___ if ($win64); lea `-8-4*16`(%rsp),%rsp @@ -449,6 +468,7 @@ sub BODY_40_59 { .Lepilogue_shaext: ___ $code.=<<___; +.cfi_endproc ret .size sha1_block_data_order_shaext,.-sha1_block_data_order_shaext ___ @@ -462,7 +482,8 @@ sub BODY_40_59 { my @T=("%esi","%edi"); my $j=0; my $rx=0; -my $K_XX_XX="%r11"; +my $K_XX_XX="%r14"; +my $fp="%r11"; my $_rol=sub { &rol(@_) }; my $_ror=sub { &ror(@_) }; @@ -483,25 +504,31 @@ () .align 16 sha1_block_data_order_ssse3: _ssse3_shortcut: - mov %rsp,%rax +.cfi_startproc + mov %rsp,$fp # frame pointer +.cfi_def_cfa_register $fp push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 # redundant, done to share Win64 SE handler +.cfi_push %r13 push %r14 +.cfi_push %r14 lea `-64-($win64?6*16:0)`(%rsp),%rsp ___ $code.=<<___ if ($win64); - movaps %xmm6,-40-6*16(%rax) - movaps %xmm7,-40-5*16(%rax) - movaps %xmm8,-40-4*16(%rax) - movaps %xmm9,-40-3*16(%rax) - movaps %xmm10,-40-2*16(%rax) - movaps %xmm11,-40-1*16(%rax) + movaps %xmm6,-40-6*16($fp) + movaps %xmm7,-40-5*16($fp) + movaps %xmm8,-40-4*16($fp) + movaps %xmm9,-40-3*16($fp) + movaps %xmm10,-40-2*16($fp) + movaps %xmm11,-40-1*16($fp) .Lprologue_ssse3: ___ $code.=<<___; - mov %rax,%r14 # original %rsp and \$-64,%rsp mov %rdi,$ctx # reassigned argument mov %rsi,$inp # reassigned argument @@ -908,23 +935,29 @@ () mov $E,16($ctx) ___ $code.=<<___ if ($win64); - movaps -40-6*16(%r14),%xmm6 - movaps -40-5*16(%r14),%xmm7 - movaps -40-4*16(%r14),%xmm8 - movaps -40-3*16(%r14),%xmm9 - movaps -40-2*16(%r14),%xmm10 - movaps -40-1*16(%r14),%xmm11 + movaps -40-6*16($fp),%xmm6 + movaps -40-5*16($fp),%xmm7 + movaps -40-4*16($fp),%xmm8 + movaps -40-3*16($fp),%xmm9 + movaps -40-2*16($fp),%xmm10 + movaps -40-1*16($fp),%xmm11 ___ $code.=<<___; - lea (%r14),%rsi - mov -40(%rsi),%r14 - mov -32(%rsi),%r13 - mov -24(%rsi),%r12 - mov -16(%rsi),%rbp - mov -8(%rsi),%rbx - lea (%rsi),%rsp + mov -40($fp),%r14 +.cfi_restore %r14 + mov -32($fp),%r13 +.cfi_restore %r13 + mov -24($fp),%r12 +.cfi_restore %r12 + mov -16($fp),%rbp +.cfi_restore %rbp + mov -8($fp),%rbx +.cfi_restore %rbx + lea ($fp),%rsp +.cfi_def_cfa_register %rsp .Lepilogue_ssse3: ret +.cfi_endproc .size sha1_block_data_order_ssse3,.-sha1_block_data_order_ssse3 ___ @@ -945,26 +978,32 @@ () .align 16 sha1_block_data_order_avx: _avx_shortcut: - mov %rsp,%rax +.cfi_startproc + mov %rsp,$fp +.cfi_def_cfa_register $fp push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 # redundant, done to share Win64 SE handler +.cfi_push %r13 push %r14 +.cfi_push %r14 lea `-64-($win64?6*16:0)`(%rsp),%rsp vzeroupper ___ $code.=<<___ if ($win64); - vmovaps %xmm6,-40-6*16(%rax) - vmovaps %xmm7,-40-5*16(%rax) - vmovaps %xmm8,-40-4*16(%rax) - vmovaps %xmm9,-40-3*16(%rax) - vmovaps %xmm10,-40-2*16(%rax) - vmovaps %xmm11,-40-1*16(%rax) + vmovaps %xmm6,-40-6*16($fp) + vmovaps %xmm7,-40-5*16($fp) + vmovaps %xmm8,-40-4*16($fp) + vmovaps %xmm9,-40-3*16($fp) + vmovaps %xmm10,-40-2*16($fp) + vmovaps %xmm11,-40-1*16($fp) .Lprologue_avx: ___ $code.=<<___; - mov %rax,%r14 # original %rsp and \$-64,%rsp mov %rdi,$ctx # reassigned argument mov %rsi,$inp # reassigned argument @@ -1272,23 +1311,29 @@ () mov $E,16($ctx) ___ $code.=<<___ if ($win64); - movaps -40-6*16(%r14),%xmm6 - movaps -40-5*16(%r14),%xmm7 - movaps -40-4*16(%r14),%xmm8 - movaps -40-3*16(%r14),%xmm9 - movaps -40-2*16(%r14),%xmm10 - movaps -40-1*16(%r14),%xmm11 + movaps -40-6*16($fp),%xmm6 + movaps -40-5*16($fp),%xmm7 + movaps -40-4*16($fp),%xmm8 + movaps -40-3*16($fp),%xmm9 + movaps -40-2*16($fp),%xmm10 + movaps -40-1*16($fp),%xmm11 ___ $code.=<<___; - lea (%r14),%rsi - mov -40(%rsi),%r14 - mov -32(%rsi),%r13 - mov -24(%rsi),%r12 - mov -16(%rsi),%rbp - mov -8(%rsi),%rbx - lea (%rsi),%rsp + mov -40($fp),%r14 +.cfi_restore %r14 + mov -32($fp),%r13 +.cfi_restore %r13 + mov -24($fp),%r12 +.cfi_restore %r12 + mov -16($fp),%rbp +.cfi_restore %rbp + mov -8($fp),%rbx +.cfi_restore %rbx + lea ($fp),%rsp +.cfi_def_cfa_register %rsp .Lepilogue_avx: ret +.cfi_endproc .size sha1_block_data_order_avx,.-sha1_block_data_order_avx ___ @@ -1312,26 +1357,32 @@ () .align 16 sha1_block_data_order_avx2: _avx2_shortcut: - mov %rsp,%rax +.cfi_startproc + mov %rsp,$fp +.cfi_def_cfa_register $fp push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 vzeroupper ___ $code.=<<___ if ($win64); lea -6*16(%rsp),%rsp - vmovaps %xmm6,-40-6*16(%rax) - vmovaps %xmm7,-40-5*16(%rax) - vmovaps %xmm8,-40-4*16(%rax) - vmovaps %xmm9,-40-3*16(%rax) - vmovaps %xmm10,-40-2*16(%rax) - vmovaps %xmm11,-40-1*16(%rax) + vmovaps %xmm6,-40-6*16($fp) + vmovaps %xmm7,-40-5*16($fp) + vmovaps %xmm8,-40-4*16($fp) + vmovaps %xmm9,-40-3*16($fp) + vmovaps %xmm10,-40-2*16($fp) + vmovaps %xmm11,-40-1*16($fp) .Lprologue_avx2: ___ $code.=<<___; - mov %rax,%r14 # original %rsp mov %rdi,$ctx # reassigned argument mov %rsi,$inp # reassigned argument mov %rdx,$num # reassigned argument @@ -1751,23 +1802,29 @@ () vzeroupper ___ $code.=<<___ if ($win64); - movaps -40-6*16(%r14),%xmm6 - movaps -40-5*16(%r14),%xmm7 - movaps -40-4*16(%r14),%xmm8 - movaps -40-3*16(%r14),%xmm9 - movaps -40-2*16(%r14),%xmm10 - movaps -40-1*16(%r14),%xmm11 + movaps -40-6*16($fp),%xmm6 + movaps -40-5*16($fp),%xmm7 + movaps -40-4*16($fp),%xmm8 + movaps -40-3*16($fp),%xmm9 + movaps -40-2*16($fp),%xmm10 + movaps -40-1*16($fp),%xmm11 ___ $code.=<<___; - lea (%r14),%rsi - mov -40(%rsi),%r14 - mov -32(%rsi),%r13 - mov -24(%rsi),%r12 - mov -16(%rsi),%rbp - mov -8(%rsi),%rbx - lea (%rsi),%rsp + mov -40($fp),%r14 +.cfi_restore %r14 + mov -32($fp),%r13 +.cfi_restore %r13 + mov -24($fp),%r12 +.cfi_restore %r12 + mov -16($fp),%rbp +.cfi_restore %rbp + mov -8($fp),%rbx +.cfi_restore %rbx + lea ($fp),%rsp +.cfi_def_cfa_register %rsp .Lepilogue_avx2: ret +.cfi_endproc .size sha1_block_data_order_avx2,.-sha1_block_data_order_avx2 ___ } @@ -1908,15 +1965,13 @@ () cmp %r10,%rbx # context->RipRsp + mov 208($context),%rax # pull context->R11 mov 4(%r11),%r10d # HandlerData[1] lea (%rsi,%r10),%r10 # epilogue label cmp %r10,%rbx # context->Rip>=epilogue label jae .Lcommon_seh_tail - mov 232($context),%rax # pull context->R14 - lea -40-6*16(%rax),%rsi lea 512($context),%rdi # &context.Xmm6 mov \$12,%ecx @@ -1929,9 +1984,9 @@ () mov -40(%rax),%r14 mov %rbx,144($context) # restore context->Rbx mov %rbp,160($context) # restore context->Rbp - mov %r12,216($context) # restore cotnext->R12 - mov %r13,224($context) # restore cotnext->R13 - mov %r14,232($context) # restore cotnext->R14 + mov %r12,216($context) # restore context->R12 + mov %r13,224($context) # restore context->R13 + mov %r14,232($context) # restore context->R14 .Lcommon_seh_tail: mov 8(%rax),%rdi diff --git a/deps/openssl/openssl/crypto/sha/asm/sha256-586.pl b/deps/openssl/openssl/crypto/sha/asm/sha256-586.pl index 72ee0c7b83db91..dccc771ad584b8 100644 --- a/deps/openssl/openssl/crypto/sha/asm/sha256-586.pl +++ b/deps/openssl/openssl/crypto/sha/asm/sha256-586.pl @@ -18,7 +18,7 @@ # # Performance improvement over compiler generated code varies from # 10% to 40% [see below]. Not very impressive on some µ-archs, but -# it's 5 times smaller and optimizies amount of writes. +# it's 5 times smaller and optimizes amount of writes. # # May 2012. # @@ -47,7 +47,7 @@ # # Performance in clock cycles per processed byte (less is better): # -# gcc icc x86 asm(*) SIMD x86_64 asm(**) +# gcc icc x86 asm(*) SIMD x86_64 asm(**) # Pentium 46 57 40/38 - - # PIII 36 33 27/24 - - # P4 41 38 28 - 17.3 @@ -57,14 +57,17 @@ # Sandy Bridge 25 - 15.9 12.4 11.6 # Ivy Bridge 24 - 15.0 11.4 10.3 # Haswell 22 - 13.9 9.46 7.80 +# Skylake 20 - 14.9 9.50 7.70 # Bulldozer 36 - 27/22 17.0 13.6 # VIA Nano 36 - 25/22 16.8 16.5 # Atom 50 - 30/25 21.9 18.9 # Silvermont 40 - 34/31 22.9 20.6 +# Goldmont 29 - 20 16.3(***) # # (*) numbers after slash are for unrolled loop, where applicable; # (**) x86_64 assembly performance is presented for reference # purposes, results are best-available; +# (***) SHAEXT result is 4.1, strangely enough better than 64-bit one; $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; push(@INC,"${dir}","${dir}../../perlasm"); @@ -73,7 +76,7 @@ $output=pop; open STDOUT,">$output"; -&asm_init($ARGV[0],"sha512-586.pl",$ARGV[$#ARGV] eq "386"); +&asm_init($ARGV[0],$ARGV[$#ARGV] eq "386"); $xmm=$avx=0; for (@ARGV) { $xmm=1 if (/-DOPENSSL_IA32_SSE2/); } @@ -276,7 +279,7 @@ () &mov ($Coff,"ecx"); &mov ($Doff,"edi"); &mov (&DWP(0,"esp"),"ebx"); # magic - &mov ($E,&DWP(16,"esi")); + &mov ($E,&DWP(16,"esi")); &mov ("ebx",&DWP(20,"esi")); &mov ("ecx",&DWP(24,"esi")); &mov ("edi",&DWP(28,"esi")); @@ -385,7 +388,7 @@ () &xor ($AH[1],"ecx"); # magic &mov (&DWP(8,"esp"),"ecx"); &mov (&DWP(12,"esp"),"ebx"); - &mov ($E,&DWP(16,"esi")); + &mov ($E,&DWP(16,"esi")); &mov ("ebx",&DWP(20,"esi")); &mov ("ecx",&DWP(24,"esi")); &mov ("esi",&DWP(28,"esi")); diff --git a/deps/openssl/openssl/crypto/sha/asm/sha256-mb-x86_64.pl b/deps/openssl/openssl/crypto/sha/asm/sha256-mb-x86_64.pl index fbcd29f2e89129..73978dbd81d6b2 100644 --- a/deps/openssl/openssl/crypto/sha/asm/sha256-mb-x86_64.pl +++ b/deps/openssl/openssl/crypto/sha/asm/sha256-mb-x86_64.pl @@ -36,7 +36,7 @@ # (iii) "this" is for n=8, when we gather twice as much data, result # for n=4 is 20.3+4.44=24.7; # (iv) presented improvement coefficients are asymptotic limits and -# in real-life application are somewhat lower, e.g. for 2KB +# in real-life application are somewhat lower, e.g. for 2KB # fragments they range from 75% to 130% (on Haswell); $flavour = shift; @@ -244,6 +244,7 @@ sub ROUND_16_XX { .type sha256_multi_block,\@function,3 .align 32 sha256_multi_block: +.cfi_startproc mov OPENSSL_ia32cap_P+4(%rip),%rcx bt \$61,%rcx # check SHA bit jc _shaext_shortcut @@ -254,8 +255,11 @@ sub ROUND_16_XX { ___ $code.=<<___; mov %rsp,%rax +.cfi_def_cfa_register %rax push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp ___ $code.=<<___ if ($win64); lea -0xa8(%rsp),%rsp @@ -274,6 +278,7 @@ sub ROUND_16_XX { sub \$`$REG_SZ*18`, %rsp and \$-256,%rsp mov %rax,`$REG_SZ*17`(%rsp) # original %rsp +.cfi_cfa_expression %rsp+`$REG_SZ*17`,deref,+8 .Lbody: lea K256+128(%rip),$Tbl lea `$REG_SZ*16`(%rsp),%rbx @@ -391,6 +396,7 @@ sub ROUND_16_XX { .Ldone: mov `$REG_SZ*17`(%rsp),%rax # original %rsp +.cfi_def_cfa %rax,8 ___ $code.=<<___ if ($win64); movaps -0xb8(%rax),%xmm6 @@ -406,10 +412,14 @@ sub ROUND_16_XX { ___ $code.=<<___; mov -16(%rax),%rbp +.cfi_restore %rbp mov -8(%rax),%rbx +.cfi_restore %rbx lea (%rax),%rsp +.cfi_def_cfa_register %rsp .Lepilogue: ret +.cfi_endproc .size sha256_multi_block,.-sha256_multi_block ___ {{{ @@ -421,10 +431,14 @@ sub ROUND_16_XX { .type sha256_multi_block_shaext,\@function,3 .align 32 sha256_multi_block_shaext: +.cfi_startproc _shaext_shortcut: mov %rsp,%rax +.cfi_def_cfa_register %rax push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp ___ $code.=<<___ if ($win64); lea -0xa8(%rsp),%rsp @@ -758,10 +772,14 @@ sub ROUND_16_XX { ___ $code.=<<___; mov -16(%rax),%rbp +.cfi_restore %rbp mov -8(%rax),%rbx +.cfi_restore %rbx lea (%rax),%rsp +.cfi_def_cfa_register %rsp .Lepilogue_shaext: ret +.cfi_endproc .size sha256_multi_block_shaext,.-sha256_multi_block_shaext ___ }}} @@ -921,6 +939,7 @@ sub ROUND_16_XX_avx { .type sha256_multi_block_avx,\@function,3 .align 32 sha256_multi_block_avx: +.cfi_startproc _avx_shortcut: ___ $code.=<<___ if ($avx>1); @@ -935,8 +954,11 @@ sub ROUND_16_XX_avx { ___ $code.=<<___; mov %rsp,%rax +.cfi_def_cfa_register %rax push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp ___ $code.=<<___ if ($win64); lea -0xa8(%rsp),%rsp @@ -955,6 +977,7 @@ sub ROUND_16_XX_avx { sub \$`$REG_SZ*18`, %rsp and \$-256,%rsp mov %rax,`$REG_SZ*17`(%rsp) # original %rsp +.cfi_cfa_expression %rsp+`$REG_SZ*17`,deref,+8 .Lbody_avx: lea K256+128(%rip),$Tbl lea `$REG_SZ*16`(%rsp),%rbx @@ -1070,6 +1093,7 @@ sub ROUND_16_XX_avx { .Ldone_avx: mov `$REG_SZ*17`(%rsp),%rax # original %rsp +.cfi_def_cfa %rax,8 vzeroupper ___ $code.=<<___ if ($win64); @@ -1086,10 +1110,14 @@ sub ROUND_16_XX_avx { ___ $code.=<<___; mov -16(%rax),%rbp +.cfi_restore %rbp mov -8(%rax),%rbx +.cfi_restore %rbx lea (%rax),%rsp +.cfi_def_cfa_register %rsp .Lepilogue_avx: ret +.cfi_endproc .size sha256_multi_block_avx,.-sha256_multi_block_avx ___ if ($avx>1) { @@ -1105,14 +1133,22 @@ sub ROUND_16_XX_avx { .type sha256_multi_block_avx2,\@function,3 .align 32 sha256_multi_block_avx2: +.cfi_startproc _avx2_shortcut: mov %rsp,%rax +.cfi_def_cfa_register %rax push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 ___ $code.=<<___ if ($win64); lea -0xa8(%rsp),%rsp @@ -1131,6 +1167,7 @@ sub ROUND_16_XX_avx { sub \$`$REG_SZ*18`, %rsp and \$-256,%rsp mov %rax,`$REG_SZ*17`(%rsp) # original %rsp +.cfi_cfa_expression %rsp+`$REG_SZ*17`,deref,+8 .Lbody_avx2: lea K256+128(%rip),$Tbl lea 0x80($ctx),$ctx # size optimization @@ -1246,6 +1283,7 @@ sub ROUND_16_XX_avx { .Ldone_avx2: mov `$REG_SZ*17`(%rsp),%rax # original %rsp +.cfi_def_cfa %rax,8 vzeroupper ___ $code.=<<___ if ($win64); @@ -1262,14 +1300,22 @@ sub ROUND_16_XX_avx { ___ $code.=<<___; mov -48(%rax),%r15 +.cfi_restore %r15 mov -40(%rax),%r14 +.cfi_restore %r14 mov -32(%rax),%r13 +.cfi_restore %r13 mov -24(%rax),%r12 +.cfi_restore %r12 mov -16(%rax),%rbp +.cfi_restore %rbp mov -8(%rax),%rbx +.cfi_restore %rbx lea (%rax),%rsp +.cfi_def_cfa_register %rsp .Lepilogue_avx2: ret +.cfi_endproc .size sha256_multi_block_avx2,.-sha256_multi_block_avx2 ___ } }}} @@ -1462,10 +1508,10 @@ sub TABLE { mov -48(%rax),%r15 mov %rbx,144($context) # restore context->Rbx mov %rbp,160($context) # restore context->Rbp - mov %r12,216($context) # restore cotnext->R12 - mov %r13,224($context) # restore cotnext->R13 - mov %r14,232($context) # restore cotnext->R14 - mov %r15,240($context) # restore cotnext->R15 + mov %r12,216($context) # restore context->R12 + mov %r13,224($context) # restore context->R13 + mov %r14,232($context) # restore context->R14 + mov %r15,240($context) # restore context->R15 lea -56-10*16(%rax),%rsi lea 512($context),%rdi # &context.Xmm6 diff --git a/deps/openssl/openssl/crypto/sha/asm/sha512-586.pl b/deps/openssl/openssl/crypto/sha/asm/sha512-586.pl index 3873934b698135..867ce30b97217d 100644 --- a/deps/openssl/openssl/crypto/sha/asm/sha512-586.pl +++ b/deps/openssl/openssl/crypto/sha/asm/sha512-586.pl @@ -32,6 +32,7 @@ # Sandy Bridge 58 - 35 11.9 11.2 # Ivy Bridge 50 - 33 11.5 8.17 # Haswell 46 - 29 11.3 7.66 +# Skylake 40 - 26 13.3 7.25 # Bulldozer 121 - 50 14.0 13.5 # VIA Nano 91 - 52 33 14.7 # Atom 126 - 68 48(***) 14.7 @@ -41,7 +42,7 @@ # (*) whichever best applicable. # (**) x86_64 assembler performance is presented for reference # purposes, the results are for integer-only code. -# (***) paddq is increadibly slow on Atom. +# (***) paddq is incredibly slow on Atom. # # IALU code-path is optimized for elder Pentiums. On vanilla Pentium # performance improvement over compiler generated code reaches ~60%, @@ -61,7 +62,7 @@ $output=pop; open STDOUT,">$output"; -&asm_init($ARGV[0],"sha512-586.pl",$ARGV[$#ARGV] eq "386"); +&asm_init($ARGV[0],$ARGV[$#ARGV] eq "386"); $sse2=0; for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } @@ -384,7 +385,7 @@ sub BODY_00_15_x86 { &set_label("16_79_sse2",16); for ($j=0;$j<2;$j++) { # 2x unroll - #&movq ("mm7",&QWP(8*(9+16-1),"esp")); # prefetched in BODY_00_15 + #&movq ("mm7",&QWP(8*(9+16-1),"esp")); # prefetched in BODY_00_15 &movq ("mm5",&QWP(8*(9+16-14),"esp")); &movq ("mm1","mm7"); &psrlq ("mm7",1); diff --git a/deps/openssl/openssl/crypto/sha/asm/sha512-armv8.pl b/deps/openssl/openssl/crypto/sha/asm/sha512-armv8.pl index c1aaf778f45a6e..ac84ebb52e4f72 100644 --- a/deps/openssl/openssl/crypto/sha/asm/sha512-armv8.pl +++ b/deps/openssl/openssl/crypto/sha/asm/sha512-armv8.pl @@ -1,17 +1,18 @@ #! /usr/bin/env perl -# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy # in the file LICENSE in the source distribution or at # https://www.openssl.org/source/license.html -# # ==================================================================== # Written by Andy Polyakov for the OpenSSL # project. The module is, however, dual licensed under OpenSSL and # CRYPTOGAMS licenses depending on where you obtain it. For further # details see http://www.openssl.org/~appro/cryptogams/. +# +# Permission to use under GPLv2 terms is granted. # ==================================================================== # # SHA256/512 for ARMv8. @@ -26,7 +27,8 @@ # Denver 2.01 10.5 (+26%) 6.70 (+8%) # X-Gene 20.0 (+100%) 12.8 (+300%(***)) # Mongoose 2.36 13.0 (+50%) 8.36 (+33%) -# +# Kryo 1.92 17.4 (+30%) 11.2 (+8%) +# # (*) Software SHA256 results are of lesser relevance, presented # mostly for informational purposes. # (**) The result is a trade-off: it's possible to improve it by @@ -34,19 +36,37 @@ # on Cortex-A53 (or by 4 cycles per round). # (***) Super-impressive coefficients over gcc-generated code are # indication of some compiler "pathology", most notably code -# generated with -mgeneral-regs-only is significanty faster +# generated with -mgeneral-regs-only is significantly faster # and the gap is only 40-90%. - -$flavour=shift; -$output=shift; - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or -die "can't locate arm-xlate.pl"; - -open OUT,"| \"$^X\" $xlate $flavour $output"; -*STDOUT=*OUT; +# +# October 2016. +# +# Originally it was reckoned that it makes no sense to implement NEON +# version of SHA256 for 64-bit processors. This is because performance +# improvement on most wide-spread Cortex-A5x processors was observed +# to be marginal, same on Cortex-A53 and ~10% on A57. But then it was +# observed that 32-bit NEON SHA256 performs significantly better than +# 64-bit scalar version on *some* of the more recent processors. As +# result 64-bit NEON version of SHA256 was added to provide best +# all-round performance. For example it executes ~30% faster on X-Gene +# and Mongoose. [For reference, NEON version of SHA512 is bound to +# deliver much less improvement, likely *negative* on Cortex-A5x. +# Which is why NEON support is limited to SHA256.] + +$output=pop; +$flavour=pop; + +if ($flavour && $flavour ne "void") { + $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; + ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or + ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or + die "can't locate arm-xlate.pl"; + + open OUT,"| \"$^X\" $xlate $flavour $output"; + *STDOUT=*OUT; +} else { + open STDOUT,">$output"; +} if ($output =~ /512/) { $BITS=512; @@ -83,7 +103,7 @@ sub BODY_00_xx { $T0=@X[$i+3] if ($i<11); $code.=<<___ if ($i<16); -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev @X[$i],@X[$i] // $i #endif ___ @@ -166,7 +186,9 @@ sub BODY_00_xx { } $code.=<<___; -#include "arm_arch.h" +#ifndef __KERNEL__ +# include "arm_arch.h" +#endif .text @@ -175,20 +197,28 @@ sub BODY_00_xx { .type $func,%function .align 6 $func: -___ -$code.=<<___ if ($SZ==4); -#ifdef __ILP32__ +#ifndef __KERNEL__ +# ifdef __ILP32__ ldrsw x16,.LOPENSSL_armcap_P -#else +# else ldr x16,.LOPENSSL_armcap_P -#endif +# endif adr x17,.LOPENSSL_armcap_P add x16,x16,x17 ldr w16,[x16] +___ +$code.=<<___ if ($SZ==4); tst w16,#ARMV8_SHA256 b.ne .Lv8_entry + tst w16,#ARMV7_NEON + b.ne .Lneon_entry +___ +$code.=<<___ if ($SZ==8); + tst w16,#ARMV8_SHA512 + b.ne .Lv8_entry ___ $code.=<<___; +#endif stp x29,x30,[sp,#-128]! add x29,sp,#0 @@ -321,12 +351,14 @@ sub BODY_00_xx { ___ $code.=<<___; .size .LK$BITS,.-.LK$BITS +#ifndef __KERNEL__ .align 3 .LOPENSSL_armcap_P: -#ifdef __ILP32__ +# ifdef __ILP32__ .long OPENSSL_armcap_P-. -#else +# else .quad OPENSSL_armcap_P-. +# endif #endif .asciz "SHA$BITS block transform for ARMv8, CRYPTOGAMS by " .align 2 @@ -341,6 +373,7 @@ sub BODY_00_xx { my ($ABCD_SAVE,$EFGH_SAVE)=("v18.16b","v19.16b"); $code.=<<___; +#ifndef __KERNEL__ .type sha256_block_armv8,%function .align 6 sha256_block_armv8: @@ -409,11 +442,406 @@ sub BODY_00_xx { ldr x29,[sp],#16 ret .size sha256_block_armv8,.-sha256_block_armv8 +#endif +___ +} + +if ($SZ==4) { ######################################### NEON stuff # +# You'll surely note a lot of similarities with sha256-armv4 module, +# and of course it's not a coincidence. sha256-armv4 was used as +# initial template, but was adapted for ARMv8 instruction set and +# extensively re-tuned for all-round performance. + +my @V = ($A,$B,$C,$D,$E,$F,$G,$H) = map("w$_",(3..10)); +my ($t0,$t1,$t2,$t3,$t4) = map("w$_",(11..15)); +my $Ktbl="x16"; +my $Xfer="x17"; +my @X = map("q$_",(0..3)); +my ($T0,$T1,$T2,$T3,$T4,$T5,$T6,$T7) = map("q$_",(4..7,16..19)); +my $j=0; + +sub AUTOLOAD() # thunk [simplified] x86-style perlasm +{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://; $opcode =~ s/_/\./; + my $arg = pop; + $arg = "#$arg" if ($arg*1 eq $arg); + $code .= "\t$opcode\t".join(',',@_,$arg)."\n"; +} + +sub Dscalar { shift =~ m|[qv]([0-9]+)|?"d$1":""; } +sub Dlo { shift =~ m|[qv]([0-9]+)|?"v$1.d[0]":""; } +sub Dhi { shift =~ m|[qv]([0-9]+)|?"v$1.d[1]":""; } + +sub Xupdate() +{ use integer; + my $body = shift; + my @insns = (&$body,&$body,&$body,&$body); + my ($a,$b,$c,$d,$e,$f,$g,$h); + + &ext_8 ($T0,@X[0],@X[1],4); # X[1..4] + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + &ext_8 ($T3,@X[2],@X[3],4); # X[9..12] + eval(shift(@insns)); + eval(shift(@insns)); + &mov (&Dscalar($T7),&Dhi(@X[3])); # X[14..15] + eval(shift(@insns)); + eval(shift(@insns)); + &ushr_32 ($T2,$T0,$sigma0[0]); + eval(shift(@insns)); + &ushr_32 ($T1,$T0,$sigma0[2]); + eval(shift(@insns)); + &add_32 (@X[0],@X[0],$T3); # X[0..3] += X[9..12] + eval(shift(@insns)); + &sli_32 ($T2,$T0,32-$sigma0[0]); + eval(shift(@insns)); + eval(shift(@insns)); + &ushr_32 ($T3,$T0,$sigma0[1]); + eval(shift(@insns)); + eval(shift(@insns)); + &eor_8 ($T1,$T1,$T2); + eval(shift(@insns)); + eval(shift(@insns)); + &sli_32 ($T3,$T0,32-$sigma0[1]); + eval(shift(@insns)); + eval(shift(@insns)); + &ushr_32 ($T4,$T7,$sigma1[0]); + eval(shift(@insns)); + eval(shift(@insns)); + &eor_8 ($T1,$T1,$T3); # sigma0(X[1..4]) + eval(shift(@insns)); + eval(shift(@insns)); + &sli_32 ($T4,$T7,32-$sigma1[0]); + eval(shift(@insns)); + eval(shift(@insns)); + &ushr_32 ($T5,$T7,$sigma1[2]); + eval(shift(@insns)); + eval(shift(@insns)); + &ushr_32 ($T3,$T7,$sigma1[1]); + eval(shift(@insns)); + eval(shift(@insns)); + &add_32 (@X[0],@X[0],$T1); # X[0..3] += sigma0(X[1..4]) + eval(shift(@insns)); + eval(shift(@insns)); + &sli_u32 ($T3,$T7,32-$sigma1[1]); + eval(shift(@insns)); + eval(shift(@insns)); + &eor_8 ($T5,$T5,$T4); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + &eor_8 ($T5,$T5,$T3); # sigma1(X[14..15]) + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + &add_32 (@X[0],@X[0],$T5); # X[0..1] += sigma1(X[14..15]) + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + &ushr_32 ($T6,@X[0],$sigma1[0]); + eval(shift(@insns)); + &ushr_32 ($T7,@X[0],$sigma1[2]); + eval(shift(@insns)); + eval(shift(@insns)); + &sli_32 ($T6,@X[0],32-$sigma1[0]); + eval(shift(@insns)); + &ushr_32 ($T5,@X[0],$sigma1[1]); + eval(shift(@insns)); + eval(shift(@insns)); + &eor_8 ($T7,$T7,$T6); + eval(shift(@insns)); + eval(shift(@insns)); + &sli_32 ($T5,@X[0],32-$sigma1[1]); + eval(shift(@insns)); + eval(shift(@insns)); + &ld1_32 ("{$T0}","[$Ktbl], #16"); + eval(shift(@insns)); + &eor_8 ($T7,$T7,$T5); # sigma1(X[16..17]) + eval(shift(@insns)); + eval(shift(@insns)); + &eor_8 ($T5,$T5,$T5); + eval(shift(@insns)); + eval(shift(@insns)); + &mov (&Dhi($T5), &Dlo($T7)); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + &add_32 (@X[0],@X[0],$T5); # X[2..3] += sigma1(X[16..17]) + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + &add_32 ($T0,$T0,@X[0]); + while($#insns>=1) { eval(shift(@insns)); } + &st1_32 ("{$T0}","[$Xfer], #16"); + eval(shift(@insns)); + + push(@X,shift(@X)); # "rotate" X[] +} + +sub Xpreload() +{ use integer; + my $body = shift; + my @insns = (&$body,&$body,&$body,&$body); + my ($a,$b,$c,$d,$e,$f,$g,$h); + + eval(shift(@insns)); + eval(shift(@insns)); + &ld1_8 ("{@X[0]}","[$inp],#16"); + eval(shift(@insns)); + eval(shift(@insns)); + &ld1_32 ("{$T0}","[$Ktbl],#16"); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + &rev32 (@X[0],@X[0]); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + &add_32 ($T0,$T0,@X[0]); + foreach (@insns) { eval; } # remaining instructions + &st1_32 ("{$T0}","[$Xfer], #16"); + + push(@X,shift(@X)); # "rotate" X[] +} + +sub body_00_15 () { + ( + '($a,$b,$c,$d,$e,$f,$g,$h)=@V;'. + '&add ($h,$h,$t1)', # h+=X[i]+K[i] + '&add ($a,$a,$t4);'. # h+=Sigma0(a) from the past + '&and ($t1,$f,$e)', + '&bic ($t4,$g,$e)', + '&eor ($t0,$e,$e,"ror#".($Sigma1[1]-$Sigma1[0]))', + '&add ($a,$a,$t2)', # h+=Maj(a,b,c) from the past + '&orr ($t1,$t1,$t4)', # Ch(e,f,g) + '&eor ($t0,$t0,$e,"ror#".($Sigma1[2]-$Sigma1[0]))', # Sigma1(e) + '&eor ($t4,$a,$a,"ror#".($Sigma0[1]-$Sigma0[0]))', + '&add ($h,$h,$t1)', # h+=Ch(e,f,g) + '&ror ($t0,$t0,"#$Sigma1[0]")', + '&eor ($t2,$a,$b)', # a^b, b^c in next round + '&eor ($t4,$t4,$a,"ror#".($Sigma0[2]-$Sigma0[0]))', # Sigma0(a) + '&add ($h,$h,$t0)', # h+=Sigma1(e) + '&ldr ($t1,sprintf "[sp,#%d]",4*(($j+1)&15)) if (($j&15)!=15);'. + '&ldr ($t1,"[$Ktbl]") if ($j==15);'. + '&and ($t3,$t3,$t2)', # (b^c)&=(a^b) + '&ror ($t4,$t4,"#$Sigma0[0]")', + '&add ($d,$d,$h)', # d+=h + '&eor ($t3,$t3,$b)', # Maj(a,b,c) + '$j++; unshift(@V,pop(@V)); ($t2,$t3)=($t3,$t2);' + ) +} + +$code.=<<___; +#ifdef __KERNEL__ +.globl sha256_block_neon +#endif +.type sha256_block_neon,%function +.align 4 +sha256_block_neon: +.Lneon_entry: + stp x29, x30, [sp, #-16]! + mov x29, sp + sub sp,sp,#16*4 + + adr $Ktbl,.LK256 + add $num,$inp,$num,lsl#6 // len to point at the end of inp + + ld1.8 {@X[0]},[$inp], #16 + ld1.8 {@X[1]},[$inp], #16 + ld1.8 {@X[2]},[$inp], #16 + ld1.8 {@X[3]},[$inp], #16 + ld1.32 {$T0},[$Ktbl], #16 + ld1.32 {$T1},[$Ktbl], #16 + ld1.32 {$T2},[$Ktbl], #16 + ld1.32 {$T3},[$Ktbl], #16 + rev32 @X[0],@X[0] // yes, even on + rev32 @X[1],@X[1] // big-endian + rev32 @X[2],@X[2] + rev32 @X[3],@X[3] + mov $Xfer,sp + add.32 $T0,$T0,@X[0] + add.32 $T1,$T1,@X[1] + add.32 $T2,$T2,@X[2] + st1.32 {$T0-$T1},[$Xfer], #32 + add.32 $T3,$T3,@X[3] + st1.32 {$T2-$T3},[$Xfer] + sub $Xfer,$Xfer,#32 + + ldp $A,$B,[$ctx] + ldp $C,$D,[$ctx,#8] + ldp $E,$F,[$ctx,#16] + ldp $G,$H,[$ctx,#24] + ldr $t1,[sp,#0] + mov $t2,wzr + eor $t3,$B,$C + mov $t4,wzr + b .L_00_48 + +.align 4 +.L_00_48: +___ + &Xupdate(\&body_00_15); + &Xupdate(\&body_00_15); + &Xupdate(\&body_00_15); + &Xupdate(\&body_00_15); +$code.=<<___; + cmp $t1,#0 // check for K256 terminator + ldr $t1,[sp,#0] + sub $Xfer,$Xfer,#64 + bne .L_00_48 + + sub $Ktbl,$Ktbl,#256 // rewind $Ktbl + cmp $inp,$num + mov $Xfer, #64 + csel $Xfer, $Xfer, xzr, eq + sub $inp,$inp,$Xfer // avoid SEGV + mov $Xfer,sp +___ + &Xpreload(\&body_00_15); + &Xpreload(\&body_00_15); + &Xpreload(\&body_00_15); + &Xpreload(\&body_00_15); +$code.=<<___; + add $A,$A,$t4 // h+=Sigma0(a) from the past + ldp $t0,$t1,[$ctx,#0] + add $A,$A,$t2 // h+=Maj(a,b,c) from the past + ldp $t2,$t3,[$ctx,#8] + add $A,$A,$t0 // accumulate + add $B,$B,$t1 + ldp $t0,$t1,[$ctx,#16] + add $C,$C,$t2 + add $D,$D,$t3 + ldp $t2,$t3,[$ctx,#24] + add $E,$E,$t0 + add $F,$F,$t1 + ldr $t1,[sp,#0] + stp $A,$B,[$ctx,#0] + add $G,$G,$t2 + mov $t2,wzr + stp $C,$D,[$ctx,#8] + add $H,$H,$t3 + stp $E,$F,[$ctx,#16] + eor $t3,$B,$C + stp $G,$H,[$ctx,#24] + mov $t4,wzr + mov $Xfer,sp + b.ne .L_00_48 + + ldr x29,[x29] + add sp,sp,#16*4+16 + ret +.size sha256_block_neon,.-sha256_block_neon ___ } +if ($SZ==8) { +my $Ktbl="x3"; + +my @H = map("v$_.16b",(0..4)); +my ($fg,$de,$m9_10)=map("v$_.16b",(5..7)); +my @MSG=map("v$_.16b",(16..23)); +my ($W0,$W1)=("v24.2d","v25.2d"); +my ($AB,$CD,$EF,$GH)=map("v$_.16b",(26..29)); + $code.=<<___; +#ifndef __KERNEL__ +.type sha512_block_armv8,%function +.align 6 +sha512_block_armv8: +.Lv8_entry: + stp x29,x30,[sp,#-16]! + add x29,sp,#0 + + ld1 {@MSG[0]-@MSG[3]},[$inp],#64 // load input + ld1 {@MSG[4]-@MSG[7]},[$inp],#64 + + ld1.64 {@H[0]-@H[3]},[$ctx] // load context + adr $Ktbl,.LK512 + + rev64 @MSG[0],@MSG[0] + rev64 @MSG[1],@MSG[1] + rev64 @MSG[2],@MSG[2] + rev64 @MSG[3],@MSG[3] + rev64 @MSG[4],@MSG[4] + rev64 @MSG[5],@MSG[5] + rev64 @MSG[6],@MSG[6] + rev64 @MSG[7],@MSG[7] + b .Loop_hw + +.align 4 +.Loop_hw: + ld1.64 {$W0},[$Ktbl],#16 + subs $num,$num,#1 + sub x4,$inp,#128 + orr $AB,@H[0],@H[0] // offload + orr $CD,@H[1],@H[1] + orr $EF,@H[2],@H[2] + orr $GH,@H[3],@H[3] + csel $inp,$inp,x4,ne // conditional rewind +___ +for($i=0;$i<32;$i++) { +$code.=<<___; + add.i64 $W0,$W0,@MSG[0] + ld1.64 {$W1},[$Ktbl],#16 + ext $W0,$W0,$W0,#8 + ext $fg,@H[2],@H[3],#8 + ext $de,@H[1],@H[2],#8 + add.i64 @H[3],@H[3],$W0 // "T1 + H + K512[i]" + sha512su0 @MSG[0],@MSG[1] + ext $m9_10,@MSG[4],@MSG[5],#8 + sha512h @H[3],$fg,$de + sha512su1 @MSG[0],@MSG[7],$m9_10 + add.i64 @H[4],@H[1],@H[3] // "D + T1" + sha512h2 @H[3],$H[1],@H[0] +___ + ($W0,$W1)=($W1,$W0); push(@MSG,shift(@MSG)); + @H = (@H[3],@H[0],@H[4],@H[2],@H[1]); +} +for(;$i<40;$i++) { +$code.=<<___ if ($i<39); + ld1.64 {$W1},[$Ktbl],#16 +___ +$code.=<<___ if ($i==39); + sub $Ktbl,$Ktbl,#$rounds*$SZ // rewind +___ +$code.=<<___; + add.i64 $W0,$W0,@MSG[0] + ld1 {@MSG[0]},[$inp],#16 // load next input + ext $W0,$W0,$W0,#8 + ext $fg,@H[2],@H[3],#8 + ext $de,@H[1],@H[2],#8 + add.i64 @H[3],@H[3],$W0 // "T1 + H + K512[i]" + sha512h @H[3],$fg,$de + rev64 @MSG[0],@MSG[0] + add.i64 @H[4],@H[1],@H[3] // "D + T1" + sha512h2 @H[3],$H[1],@H[0] +___ + ($W0,$W1)=($W1,$W0); push(@MSG,shift(@MSG)); + @H = (@H[3],@H[0],@H[4],@H[2],@H[1]); +} +$code.=<<___; + add.i64 @H[0],@H[0],$AB // accumulate + add.i64 @H[1],@H[1],$CD + add.i64 @H[2],@H[2],$EF + add.i64 @H[3],@H[3],$GH + + cbnz $num,.Loop_hw + + st1.64 {@H[0]-@H[3]},[$ctx] // store context + + ldr x29,[sp],#16 + ret +.size sha512_block_armv8,.-sha512_block_armv8 +#endif +___ +} + +$code.=<<___; +#ifndef __KERNEL__ .comm OPENSSL_armcap_P,4,4 +#endif ___ { my %opcode = ( @@ -431,14 +859,43 @@ sub BODY_00_xx { } } +{ my %opcode = ( + "sha512h" => 0xce608000, "sha512h2" => 0xce608400, + "sha512su0" => 0xcec08000, "sha512su1" => 0xce608800 ); + + sub unsha512 { + my ($mnemonic,$arg)=@_; + + $arg =~ m/[qv]([0-9]+)[^,]*,\s*[qv]([0-9]+)[^,]*(?:,\s*[qv]([0-9]+))?/o + && + sprintf ".inst\t0x%08x\t//%s %s", + $opcode{$mnemonic}|$1|($2<<5)|($3<<16), + $mnemonic,$arg; + } +} + +open SELF,$0; +while() { + next if (/^#!/); + last if (!s/^#/\/\// and !/^$/); + print; +} +close SELF; + foreach(split("\n",$code)) { - s/\`([^\`]*)\`/eval($1)/geo; + s/\`([^\`]*)\`/eval($1)/ge; + + s/\b(sha512\w+)\s+([qv].*)/unsha512($1,$2)/ge or + s/\b(sha256\w+)\s+([qv].*)/unsha256($1,$2)/ge; - s/\b(sha256\w+)\s+([qv].*)/unsha256($1,$2)/geo; + s/\bq([0-9]+)\b/v$1.16b/g; # old->new registers - s/\.\w?32\b//o and s/\.16b/\.4s/go; - m/(ld|st)1[^\[]+\[0\]/o and s/\.4s/\.s/go; + s/\.[ui]?8(\s)/$1/; + s/\.\w?64\b// and s/\.16b/\.2d/g or + s/\.\w?32\b// and s/\.16b/\.4s/g; + m/\bext\b/ and s/\.2d/\.16b/g or + m/(ld|st)1[^\[]+\[0\]/ and s/\.4s/\.s/g; print $_,"\n"; } diff --git a/deps/openssl/openssl/crypto/sha/asm/sha512-mips.pl b/deps/openssl/openssl/crypto/sha/asm/sha512-mips.pl index 5c2d23faaf6305..dab684dde5bc79 100644 --- a/deps/openssl/openssl/crypto/sha/asm/sha512-mips.pl +++ b/deps/openssl/openssl/crypto/sha/asm/sha512-mips.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -60,16 +60,16 @@ if ($flavour =~ /64|n32/i) { $PTR_LA="dla"; - $PTR_ADD="dadd"; # incidentally works even on n32 - $PTR_SUB="dsub"; # incidentally works even on n32 + $PTR_ADD="daddu"; # incidentally works even on n32 + $PTR_SUB="dsubu"; # incidentally works even on n32 $REG_S="sd"; $REG_L="ld"; $PTR_SLL="dsll"; # incidentally works even on n32 $SZREG=8; } else { $PTR_LA="la"; - $PTR_ADD="add"; - $PTR_SUB="sub"; + $PTR_ADD="addu"; + $PTR_SUB="subu"; $REG_S="sw"; $REG_L="lw"; $PTR_SLL="sll"; @@ -81,7 +81,7 @@ # ###################################################################### -$big_endian=(`echo MIPSEL | $ENV{CC} -E -`=~/MIPSEL/)?1:0 if ($ENV{CC}); +$big_endian=(`echo MIPSEB | $ENV{CC} -E -`=~/MIPSEB/)?0:1 if ($ENV{CC}); for (@ARGV) { $output=$_ if (/\w[\w\-]*\.\w+$/); } open STDOUT,">$output"; @@ -135,8 +135,12 @@ sub BODY_00_15 { my ($T1,$tmp0,$tmp1,$tmp2)=(@X[4],@X[5],@X[6],@X[7]); $code.=<<___ if ($i<15); +#if defined(_MIPS_ARCH_MIPS32R6) || defined(_MIPS_ARCH_MIPS64R6) + ${LD} @X[1],`($i+1)*$SZ`($inp) +#else ${LD}l @X[1],`($i+1)*$SZ+$MSB`($inp) ${LD}r @X[1],`($i+1)*$SZ+$LSB`($inp) +#endif ___ $code.=<<___ if (!$big_endian && $i<16 && $SZ==4); #if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2) @@ -298,13 +302,7 @@ sub BODY_16_XX { $SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? "0xc0fff008" : "0xc0ff0000"; $code.=<<___; -#ifdef OPENSSL_FIPSCANISTER -# include -#endif - -#if defined(__mips_smartmips) && !defined(_MIPS_ARCH_MIPS32R2) -#define _MIPS_ARCH_MIPS32R2 -#endif +#include "mips_arch.h" .text .set noat @@ -369,8 +367,12 @@ sub BODY_16_XX { .align 5 .Loop: +#if defined(_MIPS_ARCH_MIPS32R6) || defined(_MIPS_ARCH_MIPS64R6) + ${LD} @X[0],($inp) +#else ${LD}l @X[0],$MSB($inp) ${LD}r @X[0],$LSB($inp) +#endif ___ for ($i=0;$i<16;$i++) { &BODY_00_15($i,@V); unshift(@V,pop(@V)); push(@X,shift(@X)); } diff --git a/deps/openssl/openssl/crypto/sha/asm/sha512-parisc.pl b/deps/openssl/openssl/crypto/sha/asm/sha512-parisc.pl index fcb6157902c3b2..59eb320ab6ed93 100755 --- a/deps/openssl/openssl/crypto/sha/asm/sha512-parisc.pl +++ b/deps/openssl/openssl/crypto/sha/asm/sha512-parisc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -8,7 +8,7 @@ # ==================================================================== -# Written by Andy Polyakov for the OpenSSL +# Written by Andy Polyakov for the OpenSSL # project. The module is, however, dual licensed under OpenSSL and # CRYPTOGAMS licenses depending on where you obtain it. For further # details see http://www.openssl.org/~appro/cryptogams/. @@ -368,7 +368,7 @@ sub ROUND_16_xx { ___ @V=( $Ahi, $Alo, $Bhi, $Blo, $Chi, $Clo, $Dhi, $Dlo, - $Ehi, $Elo, $Fhi, $Flo, $Ghi, $Glo, $Hhi, $Hlo) = + $Ehi, $Elo, $Fhi, $Flo, $Ghi, $Glo, $Hhi, $Hlo) = ( "%r1", "%r2", "%r3", "%r4", "%r5", "%r6", "%r7", "%r8", "%r9","%r10","%r11","%r12","%r13","%r14","%r15","%r16"); $a0 ="%r17"; @@ -419,7 +419,7 @@ sub ROUND_00_15_pa1 { add $t0,$hlo,$hlo shd $ahi,$alo,$Sigma0[0],$t0 addc $t1,$hhi,$hhi ; h += Sigma1(e) - shd $alo,$ahi,$Sigma0[0],$t1 + shd $alo,$ahi,$Sigma0[0],$t1 add $a0,$hlo,$hlo shd $ahi,$alo,$Sigma0[1],$t2 addc $a1,$hhi,$hhi ; h += Ch(e,f,g) @@ -767,13 +767,18 @@ sub assemble { ref($opcode) eq 'CODE' ? &$opcode($mod,$args) : "\t$mnemonic$mod\t$args"; } +if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` + =~ /GNU assembler/) { + $gnuas = 1; +} + foreach (split("\n",$code)) { s/\`([^\`]*)\`/eval $1/ge; s/shd\s+(%r[0-9]+),(%r[0-9]+),([0-9]+)/ $3>31 ? sprintf("shd\t%$2,%$1,%d",$3-32) # rotation for >=32 : sprintf("shd\t%$1,%$2,%d",$3)/e or - # translate made up instructons: _ror, _shr, _align, _shl + # translate made up instructions: _ror, _shr, _align, _shl s/_ror(\s+)(%r[0-9]+),/ ($SZ==4 ? "shd" : "shrpd")."$1$2,$2,"/e or @@ -790,9 +795,11 @@ sub assemble { s/^\s+([a-z]+)([\S]*)\s+([\S]*)/&assemble($1,$2,$3)/e if ($SIZE_T==4); - s/cmpb,\*/comb,/ if ($SIZE_T==4); - - s/\bbv\b/bve/ if ($SIZE_T==8); + s/(\.LEVEL\s+2\.0)W/$1w/ if ($gnuas && $SIZE_T==8); + s/\.SPACE\s+\$TEXT\$/.text/ if ($gnuas && $SIZE_T==8); + s/\.SUBSPA.*// if ($gnuas && $SIZE_T==8); + s/cmpb,\*/comb,/ if ($SIZE_T==4); + s/\bbv\b/bve/ if ($SIZE_T==8); print $_,"\n"; } diff --git a/deps/openssl/openssl/crypto/sha/asm/sha512-ppc.pl b/deps/openssl/openssl/crypto/sha/asm/sha512-ppc.pl index fe95b0150907f3..71699f66370640 100755 --- a/deps/openssl/openssl/crypto/sha/asm/sha512-ppc.pl +++ b/deps/openssl/openssl/crypto/sha/asm/sha512-ppc.pl @@ -26,7 +26,7 @@ # # (*) 64-bit code in 32-bit application context, which actually is # on TODO list. It should be noted that for safe deployment in -# 32-bit *mutli-threaded* context asyncronous signals should be +# 32-bit *multi-threaded* context asynchronous signals should be # blocked upon entry to SHA512 block routine. This is because # 32-bit signaling procedure invalidates upper halves of GPRs. # Context switch procedure preserves them, but not signaling:-( diff --git a/deps/openssl/openssl/crypto/sha/asm/sha512-s390x.pl b/deps/openssl/openssl/crypto/sha/asm/sha512-s390x.pl index 427d6f8252aa78..4c0f4e79315b94 100644 --- a/deps/openssl/openssl/crypto/sha/asm/sha512-s390x.pl +++ b/deps/openssl/openssl/crypto/sha/asm/sha512-s390x.pl @@ -8,7 +8,7 @@ # ==================================================================== -# Written by Andy Polyakov for the OpenSSL +# Written by Andy Polyakov for the OpenSSL # project. The module is, however, dual licensed under OpenSSL and # CRYPTOGAMS licenses depending on where you obtain it. For further # details see http://www.openssl.org/~appro/cryptogams/. @@ -170,6 +170,8 @@ sub BODY_16_XX { } $code.=<<___; +#include "s390x_arch.h" + .text .align 64 .type $Table,\@object @@ -244,7 +246,7 @@ sub BODY_16_XX { ___ $code.=<<___ if ($kimdfunc); larl %r1,OPENSSL_s390xcap_P - lg %r0,16(%r1) # check kimd capabilities + lg %r0,S390X_KIMD(%r1) # check kimd capabilities tmhh %r0,`0x8000>>$kimdfunc` jz .Lsoftware lghi %r0,$kimdfunc @@ -308,7 +310,7 @@ sub BODY_16_XX { cl${g} $inp,`$frame+4*$SIZE_T`($sp) jne .Lloop - lm${g} %r6,%r15,`$frame+6*$SIZE_T`($sp) + lm${g} %r6,%r15,`$frame+6*$SIZE_T`($sp) br %r14 .size $Func,.-$Func .string "SHA${label} block transform for s390x, CRYPTOGAMS by " diff --git a/deps/openssl/openssl/crypto/sha/asm/sha512-sparcv9.pl b/deps/openssl/openssl/crypto/sha/asm/sha512-sparcv9.pl index 4a1ce5fe3e4ed3..4432bda65ab5d0 100644 --- a/deps/openssl/openssl/crypto/sha/asm/sha512-sparcv9.pl +++ b/deps/openssl/openssl/crypto/sha/asm/sha512-sparcv9.pl @@ -8,12 +8,12 @@ # ==================================================================== -# Written by Andy Polyakov for the OpenSSL +# Written by Andy Polyakov for the OpenSSL # project. The module is, however, dual licensed under OpenSSL and # CRYPTOGAMS licenses depending on where you obtain it. For further # details see http://www.openssl.org/~appro/cryptogams/. # -# Hardware SPARC T4 support by David S. Miller . +# Hardware SPARC T4 support by David S. Miller # ==================================================================== # SHA256 performance improvement over compiler generated code varies @@ -102,7 +102,7 @@ $locals=0; # X[16] is register resident @X=("%o0","%o1","%o2","%o3","%o4","%o5","%g1","%o7"); - + $A="%l0"; $B="%l1"; $C="%l2"; @@ -254,7 +254,7 @@ sub BODY_00_15 { $SLL $a,`$SZ*8-@Sigma0[1]`,$tmp1 xor $tmp0,$h,$h $SRL $a,@Sigma0[2],$tmp0 - xor $tmp1,$h,$h + xor $tmp1,$h,$h $SLL $a,`$SZ*8-@Sigma0[0]`,$tmp1 xor $tmp0,$h,$h xor $tmp1,$h,$h ! Sigma0(a) diff --git a/deps/openssl/openssl/crypto/sha/asm/sha512-x86_64.pl b/deps/openssl/openssl/crypto/sha/asm/sha512-x86_64.pl index c9b7b2812370e1..f2ebdfdb68b64e 100755 --- a/deps/openssl/openssl/crypto/sha/asm/sha512-x86_64.pl +++ b/deps/openssl/openssl/crypto/sha/asm/sha512-x86_64.pl @@ -95,9 +95,11 @@ # Haswell 12.2 9.28(+31%) 7.80(+56%) 7.66 5.40(+42%) # Skylake 11.4 9.03(+26%) 7.70(+48%) 7.25 5.20(+40%) # Bulldozer 21.1 13.6(+54%) 13.6(+54%(***)) 13.5 8.58(+57%) +# Ryzen 11.0 9.02(+22%) 2.05(+440%) 7.05 5.67(+20%) # VIA Nano 23.0 16.5(+39%) - 14.7 - # Atom 23.0 18.9(+22%) - 14.7 - # Silvermont 27.4 20.6(+33%) - 17.5 - +# Knights L 27.4 21.0(+30%) 19.6(+40%) 17.5 12.8(+37%) # Goldmont 18.9 14.3(+32%) 4.16(+350%) 12.0 - # # (*) whichever best applicable, including SHAEXT; @@ -176,7 +178,7 @@ $_ctx="16*$SZ+0*8(%rsp)"; $_inp="16*$SZ+1*8(%rsp)"; $_end="16*$SZ+2*8(%rsp)"; -$_rsp="16*$SZ+3*8(%rsp)"; +$_rsp="`16*$SZ+3*8`(%rsp)"; $framesz="16*$SZ+4*8"; @@ -269,6 +271,7 @@ () .type $func,\@function,3 .align 16 $func: +.cfi_startproc ___ $code.=<<___ if ($SZ==4 || $avx); lea OPENSSL_ia32cap_P(%rip),%r11 @@ -301,13 +304,20 @@ () jnz .Lssse3_shortcut ___ $code.=<<___; + mov %rsp,%rax # copy %rsp +.cfi_def_cfa_register %rax push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 - mov %rsp,%r11 # copy %rsp +.cfi_push %r15 shl \$4,%rdx # num*16 sub \$$framesz,%rsp lea ($inp,%rdx,$SZ),%rdx # inp+num*16*$SZ @@ -315,7 +325,8 @@ () mov $ctx,$_ctx # save ctx, 1st arg mov $inp,$_inp # save inp, 2nd arh mov %rdx,$_end # save end pointer, "3rd" arg - mov %r11,$_rsp # save copy of %rsp + mov %rax,$_rsp # save copy of %rsp +.cfi_cfa_expression $_rsp,deref,+8 .Lprologue: mov $SZ*0($ctx),$A @@ -382,15 +393,24 @@ () jb .Lloop mov $_rsp,%rsi - mov (%rsi),%r15 - mov 8(%rsi),%r14 - mov 16(%rsi),%r13 - mov 24(%rsi),%r12 - mov 32(%rsi),%rbp - mov 40(%rsi),%rbx - lea 48(%rsi),%rsp +.cfi_def_cfa %rsi,8 + mov -48(%rsi),%r15 +.cfi_restore %r15 + mov -40(%rsi),%r14 +.cfi_restore %r14 + mov -32(%rsi),%r13 +.cfi_restore %r13 + mov -24(%rsi),%r12 +.cfi_restore %r12 + mov -16(%rsi),%rbp +.cfi_restore %rbp + mov -8(%rsi),%rbx +.cfi_restore %rbx + lea (%rsi),%rsp +.cfi_def_cfa_register %rsp .Lepilogue: ret +.cfi_endproc .size $func,.-$func ___ @@ -760,14 +780,22 @@ () .type ${func}_ssse3,\@function,3 .align 64 ${func}_ssse3: +.cfi_startproc .Lssse3_shortcut: + mov %rsp,%rax # copy %rsp +.cfi_def_cfa_register %rax push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 - mov %rsp,%r11 # copy %rsp +.cfi_push %r15 shl \$4,%rdx # num*16 sub \$`$framesz+$win64*16*4`,%rsp lea ($inp,%rdx,$SZ),%rdx # inp+num*16*$SZ @@ -775,7 +803,8 @@ () mov $ctx,$_ctx # save ctx, 1st arg mov $inp,$_inp # save inp, 2nd arh mov %rdx,$_end # save end pointer, "3rd" arg - mov %r11,$_rsp # save copy of %rsp + mov %rax,$_rsp # save copy of %rsp +.cfi_cfa_expression $_rsp,deref,+8 ___ $code.=<<___ if ($win64); movaps %xmm6,16*$SZ+32(%rsp) @@ -1074,6 +1103,7 @@ () jb .Lloop_ssse3 mov $_rsp,%rsi +.cfi_def_cfa %rsi,8 ___ $code.=<<___ if ($win64); movaps 16*$SZ+32(%rsp),%xmm6 @@ -1082,15 +1112,23 @@ () movaps 16*$SZ+80(%rsp),%xmm9 ___ $code.=<<___; - mov (%rsi),%r15 - mov 8(%rsi),%r14 - mov 16(%rsi),%r13 - mov 24(%rsi),%r12 - mov 32(%rsi),%rbp - mov 40(%rsi),%rbx - lea 48(%rsi),%rsp + mov -48(%rsi),%r15 +.cfi_restore %r15 + mov -40(%rsi),%r14 +.cfi_restore %r14 + mov -32(%rsi),%r13 +.cfi_restore %r13 + mov -24(%rsi),%r12 +.cfi_restore %r12 + mov -16(%rsi),%rbp +.cfi_restore %rbp + mov -8(%rsi),%rbx +.cfi_restore %rbx + lea (%rsi),%rsp +.cfi_def_cfa_register %rsp .Lepilogue_ssse3: ret +.cfi_endproc .size ${func}_ssse3,.-${func}_ssse3 ___ } @@ -1104,14 +1142,22 @@ () .type ${func}_xop,\@function,3 .align 64 ${func}_xop: +.cfi_startproc .Lxop_shortcut: + mov %rsp,%rax # copy %rsp +.cfi_def_cfa_register %rax push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 - mov %rsp,%r11 # copy %rsp +.cfi_push %r15 shl \$4,%rdx # num*16 sub \$`$framesz+$win64*16*($SZ==4?4:6)`,%rsp lea ($inp,%rdx,$SZ),%rdx # inp+num*16*$SZ @@ -1119,7 +1165,8 @@ () mov $ctx,$_ctx # save ctx, 1st arg mov $inp,$_inp # save inp, 2nd arh mov %rdx,$_end # save end pointer, "3rd" arg - mov %r11,$_rsp # save copy of %rsp + mov %rax,$_rsp # save copy of %rsp +.cfi_cfa_expression $_rsp,deref,+8 ___ $code.=<<___ if ($win64); movaps %xmm6,16*$SZ+32(%rsp) @@ -1446,6 +1493,7 @@ () jb .Lloop_xop mov $_rsp,%rsi +.cfi_def_cfa %rsi,8 vzeroupper ___ $code.=<<___ if ($win64); @@ -1459,15 +1507,23 @@ () movaps 16*$SZ+112(%rsp),%xmm11 ___ $code.=<<___; - mov (%rsi),%r15 - mov 8(%rsi),%r14 - mov 16(%rsi),%r13 - mov 24(%rsi),%r12 - mov 32(%rsi),%rbp - mov 40(%rsi),%rbx - lea 48(%rsi),%rsp + mov -48(%rsi),%r15 +.cfi_restore %r15 + mov -40(%rsi),%r14 +.cfi_restore %r14 + mov -32(%rsi),%r13 +.cfi_restore %r13 + mov -24(%rsi),%r12 +.cfi_restore %r12 + mov -16(%rsi),%rbp +.cfi_restore %rbp + mov -8(%rsi),%rbx +.cfi_restore %rbx + lea (%rsi),%rsp +.cfi_def_cfa_register %rsp .Lepilogue_xop: ret +.cfi_endproc .size ${func}_xop,.-${func}_xop ___ } @@ -1480,14 +1536,22 @@ () .type ${func}_avx,\@function,3 .align 64 ${func}_avx: +.cfi_startproc .Lavx_shortcut: + mov %rsp,%rax # copy %rsp +.cfi_def_cfa_register %rax push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 - mov %rsp,%r11 # copy %rsp +.cfi_push %r15 shl \$4,%rdx # num*16 sub \$`$framesz+$win64*16*($SZ==4?4:6)`,%rsp lea ($inp,%rdx,$SZ),%rdx # inp+num*16*$SZ @@ -1495,7 +1559,8 @@ () mov $ctx,$_ctx # save ctx, 1st arg mov $inp,$_inp # save inp, 2nd arh mov %rdx,$_end # save end pointer, "3rd" arg - mov %r11,$_rsp # save copy of %rsp + mov %rax,$_rsp # save copy of %rsp +.cfi_cfa_expression $_rsp,deref,+8 ___ $code.=<<___ if ($win64); movaps %xmm6,16*$SZ+32(%rsp) @@ -1754,6 +1819,7 @@ () jb .Lloop_avx mov $_rsp,%rsi +.cfi_def_cfa %rsi,8 vzeroupper ___ $code.=<<___ if ($win64); @@ -1767,15 +1833,23 @@ () movaps 16*$SZ+112(%rsp),%xmm11 ___ $code.=<<___; - mov (%rsi),%r15 - mov 8(%rsi),%r14 - mov 16(%rsi),%r13 - mov 24(%rsi),%r12 - mov 32(%rsi),%rbp - mov 40(%rsi),%rbx - lea 48(%rsi),%rsp + mov -48(%rsi),%r15 +.cfi_restore %r15 + mov -40(%rsi),%r14 +.cfi_restore %r14 + mov -32(%rsi),%r13 +.cfi_restore %r13 + mov -24(%rsi),%r12 +.cfi_restore %r12 + mov -16(%rsi),%rbp +.cfi_restore %rbp + mov -8(%rsi),%rbx +.cfi_restore %rbx + lea (%rsi),%rsp +.cfi_def_cfa_register %rsp .Lepilogue_avx: ret +.cfi_endproc .size ${func}_avx,.-${func}_avx ___ @@ -1783,7 +1857,7 @@ () ###################################################################### # AVX2+BMI code path # -my $a5=$SZ==4?"%esi":"%rsi"; # zap $inp +my $a5=$SZ==4?"%esi":"%rsi"; # zap $inp my $PUSH8=8*2*$SZ; use integer; @@ -1831,14 +1905,22 @@ () .type ${func}_avx2,\@function,3 .align 64 ${func}_avx2: +.cfi_startproc .Lavx2_shortcut: + mov %rsp,%rax # copy %rsp +.cfi_def_cfa_register %rax push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 - mov %rsp,%r11 # copy %rsp +.cfi_push %r15 sub \$`2*$SZ*$rounds+4*8+$win64*16*($SZ==4?4:6)`,%rsp shl \$4,%rdx # num*16 and \$-256*$SZ,%rsp # align stack frame @@ -1847,7 +1929,8 @@ () mov $ctx,$_ctx # save ctx, 1st arg mov $inp,$_inp # save inp, 2nd arh mov %rdx,$_end # save end pointer, "3rd" arg - mov %r11,$_rsp # save copy of %rsp + mov %rax,$_rsp # save copy of %rsp +.cfi_cfa_expression $_rsp,deref,+8 ___ $code.=<<___ if ($win64); movaps %xmm6,16*$SZ+32(%rsp) @@ -2128,6 +2211,7 @@ () .Ldone_avx2: lea ($Tbl),%rsp mov $_rsp,%rsi +.cfi_def_cfa %rsi,8 vzeroupper ___ $code.=<<___ if ($win64); @@ -2141,15 +2225,23 @@ () movaps 16*$SZ+112(%rsp),%xmm11 ___ $code.=<<___; - mov (%rsi),%r15 - mov 8(%rsi),%r14 - mov 16(%rsi),%r13 - mov 24(%rsi),%r12 - mov 32(%rsi),%rbp - mov 40(%rsi),%rbx - lea 48(%rsi),%rsp + mov -48(%rsi),%r15 +.cfi_restore %r15 + mov -40(%rsi),%r14 +.cfi_restore %r14 + mov -32(%rsi),%r13 +.cfi_restore %r13 + mov -24(%rsi),%r12 +.cfi_restore %r12 + mov -16(%rsi),%rbp +.cfi_restore %rbp + mov -8(%rsi),%rbx +.cfi_restore %rbx + lea (%rsi),%rsp +.cfi_def_cfa_register %rsp .Lepilogue_avx2: ret +.cfi_endproc .size ${func}_avx2,.-${func}_avx2 ___ }} @@ -2209,7 +2301,6 @@ () $code.=<<___; mov %rax,%rsi # put aside Rsp mov 16*$SZ+3*8(%rax),%rax # pull $_rsp - lea 48(%rax),%rax mov -8(%rax),%rbx mov -16(%rax),%rbp diff --git a/deps/openssl/openssl/crypto/sha/asm/sha512p8-ppc.pl b/deps/openssl/openssl/crypto/sha/asm/sha512p8-ppc.pl index 4d3d3b2f8c98d5..0d4fdd292c07a5 100755 --- a/deps/openssl/openssl/crypto/sha/asm/sha512p8-ppc.pl +++ b/deps/openssl/openssl/crypto/sha/asm/sha512p8-ppc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -25,11 +25,20 @@ # sha1-ppc.pl and 1.6x slower than aes-128-cbc. Another interesting # result is degree of computational resources' utilization. POWER8 is # "massively multi-threaded chip" and difference between single- and -# maximum multi-process benchmark results tells that utlization is +# maximum multi-process benchmark results tells that utilization is # whooping 94%. For sha512-ppc.pl we get [not unimpressive] 84% and # for sha1-ppc.pl - 73%. 100% means that multi-process result equals # to single-process one, given that all threads end up on the same # physical core. +# +###################################################################### +# Believed-to-be-accurate results in cycles per processed byte [on +# little-endian system]. Numbers in square brackets are for 64-bit +# build of sha512-ppc.pl, presented for reference. +# +# POWER8 POWER9 +# SHA256 9.7 [15.8] 11.2 [12.5] +# SHA512 6.1 [10.3] 7.0 [7.9] $flavour=shift; $output =shift; @@ -70,7 +79,8 @@ } $func="sha${bits}_block_p8"; -$FRAME=8*$SIZE_T; +$LOCALS=8*$SIZE_T+8*16; +$FRAME=$LOCALS+9*16+6*$SIZE_T; $sp ="r1"; $toc="r2"; @@ -82,16 +92,16 @@ $lrsave="r8"; $offload="r11"; $vrsave="r12"; -($x00,$x10,$x20,$x30,$x40,$x50,$x60,$x70)=map("r$_",(0,10,26..31)); - $x00=0 if ($flavour =~ /osx/); +@I = ($x00,$x10,$x20,$x30,$x40,$x50,$x60,$x70) = (0,map("r$_",(10,26..31))); @V=($A,$B,$C,$D,$E,$F,$G,$H)=map("v$_",(0..7)); -@X=map("v$_",(8..23)); -($Ki,$Func,$S0,$S1,$s0,$s1,$lemask)=map("v$_",(24..31)); +@X=map("v$_",(8..19,24..27)); +($Ki,$Func,$Sigma,$lemask)=map("v$_",(28..31)); sub ROUND { my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_; my $j=($i+1)%16; +my $k=($i+2)%8; $code.=<<___ if ($i<15 && ($i%(16/$SZ))==(16/$SZ-1)); lvx_u @X[$i+1],0,$inp ; load X[i] in advance @@ -103,26 +113,30 @@ sub ROUND { $code.=<<___ if ($LENDIAN && $i<16 && ($i%(16/$SZ))==0); vperm @X[$i],@X[$i],@X[$i],$lemask ___ +$code.=<<___ if ($i>=15); + vshasigma${sz} $Sigma,@X[($j+1)%16],0,0 + vaddu${sz}m @X[$j],@X[$j],$Sigma + vshasigma${sz} $Sigma,@X[($j+14)%16],0,15 + vaddu${sz}m @X[$j],@X[$j],$Sigma + vaddu${sz}m @X[$j],@X[$j],@X[($j+9)%16] +___ $code.=<<___; - `"vshasigma${sz} $s0,@X[($j+1)%16],0,0" if ($i>=15)` - vsel $Func,$g,$f,$e ; Ch(e,f,g) - vshasigma${sz} $S1,$e,1,15 ; Sigma1(e) vaddu${sz}m $h,$h,@X[$i%16] ; h+=X[i] - vshasigma${sz} $S0,$a,1,0 ; Sigma0(a) - `"vshasigma${sz} $s1,@X[($j+14)%16],0,15" if ($i>=15)` + vsel $Func,$g,$f,$e ; Ch(e,f,g) + vaddu${sz}m $g,$g,$Ki ; future h+=K[i] vaddu${sz}m $h,$h,$Func ; h+=Ch(e,f,g) + vshasigma${sz} $Sigma,$e,1,15 ; Sigma1(e) + vaddu${sz}m $h,$h,$Sigma ; h+=Sigma1(e) vxor $Func,$a,$b - `"vaddu${sz}m @X[$j],@X[$j],@X[($j+9)%16]" if ($i>=15)` - vaddu${sz}m $h,$h,$S1 ; h+=Sigma1(e) vsel $Func,$b,$c,$Func ; Maj(a,b,c) - vaddu${sz}m $g,$g,$Ki ; future h+=K[i] vaddu${sz}m $d,$d,$h ; d+=h - vaddu${sz}m $S0,$S0,$Func ; Sigma0(a)+Maj(a,b,c) - `"vaddu${sz}m @X[$j],@X[$j],$s0" if ($i>=15)` - lvx $Ki,$idx,$Tbl ; load next K[i] - addi $idx,$idx,16 - vaddu${sz}m $h,$h,$S0 ; h+=Sigma0(a)+Maj(a,b,c) - `"vaddu${sz}m @X[$j],@X[$j],$s1" if ($i>=15)` + vshasigma${sz} $Sigma,$a,1,0 ; Sigma0(a) + vaddu${sz}m $Sigma,$Sigma,$Func ; Sigma0(a)+Maj(a,b,c) + vaddu${sz}m $h,$h,$Sigma ; h+=Sigma0(a)+Maj(a,b,c) + lvx $Ki,@I[$k],$idx ; load next K[i] +___ +$code.=<<___ if ($k == 7); + addi $idx,$idx,0x80 ___ } @@ -133,21 +147,13 @@ sub ROUND { .globl $func .align 6 $func: - $STU $sp,-`($FRAME+21*16+6*$SIZE_T)`($sp) + $STU $sp,-$FRAME($sp) mflr $lrsave - li r10,`$FRAME+8*16+15` - li r11,`$FRAME+8*16+31` - stvx v20,r10,$sp # ABI says so + li r10,`$LOCALS+15` + li r11,`$LOCALS+31` + stvx v24,r10,$sp # ABI says so addi r10,r10,32 mfspr $vrsave,256 - stvx v21,r11,$sp - addi r11,r11,32 - stvx v22,r10,$sp - addi r10,r10,32 - stvx v23,r11,$sp - addi r11,r11,32 - stvx v24,r10,$sp - addi r10,r10,32 stvx v25,r11,$sp addi r11,r11,32 stvx v26,r10,$sp @@ -160,26 +166,26 @@ sub ROUND { addi r11,r11,32 stvx v30,r10,$sp stvx v31,r11,$sp - li r11,-1 - stw $vrsave,`$FRAME+21*16-4`($sp) # save vrsave + li r11,-4096+255 # 0xfffff0ff + stw $vrsave,`$FRAME-6*$SIZE_T-4`($sp) # save vrsave li $x10,0x10 - $PUSH r26,`$FRAME+21*16+0*$SIZE_T`($sp) + $PUSH r26,`$FRAME-6*$SIZE_T`($sp) li $x20,0x20 - $PUSH r27,`$FRAME+21*16+1*$SIZE_T`($sp) + $PUSH r27,`$FRAME-5*$SIZE_T`($sp) li $x30,0x30 - $PUSH r28,`$FRAME+21*16+2*$SIZE_T`($sp) + $PUSH r28,`$FRAME-4*$SIZE_T`($sp) li $x40,0x40 - $PUSH r29,`$FRAME+21*16+3*$SIZE_T`($sp) + $PUSH r29,`$FRAME-3*$SIZE_T`($sp) li $x50,0x50 - $PUSH r30,`$FRAME+21*16+4*$SIZE_T`($sp) + $PUSH r30,`$FRAME-2*$SIZE_T`($sp) li $x60,0x60 - $PUSH r31,`$FRAME+21*16+5*$SIZE_T`($sp) + $PUSH r31,`$FRAME-1*$SIZE_T`($sp) li $x70,0x70 - $PUSH $lrsave,`$FRAME+21*16+6*$SIZE_T+$LRSAVE`($sp) + $PUSH $lrsave,`$FRAME+$LRSAVE`($sp) mtspr 256,r11 bl LPICmeup - addi $offload,$sp,$FRAME+15 + addi $offload,$sp,`8*$SIZE_T+15` ___ $code.=<<___ if ($LENDIAN); li $idx,8 @@ -213,9 +219,9 @@ sub ROUND { .align 5 Loop: lvx $Ki,$x00,$Tbl - li $idx,16 lvx_u @X[0],0,$inp addi $inp,$inp,16 + mr $idx,$Tbl # copy $Tbl stvx $A,$x00,$offload # offload $A-$H stvx $B,$x10,$offload stvx $C,$x20,$offload @@ -225,8 +231,7 @@ sub ROUND { stvx $G,$x60,$offload stvx $H,$x70,$offload vaddu${sz}m $H,$H,$Ki # h+K[i] - lvx $Ki,$idx,$Tbl - addi $idx,$idx,16 + lvx $Ki,$x10,$Tbl ___ for ($i=0;$i<16;$i++) { &ROUND($i,@V); unshift(@V,pop(@V)); } $code.=<<___; @@ -259,10 +264,9 @@ sub ROUND { bne Loop ___ $code.=<<___ if ($SZ==4); - lvx @X[0],$idx,$Tbl - addi $idx,$idx,16 + lvx @X[0],$x20,$idx vperm $A,$A,$B,$Ki # pack the answer - lvx @X[1],$idx,$Tbl + lvx @X[1],$x30,$idx vperm $E,$E,$F,$Ki vperm $A,$A,$C,@X[0] vperm $E,$E,$G,@X[0] @@ -282,39 +286,24 @@ sub ROUND { stvx_u $G,$x30,$ctx ___ $code.=<<___; - li r10,`$FRAME+8*16+15` + addi $offload,$sp,`$LOCALS+15` mtlr $lrsave - li r11,`$FRAME+8*16+31` mtspr 256,$vrsave - lvx v20,r10,$sp # ABI says so - addi r10,r10,32 - lvx v21,r11,$sp - addi r11,r11,32 - lvx v22,r10,$sp - addi r10,r10,32 - lvx v23,r11,$sp - addi r11,r11,32 - lvx v24,r10,$sp - addi r10,r10,32 - lvx v25,r11,$sp - addi r11,r11,32 - lvx v26,r10,$sp - addi r10,r10,32 - lvx v27,r11,$sp - addi r11,r11,32 - lvx v28,r10,$sp - addi r10,r10,32 - lvx v29,r11,$sp - addi r11,r11,32 - lvx v30,r10,$sp - lvx v31,r11,$sp - $POP r26,`$FRAME+21*16+0*$SIZE_T`($sp) - $POP r27,`$FRAME+21*16+1*$SIZE_T`($sp) - $POP r28,`$FRAME+21*16+2*$SIZE_T`($sp) - $POP r29,`$FRAME+21*16+3*$SIZE_T`($sp) - $POP r30,`$FRAME+21*16+4*$SIZE_T`($sp) - $POP r31,`$FRAME+21*16+5*$SIZE_T`($sp) - addi $sp,$sp,`$FRAME+21*16+6*$SIZE_T` + lvx v24,$x00,$offload # ABI says so + lvx v25,$x10,$offload + lvx v26,$x20,$offload + lvx v27,$x30,$offload + lvx v28,$x40,$offload + lvx v29,$x50,$offload + lvx v30,$x60,$offload + lvx v31,$x70,$offload + $POP r26,`$FRAME-6*$SIZE_T`($sp) + $POP r27,`$FRAME-5*$SIZE_T`($sp) + $POP r28,`$FRAME-4*$SIZE_T`($sp) + $POP r29,`$FRAME-3*$SIZE_T`($sp) + $POP r30,`$FRAME-2*$SIZE_T`($sp) + $POP r31,`$FRAME-1*$SIZE_T`($sp) + addi $sp,$sp,$FRAME blr .long 0 .byte 0,12,4,1,0x80,6,3,0 diff --git a/deps/openssl/openssl/crypto/sha/build.info b/deps/openssl/openssl/crypto/sha/build.info index 2a00988786db47..5dd5a9941d34f8 100644 --- a/deps/openssl/openssl/crypto/sha/build.info +++ b/deps/openssl/openssl/crypto/sha/build.info @@ -1,17 +1,21 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]=\ - sha1dgst.c sha1_one.c sha256.c sha512.c {- $target{sha1_asm_src} -} + sha1dgst.c sha1_one.c sha256.c sha512.c {- $target{sha1_asm_src} -} \ + {- $target{keccak1600_asm_src} -} -GENERATE[sha1-586.s]=asm/sha1-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR) +GENERATE[sha1-586.s]=asm/sha1-586.pl \ + $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR) DEPEND[sha1-586.s]=../perlasm/x86asm.pl -GENERATE[sha256-586.s]=asm/sha256-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR) +GENERATE[sha256-586.s]=asm/sha256-586.pl \ + $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR) DEPEND[sha256-586.s]=../perlasm/x86asm.pl -GENERATE[sha512-586.s]=asm/sha512-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR) +GENERATE[sha512-586.s]=asm/sha512-586.pl \ + $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR) DEPEND[sha512-586.s]=../perlasm/x86asm.pl -GENERATE[sha1-ia64.s]=asm/sha1-ia64.pl $(CFLAGS) $(LIB_CFLAGS) -GENERATE[sha256-ia64.s]=asm/sha512-ia64.pl $(CFLAGS) $(LIB_CFLAGS) -GENERATE[sha512-ia64.s]=asm/sha512-ia64.pl $(CFLAGS) $(LIB_CFLAGS) +GENERATE[sha1-ia64.s]=asm/sha1-ia64.pl $(LIB_CFLAGS) $(LIB_CPPFLAGS) +GENERATE[sha256-ia64.s]=asm/sha512-ia64.pl $(LIB_CFLAGS) $(LIB_CPPFLAGS) +GENERATE[sha512-ia64.s]=asm/sha512-ia64.pl $(LIB_CFLAGS) $(LIB_CPPFLAGS) GENERATE[sha1-alpha.S]=asm/sha1-alpha.pl $(PERLASM_SCHEME) @@ -20,6 +24,7 @@ GENERATE[sha1-mb-x86_64.s]=asm/sha1-mb-x86_64.pl $(PERLASM_SCHEME) GENERATE[sha256-x86_64.s]=asm/sha512-x86_64.pl $(PERLASM_SCHEME) GENERATE[sha256-mb-x86_64.s]=asm/sha256-mb-x86_64.pl $(PERLASM_SCHEME) GENERATE[sha512-x86_64.s]=asm/sha512-x86_64.pl $(PERLASM_SCHEME) +GENERATE[keccak1600-x86_64.s]=asm/keccak1600-x86_64.pl $(PERLASM_SCHEME) GENERATE[sha1-sparcv9.S]=asm/sha1-sparcv9.pl $(PERLASM_SCHEME) INCLUDE[sha1-sparcv9.o]=.. @@ -33,14 +38,18 @@ GENERATE[sha256-ppc.s]=asm/sha512-ppc.pl $(PERLASM_SCHEME) GENERATE[sha512-ppc.s]=asm/sha512-ppc.pl $(PERLASM_SCHEME) GENERATE[sha256p8-ppc.s]=asm/sha512p8-ppc.pl $(PERLASM_SCHEME) GENERATE[sha512p8-ppc.s]=asm/sha512p8-ppc.pl $(PERLASM_SCHEME) +GENERATE[keccak1600-ppc64.s]=asm/keccak1600-ppc64.pl $(PERLASM_SCHEME) GENERATE[sha1-parisc.s]=asm/sha1-parisc.pl $(PERLASM_SCHEME) GENERATE[sha256-parisc.s]=asm/sha512-parisc.pl $(PERLASM_SCHEME) GENERATE[sha512-parisc.s]=asm/sha512-parisc.pl $(PERLASM_SCHEME) GENERATE[sha1-mips.S]=asm/sha1-mips.pl $(PERLASM_SCHEME) +INCLUDE[sha1-mips.o]=.. GENERATE[sha256-mips.S]=asm/sha512-mips.pl $(PERLASM_SCHEME) +INCLUDE[sha256-mips.o]=.. GENERATE[sha512-mips.S]=asm/sha512-mips.pl $(PERLASM_SCHEME) +INCLUDE[sha512-mips.o]=.. GENERATE[sha1-armv4-large.S]=asm/sha1-armv4-large.pl $(PERLASM_SCHEME) INCLUDE[sha1-armv4-large.o]=.. @@ -48,6 +57,8 @@ GENERATE[sha256-armv4.S]=asm/sha256-armv4.pl $(PERLASM_SCHEME) INCLUDE[sha256-armv4.o]=.. GENERATE[sha512-armv4.S]=asm/sha512-armv4.pl $(PERLASM_SCHEME) INCLUDE[sha512-armv4.o]=.. +GENERATE[keccak1600-armv4.S]=asm/keccak1600-armv4.pl $(PERLASM_SCHEME) +INCLUDE[keccak1600-armv4.o]=.. GENERATE[sha1-armv8.S]=asm/sha1-armv8.pl $(PERLASM_SCHEME) INCLUDE[sha1-armv8.o]=.. @@ -55,6 +66,7 @@ GENERATE[sha256-armv8.S]=asm/sha512-armv8.pl $(PERLASM_SCHEME) INCLUDE[sha256-armv8.o]=.. GENERATE[sha512-armv8.S]=asm/sha512-armv8.pl $(PERLASM_SCHEME) INCLUDE[sha512-armv8.o]=.. +GENERATE[keccak1600-armv8.S]=asm/keccak1600-armv8.pl $(PERLASM_SCHEME) GENERATE[sha1-s390x.S]=asm/sha1-s390x.pl $(PERLASM_SCHEME) INCLUDE[sha1-s390x.o]=.. @@ -62,6 +74,7 @@ GENERATE[sha256-s390x.S]=asm/sha512-s390x.pl $(PERLASM_SCHEME) INCLUDE[sha256-s390x.o]=.. GENERATE[sha512-s390x.S]=asm/sha512-s390x.pl $(PERLASM_SCHEME) INCLUDE[sha512-s390x.o]=.. +GENERATE[keccak1600-s390x.S]=asm/keccak1600-s390x.pl $(PERLASM_SCHEME) BEGINRAW[Makefile(unix)] ##### SHA assembler implementations diff --git a/deps/openssl/openssl/crypto/sha/keccak1600.c b/deps/openssl/openssl/crypto/sha/keccak1600.c new file mode 100644 index 00000000000000..e7223486af5b40 --- /dev/null +++ b/deps/openssl/openssl/crypto/sha/keccak1600.c @@ -0,0 +1,1246 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include + +size_t SHA3_absorb(uint64_t A[5][5], const unsigned char *inp, size_t len, + size_t r); +void SHA3_squeeze(uint64_t A[5][5], unsigned char *out, size_t len, size_t r); + +#if !defined(KECCAK1600_ASM) || !defined(SELFTEST) + +/* + * Choose some sensible defaults + */ +#if !defined(KECCAK_REF) && !defined(KECCAK_1X) && !defined(KECCAK_1X_ALT) && \ + !defined(KECCAK_2X) && !defined(KECCAK_INPLACE) +# define KECCAK_2X /* default to KECCAK_2X variant */ +#endif + +#if defined(__i386) || defined(__i386__) || defined(_M_IX86) +# define KECCAK_COMPLEMENTING_TRANSFORM +#endif + +#if defined(__x86_64__) || defined(__aarch64__) || \ + defined(__mips64) || defined(__ia64) || \ + (defined(__VMS) && !defined(__vax)) +/* + * These are available even in ILP32 flavours, but even then they are + * capable of performing 64-bit operations as efficiently as in *P64. + * Since it's not given that we can use sizeof(void *), just shunt it. + */ +# define BIT_INTERLEAVE (0) +#else +# define BIT_INTERLEAVE (sizeof(void *) < 8) +#endif + +#define ROL32(a, offset) (((a) << (offset)) | ((a) >> ((32 - (offset)) & 31))) + +static uint64_t ROL64(uint64_t val, int offset) +{ + if (offset == 0) { + return val; + } else if (!BIT_INTERLEAVE) { + return (val << offset) | (val >> (64-offset)); + } else { + uint32_t hi = (uint32_t)(val >> 32), lo = (uint32_t)val; + + if (offset & 1) { + uint32_t tmp = hi; + + offset >>= 1; + hi = ROL32(lo, offset); + lo = ROL32(tmp, offset + 1); + } else { + offset >>= 1; + lo = ROL32(lo, offset); + hi = ROL32(hi, offset); + } + + return ((uint64_t)hi << 32) | lo; + } +} + +static const unsigned char rhotates[5][5] = { + { 0, 1, 62, 28, 27 }, + { 36, 44, 6, 55, 20 }, + { 3, 10, 43, 25, 39 }, + { 41, 45, 15, 21, 8 }, + { 18, 2, 61, 56, 14 } +}; + +static const uint64_t iotas[] = { + BIT_INTERLEAVE ? 0x0000000000000001U : 0x0000000000000001U, + BIT_INTERLEAVE ? 0x0000008900000000U : 0x0000000000008082U, + BIT_INTERLEAVE ? 0x8000008b00000000U : 0x800000000000808aU, + BIT_INTERLEAVE ? 0x8000808000000000U : 0x8000000080008000U, + BIT_INTERLEAVE ? 0x0000008b00000001U : 0x000000000000808bU, + BIT_INTERLEAVE ? 0x0000800000000001U : 0x0000000080000001U, + BIT_INTERLEAVE ? 0x8000808800000001U : 0x8000000080008081U, + BIT_INTERLEAVE ? 0x8000008200000001U : 0x8000000000008009U, + BIT_INTERLEAVE ? 0x0000000b00000000U : 0x000000000000008aU, + BIT_INTERLEAVE ? 0x0000000a00000000U : 0x0000000000000088U, + BIT_INTERLEAVE ? 0x0000808200000001U : 0x0000000080008009U, + BIT_INTERLEAVE ? 0x0000800300000000U : 0x000000008000000aU, + BIT_INTERLEAVE ? 0x0000808b00000001U : 0x000000008000808bU, + BIT_INTERLEAVE ? 0x8000000b00000001U : 0x800000000000008bU, + BIT_INTERLEAVE ? 0x8000008a00000001U : 0x8000000000008089U, + BIT_INTERLEAVE ? 0x8000008100000001U : 0x8000000000008003U, + BIT_INTERLEAVE ? 0x8000008100000000U : 0x8000000000008002U, + BIT_INTERLEAVE ? 0x8000000800000000U : 0x8000000000000080U, + BIT_INTERLEAVE ? 0x0000008300000000U : 0x000000000000800aU, + BIT_INTERLEAVE ? 0x8000800300000000U : 0x800000008000000aU, + BIT_INTERLEAVE ? 0x8000808800000001U : 0x8000000080008081U, + BIT_INTERLEAVE ? 0x8000008800000000U : 0x8000000000008080U, + BIT_INTERLEAVE ? 0x0000800000000001U : 0x0000000080000001U, + BIT_INTERLEAVE ? 0x8000808200000000U : 0x8000000080008008U +}; + +#if defined(KECCAK_REF) +/* + * This is straightforward or "maximum clarity" implementation aiming + * to resemble section 3.2 of the FIPS PUB 202 "SHA-3 Standard: + * Permutation-Based Hash and Extendible-Output Functions" as much as + * possible. With one caveat. Because of the way C stores matrices, + * references to A[x,y] in the specification are presented as A[y][x]. + * Implementation unrolls inner x-loops so that modulo 5 operations are + * explicitly pre-computed. + */ +static void Theta(uint64_t A[5][5]) +{ + uint64_t C[5], D[5]; + size_t y; + + C[0] = A[0][0]; + C[1] = A[0][1]; + C[2] = A[0][2]; + C[3] = A[0][3]; + C[4] = A[0][4]; + + for (y = 1; y < 5; y++) { + C[0] ^= A[y][0]; + C[1] ^= A[y][1]; + C[2] ^= A[y][2]; + C[3] ^= A[y][3]; + C[4] ^= A[y][4]; + } + + D[0] = ROL64(C[1], 1) ^ C[4]; + D[1] = ROL64(C[2], 1) ^ C[0]; + D[2] = ROL64(C[3], 1) ^ C[1]; + D[3] = ROL64(C[4], 1) ^ C[2]; + D[4] = ROL64(C[0], 1) ^ C[3]; + + for (y = 0; y < 5; y++) { + A[y][0] ^= D[0]; + A[y][1] ^= D[1]; + A[y][2] ^= D[2]; + A[y][3] ^= D[3]; + A[y][4] ^= D[4]; + } +} + +static void Rho(uint64_t A[5][5]) +{ + size_t y; + + for (y = 0; y < 5; y++) { + A[y][0] = ROL64(A[y][0], rhotates[y][0]); + A[y][1] = ROL64(A[y][1], rhotates[y][1]); + A[y][2] = ROL64(A[y][2], rhotates[y][2]); + A[y][3] = ROL64(A[y][3], rhotates[y][3]); + A[y][4] = ROL64(A[y][4], rhotates[y][4]); + } +} + +static void Pi(uint64_t A[5][5]) +{ + uint64_t T[5][5]; + + /* + * T = A + * A[y][x] = T[x][(3*y+x)%5] + */ + memcpy(T, A, sizeof(T)); + + A[0][0] = T[0][0]; + A[0][1] = T[1][1]; + A[0][2] = T[2][2]; + A[0][3] = T[3][3]; + A[0][4] = T[4][4]; + + A[1][0] = T[0][3]; + A[1][1] = T[1][4]; + A[1][2] = T[2][0]; + A[1][3] = T[3][1]; + A[1][4] = T[4][2]; + + A[2][0] = T[0][1]; + A[2][1] = T[1][2]; + A[2][2] = T[2][3]; + A[2][3] = T[3][4]; + A[2][4] = T[4][0]; + + A[3][0] = T[0][4]; + A[3][1] = T[1][0]; + A[3][2] = T[2][1]; + A[3][3] = T[3][2]; + A[3][4] = T[4][3]; + + A[4][0] = T[0][2]; + A[4][1] = T[1][3]; + A[4][2] = T[2][4]; + A[4][3] = T[3][0]; + A[4][4] = T[4][1]; +} + +static void Chi(uint64_t A[5][5]) +{ + uint64_t C[5]; + size_t y; + + for (y = 0; y < 5; y++) { + C[0] = A[y][0] ^ (~A[y][1] & A[y][2]); + C[1] = A[y][1] ^ (~A[y][2] & A[y][3]); + C[2] = A[y][2] ^ (~A[y][3] & A[y][4]); + C[3] = A[y][3] ^ (~A[y][4] & A[y][0]); + C[4] = A[y][4] ^ (~A[y][0] & A[y][1]); + + A[y][0] = C[0]; + A[y][1] = C[1]; + A[y][2] = C[2]; + A[y][3] = C[3]; + A[y][4] = C[4]; + } +} + +static void Iota(uint64_t A[5][5], size_t i) +{ + assert(i < (sizeof(iotas) / sizeof(iotas[0]))); + A[0][0] ^= iotas[i]; +} + +static void KeccakF1600(uint64_t A[5][5]) +{ + size_t i; + + for (i = 0; i < 24; i++) { + Theta(A); + Rho(A); + Pi(A); + Chi(A); + Iota(A, i); + } +} + +#elif defined(KECCAK_1X) +/* + * This implementation is optimization of above code featuring unroll + * of even y-loops, their fusion and code motion. It also minimizes + * temporary storage. Compiler would normally do all these things for + * you, purpose of manual optimization is to provide "unobscured" + * reference for assembly implementation [in case this approach is + * chosen for implementation on some platform]. In the nutshell it's + * equivalent of "plane-per-plane processing" approach discussed in + * section 2.4 of "Keccak implementation overview". + */ +static void Round(uint64_t A[5][5], size_t i) +{ + uint64_t C[5], E[2]; /* registers */ + uint64_t D[5], T[2][5]; /* memory */ + + assert(i < (sizeof(iotas) / sizeof(iotas[0]))); + + C[0] = A[0][0] ^ A[1][0] ^ A[2][0] ^ A[3][0] ^ A[4][0]; + C[1] = A[0][1] ^ A[1][1] ^ A[2][1] ^ A[3][1] ^ A[4][1]; + C[2] = A[0][2] ^ A[1][2] ^ A[2][2] ^ A[3][2] ^ A[4][2]; + C[3] = A[0][3] ^ A[1][3] ^ A[2][3] ^ A[3][3] ^ A[4][3]; + C[4] = A[0][4] ^ A[1][4] ^ A[2][4] ^ A[3][4] ^ A[4][4]; + +#if defined(__arm__) + D[1] = E[0] = ROL64(C[2], 1) ^ C[0]; + D[4] = E[1] = ROL64(C[0], 1) ^ C[3]; + D[0] = C[0] = ROL64(C[1], 1) ^ C[4]; + D[2] = C[1] = ROL64(C[3], 1) ^ C[1]; + D[3] = C[2] = ROL64(C[4], 1) ^ C[2]; + + T[0][0] = A[3][0] ^ C[0]; /* borrow T[0][0] */ + T[0][1] = A[0][1] ^ E[0]; /* D[1] */ + T[0][2] = A[0][2] ^ C[1]; /* D[2] */ + T[0][3] = A[0][3] ^ C[2]; /* D[3] */ + T[0][4] = A[0][4] ^ E[1]; /* D[4] */ + + C[3] = ROL64(A[3][3] ^ C[2], rhotates[3][3]); /* D[3] */ + C[4] = ROL64(A[4][4] ^ E[1], rhotates[4][4]); /* D[4] */ + C[0] = A[0][0] ^ C[0]; /* rotate by 0 */ /* D[0] */ + C[2] = ROL64(A[2][2] ^ C[1], rhotates[2][2]); /* D[2] */ + C[1] = ROL64(A[1][1] ^ E[0], rhotates[1][1]); /* D[1] */ +#else + D[0] = ROL64(C[1], 1) ^ C[4]; + D[1] = ROL64(C[2], 1) ^ C[0]; + D[2] = ROL64(C[3], 1) ^ C[1]; + D[3] = ROL64(C[4], 1) ^ C[2]; + D[4] = ROL64(C[0], 1) ^ C[3]; + + T[0][0] = A[3][0] ^ D[0]; /* borrow T[0][0] */ + T[0][1] = A[0][1] ^ D[1]; + T[0][2] = A[0][2] ^ D[2]; + T[0][3] = A[0][3] ^ D[3]; + T[0][4] = A[0][4] ^ D[4]; + + C[0] = A[0][0] ^ D[0]; /* rotate by 0 */ + C[1] = ROL64(A[1][1] ^ D[1], rhotates[1][1]); + C[2] = ROL64(A[2][2] ^ D[2], rhotates[2][2]); + C[3] = ROL64(A[3][3] ^ D[3], rhotates[3][3]); + C[4] = ROL64(A[4][4] ^ D[4], rhotates[4][4]); +#endif + A[0][0] = C[0] ^ (~C[1] & C[2]) ^ iotas[i]; + A[0][1] = C[1] ^ (~C[2] & C[3]); + A[0][2] = C[2] ^ (~C[3] & C[4]); + A[0][3] = C[3] ^ (~C[4] & C[0]); + A[0][4] = C[4] ^ (~C[0] & C[1]); + + T[1][0] = A[1][0] ^ (C[3] = D[0]); + T[1][1] = A[2][1] ^ (C[4] = D[1]); /* borrow T[1][1] */ + T[1][2] = A[1][2] ^ (E[0] = D[2]); + T[1][3] = A[1][3] ^ (E[1] = D[3]); + T[1][4] = A[2][4] ^ (C[2] = D[4]); /* borrow T[1][4] */ + + C[0] = ROL64(T[0][3], rhotates[0][3]); + C[1] = ROL64(A[1][4] ^ C[2], rhotates[1][4]); /* D[4] */ + C[2] = ROL64(A[2][0] ^ C[3], rhotates[2][0]); /* D[0] */ + C[3] = ROL64(A[3][1] ^ C[4], rhotates[3][1]); /* D[1] */ + C[4] = ROL64(A[4][2] ^ E[0], rhotates[4][2]); /* D[2] */ + + A[1][0] = C[0] ^ (~C[1] & C[2]); + A[1][1] = C[1] ^ (~C[2] & C[3]); + A[1][2] = C[2] ^ (~C[3] & C[4]); + A[1][3] = C[3] ^ (~C[4] & C[0]); + A[1][4] = C[4] ^ (~C[0] & C[1]); + + C[0] = ROL64(T[0][1], rhotates[0][1]); + C[1] = ROL64(T[1][2], rhotates[1][2]); + C[2] = ROL64(A[2][3] ^ D[3], rhotates[2][3]); + C[3] = ROL64(A[3][4] ^ D[4], rhotates[3][4]); + C[4] = ROL64(A[4][0] ^ D[0], rhotates[4][0]); + + A[2][0] = C[0] ^ (~C[1] & C[2]); + A[2][1] = C[1] ^ (~C[2] & C[3]); + A[2][2] = C[2] ^ (~C[3] & C[4]); + A[2][3] = C[3] ^ (~C[4] & C[0]); + A[2][4] = C[4] ^ (~C[0] & C[1]); + + C[0] = ROL64(T[0][4], rhotates[0][4]); + C[1] = ROL64(T[1][0], rhotates[1][0]); + C[2] = ROL64(T[1][1], rhotates[2][1]); /* originally A[2][1] */ + C[3] = ROL64(A[3][2] ^ D[2], rhotates[3][2]); + C[4] = ROL64(A[4][3] ^ D[3], rhotates[4][3]); + + A[3][0] = C[0] ^ (~C[1] & C[2]); + A[3][1] = C[1] ^ (~C[2] & C[3]); + A[3][2] = C[2] ^ (~C[3] & C[4]); + A[3][3] = C[3] ^ (~C[4] & C[0]); + A[3][4] = C[4] ^ (~C[0] & C[1]); + + C[0] = ROL64(T[0][2], rhotates[0][2]); + C[1] = ROL64(T[1][3], rhotates[1][3]); + C[2] = ROL64(T[1][4], rhotates[2][4]); /* originally A[2][4] */ + C[3] = ROL64(T[0][0], rhotates[3][0]); /* originally A[3][0] */ + C[4] = ROL64(A[4][1] ^ D[1], rhotates[4][1]); + + A[4][0] = C[0] ^ (~C[1] & C[2]); + A[4][1] = C[1] ^ (~C[2] & C[3]); + A[4][2] = C[2] ^ (~C[3] & C[4]); + A[4][3] = C[3] ^ (~C[4] & C[0]); + A[4][4] = C[4] ^ (~C[0] & C[1]); +} + +static void KeccakF1600(uint64_t A[5][5]) +{ + size_t i; + + for (i = 0; i < 24; i++) { + Round(A, i); + } +} + +#elif defined(KECCAK_1X_ALT) +/* + * This is variant of above KECCAK_1X that reduces requirement for + * temporary storage even further, but at cost of more updates to A[][]. + * It's less suitable if A[][] is memory bound, but better if it's + * register bound. + */ + +static void Round(uint64_t A[5][5], size_t i) +{ + uint64_t C[5], D[5]; + + assert(i < (sizeof(iotas) / sizeof(iotas[0]))); + + C[0] = A[0][0] ^ A[1][0] ^ A[2][0] ^ A[3][0] ^ A[4][0]; + C[1] = A[0][1] ^ A[1][1] ^ A[2][1] ^ A[3][1] ^ A[4][1]; + C[2] = A[0][2] ^ A[1][2] ^ A[2][2] ^ A[3][2] ^ A[4][2]; + C[3] = A[0][3] ^ A[1][3] ^ A[2][3] ^ A[3][3] ^ A[4][3]; + C[4] = A[0][4] ^ A[1][4] ^ A[2][4] ^ A[3][4] ^ A[4][4]; + + D[1] = C[0] ^ ROL64(C[2], 1); + D[2] = C[1] ^ ROL64(C[3], 1); + D[3] = C[2] ^= ROL64(C[4], 1); + D[4] = C[3] ^= ROL64(C[0], 1); + D[0] = C[4] ^= ROL64(C[1], 1); + + A[0][1] ^= D[1]; + A[1][1] ^= D[1]; + A[2][1] ^= D[1]; + A[3][1] ^= D[1]; + A[4][1] ^= D[1]; + + A[0][2] ^= D[2]; + A[1][2] ^= D[2]; + A[2][2] ^= D[2]; + A[3][2] ^= D[2]; + A[4][2] ^= D[2]; + + A[0][3] ^= C[2]; + A[1][3] ^= C[2]; + A[2][3] ^= C[2]; + A[3][3] ^= C[2]; + A[4][3] ^= C[2]; + + A[0][4] ^= C[3]; + A[1][4] ^= C[3]; + A[2][4] ^= C[3]; + A[3][4] ^= C[3]; + A[4][4] ^= C[3]; + + A[0][0] ^= C[4]; + A[1][0] ^= C[4]; + A[2][0] ^= C[4]; + A[3][0] ^= C[4]; + A[4][0] ^= C[4]; + + C[1] = A[0][1]; + C[2] = A[0][2]; + C[3] = A[0][3]; + C[4] = A[0][4]; + + A[0][1] = ROL64(A[1][1], rhotates[1][1]); + A[0][2] = ROL64(A[2][2], rhotates[2][2]); + A[0][3] = ROL64(A[3][3], rhotates[3][3]); + A[0][4] = ROL64(A[4][4], rhotates[4][4]); + + A[1][1] = ROL64(A[1][4], rhotates[1][4]); + A[2][2] = ROL64(A[2][3], rhotates[2][3]); + A[3][3] = ROL64(A[3][2], rhotates[3][2]); + A[4][4] = ROL64(A[4][1], rhotates[4][1]); + + A[1][4] = ROL64(A[4][2], rhotates[4][2]); + A[2][3] = ROL64(A[3][4], rhotates[3][4]); + A[3][2] = ROL64(A[2][1], rhotates[2][1]); + A[4][1] = ROL64(A[1][3], rhotates[1][3]); + + A[4][2] = ROL64(A[2][4], rhotates[2][4]); + A[3][4] = ROL64(A[4][3], rhotates[4][3]); + A[2][1] = ROL64(A[1][2], rhotates[1][2]); + A[1][3] = ROL64(A[3][1], rhotates[3][1]); + + A[2][4] = ROL64(A[4][0], rhotates[4][0]); + A[4][3] = ROL64(A[3][0], rhotates[3][0]); + A[1][2] = ROL64(A[2][0], rhotates[2][0]); + A[3][1] = ROL64(A[1][0], rhotates[1][0]); + + A[1][0] = ROL64(C[3], rhotates[0][3]); + A[2][0] = ROL64(C[1], rhotates[0][1]); + A[3][0] = ROL64(C[4], rhotates[0][4]); + A[4][0] = ROL64(C[2], rhotates[0][2]); + + C[0] = A[0][0]; + C[1] = A[1][0]; + D[0] = A[0][1]; + D[1] = A[1][1]; + + A[0][0] ^= (~A[0][1] & A[0][2]); + A[1][0] ^= (~A[1][1] & A[1][2]); + A[0][1] ^= (~A[0][2] & A[0][3]); + A[1][1] ^= (~A[1][2] & A[1][3]); + A[0][2] ^= (~A[0][3] & A[0][4]); + A[1][2] ^= (~A[1][3] & A[1][4]); + A[0][3] ^= (~A[0][4] & C[0]); + A[1][3] ^= (~A[1][4] & C[1]); + A[0][4] ^= (~C[0] & D[0]); + A[1][4] ^= (~C[1] & D[1]); + + C[2] = A[2][0]; + C[3] = A[3][0]; + D[2] = A[2][1]; + D[3] = A[3][1]; + + A[2][0] ^= (~A[2][1] & A[2][2]); + A[3][0] ^= (~A[3][1] & A[3][2]); + A[2][1] ^= (~A[2][2] & A[2][3]); + A[3][1] ^= (~A[3][2] & A[3][3]); + A[2][2] ^= (~A[2][3] & A[2][4]); + A[3][2] ^= (~A[3][3] & A[3][4]); + A[2][3] ^= (~A[2][4] & C[2]); + A[3][3] ^= (~A[3][4] & C[3]); + A[2][4] ^= (~C[2] & D[2]); + A[3][4] ^= (~C[3] & D[3]); + + C[4] = A[4][0]; + D[4] = A[4][1]; + + A[4][0] ^= (~A[4][1] & A[4][2]); + A[4][1] ^= (~A[4][2] & A[4][3]); + A[4][2] ^= (~A[4][3] & A[4][4]); + A[4][3] ^= (~A[4][4] & C[4]); + A[4][4] ^= (~C[4] & D[4]); + A[0][0] ^= iotas[i]; +} + +static void KeccakF1600(uint64_t A[5][5]) +{ + size_t i; + + for (i = 0; i < 24; i++) { + Round(A, i); + } +} + +#elif defined(KECCAK_2X) +/* + * This implementation is variant of KECCAK_1X above with outer-most + * round loop unrolled twice. This allows to take temporary storage + * out of round procedure and simplify references to it by alternating + * it with actual data (see round loop below). Originally it was meant + * rather as reference for an assembly implementation, but it seems to + * play best with compilers [as well as provide best instruction per + * processed byte ratio at minimal round unroll factor]... + */ +static void Round(uint64_t R[5][5], uint64_t A[5][5], size_t i) +{ + uint64_t C[5], D[5]; + + assert(i < (sizeof(iotas) / sizeof(iotas[0]))); + + C[0] = A[0][0] ^ A[1][0] ^ A[2][0] ^ A[3][0] ^ A[4][0]; + C[1] = A[0][1] ^ A[1][1] ^ A[2][1] ^ A[3][1] ^ A[4][1]; + C[2] = A[0][2] ^ A[1][2] ^ A[2][2] ^ A[3][2] ^ A[4][2]; + C[3] = A[0][3] ^ A[1][3] ^ A[2][3] ^ A[3][3] ^ A[4][3]; + C[4] = A[0][4] ^ A[1][4] ^ A[2][4] ^ A[3][4] ^ A[4][4]; + + D[0] = ROL64(C[1], 1) ^ C[4]; + D[1] = ROL64(C[2], 1) ^ C[0]; + D[2] = ROL64(C[3], 1) ^ C[1]; + D[3] = ROL64(C[4], 1) ^ C[2]; + D[4] = ROL64(C[0], 1) ^ C[3]; + + C[0] = A[0][0] ^ D[0]; /* rotate by 0 */ + C[1] = ROL64(A[1][1] ^ D[1], rhotates[1][1]); + C[2] = ROL64(A[2][2] ^ D[2], rhotates[2][2]); + C[3] = ROL64(A[3][3] ^ D[3], rhotates[3][3]); + C[4] = ROL64(A[4][4] ^ D[4], rhotates[4][4]); + +#ifdef KECCAK_COMPLEMENTING_TRANSFORM + R[0][0] = C[0] ^ ( C[1] | C[2]) ^ iotas[i]; + R[0][1] = C[1] ^ (~C[2] | C[3]); + R[0][2] = C[2] ^ ( C[3] & C[4]); + R[0][3] = C[3] ^ ( C[4] | C[0]); + R[0][4] = C[4] ^ ( C[0] & C[1]); +#else + R[0][0] = C[0] ^ (~C[1] & C[2]) ^ iotas[i]; + R[0][1] = C[1] ^ (~C[2] & C[3]); + R[0][2] = C[2] ^ (~C[3] & C[4]); + R[0][3] = C[3] ^ (~C[4] & C[0]); + R[0][4] = C[4] ^ (~C[0] & C[1]); +#endif + + C[0] = ROL64(A[0][3] ^ D[3], rhotates[0][3]); + C[1] = ROL64(A[1][4] ^ D[4], rhotates[1][4]); + C[2] = ROL64(A[2][0] ^ D[0], rhotates[2][0]); + C[3] = ROL64(A[3][1] ^ D[1], rhotates[3][1]); + C[4] = ROL64(A[4][2] ^ D[2], rhotates[4][2]); + +#ifdef KECCAK_COMPLEMENTING_TRANSFORM + R[1][0] = C[0] ^ (C[1] | C[2]); + R[1][1] = C[1] ^ (C[2] & C[3]); + R[1][2] = C[2] ^ (C[3] | ~C[4]); + R[1][3] = C[3] ^ (C[4] | C[0]); + R[1][4] = C[4] ^ (C[0] & C[1]); +#else + R[1][0] = C[0] ^ (~C[1] & C[2]); + R[1][1] = C[1] ^ (~C[2] & C[3]); + R[1][2] = C[2] ^ (~C[3] & C[4]); + R[1][3] = C[3] ^ (~C[4] & C[0]); + R[1][4] = C[4] ^ (~C[0] & C[1]); +#endif + + C[0] = ROL64(A[0][1] ^ D[1], rhotates[0][1]); + C[1] = ROL64(A[1][2] ^ D[2], rhotates[1][2]); + C[2] = ROL64(A[2][3] ^ D[3], rhotates[2][3]); + C[3] = ROL64(A[3][4] ^ D[4], rhotates[3][4]); + C[4] = ROL64(A[4][0] ^ D[0], rhotates[4][0]); + +#ifdef KECCAK_COMPLEMENTING_TRANSFORM + R[2][0] = C[0] ^ ( C[1] | C[2]); + R[2][1] = C[1] ^ ( C[2] & C[3]); + R[2][2] = C[2] ^ (~C[3] & C[4]); + R[2][3] = ~C[3] ^ ( C[4] | C[0]); + R[2][4] = C[4] ^ ( C[0] & C[1]); +#else + R[2][0] = C[0] ^ (~C[1] & C[2]); + R[2][1] = C[1] ^ (~C[2] & C[3]); + R[2][2] = C[2] ^ (~C[3] & C[4]); + R[2][3] = C[3] ^ (~C[4] & C[0]); + R[2][4] = C[4] ^ (~C[0] & C[1]); +#endif + + C[0] = ROL64(A[0][4] ^ D[4], rhotates[0][4]); + C[1] = ROL64(A[1][0] ^ D[0], rhotates[1][0]); + C[2] = ROL64(A[2][1] ^ D[1], rhotates[2][1]); + C[3] = ROL64(A[3][2] ^ D[2], rhotates[3][2]); + C[4] = ROL64(A[4][3] ^ D[3], rhotates[4][3]); + +#ifdef KECCAK_COMPLEMENTING_TRANSFORM + R[3][0] = C[0] ^ ( C[1] & C[2]); + R[3][1] = C[1] ^ ( C[2] | C[3]); + R[3][2] = C[2] ^ (~C[3] | C[4]); + R[3][3] = ~C[3] ^ ( C[4] & C[0]); + R[3][4] = C[4] ^ ( C[0] | C[1]); +#else + R[3][0] = C[0] ^ (~C[1] & C[2]); + R[3][1] = C[1] ^ (~C[2] & C[3]); + R[3][2] = C[2] ^ (~C[3] & C[4]); + R[3][3] = C[3] ^ (~C[4] & C[0]); + R[3][4] = C[4] ^ (~C[0] & C[1]); +#endif + + C[0] = ROL64(A[0][2] ^ D[2], rhotates[0][2]); + C[1] = ROL64(A[1][3] ^ D[3], rhotates[1][3]); + C[2] = ROL64(A[2][4] ^ D[4], rhotates[2][4]); + C[3] = ROL64(A[3][0] ^ D[0], rhotates[3][0]); + C[4] = ROL64(A[4][1] ^ D[1], rhotates[4][1]); + +#ifdef KECCAK_COMPLEMENTING_TRANSFORM + R[4][0] = C[0] ^ (~C[1] & C[2]); + R[4][1] = ~C[1] ^ ( C[2] | C[3]); + R[4][2] = C[2] ^ ( C[3] & C[4]); + R[4][3] = C[3] ^ ( C[4] | C[0]); + R[4][4] = C[4] ^ ( C[0] & C[1]); +#else + R[4][0] = C[0] ^ (~C[1] & C[2]); + R[4][1] = C[1] ^ (~C[2] & C[3]); + R[4][2] = C[2] ^ (~C[3] & C[4]); + R[4][3] = C[3] ^ (~C[4] & C[0]); + R[4][4] = C[4] ^ (~C[0] & C[1]); +#endif +} + +static void KeccakF1600(uint64_t A[5][5]) +{ + uint64_t T[5][5]; + size_t i; + +#ifdef KECCAK_COMPLEMENTING_TRANSFORM + A[0][1] = ~A[0][1]; + A[0][2] = ~A[0][2]; + A[1][3] = ~A[1][3]; + A[2][2] = ~A[2][2]; + A[3][2] = ~A[3][2]; + A[4][0] = ~A[4][0]; +#endif + + for (i = 0; i < 24; i += 2) { + Round(T, A, i); + Round(A, T, i + 1); + } + +#ifdef KECCAK_COMPLEMENTING_TRANSFORM + A[0][1] = ~A[0][1]; + A[0][2] = ~A[0][2]; + A[1][3] = ~A[1][3]; + A[2][2] = ~A[2][2]; + A[3][2] = ~A[3][2]; + A[4][0] = ~A[4][0]; +#endif +} + +#else /* define KECCAK_INPLACE to compile this code path */ +/* + * This implementation is KECCAK_1X from above combined 4 times with + * a twist that allows to omit temporary storage and perform in-place + * processing. It's discussed in section 2.5 of "Keccak implementation + * overview". It's likely to be best suited for processors with large + * register bank... On the other hand processor with large register + * bank can as well use KECCAK_1X_ALT, it would be as fast but much + * more compact... + */ +static void FourRounds(uint64_t A[5][5], size_t i) +{ + uint64_t B[5], C[5], D[5]; + + assert(i <= (sizeof(iotas) / sizeof(iotas[0]) - 4)); + + /* Round 4*n */ + C[0] = A[0][0] ^ A[1][0] ^ A[2][0] ^ A[3][0] ^ A[4][0]; + C[1] = A[0][1] ^ A[1][1] ^ A[2][1] ^ A[3][1] ^ A[4][1]; + C[2] = A[0][2] ^ A[1][2] ^ A[2][2] ^ A[3][2] ^ A[4][2]; + C[3] = A[0][3] ^ A[1][3] ^ A[2][3] ^ A[3][3] ^ A[4][3]; + C[4] = A[0][4] ^ A[1][4] ^ A[2][4] ^ A[3][4] ^ A[4][4]; + + D[0] = ROL64(C[1], 1) ^ C[4]; + D[1] = ROL64(C[2], 1) ^ C[0]; + D[2] = ROL64(C[3], 1) ^ C[1]; + D[3] = ROL64(C[4], 1) ^ C[2]; + D[4] = ROL64(C[0], 1) ^ C[3]; + + B[0] = A[0][0] ^ D[0]; /* rotate by 0 */ + B[1] = ROL64(A[1][1] ^ D[1], rhotates[1][1]); + B[2] = ROL64(A[2][2] ^ D[2], rhotates[2][2]); + B[3] = ROL64(A[3][3] ^ D[3], rhotates[3][3]); + B[4] = ROL64(A[4][4] ^ D[4], rhotates[4][4]); + + C[0] = A[0][0] = B[0] ^ (~B[1] & B[2]) ^ iotas[i]; + C[1] = A[1][1] = B[1] ^ (~B[2] & B[3]); + C[2] = A[2][2] = B[2] ^ (~B[3] & B[4]); + C[3] = A[3][3] = B[3] ^ (~B[4] & B[0]); + C[4] = A[4][4] = B[4] ^ (~B[0] & B[1]); + + B[0] = ROL64(A[0][3] ^ D[3], rhotates[0][3]); + B[1] = ROL64(A[1][4] ^ D[4], rhotates[1][4]); + B[2] = ROL64(A[2][0] ^ D[0], rhotates[2][0]); + B[3] = ROL64(A[3][1] ^ D[1], rhotates[3][1]); + B[4] = ROL64(A[4][2] ^ D[2], rhotates[4][2]); + + C[0] ^= A[2][0] = B[0] ^ (~B[1] & B[2]); + C[1] ^= A[3][1] = B[1] ^ (~B[2] & B[3]); + C[2] ^= A[4][2] = B[2] ^ (~B[3] & B[4]); + C[3] ^= A[0][3] = B[3] ^ (~B[4] & B[0]); + C[4] ^= A[1][4] = B[4] ^ (~B[0] & B[1]); + + B[0] = ROL64(A[0][1] ^ D[1], rhotates[0][1]); + B[1] = ROL64(A[1][2] ^ D[2], rhotates[1][2]); + B[2] = ROL64(A[2][3] ^ D[3], rhotates[2][3]); + B[3] = ROL64(A[3][4] ^ D[4], rhotates[3][4]); + B[4] = ROL64(A[4][0] ^ D[0], rhotates[4][0]); + + C[0] ^= A[4][0] = B[0] ^ (~B[1] & B[2]); + C[1] ^= A[0][1] = B[1] ^ (~B[2] & B[3]); + C[2] ^= A[1][2] = B[2] ^ (~B[3] & B[4]); + C[3] ^= A[2][3] = B[3] ^ (~B[4] & B[0]); + C[4] ^= A[3][4] = B[4] ^ (~B[0] & B[1]); + + B[0] = ROL64(A[0][4] ^ D[4], rhotates[0][4]); + B[1] = ROL64(A[1][0] ^ D[0], rhotates[1][0]); + B[2] = ROL64(A[2][1] ^ D[1], rhotates[2][1]); + B[3] = ROL64(A[3][2] ^ D[2], rhotates[3][2]); + B[4] = ROL64(A[4][3] ^ D[3], rhotates[4][3]); + + C[0] ^= A[1][0] = B[0] ^ (~B[1] & B[2]); + C[1] ^= A[2][1] = B[1] ^ (~B[2] & B[3]); + C[2] ^= A[3][2] = B[2] ^ (~B[3] & B[4]); + C[3] ^= A[4][3] = B[3] ^ (~B[4] & B[0]); + C[4] ^= A[0][4] = B[4] ^ (~B[0] & B[1]); + + B[0] = ROL64(A[0][2] ^ D[2], rhotates[0][2]); + B[1] = ROL64(A[1][3] ^ D[3], rhotates[1][3]); + B[2] = ROL64(A[2][4] ^ D[4], rhotates[2][4]); + B[3] = ROL64(A[3][0] ^ D[0], rhotates[3][0]); + B[4] = ROL64(A[4][1] ^ D[1], rhotates[4][1]); + + C[0] ^= A[3][0] = B[0] ^ (~B[1] & B[2]); + C[1] ^= A[4][1] = B[1] ^ (~B[2] & B[3]); + C[2] ^= A[0][2] = B[2] ^ (~B[3] & B[4]); + C[3] ^= A[1][3] = B[3] ^ (~B[4] & B[0]); + C[4] ^= A[2][4] = B[4] ^ (~B[0] & B[1]); + + /* Round 4*n+1 */ + D[0] = ROL64(C[1], 1) ^ C[4]; + D[1] = ROL64(C[2], 1) ^ C[0]; + D[2] = ROL64(C[3], 1) ^ C[1]; + D[3] = ROL64(C[4], 1) ^ C[2]; + D[4] = ROL64(C[0], 1) ^ C[3]; + + B[0] = A[0][0] ^ D[0]; /* rotate by 0 */ + B[1] = ROL64(A[3][1] ^ D[1], rhotates[1][1]); + B[2] = ROL64(A[1][2] ^ D[2], rhotates[2][2]); + B[3] = ROL64(A[4][3] ^ D[3], rhotates[3][3]); + B[4] = ROL64(A[2][4] ^ D[4], rhotates[4][4]); + + C[0] = A[0][0] = B[0] ^ (~B[1] & B[2]) ^ iotas[i + 1]; + C[1] = A[3][1] = B[1] ^ (~B[2] & B[3]); + C[2] = A[1][2] = B[2] ^ (~B[3] & B[4]); + C[3] = A[4][3] = B[3] ^ (~B[4] & B[0]); + C[4] = A[2][4] = B[4] ^ (~B[0] & B[1]); + + B[0] = ROL64(A[3][3] ^ D[3], rhotates[0][3]); + B[1] = ROL64(A[1][4] ^ D[4], rhotates[1][4]); + B[2] = ROL64(A[4][0] ^ D[0], rhotates[2][0]); + B[3] = ROL64(A[2][1] ^ D[1], rhotates[3][1]); + B[4] = ROL64(A[0][2] ^ D[2], rhotates[4][2]); + + C[0] ^= A[4][0] = B[0] ^ (~B[1] & B[2]); + C[1] ^= A[2][1] = B[1] ^ (~B[2] & B[3]); + C[2] ^= A[0][2] = B[2] ^ (~B[3] & B[4]); + C[3] ^= A[3][3] = B[3] ^ (~B[4] & B[0]); + C[4] ^= A[1][4] = B[4] ^ (~B[0] & B[1]); + + B[0] = ROL64(A[1][1] ^ D[1], rhotates[0][1]); + B[1] = ROL64(A[4][2] ^ D[2], rhotates[1][2]); + B[2] = ROL64(A[2][3] ^ D[3], rhotates[2][3]); + B[3] = ROL64(A[0][4] ^ D[4], rhotates[3][4]); + B[4] = ROL64(A[3][0] ^ D[0], rhotates[4][0]); + + C[0] ^= A[3][0] = B[0] ^ (~B[1] & B[2]); + C[1] ^= A[1][1] = B[1] ^ (~B[2] & B[3]); + C[2] ^= A[4][2] = B[2] ^ (~B[3] & B[4]); + C[3] ^= A[2][3] = B[3] ^ (~B[4] & B[0]); + C[4] ^= A[0][4] = B[4] ^ (~B[0] & B[1]); + + B[0] = ROL64(A[4][4] ^ D[4], rhotates[0][4]); + B[1] = ROL64(A[2][0] ^ D[0], rhotates[1][0]); + B[2] = ROL64(A[0][1] ^ D[1], rhotates[2][1]); + B[3] = ROL64(A[3][2] ^ D[2], rhotates[3][2]); + B[4] = ROL64(A[1][3] ^ D[3], rhotates[4][3]); + + C[0] ^= A[2][0] = B[0] ^ (~B[1] & B[2]); + C[1] ^= A[0][1] = B[1] ^ (~B[2] & B[3]); + C[2] ^= A[3][2] = B[2] ^ (~B[3] & B[4]); + C[3] ^= A[1][3] = B[3] ^ (~B[4] & B[0]); + C[4] ^= A[4][4] = B[4] ^ (~B[0] & B[1]); + + B[0] = ROL64(A[2][2] ^ D[2], rhotates[0][2]); + B[1] = ROL64(A[0][3] ^ D[3], rhotates[1][3]); + B[2] = ROL64(A[3][4] ^ D[4], rhotates[2][4]); + B[3] = ROL64(A[1][0] ^ D[0], rhotates[3][0]); + B[4] = ROL64(A[4][1] ^ D[1], rhotates[4][1]); + + C[0] ^= A[1][0] = B[0] ^ (~B[1] & B[2]); + C[1] ^= A[4][1] = B[1] ^ (~B[2] & B[3]); + C[2] ^= A[2][2] = B[2] ^ (~B[3] & B[4]); + C[3] ^= A[0][3] = B[3] ^ (~B[4] & B[0]); + C[4] ^= A[3][4] = B[4] ^ (~B[0] & B[1]); + + /* Round 4*n+2 */ + D[0] = ROL64(C[1], 1) ^ C[4]; + D[1] = ROL64(C[2], 1) ^ C[0]; + D[2] = ROL64(C[3], 1) ^ C[1]; + D[3] = ROL64(C[4], 1) ^ C[2]; + D[4] = ROL64(C[0], 1) ^ C[3]; + + B[0] = A[0][0] ^ D[0]; /* rotate by 0 */ + B[1] = ROL64(A[2][1] ^ D[1], rhotates[1][1]); + B[2] = ROL64(A[4][2] ^ D[2], rhotates[2][2]); + B[3] = ROL64(A[1][3] ^ D[3], rhotates[3][3]); + B[4] = ROL64(A[3][4] ^ D[4], rhotates[4][4]); + + C[0] = A[0][0] = B[0] ^ (~B[1] & B[2]) ^ iotas[i + 2]; + C[1] = A[2][1] = B[1] ^ (~B[2] & B[3]); + C[2] = A[4][2] = B[2] ^ (~B[3] & B[4]); + C[3] = A[1][3] = B[3] ^ (~B[4] & B[0]); + C[4] = A[3][4] = B[4] ^ (~B[0] & B[1]); + + B[0] = ROL64(A[4][3] ^ D[3], rhotates[0][3]); + B[1] = ROL64(A[1][4] ^ D[4], rhotates[1][4]); + B[2] = ROL64(A[3][0] ^ D[0], rhotates[2][0]); + B[3] = ROL64(A[0][1] ^ D[1], rhotates[3][1]); + B[4] = ROL64(A[2][2] ^ D[2], rhotates[4][2]); + + C[0] ^= A[3][0] = B[0] ^ (~B[1] & B[2]); + C[1] ^= A[0][1] = B[1] ^ (~B[2] & B[3]); + C[2] ^= A[2][2] = B[2] ^ (~B[3] & B[4]); + C[3] ^= A[4][3] = B[3] ^ (~B[4] & B[0]); + C[4] ^= A[1][4] = B[4] ^ (~B[0] & B[1]); + + B[0] = ROL64(A[3][1] ^ D[1], rhotates[0][1]); + B[1] = ROL64(A[0][2] ^ D[2], rhotates[1][2]); + B[2] = ROL64(A[2][3] ^ D[3], rhotates[2][3]); + B[3] = ROL64(A[4][4] ^ D[4], rhotates[3][4]); + B[4] = ROL64(A[1][0] ^ D[0], rhotates[4][0]); + + C[0] ^= A[1][0] = B[0] ^ (~B[1] & B[2]); + C[1] ^= A[3][1] = B[1] ^ (~B[2] & B[3]); + C[2] ^= A[0][2] = B[2] ^ (~B[3] & B[4]); + C[3] ^= A[2][3] = B[3] ^ (~B[4] & B[0]); + C[4] ^= A[4][4] = B[4] ^ (~B[0] & B[1]); + + B[0] = ROL64(A[2][4] ^ D[4], rhotates[0][4]); + B[1] = ROL64(A[4][0] ^ D[0], rhotates[1][0]); + B[2] = ROL64(A[1][1] ^ D[1], rhotates[2][1]); + B[3] = ROL64(A[3][2] ^ D[2], rhotates[3][2]); + B[4] = ROL64(A[0][3] ^ D[3], rhotates[4][3]); + + C[0] ^= A[4][0] = B[0] ^ (~B[1] & B[2]); + C[1] ^= A[1][1] = B[1] ^ (~B[2] & B[3]); + C[2] ^= A[3][2] = B[2] ^ (~B[3] & B[4]); + C[3] ^= A[0][3] = B[3] ^ (~B[4] & B[0]); + C[4] ^= A[2][4] = B[4] ^ (~B[0] & B[1]); + + B[0] = ROL64(A[1][2] ^ D[2], rhotates[0][2]); + B[1] = ROL64(A[3][3] ^ D[3], rhotates[1][3]); + B[2] = ROL64(A[0][4] ^ D[4], rhotates[2][4]); + B[3] = ROL64(A[2][0] ^ D[0], rhotates[3][0]); + B[4] = ROL64(A[4][1] ^ D[1], rhotates[4][1]); + + C[0] ^= A[2][0] = B[0] ^ (~B[1] & B[2]); + C[1] ^= A[4][1] = B[1] ^ (~B[2] & B[3]); + C[2] ^= A[1][2] = B[2] ^ (~B[3] & B[4]); + C[3] ^= A[3][3] = B[3] ^ (~B[4] & B[0]); + C[4] ^= A[0][4] = B[4] ^ (~B[0] & B[1]); + + /* Round 4*n+3 */ + D[0] = ROL64(C[1], 1) ^ C[4]; + D[1] = ROL64(C[2], 1) ^ C[0]; + D[2] = ROL64(C[3], 1) ^ C[1]; + D[3] = ROL64(C[4], 1) ^ C[2]; + D[4] = ROL64(C[0], 1) ^ C[3]; + + B[0] = A[0][0] ^ D[0]; /* rotate by 0 */ + B[1] = ROL64(A[0][1] ^ D[1], rhotates[1][1]); + B[2] = ROL64(A[0][2] ^ D[2], rhotates[2][2]); + B[3] = ROL64(A[0][3] ^ D[3], rhotates[3][3]); + B[4] = ROL64(A[0][4] ^ D[4], rhotates[4][4]); + + /* C[0] = */ A[0][0] = B[0] ^ (~B[1] & B[2]) ^ iotas[i + 3]; + /* C[1] = */ A[0][1] = B[1] ^ (~B[2] & B[3]); + /* C[2] = */ A[0][2] = B[2] ^ (~B[3] & B[4]); + /* C[3] = */ A[0][3] = B[3] ^ (~B[4] & B[0]); + /* C[4] = */ A[0][4] = B[4] ^ (~B[0] & B[1]); + + B[0] = ROL64(A[1][3] ^ D[3], rhotates[0][3]); + B[1] = ROL64(A[1][4] ^ D[4], rhotates[1][4]); + B[2] = ROL64(A[1][0] ^ D[0], rhotates[2][0]); + B[3] = ROL64(A[1][1] ^ D[1], rhotates[3][1]); + B[4] = ROL64(A[1][2] ^ D[2], rhotates[4][2]); + + /* C[0] ^= */ A[1][0] = B[0] ^ (~B[1] & B[2]); + /* C[1] ^= */ A[1][1] = B[1] ^ (~B[2] & B[3]); + /* C[2] ^= */ A[1][2] = B[2] ^ (~B[3] & B[4]); + /* C[3] ^= */ A[1][3] = B[3] ^ (~B[4] & B[0]); + /* C[4] ^= */ A[1][4] = B[4] ^ (~B[0] & B[1]); + + B[0] = ROL64(A[2][1] ^ D[1], rhotates[0][1]); + B[1] = ROL64(A[2][2] ^ D[2], rhotates[1][2]); + B[2] = ROL64(A[2][3] ^ D[3], rhotates[2][3]); + B[3] = ROL64(A[2][4] ^ D[4], rhotates[3][4]); + B[4] = ROL64(A[2][0] ^ D[0], rhotates[4][0]); + + /* C[0] ^= */ A[2][0] = B[0] ^ (~B[1] & B[2]); + /* C[1] ^= */ A[2][1] = B[1] ^ (~B[2] & B[3]); + /* C[2] ^= */ A[2][2] = B[2] ^ (~B[3] & B[4]); + /* C[3] ^= */ A[2][3] = B[3] ^ (~B[4] & B[0]); + /* C[4] ^= */ A[2][4] = B[4] ^ (~B[0] & B[1]); + + B[0] = ROL64(A[3][4] ^ D[4], rhotates[0][4]); + B[1] = ROL64(A[3][0] ^ D[0], rhotates[1][0]); + B[2] = ROL64(A[3][1] ^ D[1], rhotates[2][1]); + B[3] = ROL64(A[3][2] ^ D[2], rhotates[3][2]); + B[4] = ROL64(A[3][3] ^ D[3], rhotates[4][3]); + + /* C[0] ^= */ A[3][0] = B[0] ^ (~B[1] & B[2]); + /* C[1] ^= */ A[3][1] = B[1] ^ (~B[2] & B[3]); + /* C[2] ^= */ A[3][2] = B[2] ^ (~B[3] & B[4]); + /* C[3] ^= */ A[3][3] = B[3] ^ (~B[4] & B[0]); + /* C[4] ^= */ A[3][4] = B[4] ^ (~B[0] & B[1]); + + B[0] = ROL64(A[4][2] ^ D[2], rhotates[0][2]); + B[1] = ROL64(A[4][3] ^ D[3], rhotates[1][3]); + B[2] = ROL64(A[4][4] ^ D[4], rhotates[2][4]); + B[3] = ROL64(A[4][0] ^ D[0], rhotates[3][0]); + B[4] = ROL64(A[4][1] ^ D[1], rhotates[4][1]); + + /* C[0] ^= */ A[4][0] = B[0] ^ (~B[1] & B[2]); + /* C[1] ^= */ A[4][1] = B[1] ^ (~B[2] & B[3]); + /* C[2] ^= */ A[4][2] = B[2] ^ (~B[3] & B[4]); + /* C[3] ^= */ A[4][3] = B[3] ^ (~B[4] & B[0]); + /* C[4] ^= */ A[4][4] = B[4] ^ (~B[0] & B[1]); +} + +static void KeccakF1600(uint64_t A[5][5]) +{ + size_t i; + + for (i = 0; i < 24; i += 4) { + FourRounds(A, i); + } +} + +#endif + +static uint64_t BitInterleave(uint64_t Ai) +{ + if (BIT_INTERLEAVE) { + uint32_t hi = (uint32_t)(Ai >> 32), lo = (uint32_t)Ai; + uint32_t t0, t1; + + t0 = lo & 0x55555555; + t0 |= t0 >> 1; t0 &= 0x33333333; + t0 |= t0 >> 2; t0 &= 0x0f0f0f0f; + t0 |= t0 >> 4; t0 &= 0x00ff00ff; + t0 |= t0 >> 8; t0 &= 0x0000ffff; + + t1 = hi & 0x55555555; + t1 |= t1 >> 1; t1 &= 0x33333333; + t1 |= t1 >> 2; t1 &= 0x0f0f0f0f; + t1 |= t1 >> 4; t1 &= 0x00ff00ff; + t1 |= t1 >> 8; t1 <<= 16; + + lo &= 0xaaaaaaaa; + lo |= lo << 1; lo &= 0xcccccccc; + lo |= lo << 2; lo &= 0xf0f0f0f0; + lo |= lo << 4; lo &= 0xff00ff00; + lo |= lo << 8; lo >>= 16; + + hi &= 0xaaaaaaaa; + hi |= hi << 1; hi &= 0xcccccccc; + hi |= hi << 2; hi &= 0xf0f0f0f0; + hi |= hi << 4; hi &= 0xff00ff00; + hi |= hi << 8; hi &= 0xffff0000; + + Ai = ((uint64_t)(hi | lo) << 32) | (t1 | t0); + } + + return Ai; +} + +static uint64_t BitDeinterleave(uint64_t Ai) +{ + if (BIT_INTERLEAVE) { + uint32_t hi = (uint32_t)(Ai >> 32), lo = (uint32_t)Ai; + uint32_t t0, t1; + + t0 = lo & 0x0000ffff; + t0 |= t0 << 8; t0 &= 0x00ff00ff; + t0 |= t0 << 4; t0 &= 0x0f0f0f0f; + t0 |= t0 << 2; t0 &= 0x33333333; + t0 |= t0 << 1; t0 &= 0x55555555; + + t1 = hi << 16; + t1 |= t1 >> 8; t1 &= 0xff00ff00; + t1 |= t1 >> 4; t1 &= 0xf0f0f0f0; + t1 |= t1 >> 2; t1 &= 0xcccccccc; + t1 |= t1 >> 1; t1 &= 0xaaaaaaaa; + + lo >>= 16; + lo |= lo << 8; lo &= 0x00ff00ff; + lo |= lo << 4; lo &= 0x0f0f0f0f; + lo |= lo << 2; lo &= 0x33333333; + lo |= lo << 1; lo &= 0x55555555; + + hi &= 0xffff0000; + hi |= hi >> 8; hi &= 0xff00ff00; + hi |= hi >> 4; hi &= 0xf0f0f0f0; + hi |= hi >> 2; hi &= 0xcccccccc; + hi |= hi >> 1; hi &= 0xaaaaaaaa; + + Ai = ((uint64_t)(hi | lo) << 32) | (t1 | t0); + } + + return Ai; +} + +/* + * SHA3_absorb can be called multiple times, but at each invocation + * largest multiple of |r| out of |len| bytes are processed. Then + * remaining amount of bytes is returned. This is done to spare caller + * trouble of calculating the largest multiple of |r|. |r| can be viewed + * as blocksize. It is commonly (1600 - 256*n)/8, e.g. 168, 136, 104, + * 72, but can also be (1600 - 448)/8 = 144. All this means that message + * padding and intermediate sub-block buffering, byte- or bitwise, is + * caller's responsibility. + */ +size_t SHA3_absorb(uint64_t A[5][5], const unsigned char *inp, size_t len, + size_t r) +{ + uint64_t *A_flat = (uint64_t *)A; + size_t i, w = r / 8; + + assert(r < (25 * sizeof(A[0][0])) && (r % 8) == 0); + + while (len >= r) { + for (i = 0; i < w; i++) { + uint64_t Ai = (uint64_t)inp[0] | (uint64_t)inp[1] << 8 | + (uint64_t)inp[2] << 16 | (uint64_t)inp[3] << 24 | + (uint64_t)inp[4] << 32 | (uint64_t)inp[5] << 40 | + (uint64_t)inp[6] << 48 | (uint64_t)inp[7] << 56; + inp += 8; + + A_flat[i] ^= BitInterleave(Ai); + } + KeccakF1600(A); + len -= r; + } + + return len; +} + +/* + * SHA3_squeeze is called once at the end to generate |out| hash value + * of |len| bytes. + */ +void SHA3_squeeze(uint64_t A[5][5], unsigned char *out, size_t len, size_t r) +{ + uint64_t *A_flat = (uint64_t *)A; + size_t i, w = r / 8; + + assert(r < (25 * sizeof(A[0][0])) && (r % 8) == 0); + + while (len != 0) { + for (i = 0; i < w && len != 0; i++) { + uint64_t Ai = BitDeinterleave(A_flat[i]); + + if (len < 8) { + for (i = 0; i < len; i++) { + *out++ = (unsigned char)Ai; + Ai >>= 8; + } + return; + } + + out[0] = (unsigned char)(Ai); + out[1] = (unsigned char)(Ai >> 8); + out[2] = (unsigned char)(Ai >> 16); + out[3] = (unsigned char)(Ai >> 24); + out[4] = (unsigned char)(Ai >> 32); + out[5] = (unsigned char)(Ai >> 40); + out[6] = (unsigned char)(Ai >> 48); + out[7] = (unsigned char)(Ai >> 56); + out += 8; + len -= 8; + } + if (len) + KeccakF1600(A); + } +} +#endif + +#ifdef SELFTEST +/* + * Post-padding one-shot implementations would look as following: + * + * SHA3_224 SHA3_sponge(inp, len, out, 224/8, (1600-448)/8); + * SHA3_256 SHA3_sponge(inp, len, out, 256/8, (1600-512)/8); + * SHA3_384 SHA3_sponge(inp, len, out, 384/8, (1600-768)/8); + * SHA3_512 SHA3_sponge(inp, len, out, 512/8, (1600-1024)/8); + * SHAKE_128 SHA3_sponge(inp, len, out, d, (1600-256)/8); + * SHAKE_256 SHA3_sponge(inp, len, out, d, (1600-512)/8); + */ + +void SHA3_sponge(const unsigned char *inp, size_t len, + unsigned char *out, size_t d, size_t r) +{ + uint64_t A[5][5]; + + memset(A, 0, sizeof(A)); + SHA3_absorb(A, inp, len, r); + SHA3_squeeze(A, out, d, r); +} + +# include + +int main() +{ + /* + * This is 5-bit SHAKE128 test from http://csrc.nist.gov/groups/ST/toolkit/examples.html#aHashing + */ + unsigned char test[168] = { '\xf3', '\x3' }; + unsigned char out[512]; + size_t i; + static const unsigned char result[512] = { + 0x2E, 0x0A, 0xBF, 0xBA, 0x83, 0xE6, 0x72, 0x0B, + 0xFB, 0xC2, 0x25, 0xFF, 0x6B, 0x7A, 0xB9, 0xFF, + 0xCE, 0x58, 0xBA, 0x02, 0x7E, 0xE3, 0xD8, 0x98, + 0x76, 0x4F, 0xEF, 0x28, 0x7D, 0xDE, 0xCC, 0xCA, + 0x3E, 0x6E, 0x59, 0x98, 0x41, 0x1E, 0x7D, 0xDB, + 0x32, 0xF6, 0x75, 0x38, 0xF5, 0x00, 0xB1, 0x8C, + 0x8C, 0x97, 0xC4, 0x52, 0xC3, 0x70, 0xEA, 0x2C, + 0xF0, 0xAF, 0xCA, 0x3E, 0x05, 0xDE, 0x7E, 0x4D, + 0xE2, 0x7F, 0xA4, 0x41, 0xA9, 0xCB, 0x34, 0xFD, + 0x17, 0xC9, 0x78, 0xB4, 0x2D, 0x5B, 0x7E, 0x7F, + 0x9A, 0xB1, 0x8F, 0xFE, 0xFF, 0xC3, 0xC5, 0xAC, + 0x2F, 0x3A, 0x45, 0x5E, 0xEB, 0xFD, 0xC7, 0x6C, + 0xEA, 0xEB, 0x0A, 0x2C, 0xCA, 0x22, 0xEE, 0xF6, + 0xE6, 0x37, 0xF4, 0xCA, 0xBE, 0x5C, 0x51, 0xDE, + 0xD2, 0xE3, 0xFA, 0xD8, 0xB9, 0x52, 0x70, 0xA3, + 0x21, 0x84, 0x56, 0x64, 0xF1, 0x07, 0xD1, 0x64, + 0x96, 0xBB, 0x7A, 0xBF, 0xBE, 0x75, 0x04, 0xB6, + 0xED, 0xE2, 0xE8, 0x9E, 0x4B, 0x99, 0x6F, 0xB5, + 0x8E, 0xFD, 0xC4, 0x18, 0x1F, 0x91, 0x63, 0x38, + 0x1C, 0xBE, 0x7B, 0xC0, 0x06, 0xA7, 0xA2, 0x05, + 0x98, 0x9C, 0x52, 0x6C, 0xD1, 0xBD, 0x68, 0x98, + 0x36, 0x93, 0xB4, 0xBD, 0xC5, 0x37, 0x28, 0xB2, + 0x41, 0xC1, 0xCF, 0xF4, 0x2B, 0xB6, 0x11, 0x50, + 0x2C, 0x35, 0x20, 0x5C, 0xAB, 0xB2, 0x88, 0x75, + 0x56, 0x55, 0xD6, 0x20, 0xC6, 0x79, 0x94, 0xF0, + 0x64, 0x51, 0x18, 0x7F, 0x6F, 0xD1, 0x7E, 0x04, + 0x66, 0x82, 0xBA, 0x12, 0x86, 0x06, 0x3F, 0xF8, + 0x8F, 0xE2, 0x50, 0x8D, 0x1F, 0xCA, 0xF9, 0x03, + 0x5A, 0x12, 0x31, 0xAD, 0x41, 0x50, 0xA9, 0xC9, + 0xB2, 0x4C, 0x9B, 0x2D, 0x66, 0xB2, 0xAD, 0x1B, + 0xDE, 0x0B, 0xD0, 0xBB, 0xCB, 0x8B, 0xE0, 0x5B, + 0x83, 0x52, 0x29, 0xEF, 0x79, 0x19, 0x73, 0x73, + 0x23, 0x42, 0x44, 0x01, 0xE1, 0xD8, 0x37, 0xB6, + 0x6E, 0xB4, 0xE6, 0x30, 0xFF, 0x1D, 0xE7, 0x0C, + 0xB3, 0x17, 0xC2, 0xBA, 0xCB, 0x08, 0x00, 0x1D, + 0x34, 0x77, 0xB7, 0xA7, 0x0A, 0x57, 0x6D, 0x20, + 0x86, 0x90, 0x33, 0x58, 0x9D, 0x85, 0xA0, 0x1D, + 0xDB, 0x2B, 0x66, 0x46, 0xC0, 0x43, 0xB5, 0x9F, + 0xC0, 0x11, 0x31, 0x1D, 0xA6, 0x66, 0xFA, 0x5A, + 0xD1, 0xD6, 0x38, 0x7F, 0xA9, 0xBC, 0x40, 0x15, + 0xA3, 0x8A, 0x51, 0xD1, 0xDA, 0x1E, 0xA6, 0x1D, + 0x64, 0x8D, 0xC8, 0xE3, 0x9A, 0x88, 0xB9, 0xD6, + 0x22, 0xBD, 0xE2, 0x07, 0xFD, 0xAB, 0xC6, 0xF2, + 0x82, 0x7A, 0x88, 0x0C, 0x33, 0x0B, 0xBF, 0x6D, + 0xF7, 0x33, 0x77, 0x4B, 0x65, 0x3E, 0x57, 0x30, + 0x5D, 0x78, 0xDC, 0xE1, 0x12, 0xF1, 0x0A, 0x2C, + 0x71, 0xF4, 0xCD, 0xAD, 0x92, 0xED, 0x11, 0x3E, + 0x1C, 0xEA, 0x63, 0xB9, 0x19, 0x25, 0xED, 0x28, + 0x19, 0x1E, 0x6D, 0xBB, 0xB5, 0xAA, 0x5A, 0x2A, + 0xFD, 0xA5, 0x1F, 0xC0, 0x5A, 0x3A, 0xF5, 0x25, + 0x8B, 0x87, 0x66, 0x52, 0x43, 0x55, 0x0F, 0x28, + 0x94, 0x8A, 0xE2, 0xB8, 0xBE, 0xB6, 0xBC, 0x9C, + 0x77, 0x0B, 0x35, 0xF0, 0x67, 0xEA, 0xA6, 0x41, + 0xEF, 0xE6, 0x5B, 0x1A, 0x44, 0x90, 0x9D, 0x1B, + 0x14, 0x9F, 0x97, 0xEE, 0xA6, 0x01, 0x39, 0x1C, + 0x60, 0x9E, 0xC8, 0x1D, 0x19, 0x30, 0xF5, 0x7C, + 0x18, 0xA4, 0xE0, 0xFA, 0xB4, 0x91, 0xD1, 0xCA, + 0xDF, 0xD5, 0x04, 0x83, 0x44, 0x9E, 0xDC, 0x0F, + 0x07, 0xFF, 0xB2, 0x4D, 0x2C, 0x6F, 0x9A, 0x9A, + 0x3B, 0xFF, 0x39, 0xAE, 0x3D, 0x57, 0xF5, 0x60, + 0x65, 0x4D, 0x7D, 0x75, 0xC9, 0x08, 0xAB, 0xE6, + 0x25, 0x64, 0x75, 0x3E, 0xAC, 0x39, 0xD7, 0x50, + 0x3D, 0xA6, 0xD3, 0x7C, 0x2E, 0x32, 0xE1, 0xAF, + 0x3B, 0x8A, 0xEC, 0x8A, 0xE3, 0x06, 0x9C, 0xD9 + }; + + test[167] = '\x80'; + SHA3_sponge(test, sizeof(test), out, sizeof(out), sizeof(test)); + + /* + * Rationale behind keeping output [formatted as below] is that + * one should be able to redirect it to a file, then copy-n-paste + * final "output val" from official example to another file, and + * compare the two with diff(1). + */ + for (i = 0; i < sizeof(out);) { + printf("%02X", out[i]); + printf(++i % 16 && i != sizeof(out) ? " " : "\n"); + } + + if (memcmp(out,result,sizeof(out))) { + fprintf(stderr,"failure\n"); + return 1; + } else { + fprintf(stderr,"success\n"); + return 0; + } +} +#endif diff --git a/deps/openssl/openssl/crypto/sha/sha1_one.c b/deps/openssl/openssl/crypto/sha/sha1_one.c index 273ab08dc18f28..e5b38211d2daca 100644 --- a/deps/openssl/openssl/crypto/sha/sha1_one.c +++ b/deps/openssl/openssl/crypto/sha/sha1_one.c @@ -24,5 +24,5 @@ unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md) SHA1_Update(&c, d, n); SHA1_Final(md, &c); OPENSSL_cleanse(&c, sizeof(c)); - return (md); + return md; } diff --git a/deps/openssl/openssl/crypto/sha/sha256.c b/deps/openssl/openssl/crypto/sha/sha256.c index 5e7ba439f9816d..bf78f075eefbc8 100644 --- a/deps/openssl/openssl/crypto/sha/sha256.c +++ b/deps/openssl/openssl/crypto/sha/sha256.c @@ -57,7 +57,7 @@ unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md) SHA256_Update(&c, d, n); SHA256_Final(md, &c); OPENSSL_cleanse(&c, sizeof(c)); - return (md); + return md; } unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md) @@ -71,7 +71,7 @@ unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md) SHA256_Update(&c, d, n); SHA256_Final(md, &c); OPENSSL_cleanse(&c, sizeof(c)); - return (md); + return md; } int SHA224_Update(SHA256_CTX *c, const void *data, size_t len) diff --git a/deps/openssl/openssl/crypto/sha/sha512.c b/deps/openssl/openssl/crypto/sha/sha512.c index e94de4370b61c9..50b65ee811d661 100644 --- a/deps/openssl/openssl/crypto/sha/sha512.c +++ b/deps/openssl/openssl/crypto/sha/sha512.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -41,7 +41,6 @@ * As this implementation relies on 64-bit integer type, it's totally * inappropriate for platforms which don't support it, most notably * 16-bit platforms. - * */ #include #include @@ -51,6 +50,7 @@ #include #include "internal/cryptlib.h" +#include "internal/sha.h" #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \ @@ -60,6 +60,42 @@ # define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA #endif +int sha512_224_init(SHA512_CTX *c) +{ + c->h[0] = U64(0x8c3d37c819544da2); + c->h[1] = U64(0x73e1996689dcd4d6); + c->h[2] = U64(0x1dfab7ae32ff9c82); + c->h[3] = U64(0x679dd514582f9fcf); + c->h[4] = U64(0x0f6d2b697bd44da8); + c->h[5] = U64(0x77e36f7304c48942); + c->h[6] = U64(0x3f9d85a86a1d36c8); + c->h[7] = U64(0x1112e6ad91d692a1); + + c->Nl = 0; + c->Nh = 0; + c->num = 0; + c->md_len = SHA224_DIGEST_LENGTH; + return 1; +} + +int sha512_256_init(SHA512_CTX *c) +{ + c->h[0] = U64(0x22312194fc2bf72c); + c->h[1] = U64(0x9f555fa3c84c64c2); + c->h[2] = U64(0x2393b86b6f53b151); + c->h[3] = U64(0x963877195940eabd); + c->h[4] = U64(0x96283ee2a88effe3); + c->h[5] = U64(0xbe5e1e2553863992); + c->h[6] = U64(0x2b0199fc2c85b8aa); + c->h[7] = U64(0x0eb72ddc81c52ca2); + + c->Nl = 0; + c->Nh = 0; + c->num = 0; + c->md_len = SHA256_DIGEST_LENGTH; + return 1; +} + int SHA384_Init(SHA512_CTX *c) { c->h[0] = U64(0xcbbb9d5dc1059ed8); @@ -144,6 +180,46 @@ int SHA512_Final(unsigned char *md, SHA512_CTX *c) switch (c->md_len) { /* Let compiler decide if it's appropriate to unroll... */ + case SHA224_DIGEST_LENGTH: + for (n = 0; n < SHA224_DIGEST_LENGTH / 8; n++) { + SHA_LONG64 t = c->h[n]; + + *(md++) = (unsigned char)(t >> 56); + *(md++) = (unsigned char)(t >> 48); + *(md++) = (unsigned char)(t >> 40); + *(md++) = (unsigned char)(t >> 32); + *(md++) = (unsigned char)(t >> 24); + *(md++) = (unsigned char)(t >> 16); + *(md++) = (unsigned char)(t >> 8); + *(md++) = (unsigned char)(t); + } + /* + * For 224 bits, there are four bytes left over that have to be + * processed separately. + */ + { + SHA_LONG64 t = c->h[SHA224_DIGEST_LENGTH / 8]; + + *(md++) = (unsigned char)(t >> 56); + *(md++) = (unsigned char)(t >> 48); + *(md++) = (unsigned char)(t >> 40); + *(md++) = (unsigned char)(t >> 32); + } + break; + case SHA256_DIGEST_LENGTH: + for (n = 0; n < SHA256_DIGEST_LENGTH / 8; n++) { + SHA_LONG64 t = c->h[n]; + + *(md++) = (unsigned char)(t >> 56); + *(md++) = (unsigned char)(t >> 48); + *(md++) = (unsigned char)(t >> 40); + *(md++) = (unsigned char)(t >> 32); + *(md++) = (unsigned char)(t >> 24); + *(md++) = (unsigned char)(t >> 16); + *(md++) = (unsigned char)(t >> 8); + *(md++) = (unsigned char)(t); + } + break; case SHA384_DIGEST_LENGTH: for (n = 0; n < SHA384_DIGEST_LENGTH / 8; n++) { SHA_LONG64 t = c->h[n]; @@ -258,7 +334,7 @@ unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md) SHA512_Update(&c, d, n); SHA512_Final(md, &c); OPENSSL_cleanse(&c, sizeof(c)); - return (md); + return md; } unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md) @@ -272,7 +348,7 @@ unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md) SHA512_Update(&c, d, n); SHA512_Final(md, &c); OPENSSL_cleanse(&c, sizeof(c)); - return (md); + return md; } #ifndef SHA512_ASM @@ -399,9 +475,6 @@ static SHA_LONG64 __fastcall __pull64be(const void *x) } # endif # define PULL64(x) __pull64be(&(x)) -# if _MSC_VER<=1200 -# pragma inline_depth(0) -# endif # endif # endif # endif diff --git a/deps/openssl/openssl/crypto/sha/sha_locl.h b/deps/openssl/openssl/crypto/sha/sha_locl.h index 918278a83f356f..4e5a0903826789 100644 --- a/deps/openssl/openssl/crypto/sha/sha_locl.h +++ b/deps/openssl/openssl/crypto/sha/sha_locl.h @@ -67,11 +67,12 @@ int HASH_INIT(SHA_CTX *c) #define K_60_79 0xca62c1d6UL /* - * As pointed out by Wei Dai , F() below can be simplified - * to the code in F_00_19. Wei attributes these optimisations to Peter - * Gutmann's SHS code, and he attributes it to Rich Schroeppel. #define - * F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) I've just become aware of another - * tweak to be made, again from Wei Dai, in F_40_59, (x&a)|(y&a) -> (x|y)&a + * As pointed out by Wei Dai, F() below can be simplified to the code in + * F_00_19. Wei attributes these optimizations to Peter Gutmann's SHS code, + * and he attributes it to Rich Schroeppel. + * #define F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) + * I've just become aware of another tweak to be made, again from Wei Dai, + * in F_40_59, (x&a)|(y&a) -> (x|y)&a */ #define F_00_19(b,c,d) ((((c) ^ (d)) & (b)) ^ (d)) #define F_20_39(b,c,d) ((b) ^ (c) ^ (d)) @@ -120,7 +121,6 @@ int HASH_INIT(SHA_CTX *c) * "find" this expectation reasonable:-( On order to make such * compilers generate better code I replace X[] with a bunch of * X0, X1, etc. See the function body below... - * */ # define X(i) XX##i # else diff --git a/deps/openssl/openssl/crypto/siphash/build.info b/deps/openssl/openssl/crypto/siphash/build.info new file mode 100644 index 00000000000000..4166344a5bfb60 --- /dev/null +++ b/deps/openssl/openssl/crypto/siphash/build.info @@ -0,0 +1,5 @@ +LIBS=../../libcrypto +SOURCE[../../libcrypto]=\ + siphash.c \ + siphash_pmeth.c \ + siphash_ameth.c diff --git a/deps/openssl/openssl/crypto/siphash/siphash.c b/deps/openssl/openssl/crypto/siphash/siphash.c new file mode 100644 index 00000000000000..be74a38d934df7 --- /dev/null +++ b/deps/openssl/openssl/crypto/siphash/siphash.c @@ -0,0 +1,260 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Based on https://131002.net/siphash C reference implementation */ +/* + SipHash reference C implementation + + Copyright (c) 2012-2016 Jean-Philippe Aumasson + Copyright (c) 2012-2014 Daniel J. Bernstein + + To the extent possible under law, the author(s) have dedicated all copyright + and related and neighboring rights to this software to the public domain + worldwide. This software is distributed without any warranty. + + You should have received a copy of the CC0 Public Domain Dedication along + with this software. If not, see + . + */ + +#include +#include +#include + +#include "internal/siphash.h" +#include "siphash_local.h" + +/* default: SipHash-2-4 */ +#define SIPHASH_C_ROUNDS 2 +#define SIPHASH_D_ROUNDS 4 + +#define ROTL(x, b) (uint64_t)(((x) << (b)) | ((x) >> (64 - (b)))) + +#define U32TO8_LE(p, v) \ + (p)[0] = (uint8_t)((v)); \ + (p)[1] = (uint8_t)((v) >> 8); \ + (p)[2] = (uint8_t)((v) >> 16); \ + (p)[3] = (uint8_t)((v) >> 24); + +#define U64TO8_LE(p, v) \ + U32TO8_LE((p), (uint32_t)((v))); \ + U32TO8_LE((p) + 4, (uint32_t)((v) >> 32)); + +#define U8TO64_LE(p) \ + (((uint64_t)((p)[0])) | ((uint64_t)((p)[1]) << 8) | \ + ((uint64_t)((p)[2]) << 16) | ((uint64_t)((p)[3]) << 24) | \ + ((uint64_t)((p)[4]) << 32) | ((uint64_t)((p)[5]) << 40) | \ + ((uint64_t)((p)[6]) << 48) | ((uint64_t)((p)[7]) << 56)) + +#define SIPROUND \ + do { \ + v0 += v1; \ + v1 = ROTL(v1, 13); \ + v1 ^= v0; \ + v0 = ROTL(v0, 32); \ + v2 += v3; \ + v3 = ROTL(v3, 16); \ + v3 ^= v2; \ + v0 += v3; \ + v3 = ROTL(v3, 21); \ + v3 ^= v0; \ + v2 += v1; \ + v1 = ROTL(v1, 17); \ + v1 ^= v2; \ + v2 = ROTL(v2, 32); \ + } while (0) + +size_t SipHash_ctx_size(void) +{ + return sizeof(SIPHASH); +} + +size_t SipHash_hash_size(SIPHASH *ctx) +{ + return ctx->hash_size; +} + +static size_t siphash_adjust_hash_size(size_t hash_size) +{ + if (hash_size == 0) + hash_size = SIPHASH_MAX_DIGEST_SIZE; + return hash_size; +} + +int SipHash_set_hash_size(SIPHASH *ctx, size_t hash_size) +{ + hash_size = siphash_adjust_hash_size(hash_size); + if (hash_size != SIPHASH_MIN_DIGEST_SIZE + && hash_size != SIPHASH_MAX_DIGEST_SIZE) + return 0; + + /* + * It's possible that the key was set first. If the hash size changes, + * we need to adjust v1 (see SipHash_Init(). + */ + + /* Start by adjusting the stored size, to make things easier */ + ctx->hash_size = siphash_adjust_hash_size(ctx->hash_size); + + /* Now, adjust ctx->v1 if the old and the new size differ */ + if ((size_t)ctx->hash_size != hash_size) { + ctx->v1 ^= 0xee; + ctx->hash_size = hash_size; + } + return 1; +} + +/* hash_size = crounds = drounds = 0 means SipHash24 with 16-byte output */ +int SipHash_Init(SIPHASH *ctx, const unsigned char *k, int crounds, int drounds) +{ + uint64_t k0 = U8TO64_LE(k); + uint64_t k1 = U8TO64_LE(k + 8); + + /* If the hash size wasn't set, i.e. is zero */ + ctx->hash_size = siphash_adjust_hash_size(ctx->hash_size); + + if (drounds == 0) + drounds = SIPHASH_D_ROUNDS; + if (crounds == 0) + crounds = SIPHASH_C_ROUNDS; + + ctx->crounds = crounds; + ctx->drounds = drounds; + + ctx->len = 0; + ctx->total_inlen = 0; + + ctx->v0 = 0x736f6d6570736575ULL ^ k0; + ctx->v1 = 0x646f72616e646f6dULL ^ k1; + ctx->v2 = 0x6c7967656e657261ULL ^ k0; + ctx->v3 = 0x7465646279746573ULL ^ k1; + + if (ctx->hash_size == SIPHASH_MAX_DIGEST_SIZE) + ctx->v1 ^= 0xee; + + return 1; +} + +void SipHash_Update(SIPHASH *ctx, const unsigned char *in, size_t inlen) +{ + uint64_t m; + const uint8_t *end; + int left; + int i; + uint64_t v0 = ctx->v0; + uint64_t v1 = ctx->v1; + uint64_t v2 = ctx->v2; + uint64_t v3 = ctx->v3; + + ctx->total_inlen += inlen; + + if (ctx->len) { + /* deal with leavings */ + size_t available = SIPHASH_BLOCK_SIZE - ctx->len; + + /* not enough to fill leavings */ + if (inlen < available) { + memcpy(&ctx->leavings[ctx->len], in, inlen); + ctx->len += inlen; + return; + } + + /* copy data into leavings and reduce input */ + memcpy(&ctx->leavings[ctx->len], in, available); + inlen -= available; + in += available; + + /* process leavings */ + m = U8TO64_LE(ctx->leavings); + v3 ^= m; + for (i = 0; i < ctx->crounds; ++i) + SIPROUND; + v0 ^= m; + } + left = inlen & (SIPHASH_BLOCK_SIZE-1); /* gets put into leavings */ + end = in + inlen - left; + + for (; in != end; in += 8) { + m = U8TO64_LE(in); + v3 ^= m; + for (i = 0; i < ctx->crounds; ++i) + SIPROUND; + v0 ^= m; + } + + /* save leavings and other ctx */ + if (left) + memcpy(ctx->leavings, end, left); + ctx->len = left; + + ctx->v0 = v0; + ctx->v1 = v1; + ctx->v2 = v2; + ctx->v3 = v3; +} + +int SipHash_Final(SIPHASH *ctx, unsigned char *out, size_t outlen) +{ + /* finalize hash */ + int i; + uint64_t b = ctx->total_inlen << 56; + uint64_t v0 = ctx->v0; + uint64_t v1 = ctx->v1; + uint64_t v2 = ctx->v2; + uint64_t v3 = ctx->v3; + + if (outlen != (size_t)ctx->hash_size) + return 0; + + switch (ctx->len) { + case 7: + b |= ((uint64_t)ctx->leavings[6]) << 48; + /* fall thru */ + case 6: + b |= ((uint64_t)ctx->leavings[5]) << 40; + /* fall thru */ + case 5: + b |= ((uint64_t)ctx->leavings[4]) << 32; + /* fall thru */ + case 4: + b |= ((uint64_t)ctx->leavings[3]) << 24; + /* fall thru */ + case 3: + b |= ((uint64_t)ctx->leavings[2]) << 16; + /* fall thru */ + case 2: + b |= ((uint64_t)ctx->leavings[1]) << 8; + /* fall thru */ + case 1: + b |= ((uint64_t)ctx->leavings[0]); + case 0: + break; + } + + v3 ^= b; + for (i = 0; i < ctx->crounds; ++i) + SIPROUND; + v0 ^= b; + if (ctx->hash_size == SIPHASH_MAX_DIGEST_SIZE) + v2 ^= 0xee; + else + v2 ^= 0xff; + for (i = 0; i < ctx->drounds; ++i) + SIPROUND; + b = v0 ^ v1 ^ v2 ^ v3; + U64TO8_LE(out, b); + if (ctx->hash_size == SIPHASH_MIN_DIGEST_SIZE) + return 1; + v1 ^= 0xdd; + for (i = 0; i < ctx->drounds; ++i) + SIPROUND; + b = v0 ^ v1 ^ v2 ^ v3; + U64TO8_LE(out + 8, b); + return 1; +} diff --git a/deps/openssl/openssl/crypto/siphash/siphash_ameth.c b/deps/openssl/openssl/crypto/siphash/siphash_ameth.c new file mode 100644 index 00000000000000..c0ab7efae4b6d3 --- /dev/null +++ b/deps/openssl/openssl/crypto/siphash/siphash_ameth.c @@ -0,0 +1,123 @@ +/* + * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "internal/cryptlib.h" +#include +#include "internal/asn1_int.h" +#include "internal/siphash.h" +#include "siphash_local.h" +#include "internal/evp_int.h" + +/* + * SIPHASH "ASN1" method. This is just here to indicate the maximum + * SIPHASH output length and to free up a SIPHASH key. + */ + +static int siphash_size(const EVP_PKEY *pkey) +{ + return SIPHASH_MAX_DIGEST_SIZE; +} + +static void siphash_key_free(EVP_PKEY *pkey) +{ + ASN1_OCTET_STRING *os = EVP_PKEY_get0(pkey); + + if (os != NULL) { + if (os->data != NULL) + OPENSSL_cleanse(os->data, os->length); + ASN1_OCTET_STRING_free(os); + } +} + +static int siphash_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) +{ + /* nothing (including ASN1_PKEY_CTRL_DEFAULT_MD_NID), is supported */ + return -2; +} + +static int siphash_pkey_public_cmp(const EVP_PKEY *a, const EVP_PKEY *b) +{ + return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b)); +} + +static int siphash_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv, + size_t len) +{ + ASN1_OCTET_STRING *os; + + if (pkey->pkey.ptr != NULL || len != SIPHASH_KEY_SIZE) + return 0; + + os = ASN1_OCTET_STRING_new(); + if (os == NULL) + return 0; + + if (!ASN1_OCTET_STRING_set(os, priv, len)) { + ASN1_OCTET_STRING_free(os); + return 0; + } + + pkey->pkey.ptr = os; + return 1; +} + +static int siphash_get_priv_key(const EVP_PKEY *pkey, unsigned char *priv, + size_t *len) +{ + ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING *)pkey->pkey.ptr; + + if (priv == NULL) { + *len = SIPHASH_KEY_SIZE; + return 1; + } + + if (os == NULL || *len < SIPHASH_KEY_SIZE) + return 0; + + memcpy(priv, ASN1_STRING_get0_data(os), ASN1_STRING_length(os)); + *len = SIPHASH_KEY_SIZE; + + return 1; +} + +const EVP_PKEY_ASN1_METHOD siphash_asn1_meth = { + EVP_PKEY_SIPHASH, + EVP_PKEY_SIPHASH, + 0, + + "SIPHASH", + "OpenSSL SIPHASH method", + + 0, 0, siphash_pkey_public_cmp, 0, + + 0, 0, 0, + + siphash_size, + 0, 0, + 0, 0, 0, 0, 0, 0, 0, + + siphash_key_free, + siphash_pkey_ctrl, + NULL, + NULL, + + NULL, + NULL, + NULL, + + NULL, + NULL, + NULL, + + siphash_set_priv_key, + NULL, + siphash_get_priv_key, + NULL, +}; diff --git a/deps/openssl/openssl/crypto/siphash/siphash_local.h b/deps/openssl/openssl/crypto/siphash/siphash_local.h new file mode 100644 index 00000000000000..5ad34764634d5b --- /dev/null +++ b/deps/openssl/openssl/crypto/siphash/siphash_local.h @@ -0,0 +1,23 @@ +/* + * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Based on https://131002.net/siphash C reference implementation */ + +struct siphash_st { + uint64_t total_inlen; + uint64_t v0; + uint64_t v1; + uint64_t v2; + uint64_t v3; + unsigned int len; + int hash_size; + int crounds; + int drounds; + unsigned char leavings[SIPHASH_BLOCK_SIZE]; +}; diff --git a/deps/openssl/openssl/crypto/siphash/siphash_pmeth.c b/deps/openssl/openssl/crypto/siphash/siphash_pmeth.c new file mode 100644 index 00000000000000..66e552fec5e511 --- /dev/null +++ b/deps/openssl/openssl/crypto/siphash/siphash_pmeth.c @@ -0,0 +1,205 @@ +/* + * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "internal/cryptlib.h" +#include +#include +#include +#include +#include "internal/siphash.h" +#include "siphash_local.h" +#include "internal/evp_int.h" + +/* SIPHASH pkey context structure */ + +typedef struct siphash_pkey_ctx_st { + ASN1_OCTET_STRING ktmp; /* Temp storage for key */ + SIPHASH ctx; +} SIPHASH_PKEY_CTX; + +static int pkey_siphash_init(EVP_PKEY_CTX *ctx) +{ + SIPHASH_PKEY_CTX *pctx; + + if ((pctx = OPENSSL_zalloc(sizeof(*pctx))) == NULL) { + CRYPTOerr(CRYPTO_F_PKEY_SIPHASH_INIT, ERR_R_MALLOC_FAILURE); + return 0; + } + pctx->ktmp.type = V_ASN1_OCTET_STRING; + + EVP_PKEY_CTX_set_data(ctx, pctx); + EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0); + return 1; +} + +static void pkey_siphash_cleanup(EVP_PKEY_CTX *ctx) +{ + SIPHASH_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx); + + if (pctx != NULL) { + OPENSSL_clear_free(pctx->ktmp.data, pctx->ktmp.length); + OPENSSL_clear_free(pctx, sizeof(*pctx)); + EVP_PKEY_CTX_set_data(ctx, NULL); + } +} + +static int pkey_siphash_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) +{ + SIPHASH_PKEY_CTX *sctx, *dctx; + + /* allocate memory for dst->data and a new SIPHASH_CTX in dst->data->ctx */ + if (!pkey_siphash_init(dst)) + return 0; + sctx = EVP_PKEY_CTX_get_data(src); + dctx = EVP_PKEY_CTX_get_data(dst); + if (ASN1_STRING_get0_data(&sctx->ktmp) != NULL && + !ASN1_STRING_copy(&dctx->ktmp, &sctx->ktmp)) { + /* cleanup and free the SIPHASH_PKEY_CTX in dst->data */ + pkey_siphash_cleanup(dst); + return 0; + } + memcpy(&dctx->ctx, &sctx->ctx, sizeof(SIPHASH)); + return 1; +} + +static int pkey_siphash_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) +{ + ASN1_OCTET_STRING *key; + SIPHASH_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx); + + if (ASN1_STRING_get0_data(&pctx->ktmp) == NULL) + return 0; + key = ASN1_OCTET_STRING_dup(&pctx->ktmp); + if (key == NULL) + return 0; + return EVP_PKEY_assign_SIPHASH(pkey, key); +} + +static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count) +{ + SIPHASH_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(EVP_MD_CTX_pkey_ctx(ctx)); + + SipHash_Update(&pctx->ctx, data, count); + return 1; +} + +static int siphash_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) +{ + SIPHASH_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx); + const unsigned char* key; + size_t len; + + key = EVP_PKEY_get0_siphash(EVP_PKEY_CTX_get0_pkey(ctx), &len); + if (key == NULL || len != SIPHASH_KEY_SIZE) + return 0; + EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT); + EVP_MD_CTX_set_update_fn(mctx, int_update); + return SipHash_Init(&pctx->ctx, key, 0, 0); +} +static int siphash_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + EVP_MD_CTX *mctx) +{ + SIPHASH_PKEY_CTX *pctx = ctx->data; + + *siglen = SipHash_hash_size(&pctx->ctx); + if (sig != NULL) + return SipHash_Final(&pctx->ctx, sig, *siglen); + return 1; +} + +static int pkey_siphash_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) +{ + SIPHASH_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx); + const unsigned char *key; + size_t len; + + switch (type) { + + case EVP_PKEY_CTRL_MD: + /* ignore */ + break; + + case EVP_PKEY_CTRL_SET_DIGEST_SIZE: + return SipHash_set_hash_size(&pctx->ctx, p1); + + case EVP_PKEY_CTRL_SET_MAC_KEY: + case EVP_PKEY_CTRL_DIGESTINIT: + if (type == EVP_PKEY_CTRL_SET_MAC_KEY) { + /* user explicitly setting the key */ + key = p2; + len = p1; + } else { + /* user indirectly setting the key via EVP_DigestSignInit */ + key = EVP_PKEY_get0_siphash(EVP_PKEY_CTX_get0_pkey(ctx), &len); + } + if (key == NULL || len != SIPHASH_KEY_SIZE || + !ASN1_OCTET_STRING_set(&pctx->ktmp, key, len)) + return 0; + /* use default rounds (2,4) */ + return SipHash_Init(&pctx->ctx, ASN1_STRING_get0_data(&pctx->ktmp), + 0, 0); + + default: + return -2; + + } + return 1; +} + +static int pkey_siphash_ctrl_str(EVP_PKEY_CTX *ctx, + const char *type, const char *value) +{ + if (value == NULL) + return 0; + if (strcmp(type, "digestsize") == 0) { + size_t hash_size = atoi(value); + + return pkey_siphash_ctrl(ctx, EVP_PKEY_CTRL_SET_DIGEST_SIZE, hash_size, + NULL); + } + if (strcmp(type, "key") == 0) + return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value); + if (strcmp(type, "hexkey") == 0) + return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value); + return -2; +} + +const EVP_PKEY_METHOD siphash_pkey_meth = { + EVP_PKEY_SIPHASH, + EVP_PKEY_FLAG_SIGCTX_CUSTOM, /* we don't deal with a separate MD */ + pkey_siphash_init, + pkey_siphash_copy, + pkey_siphash_cleanup, + + 0, 0, + + 0, + pkey_siphash_keygen, + + 0, 0, + + 0, 0, + + 0, 0, + + siphash_signctx_init, + siphash_signctx, + + 0, 0, + + 0, 0, + + 0, 0, + + 0, 0, + + pkey_siphash_ctrl, + pkey_siphash_ctrl_str +}; diff --git a/deps/openssl/openssl/crypto/sm2/build.info b/deps/openssl/openssl/crypto/sm2/build.info new file mode 100644 index 00000000000000..1aca981499f4d7 --- /dev/null +++ b/deps/openssl/openssl/crypto/sm2/build.info @@ -0,0 +1,3 @@ +LIBS=../../libcrypto +SOURCE[../../libcrypto]=\ + sm2_sign.c sm2_crypt.c sm2_err.c sm2_pmeth.c diff --git a/deps/openssl/openssl/crypto/sm2/sm2_crypt.c b/deps/openssl/openssl/crypto/sm2/sm2_crypt.c new file mode 100644 index 00000000000000..4389fc731edd89 --- /dev/null +++ b/deps/openssl/openssl/crypto/sm2/sm2_crypt.c @@ -0,0 +1,393 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017 Ribose Inc. All Rights Reserved. + * Ported from Ribose contributions from Botan. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "internal/sm2.h" +#include "internal/sm2err.h" +#include "internal/ec_int.h" /* ecdh_KDF_X9_63() */ +#include +#include +#include +#include +#include +#include + +typedef struct SM2_Ciphertext_st SM2_Ciphertext; +DECLARE_ASN1_FUNCTIONS(SM2_Ciphertext) + +struct SM2_Ciphertext_st { + BIGNUM *C1x; + BIGNUM *C1y; + ASN1_OCTET_STRING *C3; + ASN1_OCTET_STRING *C2; +}; + +ASN1_SEQUENCE(SM2_Ciphertext) = { + ASN1_SIMPLE(SM2_Ciphertext, C1x, BIGNUM), + ASN1_SIMPLE(SM2_Ciphertext, C1y, BIGNUM), + ASN1_SIMPLE(SM2_Ciphertext, C3, ASN1_OCTET_STRING), + ASN1_SIMPLE(SM2_Ciphertext, C2, ASN1_OCTET_STRING), +} ASN1_SEQUENCE_END(SM2_Ciphertext) + +IMPLEMENT_ASN1_FUNCTIONS(SM2_Ciphertext) + +static size_t ec_field_size(const EC_GROUP *group) +{ + /* Is there some simpler way to do this? */ + BIGNUM *p = BN_new(); + BIGNUM *a = BN_new(); + BIGNUM *b = BN_new(); + size_t field_size = 0; + + if (p == NULL || a == NULL || b == NULL) + goto done; + + if (!EC_GROUP_get_curve(group, p, a, b, NULL)) + goto done; + field_size = (BN_num_bits(p) + 7) / 8; + + done: + BN_free(p); + BN_free(a); + BN_free(b); + + return field_size; +} + +int sm2_plaintext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len, + size_t *pt_size) +{ + const size_t field_size = ec_field_size(EC_KEY_get0_group(key)); + const int md_size = EVP_MD_size(digest); + size_t overhead; + + if (md_size < 0) { + SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_DIGEST); + return 0; + } + if (field_size == 0) { + SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_FIELD); + return 0; + } + + overhead = 10 + 2 * field_size + (size_t)md_size; + if (msg_len <= overhead) { + SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_ENCODING); + return 0; + } + + *pt_size = msg_len - overhead; + return 1; +} + +int sm2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len, + size_t *ct_size) +{ + const size_t field_size = ec_field_size(EC_KEY_get0_group(key)); + const int md_size = EVP_MD_size(digest); + size_t sz; + + if (field_size == 0 || md_size < 0) + return 0; + + /* Integer and string are simple type; set constructed = 0, means primitive and definite length encoding. */ + sz = 2 * ASN1_object_size(0, field_size + 1, V_ASN1_INTEGER) + + ASN1_object_size(0, md_size, V_ASN1_OCTET_STRING) + + ASN1_object_size(0, msg_len, V_ASN1_OCTET_STRING); + /* Sequence is structured type; set constructed = 1, means constructed and definite length encoding. */ + *ct_size = ASN1_object_size(1, sz, V_ASN1_SEQUENCE); + + return 1; +} + +int sm2_encrypt(const EC_KEY *key, + const EVP_MD *digest, + const uint8_t *msg, + size_t msg_len, uint8_t *ciphertext_buf, size_t *ciphertext_len) +{ + int rc = 0, ciphertext_leni; + size_t i; + BN_CTX *ctx = NULL; + BIGNUM *k = NULL; + BIGNUM *x1 = NULL; + BIGNUM *y1 = NULL; + BIGNUM *x2 = NULL; + BIGNUM *y2 = NULL; + EVP_MD_CTX *hash = EVP_MD_CTX_new(); + struct SM2_Ciphertext_st ctext_struct; + const EC_GROUP *group = EC_KEY_get0_group(key); + const BIGNUM *order = EC_GROUP_get0_order(group); + const EC_POINT *P = EC_KEY_get0_public_key(key); + EC_POINT *kG = NULL; + EC_POINT *kP = NULL; + uint8_t *msg_mask = NULL; + uint8_t *x2y2 = NULL; + uint8_t *C3 = NULL; + size_t field_size; + const int C3_size = EVP_MD_size(digest); + + /* NULL these before any "goto done" */ + ctext_struct.C2 = NULL; + ctext_struct.C3 = NULL; + + if (hash == NULL || C3_size <= 0) { + SM2err(SM2_F_SM2_ENCRYPT, ERR_R_INTERNAL_ERROR); + goto done; + } + + field_size = ec_field_size(group); + if (field_size == 0) { + SM2err(SM2_F_SM2_ENCRYPT, ERR_R_INTERNAL_ERROR); + goto done; + } + + kG = EC_POINT_new(group); + kP = EC_POINT_new(group); + ctx = BN_CTX_new(); + if (kG == NULL || kP == NULL || ctx == NULL) { + SM2err(SM2_F_SM2_ENCRYPT, ERR_R_MALLOC_FAILURE); + goto done; + } + + BN_CTX_start(ctx); + k = BN_CTX_get(ctx); + x1 = BN_CTX_get(ctx); + x2 = BN_CTX_get(ctx); + y1 = BN_CTX_get(ctx); + y2 = BN_CTX_get(ctx); + + if (y2 == NULL) { + SM2err(SM2_F_SM2_ENCRYPT, ERR_R_BN_LIB); + goto done; + } + + x2y2 = OPENSSL_zalloc(2 * field_size); + C3 = OPENSSL_zalloc(C3_size); + + if (x2y2 == NULL || C3 == NULL) { + SM2err(SM2_F_SM2_ENCRYPT, ERR_R_MALLOC_FAILURE); + goto done; + } + + memset(ciphertext_buf, 0, *ciphertext_len); + + if (!BN_priv_rand_range(k, order)) { + SM2err(SM2_F_SM2_ENCRYPT, ERR_R_INTERNAL_ERROR); + goto done; + } + + if (!EC_POINT_mul(group, kG, k, NULL, NULL, ctx) + || !EC_POINT_get_affine_coordinates(group, kG, x1, y1, ctx) + || !EC_POINT_mul(group, kP, NULL, P, k, ctx) + || !EC_POINT_get_affine_coordinates(group, kP, x2, y2, ctx)) { + SM2err(SM2_F_SM2_ENCRYPT, ERR_R_EC_LIB); + goto done; + } + + if (BN_bn2binpad(x2, x2y2, field_size) < 0 + || BN_bn2binpad(y2, x2y2 + field_size, field_size) < 0) { + SM2err(SM2_F_SM2_ENCRYPT, ERR_R_INTERNAL_ERROR); + goto done; + } + + msg_mask = OPENSSL_zalloc(msg_len); + if (msg_mask == NULL) { + SM2err(SM2_F_SM2_ENCRYPT, ERR_R_MALLOC_FAILURE); + goto done; + } + + /* X9.63 with no salt happens to match the KDF used in SM2 */ + if (!ecdh_KDF_X9_63(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0, + digest)) { + SM2err(SM2_F_SM2_ENCRYPT, ERR_R_EVP_LIB); + goto done; + } + + for (i = 0; i != msg_len; ++i) + msg_mask[i] ^= msg[i]; + + if (EVP_DigestInit(hash, digest) == 0 + || EVP_DigestUpdate(hash, x2y2, field_size) == 0 + || EVP_DigestUpdate(hash, msg, msg_len) == 0 + || EVP_DigestUpdate(hash, x2y2 + field_size, field_size) == 0 + || EVP_DigestFinal(hash, C3, NULL) == 0) { + SM2err(SM2_F_SM2_ENCRYPT, ERR_R_EVP_LIB); + goto done; + } + + ctext_struct.C1x = x1; + ctext_struct.C1y = y1; + ctext_struct.C3 = ASN1_OCTET_STRING_new(); + ctext_struct.C2 = ASN1_OCTET_STRING_new(); + + if (ctext_struct.C3 == NULL || ctext_struct.C2 == NULL) { + SM2err(SM2_F_SM2_ENCRYPT, ERR_R_MALLOC_FAILURE); + goto done; + } + if (!ASN1_OCTET_STRING_set(ctext_struct.C3, C3, C3_size) + || !ASN1_OCTET_STRING_set(ctext_struct.C2, msg_mask, msg_len)) { + SM2err(SM2_F_SM2_ENCRYPT, ERR_R_INTERNAL_ERROR); + goto done; + } + + ciphertext_leni = i2d_SM2_Ciphertext(&ctext_struct, &ciphertext_buf); + /* Ensure cast to size_t is safe */ + if (ciphertext_leni < 0) { + SM2err(SM2_F_SM2_ENCRYPT, ERR_R_INTERNAL_ERROR); + goto done; + } + *ciphertext_len = (size_t)ciphertext_leni; + + rc = 1; + + done: + ASN1_OCTET_STRING_free(ctext_struct.C2); + ASN1_OCTET_STRING_free(ctext_struct.C3); + OPENSSL_free(msg_mask); + OPENSSL_free(x2y2); + OPENSSL_free(C3); + EVP_MD_CTX_free(hash); + BN_CTX_free(ctx); + EC_POINT_free(kG); + EC_POINT_free(kP); + return rc; +} + +int sm2_decrypt(const EC_KEY *key, + const EVP_MD *digest, + const uint8_t *ciphertext, + size_t ciphertext_len, uint8_t *ptext_buf, size_t *ptext_len) +{ + int rc = 0; + int i; + BN_CTX *ctx = NULL; + const EC_GROUP *group = EC_KEY_get0_group(key); + EC_POINT *C1 = NULL; + struct SM2_Ciphertext_st *sm2_ctext = NULL; + BIGNUM *x2 = NULL; + BIGNUM *y2 = NULL; + uint8_t *x2y2 = NULL; + uint8_t *computed_C3 = NULL; + const size_t field_size = ec_field_size(group); + const int hash_size = EVP_MD_size(digest); + uint8_t *msg_mask = NULL; + const uint8_t *C2 = NULL; + const uint8_t *C3 = NULL; + int msg_len = 0; + EVP_MD_CTX *hash = NULL; + + if (field_size == 0 || hash_size <= 0) + goto done; + + memset(ptext_buf, 0xFF, *ptext_len); + + sm2_ctext = d2i_SM2_Ciphertext(NULL, &ciphertext, ciphertext_len); + + if (sm2_ctext == NULL) { + SM2err(SM2_F_SM2_DECRYPT, SM2_R_ASN1_ERROR); + goto done; + } + + if (sm2_ctext->C3->length != hash_size) { + SM2err(SM2_F_SM2_DECRYPT, SM2_R_INVALID_ENCODING); + goto done; + } + + C2 = sm2_ctext->C2->data; + C3 = sm2_ctext->C3->data; + msg_len = sm2_ctext->C2->length; + + ctx = BN_CTX_new(); + if (ctx == NULL) { + SM2err(SM2_F_SM2_DECRYPT, ERR_R_MALLOC_FAILURE); + goto done; + } + + BN_CTX_start(ctx); + x2 = BN_CTX_get(ctx); + y2 = BN_CTX_get(ctx); + + if (y2 == NULL) { + SM2err(SM2_F_SM2_DECRYPT, ERR_R_BN_LIB); + goto done; + } + + msg_mask = OPENSSL_zalloc(msg_len); + x2y2 = OPENSSL_zalloc(2 * field_size); + computed_C3 = OPENSSL_zalloc(hash_size); + + if (msg_mask == NULL || x2y2 == NULL || computed_C3 == NULL) { + SM2err(SM2_F_SM2_DECRYPT, ERR_R_MALLOC_FAILURE); + goto done; + } + + C1 = EC_POINT_new(group); + if (C1 == NULL) { + SM2err(SM2_F_SM2_DECRYPT, ERR_R_MALLOC_FAILURE); + goto done; + } + + if (!EC_POINT_set_affine_coordinates(group, C1, sm2_ctext->C1x, + sm2_ctext->C1y, ctx) + || !EC_POINT_mul(group, C1, NULL, C1, EC_KEY_get0_private_key(key), + ctx) + || !EC_POINT_get_affine_coordinates(group, C1, x2, y2, ctx)) { + SM2err(SM2_F_SM2_DECRYPT, ERR_R_EC_LIB); + goto done; + } + + if (BN_bn2binpad(x2, x2y2, field_size) < 0 + || BN_bn2binpad(y2, x2y2 + field_size, field_size) < 0 + || !ecdh_KDF_X9_63(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0, + digest)) { + SM2err(SM2_F_SM2_DECRYPT, ERR_R_INTERNAL_ERROR); + goto done; + } + + for (i = 0; i != msg_len; ++i) + ptext_buf[i] = C2[i] ^ msg_mask[i]; + + hash = EVP_MD_CTX_new(); + if (hash == NULL) { + SM2err(SM2_F_SM2_DECRYPT, ERR_R_MALLOC_FAILURE); + goto done; + } + + if (!EVP_DigestInit(hash, digest) + || !EVP_DigestUpdate(hash, x2y2, field_size) + || !EVP_DigestUpdate(hash, ptext_buf, msg_len) + || !EVP_DigestUpdate(hash, x2y2 + field_size, field_size) + || !EVP_DigestFinal(hash, computed_C3, NULL)) { + SM2err(SM2_F_SM2_DECRYPT, ERR_R_EVP_LIB); + goto done; + } + + if (CRYPTO_memcmp(computed_C3, C3, hash_size) != 0) { + SM2err(SM2_F_SM2_DECRYPT, SM2_R_INVALID_DIGEST); + goto done; + } + + rc = 1; + *ptext_len = msg_len; + + done: + if (rc == 0) + memset(ptext_buf, 0, *ptext_len); + + OPENSSL_free(msg_mask); + OPENSSL_free(x2y2); + OPENSSL_free(computed_C3); + EC_POINT_free(C1); + BN_CTX_free(ctx); + SM2_Ciphertext_free(sm2_ctext); + EVP_MD_CTX_free(hash); + + return rc; +} diff --git a/deps/openssl/openssl/crypto/sm2/sm2_err.c b/deps/openssl/openssl/crypto/sm2/sm2_err.c new file mode 100644 index 00000000000000..653c6797f86f23 --- /dev/null +++ b/deps/openssl/openssl/crypto/sm2/sm2_err.c @@ -0,0 +1,69 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "internal/sm2err.h" + +#ifndef OPENSSL_NO_ERR + +static const ERR_STRING_DATA SM2_str_functs[] = { + {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_COPY, 0), "pkey_sm2_copy"}, + {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_CTRL, 0), "pkey_sm2_ctrl"}, + {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_CTRL_STR, 0), "pkey_sm2_ctrl_str"}, + {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_DIGEST_CUSTOM, 0), + "pkey_sm2_digest_custom"}, + {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_INIT, 0), "pkey_sm2_init"}, + {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_SIGN, 0), "pkey_sm2_sign"}, + {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_COMPUTE_MSG_HASH, 0), + "sm2_compute_msg_hash"}, + {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_COMPUTE_USERID_DIGEST, 0), + "sm2_compute_userid_digest"}, + {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_COMPUTE_Z_DIGEST, 0), + "sm2_compute_z_digest"}, + {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_DECRYPT, 0), "sm2_decrypt"}, + {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_ENCRYPT, 0), "sm2_encrypt"}, + {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_PLAINTEXT_SIZE, 0), "sm2_plaintext_size"}, + {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_SIGN, 0), "sm2_sign"}, + {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_SIG_GEN, 0), "sm2_sig_gen"}, + {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_SIG_VERIFY, 0), "sm2_sig_verify"}, + {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_VERIFY, 0), "sm2_verify"}, + {0, NULL} +}; + +static const ERR_STRING_DATA SM2_str_reasons[] = { + {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_ASN1_ERROR), "asn1 error"}, + {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_BAD_SIGNATURE), "bad signature"}, + {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_BUFFER_TOO_SMALL), "buffer too small"}, + {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_DIST_ID_TOO_LARGE), "dist id too large"}, + {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_ID_NOT_SET), "id not set"}, + {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_ID_TOO_LARGE), "id too large"}, + {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_CURVE), "invalid curve"}, + {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_DIGEST), "invalid digest"}, + {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_DIGEST_TYPE), + "invalid digest type"}, + {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_ENCODING), "invalid encoding"}, + {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_FIELD), "invalid field"}, + {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_NO_PARAMETERS_SET), "no parameters set"}, + {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_USER_ID_TOO_LARGE), "user id too large"}, + {0, NULL} +}; + +#endif + +int ERR_load_SM2_strings(void) +{ +#ifndef OPENSSL_NO_ERR + if (ERR_func_error_string(SM2_str_functs[0].error) == NULL) { + ERR_load_strings_const(SM2_str_functs); + ERR_load_strings_const(SM2_str_reasons); + } +#endif + return 1; +} diff --git a/deps/openssl/openssl/crypto/sm2/sm2_pmeth.c b/deps/openssl/openssl/crypto/sm2/sm2_pmeth.c new file mode 100644 index 00000000000000..d187699cc41170 --- /dev/null +++ b/deps/openssl/openssl/crypto/sm2/sm2_pmeth.c @@ -0,0 +1,325 @@ +/* + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "internal/cryptlib.h" +#include +#include +#include +#include "internal/evp_int.h" +#include "internal/sm2.h" +#include "internal/sm2err.h" + +/* EC pkey context structure */ + +typedef struct { + /* Key and paramgen group */ + EC_GROUP *gen_group; + /* message digest */ + const EVP_MD *md; + /* Distinguishing Identifier, ISO/IEC 15946-3 */ + uint8_t *id; + size_t id_len; + /* id_set indicates if the 'id' field is set (1) or not (0) */ + int id_set; +} SM2_PKEY_CTX; + +static int pkey_sm2_init(EVP_PKEY_CTX *ctx) +{ + SM2_PKEY_CTX *smctx; + + if ((smctx = OPENSSL_zalloc(sizeof(*smctx))) == NULL) { + SM2err(SM2_F_PKEY_SM2_INIT, ERR_R_MALLOC_FAILURE); + return 0; + } + + ctx->data = smctx; + return 1; +} + +static void pkey_sm2_cleanup(EVP_PKEY_CTX *ctx) +{ + SM2_PKEY_CTX *smctx = ctx->data; + + if (smctx != NULL) { + EC_GROUP_free(smctx->gen_group); + OPENSSL_free(smctx->id); + OPENSSL_free(smctx); + ctx->data = NULL; + } +} + +static int pkey_sm2_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) +{ + SM2_PKEY_CTX *dctx, *sctx; + + if (!pkey_sm2_init(dst)) + return 0; + sctx = src->data; + dctx = dst->data; + if (sctx->gen_group != NULL) { + dctx->gen_group = EC_GROUP_dup(sctx->gen_group); + if (dctx->gen_group == NULL) { + pkey_sm2_cleanup(dst); + return 0; + } + } + if (sctx->id != NULL) { + dctx->id = OPENSSL_malloc(sctx->id_len); + if (dctx->id == NULL) { + SM2err(SM2_F_PKEY_SM2_COPY, ERR_R_MALLOC_FAILURE); + pkey_sm2_cleanup(dst); + return 0; + } + memcpy(dctx->id, sctx->id, sctx->id_len); + } + dctx->id_len = sctx->id_len; + dctx->id_set = sctx->id_set; + dctx->md = sctx->md; + + return 1; +} + +static int pkey_sm2_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen) +{ + int ret; + unsigned int sltmp; + EC_KEY *ec = ctx->pkey->pkey.ec; + const int sig_sz = ECDSA_size(ctx->pkey->pkey.ec); + + if (sig_sz <= 0) { + return 0; + } + + if (sig == NULL) { + *siglen = (size_t)sig_sz; + return 1; + } + + if (*siglen < (size_t)sig_sz) { + SM2err(SM2_F_PKEY_SM2_SIGN, SM2_R_BUFFER_TOO_SMALL); + return 0; + } + + ret = sm2_sign(tbs, tbslen, sig, &sltmp, ec); + + if (ret <= 0) + return ret; + *siglen = (size_t)sltmp; + return 1; +} + +static int pkey_sm2_verify(EVP_PKEY_CTX *ctx, + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen) +{ + EC_KEY *ec = ctx->pkey->pkey.ec; + + return sm2_verify(tbs, tbslen, sig, siglen, ec); +} + +static int pkey_sm2_encrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen) +{ + EC_KEY *ec = ctx->pkey->pkey.ec; + SM2_PKEY_CTX *dctx = ctx->data; + const EVP_MD *md = (dctx->md == NULL) ? EVP_sm3() : dctx->md; + + if (out == NULL) { + if (!sm2_ciphertext_size(ec, md, inlen, outlen)) + return -1; + else + return 1; + } + + return sm2_encrypt(ec, md, in, inlen, out, outlen); +} + +static int pkey_sm2_decrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen) +{ + EC_KEY *ec = ctx->pkey->pkey.ec; + SM2_PKEY_CTX *dctx = ctx->data; + const EVP_MD *md = (dctx->md == NULL) ? EVP_sm3() : dctx->md; + + if (out == NULL) { + if (!sm2_plaintext_size(ec, md, inlen, outlen)) + return -1; + else + return 1; + } + + return sm2_decrypt(ec, md, in, inlen, out, outlen); +} + +static int pkey_sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) +{ + SM2_PKEY_CTX *smctx = ctx->data; + EC_GROUP *group; + uint8_t *tmp_id; + + switch (type) { + case EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID: + group = EC_GROUP_new_by_curve_name(p1); + if (group == NULL) { + SM2err(SM2_F_PKEY_SM2_CTRL, SM2_R_INVALID_CURVE); + return 0; + } + EC_GROUP_free(smctx->gen_group); + smctx->gen_group = group; + return 1; + + case EVP_PKEY_CTRL_EC_PARAM_ENC: + if (smctx->gen_group == NULL) { + SM2err(SM2_F_PKEY_SM2_CTRL, SM2_R_NO_PARAMETERS_SET); + return 0; + } + EC_GROUP_set_asn1_flag(smctx->gen_group, p1); + return 1; + + case EVP_PKEY_CTRL_MD: + smctx->md = p2; + return 1; + + case EVP_PKEY_CTRL_GET_MD: + *(const EVP_MD **)p2 = smctx->md; + return 1; + + case EVP_PKEY_CTRL_SET1_ID: + if (p1 > 0) { + tmp_id = OPENSSL_malloc(p1); + if (tmp_id == NULL) { + SM2err(SM2_F_PKEY_SM2_CTRL, ERR_R_MALLOC_FAILURE); + return 0; + } + memcpy(tmp_id, p2, p1); + OPENSSL_free(smctx->id); + smctx->id = tmp_id; + } else { + /* set null-ID */ + OPENSSL_free(smctx->id); + smctx->id = NULL; + } + smctx->id_len = (size_t)p1; + smctx->id_set = 1; + return 1; + + case EVP_PKEY_CTRL_GET1_ID: + memcpy(p2, smctx->id, smctx->id_len); + return 1; + + case EVP_PKEY_CTRL_GET1_ID_LEN: + *(size_t *)p2 = smctx->id_len; + return 1; + + default: + return -2; + } +} + +static int pkey_sm2_ctrl_str(EVP_PKEY_CTX *ctx, + const char *type, const char *value) +{ + if (strcmp(type, "ec_paramgen_curve") == 0) { + int nid = NID_undef; + + if (((nid = EC_curve_nist2nid(value)) == NID_undef) + && ((nid = OBJ_sn2nid(value)) == NID_undef) + && ((nid = OBJ_ln2nid(value)) == NID_undef)) { + SM2err(SM2_F_PKEY_SM2_CTRL_STR, SM2_R_INVALID_CURVE); + return 0; + } + return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid); + } else if (strcmp(type, "ec_param_enc") == 0) { + int param_enc; + + if (strcmp(value, "explicit") == 0) + param_enc = 0; + else if (strcmp(value, "named_curve") == 0) + param_enc = OPENSSL_EC_NAMED_CURVE; + else + return -2; + return EVP_PKEY_CTX_set_ec_param_enc(ctx, param_enc); + } + + return -2; +} + +static int pkey_sm2_digest_custom(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) +{ + uint8_t z[EVP_MAX_MD_SIZE]; + SM2_PKEY_CTX *smctx = ctx->data; + EC_KEY *ec = ctx->pkey->pkey.ec; + const EVP_MD *md = EVP_MD_CTX_md(mctx); + int mdlen = EVP_MD_size(md); + + if (!smctx->id_set) { + /* + * An ID value must be set. The specifications are not clear whether a + * NULL is allowed. We only allow it if set explicitly for maximum + * flexibility. + */ + SM2err(SM2_F_PKEY_SM2_DIGEST_CUSTOM, SM2_R_ID_NOT_SET); + return 0; + } + + if (mdlen < 0) { + SM2err(SM2_F_PKEY_SM2_DIGEST_CUSTOM, SM2_R_INVALID_DIGEST); + return 0; + } + + /* get hashed prefix 'z' of tbs message */ + if (!sm2_compute_z_digest(z, md, smctx->id, smctx->id_len, ec)) + return 0; + + return EVP_DigestUpdate(mctx, z, (size_t)mdlen); +} + +const EVP_PKEY_METHOD sm2_pkey_meth = { + EVP_PKEY_SM2, + 0, + pkey_sm2_init, + pkey_sm2_copy, + pkey_sm2_cleanup, + + 0, + 0, + + 0, + 0, + + 0, + pkey_sm2_sign, + + 0, + pkey_sm2_verify, + + 0, 0, + + 0, 0, 0, 0, + + 0, + pkey_sm2_encrypt, + + 0, + pkey_sm2_decrypt, + + 0, + 0, + pkey_sm2_ctrl, + pkey_sm2_ctrl_str, + + 0, 0, + + 0, 0, 0, + + pkey_sm2_digest_custom +}; diff --git a/deps/openssl/openssl/crypto/sm2/sm2_sign.c b/deps/openssl/openssl/crypto/sm2/sm2_sign.c new file mode 100644 index 00000000000000..0f9c14cb5f4c1f --- /dev/null +++ b/deps/openssl/openssl/crypto/sm2/sm2_sign.c @@ -0,0 +1,479 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017 Ribose Inc. All Rights Reserved. + * Ported from Ribose contributions from Botan. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "internal/sm2.h" +#include "internal/sm2err.h" +#include "internal/ec_int.h" /* ec_group_do_inverse_ord() */ +#include "internal/numbers.h" +#include +#include +#include +#include +#include + +int sm2_compute_z_digest(uint8_t *out, + const EVP_MD *digest, + const uint8_t *id, + const size_t id_len, + const EC_KEY *key) +{ + int rc = 0; + const EC_GROUP *group = EC_KEY_get0_group(key); + BN_CTX *ctx = NULL; + EVP_MD_CTX *hash = NULL; + BIGNUM *p = NULL; + BIGNUM *a = NULL; + BIGNUM *b = NULL; + BIGNUM *xG = NULL; + BIGNUM *yG = NULL; + BIGNUM *xA = NULL; + BIGNUM *yA = NULL; + int p_bytes = 0; + uint8_t *buf = NULL; + uint16_t entl = 0; + uint8_t e_byte = 0; + + hash = EVP_MD_CTX_new(); + ctx = BN_CTX_new(); + if (hash == NULL || ctx == NULL) { + SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_MALLOC_FAILURE); + goto done; + } + + p = BN_CTX_get(ctx); + a = BN_CTX_get(ctx); + b = BN_CTX_get(ctx); + xG = BN_CTX_get(ctx); + yG = BN_CTX_get(ctx); + xA = BN_CTX_get(ctx); + yA = BN_CTX_get(ctx); + + if (yA == NULL) { + SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_MALLOC_FAILURE); + goto done; + } + + if (!EVP_DigestInit(hash, digest)) { + SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_EVP_LIB); + goto done; + } + + /* Z = h(ENTL || ID || a || b || xG || yG || xA || yA) */ + + if (id_len >= (UINT16_MAX / 8)) { + /* too large */ + SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, SM2_R_ID_TOO_LARGE); + goto done; + } + + entl = (uint16_t)(8 * id_len); + + e_byte = entl >> 8; + if (!EVP_DigestUpdate(hash, &e_byte, 1)) { + SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_EVP_LIB); + goto done; + } + e_byte = entl & 0xFF; + if (!EVP_DigestUpdate(hash, &e_byte, 1)) { + SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_EVP_LIB); + goto done; + } + + if (id_len > 0 && !EVP_DigestUpdate(hash, id, id_len)) { + SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_EVP_LIB); + goto done; + } + + if (!EC_GROUP_get_curve(group, p, a, b, ctx)) { + SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_EC_LIB); + goto done; + } + + p_bytes = BN_num_bytes(p); + buf = OPENSSL_zalloc(p_bytes); + if (buf == NULL) { + SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_MALLOC_FAILURE); + goto done; + } + + if (BN_bn2binpad(a, buf, p_bytes) < 0 + || !EVP_DigestUpdate(hash, buf, p_bytes) + || BN_bn2binpad(b, buf, p_bytes) < 0 + || !EVP_DigestUpdate(hash, buf, p_bytes) + || !EC_POINT_get_affine_coordinates(group, + EC_GROUP_get0_generator(group), + xG, yG, ctx) + || BN_bn2binpad(xG, buf, p_bytes) < 0 + || !EVP_DigestUpdate(hash, buf, p_bytes) + || BN_bn2binpad(yG, buf, p_bytes) < 0 + || !EVP_DigestUpdate(hash, buf, p_bytes) + || !EC_POINT_get_affine_coordinates(group, + EC_KEY_get0_public_key(key), + xA, yA, ctx) + || BN_bn2binpad(xA, buf, p_bytes) < 0 + || !EVP_DigestUpdate(hash, buf, p_bytes) + || BN_bn2binpad(yA, buf, p_bytes) < 0 + || !EVP_DigestUpdate(hash, buf, p_bytes) + || !EVP_DigestFinal(hash, out, NULL)) { + SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_INTERNAL_ERROR); + goto done; + } + + rc = 1; + + done: + OPENSSL_free(buf); + BN_CTX_free(ctx); + EVP_MD_CTX_free(hash); + return rc; +} + +static BIGNUM *sm2_compute_msg_hash(const EVP_MD *digest, + const EC_KEY *key, + const uint8_t *id, + const size_t id_len, + const uint8_t *msg, size_t msg_len) +{ + EVP_MD_CTX *hash = EVP_MD_CTX_new(); + const int md_size = EVP_MD_size(digest); + uint8_t *z = NULL; + BIGNUM *e = NULL; + + if (md_size < 0) { + SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, SM2_R_INVALID_DIGEST); + goto done; + } + + z = OPENSSL_zalloc(md_size); + if (hash == NULL || z == NULL) { + SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, ERR_R_MALLOC_FAILURE); + goto done; + } + + if (!sm2_compute_z_digest(z, digest, id, id_len, key)) { + /* SM2err already called */ + goto done; + } + + if (!EVP_DigestInit(hash, digest) + || !EVP_DigestUpdate(hash, z, md_size) + || !EVP_DigestUpdate(hash, msg, msg_len) + /* reuse z buffer to hold H(Z || M) */ + || !EVP_DigestFinal(hash, z, NULL)) { + SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, ERR_R_EVP_LIB); + goto done; + } + + e = BN_bin2bn(z, md_size, NULL); + if (e == NULL) + SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, ERR_R_INTERNAL_ERROR); + + done: + OPENSSL_free(z); + EVP_MD_CTX_free(hash); + return e; +} + +static ECDSA_SIG *sm2_sig_gen(const EC_KEY *key, const BIGNUM *e) +{ + const BIGNUM *dA = EC_KEY_get0_private_key(key); + const EC_GROUP *group = EC_KEY_get0_group(key); + const BIGNUM *order = EC_GROUP_get0_order(group); + ECDSA_SIG *sig = NULL; + EC_POINT *kG = NULL; + BN_CTX *ctx = NULL; + BIGNUM *k = NULL; + BIGNUM *rk = NULL; + BIGNUM *r = NULL; + BIGNUM *s = NULL; + BIGNUM *x1 = NULL; + BIGNUM *tmp = NULL; + + kG = EC_POINT_new(group); + ctx = BN_CTX_new(); + if (kG == NULL || ctx == NULL) { + SM2err(SM2_F_SM2_SIG_GEN, ERR_R_MALLOC_FAILURE); + goto done; + } + + BN_CTX_start(ctx); + k = BN_CTX_get(ctx); + rk = BN_CTX_get(ctx); + x1 = BN_CTX_get(ctx); + tmp = BN_CTX_get(ctx); + if (tmp == NULL) { + SM2err(SM2_F_SM2_SIG_GEN, ERR_R_MALLOC_FAILURE); + goto done; + } + + /* + * These values are returned and so should not be allocated out of the + * context + */ + r = BN_new(); + s = BN_new(); + + if (r == NULL || s == NULL) { + SM2err(SM2_F_SM2_SIG_GEN, ERR_R_MALLOC_FAILURE); + goto done; + } + + for (;;) { + if (!BN_priv_rand_range(k, order)) { + SM2err(SM2_F_SM2_SIG_GEN, ERR_R_INTERNAL_ERROR); + goto done; + } + + if (!EC_POINT_mul(group, kG, k, NULL, NULL, ctx) + || !EC_POINT_get_affine_coordinates(group, kG, x1, NULL, + ctx) + || !BN_mod_add(r, e, x1, order, ctx)) { + SM2err(SM2_F_SM2_SIG_GEN, ERR_R_INTERNAL_ERROR); + goto done; + } + + /* try again if r == 0 or r+k == n */ + if (BN_is_zero(r)) + continue; + + if (!BN_add(rk, r, k)) { + SM2err(SM2_F_SM2_SIG_GEN, ERR_R_INTERNAL_ERROR); + goto done; + } + + if (BN_cmp(rk, order) == 0) + continue; + + if (!BN_add(s, dA, BN_value_one()) + || !ec_group_do_inverse_ord(group, s, s, ctx) + || !BN_mod_mul(tmp, dA, r, order, ctx) + || !BN_sub(tmp, k, tmp) + || !BN_mod_mul(s, s, tmp, order, ctx)) { + SM2err(SM2_F_SM2_SIG_GEN, ERR_R_BN_LIB); + goto done; + } + + sig = ECDSA_SIG_new(); + if (sig == NULL) { + SM2err(SM2_F_SM2_SIG_GEN, ERR_R_MALLOC_FAILURE); + goto done; + } + + /* takes ownership of r and s */ + ECDSA_SIG_set0(sig, r, s); + break; + } + + done: + if (sig == NULL) { + BN_free(r); + BN_free(s); + } + + BN_CTX_free(ctx); + EC_POINT_free(kG); + return sig; +} + +static int sm2_sig_verify(const EC_KEY *key, const ECDSA_SIG *sig, + const BIGNUM *e) +{ + int ret = 0; + const EC_GROUP *group = EC_KEY_get0_group(key); + const BIGNUM *order = EC_GROUP_get0_order(group); + BN_CTX *ctx = NULL; + EC_POINT *pt = NULL; + BIGNUM *t = NULL; + BIGNUM *x1 = NULL; + const BIGNUM *r = NULL; + const BIGNUM *s = NULL; + + ctx = BN_CTX_new(); + pt = EC_POINT_new(group); + if (ctx == NULL || pt == NULL) { + SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_MALLOC_FAILURE); + goto done; + } + + BN_CTX_start(ctx); + t = BN_CTX_get(ctx); + x1 = BN_CTX_get(ctx); + if (x1 == NULL) { + SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_MALLOC_FAILURE); + goto done; + } + + /* + * B1: verify whether r' in [1,n-1], verification failed if not + * B2: vefify whether s' in [1,n-1], verification failed if not + * B3: set M'~=ZA || M' + * B4: calculate e'=Hv(M'~) + * B5: calculate t = (r' + s') modn, verification failed if t=0 + * B6: calculate the point (x1', y1')=[s']G + [t]PA + * B7: calculate R=(e'+x1') modn, verfication pass if yes, otherwise failed + */ + + ECDSA_SIG_get0(sig, &r, &s); + + if (BN_cmp(r, BN_value_one()) < 0 + || BN_cmp(s, BN_value_one()) < 0 + || BN_cmp(order, r) <= 0 + || BN_cmp(order, s) <= 0) { + SM2err(SM2_F_SM2_SIG_VERIFY, SM2_R_BAD_SIGNATURE); + goto done; + } + + if (!BN_mod_add(t, r, s, order, ctx)) { + SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_BN_LIB); + goto done; + } + + if (BN_is_zero(t)) { + SM2err(SM2_F_SM2_SIG_VERIFY, SM2_R_BAD_SIGNATURE); + goto done; + } + + if (!EC_POINT_mul(group, pt, s, EC_KEY_get0_public_key(key), t, ctx) + || !EC_POINT_get_affine_coordinates(group, pt, x1, NULL, ctx)) { + SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_EC_LIB); + goto done; + } + + if (!BN_mod_add(t, e, x1, order, ctx)) { + SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_BN_LIB); + goto done; + } + + if (BN_cmp(r, t) == 0) + ret = 1; + + done: + EC_POINT_free(pt); + BN_CTX_free(ctx); + return ret; +} + +ECDSA_SIG *sm2_do_sign(const EC_KEY *key, + const EVP_MD *digest, + const uint8_t *id, + const size_t id_len, + const uint8_t *msg, size_t msg_len) +{ + BIGNUM *e = NULL; + ECDSA_SIG *sig = NULL; + + e = sm2_compute_msg_hash(digest, key, id, id_len, msg, msg_len); + if (e == NULL) { + /* SM2err already called */ + goto done; + } + + sig = sm2_sig_gen(key, e); + + done: + BN_free(e); + return sig; +} + +int sm2_do_verify(const EC_KEY *key, + const EVP_MD *digest, + const ECDSA_SIG *sig, + const uint8_t *id, + const size_t id_len, + const uint8_t *msg, size_t msg_len) +{ + BIGNUM *e = NULL; + int ret = 0; + + e = sm2_compute_msg_hash(digest, key, id, id_len, msg, msg_len); + if (e == NULL) { + /* SM2err already called */ + goto done; + } + + ret = sm2_sig_verify(key, sig, e); + + done: + BN_free(e); + return ret; +} + +int sm2_sign(const unsigned char *dgst, int dgstlen, + unsigned char *sig, unsigned int *siglen, EC_KEY *eckey) +{ + BIGNUM *e = NULL; + ECDSA_SIG *s = NULL; + int sigleni; + int ret = -1; + + e = BN_bin2bn(dgst, dgstlen, NULL); + if (e == NULL) { + SM2err(SM2_F_SM2_SIGN, ERR_R_BN_LIB); + goto done; + } + + s = sm2_sig_gen(eckey, e); + + sigleni = i2d_ECDSA_SIG(s, &sig); + if (sigleni < 0) { + SM2err(SM2_F_SM2_SIGN, ERR_R_INTERNAL_ERROR); + goto done; + } + *siglen = (unsigned int)sigleni; + + ret = 1; + + done: + ECDSA_SIG_free(s); + BN_free(e); + return ret; +} + +int sm2_verify(const unsigned char *dgst, int dgstlen, + const unsigned char *sig, int sig_len, EC_KEY *eckey) +{ + ECDSA_SIG *s = NULL; + BIGNUM *e = NULL; + const unsigned char *p = sig; + unsigned char *der = NULL; + int derlen = -1; + int ret = -1; + + s = ECDSA_SIG_new(); + if (s == NULL) { + SM2err(SM2_F_SM2_VERIFY, ERR_R_MALLOC_FAILURE); + goto done; + } + if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL) { + SM2err(SM2_F_SM2_VERIFY, SM2_R_INVALID_ENCODING); + goto done; + } + /* Ensure signature uses DER and doesn't have trailing garbage */ + derlen = i2d_ECDSA_SIG(s, &der); + if (derlen != sig_len || memcmp(sig, der, derlen) != 0) { + SM2err(SM2_F_SM2_VERIFY, SM2_R_INVALID_ENCODING); + goto done; + } + + e = BN_bin2bn(dgst, dgstlen, NULL); + if (e == NULL) { + SM2err(SM2_F_SM2_VERIFY, ERR_R_BN_LIB); + goto done; + } + + ret = sm2_sig_verify(eckey, s, e); + + done: + OPENSSL_free(der); + BN_free(e); + ECDSA_SIG_free(s); + return ret; +} diff --git a/deps/openssl/openssl/crypto/sm3/build.info b/deps/openssl/openssl/crypto/sm3/build.info new file mode 100644 index 00000000000000..6009b1949eb69b --- /dev/null +++ b/deps/openssl/openssl/crypto/sm3/build.info @@ -0,0 +1,2 @@ +LIBS=../../libcrypto +SOURCE[../../libcrypto]=sm3.c m_sm3.c diff --git a/deps/openssl/openssl/crypto/sm3/m_sm3.c b/deps/openssl/openssl/crypto/sm3/m_sm3.c new file mode 100644 index 00000000000000..85538dc8af06a3 --- /dev/null +++ b/deps/openssl/openssl/crypto/sm3/m_sm3.c @@ -0,0 +1,52 @@ +/* + * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017 Ribose Inc. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "internal/cryptlib.h" + +#ifndef OPENSSL_NO_SM3 +# include +# include "internal/evp_int.h" +# include "internal/sm3.h" + +static int init(EVP_MD_CTX *ctx) +{ + return sm3_init(EVP_MD_CTX_md_data(ctx)); +} + +static int update(EVP_MD_CTX *ctx, const void *data, size_t count) +{ + return sm3_update(EVP_MD_CTX_md_data(ctx), data, count); +} + +static int final(EVP_MD_CTX *ctx, unsigned char *md) +{ + return sm3_final(md, EVP_MD_CTX_md_data(ctx)); +} + +static const EVP_MD sm3_md = { + NID_sm3, + NID_sm3WithRSAEncryption, + SM3_DIGEST_LENGTH, + 0, + init, + update, + final, + NULL, + NULL, + SM3_CBLOCK, + sizeof(EVP_MD *) + sizeof(SM3_CTX), +}; + +const EVP_MD *EVP_sm3(void) +{ + return &sm3_md; +} + +#endif diff --git a/deps/openssl/openssl/crypto/sm3/sm3.c b/deps/openssl/openssl/crypto/sm3/sm3.c new file mode 100644 index 00000000000000..93081152f3c824 --- /dev/null +++ b/deps/openssl/openssl/crypto/sm3/sm3.c @@ -0,0 +1,195 @@ +/* + * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017 Ribose Inc. All Rights Reserved. + * Ported from Ribose contributions from Botan. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "sm3_locl.h" + +int sm3_init(SM3_CTX *c) +{ + memset(c, 0, sizeof(*c)); + c->A = SM3_A; + c->B = SM3_B; + c->C = SM3_C; + c->D = SM3_D; + c->E = SM3_E; + c->F = SM3_F; + c->G = SM3_G; + c->H = SM3_H; + return 1; +} + +void sm3_block_data_order(SM3_CTX *ctx, const void *p, size_t num) +{ + const unsigned char *data = p; + register unsigned MD32_REG_T A, B, C, D, E, F, G, H; + + unsigned MD32_REG_T W00, W01, W02, W03, W04, W05, W06, W07, + W08, W09, W10, W11, W12, W13, W14, W15; + + for (; num--;) { + + A = ctx->A; + B = ctx->B; + C = ctx->C; + D = ctx->D; + E = ctx->E; + F = ctx->F; + G = ctx->G; + H = ctx->H; + + /* + * We have to load all message bytes immediately since SM3 reads + * them slightly out of order. + */ + (void)HOST_c2l(data, W00); + (void)HOST_c2l(data, W01); + (void)HOST_c2l(data, W02); + (void)HOST_c2l(data, W03); + (void)HOST_c2l(data, W04); + (void)HOST_c2l(data, W05); + (void)HOST_c2l(data, W06); + (void)HOST_c2l(data, W07); + (void)HOST_c2l(data, W08); + (void)HOST_c2l(data, W09); + (void)HOST_c2l(data, W10); + (void)HOST_c2l(data, W11); + (void)HOST_c2l(data, W12); + (void)HOST_c2l(data, W13); + (void)HOST_c2l(data, W14); + (void)HOST_c2l(data, W15); + + R1(A, B, C, D, E, F, G, H, 0x79CC4519, W00, W00 ^ W04); + W00 = EXPAND(W00, W07, W13, W03, W10); + R1(D, A, B, C, H, E, F, G, 0xF3988A32, W01, W01 ^ W05); + W01 = EXPAND(W01, W08, W14, W04, W11); + R1(C, D, A, B, G, H, E, F, 0xE7311465, W02, W02 ^ W06); + W02 = EXPAND(W02, W09, W15, W05, W12); + R1(B, C, D, A, F, G, H, E, 0xCE6228CB, W03, W03 ^ W07); + W03 = EXPAND(W03, W10, W00, W06, W13); + R1(A, B, C, D, E, F, G, H, 0x9CC45197, W04, W04 ^ W08); + W04 = EXPAND(W04, W11, W01, W07, W14); + R1(D, A, B, C, H, E, F, G, 0x3988A32F, W05, W05 ^ W09); + W05 = EXPAND(W05, W12, W02, W08, W15); + R1(C, D, A, B, G, H, E, F, 0x7311465E, W06, W06 ^ W10); + W06 = EXPAND(W06, W13, W03, W09, W00); + R1(B, C, D, A, F, G, H, E, 0xE6228CBC, W07, W07 ^ W11); + W07 = EXPAND(W07, W14, W04, W10, W01); + R1(A, B, C, D, E, F, G, H, 0xCC451979, W08, W08 ^ W12); + W08 = EXPAND(W08, W15, W05, W11, W02); + R1(D, A, B, C, H, E, F, G, 0x988A32F3, W09, W09 ^ W13); + W09 = EXPAND(W09, W00, W06, W12, W03); + R1(C, D, A, B, G, H, E, F, 0x311465E7, W10, W10 ^ W14); + W10 = EXPAND(W10, W01, W07, W13, W04); + R1(B, C, D, A, F, G, H, E, 0x6228CBCE, W11, W11 ^ W15); + W11 = EXPAND(W11, W02, W08, W14, W05); + R1(A, B, C, D, E, F, G, H, 0xC451979C, W12, W12 ^ W00); + W12 = EXPAND(W12, W03, W09, W15, W06); + R1(D, A, B, C, H, E, F, G, 0x88A32F39, W13, W13 ^ W01); + W13 = EXPAND(W13, W04, W10, W00, W07); + R1(C, D, A, B, G, H, E, F, 0x11465E73, W14, W14 ^ W02); + W14 = EXPAND(W14, W05, W11, W01, W08); + R1(B, C, D, A, F, G, H, E, 0x228CBCE6, W15, W15 ^ W03); + W15 = EXPAND(W15, W06, W12, W02, W09); + R2(A, B, C, D, E, F, G, H, 0x9D8A7A87, W00, W00 ^ W04); + W00 = EXPAND(W00, W07, W13, W03, W10); + R2(D, A, B, C, H, E, F, G, 0x3B14F50F, W01, W01 ^ W05); + W01 = EXPAND(W01, W08, W14, W04, W11); + R2(C, D, A, B, G, H, E, F, 0x7629EA1E, W02, W02 ^ W06); + W02 = EXPAND(W02, W09, W15, W05, W12); + R2(B, C, D, A, F, G, H, E, 0xEC53D43C, W03, W03 ^ W07); + W03 = EXPAND(W03, W10, W00, W06, W13); + R2(A, B, C, D, E, F, G, H, 0xD8A7A879, W04, W04 ^ W08); + W04 = EXPAND(W04, W11, W01, W07, W14); + R2(D, A, B, C, H, E, F, G, 0xB14F50F3, W05, W05 ^ W09); + W05 = EXPAND(W05, W12, W02, W08, W15); + R2(C, D, A, B, G, H, E, F, 0x629EA1E7, W06, W06 ^ W10); + W06 = EXPAND(W06, W13, W03, W09, W00); + R2(B, C, D, A, F, G, H, E, 0xC53D43CE, W07, W07 ^ W11); + W07 = EXPAND(W07, W14, W04, W10, W01); + R2(A, B, C, D, E, F, G, H, 0x8A7A879D, W08, W08 ^ W12); + W08 = EXPAND(W08, W15, W05, W11, W02); + R2(D, A, B, C, H, E, F, G, 0x14F50F3B, W09, W09 ^ W13); + W09 = EXPAND(W09, W00, W06, W12, W03); + R2(C, D, A, B, G, H, E, F, 0x29EA1E76, W10, W10 ^ W14); + W10 = EXPAND(W10, W01, W07, W13, W04); + R2(B, C, D, A, F, G, H, E, 0x53D43CEC, W11, W11 ^ W15); + W11 = EXPAND(W11, W02, W08, W14, W05); + R2(A, B, C, D, E, F, G, H, 0xA7A879D8, W12, W12 ^ W00); + W12 = EXPAND(W12, W03, W09, W15, W06); + R2(D, A, B, C, H, E, F, G, 0x4F50F3B1, W13, W13 ^ W01); + W13 = EXPAND(W13, W04, W10, W00, W07); + R2(C, D, A, B, G, H, E, F, 0x9EA1E762, W14, W14 ^ W02); + W14 = EXPAND(W14, W05, W11, W01, W08); + R2(B, C, D, A, F, G, H, E, 0x3D43CEC5, W15, W15 ^ W03); + W15 = EXPAND(W15, W06, W12, W02, W09); + R2(A, B, C, D, E, F, G, H, 0x7A879D8A, W00, W00 ^ W04); + W00 = EXPAND(W00, W07, W13, W03, W10); + R2(D, A, B, C, H, E, F, G, 0xF50F3B14, W01, W01 ^ W05); + W01 = EXPAND(W01, W08, W14, W04, W11); + R2(C, D, A, B, G, H, E, F, 0xEA1E7629, W02, W02 ^ W06); + W02 = EXPAND(W02, W09, W15, W05, W12); + R2(B, C, D, A, F, G, H, E, 0xD43CEC53, W03, W03 ^ W07); + W03 = EXPAND(W03, W10, W00, W06, W13); + R2(A, B, C, D, E, F, G, H, 0xA879D8A7, W04, W04 ^ W08); + W04 = EXPAND(W04, W11, W01, W07, W14); + R2(D, A, B, C, H, E, F, G, 0x50F3B14F, W05, W05 ^ W09); + W05 = EXPAND(W05, W12, W02, W08, W15); + R2(C, D, A, B, G, H, E, F, 0xA1E7629E, W06, W06 ^ W10); + W06 = EXPAND(W06, W13, W03, W09, W00); + R2(B, C, D, A, F, G, H, E, 0x43CEC53D, W07, W07 ^ W11); + W07 = EXPAND(W07, W14, W04, W10, W01); + R2(A, B, C, D, E, F, G, H, 0x879D8A7A, W08, W08 ^ W12); + W08 = EXPAND(W08, W15, W05, W11, W02); + R2(D, A, B, C, H, E, F, G, 0x0F3B14F5, W09, W09 ^ W13); + W09 = EXPAND(W09, W00, W06, W12, W03); + R2(C, D, A, B, G, H, E, F, 0x1E7629EA, W10, W10 ^ W14); + W10 = EXPAND(W10, W01, W07, W13, W04); + R2(B, C, D, A, F, G, H, E, 0x3CEC53D4, W11, W11 ^ W15); + W11 = EXPAND(W11, W02, W08, W14, W05); + R2(A, B, C, D, E, F, G, H, 0x79D8A7A8, W12, W12 ^ W00); + W12 = EXPAND(W12, W03, W09, W15, W06); + R2(D, A, B, C, H, E, F, G, 0xF3B14F50, W13, W13 ^ W01); + W13 = EXPAND(W13, W04, W10, W00, W07); + R2(C, D, A, B, G, H, E, F, 0xE7629EA1, W14, W14 ^ W02); + W14 = EXPAND(W14, W05, W11, W01, W08); + R2(B, C, D, A, F, G, H, E, 0xCEC53D43, W15, W15 ^ W03); + W15 = EXPAND(W15, W06, W12, W02, W09); + R2(A, B, C, D, E, F, G, H, 0x9D8A7A87, W00, W00 ^ W04); + W00 = EXPAND(W00, W07, W13, W03, W10); + R2(D, A, B, C, H, E, F, G, 0x3B14F50F, W01, W01 ^ W05); + W01 = EXPAND(W01, W08, W14, W04, W11); + R2(C, D, A, B, G, H, E, F, 0x7629EA1E, W02, W02 ^ W06); + W02 = EXPAND(W02, W09, W15, W05, W12); + R2(B, C, D, A, F, G, H, E, 0xEC53D43C, W03, W03 ^ W07); + W03 = EXPAND(W03, W10, W00, W06, W13); + R2(A, B, C, D, E, F, G, H, 0xD8A7A879, W04, W04 ^ W08); + R2(D, A, B, C, H, E, F, G, 0xB14F50F3, W05, W05 ^ W09); + R2(C, D, A, B, G, H, E, F, 0x629EA1E7, W06, W06 ^ W10); + R2(B, C, D, A, F, G, H, E, 0xC53D43CE, W07, W07 ^ W11); + R2(A, B, C, D, E, F, G, H, 0x8A7A879D, W08, W08 ^ W12); + R2(D, A, B, C, H, E, F, G, 0x14F50F3B, W09, W09 ^ W13); + R2(C, D, A, B, G, H, E, F, 0x29EA1E76, W10, W10 ^ W14); + R2(B, C, D, A, F, G, H, E, 0x53D43CEC, W11, W11 ^ W15); + R2(A, B, C, D, E, F, G, H, 0xA7A879D8, W12, W12 ^ W00); + R2(D, A, B, C, H, E, F, G, 0x4F50F3B1, W13, W13 ^ W01); + R2(C, D, A, B, G, H, E, F, 0x9EA1E762, W14, W14 ^ W02); + R2(B, C, D, A, F, G, H, E, 0x3D43CEC5, W15, W15 ^ W03); + + ctx->A ^= A; + ctx->B ^= B; + ctx->C ^= C; + ctx->D ^= D; + ctx->E ^= E; + ctx->F ^= F; + ctx->G ^= G; + ctx->H ^= H; + } +} diff --git a/deps/openssl/openssl/crypto/sm3/sm3_locl.h b/deps/openssl/openssl/crypto/sm3/sm3_locl.h new file mode 100644 index 00000000000000..efa6db57c6cdd8 --- /dev/null +++ b/deps/openssl/openssl/crypto/sm3/sm3_locl.h @@ -0,0 +1,79 @@ +/* + * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017 Ribose Inc. All Rights Reserved. + * Ported from Ribose contributions from Botan. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "internal/sm3.h" + +#define DATA_ORDER_IS_BIG_ENDIAN + +#define HASH_LONG SM3_WORD +#define HASH_CTX SM3_CTX +#define HASH_CBLOCK SM3_CBLOCK +#define HASH_UPDATE sm3_update +#define HASH_TRANSFORM sm3_transform +#define HASH_FINAL sm3_final +#define HASH_MAKE_STRING(c, s) \ + do { \ + unsigned long ll; \ + ll=(c)->A; (void)HOST_l2c(ll, (s)); \ + ll=(c)->B; (void)HOST_l2c(ll, (s)); \ + ll=(c)->C; (void)HOST_l2c(ll, (s)); \ + ll=(c)->D; (void)HOST_l2c(ll, (s)); \ + ll=(c)->E; (void)HOST_l2c(ll, (s)); \ + ll=(c)->F; (void)HOST_l2c(ll, (s)); \ + ll=(c)->G; (void)HOST_l2c(ll, (s)); \ + ll=(c)->H; (void)HOST_l2c(ll, (s)); \ + } while (0) +#define HASH_BLOCK_DATA_ORDER sm3_block_data_order + +void sm3_transform(SM3_CTX *c, const unsigned char *data); + +#include "internal/md32_common.h" + +#define P0(X) (X ^ ROTATE(X, 9) ^ ROTATE(X, 17)) +#define P1(X) (X ^ ROTATE(X, 15) ^ ROTATE(X, 23)) + +#define FF0(X,Y,Z) (X ^ Y ^ Z) +#define GG0(X,Y,Z) (X ^ Y ^ Z) + +#define FF1(X,Y,Z) ((X & Y) | ((X | Y) & Z)) +#define GG1(X,Y,Z) ((Z ^ (X & (Y ^ Z)))) + +#define EXPAND(W0,W7,W13,W3,W10) \ + (P1(W0 ^ W7 ^ ROTATE(W13, 15)) ^ ROTATE(W3, 7) ^ W10) + +#define RND(A, B, C, D, E, F, G, H, TJ, Wi, Wj, FF, GG) \ + do { \ + const SM3_WORD A12 = ROTATE(A, 12); \ + const SM3_WORD A12_SM = A12 + E + TJ; \ + const SM3_WORD SS1 = ROTATE(A12_SM, 7); \ + const SM3_WORD TT1 = FF(A, B, C) + D + (SS1 ^ A12) + (Wj); \ + const SM3_WORD TT2 = GG(E, F, G) + H + SS1 + Wi; \ + B = ROTATE(B, 9); \ + D = TT1; \ + F = ROTATE(F, 19); \ + H = P0(TT2); \ + } while(0) + +#define R1(A,B,C,D,E,F,G,H,TJ,Wi,Wj) \ + RND(A,B,C,D,E,F,G,H,TJ,Wi,Wj,FF0,GG0) + +#define R2(A,B,C,D,E,F,G,H,TJ,Wi,Wj) \ + RND(A,B,C,D,E,F,G,H,TJ,Wi,Wj,FF1,GG1) + +#define SM3_A 0x7380166fUL +#define SM3_B 0x4914b2b9UL +#define SM3_C 0x172442d7UL +#define SM3_D 0xda8a0600UL +#define SM3_E 0xa96f30bcUL +#define SM3_F 0x163138aaUL +#define SM3_G 0xe38dee4dUL +#define SM3_H 0xb0fb0e4eUL diff --git a/deps/openssl/openssl/crypto/sm4/build.info b/deps/openssl/openssl/crypto/sm4/build.info new file mode 100644 index 00000000000000..f539df4adf94e6 --- /dev/null +++ b/deps/openssl/openssl/crypto/sm4/build.info @@ -0,0 +1,3 @@ +LIBS=../../libcrypto +SOURCE[../../libcrypto]=\ + sm4.c diff --git a/deps/openssl/openssl/crypto/sm4/sm4.c b/deps/openssl/openssl/crypto/sm4/sm4.c new file mode 100644 index 00000000000000..0c819a4b68eb36 --- /dev/null +++ b/deps/openssl/openssl/crypto/sm4/sm4.c @@ -0,0 +1,233 @@ +/* + * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017 Ribose Inc. All Rights Reserved. + * Ported from Ribose contributions from Botan. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "internal/sm4.h" + +static const uint8_t SM4_S[256] = { + 0xD6, 0x90, 0xE9, 0xFE, 0xCC, 0xE1, 0x3D, 0xB7, 0x16, 0xB6, 0x14, 0xC2, + 0x28, 0xFB, 0x2C, 0x05, 0x2B, 0x67, 0x9A, 0x76, 0x2A, 0xBE, 0x04, 0xC3, + 0xAA, 0x44, 0x13, 0x26, 0x49, 0x86, 0x06, 0x99, 0x9C, 0x42, 0x50, 0xF4, + 0x91, 0xEF, 0x98, 0x7A, 0x33, 0x54, 0x0B, 0x43, 0xED, 0xCF, 0xAC, 0x62, + 0xE4, 0xB3, 0x1C, 0xA9, 0xC9, 0x08, 0xE8, 0x95, 0x80, 0xDF, 0x94, 0xFA, + 0x75, 0x8F, 0x3F, 0xA6, 0x47, 0x07, 0xA7, 0xFC, 0xF3, 0x73, 0x17, 0xBA, + 0x83, 0x59, 0x3C, 0x19, 0xE6, 0x85, 0x4F, 0xA8, 0x68, 0x6B, 0x81, 0xB2, + 0x71, 0x64, 0xDA, 0x8B, 0xF8, 0xEB, 0x0F, 0x4B, 0x70, 0x56, 0x9D, 0x35, + 0x1E, 0x24, 0x0E, 0x5E, 0x63, 0x58, 0xD1, 0xA2, 0x25, 0x22, 0x7C, 0x3B, + 0x01, 0x21, 0x78, 0x87, 0xD4, 0x00, 0x46, 0x57, 0x9F, 0xD3, 0x27, 0x52, + 0x4C, 0x36, 0x02, 0xE7, 0xA0, 0xC4, 0xC8, 0x9E, 0xEA, 0xBF, 0x8A, 0xD2, + 0x40, 0xC7, 0x38, 0xB5, 0xA3, 0xF7, 0xF2, 0xCE, 0xF9, 0x61, 0x15, 0xA1, + 0xE0, 0xAE, 0x5D, 0xA4, 0x9B, 0x34, 0x1A, 0x55, 0xAD, 0x93, 0x32, 0x30, + 0xF5, 0x8C, 0xB1, 0xE3, 0x1D, 0xF6, 0xE2, 0x2E, 0x82, 0x66, 0xCA, 0x60, + 0xC0, 0x29, 0x23, 0xAB, 0x0D, 0x53, 0x4E, 0x6F, 0xD5, 0xDB, 0x37, 0x45, + 0xDE, 0xFD, 0x8E, 0x2F, 0x03, 0xFF, 0x6A, 0x72, 0x6D, 0x6C, 0x5B, 0x51, + 0x8D, 0x1B, 0xAF, 0x92, 0xBB, 0xDD, 0xBC, 0x7F, 0x11, 0xD9, 0x5C, 0x41, + 0x1F, 0x10, 0x5A, 0xD8, 0x0A, 0xC1, 0x31, 0x88, 0xA5, 0xCD, 0x7B, 0xBD, + 0x2D, 0x74, 0xD0, 0x12, 0xB8, 0xE5, 0xB4, 0xB0, 0x89, 0x69, 0x97, 0x4A, + 0x0C, 0x96, 0x77, 0x7E, 0x65, 0xB9, 0xF1, 0x09, 0xC5, 0x6E, 0xC6, 0x84, + 0x18, 0xF0, 0x7D, 0xEC, 0x3A, 0xDC, 0x4D, 0x20, 0x79, 0xEE, 0x5F, 0x3E, + 0xD7, 0xCB, 0x39, 0x48 +}; + +/* + * SM4_SBOX_T[j] == L(SM4_SBOX[j]). + */ +static const uint32_t SM4_SBOX_T[256] = { + 0x8ED55B5B, 0xD0924242, 0x4DEAA7A7, 0x06FDFBFB, 0xFCCF3333, 0x65E28787, + 0xC93DF4F4, 0x6BB5DEDE, 0x4E165858, 0x6EB4DADA, 0x44145050, 0xCAC10B0B, + 0x8828A0A0, 0x17F8EFEF, 0x9C2CB0B0, 0x11051414, 0x872BACAC, 0xFB669D9D, + 0xF2986A6A, 0xAE77D9D9, 0x822AA8A8, 0x46BCFAFA, 0x14041010, 0xCFC00F0F, + 0x02A8AAAA, 0x54451111, 0x5F134C4C, 0xBE269898, 0x6D482525, 0x9E841A1A, + 0x1E061818, 0xFD9B6666, 0xEC9E7272, 0x4A430909, 0x10514141, 0x24F7D3D3, + 0xD5934646, 0x53ECBFBF, 0xF89A6262, 0x927BE9E9, 0xFF33CCCC, 0x04555151, + 0x270B2C2C, 0x4F420D0D, 0x59EEB7B7, 0xF3CC3F3F, 0x1CAEB2B2, 0xEA638989, + 0x74E79393, 0x7FB1CECE, 0x6C1C7070, 0x0DABA6A6, 0xEDCA2727, 0x28082020, + 0x48EBA3A3, 0xC1975656, 0x80820202, 0xA3DC7F7F, 0xC4965252, 0x12F9EBEB, + 0xA174D5D5, 0xB38D3E3E, 0xC33FFCFC, 0x3EA49A9A, 0x5B461D1D, 0x1B071C1C, + 0x3BA59E9E, 0x0CFFF3F3, 0x3FF0CFCF, 0xBF72CDCD, 0x4B175C5C, 0x52B8EAEA, + 0x8F810E0E, 0x3D586565, 0xCC3CF0F0, 0x7D196464, 0x7EE59B9B, 0x91871616, + 0x734E3D3D, 0x08AAA2A2, 0xC869A1A1, 0xC76AADAD, 0x85830606, 0x7AB0CACA, + 0xB570C5C5, 0xF4659191, 0xB2D96B6B, 0xA7892E2E, 0x18FBE3E3, 0x47E8AFAF, + 0x330F3C3C, 0x674A2D2D, 0xB071C1C1, 0x0E575959, 0xE99F7676, 0xE135D4D4, + 0x661E7878, 0xB4249090, 0x360E3838, 0x265F7979, 0xEF628D8D, 0x38596161, + 0x95D24747, 0x2AA08A8A, 0xB1259494, 0xAA228888, 0x8C7DF1F1, 0xD73BECEC, + 0x05010404, 0xA5218484, 0x9879E1E1, 0x9B851E1E, 0x84D75353, 0x00000000, + 0x5E471919, 0x0B565D5D, 0xE39D7E7E, 0x9FD04F4F, 0xBB279C9C, 0x1A534949, + 0x7C4D3131, 0xEE36D8D8, 0x0A020808, 0x7BE49F9F, 0x20A28282, 0xD4C71313, + 0xE8CB2323, 0xE69C7A7A, 0x42E9ABAB, 0x43BDFEFE, 0xA2882A2A, 0x9AD14B4B, + 0x40410101, 0xDBC41F1F, 0xD838E0E0, 0x61B7D6D6, 0x2FA18E8E, 0x2BF4DFDF, + 0x3AF1CBCB, 0xF6CD3B3B, 0x1DFAE7E7, 0xE5608585, 0x41155454, 0x25A38686, + 0x60E38383, 0x16ACBABA, 0x295C7575, 0x34A69292, 0xF7996E6E, 0xE434D0D0, + 0x721A6868, 0x01545555, 0x19AFB6B6, 0xDF914E4E, 0xFA32C8C8, 0xF030C0C0, + 0x21F6D7D7, 0xBC8E3232, 0x75B3C6C6, 0x6FE08F8F, 0x691D7474, 0x2EF5DBDB, + 0x6AE18B8B, 0x962EB8B8, 0x8A800A0A, 0xFE679999, 0xE2C92B2B, 0xE0618181, + 0xC0C30303, 0x8D29A4A4, 0xAF238C8C, 0x07A9AEAE, 0x390D3434, 0x1F524D4D, + 0x764F3939, 0xD36EBDBD, 0x81D65757, 0xB7D86F6F, 0xEB37DCDC, 0x51441515, + 0xA6DD7B7B, 0x09FEF7F7, 0xB68C3A3A, 0x932FBCBC, 0x0F030C0C, 0x03FCFFFF, + 0xC26BA9A9, 0xBA73C9C9, 0xD96CB5B5, 0xDC6DB1B1, 0x375A6D6D, 0x15504545, + 0xB98F3636, 0x771B6C6C, 0x13ADBEBE, 0xDA904A4A, 0x57B9EEEE, 0xA9DE7777, + 0x4CBEF2F2, 0x837EFDFD, 0x55114444, 0xBDDA6767, 0x2C5D7171, 0x45400505, + 0x631F7C7C, 0x50104040, 0x325B6969, 0xB8DB6363, 0x220A2828, 0xC5C20707, + 0xF531C4C4, 0xA88A2222, 0x31A79696, 0xF9CE3737, 0x977AEDED, 0x49BFF6F6, + 0x992DB4B4, 0xA475D1D1, 0x90D34343, 0x5A124848, 0x58BAE2E2, 0x71E69797, + 0x64B6D2D2, 0x70B2C2C2, 0xAD8B2626, 0xCD68A5A5, 0xCB955E5E, 0x624B2929, + 0x3C0C3030, 0xCE945A5A, 0xAB76DDDD, 0x867FF9F9, 0xF1649595, 0x5DBBE6E6, + 0x35F2C7C7, 0x2D092424, 0xD1C61717, 0xD66FB9B9, 0xDEC51B1B, 0x94861212, + 0x78186060, 0x30F3C3C3, 0x897CF5F5, 0x5CEFB3B3, 0xD23AE8E8, 0xACDF7373, + 0x794C3535, 0xA0208080, 0x9D78E5E5, 0x56EDBBBB, 0x235E7D7D, 0xC63EF8F8, + 0x8BD45F5F, 0xE7C82F2F, 0xDD39E4E4, 0x68492121 }; + +static ossl_inline uint32_t rotl(uint32_t a, uint8_t n) +{ + return (a << n) | (a >> (32 - n)); +} + +static ossl_inline uint32_t load_u32_be(const uint8_t *b, uint32_t n) +{ + return ((uint32_t)b[4 * n] << 24) | + ((uint32_t)b[4 * n + 1] << 16) | + ((uint32_t)b[4 * n + 2] << 8) | + ((uint32_t)b[4 * n + 3]); +} + +static ossl_inline void store_u32_be(uint32_t v, uint8_t *b) +{ + b[0] = (uint8_t)(v >> 24); + b[1] = (uint8_t)(v >> 16); + b[2] = (uint8_t)(v >> 8); + b[3] = (uint8_t)(v); +} + +static ossl_inline uint32_t SM4_T_slow(uint32_t X) +{ + uint32_t t = 0; + + t |= ((uint32_t)SM4_S[(uint8_t)(X >> 24)]) << 24; + t |= ((uint32_t)SM4_S[(uint8_t)(X >> 16)]) << 16; + t |= ((uint32_t)SM4_S[(uint8_t)(X >> 8)]) << 8; + t |= SM4_S[(uint8_t)X]; + + /* + * L linear transform + */ + return t ^ rotl(t, 2) ^ rotl(t, 10) ^ rotl(t, 18) ^ rotl(t, 24); +} + +static ossl_inline uint32_t SM4_T(uint32_t X) +{ + return SM4_SBOX_T[(uint8_t)(X >> 24)] ^ + rotl(SM4_SBOX_T[(uint8_t)(X >> 16)], 24) ^ + rotl(SM4_SBOX_T[(uint8_t)(X >> 8)], 16) ^ + rotl(SM4_SBOX_T[(uint8_t)X], 8); +} + +int SM4_set_key(const uint8_t *key, SM4_KEY *ks) +{ + /* + * Family Key + */ + static const uint32_t FK[4] = + { 0xa3b1bac6, 0x56aa3350, 0x677d9197, 0xb27022dc }; + + /* + * Constant Key + */ + static const uint32_t CK[32] = { + 0x00070E15, 0x1C232A31, 0x383F464D, 0x545B6269, + 0x70777E85, 0x8C939AA1, 0xA8AFB6BD, 0xC4CBD2D9, + 0xE0E7EEF5, 0xFC030A11, 0x181F262D, 0x343B4249, + 0x50575E65, 0x6C737A81, 0x888F969D, 0xA4ABB2B9, + 0xC0C7CED5, 0xDCE3EAF1, 0xF8FF060D, 0x141B2229, + 0x30373E45, 0x4C535A61, 0x686F767D, 0x848B9299, + 0xA0A7AEB5, 0xBCC3CAD1, 0xD8DFE6ED, 0xF4FB0209, + 0x10171E25, 0x2C333A41, 0x484F565D, 0x646B7279 + }; + + uint32_t K[4]; + int i; + + K[0] = load_u32_be(key, 0) ^ FK[0]; + K[1] = load_u32_be(key, 1) ^ FK[1]; + K[2] = load_u32_be(key, 2) ^ FK[2]; + K[3] = load_u32_be(key, 3) ^ FK[3]; + + for (i = 0; i != SM4_KEY_SCHEDULE; ++i) { + uint32_t X = K[(i + 1) % 4] ^ K[(i + 2) % 4] ^ K[(i + 3) % 4] ^ CK[i]; + uint32_t t = 0; + + t |= ((uint32_t)SM4_S[(uint8_t)(X >> 24)]) << 24; + t |= ((uint32_t)SM4_S[(uint8_t)(X >> 16)]) << 16; + t |= ((uint32_t)SM4_S[(uint8_t)(X >> 8)]) << 8; + t |= SM4_S[(uint8_t)X]; + + t = t ^ rotl(t, 13) ^ rotl(t, 23); + K[i % 4] ^= t; + ks->rk[i] = K[i % 4]; + } + + return 1; +} + +#define SM4_RNDS(k0, k1, k2, k3, F) \ + do { \ + B0 ^= F(B1 ^ B2 ^ B3 ^ ks->rk[k0]); \ + B1 ^= F(B0 ^ B2 ^ B3 ^ ks->rk[k1]); \ + B2 ^= F(B0 ^ B1 ^ B3 ^ ks->rk[k2]); \ + B3 ^= F(B0 ^ B1 ^ B2 ^ ks->rk[k3]); \ + } while(0) + +void SM4_encrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks) +{ + uint32_t B0 = load_u32_be(in, 0); + uint32_t B1 = load_u32_be(in, 1); + uint32_t B2 = load_u32_be(in, 2); + uint32_t B3 = load_u32_be(in, 3); + + /* + * Uses byte-wise sbox in the first and last rounds to provide some + * protection from cache based side channels. + */ + SM4_RNDS( 0, 1, 2, 3, SM4_T_slow); + SM4_RNDS( 4, 5, 6, 7, SM4_T); + SM4_RNDS( 8, 9, 10, 11, SM4_T); + SM4_RNDS(12, 13, 14, 15, SM4_T); + SM4_RNDS(16, 17, 18, 19, SM4_T); + SM4_RNDS(20, 21, 22, 23, SM4_T); + SM4_RNDS(24, 25, 26, 27, SM4_T); + SM4_RNDS(28, 29, 30, 31, SM4_T_slow); + + store_u32_be(B3, out); + store_u32_be(B2, out + 4); + store_u32_be(B1, out + 8); + store_u32_be(B0, out + 12); +} + +void SM4_decrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks) +{ + uint32_t B0 = load_u32_be(in, 0); + uint32_t B1 = load_u32_be(in, 1); + uint32_t B2 = load_u32_be(in, 2); + uint32_t B3 = load_u32_be(in, 3); + + SM4_RNDS(31, 30, 29, 28, SM4_T_slow); + SM4_RNDS(27, 26, 25, 24, SM4_T); + SM4_RNDS(23, 22, 21, 20, SM4_T); + SM4_RNDS(19, 18, 17, 16, SM4_T); + SM4_RNDS(15, 14, 13, 12, SM4_T); + SM4_RNDS(11, 10, 9, 8, SM4_T); + SM4_RNDS( 7, 6, 5, 4, SM4_T); + SM4_RNDS( 3, 2, 1, 0, SM4_T_slow); + + store_u32_be(B3, out); + store_u32_be(B2, out + 4); + store_u32_be(B1, out + 8); + store_u32_be(B0, out + 12); +} diff --git a/deps/openssl/openssl/crypto/sparccpuid.S b/deps/openssl/openssl/crypto/sparccpuid.S index c6ca22473846ab..95acd2f9d4d261 100644 --- a/deps/openssl/openssl/crypto/sparccpuid.S +++ b/deps/openssl/openssl/crypto/sparccpuid.S @@ -5,10 +5,6 @@ ! in the file LICENSE in the source distribution or at ! https://www.openssl.org/source/license.html -#ifdef OPENSSL_FIPSCANISTER -#include -#endif - #if defined(__SUNPRO_C) && defined(__sparcv9) # define ABI64 /* They've said -xarch=v9 at command line */ #elif defined(__GNUC__) && defined(__arch64__) diff --git a/deps/openssl/openssl/crypto/sparcv9cap.c b/deps/openssl/openssl/crypto/sparcv9cap.c index 61d0334ee4213d..c8c567536b33d7 100644 --- a/deps/openssl/openssl/crypto/sparcv9cap.c +++ b/deps/openssl/openssl/crypto/sparcv9cap.c @@ -15,6 +15,7 @@ #include #include #include +#include "internal/cryptlib.h" #include "sparc_arch.h" @@ -98,7 +99,7 @@ unsigned long _sparcv9_random(void); size_t _sparcv9_vis1_instrument_bus(unsigned int *, size_t); size_t _sparcv9_vis1_instrument_bus2(unsigned int *, size_t, size_t); -unsigned long OPENSSL_rdtsc(void) +uint32_t OPENSSL_rdtsc(void) { if (OPENSSL_sparcv9cap_P[0] & SPARCV9_TICK_PRIVILEGED) #if defined(__sun) && defined(__SVR4) diff --git a/deps/openssl/openssl/crypto/srp/srp_lib.c b/deps/openssl/openssl/crypto/srp/srp_lib.c index e79352cb2eb00a..b97d630d375330 100644 --- a/deps/openssl/openssl/crypto/srp/srp_lib.c +++ b/deps/openssl/openssl/crypto/srp/srp_lib.c @@ -1,10 +1,14 @@ /* - * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2004, EdelKey Project. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html + * + * Originally written by Christophe Renou and Peter Sylvester, + * for the EdelKey project. */ #ifndef OPENSSL_NO_SRP diff --git a/deps/openssl/openssl/crypto/srp/srp_vfy.c b/deps/openssl/openssl/crypto/srp/srp_vfy.c index 29b7afcb047b6f..35e97d9a1282f8 100644 --- a/deps/openssl/openssl/crypto/srp/srp_vfy.c +++ b/deps/openssl/openssl/crypto/srp/srp_vfy.c @@ -1,144 +1,176 @@ /* - * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2004, EdelKey Project. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html + * + * Originally written by Christophe Renou and Peter Sylvester, + * for the EdelKey project. */ #ifndef OPENSSL_NO_SRP # include "internal/cryptlib.h" +# include "internal/evp_int.h" # include # include # include # include # include # include +# include # define SRP_RANDOM_SALT_LEN 20 # define MAX_LEN 2500 -static char b64table[] = - "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./"; - /* - * the following two conversion routines have been inspired by code from - * Stanford + * Note that SRP uses its own variant of base 64 encoding. A different base64 + * alphabet is used and no padding '=' characters are added. Instead we pad to + * the front with 0 bytes and subsequently strip off leading encoded padding. + * This variant is used for compatibility with other SRP implementations - + * notably libsrp, but also others. It is also required for backwards + * compatibility in order to load verifier files from other OpenSSL versions. */ /* * Convert a base64 string into raw byte array representation. + * Returns the length of the decoded data, or -1 on error. */ static int t_fromb64(unsigned char *a, size_t alen, const char *src) { - char *loc; - int i, j; - int size; - - if (alen == 0 || alen > INT_MAX) - return -1; + EVP_ENCODE_CTX *ctx; + int outl = 0, outl2 = 0; + size_t size, padsize; + const unsigned char *pad = (const unsigned char *)"00"; - while (*src && (*src == ' ' || *src == '\t' || *src == '\n')) + while (*src == ' ' || *src == '\t' || *src == '\n') ++src; size = strlen(src); - if (size < 0 || size >= (int)alen) + padsize = 4 - (size & 3); + padsize &= 3; + + /* Four bytes in src become three bytes output. */ + if (size > INT_MAX || ((size + padsize) / 4) * 3 > alen) return -1; - i = 0; - while (i < size) { - loc = strchr(b64table, src[i]); - if (loc == (char *)0) - break; - else - a[i] = loc - b64table; - ++i; + ctx = EVP_ENCODE_CTX_new(); + if (ctx == NULL) + return -1; + + /* + * This should never occur because 1 byte of data always requires 2 bytes of + * encoding, i.e. + * 0 bytes unencoded = 0 bytes encoded + * 1 byte unencoded = 2 bytes encoded + * 2 bytes unencoded = 3 bytes encoded + * 3 bytes unencoded = 4 bytes encoded + * 4 bytes unencoded = 6 bytes encoded + * etc + */ + if (padsize == 3) { + outl = -1; + goto err; } - /* if nothing valid to process we have a zero length response */ - if (i == 0) - return 0; - size = i; - i = size - 1; - j = size; - while (1) { - a[j] = a[i]; - if (--i < 0) - break; - a[j] |= (a[i] & 3) << 6; - --j; - a[j] = (unsigned char)((a[i] & 0x3c) >> 2); - if (--i < 0) - break; - a[j] |= (a[i] & 0xf) << 4; - --j; - a[j] = (unsigned char)((a[i] & 0x30) >> 4); - if (--i < 0) - break; - a[j] |= (a[i] << 2); - - a[--j] = 0; - if (--i < 0) - break; + + /* Valid padsize values are now 0, 1 or 2 */ + + EVP_DecodeInit(ctx); + evp_encode_ctx_set_flags(ctx, EVP_ENCODE_CTX_USE_SRP_ALPHABET); + + /* Add any encoded padding that is required */ + if (padsize != 0 + && EVP_DecodeUpdate(ctx, a, &outl, pad, padsize) < 0) { + outl = -1; + goto err; + } + if (EVP_DecodeUpdate(ctx, a, &outl2, (const unsigned char *)src, size) < 0) { + outl = -1; + goto err; } - while (j <= size && a[j] == 0) - ++j; - i = 0; - while (j <= size) - a[i++] = a[j++]; - return i; + outl += outl2; + EVP_DecodeFinal(ctx, a + outl, &outl2); + outl += outl2; + + /* Strip off the leading padding */ + if (padsize != 0) { + if ((int)padsize >= outl) { + outl = -1; + goto err; + } + + /* + * If we added 1 byte of padding prior to encoding then we have 2 bytes + * of "real" data which gets spread across 4 encoded bytes like this: + * (6 bits pad)(2 bits pad | 4 bits data)(6 bits data)(6 bits data) + * So 1 byte of pre-encoding padding results in 1 full byte of encoded + * padding. + * If we added 2 bytes of padding prior to encoding this gets encoded + * as: + * (6 bits pad)(6 bits pad)(4 bits pad | 2 bits data)(6 bits data) + * So 2 bytes of pre-encoding padding results in 2 full bytes of encoded + * padding, i.e. we have to strip the same number of bytes of padding + * from the encoded data as we added to the pre-encoded data. + */ + memmove(a, a + padsize, outl - padsize); + outl -= padsize; + } + + err: + EVP_ENCODE_CTX_free(ctx); + + return outl; } /* * Convert a raw byte string into a null-terminated base64 ASCII string. + * Returns 1 on success or 0 on error. */ -static char *t_tob64(char *dst, const unsigned char *src, int size) +static int t_tob64(char *dst, const unsigned char *src, int size) { - int c, pos = size % 3; - unsigned char b0 = 0, b1 = 0, b2 = 0, notleading = 0; - char *olddst = dst; - - switch (pos) { - case 1: - b2 = src[0]; - break; - case 2: - b1 = src[0]; - b2 = src[1]; - break; + EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new(); + int outl = 0, outl2 = 0; + unsigned char pad[2] = {0, 0}; + size_t leadz = 0; + + if (ctx == NULL) + return 0; + + EVP_EncodeInit(ctx); + evp_encode_ctx_set_flags(ctx, EVP_ENCODE_CTX_NO_NEWLINES + | EVP_ENCODE_CTX_USE_SRP_ALPHABET); + + /* + * We pad at the front with zero bytes until the length is a multiple of 3 + * so that EVP_EncodeUpdate/EVP_EncodeFinal does not add any of its own "=" + * padding + */ + leadz = 3 - (size % 3); + if (leadz != 3 + && !EVP_EncodeUpdate(ctx, (unsigned char *)dst, &outl, pad, + leadz)) { + EVP_ENCODE_CTX_free(ctx); + return 0; } - while (1) { - c = (b0 & 0xfc) >> 2; - if (notleading || c != 0) { - *dst++ = b64table[c]; - notleading = 1; - } - c = ((b0 & 3) << 4) | ((b1 & 0xf0) >> 4); - if (notleading || c != 0) { - *dst++ = b64table[c]; - notleading = 1; - } - c = ((b1 & 0xf) << 2) | ((b2 & 0xc0) >> 6); - if (notleading || c != 0) { - *dst++ = b64table[c]; - notleading = 1; - } - c = b2 & 0x3f; - if (notleading || c != 0) { - *dst++ = b64table[c]; - notleading = 1; - } - if (pos >= size) - break; - else { - b0 = src[pos++]; - b1 = src[pos++]; - b2 = src[pos++]; - } + if (!EVP_EncodeUpdate(ctx, (unsigned char *)dst + outl, &outl2, src, + size)) { + EVP_ENCODE_CTX_free(ctx); + return 0; + } + outl += outl2; + EVP_EncodeFinal(ctx, (unsigned char *)dst + outl, &outl2); + outl += outl2; + + /* Strip the encoded padding at the front */ + if (leadz != 3) { + memmove(dst, dst + leadz, outl - leadz); + dst[outl - leadz] = '\0'; } - *dst++ = '\0'; - return olddst; + EVP_ENCODE_CTX_free(ctx); + return 1; } void SRP_user_pwd_free(SRP_user_pwd *user_pwd) @@ -154,9 +186,12 @@ void SRP_user_pwd_free(SRP_user_pwd *user_pwd) static SRP_user_pwd *SRP_user_pwd_new(void) { - SRP_user_pwd *ret = OPENSSL_malloc(sizeof(*ret)); - if (ret == NULL) + SRP_user_pwd *ret; + + if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) { + /* SRPerr(SRP_F_SRP_USER_PWD_NEW, ERR_R_MALLOC_FAILURE); */ /*ckerr_ignore*/ return NULL; + } ret->N = NULL; ret->g = NULL; ret->s = NULL; @@ -474,7 +509,7 @@ static SRP_user_pwd *find_user(SRP_VBASE *vb, char *username) return NULL; } - #if OPENSSL_API_COMPAT < 0x10100000L +# if OPENSSL_API_COMPAT < 0x10100000L /* * DEPRECATED: use SRP_VBASE_get1_by_user instead. * This method ignores the configured seed and fails for an unknown user. @@ -485,7 +520,7 @@ SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username) { return find_user(vb, username); } -#endif +# endif /* * Ownership of the returned pointer is released to the caller. @@ -518,7 +553,7 @@ SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username) if (!SRP_user_pwd_set_ids(user, username, NULL)) goto err; - if (RAND_bytes(digv, SHA_DIGEST_LENGTH) <= 0) + if (RAND_priv_bytes(digv, SHA_DIGEST_LENGTH) <= 0) goto err; ctxt = EVP_MD_CTX_new(); if (ctxt == NULL diff --git a/deps/openssl/openssl/crypto/stack/stack.c b/deps/openssl/openssl/crypto/stack/stack.c index 43ddf30ac1f111..975515db59727a 100644 --- a/deps/openssl/openssl/crypto/stack/stack.c +++ b/deps/openssl/openssl/crypto/stack/stack.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,20 +12,25 @@ #include "internal/numbers.h" #include #include +#include +#include /* For ossl_inline */ + +/* + * The initial number of nodes in the array. + */ +static const int min_nodes = 4; +static const int max_nodes = SIZE_MAX / sizeof(void *) < INT_MAX + ? (int)(SIZE_MAX / sizeof(void *)) + : INT_MAX; struct stack_st { int num; - const char **data; + const void **data; int sorted; - size_t num_alloc; + int num_alloc; OPENSSL_sk_compfunc comp; }; -#undef MIN_NODES -#define MIN_NODES 4 - -#include - OPENSSL_sk_compfunc OPENSSL_sk_set_cmp_func(OPENSSL_STACK *sk, OPENSSL_sk_compfunc c) { OPENSSL_sk_compfunc old = sk->comp; @@ -41,18 +46,24 @@ OPENSSL_STACK *OPENSSL_sk_dup(const OPENSSL_STACK *sk) { OPENSSL_STACK *ret; - if (sk->num < 0) - return NULL; - - if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) + if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) { + CRYPTOerr(CRYPTO_F_OPENSSL_SK_DUP, ERR_R_MALLOC_FAILURE); return NULL; + } /* direct structure assignment */ *ret = *sk; + if (sk->num == 0) { + /* postpone |ret->data| allocation */ + ret->data = NULL; + ret->num_alloc = 0; + return ret; + } + /* duplicate |sk->data| content */ if ((ret->data = OPENSSL_malloc(sizeof(*ret->data) * sk->num_alloc)) == NULL) goto err; - memcpy(ret->data, sk->data, sizeof(char *) * sk->num); + memcpy(ret->data, sk->data, sizeof(void *) * sk->num); return ret; err: OPENSSL_sk_free(ret); @@ -66,16 +77,22 @@ OPENSSL_STACK *OPENSSL_sk_deep_copy(const OPENSSL_STACK *sk, OPENSSL_STACK *ret; int i; - if (sk->num < 0) - return NULL; - - if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) + if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) { + CRYPTOerr(CRYPTO_F_OPENSSL_SK_DEEP_COPY, ERR_R_MALLOC_FAILURE); return NULL; + } /* direct structure assignment */ *ret = *sk; - ret->num_alloc = sk->num > MIN_NODES ? (size_t)sk->num : MIN_NODES; + if (sk->num == 0) { + /* postpone |ret| data allocation */ + ret->data = NULL; + ret->num_alloc = 0; + return ret; + } + + ret->num_alloc = sk->num > min_nodes ? sk->num : min_nodes; ret->data = OPENSSL_zalloc(sizeof(*ret->data) * ret->num_alloc); if (ret->data == NULL) { OPENSSL_free(ret); @@ -98,52 +115,133 @@ OPENSSL_STACK *OPENSSL_sk_deep_copy(const OPENSSL_STACK *sk, OPENSSL_STACK *OPENSSL_sk_new_null(void) { - return OPENSSL_sk_new((OPENSSL_sk_compfunc)NULL); + return OPENSSL_sk_new_reserve(NULL, 0); } OPENSSL_STACK *OPENSSL_sk_new(OPENSSL_sk_compfunc c) { - OPENSSL_STACK *ret; + return OPENSSL_sk_new_reserve(c, 0); +} - if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) - goto err; - if ((ret->data = OPENSSL_zalloc(sizeof(*ret->data) * MIN_NODES)) == NULL) - goto err; - ret->comp = c; - ret->num_alloc = MIN_NODES; - return (ret); +/* + * Calculate the array growth based on the target size. + * + * The growth fraction is a rational number and is defined by a numerator + * and a denominator. According to Andrew Koenig in his paper "Why Are + * Vectors Efficient?" from JOOP 11(5) 1998, this factor should be less + * than the golden ratio (1.618...). + * + * We use 3/2 = 1.5 for simplicity of calculation and overflow checking. + * Another option 8/5 = 1.6 allows for slightly faster growth, although safe + * computation is more difficult. + * + * The limit to avoid overflow is spot on. The modulo three correction term + * ensures that the limit is the largest number than can be expanded by the + * growth factor without exceeding the hard limit. + * + * Do not call it with |current| lower than 2, or it will infinitely loop. + */ +static ossl_inline int compute_growth(int target, int current) +{ + const int limit = (max_nodes / 3) * 2 + (max_nodes % 3 ? 1 : 0); - err: - OPENSSL_free(ret); - return (NULL); + while (current < target) { + /* Check to see if we're at the hard limit */ + if (current >= max_nodes) + return 0; + + /* Expand the size by a factor of 3/2 if it is within range */ + current = current < limit ? current + current / 2 : max_nodes; + } + return current; } -int OPENSSL_sk_insert(OPENSSL_STACK *st, const void *data, int loc) +/* internal STACK storage allocation */ +static int sk_reserve(OPENSSL_STACK *st, int n, int exact) { - if (st == NULL || st->num < 0 || st->num == INT_MAX) { - return 0; - } + const void **tmpdata; + int num_alloc; - if (st->num_alloc <= (size_t)(st->num + 1)) { - size_t doub_num_alloc = st->num_alloc * 2; - const char **tmpdata; + /* Check to see the reservation isn't exceeding the hard limit */ + if (n > max_nodes - st->num) + return 0; - /* Overflow checks */ - if (doub_num_alloc < st->num_alloc) + /* Figure out the new size */ + num_alloc = st->num + n; + if (num_alloc < min_nodes) + num_alloc = min_nodes; + + /* If |st->data| allocation was postponed */ + if (st->data == NULL) { + /* + * At this point, |st->num_alloc| and |st->num| are 0; + * so |num_alloc| value is |n| or |min_nodes| if greater than |n|. + */ + if ((st->data = OPENSSL_zalloc(sizeof(void *) * num_alloc)) == NULL) { + CRYPTOerr(CRYPTO_F_SK_RESERVE, ERR_R_MALLOC_FAILURE); return 0; + } + st->num_alloc = num_alloc; + return 1; + } - /* Avoid overflow due to multiplication by sizeof(char *) */ - if (doub_num_alloc > SIZE_MAX / sizeof(char *)) + if (!exact) { + if (num_alloc <= st->num_alloc) + return 1; + num_alloc = compute_growth(num_alloc, st->num_alloc); + if (num_alloc == 0) return 0; + } else if (num_alloc == st->num_alloc) { + return 1; + } - tmpdata = OPENSSL_realloc((char *)st->data, - sizeof(char *) * doub_num_alloc); - if (tmpdata == NULL) - return 0; + tmpdata = OPENSSL_realloc((void *)st->data, sizeof(void *) * num_alloc); + if (tmpdata == NULL) + return 0; + + st->data = tmpdata; + st->num_alloc = num_alloc; + return 1; +} + +OPENSSL_STACK *OPENSSL_sk_new_reserve(OPENSSL_sk_compfunc c, int n) +{ + OPENSSL_STACK *st = OPENSSL_zalloc(sizeof(OPENSSL_STACK)); - st->data = tmpdata; - st->num_alloc = doub_num_alloc; + if (st == NULL) + return NULL; + + st->comp = c; + + if (n <= 0) + return st; + + if (!sk_reserve(st, n, 1)) { + OPENSSL_sk_free(st); + return NULL; } + + return st; +} + +int OPENSSL_sk_reserve(OPENSSL_STACK *st, int n) +{ + if (st == NULL) + return 0; + + if (n < 0) + return 1; + return sk_reserve(st, n, 1); +} + +int OPENSSL_sk_insert(OPENSSL_STACK *st, const void *data, int loc) +{ + if (st == NULL || st->num == max_nodes) + return 0; + + if (!sk_reserve(st, 1, 0)) + return 0; + if ((loc >= st->num) || (loc < 0)) { st->data[st->num] = data; } else { @@ -156,29 +254,34 @@ int OPENSSL_sk_insert(OPENSSL_STACK *st, const void *data, int loc) return st->num; } +static ossl_inline void *internal_delete(OPENSSL_STACK *st, int loc) +{ + const void *ret = st->data[loc]; + + if (loc != st->num - 1) + memmove(&st->data[loc], &st->data[loc + 1], + sizeof(st->data[0]) * (st->num - loc - 1)); + st->num--; + + return (void *)ret; +} + void *OPENSSL_sk_delete_ptr(OPENSSL_STACK *st, const void *p) { int i; for (i = 0; i < st->num; i++) if (st->data[i] == p) - return OPENSSL_sk_delete(st, i); + return internal_delete(st, i); return NULL; } void *OPENSSL_sk_delete(OPENSSL_STACK *st, int loc) { - const char *ret; - if (st == NULL || loc < 0 || loc >= st->num) return NULL; - ret = st->data[loc]; - if (loc != st->num - 1) - memmove(&st->data[loc], &st->data[loc + 1], - sizeof(st->data[0]) * (st->num - loc - 1)); - st->num--; - return (void *)ret; + return internal_delete(st, loc); } static int internal_find(OPENSSL_STACK *st, const void *data, @@ -187,23 +290,27 @@ static int internal_find(OPENSSL_STACK *st, const void *data, const void *r; int i; - if (st == NULL) + if (st == NULL || st->num == 0) return -1; if (st->comp == NULL) { for (i = 0; i < st->num; i++) if (st->data[i] == data) - return (i); - return (-1); + return i; + return -1; + } + + if (!st->sorted) { + if (st->num > 1) + qsort(st->data, st->num, sizeof(void *), st->comp); + st->sorted = 1; /* empty or single-element stack is considered sorted */ } - OPENSSL_sk_sort(st); if (data == NULL) - return (-1); + return -1; r = OBJ_bsearch_ex_(&data, st->data, st->num, sizeof(void *), st->comp, ret_val_options); - if (r == NULL) - return (-1); - return (int)((const char **)r - st->data); + + return r == NULL ? -1 : (int)((const void **)r - st->data); } int OPENSSL_sk_find(OPENSSL_STACK *st, const void *data) @@ -218,37 +325,33 @@ int OPENSSL_sk_find_ex(OPENSSL_STACK *st, const void *data) int OPENSSL_sk_push(OPENSSL_STACK *st, const void *data) { - return (OPENSSL_sk_insert(st, data, st->num)); + if (st == NULL) + return -1; + return OPENSSL_sk_insert(st, data, st->num); } int OPENSSL_sk_unshift(OPENSSL_STACK *st, const void *data) { - return (OPENSSL_sk_insert(st, data, 0)); + return OPENSSL_sk_insert(st, data, 0); } void *OPENSSL_sk_shift(OPENSSL_STACK *st) { - if (st == NULL) - return (NULL); - if (st->num <= 0) - return (NULL); - return (OPENSSL_sk_delete(st, 0)); + if (st == NULL || st->num == 0) + return NULL; + return internal_delete(st, 0); } void *OPENSSL_sk_pop(OPENSSL_STACK *st) { - if (st == NULL) - return (NULL); - if (st->num <= 0) - return (NULL); - return (OPENSSL_sk_delete(st, st->num - 1)); + if (st == NULL || st->num == 0) + return NULL; + return internal_delete(st, st->num - 1); } void OPENSSL_sk_zero(OPENSSL_STACK *st) { - if (st == NULL) - return; - if (st->num <= 0) + if (st == NULL || st->num == 0) return; memset(st->data, 0, sizeof(*st->data) * st->num); st->num = 0; @@ -276,9 +379,7 @@ void OPENSSL_sk_free(OPENSSL_STACK *st) int OPENSSL_sk_num(const OPENSSL_STACK *st) { - if (st == NULL) - return -1; - return st->num; + return st == NULL ? -1 : st->num; } void *OPENSSL_sk_value(const OPENSSL_STACK *st, int i) @@ -293,20 +394,20 @@ void *OPENSSL_sk_set(OPENSSL_STACK *st, int i, const void *data) if (st == NULL || i < 0 || i >= st->num) return NULL; st->data[i] = data; + st->sorted = 0; return (void *)st->data[i]; } void OPENSSL_sk_sort(OPENSSL_STACK *st) { - if (st && !st->sorted && st->comp != NULL) { - qsort(st->data, st->num, sizeof(char *), st->comp); - st->sorted = 1; + if (st != NULL && !st->sorted && st->comp != NULL) { + if (st->num > 1) + qsort(st->data, st->num, sizeof(void *), st->comp); + st->sorted = 1; /* empty or single-element stack is considered sorted */ } } int OPENSSL_sk_is_sorted(const OPENSSL_STACK *st) { - if (st == NULL) - return 1; - return st->sorted; + return st == NULL ? 1 : st->sorted; } diff --git a/deps/openssl/openssl/crypto/store/build.info b/deps/openssl/openssl/crypto/store/build.info new file mode 100644 index 00000000000000..7d882f313ea50e --- /dev/null +++ b/deps/openssl/openssl/crypto/store/build.info @@ -0,0 +1,4 @@ +LIBS=../../libcrypto +SOURCE[../../libcrypto]=\ + store_err.c store_init.c store_lib.c store_register.c store_strings.c \ + loader_file.c diff --git a/deps/openssl/openssl/crypto/store/loader_file.c b/deps/openssl/openssl/crypto/store/loader_file.c new file mode 100644 index 00000000000000..632e4511f7e790 --- /dev/null +++ b/deps/openssl/openssl/crypto/store/loader_file.c @@ -0,0 +1,1440 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "e_os.h" +#include +#include +#include +#include + +#include +#include /* For d2i_DSAPrivateKey */ +#include +#include +#include +#include /* For the PKCS8 stuff o.O */ +#include /* For d2i_RSAPrivateKey */ +#include +#include +#include +#include /* For the PKCS8 stuff o.O */ +#include "internal/asn1_int.h" +#include "internal/ctype.h" +#include "internal/o_dir.h" +#include "internal/cryptlib.h" +#include "internal/store_int.h" +#include "store_locl.h" + +#ifdef _WIN32 +# define stat _stat +#endif + +#ifndef S_ISDIR +# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR) +#endif + +/*- + * Password prompting + * ------------------ + */ + +static char *file_get_pass(const UI_METHOD *ui_method, char *pass, + size_t maxsize, const char *prompt_info, void *data) +{ + UI *ui = UI_new(); + char *prompt = NULL; + + if (ui == NULL) { + OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_MALLOC_FAILURE); + return NULL; + } + + if (ui_method != NULL) + UI_set_method(ui, ui_method); + UI_add_user_data(ui, data); + + if ((prompt = UI_construct_prompt(ui, "pass phrase", + prompt_info)) == NULL) { + OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_MALLOC_FAILURE); + pass = NULL; + } else if (!UI_add_input_string(ui, prompt, UI_INPUT_FLAG_DEFAULT_PWD, + pass, 0, maxsize - 1)) { + OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_UI_LIB); + pass = NULL; + } else { + switch (UI_process(ui)) { + case -2: + OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, + OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED); + pass = NULL; + break; + case -1: + OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_UI_LIB); + pass = NULL; + break; + default: + break; + } + } + + OPENSSL_free(prompt); + UI_free(ui); + return pass; +} + +struct pem_pass_data { + const UI_METHOD *ui_method; + void *data; + const char *prompt_info; +}; + +static int file_fill_pem_pass_data(struct pem_pass_data *pass_data, + const char *prompt_info, + const UI_METHOD *ui_method, void *ui_data) +{ + if (pass_data == NULL) + return 0; + pass_data->ui_method = ui_method; + pass_data->data = ui_data; + pass_data->prompt_info = prompt_info; + return 1; +} + +/* This is used anywhere a pem_password_cb is needed */ +static int file_get_pem_pass(char *buf, int num, int w, void *data) +{ + struct pem_pass_data *pass_data = data; + char *pass = file_get_pass(pass_data->ui_method, buf, num, + pass_data->prompt_info, pass_data->data); + + return pass == NULL ? 0 : strlen(pass); +} + +/*- + * The file scheme decoders + * ------------------------ + * + * Each possible data type has its own decoder, which either operates + * through a given PEM name, or attempts to decode to see if the blob + * it's given is decodable for its data type. The assumption is that + * only the correct data type will match the content. + */ + +/*- + * The try_decode function is called to check if the blob of data can + * be used by this handler, and if it can, decodes it into a supported + * OpenSSL type and returns a OSSL_STORE_INFO with the decoded data. + * Input: + * pem_name: If this blob comes from a PEM file, this holds + * the PEM name. If it comes from another type of + * file, this is NULL. + * pem_header: If this blob comes from a PEM file, this holds + * the PEM headers. If it comes from another type of + * file, this is NULL. + * blob: The blob of data to match with what this handler + * can use. + * len: The length of the blob. + * handler_ctx: For a handler marked repeatable, this pointer can + * be used to create a context for the handler. IT IS + * THE HANDLER'S RESPONSIBILITY TO CREATE AND DESTROY + * THIS CONTEXT APPROPRIATELY, i.e. create on first call + * and destroy when about to return NULL. + * matchcount: A pointer to an int to count matches for this data. + * Usually becomes 0 (no match) or 1 (match!), but may + * be higher in the (unlikely) event that the data matches + * more than one possibility. The int will always be + * zero when the function is called. + * ui_method: Application UI method for getting a password, pin + * or any other interactive data. + * ui_data: Application data to be passed to ui_method when + * it's called. + * Output: + * a OSSL_STORE_INFO + */ +typedef OSSL_STORE_INFO *(*file_try_decode_fn)(const char *pem_name, + const char *pem_header, + const unsigned char *blob, + size_t len, void **handler_ctx, + int *matchcount, + const UI_METHOD *ui_method, + void *ui_data); +/* + * The eof function should return 1 if there's no more data to be found + * with the handler_ctx, otherwise 0. This is only used when the handler is + * marked repeatable. + */ +typedef int (*file_eof_fn)(void *handler_ctx); +/* + * The destroy_ctx function is used to destroy the handler_ctx that was + * intiated by a repeatable try_decode fuction. This is only used when + * the handler is marked repeatable. + */ +typedef void (*file_destroy_ctx_fn)(void **handler_ctx); + +typedef struct file_handler_st { + const char *name; + file_try_decode_fn try_decode; + file_eof_fn eof; + file_destroy_ctx_fn destroy_ctx; + + /* flags */ + int repeatable; +} FILE_HANDLER; + +/* + * PKCS#12 decoder. It operates by decoding all of the blob content, + * extracting all the interesting data from it and storing them internally, + * then serving them one piece at a time. + */ +static OSSL_STORE_INFO *try_decode_PKCS12(const char *pem_name, + const char *pem_header, + const unsigned char *blob, + size_t len, void **pctx, + int *matchcount, + const UI_METHOD *ui_method, + void *ui_data) +{ + OSSL_STORE_INFO *store_info = NULL; + STACK_OF(OSSL_STORE_INFO) *ctx = *pctx; + + if (ctx == NULL) { + /* Initial parsing */ + PKCS12 *p12; + int ok = 0; + + if (pem_name != NULL) + /* No match, there is no PEM PKCS12 tag */ + return NULL; + + if ((p12 = d2i_PKCS12(NULL, &blob, len)) != NULL) { + char *pass = NULL; + char tpass[PEM_BUFSIZE]; + EVP_PKEY *pkey = NULL; + X509 *cert = NULL; + STACK_OF(X509) *chain = NULL; + + *matchcount = 1; + + if (PKCS12_verify_mac(p12, "", 0) + || PKCS12_verify_mac(p12, NULL, 0)) { + pass = ""; + } else { + if ((pass = file_get_pass(ui_method, tpass, PEM_BUFSIZE, + "PKCS12 import password", + ui_data)) == NULL) { + OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS12, + OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR); + goto p12_end; + } + if (!PKCS12_verify_mac(p12, pass, strlen(pass))) { + OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS12, + OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC); + goto p12_end; + } + } + + if (PKCS12_parse(p12, pass, &pkey, &cert, &chain)) { + OSSL_STORE_INFO *osi_pkey = NULL; + OSSL_STORE_INFO *osi_cert = NULL; + OSSL_STORE_INFO *osi_ca = NULL; + + if ((ctx = sk_OSSL_STORE_INFO_new_null()) != NULL + && (osi_pkey = OSSL_STORE_INFO_new_PKEY(pkey)) != NULL + && sk_OSSL_STORE_INFO_push(ctx, osi_pkey) != 0 + && (osi_cert = OSSL_STORE_INFO_new_CERT(cert)) != NULL + && sk_OSSL_STORE_INFO_push(ctx, osi_cert) != 0) { + ok = 1; + osi_pkey = NULL; + osi_cert = NULL; + + while(sk_X509_num(chain) > 0) { + X509 *ca = sk_X509_value(chain, 0); + + if ((osi_ca = OSSL_STORE_INFO_new_CERT(ca)) == NULL + || sk_OSSL_STORE_INFO_push(ctx, osi_ca) == 0) { + ok = 0; + break; + } + osi_ca = NULL; + (void)sk_X509_shift(chain); + } + } + if (!ok) { + OSSL_STORE_INFO_free(osi_ca); + OSSL_STORE_INFO_free(osi_cert); + OSSL_STORE_INFO_free(osi_pkey); + sk_OSSL_STORE_INFO_pop_free(ctx, OSSL_STORE_INFO_free); + EVP_PKEY_free(pkey); + X509_free(cert); + sk_X509_pop_free(chain, X509_free); + ctx = NULL; + } + *pctx = ctx; + } + } + p12_end: + PKCS12_free(p12); + if (!ok) + return NULL; + } + + if (ctx != NULL) { + *matchcount = 1; + store_info = sk_OSSL_STORE_INFO_shift(ctx); + } + + return store_info; +} + +static int eof_PKCS12(void *ctx_) +{ + STACK_OF(OSSL_STORE_INFO) *ctx = ctx_; + + return ctx == NULL || sk_OSSL_STORE_INFO_num(ctx) == 0; +} + +static void destroy_ctx_PKCS12(void **pctx) +{ + STACK_OF(OSSL_STORE_INFO) *ctx = *pctx; + + sk_OSSL_STORE_INFO_pop_free(ctx, OSSL_STORE_INFO_free); + *pctx = NULL; +} + +static FILE_HANDLER PKCS12_handler = { + "PKCS12", + try_decode_PKCS12, + eof_PKCS12, + destroy_ctx_PKCS12, + 1 /* repeatable */ +}; + +/* + * Encrypted PKCS#8 decoder. It operates by just decrypting the given blob + * into a new blob, which is returned as an EMBEDDED STORE_INFO. The whole + * decoding process will then start over with the new blob. + */ +static OSSL_STORE_INFO *try_decode_PKCS8Encrypted(const char *pem_name, + const char *pem_header, + const unsigned char *blob, + size_t len, void **pctx, + int *matchcount, + const UI_METHOD *ui_method, + void *ui_data) +{ + X509_SIG *p8 = NULL; + char kbuf[PEM_BUFSIZE]; + char *pass = NULL; + const X509_ALGOR *dalg = NULL; + const ASN1_OCTET_STRING *doct = NULL; + OSSL_STORE_INFO *store_info = NULL; + BUF_MEM *mem = NULL; + unsigned char *new_data = NULL; + int new_data_len; + + if (pem_name != NULL) { + if (strcmp(pem_name, PEM_STRING_PKCS8) != 0) + return NULL; + *matchcount = 1; + } + + if ((p8 = d2i_X509_SIG(NULL, &blob, len)) == NULL) + return NULL; + + *matchcount = 1; + + if ((mem = BUF_MEM_new()) == NULL) { + OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED, + ERR_R_MALLOC_FAILURE); + goto nop8; + } + + if ((pass = file_get_pass(ui_method, kbuf, PEM_BUFSIZE, + "PKCS8 decrypt password", ui_data)) == NULL) { + OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED, + OSSL_STORE_R_BAD_PASSWORD_READ); + goto nop8; + } + + X509_SIG_get0(p8, &dalg, &doct); + if (!PKCS12_pbe_crypt(dalg, pass, strlen(pass), doct->data, doct->length, + &new_data, &new_data_len, 0)) + goto nop8; + + mem->data = (char *)new_data; + mem->max = mem->length = (size_t)new_data_len; + X509_SIG_free(p8); + + store_info = ossl_store_info_new_EMBEDDED(PEM_STRING_PKCS8INF, mem); + if (store_info == NULL) { + OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED, + ERR_R_MALLOC_FAILURE); + goto nop8; + } + + return store_info; + nop8: + X509_SIG_free(p8); + BUF_MEM_free(mem); + return NULL; +} + +static FILE_HANDLER PKCS8Encrypted_handler = { + "PKCS8Encrypted", + try_decode_PKCS8Encrypted +}; + +/* + * Private key decoder. Decodes all sorts of private keys, both PKCS#8 + * encoded ones and old style PEM ones (with the key type is encoded into + * the PEM name). + */ +int pem_check_suffix(const char *pem_str, const char *suffix); +static OSSL_STORE_INFO *try_decode_PrivateKey(const char *pem_name, + const char *pem_header, + const unsigned char *blob, + size_t len, void **pctx, + int *matchcount, + const UI_METHOD *ui_method, + void *ui_data) +{ + OSSL_STORE_INFO *store_info = NULL; + EVP_PKEY *pkey = NULL; + const EVP_PKEY_ASN1_METHOD *ameth = NULL; + + if (pem_name != NULL) { + if (strcmp(pem_name, PEM_STRING_PKCS8INF) == 0) { + PKCS8_PRIV_KEY_INFO *p8inf = + d2i_PKCS8_PRIV_KEY_INFO(NULL, &blob, len); + + *matchcount = 1; + if (p8inf != NULL) + pkey = EVP_PKCS82PKEY(p8inf); + PKCS8_PRIV_KEY_INFO_free(p8inf); + } else { + int slen; + + if ((slen = pem_check_suffix(pem_name, "PRIVATE KEY")) > 0 + && (ameth = EVP_PKEY_asn1_find_str(NULL, pem_name, + slen)) != NULL) { + *matchcount = 1; + pkey = d2i_PrivateKey(ameth->pkey_id, NULL, &blob, len); + } + } + } else { + int i; + + for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) { + EVP_PKEY *tmp_pkey = NULL; + const unsigned char *tmp_blob = blob; + + ameth = EVP_PKEY_asn1_get0(i); + if (ameth->pkey_flags & ASN1_PKEY_ALIAS) + continue; + + tmp_pkey = d2i_PrivateKey(ameth->pkey_id, NULL, &tmp_blob, len); + if (tmp_pkey != NULL) { + if (pkey != NULL) + EVP_PKEY_free(tmp_pkey); + else + pkey = tmp_pkey; + (*matchcount)++; + } + } + + if (*matchcount > 1) { + EVP_PKEY_free(pkey); + pkey = NULL; + } + } + if (pkey == NULL) + /* No match */ + return NULL; + + store_info = OSSL_STORE_INFO_new_PKEY(pkey); + if (store_info == NULL) + EVP_PKEY_free(pkey); + + return store_info; +} + +static FILE_HANDLER PrivateKey_handler = { + "PrivateKey", + try_decode_PrivateKey +}; + +/* + * Public key decoder. Only supports SubjectPublicKeyInfo formated keys. + */ +static OSSL_STORE_INFO *try_decode_PUBKEY(const char *pem_name, + const char *pem_header, + const unsigned char *blob, + size_t len, void **pctx, + int *matchcount, + const UI_METHOD *ui_method, + void *ui_data) +{ + OSSL_STORE_INFO *store_info = NULL; + EVP_PKEY *pkey = NULL; + + if (pem_name != NULL) { + if (strcmp(pem_name, PEM_STRING_PUBLIC) != 0) + /* No match */ + return NULL; + *matchcount = 1; + } + + if ((pkey = d2i_PUBKEY(NULL, &blob, len)) != NULL) { + *matchcount = 1; + store_info = OSSL_STORE_INFO_new_PKEY(pkey); + } + + return store_info; +} + +static FILE_HANDLER PUBKEY_handler = { + "PUBKEY", + try_decode_PUBKEY +}; + +/* + * Key parameter decoder. + */ +static OSSL_STORE_INFO *try_decode_params(const char *pem_name, + const char *pem_header, + const unsigned char *blob, + size_t len, void **pctx, + int *matchcount, + const UI_METHOD *ui_method, + void *ui_data) +{ + OSSL_STORE_INFO *store_info = NULL; + int slen = 0; + EVP_PKEY *pkey = NULL; + const EVP_PKEY_ASN1_METHOD *ameth = NULL; + int ok = 0; + + if (pem_name != NULL) { + if ((slen = pem_check_suffix(pem_name, "PARAMETERS")) == 0) + return NULL; + *matchcount = 1; + } + + if (slen > 0) { + if ((pkey = EVP_PKEY_new()) == NULL) { + OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PARAMS, ERR_R_EVP_LIB); + return NULL; + } + + + if (EVP_PKEY_set_type_str(pkey, pem_name, slen) + && (ameth = EVP_PKEY_get0_asn1(pkey)) != NULL + && ameth->param_decode != NULL + && ameth->param_decode(pkey, &blob, len)) + ok = 1; + } else { + int i; + EVP_PKEY *tmp_pkey = NULL; + + for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) { + const unsigned char *tmp_blob = blob; + + if (tmp_pkey == NULL && (tmp_pkey = EVP_PKEY_new()) == NULL) { + OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PARAMS, ERR_R_EVP_LIB); + break; + } + + ameth = EVP_PKEY_asn1_get0(i); + if (ameth->pkey_flags & ASN1_PKEY_ALIAS) + continue; + + if (EVP_PKEY_set_type(tmp_pkey, ameth->pkey_id) + && (ameth = EVP_PKEY_get0_asn1(tmp_pkey)) != NULL + && ameth->param_decode != NULL + && ameth->param_decode(tmp_pkey, &tmp_blob, len)) { + if (pkey != NULL) + EVP_PKEY_free(tmp_pkey); + else + pkey = tmp_pkey; + tmp_pkey = NULL; + (*matchcount)++; + } + } + + EVP_PKEY_free(tmp_pkey); + if (*matchcount == 1) { + ok = 1; + } + } + + if (ok) + store_info = OSSL_STORE_INFO_new_PARAMS(pkey); + if (store_info == NULL) + EVP_PKEY_free(pkey); + + return store_info; +} + +static FILE_HANDLER params_handler = { + "params", + try_decode_params +}; + +/* + * X.509 certificate decoder. + */ +static OSSL_STORE_INFO *try_decode_X509Certificate(const char *pem_name, + const char *pem_header, + const unsigned char *blob, + size_t len, void **pctx, + int *matchcount, + const UI_METHOD *ui_method, + void *ui_data) +{ + OSSL_STORE_INFO *store_info = NULL; + X509 *cert = NULL; + + /* + * In most cases, we can try to interpret the serialized data as a trusted + * cert (X509 + X509_AUX) and fall back to reading it as a normal cert + * (just X509), but if the PEM name specifically declares it as a trusted + * cert, then no fallback should be engaged. |ignore_trusted| tells if + * the fallback can be used (1) or not (0). + */ + int ignore_trusted = 1; + + if (pem_name != NULL) { + if (strcmp(pem_name, PEM_STRING_X509_TRUSTED) == 0) + ignore_trusted = 0; + else if (strcmp(pem_name, PEM_STRING_X509_OLD) != 0 + && strcmp(pem_name, PEM_STRING_X509) != 0) + /* No match */ + return NULL; + *matchcount = 1; + } + + if ((cert = d2i_X509_AUX(NULL, &blob, len)) != NULL + || (ignore_trusted && (cert = d2i_X509(NULL, &blob, len)) != NULL)) { + *matchcount = 1; + store_info = OSSL_STORE_INFO_new_CERT(cert); + } + + if (store_info == NULL) + X509_free(cert); + + return store_info; +} + +static FILE_HANDLER X509Certificate_handler = { + "X509Certificate", + try_decode_X509Certificate +}; + +/* + * X.509 CRL decoder. + */ +static OSSL_STORE_INFO *try_decode_X509CRL(const char *pem_name, + const char *pem_header, + const unsigned char *blob, + size_t len, void **pctx, + int *matchcount, + const UI_METHOD *ui_method, + void *ui_data) +{ + OSSL_STORE_INFO *store_info = NULL; + X509_CRL *crl = NULL; + + if (pem_name != NULL) { + if (strcmp(pem_name, PEM_STRING_X509_CRL) != 0) + /* No match */ + return NULL; + *matchcount = 1; + } + + if ((crl = d2i_X509_CRL(NULL, &blob, len)) != NULL) { + *matchcount = 1; + store_info = OSSL_STORE_INFO_new_CRL(crl); + } + + if (store_info == NULL) + X509_CRL_free(crl); + + return store_info; +} + +static FILE_HANDLER X509CRL_handler = { + "X509CRL", + try_decode_X509CRL +}; + +/* + * To finish it all off, we collect all the handlers. + */ +static const FILE_HANDLER *file_handlers[] = { + &PKCS12_handler, + &PKCS8Encrypted_handler, + &X509Certificate_handler, + &X509CRL_handler, + ¶ms_handler, + &PUBKEY_handler, + &PrivateKey_handler, +}; + + +/*- + * The loader itself + * ----------------- + */ + +struct ossl_store_loader_ctx_st { + enum { + is_raw = 0, + is_pem, + is_dir + } type; + int errcnt; +#define FILE_FLAG_SECMEM (1<<0) + unsigned int flags; + union { + struct { /* Used with is_raw and is_pem */ + BIO *file; + + /* + * The following are used when the handler is marked as + * repeatable + */ + const FILE_HANDLER *last_handler; + void *last_handler_ctx; + } file; + struct { /* Used with is_dir */ + OPENSSL_DIR_CTX *ctx; + int end_reached; + char *uri; + + /* + * When a search expression is given, these are filled in. + * |search_name| contains the file basename to look for. + * The string is exactly 8 characters long. + */ + char search_name[9]; + + /* + * The directory reading utility we have combines opening with + * reading the first name. To make sure we can detect the end + * at the right time, we read early and cache the name. + */ + const char *last_entry; + int last_errno; + } dir; + } _; + + /* Expected object type. May be unspecified */ + int expected_type; +}; + +static void OSSL_STORE_LOADER_CTX_free(OSSL_STORE_LOADER_CTX *ctx) +{ + if (ctx->type == is_dir) { + OPENSSL_free(ctx->_.dir.uri); + } else { + if (ctx->_.file.last_handler != NULL) { + ctx->_.file.last_handler->destroy_ctx(&ctx->_.file.last_handler_ctx); + ctx->_.file.last_handler_ctx = NULL; + ctx->_.file.last_handler = NULL; + } + } + OPENSSL_free(ctx); +} + +static OSSL_STORE_LOADER_CTX *file_open(const OSSL_STORE_LOADER *loader, + const char *uri, + const UI_METHOD *ui_method, + void *ui_data) +{ + OSSL_STORE_LOADER_CTX *ctx = NULL; + struct stat st; + struct { + const char *path; + unsigned int check_absolute:1; + } path_data[2]; + size_t path_data_n = 0, i; + const char *path; + + /* + * First step, just take the URI as is. + */ + path_data[path_data_n].check_absolute = 0; + path_data[path_data_n++].path = uri; + + /* + * Second step, if the URI appears to start with the 'file' scheme, + * extract the path and make that the second path to check. + * There's a special case if the URI also contains an authority, then + * the full URI shouldn't be used as a path anywhere. + */ + if (strncasecmp(uri, "file:", 5) == 0) { + const char *p = &uri[5]; + + if (strncmp(&uri[5], "//", 2) == 0) { + path_data_n--; /* Invalidate using the full URI */ + if (strncasecmp(&uri[7], "localhost/", 10) == 0) { + p = &uri[16]; + } else if (uri[7] == '/') { + p = &uri[7]; + } else { + OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN, + OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED); + return NULL; + } + } + + path_data[path_data_n].check_absolute = 1; +#ifdef _WIN32 + /* Windows file: URIs with a drive letter start with a / */ + if (p[0] == '/' && p[2] == ':' && p[3] == '/') { + char c = ossl_tolower(p[1]); + + if (c >= 'a' && c <= 'z') { + p++; + /* We know it's absolute, so no need to check */ + path_data[path_data_n].check_absolute = 0; + } + } +#endif + path_data[path_data_n++].path = p; + } + + + for (i = 0, path = NULL; path == NULL && i < path_data_n; i++) { + /* + * If the scheme "file" was an explicit part of the URI, the path must + * be absolute. So says RFC 8089 + */ + if (path_data[i].check_absolute && path_data[i].path[0] != '/') { + OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN, + OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE); + ERR_add_error_data(1, path_data[i].path); + return NULL; + } + + if (stat(path_data[i].path, &st) < 0) { + SYSerr(SYS_F_STAT, errno); + ERR_add_error_data(1, path_data[i].path); + } else { + path = path_data[i].path; + } + } + if (path == NULL) { + return NULL; + } + + /* Successfully found a working path, clear possible collected errors */ + ERR_clear_error(); + + ctx = OPENSSL_zalloc(sizeof(*ctx)); + if (ctx == NULL) { + OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN, ERR_R_MALLOC_FAILURE); + return NULL; + } + + if (S_ISDIR(st.st_mode)) { + /* + * Try to copy everything, even if we know that some of them must be + * NULL for the moment. This prevents errors in the future, when more + * components may be used. + */ + ctx->_.dir.uri = OPENSSL_strdup(uri); + ctx->type = is_dir; + + if (ctx->_.dir.uri == NULL) + goto err; + + ctx->_.dir.last_entry = OPENSSL_DIR_read(&ctx->_.dir.ctx, path); + ctx->_.dir.last_errno = errno; + if (ctx->_.dir.last_entry == NULL) { + if (ctx->_.dir.last_errno != 0) { + char errbuf[256]; + errno = ctx->_.dir.last_errno; + openssl_strerror_r(errno, errbuf, sizeof(errbuf)); + OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN, ERR_R_SYS_LIB); + ERR_add_error_data(1, errbuf); + goto err; + } + ctx->_.dir.end_reached = 1; + } + } else { + BIO *buff = NULL; + char peekbuf[4096] = { 0, }; + + if ((buff = BIO_new(BIO_f_buffer())) == NULL + || (ctx->_.file.file = BIO_new_file(path, "rb")) == NULL) { + BIO_free_all(buff); + goto err; + } + + ctx->_.file.file = BIO_push(buff, ctx->_.file.file); + if (BIO_buffer_peek(ctx->_.file.file, peekbuf, sizeof(peekbuf) - 1) > 0) { + peekbuf[sizeof(peekbuf) - 1] = '\0'; + if (strstr(peekbuf, "-----BEGIN ") != NULL) + ctx->type = is_pem; + } + } + + return ctx; + err: + OSSL_STORE_LOADER_CTX_free(ctx); + return NULL; +} + +static int file_ctrl(OSSL_STORE_LOADER_CTX *ctx, int cmd, va_list args) +{ + int ret = 1; + + switch (cmd) { + case OSSL_STORE_C_USE_SECMEM: + { + int on = *(va_arg(args, int *)); + + switch (on) { + case 0: + ctx->flags &= ~FILE_FLAG_SECMEM; + break; + case 1: + ctx->flags |= FILE_FLAG_SECMEM; + break; + default: + OSSL_STOREerr(OSSL_STORE_F_FILE_CTRL, + ERR_R_PASSED_INVALID_ARGUMENT); + ret = 0; + break; + } + } + break; + default: + break; + } + + return ret; +} + +static int file_expect(OSSL_STORE_LOADER_CTX *ctx, int expected) +{ + ctx->expected_type = expected; + return 1; +} + +static int file_find(OSSL_STORE_LOADER_CTX *ctx, OSSL_STORE_SEARCH *search) +{ + /* + * If ctx == NULL, the library is looking to know if this loader supports + * the given search type. + */ + + if (OSSL_STORE_SEARCH_get_type(search) == OSSL_STORE_SEARCH_BY_NAME) { + unsigned long hash = 0; + + if (ctx == NULL) + return 1; + + if (ctx->type != is_dir) { + OSSL_STOREerr(OSSL_STORE_F_FILE_FIND, + OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES); + return 0; + } + + hash = X509_NAME_hash(OSSL_STORE_SEARCH_get0_name(search)); + BIO_snprintf(ctx->_.dir.search_name, sizeof(ctx->_.dir.search_name), + "%08lx", hash); + return 1; + } + + if (ctx != NULL) + OSSL_STOREerr(OSSL_STORE_F_FILE_FIND, + OSSL_STORE_R_UNSUPPORTED_SEARCH_TYPE); + return 0; +} + +/* Internal function to decode an already opened PEM file */ +OSSL_STORE_LOADER_CTX *ossl_store_file_attach_pem_bio_int(BIO *bp) +{ + OSSL_STORE_LOADER_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); + + if (ctx == NULL) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT, + ERR_R_MALLOC_FAILURE); + return NULL; + } + + ctx->_.file.file = bp; + ctx->type = is_pem; + + return ctx; +} + +static OSSL_STORE_INFO *file_load_try_decode(OSSL_STORE_LOADER_CTX *ctx, + const char *pem_name, + const char *pem_header, + unsigned char *data, size_t len, + const UI_METHOD *ui_method, + void *ui_data, int *matchcount) +{ + OSSL_STORE_INFO *result = NULL; + BUF_MEM *new_mem = NULL; + char *new_pem_name = NULL; + int t = 0; + + again: + { + size_t i = 0; + void *handler_ctx = NULL; + const FILE_HANDLER **matching_handlers = + OPENSSL_zalloc(sizeof(*matching_handlers) + * OSSL_NELEM(file_handlers)); + + if (matching_handlers == NULL) { + OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD_TRY_DECODE, + ERR_R_MALLOC_FAILURE); + goto err; + } + + *matchcount = 0; + for (i = 0; i < OSSL_NELEM(file_handlers); i++) { + const FILE_HANDLER *handler = file_handlers[i]; + int try_matchcount = 0; + void *tmp_handler_ctx = NULL; + OSSL_STORE_INFO *tmp_result = + handler->try_decode(pem_name, pem_header, data, len, + &tmp_handler_ctx, &try_matchcount, + ui_method, ui_data); + + if (try_matchcount > 0) { + + matching_handlers[*matchcount] = handler; + + if (handler_ctx) + handler->destroy_ctx(&handler_ctx); + handler_ctx = tmp_handler_ctx; + + if ((*matchcount += try_matchcount) > 1) { + /* more than one match => ambiguous, kill any result */ + OSSL_STORE_INFO_free(result); + OSSL_STORE_INFO_free(tmp_result); + if (handler->destroy_ctx != NULL) + handler->destroy_ctx(&handler_ctx); + handler_ctx = NULL; + tmp_result = NULL; + result = NULL; + } + if (result == NULL) + result = tmp_result; + } + } + + if (*matchcount == 1 && matching_handlers[0]->repeatable) { + ctx->_.file.last_handler = matching_handlers[0]; + ctx->_.file.last_handler_ctx = handler_ctx; + } + + OPENSSL_free(matching_handlers); + } + + err: + OPENSSL_free(new_pem_name); + BUF_MEM_free(new_mem); + + if (result != NULL + && (t = OSSL_STORE_INFO_get_type(result)) == OSSL_STORE_INFO_EMBEDDED) { + pem_name = new_pem_name = + ossl_store_info_get0_EMBEDDED_pem_name(result); + new_mem = ossl_store_info_get0_EMBEDDED_buffer(result); + data = (unsigned char *)new_mem->data; + len = new_mem->length; + OPENSSL_free(result); + result = NULL; + goto again; + } + + if (result != NULL) + ERR_clear_error(); + + return result; +} + +static OSSL_STORE_INFO *file_load_try_repeat(OSSL_STORE_LOADER_CTX *ctx, + const UI_METHOD *ui_method, + void *ui_data) +{ + OSSL_STORE_INFO *result = NULL; + int try_matchcount = 0; + + if (ctx->_.file.last_handler != NULL) { + result = + ctx->_.file.last_handler->try_decode(NULL, NULL, NULL, 0, + &ctx->_.file.last_handler_ctx, + &try_matchcount, + ui_method, ui_data); + + if (result == NULL) { + ctx->_.file.last_handler->destroy_ctx(&ctx->_.file.last_handler_ctx); + ctx->_.file.last_handler_ctx = NULL; + ctx->_.file.last_handler = NULL; + } + } + return result; +} + +static void pem_free_flag(void *pem_data, int secure, size_t num) +{ + if (secure) + OPENSSL_secure_clear_free(pem_data, num); + else + OPENSSL_free(pem_data); +} +static int file_read_pem(BIO *bp, char **pem_name, char **pem_header, + unsigned char **data, long *len, + const UI_METHOD *ui_method, + void *ui_data, int secure) +{ + int i = secure + ? PEM_read_bio_ex(bp, pem_name, pem_header, data, len, + PEM_FLAG_SECURE | PEM_FLAG_EAY_COMPATIBLE) + : PEM_read_bio(bp, pem_name, pem_header, data, len); + + if (i <= 0) + return 0; + + /* + * 10 is the number of characters in "Proc-Type:", which + * PEM_get_EVP_CIPHER_INFO() requires to be present. + * If the PEM header has less characters than that, it's + * not worth spending cycles on it. + */ + if (strlen(*pem_header) > 10) { + EVP_CIPHER_INFO cipher; + struct pem_pass_data pass_data; + + if (!PEM_get_EVP_CIPHER_INFO(*pem_header, &cipher) + || !file_fill_pem_pass_data(&pass_data, "PEM", ui_method, ui_data) + || !PEM_do_header(&cipher, *data, len, file_get_pem_pass, + &pass_data)) { + return 0; + } + } + return 1; +} + +static int file_read_asn1(BIO *bp, unsigned char **data, long *len) +{ + BUF_MEM *mem = NULL; + + if (asn1_d2i_read_bio(bp, &mem) < 0) + return 0; + + *data = (unsigned char *)mem->data; + *len = (long)mem->length; + OPENSSL_free(mem); + + return 1; +} + +static int ends_with_dirsep(const char *uri) +{ + if (*uri != '\0') + uri += strlen(uri) - 1; +#if defined __VMS + if (*uri == ']' || *uri == '>' || *uri == ':') + return 1; +#elif defined _WIN32 + if (*uri == '\\') + return 1; +#endif + return *uri == '/'; +} + +static int file_name_to_uri(OSSL_STORE_LOADER_CTX *ctx, const char *name, + char **data) +{ + assert(name != NULL); + assert(data != NULL); + { + const char *pathsep = ends_with_dirsep(ctx->_.dir.uri) ? "" : "/"; + long calculated_length = strlen(ctx->_.dir.uri) + strlen(pathsep) + + strlen(name) + 1 /* \0 */; + + *data = OPENSSL_zalloc(calculated_length); + if (*data == NULL) { + OSSL_STOREerr(OSSL_STORE_F_FILE_NAME_TO_URI, ERR_R_MALLOC_FAILURE); + return 0; + } + + OPENSSL_strlcat(*data, ctx->_.dir.uri, calculated_length); + OPENSSL_strlcat(*data, pathsep, calculated_length); + OPENSSL_strlcat(*data, name, calculated_length); + } + return 1; +} + +static int file_name_check(OSSL_STORE_LOADER_CTX *ctx, const char *name) +{ + const char *p = NULL; + + /* If there are no search criteria, all names are accepted */ + if (ctx->_.dir.search_name[0] == '\0') + return 1; + + /* If the expected type isn't supported, no name is accepted */ + if (ctx->expected_type != 0 + && ctx->expected_type != OSSL_STORE_INFO_CERT + && ctx->expected_type != OSSL_STORE_INFO_CRL) + return 0; + + /* + * First, check the basename + */ + if (strncasecmp(name, ctx->_.dir.search_name, + sizeof(ctx->_.dir.search_name) - 1) != 0 + || name[sizeof(ctx->_.dir.search_name) - 1] != '.') + return 0; + p = &name[sizeof(ctx->_.dir.search_name)]; + + /* + * Then, if the expected type is a CRL, check that the extension starts + * with 'r' + */ + if (*p == 'r') { + p++; + if (ctx->expected_type != 0 + && ctx->expected_type != OSSL_STORE_INFO_CRL) + return 0; + } else if (ctx->expected_type == OSSL_STORE_INFO_CRL) { + return 0; + } + + /* + * Last, check that the rest of the extension is a decimal number, at + * least one digit long. + */ + if (!ossl_isdigit(*p)) + return 0; + while (ossl_isdigit(*p)) + p++; + +# ifdef __VMS + /* + * One extra step here, check for a possible generation number. + */ + if (*p == ';') + for (p++; *p != '\0'; p++) + if (!ossl_isdigit(*p)) + break; +# endif + + /* + * If we've reached the end of the string at this point, we've successfully + * found a fitting file name. + */ + return *p == '\0'; +} + +static int file_eof(OSSL_STORE_LOADER_CTX *ctx); +static int file_error(OSSL_STORE_LOADER_CTX *ctx); +static OSSL_STORE_INFO *file_load(OSSL_STORE_LOADER_CTX *ctx, + const UI_METHOD *ui_method, void *ui_data) +{ + OSSL_STORE_INFO *result = NULL; + + ctx->errcnt = 0; + ERR_clear_error(); + + if (ctx->type == is_dir) { + do { + char *newname = NULL; + + if (ctx->_.dir.last_entry == NULL) { + if (!ctx->_.dir.end_reached) { + char errbuf[256]; + assert(ctx->_.dir.last_errno != 0); + errno = ctx->_.dir.last_errno; + ctx->errcnt++; + openssl_strerror_r(errno, errbuf, sizeof(errbuf)); + OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD, ERR_R_SYS_LIB); + ERR_add_error_data(1, errbuf); + } + return NULL; + } + + if (ctx->_.dir.last_entry[0] != '.' + && file_name_check(ctx, ctx->_.dir.last_entry) + && !file_name_to_uri(ctx, ctx->_.dir.last_entry, &newname)) + return NULL; + + /* + * On the first call (with a NULL context), OPENSSL_DIR_read() + * cares about the second argument. On the following calls, it + * only cares that it isn't NULL. Therefore, we can safely give + * it our URI here. + */ + ctx->_.dir.last_entry = OPENSSL_DIR_read(&ctx->_.dir.ctx, + ctx->_.dir.uri); + ctx->_.dir.last_errno = errno; + if (ctx->_.dir.last_entry == NULL && ctx->_.dir.last_errno == 0) + ctx->_.dir.end_reached = 1; + + if (newname != NULL + && (result = OSSL_STORE_INFO_new_NAME(newname)) == NULL) { + OPENSSL_free(newname); + OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD, ERR_R_OSSL_STORE_LIB); + return NULL; + } + } while (result == NULL && !file_eof(ctx)); + } else { + int matchcount = -1; + + again: + result = file_load_try_repeat(ctx, ui_method, ui_data); + if (result != NULL) + return result; + + if (file_eof(ctx)) + return NULL; + + do { + char *pem_name = NULL; /* PEM record name */ + char *pem_header = NULL; /* PEM record header */ + unsigned char *data = NULL; /* DER encoded data */ + long len = 0; /* DER encoded data length */ + + matchcount = -1; + if (ctx->type == is_pem) { + if (!file_read_pem(ctx->_.file.file, &pem_name, &pem_header, + &data, &len, ui_method, ui_data, + (ctx->flags & FILE_FLAG_SECMEM) != 0)) { + ctx->errcnt++; + goto endloop; + } + } else { + if (!file_read_asn1(ctx->_.file.file, &data, &len)) { + ctx->errcnt++; + goto endloop; + } + } + + result = file_load_try_decode(ctx, pem_name, pem_header, data, len, + ui_method, ui_data, &matchcount); + + if (result != NULL) + goto endloop; + + /* + * If a PEM name matches more than one handler, the handlers are + * badly coded. + */ + if (!ossl_assert(pem_name == NULL || matchcount <= 1)) { + ctx->errcnt++; + goto endloop; + } + + if (matchcount > 1) { + OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD, + OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE); + } else if (matchcount == 1) { + /* + * If there are other errors on the stack, they already show + * what the problem is. + */ + if (ERR_peek_error() == 0) { + OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD, + OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE); + if (pem_name != NULL) + ERR_add_error_data(3, "PEM type is '", pem_name, "'"); + } + } + if (matchcount > 0) + ctx->errcnt++; + + endloop: + pem_free_flag(pem_name, (ctx->flags & FILE_FLAG_SECMEM) != 0, 0); + pem_free_flag(pem_header, (ctx->flags & FILE_FLAG_SECMEM) != 0, 0); + pem_free_flag(data, (ctx->flags & FILE_FLAG_SECMEM) != 0, len); + } while (matchcount == 0 && !file_eof(ctx) && !file_error(ctx)); + + /* We bail out on ambiguity */ + if (matchcount > 1) + return NULL; + + if (result != NULL + && ctx->expected_type != 0 + && ctx->expected_type != OSSL_STORE_INFO_get_type(result)) { + OSSL_STORE_INFO_free(result); + goto again; + } + } + + return result; +} + +static int file_error(OSSL_STORE_LOADER_CTX *ctx) +{ + return ctx->errcnt > 0; +} + +static int file_eof(OSSL_STORE_LOADER_CTX *ctx) +{ + if (ctx->type == is_dir) + return ctx->_.dir.end_reached; + + if (ctx->_.file.last_handler != NULL + && !ctx->_.file.last_handler->eof(ctx->_.file.last_handler_ctx)) + return 0; + return BIO_eof(ctx->_.file.file); +} + +static int file_close(OSSL_STORE_LOADER_CTX *ctx) +{ + if (ctx->type == is_dir) { + OPENSSL_DIR_end(&ctx->_.dir.ctx); + } else { + BIO_free_all(ctx->_.file.file); + } + OSSL_STORE_LOADER_CTX_free(ctx); + return 1; +} + +int ossl_store_file_detach_pem_bio_int(OSSL_STORE_LOADER_CTX *ctx) +{ + OSSL_STORE_LOADER_CTX_free(ctx); + return 1; +} + +static OSSL_STORE_LOADER file_loader = + { + "file", + NULL, + file_open, + file_ctrl, + file_expect, + file_find, + file_load, + file_eof, + file_error, + file_close + }; + +static void store_file_loader_deinit(void) +{ + ossl_store_unregister_loader_int(file_loader.scheme); +} + +int ossl_store_file_loader_init(void) +{ + int ret = ossl_store_register_loader_int(&file_loader); + + OPENSSL_atexit(store_file_loader_deinit); + return ret; +} diff --git a/deps/openssl/openssl/crypto/store/store_err.c b/deps/openssl/openssl/crypto/store/store_err.c new file mode 100644 index 00000000000000..5a8a8404dd9ba4 --- /dev/null +++ b/deps/openssl/openssl/crypto/store/store_err.c @@ -0,0 +1,146 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include + +#ifndef OPENSSL_NO_ERR + +static const ERR_STRING_DATA OSSL_STORE_str_functs[] = { + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_CTRL, 0), "file_ctrl"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_FIND, 0), "file_find"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_GET_PASS, 0), + "file_get_pass"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_LOAD, 0), "file_load"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_LOAD_TRY_DECODE, 0), + "file_load_try_decode"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_NAME_TO_URI, 0), + "file_name_to_uri"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_OPEN, 0), "file_open"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO, 0), + "ossl_store_attach_pem_bio"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_EXPECT, 0), + "OSSL_STORE_expect"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT, 0), + "ossl_store_file_attach_pem_bio_int"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_FIND, 0), + "OSSL_STORE_find"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT, 0), + "ossl_store_get0_loader_int"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT, 0), + "OSSL_STORE_INFO_get1_CERT"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL, 0), + "OSSL_STORE_INFO_get1_CRL"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME, 0), + "OSSL_STORE_INFO_get1_NAME"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION, 0), + "OSSL_STORE_INFO_get1_NAME_description"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_GET1_PARAMS, 0), + "OSSL_STORE_INFO_get1_PARAMS"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_GET1_PKEY, 0), + "OSSL_STORE_INFO_get1_PKEY"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_NEW_CERT, 0), + "OSSL_STORE_INFO_new_CERT"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_NEW_CRL, 0), + "OSSL_STORE_INFO_new_CRL"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED, 0), + "ossl_store_info_new_EMBEDDED"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_NEW_NAME, 0), + "OSSL_STORE_INFO_new_NAME"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_NEW_PARAMS, 0), + "OSSL_STORE_INFO_new_PARAMS"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_NEW_PKEY, 0), + "OSSL_STORE_INFO_new_PKEY"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_SET0_NAME_DESCRIPTION, 0), + "OSSL_STORE_INFO_set0_NAME_description"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INIT_ONCE, 0), + "ossl_store_init_once"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_LOADER_NEW, 0), + "OSSL_STORE_LOADER_new"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_OPEN, 0), + "OSSL_STORE_open"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_OPEN_INT, 0), ""}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT, 0), + "ossl_store_register_loader_int"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ALIAS, 0), + "OSSL_STORE_SEARCH_by_alias"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ISSUER_SERIAL, 0), + "OSSL_STORE_SEARCH_by_issuer_serial"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT, 0), + "OSSL_STORE_SEARCH_by_key_fingerprint"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_SEARCH_BY_NAME, 0), + "OSSL_STORE_SEARCH_by_name"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_UNREGISTER_LOADER_INT, 0), + "ossl_store_unregister_loader_int"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_TRY_DECODE_PARAMS, 0), + "try_decode_params"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_TRY_DECODE_PKCS12, 0), + "try_decode_PKCS12"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED, 0), + "try_decode_PKCS8Encrypted"}, + {0, NULL} +}; + +static const ERR_STRING_DATA OSSL_STORE_str_reasons[] = { + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE), + "ambiguous content type"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_BAD_PASSWORD_READ), + "bad password read"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC), + "error verifying pkcs12 mac"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST), + "fingerprint size does not match digest"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_INVALID_SCHEME), + "invalid scheme"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_IS_NOT_A), "is not a"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_LOADER_INCOMPLETE), + "loader incomplete"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_LOADING_STARTED), + "loading started"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_CERTIFICATE), + "not a certificate"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_CRL), "not a crl"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_KEY), "not a key"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_NAME), "not a name"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_PARAMETERS), + "not parameters"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR), + "passphrase callback error"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE), + "path must be absolute"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES), + "search only supported for directories"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED), + "ui process interrupted or cancelled"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UNREGISTERED_SCHEME), + "unregistered scheme"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE), + "unsupported content type"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UNSUPPORTED_OPERATION), + "unsupported operation"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UNSUPPORTED_SEARCH_TYPE), + "unsupported search type"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED), + "uri authority unsupported"}, + {0, NULL} +}; + +#endif + +int ERR_load_OSSL_STORE_strings(void) +{ +#ifndef OPENSSL_NO_ERR + if (ERR_func_error_string(OSSL_STORE_str_functs[0].error) == NULL) { + ERR_load_strings_const(OSSL_STORE_str_functs); + ERR_load_strings_const(OSSL_STORE_str_reasons); + } +#endif + return 1; +} diff --git a/deps/openssl/openssl/crypto/store/store_init.c b/deps/openssl/openssl/crypto/store/store_init.c new file mode 100644 index 00000000000000..b398bf598ff6d9 --- /dev/null +++ b/deps/openssl/openssl/crypto/store/store_init.c @@ -0,0 +1,33 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "internal/store.h" +#include "store_locl.h" + +static CRYPTO_ONCE store_init = CRYPTO_ONCE_STATIC_INIT; +DEFINE_RUN_ONCE_STATIC(do_store_init) +{ + return OPENSSL_init_crypto(0, NULL) + && ossl_store_file_loader_init(); +} + +int ossl_store_init_once(void) +{ + if (!RUN_ONCE(&store_init, do_store_init)) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INIT_ONCE, ERR_R_MALLOC_FAILURE); + return 0; + } + return 1; +} + +void ossl_store_cleanup_int(void) +{ + ossl_store_destroy_loaders_int(); +} diff --git a/deps/openssl/openssl/crypto/store/store_lib.c b/deps/openssl/openssl/crypto/store/store_lib.c new file mode 100644 index 00000000000000..1c43547666f1b7 --- /dev/null +++ b/deps/openssl/openssl/crypto/store/store_lib.c @@ -0,0 +1,681 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "e_os.h" +#include +#include +#include + +#include "e_os.h" + +#include +#include +#include +#include "internal/thread_once.h" +#include "internal/store_int.h" +#include "store_locl.h" + +struct ossl_store_ctx_st { + const OSSL_STORE_LOADER *loader; + OSSL_STORE_LOADER_CTX *loader_ctx; + const UI_METHOD *ui_method; + void *ui_data; + OSSL_STORE_post_process_info_fn post_process; + void *post_process_data; + int expected_type; + + /* 0 before the first STORE_load(), 1 otherwise */ + int loading; +}; + +OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method, + void *ui_data, + OSSL_STORE_post_process_info_fn post_process, + void *post_process_data) +{ + const OSSL_STORE_LOADER *loader = NULL; + OSSL_STORE_LOADER_CTX *loader_ctx = NULL; + OSSL_STORE_CTX *ctx = NULL; + char scheme_copy[256], *p, *schemes[2]; + size_t schemes_n = 0; + size_t i; + + /* + * Put the file scheme first. If the uri does represent an existing file, + * possible device name and all, then it should be loaded. Only a failed + * attempt at loading a local file should have us try something else. + */ + schemes[schemes_n++] = "file"; + + /* + * Now, check if we have something that looks like a scheme, and add it + * as a second scheme. However, also check if there's an authority start + * (://), because that will invalidate the previous file scheme. Also, + * check that this isn't actually the file scheme, as there's no point + * going through that one twice! + */ + OPENSSL_strlcpy(scheme_copy, uri, sizeof(scheme_copy)); + if ((p = strchr(scheme_copy, ':')) != NULL) { + *p++ = '\0'; + if (strcasecmp(scheme_copy, "file") != 0) { + if (strncmp(p, "//", 2) == 0) + schemes_n--; /* Invalidate the file scheme */ + schemes[schemes_n++] = scheme_copy; + } + } + + ERR_set_mark(); + + /* Try each scheme until we find one that could open the URI */ + for (i = 0; loader_ctx == NULL && i < schemes_n; i++) { + if ((loader = ossl_store_get0_loader_int(schemes[i])) != NULL) + loader_ctx = loader->open(loader, uri, ui_method, ui_data); + } + if (loader_ctx == NULL) + goto err; + + if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_OPEN, ERR_R_MALLOC_FAILURE); + goto err; + } + + ctx->loader = loader; + ctx->loader_ctx = loader_ctx; + ctx->ui_method = ui_method; + ctx->ui_data = ui_data; + ctx->post_process = post_process; + ctx->post_process_data = post_process_data; + + /* + * If the attempt to open with the 'file' scheme loader failed and the + * other scheme loader succeeded, the failure to open with the 'file' + * scheme loader leaves an error on the error stack. Let's remove it. + */ + ERR_pop_to_mark(); + + return ctx; + + err: + ERR_clear_last_mark(); + if (loader_ctx != NULL) { + /* + * We ignore a returned error because we will return NULL anyway in + * this case, so if something goes wrong when closing, that'll simply + * just add another entry on the error stack. + */ + (void)loader->close(loader_ctx); + } + return NULL; +} + +int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ...) +{ + va_list args; + int ret; + + va_start(args, cmd); + ret = OSSL_STORE_vctrl(ctx, cmd, args); + va_end(args); + + return ret; +} + +int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, va_list args) +{ + if (ctx->loader->ctrl != NULL) + return ctx->loader->ctrl(ctx->loader_ctx, cmd, args); + return 0; +} + +int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type) +{ + if (ctx->loading) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_EXPECT, + OSSL_STORE_R_LOADING_STARTED); + return 0; + } + + ctx->expected_type = expected_type; + if (ctx->loader->expect != NULL) + return ctx->loader->expect(ctx->loader_ctx, expected_type); + return 1; +} + +int OSSL_STORE_find(OSSL_STORE_CTX *ctx, OSSL_STORE_SEARCH *search) +{ + if (ctx->loading) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_FIND, + OSSL_STORE_R_LOADING_STARTED); + return 0; + } + if (ctx->loader->find == NULL) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_FIND, + OSSL_STORE_R_UNSUPPORTED_OPERATION); + return 0; + } + + return ctx->loader->find(ctx->loader_ctx, search); +} + +OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx) +{ + OSSL_STORE_INFO *v = NULL; + + ctx->loading = 1; + again: + if (OSSL_STORE_eof(ctx)) + return NULL; + + v = ctx->loader->load(ctx->loader_ctx, ctx->ui_method, ctx->ui_data); + + if (ctx->post_process != NULL && v != NULL) { + v = ctx->post_process(v, ctx->post_process_data); + + /* + * By returning NULL, the callback decides that this object should + * be ignored. + */ + if (v == NULL) + goto again; + } + + if (v != NULL && ctx->expected_type != 0) { + int returned_type = OSSL_STORE_INFO_get_type(v); + + if (returned_type != OSSL_STORE_INFO_NAME && returned_type != 0) { + /* + * Soft assert here so those who want to harsly weed out faulty + * loaders can do so using a debugging version of libcrypto. + */ + if (ctx->loader->expect != NULL) + assert(ctx->expected_type == returned_type); + + if (ctx->expected_type != returned_type) { + OSSL_STORE_INFO_free(v); + goto again; + } + } + } + + return v; +} + +int OSSL_STORE_error(OSSL_STORE_CTX *ctx) +{ + return ctx->loader->error(ctx->loader_ctx); +} + +int OSSL_STORE_eof(OSSL_STORE_CTX *ctx) +{ + return ctx->loader->eof(ctx->loader_ctx); +} + +int OSSL_STORE_close(OSSL_STORE_CTX *ctx) +{ + int loader_ret = ctx->loader->close(ctx->loader_ctx); + + OPENSSL_free(ctx); + return loader_ret; +} + +/* + * Functions to generate OSSL_STORE_INFOs, one function for each type we + * support having in them as well as a generic constructor. + * + * In all cases, ownership of the object is transfered to the OSSL_STORE_INFO + * and will therefore be freed when the OSSL_STORE_INFO is freed. + */ +static OSSL_STORE_INFO *store_info_new(int type, void *data) +{ + OSSL_STORE_INFO *info = OPENSSL_zalloc(sizeof(*info)); + + if (info == NULL) + return NULL; + + info->type = type; + info->_.data = data; + return info; +} + +OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name) +{ + OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_NAME, NULL); + + if (info == NULL) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_NAME, + ERR_R_MALLOC_FAILURE); + return NULL; + } + + info->_.name.name = name; + info->_.name.desc = NULL; + + return info; +} + +int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc) +{ + if (info->type != OSSL_STORE_INFO_NAME) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_SET0_NAME_DESCRIPTION, + ERR_R_PASSED_INVALID_ARGUMENT); + return 0; + } + + info->_.name.desc = desc; + + return 1; +} +OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params) +{ + OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_PARAMS, params); + + if (info == NULL) + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_PARAMS, + ERR_R_MALLOC_FAILURE); + return info; +} + +OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey) +{ + OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_PKEY, pkey); + + if (info == NULL) + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_PKEY, + ERR_R_MALLOC_FAILURE); + return info; +} + +OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509) +{ + OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_CERT, x509); + + if (info == NULL) + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_CERT, + ERR_R_MALLOC_FAILURE); + return info; +} + +OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl) +{ + OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_CRL, crl); + + if (info == NULL) + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_CRL, + ERR_R_MALLOC_FAILURE); + return info; +} + +/* + * Functions to try to extract data from a OSSL_STORE_INFO. + */ +int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *info) +{ + return info->type; +} + +const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *info) +{ + if (info->type == OSSL_STORE_INFO_NAME) + return info->_.name.name; + return NULL; +} + +char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *info) +{ + if (info->type == OSSL_STORE_INFO_NAME) { + char *ret = OPENSSL_strdup(info->_.name.name); + + if (ret == NULL) + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME, + ERR_R_MALLOC_FAILURE); + return ret; + } + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME, + OSSL_STORE_R_NOT_A_NAME); + return NULL; +} + +const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO *info) +{ + if (info->type == OSSL_STORE_INFO_NAME) + return info->_.name.desc; + return NULL; +} + +char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *info) +{ + if (info->type == OSSL_STORE_INFO_NAME) { + char *ret = OPENSSL_strdup(info->_.name.desc + ? info->_.name.desc : ""); + + if (ret == NULL) + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION, + ERR_R_MALLOC_FAILURE); + return ret; + } + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION, + OSSL_STORE_R_NOT_A_NAME); + return NULL; +} + +EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *info) +{ + if (info->type == OSSL_STORE_INFO_PARAMS) + return info->_.params; + return NULL; +} + +EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *info) +{ + if (info->type == OSSL_STORE_INFO_PARAMS) { + EVP_PKEY_up_ref(info->_.params); + return info->_.params; + } + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_PARAMS, + OSSL_STORE_R_NOT_PARAMETERS); + return NULL; +} + +EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *info) +{ + if (info->type == OSSL_STORE_INFO_PKEY) + return info->_.pkey; + return NULL; +} + +EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *info) +{ + if (info->type == OSSL_STORE_INFO_PKEY) { + EVP_PKEY_up_ref(info->_.pkey); + return info->_.pkey; + } + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_PKEY, + OSSL_STORE_R_NOT_A_KEY); + return NULL; +} + +X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *info) +{ + if (info->type == OSSL_STORE_INFO_CERT) + return info->_.x509; + return NULL; +} + +X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *info) +{ + if (info->type == OSSL_STORE_INFO_CERT) { + X509_up_ref(info->_.x509); + return info->_.x509; + } + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT, + OSSL_STORE_R_NOT_A_CERTIFICATE); + return NULL; +} + +X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *info) +{ + if (info->type == OSSL_STORE_INFO_CRL) + return info->_.crl; + return NULL; +} + +X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *info) +{ + if (info->type == OSSL_STORE_INFO_CRL) { + X509_CRL_up_ref(info->_.crl); + return info->_.crl; + } + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL, + OSSL_STORE_R_NOT_A_CRL); + return NULL; +} + +/* + * Free the OSSL_STORE_INFO + */ +void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info) +{ + if (info != NULL) { + switch (info->type) { + case OSSL_STORE_INFO_EMBEDDED: + BUF_MEM_free(info->_.embedded.blob); + OPENSSL_free(info->_.embedded.pem_name); + break; + case OSSL_STORE_INFO_NAME: + OPENSSL_free(info->_.name.name); + OPENSSL_free(info->_.name.desc); + break; + case OSSL_STORE_INFO_PARAMS: + EVP_PKEY_free(info->_.params); + break; + case OSSL_STORE_INFO_PKEY: + EVP_PKEY_free(info->_.pkey); + break; + case OSSL_STORE_INFO_CERT: + X509_free(info->_.x509); + break; + case OSSL_STORE_INFO_CRL: + X509_CRL_free(info->_.crl); + break; + } + OPENSSL_free(info); + } +} + +int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int search_type) +{ + OSSL_STORE_SEARCH tmp_search; + + if (ctx->loader->find == NULL) + return 0; + tmp_search.search_type = search_type; + return ctx->loader->find(NULL, &tmp_search); +} + +/* Search term constructors */ +OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name) +{ + OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search)); + + if (search == NULL) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_SEARCH_BY_NAME, + ERR_R_MALLOC_FAILURE); + return NULL; + } + + search->search_type = OSSL_STORE_SEARCH_BY_NAME; + search->name = name; + return search; +} + +OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name, + const ASN1_INTEGER *serial) +{ + OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search)); + + if (search == NULL) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ISSUER_SERIAL, + ERR_R_MALLOC_FAILURE); + return NULL; + } + + search->search_type = OSSL_STORE_SEARCH_BY_ISSUER_SERIAL; + search->name = name; + search->serial = serial; + return search; +} + +OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest, + const unsigned char + *bytes, size_t len) +{ + OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search)); + + if (search == NULL) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT, + ERR_R_MALLOC_FAILURE); + return NULL; + } + + if (digest != NULL && len != (size_t)EVP_MD_size(digest)) { + char buf1[20], buf2[20]; + + BIO_snprintf(buf1, sizeof(buf1), "%d", EVP_MD_size(digest)); + BIO_snprintf(buf2, sizeof(buf2), "%zu", len); + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT, + OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST); + ERR_add_error_data(5, EVP_MD_name(digest), " size is ", buf1, + ", fingerprint size is ", buf2); + } + + search->search_type = OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT; + search->digest = digest; + search->string = bytes; + search->stringlength = len; + return search; +} + +OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias) +{ + OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search)); + + if (search == NULL) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ALIAS, + ERR_R_MALLOC_FAILURE); + return NULL; + } + + search->search_type = OSSL_STORE_SEARCH_BY_ALIAS; + search->string = (const unsigned char *)alias; + search->stringlength = strlen(alias); + return search; +} + +/* Search term destructor */ +void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search) +{ + OPENSSL_free(search); +} + +/* Search term accessors */ +int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion) +{ + return criterion->search_type; +} + +X509_NAME *OSSL_STORE_SEARCH_get0_name(OSSL_STORE_SEARCH *criterion) +{ + return criterion->name; +} + +const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH + *criterion) +{ + return criterion->serial; +} + +const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH + *criterion, size_t *length) +{ + *length = criterion->stringlength; + return criterion->string; +} + +const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion) +{ + return (const char *)criterion->string; +} + +const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH *criterion) +{ + return criterion->digest; +} + +/* Internal functions */ +OSSL_STORE_INFO *ossl_store_info_new_EMBEDDED(const char *new_pem_name, + BUF_MEM *embedded) +{ + OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_EMBEDDED, NULL); + + if (info == NULL) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED, + ERR_R_MALLOC_FAILURE); + return NULL; + } + + info->_.embedded.blob = embedded; + info->_.embedded.pem_name = + new_pem_name == NULL ? NULL : OPENSSL_strdup(new_pem_name); + + if (new_pem_name != NULL && info->_.embedded.pem_name == NULL) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED, + ERR_R_MALLOC_FAILURE); + OSSL_STORE_INFO_free(info); + info = NULL; + } + + return info; +} + +BUF_MEM *ossl_store_info_get0_EMBEDDED_buffer(OSSL_STORE_INFO *info) +{ + if (info->type == OSSL_STORE_INFO_EMBEDDED) + return info->_.embedded.blob; + return NULL; +} + +char *ossl_store_info_get0_EMBEDDED_pem_name(OSSL_STORE_INFO *info) +{ + if (info->type == OSSL_STORE_INFO_EMBEDDED) + return info->_.embedded.pem_name; + return NULL; +} + +OSSL_STORE_CTX *ossl_store_attach_pem_bio(BIO *bp, const UI_METHOD *ui_method, + void *ui_data) +{ + OSSL_STORE_CTX *ctx = NULL; + const OSSL_STORE_LOADER *loader = NULL; + OSSL_STORE_LOADER_CTX *loader_ctx = NULL; + + if ((loader = ossl_store_get0_loader_int("file")) == NULL + || ((loader_ctx = ossl_store_file_attach_pem_bio_int(bp)) == NULL)) + goto done; + if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO, + ERR_R_MALLOC_FAILURE); + goto done; + } + + ctx->loader = loader; + ctx->loader_ctx = loader_ctx; + loader_ctx = NULL; + ctx->ui_method = ui_method; + ctx->ui_data = ui_data; + ctx->post_process = NULL; + ctx->post_process_data = NULL; + + done: + if (loader_ctx != NULL) + /* + * We ignore a returned error because we will return NULL anyway in + * this case, so if something goes wrong when closing, that'll simply + * just add another entry on the error stack. + */ + (void)loader->close(loader_ctx); + return ctx; +} + +int ossl_store_detach_pem_bio(OSSL_STORE_CTX *ctx) +{ + int loader_ret = ossl_store_file_detach_pem_bio_int(ctx->loader_ctx); + + OPENSSL_free(ctx); + return loader_ret; +} diff --git a/deps/openssl/openssl/crypto/store/store_locl.h b/deps/openssl/openssl/crypto/store/store_locl.h new file mode 100644 index 00000000000000..369dcb33f2d618 --- /dev/null +++ b/deps/openssl/openssl/crypto/store/store_locl.h @@ -0,0 +1,132 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "internal/thread_once.h" +#include +#include +#include +#include +#include +#include + +/*- + * OSSL_STORE_INFO stuff + * --------------------- + */ + +struct ossl_store_info_st { + int type; + union { + void *data; /* used internally as generic pointer */ + + struct { + BUF_MEM *blob; + char *pem_name; + } embedded; /* when type == OSSL_STORE_INFO_EMBEDDED */ + + struct { + char *name; + char *desc; + } name; /* when type == OSSL_STORE_INFO_NAME */ + + EVP_PKEY *params; /* when type == OSSL_STORE_INFO_PARAMS */ + EVP_PKEY *pkey; /* when type == OSSL_STORE_INFO_PKEY */ + X509 *x509; /* when type == OSSL_STORE_INFO_CERT */ + X509_CRL *crl; /* when type == OSSL_STORE_INFO_CRL */ + } _; +}; + +DEFINE_STACK_OF(OSSL_STORE_INFO) + +/* + * EMBEDDED is a special type of OSSL_STORE_INFO, specially for the file + * handlers. It should never reach a calling application or any engine. + * However, it can be used by a FILE_HANDLER's try_decode function to signal + * that it has decoded the incoming blob into a new blob, and that the + * attempted decoding should be immediately restarted with the new blob, using + * the new PEM name. + */ +/* + * Because this is an internal type, we don't make it public. + */ +#define OSSL_STORE_INFO_EMBEDDED -1 +OSSL_STORE_INFO *ossl_store_info_new_EMBEDDED(const char *new_pem_name, + BUF_MEM *embedded); +BUF_MEM *ossl_store_info_get0_EMBEDDED_buffer(OSSL_STORE_INFO *info); +char *ossl_store_info_get0_EMBEDDED_pem_name(OSSL_STORE_INFO *info); + +/*- + * OSSL_STORE_SEARCH stuff + * ----------------------- + */ + +struct ossl_store_search_st { + int search_type; + + /* + * Used by OSSL_STORE_SEARCH_BY_NAME and + * OSSL_STORE_SEARCH_BY_ISSUER_SERIAL + */ + X509_NAME *name; + + /* Used by OSSL_STORE_SEARCH_BY_ISSUER_SERIAL */ + const ASN1_INTEGER *serial; + + /* Used by OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT */ + const EVP_MD *digest; + + /* + * Used by OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT and + * OSSL_STORE_SEARCH_BY_ALIAS + */ + const unsigned char *string; + size_t stringlength; +}; + +/*- + * OSSL_STORE_LOADER stuff + * ----------------------- + */ + +int ossl_store_register_loader_int(OSSL_STORE_LOADER *loader); +OSSL_STORE_LOADER *ossl_store_unregister_loader_int(const char *scheme); + +/* loader stuff */ +struct ossl_store_loader_st { + const char *scheme; + ENGINE *engine; + OSSL_STORE_open_fn open; + OSSL_STORE_ctrl_fn ctrl; + OSSL_STORE_expect_fn expect; + OSSL_STORE_find_fn find; + OSSL_STORE_load_fn load; + OSSL_STORE_eof_fn eof; + OSSL_STORE_error_fn error; + OSSL_STORE_close_fn close; +}; +DEFINE_LHASH_OF(OSSL_STORE_LOADER); + +const OSSL_STORE_LOADER *ossl_store_get0_loader_int(const char *scheme); +void ossl_store_destroy_loaders_int(void); + +/*- + * OSSL_STORE init stuff + * --------------------- + */ + +int ossl_store_init_once(void); +int ossl_store_file_loader_init(void); + +/*- + * 'file' scheme stuff + * ------------------- + */ + +OSSL_STORE_LOADER_CTX *ossl_store_file_attach_pem_bio_int(BIO *bp); +int ossl_store_file_detach_pem_bio_int(OSSL_STORE_LOADER_CTX *ctx); diff --git a/deps/openssl/openssl/crypto/store/store_register.c b/deps/openssl/openssl/crypto/store/store_register.c new file mode 100644 index 00000000000000..e68cb3c5685376 --- /dev/null +++ b/deps/openssl/openssl/crypto/store/store_register.c @@ -0,0 +1,297 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "internal/ctype.h" +#include + +#include +#include +#include "store_locl.h" + +static CRYPTO_RWLOCK *registry_lock; +static CRYPTO_ONCE registry_init = CRYPTO_ONCE_STATIC_INIT; + +DEFINE_RUN_ONCE_STATIC(do_registry_init) +{ + registry_lock = CRYPTO_THREAD_lock_new(); + return registry_lock != NULL; +} + +/* + * Functions for manipulating OSSL_STORE_LOADERs + */ + +OSSL_STORE_LOADER *OSSL_STORE_LOADER_new(ENGINE *e, const char *scheme) +{ + OSSL_STORE_LOADER *res = NULL; + + /* + * We usually don't check NULL arguments. For loaders, though, the + * scheme is crucial and must never be NULL, or the user will get + * mysterious errors when trying to register the created loader + * later on. + */ + if (scheme == NULL) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_LOADER_NEW, + OSSL_STORE_R_INVALID_SCHEME); + return NULL; + } + + if ((res = OPENSSL_zalloc(sizeof(*res))) == NULL) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_LOADER_NEW, ERR_R_MALLOC_FAILURE); + return NULL; + } + + res->engine = e; + res->scheme = scheme; + return res; +} + +const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader) +{ + return loader->engine; +} + +const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader) +{ + return loader->scheme; +} + +int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *loader, + OSSL_STORE_open_fn open_function) +{ + loader->open = open_function; + return 1; +} + +int OSSL_STORE_LOADER_set_ctrl(OSSL_STORE_LOADER *loader, + OSSL_STORE_ctrl_fn ctrl_function) +{ + loader->ctrl = ctrl_function; + return 1; +} + +int OSSL_STORE_LOADER_set_expect(OSSL_STORE_LOADER *loader, + OSSL_STORE_expect_fn expect_function) +{ + loader->expect = expect_function; + return 1; +} + +int OSSL_STORE_LOADER_set_find(OSSL_STORE_LOADER *loader, + OSSL_STORE_find_fn find_function) +{ + loader->find = find_function; + return 1; +} + +int OSSL_STORE_LOADER_set_load(OSSL_STORE_LOADER *loader, + OSSL_STORE_load_fn load_function) +{ + loader->load = load_function; + return 1; +} + +int OSSL_STORE_LOADER_set_eof(OSSL_STORE_LOADER *loader, + OSSL_STORE_eof_fn eof_function) +{ + loader->eof = eof_function; + return 1; +} + +int OSSL_STORE_LOADER_set_error(OSSL_STORE_LOADER *loader, + OSSL_STORE_error_fn error_function) +{ + loader->error = error_function; + return 1; +} + +int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader, + OSSL_STORE_close_fn close_function) +{ + loader->close = close_function; + return 1; +} + +void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *loader) +{ + OPENSSL_free(loader); +} + +/* + * Functions for registering OSSL_STORE_LOADERs + */ + +static unsigned long store_loader_hash(const OSSL_STORE_LOADER *v) +{ + return OPENSSL_LH_strhash(v->scheme); +} + +static int store_loader_cmp(const OSSL_STORE_LOADER *a, + const OSSL_STORE_LOADER *b) +{ + assert(a->scheme != NULL && b->scheme != NULL); + return strcmp(a->scheme, b->scheme); +} + +static LHASH_OF(OSSL_STORE_LOADER) *loader_register = NULL; + +int ossl_store_register_loader_int(OSSL_STORE_LOADER *loader) +{ + const char *scheme = loader->scheme; + int ok = 0; + + /* + * Check that the given scheme conforms to correct scheme syntax as per + * RFC 3986: + * + * scheme = ALPHA *( ALPHA / DIGIT / "+" / "-" / "." ) + */ + if (ossl_isalpha(*scheme)) + while (*scheme != '\0' + && (ossl_isalpha(*scheme) + || ossl_isdigit(*scheme) + || strchr("+-.", *scheme) != NULL)) + scheme++; + if (*scheme != '\0') { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT, + OSSL_STORE_R_INVALID_SCHEME); + ERR_add_error_data(2, "scheme=", loader->scheme); + return 0; + } + + /* Check that functions we absolutely require are present */ + if (loader->open == NULL || loader->load == NULL || loader->eof == NULL + || loader->error == NULL || loader->close == NULL) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT, + OSSL_STORE_R_LOADER_INCOMPLETE); + return 0; + } + + if (!RUN_ONCE(®istry_init, do_registry_init)) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT, + ERR_R_MALLOC_FAILURE); + return 0; + } + CRYPTO_THREAD_write_lock(registry_lock); + + if (loader_register == NULL) { + loader_register = lh_OSSL_STORE_LOADER_new(store_loader_hash, + store_loader_cmp); + } + + if (loader_register != NULL + && (lh_OSSL_STORE_LOADER_insert(loader_register, loader) != NULL + || lh_OSSL_STORE_LOADER_error(loader_register) == 0)) + ok = 1; + + CRYPTO_THREAD_unlock(registry_lock); + + return ok; +} +int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader) +{ + if (!ossl_store_init_once()) + return 0; + return ossl_store_register_loader_int(loader); +} + +const OSSL_STORE_LOADER *ossl_store_get0_loader_int(const char *scheme) +{ + OSSL_STORE_LOADER template; + OSSL_STORE_LOADER *loader = NULL; + + template.scheme = scheme; + template.open = NULL; + template.load = NULL; + template.eof = NULL; + template.close = NULL; + + if (!ossl_store_init_once()) + return NULL; + + if (!RUN_ONCE(®istry_init, do_registry_init)) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT, + ERR_R_MALLOC_FAILURE); + return NULL; + } + CRYPTO_THREAD_write_lock(registry_lock); + + loader = lh_OSSL_STORE_LOADER_retrieve(loader_register, &template); + + if (loader == NULL) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT, + OSSL_STORE_R_UNREGISTERED_SCHEME); + ERR_add_error_data(2, "scheme=", scheme); + } + + CRYPTO_THREAD_unlock(registry_lock); + + return loader; +} + +OSSL_STORE_LOADER *ossl_store_unregister_loader_int(const char *scheme) +{ + OSSL_STORE_LOADER template; + OSSL_STORE_LOADER *loader = NULL; + + template.scheme = scheme; + template.open = NULL; + template.load = NULL; + template.eof = NULL; + template.close = NULL; + + if (!RUN_ONCE(®istry_init, do_registry_init)) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_UNREGISTER_LOADER_INT, + ERR_R_MALLOC_FAILURE); + return NULL; + } + CRYPTO_THREAD_write_lock(registry_lock); + + loader = lh_OSSL_STORE_LOADER_delete(loader_register, &template); + + if (loader == NULL) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_UNREGISTER_LOADER_INT, + OSSL_STORE_R_UNREGISTERED_SCHEME); + ERR_add_error_data(2, "scheme=", scheme); + } + + CRYPTO_THREAD_unlock(registry_lock); + + return loader; +} +OSSL_STORE_LOADER *OSSL_STORE_unregister_loader(const char *scheme) +{ + if (!ossl_store_init_once()) + return 0; + return ossl_store_unregister_loader_int(scheme); +} + +void ossl_store_destroy_loaders_int(void) +{ + assert(lh_OSSL_STORE_LOADER_num_items(loader_register) == 0); + lh_OSSL_STORE_LOADER_free(loader_register); + loader_register = NULL; + CRYPTO_THREAD_lock_free(registry_lock); + registry_lock = NULL; +} + +/* + * Functions to list OSSL_STORE loaders + */ + +IMPLEMENT_LHASH_DOALL_ARG_CONST(OSSL_STORE_LOADER, void); +int OSSL_STORE_do_all_loaders(void (*do_function) (const OSSL_STORE_LOADER + *loader, void *do_arg), + void *do_arg) +{ + lh_OSSL_STORE_LOADER_doall_void(loader_register, do_function, do_arg); + return 1; +} diff --git a/deps/openssl/openssl/crypto/store/store_strings.c b/deps/openssl/openssl/crypto/store/store_strings.c new file mode 100644 index 00000000000000..76cf3164837c81 --- /dev/null +++ b/deps/openssl/openssl/crypto/store/store_strings.c @@ -0,0 +1,28 @@ +/* + * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +static char *type_strings[] = { + "Name", /* OSSL_STORE_INFO_NAME */ + "Parameters", /* OSSL_STORE_INFO_PARAMS */ + "Pkey", /* OSSL_STORE_INFO_PKEY */ + "Certificate", /* OSSL_STORE_INFO_CERT */ + "CRL" /* OSSL_STORE_INFO_CRL */ +}; + +const char *OSSL_STORE_INFO_type_string(int type) +{ + int types = sizeof(type_strings) / sizeof(type_strings[0]); + + if (type < 1 || type > types) + return NULL; + + return type_strings[type - 1]; +} diff --git a/deps/openssl/openssl/crypto/threads_none.c b/deps/openssl/openssl/crypto/threads_none.c index 72bf25b0d5ff52..4b1940ae44dbd6 100644 --- a/deps/openssl/openssl/crypto/threads_none.c +++ b/deps/openssl/openssl/crypto/threads_none.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,14 +8,18 @@ */ #include +#include "internal/cryptlib.h" #if !defined(OPENSSL_THREADS) || defined(CRYPTO_TDEBUG) CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void) { - CRYPTO_RWLOCK *lock = OPENSSL_zalloc(sizeof(unsigned int)); - if (lock == NULL) + CRYPTO_RWLOCK *lock; + + if ((lock = OPENSSL_zalloc(sizeof(unsigned int))) == NULL) { + /* Don't set error, to avoid recursion blowup. */ return NULL; + } *(unsigned int *)lock = 1; @@ -24,19 +28,22 @@ CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void) int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock) { - OPENSSL_assert(*(unsigned int *)lock == 1); + if (!ossl_assert(*(unsigned int *)lock == 1)) + return 0; return 1; } int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock) { - OPENSSL_assert(*(unsigned int *)lock == 1); + if (!ossl_assert(*(unsigned int *)lock == 1)) + return 0; return 1; } int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock) { - OPENSSL_assert(*(unsigned int *)lock == 1); + if (!ossl_assert(*(unsigned int *)lock == 1)) + return 0; return 1; } @@ -121,4 +128,9 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock) return 1; } +int openssl_init_fork_handlers(void) +{ + return 0; +} + #endif diff --git a/deps/openssl/openssl/crypto/threads_pthread.c b/deps/openssl/openssl/crypto/threads_pthread.c index 151013e47044d6..5a59779ebbb1d9 100644 --- a/deps/openssl/openssl/crypto/threads_pthread.c +++ b/deps/openssl/openssl/crypto/threads_pthread.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,6 +8,7 @@ */ #include +#include "internal/cryptlib.h" #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) && !defined(OPENSSL_SYS_WINDOWS) @@ -18,9 +19,12 @@ CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void) { # ifdef USE_RWLOCK - CRYPTO_RWLOCK *lock = OPENSSL_zalloc(sizeof(pthread_rwlock_t)); - if (lock == NULL) + CRYPTO_RWLOCK *lock; + + if ((lock = OPENSSL_zalloc(sizeof(pthread_rwlock_t))) == NULL) { + /* Don't set error, to avoid recursion blowup. */ return NULL; + } if (pthread_rwlock_init(lock, NULL) != 0) { OPENSSL_free(lock); @@ -28,9 +32,12 @@ CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void) } # else pthread_mutexattr_t attr; - CRYPTO_RWLOCK *lock = OPENSSL_zalloc(sizeof(pthread_mutex_t)); - if (lock == NULL) + CRYPTO_RWLOCK *lock; + + if ((lock = OPENSSL_zalloc(sizeof(pthread_mutex_t))) == NULL) { + /* Don't set error, to avoid recursion blowup. */ return NULL; + } pthread_mutexattr_init(&attr); pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_RECURSIVE); @@ -168,4 +175,22 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock) return 1; } +# ifdef OPENSSL_SYS_UNIX +static pthread_once_t fork_once_control = PTHREAD_ONCE_INIT; + +static void fork_once_func(void) +{ + pthread_atfork(OPENSSL_fork_prepare, + OPENSSL_fork_parent, OPENSSL_fork_child); +} +# endif + +int openssl_init_fork_handlers(void) +{ +# ifdef OPENSSL_SYS_UNIX + if (pthread_once(&fork_once_control, fork_once_func) == 0) + return 1; +# endif + return 0; +} #endif diff --git a/deps/openssl/openssl/crypto/threads_win.c b/deps/openssl/openssl/crypto/threads_win.c index 27334e13f3a2be..d8fdfb74f5b7b0 100644 --- a/deps/openssl/openssl/crypto/threads_win.c +++ b/deps/openssl/openssl/crypto/threads_win.c @@ -17,9 +17,12 @@ CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void) { - CRYPTO_RWLOCK *lock = OPENSSL_zalloc(sizeof(CRITICAL_SECTION)); - if (lock == NULL) + CRYPTO_RWLOCK *lock; + + if ((lock = OPENSSL_zalloc(sizeof(CRITICAL_SECTION))) == NULL) { + /* Don't set error, to avoid recursion blowup. */ return NULL; + } /* 0x400 is the spin count value suggested in the documentation */ if (!InitializeCriticalSectionAndSpinCount(lock, 0x400)) { @@ -152,4 +155,9 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock) return 1; } +int openssl_init_fork_handlers(void) +{ + return 0; +} + #endif diff --git a/deps/openssl/openssl/crypto/ts/ts_asn1.c b/deps/openssl/openssl/crypto/ts/ts_asn1.c index e60675ab720886..8707207082c9a1 100644 --- a/deps/openssl/openssl/crypto/ts/ts_asn1.c +++ b/deps/openssl/openssl/crypto/ts/ts_asn1.c @@ -225,6 +225,23 @@ ASN1_SEQUENCE(ESS_SIGNING_CERT) = { IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT) IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT) +ASN1_SEQUENCE(ESS_CERT_ID_V2) = { + ASN1_OPT(ESS_CERT_ID_V2, hash_alg, X509_ALGOR), + ASN1_SIMPLE(ESS_CERT_ID_V2, hash, ASN1_OCTET_STRING), + ASN1_OPT(ESS_CERT_ID_V2, issuer_serial, ESS_ISSUER_SERIAL) +} static_ASN1_SEQUENCE_END(ESS_CERT_ID_V2) + +IMPLEMENT_ASN1_FUNCTIONS_const(ESS_CERT_ID_V2) +IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2) + +ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = { + ASN1_SEQUENCE_OF(ESS_SIGNING_CERT_V2, cert_ids, ESS_CERT_ID_V2), + ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT_V2, policy_info, POLICYINFO) +} static_ASN1_SEQUENCE_END(ESS_SIGNING_CERT_V2) + +IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT_V2) +IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2) + /* Getting encapsulated TS_TST_INFO object from PKCS7. */ TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token) { diff --git a/deps/openssl/openssl/crypto/ts/ts_conf.c b/deps/openssl/openssl/crypto/ts/ts_conf.c index f5f3934dfd48bf..625089a59bf90c 100644 --- a/deps/openssl/openssl/crypto/ts/ts_conf.c +++ b/deps/openssl/openssl/crypto/ts/ts_conf.c @@ -37,6 +37,7 @@ #define ENV_CLOCK_PRECISION_DIGITS "clock_precision_digits" #define ENV_VALUE_YES "yes" #define ENV_VALUE_NO "no" +#define ENV_ESS_CERT_ID_ALG "ess_cert_id_alg" /* Function definitions for certificate and key loading. */ @@ -466,3 +467,27 @@ int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section, return ts_CONF_add_flag(conf, section, ENV_ESS_CERT_ID_CHAIN, TS_ESS_CERT_ID_CHAIN, ctx); } + +int TS_CONF_set_ess_cert_id_digest(CONF *conf, const char *section, + TS_RESP_CTX *ctx) +{ + int ret = 0; + const EVP_MD *cert_md = NULL; + const char *md = NCONF_get_string(conf, section, ENV_ESS_CERT_ID_ALG); + + if (md == NULL) + md = "sha1"; + + cert_md = EVP_get_digestbyname(md); + if (cert_md == NULL) { + ts_CONF_invalid(section, ENV_ESS_CERT_ID_ALG); + goto err; + } + + if (!TS_RESP_CTX_set_ess_cert_id_digest(ctx, cert_md)) + goto err; + + ret = 1; +err: + return ret; +} diff --git a/deps/openssl/openssl/crypto/ts/ts_err.c b/deps/openssl/openssl/crypto/ts/ts_err.c index a6d73a174b25af..1f3854d8491e57 100644 --- a/deps/openssl/openssl/crypto/ts/ts_err.c +++ b/deps/openssl/openssl/crypto/ts/ts_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,124 +8,165 @@ * https://www.openssl.org/source/license.html */ -#include #include -#include +#include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -# define ERR_FUNC(func) ERR_PACK(ERR_LIB_TS,func,0) -# define ERR_REASON(reason) ERR_PACK(ERR_LIB_TS,0,reason) - -static ERR_STRING_DATA TS_str_functs[] = { - {ERR_FUNC(TS_F_DEF_SERIAL_CB), "def_serial_cb"}, - {ERR_FUNC(TS_F_DEF_TIME_CB), "def_time_cb"}, - {ERR_FUNC(TS_F_ESS_ADD_SIGNING_CERT), "ESS_add_signing_cert"}, - {ERR_FUNC(TS_F_ESS_CERT_ID_NEW_INIT), "ess_CERT_ID_new_init"}, - {ERR_FUNC(TS_F_ESS_SIGNING_CERT_NEW_INIT), "ess_SIGNING_CERT_new_init"}, - {ERR_FUNC(TS_F_INT_TS_RESP_VERIFY_TOKEN), "int_ts_RESP_verify_token"}, - {ERR_FUNC(TS_F_PKCS7_TO_TS_TST_INFO), "PKCS7_to_TS_TST_INFO"}, - {ERR_FUNC(TS_F_TS_ACCURACY_SET_MICROS), "TS_ACCURACY_set_micros"}, - {ERR_FUNC(TS_F_TS_ACCURACY_SET_MILLIS), "TS_ACCURACY_set_millis"}, - {ERR_FUNC(TS_F_TS_ACCURACY_SET_SECONDS), "TS_ACCURACY_set_seconds"}, - {ERR_FUNC(TS_F_TS_CHECK_IMPRINTS), "ts_check_imprints"}, - {ERR_FUNC(TS_F_TS_CHECK_NONCES), "ts_check_nonces"}, - {ERR_FUNC(TS_F_TS_CHECK_POLICY), "ts_check_policy"}, - {ERR_FUNC(TS_F_TS_CHECK_SIGNING_CERTS), "ts_check_signing_certs"}, - {ERR_FUNC(TS_F_TS_CHECK_STATUS_INFO), "ts_check_status_info"}, - {ERR_FUNC(TS_F_TS_COMPUTE_IMPRINT), "ts_compute_imprint"}, - {ERR_FUNC(TS_F_TS_CONF_INVALID), "ts_CONF_invalid"}, - {ERR_FUNC(TS_F_TS_CONF_LOAD_CERT), "TS_CONF_load_cert"}, - {ERR_FUNC(TS_F_TS_CONF_LOAD_CERTS), "TS_CONF_load_certs"}, - {ERR_FUNC(TS_F_TS_CONF_LOAD_KEY), "TS_CONF_load_key"}, - {ERR_FUNC(TS_F_TS_CONF_LOOKUP_FAIL), "ts_CONF_lookup_fail"}, - {ERR_FUNC(TS_F_TS_CONF_SET_DEFAULT_ENGINE), "TS_CONF_set_default_engine"}, - {ERR_FUNC(TS_F_TS_GET_STATUS_TEXT), "ts_get_status_text"}, - {ERR_FUNC(TS_F_TS_MSG_IMPRINT_SET_ALGO), "TS_MSG_IMPRINT_set_algo"}, - {ERR_FUNC(TS_F_TS_REQ_SET_MSG_IMPRINT), "TS_REQ_set_msg_imprint"}, - {ERR_FUNC(TS_F_TS_REQ_SET_NONCE), "TS_REQ_set_nonce"}, - {ERR_FUNC(TS_F_TS_REQ_SET_POLICY_ID), "TS_REQ_set_policy_id"}, - {ERR_FUNC(TS_F_TS_RESP_CREATE_RESPONSE), "TS_RESP_create_response"}, - {ERR_FUNC(TS_F_TS_RESP_CREATE_TST_INFO), "ts_RESP_create_tst_info"}, - {ERR_FUNC(TS_F_TS_RESP_CTX_ADD_FAILURE_INFO), +static const ERR_STRING_DATA TS_str_functs[] = { + {ERR_PACK(ERR_LIB_TS, TS_F_DEF_SERIAL_CB, 0), "def_serial_cb"}, + {ERR_PACK(ERR_LIB_TS, TS_F_DEF_TIME_CB, 0), "def_time_cb"}, + {ERR_PACK(ERR_LIB_TS, TS_F_ESS_ADD_SIGNING_CERT, 0), + "ess_add_signing_cert"}, + {ERR_PACK(ERR_LIB_TS, TS_F_ESS_ADD_SIGNING_CERT_V2, 0), + "ess_add_signing_cert_v2"}, + {ERR_PACK(ERR_LIB_TS, TS_F_ESS_CERT_ID_NEW_INIT, 0), + "ess_CERT_ID_new_init"}, + {ERR_PACK(ERR_LIB_TS, TS_F_ESS_CERT_ID_V2_NEW_INIT, 0), + "ess_cert_id_v2_new_init"}, + {ERR_PACK(ERR_LIB_TS, TS_F_ESS_SIGNING_CERT_NEW_INIT, 0), + "ess_SIGNING_CERT_new_init"}, + {ERR_PACK(ERR_LIB_TS, TS_F_ESS_SIGNING_CERT_V2_NEW_INIT, 0), + "ess_signing_cert_v2_new_init"}, + {ERR_PACK(ERR_LIB_TS, TS_F_INT_TS_RESP_VERIFY_TOKEN, 0), + "int_ts_RESP_verify_token"}, + {ERR_PACK(ERR_LIB_TS, TS_F_PKCS7_TO_TS_TST_INFO, 0), + "PKCS7_to_TS_TST_INFO"}, + {ERR_PACK(ERR_LIB_TS, TS_F_TS_ACCURACY_SET_MICROS, 0), + "TS_ACCURACY_set_micros"}, + {ERR_PACK(ERR_LIB_TS, TS_F_TS_ACCURACY_SET_MILLIS, 0), + "TS_ACCURACY_set_millis"}, + {ERR_PACK(ERR_LIB_TS, TS_F_TS_ACCURACY_SET_SECONDS, 0), + "TS_ACCURACY_set_seconds"}, + {ERR_PACK(ERR_LIB_TS, TS_F_TS_CHECK_IMPRINTS, 0), "ts_check_imprints"}, + {ERR_PACK(ERR_LIB_TS, TS_F_TS_CHECK_NONCES, 0), "ts_check_nonces"}, + {ERR_PACK(ERR_LIB_TS, TS_F_TS_CHECK_POLICY, 0), "ts_check_policy"}, + {ERR_PACK(ERR_LIB_TS, TS_F_TS_CHECK_SIGNING_CERTS, 0), + "ts_check_signing_certs"}, + {ERR_PACK(ERR_LIB_TS, TS_F_TS_CHECK_STATUS_INFO, 0), + "ts_check_status_info"}, + {ERR_PACK(ERR_LIB_TS, TS_F_TS_COMPUTE_IMPRINT, 0), "ts_compute_imprint"}, + {ERR_PACK(ERR_LIB_TS, TS_F_TS_CONF_INVALID, 0), "ts_CONF_invalid"}, + {ERR_PACK(ERR_LIB_TS, TS_F_TS_CONF_LOAD_CERT, 0), "TS_CONF_load_cert"}, + {ERR_PACK(ERR_LIB_TS, TS_F_TS_CONF_LOAD_CERTS, 0), "TS_CONF_load_certs"}, + {ERR_PACK(ERR_LIB_TS, TS_F_TS_CONF_LOAD_KEY, 0), "TS_CONF_load_key"}, + {ERR_PACK(ERR_LIB_TS, TS_F_TS_CONF_LOOKUP_FAIL, 0), "ts_CONF_lookup_fail"}, + {ERR_PACK(ERR_LIB_TS, TS_F_TS_CONF_SET_DEFAULT_ENGINE, 0), + "TS_CONF_set_default_engine"}, + {ERR_PACK(ERR_LIB_TS, TS_F_TS_GET_STATUS_TEXT, 0), "ts_get_status_text"}, + {ERR_PACK(ERR_LIB_TS, TS_F_TS_MSG_IMPRINT_SET_ALGO, 0), + "TS_MSG_IMPRINT_set_algo"}, + {ERR_PACK(ERR_LIB_TS, TS_F_TS_REQ_SET_MSG_IMPRINT, 0), + "TS_REQ_set_msg_imprint"}, + {ERR_PACK(ERR_LIB_TS, TS_F_TS_REQ_SET_NONCE, 0), "TS_REQ_set_nonce"}, + {ERR_PACK(ERR_LIB_TS, TS_F_TS_REQ_SET_POLICY_ID, 0), + "TS_REQ_set_policy_id"}, + {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CREATE_RESPONSE, 0), + "TS_RESP_create_response"}, + {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CREATE_TST_INFO, 0), + "ts_RESP_create_tst_info"}, + {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_ADD_FAILURE_INFO, 0), "TS_RESP_CTX_add_failure_info"}, - {ERR_FUNC(TS_F_TS_RESP_CTX_ADD_MD), "TS_RESP_CTX_add_md"}, - {ERR_FUNC(TS_F_TS_RESP_CTX_ADD_POLICY), "TS_RESP_CTX_add_policy"}, - {ERR_FUNC(TS_F_TS_RESP_CTX_NEW), "TS_RESP_CTX_new"}, - {ERR_FUNC(TS_F_TS_RESP_CTX_SET_ACCURACY), "TS_RESP_CTX_set_accuracy"}, - {ERR_FUNC(TS_F_TS_RESP_CTX_SET_CERTS), "TS_RESP_CTX_set_certs"}, - {ERR_FUNC(TS_F_TS_RESP_CTX_SET_DEF_POLICY), "TS_RESP_CTX_set_def_policy"}, - {ERR_FUNC(TS_F_TS_RESP_CTX_SET_SIGNER_CERT), + {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_ADD_MD, 0), "TS_RESP_CTX_add_md"}, + {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_ADD_POLICY, 0), + "TS_RESP_CTX_add_policy"}, + {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_NEW, 0), "TS_RESP_CTX_new"}, + {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_SET_ACCURACY, 0), + "TS_RESP_CTX_set_accuracy"}, + {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_SET_CERTS, 0), + "TS_RESP_CTX_set_certs"}, + {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_SET_DEF_POLICY, 0), + "TS_RESP_CTX_set_def_policy"}, + {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_SET_SIGNER_CERT, 0), "TS_RESP_CTX_set_signer_cert"}, - {ERR_FUNC(TS_F_TS_RESP_CTX_SET_STATUS_INFO), + {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_SET_STATUS_INFO, 0), "TS_RESP_CTX_set_status_info"}, - {ERR_FUNC(TS_F_TS_RESP_GET_POLICY), "ts_RESP_get_policy"}, - {ERR_FUNC(TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION), + {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_GET_POLICY, 0), "ts_RESP_get_policy"}, + {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION, 0), "TS_RESP_set_genTime_with_precision"}, - {ERR_FUNC(TS_F_TS_RESP_SET_STATUS_INFO), "TS_RESP_set_status_info"}, - {ERR_FUNC(TS_F_TS_RESP_SET_TST_INFO), "TS_RESP_set_tst_info"}, - {ERR_FUNC(TS_F_TS_RESP_SIGN), "ts_RESP_sign"}, - {ERR_FUNC(TS_F_TS_RESP_VERIFY_SIGNATURE), "TS_RESP_verify_signature"}, - {ERR_FUNC(TS_F_TS_TST_INFO_SET_ACCURACY), "TS_TST_INFO_set_accuracy"}, - {ERR_FUNC(TS_F_TS_TST_INFO_SET_MSG_IMPRINT), + {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_SET_STATUS_INFO, 0), + "TS_RESP_set_status_info"}, + {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_SET_TST_INFO, 0), + "TS_RESP_set_tst_info"}, + {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_SIGN, 0), "ts_RESP_sign"}, + {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_VERIFY_SIGNATURE, 0), + "TS_RESP_verify_signature"}, + {ERR_PACK(ERR_LIB_TS, TS_F_TS_TST_INFO_SET_ACCURACY, 0), + "TS_TST_INFO_set_accuracy"}, + {ERR_PACK(ERR_LIB_TS, TS_F_TS_TST_INFO_SET_MSG_IMPRINT, 0), "TS_TST_INFO_set_msg_imprint"}, - {ERR_FUNC(TS_F_TS_TST_INFO_SET_NONCE), "TS_TST_INFO_set_nonce"}, - {ERR_FUNC(TS_F_TS_TST_INFO_SET_POLICY_ID), "TS_TST_INFO_set_policy_id"}, - {ERR_FUNC(TS_F_TS_TST_INFO_SET_SERIAL), "TS_TST_INFO_set_serial"}, - {ERR_FUNC(TS_F_TS_TST_INFO_SET_TIME), "TS_TST_INFO_set_time"}, - {ERR_FUNC(TS_F_TS_TST_INFO_SET_TSA), "TS_TST_INFO_set_tsa"}, - {ERR_FUNC(TS_F_TS_VERIFY), "TS_VERIFY"}, - {ERR_FUNC(TS_F_TS_VERIFY_CERT), "ts_verify_cert"}, - {ERR_FUNC(TS_F_TS_VERIFY_CTX_NEW), "TS_VERIFY_CTX_new"}, + {ERR_PACK(ERR_LIB_TS, TS_F_TS_TST_INFO_SET_NONCE, 0), + "TS_TST_INFO_set_nonce"}, + {ERR_PACK(ERR_LIB_TS, TS_F_TS_TST_INFO_SET_POLICY_ID, 0), + "TS_TST_INFO_set_policy_id"}, + {ERR_PACK(ERR_LIB_TS, TS_F_TS_TST_INFO_SET_SERIAL, 0), + "TS_TST_INFO_set_serial"}, + {ERR_PACK(ERR_LIB_TS, TS_F_TS_TST_INFO_SET_TIME, 0), + "TS_TST_INFO_set_time"}, + {ERR_PACK(ERR_LIB_TS, TS_F_TS_TST_INFO_SET_TSA, 0), "TS_TST_INFO_set_tsa"}, + {ERR_PACK(ERR_LIB_TS, TS_F_TS_VERIFY, 0), ""}, + {ERR_PACK(ERR_LIB_TS, TS_F_TS_VERIFY_CERT, 0), "ts_verify_cert"}, + {ERR_PACK(ERR_LIB_TS, TS_F_TS_VERIFY_CTX_NEW, 0), "TS_VERIFY_CTX_new"}, {0, NULL} }; -static ERR_STRING_DATA TS_str_reasons[] = { - {ERR_REASON(TS_R_BAD_PKCS7_TYPE), "bad pkcs7 type"}, - {ERR_REASON(TS_R_BAD_TYPE), "bad type"}, - {ERR_REASON(TS_R_CANNOT_LOAD_CERT), "cannot load certificate"}, - {ERR_REASON(TS_R_CANNOT_LOAD_KEY), "cannot load private key"}, - {ERR_REASON(TS_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"}, - {ERR_REASON(TS_R_COULD_NOT_SET_ENGINE), "could not set engine"}, - {ERR_REASON(TS_R_COULD_NOT_SET_TIME), "could not set time"}, - {ERR_REASON(TS_R_DETACHED_CONTENT), "detached content"}, - {ERR_REASON(TS_R_ESS_ADD_SIGNING_CERT_ERROR), - "ess add signing cert error"}, - {ERR_REASON(TS_R_ESS_SIGNING_CERTIFICATE_ERROR), - "ess signing certificate error"}, - {ERR_REASON(TS_R_INVALID_NULL_POINTER), "invalid null pointer"}, - {ERR_REASON(TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE), - "invalid signer certificate purpose"}, - {ERR_REASON(TS_R_MESSAGE_IMPRINT_MISMATCH), "message imprint mismatch"}, - {ERR_REASON(TS_R_NONCE_MISMATCH), "nonce mismatch"}, - {ERR_REASON(TS_R_NONCE_NOT_RETURNED), "nonce not returned"}, - {ERR_REASON(TS_R_NO_CONTENT), "no content"}, - {ERR_REASON(TS_R_NO_TIME_STAMP_TOKEN), "no time stamp token"}, - {ERR_REASON(TS_R_PKCS7_ADD_SIGNATURE_ERROR), "pkcs7 add signature error"}, - {ERR_REASON(TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR), - "pkcs7 add signed attr error"}, - {ERR_REASON(TS_R_PKCS7_TO_TS_TST_INFO_FAILED), - "pkcs7 to ts tst info failed"}, - {ERR_REASON(TS_R_POLICY_MISMATCH), "policy mismatch"}, - {ERR_REASON(TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), - "private key does not match certificate"}, - {ERR_REASON(TS_R_RESPONSE_SETUP_ERROR), "response setup error"}, - {ERR_REASON(TS_R_SIGNATURE_FAILURE), "signature failure"}, - {ERR_REASON(TS_R_THERE_MUST_BE_ONE_SIGNER), "there must be one signer"}, - {ERR_REASON(TS_R_TIME_SYSCALL_ERROR), "time syscall error"}, - {ERR_REASON(TS_R_TOKEN_NOT_PRESENT), "token not present"}, - {ERR_REASON(TS_R_TOKEN_PRESENT), "token present"}, - {ERR_REASON(TS_R_TSA_NAME_MISMATCH), "tsa name mismatch"}, - {ERR_REASON(TS_R_TSA_UNTRUSTED), "tsa untrusted"}, - {ERR_REASON(TS_R_TST_INFO_SETUP_ERROR), "tst info setup error"}, - {ERR_REASON(TS_R_TS_DATASIGN), "ts datasign"}, - {ERR_REASON(TS_R_UNACCEPTABLE_POLICY), "unacceptable policy"}, - {ERR_REASON(TS_R_UNSUPPORTED_MD_ALGORITHM), "unsupported md algorithm"}, - {ERR_REASON(TS_R_UNSUPPORTED_VERSION), "unsupported version"}, - {ERR_REASON(TS_R_VAR_BAD_VALUE), "var bad value"}, - {ERR_REASON(TS_R_VAR_LOOKUP_FAILURE), "cannot find config variable"}, - {ERR_REASON(TS_R_WRONG_CONTENT_TYPE), "wrong content type"}, +static const ERR_STRING_DATA TS_str_reasons[] = { + {ERR_PACK(ERR_LIB_TS, 0, TS_R_BAD_PKCS7_TYPE), "bad pkcs7 type"}, + {ERR_PACK(ERR_LIB_TS, 0, TS_R_BAD_TYPE), "bad type"}, + {ERR_PACK(ERR_LIB_TS, 0, TS_R_CANNOT_LOAD_CERT), "cannot load certificate"}, + {ERR_PACK(ERR_LIB_TS, 0, TS_R_CANNOT_LOAD_KEY), "cannot load private key"}, + {ERR_PACK(ERR_LIB_TS, 0, TS_R_CERTIFICATE_VERIFY_ERROR), + "certificate verify error"}, + {ERR_PACK(ERR_LIB_TS, 0, TS_R_COULD_NOT_SET_ENGINE), + "could not set engine"}, + {ERR_PACK(ERR_LIB_TS, 0, TS_R_COULD_NOT_SET_TIME), "could not set time"}, + {ERR_PACK(ERR_LIB_TS, 0, TS_R_DETACHED_CONTENT), "detached content"}, + {ERR_PACK(ERR_LIB_TS, 0, TS_R_ESS_ADD_SIGNING_CERT_ERROR), + "ess add signing cert error"}, + {ERR_PACK(ERR_LIB_TS, 0, TS_R_ESS_ADD_SIGNING_CERT_V2_ERROR), + "ess add signing cert v2 error"}, + {ERR_PACK(ERR_LIB_TS, 0, TS_R_ESS_SIGNING_CERTIFICATE_ERROR), + "ess signing certificate error"}, + {ERR_PACK(ERR_LIB_TS, 0, TS_R_INVALID_NULL_POINTER), + "invalid null pointer"}, + {ERR_PACK(ERR_LIB_TS, 0, TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE), + "invalid signer certificate purpose"}, + {ERR_PACK(ERR_LIB_TS, 0, TS_R_MESSAGE_IMPRINT_MISMATCH), + "message imprint mismatch"}, + {ERR_PACK(ERR_LIB_TS, 0, TS_R_NONCE_MISMATCH), "nonce mismatch"}, + {ERR_PACK(ERR_LIB_TS, 0, TS_R_NONCE_NOT_RETURNED), "nonce not returned"}, + {ERR_PACK(ERR_LIB_TS, 0, TS_R_NO_CONTENT), "no content"}, + {ERR_PACK(ERR_LIB_TS, 0, TS_R_NO_TIME_STAMP_TOKEN), "no time stamp token"}, + {ERR_PACK(ERR_LIB_TS, 0, TS_R_PKCS7_ADD_SIGNATURE_ERROR), + "pkcs7 add signature error"}, + {ERR_PACK(ERR_LIB_TS, 0, TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR), + "pkcs7 add signed attr error"}, + {ERR_PACK(ERR_LIB_TS, 0, TS_R_PKCS7_TO_TS_TST_INFO_FAILED), + "pkcs7 to ts tst info failed"}, + {ERR_PACK(ERR_LIB_TS, 0, TS_R_POLICY_MISMATCH), "policy mismatch"}, + {ERR_PACK(ERR_LIB_TS, 0, TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), + "private key does not match certificate"}, + {ERR_PACK(ERR_LIB_TS, 0, TS_R_RESPONSE_SETUP_ERROR), + "response setup error"}, + {ERR_PACK(ERR_LIB_TS, 0, TS_R_SIGNATURE_FAILURE), "signature failure"}, + {ERR_PACK(ERR_LIB_TS, 0, TS_R_THERE_MUST_BE_ONE_SIGNER), + "there must be one signer"}, + {ERR_PACK(ERR_LIB_TS, 0, TS_R_TIME_SYSCALL_ERROR), "time syscall error"}, + {ERR_PACK(ERR_LIB_TS, 0, TS_R_TOKEN_NOT_PRESENT), "token not present"}, + {ERR_PACK(ERR_LIB_TS, 0, TS_R_TOKEN_PRESENT), "token present"}, + {ERR_PACK(ERR_LIB_TS, 0, TS_R_TSA_NAME_MISMATCH), "tsa name mismatch"}, + {ERR_PACK(ERR_LIB_TS, 0, TS_R_TSA_UNTRUSTED), "tsa untrusted"}, + {ERR_PACK(ERR_LIB_TS, 0, TS_R_TST_INFO_SETUP_ERROR), + "tst info setup error"}, + {ERR_PACK(ERR_LIB_TS, 0, TS_R_TS_DATASIGN), "ts datasign"}, + {ERR_PACK(ERR_LIB_TS, 0, TS_R_UNACCEPTABLE_POLICY), "unacceptable policy"}, + {ERR_PACK(ERR_LIB_TS, 0, TS_R_UNSUPPORTED_MD_ALGORITHM), + "unsupported md algorithm"}, + {ERR_PACK(ERR_LIB_TS, 0, TS_R_UNSUPPORTED_VERSION), "unsupported version"}, + {ERR_PACK(ERR_LIB_TS, 0, TS_R_VAR_BAD_VALUE), "var bad value"}, + {ERR_PACK(ERR_LIB_TS, 0, TS_R_VAR_LOOKUP_FAILURE), + "cannot find config variable"}, + {ERR_PACK(ERR_LIB_TS, 0, TS_R_WRONG_CONTENT_TYPE), "wrong content type"}, {0, NULL} }; @@ -134,10 +175,9 @@ static ERR_STRING_DATA TS_str_reasons[] = { int ERR_load_TS_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(TS_str_functs[0].error) == NULL) { - ERR_load_strings(0, TS_str_functs); - ERR_load_strings(0, TS_str_reasons); + ERR_load_strings_const(TS_str_functs); + ERR_load_strings_const(TS_str_reasons); } #endif return 1; diff --git a/deps/openssl/openssl/crypto/ts/ts_lcl.h b/deps/openssl/openssl/crypto/ts/ts_lcl.h index d0c3cf816e00a2..771784fef7c8d6 100644 --- a/deps/openssl/openssl/crypto/ts/ts_lcl.h +++ b/deps/openssl/openssl/crypto/ts/ts_lcl.h @@ -131,11 +131,39 @@ struct ESS_signing_cert { STACK_OF(POLICYINFO) *policy_info; }; +/*- + * ESSCertIDv2 ::= SEQUENCE { + * hashAlgorithm AlgorithmIdentifier + * DEFAULT {algorithm id-sha256}, + * certHash Hash, + * issuerSerial IssuerSerial OPTIONAL + * } + */ + +struct ESS_cert_id_v2_st { + X509_ALGOR *hash_alg; /* Default: SHA-256 */ + ASN1_OCTET_STRING *hash; + ESS_ISSUER_SERIAL *issuer_serial; +}; + +/*- + * SigningCertificateV2 ::= SEQUENCE { + * certs SEQUENCE OF ESSCertIDv2, + * policies SEQUENCE OF PolicyInformation OPTIONAL + * } + */ + +struct ESS_signing_cert_v2_st { + STACK_OF(ESS_CERT_ID_V2) *cert_ids; + STACK_OF(POLICYINFO) *policy_info; +}; + struct TS_resp_ctx { X509 *signer_cert; EVP_PKEY *signer_key; const EVP_MD *signer_md; + const EVP_MD *ess_cert_id_digest; STACK_OF(X509) *certs; /* Certs to include in signed data. */ STACK_OF(ASN1_OBJECT) *policies; /* Acceptable policies. */ ASN1_OBJECT *default_policy; /* It may appear in policies, too. */ diff --git a/deps/openssl/openssl/crypto/ts/ts_rsp_sign.c b/deps/openssl/openssl/crypto/ts/ts_rsp_sign.c index 0d714a71b7a87e..1b2b84ef6b67db 100644 --- a/deps/openssl/openssl/crypto/ts/ts_rsp_sign.c +++ b/deps/openssl/openssl/crypto/ts/ts_rsp_sign.c @@ -7,12 +7,9 @@ * https://www.openssl.org/source/license.html */ +#include "e_os.h" #include "internal/cryptlib.h" -#if defined(OPENSSL_SYS_UNIX) -# include -#endif - #include #include #include @@ -36,7 +33,16 @@ static ESS_SIGNING_CERT *ess_SIGNING_CERT_new_init(X509 *signcert, STACK_OF(X509) *certs); static ESS_CERT_ID *ess_CERT_ID_new_init(X509 *cert, int issuer_needed); static int ts_TST_INFO_content_new(PKCS7 *p7); -static int ESS_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc); +static int ess_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc); + +static ESS_SIGNING_CERT_V2 *ess_signing_cert_v2_new_init(const EVP_MD *hash_alg, + X509 *signcert, + STACK_OF(X509) + *certs); +static ESS_CERT_ID_V2 *ess_cert_id_v2_new_init(const EVP_MD *hash_alg, + X509 *cert, int issuer_needed); +static int ess_add_signing_cert_v2(PKCS7_SIGNER_INFO *si, + ESS_SIGNING_CERT_V2 *sc); static ASN1_GENERALIZEDTIME *TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *, long, long, @@ -111,7 +117,7 @@ static int def_extension_cb(struct TS_resp_ctx *ctx, X509_EXTENSION *ext, /* TS_RESP_CTX management functions. */ -TS_RESP_CTX *TS_RESP_CTX_new() +TS_RESP_CTX *TS_RESP_CTX_new(void) { TS_RESP_CTX *ctx; @@ -629,6 +635,7 @@ static int ts_RESP_sign(TS_RESP_CTX *ctx) PKCS7 *p7 = NULL; PKCS7_SIGNER_INFO *si; STACK_OF(X509) *certs; /* Certificates to include in sc. */ + ESS_SIGNING_CERT_V2 *sc2 = NULL; ESS_SIGNING_CERT *sc = NULL; ASN1_OBJECT *oid; BIO *p7bio = NULL; @@ -672,11 +679,25 @@ static int ts_RESP_sign(TS_RESP_CTX *ctx) } certs = ctx->flags & TS_ESS_CERT_ID_CHAIN ? ctx->certs : NULL; - if ((sc = ess_SIGNING_CERT_new_init(ctx->signer_cert, certs)) == NULL) - goto err; - if (!ESS_add_signing_cert(si, sc)) { - TSerr(TS_F_TS_RESP_SIGN, TS_R_ESS_ADD_SIGNING_CERT_ERROR); - goto err; + if (ctx->ess_cert_id_digest == NULL + || ctx->ess_cert_id_digest == EVP_sha1()) { + if ((sc = ess_SIGNING_CERT_new_init(ctx->signer_cert, certs)) == NULL) + goto err; + + if (!ess_add_signing_cert(si, sc)) { + TSerr(TS_F_TS_RESP_SIGN, TS_R_ESS_ADD_SIGNING_CERT_ERROR); + goto err; + } + } else { + sc2 = ess_signing_cert_v2_new_init(ctx->ess_cert_id_digest, + ctx->signer_cert, certs); + if (sc2 == NULL) + goto err; + + if (!ess_add_signing_cert_v2(si, sc2)) { + TSerr(TS_F_TS_RESP_SIGN, TS_R_ESS_ADD_SIGNING_CERT_V2_ERROR); + goto err; + } } if (!ts_TST_INFO_content_new(p7)) @@ -704,6 +725,7 @@ static int ts_RESP_sign(TS_RESP_CTX *ctx) "Error during signature " "generation."); BIO_free_all(p7bio); + ESS_SIGNING_CERT_V2_free(sc2); ESS_SIGNING_CERT_free(sc); PKCS7_free(p7); return ret; @@ -807,7 +829,7 @@ static int ts_TST_INFO_content_new(PKCS7 *p7) return 0; } -static int ESS_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc) +static int ess_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc) { ASN1_STRING *seq = NULL; unsigned char *p, *pp = NULL; @@ -836,9 +858,133 @@ static int ESS_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc) return 0; } -static ASN1_GENERALIZEDTIME -*TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time, - long sec, long usec, unsigned precision) +static ESS_SIGNING_CERT_V2 *ess_signing_cert_v2_new_init(const EVP_MD *hash_alg, + X509 *signcert, + STACK_OF(X509) *certs) +{ + ESS_CERT_ID_V2 *cid = NULL; + ESS_SIGNING_CERT_V2 *sc = NULL; + int i; + + if ((sc = ESS_SIGNING_CERT_V2_new()) == NULL) + goto err; + if ((cid = ess_cert_id_v2_new_init(hash_alg, signcert, 0)) == NULL) + goto err; + if (!sk_ESS_CERT_ID_V2_push(sc->cert_ids, cid)) + goto err; + cid = NULL; + + for (i = 0; i < sk_X509_num(certs); ++i) { + X509 *cert = sk_X509_value(certs, i); + + if ((cid = ess_cert_id_v2_new_init(hash_alg, cert, 1)) == NULL) + goto err; + if (!sk_ESS_CERT_ID_V2_push(sc->cert_ids, cid)) + goto err; + cid = NULL; + } + + return sc; + err: + ESS_SIGNING_CERT_V2_free(sc); + ESS_CERT_ID_V2_free(cid); + TSerr(TS_F_ESS_SIGNING_CERT_V2_NEW_INIT, ERR_R_MALLOC_FAILURE); + return NULL; +} + +static ESS_CERT_ID_V2 *ess_cert_id_v2_new_init(const EVP_MD *hash_alg, + X509 *cert, int issuer_needed) +{ + ESS_CERT_ID_V2 *cid = NULL; + GENERAL_NAME *name = NULL; + unsigned char hash[EVP_MAX_MD_SIZE]; + unsigned int hash_len = sizeof(hash); + X509_ALGOR *alg = NULL; + + memset(hash, 0, sizeof(hash)); + + if ((cid = ESS_CERT_ID_V2_new()) == NULL) + goto err; + + if (hash_alg != EVP_sha256()) { + alg = X509_ALGOR_new(); + if (alg == NULL) + goto err; + X509_ALGOR_set_md(alg, hash_alg); + if (alg->algorithm == NULL) + goto err; + cid->hash_alg = alg; + alg = NULL; + } else { + cid->hash_alg = NULL; + } + + if (!X509_digest(cert, hash_alg, hash, &hash_len)) + goto err; + + if (!ASN1_OCTET_STRING_set(cid->hash, hash, hash_len)) + goto err; + + if (issuer_needed) { + if ((cid->issuer_serial = ESS_ISSUER_SERIAL_new()) == NULL) + goto err; + if ((name = GENERAL_NAME_new()) == NULL) + goto err; + name->type = GEN_DIRNAME; + if ((name->d.dirn = X509_NAME_dup(X509_get_issuer_name(cert))) == NULL) + goto err; + if (!sk_GENERAL_NAME_push(cid->issuer_serial->issuer, name)) + goto err; + name = NULL; /* Ownership is lost. */ + ASN1_INTEGER_free(cid->issuer_serial->serial); + cid->issuer_serial->serial = + ASN1_INTEGER_dup(X509_get_serialNumber(cert)); + if (cid->issuer_serial->serial == NULL) + goto err; + } + + return cid; + err: + X509_ALGOR_free(alg); + GENERAL_NAME_free(name); + ESS_CERT_ID_V2_free(cid); + TSerr(TS_F_ESS_CERT_ID_V2_NEW_INIT, ERR_R_MALLOC_FAILURE); + return NULL; +} + +static int ess_add_signing_cert_v2(PKCS7_SIGNER_INFO *si, + ESS_SIGNING_CERT_V2 *sc) +{ + ASN1_STRING *seq = NULL; + unsigned char *p, *pp = NULL; + int len = i2d_ESS_SIGNING_CERT_V2(sc, NULL); + + if ((pp = OPENSSL_malloc(len)) == NULL) { + TSerr(TS_F_ESS_ADD_SIGNING_CERT_V2, ERR_R_MALLOC_FAILURE); + goto err; + } + + p = pp; + i2d_ESS_SIGNING_CERT_V2(sc, &p); + if ((seq = ASN1_STRING_new()) == NULL || !ASN1_STRING_set(seq, pp, len)) { + TSerr(TS_F_ESS_ADD_SIGNING_CERT_V2, ERR_R_MALLOC_FAILURE); + goto err; + } + + OPENSSL_free(pp); + pp = NULL; + return PKCS7_add_signed_attribute(si, + NID_id_smime_aa_signingCertificateV2, + V_ASN1_SEQUENCE, seq); + err: + ASN1_STRING_free(seq); + OPENSSL_free(pp); + return 0; +} + +static ASN1_GENERALIZEDTIME *TS_RESP_set_genTime_with_precision( + ASN1_GENERALIZEDTIME *asn1_time, long sec, long usec, + unsigned precision) { time_t time_sec = (time_t)sec; struct tm *tm = NULL, tm_result; @@ -903,3 +1049,9 @@ static ASN1_GENERALIZEDTIME TSerr(TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION, TS_R_COULD_NOT_SET_TIME); return NULL; } + +int TS_RESP_CTX_set_ess_cert_id_digest(TS_RESP_CTX *ctx, const EVP_MD *md) +{ + ctx->ess_cert_id_digest = md; + return 1; +} diff --git a/deps/openssl/openssl/crypto/ts/ts_rsp_verify.c b/deps/openssl/openssl/crypto/ts/ts_rsp_verify.c index 2755dd0ef36b5c..9deda81b07fb82 100644 --- a/deps/openssl/openssl/crypto/ts/ts_rsp_verify.c +++ b/deps/openssl/openssl/crypto/ts/ts_rsp_verify.c @@ -37,6 +37,8 @@ static int ts_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info); static int ts_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer); static int ts_find_name(STACK_OF(GENERAL_NAME) *gen_names, GENERAL_NAME *name); +static int ts_find_cert_v2(STACK_OF(ESS_CERT_ID_V2) *cert_ids, X509 *cert); +static ESS_SIGNING_CERT_V2 *ess_get_signing_cert_v2(PKCS7_SIGNER_INFO *si); /* * This must be large enough to hold all values in ts_status_text (with @@ -201,34 +203,57 @@ static int ts_check_signing_certs(PKCS7_SIGNER_INFO *si, { ESS_SIGNING_CERT *ss = ess_get_signing_cert(si); STACK_OF(ESS_CERT_ID) *cert_ids = NULL; + ESS_SIGNING_CERT_V2 *ssv2 = ess_get_signing_cert_v2(si); + STACK_OF(ESS_CERT_ID_V2) *cert_ids_v2 = NULL; X509 *cert; int i = 0; int ret = 0; - if (!ss) - goto err; - cert_ids = ss->cert_ids; - cert = sk_X509_value(chain, 0); - if (ts_find_cert(cert_ids, cert) != 0) - goto err; + if (ss != NULL) { + cert_ids = ss->cert_ids; + cert = sk_X509_value(chain, 0); + if (ts_find_cert(cert_ids, cert) != 0) + goto err; - /* - * Check the other certificates of the chain if there are more than one - * certificate ids in cert_ids. - */ - if (sk_ESS_CERT_ID_num(cert_ids) > 1) { - for (i = 1; i < sk_X509_num(chain); ++i) { - cert = sk_X509_value(chain, i); - if (ts_find_cert(cert_ids, cert) < 0) - goto err; + /* + * Check the other certificates of the chain if there are more than one + * certificate ids in cert_ids. + */ + if (sk_ESS_CERT_ID_num(cert_ids) > 1) { + for (i = 1; i < sk_X509_num(chain); ++i) { + cert = sk_X509_value(chain, i); + if (ts_find_cert(cert_ids, cert) < 0) + goto err; + } } + } else if (ssv2 != NULL) { + cert_ids_v2 = ssv2->cert_ids; + cert = sk_X509_value(chain, 0); + if (ts_find_cert_v2(cert_ids_v2, cert) != 0) + goto err; + + /* + * Check the other certificates of the chain if there are more than one + * certificate ids in cert_ids. + */ + if (sk_ESS_CERT_ID_V2_num(cert_ids_v2) > 1) { + for (i = 1; i < sk_X509_num(chain); ++i) { + cert = sk_X509_value(chain, i); + if (ts_find_cert_v2(cert_ids_v2, cert) < 0) + goto err; + } + } + } else { + goto err; } + ret = 1; err: if (!ret) TSerr(TS_F_TS_CHECK_SIGNING_CERTS, TS_R_ESS_SIGNING_CERTIFICATE_ERROR); ESS_SIGNING_CERT_free(ss); + ESS_SIGNING_CERT_V2_free(ssv2); return ret; } @@ -243,6 +268,18 @@ static ESS_SIGNING_CERT *ess_get_signing_cert(PKCS7_SIGNER_INFO *si) return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length); } +static ESS_SIGNING_CERT_V2 *ess_get_signing_cert_v2(PKCS7_SIGNER_INFO *si) +{ + ASN1_TYPE *attr; + const unsigned char *p; + + attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificateV2); + if (attr == NULL) + return NULL; + p = attr->value.sequence->data; + return d2i_ESS_SIGNING_CERT_V2(NULL, &p, attr->value.sequence->length); +} + /* Returns < 0 if certificate is not found, certificate index otherwise. */ static int ts_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert) { @@ -272,6 +309,38 @@ static int ts_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert) return -1; } +/* Returns < 0 if certificate is not found, certificate index otherwise. */ +static int ts_find_cert_v2(STACK_OF(ESS_CERT_ID_V2) *cert_ids, X509 *cert) +{ + int i; + unsigned char cert_digest[EVP_MAX_MD_SIZE]; + unsigned int len; + + /* Look for cert in the cert_ids vector. */ + for (i = 0; i < sk_ESS_CERT_ID_V2_num(cert_ids); ++i) { + ESS_CERT_ID_V2 *cid = sk_ESS_CERT_ID_V2_value(cert_ids, i); + const EVP_MD *md; + + if (cid->hash_alg != NULL) + md = EVP_get_digestbyobj(cid->hash_alg->algorithm); + else + md = EVP_sha256(); + + X509_digest(cert, md, cert_digest, &len); + if (cid->hash->length != (int)len) + return -1; + + if (memcmp(cid->hash->data, cert_digest, cid->hash->length) == 0) { + ESS_ISSUER_SERIAL *is = cid->issuer_serial; + + if (is == NULL || !ts_issuer_serial_cmp(is, cert)) + return i; + } + } + + return -1; +} + static int ts_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509 *cert) { GENERAL_NAME *issuer; @@ -480,7 +549,7 @@ static char *ts_get_status_text(STACK_OF(ASN1_UTF8STRING) *text) return result; } -static int ts_check_policy(const ASN1_OBJECT *req_oid, +static int ts_check_policy(const ASN1_OBJECT *req_oid, const TS_TST_INFO *tst_info) { const ASN1_OBJECT *resp_oid = tst_info->policy_id; diff --git a/deps/openssl/openssl/crypto/txt_db/txt_db.c b/deps/openssl/openssl/crypto/txt_db/txt_db.c index cf932a52aa6525..c4e1782514d8a3 100644 --- a/deps/openssl/openssl/crypto/txt_db/txt_db.c +++ b/deps/openssl/openssl/crypto/txt_db/txt_db.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -124,7 +124,7 @@ TXT_DB *TXT_DB_read(BIO *in, int num) OPENSSL_free(ret->qual); OPENSSL_free(ret); } - return (NULL); + return NULL; } OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, @@ -135,16 +135,16 @@ OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, if (idx >= db->num_fields) { db->error = DB_ERROR_INDEX_OUT_OF_RANGE; - return (NULL); + return NULL; } lh = db->index[idx]; if (lh == NULL) { db->error = DB_ERROR_NO_INDEX; - return (NULL); + return NULL; } ret = lh_OPENSSL_STRING_retrieve(lh, value); db->error = DB_ERROR_OK; - return (ret); + return ret; } int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *), @@ -156,12 +156,12 @@ int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *), if (field >= db->num_fields) { db->error = DB_ERROR_INDEX_OUT_OF_RANGE; - return (0); + return 0; } /* FIXME: we lose type checking at this point */ if ((idx = (LHASH_OF(OPENSSL_STRING) *)OPENSSL_LH_new(hash, cmp)) == NULL) { db->error = DB_ERROR_MALLOC; - return (0); + return 0; } n = sk_OPENSSL_PSTRING_num(db->data); for (i = 0; i < n; i++) { @@ -173,18 +173,18 @@ int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *), db->arg1 = sk_OPENSSL_PSTRING_find(db->data, k); db->arg2 = i; lh_OPENSSL_STRING_free(idx); - return (0); + return 0; } if (lh_OPENSSL_STRING_retrieve(idx, r) == NULL) { db->error = DB_ERROR_MALLOC; lh_OPENSSL_STRING_free(idx); - return (0); + return 0; } } lh_OPENSSL_STRING_free(db->index[field]); db->index[field] = idx; db->qual[field] = qual; - return (1); + return 1; } long TXT_DB_write(BIO *out, TXT_DB *db) @@ -231,7 +231,7 @@ long TXT_DB_write(BIO *out, TXT_DB *db) ret = tot; err: BUF_MEM_free(buf); - return (ret); + return ret; } int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *row) @@ -264,7 +264,7 @@ int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *row) } if (!sk_OPENSSL_PSTRING_push(db->data, row)) goto err1; - return (1); + return 1; err1: db->error = DB_ERROR_MALLOC; @@ -276,7 +276,7 @@ int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *row) } } err: - return (0); + return 0; } void TXT_DB_free(TXT_DB *db) @@ -286,7 +286,6 @@ void TXT_DB_free(TXT_DB *db) if (db == NULL) return; - if (db->index != NULL) { for (i = db->num_fields - 1; i >= 0; i--) lh_OPENSSL_STRING_free(db->index[i]); diff --git a/deps/openssl/openssl/crypto/ui/build.info b/deps/openssl/openssl/crypto/ui/build.info index fcb45af7eb0b5f..c5d17fb7448a22 100644 --- a/deps/openssl/openssl/crypto/ui/build.info +++ b/deps/openssl/openssl/crypto/ui/build.info @@ -1,3 +1,3 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]=\ - ui_err.c ui_lib.c ui_openssl.c ui_util.c + ui_err.c ui_lib.c ui_openssl.c ui_null.c ui_util.c diff --git a/deps/openssl/openssl/crypto/ui/ui_err.c b/deps/openssl/openssl/crypto/ui/ui_err.c index c8640feaf1ecfd..b806872c30bd97 100644 --- a/deps/openssl/openssl/crypto/ui/ui_err.c +++ b/deps/openssl/openssl/crypto/ui/ui_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,52 +8,59 @@ * https://www.openssl.org/source/license.html */ -#include #include -#include +#include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -# define ERR_FUNC(func) ERR_PACK(ERR_LIB_UI,func,0) -# define ERR_REASON(reason) ERR_PACK(ERR_LIB_UI,0,reason) - -static ERR_STRING_DATA UI_str_functs[] = { - {ERR_FUNC(UI_F_CLOSE_CONSOLE), "close_console"}, - {ERR_FUNC(UI_F_ECHO_CONSOLE), "echo_console"}, - {ERR_FUNC(UI_F_GENERAL_ALLOCATE_BOOLEAN), "general_allocate_boolean"}, - {ERR_FUNC(UI_F_GENERAL_ALLOCATE_PROMPT), "general_allocate_prompt"}, - {ERR_FUNC(UI_F_NOECHO_CONSOLE), "noecho_console"}, - {ERR_FUNC(UI_F_OPEN_CONSOLE), "open_console"}, - {ERR_FUNC(UI_F_UI_CREATE_METHOD), "UI_create_method"}, - {ERR_FUNC(UI_F_UI_CTRL), "UI_ctrl"}, - {ERR_FUNC(UI_F_UI_DUP_ERROR_STRING), "UI_dup_error_string"}, - {ERR_FUNC(UI_F_UI_DUP_INFO_STRING), "UI_dup_info_string"}, - {ERR_FUNC(UI_F_UI_DUP_INPUT_BOOLEAN), "UI_dup_input_boolean"}, - {ERR_FUNC(UI_F_UI_DUP_INPUT_STRING), "UI_dup_input_string"}, - {ERR_FUNC(UI_F_UI_DUP_VERIFY_STRING), "UI_dup_verify_string"}, - {ERR_FUNC(UI_F_UI_GET0_RESULT), "UI_get0_result"}, - {ERR_FUNC(UI_F_UI_NEW_METHOD), "UI_new_method"}, - {ERR_FUNC(UI_F_UI_PROCESS), "UI_process"}, - {ERR_FUNC(UI_F_UI_SET_RESULT), "UI_set_result"}, +static const ERR_STRING_DATA UI_str_functs[] = { + {ERR_PACK(ERR_LIB_UI, UI_F_CLOSE_CONSOLE, 0), "close_console"}, + {ERR_PACK(ERR_LIB_UI, UI_F_ECHO_CONSOLE, 0), "echo_console"}, + {ERR_PACK(ERR_LIB_UI, UI_F_GENERAL_ALLOCATE_BOOLEAN, 0), + "general_allocate_boolean"}, + {ERR_PACK(ERR_LIB_UI, UI_F_GENERAL_ALLOCATE_PROMPT, 0), + "general_allocate_prompt"}, + {ERR_PACK(ERR_LIB_UI, UI_F_NOECHO_CONSOLE, 0), "noecho_console"}, + {ERR_PACK(ERR_LIB_UI, UI_F_OPEN_CONSOLE, 0), "open_console"}, + {ERR_PACK(ERR_LIB_UI, UI_F_UI_CONSTRUCT_PROMPT, 0), "UI_construct_prompt"}, + {ERR_PACK(ERR_LIB_UI, UI_F_UI_CREATE_METHOD, 0), "UI_create_method"}, + {ERR_PACK(ERR_LIB_UI, UI_F_UI_CTRL, 0), "UI_ctrl"}, + {ERR_PACK(ERR_LIB_UI, UI_F_UI_DUP_ERROR_STRING, 0), "UI_dup_error_string"}, + {ERR_PACK(ERR_LIB_UI, UI_F_UI_DUP_INFO_STRING, 0), "UI_dup_info_string"}, + {ERR_PACK(ERR_LIB_UI, UI_F_UI_DUP_INPUT_BOOLEAN, 0), + "UI_dup_input_boolean"}, + {ERR_PACK(ERR_LIB_UI, UI_F_UI_DUP_INPUT_STRING, 0), "UI_dup_input_string"}, + {ERR_PACK(ERR_LIB_UI, UI_F_UI_DUP_USER_DATA, 0), "UI_dup_user_data"}, + {ERR_PACK(ERR_LIB_UI, UI_F_UI_DUP_VERIFY_STRING, 0), + "UI_dup_verify_string"}, + {ERR_PACK(ERR_LIB_UI, UI_F_UI_GET0_RESULT, 0), "UI_get0_result"}, + {ERR_PACK(ERR_LIB_UI, UI_F_UI_GET_RESULT_LENGTH, 0), + "UI_get_result_length"}, + {ERR_PACK(ERR_LIB_UI, UI_F_UI_NEW_METHOD, 0), "UI_new_method"}, + {ERR_PACK(ERR_LIB_UI, UI_F_UI_PROCESS, 0), "UI_process"}, + {ERR_PACK(ERR_LIB_UI, UI_F_UI_SET_RESULT, 0), "UI_set_result"}, + {ERR_PACK(ERR_LIB_UI, UI_F_UI_SET_RESULT_EX, 0), "UI_set_result_ex"}, {0, NULL} }; -static ERR_STRING_DATA UI_str_reasons[] = { - {ERR_REASON(UI_R_COMMON_OK_AND_CANCEL_CHARACTERS), - "common ok and cancel characters"}, - {ERR_REASON(UI_R_INDEX_TOO_LARGE), "index too large"}, - {ERR_REASON(UI_R_INDEX_TOO_SMALL), "index too small"}, - {ERR_REASON(UI_R_NO_RESULT_BUFFER), "no result buffer"}, - {ERR_REASON(UI_R_PROCESSING_ERROR), "processing error"}, - {ERR_REASON(UI_R_RESULT_TOO_LARGE), "result too large"}, - {ERR_REASON(UI_R_RESULT_TOO_SMALL), "result too small"}, - {ERR_REASON(UI_R_SYSASSIGN_ERROR), "sys$assign error"}, - {ERR_REASON(UI_R_SYSDASSGN_ERROR), "sys$dassgn error"}, - {ERR_REASON(UI_R_SYSQIOW_ERROR), "sys$qiow error"}, - {ERR_REASON(UI_R_UNKNOWN_CONTROL_COMMAND), "unknown control command"}, - {ERR_REASON(UI_R_UNKNOWN_TTYGET_ERRNO_VALUE), - "unknown ttyget errno value"}, +static const ERR_STRING_DATA UI_str_reasons[] = { + {ERR_PACK(ERR_LIB_UI, 0, UI_R_COMMON_OK_AND_CANCEL_CHARACTERS), + "common ok and cancel characters"}, + {ERR_PACK(ERR_LIB_UI, 0, UI_R_INDEX_TOO_LARGE), "index too large"}, + {ERR_PACK(ERR_LIB_UI, 0, UI_R_INDEX_TOO_SMALL), "index too small"}, + {ERR_PACK(ERR_LIB_UI, 0, UI_R_NO_RESULT_BUFFER), "no result buffer"}, + {ERR_PACK(ERR_LIB_UI, 0, UI_R_PROCESSING_ERROR), "processing error"}, + {ERR_PACK(ERR_LIB_UI, 0, UI_R_RESULT_TOO_LARGE), "result too large"}, + {ERR_PACK(ERR_LIB_UI, 0, UI_R_RESULT_TOO_SMALL), "result too small"}, + {ERR_PACK(ERR_LIB_UI, 0, UI_R_SYSASSIGN_ERROR), "sys$assign error"}, + {ERR_PACK(ERR_LIB_UI, 0, UI_R_SYSDASSGN_ERROR), "sys$dassgn error"}, + {ERR_PACK(ERR_LIB_UI, 0, UI_R_SYSQIOW_ERROR), "sys$qiow error"}, + {ERR_PACK(ERR_LIB_UI, 0, UI_R_UNKNOWN_CONTROL_COMMAND), + "unknown control command"}, + {ERR_PACK(ERR_LIB_UI, 0, UI_R_UNKNOWN_TTYGET_ERRNO_VALUE), + "unknown ttyget errno value"}, + {ERR_PACK(ERR_LIB_UI, 0, UI_R_USER_DATA_DUPLICATION_UNSUPPORTED), + "user data duplication unsupported"}, {0, NULL} }; @@ -62,10 +69,9 @@ static ERR_STRING_DATA UI_str_reasons[] = { int ERR_load_UI_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(UI_str_functs[0].error) == NULL) { - ERR_load_strings(0, UI_str_functs); - ERR_load_strings(0, UI_str_reasons); + ERR_load_strings_const(UI_str_functs); + ERR_load_strings_const(UI_str_reasons); } #endif return 1; diff --git a/deps/openssl/openssl/crypto/ui/ui_lib.c b/deps/openssl/openssl/crypto/ui/ui_lib.c index 464dac4237b8e7..139485dcd15485 100644 --- a/deps/openssl/openssl/crypto/ui/ui_lib.c +++ b/deps/openssl/openssl/crypto/ui/ui_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -17,7 +17,7 @@ UI *UI_new(void) { - return (UI_new_method(NULL)); + return UI_new_method(NULL); } UI *UI_new_method(const UI_METHOD *method) @@ -37,9 +37,10 @@ UI *UI_new_method(const UI_METHOD *method) } if (method == NULL) - ret->meth = UI_get_default_method(); - else - ret->meth = method; + method = UI_get_default_method(); + if (method == NULL) + method = UI_null(); + ret->meth = method; if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data)) { OPENSSL_free(ret); @@ -58,7 +59,11 @@ static void free_string(UI_STRING *uis) OPENSSL_free((char *)uis->_.boolean_data.ok_chars); OPENSSL_free((char *)uis->_.boolean_data.cancel_chars); break; - default: + case UIT_NONE: + case UIT_PROMPT: + case UIT_VERIFY: + case UIT_ERROR: + case UIT_INFO: break; } } @@ -69,6 +74,9 @@ void UI_free(UI *ui) { if (ui == NULL) return; + if ((ui->flags & UI_FLAG_DUPL_DATA) != 0) { + ui->meth->ui_destroy_data(ui, ui->user_data); + } sk_UI_STRING_pop_free(ui->strings, free_string); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_UI, ui, &ui->ex_data); CRYPTO_THREAD_lock_free(ui->lock); @@ -366,9 +374,10 @@ char *UI_construct_prompt(UI *ui, const char *object_desc, len += sizeof(prompt2) - 1 + strlen(object_name); len += sizeof(prompt3) - 1; - prompt = OPENSSL_malloc(len + 1); - if (prompt == NULL) + if ((prompt = OPENSSL_malloc(len + 1)) == NULL) { + UIerr(UI_F_UI_CONSTRUCT_PROMPT, ERR_R_MALLOC_FAILURE); return NULL; + } OPENSSL_strlcpy(prompt, prompt1, len + 1); OPENSSL_strlcat(prompt, object_desc, len + 1); if (object_name != NULL) { @@ -383,10 +392,38 @@ char *UI_construct_prompt(UI *ui, const char *object_desc, void *UI_add_user_data(UI *ui, void *user_data) { void *old_data = ui->user_data; + + if ((ui->flags & UI_FLAG_DUPL_DATA) != 0) { + ui->meth->ui_destroy_data(ui, old_data); + old_data = NULL; + } ui->user_data = user_data; + ui->flags &= ~UI_FLAG_DUPL_DATA; return old_data; } +int UI_dup_user_data(UI *ui, void *user_data) +{ + void *duplicate = NULL; + + if (ui->meth->ui_duplicate_data == NULL + || ui->meth->ui_destroy_data == NULL) { + UIerr(UI_F_UI_DUP_USER_DATA, UI_R_USER_DATA_DUPLICATION_UNSUPPORTED); + return -1; + } + + duplicate = ui->meth->ui_duplicate_data(ui, user_data); + if (duplicate == NULL) { + UIerr(UI_F_UI_DUP_USER_DATA, ERR_R_MALLOC_FAILURE); + return -1; + } + + (void)UI_add_user_data(ui, duplicate); + ui->flags |= UI_FLAG_DUPL_DATA; + + return 0; +} + void *UI_get0_user_data(UI *ui) { return ui->user_data; @@ -405,6 +442,19 @@ const char *UI_get0_result(UI *ui, int i) return UI_get0_result_string(sk_UI_STRING_value(ui->strings, i)); } +int UI_get_result_length(UI *ui, int i) +{ + if (i < 0) { + UIerr(UI_F_UI_GET_RESULT_LENGTH, UI_R_INDEX_TOO_SMALL); + return -1; + } + if (i >= sk_UI_STRING_num(ui->strings)) { + UIerr(UI_F_UI_GET_RESULT_LENGTH, UI_R_INDEX_TOO_LARGE); + return -1; + } + return UI_get_result_string_length(sk_UI_STRING_value(ui->strings, i)); +} + static int print_error(const char *str, size_t len, UI *ui) { UI_STRING uis; @@ -523,12 +573,12 @@ int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void)) int UI_set_ex_data(UI *r, int idx, void *arg) { - return (CRYPTO_set_ex_data(&r->ex_data, idx, arg)); + return CRYPTO_set_ex_data(&r->ex_data, idx, arg); } void *UI_get_ex_data(UI *r, int idx) { - return (CRYPTO_get_ex_data(&r->ex_data, idx)); + return CRYPTO_get_ex_data(&r->ex_data, idx); } const UI_METHOD *UI_get_method(UI *ui) @@ -544,15 +594,17 @@ const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth) UI_METHOD *UI_create_method(const char *name) { - UI_METHOD *ui_method = OPENSSL_zalloc(sizeof(*ui_method)); + UI_METHOD *ui_method = NULL; - if (ui_method != NULL) { - ui_method->name = OPENSSL_strdup(name); - if (ui_method->name == NULL) { - OPENSSL_free(ui_method); - UIerr(UI_F_UI_CREATE_METHOD, ERR_R_MALLOC_FAILURE); - return NULL; - } + if ((ui_method = OPENSSL_zalloc(sizeof(*ui_method))) == NULL + || (ui_method->name = OPENSSL_strdup(name)) == NULL + || !CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI_METHOD, ui_method, + &ui_method->ex_data)) { + if (ui_method) + OPENSSL_free(ui_method->name); + OPENSSL_free(ui_method); + UIerr(UI_F_UI_CREATE_METHOD, ERR_R_MALLOC_FAILURE); + return NULL; } return ui_method; } @@ -564,6 +616,10 @@ UI_METHOD *UI_create_method(const char *name) */ void UI_destroy_method(UI_METHOD *ui_method) { + if (ui_method == NULL) + return; + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_UI_METHOD, ui_method, + &ui_method->ex_data); OPENSSL_free(ui_method->name); ui_method->name = NULL; OPENSSL_free(ui_method); @@ -616,6 +672,18 @@ int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui)) return -1; } +int UI_method_set_data_duplicator(UI_METHOD *method, + void *(*duplicator) (UI *ui, void *ui_data), + void (*destructor)(UI *ui, void *ui_data)) +{ + if (method != NULL) { + method->ui_duplicate_data = duplicator; + method->ui_destroy_data = destructor; + return 0; + } + return -1; +} + int UI_method_set_prompt_constructor(UI_METHOD *method, char *(*prompt_constructor) (UI *ui, const char @@ -630,50 +698,73 @@ int UI_method_set_prompt_constructor(UI_METHOD *method, return -1; } -int (*UI_method_get_opener(UI_METHOD *method)) (UI *) +int UI_method_set_ex_data(UI_METHOD *method, int idx, void *data) +{ + return CRYPTO_set_ex_data(&method->ex_data, idx, data); +} + +int (*UI_method_get_opener(const UI_METHOD *method)) (UI *) { if (method != NULL) return method->ui_open_session; return NULL; } -int (*UI_method_get_writer(UI_METHOD *method)) (UI *, UI_STRING *) +int (*UI_method_get_writer(const UI_METHOD *method)) (UI *, UI_STRING *) { if (method != NULL) return method->ui_write_string; return NULL; } -int (*UI_method_get_flusher(UI_METHOD *method)) (UI *) +int (*UI_method_get_flusher(const UI_METHOD *method)) (UI *) { if (method != NULL) return method->ui_flush; return NULL; } -int (*UI_method_get_reader(UI_METHOD *method)) (UI *, UI_STRING *) +int (*UI_method_get_reader(const UI_METHOD *method)) (UI *, UI_STRING *) { if (method != NULL) return method->ui_read_string; return NULL; } -int (*UI_method_get_closer(UI_METHOD *method)) (UI *) +int (*UI_method_get_closer(const UI_METHOD *method)) (UI *) { if (method != NULL) return method->ui_close_session; return NULL; } -char *(*UI_method_get_prompt_constructor(UI_METHOD *method)) (UI *, - const char *, - const char *) +char *(*UI_method_get_prompt_constructor(const UI_METHOD *method)) + (UI *, const char *, const char *) { if (method != NULL) return method->ui_construct_prompt; return NULL; } +void *(*UI_method_get_data_duplicator(const UI_METHOD *method)) (UI *, void *) +{ + if (method != NULL) + return method->ui_duplicate_data; + return NULL; +} + +void (*UI_method_get_data_destructor(const UI_METHOD *method)) (UI *, void *) +{ + if (method != NULL) + return method->ui_destroy_data; + return NULL; +} + +const void *UI_method_get_ex_data(const UI_METHOD *method, int idx) +{ + return CRYPTO_get_ex_data(&method->ex_data, idx); +} + enum UI_string_types UI_get_string_type(UI_STRING *uis) { return uis->type; @@ -694,9 +785,14 @@ const char *UI_get0_action_string(UI_STRING *uis) switch (uis->type) { case UIT_BOOLEAN: return uis->_.boolean_data.action_desc; - default: - return NULL; + case UIT_PROMPT: + case UIT_NONE: + case UIT_VERIFY: + case UIT_INFO: + case UIT_ERROR: + break; } + return NULL; } const char *UI_get0_result_string(UI_STRING *uis) @@ -705,9 +801,28 @@ const char *UI_get0_result_string(UI_STRING *uis) case UIT_PROMPT: case UIT_VERIFY: return uis->result_buf; - default: - return NULL; + case UIT_NONE: + case UIT_BOOLEAN: + case UIT_INFO: + case UIT_ERROR: + break; + } + return NULL; +} + +int UI_get_result_string_length(UI_STRING *uis) +{ + switch (uis->type) { + case UIT_PROMPT: + case UIT_VERIFY: + return uis->result_len; + case UIT_NONE: + case UIT_BOOLEAN: + case UIT_INFO: + case UIT_ERROR: + break; } + return -1; } const char *UI_get0_test_string(UI_STRING *uis) @@ -715,9 +830,14 @@ const char *UI_get0_test_string(UI_STRING *uis) switch (uis->type) { case UIT_VERIFY: return uis->_.string_data.test_buf; - default: - return NULL; + case UIT_NONE: + case UIT_BOOLEAN: + case UIT_INFO: + case UIT_ERROR: + case UIT_PROMPT: + break; } + return NULL; } int UI_get_result_minsize(UI_STRING *uis) @@ -726,9 +846,13 @@ int UI_get_result_minsize(UI_STRING *uis) case UIT_PROMPT: case UIT_VERIFY: return uis->_.string_data.result_minsize; - default: - return -1; + case UIT_NONE: + case UIT_INFO: + case UIT_ERROR: + case UIT_BOOLEAN: + break; } + return -1; } int UI_get_result_maxsize(UI_STRING *uis) @@ -737,15 +861,29 @@ int UI_get_result_maxsize(UI_STRING *uis) case UIT_PROMPT: case UIT_VERIFY: return uis->_.string_data.result_maxsize; - default: - return -1; + case UIT_NONE: + case UIT_INFO: + case UIT_ERROR: + case UIT_BOOLEAN: + break; } + return -1; } int UI_set_result(UI *ui, UI_STRING *uis, const char *result) { - int l = strlen(result); +#if 0 + /* + * This is placed here solely to preserve UI_F_UI_SET_RESULT + * To be removed for OpenSSL 1.2.0 + */ + UIerr(UI_F_UI_SET_RESULT, ERR_R_DISABLED); +#endif + return UI_set_result_ex(ui, uis, result, strlen(result)); +} +int UI_set_result_ex(UI *ui, UI_STRING *uis, const char *result, int len) +{ ui->flags &= ~UI_FLAG_REDOABLE; switch (uis->type) { @@ -760,16 +898,16 @@ int UI_set_result(UI *ui, UI_STRING *uis, const char *result) BIO_snprintf(number2, sizeof(number2), "%d", uis->_.string_data.result_maxsize); - if (l < uis->_.string_data.result_minsize) { + if (len < uis->_.string_data.result_minsize) { ui->flags |= UI_FLAG_REDOABLE; - UIerr(UI_F_UI_SET_RESULT, UI_R_RESULT_TOO_SMALL); + UIerr(UI_F_UI_SET_RESULT_EX, UI_R_RESULT_TOO_SMALL); ERR_add_error_data(5, "You must type in ", number1, " to ", number2, " characters"); return -1; } - if (l > uis->_.string_data.result_maxsize) { + if (len > uis->_.string_data.result_maxsize) { ui->flags |= UI_FLAG_REDOABLE; - UIerr(UI_F_UI_SET_RESULT, UI_R_RESULT_TOO_LARGE); + UIerr(UI_F_UI_SET_RESULT_EX, UI_R_RESULT_TOO_LARGE); ERR_add_error_data(5, "You must type in ", number1, " to ", number2, " characters"); return -1; @@ -777,19 +915,21 @@ int UI_set_result(UI *ui, UI_STRING *uis, const char *result) } if (uis->result_buf == NULL) { - UIerr(UI_F_UI_SET_RESULT, UI_R_NO_RESULT_BUFFER); + UIerr(UI_F_UI_SET_RESULT_EX, UI_R_NO_RESULT_BUFFER); return -1; } - OPENSSL_strlcpy(uis->result_buf, result, - uis->_.string_data.result_maxsize + 1); + memcpy(uis->result_buf, result, len); + if (len <= uis->_.string_data.result_maxsize) + uis->result_buf[len] = '\0'; + uis->result_len = len; break; case UIT_BOOLEAN: { const char *p; if (uis->result_buf == NULL) { - UIerr(UI_F_UI_SET_RESULT, UI_R_NO_RESULT_BUFFER); + UIerr(UI_F_UI_SET_RESULT_EX, UI_R_NO_RESULT_BUFFER); return -1; } @@ -805,7 +945,9 @@ int UI_set_result(UI *ui, UI_STRING *uis, const char *result) } } } - default: + case UIT_NONE: + case UIT_INFO: + case UIT_ERROR: break; } return 0; diff --git a/deps/openssl/openssl/crypto/ui/ui_locl.h b/deps/openssl/openssl/crypto/ui/ui_locl.h index 2953739b76ff94..19b33b8fc6776f 100644 --- a/deps/openssl/openssl/crypto/ui/ui_locl.h +++ b/deps/openssl/openssl/crypto/ui/ui_locl.h @@ -37,6 +37,12 @@ struct ui_method_st { int (*ui_flush) (UI *ui); int (*ui_read_string) (UI *ui, UI_STRING *uis); int (*ui_close_session) (UI *ui); + /* + * Duplicate the ui_data that often comes alongside a ui_method. This + * allows some backends to save away UI information for later use. + */ + void *(*ui_duplicate_data) (UI *ui, void *ui_data); + void (*ui_destroy_data) (UI *ui, void *ui_data); /* * Construct a prompt in a user-defined manner. object_desc is a textual * short description of the object, for example "pass phrase", and @@ -46,6 +52,10 @@ struct ui_method_st { */ char *(*ui_construct_prompt) (UI *ui, const char *object_desc, const char *object_name); + /* + * UI_METHOD specific application data. + */ + CRYPTO_EX_DATA ex_data; }; struct ui_string_st { @@ -61,6 +71,7 @@ struct ui_string_st { * Otherwise, it may be allocated by the UI * routine, meaning result_minsize is going * to be overwritten. */ + size_t result_len; union { struct { int result_minsize; /* Input: minimum required size of the @@ -88,6 +99,7 @@ struct ui_st { void *user_data; CRYPTO_EX_DATA ex_data; # define UI_FLAG_REDOABLE 0x0001 +# define UI_FLAG_DUPL_DATA 0x0002 /* user_data was duplicated */ # define UI_FLAG_PRINT_ERRORS 0x0100 int flags; diff --git a/deps/openssl/openssl/crypto/ui/ui_null.c b/deps/openssl/openssl/crypto/ui/ui_null.c new file mode 100644 index 00000000000000..9e5f6fca59e58c --- /dev/null +++ b/deps/openssl/openssl/crypto/ui/ui_null.c @@ -0,0 +1,26 @@ +/* + * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "ui_locl.h" + +static const UI_METHOD ui_null = { + "OpenSSL NULL UI", + NULL, /* opener */ + NULL, /* writer */ + NULL, /* flusher */ + NULL, /* reader */ + NULL, /* closer */ + NULL +}; + +/* The method with all the built-in thingies */ +const UI_METHOD *UI_null(void) +{ + return &ui_null; +} diff --git a/deps/openssl/openssl/crypto/ui/ui_openssl.c b/deps/openssl/openssl/crypto/ui/ui_openssl.c index a25934ccd1c5db..6b996134df49e4 100644 --- a/deps/openssl/openssl/crypto/ui/ui_openssl.c +++ b/deps/openssl/openssl/crypto/ui/ui_openssl.c @@ -7,66 +7,68 @@ * https://www.openssl.org/source/license.html */ +#include "e_os.h" #include #include +#include +#ifndef OPENSSL_NO_UI_CONSOLE /* * need for #define _POSIX_C_SOURCE arises whenever you pass -ansi to gcc * [maybe others?], because it masks interfaces not discussed in standard, * sigaction and fileno included. -pedantic would be more appropriate for the * intended purposes, but we can't prevent users from adding -ansi. */ -#if defined(OPENSSL_SYS_VXWORKS) -# include -#endif - -#if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS) -# ifndef _POSIX_C_SOURCE -# define _POSIX_C_SOURCE 2 +# if defined(OPENSSL_SYS_VXWORKS) +# include # endif -#endif -#include -#include -#include -#include - -#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) -# ifdef OPENSSL_UNISTD -# include OPENSSL_UNISTD -# else -# include + +# if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS) +# ifndef _POSIX_C_SOURCE +# define _POSIX_C_SOURCE 2 +# endif # endif +# include +# include +# include +# include + +# if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) +# ifdef OPENSSL_UNISTD +# include OPENSSL_UNISTD +# else +# include +# endif /* * If unistd.h defines _POSIX_VERSION, we conclude that we are on a POSIX * system and have sigaction and termios. */ -# if defined(_POSIX_VERSION) +# if defined(_POSIX_VERSION) && _POSIX_VERSION>=199309L -# define SIGACTION -# if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY) -# define TERMIOS -# endif +# define SIGACTION +# if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY) +# define TERMIOS +# endif +# endif # endif -#endif -/* 06-Apr-92 Luke Brennan Support for VMS */ -#include "ui_locl.h" -#include "internal/cryptlib.h" +# include "ui_locl.h" +# include "internal/cryptlib.h" -#ifdef OPENSSL_SYS_VMS /* prototypes for sys$whatever */ -# include -# ifdef __DECC -# pragma message disable DOLLARID +# ifdef OPENSSL_SYS_VMS /* prototypes for sys$whatever */ +# include +# ifdef __DECC +# pragma message disable DOLLARID +# endif # endif -#endif -#ifdef WIN_CONSOLE_BUG -# include -# ifndef OPENSSL_SYS_WINCE -# include +# ifdef WIN_CONSOLE_BUG +# include +# ifndef OPENSSL_SYS_WINCE +# include +# endif # endif -#endif /* * There are 6 types of terminal interface supported, TERMIO, TERMIOS, VMS, @@ -80,81 +82,81 @@ * may eventually opt to remove it's use entirely. */ -#if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY) +# if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY) -# if defined(_LIBC) -# undef TERMIOS -# define TERMIO -# undef SGTTY +# if defined(_LIBC) +# undef TERMIOS +# define TERMIO +# undef SGTTY /* * We know that VMS, MSDOS, VXWORKS, use entirely other mechanisms. */ -# elif !defined(OPENSSL_SYS_VMS) \ +# elif !defined(OPENSSL_SYS_VMS) \ && !defined(OPENSSL_SYS_MSDOS) \ && !defined(OPENSSL_SYS_VXWORKS) -# define TERMIOS -# undef TERMIO -# undef SGTTY -# endif +# define TERMIOS +# undef TERMIO +# undef SGTTY +# endif -#endif +# endif -#ifdef TERMIOS -# include -# define TTY_STRUCT struct termios -# define TTY_FLAGS c_lflag -# define TTY_get(tty,data) tcgetattr(tty,data) -# define TTY_set(tty,data) tcsetattr(tty,TCSANOW,data) -#endif +# ifdef TERMIOS +# include +# define TTY_STRUCT struct termios +# define TTY_FLAGS c_lflag +# define TTY_get(tty,data) tcgetattr(tty,data) +# define TTY_set(tty,data) tcsetattr(tty,TCSANOW,data) +# endif -#ifdef TERMIO -# include -# define TTY_STRUCT struct termio -# define TTY_FLAGS c_lflag -# define TTY_get(tty,data) ioctl(tty,TCGETA,data) -# define TTY_set(tty,data) ioctl(tty,TCSETA,data) -#endif +# ifdef TERMIO +# include +# define TTY_STRUCT struct termio +# define TTY_FLAGS c_lflag +# define TTY_get(tty,data) ioctl(tty,TCGETA,data) +# define TTY_set(tty,data) ioctl(tty,TCSETA,data) +# endif -#ifdef SGTTY -# include -# define TTY_STRUCT struct sgttyb -# define TTY_FLAGS sg_flags -# define TTY_get(tty,data) ioctl(tty,TIOCGETP,data) -# define TTY_set(tty,data) ioctl(tty,TIOCSETP,data) -#endif +# ifdef SGTTY +# include +# define TTY_STRUCT struct sgttyb +# define TTY_FLAGS sg_flags +# define TTY_get(tty,data) ioctl(tty,TIOCGETP,data) +# define TTY_set(tty,data) ioctl(tty,TIOCSETP,data) +# endif -#if !defined(_LIBC) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) -# include -#endif +# if !defined(_LIBC) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) +# include +# endif -#ifdef OPENSSL_SYS_MSDOS -# include -#endif +# ifdef OPENSSL_SYS_MSDOS +# include +# endif -#ifdef OPENSSL_SYS_VMS -# include -# include -# include -# include +# ifdef OPENSSL_SYS_VMS +# include +# include +# include +# include struct IOSB { short iosb$w_value; short iosb$w_count; long iosb$l_info; }; -#endif +# endif -#ifndef NX509_SIG -# define NX509_SIG 32 -#endif +# ifndef NX509_SIG +# define NX509_SIG 32 +# endif /* Define globals. They are protected by a lock */ -#ifdef SIGACTION +# ifdef SIGACTION static struct sigaction savsig[NX509_SIG]; -#else +# else static void (*savsig[NX509_SIG]) (int); -#endif +# endif -#ifdef OPENSSL_SYS_VMS +# ifdef OPENSSL_SYS_VMS static struct IOSB iosb; static $DESCRIPTOR(terminal, "TT"); static long tty_orig[3], tty_new[3]; /* XXX Is there any guarantee that this @@ -162,26 +164,26 @@ static long tty_orig[3], tty_new[3]; /* XXX Is there any guarantee that this * structures? */ static long status; static unsigned short channel = 0; -#elif defined(_WIN32) && !defined(_WIN32_WCE) +# elif defined(_WIN32) && !defined(_WIN32_WCE) static DWORD tty_orig, tty_new; -#else -# if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__) +# else +# if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__) static TTY_STRUCT tty_orig, tty_new; +# endif # endif -#endif static FILE *tty_in, *tty_out; static int is_a_tty; /* Declare static functions */ -#if !defined(OPENSSL_SYS_WINCE) +# if !defined(OPENSSL_SYS_WINCE) static int read_till_nl(FILE *); static void recsig(int); static void pushsig(void); static void popsig(void); -#endif -#if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32) +# endif +# if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32) static int noecho_fgets(char *buf, int size, FILE *tty); -#endif +# endif static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl); static int read_string(UI *ui, UI_STRING *uis); @@ -192,34 +194,6 @@ static int echo_console(UI *ui); static int noecho_console(UI *ui); static int close_console(UI *ui); -static UI_METHOD ui_openssl = { - "OpenSSL default user interface", - open_console, - write_string, - NULL, /* No flusher is needed for command lines */ - read_string, - close_console, - NULL -}; - -static const UI_METHOD *default_UI_meth = &ui_openssl; - -void UI_set_default_method(const UI_METHOD *meth) -{ - default_UI_meth = meth; -} - -const UI_METHOD *UI_get_default_method(void) -{ - return default_UI_meth; -} - -/* The method with all the built-in thingies */ -UI_METHOD *UI_OpenSSL(void) -{ - return &ui_openssl; -} - /* * The following function makes sure that info and error strings are printed * before any prompt. @@ -232,7 +206,10 @@ static int write_string(UI *ui, UI_STRING *uis) fputs(UI_get0_output_string(uis), tty_out); fflush(tty_out); break; - default: + case UIT_NONE: + case UIT_PROMPT: + case UIT_VERIFY: + case UIT_BOOLEAN: break; } return 1; @@ -269,17 +246,19 @@ static int read_string(UI *ui, UI_STRING *uis) return 0; } break; - default: + case UIT_NONE: + case UIT_INFO: + case UIT_ERROR: break; } return 1; } -#if !defined(OPENSSL_SYS_WINCE) +# if !defined(OPENSSL_SYS_WINCE) /* Internal functions to read a string without echoing */ static int read_till_nl(FILE *in) { -# define SIZE 4 +# define SIZE 4 char buf[SIZE + 1]; do { @@ -290,7 +269,7 @@ static int read_till_nl(FILE *in) } static volatile sig_atomic_t intr_signal; -#endif +# endif static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl) { @@ -298,7 +277,7 @@ static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl) int ok; char result[BUFSIZ]; int maxsize = BUFSIZ - 1; -#if !defined(OPENSSL_SYS_WINCE) +# if !defined(OPENSSL_SYS_WINCE) char *p = NULL; int echo_eol = !echo; @@ -314,10 +293,10 @@ static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl) ps = 2; result[0] = '\0'; -# if defined(_WIN32) +# if defined(_WIN32) if (is_a_tty) { DWORD numread; -# if defined(CP_UTF8) +# if defined(CP_UTF8) if (GetEnvironmentVariableW(L"OPENSSL_WIN32_UTF8", NULL, 0) != 0) { WCHAR wresult[BUFSIZ]; @@ -337,7 +316,7 @@ static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl) OPENSSL_cleanse(wresult, sizeof(wresult)); } } else -# endif +# endif if (ReadConsoleA(GetStdHandle(STD_INPUT_HANDLE), result, maxsize, &numread, NULL)) { if (numread >= 2 && @@ -349,12 +328,12 @@ static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl) p = result; } } else -# elif defined(OPENSSL_SYS_MSDOS) +# elif defined(OPENSSL_SYS_MSDOS) if (!echo) { noecho_fgets(result, maxsize, tty_in); p = result; /* FIXME: noecho_fgets doesn't return errors */ } else -# endif +# endif p = fgets(result, maxsize, tty_in); if (p == NULL) goto error; @@ -380,9 +359,9 @@ static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl) if (ps >= 1) popsig(); -#else +# else ok = 1; -#endif +# endif OPENSSL_cleanse(result, BUFSIZ); return ok; @@ -394,10 +373,10 @@ static int open_console(UI *ui) CRYPTO_THREAD_write_lock(ui->lock); is_a_tty = 1; -#if defined(OPENSSL_SYS_VXWORKS) +# if defined(OPENSSL_SYS_VXWORKS) tty_in = stdin; tty_out = stderr; -#elif defined(_WIN32) && !defined(_WIN32_WCE) +# elif defined(_WIN32) && !defined(_WIN32_WCE) if ((tty_out = fopen("conout$", "w")) == NULL) tty_out = stderr; @@ -408,35 +387,35 @@ static int open_console(UI *ui) if ((tty_in = fopen("conin$", "r")) == NULL) tty_in = stdin; } -#else -# ifdef OPENSSL_SYS_MSDOS -# define DEV_TTY "con" # else -# define DEV_TTY "/dev/tty" -# endif +# ifdef OPENSSL_SYS_MSDOS +# define DEV_TTY "con" +# else +# define DEV_TTY "/dev/tty" +# endif if ((tty_in = fopen(DEV_TTY, "r")) == NULL) tty_in = stdin; if ((tty_out = fopen(DEV_TTY, "w")) == NULL) tty_out = stderr; -#endif +# endif -#if defined(TTY_get) && !defined(OPENSSL_SYS_VMS) +# if defined(TTY_get) && !defined(OPENSSL_SYS_VMS) if (TTY_get(fileno(tty_in), &tty_orig) == -1) { -# ifdef ENOTTY +# ifdef ENOTTY if (errno == ENOTTY) is_a_tty = 0; else -# endif -# ifdef EINVAL +# endif +# ifdef EINVAL /* - * Ariel Glenn ariel@columbia.edu reports that solaris can return - * EINVAL instead. This should be ok + * Ariel Glenn reports that solaris can return EINVAL instead. + * This should be ok */ if (errno == EINVAL) is_a_tty = 0; else -# endif -# ifdef ENXIO +# endif +# ifdef ENXIO /* * Solaris can return ENXIO. * This should be ok @@ -444,8 +423,8 @@ static int open_console(UI *ui) if (errno == ENXIO) is_a_tty = 0; else -# endif -# ifdef EIO +# endif +# ifdef EIO /* * Linux can return EIO. * This should be ok @@ -453,8 +432,8 @@ static int open_console(UI *ui) if (errno == EIO) is_a_tty = 0; else -# endif -# ifdef ENODEV +# endif +# ifdef ENODEV /* * MacOS X returns ENODEV (Operation not supported by device), * which seems appropriate. @@ -462,7 +441,7 @@ static int open_console(UI *ui) if (errno == ENODEV) is_a_tty = 0; else -# endif +# endif { char tmp_num[10]; BIO_snprintf(tmp_num, sizeof(tmp_num) - 1, "%d", errno); @@ -472,8 +451,8 @@ static int open_console(UI *ui) return 0; } } -#endif -#ifdef OPENSSL_SYS_VMS +# endif +# ifdef OPENSSL_SYS_VMS status = sys$assign(&terminal, &channel, 0, 0); /* if there isn't a TT device, something is very wrong */ @@ -492,22 +471,22 @@ static int open_console(UI *ui) /* If IO$_SENSEMODE doesn't work, this is not a terminal device */ if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL)) is_a_tty = 0; -#endif +# endif return 1; } static int noecho_console(UI *ui) { -#ifdef TTY_FLAGS +# ifdef TTY_FLAGS memcpy(&(tty_new), &(tty_orig), sizeof(tty_orig)); tty_new.TTY_FLAGS &= ~ECHO; -#endif +# endif -#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS) +# if defined(TTY_set) && !defined(OPENSSL_SYS_VMS) if (is_a_tty && (TTY_set(fileno(tty_in), &tty_new) == -1)) return 0; -#endif -#ifdef OPENSSL_SYS_VMS +# endif +# ifdef OPENSSL_SYS_VMS if (is_a_tty) { tty_new[0] = tty_orig[0]; tty_new[1] = tty_orig[1] | TT$M_NOECHO; @@ -527,25 +506,25 @@ static int noecho_console(UI *ui) return 0; } } -#endif -#if defined(_WIN32) && !defined(_WIN32_WCE) +# endif +# if defined(_WIN32) && !defined(_WIN32_WCE) if (is_a_tty) { tty_new = tty_orig; tty_new &= ~ENABLE_ECHO_INPUT; SetConsoleMode(GetStdHandle(STD_INPUT_HANDLE), tty_new); } -#endif +# endif return 1; } static int echo_console(UI *ui) { -#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS) +# if defined(TTY_set) && !defined(OPENSSL_SYS_VMS) memcpy(&(tty_new), &(tty_orig), sizeof(tty_orig)); if (is_a_tty && (TTY_set(fileno(tty_in), &tty_new) == -1)) return 0; -#endif -#ifdef OPENSSL_SYS_VMS +# endif +# ifdef OPENSSL_SYS_VMS if (is_a_tty) { tty_new[0] = tty_orig[0]; tty_new[1] = tty_orig[1]; @@ -565,13 +544,13 @@ static int echo_console(UI *ui) return 0; } } -#endif -#if defined(_WIN32) && !defined(_WIN32_WCE) +# endif +# if defined(_WIN32) && !defined(_WIN32_WCE) if (is_a_tty) { tty_new = tty_orig; SetConsoleMode(GetStdHandle(STD_INPUT_HANDLE), tty_new); } -#endif +# endif return 1; } @@ -581,7 +560,7 @@ static int close_console(UI *ui) fclose(tty_in); if (tty_out != stderr) fclose(tty_out); -#ifdef OPENSSL_SYS_VMS +# ifdef OPENSSL_SYS_VMS status = sys$dassgn(channel); if (status != SS$_NORMAL) { char tmp_num[12]; @@ -591,97 +570,97 @@ static int close_console(UI *ui) ERR_add_error_data(2, "status=", tmp_num); return 0; } -#endif +# endif CRYPTO_THREAD_unlock(ui->lock); return 1; } -#if !defined(OPENSSL_SYS_WINCE) +# if !defined(OPENSSL_SYS_WINCE) /* Internal functions to handle signals and act on them */ static void pushsig(void) { -# ifndef OPENSSL_SYS_WIN32 +# ifndef OPENSSL_SYS_WIN32 int i; -# endif -# ifdef SIGACTION +# endif +# ifdef SIGACTION struct sigaction sa; memset(&sa, 0, sizeof(sa)); sa.sa_handler = recsig; -# endif +# endif -# ifdef OPENSSL_SYS_WIN32 +# ifdef OPENSSL_SYS_WIN32 savsig[SIGABRT] = signal(SIGABRT, recsig); savsig[SIGFPE] = signal(SIGFPE, recsig); savsig[SIGILL] = signal(SIGILL, recsig); savsig[SIGINT] = signal(SIGINT, recsig); savsig[SIGSEGV] = signal(SIGSEGV, recsig); savsig[SIGTERM] = signal(SIGTERM, recsig); -# else +# else for (i = 1; i < NX509_SIG; i++) { -# ifdef SIGUSR1 +# ifdef SIGUSR1 if (i == SIGUSR1) continue; -# endif -# ifdef SIGUSR2 +# endif +# ifdef SIGUSR2 if (i == SIGUSR2) continue; -# endif -# ifdef SIGKILL +# endif +# ifdef SIGKILL if (i == SIGKILL) /* We can't make any action on that. */ continue; -# endif -# ifdef SIGACTION +# endif +# ifdef SIGACTION sigaction(i, &sa, &savsig[i]); -# else +# else savsig[i] = signal(i, recsig); -# endif +# endif } -# endif +# endif -# ifdef SIGWINCH +# ifdef SIGWINCH signal(SIGWINCH, SIG_DFL); -# endif +# endif } static void popsig(void) { -# ifdef OPENSSL_SYS_WIN32 +# ifdef OPENSSL_SYS_WIN32 signal(SIGABRT, savsig[SIGABRT]); signal(SIGFPE, savsig[SIGFPE]); signal(SIGILL, savsig[SIGILL]); signal(SIGINT, savsig[SIGINT]); signal(SIGSEGV, savsig[SIGSEGV]); signal(SIGTERM, savsig[SIGTERM]); -# else +# else int i; for (i = 1; i < NX509_SIG; i++) { -# ifdef SIGUSR1 +# ifdef SIGUSR1 if (i == SIGUSR1) continue; -# endif -# ifdef SIGUSR2 +# endif +# ifdef SIGUSR2 if (i == SIGUSR2) continue; -# endif -# ifdef SIGACTION +# endif +# ifdef SIGACTION sigaction(i, &savsig[i], NULL); -# else +# else signal(i, savsig[i]); -# endif +# endif } -# endif +# endif } static void recsig(int i) { intr_signal = i; } -#endif +# endif /* Internal functions specific for Windows */ -#if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32) +# if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32) static int noecho_fgets(char *buf, int size, FILE *tty) { int i; @@ -694,11 +673,11 @@ static int noecho_fgets(char *buf, int size, FILE *tty) break; } size--; -# if defined(_WIN32) +# if defined(_WIN32) i = _getch(); -# else +# else i = getch(); -# endif +# endif if (i == '\r') i = '\n'; *(p++) = i; @@ -707,7 +686,7 @@ static int noecho_fgets(char *buf, int size, FILE *tty) break; } } -# ifdef WIN_CONSOLE_BUG +# ifdef WIN_CONSOLE_BUG /* * Win95 has several evil console bugs: one of these is that the last * character read using getch() is passed to the next read: this is @@ -719,7 +698,41 @@ static int noecho_fgets(char *buf, int size, FILE *tty) inh = GetStdHandle(STD_INPUT_HANDLE); FlushConsoleInputBuffer(inh); } +# endif + return strlen(buf); +} # endif - return (strlen(buf)); + +static UI_METHOD ui_openssl = { + "OpenSSL default user interface", + open_console, + write_string, + NULL, /* No flusher is needed for command lines */ + read_string, + close_console, + NULL +}; + +/* The method with all the built-in console thingies */ +UI_METHOD *UI_OpenSSL(void) +{ + return &ui_openssl; } + +static const UI_METHOD *default_UI_meth = &ui_openssl; + +#else + +static const UI_METHOD *default_UI_meth = NULL; + #endif + +void UI_set_default_method(const UI_METHOD *meth) +{ + default_UI_meth = meth; +} + +const UI_METHOD *UI_get_default_method(void) +{ + return default_UI_meth; +} diff --git a/deps/openssl/openssl/crypto/ui/ui_util.c b/deps/openssl/openssl/crypto/ui/ui_util.c index 3b51db92cdd8d4..b379324f9bab3c 100644 --- a/deps/openssl/openssl/crypto/ui/ui_util.c +++ b/deps/openssl/openssl/crypto/ui/ui_util.c @@ -8,6 +8,7 @@ */ #include +#include "internal/thread_once.h" #include "ui_locl.h" #ifndef BUFSIZ @@ -24,7 +25,7 @@ int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, UI_UTIL_read_pw(buf, buff, (length > BUFSIZ) ? BUFSIZ : length, prompt, verify); OPENSSL_cleanse(buff, BUFSIZ); - return (ret); + return ret; } int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt, @@ -47,5 +48,115 @@ int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt, } if (ok > 0) ok = 0; - return (ok); + return ok; +} + +/* + * Wrapper around pem_password_cb, a method to help older APIs use newer + * ones. + */ +struct pem_password_cb_data { + pem_password_cb *cb; + int rwflag; +}; + +static void ui_new_method_data(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp) +{ + /* + * Do nothing, the data is allocated externally and assigned later with + * CRYPTO_set_ex_data() + */ +} + +static int ui_dup_method_data(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, + void *from_d, int idx, long argl, void *argp) +{ + void **pptr = (void **)from_d; + if (*pptr != NULL) + *pptr = OPENSSL_memdup(*pptr, sizeof(struct pem_password_cb_data)); + return 1; +} + +static void ui_free_method_data(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp) +{ + OPENSSL_free(ptr); +} + +static CRYPTO_ONCE get_index_once = CRYPTO_ONCE_STATIC_INIT; +static int ui_method_data_index = -1; +DEFINE_RUN_ONCE_STATIC(ui_method_data_index_init) +{ + ui_method_data_index = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI_METHOD, + 0, NULL, ui_new_method_data, + ui_dup_method_data, + ui_free_method_data); + return 1; +} + +static int ui_open(UI *ui) +{ + return 1; +} +static int ui_read(UI *ui, UI_STRING *uis) +{ + switch (UI_get_string_type(uis)) { + case UIT_PROMPT: + { + char result[PEM_BUFSIZE + 1]; + const struct pem_password_cb_data *data = + UI_method_get_ex_data(UI_get_method(ui), ui_method_data_index); + int maxsize = UI_get_result_maxsize(uis); + int len = data->cb(result, + maxsize > PEM_BUFSIZE ? PEM_BUFSIZE : maxsize, + data->rwflag, UI_get0_user_data(ui)); + + if (len >= 0) + result[len] = '\0'; + if (len <= 0) + return len; + if (UI_set_result_ex(ui, uis, result, len) >= 0) + return 1; + return 0; + } + case UIT_VERIFY: + case UIT_NONE: + case UIT_BOOLEAN: + case UIT_INFO: + case UIT_ERROR: + break; + } + return 1; +} +static int ui_write(UI *ui, UI_STRING *uis) +{ + return 1; +} +static int ui_close(UI *ui) +{ + return 1; +} + +UI_METHOD *UI_UTIL_wrap_read_pem_callback(pem_password_cb *cb, int rwflag) +{ + struct pem_password_cb_data *data = NULL; + UI_METHOD *ui_method = NULL; + + if ((data = OPENSSL_zalloc(sizeof(*data))) == NULL + || (ui_method = UI_create_method("PEM password callback wrapper")) == NULL + || UI_method_set_opener(ui_method, ui_open) < 0 + || UI_method_set_reader(ui_method, ui_read) < 0 + || UI_method_set_writer(ui_method, ui_write) < 0 + || UI_method_set_closer(ui_method, ui_close) < 0 + || !RUN_ONCE(&get_index_once, ui_method_data_index_init) + || UI_method_set_ex_data(ui_method, ui_method_data_index, data) < 0) { + UI_destroy_method(ui_method); + OPENSSL_free(data); + return NULL; + } + data->rwflag = rwflag; + data->cb = cb; + + return ui_method; } diff --git a/deps/openssl/openssl/crypto/uid.c b/deps/openssl/openssl/crypto/uid.c index 12df8a4e87c0c4..f7ae2610b3607d 100644 --- a/deps/openssl/openssl/crypto/uid.c +++ b/deps/openssl/openssl/crypto/uid.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,7 +10,7 @@ #include #include -#if defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD__ > 2) +#if defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD__ > 2) || defined(__DragonFly__) # include OPENSSL_UNISTD @@ -19,7 +19,7 @@ int OPENSSL_issetugid(void) return issetugid(); } -#elif defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS) +#elif defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI) int OPENSSL_issetugid(void) { @@ -31,12 +31,18 @@ int OPENSSL_issetugid(void) # include OPENSSL_UNISTD # include +# if defined(__GLIBC__) && defined(__GLIBC_PREREQ) +# if __GLIBC_PREREQ(2, 16) +# include +# endif +# endif + int OPENSSL_issetugid(void) { - if (getuid() != geteuid()) - return 1; - if (getgid() != getegid()) - return 1; - return 0; +# ifdef AT_SECURE + return getauxval(AT_SECURE) != 0; +# else + return getuid() != geteuid() || getgid() != getegid(); +# endif } #endif diff --git a/deps/openssl/openssl/crypto/whrlpool/asm/wp-mmx.pl b/deps/openssl/openssl/crypto/whrlpool/asm/wp-mmx.pl index f63945c8b90b9d..2241c6f0f24e6e 100644 --- a/deps/openssl/openssl/crypto/whrlpool/asm/wp-mmx.pl +++ b/deps/openssl/openssl/crypto/whrlpool/asm/wp-mmx.pl @@ -8,7 +8,7 @@ # # ==================================================================== -# Written by Andy Polyakov for the OpenSSL +# Written by Andy Polyakov for the OpenSSL # project. Rights for redistribution and usage in source and binary # forms are granted according to the OpenSSL license. # ==================================================================== @@ -31,7 +31,7 @@ # multiplying 64 by CPU clock frequency and dividing by relevant # value from the given table: # -# $SCALE=2/8 icc8 gcc3 +# $SCALE=2/8 icc8 gcc3 # Intel P4 3200/4600 4600(*) 6400 # Intel PIII 2900/3000 4900 5400 # AMD K[78] 2500/1800 9900 8200(**) @@ -59,7 +59,7 @@ $output=pop; open STDOUT,">$output"; -&asm_init($ARGV[0],"wp-mmx.pl"); +&asm_init($ARGV[0]); sub L() { &data_byte(@_); } sub LL() @@ -502,6 +502,6 @@ () &L(0xca,0x2d,0xbf,0x07,0xad,0x5a,0x83,0x33); &function_end_B("whirlpool_block_mmx"); -&asm_finish(); +&asm_finish(); close STDOUT; diff --git a/deps/openssl/openssl/crypto/whrlpool/asm/wp-x86_64.pl b/deps/openssl/openssl/crypto/whrlpool/asm/wp-x86_64.pl index c0b21d13ed492c..fe23d8cad00bac 100644 --- a/deps/openssl/openssl/crypto/whrlpool/asm/wp-x86_64.pl +++ b/deps/openssl/openssl/crypto/whrlpool/asm/wp-x86_64.pl @@ -8,7 +8,7 @@ # # ==================================================================== -# Written by Andy Polyakov for the OpenSSL +# Written by Andy Polyakov for the OpenSSL # project. Rights for redistribution and usage in source and binary # forms are granted according to the OpenSSL license. # ==================================================================== @@ -66,14 +66,22 @@ .type $func,\@function,3 .align 16 $func: +.cfi_startproc + mov %rsp,%rax +.cfi_def_cfa_register %rax push %rbx +.cfi_push %rbx push %rbp +.cfi_push %rbp push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 - mov %rsp,%r11 sub \$128+40,%rsp and \$-64,%rsp @@ -81,7 +89,8 @@ mov %rdi,0(%r10) # save parameter block mov %rsi,8(%r10) mov %rdx,16(%r10) - mov %r11,32(%r10) # saved stack pointer + mov %rax,32(%r10) # saved stack pointer +.cfi_cfa_expression %rsp+`128+32`,deref,+8 .Lprologue: mov %r10,%rbx @@ -205,15 +214,24 @@ jmp .Louterloop .Lalldone: mov 32(%rbx),%rsi # restore saved pointer - mov (%rsi),%r15 - mov 8(%rsi),%r14 - mov 16(%rsi),%r13 - mov 24(%rsi),%r12 - mov 32(%rsi),%rbp - mov 40(%rsi),%rbx - lea 48(%rsi),%rsp +.cfi_def_cfa %rsi,8 + mov -48(%rsi),%r15 +.cfi_restore %r15 + mov -40(%rsi),%r14 +.cfi_restore %r14 + mov -32(%rsi),%r13 +.cfi_restore %r13 + mov -24(%rsi),%r12 +.cfi_restore %r12 + mov -16(%rsi),%rbp +.cfi_restore %rbp + mov -8(%rsi),%rbx +.cfi_restore %rbx + lea (%rsi),%rsp +.cfi_def_cfa_register %rsp .Lepilogue: ret +.cfi_endproc .size $func,.-$func .align 64 @@ -526,7 +544,6 @@ jae .Lin_prologue mov 128+32(%rax),%rax # pull saved stack pointer - lea 48(%rax),%rax mov -8(%rax),%rbx mov -16(%rax),%rbp diff --git a/deps/openssl/openssl/crypto/whrlpool/build.info b/deps/openssl/openssl/crypto/whrlpool/build.info index 7f3a19eaaf97ac..4b167b504ec35e 100644 --- a/deps/openssl/openssl/crypto/whrlpool/build.info +++ b/deps/openssl/openssl/crypto/whrlpool/build.info @@ -1,7 +1,8 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]=wp_dgst.c {- $target{wp_asm_src} -} -GENERATE[wp-mmx.s]=asm/wp-mmx.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR) +GENERATE[wp-mmx.s]=asm/wp-mmx.pl \ + $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR) DEPEND[wp-mmx.s]=../perlasm/x86asm.pl GENERATE[wp-x86_64.s]=asm/wp-x86_64.pl $(PERLASM_SCHEME) diff --git a/deps/openssl/openssl/crypto/whrlpool/wp_block.c b/deps/openssl/openssl/crypto/whrlpool/wp_block.c index b29f037bf73efd..0cc92a3b014912 100644 --- a/deps/openssl/openssl/crypto/whrlpool/wp_block.c +++ b/deps/openssl/openssl/crypto/whrlpool/wp_block.c @@ -10,14 +10,6 @@ /** * The Whirlpool hashing function. * - *

- * References - * - *

- * References - * - *

- * The Whirlpool algorithm was developed by - * Paulo S. L. M. Barreto and - * Vincent Rijmen. - * * See * P.S.L.M. Barreto, V. Rijmen, * ``The Whirlpool hashing function,'' @@ -67,7 +59,7 @@ int WHIRLPOOL_Init(WHIRLPOOL_CTX *c) { memset(c, 0, sizeof(*c)); - return (1); + return 1; } int WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *_inp, size_t bytes) @@ -88,7 +80,7 @@ int WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *_inp, size_t bytes) if (bytes) WHIRLPOOL_BitUpdate(c, inp, bytes * 8); - return (1); + return 1; } void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *_inp, size_t bits) @@ -247,9 +239,9 @@ int WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c) if (md) { memcpy(md, c->H.c, WHIRLPOOL_DIGEST_LENGTH); OPENSSL_cleanse(c, sizeof(*c)); - return (1); + return 1; } - return (0); + return 0; } unsigned char *WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md) @@ -262,5 +254,5 @@ unsigned char *WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md) WHIRLPOOL_Init(&ctx); WHIRLPOOL_Update(&ctx, inp, bytes); WHIRLPOOL_Final(md, &ctx); - return (md); + return md; } diff --git a/deps/openssl/openssl/crypto/x509/by_dir.c b/deps/openssl/openssl/crypto/x509/by_dir.c index 4fa1dd37b934ea..b3760dbadf3abf 100644 --- a/deps/openssl/openssl/crypto/x509/by_dir.c +++ b/deps/openssl/openssl/crypto/x509/by_dir.c @@ -7,19 +7,17 @@ * https://www.openssl.org/source/license.html */ +#include "e_os.h" +#include "internal/cryptlib.h" #include #include #include #include -#include "internal/cryptlib.h" - #ifndef OPENSSL_NO_POSIX_IO # include #endif - -#include #include #include "internal/x509_int.h" #include "x509_lcl.h" @@ -50,7 +48,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, X509_NAME *name, X509_OBJECT *ret); static X509_LOOKUP_METHOD x509_dir_lookup = { "Load certs from files in a directory", - new_dir, /* new */ + new_dir, /* new_item */ free_dir, /* free */ NULL, /* init */ NULL, /* shutdown */ @@ -63,22 +61,19 @@ static X509_LOOKUP_METHOD x509_dir_lookup = { X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void) { - return (&x509_dir_lookup); + return &x509_dir_lookup; } static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, char **retp) { int ret = 0; - BY_DIR *ld; - char *dir = NULL; - - ld = (BY_DIR *)ctx->method_data; + BY_DIR *ld = (BY_DIR *)ctx->method_data; switch (cmd) { case X509_L_ADD_DIR: if (argl == X509_FILETYPE_DEFAULT) { - dir = (char *)ossl_safe_getenv(X509_get_default_cert_dir_env()); + const char *dir = ossl_safe_getenv(X509_get_default_cert_dir_env()); if (dir) ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM); @@ -92,28 +87,35 @@ static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, ret = add_cert_dir(ld, argp, (int)argl); break; } - return (ret); + return ret; } static int new_dir(X509_LOOKUP *lu) { - BY_DIR *a; + BY_DIR *a = OPENSSL_malloc(sizeof(*a)); - if ((a = OPENSSL_malloc(sizeof(*a))) == NULL) + if (a == NULL) { + X509err(X509_F_NEW_DIR, ERR_R_MALLOC_FAILURE); return 0; + } + if ((a->buffer = BUF_MEM_new()) == NULL) { - OPENSSL_free(a); - return 0; + X509err(X509_F_NEW_DIR, ERR_R_MALLOC_FAILURE); + goto err; } a->dirs = NULL; a->lock = CRYPTO_THREAD_lock_new(); if (a->lock == NULL) { BUF_MEM_free(a->buffer); - OPENSSL_free(a); - return 0; + X509err(X509_F_NEW_DIR, ERR_R_MALLOC_FAILURE); + goto err; } lu->method_data = a; return 1; + + err: + OPENSSL_free(a); + return 0; } static void by_dir_hash_free(BY_DIR_HASH *hash) @@ -140,9 +142,8 @@ static void by_dir_entry_free(BY_DIR_ENTRY *ent) static void free_dir(X509_LOOKUP *lu) { - BY_DIR *a; + BY_DIR *a = (BY_DIR *)lu->method_data; - a = (BY_DIR *)lu->method_data; sk_BY_DIR_ENTRY_pop_free(a->dirs, by_dir_entry_free); BUF_MEM_free(a->buffer); CRYPTO_THREAD_lock_free(a->lock); @@ -151,7 +152,9 @@ static void free_dir(X509_LOOKUP *lu) static int add_cert_dir(BY_DIR *ctx, const char *dir, int type) { - const char *s, *p; + int j; + size_t len; + const char *s, *ss, *p; if (dir == NULL || !*dir) { X509err(X509_F_ADD_CERT_DIR, X509_R_INVALID_DIRECTORY); @@ -163,17 +166,15 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type) do { if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0')) { BY_DIR_ENTRY *ent; - int j; - size_t len; - const char *ss = s; + + ss = s; s = p + 1; len = p - ss; if (len == 0) continue; for (j = 0; j < sk_BY_DIR_ENTRY_num(ctx->dirs); j++) { ent = sk_BY_DIR_ENTRY_value(ctx->dirs, j); - if (strlen(ent->dir) == len && - strncmp(ent->dir, ss, len) == 0) + if (strlen(ent->dir) == len && strncmp(ent->dir, ss, len) == 0) break; } if (j < sk_BY_DIR_ENTRY_num(ctx->dirs)) @@ -186,8 +187,10 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type) } } ent = OPENSSL_malloc(sizeof(*ent)); - if (ent == NULL) + if (ent == NULL) { + X509err(X509_F_ADD_CERT_DIR, ERR_R_MALLOC_FAILURE); return 0; + } ent->dir_type = type; ent->hashes = sk_BY_DIR_HASH_new(by_dir_hash_cmp); ent->dir = OPENSSL_strndup(ss, len); @@ -197,6 +200,7 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type) } if (!sk_BY_DIR_ENTRY_push(ctx->dirs, ent)) { by_dir_entry_free(ent); + X509err(X509_F_ADD_CERT_DIR, ERR_R_MALLOC_FAILURE); return 0; } } @@ -220,7 +224,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, const char *postfix = ""; if (name == NULL) - return (0); + return 0; stmp.type = type; if (type == X509_LU_X509) { @@ -248,6 +252,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, BY_DIR_ENTRY *ent; int idx; BY_DIR_HASH htmp, *hent; + ent = sk_BY_DIR_ENTRY_value(ctx->dirs, i); j = strlen(ent->dir) + 1 + 8 + 6 + 1 + 1; if (!BUF_MEM_grow(b, j)) { @@ -324,10 +329,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, */ CRYPTO_THREAD_write_lock(ctx->lock); j = sk_X509_OBJECT_find(xl->store_ctx->objs, &stmp); - if (j != -1) - tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j); - else - tmp = NULL; + tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j); CRYPTO_THREAD_unlock(ctx->lock); /* If a CRL, update the last file suffix added for this */ @@ -338,13 +340,12 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, * Look for entry again in case another thread added an entry * first. */ - if (!hent) { + if (hent == NULL) { htmp.hash = h; idx = sk_BY_DIR_HASH_find(ent->hashes, &htmp); - if (idx >= 0) - hent = sk_BY_DIR_HASH_value(ent->hashes, idx); + hent = sk_BY_DIR_HASH_value(ent->hashes, idx); } - if (!hent) { + if (hent == NULL) { hent = OPENSSL_malloc(sizeof(*hent)); if (hent == NULL) { CRYPTO_THREAD_unlock(ctx->lock); @@ -357,6 +358,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, if (!sk_BY_DIR_HASH_push(ent->hashes, hent)) { CRYPTO_THREAD_unlock(ctx->lock); OPENSSL_free(hent); + X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE); ok = 0; goto finish; } @@ -372,16 +374,17 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, ok = 1; ret->type = tmp->type; memcpy(&ret->data, &tmp->data, sizeof(ret->data)); + /* - * If we were going to up the reference count, we would need to - * do it on a perl 'type' basis + * Clear any errors that might have been raised processing empty + * or malformed files. */ - /*- CRYPTO_add(&tmp->data.x509->references,1, - CRYPTO_LOCK_X509);*/ + ERR_clear_error(); + goto finish; } } finish: BUF_MEM_free(b); - return (ok); + return ok; } diff --git a/deps/openssl/openssl/crypto/x509/by_file.c b/deps/openssl/openssl/crypto/x509/by_file.c index 77a7c4a2a65627..244512c9352b3a 100644 --- a/deps/openssl/openssl/crypto/x509/by_file.c +++ b/deps/openssl/openssl/crypto/x509/by_file.c @@ -12,7 +12,6 @@ #include #include "internal/cryptlib.h" -#include #include #include #include @@ -22,7 +21,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret); static X509_LOOKUP_METHOD x509_file_lookup = { "Load file into cache", - NULL, /* new */ + NULL, /* new_item */ NULL, /* free */ NULL, /* init */ NULL, /* shutdown */ @@ -35,7 +34,7 @@ static X509_LOOKUP_METHOD x509_file_lookup = { X509_LOOKUP_METHOD *X509_LOOKUP_file(void) { - return (&x509_file_lookup); + return &x509_file_lookup; } static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, @@ -69,7 +68,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, } break; } - return (ok); + return ok; } int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) @@ -79,8 +78,6 @@ int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) int i, count = 0; X509 *x = NULL; - if (file == NULL) - return (1); in = BIO_new(BIO_s_file()); if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) { @@ -123,10 +120,12 @@ int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) X509err(X509_F_X509_LOAD_CERT_FILE, X509_R_BAD_X509_FILETYPE); goto err; } + if (ret == 0) + X509err(X509_F_X509_LOAD_CERT_FILE, X509_R_NO_CERTIFICATE_FOUND); err: X509_free(x); BIO_free(in); - return (ret); + return ret; } int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type) @@ -136,8 +135,6 @@ int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type) int i, count = 0; X509_CRL *x = NULL; - if (file == NULL) - return (1); in = BIO_new(BIO_s_file()); if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) { @@ -180,10 +177,12 @@ int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type) X509err(X509_F_X509_LOAD_CRL_FILE, X509_R_BAD_X509_FILETYPE); goto err; } + if (ret == 0) + X509err(X509_F_X509_LOAD_CRL_FILE, X509_R_NO_CRL_FOUND); err: X509_CRL_free(x); BIO_free(in); - return (ret); + return ret; } int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type) @@ -192,6 +191,7 @@ int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type) X509_INFO *itmp; BIO *in; int i, count = 0; + if (type != X509_FILETYPE_PEM) return X509_load_cert_file(ctx, file, type); in = BIO_new_file(file, "r"); @@ -208,14 +208,20 @@ int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type) for (i = 0; i < sk_X509_INFO_num(inf); i++) { itmp = sk_X509_INFO_value(inf, i); if (itmp->x509) { - X509_STORE_add_cert(ctx->store_ctx, itmp->x509); + if (!X509_STORE_add_cert(ctx->store_ctx, itmp->x509)) + goto err; count++; } if (itmp->crl) { - X509_STORE_add_crl(ctx->store_ctx, itmp->crl); + if (!X509_STORE_add_crl(ctx->store_ctx, itmp->crl)) + goto err; count++; } } + if (count == 0) + X509err(X509_F_X509_LOAD_CERT_CRL_FILE, + X509_R_NO_CERTIFICATE_OR_CRL_FOUND); + err: sk_X509_INFO_pop_free(inf, X509_INFO_free); return count; } diff --git a/deps/openssl/openssl/crypto/x509/t_crl.c b/deps/openssl/openssl/crypto/x509/t_crl.c index f3ca6db8e53a2c..8e262912ffaa71 100644 --- a/deps/openssl/openssl/crypto/x509/t_crl.c +++ b/deps/openssl/openssl/crypto/x509/t_crl.c @@ -23,16 +23,21 @@ int X509_CRL_print_fp(FILE *fp, X509_CRL *x) if ((b = BIO_new(BIO_s_file())) == NULL) { X509err(X509_F_X509_CRL_PRINT_FP, ERR_R_BUF_LIB); - return (0); + return 0; } BIO_set_fp(b, fp, BIO_NOCLOSE); ret = X509_CRL_print(b, x); BIO_free(b); - return (ret); + return ret; } #endif int X509_CRL_print(BIO *out, X509_CRL *x) +{ + return X509_CRL_print_ex(out, x, XN_FLAG_COMPAT); +} + +int X509_CRL_print_ex(BIO *out, X509_CRL *x, unsigned long nmflag) { STACK_OF(X509_REVOKED) *rev; X509_REVOKED *r; @@ -40,7 +45,6 @@ int X509_CRL_print(BIO *out, X509_CRL *x) const ASN1_BIT_STRING *sig; long l; int i; - char *p; BIO_printf(out, "Certificate Revocation List (CRL):\n"); l = X509_CRL_get_version(x); @@ -49,10 +53,11 @@ int X509_CRL_print(BIO *out, X509_CRL *x) else BIO_printf(out, "%8sVersion unknown (%ld)\n", "", l); X509_CRL_get0_signature(x, &sig, &sig_alg); + BIO_puts(out, " "); X509_signature_print(out, sig_alg, NULL); - p = X509_NAME_oneline(X509_CRL_get_issuer(x), NULL, 0); - BIO_printf(out, "%8sIssuer: %s\n", "", p); - OPENSSL_free(p); + BIO_printf(out, "%8sIssuer: ", ""); + X509_NAME_print_ex(out, X509_CRL_get_issuer(x), 0, nmflag); + BIO_puts(out, "\n"); BIO_printf(out, "%8sLast Update: ", ""); ASN1_TIME_print(out, X509_CRL_get0_lastUpdate(x)); BIO_printf(out, "\n%8sNext Update: ", ""); diff --git a/deps/openssl/openssl/crypto/x509/t_req.c b/deps/openssl/openssl/crypto/x509/t_req.c index 77ce810835f364..2d4c591b744582 100644 --- a/deps/openssl/openssl/crypto/x509/t_req.c +++ b/deps/openssl/openssl/crypto/x509/t_req.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -25,12 +25,12 @@ int X509_REQ_print_fp(FILE *fp, X509_REQ *x) if ((b = BIO_new(BIO_s_file())) == NULL) { X509err(X509_F_X509_REQ_PRINT_FP, ERR_R_BUF_LIB); - return (0); + return 0; } BIO_set_fp(b, fp, BIO_NOCLOSE); ret = X509_REQ_print(b, x); BIO_free(b); - return (ret); + return ret; } #endif @@ -93,10 +93,12 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, pkey = X509_REQ_get0_pubkey(x); if (pkey == NULL) { - BIO_printf(bp, "%12sUnable to load Public Key\n", ""); + if (BIO_printf(bp, "%12sUnable to load Public Key\n", "") <= 0) + goto err; ERR_print_errors(bp); } else { - EVP_PKEY_print_public(bp, pkey, 16, NULL); + if (EVP_PKEY_print_public(bp, pkey, 16, NULL) <= 0) + goto err; } } @@ -135,16 +137,22 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, goto err; if (BIO_puts(bp, ":") <= 0) goto err; - if ((type == V_ASN1_PRINTABLESTRING) || - (type == V_ASN1_T61STRING) || - (type == V_ASN1_UTF8STRING) || - (type == V_ASN1_IA5STRING)) { + switch (type) { + case V_ASN1_PRINTABLESTRING: + case V_ASN1_T61STRING: + case V_ASN1_NUMERICSTRING: + case V_ASN1_UTF8STRING: + case V_ASN1_IA5STRING: if (BIO_write(bp, (char *)bs->data, bs->length) - != bs->length) + != bs->length) + goto err; + if (BIO_puts(bp, "\n") <= 0) + goto err; + break; + default: + if (BIO_puts(bp, "unable to print attribute\n") <= 0) goto err; - BIO_puts(bp, "\n"); - } else { - BIO_puts(bp, "unable to print attribute\n"); + break; } if (++ii < count) goto get_next; @@ -154,7 +162,8 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, if (!(cflag & X509_FLAG_NO_EXTENSIONS)) { exts = X509_REQ_get_extensions(x); if (exts) { - BIO_printf(bp, "%8sRequested Extensions:\n", ""); + if (BIO_printf(bp, "%8sRequested Extensions:\n", "") <= 0) + goto err; for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) { ASN1_OBJECT *obj; X509_EXTENSION *ex; @@ -163,13 +172,16 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, if (BIO_printf(bp, "%12s", "") <= 0) goto err; obj = X509_EXTENSION_get_object(ex); - i2a_ASN1_OBJECT(bp, obj); + if (i2a_ASN1_OBJECT(bp, obj) <= 0) + goto err; critical = X509_EXTENSION_get_critical(ex); if (BIO_printf(bp, ": %s\n", critical ? "critical" : "") <= 0) goto err; if (!X509V3_EXT_print(bp, ex, cflag, 16)) { - BIO_printf(bp, "%16s", ""); - ASN1_STRING_print(bp, X509_EXTENSION_get_data(ex)); + if (BIO_printf(bp, "%16s", "") <= 0 + || ASN1_STRING_print(bp, + X509_EXTENSION_get_data(ex)) <= 0) + goto err; } if (BIO_write(bp, "\n", 1) <= 0) goto err; @@ -186,10 +198,10 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, goto err; } - return (1); + return 1; err: X509err(X509_F_X509_REQ_PRINT_EX, ERR_R_BUF_LIB); - return (0); + return 0; } int X509_REQ_print(BIO *bp, X509_REQ *x) diff --git a/deps/openssl/openssl/crypto/x509/t_x509.c b/deps/openssl/openssl/crypto/x509/t_x509.c index c7ced67f894947..ccacbe7cbf8f4e 100644 --- a/deps/openssl/openssl/crypto/x509/t_x509.c +++ b/deps/openssl/openssl/crypto/x509/t_x509.c @@ -30,12 +30,12 @@ int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, if ((b = BIO_new(BIO_s_file())) == NULL) { X509err(X509_F_X509_PRINT_EX_FP, ERR_R_BUF_LIB); - return (0); + return 0; } BIO_set_fp(b, fp, BIO_NOCLOSE); ret = X509_print_ex(b, x, nmflag, cflag); BIO_free(b); - return (ret); + return ret; } #endif @@ -119,6 +119,9 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, if (!(cflag & X509_FLAG_NO_SIGNAME)) { const X509_ALGOR *tsig_alg = X509_get0_tbs_sigalg(x); + + if (BIO_puts(bp, " ") <= 0) + goto err; if (X509_signature_print(bp, tsig_alg, NULL) <= 0) goto err; } @@ -212,7 +215,7 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, ret = 1; err: OPENSSL_free(m); - return (ret); + return ret; } int X509_ocspid_print(BIO *bp, X509 *x) @@ -266,10 +269,10 @@ int X509_ocspid_print(BIO *bp, X509 *x) } BIO_printf(bp, "\n"); - return (1); + return 1; err: OPENSSL_free(der); - return (0); + return 0; } int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent) diff --git a/deps/openssl/openssl/crypto/x509/x509_att.c b/deps/openssl/openssl/crypto/x509/x509_att.c index 836bca505edcaa..63895efe460801 100644 --- a/deps/openssl/openssl/crypto/x509/x509_att.c +++ b/deps/openssl/openssl/crypto/x509/x509_att.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,7 +9,7 @@ #include #include "internal/cryptlib.h" -#include +#include #include #include #include @@ -28,8 +28,8 @@ int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, const ASN1_OBJECT *obj = OBJ_nid2obj(nid); if (obj == NULL) - return (-2); - return (X509at_get_attr_by_OBJ(x, obj, lastpos)); + return -2; + return X509at_get_attr_by_OBJ(x, obj, lastpos); } int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, @@ -39,7 +39,7 @@ int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, X509_ATTRIBUTE *ex; if (sk == NULL) - return (-1); + return -1; lastpos++; if (lastpos < 0) lastpos = 0; @@ -47,17 +47,17 @@ int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, for (; lastpos < n; lastpos++) { ex = sk_X509_ATTRIBUTE_value(sk, lastpos); if (OBJ_cmp(ex->object, obj) == 0) - return (lastpos); + return lastpos; } - return (-1); + return -1; } X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc) { if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0) return NULL; - else - return sk_X509_ATTRIBUTE_value(x, loc); + + return sk_X509_ATTRIBUTE_value(x, loc); } X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc) @@ -65,9 +65,9 @@ X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc) X509_ATTRIBUTE *ret; if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0) - return (NULL); + return NULL; ret = sk_X509_ATTRIBUTE_delete(x, loc); - return (ret); + return ret; } STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, @@ -93,13 +93,13 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, goto err; if (*x == NULL) *x = sk; - return (sk); + return sk; err: X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_MALLOC_FAILURE); err2: X509_ATTRIBUTE_free(new_attr); sk_X509_ATTRIBUTE_free(sk); - return (NULL); + return NULL; } STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) @@ -175,12 +175,12 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, obj = OBJ_nid2obj(nid); if (obj == NULL) { X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_NID, X509_R_UNKNOWN_NID); - return (NULL); + return NULL; } ret = X509_ATTRIBUTE_create_by_OBJ(attr, obj, atrtype, data, len); if (ret == NULL) ASN1_OBJECT_free(obj); - return (ret); + return ret; } X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, @@ -194,7 +194,7 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, if ((ret = X509_ATTRIBUTE_new()) == NULL) { X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ, ERR_R_MALLOC_FAILURE); - return (NULL); + return NULL; } } else ret = *attr; @@ -206,11 +206,11 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, if ((attr != NULL) && (*attr == NULL)) *attr = ret; - return (ret); + return ret; err: if ((attr == NULL) || (ret != *attr)) X509_ATTRIBUTE_free(ret); - return (NULL); + return NULL; } X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, @@ -226,7 +226,7 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT, X509_R_INVALID_FIELD_NAME); ERR_add_error_data(2, "name=", atrname); - return (NULL); + return NULL; } nattr = X509_ATTRIBUTE_create_by_OBJ(attr, obj, type, bytes, len); ASN1_OBJECT_free(obj); @@ -236,7 +236,7 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj) { if ((attr == NULL) || (obj == NULL)) - return (0); + return 0; ASN1_OBJECT_free(attr->object); attr->object = OBJ_dup(obj); return attr->object != NULL; @@ -303,8 +303,8 @@ int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr) ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr) { if (attr == NULL) - return (NULL); - return (attr->object); + return NULL; + return attr->object; } void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, diff --git a/deps/openssl/openssl/crypto/x509/x509_cmp.c b/deps/openssl/openssl/crypto/x509/x509_cmp.c index 49b0368dfca436..02fad0c671ce47 100644 --- a/deps/openssl/openssl/crypto/x509/x509_cmp.c +++ b/deps/openssl/openssl/crypto/x509/x509_cmp.c @@ -8,7 +8,6 @@ */ #include -#include #include "internal/cryptlib.h" #include #include @@ -25,8 +24,8 @@ int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b) bi = &b->cert_info; i = ASN1_INTEGER_cmp(&ai->serialNumber, &bi->serialNumber); if (i) - return (i); - return (X509_NAME_cmp(ai->issuer, bi->issuer)); + return i; + return X509_NAME_cmp(ai->issuer, bi->issuer); } #ifndef OPENSSL_NO_MD5 @@ -56,23 +55,23 @@ unsigned long X509_issuer_and_serial_hash(X509 *a) ) & 0xffffffffL; err: EVP_MD_CTX_free(ctx); - return (ret); + return ret; } #endif int X509_issuer_name_cmp(const X509 *a, const X509 *b) { - return (X509_NAME_cmp(a->cert_info.issuer, b->cert_info.issuer)); + return X509_NAME_cmp(a->cert_info.issuer, b->cert_info.issuer); } int X509_subject_name_cmp(const X509 *a, const X509 *b) { - return (X509_NAME_cmp(a->cert_info.subject, b->cert_info.subject)); + return X509_NAME_cmp(a->cert_info.subject, b->cert_info.subject); } int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b) { - return (X509_NAME_cmp(a->crl.issuer, b->crl.issuer)); + return X509_NAME_cmp(a->crl.issuer, b->crl.issuer); } int X509_CRL_match(const X509_CRL *a, const X509_CRL *b) @@ -82,24 +81,24 @@ int X509_CRL_match(const X509_CRL *a, const X509_CRL *b) X509_NAME *X509_get_issuer_name(const X509 *a) { - return (a->cert_info.issuer); + return a->cert_info.issuer; } unsigned long X509_issuer_name_hash(X509 *x) { - return (X509_NAME_hash(x->cert_info.issuer)); + return X509_NAME_hash(x->cert_info.issuer); } #ifndef OPENSSL_NO_MD5 unsigned long X509_issuer_name_hash_old(X509 *x) { - return (X509_NAME_hash_old(x->cert_info.issuer)); + return X509_NAME_hash_old(x->cert_info.issuer); } #endif X509_NAME *X509_get_subject_name(const X509 *a) { - return (a->cert_info.subject); + return a->cert_info.subject; } ASN1_INTEGER *X509_get_serialNumber(X509 *a) @@ -114,13 +113,13 @@ const ASN1_INTEGER *X509_get0_serialNumber(const X509 *a) unsigned long X509_subject_name_hash(X509 *x) { - return (X509_NAME_hash(x->cert_info.subject)); + return X509_NAME_hash(x->cert_info.subject); } #ifndef OPENSSL_NO_MD5 unsigned long X509_subject_name_hash_old(X509 *x) { - return (X509_NAME_hash_old(x->cert_info.subject)); + return X509_NAME_hash_old(x->cert_info.subject); } #endif @@ -195,7 +194,7 @@ unsigned long X509_NAME_hash(X509_NAME *x) ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) | ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L) ) & 0xffffffffL; - return (ret); + return ret; } #ifndef OPENSSL_NO_MD5 @@ -224,7 +223,7 @@ unsigned long X509_NAME_hash_old(X509_NAME *x) ) & 0xffffffffL; EVP_MD_CTX_free(md_ctx); - return (ret); + return ret; } #endif @@ -244,9 +243,9 @@ X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name, for (i = 0; i < sk_X509_num(sk); i++) { x509 = sk_X509_value(sk, i); if (X509_issuer_and_serial_cmp(x509, &x) == 0) - return (x509); + return x509; } - return (NULL); + return NULL; } X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name) @@ -257,9 +256,9 @@ X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name) for (i = 0; i < sk_X509_num(sk); i++) { x509 = sk_X509_value(sk, i); if (X509_NAME_cmp(X509_get_subject_name(x509), name) == 0) - return (x509); + return x509; } - return (NULL); + return NULL; } EVP_PKEY *X509_get0_pubkey(const X509 *x) diff --git a/deps/openssl/openssl/crypto/x509/x509_d2.c b/deps/openssl/openssl/crypto/x509/x509_d2.c index cb03dbfa6c8b91..099ffda1e15cc8 100644 --- a/deps/openssl/openssl/crypto/x509/x509_d2.c +++ b/deps/openssl/openssl/crypto/x509/x509_d2.c @@ -18,18 +18,18 @@ int X509_STORE_set_default_paths(X509_STORE *ctx) lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_file()); if (lookup == NULL) - return (0); + return 0; X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT); lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_hash_dir()); if (lookup == NULL) - return (0); + return 0; X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT); /* clear any errors */ ERR_clear_error(); - return (1); + return 1; } int X509_STORE_load_locations(X509_STORE *ctx, const char *file, @@ -40,18 +40,18 @@ int X509_STORE_load_locations(X509_STORE *ctx, const char *file, if (file != NULL) { lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_file()); if (lookup == NULL) - return (0); + return 0; if (X509_LOOKUP_load_file(lookup, file, X509_FILETYPE_PEM) != 1) - return (0); + return 0; } if (path != NULL) { lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_hash_dir()); if (lookup == NULL) - return (0); + return 0; if (X509_LOOKUP_add_dir(lookup, path, X509_FILETYPE_PEM) != 1) - return (0); + return 0; } if ((path == NULL) && (file == NULL)) - return (0); - return (1); + return 0; + return 1; } diff --git a/deps/openssl/openssl/crypto/x509/x509_def.c b/deps/openssl/openssl/crypto/x509/x509_def.c index d11358e34fe209..bfa8d7d8522ab1 100644 --- a/deps/openssl/openssl/crypto/x509/x509_def.c +++ b/deps/openssl/openssl/crypto/x509/x509_def.c @@ -14,30 +14,30 @@ const char *X509_get_default_private_dir(void) { - return (X509_PRIVATE_DIR); + return X509_PRIVATE_DIR; } const char *X509_get_default_cert_area(void) { - return (X509_CERT_AREA); + return X509_CERT_AREA; } const char *X509_get_default_cert_dir(void) { - return (X509_CERT_DIR); + return X509_CERT_DIR; } const char *X509_get_default_cert_file(void) { - return (X509_CERT_FILE); + return X509_CERT_FILE; } const char *X509_get_default_cert_dir_env(void) { - return (X509_CERT_DIR_EVP); + return X509_CERT_DIR_EVP; } const char *X509_get_default_cert_file_env(void) { - return (X509_CERT_FILE_EVP); + return X509_CERT_FILE_EVP; } diff --git a/deps/openssl/openssl/crypto/x509/x509_err.c b/deps/openssl/openssl/crypto/x509/x509_err.c index 9f91188a7659e7..739708e24fa3b3 100644 --- a/deps/openssl/openssl/crypto/x509/x509_err.c +++ b/deps/openssl/openssl/crypto/x509/x509_err.c @@ -8,123 +8,162 @@ * https://www.openssl.org/source/license.html */ -#include #include -#include +#include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -# define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509,func,0) -# define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509,0,reason) - -static ERR_STRING_DATA X509_str_functs[] = { - {ERR_FUNC(X509_F_ADD_CERT_DIR), "add_cert_dir"}, - {ERR_FUNC(X509_F_BUILD_CHAIN), "build_chain"}, - {ERR_FUNC(X509_F_BY_FILE_CTRL), "by_file_ctrl"}, - {ERR_FUNC(X509_F_CHECK_NAME_CONSTRAINTS), "check_name_constraints"}, - {ERR_FUNC(X509_F_CHECK_POLICY), "check_policy"}, - {ERR_FUNC(X509_F_DANE_I2D), "dane_i2d"}, - {ERR_FUNC(X509_F_DIR_CTRL), "dir_ctrl"}, - {ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT), "get_cert_by_subject"}, - {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE), "NETSCAPE_SPKI_b64_decode"}, - {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE), "NETSCAPE_SPKI_b64_encode"}, - {ERR_FUNC(X509_F_X509AT_ADD1_ATTR), "X509at_add1_attr"}, - {ERR_FUNC(X509_F_X509V3_ADD_EXT), "X509v3_add_ext"}, - {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_NID), +static const ERR_STRING_DATA X509_str_functs[] = { + {ERR_PACK(ERR_LIB_X509, X509_F_ADD_CERT_DIR, 0), "add_cert_dir"}, + {ERR_PACK(ERR_LIB_X509, X509_F_BUILD_CHAIN, 0), "build_chain"}, + {ERR_PACK(ERR_LIB_X509, X509_F_BY_FILE_CTRL, 0), "by_file_ctrl"}, + {ERR_PACK(ERR_LIB_X509, X509_F_CHECK_NAME_CONSTRAINTS, 0), + "check_name_constraints"}, + {ERR_PACK(ERR_LIB_X509, X509_F_CHECK_POLICY, 0), "check_policy"}, + {ERR_PACK(ERR_LIB_X509, X509_F_DANE_I2D, 0), "dane_i2d"}, + {ERR_PACK(ERR_LIB_X509, X509_F_DIR_CTRL, 0), "dir_ctrl"}, + {ERR_PACK(ERR_LIB_X509, X509_F_GET_CERT_BY_SUBJECT, 0), + "get_cert_by_subject"}, + {ERR_PACK(ERR_LIB_X509, X509_F_I2D_X509_AUX, 0), "i2d_X509_AUX"}, + {ERR_PACK(ERR_LIB_X509, X509_F_LOOKUP_CERTS_SK, 0), "lookup_certs_sk"}, + {ERR_PACK(ERR_LIB_X509, X509_F_NETSCAPE_SPKI_B64_DECODE, 0), + "NETSCAPE_SPKI_b64_decode"}, + {ERR_PACK(ERR_LIB_X509, X509_F_NETSCAPE_SPKI_B64_ENCODE, 0), + "NETSCAPE_SPKI_b64_encode"}, + {ERR_PACK(ERR_LIB_X509, X509_F_NEW_DIR, 0), "new_dir"}, + {ERR_PACK(ERR_LIB_X509, X509_F_X509AT_ADD1_ATTR, 0), "X509at_add1_attr"}, + {ERR_PACK(ERR_LIB_X509, X509_F_X509V3_ADD_EXT, 0), "X509v3_add_ext"}, + {ERR_PACK(ERR_LIB_X509, X509_F_X509_ATTRIBUTE_CREATE_BY_NID, 0), "X509_ATTRIBUTE_create_by_NID"}, - {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ), + {ERR_PACK(ERR_LIB_X509, X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ, 0), "X509_ATTRIBUTE_create_by_OBJ"}, - {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT), + {ERR_PACK(ERR_LIB_X509, X509_F_X509_ATTRIBUTE_CREATE_BY_TXT, 0), "X509_ATTRIBUTE_create_by_txt"}, - {ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA), "X509_ATTRIBUTE_get0_data"}, - {ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA), "X509_ATTRIBUTE_set1_data"}, - {ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY), "X509_check_private_key"}, - {ERR_FUNC(X509_F_X509_CRL_DIFF), "X509_CRL_diff"}, - {ERR_FUNC(X509_F_X509_CRL_PRINT_FP), "X509_CRL_print_fp"}, - {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID), + {ERR_PACK(ERR_LIB_X509, X509_F_X509_ATTRIBUTE_GET0_DATA, 0), + "X509_ATTRIBUTE_get0_data"}, + {ERR_PACK(ERR_LIB_X509, X509_F_X509_ATTRIBUTE_SET1_DATA, 0), + "X509_ATTRIBUTE_set1_data"}, + {ERR_PACK(ERR_LIB_X509, X509_F_X509_CHECK_PRIVATE_KEY, 0), + "X509_check_private_key"}, + {ERR_PACK(ERR_LIB_X509, X509_F_X509_CRL_DIFF, 0), "X509_CRL_diff"}, + {ERR_PACK(ERR_LIB_X509, X509_F_X509_CRL_METHOD_NEW, 0), + "X509_CRL_METHOD_new"}, + {ERR_PACK(ERR_LIB_X509, X509_F_X509_CRL_PRINT_FP, 0), "X509_CRL_print_fp"}, + {ERR_PACK(ERR_LIB_X509, X509_F_X509_EXTENSION_CREATE_BY_NID, 0), "X509_EXTENSION_create_by_NID"}, - {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_OBJ), + {ERR_PACK(ERR_LIB_X509, X509_F_X509_EXTENSION_CREATE_BY_OBJ, 0), "X509_EXTENSION_create_by_OBJ"}, - {ERR_FUNC(X509_F_X509_GET_PUBKEY_PARAMETERS), + {ERR_PACK(ERR_LIB_X509, X509_F_X509_GET_PUBKEY_PARAMETERS, 0), "X509_get_pubkey_parameters"}, - {ERR_FUNC(X509_F_X509_LOAD_CERT_CRL_FILE), "X509_load_cert_crl_file"}, - {ERR_FUNC(X509_F_X509_LOAD_CERT_FILE), "X509_load_cert_file"}, - {ERR_FUNC(X509_F_X509_LOAD_CRL_FILE), "X509_load_crl_file"}, - {ERR_FUNC(X509_F_X509_LOOKUP_METH_NEW), "X509_LOOKUP_meth_new"}, - {ERR_FUNC(X509_F_X509_NAME_ADD_ENTRY), "X509_NAME_add_entry"}, - {ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_NID), + {ERR_PACK(ERR_LIB_X509, X509_F_X509_LOAD_CERT_CRL_FILE, 0), + "X509_load_cert_crl_file"}, + {ERR_PACK(ERR_LIB_X509, X509_F_X509_LOAD_CERT_FILE, 0), + "X509_load_cert_file"}, + {ERR_PACK(ERR_LIB_X509, X509_F_X509_LOAD_CRL_FILE, 0), + "X509_load_crl_file"}, + {ERR_PACK(ERR_LIB_X509, X509_F_X509_LOOKUP_METH_NEW, 0), + "X509_LOOKUP_meth_new"}, + {ERR_PACK(ERR_LIB_X509, X509_F_X509_LOOKUP_NEW, 0), "X509_LOOKUP_new"}, + {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_ADD_ENTRY, 0), + "X509_NAME_add_entry"}, + {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_CANON, 0), "x509_name_canon"}, + {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_ENTRY_CREATE_BY_NID, 0), "X509_NAME_ENTRY_create_by_NID"}, - {ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT), + {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_ENTRY_CREATE_BY_TXT, 0), "X509_NAME_ENTRY_create_by_txt"}, - {ERR_FUNC(X509_F_X509_NAME_ENTRY_SET_OBJECT), + {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_ENTRY_SET_OBJECT, 0), "X509_NAME_ENTRY_set_object"}, - {ERR_FUNC(X509_F_X509_NAME_ONELINE), "X509_NAME_oneline"}, - {ERR_FUNC(X509_F_X509_NAME_PRINT), "X509_NAME_print"}, - {ERR_FUNC(X509_F_X509_OBJECT_NEW), "X509_OBJECT_new"}, - {ERR_FUNC(X509_F_X509_PRINT_EX_FP), "X509_print_ex_fp"}, - {ERR_FUNC(X509_F_X509_PUBKEY_DECODE), "x509_pubkey_decode"}, - {ERR_FUNC(X509_F_X509_PUBKEY_GET0), "X509_PUBKEY_get0"}, - {ERR_FUNC(X509_F_X509_PUBKEY_SET), "X509_PUBKEY_set"}, - {ERR_FUNC(X509_F_X509_REQ_CHECK_PRIVATE_KEY), + {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_ONELINE, 0), "X509_NAME_oneline"}, + {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_PRINT, 0), "X509_NAME_print"}, + {ERR_PACK(ERR_LIB_X509, X509_F_X509_OBJECT_NEW, 0), "X509_OBJECT_new"}, + {ERR_PACK(ERR_LIB_X509, X509_F_X509_PRINT_EX_FP, 0), "X509_print_ex_fp"}, + {ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_DECODE, 0), + "x509_pubkey_decode"}, + {ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_GET0, 0), "X509_PUBKEY_get0"}, + {ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_SET, 0), "X509_PUBKEY_set"}, + {ERR_PACK(ERR_LIB_X509, X509_F_X509_REQ_CHECK_PRIVATE_KEY, 0), "X509_REQ_check_private_key"}, - {ERR_FUNC(X509_F_X509_REQ_PRINT_EX), "X509_REQ_print_ex"}, - {ERR_FUNC(X509_F_X509_REQ_PRINT_FP), "X509_REQ_print_fp"}, - {ERR_FUNC(X509_F_X509_REQ_TO_X509), "X509_REQ_to_X509"}, - {ERR_FUNC(X509_F_X509_STORE_ADD_CERT), "X509_STORE_add_cert"}, - {ERR_FUNC(X509_F_X509_STORE_ADD_CRL), "X509_STORE_add_crl"}, - {ERR_FUNC(X509_F_X509_STORE_CTX_GET1_ISSUER), + {ERR_PACK(ERR_LIB_X509, X509_F_X509_REQ_PRINT_EX, 0), "X509_REQ_print_ex"}, + {ERR_PACK(ERR_LIB_X509, X509_F_X509_REQ_PRINT_FP, 0), "X509_REQ_print_fp"}, + {ERR_PACK(ERR_LIB_X509, X509_F_X509_REQ_TO_X509, 0), "X509_REQ_to_X509"}, + {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_ADD_CERT, 0), + "X509_STORE_add_cert"}, + {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_ADD_CRL, 0), + "X509_STORE_add_crl"}, + {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_ADD_LOOKUP, 0), + "X509_STORE_add_lookup"}, + {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_CTX_GET1_ISSUER, 0), "X509_STORE_CTX_get1_issuer"}, - {ERR_FUNC(X509_F_X509_STORE_CTX_INIT), "X509_STORE_CTX_init"}, - {ERR_FUNC(X509_F_X509_STORE_CTX_NEW), "X509_STORE_CTX_new"}, - {ERR_FUNC(X509_F_X509_STORE_CTX_PURPOSE_INHERIT), + {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_CTX_INIT, 0), + "X509_STORE_CTX_init"}, + {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_CTX_NEW, 0), + "X509_STORE_CTX_new"}, + {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_CTX_PURPOSE_INHERIT, 0), "X509_STORE_CTX_purpose_inherit"}, - {ERR_FUNC(X509_F_X509_TO_X509_REQ), "X509_to_X509_REQ"}, - {ERR_FUNC(X509_F_X509_TRUST_ADD), "X509_TRUST_add"}, - {ERR_FUNC(X509_F_X509_TRUST_SET), "X509_TRUST_set"}, - {ERR_FUNC(X509_F_X509_VERIFY_CERT), "X509_verify_cert"}, + {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_NEW, 0), "X509_STORE_new"}, + {ERR_PACK(ERR_LIB_X509, X509_F_X509_TO_X509_REQ, 0), "X509_to_X509_REQ"}, + {ERR_PACK(ERR_LIB_X509, X509_F_X509_TRUST_ADD, 0), "X509_TRUST_add"}, + {ERR_PACK(ERR_LIB_X509, X509_F_X509_TRUST_SET, 0), "X509_TRUST_set"}, + {ERR_PACK(ERR_LIB_X509, X509_F_X509_VERIFY_CERT, 0), "X509_verify_cert"}, + {ERR_PACK(ERR_LIB_X509, X509_F_X509_VERIFY_PARAM_NEW, 0), + "X509_VERIFY_PARAM_new"}, {0, NULL} }; -static ERR_STRING_DATA X509_str_reasons[] = { - {ERR_REASON(X509_R_AKID_MISMATCH), "akid mismatch"}, - {ERR_REASON(X509_R_BAD_SELECTOR), "bad selector"}, - {ERR_REASON(X509_R_BAD_X509_FILETYPE), "bad x509 filetype"}, - {ERR_REASON(X509_R_BASE64_DECODE_ERROR), "base64 decode error"}, - {ERR_REASON(X509_R_CANT_CHECK_DH_KEY), "cant check dh key"}, - {ERR_REASON(X509_R_CERT_ALREADY_IN_HASH_TABLE), - "cert already in hash table"}, - {ERR_REASON(X509_R_CRL_ALREADY_DELTA), "crl already delta"}, - {ERR_REASON(X509_R_CRL_VERIFY_FAILURE), "crl verify failure"}, - {ERR_REASON(X509_R_IDP_MISMATCH), "idp mismatch"}, - {ERR_REASON(X509_R_INVALID_DIRECTORY), "invalid directory"}, - {ERR_REASON(X509_R_INVALID_FIELD_NAME), "invalid field name"}, - {ERR_REASON(X509_R_INVALID_TRUST), "invalid trust"}, - {ERR_REASON(X509_R_ISSUER_MISMATCH), "issuer mismatch"}, - {ERR_REASON(X509_R_KEY_TYPE_MISMATCH), "key type mismatch"}, - {ERR_REASON(X509_R_KEY_VALUES_MISMATCH), "key values mismatch"}, - {ERR_REASON(X509_R_LOADING_CERT_DIR), "loading cert dir"}, - {ERR_REASON(X509_R_LOADING_DEFAULTS), "loading defaults"}, - {ERR_REASON(X509_R_METHOD_NOT_SUPPORTED), "method not supported"}, - {ERR_REASON(X509_R_NAME_TOO_LONG), "name too long"}, - {ERR_REASON(X509_R_NEWER_CRL_NOT_NEWER), "newer crl not newer"}, - {ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY), - "no cert set for us to verify"}, - {ERR_REASON(X509_R_NO_CRL_NUMBER), "no crl number"}, - {ERR_REASON(X509_R_PUBLIC_KEY_DECODE_ERROR), "public key decode error"}, - {ERR_REASON(X509_R_PUBLIC_KEY_ENCODE_ERROR), "public key encode error"}, - {ERR_REASON(X509_R_SHOULD_RETRY), "should retry"}, - {ERR_REASON(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN), - "unable to find parameters in chain"}, - {ERR_REASON(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY), - "unable to get certs public key"}, - {ERR_REASON(X509_R_UNKNOWN_KEY_TYPE), "unknown key type"}, - {ERR_REASON(X509_R_UNKNOWN_NID), "unknown nid"}, - {ERR_REASON(X509_R_UNKNOWN_PURPOSE_ID), "unknown purpose id"}, - {ERR_REASON(X509_R_UNKNOWN_TRUST_ID), "unknown trust id"}, - {ERR_REASON(X509_R_UNSUPPORTED_ALGORITHM), "unsupported algorithm"}, - {ERR_REASON(X509_R_WRONG_LOOKUP_TYPE), "wrong lookup type"}, - {ERR_REASON(X509_R_WRONG_TYPE), "wrong type"}, +static const ERR_STRING_DATA X509_str_reasons[] = { + {ERR_PACK(ERR_LIB_X509, 0, X509_R_AKID_MISMATCH), "akid mismatch"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_BAD_SELECTOR), "bad selector"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_BAD_X509_FILETYPE), "bad x509 filetype"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_BASE64_DECODE_ERROR), + "base64 decode error"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_CANT_CHECK_DH_KEY), "cant check dh key"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_CERT_ALREADY_IN_HASH_TABLE), + "cert already in hash table"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_CRL_ALREADY_DELTA), "crl already delta"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_CRL_VERIFY_FAILURE), + "crl verify failure"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_IDP_MISMATCH), "idp mismatch"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_DIRECTORY), "invalid directory"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_FIELD_NAME), + "invalid field name"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_TRUST), "invalid trust"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_ISSUER_MISMATCH), "issuer mismatch"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_KEY_TYPE_MISMATCH), "key type mismatch"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_KEY_VALUES_MISMATCH), + "key values mismatch"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_LOADING_CERT_DIR), "loading cert dir"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_LOADING_DEFAULTS), "loading defaults"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_METHOD_NOT_SUPPORTED), + "method not supported"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_NAME_TOO_LONG), "name too long"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_NEWER_CRL_NOT_NEWER), + "newer crl not newer"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_NO_CERTIFICATE_FOUND), + "no certificate found"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_NO_CERTIFICATE_OR_CRL_FOUND), + "no certificate or crl found"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY), + "no cert set for us to verify"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_NO_CRL_FOUND), "no crl found"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_NO_CRL_NUMBER), "no crl number"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_PUBLIC_KEY_DECODE_ERROR), + "public key decode error"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_PUBLIC_KEY_ENCODE_ERROR), + "public key encode error"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_SHOULD_RETRY), "should retry"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN), + "unable to find parameters in chain"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY), + "unable to get certs public key"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNKNOWN_KEY_TYPE), "unknown key type"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNKNOWN_NID), "unknown nid"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNKNOWN_PURPOSE_ID), + "unknown purpose id"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNKNOWN_TRUST_ID), "unknown trust id"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNSUPPORTED_ALGORITHM), + "unsupported algorithm"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_WRONG_LOOKUP_TYPE), "wrong lookup type"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_WRONG_TYPE), "wrong type"}, {0, NULL} }; @@ -133,10 +172,9 @@ static ERR_STRING_DATA X509_str_reasons[] = { int ERR_load_X509_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(X509_str_functs[0].error) == NULL) { - ERR_load_strings(0, X509_str_functs); - ERR_load_strings(0, X509_str_reasons); + ERR_load_strings_const(X509_str_functs); + ERR_load_strings_const(X509_str_reasons); } #endif return 1; diff --git a/deps/openssl/openssl/crypto/x509/x509_ext.c b/deps/openssl/openssl/crypto/x509/x509_ext.c index 3c59079852f59d..2db843760c6895 100644 --- a/deps/openssl/openssl/crypto/x509/x509_ext.c +++ b/deps/openssl/openssl/crypto/x509/x509_ext.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,7 +9,6 @@ #include #include "internal/cryptlib.h" -#include #include #include #include @@ -19,33 +18,33 @@ int X509_CRL_get_ext_count(const X509_CRL *x) { - return (X509v3_get_ext_count(x->crl.extensions)); + return X509v3_get_ext_count(x->crl.extensions); } int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos) { - return (X509v3_get_ext_by_NID(x->crl.extensions, nid, lastpos)); + return X509v3_get_ext_by_NID(x->crl.extensions, nid, lastpos); } int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj, int lastpos) { - return (X509v3_get_ext_by_OBJ(x->crl.extensions, obj, lastpos)); + return X509v3_get_ext_by_OBJ(x->crl.extensions, obj, lastpos); } int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos) { - return (X509v3_get_ext_by_critical(x->crl.extensions, crit, lastpos)); + return X509v3_get_ext_by_critical(x->crl.extensions, crit, lastpos); } X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc) { - return (X509v3_get_ext(x->crl.extensions, loc)); + return X509v3_get_ext(x->crl.extensions, loc); } X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc) { - return (X509v3_delete_ext(x->crl.extensions, loc)); + return X509v3_delete_ext(x->crl.extensions, loc); } void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx) @@ -66,17 +65,17 @@ int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc) int X509_get_ext_count(const X509 *x) { - return (X509v3_get_ext_count(x->cert_info.extensions)); + return X509v3_get_ext_count(x->cert_info.extensions); } int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos) { - return (X509v3_get_ext_by_NID(x->cert_info.extensions, nid, lastpos)); + return X509v3_get_ext_by_NID(x->cert_info.extensions, nid, lastpos); } int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos) { - return (X509v3_get_ext_by_OBJ(x->cert_info.extensions, obj, lastpos)); + return X509v3_get_ext_by_OBJ(x->cert_info.extensions, obj, lastpos); } int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos) @@ -87,12 +86,12 @@ int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos) X509_EXTENSION *X509_get_ext(const X509 *x, int loc) { - return (X509v3_get_ext(x->cert_info.extensions, loc)); + return X509v3_get_ext(x->cert_info.extensions, loc); } X509_EXTENSION *X509_delete_ext(X509 *x, int loc) { - return (X509v3_delete_ext(x->cert_info.extensions, loc)); + return X509v3_delete_ext(x->cert_info.extensions, loc); } int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc) @@ -114,33 +113,33 @@ int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, int X509_REVOKED_get_ext_count(const X509_REVOKED *x) { - return (X509v3_get_ext_count(x->extensions)); + return X509v3_get_ext_count(x->extensions); } int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos) { - return (X509v3_get_ext_by_NID(x->extensions, nid, lastpos)); + return X509v3_get_ext_by_NID(x->extensions, nid, lastpos); } int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj, int lastpos) { - return (X509v3_get_ext_by_OBJ(x->extensions, obj, lastpos)); + return X509v3_get_ext_by_OBJ(x->extensions, obj, lastpos); } int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, int lastpos) { - return (X509v3_get_ext_by_critical(x->extensions, crit, lastpos)); + return X509v3_get_ext_by_critical(x->extensions, crit, lastpos); } X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc) { - return (X509v3_get_ext(x->extensions, loc)); + return X509v3_get_ext(x->extensions, loc); } X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc) { - return (X509v3_delete_ext(x->extensions, loc)); + return X509v3_delete_ext(x->extensions, loc); } int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc) diff --git a/deps/openssl/openssl/crypto/x509/x509_lcl.h b/deps/openssl/openssl/crypto/x509/x509_lcl.h index 8a47da4fef0d88..c517a774563717 100644 --- a/deps/openssl/openssl/crypto/x509/x509_lcl.h +++ b/deps/openssl/openssl/crypto/x509/x509_lcl.h @@ -7,6 +7,8 @@ * https://www.openssl.org/source/license.html */ +#include "internal/refcount.h" + /* * This structure holds all parameters associated with a verify operation by * including an X509_VERIFY_PARAM structure in related structures the @@ -130,7 +132,7 @@ struct x509_store_st { STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm); int (*cleanup) (X509_STORE_CTX *ctx); CRYPTO_EX_DATA ex_data; - int references; + CRYPTO_REF_COUNT references; CRYPTO_RWLOCK *lock; }; @@ -140,3 +142,6 @@ DEFINE_STACK_OF(BY_DIR_HASH) DEFINE_STACK_OF(BY_DIR_ENTRY) typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY; DEFINE_STACK_OF(STACK_OF_X509_NAME_ENTRY) + +void x509_set_signature_info(X509_SIG_INFO *siginf, const X509_ALGOR *alg, + const ASN1_STRING *sig); diff --git a/deps/openssl/openssl/crypto/x509/x509_lu.c b/deps/openssl/openssl/crypto/x509/x509_lu.c index e5bea5b2764e92..be39015b0d0126 100644 --- a/deps/openssl/openssl/crypto/x509/x509_lu.c +++ b/deps/openssl/openssl/crypto/x509/x509_lu.c @@ -9,7 +9,7 @@ #include #include "internal/cryptlib.h" -#include +#include "internal/refcount.h" #include #include "internal/x509_int.h" #include @@ -17,14 +17,15 @@ X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method) { - X509_LOOKUP *ret; + X509_LOOKUP *ret = OPENSSL_zalloc(sizeof(*ret)); - ret = OPENSSL_zalloc(sizeof(*ret)); - if (ret == NULL) + if (ret == NULL) { + X509err(X509_F_X509_LOOKUP_NEW, ERR_R_MALLOC_FAILURE); return NULL; + } ret->method = method; - if ((method->new_item != NULL) && !method->new_item(ret)) { + if (method->new_item != NULL && method->new_item(ret) == 0) { OPENSSL_free(ret); return NULL; } @@ -149,7 +150,7 @@ static int x509_object_cmp(const X509_OBJECT *const *a, case X509_LU_CRL: ret = X509_CRL_cmp((*a)->data.crl, (*b)->data.crl); break; - default: + case X509_LU_NONE: /* abort(); */ return 0; } @@ -158,25 +159,36 @@ static int x509_object_cmp(const X509_OBJECT *const *a, X509_STORE *X509_STORE_new(void) { - X509_STORE *ret; + X509_STORE *ret = OPENSSL_zalloc(sizeof(*ret)); - if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) + if (ret == NULL) { + X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE); return NULL; - if ((ret->objs = sk_X509_OBJECT_new(x509_object_cmp)) == NULL) + } + if ((ret->objs = sk_X509_OBJECT_new(x509_object_cmp)) == NULL) { + X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE); goto err; + } ret->cache = 1; - if ((ret->get_cert_methods = sk_X509_LOOKUP_new_null()) == NULL) + if ((ret->get_cert_methods = sk_X509_LOOKUP_new_null()) == NULL) { + X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE); goto err; + } - if ((ret->param = X509_VERIFY_PARAM_new()) == NULL) + if ((ret->param = X509_VERIFY_PARAM_new()) == NULL) { + X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE); goto err; - - if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) + } + if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) { + X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE); goto err; + } ret->lock = CRYPTO_THREAD_lock_new(); - if (ret->lock == NULL) + if (ret->lock == NULL) { + X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE); goto err; + } ret->references = 1; return ret; @@ -197,8 +209,7 @@ void X509_STORE_free(X509_STORE *vfy) if (vfy == NULL) return; - - CRYPTO_atomic_add(&vfy->references, -1, &i, vfy->lock); + CRYPTO_DOWN_REF(&vfy->references, &i, vfy->lock); REF_PRINT_COUNT("X509_STORE", vfy); if (i > 0) return; @@ -223,7 +234,7 @@ int X509_STORE_up_ref(X509_STORE *vfy) { int i; - if (CRYPTO_atomic_add(&vfy->references, 1, &i, vfy->lock) <= 0) + if (CRYPTO_UP_REF(&vfy->references, &i, vfy->lock) <= 0) return 0; REF_PRINT_COUNT("X509_STORE", a); @@ -246,17 +257,18 @@ X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m) } /* a new one */ lu = X509_LOOKUP_new(m); - if (lu == NULL) + if (lu == NULL) { + X509err(X509_F_X509_STORE_ADD_LOOKUP, ERR_R_MALLOC_FAILURE); return NULL; - else { - lu->store_ctx = v; - if (sk_X509_LOOKUP_push(v->get_cert_methods, lu)) - return lu; - else { - X509_LOOKUP_free(lu); - return NULL; - } } + + lu->store_ctx = v; + if (sk_X509_LOOKUP_push(v->get_cert_methods, lu)) + return lu; + /* malloc failed */ + X509err(X509_F_X509_STORE_ADD_LOOKUP, ERR_R_MALLOC_FAILURE); + X509_LOOKUP_free(lu); + return NULL; } X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs, @@ -310,8 +322,7 @@ int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, return 1; } -static int x509_store_add(X509_STORE *ctx, void *x, int crl) -{ +static int x509_store_add(X509_STORE *ctx, void *x, int crl) { X509_OBJECT *obj; int ret = 0, added = 0; @@ -349,7 +360,7 @@ static int x509_store_add(X509_STORE *ctx, void *x, int crl) int X509_STORE_add_cert(X509_STORE *ctx, X509 *x) { - if (!x509_store_add(ctx, x, 0)) { + if (!x509_store_add(ctx, x, 0)) { X509err(X509_F_X509_STORE_ADD_CERT, ERR_R_MALLOC_FAILURE); return 0; } @@ -368,7 +379,7 @@ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) int X509_OBJECT_up_ref_count(X509_OBJECT *a) { switch (a->type) { - default: + case X509_LU_NONE: break; case X509_LU_X509: return X509_up_ref(a->data.x509); @@ -397,7 +408,7 @@ X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a) return a->type; } -X509_OBJECT *X509_OBJECT_new() +X509_OBJECT *X509_OBJECT_new(void) { X509_OBJECT *ret = OPENSSL_zalloc(sizeof(*ret)); @@ -414,7 +425,7 @@ static void x509_object_free_internal(X509_OBJECT *a) if (a == NULL) return; switch (a->type) { - default: + case X509_LU_NONE: break; case X509_LU_X509: X509_free(a->data.x509); @@ -471,7 +482,7 @@ static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type, stmp.data.crl = &crl_s; crl_s.crl.issuer = name; break; - default: + case X509_LU_NONE: /* abort(); */ return -1; } @@ -608,17 +619,18 @@ STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x) { - int idx, i; + int idx, i, num; X509_OBJECT *obj; + idx = sk_X509_OBJECT_find(h, x); - if (idx == -1) + if (idx < 0) return NULL; if ((x->type != X509_LU_X509) && (x->type != X509_LU_CRL)) return sk_X509_OBJECT_value(h, idx); - for (i = idx; i < sk_X509_OBJECT_num(h); i++) { + for (i = idx, num = sk_X509_OBJECT_num(h); i < num; i++) { obj = sk_X509_OBJECT_value(h, i); - if (x509_object_cmp - ((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x)) + if (x509_object_cmp((const X509_OBJECT **)&obj, + (const X509_OBJECT **)&x)) return NULL; if (x->type == X509_LU_X509) { if (!X509_cmp(obj->data.x509, x->data.x509)) diff --git a/deps/openssl/openssl/crypto/x509/x509_obj.c b/deps/openssl/openssl/crypto/x509/x509_obj.c index 55dc778bba7675..85c39415c11e9f 100644 --- a/deps/openssl/openssl/crypto/x509/x509_obj.c +++ b/deps/openssl/openssl/crypto/x509/x509_obj.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,7 +9,6 @@ #include #include "internal/cryptlib.h" -#include #include #include #include @@ -173,10 +172,10 @@ char *X509_NAME_oneline(const X509_NAME *a, char *buf, int len) p = buf; if (i == 0) *p = '\0'; - return (p); + return p; err: X509err(X509_F_X509_NAME_ONELINE, ERR_R_MALLOC_FAILURE); end: BUF_MEM_free(b); - return (NULL); + return NULL; } diff --git a/deps/openssl/openssl/crypto/x509/x509_req.c b/deps/openssl/openssl/crypto/x509/x509_req.c index 7b88dbcd21a63d..0bdbb81db894d0 100644 --- a/deps/openssl/openssl/crypto/x509/x509_req.c +++ b/deps/openssl/openssl/crypto/x509/x509_req.c @@ -54,24 +54,24 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) if (!X509_REQ_sign(ret, pkey, md)) goto err; } - return (ret); + return ret; err: X509_REQ_free(ret); - return (NULL); + return NULL; } EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req) { if (req == NULL) - return (NULL); - return (X509_PUBKEY_get(req->req_info.pubkey)); + return NULL; + return X509_PUBKEY_get(req->req_info.pubkey); } EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req) { if (req == NULL) return NULL; - return (X509_PUBKEY_get0(req->req_info.pubkey)); + return X509_PUBKEY_get0(req->req_info.pubkey); } X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req) @@ -115,7 +115,7 @@ int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k) } EVP_PKEY_free(xk); - return (ok); + return ok; } /* @@ -158,7 +158,7 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req) const unsigned char *p; if ((req == NULL) || !ext_nids) - return (NULL); + return NULL; for (pnid = ext_nids; *pnid != NID_undef; pnid++) { idx = X509_REQ_get_attr_by_NID(req, *pnid, -1); if (idx == -1) diff --git a/deps/openssl/openssl/crypto/x509/x509_set.c b/deps/openssl/openssl/crypto/x509/x509_set.c index c0ea41883d98ca..3ab6bf35115ffa 100644 --- a/deps/openssl/openssl/crypto/x509/x509_set.c +++ b/deps/openssl/openssl/crypto/x509/x509_set.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,26 +9,30 @@ #include #include "internal/cryptlib.h" +#include "internal/refcount.h" #include #include #include #include +#include +#include "internal/asn1_int.h" #include "internal/x509_int.h" +#include "x509_lcl.h" int X509_set_version(X509 *x, long version) { if (x == NULL) - return (0); + return 0; if (version == 0) { ASN1_INTEGER_free(x->cert_info.version); x->cert_info.version = NULL; - return (1); + return 1; } if (x->cert_info.version == NULL) { if ((x->cert_info.version = ASN1_INTEGER_new()) == NULL) - return (0); + return 0; } - return (ASN1_INTEGER_set(x->cert_info.version, version)); + return ASN1_INTEGER_set(x->cert_info.version, version); } int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial) @@ -46,15 +50,15 @@ int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial) int X509_set_issuer_name(X509 *x, X509_NAME *name) { if (x == NULL) - return (0); - return (X509_NAME_set(&x->cert_info.issuer, name)); + return 0; + return X509_NAME_set(&x->cert_info.issuer, name); } int X509_set_subject_name(X509 *x, X509_NAME *name) { if (x == NULL) - return (0); - return (X509_NAME_set(&x->cert_info.subject, name)); + return 0; + return X509_NAME_set(&x->cert_info.subject, name); } int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm) @@ -88,15 +92,15 @@ int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm) int X509_set_pubkey(X509 *x, EVP_PKEY *pkey) { if (x == NULL) - return (0); - return (X509_PUBKEY_set(&(x->cert_info.key), pkey)); + return 0; + return X509_PUBKEY_set(&(x->cert_info.key), pkey); } int X509_up_ref(X509 *x) { int i; - if (CRYPTO_atomic_add(&x->references, 1, &i, x->lock) <= 0) + if (CRYPTO_UP_REF(&x->references, &i, x->lock) <= 0) return 0; REF_PRINT_COUNT("X509", x); @@ -157,3 +161,77 @@ const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x) { return &x->cert_info.signature; } + +int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid, + int *secbits, uint32_t *flags) +{ + if (mdnid != NULL) + *mdnid = siginf->mdnid; + if (pknid != NULL) + *pknid = siginf->pknid; + if (secbits != NULL) + *secbits = siginf->secbits; + if (flags != NULL) + *flags = siginf->flags; + return (siginf->flags & X509_SIG_INFO_VALID) != 0; +} + +void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid, + int secbits, uint32_t flags) +{ + siginf->mdnid = mdnid; + siginf->pknid = pknid; + siginf->secbits = secbits; + siginf->flags = flags; +} + +int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits, + uint32_t *flags) +{ + X509_check_purpose(x, -1, -1); + return X509_SIG_INFO_get(&x->siginf, mdnid, pknid, secbits, flags); +} + +static void x509_sig_info_init(X509_SIG_INFO *siginf, const X509_ALGOR *alg, + const ASN1_STRING *sig) +{ + int pknid, mdnid; + const EVP_MD *md; + + siginf->mdnid = NID_undef; + siginf->pknid = NID_undef; + siginf->secbits = -1; + siginf->flags = 0; + if (!OBJ_find_sigid_algs(OBJ_obj2nid(alg->algorithm), &mdnid, &pknid) + || pknid == NID_undef) + return; + siginf->pknid = pknid; + if (mdnid == NID_undef) { + /* If we have one, use a custom handler for this algorithm */ + const EVP_PKEY_ASN1_METHOD *ameth = EVP_PKEY_asn1_find(NULL, pknid); + if (ameth == NULL || ameth->siginf_set == NULL + || ameth->siginf_set(siginf, alg, sig) == 0) + return; + siginf->flags |= X509_SIG_INFO_VALID; + return; + } + siginf->flags |= X509_SIG_INFO_VALID; + siginf->mdnid = mdnid; + md = EVP_get_digestbynid(mdnid); + if (md == NULL) + return; + /* Security bits: half number of bits in digest */ + siginf->secbits = EVP_MD_size(md) * 4; + switch (mdnid) { + case NID_sha1: + case NID_sha256: + case NID_sha384: + case NID_sha512: + siginf->flags |= X509_SIG_INFO_TLS; + } +} + +void x509_init_sig_info(X509 *x) +{ + x509_sig_info_init(&x->siginf, &x->sig_alg, &x->signature); +} diff --git a/deps/openssl/openssl/crypto/x509/x509_trs.c b/deps/openssl/openssl/crypto/x509/x509_trs.c index a9bb88d1e1b127..d749af4d590a6c 100644 --- a/deps/openssl/openssl/crypto/x509/x509_trs.c +++ b/deps/openssl/openssl/crypto/x509/x509_trs.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -98,13 +98,14 @@ int X509_TRUST_get_by_id(int id) { X509_TRUST tmp; int idx; + if ((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX)) return id - X509_TRUST_MIN; - tmp.trust = id; - if (!trtable) + if (trtable == NULL) return -1; + tmp.trust = id; idx = sk_X509_TRUST_find(trtable, &tmp); - if (idx == -1) + if (idx < 0) return -1; return idx + X509_TRUST_COUNT; } diff --git a/deps/openssl/openssl/crypto/x509/x509_txt.c b/deps/openssl/openssl/crypto/x509/x509_txt.c index 66e5fcd02f9f95..4755b39eb4eb61 100644 --- a/deps/openssl/openssl/crypto/x509/x509_txt.c +++ b/deps/openssl/openssl/crypto/x509/x509_txt.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,7 +12,6 @@ #include #include "internal/cryptlib.h" -#include #include #include #include @@ -23,155 +22,161 @@ const char *X509_verify_cert_error_string(long n) { switch ((int)n) { case X509_V_OK: - return ("ok"); + return "ok"; case X509_V_ERR_UNSPECIFIED: - return ("unspecified certificate verification error"); + return "unspecified certificate verification error"; case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: - return ("unable to get issuer certificate"); + return "unable to get issuer certificate"; case X509_V_ERR_UNABLE_TO_GET_CRL: - return ("unable to get certificate CRL"); + return "unable to get certificate CRL"; case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: - return ("unable to decrypt certificate's signature"); + return "unable to decrypt certificate's signature"; case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: - return ("unable to decrypt CRL's signature"); + return "unable to decrypt CRL's signature"; case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: - return ("unable to decode issuer public key"); + return "unable to decode issuer public key"; case X509_V_ERR_CERT_SIGNATURE_FAILURE: - return ("certificate signature failure"); + return "certificate signature failure"; case X509_V_ERR_CRL_SIGNATURE_FAILURE: - return ("CRL signature failure"); + return "CRL signature failure"; case X509_V_ERR_CERT_NOT_YET_VALID: - return ("certificate is not yet valid"); + return "certificate is not yet valid"; case X509_V_ERR_CERT_HAS_EXPIRED: - return ("certificate has expired"); + return "certificate has expired"; case X509_V_ERR_CRL_NOT_YET_VALID: - return ("CRL is not yet valid"); + return "CRL is not yet valid"; case X509_V_ERR_CRL_HAS_EXPIRED: - return ("CRL has expired"); + return "CRL has expired"; case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: - return ("format error in certificate's notBefore field"); + return "format error in certificate's notBefore field"; case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: - return ("format error in certificate's notAfter field"); + return "format error in certificate's notAfter field"; case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: - return ("format error in CRL's lastUpdate field"); + return "format error in CRL's lastUpdate field"; case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: - return ("format error in CRL's nextUpdate field"); + return "format error in CRL's nextUpdate field"; case X509_V_ERR_OUT_OF_MEM: - return ("out of memory"); + return "out of memory"; case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: - return ("self signed certificate"); + return "self signed certificate"; case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: - return ("self signed certificate in certificate chain"); + return "self signed certificate in certificate chain"; case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: - return ("unable to get local issuer certificate"); + return "unable to get local issuer certificate"; case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: - return ("unable to verify the first certificate"); + return "unable to verify the first certificate"; case X509_V_ERR_CERT_CHAIN_TOO_LONG: - return ("certificate chain too long"); + return "certificate chain too long"; case X509_V_ERR_CERT_REVOKED: - return ("certificate revoked"); + return "certificate revoked"; case X509_V_ERR_INVALID_CA: - return ("invalid CA certificate"); + return "invalid CA certificate"; case X509_V_ERR_PATH_LENGTH_EXCEEDED: - return ("path length constraint exceeded"); + return "path length constraint exceeded"; case X509_V_ERR_INVALID_PURPOSE: - return ("unsupported certificate purpose"); + return "unsupported certificate purpose"; case X509_V_ERR_CERT_UNTRUSTED: - return ("certificate not trusted"); + return "certificate not trusted"; case X509_V_ERR_CERT_REJECTED: - return ("certificate rejected"); + return "certificate rejected"; case X509_V_ERR_SUBJECT_ISSUER_MISMATCH: - return ("subject issuer mismatch"); + return "subject issuer mismatch"; case X509_V_ERR_AKID_SKID_MISMATCH: - return ("authority and subject key identifier mismatch"); + return "authority and subject key identifier mismatch"; case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: - return ("authority and issuer serial number mismatch"); + return "authority and issuer serial number mismatch"; case X509_V_ERR_KEYUSAGE_NO_CERTSIGN: - return ("key usage does not include certificate signing"); + return "key usage does not include certificate signing"; case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: - return ("unable to get CRL issuer certificate"); + return "unable to get CRL issuer certificate"; case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: - return ("unhandled critical extension"); + return "unhandled critical extension"; case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN: - return ("key usage does not include CRL signing"); + return "key usage does not include CRL signing"; case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION: - return ("unhandled critical CRL extension"); + return "unhandled critical CRL extension"; case X509_V_ERR_INVALID_NON_CA: - return ("invalid non-CA certificate (has CA markings)"); + return "invalid non-CA certificate (has CA markings)"; case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED: - return ("proxy path length constraint exceeded"); + return "proxy path length constraint exceeded"; case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE: - return ("key usage does not include digital signature"); + return "key usage does not include digital signature"; case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED: return - ("proxy certificates not allowed, please set the appropriate flag"); + "proxy certificates not allowed, please set the appropriate flag"; case X509_V_ERR_INVALID_EXTENSION: - return ("invalid or inconsistent certificate extension"); + return "invalid or inconsistent certificate extension"; case X509_V_ERR_INVALID_POLICY_EXTENSION: - return ("invalid or inconsistent certificate policy extension"); + return "invalid or inconsistent certificate policy extension"; case X509_V_ERR_NO_EXPLICIT_POLICY: - return ("no explicit policy"); + return "no explicit policy"; case X509_V_ERR_DIFFERENT_CRL_SCOPE: - return ("Different CRL scope"); + return "Different CRL scope"; case X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: - return ("Unsupported extension feature"); + return "Unsupported extension feature"; case X509_V_ERR_UNNESTED_RESOURCE: - return ("RFC 3779 resource not subset of parent's resources"); + return "RFC 3779 resource not subset of parent's resources"; case X509_V_ERR_PERMITTED_VIOLATION: - return ("permitted subtree violation"); + return "permitted subtree violation"; case X509_V_ERR_EXCLUDED_VIOLATION: - return ("excluded subtree violation"); + return "excluded subtree violation"; case X509_V_ERR_SUBTREE_MINMAX: - return ("name constraints minimum and maximum not supported"); + return "name constraints minimum and maximum not supported"; case X509_V_ERR_APPLICATION_VERIFICATION: - return ("application verification failure"); + return "application verification failure"; case X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: - return ("unsupported name constraint type"); + return "unsupported name constraint type"; case X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: - return ("unsupported or invalid name constraint syntax"); + return "unsupported or invalid name constraint syntax"; case X509_V_ERR_UNSUPPORTED_NAME_SYNTAX: - return ("unsupported or invalid name syntax"); + return "unsupported or invalid name syntax"; case X509_V_ERR_CRL_PATH_VALIDATION_ERROR: - return ("CRL path validation error"); + return "CRL path validation error"; case X509_V_ERR_PATH_LOOP: - return ("Path Loop"); + return "Path Loop"; case X509_V_ERR_SUITE_B_INVALID_VERSION: - return ("Suite B: certificate version invalid"); + return "Suite B: certificate version invalid"; case X509_V_ERR_SUITE_B_INVALID_ALGORITHM: - return ("Suite B: invalid public key algorithm"); + return "Suite B: invalid public key algorithm"; case X509_V_ERR_SUITE_B_INVALID_CURVE: - return ("Suite B: invalid ECC curve"); + return "Suite B: invalid ECC curve"; case X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM: - return ("Suite B: invalid signature algorithm"); + return "Suite B: invalid signature algorithm"; case X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED: - return ("Suite B: curve not allowed for this LOS"); + return "Suite B: curve not allowed for this LOS"; case X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256: - return ("Suite B: cannot sign P-384 with P-256"); + return "Suite B: cannot sign P-384 with P-256"; case X509_V_ERR_HOSTNAME_MISMATCH: - return ("Hostname mismatch"); + return "Hostname mismatch"; case X509_V_ERR_EMAIL_MISMATCH: - return ("Email address mismatch"); + return "Email address mismatch"; case X509_V_ERR_IP_ADDRESS_MISMATCH: - return ("IP address mismatch"); + return "IP address mismatch"; case X509_V_ERR_DANE_NO_MATCH: - return ("No matching DANE TLSA records"); + return "No matching DANE TLSA records"; case X509_V_ERR_EE_KEY_TOO_SMALL: - return ("EE certificate key too weak"); + return "EE certificate key too weak"; case X509_V_ERR_CA_KEY_TOO_SMALL: - return ("CA certificate key too weak"); + return "CA certificate key too weak"; case X509_V_ERR_CA_MD_TOO_WEAK: - return ("CA signature digest algorithm too weak"); + return "CA signature digest algorithm too weak"; case X509_V_ERR_INVALID_CALL: - return ("Invalid certificate verification context"); + return "Invalid certificate verification context"; case X509_V_ERR_STORE_LOOKUP: - return ("Issuer certificate lookup error"); + return "Issuer certificate lookup error"; case X509_V_ERR_NO_VALID_SCTS: - return ("Certificate Transparency required, but no valid SCTs found"); + return "Certificate Transparency required, but no valid SCTs found"; case X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION: - return ("proxy subject name violation"); + return "proxy subject name violation"; + case X509_V_ERR_OCSP_VERIFY_NEEDED: + return "OCSP verification needed"; + case X509_V_ERR_OCSP_VERIFY_FAILED: + return "OCSP verification failed"; + case X509_V_ERR_OCSP_CERT_UNKNOWN: + return "OCSP unknown cert"; default: /* Printing an error number into a static buffer is not thread-safe */ - return ("unknown certificate verification error"); + return "unknown certificate verification error"; } } diff --git a/deps/openssl/openssl/crypto/x509/x509_v3.c b/deps/openssl/openssl/crypto/x509/x509_v3.c index 19016bb1e1651e..75ae767d608c94 100644 --- a/deps/openssl/openssl/crypto/x509/x509_v3.c +++ b/deps/openssl/openssl/crypto/x509/x509_v3.c @@ -9,7 +9,7 @@ #include #include "internal/cryptlib.h" -#include +#include #include #include #include @@ -20,8 +20,8 @@ int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x) { if (x == NULL) - return (0); - return (sk_X509_EXTENSION_num(x)); + return 0; + return sk_X509_EXTENSION_num(x); } int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid, @@ -31,8 +31,8 @@ int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid, obj = OBJ_nid2obj(nid); if (obj == NULL) - return (-2); - return (X509v3_get_ext_by_OBJ(x, obj, lastpos)); + return -2; + return X509v3_get_ext_by_OBJ(x, obj, lastpos); } int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk, @@ -42,7 +42,7 @@ int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk, X509_EXTENSION *ex; if (sk == NULL) - return (-1); + return -1; lastpos++; if (lastpos < 0) lastpos = 0; @@ -50,9 +50,9 @@ int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk, for (; lastpos < n; lastpos++) { ex = sk_X509_EXTENSION_value(sk, lastpos); if (OBJ_cmp(ex->object, obj) == 0) - return (lastpos); + return lastpos; } - return (-1); + return -1; } int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit, @@ -62,7 +62,7 @@ int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit, X509_EXTENSION *ex; if (sk == NULL) - return (-1); + return -1; lastpos++; if (lastpos < 0) lastpos = 0; @@ -70,9 +70,9 @@ int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit, for (; lastpos < n; lastpos++) { ex = sk_X509_EXTENSION_value(sk, lastpos); if (((ex->critical > 0) && crit) || ((ex->critical <= 0) && !crit)) - return (lastpos); + return lastpos; } - return (-1); + return -1; } X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc) @@ -88,9 +88,9 @@ X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc) X509_EXTENSION *ret; if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0) - return (NULL); + return NULL; ret = sk_X509_EXTENSION_delete(x, loc); - return (ret); + return ret; } STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, @@ -123,14 +123,14 @@ STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, goto err; if (*x == NULL) *x = sk; - return (sk); + return sk; err: X509err(X509_F_X509V3_ADD_EXT, ERR_R_MALLOC_FAILURE); err2: X509_EXTENSION_free(new_ex); if (x != NULL && *x == NULL) sk_X509_EXTENSION_free(sk); - return (NULL); + return NULL; } X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid, @@ -143,12 +143,12 @@ X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid, obj = OBJ_nid2obj(nid); if (obj == NULL) { X509err(X509_F_X509_EXTENSION_CREATE_BY_NID, X509_R_UNKNOWN_NID); - return (NULL); + return NULL; } ret = X509_EXTENSION_create_by_OBJ(ex, obj, crit, data); if (ret == NULL) ASN1_OBJECT_free(obj); - return (ret); + return ret; } X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, @@ -161,7 +161,7 @@ X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, if ((ret = X509_EXTENSION_new()) == NULL) { X509err(X509_F_X509_EXTENSION_CREATE_BY_OBJ, ERR_R_MALLOC_FAILURE); - return (NULL); + return NULL; } } else ret = *ex; @@ -175,17 +175,17 @@ X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, if ((ex != NULL) && (*ex == NULL)) *ex = ret; - return (ret); + return ret; err: if ((ex == NULL) || (ret != *ex)) X509_EXTENSION_free(ret); - return (NULL); + return NULL; } int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj) { if ((ex == NULL) || (obj == NULL)) - return (0); + return 0; ASN1_OBJECT_free(ex->object); ex->object = OBJ_dup(obj); return ex->object != NULL; @@ -194,9 +194,9 @@ int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj) int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit) { if (ex == NULL) - return (0); + return 0; ex->critical = (crit) ? 0xFF : -1; - return (1); + return 1; } int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data) @@ -204,31 +204,31 @@ int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data) int i; if (ex == NULL) - return (0); + return 0; i = ASN1_OCTET_STRING_set(&ex->value, data->data, data->length); if (!i) - return (0); - return (1); + return 0; + return 1; } ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex) { if (ex == NULL) - return (NULL); - return (ex->object); + return NULL; + return ex->object; } ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ex) { if (ex == NULL) - return (NULL); + return NULL; return &ex->value; } int X509_EXTENSION_get_critical(const X509_EXTENSION *ex) { if (ex == NULL) - return (0); + return 0; if (ex->critical > 0) return 1; return 0; diff --git a/deps/openssl/openssl/crypto/x509/x509_vfy.c b/deps/openssl/openssl/crypto/x509/x509_vfy.c index ba186d30b044ef..61e81922b4dab1 100644 --- a/deps/openssl/openssl/crypto/x509/x509_vfy.c +++ b/deps/openssl/openssl/crypto/x509/x509_vfy.c @@ -7,23 +7,22 @@ * https://www.openssl.org/source/license.html */ -#include #include #include #include #include +#include "internal/ctype.h" #include "internal/cryptlib.h" #include -#include #include #include #include #include #include #include -#include -#include +#include "internal/dane.h" +#include "internal/x509_int.h" #include "x509_lcl.h" /* CRL score values */ @@ -367,6 +366,7 @@ static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx, X509_NAME *nm) STACK_OF(X509) *sk = NULL; X509 *x; int i; + for (i = 0; i < sk_X509_num(ctx->other_ctx); i++) { x = sk_X509_value(ctx->other_ctx, i); if (X509_NAME_cmp(nm, X509_get_subject_name(x)) == 0) { @@ -374,6 +374,8 @@ static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx, X509_NAME *nm) sk = sk_X509_new_null(); if (sk == NULL || sk_X509_push(sk, x) == 0) { sk_X509_pop_free(sk, X509_free); + X509err(X509_F_LOOKUP_CERTS_SK, ERR_R_MALLOC_FAILURE); + ctx->error = X509_V_ERR_OUT_OF_MEM; return NULL; } X509_up_ref(x); @@ -1817,7 +1819,7 @@ int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time) * Digit and date ranges will be verified in the conversion methods. */ for (i = 0; i < ctm->length - 1; i++) { - if (!isdigit(ctm->data[i])) + if (!ossl_isdigit(ctm->data[i])) return 0; } if (ctm->data[ctm->length - 1] != 'Z') @@ -2870,7 +2872,11 @@ static int build_chain(X509_STORE_CTX *ctx) int i; /* Our chain starts with a single untrusted element. */ - OPENSSL_assert(num == 1 && ctx->num_untrusted == num); + if (!ossl_assert(num == 1 && ctx->num_untrusted == num)) { + X509err(X509_F_BUILD_CHAIN, ERR_R_INTERNAL_ERROR); + ctx->error = X509_V_ERR_UNSPECIFIED; + return 0; + } #define S_DOUNTRUSTED (1 << 0) /* Search untrusted chain */ #define S_DOTRUSTED (1 << 1) /* Search trusted store */ @@ -3007,7 +3013,14 @@ static int build_chain(X509_STORE_CTX *ctx) * certificate among the ones from the trust store. */ if ((search & S_DOALTERNATE) != 0) { - OPENSSL_assert(num > i && i > 0 && ss == 0); + if (!ossl_assert(num > i && i > 0 && ss == 0)) { + X509err(X509_F_BUILD_CHAIN, ERR_R_INTERNAL_ERROR); + X509_free(xtmp); + trust = X509_TRUST_REJECTED; + ctx->error = X509_V_ERR_UNSPECIFIED; + search = 0; + continue; + } search &= ~S_DOALTERNATE; for (; num > i; --num) X509_free(sk_X509_pop(ctx->chain)); @@ -3070,7 +3083,13 @@ static int build_chain(X509_STORE_CTX *ctx) * certificate with ctx->num_untrusted <= num. */ if (ok) { - OPENSSL_assert(ctx->num_untrusted <= num); + if (!ossl_assert(ctx->num_untrusted <= num)) { + X509err(X509_F_BUILD_CHAIN, ERR_R_INTERNAL_ERROR); + trust = X509_TRUST_REJECTED; + ctx->error = X509_V_ERR_UNSPECIFIED; + search = 0; + continue; + } search &= ~S_DOUNTRUSTED; switch (trust = check_trust(ctx, num)) { case X509_TRUST_TRUSTED: @@ -3109,7 +3128,13 @@ static int build_chain(X509_STORE_CTX *ctx) */ if ((search & S_DOUNTRUSTED) != 0) { num = sk_X509_num(ctx->chain); - OPENSSL_assert(num == ctx->num_untrusted); + if (!ossl_assert(num == ctx->num_untrusted)) { + X509err(X509_F_BUILD_CHAIN, ERR_R_INTERNAL_ERROR); + trust = X509_TRUST_REJECTED; + ctx->error = X509_V_ERR_UNSPECIFIED; + search = 0; + continue; + } x = sk_X509_value(ctx->chain, num-1); /* @@ -3228,8 +3253,6 @@ static int check_key_level(X509_STORE_CTX *ctx, X509 *cert) */ static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert) { - int nid = X509_get_signature_nid(cert); - int mdnid = NID_undef; int secbits = -1; int level = ctx->param->auth_level; @@ -3238,18 +3261,8 @@ static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert) if (level > NUM_AUTH_LEVELS) level = NUM_AUTH_LEVELS; - /* We are not able to look up the CA MD for RSA PSS in this version */ - if (nid == NID_rsassaPss) - return 1; - - /* Lookup signature algorithm digest */ - if (nid && OBJ_find_sigid_algs(nid, &mdnid, NULL)) { - const EVP_MD *md; - - /* Assume 4 bits of collision resistance for each hash octet */ - if (mdnid != NID_undef && (md = EVP_get_digestbynid(mdnid)) != NULL) - secbits = EVP_MD_size(md) * 4; - } + if (!X509_get_signature_info(cert, NULL, NULL, &secbits, NULL)) + return 0; return secbits >= minbits_table[level - 1]; } diff --git a/deps/openssl/openssl/crypto/x509/x509_vpm.c b/deps/openssl/openssl/crypto/x509/x509_vpm.c index 9bc4c611013029..aea186295c2a02 100644 --- a/deps/openssl/openssl/crypto/x509/x509_vpm.c +++ b/deps/openssl/openssl/crypto/x509/x509_vpm.c @@ -11,7 +11,6 @@ #include "internal/cryptlib.h" #include -#include #include #include #include @@ -79,50 +78,32 @@ static int int_x509_param_set_hosts(X509_VERIFY_PARAM *vpm, int mode, return 1; } -static void x509_verify_param_zero(X509_VERIFY_PARAM *param) -{ - if (!param) - return; - param->name = NULL; - param->purpose = 0; - param->trust = X509_TRUST_DEFAULT; - /* - * param->inh_flags = X509_VP_FLAG_DEFAULT; - */ - param->inh_flags = 0; - param->flags = 0; - param->depth = -1; - param->auth_level = -1; /* -1 means unset, 0 is explicit */ - sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); - param->policies = NULL; - sk_OPENSSL_STRING_pop_free(param->hosts, str_free); - param->hosts = NULL; - OPENSSL_free(param->peername); - param->peername = NULL; - OPENSSL_free(param->email); - param->email = NULL; - param->emaillen = 0; - OPENSSL_free(param->ip); - param->ip = NULL; - param->iplen = 0; -} X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) { X509_VERIFY_PARAM *param; param = OPENSSL_zalloc(sizeof(*param)); - if (param == NULL) + if (param == NULL) { + X509err(X509_F_X509_VERIFY_PARAM_NEW, ERR_R_MALLOC_FAILURE); return NULL; - x509_verify_param_zero(param); + } + param->trust = X509_TRUST_DEFAULT; + /* param->inh_flags = X509_VP_FLAG_DEFAULT; */ + param->depth = -1; + param->auth_level = -1; /* -1 means unset, 0 is explicit */ return param; } void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param) { - if (!param) + if (param == NULL) return; - x509_verify_param_zero(param); + sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); + sk_OPENSSL_STRING_pop_free(param->hosts, str_free); + OPENSSL_free(param->peername); + OPENSSL_free(param->email); + OPENSSL_free(param->ip); OPENSSL_free(param); } @@ -574,10 +555,9 @@ int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param) return 0; } else { idx = sk_X509_VERIFY_PARAM_find(param_table, param); - if (idx != -1) { - ptmp = sk_X509_VERIFY_PARAM_value(param_table, idx); + if (idx >= 0) { + ptmp = sk_X509_VERIFY_PARAM_delete(param_table, idx); X509_VERIFY_PARAM_free(ptmp); - (void)sk_X509_VERIFY_PARAM_delete(param_table, idx); } } if (!sk_X509_VERIFY_PARAM_push(param_table, param)) @@ -607,9 +587,9 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name) X509_VERIFY_PARAM pm; pm.name = (char *)name; - if (param_table) { + if (param_table != NULL) { idx = sk_X509_VERIFY_PARAM_find(param_table, &pm); - if (idx != -1) + if (idx >= 0) return sk_X509_VERIFY_PARAM_value(param_table, idx); } return OBJ_bsearch_table(&pm, default_table, OSSL_NELEM(default_table)); diff --git a/deps/openssl/openssl/crypto/x509/x509cset.c b/deps/openssl/openssl/crypto/x509/x509cset.c index 205785961bf216..7645ce37597061 100644 --- a/deps/openssl/openssl/crypto/x509/x509cset.c +++ b/deps/openssl/openssl/crypto/x509/x509cset.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,6 +9,7 @@ #include #include "internal/cryptlib.h" +#include "internal/refcount.h" #include #include #include @@ -18,19 +19,19 @@ int X509_CRL_set_version(X509_CRL *x, long version) { if (x == NULL) - return (0); + return 0; if (x->crl.version == NULL) { if ((x->crl.version = ASN1_INTEGER_new()) == NULL) - return (0); + return 0; } - return (ASN1_INTEGER_set(x->crl.version, version)); + return ASN1_INTEGER_set(x->crl.version, version); } int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name) { if (x == NULL) - return (0); - return (X509_NAME_set(&x->crl.issuer, name)); + return 0; + return X509_NAME_set(&x->crl.issuer, name); } int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm) @@ -67,7 +68,7 @@ int X509_CRL_up_ref(X509_CRL *crl) { int i; - if (CRYPTO_atomic_add(&crl->references, 1, &i, crl->lock) <= 0) + if (CRYPTO_UP_REF(&crl->references, &i, crl->lock) <= 0) return 0; REF_PRINT_COUNT("X509_CRL", crl); @@ -141,7 +142,7 @@ int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm) ASN1_TIME *in; if (x == NULL) - return (0); + return 0; in = x->revocationDate; if (in != tm) { in = ASN1_STRING_dup(tm); @@ -163,7 +164,7 @@ int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial) ASN1_INTEGER *in; if (x == NULL) - return (0); + return 0; in = &x->serialNumber; if (in != serial) return ASN1_STRING_copy(in, serial); diff --git a/deps/openssl/openssl/crypto/x509/x509name.c b/deps/openssl/openssl/crypto/x509/x509name.c index 81dce376f856e8..64a73e793fdf5c 100644 --- a/deps/openssl/openssl/crypto/x509/x509name.c +++ b/deps/openssl/openssl/crypto/x509/x509name.c @@ -9,7 +9,7 @@ #include #include "internal/cryptlib.h" -#include +#include #include #include #include @@ -22,33 +22,35 @@ int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len) obj = OBJ_nid2obj(nid); if (obj == NULL) - return (-1); - return (X509_NAME_get_text_by_OBJ(name, obj, buf, len)); + return -1; + return X509_NAME_get_text_by_OBJ(name, obj, buf, len); } -int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, char *buf, - int len) +int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, + char *buf, int len) { int i; const ASN1_STRING *data; i = X509_NAME_get_index_by_OBJ(name, obj, -1); if (i < 0) - return (-1); + return -1; data = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, i)); - i = (data->length > (len - 1)) ? (len - 1) : data->length; if (buf == NULL) - return (data->length); + return data->length; + if (len <= 0) + return 0; + i = (data->length > (len - 1)) ? (len - 1) : data->length; memcpy(buf, data->data, i); buf[i] = '\0'; - return (i); + return i; } int X509_NAME_entry_count(const X509_NAME *name) { if (name == NULL) - return (0); - return (sk_X509_NAME_ENTRY_num(name->entries)); + return 0; + return sk_X509_NAME_ENTRY_num(name->entries); } int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos) @@ -57,8 +59,8 @@ int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos) obj = OBJ_nid2obj(nid); if (obj == NULL) - return (-2); - return (X509_NAME_get_index_by_OBJ(name, obj, lastpos)); + return -2; + return X509_NAME_get_index_by_OBJ(name, obj, lastpos); } /* NOTE: you should be passing -1, not 0 as lastpos */ @@ -69,7 +71,7 @@ int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int last STACK_OF(X509_NAME_ENTRY) *sk; if (name == NULL) - return (-1); + return -1; if (lastpos < 0) lastpos = -1; sk = name->entries; @@ -77,18 +79,18 @@ int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int last for (lastpos++; lastpos < n; lastpos++) { ne = sk_X509_NAME_ENTRY_value(sk, lastpos); if (OBJ_cmp(ne->object, obj) == 0) - return (lastpos); + return lastpos; } - return (-1); + return -1; } X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc) { if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc || loc < 0) - return (NULL); - else - return (sk_X509_NAME_ENTRY_value(name->entries, loc)); + return NULL; + + return sk_X509_NAME_ENTRY_value(name->entries, loc); } X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc) @@ -99,13 +101,14 @@ X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc) if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc || loc < 0) - return (NULL); + return NULL; + sk = name->entries; ret = sk_X509_NAME_ENTRY_delete(sk, loc); n = sk_X509_NAME_ENTRY_num(sk); name->modified = 1; if (loc == n) - return (ret); + return ret; /* else we need to fixup the set field */ if (loc != 0) @@ -127,7 +130,7 @@ X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc) if (set_prev + 1 < set_next) for (i = loc; i < n; i++) sk_X509_NAME_ENTRY_value(sk, i)->set--; - return (ret); + return ret; } int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type, @@ -136,6 +139,7 @@ int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type { X509_NAME_ENTRY *ne; int ret; + ne = X509_NAME_ENTRY_create_by_OBJ(NULL, obj, type, bytes, len); if (!ne) return 0; @@ -184,7 +188,7 @@ int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, int loc, STACK_OF(X509_NAME_ENTRY) *sk; if (name == NULL) - return (0); + return 0; sk = name->entries; n = sk_X509_NAME_ENTRY_num(sk); if (loc > n) @@ -228,10 +232,10 @@ int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, int loc, for (i = loc + 1; i < n; i++) sk_X509_NAME_ENTRY_value(sk, i)->set += 1; } - return (1); + return 1; err: X509_NAME_ENTRY_free(new_name); - return (0); + return 0; } X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, @@ -247,7 +251,7 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT, X509_R_INVALID_FIELD_NAME); ERR_add_error_data(2, "name=", field); - return (NULL); + return NULL; } nentry = X509_NAME_ENTRY_create_by_OBJ(ne, obj, type, bytes, len); ASN1_OBJECT_free(obj); @@ -265,7 +269,7 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, obj = OBJ_nid2obj(nid); if (obj == NULL) { X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID, X509_R_UNKNOWN_NID); - return (NULL); + return NULL; } nentry = X509_NAME_ENTRY_create_by_OBJ(ne, obj, type, bytes, len); ASN1_OBJECT_free(obj); @@ -281,7 +285,7 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, if ((ne == NULL) || (*ne == NULL)) { if ((ret = X509_NAME_ENTRY_new()) == NULL) - return (NULL); + return NULL; } else ret = *ne; @@ -292,11 +296,11 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, if ((ne != NULL) && (*ne == NULL)) *ne = ret; - return (ret); + return ret; err: if ((ne == NULL) || (ret != *ne)) X509_NAME_ENTRY_free(ret); - return (NULL); + return NULL; } int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj) @@ -304,7 +308,7 @@ int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj) if ((ne == NULL) || (obj == NULL)) { X509err(X509_F_X509_NAME_ENTRY_SET_OBJECT, ERR_R_PASSED_NULL_PARAMETER); - return (0); + return 0; } ASN1_OBJECT_free(ne->object); ne->object = OBJ_dup(obj); @@ -317,7 +321,7 @@ int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, int i; if ((ne == NULL) || ((bytes == NULL) && (len != 0))) - return (0); + return 0; if ((type > 0) && (type & MBSTRING_FLAG)) return ASN1_STRING_set_by_NID(&ne->value, bytes, len, type, @@ -326,28 +330,28 @@ int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, len = strlen((const char *)bytes); i = ASN1_STRING_set(ne->value, bytes, len); if (!i) - return (0); + return 0; if (type != V_ASN1_UNDEF) { if (type == V_ASN1_APP_CHOOSE) ne->value->type = ASN1_PRINTABLE_type(bytes, len); else ne->value->type = type; } - return (1); + return 1; } ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne) { if (ne == NULL) - return (NULL); - return (ne->object); + return NULL; + return ne->object; } ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne) { if (ne == NULL) - return (NULL); - return (ne->value); + return NULL; + return ne->value; } int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne) diff --git a/deps/openssl/openssl/crypto/x509/x509rset.c b/deps/openssl/openssl/crypto/x509/x509rset.c index 6dee297a19138a..e8921b82a83865 100644 --- a/deps/openssl/openssl/crypto/x509/x509rset.c +++ b/deps/openssl/openssl/crypto/x509/x509rset.c @@ -18,23 +18,23 @@ int X509_REQ_set_version(X509_REQ *x, long version) { if (x == NULL) - return (0); + return 0; x->req_info.enc.modified = 1; - return (ASN1_INTEGER_set(x->req_info.version, version)); + return ASN1_INTEGER_set(x->req_info.version, version); } int X509_REQ_set_subject_name(X509_REQ *x, X509_NAME *name) { if (x == NULL) - return (0); + return 0; x->req_info.enc.modified = 1; - return (X509_NAME_set(&x->req_info.subject, name)); + return X509_NAME_set(&x->req_info.subject, name); } int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey) { if (x == NULL) - return (0); + return 0; x->req_info.enc.modified = 1; - return (X509_PUBKEY_set(&x->req_info.pubkey, pkey)); + return X509_PUBKEY_set(&x->req_info.pubkey, pkey); } diff --git a/deps/openssl/openssl/crypto/x509/x509spki.c b/deps/openssl/openssl/crypto/x509/x509spki.c index b142485dbbd2f2..fd8162af6df2e3 100644 --- a/deps/openssl/openssl/crypto/x509/x509spki.c +++ b/deps/openssl/openssl/crypto/x509/x509spki.c @@ -14,15 +14,15 @@ int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey) { if ((x == NULL) || (x->spkac == NULL)) - return (0); - return (X509_PUBKEY_set(&(x->spkac->pubkey), pkey)); + return 0; + return X509_PUBKEY_set(&(x->spkac->pubkey), pkey); } EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x) { if ((x == NULL) || (x->spkac == NULL)) - return (NULL); - return (X509_PUBKEY_get(x->spkac->pubkey)); + return NULL; + return X509_PUBKEY_get(x->spkac->pubkey); } /* Load a Netscape SPKI from a base64 encoded string */ diff --git a/deps/openssl/openssl/crypto/x509/x509type.c b/deps/openssl/openssl/crypto/x509/x509type.c index aca8355273309d..0e33b424be5177 100644 --- a/deps/openssl/openssl/crypto/x509/x509type.c +++ b/deps/openssl/openssl/crypto/x509/x509type.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -19,7 +19,7 @@ int X509_certificate_type(const X509 *x, const EVP_PKEY *pkey) int ret = 0, i; if (x == NULL) - return (0); + return 0; if (pkey == NULL) pk = X509_get0_pubkey(x); @@ -27,7 +27,7 @@ int X509_certificate_type(const X509 *x, const EVP_PKEY *pkey) pk = pkey; if (pk == NULL) - return (0); + return 0; switch (EVP_PKEY_id(pk)) { case EVP_PKEY_RSA: @@ -35,12 +35,19 @@ int X509_certificate_type(const X509 *x, const EVP_PKEY *pkey) /* if (!sign only extension) */ ret |= EVP_PKT_ENC; break; + case EVP_PKEY_RSA_PSS: + ret = EVP_PK_RSA | EVP_PKT_SIGN; + break; case EVP_PKEY_DSA: ret = EVP_PK_DSA | EVP_PKT_SIGN; break; case EVP_PKEY_EC: ret = EVP_PK_EC | EVP_PKT_SIGN | EVP_PKT_EXCH; break; + case EVP_PKEY_ED448: + case EVP_PKEY_ED25519: + ret = EVP_PKT_SIGN; + break; case EVP_PKEY_DH: ret = EVP_PK_DH | EVP_PKT_EXCH; break; @@ -73,5 +80,5 @@ int X509_certificate_type(const X509 *x, const EVP_PKEY *pkey) } } - return (ret); + return ret; } diff --git a/deps/openssl/openssl/crypto/x509/x_all.c b/deps/openssl/openssl/crypto/x509/x_all.c index 42bd161185b3ad..24e4114601caec 100644 --- a/deps/openssl/openssl/crypto/x509/x_all.c +++ b/deps/openssl/openssl/crypto/x509/x_all.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,7 +9,6 @@ #include #include "internal/cryptlib.h" -#include #include #include #include diff --git a/deps/openssl/openssl/crypto/x509/x_attrib.c b/deps/openssl/openssl/crypto/x509/x_attrib.c index 35f4aeef2a9d88..9a41e547cb2eea 100644 --- a/deps/openssl/openssl/crypto/x509/x_attrib.c +++ b/deps/openssl/openssl/crypto/x509/x_attrib.c @@ -39,7 +39,7 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value) ASN1_TYPE *val = NULL; if ((ret = X509_ATTRIBUTE_new()) == NULL) - return (NULL); + return NULL; ret->object = OBJ_nid2obj(nid); if ((val = ASN1_TYPE_new()) == NULL) goto err; @@ -47,9 +47,9 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value) goto err; ASN1_TYPE_set(val, atrtype, value); - return (ret); + return ret; err: X509_ATTRIBUTE_free(ret); ASN1_TYPE_free(val); - return (NULL); + return NULL; } diff --git a/deps/openssl/openssl/crypto/x509/x_crl.c b/deps/openssl/openssl/crypto/x509/x_crl.c index dbed850b37ff57..10733b58bca289 100644 --- a/deps/openssl/openssl/crypto/x509/x_crl.c +++ b/deps/openssl/openssl/crypto/x509/x_crl.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -309,6 +309,7 @@ static int X509_REVOKED_cmp(const X509_REVOKED *const *a, int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev) { X509_CRL_INFO *inf; + inf = &crl->crl; if (inf->revoked == NULL) inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp); @@ -382,8 +383,11 @@ static int def_crl_lookup(X509_CRL *crl, X509_NAME *issuer) { X509_REVOKED rtmp, *rev; - int idx; - rtmp.serialNumber = *serial; + int idx, num; + + if (crl->crl.revoked == NULL) + return 0; + /* * Sort revoked into serial number order if not already sorted. Do this * under a lock to avoid race condition. @@ -393,11 +397,12 @@ static int def_crl_lookup(X509_CRL *crl, sk_X509_REVOKED_sort(crl->crl.revoked); CRYPTO_THREAD_unlock(crl->lock); } + rtmp.serialNumber = *serial; idx = sk_X509_REVOKED_find(crl->crl.revoked, &rtmp); if (idx < 0) return 0; /* Need to look for matching name */ - for (; idx < sk_X509_REVOKED_num(crl->crl.revoked); idx++) { + for (num = sk_X509_REVOKED_num(crl->crl.revoked); idx < num; idx++) { rev = sk_X509_REVOKED_value(crl->crl.revoked, idx); if (ASN1_INTEGER_cmp(&rev->serialNumber, serial)) return 0; @@ -429,10 +434,12 @@ X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl), int (*crl_verify) (X509_CRL *crl, EVP_PKEY *pk)) { - X509_CRL_METHOD *m; - m = OPENSSL_malloc(sizeof(*m)); - if (m == NULL) + X509_CRL_METHOD *m = OPENSSL_malloc(sizeof(*m)); + + if (m == NULL) { + X509err(X509_F_X509_CRL_METHOD_NEW, ERR_R_MALLOC_FAILURE); return NULL; + } m->crl_init = crl_init; m->crl_free = crl_free; m->crl_lookup = crl_lookup; diff --git a/deps/openssl/openssl/crypto/x509/x_name.c b/deps/openssl/openssl/crypto/x509/x_name.c index 1a33dc1daa7c06..a1e9bbdb669d0c 100644 --- a/deps/openssl/openssl/crypto/x509/x_name.c +++ b/deps/openssl/openssl/crypto/x509/x_name.c @@ -8,7 +8,7 @@ */ #include -#include +#include "internal/ctype.h" #include "internal/cryptlib.h" #include #include @@ -300,7 +300,7 @@ static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval, static int x509_name_canon(X509_NAME *a) { unsigned char *p; - STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname = NULL; + STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname; STACK_OF(X509_NAME_ENTRY) *entries = NULL; X509_NAME_ENTRY *entry, *tmpentry = NULL; int i, set = -1, ret = 0, len; @@ -313,44 +313,53 @@ static int x509_name_canon(X509_NAME *a) return 1; } intname = sk_STACK_OF_X509_NAME_ENTRY_new_null(); - if (!intname) + if (intname == NULL) { + X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE); goto err; + } for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) { entry = sk_X509_NAME_ENTRY_value(a->entries, i); if (entry->set != set) { entries = sk_X509_NAME_ENTRY_new_null(); - if (!entries) + if (entries == NULL) goto err; if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries)) { sk_X509_NAME_ENTRY_free(entries); + X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE); goto err; } set = entry->set; } tmpentry = X509_NAME_ENTRY_new(); - if (tmpentry == NULL) + if (tmpentry == NULL) { + X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE); goto err; + } tmpentry->object = OBJ_dup(entry->object); - if (tmpentry->object == NULL) + if (tmpentry->object == NULL) { + X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE); goto err; + } if (!asn1_string_canon(tmpentry->value, entry->value)) goto err; - if (!sk_X509_NAME_ENTRY_push(entries, tmpentry)) + if (!sk_X509_NAME_ENTRY_push(entries, tmpentry)) { + X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE); goto err; + } tmpentry = NULL; } /* Finally generate encoding */ - len = i2d_name_canon(intname, NULL); if (len < 0) goto err; a->canon_enclen = len; p = OPENSSL_malloc(a->canon_enclen); - - if (p == NULL) + if (p == NULL) { + X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE); goto err; + } a->canon_enc = p; @@ -359,7 +368,6 @@ static int x509_name_canon(X509_NAME *a) ret = 1; err: - X509_NAME_ENTRY_free(tmpentry); sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname, local_sk_X509_NAME_ENTRY_pop_free); @@ -398,11 +406,12 @@ static int asn1_string_canon(ASN1_STRING *out, const ASN1_STRING *in) /* * Convert string in place to canonical form. Ultimately we may need to * handle a wider range of characters but for now ignore anything with - * MSB set and rely on the isspace() and tolower() functions. + * MSB set and rely on the ossl_isspace() to fail on bad characters without + * needing isascii or range checks as well. */ /* Ignore leading spaces */ - while ((len > 0) && !(*from & 0x80) && isspace(*from)) { + while (len > 0 && ossl_isspace(*from)) { from++; len--; } @@ -410,7 +419,7 @@ static int asn1_string_canon(ASN1_STRING *out, const ASN1_STRING *in) to = from + len; /* Ignore trailing spaces */ - while ((len > 0) && !(to[-1] & 0x80) && isspace(to[-1])) { + while (len > 0 && ossl_isspace(to[-1])) { to--; len--; } @@ -419,13 +428,13 @@ static int asn1_string_canon(ASN1_STRING *out, const ASN1_STRING *in) i = 0; while (i < len) { - /* If MSB set just copy across */ - if (*from & 0x80) { + /* If not ASCII set just copy across */ + if (!ossl_isascii(*from)) { *to++ = *from++; i++; } /* Collapse multiple spaces */ - else if (isspace(*from)) { + else if (ossl_isspace(*from)) { /* Copy one space across */ *to++ = ' '; /* @@ -437,9 +446,9 @@ static int asn1_string_canon(ASN1_STRING *out, const ASN1_STRING *in) from++; i++; } - while (!(*from & 0x80) && isspace(*from)); + while (ossl_isspace(*from)); } else { - *to++ = tolower(*from); + *to++ = ossl_tolower(*from); from++; i++; } @@ -499,19 +508,10 @@ int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase) c = s; for (;;) { -#ifndef CHARSET_EBCDIC - if (((*s == '/') && - ((s[1] >= 'A') && (s[1] <= 'Z') && ((s[2] == '=') || - ((s[2] >= 'A') - && (s[2] <= 'Z') - && (s[3] == '=')) - ))) || (*s == '\0')) -#else if (((*s == '/') && - (isupper(s[1]) && ((s[2] == '=') || - (isupper(s[2]) && (s[3] == '=')) + (ossl_isupper(s[1]) && ((s[2] == '=') || + (ossl_isupper(s[2]) && (s[3] == '=')) ))) || (*s == '\0')) -#endif { i = s - c; if (BIO_write(bp, c, i) != i) diff --git a/deps/openssl/openssl/crypto/x509/x_pubkey.c b/deps/openssl/openssl/crypto/x509/x_pubkey.c index cc692834d1fa8a..d050b0b4b3e24b 100644 --- a/deps/openssl/openssl/crypto/x509/x_pubkey.c +++ b/deps/openssl/openssl/crypto/x509/x_pubkey.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -61,7 +61,7 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) X509_PUBKEY *pk = NULL; if (x == NULL) - return (0); + return 0; if ((pk = X509_PUBKEY_new()) == NULL) goto error; @@ -101,7 +101,7 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) static int x509_pubkey_decode(EVP_PKEY **ppkey, X509_PUBKEY *key) - { +{ EVP_PKEY *pkey = EVP_PKEY_new(); if (pkey == NULL) { @@ -206,7 +206,7 @@ int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp) if (!a) return 0; if (!X509_PUBKEY_set(&xpk, a)) - return 0; + return -1; ret = i2d_X509_PUBKEY(xpk, pp); X509_PUBKEY_free(xpk); return ret; @@ -246,7 +246,7 @@ int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp) pktmp = EVP_PKEY_new(); if (pktmp == NULL) { ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE); - return 0; + return -1; } EVP_PKEY_set1_RSA(pktmp, a); ret = i2d_PUBKEY(pktmp, pp); @@ -286,7 +286,7 @@ int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp) pktmp = EVP_PKEY_new(); if (pktmp == NULL) { ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE); - return 0; + return -1; } EVP_PKEY_set1_DSA(pktmp, a); ret = i2d_PUBKEY(pktmp, pp); @@ -304,17 +304,17 @@ EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length) q = *pp; pkey = d2i_PUBKEY(NULL, &q, length); if (!pkey) - return (NULL); + return NULL; key = EVP_PKEY_get1_EC_KEY(pkey); EVP_PKEY_free(pkey); if (!key) - return (NULL); + return NULL; *pp = q; if (a) { EC_KEY_free(*a); *a = key; } - return (key); + return key; } int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp) @@ -322,15 +322,15 @@ int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp) EVP_PKEY *pktmp; int ret; if (!a) - return (0); + return 0; if ((pktmp = EVP_PKEY_new()) == NULL) { ASN1err(ASN1_F_I2D_EC_PUBKEY, ERR_R_MALLOC_FAILURE); - return (0); + return -1; } EVP_PKEY_set1_EC_KEY(pktmp, a); ret = i2d_PUBKEY(pktmp, pp); EVP_PKEY_free(pktmp); - return (ret); + return ret; } #endif diff --git a/deps/openssl/openssl/crypto/x509/x_x509.c b/deps/openssl/openssl/crypto/x509/x_x509.c index 6783fd872849fd..4c04f12c949403 100644 --- a/deps/openssl/openssl/crypto/x509/x_x509.c +++ b/deps/openssl/openssl/crypto/x509/x_x509.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -89,12 +89,12 @@ IMPLEMENT_ASN1_DUP_FUNCTION(X509) int X509_set_ex_data(X509 *r, int idx, void *arg) { - return (CRYPTO_set_ex_data(&r->ex_data, idx, arg)); + return CRYPTO_set_ex_data(&r->ex_data, idx, arg); } void *X509_get_ex_data(X509 *r, int idx) { - return (CRYPTO_get_ex_data(&r->ex_data, idx)); + return CRYPTO_get_ex_data(&r->ex_data, idx); } /* @@ -145,8 +145,6 @@ static int i2d_x509_aux_internal(X509 *a, unsigned char **pp) int length, tmplen; unsigned char *start = pp != NULL ? *pp : NULL; - OPENSSL_assert(pp == NULL || *pp != NULL); - /* * This might perturb *pp on error, but fixing that belongs in i2d_X509() * not here. It should be that if a == NULL length is zero, but we check @@ -191,8 +189,10 @@ int i2d_X509_AUX(X509 *a, unsigned char **pp) /* Allocate requisite combined storage */ *pp = tmp = OPENSSL_malloc(length); - if (tmp == NULL) - return -1; /* Push error onto error stack? */ + if (tmp == NULL) { + X509err(X509_F_I2D_X509_AUX, ERR_R_MALLOC_FAILURE); + return -1; + } /* Encode, but keep *pp at the originally malloced pointer */ length = i2d_x509_aux_internal(a, &tmp); diff --git a/deps/openssl/openssl/crypto/x509v3/build.info b/deps/openssl/openssl/crypto/x509v3/build.info index 452a8b03ccee3f..4ab6488493678d 100644 --- a/deps/openssl/openssl/crypto/x509v3/build.info +++ b/deps/openssl/openssl/crypto/x509v3/build.info @@ -5,4 +5,4 @@ SOURCE[../../libcrypto]=\ v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c \ v3_akeya.c v3_pmaps.c v3_pcons.c v3_ncons.c v3_pcia.c v3_pci.c \ pcy_cache.c pcy_node.c pcy_data.c pcy_map.c pcy_tree.c pcy_lib.c \ - v3_asid.c v3_addr.c v3_tlsf.c + v3_asid.c v3_addr.c v3_tlsf.c v3_admis.c diff --git a/deps/openssl/openssl/crypto/x509v3/ext_dat.h b/deps/openssl/openssl/crypto/x509v3/ext_dat.h index c9ede960e12f8f..762e264bb22d2c 100644 --- a/deps/openssl/openssl/crypto/x509v3/ext_dat.h +++ b/deps/openssl/openssl/crypto/x509v3/ext_dat.h @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -22,3 +22,4 @@ extern const X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp, v3_idp; extern const X509V3_EXT_METHOD v3_addr, v3_asid; extern const X509V3_EXT_METHOD v3_ct_scts[3]; extern const X509V3_EXT_METHOD v3_tls_feature; +extern const X509V3_EXT_METHOD v3_ext_admission; diff --git a/deps/openssl/openssl/crypto/x509v3/pcy_cache.c b/deps/openssl/openssl/crypto/x509v3/pcy_cache.c index a9ee30a8d91356..623870b1f6f5c0 100644 --- a/deps/openssl/openssl/crypto/x509v3/pcy_cache.c +++ b/deps/openssl/openssl/crypto/x509v3/pcy_cache.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -26,21 +26,25 @@ static int policy_cache_set_int(long *out, ASN1_INTEGER *value); static int policy_cache_create(X509 *x, CERTIFICATEPOLICIES *policies, int crit) { - int i; - int ret = 0; + int i, num, ret = 0; X509_POLICY_CACHE *cache = x->policy_cache; X509_POLICY_DATA *data = NULL; POLICYINFO *policy; - if (sk_POLICYINFO_num(policies) == 0) + + if ((num = sk_POLICYINFO_num(policies)) <= 0) goto bad_policy; cache->data = sk_X509_POLICY_DATA_new(policy_data_cmp); - if (cache->data == NULL) - goto bad_policy; - for (i = 0; i < sk_POLICYINFO_num(policies); i++) { + if (cache->data == NULL) { + X509V3err(X509V3_F_POLICY_CACHE_CREATE, ERR_R_MALLOC_FAILURE); + goto just_cleanup; + } + for (i = 0; i < num; i++) { policy = sk_POLICYINFO_value(policies, i); data = policy_data_new(policy, NULL, crit); - if (data == NULL) - goto bad_policy; + if (data == NULL) { + X509V3err(X509V3_F_POLICY_CACHE_CREATE, ERR_R_MALLOC_FAILURE); + goto just_cleanup; + } /* * Duplicate policy OIDs are illegal: reject if matches found. */ @@ -50,18 +54,22 @@ static int policy_cache_create(X509 *x, goto bad_policy; } cache->anyPolicy = data; - } else if (sk_X509_POLICY_DATA_find(cache->data, data) != -1) { + } else if (sk_X509_POLICY_DATA_find(cache->data, data) >=0 ) { ret = -1; goto bad_policy; - } else if (!sk_X509_POLICY_DATA_push(cache->data, data)) + } else if (!sk_X509_POLICY_DATA_push(cache->data, data)) { + X509V3err(X509V3_F_POLICY_CACHE_CREATE, ERR_R_MALLOC_FAILURE); goto bad_policy; + } data = NULL; } ret = 1; + bad_policy: if (ret == -1) x->ex_flags |= EXFLAG_INVALID_POLICY; policy_data_free(data); + just_cleanup: sk_POLICYINFO_pop_free(policies, POLICYINFO_free); if (ret <= 0) { sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); @@ -82,8 +90,10 @@ static int policy_cache_new(X509 *x) if (x->policy_cache != NULL) return 1; cache = OPENSSL_malloc(sizeof(*cache)); - if (cache == NULL) + if (cache == NULL) { + X509V3err(X509V3_F_POLICY_CACHE_NEW, ERR_R_MALLOC_FAILURE); return 0; + } cache->anyPolicy = NULL; cache->data = NULL; cache->any_skip = -1; @@ -194,8 +204,6 @@ X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache, X509_POLICY_DATA tmp; tmp.valid_policy = (ASN1_OBJECT *)id; idx = sk_X509_POLICY_DATA_find(cache->data, &tmp); - if (idx == -1) - return NULL; return sk_X509_POLICY_DATA_value(cache->data, idx); } diff --git a/deps/openssl/openssl/crypto/x509v3/pcy_data.c b/deps/openssl/openssl/crypto/x509v3/pcy_data.c index cf1d635eccc23b..bd3bb0e40dfe6b 100644 --- a/deps/openssl/openssl/crypto/x509v3/pcy_data.c +++ b/deps/openssl/openssl/crypto/x509v3/pcy_data.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -17,7 +17,7 @@ void policy_data_free(X509_POLICY_DATA *data) { - if (!data) + if (data == NULL) return; ASN1_OBJECT_free(data->valid_policy); /* Don't free qualifiers if shared */ @@ -40,21 +40,25 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, { X509_POLICY_DATA *ret; ASN1_OBJECT *id; - if (!policy && !cid) + + if (policy == NULL && cid == NULL) return NULL; if (cid) { id = OBJ_dup(cid); - if (!id) + if (id == NULL) return NULL; } else id = NULL; ret = OPENSSL_zalloc(sizeof(*ret)); - if (ret == NULL) + if (ret == NULL) { + X509V3err(X509V3_F_POLICY_DATA_NEW, ERR_R_MALLOC_FAILURE); return NULL; + } ret->expected_policy_set = sk_ASN1_OBJECT_new_null(); if (ret->expected_policy_set == NULL) { OPENSSL_free(ret); ASN1_OBJECT_free(id); + X509V3err(X509V3_F_POLICY_DATA_NEW, ERR_R_MALLOC_FAILURE); return NULL; } diff --git a/deps/openssl/openssl/crypto/x509v3/pcy_node.c b/deps/openssl/openssl/crypto/x509v3/pcy_node.c index 80443bff913eb8..1ffe98498bdb4a 100644 --- a/deps/openssl/openssl/crypto/x509v3/pcy_node.c +++ b/deps/openssl/openssl/crypto/x509v3/pcy_node.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,6 +10,7 @@ #include #include #include +#include #include "pcy_int.h" @@ -35,9 +36,6 @@ X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *nodes, l.data = &n; idx = sk_X509_POLICY_NODE_find(nodes, &l); - if (idx == -1) - return NULL; - return sk_X509_POLICY_NODE_value(nodes, idx); } @@ -66,8 +64,10 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, X509_POLICY_NODE *node; node = OPENSSL_zalloc(sizeof(*node)); - if (node == NULL) + if (node == NULL) { + X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE); return NULL; + } node->data = data; node->parent = parent; if (level) { @@ -79,20 +79,28 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, if (level->nodes == NULL) level->nodes = policy_node_cmp_new(); - if (level->nodes == NULL) + if (level->nodes == NULL) { + X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE); goto node_error; - if (!sk_X509_POLICY_NODE_push(level->nodes, node)) + } + if (!sk_X509_POLICY_NODE_push(level->nodes, node)) { + X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE); goto node_error; + } } } if (tree) { if (tree->extra_data == NULL) tree->extra_data = sk_X509_POLICY_DATA_new_null(); - if (tree->extra_data == NULL) + if (tree->extra_data == NULL){ + X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE); goto node_error; - if (!sk_X509_POLICY_DATA_push(tree->extra_data, data)) + } + if (!sk_X509_POLICY_DATA_push(tree->extra_data, data)) { + X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE); goto node_error; + } } if (parent) diff --git a/deps/openssl/openssl/crypto/x509v3/pcy_tree.c b/deps/openssl/openssl/crypto/x509v3/pcy_tree.c index b3d1983f9e0500..87f51d001bbbc1 100644 --- a/deps/openssl/openssl/crypto/x509v3/pcy_tree.c +++ b/deps/openssl/openssl/crypto/x509v3/pcy_tree.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -163,8 +163,10 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, return ret; /* If we get this far initialize the tree */ - if ((tree = OPENSSL_zalloc(sizeof(*tree))) == NULL) + if ((tree = OPENSSL_zalloc(sizeof(*tree))) == NULL) { + X509V3err(X509V3_F_TREE_INIT, ERR_R_MALLOC_FAILURE); return X509_PCY_TREE_INTERNAL; + } /* * http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3. @@ -175,6 +177,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, */ if ((tree->levels = OPENSSL_zalloc(sizeof(*tree->levels)*(n+1))) == NULL) { OPENSSL_free(tree); + X509V3err(X509V3_F_TREE_INIT, ERR_R_MALLOC_FAILURE); return X509_PCY_TREE_INTERNAL; } tree->nlevel = n+1; @@ -439,7 +442,7 @@ static int tree_add_auth_node(STACK_OF(X509_POLICY_NODE) **pnodes, if (*pnodes == NULL && (*pnodes = policy_node_cmp_new()) == NULL) return 0; - if (sk_X509_POLICY_NODE_find(*pnodes, pcy) != -1) + if (sk_X509_POLICY_NODE_find(*pnodes, pcy) >= 0) return 1; return sk_X509_POLICY_NODE_push(*pnodes, pcy) != 0; } diff --git a/deps/openssl/openssl/crypto/x509v3/standard_exts.h b/deps/openssl/openssl/crypto/x509v3/standard_exts.h new file mode 100644 index 00000000000000..4a937955097b0f --- /dev/null +++ b/deps/openssl/openssl/crypto/x509v3/standard_exts.h @@ -0,0 +1,77 @@ +/* + * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * This table will be searched using OBJ_bsearch so it *must* kept in order + * of the ext_nid values. + */ + +static const X509V3_EXT_METHOD *standard_exts[] = { + &v3_nscert, + &v3_ns_ia5_list[0], + &v3_ns_ia5_list[1], + &v3_ns_ia5_list[2], + &v3_ns_ia5_list[3], + &v3_ns_ia5_list[4], + &v3_ns_ia5_list[5], + &v3_ns_ia5_list[6], + &v3_skey_id, + &v3_key_usage, + &v3_pkey_usage_period, + &v3_alt[0], + &v3_alt[1], + &v3_bcons, + &v3_crl_num, + &v3_cpols, + &v3_akey_id, + &v3_crld, + &v3_ext_ku, + &v3_delta_crl, + &v3_crl_reason, +#ifndef OPENSSL_NO_OCSP + &v3_crl_invdate, +#endif + &v3_sxnet, + &v3_info, +#ifndef OPENSSL_NO_RFC3779 + &v3_addr, + &v3_asid, +#endif +#ifndef OPENSSL_NO_OCSP + &v3_ocsp_nonce, + &v3_ocsp_crlid, + &v3_ocsp_accresp, + &v3_ocsp_nocheck, + &v3_ocsp_acutoff, + &v3_ocsp_serviceloc, +#endif + &v3_sinfo, + &v3_policy_constraints, +#ifndef OPENSSL_NO_OCSP + &v3_crl_hold, +#endif + &v3_pci, + &v3_name_constraints, + &v3_policy_mappings, + &v3_inhibit_anyp, + &v3_idp, + &v3_alt[2], + &v3_freshest_crl, +#ifndef OPENSSL_NO_CT + &v3_ct_scts[0], + &v3_ct_scts[1], + &v3_ct_scts[2], +#endif + &v3_tls_feature, + &v3_ext_admission +}; + +/* Number of standard extensions */ + +#define STANDARD_EXTENSION_COUNT OSSL_NELEM(standard_exts) diff --git a/deps/openssl/openssl/crypto/x509v3/tabtest.c b/deps/openssl/openssl/crypto/x509v3/tabtest.c deleted file mode 100644 index a33a63a79584e3..00000000000000 --- a/deps/openssl/openssl/crypto/x509v3/tabtest.c +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Simple program to check the ext_dat.h is correct and print out problems if - * it is not. - */ - -#include - -#include - -#include "ext_dat.h" - -main() -{ - int i, prev = -1, bad = 0; - X509V3_EXT_METHOD **tmp; - i = OSSL_NELEM(standard_exts); - if (i != STANDARD_EXTENSION_COUNT) - fprintf(stderr, "Extension number invalid expecting %d\n", i); - tmp = standard_exts; - for (i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++) { - if ((*tmp)->ext_nid < prev) - bad = 1; - prev = (*tmp)->ext_nid; - - } - if (bad) { - tmp = standard_exts; - fprintf(stderr, "Extensions out of order!\n"); - for (i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++) - printf("%d : %s\n", (*tmp)->ext_nid, OBJ_nid2sn((*tmp)->ext_nid)); - } else - fprintf(stderr, "Order OK\n"); -} diff --git a/deps/openssl/openssl/crypto/x509v3/v3_addr.c b/deps/openssl/openssl/crypto/x509v3/v3_addr.c index c5183a1790717a..bb58e0484611a4 100644 --- a/deps/openssl/openssl/crypto/x509v3/v3_addr.c +++ b/deps/openssl/openssl/crypto/x509v3/v3_addr.c @@ -342,7 +342,8 @@ static int range_should_be_prefix(const unsigned char *min, unsigned char mask; int i, j; - OPENSSL_assert(memcmp(min, max, length) <= 0); + if (memcmp(min, max, length) <= 0) + return -1; for (i = 0; i < length && min[i] == max[i]; i++) ; for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xFF; j--) ; if (i < j) @@ -431,7 +432,6 @@ static int make_addressRange(IPAddressOrRange **result, if ((aor = IPAddressOrRange_new()) == NULL) return 0; aor->type = IPAddressOrRange_addressRange; - OPENSSL_assert(aor->u.addressRange == NULL); if ((aor->u.addressRange = IPAddressRange_new()) == NULL) goto err; if (aor->u.addressRange->min == NULL && @@ -498,7 +498,6 @@ static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr, for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { f = sk_IPAddressFamily_value(addr, i); - OPENSSL_assert(f->addressFamily->data != NULL); if (f->addressFamily->length == keylen && !memcmp(f->addressFamily->data, key, keylen)) return f; @@ -877,7 +876,8 @@ int X509v3_addr_canonize(IPAddrBlocks *addr) } (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp); sk_IPAddressFamily_sort(addr); - OPENSSL_assert(X509v3_addr_is_canonical(addr)); + if (!ossl_assert(X509v3_addr_is_canonical(addr))) + return 0; return 1; } @@ -1182,9 +1182,13 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx, int i, j, ret = 1; X509 *x; - OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0); - OPENSSL_assert(ctx != NULL || ext != NULL); - OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL); + if (!ossl_assert(chain != NULL && sk_X509_num(chain) > 0) + || !ossl_assert(ctx != NULL || ext != NULL) + || !ossl_assert(ctx == NULL || ctx->verify_cb != NULL)) { + if (ctx != NULL) + ctx->error = X509_V_ERR_UNSPECIFIED; + return 0; + } /* * Figure out where to start. If we don't have an extension to @@ -1197,7 +1201,6 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx, } else { i = 0; x = sk_X509_value(chain, i); - OPENSSL_assert(x != NULL); if ((ext = x->rfc3779_addr) == NULL) goto done; } @@ -1207,7 +1210,8 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx, if ((child = sk_IPAddressFamily_dup(ext)) == NULL) { X509V3err(X509V3_F_ADDR_VALIDATE_PATH_INTERNAL, ERR_R_MALLOC_FAILURE); - ctx->error = X509_V_ERR_OUT_OF_MEM; + if (ctx != NULL) + ctx->error = X509_V_ERR_OUT_OF_MEM; ret = 0; goto done; } @@ -1218,7 +1222,6 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx, */ for (i++; i < sk_X509_num(chain); i++) { x = sk_X509_value(chain, i); - OPENSSL_assert(x != NULL); if (!X509v3_addr_is_canonical(x->rfc3779_addr)) validation_err(X509_V_ERR_INVALID_EXTENSION); if (x->rfc3779_addr == NULL) { @@ -1262,7 +1265,6 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx, /* * Trust anchor can't inherit. */ - OPENSSL_assert(x != NULL); if (x->rfc3779_addr != NULL) { for (j = 0; j < sk_IPAddressFamily_num(x->rfc3779_addr); j++) { IPAddressFamily *fp = @@ -1285,6 +1287,12 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx, */ int X509v3_addr_validate_path(X509_STORE_CTX *ctx) { + if (ctx->chain == NULL + || sk_X509_num(ctx->chain) == 0 + || ctx->verify_cb == NULL) { + ctx->error = X509_V_ERR_UNSPECIFIED; + return 0; + } return addr_validate_path_internal(ctx, ctx->chain, NULL); } diff --git a/deps/openssl/openssl/crypto/x509v3/v3_admis.c b/deps/openssl/openssl/crypto/x509v3/v3_admis.c new file mode 100644 index 00000000000000..c8e75191bb3b83 --- /dev/null +++ b/deps/openssl/openssl/crypto/x509v3/v3_admis.c @@ -0,0 +1,356 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ +#include +#include "internal/cryptlib.h" +#include +#include +#include +#include + +#include + +#include + +#include "v3_admis.h" +#include "ext_dat.h" + + +ASN1_SEQUENCE(NAMING_AUTHORITY) = { + ASN1_OPT(NAMING_AUTHORITY, namingAuthorityId, ASN1_OBJECT), + ASN1_OPT(NAMING_AUTHORITY, namingAuthorityUrl, ASN1_IA5STRING), + ASN1_OPT(NAMING_AUTHORITY, namingAuthorityText, DIRECTORYSTRING), +} ASN1_SEQUENCE_END(NAMING_AUTHORITY) + +ASN1_SEQUENCE(PROFESSION_INFO) = { + ASN1_EXP_OPT(PROFESSION_INFO, namingAuthority, NAMING_AUTHORITY, 0), + ASN1_SEQUENCE_OF(PROFESSION_INFO, professionItems, DIRECTORYSTRING), + ASN1_SEQUENCE_OF_OPT(PROFESSION_INFO, professionOIDs, ASN1_OBJECT), + ASN1_OPT(PROFESSION_INFO, registrationNumber, ASN1_PRINTABLESTRING), + ASN1_OPT(PROFESSION_INFO, addProfessionInfo, ASN1_OCTET_STRING), +} ASN1_SEQUENCE_END(PROFESSION_INFO) + +ASN1_SEQUENCE(ADMISSIONS) = { + ASN1_EXP_OPT(ADMISSIONS, admissionAuthority, GENERAL_NAME, 0), + ASN1_EXP_OPT(ADMISSIONS, namingAuthority, NAMING_AUTHORITY, 1), + ASN1_SEQUENCE_OF(ADMISSIONS, professionInfos, PROFESSION_INFO), +} ASN1_SEQUENCE_END(ADMISSIONS) + +ASN1_SEQUENCE(ADMISSION_SYNTAX) = { + ASN1_OPT(ADMISSION_SYNTAX, admissionAuthority, GENERAL_NAME), + ASN1_SEQUENCE_OF(ADMISSION_SYNTAX, contentsOfAdmissions, ADMISSIONS), +} ASN1_SEQUENCE_END(ADMISSION_SYNTAX) + +IMPLEMENT_ASN1_FUNCTIONS(NAMING_AUTHORITY) +IMPLEMENT_ASN1_FUNCTIONS(PROFESSION_INFO) +IMPLEMENT_ASN1_FUNCTIONS(ADMISSIONS) +IMPLEMENT_ASN1_FUNCTIONS(ADMISSION_SYNTAX) + +static int i2r_ADMISSION_SYNTAX(const struct v3_ext_method *method, void *in, + BIO *bp, int ind); + +const X509V3_EXT_METHOD v3_ext_admission = { + NID_x509ExtAdmission, /* .ext_nid = */ + 0, /* .ext_flags = */ + ASN1_ITEM_ref(ADMISSION_SYNTAX), /* .it = */ + NULL, NULL, NULL, NULL, + NULL, /* .i2s = */ + NULL, /* .s2i = */ + NULL, /* .i2v = */ + NULL, /* .v2i = */ + &i2r_ADMISSION_SYNTAX, /* .i2r = */ + NULL, /* .r2i = */ + NULL /* extension-specific data */ +}; + + +static int i2r_NAMING_AUTHORITY(const struct v3_ext_method *method, void *in, + BIO *bp, int ind) +{ + NAMING_AUTHORITY * namingAuthority = (NAMING_AUTHORITY*) in; + + if (namingAuthority == NULL) + return 0; + + if (namingAuthority->namingAuthorityId == NULL + && namingAuthority->namingAuthorityText == NULL + && namingAuthority->namingAuthorityUrl == NULL) + return 0; + + if (BIO_printf(bp, "%*snamingAuthority: ", ind, "") <= 0) + goto err; + + if (namingAuthority->namingAuthorityId != NULL) { + char objbuf[128]; + const char *ln = OBJ_nid2ln(OBJ_obj2nid(namingAuthority->namingAuthorityId)); + + if (BIO_printf(bp, "%*s admissionAuthorityId: ", ind, "") <= 0) + goto err; + + OBJ_obj2txt(objbuf, sizeof(objbuf), namingAuthority->namingAuthorityId, 1); + + if (BIO_printf(bp, "%s%s%s%s\n", ln ? ln : "", + ln ? " (" : "", objbuf, ln ? ")" : "") <= 0) + goto err; + } + if (namingAuthority->namingAuthorityText != NULL) { + if (BIO_printf(bp, "%*s namingAuthorityText: ", ind, "") <= 0 + || ASN1_STRING_print(bp, namingAuthority->namingAuthorityText) <= 0 + || BIO_printf(bp, "\n") <= 0) + goto err; + } + if (namingAuthority->namingAuthorityUrl != NULL ) { + if (BIO_printf(bp, "%*s namingAuthorityUrl: ", ind, "") <= 0 + || ASN1_STRING_print(bp, namingAuthority->namingAuthorityUrl) <= 0 + || BIO_printf(bp, "\n") <= 0) + goto err; + } + return 1; + +err: + return 0; +} + +static int i2r_ADMISSION_SYNTAX(const struct v3_ext_method *method, void *in, + BIO *bp, int ind) +{ + ADMISSION_SYNTAX * admission = (ADMISSION_SYNTAX *)in; + int i, j, k; + + if (admission->admissionAuthority != NULL) { + if (BIO_printf(bp, "%*sadmissionAuthority:\n", ind, "") <= 0 + || BIO_printf(bp, "%*s ", ind, "") <= 0 + || GENERAL_NAME_print(bp, admission->admissionAuthority) <= 0 + || BIO_printf(bp, "\n") <= 0) + goto err; + } + + for (i = 0; i < sk_ADMISSIONS_num(admission->contentsOfAdmissions); i++) { + ADMISSIONS* entry = sk_ADMISSIONS_value(admission->contentsOfAdmissions, i); + + if (BIO_printf(bp, "%*sEntry %0d:\n", ind, "", 1 + i) <= 0) goto err; + + if (entry->admissionAuthority != NULL) { + if (BIO_printf(bp, "%*s admissionAuthority:\n", ind, "") <= 0 + || BIO_printf(bp, "%*s ", ind, "") <= 0 + || GENERAL_NAME_print(bp, entry->admissionAuthority) <= 0 + || BIO_printf(bp, "\n") <= 0) + goto err; + } + + if (entry->namingAuthority != NULL) { + if (i2r_NAMING_AUTHORITY(method, entry->namingAuthority, bp, ind) <= 0) + goto err; + } + + for (j = 0; j < sk_PROFESSION_INFO_num(entry->professionInfos); j++) { + PROFESSION_INFO* pinfo = sk_PROFESSION_INFO_value(entry->professionInfos, j); + + if (BIO_printf(bp, "%*s Profession Info Entry %0d:\n", ind, "", 1 + j) <= 0) + goto err; + + if (pinfo->registrationNumber != NULL) { + if (BIO_printf(bp, "%*s registrationNumber: ", ind, "") <= 0 + || ASN1_STRING_print(bp, pinfo->registrationNumber) <= 0 + || BIO_printf(bp, "\n") <= 0) + goto err; + } + + if (pinfo->namingAuthority != NULL) { + if (i2r_NAMING_AUTHORITY(method, pinfo->namingAuthority, bp, ind + 2) <= 0) + goto err; + } + + if (pinfo->professionItems != NULL) { + + if (BIO_printf(bp, "%*s Info Entries:\n", ind, "") <= 0) + goto err; + for (k = 0; k < sk_ASN1_STRING_num(pinfo->professionItems); k++) { + ASN1_STRING* val = sk_ASN1_STRING_value(pinfo->professionItems, k); + + if (BIO_printf(bp, "%*s ", ind, "") <= 0 + || ASN1_STRING_print(bp, val) <= 0 + || BIO_printf(bp, "\n") <= 0) + goto err; + } + } + + if (pinfo->professionOIDs != NULL) { + if (BIO_printf(bp, "%*s Profession OIDs:\n", ind, "") <= 0) + goto err; + for (k = 0; k < sk_ASN1_OBJECT_num(pinfo->professionOIDs); k++) { + ASN1_OBJECT* obj = sk_ASN1_OBJECT_value(pinfo->professionOIDs, k); + const char *ln = OBJ_nid2ln(OBJ_obj2nid(obj)); + char objbuf[128]; + + OBJ_obj2txt(objbuf, sizeof(objbuf), obj, 1); + if (BIO_printf(bp, "%*s %s%s%s%s\n", ind, "", + ln ? ln : "", ln ? " (" : "", + objbuf, ln ? ")" : "") <= 0) + goto err; + } + } + } + } + return 1; + +err: + return -1; +} + +const ASN1_OBJECT *NAMING_AUTHORITY_get0_authorityId(const NAMING_AUTHORITY *n) +{ + return n->namingAuthorityId; +} + +void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY *n, ASN1_OBJECT* id) +{ + ASN1_OBJECT_free(n->namingAuthorityId); + n->namingAuthorityId = id; +} + +const ASN1_IA5STRING *NAMING_AUTHORITY_get0_authorityURL( + const NAMING_AUTHORITY *n) +{ + return n->namingAuthorityUrl; +} + +void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY *n, ASN1_IA5STRING* u) +{ + ASN1_IA5STRING_free(n->namingAuthorityUrl); + n->namingAuthorityUrl = u; +} + +const ASN1_STRING *NAMING_AUTHORITY_get0_authorityText( + const NAMING_AUTHORITY *n) +{ + return n->namingAuthorityText; +} + +void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY *n, ASN1_STRING* t) +{ + ASN1_IA5STRING_free(n->namingAuthorityText); + n->namingAuthorityText = t; +} + +const GENERAL_NAME *ADMISSION_SYNTAX_get0_admissionAuthority(const ADMISSION_SYNTAX *as) +{ + return as->admissionAuthority; +} + +void ADMISSION_SYNTAX_set0_admissionAuthority(ADMISSION_SYNTAX *as, + GENERAL_NAME *aa) +{ + GENERAL_NAME_free(as->admissionAuthority); + as->admissionAuthority = aa; +} + +const STACK_OF(ADMISSIONS) *ADMISSION_SYNTAX_get0_contentsOfAdmissions(const ADMISSION_SYNTAX *as) +{ + return as->contentsOfAdmissions; +} + +void ADMISSION_SYNTAX_set0_contentsOfAdmissions(ADMISSION_SYNTAX *as, + STACK_OF(ADMISSIONS) *a) +{ + sk_ADMISSIONS_pop_free(as->contentsOfAdmissions, ADMISSIONS_free); + as->contentsOfAdmissions = a; +} + +const GENERAL_NAME *ADMISSIONS_get0_admissionAuthority(const ADMISSIONS *a) +{ + return a->admissionAuthority; +} + +void ADMISSIONS_set0_admissionAuthority(ADMISSIONS *a, GENERAL_NAME *aa) +{ + GENERAL_NAME_free(a->admissionAuthority); + a->admissionAuthority = aa; +} + +const NAMING_AUTHORITY *ADMISSIONS_get0_namingAuthority(const ADMISSIONS *a) +{ + return a->namingAuthority; +} + +void ADMISSIONS_set0_namingAuthority(ADMISSIONS *a, NAMING_AUTHORITY *na) +{ + NAMING_AUTHORITY_free(a->namingAuthority); + a->namingAuthority = na; +} + +const PROFESSION_INFOS *ADMISSIONS_get0_professionInfos(const ADMISSIONS *a) +{ + return a->professionInfos; +} + +void ADMISSIONS_set0_professionInfos(ADMISSIONS *a, PROFESSION_INFOS *pi) +{ + sk_PROFESSION_INFO_pop_free(a->professionInfos, PROFESSION_INFO_free); + a->professionInfos = pi; +} + +const ASN1_OCTET_STRING *PROFESSION_INFO_get0_addProfessionInfo(const PROFESSION_INFO *pi) +{ + return pi->addProfessionInfo; +} + +void PROFESSION_INFO_set0_addProfessionInfo(PROFESSION_INFO *pi, + ASN1_OCTET_STRING *aos) +{ + ASN1_OCTET_STRING_free(pi->addProfessionInfo); + pi->addProfessionInfo = aos; +} + +const NAMING_AUTHORITY *PROFESSION_INFO_get0_namingAuthority(const PROFESSION_INFO *pi) +{ + return pi->namingAuthority; +} + +void PROFESSION_INFO_set0_namingAuthority(PROFESSION_INFO *pi, + NAMING_AUTHORITY *na) +{ + NAMING_AUTHORITY_free(pi->namingAuthority); + pi->namingAuthority = na; +} + +const STACK_OF(ASN1_STRING) *PROFESSION_INFO_get0_professionItems(const PROFESSION_INFO *pi) +{ + return pi->professionItems; +} + +void PROFESSION_INFO_set0_professionItems(PROFESSION_INFO *pi, + STACK_OF(ASN1_STRING) *as) +{ + sk_ASN1_STRING_pop_free(pi->professionItems, ASN1_STRING_free); + pi->professionItems = as; +} + +const STACK_OF(ASN1_OBJECT) *PROFESSION_INFO_get0_professionOIDs(const PROFESSION_INFO *pi) +{ + return pi->professionOIDs; +} + +void PROFESSION_INFO_set0_professionOIDs(PROFESSION_INFO *pi, + STACK_OF(ASN1_OBJECT) *po) +{ + sk_ASN1_OBJECT_pop_free(pi->professionOIDs, ASN1_OBJECT_free); + pi->professionOIDs = po; +} + +const ASN1_PRINTABLESTRING *PROFESSION_INFO_get0_registrationNumber(const PROFESSION_INFO *pi) +{ + return pi->registrationNumber; +} + +void PROFESSION_INFO_set0_registrationNumber(PROFESSION_INFO *pi, + ASN1_PRINTABLESTRING *rn) +{ + ASN1_PRINTABLESTRING_free(pi->registrationNumber); + pi->registrationNumber = rn; +} diff --git a/deps/openssl/openssl/crypto/x509v3/v3_admis.h b/deps/openssl/openssl/crypto/x509v3/v3_admis.h new file mode 100644 index 00000000000000..fa23fc761759f2 --- /dev/null +++ b/deps/openssl/openssl/crypto/x509v3/v3_admis.h @@ -0,0 +1,38 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_V3_ADMISSION_H +# define HEADER_V3_ADMISSION_H + +struct NamingAuthority_st { + ASN1_OBJECT* namingAuthorityId; + ASN1_IA5STRING* namingAuthorityUrl; + ASN1_STRING* namingAuthorityText; /* i.e. DIRECTORYSTRING */ +}; + +struct ProfessionInfo_st { + NAMING_AUTHORITY* namingAuthority; + STACK_OF(ASN1_STRING)* professionItems; /* i.e. DIRECTORYSTRING */ + STACK_OF(ASN1_OBJECT)* professionOIDs; + ASN1_PRINTABLESTRING* registrationNumber; + ASN1_OCTET_STRING* addProfessionInfo; +}; + +struct Admissions_st { + GENERAL_NAME* admissionAuthority; + NAMING_AUTHORITY* namingAuthority; + STACK_OF(PROFESSION_INFO)* professionInfos; +}; + +struct AdmissionSyntax_st { + GENERAL_NAME* admissionAuthority; + STACK_OF(ADMISSIONS)* contentsOfAdmissions; +}; + +#endif diff --git a/deps/openssl/openssl/crypto/x509v3/v3_alt.c b/deps/openssl/openssl/crypto/x509v3/v3_alt.c index a35d3376b5ec69..832e6d1285712e 100644 --- a/deps/openssl/openssl/crypto/x509v3/v3_alt.c +++ b/deps/openssl/openssl/crypto/x509v3/v3_alt.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -68,6 +68,7 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, unsigned char *p; char oline[256], htmp[5]; int i; + switch (gen->type) { case GEN_OTHERNAME: if (!X509V3_add_value("othername", "", &ret)) @@ -100,7 +101,7 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, break; case GEN_DIRNAME: - if (X509_NAME_oneline(gen->d.dirn, oline, 256) == NULL + if (X509_NAME_oneline(gen->d.dirn, oline, sizeof(oline)) == NULL || !X509V3_add_value("DirName", oline, &ret)) return NULL; break; @@ -108,8 +109,8 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, case GEN_IPADD: p = gen->d.ip->data; if (gen->d.ip->length == 4) - BIO_snprintf(oline, sizeof(oline), - "%d.%d.%d.%d", p[0], p[1], p[2], p[3]); + BIO_snprintf(oline, sizeof(oline), "%d.%d.%d.%d", + p[0], p[1], p[2], p[3]); else if (gen->d.ip->length == 16) { oline[0] = 0; for (i = 0; i < 8; i++) { @@ -201,25 +202,28 @@ static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) { - GENERAL_NAMES *gens = NULL; - CONF_VALUE *cnf; + const int num = sk_CONF_VALUE_num(nval); + GENERAL_NAMES *gens = sk_GENERAL_NAME_new_reserve(NULL, num); int i; - if ((gens = sk_GENERAL_NAME_new_null()) == NULL) { + if (gens == NULL) { X509V3err(X509V3_F_V2I_ISSUER_ALT, ERR_R_MALLOC_FAILURE); + sk_GENERAL_NAME_free(gens); return NULL; } - for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { - cnf = sk_CONF_VALUE_value(nval, i); + for (i = 0; i < num; i++) { + CONF_VALUE *cnf = sk_CONF_VALUE_value(nval, i); + if (!name_cmp(cnf->name, "issuer") && cnf->value && strcmp(cnf->value, "copy") == 0) { if (!copy_issuer(ctx, gens)) goto err; } else { - GENERAL_NAME *gen; - if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL) + GENERAL_NAME *gen = v2i_GENERAL_NAME(method, ctx, cnf); + + if (gen == NULL) goto err; - sk_GENERAL_NAME_push(gens, gen); + sk_GENERAL_NAME_push(gens, gen); /* no failure as it was reserved */ } } return gens; @@ -235,7 +239,7 @@ static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens) GENERAL_NAMES *ialt; GENERAL_NAME *gen; X509_EXTENSION *ext; - int i; + int i, num; if (ctx && (ctx->flags == CTX_TEST)) return 1; @@ -252,12 +256,15 @@ static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens) goto err; } - for (i = 0; i < sk_GENERAL_NAME_num(ialt); i++) { + num = sk_GENERAL_NAME_num(ialt); + if (!sk_GENERAL_NAME_reserve(gens, num)) { + X509V3err(X509V3_F_COPY_ISSUER, ERR_R_MALLOC_FAILURE); + goto err; + } + + for (i = 0; i < num; i++) { gen = sk_GENERAL_NAME_value(ialt, i); - if (!sk_GENERAL_NAME_push(gens, gen)) { - X509V3err(X509V3_F_COPY_ISSUER, ERR_R_MALLOC_FAILURE); - goto err; - } + sk_GENERAL_NAME_push(gens, gen); /* no failure as it was reserved */ } sk_GENERAL_NAME_free(ialt); @@ -272,15 +279,19 @@ static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) { - GENERAL_NAMES *gens = NULL; + GENERAL_NAMES *gens; CONF_VALUE *cnf; + const int num = sk_CONF_VALUE_num(nval); int i; - if ((gens = sk_GENERAL_NAME_new_null()) == NULL) { + gens = sk_GENERAL_NAME_new_reserve(NULL, num); + if (gens == NULL) { X509V3err(X509V3_F_V2I_SUBJECT_ALT, ERR_R_MALLOC_FAILURE); + sk_GENERAL_NAME_free(gens); return NULL; } - for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { + + for (i = 0; i < num; i++) { cnf = sk_CONF_VALUE_value(nval, i); if (!name_cmp(cnf->name, "email") && cnf->value && strcmp(cnf->value, "copy") == 0) { @@ -294,7 +305,7 @@ static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, GENERAL_NAME *gen; if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL) goto err; - sk_GENERAL_NAME_push(gens, gen); + sk_GENERAL_NAME_push(gens, gen); /* no failure as it was reserved */ } } return gens; @@ -313,10 +324,12 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p) ASN1_IA5STRING *email = NULL; X509_NAME_ENTRY *ne; GENERAL_NAME *gen = NULL; - int i; + int i = -1; + if (ctx != NULL && ctx->flags == CTX_TEST) return 1; - if (!ctx || (!ctx->subject_cert && !ctx->subject_req)) { + if (ctx == NULL + || (ctx->subject_cert == NULL && ctx->subject_req == NULL)) { X509V3err(X509V3_F_COPY_EMAIL, X509V3_R_NO_SUBJECT_DETAILS); goto err; } @@ -327,7 +340,6 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p) nm = X509_REQ_get_subject_name(ctx->subject_req); /* Now add any email address(es) to STACK */ - i = -1; while ((i = X509_NAME_get_index_by_NID(nm, NID_pkcs9_emailAddress, i)) >= 0) { ne = X509_NAME_get_entry(nm, i); @@ -364,19 +376,23 @@ GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) { GENERAL_NAME *gen; - GENERAL_NAMES *gens = NULL; + GENERAL_NAMES *gens; CONF_VALUE *cnf; + const int num = sk_CONF_VALUE_num(nval); int i; - if ((gens = sk_GENERAL_NAME_new_null()) == NULL) { + gens = sk_GENERAL_NAME_new_reserve(NULL, num); + if (gens == NULL) { X509V3err(X509V3_F_V2I_GENERAL_NAMES, ERR_R_MALLOC_FAILURE); + sk_GENERAL_NAME_free(gens); return NULL; } - for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { + + for (i = 0; i < num; i++) { cnf = sk_CONF_VALUE_value(nval, i); if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL) goto err; - sk_GENERAL_NAME_push(gens, gen); + sk_GENERAL_NAME_push(gens, gen); /* no failure as it was reserved */ } return gens; err: diff --git a/deps/openssl/openssl/crypto/x509v3/v3_asid.c b/deps/openssl/openssl/crypto/x509v3/v3_asid.c index af4fcf4cd5c142..089f2ae29f0c89 100644 --- a/deps/openssl/openssl/crypto/x509v3/v3_asid.c +++ b/deps/openssl/openssl/crypto/x509v3/v3_asid.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,7 @@ * Implementation of RFC 3779 section 3.2. */ +#include #include #include #include "internal/cryptlib.h" @@ -123,13 +124,13 @@ static int ASIdOrRange_cmp(const ASIdOrRange *const *a_, { const ASIdOrRange *a = *a_, *b = *b_; - OPENSSL_assert((a->type == ASIdOrRange_id && a->u.id != NULL) || - (a->type == ASIdOrRange_range && a->u.range != NULL && - a->u.range->min != NULL && a->u.range->max != NULL)); + assert((a->type == ASIdOrRange_id && a->u.id != NULL) || + (a->type == ASIdOrRange_range && a->u.range != NULL && + a->u.range->min != NULL && a->u.range->max != NULL)); - OPENSSL_assert((b->type == ASIdOrRange_id && b->u.id != NULL) || - (b->type == ASIdOrRange_range && b->u.range != NULL && - b->u.range->min != NULL && b->u.range->max != NULL)); + assert((b->type == ASIdOrRange_id && b->u.id != NULL) || + (b->type == ASIdOrRange_range && b->u.range != NULL && + b->u.range->min != NULL && b->u.range->max != NULL)); if (a->type == ASIdOrRange_id && b->type == ASIdOrRange_id) return ASN1_INTEGER_cmp(a->u.id, b->u.id); @@ -167,7 +168,6 @@ int X509v3_asid_add_inherit(ASIdentifiers *asid, int which) if (*choice == NULL) { if ((*choice = ASIdentifierChoice_new()) == NULL) return 0; - OPENSSL_assert((*choice)->u.inherit == NULL); if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL) return 0; (*choice)->type = ASIdentifierChoice_inherit; @@ -200,7 +200,6 @@ int X509v3_asid_add_id_or_range(ASIdentifiers *asid, if (*choice == NULL) { if ((*choice = ASIdentifierChoice_new()) == NULL) return 0; - OPENSSL_assert((*choice)->u.asIdsOrRanges == NULL); (*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp); if ((*choice)->u.asIdsOrRanges == NULL) return 0; @@ -232,20 +231,23 @@ int X509v3_asid_add_id_or_range(ASIdentifiers *asid, /* * Extract min and max values from an ASIdOrRange. */ -static void extract_min_max(ASIdOrRange *aor, - ASN1_INTEGER **min, ASN1_INTEGER **max) +static int extract_min_max(ASIdOrRange *aor, + ASN1_INTEGER **min, ASN1_INTEGER **max) { - OPENSSL_assert(aor != NULL && min != NULL && max != NULL); + if (!ossl_assert(aor != NULL)) + return 0; switch (aor->type) { case ASIdOrRange_id: *min = aor->u.id; *max = aor->u.id; - return; + return 1; case ASIdOrRange_range: *min = aor->u.range->min; *max = aor->u.range->max; - return; + return 1; } + + return 0; } /* @@ -279,8 +281,9 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) ASN1_INTEGER *a_min = NULL, *a_max = NULL, *b_min = NULL, *b_max = NULL; - extract_min_max(a, &a_min, &a_max); - extract_min_max(b, &b_min, &b_max); + if (!extract_min_max(a, &a_min, &a_max) + || !extract_min_max(b, &b_min, &b_max)) + goto done; /* * Punt misordered list, overlapping start, or inverted range. @@ -318,8 +321,8 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); ASN1_INTEGER *a_min, *a_max; if (a != NULL && a->type == ASIdOrRange_range) { - extract_min_max(a, &a_min, &a_max); - if (ASN1_INTEGER_cmp(a_min, a_max) > 0) + if (!extract_min_max(a, &a_min, &a_max) + || ASN1_INTEGER_cmp(a_min, a_max) > 0) goto done; } } @@ -382,13 +385,15 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) ASN1_INTEGER *a_min = NULL, *a_max = NULL, *b_min = NULL, *b_max = NULL; - extract_min_max(a, &a_min, &a_max); - extract_min_max(b, &b_min, &b_max); + if (!extract_min_max(a, &a_min, &a_max) + || !extract_min_max(b, &b_min, &b_max)) + goto done; /* * Make sure we're properly sorted (paranoia). */ - OPENSSL_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0); + if (!ossl_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0)) + goto done; /* * Punt inverted ranges. @@ -464,13 +469,15 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); ASN1_INTEGER *a_min, *a_max; if (a != NULL && a->type == ASIdOrRange_range) { - extract_min_max(a, &a_min, &a_max); - if (ASN1_INTEGER_cmp(a_min, a_max) > 0) + if (!extract_min_max(a, &a_min, &a_max) + || ASN1_INTEGER_cmp(a_min, a_max) > 0) goto done; } } - OPENSSL_assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */ + /* Paranoia */ + if (!ossl_assert(ASIdentifierChoice_is_canonical(choice))) + goto done; ret = 1; @@ -655,11 +662,14 @@ static int asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child) p = 0; for (c = 0; c < sk_ASIdOrRange_num(child); c++) { - extract_min_max(sk_ASIdOrRange_value(child, c), &c_min, &c_max); + if (!extract_min_max(sk_ASIdOrRange_value(child, c), &c_min, &c_max)) + return 0; for (;; p++) { if (p >= sk_ASIdOrRange_num(parent)) return 0; - extract_min_max(sk_ASIdOrRange_value(parent, p), &p_min, &p_max); + if (!extract_min_max(sk_ASIdOrRange_value(parent, p), &p_min, + &p_max)) + return 0; if (ASN1_INTEGER_cmp(p_max, c_max) < 0) continue; if (ASN1_INTEGER_cmp(p_min, c_min) > 0) @@ -715,9 +725,14 @@ static int asid_validate_path_internal(X509_STORE_CTX *ctx, int i, ret = 1, inherit_as = 0, inherit_rdi = 0; X509 *x; - OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0); - OPENSSL_assert(ctx != NULL || ext != NULL); - OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL); + if (!ossl_assert(chain != NULL && sk_X509_num(chain) > 0) + || !ossl_assert(ctx != NULL || ext != NULL) + || !ossl_assert(ctx == NULL || ctx->verify_cb != NULL)) { + if (ctx != NULL) + ctx->error = X509_V_ERR_UNSPECIFIED; + return 0; + } + /* * Figure out where to start. If we don't have an extension to @@ -730,7 +745,6 @@ static int asid_validate_path_internal(X509_STORE_CTX *ctx, } else { i = 0; x = sk_X509_value(chain, i); - OPENSSL_assert(x != NULL); if ((ext = x->rfc3779_asid) == NULL) goto done; } @@ -763,7 +777,11 @@ static int asid_validate_path_internal(X509_STORE_CTX *ctx, */ for (i++; i < sk_X509_num(chain); i++) { x = sk_X509_value(chain, i); - OPENSSL_assert(x != NULL); + if (!ossl_assert(x != NULL)) { + if (ctx != NULL) + ctx->error = X509_V_ERR_UNSPECIFIED; + return 0; + } if (x->rfc3779_asid == NULL) { if (child_as != NULL || child_rdi != NULL) validation_err(X509_V_ERR_UNNESTED_RESOURCE); @@ -809,7 +827,11 @@ static int asid_validate_path_internal(X509_STORE_CTX *ctx, /* * Trust anchor can't inherit. */ - OPENSSL_assert(x != NULL); + if (!ossl_assert(x != NULL)) { + if (ctx != NULL) + ctx->error = X509_V_ERR_UNSPECIFIED; + return 0; + } if (x->rfc3779_asid != NULL) { if (x->rfc3779_asid->asnum != NULL && x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit) @@ -830,6 +852,12 @@ static int asid_validate_path_internal(X509_STORE_CTX *ctx, */ int X509v3_asid_validate_path(X509_STORE_CTX *ctx) { + if (ctx->chain == NULL + || sk_X509_num(ctx->chain) == 0 + || ctx->verify_cb == NULL) { + ctx->error = X509_V_ERR_UNSPECIFIED; + return 0; + } return asid_validate_path_internal(ctx, ctx->chain, NULL); } diff --git a/deps/openssl/openssl/crypto/x509v3/v3_conf.c b/deps/openssl/openssl/crypto/x509v3/v3_conf.c index 3cc5b14d3ae1ae..7acaebfa2250ea 100644 --- a/deps/openssl/openssl/crypto/x509v3/v3_conf.c +++ b/deps/openssl/openssl/crypto/x509v3/v3_conf.c @@ -10,7 +10,7 @@ /* extension creation utilities */ #include -#include +#include "internal/ctype.h" #include "internal/cryptlib.h" #include #include @@ -192,7 +192,7 @@ static int v3_check_critical(const char **value) if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0; p += 9; - while (isspace((unsigned char)*p)) + while (ossl_isspace(*p)) p++; *value = p; return 1; @@ -212,7 +212,7 @@ static int v3_check_generic(const char **value) } else return 0; - while (isspace((unsigned char)*p)) + while (ossl_isspace(*p)) p++; *value = p; return gen_type; diff --git a/deps/openssl/openssl/crypto/x509v3/v3_cpols.c b/deps/openssl/openssl/crypto/x509v3/v3_cpols.c index 22c56ba38041d0..7a47fd38b37901 100644 --- a/deps/openssl/openssl/crypto/x509v3/v3_cpols.c +++ b/deps/openssl/openssl/crypto/x509v3/v3_cpols.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -31,6 +31,8 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *unot, int ia5org); static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos); +static int displaytext_str2tag(const char *tagstr, unsigned int *tag_len); +static int displaytext_get_tag_len(const char *tagstr); const X509V3_EXT_METHOD v3_cpols = { NID_certificate_policies, 0, ASN1_ITEM_ref(CERTIFICATEPOLICIES), @@ -86,26 +88,30 @@ IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF) static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *value) { - STACK_OF(POLICYINFO) *pols = NULL; + STACK_OF(POLICYINFO) *pols; char *pstr; POLICYINFO *pol; ASN1_OBJECT *pobj; - STACK_OF(CONF_VALUE) *vals; + STACK_OF(CONF_VALUE) *vals = X509V3_parse_list(value); CONF_VALUE *cnf; + const int num = sk_CONF_VALUE_num(vals); int i, ia5org; - pols = sk_POLICYINFO_new_null(); - if (pols == NULL) { - X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE); - return NULL; - } - vals = X509V3_parse_list(value); + if (vals == NULL) { X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB); + return NULL; + } + + pols = sk_POLICYINFO_new_reserve(NULL, num); + if (pols == NULL) { + X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE); goto err; } + ia5org = 0; - for (i = 0; i < sk_CONF_VALUE_num(vals); i++) { + for (i = 0; i < num; i++) { cnf = sk_CONF_VALUE_value(vals, i); + if (cnf->value || !cnf->name) { X509V3err(X509V3_F_R2I_CERTPOL, X509V3_R_INVALID_POLICY_IDENTIFIER); @@ -138,8 +144,8 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, } pol = POLICYINFO_new(); if (pol == NULL) { - X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE); ASN1_OBJECT_free(pobj); + X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE); goto err; } pol->policyid = pobj; @@ -239,16 +245,50 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, err: POLICYINFO_free(pol); return NULL; +} + +static int displaytext_get_tag_len(const char *tagstr) +{ + char *colon = strchr(tagstr, ':'); + return (colon == NULL) ? -1 : colon - tagstr; +} + +static int displaytext_str2tag(const char *tagstr, unsigned int *tag_len) +{ + int len; + + *tag_len = 0; + len = displaytext_get_tag_len(tagstr); + + if (len == -1) + return V_ASN1_VISIBLESTRING; + *tag_len = len; + if (len == sizeof("UTF8") - 1 && strncmp(tagstr, "UTF8", len) == 0) + return V_ASN1_UTF8STRING; + if (len == sizeof("UTF8String") - 1 && strncmp(tagstr, "UTF8String", len) == 0) + return V_ASN1_UTF8STRING; + if (len == sizeof("BMP") - 1 && strncmp(tagstr, "BMP", len) == 0) + return V_ASN1_BMPSTRING; + if (len == sizeof("BMPSTRING") - 1 && strncmp(tagstr, "BMPSTRING", len) == 0) + return V_ASN1_BMPSTRING; + if (len == sizeof("VISIBLE") - 1 && strncmp(tagstr, "VISIBLE", len) == 0) + return V_ASN1_VISIBLESTRING; + if (len == sizeof("VISIBLESTRING") - 1 && strncmp(tagstr, "VISIBLESTRING", len) == 0) + return V_ASN1_VISIBLESTRING; + *tag_len = 0; + return V_ASN1_VISIBLESTRING; } static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *unot, int ia5org) { - int i, ret; + int i, ret, len, tag; + unsigned int tag_len; CONF_VALUE *cnf; USERNOTICE *not; POLICYQUALINFO *qual; + char *value = NULL; if ((qual = POLICYQUALINFO_new()) == NULL) goto merr; @@ -261,11 +301,15 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, qual->d.usernotice = not; for (i = 0; i < sk_CONF_VALUE_num(unot); i++) { cnf = sk_CONF_VALUE_value(unot, i); + value = cnf->value; if (strcmp(cnf->name, "explicitText") == 0) { - if ((not->exptext = ASN1_VISIBLESTRING_new()) == NULL) + tag = displaytext_str2tag(value, &tag_len); + if ((not->exptext = ASN1_STRING_type_new(tag)) == NULL) goto merr; - if (!ASN1_STRING_set(not->exptext, cnf->value, - strlen(cnf->value))) + if (tag_len != 0) + value += tag_len + 1; + len = strlen(value); + if (!ASN1_STRING_set(not->exptext, value, len)) goto merr; } else if (strcmp(cnf->name, "organization") == 0) { NOTICEREF *nref; diff --git a/deps/openssl/openssl/crypto/x509v3/v3_crld.c b/deps/openssl/openssl/crypto/x509v3/v3_crld.c index c4c77f18510990..6cba4240abf1e0 100644 --- a/deps/openssl/openssl/crypto/x509v3/v3_crld.c +++ b/deps/openssl/openssl/crypto/x509v3/v3_crld.c @@ -205,8 +205,8 @@ static DIST_POINT *crldp_from_section(X509V3_CTX *ctx, { int i; CONF_VALUE *cnf; - DIST_POINT *point = NULL; - point = DIST_POINT_new(); + DIST_POINT *point = DIST_POINT_new(); + if (point == NULL) goto err; for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { @@ -237,16 +237,19 @@ static DIST_POINT *crldp_from_section(X509V3_CTX *ctx, static void *v2i_crld(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) { - STACK_OF(DIST_POINT) *crld = NULL; + STACK_OF(DIST_POINT) *crld; GENERAL_NAMES *gens = NULL; GENERAL_NAME *gen = NULL; CONF_VALUE *cnf; + const int num = sk_CONF_VALUE_num(nval); int i; - if ((crld = sk_DIST_POINT_new_null()) == NULL) + crld = sk_DIST_POINT_new_reserve(NULL, num); + if (crld == NULL) goto merr; - for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { + for (i = 0; i < num; i++) { DIST_POINT *point; + cnf = sk_CONF_VALUE_value(nval, i); if (!cnf->value) { STACK_OF(CONF_VALUE) *dpsect; @@ -257,10 +260,7 @@ static void *v2i_crld(const X509V3_EXT_METHOD *method, X509V3_section_free(ctx, dpsect); if (!point) goto err; - if (!sk_DIST_POINT_push(crld, point)) { - DIST_POINT_free(point); - goto merr; - } + sk_DIST_POINT_push(crld, point); /* no failure as it was reserved */ } else { if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL) goto err; @@ -271,10 +271,7 @@ static void *v2i_crld(const X509V3_EXT_METHOD *method, gen = NULL; if ((point = DIST_POINT_new()) == NULL) goto merr; - if (!sk_DIST_POINT_push(crld, point)) { - DIST_POINT_free(point); - goto merr; - } + sk_DIST_POINT_push(crld, point); /* no failure as it was reserved */ if ((point->distpoint = DIST_POINT_NAME_new()) == NULL) goto merr; point->distpoint->name.fullname = gens; diff --git a/deps/openssl/openssl/crypto/x509v3/v3_enum.c b/deps/openssl/openssl/crypto/x509v3/v3_enum.c index f39cb5ac2aab6e..3b0f197444aff2 100644 --- a/deps/openssl/openssl/crypto/x509v3/v3_enum.c +++ b/deps/openssl/openssl/crypto/x509v3/v3_enum.c @@ -38,7 +38,7 @@ const X509V3_EXT_METHOD v3_crl_reason = { crl_reasons }; -char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method, +char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method, const ASN1_ENUMERATED *e) { ENUMERATED_NAMES *enam; diff --git a/deps/openssl/openssl/crypto/x509v3/v3_extku.c b/deps/openssl/openssl/crypto/x509v3/v3_extku.c index bae755e3f2c99c..91b24376ed8a5e 100644 --- a/deps/openssl/openssl/crypto/x509v3/v3_extku.c +++ b/deps/openssl/openssl/crypto/x509v3/v3_extku.c @@ -74,14 +74,17 @@ static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, char *extval; ASN1_OBJECT *objtmp; CONF_VALUE *val; + const int num = sk_CONF_VALUE_num(nval); int i; - if ((extku = sk_ASN1_OBJECT_new_null()) == NULL) { + extku = sk_ASN1_OBJECT_new_reserve(NULL, num); + if (extku == NULL) { X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE, ERR_R_MALLOC_FAILURE); + sk_ASN1_OBJECT_free(extku); return NULL; } - for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { + for (i = 0; i < num; i++) { val = sk_CONF_VALUE_value(nval, i); if (val->value) extval = val->value; @@ -94,7 +97,7 @@ static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, X509V3_conf_err(val); return NULL; } - sk_ASN1_OBJECT_push(extku, objtmp); + sk_ASN1_OBJECT_push(extku, objtmp); /* no failure as it was reserved */ } return extku; } diff --git a/deps/openssl/openssl/crypto/x509v3/v3_info.c b/deps/openssl/openssl/crypto/x509v3/v3_info.c index a0bca5fb8e0761..7af9e23ae8c956 100644 --- a/deps/openssl/openssl/crypto/x509v3/v3_info.c +++ b/deps/openssl/openssl/crypto/x509v3/v3_info.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -78,16 +78,13 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS( tret = tmp; vtmp = sk_CONF_VALUE_value(tret, i); i2t_ASN1_OBJECT(objtmp, sizeof(objtmp), desc->method); - nlen = strlen(objtmp) + strlen(vtmp->name) + 5; + nlen = strlen(objtmp) + 3 + strlen(vtmp->name) + 1; ntmp = OPENSSL_malloc(nlen); if (ntmp == NULL) goto err; - OPENSSL_strlcpy(ntmp, objtmp, nlen); - OPENSSL_strlcat(ntmp, " - ", nlen); - OPENSSL_strlcat(ntmp, vtmp->name, nlen); + BIO_snprintf(ntmp, nlen, "%s - %s", objtmp, vtmp->name); OPENSSL_free(vtmp->name); vtmp->name = ntmp; - } if (ret == NULL && tret == NULL) return sk_CONF_VALUE_new_null(); @@ -110,20 +107,21 @@ static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD CONF_VALUE *cnf, ctmp; ACCESS_DESCRIPTION *acc; int i, objlen; + const int num = sk_CONF_VALUE_num(nval); char *objtmp, *ptmp; - if ((ainfo = sk_ACCESS_DESCRIPTION_new_null()) == NULL) { + if ((ainfo = sk_ACCESS_DESCRIPTION_new_reserve(NULL, num)) == NULL) { X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS, ERR_R_MALLOC_FAILURE); return NULL; } - for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { + for (i = 0; i < num; i++) { cnf = sk_CONF_VALUE_value(nval, i); - if ((acc = ACCESS_DESCRIPTION_new()) == NULL - || !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) { + if ((acc = ACCESS_DESCRIPTION_new()) == NULL) { X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS, ERR_R_MALLOC_FAILURE); goto err; } + sk_ACCESS_DESCRIPTION_push(ainfo, acc); /* Cannot fail due to reserve */ ptmp = strchr(cnf->name, ';'); if (!ptmp) { X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS, diff --git a/deps/openssl/openssl/crypto/x509v3/v3_lib.c b/deps/openssl/openssl/crypto/x509v3/v3_lib.c index d7143086bc237d..97c1cbc20fed14 100644 --- a/deps/openssl/openssl/crypto/x509v3/v3_lib.c +++ b/deps/openssl/openssl/crypto/x509v3/v3_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -47,73 +47,7 @@ DECLARE_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *, IMPLEMENT_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *, const X509V3_EXT_METHOD *, ext); -/* - * This table will be searched using OBJ_bsearch so it *must* kept in order - * of the ext_nid values. - */ - -static const X509V3_EXT_METHOD *standard_exts[] = { - &v3_nscert, - &v3_ns_ia5_list[0], - &v3_ns_ia5_list[1], - &v3_ns_ia5_list[2], - &v3_ns_ia5_list[3], - &v3_ns_ia5_list[4], - &v3_ns_ia5_list[5], - &v3_ns_ia5_list[6], - &v3_skey_id, - &v3_key_usage, - &v3_pkey_usage_period, - &v3_alt[0], - &v3_alt[1], - &v3_bcons, - &v3_crl_num, - &v3_cpols, - &v3_akey_id, - &v3_crld, - &v3_ext_ku, - &v3_delta_crl, - &v3_crl_reason, -#ifndef OPENSSL_NO_OCSP - &v3_crl_invdate, -#endif - &v3_sxnet, - &v3_info, -#ifndef OPENSSL_NO_RFC3779 - &v3_addr, - &v3_asid, -#endif -#ifndef OPENSSL_NO_OCSP - &v3_ocsp_nonce, - &v3_ocsp_crlid, - &v3_ocsp_accresp, - &v3_ocsp_nocheck, - &v3_ocsp_acutoff, - &v3_ocsp_serviceloc, -#endif - &v3_sinfo, - &v3_policy_constraints, -#ifndef OPENSSL_NO_OCSP - &v3_crl_hold, -#endif - &v3_pci, - &v3_name_constraints, - &v3_policy_mappings, - &v3_inhibit_anyp, - &v3_idp, - &v3_alt[2], - &v3_freshest_crl, -#ifndef OPENSSL_NO_CT - &v3_ct_scts[0], - &v3_ct_scts[1], - &v3_ct_scts[2], -#endif - &v3_tls_feature, -}; - -/* Number of standard extensions */ - -#define STANDARD_EXTENSION_COUNT OSSL_NELEM(standard_exts) +#include "standard_exts.h" const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid) { @@ -130,8 +64,6 @@ const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid) if (!ext_list) return NULL; idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp); - if (idx == -1) - return NULL; return sk_X509V3_EXT_METHOD_value(ext_list, idx); } diff --git a/deps/openssl/openssl/crypto/x509v3/v3_ncons.c b/deps/openssl/openssl/crypto/x509v3/v3_ncons.c index bd7301e45589cf..9a2cd5af00c7bd 100644 --- a/deps/openssl/openssl/crypto/x509v3/v3_ncons.c +++ b/deps/openssl/openssl/crypto/x509v3/v3_ncons.c @@ -7,9 +7,9 @@ * https://www.openssl.org/source/license.html */ -#include #include "internal/cryptlib.h" #include "internal/numbers.h" +#include #include "internal/asn1_int.h" #include #include diff --git a/deps/openssl/openssl/crypto/x509v3/v3_pci.c b/deps/openssl/openssl/crypto/x509v3/v3_pci.c index 2c05edb828fc90..3d124fa6d95d61 100644 --- a/deps/openssl/openssl/crypto/x509v3/v3_pci.c +++ b/deps/openssl/openssl/crypto/x509v3/v3_pci.c @@ -7,7 +7,11 @@ * https://www.openssl.org/source/license.html */ -/* Copyright (c) 2004 Kungliga Tekniska Högskolan +/* + * This file is dual-licensed and is also available under the following + * terms: + * + * Copyright (c) 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * diff --git a/deps/openssl/openssl/crypto/x509v3/v3_pcia.c b/deps/openssl/openssl/crypto/x509v3/v3_pcia.c index e6f7a91794a5e3..8d6af60e5da6a6 100644 --- a/deps/openssl/openssl/crypto/x509v3/v3_pcia.c +++ b/deps/openssl/openssl/crypto/x509v3/v3_pcia.c @@ -7,7 +7,11 @@ * https://www.openssl.org/source/license.html */ -/* Copyright (c) 2004 Kungliga Tekniska Högskolan +/* + * This file is dual-licensed and is also available under the following + * terms: + * + * Copyright (c) 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * diff --git a/deps/openssl/openssl/crypto/x509v3/v3_pku.c b/deps/openssl/openssl/crypto/x509v3/v3_pku.c index ed82bca8ba52fd..5a7e7d972516f5 100644 --- a/deps/openssl/openssl/crypto/x509v3/v3_pku.c +++ b/deps/openssl/openssl/crypto/x509v3/v3_pku.c @@ -17,10 +17,7 @@ static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *usage, BIO *out, int indent); -/* - * static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, - * X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); - */ + const X509V3_EXT_METHOD v3_pkey_usage_period = { NID_private_key_usage_period, 0, ASN1_ITEM_ref(PKEY_USAGE_PERIOD), 0, 0, 0, 0, @@ -53,13 +50,3 @@ static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, } return 1; } - -/*- -static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(method, ctx, values) -X509V3_EXT_METHOD *method; -X509V3_CTX *ctx; -STACK_OF(CONF_VALUE) *values; -{ -return NULL; -} -*/ diff --git a/deps/openssl/openssl/crypto/x509v3/v3_pmaps.c b/deps/openssl/openssl/crypto/x509v3/v3_pmaps.c index 73f4ec24670131..5b6a2af0fbf650 100644 --- a/deps/openssl/openssl/crypto/x509v3/v3_pmaps.c +++ b/deps/openssl/openssl/crypto/x509v3/v3_pmaps.c @@ -52,6 +52,7 @@ static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD int i; char obj_tmp1[80]; char obj_tmp2[80]; + for (i = 0; i < sk_POLICY_MAPPING_num(pmaps); i++) { pmap = sk_POLICY_MAPPING_value(pmaps, i); i2t_ASN1_OBJECT(obj_tmp1, 80, pmap->issuerDomainPolicy); @@ -64,18 +65,19 @@ static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) { - POLICY_MAPPINGS *pmaps = NULL; POLICY_MAPPING *pmap = NULL; ASN1_OBJECT *obj1 = NULL, *obj2 = NULL; CONF_VALUE *val; + POLICY_MAPPINGS *pmaps; + const int num = sk_CONF_VALUE_num(nval); int i; - if ((pmaps = sk_POLICY_MAPPING_new_null()) == NULL) { + if ((pmaps = sk_POLICY_MAPPING_new_reserve(NULL, num)) == NULL) { X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, ERR_R_MALLOC_FAILURE); return NULL; } - for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { + for (i = 0; i < num; i++) { val = sk_CONF_VALUE_value(nval, i); if (!val->value || !val->name) { X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, @@ -99,7 +101,7 @@ static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, pmap->issuerDomainPolicy = obj1; pmap->subjectDomainPolicy = obj2; obj1 = obj2 = NULL; - sk_POLICY_MAPPING_push(pmaps, pmap); + sk_POLICY_MAPPING_push(pmaps, pmap); /* no failure as it was reserved */ } return pmaps; err: diff --git a/deps/openssl/openssl/crypto/x509v3/v3_purp.c b/deps/openssl/openssl/crypto/x509v3/v3_purp.c index 7ac067229fbb7d..70b0397d97b915 100644 --- a/deps/openssl/openssl/crypto/x509v3/v3_purp.c +++ b/deps/openssl/openssl/crypto/x509v3/v3_purp.c @@ -13,6 +13,7 @@ #include #include #include "internal/x509_int.h" +#include "internal/tsan_assist.h" static void x509v3_cache_extensions(X509 *x); @@ -133,13 +134,14 @@ int X509_PURPOSE_get_by_id(int purpose) { X509_PURPOSE tmp; int idx; + if ((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX)) return purpose - X509_PURPOSE_MIN; - tmp.purpose = purpose; - if (!xptable) + if (xptable == NULL) return -1; + tmp.purpose = purpose; idx = sk_X509_PURPOSE_find(xptable, &tmp); - if (idx == -1) + if (idx < 0) return -1; return idx + X509_PURPOSE_COUNT; } @@ -352,9 +354,11 @@ static void x509v3_cache_extensions(X509 *x) X509_EXTENSION *ex; int i; +#ifdef tsan_ld_acq /* fast lock-free check, see end of the function for details. */ - if (x->ex_cached) + if (tsan_ld_acq((TSAN_QUALIFIER int *)&x->ex_cached)) return; +#endif CRYPTO_THREAD_write_lock(x->lock); if (x->ex_flags & EXFLAG_SET) { @@ -494,14 +498,17 @@ static void x509v3_cache_extensions(X509 *x) break; } } + x509_init_sig_info(x); x->ex_flags |= EXFLAG_SET; - CRYPTO_THREAD_unlock(x->lock); +#ifdef tsan_st_rel + tsan_st_rel((TSAN_QUALIFIER int *)&x->ex_cached, 1); /* - * It has to be placed after memory barrier, which is implied by unlock. - * Worst thing that can happen is that another thread proceeds to lock - * and checks x->ex_flags & EXFLAGS_SET. See beginning of the function. + * Above store triggers fast lock-free check in the beginning of the + * function. But one has to ensure that the structure is "stable", i.e. + * all stores are visible on all processors. Hence the release fence. */ - x->ex_cached = 1; +#endif + CRYPTO_THREAD_unlock(x->lock); } /*- diff --git a/deps/openssl/openssl/crypto/x509v3/v3_skey.c b/deps/openssl/openssl/crypto/x509v3/v3_skey.c index 39597dc41d3fa3..749f51b2f00eea 100644 --- a/deps/openssl/openssl/crypto/x509v3/v3_skey.c +++ b/deps/openssl/openssl/crypto/x509v3/v3_skey.c @@ -24,7 +24,7 @@ const X509V3_EXT_METHOD v3_skey_id = { NULL }; -char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, +char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, const ASN1_OCTET_STRING *oct) { return OPENSSL_buf2hexstr(oct->data, oct->length); diff --git a/deps/openssl/openssl/crypto/x509v3/v3_tlsf.c b/deps/openssl/openssl/crypto/x509v3/v3_tlsf.c index d93781e1b7b7b6..7fd6ef17dbee0e 100644 --- a/deps/openssl/openssl/crypto/x509v3/v3_tlsf.c +++ b/deps/openssl/openssl/crypto/x509v3/v3_tlsf.c @@ -7,8 +7,9 @@ * https://www.openssl.org/source/license.html */ -#include +#include "e_os.h" #include "internal/cryptlib.h" +#include #include "internal/o_str.h" #include #include diff --git a/deps/openssl/openssl/crypto/x509v3/v3_utl.c b/deps/openssl/openssl/crypto/x509v3/v3_utl.c index 418ef06a9dc64a..c9b40d2c76eb6b 100644 --- a/deps/openssl/openssl/crypto/x509v3/v3_utl.c +++ b/deps/openssl/openssl/crypto/x509v3/v3_utl.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,9 +9,10 @@ /* X509 v3 extension utilities */ -#include -#include +#include "e_os.h" #include "internal/cryptlib.h" +#include +#include "internal/ctype.h" #include #include #include @@ -377,12 +378,12 @@ static char *strip_spaces(char *name) char *p, *q; /* Skip over leading spaces */ p = name; - while (*p && isspace((unsigned char)*p)) + while (*p && ossl_isspace(*p)) p++; if (!*p) return NULL; q = p + strlen(p) - 1; - while ((q != p) && isspace((unsigned char)*q)) + while ((q != p) && ossl_isspace(*q)) q--; if (p != q) q[1] = 0; @@ -467,11 +468,11 @@ static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name, { STACK_OF(OPENSSL_STRING) *ret = NULL; X509_NAME_ENTRY *ne; - ASN1_IA5STRING *email; + const ASN1_IA5STRING *email; GENERAL_NAME *gen; - int i; + int i = -1; + /* Now add any email address(es) to STACK */ - i = -1; /* First supplied X509_NAME */ while ((i = X509_NAME_get_index_by_NID(name, NID_pkcs9_emailAddress, i)) >= 0) { diff --git a/deps/openssl/openssl/crypto/x509v3/v3conf.c b/deps/openssl/openssl/crypto/x509v3/v3conf.c deleted file mode 100644 index 966ab90bc412e7..00000000000000 --- a/deps/openssl/openssl/crypto/x509v3/v3conf.c +++ /dev/null @@ -1,79 +0,0 @@ -/* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include - -/* Test application to add extensions from a config file */ - -int main(int argc, char **argv) -{ - LHASH *conf; - X509 *cert; - FILE *inf; - char *conf_file; - int i; - int count; - X509_EXTENSION *ext; - X509V3_add_standard_extensions(); - ERR_load_crypto_strings(); - if (!argv[1]) { - fprintf(stderr, "Usage: v3conf cert.pem [file.cnf]\n"); - exit(1); - } - conf_file = argv[2]; - if (!conf_file) - conf_file = "test.cnf"; - conf = CONF_load(NULL, "test.cnf", NULL); - if (!conf) { - fprintf(stderr, "Error opening Config file %s\n", conf_file); - ERR_print_errors_fp(stderr); - exit(1); - } - - inf = fopen(argv[1], "r"); - if (!inf) { - fprintf(stderr, "Can't open certificate file %s\n", argv[1]); - exit(1); - } - cert = PEM_read_X509(inf, NULL, NULL); - if (!cert) { - fprintf(stderr, "Error reading certificate file %s\n", argv[1]); - exit(1); - } - fclose(inf); - - sk_pop_free(cert->cert_info->extensions, X509_EXTENSION_free); - cert->cert_info->extensions = NULL; - - if (!X509V3_EXT_add_conf(conf, NULL, "test_section", cert)) { - fprintf(stderr, "Error adding extensions\n"); - ERR_print_errors_fp(stderr); - exit(1); - } - - count = X509_get_ext_count(cert); - printf("%d extensions\n", count); - for (i = 0; i < count; i++) { - ext = X509_get_ext(cert, i); - printf("%s", OBJ_nid2ln(OBJ_obj2nid(ext->object))); - if (ext->critical) - printf(",critical:\n"); - else - printf(":\n"); - X509V3_EXT_print_fp(stdout, ext, 0, 0); - printf("\n"); - - } - return 0; -} diff --git a/deps/openssl/openssl/crypto/x509v3/v3err.c b/deps/openssl/openssl/crypto/x509v3/v3err.c index d5987913c1eb3a..4f2ea52a4a5f17 100644 --- a/deps/openssl/openssl/crypto/x509v3/v3err.c +++ b/deps/openssl/openssl/crypto/x509v3/v3err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,168 +8,238 @@ * https://www.openssl.org/source/license.html */ -#include #include -#include +#include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -# define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509V3,func,0) -# define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509V3,0,reason) - -static ERR_STRING_DATA X509V3_str_functs[] = { - {ERR_FUNC(X509V3_F_A2I_GENERAL_NAME), "a2i_GENERAL_NAME"}, - {ERR_FUNC(X509V3_F_ADDR_VALIDATE_PATH_INTERNAL), +static const ERR_STRING_DATA X509V3_str_functs[] = { + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_A2I_GENERAL_NAME, 0), + "a2i_GENERAL_NAME"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_ADDR_VALIDATE_PATH_INTERNAL, 0), "addr_validate_path_internal"}, - {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE), + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, 0), "ASIdentifierChoice_canonize"}, - {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL), + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL, 0), "ASIdentifierChoice_is_canonical"}, - {ERR_FUNC(X509V3_F_BIGNUM_TO_STRING), "bignum_to_string"}, - {ERR_FUNC(X509V3_F_COPY_EMAIL), "copy_email"}, - {ERR_FUNC(X509V3_F_COPY_ISSUER), "copy_issuer"}, - {ERR_FUNC(X509V3_F_DO_DIRNAME), "do_dirname"}, - {ERR_FUNC(X509V3_F_DO_EXT_I2D), "do_ext_i2d"}, - {ERR_FUNC(X509V3_F_DO_EXT_NCONF), "do_ext_nconf"}, - {ERR_FUNC(X509V3_F_GNAMES_FROM_SECTNAME), "gnames_from_sectname"}, - {ERR_FUNC(X509V3_F_I2S_ASN1_ENUMERATED), "i2s_ASN1_ENUMERATED"}, - {ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING), "i2s_ASN1_IA5STRING"}, - {ERR_FUNC(X509V3_F_I2S_ASN1_INTEGER), "i2s_ASN1_INTEGER"}, - {ERR_FUNC(X509V3_F_I2V_AUTHORITY_INFO_ACCESS), + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_BIGNUM_TO_STRING, 0), + "bignum_to_string"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_COPY_EMAIL, 0), "copy_email"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_COPY_ISSUER, 0), "copy_issuer"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_DO_DIRNAME, 0), "do_dirname"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_DO_EXT_I2D, 0), "do_ext_i2d"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_DO_EXT_NCONF, 0), "do_ext_nconf"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_GNAMES_FROM_SECTNAME, 0), + "gnames_from_sectname"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2S_ASN1_ENUMERATED, 0), + "i2s_ASN1_ENUMERATED"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2S_ASN1_IA5STRING, 0), + "i2s_ASN1_IA5STRING"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2S_ASN1_INTEGER, 0), + "i2s_ASN1_INTEGER"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2V_AUTHORITY_INFO_ACCESS, 0), "i2v_AUTHORITY_INFO_ACCESS"}, - {ERR_FUNC(X509V3_F_NOTICE_SECTION), "notice_section"}, - {ERR_FUNC(X509V3_F_NREF_NOS), "nref_nos"}, - {ERR_FUNC(X509V3_F_POLICY_SECTION), "policy_section"}, - {ERR_FUNC(X509V3_F_PROCESS_PCI_VALUE), "process_pci_value"}, - {ERR_FUNC(X509V3_F_R2I_CERTPOL), "r2i_certpol"}, - {ERR_FUNC(X509V3_F_R2I_PCI), "r2i_pci"}, - {ERR_FUNC(X509V3_F_S2I_ASN1_IA5STRING), "s2i_ASN1_IA5STRING"}, - {ERR_FUNC(X509V3_F_S2I_ASN1_INTEGER), "s2i_ASN1_INTEGER"}, - {ERR_FUNC(X509V3_F_S2I_ASN1_OCTET_STRING), "s2i_ASN1_OCTET_STRING"}, - {ERR_FUNC(X509V3_F_S2I_SKEY_ID), "s2i_skey_id"}, - {ERR_FUNC(X509V3_F_SET_DIST_POINT_NAME), "set_dist_point_name"}, - {ERR_FUNC(X509V3_F_SXNET_ADD_ID_ASC), "SXNET_add_id_asc"}, - {ERR_FUNC(X509V3_F_SXNET_ADD_ID_INTEGER), "SXNET_add_id_INTEGER"}, - {ERR_FUNC(X509V3_F_SXNET_ADD_ID_ULONG), "SXNET_add_id_ulong"}, - {ERR_FUNC(X509V3_F_SXNET_GET_ID_ASC), "SXNET_get_id_asc"}, - {ERR_FUNC(X509V3_F_SXNET_GET_ID_ULONG), "SXNET_get_id_ulong"}, - {ERR_FUNC(X509V3_F_V2I_ASIDENTIFIERS), "v2i_ASIdentifiers"}, - {ERR_FUNC(X509V3_F_V2I_ASN1_BIT_STRING), "v2i_ASN1_BIT_STRING"}, - {ERR_FUNC(X509V3_F_V2I_AUTHORITY_INFO_ACCESS), + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_LEVEL_ADD_NODE, 0), "level_add_node"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_NOTICE_SECTION, 0), "notice_section"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_NREF_NOS, 0), "nref_nos"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_POLICY_CACHE_CREATE, 0), + "policy_cache_create"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_POLICY_CACHE_NEW, 0), + "policy_cache_new"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_POLICY_DATA_NEW, 0), "policy_data_new"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_POLICY_SECTION, 0), "policy_section"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_PROCESS_PCI_VALUE, 0), + "process_pci_value"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_R2I_CERTPOL, 0), "r2i_certpol"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_R2I_PCI, 0), "r2i_pci"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_S2I_ASN1_IA5STRING, 0), + "s2i_ASN1_IA5STRING"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_S2I_ASN1_INTEGER, 0), + "s2i_ASN1_INTEGER"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_S2I_ASN1_OCTET_STRING, 0), + "s2i_ASN1_OCTET_STRING"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_S2I_SKEY_ID, 0), "s2i_skey_id"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_SET_DIST_POINT_NAME, 0), + "set_dist_point_name"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_SXNET_ADD_ID_ASC, 0), + "SXNET_add_id_asc"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_SXNET_ADD_ID_INTEGER, 0), + "SXNET_add_id_INTEGER"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_SXNET_ADD_ID_ULONG, 0), + "SXNET_add_id_ulong"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_SXNET_GET_ID_ASC, 0), + "SXNET_get_id_asc"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_SXNET_GET_ID_ULONG, 0), + "SXNET_get_id_ulong"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_TREE_INIT, 0), "tree_init"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_ASIDENTIFIERS, 0), + "v2i_ASIdentifiers"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_ASN1_BIT_STRING, 0), + "v2i_ASN1_BIT_STRING"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_AUTHORITY_INFO_ACCESS, 0), "v2i_AUTHORITY_INFO_ACCESS"}, - {ERR_FUNC(X509V3_F_V2I_AUTHORITY_KEYID), "v2i_AUTHORITY_KEYID"}, - {ERR_FUNC(X509V3_F_V2I_BASIC_CONSTRAINTS), "v2i_BASIC_CONSTRAINTS"}, - {ERR_FUNC(X509V3_F_V2I_CRLD), "v2i_crld"}, - {ERR_FUNC(X509V3_F_V2I_EXTENDED_KEY_USAGE), "v2i_EXTENDED_KEY_USAGE"}, - {ERR_FUNC(X509V3_F_V2I_GENERAL_NAMES), "v2i_GENERAL_NAMES"}, - {ERR_FUNC(X509V3_F_V2I_GENERAL_NAME_EX), "v2i_GENERAL_NAME_ex"}, - {ERR_FUNC(X509V3_F_V2I_IDP), "v2i_idp"}, - {ERR_FUNC(X509V3_F_V2I_IPADDRBLOCKS), "v2i_IPAddrBlocks"}, - {ERR_FUNC(X509V3_F_V2I_ISSUER_ALT), "v2i_issuer_alt"}, - {ERR_FUNC(X509V3_F_V2I_NAME_CONSTRAINTS), "v2i_NAME_CONSTRAINTS"}, - {ERR_FUNC(X509V3_F_V2I_POLICY_CONSTRAINTS), "v2i_POLICY_CONSTRAINTS"}, - {ERR_FUNC(X509V3_F_V2I_POLICY_MAPPINGS), "v2i_POLICY_MAPPINGS"}, - {ERR_FUNC(X509V3_F_V2I_SUBJECT_ALT), "v2i_subject_alt"}, - {ERR_FUNC(X509V3_F_V2I_TLS_FEATURE), "v2i_TLS_FEATURE"}, - {ERR_FUNC(X509V3_F_V3_GENERIC_EXTENSION), "v3_generic_extension"}, - {ERR_FUNC(X509V3_F_X509V3_ADD1_I2D), "X509V3_add1_i2d"}, - {ERR_FUNC(X509V3_F_X509V3_ADD_VALUE), "X509V3_add_value"}, - {ERR_FUNC(X509V3_F_X509V3_EXT_ADD), "X509V3_EXT_add"}, - {ERR_FUNC(X509V3_F_X509V3_EXT_ADD_ALIAS), "X509V3_EXT_add_alias"}, - {ERR_FUNC(X509V3_F_X509V3_EXT_I2D), "X509V3_EXT_i2d"}, - {ERR_FUNC(X509V3_F_X509V3_EXT_NCONF), "X509V3_EXT_nconf"}, - {ERR_FUNC(X509V3_F_X509V3_GET_SECTION), "X509V3_get_section"}, - {ERR_FUNC(X509V3_F_X509V3_GET_STRING), "X509V3_get_string"}, - {ERR_FUNC(X509V3_F_X509V3_GET_VALUE_BOOL), "X509V3_get_value_bool"}, - {ERR_FUNC(X509V3_F_X509V3_PARSE_LIST), "X509V3_parse_list"}, - {ERR_FUNC(X509V3_F_X509_PURPOSE_ADD), "X509_PURPOSE_add"}, - {ERR_FUNC(X509V3_F_X509_PURPOSE_SET), "X509_PURPOSE_set"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_AUTHORITY_KEYID, 0), + "v2i_AUTHORITY_KEYID"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_BASIC_CONSTRAINTS, 0), + "v2i_BASIC_CONSTRAINTS"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_CRLD, 0), "v2i_crld"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_EXTENDED_KEY_USAGE, 0), + "v2i_EXTENDED_KEY_USAGE"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_GENERAL_NAMES, 0), + "v2i_GENERAL_NAMES"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_GENERAL_NAME_EX, 0), + "v2i_GENERAL_NAME_ex"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_IDP, 0), "v2i_idp"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_IPADDRBLOCKS, 0), + "v2i_IPAddrBlocks"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_ISSUER_ALT, 0), "v2i_issuer_alt"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_NAME_CONSTRAINTS, 0), + "v2i_NAME_CONSTRAINTS"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_POLICY_CONSTRAINTS, 0), + "v2i_POLICY_CONSTRAINTS"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_POLICY_MAPPINGS, 0), + "v2i_POLICY_MAPPINGS"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_SUBJECT_ALT, 0), "v2i_subject_alt"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_TLS_FEATURE, 0), "v2i_TLS_FEATURE"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V3_GENERIC_EXTENSION, 0), + "v3_generic_extension"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_ADD1_I2D, 0), "X509V3_add1_i2d"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_ADD_VALUE, 0), + "X509V3_add_value"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_EXT_ADD, 0), "X509V3_EXT_add"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_EXT_ADD_ALIAS, 0), + "X509V3_EXT_add_alias"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_EXT_I2D, 0), "X509V3_EXT_i2d"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_EXT_NCONF, 0), + "X509V3_EXT_nconf"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_GET_SECTION, 0), + "X509V3_get_section"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_GET_STRING, 0), + "X509V3_get_string"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_GET_VALUE_BOOL, 0), + "X509V3_get_value_bool"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_PARSE_LIST, 0), + "X509V3_parse_list"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509_PURPOSE_ADD, 0), + "X509_PURPOSE_add"}, + {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509_PURPOSE_SET, 0), + "X509_PURPOSE_set"}, {0, NULL} }; -static ERR_STRING_DATA X509V3_str_reasons[] = { - {ERR_REASON(X509V3_R_BAD_IP_ADDRESS), "bad ip address"}, - {ERR_REASON(X509V3_R_BAD_OBJECT), "bad object"}, - {ERR_REASON(X509V3_R_BN_DEC2BN_ERROR), "bn dec2bn error"}, - {ERR_REASON(X509V3_R_BN_TO_ASN1_INTEGER_ERROR), - "bn to asn1 integer error"}, - {ERR_REASON(X509V3_R_DIRNAME_ERROR), "dirname error"}, - {ERR_REASON(X509V3_R_DISTPOINT_ALREADY_SET), "distpoint already set"}, - {ERR_REASON(X509V3_R_DUPLICATE_ZONE_ID), "duplicate zone id"}, - {ERR_REASON(X509V3_R_ERROR_CONVERTING_ZONE), "error converting zone"}, - {ERR_REASON(X509V3_R_ERROR_CREATING_EXTENSION), - "error creating extension"}, - {ERR_REASON(X509V3_R_ERROR_IN_EXTENSION), "error in extension"}, - {ERR_REASON(X509V3_R_EXPECTED_A_SECTION_NAME), "expected a section name"}, - {ERR_REASON(X509V3_R_EXTENSION_EXISTS), "extension exists"}, - {ERR_REASON(X509V3_R_EXTENSION_NAME_ERROR), "extension name error"}, - {ERR_REASON(X509V3_R_EXTENSION_NOT_FOUND), "extension not found"}, - {ERR_REASON(X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED), - "extension setting not supported"}, - {ERR_REASON(X509V3_R_EXTENSION_VALUE_ERROR), "extension value error"}, - {ERR_REASON(X509V3_R_ILLEGAL_EMPTY_EXTENSION), "illegal empty extension"}, - {ERR_REASON(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG), - "incorrect policy syntax tag"}, - {ERR_REASON(X509V3_R_INVALID_ASNUMBER), "invalid asnumber"}, - {ERR_REASON(X509V3_R_INVALID_ASRANGE), "invalid asrange"}, - {ERR_REASON(X509V3_R_INVALID_BOOLEAN_STRING), "invalid boolean string"}, - {ERR_REASON(X509V3_R_INVALID_EXTENSION_STRING), - "invalid extension string"}, - {ERR_REASON(X509V3_R_INVALID_INHERITANCE), "invalid inheritance"}, - {ERR_REASON(X509V3_R_INVALID_IPADDRESS), "invalid ipaddress"}, - {ERR_REASON(X509V3_R_INVALID_MULTIPLE_RDNS), "invalid multiple rdns"}, - {ERR_REASON(X509V3_R_INVALID_NAME), "invalid name"}, - {ERR_REASON(X509V3_R_INVALID_NULL_ARGUMENT), "invalid null argument"}, - {ERR_REASON(X509V3_R_INVALID_NULL_NAME), "invalid null name"}, - {ERR_REASON(X509V3_R_INVALID_NULL_VALUE), "invalid null value"}, - {ERR_REASON(X509V3_R_INVALID_NUMBER), "invalid number"}, - {ERR_REASON(X509V3_R_INVALID_NUMBERS), "invalid numbers"}, - {ERR_REASON(X509V3_R_INVALID_OBJECT_IDENTIFIER), - "invalid object identifier"}, - {ERR_REASON(X509V3_R_INVALID_OPTION), "invalid option"}, - {ERR_REASON(X509V3_R_INVALID_POLICY_IDENTIFIER), - "invalid policy identifier"}, - {ERR_REASON(X509V3_R_INVALID_PROXY_POLICY_SETTING), - "invalid proxy policy setting"}, - {ERR_REASON(X509V3_R_INVALID_PURPOSE), "invalid purpose"}, - {ERR_REASON(X509V3_R_INVALID_SAFI), "invalid safi"}, - {ERR_REASON(X509V3_R_INVALID_SECTION), "invalid section"}, - {ERR_REASON(X509V3_R_INVALID_SYNTAX), "invalid syntax"}, - {ERR_REASON(X509V3_R_ISSUER_DECODE_ERROR), "issuer decode error"}, - {ERR_REASON(X509V3_R_MISSING_VALUE), "missing value"}, - {ERR_REASON(X509V3_R_NEED_ORGANIZATION_AND_NUMBERS), - "need organization and numbers"}, - {ERR_REASON(X509V3_R_NO_CONFIG_DATABASE), "no config database"}, - {ERR_REASON(X509V3_R_NO_ISSUER_CERTIFICATE), "no issuer certificate"}, - {ERR_REASON(X509V3_R_NO_ISSUER_DETAILS), "no issuer details"}, - {ERR_REASON(X509V3_R_NO_POLICY_IDENTIFIER), "no policy identifier"}, - {ERR_REASON(X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED), - "no proxy cert policy language defined"}, - {ERR_REASON(X509V3_R_NO_PUBLIC_KEY), "no public key"}, - {ERR_REASON(X509V3_R_NO_SUBJECT_DETAILS), "no subject details"}, - {ERR_REASON(X509V3_R_OPERATION_NOT_DEFINED), "operation not defined"}, - {ERR_REASON(X509V3_R_OTHERNAME_ERROR), "othername error"}, - {ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED), - "policy language already defined"}, - {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH), "policy path length"}, - {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED), - "policy path length already defined"}, - {ERR_REASON(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY), - "policy when proxy language requires no policy"}, - {ERR_REASON(X509V3_R_SECTION_NOT_FOUND), "section not found"}, - {ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS), - "unable to get issuer details"}, - {ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_KEYID), - "unable to get issuer keyid"}, - {ERR_REASON(X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT), - "unknown bit string argument"}, - {ERR_REASON(X509V3_R_UNKNOWN_EXTENSION), "unknown extension"}, - {ERR_REASON(X509V3_R_UNKNOWN_EXTENSION_NAME), "unknown extension name"}, - {ERR_REASON(X509V3_R_UNKNOWN_OPTION), "unknown option"}, - {ERR_REASON(X509V3_R_UNSUPPORTED_OPTION), "unsupported option"}, - {ERR_REASON(X509V3_R_UNSUPPORTED_TYPE), "unsupported type"}, - {ERR_REASON(X509V3_R_USER_TOO_LONG), "user too long"}, +static const ERR_STRING_DATA X509V3_str_reasons[] = { + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_BAD_IP_ADDRESS), "bad ip address"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_BAD_OBJECT), "bad object"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_BN_DEC2BN_ERROR), "bn dec2bn error"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_BN_TO_ASN1_INTEGER_ERROR), + "bn to asn1 integer error"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_DIRNAME_ERROR), "dirname error"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_DISTPOINT_ALREADY_SET), + "distpoint already set"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_DUPLICATE_ZONE_ID), + "duplicate zone id"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ERROR_CONVERTING_ZONE), + "error converting zone"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ERROR_CREATING_EXTENSION), + "error creating extension"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ERROR_IN_EXTENSION), + "error in extension"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXPECTED_A_SECTION_NAME), + "expected a section name"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_EXISTS), + "extension exists"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_NAME_ERROR), + "extension name error"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_NOT_FOUND), + "extension not found"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED), + "extension setting not supported"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_VALUE_ERROR), + "extension value error"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ILLEGAL_EMPTY_EXTENSION), + "illegal empty extension"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INCORRECT_POLICY_SYNTAX_TAG), + "incorrect policy syntax tag"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_ASNUMBER), + "invalid asnumber"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_ASRANGE), "invalid asrange"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_BOOLEAN_STRING), + "invalid boolean string"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_EXTENSION_STRING), + "invalid extension string"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_INHERITANCE), + "invalid inheritance"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_IPADDRESS), + "invalid ipaddress"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_MULTIPLE_RDNS), + "invalid multiple rdns"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NAME), "invalid name"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NULL_ARGUMENT), + "invalid null argument"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NULL_NAME), + "invalid null name"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NULL_VALUE), + "invalid null value"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NUMBER), "invalid number"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NUMBERS), "invalid numbers"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_OBJECT_IDENTIFIER), + "invalid object identifier"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_OPTION), "invalid option"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_POLICY_IDENTIFIER), + "invalid policy identifier"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_PROXY_POLICY_SETTING), + "invalid proxy policy setting"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_PURPOSE), "invalid purpose"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_SAFI), "invalid safi"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_SECTION), "invalid section"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_SYNTAX), "invalid syntax"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ISSUER_DECODE_ERROR), + "issuer decode error"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_MISSING_VALUE), "missing value"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NEED_ORGANIZATION_AND_NUMBERS), + "need organization and numbers"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_CONFIG_DATABASE), + "no config database"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_ISSUER_CERTIFICATE), + "no issuer certificate"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_ISSUER_DETAILS), + "no issuer details"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_POLICY_IDENTIFIER), + "no policy identifier"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED), + "no proxy cert policy language defined"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_PUBLIC_KEY), "no public key"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_SUBJECT_DETAILS), + "no subject details"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_OPERATION_NOT_DEFINED), + "operation not defined"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_OTHERNAME_ERROR), "othername error"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED), + "policy language already defined"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_POLICY_PATH_LENGTH), + "policy path length"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED), + "policy path length already defined"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY), + "policy when proxy language requires no policy"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_SECTION_NOT_FOUND), + "section not found"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS), + "unable to get issuer details"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNABLE_TO_GET_ISSUER_KEYID), + "unable to get issuer keyid"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT), + "unknown bit string argument"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNKNOWN_EXTENSION), + "unknown extension"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNKNOWN_EXTENSION_NAME), + "unknown extension name"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNKNOWN_OPTION), "unknown option"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNSUPPORTED_OPTION), + "unsupported option"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNSUPPORTED_TYPE), + "unsupported type"}, + {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_USER_TOO_LONG), "user too long"}, {0, NULL} }; @@ -178,10 +248,9 @@ static ERR_STRING_DATA X509V3_str_reasons[] = { int ERR_load_X509V3_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(X509V3_str_functs[0].error) == NULL) { - ERR_load_strings(0, X509V3_str_functs); - ERR_load_strings(0, X509V3_str_reasons); + ERR_load_strings_const(X509V3_str_functs); + ERR_load_strings_const(X509V3_str_reasons); } #endif return 1; diff --git a/deps/openssl/openssl/crypto/x509v3/v3prin.c b/deps/openssl/openssl/crypto/x509v3/v3prin.c deleted file mode 100644 index 7431a4ea61e3d6..00000000000000 --- a/deps/openssl/openssl/crypto/x509v3/v3prin.c +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include - -int main(int argc, char **argv) -{ - X509 *cert; - FILE *inf; - int i, count; - X509_EXTENSION *ext; - - X509V3_add_standard_extensions(); - ERR_load_crypto_strings(); - if (!argv[1]) { - fprintf(stderr, "Usage v3prin cert.pem\n"); - exit(1); - } - if ((inf = fopen(argv[1], "r")) == NULL) { - fprintf(stderr, "Can't open %s\n", argv[1]); - exit(1); - } - if ((cert = PEM_read_X509(inf, NULL, NULL)) == NULL) { - fprintf(stderr, "Can't read certificate %s\n", argv[1]); - ERR_print_errors_fp(stderr); - exit(1); - } - fclose(inf); - count = X509_get_ext_count(cert); - printf("%d extensions\n", count); - for (i = 0; i < count; i++) { - ext = X509_get_ext(cert, i); - printf("%s\n", OBJ_nid2ln(OBJ_obj2nid(ext->object))); - if (!X509V3_EXT_print_fp(stdout, ext, 0, 0)) - ERR_print_errors_fp(stderr); - printf("\n"); - - } - return 0; -} diff --git a/deps/openssl/openssl/crypto/x86_64cpuid.pl b/deps/openssl/openssl/crypto/x86_64cpuid.pl index 1a6f728de154cb..6423e803b75954 100644 --- a/deps/openssl/openssl/crypto/x86_64cpuid.pl +++ b/deps/openssl/openssl/crypto/x86_64cpuid.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -63,10 +63,12 @@ .type OPENSSL_ia32_cpuid,\@function,1 .align 16 OPENSSL_ia32_cpuid: +.cfi_startproc mov %rbx,%r8 # save %rbx +.cfi_register %rbx,%r8 xor %eax,%eax - mov %eax,8(%rdi) # clear extended feature flags + mov %rax,8(%rdi) # clear extended feature flags cpuid mov %eax,%r11d # max value for standard query level @@ -137,6 +139,7 @@ .Lnocacheinfo: mov \$1,%eax cpuid + movd %eax,%xmm0 # put aside processor id and \$0xbfefffff,%edx # force reserved bits to 0 cmp \$0,%r9d jne .Lnotintel @@ -184,26 +187,45 @@ jc .Lnotknights and \$0xfff7ffff,%ebx # clear ADCX/ADOX flag .Lnotknights: + movd %xmm0,%eax # restore processor id + and \$0x0fff0ff0,%eax + cmp \$0x00050650,%eax # Skylake-X + jne .Lnotskylakex + and \$0xfffeffff,%ebx # ~(1<<16) + # suppress AVX512F flag on Skylake-X +.Lnotskylakex: mov %ebx,8(%rdi) # save extended feature flags + mov %ecx,12(%rdi) .Lno_extended_info: bt \$27,%r9d # check OSXSAVE bit jnc .Lclear_avx xor %ecx,%ecx # XCR0 .byte 0x0f,0x01,0xd0 # xgetbv + and \$0xe6,%eax # isolate XMM, YMM and ZMM state support + cmp \$0xe6,%eax + je .Ldone + andl \$0x3fdeffff,8(%rdi) # ~(1<<31|1<<30|1<<21|1<<16) + # clear AVX512F+BW+VL+FIMA, all of + # them are EVEX-encoded, which requires + # ZMM state support even if one uses + # only XMM and YMM :-( and \$6,%eax # isolate XMM and YMM state support cmp \$6,%eax je .Ldone .Lclear_avx: mov \$0xefffe7ff,%eax # ~(1<<28|1<<12|1<<11) and %eax,%r9d # clear AVX, FMA and AMD XOP bits - andl \$0xffffffdf,8(%rdi) # clear AVX2, ~(1<<5) + mov \$0x3fdeffdf,%eax # ~(1<<31|1<<30|1<<21|1<<16|1<<5) + and %eax,8(%rdi) # clear AVX2 and AVX512* bits .Ldone: shl \$32,%r9 mov %r10d,%eax mov %r8,%rbx # restore %rbx +.cfi_restore %rbx or %r9,%rax ret +.cfi_endproc .size OPENSSL_ia32_cpuid,.-OPENSSL_ia32_cpuid .globl OPENSSL_cleanse @@ -249,6 +271,18 @@ xor %r10,%r10 cmp \$0,$arg3 je .Lno_data + cmp \$16,$arg3 + jne .Loop_cmp + mov ($arg1),%r10 + mov 8($arg1),%r11 + mov \$1,$arg3 + xor ($arg2),%r10 + xor 8($arg2),%r11 + or %r11,%r10 + cmovnz $arg3,%rax + ret + +.align 16 .Loop_cmp: mov ($arg1),%r10b lea 1($arg1),$arg1 @@ -412,21 +446,6 @@ sub gen_random { my $rdop = shift; print<<___; -.globl OPENSSL_ia32_${rdop} -.type OPENSSL_ia32_${rdop},\@abi-omnipotent -.align 16 -OPENSSL_ia32_${rdop}: - mov \$8,%ecx -.Loop_${rdop}: - ${rdop} %rax - jc .Lbreak_${rdop} - loop .Loop_${rdop} -.Lbreak_${rdop}: - cmp \$0,%rax - cmove %rcx,%rax - ret -.size OPENSSL_ia32_${rdop},.-OPENSSL_ia32_${rdop} - .globl OPENSSL_ia32_${rdop}_bytes .type OPENSSL_ia32_${rdop}_bytes,\@abi-omnipotent .align 16 @@ -460,11 +479,12 @@ sub gen_random { mov %r10b,($arg1) lea 1($arg1),$arg1 inc %rax - shr \$8,%r8 + shr \$8,%r10 dec $arg2 jnz .Ltail_${rdop}_bytes .Ldone_${rdop}_bytes: + xor %r10,%r10 # Clear sensitive data from register ret .size OPENSSL_ia32_${rdop}_bytes,.-OPENSSL_ia32_${rdop}_bytes ___ diff --git a/deps/openssl/openssl/crypto/x86cpuid.pl b/deps/openssl/openssl/crypto/x86cpuid.pl index 4622a9fa66a6a8..d43dda4d935cbd 100644 --- a/deps/openssl/openssl/crypto/x86cpuid.pl +++ b/deps/openssl/openssl/crypto/x86cpuid.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -14,7 +14,7 @@ open OUT,">$output"; *STDOUT=*OUT; -&asm_init($ARGV[0],"x86cpuid"); +&asm_init($ARGV[0]); for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } @@ -89,7 +89,7 @@ &ja (&label("generic")); &and ("edx",0xefffffff); # clear hyper-threading bit &jmp (&label("generic")); - + &set_label("intel"); &cmp ("edi",4); &mov ("esi",-1); @@ -110,7 +110,7 @@ &cmp ("ebp",0); &jne (&label("notintel")); &or ("edx",1<<30); # set reserved bit#30 on Intel CPUs - &and (&HB("eax"),15); # familiy ID + &and (&HB("eax"),15); # family ID &cmp (&HB("eax"),15); # P4? &jne (&label("notintel")); &or ("edx",1<<20); # set reserved bit#20 to engage RC4_CHAR @@ -290,45 +290,6 @@ &ret (); &function_end_B("OPENSSL_atomic_add"); -# This function can become handy under Win32 in situations when -# we don't know which calling convention, __stdcall or __cdecl(*), -# indirect callee is using. In C it can be deployed as -# -#ifdef OPENSSL_CPUID_OBJ -# type OPENSSL_indirect_call(void *f,...); -# ... -# OPENSSL_indirect_call(func,[up to $max arguments]); -#endif -# -# (*) it's designed to work even for __fastcall if number of -# arguments is 1 or 2! -&function_begin_B("OPENSSL_indirect_call"); - { - my ($max,$i)=(7,); # $max has to be chosen as 4*n-1 - # in order to preserve eventual - # stack alignment - &push ("ebp"); - &mov ("ebp","esp"); - &sub ("esp",$max*4); - &mov ("ecx",&DWP(12,"ebp")); - &mov (&DWP(0,"esp"),"ecx"); - &mov ("edx",&DWP(16,"ebp")); - &mov (&DWP(4,"esp"),"edx"); - for($i=2;$i<$max;$i++) - { - # Some copies will be redundant/bogus... - &mov ("eax",&DWP(12+$i*4,"ebp")); - &mov (&DWP(0+$i*4,"esp"),"eax"); - } - &call_ptr (&DWP(8,"ebp"));# make the call... - &mov ("esp","ebp"); # ... and just restore the stack pointer - # without paying attention to what we called, - # (__cdecl *func) or (__stdcall *one). - &pop ("ebp"); - &ret (); - } -&function_end_B("OPENSSL_indirect_call"); - &function_begin_B("OPENSSL_cleanse"); &mov ("edx",&wparam(0)); &mov ("ecx",&wparam(1)); @@ -492,18 +453,6 @@ sub gen_random { my $rdop = shift; -&function_begin_B("OPENSSL_ia32_${rdop}"); - &mov ("ecx",8); -&set_label("loop"); - &${rdop}("eax"); - &jc (&label("break")); - &loop (&label("loop")); -&set_label("break"); - &cmp ("eax",0); - &cmove ("eax","ecx"); - &ret (); -&function_end_B("OPENSSL_ia32_${rdop}"); - &function_begin_B("OPENSSL_ia32_${rdop}_bytes"); &push ("edi"); &push ("ebx"); @@ -541,6 +490,7 @@ sub gen_random { &jnz (&label("tail")); &set_label("done"); + &xor ("edx","edx"); # Clear random value from registers &pop ("ebx"); &pop ("edi"); &ret (); diff --git a/deps/openssl/openssl/demos/bio/Makefile b/deps/openssl/openssl/demos/bio/Makefile index 493e8a58a52d84..5a4e4a4ae2c14a 100644 --- a/deps/openssl/openssl/demos/bio/Makefile +++ b/deps/openssl/openssl/demos/bio/Makefile @@ -27,4 +27,4 @@ server-cmod: server-cmod.o server-conf: server-conf.o client-arg client-conf saccept sconnect server-arg server-cmod server-conf: - $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< + $(CC) $(CFLAGS) -o $@ $< $(LDFLAGS) diff --git a/deps/openssl/openssl/demos/bio/intca.pem b/deps/openssl/openssl/demos/bio/intca.pem index 3551ea93d5bdd5..9f1cc025c85c5b 100644 --- a/deps/openssl/openssl/demos/bio/intca.pem +++ b/deps/openssl/openssl/demos/bio/intca.pem @@ -1,23 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIDvjCCAqagAwIBAgIJAPzCy4CUW9/qMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT -VElORyBQVVJQT1NFUyBPTkxZMR0wGwYDVQQDDBRPcGVuU1NMIFRlc3QgUm9vdCBD -QTAeFw0xNTA3MTQxMzIyMDVaFw0yNTA2MjExMzIyMDVaMHAxCzAJBgNVBAYTAlVL -MRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVTVElORyBQ -VVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJtZWRpYXRl -IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsErw75CmLYD6pkrG -W/YhAl/K8L5wJYxDjqu2FghxjD8K308W3EHq4uBxEwR1OHXaM1+6ZZw7/r2I37VL -IdurBEAIEUdbzx0so74FPawgz5EW2CTqoJnK8F71/vo5Kj1VPwW46CxwxUR3cfvJ -GNXND2ip0TcyTSPLROXOyQakcVfIGJmdSa1wHKi+c2gMA4emADudZUOYLrg80gr2 -ldePm07ynbVsKKzCcStw8MdmoW9Qt3fLnPJn2TFUUBNWj+4kvL+88edWCVQXKNds -ysD/CDrH4W/hjyPDStVsM6XpiNU0+L2ZY6fcj3OP8d0goOx45xotMn9m8hNkCGsr -VXx9IwIDAQABo2MwYTAdBgNVHQ4EFgQUNsNsiOeV/rC97M4+PYarIYGH2towHwYD -VR0jBBgwFoAUjBkP10IxdwUG4dOxn+s5+3hxOkUwDwYDVR0TAQH/BAUwAwEB/zAO -BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAANQT0pDWBQoT/RY76xz -audadGz/dfYnwvSwT0RMFcXLcMVVRNqP0HeR8OP8qLaP7onRbNnEXNfos9pxXYlg -j+/WjWTBLVcr3pX2Xtmcaqw3CGN9qbQI8B3JkYeijZmc5+3r5MzK/9R0w8Y/T9Xt -CXEiQhtWHpPrFEfrExeVy2kjJNRctEfq3OTd1bjgX64zvTU7eR+MHFYKPoyMqwIR -gjoVKinvovEwWoZe5kfMQwJNA3IgoJexX9BXbS8efAYF/ku3tS0laoZS/q6V/o5I -RvG0OqnNgxhul+96PE5ujSaprsyvBswIUKt+e/BCxGaS6f2AJ8RmtoPOSfT4b9qN -thI= +MIIEPzCCAqegAwIBAgIILsaQqJAjK4IwDQYJKoZIhvcNAQELBQAwaDELMAkGA1UE +BhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBURVNU +SU5HIFBVUlBPU0VTIE9OTFkxHTAbBgNVBAMMFE9wZW5TU0wgVGVzdCBSb290IENB +MCAXDTE4MDYxNDEyNDYyOFoYDzIxMTgwNjE0MTI0NjI4WjBwMQswCQYDVQQGEwJV +SzEWMBQGA1UECgwNT3BlblNTTCBHcm91cDEiMCAGA1UECwwZRk9SIFRFU1RJTkcg +UFVSUE9TRVMgT05MWTElMCMGA1UEAwwcT3BlblNTTCBUZXN0IEludGVybWVkaWF0 +ZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANIpVng2wNFJp2kF +oJ6Yji25wy1YufnS8NxA82fk5OHdhGWj1CWqnQNotEqEQzcOUszQYrNxd8tEvoWk +Ik4JMBVoEcgBGedchftptTNulFWodWpi1yFaqA/Nz2BsVgcCJW4C+UWDT7VeHtGU +7tYKKr35lxp6io/a4jUDQXvO2nJA9YlrxOktunMqtoZSYqUz35ZXsdkn58o8Fbqm +dEpw6AqAr9aBgY5DSaGxbaX2lwNt9NvB+f9ucOqEnPP8AfTlPYc/ENwJ6u/H8RGw +d1im71mu2lHjcws3aHkbluH860U3vlKWx6Ff1qdQcH98e2HwElqxCK00xya8leu4 +u64nljkCAwEAAaNjMGEwHQYDVR0OBBYEFAoDRKVoOufDXW5Ui7L4ONxANVsFMB8G +A1UdIwQYMBaAFDZjTeLsQUG6KL9xuLhzXVdB4pkKMA8GA1UdEwEB/wQFMAMBAf8w +DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBgQDZQJLA90ewVaS3E3du +gSjPkQ1xsHm8H1am+7zr5oZ81J+R8XYIZgMR+9ShVo38OradiYNqDLso+4iuVdxh +hzoSoQELoDXCficzWKnlAtWvwDDoczyK+/p94g3VKx14n2+GvQzoZ4kwQQgaFH1w +YI6w0oH9zwoklCxvihj8D069QrYyuTT8JGZ2m0FHqVJg6teuQKFahSgwYR2CUoIb +6PrpSUQeCVCH8TPkzlRT6UgtM3ERt7+TlQ+zZ80dSf4YTAsDv9Z/CJXiF/5wZr6/ +lWuFjWmX2HkpEW6Wiv5KF8QP6Ft7Z+RYua7RMtELCYvqYbWDBs7fXWGBkZ5xhB09 +jCxz+F7zOeRbyzacfFq9DhxCWCRbIrdgGGE/Of2ujJtmK/2p4M6E5IsKNAI2SJBW +iJXvIgQgR22ehPqy6er2Gog5LkWUwqB0kHZJJpbp1IW01IGTpD6YAJyVCEAlyMbo +Kto9+wQFLT3Auv/W5h6OwxkNdfAyZBYy0ZSFk4EE8OdWWY4= -----END CERTIFICATE----- diff --git a/deps/openssl/openssl/demos/bio/root.pem b/deps/openssl/openssl/demos/bio/root.pem index 3bd0e9b3effd53..b1a1c211797735 100644 --- a/deps/openssl/openssl/demos/bio/root.pem +++ b/deps/openssl/openssl/demos/bio/root.pem @@ -1,22 +1,28 @@ -----BEGIN CERTIFICATE----- -MIIDtjCCAp6gAwIBAgIJAKkg71CjIAovMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT -VElORyBQVVJQT1NFUyBPTkxZMR0wGwYDVQQDDBRPcGVuU1NMIFRlc3QgUm9vdCBD -QTAeFw0xNDAyMjMxMzA1MTNaFw0yNDAyMjExMzA1MTNaMGgxCzAJBgNVBAYTAlVL -MRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVTVElORyBQ -VVJQT1NFUyBPTkxZMR0wGwYDVQQDDBRPcGVuU1NMIFRlc3QgUm9vdCBDQTCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANMaarigKGOra5Mc/LrhOkcmHzDs -vkYL7dfaaht8fLBKRTYwzSBvO9x54koTWjq7HkbaxkYAg3HnDTkNCyzkGKNdM89H -q/PtGIFFlceQIOat3Kjd05Iw3PtLEWTDjT6FMA9Mkjk/XbpmycqRIwNKtgICoFsG -juIpc4P31kxK7i3ri+JnlyvVmRZjJxrheJB0qHGXilrOVDPOliDn//jXbcyzXemu -R8KgAeQM4IIs9jYHJOgHrTItIpwa9wNTEp9KCGkO6xr20NkKyDp6XRyd+hmnUB7r -77WTptvKPFFTjTDFqEtcif9U2kVkCfn2mSRO8noCbVH++fuR8LMWlD99gt8CAwEA -AaNjMGEwHQYDVR0OBBYEFIwZD9dCMXcFBuHTsZ/rOft4cTpFMB8GA1UdIwQYMBaA -FIwZD9dCMXcFBuHTsZ/rOft4cTpFMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ -BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCsoxVi49anYZ1aI/2rVJ5bvEd3ZvGn -wx1Y+l75SQVYU2qX9CHNBVg1t8reIBN8yPEfBM1WcFPEg7Vy3zFaklMPm/oYXwVI -/lX/LsfPUxdnQmONxLw4x/0booN1LV/dtRcebewUSqog6W9Z2fbTEe6srIBE4M5G -Wa943lthlmQM6HzlU4D606PQ3zQbX08mue4eqQB813r4uSoI1MpGLqxkziBRFGGN -T4VNYp8DeSVr3jHjNBmKCAPZxJIYElnLEK027OG00RH7sF7SGFDNsCjN1NmCvuRz -9AHnjVIBNzIvI3uiOn9tngRDXBRIcUBsdYG19tal8yWBgrr9SdlqFy/Y +MIIEwzCCAyugAwIBAgIUHKKc7fxVgQjWQ7IF6l7m/fHQHH8wDQYJKoZIhvcNAQEL +BQAwaDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNV +BAsMGUZPUiBURVNUSU5HIFBVUlBPU0VTIE9OTFkxHTAbBgNVBAMMFE9wZW5TU0wg +VGVzdCBSb290IENBMCAXDTE4MDYxNDEyNDYyOFoYDzIxMTgwNjE0MTI0NjI4WjBo +MQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91cDEiMCAGA1UECwwZ +Rk9SIFRFU1RJTkcgUFVSUE9TRVMgT05MWTEdMBsGA1UEAwwUT3BlblNTTCBUZXN0 +IFJvb3QgQ0EwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDaTVriXS5C +6C17OxGwWR4xxdLveLLkAb0+nSiYpzfCcEGX3qiBxHDA+Nj1kkihIJNkXmrKxa3w +1XIVoSUaVULuVxe3vqla+DScGC9MLVsfIwWe8UdGsKst4VvvtNvQUZ5CvLF4jv0V +nabvQhcjY5X7A/t8cZcjOHcaZ9fkThhG/7tJKwp4dLgPcXIimQ0UtP5gRBxnpEYd +l21mPjafqPt02lfOWTgnT5PeVoBDmN7QcrTlI7RzaeDglwFm10rNuYsRxrVsEfiG +Ejup/1eM/69zkV4Lb2RFbIpZ+oKqQ5AEemh6/IP9VwX08DOX3T1EqwthyB+yOZgp +BQ/MZ2M21E03sxlgPGKkRVTU520az84Tyft7T7sJ6BeGSMrdEZVUSJxsS/iFFwL2 +ubmhG6tq0ALIyoS+rUeHUeH2pVnEEcHIXAsLbCXfmsRpWU1fOHcpkTSzbMPhqMa3 +K8aKNHni0UtoD+ddOw0Zrx4uf3zlbPCzy2eQ2d8qb/TSynGxWmN8an8CAwEAAaNj +MGEwHQYDVR0OBBYEFDZjTeLsQUG6KL9xuLhzXVdB4pkKMB8GA1UdIwQYMBaAFDZj +TeLsQUG6KL9xuLhzXVdB4pkKMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD +AgEGMA0GCSqGSIb3DQEBCwUAA4IBgQCFbQA4yoXhxVQm+tEMpfKf2VEzQVNw0Tzd +Vy+zbscQ04RM4Hx4YbICdX+J7M2fYByU+KawllZJI++mfS9sbnuPIouD5NJLX5EH +//5rySOqA0OkN/Y8f41xp/YF5j96NUCjg3RoerefRSHZfNWJE1faQEHuhwDZK6OQ +GNgt246FZ7ittfe537MHUWY7CjKt6kILN03rVKSgRwwOw5Tv+VyUVyUtRppWl57L +Z+41g0gZ/r7h6ACd+n35nuzgbmqUF2VNYQLo7RzaxPvtkzJ4t96r+5NAr1cx8thr +3rnJWSgpm1ZKdtHMj1jCLxarn8gNz2gB35Tn2NdzHQI0/aEEcfLWpU9mrmhUW+yy +WEN2R8BqGsC++HhlUKKJZgR48SHF5MOBl4KyZPylBuPYcJFQdnEbioBLPlvt5bbt ++o/w3sCR3ZVHMB0n9OcQwd6tdN7aDiept6lJPlOp4dfFjkku8J5nM0oY/Xsg194A +rRK0SBUCVN/2NSHFl9LKEqQiQIUjOQM= -----END CERTIFICATE----- diff --git a/deps/openssl/openssl/demos/bio/saccept.c b/deps/openssl/openssl/demos/bio/saccept.c index 66c5c6175502d0..de86ae6322b8a0 100644 --- a/deps/openssl/openssl/demos/bio/saccept.c +++ b/deps/openssl/openssl/demos/bio/saccept.c @@ -1,5 +1,5 @@ /* - * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -19,12 +19,13 @@ #include #include +#include #include #include #define CERT_FILE "server.pem" -static int done = 0; +static volatile int done = 0; void interrupt(int sig) { @@ -51,7 +52,7 @@ int main(int argc, char *argv[]) BIO *ssl_bio, *tmp; SSL_CTX *ctx; char buf[512]; - int ret = 1, i; + int ret = EXIT_FAILURE, i; if (argc <= 1) port = "*:4433"; @@ -111,12 +112,10 @@ int main(int argc, char *argv[]) fflush(stdout); } - ret = 0; + ret = EXIT_SUCCESS; err: - if (ret) { + if (ret != EXIT_SUCCESS) ERR_print_errors_fp(stderr); - } BIO_free(in); - exit(ret); - return (!ret); + return ret; } diff --git a/deps/openssl/openssl/demos/bio/sconnect.c b/deps/openssl/openssl/demos/bio/sconnect.c index 664a1e038cf9e8..db71f29afe5c2c 100644 --- a/deps/openssl/openssl/demos/bio/sconnect.c +++ b/deps/openssl/openssl/demos/bio/sconnect.c @@ -1,5 +1,5 @@ /* - * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -18,17 +18,14 @@ #include #include #include +#include #include #include #define HOSTPORT "localhost:4433" #define CAFILE "root.pem" -extern int errno; - -int main(argc, argv) -int argc; -char *argv[]; +int main(int argc, char *argv[]) { const char *hostport = HOSTPORT; const char *CAfile = CAFILE; @@ -39,7 +36,7 @@ char *argv[]; SSL_CTX *ssl_ctx = NULL; SSL *ssl; BIO *ssl_bio; - int i, len, off, ret = 1; + int i, len, off, ret = EXIT_FAILURE; if (argc > 1) hostport = argv[1]; @@ -115,17 +112,18 @@ char *argv[]; fwrite(buf, 1, i, stdout); } - ret = 1; + ret = EXIT_SUCCESS; goto done; err: if (ERR_peek_error() == 0) { /* system call error */ fprintf(stderr, "errno=%d ", errno); perror("error"); - } else + } else { ERR_print_errors_fp(stderr); + } done: BIO_free_all(out); SSL_CTX_free(ssl_ctx); - return (ret == 1); + return ret; } diff --git a/deps/openssl/openssl/demos/bio/server-arg.c b/deps/openssl/openssl/demos/bio/server-arg.c index 6056969fe9e83a..d80d070f7a7329 100644 --- a/deps/openssl/openssl/demos/bio/server-arg.c +++ b/deps/openssl/openssl/demos/bio/server-arg.c @@ -1,5 +1,5 @@ /* - * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -16,6 +16,7 @@ #include #include #include +#include #include #include @@ -27,7 +28,7 @@ int main(int argc, char *argv[]) SSL_CONF_CTX *cctx; char buf[512]; BIO *in = NULL; - int ret = 1, i; + int ret = EXIT_FAILURE, i; char **args = argv + 1; int nargs = argc - 1; @@ -134,12 +135,10 @@ int main(int argc, char *argv[]) fflush(stdout); } - ret = 0; + ret = EXIT_SUCCESS; err: - if (ret) { + if (ret != EXIT_SUCCESS) ERR_print_errors_fp(stderr); - } BIO_free(in); - exit(ret); - return (!ret); + return ret; } diff --git a/deps/openssl/openssl/demos/bio/server-cmod.c b/deps/openssl/openssl/demos/bio/server-cmod.c index 9cb246375ca6b5..f1079ad329884e 100644 --- a/deps/openssl/openssl/demos/bio/server-cmod.c +++ b/deps/openssl/openssl/demos/bio/server-cmod.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,6 +14,7 @@ #include #include +#include #include #include #include @@ -25,7 +26,7 @@ int main(int argc, char *argv[]) BIO *in = NULL; BIO *ssl_bio, *tmp; SSL_CTX *ctx; - int ret = 1, i; + int ret = EXIT_FAILURE, i; ctx = SSL_CTX_new(TLS_server_method()); @@ -84,12 +85,10 @@ int main(int argc, char *argv[]) fflush(stdout); } - ret = 0; + ret = EXIT_SUCCESS; err: - if (ret) { + if (ret != EXIT_SUCCESS) ERR_print_errors_fp(stderr); - } BIO_free(in); - exit(ret); - return (!ret); + return ret; } diff --git a/deps/openssl/openssl/demos/bio/server-conf.c b/deps/openssl/openssl/demos/bio/server-conf.c index 41b13089c691e1..4d1655bfc96dfa 100644 --- a/deps/openssl/openssl/demos/bio/server-conf.c +++ b/deps/openssl/openssl/demos/bio/server-conf.c @@ -1,5 +1,5 @@ /* - * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -16,6 +16,7 @@ #include #include #include +#include #include #include #include @@ -32,7 +33,7 @@ int main(int argc, char *argv[]) CONF_VALUE *cnf; long errline = -1; char buf[512]; - int ret = 1, i; + int ret = EXIT_FAILURE, i; ctx = SSL_CTX_new(TLS_server_method()); @@ -129,12 +130,10 @@ int main(int argc, char *argv[]) fflush(stdout); } - ret = 0; + ret = EXIT_SUCCESS; err: - if (ret) { + if (ret != EXIT_SUCCESS) ERR_print_errors_fp(stderr); - } BIO_free(in); - exit(ret); - return (!ret); + return ret; } diff --git a/deps/openssl/openssl/demos/bio/server-ec.pem b/deps/openssl/openssl/demos/bio/server-ec.pem index a13fdc7e287895..ce8dccc9c2f843 100644 --- a/deps/openssl/openssl/demos/bio/server-ec.pem +++ b/deps/openssl/openssl/demos/bio/server-ec.pem @@ -1,17 +1,17 @@ -----BEGIN PRIVATE KEY----- -MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg/5kYU3PUlHwfdjEN -lC1xTZEx3o55RgtSOuOCTryDfomhRANCAARW/qUFg+qZzjcFWrST4bmkRCFu8/rn -KTHjW2vpBXYGXKDn4AbAfYXYhM9J7v1HkkrZBPPGx53eVzs61/Pgr6Rc +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgsoKOpzTm/+VR5xOk +kgwtljzMFYtX4NGdqCkxjitXvLmhRANCAASsxTC21z8mDYAX/RgLK5XGJNmPlHcY +VMql6fSeS+9fTZnn1Ma12932/UBfFTITOuHviJYkQ5KxVSitmgMwnF3V -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIBsTCCAVegAwIBAgIJALChLe0vZzgoMAoGCCqGSM49BAMCMDUxHzAdBgNVBAsM -FlRlc3QgRUNEU0EgQ2VydGlmaWNhdGUxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0x -NTEyMjIxNDUxMDRaFw00NDAxMDQxNDUxMDRaMDUxHzAdBgNVBAsMFlRlc3QgRUNE -U0EgQ2VydGlmaWNhdGUxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG -CCqGSM49AwEHA0IABFb+pQWD6pnONwVatJPhuaREIW7z+ucpMeNba+kFdgZcoOfg -BsB9hdiEz0nu/UeSStkE88bHnd5XOzrX8+CvpFyjUDBOMB0GA1UdDgQWBBROhkTJ -lsm8Qd8pEgrrapccfFY5gjAfBgNVHSMEGDAWgBROhkTJlsm8Qd8pEgrrapccfFY5 -gjAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0gAMEUCIFhyU/WZRcihilTpwFVm -fly1JhwisouiZjLnPkRYZVzHAiEAgqxXfRQl1/phnEgO9gRcv2nFp9xvJiDgKPse -VktDYjE= +MIIBvjCCAWSgAwIBAgIURVOfyUojPPQMfDEVhKY4DIdeLY0wCgYIKoZIzj0EAwIw +NTEfMB0GA1UECwwWVGVzdCBFQ0RTQSBDZXJ0aWZpY2F0ZTESMBAGA1UEAwwJbG9j +YWxob3N0MCAXDTE4MDYxNDEyNDYyOFoYDzIxMTgwNjE0MTI0NjI4WjA1MR8wHQYD +VQQLDBZUZXN0IEVDRFNBIENlcnRpZmljYXRlMRIwEAYDVQQDDAlsb2NhbGhvc3Qw +WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASsxTC21z8mDYAX/RgLK5XGJNmPlHcY +VMql6fSeS+9fTZnn1Ma12932/UBfFTITOuHviJYkQ5KxVSitmgMwnF3Vo1AwTjAd +BgNVHQ4EFgQUA0dWehTLHzBYhzfXiTIVUOXDusMwHwYDVR0jBBgwFoAUA0dWehTL +HzBYhzfXiTIVUOXDusMwDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNIADBFAiEA +8/l8RyihzqlEnLjcyIEaXTZm4HyNgZRQKhNACCW3jd4CIEbMJAf/D0eY38EeP2xY +/BDy/BYXYmyDQeqiE+RDjG5X -----END CERTIFICATE----- diff --git a/deps/openssl/openssl/demos/bio/server.pem b/deps/openssl/openssl/demos/bio/server.pem index 8a4a51f9f06152..d4bc3937d01885 100644 --- a/deps/openssl/openssl/demos/bio/server.pem +++ b/deps/openssl/openssl/demos/bio/server.pem @@ -1,77 +1,79 @@ subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Server Cert issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA -----BEGIN CERTIFICATE----- -MIIDyTCCArGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVSzEW -MBQGA1UECgwNT3BlblNTTCBHcm91cDEiMCAGA1UECwwZRk9SIFRFU1RJTkcgUFVS -UE9TRVMgT05MWTElMCMGA1UEAwwcT3BlblNTTCBUZXN0IEludGVybWVkaWF0ZSBD -QTAgFw0xNjAxMDQwODU0NDZaGA8yMTE2MDEwNTA4NTQ0NlowZDELMAkGA1UEBhMC -VUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBURVNUSU5H -IFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgU2VydmVyIENlcnQwggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzhPOSNtyyRspmeuUpxfNJKCLTuf7g -3uQ4zu4iHOmRO5TQci+HhVlLZrHF9XqFXcIP0y4pWDbMSGuiorUmzmfiR7bfSdI/ -+qIQt8KXRH6HNG1t8ou0VSvWId5TS5Dq/er5ODUr9OaaDva7EquHIcMvvPQGuI+O -EAcnleVCy9HVEIySrO4P3CNIicnGkwwiAud05yUAq/gPXBC1hTtmlPD7TVcGVSEi -Jdvzqqlgv02qedGrkki6GY4S7GjZxrrf7Foc2EP+51LJzwLQx3/JfrCU41NEWAsu -/Sl0tQabXESN+zJ1pDqoZ3uHMgpQjeGiE0olr+YcsSW/tJmiU9OiAr8RAgMBAAGj -eDB2MB0GA1UdDgQWBBSCvM8AABPR9zklmifnr9LvIBturDAfBgNVHSMEGDAWgBQ2 -w2yI55X+sL3szj49hqshgYfa2jAJBgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUF -BwMBMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAC78R -sAr4uvkYOu/pSwQ3MYOFqZ0BnPuP0/AZW2zF7TLNy8g36GyH9rKxz2ffQEHRmPQN -Z11Ohg3z03jw/sVzkgt2U5Ipv923sSeCZcu0nuNex3v9/x72ldYikZNhQOsw+2kr -hx3OvE9R7xl9eyjz7BknsbY7PC3kiUY8SDdc5Fr/XMkHm3ge65oWYOHBjC5tAr5K -FGCEjM3syxS+Li5X6yfDGiVSjOU4gJuZDCYbl7cEQexU2deds8EmpJJrrI7s4JcQ -rraHI8+Hu8X9VLpZE1jl/fKJw3D0i53PoN2WhukIOg1Zv+ajMKQ4ubVfISH2ebox -+ybAZO8hxL6/I08/GQ== +MIID0DCCArigAwIBAgIIcsOElVeHzfYwDQYJKoZIhvcNAQELBQAwcDELMAkGA1UE +BhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBURVNU +SU5HIFBVUlBPU0VTIE9OTFkxJTAjBgNVBAMMHE9wZW5TU0wgVGVzdCBJbnRlcm1l +ZGlhdGUgQ0EwIBcNMTgwNjE0MTI0NjI4WhgPMjExODA2MTQxMjQ2MjhaMGQxCzAJ +BgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1Ig +VEVTVElORyBQVVJQT1NFUyBPTkxZMRkwFwYDVQQDDBBUZXN0IFNlcnZlciBDZXJ0 +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0jIZ8IZ4dIzBc+ZfdmG5 +n8G3JzRX99QvIqv52s4hFVfdzoa+AciKJpo9zkegWPmfsAVNa4uVceg/ZQt6qJsu +G/pxbQSZVnyjDQGtt7rgaDEbyUP0XJCnzyRdWSUjFS8yNZn4NkmZU01GlHtXdzWy +dEa5PaiTIwW0HI+bjjOEhwJ1hFuFqzlKHVKHA6DBzNcl6ly0E/q2kyslbR+0hq7p +NMqKvvuAxqgc//W8KvLDlKAt9D3t5zgh2+BrMPemrzjEaM97yHTogJo7+SKVDdUw +YQ7Br3xfyki9u2bUYib1BMSvLezxNP0qf/iU91z4xyLmMvOXE6W0D1WHwya1CfE7 +vwIDAQABo3gwdjAdBgNVHQ4EFgQU3ulCbvgfxej6rHnddMpBidwnLIIwHwYDVR0j +BBgwFoAUCgNEpWg658NdblSLsvg43EA1WwUwCQYDVR0TBAIwADATBgNVHSUEDDAK +BggrBgEFBQcDATAUBgNVHREEDTALgglsb2NhbGhvc3QwDQYJKoZIhvcNAQELBQAD +ggEBAENMzaqJtmWED++W4KXFVwNBkQ87errBXe4jVeYKpjNb0JGMm60MS5ty54fb +r27SsR2EEk3EK2rcd85RR7TEKZCn9SvPykVtVf0tru7nOptQJgSbRvxIzyyq1UcE +K+BXDgN/I0f1X6qbk4Stb6uJF7yyAUabacjwKqgVifOOeKF9WJhVA8qJKoVq7HLN +k+uvm0geO1I4LKeULXVnQy8kwB6twcxN8iPyO45ZxbYIVeEKaYtbj/XPoq6KsLIb +5fj+mK1r/LkWk352ksNhf73r3alF8TBcSLqnbMoy1/ZvzlI4ksp9IGWtIU+CzP/f +VUjh00NOwDLd5jJbPoWW0oNp9m4= -----END CERTIFICATE----- subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Root CA -----BEGIN CERTIFICATE----- -MIIDvjCCAqagAwIBAgIJAPzCy4CUW9/qMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT -VElORyBQVVJQT1NFUyBPTkxZMR0wGwYDVQQDDBRPcGVuU1NMIFRlc3QgUm9vdCBD -QTAeFw0xNTA3MTQxMzIyMDVaFw0yNTA2MjExMzIyMDVaMHAxCzAJBgNVBAYTAlVL -MRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVTVElORyBQ -VVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJtZWRpYXRl -IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsErw75CmLYD6pkrG -W/YhAl/K8L5wJYxDjqu2FghxjD8K308W3EHq4uBxEwR1OHXaM1+6ZZw7/r2I37VL -IdurBEAIEUdbzx0so74FPawgz5EW2CTqoJnK8F71/vo5Kj1VPwW46CxwxUR3cfvJ -GNXND2ip0TcyTSPLROXOyQakcVfIGJmdSa1wHKi+c2gMA4emADudZUOYLrg80gr2 -ldePm07ynbVsKKzCcStw8MdmoW9Qt3fLnPJn2TFUUBNWj+4kvL+88edWCVQXKNds -ysD/CDrH4W/hjyPDStVsM6XpiNU0+L2ZY6fcj3OP8d0goOx45xotMn9m8hNkCGsr -VXx9IwIDAQABo2MwYTAdBgNVHQ4EFgQUNsNsiOeV/rC97M4+PYarIYGH2towHwYD -VR0jBBgwFoAUjBkP10IxdwUG4dOxn+s5+3hxOkUwDwYDVR0TAQH/BAUwAwEB/zAO -BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAANQT0pDWBQoT/RY76xz -audadGz/dfYnwvSwT0RMFcXLcMVVRNqP0HeR8OP8qLaP7onRbNnEXNfos9pxXYlg -j+/WjWTBLVcr3pX2Xtmcaqw3CGN9qbQI8B3JkYeijZmc5+3r5MzK/9R0w8Y/T9Xt -CXEiQhtWHpPrFEfrExeVy2kjJNRctEfq3OTd1bjgX64zvTU7eR+MHFYKPoyMqwIR -gjoVKinvovEwWoZe5kfMQwJNA3IgoJexX9BXbS8efAYF/ku3tS0laoZS/q6V/o5I -RvG0OqnNgxhul+96PE5ujSaprsyvBswIUKt+e/BCxGaS6f2AJ8RmtoPOSfT4b9qN -thI= +MIIEPzCCAqegAwIBAgIILsaQqJAjK4IwDQYJKoZIhvcNAQELBQAwaDELMAkGA1UE +BhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBURVNU +SU5HIFBVUlBPU0VTIE9OTFkxHTAbBgNVBAMMFE9wZW5TU0wgVGVzdCBSb290IENB +MCAXDTE4MDYxNDEyNDYyOFoYDzIxMTgwNjE0MTI0NjI4WjBwMQswCQYDVQQGEwJV +SzEWMBQGA1UECgwNT3BlblNTTCBHcm91cDEiMCAGA1UECwwZRk9SIFRFU1RJTkcg +UFVSUE9TRVMgT05MWTElMCMGA1UEAwwcT3BlblNTTCBUZXN0IEludGVybWVkaWF0 +ZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANIpVng2wNFJp2kF +oJ6Yji25wy1YufnS8NxA82fk5OHdhGWj1CWqnQNotEqEQzcOUszQYrNxd8tEvoWk +Ik4JMBVoEcgBGedchftptTNulFWodWpi1yFaqA/Nz2BsVgcCJW4C+UWDT7VeHtGU +7tYKKr35lxp6io/a4jUDQXvO2nJA9YlrxOktunMqtoZSYqUz35ZXsdkn58o8Fbqm +dEpw6AqAr9aBgY5DSaGxbaX2lwNt9NvB+f9ucOqEnPP8AfTlPYc/ENwJ6u/H8RGw +d1im71mu2lHjcws3aHkbluH860U3vlKWx6Ff1qdQcH98e2HwElqxCK00xya8leu4 +u64nljkCAwEAAaNjMGEwHQYDVR0OBBYEFAoDRKVoOufDXW5Ui7L4ONxANVsFMB8G +A1UdIwQYMBaAFDZjTeLsQUG6KL9xuLhzXVdB4pkKMA8GA1UdEwEB/wQFMAMBAf8w +DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBgQDZQJLA90ewVaS3E3du +gSjPkQ1xsHm8H1am+7zr5oZ81J+R8XYIZgMR+9ShVo38OradiYNqDLso+4iuVdxh +hzoSoQELoDXCficzWKnlAtWvwDDoczyK+/p94g3VKx14n2+GvQzoZ4kwQQgaFH1w +YI6w0oH9zwoklCxvihj8D069QrYyuTT8JGZ2m0FHqVJg6teuQKFahSgwYR2CUoIb +6PrpSUQeCVCH8TPkzlRT6UgtM3ERt7+TlQ+zZ80dSf4YTAsDv9Z/CJXiF/5wZr6/ +lWuFjWmX2HkpEW6Wiv5KF8QP6Ft7Z+RYua7RMtELCYvqYbWDBs7fXWGBkZ5xhB09 +jCxz+F7zOeRbyzacfFq9DhxCWCRbIrdgGGE/Of2ujJtmK/2p4M6E5IsKNAI2SJBW +iJXvIgQgR22ehPqy6er2Gog5LkWUwqB0kHZJJpbp1IW01IGTpD6YAJyVCEAlyMbo +Kto9+wQFLT3Auv/W5h6OwxkNdfAyZBYy0ZSFk4EE8OdWWY4= -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEA84TzkjbcskbKZnrlKcXzSSgi07n+4N7kOM7uIhzpkTuU0HIv -h4VZS2axxfV6hV3CD9MuKVg2zEhroqK1Js5n4ke230nSP/qiELfCl0R+hzRtbfKL -tFUr1iHeU0uQ6v3q+Tg1K/Tmmg72uxKrhyHDL7z0BriPjhAHJ5XlQsvR1RCMkqzu -D9wjSInJxpMMIgLndOclAKv4D1wQtYU7ZpTw+01XBlUhIiXb86qpYL9NqnnRq5JI -uhmOEuxo2ca63+xaHNhD/udSyc8C0Md/yX6wlONTRFgLLv0pdLUGm1xEjfsydaQ6 -qGd7hzIKUI3hohNKJa/mHLElv7SZolPTogK/EQIDAQABAoIBAADq9FwNtuE5IRQn -zGtO4q7Y5uCzZ8GDNYr9RKp+P2cbuWDbvVAecYq2NV9QoIiWJOAYZKklOvekIju3 -r0UZLA0PRiIrTg6NrESx3JrjWDK8QNlUO7CPTZ39/K+FrmMkV9lem9yxjJjyC34D -AQB+YRTx+l14HppjdxNwHjAVQpIx/uO2F5xAMuk32+3K+pq9CZUtrofe1q4Agj9R -5s8mSy9pbRo9kW9wl5xdEotz1LivFOEiqPUJTUq5J5PeMKao3vdK726XI4Z455Nm -W2/MA0YV0ug2FYinHcZdvKM6dimH8GLfa3X8xKRfzjGjTiMSwsdjgMa4awY3tEHH -674jhAECgYEA/zqMrc0zsbNk83sjgaYIug5kzEpN4ic020rSZsmQxSCerJTgNhmg -utKSCt0Re09Jt3LqG48msahX8ycqDsHNvlEGPQSbMu9IYeO3Wr3fAm75GEtFWePY -BhM73I7gkRt4s8bUiUepMG/wY45c5tRF23xi8foReHFFe9MDzh8fJFECgYEA9EFX -4qAik1pOJGNei9BMwmx0I0gfVEIgu0tzeVqT45vcxbxr7RkTEaDoAG6PlbWP6D9a -WQNLp4gsgRM90ZXOJ4up5DsAWDluvaF4/omabMA+MJJ5kGZ0gCj5rbZbKqUws7x8 -bp+6iBfUPJUbcqNqFmi/08Yt7vrDnMnyMw2A/sECgYEAiiuRMxnuzVm34hQcsbhH -6ymVqf7j0PW2qK0F4H1ocT9qhzWFd+RB3kHWrCjnqODQoI6GbGr/4JepHUpre1ex -4UEN5oSS3G0ru0rC3U4C59dZ5KwDHFm7ffZ1pr52ljfQDUsrjjIMRtuiwNK2OoRa -WSsqiaL+SDzSB+nBmpnAizECgYBdt/y6rerWUx4MhDwwtTnel7JwHyo2MDFS6/5g -n8qC2Lj6/fMDRE22w+CA2esp7EJNQJGv+b27iFpbJEDh+/Lf5YzIT4MwVskQ5bYB -JFcmRxUVmf4e09D7o705U/DjCgMH09iCsbLmqQ38ONIRSHZaJtMDtNTHD1yi+jF+ -OT43gQKBgQC/2OHZoko6iRlNOAQ/tMVFNq7fL81GivoQ9F1U0Qr+DH3ZfaH8eIkX -xT0ToMPJUzWAn8pZv0snA0um6SIgvkCuxO84OkANCVbttzXImIsL7pFzfcwV/ERK -UM6j0ZuSMFOCr/lGPAoOQU0fskidGEHi1/kW+suSr28TqsyYZpwBDQ== +MIIEpQIBAAKCAQEA0jIZ8IZ4dIzBc+ZfdmG5n8G3JzRX99QvIqv52s4hFVfdzoa+ +AciKJpo9zkegWPmfsAVNa4uVceg/ZQt6qJsuG/pxbQSZVnyjDQGtt7rgaDEbyUP0 +XJCnzyRdWSUjFS8yNZn4NkmZU01GlHtXdzWydEa5PaiTIwW0HI+bjjOEhwJ1hFuF +qzlKHVKHA6DBzNcl6ly0E/q2kyslbR+0hq7pNMqKvvuAxqgc//W8KvLDlKAt9D3t +5zgh2+BrMPemrzjEaM97yHTogJo7+SKVDdUwYQ7Br3xfyki9u2bUYib1BMSvLezx +NP0qf/iU91z4xyLmMvOXE6W0D1WHwya1CfE7vwIDAQABAoIBAQC2HAo1RYvfDoQc +sh9LJWf5bZANO2Brqz4bP/x9AdHP+AyH/l1oliJ7R2785TmbXMppam6lGo4j3h/u +n39pzOip/NWAqldfgySRBD9Jy3LZUpLMUT/JYtrAsLTfozk+BWHu5rMR9boNXgok +Yqho8/DkpNGhBghUc4CUricLkL7laD3ziAHpx8yALL3tnLGOpgT9hNrA8Dm3yfUS +JEfiG12ILXvq1IP+vUNuaLpTLJZuqUmLpK8v+CBYgKxfd+TDnEjul4PqhhIIFK3A +xEZYQR2D/AXUwng9hP9uCbVm5lOY6vRbi9Fpbt+KRv+m25s1AnuhJFBOsL30h/Tb +iCKWm/nhAoGBAO0bFqMvZHjaT2KiwOwG/Ze9NsjynFPVltiuCqNj8HE5wM6imC5J +SdB+jMkgN6ERXALWrtr8Uf2pqzfeMsi6pekOOVTWLe/8c4bAZRxaCZn/BlZRysZI +vB9Gb7m7Oymw5iDSqrYywgOiUu+oIiCrmPOealhmn7zmHzHaETvdL9zDAoGBAOLy +DVT1csoexnuHVIWqnp7FK7lv6eOGZSdXpfJ3XYjmKJLK2hpVZe+J/mFOL1wsKSt4 +0k/V0dnkHR7V4Pa4ECiCthkWMWrBVIHe7+ZnZ0ocKQSC+EEecavOiZ57S/qnUlT6 +NtQP4cSy4DHzzFZdTZnn+2oymapPZpb2mvSN/GVVAoGADrIlHwwq8Aqn7Pclefuc +8DC8GoxfABs29EslQadKGdp4htYxFH1aY9/UHgsvJ36J82sW/1+wPUas5BOTljlr +WxyUlRuJUVyWVH3MRouWGMNjwynipZOQhWe6OQrPye+688Ha7twKhmsjNNN4+glo +u4DQGpaRxAWHXXGkq88zzj0CgYEAsICEceD7R8srnwMfb13FQ8IhQXWSuAvcO/7k +53CCZGhsgc4WVoi4YNY360G9f7gwxMiQ+NpY/Vd2dnbtIbUBjCAss9IY2OhHa0IR +3mXpZTAFjqa1oR+mVHKrgYBvFSBw3fpEDiXT9wEPcIomD709D0fmty9nZ5edOCfP +WAfdlokCgYEAqXuMuAg3NMMgEv+eBfsf43v3hRwBqPYanE26wcO3GoT/S8BpB6wy +vBoPZOlO5ZfsD2jaTec60GLay+MofxC7qNXIjzHOw50ry4bqHqqoQbn2cONE1k+0 +ov7H2keTcG9FEGgL7dRUq3pRUo/W12WmRuDN17IEgkzAeisJnoiPtaQ= -----END RSA PRIVATE KEY----- diff --git a/deps/openssl/openssl/demos/cms/cacert.pem b/deps/openssl/openssl/demos/cms/cacert.pem index 75cbb347aaad4c..1949fc33aed4f2 100644 --- a/deps/openssl/openssl/demos/cms/cacert.pem +++ b/deps/openssl/openssl/demos/cms/cacert.pem @@ -1,18 +1,29 @@ -----BEGIN CERTIFICATE----- -MIIC6DCCAlGgAwIBAgIJAMfGO3rdo2uUMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV -BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv -dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTc0MzE3 -WhcNMTcwNDEwMTc0MzE3WjBXMQswCQYDVQQGEwJVSzESMBAGA1UEBxMJVGVzdCBD -aXR5MRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMRwwGgYDVQQDExNUZXN0IFMvTUlN -RSBSb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqJMal1uC1/1wz -i5+dE4EZF2im3BgROm5PVMbwPY9V1t+KYvtdc3rMcRgJaMbP+qaEcDXoIsZfYXGR -ielgfDNZmZcj1y/FOum+Jc2OZMs3ggPmjIQ3dbBECq0hZKcbz7wfr+2OeNWm46iT -jcSIXpGIRhUYEzOgv7zb8oOU70IbbwIDAQABo4G7MIG4MB0GA1UdDgQWBBRHUypx -CXFQYqewhGo72lWPQUsjoDCBiAYDVR0jBIGAMH6AFEdTKnEJcVBip7CEajvaVY9B -SyOgoVukWTBXMQswCQYDVQQGEwJVSzESMBAGA1UEBxMJVGVzdCBDaXR5MRYwFAYD -VQQKEw1PcGVuU1NMIEdyb3VwMRwwGgYDVQQDExNUZXN0IFMvTUlNRSBSb290IENB -ggkAx8Y7et2ja5QwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQANI+Yc -G/YDM1WMUGEzEkU9UhsIUqdyBebnK3+OyxZSouDcE/M10jFJzBf/F5b0uUGAKWwo -u0dzmILfKjdfWe8EyCRafZcm00rVcO09i/63FBYzlHbmfUATIqZdhKzxxQMPs5mF -1je+pHUpzIY8TSXyh/uD9IkAy04IHwGZQf9akw== +MIIFBjCCA26gAwIBAgIUM/WihZJZUTZvqoyNaUlp59DOaWYwDQYJKoZIhvcNAQEL +BQAwVzELMAkGA1UEBhMCVUsxEjAQBgNVBAcMCVRlc3QgQ2l0eTEWMBQGA1UECgwN +T3BlblNTTCBHcm91cDEcMBoGA1UEAwwTVGVzdCBTL01JTUUgUm9vdCBDQTAgFw0x +ODA2MTQxMjQ2MjhaGA8yMTE4MDYxNDEyNDYyOFowVzELMAkGA1UEBhMCVUsxEjAQ +BgNVBAcMCVRlc3QgQ2l0eTEWMBQGA1UECgwNT3BlblNTTCBHcm91cDEcMBoGA1UE +AwwTVGVzdCBTL01JTUUgUm9vdCBDQTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCC +AYoCggGBAMzxOVHZFVxN9XQIVW3y1bK5ir3jKpKkU6zKrw8MdRvm233eqWSOYJvs +3rgdT59iv+CaPcBT5offbP0eH43H96CubJji/vQLMUzc/cLrJuCbLHREbSCsFNpf +lYw5mkT98dCFV66HuN6Nwqi5kW8TxGSXkD4OZqklbbicrXoXh5qhREID5hgbrijy +BiIHyp6bDq5zUCcmHP/Gdw2aTMEQZNsdw4MavtB65vI7dYxo2zEzdmJ3NnjlG7qZ +6Od6V4IW8yRAK9GLj0TUCZl28pq6rNio+F5Lst3clX9PDxh7LphNrXXYiHjXp2Kn +LZbOnz1SJSmCeisy/EFN6fRtwdwqcM1AcKNBU+UqFq0Mv0sgNdRwghYWGQht0mT9 ++Pg5HxTzDlOOmBT1kAduxJNLiRQlgysPDN94Os0EpzJyA87Z6yJRGvYGZ5mrdfx2 +8p6bHptf46h1WzCX4wDy2J86y+odgWMnSkmF9h8ySj66rgmLrz40n+mDm8bhUblK +AV8IqN8WmQIDAQABo4HHMIHEMB0GA1UdDgQWBBSkmMaBYQPTEGcqe1maU2IDOMLQ +ezCBlAYDVR0jBIGMMIGJgBSkmMaBYQPTEGcqe1maU2IDOMLQe6FbpFkwVzELMAkG +A1UEBhMCVUsxEjAQBgNVBAcMCVRlc3QgQ2l0eTEWMBQGA1UECgwNT3BlblNTTCBH +cm91cDEcMBoGA1UEAwwTVGVzdCBTL01JTUUgUm9vdCBDQYIUM/WihZJZUTZvqoyN +aUlp59DOaWYwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAYEAqP1CQRGM +roHvk6dhI4ElNae5seRdSQNTtwAhlP1RoSoFz8xybMgDksKE07t77gDsKvU2SuXV +fdICqVpjpN9cRYKM6VmiREdU6OGsPQ74u4sOg4cT/tuou0RsD/uQaznb5NOvo2T0 +8rmX0Ai3+lbEuMBCaGNU0KYJifYy4QrSqEapq4W3NbqH85msOiKHEDh1vz9IWz6z +WKjdv9lst56XuLTZrJ/O0T0qD6aMXyqK6ZART/FELjDXc+9Ey4TH+msOEKq0uQWt +y7Grfmz52dTnAjBw+6/ggE9sA8Wo6DhwbEUaOA9BB5YP+XWsIkUUbiVHU7D8TyiE +KHt2DkaWvjl1/RdtzQUO/vGI4yuFTZfLf23KcwgtHJI3JxLNAMLM3I2jmoWhKm/d +GkVYsGH1GWonv0UTv/TKlOXaTYWK9fQVoYkFc+FrwUd2lev5FizJNigL9qatGyRZ +giJmWWlf0bMMIxwWZzQswxLyKdkNlvkKf9T6BjEmGLeOHZCn0x2sOyUi -----END CERTIFICATE----- diff --git a/deps/openssl/openssl/demos/cms/cakey.pem b/deps/openssl/openssl/demos/cms/cakey.pem index 3b53c5e817548f..486c975b722d17 100644 --- a/deps/openssl/openssl/demos/cms/cakey.pem +++ b/deps/openssl/openssl/demos/cms/cakey.pem @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXgIBAAKBgQCqJMal1uC1/1wzi5+dE4EZF2im3BgROm5PVMbwPY9V1t+KYvtd -c3rMcRgJaMbP+qaEcDXoIsZfYXGRielgfDNZmZcj1y/FOum+Jc2OZMs3ggPmjIQ3 -dbBECq0hZKcbz7wfr+2OeNWm46iTjcSIXpGIRhUYEzOgv7zb8oOU70IbbwIDAQAB -AoGBAKWOZ2UTc1BkjDjz0XoscmAR8Rj77MdGzfOPkIxPultSW+3yZpkGNyUbnsH5 -HAtf4Avai/m3bMN+s91kDpx9/g/I9ZEHPQLcDICETvwt/EHT7+hwvaQgsM+TgpMs -tjlGZOWent6wVIuvwwzqOMXZLgK9FvY7upwgtrys4G3Kab5hAkEA2QzFflWyEvKS -rMSaVtn/IjFilwa7H0IdakkjM34z4peerFTPBr4J47YD4RCR/dAvxyNy3zUxtH18 -9R6dUixI6QJBAMitJD0xOkbGWBX8KVJvRiKOIdf/95ZUAgN/h3bWKy57EB9NYj3u -jbxXcvdjfSqiITykkjAg7SG7nrlzJsu6CpcCQG6gVsy0auXDY0TRlASuaZ6I40Is -uRUOgqWYj2uAaHuWYdZeB4LdO3cnX0TISFDAWom6JKNlnmbrCtR4fSDT13kCQQCU -+VQJyV3F5MDHsWbLt6eNR46AV5lpk/vatPXPlrZ/zwPs+PmRmGLICvNiDA2DdNDP -wCx2Zjsj67CtY3rNitMJAkEAm09BQnjnbBXUb1rd2SjNDWTsu80Z+zLu8pAwXNhW -8nsvMYqlYMIxuMPwu/QuTnMRhMZ08uhqoD3ukZnBeoMEVg== +MIIG5QIBAAKCAYEAzPE5UdkVXE31dAhVbfLVsrmKveMqkqRTrMqvDwx1G+bbfd6p +ZI5gm+zeuB1Pn2K/4Jo9wFPmh99s/R4fjcf3oK5smOL+9AsxTNz9wusm4JssdERt +IKwU2l+VjDmaRP3x0IVXroe43o3CqLmRbxPEZJeQPg5mqSVtuJyteheHmqFEQgPm +GBuuKPIGIgfKnpsOrnNQJyYc/8Z3DZpMwRBk2x3Dgxq+0Hrm8jt1jGjbMTN2Ync2 +eOUbupno53pXghbzJEAr0YuPRNQJmXbymrqs2Kj4Xkuy3dyVf08PGHsumE2tddiI +eNenYqctls6fPVIlKYJ6KzL8QU3p9G3B3CpwzUBwo0FT5SoWrQy/SyA11HCCFhYZ +CG3SZP34+DkfFPMOU46YFPWQB27Ek0uJFCWDKw8M33g6zQSnMnIDztnrIlEa9gZn +mat1/Hbynpsem1/jqHVbMJfjAPLYnzrL6h2BYydKSYX2HzJKPrquCYuvPjSf6YOb +xuFRuUoBXwio3xaZAgMBAAECggGBAJrqILzozke2ujpablEtBTITJHgC9lRgmMt9 +bjR+4ysTJ4kOvZbANPDIbVZY+a3uVEIv9UujYBgG4Hi4w3tF074G+xnaRIQuzbZf +OgaUABA527GLY74VtbGYHRAhHqbWGmrX0H6iIzE/kQw/MVr4YzTyiFsQQbPMEhNB +g7RNgvh0vIb2MYC5s71JrS8eGqAnb0KY8daV7ce9upJyt2Acx1AGQJqipegrbtVd +8q4PONkJIIyvtmJONNaprq8DAJDaTNdcZu7f7mymF5UFpp4Lh6raAvOZAZjgkPYW +PsX2uMAsYchXTmSDGOHNafqeyTS0UEaw6FRhpxzMoSxRXX4/RhjeShadYwHxbh7s +UwFU7S9EWlj8CjgGs00KFM1eMV0sEYsL8sRf7ZiWM5XJsmXKbRZjA5V+7OoSGElB +zJcERK6NFCISijApZlVveEVZS0qESivKd9bspOzbMdoJyjBW1LZdMH85YIwM8Dox +VqGR0QD3UP8RpZBRwTiFenqOpwARnQKBwQD1NBGcTxLLUUluEBG/TD9KM5sCnkm8 +cn5RomwTeBrUr9SXOJuUPa8RNLrAeosuWCrx9JkF25IBExQbbs1NRHuziOIOyI0+ +hvqP85zJln7kUDtiDMFfUdS8Q6PF3b3wJl6cbipowWwsahvUSkx3W8UWrzZHsvrO +LBtvEZdwetNWN50FK040uM6y/x71xfvUhlKBsuZBgDFU9aXJZAGpkCklZnByURN6 +LZudDQETdYo7/X8qqPlcHwHStGj9YXg/e38CgcEA1fdVA6s+KlRUGRTUDaUFPDji +MciTcvA3teXJWNAsFWd71oLT5eQNI50afF242ikTT6JuXFH0mMYKoVe/LFo7m2mf +uLcW4yM/FiKTkhnBQGm7KNqyvXB0T0DWTDSeS7hTzD6KjuJPf7JVH5I4In8jSKJd +3mzTA9keIosnxjX7EOsZNQd0+MKaJYHnvJsxYaoT9FXoONuyzQu96TQ8Q+fkVHXh +I/ENAw0qfoJ5mw5dQnU2UtjP6cSNVQ9Rsr48GNnnAoHBAJcI65AMZNc3yrMw0r2y +iYl7IBAMz/5zx7shANE9OcmoRJqhE7PMCvneMOo+kVyKkmlW8KrbBKQEzG3ZYjwl +4sxDlHrmrZnGKrBgrkK9oIuhn/JVSQcdsJwGTeqjG0vBVqWkdhrwiWESOvIYkeEz +dcLzScwAQtyb7ooLm+x8u5Bv0RhOBG4VJ7y5yKg6u1O9KTUarRnLjJd4eBYEs8Fu +Oun+n2TK6+RmE2Q5jmAeFne9PYdZbb+Ame7fkYwBbcAsoQKBwQC1KHQSZyp7LGsH +0Vq5Mr77/i2FeQ1eg4SnvaZ8S8UHWla/iIVgX3XAcYO7SJ76F00CX8SQ5dLyhrr5 +YBG8u6k8LHHPMzVtmqoPU7cePDAjGWIddQ1g15WihILsgqCD+8z3YPxvfa1RsOvh +jyt4Ca0WEmLnr7v5xhp9pNRIPewUpvjwrR+cfyeEGjjat4tX5Wh/tzym51y7vvVM +Pa3I0M3BtQyqIa2ip8MS2eWcIs1TN2qHOorOolwHaLEDZY38fIECgcAKns98A2G3 +tLvZaDZlVsJWZsdSDUrFCKvx9QbTZHbyOL5JU/8TgLBgfOgV2yxLXn9Pq+0Quvb2 +EjaFuA3GKOFi50WtfwR6Yo1DaFcx5n0bDShnaHOF+dUi0BVQd2V1DsqAwF5/Eh3A +lX+XuWeSam4/91WhmNMCZpfYv0GErs4ZBHHsl54jmvrrjbhg/efUvpWKi/9vlKm+ ++ITH+nG1xCnyEEVZ+vm9Qq57lCLBZGyGT4PetllpsRrGcdO4/gfK8lY= -----END RSA PRIVATE KEY----- diff --git a/deps/openssl/openssl/demos/cms/signer.pem b/deps/openssl/openssl/demos/cms/signer.pem index bac16ba9636742..4bbf7a69f38225 100644 --- a/deps/openssl/openssl/demos/cms/signer.pem +++ b/deps/openssl/openssl/demos/cms/signer.pem @@ -1,32 +1,52 @@ -----BEGIN CERTIFICATE----- -MIICpjCCAg+gAwIBAgIJAJ+rfmEoLQRhMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV -BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv -dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTgyOTI3 -WhcNMTcwNDA5MTgyOTI3WjBWMQswCQYDVQQGEwJVSzElMCMGA1UEAxMcT3BlblNT -TCB0ZXN0IFMvTUlNRSBzaWduZXIgMTEgMB4GCSqGSIb3DQEJARYRdGVzdDFAb3Bl -bnNzbC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL1ocAQ7ON2pIUXz -jwKPzpPB9ozB6PFG6F6kARO+i0DiT6Qn8abUjwpHPU+lGys83QlpbkQVUD6Fv/4L -ytihk6N9Pr/feECVcSZ20dI43WXjfYak14dSVrZkGNMMXqKmnnqtkAdD0oJN7A7y -gcf8RuViV0kvk9/36eCMwMHrImfhAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI -AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW -BBSyKqjvctIsFNBHULBTqr8SHtSxpDAfBgNVHSMEGDAWgBRHUypxCXFQYqewhGo7 -2lWPQUsjoDANBgkqhkiG9w0BAQQFAAOBgQBvdYVoBfd4RV/xWSMXIcgw/i5OiwyX -MsenQePll51MpglfArd7pUipUalCqlJt/Gs8kD16Ih1z1yuWYVTMlnDZ0PwbIOYn -+Jr8XLF9b1SMJt6PwckZZ0LZdIi2KwGAxVsIW1kjJAqu9o4YH37XW37yYdQRxfvv -lDiQlgX0JtmLgA== +MIIELDCCApSgAwIBAgIIcsOElVeHzfQwDQYJKoZIhvcNAQELBQAwVzELMAkGA1UE +BhMCVUsxEjAQBgNVBAcMCVRlc3QgQ2l0eTEWMBQGA1UECgwNT3BlblNTTCBHcm91 +cDEcMBoGA1UEAwwTVGVzdCBTL01JTUUgUm9vdCBDQTAgFw0xODA2MTQxMjQ2Mjha +GA8yMTE4MDYxNDEyNDYyOFowVjELMAkGA1UEBhMCVUsxJTAjBgNVBAMMHE9wZW5T +U0wgdGVzdCBTL01JTUUgc2lnbmVyIDExIDAeBgkqhkiG9w0BCQEWEXRlc3QxQG9w +ZW5zc2wub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1vvSgaL1 +byi9AE8Ep3v7Yv36JxYywaZhUy8dEFRiYn6NsVhhNo6SK1Mp8daQ0MZoMzbT1aKp +JTLTgDJZHit2t1d6l3aWJG+cbcLua+XKowaZjj6rirB390fuL4qt5PiAb571QFtu +L8apcydwGEdkaPRuCnvctN8VcZPTKh+M8VEESyxk5K37QYKaAB6ItWR5KhjiAuDt +zsJbjEtOvGtmu2FRCU47GzfkdjYo7tY38WTY+2WWh+idKErtmYSinmhE0H7+yoJB +s1VCI+cq5tVW+oEO9HF4vEDEUykEFFPsCEkIWM+RjCgK8cRSCpg6VQr+ZTii6k7C +m9CP81QhUoV3QwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1P +cGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUg1DE7OaNqMQQ +8Z1bvjhnlisxfsMwHwYDVR0jBBgwFoAUpJjGgWED0xBnKntZmlNiAzjC0HswDQYJ +KoZIhvcNAQELBQADggGBAGxAivCwPsAYmMZfVJTELWNNMBzKzmeRvrp6k/6S74Pw +LDEhTnslCV4U1gTSd3nQ+LRm1fkzxLA12A/rlqN51P8B+hyVSMN9dj54YUcFd+KO +XhkSDrSpph6hRqGy8zqELzlb1Q8yoIBclEmyv+CkXMrpnm+4JL4kzyj/iBRkZTDz +ns15jJD9KHgrOnclaoDRkOT6lGbsd3j+aviKEj8ZILufSMw+W2YORy3nSAencjbO +ezivVujqm+pjkfqdCS1HcFB7LhQEILfFqkssw8YmtJVrM9LF8VIcqueXbVZmeS/1 +QV5B7OEmtsM+NkoLF5ldWdPQvmftbShh+AAlpcsmqiRefQgA3aQn6YOnOHnnQwgB +oQRNjQXsjgxV4t2HFYpwkK41kx4HToVGciPNMkndzfY/GJmgXsXfB6/AfUfhLTDv +tbws1MZhaCNOffw3/SVS2nLREMFCGn5uAgNkqssWqeWJu3910XF640tqPBj5YGFc +fykwWNhG5xS04EHpztgKdQ== -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQC9aHAEOzjdqSFF848Cj86TwfaMwejxRuhepAETvotA4k+kJ/Gm -1I8KRz1PpRsrPN0JaW5EFVA+hb/+C8rYoZOjfT6/33hAlXEmdtHSON1l432GpNeH -Ula2ZBjTDF6ipp56rZAHQ9KCTewO8oHH/EblYldJL5Pf9+ngjMDB6yJn4QIDAQAB -AoGACCuYIWaYll80UzslYRvo8lC8nOfEb5v6bBKxBTQD98GLY+5hKywiG3RlPalG -mb/fXQeSPReaRYgpdwD1OBEIOEMW9kLyqpzokC0xjpZ+MwsuJTlxCesk5GEsMa3o -wC3QMmiRA7qrZ/SzTtwrs++9mZ/pxp8JZ6pKYUj8SE7/vV0CQQDz8Ix2t40E16hx -04+XhClnGqydZJyLLSxcTU3ZVhYxL+efo/5hZ8tKpkcDi8wq6T03BOKrKxrlIW55 -qDRNM24rAkEAxsWzu/rJhIouQyNoYygEIEYzFRlTQyZSg59u6dNiewMn27dOAbyc -YT7B6da7e74QttTXo0lIllsX2S38+XsIIwJBANSRuIU3G66tkr5l4gnhhAaxqtuY -sgVhvvdL8dvC9aG1Ifzt9hzBSthpHxbK+oYmK07HdhI8hLpIMLHYzoK7n3MCQEy4 -4rccBcxyyYiAkjozp+QNNIpgTBMPJ6pGT7lRLiHtBeV4y1NASdv/LTnk+Fi69Bid -7t3H24ytfHcHmS1yn6ECQF6Jmh4C7dlvp59zXp+t+VsXxa/8sq41vKNIj0Rx9vh5 -xp9XL0C5ZpgmBnsTydP9pmkiL4ltLbMX0wJU6N2cmFw= +MIIEpQIBAAKCAQEA1vvSgaL1byi9AE8Ep3v7Yv36JxYywaZhUy8dEFRiYn6NsVhh +No6SK1Mp8daQ0MZoMzbT1aKpJTLTgDJZHit2t1d6l3aWJG+cbcLua+XKowaZjj6r +irB390fuL4qt5PiAb571QFtuL8apcydwGEdkaPRuCnvctN8VcZPTKh+M8VEESyxk +5K37QYKaAB6ItWR5KhjiAuDtzsJbjEtOvGtmu2FRCU47GzfkdjYo7tY38WTY+2WW +h+idKErtmYSinmhE0H7+yoJBs1VCI+cq5tVW+oEO9HF4vEDEUykEFFPsCEkIWM+R +jCgK8cRSCpg6VQr+ZTii6k7Cm9CP81QhUoV3QwIDAQABAoIBAQC6LCWmIisNcmgK +RmOvbszKc0sYYj7eOGl8EgbHR2xUA2hNNk4pYtnuLvzZ84hBZDCEeWyFS3HTRuql +z/QhDl6mc1k0pXtsXkNHQlIamksbVvHPnzIKzrt1J5N7FEt3SERhZXTZoNQRB6di +k7qdK+YmhdZtucnt0GrPisaJaf0yU/EjLuX+MU/0Xrc23lVhR3yqYhaOhWvrxTHM +evykI0kOL+gU58eN2eWE4ELjS2z+njKDqcEyeIy00FdBAtCoKjMsWpRytKNmcFm9 +LdtMmizskF8VS3+XsDbkseIODx1xJ65IFmHHMV2xLG5/+bQppkB8JuE3EDrtFiUJ +lGdfmBlxAoGBAP3Asg0drdunv7imeEOGpyj5JwF1hCVQ71IBGdqTr3aPqOlDH/io +up7t+VBuSLqj1P20HygNjow+ALw/Ko+a0icodg7QA2Co0/RiBwa+u2SgpYDqC9Kt +KIdRcv+NXkhXF/DLIn0jJvI53OtKsbgTv/C+aCipblofnO9sF4AhShq1AoGBANjj +Ou0czloNORbk3qAxLi4b5P/YOyZBJDa0zijFdD1jImfOeyNFXeg2ID+8ZjDkP/eP +pLy/Gt/8bVb+O+9wMOho3kWKZBN3O2VsLJYakAehDsC5ax7i2HtEqg1L1krW2duS +POiKg3qNjETM30zTA4pHwkNAETIktResze7SRm0XAoGABH7KaLMS5mZFXjcMwF19 +TpuDVmJHkgWqB7DfTWD6ZcZLvr4irdwHWlNq7ELX5P6MAmaTerkqwk9C4hLYZSzf +9jOgS8jhlm/HOXgXGcZ9OV4jMHJ0/Sl2I1eNCvvtJKjuUqS2mrLpuLbPtBdhqJoo +91HYNIgz3ULcG921WN6+GlUCgYEA066T6LDgxgt52NpwXrEhfWdETmDg+ilCCxLU +0/5DwVZsUhy5Gmeti+Kn/w0GQFnGBP1xr7ZlqI9auDlSjhNV6L/RkNXNbyJEGm1F +5wrt4ERVfcx6vJ5y43zU7D1EXa7s2t0UDXKDeK2GZe//UZ/yKJh5BeIV5nblOMI0 +DA+3JOkCgYEA80QGLjGlCvxKceVbuohbIZ1+/EoXPq993ER9S8D2MTGATsEcygtF +rM8JcHTv75sjycqu68BAQr1Z5qwwrMyY0vWVEorKzvAXEWolC67asR4cDutOd+qy +WlEIyojX45GwHCHpcbVRiGRWuj3kwkc+WzdgusBoAJrPCigES/Cr8uA= -----END RSA PRIVATE KEY----- diff --git a/deps/openssl/openssl/demos/cms/signer2.pem b/deps/openssl/openssl/demos/cms/signer2.pem index 25e23d131afab4..52827297e8a314 100644 --- a/deps/openssl/openssl/demos/cms/signer2.pem +++ b/deps/openssl/openssl/demos/cms/signer2.pem @@ -1,32 +1,52 @@ -----BEGIN CERTIFICATE----- -MIICpjCCAg+gAwIBAgIJAJ+rfmEoLQRiMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV -BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv -dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTgyOTQ0 -WhcNMTcwNDA5MTgyOTQ0WjBWMQswCQYDVQQGEwJVSzElMCMGA1UEAxMcT3BlblNT -TCB0ZXN0IFMvTUlNRSBzaWduZXIgMjEgMB4GCSqGSIb3DQEJARYRdGVzdDJAb3Bl -bnNzbC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANco7VPgX9vcGwmZ -jYqjq1JiR7M38dsMNhuJyLRVjJ5/cpFluQydQuG1PhzOJ8zfYVFicOXKvbYuKuXW -ozZIwzqEqWsNf36KHTLS6yOMG8I13cRInh+fAIKq9Z8Eh65I7FJzVsNsfEQrGfEW -GMA8us24IaSvP3QkbfHJn/4RaKznAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI -AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW -BBRlrLQJUB8uAa4q8B2OqvvTXonF5zAfBgNVHSMEGDAWgBRHUypxCXFQYqewhGo7 -2lWPQUsjoDANBgkqhkiG9w0BAQQFAAOBgQBQbi2juGALg2k9m1hKpzR2lCGmGO3X -h3Jh/l0vIxDr0RTgP2vBrtITlx655P/o1snoeTIpYG8uUnFnTE/6YakdayAIlxV4 -aZl63AivZMpQB5SPaPH/jEsGJ8UQMfdiy4ORWIULupuPKlKwODNw7tVhQIACS/DR -2aX6rl2JEuJ5Yg== +MIIELDCCApSgAwIBAgIIcsOElVeHzfUwDQYJKoZIhvcNAQELBQAwVzELMAkGA1UE +BhMCVUsxEjAQBgNVBAcMCVRlc3QgQ2l0eTEWMBQGA1UECgwNT3BlblNTTCBHcm91 +cDEcMBoGA1UEAwwTVGVzdCBTL01JTUUgUm9vdCBDQTAgFw0xODA2MTQxMjQ2Mjha +GA8yMTE4MDYxNDEyNDYyOFowVjELMAkGA1UEBhMCVUsxJTAjBgNVBAMMHE9wZW5T +U0wgdGVzdCBTL01JTUUgc2lnbmVyIDIxIDAeBgkqhkiG9w0BCQEWEXRlc3QyQG9w +ZW5zc2wub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ledrM9R +3x3bZypZAEi00DJYAmLS5F6Gg3+xpjE745UWKrjDAY5KswavKKa3vZxoUz2omNSg +4nYfLSowq7AI3VnZ8LwNo8lAeo7AX9elrsmzQzhr2DCdCdbRhCWoiS/ba5tKIhlb +gFnP+pB8jhC9qZuQJkpVaivywMW8rA9DRbeDcQjDKhUi0ukVDYHDd9+FtNM3H1t3 +AUGWBecjWYa4hXC3CsH3+cFBZKjAepL74hqiEfsEyzKesft3NFd1AcVY9W5MRCK4 +lUFiDbBtIgPkvPJeoEs/kFp3+OvJFDwi4K4Z6XzALyT0LXNx6w3kSfx0TLdNjXLD +O9a2dzwhHhPtCQIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1P +cGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUYJEUXnMb/ux0 +WrzSh+bnhpi6GS0wHwYDVR0jBBgwFoAUpJjGgWED0xBnKntZmlNiAzjC0HswDQYJ +KoZIhvcNAQELBQADggGBAFbrwfsSciDFI97c7oqS8jtxOSa3c4B7xhmcgUkYCiaD +7mbZuqTUf4ltJJZXP/TJ44fhL0zVAvRXSXw1LE3YvLGOlBc6dM3D7DyL5pfUTUBY +ICt+NLfG5iHtkiZPPSfK2t5f4UGFwU/ERT62sLu4keLI5igi9J2jKSykN3u5SQ3s +Zsennow5zUsFkcz9hkB4RczlHRogA0SgVhELQbN1nYIqJJDRFZL+CmarDRTFMilk +7dXCacw6xt9vIc3ZXO+pu2g1ezgSPwOoUykQcL3UhAEIIyt+TRe3fafh5TXwd8tr +FAecAuz5Mqsmek5nEW9ZeYmxNz5VFwc4F61y4xFj7lI0frLCCAu3gVoqiQrW+WwR +e27z1Nm4uUcduFqj45Pu2eTyV3LZtLUbFvL5ZSPUCSk1wVmC2otX8ksFDDTO1rIy +l5Qd1g1P8bLuj8NG98J2zVOabtaxYCAIBPZ3dUh2eNrPKoLAvrgKh1MH+K2Eh5Oy +z1T4Eu+e5Kq/uQkZpI5QzA== -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDXKO1T4F/b3BsJmY2Ko6tSYkezN/HbDDYbici0VYyef3KRZbkM -nULhtT4czifM32FRYnDlyr22Lirl1qM2SMM6hKlrDX9+ih0y0usjjBvCNd3ESJ4f -nwCCqvWfBIeuSOxSc1bDbHxEKxnxFhjAPLrNuCGkrz90JG3xyZ/+EWis5wIDAQAB -AoGAUTB2bcIrKfGimjrBOGGOUmYXnD8uGnQ/LqENhU8K4vxApTD3ZRUqmbUknQYF -6r8YH/e/llasw8QkF9qod+F5GTgsnyh/aMidFHKrXXbf1662scz9+S6crSXq9Eb2 -CL57f6Kw61k6edrz8zHdA+rnTK00hzgzKCP4ZL5k8/55ueECQQD+BK+nsKi6CcKf -m3Mh61Sf2Icm5JlMCKaihlbnh78lBN1imYUAfHJEnQ1ujxXB94R+6o9S+XrWTnTX -2m/JNIfpAkEA2NaidX7Sv5jnRPkwJ02Srl0urxINLmg4bU0zmM3VoMklYBHWnMyr -upPZGPh5TzCa+g6FTBmU8XK61wvnEKNcTwJBAM24VdnlBIDGbsx8RJ3vzLU30xz4 -ff5J80okqjUQhwkgC3tTAZgHMTPITZyAXQqdvrxakoCMc6MkHxTBX08AMCECQHHL -SdyxXrYv7waSY0PtANJCkpJLveEhzqMFxdMmCjtj9BpTojYNbv3uQxtIopj9YAdk -gW2ray++zvC2DV/86x8CQH4UJwgO6JqU4bSgi6HiRNjDg26tJ0Beu8jjl1vrkIVX -pHFwSUeLZUsT2/iTUSgYH4uYiZPgYNcKTCT9W6se30A= +MIIEogIBAAKCAQEA1ledrM9R3x3bZypZAEi00DJYAmLS5F6Gg3+xpjE745UWKrjD +AY5KswavKKa3vZxoUz2omNSg4nYfLSowq7AI3VnZ8LwNo8lAeo7AX9elrsmzQzhr +2DCdCdbRhCWoiS/ba5tKIhlbgFnP+pB8jhC9qZuQJkpVaivywMW8rA9DRbeDcQjD +KhUi0ukVDYHDd9+FtNM3H1t3AUGWBecjWYa4hXC3CsH3+cFBZKjAepL74hqiEfsE +yzKesft3NFd1AcVY9W5MRCK4lUFiDbBtIgPkvPJeoEs/kFp3+OvJFDwi4K4Z6XzA +LyT0LXNx6w3kSfx0TLdNjXLDO9a2dzwhHhPtCQIDAQABAoIBAGMEGJfTMiwS+979 +ph3GeJjRGO0JQAk1TYiDvcpbZiItJg9YSOV4GTP4u4PY+HqEPYFus2relu/mx2Iy +4kb9zCqNLmvSQ67M8pdrSJ093pEPJlvAPbmiQ3lfHmyghOnTDNb55tY3xphVZQmI +I7HxM9ydO4skva6NXNgGwLDvYBFc6z6d95ai/WEFWHOt5Mt7OVOWAHQ0lAOofWLA +2BwKmrQnCwMvm1TMoKaAU/ngTToUGBMIN1HwRcY6qDraZte5o3EDRABHB78OHrSu +I/Eoi//5C8A7iZ5Y189lMbahIN6xVMwHwwIqLptTV2GNZOKSiIXnM06vIf4CPZKl +3VlwBgECgYEA/BKnn23KtefA906QNkrIOXASLEE1T77NlTYIRDTsUoz6XTVSvOCI +ARxdsoLwFko5ICMhti9S/1G/MYH0BoJN8rbzvjmZDfwF612p0AYALyBlRgW+ID9L +41CJQcLWxeiQd/GcrUZmudVNUGXa8nsNHmFleGLchXeqU7M6fljJOkECgYEA2a56 +yvYQgMF/SIPkxU1+WcQC6+JGc+ax220/lysBsDb4SkXomfGtFWbenxwamuQu+n67 +DJWi9oJIi9Vj4eKOXS6vjCAkYeLgCpK6S26frPtxJuZwl/lF7mFl8Z4ZnJeiFJ4h +AXt5r9vqnOZtCnLqRRAlqF5OswWgv/mhJ6jpMMkCgYBMPaAxWlXLexMkOcDoiunQ +ZZM5i2eCfSVVEgiiCJfJyBYZhv1FX2wDWf8E9RGEzGJG1BloLxwdWS5I3RNfvJ2y +4Z8LVAR09Fsd+zBXWNlJZ7T53tbIjhx33m4FU9b9+P9pJ8zJo9eCMX+253e3i3xG +ShMUvGIShEUiF72DZXtHgQKBgDi867CfNmn5BW4nQqfSrQ5EsuY80lQ/WzhwX1TN +luERUuI5GomVnqGncHtUXfLlawFLqwF6t0E9cB9SfXhRDv5mvsbtUc5Zzj+zQu+K +ZAA4gaO8CLjz9jBOHr49kTtpootxM/Uo8+zMi3hd7yn8Def2b3pVKnorC10+eazW +sAFRAoGAet6fQbQD+4vZ1oukZcZhmVlIWTSZJ1vAGCcT/3E40pqpPY+Ho56Lcwh0 +9f4TAykuGwFgqvZvR8yD2gpuISYGYplWqa1N6qxMaiVzmY5q1XW+O74xRH5Kz5fr +D+3j2x4EiyG7AYyZMOphDtBd/TSQQMYmGW6PiyM9ceIVnDK1Dd4= -----END RSA PRIVATE KEY----- diff --git a/deps/openssl/openssl/demos/engines/e_chil.txt b/deps/openssl/openssl/demos/engines/e_chil.txt new file mode 100644 index 00000000000000..dc7076ba451fad --- /dev/null +++ b/deps/openssl/openssl/demos/engines/e_chil.txt @@ -0,0 +1,12 @@ +HWCRHK_F_BIND_HELPER 110 +HWCRHK_F_HWCRHK_CTRL 100 +HWCRHK_F_HWCRHK_FINISH 101 +HWCRHK_F_HWCRHK_GET_PASS 102 +HWCRHK_F_HWCRHK_INIT 103 +HWCRHK_F_HWCRHK_INSERT_CARD 104 +HWCRHK_F_HWCRHK_LOAD_PRIVKEY 105 +HWCRHK_F_HWCRHK_LOAD_PUBKEY 106 +HWCRHK_F_HWCRHK_MOD_EXP 107 +HWCRHK_F_HWCRHK_MUTEX_INIT 111 +HWCRHK_F_HWCRHK_RAND_BYTES 108 +HWCRHK_F_HWCRHK_RSA_MOD_EXP 109 diff --git a/deps/openssl/openssl/demos/evp/Makefile b/deps/openssl/openssl/demos/evp/Makefile index 72c6e81d7a9f26..c2e10a1ded0ed8 100644 --- a/deps/openssl/openssl/demos/evp/Makefile +++ b/deps/openssl/openssl/demos/evp/Makefile @@ -11,10 +11,13 @@ CFLAGS = $(OPENSSL_INCS_LOCATION) LDFLAGS = $(OPENSSL_LIBS_LOCATION) -lssl -lcrypto -all: aesccm aesgcm +all: aesccm aesgcm aesccm: aesccm.o aesgcm: aesgcm.o aesccm aesgcm: - $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< + $(CC) $(CFLAGS) -o $@ $< $(LDFLAGS) + +clean: + $(RM) aesccm aesgcm *.o diff --git a/deps/openssl/openssl/demos/evp/aesgcm.c b/deps/openssl/openssl/demos/evp/aesgcm.c index df59f469fd866b..46d9a5639bc0da 100644 --- a/deps/openssl/openssl/demos/evp/aesgcm.c +++ b/deps/openssl/openssl/demos/evp/aesgcm.c @@ -102,7 +102,7 @@ void aes_gcm_decrypt(void) printf("Plaintext:\n"); BIO_dump_fp(stdout, outbuf, outlen); /* Set expected tag value. */ - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(gcm_tag), + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(gcm_tag), (void *)gcm_tag); /* Finalise: note get no output for GCM */ rv = EVP_DecryptFinal_ex(ctx, outbuf, &outlen); diff --git a/deps/openssl/openssl/demos/pkcs12/README b/deps/openssl/openssl/demos/pkcs12/README deleted file mode 100644 index c87434b04f6fdc..00000000000000 --- a/deps/openssl/openssl/demos/pkcs12/README +++ /dev/null @@ -1,3 +0,0 @@ -PKCS#12 demo applications - -Written by Steve Henson. diff --git a/deps/openssl/openssl/demos/pkcs12/pkread.c b/deps/openssl/openssl/demos/pkcs12/pkread.c index 3b87d7a4ae23bc..3f7913b2ae36aa 100644 --- a/deps/openssl/openssl/demos/pkcs12/pkread.c +++ b/deps/openssl/openssl/demos/pkcs12/pkread.c @@ -15,6 +15,36 @@ /* Simple PKCS#12 file reader */ +static char *find_friendly_name(PKCS12 *p12) +{ + STACK_OF(PKCS7) *safes = PKCS12_unpack_authsafes(p12); + int n, m; + char *name = NULL; + PKCS7 *safe; + STACK_OF(PKCS12_SAFEBAG) *bags; + PKCS12_SAFEBAG *bag; + + if ((safes = PKCS12_unpack_authsafes(p12)) == NULL) + return NULL; + + for (n = 0; n < sk_PKCS7_num(safes) && name == NULL; n++) { + safe = sk_PKCS7_value(safes, n); + if (OBJ_obj2nid(safe->type) != NID_pkcs7_data + || (bags = PKCS12_unpack_p7data(safe)) == NULL) + continue; + + for (m = 0; m < sk_PKCS12_SAFEBAG_num(bags) && name == NULL; m++) { + bag = sk_PKCS12_SAFEBAG_value(bags, m); + name = PKCS12_get_friendlyname(bag); + } + sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); + } + + sk_PKCS7_pop_free(safes, PKCS7_free); + + return name; +} + int main(int argc, char **argv) { FILE *fp; @@ -22,7 +52,9 @@ int main(int argc, char **argv) X509 *cert; STACK_OF(X509) *ca = NULL; PKCS12 *p12; + const char *name; int i; + if (argc != 4) { fprintf(stderr, "Usage: pkread p12file password opfile\n"); exit(1); @@ -45,11 +77,14 @@ int main(int argc, char **argv) ERR_print_errors_fp(stderr); exit(1); } + name = find_friendly_name(p12); PKCS12_free(p12); if ((fp = fopen(argv[3], "w")) == NULL) { fprintf(stderr, "Error opening file %s\n", argv[1]); exit(1); } + if (name) + fprintf(fp, "***Friendly Name***\n%s\n", name); if (pkey) { fprintf(fp, "***Private Key***\n"); PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL); diff --git a/deps/openssl/openssl/demos/smime/cacert.pem b/deps/openssl/openssl/demos/smime/cacert.pem index 75cbb347aaad4c..1949fc33aed4f2 100644 --- a/deps/openssl/openssl/demos/smime/cacert.pem +++ b/deps/openssl/openssl/demos/smime/cacert.pem @@ -1,18 +1,29 @@ -----BEGIN CERTIFICATE----- -MIIC6DCCAlGgAwIBAgIJAMfGO3rdo2uUMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV -BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv -dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTc0MzE3 -WhcNMTcwNDEwMTc0MzE3WjBXMQswCQYDVQQGEwJVSzESMBAGA1UEBxMJVGVzdCBD -aXR5MRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMRwwGgYDVQQDExNUZXN0IFMvTUlN -RSBSb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqJMal1uC1/1wz -i5+dE4EZF2im3BgROm5PVMbwPY9V1t+KYvtdc3rMcRgJaMbP+qaEcDXoIsZfYXGR -ielgfDNZmZcj1y/FOum+Jc2OZMs3ggPmjIQ3dbBECq0hZKcbz7wfr+2OeNWm46iT -jcSIXpGIRhUYEzOgv7zb8oOU70IbbwIDAQABo4G7MIG4MB0GA1UdDgQWBBRHUypx -CXFQYqewhGo72lWPQUsjoDCBiAYDVR0jBIGAMH6AFEdTKnEJcVBip7CEajvaVY9B -SyOgoVukWTBXMQswCQYDVQQGEwJVSzESMBAGA1UEBxMJVGVzdCBDaXR5MRYwFAYD -VQQKEw1PcGVuU1NMIEdyb3VwMRwwGgYDVQQDExNUZXN0IFMvTUlNRSBSb290IENB -ggkAx8Y7et2ja5QwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQANI+Yc -G/YDM1WMUGEzEkU9UhsIUqdyBebnK3+OyxZSouDcE/M10jFJzBf/F5b0uUGAKWwo -u0dzmILfKjdfWe8EyCRafZcm00rVcO09i/63FBYzlHbmfUATIqZdhKzxxQMPs5mF -1je+pHUpzIY8TSXyh/uD9IkAy04IHwGZQf9akw== +MIIFBjCCA26gAwIBAgIUM/WihZJZUTZvqoyNaUlp59DOaWYwDQYJKoZIhvcNAQEL +BQAwVzELMAkGA1UEBhMCVUsxEjAQBgNVBAcMCVRlc3QgQ2l0eTEWMBQGA1UECgwN +T3BlblNTTCBHcm91cDEcMBoGA1UEAwwTVGVzdCBTL01JTUUgUm9vdCBDQTAgFw0x +ODA2MTQxMjQ2MjhaGA8yMTE4MDYxNDEyNDYyOFowVzELMAkGA1UEBhMCVUsxEjAQ +BgNVBAcMCVRlc3QgQ2l0eTEWMBQGA1UECgwNT3BlblNTTCBHcm91cDEcMBoGA1UE +AwwTVGVzdCBTL01JTUUgUm9vdCBDQTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCC +AYoCggGBAMzxOVHZFVxN9XQIVW3y1bK5ir3jKpKkU6zKrw8MdRvm233eqWSOYJvs +3rgdT59iv+CaPcBT5offbP0eH43H96CubJji/vQLMUzc/cLrJuCbLHREbSCsFNpf +lYw5mkT98dCFV66HuN6Nwqi5kW8TxGSXkD4OZqklbbicrXoXh5qhREID5hgbrijy +BiIHyp6bDq5zUCcmHP/Gdw2aTMEQZNsdw4MavtB65vI7dYxo2zEzdmJ3NnjlG7qZ +6Od6V4IW8yRAK9GLj0TUCZl28pq6rNio+F5Lst3clX9PDxh7LphNrXXYiHjXp2Kn +LZbOnz1SJSmCeisy/EFN6fRtwdwqcM1AcKNBU+UqFq0Mv0sgNdRwghYWGQht0mT9 ++Pg5HxTzDlOOmBT1kAduxJNLiRQlgysPDN94Os0EpzJyA87Z6yJRGvYGZ5mrdfx2 +8p6bHptf46h1WzCX4wDy2J86y+odgWMnSkmF9h8ySj66rgmLrz40n+mDm8bhUblK +AV8IqN8WmQIDAQABo4HHMIHEMB0GA1UdDgQWBBSkmMaBYQPTEGcqe1maU2IDOMLQ +ezCBlAYDVR0jBIGMMIGJgBSkmMaBYQPTEGcqe1maU2IDOMLQe6FbpFkwVzELMAkG +A1UEBhMCVUsxEjAQBgNVBAcMCVRlc3QgQ2l0eTEWMBQGA1UECgwNT3BlblNTTCBH +cm91cDEcMBoGA1UEAwwTVGVzdCBTL01JTUUgUm9vdCBDQYIUM/WihZJZUTZvqoyN +aUlp59DOaWYwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAYEAqP1CQRGM +roHvk6dhI4ElNae5seRdSQNTtwAhlP1RoSoFz8xybMgDksKE07t77gDsKvU2SuXV +fdICqVpjpN9cRYKM6VmiREdU6OGsPQ74u4sOg4cT/tuou0RsD/uQaznb5NOvo2T0 +8rmX0Ai3+lbEuMBCaGNU0KYJifYy4QrSqEapq4W3NbqH85msOiKHEDh1vz9IWz6z +WKjdv9lst56XuLTZrJ/O0T0qD6aMXyqK6ZART/FELjDXc+9Ey4TH+msOEKq0uQWt +y7Grfmz52dTnAjBw+6/ggE9sA8Wo6DhwbEUaOA9BB5YP+XWsIkUUbiVHU7D8TyiE +KHt2DkaWvjl1/RdtzQUO/vGI4yuFTZfLf23KcwgtHJI3JxLNAMLM3I2jmoWhKm/d +GkVYsGH1GWonv0UTv/TKlOXaTYWK9fQVoYkFc+FrwUd2lev5FizJNigL9qatGyRZ +giJmWWlf0bMMIxwWZzQswxLyKdkNlvkKf9T6BjEmGLeOHZCn0x2sOyUi -----END CERTIFICATE----- diff --git a/deps/openssl/openssl/demos/smime/cakey.pem b/deps/openssl/openssl/demos/smime/cakey.pem index 3b53c5e817548f..486c975b722d17 100644 --- a/deps/openssl/openssl/demos/smime/cakey.pem +++ b/deps/openssl/openssl/demos/smime/cakey.pem @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXgIBAAKBgQCqJMal1uC1/1wzi5+dE4EZF2im3BgROm5PVMbwPY9V1t+KYvtd -c3rMcRgJaMbP+qaEcDXoIsZfYXGRielgfDNZmZcj1y/FOum+Jc2OZMs3ggPmjIQ3 -dbBECq0hZKcbz7wfr+2OeNWm46iTjcSIXpGIRhUYEzOgv7zb8oOU70IbbwIDAQAB -AoGBAKWOZ2UTc1BkjDjz0XoscmAR8Rj77MdGzfOPkIxPultSW+3yZpkGNyUbnsH5 -HAtf4Avai/m3bMN+s91kDpx9/g/I9ZEHPQLcDICETvwt/EHT7+hwvaQgsM+TgpMs -tjlGZOWent6wVIuvwwzqOMXZLgK9FvY7upwgtrys4G3Kab5hAkEA2QzFflWyEvKS -rMSaVtn/IjFilwa7H0IdakkjM34z4peerFTPBr4J47YD4RCR/dAvxyNy3zUxtH18 -9R6dUixI6QJBAMitJD0xOkbGWBX8KVJvRiKOIdf/95ZUAgN/h3bWKy57EB9NYj3u -jbxXcvdjfSqiITykkjAg7SG7nrlzJsu6CpcCQG6gVsy0auXDY0TRlASuaZ6I40Is -uRUOgqWYj2uAaHuWYdZeB4LdO3cnX0TISFDAWom6JKNlnmbrCtR4fSDT13kCQQCU -+VQJyV3F5MDHsWbLt6eNR46AV5lpk/vatPXPlrZ/zwPs+PmRmGLICvNiDA2DdNDP -wCx2Zjsj67CtY3rNitMJAkEAm09BQnjnbBXUb1rd2SjNDWTsu80Z+zLu8pAwXNhW -8nsvMYqlYMIxuMPwu/QuTnMRhMZ08uhqoD3ukZnBeoMEVg== +MIIG5QIBAAKCAYEAzPE5UdkVXE31dAhVbfLVsrmKveMqkqRTrMqvDwx1G+bbfd6p +ZI5gm+zeuB1Pn2K/4Jo9wFPmh99s/R4fjcf3oK5smOL+9AsxTNz9wusm4JssdERt +IKwU2l+VjDmaRP3x0IVXroe43o3CqLmRbxPEZJeQPg5mqSVtuJyteheHmqFEQgPm +GBuuKPIGIgfKnpsOrnNQJyYc/8Z3DZpMwRBk2x3Dgxq+0Hrm8jt1jGjbMTN2Ync2 +eOUbupno53pXghbzJEAr0YuPRNQJmXbymrqs2Kj4Xkuy3dyVf08PGHsumE2tddiI +eNenYqctls6fPVIlKYJ6KzL8QU3p9G3B3CpwzUBwo0FT5SoWrQy/SyA11HCCFhYZ +CG3SZP34+DkfFPMOU46YFPWQB27Ek0uJFCWDKw8M33g6zQSnMnIDztnrIlEa9gZn +mat1/Hbynpsem1/jqHVbMJfjAPLYnzrL6h2BYydKSYX2HzJKPrquCYuvPjSf6YOb +xuFRuUoBXwio3xaZAgMBAAECggGBAJrqILzozke2ujpablEtBTITJHgC9lRgmMt9 +bjR+4ysTJ4kOvZbANPDIbVZY+a3uVEIv9UujYBgG4Hi4w3tF074G+xnaRIQuzbZf +OgaUABA527GLY74VtbGYHRAhHqbWGmrX0H6iIzE/kQw/MVr4YzTyiFsQQbPMEhNB +g7RNgvh0vIb2MYC5s71JrS8eGqAnb0KY8daV7ce9upJyt2Acx1AGQJqipegrbtVd +8q4PONkJIIyvtmJONNaprq8DAJDaTNdcZu7f7mymF5UFpp4Lh6raAvOZAZjgkPYW +PsX2uMAsYchXTmSDGOHNafqeyTS0UEaw6FRhpxzMoSxRXX4/RhjeShadYwHxbh7s +UwFU7S9EWlj8CjgGs00KFM1eMV0sEYsL8sRf7ZiWM5XJsmXKbRZjA5V+7OoSGElB +zJcERK6NFCISijApZlVveEVZS0qESivKd9bspOzbMdoJyjBW1LZdMH85YIwM8Dox +VqGR0QD3UP8RpZBRwTiFenqOpwARnQKBwQD1NBGcTxLLUUluEBG/TD9KM5sCnkm8 +cn5RomwTeBrUr9SXOJuUPa8RNLrAeosuWCrx9JkF25IBExQbbs1NRHuziOIOyI0+ +hvqP85zJln7kUDtiDMFfUdS8Q6PF3b3wJl6cbipowWwsahvUSkx3W8UWrzZHsvrO +LBtvEZdwetNWN50FK040uM6y/x71xfvUhlKBsuZBgDFU9aXJZAGpkCklZnByURN6 +LZudDQETdYo7/X8qqPlcHwHStGj9YXg/e38CgcEA1fdVA6s+KlRUGRTUDaUFPDji +MciTcvA3teXJWNAsFWd71oLT5eQNI50afF242ikTT6JuXFH0mMYKoVe/LFo7m2mf +uLcW4yM/FiKTkhnBQGm7KNqyvXB0T0DWTDSeS7hTzD6KjuJPf7JVH5I4In8jSKJd +3mzTA9keIosnxjX7EOsZNQd0+MKaJYHnvJsxYaoT9FXoONuyzQu96TQ8Q+fkVHXh +I/ENAw0qfoJ5mw5dQnU2UtjP6cSNVQ9Rsr48GNnnAoHBAJcI65AMZNc3yrMw0r2y +iYl7IBAMz/5zx7shANE9OcmoRJqhE7PMCvneMOo+kVyKkmlW8KrbBKQEzG3ZYjwl +4sxDlHrmrZnGKrBgrkK9oIuhn/JVSQcdsJwGTeqjG0vBVqWkdhrwiWESOvIYkeEz +dcLzScwAQtyb7ooLm+x8u5Bv0RhOBG4VJ7y5yKg6u1O9KTUarRnLjJd4eBYEs8Fu +Oun+n2TK6+RmE2Q5jmAeFne9PYdZbb+Ame7fkYwBbcAsoQKBwQC1KHQSZyp7LGsH +0Vq5Mr77/i2FeQ1eg4SnvaZ8S8UHWla/iIVgX3XAcYO7SJ76F00CX8SQ5dLyhrr5 +YBG8u6k8LHHPMzVtmqoPU7cePDAjGWIddQ1g15WihILsgqCD+8z3YPxvfa1RsOvh +jyt4Ca0WEmLnr7v5xhp9pNRIPewUpvjwrR+cfyeEGjjat4tX5Wh/tzym51y7vvVM +Pa3I0M3BtQyqIa2ip8MS2eWcIs1TN2qHOorOolwHaLEDZY38fIECgcAKns98A2G3 +tLvZaDZlVsJWZsdSDUrFCKvx9QbTZHbyOL5JU/8TgLBgfOgV2yxLXn9Pq+0Quvb2 +EjaFuA3GKOFi50WtfwR6Yo1DaFcx5n0bDShnaHOF+dUi0BVQd2V1DsqAwF5/Eh3A +lX+XuWeSam4/91WhmNMCZpfYv0GErs4ZBHHsl54jmvrrjbhg/efUvpWKi/9vlKm+ ++ITH+nG1xCnyEEVZ+vm9Qq57lCLBZGyGT4PetllpsRrGcdO4/gfK8lY= -----END RSA PRIVATE KEY----- diff --git a/deps/openssl/openssl/demos/smime/signer.pem b/deps/openssl/openssl/demos/smime/signer.pem index bac16ba9636742..4bbf7a69f38225 100644 --- a/deps/openssl/openssl/demos/smime/signer.pem +++ b/deps/openssl/openssl/demos/smime/signer.pem @@ -1,32 +1,52 @@ -----BEGIN CERTIFICATE----- -MIICpjCCAg+gAwIBAgIJAJ+rfmEoLQRhMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV -BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv -dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTgyOTI3 -WhcNMTcwNDA5MTgyOTI3WjBWMQswCQYDVQQGEwJVSzElMCMGA1UEAxMcT3BlblNT -TCB0ZXN0IFMvTUlNRSBzaWduZXIgMTEgMB4GCSqGSIb3DQEJARYRdGVzdDFAb3Bl -bnNzbC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL1ocAQ7ON2pIUXz -jwKPzpPB9ozB6PFG6F6kARO+i0DiT6Qn8abUjwpHPU+lGys83QlpbkQVUD6Fv/4L -ytihk6N9Pr/feECVcSZ20dI43WXjfYak14dSVrZkGNMMXqKmnnqtkAdD0oJN7A7y -gcf8RuViV0kvk9/36eCMwMHrImfhAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI -AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW -BBSyKqjvctIsFNBHULBTqr8SHtSxpDAfBgNVHSMEGDAWgBRHUypxCXFQYqewhGo7 -2lWPQUsjoDANBgkqhkiG9w0BAQQFAAOBgQBvdYVoBfd4RV/xWSMXIcgw/i5OiwyX -MsenQePll51MpglfArd7pUipUalCqlJt/Gs8kD16Ih1z1yuWYVTMlnDZ0PwbIOYn -+Jr8XLF9b1SMJt6PwckZZ0LZdIi2KwGAxVsIW1kjJAqu9o4YH37XW37yYdQRxfvv -lDiQlgX0JtmLgA== +MIIELDCCApSgAwIBAgIIcsOElVeHzfQwDQYJKoZIhvcNAQELBQAwVzELMAkGA1UE +BhMCVUsxEjAQBgNVBAcMCVRlc3QgQ2l0eTEWMBQGA1UECgwNT3BlblNTTCBHcm91 +cDEcMBoGA1UEAwwTVGVzdCBTL01JTUUgUm9vdCBDQTAgFw0xODA2MTQxMjQ2Mjha +GA8yMTE4MDYxNDEyNDYyOFowVjELMAkGA1UEBhMCVUsxJTAjBgNVBAMMHE9wZW5T +U0wgdGVzdCBTL01JTUUgc2lnbmVyIDExIDAeBgkqhkiG9w0BCQEWEXRlc3QxQG9w +ZW5zc2wub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1vvSgaL1 +byi9AE8Ep3v7Yv36JxYywaZhUy8dEFRiYn6NsVhhNo6SK1Mp8daQ0MZoMzbT1aKp +JTLTgDJZHit2t1d6l3aWJG+cbcLua+XKowaZjj6rirB390fuL4qt5PiAb571QFtu +L8apcydwGEdkaPRuCnvctN8VcZPTKh+M8VEESyxk5K37QYKaAB6ItWR5KhjiAuDt +zsJbjEtOvGtmu2FRCU47GzfkdjYo7tY38WTY+2WWh+idKErtmYSinmhE0H7+yoJB +s1VCI+cq5tVW+oEO9HF4vEDEUykEFFPsCEkIWM+RjCgK8cRSCpg6VQr+ZTii6k7C +m9CP81QhUoV3QwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1P +cGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUg1DE7OaNqMQQ +8Z1bvjhnlisxfsMwHwYDVR0jBBgwFoAUpJjGgWED0xBnKntZmlNiAzjC0HswDQYJ +KoZIhvcNAQELBQADggGBAGxAivCwPsAYmMZfVJTELWNNMBzKzmeRvrp6k/6S74Pw +LDEhTnslCV4U1gTSd3nQ+LRm1fkzxLA12A/rlqN51P8B+hyVSMN9dj54YUcFd+KO +XhkSDrSpph6hRqGy8zqELzlb1Q8yoIBclEmyv+CkXMrpnm+4JL4kzyj/iBRkZTDz +ns15jJD9KHgrOnclaoDRkOT6lGbsd3j+aviKEj8ZILufSMw+W2YORy3nSAencjbO +ezivVujqm+pjkfqdCS1HcFB7LhQEILfFqkssw8YmtJVrM9LF8VIcqueXbVZmeS/1 +QV5B7OEmtsM+NkoLF5ldWdPQvmftbShh+AAlpcsmqiRefQgA3aQn6YOnOHnnQwgB +oQRNjQXsjgxV4t2HFYpwkK41kx4HToVGciPNMkndzfY/GJmgXsXfB6/AfUfhLTDv +tbws1MZhaCNOffw3/SVS2nLREMFCGn5uAgNkqssWqeWJu3910XF640tqPBj5YGFc +fykwWNhG5xS04EHpztgKdQ== -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQC9aHAEOzjdqSFF848Cj86TwfaMwejxRuhepAETvotA4k+kJ/Gm -1I8KRz1PpRsrPN0JaW5EFVA+hb/+C8rYoZOjfT6/33hAlXEmdtHSON1l432GpNeH -Ula2ZBjTDF6ipp56rZAHQ9KCTewO8oHH/EblYldJL5Pf9+ngjMDB6yJn4QIDAQAB -AoGACCuYIWaYll80UzslYRvo8lC8nOfEb5v6bBKxBTQD98GLY+5hKywiG3RlPalG -mb/fXQeSPReaRYgpdwD1OBEIOEMW9kLyqpzokC0xjpZ+MwsuJTlxCesk5GEsMa3o -wC3QMmiRA7qrZ/SzTtwrs++9mZ/pxp8JZ6pKYUj8SE7/vV0CQQDz8Ix2t40E16hx -04+XhClnGqydZJyLLSxcTU3ZVhYxL+efo/5hZ8tKpkcDi8wq6T03BOKrKxrlIW55 -qDRNM24rAkEAxsWzu/rJhIouQyNoYygEIEYzFRlTQyZSg59u6dNiewMn27dOAbyc -YT7B6da7e74QttTXo0lIllsX2S38+XsIIwJBANSRuIU3G66tkr5l4gnhhAaxqtuY -sgVhvvdL8dvC9aG1Ifzt9hzBSthpHxbK+oYmK07HdhI8hLpIMLHYzoK7n3MCQEy4 -4rccBcxyyYiAkjozp+QNNIpgTBMPJ6pGT7lRLiHtBeV4y1NASdv/LTnk+Fi69Bid -7t3H24ytfHcHmS1yn6ECQF6Jmh4C7dlvp59zXp+t+VsXxa/8sq41vKNIj0Rx9vh5 -xp9XL0C5ZpgmBnsTydP9pmkiL4ltLbMX0wJU6N2cmFw= +MIIEpQIBAAKCAQEA1vvSgaL1byi9AE8Ep3v7Yv36JxYywaZhUy8dEFRiYn6NsVhh +No6SK1Mp8daQ0MZoMzbT1aKpJTLTgDJZHit2t1d6l3aWJG+cbcLua+XKowaZjj6r +irB390fuL4qt5PiAb571QFtuL8apcydwGEdkaPRuCnvctN8VcZPTKh+M8VEESyxk +5K37QYKaAB6ItWR5KhjiAuDtzsJbjEtOvGtmu2FRCU47GzfkdjYo7tY38WTY+2WW +h+idKErtmYSinmhE0H7+yoJBs1VCI+cq5tVW+oEO9HF4vEDEUykEFFPsCEkIWM+R +jCgK8cRSCpg6VQr+ZTii6k7Cm9CP81QhUoV3QwIDAQABAoIBAQC6LCWmIisNcmgK +RmOvbszKc0sYYj7eOGl8EgbHR2xUA2hNNk4pYtnuLvzZ84hBZDCEeWyFS3HTRuql +z/QhDl6mc1k0pXtsXkNHQlIamksbVvHPnzIKzrt1J5N7FEt3SERhZXTZoNQRB6di +k7qdK+YmhdZtucnt0GrPisaJaf0yU/EjLuX+MU/0Xrc23lVhR3yqYhaOhWvrxTHM +evykI0kOL+gU58eN2eWE4ELjS2z+njKDqcEyeIy00FdBAtCoKjMsWpRytKNmcFm9 +LdtMmizskF8VS3+XsDbkseIODx1xJ65IFmHHMV2xLG5/+bQppkB8JuE3EDrtFiUJ +lGdfmBlxAoGBAP3Asg0drdunv7imeEOGpyj5JwF1hCVQ71IBGdqTr3aPqOlDH/io +up7t+VBuSLqj1P20HygNjow+ALw/Ko+a0icodg7QA2Co0/RiBwa+u2SgpYDqC9Kt +KIdRcv+NXkhXF/DLIn0jJvI53OtKsbgTv/C+aCipblofnO9sF4AhShq1AoGBANjj +Ou0czloNORbk3qAxLi4b5P/YOyZBJDa0zijFdD1jImfOeyNFXeg2ID+8ZjDkP/eP +pLy/Gt/8bVb+O+9wMOho3kWKZBN3O2VsLJYakAehDsC5ax7i2HtEqg1L1krW2duS +POiKg3qNjETM30zTA4pHwkNAETIktResze7SRm0XAoGABH7KaLMS5mZFXjcMwF19 +TpuDVmJHkgWqB7DfTWD6ZcZLvr4irdwHWlNq7ELX5P6MAmaTerkqwk9C4hLYZSzf +9jOgS8jhlm/HOXgXGcZ9OV4jMHJ0/Sl2I1eNCvvtJKjuUqS2mrLpuLbPtBdhqJoo +91HYNIgz3ULcG921WN6+GlUCgYEA066T6LDgxgt52NpwXrEhfWdETmDg+ilCCxLU +0/5DwVZsUhy5Gmeti+Kn/w0GQFnGBP1xr7ZlqI9auDlSjhNV6L/RkNXNbyJEGm1F +5wrt4ERVfcx6vJ5y43zU7D1EXa7s2t0UDXKDeK2GZe//UZ/yKJh5BeIV5nblOMI0 +DA+3JOkCgYEA80QGLjGlCvxKceVbuohbIZ1+/EoXPq993ER9S8D2MTGATsEcygtF +rM8JcHTv75sjycqu68BAQr1Z5qwwrMyY0vWVEorKzvAXEWolC67asR4cDutOd+qy +WlEIyojX45GwHCHpcbVRiGRWuj3kwkc+WzdgusBoAJrPCigES/Cr8uA= -----END RSA PRIVATE KEY----- diff --git a/deps/openssl/openssl/demos/smime/signer2.pem b/deps/openssl/openssl/demos/smime/signer2.pem index 25e23d131afab4..52827297e8a314 100644 --- a/deps/openssl/openssl/demos/smime/signer2.pem +++ b/deps/openssl/openssl/demos/smime/signer2.pem @@ -1,32 +1,52 @@ -----BEGIN CERTIFICATE----- -MIICpjCCAg+gAwIBAgIJAJ+rfmEoLQRiMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV -BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv -dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTgyOTQ0 -WhcNMTcwNDA5MTgyOTQ0WjBWMQswCQYDVQQGEwJVSzElMCMGA1UEAxMcT3BlblNT -TCB0ZXN0IFMvTUlNRSBzaWduZXIgMjEgMB4GCSqGSIb3DQEJARYRdGVzdDJAb3Bl -bnNzbC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANco7VPgX9vcGwmZ -jYqjq1JiR7M38dsMNhuJyLRVjJ5/cpFluQydQuG1PhzOJ8zfYVFicOXKvbYuKuXW -ozZIwzqEqWsNf36KHTLS6yOMG8I13cRInh+fAIKq9Z8Eh65I7FJzVsNsfEQrGfEW -GMA8us24IaSvP3QkbfHJn/4RaKznAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI -AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW -BBRlrLQJUB8uAa4q8B2OqvvTXonF5zAfBgNVHSMEGDAWgBRHUypxCXFQYqewhGo7 -2lWPQUsjoDANBgkqhkiG9w0BAQQFAAOBgQBQbi2juGALg2k9m1hKpzR2lCGmGO3X -h3Jh/l0vIxDr0RTgP2vBrtITlx655P/o1snoeTIpYG8uUnFnTE/6YakdayAIlxV4 -aZl63AivZMpQB5SPaPH/jEsGJ8UQMfdiy4ORWIULupuPKlKwODNw7tVhQIACS/DR -2aX6rl2JEuJ5Yg== +MIIELDCCApSgAwIBAgIIcsOElVeHzfUwDQYJKoZIhvcNAQELBQAwVzELMAkGA1UE +BhMCVUsxEjAQBgNVBAcMCVRlc3QgQ2l0eTEWMBQGA1UECgwNT3BlblNTTCBHcm91 +cDEcMBoGA1UEAwwTVGVzdCBTL01JTUUgUm9vdCBDQTAgFw0xODA2MTQxMjQ2Mjha +GA8yMTE4MDYxNDEyNDYyOFowVjELMAkGA1UEBhMCVUsxJTAjBgNVBAMMHE9wZW5T +U0wgdGVzdCBTL01JTUUgc2lnbmVyIDIxIDAeBgkqhkiG9w0BCQEWEXRlc3QyQG9w +ZW5zc2wub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ledrM9R +3x3bZypZAEi00DJYAmLS5F6Gg3+xpjE745UWKrjDAY5KswavKKa3vZxoUz2omNSg +4nYfLSowq7AI3VnZ8LwNo8lAeo7AX9elrsmzQzhr2DCdCdbRhCWoiS/ba5tKIhlb +gFnP+pB8jhC9qZuQJkpVaivywMW8rA9DRbeDcQjDKhUi0ukVDYHDd9+FtNM3H1t3 +AUGWBecjWYa4hXC3CsH3+cFBZKjAepL74hqiEfsEyzKesft3NFd1AcVY9W5MRCK4 +lUFiDbBtIgPkvPJeoEs/kFp3+OvJFDwi4K4Z6XzALyT0LXNx6w3kSfx0TLdNjXLD +O9a2dzwhHhPtCQIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1P +cGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUYJEUXnMb/ux0 +WrzSh+bnhpi6GS0wHwYDVR0jBBgwFoAUpJjGgWED0xBnKntZmlNiAzjC0HswDQYJ +KoZIhvcNAQELBQADggGBAFbrwfsSciDFI97c7oqS8jtxOSa3c4B7xhmcgUkYCiaD +7mbZuqTUf4ltJJZXP/TJ44fhL0zVAvRXSXw1LE3YvLGOlBc6dM3D7DyL5pfUTUBY +ICt+NLfG5iHtkiZPPSfK2t5f4UGFwU/ERT62sLu4keLI5igi9J2jKSykN3u5SQ3s +Zsennow5zUsFkcz9hkB4RczlHRogA0SgVhELQbN1nYIqJJDRFZL+CmarDRTFMilk +7dXCacw6xt9vIc3ZXO+pu2g1ezgSPwOoUykQcL3UhAEIIyt+TRe3fafh5TXwd8tr +FAecAuz5Mqsmek5nEW9ZeYmxNz5VFwc4F61y4xFj7lI0frLCCAu3gVoqiQrW+WwR +e27z1Nm4uUcduFqj45Pu2eTyV3LZtLUbFvL5ZSPUCSk1wVmC2otX8ksFDDTO1rIy +l5Qd1g1P8bLuj8NG98J2zVOabtaxYCAIBPZ3dUh2eNrPKoLAvrgKh1MH+K2Eh5Oy +z1T4Eu+e5Kq/uQkZpI5QzA== -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDXKO1T4F/b3BsJmY2Ko6tSYkezN/HbDDYbici0VYyef3KRZbkM -nULhtT4czifM32FRYnDlyr22Lirl1qM2SMM6hKlrDX9+ih0y0usjjBvCNd3ESJ4f -nwCCqvWfBIeuSOxSc1bDbHxEKxnxFhjAPLrNuCGkrz90JG3xyZ/+EWis5wIDAQAB -AoGAUTB2bcIrKfGimjrBOGGOUmYXnD8uGnQ/LqENhU8K4vxApTD3ZRUqmbUknQYF -6r8YH/e/llasw8QkF9qod+F5GTgsnyh/aMidFHKrXXbf1662scz9+S6crSXq9Eb2 -CL57f6Kw61k6edrz8zHdA+rnTK00hzgzKCP4ZL5k8/55ueECQQD+BK+nsKi6CcKf -m3Mh61Sf2Icm5JlMCKaihlbnh78lBN1imYUAfHJEnQ1ujxXB94R+6o9S+XrWTnTX -2m/JNIfpAkEA2NaidX7Sv5jnRPkwJ02Srl0urxINLmg4bU0zmM3VoMklYBHWnMyr -upPZGPh5TzCa+g6FTBmU8XK61wvnEKNcTwJBAM24VdnlBIDGbsx8RJ3vzLU30xz4 -ff5J80okqjUQhwkgC3tTAZgHMTPITZyAXQqdvrxakoCMc6MkHxTBX08AMCECQHHL -SdyxXrYv7waSY0PtANJCkpJLveEhzqMFxdMmCjtj9BpTojYNbv3uQxtIopj9YAdk -gW2ray++zvC2DV/86x8CQH4UJwgO6JqU4bSgi6HiRNjDg26tJ0Beu8jjl1vrkIVX -pHFwSUeLZUsT2/iTUSgYH4uYiZPgYNcKTCT9W6se30A= +MIIEogIBAAKCAQEA1ledrM9R3x3bZypZAEi00DJYAmLS5F6Gg3+xpjE745UWKrjD +AY5KswavKKa3vZxoUz2omNSg4nYfLSowq7AI3VnZ8LwNo8lAeo7AX9elrsmzQzhr +2DCdCdbRhCWoiS/ba5tKIhlbgFnP+pB8jhC9qZuQJkpVaivywMW8rA9DRbeDcQjD +KhUi0ukVDYHDd9+FtNM3H1t3AUGWBecjWYa4hXC3CsH3+cFBZKjAepL74hqiEfsE +yzKesft3NFd1AcVY9W5MRCK4lUFiDbBtIgPkvPJeoEs/kFp3+OvJFDwi4K4Z6XzA +LyT0LXNx6w3kSfx0TLdNjXLDO9a2dzwhHhPtCQIDAQABAoIBAGMEGJfTMiwS+979 +ph3GeJjRGO0JQAk1TYiDvcpbZiItJg9YSOV4GTP4u4PY+HqEPYFus2relu/mx2Iy +4kb9zCqNLmvSQ67M8pdrSJ093pEPJlvAPbmiQ3lfHmyghOnTDNb55tY3xphVZQmI +I7HxM9ydO4skva6NXNgGwLDvYBFc6z6d95ai/WEFWHOt5Mt7OVOWAHQ0lAOofWLA +2BwKmrQnCwMvm1TMoKaAU/ngTToUGBMIN1HwRcY6qDraZte5o3EDRABHB78OHrSu +I/Eoi//5C8A7iZ5Y189lMbahIN6xVMwHwwIqLptTV2GNZOKSiIXnM06vIf4CPZKl +3VlwBgECgYEA/BKnn23KtefA906QNkrIOXASLEE1T77NlTYIRDTsUoz6XTVSvOCI +ARxdsoLwFko5ICMhti9S/1G/MYH0BoJN8rbzvjmZDfwF612p0AYALyBlRgW+ID9L +41CJQcLWxeiQd/GcrUZmudVNUGXa8nsNHmFleGLchXeqU7M6fljJOkECgYEA2a56 +yvYQgMF/SIPkxU1+WcQC6+JGc+ax220/lysBsDb4SkXomfGtFWbenxwamuQu+n67 +DJWi9oJIi9Vj4eKOXS6vjCAkYeLgCpK6S26frPtxJuZwl/lF7mFl8Z4ZnJeiFJ4h +AXt5r9vqnOZtCnLqRRAlqF5OswWgv/mhJ6jpMMkCgYBMPaAxWlXLexMkOcDoiunQ +ZZM5i2eCfSVVEgiiCJfJyBYZhv1FX2wDWf8E9RGEzGJG1BloLxwdWS5I3RNfvJ2y +4Z8LVAR09Fsd+zBXWNlJZ7T53tbIjhx33m4FU9b9+P9pJ8zJo9eCMX+253e3i3xG +ShMUvGIShEUiF72DZXtHgQKBgDi867CfNmn5BW4nQqfSrQ5EsuY80lQ/WzhwX1TN +luERUuI5GomVnqGncHtUXfLlawFLqwF6t0E9cB9SfXhRDv5mvsbtUc5Zzj+zQu+K +ZAA4gaO8CLjz9jBOHr49kTtpootxM/Uo8+zMi3hd7yn8Def2b3pVKnorC10+eazW +sAFRAoGAet6fQbQD+4vZ1oukZcZhmVlIWTSZJ1vAGCcT/3E40pqpPY+Ho56Lcwh0 +9f4TAykuGwFgqvZvR8yD2gpuISYGYplWqa1N6qxMaiVzmY5q1XW+O74xRH5Kz5fr +D+3j2x4EiyG7AYyZMOphDtBd/TSQQMYmGW6PiyM9ceIVnDK1Dd4= -----END RSA PRIVATE KEY----- diff --git a/deps/openssl/openssl/doc/HOWTO/certificates.txt b/deps/openssl/openssl/doc/HOWTO/certificates.txt index 65f8fc8296cdf6..c2efdca8dc1a59 100644 --- a/deps/openssl/openssl/doc/HOWTO/certificates.txt +++ b/deps/openssl/openssl/doc/HOWTO/certificates.txt @@ -90,7 +90,7 @@ Your key most definitely is if you have followed the examples above. However, some (most?) certificate authorities will encode them with things like PKCS7 or PKCS12, or something else. Depending on your applications, this may be perfectly OK, it all depends on what they -know how to decode. If not, There are a number of OpenSSL tools to +know how to decode. If not, there are a number of OpenSSL tools to convert between some (most?) formats. So, depending on your application, you may have to convert your diff --git a/deps/openssl/openssl/doc/HOWTO/keys.txt b/deps/openssl/openssl/doc/HOWTO/keys.txt index 1662c170379999..9f0967cf55778a 100644 --- a/deps/openssl/openssl/doc/HOWTO/keys.txt +++ b/deps/openssl/openssl/doc/HOWTO/keys.txt @@ -98,7 +98,7 @@ it may be reasonable to avoid protecting it with a password, since otherwise someone would have to type in the password every time the server needs to access the key. -For X25519, it's treated as a distinct algorithm but not as one of +For X25519 and X448, it's treated as a distinct algorithm but not as one of the curves listed with 'ecparam -list_curves' option. You can use the following command to generate an X25519 key: diff --git a/deps/openssl/openssl/doc/HOWTO/proxy_certificates.txt b/deps/openssl/openssl/doc/HOWTO/proxy_certificates.txt index 642bec92876ec7..18b3e0340f1dca 100644 --- a/deps/openssl/openssl/doc/HOWTO/proxy_certificates.txt +++ b/deps/openssl/openssl/doc/HOWTO/proxy_certificates.txt @@ -18,7 +18,7 @@ rights to some other entity (a computer process, typically, or sometimes to the user itself). This allows the entity to perform operations on behalf of the owner of the EE certificate. -See http://www.ietf.org/rfc/rfc3820.txt for more information. +See https://www.ietf.org/rfc/rfc3820.txt for more information. 2. A warning about proxy certificates diff --git a/deps/openssl/openssl/doc/README b/deps/openssl/openssl/doc/README index cac4115f206ac8..964d8798100b81 100644 --- a/deps/openssl/openssl/doc/README +++ b/deps/openssl/openssl/doc/README @@ -9,12 +9,19 @@ standards.txt HOWTO/ A few how-to documents; not necessarily up-to-date -apps/ + +man1/ The openssl command-line tools; start with openssl.pod -ssl/ - The SSL library; start with ssl.pod -crypto/ - The cryptographic library; start with crypto.pod + +man3/ + The SSL library and the crypto library + +man5/ + File formats + +man7/ + Overviews; start with crypto.pod and ssl.pod, for example + Algorithm specific EVP_PKEY documentation. Formatted versions of the manpages (apps,ssl,crypto) can be found at https://www.openssl.org/docs/manpages.html diff --git a/deps/openssl/openssl/doc/apps/speed.pod b/deps/openssl/openssl/doc/apps/speed.pod deleted file mode 100644 index 4379319d789fb0..00000000000000 --- a/deps/openssl/openssl/doc/apps/speed.pod +++ /dev/null @@ -1,68 +0,0 @@ -=pod - -=head1 NAME - -openssl-speed, -speed - test library performance - -=head1 SYNOPSIS - -B -[B<-help>] -[B<-engine id>] -[B<-elapsed>] -[B<-evp algo>] -[B<-decrypt>] -[B] - -=head1 DESCRIPTION - -This command is used to test the performance of cryptographic algorithms. -To see the list of supported algorithms, use the I -or I command. - -=head1 OPTIONS - -=over 4 - -=item B<-help> - -Print out a usage message. - -=item B<-engine id> - -specifying an engine (by its unique B string) will cause B -to attempt to obtain a functional reference to the specified engine, -thus initialising it if needed. The engine will then be set as the default -for all available algorithms. - -=item B<-elapsed> - -Measure time in real time instead of CPU time. It can be useful when testing -speed of hardware engines. - -=item B<-evp algo> - -Use the specified cipher or message digest algorithm via the EVP interface. - -=item B<-decrypt> - -Time the decryption instead of encryption. Affects only the EVP testing. - -=item B<[zero or more test algorithms]> - -If any options are given, B tests those algorithms, otherwise all of -the above are tested. - -=back - -=head1 COPYRIGHT - -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the OpenSSL license (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/deps/openssl/openssl/doc/crypto/ASN1_TIME_set.pod b/deps/openssl/openssl/doc/crypto/ASN1_TIME_set.pod deleted file mode 100644 index 457b7218d4ccb5..00000000000000 --- a/deps/openssl/openssl/doc/crypto/ASN1_TIME_set.pod +++ /dev/null @@ -1,138 +0,0 @@ -=pod - -=head1 NAME - -ASN1_TIME_set, ASN1_TIME_adj, ASN1_TIME_check, ASN1_TIME_set_string, -ASN1_TIME_print, ASN1_TIME_diff - ASN.1 Time functions - -=head1 SYNOPSIS - - ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t); - ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, - int offset_day, long offset_sec); - int ASN1_TIME_set_string(ASN1_TIME *s, const char *str); - int ASN1_TIME_check(const ASN1_TIME *t); - int ASN1_TIME_print(BIO *b, const ASN1_TIME *s); - - int ASN1_TIME_diff(int *pday, int *psec, - const ASN1_TIME *from, const ASN1_TIME *to); - -=head1 DESCRIPTION - -The function ASN1_TIME_set() sets the ASN1_TIME structure B to the -time represented by the time_t value B. If B is NULL a new ASN1_TIME -structure is allocated and returned. - -ASN1_TIME_adj() sets the ASN1_TIME structure B to the time represented -by the time B and B after the time_t value B. -The values of B or B can be negative to set a -time before B. The B value can also exceed the number of -seconds in a day. If B is NULL a new ASN1_TIME structure is allocated -and returned. - -ASN1_TIME_set_string() sets ASN1_TIME structure B to the time -represented by string B which must be in appropriate ASN.1 time -format (for example YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ). - -ASN1_TIME_check() checks the syntax of ASN1_TIME structure B. - -ASN1_TIME_print() prints out the time B to BIO B in human readable -format. It will be of the format MMM DD HH:MM:SS YYYY [GMT], for example -"Feb 3 00:55:52 2015 GMT" it does not include a newline. If the time -structure has invalid format it prints out "Bad time value" and returns -an error. - -ASN1_TIME_diff() sets B<*pday> and B<*psec> to the time difference between -B and B. If B represents a time later than B then -one or both (depending on the time difference) of B<*pday> and B<*psec> -will be positive. If B represents a time earlier than B then -one or both of B<*pday> and B<*psec> will be negative. If B and B -represent the same time then B<*pday> and B<*psec> will both be zero. -If both B<*pday> and B<*psec> are non-zero they will always have the same -sign. The value of B<*psec> will always be less than the number of seconds -in a day. If B or B is NULL the current time is used. - -=head1 NOTES - -The ASN1_TIME structure corresponds to the ASN.1 structure B

for DH parameter generation. If this macro is not called -then 1024 is used. - -The EVP_PKEY_CTX_set_dh_paramgen_generator() macro sets DH generator to B -for DH parameter generation. If not specified 2 is used. - -The EVP_PKEY_CTX_set_ec_paramgen_curve_nid() sets the EC curve for EC parameter -generation to B. For EC parameter generation this macro must be called -or an error occurs because there is no default curve. -This function can also be called to set the curve explicitly when -generating an EC key. - -The EVP_PKEY_CTX_set_ec_param_enc() sets the EC parameter encoding to -B when generating EC parameters or an EC key. The encoding can be -B for explicit parameters (the default in versions -of OpenSSL before 1.1.0) or B to use named curve form. -For maximum compatibility the named curve form should be used. Note: the -B value was only added to OpenSSL 1.1.0; previous -versions should use 0 instead. - -=head1 RETURN VALUES - -EVP_PKEY_CTX_ctrl() and its macros return a positive value for success and 0 -or a negative value for failure. In particular a return value of -2 -indicates the operation is not supported by the public key algorithm. - -=head1 SEE ALSO - -L, -L, -L, -L, -L, -L, -L -L - -=head1 HISTORY - -These functions were first added to OpenSSL 1.0.0. - -=head1 COPYRIGHT - -Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the OpenSSL license (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/deps/openssl/openssl/doc/crypto/EVP_PKEY_new.pod b/deps/openssl/openssl/doc/crypto/EVP_PKEY_new.pod deleted file mode 100644 index 956d6990028eeb..00000000000000 --- a/deps/openssl/openssl/doc/crypto/EVP_PKEY_new.pod +++ /dev/null @@ -1,61 +0,0 @@ -=pod - -=head1 NAME - -EVP_PKEY_new, EVP_PKEY_up_ref, EVP_PKEY_free - private key allocation functions - -=head1 SYNOPSIS - - #include - - EVP_PKEY *EVP_PKEY_new(void); - int EVP_PKEY_up_ref(EVP_PKEY *key); - void EVP_PKEY_free(EVP_PKEY *key); - - -=head1 DESCRIPTION - -The EVP_PKEY_new() function allocates an empty B structure which is -used by OpenSSL to store private keys. The reference count is set to B<1>. - -EVP_PKEY_up_ref() increments the reference count of B. - -EVP_PKEY_free() decrements the reference count of B and, if the reference -count is zero, frees it up. If B is NULL, nothing is done. - -=head1 NOTES - -The B structure is used by various OpenSSL functions which require a -general private key without reference to any particular algorithm. - -The structure returned by EVP_PKEY_new() is empty. To add a private key to this -empty structure the functions described in L should be -used. - -=head1 RETURN VALUES - -EVP_PKEY_new() returns either the newly allocated B structure or -B if an error occurred. - -EVP_PKEY_up_ref() returns 1 for success and 0 for failure. - -=head1 SEE ALSO - -L - -=head1 HISTORY - -EVP_PKEY_new() and EVP_PKEY_free() exist in all versions of OpenSSL. - -EVP_PKEY_up_ref() was first added to OpenSSL 1.1.0. - -=head1 COPYRIGHT - -Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the OpenSSL license (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/deps/openssl/openssl/doc/crypto/RAND_add.pod b/deps/openssl/openssl/doc/crypto/RAND_add.pod deleted file mode 100644 index 46de165a9795bf..00000000000000 --- a/deps/openssl/openssl/doc/crypto/RAND_add.pod +++ /dev/null @@ -1,79 +0,0 @@ -=pod - -=head1 NAME - -RAND_add, RAND_seed, RAND_status, RAND_event, RAND_screen - add -entropy to the PRNG - -=head1 SYNOPSIS - - #include - - void RAND_seed(const void *buf, int num); - - void RAND_add(const void *buf, int num, double entropy); - - int RAND_status(void); - - #if OPENSSL_API_COMPAT < 0x10100000L - int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam); - void RAND_screen(void); - #endif - -=head1 DESCRIPTION - -RAND_add() mixes the B bytes at B into the PRNG state. Thus, -if the data at B are unpredictable to an adversary, this -increases the uncertainty about the state and makes the PRNG output -less predictable. Suitable input comes from user interaction (random -key presses, mouse movements) and certain hardware events. The -B argument is (the lower bound of) an estimate of how much -randomness is contained in B, measured in bytes. Details about -sources of randomness and how to estimate their entropy can be found -in the literature, e.g. RFC 1750. - -RAND_add() may be called with sensitive data such as user entered -passwords. The seed values cannot be recovered from the PRNG output. - -OpenSSL makes sure that the PRNG state is unique for each thread. On -systems that provide C, the randomness device is used -to seed the PRNG transparently. However, on all other systems, the -application is responsible for seeding the PRNG by calling RAND_add(), -L -or L. - -RAND_seed() is equivalent to RAND_add() when B. - -RAND_event() and RAND_screen() are deprecated and should not be called. - -=head1 RETURN VALUES - -RAND_status() returns 1 if the PRNG has been seeded -with enough data, 0 otherwise. - -RAND_event() calls RAND_poll() and returns RAND_status(). - -RAND_screen calls RAND_poll(). - -The other functions do not return values. - -=head1 HISTORY - -RAND_event() and RAND_screen() are deprecated since OpenSSL -1.1.0. Use the functions described above instead. - -=head1 SEE ALSO - -L, L, -L, L - -=head1 COPYRIGHT - -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the OpenSSL license (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/deps/openssl/openssl/doc/crypto/RAND_bytes.pod b/deps/openssl/openssl/doc/crypto/RAND_bytes.pod deleted file mode 100644 index 684215cea3bbeb..00000000000000 --- a/deps/openssl/openssl/doc/crypto/RAND_bytes.pod +++ /dev/null @@ -1,58 +0,0 @@ -=pod - -=head1 NAME - -RAND_bytes, RAND_pseudo_bytes - generate random data - -=head1 SYNOPSIS - - #include - - int RAND_bytes(unsigned char *buf, int num); - -Deprecated: - - #if OPENSSL_API_COMPAT < 0x10100000L - int RAND_pseudo_bytes(unsigned char *buf, int num); - #endif - -=head1 DESCRIPTION - -RAND_bytes() puts B cryptographically strong pseudo-random bytes -into B. An error occurs if the PRNG has not been seeded with -enough randomness to ensure an unpredictable byte sequence. - -RAND_pseudo_bytes() has been deprecated. Users should use RAND_bytes() instead. -RAND_pseudo_bytes() puts B pseudo-random bytes into B. -Pseudo-random byte sequences generated by RAND_pseudo_bytes() will be -unique if they are of sufficient length, but are not necessarily -unpredictable. They can be used for non-cryptographic purposes and for -certain purposes in cryptographic protocols, but usually not for key -generation etc. - -The contents of B is mixed into the entropy pool before retrieving -the new pseudo-random bytes unless disabled at compile time (see FAQ). - -=head1 RETURN VALUES - -RAND_bytes() returns 1 on success, 0 otherwise. The error code can be -obtained by L. RAND_pseudo_bytes() returns 1 if the -bytes generated are cryptographically strong, 0 otherwise. Both -functions return -1 if they are not supported by the current RAND -method. - -=head1 SEE ALSO - -L, L, -L - -=head1 COPYRIGHT - -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the OpenSSL license (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/deps/openssl/openssl/doc/crypto/RAND_egd.pod b/deps/openssl/openssl/doc/crypto/RAND_egd.pod deleted file mode 100644 index fcc57c06f9de70..00000000000000 --- a/deps/openssl/openssl/doc/crypto/RAND_egd.pod +++ /dev/null @@ -1,87 +0,0 @@ -=pod - -=head1 NAME - -RAND_egd, RAND_egd_bytes, RAND_query_egd_bytes - query entropy gathering daemon - -=head1 SYNOPSIS - - #include - - int RAND_egd(const char *path); - int RAND_egd_bytes(const char *path, int bytes); - - int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes); - -=head1 DESCRIPTION - -RAND_egd() queries the entropy gathering daemon EGD on socket B. -It queries 255 bytes and uses L to seed the -OpenSSL built-in PRNG. RAND_egd(path) is a wrapper for -RAND_egd_bytes(path, 255); - -RAND_egd_bytes() queries the entropy gathering daemon EGD on socket B. -It queries B bytes and uses L to seed the -OpenSSL built-in PRNG. -This function is more flexible than RAND_egd(). -When only one secret key must -be generated, it is not necessary to request the full amount 255 bytes from -the EGD socket. This can be advantageous, since the amount of entropy -that can be retrieved from EGD over time is limited. - -RAND_query_egd_bytes() performs the actual query of the EGD daemon on socket -B. If B is given, B bytes are queried and written into -B. If B is NULL, B bytes are queried and used to seed the -OpenSSL built-in PRNG using L. - -=head1 NOTES - -On systems without /dev/*random devices providing entropy from the kernel, -the EGD entropy gathering daemon can be used to collect entropy. It provides -a socket interface through which entropy can be gathered in chunks up to -255 bytes. Several chunks can be queried during one connection. - -EGD is available from http://www.lothar.com/tech/crypto/ (C to install). It is run as B -I, where I is an absolute path designating a socket. When -RAND_egd() is called with that path as an argument, it tries to read -random bytes that EGD has collected. RAND_egd() retrieves entropy from the -daemon using the daemon's "non-blocking read" command which shall -be answered immediately by the daemon without waiting for additional -entropy to be collected. The write and read socket operations in the -communication are blocking. - -Alternatively, the EGD-interface compatible daemon PRNGD can be used. It is -available from -http://prngd.sourceforge.net/ . -PRNGD does employ an internal PRNG itself and can therefore never run -out of entropy. - -OpenSSL automatically queries EGD when entropy is requested via RAND_bytes() -or the status is checked via RAND_status() for the first time, if the socket -is located at /var/run/egd-pool, /dev/egd-pool or /etc/egd-pool. - -=head1 RETURN VALUE - -RAND_egd() and RAND_egd_bytes() return the number of bytes read from the -daemon on success, and -1 if the connection failed or the daemon did not -return enough data to fully seed the PRNG. - -RAND_query_egd_bytes() returns the number of bytes read from the daemon on -success, and -1 if the connection failed. The PRNG state is not considered. - -=head1 SEE ALSO - -L, L, -L - -=head1 COPYRIGHT - -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the OpenSSL license (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/deps/openssl/openssl/doc/crypto/RAND_set_rand_method.pod b/deps/openssl/openssl/doc/crypto/RAND_set_rand_method.pod deleted file mode 100644 index 02fe90ca89e03b..00000000000000 --- a/deps/openssl/openssl/doc/crypto/RAND_set_rand_method.pod +++ /dev/null @@ -1,81 +0,0 @@ -=pod - -=head1 NAME - -RAND_set_rand_method, RAND_get_rand_method, RAND_OpenSSL - select RAND method - -=head1 SYNOPSIS - - #include - - void RAND_set_rand_method(const RAND_METHOD *meth); - - const RAND_METHOD *RAND_get_rand_method(void); - - RAND_METHOD *RAND_OpenSSL(void); - -=head1 DESCRIPTION - -A B specifies the functions that OpenSSL uses for random number -generation. By modifying the method, alternative implementations such as -hardware RNGs may be used. IMPORTANT: See the NOTES section for important -information about how these RAND API functions are affected by the use of -B API calls. - -Initially, the default RAND_METHOD is the OpenSSL internal implementation, as -returned by RAND_OpenSSL(). - -RAND_set_default_method() makes B the method for PRNG use. B: This is -true only whilst no ENGINE has been set as a default for RAND, so this function -is no longer recommended. - -RAND_get_default_method() returns a pointer to the current RAND_METHOD. -However, the meaningfulness of this result is dependent on whether the ENGINE -API is being used, so this function is no longer recommended. - -=head1 THE RAND_METHOD STRUCTURE - - typedef struct rand_meth_st - { - void (*seed)(const void *buf, int num); - int (*bytes)(unsigned char *buf, int num); - void (*cleanup)(void); - void (*add)(const void *buf, int num, int entropy); - int (*pseudorand)(unsigned char *buf, int num); - int (*status)(void); - } RAND_METHOD; - -The components point to method implementations used by (or called by), in order, -RAND_seed(), RAND_bytes(), internal RAND cleanup, RAND_add(), RAND_pseudo_rand() -and RAND_status(). -Each component may be NULL if the function is not implemented. - -=head1 RETURN VALUES - -RAND_set_rand_method() returns no value. RAND_get_rand_method() and -RAND_OpenSSL() return pointers to the respective methods. - -=head1 NOTES - -RAND_METHOD implementations are grouped together with other -algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B modules. If a -default ENGINE is specified for RAND functionality using an ENGINE API function, -that will override any RAND defaults set using the RAND API (ie. -RAND_set_rand_method()). For this reason, the ENGINE API is the recommended way -to control default implementations for use in RAND and other cryptographic -algorithms. - -=head1 SEE ALSO - -L, L - -=head1 COPYRIGHT - -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the OpenSSL license (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/deps/openssl/openssl/doc/crypto/RSA_generate_key.pod b/deps/openssl/openssl/doc/crypto/RSA_generate_key.pod deleted file mode 100644 index e51c0b147b6ca9..00000000000000 --- a/deps/openssl/openssl/doc/crypto/RSA_generate_key.pod +++ /dev/null @@ -1,88 +0,0 @@ -=pod - -=head1 NAME - -RSA_generate_key_ex, RSA_generate_key - generate RSA key pair - -=head1 SYNOPSIS - - #include - - int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); - -Deprecated: - - #if OPENSSL_API_COMPAT < 0x00908000L - RSA *RSA_generate_key(int num, unsigned long e, - void (*callback)(int, int, void *), void *cb_arg); - #endif - -=head1 DESCRIPTION - -RSA_generate_key_ex() generates a key pair and stores it in the B -structure provided in B. The pseudo-random number generator must -be seeded prior to calling RSA_generate_key_ex(). - -The modulus size will be of length B, and the public exponent will be -B. Key sizes with B E 1024 should be considered insecure. -The exponent is an odd number, typically 3, 17 or 65537. - -A callback function may be used to provide feedback about the -progress of the key generation. If B is not B, it -will be called as follows using the BN_GENCB_call() function -described on the L page. - -=over 2 - -=item * - -While a random prime number is generated, it is called as -described in L. - -=item * - -When the n-th randomly generated prime is rejected as not -suitable for the key, B is called. - -=item * - -When a random p has been found with p-1 relatively prime to B, -it is called as B. - -=back - -The process is then repeated for prime q with B. - -RSA_generate_key() is deprecated (new applications should use -RSA_generate_key_ex() instead). RSA_generate_key() works in the same way as -RSA_generate_key_ex() except it uses "old style" call backs. See -L for further details. - -=head1 RETURN VALUE - -RSA_generate_key_ex() returns 1 on success or 0 on error. -RSA_generate_key() returns the key on success or B on error. - -The error codes can be obtained by L. - -=head1 BUGS - -B is used with two different meanings. - -RSA_generate_key() goes into an infinite loop for illegal input values. - -=head1 SEE ALSO - -L, L, -L, L - -=head1 COPYRIGHT - -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the OpenSSL license (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/deps/openssl/openssl/doc/crypto/X509_cmp_time.pod b/deps/openssl/openssl/doc/crypto/X509_cmp_time.pod deleted file mode 100644 index 5bf51114511aa6..00000000000000 --- a/deps/openssl/openssl/doc/crypto/X509_cmp_time.pod +++ /dev/null @@ -1,39 +0,0 @@ -=pod - -=head1 NAME - -X509_cmp_time - X509 time functions - -=head1 SYNOPSIS - - X509_cmp_time(const ASN1_TIME *asn1_time, time_t *cmp_time); - -=head1 DESCRIPTION - -X509_cmp_time() compares the ASN1_TIME in B with the time in -. - -B must satisfy the ASN1_TIME format mandated by RFC 5280, i.e., -its format must be either YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ. - -If B is NULL the current time is used. - -=head1 BUGS - -Unlike many standard comparison functions, X509_cmp_time returns 0 on error. - -=head1 RETURN VALUES - -X509_cmp_time() returns -1 if B is earlier than, or equal to, -B, and 1 otherwise. It returns 0 on error. - -=head1 COPYRIGHT - -Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the OpenSSL license (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/deps/openssl/openssl/doc/crypto/d2i_Netscape_RSA.pod b/deps/openssl/openssl/doc/crypto/d2i_Netscape_RSA.pod deleted file mode 100644 index ee39bd817a267a..00000000000000 --- a/deps/openssl/openssl/doc/crypto/d2i_Netscape_RSA.pod +++ /dev/null @@ -1,38 +0,0 @@ -=pod - -=head1 NAME - -i2d_Netscape_RSA, -d2i_Netscape_RSA -- insecure RSA public and private key encoding functions - -=head1 SYNOPSIS - - #include - - int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)()); - RSA * d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)()); - -=head1 DESCRIPTION - -These functions decode and encode an RSA private -key in NET format. These functions are present to provide compatibility -with very old software. This format has some severe security weaknesses -and should be avoided if possible. - -These functions are similar to the B functions. - -=head1 SEE ALSO - -L - -=head1 COPYRIGHT - -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the OpenSSL license (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/deps/openssl/openssl/doc/apps/CA.pl.pod b/deps/openssl/openssl/doc/man1/CA.pl.pod similarity index 83% rename from deps/openssl/openssl/doc/apps/CA.pl.pod rename to deps/openssl/openssl/doc/man1/CA.pl.pod index a7f3970cb003e7..6949ec6228ac3f 100644 --- a/deps/openssl/openssl/doc/apps/CA.pl.pod +++ b/deps/openssl/openssl/doc/man1/CA.pl.pod @@ -42,28 +42,28 @@ by the use of some simple options. =item B, B<-h>, B<-help> -prints a usage message. +Prints a usage message. =item B<-newcert> -creates a new self signed certificate. The private key is written to the file +Creates a new self signed certificate. The private key is written to the file "newkey.pem" and the request written to the file "newreq.pem". This argument invokes B command. =item B<-newreq> -creates a new certificate request. The private key is written to the file +Creates a new certificate request. The private key is written to the file "newkey.pem" and the request written to the file "newreq.pem". Executes B command below the hood. =item B<-newreq-nodes> -is like B<-newreq> except that the private key will not be encrypted. +Is like B<-newreq> except that the private key will not be encrypted. Uses B command. =item B<-newca> -creates a new CA hierarchy for use with the B program (or the B<-signcert> +Creates a new CA hierarchy for use with the B program (or the B<-signcert> and B<-xsign> options). The user is prompted to enter the filename of the CA certificates (which should also contain the private key) or by hitting ENTER details of the CA will be prompted for. The relevant files and directories @@ -72,7 +72,7 @@ B and B commands are get invoked. =item B<-pkcs12> -create a PKCS#12 file containing the user certificate, private key and CA +Create a PKCS#12 file containing the user certificate, private key and CA certificate. It expects the user certificate and private key to be in the file "newcert.pem" and the CA certificate to be in the file demoCA/cacert.pem, it creates a file "newcert.p12". This command can thus be called after the @@ -84,31 +84,31 @@ Delegates work to B command. =item B<-sign>, B<-signcert>, B<-xsign> -calls the B program to sign a certificate request. It expects the request +Calls the B program to sign a certificate request. It expects the request to be in the file "newreq.pem". The new certificate is written to the file "newcert.pem" except in the case of the B<-xsign> option when it is written to standard output. Leverages B command. =item B<-signCA> -this option is the same as the B<-signreq> option except it uses the configuration -file section B and so makes the signed request a valid CA certificate. This -is useful when creating intermediate CA from a root CA. -Extra params are passed on to B command. +This option is the same as the B<-signreq> option except it uses the +configuration file section B and so makes the signed request a +valid CA certificate. This is useful when creating intermediate CA from +a root CA. Extra params are passed on to B command. =item B<-signcert> -this option is the same as B<-sign> except it expects a self signed certificate +This option is the same as B<-sign> except it expects a self signed certificate to be present in the file "newreq.pem". Extra params are passed on to B and B commands. =item B<-crl> -generate a CRL. Executes B command. +Generate a CRL. Executes B command. =item B<-revoke certfile [reason]> -revoke the certificate contained in the specified B. An optional +Revoke the certificate contained in the specified B. An optional reason may be specified, and must be one of: B, B, B, B, B, B, B, or B. @@ -116,9 +116,9 @@ Leverages B command. =item B<-verify> -verifies certificates against the CA certificate for "demoCA". If no certificates -are specified on the command line it tries to verify the file "newcert.pem". -Invokes B command. +Verifies certificates against the CA certificate for "demoCA". If no +certificates are specified on the command line it tries to verify the file +"newcert.pem". Invokes B command. =item B<-extra-req> | B<-extra-ca> | B<-extra-pkcs12> | B<-extra-x509> | B<-extra-verify> @@ -204,7 +204,7 @@ L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/apps/asn1parse.pod b/deps/openssl/openssl/doc/man1/asn1parse.pod similarity index 84% rename from deps/openssl/openssl/doc/apps/asn1parse.pod rename to deps/openssl/openssl/doc/man1/asn1parse.pod index 3c607e8ac571bd..0e1fcc686f6cb0 100644 --- a/deps/openssl/openssl/doc/apps/asn1parse.pod +++ b/deps/openssl/openssl/doc/man1/asn1parse.pod @@ -23,6 +23,7 @@ B B [B<-genstr string>] [B<-genconf file>] [B<-strictpem>] +[B<-item name>] =head1 DESCRIPTION @@ -39,56 +40,56 @@ Print out a usage message. =item B<-inform> B -the input format. B is binary format and B (the default) is base64 +The input format. B is binary format and B (the default) is base64 encoded. =item B<-in filename> -the input file, default is standard input +The input file, default is standard input. =item B<-out filename> -output file to place the DER encoded data into. If this +Output file to place the DER encoded data into. If this option is not present then no data will be output. This is most useful when combined with the B<-strparse> option. =item B<-noout> -don't output the parsed version of the input file. +Don't output the parsed version of the input file. =item B<-offset number> -starting offset to begin parsing, default is start of file. +Starting offset to begin parsing, default is start of file. =item B<-length number> -number of bytes to parse, default is until end of file. +Number of bytes to parse, default is until end of file. =item B<-i> -indents the output according to the "depth" of the structures. +Indents the output according to the "depth" of the structures. =item B<-oid filename> -a file containing additional OBJECT IDENTIFIERs (OIDs). The format of this +A file containing additional OBJECT IDENTIFIERs (OIDs). The format of this file is described in the NOTES section below. =item B<-dump> -dump unknown data in hex format. +Dump unknown data in hex format. =item B<-dlimit num> -like B<-dump>, but only the first B bytes are output. +Like B<-dump>, but only the first B bytes are output. =item B<-strparse offset> -parse the contents octets of the ASN.1 object starting at B. This +Parse the contents octets of the ASN.1 object starting at B. This option can be used multiple times to "drill down" into a nested structure. =item B<-genstr string>, B<-genconf file> -generate encoded data based on B, B or both using +Generate encoded data based on B, B or both using L format. If B only is present then the string is obtained from the default section using the name B. The encoded data is passed through the ASN1 parser and printed out as @@ -103,6 +104,11 @@ processed whether it has the normal PEM BEGIN and END markers or not. This option will ignore any data prior to the start of the BEGIN marker, or after an END marker in a PEM file. +=item B<-item name> + +Attempt to decode and print the data as B. This can be used to +print out the fields of any supported ASN.1 structure if the type is known. + =back =head2 Output @@ -199,7 +205,7 @@ L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/apps/ca.pod b/deps/openssl/openssl/doc/man1/ca.pod similarity index 79% rename from deps/openssl/openssl/doc/apps/ca.pod rename to deps/openssl/openssl/doc/man1/ca.pod index 9885bb2392a6b7..325c8b29ea4d64 100644 --- a/deps/openssl/openssl/doc/apps/ca.pod +++ b/deps/openssl/openssl/doc/man1/ca.pod @@ -52,7 +52,10 @@ B B [B<-subj arg>] [B<-utf8>] [B<-create_serial>] +[B<-rand_serial>] [B<-multivalue-rdn>] +[B<-rand file...>] +[B<-writerand file>] =head1 DESCRIPTION @@ -73,73 +76,73 @@ Print out a usage message. =item B<-verbose> -this prints extra details about the operations being performed. +This prints extra details about the operations being performed. =item B<-config filename> -specifies the configuration file to use. +Specifies the configuration file to use. Optional; for a description of the default value, see L. =item B<-name section> -specifies the configuration file section to use (overrides +Specifies the configuration file section to use (overrides B in the B section). =item B<-in filename> -an input filename containing a single certificate request to be +An input filename containing a single certificate request to be signed by the CA. =item B<-ss_cert filename> -a single self-signed certificate to be signed by the CA. +A single self-signed certificate to be signed by the CA. =item B<-spkac filename> -a file containing a single Netscape signed public key and challenge +A file containing a single Netscape signed public key and challenge and additional field values to be signed by the CA. See the B section for information on the required input and output format. =item B<-infiles> -if present this should be the last option, all subsequent arguments +If present this should be the last option, all subsequent arguments are taken as the names of files containing certificate requests. =item B<-out filename> -the output file to output certificates to. The default is standard +The output file to output certificates to. The default is standard output. The certificate details will also be printed out to this file in PEM format (except that B<-spkac> outputs DER format). =item B<-outdir directory> -the directory to output certificates to. The certificate will be +The directory to output certificates to. The certificate will be written to a filename consisting of the serial number in hex with ".pem" appended. =item B<-cert> -the CA certificate file. +The CA certificate file. =item B<-keyfile filename> -the private key to sign requests with. +The private key to sign requests with. =item B<-keyform PEM|DER> -the format of the data in the private key file. +The format of the data in the private key file. The default is PEM. =item B<-key password> -the password used to encrypt the private key. Since on some +The password used to encrypt the private key. Since on some systems the command line arguments are visible (e.g. Unix with the 'ps' utility) this option should be used with caution. =item B<-selfsign> -indicates the issued certificates are to be signed with the key +Indicates the issued certificates are to be signed with the key the certificate requests were signed with (given with B<-keyfile>). Certificate requests signed with a different key are ignored. If B<-spkac>, B<-ss_cert> or B<-gencrl> are given, B<-selfsign> is @@ -153,47 +156,51 @@ self-signed certificate. =item B<-passin arg> -the key password source. For more information about the format of B +The key password source. For more information about the format of B see the B section in L. =item B<-notext> -don't output the text form of a certificate to the output file. +Don't output the text form of a certificate to the output file. =item B<-startdate date> -this allows the start date to be explicitly set. The format of the -date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure). +This allows the start date to be explicitly set. The format of the +date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure), or +YYYYMMDDHHMMSSZ (the same as an ASN1 GeneralizedTime structure). In +both formats, seconds SS and timezone Z must be present. =item B<-enddate date> -this allows the expiry date to be explicitly set. The format of the -date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure). +This allows the expiry date to be explicitly set. The format of the +date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure), or +YYYYMMDDHHMMSSZ (the same as an ASN1 GeneralizedTime structure). In +both formats, seconds SS and timezone Z must be present. =item B<-days arg> -the number of days to certify the certificate for. +The number of days to certify the certificate for. =item B<-md alg> -the message digest to use. -Any digest supported by the OpenSSL B command can be used. -This option also applies to CRLs. +The message digest to use. +Any digest supported by the OpenSSL B command can be used. For signing +algorithms that do not support a digest (i.e. Ed25519 and Ed448) any message +digest that is set is ignored. This option also applies to CRLs. =item B<-policy arg> -this option defines the CA "policy" to use. This is a section in +This option defines the CA "policy" to use. This is a section in the configuration file which decides which fields should be mandatory or match the CA certificate. Check out the B section for more information. =item B<-msie_hack> -this is a legacy option to make B work with very old versions of +This is a deprecated option to make B work with very old versions of the IE certificate enrollment control "certenr3". It used UniversalStrings for almost everything. Since the old control has various security bugs -its use is strongly discouraged. The newer control "Xenroll" does not -need this option. +its use is strongly discouraged. =item B<-preserveDN> @@ -214,12 +221,12 @@ used in the configuration file to enable this behaviour. =item B<-batch> -this sets the batch mode. In this mode no questions will be asked +This sets the batch mode. In this mode no questions will be asked and all certificates will be certified automatically. =item B<-extensions section> -the section of the configuration file containing certificate extensions +The section of the configuration file containing certificate extensions to be added when a certificate is issued (defaults to B unless the B<-extfile> option is used). If no extension section is present then, a V1 certificate is created. If the extension section @@ -229,20 +236,20 @@ extension section format. =item B<-extfile file> -an additional configuration file to read certificate extensions from +An additional configuration file to read certificate extensions from (using the default section unless the B<-extensions> option is also used). =item B<-engine id> -specifying an engine (by its unique B string) will cause B +Specifying an engine (by its unique B string) will cause B to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. =item B<-subj arg> -supersedes subject name given in the request. +Supersedes subject name given in the request. The arg must be formatted as I. Keyword characters may be escaped by \ (backslash), and whitespace is retained. Empty values are permitted, but the corresponding type will not be included @@ -250,16 +257,23 @@ in the resulting certificate. =item B<-utf8> -this option causes field values to be interpreted as UTF8 strings, by +This option causes field values to be interpreted as UTF8 strings, by default they are interpreted as ASCII. This means that the field values, whether prompted from a terminal or obtained from a configuration file, must be valid UTF8 strings. =item B<-create_serial> -if reading serial from the text file as specified in the configuration +If reading serial from the text file as specified in the configuration fails, specifying this option creates a new random serial to be used as next serial number. +To get random serial numbers, use the B<-rand_serial> flag instead; this +should only be used for simple error-recovery. + +=item B<-rand_serial> + +Generate a large random number to use as the serial number. +This overrides any option or configuration to use a serial number file. =item B<-multivalue-rdn> @@ -270,6 +284,19 @@ I If -multi-rdn is not used then the UID value is I<123456+CN=John Doe>. +=item B<-rand file...> + +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for +all others. + +=item [B<-writerand file>] + +Writes random data to the specified I upon exit. +This can be used with a subsequent B<-rand> flag. + =back =head1 CRL OPTIONS @@ -278,28 +305,28 @@ If -multi-rdn is not used then the UID value is I<123456+CN=John Doe>. =item B<-gencrl> -this option generates a CRL based on information in the index file. +This option generates a CRL based on information in the index file. =item B<-crldays num> -the number of days before the next CRL is due. That is the days from +The number of days before the next CRL is due. That is the days from now to place in the CRL nextUpdate field. =item B<-crlhours num> -the number of hours before the next CRL is due. +The number of hours before the next CRL is due. =item B<-revoke filename> -a filename containing a certificate to revoke. +A filename containing a certificate to revoke. =item B<-valid filename> -a filename containing a certificate to add a Valid certificate entry. +A filename containing a certificate to add a Valid certificate entry. =item B<-status serial> -displays the revocation status of the certificate with the specified +Displays the revocation status of the certificate with the specified serial number and exits. =item B<-updatedb> @@ -308,7 +335,7 @@ Updates the database index to purge expired certificates. =item B<-crl_reason reason> -revocation reason, where B is one of: B, B, +Revocation reason, where B is one of: B, B, B, B, B, B, B or B. The matching of B is case insensitive. Setting any revocation reason will make the CRL v2. @@ -335,7 +362,7 @@ B. =item B<-crlexts section> -the section of the configuration file containing CRL extensions to +The section of the configuration file containing CRL extensions to include. If no CRL extension section is present then a V1 CRL is created, if the CRL extension section is present (even if it is empty) then a V2 CRL is created. The CRL extensions specified are @@ -386,58 +413,59 @@ and long names are the same when this option is used. =item B -the same as the B<-outdir> command line option. It specifies +The same as the B<-outdir> command line option. It specifies the directory where new certificates will be placed. Mandatory. =item B -the same as B<-cert>. It gives the file containing the CA +The same as B<-cert>. It gives the file containing the CA certificate. Mandatory. =item B -same as the B<-keyfile> option. The file containing the +Same as the B<-keyfile> option. The file containing the CA private key. Mandatory. =item B -a file used to read and write random number seed information, or -an EGD socket (see L). +At startup the specified file is loaded into the random number generator, +and at exit 256 bytes will be written to it. =item B -the same as the B<-days> option. The number of days to certify +The same as the B<-days> option. The number of days to certify a certificate for. =item B -the same as the B<-startdate> option. The start date to certify +The same as the B<-startdate> option. The start date to certify a certificate for. If not set the current time is used. =item B -the same as the B<-enddate> option. Either this option or +The same as the B<-enddate> option. Either this option or B (or the command line equivalents) must be present. =item B -the same as the B<-crlhours> and the B<-crldays> options. These +The same as the B<-crlhours> and the B<-crldays> options. These will only be used if neither command line option is present. At least one of these must be present to generate a CRL. =item B -the same as the B<-md> option. Mandatory. +The same as the B<-md> option. Mandatory except where the signing algorithm does +not require a digest (i.e. Ed25519 and Ed448). =item B -the text database file to use. Mandatory. This file must be present +The text database file to use. Mandatory. This file must be present though initially it will be empty. =item B -if the value B is given, the valid certificate entries in the +If the value B is given, the valid certificate entries in the database must have unique subjects. if the value B is given, several valid certificate entries may have the exact same subject. The default value is B, to be compatible with older (pre 0.9.8) @@ -451,45 +479,45 @@ subjects this does not count as a duplicate. =item B -a text file containing the next serial number to use in hex. Mandatory. +A text file containing the next serial number to use in hex. Mandatory. This file must be present and contain a valid serial number. =item B -a text file containing the next CRL number to use in hex. The crl number +A text file containing the next CRL number to use in hex. The crl number will be inserted in the CRLs only if this file exists. If this file is present, it must contain a valid CRL number. =item B -the same as B<-extensions>. +The same as B<-extensions>. =item B -the same as B<-crlexts>. +The same as B<-crlexts>. =item B -the same as B<-preserveDN> +The same as B<-preserveDN> =item B -the same as B<-noemailDN>. If you want the EMAIL field to be removed +The same as B<-noemailDN>. If you want the EMAIL field to be removed from the DN of the certificate simply set this to 'no'. If not present the default is to allow for the EMAIL filed in the certificate's DN. =item B -the same as B<-msie_hack> +The same as B<-msie_hack> =item B -the same as B<-policy>. Mandatory. See the B section +The same as B<-policy>. Mandatory. See the B section for more information. =item B, B -these options allow the format used to display the certificate details +These options allow the format used to display the certificate details when asking the user to confirm signing. All the options supported by the B utilities B<-nameopt> and B<-certopt> switches can be used here, except the B and B are permanently set @@ -506,7 +534,7 @@ multicharacter string types and does not display extensions. =item B -determines how extensions in certificate requests should be handled. +Determines how extensions in certificate requests should be handled. If set to B or this option is not present then extensions are ignored and not copied to the certificate. If set to B then any extensions present in the request that are not already present are copied @@ -603,6 +631,7 @@ A sample configuration file with the relevant sections for B: certificate = $dir/cacert.pem # The CA cert serial = $dir/serial # serial no file + #rand_serial = yes # for random serial#'s private_key = $dir/private/cakey.pem# CA private key RANDFILE = $dir/private/.rand # random number file @@ -709,6 +738,14 @@ For example if the CA certificate has: then even if a certificate is issued with CA:TRUE it will not be valid. +=head1 HISTORY + +Since OpenSSL 1.1.1, the program follows RFC5280. Specifically, +certificate validity period (specified by any of B<-startdate>, +B<-enddate> and B<-days>) will be encoded as UTCTime if the dates are +earlier than year 2049 (included), and as GeneralizedTime if the dates +are in year 2050 or later. + =head1 SEE ALSO L, L, L, L, diff --git a/deps/openssl/openssl/doc/apps/ciphers.pod b/deps/openssl/openssl/doc/man1/ciphers.pod similarity index 82% rename from deps/openssl/openssl/doc/apps/ciphers.pod rename to deps/openssl/openssl/doc/man1/ciphers.pod index def3bdc301f35d..3aea982384ec7e 100644 --- a/deps/openssl/openssl/doc/apps/ciphers.pod +++ b/deps/openssl/openssl/doc/man1/ciphers.pod @@ -16,10 +16,13 @@ B B [B<-tls1>] [B<-tls1_1>] [B<-tls1_2>] +[B<-tls1_3>] [B<-s>] [B<-psk>] [B<-srp>] [B<-stdname>] +[B<-convert name>] +[B<-ciphersuites val>] [B] =head1 DESCRIPTION @@ -63,42 +66,43 @@ When combined with B<-s> includes cipher suites which require SRP. =item B<-v> -Verbose output: For each ciphersuite, list details as provided by +Verbose output: For each cipher suite, list details as provided by L. =item B<-V> Like B<-v>, but include the official cipher suite values in hex. -=item B<-tls1_2> +=item B<-tls1_3>, B<-tls1_2>, B<-tls1_1>, B<-tls1>, B<-ssl3> -In combination with the B<-s> option, list the ciphers which would be used if -TLSv1.2 were negotiated. +In combination with the B<-s> option, list the ciphers which could be used if +the specified protocol were negotiated. +Note that not all protocols and flags may be available, depending on how +OpenSSL was built. -=item B<-ssl3> - -In combination with the B<-s> option, list the ciphers which would be used if -SSLv3 were negotiated. +=item B<-stdname> -=item B<-tls1> +Precede each cipher suite by its standard name. -In combination with the B<-s> option, list the ciphers which would be used if -TLSv1 were negotiated. +=item B<-convert name> -=item B<-tls1_1> +Convert a standard cipher B to its OpenSSL name. -In combination with the B<-s> option, list the ciphers which would be used if -TLSv1.1 were negotiated. +=item B<-ciphersuites val> -=item B<-stdname> +Sets the list of TLSv1.3 ciphersuites. This list will be combined with any +TLSv1.2 and below ciphersuites that have been configured. The format for this +list is a simple colon (":") separated list of TLSv1.3 ciphersuite names. By +default this value is: -precede each ciphersuite by its standard name: only available is OpenSSL -is built with tracing enabled (B argument to Configure). + TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 =item B -a cipher list to convert to a cipher preference list. If it is not included -then the default cipher list will be used. The format is described below. +A cipher list of TLSv1.2 and below ciphersuites to convert to a cipher +preference list. This list will be combined with any TLSv1.3 ciphersuites that +have been configured. If it is not included then the default cipher list will be +used. The format is described below. =back @@ -143,7 +147,16 @@ The cipher string B<@STRENGTH> can be used at any point to sort the current cipher list in order of encryption algorithm key length. The cipher string B<@SECLEVEL=n> can be used at any point to set the security -level to B. +level to B, which should be a number between zero and five, inclusive. +See L for a description of what each level means. + +The cipher list can be prefixed with the B keyword, which enables +the default cipher list as defined below. Unlike cipher strings, +this prefix may not be combined with other strings using B<+> character. +For example, B is not valid. + +The content of the default list is determined at compile time and normally +corresponds to B. =head1 CIPHER STRINGS @@ -151,19 +164,12 @@ The following is a list of all permitted cipher strings and their meanings. =over 4 -=item B - -The default cipher list. -This is determined at compile time and is normally -B. -When used, this must be the first cipherstring specified. - =item B The ciphers included in B, but not enabled by default. Currently this includes all RC4 and anonymous ciphers. Note that this rule does not cover B, which is not included by B (use B if -necessary). Note that RC4 based ciphersuites are not built into OpenSSL by +necessary). Note that RC4 based cipher suites are not built into OpenSSL by default (see the enable-weak-ssl-ciphers option to Configure). =item B @@ -178,19 +184,19 @@ The cipher suites not enabled by B, currently B. =item B -"high" encryption cipher suites. This currently means those with key lengths +"High" encryption cipher suites. This currently means those with key lengths larger than 128 bits, and some cipher suites with 128-bit keys. =item B -"medium" encryption cipher suites, currently some of those using 128 bit +"Medium" encryption cipher suites, currently some of those using 128 bit encryption. =item B -"low" encryption cipher suites, currently those using 64 or 56 bit +"Low" encryption cipher suites, currently those using 64 or 56 bit encryption algorithms but excluding export cipher suites. All these -ciphersuites have been removed as of OpenSSL 1.1.0. +cipher suites have been removed as of OpenSSL 1.1.0. =item B, B @@ -267,11 +273,11 @@ keys. =item B, B, B -Lists ciphersuites which are only supported in at least TLS v1.2, TLS v1.0 or +Lists cipher suites which are only supported in at least TLS v1.2, TLS v1.0 or SSL v3.0 respectively. -Note: there are no ciphersuites specific to TLS v1.1. +Note: there are no cipher suites specific to TLS v1.1. Since this is only the minimum version, if, for example, TLSv1.0 is negotiated -then both TLSv1.0 and SSLv3.0 ciphersuites are available. +then both TLSv1.0 and SSLv3.0 cipher suites are available. Note: these cipher strings B change the negotiated version of SSL or TLS, they only affect the list of available cipher suites. @@ -282,28 +288,33 @@ cipher suites using 128 bit AES, 256 bit AES or either 128 or 256 bit AES. =item B -AES in Galois Counter Mode (GCM): these ciphersuites are only supported +AES in Galois Counter Mode (GCM): these cipher suites are only supported in TLS v1.2. =item B, B AES in Cipher Block Chaining - Message Authentication Mode (CCM): these -ciphersuites are only supported in TLS v1.2. B references CCM +cipher suites are only supported in TLS v1.2. B references CCM cipher suites using both 16 and 8 octet Integrity Check Value (ICV) while B only references 8 octet ICV. +=item B, B, B + +Cipher suites using 128 bit ARIA, 256 bit ARIA or either 128 or 256 bit +ARIA. + =item B, B, B -cipher suites using 128 bit CAMELLIA, 256 bit CAMELLIA or either 128 or 256 bit +Cipher suites using 128 bit CAMELLIA, 256 bit CAMELLIA or either 128 or 256 bit CAMELLIA. =item B -cipher suites using ChaCha20. +Cipher suites using ChaCha20. =item B<3DES> -cipher suites using triple DES. +Cipher suites using triple DES. =item B @@ -336,7 +347,7 @@ Cipher suites using SHA1. =item B, B -Ciphersuites using SHA256 or SHA384. +Cipher suites using SHA256 or SHA384. =item B @@ -383,7 +394,7 @@ Setting Suite B mode has additional consequences required to comply with RFC6460. In particular the supported signature algorithms is reduced to support only ECDSA and SHA256 or SHA384, only the elliptic curves P-256 and P-384 can be -used and only the two suite B compliant ciphersuites +used and only the two suite B compliant cipher suites (ECDHE-ECDSA-AES128-GCM-SHA256 and ECDHE-ECDSA-AES256-GCM-SHA384) are permissible. @@ -434,7 +445,7 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used. TLS_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5 TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA -=head2 AES ciphersuites from RFC3268, extending TLS v1.0 +=head2 AES cipher suites from RFC3268, extending TLS v1.0 TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA @@ -452,7 +463,7 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used. TLS_DH_anon_WITH_AES_128_CBC_SHA ADH-AES128-SHA TLS_DH_anon_WITH_AES_256_CBC_SHA ADH-AES256-SHA -=head2 Camellia ciphersuites from RFC4132, extending TLS v1.0 +=head2 Camellia cipher suites from RFC4132, extending TLS v1.0 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA CAMELLIA128-SHA TLS_RSA_WITH_CAMELLIA_256_CBC_SHA CAMELLIA256-SHA @@ -470,7 +481,7 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used. TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA ADH-CAMELLIA128-SHA TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA ADH-CAMELLIA256-SHA -=head2 SEED ciphersuites from RFC4162, extending TLS v1.0 +=head2 SEED cipher suites from RFC4162, extending TLS v1.0 TLS_RSA_WITH_SEED_CBC_SHA SEED-SHA @@ -482,7 +493,7 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used. TLS_DH_anon_WITH_SEED_CBC_SHA ADH-SEED-SHA -=head2 GOST ciphersuites from draft-chudov-cryptopro-cptls, extending TLS v1.0 +=head2 GOST cipher suites from draft-chudov-cryptopro-cptls, extending TLS v1.0 Note: these ciphers require an engine which including GOST cryptographic algorithms, such as the B engine, included in the OpenSSL distribution. @@ -575,14 +586,35 @@ Note: these ciphers can also be used in SSL v3. ECDHE_ECDSA_WITH_AES_128_CCM_8 ECDHE-ECDSA-AES128-CCM8 ECDHE_ECDSA_WITH_AES_256_CCM_8 ECDHE-ECDSA-AES256-CCM8 -=head2 Camellia HMAC-Based ciphersuites from RFC6367, extending TLS v1.2 +=head2 ARIA cipher suites from RFC6209, extending TLS v1.2 + +Note: the CBC modes mentioned in this RFC are not supported. + + TLS_RSA_WITH_ARIA_128_GCM_SHA256 ARIA128-GCM-SHA256 + TLS_RSA_WITH_ARIA_256_GCM_SHA384 ARIA256-GCM-SHA384 + TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 DHE-RSA-ARIA128-GCM-SHA256 + TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 DHE-RSA-ARIA256-GCM-SHA384 + TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 DHE-DSS-ARIA128-GCM-SHA256 + TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 DHE-DSS-ARIA256-GCM-SHA384 + TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 ECDHE-ECDSA-ARIA128-GCM-SHA256 + TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 ECDHE-ECDSA-ARIA256-GCM-SHA384 + TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 ECDHE-ARIA128-GCM-SHA256 + TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 ECDHE-ARIA256-GCM-SHA384 + TLS_PSK_WITH_ARIA_128_GCM_SHA256 PSK-ARIA128-GCM-SHA256 + TLS_PSK_WITH_ARIA_256_GCM_SHA384 PSK-ARIA256-GCM-SHA384 + TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 DHE-PSK-ARIA128-GCM-SHA256 + TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 DHE-PSK-ARIA256-GCM-SHA384 + TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 RSA-PSK-ARIA128-GCM-SHA256 + TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 RSA-PSK-ARIA256-GCM-SHA384 + +=head2 Camellia HMAC-Based cipher suites from RFC6367, extending TLS v1.2 TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-ECDSA-CAMELLIA128-SHA256 TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-ECDSA-CAMELLIA256-SHA384 TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-RSA-CAMELLIA128-SHA256 TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-RSA-CAMELLIA256-SHA384 -=head2 Pre-shared keying (PSK) ciphersuites +=head2 Pre-shared keying (PSK) cipher suites PSK_WITH_NULL_SHA PSK-NULL-SHA DHE_PSK_WITH_NULL_SHA DHE-PSK-NULL-SHA @@ -666,6 +698,14 @@ Note: these ciphers can also be used in SSL v3. TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 DHE-PSK-CHACHA20-POLY1305 TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 RSA-PSK-CHACHA20-POLY1305 +=head2 TLS v1.3 cipher suites + + TLS_AES_128_GCM_SHA256 TLS_AES_128_GCM_SHA256 + TLS_AES_256_GCM_SHA384 TLS_AES_256_GCM_SHA384 + TLS_CHACHA20_POLY1305_SHA256 TLS_CHACHA20_POLY1305_SHA256 + TLS_AES_128_CCM_SHA256 TLS_AES_128_CCM_SHA256 + TLS_AES_128_CCM_8_SHA256 TLS_AES_128_CCM_8_SHA256 + =head2 Older names used by OpenSSL The following names are accepted by older releases: @@ -719,9 +759,14 @@ L, L, L The B<-V> option for the B command was added in OpenSSL 1.0.0. +The B<-stdname> is only available if OpenSSL is built with tracing enabled +(B argument to Configure) before OpenSSL 1.1.1. + +The B<-convert> was added in OpenSSL 1.1.1. + =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/apps/cms.pod b/deps/openssl/openssl/doc/man1/cms.pod similarity index 84% rename from deps/openssl/openssl/doc/apps/cms.pod rename to deps/openssl/openssl/doc/man1/cms.pod index 64ec106b09ccdb..60ee3b505e1e2f 100644 --- a/deps/openssl/openssl/doc/apps/cms.pod +++ b/deps/openssl/openssl/doc/man1/cms.pod @@ -68,9 +68,9 @@ B B [B<-verify_name name>] [B<-x509_strict>] [B<-md digest>] -[B<-[cipher]>] +[B<-I>] [B<-nointern>] -[B<-no_signer_cert_verify>] +[B<-noverify>] [B<-nocerts>] [B<-noattr>] [B<-nosmimecap>] @@ -83,7 +83,8 @@ B B [B<-signer file>] [B<-recip file>] [B<-keyid>] -[B<-receipt_request_all -receipt_request_first>] +[B<-receipt_request_all>] +[B<-receipt_request_first>] [B<-receipt_request_from emailaddress>] [B<-receipt_request_to emailaddress>] [B<-receipt_request_print>] @@ -93,7 +94,8 @@ B B [B<-inkey file>] [B<-keyopt name:parameter>] [B<-passin arg>] -[B<-rand file(s)>] +[B<-rand file...>] +[B<-writerand file>] [B] [B<-to addr>] [B<-from addr>] @@ -119,7 +121,7 @@ Print out a usage message. =item B<-encrypt> -encrypt mail for the given recipient certificates. Input file is the message +Encrypt mail for the given recipient certificates. Input file is the message to be encrypted. The output file is the encrypted mail in MIME format. The actual CMS type is EnvelopedData. @@ -128,33 +130,33 @@ key has been compromised, others may be able to decrypt the text. =item B<-decrypt> -decrypt mail using the supplied certificate and private key. Expects an +Decrypt mail using the supplied certificate and private key. Expects an encrypted mail message in MIME format for the input file. The decrypted mail is written to the output file. =item B<-debug_decrypt> -this option sets the B flag. This option should be used +This option sets the B flag. This option should be used with caution: see the notes section below. =item B<-sign> -sign mail using the supplied certificate and private key. Input file is +Sign mail using the supplied certificate and private key. Input file is the message to be signed. The signed message in MIME format is written to the output file. =item B<-verify> -verify signed mail. Expects a signed mail message on input and outputs +Verify signed mail. Expects a signed mail message on input and outputs the signed data. Both clear text and opaque signing is supported. =item B<-cmsout> -takes an input message and writes out a PEM encoded CMS structure. +Takes an input message and writes out a PEM encoded CMS structure. =item B<-resign> -resign a message: take an existing message and one or more new signers. +Resign a message: take an existing message and one or more new signers. =item B<-data_create> @@ -202,12 +204,12 @@ to the B<-verify> operation. =item B<-in filename> -the input message to be encrypted or signed or the message to be decrypted +The input message to be encrypted or signed or the message to be decrypted or verified. =item B<-inform SMIME|PEM|DER> -this specifies the input format for the CMS structure. The default +This specifies the input format for the CMS structure. The default is B which reads an S/MIME format message. B and B format change this to expect PEM and DER format CMS structures instead. This currently only affects the input format of the CMS @@ -216,17 +218,17 @@ B<-encrypt> or B<-sign>) this option has no effect. =item B<-rctform SMIME|PEM|DER> -specify the format for a signed receipt for use with the B<-receipt_verify> +Specify the format for a signed receipt for use with the B<-receipt_verify> operation. =item B<-out filename> -the message text that has been decrypted or verified or the output MIME +The message text that has been decrypted or verified or the output MIME format message that has been signed or verified. =item B<-outform SMIME|PEM|DER> -this specifies the output format for the CMS structure. The default +This specifies the output format for the CMS structure. The default is B which writes an S/MIME format message. B and B format change this to write PEM and DER format CMS structures instead. This currently only affects the output format of the CMS @@ -235,7 +237,7 @@ B<-verify> or B<-decrypt>) this option has no effect. =item B<-stream -indef -noindef> -the B<-stream> and B<-indef> options are equivalent and enable streaming I/O +The B<-stream> and B<-indef> options are equivalent and enable streaming I/O for encoding operations. This permits single pass processing of data without the need to hold the entire contents in memory, potentially supporting very large files. Streaming is automatically set for S/MIME signing with detached @@ -244,7 +246,7 @@ other operations. =item B<-noindef> -disable streaming I/O where it would produce and indefinite length constructed +Disable streaming I/O where it would produce and indefinite length constructed encoding. This option currently has no effect. In future streaming will be enabled by default on all relevant operations and this option will disable it. @@ -258,29 +260,29 @@ is S/MIME and it uses the multipart/signed MIME content type. =item B<-text> -this option adds plain text (text/plain) MIME headers to the supplied +This option adds plain text (text/plain) MIME headers to the supplied message if encrypting or signing. If decrypting or verifying it strips off text headers: if the decrypted or verified message is not of MIME type text/plain then an error occurs. =item B<-noout> -for the B<-cmsout> operation do not output the parsed CMS structure. This +For the B<-cmsout> operation do not output the parsed CMS structure. This is useful when combined with the B<-print> option or if the syntax of the CMS structure is being checked. =item B<-print> -for the B<-cmsout> operation print out all fields of the CMS structure. This +For the B<-cmsout> operation print out all fields of the CMS structure. This is mainly useful for testing purposes. =item B<-CAfile file> -a file containing trusted CA certificates, only used with B<-verify>. +A file containing trusted CA certificates, only used with B<-verify>. =item B<-CApath dir> -a directory containing trusted CA certificates, only used with +A directory containing trusted CA certificates, only used with B<-verify>. This directory must be a standard certificate directory: that is a hash of each subject name (using B) should be linked to each certificate. @@ -295,15 +297,15 @@ Do not load the trusted CA certificates from the default directory location =item B<-md digest> -digest algorithm to use when signing or resigning. If not present then the +Digest algorithm to use when signing or resigning. If not present then the default digest algorithm for the signing key will be used (usually SHA1). -=item B<-[cipher]> +=item B<-I> -the encryption algorithm to use. For example triple DES (168 bits) - B<-des3> +The encryption algorithm to use. For example triple DES (168 bits) - B<-des3> or 256 bit AES - B<-aes256>. Any standard algorithm name (as used by the EVP_get_cipherbyname() function) can also be used preceded by a dash, for -example B<-aes-128-cbc>. See L|enc(1)> for a list of ciphers +example B<-aes-128-cbc>. See L for a list of ciphers supported by your version of OpenSSL. If not specified triple DES is used. Only used with B<-encrypt> and @@ -311,48 +313,48 @@ B<-EncryptedData_create> commands. =item B<-nointern> -when verifying a message normally certificates (if any) included in +When verifying a message normally certificates (if any) included in the message are searched for the signing certificate. With this option only the certificates specified in the B<-certfile> option are used. The supplied certificates can still be used as untrusted CAs however. -=item B<-no_signer_cert_verify> +=item B<-noverify> -do not verify the signers certificate of a signed message. +Do not verify the signers certificate of a signed message. =item B<-nocerts> -when signing a message the signer's certificate is normally included +When signing a message the signer's certificate is normally included with this option it is excluded. This will reduce the size of the signed message but the verifier must have a copy of the signers certificate available locally (passed using the B<-certfile> option for example). =item B<-noattr> -normally when a message is signed a set of attributes are included which +Normally when a message is signed a set of attributes are included which include the signing time and supported symmetric algorithms. With this option they are not included. =item B<-nosmimecap> -exclude the list of supported algorithms from signed attributes, other options +Exclude the list of supported algorithms from signed attributes, other options such as signing time and content type are still included. =item B<-binary> -normally the input message is converted to "canonical" format which is +Normally the input message is converted to "canonical" format which is effectively using CR and LF as end of line: as required by the S/MIME specification. When this option is present no translation occurs. This is useful when handling binary data which may not be in MIME format. =item B<-crlfeol> -normally the output file uses a single B as end of line. When this +Normally the output file uses a single B as end of line. When this option is present B is used instead. =item B<-asciicrlf> -when signing use ASCII CRLF format canonicalisation. This strips trailing +When signing use ASCII CRLF format canonicalisation. This strips trailing whitespace from all lines, deletes trailing blank lines at EOF and sets the encapsulated content type. This option is normally used with detached content and an output signature format of DER. This option is not normally @@ -361,31 +363,31 @@ content format is detected. =item B<-nodetach> -when signing a message use opaque signing: this form is more resistant +When signing a message use opaque signing: this form is more resistant to translation by mail relays but it cannot be read by mail agents that do not support S/MIME. Without this option cleartext signing with the MIME type multipart/signed is used. =item B<-certfile file> -allows additional certificates to be specified. When signing these will +Allows additional certificates to be specified. When signing these will be included with the message. When verifying these will be searched for the signers certificates. The certificates should be in PEM format. =item B<-certsout file> -any certificates contained in the message are written to B. +Any certificates contained in the message are written to B. =item B<-signer file> -a signing certificate when signing or resigning a message, this option can be +A signing certificate when signing or resigning a message, this option can be used multiple times if more than one signer is required. If a message is being verified then the signers certificates will be written to this file if the verification was successful. =item B<-recip file> -when decrypting a message this specifies the recipients certificate. The +When decrypting a message this specifies the recipients certificate. The certificate must match one of the recipients of the message or an error occurs. @@ -398,19 +400,19 @@ option. =item B<-keyid> -use subject key identifier to identify certificates instead of issuer name and +Use subject key identifier to identify certificates instead of issuer name and serial number. The supplied certificate B include a subject key identifier extension. Supported by B<-sign> and B<-encrypt> options. -=item B<-receipt_request_all -receipt_request_first> +=item B<-receipt_request_all>, B<-receipt_request_first> -for B<-sign> option include a signed receipt request. Indicate requests should +For B<-sign> option include a signed receipt request. Indicate requests should be provided by all recipient or first tier recipients (those mailed directly and not from a mailing list). Ignored it B<-receipt_request_from> is included. =item B<-receipt_request_from emailaddress> -for B<-sign> option include a signed receipt request. Add an explicit email +For B<-sign> option include a signed receipt request. Add an explicit email address where receipts should be supplied. =item B<-receipt_request_to emailaddress> @@ -425,7 +427,7 @@ requests. =item B<-secretkey key> -specify symmetric key to use. The key must be supplied in hex format and be +Specify symmetric key to use. The key must be supplied in hex format and be consistent with the algorithm used. Supported by the B<-EncryptedData_encrypt> B<-EncryptedData_decrypt>, B<-encrypt> and B<-decrypt> options. When used with B<-encrypt> or B<-decrypt> the supplied key is used to wrap or unwrap the @@ -433,7 +435,7 @@ content encryption key using an AES key in the B type. =item B<-secretkeyid id> -the key identifier for the supplied symmetric key for B type. +The key identifier for the supplied symmetric key for B type. This option B be present if the B<-secretkey> option is used with B<-encrypt>. With B<-decrypt> operations the B is used to locate the relevant key if it is not supplied then an attempt is used to decrypt any @@ -441,13 +443,13 @@ B structures. =item B<-econtent_type type> -set the encapsulated content type to B if not supplied the B type +Set the encapsulated content type to B if not supplied the B type is used. The B argument can be any valid OID name in either text or numerical format. =item B<-inkey file> -the private key to use when signing or decrypting. This must match the +The private key to use when signing or decrypting. This must match the corresponding certificate. If this option is not specified then the private key must be included in the certificate file specified with the B<-recip> or B<-signer> file. When signing this option can be used @@ -455,32 +457,37 @@ multiple times to specify successive keys. =item B<-keyopt name:opt> -for signing and encryption this option can be used multiple times to +For signing and encryption this option can be used multiple times to set customised parameters for the preceding key or certificate. It can currently be used to set RSA-PSS for signing, RSA-OAEP for encryption or to modify default parameters for ECDH. =item B<-passin arg> -the private key password source. For more information about the format of B +The private key password source. For more information about the format of B see the B section in L. -=item B<-rand file(s)> +=item B<-rand file...> -a file or files containing random data used to seed the random number -generator, or an EGD socket (see L). +A file or files containing random data used to seed the random number +generator. Multiple files can be specified separated by an OS-dependent character. The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for all others. +=item [B<-writerand file>] + +Writes random data to the specified I upon exit. +This can be used with a subsequent B<-rand> flag. + =item B -one or more certificates of message recipients: used when encrypting +One or more certificates of message recipients: used when encrypting a message. =item B<-to, -from, -subject> -the relevant mail headers. These are included outside the signed +The relevant mail headers. These are included outside the signed portion of a message so they may be included manually. If signing then many S/MIME mail clients check the signers certificate's email address matches that specified in the From: address. @@ -552,28 +559,28 @@ with caution. For a fuller description see L). =item Z<>0 -the operation was completely successfully. +The operation was completely successfully. =item Z<>1 -an error occurred parsing the command options. +An error occurred parsing the command options. =item Z<>2 -one of the input files could not be read. +One of the input files could not be read. =item Z<>3 -an error occurred creating the CMS file or when reading the MIME +An error occurred creating the CMS file or when reading the MIME message. =item Z<>4 -an error occurred decrypting or verifying the message. +An error occurred decrypting or verifying the message. =item Z<>5 -the message was verified correctly but an error occurred writing out +The message was verified correctly but an error occurred writing out the signers certificates. =back @@ -717,7 +724,7 @@ No revocation checking is done on the signer's certificate. The use of multiple B<-signer> options and the B<-resign> command were first added in OpenSSL 1.0.0. -The B option was first added in OpenSSL 1.0.2 +The B option was first added in OpenSSL 1.0.2. Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.0.2. diff --git a/deps/openssl/openssl/doc/apps/crl.pod b/deps/openssl/openssl/doc/man1/crl.pod similarity index 77% rename from deps/openssl/openssl/doc/apps/crl.pod rename to deps/openssl/openssl/doc/man1/crl.pod index 82c77d60d57b6a..58f2bf62ddf300 100644 --- a/deps/openssl/openssl/doc/apps/crl.pod +++ b/deps/openssl/openssl/doc/man1/crl.pod @@ -43,8 +43,8 @@ the DER form with header and footer lines. =item B<-outform DER|PEM> -This specifies the output format, the options have the same meaning as the -B<-inform> option. +This specifies the output format, the options have the same meaning and default +as the B<-inform> option. =item B<-in filename> @@ -53,52 +53,52 @@ option is not specified. =item B<-out filename> -specifies the output filename to write to or standard output by +Specifies the output filename to write to or standard output by default. =item B<-text> -print out the CRL in text form. +Print out the CRL in text form. =item B<-nameopt option> -option which determines how the subject or issuer names are displayed. See +Option which determines how the subject or issuer names are displayed. See the description of B<-nameopt> in L. =item B<-noout> -don't output the encoded version of the CRL. +Don't output the encoded version of the CRL. =item B<-hash> -output a hash of the issuer name. This can be use to lookup CRLs in +Output a hash of the issuer name. This can be use to lookup CRLs in a directory by issuer name. =item B<-hash_old> -outputs the "hash" of the CRL issuer name using the older algorithm -as used by OpenSSL versions before 1.0.0. +Outputs the "hash" of the CRL issuer name using the older algorithm +as used by OpenSSL before version 1.0.0. =item B<-issuer> -output the issuer name. +Output the issuer name. =item B<-lastupdate> -output the lastUpdate field. +Output the lastUpdate field. =item B<-nextupdate> -output the nextUpdate field. +Output the nextUpdate field. =item B<-CAfile file> -verify the signature on a CRL by looking up the issuing certificate in -B +Verify the signature on a CRL by looking up the issuing certificate in +B. =item B<-CApath dir> -verify the signature on a CRL by looking up the issuing certificate in +Verify the signature on a CRL by looking up the issuing certificate in B

. This directory must be a standard certificate directory: that is a hash of each subject name (using B) should be linked to each certificate. diff --git a/deps/openssl/openssl/doc/apps/crl2pkcs7.pod b/deps/openssl/openssl/doc/man1/crl2pkcs7.pod similarity index 86% rename from deps/openssl/openssl/doc/apps/crl2pkcs7.pod rename to deps/openssl/openssl/doc/man1/crl2pkcs7.pod index 933750ada3ad03..f58a442b5bc9e7 100644 --- a/deps/openssl/openssl/doc/apps/crl2pkcs7.pod +++ b/deps/openssl/openssl/doc/man1/crl2pkcs7.pod @@ -34,13 +34,13 @@ Print out a usage message. This specifies the CRL input format. B format is DER encoded CRL structure.B (the default) is a base64 encoded version of -the DER form with header and footer lines. +the DER form with header and footer lines. The default format is PEM. =item B<-outform DER|PEM> This specifies the PKCS#7 structure output format. B format is DER encoded PKCS#7 structure.B (the default) is a base64 encoded version of -the DER form with header and footer lines. +the DER form with header and footer lines. The default format is PEM. =item B<-in filename> @@ -49,19 +49,19 @@ option is not specified. =item B<-out filename> -specifies the output filename to write the PKCS#7 structure to or standard +Specifies the output filename to write the PKCS#7 structure to or standard output by default. =item B<-certfile filename> -specifies a filename containing one or more certificates in B format. +Specifies a filename containing one or more certificates in B format. All certificates in the file will be added to the PKCS#7 structure. This option can be used more than once to read certificates form multiple files. =item B<-nocrl> -normally a CRL is included in the output file. With this option no CRL is +Normally a CRL is included in the output file. With this option no CRL is included in the output file and a CRL is not read from the input file. =back @@ -96,7 +96,7 @@ L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/apps/dgst.pod b/deps/openssl/openssl/doc/man1/dgst.pod similarity index 92% rename from deps/openssl/openssl/doc/apps/dgst.pod rename to deps/openssl/openssl/doc/man1/dgst.pod index 59919c32f41839..47e163b1700131 100644 --- a/deps/openssl/openssl/doc/apps/dgst.pod +++ b/deps/openssl/openssl/doc/man1/dgst.pod @@ -3,13 +3,13 @@ =head1 NAME openssl-dgst, -dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384, sha512, md4, md5, blake2b, blake2s - message digests +dgst - perform digest operations =head1 SYNOPSIS -B B -[B<-help>] +B [B<-I>] +[B<-help>] [B<-c>] [B<-d>] [B<-hex>] @@ -24,13 +24,12 @@ B B [B<-signature filename>] [B<-hmac key>] [B<-fips-fingerprint>] +[B<-rand file...>] [B<-engine id>] [B<-engine_impl>] [B] -B -[I] -[B<...>] +B I [B<...>] =head1 DESCRIPTION @@ -87,7 +86,9 @@ Filename to output to, or standard output by default. =item B<-sign filename> -Digitally sign the digest using the private key in "filename". +Digitally sign the digest using the private key in "filename". Note this option +does not support Ed25519 or Ed448 private keys. Use the B command +instead for this. =item B<-keyform arg> @@ -150,14 +151,19 @@ for example exactly 32 chars for gost-mac. =back -=item B<-rand file(s)> +=item B<-rand file...> A file or files containing random data used to seed the random number -generator, or an EGD socket (see L). +generator. Multiple files can be specified separated by an OS-dependent character. The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for all others. +=item [B<-writerand file>] + +Writes random data to the specified I upon exit. +This can be used with a subsequent B<-rand> flag. + =item B<-fips-fingerprint> Compute HMAC using a specific key for certain OpenSSL-FIPS operations. @@ -229,7 +235,7 @@ The FIPS-related options were removed in OpenSSL 1.1.0 =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/apps/dhparam.pod b/deps/openssl/openssl/doc/man1/dhparam.pod similarity index 84% rename from deps/openssl/openssl/doc/apps/dhparam.pod rename to deps/openssl/openssl/doc/man1/dhparam.pod index 52fc0df368b683..1b43b3231083fc 100644 --- a/deps/openssl/openssl/doc/apps/dhparam.pod +++ b/deps/openssl/openssl/doc/man1/dhparam.pod @@ -20,7 +20,8 @@ B [B<-C>] [B<-2>] [B<-5>] -[B<-rand> I] +[B<-rand file...>] +[B<-writerand file>] [B<-engine id>] [I] @@ -45,8 +46,8 @@ additional header and footer lines. =item B<-outform DER|PEM> -This specifies the output format, the options have the same meaning as the -B<-inform> option. +This specifies the output format, the options have the same meaning and default +as the B<-inform> option. =item B<-in> I @@ -83,17 +84,22 @@ input file is ignored and parameters are generated instead. If not present but B is present, parameters are generated with the default generator 2. -=item B<-rand> I +=item B<-rand file...> -a file or files containing random data used to seed the random number -generator, or an EGD socket (see L). +A file or files containing random data used to seed the random number +generator. Multiple files can be specified separated by an OS-dependent character. The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for all others. +=item [B<-writerand file>] + +Writes random data to the specified I upon exit. +This can be used with a subsequent B<-rand> flag. + =item I -this option specifies that a parameter set should be generated of size +This option specifies that a parameter set should be generated of size I. It must be the last option. If this option is present then the input file is ignored and parameters are generated instead. If this option is not present but a generator (B<-2> or B<-5>) is @@ -101,20 +107,20 @@ present, parameters are generated with a default length of 2048 bits. =item B<-noout> -this option inhibits the output of the encoded version of the parameters. +This option inhibits the output of the encoded version of the parameters. =item B<-text> -this option prints out the DH parameters in human readable form. +This option prints out the DH parameters in human readable form. =item B<-C> -this option converts the parameters into C code. The parameters can then +This option converts the parameters into C code. The parameters can then be loaded by calling the get_dhNNNN() function. =item B<-engine id> -specifying an engine (by its unique B string) will cause B +Specifying an engine (by its unique B string) will cause B to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. @@ -150,7 +156,7 @@ L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/apps/dsa.pod b/deps/openssl/openssl/doc/man1/dsa.pod similarity index 83% rename from deps/openssl/openssl/doc/apps/dsa.pod rename to deps/openssl/openssl/doc/man1/dsa.pod index 37358044fa915e..fb6cbf122aec7a 100644 --- a/deps/openssl/openssl/doc/apps/dsa.pod +++ b/deps/openssl/openssl/doc/man1/dsa.pod @@ -18,6 +18,9 @@ B B [B<-aes128>] [B<-aes192>] [B<-aes256>] +[B<-aria128>] +[B<-aria192>] +[B<-aria256>] [B<-camellia128>] [B<-camellia192>] [B<-camellia256>] @@ -60,8 +63,8 @@ PKCS#8 format is also accepted. =item B<-outform DER|PEM> -This specifies the output format, the options have the same meaning as the -B<-inform> option. +This specifies the output format, the options have the same meaning and default +as the B<-inform> option. =item B<-in filename> @@ -71,7 +74,7 @@ prompted for. =item B<-passin arg> -the input file password source. For more information about the format of B +The input file password source. For more information about the format of B see the B section in L. =item B<-out filename> @@ -83,10 +86,10 @@ filename. =item B<-passout arg> -the output file password source. For more information about the format of B +The output file password source. For more information about the format of B see the B section in L. -=item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea> +=item B<-aes128>, B<-aes192>, B<-aes256>, B<-aria128>, B<-aria192>, B<-aria256>, B<-camellia128>, B<-camellia192>, B<-camellia256>, B<-des>, B<-des3>, B<-idea> These options encrypt the private key with the specified cipher before outputting it. A pass phrase is prompted for. @@ -98,30 +101,30 @@ These options can only be used with PEM format output files. =item B<-text> -prints out the public, private key components and parameters. +Prints out the public, private key components and parameters. =item B<-noout> -this option prevents output of the encoded version of the key. +This option prevents output of the encoded version of the key. =item B<-modulus> -this option prints out the value of the public key component of the key. +This option prints out the value of the public key component of the key. =item B<-pubin> -by default a private key is read from the input file: with this option a +By default, a private key is read from the input file. With this option a public key is read instead. =item B<-pubout> -by default a private key is output. With this option a public +By default, a private key is output. With this option a public key will be output instead. This option is automatically set if the input is a public key. =item B<-engine id> -specifying an engine (by its unique B string) will cause B +Specifying an engine (by its unique B string) will cause B to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. @@ -169,7 +172,7 @@ L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/apps/dsaparam.pod b/deps/openssl/openssl/doc/man1/dsaparam.pod similarity index 77% rename from deps/openssl/openssl/doc/apps/dsaparam.pod rename to deps/openssl/openssl/doc/man1/dsaparam.pod index 0dfda660ed10db..94ea435cceb846 100644 --- a/deps/openssl/openssl/doc/apps/dsaparam.pod +++ b/deps/openssl/openssl/doc/man1/dsaparam.pod @@ -16,7 +16,8 @@ B [B<-noout>] [B<-text>] [B<-C>] -[B<-rand file(s)>] +[B<-rand file...>] +[B<-writerand file>] [B<-genkey>] [B<-engine id>] [B] @@ -42,8 +43,8 @@ of the B format base64 encoded with additional header and footer lines. =item B<-outform DER|PEM> -This specifies the output format, the options have the same meaning as the -B<-inform> option. +This specifies the output format, the options have the same meaning and default +as the B<-inform> option. =item B<-in filename> @@ -59,39 +60,44 @@ as the input filename. =item B<-noout> -this option inhibits the output of the encoded version of the parameters. +This option inhibits the output of the encoded version of the parameters. =item B<-text> -this option prints out the DSA parameters in human readable form. +This option prints out the DSA parameters in human readable form. =item B<-C> -this option converts the parameters into C code. The parameters can then +This option converts the parameters into C code. The parameters can then be loaded by calling the get_dsaXXX() function. =item B<-genkey> -this option will generate a DSA either using the specified or generated +This option will generate a DSA either using the specified or generated parameters. -=item B<-rand file(s)> +=item B<-rand file...> -a file or files containing random data used to seed the random number -generator, or an EGD socket (see L). +A file or files containing random data used to seed the random number +generator. Multiple files can be specified separated by an OS-dependent character. The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for all others. +=item [B<-writerand file>] + +Writes random data to the specified I upon exit. +This can be used with a subsequent B<-rand> flag. + =item B -this option specifies that a parameter set should be generated of size +This option specifies that a parameter set should be generated of size B. It must be the last option. If this option is included then the input file (if any) is ignored. =item B<-engine id> -specifying an engine (by its unique B string) will cause B +Specifying an engine (by its unique B string) will cause B to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. @@ -115,7 +121,7 @@ L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/apps/ec.pod b/deps/openssl/openssl/doc/man1/ec.pod similarity index 88% rename from deps/openssl/openssl/doc/apps/ec.pod rename to deps/openssl/openssl/doc/man1/ec.pod index c06005d823deda..0b836603cab183 100644 --- a/deps/openssl/openssl/doc/apps/ec.pod +++ b/deps/openssl/openssl/doc/man1/ec.pod @@ -56,8 +56,8 @@ PKCS#8 format is also accepted. =item B<-outform DER|PEM> -This specifies the output format, the options have the same meaning as the -B<-inform> option. +This specifies the output format, the options have the same meaning and default +as the B<-inform> option. =item B<-in filename> @@ -67,7 +67,7 @@ prompted for. =item B<-passin arg> -the input file password source. For more information about the format of B +The input file password source. For more information about the format of B see the B section in L. =item B<-out filename> @@ -79,7 +79,7 @@ filename. =item B<-passout arg> -the output file password source. For more information about the format of B +The output file password source. For more information about the format of B see the B section in L. =item B<-des|-des3|-idea> @@ -95,24 +95,24 @@ These options can only be used with PEM format output files. =item B<-text> -prints out the public, private key components and parameters. +Prints out the public, private key components and parameters. =item B<-noout> -this option prevents output of the encoded version of the key. +This option prevents output of the encoded version of the key. =item B<-modulus> -this option prints out the value of the public key component of the key. +This option prints out the value of the public key component of the key. =item B<-pubin> -by default a private key is read from the input file: with this option a +By default, a private key is read from the input file. With this option a public key is read instead. =item B<-pubout> -by default a private key is output. With this option a public +By default a private key is output. With this option a public key will be output instead. This option is automatically set if the input is a public key. @@ -142,11 +142,11 @@ This option omits the public key components from the private key output. =item B<-check> -this option checks the consistency of an EC private or public key. +This option checks the consistency of an EC private or public key. =item B<-engine id> -specifying an engine (by its unique B string) will cause B +Specifying an engine (by its unique B string) will cause B to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. @@ -197,7 +197,7 @@ L, L, L =head1 COPYRIGHT -Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2003-2017 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/apps/ecparam.pod b/deps/openssl/openssl/doc/man1/ecparam.pod similarity index 92% rename from deps/openssl/openssl/doc/apps/ecparam.pod rename to deps/openssl/openssl/doc/man1/ecparam.pod index 69a2631967995a..0633f8cda4803c 100644 --- a/deps/openssl/openssl/doc/apps/ecparam.pod +++ b/deps/openssl/openssl/doc/man1/ecparam.pod @@ -22,7 +22,8 @@ B [B<-conv_form arg>] [B<-param_enc arg>] [B<-no_seed>] -[B<-rand file(s)>] +[B<-rand file...>] +[B<-writerand file>] [B<-genkey>] [B<-engine id>] @@ -47,8 +48,8 @@ header and footer lines. =item B<-outform DER|PEM> -This specifies the output format, the options have the same meaning as the -B<-inform> option. +This specifies the output format, the options have the same meaning and default +as the B<-inform> option. =item B<-in filename> @@ -117,17 +118,22 @@ is included in the ECParameters structure (see RFC 3279). This option will generate an EC private key using the specified parameters. -=item B<-rand file(s)> +=item B<-rand file...> -a file or files containing random data used to seed the random number -generator, or an EGD socket (see L). +A file or files containing random data used to seed the random number +generator. Multiple files can be specified separated by an OS-dependent character. The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for all others. +=item [B<-writerand file>] + +Writes random data to the specified I upon exit. +This can be used with a subsequent B<-rand> flag. + =item B<-engine id> -specifying an engine (by its unique B string) will cause B +Specifying an engine (by its unique B string) will cause B to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. diff --git a/deps/openssl/openssl/doc/apps/enc.pod b/deps/openssl/openssl/doc/man1/enc.pod similarity index 56% rename from deps/openssl/openssl/doc/apps/enc.pod rename to deps/openssl/openssl/doc/man1/enc.pod index 6338d6c8e06c93..2136a94978499e 100644 --- a/deps/openssl/openssl/doc/apps/enc.pod +++ b/deps/openssl/openssl/doc/man1/enc.pod @@ -7,7 +7,7 @@ enc - symmetric cipher routines =head1 SYNOPSIS -B +B> [B<-help>] [B<-ciphers>] [B<-in filename>] @@ -15,7 +15,8 @@ B [B<-pass arg>] [B<-e>] [B<-d>] -[B<-a/-base64>] +[B<-a>] +[B<-base64>] [B<-A>] [B<-k password>] [B<-kfile filename>] @@ -26,14 +27,20 @@ B [B<-nosalt>] [B<-z>] [B<-md digest>] +[B<-iter count>] +[B<-pbkdf2>] [B<-p>] [B<-P>] [B<-bufsize number>] [B<-nopad>] [B<-debug>] [B<-none>] +[B<-rand file...>] +[B<-writerand file>] [B<-engine id>] +B I<[cipher]> [B<...>] + =head1 DESCRIPTION The symmetric cipher commands allow data to be encrypted or decrypted @@ -55,47 +62,47 @@ List all supported ciphers. =item B<-in filename> -the input filename, standard input by default. +The input filename, standard input by default. =item B<-out filename> -the output filename, standard output by default. +The output filename, standard output by default. =item B<-pass arg> -the password source. For more information about the format of B +The password source. For more information about the format of B see the B section in L. =item B<-e> -encrypt the input data: this is the default. +Encrypt the input data: this is the default. =item B<-d> -decrypt the input data. +Decrypt the input data. =item B<-a> -base64 process the data. This means that if encryption is taking place +Base64 process the data. This means that if encryption is taking place the data is base64 encoded after encryption. If decryption is set then the input data is base64 decoded before being decrypted. =item B<-base64> -same as B<-a> +Same as B<-a> =item B<-A> -if the B<-a> option is set then base64 process the data on one line. +If the B<-a> option is set then base64 process the data on one line. =item B<-k password> -the password to derive the key from. This is for compatibility with previous +The password to derive the key from. This is for compatibility with previous versions of OpenSSL. Superseded by the B<-pass> argument. =item B<-kfile filename> -read the password to derive the key from the first line of B. +Read the password to derive the key from the first line of B. This is for compatibility with previous versions of OpenSSL. Superseded by the B<-pass> argument. @@ -104,57 +111,67 @@ the B<-pass> argument. Use the specified digest to create the key from the passphrase. The default algorithm is sha-256. +=item B<-iter count> + +Use a given number of iterations on the password in deriving the encryption key. +High values increase the time required to brute-force the resulting file. +This option enables the use of PBKDF2 algorithm to derive the key. + +=item B<-pbkdf2> + +Use PBKDF2 algorithm with default iteration count unless otherwise specified. + =item B<-nosalt> -don't use a salt in the key derivation routines. This option B be +Don't use a salt in the key derivation routines. This option B be used except for test purposes or compatibility with ancient versions of OpenSSL. =item B<-salt> -use salt (randomly generated or provide with B<-S> option) when -encrypting (this is the default). +Use salt (randomly generated or provide with B<-S> option) when +encrypting, this is the default. =item B<-S salt> -the actual salt to use: this must be represented as a string of hex digits. +The actual salt to use: this must be represented as a string of hex digits. =item B<-K key> -the actual key to use: this must be represented as a string comprised only +The actual key to use: this must be represented as a string comprised only of hex digits. If only the key is specified, the IV must additionally specified using the B<-iv> option. When both a key and a password are specified, the key given with the B<-K> option will be used and the IV generated from the -password will be taken. It probably does not make much sense to specify -both key and password. +password will be taken. It does not make much sense to specify both key +and password. =item B<-iv IV> -the actual IV to use: this must be represented as a string comprised only +The actual IV to use: this must be represented as a string comprised only of hex digits. When only the key is specified using the B<-K> option, the IV must explicitly be defined. When a password is being specified using one of the other options, the IV is generated from this password. =item B<-p> -print out the key and IV used. +Print out the key and IV used. =item B<-P> -print out the key and IV used then immediately exit: don't do any encryption +Print out the key and IV used then immediately exit: don't do any encryption or decryption. =item B<-bufsize number> -set the buffer size for I/O +Set the buffer size for I/O. =item B<-nopad> -disable standard block padding +Disable standard block padding. =item B<-debug> -debug the BIOs used for I/O. +Debug the BIOs used for I/O. =item B<-z> @@ -166,23 +183,37 @@ or zlib-dynamic option. Use NULL cipher (no encryption or decryption of input). +=item B<-rand file...> + +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for +all others. + +=item [B<-writerand file>] + +Writes random data to the specified I upon exit. +This can be used with a subsequent B<-rand> flag. + =back =head1 NOTES -The program can be called either as B or -B. But the first form doesn't work with +The program can be called either as B or +B. The first form doesn't work with engine-provided ciphers, because this form is processed before the configuration file is read and any ENGINEs loaded. +Use the B command to get a list of supported ciphers. -Engines which provide entirely new encryption algorithms (such as ccgost +Engines which provide entirely new encryption algorithms (such as the ccgost engine which provides gost89 algorithm) should be configured in the -configuration file. Engines, specified in the command line using -engine +configuration file. Engines specified on the command line using -engine options can only be used for hardware-assisted implementations of -ciphers, which are supported by OpenSSL core or other engine, specified +ciphers which are supported by the OpenSSL core or another engine specified in the configuration file. -When enc command lists supported ciphers, ciphers provided by engines, +When the enc command lists supported ciphers, ciphers provided by engines, specified in the configuration files are listed too. A password will be prompted for to derive the key and IV if necessary. @@ -200,12 +231,12 @@ encrypting a file and read from the encrypted file when it is decrypted. Some of the ciphers do not have large keys and others have security implications if not used correctly. A beginner is advised to just use -a strong block cipher in CBC mode such as bf or des3. +a strong block cipher, such as AES, in CBC mode. -All the block ciphers normally use PKCS#5 padding also known as standard block -padding: this allows a rudimentary integrity or password check to be -performed. However since the chance of random data passing the test is -better than 1 in 256 it isn't a very good test. +All the block ciphers normally use PKCS#5 padding, also known as standard +block padding. This allows a rudimentary integrity or password check to +be performed. However since the chance of random data passing the test +is better than 1 in 256 it isn't a very good test. If padding is disabled then the input data must be a multiple of the cipher block length. @@ -219,19 +250,34 @@ Blowfish and RC5 algorithms use a 128 bit key. Note that some of these ciphers can be disabled at compile time and some are available only if an appropriate engine is configured in the configuration file. The output of the B command run with -unsupported options (for example B) includes a +the B<-ciphers> option (that is B) produces a list of ciphers, supported by your version of OpenSSL, including ones provided by configured engines. The B program does not support authenticated encryption modes -like CCM and GCM. The utility does not store or retrieve the -authentication tag. +like CCM and GCM, and will not support such modes in the future. +The B interface by necessity must begin streaming output (e.g., +to standard output when B<-out> is not used) before the authentication +tag could be validated, leading to the usage of B in pipelines +that begin processing untrusted data and are not capable of rolling +back upon authentication failure. The AEAD modes currently in common +use also suffer from catastrophic failure of confidentiality and/or +integrity upon reuse of key/iv/nonce, and since B places the +entire burden of key/iv/nonce management upon the user, the risk of +exposing AEAD modes is too great to allow. These key/iv/nonce +management issues also affect other modes currently exposed in B, +but the failure modes are less extreme in these cases, and the +functionality cannot be removed with a stable release branch. +For bulk encryption of data, whether using authenticated encryption +modes or other modes, L is recommended, as it provides a +standard data format and performs the needed key/iv/nonce management. base64 Base 64 bf-cbc Blowfish in CBC mode bf Alias for bf-cbc + blowfish Alias for bf-cbc bf-cfb Blowfish in CFB mode bf-ecb Blowfish in ECB mode bf-ofb Blowfish in OFB mode @@ -243,9 +289,11 @@ authentication tag. cast5-ecb CAST5 in ECB mode cast5-ofb CAST5 in OFB mode + chacha20 ChaCha20 algorithm + des-cbc DES in CBC mode des Alias for des-cbc - des-cfb DES in CBC mode + des-cfb DES in CFB mode des-ofb DES in OFB mode des-ecb DES in ECB mode @@ -289,14 +337,46 @@ authentication tag. rc5-ecb RC5 cipher in ECB mode rc5-ofb RC5 cipher in OFB mode + seed-cbc SEED cipher in CBC mode + seed Alias for seed-cbc + seed-cfb SEED cipher in CFB mode + seed-ecb SEED cipher in ECB mode + seed-ofb SEED cipher in OFB mode + + sm4-cbc SM4 cipher in CBC mode + sm4 Alias for sm4-cbc + sm4-cfb SM4 cipher in CFB mode + sm4-ctr SM4 cipher in CTR mode + sm4-ecb SM4 cipher in ECB mode + sm4-ofb SM4 cipher in OFB mode + aes-[128|192|256]-cbc 128/192/256 bit AES in CBC mode aes[128|192|256] Alias for aes-[128|192|256]-cbc aes-[128|192|256]-cfb 128/192/256 bit AES in 128 bit CFB mode aes-[128|192|256]-cfb1 128/192/256 bit AES in 1 bit CFB mode aes-[128|192|256]-cfb8 128/192/256 bit AES in 8 bit CFB mode + aes-[128|192|256]-ctr 128/192/256 bit AES in CTR mode aes-[128|192|256]-ecb 128/192/256 bit AES in ECB mode aes-[128|192|256]-ofb 128/192/256 bit AES in OFB mode + aria-[128|192|256]-cbc 128/192/256 bit ARIA in CBC mode + aria[128|192|256] Alias for aria-[128|192|256]-cbc + aria-[128|192|256]-cfb 128/192/256 bit ARIA in 128 bit CFB mode + aria-[128|192|256]-cfb1 128/192/256 bit ARIA in 1 bit CFB mode + aria-[128|192|256]-cfb8 128/192/256 bit ARIA in 8 bit CFB mode + aria-[128|192|256]-ctr 128/192/256 bit ARIA in CTR mode + aria-[128|192|256]-ecb 128/192/256 bit ARIA in ECB mode + aria-[128|192|256]-ofb 128/192/256 bit ARIA in OFB mode + + camellia-[128|192|256]-cbc 128/192/256 bit Camellia in CBC mode + camellia[128|192|256] Alias for camellia-[128|192|256]-cbc + camellia-[128|192|256]-cfb 128/192/256 bit Camellia in 128 bit CFB mode + camellia-[128|192|256]-cfb1 128/192/256 bit Camellia in 1 bit CFB mode + camellia-[128|192|256]-cfb8 128/192/256 bit Camellia in 8 bit CFB mode + camellia-[128|192|256]-ctr 128/192/256 bit Camellia in CTR mode + camellia-[128|192|256]-ecb 128/192/256 bit Camellia in ECB mode + camellia-[128|192|256]-ofb 128/192/256 bit Camellia in OFB mode + =head1 EXAMPLES Just base64 encode a binary file: @@ -307,44 +387,41 @@ Decode the same file openssl base64 -d -in file.b64 -out file.bin -Encrypt a file using triple DES in CBC mode using a prompted password: +Encrypt a file using AES-128 using a prompted password +and PBKDF2 key derivation: - openssl des3 -salt -in file.txt -out file.des3 + openssl enc -aes128 -pbkdf2 -in file.txt -out file.aes128 Decrypt a file using a supplied password: - openssl des3 -d -salt -in file.des3 -out file.txt -k mypassword + openssl enc -aes128 -pbkdf2 -d -in file.aes128 -out file.txt \ + -pass pass: Encrypt a file then base64 encode it (so it can be sent via mail for example) -using Blowfish in CBC mode: - - openssl bf -a -salt -in file.txt -out file.bf +using AES-256 in CTR mode and PBKDF2 key derivation: -Base64 decode a file then decrypt it: + openssl enc -aes-256-ctr -pbkdf2 -a -in file.txt -out file.aes256 - openssl bf -d -salt -a -in file.bf -out file.txt +Base64 decode a file then decrypt it using a password supplied in a file: -Decrypt some data using a supplied 40 bit RC4 key: - - openssl rc4-40 -in file.rc4 -out file.txt -K 0102030405 + openssl enc -aes-256-ctr -pbkdf2 -d -a -in file.aes256 -out file.txt \ + -pass file: =head1 BUGS The B<-A> option when used with large files doesn't work properly. -There should be an option to allow an iteration count to be included. - The B program only supports a fixed number of algorithms with certain parameters. So if, for example, you want to use RC2 with a 76 bit key or RC4 with an 84 bit key you can't use this program. =head1 HISTORY -The default digest was changed from MD5 to SHA256 in Openssl 1.1. +The default digest was changed from MD5 to SHA256 in Openssl 1.1.0. =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/apps/engine.pod b/deps/openssl/openssl/doc/man1/engine.pod similarity index 96% rename from deps/openssl/openssl/doc/apps/engine.pod rename to deps/openssl/openssl/doc/man1/engine.pod index 155cc6290028da..24f1b32cdbfc1c 100644 --- a/deps/openssl/openssl/doc/apps/engine.pod +++ b/deps/openssl/openssl/doc/man1/engine.pod @@ -68,7 +68,7 @@ See the example below. To list all the commands available to a dynamic engine: - % openssl engine -t -tt -vvvv dynamic + $ openssl engine -t -tt -vvvv dynamic (dynamic) Dynamic engine loading support [ unavailable ] SO_PATH: Specifies the path to the new ENGINE shared library @@ -88,7 +88,7 @@ To list all the commands available to a dynamic engine: To list the capabilities of the I engine: - % openssl engine -c + $ openssl engine -c (rsax) RSAX engine support [RSA] (dynamic) Dynamic engine loading support @@ -103,6 +103,10 @@ The path to the engines directory. =back +=head1 SEE ALSO + +L + =head1 COPYRIGHT Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/deps/openssl/openssl/doc/apps/errstr.pod b/deps/openssl/openssl/doc/man1/errstr.pod similarity index 100% rename from deps/openssl/openssl/doc/apps/errstr.pod rename to deps/openssl/openssl/doc/man1/errstr.pod diff --git a/deps/openssl/openssl/doc/apps/gendsa.pod b/deps/openssl/openssl/doc/man1/gendsa.pod similarity index 76% rename from deps/openssl/openssl/doc/apps/gendsa.pod rename to deps/openssl/openssl/doc/man1/gendsa.pod index 36c810a909859c..b2580b4f037869 100644 --- a/deps/openssl/openssl/doc/apps/gendsa.pod +++ b/deps/openssl/openssl/doc/man1/gendsa.pod @@ -13,13 +13,17 @@ B B [B<-aes128>] [B<-aes192>] [B<-aes256>] +[B<-aria128>] +[B<-aria192>] +[B<-aria256>] [B<-camellia128>] [B<-camellia192>] [B<-camellia256>] [B<-des>] [B<-des3>] [B<-idea>] -[B<-rand file(s)>] +[B<-rand file...>] +[B<-writerand file>] [B<-engine id>] [B] @@ -41,23 +45,28 @@ Print out a usage message. Output the key to the specified file. If this argument is not specified then standard output is used. -=item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea> +=item B<-aes128>, B<-aes192>, B<-aes256>, B<-aria128>, B<-aria192>, B<-aria256>, B<-camellia128>, B<-camellia192>, B<-camellia256>, B<-des>, B<-des3>, B<-idea> These options encrypt the private key with specified cipher before outputting it. A pass phrase is prompted for. If none of these options is specified no encryption is used. -=item B<-rand file(s)> +=item B<-rand file...> -a file or files containing random data used to seed the random number -generator, or an EGD socket (see L). +A file or files containing random data used to seed the random number +generator. Multiple files can be specified separated by an OS-dependent character. The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for all others. +=item [B<-writerand file>] + +Writes random data to the specified I upon exit. +This can be used with a subsequent B<-rand> flag. + =item B<-engine id> -specifying an engine (by its unique B string) will cause B +Specifying an engine (by its unique B string) will cause B to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. @@ -82,7 +91,7 @@ L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/apps/genpkey.pod b/deps/openssl/openssl/doc/man1/genpkey.pod similarity index 86% rename from deps/openssl/openssl/doc/apps/genpkey.pod rename to deps/openssl/openssl/doc/man1/genpkey.pod index 91b12e249b3b71..fa62973abdd9ec 100644 --- a/deps/openssl/openssl/doc/apps/genpkey.pod +++ b/deps/openssl/openssl/doc/man1/genpkey.pod @@ -66,7 +66,8 @@ precede any B<-pkeyopt> options. The options B<-paramfile> and B<-algorithm> are mutually exclusive. Engines may add algorithms in addition to the standard built-in ones. -Valid built-in algorithm names for private key generation are RSA and EC. +Valid built-in algorithm names for private key generation are RSA, RSA-PSS, EC, +X25519, X448, ED25519 and ED448. Valid built-in algorithm names for parameter generation (see the B<-genparam> option) are DH, DSA and EC. @@ -108,7 +109,8 @@ parameters along with the PEM or DER structure. The options supported by each algorithm and indeed each implementation of an algorithm can vary. The options for the OpenSSL implementations are detailed -below. +below. There are no key generation options defined for the X25519, X448, ED25519 +or ED448 algorithms. =head2 RSA Key Generation Options @@ -118,6 +120,10 @@ below. The number of bits in the generated key. If not specified 1024 is used. +=item B + +The number of primes in the generated key. If not specified 2 is used. + =item B The RSA public exponent value. This can be a large decimal or @@ -125,6 +131,31 @@ hexadecimal value if preceded by B<0x>. Default value is 65537. =back +=head2 RSA-PSS Key Generation Options + +Note: by default an B key has no parameter restrictions. + +=over 4 + +=item B, B, B + +These options have the same meaning as the B algorithm. + +=item B + +If set the key is restricted and can only use B for signing. + +=item B + +If set the key is restricted and can only use B as it's MGF1 +parameter. + +=item B + +If set the key is restricted and B specifies the minimum salt length. + +=back + =head2 EC Key Generation Options The EC key generation options can also be used for parameter generation. @@ -230,13 +261,13 @@ Encrypt output private key using 128 bit AES and the passphrase "hello": Generate a 2048 bit RSA key using 3 as the public exponent: - openssl genpkey -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:2048 \ - -pkeyopt rsa_keygen_pubexp:3 + openssl genpkey -algorithm RSA -out key.pem \ + -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:3 Generate 2048 bit DSA parameters: openssl genpkey -genparam -algorithm DSA -out dsap.pem \ - -pkeyopt dsa_paramgen_bits:2048 + -pkeyopt dsa_paramgen_bits:2048 Generate DSA key from parameters: @@ -245,13 +276,13 @@ Generate DSA key from parameters: Generate 2048 bit DH parameters: openssl genpkey -genparam -algorithm DH -out dhp.pem \ - -pkeyopt dh_paramgen_prime_len:2048 + -pkeyopt dh_paramgen_prime_len:2048 Generate 2048 bit X9.42 DH parameters: openssl genpkey -genparam -algorithm DH -out dhpx.pem \ - -pkeyopt dh_paramgen_prime_len:2048 \ - -pkeyopt dh_paramgen_type:1 + -pkeyopt dh_paramgen_prime_len:2048 \ + -pkeyopt dh_paramgen_type:1 Output RFC5114 2048 bit DH parameters with 224 bit subgroup: @@ -281,11 +312,16 @@ Generate an X25519 private key: openssl genpkey -algorithm X25519 -out xkey.pem +Generate an ED448 private key: + + openssl genpkey -algorithm ED448 -out xkey.pem + =head1 HISTORY The ability to use NIST curve names, and to generate an EC key directly, were added in OpenSSL 1.0.2. The ability to generate X25519 keys was added in -OpenSSL 1.1.0. +OpenSSL 1.1.0. The ability to generate X448, ED25519 and ED448 keys was added in +OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/deps/openssl/openssl/doc/apps/genrsa.pod b/deps/openssl/openssl/doc/man1/genrsa.pod similarity index 54% rename from deps/openssl/openssl/doc/apps/genrsa.pod rename to deps/openssl/openssl/doc/man1/genrsa.pod index 8be06834f5079f..a9c994ffb18a39 100644 --- a/deps/openssl/openssl/doc/apps/genrsa.pod +++ b/deps/openssl/openssl/doc/man1/genrsa.pod @@ -25,8 +25,10 @@ B B [B<-idea>] [B<-f4>] [B<-3>] -[B<-rand file(s)>] +[B<-rand file...>] +[B<-writerand file>] [B<-engine id>] +[B<-primes num>] [B] =head1 DESCRIPTION @@ -48,10 +50,10 @@ standard output is used. =item B<-passout arg> -the output file password source. For more information about the format of B -see the B section in L. +The output file password source. For more information about the format +of B see the B section in L. -=item B<-aes128|-aes192|-aes256|-aria128|-aria192|-aria256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea> +=item B<-aes128>, B<-aes192>, B<-aes256>, B<-aria128>, B<-aria192>, B<-aria256>, B<-camellia128>, B<-camellia192>, B<-camellia256>, B<-des>, B<-des3>, B<-idea> These options encrypt the private key with specified cipher before outputting it. If none of these options is @@ -60,48 +62,55 @@ for if it is not supplied via the B<-passout> argument. =item B<-F4|-3> -the public exponent to use, either 65537 or 3. The default is 65537. +The public exponent to use, either 65537 or 3. The default is 65537. -=item B<-rand file(s)> +=item B<-rand file...> -a file or files containing random data used to seed the random number -generator, or an EGD socket (see L). +A file or files containing random data used to seed the random number +generator. Multiple files can be specified separated by an OS-dependent character. The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for all others. +=item [B<-writerand file>] + +Writes random data to the specified I upon exit. +This can be used with a subsequent B<-rand> flag. + =item B<-engine id> -specifying an engine (by its unique B string) will cause B +Specifying an engine (by its unique B string) will cause B to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. +=item B<-primes num> + +Specify the number of primes to use while generating the RSA key. The B +parameter must be a positive integer that is greater than 1 and less than 16. +If B is greater than 2, then the generated key is called a 'multi-prime' +RSA key, which is defined in RFC 8017. + =item B -the size of the private key to generate in bits. This must be the last option -specified. The default is 2048. +The size of the private key to generate in bits. This must be the last option +specified. The default is 2048 and values less than 512 are not allowed. =back =head1 NOTES -RSA private key generation essentially involves the generation of two prime -numbers. When generating a private key various symbols will be output to +RSA private key generation essentially involves the generation of two or more +prime numbers. When generating a private key various symbols will be output to indicate the progress of the generation. A B<.> represents each number which has passed an initial sieve test, B<+> means a number has passed a single -round of the Miller-Rabin primality test. A newline means that the number has -passed all the prime tests (the actual number depends on the key size). +round of the Miller-Rabin primality test, B<*> means the current prime starts +a regenerating progress due to some failed tests. A newline means that the number +has passed all the prime tests (the actual number depends on the key size). Because key generation is a random process the time taken to generate a key -may vary somewhat. - -=head1 BUGS - -A quirk of the prime generation algorithm is that it cannot generate small -primes. Therefore the number of bits should not be less that 64. For typical -private keys this will not matter because for security reasons they will -be much larger (typically 1024 bits). +may vary somewhat. But in general, more primes lead to less generation time +of a key. =head1 SEE ALSO @@ -109,7 +118,7 @@ L =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/apps/list.pod b/deps/openssl/openssl/doc/man1/list.pod similarity index 79% rename from deps/openssl/openssl/doc/apps/list.pod rename to deps/openssl/openssl/doc/man1/list.pod index 108876269372d4..bed39b0c7c9379 100644 --- a/deps/openssl/openssl/doc/apps/list.pod +++ b/deps/openssl/openssl/doc/man1/list.pod @@ -9,12 +9,14 @@ list - list algorithms and features B [B<-help>] +[B<-1>] [B<-commands>] [B<-digest-commands>] [B<-digest-algorithms>] [B<-cipher-commands>] [B<-cipher-algorithms>] [B<-public-key-algorithms>] +[B<-public-key-methods>] [B<-disabled>] =head1 DESCRIPTION @@ -28,7 +30,12 @@ features. =item B<-help> -Display out a usage message. +Display a usage message. + +=item B<-1> + +List the commands, digest-commands, or cipher-commands in a single column. +If used, this option must be given first. =item B<-commands> @@ -63,6 +70,11 @@ then B is an alias for the official algorithm name, B. Display a list of public key algorithms, with each algorithm as a block of multiple lines, all but the first are indented. +=item B<-public-key-methods> + +Display a list of public key method OIDs: this also includes public key methods +without an associated ASN.1 method, for example, KDF algorithms. + =item B<-disabled> Display a list of disabled features, those that were compiled out @@ -72,7 +84,7 @@ of the installation. =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/apps/nseq.pod b/deps/openssl/openssl/doc/man1/nseq.pod similarity index 87% rename from deps/openssl/openssl/doc/apps/nseq.pod rename to deps/openssl/openssl/doc/man1/nseq.pod index 6b25e221a4eadd..7d5f009aa21b07 100644 --- a/deps/openssl/openssl/doc/apps/nseq.pod +++ b/deps/openssl/openssl/doc/man1/nseq.pod @@ -35,11 +35,11 @@ option is not specified. =item B<-out filename> -specifies the output filename or standard output by default. +Specifies the output filename or standard output by default. =item B<-toseq> -normally a Netscape certificate sequence will be input and the output +Normally a Netscape certificate sequence will be input and the output is the certificates contained in it. With the B<-toseq> option the situation is reversed: a Netscape certificate sequence is created from a file of certificates. @@ -63,7 +63,7 @@ The B encoded form uses the same headers and footers as a certificate: -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- -A Netscape certificate sequence is a Netscape specific form that can be sent +A Netscape certificate sequence is a Netscape specific format that can be sent to browsers as an alternative to the standard PKCS#7 format when several certificates are sent to the browser: for example during certificate enrollment. It is used by Netscape certificate server for example. @@ -75,7 +75,7 @@ output files and allowing multiple certificate files to be used. =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/apps/ocsp.pod b/deps/openssl/openssl/doc/man1/ocsp.pod similarity index 78% rename from deps/openssl/openssl/doc/apps/ocsp.pod rename to deps/openssl/openssl/doc/man1/ocsp.pod index 5e273cfe47d51e..c9feef8f0e4751 100644 --- a/deps/openssl/openssl/doc/apps/ocsp.pod +++ b/deps/openssl/openssl/doc/man1/ocsp.pod @@ -28,6 +28,7 @@ B B [B<-no_nonce>] [B<-url URL>] [B<-host host:port>] +[B<-multi process-count>] [B<-header>] [B<-path>] [B<-CApath dir>] @@ -75,17 +76,19 @@ B B [B<-no_cert_checks>] [B<-no_explicit>] [B<-port num>] +[B<-ignore_err>] [B<-index file>] [B<-CA file>] [B<-rsigner file>] [B<-rkey file>] [B<-rother file>] +[B<-rsigopt nm:v>] [B<-resp_no_certs>] [B<-nmin n>] [B<-ndays n>] [B<-resp_key_id>] [B<-nrequest n>] -[B<-md5|-sha1|...>] +[B<-I>] =head1 DESCRIPTION @@ -154,25 +157,25 @@ a nonce is automatically added specifying B overrides this. =item B<-req_text>, B<-resp_text>, B<-text> -print out the text form of the OCSP request, response or both respectively. +Print out the text form of the OCSP request, response or both respectively. =item B<-reqout file>, B<-respout file> -write out the DER encoded certificate request or response to B. +Write out the DER encoded certificate request or response to B. =item B<-reqin file>, B<-respin file> -read OCSP request or response file from B. These option are ignored +Read OCSP request or response file from B. These option are ignored if OCSP request or response creation is implied by other options (for example with B, B and B options). =item B<-url responder_url> -specify the responder URL. Both HTTP and HTTPS (SSL/TLS) URLs can be specified. +Specify the responder URL. Both HTTP and HTTPS (SSL/TLS) URLs can be specified. =item B<-host hostname:port>, B<-path pathname> -if the B option is present then the OCSP request is sent to the host +If the B option is present then the OCSP request is sent to the host B on port B. B specifies the HTTP path name to use or "/" by default. This is equivalent to specifying B<-url> with scheme http:// and the given hostname, port, and pathname. @@ -185,11 +188,26 @@ This may be repeated. =item B<-timeout seconds> -connection timeout to the OCSP responder in seconds +Connection timeout to the OCSP responder in seconds. +On POSIX systems, when running as an OCSP responder, this option also limits +the time that the responder is willing to wait for the client request. +This time is measured from the time the responder accepts the connection until +the complete request is received. + +=item B<-multi process-count> + +Run the specified number of OCSP responder child processes, with the parent +process respawning child processes as needed. +Child processes will detect changes in the CA index file and automatically +reload it. +When running as a responder B<-timeout> option is recommended to limit the time +each child is willing to wait for the client's OCSP response. +This option is available on POSIX systems (that support the fork() and other +required unix system-calls). =item B<-CAfile file>, B<-CApath pathname> -file or pathname containing trusted CA certificates. These are used to verify +File or pathname containing trusted CA certificates. These are used to verify the signature on the OCSP response. =item B<-no-CAfile> @@ -213,65 +231,66 @@ See L manual page for details. =item B<-verify_other file> -file containing additional certificates to search when attempting to locate +File containing additional certificates to search when attempting to locate the OCSP response signing certificate. Some responders omit the actual signer's certificate from the response: this option can be used to supply the necessary certificate in such cases. =item B<-trust_other> -the certificates specified by the B<-verify_other> option should be explicitly +The certificates specified by the B<-verify_other> option should be explicitly trusted and no additional checks will be performed on them. This is useful when the complete responder certificate chain is not available or trusting a root CA is not appropriate. =item B<-VAfile file> -file containing explicitly trusted responder certificates. Equivalent to the +File containing explicitly trusted responder certificates. Equivalent to the B<-verify_other> and B<-trust_other> options. =item B<-noverify> -don't attempt to verify the OCSP response signature or the nonce values. This -option will normally only be used for debugging since it disables all verification -of the responders certificate. +Don't attempt to verify the OCSP response signature or the nonce +values. This option will normally only be used for debugging since it +disables all verification of the responders certificate. =item B<-no_intern> -ignore certificates contained in the OCSP response when searching for the +Ignore certificates contained in the OCSP response when searching for the signers certificate. With this option the signers certificate must be specified with either the B<-verify_other> or B<-VAfile> options. =item B<-no_signature_verify> -don't check the signature on the OCSP response. Since this option tolerates invalid -signatures on OCSP responses it will normally only be used for testing purposes. +Don't check the signature on the OCSP response. Since this option +tolerates invalid signatures on OCSP responses it will normally only be +used for testing purposes. =item B<-no_cert_verify> -don't verify the OCSP response signers certificate at all. Since this option allows -the OCSP response to be signed by any certificate it should only be used for -testing purposes. +Don't verify the OCSP response signers certificate at all. Since this +option allows the OCSP response to be signed by any certificate it should +only be used for testing purposes. =item B<-no_chain> -do not use certificates in the response as additional untrusted CA +Do not use certificates in the response as additional untrusted CA certificates. =item B<-no_explicit> -do not explicitly trust the root CA if it is set to be trusted for OCSP signing. +Do not explicitly trust the root CA if it is set to be trusted for OCSP signing. =item B<-no_cert_checks> -don't perform any additional checks on the OCSP response signers certificate. +Don't perform any additional checks on the OCSP response signers certificate. That is do not make any checks to see if the signers certificate is authorised to provide the necessary status information: as a result this option should only be used for testing purposes. =item B<-validity_period nsec>, B<-status_age age> -these options specify the range of times, in seconds, which will be tolerated +These options specify the range of times, in seconds, which will be tolerated in an OCSP response. Each certificate status response includes a B time and an optional B time. The current time should fall between these two values, but the interval between the two times may be only a few @@ -285,9 +304,9 @@ status information is immediately available. In this case the age of the B field is checked to see it is not older than B seconds old. By default this additional check is not performed. -=item B<-[digest]> +=item B<-I> -this option sets digest algorithm to use for certificate identification in the +This option sets digest algorithm to use for certificate identification in the OCSP request. Any digest supported by the OpenSSL B command can be used. The default is SHA-1. This option may be used multiple times to specify the digest used by subsequent certificate identifiers. @@ -300,16 +319,17 @@ digest used by subsequent certificate identifiers. =item B<-index indexfile> -B is a text index file in B format containing certificate revocation -information. +The B parameter is the name of a text index file in B +format containing certificate revocation information. -If the B option is specified the B utility is in responder mode, otherwise -it is in client mode. The request(s) the responder processes can be either specified on -the command line (using B and B options), supplied in a file (using the -B option) or via external OCSP clients (if B or B is specified). +If the B option is specified the B utility is in responder +mode, otherwise it is in client mode. The request(s) the responder +processes can be either specified on the command line (using B +and B options), supplied in a file (using the B option) +or via external OCSP clients (if B or B is specified). -If the B option is present then the B and B options must also be -present. +If the B option is present then the B and B options +must also be present. =item B<-CA file> @@ -329,17 +349,29 @@ Don't include any certificates in the OCSP response. =item B<-resp_key_id> -Identify the signer certificate using the key ID, default is to use the subject name. +Identify the signer certificate using the key ID, default is to use the +subject name. =item B<-rkey file> -The private key to sign OCSP responses with: if not present the file specified in the -B option is used. +The private key to sign OCSP responses with: if not present the file +specified in the B option is used. + +=item B<-rsigopt nm:v> + +Pass options to the signature algorithm when signing OCSP responses. +Names and values of these options are algorithm-specific. =item B<-port portnum> -Port to listen for OCSP requests on. The port may also be specified using the B -option. +Port to listen for OCSP requests on. The port may also be specified +using the B option. + +=item B<-ignore_err> + +Ignore malformed requests or responses: When acting as an OCSP client, retry if +a malformed response is received. When acting as an OCSP responder, continue +running instead of terminating upon receiving a malformed request. =item B<-nrequest number> @@ -347,9 +379,10 @@ The OCSP server will exit after receiving B requests, default unlimited. =item B<-nmin minutes>, B<-ndays days> -Number of minutes or days when fresh revocation information is available: used in the -B field. If neither option is present then the B field -is omitted meaning fresh revocation information is immediately available. +Number of minutes or days when fresh revocation information is available: +used in the B field. If neither option is present then the +B field is omitted meaning fresh revocation information is +immediately available. =back @@ -457,7 +490,7 @@ The -no_alt_chains options was first added to OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/apps/openssl.pod b/deps/openssl/openssl/doc/man1/openssl.pod similarity index 68% rename from deps/openssl/openssl/doc/apps/openssl.pod rename to deps/openssl/openssl/doc/man1/openssl.pod index 6e822a61169fc2..a39cf963d98813 100644 --- a/deps/openssl/openssl/doc/apps/openssl.pod +++ b/deps/openssl/openssl/doc/man1/openssl.pod @@ -40,6 +40,9 @@ The B program provides a rich variety of commands (I in the SYNOPSIS above), each of which often has a wealth of options and arguments (I and I in the SYNOPSIS). +Detailed documentation and use cases for most standard subcommands are available +(e.g., L or L). + Many commands use an external configuration file for some or all of their arguments and have a B<-config> option to specify that file. The environment variable B can be used to specify @@ -77,157 +80,160 @@ B, or BI itself.) =over 4 -=item L|asn1parse(1)> +=item B Parse an ASN.1 sequence. -=item L|ca(1)> +=item B Certificate Authority (CA) Management. -=item L|ciphers(1)> +=item B Cipher Suite Description Determination. -=item L|cms(1)> +=item B CMS (Cryptographic Message Syntax) utility. -=item L|crl(1)> +=item B Certificate Revocation List (CRL) Management. -=item L|crl2pkcs7(1)> +=item B CRL to PKCS#7 Conversion. -=item L|dgst(1)> +=item B Message Digest Calculation. =item B Diffie-Hellman Parameter Management. -Obsoleted by L|dhparam(1)>. +Obsoleted by L. -=item L|dhparam(1)> +=item B Generation and Management of Diffie-Hellman Parameters. Superseded by -L|genpkey(1)> and L|pkeyparam(1)>. +L and L. -=item L|dsa(1)> +=item B DSA Data Management. -=item L|dsaparam(1)> +=item B DSA Parameter Generation and Management. Superseded by -L|genpkey(1)> and L|pkeyparam(1)>. +L and L. -=item L|ec(1)> +=item B EC (Elliptic curve) key processing. -=item L|ecparam(1)> +=item B EC parameter manipulation and generation. -=item L|enc(1)> +=item B Encoding with Ciphers. -=item L|engine(1)> +=item B Engine (loadable module) information and manipulation. -=item L|errstr(1)> +=item B Error Number to Error String Conversion. =item B Generation of Diffie-Hellman Parameters. -Obsoleted by L|dhparam(1)>. +Obsoleted by L. -=item L|gendsa(1)> +=item B Generation of DSA Private Key from Parameters. Superseded by -L|genpkey(1)> and L|pkey(1)>. +L and L. -=item L|genpkey(1)> +=item B Generation of Private Key or Parameters. -=item L|genrsa(1)> +=item B -Generation of RSA Private Key. Superseded by L|genpkey(1)>. +Generation of RSA Private Key. Superseded by L. -=item L|nseq(1)> +=item B Create or examine a Netscape certificate sequence. -=item L|ocsp(1)> +=item B Online Certificate Status Protocol utility. -=item L|passwd(1)> +=item B Generation of hashed passwords. -=item L|pkcs12(1)> +=item B PKCS#12 Data Management. -=item L|pkcs7(1)> +=item B PKCS#7 Data Management. -=item L|pkcs8(1)> +=item B PKCS#8 format private key conversion tool. -=item L|pkey(1)> +=item B Public and private key management. -=item L|pkeyparam(1)> +=item B Public key algorithm parameter management. -=item L|pkeyutl(1)> +=item B Public key algorithm cryptographic operation utility. -=item L|rand(1)> +=item B + +Compute prime numbers. + +=item B Generate pseudo-random bytes. -=item L|rehash(1)> +=item B Create symbolic links to certificate and CRL files named by the hash values. -=item L|req(1)> +=item B PKCS#10 X.509 Certificate Signing Request (CSR) Management. -=item L|rsa(1)> +=item B RSA key management. - -=item L|rsautl(1)> +=item B RSA utility for signing, verification, encryption, and decryption. Superseded -by L|pkeyutl(1)>. +by L. -=item L|s_client(1)> +=item B This implements a generic SSL/TLS client which can establish a transparent connection to a remote server speaking SSL/TLS. It's intended for testing purposes only and provides only rudimentary interface functionality but internally uses mostly all functionality of the OpenSSL B library. -=item L|s_server(1)> +=item B This implements a generic SSL/TLS server which accepts connections from remote clients speaking SSL/TLS. It's intended for testing purposes only and provides @@ -236,39 +242,47 @@ functionality of the OpenSSL B library. It provides both an own command line oriented protocol for testing SSL functions and a simple HTTP response facility to emulate an SSL/TLS-aware webserver. -=item L|s_time(1)> +=item B SSL Connection Timer. -=item L|sess_id(1)> +=item B SSL Session Data Management. -=item L|smime(1)> +=item B S/MIME mail processing. -=item L|speed(1)> +=item B Algorithm Speed Measurement. -=item L|spkac(1)> +=item B SPKAC printing and generating utility. -=item L|ts(1)> +=item B + +Maintain SRP password file. + +=item B + +Utility to list and display certificates, keys, CRLs, etc. + +=item B Time Stamping Authority tool (client/server). -=item L|verify(1)> +=item B X.509 Certificate Verification. -=item L|version(1)> +=item B OpenSSL Version Information. -=item L|x509(1)> +=item B X.509 Certificate Data Management. @@ -278,10 +292,22 @@ X.509 Certificate Data Management. =over 4 +=item B + +BLAKE2b-512 Digest + +=item B + +BLAKE2s-256 Digest + =item B MD2 Digest +=item B + +MD4 Digest + =item B MD5 Digest @@ -294,65 +320,135 @@ MDC2 Digest RMD-160 Digest -=item B - -SHA Digest - =item B SHA-1 Digest =item B -SHA-224 Digest +SHA-2 224 Digest =item B -SHA-256 Digest +SHA-2 256 Digest =item B -SHA-384 Digest +SHA-2 384 Digest =item B -SHA-512 Digest +SHA-2 512 Digest + +=item B + +SHA-3 224 Digest + +=item B + +SHA-3 256 Digest + +=item B + +SHA-3 384 Digest + +=item B + +SHA-3 512 Digest + +=item B + +SHA-3 SHAKE128 Digest + +=item B + +SHA-3 SHAKE256 Digest + +=item B + +SM3 Digest =back =head2 Encoding and Cipher Commands +The following aliases provide convenient access to the most used encodings +and ciphers. + +Depending on how OpenSSL was configured and built, not all ciphers listed +here may be present. See L for more information and command usage. + =over 4 +=item B, B, B, B, B, B + +AES-128 Cipher + +=item B, B, B, B, B, B + +AES-192 Cipher + +=item B, B, B, B, B, B + +AES-256 Cipher + +=item B, B, B, B, B, B + +Aria-128 Cipher + +=item B, B, B, B, B, B + +Aria-192 Cipher + +=item B, B, B, B, B, B + +Aria-256 Cipher + =item B Base64 Encoding -=item B +=item B, B, B, B, B Blowfish Cipher -=item B +=item B, B, B, B, B, B + +Camellia-128 Cipher + +=item B, B, B, B, B, B + +Camellia-192 Cipher + +=item B, B, B, B, B, B + +Camellia-256 Cipher + +=item B, B CAST Cipher -=item B +=item B, B, B, B CAST5 Cipher -=item B +=item B + +Chacha20 Cipher + +=item B, B, B, B, B, B, B, B, B DES Cipher -=item B +=item B, B, B, B, B, B Triple-DES Cipher -=item B +=item B, B, B, B, B IDEA Cipher -=item B +=item B, B, B, B, B RC2 Cipher @@ -360,10 +456,18 @@ RC2 Cipher RC4 Cipher -=item B +=item B, B, B, B, B RC5 Cipher +=item B, B, B, B, B + +SEED Cipher + +=item B, B, B, B, B, B + +SM4 Cipher + =back =head1 OPTIONS @@ -391,6 +495,9 @@ password argument is given and a password is required then the user is prompted to enter one: this will typically be read from the current terminal with echoing turned off. +Note that character encoding may be relevant, please see +L. + =over 4 =item B @@ -434,11 +541,11 @@ L, L, L, L, L, L, L, L, L, L, L, L, -L, L, L, +L, L, L, L, L, L, L, L, L, L, L, L, L, -L, L, L, +L, L, L, L, L, L, L, L, L, L, L, L @@ -451,7 +558,7 @@ manual pages. =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/apps/passwd.pod b/deps/openssl/openssl/doc/man1/passwd.pod similarity index 59% rename from deps/openssl/openssl/doc/apps/passwd.pod rename to deps/openssl/openssl/doc/man1/passwd.pod index 46632014401558..c5760fe76eae87 100644 --- a/deps/openssl/openssl/doc/apps/passwd.pod +++ b/deps/openssl/openssl/doc/man1/passwd.pod @@ -12,12 +12,17 @@ B [B<-crypt>] [B<-1>] [B<-apr1>] +[B<-aixmd5>] +[B<-5>] +[B<-6>] [B<-salt> I] [B<-in> I] [B<-stdin>] [B<-noverify>] [B<-quiet>] [B<-table>] +[B<-rand file...>] +[B<-writerand file>] {I} =head1 DESCRIPTION @@ -27,7 +32,7 @@ run-time or the hash of each password in a list. The password list is taken from the named file for option B<-in file>, from stdin for option B<-stdin>, or from the command line, or from the terminal otherwise. The Unix standard algorithm B and the MD5-based BSD password -algorithm B<1> and its Apache variant B are available. +algorithm B<1>, its Apache variant B, and its AIX variant are available. =head1 OPTIONS @@ -49,6 +54,17 @@ Use the MD5 based BSD password algorithm B<1>. Use the B algorithm (Apache variant of the BSD algorithm). +=item B<-aixmd5> + +Use the B algorithm (AIX variant of the BSD algorithm). + +=item B<-5> + +=item B<-6> + +Use the B / B based algorithms defined by Ulrich Drepper. +See L. + =item B<-salt> I Use the specified salt. @@ -75,19 +91,38 @@ Don't output warnings when passwords given at the command line are truncated. In the output list, prepend the cleartext password and a TAB character to each password hash. +=item B<-rand file...> + +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for +all others. + +=item [B<-writerand file>] + +Writes random data to the specified I upon exit. +This can be used with a subsequent B<-rand> flag. + =back =head1 EXAMPLES -B prints B. + % openssl passwd -crypt -salt xx password + xxj31ZMTZzkVA + + % openssl passwd -1 -salt xxxxxxxx password + $1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a. -B prints B<$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.>. + % openssl passwd -apr1 -salt xxxxxxxx password + $apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0 -B prints B<$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0>. + % openssl passwd -aixmd5 -salt xxxxxxxx password + xxxxxxxx$8Oaipk/GPKhC64w/YVeFD/ =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/apps/pkcs12.pod b/deps/openssl/openssl/doc/man1/pkcs12.pod similarity index 81% rename from deps/openssl/openssl/doc/apps/pkcs12.pod rename to deps/openssl/openssl/doc/man1/pkcs12.pod index 44ee3d4ec4daf3..3389e595fed756 100644 --- a/deps/openssl/openssl/doc/apps/pkcs12.pod +++ b/deps/openssl/openssl/doc/man1/pkcs12.pod @@ -24,7 +24,7 @@ B B [B<-cacerts>] [B<-nokeys>] [B<-info>] -[B<-des | -des3 | -idea | -aes128 | -aes192 | -aes256 | -camellia128 | -camellia192 | -camellia256 | -nodes>] +[B<-des | -des3 | -idea | -aes128 | -aes192 | -aes256 | -aria128 | -aria192 | -aria256 | -camellia128 | -camellia192 | -camellia256 | -nodes>] [B<-noiter>] [B<-maciter | -nomaciter | -nomac>] [B<-twopass>] @@ -37,7 +37,8 @@ B B [B<-password arg>] [B<-passin arg>] [B<-passout arg>] -[B<-rand file(s)>] +[B<-rand file...>] +[B<-writerand file>] [B<-CAfile file>] [B<-CApath dir>] [B<-no-CAfile>] @@ -76,13 +77,13 @@ default. They are all written in PEM format. =item B<-passin arg> -the PKCS#12 file (i.e. input file) password source. For more information about +The PKCS#12 file (i.e. input file) password source. For more information about the format of B see the B section in L. =item B<-passout arg> -pass phrase source to encrypt any outputted private keys with. For more +Pass phrase source to encrypt any outputted private keys with. For more information about the format of B see the B section in L. @@ -93,61 +94,65 @@ Otherwise, -password is equivalent to -passin. =item B<-noout> -this option inhibits output of the keys and certificates to the output file +This option inhibits output of the keys and certificates to the output file version of the PKCS#12 file. =item B<-clcerts> -only output client certificates (not CA certificates). +Only output client certificates (not CA certificates). =item B<-cacerts> -only output CA certificates (not client certificates). +Only output CA certificates (not client certificates). =item B<-nocerts> -no certificates at all will be output. +No certificates at all will be output. =item B<-nokeys> -no private keys will be output. +No private keys will be output. =item B<-info> -output additional information about the PKCS#12 file structure, algorithms used and -iteration counts. +Output additional information about the PKCS#12 file structure, algorithms +used and iteration counts. =item B<-des> -use DES to encrypt private keys before outputting. +Use DES to encrypt private keys before outputting. =item B<-des3> -use triple DES to encrypt private keys before outputting, this is the default. +Use triple DES to encrypt private keys before outputting, this is the default. =item B<-idea> -use IDEA to encrypt private keys before outputting. +Use IDEA to encrypt private keys before outputting. =item B<-aes128>, B<-aes192>, B<-aes256> -use AES to encrypt private keys before outputting. +Use AES to encrypt private keys before outputting. + +=item B<-aria128>, B<-aria192>, B<-aria256> + +Use ARIA to encrypt private keys before outputting. =item B<-camellia128>, B<-camellia192>, B<-camellia256> -use Camellia to encrypt private keys before outputting. +Use Camellia to encrypt private keys before outputting. =item B<-nodes> -don't encrypt the private keys at all. +Don't encrypt the private keys at all. =item B<-nomacver> -don't attempt to verify the integrity MAC before reading the file. +Don't attempt to verify the integrity MAC before reading the file. =item B<-twopass> -prompt for separate integrity and encryption passwords: most software +Prompt for separate integrity and encryption passwords: most software always assumes these are the same so this option will render such PKCS#12 files unreadable. @@ -176,7 +181,7 @@ certificates are present they will also be included in the PKCS#12 file. =item B<-inkey file_or_id> -file to read private key from. If not present then a private key must be present +File to read private key from. If not present then a private key must be present in the input file. If no engine is used, the argument is taken as a file; if an engine is specified, the argument is given to the engine as a key identifier. @@ -199,31 +204,31 @@ displays them. =item B<-pass arg>, B<-passout arg> -the PKCS#12 file (i.e. output file) password source. For more information about +The PKCS#12 file (i.e. output file) password source. For more information about the format of B see the B section in L. =item B<-passin password> -pass phrase source to decrypt any input private keys with. For more information +Pass phrase source to decrypt any input private keys with. For more information about the format of B see the B section in L. =item B<-chain> -if this option is present then an attempt is made to include the entire +If this option is present then an attempt is made to include the entire certificate chain of the user certificate. The standard CA store is used for this search. If the search fails it is considered a fatal error. =item B<-descert> -encrypt the certificate using triple DES, this may render the PKCS#12 +Encrypt the certificate using triple DES, this may render the PKCS#12 file unreadable by some "export grade" software. By default the private key is encrypted using triple DES and the certificate using 40 bit RC2. =item B<-keypbe alg>, B<-certpbe alg> -these options allow the algorithm used to encrypt the private key and +These options allow the algorithm used to encrypt the private key and certificates to be selected. Any PKCS#5 v1.5 or PKCS#12 PBE algorithm name can be used (see B section for more information). If a cipher name (as output by the B command is specified then it @@ -232,7 +237,7 @@ use PKCS#12 algorithms. =item B<-keyex|-keysig> -specifies that the private key is to be used for key exchange or just signing. +Specifies that the private key is to be used for key exchange or just signing. This option is only interpreted by MSIE and similar MS software. Normally "export grade" software will only allow 512 bit RSA keys to be used for encryption purposes but arbitrary length keys for signing. The B<-keysig> @@ -243,11 +248,11 @@ the use of signing only keys for SSL client authentication. =item B<-macalg digest> -specify the MAC digest algorithm. If not included them SHA1 will be used. +Specify the MAC digest algorithm. If not included them SHA1 will be used. =item B<-nomaciter>, B<-noiter> -these options affect the iteration counts on the MAC and key algorithms. +These options affect the iteration counts on the MAC and key algorithms. Unless you wish to produce files compatible with MSIE 4.0 you should leave these options alone. @@ -270,16 +275,21 @@ to be needed to use MAC iterations counts but they are now used by default. =item B<-nomac> -don't attempt to provide the MAC integrity. +Don't attempt to provide the MAC integrity. -=item B<-rand file(s)> +=item B<-rand file...> -a file or files containing random data used to seed the random number -generator, or an EGD socket (see L). +A file or files containing random data used to seed the random number +generator. Multiple files can be specified separated by an OS-dependent character. The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for all others. +=item [B<-writerand file>] + +Writes random data to the specified I upon exit. +This can be used with a subsequent B<-rand> flag. + =item B<-CAfile file> CA storage as a file. @@ -292,15 +302,15 @@ linked to each certificate. =item B<-no-CAfile> -Do not load the trusted CA certificates from the default file location +Do not load the trusted CA certificates from the default file location. =item B<-no-CApath> -Do not load the trusted CA certificates from the default directory location +Do not load the trusted CA certificates from the default directory location. =item B<-CSP name> -write B as a Microsoft CSP name. +Write B as a Microsoft CSP name. =back @@ -371,7 +381,7 @@ L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/apps/pkcs7.pod b/deps/openssl/openssl/doc/man1/pkcs7.pod similarity index 83% rename from deps/openssl/openssl/doc/apps/pkcs7.pod rename to deps/openssl/openssl/doc/man1/pkcs7.pod index 340b72daa58c25..cf445b3dcd37c8 100644 --- a/deps/openssl/openssl/doc/apps/pkcs7.pod +++ b/deps/openssl/openssl/doc/man1/pkcs7.pod @@ -38,8 +38,8 @@ the DER form with header and footer lines. =item B<-outform DER|PEM> -This specifies the output format, the options have the same meaning as the -B<-inform> option. +This specifies the output format, the options have the same meaning and default +as the B<-inform> option. =item B<-in filename> @@ -48,27 +48,27 @@ option is not specified. =item B<-out filename> -specifies the output filename to write to or standard output by +Specifies the output filename to write to or standard output by default. =item B<-print_certs> -prints out any certificates or CRLs contained in the file. They are +Prints out any certificates or CRLs contained in the file. They are preceded by their subject and issuer names in one line format. =item B<-text> -prints out certificates details in full rather than just subject and +Prints out certificates details in full rather than just subject and issuer names. =item B<-noout> -don't output the encoded version of the PKCS#7 structure (or certificates +Don't output the encoded version of the PKCS#7 structure (or certificates is B<-print_certs> is set). =item B<-engine id> -specifying an engine (by its unique B string) will cause B +Specifying an engine (by its unique B string) will cause B to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. @@ -110,7 +110,7 @@ L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/apps/pkcs8.pod b/deps/openssl/openssl/doc/man1/pkcs8.pod similarity index 88% rename from deps/openssl/openssl/doc/apps/pkcs8.pod rename to deps/openssl/openssl/doc/man1/pkcs8.pod index 402e7b2b59f3aa..9c923b87c93997 100644 --- a/deps/openssl/openssl/doc/apps/pkcs8.pod +++ b/deps/openssl/openssl/doc/man1/pkcs8.pod @@ -18,6 +18,8 @@ B B [B<-passout arg>] [B<-iter count>] [B<-noiter>] +[B<-rand file...>] +[B<-writerand file>] [B<-nocrypt>] [B<-traditional>] [B<-v2 alg>] @@ -51,11 +53,13 @@ reversed: it reads a private key and writes a PKCS#8 format key. =item B<-inform DER|PEM> -This specifies the input format: see L for more details. +This specifies the input format: see L for more details. The default +format is PEM. =item B<-outform DER|PEM> -This specifies the output format: see L for more details. +This specifies the output format: see L for more details. The default +format is PEM. =item B<-traditional> @@ -70,7 +74,7 @@ prompted for. =item B<-passin arg> -the input file password source. For more information about the format of B +The input file password source. For more information about the format of B see the B section in L. =item B<-out filename> @@ -82,7 +86,7 @@ filename. =item B<-passout arg> -the output file password source. For more information about the format of B +The output file password source. For more information about the format of B see the B section in L. =item B<-iter count> @@ -100,6 +104,19 @@ This option does not encrypt private keys at all and should only be used when absolutely necessary. Certain software such as some versions of Java code signing software used unencrypted private keys. +=item B<-rand file...> + +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for +all others. + +=item [B<-writerand file>] + +Writes random data to the specified I upon exit. +This can be used with a subsequent B<-rand> flag. + =item B<-v2 alg> This option sets the PKCS#5 v2.0 algorithm. @@ -125,21 +142,21 @@ If not specified PKCS#5 v2.0 form is used. =item B<-engine id> -specifying an engine (by its unique B string) will cause B +Specifying an engine (by its unique B string) will cause B to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. =item B<-scrypt> -uses the B algorithm for private key encryption using default +Uses the B algorithm for private key encryption using default parameters: currently N=16384, r=8 and p=1 and AES in CBC mode with a 256 bit key. These parameters can be modified using the B<-scrypt_N>, B<-scrypt_r>, B<-scrypt_p> and B<-v2> options. -B<-scrypt_N N> B<-scrypt_r r> B<-scrypt_p p> +=item B<-scrypt_N N> B<-scrypt_r r> B<-scrypt_p p> -sets the scrypt B, B or B

parameters. +Sets the scrypt B, B or B

parameters. =back @@ -206,14 +223,14 @@ below. These algorithms were included in the original PKCS#5 v1.5 specification. They only offer 56 bits of protection since they both use DES. -=item B +=item B, B, B, B These algorithms are not mentioned in the original PKCS#5 v1.5 specification but they use the same key derivation algorithm and are supported by some software. They are mentioned in PKCS#5 v2.0. They use either 64 bit RC2 or 56 bit DES. -=item B +=item B, B, B, B, B, B These algorithms use the PKCS#12 password based encryption algorithm and allow strong encryption algorithms like triple DES or 128 bit RC2 to be used. @@ -292,7 +309,7 @@ The B<-iter> option was added to OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/apps/pkey.pod b/deps/openssl/openssl/doc/man1/pkey.pod similarity index 75% rename from deps/openssl/openssl/doc/apps/pkey.pod rename to deps/openssl/openssl/doc/man1/pkey.pod index ef2e4633672599..9569fe0e412d2e 100644 --- a/deps/openssl/openssl/doc/apps/pkey.pod +++ b/deps/openssl/openssl/doc/man1/pkey.pod @@ -16,13 +16,15 @@ B B [B<-out filename>] [B<-passout arg>] [B<-traditional>] -[B<-cipher>] +[B<-I>] [B<-text>] [B<-text_pub>] [B<-noout>] [B<-pubin>] [B<-pubout>] [B<-engine id>] +[B<-check>] +[B<-pubcheck>] =head1 DESCRIPTION @@ -39,12 +41,12 @@ Print out a usage message. =item B<-inform DER|PEM> -This specifies the input format DER or PEM. +This specifies the input format DER or PEM. The default format is PEM. =item B<-outform DER|PEM> -This specifies the output format, the options have the same meaning as the -B<-inform> option. +This specifies the output format, the options have the same meaning and default +as the B<-inform> option. =item B<-in filename> @@ -54,7 +56,7 @@ prompted for. =item B<-passin arg> -the input file password source. For more information about the format of B +The input file password source. For more information about the format of B see the B section in L. =item B<-out filename> @@ -66,51 +68,61 @@ filename. =item B<-passout password> -the output file password source. For more information about the format of B +The output file password source. For more information about the format of B see the B section in L. =item B<-traditional> -normally a private key is written using standard format: this is PKCS#8 form +Normally a private key is written using standard format: this is PKCS#8 form with the appropriate encryption algorithm (if any). If the B<-traditional> option is specified then the older "traditional" format is used instead. -=item B<-cipher> +=item B<-I> These options encrypt the private key with the supplied cipher. Any algorithm name accepted by EVP_get_cipherbyname() is acceptable such as B. =item B<-text> -prints out the various public or private key components in +Prints out the various public or private key components in plain text in addition to the encoded version. =item B<-text_pub> -print out only public key components even if a private key is being processed. +Print out only public key components even if a private key is being processed. =item B<-noout> -do not output the encoded version of the key. +Do not output the encoded version of the key. =item B<-pubin> -by default a private key is read from the input file: with this +By default a private key is read from the input file: with this option a public key is read instead. =item B<-pubout> -by default a private key is output: with this option a public +By default a private key is output: with this option a public key will be output instead. This option is automatically set if the input is a public key. =item B<-engine id> -specifying an engine (by its unique B string) will cause B +Specifying an engine (by its unique B string) will cause B to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. +=item B<-check> + +This option checks the consistency of a key pair for both public and private +components. + +=item B<-pubcheck> + +This option checks the correctness of either a public key or the public component +of a key pair. + =back =head1 EXAMPLES @@ -146,7 +158,7 @@ L, L, L =head1 COPYRIGHT -Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/apps/pkeyparam.pod b/deps/openssl/openssl/doc/man1/pkeyparam.pod similarity index 76% rename from deps/openssl/openssl/doc/apps/pkeyparam.pod rename to deps/openssl/openssl/doc/man1/pkeyparam.pod index 309e2495e35d36..50949657c818d6 100644 --- a/deps/openssl/openssl/doc/apps/pkeyparam.pod +++ b/deps/openssl/openssl/doc/man1/pkeyparam.pod @@ -14,11 +14,12 @@ B B [B<-text>] [B<-noout>] [B<-engine id>] +[B<-check>] =head1 DESCRIPTION -The B command processes public or private keys. They can be converted -between various forms and their components printed out. +The B command processes public key algorithm parameters. +They can be checked for correctness and their components printed out. =head1 OPTIONS @@ -40,19 +41,23 @@ this option is not specified. =item B<-text> -prints out the parameters in plain text in addition to the encoded version. +Prints out the parameters in plain text in addition to the encoded version. =item B<-noout> -do not output the encoded version of the parameters. +Do not output the encoded version of the parameters. =item B<-engine id> -specifying an engine (by its unique B string) will cause B +Specifying an engine (by its unique B string) will cause B to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. +=item B<-check> + +This option checks the correctness of parameters. + =back =head1 EXAMPLE @@ -73,7 +78,7 @@ L, L, L =head1 COPYRIGHT -Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/apps/pkeyutl.pod b/deps/openssl/openssl/doc/man1/pkeyutl.pod similarity index 58% rename from deps/openssl/openssl/doc/apps/pkeyutl.pod rename to deps/openssl/openssl/doc/man1/pkeyutl.pod index e72486defc6208..664dbef3598b13 100644 --- a/deps/openssl/openssl/doc/apps/pkeyutl.pod +++ b/deps/openssl/openssl/doc/man1/pkeyutl.pod @@ -31,13 +31,15 @@ B B [B<-pkeyopt opt:value>] [B<-hexdump>] [B<-asn1parse>] +[B<-rand file...>] +[B<-writerand file>] [B<-engine id>] [B<-engine_impl>] =head1 DESCRIPTION -The B command can be used to perform public key operations using -any supported algorithm. +The B command can be used to perform low level public key operations +using any supported algorithm. =head1 OPTIONS @@ -54,7 +56,7 @@ if this option is not specified. =item B<-out filename> -specifies the output filename to write to or standard output by +Specifies the output filename to write to or standard output by default. =item B<-sigfile file> @@ -63,64 +65,63 @@ Signature file, required for B operations only =item B<-inkey file> -the input key file, by default it should be a private key. +The input key file, by default it should be a private key. =item B<-keyform PEM|DER|ENGINE> -the key format PEM, DER or ENGINE. Default is PEM. +The key format PEM, DER or ENGINE. Default is PEM. =item B<-passin arg> -the input key password source. For more information about the format of B +The input key password source. For more information about the format of B see the B section in L. - =item B<-peerkey file> -the peer key file, used by key derivation (agreement) operations. +The peer key file, used by key derivation (agreement) operations. =item B<-peerform PEM|DER|ENGINE> -the peer key format PEM, DER or ENGINE. Default is PEM. +The peer key format PEM, DER or ENGINE. Default is PEM. =item B<-pubin> -the input file is a public key. +The input file is a public key. =item B<-certin> -the input is a certificate containing a public key. +The input is a certificate containing a public key. =item B<-rev> -reverse the order of the input buffer. This is useful for some libraries +Reverse the order of the input buffer. This is useful for some libraries (such as CryptoAPI) which represent the buffer in little endian format. =item B<-sign> -sign the input data and output the signed result. This requires -a private key. +Sign the input data (which must be a hash) and output the signed result. This +requires a private key. =item B<-verify> -verify the input data against the signature file and indicate if the -verification succeeded or failed. +Verify the input data (which must be a hash) against the signature file and +indicate if the verification succeeded or failed. =item B<-verifyrecover> -verify the input data and output the recovered data. +Verify the input data (which must be a hash) and output the recovered data. =item B<-encrypt> -encrypt the input data using a public key. +Encrypt the input data using a public key. =item B<-decrypt> -decrypt the input data using a private key. +Decrypt the input data using a private key. =item B<-derive> -derive a shared secret using the peer key. +Derive a shared secret using the peer key. =item B<-kdf algorithm> @@ -145,12 +146,25 @@ hex dump the output data. =item B<-asn1parse> -asn1parse the output data, this is useful when combined with the +Parse the ASN.1 output data, this is useful when combined with the B<-verifyrecover> option when an ASN1 structure is signed. +=item B<-rand file...> + +A file or files containing random data used to seed the random number +generator. +Multiple files can be specified separated by an OS-dependent character. +The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for +all others. + +=item [B<-writerand file>] + +Writes random data to the specified I upon exit. +This can be used with a subsequent B<-rand> flag. + =item B<-engine id> -specifying an engine (by its unique B string) will cause B +Specifying an engine (by its unique B string) will cause B to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. @@ -170,20 +184,25 @@ and its implementation. The OpenSSL operations and options are indicated below. Unless otherwise mentioned all algorithms support the B option which specifies the digest in use for sign, verify and verifyrecover operations. The value B should represent a digest name as used in the -EVP_get_digestbyname() function for example B. -This value is used only for sanity-checking the lengths of data passed in to -the B and for creating the structures that make up the signature -(e.g. B in RSASSA PKCS#1 v1.5 signatures). -In case of RSA, ECDSA and DSA signatures, this utility -will not perform hashing on input data but rather use the data directly as -input of signature algorithm. Depending on key type, signature type and mode -of padding, the maximum acceptable lengths of input data differ. In general, -with RSA the signed data can't be longer than the key modulus, in case of ECDSA -and DSA the data shouldn't be longer than field size, otherwise it will be -silently truncated to field size. - -In other words, if the value of digest is B the input should be 20 bytes -long binary encoding of SHA-1 hash function output. +EVP_get_digestbyname() function for example B. This value is not used to +hash the input data. It is used (by some algorithms) for sanity-checking the +lengths of data passed in to the B and for creating the structures that +make up the signature (e.g. B in RSASSA PKCS#1 v1.5 signatures). + +This utility does not hash the input data but rather it will use the data +directly as input to the signature algorithm. Depending on the key type, +signature type, and mode of padding, the maximum acceptable lengths of input +data differ. The signed data can't be longer than the key modulus with RSA. In +case of ECDSA and DSA the data shouldn't be longer than the field +size, otherwise it will be silently truncated to the field size. In any event +the input size must not be larger than the largest supported digest size. + +In other words, if the value of digest is B the input should be the 20 +bytes long binary encoding of the SHA-1 hash function output. + +The Ed25519 and Ed448 signature algorithms are not supported by this utility. +They accept non-hashed input, but this utility can only be used to sign hashed +input. =head1 RSA ALGORITHM @@ -216,11 +235,37 @@ specified. =item B -For B mode only this option specifies the salt length. Two special values -are supported: -1 sets the salt length to the digest length. When signing -2 -sets the salt length to the maximum permissible value. When verifying -2 causes -the salt length to be automatically determined based on the B block -structure. +For B mode only this option specifies the salt length. Three special +values are supported: "digest" sets the salt length to the digest length, +"max" sets the salt length to the maximum permissible value. When verifying +"auto" causes the salt length to be automatically determined based on the +B block structure. + +=item B + +For PSS and OAEP padding sets the MGF1 digest. If the MGF1 digest is not +explicitly set in PSS mode then the signing digest is used. + +=back + +=head1 RSA-PSS ALGORITHM + +The RSA-PSS algorithm is a restricted version of the RSA algorithm which only +supports the sign and verify operations with PSS padding. The following +additional B values are supported: + +=over 4 + +=item B, B, B + +These have the same meaning as the B algorithm with some additional +restrictions. The padding mode can only be set to B which is the +default value. + +If the key has parameter restrictions than the digest, MGF1 +digest and salt length are set to the values specified in the parameters. +The digest and MG cannot be changed and the salt length cannot be set to a +value less than the minimum restriction. =back @@ -242,10 +287,10 @@ verify operations use ECDSA and derive uses ECDH. Currently there are no additional options other than B. Only the SHA1 digest can be used and this digest is assumed by default. -=head1 X25519 ALGORITHM +=head1 X25519 and X448 ALGORITHMS -The X25519 algorithm supports key derivation only. Currently there are no -additional options. +The X25519 and X448 algorithms support key derivation only. Currently there are +no additional options. =head1 EXAMPLES @@ -283,7 +328,7 @@ L, L =head1 COPYRIGHT -Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man1/prime.pod b/deps/openssl/openssl/doc/man1/prime.pod new file mode 100644 index 00000000000000..1d25954af19f0e --- /dev/null +++ b/deps/openssl/openssl/doc/man1/prime.pod @@ -0,0 +1,68 @@ +=pod + +=head1 NAME + +openssl-prime, +prime - compute prime numbers + +=head1 SYNOPSIS + +B +[B<-help>] +[B<-hex>] +[B<-generate>] +[B<-bits>] +[B<-safe>] +[B<-checks>] +[I] + +=head1 DESCRIPTION + +The B command checks if the specified numbers are prime. + +If no numbers are given on the command line, the B<-generate> flag should +be used to generate primes according to the requirements specified by the +rest of the flags. + +=head1 OPTIONS + +=over 4 + +=item [B<-help>] + +Display an option summary. + +=item [B<-hex>] + +Generate hex output. + +=item [B<-generate>] + +Generate a prime number. + +=item [B<-bits num>] + +Generate a prime with B bits. + +=item [B<-safe>] + +When used with B<-generate>, generates a "safe" prime. If the number +generated is B, then check that B<(n-1)/2> is also prime. + +=item [B<-checks num>] + +Perform the checks B times to see that the generated number +is prime. The default is 20. + +=back + +=head1 COPYRIGHT + +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/apps/rand.pod b/deps/openssl/openssl/doc/man1/rand.pod similarity index 81% rename from deps/openssl/openssl/doc/apps/rand.pod rename to deps/openssl/openssl/doc/man1/rand.pod index 4cdb37051835ba..5dd9e8e0a56a70 100644 --- a/deps/openssl/openssl/doc/apps/rand.pod +++ b/deps/openssl/openssl/doc/man1/rand.pod @@ -10,7 +10,8 @@ rand - generate pseudo-random bytes B [B<-help>] [B<-out> I] -[B<-rand> I] +[B<-rand file...>] +[B<-writerand file>] [B<-base64>] [B<-hex>] I @@ -32,18 +33,23 @@ seeding was obtained from these sources. Print out a usage message. -=item B<-out> I +=item B<-out file> Write to I instead of standard output. -=item B<-rand> I +=item B<-rand file...> -Use specified file or files or EGD socket (see L) -for seeding the random number generator. +A file or files containing random data used to seed the random number +generator. Multiple files can be specified separated by an OS-dependent character. The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for all others. +=item [B<-writerand file>] + +Writes random data to the specified I upon exit. +This can be used with a subsequent B<-rand> flag. + =item B<-base64> Perform base64 encoding on the output. diff --git a/deps/openssl/openssl/doc/apps/rehash.pod b/deps/openssl/openssl/doc/man1/rehash.pod similarity index 100% rename from deps/openssl/openssl/doc/apps/rehash.pod rename to deps/openssl/openssl/doc/man1/rehash.pod diff --git a/deps/openssl/openssl/doc/apps/req.pod b/deps/openssl/openssl/doc/man1/req.pod similarity index 82% rename from deps/openssl/openssl/doc/apps/req.pod rename to deps/openssl/openssl/doc/man1/req.pod index 291b1dac83d387..c76d63d6fd81a2 100644 --- a/deps/openssl/openssl/doc/apps/req.pod +++ b/deps/openssl/openssl/doc/man1/req.pod @@ -21,7 +21,8 @@ B B [B<-verify>] [B<-modulus>] [B<-new>] -[B<-rand file(s)>] +[B<-rand file...>] +[B<-writerand file>] [B<-newkey rsa:bits>] [B<-newkey alg:file>] [B<-nodes>] @@ -29,15 +30,17 @@ B B [B<-keyform PEM|DER>] [B<-keyout filename>] [B<-keygen_engine id>] -[B<-[digest]>] +[B<-I>] [B<-config filename>] [B<-multivalue-rdn>] [B<-x509>] [B<-days n>] [B<-set_serial n>] [B<-newhdr>] +[B<-addext ext>] [B<-extensions section>] [B<-reqexts section>] +[B<-precert>] [B<-utf8>] [B<-nameopt>] [B<-reqopt>] @@ -70,8 +73,8 @@ footer lines. =item B<-outform DER|PEM> -This specifies the output format, the options have the same meaning as the -B<-inform> option. +This specifies the output format, the options have the same meaning and default +as the B<-inform> option. =item B<-in filename> @@ -81,7 +84,7 @@ options (B<-new> and B<-newkey>) are not specified. =item B<-passin arg> -the input file password source. For more information about the format of B +The input file password source. For more information about the format of B see the B section in L. =item B<-out filename> @@ -91,38 +94,38 @@ default. =item B<-passout arg> -the output file password source. For more information about the format of B +The output file password source. For more information about the format of B see the B section in L. =item B<-text> -prints out the certificate request in text form. +Prints out the certificate request in text form. =item B<-subject> -prints out the request subject (or certificate subject if B<-x509> is +Prints out the request subject (or certificate subject if B<-x509> is specified) =item B<-pubkey> -outputs the public key. +Outputs the public key. =item B<-noout> -this option prevents output of the encoded version of the request. +This option prevents output of the encoded version of the request. =item B<-modulus> -this option prints out the value of the modulus of the public key +This option prints out the value of the modulus of the public key contained in the request. =item B<-verify> -verifies the signature on the request. +Verifies the signature on the request. =item B<-new> -this option generates a new certificate request. It will prompt +This option generates a new certificate request. It will prompt the user for the relevant field values. The actual fields prompted for and their maximum and minimum sizes are specified in the configuration file and any requested extensions. @@ -130,17 +133,22 @@ in the configuration file and any requested extensions. If the B<-key> option is not used it will generate a new RSA private key using information specified in the configuration file. -=item B<-rand file(s)> +=item B<-rand file...> -a file or files containing random data used to seed the random number -generator, or an EGD socket (see L). +A file or files containing random data used to seed the random number +generator. Multiple files can be specified separated by an OS-dependent character. The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for all others. +=item [B<-writerand file>] + +Writes random data to the specified I upon exit. +This can be used with a subsequent B<-rand> flag. + =item B<-newkey arg> -this option creates a new certificate request and a new private +This option creates a new certificate request and a new private key. The argument takes one of several forms. B, where B is the number of bits, generates an RSA key B in size. If B is omitted, i.e. B<-newkey rsa> specified, @@ -166,7 +174,7 @@ specified by B<-pkeyopt paramset:X> =item B<-pkeyopt opt:value> -set the public key algorithm option B to B. The precise set of +Set the public key algorithm option B to B. The precise set of options supported depends on the public key algorithm used and its implementation. See B in the B manual page for more details. @@ -178,40 +186,40 @@ accepts PKCS#8 format private keys for PEM format files. =item B<-keyform PEM|DER> -the format of the private key file specified in the B<-key> +The format of the private key file specified in the B<-key> argument. PEM is the default. =item B<-keyout filename> -this gives the filename to write the newly created private key to. +This gives the filename to write the newly created private key to. If this option is not specified then the filename present in the configuration file is used. =item B<-nodes> -if this option is specified then if a private key is created it +If this option is specified then if a private key is created it will not be encrypted. -=item B<-[digest]> +=item B<-I> -this specifies the message digest to sign the request. +This specifies the message digest to sign the request. Any digest supported by the OpenSSL B command can be used. This overrides the digest algorithm specified in the configuration file. Some public key algorithms may override this choice. For instance, DSA signatures always use SHA1, GOST R 34.10 signatures always use -GOST R 34.11-94 (B<-md_gost94>). +GOST R 34.11-94 (B<-md_gost94>), Ed25519 and Ed448 never use any digest. =item B<-config filename> -this allows an alternative configuration file to be specified. +This allows an alternative configuration file to be specified. Optional; for a description of the default value, see L. =item B<-subj arg> -sets subject name for new request or supersedes the subject name +Sets subject name for new request or supersedes the subject name when processing a request. The arg must be formatted as I. Keyword characters may be escaped by \ (backslash), and whitespace is retained. @@ -220,7 +228,7 @@ in the request. =item B<-multivalue-rdn> -this option causes the -subj argument to be interpreted with full +This option causes the -subj argument to be interpreted with full support for multivalued RDNs. Example: I @@ -229,7 +237,7 @@ If -multi-rdn is not used then the UID value is I<123456+CN=John Doe>. =item B<-x509> -this option outputs a self signed certificate instead of a certificate +This option outputs a self signed certificate instead of a certificate request. This is typically used to generate a test certificate or a self signed root CA. The extensions added to the certificate (if any) are specified in the configuration file. Unless specified @@ -241,41 +249,60 @@ to the self signed certificate otherwise new request is created. =item B<-days n> -when the B<-x509> option is being used this specifies the number of -days to certify the certificate for. The default is 30 days. +When the B<-x509> option is being used this specifies the number of +days to certify the certificate for, otherwise it is ignored. B should +be a positive integer. The default is 30 days. =item B<-set_serial n> -serial number to use when outputting a self signed certificate. This +Serial number to use when outputting a self signed certificate. This may be specified as a decimal value or a hex value if preceded by B<0x>. +=item B<-addext ext> + +Add a specific extension to the certificate (if the B<-x509> option is +present) or certificate request. The argument must have the form of +a key=value pair as it would appear in a config file. + +This option can be given multiple times. + =item B<-extensions section> =item B<-reqexts section> -these options specify alternative sections to include certificate +These options specify alternative sections to include certificate extensions (if the B<-x509> option is present) or certificate request extensions. This allows several different sections to be used in the same configuration file to specify requests for a variety of purposes. +=item B<-precert> + +A poison extension will be added to the certificate, making it a +"pre-certificate" (see RFC6962). This can be submitted to Certificate +Transparency logs in order to obtain signed certificate timestamps (SCTs). +These SCTs can then be embedded into the pre-certificate as an extension, before +removing the poison and signing the certificate. + +This implies the B<-new> flag. + =item B<-utf8> -this option causes field values to be interpreted as UTF8 strings, by +This option causes field values to be interpreted as UTF8 strings, by default they are interpreted as ASCII. This means that the field values, whether prompted from a terminal or obtained from a configuration file, must be valid UTF8 strings. =item B<-nameopt option> -option which determines how the subject or issuer names are displayed. The +Option which determines how the subject or issuer names are displayed. The B

-send some plain text down the underlying TCP connection: this should +Send some plain text down the underlying TCP connection: this should cause the client to disconnect due to a protocol violation. =item B -print out some session cache status information. +Print out some session cache status information. + +=item B + +Send a heartbeat message to the client (DTLS only) + +=item B + +Send a key update message to the client (TLSv1.3 only) + +=item B + +Send a key update message to the client and request one back (TLSv1.3 only) + +=item B + +Send a certificate request to the client (TLSv1.3 only) =back @@ -597,16 +814,21 @@ unknown cipher suites a client says it supports. =head1 SEE ALSO -L, -L, L, L +L, L, L, L +L, +L, +L =head1 HISTORY -The -no_alt_chains options was first added to OpenSSL 1.1.0. +The -no_alt_chains option was first added to OpenSSL 1.1.0. + +The -allow-no-dhe-kex and -prioritize_chacha options were first added to +OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/apps/s_time.pod b/deps/openssl/openssl/doc/man1/s_time.pod similarity index 77% rename from deps/openssl/openssl/doc/apps/s_time.pod rename to deps/openssl/openssl/doc/man1/s_time.pod index d44dd9353b8b13..c08e44a431be38 100644 --- a/deps/openssl/openssl/doc/apps/s_time.pod +++ b/deps/openssl/openssl/doc/man1/s_time.pod @@ -14,17 +14,18 @@ B B [B<-cert filename>] [B<-key filename>] [B<-CApath directory>] -[B<-CAfile filename>] +[B<-cafile filename>] [B<-no-CAfile>] [B<-no-CApath>] [B<-reuse>] [B<-new>] [B<-verify depth>] -[B<-nbio>] +[B<-nameopt option>] [B<-time seconds>] [B<-ssl3>] [B<-bugs>] [B<-cipher cipherlist>] +[B<-ciphersuites val>] =head1 DESCRIPTION @@ -71,6 +72,13 @@ Currently the verify operation continues after errors so all the problems with a certificate chain can be seen. As a side effect the connection will never fail due to a server certificate verify failure. +=item B<-nameopt option> + +Option which determines how the subject or issuer names are displayed. The +B

and B are likely enough to be valid. This is a lightweight check, if a more thorough check is needed, use @@ -99,32 +111,37 @@ The parameter B is invalid. =back +DH_check_ex(), DH_check_params() and DH_check_pub_key_ex() are similar to +DH_check() and DH_check_params() respectively, but the error reasons are added +to the thread's error queue instead of provided as return values from the +function. + =head1 RETURN VALUES DH_generate_parameters_ex(), DH_check() and DH_check_params() return 1 if the check could be performed, 0 otherwise. -DH_generate_parameters() (deprecated) returns a pointer to the DH structure, or -NULL if the parameter generation fails. - -The error codes can be obtained by L. +DH_generate_parameters() returns a pointer to the DH structure or NULL if +the parameter generation fails. -=head1 NOTES +DH_check_ex(), DH_check_params() and DH_check_pub_key_ex() return 1 if the +check is successful, 0 for failed. -DH_generate_parameters_ex() and DH_generate_parameters() may run for several -hours before finding a suitable prime. - -The parameters generated by DH_generate_parameters_ex() and DH_generate_parameters() -are not to be used in signature schemes. +The error codes can be obtained by L. =head1 SEE ALSO L, L, L, L +=head1 HISTORY + +DH_generate_parameters() was deprecated in OpenSSL 0.9.8; use +DH_generate_parameters_ex() instead. + =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/DH_get0_pqg.pod b/deps/openssl/openssl/doc/man3/DH_get0_pqg.pod similarity index 77% rename from deps/openssl/openssl/doc/crypto/DH_get0_pqg.pod rename to deps/openssl/openssl/doc/man3/DH_get0_pqg.pod index 3809813531c2bf..e878fa00514962 100644 --- a/deps/openssl/openssl/doc/crypto/DH_get0_pqg.pod +++ b/deps/openssl/openssl/doc/man3/DH_get0_pqg.pod @@ -2,9 +2,11 @@ =head1 NAME -DH_get0_pqg, DH_set0_pqg, DH_get0_key, DH_set0_key, DH_clear_flags, -DH_test_flags, DH_set_flags, DH_get0_engine, DH_get_length, -DH_set_length - Routines for getting and setting data in a DH object +DH_get0_pqg, DH_set0_pqg, DH_get0_key, DH_set0_key, +DH_get0_p, DH_get0_q, DH_get0_g, +DH_get0_priv_key, DH_get0_pub_key, +DH_clear_flags, DH_test_flags, DH_set_flags, DH_get0_engine, +DH_get_length, DH_set_length - Routines for getting and setting data in a DH object =head1 SYNOPSIS @@ -16,6 +18,11 @@ DH_set_length - Routines for getting and setting data in a DH object void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key); int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); + const BIGNUM *DH_get0_p(const DH *dh); + const BIGNUM *DH_get0_q(const DH *dh); + const BIGNUM *DH_get0_g(const DH *dh); + const BIGNUM *DH_get0_priv_key(const DH *dh); + const BIGNUM *DH_get0_pub_key(const DH *dh); void DH_clear_flags(DH *dh, int flags); int DH_test_flags(const DH *dh, int flags); void DH_set_flags(DH *dh, int flags); @@ -34,6 +41,8 @@ If the parameters have not yet been set then B<*p>, B<*q> and B<*g> will be set to NULL. Otherwise they are set to pointers to their respective values. These point directly to the internal representations of the values and therefore should not be freed directly. +Any of the out parameters B

, B, and B can be NULL, in which case no +value will be returned for that parameter. The B

, B and B values can be set by calling DH_set0_pqg() and passing the new values for B

, B and B as parameters to the function. Calling @@ -47,6 +56,8 @@ private key will be stored in B<*priv_key>. Either may be NULL if they have not been set yet, although if the private key has been set then the public key must be. The values point to the internal representation of the public key and private key values. This memory should not be freed directly. +Any of the out parameters B and B can be NULL, in which case +no value will be returned for that parameter. The public and private key values can be set using DH_set0_key(). Either parameter may be NULL, which means the corresponding DH field is left @@ -54,6 +65,10 @@ untouched. As with DH_set0_pqg() this function transfers the memory management of the key values to the DH object, and therefore they should not be freed directly after this function has been called. +Any of the values B

, B, B, B, and B can also be +retrieved separately by the corresponding function DH_get0_p(), DH_get0_q(), +DH_get0_g(), DH_get0_priv_key(), and DH_get0_pub_key(), respectively. + DH_set_flags() sets the flags in the B parameter on the DH object. Multiple flags can be passed in one go (bitwise ORed together). Any flags that are already set are left set. DH_test_flags() tests to see whether the flags @@ -81,6 +96,9 @@ duplicate. The same applies to DH_get0_pqg() and DH_set0_pqg(). DH_set0_pqg() and DH_set0_key() return 1 on success or 0 on failure. +DH_get0_p(), DH_get0_q(), DH_get0_g(), DH_get0_priv_key(), and DH_get0_pub_key() +return the respective value, or NULL if it is unset. + DH_test_flags() returns the current state of the flags in the DH object. DH_get0_engine() returns the ENGINE set for the DH object or NULL if no ENGINE @@ -91,7 +109,7 @@ or zero if no such length has been explicitly set. =head1 SEE ALSO -L, L, L, L, +L, L, L, L, L, L, L =head1 HISTORY @@ -100,7 +118,7 @@ The functions described here were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/DH_get_1024_160.pod b/deps/openssl/openssl/doc/man3/DH_get_1024_160.pod similarity index 100% rename from deps/openssl/openssl/doc/crypto/DH_get_1024_160.pod rename to deps/openssl/openssl/doc/man3/DH_get_1024_160.pod diff --git a/deps/openssl/openssl/doc/crypto/DH_meth_new.pod b/deps/openssl/openssl/doc/man3/DH_meth_new.pod similarity index 89% rename from deps/openssl/openssl/doc/crypto/DH_meth_new.pod rename to deps/openssl/openssl/doc/man3/DH_meth_new.pod index ef0a80b195105b..63aa6513403a1e 100644 --- a/deps/openssl/openssl/doc/crypto/DH_meth_new.pod +++ b/deps/openssl/openssl/doc/man3/DH_meth_new.pod @@ -15,40 +15,51 @@ DH_meth_set_generate_params - Routines to build up DH methods #include DH_METHOD *DH_meth_new(const char *name, int flags); + void DH_meth_free(DH_METHOD *dhm); + DH_METHOD *DH_meth_dup(const DH_METHOD *dhm); + const char *DH_meth_get0_name(const DH_METHOD *dhm); int DH_meth_set1_name(DH_METHOD *dhm, const char *name); + int DH_meth_get_flags(const DH_METHOD *dhm); int DH_meth_set_flags(DH_METHOD *dhm, int flags); + void *DH_meth_get0_app_data(const DH_METHOD *dhm); int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data); - int (*DH_meth_get_generate_key(const DH_METHOD *dhm)) (DH *); - int DH_meth_set_generate_key(DH_METHOD *dhm, int (*generate_key) (DH *)); + + int (*DH_meth_get_generate_key(const DH_METHOD *dhm))(DH *); + int DH_meth_set_generate_key(DH_METHOD *dhm, int (*generate_key)(DH *)); + int (*DH_meth_get_compute_key(const DH_METHOD *dhm)) - (unsigned char *key, const BIGNUM *pub_key, DH *dh); + (unsigned char *key, const BIGNUM *pub_key, DH *dh); int DH_meth_set_compute_key(DH_METHOD *dhm, - int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh)); + int (*compute_key)(unsigned char *key, const BIGNUM *pub_key, DH *dh)); + int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm)) (const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); int DH_meth_set_bn_mod_exp(DH_METHOD *dhm, - int (*bn_mod_exp) (const DH *dh, BIGNUM *r, const BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx)); + int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a, + const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *m_ctx)); + int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *); int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *)); - int (*DH_meth_get_finish(const DH_METHOD *dhm)) (DH *); - int DH_meth_set_finish(DH_METHOD *dhm, int (*finish) (DH *)); + + int (*DH_meth_get_finish(const DH_METHOD *dhm))(DH *); + int DH_meth_set_finish(DH_METHOD *dhm, int (*finish)(DH *)); + int (*DH_meth_get_generate_params(const DH_METHOD *dhm)) - (DH *, int, int, BN_GENCB *); + (DH *, int, int, BN_GENCB *); int DH_meth_set_generate_params(DH_METHOD *dhm, - int (*generate_params) (DH *, int, int, BN_GENCB *)); + int (*generate_params)(DH *, int, int, BN_GENCB *)); =head1 DESCRIPTION The B type is a structure used for the provision of custom DH -implementations. It provides a set of of functions used by OpenSSL for the +implementations. It provides a set of functions used by OpenSSL for the implementation of the various DH capabilities. DH_meth_new() creates a new B structure. It should be given a @@ -137,7 +148,7 @@ DH_meth_set1_name() and all DH_meth_set_*() functions return 1 on success or =head1 SEE ALSO -L, L, L, L, +L, L, L, L, L, L, L =head1 HISTORY diff --git a/deps/openssl/openssl/doc/crypto/DH_new.pod b/deps/openssl/openssl/doc/man3/DH_new.pod similarity index 96% rename from deps/openssl/openssl/doc/crypto/DH_new.pod rename to deps/openssl/openssl/doc/man3/DH_new.pod index 959a470ec4ae1c..7e60c9a569c1b0 100644 --- a/deps/openssl/openssl/doc/crypto/DH_new.pod +++ b/deps/openssl/openssl/doc/man3/DH_new.pod @@ -30,7 +30,7 @@ DH_free() returns no value. =head1 SEE ALSO -L, L, +L, L, L, L diff --git a/deps/openssl/openssl/doc/man3/DH_new_by_nid.pod b/deps/openssl/openssl/doc/man3/DH_new_by_nid.pod new file mode 100644 index 00000000000000..73636c5d1e9ba9 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/DH_new_by_nid.pod @@ -0,0 +1,39 @@ +=pod + +=head1 NAME + +DH_new_by_nid, DH_get_nid - get or find DH named parameters + +=head1 SYNOPSIS + + #include + DH *DH_new_by_nid(int nid); + int *DH_get_nid(const DH *dh); + +=head1 DESCRIPTION + +DH_new_by_nid() creates and returns a DH structure containing named parameters +B. Currently B must be B, B, +B, B or B. + +DH_get_nid() determines if the parameters contained in B match +any named set. It returns the NID corresponding to the matching parameters or +B if there is no match. + +=head1 RETURN VALUES + +DH_new_by_nid() returns a set of DH parameters or B if an error occurred. + +DH_get_nid() returns the NID of the matching set of parameters or +B if there is no match. + +=head1 COPYRIGHT + +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/crypto/DH_set_method.pod b/deps/openssl/openssl/doc/man3/DH_set_method.pod similarity index 98% rename from deps/openssl/openssl/doc/crypto/DH_set_method.pod rename to deps/openssl/openssl/doc/man3/DH_set_method.pod index 21006086742eb4..ea45961f150014 100644 --- a/deps/openssl/openssl/doc/crypto/DH_set_method.pod +++ b/deps/openssl/openssl/doc/man3/DH_set_method.pod @@ -74,7 +74,7 @@ returns a pointer to the newly allocated structure. =head1 SEE ALSO -L, L, L +L, L, L =head1 COPYRIGHT diff --git a/deps/openssl/openssl/doc/crypto/DH_size.pod b/deps/openssl/openssl/doc/man3/DH_size.pod similarity index 51% rename from deps/openssl/openssl/doc/crypto/DH_size.pod rename to deps/openssl/openssl/doc/man3/DH_size.pod index 8c1d151fcf5ecd..3b65d7ea6d6b23 100644 --- a/deps/openssl/openssl/doc/crypto/DH_size.pod +++ b/deps/openssl/openssl/doc/man3/DH_size.pod @@ -2,33 +2,43 @@ =head1 NAME -DH_size, DH_bits - get Diffie-Hellman prime size +DH_size, DH_bits, DH_security_bits - get Diffie-Hellman prime size and +security bits =head1 SYNOPSIS -#include + #include -int DH_size(const DH *dh); + int DH_size(const DH *dh); -int DH_bits(const DH *dh); + int DH_bits(const DH *dh); + + int DH_security_bits(const DH *dh); =head1 DESCRIPTION DH_size() returns the Diffie-Hellman prime size in bytes. It can be used to determine how much memory must be allocated for the shared secret -computed by DH_compute_key(). +computed by L. DH_bits() returns the number of significant bits. B and Bp> must not be B. -=head1 RETURN VALUE +DH_security_bits() returns the number of security bits of the given B +key. See L. + +=head1 RETURN VALUES + +DH_size() returns the prime size of Diffie-Hellman in bytes. + +DH_bits() returns the number of bits in the key. -The size. +DH_security_bits() returns the number of security bits. =head1 SEE ALSO -L, L, +L, L, L =head1 HISTORY @@ -37,7 +47,7 @@ DH_bits() was added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/DSA_SIG_new.pod b/deps/openssl/openssl/doc/man3/DSA_SIG_new.pod similarity index 97% rename from deps/openssl/openssl/doc/crypto/DSA_SIG_new.pod rename to deps/openssl/openssl/doc/man3/DSA_SIG_new.pod index 7503460a195909..92c7bfdf505ed4 100644 --- a/deps/openssl/openssl/doc/crypto/DSA_SIG_new.pod +++ b/deps/openssl/openssl/doc/man3/DSA_SIG_new.pod @@ -43,7 +43,7 @@ DSA_SIG_set0() returns 1 on success or 0 on failure. =head1 SEE ALSO -L, L, +L, L, L =head1 COPYRIGHT diff --git a/deps/openssl/openssl/doc/crypto/DSA_do_sign.pod b/deps/openssl/openssl/doc/man3/DSA_do_sign.pod similarity index 93% rename from deps/openssl/openssl/doc/crypto/DSA_do_sign.pod rename to deps/openssl/openssl/doc/man3/DSA_do_sign.pod index 5e56d209441fea..a0dd8bb2f60df9 100644 --- a/deps/openssl/openssl/doc/crypto/DSA_do_sign.pod +++ b/deps/openssl/openssl/doc/man3/DSA_do_sign.pod @@ -11,7 +11,7 @@ DSA_do_sign, DSA_do_verify - raw DSA signature operations DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); int DSA_do_verify(const unsigned char *dgst, int dgst_len, - DSA_SIG *sig, DSA *dsa); + DSA_SIG *sig, DSA *dsa); =head1 DESCRIPTION @@ -36,7 +36,7 @@ L. =head1 SEE ALSO -L, L, L, +L, L, L, L, L diff --git a/deps/openssl/openssl/doc/crypto/DSA_dup_DH.pod b/deps/openssl/openssl/doc/man3/DSA_dup_DH.pod similarity index 82% rename from deps/openssl/openssl/doc/crypto/DSA_dup_DH.pod rename to deps/openssl/openssl/doc/man3/DSA_dup_DH.pod index 6967ef3dcf302e..09cbf4b3a9cca7 100644 --- a/deps/openssl/openssl/doc/crypto/DSA_dup_DH.pod +++ b/deps/openssl/openssl/doc/man3/DSA_dup_DH.pod @@ -8,7 +8,7 @@ DSA_dup_DH - create a DH structure out of DSA structure #include - DH * DSA_dup_DH(const DSA *r); + DH *DSA_dup_DH(const DSA *r); =head1 DESCRIPTION @@ -16,7 +16,7 @@ DSA_dup_DH() duplicates DSA parameters/keys as DH parameters/keys. q is lost during that conversion, but the resulting DH parameters contain its length. -=head1 RETURN VALUE +=head1 RETURN VALUES DSA_dup_DH() returns the new B structure, and NULL on error. The error codes can be obtained by L. @@ -27,11 +27,11 @@ Be careful to avoid small subgroup attacks when using this. =head1 SEE ALSO -L, L, L +L, L, L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/DSA_generate_key.pod b/deps/openssl/openssl/doc/man3/DSA_generate_key.pod similarity index 81% rename from deps/openssl/openssl/doc/crypto/DSA_generate_key.pod rename to deps/openssl/openssl/doc/man3/DSA_generate_key.pod index 4781abed7a9b46..9ff75533525559 100644 --- a/deps/openssl/openssl/doc/crypto/DSA_generate_key.pod +++ b/deps/openssl/openssl/doc/man3/DSA_generate_key.pod @@ -17,19 +17,19 @@ a new key pair and stores it in Bpub_key> and Bpriv_key>. The PRNG must be seeded prior to calling DSA_generate_key(). -=head1 RETURN VALUE +=head1 RETURN VALUES DSA_generate_key() returns 1 on success, 0 otherwise. The error codes can be obtained by L. =head1 SEE ALSO -L, L, L, -L +L, L, L, +L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/DSA_generate_parameters.pod b/deps/openssl/openssl/doc/man3/DSA_generate_parameters.pod similarity index 78% rename from deps/openssl/openssl/doc/crypto/DSA_generate_parameters.pod rename to deps/openssl/openssl/doc/man3/DSA_generate_parameters.pod index fc051495f630fc..970f6a6b08afe9 100644 --- a/deps/openssl/openssl/doc/crypto/DSA_generate_parameters.pod +++ b/deps/openssl/openssl/doc/man3/DSA_generate_parameters.pod @@ -9,15 +9,16 @@ DSA_generate_parameters_ex, DSA_generate_parameters - generate DSA parameters #include int DSA_generate_parameters_ex(DSA *dsa, int bits, - const unsigned char *seed, int seed_len, - int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); + const unsigned char *seed, int seed_len, + int *counter_ret, unsigned long *h_ret, + BN_GENCB *cb); Deprecated: #if OPENSSL_API_COMPAT < 0x00908000L - DSA *DSA_generate_parameters(int bits, unsigned char *seed, - int seed_len, int *counter_ret, unsigned long *h_ret, - void (*callback)(int, int, void *), void *cb_arg); + DSA *DSA_generate_parameters(int bits, unsigned char *seed, int seed_len, + int *counter_ret, unsigned long *h_ret, + void (*callback)(int, int, void *), void *cb_arg); #endif =head1 DESCRIPTION @@ -42,6 +43,10 @@ called as shown below. For information on the BN_GENCB structure and the BN_GENCB_call function discussed below, refer to L. +DSA_generate_prime() is similar to DSA_generate_prime_ex() but +expects an old-style callback function; see +L for information on the old-style callback. + =over 2 =item * @@ -87,32 +92,31 @@ When the generator has been found, B is called. =back -DSA_generate_parameters() (deprecated) works in much the same way as for DSA_generate_parameters_ex, except that no B parameter is passed and -instead a newly allocated B structure is returned. Additionally "old -style" callbacks are used instead of the newer BN_GENCB based approach. -Refer to L for further information. - -=head1 RETURN VALUE +=head1 RETURN VALUES DSA_generate_parameters_ex() returns a 1 on success, or 0 otherwise. +The error codes can be obtained by L. -DSA_generate_parameters() returns a pointer to the DSA structure, or +DSA_generate_parameters() returns a pointer to the DSA structure or B if the parameter generation fails. -The error codes can be obtained by L. - =head1 BUGS -Seed lengths E 20 are not supported. +Seed lengths greater than 20 are not supported. =head1 SEE ALSO L, L, L, L, L +=head1 HISTORY + +DSA_generate_parameters() was deprecated in OpenSSL 0.9.8; use +DSA_generate_parameters_ex() instead. + =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/DSA_get0_pqg.pod b/deps/openssl/openssl/doc/man3/DSA_get0_pqg.pod similarity index 83% rename from deps/openssl/openssl/doc/crypto/DSA_get0_pqg.pod rename to deps/openssl/openssl/doc/man3/DSA_get0_pqg.pod index 6c1c09a56e6570..793c9bc563575d 100644 --- a/deps/openssl/openssl/doc/crypto/DSA_get0_pqg.pod +++ b/deps/openssl/openssl/doc/man3/DSA_get0_pqg.pod @@ -2,8 +2,11 @@ =head1 NAME -DSA_get0_pqg, DSA_set0_pqg, DSA_get0_key, DSA_set0_key, DSA_clear_flags, -DSA_test_flags, DSA_set_flags, DSA_get0_engine - Routines for getting and +DSA_get0_pqg, DSA_set0_pqg, DSA_get0_key, DSA_set0_key, +DSA_get0_p, DSA_get0_q, DSA_get0_g, +DSA_get0_pub_key, DSA_get0_priv_key, +DSA_clear_flags, DSA_test_flags, DSA_set_flags, +DSA_get0_engine - Routines for getting and setting data in a DSA object =head1 SYNOPSIS @@ -16,6 +19,11 @@ setting data in a DSA object void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key); int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key); + const BIGNUM *DSA_get0_p(const DSA *d); + const BIGNUM *DSA_get0_q(const DSA *d); + const BIGNUM *DSA_get0_g(const DSA *d); + const BIGNUM *DSA_get0_pub_key(const DSA *d); + const BIGNUM *DSA_get0_priv_key(const DSA *d); void DSA_clear_flags(DSA *d, int flags); int DSA_test_flags(const DSA *d, int flags); void DSA_set_flags(DSA *d, int flags); @@ -53,6 +61,10 @@ this function transfers the memory management of the key values to the DSA object, and therefore they should not be freed directly after this function has been called. +Any of the values B

, B, B, B, and B can also be +retrieved separately by the corresponding function DSA_get0_p(), DSA_get0_q(), +DSA_get0_g(), DSA_get0_priv_key(), and DSA_get0_pub_key(), respectively. + DSA_set_flags() sets the flags in the B parameter on the DSA object. Multiple flags can be passed in one go (bitwise ORed together). Any flags that are already set are left set. DSA_test_flags() tests to see whether the flags @@ -82,7 +94,7 @@ has been set. =head1 SEE ALSO -L, L, L, L, +L, L, L, L, L, L, L, L, L, L, L @@ -92,7 +104,7 @@ The functions described here were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/DSA_meth_new.pod b/deps/openssl/openssl/doc/man3/DSA_meth_new.pod similarity index 68% rename from deps/openssl/openssl/doc/crypto/DSA_meth_new.pod rename to deps/openssl/openssl/doc/man3/DSA_meth_new.pod index 8ebf7ab6bcc1e5..faf86ef9dafcda 100644 --- a/deps/openssl/openssl/doc/crypto/DSA_meth_new.pod +++ b/deps/openssl/openssl/doc/man3/DSA_meth_new.pod @@ -17,55 +17,77 @@ DSA_meth_set_keygen - Routines to build up DSA methods #include DSA_METHOD *DSA_meth_new(const char *name, int flags); + void DSA_meth_free(DSA_METHOD *dsam); + DSA_METHOD *DSA_meth_dup(const DSA_METHOD *meth); + const char *DSA_meth_get0_name(const DSA_METHOD *dsam); int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name); + int DSA_meth_get_flags(const DSA_METHOD *dsam); int DSA_meth_set_flags(DSA_METHOD *dsam, int flags); + void *DSA_meth_get0_app_data(const DSA_METHOD *dsam); int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data); - DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam)) - (const unsigned char *, int, DSA *); - int DSA_meth_set_sign(DSA_METHOD *dsam, - DSA_SIG *(*sign) (const unsigned char *, int, DSA *)); - int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam)) - (DSA *, BN_CTX *, BIGNUM **, BIGNUM **); - int DSA_meth_set_sign_setup(DSA_METHOD *dsam, - int (*sign_setup) (DSA *, BN_CTX *, BIGNUM **, BIGNUM **)); - int (*DSA_meth_get_verify(const DSA_METHOD *dsam)) - (const unsigned char *, int , DSA_SIG *, DSA *); - int DSA_meth_set_verify(DSA_METHOD *dsam, - int (*verify) (const unsigned char *, int, DSA_SIG *, DSA *)); - int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam)) - (DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, - BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont); - int DSA_meth_set_mod_exp(DSA_METHOD *dsam, - int (*mod_exp) (DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, BIGNUM *a2, - BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *mont)); - int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam)) - (DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m, - BN_CTX *ctx, BN_MONT_CTX *mont); - int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam, - int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *mont)); + + DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam))(const unsigned char *, + int, DSA *); + int DSA_meth_set_sign(DSA_METHOD *dsam, DSA_SIG *(*sign)(const unsigned char *, + int, DSA *)); + + int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam))(DSA *, BN_CTX *,$ + BIGNUM **, BIGNUM **); + int DSA_meth_set_sign_setup(DSA_METHOD *dsam, int (*sign_setup)(DSA *, BN_CTX *, + BIGNUM **, BIGNUM **)); + + int (*DSA_meth_get_verify(const DSA_METHOD *dsam))(const unsigned char *, + int, DSA_SIG *, DSA *); + int DSA_meth_set_verify(DSA_METHOD *dsam, int (*verify)(const unsigned char *, + int, DSA_SIG *, DSA *)); + + int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam))(DSA *dsa, BIGNUM *rr, BIGNUM *a1, + BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, + BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *in_mont); + int DSA_meth_set_mod_exp(DSA_METHOD *dsam, int (*mod_exp)(DSA *dsa, BIGNUM *rr, + BIGNUM *a1, BIGNUM *p1, + BIGNUM *a2, BIGNUM *p2, + BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *mont)); + + int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam))(DSA *dsa, BIGNUM *r, BIGNUM *a, + const BIGNUM *p, const BIGNUM *m, + BN_CTX *ctx, BN_MONT_CTX *mont); + int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam, int (*bn_mod_exp)(DSA *dsa, + BIGNUM *r, + BIGNUM *a, + const BIGNUM *p, + const BIGNUM *m, + BN_CTX *ctx, + BN_MONT_CTX *mont)); + int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *); int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *)); - int (*DSA_meth_get_finish(const DSA_METHOD *dsam)) (DSA *); - int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish) (DSA *)); - int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam)) - (DSA *, int, const unsigned char *, int, int *, unsigned long *, - BN_GENCB *); + + int (*DSA_meth_get_finish(const DSA_METHOD *dsam))(DSA *); + int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish)(DSA *)); + + int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam))(DSA *, int, + const unsigned char *, + int, int *, unsigned long *, + BN_GENCB *); int DSA_meth_set_paramgen(DSA_METHOD *dsam, - int (*paramgen) (DSA *, int, const unsigned char *, int, int *, - unsigned long *, BN_GENCB *)); - int (*DSA_meth_get_keygen(const DSA_METHOD *dsam)) (DSA *); - int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *)); + int (*paramgen)(DSA *, int, const unsigned char *, + int, int *, unsigned long *, BN_GENCB *)); + + int (*DSA_meth_get_keygen(const DSA_METHOD *dsam))(DSA *); + int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen)(DSA *)); =head1 DESCRIPTION The B type is a structure used for the provision of custom DSA -implementations. It provides a set of of functions used by OpenSSL for the +implementations. It provides a set of functions used by OpenSSL for the implementation of the various DSA capabilities. See the L page for more information. @@ -173,7 +195,7 @@ DSA_meth_set1_name() and all DSA_meth_set_*() functions return 1 on success or =head1 SEE ALSO -L, L, L, L, +L, L, L, L, L, L, L, L, L, L, L diff --git a/deps/openssl/openssl/doc/crypto/DSA_new.pod b/deps/openssl/openssl/doc/man3/DSA_new.pod similarity index 96% rename from deps/openssl/openssl/doc/crypto/DSA_new.pod rename to deps/openssl/openssl/doc/man3/DSA_new.pod index a967ab5da5113c..22474251f2b798 100644 --- a/deps/openssl/openssl/doc/crypto/DSA_new.pod +++ b/deps/openssl/openssl/doc/man3/DSA_new.pod @@ -32,7 +32,7 @@ DSA_free() returns no value. =head1 SEE ALSO -L, L, +L, L, L, L diff --git a/deps/openssl/openssl/doc/crypto/DSA_set_method.pod b/deps/openssl/openssl/doc/man3/DSA_set_method.pod similarity index 98% rename from deps/openssl/openssl/doc/crypto/DSA_set_method.pod rename to deps/openssl/openssl/doc/man3/DSA_set_method.pod index d870f56f26f763..f10307e66d66cc 100644 --- a/deps/openssl/openssl/doc/crypto/DSA_set_method.pod +++ b/deps/openssl/openssl/doc/man3/DSA_set_method.pod @@ -74,7 +74,7 @@ fails. Otherwise it returns a pointer to the newly allocated structure. =head1 SEE ALSO -L, L, L +L, L, L =head1 COPYRIGHT diff --git a/deps/openssl/openssl/doc/crypto/DSA_sign.pod b/deps/openssl/openssl/doc/man3/DSA_sign.pod similarity index 84% rename from deps/openssl/openssl/doc/crypto/DSA_sign.pod rename to deps/openssl/openssl/doc/man3/DSA_sign.pod index b91f89f0733c2b..889c7a1e070822 100644 --- a/deps/openssl/openssl/doc/crypto/DSA_sign.pod +++ b/deps/openssl/openssl/doc/man3/DSA_sign.pod @@ -8,13 +8,12 @@ DSA_sign, DSA_sign_setup, DSA_verify - DSA signatures #include - int DSA_sign(int type, const unsigned char *dgst, int len, - unsigned char *sigret, unsigned int *siglen, DSA *dsa); + int DSA_sign(int type, const unsigned char *dgst, int len, + unsigned char *sigret, unsigned int *siglen, DSA *dsa); - int DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp, - BIGNUM **rp); + int DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp, BIGNUM **rp); - int DSA_verify(int type, const unsigned char *dgst, int len, + int DSA_verify(int type, const unsigned char *dgst, int len, unsigned char *sigbuf, int siglen, DSA *dsa); =head1 DESCRIPTION @@ -54,7 +53,7 @@ Standard, DSS), ANSI X9.30 =head1 SEE ALSO -L, L, L, +L, L, L, L =head1 COPYRIGHT diff --git a/deps/openssl/openssl/doc/crypto/DSA_size.pod b/deps/openssl/openssl/doc/man3/DSA_size.pod similarity index 66% rename from deps/openssl/openssl/doc/crypto/DSA_size.pod rename to deps/openssl/openssl/doc/man3/DSA_size.pod index 16e6f3a9633402..ff7df3d296ee08 100644 --- a/deps/openssl/openssl/doc/crypto/DSA_size.pod +++ b/deps/openssl/openssl/doc/man3/DSA_size.pod @@ -2,7 +2,7 @@ =head1 NAME -DSA_size, DSA_bits - get DSA signature size or key bits +DSA_size, DSA_bits, DSA_security_bits - get DSA signature size, key bits or security bits =head1 SYNOPSIS @@ -10,6 +10,7 @@ DSA_size, DSA_bits - get DSA signature size or key bits int DSA_size(const DSA *dsa); int DSA_bits(const DSA *dsa); + int DSA_security_bits(const DSA *dsa); =head1 DESCRIPTION @@ -22,19 +23,22 @@ Bq> must not be B. DSA_bits() returns the number of bits in key B: this is the number of bits in the B

parameter. -=head1 RETURN VALUE +DSA_security_bits() returns the number of security bits of the given B +key. See L. -DSA_size() returns the size in bytes. +=head1 RETURN VALUES + +DSA_size() returns the signature size in bytes. DSA_bits() returns the number of bits in the key. =head1 SEE ALSO -L, L +L, L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/DTLS_get_data_mtu.pod b/deps/openssl/openssl/doc/man3/DTLS_get_data_mtu.pod new file mode 100644 index 00000000000000..ab7147217ac1d0 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/DTLS_get_data_mtu.pod @@ -0,0 +1,36 @@ +=pod + +=head1 NAME + +DTLS_get_data_mtu - Get maximum data payload size + +=head1 SYNOPSIS + + #include + + size_t DTLS_get_data_mtu(const SSL *ssl); + +=head1 DESCRIPTION + +This function obtains the maximum data payload size for the established +DTLS connection B, based on the DTLS record MTU and the overhead +of the DTLS record header, encryption and authentication currently in use. + +=head1 RETURN VALUES + +Returns the maximum data payload size on success, or 0 on failure. + +=head1 HISTORY + +This function was added in OpenSSL 1.1.1 + +=head1 COPYRIGHT + +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/DTLS_set_timer_cb.pod b/deps/openssl/openssl/doc/man3/DTLS_set_timer_cb.pod new file mode 100644 index 00000000000000..6e1347213e6fc9 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/DTLS_set_timer_cb.pod @@ -0,0 +1,40 @@ +=pod + +=head1 NAME + +DTLS_timer_cb, +DTLS_set_timer_cb +- Set callback for controlling DTLS timer duration + +=head1 SYNOPSIS + + #include + + typedef unsigned int (*DTLS_timer_cb)(SSL *s, unsigned int timer_us); + + void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb); + +=head1 DESCRIPTION + +This function sets an optional callback function for controlling the +timeout interval on the DTLS protocol. The callback function will be +called by DTLS for every new DTLS packet that is sent. + +=head1 RETURN VALUES + +Returns void. + +=head1 HISTORY + +This function was added in OpenSSL 1.1.1 + +=head1 COPYRIGHT + +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/DTLSv1_listen.pod b/deps/openssl/openssl/doc/man3/DTLSv1_listen.pod new file mode 100644 index 00000000000000..858e39316105d7 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/DTLSv1_listen.pod @@ -0,0 +1,134 @@ +=pod + +=head1 NAME + +SSL_stateless, +DTLSv1_listen +- Statelessly listen for incoming connections + +=head1 SYNOPSIS + + #include + + int SSL_stateless(SSL *s); + int DTLSv1_listen(SSL *ssl, BIO_ADDR *peer); + +=head1 DESCRIPTION + +SSL_stateless() statelessly listens for new incoming TLSv1.3 connections. +DTLSv1_listen() statelessly listens for new incoming DTLS connections. If a +ClientHello is received that does not contain a cookie, then they respond with a +request for a new ClientHello that does contain a cookie. If a ClientHello is +received with a cookie that is verified then the function returns in order to +enable the handshake to be completed (for example by using SSL_accept()). + +=head1 NOTES + +Some transport protocols (such as UDP) can be susceptible to amplification +attacks. Unlike TCP there is no initial connection setup in UDP that +validates that the client can actually receive messages on its advertised source +address. An attacker could forge its source IP address and then send handshake +initiation messages to the server. The server would then send its response to +the forged source IP. If the response messages are larger than the original +message then the amplification attack has succeeded. + +If DTLS is used over UDP (or any datagram based protocol that does not validate +the source IP) then it is susceptible to this type of attack. TLSv1.3 is +designed to operate over a stream-based transport protocol (such as TCP). +If TCP is being used then there is no need to use SSL_stateless(). However some +stream-based transport protocols (e.g. QUIC) may not validate the source +address. In this case a TLSv1.3 application would be susceptible to this attack. + +As a countermeasure to this issue TLSv1.3 and DTLS include a stateless cookie +mechanism. The idea is that when a client attempts to connect to a server it +sends a ClientHello message. The server responds with a HelloRetryRequest (in +TLSv1.3) or a HelloVerifyRequest (in DTLS) which contains a unique cookie. The +client then resends the ClientHello, but this time includes the cookie in the +message thus proving that the client is capable of receiving messages sent to +that address. All of this can be done by the server without allocating any +state, and thus without consuming expensive resources. + +OpenSSL implements this capability via the SSL_stateless() and DTLSv1_listen() +functions. The B parameter should be a newly allocated SSL object with its +read and write BIOs set, in the same way as might be done for a call to +SSL_accept(). Typically, for DTLS, the read BIO will be in an "unconnected" +state and thus capable of receiving messages from any peer. + +When a ClientHello is received that contains a cookie that has been verified, +then these functions will return with the B parameter updated into a state +where the handshake can be continued by a call to (for example) SSL_accept(). +Additionally, for DTLSv1_listen(), the B pointed to by B will be +filled in with details of the peer that sent the ClientHello. If the underlying +BIO is unable to obtain the B of the peer (for example because the BIO +does not support this), then B<*peer> will be cleared and the family set to +AF_UNSPEC. Typically user code is expected to "connect" the underlying socket to +the peer and continue the handshake in a connected state. + +Prior to calling DTLSv1_listen() user code must ensure that cookie generation +and verification callbacks have been set up using +SSL_CTX_set_cookie_generate_cb() and SSL_CTX_set_cookie_verify_cb() +respectively. For SSL_stateless(), SSL_CTX_set_stateless_cookie_generate_cb() +and SSL_CTX_set_stateless_cookie_verify_cb() must be used instead. + +Since DTLSv1_listen() operates entirely statelessly whilst processing incoming +ClientHellos it is unable to process fragmented messages (since this would +require the allocation of state). An implication of this is that DTLSv1_listen() +B supports ClientHellos that fit inside a single datagram. + +For SSL_stateless() if an entire ClientHello message cannot be read without the +"read" BIO becoming empty then the SSL_stateless() call will fail. It is the +application's responsibility to ensure that data read from the "read" BIO during +a single SSL_stateless() call is all from the same peer. + +SSL_stateless() will fail (with a 0 return value) if some TLS version less than +TLSv1.3 is used. + +Both SSL_stateless() and DTLSv1_listen() will clear the error queue when they +start. + +=head1 RETURN VALUES + +For SSL_stateless() a return value of 1 indicates success and the B object +will be set up ready to continue the handshake. A return value of 0 or -1 +indicates failure. If the value is 0 then a HelloRetryRequest was sent. A value +of -1 indicates any other error. User code may retry the SSL_stateless() call. + +For DTLSv1_listen() a return value of >= 1 indicates success. The B object +will be set up ready to continue the handshake. the B value will also be +filled in. + +A return value of 0 indicates a non-fatal error. This could (for +example) be because of non-blocking IO, or some invalid message having been +received from a peer. Errors may be placed on the OpenSSL error queue with +further information if appropriate. Typically user code is expected to retry the +call to DTLSv1_listen() in the event of a non-fatal error. + +A return value of <0 indicates a fatal error. This could (for example) be +because of a failure to allocate sufficient memory for the operation. + +For DTLSv1_listen(), prior to OpenSSL 1.1.0, fatal and non-fatal errors both +produce return codes <= 0 (in typical implementations user code treats all +errors as non-fatal), whilst return codes >0 indicate success. + +=head1 SEE ALSO + +L, L, +L, L + +=head1 HISTORY + +SSL_stateless() was first added in OpenSSL 1.1.1. + +DTLSv1_listen() return codes were clarified in OpenSSL 1.1.0. The type of "peer" +also changed in OpenSSL 1.1.0. + +=head1 COPYRIGHT + +Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/crypto/ECDSA_SIG_new.pod b/deps/openssl/openssl/doc/man3/ECDSA_SIG_new.pod similarity index 88% rename from deps/openssl/openssl/doc/crypto/ECDSA_SIG_new.pod rename to deps/openssl/openssl/doc/man3/ECDSA_SIG_new.pod index f544ccbb32fedf..0bf63f8bde8088 100644 --- a/deps/openssl/openssl/doc/crypto/ECDSA_SIG_new.pod +++ b/deps/openssl/openssl/doc/man3/ECDSA_SIG_new.pod @@ -2,7 +2,7 @@ =head1 NAME -ECDSA_SIG_get0, ECDSA_SIG_set0, +ECDSA_SIG_get0, ECDSA_SIG_get0_r, ECDSA_SIG_get0_s, ECDSA_SIG_set0, ECDSA_SIG_new, ECDSA_SIG_free, i2d_ECDSA_SIG, d2i_ECDSA_SIG, ECDSA_size, ECDSA_sign, ECDSA_do_sign, ECDSA_verify, ECDSA_do_verify, ECDSA_sign_setup, ECDSA_sign_ex, ECDSA_do_sign_ex - low level elliptic curve digital signature @@ -15,6 +15,8 @@ algorithm (ECDSA) functions ECDSA_SIG *ECDSA_SIG_new(void); void ECDSA_SIG_free(ECDSA_SIG *sig); void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); + const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig); + const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig); int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp); ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len); @@ -53,7 +55,12 @@ OpenSSL 1.1.0 the: the B and B components were initialised. ECDSA_SIG_free() frees the B structure B. ECDSA_SIG_get0() returns internal pointers the B and B values contained -in B. +in B and stores them in B<*pr> and B<*ps>, respectively. +The pointer B or B can be NULL, in which case the corresponding value +is not returned. + +The values B, B can also be retrieved separately by the corresponding +function ECDSA_SIG_get0_r() and ECDSA_SIG_get0_s(), respectively. The B and B values can be set by calling ECDSA_SIG_set0() and passing the new values for B and B as parameters to the function. Calling this @@ -118,6 +125,9 @@ ECDSA_SIG_new() returns NULL if the allocation fails. ECDSA_SIG_set0() returns 1 on success or 0 on failure. +ECDSA_SIG_get0_r() and ECDSA_SIG_get0_s() return the corresponding value, +or NULL if it is unset. + ECDSA_size() returns the maximum length signature or 0 on error. ECDSA_sign(), ECDSA_sign_ex() and ECDSA_sign_setup() return 1 if successful @@ -138,35 +148,33 @@ named curve prime256v1 (aka P-256). First step: create an EC_KEY object (note: this part is B ECDSA specific) - int ret; + int ret; ECDSA_SIG *sig; - EC_KEY *eckey; + EC_KEY *eckey; + eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); - if (eckey == NULL) { - /* error */ - } - if (EC_KEY_generate_key(eckey) == 0) { - /* error */ - } + if (eckey == NULL) + /* error */ + if (EC_KEY_generate_key(eckey) == 0) + /* error */ Second step: compute the ECDSA signature of a SHA-256 hash value using ECDSA_do_sign(): sig = ECDSA_do_sign(digest, 32, eckey); - if (sig == NULL) { - /* error */ - } + if (sig == NULL) + /* error */ or using ECDSA_sign(): unsigned char *buffer, *pp; - int buf_len; + int buf_len; + buf_len = ECDSA_size(eckey); - buffer = OPENSSL_malloc(buf_len); + buffer = OPENSSL_malloc(buf_len); pp = buffer; - if (ECDSA_sign(0, dgst, dgstlen, pp, &buf_len, eckey) == 0) { - /* error */ - } + if (ECDSA_sign(0, dgst, dgstlen, pp, &buf_len, eckey) == 0) + /* error */ Third step: verify the created ECDSA signature using ECDSA_do_verify(): @@ -178,13 +186,12 @@ or using ECDSA_verify(): and finally evaluate the return value: - if (ret == 1) { - /* signature ok */ - } else if (ret == 0) { - /* incorrect signature */ - } else { - /* error */ - } + if (ret == 1) + /* signature ok */ + else if (ret == 0) + /* incorrect signature */ + else + /* error */ =head1 CONFORMING TO diff --git a/deps/openssl/openssl/doc/crypto/ECPKParameters_print.pod b/deps/openssl/openssl/doc/man3/ECPKParameters_print.pod similarity index 100% rename from deps/openssl/openssl/doc/crypto/ECPKParameters_print.pod rename to deps/openssl/openssl/doc/man3/ECPKParameters_print.pod diff --git a/deps/openssl/openssl/doc/crypto/EC_GFp_simple_method.pod b/deps/openssl/openssl/doc/man3/EC_GFp_simple_method.pod similarity index 100% rename from deps/openssl/openssl/doc/crypto/EC_GFp_simple_method.pod rename to deps/openssl/openssl/doc/man3/EC_GFp_simple_method.pod diff --git a/deps/openssl/openssl/doc/crypto/EC_GROUP_copy.pod b/deps/openssl/openssl/doc/man3/EC_GROUP_copy.pod similarity index 98% rename from deps/openssl/openssl/doc/crypto/EC_GROUP_copy.pod rename to deps/openssl/openssl/doc/man3/EC_GROUP_copy.pod index fd5f58c919c089..ee20f9526adc63 100644 --- a/deps/openssl/openssl/doc/crypto/EC_GROUP_copy.pod +++ b/deps/openssl/openssl/doc/man3/EC_GROUP_copy.pod @@ -23,7 +23,8 @@ EC_GROUP_get_pentanomial_basis const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group); - int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor); + int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, + const BIGNUM *order, const BIGNUM *cofactor); const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group); int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx); @@ -56,7 +57,7 @@ EC_GROUP_get_pentanomial_basis int EC_GROUP_get_basis_type(const EC_GROUP *); int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k); int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, - unsigned int *k2, unsigned int *k3); + unsigned int *k2, unsigned int *k3); =head1 DESCRIPTION diff --git a/deps/openssl/openssl/doc/crypto/EC_GROUP_new.pod b/deps/openssl/openssl/doc/man3/EC_GROUP_new.pod similarity index 64% rename from deps/openssl/openssl/doc/crypto/EC_GROUP_new.pod rename to deps/openssl/openssl/doc/man3/EC_GROUP_new.pod index 2f658dc2c3b632..1eee494927f527 100644 --- a/deps/openssl/openssl/doc/crypto/EC_GROUP_new.pod +++ b/deps/openssl/openssl/doc/man3/EC_GROUP_new.pod @@ -2,12 +2,22 @@ =head1 NAME -EC_GROUP_get_ecparameters, EC_GROUP_get_ecpkparameters, -EC_GROUP_new, EC_GROUP_new_from_ecparameters, +EC_GROUP_get_ecparameters, +EC_GROUP_get_ecpkparameters, +EC_GROUP_new, +EC_GROUP_new_from_ecparameters, EC_GROUP_new_from_ecpkparameters, -EC_GROUP_free, EC_GROUP_clear_free, EC_GROUP_new_curve_GFp, -EC_GROUP_new_curve_GF2m, EC_GROUP_new_by_curve_name, EC_GROUP_set_curve_GFp, -EC_GROUP_get_curve_GFp, EC_GROUP_set_curve_GF2m, EC_GROUP_get_curve_GF2m, +EC_GROUP_free, +EC_GROUP_clear_free, +EC_GROUP_new_curve_GFp, +EC_GROUP_new_curve_GF2m, +EC_GROUP_new_by_curve_name, +EC_GROUP_set_curve, +EC_GROUP_get_curve, +EC_GROUP_set_curve_GFp, +EC_GROUP_get_curve_GFp, +EC_GROUP_set_curve_GF2m, +EC_GROUP_get_curve_GF2m, EC_get_builtin_curves - Functions for creating and destroying EC_GROUP objects @@ -21,14 +31,24 @@ objects void EC_GROUP_free(EC_GROUP *group); void EC_GROUP_clear_free(EC_GROUP *group); - EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); - EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); + EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx); + EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx); EC_GROUP *EC_GROUP_new_by_curve_name(int nid); - int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); - int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); - int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); - int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); + int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx); + int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, + BN_CTX *ctx); + int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, + const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); + int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, + BIGNUM *a, BIGNUM *b, BN_CTX *ctx); + int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, + const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); + int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, + BIGNUM *a, BIGNUM *b, BN_CTX *ctx); ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, ECPARAMETERS *params) ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, ECPKPARAMETERS *params) @@ -52,22 +72,26 @@ Operations in a binary field are performed relative to an B (see -L). It is then necessary to call either EC_GROUP_set_curve_GFp or -EC_GROUP_set_curve_GF2m as appropriate to create a curve defined over Fp or over F2^m respectively. +L). It is then necessary to call EC_GROUP_set_curve() to set the curve parameters. EC_GROUP_new_from_ecparameters() will create a group from the specified B and EC_GROUP_new_from_ecpkparameters() will create a group from the specific PK B. -EC_GROUP_set_curve_GFp sets the curve parameters B

, B and B for a curve over Fp stored in B. -EC_group_get_curve_GFp obtains the previously set curve parameters. +EC_GROUP_set_curve() sets the curve parameters B

, B and B. For a curve over Fp B +is the prime for the field. For a curve over F2^m B

represents the irreducible polynomial - each bit +represents a term in the polynomial. Therefore there will either be three or five bits set dependent on whether +the polynomial is a trinomial or a pentanomial. -EC_GROUP_set_curve_GF2m sets the equivalent curve parameters for a curve over F2^m. In this case B

represents -the irreducible polynomial - each bit represents a term in the polynomial. Therefore there will either be three -or five bits set dependent on whether the polynomial is a trinomial or a pentanomial. -EC_group_get_curve_GF2m obtains the previously set curve parameters. +EC_group_get_curve() obtains the previously set curve parameters. -The functions EC_GROUP_new_curve_GFp and EC_GROUP_new_curve_GF2m are shortcuts for calling EC_GROUP_new and the -appropriate EC_group_set_curve function. An appropriate default implementation method will be used. +EC_GROUP_set_curve_GFp() and EC_GROUP_set_curve_GF2m() are synonyms for EC_GROUP_set_curve(). They are defined for +backwards compatibility only and should not be used. + +EC_GROUP_get_curve_GFp() and EC_GROUP_get_curve_GF2m() are synonyms for EC_GROUP_get_curve(). They are defined for +backwards compatibility only and should not be used. + +The functions EC_GROUP_new_curve_GFp and EC_GROUP_new_curve_GF2m are shortcuts for calling EC_GROUP_new and then the +EC_GROUP_set_curve function. An appropriate default implementation method will be used. Whilst the library can be used to create any curve using the functions described above, there are also a number of predefined curves that are available. In order to obtain a list of all of the predefined curves, call the function @@ -110,7 +134,7 @@ L, L =head1 COPYRIGHT -Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/EC_KEY_get_enc_flags.pod b/deps/openssl/openssl/doc/man3/EC_KEY_get_enc_flags.pod similarity index 100% rename from deps/openssl/openssl/doc/crypto/EC_KEY_get_enc_flags.pod rename to deps/openssl/openssl/doc/man3/EC_KEY_get_enc_flags.pod diff --git a/deps/openssl/openssl/doc/crypto/EC_KEY_new.pod b/deps/openssl/openssl/doc/man3/EC_KEY_new.pod similarity index 95% rename from deps/openssl/openssl/doc/crypto/EC_KEY_new.pod rename to deps/openssl/openssl/doc/man3/EC_KEY_new.pod index 591529fd470cb2..9d32d78a399e26 100644 --- a/deps/openssl/openssl/doc/crypto/EC_KEY_new.pod +++ b/deps/openssl/openssl/doc/man3/EC_KEY_new.pod @@ -5,6 +5,7 @@ EC_KEY_get_method, EC_KEY_set_method, EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_flags, EC_KEY_clear_flags, EC_KEY_new_by_curve_name, EC_KEY_free, EC_KEY_copy, EC_KEY_dup, EC_KEY_up_ref, +EC_KEY_get0_engine, EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key, EC_KEY_set_private_key, EC_KEY_get0_public_key, EC_KEY_set_public_key, EC_KEY_get_conv_form, @@ -27,6 +28,7 @@ EC_KEY objects EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src); EC_KEY *EC_KEY_dup(const EC_KEY *src); int EC_KEY_up_ref(EC_KEY *key); + ENGINE *EC_KEY_get0_engine(const EC_KEY *eckey); const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key); int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group); const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key); @@ -39,13 +41,11 @@ EC_KEY objects int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx); int EC_KEY_generate_key(EC_KEY *key); int EC_KEY_check_key(const EC_KEY *key); - int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, - BIGNUM *x, BIGNUM *y); + int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *y); const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key); int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth); - int EC_KEY_oct2key(EC_KEY *eckey, const unsigned char *buf, size_t len, - BN_CTX *ctx); + int EC_KEY_oct2key(EC_KEY *eckey, const unsigned char *buf, size_t len, BN_CTX *ctx); size_t EC_KEY_key2buf(const EC_KEY *eckey, point_conversion_form_t form, unsigned char **pbuf, BN_CTX *ctx); @@ -78,6 +78,9 @@ EC_KEY_dup() creates a new EC_KEY object and copies B into it. EC_KEY_up_ref() increments the reference count associated with the EC_KEY object. +EC_KEY_get0_engine() returns a handle to the ENGINE that has been set for +this EC_KEY object. + EC_KEY_generate_key() generates a new public and private key for the supplied B object. B must have an EC_GROUP object associated with it before calling this function. The private key is a random integer (0 < priv_key @@ -149,6 +152,8 @@ integer. EC_KEY_copy() returns a pointer to the destination key, or NULL on error. +EC_KEY_get0_engine() returns a pointer to an ENGINE, or NULL if it wasn't set. + EC_KEY_up_ref(), EC_KEY_set_group(), EC_KEY_set_private_key(), EC_KEY_set_public_key(), EC_KEY_precompute_mult(), EC_KEY_generate_key(), EC_KEY_check_key(), EC_KEY_set_public_key_affine_coordinates(), diff --git a/deps/openssl/openssl/doc/crypto/EC_POINT_add.pod b/deps/openssl/openssl/doc/man3/EC_POINT_add.pod similarity index 71% rename from deps/openssl/openssl/doc/crypto/EC_POINT_add.pod rename to deps/openssl/openssl/doc/man3/EC_POINT_add.pod index 6f3e2308bd7b04..dc530757046ff4 100644 --- a/deps/openssl/openssl/doc/crypto/EC_POINT_add.pod +++ b/deps/openssl/openssl/doc/man3/EC_POINT_add.pod @@ -8,16 +8,20 @@ EC_POINT_add, EC_POINT_dbl, EC_POINT_invert, EC_POINT_is_at_infinity, EC_POINT_i #include - int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx); + int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, + const EC_POINT *b, BN_CTX *ctx); int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx); int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx); int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p); int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx); int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx); int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx); - int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx); - int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num, const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx); - int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx); + int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, + EC_POINT *points[], BN_CTX *ctx); + int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num, + const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx); + int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, + const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx); int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx); int EC_GROUP_have_precompute_mult(const EC_GROUP *group); @@ -39,10 +43,12 @@ The functions EC_POINT_make_affine and EC_POINTs_make_affine force the internal co-ordinate system. In the case of EC_POINTs_make_affine the value B provides the number of points in the array B to be forced. -EC_POINT_mul calculates the value generator * B + B * B and stores the result in B. The value B may be NULL in which case the result is just B * B. +EC_POINT_mul is a convenient interface to EC_POINTs_mul: it calculates the value generator * B + B * B and stores the result in B. +The value B may be NULL in which case the result is just B * B (variable point multiplication). Alternatively, both B and B may be NULL, and B non-NULL, in which case the result is just generator * B (fixed point multiplication). +When performing a single fixed or variable point multiplication, the underlying implementation uses a constant time algorithm, when the input scalar (either B or B) is in the range [0, ec_group_order). -EC_POINTs_mul calculates the value generator * B + B * B + ... + B * B. As for EC_POINT_mul the value -B may be NULL. +EC_POINTs_mul calculates the value generator * B + B * B + ... + B * B. As for EC_POINT_mul the value B may be NULL or B may be zero. +When performing a fixed point multiplication (B is non-NULL and B is 0) or a variable point multiplication (B is NULL and B is 1), the underlying implementation uses a constant time algorithm, when the input scalar (either B or B) is in the range [0, ec_group_order). The function EC_GROUP_precompute_mult stores multiples of the generator for faster point multiplication, whilst EC_GROUP_have_precompute_mult tests whether precomputation has already been done. See L for information @@ -70,7 +76,7 @@ L, L =head1 COPYRIGHT -Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/EC_POINT_new.pod b/deps/openssl/openssl/doc/man3/EC_POINT_new.pod similarity index 80% rename from deps/openssl/openssl/doc/crypto/EC_POINT_new.pod rename to deps/openssl/openssl/doc/man3/EC_POINT_new.pod index 5ac41b3295a35b..796f6666dd38bc 100644 --- a/deps/openssl/openssl/doc/crypto/EC_POINT_new.pod +++ b/deps/openssl/openssl/doc/man3/EC_POINT_new.pod @@ -2,16 +2,30 @@ =head1 NAME -EC_POINT_set_Jprojective_coordinates_GFp, EC_POINT_point2buf, -EC_POINT_new, EC_POINT_free, EC_POINT_clear_free, -EC_POINT_copy, EC_POINT_dup, EC_POINT_method_of, +EC_POINT_set_Jprojective_coordinates_GFp, +EC_POINT_point2buf, +EC_POINT_new, +EC_POINT_free, +EC_POINT_clear_free, +EC_POINT_copy, +EC_POINT_dup, +EC_POINT_method_of, EC_POINT_set_to_infinity, EC_POINT_get_Jprojective_coordinates_GFp, +EC_POINT_set_affine_coordinates, +EC_POINT_get_affine_coordinates, +EC_POINT_set_compressed_coordinates, EC_POINT_set_affine_coordinates_GFp, -EC_POINT_get_affine_coordinates_GFp, EC_POINT_set_compressed_coordinates_GFp, -EC_POINT_set_affine_coordinates_GF2m, EC_POINT_get_affine_coordinates_GF2m, -EC_POINT_set_compressed_coordinates_GF2m, EC_POINT_point2oct, -EC_POINT_oct2point, EC_POINT_point2bn, EC_POINT_bn2point, EC_POINT_point2hex, +EC_POINT_get_affine_coordinates_GFp, +EC_POINT_set_compressed_coordinates_GFp, +EC_POINT_set_affine_coordinates_GF2m, +EC_POINT_get_affine_coordinates_GF2m, +EC_POINT_set_compressed_coordinates_GF2m, +EC_POINT_point2oct, +EC_POINT_oct2point, +EC_POINT_point2bn, +EC_POINT_bn2point, +EC_POINT_point2hex, EC_POINT_hex2point - Functions for creating, destroying and manipulating EC_POINT objects @@ -34,6 +48,14 @@ EC_POINT_hex2point const EC_POINT *p, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx); + int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, + BN_CTX *ctx); + int EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p, + BIGNUM *x, BIGNUM *y, BN_CTX *ctx); + int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, int y_bit, + BN_CTX *ctx); int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx); @@ -97,9 +119,20 @@ A valid point on a curve is the special point at infinity. A point is set to be at infinity by calling EC_POINT_set_to_infinity(). The affine co-ordinates for a point describe a point in terms of its x and y -position. The functions EC_POINT_set_affine_coordinates_GFp() and -EC_POINT_set_affine_coordinates_GF2m() set the B and B co-ordinates for -the point B

defined over the curve given in B. +position. The function EC_POINT_set_affine_coordinates() sets the B and B +co-ordinates for the point B

defined over the curve given in B. The +function EC_POINT_get_affine_coordinates() sets B and B, either of which +may be NULL, to the corresponding coordinates of B

. + +The functions EC_POINT_set_affine_coordinates_GFp() and +EC_POINT_set_affine_coordinates_GF2m() are synonyms for +EC_POINT_set_affine_coordinates(). They are defined for backwards compatibility +only and should not be used. + +The functions EC_POINT_get_affine_coordinates_GFp() and +EC_POINT_get_affine_coordinates_GF2m() are synonyms for +EC_POINT_get_affine_coordinates(). They are defined for backwards compatibility +only and should not be used. As well as the affine co-ordinates, a point can alternatively be described in terms of its Jacobian projective co-ordinates (for Fp curves only). Jacobian @@ -116,11 +149,15 @@ EC_POINT_get_Jprojective_coordinates_GFp() respectively. Points can also be described in terms of their compressed co-ordinates. For a point (x, y), for any given value for x such that the point is on the curve there will only ever be two possible values for y. Therefore a point can be set -using the EC_POINT_set_compressed_coordinates_GFp() and -EC_POINT_set_compressed_coordinates_GF2m() functions where B is the x +using the EC_POINT_set_compressed_coordinates() function where B is the x co-ordinate and B is a value 0 or 1 to identify which of the two possible values for y should be used. +The functions EC_POINT_set_compressed_coordinates_GFp() and +EC_POINT_set_compressed_coordinates_GF2m() are synonyms for +EC_POINT_set_compressed_coordinates(). They are defined for backwards +compatibility only and should not be used. + In addition B can be converted to and from various external representations. The octet form is the binary encoding of the B structure (as defined in RFC5480 and used in certificates and TLS records): diff --git a/deps/openssl/openssl/doc/crypto/ENGINE_add.pod b/deps/openssl/openssl/doc/man3/ENGINE_add.pod similarity index 85% rename from deps/openssl/openssl/doc/crypto/ENGINE_add.pod rename to deps/openssl/openssl/doc/man3/ENGINE_add.pod index d5a7d7242f5b1a..a2fc299482fc06 100644 --- a/deps/openssl/openssl/doc/crypto/ENGINE_add.pod +++ b/deps/openssl/openssl/doc/man3/ENGINE_add.pod @@ -2,10 +2,10 @@ =head1 NAME -ENGINE_get_DH, ENGINE_get_DSA, ENGINE_get_ECDH, ENGINE_get_ECDSA, +ENGINE_get_DH, ENGINE_get_DSA, ENGINE_by_id, ENGINE_get_cipher_engine, ENGINE_get_default_DH, -ENGINE_get_default_DSA, ENGINE_get_default_ECDH, -ENGINE_get_default_ECDSA, ENGINE_get_default_RAND, +ENGINE_get_default_DSA, +ENGINE_get_default_RAND, ENGINE_get_default_RSA, ENGINE_get_digest_engine, ENGINE_get_first, ENGINE_get_last, ENGINE_get_next, ENGINE_get_prev, ENGINE_new, ENGINE_get_ciphers, ENGINE_get_ctrl_function, ENGINE_get_digests, @@ -17,15 +17,15 @@ ENGINE_get_name, ENGINE_get_cmd_defns, ENGINE_get_cipher, ENGINE_get_digest, ENGINE_add, ENGINE_cmd_is_executable, ENGINE_ctrl, ENGINE_ctrl_cmd, ENGINE_ctrl_cmd_string, ENGINE_finish, ENGINE_free, ENGINE_get_flags, ENGINE_init, -ENGINE_register_DH, ENGINE_register_DSA, ENGINE_register_ECDH, -ENGINE_register_ECDSA, ENGINE_register_RAND, ENGINE_register_RSA, +ENGINE_register_DH, ENGINE_register_DSA, +ENGINE_register_RAND, ENGINE_register_RSA, ENGINE_register_all_complete, ENGINE_register_ciphers, ENGINE_register_complete, ENGINE_register_digests, ENGINE_remove, -ENGINE_set_DH, ENGINE_set_DSA, ENGINE_set_ECDH, ENGINE_set_ECDSA, +ENGINE_set_DH, ENGINE_set_DSA, ENGINE_set_RAND, ENGINE_set_RSA, ENGINE_set_ciphers, ENGINE_set_cmd_defns, ENGINE_set_ctrl_function, ENGINE_set_default, -ENGINE_set_default_DH, ENGINE_set_default_DSA, ENGINE_set_default_ECDH, -ENGINE_set_default_ECDSA, ENGINE_set_default_RAND, ENGINE_set_default_RSA, +ENGINE_set_default_DH, ENGINE_set_default_DSA, +ENGINE_set_default_RAND, ENGINE_set_default_RSA, ENGINE_set_default_ciphers, ENGINE_set_default_digests, ENGINE_set_default_string, ENGINE_set_destroy_function, ENGINE_set_digests, ENGINE_set_finish_function, ENGINE_set_flags, @@ -33,11 +33,11 @@ ENGINE_set_id, ENGINE_set_init_function, ENGINE_set_load_privkey_function, ENGINE_set_load_pubkey_function, ENGINE_set_name, ENGINE_up_ref, ENGINE_get_table_flags, ENGINE_cleanup, ENGINE_load_builtin_engines, ENGINE_register_all_DH, -ENGINE_register_all_DSA, ENGINE_register_all_ECDH, -ENGINE_register_all_ECDSA, ENGINE_register_all_RAND, +ENGINE_register_all_DSA, +ENGINE_register_all_RAND, ENGINE_register_all_RSA, ENGINE_register_all_ciphers, ENGINE_register_all_digests, ENGINE_set_table_flags, ENGINE_unregister_DH, -ENGINE_unregister_DSA, ENGINE_unregister_ECDH, ENGINE_unregister_ECDSA, +ENGINE_unregister_DSA, ENGINE_unregister_RAND, ENGINE_unregister_RSA, ENGINE_unregister_ciphers, ENGINE_unregister_digests - ENGINE cryptographic module support @@ -63,8 +63,6 @@ ENGINE_unregister_digests ENGINE *ENGINE_get_default_RSA(void); ENGINE *ENGINE_get_default_DSA(void); - ENGINE *ENGINE_get_default_ECDH(void); - ENGINE *ENGINE_get_default_ECDSA(void); ENGINE *ENGINE_get_default_DH(void); ENGINE *ENGINE_get_default_RAND(void); ENGINE *ENGINE_get_cipher_engine(int nid); @@ -72,8 +70,6 @@ ENGINE_unregister_digests int ENGINE_set_default_RSA(ENGINE *e); int ENGINE_set_default_DSA(ENGINE *e); - int ENGINE_set_default_ECDH(ENGINE *e); - int ENGINE_set_default_ECDSA(ENGINE *e); int ENGINE_set_default_DH(ENGINE *e); int ENGINE_set_default_RAND(ENGINE *e); int ENGINE_set_default_ciphers(ENGINE *e); @@ -91,12 +87,6 @@ ENGINE_unregister_digests int ENGINE_register_DSA(ENGINE *e); void ENGINE_unregister_DSA(ENGINE *e); void ENGINE_register_all_DSA(void); - int ENGINE_register_ECDH(ENGINE *e); - void ENGINE_unregister_ECDH(ENGINE *e); - void ENGINE_register_all_ECDH(void); - int ENGINE_register_ECDSA(ENGINE *e); - void ENGINE_unregister_ECDSA(ENGINE *e); - void ENGINE_register_all_ECDSA(void); int ENGINE_register_DH(ENGINE *e); void ENGINE_unregister_DH(ENGINE *e); void ENGINE_register_all_DH(void); @@ -115,9 +105,9 @@ ENGINE_unregister_digests int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); int ENGINE_cmd_is_executable(ENGINE *e, int cmd); int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, - long i, void *p, void (*f)(void), int cmd_optional); + long i, void *p, void (*f)(void), int cmd_optional); int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, - int cmd_optional); + int cmd_optional); ENGINE *ENGINE_new(void); int ENGINE_free(ENGINE *e); @@ -127,8 +117,6 @@ ENGINE_unregister_digests int ENGINE_set_name(ENGINE *e, const char *name); int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); - int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *dh_meth); - int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *dh_meth); int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth); int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f); @@ -146,8 +134,6 @@ ENGINE_unregister_digests const char *ENGINE_get_name(const ENGINE *e); const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e); - const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e); - const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e); const DH_METHOD *ENGINE_get_DH(const ENGINE *e); const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e); ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e); @@ -164,9 +150,9 @@ ENGINE_unregister_digests const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e); EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, - UI_METHOD *ui_method, void *callback_data); + UI_METHOD *ui_method, void *callback_data); EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, - UI_METHOD *ui_method, void *callback_data); + UI_METHOD *ui_method, void *callback_data); Deprecated: @@ -335,29 +321,6 @@ consideration is whether any/all available ENGINE implementations should be made visible to OpenSSL - this is controlled by calling the various "load" functions. -Having called any of these functions, ENGINE objects would have been -dynamically allocated and populated with these implementations and linked -into OpenSSL's internal linked list. At this point it is important to -mention an important API function; - - void ENGINE_cleanup(void) - -If no ENGINE API functions are called at all in an application, then there -are no inherent memory leaks to worry about from the ENGINE functionality. -However, prior to OpenSSL 1.1.0 if any ENGINEs are loaded, even if they are -never registered or used, it was necessary to use the ENGINE_cleanup() function -to correspondingly cleanup before program exit, if the caller wishes to avoid -memory leaks. This mechanism used an internal callback registration table -so that any ENGINE API functionality that knows it requires cleanup can -register its cleanup details to be called during ENGINE_cleanup(). This -approach allowed ENGINE_cleanup() to clean up after any ENGINE functionality -at all that your program uses, yet doesn't automatically create linker -dependencies to all possible ENGINE functionality - only the cleanup -callbacks required by the functionality you do use will be required by the -linker. From OpenSSL 1.1.0 it is no longer necessary to explicitly call -ENGINE_cleanup and this function is deprecated. Cleanup automatically takes -place at program exit. - The fact that ENGINEs are made visible to OpenSSL (and thus are linked into the program and loaded into memory at run-time) does not mean they are "registered" or called into use by OpenSSL automatically - that behaviour @@ -372,6 +335,11 @@ things, so we will simply illustrate the consequences as they apply to a couple of simple cases and leave developers to consider these and the source code to openssl's builtin utilities as guides. +If no ENGINE API functions are called within an application, then OpenSSL +will not allocate any internal resources. Prior to OpenSSL 1.1.0, however, +if any ENGINEs are loaded, even if not registered or used, it was necessary to +call ENGINE_cleanup() before the program exits. + I Here we'll assume an application has been configured by its user or admin @@ -385,17 +353,19 @@ illustrates how to approach this; const char *engine_id = "ACME"; ENGINE_load_builtin_engines(); e = ENGINE_by_id(engine_id); - if(!e) + if (!e) /* the engine isn't available */ return; - if(!ENGINE_init(e)) { + if (!ENGINE_init(e)) { /* the engine couldn't initialise, release 'e' */ ENGINE_free(e); return; } - if(!ENGINE_set_default_RSA(e)) - /* This should only happen when 'e' can't initialise, but the previous - * statement suggests it did. */ + if (!ENGINE_set_default_RSA(e)) + /* + * This should only happen when 'e' can't initialise, but the previous + * statement suggests it did. + */ abort(); ENGINE_set_default_DSA(e); ENGINE_set_default_ciphers(e); @@ -474,9 +444,9 @@ boolean success or failure. ENGINE *e = ENGINE_by_id(engine_id); if (!e) return 0; while (pre_num--) { - if(!ENGINE_ctrl_cmd_string(e, pre_cmds[0], pre_cmds[1], 0)) { + if (!ENGINE_ctrl_cmd_string(e, pre_cmds[0], pre_cmds[1], 0)) { fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id, - pre_cmds[0], pre_cmds[1] ? pre_cmds[1] : "(NULL)"); + pre_cmds[0], pre_cmds[1] ? pre_cmds[1] : "(NULL)"); ENGINE_free(e); return 0; } @@ -487,13 +457,15 @@ boolean success or failure. ENGINE_free(e); return 0; } - /* ENGINE_init() returned a functional reference, so free the structural - * reference from ENGINE_by_id(). */ + /* + * ENGINE_init() returned a functional reference, so free the structural + * reference from ENGINE_by_id(). + */ ENGINE_free(e); - while(post_num--) { - if(!ENGINE_ctrl_cmd_string(e, post_cmds[0], post_cmds[1], 0)) { + while (post_num--) { + if (!ENGINE_ctrl_cmd_string(e, post_cmds[0], post_cmds[1], 0)) { fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id, - post_cmds[0], post_cmds[1] ? post_cmds[1] : "(NULL)"); + post_cmds[0], post_cmds[1] ? post_cmds[1] : "(NULL)"); ENGINE_finish(e); return 0; } @@ -546,7 +518,7 @@ If an ENGINE specifies the ENGINE_FLAGS_MANUAL_CMD_CTRL flag, then it will simply pass all these "core" control commands directly to the ENGINE's ctrl() handler (and thus, it must have supplied one), so it is up to the ENGINE to reply to these "discovery" commands itself. If that flag is not set, then the -OpenSSL framework code will work with the following rules; +OpenSSL framework code will work with the following rules: if no ctrl() handler supplied; ENGINE_HAS_CTRL_FUNCTION returns FALSE (zero), @@ -596,18 +568,92 @@ extension). =item B The path to the engines directory. +Ignored in set-user-ID and set-group-ID programs. =back +=head1 RETURN VALUES + +ENGINE_get_first(), ENGINE_get_last(), ENGINE_get_next() and ENGINE_get_prev() +return a valid B structure or NULL if an error occurred. + +ENGINE_add() and ENGINE_remove() return 1 on success or 0 on error. + +ENGINE_by_id() returns a valid B structure or NULL if an error occurred. + +ENGINE_init() and ENGINE_finish() return 1 on success or 0 on error. + +All ENGINE_get_default_TYPE() functions, ENGINE_get_cipher_engine() and +ENGINE_get_digest_engine() return a valid B structure on success or NULL +if an error occurred. + +All ENGINE_set_default_TYPE() functions return 1 on success or 0 on error. + +ENGINE_set_default() returns 1 on success or 0 on error. + +ENGINE_get_table_flags() returns an unsigned integer value representing the +global table flags which are used to control the registration behaviour of +B implementations. + +All ENGINE_register_TYPE() functions return 1 on success or 0 on error. + +ENGINE_register_complete() and ENGINE_register_all_complete() return 1 on success +or 0 on error. + +ENGINE_ctrl() returns a positive value on success or others on error. + +ENGINE_cmd_is_executable() returns 1 if B is executable or 0 otherwise. + +ENGINE_ctrl_cmd() and ENGINE_ctrl_cmd_string() return 1 on success or 0 on error. + +ENGINE_new() returns a valid B structure on success or NULL if an error +occurred. + +ENGINE_free() returns 1 on success or 0 on error. + +ENGINE_up_ref() returns 1 on success or 0 on error. + +ENGINE_set_id() and ENGINE_set_name() return 1 on success or 0 on error. + +All other B functions return 1 on success or 0 on error. + +ENGINE_get_id() and ENGINE_get_name() return a string representing the identifier +and the name of the ENGINE B respectively. + +ENGINE_get_RSA(), ENGINE_get_DSA(), ENGINE_get_DH() and ENGINE_get_RAND() +return corresponding method structures for each algorithms. + +ENGINE_get_destroy_function(), ENGINE_get_init_function(), +ENGINE_get_finish_function(), ENGINE_get_ctrl_function(), +ENGINE_get_load_privkey_function(), ENGINE_get_load_pubkey_function(), +ENGINE_get_ciphers() and ENGINE_get_digests() return corresponding function +pointers of the callbacks. + +ENGINE_get_cipher() returns a valid B structure on success or NULL +if an error occurred. + +ENGINE_get_digest() returns a valid B structure on success or NULL if an +error occurred. + +ENGINE_get_flags() returns an integer representing the ENGINE flags which are +used to control various behaviours of an ENGINE. + +ENGINE_get_cmd_defns() returns an B structure or NULL if it's +not set. + +ENGINE_load_private_key() and ENGINE_load_public_key() return a valid B +structure on success or NULL if an error occurred. + =head1 SEE ALSO -L, L, L, L, L +L, L, L, L, +L, L =head1 HISTORY -ENGINE_cleanup(), ENGINE_load_openssl(), ENGINE_load_dynamic(), and -ENGINE_load_cryptodev() were deprecated in OpenSSL 1.1.0 by -OPENSSL_init_crypto(). +ENGINE_cleanup() was deprecated in OpenSSL 1.1.0 by the automatic cleanup +done by OPENSSL_cleanup() +and should not be used. =head1 COPYRIGHT diff --git a/deps/openssl/openssl/doc/crypto/ERR_GET_LIB.pod b/deps/openssl/openssl/doc/man3/ERR_GET_LIB.pod similarity index 100% rename from deps/openssl/openssl/doc/crypto/ERR_GET_LIB.pod rename to deps/openssl/openssl/doc/man3/ERR_GET_LIB.pod diff --git a/deps/openssl/openssl/doc/crypto/ERR_clear_error.pod b/deps/openssl/openssl/doc/man3/ERR_clear_error.pod similarity index 100% rename from deps/openssl/openssl/doc/crypto/ERR_clear_error.pod rename to deps/openssl/openssl/doc/man3/ERR_clear_error.pod diff --git a/deps/openssl/openssl/doc/crypto/ERR_error_string.pod b/deps/openssl/openssl/doc/man3/ERR_error_string.pod similarity index 100% rename from deps/openssl/openssl/doc/crypto/ERR_error_string.pod rename to deps/openssl/openssl/doc/man3/ERR_error_string.pod diff --git a/deps/openssl/openssl/doc/crypto/ERR_get_error.pod b/deps/openssl/openssl/doc/man3/ERR_get_error.pod similarity index 92% rename from deps/openssl/openssl/doc/crypto/ERR_get_error.pod rename to deps/openssl/openssl/doc/man3/ERR_get_error.pod index 3b223c99de9021..a76df03882d8e5 100644 --- a/deps/openssl/openssl/doc/crypto/ERR_get_error.pod +++ b/deps/openssl/openssl/doc/man3/ERR_get_error.pod @@ -20,11 +20,11 @@ ERR_peek_last_error_line_data - obtain error code and data unsigned long ERR_peek_last_error_line(const char **file, int *line); unsigned long ERR_get_error_line_data(const char **file, int *line, - const char **data, int *flags); + const char **data, int *flags); unsigned long ERR_peek_error_line_data(const char **file, int *line, - const char **data, int *flags); + const char **data, int *flags); unsigned long ERR_peek_last_error_line_data(const char **file, int *line, - const char **data, int *flags); + const char **data, int *flags); =head1 DESCRIPTION diff --git a/deps/openssl/openssl/doc/crypto/ERR_load_crypto_strings.pod b/deps/openssl/openssl/doc/man3/ERR_load_crypto_strings.pod similarity index 76% rename from deps/openssl/openssl/doc/crypto/ERR_load_crypto_strings.pod rename to deps/openssl/openssl/doc/man3/ERR_load_crypto_strings.pod index 56d91d5dc969f7..c503241d16c48d 100644 --- a/deps/openssl/openssl/doc/crypto/ERR_load_crypto_strings.pod +++ b/deps/openssl/openssl/doc/man3/ERR_load_crypto_strings.pod @@ -24,16 +24,12 @@ Deprecated: =head1 DESCRIPTION -All of the following functions are deprecated from OpenSSL 1.1.0. No explicit -initialisation or de-initialisation is necessary. See L -and L. - ERR_load_crypto_strings() registers the error strings for all B functions. SSL_load_error_strings() does the same, but also registers the B error strings. -In versions of OpenSSL prior to 1.1.0 ERR_free_strings() freed all previously -loaded error strings. However from OpenSSL 1.1.0 it does nothing. +In versions prior to OpenSSL 1.1.0, +ERR_free_strings() releases any resources created by the above functions. =head1 RETURN VALUES @@ -48,7 +44,7 @@ L The ERR_load_crypto_strings(), SSL_load_error_strings(), and ERR_free_strings() functions were deprecated in OpenSSL 1.1.0 by -OPENSSL_init_crypto() and OPENSSL_init_ssl(). +OPENSSL_init_crypto() and OPENSSL_init_ssl() and should not be used. =head1 COPYRIGHT diff --git a/deps/openssl/openssl/doc/crypto/ERR_load_strings.pod b/deps/openssl/openssl/doc/man3/ERR_load_strings.pod similarity index 90% rename from deps/openssl/openssl/doc/crypto/ERR_load_strings.pod rename to deps/openssl/openssl/doc/man3/ERR_load_strings.pod index ee8de2c9dc578d..3167f2715052df 100644 --- a/deps/openssl/openssl/doc/crypto/ERR_load_strings.pod +++ b/deps/openssl/openssl/doc/man3/ERR_load_strings.pod @@ -23,8 +23,8 @@ B is an array of error string data: typedef struct ERR_string_data_st { - unsigned long error; - char *string; + unsigned long error; + char *string; } ERR_STRING_DATA; The error code is generated from the library number and a function and @@ -36,7 +36,7 @@ The last entry in the array is {0,0}. ERR_get_next_error_library() can be used to assign library numbers to user libraries at runtime. -=head1 RETURN VALUE +=head1 RETURN VALUES ERR_load_strings() returns no value. ERR_PACK() return the error code. ERR_get_next_error_library() returns zero on failure, otherwise a new @@ -48,7 +48,7 @@ L =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/ERR_print_errors.pod b/deps/openssl/openssl/doc/man3/ERR_print_errors.pod similarity index 97% rename from deps/openssl/openssl/doc/crypto/ERR_print_errors.pod rename to deps/openssl/openssl/doc/man3/ERR_print_errors.pod index 134b374d0d9442..f7e612f6188693 100644 --- a/deps/openssl/openssl/doc/crypto/ERR_print_errors.pod +++ b/deps/openssl/openssl/doc/man3/ERR_print_errors.pod @@ -11,8 +11,7 @@ ERR_print_errors, ERR_print_errors_fp, ERR_print_errors_cb void ERR_print_errors(BIO *bp); void ERR_print_errors_fp(FILE *fp); - void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), - void *u) + void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), void *u) =head1 DESCRIPTION diff --git a/deps/openssl/openssl/doc/crypto/ERR_put_error.pod b/deps/openssl/openssl/doc/man3/ERR_put_error.pod similarity index 94% rename from deps/openssl/openssl/doc/crypto/ERR_put_error.pod rename to deps/openssl/openssl/doc/man3/ERR_put_error.pod index 14695baa195386..4fba618db4f25d 100644 --- a/deps/openssl/openssl/doc/crypto/ERR_put_error.pod +++ b/deps/openssl/openssl/doc/man3/ERR_put_error.pod @@ -2,17 +2,16 @@ =head1 NAME -ERR_put_error, ERR_add_error_data - record an error +ERR_put_error, ERR_add_error_data, ERR_add_error_vdata - record an error =head1 SYNOPSIS #include - void ERR_put_error(int lib, int func, int reason, const char *file, - int line); + void ERR_put_error(int lib, int func, int reason, const char *file, int line); void ERR_add_error_data(int num, ...); - void ERR_add_error_data(int num, va_list arg); + void ERR_add_error_vdata(int num, va_list arg); =head1 DESCRIPTION diff --git a/deps/openssl/openssl/doc/man3/ERR_remove_state.pod b/deps/openssl/openssl/doc/man3/ERR_remove_state.pod new file mode 100644 index 00000000000000..8f4d3fcafa4e83 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/ERR_remove_state.pod @@ -0,0 +1,49 @@ +=pod + +=head1 NAME + +ERR_remove_thread_state, ERR_remove_state - DEPRECATED + +=head1 SYNOPSIS + +Deprecated: + + #if OPENSSL_API_COMPAT < 0x10000000L + void ERR_remove_state(unsigned long tid); + #endif + + #if OPENSSL_API_COMPAT < 0x10100000L + void ERR_remove_thread_state(void *tid); + #endif + +=head1 DESCRIPTION + +ERR_remove_state() frees the error queue associated with the specified +thread, identified by B. +ERR_remove_thread_state() does the same thing, except the identifier is +an opaque pointer. + +=head1 RETURN VALUES + +ERR_remove_state() and ERR_remove_thread_state() return no value. + +=head1 SEE ALSO + +LL + +=head1 HISTORY + +ERR_remove_state() was deprecated in OpenSSL 1.0.0 and +ERR_remove_thread_state() was deprecated in OpenSSL 1.1.0; these functions +and should not be used. + +=head1 COPYRIGHT + +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/crypto/ERR_set_mark.pod b/deps/openssl/openssl/doc/man3/ERR_set_mark.pod similarity index 100% rename from deps/openssl/openssl/doc/crypto/ERR_set_mark.pod rename to deps/openssl/openssl/doc/man3/ERR_set_mark.pod diff --git a/deps/openssl/openssl/doc/crypto/EVP_BytesToKey.pod b/deps/openssl/openssl/doc/man3/EVP_BytesToKey.pod similarity index 98% rename from deps/openssl/openssl/doc/crypto/EVP_BytesToKey.pod rename to deps/openssl/openssl/doc/man3/EVP_BytesToKey.pod index 728c94e9806dc6..8d49648f1fe4a7 100644 --- a/deps/openssl/openssl/doc/crypto/EVP_BytesToKey.pod +++ b/deps/openssl/openssl/doc/man3/EVP_BytesToKey.pod @@ -62,7 +62,7 @@ or 0 on error. =head1 SEE ALSO -L, L, +L, L, L, L diff --git a/deps/openssl/openssl/doc/crypto/EVP_CIPHER_CTX_get_cipher_data.pod b/deps/openssl/openssl/doc/man3/EVP_CIPHER_CTX_get_cipher_data.pod similarity index 100% rename from deps/openssl/openssl/doc/crypto/EVP_CIPHER_CTX_get_cipher_data.pod rename to deps/openssl/openssl/doc/man3/EVP_CIPHER_CTX_get_cipher_data.pod diff --git a/deps/openssl/openssl/doc/crypto/EVP_CIPHER_meth_new.pod b/deps/openssl/openssl/doc/man3/EVP_CIPHER_meth_new.pod similarity index 88% rename from deps/openssl/openssl/doc/crypto/EVP_CIPHER_meth_new.pod rename to deps/openssl/openssl/doc/man3/EVP_CIPHER_meth_new.pod index 08e8290bef58b2..437e8bd8b1aa94 100644 --- a/deps/openssl/openssl/doc/crypto/EVP_CIPHER_meth_new.pod +++ b/deps/openssl/openssl/doc/man3/EVP_CIPHER_meth_new.pod @@ -24,26 +24,26 @@ EVP_CIPHER_meth_get_ctrl - Routines to build up EVP_CIPHER methods int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags); int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size); int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher, - int (*init) (EVP_CIPHER_CTX *ctx, - const unsigned char *key, - const unsigned char *iv, - int enc)); + int (*init)(EVP_CIPHER_CTX *ctx, + const unsigned char *key, + const unsigned char *iv, + int enc)); int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher, - int (*do_cipher) (EVP_CIPHER_CTX *ctx, - unsigned char *out, - const unsigned char *in, - size_t inl)); + int (*do_cipher)(EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + size_t inl)); int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher, - int (*cleanup) (EVP_CIPHER_CTX *)); + int (*cleanup)(EVP_CIPHER_CTX *)); int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher, - int (*set_asn1_parameters) (EVP_CIPHER_CTX *, - ASN1_TYPE *)); + int (*set_asn1_parameters)(EVP_CIPHER_CTX *, + ASN1_TYPE *)); int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher, - int (*get_asn1_parameters) (EVP_CIPHER_CTX *, - ASN1_TYPE *)); + int (*get_asn1_parameters)(EVP_CIPHER_CTX *, + ASN1_TYPE *)); int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher, - int (*ctrl) (EVP_CIPHER_CTX *, int type, - int arg, void *ptr)); + int (*ctrl)(EVP_CIPHER_CTX *, int type, + int arg, void *ptr)); int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, const unsigned char *key, @@ -57,7 +57,7 @@ EVP_CIPHER_meth_get_ctrl - Routines to build up EVP_CIPHER methods int (*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, ASN1_TYPE *); int (*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, - ASN1_TYPE *); + ASN1_TYPE *); int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, int type, int arg, void *ptr); @@ -73,7 +73,7 @@ EVP_CIPHER_meth_dup() creates a copy of B. EVP_CIPHER_meth_free() destroys a B structure. -EVP_CIPHER_meth_iv_length() sets the length of the IV. +EVP_CIPHER_meth_set_iv_length() sets the length of the IV. This is only needed when the implemented cipher mode requires it. EVP_CIPHER_meth_set_flags() sets the flags to describe optional @@ -148,7 +148,7 @@ Use the default EVP routines to pass IV to and from ASN.1. =item EVP_CIPH_FLAG_LENGTH_BITS Signals that the length of the input buffer for encryption / -decryption is to be understood as the number of bits bits instead of +decryption is to be understood as the number of bits instead of bytes for this implementation. This is only useful for CFB1 ciphers. @@ -237,13 +237,11 @@ L =head1 HISTORY -The B structure was openly available in OpenSSL before version -1.1.0. The functions described here were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/EVP_DigestInit.pod b/deps/openssl/openssl/doc/man3/EVP_DigestInit.pod new file mode 100644 index 00000000000000..5ecbcc5e89925a --- /dev/null +++ b/deps/openssl/openssl/doc/man3/EVP_DigestInit.pod @@ -0,0 +1,391 @@ +=pod + +=head1 NAME + +EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_copy_ex, +EVP_MD_CTX_ctrl, EVP_MD_CTX_set_flags, EVP_MD_CTX_clear_flags, +EVP_MD_CTX_test_flags, EVP_DigestInit_ex, EVP_DigestInit, EVP_DigestUpdate, +EVP_DigestFinal_ex, EVP_DigestFinalXOF, EVP_DigestFinal, +EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, +EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, +EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_MD_CTX_md_data, +EVP_md_null, +EVP_get_digestbyname, EVP_get_digestbynid, +EVP_get_digestbyobj, +EVP_MD_CTX_set_pkey_ctx - EVP digest routines + +=head1 SYNOPSIS + + #include + + EVP_MD_CTX *EVP_MD_CTX_new(void); + int EVP_MD_CTX_reset(EVP_MD_CTX *ctx); + void EVP_MD_CTX_free(EVP_MD_CTX *ctx); + void EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void* p2); + void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); + void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); + int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags); + + int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); + int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); + int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); + int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t len); + + int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in); + + int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); + int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); + + int EVP_MD_CTX_copy(EVP_MD_CTX *out, EVP_MD_CTX *in); + + int EVP_MD_type(const EVP_MD *md); + int EVP_MD_pkey_type(const EVP_MD *md); + int EVP_MD_size(const EVP_MD *md); + int EVP_MD_block_size(const EVP_MD *md); + + const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); + int EVP_MD_CTX_size(const EVP_MD *ctx); + int EVP_MD_CTX_block_size(const EVP_MD *ctx); + int EVP_MD_CTX_type(const EVP_MD *ctx); + void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx); + + const EVP_MD *EVP_md_null(void); + + const EVP_MD *EVP_get_digestbyname(const char *name); + const EVP_MD *EVP_get_digestbynid(int type); + const EVP_MD *EVP_get_digestbyobj(const ASN1_OBJECT *o); + + void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx); + +=head1 DESCRIPTION + +The EVP digest routines are a high level interface to message digests, +and should be used instead of the cipher-specific functions. + +=over 4 + +=item EVP_MD_CTX_new() + +Allocates and returns a digest context. + +=item EVP_MD_CTX_reset() + +Resets the digest context B. This can be used to reuse an already +existing context. + +=item EVP_MD_CTX_free() + +Cleans up digest context B and frees up the space allocated to it. + +=item EVP_MD_CTX_ctrl() + +Performs digest-specific control actions on context B. + +=item EVP_MD_CTX_set_flags(), EVP_MD_CTX_clear_flags(), EVP_MD_CTX_test_flags() + +Sets, clears and tests B flags. See L below for more information. + +=item EVP_DigestInit_ex() + +Sets up digest context B to use a digest B from ENGINE B. +B will typically be supplied by a function such as EVP_sha1(). If +B is NULL then the default implementation of digest B is used. + +=item EVP_DigestUpdate() + +Hashes B bytes of data at B into the digest context B. This +function can be called several times on the same B to hash additional +data. + +=item EVP_DigestFinal_ex() + +Retrieves the digest value from B and places it in B. If the B +parameter is not NULL then the number of bytes of data written (i.e. the +length of the digest) will be written to the integer at B, at most +B bytes will be written. After calling EVP_DigestFinal_ex() +no additional calls to EVP_DigestUpdate() can be made, but +EVP_DigestInit_ex() can be called to initialize a new digest operation. + +=item EVP_DigestFinalXOF() + +Interfaces to extendable-output functions, XOFs, such as SHAKE128 and SHAKE256. +It retrieves the digest value from B and places it in B-sized md. +After calling this function no additional calls to EVP_DigestUpdate() can be +made, but EVP_DigestInit_ex() can be called to initialize a new operation. + +=item EVP_MD_CTX_copy_ex() + +Can be used to copy the message digest state from B to B. This is +useful if large amounts of data are to be hashed which only differ in the last +few bytes. + +=item EVP_DigestInit() + +Behaves in the same way as EVP_DigestInit_ex() except it always uses the +default digest implementation. + +=item EVP_DigestFinal() + +Similar to EVP_DigestFinal_ex() except the digest context B is +automatically cleaned up. + +=item EVP_MD_CTX_copy() + +Similar to EVP_MD_CTX_copy_ex() except the destination B does not have to +be initialized. + +=item EVP_MD_size(), +EVP_MD_CTX_size() + +Return the size of the message digest when passed an B or an +B structure, i.e. the size of the hash. + +=item EVP_MD_block_size(), +EVP_MD_CTX_block_size() + +Return the block size of the message digest when passed an B or an +B structure. + +=item EVP_MD_type(), +EVP_MD_CTX_type() + +Return the NID of the OBJECT IDENTIFIER representing the given message digest +when passed an B structure. For example, C +returns B. This function is normally used when setting ASN1 OIDs. + +=item EVP_MD_CTX_md_data() + +Return the digest method private data for the passed B. +The space is allocated by OpenSSL and has the size originally set with +EVP_MD_meth_set_app_datasize(). + +=item EVP_MD_CTX_md() + +Returns the B structure corresponding to the passed B. + +=item EVP_MD_pkey_type() + +Returns the NID of the public key signing algorithm associated with this +digest. For example EVP_sha1() is associated with RSA so this will return +B. Since digests and signature algorithms are no +longer linked this function is only retained for compatibility reasons. + +=item EVP_md_null() + +A "null" message digest that does nothing: i.e. the hash it returns is of zero +length. + +=item EVP_get_digestbyname(), +EVP_get_digestbynid(), +EVP_get_digestbyobj() + +Returns an B structure when passed a digest name, a digest B or an +B structure respectively. + +=item EVP_MD_CTX_set_pkey_ctx() + +Assigns an B to B. This is usually used to provide +a customzied B to L or +L. The B passed to this function should be freed +by the caller. A NULL B pointer is also allowed to clear the B +assigned to B. In such case, freeing the cleared B or not +depends on how the B is created. + +=back + +=head1 FLAGS + +EVP_MD_CTX_set_flags(), EVP_MD_CTX_clear_flags() and EVP_MD_CTX_test_flags() +can be used the manipulate and test these B flags: + +=over 4 + +=item EVP_MD_CTX_FLAG_ONESHOT + +This flag instructs the digest to optimize for one update only, if possible. + +=for comment EVP_MD_CTX_FLAG_CLEANED is internal, don't mention it + +=for comment EVP_MD_CTX_FLAG_REUSE is internal, don't mention it + +=for comment We currently avoid documenting flags that are only bit holder: +EVP_MD_CTX_FLAG_NON_FIPS_ALLOW, EVP_MD_CTX_FLAGS_PAD_* + +=item EVP_MD_CTX_FLAG_NO_INIT + +This flag instructs EVP_DigestInit() and similar not to initialise the +implementation specific data. + +=item EVP_MD_CTX_FLAG_FINALISE + +Some functions such as EVP_DigestSign only finalise copies of internal +contexts so additional data can be included after the finalisation call. +This is inefficient if this functionality is not required, and can be +disabled with this flag. + +=back + +=head1 RETURN VALUES + +=over 4 + +=item EVP_DigestInit_ex(), +EVP_DigestUpdate(), +EVP_DigestFinal_ex() + +Returns 1 for +success and 0 for failure. + +=item EVP_MD_CTX_ctrl() + +Returns 1 if successful or 0 for failure. + +=item EVP_MD_CTX_copy_ex() + +Returns 1 if successful or 0 for failure. + +=item EVP_MD_type(), +EVP_MD_pkey_type(), +EVP_MD_type() + +Returns the NID of the corresponding OBJECT IDENTIFIER or NID_undef if none +exists. + +=item EVP_MD_size(), +EVP_MD_block_size(), +EVP_MD_CTX_size(), +EVP_MD_CTX_block_size() + +Returns the digest or block size in bytes. + +=item EVP_md_null() + +Returns a pointer to the B structure of the "null" message digest. + +=item EVP_get_digestbyname(), +EVP_get_digestbynid(), +EVP_get_digestbyobj() + +Returns either an B structure or NULL if an error occurs. + +=item EVP_MD_CTX_set_pkey_ctx() + +This function has no return value. + +=back + +=head1 NOTES + +The B interface to message digests should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the digest used and much more flexible. + +New applications should use the SHA-2 (such as L) or the SHA-3 +digest algorithms (such as L). The other digest algorithms +are still in common use. + +For most applications the B parameter to EVP_DigestInit_ex() will be +set to NULL to use the default digest implementation. + +The functions EVP_DigestInit(), EVP_DigestFinal() and EVP_MD_CTX_copy() are +obsolete but are retained to maintain compatibility with existing code. New +applications should use EVP_DigestInit_ex(), EVP_DigestFinal_ex() and +EVP_MD_CTX_copy_ex() because they can efficiently reuse a digest context +instead of initializing and cleaning it up on each call and allow non default +implementations of digests to be specified. + +If digest contexts are not cleaned up after use, +memory leaks will occur. + +EVP_MD_CTX_size(), EVP_MD_CTX_block_size(), EVP_MD_CTX_type(), +EVP_get_digestbynid() and EVP_get_digestbyobj() are defined as +macros. + +EVP_MD_CTX_ctrl() sends commands to message digests for additional configuration +or control. + +=head1 EXAMPLE + +This example digests the data "Test Message\n" and "Hello World\n", using the +digest name passed on the command line. + + #include + #include + #include + + int main(int argc, char *argv[]) + { + EVP_MD_CTX *mdctx; + const EVP_MD *md; + char mess1[] = "Test Message\n"; + char mess2[] = "Hello World\n"; + unsigned char md_value[EVP_MAX_MD_SIZE]; + unsigned int md_len, i; + + if (argv[1] == NULL) { + printf("Usage: mdtest digestname\n"); + exit(1); + } + + md = EVP_get_digestbyname(argv[1]); + if (md == NULL) { + printf("Unknown message digest %s\n", argv[1]); + exit(1); + } + + mdctx = EVP_MD_CTX_new(); + EVP_DigestInit_ex(mdctx, md, NULL); + EVP_DigestUpdate(mdctx, mess1, strlen(mess1)); + EVP_DigestUpdate(mdctx, mess2, strlen(mess2)); + EVP_DigestFinal_ex(mdctx, md_value, &md_len); + EVP_MD_CTX_free(mdctx); + + printf("Digest is: "); + for (i = 0; i < md_len; i++) + printf("%02x", md_value[i]); + printf("\n"); + + exit(0); + } + +=head1 SEE ALSO + +L, +L + +The full list of digest algorithms are provided below. + +L, +L, +L, +L, +L, +L, +L, +L, +L, +L, +L + +=head1 HISTORY + +EVP_MD_CTX_create() and EVP_MD_CTX_destroy() were renamed to +EVP_MD_CTX_new() and EVP_MD_CTX_free() in OpenSSL 1.1.0. + +The link between digests and signing algorithms was fixed in OpenSSL 1.0 and +later, so now EVP_sha1() can be used with RSA and DSA. + +EVP_dss1() was removed in OpenSSL 1.1.0. + +EVP_MD_CTX_set_pkey_ctx() was added in 1.1.1. + +=head1 COPYRIGHT + +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/crypto/EVP_DigestSignInit.pod b/deps/openssl/openssl/doc/man3/EVP_DigestSignInit.pod similarity index 67% rename from deps/openssl/openssl/doc/crypto/EVP_DigestSignInit.pod rename to deps/openssl/openssl/doc/man3/EVP_DigestSignInit.pod index a3938d58002d83..773de87efac4dd 100644 --- a/deps/openssl/openssl/doc/crypto/EVP_DigestSignInit.pod +++ b/deps/openssl/openssl/doc/man3/EVP_DigestSignInit.pod @@ -2,7 +2,8 @@ =head1 NAME -EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal - EVP signing functions +EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal, +EVP_DigestSign - EVP signing functions =head1 SYNOPSIS @@ -13,23 +14,34 @@ EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal - EVP signing func int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen); + int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, + size_t *siglen, const unsigned char *tbs, + size_t tbslen); + =head1 DESCRIPTION The EVP signature routines are a high level interface to digital signatures. EVP_DigestSignInit() sets up signing context B to use digest B from -ENGINE B and private key B. B must be created with +ENGINE B and private key B. B must be created with EVP_MD_CTX_new() before calling this function. If B is not NULL, the EVP_PKEY_CTX of the signing operation will be written to B<*pctx>: this can be used to set alternative signing options. Note that any existing value in B<*pctx> is overwritten. The EVP_PKEY_CTX value returned must not be freed -directly by the application (it will be freed automatically when the EVP_MD_CTX -is freed). The digest B may be NULL if the signing algorithm supports it. +directly by the application if B is not assigned an EVP_PKEY_CTX value before +being passed to EVP_DigestSignInit() (which means the EVP_PKEY_CTX is created +inside EVP_DigestSignInit() and it will be freed automatically when the +EVP_MD_CTX is freed). + +The digest B may be NULL if the signing algorithm supports it. + +No B will be created by EVP_DigsetSignInit() if the passed B +has already been assigned one via L. See also L. Only EVP_PKEY types that support signing can be used with these functions. This includes MAC algorithms where the MAC generation is considered as a form of -"signing". Built-in EVP_PKEY types supported by these functions are CMAC, DSA, -ECDSA, HMAC and RSA. +"signing". Built-in EVP_PKEY types supported by these functions are CMAC, +Poly1305, DSA, ECDSA, HMAC, RSA, SipHash, Ed25519 and Ed448. Not all digests can be used for all key types. The following combinations apply. @@ -41,7 +53,7 @@ Supports SHA1, SHA224, SHA256, SHA384 and SHA512 =item ECDSA -Supports SHA1, SHA224, SHA256, SHA384 and SHA512 +Supports SHA1, SHA224, SHA256, SHA384, SHA512 and SM3 =item RSA with no padding @@ -54,18 +66,24 @@ Supports SHA1, SHA256, SHA384 and SHA512 =item All other RSA padding types Support SHA1, SHA224, SHA256, SHA384, SHA512, MD5, MD5_SHA1, MD2, MD4, MDC2, -RIPEMD160 +SHA3-224, SHA3-256, SHA3-384, SHA3-512 + +=item Ed25519 and Ed448 + +Support no digests (the digest B must be NULL) =item HMAC Supports any digest -=item CMAC +=item CMAC, Poly1305 and SipHash Will ignore any digest provided. =back +If RSA-PSS is used and restrictions apply then the digest must match. + EVP_DigestSignUpdate() hashes B bytes of data at B into the signature context B. This function can be called several times on the same B to include additional data. This function is currently implemented @@ -78,12 +96,16 @@ B parameter should contain the length of the B buffer. If the call is successful the signature is written to B and the amount of data written to B. +EVP_DigestSign() signs B bytes of data at B and places the +signature in B and its length in B in a similar way to +EVP_DigestSignFinal(). + =head1 RETURN VALUES -EVP_DigestSignInit() EVP_DigestSignUpdate() and EVP_DigestSignaFinal() return -1 for success and 0 or a negative value for failure. In particular, a return -value of -2 indicates the operation is not supported by the public key -algorithm. +EVP_DigestSignInit(), EVP_DigestSignUpdate(), EVP_DigestSignaFinal() and +EVP_DigestSign() return 1 for success and 0 or a negative value for failure. In +particular, a return value of -2 indicates the operation is not supported by the +public key algorithm. The error codes can be obtained from L. @@ -93,6 +115,11 @@ The B interface to digital signatures should almost always be used in preference to the low level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. +EVP_DigestSign() is a one shot operation which signs a single block of data +in one function. For algorithms that support streaming it is equivalent to +calling EVP_DigestSignUpdate() and EVP_DigestSignFinal(). For algorithms which +do not support streaming (e.g. PureEdDSA) it is the only way to sign data. + In previous versions of OpenSSL there was a link between message digest types and public key algorithms. This meant that "clone" digests such as EVP_dss1() needed to be used to sign using SHA1 and DSA. This is no longer necessary and @@ -106,7 +133,7 @@ context. This means that calls to EVP_DigestSignUpdate() and EVP_DigestSignFinal() can be called later to digest and sign additional data. Since only a copy of the digest context is ever finalized, the context must -be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak +be cleaned up after use by calling EVP_MD_CTX_free() or a memory leak will occur. The use of EVP_PKEY_size() with these functions is discouraged because some diff --git a/deps/openssl/openssl/doc/crypto/EVP_DigestVerifyInit.pod b/deps/openssl/openssl/doc/man3/EVP_DigestVerifyInit.pod similarity index 62% rename from deps/openssl/openssl/doc/crypto/EVP_DigestVerifyInit.pod rename to deps/openssl/openssl/doc/man3/EVP_DigestVerifyInit.pod index ff1153b644bdd8..e93ac2ef08107c 100644 --- a/deps/openssl/openssl/doc/crypto/EVP_DigestVerifyInit.pod +++ b/deps/openssl/openssl/doc/man3/EVP_DigestVerifyInit.pod @@ -2,30 +2,39 @@ =head1 NAME -EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal - EVP signature verification functions +EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal, +EVP_DigestVerify - EVP signature verification functions =head1 SYNOPSIS #include int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); + const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); - int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, size_t siglen); + int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen); + int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, + size_t siglen, const unsigned char *tbs, size_t tbslen); =head1 DESCRIPTION The EVP signature routines are a high level interface to digital signatures. EVP_DigestVerifyInit() sets up verification context B to use digest -B from ENGINE B and public key B. B must be created +B from ENGINE B and public key B. B must be created with EVP_MD_CTX_new() before calling this function. If B is not NULL, the EVP_PKEY_CTX of the verification operation will be written to B<*pctx>: this can be used to set alternative verification options. Note that any existing -value in B<*pctx> is overwritten. The EVP_PKEY_CTX value returned must not be -freed directly by the application (it will be freed automatically when the +value in B<*pctx> is overwritten. The EVP_PKEY_CTX value returned must not be freed +directly by the application if B is not assigned an EVP_PKEY_CTX value before +being passed to EVP_DigestSignInit() (which means the EVP_PKEY_CTX is created +inside EVP_DigestSignInit() and it will be freed automatically when the EVP_MD_CTX is freed). +No B will be created by EVP_DigsetSignInit() if the passed B +has already been assigned one via L. See also L. + EVP_DigestVerifyUpdate() hashes B bytes of data at B into the verification context B. This function can be called several times on the same B to include additional data. This function is currently implemented @@ -34,16 +43,19 @@ using a macro. EVP_DigestVerifyFinal() verifies the data in B against the signature in B of length B. +EVP_DigestVerify() verifies B bytes at B against the signature +in B of length B. + =head1 RETURN VALUES EVP_DigestVerifyInit() and EVP_DigestVerifyUpdate() return 1 for success and 0 for failure. -EVP_DigestVerifyFinal() returns 1 for success; any other value indicates -failure. A return value of zero indicates that the signature did not verify -successfully (that is, tbs did not match the original data or the signature had -an invalid form), while other values indicate a more serious error (and -sometimes also indicate an invalid signature form). +EVP_DigestVerifyFinal() and EVP_DigestVerify() return 1 for success; any other +value indicates failure. A return value of zero indicates that the signature +did not verify successfully (that is, B did not match the original data or +the signature had an invalid form), while other values indicate a more serious +error (and sometimes also indicate an invalid signature form). The error codes can be obtained from L. @@ -53,6 +65,12 @@ The B interface to digital signatures should almost always be used in preference to the low level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. +EVP_DigestVerify() is a one shot operation which verifies a single block of +data in one function. For algorithms that support streaming it is equivalent +to calling EVP_DigestVerifyUpdate() and EVP_DigestVerifyFinal(). For +algorithms which do not support streaming (e.g. PureEdDSA) it is the only way +to verify data. + In previous versions of OpenSSL there was a link between message digest types and public key algorithms. This meant that "clone" digests such as EVP_dss1() needed to be used to sign using SHA1 and DSA. This is no longer necessary and @@ -66,7 +84,7 @@ context. This means that EVP_VerifyUpdate() and EVP_VerifyFinal() can be called later to digest and verify additional data. Since only a copy of the digest context is ever finalized, the context must -be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak +be cleaned up after use by calling EVP_MD_CTX_free() or a memory leak will occur. =head1 SEE ALSO diff --git a/deps/openssl/openssl/doc/crypto/EVP_EncodeInit.pod b/deps/openssl/openssl/doc/man3/EVP_EncodeInit.pod similarity index 98% rename from deps/openssl/openssl/doc/crypto/EVP_EncodeInit.pod rename to deps/openssl/openssl/doc/man3/EVP_EncodeInit.pod index d919b14b29a154..8055b100b25224 100644 --- a/deps/openssl/openssl/doc/crypto/EVP_EncodeInit.pod +++ b/deps/openssl/openssl/doc/man3/EVP_EncodeInit.pod @@ -24,8 +24,7 @@ EVP_DecodeBlock - EVP base 64 encode/decode routines void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); - int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned - char *out, int *outl); + int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); =head1 DESCRIPTION @@ -148,7 +147,7 @@ EVP_DecodeBlock() returns the length of the data decoded or -1 on error. =head1 SEE ALSO -L +L =head1 COPYRIGHT diff --git a/deps/openssl/openssl/doc/crypto/EVP_EncryptInit.pod b/deps/openssl/openssl/doc/man3/EVP_EncryptInit.pod similarity index 54% rename from deps/openssl/openssl/doc/crypto/EVP_EncryptInit.pod rename to deps/openssl/openssl/doc/man3/EVP_EncryptInit.pod index d1af772fc8e15a..5fdbc33ac10fbb 100644 --- a/deps/openssl/openssl/doc/crypto/EVP_EncryptInit.pod +++ b/deps/openssl/openssl/doc/man3/EVP_EncryptInit.pod @@ -2,37 +2,51 @@ =head1 NAME -EVP_CIPHER_CTX_new, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX_free, -EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal_ex, -EVP_DecryptInit_ex, EVP_DecryptUpdate, EVP_DecryptFinal_ex, -EVP_CipherInit_ex, EVP_CipherUpdate, EVP_CipherFinal_ex, -EVP_CIPHER_CTX_set_key_length, EVP_CIPHER_CTX_ctrl, EVP_EncryptInit, -EVP_EncryptFinal, EVP_DecryptInit, EVP_DecryptFinal, -EVP_CipherInit, EVP_CipherFinal, EVP_get_cipherbyname, -EVP_get_cipherbynid, EVP_get_cipherbyobj, EVP_CIPHER_nid, -EVP_CIPHER_block_size, EVP_CIPHER_key_length, EVP_CIPHER_iv_length, -EVP_CIPHER_flags, EVP_CIPHER_mode, EVP_CIPHER_type, EVP_CIPHER_CTX_cipher, -EVP_CIPHER_CTX_nid, EVP_CIPHER_CTX_block_size, EVP_CIPHER_CTX_key_length, -EVP_CIPHER_CTX_iv_length, EVP_CIPHER_CTX_get_app_data, -EVP_CIPHER_CTX_set_app_data, EVP_CIPHER_CTX_type, EVP_CIPHER_CTX_flags, -EVP_CIPHER_CTX_mode, EVP_CIPHER_param_to_asn1, EVP_CIPHER_asn1_to_param, -EVP_CIPHER_CTX_set_padding, EVP_enc_null, EVP_des_cbc, EVP_des_ecb, -EVP_des_cfb, EVP_des_ofb, EVP_des_ede_cbc, EVP_des_ede, EVP_des_ede_ofb, -EVP_des_ede_cfb, EVP_des_ede3_cbc, EVP_des_ede3, EVP_des_ede3_ofb, -EVP_des_ede3_cfb, EVP_desx_cbc, EVP_rc4, EVP_rc4_40, EVP_rc4_hmac_md5, -EVP_idea_cbc, EVP_idea_ecb, EVP_idea_cfb, EVP_idea_ofb, EVP_rc2_cbc, -EVP_rc2_ecb, EVP_rc2_cfb, EVP_rc2_ofb, EVP_rc2_40_cbc, EVP_rc2_64_cbc, -EVP_bf_cbc, EVP_bf_ecb, EVP_bf_cfb, EVP_bf_ofb, EVP_cast5_cbc, -EVP_cast5_ecb, EVP_cast5_cfb, EVP_cast5_ofb, EVP_rc5_32_12_16_cbc, -EVP_rc5_32_12_16_ecb, EVP_rc5_32_12_16_cfb, EVP_rc5_32_12_16_ofb, -EVP_aes_128_cbc, EVP_aes_128_ecb, EVP_aes_128_cfb, EVP_aes_128_ofb, -EVP_aes_192_cbc, EVP_aes_192_ecb, EVP_aes_192_cfb, EVP_aes_192_ofb, -EVP_aes_256_cbc, EVP_aes_256_ecb, EVP_aes_256_cfb, EVP_aes_256_ofb, -EVP_aes_128_gcm, EVP_aes_192_gcm, EVP_aes_256_gcm, -EVP_aes_128_ccm, EVP_aes_192_ccm, EVP_aes_256_ccm, -EVP_aes_128_cbc_hmac_sha1, EVP_aes_256_cbc_hmac_sha1, -EVP_aes_128_cbc_hmac_sha256, EVP_aes_256_cbc_hmac_sha256, -EVP_chacha20, EVP_chacha20_poly1305 - EVP cipher routines +EVP_CIPHER_CTX_new, +EVP_CIPHER_CTX_reset, +EVP_CIPHER_CTX_free, +EVP_EncryptInit_ex, +EVP_EncryptUpdate, +EVP_EncryptFinal_ex, +EVP_DecryptInit_ex, +EVP_DecryptUpdate, +EVP_DecryptFinal_ex, +EVP_CipherInit_ex, +EVP_CipherUpdate, +EVP_CipherFinal_ex, +EVP_CIPHER_CTX_set_key_length, +EVP_CIPHER_CTX_ctrl, +EVP_EncryptInit, +EVP_EncryptFinal, +EVP_DecryptInit, +EVP_DecryptFinal, +EVP_CipherInit, +EVP_CipherFinal, +EVP_get_cipherbyname, +EVP_get_cipherbynid, +EVP_get_cipherbyobj, +EVP_CIPHER_nid, +EVP_CIPHER_block_size, +EVP_CIPHER_key_length, +EVP_CIPHER_iv_length, +EVP_CIPHER_flags, +EVP_CIPHER_mode, +EVP_CIPHER_type, +EVP_CIPHER_CTX_cipher, +EVP_CIPHER_CTX_nid, +EVP_CIPHER_CTX_block_size, +EVP_CIPHER_CTX_key_length, +EVP_CIPHER_CTX_iv_length, +EVP_CIPHER_CTX_get_app_data, +EVP_CIPHER_CTX_set_app_data, +EVP_CIPHER_CTX_type, +EVP_CIPHER_CTX_flags, +EVP_CIPHER_CTX_mode, +EVP_CIPHER_param_to_asn1, +EVP_CIPHER_asn1_to_param, +EVP_CIPHER_CTX_set_padding, +EVP_enc_null +- EVP cipher routines =head1 SYNOPSIS @@ -45,44 +59,39 @@ EVP_chacha20, EVP_chacha20_poly1305 - EVP cipher routines void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx); int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - ENGINE *impl, const unsigned char *key, const unsigned char *iv); + ENGINE *impl, const unsigned char *key, const unsigned char *iv); int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl, const unsigned char *in, int inl); - int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl); + int *outl, const unsigned char *in, int inl); + int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - ENGINE *impl, const unsigned char *key, const unsigned char *iv); + ENGINE *impl, const unsigned char *key, const unsigned char *iv); int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl, const unsigned char *in, int inl); - int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, - int *outl); + int *outl, const unsigned char *in, int inl); + int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc); + ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc); int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl, const unsigned char *in, int inl); - int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, - int *outl); + int *outl, const unsigned char *in, int inl); + int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - const unsigned char *key, const unsigned char *iv); - int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl); + const unsigned char *key, const unsigned char *iv); + int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - const unsigned char *key, const unsigned char *iv); - int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, - int *outl); + const unsigned char *key, const unsigned char *iv); + int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - const unsigned char *key, const unsigned char *iv, int enc); - int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, - int *outl); + const unsigned char *key, const unsigned char *iv, int enc); + int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *x, int padding); int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); + int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key); const EVP_CIPHER *EVP_get_cipherbyname(const char *name); const EVP_CIPHER *EVP_get_cipherbynid(int nid); @@ -90,7 +99,6 @@ EVP_chacha20, EVP_chacha20_poly1305 - EVP cipher routines int EVP_CIPHER_nid(const EVP_CIPHER *e); int EVP_CIPHER_block_size(const EVP_CIPHER *e); - int EVP_CIPHER_key_length(const EVP_CIPHER *e) int EVP_CIPHER_key_length(const EVP_CIPHER *e); int EVP_CIPHER_iv_length(const EVP_CIPHER *e); unsigned long EVP_CIPHER_flags(const EVP_CIPHER *e); @@ -181,8 +189,7 @@ series of calls. EVP_EncryptInit(), EVP_DecryptInit() and EVP_CipherInit() behave in a similar way to EVP_EncryptInit_ex(), EVP_DecryptInit_ex() and -EVP_CipherInit_ex() except the B parameter does not need to be -initialized and they always use the default cipher implementation. +EVP_CipherInit_ex() except they always use the default cipher implementation. EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() are identical to EVP_EncryptFinal_ex(), EVP_DecryptFinal_ex() and @@ -240,8 +247,9 @@ EVP_CIPHER_CTX_cipher() returns the B structure when passed an B structure. EVP_CIPHER_mode() and EVP_CIPHER_CTX_mode() return the block cipher mode: -EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE or -EVP_CIPH_OFB_MODE. If the cipher is a stream cipher then +EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, +EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, +EVP_CIPH_WRAP_MODE or EVP_CIPH_OCB_MODE. If the cipher is a stream cipher then EVP_CIPH_STREAM_CIPHER is returned. EVP_CIPHER_param_to_asn1() sets the AlgorithmIdentifier "parameter" based @@ -265,6 +273,11 @@ is not supported. EVP_CIPHER_CTX_ctrl() allows various cipher specific parameters to be determined and set. +EVP_CIPHER_CTX_rand_key() generates a random key of the appropriate length +based on the cipher context. The EVP_CIPHER can provide its own random key +generation routine to support keys of a specific form. B must point to a +buffer at least as big as the value returned by EVP_CIPHER_CTX_key_length(). + =head1 RETURN VALUES EVP_CIPHER_CTX_new() returns a pointer to a newly created @@ -303,189 +316,145 @@ OBJECT IDENTIFIER or NID_undef if it has no defined OBJECT IDENTIFIER. EVP_CIPHER_CTX_cipher() returns an B structure. EVP_CIPHER_param_to_asn1() and EVP_CIPHER_asn1_to_param() return greater -than zero for success and zero or a negative number. +than zero for success and zero or a negative number on failure. + +EVP_CIPHER_CTX_rand_key() returns 1 for success. =head1 CIPHER LISTING All algorithms have a fixed key length unless otherwise stated. +Refer to L for the full list of ciphers available through the EVP +interface. + =over 4 =item EVP_enc_null() Null cipher: does nothing. -=item EVP_aes_128_cbc(), EVP_aes_128_ecb(), EVP_aes_128_cfb(), EVP_aes_128_ofb() - -AES with a 128-bit key in CBC, ECB, CFB and OFB modes respectively. - -=item EVP_aes_192_cbc(), EVP_aes_192_ecb(), EVP_aes_192_cfb(), EVP_aes_192_ofb() - -AES with a 192-bit key in CBC, ECB, CFB and OFB modes respectively. - -=item EVP_aes_256_cbc(), EVP_aes_256_ecb(), EVP_aes_256_cfb(), EVP_aes_256_ofb() - -AES with a 256-bit key in CBC, ECB, CFB and OFB modes respectively. - -=item EVP_des_cbc(), EVP_des_ecb(), EVP_des_cfb(), EVP_des_ofb() - -DES in CBC, ECB, CFB and OFB modes respectively. - -=item EVP_des_ede_cbc(), EVP_des_ede(), EVP_des_ede_ofb(), EVP_des_ede_cfb() +=back -Two key triple DES in CBC, ECB, CFB and OFB modes respectively. +=head1 AEAD Interface -=item EVP_des_ede3_cbc(), EVP_des_ede3(), EVP_des_ede3_ofb(), EVP_des_ede3_cfb() +The EVP interface for Authenticated Encryption with Associated Data (AEAD) +modes are subtly altered and several additional I operations are supported +depending on the mode specified. -Three key triple DES in CBC, ECB, CFB and OFB modes respectively. +To specify additional authenticated data (AAD), a call to EVP_CipherUpdate(), +EVP_EncryptUpdate() or EVP_DecryptUpdate() should be made with the output +parameter B set to B. -=item EVP_desx_cbc() +When decrypting, the return value of EVP_DecryptFinal() or EVP_CipherFinal() +indicates whether the operation was successful. If it does not indicate success, +the authentication operation has failed and any output data B be used +as it is corrupted. -DESX algorithm in CBC mode. +=head2 GCM and OCB Modes -=item EVP_rc4() +The following Is are supported in GCM and OCB modes. -RC4 stream cipher. This is a variable key length cipher with default key length 128 bits. +=over 4 -=item EVP_rc4_40() +=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL) -RC4 stream cipher with 40 bit key length. -This is obsolete and new code should use EVP_rc4() -and the EVP_CIPHER_CTX_set_key_length() function. +Sets the IV length. This call can only be made before specifying an IV. If +not called a default IV length is used. -=item EVP_idea_cbc() EVP_idea_ecb(), EVP_idea_cfb(), EVP_idea_ofb() +For GCM AES and OCB AES the default is 12 (i.e. 96 bits). For OCB mode the +maximum is 15. -IDEA encryption algorithm in CBC, ECB, CFB and OFB modes respectively. +=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag) -=item EVP_rc2_cbc(), EVP_rc2_ecb(), EVP_rc2_cfb(), EVP_rc2_ofb() +Writes C bytes of the tag value to the buffer indicated by C. +This call can only be made when encrypting data and B all data has been +processed (e.g. after an EVP_EncryptFinal() call). -RC2 encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key -length cipher with an additional parameter called "effective key bits" or "effective key length". -By default both are set to 128 bits. +For OCB, C must either be 16 or the value previously set via +B. -=item EVP_rc2_40_cbc(), EVP_rc2_64_cbc() +=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag) -RC2 algorithm in CBC mode with a default key length and effective key length of 40 and 64 bits. -These are obsolete and new code should use EVP_rc2_cbc(), EVP_CIPHER_CTX_set_key_length() and -EVP_CIPHER_CTX_ctrl() to set the key length and effective key length. +Sets the expected tag to C bytes from C. +The tag length can only be set before specifying an IV. +C must be between 1 and 16 inclusive. -=item EVP_bf_cbc(), EVP_bf_ecb(), EVP_bf_cfb(), EVP_bf_ofb() +For GCM, this call is only valid when decrypting data. -Blowfish encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key -length cipher. +For OCB, this call is valid when decrypting data to set the expected tag, +and before encryption to set the desired tag length. -=item EVP_cast5_cbc(), EVP_cast5_ecb(), EVP_cast5_cfb(), EVP_cast5_ofb() +In OCB mode, calling this before encryption with C set to C sets the +tag length. If this is not called prior to encryption, a default tag length is +used. -CAST encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key -length cipher. +For OCB AES, the default tag length is 16 (i.e. 128 bits). It is also the +maximum tag length for OCB. -=item EVP_rc5_32_12_16_cbc(), EVP_rc5_32_12_16_ecb(), EVP_rc5_32_12_16_cfb(), EVP_rc5_32_12_16_ofb() +=back -RC5 encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key length -cipher with an additional "number of rounds" parameter. By default the key length is set to 128 -bits and 12 rounds. +=head2 CCM Mode -=item EVP_aes_128_gcm(), EVP_aes_192_gcm(), EVP_aes_256_gcm() +The EVP interface for CCM mode is similar to that of the GCM mode but with a +few additional requirements and different I values. -AES Galois Counter Mode (GCM) for 128, 192 and 256 bit keys respectively. -These ciphers require additional control operations to function correctly: see -the L section below for details. +For CCM mode, the total plaintext or ciphertext length B be passed to +EVP_CipherUpdate(), EVP_EncryptUpdate() or EVP_DecryptUpdate() with the output +and input parameters (B and B) set to B and the length passed in +the B parameter. -=item EVP_aes_128_ocb(void), EVP_aes_192_ocb(void), EVP_aes_256_ocb(void) +The following Is are supported in CCM mode. -Offset Codebook Mode (OCB) for 128, 192 and 256 bit keys respectively. -These ciphers require additional control operations to function correctly: see -the L section below for details. +=over 4 -=item EVP_aes_128_ccm(), EVP_aes_192_ccm(), EVP_aes_256_ccm() +=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag) -AES Counter with CBC-MAC Mode (CCM) for 128, 192 and 256 bit keys respectively. -These ciphers require additional control operations to function correctly: see -CCM mode section below for details. +This call is made to set the expected B tag value when decrypting or +the length of the tag (with the C parameter set to NULL) when encrypting. +The tag length is often referred to as B. If not set a default value is +used (12 for AES). -=item EVP_chacha20() +=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_L, ivlen, NULL) -The ChaCha20 stream cipher. The key length is 256 bits, the IV is 96 bits long. +Sets the CCM B value. If not set a default is used (8 for AES). -=item EVP_chacha20_poly1305() +=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL) -Authenticated encryption with ChaCha20-Poly1305. Like EVP_chacha20() the key is -256 bits and the IV is 96 bits. This supports additional authenticated -data (AAD) and produces a 128 bit authentication tag. See the -L section for more information. +Sets the CCM nonce (IV) length. This call can only be made before specifying an +nonce value. The nonce length is given by B<15 - L> so it is 7 by default for +AES. =back -=head1 GCM and OCB Modes +=head2 ChaCha20-Poly1305 -For GCM and OCB mode ciphers the behaviour of the EVP interface is subtly -altered and several additional ctrl operations are supported. +The following Is are supported for the ChaCha20-Poly1305 AEAD algorithm. -To specify any additional authenticated data (AAD) a call to EVP_CipherUpdate(), -EVP_EncryptUpdate() or EVP_DecryptUpdate() should be made with the output -parameter B set to B. - -When decrypting the return value of EVP_DecryptFinal() or EVP_CipherFinal() -indicates if the operation was successful. If it does not indicate success -the authentication operation has failed and any output data B -be used as it is corrupted. - -The following ctrls are supported in both GCM and OCB modes: +=over 4 - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL); +=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL) -Sets the IV length: this call can only be made before specifying an IV. If -not called a default IV length is used. For GCM AES and OCB AES the default is -12 (i.e. 96 bits). For OCB mode the maximum is 15. +Sets the nonce length. This call can only be made before specifying the nonce. +If not called a default nonce length of 12 (i.e. 96 bits) is used. The maximum +nonce length is 16 (B, i.e. 128-bits). - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag); +=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag) -Writes B bytes of the tag value to the buffer indicated by B. +Writes C bytes of the tag value to the buffer indicated by C. This call can only be made when encrypting data and B all data has been -processed (e.g. after an EVP_EncryptFinal() call). For OCB mode the taglen must -either be 16 or the value previously set via EVP_CTRL_OCB_SET_TAGLEN. - - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag); +processed (e.g. after an EVP_EncryptFinal() call). -Sets the expected tag to B bytes from B. This call is only legal -when decrypting data. For OCB mode the taglen must either be 16 or the value -previously set via EVP_CTRL_AEAD_SET_TAG. - -In OCB mode calling this with B set to NULL sets the tag length. The tag -length can only be set before specifying an IV. If not called a default tag -length is used. For OCB AES the default is 16 (i.e. 128 bits). This is also the -maximum tag length for OCB. - -=head1 CCM Mode - -The behaviour of CCM mode ciphers is similar to GCM mode but with a few -additional requirements and different ctrl values. - -Like GCM and OCB modes any additional authenticated data (AAD) is passed by calling -EVP_CipherUpdate(), EVP_EncryptUpdate() or EVP_DecryptUpdate() with the output -parameter B set to B. Additionally the total plaintext or ciphertext -length B be passed to EVP_CipherUpdate(), EVP_EncryptUpdate() or -EVP_DecryptUpdate() with the output and input parameters (B and B) -set to B and the length passed in the B parameter. +C specified here must be 16 (B, i.e. 128-bits) or +less. -The following ctrls are supported in CCM mode: +=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag) - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag); +Sets the expected tag to C bytes from C. +The tag length can only be set before specifying an IV. +C must be between 1 and 16 (B) inclusive. +This call is only valid when decrypting data. -This call is made to set the expected B tag value when decrypting or -the length of the tag (with the B parameter set to NULL) when encrypting. -The tag length is often referred to as B. If not set a default value is -used (12 for AES). - - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_L, ivlen, NULL); - -Sets the CCM B value. If not set a default is used (8 for AES). - - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL); - -Sets the CCM nonce (IV) length: this call can only be made before specifying -an nonce value. The nonce length is given by B<15 - L> so it is 7 by default -for AES. +=back =head1 NOTES @@ -523,13 +492,11 @@ EVP_get_cipherbynid(), and EVP_get_cipherbyobj() are implemented as macros. =head1 BUGS -For RC5 the number of rounds can currently only be set to 8, 12 or 16. This is -a limitation of the current RC5 code rather than the EVP interface. - -EVP_MAX_KEY_LENGTH and EVP_MAX_IV_LENGTH only refer to the internal ciphers with -default key lengths. If custom ciphers exceed these values the results are -unpredictable. This is because it has become standard practice to define a -generic key as a fixed unsigned char array containing EVP_MAX_KEY_LENGTH bytes. +B and B only refer to the internal +ciphers with default key lengths. If custom ciphers exceed these values the +results are unpredictable. This is because it has become standard practice to +define a generic key as a fixed unsigned char array containing +B bytes. The ASN1 code is incomplete (and sometimes inaccurate) it has only been tested for certain common S/MIME ciphers (RC2, DES, triple DES) in CBC mode. @@ -539,107 +506,130 @@ for certain common S/MIME ciphers (RC2, DES, triple DES) in CBC mode. Encrypt a string using IDEA: int do_crypt(char *outfile) - { - unsigned char outbuf[1024]; - int outlen, tmplen; - /* Bogus key and IV: we'd normally set these from - * another source. - */ - unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}; - unsigned char iv[] = {1,2,3,4,5,6,7,8}; - char intext[] = "Some Crypto Text"; - EVP_CIPHER_CTX *ctx; - FILE *out; - - ctx = EVP_CIPHER_CTX_new(); - EVP_EncryptInit_ex(ctx, EVP_idea_cbc(), NULL, key, iv); - - if(!EVP_EncryptUpdate(ctx, outbuf, &outlen, intext, strlen(intext))) - { - /* Error */ - return 0; - } - /* Buffer passed to EVP_EncryptFinal() must be after data just - * encrypted to avoid overwriting it. - */ - if(!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen)) - { - /* Error */ - return 0; - } - outlen += tmplen; - EVP_CIPHER_CTX_free(ctx); - /* Need binary mode for fopen because encrypted data is - * binary data. Also cannot use strlen() on it because - * it won't be null terminated and may contain embedded - * nulls. - */ - out = fopen(outfile, "wb"); - fwrite(outbuf, 1, outlen, out); - fclose(out); - return 1; - } + { + unsigned char outbuf[1024]; + int outlen, tmplen; + /* + * Bogus key and IV: we'd normally set these from + * another source. + */ + unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}; + unsigned char iv[] = {1,2,3,4,5,6,7,8}; + char intext[] = "Some Crypto Text"; + EVP_CIPHER_CTX *ctx; + FILE *out; + + ctx = EVP_CIPHER_CTX_new(); + EVP_EncryptInit_ex(ctx, EVP_idea_cbc(), NULL, key, iv); + + if (!EVP_EncryptUpdate(ctx, outbuf, &outlen, intext, strlen(intext))) { + /* Error */ + EVP_CIPHER_CTX_free(ctx); + return 0; + } + /* + * Buffer passed to EVP_EncryptFinal() must be after data just + * encrypted to avoid overwriting it. + */ + if (!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen)) { + /* Error */ + EVP_CIPHER_CTX_free(ctx); + return 0; + } + outlen += tmplen; + EVP_CIPHER_CTX_free(ctx); + /* + * Need binary mode for fopen because encrypted data is + * binary data. Also cannot use strlen() on it because + * it won't be NUL terminated and may contain embedded + * NULs. + */ + out = fopen(outfile, "wb"); + if (out == NULL) { + /* Error */ + return 0; + } + fwrite(outbuf, 1, outlen, out); + fclose(out); + return 1; + } The ciphertext from the above example can be decrypted using the B utility with the command line (shown on two lines for clarity): - openssl idea -d +Supported ciphers are listed in: + +L, +L, +L, +L, +L, +L, +L, +L, +L, +L, +L, +L, +L, +L + =head1 HISTORY Support for OCB mode was added in OpenSSL 1.1.0 diff --git a/deps/openssl/openssl/doc/crypto/EVP_MD_meth_new.pod b/deps/openssl/openssl/doc/man3/EVP_MD_meth_new.pod similarity index 99% rename from deps/openssl/openssl/doc/crypto/EVP_MD_meth_new.pod rename to deps/openssl/openssl/doc/man3/EVP_MD_meth_new.pod index 4dac6722605f50..0265c7d50456eb 100644 --- a/deps/openssl/openssl/doc/crypto/EVP_MD_meth_new.pod +++ b/deps/openssl/openssl/doc/man3/EVP_MD_meth_new.pod @@ -165,7 +165,7 @@ L, L, L =head1 HISTORY The B structure was openly available in OpenSSL before version -1.1.0. The functions described here were added in OpenSSL 1.1.0. +1.1. The functions described here were added in OpenSSL 1.1. =head1 COPYRIGHT diff --git a/deps/openssl/openssl/doc/crypto/EVP_OpenInit.pod b/deps/openssl/openssl/doc/man3/EVP_OpenInit.pod similarity index 90% rename from deps/openssl/openssl/doc/crypto/EVP_OpenInit.pod rename to deps/openssl/openssl/doc/man3/EVP_OpenInit.pod index ff84490a424ec5..61b4307bca31d4 100644 --- a/deps/openssl/openssl/doc/crypto/EVP_OpenInit.pod +++ b/deps/openssl/openssl/doc/man3/EVP_OpenInit.pod @@ -9,11 +9,10 @@ EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal - EVP envelope decryption #include int EVP_OpenInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char *ek, - int ekl, unsigned char *iv, EVP_PKEY *priv); + int ekl, unsigned char *iv, EVP_PKEY *priv); int EVP_OpenUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl, unsigned char *in, int inl); - int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl); + int *outl, unsigned char *in, int inl); + int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); =head1 DESCRIPTION @@ -54,7 +53,7 @@ EVP_OpenFinal() returns 0 if the decrypt failed or 1 for success. =head1 SEE ALSO -L, L, +L, L, L, L diff --git a/deps/openssl/openssl/doc/crypto/EVP_PKEY_ASN1_METHOD.pod b/deps/openssl/openssl/doc/man3/EVP_PKEY_ASN1_METHOD.pod similarity index 78% rename from deps/openssl/openssl/doc/crypto/EVP_PKEY_ASN1_METHOD.pod rename to deps/openssl/openssl/doc/man3/EVP_PKEY_ASN1_METHOD.pod index 0eece53cf6059c..3c2ffd94e87263 100644 --- a/deps/openssl/openssl/doc/crypto/EVP_PKEY_ASN1_METHOD.pod +++ b/deps/openssl/openssl/doc/man3/EVP_PKEY_ASN1_METHOD.pod @@ -14,7 +14,15 @@ EVP_PKEY_asn1_set_param, EVP_PKEY_asn1_set_free, EVP_PKEY_asn1_set_ctrl, EVP_PKEY_asn1_set_item, +EVP_PKEY_asn1_set_siginf, +EVP_PKEY_asn1_set_check, +EVP_PKEY_asn1_set_public_check, +EVP_PKEY_asn1_set_param_check, EVP_PKEY_asn1_set_security_bits, +EVP_PKEY_asn1_set_set_priv_key, +EVP_PKEY_asn1_set_set_pub_key, +EVP_PKEY_asn1_set_get_priv_key, +EVP_PKEY_asn1_set_get_pub_key, EVP_PKEY_get0_asn1 - manipulating and registering EVP_PKEY_ASN1_METHOD structure @@ -90,10 +98,45 @@ EVP_PKEY_get0_asn1 X509_ALGOR *alg2, ASN1_BIT_STRING *sig)); + void EVP_PKEY_asn1_set_siginf(EVP_PKEY_ASN1_METHOD *ameth, + int (*siginf_set) (X509_SIG_INFO *siginf, + const X509_ALGOR *alg, + const ASN1_STRING *sig)); + + void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_check) (const EVP_PKEY *pk)); + + void EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_pub_check) (const EVP_PKEY *pk)); + + void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_param_check) (const EVP_PKEY *pk)); + void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, int (*pkey_security_bits) (const EVP_PKEY *pk)); + void EVP_PKEY_asn1_set_set_priv_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*set_priv_key) (EVP_PKEY *pk, + const unsigned char + *priv, + size_t len)); + + void EVP_PKEY_asn1_set_set_pub_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*set_pub_key) (EVP_PKEY *pk, + const unsigned char *pub, + size_t len)); + + void EVP_PKEY_asn1_set_get_priv_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*get_priv_key) (const EVP_PKEY *pk, + unsigned char *priv, + size_t *len)); + + void EVP_PKEY_asn1_set_get_pub_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*get_pub_key) (const EVP_PKEY *pk, + unsigned char *pub, + size_t *len)); + const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey); =head1 DESCRIPTION @@ -289,6 +332,34 @@ item_verify() and item_sign() are called by L and L, and by extension, L, L, L, L, ... + int (*siginf_set) (X509_SIG_INFO *siginf, const X509_ALGOR *alg, + const ASN1_STRING *sig); + +The siginf_set() method is used to set custom B +parameters. +It MUST return 0 on error, or 1 on success. +It's called as part of L, L +and L. + + int (*pkey_check) (const EVP_PKEY *pk); + int (*pkey_public_check) (const EVP_PKEY *pk); + int (*pkey_param_check) (const EVP_PKEY *pk); + +The pkey_check(), pkey_public_check() and pkey_param_check() methods are used +to check the validity of B for key-pair, public component and parameters, +respectively. +They MUST return 0 for an invalid key, or 1 for a valid key. +They are called by L, L and +L respectively. + + int (*set_priv_key) (EVP_PKEY *pk, const unsigned char *priv, size_t len); + int (*set_pub_key) (EVP_PKEY *pk, const unsigned char *pub, size_t len); + +The set_priv_key() and set_pub_key() methods are used to set the raw private and +public key data for an EVP_PKEY. They MUST return 0 on error, or 1 on success. +They are called by L, and +L respectively. + =head2 Functions EVP_PKEY_asn1_new() creates and returns a new B @@ -328,8 +399,12 @@ when initializing the application. EVP_PKEY_asn1_set_public(), EVP_PKEY_asn1_set_private(), EVP_PKEY_asn1_set_param(), EVP_PKEY_asn1_set_free(), -EVP_PKEY_asn1_set_ctrl(), EVP_PKEY_asn1_set_item(), and -EVP_PKEY_asn1_set_security_bits() set the diverse methods of the given +EVP_PKEY_asn1_set_ctrl(), EVP_PKEY_asn1_set_item(), +EVP_PKEY_asn1_set_siginf(), EVP_PKEY_asn1_set_check(), +EVP_PKEY_asn1_set_public_check(), EVP_PKEY_asn1_set_param_check(), +EVP_PKEY_asn1_set_security_bits(), EVP_PKEY_asn1_set_set_priv_key(), +EVP_PKEY_asn1_set_set_pub_key(), EVP_PKEY_asn1_set_get_priv_key() and +EVP_PKEY_asn1_set_get_pub_key() set the diverse methods of the given B object. EVP_PKEY_get0_asn1() finds the B associated @@ -348,7 +423,7 @@ B object otherwise. =head1 COPYRIGHT -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/EVP_PKEY_CTX_ctrl.pod b/deps/openssl/openssl/doc/man3/EVP_PKEY_CTX_ctrl.pod new file mode 100644 index 00000000000000..4982e9205305b0 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/EVP_PKEY_CTX_ctrl.pod @@ -0,0 +1,454 @@ +=pod + +=head1 NAME + +EVP_PKEY_CTX_ctrl, +EVP_PKEY_CTX_ctrl_str, +EVP_PKEY_CTX_ctrl_uint64, +EVP_PKEY_CTX_md, +EVP_PKEY_CTX_set_signature_md, +EVP_PKEY_CTX_get_signature_md, +EVP_PKEY_CTX_set_mac_key, +EVP_PKEY_CTX_set_rsa_padding, +EVP_PKEY_CTX_get_rsa_padding, +EVP_PKEY_CTX_set_rsa_pss_saltlen, +EVP_PKEY_CTX_get_rsa_pss_saltlen, +EVP_PKEY_CTX_set_rsa_keygen_bits, +EVP_PKEY_CTX_set_rsa_keygen_pubexp, +EVP_PKEY_CTX_set_rsa_keygen_primes, +EVP_PKEY_CTX_set_rsa_mgf1_md, +EVP_PKEY_CTX_get_rsa_mgf1_md, +EVP_PKEY_CTX_set_rsa_oaep_md, +EVP_PKEY_CTX_get_rsa_oaep_md, +EVP_PKEY_CTX_set0_rsa_oaep_label, +EVP_PKEY_CTX_get0_rsa_oaep_label, +EVP_PKEY_CTX_set_dsa_paramgen_bits, +EVP_PKEY_CTX_set_dh_paramgen_prime_len, +EVP_PKEY_CTX_set_dh_paramgen_subprime_len, +EVP_PKEY_CTX_set_dh_paramgen_generator, +EVP_PKEY_CTX_set_dh_paramgen_type, +EVP_PKEY_CTX_set_dh_rfc5114, +EVP_PKEY_CTX_set_dhx_rfc5114, +EVP_PKEY_CTX_set_dh_pad, +EVP_PKEY_CTX_set_dh_nid, +EVP_PKEY_CTX_set_dh_kdf_type, +EVP_PKEY_CTX_get_dh_kdf_type, +EVP_PKEY_CTX_set0_dh_kdf_oid, +EVP_PKEY_CTX_get0_dh_kdf_oid, +EVP_PKEY_CTX_set_dh_kdf_md, +EVP_PKEY_CTX_get_dh_kdf_md, +EVP_PKEY_CTX_set_dh_kdf_outlen, +EVP_PKEY_CTX_get_dh_kdf_outlen, +EVP_PKEY_CTX_set0_dh_kdf_ukm, +EVP_PKEY_CTX_get0_dh_kdf_ukm, +EVP_PKEY_CTX_set_ec_paramgen_curve_nid, +EVP_PKEY_CTX_set_ec_param_enc, +EVP_PKEY_CTX_set_ecdh_cofactor_mode, +EVP_PKEY_CTX_get_ecdh_cofactor_mode, +EVP_PKEY_CTX_set_ecdh_kdf_type, +EVP_PKEY_CTX_get_ecdh_kdf_type, +EVP_PKEY_CTX_set_ecdh_kdf_md, +EVP_PKEY_CTX_get_ecdh_kdf_md, +EVP_PKEY_CTX_set_ecdh_kdf_outlen, +EVP_PKEY_CTX_get_ecdh_kdf_outlen, +EVP_PKEY_CTX_set0_ecdh_kdf_ukm, +EVP_PKEY_CTX_get0_ecdh_kdf_ukm, +EVP_PKEY_CTX_set1_id, EVP_PKEY_CTX_get1_id, EVP_PKEY_CTX_get1_id_len +- algorithm specific control operations + +=head1 SYNOPSIS + + #include + + int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, + int cmd, int p1, void *p2); + int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype, + int cmd, uint64_t value); + int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, + const char *value); + + int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md); + + int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); + int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **pmd); + + int EVP_PKEY_CTX_set_mac_key(EVP_PKEY_CTX *ctx, unsigned char *key, int len); + + #include + + int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad); + int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, int *pad); + int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int len); + int EVP_PKEY_CTX_get_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int *len); + int EVP_PKEY_CTX_set_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int mbits); + int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp); + int EVP_PKEY_CTX_set_rsa_keygen_primes(EVP_PKEY_CTX *ctx, int primes); + int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); + int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); + int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); + int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); + int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char *label, int len); + int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label); + + #include + + int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits); + + #include + + int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int len); + int EVP_PKEY_CTX_set_dh_paramgen_subprime_len(EVP_PKEY_CTX *ctx, int len); + int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen); + int EVP_PKEY_CTX_set_dh_paramgen_type(EVP_PKEY_CTX *ctx, int type); + int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad); + int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid); + int EVP_PKEY_CTX_set_dh_rfc5114(EVP_PKEY_CTX *ctx, int rfc5114); + int EVP_PKEY_CTX_set_dhx_rfc5114(EVP_PKEY_CTX *ctx, int rfc5114); + int EVP_PKEY_CTX_set_dh_kdf_type(EVP_PKEY_CTX *ctx, int kdf); + int EVP_PKEY_CTX_get_dh_kdf_type(EVP_PKEY_CTX *ctx); + int EVP_PKEY_CTX_set0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT *oid); + int EVP_PKEY_CTX_get0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT **oid); + int EVP_PKEY_CTX_set_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); + int EVP_PKEY_CTX_get_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); + int EVP_PKEY_CTX_set_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int len); + int EVP_PKEY_CTX_get_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len); + int EVP_PKEY_CTX_set0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len); + int EVP_PKEY_CTX_get0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm); + + #include + + int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid); + int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx, int param_enc); + int EVP_PKEY_CTX_set_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx, int cofactor_mode); + int EVP_PKEY_CTX_get_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx); + int EVP_PKEY_CTX_set_ecdh_kdf_type(EVP_PKEY_CTX *ctx, int kdf); + int EVP_PKEY_CTX_get_ecdh_kdf_type(EVP_PKEY_CTX *ctx); + int EVP_PKEY_CTX_set_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); + int EVP_PKEY_CTX_get_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); + int EVP_PKEY_CTX_set_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int len); + int EVP_PKEY_CTX_get_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len); + int EVP_PKEY_CTX_set0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len); + int EVP_PKEY_CTX_get0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm); + + int EVP_PKEY_CTX_set1_id(EVP_PKEY_CTX *ctx, void *id, size_t id_len); + int EVP_PKEY_CTX_get1_id(EVP_PKEY_CTX *ctx, void *id); + int EVP_PKEY_CTX_get1_id_len(EVP_PKEY_CTX *ctx, size_t *id_len); + +=head1 DESCRIPTION + +The function EVP_PKEY_CTX_ctrl() sends a control operation to the context +B. The key type used must match B if it is not -1. The parameter +B is a mask indicating which operations the control can be applied to. +The control command is indicated in B and any additional arguments in +B and B. + +For B = B, B is the length of the MAC key, +and B is MAC key. This is used by Poly1305, SipHash, HMAC and CMAC. + +Applications will not normally call EVP_PKEY_CTX_ctrl() directly but will +instead call one of the algorithm specific macros below. + +The function EVP_PKEY_CTX_ctrl_uint64() is a wrapper that directly passes a +uint64 value as B to EVP_PKEY_CTX_ctrl(). + +The function EVP_PKEY_CTX_ctrl_str() allows an application to send an algorithm +specific control operation to a context B in string form. This is +intended to be used for options specified on the command line or in text +files. The commands supported are documented in the openssl utility +command line pages for the option B<-pkeyopt> which is supported by the +B, B and B commands. + +The function EVP_PKEY_CTX_md() sends a message digest control operation +to the context B. The message digest is specified by its name B. + +All the remaining "functions" are implemented as macros. + +The EVP_PKEY_CTX_set_signature_md() macro sets the message digest type used +in a signature. It can be used in the RSA, DSA and ECDSA algorithms. + +The EVP_PKEY_CTX_get_signature_md() macro gets the message digest type used in a +signature. It can be used in the RSA, DSA and ECDSA algorithms. + +Key generation typically involves setting up parameters to be used and +generating the private and public key data. Some algorithm implementations +allow private key data to be set explicitly using the EVP_PKEY_CTX_set_mac_key() +macro. In this case key generation is simply the process of setting up the +parameters for the key and then setting the raw key data to the value explicitly +provided by that macro. Normally applications would call +L or similar functions instead of this macro. + +The EVP_PKEY_CTX_set_mac_key() macro can be used with any of the algorithms +supported by the L function. + +=head2 RSA parameters + +The EVP_PKEY_CTX_set_rsa_padding() macro sets the RSA padding mode for B. +The B parameter can take the value B for PKCS#1 +padding, B for SSLv23 padding, B for +no padding, B for OAEP padding (encrypt and +decrypt only), B for X9.31 padding (signature operations +only) and B (sign and verify only). + +Two RSA padding modes behave differently if EVP_PKEY_CTX_set_signature_md() +is used. If this macro is called for PKCS#1 padding the plaintext buffer is +an actual digest value and is encapsulated in a DigestInfo structure according +to PKCS#1 when signing and this structure is expected (and stripped off) when +verifying. If this control is not used with RSA and PKCS#1 padding then the +supplied data is used directly and not encapsulated. In the case of X9.31 +padding for RSA the algorithm identifier byte is added or checked and removed +if this control is called. If it is not called then the first byte of the plaintext +buffer is expected to be the algorithm identifier byte. + +The EVP_PKEY_CTX_get_rsa_padding() macro gets the RSA padding mode for B. + +The EVP_PKEY_CTX_set_rsa_pss_saltlen() macro sets the RSA PSS salt length to +B. As its name implies it is only supported for PSS padding. Three special +values are supported: B sets the salt length to the +digest length, B sets the salt length to the maximum +permissible value. When verifying B causes the salt length +to be automatically determined based on the B block structure. If this +macro is not called maximum salt length is used when signing and auto detection +when verifying is used by default. + +The EVP_PKEY_CTX_get_rsa_pss_saltlen() macro gets the RSA PSS salt length +for B. The padding mode must have been set to B. + +The EVP_PKEY_CTX_set_rsa_keygen_bits() macro sets the RSA key length for +RSA key generation to B. If not specified 1024 bits is used. + +The EVP_PKEY_CTX_set_rsa_keygen_pubexp() macro sets the public exponent value +for RSA key generation to B. Currently it should be an odd integer. The +B pointer is used internally by this function so it should not be +modified or freed after the call. If not specified 65537 is used. + +The EVP_PKEY_CTX_set_rsa_keygen_primes() macro sets the number of primes for +RSA key generation to B. If not specified 2 is used. + +The EVP_PKEY_CTX_set_rsa_mgf1_md() macro sets the MGF1 digest for RSA padding +schemes to B. If not explicitly set the signing digest is used. The +padding mode must have been set to B +or B. + +The EVP_PKEY_CTX_get_rsa_mgf1_md() macro gets the MGF1 digest for B. +If not explicitly set the signing digest is used. The padding mode must have +been set to B or B. + +The EVP_PKEY_CTX_set_rsa_oaep_md() macro sets the message digest type used +in RSA OAEP to B. The padding mode must have been set to +B. + +The EVP_PKEY_CTX_get_rsa_oaep_md() macro gets the message digest type used +in RSA OAEP to B. The padding mode must have been set to +B. + +The EVP_PKEY_CTX_set0_rsa_oaep_label() macro sets the RSA OAEP label to +B

for DH parameter generation. If this macro is not called +then 1024 is used. Only accepts lengths greater than or equal to 256. + +The EVP_PKEY_CTX_set_dh_paramgen_subprime_len() macro sets the length of the DH +optional subprime parameter B for DH parameter generation. The default is +256 if the prime is at least 2048 bits long or 160 otherwise. The DH +paramgen type must have been set to x9.42. + +The EVP_PKEY_CTX_set_dh_paramgen_generator() macro sets DH generator to B +for DH parameter generation. If not specified 2 is used. + +The EVP_PKEY_CTX_set_dh_paramgen_type() macro sets the key type for DH +parameter generation. Use 0 for PKCS#3 DH and 1 for X9.42 DH. +The default is 0. + +The EVP_PKEY_CTX_set_dh_pad() macro sets the DH padding mode. If B is +1 the shared secret is padded with zeroes up to the size of the DH prime B

. +If B is zero (the default) then no padding is performed. + +EVP_PKEY_CTX_set_dh_nid() sets the DH parameters to values corresponding to +B as defined in RFC7919. The B parameter must be B, +B, B, B, B +or B to clear the stored value. This macro can be called during +parameter or key generation. +The nid parameter and the rfc5114 parameter are mutually exclusive. + +The EVP_PKEY_CTX_set_dh_rfc5114() and EVP_PKEY_CTX_set_dhx_rfc5114() macros are +synonymous. They set the DH parameters to the values defined in RFC5114. The +B parameter must be 1, 2 or 3 corresponding to RFC5114 sections +2.1, 2.2 and 2.3. or 0 to clear the stored value. This macro can be called +during parameter generation. The B must have a key type of +B. +The rfc5114 parameter and the nid parameter are mutually exclusive. + +=head2 DH key derivation function parameters + +Note that all of the following functions require that the B parameter has +a private key type of B. When using key derivation, the output of +EVP_PKEY_derive() is the output of the KDF instead of the DH shared secret. +The KDF output is typically used as a Key Encryption Key (KEK) that in turn +encrypts a Content Encryption Key (CEK). + +The EVP_PKEY_CTX_set_dh_kdf_type() macro sets the key derivation function type +to B for DH key derivation. Possible values are B +and B which uses the key derivation specified in RFC2631 +(based on the keying algorithm described in X9.42). When using key derivation, +the B, B and B parameters must also be specified. + +The EVP_PKEY_CTX_get_dh_kdf_type() macro gets the key derivation function type +for B used for DH key derivation. Possible values are B +and B. + +The EVP_PKEY_CTX_set0_dh_kdf_oid() macro sets the key derivation function +object identifier to B for DH key derivation. This OID should identify +the algorithm to be used with the Content Encryption Key. +The library takes ownership of the object identifier so the caller should not +free the original memory pointed to by B. + +The EVP_PKEY_CTX_get0_dh_kdf_oid() macro gets the key derivation function oid +for B used for DH key derivation. The resulting pointer is owned by the +library and should not be freed by the caller. + +The EVP_PKEY_CTX_set_dh_kdf_md() macro sets the key derivation function +message digest to B for DH key derivation. Note that RFC2631 specifies +that this digest should be SHA1 but OpenSSL tolerates other digests. + +The EVP_PKEY_CTX_get_dh_kdf_md() macro gets the key derivation function +message digest for B used for DH key derivation. + +The EVP_PKEY_CTX_set_dh_kdf_outlen() macro sets the key derivation function +output length to B for DH key derivation. + +The EVP_PKEY_CTX_get_dh_kdf_outlen() macro gets the key derivation function +output length for B used for DH key derivation. + +The EVP_PKEY_CTX_set0_dh_kdf_ukm() macro sets the user key material to +B and its length to B for DH key derivation. This parameter is optional +and corresponds to the partyAInfo field in RFC2631 terms. The specification +requires that it is 512 bits long but this is not enforced by OpenSSL. +The library takes ownership of the user key material so the caller should not +free the original memory pointed to by B. + +The EVP_PKEY_CTX_get0_dh_kdf_ukm() macro gets the user key material for B. +The return value is the user key material length. The resulting pointer is owned +by the library and should not be freed by the caller. + +=head2 EC parameters + +The EVP_PKEY_CTX_set_ec_paramgen_curve_nid() sets the EC curve for EC parameter +generation to B. For EC parameter generation this macro must be called +or an error occurs because there is no default curve. +This function can also be called to set the curve explicitly when +generating an EC key. + +The EVP_PKEY_CTX_set_ec_param_enc() macro sets the EC parameter encoding to +B when generating EC parameters or an EC key. The encoding can be +B for explicit parameters (the default in versions +of OpenSSL before 1.1.0) or B to use named curve form. +For maximum compatibility the named curve form should be used. Note: the +B value was only added to OpenSSL 1.1.0; previous +versions should use 0 instead. + +=head2 ECDH parameters + +The EVP_PKEY_CTX_set_ecdh_cofactor_mode() macro sets the cofactor mode to +B for ECDH key derivation. Possible values are 1 to enable +cofactor key derivation, 0 to disable it and -1 to clear the stored cofactor +mode and fallback to the private key cofactor mode. + +The EVP_PKEY_CTX_get_ecdh_cofactor_mode() macro returns the cofactor mode for +B used for ECDH key derivation. Possible values are 1 when cofactor key +derivation is enabled and 0 otherwise. + +=head2 ECDH key derivation function parameters + +The EVP_PKEY_CTX_set_ecdh_kdf_type() macro sets the key derivation function type +to B for ECDH key derivation. Possible values are B +and B which uses the key derivation specified in X9.63. +When using key derivation, the B and B parameters must +also be specified. + +The EVP_PKEY_CTX_get_ecdh_kdf_type() macro returns the key derivation function +type for B used for ECDH key derivation. Possible values are +B and B. + +The EVP_PKEY_CTX_set_ecdh_kdf_md() macro sets the key derivation function +message digest to B for ECDH key derivation. Note that X9.63 specifies +that this digest should be SHA1 but OpenSSL tolerates other digests. + +The EVP_PKEY_CTX_get_ecdh_kdf_md() macro gets the key derivation function +message digest for B used for ECDH key derivation. + +The EVP_PKEY_CTX_set_ecdh_kdf_outlen() macro sets the key derivation function +output length to B for ECDH key derivation. + +The EVP_PKEY_CTX_get_ecdh_kdf_outlen() macro gets the key derivation function +output length for B used for ECDH key derivation. + +The EVP_PKEY_CTX_set0_ecdh_kdf_ukm() macro sets the user key material to B +for ECDH key derivation. This parameter is optional and corresponds to the +shared info in X9.63 terms. The library takes ownership of the user key material +so the caller should not free the original memory pointed to by B. + +The EVP_PKEY_CTX_get0_ecdh_kdf_ukm() macro gets the user key material for B. +The return value is the user key material length. The resulting pointer is owned +by the library and should not be freed by the caller. + +=head2 Other parameters + +The EVP_PKEY_CTX_set1_id(), EVP_PKEY_CTX_get1_id() and EVP_PKEY_CTX_get1_id_len() +macros are used to manipulate the special identifier field for specific signature +algorithms such as SM2. The EVP_PKEY_CTX_set1_id() sets an ID pointed by B with +the length B to the library. The library takes a copy of the id so that +the caller can safely free the original memory pointed to by B. The +EVP_PKEY_CTX_get1_id_len() macro returns the length of the ID set via a previous +call to EVP_PKEY_CTX_set1_id(). The length is usually used to allocate adequate +memory for further calls to EVP_PKEY_CTX_get1_id(). The EVP_PKEY_CTX_get1_id() +macro returns the previously set ID value to caller in B. The caller should +allocate adequate memory space for the B before calling EVP_PKEY_CTX_get1_id(). + +=head1 RETURN VALUES + +EVP_PKEY_CTX_ctrl() and its macros return a positive value for success and 0 +or a negative value for failure. In particular a return value of -2 +indicates the operation is not supported by the public key algorithm. + +=head1 SEE ALSO + +L, +L, +L, +L, +L, +L, +L, +L + +=head1 HISTORY + +EVP_PKEY_CTX_set1_id(), EVP_PKEY_CTX_get1_id() and EVP_PKEY_CTX_get1_id_len() +macros were added in 1.1.1, other functions were first added to OpenSSL 1.0.0. + +=head1 COPYRIGHT + +Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/crypto/EVP_PKEY_CTX_new.pod b/deps/openssl/openssl/doc/man3/EVP_PKEY_CTX_new.pod similarity index 100% rename from deps/openssl/openssl/doc/crypto/EVP_PKEY_CTX_new.pod rename to deps/openssl/openssl/doc/man3/EVP_PKEY_CTX_new.pod diff --git a/deps/openssl/openssl/doc/man3/EVP_PKEY_CTX_set1_pbe_pass.pod b/deps/openssl/openssl/doc/man3/EVP_PKEY_CTX_set1_pbe_pass.pod new file mode 100644 index 00000000000000..1e740f40d1448b --- /dev/null +++ b/deps/openssl/openssl/doc/man3/EVP_PKEY_CTX_set1_pbe_pass.pod @@ -0,0 +1,70 @@ +=pod + +=head1 NAME + +EVP_PKEY_CTX_set1_pbe_pass +- generic KDF support functions + +=head1 SYNOPSIS + + #include + + int EVP_PKEY_CTX_set1_pbe_pass(EVP_PKEY_CTX *pctx, unsigned char *pass, + int passlen); + +=head1 DESCRIPTION + +These functions are generic support functions for all KDF algorithms. + +EVP_PKEY_CTX_set1_pbe_pass() sets the password to the B first +bytes from B. + +=begin comment + +We really should have a few more, such as EVP_PKEY_CTX_set1_kdf_salt, +EVP_PKEY_CTX_set1_kdf_key (to be used by the algorithms that use a +key, such as hkdf), EVP_PKEY_CTX_set1_kdf_md (same thing here). + +=end comment + +=head1 STRING CTRLS + +There is also support for string based control operations via +L. +The B can be directly specified using the B parameter +"pass" or given in hex encoding using the "hexpass" parameter. + +=begin comment + +Just as for the function description, the strings "salt", "hexsalt", +"key", "hexkey" and "md" should be generically specified, and +supported by the algorithms that use them. + +=end comment + +=head1 NOTES + +All these functions are implemented as macros. + +=head1 RETURN VALUES + +All these functions return 1 for success and 0 or a negative value for failure. +In particular a return value of -2 indicates the operation is not supported by +the public key algorithm. + +=head1 SEE ALSO + +L, +L, +L + +=head1 COPYRIGHT + +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/crypto/EVP_PKEY_CTX_set_hkdf_md.pod b/deps/openssl/openssl/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod similarity index 57% rename from deps/openssl/openssl/doc/crypto/EVP_PKEY_CTX_set_hkdf_md.pod rename to deps/openssl/openssl/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod index 459e7a02ffcc46..e8f19cfc9980eb 100644 --- a/deps/openssl/openssl/doc/crypto/EVP_PKEY_CTX_set_hkdf_md.pod +++ b/deps/openssl/openssl/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod @@ -3,13 +3,16 @@ =head1 NAME EVP_PKEY_CTX_set_hkdf_md, EVP_PKEY_CTX_set1_hkdf_salt, -EVP_PKEY_CTX_set1_hkdf_key, EVP_PKEY_CTX_add1_hkdf_info - +EVP_PKEY_CTX_set1_hkdf_key, EVP_PKEY_CTX_add1_hkdf_info, +EVP_PKEY_CTX_hkdf_mode - HMAC-based Extract-and-Expand key derivation algorithm =head1 SYNOPSIS #include + int EVP_PKEY_CTX_hkdf_mode(EVP_PKEY_CTX *pctx, int mode); + int EVP_PKEY_CTX_set_hkdf_md(EVP_PKEY_CTX *pctx, const EVP_MD *md); int EVP_PKEY_CTX_set1_hkdf_salt(EVP_PKEY_CTX *pctx, unsigned char *salt, @@ -30,12 +33,47 @@ and "extracts" from it a fixed-length pseudorandom key K. The second stage "expands" the key K into several additional pseudorandom keys (the output of the KDF). -EVP_PKEY_set_hkdf_md() sets the message digest associated with the HKDF. +EVP_PKEY_CTX_hkdf_mode() sets the mode for the HKDF operation. There are three +modes that are currently defined: + +=over 4 + +=item EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND + +This is the default mode. Calling L on an EVP_PKEY_CTX set +up for HKDF will perform an extract followed by an expand operation in one go. +The derived key returned will be the result after the expand operation. The +intermediate fixed-length pseudorandom key K is not returned. + +In this mode the digest, key, salt and info values must be set before a key is +derived or an error occurs. + +=item EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY + +In this mode calling L will just perform the extract +operation. The value returned will be the intermediate fixed-length pseudorandom +key K. + +The digest, key and salt values must be set before a key is derived or an +error occurs. + +=item EVP_PKEY_HKDEF_MODE_EXPAND_ONLY + +In this mode calling L will just perform the expand +operation. The input key should be set to the intermediate fixed-length +pseudorandom key K returned from a previous extract operation. + +The digest, key and info values must be set before a key is derived or an +error occurs. + +=back + +EVP_PKEY_CTX_set_hkdf_md() sets the message digest associated with the HKDF. EVP_PKEY_CTX_set1_hkdf_salt() sets the salt to B bytes of the buffer B. Any existing value is replaced. -EVP_PKEY_CTX_set_hkdf_key() sets the key to B bytes of the buffer +EVP_PKEY_CTX_set1_hkdf_key() sets the key to B bytes of the buffer B. Any existing value is replaced. EVP_PKEY_CTX_add1_hkdf_info() sets the info value to B bytes of the @@ -48,6 +86,8 @@ HKDF also supports string based control operations via L. The B parameter "md" uses the supplied B as the name of the digest algorithm to use. +The B parameter "mode" uses the values "EXTRACT_AND_EXPAND", +"EXTRACT_ONLY" and "EXPAND_ONLY" to determine the mode to use. The B parameters "salt", "key" and "info" use the supplied B parameter as a B, B or B value. The names "hexsalt", "hexkey" and "hexinfo" are similar except they take a hex @@ -61,19 +101,17 @@ A context for HKDF can be obtained by calling: EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); -The digest, key, salt and info values must be set before a key is derived or -an error occurs. - The total length of the info buffer cannot exceed 1024 bytes in length: this should be more than enough for any normal use of HKDF. -The output length of the KDF is specified via the length parameter to the -L function. +The output length of an HKDF expand operation is specified via the length +parameter to the L function. Since the HKDF output length is variable, passing a B buffer as a means -to obtain the requisite length is not meaningful with HKDF. -Instead, the caller must allocate a buffer of the desired length, and pass that -buffer to L along with (a pointer initialized to) the -desired length. +to obtain the requisite length is not meaningful with HKDF in any mode that +performs an expand operation. Instead, the caller must allocate a buffer of the +desired length, and pass that buffer to L along with (a +pointer initialized to) the desired length. Passing a B buffer to obtain +the length is allowed when using EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY. Optimised versions of HKDF can be implemented in an ENGINE. @@ -94,17 +132,17 @@ salt value "salt" and info value "label": pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); if (EVP_PKEY_derive_init(pctx) <= 0) - /* Error */ + /* Error */ if (EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()) <= 0) - /* Error */ - if (EVP_PKEY_CTX_set1_salt(pctx, "salt", 4) <= 0) - /* Error */ - if (EVP_PKEY_CTX_set1_key(pctx, "secret", 6) <= 0) - /* Error */ - if (EVP_PKEY_CTX_add1_hkdf_info(pctx, "label", 6) <= 0) - /* Error */ + /* Error */ + if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, "salt", 4) <= 0) + /* Error */ + if (EVP_PKEY_CTX_set1_hkdf_key(pctx, "secret", 6) <= 0) + /* Error */ + if (EVP_PKEY_CTX_add1_hkdf_info(pctx, "label", 5) <= 0) + /* Error */ if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) - /* Error */ + /* Error */ =head1 CONFORMING TO diff --git a/deps/openssl/openssl/doc/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod b/deps/openssl/openssl/doc/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod new file mode 100644 index 00000000000000..7578278a6cfcf5 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod @@ -0,0 +1,94 @@ +=pod + +=head1 NAME + +EVP_PKEY_CTX_set_rsa_pss_keygen_md, +EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md, +EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen +- EVP_PKEY RSA-PSS algorithm support functions + +=head1 SYNOPSIS + + #include + + int EVP_PKEY_CTX_set_rsa_pss_keygen_md(EVP_PKEY_CTX *pctx, + const EVP_MD *md); + int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(EVP_PKEY_CTX *pctx, + const EVP_MD *md); + int EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(EVP_PKEY_CTX *pctx, + int saltlen); + +=head1 DESCRIPTION + +These are the functions that implement L. + +=head2 Signing and Verification + +The macro EVP_PKEY_CTX_set_rsa_padding() is supported but an error is +returned if an attempt is made to set the padding mode to anything other +than B. It is otherwise similar to the B version. + +The EVP_PKEY_CTX_set_rsa_pss_saltlen() macro is used to set the salt length. +If the key has usage restrictions then an error is returned if an attempt is +made to set the salt length below the minimum value. It is otherwise similar +to the B operation except detection of the salt length (using +RSA_PSS_SALTLEN_AUTO) is not supported for verification if the key has +usage restrictions. + +The EVP_PKEY_CTX_set_signature_md() and EVP_PKEY_CTX_set_rsa_mgf1_md() macros +are used to set the digest and MGF1 algorithms respectively. If the key has +usage restrictions then an error is returned if an attempt is made to set the +digest to anything other than the restricted value. Otherwise these are +similar to the B versions. + +=head2 Key Generation + +As with RSA key generation the EVP_PKEY_CTX_set_rsa_keygen_bits() +and EVP_PKEY_CTX_set_rsa_keygen_pubexp() macros are supported for RSA-PSS: +they have exactly the same meaning as for the RSA algorithm. + +Optional parameter restrictions can be specified when generating a PSS key. +If any restrictions are set (using the macros described below) then B +parameters are restricted. For example, setting a minimum salt length also +restricts the digest and MGF1 algorithms. If any restrictions are in place +then they are reflected in the corresponding parameters of the public key +when (for example) a certificate request is signed. + +EVP_PKEY_CTX_set_rsa_pss_keygen_md() restricts the digest algorithm the +generated key can use to B. + +EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md() restricts the MGF1 algorithm the +generated key can use to B. + +EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen() restricts the minimum salt length +to B. + +=head1 NOTES + +A context for the B algorithm can be obtained by calling: + + EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA_PSS, NULL); + +=head1 RETURN VALUES + +All these functions return 1 for success and 0 or a negative value for failure. +In particular a return value of -2 indicates the operation is not supported by +the public key algorithm. + +=head1 SEE ALSO + +L, +L, +L, +L + +=head1 COPYRIGHT + +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/EVP_PKEY_CTX_set_scrypt_N.pod b/deps/openssl/openssl/doc/man3/EVP_PKEY_CTX_set_scrypt_N.pod new file mode 100644 index 00000000000000..4e2a4ea6b3fd85 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/EVP_PKEY_CTX_set_scrypt_N.pod @@ -0,0 +1,86 @@ +=pod + +=head1 NAME + +EVP_PKEY_CTX_set1_scrypt_salt, +EVP_PKEY_CTX_set_scrypt_N, +EVP_PKEY_CTX_set_scrypt_r, +EVP_PKEY_CTX_set_scrypt_p, +EVP_PKEY_CTX_set_scrypt_maxmem_bytes +- EVP_PKEY scrypt KDF support functions + +=head1 SYNOPSIS + + #include + + int EVP_PKEY_CTX_set1_scrypt_salt(EVP_PKEY_CTX *pctx, unsigned char *salt, + int saltlen); + + int EVP_PKEY_CTX_set_scrypt_N(EVP_PKEY_CTX *pctx, uint64_t N); + + int EVP_PKEY_CTX_set_scrypt_r(EVP_PKEY_CTX *pctx, uint64_t r); + + int EVP_PKEY_CTX_set_scrypt_p(EVP_PKEY_CTX *pctx, uint64_t p); + + int EVP_PKEY_CTX_set_scrypt_maxmem_bytes(EVP_PKEY_CTX *pctx, + uint64_t maxmem); + +=head1 DESCRIPTION + +These functions are used to set up the necessary data to use the +scrypt KDF. +For more information on scrypt, see L. + +EVP_PKEY_CTX_set1_scrypt_salt() sets the B bytes long salt +value. + +EVP_PKEY_CTX_set_scrypt_N(), EVP_PKEY_CTX_set_scrypt_r() and +EVP_PKEY_CTX_set_scrypt_p() configure the work factors N, r and p. + +EVP_PKEY_CTX_set_scrypt_maxmem_bytes() sets how much RAM key +derivation may maximally use, given in bytes. +If RAM is exceeded because the load factors are chosen too high, the +key derivation will fail. + +=head1 STRING CTRLS + +scrypt also supports string based control operations via +L. +Similarly, the B can either be specified using the B +parameter "salt" or in hex encoding by using the "hexsalt" parameter. +The work factors B, B and B

as well as B can be +set by using the parameters "N", "r", "p" and "maxmem_bytes", +respectively. + +=head1 NOTES + +The scrypt KDF also uses EVP_PKEY_CTX_set1_pbe_pass() as well as +the value from the string controls "pass" and "hexpass". +See L. + +All the functions described here are implemented as macros. + +=head1 RETURN VALUES + +All these functions return 1 for success and 0 or a negative value for +failure. +In particular a return value of -2 indicates the operation is not +supported by the public key algorithm. + +=head1 SEE ALSO + +L, +L, +L, +L + +=head1 COPYRIGHT + +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/crypto/EVP_PKEY_CTX_set_tls1_prf_md.pod b/deps/openssl/openssl/doc/man3/EVP_PKEY_CTX_set_tls1_prf_md.pod similarity index 95% rename from deps/openssl/openssl/doc/crypto/EVP_PKEY_CTX_set_tls1_prf_md.pod rename to deps/openssl/openssl/doc/man3/EVP_PKEY_CTX_set_tls1_prf_md.pod index fe35a5ece8cfd6..30e50bc63e9482 100644 --- a/deps/openssl/openssl/doc/crypto/EVP_PKEY_CTX_set_tls1_prf_md.pod +++ b/deps/openssl/openssl/doc/man3/EVP_PKEY_CTX_set_tls1_prf_md.pod @@ -78,17 +78,18 @@ and seed value "seed": EVP_PKEY_CTX *pctx; unsigned char out[10]; size_t outlen = sizeof(out); + pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL); if (EVP_PKEY_derive_init(pctx) <= 0) - /* Error */ + /* Error */ if (EVP_PKEY_CTX_set_tls1_prf_md(pctx, EVP_sha256()) <= 0) - /* Error */ + /* Error */ if (EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, "secret", 6) <= 0) - /* Error */ + /* Error */ if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, "seed", 4) <= 0) - /* Error */ + /* Error */ if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) - /* Error */ + /* Error */ =head1 SEE ALSO @@ -98,7 +99,7 @@ L =head1 COPYRIGHT -Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/EVP_PKEY_asn1_get_count.pod b/deps/openssl/openssl/doc/man3/EVP_PKEY_asn1_get_count.pod similarity index 98% rename from deps/openssl/openssl/doc/crypto/EVP_PKEY_asn1_get_count.pod rename to deps/openssl/openssl/doc/man3/EVP_PKEY_asn1_get_count.pod index 9ad2daed4f5ba0..a190f5e9ab0ca5 100644 --- a/deps/openssl/openssl/doc/crypto/EVP_PKEY_asn1_get_count.pod +++ b/deps/openssl/openssl/doc/man3/EVP_PKEY_asn1_get_count.pod @@ -48,7 +48,7 @@ engine that implements it. EVP_PKEY_asn1_get0_info() returns the public key ID, base public key ID (both NIDs), any flags, the method description and PEM type string -associated with the public key ASN.1 method B<*ameth>. +associated with the public key ASN.1 method B<*ameth>. EVP_PKEY_asn1_count(), EVP_PKEY_asn1_get0(), EVP_PKEY_asn1_find() and EVP_PKEY_asn1_find_str() are not thread safe, but as long as all diff --git a/deps/openssl/openssl/doc/crypto/EVP_PKEY_cmp.pod b/deps/openssl/openssl/doc/man3/EVP_PKEY_cmp.pod similarity index 100% rename from deps/openssl/openssl/doc/crypto/EVP_PKEY_cmp.pod rename to deps/openssl/openssl/doc/man3/EVP_PKEY_cmp.pod diff --git a/deps/openssl/openssl/doc/crypto/EVP_PKEY_decrypt.pod b/deps/openssl/openssl/doc/man3/EVP_PKEY_decrypt.pod similarity index 85% rename from deps/openssl/openssl/doc/crypto/EVP_PKEY_decrypt.pod rename to deps/openssl/openssl/doc/man3/EVP_PKEY_decrypt.pod index ca732ed0f91801..2a691a61773b23 100644 --- a/deps/openssl/openssl/doc/crypto/EVP_PKEY_decrypt.pod +++ b/deps/openssl/openssl/doc/man3/EVP_PKEY_decrypt.pod @@ -10,8 +10,8 @@ EVP_PKEY_decrypt_init, EVP_PKEY_decrypt - decrypt using a public key algorithm int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx); int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, - unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen); + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); =head1 DESCRIPTION @@ -49,31 +49,34 @@ Decrypt data using OAEP (for RSA keys): #include EVP_PKEY_CTX *ctx; + ENGINE *eng; unsigned char *out, *in; size_t outlen, inlen; EVP_PKEY *key; - /* NB: assumes key in, inlen are already set up + + /* + * NB: assumes key, eng, in, inlen are already set up * and that key is an RSA private key */ - ctx = EVP_PKEY_CTX_new(key); + ctx = EVP_PKEY_CTX_new(key, eng); if (!ctx) - /* Error occurred */ + /* Error occurred */ if (EVP_PKEY_decrypt_init(ctx) <= 0) - /* Error */ + /* Error */ if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0) - /* Error */ + /* Error */ /* Determine buffer length */ if (EVP_PKEY_decrypt(ctx, NULL, &outlen, in, inlen) <= 0) - /* Error */ + /* Error */ out = OPENSSL_malloc(outlen); if (!out) - /* malloc failure */ + /* malloc failure */ if (EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen) <= 0) - /* Error */ + /* Error */ /* Decrypted data is outlen bytes written to buffer out */ @@ -92,7 +95,7 @@ These functions were first added to OpenSSL 1.0.0. =head1 COPYRIGHT -Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/EVP_PKEY_derive.pod b/deps/openssl/openssl/doc/man3/EVP_PKEY_derive.pod similarity index 89% rename from deps/openssl/openssl/doc/crypto/EVP_PKEY_derive.pod rename to deps/openssl/openssl/doc/man3/EVP_PKEY_derive.pod index f70a0b8d9b888b..8cd0b54740d43e 100644 --- a/deps/openssl/openssl/doc/crypto/EVP_PKEY_derive.pod +++ b/deps/openssl/openssl/doc/man3/EVP_PKEY_derive.pod @@ -50,30 +50,31 @@ Derive shared secret (for example DH or EC keys): #include EVP_PKEY_CTX *ctx; + ENGINE *eng; unsigned char *skey; size_t skeylen; EVP_PKEY *pkey, *peerkey; - /* NB: assumes pkey, peerkey have been already set up */ + /* NB: assumes pkey, eng, peerkey have been already set up */ - ctx = EVP_PKEY_CTX_new(pkey); + ctx = EVP_PKEY_CTX_new(pkey, eng); if (!ctx) - /* Error occurred */ + /* Error occurred */ if (EVP_PKEY_derive_init(ctx) <= 0) - /* Error */ + /* Error */ if (EVP_PKEY_derive_set_peer(ctx, peerkey) <= 0) - /* Error */ + /* Error */ /* Determine buffer length */ if (EVP_PKEY_derive(ctx, NULL, &skeylen) <= 0) - /* Error */ + /* Error */ skey = OPENSSL_malloc(skeylen); if (!skey) - /* malloc failure */ + /* malloc failure */ if (EVP_PKEY_derive(ctx, skey, &skeylen) <= 0) - /* Error */ + /* Error */ /* Shared secret is skey bytes written to buffer skey */ @@ -92,7 +93,7 @@ These functions were first added to OpenSSL 1.0.0. =head1 COPYRIGHT -Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/EVP_PKEY_encrypt.pod b/deps/openssl/openssl/doc/man3/EVP_PKEY_encrypt.pod similarity index 89% rename from deps/openssl/openssl/doc/crypto/EVP_PKEY_encrypt.pod rename to deps/openssl/openssl/doc/man3/EVP_PKEY_encrypt.pod index 01336e128b0244..4e9a34e740f3ad 100644 --- a/deps/openssl/openssl/doc/crypto/EVP_PKEY_encrypt.pod +++ b/deps/openssl/openssl/doc/man3/EVP_PKEY_encrypt.pod @@ -10,8 +10,8 @@ EVP_PKEY_encrypt_init, EVP_PKEY_encrypt - encrypt using a public key algorithm int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx); int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, - unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen); + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); =head1 DESCRIPTION @@ -56,35 +56,37 @@ set 'eng = NULL;' to start with the default OpenSSL RSA implementation: unsigned char *out, *in; size_t outlen, inlen; EVP_PKEY *key; - /* NB: assumes eng, key, in, inlen are already set up, + + /* + * NB: assumes eng, key, in, inlen are already set up, * and that key is an RSA public key */ ctx = EVP_PKEY_CTX_new(key, eng); if (!ctx) - /* Error occurred */ + /* Error occurred */ if (EVP_PKEY_encrypt_init(ctx) <= 0) - /* Error */ + /* Error */ if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0) - /* Error */ + /* Error */ /* Determine buffer length */ if (EVP_PKEY_encrypt(ctx, NULL, &outlen, in, inlen) <= 0) - /* Error */ + /* Error */ out = OPENSSL_malloc(outlen); if (!out) - /* malloc failure */ + /* malloc failure */ if (EVP_PKEY_encrypt(ctx, out, &outlen, in, inlen) <= 0) - /* Error */ + /* Error */ /* Encrypted data is outlen bytes written to buffer out */ =head1 SEE ALSO L, -L, +L, L, L, L, diff --git a/deps/openssl/openssl/doc/crypto/EVP_PKEY_get_default_digest_nid.pod b/deps/openssl/openssl/doc/man3/EVP_PKEY_get_default_digest_nid.pod similarity index 85% rename from deps/openssl/openssl/doc/crypto/EVP_PKEY_get_default_digest_nid.pod rename to deps/openssl/openssl/doc/man3/EVP_PKEY_get_default_digest_nid.pod index 3dce5c59a8f0df..da76677044c280 100644 --- a/deps/openssl/openssl/doc/crypto/EVP_PKEY_get_default_digest_nid.pod +++ b/deps/openssl/openssl/doc/man3/EVP_PKEY_get_default_digest_nid.pod @@ -13,7 +13,8 @@ EVP_PKEY_get_default_digest_nid - get default signature digest The EVP_PKEY_get_default_digest_nid() function sets B to the default message digest NID for the public key signature operations associated with key -B. +B. Note that some signature algorithms (i.e. Ed25519 and Ed448) do not use +a digest during signing. In this case B will be set to NID_undef. =head1 NOTES @@ -40,7 +41,7 @@ This function was first added to OpenSSL 1.0.0. =head1 COPYRIGHT -Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/EVP_PKEY_keygen.pod b/deps/openssl/openssl/doc/man3/EVP_PKEY_keygen.pod similarity index 72% rename from deps/openssl/openssl/doc/crypto/EVP_PKEY_keygen.pod rename to deps/openssl/openssl/doc/man3/EVP_PKEY_keygen.pod index b1e708fc5bd36f..0b86eaaaa3dbaa 100644 --- a/deps/openssl/openssl/doc/crypto/EVP_PKEY_keygen.pod +++ b/deps/openssl/openssl/doc/man3/EVP_PKEY_keygen.pod @@ -6,8 +6,9 @@ EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init, EVP_PKEY_paramgen, EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb, EVP_PKEY_CTX_get_keygen_info, EVP_PKEY_CTX_set_app_data, EVP_PKEY_CTX_get_app_data, -EVP_PKEY_gen_cb -- key and parameter generation functions +EVP_PKEY_gen_cb, EVP_PKEY_check, EVP_PKEY_public_check, +EVP_PKEY_param_check +- key and parameter generation and check functions =head1 SYNOPSIS @@ -28,6 +29,10 @@ EVP_PKEY_gen_cb void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data); void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx); + int EVP_PKEY_check(EVP_PKEY_CTX *ctx); + int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx); + int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx); + =head1 DESCRIPTION The EVP_PKEY_keygen_init() function initializes a public key algorithm @@ -58,6 +63,18 @@ and retrieve an opaque pointer. This can be used to set some application defined value which can be retrieved in the callback: for example a handle which is used to update a "progress dialog". +EVP_PKEY_check() validates the key-pair given by B. This function first tries +to use customized key check method in B if it's present; otherwise +it calls a default one defined in B. + +EVP_PKEY_public_check() validates the public component of the key-pair given by B. +This function first tries to use customized key check method in B +if it's present; otherwise it calls a default one defined in B. + +EVP_PKEY_param_check() validates the algorithm parameters of the key-pair given by B. +This function first tries to use customized key check method in B +if it's present; otherwise it calls a default one defined in B. + =head1 NOTES After the call to EVP_PKEY_keygen_init() or EVP_PKEY_paramgen_init() algorithm @@ -89,6 +106,10 @@ EVP_PKEY_paramgen() return 1 for success and 0 or a negative value for failure. In particular a return value of -2 indicates the operation is not supported by the public key algorithm. +EVP_PKEY_check(), EVP_PKEY_public_check() and EVP_PKEY_param_check() return 1 +for success or others for failure. They return -2 if the operation is not supported +for the specific algorithm. + =head1 EXAMPLES Generate a 2048 bit RSA key: @@ -98,17 +119,18 @@ Generate a 2048 bit RSA key: EVP_PKEY_CTX *ctx; EVP_PKEY *pkey = NULL; + ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); if (!ctx) - /* Error occurred */ + /* Error occurred */ if (EVP_PKEY_keygen_init(ctx) <= 0) - /* Error */ + /* Error */ if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0) - /* Error */ + /* Error */ /* Generate key */ if (EVP_PKEY_keygen(ctx, &pkey) <= 0) - /* Error */ + /* Error */ Generate a key from a set of parameters: @@ -116,17 +138,19 @@ Generate a key from a set of parameters: #include EVP_PKEY_CTX *ctx; + ENGINE *eng; EVP_PKEY *pkey = NULL, *param; - /* Assumed param is set up already */ - ctx = EVP_PKEY_CTX_new(param); + + /* Assumed param, eng are set up already */ + ctx = EVP_PKEY_CTX_new(param, eng); if (!ctx) - /* Error occurred */ + /* Error occurred */ if (EVP_PKEY_keygen_init(ctx) <= 0) - /* Error */ + /* Error */ /* Generate key */ if (EVP_PKEY_keygen(ctx, &pkey) <= 0) - /* Error */ + /* Error */ Example of generation callback for OpenSSL public key implementations: @@ -135,19 +159,23 @@ Example of generation callback for OpenSSL public key implementations: EVP_PKEY_CTX_set_app_data(ctx, status_bio); static int genpkey_cb(EVP_PKEY_CTX *ctx) - { - char c = '*'; - BIO *b = EVP_PKEY_CTX_get_app_data(ctx); - int p; - p = EVP_PKEY_CTX_get_keygen_info(ctx, 0); - if (p == 0) c = '.'; - if (p == 1) c = '+'; - if (p == 2) c = '*'; - if (p == 3) c = '\n'; - BIO_write(b, &c, 1); - (void)BIO_flush(b); - return 1; - } + { + char c = '*'; + BIO *b = EVP_PKEY_CTX_get_app_data(ctx); + int p = EVP_PKEY_CTX_get_keygen_info(ctx, 0); + + if (p == 0) + c = '.'; + if (p == 1) + c = '+'; + if (p == 2) + c = '*'; + if (p == 3) + c = '\n'; + BIO_write(b, &c, 1); + (void)BIO_flush(b); + return 1; + } =head1 SEE ALSO @@ -163,9 +191,12 @@ L These functions were first added to OpenSSL 1.0.0. +EVP_PKEY_check(), EVP_PKEY_public_check() and EVP_PKEY_param_check() were added +in OpenSSL 1.1.1. + =head1 COPYRIGHT -Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/EVP_PKEY_meth_get_count.pod b/deps/openssl/openssl/doc/man3/EVP_PKEY_meth_get_count.pod new file mode 100644 index 00000000000000..4d2eab50fe0a5b --- /dev/null +++ b/deps/openssl/openssl/doc/man3/EVP_PKEY_meth_get_count.pod @@ -0,0 +1,50 @@ +=pod + +=head1 NAME + +EVP_PKEY_meth_get_count, EVP_PKEY_meth_get0, EVP_PKEY_meth_get0_info - enumerate public key methods + +=head1 SYNOPSIS + + #include + + size_t EVP_PKEY_meth_get_count(void); + const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx); + void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, + const EVP_PKEY_METHOD *meth); + +=head1 DESCRIPTION + +EVP_PKEY_meth_count() returns a count of the number of public key methods +available: it includes standard methods and any methods added by the +application. + +EVP_PKEY_meth_get0() returns the public key method B. The value of B +must be between zero and EVP_PKEY_meth_get_count() - 1. + +EVP_PKEY_meth_get0_info() returns the public key ID (a NID) and any flags +associated with the public key method B<*meth>. + +=head1 RETURN VALUES + +EVP_PKEY_meth_count() returns the number of available public key methods. + +EVP_PKEY_meth_get0() return a public key method or B if B is +out of range. + +EVP_PKEY_meth_get0_info() does not return a value. + +=head1 SEE ALSO + +L + +=head1 COPYRIGHT + +Copyright 2002-2017 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/EVP_PKEY_meth_new.pod b/deps/openssl/openssl/doc/man3/EVP_PKEY_meth_new.pod new file mode 100644 index 00000000000000..db803fc2a268ff --- /dev/null +++ b/deps/openssl/openssl/doc/man3/EVP_PKEY_meth_new.pod @@ -0,0 +1,424 @@ +=pod + +=head1 NAME + +EVP_PKEY_meth_new, EVP_PKEY_meth_free, EVP_PKEY_meth_copy, EVP_PKEY_meth_find, +EVP_PKEY_meth_add0, EVP_PKEY_METHOD, +EVP_PKEY_meth_set_init, EVP_PKEY_meth_set_copy, EVP_PKEY_meth_set_cleanup, +EVP_PKEY_meth_set_paramgen, EVP_PKEY_meth_set_keygen, EVP_PKEY_meth_set_sign, +EVP_PKEY_meth_set_verify, EVP_PKEY_meth_set_verify_recover, EVP_PKEY_meth_set_signctx, +EVP_PKEY_meth_set_verifyctx, EVP_PKEY_meth_set_encrypt, EVP_PKEY_meth_set_decrypt, +EVP_PKEY_meth_set_derive, EVP_PKEY_meth_set_ctrl, EVP_PKEY_meth_set_check, +EVP_PKEY_meth_set_public_check, EVP_PKEY_meth_set_param_check, +EVP_PKEY_meth_set_digest_custom, +EVP_PKEY_meth_get_init, EVP_PKEY_meth_get_copy, EVP_PKEY_meth_get_cleanup, +EVP_PKEY_meth_get_paramgen, EVP_PKEY_meth_get_keygen, EVP_PKEY_meth_get_sign, +EVP_PKEY_meth_get_verify, EVP_PKEY_meth_get_verify_recover, EVP_PKEY_meth_get_signctx, +EVP_PKEY_meth_get_verifyctx, EVP_PKEY_meth_get_encrypt, EVP_PKEY_meth_get_decrypt, +EVP_PKEY_meth_get_derive, EVP_PKEY_meth_get_ctrl, EVP_PKEY_meth_get_check, +EVP_PKEY_meth_get_public_check, EVP_PKEY_meth_get_param_check, +EVP_PKEY_meth_get_digest_custom, +EVP_PKEY_meth_remove +- manipulating EVP_PKEY_METHOD structure + +=head1 SYNOPSIS + + #include + + typedef struct evp_pkey_method_st EVP_PKEY_METHOD; + + EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags); + void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth); + void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src); + const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type); + int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth); + int EVP_PKEY_meth_remove(const EVP_PKEY_METHOD *pmeth); + + void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth, + int (*init) (EVP_PKEY_CTX *ctx)); + void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth, + int (*copy) (EVP_PKEY_CTX *dst, + EVP_PKEY_CTX *src)); + void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth, + void (*cleanup) (EVP_PKEY_CTX *ctx)); + void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth, + int (*paramgen_init) (EVP_PKEY_CTX *ctx), + int (*paramgen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth, + int (*keygen_init) (EVP_PKEY_CTX *ctx), + int (*keygen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth, + int (*sign_init) (EVP_PKEY_CTX *ctx), + int (*sign) (EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth, + int (*verify_init) (EVP_PKEY_CTX *ctx), + int (*verify) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); + void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth, + int (*verify_recover_init) (EVP_PKEY_CTX + *ctx), + int (*verify_recover) (EVP_PKEY_CTX + *ctx, + unsigned char + *sig, + size_t *siglen, + const unsigned + char *tbs, + size_t tbslen)); + void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth, + int (*signctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (*signctx) (EVP_PKEY_CTX *ctx, + unsigned char *sig, + size_t *siglen, + EVP_MD_CTX *mctx)); + void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth, + int (*verifyctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (*verifyctx) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + int siglen, + EVP_MD_CTX *mctx)); + void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth, + int (*encrypt_init) (EVP_PKEY_CTX *ctx), + int (*encryptfn) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth, + int (*decrypt_init) (EVP_PKEY_CTX *ctx), + int (*decrypt) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth, + int (*derive_init) (EVP_PKEY_CTX *ctx), + int (*derive) (EVP_PKEY_CTX *ctx, + unsigned char *key, + size_t *keylen)); + void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, + int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, + void *p2), + int (*ctrl_str) (EVP_PKEY_CTX *ctx, + const char *type, + const char *value)); + void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, + int (*check) (EVP_PKEY *pkey)); + void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth, + int (*check) (EVP_PKEY *pkey)); + void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth, + int (*check) (EVP_PKEY *pkey)); + void EVP_PKEY_meth_set_digest_custom(EVP_PKEY_METHOD *pmeth, + int (*digest_custom) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx)); + + void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD *pmeth, + int (**pinit) (EVP_PKEY_CTX *ctx)); + void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD *pmeth, + int (**pcopy) (EVP_PKEY_CTX *dst, + EVP_PKEY_CTX *src)); + void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD *pmeth, + void (**pcleanup) (EVP_PKEY_CTX *ctx)); + void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD *pmeth, + int (**pparamgen_init) (EVP_PKEY_CTX *ctx), + int (**pparamgen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD *pmeth, + int (**pkeygen_init) (EVP_PKEY_CTX *ctx), + int (**pkeygen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD *pmeth, + int (**psign_init) (EVP_PKEY_CTX *ctx), + int (**psign) (EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD *pmeth, + int (**pverify_init) (EVP_PKEY_CTX *ctx), + int (**pverify) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); + void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD *pmeth, + int (**pverify_recover_init) (EVP_PKEY_CTX + *ctx), + int (**pverify_recover) (EVP_PKEY_CTX + *ctx, + unsigned char + *sig, + size_t *siglen, + const unsigned + char *tbs, + size_t tbslen)); + void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD *pmeth, + int (**psignctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (**psignctx) (EVP_PKEY_CTX *ctx, + unsigned char *sig, + size_t *siglen, + EVP_MD_CTX *mctx)); + void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD *pmeth, + int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (**pverifyctx) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + int siglen, + EVP_MD_CTX *mctx)); + void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD *pmeth, + int (**pencrypt_init) (EVP_PKEY_CTX *ctx), + int (**pencryptfn) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD *pmeth, + int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), + int (**pdecrypt) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD *pmeth, + int (**pderive_init) (EVP_PKEY_CTX *ctx), + int (**pderive) (EVP_PKEY_CTX *ctx, + unsigned char *key, + size_t *keylen)); + void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth, + int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, + void *p2), + int (**pctrl_str) (EVP_PKEY_CTX *ctx, + const char *type, + const char *value)); + void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth, + int (**pcheck) (EVP_PKEY *pkey)); + void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD *pmeth, + int (**pcheck) (EVP_PKEY *pkey)); + void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth, + int (**pcheck) (EVP_PKEY *pkey)); + void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD *pmeth, + int (**pdigest_custom) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx)); + +=head1 DESCRIPTION + +B is a structure which holds a set of methods for a +specific public key cryptographic algorithm. Those methods are usually +used to perform different jobs, such as generating a key, signing or +verifying, encrypting or decrypting, etc. + +There are two places where the B objects are stored: one +is a built-in static array representing the standard methods for different +algorithms, and the other one is a stack of user-defined application-specific +methods, which can be manipulated by using L. + +The B objects are usually referenced by B +objects. + +=head2 Methods + +The methods are the underlying implementations of a particular public key +algorithm present by the B object. + + int (*init) (EVP_PKEY_CTX *ctx); + int (*copy) (EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src); + void (*cleanup) (EVP_PKEY_CTX *ctx); + +The init() method is called to initialize algorithm-specific data when a new +B is created. As opposed to init(), the cleanup() method is called +when an B is freed. The copy() method is called when an B +is being duplicated. Refer to L, L, +L and L. + + int (*paramgen_init) (EVP_PKEY_CTX *ctx); + int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); + +The paramgen_init() and paramgen() methods deal with key parameter generation. +They are called by L and L to +handle the parameter generation process. + + int (*keygen_init) (EVP_PKEY_CTX *ctx); + int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); + +The keygen_init() and keygen() methods are used to generate the actual key for +the specified algorithm. They are called by L and +L. + + int (*sign_init) (EVP_PKEY_CTX *ctx); + int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen); + +The sign_init() and sign() methods are used to generate the signature of a +piece of data using a private key. They are called by L +and L. + + int (*verify_init) (EVP_PKEY_CTX *ctx); + int (*verify) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen); + +The verify_init() and verify() methods are used to verify whether a signature is +valid. They are called by L and L. + + int (*verify_recover_init) (EVP_PKEY_CTX *ctx); + int (*verify_recover) (EVP_PKEY_CTX *ctx, + unsigned char *rout, size_t *routlen, + const unsigned char *sig, size_t siglen); + +The verify_recover_init() and verify_recover() methods are used to verify a +signature and then recover the digest from the signature (for instance, a +signature that was generated by RSA signing algorithm). They are called by +L and L. + + int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); + int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + EVP_MD_CTX *mctx); + +The signctx_init() and signctx() methods are used to sign a digest present by +a B object. They are called by the EVP_DigestSign functions. See +L for detail. + + int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); + int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen, + EVP_MD_CTX *mctx); + +The verifyctx_init() and verifyctx() methods are used to verify a signature +against the data in a B object. They are called by the various +EVP_DigestVerify functions. See L for detail. + + int (*encrypt_init) (EVP_PKEY_CTX *ctx); + int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); + +The encrypt_init() and encrypt() methods are used to encrypt a piece of data. +They are called by L and L. + + int (*decrypt_init) (EVP_PKEY_CTX *ctx); + int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); + +The decrypt_init() and decrypt() methods are used to decrypt a piece of data. +They are called by L and L. + + int (*derive_init) (EVP_PKEY_CTX *ctx); + int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); + +The derive_init() and derive() methods are used to derive the shared secret +from a public key algorithm (for instance, the DH algorithm). They are called by +L and L. + + int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2); + int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value); + +The ctrl() and ctrl_str() methods are used to adjust algorithm-specific +settings. See L and related functions for detail. + + int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen); + int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen, const unsigned char *tbs, + size_t tbslen); + +The digestsign() and digestverify() methods are used to generate or verify +a signature in a one-shot mode. They could be called by L +and L. + + int (*check) (EVP_PKEY *pkey); + int (*public_check) (EVP_PKEY *pkey); + int (*param_check) (EVP_PKEY *pkey); + +The check(), public_check() and param_check() methods are used to validate a +key-pair, the public component and parameters respectively for a given B. +They could be called by L, L and +L respectively. + + int (*digest_custom) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); + +The digest_custom() method is used to generate customized digest content before +the real message is passed to functions like L or +L. This is usually required by some public key +signature algorithms like SM2 which requires a hashed prefix to the message to +be signed. The digest_custom() function will be called by L +and L. + +=head2 Functions + +EVP_PKEY_meth_new() creates and returns a new B object, +and associates the given B and B. The following flags are +supported: + + EVP_PKEY_FLAG_AUTOARGLEN + EVP_PKEY_FLAG_SIGCTX_CUSTOM + +If an B is set with the B flag, the +maximum size of the output buffer will be automatically calculated or checked +in corresponding EVP methods by the EVP framework. Thus the implementations of +these methods don't need to care about handling the case of returning output +buffer size by themselves. For details on the output buffer size, refer to +L. + +The B is used to indicate the signctx() method +of an B is always called by the EVP framework while doing a +digest signing operation by calling L. + +EVP_PKEY_meth_free() frees an existing B pointed by +B. + +EVP_PKEY_meth_copy() copies an B object from B +to B. + +EVP_PKEY_meth_find() finds an B object with the B. +This function first searches through the user-defined method objects and +then the built-in objects. + +EVP_PKEY_meth_add0() adds B to the user defined stack of methods. + +EVP_PKEY_meth_remove() removes an B object added by +EVP_PKEY_meth_add0(). + +The EVP_PKEY_meth_set functions set the corresponding fields of +B structure with the arguments passed. + +The EVP_PKEY_meth_get functions get the corresponding fields of +B structure to the arguments provided. + +=head1 RETURN VALUES + +EVP_PKEY_meth_new() returns a pointer to a new B +object or returns NULL on error. + +EVP_PKEY_meth_free() and EVP_PKEY_meth_copy() do not return values. + +EVP_PKEY_meth_find() returns a pointer to the found B +object or returns NULL if not found. + +EVP_PKEY_meth_add0() returns 1 if method is added successfully or 0 +if an error occurred. + +EVP_PKEY_meth_remove() returns 1 if method is removed successfully or +0 if an error occurred. + +All EVP_PKEY_meth_set and EVP_PKEY_meth_get functions have no return +values. For the 'get' functions, function pointers are returned by +arguments. + +=head1 COPYRIGHT + +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/EVP_PKEY_new.pod b/deps/openssl/openssl/doc/man3/EVP_PKEY_new.pod new file mode 100644 index 00000000000000..a3532a359632bd --- /dev/null +++ b/deps/openssl/openssl/doc/man3/EVP_PKEY_new.pod @@ -0,0 +1,133 @@ +=pod + +=head1 NAME + +EVP_PKEY_new, +EVP_PKEY_up_ref, +EVP_PKEY_free, +EVP_PKEY_new_raw_private_key, +EVP_PKEY_new_raw_public_key, +EVP_PKEY_new_CMAC_key, +EVP_PKEY_new_mac_key, +EVP_PKEY_get_raw_private_key, +EVP_PKEY_get_raw_public_key +- public/private key allocation and raw key handling functions + +=head1 SYNOPSIS + + #include + + EVP_PKEY *EVP_PKEY_new(void); + int EVP_PKEY_up_ref(EVP_PKEY *key); + void EVP_PKEY_free(EVP_PKEY *key); + + EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e, + const unsigned char *key, size_t keylen); + EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e, + const unsigned char *key, size_t keylen); + EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, + size_t len, const EVP_CIPHER *cipher); + EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key, + int keylen); + + int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, unsigned char *priv, + size_t *len); + int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub, + size_t *len); + +=head1 DESCRIPTION + +The EVP_PKEY_new() function allocates an empty B structure which is +used by OpenSSL to store public and private keys. The reference count is set to +B<1>. + +EVP_PKEY_up_ref() increments the reference count of B. + +EVP_PKEY_free() decrements the reference count of B and, if the reference +count is zero, frees it up. If B is NULL, nothing is done. + +EVP_PKEY_new_raw_private_key() allocates a new B. If B is non-NULL +then the new B structure is associated with the engine B. The +B argument indicates what kind of key this is. The value should be a NID +for a public key algorithm that supports raw private keys, i.e. one of +B, B, B, B, +B, B or B. B points to the +raw private key data for this B which should be of length B. +The length should be appropriate for the type of the key. The public key data +will be automatically derived from the given private key data (if appropriate +for the algorithm type). + +EVP_PKEY_new_raw_public_key() works in the same way as +EVP_PKEY_new_raw_private_key() except that B points to the raw public key +data. The B structure will be initialised without any private key +information. Algorithm types that support raw public keys are +B, B, B or B. + +EVP_PKEY_new_CMAC_key() works in the same way as EVP_PKEY_new_raw_private_key() +except it is only for the B algorithm type. In addition to the +raw private key data, it also takes a cipher algorithm to be used during +creation of a CMAC in the B argument. + +EVP_PKEY_new_mac_key() works in the same way as EVP_PKEY_new_raw_private_key(). +New applications should use EVP_PKEY_new_raw_private_key() instead. + +EVP_PKEY_get_raw_private_key() fills the buffer provided by B with raw +private key data. The number of bytes written is populated in B<*len>. If the +buffer B is NULL then B<*len> is populated with the number of bytes +required to hold the key. The calling application is responsible for ensuring +that the buffer is large enough to receive the private key data. This function +only works for algorithms that support raw private keys. Currently this is: +B, B, B, B, +B, B or B. + +EVP_PKEY_get_raw_public_key() fills the buffer provided by B with raw +public key data. The number of bytes written is populated in B<*len>. If the +buffer B is NULL then B<*len> is populated with the number of bytes +required to hold the key. The calling application is responsible for ensuring +that the buffer is large enough to receive the public key data. This function +only works for algorithms that support raw public keys. Currently this is: +B, B, B or B. + +=head1 NOTES + +The B structure is used by various OpenSSL functions which require a +general private key without reference to any particular algorithm. + +The structure returned by EVP_PKEY_new() is empty. To add a private or public +key to this empty structure use the appropriate functions described in +L, L, L or +L. + +=head1 RETURN VALUES + +EVP_PKEY_new(), EVP_PKEY_new_raw_private_key(), EVP_PKEY_new_raw_public_key(), +EVP_PKEY_new_CMAC_key() and EVP_PKEY_new_mac_key() return either the newly +allocated B structure or B if an error occurred. + +EVP_PKEY_up_ref(), EVP_PKEY_get_raw_private_key() and +EVP_PKEY_get_raw_public_key() return 1 for success and 0 for failure. + +=head1 SEE ALSO + +L, L, L or +L + +=head1 HISTORY + +EVP_PKEY_new() and EVP_PKEY_free() exist in all versions of OpenSSL. + +EVP_PKEY_up_ref() was first added to OpenSSL 1.1.0. +EVP_PKEY_new_raw_private_key(), EVP_PKEY_new_raw_public_key(), +EVP_PKEY_new_CMAC_key(), EVP_PKEY_new_raw_private_key() and +EVP_PKEY_get_raw_public_key() were first added to OpenSSL 1.1.1. + +=head1 COPYRIGHT + +Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/crypto/EVP_PKEY_print_private.pod b/deps/openssl/openssl/doc/man3/EVP_PKEY_print_private.pod similarity index 86% rename from deps/openssl/openssl/doc/crypto/EVP_PKEY_print_private.pod rename to deps/openssl/openssl/doc/man3/EVP_PKEY_print_private.pod index 9f1d324f81bece..3ebd086a1c1936 100644 --- a/deps/openssl/openssl/doc/crypto/EVP_PKEY_print_private.pod +++ b/deps/openssl/openssl/doc/man3/EVP_PKEY_print_private.pod @@ -9,11 +9,11 @@ EVP_PKEY_print_public, EVP_PKEY_print_private, EVP_PKEY_print_params - public ke #include int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, - int indent, ASN1_PCTX *pctx); + int indent, ASN1_PCTX *pctx); int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, - int indent, ASN1_PCTX *pctx); + int indent, ASN1_PCTX *pctx); int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, - int indent, ASN1_PCTX *pctx); + int indent, ASN1_PCTX *pctx); =head1 DESCRIPTION @@ -28,8 +28,7 @@ be used. =head1 NOTES -Currently no public key algorithms include any options in the B parameter -parameter. +Currently no public key algorithms include any options in the B parameter. If the key does not include all the components indicated by the function then only those contained in the key will be printed. For example passing a public @@ -52,7 +51,7 @@ These functions were first added to OpenSSL 1.0.0. =head1 COPYRIGHT -Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/EVP_PKEY_set1_RSA.pod b/deps/openssl/openssl/doc/man3/EVP_PKEY_set1_RSA.pod similarity index 70% rename from deps/openssl/openssl/doc/crypto/EVP_PKEY_set1_RSA.pod rename to deps/openssl/openssl/doc/man3/EVP_PKEY_set1_RSA.pod index 884cf91cb7feb8..d10fc59d8bccac 100644 --- a/deps/openssl/openssl/doc/crypto/EVP_PKEY_set1_RSA.pod +++ b/deps/openssl/openssl/doc/man3/EVP_PKEY_set1_RSA.pod @@ -6,8 +6,10 @@ EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY, EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY, EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY, EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, -EVP_PKEY_assign_EC_KEY, EVP_PKEY_get0_hmac, EVP_PKEY_type, EVP_PKEY_id, -EVP_PKEY_base_id, EVP_PKEY_set1_engine - EVP_PKEY assignment functions +EVP_PKEY_assign_EC_KEY, EVP_PKEY_assign_POLY1305, EVP_PKEY_assign_SIPHASH, +EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305, EVP_PKEY_get0_siphash, +EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id, EVP_PKEY_set_alias_type, +EVP_PKEY_set1_engine - EVP_PKEY assignment functions =head1 SYNOPSIS @@ -24,6 +26,8 @@ EVP_PKEY_base_id, EVP_PKEY_set1_engine - EVP_PKEY assignment functions EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len); + const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len); + const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len); RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey); DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey); @@ -33,10 +37,13 @@ EVP_PKEY_base_id, EVP_PKEY_set1_engine - EVP_PKEY assignment functions int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key); int EVP_PKEY_assign_DH(EVP_PKEY *pkey, DH *key); int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key); + int EVP_PKEY_assign_POLY1305(EVP_PKEY *pkey, ASN1_OCTET_STRING *key); + int EVP_PKEY_assign_SIPHASH(EVP_PKEY *pkey, ASN1_OCTET_STRING *key); int EVP_PKEY_id(const EVP_PKEY *pkey); int EVP_PKEY_base_id(const EVP_PKEY *pkey); int EVP_PKEY_type(int type); + int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type); int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *engine); @@ -49,14 +56,15 @@ EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and EVP_PKEY_get1_EC_KEY() return the referenced key in B or B if the key is not of the correct type. -EVP_PKEY_get0_hmac(), EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), -EVP_PKEY_get0_DH() and EVP_PKEY_get0_EC_KEY() also return the -referenced key in B or B if the key is not of the -correct type but the reference count of the returned key is -B incremented and so must not be freed up after use. +EVP_PKEY_get0_hmac(), EVP_PKEY_get0_poly1305(), EVP_PKEY_get0_siphash(), +EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_DH() +and EVP_PKEY_get0_EC_KEY() also return the referenced key in B or B +if the key is not of the correct type but the reference count of the +returned key is B incremented and so must not be freed up after use. -EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH() -and EVP_PKEY_assign_EC_KEY() also set the referenced key to B +EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(), +EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305() and +EVP_PKEY_assign_SIPHASH() also set the referenced key to B however these use the supplied B internally and so B will be freed when the parent B is freed. @@ -78,14 +86,19 @@ must be called after the key algorithm and components are set up. If B does not include an B for B an error occurs. +EVP_PKEY_set_alias_type() allows modifying a EVP_PKEY to use a +different set of algorithms than the default. This is currently used +to support SM2 keys, which use an identical encoding to ECDSA. + =head1 NOTES In accordance with the OpenSSL naming convention the key obtained from or assigned to the B using the B<1> functions must be freed as well as B. -EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH() -and EVP_PKEY_assign_EC_KEY() are implemented as macros. +EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(), +EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305() +and EVP_PKEY_assign_SIPHASH() are implemented as macros. Most applications wishing to know a key type will simply call EVP_PKEY_base_id() and will not care about the actual type: @@ -98,6 +111,13 @@ is no longer possible: the equivalent is EVP_PKEY_base_id(pkey). EVP_PKEY_set1_engine() is typically used by an ENGINE returning an HSM key as part of its routine to load a private key. +=head1 EXAMPLES + +After loading an ECC key, it is possible to convert it to using SM2 +algorithms with EVP_PKEY_set_alias_type: + + EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2); + =head1 RETURN VALUES EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and @@ -107,21 +127,24 @@ EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and EVP_PKEY_get1_EC_KEY() return the referenced key or B if an error occurred. -EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH() -and EVP_PKEY_assign_EC_KEY() return 1 for success and 0 for failure. +EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(), +EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305() +and EVP_PKEY_assign_SIPHASH() return 1 for success and 0 for failure. EVP_PKEY_base_id(), EVP_PKEY_id() and EVP_PKEY_type() return a key type or B (equivalently B) on error. EVP_PKEY_set1_engine() returns 1 for success and 0 for failure. +EVP_PKEY_set_alias_type() returns 1 for success and 0 for error. + =head1 SEE ALSO L =head1 COPYRIGHT -Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/EVP_PKEY_sign.pod b/deps/openssl/openssl/doc/man3/EVP_PKEY_sign.pod similarity index 91% rename from deps/openssl/openssl/doc/crypto/EVP_PKEY_sign.pod rename to deps/openssl/openssl/doc/man3/EVP_PKEY_sign.pod index 9b3c8d4593fedd..bdebf0b9241f80 100644 --- a/deps/openssl/openssl/doc/crypto/EVP_PKEY_sign.pod +++ b/deps/openssl/openssl/doc/man3/EVP_PKEY_sign.pod @@ -10,8 +10,8 @@ EVP_PKEY_sign_init, EVP_PKEY_sign - sign using a public key algorithm int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx); int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, - unsigned char *sig, size_t *siglen, - const unsigned char *tbs, size_t tbslen); + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen); =head1 DESCRIPTION @@ -66,25 +66,25 @@ Sign data using RSA with PKCS#1 padding and SHA256 digest: */ ctx = EVP_PKEY_CTX_new(signing_key, NULL /* no engine */); if (!ctx) - /* Error occurred */ + /* Error occurred */ if (EVP_PKEY_sign_init(ctx) <= 0) - /* Error */ + /* Error */ if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) - /* Error */ + /* Error */ if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) - /* Error */ + /* Error */ /* Determine buffer length */ if (EVP_PKEY_sign(ctx, NULL, &siglen, md, mdlen) <= 0) - /* Error */ + /* Error */ sig = OPENSSL_malloc(siglen); if (!sig) - /* malloc failure */ + /* malloc failure */ if (EVP_PKEY_sign(ctx, sig, &siglen, md, mdlen) <= 0) - /* Error */ + /* Error */ /* Signature is siglen bytes written to buffer sig */ diff --git a/deps/openssl/openssl/doc/crypto/EVP_PKEY_verify.pod b/deps/openssl/openssl/doc/man3/EVP_PKEY_verify.pod similarity index 82% rename from deps/openssl/openssl/doc/crypto/EVP_PKEY_verify.pod rename to deps/openssl/openssl/doc/man3/EVP_PKEY_verify.pod index e84f8804197c4b..57d7f8cf86f8e6 100644 --- a/deps/openssl/openssl/doc/crypto/EVP_PKEY_verify.pod +++ b/deps/openssl/openssl/doc/man3/EVP_PKEY_verify.pod @@ -10,8 +10,8 @@ EVP_PKEY_verify_init, EVP_PKEY_verify - signature verification using a public ke int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx); int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, - const unsigned char *sig, size_t siglen, - const unsigned char *tbs, size_t tbslen); + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen); =head1 DESCRIPTION @@ -36,7 +36,7 @@ context if several operations are performed using the same parameters. EVP_PKEY_verify_init() and EVP_PKEY_verify() return 1 if the verification was successful and 0 if it failed. Unlike other functions the return value 0 from -EVP_PKEY_verify() only indicates that the signature did not not verify +EVP_PKEY_verify() only indicates that the signature did not verify successfully (that is tbs did not match the original data or the signature was of invalid form) it is not an indication of a more serious error. @@ -55,23 +55,26 @@ Verify signature using PKCS#1 and SHA256 digest: unsigned char *md, *sig; size_t mdlen, siglen; EVP_PKEY *verify_key; - /* NB: assumes verify_key, sig, siglen md and mdlen are already set up + + /* + * NB: assumes verify_key, sig, siglen md and mdlen are already set up * and that verify_key is an RSA public key */ - ctx = EVP_PKEY_CTX_new(verify_key); + ctx = EVP_PKEY_CTX_new(verify_key, NULL /* no engine */); if (!ctx) - /* Error occurred */ + /* Error occurred */ if (EVP_PKEY_verify_init(ctx) <= 0) - /* Error */ + /* Error */ if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) - /* Error */ + /* Error */ if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) - /* Error */ + /* Error */ /* Perform operation */ ret = EVP_PKEY_verify(ctx, sig, siglen, md, mdlen); - /* ret == 1 indicates success, 0 verify failure and < 0 for some + /* + * ret == 1 indicates success, 0 verify failure and < 0 for some * other error. */ @@ -90,7 +93,7 @@ These functions were first added to OpenSSL 1.0.0. =head1 COPYRIGHT -Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/EVP_PKEY_verify_recover.pod b/deps/openssl/openssl/doc/man3/EVP_PKEY_verify_recover.pod similarity index 86% rename from deps/openssl/openssl/doc/crypto/EVP_PKEY_verify_recover.pod rename to deps/openssl/openssl/doc/man3/EVP_PKEY_verify_recover.pod index 837bc64ec2275a..85d76f84ac37f9 100644 --- a/deps/openssl/openssl/doc/crypto/EVP_PKEY_verify_recover.pod +++ b/deps/openssl/openssl/doc/man3/EVP_PKEY_verify_recover.pod @@ -10,8 +10,8 @@ EVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover - recover signature using int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx); int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, - unsigned char *rout, size_t *routlen, - const unsigned char *sig, size_t siglen); + unsigned char *rout, size_t *routlen, + const unsigned char *sig, size_t siglen); =head1 DESCRIPTION @@ -60,30 +60,32 @@ Recover digest originally signed using PKCS#1 and SHA256 digest: unsigned char *rout, *sig; size_t routlen, siglen; EVP_PKEY *verify_key; - /* NB: assumes verify_key, sig and siglen are already set up + + /* + * NB: assumes verify_key, sig and siglen are already set up * and that verify_key is an RSA public key */ - ctx = EVP_PKEY_CTX_new(verify_key); + ctx = EVP_PKEY_CTX_new(verify_key, NULL /* no engine */); if (!ctx) - /* Error occurred */ + /* Error occurred */ if (EVP_PKEY_verify_recover_init(ctx) <= 0) - /* Error */ + /* Error */ if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) - /* Error */ + /* Error */ if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) - /* Error */ + /* Error */ /* Determine buffer length */ if (EVP_PKEY_verify_recover(ctx, NULL, &routlen, sig, siglen) <= 0) - /* Error */ + /* Error */ rout = OPENSSL_malloc(routlen); if (!rout) - /* malloc failure */ + /* malloc failure */ if (EVP_PKEY_verify_recover(ctx, rout, &routlen, sig, siglen) <= 0) - /* Error */ + /* Error */ /* Recovered data is routlen bytes written to buffer rout */ @@ -102,7 +104,7 @@ These functions were first added to OpenSSL 1.0.0. =head1 COPYRIGHT -Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/EVP_SealInit.pod b/deps/openssl/openssl/doc/man3/EVP_SealInit.pod similarity index 95% rename from deps/openssl/openssl/doc/crypto/EVP_SealInit.pod rename to deps/openssl/openssl/doc/man3/EVP_SealInit.pod index 30bd6808c198ce..29d89c30529a5a 100644 --- a/deps/openssl/openssl/doc/crypto/EVP_SealInit.pod +++ b/deps/openssl/openssl/doc/man3/EVP_SealInit.pod @@ -12,9 +12,8 @@ EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption unsigned char **ek, int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk); int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl, unsigned char *in, int inl); - int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl); + int *outl, unsigned char *in, int inl); + int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); =head1 DESCRIPTION @@ -74,7 +73,7 @@ with B set to NULL. =head1 SEE ALSO -L, L, +L, L, L, L diff --git a/deps/openssl/openssl/doc/crypto/EVP_SignInit.pod b/deps/openssl/openssl/doc/man3/EVP_SignInit.pod similarity index 89% rename from deps/openssl/openssl/doc/crypto/EVP_SignInit.pod rename to deps/openssl/openssl/doc/man3/EVP_SignInit.pod index 21eb868b192505..12e67f8cbf8677 100644 --- a/deps/openssl/openssl/doc/crypto/EVP_SignInit.pod +++ b/deps/openssl/openssl/doc/man3/EVP_SignInit.pod @@ -3,7 +3,8 @@ =head1 NAME EVP_PKEY_size, -EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal - EVP signing +EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal, +EVP_PKEY_security_bits - EVP signing functions =head1 SYNOPSIS @@ -17,6 +18,7 @@ functions void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type); int EVP_PKEY_size(EVP_PKEY *pkey); + int EVP_PKEY_security_bits(const EVP_PKEY *pkey); =head1 DESCRIPTION @@ -44,6 +46,9 @@ implementation of digest B. EVP_PKEY_size() returns the maximum size of a signature in bytes. The actual signature returned by EVP_SignFinal() may be smaller. +EVP_PKEY_security_bits() returns the number of security bits of the given B, +bits of security is defined in NIST SP800-57. + =head1 RETURN VALUES EVP_SignInit_ex(), EVP_SignUpdate() and EVP_SignFinal() return 1 @@ -53,6 +58,8 @@ EVP_PKEY_size() returns the maximum size of a signature in bytes. The error codes can be obtained by L. +EVP_PKEY_security_bits() returns the number of security bits. + =head1 NOTES The B interface to digital signatures should almost always be used in @@ -68,7 +75,7 @@ This means that calls to EVP_SignUpdate() and EVP_SignFinal() can be called later to digest and sign additional data. Since only a copy of the digest context is ever finalized the context must -be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak +be cleaned up after use by calling EVP_MD_CTX_free() or a memory leak will occur. =head1 BUGS diff --git a/deps/openssl/openssl/doc/crypto/EVP_VerifyInit.pod b/deps/openssl/openssl/doc/man3/EVP_VerifyInit.pod similarity index 95% rename from deps/openssl/openssl/doc/crypto/EVP_VerifyInit.pod rename to deps/openssl/openssl/doc/man3/EVP_VerifyInit.pod index 92146098a8d079..f86825849b80ec 100644 --- a/deps/openssl/openssl/doc/crypto/EVP_VerifyInit.pod +++ b/deps/openssl/openssl/doc/man3/EVP_VerifyInit.pod @@ -12,7 +12,8 @@ EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal int EVP_VerifyInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); - int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf, unsigned int siglen, EVP_PKEY *pkey); + int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf, unsigned int siglen, + EVP_PKEY *pkey); int EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type); @@ -56,7 +57,7 @@ This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can be called later to digest and verify additional data. Since only a copy of the digest context is ever finalized the context must -be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak +be cleaned up after use by calling EVP_MD_CTX_free() or a memory leak will occur. =head1 BUGS diff --git a/deps/openssl/openssl/doc/man3/EVP_aes.pod b/deps/openssl/openssl/doc/man3/EVP_aes.pod new file mode 100644 index 00000000000000..f085bfd6afc7e0 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/EVP_aes.pod @@ -0,0 +1,186 @@ +=pod + +=head1 NAME + +EVP_aes_128_cbc, +EVP_aes_192_cbc, +EVP_aes_256_cbc, +EVP_aes_128_cfb, +EVP_aes_192_cfb, +EVP_aes_256_cfb, +EVP_aes_128_cfb1, +EVP_aes_192_cfb1, +EVP_aes_256_cfb1, +EVP_aes_128_cfb8, +EVP_aes_192_cfb8, +EVP_aes_256_cfb8, +EVP_aes_128_cfb128, +EVP_aes_192_cfb128, +EVP_aes_256_cfb128, +EVP_aes_128_ctr, +EVP_aes_192_ctr, +EVP_aes_256_ctr, +EVP_aes_128_ecb, +EVP_aes_192_ecb, +EVP_aes_256_ecb, +EVP_aes_128_ofb, +EVP_aes_192_ofb, +EVP_aes_256_ofb, +EVP_aes_128_cbc_hmac_sha1, +EVP_aes_256_cbc_hmac_sha1, +EVP_aes_128_cbc_hmac_sha256, +EVP_aes_256_cbc_hmac_sha256, +EVP_aes_128_ccm, +EVP_aes_192_ccm, +EVP_aes_256_ccm, +EVP_aes_128_gcm, +EVP_aes_192_gcm, +EVP_aes_256_gcm, +EVP_aes_128_ocb, +EVP_aes_192_ocb, +EVP_aes_256_ocb, +EVP_aes_128_wrap, +EVP_aes_192_wrap, +EVP_aes_256_wrap, +EVP_aes_128_wrap_pad, +EVP_aes_192_wrap_pad, +EVP_aes_256_wrap_pad, +EVP_aes_128_xts, +EVP_aes_256_xts +- EVP AES cipher + +=head1 SYNOPSIS + +=for comment generic + + #include + + const EVP_CIPHER *EVP_ciphername(void) + +I is used a placeholder for any of the described cipher +functions, such as I. + +=head1 DESCRIPTION + +The AES encryption algorithm for EVP. + +=over 4 + +=item EVP_aes_128_cbc(), +EVP_aes_192_cbc(), +EVP_aes_256_cbc(), +EVP_aes_128_cfb(), +EVP_aes_192_cfb(), +EVP_aes_256_cfb(), +EVP_aes_128_cfb1(), +EVP_aes_192_cfb1(), +EVP_aes_256_cfb1(), +EVP_aes_128_cfb8(), +EVP_aes_192_cfb8(), +EVP_aes_256_cfb8(), +EVP_aes_128_cfb128(), +EVP_aes_192_cfb128(), +EVP_aes_256_cfb128(), +EVP_aes_128_ctr(), +EVP_aes_192_ctr(), +EVP_aes_256_ctr(), +EVP_aes_128_ecb(), +EVP_aes_192_ecb(), +EVP_aes_256_ecb(), +EVP_aes_128_ofb(), +EVP_aes_192_ofb(), +EVP_aes_256_ofb() + +AES for 128, 192 and 256 bit keys in the following modes: CBC, CFB with 128-bit +shift, CFB with 1-bit shift, CFB with 8-bit shift, CTR, ECB, and OFB. + +=item EVP_aes_128_cbc_hmac_sha1(), +EVP_aes_256_cbc_hmac_sha1() + +Authenticated encryption with AES in CBC mode using SHA-1 as HMAC, with keys of +128 and 256 bits length respectively. The authentication tag is 160 bits long. + +WARNING: this is not intended for usage outside of TLS and requires calling of +some undocumented ctrl functions. These ciphers do not conform to the EVP AEAD +interface. + +=item EVP_aes_128_cbc_hmac_sha256(), +EVP_aes_256_cbc_hmac_sha256() + +Authenticated encryption with AES in CBC mode using SHA256 (SHA-2, 256-bits) as +HMAC, with keys of 128 and 256 bits length respectively. The authentication tag +is 256 bits long. + +WARNING: this is not intended for usage outside of TLS and requires calling of +some undocumented ctrl functions. These ciphers do not conform to the EVP AEAD +interface. + +=item EVP_aes_128_ccm(), +EVP_aes_192_ccm(), +EVP_aes_256_ccm(), +EVP_aes_128_gcm(), +EVP_aes_192_gcm(), +EVP_aes_256_gcm(), +EVP_aes_128_ocb(), +EVP_aes_192_ocb(), +EVP_aes_256_ocb() + +AES for 128, 192 and 256 bit keys in CBC-MAC Mode (CCM), Galois Counter Mode +(GCM) and OCB Mode respectively. These ciphers require additional control +operations to function correctly, see the L +section for details. + +=item EVP_aes_128_wrap(), +EVP_aes_192_wrap(), +EVP_aes_256_wrap(), +EVP_aes_128_wrap_pad(), +EVP_aes_128_wrap(), +EVP_aes_192_wrap(), +EVP_aes_256_wrap(), +EVP_aes_192_wrap_pad(), +EVP_aes_128_wrap(), +EVP_aes_192_wrap(), +EVP_aes_256_wrap(), +EVP_aes_256_wrap_pad() + +AES key wrap with 128, 192 and 256 bit keys, as according to RFC 3394 section +2.2.1 ("wrap") and RFC 5649 section 4.1 ("wrap with padding") respectively. + +=item EVP_aes_128_xts(), +EVP_aes_256_xts() + +AES XTS mode (XTS-AES) is standardized in IEEE Std. 1619-2007 and described in NIST +SP 800-38E. The XTS (XEX-based tweaked-codebook mode with ciphertext stealing) +mode was designed by Prof. Phillip Rogaway of University of California, Davis, +intended for encrypting data on a storage device. + +XTS-AES provides confidentiality but not authentication of data. It also +requires a key of double-length for protection of a certain key size. +In particular, XTS-AES-128 (B) takes input of a 256-bit key to +achieve AES 128-bit security, and XTS-AES-256 (B) takes input +of a 512-bit key to achieve AES 256-bit security. + +=back + +=head1 RETURN VALUES + +These functions return an B structure that contains the +implementation of the symmetric cipher. See L for +details of the B structure. + +=head1 SEE ALSO + +L, +L, +L + +=head1 COPYRIGHT + +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/EVP_aria.pod b/deps/openssl/openssl/doc/man3/EVP_aria.pod new file mode 100644 index 00000000000000..6b71642221c262 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/EVP_aria.pod @@ -0,0 +1,116 @@ +=pod + +=head1 NAME + +EVP_aria_128_cbc, +EVP_aria_192_cbc, +EVP_aria_256_cbc, +EVP_aria_128_cfb, +EVP_aria_192_cfb, +EVP_aria_256_cfb, +EVP_aria_128_cfb1, +EVP_aria_192_cfb1, +EVP_aria_256_cfb1, +EVP_aria_128_cfb8, +EVP_aria_192_cfb8, +EVP_aria_256_cfb8, +EVP_aria_128_cfb128, +EVP_aria_192_cfb128, +EVP_aria_256_cfb128, +EVP_aria_128_ctr, +EVP_aria_192_ctr, +EVP_aria_256_ctr, +EVP_aria_128_ecb, +EVP_aria_192_ecb, +EVP_aria_256_ecb, +EVP_aria_128_ofb, +EVP_aria_192_ofb, +EVP_aria_256_ofb, +EVP_aria_128_ccm, +EVP_aria_192_ccm, +EVP_aria_256_ccm, +EVP_aria_128_gcm, +EVP_aria_192_gcm, +EVP_aria_256_gcm, +- EVP AES cipher + +=head1 SYNOPSIS + +=for comment generic + + #include + + const EVP_CIPHER *EVP_ciphername(void) + +I is used a placeholder for any of the described cipher +functions, such as I. + +=head1 DESCRIPTION + +The ARIA encryption algorithm for EVP. + +=over 4 + +=item EVP_aria_128_cbc(), +EVP_aria_192_cbc(), +EVP_aria_256_cbc(), +EVP_aria_128_cfb(), +EVP_aria_192_cfb(), +EVP_aria_256_cfb(), +EVP_aria_128_cfb1(), +EVP_aria_192_cfb1(), +EVP_aria_256_cfb1(), +EVP_aria_128_cfb8(), +EVP_aria_192_cfb8(), +EVP_aria_256_cfb8(), +EVP_aria_128_cfb128(), +EVP_aria_192_cfb128(), +EVP_aria_256_cfb128(), +EVP_aria_128_ctr(), +EVP_aria_192_ctr(), +EVP_aria_256_ctr(), +EVP_aria_128_ecb(), +EVP_aria_192_ecb(), +EVP_aria_256_ecb(), +EVP_aria_128_ofb(), +EVP_aria_192_ofb(), +EVP_aria_256_ofb() + +ARIA for 128, 192 and 256 bit keys in the following modes: CBC, CFB with +128-bit shift, CFB with 1-bit shift, CFB with 8-bit shift, CTR, ECB and OFB. + +=item EVP_aria_128_ccm(), +EVP_aria_192_ccm(), +EVP_aria_256_ccm(), +EVP_aria_128_gcm(), +EVP_aria_192_gcm(), +EVP_aria_256_gcm(), + +ARIA for 128, 192 and 256 bit keys in CBC-MAC Mode (CCM) and Galois Counter +Mode (GCM). These ciphers require additional control operations to function +correctly, see the L section for details. + +=back + +=head1 RETURN VALUES + +These functions return an B structure that contains the +implementation of the symmetric cipher. See L for +details of the B structure. + +=head1 SEE ALSO + +L, +L, +L + +=head1 COPYRIGHT + +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/EVP_bf_cbc.pod b/deps/openssl/openssl/doc/man3/EVP_bf_cbc.pod new file mode 100644 index 00000000000000..fe326733c96d57 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/EVP_bf_cbc.pod @@ -0,0 +1,61 @@ +=pod + +=head1 NAME + +EVP_bf_cbc, +EVP_bf_cfb, +EVP_bf_cfb64, +EVP_bf_ecb, +EVP_bf_ofb +- EVP Blowfish cipher + +=head1 SYNOPSIS + + #include + + const EVP_CIPHER *EVP_bf_cbc(void) + const EVP_CIPHER *EVP_bf_cfb(void) + const EVP_CIPHER *EVP_bf_cfb64(void) + const EVP_CIPHER *EVP_bf_ecb(void) + const EVP_CIPHER *EVP_bf_ofb(void) + +=head1 DESCRIPTION + +The Blowfish encryption algorithm for EVP. + +This is a variable key length cipher. + +=over 4 + +=item EVP_bf_cbc(), +EVP_bf_cfb(), +EVP_bf_cfb64(), +EVP_bf_ecb(), +EVP_bf_ofb() + +Blowfish encryption algorithm in CBC, CFB, ECB and OFB modes respectively. + +=back + +=head1 RETURN VALUES + +These functions return an B structure that contains the +implementation of the symmetric cipher. See L for +details of the B structure. + +=head1 SEE ALSO + +L, +L, +L + +=head1 COPYRIGHT + +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/EVP_blake2b512.pod b/deps/openssl/openssl/doc/man3/EVP_blake2b512.pod new file mode 100644 index 00000000000000..54ea089d57e15c --- /dev/null +++ b/deps/openssl/openssl/doc/man3/EVP_blake2b512.pod @@ -0,0 +1,64 @@ +=pod + +=head1 NAME + +EVP_blake2b512, +EVP_blake2s256 +- BLAKE2 For EVP + +=head1 SYNOPSIS + + #include + + const EVP_MD *EVP_blake2b512(void); + const EVP_MD *EVP_blake2s256(void); + +=head1 DESCRIPTION + +BLAKE2 is an improved version of BLAKE, which was submitted to the NIST SHA-3 +algorithm competition. The BLAKE2s and BLAKE2b algorithms are described in +RFC 7693. + +=over 4 + +=item EVP_blake2s256() + +The BLAKE2s algorithm that produces a 256-bit output from a given input. + +=item EVP_blake2b512() + +The BLAKE2b algorithm that produces a 512-bit output from a given input. + +=back + +=head1 RETURN VALUES + +These functions return a B structure that contains the +implementation of the symmetric cipher. See L for +details of the B structure. + +=head1 CONFORMING TO + +RFC 7693. + +=head1 NOTES + +While the BLAKE2b and BLAKE2s algorithms supports a variable length digest, +this implementation outputs a digest of a fixed length (the maximum length +supported), which is 512-bits for BLAKE2b and 256-bits for BLAKE2s. + +=head1 SEE ALSO + +L, +L + +=head1 COPYRIGHT + +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/EVP_camellia.pod b/deps/openssl/openssl/doc/man3/EVP_camellia.pod new file mode 100644 index 00000000000000..2c7e857e2507d5 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/EVP_camellia.pod @@ -0,0 +1,99 @@ +=pod + +=head1 NAME + +EVP_camellia_128_cbc, +EVP_camellia_192_cbc, +EVP_camellia_256_cbc, +EVP_camellia_128_cfb, +EVP_camellia_192_cfb, +EVP_camellia_256_cfb, +EVP_camellia_128_cfb1, +EVP_camellia_192_cfb1, +EVP_camellia_256_cfb1, +EVP_camellia_128_cfb8, +EVP_camellia_192_cfb8, +EVP_camellia_256_cfb8, +EVP_camellia_128_cfb128, +EVP_camellia_192_cfb128, +EVP_camellia_256_cfb128, +EVP_camellia_128_ctr, +EVP_camellia_192_ctr, +EVP_camellia_256_ctr, +EVP_camellia_128_ecb, +EVP_camellia_192_ecb, +EVP_camellia_256_ecb, +EVP_camellia_128_ofb, +EVP_camellia_192_ofb, +EVP_camellia_256_ofb +- EVP Camellia cipher + +=head1 SYNOPSIS + +=for comment generic + + #include + + const EVP_CIPHER *EVP_ciphername(void) + +I is used a placeholder for any of the described cipher +functions, such as I. + +=head1 DESCRIPTION + +The Camellia encryption algorithm for EVP. + +=over 4 + +=item EVP_camellia_128_cbc(), +EVP_camellia_192_cbc(), +EVP_camellia_256_cbc(), +EVP_camellia_128_cfb(), +EVP_camellia_192_cfb(), +EVP_camellia_256_cfb(), +EVP_camellia_128_cfb1(), +EVP_camellia_192_cfb1(), +EVP_camellia_256_cfb1(), +EVP_camellia_128_cfb8(), +EVP_camellia_192_cfb8(), +EVP_camellia_256_cfb8(), +EVP_camellia_128_cfb128(), +EVP_camellia_192_cfb128(), +EVP_camellia_256_cfb128(), +EVP_camellia_128_ctr(), +EVP_camellia_192_ctr(), +EVP_camellia_256_ctr(), +EVP_camellia_128_ecb(), +EVP_camellia_192_ecb(), +EVP_camellia_256_ecb(), +EVP_camellia_128_ofb(), +EVP_camellia_192_ofb(), +EVP_camellia_256_ofb() + +Camellia for 128, 192 and 256 bit keys in the following modes: CBC, CFB with +128-bit shift, CFB with 1-bit shift, CFB with 8-bit shift, CTR, ECB and OFB. + +=back + +=head1 RETURN VALUES + +These functions return an B structure that contains the +implementation of the symmetric cipher. See L for +details of the B structure. + +=head1 SEE ALSO + +L, +L, +L + +=head1 COPYRIGHT + +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/EVP_cast5_cbc.pod b/deps/openssl/openssl/doc/man3/EVP_cast5_cbc.pod new file mode 100644 index 00000000000000..21ab700d6e873a --- /dev/null +++ b/deps/openssl/openssl/doc/man3/EVP_cast5_cbc.pod @@ -0,0 +1,61 @@ +=pod + +=head1 NAME + +EVP_cast5_cbc, +EVP_cast5_cfb, +EVP_cast5_cfb64, +EVP_cast5_ecb, +EVP_cast5_ofb +- EVP CAST cipher + +=head1 SYNOPSIS + + #include + + const EVP_CIPHER *EVP_cast5_cbc(void) + const EVP_CIPHER *EVP_cast5_cfb(void) + const EVP_CIPHER *EVP_cast5_cfb64(void) + const EVP_CIPHER *EVP_cast5_ecb(void) + const EVP_CIPHER *EVP_cast5_ofb(void) + +=head1 DESCRIPTION + +The CAST encryption algorithm for EVP. + +This is a variable key length cipher. + +=over 4 + +=item EVP_cast5_cbc(), +EVP_cast5_ecb(), +EVP_cast5_cfb(), +EVP_cast5_cfb64(), +EVP_cast5_ofb() + +CAST encryption algorithm in CBC, ECB, CFB and OFB modes respectively. + +=back + +=head1 RETURN VALUES + +These functions return an B structure that contains the +implementation of the symmetric cipher. See L for +details of the B structure. + +=head1 SEE ALSO + +L, +L, +L + +=head1 COPYRIGHT + +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/EVP_chacha20.pod b/deps/openssl/openssl/doc/man3/EVP_chacha20.pod new file mode 100644 index 00000000000000..df4cfa1c694158 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/EVP_chacha20.pod @@ -0,0 +1,56 @@ +=pod + +=head1 NAME + +EVP_chacha20, +EVP_chacha20_poly1305 +- EVP ChaCha20 stream cipher + +=head1 SYNOPSIS + + #include + + const EVP_CIPHER *EVP_chacha20(void) + const EVP_CIPHER *EVP_chacha20_poly1305(void) + +=head1 DESCRIPTION + +The ChaCha20 stream cipher for EVP. + +=over 4 + +=item EVP_chacha20() + +The ChaCha20 stream cipher. The key length is 256 bits, the IV is 96 bits long. + +=item EVP_chacha20_poly1305() + +Authenticated encryption with ChaCha20-Poly1305. Like EVP_chacha20(), the key +is 256 bits and the IV is 96 bits. This supports additional authenticated data +(AAD) and produces a 128-bit authentication tag. See the +L section for more information. + +=back + +=head1 RETURN VALUES + +These functions return an B structure that contains the +implementation of the symmetric cipher. See L for +details of the B structure. + +=head1 SEE ALSO + +L, +L, +L + +=head1 COPYRIGHT + +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/EVP_des.pod b/deps/openssl/openssl/doc/man3/EVP_des.pod new file mode 100644 index 00000000000000..ad0fc642c804ca --- /dev/null +++ b/deps/openssl/openssl/doc/man3/EVP_des.pod @@ -0,0 +1,105 @@ +=pod + +=head1 NAME + +EVP_des_cbc, +EVP_des_cfb, +EVP_des_cfb1, +EVP_des_cfb8, +EVP_des_cfb64, +EVP_des_ecb, +EVP_des_ofb, +EVP_des_ede, +EVP_des_ede_cbc, +EVP_des_ede_cfb, +EVP_des_ede_cfb64, +EVP_des_ede_ecb, +EVP_des_ede_ofb, +EVP_des_ede3, +EVP_des_ede3_cbc, +EVP_des_ede3_cfb, +EVP_des_ede3_cfb1, +EVP_des_ede3_cfb8, +EVP_des_ede3_cfb64, +EVP_des_ede3_ecb, +EVP_des_ede3_ofb, +EVP_des_ede3_wrap +- EVP DES cipher + +=head1 SYNOPSIS + +=for comment generic + + #include + + const EVP_CIPHER *EVP_ciphername(void) + +I is used a placeholder for any of the described cipher +functions, such as I. + +=head1 DESCRIPTION + +The DES encryption algorithm for EVP. + +=over 4 + +=item EVP_des_cbc(), +EVP_des_ecb(), +EVP_des_cfb(), +EVP_des_cfb1(), +EVP_des_cfb8(), +EVP_des_cfb64(), +EVP_des_ofb() + +DES in CBC, ECB, CFB with 64-bit shift, CFB with 1-bit shift, CFB with 8-bit +shift and OFB modes. + +=item EVP_des_ede(), +EVP_des_ede_cbc(), +EVP_des_ede_cfb(), +EVP_des_ede_cfb64(), +EVP_des_ede_ecb(), +EVP_des_ede_ofb() + +Two key triple DES in ECB, CBC, CFB with 64-bit shift and OFB modes. + +=item EVP_des_ede3(), +EVP_des_ede3_cbc(), +EVP_des_ede3_cfb(), +EVP_des_ede3_cfb1(), +EVP_des_ede3_cfb8(), +EVP_des_ede3_cfb64(), +EVP_des_ede3_ecb(), +EVP_des_ede3_ofb() + +Three-key triple DES in ECB, CBC, CFB with 64-bit shift, CFB with 1-bit shift, +CFB with 8-bit shift and OFB modes. + +=item EVP_des_ede3_wrap() + +Triple-DES key wrap according to RFC 3217 Section 3. + +=back + +=head1 RETURN VALUES + +These functions return an B structure that contains the +implementation of the symmetric cipher. See L for +details of the B structure. + +=head1 SEE ALSO + +L, +L, +L + +=head1 COPYRIGHT + +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/EVP_desx_cbc.pod b/deps/openssl/openssl/doc/man3/EVP_desx_cbc.pod new file mode 100644 index 00000000000000..25a35acff5ec26 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/EVP_desx_cbc.pod @@ -0,0 +1,49 @@ +=pod + +=head1 NAME + +EVP_desx_cbc +- EVP DES-X cipher + +=head1 SYNOPSIS + + #include + + const EVP_CIPHER *EVP_desx_cbc(void) + +=head1 DESCRIPTION + +The DES-X encryption algorithm for EVP. + +All modes below use a key length of 128 bits and acts on blocks of 128-bits. + +=over 4 + +=item EVP_desx_cbc() + +The DES-X algorithm in CBC mode. + +=back + +=head1 RETURN VALUES + +These functions return an B structure that contains the +implementation of the symmetric cipher. See L for +details of the B structure. + +=head1 SEE ALSO + +L, +L, +L + +=head1 COPYRIGHT + +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/EVP_idea_cbc.pod b/deps/openssl/openssl/doc/man3/EVP_idea_cbc.pod new file mode 100644 index 00000000000000..69f53be85fa030 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/EVP_idea_cbc.pod @@ -0,0 +1,59 @@ +=pod + +=head1 NAME + +EVP_idea_cbc, +EVP_idea_cfb, +EVP_idea_cfb64, +EVP_idea_ecb, +EVP_idea_ofb +- EVP IDEA cipher + +=head1 SYNOPSIS + + #include + + const EVP_CIPHER *EVP_idea_cbc(void) + const EVP_CIPHER *EVP_idea_cfb(void) + const EVP_CIPHER *EVP_idea_cfb64(void) + const EVP_CIPHER *EVP_idea_ecb(void) + const EVP_CIPHER *EVP_idea_ofb(void) + +=head1 DESCRIPTION + +The IDEA encryption algorithm for EVP. + +=over 4 + +=item EVP_idea_cbc(), +EVP_idea_cfb(), +EVP_idea_cfb64(), +EVP_idea_ecb(), +EVP_idea_ofb() + +The IDEA encryption algorithm in CBC, CFB, ECB and OFB modes respectively. + +=back + +=head1 RETURN VALUES + +These functions return an B structure that contains the +implementation of the symmetric cipher. See L for +details of the B structure. + +=head1 SEE ALSO + +L, +L, +L + +=head1 COPYRIGHT + +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/EVP_md2.pod b/deps/openssl/openssl/doc/man3/EVP_md2.pod new file mode 100644 index 00000000000000..0db158936a5991 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/EVP_md2.pod @@ -0,0 +1,52 @@ +=pod + +=head1 NAME + +EVP_md2 +- MD2 For EVP + +=head1 SYNOPSIS + + #include + + const EVP_MD *EVP_md2(void); + +=head1 DESCRIPTION + +MD2 is a cryptographic hash function standardized in RFC 1319 and designed by +Ronald Rivest. + +=over 4 + +=item EVP_md2() + +The MD2 algorithm which produces a 128-bit output from a given input. + +=back + + +=head1 RETURN VALUES + +These functions return a B structure that contains the +implementation of the symmetric cipher. See L for +details of the B structure. + +=head1 CONFORMING TO + +IETF RFC 1319. + +=head1 SEE ALSO + +L, +L + +=head1 COPYRIGHT + +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/EVP_md4.pod b/deps/openssl/openssl/doc/man3/EVP_md4.pod new file mode 100644 index 00000000000000..2b6cd8c092b116 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/EVP_md4.pod @@ -0,0 +1,52 @@ +=pod + +=head1 NAME + +EVP_md4 +- MD4 For EVP + +=head1 SYNOPSIS + + #include + + const EVP_MD *EVP_md4(void); + +=head1 DESCRIPTION + +MD4 is a cryptographic hash function standardized in RFC 1320 and designed by +Ronald Rivest, first published in 1990. + +=over 4 + +=item EVP_md4() + +The MD4 algorithm which produces a 128-bit output from a given input. + +=back + + +=head1 RETURN VALUES + +These functions return a B structure that contains the +implementation of the symmetric cipher. See L for +details of the B structure. + +=head1 CONFORMING TO + +IETF RFC 1320. + +=head1 SEE ALSO + +L, +L + +=head1 COPYRIGHT + +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/EVP_md5.pod b/deps/openssl/openssl/doc/man3/EVP_md5.pod new file mode 100644 index 00000000000000..41a909e8b58376 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/EVP_md5.pod @@ -0,0 +1,64 @@ +=pod + +=head1 NAME + +EVP_md5, +EVP_md5_sha1 +- MD5 For EVP + +=head1 SYNOPSIS + + #include + + const EVP_MD *EVP_md5(void); + const EVP_MD *EVP_md5_sha1(void); + +=head1 DESCRIPTION + +MD5 is a cryptographic hash function standardized in RFC 1321 and designed by +Ronald Rivest. + +The CMU Software Engineering Institute considers MD5 unsuitable for further +use since its security has been severely compromised. + +=over 4 + +=item EVP_md5() + +The MD5 algorithm which produces a 128-bit output from a given input. + +=item EVP_md5_sha1() + +A hash algorithm of SSL v3 that combines MD5 with SHA-1 as decirbed in RFC +6101. + +WARNING: this algorithm is not intended for non-SSL usage. + +=back + + +=head1 RETURN VALUES + +These functions return a B structure that contains the +implementation of the symmetric cipher. See L for +details of the B structure. + +=head1 CONFORMING TO + +IETF RFC 1321. + +=head1 SEE ALSO + +L, +L + +=head1 COPYRIGHT + +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/EVP_mdc2.pod b/deps/openssl/openssl/doc/man3/EVP_mdc2.pod new file mode 100644 index 00000000000000..a0b339814446a1 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/EVP_mdc2.pod @@ -0,0 +1,52 @@ +=pod + +=head1 NAME + +EVP_mdc2 +- MDC-2 For EVP + +=head1 SYNOPSIS + + #include + + const EVP_MD *EVP_mdc2(void); + +=head1 DESCRIPTION + +MDC-2 (Modification Detection Code 2 or Meyer-Schilling) is a cryptographic +hash function based on a block cipher. + +=over 4 + +=item EVP_mdc2() + +The MDC-2DES algorithm of using MDC-2 with the DES block cipher. It produces a +128-bit output from a given input. + +=back + +=head1 RETURN VALUES + +These functions return a B structure that contains the +implementation of the symmetric cipher. See L for +details of the B structure. + +=head1 CONFORMING TO + +ISO/IEC 10118-2:2000 Hash-Function 2, with DES as the underlying block cipher. + +=head1 SEE ALSO + +L, +L + +=head1 COPYRIGHT + +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/EVP_rc2_cbc.pod b/deps/openssl/openssl/doc/man3/EVP_rc2_cbc.pod new file mode 100644 index 00000000000000..8b735a3e8ba899 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/EVP_rc2_cbc.pod @@ -0,0 +1,75 @@ +=pod + +=head1 NAME + +EVP_rc2_cbc, +EVP_rc2_cfb, +EVP_rc2_cfb64, +EVP_rc2_ecb, +EVP_rc2_ofb, +EVP_rc2_40_cbc, +EVP_rc2_64_cbc +- EVP RC2 cipher + +=head1 SYNOPSIS + + #include + + const EVP_CIPHER *EVP_rc2_cbc(void) + const EVP_CIPHER *EVP_rc2_cfb(void) + const EVP_CIPHER *EVP_rc2_cfb64(void) + const EVP_CIPHER *EVP_rc2_ecb(void) + const EVP_CIPHER *EVP_rc2_ofb(void) + const EVP_CIPHER *EVP_rc2_40_cbc(void) + const EVP_CIPHER *EVP_rc2_64_cbc(void) + +=head1 DESCRIPTION + +The RC2 encryption algorithm for EVP. + +=over 4 + +=item EVP_rc2_cbc(), +EVP_rc2_cfb(), +EVP_rc2_cfb64(), +EVP_rc2_ecb(), +EVP_rc2_ofb() + +RC2 encryption algorithm in CBC, CFB, ECB and OFB modes respectively. This is a +variable key length cipher with an additional parameter called "effective key +bits" or "effective key length". By default both are set to 128 bits. + +=item EVP_rc2_40_cbc(), +EVP_rc2_64_cbc() + +RC2 algorithm in CBC mode with a default key length and effective key length of +40 and 64 bits. + +WARNING: these functions are obsolete. Their usage should be replaced with the +EVP_rc2_cbc(), EVP_CIPHER_CTX_set_key_length() and EVP_CIPHER_CTX_ctrl() +functions to set the key length and effective key length. + +=back + +=head1 RETURN VALUES + +These functions return an B structure that contains the +implementation of the symmetric cipher. See L for +details of the B structure. + +=head1 SEE ALSO + +L, +L, +L + +=head1 COPYRIGHT + +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/EVP_rc4.pod b/deps/openssl/openssl/doc/man3/EVP_rc4.pod new file mode 100644 index 00000000000000..e2a6b7b3172f9a --- /dev/null +++ b/deps/openssl/openssl/doc/man3/EVP_rc4.pod @@ -0,0 +1,67 @@ +=pod + +=head1 NAME + +EVP_rc4, +EVP_rc4_40, +EVP_rc4_hmac_md5 +- EVP RC4 stream cipher + +=head1 SYNOPSIS + + #include + + const EVP_CIPHER *EVP_rc4(void) + const EVP_CIPHER *EVP_rc4_40(void) + const EVP_CIPHER *EVP_rc4_hmac_md5(void) + +=head1 DESCRIPTION + +The RC4 stream cipher for EVP. + +=over 4 + +=item EVP_rc4() + +RC4 stream cipher. This is a variable key length cipher with a default key +length of 128 bits. + +=item EVP_rc4_40() + +RC4 stream cipher with 40 bit key length. + +WARNING: this function is obsolete. Its usage should be replaced with the +EVP_rc4() and the EVP_CIPHER_CTX_set_key_length() functions. + +=item EVP_rc4_hmac_md5() + +Authenticated encryption with the RC4 stream cipher with MD5 as HMAC. + +WARNING: this is not intended for usage outside of TLS and requires calling of +some undocumented ctrl functions. These ciphers do not conform to the EVP AEAD +interface. + +=back + +=head1 RETURN VALUES + +These functions return an B structure that contains the +implementation of the symmetric cipher. See L for +details of the B structure. + +=head1 SEE ALSO + +L, +L, +L + +=head1 COPYRIGHT + +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/EVP_rc5_32_12_16_cbc.pod b/deps/openssl/openssl/doc/man3/EVP_rc5_32_12_16_cbc.pod new file mode 100644 index 00000000000000..264b78b378d30c --- /dev/null +++ b/deps/openssl/openssl/doc/man3/EVP_rc5_32_12_16_cbc.pod @@ -0,0 +1,66 @@ +=pod + +=head1 NAME + +EVP_rc5_32_12_16_cbc, +EVP_rc5_32_12_16_cfb, +EVP_rc5_32_12_16_cfb64, +EVP_rc5_32_12_16_ecb, +EVP_rc5_32_12_16_ofb +- EVP RC5 cipher + +=head1 SYNOPSIS + + #include + + const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void) + const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void) + const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void) + const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void) + const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void) + +=head1 DESCRIPTION + +The RC5 encryption algorithm for EVP. + +=over 4 + +=item EVP_rc5_32_12_16_cbc(), +EVP_rc5_32_12_16_cfb(), +EVP_rc5_32_12_16_cfb64(), +EVP_rc5_32_12_16_ecb(), +EVP_rc5_32_12_16_ofb() + +RC5 encryption algorithm in CBC, CFB, ECB and OFB modes respectively. This is a +variable key length cipher with an additional "number of rounds" parameter. By +default the key length is set to 128 bits and 12 rounds. + +=back + +=head1 RETURN VALUES + +These functions return an B structure that contains the +implementation of the symmetric cipher. See L for +details of the B structure. + +=head1 BUGS + +Currently the number of rounds in RC5 can only be set to 8, 12 or 16. +This is a limitation of the current RC5 code rather than the EVP interface. + +=head1 SEE ALSO + +L, +L, +L + +=head1 COPYRIGHT + +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/EVP_ripemd160.pod b/deps/openssl/openssl/doc/man3/EVP_ripemd160.pod new file mode 100644 index 00000000000000..39437148da52e8 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/EVP_ripemd160.pod @@ -0,0 +1,51 @@ +=pod + +=head1 NAME + +EVP_ripemd160 +- RIPEMD160 For EVP + +=head1 SYNOPSIS + + #include + + const EVP_MD *EVP_ripemd160(void); + +=head1 DESCRIPTION + +RIPEMD-160 is a cryptographic hash function first published in 1996 belonging +to the RIPEMD family (RACE Integrity Primitives Evaluation Message Digest). + +=over 4 + +=item EVP_ripemd160() + +The RIPEMD-160 algorithm which produces a 160-bit output from a given input. + +=back + +=head1 RETURN VALUES + +These functions return a B structure that contains the +implementation of the symmetric cipher. See L for +details of the B structure. + +=head1 CONFORMING TO + +ISO/IEC 10118-3:2016 Dedicated Hash-Function 1 (RIPEMD-160). + +=head1 SEE ALSO + +L, +L + +=head1 COPYRIGHT + +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/EVP_seed_cbc.pod b/deps/openssl/openssl/doc/man3/EVP_seed_cbc.pod new file mode 100644 index 00000000000000..6817683617944f --- /dev/null +++ b/deps/openssl/openssl/doc/man3/EVP_seed_cbc.pod @@ -0,0 +1,61 @@ +=pod + +=head1 NAME + +EVP_seed_cbc, +EVP_seed_cfb, +EVP_seed_cfb128, +EVP_seed_ecb, +EVP_seed_ofb +- EVP SEED cipher + +=head1 SYNOPSIS + + #include + + const EVP_CIPHER *EVP_seed_cbc(void) + const EVP_CIPHER *EVP_seed_cfb(void) + const EVP_CIPHER *EVP_seed_cfb128(void) + const EVP_CIPHER *EVP_seed_ecb(void) + const EVP_CIPHER *EVP_seed_ofb(void) + +=head1 DESCRIPTION + +The SEED encryption algorithm for EVP. + +All modes below use a key length of 128 bits and acts on blocks of 128-bits. + +=over 4 + +=item EVP_seed_cbc(), +EVP_seed_cfb(), +EVP_seed_cfb128(), +EVP_seed_ecb(), +EVP_seed_ofb() + +The SEED encryption algorithm in CBC, CFB, ECB and OFB modes respectively. + +=back + +=head1 RETURN VALUES + +These functions return an B structure that contains the +implementation of the symmetric cipher. See L for +details of the B structure. + +=head1 SEE ALSO + +L, +L, +L + +=head1 COPYRIGHT + +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/EVP_sha1.pod b/deps/openssl/openssl/doc/man3/EVP_sha1.pod new file mode 100644 index 00000000000000..8c0a2a0cd8773d --- /dev/null +++ b/deps/openssl/openssl/doc/man3/EVP_sha1.pod @@ -0,0 +1,53 @@ +=pod + +=head1 NAME + +EVP_sha1 +- SHA-1 For EVP + +=head1 SYNOPSIS + + #include + + const EVP_MD *EVP_sha1(void); + +=head1 DESCRIPTION + +SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash function standardized +in NIST FIPS 180-4. The algorithm was designed by the United States National +Security Agency and initially published in 1995. + +=over 4 + +=item EVP_sha1() + +The SHA-1 algorithm which produces a 160-bit output from a given input. + +=back + + +=head1 RETURN VALUES + +These functions return a B structure that contains the +implementation of the symmetric cipher. See L for +details of the B structure. + +=head1 CONFORMING TO + +NIST FIPS 180-4. + +=head1 SEE ALSO + +L, +L + +=head1 COPYRIGHT + +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/EVP_sha224.pod b/deps/openssl/openssl/doc/man3/EVP_sha224.pod new file mode 100644 index 00000000000000..d8829e90806cb6 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/EVP_sha224.pod @@ -0,0 +1,73 @@ +=pod + +=head1 NAME + +EVP_sha224, +EVP_sha256, +EVP_sha512_224, +EVP_sha512_256, +EVP_sha384, +EVP_sha512 +- SHA-2 For EVP + +=head1 SYNOPSIS + + #include + + const EVP_MD *EVP_sha224(void); + const EVP_MD *EVP_sha256(void); + const EVP_MD *EVP_sha512_224(void); + const EVP_MD *EVP_sha512_256(void); + const EVP_MD *EVP_sha384(void); + const EVP_MD *EVP_sha512(void); + +=head1 DESCRIPTION + +SHA-2 (Secure Hash Algorithm 2) is a family of cryptographic hash functions +standardized in NIST FIPS 180-4, first published in 2001. + +=over 4 + +=item EVP_sha224(), +EVP_sha256(), +EVP_sha512_224, +EVP_sha512_256, +EVP_sha384(), +EVP_sha512() + +The SHA-2 SHA-224, SHA-256, SHA-512/224, SHA512/256, SHA-384 and SHA-512 +algorithms, which generate 224, 256, 224, 256, 384 and 512 bits +respectively of output from a given input. + +The two algorithms: SHA-512/224 and SHA512/256 are truncated forms of the +SHA-512 algorithm. They are distinct from SHA-224 and SHA-256 even though +their outputs are of the same size. + +=back + + +=head1 RETURN VALUES + +These functions return a B structure that contains the +implementation of the symmetric cipher. See L for +details of the B structure. + +=head1 CONFORMING TO + +NIST FIPS 180-4. + +=head1 SEE ALSO + +L, +L + +=head1 COPYRIGHT + +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/EVP_sha3_224.pod b/deps/openssl/openssl/doc/man3/EVP_sha3_224.pod new file mode 100644 index 00000000000000..85745fb2f5a634 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/EVP_sha3_224.pod @@ -0,0 +1,78 @@ +=pod + +=head1 NAME + +EVP_sha3_224, +EVP_sha3_256, +EVP_sha3_384, +EVP_sha3_512, +EVP_shake128, +EVP_shake256 +- SHA-3 For EVP + +=head1 SYNOPSIS + + #include + + const EVP_MD *EVP_sha3_224(void); + const EVP_MD *EVP_sha3_256(void); + const EVP_MD *EVP_sha3_384(void); + const EVP_MD *EVP_sha3_512(void); + + const EVP_MD *EVP_shake128(void); + const EVP_MD *EVP_shake256(void); + +=head1 DESCRIPTION + +SHA-3 (Secure Hash Algorithm 3) is a family of cryptographic hash functions +standardized in NIST FIPS 202, first published in 2015. It is based on the +Keccak algorithm. + +=over 4 + +=item EVP_sha3_224(), +EVP_sha3_256(), +EVP_sha3_384(), +EVP_sha3_512() + +The SHA-3 SHA-3-224, SHA-3-256, SHA-3-384, and SHA-3-512 algorithms +respectively. They produce 224, 256, 384 and 512 bits of output from a given +input. + +=item EVP_shake128(), +EVP_shake256() + +The SHAKE-128 and SHAKE-256 Extendable Output Functions (XOF) that can generate +a variable hash length. + +Specifically, B provides an overall security of 128 bits, while +B provides that of 256 bits. + +=back + + +=head1 RETURN VALUES + +These functions return a B structure that contains the +implementation of the symmetric cipher. See L for +details of the B structure. + +=head1 CONFORMING TO + +NIST FIPS 202. + +=head1 SEE ALSO + +L, +L + +=head1 COPYRIGHT + +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/EVP_sm3.pod b/deps/openssl/openssl/doc/man3/EVP_sm3.pod new file mode 100644 index 00000000000000..f8f06615f345e8 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/EVP_sm3.pod @@ -0,0 +1,53 @@ +=pod + +=head1 NAME + +EVP_sm3 +- SM3 for EVP + +=head1 SYNOPSIS + + #include + + const EVP_MD *EVP_sm3(void); + +=head1 DESCRIPTION + +SM3 is a cryptographic hash function with a 256-bit output, defined in GB/T +32905-2016. + +=over 4 + +=item EVP_sm3() + +The SM3 hash function. + +=back + + +=head1 RETURN VALUES + +These functions return a B structure that contains the +implementation of the symmetric cipher. See L for +details of the B structure. + +=head1 CONFORMING TO + +GB/T 32905-2016 and GM/T 0004-2012. + +=head1 SEE ALSO + +L, +L + +=head1 COPYRIGHT + +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017 Ribose Inc. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/EVP_sm4_cbc.pod b/deps/openssl/openssl/doc/man3/EVP_sm4_cbc.pod new file mode 100644 index 00000000000000..d9d8c9c76394d0 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/EVP_sm4_cbc.pod @@ -0,0 +1,66 @@ +=pod + +=head1 NAME + +EVP_sm4_cbc, +EVP_sm4_ecb, +EVP_sm4_cfb, +EVP_sm4_cfb128, +EVP_sm4_ofb, +EVP_sm4_ctr +- EVP SM4 cipher + +=head1 SYNOPSIS + + #include + + const EVP_CIPHER *EVP_sm4_cbc(void); + const EVP_CIPHER *EVP_sm4_ecb(void); + const EVP_CIPHER *EVP_sm4_cfb(void); + const EVP_CIPHER *EVP_sm4_cfb128(void); + const EVP_CIPHER *EVP_sm4_ofb(void); + const EVP_CIPHER *EVP_sm4_ctr(void); + +=head1 DESCRIPTION + +The SM4 blockcipher (GB/T 32907-2016) for EVP. + +All modes below use a key length of 128 bits and acts on blocks of 128 bits. + +=over 4 + +=item EVP_sm4_cbc(), +EVP_sm4_ecb(), +EVP_sm4_cfb(), +EVP_sm4_cfb128(), +EVP_sm4_ofb(), +EVP_sm4_ctr() + +The SM4 blockcipher with a 128-bit key in CBC, ECB, CFB, OFB and CTR modes +respectively. + +=back + +=head1 RETURN VALUES + +These functions return a B structure that contains the +implementation of the symmetric cipher. See L for +details of the B structure. + +=head1 SEE ALSO + +L, +L, +L + +=head1 COPYRIGHT + +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017 Ribose Inc. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/EVP_whirlpool.pod b/deps/openssl/openssl/doc/man3/EVP_whirlpool.pod new file mode 100644 index 00000000000000..ec3668ac03c440 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/EVP_whirlpool.pod @@ -0,0 +1,53 @@ +=pod + +=head1 NAME + +EVP_whirlpool +- WHIRLPOOL For EVP + +=head1 SYNOPSIS + + #include + + const EVP_MD *EVP_whirlpool(void); + +=head1 DESCRIPTION + +WHIRLPOOL is a cryptographic hash function standardized in ISO/IEC 10118-3:2004 +designed by Vincent Rijmen and Paulo S. L. M. Barreto. + +=over 4 + +=item EVP_whirlpool() + +The WHIRLPOOL algorithm that produces a message digest of 512-bits from a given +input. + +=back + + +=head1 RETURN VALUES + +These functions return a B structure that contains the +implementation of the symmetric cipher. See L for +details of the B structure. + +=head1 CONFORMING TO + +ISO/IEC 10118-3:2004. + +=head1 SEE ALSO + +L, +L + +=head1 COPYRIGHT + +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/crypto/HMAC.pod b/deps/openssl/openssl/doc/man3/HMAC.pod similarity index 81% rename from deps/openssl/openssl/doc/crypto/HMAC.pod rename to deps/openssl/openssl/doc/man3/HMAC.pod index 219c9ba2082590..0e8439b32c0d66 100644 --- a/deps/openssl/openssl/doc/crypto/HMAC.pod +++ b/deps/openssl/openssl/doc/man3/HMAC.pod @@ -12,7 +12,8 @@ HMAC_Update, HMAC_Final, HMAC_CTX_copy, HMAC_CTX_set_flags, -HMAC_CTX_get_md +HMAC_CTX_get_md, +HMAC_size - HMAC message authentication code =head1 SYNOPSIS @@ -20,14 +21,14 @@ HMAC_CTX_get_md #include unsigned char *HMAC(const EVP_MD *evp_md, const void *key, - int key_len, const unsigned char *d, int n, - unsigned char *md, unsigned int *md_len); + int key_len, const unsigned char *d, int n, + unsigned char *md, unsigned int *md_len); HMAC_CTX *HMAC_CTX_new(void); int HMAC_CTX_reset(HMAC_CTX *ctx); int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len, - const EVP_MD *md, ENGINE *impl); + const EVP_MD *md, ENGINE *impl); int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len); int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); @@ -37,6 +38,8 @@ HMAC_CTX_get_md void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags); const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx); + size_t HMAC_size(const HMAC_CTX *e); + Deprecated: #if OPENSSL_API_COMPAT < 0x10100000L @@ -75,23 +78,21 @@ itself. The following functions may be used if the message is not completely stored in memory: -HMAC_Init() initializes a B structure to use the hash -function B and the key B which is B bytes -long. It is deprecated and only included for backward compatibility -with OpenSSL 0.9.6b. - HMAC_Init_ex() initializes or reuses a B structure to use the hash -function B and key B. If both are NULL (or B is the same -as the previous digest used by B and B is NULL) the existing key is +function B and key B. If both are NULL, or if B is NULL +and B is the same as the previous call, then the +existing key is reused. B must have been created with HMAC_CTX_new() before the first use -of an B in this function. B. +of an B in this function. -B If HMAC_Init_ex() is called with B NULL and B is not the +If HMAC_Init_ex() is called with B NULL and B is not the same as the previous digest used by B then an error is returned because reuse of an existing key with a different digest is not supported. +HMAC_Init() initializes a B structure to use the hash +function B and the key B which is B bytes +long. + HMAC_Update() can be called repeatedly with chunks of the message to be authenticated (B bytes at B). @@ -106,6 +107,8 @@ These flags have the same meaning as for L. HMAC_CTX_get_md() returns the EVP_MD that has previously been set for the supplied HMAC_CTX. +HMAC_size() returns the length in bytes of the underlying hash function output. + =head1 RETURN VALUES HMAC() returns a pointer to the message authentication code or NULL if @@ -120,25 +123,27 @@ HMAC_CTX_copy() return 1 for success or 0 if an error occurred. HMAC_CTX_get_md() return the EVP_MD previously set for the supplied HMAC_CTX or NULL if no EVP_MD has been set. +HMAC_size() returns the length in bytes of the underlying hash function output +or zero on error. + =head1 CONFORMING TO RFC 2104 =head1 SEE ALSO -L, L +L, L =head1 HISTORY -HMAC_CTX_init() was replaced with HMAC_CTX_reset() in OpenSSL versions 1.1.0. +HMAC_CTX_init() was replaced with HMAC_CTX_reset() in OpenSSL 1.1.0. -HMAC_CTX_cleanup() existed in OpenSSL versions before 1.1.0. +HMAC_CTX_cleanup() existed in OpenSSL before version 1.1.0. -HMAC_CTX_new(), HMAC_CTX_free() and HMAC_CTX_get_md() are new in OpenSSL version -1.1.0. +HMAC_CTX_new(), HMAC_CTX_free() and HMAC_CTX_get_md() are new in OpenSSL 1.1.0. HMAC_Init_ex(), HMAC_Update() and HMAC_Final() did not return values in -versions of OpenSSL before 1.0.0. +OpenSSL before version 1.0.0. =head1 COPYRIGHT diff --git a/deps/openssl/openssl/doc/crypto/MD5.pod b/deps/openssl/openssl/doc/man3/MD5.pod similarity index 80% rename from deps/openssl/openssl/doc/crypto/MD5.pod rename to deps/openssl/openssl/doc/man3/MD5.pod index 78da750796eb58..83547f2ce50c6f 100644 --- a/deps/openssl/openssl/doc/crypto/MD5.pod +++ b/deps/openssl/openssl/doc/man3/MD5.pod @@ -9,34 +9,28 @@ MD4_Final, MD5_Init, MD5_Update, MD5_Final - MD2, MD4, and MD5 hash functions #include - unsigned char *MD2(const unsigned char *d, unsigned long n, - unsigned char *md); + unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md); int MD2_Init(MD2_CTX *c); - int MD2_Update(MD2_CTX *c, const unsigned char *data, - unsigned long len); + int MD2_Update(MD2_CTX *c, const unsigned char *data, unsigned long len); int MD2_Final(unsigned char *md, MD2_CTX *c); #include - unsigned char *MD4(const unsigned char *d, unsigned long n, - unsigned char *md); + unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md); int MD4_Init(MD4_CTX *c); - int MD4_Update(MD4_CTX *c, const void *data, - unsigned long len); + int MD4_Update(MD4_CTX *c, const void *data, unsigned long len); int MD4_Final(unsigned char *md, MD4_CTX *c); #include - unsigned char *MD5(const unsigned char *d, unsigned long n, - unsigned char *md); + unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md); int MD5_Init(MD5_CTX *c); - int MD5_Update(MD5_CTX *c, const void *data, - unsigned long len); + int MD5_Update(MD5_CTX *c, const void *data, unsigned long len); int MD5_Final(unsigned char *md, MD5_CTX *c); =head1 DESCRIPTION diff --git a/deps/openssl/openssl/doc/crypto/MDC2_Init.pod b/deps/openssl/openssl/doc/man3/MDC2_Init.pod similarity index 88% rename from deps/openssl/openssl/doc/crypto/MDC2_Init.pod rename to deps/openssl/openssl/doc/man3/MDC2_Init.pod index f7db71b460d3ee..b384b8c8aea7d9 100644 --- a/deps/openssl/openssl/doc/crypto/MDC2_Init.pod +++ b/deps/openssl/openssl/doc/man3/MDC2_Init.pod @@ -9,11 +9,11 @@ MDC2, MDC2_Init, MDC2_Update, MDC2_Final - MDC2 hash function #include unsigned char *MDC2(const unsigned char *d, unsigned long n, - unsigned char *md); + unsigned char *md); int MDC2_Init(MDC2_CTX *c); int MDC2_Update(MDC2_CTX *c, const unsigned char *data, - unsigned long len); + unsigned long len); int MDC2_Final(unsigned char *md, MDC2_CTX *c); =head1 DESCRIPTION @@ -50,7 +50,7 @@ MDC2_Init(), MDC2_Update() and MDC2_Final() return 1 for success, 0 otherwise. =head1 CONFORMING TO -ISO/IEC 10118-2, with DES +ISO/IEC 10118-2:2000 Hash-Function 2, with DES as the underlying block cipher. =head1 SEE ALSO @@ -58,7 +58,7 @@ L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/OBJ_nid2obj.pod b/deps/openssl/openssl/doc/man3/OBJ_nid2obj.pod similarity index 90% rename from deps/openssl/openssl/doc/crypto/OBJ_nid2obj.pod rename to deps/openssl/openssl/doc/man3/OBJ_nid2obj.pod index c84adb2e4634e2..cbf889f2c7114c 100644 --- a/deps/openssl/openssl/doc/crypto/OBJ_nid2obj.pod +++ b/deps/openssl/openssl/doc/man3/OBJ_nid2obj.pod @@ -84,18 +84,15 @@ OBJ_dup() returns a copy of B. OBJ_create() adds a new object to the internal table. B is the numerical form of the object, B the short name and B the -long name. A new NID is returned for the created object. +long name. A new NID is returned for the created object in case of +success and NID_undef in case of failure. OBJ_length() returns the size of the content octets of B. OBJ_get0_data() returns a pointer to the content octets of B. The returned pointer is an internal pointer which B be freed. -In OpenSSL versions prior to 1.1.0 OBJ_cleanup() cleaned up OpenSSLs internal -object table and was called before an application exits if any new objects were -added using OBJ_create(). This function is deprecated in version 1.1.0 and now -does nothing if called. No explicit de-initialisation is now required. See -L for further information. +OBJ_cleanup() releases any resources allocated by creating new objects. =head1 NOTES @@ -137,22 +134,17 @@ The latter cannot be constant because it needs to be freed after use. Create an object for B: - ASN1_OBJECT *o; - o = OBJ_nid2obj(NID_commonName); + ASN1_OBJECT *o = OBJ_nid2obj(NID_commonName); Check if an object is B if (OBJ_obj2nid(obj) == NID_commonName) - /* Do something */ + /* Do something */ Create a new NID and initialize an object from it: - int new_nid; - ASN1_OBJECT *obj; - - new_nid = OBJ_create("1.2.3.4", "NewOID", "New Object Identifier"); - - obj = OBJ_nid2obj(new_nid); + int new_nid = OBJ_create("1.2.3.4", "NewOID", "New Object Identifier"); + ASN1_OBJECT *obj = OBJ_nid2obj(new_nid); Create a new object directly: @@ -184,7 +176,8 @@ L =head1 HISTORY -OBJ_cleanup() was deprecated in OpenSSL 1.1.0. +OBJ_cleanup() was deprecated in OpenSSL 1.1.0 by L +and should not be used. =head1 COPYRIGHT diff --git a/deps/openssl/openssl/doc/crypto/OCSP_REQUEST_new.pod b/deps/openssl/openssl/doc/man3/OCSP_REQUEST_new.pod similarity index 97% rename from deps/openssl/openssl/doc/crypto/OCSP_REQUEST_new.pod rename to deps/openssl/openssl/doc/man3/OCSP_REQUEST_new.pod index 97c2337d108cbb..a382b16ed3853e 100644 --- a/deps/openssl/openssl/doc/crypto/OCSP_REQUEST_new.pod +++ b/deps/openssl/openssl/doc/man3/OCSP_REQUEST_new.pod @@ -93,16 +93,16 @@ B: if (OCSP_REQUEST_add0_id(req, cid) == NULL) /* error */ - /* Do something with req, e.g. query responder */ + /* Do something with req, e.g. query responder */ OCSP_REQUEST_free(req); =head1 SEE ALSO -L, +L, L, L, -L, +L, L, L diff --git a/deps/openssl/openssl/doc/crypto/OCSP_cert_to_id.pod b/deps/openssl/openssl/doc/man3/OCSP_cert_to_id.pod similarity index 98% rename from deps/openssl/openssl/doc/crypto/OCSP_cert_to_id.pod rename to deps/openssl/openssl/doc/man3/OCSP_cert_to_id.pod index 0e37937feac71f..f1a4b1512b6463 100644 --- a/deps/openssl/openssl/doc/crypto/OCSP_cert_to_id.pod +++ b/deps/openssl/openssl/doc/man3/OCSP_cert_to_id.pod @@ -70,10 +70,10 @@ B structure is freed. =head1 SEE ALSO -L, +L, L, L, -L, +L, L, L diff --git a/deps/openssl/openssl/doc/crypto/OCSP_request_add1_nonce.pod b/deps/openssl/openssl/doc/man3/OCSP_request_add1_nonce.pod similarity index 98% rename from deps/openssl/openssl/doc/crypto/OCSP_request_add1_nonce.pod rename to deps/openssl/openssl/doc/man3/OCSP_request_add1_nonce.pod index dab42c67be356b..66e4c7b8fb78be 100644 --- a/deps/openssl/openssl/doc/crypto/OCSP_request_add1_nonce.pod +++ b/deps/openssl/openssl/doc/man3/OCSP_request_add1_nonce.pod @@ -65,10 +65,10 @@ condition. =head1 SEE ALSO -L, +L, L, L, -L, +L, L, L diff --git a/deps/openssl/openssl/doc/crypto/OCSP_resp_find_status.pod b/deps/openssl/openssl/doc/man3/OCSP_resp_find_status.pod similarity index 94% rename from deps/openssl/openssl/doc/crypto/OCSP_resp_find_status.pod rename to deps/openssl/openssl/doc/man3/OCSP_resp_find_status.pod index a4e3c1c2f038ae..35f7d35e99764c 100644 --- a/deps/openssl/openssl/doc/crypto/OCSP_resp_find_status.pod +++ b/deps/openssl/openssl/doc/man3/OCSP_resp_find_status.pod @@ -5,6 +5,7 @@ OCSP_resp_get0_certs, OCSP_resp_get0_signer, OCSP_resp_get0_id, +OCSP_resp_get1_id, OCSP_resp_get0_produced_at, OCSP_resp_get0_signature, OCSP_resp_get0_tbs_sigalg, @@ -46,6 +47,9 @@ OCSP_basic_verify int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, const ASN1_OCTET_STRING **pid, const X509_NAME **pname); + int OCSP_resp_get1_id(const OCSP_BASICRESP *bs, + ASN1_OCTET_STRING **pid, + X509_NAME **pname); int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, ASN1_GENERALIZEDTIME *nextupd, @@ -101,7 +105,10 @@ signed the response are known via some out-of-band mechanism. OCSP_resp_get0_id() gets the responder id of B. If the responder ID is a name then <*pname> is set to the name and B<*pid> is set to NULL. If the responder ID is by key ID then B<*pid> is set to the key ID and B<*pname> -is set to NULL. +is set to NULL. OCSP_resp_get1_id() leaves ownership of B<*pid> and B<*pname> +with the caller, who is responsible for freeing them. Both functions return 1 +in case of success and 0 in case of failure. If OCSP_resp_get1_id() returns 0, +no freeing of the results is necessary. OCSP_check_validity() checks the validity of B and B values which will be typically obtained from OCSP_resp_find_status() or @@ -173,7 +180,7 @@ parameters can be set to NULL if their value is not required. =head1 SEE ALSO -L, +L, L, L, L, diff --git a/deps/openssl/openssl/doc/crypto/OCSP_response_status.pod b/deps/openssl/openssl/doc/man3/OCSP_response_status.pod similarity index 71% rename from deps/openssl/openssl/doc/crypto/OCSP_response_status.pod rename to deps/openssl/openssl/doc/man3/OCSP_response_status.pod index 180ab8d30c98c5..82f95b3af1d190 100644 --- a/deps/openssl/openssl/doc/crypto/OCSP_response_status.pod +++ b/deps/openssl/openssl/doc/man3/OCSP_response_status.pod @@ -4,7 +4,8 @@ OCSP_response_status, OCSP_response_get1_basic, OCSP_response_create, OCSP_RESPONSE_free, OCSP_RESPID_set_by_name, -OCSP_RESPID_set_by_key, OCSP_RESPID_match - OCSP response functions +OCSP_RESPID_set_by_key, OCSP_RESPID_match, +OCSP_basic_sign, OCSP_basic_sign_ctx - OCSP response functions =head1 SYNOPSIS @@ -19,6 +20,12 @@ OCSP_RESPID_set_by_key, OCSP_RESPID_match - OCSP response functions int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert); int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert); + int OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key, + const EVP_MD *dgst, STACK_OF(X509) *certs, + unsigned long flags); + int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp, X509 *signer, EVP_MD_CTX *ctx, + STACK_OF(X509) *certs, unsigned long flags); + =head1 DESCRIPTION OCSP_response_status() returns the OCSP response status of B. It returns @@ -49,6 +56,13 @@ setting. OCSP_RESPID_match() tests whether the OCSP_RESPID given in B matches with the X509 certificate B. +OCSP_basic_sign() signs OCSP response B using certificate B, private key +B, digest B and additional certificates B. If the B option +B is set then no certificates will be included in the request. If the +B option B is set then the responder is identified by key ID +rather than by name. OCSP_basic_sign_ctx() also signs OCSP response B but +uses the parameters contained in digest context B. + =head1 RETURN VALUES OCSP_RESPONSE_status() returns a status value. @@ -61,7 +75,8 @@ if an error occurred. OCSP_RESPONSE_free() does not return a value. -OCSP_RESPID_set_by_name() and OCSP_RESPID_set_by_key() return 1 on success or 0 +OCSP_RESPID_set_by_name(), OCSP_RESPID_set_by_key(), OCSP_basic_sign(), and +OCSP_basic_sign_ctx() return 1 on success or 0 on failure. OCSP_RESPID_match() returns 1 if the OCSP_RESPID and the X509 certificate match @@ -74,11 +89,11 @@ B. =head1 SEE ALSO -L +L L L L -L +L L L L @@ -88,9 +103,11 @@ L The OCSP_RESPID_set_by_name(), OCSP_RESPID_set_by_key() and OCSP_RESPID_match() functions were added in OpenSSL 1.1.0a. +The OCSP_basic_sign_ctx() function was added in OpenSSL 1.1.1. + =head1 COPYRIGHT -Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/OCSP_sendreq_new.pod b/deps/openssl/openssl/doc/man3/OCSP_sendreq_new.pod similarity index 98% rename from deps/openssl/openssl/doc/crypto/OCSP_sendreq_new.pod rename to deps/openssl/openssl/doc/man3/OCSP_sendreq_new.pod index c7fdc9b12e6fc4..65ba235c104ea4 100644 --- a/deps/openssl/openssl/doc/crypto/OCSP_sendreq_new.pod +++ b/deps/openssl/openssl/doc/man3/OCSP_sendreq_new.pod @@ -103,11 +103,11 @@ applications is not recommended. =head1 SEE ALSO -L, +L, L, L, L, -L, +L, L =head1 COPYRIGHT diff --git a/deps/openssl/openssl/doc/crypto/OPENSSL_Applink.pod b/deps/openssl/openssl/doc/man3/OPENSSL_Applink.pod similarity index 90% rename from deps/openssl/openssl/doc/crypto/OPENSSL_Applink.pod rename to deps/openssl/openssl/doc/man3/OPENSSL_Applink.pod index d3a461ba39d3e0..85930786c5f7cf 100644 --- a/deps/openssl/openssl/doc/crypto/OPENSSL_Applink.pod +++ b/deps/openssl/openssl/doc/man3/OPENSSL_Applink.pod @@ -19,9 +19,13 @@ compiler of their choice and link it into the target application. The referred module is available as F, located alongside the public header files (only on the platforms where applicable). +=head1 RETURN VALUES + +Not available. + =head1 COPYRIGHT -Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/OPENSSL_LH_COMPFUNC.pod b/deps/openssl/openssl/doc/man3/OPENSSL_LH_COMPFUNC.pod similarity index 89% rename from deps/openssl/openssl/doc/crypto/OPENSSL_LH_COMPFUNC.pod rename to deps/openssl/openssl/doc/man3/OPENSSL_LH_COMPFUNC.pod index e760ae3be7e7f4..a312ef7342f4b1 100644 --- a/deps/openssl/openssl/doc/crypto/OPENSSL_LH_COMPFUNC.pod +++ b/deps/openssl/openssl/doc/man3/OPENSSL_LH_COMPFUNC.pod @@ -2,7 +2,7 @@ =head1 NAME -DECLARE_LHASH_OF, +LHASH, DECLARE_LHASH_OF, OPENSSL_LH_COMPFUNC, OPENSSL_LH_HASHFUNC, OPENSSL_LH_DOALL_FUNC, LHASH_DOALL_ARG_FN_TYPE, IMPLEMENT_LHASH_HASH_FN, IMPLEMENT_LHASH_COMP_FN, @@ -10,24 +10,24 @@ lh_TYPE_new, lh_TYPE_free, lh_TYPE_insert, lh_TYPE_delete, lh_TYPE_retrieve, lh_TYPE_doall, lh_TYPE_doall_arg, lh_TYPE_error - dynamic hash table -=for comment generic - =head1 SYNOPSIS +=for comment generic + #include DECLARE_LHASH_OF(TYPE); - LHASH *lh_TYPE_new(); - void lh_TYPE_free(LHASH_OF(TYPE *table); + LHASH *lh_TYPE_new(OPENSSL_LH_HASHFUNC hash, OPENSSL_LH_COMPFUNC compare); + void lh_TYPE_free(LHASH_OF(TYPE) *table); - TYPE *lh_TYPE_insert(LHASH_OF(TYPE *table, TYPE *data); - TYPE *lh_TYPE_delete(LHASH_OF(TYPE *table, TYPE *data); - TYPE *lh_retrieve(LHASH_OFTYPE *table, TYPE *data); + TYPE *lh_TYPE_insert(LHASH_OF(TYPE) *table, TYPE *data); + TYPE *lh_TYPE_delete(LHASH_OF(TYPE) *table, TYPE *data); + TYPE *lh_retrieve(LHASH_OF(TYPE) *table, TYPE *data); - void lh_TYPE_doall(LHASH_OF(TYPE *table, OPENSSL_LH_DOALL_FUNC func); + void lh_TYPE_doall(LHASH_OF(TYPE) *table, OPENSSL_LH_DOALL_FUNC func); void lh_TYPE_doall_arg(LHASH_OF(TYPE) *table, OPENSSL_LH_DOALL_FUNCARG func, - TYPE, TYPE *arg); + TYPE *arg); int lh_TYPE_error(LHASH_OF(TYPE) *table); @@ -171,18 +171,18 @@ lh_TYPE_retrieve() returns the hash table entry if it has been found, B otherwise. lh_TYPE_error() returns 1 if an error occurred in the last operation, 0 -otherwise. +otherwise. It's meaningful only after non-retrieve operations. lh_TYPE_free(), lh_TYPE_doall() and lh_TYPE_doall_arg() return no values. =head1 NOTE -The various LHASH macros and callback types exist to make it possible -to write type-checked code without resorting to function-prototype -casting - an evil that makes application code much harder to -audit/verify and also opens the window of opportunity for stack -corruption and other hard-to-find bugs. It also, apparently, violates -ANSI-C. +The LHASH code is not thread safe. All updating operations, as well as +lh_TYPE_error call must be performed under a write lock. All retrieve +operations should be performed under a read lock, I accurate +usage statistics are desired. In which case, a write lock should be used +for retrieve operations as well. For output of the usage statistics, +using the functions from L, a read lock suffices. The LHASH code regards table entries as constant data. As such, it internally represents lh_insert()'d items with a "const void *" @@ -220,7 +220,7 @@ lh_TYPE_insert() returns B both for success and error. =head1 SEE ALSO -L +L =head1 HISTORY @@ -229,7 +229,7 @@ type checking. =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/OPENSSL_LH_stats.pod b/deps/openssl/openssl/doc/man3/OPENSSL_LH_stats.pod similarity index 86% rename from deps/openssl/openssl/doc/crypto/OPENSSL_LH_stats.pod rename to deps/openssl/openssl/doc/man3/OPENSSL_LH_stats.pod index c454a47eef2505..231485ad363fac 100644 --- a/deps/openssl/openssl/doc/crypto/OPENSSL_LH_stats.pod +++ b/deps/openssl/openssl/doc/man3/OPENSSL_LH_stats.pod @@ -21,9 +21,7 @@ OPENSSL_LH_node_stats_bio, OPENSSL_LH_node_usage_stats_bio - LHASH statistics =head1 DESCRIPTION The B structure records statistics about most aspects of -accessing the hash table. This is mostly a legacy of Eric Young -writing this library for the reasons of implementing what looked like -a nice algorithm rather than for a particular software product. +accessing the hash table. OPENSSL_LH_stats() prints out statistics on the size of the hash table, how many entries are in it, and the number and result of calls to the @@ -48,13 +46,19 @@ are the same as the above, except that the output goes to a B. These functions do not return values. +=head1 NOTE + +These calls should be made under a read lock. Refer to +L for more details about the locks required +when using the LHASH data structure. + =head1 SEE ALSO -L, L +L, L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod b/deps/openssl/openssl/doc/man3/OPENSSL_VERSION_NUMBER.pod similarity index 95% rename from deps/openssl/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod rename to deps/openssl/openssl/doc/man3/OPENSSL_VERSION_NUMBER.pod index 01623bac762d88..55a55c706a51eb 100644 --- a/deps/openssl/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod +++ b/deps/openssl/openssl/doc/man3/OPENSSL_VERSION_NUMBER.pod @@ -91,13 +91,15 @@ if available or "ENGINESDIR: N/A" otherwise. For an unknown B, the text "not available" is returned. -=head1 RETURN VALUE +=head1 RETURN VALUES -The version number. +OpenSSL_version_num() returns the version number. + +OpenSSL_version() returns requested version strings. =head1 SEE ALSO -L +L =head1 COPYRIGHT diff --git a/deps/openssl/openssl/doc/crypto/OPENSSL_config.pod b/deps/openssl/openssl/doc/man3/OPENSSL_config.pod similarity index 91% rename from deps/openssl/openssl/doc/crypto/OPENSSL_config.pod rename to deps/openssl/openssl/doc/man3/OPENSSL_config.pod index eae634a8faae18..6294ee1d1be1c9 100644 --- a/deps/openssl/openssl/doc/crypto/OPENSSL_config.pod +++ b/deps/openssl/openssl/doc/man3/OPENSSL_config.pod @@ -48,13 +48,24 @@ application calls OPENSSL_config() it doesn't need to know or care about ENGINE control operations because they can be performed by editing a configuration file. +=head1 ENVIRONMENT + +=over 4 + +=item B + +The path to the config file. +Ignored in set-user-ID and set-group-ID programs. + +=back + =head1 RETURN VALUES Neither OPENSSL_config() nor OPENSSL_no_config() return a value. =head1 SEE ALSO -L, +L, L =head1 HISTORY @@ -64,7 +75,7 @@ deprecated in OpenSSL 1.1.0 by OPENSSL_init_crypto(). =head1 COPYRIGHT -Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/OPENSSL_fork_prepare.pod b/deps/openssl/openssl/doc/man3/OPENSSL_fork_prepare.pod new file mode 100644 index 00000000000000..7c4eb1dbfd9f5f --- /dev/null +++ b/deps/openssl/openssl/doc/man3/OPENSSL_fork_prepare.pod @@ -0,0 +1,63 @@ +=pod + +=head1 NAME + +OPENSSL_fork_prepare, +OPENSSL_fork_parent, +OPENSSL_fork_child +- OpenSSL fork handlers + +=head1 SYNOPSIS + + #include + + void OPENSSL_fork_prepare(void); + void OPENSSL_fork_parent(void); + void OPENSSL_fork_child(void); + +=head1 DESCRIPTION + +OpenSSL has state that should be reset when a process forks. For example, +the entropy pool used to generate random numbers (and therefore encryption +keys) should not be shared across multiple programs. +The OPENSSL_fork_prepare(), OPENSSL_fork_parent(), and OPENSSL_fork_child() +functions are used to reset this internal state. + +Platforms without fork(2) will probably not need to use these functions. +Platforms with fork(2) but without pthreads_atfork(3) will probably need +to call them manually, as described in the following paragraph. Platforms +such as Linux that have both functions will normally not need to call these +functions as the OpenSSL library will do so automatically. + +L will register these functions with the appropriate +handler, when the B flag is used. For other +applications, these functions can be called directly. They should be used +according to the calling sequence described by the pthreads_atfork(3) +documentation, which is summarized here. OPENSSL_fork_prepare() should +be called before a fork() is done. After the fork() returns, the parent +process should call OPENSSL_fork_parent() and the child process should +call OPENSSL_fork_child(). + +=head1 RETURN VALUES + +OPENSSL_fork_prepare(), OPENSSL_fork_parent() and OPENSSL_fork_child() do not +return values. + +=head1 SEE ALSO + +L + +=head1 HISTORY + +These functions were added in OpenSSL 1.1.1. + +=head1 COPYRIGHT + +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/crypto/OPENSSL_ia32cap.pod b/deps/openssl/openssl/doc/man3/OPENSSL_ia32cap.pod similarity index 80% rename from deps/openssl/openssl/doc/crypto/OPENSSL_ia32cap.pod rename to deps/openssl/openssl/doc/man3/OPENSSL_ia32cap.pod index b0ab0ce551d480..08a181168f79cc 100644 --- a/deps/openssl/openssl/doc/crypto/OPENSSL_ia32cap.pod +++ b/deps/openssl/openssl/doc/man3/OPENSSL_ia32cap.pod @@ -101,12 +101,19 @@ and RORX; =item bit #64+19 denoting availability of ADCX and ADOX instructions; +=item bit #64+21 denoting availability of VPMADD52[LH]UQ instructions, +a.k.a. AVX512IFMA extension; + =item bit #64+29 denoting availability of SHA extension; =item bit #64+30 denoting availability of AVX512BW extension; =item bit #64+31 denoting availability of AVX512VL extension; +=item bit #64+41 denoting availability of VAES extension; + +=item bit #64+42 denoting availability of VPCLMULQDQ extension; + =back To control this extended capability word use ':' as delimiter when @@ -117,20 +124,40 @@ extensions. It should be noted that whether or not some of the most "fancy" extension code paths are actually assembled depends on current assembler version. Base minimum of AES-NI/PCLMULQDQ, SSSE3 and SHA extension code -paths are always assembled. Besides that, minimum assembler version +paths are always assembled. Apart from that, minimum assembler version requirements are summarized in below table: Extension | GNU as | nasm | llvm ------------+--------+--------+-------- AVX | 2.19 | 2.09 | 3.0 AVX2 | 2.22 | 2.10 | 3.1 - AVX512 | 2.25 | 2.11.8 | 3.6 + ADCX/ADOX | 2.23 | 2.10 | 3.3 + AVX512 | 2.25 | 2.11.8 | see NOTES + AVX512IFMA | 2.26 | 2.11.8 | see NOTES + VAES | 2.30 | 2.13.3 | + +=head1 NOTES + +Even though AVX512 support was implemented in llvm 3.6, compilation of +assembly modules apparently requires explicit -march flag. But then +compiler generates processor-specific code, which in turn contradicts +the mere idea of run-time switch execution facilitated by the variable +in question. Till the limitation is lifted, it's possible to work around +the problem by making build procedure use following script: + + #!/bin/sh + exec clang -no-integrated-as "$@" + +instead of real clang. In which case it doesn't matter which clang +version is used, as it is GNU assembler version that will be checked. + +=head1 RETURN VALUES -B is a macro returning the first word of the vector. +Not available. =head1 COPYRIGHT -Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/OPENSSL_init_crypto.pod b/deps/openssl/openssl/doc/man3/OPENSSL_init_crypto.pod similarity index 93% rename from deps/openssl/openssl/doc/crypto/OPENSSL_init_crypto.pod rename to deps/openssl/openssl/doc/man3/OPENSSL_init_crypto.pod index f9664ee35298a1..a259539f05527a 100644 --- a/deps/openssl/openssl/doc/crypto/OPENSSL_init_crypto.pod +++ b/deps/openssl/openssl/doc/man3/OPENSSL_init_crypto.pod @@ -2,7 +2,7 @@ =head1 NAME -OPENSSL_init_new, OPENSSL_INIT_set_config_appname, OPENSSL_INIT_free, +OPENSSL_INIT_new, OPENSSL_INIT_set_config_appname, OPENSSL_INIT_free, OPENSSL_init_crypto, OPENSSL_cleanup, OPENSSL_atexit, OPENSSL_thread_stop - OpenSSL initialisation and deinitialisation functions @@ -16,7 +16,7 @@ initialisation and deinitialisation functions int OPENSSL_atexit(void (*handler)(void)); void OPENSSL_thread_stop(void); - OPENSSL_INIT_SETTINGS *OPENSSL_init_new(void); + OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void); int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *init, const char* name); void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *init); @@ -95,8 +95,10 @@ B will be ignored. =item OPENSSL_INIT_LOAD_CONFIG With this option an OpenSSL configuration file will be automatically loaded and -used by calling OPENSSL_config(). This is not a default option. -See the description of OPENSSL_init_new(), below. +used by calling OPENSSL_config(). This is not a default option for libcrypto. +From OpenSSL 1.1.1 this is a default option for libssl (see +L for further details about libssl initialisation). See the +description of OPENSSL_INIT_new(), below. =item OPENSSL_INIT_NO_LOAD_CONFIG @@ -139,17 +141,22 @@ CAPI engine (if available). This not a default option. With this option the library will automatically load and initialise the padlock engine (if available). This not a default option. -=item OPENSSL_INIT_ENGINE_DASYNC +=item OPENSSL_INIT_ENGINE_AFALG With this option the library will automatically load and initialise the -DASYNC engine. This not a default option. +AFALG engine. This not a default option. =item OPENSSL_INIT_ENGINE_ALL_BUILTIN With this option the library will automatically load and initialise all the -built in engines listed above with the exception of the openssl and dasync +built in engines listed above with the exception of the openssl and afalg engines. This not a default option. +=item OPENSSL_INIT_ATFORK + +With this option the library will register its fork handlers. +See OPENSSL_fork_prepare(3) for details. + =back Multiple options may be combined together in a single call to @@ -230,7 +237,7 @@ L =head1 HISTORY The OPENSSL_init_crypto(), OPENSSL_cleanup(), OPENSSL_atexit(), -OPENSSL_thread_stop(), OPENSSL_init_new(), OPENSSL_INIT_set_config_appname() +OPENSSL_thread_stop(), OPENSSL_INIT_new(), OPENSSL_INIT_set_config_appname() and OPENSSL_INIT_free() functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/deps/openssl/openssl/doc/ssl/OPENSSL_init_ssl.pod b/deps/openssl/openssl/doc/man3/OPENSSL_init_ssl.pod similarity index 100% rename from deps/openssl/openssl/doc/ssl/OPENSSL_init_ssl.pod rename to deps/openssl/openssl/doc/man3/OPENSSL_init_ssl.pod diff --git a/deps/openssl/openssl/doc/crypto/OPENSSL_instrument_bus.pod b/deps/openssl/openssl/doc/man3/OPENSSL_instrument_bus.pod similarity index 92% rename from deps/openssl/openssl/doc/crypto/OPENSSL_instrument_bus.pod rename to deps/openssl/openssl/doc/man3/OPENSSL_instrument_bus.pod index 14072610354f57..744153ece6d5c2 100644 --- a/deps/openssl/openssl/doc/crypto/OPENSSL_instrument_bus.pod +++ b/deps/openssl/openssl/doc/man3/OPENSSL_instrument_bus.pod @@ -16,7 +16,7 @@ OPENSSL_instrument_bus, OPENSSL_instrument_bus2 - instrument references to memor It was empirically found that timings of references to primary memory are subject to irregular, apparently non-deterministic variations. The subroutines in question instrument these references for purposes of -gathering entropy for random number generator. In order to make it +gathering randomness for random number generator. In order to make it bus-bound a 'flush cache line' instruction is used between probes. In addition probes are added to B elements in atomic or interlocked manner, which should contribute additional noise on @@ -32,7 +32,7 @@ periods when probe values appeared deterministic. The subroutine performs at most B probes in attempt to fill the B, with B value of 0 meaning "as many as it takes." -=head1 RETURN VALUE +=head1 RETURN VALUES Return value of 0 indicates that CPU is not capable of performing the benchmark, either because oscillator counter or 'flush cache line' is @@ -43,7 +43,7 @@ Otherwise number of recorded values is returned. =head1 COPYRIGHT -Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/OPENSSL_load_builtin_modules.pod b/deps/openssl/openssl/doc/man3/OPENSSL_load_builtin_modules.pod similarity index 90% rename from deps/openssl/openssl/doc/crypto/OPENSSL_load_builtin_modules.pod rename to deps/openssl/openssl/doc/man3/OPENSSL_load_builtin_modules.pod index 112718a68a079d..bf0dc413bfe394 100644 --- a/deps/openssl/openssl/doc/crypto/OPENSSL_load_builtin_modules.pod +++ b/deps/openssl/openssl/doc/man3/OPENSSL_load_builtin_modules.pod @@ -10,7 +10,7 @@ OPENSSL_load_builtin_modules, ASN1_add_oid_module, ENGINE_add_conf_module - add void OPENSSL_load_builtin_modules(void); void ASN1_add_oid_module(void); - ENGINE_add_conf_module(); + void ENGINE_add_conf_module(void); =head1 DESCRIPTION @@ -36,17 +36,17 @@ configuration modules instead of adding modules selectively: otherwise functionality may be missing from the application if an when new modules are added. -=head1 RETURN VALUE +=head1 RETURN VALUES None of the functions return a value. =head1 SEE ALSO -L, L +L, L =head1 COPYRIGHT -Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/OPENSSL_malloc.pod b/deps/openssl/openssl/doc/man3/OPENSSL_malloc.pod similarity index 77% rename from deps/openssl/openssl/doc/crypto/OPENSSL_malloc.pod rename to deps/openssl/openssl/doc/man3/OPENSSL_malloc.pod index ba5dc1069f39eb..049a12556ae7a2 100644 --- a/deps/openssl/openssl/doc/crypto/OPENSSL_malloc.pod +++ b/deps/openssl/openssl/doc/man3/OPENSSL_malloc.pod @@ -14,8 +14,12 @@ OPENSSL_mem_debug_push, OPENSSL_mem_debug_pop, CRYPTO_mem_debug_push, CRYPTO_mem_debug_pop, CRYPTO_clear_realloc, CRYPTO_clear_free, CRYPTO_get_mem_functions, CRYPTO_set_mem_functions, +CRYPTO_get_alloc_counts, CRYPTO_set_mem_debug, CRYPTO_mem_ctrl, -CRYPTO_mem_leaks, CRYPTO_mem_leaks_fp - Memory allocation functions +CRYPTO_mem_leaks, CRYPTO_mem_leaks_fp, CRYPTO_mem_leaks_cb, +OPENSSL_MALLOC_FAILURES, +OPENSSL_MALLOC_FD +- Memory allocation functions =head1 SYNOPSIS @@ -46,7 +50,8 @@ CRYPTO_mem_leaks, CRYPTO_mem_leaks_fp - Memory allocation functions void CRYPTO_free(void *str, const char *, int) char *CRYPTO_strdup(const char *p, const char *file, int line) char *CRYPTO_strndup(const char *p, size_t num, const char *file, int line) - void *CRYPTO_clear_realloc(void *p, size_t old_len, size_t num, const char *file, int line) + void *CRYPTO_clear_realloc(void *p, size_t old_len, size_t num, + const char *file, int line) void CRYPTO_clear_free(void *str, size_t num, const char *, int) void CRYPTO_get_mem_functions( @@ -58,8 +63,13 @@ CRYPTO_mem_leaks, CRYPTO_mem_leaks_fp - Memory allocation functions void *(*r)(void *, size_t, const char *, int), void (*f)(void *, const char *, int)) + void CRYPTO_get_alloc_counts(int *m, int *r, int *f) + int CRYPTO_set_mem_debug(int onoff) + env OPENSSL_MALLOC_FAILURES=... + env OPENSSL_MALLOC_FD=... + int CRYPTO_mem_ctrl(int mode); int OPENSSL_mem_debug_push(const char *info) @@ -70,6 +80,8 @@ CRYPTO_mem_leaks, CRYPTO_mem_leaks_fp - Memory allocation functions int CRYPTO_mem_leaks(BIO *b); int CRYPTO_mem_leaks_fp(FILE *fp); + int CRYPTO_mem_leaks_cb(int (*cb)(const char *str, size_t len, void *u), + void *u); =head1 DESCRIPTION @@ -139,7 +151,6 @@ CRYPTO_set_mem_debug() turns this tracking on and off. In order to have any effect, is must be called before any of the allocation functions (e.g., CRYPTO_malloc()) are called, and is therefore normally one of the first lines of main() in an application. - CRYPTO_mem_ctrl() provides fine-grained control of memory leak tracking. To enable tracking call CRYPTO_mem_ctrl() with a B argument of the B. @@ -160,14 +171,53 @@ CRYPTO_mem_leaks_fp() will report all "leaked" memory, writing it to the specified BIO B or FILE B. These functions return 1 if there are no leaks, 0 if there are leaks and -1 if an error occurred. +CRYPTO_mem_leaks_cb() does the same as CRYPTO_mem_leaks(), but instead +of writing to a given BIO, the callback function is called for each +output string with the string, length, and userdata B as the callback +parameters. + +If the library is built with the C option, then one +function, CRYPTO_get_alloc_counts(), and two additional environment +variables, B and B, +are available. + +The function CRYPTO_get_alloc_counts() fills in the number of times +each of CRYPTO_malloc(), CRYPTO_realloc(), and CRYPTO_free() have been +called, into the values pointed to by B, B, and B, +respectively. If a pointer is NULL, then the corresponding count is not stored. + +The variable +B controls how often allocations should fail. +It is a set of fields separated by semicolons, which each field is a count +(defaulting to zero) and an optional atsign and percentage (defaulting +to 100). If the count is zero, then it lasts forever. For example, +C<100;@25> or C<100@0;0@25> means the first 100 allocations pass, then all +other allocations (until the program exits or crashes) have a 25% chance of +failing. + +If the variable B is parsed as a positive integer, then +it is taken as an open file descriptor, and a record of all allocations is +written to that descriptor. If an allocation will fail, and the platform +supports it, then a backtrace will be written to the descriptor. This can +be useful because a malloc may fail but not be checked, and problems will +only occur later. The following example in classic shell syntax shows how +to use this (will not work on all platforms): + + OPENSSL_MALLOC_FAILURES='200;@10' + export OPENSSL_MALLOC_FAILURES + OPENSSL_MALLOC_FD=3 + export OPENSSL_MALLOC_FD + ...app invocation... 3>/tmp/log$$ + + =head1 RETURN VALUES OPENSSL_malloc_init(), OPENSSL_free(), OPENSSL_clear_free() CRYPTO_free(), CRYPTO_clear_free() and CRYPTO_get_mem_functions() return no value. -CRYPTO_mem_leaks() and CRYPTO_mem_leaks_fp() return 1 if there -are no leaks, 0 if there are leaks and -1 if an error occurred. +CRYPTO_mem_leaks(), CRYPTO_mem_leaks_fp() and CRYPTO_mem_leaks_cb() return 1 if +there are no leaks, 0 if there are leaks and -1 if an error occurred. OPENSSL_malloc(), OPENSSL_zalloc(), OPENSSL_realloc(), OPENSSL_clear_realloc(), diff --git a/deps/openssl/openssl/doc/crypto/OPENSSL_secure_malloc.pod b/deps/openssl/openssl/doc/man3/OPENSSL_secure_malloc.pod similarity index 91% rename from deps/openssl/openssl/doc/crypto/OPENSSL_secure_malloc.pod rename to deps/openssl/openssl/doc/man3/OPENSSL_secure_malloc.pod index 3f27d76d209f78..5a01c8246933f8 100644 --- a/deps/openssl/openssl/doc/crypto/OPENSSL_secure_malloc.pod +++ b/deps/openssl/openssl/doc/man3/OPENSSL_secure_malloc.pod @@ -5,9 +5,9 @@ CRYPTO_secure_malloc_init, CRYPTO_secure_malloc_initialized, CRYPTO_secure_malloc_done, OPENSSL_secure_malloc, CRYPTO_secure_malloc, OPENSSL_secure_zalloc, CRYPTO_secure_zalloc, OPENSSL_secure_free, -OPENSSL_secure_clear_free, CRYPTO_secure_free, CRYPTO_secure_clear_free, -OPENSSL_secure_actual_size, OPENSSL_secure_allocated, CRYPTO_secure_used -- secure heap storage +CRYPTO_secure_free, OPENSSL_secure_clear_free, +CRYPTO_secure_clear_free, OPENSSL_secure_actual_size, +CRYPTO_secure_used - secure heap storage =head1 SYNOPSIS @@ -32,7 +32,6 @@ OPENSSL_secure_actual_size, OPENSSL_secure_allocated, CRYPTO_secure_used void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *, int); size_t OPENSSL_secure_actual_size(const void *ptr); - int OPENSSL_secure_allocated(const void *ptr); size_t CRYPTO_secure_used(); @@ -81,8 +80,12 @@ It exists for consistency with OPENSSL_secure_malloc() , and is a macro that expands to CRYPTO_secure_free() and adds the C<__FILE__> and C<__LINE__> parameters.. -OPENSSL_secure_allocated() tells whether or not a pointer is within -the secure heap. +OPENSSL_secure_clear_free() is similar to OPENSSL_secure_free() except +that it has an additional C parameter which is used to clear +the memory if it was not allocated from the secure heap. +If CRYPTO_secure_malloc_init() is not called, this is equivalent to +calling OPENSSL_clear_free(). + OPENSSL_secure_actual_size() tells the actual size allocated to the pointer; implementations may allocate more space than initially requested, in order to "round up" and reduce secure heap fragmentation. diff --git a/deps/openssl/openssl/doc/man3/OSSL_STORE_INFO.pod b/deps/openssl/openssl/doc/man3/OSSL_STORE_INFO.pod new file mode 100644 index 00000000000000..20d41ac534e7b5 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/OSSL_STORE_INFO.pod @@ -0,0 +1,204 @@ +=pod + +=head1 NAME + +OSSL_STORE_INFO, OSSL_STORE_INFO_get_type, OSSL_STORE_INFO_get0_NAME, +OSSL_STORE_INFO_get0_NAME_description, OSSL_STORE_INFO_get0_PARAMS, +OSSL_STORE_INFO_get0_PKEY, OSSL_STORE_INFO_get0_CERT, OSSL_STORE_INFO_get0_CRL, +OSSL_STORE_INFO_get1_NAME, OSSL_STORE_INFO_get1_NAME_description, +OSSL_STORE_INFO_get1_PARAMS, OSSL_STORE_INFO_get1_PKEY, +OSSL_STORE_INFO_get1_CERT, +OSSL_STORE_INFO_get1_CRL, OSSL_STORE_INFO_type_string, OSSL_STORE_INFO_free, +OSSL_STORE_INFO_new_NAME, OSSL_STORE_INFO_set0_NAME_description, +OSSL_STORE_INFO_new_PARAMS, OSSL_STORE_INFO_new_PKEY, OSSL_STORE_INFO_new_CERT, +OSSL_STORE_INFO_new_CRL - Functions to manipulate OSSL_STORE_INFO objects + +=head1 SYNOPSIS + + #include + + typedef struct ossl_store_info_st OSSL_STORE_INFO; + + int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *store_info); + const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *store_info); + char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *store_info); + const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO + *store_info); + char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *store_info); + EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *store_info); + EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *store_info); + EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *store_info); + EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *store_info); + X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *store_info); + X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *store_info); + X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *store_info); + X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *store_info); + + const char *OSSL_STORE_INFO_type_string(int type); + + void OSSL_STORE_INFO_free(OSSL_STORE_INFO *store_info); + + OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name); + int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc); + OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(DSA *dsa_params); + OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey); + OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509); + OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl); + +=head1 DESCRIPTION + +These functions are primarily useful for applications to retrieve +supported objects from B objects and for scheme specific +loaders to create B holders. + +=head2 Types + +B is an opaque type that's just an intermediary holder for +the objects that have been retrieved by OSSL_STORE_load() and similar +functions. +Supported OpenSSL type object can be extracted using one of +STORE_INFO_get0_TYPE(). +The life time of this extracted object is as long as the life time of +the B it was extracted from, so care should be taken not +to free the latter too early. +As an alternative, STORE_INFO_get1_TYPE() extracts a duplicate (or the +same object with its reference count increased), which can be used +after the containing B has been freed. +The object returned by STORE_INFO_get1_TYPE() must be freed separately +by the caller. +See L for more information on the types that are +supported. + +=head2 Functions + +OSSL_STORE_INFO_get_type() takes a B and returns the STORE +type number for the object inside. +STORE_INFO_get_type_string() takes a STORE type number and returns a +short string describing it. + +OSSL_STORE_INFO_get0_NAME(), OSSL_STORE_INFO_get0_NAME_description(), +OSSL_STORE_INFO_get0_PARAMS(), OSSL_STORE_INFO_get0_PKEY(), +OSSL_STORE_INFO_get0_CERT() and OSSL_STORE_INFO_get0_CRL() all take a +B and return the held object of the appropriate OpenSSL +type provided that's what's held. + +OSSL_STORE_INFO_get1_NAME(), OSSL_STORE_INFO_get1_NAME_description(), +OSSL_STORE_INFO_get1_PARAMS(), OSSL_STORE_INFO_get1_PKEY(), +OSSL_STORE_INFO_get1_CERT() and OSSL_STORE_INFO_get1_CRL() all take a +B and return a duplicate of the held object of the +appropriate OpenSSL type provided that's what's held. + +OSSL_STORE_INFO_free() frees a B and its contained type. + +OSSL_STORE_INFO_new_NAME() , OSSL_STORE_INFO_new_PARAMS(), +OSSL_STORE_INFO_new_PKEY(), OSSL_STORE_INFO_new_CERT() and +OSSL_STORE_INFO_new_CRL() create a B +object to hold the given input object. +Additionally, for B` objects, +OSSL_STORE_INFO_set0_NAME_description() can be used to add an extra +description. +This description is meant to be human readable and should be used for +information printout. + +=head1 SUPPORTED OBJECTS + +Currently supported object types are: + +=over 4 + +=item OSSL_STORE_INFO_NAME + +A name is exactly that, a name. +It's like a name in a directory, but formatted as a complete URI. +For example, the path in URI C could include a file +named C, and in that case, the returned B +object would have the URI C, which can be +used by the application to get the objects in that file. +This can be applied to all schemes that can somehow support a listing +of object URIs. + +For C URIs that are used without the explicit scheme, the +returned name will be the path of each object, so if C was +given and that path has the file C, the name +C will be returned. + +The returned URI is considered canonical and must be unique and permanent +for the storage where the object (or collection of objects) resides. +Each loader is responsible for ensuring that it only returns canonical +URIs. +However, it's possible that certain schemes allow an object (or collection +thereof) to be reached with alternative URIs; just because one URI is +canonical doesn't mean that other variants can't be used. + +At the discretion of the loader that was used to get these names, an +extra description may be attached as well. + +=item OSSL_STORE_INFO_PARAMS + +Key parameters. + +=item OSSL_STORE_INFO_PKEY + +A private/public key of some sort. + +=item OSSL_STORE_INFO_CERT + +An X.509 certificate. + +=item OSSL_STORE_INFO_CRL + +A X.509 certificate revocation list. + +=back + +=head1 RETURN VALUES + +OSSL_STORE_INFO_get_type() returns the STORE type number of the given +B. +There is no error value. + +OSSL_STORE_INFO_get0_NAME(), OSSL_STORE_INFO_get0_NAME_description(), +OSSL_STORE_INFO_get0_PARAMS(), OSSL_STORE_INFO_get0_PKEY(), +OSSL_STORE_INFO_get0_CERT() and OSSL_STORE_INFO_get0_CRL() all return +a pointer to the OpenSSL object on success, NULL otherwise. + +OSSL_STORE_INFO_get0_NAME(), OSSL_STORE_INFO_get0_NAME_description(), +OSSL_STORE_INFO_get0_PARAMS(), OSSL_STORE_INFO_get0_PKEY(), +OSSL_STORE_INFO_get0_CERT() and OSSL_STORE_INFO_get0_CRL() all return +a pointer to a duplicate of the OpenSSL object on success, NULL otherwise. + +OSSL_STORE_INFO_type_string() returns a string on success, or B on +failure. + +OSSL_STORE_INFO_new_NAME(), OSSL_STORE_INFO_new_PARAMS(), +OSSL_STORE_INFO_new_PKEY(), OSSL_STORE_INFO_new_CERT() and +OSSL_STORE_INFO_new_CRL() return a B +pointer on success, or B on failure. + +OSSL_STORE_INFO_set0_NAME_description() returns 1 on success, or 0 on +failure. + +=head1 SEE ALSO + +L, L, L + +=head1 HISTORY + +OSSL_STORE_INFO(), OSSL_STORE_INFO_get_type(), OSSL_STORE_INFO_get0_NAME(), +OSSL_STORE_INFO_get0_PARAMS(), OSSL_STORE_INFO_get0_PKEY(), +OSSL_STORE_INFO_get0_CERT(), OSSL_STORE_INFO_get0_CRL(), +OSSL_STORE_INFO_type_string(), OSSL_STORE_INFO_free(), OSSL_STORE_INFO_new_NAME(), +OSSL_STORE_INFO_new_PARAMS(), OSSL_STORE_INFO_new_PKEY(), +OSSL_STORE_INFO_new_CERT() and OSSL_STORE_INFO_new_CRL() +were added to OpenSSL 1.1.1. + +=head1 COPYRIGHT + +Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/OSSL_STORE_LOADER.pod b/deps/openssl/openssl/doc/man3/OSSL_STORE_LOADER.pod new file mode 100644 index 00000000000000..87c135a1275bab --- /dev/null +++ b/deps/openssl/openssl/doc/man3/OSSL_STORE_LOADER.pod @@ -0,0 +1,264 @@ +=pod + +=head1 NAME + +OSSL_STORE_LOADER, OSSL_STORE_LOADER_CTX, OSSL_STORE_LOADER_new, +OSSL_STORE_LOADER_get0_engine, OSSL_STORE_LOADER_get0_scheme, +OSSL_STORE_LOADER_set_open, OSSL_STORE_LOADER_set_ctrl, +OSSL_STORE_LOADER_set_expect, OSSL_STORE_LOADER_set_find, +OSSL_STORE_LOADER_set_load, OSSL_STORE_LOADER_set_eof, +OSSL_STORE_LOADER_set_error, OSSL_STORE_LOADER_set_close, +OSSL_STORE_LOADER_free, OSSL_STORE_register_loader, +OSSL_STORE_unregister_loader, OSSL_STORE_open_fn, OSSL_STORE_ctrl_fn, +OSSL_STORE_expect_fn, OSSL_STORE_find_fn, +OSSL_STORE_load_fn, OSSL_STORE_eof_fn, OSSL_STORE_error_fn, +OSSL_STORE_close_fn - Types and functions to manipulate, register and +unregister STORE loaders for different URI schemes + +=head1 SYNOPSIS + + #include + + typedef struct ossl_store_loader_st OSSL_STORE_LOADER; + + OSSL_STORE_LOADER *OSSL_STORE_LOADER_new(ENGINE *e, const char *scheme); + const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER + *store_loader); + const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER + *store_loader); + + /* struct ossl_store_loader_ctx_st is defined differently by each loader */ + typedef struct ossl_store_loader_ctx_st OSSL_STORE_LOADER_CTX; + + typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_fn)(const char *uri, + const UI_METHOD *ui_method, + void *ui_data); + int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *store_loader, + OSSL_STORE_open_fn store_open_function); + typedef int (*OSSL_STORE_ctrl_fn)(OSSL_STORE_LOADER_CTX *ctx, int cmd, + va_list args); + int OSSL_STORE_LOADER_set_ctrl(OSSL_STORE_LOADER *store_loader, + OSSL_STORE_ctrl_fn store_ctrl_function); + typedef int (*OSSL_STORE_expect_fn)(OSSL_STORE_LOADER_CTX *ctx, int expected); + int OSSL_STORE_LOADER_set_expect(OSSL_STORE_LOADER *loader, + OSSL_STORE_expect_fn expect_function); + typedef int (*OSSL_STORE_find_fn)(OSSL_STORE_LOADER_CTX *ctx, + OSSL_STORE_SEARCH *criteria); + int OSSL_STORE_LOADER_set_find(OSSL_STORE_LOADER *loader, + OSSL_STORE_find_fn find_function); + typedef OSSL_STORE_INFO *(*OSSL_STORE_load_fn)(OSSL_STORE_LOADER_CTX *ctx, + UI_METHOD *ui_method, + void *ui_data); + int OSSL_STORE_LOADER_set_load(OSSL_STORE_LOADER *store_loader, + OSSL_STORE_load_fn store_load_function); + typedef int (*OSSL_STORE_eof_fn)(OSSL_STORE_LOADER_CTX *ctx); + int OSSL_STORE_LOADER_set_eof(OSSL_STORE_LOADER *store_loader, + OSSL_STORE_eof_fn store_eof_function); + typedef int (*OSSL_STORE_error_fn)(OSSL_STORE_LOADER_CTX *ctx); + int OSSL_STORE_LOADER_set_error(OSSL_STORE_LOADER *store_loader, + OSSL_STORE_error_fn store_error_function); + typedef int (*OSSL_STORE_close_fn)(OSSL_STORE_LOADER_CTX *ctx); + int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *store_loader, + OSSL_STORE_close_fn store_close_function); + void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *store_loader); + + int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader); + OSSL_STORE_LOADER *OSSL_STORE_unregister_loader(const char *scheme); + +=head1 DESCRIPTION + +These functions help applications and engines to create loaders for +schemes they support. + +=head2 Types + +B is the type to hold a loader. +It contains a scheme and the functions needed to implement +OSSL_STORE_open(), OSSL_STORE_load(), OSSL_STORE_eof(), OSSL_STORE_error() and +OSSL_STORE_close() for this scheme. + +B is a type template, to be defined by each loader +using B. + +B, B, B, +B, B, B, +and B +are the function pointer types used within a STORE loader. +The functions pointed at define the functionality of the given loader. + +=over 4 + +=item B + +This function takes a URI and is expected to interpret it in the best +manner possible according to the scheme the loader implements, it also +takes a B and associated data, to be used any time +something needs to be prompted for. +Furthermore, this function is expected to initialize what needs to be +initialized, to create a privata data store (B, see +above), and to return it. +If something goes wrong, this function is expected to return NULL. + +=item B + +This function takes a B pointer, a command number +B and a B B and is used to manipulate loader +specific parameters. + +=begin comment + +Globally known command numbers are documented in L, +along with what B are expected with each of them. + +=end comment + +Loader specific command numbers must begin at B. +Any number below that is reserved for future globally known command +numbers. + +This function is expected to return 1 on success, 0 on error. + +=item B + +This function takes a B pointer and a B +identity B, and is used to tell the loader what object type is +expected. +B may be zero to signify that no specific object type is expected. + +This function is expected to return 1 on success, 0 on error. + +=item B + +This function takes a B pointer and a +B search criterion, and is used to tell the loader what +to search for. + +When called with the loader context being B, this function is expected +to return 1 if the loader supports the criterion, otherwise 0. + +When called with the loader context being something other than B, this +function is expected to return 1 on success, 0 on error. + +=item B + +This function takes a B pointer and a B +with associated data. +It's expected to load the next available data, mold it into a data +structure that can be wrapped in a B using one of the +L functions. +If no more data is available or an error occurs, this function is +expected to return NULL. +The B and B functions must indicate if +it was in fact the end of data or if an error occurred. + +Note that this function retrieves I data item only. + +=item B + +This function takes a B pointer and is expected to +return 1 to indicate that the end of available data has been reached. +It is otherwise expected to return 0. + +=item B + +This function takes a B pointer and is expected to +return 1 to indicate that an error occurred in a previous call to the +B function. +It is otherwise expected to return 0. + +=item B + +This function takes a B pointer and is expected to +close or shut down what needs to be closed, and finally free the +contents of the B pointer. +It returns 1 on success and 0 on error. + +=back + +=head2 Functions + +OSSL_STORE_LOADER_new() creates a new B. +It takes an B B and a string B. +B must I be set. +Both B and B are used as is and must therefore be alive as +long as the created loader is. + +OSSL_STORE_LOADER_get0_engine() returns the engine of the B. +OSSL_STORE_LOADER_get0_scheme() returns the scheme of the B. + +OSSL_STORE_LOADER_set_open() sets the opener function for the +B. + +OSSL_STORE_LOADER_set_ctrl() sets the control function for the +B. + +OSSL_STORE_LOADER_set_expect() sets the expect function for the +B. + +OSSL_STORE_LOADER_set_load() sets the loader function for the +B. + +OSSL_STORE_LOADER_set_eof() sets the end of file checker function for the +B. + +OSSL_STORE_LOADER_set_close() sets the closing function for the +B. + +OSSL_STORE_LOADER_free() frees the given B. + +OSSL_STORE_register_loader() register the given B and thereby +makes it available for use with OSSL_STORE_open(), OSSL_STORE_load(), +OSSL_STORE_eof() and OSSL_STORE_close(). + +OSSL_STORE_unregister_loader() unregister the store loader for the given +B. + +=head1 NOTES + +The B scheme has built in support. + +=head1 RETURN VALUES + +The functions with the types B, B, +B, +B, B and B have the +same return values as OSSL_STORE_open(), OSSL_STORE_ctrl(), OSSL_STORE_expect(), +OSSL_STORE_load(), OSSL_STORE_eof() and OSSL_STORE_close(), respectively. + +OSSL_STORE_LOADER_new() returns a pointer to a B on success, +or B on failure. + +OSSL_STORE_LOADER_set_open(), OSSL_STORE_LOADER_set_ctrl(), +OSSL_STORE_LOADER_set_load(), OSSL_STORE_LOADER_set_eof() and +OSSL_STORE_LOADER_set_close() return 1 on success, or 0 on failure. + +OSSL_STORE_register_loader() returns 1 on success, or 0 on failure. + +OSSL_STORE_unregister_loader() returns the unregistered loader on success, +or B on failure. + +=head1 SEE ALSO + +L, L + +=head1 HISTORY + +OSSL_STORE_LOADER(), OSSL_STORE_LOADER_CTX(), OSSL_STORE_LOADER_new(), +OSSL_STORE_LOADER_set0_scheme(), OSSL_STORE_LOADER_set_open(), +OSSL_STORE_LOADER_set_ctrl(), OSSL_STORE_LOADER_set_load(), +OSSL_STORE_LOADER_set_eof(), OSSL_STORE_LOADER_set_close(), +OSSL_STORE_LOADER_free(), OSSL_STORE_register_loader(), +OSSL_STORE_unregister_loader(), OSSL_STORE_open_fn(), OSSL_STORE_ctrl_fn(), +OSSL_STORE_load_fn(), OSSL_STORE_eof_fn() and OSSL_STORE_close_fn() +were added to OpenSSL 1.1.1. + +=head1 COPYRIGHT + +Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/OSSL_STORE_SEARCH.pod b/deps/openssl/openssl/doc/man3/OSSL_STORE_SEARCH.pod new file mode 100644 index 00000000000000..6d36a190ae5ae0 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/OSSL_STORE_SEARCH.pod @@ -0,0 +1,193 @@ +=pod + +=head1 NAME + +OSSL_STORE_SEARCH, +OSSL_STORE_SEARCH_by_name, +OSSL_STORE_SEARCH_by_issuer_serial, +OSSL_STORE_SEARCH_by_key_fingerprint, +OSSL_STORE_SEARCH_by_alias, +OSSL_STORE_SEARCH_free, +OSSL_STORE_SEARCH_get_type, +OSSL_STORE_SEARCH_get0_name, +OSSL_STORE_SEARCH_get0_serial, +OSSL_STORE_SEARCH_get0_bytes, +OSSL_STORE_SEARCH_get0_string, +OSSL_STORE_SEARCH_get0_digest +- Type and functions to create OSSL_STORE search criteria + +=head1 SYNOPSIS + + #include + + typedef struct ossl_store_search_st OSSL_STORE_SEARCH; + + OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name); + OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name, + const ASN1_INTEGER + *serial); + OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest, + const unsigned char + *bytes, int len); + OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias); + + void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search); + + int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion); + X509_NAME *OSSL_STORE_SEARCH_get0_name(OSSL_STORE_SEARCH *criterion); + const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH + *criterion); + const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH + *criterion, size_t *length); + const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion); + const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH + *criterion); + +=head1 DESCRIPTION + +These functions are used to specify search criteria to help search for specific +objects through other names than just the URI that's given to OSSL_STORE_open(). +For example, this can be useful for an application that has received a URI +and then wants to add on search criteria in a uniform and supported manner. + +=head2 Types + +B is an opaque type that holds the constructed search +criterion, and that can be given to an OSSL_STORE context with +OSSL_STORE_find(). + +The calling application owns the allocation of an B at all +times, and should therefore be careful not to deallocate it before +OSSL_STORE_close() has been called for the OSSL_STORE context it was given +to. + +=head2 Application Functions + +OSSL_STORE_SEARCH_by_name(), +OSSL_STORE_SEARCH_by_issuer_serial(), +OSSL_STORE_SEARCH_by_key_fingerprint(), +and OSSL_STORE_SEARCH_by_alias() +are used to create an B from a subject name, an issuer name +and serial number pair, a key fingerprint, and an alias (for example a friendly +name). +The parameters that are provided are not copied, only referred to in a +criterion, so they must have at least the same life time as the created +B. + +OSSL_STORE_SEARCH_free() is used to free the B. + +=head2 Loader Functions + +OSSL_STORE_SEARCH_get_type() returns the criterion type for the given +B. + +OSSL_STORE_SEARCH_get0_name(), OSSL_STORE_SEARCH_get0_serial(), +OSSL_STORE_SEARCH_get0_bytes(), OSSL_STORE_SEARCH_get0_string(), +and OSSL_STORE_SEARCH_get0_digest() +are used to retrieve different data from a B, as +available for each type. +For more information, see L below. + +=head1 SUPPORTED CRITERION TYPES + +Currently supported criterion types are: + +=over 4 + +=item OSSL_STORE_SEARCH_BY_NAME + +This criterion supports a search by exact match of subject name. +The subject name itself is a B pointer. +A criterion of this type is created with OSSL_STORE_SEARCH_by_name(), +and the actual subject name is retrieved with OSSL_STORE_SEARCH_get0_name(). + +=item OSSL_STORE_SEARCH_BY_ISSUER_SERIAL + +This criterion supports a search by exact match of both issuer name and serial +number. +The issuer name itself is a B pointer, and the serial number is +a B pointer. +A criterion of this type is created with OSSL_STORE_SEARCH_by_issuer_serial() +and the actual issuer name and serial number are retrieved with +OSSL_STORE_SEARCH_get0_name() and OSSL_STORE_SEARCH_get0_serial(). + +=item OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT + +This criterion supports a search by exact match of key fingerprint. +The key fingerprint in itself is a string of bytes and its length, as +well as the algorithm that was used to compute the fingerprint. +The digest may be left unspecified (NULL), and in that case, the +loader has to decide on a default digest and compare fingerprints +accordingly. +A criterion of this type is created with OSSL_STORE_SEARCH_by_key_fingerprint() +and the actual fingerprint and its length can be retrieved with +OSSL_STORE_SEARCH_get0_bytes(). +The digest can be retrieved with OSSL_STORE_SEARCH_get0_digest(). + +=item OSSL_STORE_SEARCH_BY_ALIAS + +This criterion supports a search by match of an alias of some kind. +The alias in itself is a simple C string. +A criterion of this type is created with OSSL_STORE_SEARCH_by_alias() +and the actual alias is retrieved with OSSL_STORE_SEARCH_get0_string(). + +=back + +=head1 RETURN VALUES + +OSSL_STORE_SEARCH_by_name(), +OSSL_STORE_SEARCH_by_issuer_serial(), +OSSL_STORE_SEARCH_by_key_fingerprint(), +and OSSL_STORE_SEARCH_by_alias() +return a B pointer on success, or B on failure. + +OSSL_STORE_SEARCH_get_type() returns the criterion type of the given +B. +There is no error value. + +OSSL_STORE_SEARCH_get0_name() returns a B pointer on success, +or B when the given B was of a different type. + +OSSL_STORE_SEARCH_get0_serial() returns a B pointer on success, +or B when the given B was of a different type. + +OSSL_STORE_SEARCH_get0_bytes() returns a B pointer and +sets B<*length> to the strings length on success, or B when the given +B was of a different type. + +OSSL_STORE_SEARCH_get0_string() returns a B pointer on success, +or B when the given B was of a different type. + +OSSL_STORE_SEARCH_get0_digest() returns a B pointer. +B is a valid value and means that the store loader default will +be used when applicable. + +=head1 SEE ALSO + +L, L, L + +=head1 HISTORY + +B, +OSSL_STORE_SEARCH_by_name(), +OSSL_STORE_SEARCH_by_issuer_serial(), +OSSL_STORE_SEARCH_by_key_fingerprint(), +OSSL_STORE_SEARCH_by_alias(), +OSSL_STORE_SEARCH_free(), +OSSL_STORE_SEARCH_get_type(), +OSSL_STORE_SEARCH_get0_name(), +OSSL_STORE_SEARCH_get0_serial(), +OSSL_STORE_SEARCH_get0_bytes(), +and OSSL_STORE_SEARCH_get0_string() +were added to OpenSSL 1.1.1. + +=head1 COPYRIGHT + +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/OSSL_STORE_expect.pod b/deps/openssl/openssl/doc/man3/OSSL_STORE_expect.pod new file mode 100644 index 00000000000000..e3f06b55be7160 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/OSSL_STORE_expect.pod @@ -0,0 +1,79 @@ +=pod + +=head1 NAME + +OSSL_STORE_expect, +OSSL_STORE_supports_search, +OSSL_STORE_find +- Specify what object type is expected + +=head1 SYNOPSIS + + #include + + int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type); + + int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int criterion_type); + + int OSSL_STORE_find(OSSL_STORE_CTX *ctx, OSSL_STORE_SEARCH *search); + +=head1 DESCRIPTION + +OSSL_STORE_expect() helps applications filter what OSSL_STORE_load() returns +by specifying a B type. +For example, if C contains several different objects +and only the certificates are interesting, the application can simply say +that it expects the type B. +All known object types (see L) +except for B are supported. + +OSSL_STORE_find() helps applications specify a criterion for a more fine +grained search of objects. + +OSSL_STORE_supports_search() checks if the loader of the given OSSL_STORE +context supports the given search type. +See L for information on the +supported search criterion types. + +OSSL_STORE_expect() and OSSL_STORE_find I be called before the first +OSSL_STORE_load() of a given session, or they will fail. + +=head1 NOTES + +If a more elaborate filter is required by the application, a better choice +would be to use a post-processing function. +See L for more information. + +However, some loaders may take advantage of the knowledge of an expected type +to make object retrieval more efficient, so if a single type is expected, this +method is usually preferable. + +=head1 RETURN VALUES + +OSSL_STORE_expect() returns 1 on success, or 0 on failure. + +OSSL_STORE_supports_search() returns 1 if the criterion is supported, or 0 +otherwise. + +OSSL_STORE_find() returns 1 on success, or 0 on failure. + +=head1 SEE ALSO + +L, L, L, +L + +=head1 HISTORY + +OSSL_STORE_expect(), OSSL_STORE_supports_search() and OSSL_STORE_find() +were added to OpenSSL 1.1.1. + +=head1 COPYRIGHT + +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/OSSL_STORE_open.pod b/deps/openssl/openssl/doc/man3/OSSL_STORE_open.pod new file mode 100644 index 00000000000000..b1467f4100a71a --- /dev/null +++ b/deps/openssl/openssl/doc/man3/OSSL_STORE_open.pod @@ -0,0 +1,161 @@ +=pod + +=head1 NAME + +OSSL_STORE_CTX, OSSL_STORE_post_process_info_fn, OSSL_STORE_open, +OSSL_STORE_ctrl, OSSL_STORE_load, OSSL_STORE_eof, OSSL_STORE_error, +OSSL_STORE_close - Types and functions to read objects from a URI + +=head1 SYNOPSIS + + #include + + typedef struct ossl_store_ctx_st OSSL_STORE_CTX; + + typedef OSSL_STORE_INFO *(*OSSL_STORE_post_process_info_fn)(OSSL_STORE_INFO *, + void *); + + OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method, + void *ui_data, + OSSL_STORE_post_process_info_fn post_process, + void *post_process_data); + int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ... /* args */); + OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx); + int OSSL_STORE_eof(OSSL_STORE_CTX *ctx); + int OSSL_STORE_error(OSSL_STORE_CTX *ctx); + int OSSL_STORE_close(OSSL_STORE_CTX *ctx); + +=head1 DESCRIPTION + +These functions help the application to fetch supported objects (see +L for information on which those are) +from a given URI (see L for more information on +the supported URI schemes). +The general method to do so is to "open" the URI using OSSL_STORE_open(), +read each available and supported object using OSSL_STORE_load() as long as +OSSL_STORE_eof() hasn't been reached, and finish it off with OSSL_STORE_close(). + +The retrieved information is stored in a B, which is further +described in L. + +=head2 Types + +B is a context variable that holds all the internal +information for OSSL_STORE_open(), OSSL_STORE_load(), OSSL_STORE_eof() and +OSSL_STORE_close() to work together. + +=head2 Functions + +OSSL_STORE_open() takes a uri or path B, password UI method +B with associated data B, and post processing +callback B with associated data B, +opens a channel to the data located at that URI and returns a +B with all necessary internal information. +The given B and B will be reused by all +functions that use B when interaction is needed. +The given B and B will be reused by +OSSL_STORE_load() to manipulate or drop the value to be returned. +The B function drops values by returning B, which +will cause OSSL_STORE_load() to start its process over with loading +the next object, until B returns something other than +B, or the end of data is reached as indicated by OSSL_STORE_eof(). + +OSSL_STORE_ctrl() takes a B, and command number B and +more arguments not specified here. +The available loader specific command numbers and arguments they each +take depends on the loader that's used and is documented together with +that loader. + +There are also global controls available: + +=over 4 + +=item B + +Controls if the loader should attempt to use secure memory for any +allocated B and its contents. +This control expects one argument, a pointer to an B that is expected to +have the value 1 (yes) or 0 (no). +Any other value is an error. + +=back + +OSSL_STORE_load() takes a B, tries to load the next available +object and return it wrapped with B. + +OSSL_STORE_eof() takes a B and checks if we've reached the end +of data. + +OSSL_STORE_error() takes a B and checks if an error occurred in +the last OSSL_STORE_load() call. +Note that it may still be meaningful to try and load more objects, unless +OSSL_STORE_eof() shows that the end of data has been reached. + +OSSL_STORE_close() takes a B, closes the channel that was opened +by OSSL_STORE_open() and frees all other information that was stored in the +B, as well as the B itself. + +=head1 SUPPORTED SCHEMES + +The basic supported scheme is B. +Any other scheme can be added dynamically, using +OSSL_STORE_register_loader(). + +=head1 NOTES + +A string without a scheme prefix (that is, a non-URI string) is +implicitly interpreted as using the F scheme. + +There are some tools that can be used together with +OSSL_STORE_open() to determine if any failure is caused by an unparsable +URI, or if it's a different error (such as memory allocation +failures); if the URI was parsable but the scheme unregistered, the +top error will have the reason C. + +These functions make no direct assumption regarding the pass phrase received +from the password callback. +The loaders may make assumptions, however. +For example, the B scheme loader inherits the assumptions made by +OpenSSL functionality that handles the different file types; this is mostly +relevant for PKCS#12 objects. +See L for further information. + +=head1 RETURN VALUES + +OSSL_STORE_open() returns a pointer to a B on success, or +B on failure. + +OSSL_STORE_load() returns a pointer to a B on success, or +B on error or when end of data is reached. +Use OSSL_STORE_error() and OSSL_STORE_eof() to determine the meaning of a +returned B. + +OSSL_STORE_eof() returns 1 if the end of data has been reached, otherwise +0. + +OSSL_STORE_error() returns 1 if an error occurred in an OSSL_STORE_load() call, +otherwise 0. + +OSSL_STORE_ctrl() and OSSL_STORE_close() returns 1 on success, or 0 on failure. + +=head1 SEE ALSO + +L, L, L, +L + +=head1 HISTORY + +OSSL_STORE_CTX(), OSSL_STORE_post_process_info_fn(), OSSL_STORE_open(), +OSSL_STORE_ctrl(), OSSL_STORE_load(), OSSL_STORE_eof() and OSSL_STORE_close() +were added to OpenSSL 1.1.1. + +=head1 COPYRIGHT + +Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/crypto/OpenSSL_add_all_algorithms.pod b/deps/openssl/openssl/doc/man3/OpenSSL_add_all_algorithms.pod similarity index 50% rename from deps/openssl/openssl/doc/crypto/OpenSSL_add_all_algorithms.pod rename to deps/openssl/openssl/doc/man3/OpenSSL_add_all_algorithms.pod index aaa28dd6a9374a..0c086d1291d3f6 100644 --- a/deps/openssl/openssl/doc/crypto/OpenSSL_add_all_algorithms.pod +++ b/deps/openssl/openssl/doc/man3/OpenSSL_add_all_algorithms.pod @@ -22,11 +22,7 @@ Deprecated: =head1 DESCRIPTION OpenSSL keeps an internal table of digest algorithms and ciphers. It uses -this table to lookup ciphers via functions such as EVP_get_cipher_byname(). In -OpenSSL versions prior to 1.1.0 these functions initialised and de-initialised -this table. From OpenSSL 1.1.0 they are deprecated. No explicit initialisation -or de-initialisation is required. See L for further -information. +this table to lookup ciphers via functions such as EVP_get_cipher_byname(). OpenSSL_add_all_digests() adds all digest algorithms to the table. @@ -43,44 +39,21 @@ the table. It no longer has any effect in OpenSSL 1.1.0. None of the functions return a value. -=head1 NOTES - -A typical application will call OpenSSL_add_all_algorithms() initially and -EVP_cleanup() before exiting. - -An application does not need to add algorithms to use them explicitly, for example -by EVP_sha1(). It just needs to add them if it (or any of the functions it calls) -needs to lookup algorithms. - -The cipher and digest lookup functions are used in many parts of the library. If -the table is not initialized several functions will misbehave and complain they -cannot find algorithms. This includes the PEM, PKCS#12, SSL and S/MIME libraries. -This is a common query in the OpenSSL mailing lists. - -Calling OpenSSL_add_all_algorithms() links in all algorithms: as a result a -statically linked executable can be quite large. If this is important it is possible -to just add the required ciphers and digests. - -=head1 BUGS - -Although the functions do not return error codes it is possible for them to fail. -This will only happen as a result of a memory allocation failure so this is not -too much of a problem in practice. - =head1 SEE ALSO -L, L, +L, L, L =head1 HISTORY The OpenSSL_add_all_algorithms(), OpenSSL_add_all_ciphers(), OpenSSL_add_all_digests(), and EVP_cleanup(), functions -were deprecated in OpenSSL 1.1.0 by OPENSSL_init_crypto(). +were deprecated in OpenSSL 1.1.0 by OPENSSL_init_crypto() and should +not be used. =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/PEM_bytes_read_bio.pod b/deps/openssl/openssl/doc/man3/PEM_bytes_read_bio.pod new file mode 100644 index 00000000000000..3a5bfee9969f82 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/PEM_bytes_read_bio.pod @@ -0,0 +1,86 @@ +=pod + +=head1 NAME + +PEM_bytes_read_bio, PEM_bytes_read_bio_secmem - read a PEM-encoded data structure from a BIO + +=head1 SYNOPSIS + + #include + + int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, + const char *name, BIO *bp, pem_password_cb *cb, + void *u); + int PEM_bytes_read_bio_secmem(unsigned char **pdata, long *plen, char **pnm, + const char *name, BIO *bp, pem_password_cb *cb, + void *u); + +=head1 DESCRIPTION + +PEM_bytes_read_bio() reads PEM-formatted (RFC 1421) data from the BIO +I for the data type given in I (RSA PRIVATE KEY, CERTIFICATE, +etc.). If multiple PEM-encoded data structures are present in the same +stream, PEM_bytes_read_bio() will skip non-matching data types and +continue reading. Non-PEM data present in the stream may cause an +error. + +The PEM header may indicate that the following data is encrypted; if so, +the data will be decrypted, waiting on user input to supply a passphrase +if needed. The password callback I and rock I are used to obtain +the decryption passphrase, if applicable. + +Some data types have compatibility aliases, such as a file containing +X509 CERTIFICATE matching a request for the deprecated type CERTIFICATE. +The actual type indicated by the file is returned in I<*pnm> if I is +non-NULL. The caller must free the storage pointed to by I<*pnm>. + +The returned data is the DER-encoded form of the requested type, in +I<*pdata> with length I<*plen>. The caller must free the storage pointed +to by I<*pdata>. + +PEM_bytes_read_bio_secmem() is similar to PEM_bytes_read_bio(), but uses +memory from the secure heap for its temporary buffers and the storage +returned in I<*pdata> and I<*pnm>. Accordingly, the caller must use +OPENSSL_secure_free() to free that storage. + +=head1 NOTES + +PEM_bytes_read_bio_secmem() only enforces that the secure heap is used for +storage allocated within the PEM processing stack. The BIO stack from +which input is read may also use temporary buffers, which are not necessarily +allocated from the secure heap. In cases where it is desirable to ensure +that the contents of the PEM file only appears in memory from the secure heap, +care is needed in generating the BIO passed as I. In particular, the +use of BIO_s_file() indicates the use of the operating system stdio +functionality, which includes buffering as a feature; BIO_s_fd() is likely +to be more appropriate in such cases. + +These functions make no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence. + +=head1 RETURN VALUES + +PEM_bytes_read_bio() and PEM_bytes_read_bio_secmem() return 1 for success or +0 for failure. + +=head1 SEE ALSO + +L, +L, +L + +=head1 HISTORY + +PEM_bytes_read_bio_secmem() was introduced in OpenSSL 1.1.1 + +=head1 COPYRIGHT + +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/crypto/PEM_read.pod b/deps/openssl/openssl/doc/man3/PEM_read.pod similarity index 95% rename from deps/openssl/openssl/doc/crypto/PEM_read.pod rename to deps/openssl/openssl/doc/man3/PEM_read.pod index 66cbc7d2433cc1..3c777b5470aa26 100644 --- a/deps/openssl/openssl/doc/crypto/PEM_read.pod +++ b/deps/openssl/openssl/doc/man3/PEM_read.pod @@ -110,14 +110,19 @@ Instead, private keys should be stored in PKCS#8 form, with a strong PKCS#5 v2.0 PBE. See L and L. +PEM_do_header() makes no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence. + =head1 SEE ALSO L, L, -L. +L, +L =head1 COPYRIGHT -Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/PEM_read_CMS.pod b/deps/openssl/openssl/doc/man3/PEM_read_CMS.pod similarity index 90% rename from deps/openssl/openssl/doc/crypto/PEM_read_CMS.pod rename to deps/openssl/openssl/doc/man3/PEM_read_CMS.pod index 649c8089a9f7c1..e5f0803d7f0ede 100644 --- a/deps/openssl/openssl/doc/crypto/PEM_read_CMS.pod +++ b/deps/openssl/openssl/doc/man3/PEM_read_CMS.pod @@ -38,10 +38,10 @@ PEM_write_SSL_SESSION, PEM_write_bio_SSL_SESSION - PEM object encoding routines -=for comment generic - =head1 SYNOPSIS +=for comment generic + #include DECLARE_PEM_rw(name, TYPE) @@ -73,6 +73,12 @@ PEM_write_TYPE() writes the PEM encoding of the object B to the file B. PEM_write_bio_TYPE() similarly writes to the BIO B. +=head1 NOTES + +These functions make no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence. + =head1 RETURN VALUES PEM_read_TYPE() and PEM_read_bio_TYPE() return a pointer to an allocated @@ -83,11 +89,12 @@ or zero on error. =head1 SEE ALSO -L +L, +L =head1 COPYRIGHT -Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/PEM_read_bio_PrivateKey.pod b/deps/openssl/openssl/doc/man3/PEM_read_bio_PrivateKey.pod similarity index 95% rename from deps/openssl/openssl/doc/crypto/PEM_read_bio_PrivateKey.pod rename to deps/openssl/openssl/doc/man3/PEM_read_bio_PrivateKey.pod index b0ba62a3b367a2..744a46f81ed936 100644 --- a/deps/openssl/openssl/doc/crypto/PEM_read_bio_PrivateKey.pod +++ b/deps/openssl/openssl/doc/man3/PEM_read_bio_PrivateKey.pod @@ -161,17 +161,18 @@ For more details about the meaning of arguments see the B section. Each operation has four functions associated with it. For -clarity the term "B functions" will be used to collectively -refer to the PEM_read_bio_foobar(), PEM_read_foobar(), -PEM_write_bio_foobar() and PEM_write_foobar() functions. +brevity the term "B functions" will be used below to collectively +refer to the PEM_read_bio_TYPE(), PEM_read_TYPE(), +PEM_write_bio_TYPE(), and PEM_write_TYPE() functions. The B functions read or write a private key in PEM format using an EVP_PKEY structure. The write routines use PKCS#8 private key format and are equivalent to PEM_write_bio_PKCS8PrivateKey().The read functions transparently handle traditional and PKCS#8 format encrypted and unencrypted keys. -PEM_write_bio_PrivateKey_traditional() writes out a private key in legacy -"traditional" format. +PEM_write_bio_PrivateKey_traditional() writes out a private key in the +"traditional" format with a simple private key marker and should only +be used for compatibility with legacy programs. PEM_write_bio_PKCS8PrivateKey() and PEM_write_PKCS8PrivateKey() write a private key in an EVP_PKEY structure in PKCS#8 EncryptedPrivateKeyInfo format using @@ -305,44 +306,41 @@ most of them are set to 0 or NULL. Read a certificate in PEM format from a BIO: X509 *x; + x = PEM_read_bio_X509(bp, NULL, 0, NULL); - if (x == NULL) { + if (x == NULL) /* Error */ - } Alternative method: X509 *x = NULL; - if (!PEM_read_bio_X509(bp, &x, 0, NULL)) { + + if (!PEM_read_bio_X509(bp, &x, 0, NULL)) /* Error */ - } Write a certificate to a BIO: - if (!PEM_write_bio_X509(bp, x)) { + if (!PEM_write_bio_X509(bp, x)) /* Error */ - } Write a private key (using traditional format) to a BIO using triple DES encryption, the pass phrase is prompted for: - if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL)) { + if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL)) /* Error */ - } Write a private key (using PKCS#8 format) to a BIO using triple DES encryption, using the pass phrase "hello": - if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, "hello")) { + if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(), + NULL, 0, 0, "hello")) /* Error */ - } Read a private key from a BIO using a pass phrase callback: key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key"); - if (key == NULL) { + if (key == NULL) /* Error */ - } Skeleton pass phrase callback: @@ -381,11 +379,16 @@ A frequent cause of problems is attempting to use the PEM routines like this: X509 *x; + PEM_read_bio_X509(bp, &x, 0, NULL); this is a bug because an attempt will be made to reuse the data at B which is an uninitialised pointer. +These functions make no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence. + =head1 PEM ENCRYPTION FORMAT These old B routines use a non standard technique for encryption. @@ -431,9 +434,8 @@ The pseudo code to derive the key would look similar to: memcpy(iv, HexToBin("3F17F5316E2BAC89"), niv); rc = EVP_BytesToKey(cipher, md, iv /*salt*/, pword, plen, 1, key, NULL /*iv*/); - if (rc != nkey) { + if (rc != nkey) /* Error */ - } /* On success, use key and iv to initialize the cipher */ @@ -451,7 +453,7 @@ where B already contains a valid certificate, may not work, whereas: is guaranteed to work. -=head1 RETURN CODES +=head1 RETURN VALUES The read routines return either a pointer to the structure read or NULL if an error occurred. @@ -461,12 +463,13 @@ The write routines return 1 for success or 0 for failure. =head1 HISTORY The old Netscape certificate sequences were no longer documented -in OpenSSL 1.1; applications should use the PKCS7 standard instead +in OpenSSL 1.1.0; applications should use the PKCS7 standard instead as they will be formally deprecated in a future releases. =head1 SEE ALSO -L, L +L, L, +L =head1 COPYRIGHT diff --git a/deps/openssl/openssl/doc/man3/PEM_read_bio_ex.pod b/deps/openssl/openssl/doc/man3/PEM_read_bio_ex.pod new file mode 100644 index 00000000000000..e171bff2453a6a --- /dev/null +++ b/deps/openssl/openssl/doc/man3/PEM_read_bio_ex.pod @@ -0,0 +1,70 @@ +=pod + +=head1 NAME + +PEM_read_bio_ex, PEM_FLAG_SECURE, PEM_FLAG_EAY_COMPATIBLE, +PEM_FLAG_ONLY_B64 - read PEM format files with custom processing + +=head1 SYNOPSIS + + #include + + #define PEM_FLAG_SECURE 0x1 + #define PEM_FLAG_EAY_COMPATIBLE 0x2 + #define PEM_FLAG_ONLY_B64 0x4 + int PEM_read_bio_ex(BIO *in, char **name, char **header, + unsigned char **data, long *len, unsigned int flags); + +=head1 DESCRIPTION + +PEM_read_bio_ex() reads in PEM formatted data from an input BIO, outputting +the name of the type of contained data, the header information regarding +the possibly encrypted data, and the binary data payload (after base64 decoding). +It should generally only be used to implement PEM_read_bio_-family functions +for specific data types or other usage, but is exposed to allow greater flexibility +over how processing is performed, if needed. + +If PEM_FLAG_SECURE is set, the intermediate buffers used to read in lines of +input are allocated from the secure heap. + +If PEM_FLAG_EAY_COMPATIBLE is set, a simple algorithm is used to remove whitespace +and control characters from the end of each line, so as to be compatible with +the historical behavior of PEM_read_bio(). + +If PEM_FLAG_ONLY_B64 is set, all characters are required to be valid base64 +characters (or newlines); non-base64 characters are treated as end of input. + +If neither PEM_FLAG_EAY_COMPATIBLE or PEM_FLAG_ONLY_B64 is set, control characters +are ignored. + +If both PEM_FLAG_EAY_COMPATIBLE and PEM_FLAG_ONLY_B64 are set, an error is returned; +these options are not compatible with each other. + +=head1 NOTES + +The caller must release the storage allocated for *name, *header, and *data. +If PEM_FLAG_SECURE was set, use OPENSSL_secure_free(); otherwise, +OPENSSL_free() is used. + +=head1 RETURN VALUES + +PEM_read_bio_ex() returns 1 for success or 0 for failure. + +=head1 SEE ALSO + +L + +=head1 HISTORY + +PEM_read_bio_ex() was added in OpenSSL 1.1.1. + +=head1 COPYRIGHT + +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/crypto/PEM_write_bio_CMS_stream.pod b/deps/openssl/openssl/doc/man3/PEM_write_bio_CMS_stream.pod similarity index 100% rename from deps/openssl/openssl/doc/crypto/PEM_write_bio_CMS_stream.pod rename to deps/openssl/openssl/doc/man3/PEM_write_bio_CMS_stream.pod diff --git a/deps/openssl/openssl/doc/crypto/PEM_write_bio_PKCS7_stream.pod b/deps/openssl/openssl/doc/man3/PEM_write_bio_PKCS7_stream.pod similarity index 100% rename from deps/openssl/openssl/doc/crypto/PEM_write_bio_PKCS7_stream.pod rename to deps/openssl/openssl/doc/man3/PEM_write_bio_PKCS7_stream.pod diff --git a/deps/openssl/openssl/doc/crypto/PKCS12_create.pod b/deps/openssl/openssl/doc/man3/PKCS12_create.pod similarity index 85% rename from deps/openssl/openssl/doc/crypto/PKCS12_create.pod rename to deps/openssl/openssl/doc/man3/PKCS12_create.pod index 0a43b96c318fee..1587ea53e37df9 100644 --- a/deps/openssl/openssl/doc/crypto/PKCS12_create.pod +++ b/deps/openssl/openssl/doc/man3/PKCS12_create.pod @@ -22,7 +22,8 @@ the structure and B its corresponding certificates. B, if not B is an optional set of certificates to also include in the structure. B and B are the encryption algorithms that should be used -for the key and certificate respectively. B is the encryption algorithm +for the key and certificate respectively. The modes +GCM, CCM, XTS, and OCB are unsupported. B is the encryption algorithm iteration count to use and B is the MAC iteration count to use. B is the type of key. @@ -60,13 +61,22 @@ should be used. B can be set to -1 and the MAC will then be omitted entirely. +PKCS12_create() makes assumptions regarding the encoding of the given pass +phrase. +See L for more information. + +=head1 RETURN VALUES + +PKCS12_create() returns a valid B structure or NULL if an error occurred. + =head1 SEE ALSO -L +L, +L =head1 COPYRIGHT -Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/PKCS12_newpass.pod b/deps/openssl/openssl/doc/man3/PKCS12_newpass.pod similarity index 67% rename from deps/openssl/openssl/doc/crypto/PKCS12_newpass.pod rename to deps/openssl/openssl/doc/man3/PKCS12_newpass.pod index 6b22fd72804214..1c34ee54491e8d 100644 --- a/deps/openssl/openssl/doc/crypto/PKCS12_newpass.pod +++ b/deps/openssl/openssl/doc/man3/PKCS12_newpass.pod @@ -47,38 +47,39 @@ the result to a new file. int main(int argc, char **argv) { - FILE *fp; - PKCS12 *p12; - if (argc != 5) { - fprintf(stderr, "Usage: pkread p12file password newpass opfile\n"); - return 1; - } - if ((fp = fopen(argv[1], "rb")) == NULL) { - fprintf(stderr, "Error opening file %s\n", argv[1]); - return 1; - } - p12 = d2i_PKCS12_fp(fp, NULL); - fclose(fp); - if (p12 == NULL) { - fprintf(stderr, "Error reading PKCS#12 file\n"); - ERR_print_errors_fp(stderr); - return 1; - } - if (PKCS12_newpass(p12, argv[2], argv[3]) == 0) { - fprintf(stderr, "Error changing password\n"); - ERR_print_errors_fp(stderr); - PKCS12_free(p12); - return 1; - } - if ((fp = fopen(argv[4], "wb")) == NULL) { - fprintf(stderr, "Error opening file %s\n", argv[4]); - PKCS12_free(p12); - return 1; - } - i2d_PKCS12_fp(fp, p12); - PKCS12_free(p12); - fclose(fp); - return 0; + FILE *fp; + PKCS12 *p12; + + if (argc != 5) { + fprintf(stderr, "Usage: pkread p12file password newpass opfile\n"); + return 1; + } + if ((fp = fopen(argv[1], "rb")) == NULL) { + fprintf(stderr, "Error opening file %s\n", argv[1]); + return 1; + } + p12 = d2i_PKCS12_fp(fp, NULL); + fclose(fp); + if (p12 == NULL) { + fprintf(stderr, "Error reading PKCS#12 file\n"); + ERR_print_errors_fp(stderr); + return 1; + } + if (PKCS12_newpass(p12, argv[2], argv[3]) == 0) { + fprintf(stderr, "Error changing password\n"); + ERR_print_errors_fp(stderr); + PKCS12_free(p12); + return 1; + } + if ((fp = fopen(argv[4], "wb")) == NULL) { + fprintf(stderr, "Error opening file %s\n", argv[4]); + PKCS12_free(p12); + return 1; + } + i2d_PKCS12_fp(fp, p12); + PKCS12_free(p12); + fclose(fp); + return 0; } @@ -101,11 +102,12 @@ this function. =head1 SEE ALSO -L, L +L, L, +L =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/PKCS12_parse.pod b/deps/openssl/openssl/doc/man3/PKCS12_parse.pod similarity index 95% rename from deps/openssl/openssl/doc/crypto/PKCS12_parse.pod rename to deps/openssl/openssl/doc/man3/PKCS12_parse.pod index c03c371a6e8809..747a36f5ed0488 100644 --- a/deps/openssl/openssl/doc/crypto/PKCS12_parse.pod +++ b/deps/openssl/openssl/doc/man3/PKCS12_parse.pod @@ -57,11 +57,12 @@ Attributes currently cannot be stored in the private key B structure. =head1 SEE ALSO -L +L, +L =head1 COPYRIGHT -Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/PKCS5_PBKDF2_HMAC.pod b/deps/openssl/openssl/doc/man3/PKCS5_PBKDF2_HMAC.pod similarity index 83% rename from deps/openssl/openssl/doc/crypto/PKCS5_PBKDF2_HMAC.pod rename to deps/openssl/openssl/doc/man3/PKCS5_PBKDF2_HMAC.pod index 5cc2caa5fbf426..455bf4b4649e7d 100644 --- a/deps/openssl/openssl/doc/crypto/PKCS5_PBKDF2_HMAC.pod +++ b/deps/openssl/openssl/doc/man3/PKCS5_PBKDF2_HMAC.pod @@ -13,9 +13,9 @@ PKCS5_PBKDF2_HMAC, PKCS5_PBKDF2_HMAC_SHA1 - password based derivation routines w const EVP_MD *digest, int keylen, unsigned char *out); -int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, - const unsigned char *salt, int saltlen, int iter, - int keylen, unsigned char *out); + int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, + const unsigned char *salt, int saltlen, int iter, + int keylen, unsigned char *out); =head1 DESCRIPTION @@ -52,18 +52,22 @@ Increasing the B parameter slows down the algorithm which makes it harder for an attacker to perform a brute force attack using a large number of candidate passwords. +These functions make no assumption regarding the given password. +It will simply be treated as a byte sequence. + =head1 RETURN VALUES PKCS5_PBKDF2_HMAC() and PBKCS5_PBKDF2_HMAC_SHA1() return 1 on success or 0 on error. =head1 SEE ALSO -L, L, -L +L, L, +L, +L =head1 COPYRIGHT -Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/PKCS7_decrypt.pod b/deps/openssl/openssl/doc/man3/PKCS7_decrypt.pod similarity index 100% rename from deps/openssl/openssl/doc/crypto/PKCS7_decrypt.pod rename to deps/openssl/openssl/doc/man3/PKCS7_decrypt.pod diff --git a/deps/openssl/openssl/doc/crypto/PKCS7_encrypt.pod b/deps/openssl/openssl/doc/man3/PKCS7_encrypt.pod similarity index 98% rename from deps/openssl/openssl/doc/crypto/PKCS7_encrypt.pod rename to deps/openssl/openssl/doc/man3/PKCS7_encrypt.pod index 4e1afc916feb25..9895a1f73b6024 100644 --- a/deps/openssl/openssl/doc/crypto/PKCS7_encrypt.pod +++ b/deps/openssl/openssl/doc/man3/PKCS7_encrypt.pod @@ -8,7 +8,8 @@ PKCS7_encrypt - create a PKCS#7 envelopedData structure #include - PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, int flags); + PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, + int flags); =head1 DESCRIPTION diff --git a/deps/openssl/openssl/doc/crypto/PKCS7_sign.pod b/deps/openssl/openssl/doc/man3/PKCS7_sign.pod similarity index 98% rename from deps/openssl/openssl/doc/crypto/PKCS7_sign.pod rename to deps/openssl/openssl/doc/man3/PKCS7_sign.pod index f319f664b9b6f1..c1df5f19a0702f 100644 --- a/deps/openssl/openssl/doc/crypto/PKCS7_sign.pod +++ b/deps/openssl/openssl/doc/man3/PKCS7_sign.pod @@ -8,7 +8,8 @@ PKCS7_sign - create a PKCS#7 signedData structure #include - PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, int flags); + PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, + BIO *data, int flags); =head1 DESCRIPTION @@ -65,7 +66,6 @@ way data can be signed in a single pass. If the B flag is set a partial B structure is output to which additional signers and capabilities can be added before finalization. - =head1 NOTES If the flag B is set the returned B structure is B diff --git a/deps/openssl/openssl/doc/crypto/PKCS7_sign_add_signer.pod b/deps/openssl/openssl/doc/man3/PKCS7_sign_add_signer.pod similarity index 97% rename from deps/openssl/openssl/doc/crypto/PKCS7_sign_add_signer.pod rename to deps/openssl/openssl/doc/man3/PKCS7_sign_add_signer.pod index 88fef771b0600c..2bc6c40bd2ea64 100644 --- a/deps/openssl/openssl/doc/crypto/PKCS7_sign_add_signer.pod +++ b/deps/openssl/openssl/doc/man3/PKCS7_sign_add_signer.pod @@ -8,7 +8,8 @@ PKCS7_sign_add_signer - add a signer PKCS7 signed data structure #include - PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, EVP_PKEY *pkey, const EVP_MD *md, int flags); + PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, + EVP_PKEY *pkey, const EVP_MD *md, int flags); =head1 DESCRIPTION diff --git a/deps/openssl/openssl/doc/crypto/PKCS7_verify.pod b/deps/openssl/openssl/doc/man3/PKCS7_verify.pod similarity index 98% rename from deps/openssl/openssl/doc/crypto/PKCS7_verify.pod rename to deps/openssl/openssl/doc/man3/PKCS7_verify.pod index c34808ecedf222..ebcdde0795fbcb 100644 --- a/deps/openssl/openssl/doc/crypto/PKCS7_verify.pod +++ b/deps/openssl/openssl/doc/man3/PKCS7_verify.pod @@ -8,7 +8,8 @@ PKCS7_verify, PKCS7_get0_signers - verify a PKCS#7 signedData structure #include - int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags); + int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, + BIO *indata, BIO *out, int flags); STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags); diff --git a/deps/openssl/openssl/doc/man3/RAND_DRBG_generate.pod b/deps/openssl/openssl/doc/man3/RAND_DRBG_generate.pod new file mode 100644 index 00000000000000..b39ee93f51421b --- /dev/null +++ b/deps/openssl/openssl/doc/man3/RAND_DRBG_generate.pod @@ -0,0 +1,88 @@ +=pod + +=head1 NAME + +RAND_DRBG_generate, +RAND_DRBG_bytes +- generate random bytes using the given drbg instance + +=head1 SYNOPSIS + + #include + + int RAND_DRBG_generate(RAND_DRBG *drbg, + unsigned char *out, size_t outlen, + int prediction_resistance, + const unsigned char *adin, size_t adinlen); + + int RAND_DRBG_bytes(RAND_DRBG *drbg, + unsigned char *out, size_t outlen); + + +=head1 DESCRIPTION + +RAND_DRBG_generate() generates B random bytes using the given +DRBG instance B and stores them in the buffer at B. + +Before generating the output, the DRBG instance checks whether the maximum +number of generate requests (I) or the maximum timespan +(I) since its last seeding have been reached. +If this is the case, the DRBG reseeds automatically. +Additionally, an immediate reseeding can be requested by setting the +B flag to 1. See NOTES section for more details. + +The caller can optionally provide additional data to be used for reseeding +by passing a pointer B to a buffer of length B. +This additional data is mixed into the internal state of the random +generator but does not contribute to the entropy count. +The additional data can be omitted by setting B to NULL and +B to 0; + +RAND_DRBG_bytes() generates B random bytes using the given +DRBG instance B and stores them in the buffer at B. +This function is a wrapper around the RAND_DRBG_generate() call, +which collects some additional data from low entropy sources +(e.g., a high resolution timer) and calls +RAND_DRBG_generate(drbg, out, outlen, 0, adin, adinlen). + + +=head1 RETURN VALUES + +RAND_DRBG_generate() and RAND_DRBG_bytes() return 1 on success, +and 0 on failure. + +=head1 NOTES + +The I and I of the B are set to +reasonable default values, which in general do not have to be adjusted. +If necessary, they can be changed using L +and L, respectively. + +A request for prediction resistance can only be satisfied by pulling fresh +entropy from one of the approved entropy sources listed in section 5.5.2 of +[NIST SP 800-90C]. +Since the default DRBG implementation does not have access to such an approved +entropy source, a request for prediction resistance will always fail. +In other words, prediction resistance is currently not supported yet by the DRBG. + +=head1 HISTORY + +The RAND_DRBG functions were added in OpenSSL 1.1.1. + +=head1 SEE ALSO + +L, +L, +L, +L + +=head1 COPYRIGHT + +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/RAND_DRBG_get0_master.pod b/deps/openssl/openssl/doc/man3/RAND_DRBG_get0_master.pod new file mode 100644 index 00000000000000..c958bf20ec0fd2 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/RAND_DRBG_get0_master.pod @@ -0,0 +1,80 @@ +=pod + +=head1 NAME + +RAND_DRBG_get0_master, +RAND_DRBG_get0_public, +RAND_DRBG_get0_private +- get access to the global RAND_DRBG instances + +=head1 SYNOPSIS + + #include + + RAND_DRBG *RAND_DRBG_get0_master(void); + RAND_DRBG *RAND_DRBG_get0_public(void); + RAND_DRBG *RAND_DRBG_get0_private(void); + + +=head1 DESCRIPTION + +The default RAND API implementation (RAND_OpenSSL()) utilizes three +shared DRBG instances which are accessed via the RAND API: + +The and DRBG are thread-local instances, which are used +by RAND_bytes() and RAND_priv_bytes(), respectively. +The DRBG is a global instance, which is not intended to be used +directly, but is used internally to reseed the other two instances. + +These functions here provide access to the shared DRBG instances. + +=head1 RETURN VALUES + +RAND_DRBG_get0_master() returns a pointer to the DRBG instance. + +RAND_DRBG_get0_public() returns a pointer to the DRBG instance. + +RAND_DRBG_get0_private() returns a pointer to the DRBG instance. + + +=head1 NOTES + +It is not thread-safe to access the DRBG instance. +The and DRBG instance can be accessed safely, because +they are thread-local. Note however, that changes to these two instances +apply only to the current thread. + +For that reason it is recommended not to change the settings of these +three instances directly. +Instead, an application should change the default settings for new DRBG instances +at initialization time, before creating additional threads. + +During initialization, it is possible to change the reseed interval +and reseed time interval. +It is also possible to exchange the reseeding callbacks entirely. + + +=head1 HISTORY + +The RAND_DRBG functions were added in OpenSSL 1.1.1. + +=head1 SEE ALSO + +L, +L, +L, +L, +L, +L, +L + +=head1 COPYRIGHT + +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/RAND_DRBG_new.pod b/deps/openssl/openssl/doc/man3/RAND_DRBG_new.pod new file mode 100644 index 00000000000000..dcd7a944190f3d --- /dev/null +++ b/deps/openssl/openssl/doc/man3/RAND_DRBG_new.pod @@ -0,0 +1,127 @@ +=pod + +=head1 NAME + +RAND_DRBG_new, +RAND_DRBG_secure_new, +RAND_DRBG_set, +RAND_DRBG_set_defaults, +RAND_DRBG_instantiate, +RAND_DRBG_uninstantiate, +RAND_DRBG_free +- initialize and cleanup a RAND_DRBG instance + +=head1 SYNOPSIS + + #include + + + RAND_DRBG *RAND_DRBG_new(int type, + unsigned int flags, + RAND_DRBG *parent); + + RAND_DRBG *RAND_DRBG_secure_new(int type, + unsigned int flags, + RAND_DRBG *parent); + + int RAND_DRBG_set(RAND_DRBG *drbg, + int type, unsigned int flags); + + int RAND_DRBG_set_defaults(int type, unsigned int flags); + + int RAND_DRBG_instantiate(RAND_DRBG *drbg, + const unsigned char *pers, size_t perslen); + + int RAND_DRBG_uninstantiate(RAND_DRBG *drbg); + + void RAND_DRBG_free(RAND_DRBG *drbg); + + +=head1 DESCRIPTION + +RAND_DRBG_new() and RAND_DRBG_secure_new() +create a new DRBG instance of the given B, allocated from the heap resp. +the secure heap +(using OPENSSL_zalloc() resp. OPENSSL_secure_zalloc()). + +RAND_DRBG_set() initializes the B with the given B and B. + +RAND_DRBG_set_defaults() sets the default B and B for new DRBG +instances. + +Currently, all DRBG types are based on AES-CTR, so B can be one of the +following values: NID_aes_128_ctr, NID_aes_192_ctr, NID_aes_256_ctr. +Before the DRBG can be used to generate random bits, it is necessary to set +its type and to instantiate it. + +The optional B argument specifies a set of bit flags which can be +joined using the | operator. Currently, the only flag is +RAND_DRBG_FLAG_CTR_NO_DF, which disables the use of a the derivation function +ctr_df. For an explanation, see [NIST SP 800-90A Rev. 1]. + +If a B instance is specified then this will be used instead of +the default entropy source for reseeding the B. It is said that the +B is I to its B. +For more information, see the NOTES section. + + +RAND_DRBG_instantiate() +seeds the B instance using random input from trusted entropy sources. +Optionally, a personalization string B of length B can be +specified. +To omit the personalization string, set B=NULL and B=0; + +RAND_DRBG_uninstantiate() +clears the internal state of the B and puts it back in the +uninstantiated state. + +=head1 RETURN VALUES + + +RAND_DRBG_new() and RAND_DRBG_secure_new() return a pointer to a DRBG +instance allocated on the heap, resp. secure heap. + +RAND_DRBG_set(), +RAND_DRBG_instantiate(), and +RAND_DRBG_uninstantiate() +return 1 on success, and 0 on failure. + +RAND_DRBG_free() does not return a value. + +=head1 NOTES + +The DRBG design supports I, which means that a DRBG instance can +use another B DRBG instance instead of the default entropy source +to obtain fresh random input for reseeding, provided that B DRBG +instance was properly instantiated, either from a trusted entropy source, +or from yet another parent DRBG instance. +For a detailed description of the reseeding process, see L. + +The default DRBG type and flags are applied only during creation of a DRBG +instance. +To ensure that they are applied to the global and thread-local DRBG instances +(, resp. and ), it is necessary to call +RAND_DRBG_set_defaults() before creating any thread and before calling any +cryptographic routines that obtain random data directly or indirectly. + +=head1 HISTORY + +The RAND_DRBG functions were added in OpenSSL 1.1.1. + +=head1 SEE ALSO + +L, +L, +L, +L + +=head1 COPYRIGHT + +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/RAND_DRBG_reseed.pod b/deps/openssl/openssl/doc/man3/RAND_DRBG_reseed.pod new file mode 100644 index 00000000000000..da3a40be442486 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/RAND_DRBG_reseed.pod @@ -0,0 +1,111 @@ +=pod + +=head1 NAME + +RAND_DRBG_reseed, +RAND_DRBG_set_reseed_interval, +RAND_DRBG_set_reseed_time_interval, +RAND_DRBG_set_reseed_defaults +- reseed a RAND_DRBG instance + +=head1 SYNOPSIS + + #include + + int RAND_DRBG_reseed(RAND_DRBG *drbg, + const unsigned char *adin, size_t adinlen); + + int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg, + unsigned int interval); + + int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, + time_t interval); + + int RAND_DRBG_set_reseed_defaults( + unsigned int master_reseed_interval, + unsigned int slave_reseed_interval, + time_t master_reseed_time_interval, + time_t slave_reseed_time_interval + ); + + +=head1 DESCRIPTION + +RAND_DRBG_reseed() +reseeds the given B, obtaining entropy input from its entropy source +and mixing in the specified additional data provided in the buffer B +of length B. +The additional data can be omitted by setting B to NULL and B +to 0. + +RAND_DRBG_set_reseed_interval() +sets the reseed interval of the B, which is the maximum allowed number +of generate requests between consecutive reseedings. +If B > 0, then the B will reseed automatically whenever the +number of generate requests since its last seeding exceeds the given reseed +interval. +If B == 0, then this feature is disabled. + + +RAND_DRBG_set_reseed_time_interval() +sets the reseed time interval of the B, which is the maximum allowed +number of seconds between consecutive reseedings. +If B > 0, then the B will reseed automatically whenever the +elapsed time since its last reseeding exceeds the given reseed time interval. +If B == 0, then this feature is disabled. + +RAND_DRBG_set_reseed_defaults() sets the default values for the reseed interval +(B and B) +and the reseed time interval +(B and B) +of DRBG instances. +The default values are set independently for master DRBG instances (which don't +have a parent) and slave DRBG instances (which are chained to a parent DRBG). + +=head1 RETURN VALUES + +RAND_DRBG_reseed(), +RAND_DRBG_set_reseed_interval(), and +RAND_DRBG_set_reseed_time_interval(), +return 1 on success, 0 on failure. + + +=head1 NOTES + +The default OpenSSL random generator is already set up for automatic reseeding, +so in general it is not necessary to reseed it explicitly, or to modify +its reseeding thresholds. + +Normally, the entropy input for seeding a DRBG is either obtained from a +trusted os entropy source or from a parent DRBG instance, which was seeded +(directly or indirectly) from a trusted os entropy source. +In exceptional cases it is possible to replace the reseeding mechanism entirely +by providing application defined callbacks using RAND_DRBG_set_callbacks(). + +The reseeding default values are applied only during creation of a DRBG instance. +To ensure that they are applied to the global and thread-local DRBG instances +(, resp. and ), it is necessary to call +RAND_DRBG_set_reseed_defaults() before creating any thread and before calling any + cryptographic routines that obtain random data directly or indirectly. + +=head1 HISTORY + +The RAND_DRBG functions were added in OpenSSL 1.1.1. + +=head1 SEE ALSO + +L, +L, +L. +L + +=head1 COPYRIGHT + +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/RAND_DRBG_set_callbacks.pod b/deps/openssl/openssl/doc/man3/RAND_DRBG_set_callbacks.pod new file mode 100644 index 00000000000000..a927d6a7dacc90 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/RAND_DRBG_set_callbacks.pod @@ -0,0 +1,147 @@ +=pod + +=head1 NAME + +RAND_DRBG_set_callbacks, +RAND_DRBG_get_entropy_fn, +RAND_DRBG_cleanup_entropy_fn, +RAND_DRBG_get_nonce_fn, +RAND_DRBG_cleanup_nonce_fn +- set callbacks for reseeding + +=head1 SYNOPSIS + + #include + + + int RAND_DRBG_set_callbacks(RAND_DRBG *drbg, + RAND_DRBG_get_entropy_fn get_entropy, + RAND_DRBG_cleanup_entropy_fn cleanup_entropy, + RAND_DRBG_get_nonce_fn get_nonce, + RAND_DRBG_cleanup_nonce_fn cleanup_nonce); + + +=head2 Callback Functions + + typedef size_t (*RAND_DRBG_get_entropy_fn)( + RAND_DRBG *drbg, + unsigned char **pout, + int entropy, + size_t min_len, size_t max_len, + int prediction_resistance); + + typedef void (*RAND_DRBG_cleanup_entropy_fn)( + RAND_DRBG *drbg, + unsigned char *out, size_t outlen); + + typedef size_t (*RAND_DRBG_get_nonce_fn)( + RAND_DRBG *drbg, + unsigned char **pout, + int entropy, + size_t min_len, size_t max_len); + + typedef void (*RAND_DRBG_cleanup_nonce_fn)( + RAND_DRBG *drbg, + unsigned char *out, size_t outlen); + + + +=head1 DESCRIPTION + +RAND_DRBG_set_callbacks() sets the callbacks for obtaining fresh entropy and +the nonce when reseeding the given B. +The callback functions are implemented and provided by the caller. +Their parameter lists need to match the function prototypes above. + +Setting the callbacks is allowed only if the DRBG has not been initialized yet. +Otherwise, the operation will fail. +To change the settings for one of the three shared DRBGs it is necessary to call +RAND_DRBG_uninstantiate() first. + +The B() callback is called by the B when it requests fresh +random input. +It is expected that the callback allocates and fills a random buffer of size +B <= size <= B (in bytes) which contains at least B +bits of randomness. +The B flag indicates whether the reseeding was +triggered by a prediction resistance request. + +The buffer's address is to be returned in *B and the number of collected +randomness bytes as return value. + +If the callback fails to acquire at least B bits of randomness, +it must indicate an error by returning a buffer length of 0. + +If B was requested and the random source of the DRBG +does not satisfy the conditions requested by [NIST SP 800-90C], then +it must also indicate an error by returning a buffer length of 0. +See NOTES section for more details. + +The B() callback is called from the B to to clear and +free the buffer allocated previously by get_entropy(). +The values B and B are the random buffer's address and length, +as returned by the get_entropy() callback. + +The B() and B() callbacks are used to obtain a nonce +and free it again. A nonce is only required for instantiation (not for reseeding) +and only in the case where the DRBG uses a derivation function. +The callbacks are analogous to get_entropy() and cleanup_entropy(), +except for the missing prediction_resistance flag. + +If the derivation function is disabled, then no nonce is used for instantiation, +and the B() and B() callbacks can be omitted by +setting them to NULL. + + +=head1 RETURN VALUES + +RAND_DRBG_set_callbacks() return 1 on success, and 0 on failure + +=head1 NOTES + +It is important that B() and B() clear the buffer +contents safely before freeing it, in order not to leave sensitive information +about the DRBG's state in memory. + +A request for prediction resistance can only be satisfied by pulling fresh +entropy from one of the approved entropy sources listed in section 5.5.2 of +[NIST SP 800-90C]. +Since the default implementation of the get_entropy callback does not have access +to such an approved entropy source, a request for prediction resistance will +always fail. +In other words, prediction resistance is currently not supported yet by the DRBG. + +The derivation function is disabled during initialization by calling the +RAND_DRBG_set() function with the RAND_DRBG_FLAG_CTR_NO_DF flag. +For more information on the derivation function and when it can be omitted, +see [NIST SP 800-90A Rev. 1]. Roughly speeking it can be omitted if the random +source has "full entropy", i.e., contains 8 bits of entropy per byte. + +Even if a nonce is required, the B() and B() +callbacks can be omitted by setting them to NULL. +In this case the DRBG will automatically request an extra amount of entropy +(using the B() and B() callbacks) which it will +utilize for the nonce, following the recommendations of [NIST SP 800-90A Rev. 1], +section 8.6.7. + + +=head1 HISTORY + +The RAND_DRBG functions were added in OpenSSL 1.1.1. + +=head1 SEE ALSO + +L, +L, +L + +=head1 COPYRIGHT + +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/RAND_DRBG_set_ex_data.pod b/deps/openssl/openssl/doc/man3/RAND_DRBG_set_ex_data.pod new file mode 100644 index 00000000000000..22b7332571dde5 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/RAND_DRBG_set_ex_data.pod @@ -0,0 +1,68 @@ +=pod + +=head1 NAME + +RAND_DRBG_set_ex_data, +RAND_DRBG_get_ex_data, +RAND_DRBG_get_ex_new_index +- store and retrieve extra data from the DRBG instance + +=head1 SYNOPSIS + + #include + + int RAND_DRBG_set_ex_data(RAND_DRBG *drbg, int idx, void *data); + + void *RAND_DRBG_get_ex_data(const RAND_DRBG *drbg, int idx); + + int RAND_DRBG_get_ex_new_index(long argl, void *argp, + CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func); + + + +=head1 DESCRIPTION + +RAND_DRBG_set_ex_data() enables an application to store arbitrary application +specific data B in a RAND_DRBG instance B. The index B should +be a value previously returned from a call to RAND_DRBG_get_ex_new_index(). + +RAND_DRBG_get_ex_data() retrieves application specific data previously stored +in an RAND_DRBG instance B. The B value should be the same as that +used when originally storing the data. + +For more detailed information see L and +L which implement these functions and +L for generating a unique index. + +=head1 RETURN VALUES + +RAND_DRBG_set_ex_data() returns 1 for success or 0 for failure. + +RAND_DRBG_get_ex_data() returns the previously stored value or NULL on +failure. NULL may also be a valid value. + + +=head1 NOTES + +RAND_DRBG_get_ex_new_index(...) is implemented as a macro and equivalent to +CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DRBG,...). + +=head1 SEE ALSO + +L, +L, +L, +L + +=head1 COPYRIGHT + +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/RAND_add.pod b/deps/openssl/openssl/doc/man3/RAND_add.pod new file mode 100644 index 00000000000000..b6753fd2ed0b1b --- /dev/null +++ b/deps/openssl/openssl/doc/man3/RAND_add.pod @@ -0,0 +1,104 @@ +=pod + +=head1 NAME + +RAND_add, RAND_poll, RAND_seed, RAND_status, RAND_event, RAND_screen, +RAND_keep_random_devices_open +- add randomness to the PRNG or get its status + +=head1 SYNOPSIS + + #include + + int RAND_status(void); + int RAND_poll(); + + void RAND_add(const void *buf, int num, double randomness); + void RAND_seed(const void *buf, int num); + + void RAND_keep_random_devices_open(int keep); + +Deprecated: + + #if OPENSSL_API_COMPAT < 0x10100000L + int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam); + void RAND_screen(void); + #endif + +=head1 DESCRIPTION + +These functions can be used to seed the random generator and to check its +seeded state. +In general, manual (re-)seeding of the default OpenSSL random generator +(L) is not necessary (but allowed), since it does (re-)seed +itself automatically using trusted system entropy sources. +This holds unless the default RAND_METHOD has been replaced or OpenSSL was +built with automatic reseeding disabled, see L for more details. + +RAND_status() indicates whether or not the random generator has been sufficiently +seeded. If not, functions such as L will fail. + +RAND_poll() uses the system's capabilities to seed the random generator using +random input obtained from polling various trusted entropy sources. +The default choice of the entropy source can be modified at build time, +see L for more details. + +RAND_add() mixes the B bytes at B into the internal state +of the random generator. +This function will not normally be needed, as mentioned above. +The B argument is an estimate of how much randomness is +contained in +B, in bytes, and should be a number between zero and B. +Details about sources of randomness and how to estimate their randomness +can be found in the literature; for example [NIST SP 800-90B]. +The content of B cannot be recovered from subsequent random generator output. +Applications that intend to save and restore random state in an external file +should consider using L instead. + +RAND_seed() is equivalent to RAND_add() with B set to B. + +RAND_keep_random_devices_open() is used to control file descriptor +usage by the random seed sources. Some seed sources maintain open file +descriptors by default, which allows such sources to operate in a +chroot(2) jail without the associated device nodes being available. When +the B argument is zero, this call disables the retention of file +descriptors. Conversely, a non-zero argument enables the retention of +file descriptors. This function is usually called during initialization +and it takes effect immediately. + +RAND_event() and RAND_screen() are equivalent to RAND_poll() and exist +for compatibility reasons only. See HISTORY section below. + +=head1 RETURN VALUES + +RAND_status() returns 1 if the random generator has been seeded +with enough data, 0 otherwise. + +RAND_poll() returns 1 if it generated seed data, 0 otherwise. + +RAND_event() returns RAND_status(). + +The other functions do not return values. + +=head1 HISTORY + +RAND_event() and RAND_screen() were deprecated in OpenSSL 1.1.0 and should +not be used. + +=head1 SEE ALSO + +L, +L, +L, +L + +=head1 COPYRIGHT + +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/RAND_bytes.pod b/deps/openssl/openssl/doc/man3/RAND_bytes.pod new file mode 100644 index 00000000000000..fca1ad6961debc --- /dev/null +++ b/deps/openssl/openssl/doc/man3/RAND_bytes.pod @@ -0,0 +1,78 @@ +=pod + +=head1 NAME + +RAND_bytes, RAND_priv_bytes, RAND_pseudo_bytes - generate random data + +=head1 SYNOPSIS + + #include + + int RAND_bytes(unsigned char *buf, int num); + int RAND_priv_bytes(unsigned char *buf, int num); + +Deprecated: + + #if OPENSSL_API_COMPAT < 0x10100000L + int RAND_pseudo_bytes(unsigned char *buf, int num); + #endif + +=head1 DESCRIPTION + +RAND_bytes() puts B cryptographically strong pseudo-random bytes +into B. + +RAND_priv_bytes() has the same semantics as RAND_bytes(). It is intended to +be used for generating values that should remain private. If using the +default RAND_METHOD, this function uses a separate "private" PRNG +instance so that a compromise of the "public" PRNG instance will not +affect the secrecy of these private values, as described in L +and L. + +=head1 NOTES + +Always check the error return value of RAND_bytes() and +RAND_priv_bytes() and do not take randomness for granted: an error occurs +if the CSPRNG has not been seeded with enough randomness to ensure an +unpredictable byte sequence. + +=head1 RETURN VALUES + +RAND_bytes() and RAND_priv_bytes() +return 1 on success, -1 if not supported by the current +RAND method, or 0 on other failure. The error code can be +obtained by L. + +=head1 HISTORY + +=over 2 + +=item * + +RAND_pseudo_bytes() was deprecated in OpenSSL 1.1.0; use RAND_bytes() instead. + +=item * + +RAND_priv_bytes() was added in OpenSSL 1.1.1. + +=back + +=head1 SEE ALSO + +L, +L, +L, +L, +L, +L + +=head1 COPYRIGHT + +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/crypto/RAND_cleanup.pod b/deps/openssl/openssl/doc/man3/RAND_cleanup.pod similarity index 55% rename from deps/openssl/openssl/doc/crypto/RAND_cleanup.pod rename to deps/openssl/openssl/doc/man3/RAND_cleanup.pod index 2640c7d2c7313c..3859ce343aa8d2 100644 --- a/deps/openssl/openssl/doc/crypto/RAND_cleanup.pod +++ b/deps/openssl/openssl/doc/man3/RAND_cleanup.pod @@ -14,25 +14,27 @@ RAND_cleanup - erase the PRNG state =head1 DESCRIPTION -Prior to OpenSSL 1.1.0 RAND_cleanup() erases the memory used by the PRNG. This -function is deprecated and as of version 1.1.0 does nothing. No explicit -initialisation or de-initialisation is necessary. See L. +Prior to OpenSSL 1.1.0, RAND_cleanup() released all resources used by +the PRNG. As of version 1.1.0, it does nothing and should not be called, +since no explicit initialisation or de-initialisation is necessary. See +L. -=head1 RETURN VALUE +=head1 RETURN VALUES RAND_cleanup() returns no value. -=head1 SEE ALSO +=head1 HISTORY -L +RAND_cleanup() was deprecated in OpenSSL 1.1.0; do not use it. +See L -=head1 HISTORY +=head1 SEE ALSO -RAND_cleanup() was deprecated in OpenSSL 1.1.0. +L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/RAND_egd.pod b/deps/openssl/openssl/doc/man3/RAND_egd.pod new file mode 100644 index 00000000000000..2b975ebd6ac5fb --- /dev/null +++ b/deps/openssl/openssl/doc/man3/RAND_egd.pod @@ -0,0 +1,61 @@ +=pod + +=head1 NAME + +RAND_egd, RAND_egd_bytes, RAND_query_egd_bytes - query entropy gathering daemon + +=head1 SYNOPSIS + + #include + + int RAND_egd_bytes(const char *path, int num); + int RAND_egd(const char *path); + + int RAND_query_egd_bytes(const char *path, unsigned char *buf, int num); + +=head1 DESCRIPTION + +On older platforms without a good source of randomness such as C, +it is possible to query an Entropy Gathering Daemon (EGD) over a local +socket to obtain randomness and seed the OpenSSL RNG. +The protocol used is defined by the EGDs available at +L or L. + +RAND_egd_bytes() requests B bytes of randomness from an EGD at the +specified socket B, and passes the data it receives into RAND_add(). +RAND_egd() is equivalent to RAND_egd_bytes() with B set to 255. + +RAND_query_egd_bytes() requests B bytes of randomness from an EGD at +the specified socket B, where B must be less than 256. +If B is B, it is equivalent to RAND_egd_bytes(). +If B is not B, then the data is copied to the buffer and +RAND_add() is not called. + +OpenSSL can be configured at build time to try to use the EGD for seeding +automatically. + +=head1 RETURN VALUES + +RAND_egd() and RAND_egd_bytes() return the number of bytes read from the +daemon on success, or -1 if the connection failed or the daemon did not +return enough data to fully seed the PRNG. + +RAND_query_egd_bytes() returns the number of bytes read from the daemon on +success, or -1 if the connection failed. + +=head1 SEE ALSO + +L, +L, +L + +=head1 COPYRIGHT + +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/crypto/RAND_load_file.pod b/deps/openssl/openssl/doc/man3/RAND_load_file.pod similarity index 64% rename from deps/openssl/openssl/doc/crypto/RAND_load_file.pod rename to deps/openssl/openssl/doc/man3/RAND_load_file.pod index 1053a925adf032..24f8fdcf4fe8d6 100644 --- a/deps/openssl/openssl/doc/crypto/RAND_load_file.pod +++ b/deps/openssl/openssl/doc/man3/RAND_load_file.pod @@ -8,68 +8,76 @@ RAND_load_file, RAND_write_file, RAND_file_name - PRNG seed file #include - const char *RAND_file_name(char *buf, size_t num); - int RAND_load_file(const char *filename, long max_bytes); int RAND_write_file(const char *filename); + const char *RAND_file_name(char *buf, size_t num); + =head1 DESCRIPTION +RAND_load_file() reads a number of bytes from file B and +adds them to the PRNG. If B is non-negative, +up to B are read; +if B is -1, the complete file is read. +Do not load the same file multiple times unless its contents have +been updated by RAND_write_file() between reads. +Also, note that B should be adequately protected so that an +attacker cannot replace or examine the contents. +If B is not a regular file, then user is considered to be +responsible for any side effects, e.g. non-anticipated blocking or +capture of controlling terminal. + +RAND_write_file() writes a number of random bytes (currently 128) to +file B which can be used to initialize the PRNG by calling +RAND_load_file() in a later session. + RAND_file_name() generates a default path for the random seed file. B points to a buffer of size B in which to store the filename. On all systems, if the environment variable B is set, its value will be used as the seed file name. - -Otherwise, the file is called ".rnd", found in platform dependent locations: +Otherwise, the file is called C<.rnd>, found in platform dependent locations: =over 4 =item On Windows (in order of preference) -%HOME%, %USERPROFILE%, %SYSTEMROOT%, C:\ + %HOME%, %USERPROFILE%, %SYSTEMROOT%, C:\ =item On VMS -SYS$LOGIN: + SYS$LOGIN: =item On all other systems -$HOME + $HOME =back If C<$HOME> (on non-Windows and non-VMS system) is not set either, or B is too small for the path name, an error occurs. -RAND_load_file() reads a number of bytes from file B and -adds them to the PRNG. If B is non-negative, -up to B are read; -if B is -1, the complete file is read. - -RAND_write_file() writes a number of random bytes (currently 1024) to -file B which can be used to initialize the PRNG by calling -RAND_load_file() in a later session. - =head1 RETURN VALUES RAND_load_file() returns the number of bytes read or -1 on error. -RAND_write_file() returns the number of bytes written, and -1 if the -bytes written were generated without appropriate seed. +RAND_write_file() returns the number of bytes written, or -1 if the +bytes written were generated without appropriate seeding. RAND_file_name() returns a pointer to B on success, and NULL on error. =head1 SEE ALSO -L, L, L +L, +L, +L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/RAND_set_rand_method.pod b/deps/openssl/openssl/doc/man3/RAND_set_rand_method.pod new file mode 100644 index 00000000000000..d4b65b91fdfd47 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/RAND_set_rand_method.pod @@ -0,0 +1,69 @@ +=pod + +=head1 NAME + +RAND_set_rand_method, RAND_get_rand_method, RAND_OpenSSL - select RAND method + +=head1 SYNOPSIS + + #include + + RAND_METHOD *RAND_OpenSSL(void); + + void RAND_set_rand_method(const RAND_METHOD *meth); + + const RAND_METHOD *RAND_get_rand_method(void); + +=head1 DESCRIPTION + +A B specifies the functions that OpenSSL uses for random number +generation. + +RAND_OpenSSL() returns the default B implementation by OpenSSL. +This implementation ensures that the PRNG state is unique for each thread. + +If an B is loaded that provides the RAND API, however, it will +be used instead of the method returned by RAND_OpenSSL(). + +RAND_set_rand_method() makes B the method for PRNG use. If an +ENGINE was providing the method, it will be released first. + +RAND_get_rand_method() returns a pointer to the current B. + +=head1 THE RAND_METHOD STRUCTURE + + typedef struct rand_meth_st { + void (*seed)(const void *buf, int num); + int (*bytes)(unsigned char *buf, int num); + void (*cleanup)(void); + void (*add)(const void *buf, int num, int randomness); + int (*pseudorand)(unsigned char *buf, int num); + int (*status)(void); + } RAND_METHOD; + +The fields point to functions that are used by, in order, +RAND_seed(), RAND_bytes(), internal RAND cleanup, RAND_add(), RAND_pseudo_rand() +and RAND_status(). +Each pointer may be NULL if the function is not implemented. + +=head1 RETURN VALUES + +RAND_set_rand_method() returns no value. RAND_get_rand_method() and +RAND_OpenSSL() return pointers to the respective methods. + +=head1 SEE ALSO + +L, +L, +L + +=head1 COPYRIGHT + +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/crypto/RC4_set_key.pod b/deps/openssl/openssl/doc/man3/RC4_set_key.pod similarity index 100% rename from deps/openssl/openssl/doc/crypto/RC4_set_key.pod rename to deps/openssl/openssl/doc/man3/RC4_set_key.pod diff --git a/deps/openssl/openssl/doc/crypto/RIPEMD160_Init.pod b/deps/openssl/openssl/doc/man3/RIPEMD160_Init.pod similarity index 87% rename from deps/openssl/openssl/doc/crypto/RIPEMD160_Init.pod rename to deps/openssl/openssl/doc/man3/RIPEMD160_Init.pod index a372e32ca325f3..77ac4fbc122f0f 100644 --- a/deps/openssl/openssl/doc/crypto/RIPEMD160_Init.pod +++ b/deps/openssl/openssl/doc/man3/RIPEMD160_Init.pod @@ -10,11 +10,10 @@ RIPEMD-160 hash function #include unsigned char *RIPEMD160(const unsigned char *d, unsigned long n, - unsigned char *md); + unsigned char *md); int RIPEMD160_Init(RIPEMD160_CTX *c); - int RIPEMD160_Update(RIPEMD_CTX *c, const void *data, - unsigned long len); + int RIPEMD160_Update(RIPEMD_CTX *c, const void *data, unsigned long len); int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); =head1 DESCRIPTION @@ -54,7 +53,7 @@ functions directly. =head1 CONFORMING TO -ISO/IEC 10118-3 (draft) (??) +ISO/IEC 10118-3:2016 Dedicated Hash-Function 1 (RIPEMD-160). =head1 SEE ALSO @@ -62,7 +61,7 @@ L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/RSA_blinding_on.pod b/deps/openssl/openssl/doc/man3/RSA_blinding_on.pod similarity index 100% rename from deps/openssl/openssl/doc/crypto/RSA_blinding_on.pod rename to deps/openssl/openssl/doc/man3/RSA_blinding_on.pod diff --git a/deps/openssl/openssl/doc/crypto/RSA_check_key.pod b/deps/openssl/openssl/doc/man3/RSA_check_key.pod similarity index 96% rename from deps/openssl/openssl/doc/crypto/RSA_check_key.pod rename to deps/openssl/openssl/doc/man3/RSA_check_key.pod index d8689f4a2bfad5..8080b1a417dd52 100644 --- a/deps/openssl/openssl/doc/crypto/RSA_check_key.pod +++ b/deps/openssl/openssl/doc/man3/RSA_check_key.pod @@ -33,7 +33,7 @@ manner as L. RSA_check_key() is equivalent to RSA_check_key_ex() with a NULL B. -=head1 RETURN VALUE +=head1 RETURN VALUES RSA_check_key_ex() and RSA_check_key() return 1 if B is a valid RSA key, and 0 otherwise. @@ -74,7 +74,7 @@ RSA_check_key_ex() appeared after OpenSSL 1.0.2. =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/RSA_generate_key.pod b/deps/openssl/openssl/doc/man3/RSA_generate_key.pod new file mode 100644 index 00000000000000..a4c078a4b0bacc --- /dev/null +++ b/deps/openssl/openssl/doc/man3/RSA_generate_key.pod @@ -0,0 +1,107 @@ +=pod + +=head1 NAME + +RSA_generate_key_ex, RSA_generate_key, +RSA_generate_multi_prime_key - generate RSA key pair + +=head1 SYNOPSIS + + #include + + int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); + int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb); + +Deprecated: + + #if OPENSSL_API_COMPAT < 0x00908000L + RSA *RSA_generate_key(int num, unsigned long e, + void (*callback)(int, int, void *), void *cb_arg); + #endif + +=head1 DESCRIPTION + +RSA_generate_key_ex() generates a 2-prime RSA key pair and stores it in the +B structure provided in B. The pseudo-random number generator must +be seeded prior to calling RSA_generate_key_ex(). + +RSA_generate_multi_prime_key() generates a multi-prime RSA key pair and stores +it in the B structure provided in B. The number of primes is given by +the B parameter. The pseudo-random number generator must be seeded prior +to calling RSA_generate_multi_prime_key(). + +The modulus size will be of length B, the number of primes to form the +modulus will be B, and the public exponent will be B. Key sizes +with B E 1024 should be considered insecure. The exponent is an odd +number, typically 3, 17 or 65537. + +In order to maintain adequate security level, the maximum number of permitted +B depends on modulus bit length: + + <1024 | >=1024 | >=4096 | >=8192 + ------+--------+--------+------- + 2 | 3 | 4 | 5 + +A callback function may be used to provide feedback about the +progress of the key generation. If B is not B, it +will be called as follows using the BN_GENCB_call() function +described on the L page. + +RSA_generate_prime() is similar to RSA_generate_prime_ex() but +expects an old-style callback function; see +L for information on the old-style callback. + +=over 2 + +=item * + +While a random prime number is generated, it is called as +described in L. + +=item * + +When the n-th randomly generated prime is rejected as not +suitable for the key, B is called. + +=item * + +When a random p has been found with p-1 relatively prime to B, +it is called as B. + +=back + +The process is then repeated for prime q and other primes (if any) +with B where B indicates the i-th prime. + +=head1 RETURN VALUES + +RSA_generate_multi_prime_key() returns 1 on success or 0 on error. +RSA_generate_key_ex() returns 1 on success or 0 on error. +The error codes can be obtained by L. + +RSA_generate_key() returns a pointer to the RSA structure or +B if the key generation fails. + +=head1 BUGS + +B is used with two different meanings. + +=head1 SEE ALSO + +L, L, L + +=head1 HISTORY + +RSA_generate_key() was deprecated in OpenSSL 0.9.8; use +RSA_generate_key_ex() instead. + +=head1 COPYRIGHT + +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/crypto/RSA_get0_key.pod b/deps/openssl/openssl/doc/man3/RSA_get0_key.pod similarity index 53% rename from deps/openssl/openssl/doc/crypto/RSA_get0_key.pod rename to deps/openssl/openssl/doc/man3/RSA_get0_key.pod index 579a2df000d815..cb7d0f66db10b2 100644 --- a/deps/openssl/openssl/doc/crypto/RSA_get0_key.pod +++ b/deps/openssl/openssl/doc/man3/RSA_get0_key.pod @@ -3,9 +3,14 @@ =head1 NAME RSA_set0_key, RSA_set0_factors, RSA_set0_crt_params, RSA_get0_key, -RSA_get0_factors, RSA_get0_crt_params, RSA_clear_flags, -RSA_test_flags, RSA_set_flags, RSA_get0_engine - Routines for getting -and setting data in an RSA object +RSA_get0_factors, RSA_get0_crt_params, +RSA_get0_n, RSA_get0_e, RSA_get0_d, RSA_get0_p, RSA_get0_q, +RSA_get0_dmp1, RSA_get0_dmq1, RSA_get0_iqmp, +RSA_clear_flags, +RSA_test_flags, RSA_set_flags, RSA_get0_engine, RSA_get_multi_prime_extra_count, +RSA_get0_multi_prime_factors, RSA_get0_multi_prime_crt_params, +RSA_set0_multi_prime_params, RSA_get_version +- Routines for getting and setting data in an RSA object =head1 SYNOPSIS @@ -20,10 +25,25 @@ and setting data in an RSA object void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, const BIGNUM **iqmp); + const BIGNUM *RSA_get0_n(const RSA *d); + const BIGNUM *RSA_get0_e(const RSA *d); + const BIGNUM *RSA_get0_d(const RSA *d); + const BIGNUM *RSA_get0_p(const RSA *d); + const BIGNUM *RSA_get0_q(const RSA *d); + const BIGNUM *RSA_get0_dmp1(const RSA *r); + const BIGNUM *RSA_get0_dmq1(const RSA *r); + const BIGNUM *RSA_get0_iqmp(const RSA *r); void RSA_clear_flags(RSA *r, int flags); int RSA_test_flags(const RSA *r, int flags); void RSA_set_flags(RSA *r, int flags); ENGINE *RSA_get0_engine(RSA *r); + int RSA_get_multi_prime_extra_count(const RSA *r); + int RSA_get0_multi_prime_factors(const RSA *r, const BIGNUM *primes[]); + int RSA_get0_multi_prime_crt_params(const RSA *r, const BIGNUM *exps[], + const BIGNUM *coeffs[]); + int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[], + BIGNUM *coeffs[], int pnum); + int RSA_get_version(RSA *r); =head1 DESCRIPTION @@ -36,6 +56,11 @@ private key (see PKCS#1 section 3 Key Types), where B

and B are the first and second factor of B and B, B and B are the exponents and coefficient for CRT calculations. +For multi-prime RSA (defined in RFC 8017), there are also one or more +'triplet' in an RSA object. A triplet contains three members, B, B +and B. B is the additional prime besides B

and B. B and +B are the exponent and coefficient for CRT calculations. + The B, B and B parameters can be obtained by calling RSA_get0_key(). If they have not been set yet, then B<*n>, B<*e> and B<*d> will be set to NULL. Otherwise, they are set to pointers to @@ -59,9 +84,20 @@ B and B parameters can be obtained and set with RSA_get0_crt_params() and RSA_set0_crt_params(). For RSA_get0_key(), RSA_get0_factors(), and RSA_get0_crt_params(), -NULL value BIGNUM ** output parameters are permitted. The functions +NULL value BIGNUM ** output parameters are permitted. The functions ignore NULL parameters but return values for other, non-NULL, parameters. +For multi-prime RSA, RSA_get0_multi_prime_factors() and RSA_get0_multi_prime_params() +can be used to obtain other primes and related CRT parameters. The +return values are stored in an array of B. RSA_set0_multi_prime_params() +sets a collect of multi-prime 'triplet' members (prime, exponent and coefficient) +into an RSA object. + +Any of the values B, B, B, B

, B, B, B, and B can also be +retrieved separately by the corresponding function +RSA_get0_n(), RSA_get0_e(), RSA_get0_d(), RSA_get0_p(), RSA_get0_q(), +RSA_get0_dmp1(), RSA_get0_dmq1(), and RSA_get0_iqmp(), respectively. + RSA_set_flags() sets the flags in the B parameter on the RSA object. Multiple flags can be passed in one go (bitwise ORed together). Any flags that are already set are left set. RSA_test_flags() tests to @@ -74,6 +110,8 @@ RSA object. RSA_get0_engine() returns a handle to the ENGINE that has been set for this RSA object, or NULL if no such ENGINE has been set. +RSA_get_version() returns the version of an RSA object B. + =head1 NOTES Values retrieved with RSA_get0_key() are owned by the RSA object used @@ -82,10 +120,31 @@ needed, duplicate the received value using BN_dup() and pass the duplicate. The same applies to RSA_get0_factors() and RSA_set0_factors() as well as RSA_get0_crt_params() and RSA_set0_crt_params(). +The caller should obtain the size by calling RSA_get_multi_prime_extra_count() +in advance and allocate sufficient buffer to store the return values before +calling RSA_get0_multi_prime_factors() and RSA_get0_multi_prime_params(). + +RSA_set0_multi_prime_params() always clears the original multi-prime +triplets in RSA object B and assign the new set of triplets into it. + =head1 RETURN VALUES -RSA_set0_key(), RSA_set0_factors and RSA_set0_crt_params() return 1 on -success or 0 on failure. +RSA_set0_key(), RSA_set0_factors(), RSA_set0_crt_params() and +RSA_set0_multi_prime_params() return 1 on success or 0 on failure. + +RSA_get0_n(), RSA_get0_e(), RSA_get0_d(), RSA_get0_p(), RSA_get0_q(), +RSA_get0_dmp1(), RSA_get0_dmq1(), and RSA_get0_iqmp() +return the respective value. + +RSA_get0_multi_prime_factors() and RSA_get0_multi_prime_crt_params() return +1 on success or 0 on failure. + +RSA_get_multi_prime_extra_count() returns two less than the number of primes +in use, which is 0 for traditional RSA and the number of extra primes for +multi-prime RSA. + +RSA_get_version() returns B for multi-prime RSA and +B for normal two-prime RSA, as defined in RFC 8017. RSA_test_flags() returns the current state of the flags in the RSA object. @@ -94,15 +153,19 @@ ENGINE has been set. =head1 SEE ALSO -L, L, L +L, L =head1 HISTORY -The functions described here were added in OpenSSL 1.1.0. +RSA_get_multi_prime_extra_count(), RSA_get0_multi_prime_factors(), +RSA_get0_multi_prime_crt_params(), RSA_set0_multi_prime_params(), +and RSA_get_version() functions were added in OpenSSL 1.1.1. + +Other functions described here were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/RSA_meth_new.pod b/deps/openssl/openssl/doc/man3/RSA_meth_new.pod similarity index 55% rename from deps/openssl/openssl/doc/crypto/RSA_meth_new.pod rename to deps/openssl/openssl/doc/man3/RSA_meth_new.pod index 8f6d428afc4c57..f21095156c0f9b 100644 --- a/deps/openssl/openssl/doc/crypto/RSA_meth_new.pod +++ b/deps/openssl/openssl/doc/man3/RSA_meth_new.pod @@ -12,7 +12,8 @@ RSA_meth_set_priv_dec, RSA_meth_get_mod_exp, RSA_meth_set_mod_exp, RSA_meth_get_bn_mod_exp, RSA_meth_set_bn_mod_exp, RSA_meth_get_init, RSA_meth_set_init, RSA_meth_get_finish, RSA_meth_set_finish, RSA_meth_get_sign, RSA_meth_set_sign, RSA_meth_get_verify, -RSA_meth_set_verify, RSA_meth_get_keygen, RSA_meth_set_keygen +RSA_meth_set_verify, RSA_meth_get_keygen, RSA_meth_set_keygen, +RSA_meth_get_multi_prime_keygen, RSA_meth_set_multi_prime_keygen - Routines to build up RSA methods =head1 SYNOPSIS @@ -21,93 +22,109 @@ RSA_meth_set_verify, RSA_meth_get_keygen, RSA_meth_set_keygen RSA_METHOD *RSA_meth_new(const char *name, int flags); void RSA_meth_free(RSA_METHOD *meth); + RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth); + const char *RSA_meth_get0_name(const RSA_METHOD *meth); int RSA_meth_set1_name(RSA_METHOD *meth, const char *name); + int RSA_meth_get_flags(const RSA_METHOD *meth); int RSA_meth_set_flags(RSA_METHOD *meth, int flags); + void *RSA_meth_get0_app_data(const RSA_METHOD *meth); int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data); - int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth)) - (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); + + int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth))(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); int RSA_meth_set_pub_enc(RSA_METHOD *rsa, - int (*pub_enc) (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, - int padding)); + int (*pub_enc)(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)); + int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth)) (int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding); int RSA_meth_set_pub_dec(RSA_METHOD *rsa, - int (*pub_dec) (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, - int padding)); - int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth)) - (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); + int (*pub_dec)(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding)); + + int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth))(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding); int RSA_meth_set_priv_enc(RSA_METHOD *rsa, - int (*priv_enc) (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, - int padding)); - int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth)) - (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); + int (*priv_enc)(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding)); + + int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth))(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, + int padding); int RSA_meth_set_priv_dec(RSA_METHOD *rsa, - int (*priv_dec) (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, - int padding)); - /* Can be null */ - int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth)) - (BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx); + int (*priv_dec)(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding)); + + /* Can be null */ + int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))(BIGNUM *r0, const BIGNUM *i, + RSA *rsa, BN_CTX *ctx); int RSA_meth_set_mod_exp(RSA_METHOD *rsa, - int (*mod_exp) (BIGNUM *r0, const BIGNUM *i, RSA *rsa, - BN_CTX *ctx)); - /* Can be null */ - int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth)) - (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); + int (*mod_exp)(BIGNUM *r0, const BIGNUM *i, RSA *rsa, + BN_CTX *ctx)); + + /* Can be null */ + int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))(BIGNUM *r, const BIGNUM *a, + const BIGNUM *p, const BIGNUM *m, + BN_CTX *ctx, BN_MONT_CTX *m_ctx); int RSA_meth_set_bn_mod_exp(RSA_METHOD *rsa, - int (*bn_mod_exp) (BIGNUM *r, - const BIGNUM *a, - const BIGNUM *p, - const BIGNUM *m, - BN_CTX *ctx, - BN_MONT_CTX *m_ctx)); - /* called at new */ - int (*RSA_meth_get_init(const RSA_METHOD *meth)) (RSA *rsa); - int RSA_meth_set_init(RSA_METHOD *rsa, int (*init) (RSA *rsa)); - /* called at free */ - int (*RSA_meth_get_finish(const RSA_METHOD *meth)) (RSA *rsa); - int RSA_meth_set_finish(RSA_METHOD *rsa, int (*finish) (RSA *rsa)); - int (*RSA_meth_get_sign(const RSA_METHOD *meth)) - (int type, - const unsigned char *m, unsigned int m_length, - unsigned char *sigret, unsigned int *siglen, - const RSA *rsa); + int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, + const BIGNUM *p, const BIGNUM *m, + BN_CTX *ctx, BN_MONT_CTX *m_ctx)); + + /* called at new */ + int (*RSA_meth_get_init(const RSA_METHOD *meth) (RSA *rsa); + int RSA_meth_set_init(RSA_METHOD *rsa, int (*init (RSA *rsa)); + + /* called at free */ + int (*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa); + int RSA_meth_set_finish(RSA_METHOD *rsa, int (*finish)(RSA *rsa)); + + int (*RSA_meth_get_sign(const RSA_METHOD *meth))(int type, const unsigned char *m, + unsigned int m_length, + unsigned char *sigret, + unsigned int *siglen, const RSA *rsa); int RSA_meth_set_sign(RSA_METHOD *rsa, - int (*sign) (int type, const unsigned char *m, - unsigned int m_length, - unsigned char *sigret, unsigned int *siglen, - const RSA *rsa)); - int (*RSA_meth_get_verify(const RSA_METHOD *meth)) - (int dtype, const unsigned char *m, - unsigned int m_length, const unsigned char *sigbuf, - unsigned int siglen, const RSA *rsa); + int (*sign)(int type, const unsigned char *m, + unsigned int m_length, unsigned char *sigret, + unsigned int *siglen, const RSA *rsa)); + + int (*RSA_meth_get_verify(const RSA_METHOD *meth))(int dtype, const unsigned char *m, + unsigned int m_length, + const unsigned char *sigbuf, + unsigned int siglen, const RSA *rsa); int RSA_meth_set_verify(RSA_METHOD *rsa, - int (*verify) (int dtype, const unsigned char *m, - unsigned int m_length, - const unsigned char *sigbuf, - unsigned int siglen, const RSA *rsa)); - int (*RSA_meth_get_keygen(const RSA_METHOD *meth)) - (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); + int (*verify)(int dtype, const unsigned char *m, + unsigned int m_length, + const unsigned char *sigbuf, + unsigned int siglen, const RSA *rsa)); + + int (*RSA_meth_get_keygen(const RSA_METHOD *meth))(RSA *rsa, int bits, BIGNUM *e, + BN_GENCB *cb); int RSA_meth_set_keygen(RSA_METHOD *rsa, - int (*keygen) (RSA *rsa, int bits, BIGNUM *e, - BN_GENCB *cb)); + int (*keygen)(RSA *rsa, int bits, BIGNUM *e, + BN_GENCB *cb)); + + int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth))(RSA *rsa, int bits, + int primes, BIGNUM *e, + BN_GENCB *cb); + + int RSA_meth_set_multi_prime_keygen(RSA_METHOD *meth, + int (*keygen) (RSA *rsa, int bits, + int primes, BIGNUM *e, + BN_GENCB *cb)); =head1 DESCRIPTION The B type is a structure used for the provision of custom -RSA implementations. It provides a set of of functions used by OpenSSL +RSA implementations. It provides a set of functions used by OpenSSL for the implementation of the various RSA capabilities. See the L page for more information. @@ -186,8 +203,14 @@ by this function. This function may be NULL. RSA_meth_get_keygen() and RSA_meth_set_keygen() get and set the function used for generating a new RSA key pair respectively. This function will be called in response to the application calling -RSA_generate_key(). The parameter for the function has the same -meaning as for RSA_generate_key(). +RSA_generate_key_ex(). The parameter for the function has the same +meaning as for RSA_generate_key_ex(). + +RSA_meth_get_multi_prime_keygen() and RSA_meth_set_multi_prime_keygen() get +and set the function used for generating a new multi-prime RSA key pair +respectively. This function will be called in response to the application calling +RSA_generate_multi_prime_key(). The parameter for the function has the same +meaning as for RSA_generate_multi_prime_key(). RSA_meth_get_pub_enc(), RSA_meth_set_pub_enc(), RSA_meth_get_pub_dec(), RSA_meth_set_pub_dec(), @@ -216,12 +239,16 @@ success or 0 on failure. =head1 SEE ALSO -L, L, L, -L, L, L +L, L, L, +L, L, L, +L =head1 HISTORY -The functions described here were added in OpenSSL 1.1.0. +RSA_meth_get_multi_prime_keygen() and RSA_meth_set_multi_prime_keygen() were +added in OpenSSL 1.1.1. + +Other functions described here were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/deps/openssl/openssl/doc/crypto/RSA_new.pod b/deps/openssl/openssl/doc/man3/RSA_new.pod similarity index 98% rename from deps/openssl/openssl/doc/crypto/RSA_new.pod rename to deps/openssl/openssl/doc/man3/RSA_new.pod index 3317920741e43d..d57fe826d1f6d8 100644 --- a/deps/openssl/openssl/doc/crypto/RSA_new.pod +++ b/deps/openssl/openssl/doc/man3/RSA_new.pod @@ -8,7 +8,7 @@ RSA_new, RSA_free - allocate and free RSA objects #include - RSA * RSA_new(void); + RSA *RSA_new(void); void RSA_free(RSA *rsa); diff --git a/deps/openssl/openssl/doc/crypto/RSA_padding_add_PKCS1_type_1.pod b/deps/openssl/openssl/doc/man3/RSA_padding_add_PKCS1_type_1.pod similarity index 82% rename from deps/openssl/openssl/doc/crypto/RSA_padding_add_PKCS1_type_1.pod rename to deps/openssl/openssl/doc/man3/RSA_padding_add_PKCS1_type_1.pod index 5b53eb9e959358..93911cac97d6f6 100644 --- a/deps/openssl/openssl/doc/crypto/RSA_padding_add_PKCS1_type_1.pod +++ b/deps/openssl/openssl/doc/man3/RSA_padding_add_PKCS1_type_1.pod @@ -14,34 +14,35 @@ padding #include int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, - unsigned char *f, int fl); + unsigned char *f, int fl); int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, - unsigned char *f, int fl, int rsa_len); + unsigned char *f, int fl, int rsa_len); int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, - unsigned char *f, int fl); + unsigned char *f, int fl); int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, - unsigned char *f, int fl, int rsa_len); + unsigned char *f, int fl, int rsa_len); int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, - unsigned char *f, int fl, unsigned char *p, int pl); + unsigned char *f, int fl, unsigned char *p, int pl); int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, - unsigned char *f, int fl, int rsa_len, unsigned char *p, int pl); + unsigned char *f, int fl, int rsa_len, + unsigned char *p, int pl); int RSA_padding_add_SSLv23(unsigned char *to, int tlen, - unsigned char *f, int fl); + unsigned char *f, int fl); int RSA_padding_check_SSLv23(unsigned char *to, int tlen, - unsigned char *f, int fl, int rsa_len); + unsigned char *f, int fl, int rsa_len); int RSA_padding_add_none(unsigned char *to, int tlen, - unsigned char *f, int fl); + unsigned char *f, int fl); int RSA_padding_check_none(unsigned char *to, int tlen, - unsigned char *f, int fl, int rsa_len); + unsigned char *f, int fl, int rsa_len); =head1 DESCRIPTION diff --git a/deps/openssl/openssl/doc/crypto/RSA_print.pod b/deps/openssl/openssl/doc/man3/RSA_print.pod similarity index 100% rename from deps/openssl/openssl/doc/crypto/RSA_print.pod rename to deps/openssl/openssl/doc/man3/RSA_print.pod diff --git a/deps/openssl/openssl/doc/crypto/RSA_private_encrypt.pod b/deps/openssl/openssl/doc/man3/RSA_private_encrypt.pod similarity index 88% rename from deps/openssl/openssl/doc/crypto/RSA_private_encrypt.pod rename to deps/openssl/openssl/doc/man3/RSA_private_encrypt.pod index 1eb7a0adbd9d62..060a9000f8b4c2 100644 --- a/deps/openssl/openssl/doc/crypto/RSA_private_encrypt.pod +++ b/deps/openssl/openssl/doc/man3/RSA_private_encrypt.pod @@ -8,11 +8,11 @@ RSA_private_encrypt, RSA_public_decrypt - low level signature operations #include - int RSA_private_encrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); + int RSA_private_encrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa, int padding); - int RSA_public_decrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); + int RSA_public_decrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa, int padding); =head1 DESCRIPTION diff --git a/deps/openssl/openssl/doc/crypto/RSA_public_encrypt.pod b/deps/openssl/openssl/doc/man3/RSA_public_encrypt.pod similarity index 89% rename from deps/openssl/openssl/doc/crypto/RSA_public_encrypt.pod rename to deps/openssl/openssl/doc/man3/RSA_public_encrypt.pod index b1dd50d752fc42..91c176e24c5234 100644 --- a/deps/openssl/openssl/doc/crypto/RSA_public_encrypt.pod +++ b/deps/openssl/openssl/doc/man3/RSA_public_encrypt.pod @@ -8,11 +8,11 @@ RSA_public_encrypt, RSA_private_decrypt - RSA public key cryptography #include - int RSA_public_encrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); + int RSA_public_encrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa, int padding); - int RSA_private_decrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); + int RSA_private_decrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa, int padding); =head1 DESCRIPTION @@ -80,7 +80,7 @@ SSL, PKCS #1 v2.0 =head1 SEE ALSO -L, L, +L, L, L =head1 COPYRIGHT diff --git a/deps/openssl/openssl/doc/crypto/RSA_set_method.pod b/deps/openssl/openssl/doc/man3/RSA_set_method.pod similarity index 78% rename from deps/openssl/openssl/doc/crypto/RSA_set_method.pod rename to deps/openssl/openssl/doc/man3/RSA_set_method.pod index 668ad7a16b08b3..4bb63962cfe1ac 100644 --- a/deps/openssl/openssl/doc/crypto/RSA_set_method.pod +++ b/deps/openssl/openssl/doc/man3/RSA_set_method.pod @@ -81,56 +81,56 @@ the default method is used. typedef struct rsa_meth_st { /* name of the implementation */ - const char *name; + const char *name; /* encrypt */ - int (*rsa_pub_enc)(int flen, unsigned char *from, - unsigned char *to, RSA *rsa, int padding); + int (*rsa_pub_enc)(int flen, unsigned char *from, + unsigned char *to, RSA *rsa, int padding); /* verify arbitrary data */ - int (*rsa_pub_dec)(int flen, unsigned char *from, - unsigned char *to, RSA *rsa, int padding); + int (*rsa_pub_dec)(int flen, unsigned char *from, + unsigned char *to, RSA *rsa, int padding); /* sign arbitrary data */ - int (*rsa_priv_enc)(int flen, unsigned char *from, - unsigned char *to, RSA *rsa, int padding); + int (*rsa_priv_enc)(int flen, unsigned char *from, + unsigned char *to, RSA *rsa, int padding); /* decrypt */ - int (*rsa_priv_dec)(int flen, unsigned char *from, - unsigned char *to, RSA *rsa, int padding); + int (*rsa_priv_dec)(int flen, unsigned char *from, + unsigned char *to, RSA *rsa, int padding); - /* compute r0 = r0 ^ I mod rsa->n (May be NULL for some - implementations) */ - int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa); + /* compute r0 = r0 ^ I mod rsa->n (May be NULL for some implementations) */ + int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa); /* compute r = a ^ p mod m (May be NULL for some implementations) */ - int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); + int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); /* called at RSA_new */ - int (*init)(RSA *rsa); + int (*init)(RSA *rsa); /* called at RSA_free */ - int (*finish)(RSA *rsa); + int (*finish)(RSA *rsa); - /* RSA_FLAG_EXT_PKEY - rsa_mod_exp is called for private key + /* + * RSA_FLAG_EXT_PKEY - rsa_mod_exp is called for private key * operations, even if p,q,dmp1,dmq1,iqmp * are NULL * RSA_METHOD_FLAG_NO_CHECK - don't check pub/private match */ - int flags; + int flags; - char *app_data; /* ?? */ + char *app_data; /* ?? */ - int (*rsa_sign)(int type, - const unsigned char *m, unsigned int m_length, - unsigned char *sigret, unsigned int *siglen, const RSA *rsa); - int (*rsa_verify)(int dtype, - const unsigned char *m, unsigned int m_length, - const unsigned char *sigbuf, unsigned int siglen, - const RSA *rsa); + int (*rsa_sign)(int type, + const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, const RSA *rsa); + int (*rsa_verify)(int dtype, + const unsigned char *m, unsigned int m_length, + const unsigned char *sigbuf, unsigned int siglen, + const RSA *rsa); /* keygen. If NULL builtin RSA key generation will be used */ - int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); + int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); } RSA_METHOD; @@ -172,7 +172,7 @@ L =head1 HISTORY The RSA_null_method(), which was a partial attempt to avoid patent issues, -was replaced to always return NULL in OpenSSL 1.1.0f. +was replaced to always return NULL in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/deps/openssl/openssl/doc/crypto/RSA_sign.pod b/deps/openssl/openssl/doc/man3/RSA_sign.pod similarity index 92% rename from deps/openssl/openssl/doc/crypto/RSA_sign.pod rename to deps/openssl/openssl/doc/man3/RSA_sign.pod index fbb38d811c4a52..310abd4901fb7d 100644 --- a/deps/openssl/openssl/doc/crypto/RSA_sign.pod +++ b/deps/openssl/openssl/doc/man3/RSA_sign.pod @@ -9,10 +9,10 @@ RSA_sign, RSA_verify - RSA signatures #include int RSA_sign(int type, const unsigned char *m, unsigned int m_len, - unsigned char *sigret, unsigned int *siglen, RSA *rsa); + unsigned char *sigret, unsigned int *siglen, RSA *rsa); int RSA_verify(int type, const unsigned char *m, unsigned int m_len, - unsigned char *sigbuf, unsigned int siglen, RSA *rsa); + unsigned char *sigbuf, unsigned int siglen, RSA *rsa); =head1 DESCRIPTION diff --git a/deps/openssl/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod b/deps/openssl/openssl/doc/man3/RSA_sign_ASN1_OCTET_STRING.pod similarity index 83% rename from deps/openssl/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod rename to deps/openssl/openssl/doc/man3/RSA_sign_ASN1_OCTET_STRING.pod index 16303c9f907b1d..f577e153d688d5 100644 --- a/deps/openssl/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod +++ b/deps/openssl/openssl/doc/man3/RSA_sign_ASN1_OCTET_STRING.pod @@ -9,12 +9,12 @@ RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING - RSA signatures #include int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m, - unsigned int m_len, unsigned char *sigret, unsigned int *siglen, - RSA *rsa); + unsigned int m_len, unsigned char *sigret, + unsigned int *siglen, RSA *rsa); int RSA_verify_ASN1_OCTET_STRING(int dummy, unsigned char *m, - unsigned int m_len, unsigned char *sigbuf, unsigned int siglen, - RSA *rsa); + unsigned int m_len, unsigned char *sigbuf, + unsigned int siglen, RSA *rsa); =head1 DESCRIPTION @@ -48,7 +48,7 @@ These functions serve no recognizable purpose. =head1 SEE ALSO L, -L, L, +L, L, L =head1 COPYRIGHT diff --git a/deps/openssl/openssl/doc/crypto/RSA_size.pod b/deps/openssl/openssl/doc/man3/RSA_size.pod similarity index 54% rename from deps/openssl/openssl/doc/crypto/RSA_size.pod rename to deps/openssl/openssl/doc/man3/RSA_size.pod index eb6e4813611b9d..022620078a7c91 100644 --- a/deps/openssl/openssl/doc/crypto/RSA_size.pod +++ b/deps/openssl/openssl/doc/man3/RSA_size.pod @@ -2,15 +2,17 @@ =head1 NAME -RSA_size, RSA_bits - get RSA modulus size +RSA_size, RSA_bits, RSA_security_bits - get RSA modulus size or security bits =head1 SYNOPSIS -#include + #include -int RSA_size(const RSA *rsa); + int RSA_size(const RSA *rsa); -int RSA_bits(const RSA *rsa); + int RSA_bits(const RSA *rsa); + + int RSA_security_bits(const RSA *rsa) =head1 DESCRIPTION @@ -22,9 +24,16 @@ RSA_bits() returns the number of significant bits. B and Bn> must not be B. -=head1 RETURN VALUE +RSA_security_bits() returns the number of security bits of the given B +key. See L. + +=head1 RETURN VALUES + +RSA_size() returns the size of modulus in bytes. + +DSA_bits() returns the number of bits in the key. -The size. +RSA_security_bits() returns the number of security bits. =head1 SEE ALSO @@ -36,7 +45,7 @@ RSA_bits() was added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/SCT_new.pod b/deps/openssl/openssl/doc/man3/SCT_new.pod similarity index 80% rename from deps/openssl/openssl/doc/crypto/SCT_new.pod rename to deps/openssl/openssl/doc/man3/SCT_new.pod index fb395a51a72f68..8da7f6adf21c8d 100644 --- a/deps/openssl/openssl/doc/crypto/SCT_new.pod +++ b/deps/openssl/openssl/doc/man3/SCT_new.pod @@ -18,21 +18,21 @@ SCT_get_source, SCT_set_source #include typedef enum { - CT_LOG_ENTRY_TYPE_NOT_SET = -1, - CT_LOG_ENTRY_TYPE_X509 = 0, - CT_LOG_ENTRY_TYPE_PRECERT = 1 + CT_LOG_ENTRY_TYPE_NOT_SET = -1, + CT_LOG_ENTRY_TYPE_X509 = 0, + CT_LOG_ENTRY_TYPE_PRECERT = 1 } ct_log_entry_type_t; typedef enum { - SCT_VERSION_NOT_SET = -1, - SCT_VERSION_V1 = 0 + SCT_VERSION_NOT_SET = -1, + SCT_VERSION_V1 = 0 } sct_version_t; typedef enum { - SCT_SOURCE_UNKNOWN, - SCT_SOURCE_TLS_EXTENSION, - SCT_SOURCE_X509V3_EXTENSION, - SCT_SOURCE_OCSP_STAPLED_RESPONSE + SCT_SOURCE_UNKNOWN, + SCT_SOURCE_TLS_EXTENSION, + SCT_SOURCE_X509V3_EXTENSION, + SCT_SOURCE_OCSP_STAPLED_RESPONSE } sct_source_t; SCT *SCT_new(void); @@ -84,31 +84,45 @@ An internal representation of an SCT can be created in one of two ways. The first option is to create a blank SCT, using SCT_new(), and then populate it using: -=over 4 +=over 2 -=item * SCT_set_version() to set the SCT version. +=item * + +SCT_set_version() to set the SCT version. Only SCT_VERSION_V1 is currently supported. -=item * SCT_set_log_entry_type() to set the type of certificate the SCT was issued for: +=item * + +SCT_set_log_entry_type() to set the type of certificate the SCT was issued for: B for a normal certificate. B for a pre-certificate. -=item * SCT_set0_log_id() or SCT_set1_log_id() to set the LogID of the CT log that the SCT came from. +=item * + +SCT_set0_log_id() or SCT_set1_log_id() to set the LogID of the CT log that the SCT came from. The former takes ownership, whereas the latter makes a copy. See RFC 6962, Section 3.2 for the definition of LogID. -=item * SCT_set_timestamp() to set the time the SCT was issued (epoch time in milliseconds). +=item * + +SCT_set_timestamp() to set the time the SCT was issued (epoch time in milliseconds). + +=item * + +SCT_set_signature_nid() to set the NID of the signature. -=item * SCT_set_signature_nid() to set the NID of the signature. +=item * -=item * SCT_set0_signature() or SCT_set1_signature() to set the raw signature value. +SCT_set0_signature() or SCT_set1_signature() to set the raw signature value. The former takes ownership, whereas the latter makes a copy. -=item * SCT_set0_extensions() or B to provide SCT extensions. +=item * + +SCT_set0_extensions() or B to provide SCT extensions. The former takes ownership, whereas the latter makes a copy. @@ -117,22 +131,33 @@ The former takes ownership, whereas the latter makes a copy. Alternatively, the SCT can be pre-populated from the following data using SCT_new_from_base64(): -=over 4 +=over 2 + +=item * + +The SCT version (only SCT_VERSION_V1 is currently supported). -=item * The SCT version (only SCT_VERSION_V1 is currently supported). +=item * -=item * The LogID (see RFC 6962, Section 3.2), base64 encoded. +The LogID (see RFC 6962, Section 3.2), base64 encoded. -=item * The type of certificate the SCT was issued for: +=item * +The type of certificate the SCT was issued for: B for a normal certificate. B for a pre-certificate. -=item * The time that the SCT was issued (epoch time in milliseconds). +=item * + +The time that the SCT was issued (epoch time in milliseconds). + +=item * + +The SCT extensions, base64 encoded. -=item * The SCT extensions, base64 encoded. +=item * -=item * The SCT signature, base64 encoded. +The SCT signature, base64 encoded. =back diff --git a/deps/openssl/openssl/doc/crypto/SCT_print.pod b/deps/openssl/openssl/doc/man3/SCT_print.pod similarity index 87% rename from deps/openssl/openssl/doc/crypto/SCT_print.pod rename to deps/openssl/openssl/doc/man3/SCT_print.pod index 88ad43ecdcfb48..2b9913d4b628b4 100644 --- a/deps/openssl/openssl/doc/crypto/SCT_print.pod +++ b/deps/openssl/openssl/doc/man3/SCT_print.pod @@ -29,10 +29,15 @@ SCT_validation_status_string() will return the validation status of an SCT as a human-readable string. Call SCT_validate() or SCT_LIST_validate() beforehand in order to set the validation status of an SCT first. +=head1 RETURN VALUES + +SCT_validation_status_string() returns a null-terminated string representing +the validation status of an B object. + =head1 SEE ALSO -L, -L, +L, +L, L, L @@ -42,7 +47,7 @@ These functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/SCT_validate.pod b/deps/openssl/openssl/doc/man3/SCT_validate.pod similarity index 87% rename from deps/openssl/openssl/doc/crypto/SCT_validate.pod rename to deps/openssl/openssl/doc/man3/SCT_validate.pod index 3c03e97287e913..fa7e2a8ba2cc20 100644 --- a/deps/openssl/openssl/doc/crypto/SCT_validate.pod +++ b/deps/openssl/openssl/doc/man3/SCT_validate.pod @@ -10,12 +10,12 @@ checks Signed Certificate Timestamps (SCTs) are valid #include typedef enum { - SCT_VALIDATION_STATUS_NOT_SET, - SCT_VALIDATION_STATUS_UNKNOWN_LOG, - SCT_VALIDATION_STATUS_VALID, - SCT_VALIDATION_STATUS_INVALID, - SCT_VALIDATION_STATUS_UNVERIFIED, - SCT_VALIDATION_STATUS_UNKNOWN_VERSION + SCT_VALIDATION_STATUS_NOT_SET, + SCT_VALIDATION_STATUS_UNKNOWN_LOG, + SCT_VALIDATION_STATUS_VALID, + SCT_VALIDATION_STATUS_INVALID, + SCT_VALIDATION_STATUS_UNVERIFIED, + SCT_VALIDATION_STATUS_UNKNOWN_VERSION } sct_validation_status_t; int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx); @@ -31,20 +31,26 @@ SCT_get_validation_status(). A CT_POLICY_EVAL_CTX must be provided that specifies: -=over 4 +=over 2 -=item * The certificate the SCT was issued for. +=item * + +The certificate the SCT was issued for. Failure to provide the certificate will result in the validation status being SCT_VALIDATION_STATUS_UNVERIFIED. -=item * The issuer of that certificate. +=item * + +The issuer of that certificate. This is only required if the SCT was issued for a pre-certificate (see RFC 6962). If it is required but not provided, the validation status will be SCT_VALIDATION_STATUS_UNVERIFIED. -=item * A CTLOG_STORE that contains the CT log that issued this SCT. +=item * + +A CTLOG_STORE that contains the CT log that issued this SCT. If the SCT was issued by a log that is not in this CTLOG_STORE, the validation status will be SCT_VALIDATION_STATUS_UNKNOWN_LOG. diff --git a/deps/openssl/openssl/doc/crypto/SHA256_Init.pod b/deps/openssl/openssl/doc/man3/SHA256_Init.pod similarity index 94% rename from deps/openssl/openssl/doc/crypto/SHA256_Init.pod rename to deps/openssl/openssl/doc/man3/SHA256_Init.pod index f3565bb2f48098..6a8f2fa0db0eb2 100644 --- a/deps/openssl/openssl/doc/crypto/SHA256_Init.pod +++ b/deps/openssl/openssl/doc/man3/SHA256_Init.pod @@ -15,31 +15,31 @@ SHA512_Final - Secure Hash Algorithm int SHA1_Update(SHA_CTX *c, const void *data, size_t len); int SHA1_Final(unsigned char *md, SHA_CTX *c); unsigned char *SHA1(const unsigned char *d, size_t n, - unsigned char *md); + unsigned char *md); int SHA224_Init(SHA256_CTX *c); int SHA224_Update(SHA256_CTX *c, const void *data, size_t len); int SHA224_Final(unsigned char *md, SHA256_CTX *c); unsigned char *SHA224(const unsigned char *d, size_t n, - unsigned char *md); + unsigned char *md); int SHA256_Init(SHA256_CTX *c); int SHA256_Update(SHA256_CTX *c, const void *data, size_t len); int SHA256_Final(unsigned char *md, SHA256_CTX *c); unsigned char *SHA256(const unsigned char *d, size_t n, - unsigned char *md); + unsigned char *md); int SHA384_Init(SHA512_CTX *c); int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); int SHA384_Final(unsigned char *md, SHA512_CTX *c); unsigned char *SHA384(const unsigned char *d, size_t n, - unsigned char *md); + unsigned char *md); int SHA512_Init(SHA512_CTX *c); int SHA512_Update(SHA512_CTX *c, const void *data, size_t len); int SHA512_Final(unsigned char *md, SHA512_CTX *c); unsigned char *SHA512(const unsigned char *d, size_t n, - unsigned char *md); + unsigned char *md); =head1 DESCRIPTION diff --git a/deps/openssl/openssl/doc/crypto/SMIME_read_CMS.pod b/deps/openssl/openssl/doc/man3/SMIME_read_CMS.pod similarity index 96% rename from deps/openssl/openssl/doc/crypto/SMIME_read_CMS.pod rename to deps/openssl/openssl/doc/man3/SMIME_read_CMS.pod index efde0bda549b83..800e4aa25f3c46 100644 --- a/deps/openssl/openssl/doc/crypto/SMIME_read_CMS.pod +++ b/deps/openssl/openssl/doc/man3/SMIME_read_CMS.pod @@ -58,9 +58,9 @@ if an error occurred. The error can be obtained from ERR_get_error(3). =head1 SEE ALSO -L, L +L, L, L, L, -L, L +L, L, L =head1 COPYRIGHT diff --git a/deps/openssl/openssl/doc/crypto/SMIME_read_PKCS7.pod b/deps/openssl/openssl/doc/man3/SMIME_read_PKCS7.pod similarity index 100% rename from deps/openssl/openssl/doc/crypto/SMIME_read_PKCS7.pod rename to deps/openssl/openssl/doc/man3/SMIME_read_PKCS7.pod diff --git a/deps/openssl/openssl/doc/crypto/SMIME_write_CMS.pod b/deps/openssl/openssl/doc/man3/SMIME_write_CMS.pod similarity index 100% rename from deps/openssl/openssl/doc/crypto/SMIME_write_CMS.pod rename to deps/openssl/openssl/doc/man3/SMIME_write_CMS.pod diff --git a/deps/openssl/openssl/doc/crypto/SMIME_write_PKCS7.pod b/deps/openssl/openssl/doc/man3/SMIME_write_PKCS7.pod similarity index 100% rename from deps/openssl/openssl/doc/crypto/SMIME_write_PKCS7.pod rename to deps/openssl/openssl/doc/man3/SMIME_write_PKCS7.pod diff --git a/deps/openssl/openssl/doc/man3/SSL_CIPHER_get_name.pod b/deps/openssl/openssl/doc/man3/SSL_CIPHER_get_name.pod new file mode 100644 index 00000000000000..af59b58946cc68 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/SSL_CIPHER_get_name.pod @@ -0,0 +1,210 @@ +=pod + +=head1 NAME + +SSL_CIPHER_get_name, +SSL_CIPHER_standard_name, +OPENSSL_cipher_name, +SSL_CIPHER_get_bits, +SSL_CIPHER_get_version, +SSL_CIPHER_description, +SSL_CIPHER_get_cipher_nid, +SSL_CIPHER_get_digest_nid, +SSL_CIPHER_get_handshake_digest, +SSL_CIPHER_get_kx_nid, +SSL_CIPHER_get_auth_nid, +SSL_CIPHER_is_aead, +SSL_CIPHER_find, +SSL_CIPHER_get_id, +SSL_CIPHER_get_protocol_id +- get SSL_CIPHER properties + +=head1 SYNOPSIS + + #include + + const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher); + const char *SSL_CIPHER_standard_name(const SSL_CIPHER *cipher); + const char *OPENSSL_cipher_name(const char *stdname); + int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits); + char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher); + char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int size); + int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c); + int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c); + const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c); + int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c); + int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c); + int SSL_CIPHER_is_aead(const SSL_CIPHER *c); + const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); + uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c); + uint32_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c); + +=head1 DESCRIPTION + +SSL_CIPHER_get_name() returns a pointer to the name of B. If the +B is NULL, it returns "(NONE)". + +SSL_CIPHER_standard_name() returns a pointer to the standard RFC name of +B. If the B is NULL, it returns "(NONE)". If the B +has no standard name, it returns B. If B was defined in both +SSLv3 and TLS, it returns the TLS name. + +OPENSSL_cipher_name() returns a pointer to the OpenSSL name of B. +If the B is NULL, or B has no corresponding OpenSSL name, +it returns "(NONE)". Where both exist, B should be the TLS name rather +than the SSLv3 name. + +SSL_CIPHER_get_bits() returns the number of secret bits used for B. +If B is NULL, 0 is returned. + +SSL_CIPHER_get_version() returns string which indicates the SSL/TLS protocol +version that first defined the cipher. It returns "(NONE)" if B is NULL. + +SSL_CIPHER_get_cipher_nid() returns the cipher NID corresponding to B. +If there is no cipher (e.g. for cipher suites with no encryption) then +B is returned. + +SSL_CIPHER_get_digest_nid() returns the digest NID corresponding to the MAC +used by B during record encryption/decryption. If there is no digest (e.g. +for AEAD cipher suites) then B is returned. + +SSL_CIPHER_get_handshake_digest() returns an EVP_MD for the digest used during +the SSL/TLS handshake when using the SSL_CIPHER B. Note that this may be +different to the digest used to calculate the MAC for encrypted records. + +SSL_CIPHER_get_kx_nid() returns the key exchange NID corresponding to the method +used by B. If there is no key exchange, then B is returned. +If any appropriate key exchange algorithm can be used (as in the case of TLS 1.3 +cipher suites) B is returned. Examples (not comprehensive): + + NID_kx_rsa + NID_kx_ecdhe + NID_kx_dhe + NID_kx_psk + +SSL_CIPHER_get_auth_nid() returns the authentication NID corresponding to the method +used by B. If there is no authentication, then B is returned. +If any appropriate authentication algorithm can be used (as in the case of +TLS 1.3 cipher suites) B is returned. Examples (not comprehensive): + + NID_auth_rsa + NID_auth_ecdsa + NID_auth_psk + +SSL_CIPHER_is_aead() returns 1 if the cipher B is AEAD (e.g. GCM or +ChaCha20/Poly1305), and 0 if it is not AEAD. + +SSL_CIPHER_find() returns a B structure which has the cipher ID stored +in B. The B parameter is a two element array of B, which stores the +two-byte TLS cipher ID (as allocated by IANA) in network byte order. This parameter +is usually retrieved from a TLS packet by using functions like +L. SSL_CIPHER_find() returns NULL if an +error occurs or the indicated cipher is not found. + +SSL_CIPHER_get_id() returns the OpenSSL-specific ID of the given cipher B. That ID is +not the same as the IANA-specific ID. + +SSL_CIPHER_get_protocol_id() returns the two-byte ID used in the TLS protocol of the given +cipher B. + +SSL_CIPHER_description() returns a textual description of the cipher used +into the buffer B of length B provided. If B is provided, it +must be at least 128 bytes, otherwise a buffer will be allocated using +OPENSSL_malloc(). If the provided buffer is too small, or the allocation fails, +B is returned. + +The string returned by SSL_CIPHER_description() consists of several fields +separated by whitespace: + +=over 4 + +=item + +Textual representation of the cipher name. + +=item + +Protocol version, such as B, when the cipher was first defined. + +=item Kx= + +Key exchange method such as B, B, etc. + +=item Au= + +Authentication method such as B, B, etc.. None is the +representation of anonymous ciphers. + +=item Enc= + +Encryption method, with number of secret bits, such as B. + +=item Mac= + +Message digest, such as B. + +=back + +Some examples for the output of SSL_CIPHER_description(): + + ECDHE-RSA-AES256-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD + RSA-PSK-AES256-CBC-SHA384 TLSv1.0 Kx=RSAPSK Au=RSA Enc=AES(256) Mac=SHA384 + +=head1 RETURN VALUES + +SSL_CIPHER_get_name(), SSL_CIPHER_standard_name(), OPENSSL_cipher_name(), +SSL_CIPHER_get_version() and SSL_CIPHER_description() return the corresponding +value in a null-terminated string for a specific cipher or "(NONE)" +if the cipher is not found. + +SSL_CIPHER_get_bits() returns a positive integer representing the number of +secret bits or 0 if an error occurred. + +SSL_CIPHER_get_cipher_nid(), SSL_CIPHER_get_digest_nid(), +SSL_CIPHER_get_kx_nid() and SSL_CIPHER_get_auth_nid() return the NID value or +B if an error occurred. + +SSL_CIPHER_get_handshake_digest() returns a valid B structure or NULL +if an error occurred. + +SSL_CIPHER_is_aead() returns 1 if the cipher is AEAD or 0 otherwise. + +SSL_CIPHER_find() returns a valid B structure or NULL if an error +occurred. + +SSL_CIPHER_get_id() returns a 4-byte integer representing the OpenSSL-specific ID. + +SSL_CIPHER_get_protocol_id() returns a 2-byte integer representing the TLS +protocol-specific ID. + +=head1 HISTORY + +SSL_CIPHER_get_version() was updated to always return the correct protocol +string in OpenSSL 1.1.0. + +SSL_CIPHER_description() was changed to return B on error, +rather than a fixed string, in OpenSSL 1.1.0. + +SSL_CIPHER_get_handshake_digest() was added in OpenSSL 1.1.1. + +SSL_CIPHER_standard_name() was globally available in OpenSSL 1.1.1. Before +OpenSSL 1.1.1, tracing (B argument to Configure) was +required to enable this function. + +OPENSSL_cipher_name() was added in OpenSSL 1.1.1. + +=head1 SEE ALSO + +L, L, +L, L + +=head1 COPYRIGHT + +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/ssl/SSL_COMP_add_compression_method.pod b/deps/openssl/openssl/doc/man3/SSL_COMP_add_compression_method.pod similarity index 83% rename from deps/openssl/openssl/doc/ssl/SSL_COMP_add_compression_method.pod rename to deps/openssl/openssl/doc/man3/SSL_COMP_add_compression_method.pod index 15929df32b1e6b..1dc8eb149947d9 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_COMP_add_compression_method.pod +++ b/deps/openssl/openssl/doc/man3/SSL_COMP_add_compression_method.pod @@ -35,12 +35,8 @@ SSL_COMP_get0_name() returns the name of the compression method B. SSL_COMP_get_id() returns the id of the compression method B. -In versions of OpenSSL prior to 1.1.0 SSL_COMP_free_compression_methods() freed -the internal table of compression methods that were built internally, and -possibly augmented by adding SSL_COMP_add_compression_method(). However this is -now unnecessary from version 1.1.0. No explicit initialisation or -de-initialisation is necessary. See L and -L. From OpenSSL 1.1.0 calling this function does nothing. +SSL_COMP_free_compression_methods() releases any resources acquired to +maintain the internal table of compression methods. =head1 NOTES @@ -66,12 +62,6 @@ of compression methods supported on a per connection basis. If enabled during compilation, the OpenSSL library will have the COMP_zlib() compression method available. -=head1 WARNINGS - -Once the identities of the compression methods for the TLS protocol have -been standardized, the compression API will most likely be changed. Using -it in the current state is not recommended. - =head1 RETURN VALUES SSL_COMP_add_compression_method() may return the following values: @@ -97,11 +87,12 @@ SSL_COMP_get_id() returns the name of the compression method or -1 on error. =head1 SEE ALSO -L +L =head1 HISTORY -SSL_COMP_free_compression_methods() was deprecated in OpenSSL 1.1.0. +SSL_COMP_free_compression_methods() was deprecated in OpenSSL 1.1.0; +do not use it. SSL_COMP_get0_name() and SSL_comp_get_id() were added in OpenSSL 1.1.0d. =head1 COPYRIGHT diff --git a/deps/openssl/openssl/doc/ssl/SSL_CONF_CTX_new.pod b/deps/openssl/openssl/doc/man3/SSL_CONF_CTX_new.pod similarity index 100% rename from deps/openssl/openssl/doc/ssl/SSL_CONF_CTX_new.pod rename to deps/openssl/openssl/doc/man3/SSL_CONF_CTX_new.pod diff --git a/deps/openssl/openssl/doc/ssl/SSL_CONF_CTX_set1_prefix.pod b/deps/openssl/openssl/doc/man3/SSL_CONF_CTX_set1_prefix.pod similarity index 99% rename from deps/openssl/openssl/doc/ssl/SSL_CONF_CTX_set1_prefix.pod rename to deps/openssl/openssl/doc/man3/SSL_CONF_CTX_set1_prefix.pod index da9e580244d588..d9864702547046 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CONF_CTX_set1_prefix.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CONF_CTX_set1_prefix.pod @@ -17,7 +17,7 @@ to B. If B is B it is restored to the default value. =head1 NOTES -Command prefixes alter the commands recognised by subsequent SSL_CTX_cmd() +Command prefixes alter the commands recognised by subsequent SSL_CONF_cmd() calls. For example for files, if the prefix "SSL" is set then command names such as "SSLProtocol", "SSLOptions" etc. are recognised instead of "Protocol" and "Options". Similarly for command lines if the prefix is "--ssl-" then diff --git a/deps/openssl/openssl/doc/ssl/SSL_CONF_CTX_set_flags.pod b/deps/openssl/openssl/doc/man3/SSL_CONF_CTX_set_flags.pod similarity index 97% rename from deps/openssl/openssl/doc/ssl/SSL_CONF_CTX_set_flags.pod rename to deps/openssl/openssl/doc/man3/SSL_CONF_CTX_set_flags.pod index efd8da3bc6b64f..766d984626a996 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CONF_CTX_set_flags.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CONF_CTX_set_flags.pod @@ -2,7 +2,7 @@ =head1 NAME -SSL_CONF_CTX_set_flags, SSL_CONF_CTX_clear_flags - Set of clear SSL configuration context flags +SSL_CONF_CTX_set_flags, SSL_CONF_CTX_clear_flags - Set or clear SSL configuration context flags =head1 SYNOPSIS diff --git a/deps/openssl/openssl/doc/ssl/SSL_CONF_CTX_set_ssl_ctx.pod b/deps/openssl/openssl/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod similarity index 100% rename from deps/openssl/openssl/doc/ssl/SSL_CONF_CTX_set_ssl_ctx.pod rename to deps/openssl/openssl/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod diff --git a/deps/openssl/openssl/doc/ssl/SSL_CONF_cmd.pod b/deps/openssl/openssl/doc/man3/SSL_CONF_cmd.pod similarity index 61% rename from deps/openssl/openssl/doc/ssl/SSL_CONF_cmd.pod rename to deps/openssl/openssl/doc/man3/SSL_CONF_cmd.pod index 12fdcab83c4aaf..b399bcf4990ca1 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CONF_cmd.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CONF_cmd.pod @@ -2,7 +2,7 @@ =head1 NAME -SSL_CONF_cmd_value_type, SSL_CONF_finish, +SSL_CONF_cmd_value_type, SSL_CONF_cmd - send configuration command =head1 SYNOPSIS @@ -11,7 +11,6 @@ SSL_CONF_cmd - send configuration command int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value); int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd); - int SSL_CONF_finish(SSL_CONF_CTX *cctx); =head1 DESCRIPTION @@ -22,10 +21,6 @@ framework for command line options or configuration files. SSL_CONF_cmd_value_type() returns the type of value that B refers to. -The function SSL_CONF_finish() must be called after all configuration -operations have been completed. It is used to finalise any operations -or to process defaults. - =head1 SUPPORTED COMMAND LINE COMMANDS Currently supported B names for command lines (i.e. when the @@ -38,40 +33,59 @@ prefix for command line commands is B<-> and that is reflected below. =item B<-sigalgs> -This sets the supported signature algorithms for TLS v1.2. For clients this +This sets the supported signature algorithms for TLSv1.2 and TLSv1.3. +For clients this value is used directly for the supported signature algorithms extension. For servers it is used to determine which signature algorithms to support. The B argument should be a colon separated list of signature algorithms -in order of decreasing preference of the form B. B +in order of decreasing preference of the form B or +B. B is one of B, B or B and B is a supported algorithm OID short name such as B, B, B, B of B. Note: algorithm and hash names are case sensitive. +B is one of the signature schemes defined in TLSv1.3, +specified using the IETF name, e.g., B, B, +or B. If this option is not set then all signature algorithms supported by the OpenSSL library are permissible. +Note: algorithms which specify a PKCS#1 v1.5 signature scheme (either by +using B as the B or by using one of the B +identifiers) are ignored in TLSv1.3 and will not be negotiated. + =item B<-client_sigalgs> This sets the supported signature algorithms associated with client -authentication for TLS v1.2. For servers the value is used in the supported -signature algorithms field of a certificate request. For clients it is -used to determine which signature algorithm to with the client certificate. +authentication for TLSv1.2 and TLSv1.3. +For servers the value is used in the +B field of a B message. +For clients it is +used to determine which signature algorithm to use with the client certificate. If a server does not request a certificate this option has no effect. The syntax of B is identical to B<-sigalgs>. If not set then the value set for B<-sigalgs> will be used instead. -=item B<-curves> +=item B<-groups> -This sets the supported elliptic curves. For clients the curves are -sent using the supported curves extension. For servers it is used -to determine which curve to use. This setting affects curves used for both -signatures and key exchange, if applicable. +This sets the supported groups. For clients, the groups are +sent using the supported groups extension. For servers, it is used +to determine which group to use. This setting affects groups used for +signatures (in TLSv1.2 and earlier) and key exchange. The first group listed +will also be used for the B sent by a client in a TLSv1.3 +B. -The B argument is a colon separated list of curves. The curve can be -either the B name (e.g. B) or an OpenSSL OID name (e.g -B). Curve names are case sensitive. +The B argument is a colon separated list of groups. The group can be +either the B name (e.g. B), some other commonly used name where +applicable (e.g. B) or an OpenSSL OID name (e.g B). Group +names are case sensitive. The list should be in order of preference with the +most preferred group first. + +=item B<-curves> + +This is a synonym for the "-groups" command. =item B<-named_curve> @@ -85,10 +99,19 @@ can be either the B name (e.g. B) or an OpenSSL OID name =item B<-cipher> -Sets the cipher suite list to B. Note: syntax checking of B is -currently not performed unless a B or B structure is +Sets the TLSv1.2 and below ciphersuite list to B. This list will be +combined with any configured TLSv1.3 ciphersuites. Note: syntax checking +of B is currently not performed unless a B or B structure is associated with B. +=item B<-ciphersuites> + +Sets the available ciphersuites for TLSv1.3 to value. This is a simple colon +(":") separated list of TLSv1.3 ciphersuite names in order of preference. This +list will be combined any configured TLSv1.2 and below ciphersuites. +See L for more information. + + =item B<-cert> Attempts to use the file B as the certificate for the appropriate @@ -110,6 +133,12 @@ Attempts to use the file B as the set of temporary DH parameters for the appropriate context. This option is only supported if certificate operations are permitted. +=item B<-record_padding> + +Attempts to pad TLSv1.3 records so that they are a multiple of B in +length on send. A B of 0 or 1 turns off padding. Otherwise, the +B must be >1 or <=16384. + =item B<-no_renegotiation> Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting @@ -119,19 +148,20 @@ B. Sets the minimum and maximum supported protocol. Currently supported protocol values are B, B, -B, B for TLS and B, B for DTLS, +B, B, B for TLS and B, B for DTLS, and B for no limit. -If the either bound is not specified then only the other bound applies, +If either bound is not specified then only the other bound applies, if specified. To restrict the supported protocol versions use these commands rather than the deprecated alternative commands below. -=item B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> +=item B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3> -Disables protocol support for SSLv3, TLSv1.0, TLSv1.1 or TLSv1.2 by setting the -corresponding options B, B, B -and B respectively. -These options are deprecated, instead use B<-min_protocol> and B<-max_protocol>. +Disables protocol support for SSLv3, TLSv1.0, TLSv1.1, TLSv1.2 or TLSv1.3 by +setting the corresponding options B, B, +B, B and B +respectively. These options are deprecated, instead use B<-min_protocol> and +B<-max_protocol>. =item B<-bugs> @@ -160,6 +190,13 @@ Use server and not client preference order when determining which cipher suite, signature algorithm or elliptic curve to use for an incoming connection. Equivalent to B. Only used by servers. +=item B<-prioritize_chacha> + +Prioritize ChaCha ciphers when the client has a ChaCha20 cipher at the top of +its preference list. This usually indicates a client without AES hardware +acceleration (e.g. mobile) is in use. Equivalent to B. +Only used by servers. Requires B<-serverpref>. + =item B<-no_resumption_on_reneg> set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag. Only used by servers. @@ -175,11 +212,28 @@ permits or prohibits the use of unsafe legacy renegotiation for OpenSSL clients only. Equivalent to setting or clearing B. Set by default. +=item B<-allow_no_dhe_kex> + +In TLSv1.3 allow a non-(ec)dhe based key exchange mode on resumption. This means +that there will be no forward secrecy for the resumed session. + =item B<-strict> enables strict mode protocol handling. Equivalent to setting B. +=item B<-anti_replay>, B<-no_anti_replay> + +Switches replay protection, on or off respectively. With replay protection on, +OpenSSL will automatically detect if a session ticket has been used more than +once, TLSv1.3 has been negotiated, and early data is enabled on the server. A +full handshake is forced if a session ticket is used a second or subsequent +time. Anti-Replay is on by default unless overridden by a configuration file and +is only used by servers. Anti-replay measures are required for compliance with +the TLSv1.3 specification. Some applications may be able to mitigate the replay +risks in other ways and in such cases the built-in OpenSSL functionality is not +required. Switching off anti-replay is equivalent to B. + =back =head1 SUPPORTED CONFIGURATION FILE COMMANDS @@ -196,9 +250,17 @@ Note: the command prefix (if set) alters the recognised B values. =item B -Sets the cipher suite list to B. Note: syntax checking of B is -currently not performed unless an B or B structure is -associated with B. +Sets the ciphersuite list for TLSv1.2 and below to B. This list will be +combined with any configured TLSv1.3 ciphersuites. Note: syntax +checking of B is currently not performed unless an B or B +structure is associated with B. + +=item B + +Sets the available ciphersuites for TLSv1.3 to B. This is a simple colon +(":") separated list of TLSv1.3 ciphersuite names in order of preference. This +list will be combined any configured TLSv1.2 and below ciphersuites. +See L for more information. =item B @@ -221,6 +283,14 @@ These options indicate a file or directory used for building certificate chains or verifying certificate chains. These options are only supported if certificate operations are permitted. +=item B + +This option indicates a file containing a set of certificates in PEM form. +The subject names of the certificates are sent to the peer in the +B extension for TLS 1.3 (in ClientHello or +CertificateRequest) or in a certificate request for previous versions or +TLS. + =item B Attempts to use the file B in the "serverinfo" extension using the @@ -232,6 +302,12 @@ Attempts to use the file B as the set of temporary DH parameters for the appropriate context. This option is only supported if certificate operations are permitted. +=item B + +Attempts to pad TLSv1.3 records so that they are a multiple of B in +length on send. A B of 0 or 1 turns off padding. Otherwise, the +B must be >1 or <=16384. + =item B Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting @@ -239,46 +315,66 @@ B. =item B -This sets the supported signature algorithms for TLS v1.2. For clients this +This sets the supported signature algorithms for TLSv1.2 and TLSv1.3. +For clients this value is used directly for the supported signature algorithms extension. For servers it is used to determine which signature algorithms to support. The B argument should be a colon separated list of signature algorithms -in order of decreasing preference of the form B. B +in order of decreasing preference of the form B or +B. B is one of B, B or B and B is a supported algorithm OID short name such as B, B, B, B of B. Note: algorithm and hash names are case sensitive. +B is one of the signature schemes defined in TLSv1.3, +specified using the IETF name, e.g., B, B, +or B. If this option is not set then all signature algorithms supported by the OpenSSL library are permissible. +Note: algorithms which specify a PKCS#1 v1.5 signature scheme (either by +using B as the B or by using one of the B +identifiers) are ignored in TLSv1.3 and will not be negotiated. + =item B This sets the supported signature algorithms associated with client -authentication for TLS v1.2. For servers the value is used in the supported -signature algorithms field of a certificate request. For clients it is -used to determine which signature algorithm to with the client certificate. +authentication for TLSv1.2 and TLSv1.3. +For servers the value is used in the +B field of a B message. +For clients it is +used to determine which signature algorithm to use with the client certificate. +If a server does not request a certificate this option has no effect. The syntax of B is identical to B. If not set then the value set for B will be used instead. -=item B +=item B -This sets the supported elliptic curves. For clients the curves are -sent using the supported curves extension. For servers it is used -to determine which curve to use. This setting affects curves used for both -signatures and key exchange, if applicable. +This sets the supported groups. For clients, the groups are +sent using the supported groups extension. For servers, it is used +to determine which group to use. This setting affects groups used for +signatures (in TLSv1.2 and earlier) and key exchange. The first group listed +will also be used for the B sent by a client in a TLSv1.3 +B. -The B argument is a colon separated list of curves. The curve can be -either the B name (e.g. B) or an OpenSSL OID name (e.g -B). Curve names are case sensitive. +The B argument is a colon separated list of groups. The group can be +either the B name (e.g. B), some other commonly used name where +applicable (e.g. B) or an OpenSSL OID name (e.g B). Group +names are case sensitive. The list should be in order of preference with the +most preferred group first. + +=item B + +This is a synonym for the "Groups" command. =item B This sets the minimum supported SSL, TLS or DTLS version. Currently supported protocol values are B, B, B, -B, B and B. +B, B, B and B. The value B will disable the limit. =item B @@ -286,7 +382,7 @@ The value B will disable the limit. This sets the maximum supported SSL, TLS or DTLS version. Currently supported protocol values are B, B, B, -B, B and B. +B, B, B and B. The value B will disable the limit. =item B @@ -305,7 +401,7 @@ Only enabling some protocol versions does not disable the other protocol versions. Currently supported protocol values are B, B, B, -B, B and B. +B, B, B and B. The special value B refers to all supported versions. This can't enable protocols that are disabled using B @@ -344,24 +440,52 @@ B: enable various bug workarounds. Same as B. B: enable single use DH keys, set by default. Inverse of B. Only used by servers. -B enable single use ECDH keys, set by default. Inverse of +B: enable single use ECDH keys, set by default. Inverse of B. Only used by servers. -B use server and not client preference order when +B: use server and not client preference order when determining which cipher suite, signature algorithm or elliptic curve to use for an incoming connection. Equivalent to B. Only used by servers. -B set +B: prioritizes ChaCha ciphers when the client has a +ChaCha20 cipher at the top of its preference list. This usually indicates +a mobile client is in use. Equivalent to B. +Only used by servers. + +B: set B flag. Only used by servers. -B permits the use of unsafe legacy renegotiation. +B: permits the use of unsafe legacy renegotiation. Equivalent to B. -B permits the use of unsafe legacy renegotiation +B: permits the use of unsafe legacy renegotiation for OpenSSL clients only. Equivalent to B. Set by default. +B: use encrypt-then-mac extension, enabled by +default. Inverse of B: that is, +B<-EncryptThenMac> is the same as setting B. + +B: In TLSv1.3 allow a non-(ec)dhe based key exchange mode on +resumption. This means that there will be no forward secrecy for the resumed +session. Equivalent to B. + +B: If set then dummy Change Cipher Spec (CCS) messages are sent +in TLSv1.3. This has the effect of making TLSv1.3 look more like TLSv1.2 so that +middleboxes that do not understand TLSv1.3 will not drop the connection. This +option is set by default. A future version of OpenSSL may not set this by +default. Equivalent to B. + +B: If set then OpenSSL will automatically detect if a session ticket +has been used more than once, TLSv1.3 has been negotiated, and early data is +enabled on the server. A full handshake is forced if a session ticket is used a +second or subsequent time. This option is set by default and is only used by +servers. Anti-replay measures are required to comply with the TLSv1.3 +specification. Some applications may be able to mitigate the replay risks in +other ways and in such cases the built-in OpenSSL functionality is not required. +Disabling anti-replay is equivalent to setting B. + =item B The B argument is a comma separated list of flags to set. @@ -377,6 +501,18 @@ occurs if the client does not present a certificate. Servers only. B requests a certificate from a client only on the initial connection: not when renegotiating. Servers only. +B configures the connection to support requests but does +not require a certificate from the client post-handshake. A certificate will +not be requested during the initial handshake. The server application must +provide a mechanism to request a certificate post-handshake. Servers only. +TLSv1.3 only. + +B configures the connection to support requests and +requires a certificate from the client post-handshake: an error occurs if the +client does not present a certificate. A certificate will not be requested +during the initial handshake. The server application must provide a mechanism +to request a certificate post-handshake. Servers only. TLSv1.3 only. + =item B, B A file or directory of certificates in PEM format whose names are used as the @@ -433,22 +569,22 @@ however the call sequence is: SSLv3 is B disabled and attempt to override this by the user are ignored. -By checking the return code of SSL_CTX_cmd() it is possible to query if a -given B is recognised, this is useful if SSL_CTX_cmd() values are +By checking the return code of SSL_CONF_cmd() it is possible to query if a +given B is recognised, this is useful if SSL_CONF_cmd() values are mixed with additional application specific operations. -For example an application might call SSL_CTX_cmd() and if it returns +For example an application might call SSL_CONF_cmd() and if it returns -2 (unrecognised command) continue with processing of application specific commands. -Applications can also use SSL_CTX_cmd() to process command lines though the -utility function SSL_CTX_cmd_argv() is normally used instead. One way +Applications can also use SSL_CONF_cmd() to process command lines though the +utility function SSL_CONF_cmd_argv() is normally used instead. One way to do this is to set the prefix to an appropriate value using SSL_CONF_CTX_set1_prefix(), pass the current argument to B and the following argument to B (which may be NULL). In this case if the return value is positive then it is used to skip that -number of arguments as they have been processed by SSL_CTX_cmd(). If -2 is +number of arguments as they have been processed by SSL_CONF_cmd(). If -2 is returned then B is not recognised and application specific arguments can be checked instead. If -3 is returned a required argument is missing and an error is indicated. If 0 is returned some other error occurred and @@ -523,8 +659,6 @@ error occurred attempting to perform the operation: for example due to an error in the syntax of B in this case the error queue may provide additional information. -SSL_CONF_finish() returns 1 for success and 0 for failure. - =head1 SEE ALSO L, @@ -547,6 +681,8 @@ B. B and B where added in OpenSSL 1.1.0. +B and B were added in OpenSSL 1.1.1. + =head1 COPYRIGHT Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/deps/openssl/openssl/doc/ssl/SSL_CONF_cmd_argv.pod b/deps/openssl/openssl/doc/man3/SSL_CONF_cmd_argv.pod similarity index 96% rename from deps/openssl/openssl/doc/ssl/SSL_CONF_cmd_argv.pod rename to deps/openssl/openssl/doc/man3/SSL_CONF_cmd_argv.pod index 15529a59737767..567fa5a5084f9d 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CONF_cmd_argv.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CONF_cmd_argv.pod @@ -15,7 +15,7 @@ SSL_CONF_cmd_argv - SSL configuration command line processing The function SSL_CONF_cmd_argv() processes at most two command line arguments from B and B. The values of B and B are updated to reflect the number of command options processed. The B -argument can be set to B is it is not used. +argument can be set to B if it is not used. =head1 RETURN VALUES diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_add1_chain_cert.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_add1_chain_cert.pod similarity index 97% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_add1_chain_cert.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_add1_chain_cert.pod index 1f0418b249c3da..24730024f857ce 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_add1_chain_cert.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_add1_chain_cert.pod @@ -86,7 +86,7 @@ used to iterate over all certificates in an B structure. SSL_set_current_cert() also supports the option B. If B is a server and has sent a certificate to a connected client this option sets that certificate to the current certificate and returns 1. -If the negotiated ciphersuite is anonymous (and thus no certificate will +If the negotiated cipher suite is anonymous (and thus no certificate will be sent) 2 is returned and the current certificate is unchanged. If B is not a server or a certificate has not been sent 0 is returned and the current certificate is unchanged. @@ -129,7 +129,7 @@ using SSL_CTX_add_extra_chain_cert() will be used. =head1 RETURN VALUES SSL_set_current_cert() with B return 1 for success, 2 if -no server certificate is used because the ciphersuites is anonymous and 0 +no server certificate is used because the cipher suites is anonymous and 0 for failure. SSL_CTX_build_cert_chain() and SSL_build_cert_chain() return 1 for success diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_add_extra_chain_cert.pod similarity index 99% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_add_extra_chain_cert.pod index e2783de9c77079..05d17f8b0f671b 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_add_extra_chain_cert.pod @@ -53,7 +53,7 @@ reason for failure. =head1 SEE ALSO -L, +L, L, L, L diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_add_session.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_add_session.pod similarity index 77% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_add_session.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_add_session.pod index dbdd9f0c5419a3..d8b115bb0c7f61 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_add_session.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_add_session.pod @@ -2,17 +2,15 @@ =head1 NAME -SSL_CTX_add_session, SSL_add_session, SSL_CTX_remove_session, SSL_remove_session - manipulate session cache +SSL_CTX_add_session, SSL_CTX_remove_session - manipulate session cache =head1 SYNOPSIS #include int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c); - int SSL_add_session(SSL_CTX *ctx, SSL_SESSION *c); int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c); - int SSL_remove_session(SSL_CTX *ctx, SSL_SESSION *c); =head1 DESCRIPTION @@ -21,11 +19,8 @@ reference count for session B is incremented by 1. If a session with the same session id already exists, the old session is removed by calling L. -SSL_CTX_remove_session() removes the session B from the context B. -L is called once for B. - -SSL_add_session() and SSL_remove_session() are synonyms for their -SSL_CTX_*() counterparts. +SSL_CTX_remove_session() removes the session B from the context B and +marks it as non-resumable. L is called once for B. =head1 NOTES @@ -54,19 +49,19 @@ The following values are returned by all functions: =item Z<>0 - The operation failed. In case of the add operation, it was tried to add - the same (identical) session twice. In case of the remove operation, the - session was not found in the cache. +The operation failed. In case of the add operation, it was tried to add +the same (identical) session twice. In case of the remove operation, the +session was not found in the cache. =item Z<>1 - The operation succeeded. +The operation succeeded. =back =head1 SEE ALSO -L, +L, L, L diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_config.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_config.pod similarity index 93% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_config.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_config.pod index ec744ad033ac3c..5b2aed76c28370 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_config.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_config.pod @@ -25,7 +25,7 @@ can also be achieved: an application can support configuration features in newer versions of OpenSSL automatically. A configuration file must have been previously loaded, for example using -CONF_modules_load_file(). See L for details of the configuration +CONF_modules_load_file(). See L for details of the configuration file syntax. =head1 RETURN VALUES @@ -45,11 +45,9 @@ If the file "config.cnf" contains the following: ssl_conf = ssl_sect [ssl_sect] - server = server_section [server_section] - RSA.Certificate = server-rsa.pem ECDSA.Certificate = server-ecdsa.pem Ciphers = ALL:!RC4 @@ -57,8 +55,8 @@ If the file "config.cnf" contains the following: An application could call: if (CONF_modules_load_file("config.cnf", "testapp", 0) <= 0) { - fprintf(stderr, "Error processing config file\n"); - goto err; + fprintf(stderr, "Error processing config file\n"); + goto err; } ctx = SSL_CTX_new(TLS_server_method()); @@ -73,7 +71,7 @@ the need for any additional application code. =head1 SEE ALSO -L, +L, L, L diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_ctrl.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_ctrl.pod similarity index 99% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_ctrl.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_ctrl.pod index e8386a59302fa3..55fb015e6b82ba 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_ctrl.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_ctrl.pod @@ -29,7 +29,7 @@ supplied via the B parameter. =head1 SEE ALSO -L +L =head1 COPYRIGHT diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_dane_enable.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_dane_enable.pod similarity index 72% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_dane_enable.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_dane_enable.pod index cdb6d1bdfc6164..d767bb296e83b0 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_dane_enable.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_dane_enable.pod @@ -18,7 +18,7 @@ TLS client uint8_t mtype, uint8_t ord); int SSL_dane_enable(SSL *s, const char *basedomain); int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector, - uint8_t mtype, unsigned char *data, size_t dlen); + uint8_t mtype, unsigned const char *data, size_t dlen); int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki); int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, uint8_t *mtype, unsigned const char **data, @@ -192,139 +192,137 @@ The actual name matched in the certificate (which might be a wildcard) is retrieved, and must be copied by the application if it is to be retained beyond the lifetime of the SSL connection. - SSL_CTX *ctx; - SSL *ssl; - int (*verify_cb)(int ok, X509_STORE_CTX *sctx) = NULL; - int num_usable = 0; - const char *nexthop_domain = "example.com"; - const char *dane_tlsa_domain = "smtp.example.com"; - uint8_t usage, selector, mtype; - - if ((ctx = SSL_CTX_new(TLS_client_method())) == NULL) - /* handle error */ - if (SSL_CTX_dane_enable(ctx) <= 0) - /* handle error */ - - if ((ssl = SSL_new(ctx)) == NULL) - /* handle error */ - - if (SSL_dane_enable(ssl, dane_tlsa_domain) <= 0) - /* handle error */ - - /* - * For many applications it is safe to skip DANE-EE(3) namechecks. Do not - * disable the checks unless "unknown key share" attacks pose no risk for - * your application. - */ - SSL_dane_set_flags(ssl, DANE_FLAG_NO_DANE_EE_NAMECHECKS); - - if (!SSL_add1_host(ssl, nexthop_domain)) - /* handle error */ - SSL_set_hostflags(ssl, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); - - for (... each TLSA record ...) { - unsigned char *data; - size_t len; - int ret; - - /* set usage, selector, mtype, data, len */ - - /* - * Opportunistic DANE TLS clients support only DANE-TA(2) or DANE-EE(3). - * They treat all other certificate usages, and in particular PKIX-TA(0) - * and PKIX-EE(1), as unusable. - */ - switch (usage) { - default: - case 0: /* PKIX-TA(0) */ - case 1: /* PKIX-EE(1) */ - continue; - case 2: /* DANE-TA(2) */ - case 3: /* DANE-EE(3) */ - break; - } - - ret = SSL_dane_tlsa_add(ssl, usage, selector, mtype, data, len); - /* free data as appropriate */ - - if (ret < 0) - /* handle SSL library internal error */ - else if (ret == 0) - /* handle unusable TLSA record */ - else - ++num_usable; - } - - /* - * At this point, the verification mode is still the default SSL_VERIFY_NONE. - * Opportunistic DANE clients use unauthenticated TLS when all TLSA records - * are unusable, so continue the handshake even if authentication fails. - */ - if (num_usable == 0) { - /* Log all records unusable? */ - - /* Optionally set verify_cb to a suitable non-NULL callback. */ - SSL_set_verify(ssl, SSL_VERIFY_NONE, verify_cb); - } else { - /* At least one usable record. We expect to verify the peer */ - - /* Optionally set verify_cb to a suitable non-NULL callback. */ - - /* - * Below we elect to fail the handshake when peer verification fails. - * Alternatively, use the permissive SSL_VERIFY_NONE verification mode, - * complete the handshake, check the verification status, and if not - * verified disconnect gracefully at the application layer, especially if - * application protocol supports informing the server that authentication - * failed. - */ - SSL_set_verify(ssl, SSL_VERIFY_PEER, verify_cb); - } - - /* - * Load any saved session for resumption, making sure that the previous - * session applied the same security and authentication requirements that - * would be expected of a fresh connection. - */ - - /* Perform SSL_connect() handshake and handle errors here */ - - if (SSL_session_reused(ssl)) { - if (SSL_get_verify_result(ssl) == X509_V_OK) { - /* - * Resumed session was originally verified, this connection is - * authenticated. - */ - } else { - /* - * Resumed session was not originally verified, this connection is not - * authenticated. - */ - } - } else if (SSL_get_verify_result(ssl) == X509_V_OK) { - const char *peername = SSL_get0_peername(ssl); - EVP_PKEY *mspki = NULL; - - int depth = SSL_get0_dane_authority(ssl, NULL, &mspki); - if (depth >= 0) { - (void) SSL_get0_dane_tlsa(ssl, &usage, &selector, &mtype, NULL, NULL); - printf("DANE TLSA %d %d %d %s at depth %d\n", usage, selector, mtype, - (mspki != NULL) ? "TA public key verified certificate" : - depth ? "matched TA certificate" : "matched EE certificate", - depth); - } - if (peername != NULL) { - /* Name checks were in scope and matched the peername */ - printf("Verified peername: %s\n", peername); - } - } else { - /* - * Not authenticated, presumably all TLSA rrs unusable, but possibly a - * callback suppressed connection termination despite the presence of - * usable TLSA RRs none of which matched. Do whatever is appropriate for - * fresh unauthenticated connections. - */ - } + SSL_CTX *ctx; + SSL *ssl; + int (*verify_cb)(int ok, X509_STORE_CTX *sctx) = NULL; + int num_usable = 0; + const char *nexthop_domain = "example.com"; + const char *dane_tlsa_domain = "smtp.example.com"; + uint8_t usage, selector, mtype; + + if ((ctx = SSL_CTX_new(TLS_client_method())) == NULL) + /* error */ + if (SSL_CTX_dane_enable(ctx) <= 0) + /* error */ + if ((ssl = SSL_new(ctx)) == NULL) + /* error */ + if (SSL_dane_enable(ssl, dane_tlsa_domain) <= 0) + /* error */ + + /* + * For many applications it is safe to skip DANE-EE(3) namechecks. Do not + * disable the checks unless "unknown key share" attacks pose no risk for + * your application. + */ + SSL_dane_set_flags(ssl, DANE_FLAG_NO_DANE_EE_NAMECHECKS); + + if (!SSL_add1_host(ssl, nexthop_domain)) + /* error */ + SSL_set_hostflags(ssl, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); + + for (... each TLSA record ...) { + unsigned char *data; + size_t len; + int ret; + + /* set usage, selector, mtype, data, len */ + + /* + * Opportunistic DANE TLS clients support only DANE-TA(2) or DANE-EE(3). + * They treat all other certificate usages, and in particular PKIX-TA(0) + * and PKIX-EE(1), as unusable. + */ + switch (usage) { + default: + case 0: /* PKIX-TA(0) */ + case 1: /* PKIX-EE(1) */ + continue; + case 2: /* DANE-TA(2) */ + case 3: /* DANE-EE(3) */ + break; + } + + ret = SSL_dane_tlsa_add(ssl, usage, selector, mtype, data, len); + /* free data as appropriate */ + + if (ret < 0) + /* handle SSL library internal error */ + else if (ret == 0) + /* handle unusable TLSA record */ + else + ++num_usable; + } + + /* + * At this point, the verification mode is still the default SSL_VERIFY_NONE. + * Opportunistic DANE clients use unauthenticated TLS when all TLSA records + * are unusable, so continue the handshake even if authentication fails. + */ + if (num_usable == 0) { + /* Log all records unusable? */ + + /* Optionally set verify_cb to a suitable non-NULL callback. */ + SSL_set_verify(ssl, SSL_VERIFY_NONE, verify_cb); + } else { + /* At least one usable record. We expect to verify the peer */ + + /* Optionally set verify_cb to a suitable non-NULL callback. */ + + /* + * Below we elect to fail the handshake when peer verification fails. + * Alternatively, use the permissive SSL_VERIFY_NONE verification mode, + * complete the handshake, check the verification status, and if not + * verified disconnect gracefully at the application layer, especially if + * application protocol supports informing the server that authentication + * failed. + */ + SSL_set_verify(ssl, SSL_VERIFY_PEER, verify_cb); + } + + /* + * Load any saved session for resumption, making sure that the previous + * session applied the same security and authentication requirements that + * would be expected of a fresh connection. + */ + + /* Perform SSL_connect() handshake and handle errors here */ + + if (SSL_session_reused(ssl)) { + if (SSL_get_verify_result(ssl) == X509_V_OK) { + /* + * Resumed session was originally verified, this connection is + * authenticated. + */ + } else { + /* + * Resumed session was not originally verified, this connection is not + * authenticated. + */ + } + } else if (SSL_get_verify_result(ssl) == X509_V_OK) { + const char *peername = SSL_get0_peername(ssl); + EVP_PKEY *mspki = NULL; + + int depth = SSL_get0_dane_authority(ssl, NULL, &mspki); + if (depth >= 0) { + (void) SSL_get0_dane_tlsa(ssl, &usage, &selector, &mtype, NULL, NULL); + printf("DANE TLSA %d %d %d %s at depth %d\n", usage, selector, mtype, + (mspki != NULL) ? "TA public key verified certificate" : + depth ? "matched TA certificate" : "matched EE certificate", + depth); + } + if (peername != NULL) { + /* Name checks were in scope and matched the peername */ + printf("Verified peername: %s\n", peername); + } + } else { + /* + * Not authenticated, presumably all TLSA rrs unusable, but possibly a + * callback suppressed connection termination despite the presence of + * usable TLSA RRs none of which matched. Do whatever is appropriate for + * fresh unauthenticated connections. + */ + } =head1 NOTES diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_flush_sessions.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_flush_sessions.pod similarity index 81% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_flush_sessions.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_flush_sessions.pod index 7639451c5dc4ed..c2f010646476b3 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_flush_sessions.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_flush_sessions.pod @@ -2,29 +2,26 @@ =head1 NAME -SSL_CTX_flush_sessions, SSL_flush_sessions - remove expired sessions +SSL_CTX_flush_sessions - remove expired sessions =head1 SYNOPSIS #include void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); - void SSL_flush_sessions(SSL_CTX *ctx, long tm); =head1 DESCRIPTION SSL_CTX_flush_sessions() causes a run through the session cache of B to remove sessions expired at time B. -SSL_flush_sessions() is a synonym for SSL_CTX_flush_sessions(). - =head1 NOTES If enabled, the internal session cache will collect all sessions established up to the specified maximum number (see SSL_CTX_sess_set_cache_size()). As sessions will not be reused ones they are expired, they should be removed from the cache to save resources. This can either be done - automatically whenever 255 new sessions were established (see +automatically whenever 255 new sessions were established (see L) or manually by calling SSL_CTX_flush_sessions(). @@ -37,16 +34,20 @@ cache. When a session is found and removed, the remove_session_cb is however called to synchronize with the external cache (see L). +=head1 RETURN VALUES + +SSL_CTX_flush_sessions() does not return a value. + =head1 SEE ALSO -L, +L, L, L, L =head1 COPYRIGHT -Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_free.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_free.pod similarity index 97% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_free.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_free.pod index e5cc1aab77884d..6b7bf1a817360f 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_free.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_free.pod @@ -36,7 +36,7 @@ SSL_CTX_free() does not provide diagnostic information. =head1 SEE ALSO -L, L, +L, L, L =head1 COPYRIGHT diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_get0_param.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_get0_param.pod similarity index 100% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_get0_param.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_get0_param.pod diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_get_verify_mode.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_get_verify_mode.pod similarity index 98% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_get_verify_mode.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_get_verify_mode.pod index bd100344d1fcfa..5f6da9d405bc8c 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_get_verify_mode.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_get_verify_mode.pod @@ -45,7 +45,7 @@ See DESCRIPTION =head1 SEE ALSO -L, L +L, L =head1 COPYRIGHT diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_has_client_custom_ext.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_has_client_custom_ext.pod similarity index 98% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_has_client_custom_ext.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_has_client_custom_ext.pod index d9e9a066ea163c..b220c5e79b7fd3 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_has_client_custom_ext.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_has_client_custom_ext.pod @@ -22,7 +22,7 @@ Returns 1 if a handler has been set, 0 otherwise. =head1 SEE ALSO -L, +L, L =head1 COPYRIGHT diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_load_verify_locations.pod similarity index 99% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_load_verify_locations.pod index 59d11e03ee4d0f..a96aafed5f766a 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_load_verify_locations.pod @@ -108,7 +108,7 @@ ca1.pem ca2.pem ca3.pem: #!/bin/sh rm CAfile.pem for i in ca1.pem ca2.pem ca3.pem ; do - openssl x509 -in $i -text >> CAfile.pem + openssl x509 -in $i -text >> CAfile.pem done Prepare the directory /some/where/certs containing several CA certificates @@ -141,7 +141,7 @@ missing default location is still treated as a success. =head1 SEE ALSO -L, +L, L, L, L, diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_new.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_new.pod similarity index 91% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_new.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_new.pod index 7b35bddade87c4..d07834151eb707 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_new.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_new.pod @@ -92,7 +92,7 @@ B can be of the following types: These are the general-purpose I SSL/TLS methods. The actual protocol version used will be negotiated to the highest version mutually supported by the client and the server. -The supported protocols are SSLv3, TLSv1, TLSv1.1 and TLSv1.2. +The supported protocols are SSLv3, TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3. Applications should use these methods, and avoid the version-specific methods described below. @@ -153,15 +153,16 @@ L, L and L functions. Using these functions it is possible to choose e.g. TLS_server_method() and be able to negotiate with all possible clients, but to only -allow newer protocols like TLS 1.0, TLS 1.1 or TLS 1.2. +allow newer protocols like TLS 1.0, TLS 1.1, TLS 1.2 or TLS 1.3. The list of protocols available can also be limited using the -B, B, B and -B options of the L or -L functions, but this approach is not recommended. -Clients should avoid creating "holes" in the set of protocols they support. -When disabling a protocol, make sure that you also disable either all previous -or all subsequent protocol versions. +B, B, B, +B, B and B +options of the +L or L functions, but this approach +is not recommended. Clients should avoid creating "holes" in the set of +protocols they support. When disabling a protocol, make sure that you also +disable either all previous or all subsequent protocol versions. In clients, when a protocol version is disabled without disabling I previous protocol versions, the effect is to also disable all subsequent protocol versions. @@ -204,11 +205,11 @@ All version-specific methods were deprecated in OpenSSL 1.1.0. =head1 SEE ALSO L, L, L, -L, L, L +L, L, L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_sess_number.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_sess_number.pod similarity index 93% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_sess_number.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_sess_number.pod index 049c04c449953b..a96c8dd791ca53 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_sess_number.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_sess_number.pod @@ -32,7 +32,7 @@ client mode. SSL_CTX_sess_connect_good() returns the number of successfully established SSL/TLS sessions in client mode. -SSL_CTX_sess_connect_renegotiate() returns the number of start renegotiations +SSL_CTX_sess_connect_renegotiate() returns the number of started renegotiations in client mode. SSL_CTX_sess_accept() returns the number of started SSL/TLS handshakes in @@ -41,7 +41,7 @@ server mode. SSL_CTX_sess_accept_good() returns the number of successfully established SSL/TLS sessions in server mode. -SSL_CTX_sess_accept_renegotiate() returns the number of start renegotiations +SSL_CTX_sess_accept_renegotiate() returns the number of started renegotiations in server mode. SSL_CTX_sess_hits() returns the number of successfully reused sessions. @@ -69,7 +69,7 @@ The functions return the values indicated in the DESCRIPTION section. =head1 SEE ALSO -L, L, +L, L, L L diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_sess_set_cache_size.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_sess_set_cache_size.pod similarity index 99% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_sess_set_cache_size.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_sess_set_cache_size.pod index 5aef10bd8eda4b..6a1c140ef16bab 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_sess_set_cache_size.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_sess_set_cache_size.pod @@ -45,7 +45,7 @@ SSL_CTX_sess_get_cache_size() returns the currently valid size. =head1 SEE ALSO -L, +L, L, L, L diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_sess_set_get_cb.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_sess_set_get_cb.pod similarity index 63% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_sess_set_get_cb.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_sess_set_get_cb.pod index d2b0e0473716e4..774c4b120f6e30 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_sess_set_get_cb.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_sess_set_get_cb.pod @@ -11,18 +11,20 @@ SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SS void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(SSL *, SSL_SESSION *)); void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, - void (*remove_session_cb)(SSL_CTX *ctx, SSL_SESSION *)); + void (*remove_session_cb)(SSL_CTX *ctx, + SSL_SESSION *)); void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, - SSL_SESSION (*get_session_cb)(SSL *, const unsigned char *, int, int *)); - - int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess); - void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess); - SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, const unsigned char *data, int len, int *copy); - - int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess); - void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess); - SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data, - int len, int *copy); + SSL_SESSION (*get_session_cb)(SSL *, + const unsigned char *, + int, int *)); + + int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, + SSL_SESSION *sess); + void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, + SSL_SESSION *sess); + SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, + const unsigned char *data, + int len, int *copy); =head1 DESCRIPTION @@ -41,9 +43,9 @@ L). (SSL/TLS server only.) SSL_CTX_sess_get_new_cb(), SSL_CTX_sess_get_remove_cb(), and -SSL_CTX_sess_get_get_cb() allow to retrieve the function pointers of the -provided callback functions. If a callback function has not been set, -the NULL pointer is returned. +SSL_CTX_sess_get_get_cb() retrieve the function pointers set by the +corresponding set callback functions. If a callback function has not been +set, the NULL pointer is returned. =head1 NOTES @@ -57,7 +59,18 @@ and session caching is enabled (see L). The new_session_cb() is passed the B connection and the ssl session B. If the callback returns B<0>, the session will be immediately -removed again. +removed again. Note that in TLSv1.3, sessions are established after the main +handshake has completed. The server decides when to send the client the session +information and this may occur some time after the end of the handshake (or not +at all). This means that applications should expect the new_session_cb() +function to be invoked during the handshake (for <= TLSv1.2) or after the +handshake (for TLSv1.3). It is also possible in TLSv1.3 for multiple sessions to +be established with a single connection. In these case the new_session_cb() +function will be invoked multiple times. + +In TLSv1.3 it is recommended that each SSL_SESSION object is only used for +resumption once. One way of enforcing that is for applications to call +L after a session has been used. The remove_session_cb() is called, whenever the SSL engine removes a session from the internal cache. This happens when the session is removed because @@ -76,9 +89,14 @@ Normally the reference count is not incremented and therefore the session must not be explicitly freed with L. +=head1 RETURN VALUES + +SSL_CTX_sess_get_new_cb(), SSL_CTX_sess_get_remove_cb() and SSL_CTX_sess_get_get_cb() +return different callback function pointers respectively. + =head1 SEE ALSO -L, L, +L, L, L, L, L, @@ -86,7 +104,7 @@ L =head1 COPYRIGHT -Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_sessions.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_sessions.pod similarity index 76% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_sessions.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_sessions.pod index bc4a55e1a22a07..41c0777cafc52a 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_sessions.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_sessions.pod @@ -18,22 +18,26 @@ internal session cache for B. =head1 NOTES The sessions in the internal session cache are kept in an -L type database. It is possible to directly +L type database. It is possible to directly access this database e.g. for searching. In parallel, the sessions form a linked list which is maintained separately from the -L operations, so that the database must not be +L operations, so that the database must not be modified directly but by using the L family of functions. +=head1 RETURN VALUES + +SSL_CTX_sessions() returns a pointer to the lhash of B. + =head1 SEE ALSO -L, L, +L, L, L, L =head1 COPYRIGHT -Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/SSL_CTX_set0_CA_list.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set0_CA_list.pod new file mode 100644 index 00000000000000..e68e26099a66c7 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set0_CA_list.pod @@ -0,0 +1,188 @@ +=pod + +=head1 NAME + +SSL_CTX_set_client_CA_list, +SSL_set_client_CA_list, +SSL_get_client_CA_list, +SSL_CTX_get_client_CA_list, +SSL_CTX_add_client_CA, +SSL_add_client_CA, +SSL_set0_CA_list, +SSL_CTX_set0_CA_list, +SSL_get0_CA_list, +SSL_CTX_get0_CA_list, +SSL_add1_to_CA_list, +SSL_CTX_add1_to_CA_list, +SSL_get0_peer_CA_list +- get or set CA list + +=head1 SYNOPSIS + + #include + + void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list); + void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list); + STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); + STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx); + int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *cacert); + int SSL_add_client_CA(SSL *ssl, X509 *cacert); + + void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); + void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); + const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx); + const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s); + int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x); + int SSL_add1_to_CA_list(SSL *ssl, const X509 *x); + + const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s); + +=head1 DESCRIPTION + +The functions described here set and manage the list of CA names that are sent +between two communicating peers. + +For TLS versions 1.2 and earlier the list of CA names is only sent from the +server to the client when requesting a client certificate. So any list of CA +names set is never sent from client to server and the list of CA names retrieved +by SSL_get0_peer_CA_list() is always B. + +For TLS 1.3 the list of CA names is sent using the B +extension and may be sent by a client (in the ClientHello message) or by +a server (when requesting a certificate). + +In most cases it is not necessary to set CA names on the client side. The list +of CA names that are acceptable to the client will be sent in plaintext to the +server. This has privacy implications and may also have performance implications +if the list is large. This optional capability was introduced as part of TLSv1.3 +and therefore setting CA names on the client side will have no impact if that +protocol version has been disabled. Most servers do not need this and so this +should be avoided unless required. + +The "client CA list" functions below only have an effect when called on the +server side. + +SSL_CTX_set_client_CA_list() sets the B of CAs sent to the client when +requesting a client certificate for B. Ownership of B is transferred +to B and it should not be freed by the caller. + +SSL_set_client_CA_list() sets the B of CAs sent to the client when +requesting a client certificate for the chosen B, overriding the +setting valid for B's SSL_CTX object. Ownership of B is transferred +to B and it should not be freed by the caller. + +SSL_CTX_get_client_CA_list() returns the list of client CAs explicitly set for +B using SSL_CTX_set_client_CA_list(). The returned list should not be freed +by the caller. + +SSL_get_client_CA_list() returns the list of client CAs explicitly +set for B using SSL_set_client_CA_list() or B's SSL_CTX object with +SSL_CTX_set_client_CA_list(), when in server mode. In client mode, +SSL_get_client_CA_list returns the list of client CAs sent from the server, if +any. The returned list should not be freed by the caller. + +SSL_CTX_add_client_CA() adds the CA name extracted from B to the +list of CAs sent to the client when requesting a client certificate for +B. + +SSL_add_client_CA() adds the CA name extracted from B to the +list of CAs sent to the client when requesting a client certificate for +the chosen B, overriding the setting valid for B's SSL_CTX object. + +SSL_get0_peer_CA_list() retrieves the list of CA names (if any) the peer +has sent. This can be called on either the server or the client side. The +returned list should not be freed by the caller. + +The "generic CA list" functions below are very similar to the "client CA +list" functions except that they have an effect on both the server and client +sides. The lists of CA names managed are separate - so you cannot (for example) +set CA names using the "client CA list" functions and then get them using the +"generic CA list" functions. Where a mix of the two types of functions has been +used on the server side then the "client CA list" functions take precedence. +Typically, on the server side, the "client CA list " functions should be used in +preference. As noted above in most cases it is not necessary to set CA names on +the client side. + +SSL_CTX_set0_CA_list() sets the list of CAs to be sent to the peer to +B. Ownership of B is transferred to B and +it should not be freed by the caller. + +SSL_set0_CA_list() sets the list of CAs to be sent to the peer to B +overriding any list set in the parent B of B. Ownership of +B is transferred to B and it should not be freed by the caller. + +SSL_CTX_get0_CA_list() retrieves any previously set list of CAs set for +B. The returned list should not be freed by the caller. + +SSL_get0_CA_list() retrieves any previously set list of CAs set for +B or if none are set the list from the parent B is retrieved. The +returned list should not be freed by the caller. + +SSL_CTX_add1_to_CA_list() appends the CA subject name extracted from B to the +list of CAs sent to peer for B. + +SSL_add1_to_CA_list() appends the CA subject name extracted from B to the +list of CAs sent to the peer for B, overriding the setting in the parent +B. + +=head1 NOTES + +When a TLS/SSL server requests a client certificate (see +B), it sends a list of CAs, for which it will accept +certificates, to the client. + +This list must explicitly be set using SSL_CTX_set_client_CA_list() or +SSL_CTX_set0_CA_list() for B and SSL_set_client_CA_list() or +SSL_set0_CA_list() for the specific B. The list specified +overrides the previous setting. The CAs listed do not become trusted (B +only contains the names, not the complete certificates); use +L to additionally load them for verification. + +If the list of acceptable CAs is compiled in a file, the +L function can be used to help to import the +necessary data. + +SSL_CTX_add_client_CA(), SSL_CTX_add1_to_CA_list(), SSL_add_client_CA() and +SSL_add1_to_CA_list() can be used to add additional items the list of CAs. If no +list was specified before using SSL_CTX_set_client_CA_list(), +SSL_CTX_set0_CA_list(), SSL_set_client_CA_list() or SSL_set0_CA_list(), a +new CA list for B or B (as appropriate) is opened. + +=head1 RETURN VALUES + +SSL_CTX_set_client_CA_list(), SSL_set_client_CA_list(), +SSL_CTX_set_client_CA_list(), SSL_set_client_CA_list(), SSL_CTX_set0_CA_list() +and SSL_set0_CA_list() do not return a value. + +SSL_CTX_get_client_CA_list(), SSL_get_client_CA_list(), SSL_CTX_get0_CA_list() +and SSL_get0_CA_list() return a stack of CA names or B is no CA names are +set. + +SSL_CTX_add_client_CA(),SSL_add_client_CA(), SSL_CTX_add1_to_CA_list() and +SSL_add1_to_CA_list() return 1 for success and 0 for failure. + +SSL_get0_peer_CA_list() returns a stack of CA names sent by the peer or +B or an empty stack if no list was sent. + +=head1 EXAMPLES + +Scan all certificates in B and list them as acceptable CAs: + + SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile)); + +=head1 SEE ALSO + +L, +L, +L + +=head1 COPYRIGHT + +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/SSL_CTX_set1_curves.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set1_curves.pod new file mode 100644 index 00000000000000..7dca0e0161d909 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set1_curves.pod @@ -0,0 +1,112 @@ +=pod + +=head1 NAME + +SSL_CTX_set1_groups, SSL_CTX_set1_groups_list, SSL_set1_groups, +SSL_set1_groups_list, SSL_get1_groups, SSL_get_shared_group, +SSL_CTX_set1_curves, SSL_CTX_set1_curves_list, SSL_set1_curves, +SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve +- EC supported curve functions + +=head1 SYNOPSIS + + #include + + int SSL_CTX_set1_groups(SSL_CTX *ctx, int *glist, int glistlen); + int SSL_CTX_set1_groups_list(SSL_CTX *ctx, char *list); + + int SSL_set1_groups(SSL *ssl, int *glist, int glistlen); + int SSL_set1_groups_list(SSL *ssl, char *list); + + int SSL_get1_groups(SSL *ssl, int *groups); + int SSL_get_shared_group(SSL *s, int n); + + int SSL_CTX_set1_curves(SSL_CTX *ctx, int *clist, int clistlen); + int SSL_CTX_set1_curves_list(SSL_CTX *ctx, char *list); + + int SSL_set1_curves(SSL *ssl, int *clist, int clistlen); + int SSL_set1_curves_list(SSL *ssl, char *list); + + int SSL_get1_curves(SSL *ssl, int *curves); + int SSL_get_shared_curve(SSL *s, int n); + +=head1 DESCRIPTION + +For all of the functions below that set the supported groups there must be at +least one group in the list. + +SSL_CTX_set1_groups() sets the supported groups for B to B +groups in the array B. The array consist of all NIDs of groups in +preference order. For a TLS client the groups are used directly in the +supported groups extension. For a TLS server the groups are used to +determine the set of shared groups. + +SSL_CTX_set1_groups_list() sets the supported groups for B to +string B. The string is a colon separated list of group NIDs or +names, for example "P-521:P-384:P-256". + +SSL_set1_groups() and SSL_set1_groups_list() are similar except they set +supported groups for the SSL structure B. + +SSL_get1_groups() returns the set of supported groups sent by a client +in the supported groups extension. It returns the total number of +supported groups. The B parameter can be B to simply +return the number of groups for memory allocation purposes. The +B array is in the form of a set of group NIDs in preference +order. It can return zero if the client did not send a supported groups +extension. + +SSL_get_shared_group() returns shared group B for a server-side +SSL B. If B is -1 then the total number of shared groups is +returned, which may be zero. Other than for diagnostic purposes, +most applications will only be interested in the first shared group +so B is normally set to zero. If the value B is out of range, +NID_undef is returned. + +All these functions are implemented as macros. + +The curve functions are synonyms for the equivalently named group functions and +are identical in every respect. They exist because, prior to TLS1.3, there was +only the concept of supported curves. In TLS1.3 this was renamed to supported +groups, and extended to include Diffie Hellman groups. The group functions +should be used in preference. + +=head1 NOTES + +If an application wishes to make use of several of these functions for +configuration purposes either on a command line or in a file it should +consider using the SSL_CONF interface instead of manually parsing options. + +=head1 RETURN VALUES + +SSL_CTX_set1_groups(), SSL_CTX_set1_groups_list(), SSL_set1_groups() and +SSL_set1_groups_list(), return 1 for success and 0 for failure. + +SSL_get1_groups() returns the number of groups, which may be zero. + +SSL_get_shared_group() returns the NID of shared group B or NID_undef if there +is no shared group B; or the total number of shared groups if B +is -1. + +When called on a client B, SSL_get_shared_group() has no meaning and +returns -1. + +=head1 SEE ALSO + +L + +=head1 HISTORY + +The curve functions were first added to OpenSSL 1.0.2. The equivalent group +functions were first added to OpenSSL 1.1.1. + +=head1 COPYRIGHT + +Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_set1_sigalgs.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set1_sigalgs.pod similarity index 82% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_set1_sigalgs.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_set1_sigalgs.pod index e9073b99e348f4..93d5320d965a4e 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_set1_sigalgs.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set1_sigalgs.pod @@ -30,8 +30,10 @@ algorithms. SSL_CTX_set1_sigalgs_list() and SSL_set1_sigalgs_list() set the supported signature algorithms for B or B. The B parameter -must be a null terminated string consisting or a colon separated list of -public key algorithms and digests separated by B<+>. +must be a null terminated string consisting of a colon separated list of +elements, where each element is either a combination of a public key +algorithm and a digest separated by B<+>, or a TLS 1.3-style named +SignatureScheme such as rsa_pss_pss_sha256. SSL_CTX_set1_client_sigalgs(), SSL_set1_client_sigalgs(), SSL_CTX_set1_client_sigalgs_list() and SSL_set1_client_sigalgs_list() set @@ -70,11 +72,14 @@ prohibits them (for example SHA1 if the security level is 4 or more). Currently the NID_md5, NID_sha1, NID_sha224, NID_sha256, NID_sha384 and NID_sha512 digest NIDs are supported and the public key algorithm NIDs -EVP_PKEY_RSA, EVP_PKEY_DSA and EVP_PKEY_EC. +EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_DSA and EVP_PKEY_EC. The short or long name values for digests can be used in a string (for example "MD5", "SHA1", "SHA224", "SHA256", "SHA384", "SHA512") and -the public key algorithm strings "RSA", "DSA" or "ECDSA". +the public key algorithm strings "RSA", "RSA-PSS", "DSA" or "ECDSA". + +The TLS 1.3 signature scheme names (such as "rsa_pss_pss_sha256") can also +be used with the B<_list> forms of the API. The use of MD5 as a digest is strongly discouraged due to security weaknesses. @@ -83,14 +88,14 @@ The use of MD5 as a digest is strongly discouraged due to security weaknesses. Set supported signature algorithms to SHA256 with ECDSA and SHA256 with RSA using an array: - const int slist[] = {NID_sha256, EVP_PKEY_EC, NID_sha256, EVP_PKEY_RSA}; + const int slist[] = {NID_sha256, EVP_PKEY_EC, NID_sha256, EVP_PKEY_RSA}; - SSL_CTX_set1_sigalgs(ctx, slist, 4); + SSL_CTX_set1_sigalgs(ctx, slist, 4); Set supported signature algorithms to SHA256 with ECDSA and SHA256 with RSA using a string: - SSL_CTX_set1_sigalgs_list(ctx, "ECDSA+SHA256:RSA+SHA256"); + SSL_CTX_set1_sigalgs_list(ctx, "ECDSA+SHA256:RSA+SHA256"); =head1 RETURN VALUES @@ -98,12 +103,12 @@ All these functions return 1 for success and 0 for failure. =head1 SEE ALSO -L, L, +L, L, L =head1 COPYRIGHT -Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_set1_verify_cert_store.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set1_verify_cert_store.pod similarity index 100% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_set1_verify_cert_store.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_set1_verify_cert_store.pod diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_alpn_select_cb.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_alpn_select_cb.pod similarity index 100% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_set_alpn_select_cb.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_set_alpn_select_cb.pod diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_cert_cb.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_cert_cb.pod similarity index 86% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_set_cert_cb.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_set_cert_cb.pod index eaa7a4e3cbb357..da084cb1f45c54 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_cert_cb.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_cert_cb.pod @@ -8,7 +8,8 @@ SSL_CTX_set_cert_cb, SSL_set_cert_cb - handle certificate callback function #include - void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cert_cb)(SSL *ssl, void *arg), void *arg); + void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cert_cb)(SSL *ssl, void *arg), + void *arg); void SSL_set_cert_cb(SSL *s, int (*cert_cb)(SSL *ssl, void *arg), void *arg); int (*cert_cb)(SSL *ssl, void *arg); @@ -50,24 +51,28 @@ can modify or delete the existing certificate. A more advanced callback might examine the handshake parameters and set whatever chain is appropriate. For example a legacy client supporting only -TLS v1.0 might receive a certificate chain signed using SHA1 whereas a -TLS v1.2 client which advertises support for SHA256 could receive a chain -using SHA256. +TLSv1.0 might receive a certificate chain signed using SHA1 whereas a +TLSv1.2 or later client which advertises support for SHA256 could receive a +chain using SHA256. Normal server sanity checks are performed on any certificates set by the callback. So if an EC chain is set for a curve the client does not support it will B be used. +=head1 RETURN VALUES + +SSL_CTX_set_cert_cb() and SSL_set_cert_cb() do not return values. + =head1 SEE ALSO -L, L, +L, L, L, L, L, L =head1 COPYRIGHT -Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_cert_store.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_cert_store.pod similarity index 72% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_set_cert_store.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_set_cert_store.pod index 7f7a794bdf961f..f1a54a6950a6b1 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_cert_store.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_cert_store.pod @@ -2,13 +2,14 @@ =head1 NAME -SSL_CTX_set_cert_store, SSL_CTX_get_cert_store - manipulate X509 certificate verification storage +SSL_CTX_set_cert_store, SSL_CTX_set1_cert_store, SSL_CTX_get_cert_store - manipulate X509 certificate verification storage =head1 SYNOPSIS #include void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store); + void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store); X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx); =head1 DESCRIPTION @@ -17,6 +18,10 @@ SSL_CTX_set_cert_store() sets/replaces the certificate verification storage of B to/with B. If another X509_STORE object is currently set in B, it will be X509_STORE_free()ed. +SSL_CTX_set1_cert_store() sets/replaces the certificate verification storage +of B to/with B. The B's reference count is incremented. +If another X509_STORE object is currently set in B, it will be X509_STORE_free()ed. + SSL_CTX_get_cert_store() returns a pointer to the current certificate verification storage. @@ -42,6 +47,15 @@ L family of functions. This document must therefore be updated when documentation about the X509_STORE object and its handling becomes available. +SSL_CTX_set_cert_store() does not increment the B's reference +count, so it should not be used to assign an X509_STORE that is owned +by another SSL_CTX. + +To share X509_STOREs between two SSL_CTXs, use SSL_CTX_get_cert_store() +to get the X509_STORE from the first SSL_CTX, and then use +SSL_CTX_set1_cert_store() to assign to the second SSL_CTX and +increment the reference count of the X509_STORE. + =head1 RESTRICTIONS The X509_STORE structure used by an SSL_CTX is used for verifying peer @@ -53,11 +67,13 @@ functions such as SSL_CTX_set1_verify_cert_store() instead. SSL_CTX_set_cert_store() does not return diagnostic output. +SSL_CTX_set1_cert_store() does not return diagnostic output. + SSL_CTX_get_cert_store() returns the current setting. =head1 SEE ALSO -L, +L, L, L diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_cert_verify_callback.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_cert_verify_callback.pod similarity index 77% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_set_cert_verify_callback.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_set_cert_verify_callback.pod index af303f25fa30d6..0c3378db660ec1 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_cert_verify_callback.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_cert_verify_callback.pod @@ -8,7 +8,9 @@ SSL_CTX_set_cert_verify_callback - set peer certificate verification procedure #include - void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*callback)(X509_STORE_CTX *, void *), void *arg); + void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, + int (*callback)(X509_STORE_CTX *, void *), + void *arg); =head1 DESCRIPTION @@ -32,14 +34,18 @@ argument I is specified by the application when setting I. I should return 1 to indicate verification success and 0 to indicate verification failure. If SSL_VERIFY_PEER is set and I returns 0, the handshake will fail. As the verification procedure may -allow to continue the connection in case of failure (by always returning 1) -the verification result must be set in any case using the B -member of I so that the calling application will be informed -about the detailed result of the verification procedure! +allow the connection to continue in the case of failure (by always +returning 1) the verification result must be set in any case using the +B member of I so that the calling application +will be informed about the detailed result of the verification procedure! Within I, I has access to the I function set using L. +=head1 RETURN VALUES + +SSL_CTX_set_cert_verify_callback() does not return a value. + =head1 WARNINGS Do not mix the verification callback described in this function with the @@ -58,13 +64,13 @@ SSL_CTX_set_cert_verify_callback() does not provide diagnostic information. =head1 SEE ALSO -L, L, +L, L, L, L =head1 COPYRIGHT -Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_cipher_list.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_cipher_list.pod similarity index 57% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_set_cipher_list.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_set_cipher_list.pod index 4e66917bab8d50..59c6b4bdc91503 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_cipher_list.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_cipher_list.pod @@ -2,7 +2,11 @@ =head1 NAME -SSL_CTX_set_cipher_list, SSL_set_cipher_list - choose list of available SSL_CIPHERs +SSL_CTX_set_cipher_list, +SSL_set_cipher_list, +SSL_CTX_set_ciphersuites, +SSL_set_ciphersuites +- choose list of available SSL_CIPHERs =head1 SYNOPSIS @@ -11,18 +15,49 @@ SSL_CTX_set_cipher_list, SSL_set_cipher_list - choose list of available SSL_CIPH int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str); int SSL_set_cipher_list(SSL *ssl, const char *str); + int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str); + int SSL_set_ciphersuites(SSL *s, const char *str); + =head1 DESCRIPTION -SSL_CTX_set_cipher_list() sets the list of available ciphers for B -using the control string B. The format of the string is described +SSL_CTX_set_cipher_list() sets the list of available ciphers (TLSv1.2 and below) +for B using the control string B. The format of the string is described in L. The list of ciphers is inherited by all -B objects created from B. +B objects created from B. This function does not impact TLSv1.3 +ciphersuites. Use SSL_CTX_set_ciphersuites() to configure those. + +SSL_set_cipher_list() sets the list of ciphers (TLSv1.2 and below) only for +B. + +SSL_CTX_set_ciphersuites() is used to configure the available TLSv1.3 +ciphersuites for B. This is a simple colon (":") separated list of TLSv1.3 +ciphersuite names in order of perference. Valid TLSv1.3 ciphersuite names are: + +=over 4 + +=item TLS_AES_128_GCM_SHA256 + +=item TLS_AES_256_GCM_SHA384 + +=item TLS_CHACHA20_POLY1305_SHA256 -SSL_set_cipher_list() sets the list of ciphers only for B. +=item TLS_AES_128_CCM_SHA256 + +=item TLS_AES_128_CCM_8_SHA256 + +=back + +An empty list is permissible. The default value for the this setting is: + +"TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256" + +SSL_set_ciphersuites() is the same as SSL_CTX_set_ciphersuites() except it +configures the ciphersuites for B. =head1 NOTES -The control string B should be universally usable and not depend +The control string B for SSL_CTX_set_cipher_list() and +SSL_set_cipher_list() should be universally usable and not depend on details of the library configuration (ciphers compiled in). Thus no syntax checking takes place. Items that are not recognized, because the corresponding ciphers are not compiled in or because they are mistyped, @@ -55,16 +90,19 @@ and the handshake will fail. SSL_CTX_set_cipher_list() and SSL_set_cipher_list() return 1 if any cipher could be selected and 0 on complete failure. +SSL_CTX_set_ciphersuites() and SSL_set_ciphersuites() return 1 if the requested +ciphersuite list was configured, and 0 otherwise. + =head1 SEE ALSO -L, L, +L, L, L, L, L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_client_cert_cb.pod similarity index 89% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_set_client_cert_cb.pod index aed7d4f0c105c1..0dd147f951b25d 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_client_cert_cb.pod @@ -8,8 +8,11 @@ SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb - handle client certifica #include - void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)); - int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey); + void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, + int (*client_cert_cb)(SSL *ssl, X509 **x509, + EVP_PKEY **pkey)); + int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, + EVP_PKEY **pkey); int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); =head1 DESCRIPTION @@ -60,6 +63,11 @@ object. It will not be reset by calling L. If the callback returns no certificate, the OpenSSL library will not send a certificate. +=head1 RETURN VALUES + +SSL_CTX_get_client_cert_cb() returns function pointer of client_cert_cb() or +NULL if the callback is not set. + =head1 BUGS The client_cert_cb() cannot return a complete certificate chain, it can @@ -86,14 +94,14 @@ and create a new one to return to the previous state. =head1 SEE ALSO -L, L, +L, L, L, L, L, L =head1 COPYRIGHT -Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/SSL_CTX_set_client_hello_cb.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_client_hello_cb.pod new file mode 100644 index 00000000000000..6824b5b8d1a4c3 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_client_hello_cb.pod @@ -0,0 +1,130 @@ +=pod + +=head1 NAME + +SSL_CTX_set_client_hello_cb, SSL_client_hello_cb_fn, SSL_client_hello_isv2, SSL_client_hello_get0_legacy_version, SSL_client_hello_get0_random, SSL_client_hello_get0_session_id, SSL_client_hello_get0_ciphers, SSL_client_hello_get0_compression_methods, SSL_client_hello_get1_extensions_present, SSL_client_hello_get0_ext - callback functions for early server-side ClientHello processing + +=head1 SYNOPSIS + + typedef int (*SSL_client_hello_cb_fn)(SSL *s, int *al, void *arg); + void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn *f, + void *arg); + int SSL_client_hello_isv2(SSL *s); + unsigned int SSL_client_hello_get0_legacy_version(SSL *s); + size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out); + size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out); + size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out); + size_t SSL_client_hello_get0_compression_methods(SSL *s, + const unsigned char **out); + int SSL_client_hello_get1_extensions_present(SSL *s, int **out, + size_t *outlen); + int SSL_client_hello_get0_ext(SSL *s, int type, const unsigned char **out, + size_t *outlen); + +=head1 DESCRIPTION + +SSL_CTX_set_client_hello_cb() sets the callback function, which is automatically +called during the early stages of ClientHello processing on the server. +The argument supplied when setting the callback is passed back to the +callback at runtime. A callback that returns failure (0) will cause the +connection to terminate, and callbacks returning failure should indicate +what alert value is to be sent in the B parameter. A callback may +also return a negative value to suspend the handshake, and the handshake +function will return immediately. L will return +SSL_ERROR_WANT_CLIENT_HELLO_CB to indicate that the handshake was suspended. +It is the job of the ClientHello callback to store information about the state +of the last call if needed to continue. On the next call into the handshake +function, the ClientHello callback will be called again, and, if it returns +success, normal handshake processing will continue from that point. + +SSL_client_hello_isv2() indicates whether the ClientHello was carried in a +SSLv2 record and is in the SSLv2 format. The SSLv2 format has substantial +differences from the normal SSLv3 format, including using three bytes per +cipher suite, and not allowing extensions. Additionally, the SSLv2 format +'challenge' field is exposed via SSL_client_hello_get0_random(), padded to +SSL3_RANDOM_SIZE bytes with zeros if needed. For SSLv2 format ClientHellos, +SSL_client_hello_get0_compression_methods() returns a dummy list that only includes +the null compression method, since the SSLv2 format does not include a +mechanism by which to negotiate compression. + +SSL_client_hello_get0_random(), SSL_client_hello_get0_session_id(), +SSL_client_hello_get0_ciphers(), and +SSL_client_hello_get0_compression_methods() provide access to the corresponding +ClientHello fields, returning the field length and optionally setting an out +pointer to the octets of that field. + +Similarly, SSL_client_hello_get0_ext() provides access to individual extensions +from the ClientHello on a per-extension basis. For the provided wire +protocol extension type value, the extension value and length are returned +in the output parameters (if present). + +SSL_client_hello_get1_extensions_present() can be used prior to +SSL_client_hello_get0_ext(), to determine which extensions are present in the +ClientHello before querying for them. The B and B parameters are +both required, and on success the caller must release the storage allocated for +B<*out> using OPENSSL_free(). The contents of B<*out> is an array of integers +holding the numerical value of the TLS extension types in the order they appear +in the ClientHello. B<*outlen> contains the number of elements in the array. + +=head1 NOTES + +The ClientHello callback provides a vast window of possibilities for application +code to affect the TLS handshake. A primary use of the callback is to +allow the server to examine the server name indication extension provided +by the client in order to select an appropriate certificate to present, +and make other configuration adjustments relevant to that server name +and its configuration. Such configuration changes can include swapping out +the associated SSL_CTX pointer, modifying the server's list of permitted TLS +versions, changing the server's cipher list in response to the client's +cipher list, etc. + +It is also recommended that applications utilize a ClientHello callback and +not use a servername callback, in order to avoid unexpected behavior that +occurs due to the relative order of processing between things like session +resumption and the historical servername callback. + +The SSL_client_hello_* family of functions may only be called from code executing +within a ClientHello callback. + +=head1 RETURN VALUES + +The application's supplied ClientHello callback returns +SSL_CLIENT_HELLO_SUCCESS on success, SSL_CLIENT_HELLO_ERROR on failure, and +SSL_CLIENT_HELLO_RETRY to suspend processing. + +SSL_client_hello_isv2() returns 1 for SSLv2-format ClientHellos and 0 otherwise. + +SSL_client_hello_get0_random(), SSL_client_hello_get0_session_id(), +SSL_client_hello_get0_ciphers(), and +SSL_client_hello_get0_compression_methods() return the length of the +corresponding ClientHello fields. If zero is returned, the output pointer +should not be assumed to be valid. + +SSL_client_hello_get0_ext() returns 1 if the extension of type 'type' is present, and +0 otherwise. + +SSL_client_hello_get1_extensions_present() returns 1 on success and 0 on failure. + +=head1 SEE ALSO + +L, L, +L + +=head1 HISTORY + +The SSL ClientHello callback, SSL_client_hello_isv2(), +SSL_client_hello_get0_random(), SSL_client_hello_get0_session_id(), +SSL_client_hello_get0_ciphers(), SSL_client_hello_get0_compression_methods(), +SSL_client_hello_get0_ext(), and SSL_client_hello_get1_extensions_present() +were added in OpenSSL 1.1.1. + +=head1 COPYRIGHT + +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_ct_validation_callback.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_ct_validation_callback.pod similarity index 99% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_set_ct_validation_callback.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_set_ct_validation_callback.pod index afa45dc93f0956..a0a8028f1fb5d4 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_ct_validation_callback.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_ct_validation_callback.pod @@ -78,7 +78,7 @@ If no callback is set, SCTs will not be requested and Certificate Transparency validation will not occur. No callback will be invoked when the peer presents no certificate, e.g. by -employing an anonymous (aNULL) ciphersuite. +employing an anonymous (aNULL) cipher suite. In that case the handshake continues as it would had no callback been requested. Callbacks are also not invoked when the peer certificate chain is invalid or diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_ctlog_list_file.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_ctlog_list_file.pod similarity index 98% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_set_ctlog_list_file.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_set_ctlog_list_file.pod index 4a2fa946fe82c5..296f6e23032677 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_ctlog_list_file.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_ctlog_list_file.pod @@ -24,7 +24,7 @@ See L for the file format. =head1 NOTES These functions will not clear the existing CT log list - it will be appended -to. To replace the existing list, use L first. +to. To replace the existing list, use L first. If an error occurs whilst parsing a particular log entry in the file, that log entry will be skipped. @@ -37,7 +37,7 @@ the case of an error, the log list may have been partially loaded. =head1 SEE ALSO -L, +L, L, L diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_default_passwd_cb.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_default_passwd_cb.pod similarity index 97% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_set_default_passwd_cb.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_set_default_passwd_cb.pod index 219690614166ce..c7bdc9b92a046a 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_default_passwd_cb.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_default_passwd_cb.pod @@ -85,9 +85,9 @@ truncated. int my_cb(char *buf, int size, int rwflag, void *u) { - strncpy(buf, (char *)u, size); - buf[size - 1] = '\0'; - return strlen(buf); + strncpy(buf, (char *)u, size); + buf[size - 1] = '\0'; + return strlen(buf); } =head1 HISTORY @@ -98,7 +98,7 @@ first added to OpenSSL 1.1.0 =head1 SEE ALSO -L, +L, L =head1 COPYRIGHT diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_ex_data.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_ex_data.pod similarity index 100% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_set_ex_data.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_set_ex_data.pod diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_generate_session_id.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_generate_session_id.pod similarity index 84% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_set_generate_session_id.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_set_generate_session_id.pod index 1b1171fe183042..2bee351a4dbc56 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_generate_session_id.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_generate_session_id.pod @@ -91,28 +91,27 @@ server id given, and will fill the rest with pseudo random bytes: #define MAX_SESSION_ID_ATTEMPTS 10 static int generate_session_id(const SSL *ssl, unsigned char *id, - unsigned int *id_len) + unsigned int *id_len) { - unsigned int count = 0; - do { - RAND_pseudo_bytes(id, *id_len); - /* - * Prefix the session_id with the required prefix. NB: If our - * prefix is too long, clip it - but there will be worse effects - * anyway, eg. the server could only possibly create 1 session - * ID (ie. the prefix!) so all future session negotiations will - * fail due to conflicts. - */ - memcpy(id, session_id_prefix, - (strlen(session_id_prefix) < *id_len) ? - strlen(session_id_prefix) : *id_len); - } - while (SSL_has_matching_session_id(ssl, id, *id_len) && - (++count < MAX_SESSION_ID_ATTEMPTS)); - if (count >= MAX_SESSION_ID_ATTEMPTS) - return 0; - return 1; - } + unsigned int count = 0; + + do { + RAND_pseudo_bytes(id, *id_len); + /* + * Prefix the session_id with the required prefix. NB: If our + * prefix is too long, clip it - but there will be worse effects + * anyway, eg. the server could only possibly create 1 session + * ID (ie. the prefix!) so all future session negotiations will + * fail due to conflicts. + */ + memcpy(id, session_id_prefix, strlen(session_id_prefix) < *id_len ? + strlen(session_id_prefix) : *id_len); + } while (SSL_has_matching_session_id(ssl, id, *id_len) + && ++count < MAX_SESSION_ID_ATTEMPTS); + if (count >= MAX_SESSION_ID_ATTEMPTS) + return 0; + return 1; + } =head1 RETURN VALUES diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_info_callback.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_info_callback.pod similarity index 59% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_set_info_callback.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_set_info_callback.pod index f36f217e3bde4d..f01ca66fce7c14 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_info_callback.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_info_callback.pod @@ -2,7 +2,11 @@ =head1 NAME -SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, SSL_get_info_callback - handle information callback for SSL connections +SSL_CTX_set_info_callback, +SSL_CTX_get_info_callback, +SSL_set_info_callback, +SSL_get_info_callback +- handle information callback for SSL connections =head1 SYNOPSIS @@ -37,7 +41,8 @@ callback function for B. When setting up a connection and during use, it is possible to obtain state information from the SSL/TLS engine. When set, an information callback function -is called whenever the state changes, an alert appears, or an error occurs. +is called whenever a significant event occurs such as: the state changes, +an alert appears, or an error occurs. The callback function is called as B. The B argument specifies information about where (in which context) @@ -51,12 +56,15 @@ B is a bitmask made up of the following bits: =item SSL_CB_LOOP -Callback has been called to indicate state change inside a loop. +Callback has been called to indicate state change or some other significant +state machine event. This may mean that the callback gets invoked more than once +per state in some situations. =item SSL_CB_EXIT -Callback has been called to indicate error exit of a handshake function. -(May be soft error with retry option for non-blocking setups.) +Callback has been called to indicate exit of a handshake function. This will +happen after the end of a handshake, but may happen at other times too such as +on error or when IO might otherwise block and non-blocking is being used. =item SSL_CB_READ @@ -84,11 +92,17 @@ Callback has been called due to an alert being sent or received. =item SSL_CB_HANDSHAKE_START -Callback has been called because a new handshake is started. +Callback has been called because a new handshake is started. In TLSv1.3 this is +also used for the start of post-handshake message exchanges such as for the +exchange of session tickets, or for key updates. It also occurs when resuming a +handshake following a pause to handle early data. =item SSL_CB_HANDSHAKE_DONE 0x20 -Callback has been called because a handshake is finished. +Callback has been called because a handshake is finished. In TLSv1.3 this is +also used at the end of an exchange of post-handshake messages such as for +session tickets or key updates. It also occurs if the handshake is paused to +allow the exchange of early data. =back @@ -110,49 +124,43 @@ The following example callback function prints state strings, information about alerts being handled and error messages to the B BIO. void apps_ssl_info_callback(SSL *s, int where, int ret) - { - const char *str; - int w; - - w = where & ~SSL_ST_MASK; - - if (w & SSL_ST_CONNECT) str = "SSL_connect"; - else if (w & SSL_ST_ACCEPT) str = "SSL_accept"; - else str = "undefined"; - - if (where & SSL_CB_LOOP) - { - BIO_printf(bio_err, "%s:%s\n", str, SSL_state_string_long(s)); - } - else if (where & SSL_CB_ALERT) - { - str = (where & SSL_CB_READ) ? "read" : "write"; - BIO_printf(bio_err, "SSL3 alert %s:%s:%s\n", - str, - SSL_alert_type_string_long(ret), - SSL_alert_desc_string_long(ret)); - } - else if (where & SSL_CB_EXIT) - { - if (ret == 0) - BIO_printf(bio_err, "%s:failed in %s\n", - str, SSL_state_string_long(s)); - else if (ret < 0) - { - BIO_printf(bio_err, "%s:error in %s\n", - str, SSL_state_string_long(s)); - } - } - } + { + const char *str; + int w = where & ~SSL_ST_MASK; + + if (w & SSL_ST_CONNECT) + str = "SSL_connect"; + else if (w & SSL_ST_ACCEPT) + str = "SSL_accept"; + else + str = "undefined"; + + if (where & SSL_CB_LOOP) { + BIO_printf(bio_err, "%s:%s\n", str, SSL_state_string_long(s)); + } else if (where & SSL_CB_ALERT) { + str = (where & SSL_CB_READ) ? "read" : "write"; + BIO_printf(bio_err, "SSL3 alert %s:%s:%s\n", str, + SSL_alert_type_string_long(ret), + SSL_alert_desc_string_long(ret)); + } else if (where & SSL_CB_EXIT) { + if (ret == 0) { + BIO_printf(bio_err, "%s:failed in %s\n", + str, SSL_state_string_long(s)); + } else if (ret < 0) { + BIO_printf(bio_err, "%s:error in %s\n", + str, SSL_state_string_long(s)); + } + } + } =head1 SEE ALSO -L, L, +L, L, L =head1 COPYRIGHT -Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/SSL_CTX_set_keylog_callback.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_keylog_callback.pod new file mode 100644 index 00000000000000..9e0127f91a9a9d --- /dev/null +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_keylog_callback.pod @@ -0,0 +1,52 @@ +=pod + +=head1 NAME + +SSL_CTX_set_keylog_callback, SSL_CTX_get_keylog_callback, +SSL_CTX_keylog_cb_func - logging TLS key material + +=head1 SYNOPSIS + + #include + + typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line); + + void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb); + SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx); + +=head1 DESCRIPTION + +SSL_CTX_set_keylog_callback() sets the TLS key logging callback. This callback +is called whenever TLS key material is generated or received, in order to allow +applications to store this keying material for debugging purposes. + +SSL_CTX_get_keylog_callback() retrieves the previously set TLS key logging +callback. If no callback has been set, this will return NULL. When there is no +key logging callback, or if SSL_CTX_set_keylog_callback is called with NULL as +the value of cb, no logging of key material will be done. + +The key logging callback is called with two items: the B object associated +with the connection, and B, a string containing the key material in the +format used by NSS for its B debugging output. To recreate that +file, the key logging callback should log B, followed by a newline. +B will always be a NULL-terminated string. + +=head1 RETURN VALUES + +SSL_CTX_get_keylog_callback() returns a pointer to B or +NULL if the callback is not set. + +=head1 SEE ALSO + +L + +=head1 COPYRIGHT + +Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_max_cert_list.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_max_cert_list.pod similarity index 99% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_set_max_cert_list.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_set_max_cert_list.pod index 482751e73c45f2..01936c58470cac 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_max_cert_list.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_max_cert_list.pod @@ -67,7 +67,7 @@ set value. =head1 SEE ALSO -L, L, +L, L, L =head1 COPYRIGHT diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_min_proto_version.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_min_proto_version.pod similarity index 95% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_set_min_proto_version.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_set_min_proto_version.pod index ff080e48f95423..45866588601a45 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_min_proto_version.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_min_proto_version.pod @@ -39,8 +39,8 @@ Getters return 0 in case B or B have been configured to automatically use the lowest or highest version supported by the library. Currently supported versions are B, B, -B, B for TLS and B, -B for DTLS. +B, B, B for TLS and +B, B for DTLS. =head1 RETURN VALUES diff --git a/deps/openssl/openssl/doc/man3/SSL_CTX_set_mode.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_mode.pod new file mode 100644 index 00000000000000..8f8edcf05420c0 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_mode.pod @@ -0,0 +1,138 @@ +=pod + +=head1 NAME + +SSL_CTX_set_mode, SSL_CTX_clear_mode, SSL_set_mode, SSL_clear_mode, SSL_CTX_get_mode, SSL_get_mode - manipulate SSL engine mode + +=head1 SYNOPSIS + + #include + + long SSL_CTX_set_mode(SSL_CTX *ctx, long mode); + long SSL_CTX_clear_mode(SSL_CTX *ctx, long mode); + long SSL_set_mode(SSL *ssl, long mode); + long SSL_clear_mode(SSL *ssl, long mode); + + long SSL_CTX_get_mode(SSL_CTX *ctx); + long SSL_get_mode(SSL *ssl); + +=head1 DESCRIPTION + +SSL_CTX_set_mode() adds the mode set via bitmask in B to B. +Options already set before are not cleared. +SSL_CTX_clear_mode() removes the mode set via bitmask in B from B. + +SSL_set_mode() adds the mode set via bitmask in B to B. +Options already set before are not cleared. +SSL_clear_mode() removes the mode set via bitmask in B from B. + +SSL_CTX_get_mode() returns the mode set for B. + +SSL_get_mode() returns the mode set for B. + +=head1 NOTES + +The following mode changes are available: + +=over 4 + +=item SSL_MODE_ENABLE_PARTIAL_WRITE + +Allow SSL_write_ex(..., n, &r) to return with 0 < r < n (i.e. report success +when just a single record has been written). This works in a similar way for +SSL_write(). When not set (the default), SSL_write_ex() or SSL_write() will only +report success once the complete chunk was written. Once SSL_write_ex() or +SSL_write() returns successful, B bytes have been written and the next call +to SSL_write_ex() or SSL_write() must only send the n-r bytes left, imitating +the behaviour of write(). + +=item SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER + +Make it possible to retry SSL_write_ex() or SSL_write() with changed buffer +location (the buffer contents must stay the same). This is not the default to +avoid the misconception that non-blocking SSL_write() behaves like +non-blocking write(). + +=item SSL_MODE_AUTO_RETRY + +During normal operations, non-application data records might need to be sent or +received that the application is not aware of. +If a non-application data record was processed, +L and L can return with a failure and indicate the +need to retry with B. +If such a non-application data record was processed, the flag +B causes it to try to process the next record instead of +returning. + +In a non-blocking environment applications must be prepared to handle +incomplete read/write operations. +Setting B for a non-blocking B will process +non-application data records until either no more data is available or +an application data record has been processed. + +In a blocking environment, applications are not always prepared to +deal with the functions returning intermediate reports such as retry +requests, and setting the B flag will cause the functions +to only return after successfully processing an application data record or a +failure. + +Turning off B can be useful with blocking Bs in case +they are used in combination with something like select() or poll(). +Otherwise the call to SSL_read() or SSL_read_ex() might hang when a +non-application record was sent and no application data was sent. + +=item SSL_MODE_RELEASE_BUFFERS + +When we no longer need a read buffer or a write buffer for a given SSL, +then release the memory we were using to hold it. +Using this flag can +save around 34k per idle SSL connection. +This flag has no effect on SSL v2 connections, or on DTLS connections. + +=item SSL_MODE_SEND_FALLBACK_SCSV + +Send TLS_FALLBACK_SCSV in the ClientHello. +To be set only by applications that reconnect with a downgraded protocol +version; see draft-ietf-tls-downgrade-scsv-00 for details. + +DO NOT ENABLE THIS if your application attempts a normal handshake. +Only use this in explicit fallback retries, following the guidance +in draft-ietf-tls-downgrade-scsv-00. + +=item SSL_MODE_ASYNC + +Enable asynchronous processing. TLS I/O operations may indicate a retry with +SSL_ERROR_WANT_ASYNC with this mode set if an asynchronous capable engine is +used to perform cryptographic operations. See L. + +=back + +All modes are off by default except for SSL_MODE_AUTO_RETRY which is on by +default since 1.1.1. + +=head1 RETURN VALUES + +SSL_CTX_set_mode() and SSL_set_mode() return the new mode bitmask +after adding B. + +SSL_CTX_get_mode() and SSL_get_mode() return the current bitmask. + +=head1 SEE ALSO + +L, L, L, L or +L, L + +=head1 HISTORY + +SSL_MODE_ASYNC was first added to OpenSSL 1.1.0. + +=head1 COPYRIGHT + +Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/SSL_CTX_set_msg_callback.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_msg_callback.pod new file mode 100644 index 00000000000000..bbc78b64b9c555 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_msg_callback.pod @@ -0,0 +1,143 @@ +=pod + +=head1 NAME + +SSL_CTX_set_msg_callback, +SSL_CTX_set_msg_callback_arg, +SSL_set_msg_callback, +SSL_set_msg_callback_arg +- install callback for observing protocol messages + +=head1 SYNOPSIS + + #include + + void SSL_CTX_set_msg_callback(SSL_CTX *ctx, + void (*cb)(int write_p, int version, + int content_type, const void *buf, + size_t len, SSL *ssl, void *arg)); + void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg); + + void SSL_set_msg_callback(SSL *ssl, + void (*cb)(int write_p, int version, + int content_type, const void *buf, + size_t len, SSL *ssl, void *arg)); + void SSL_set_msg_callback_arg(SSL *ssl, void *arg); + +=head1 DESCRIPTION + +SSL_CTX_set_msg_callback() or SSL_set_msg_callback() can be used to +define a message callback function I for observing all SSL/TLS +protocol messages (such as handshake messages) that are received or +sent, as well as other events that occur during processing. +SSL_CTX_set_msg_callback_arg() and SSL_set_msg_callback_arg() +can be used to set argument I to the callback function, which is +available for arbitrary application use. + +SSL_CTX_set_msg_callback() and SSL_CTX_set_msg_callback_arg() specify +default settings that will be copied to new B objects by +L. SSL_set_msg_callback() and +SSL_set_msg_callback_arg() modify the actual settings of an B +object. Using a B pointer for I disables the message callback. + +When I is called by the SSL/TLS library the function arguments have the +following meaning: + +=over 4 + +=item I + +This flag is B<0> when a protocol message has been received and B<1> +when a protocol message has been sent. + +=item I + +The protocol version according to which the protocol message is +interpreted by the library such as B, B etc. +This is set to 0 for the SSL3_RT_HEADER pseudo content type (see NOTES below). + +=item I + +This is one of the content type values defined in the protocol specification +(B, B, B; but never +B because the callback will only be called for protocol +messages). Alternatively it may be a "pseudo" content type. These pseudo +content types are used to signal some other event in the processing of data (see +NOTES below). + +=item I, I + +I points to a buffer containing the protocol message or other data (in the +case of pseudo content types), which consists of I bytes. The buffer is no +longer valid after the callback function has returned. + +=item I + +The B object that received or sent the message. + +=item I + +The user-defined argument optionally defined by +SSL_CTX_set_msg_callback_arg() or SSL_set_msg_callback_arg(). + +=back + +=head1 NOTES + +Protocol messages are passed to the callback function after decryption +and fragment collection where applicable. (Thus record boundaries are +not visible.) + +If processing a received protocol message results in an error, +the callback function may not be called. For example, the callback +function will never see messages that are considered too large to be +processed. + +Due to automatic protocol version negotiation, I is not +necessarily the protocol version used by the sender of the message: If +a TLS 1.0 ClientHello message is received by an SSL 3.0-only server, +I will be B. + +Pseudo content type values may be sent at various points during the processing +of data. The following pseudo content types are currently defined: + +=over 4 + +=item B + +Used when a record is sent or received. The B contains the record header +bytes only. + +=item B + +Used when an encrypted TLSv1.3 record is sent or received. In encrypted TLSv1.3 +records the content type in the record header is always +SSL3_RT_APPLICATION_DATA. The real content type for the record is contained in +an "inner" content type. B contains the encoded "inner" content type byte. + +=back + +=head1 RETURN VALUES + +SSL_CTX_set_msg_callback(), SSL_CTX_set_msg_callback_arg(), SSL_set_msg_callback() +and SSL_set_msg_callback_arg() do not return values. + +=head1 SEE ALSO + +L, L + +=head1 HISTORY + +The pseudo content type B was added in OpenSSL +1.1.1. + +=head1 COPYRIGHT + +Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/SSL_CTX_set_num_tickets.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_num_tickets.pod new file mode 100644 index 00000000000000..b6b0e3ebee74e4 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_num_tickets.pod @@ -0,0 +1,68 @@ +=pod + +=head1 NAME + +SSL_set_num_tickets, +SSL_get_num_tickets, +SSL_CTX_set_num_tickets, +SSL_CTX_get_num_tickets +- control the number of TLSv1.3 session tickets that are issued + +=head1 SYNOPSIS + + #include + + int SSL_set_num_tickets(SSL *s, size_t num_tickets); + size_t SSL_get_num_tickets(SSL *s); + int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets); + size_t SSL_CTX_get_num_tickets(SSL_CTX *ctx); + +=head1 DESCRIPTION + +SSL_CTX_set_num_tickets() and SSL_set_num_tickets() can be called for a server +application and set the number of session tickets that will be sent to the +client after a full handshake. Set the desired value (which could be 0) in the +B argument. Typically these functions should be called before the +start of the handshake. + +The default number of tickets is 2; the default number of tickets sent following +a resumption handshake is 1 but this cannot be changed using these functions. +The number of tickets following a resumption handshake can be reduced to 0 using +custom session ticket callbacks (see L). + +Tickets are also issued on receipt of a post-handshake certificate from the +client following a request by the server using +L. These new tickets will be associated +with the updated client identity (i.e. including their certificate and +verification status). The number of tickets issued will normally be the same as +was used for the initial handshake. If the initial handshake was a full +handshake then SSL_set_num_tickets() can be called again prior to calling +SSL_verify_client_post_handshake() to update the number of tickets that will be +sent. + +SSL_CTX_get_num_tickets() and SSL_get_num_tickets() return the number of +tickets set by a previous call to SSL_CTX_set_num_tickets() or +SSL_set_num_tickets(), or 2 if no such call has been made. + +=head1 RETURN VALUES + +SSL_CTX_set_num_tickets() and SSL_set_num_tickets() return 1 on success or 0 on +failure. + +SSL_CTX_get_num_tickets() and SSL_get_num_tickets() return the number of tickets +that have been previously set. + +=head1 HISTORY + +These functions were added in OpenSSL 1.1.1. + +=head1 COPYRIGHT + +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_options.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_options.pod similarity index 66% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_set_options.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_set_options.pod index 241aeb3ceab2d5..ae5ca1bd5d23c4 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_options.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_options.pod @@ -62,27 +62,11 @@ The following B options are available: =over 4 -=item SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG - -... - -=item SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER - -... - =item SSL_OP_SAFARI_ECDHE_ECDSA_BUG Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers. -=item SSL_OP_SSLEAY_080_CLIENT_DH_BUG - -... - -=item SSL_OP_TLS_D5_BUG - -... - =item SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS Disables a countermeasure against a SSL 3.0/TLS 1.0 protocol @@ -98,7 +82,8 @@ implementations. =item SSL_OP_ALL -All of the above bug workarounds. +All of the above bug workarounds plus B as +mentioned below. =back @@ -122,22 +107,6 @@ only understands up to SSLv3. In this case the client must still use the same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect to the server's answer and violate the version rollback protection.) -=item SSL_OP_SINGLE_DH_USE - -Always create a new key when using temporary/ephemeral DH parameters -(see L). -This option must be used to prevent small subgroup attacks, when -the DH parameters were not generated using "strong" primes -(e.g. when using DSA-parameters, see L). -If "strong" primes were used, it is not strictly necessary to generate -a new DH key during each handshake but it is also recommended. -B should therefore be enabled whenever -temporary/ephemeral DH parameters are used. - -=item SSL_OP_EPHEMERAL_RSA - -This option is no longer implemented and is treated as no op. - =item SSL_OP_CIPHER_SERVER_PREFERENCE When choosing a cipher, use the server's preferences instead of the client @@ -145,19 +114,10 @@ preferences. When not set, the SSL server will always follow the clients preferences. When set, the SSL/TLS server will choose following its own preferences. -=item SSL_OP_PKCS1_CHECK_1 - -... - -=item SSL_OP_PKCS1_CHECK_2 - -... - - =item SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, -SSL_OP_NO_TLSv1_2, SSL_OP_NO_DTLSv1, SSL_OP_NO_DTLSv1_2 +SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_3, SSL_OP_NO_DTLSv1, SSL_OP_NO_DTLSv1_2 -These options turn off the SSLv3, TLSv1, TLSv1.1 or TLSv1.2 protocol +These options turn off the SSLv3, TLSv1, TLSv1.1, TLSv1.2 or TLSv1.3 protocol versions with TLS or the DTLSv1, DTLSv1.2 versions with DTLS, respectively. As of OpenSSL 1.1.0, these options are deprecated, use @@ -170,13 +130,54 @@ When performing renegotiation as a server, always start a new session (i.e., session resumption requests are only accepted in the initial handshake). This option is not needed for clients. -=item SSL_OP_NO_TICKET +=item SSL_OP_NO_COMPRESSION -Normally clients and servers will, where possible, transparently make use -of RFC4507bis tickets for stateless session resumption. +Do not use compression even if it is supported. -If this option is set this functionality is disabled and tickets will -not be used by clients or servers. +=item SSL_OP_NO_QUERY_MTU + +Do not query the MTU. Only affects DTLS connections. + +=item SSL_OP_COOKIE_EXCHANGE + +Turn on Cookie Exchange as described in RFC4347 Section 4.2.1. Only affects +DTLS connections. + +=item SSL_OP_NO_TICKET + +SSL/TLS supports two mechanisms for resuming sessions: session ids and stateless +session tickets. + +When using session ids a copy of the session information is +cached on the server and a unique id is sent to the client. When the client +wishes to resume it provides the unique id so that the server can retrieve the +session information from its cache. + +When using stateless session tickets the server uses a session ticket encryption +key to encrypt the session information. This encrypted data is sent to the +client as a "ticket". When the client wishes to resume it sends the encrypted +data back to the server. The server uses its key to decrypt the data and resume +the session. In this way the server can operate statelessly - no session +information needs to be cached locally. + +The TLSv1.3 protocol only supports tickets and does not directly support session +ids. However OpenSSL allows two modes of ticket operation in TLSv1.3: stateful +and stateless. Stateless tickets work the same way as in TLSv1.2 and below. +Stateful tickets mimic the session id behaviour available in TLSv1.2 and below. +The session information is cached on the server and the session id is wrapped up +in a ticket and sent back to the client. When the client wishes to resume, it +presents a ticket in the same way as for stateless tickets. The server can then +extract the session id from the ticket and retrieve the session information from +its cache. + +By default OpenSSL will use stateless tickets. The SSL_OP_NO_TICKET option will +cause stateless tickets to not be issued. In TLSv1.2 and below this means no +ticket gets sent to the client at all. In TLSv1.3 a stateful ticket will be +sent. This is a server-side option only. + +In TLSv1.3 it is possible to suppress all tickets (stateful and stateless) from +being sent by calling L or +L. =item SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION @@ -202,6 +203,75 @@ propose, and servers will not accept the extension. Disable all renegotiation in TLSv1.2 and earlier. Do not send HelloRequest messages, and ignore renegotiation requests via ClientHello. +=item SSL_OP_ALLOW_NO_DHE_KEX + +In TLSv1.3 allow a non-(ec)dhe based key exchange mode on resumption. This means +that there will be no forward secrecy for the resumed session. + +=item SSL_OP_PRIORITIZE_CHACHA + +When SSL_OP_CIPHER_SERVER_PREFERENCE is set, temporarily reprioritize +ChaCha20-Poly1305 ciphers to the top of the server cipher list if a +ChaCha20-Poly1305 cipher is at the top of the client cipher list. This helps +those clients (e.g. mobile) use ChaCha20-Poly1305 if that cipher is anywhere +in the server cipher list; but still allows other clients to use AES and other +ciphers. Requires B. + +=item SSL_OP_ENABLE_MIDDLEBOX_COMPAT + +If set then dummy Change Cipher Spec (CCS) messages are sent in TLSv1.3. This +has the effect of making TLSv1.3 look more like TLSv1.2 so that middleboxes that +do not understand TLSv1.3 will not drop the connection. Regardless of whether +this option is set or not CCS messages received from the peer will always be +ignored in TLSv1.3. This option is set by default. To switch it off use +SSL_clear_options(). A future version of OpenSSL may not set this by default. + +=item SSL_OP_NO_ANTI_REPLAY + +By default, when a server is configured for early data (i.e., max_early_data > 0), +OpenSSL will switch on replay protection. See L for a +description of the replay protection feature. Anti-replay measures are required +to comply with the TLSv1.3 specification. Some applications may be able to +mitigate the replay risks in other ways and in such cases the built in OpenSSL +functionality is not required. Those applications can turn this feature off by +setting this option. This is a server-side opton only. It is ignored by +clients. + +=back + +The following options no longer have any effect but their identifiers are +retained for compatibility purposes: + +=over 4 + +=item SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG + +=item SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER + +=item SSL_OP_SSLEAY_080_CLIENT_DH_BUG + +=item SSL_OP_TLS_D5_BUG + +=item SSL_OP_TLS_BLOCK_PADDING_BUG + +=item SSL_OP_MSIE_SSLV2_RSA_PADDING + +=item SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG + +=item SSL_OP_MICROSOFT_SESS_ID_BUG + +=item SSL_OP_NETSCAPE_CHALLENGE_BUG + +=item SSL_OP_PKCS1_CHECK_1 + +=item SSL_OP_PKCS1_CHECK_2 + +=item SSL_OP_SINGLE_DH_USE + +=item SSL_OP_SINGLE_ECDH_USE + +=item SSL_OP_EPHEMERAL_RSA + =back =head1 SECURE RENEGOTIATION @@ -283,7 +353,7 @@ secure renegotiation and 0 if it does not. =head1 SEE ALSO -L, L, L, +L, L, L, L, L, L @@ -293,7 +363,8 @@ L The attempt to always try to use secure renegotiation was added in Openssl 0.9.8m. -B was added in OpenSSL 1.1.0h. +B and B were added in +OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/deps/openssl/openssl/doc/man3/SSL_CTX_set_psk_client_callback.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_psk_client_callback.pod new file mode 100644 index 00000000000000..eb4e4f5fa424a7 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_psk_client_callback.pod @@ -0,0 +1,176 @@ +=pod + +=head1 NAME + +SSL_psk_client_cb_func, +SSL_psk_use_session_cb_func, +SSL_CTX_set_psk_client_callback, +SSL_set_psk_client_callback, +SSL_CTX_set_psk_use_session_callback, +SSL_set_psk_use_session_callback +- set PSK client callback + +=head1 SYNOPSIS + + #include + + typedef int (*SSL_psk_use_session_cb_func)(SSL *ssl, const EVP_MD *md, + const unsigned char **id, + size_t *idlen, + SSL_SESSION **sess); + + + void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx, + SSL_psk_use_session_cb_func cb); + void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb); + + + typedef unsigned int (*SSL_psk_client_cb_func)(SSL *ssl, + const char *hint, + char *identity, + unsigned int max_identity_len, + unsigned char *psk, + unsigned int max_psk_len); + + void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb); + void SSL_set_psk_client_callback(SSL *ssl, SSL_psk_client_cb_func cb); + + +=head1 DESCRIPTION + +A client application wishing to use TLSv1.3 PSKs should use either +SSL_CTX_set_psk_use_session_callback() or SSL_set_psk_use_session_callback() as +appropriate. These functions cannot be used for TLSv1.2 and below PSKs. + +The callback function is given a pointer to the SSL connection in B. + +The first time the callback is called for a connection the B parameter is +NULL. In some circumstances the callback will be called a second time. In that +case the server will have specified a ciphersuite to use already and the PSK +must be compatible with the digest for that ciphersuite. The digest will be +given in B. The PSK returned by the callback is allowed to be different +between the first and second time it is called. + +On successful completion the callback must store a pointer to an identifier for +the PSK in B<*id>. The identifier length in bytes should be stored in B<*idlen>. +The memory pointed to by B<*id> remains owned by the application and should +be freed by it as required at any point after the handshake is complete. + +Additionally the callback should store a pointer to an SSL_SESSION object in +B<*sess>. This is used as the basis for the PSK, and should, at a minimum, have +the following fields set: + +=over 4 + +=item The master key + +This can be set via a call to L. + +=item A ciphersuite + +Only the handshake digest associated with the ciphersuite is relevant for the +PSK (the server may go on to negotiate any ciphersuite which is compatible with +the digest). The application can use any TLSv1.3 ciphersuite. If B is +not NULL the handshake digest for the ciphersuite should be the same. +The ciphersuite can be set via a call to . The +handshake digest of an SSL_CIPHER object can be checked using +. + +=item The protocol version + +This can be set via a call to L and should +be TLS1_3_VERSION. + +=back + +Additionally the maximum early data value should be set via a call to +L if the PSK will be used for sending early +data. + +Alternatively an SSL_SESSION created from a previous non-PSK handshake may also +be used as the basis for a PSK. + +Ownership of the SSL_SESSION object is passed to the OpenSSL library and so it +should not be freed by the application. + +It is also possible for the callback to succeed but not supply a PSK. In this +case no PSK will be sent to the server but the handshake will continue. To do +this the callback should return successfully and ensure that B<*sess> is +NULL. The contents of B<*id> and B<*idlen> will be ignored. + +A client application wishing to use PSK ciphersuites for TLSv1.2 and below must +provide a different callback function. This function will be called when the +client is sending the ClientKeyExchange message to the server. + +The purpose of the callback function is to select the PSK identity and +the pre-shared key to use during the connection setup phase. + +The callback is set using functions SSL_CTX_set_psk_client_callback() +or SSL_set_psk_client_callback(). The callback function is given the +connection in parameter B, a B-terminated PSK identity hint +sent by the server in parameter B, a buffer B of +length B bytes where the resulting +B-terminated identity is to be stored, and a buffer B of +length B bytes where the resulting pre-shared key is to +be stored. + +The callback for use in TLSv1.2 will also work in TLSv1.3 although it is +recommended to use SSL_CTX_set_psk_use_session_callback() +or SSL_set_psk_use_session_callback() for this purpose instead. If TLSv1.3 has +been negotiated then OpenSSL will first check to see if a callback has been set +via SSL_CTX_set_psk_use_session_callback() or SSL_set_psk_use_session_callback() +and it will use that in preference. If no such callback is present then it will +check to see if a callback has been set via SSL_CTX_set_psk_client_callback() or +SSL_set_psk_client_callback() and use that. In this case the B value will +always be NULL and the handshake digest will default to SHA-256 for any returned +PSK. + +=head1 NOTES + +Note that parameter B given to the callback may be B. + +A connection established via a TLSv1.3 PSK will appear as if session resumption +has occurred so that L will return true. + +There are no known security issues with sharing the same PSK between TLSv1.2 (or +below) and TLSv1.3. However the RFC has this note of caution: + +"While there is no known way in which the same PSK might produce related output +in both versions, only limited analysis has been done. Implementations can +ensure safety from cross-protocol related output by not reusing PSKs between +TLS 1.3 and TLS 1.2." + +=head1 RETURN VALUES + +Return values from the B callback are interpreted as +follows: + +On success (callback found a PSK identity and a pre-shared key to use) +the length (> 0) of B in bytes is returned. + +Otherwise or on errors the callback should return 0. In this case +the connection setup fails. + +The SSL_psk_use_session_cb_func callback should return 1 on success or 0 on +failure. In the event of failure the connection setup fails. + +=head1 SEE ALSO + +L, +L + +=head1 HISTORY + +SSL_CTX_set_psk_use_session_callback() and SSL_set_psk_use_session_callback() +were added in OpenSSL 1.1.1. + +=head1 COPYRIGHT + +Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_quiet_shutdown.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_quiet_shutdown.pod similarity index 90% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_set_quiet_shutdown.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_set_quiet_shutdown.pod index d39d747ce741a7..8ed9315df5c450 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_quiet_shutdown.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_quiet_shutdown.pod @@ -33,7 +33,7 @@ SSL_get_quiet_shutdown() returns the "quiet shutdown" setting of B. =head1 NOTES Normally when a SSL connection is finished, the parties must send out -"close notify" alert messages using L +close_notify alert messages using L for a clean shutdown. When setting the "quiet shutdown" flag to 1, L @@ -41,7 +41,7 @@ will set the internal flags to SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN. (L then behaves like L called with SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.) -The session is thus considered to be shutdown, but no "close notify" alert +The session is thus considered to be shutdown, but no close_notify alert is sent to the peer. This behaviour violates the TLS standard. The default is normal shutdown behaviour as described by the TLS standard. @@ -56,13 +56,13 @@ setting. =head1 SEE ALSO -L, L, +L, L, L, L, L, L =head1 COPYRIGHT -Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_read_ahead.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_read_ahead.pod similarity index 64% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_set_read_ahead.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_set_read_ahead.pod index bea839008508de..137e251b9585c9 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_read_ahead.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_read_ahead.pod @@ -25,12 +25,14 @@ many input bytes as possible (for non-blocking reads) or not. For example if B bytes are currently required by OpenSSL, but B bytes are available from the underlying BIO (where B > B), then OpenSSL will read all B bytes into its buffer (providing that the buffer is large enough) if reading ahead is -on, or B bytes otherwise. The parameter B or B should be 0 to ensure -reading ahead is off, or non zero otherwise. +on, or B bytes otherwise. +Setting the parameter B to 0 turns reading ahead is off, other values turn +it on. SSL_CTX_set_default_read_ahead() is identical to SSL_CTX_set_read_ahead(). SSL_CTX_get_read_ahead() and SSL_get_read_ahead() indicate whether reading ahead has been set or not. +SSL_CTX_get_default_read_ahead() is identical to SSL_CTX_get_read_ahead(). =head1 NOTES @@ -39,6 +41,18 @@ SSL_CTX_get_read_head() and SSL_get_read_ahead() are undefined for DTLS. Setting B can impact the behaviour of the SSL_pending() function (see L). +Since SSL_read() can return B for non-application data +records, and SSL_has_pending() can't tell the difference between processed and +unprocessed data, it's recommended that if read ahead is turned on that +B is not turned off using SSL_CTX_clear_mode(). +That will prevent getting B when there is still a complete +record availale that hasn't been processed. + +If the application wants to continue to use the underlying transport (e.g. TCP +connection) after the SSL connection is finished using SSL_shutdown() reading +ahead should be turned off. +Otherwise the SSL structure might read data that it shouldn't. + =head1 RETURN VALUES SSL_get_read_ahead() and SSL_CTX_get_read_ahead() return 0 if reading ahead is off, @@ -46,11 +60,11 @@ and non zero otherwise. =head1 SEE ALSO -L, L +L, L =head1 COPYRIGHT -Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/SSL_CTX_set_record_padding_callback.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_record_padding_callback.pod new file mode 100644 index 00000000000000..d0b2e30f257194 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_record_padding_callback.pod @@ -0,0 +1,96 @@ +=pod + +=head1 NAME + +SSL_CTX_set_record_padding_callback, +SSL_set_record_padding_callback, +SSL_CTX_set_record_padding_callback_arg, +SSL_set_record_padding_callback_arg, +SSL_CTX_get_record_padding_callback_arg, +SSL_get_record_padding_callback_arg, +SSL_CTX_set_block_padding, +SSL_set_block_padding - install callback to specify TLS 1.3 record padding + +=head1 SYNOPSIS + + #include + + void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx, size_t (*cb)(SSL *s, int type, size_t len, void *arg)); + void SSL_set_record_padding_callback(SSL *ssl, size_t (*cb)(SSL *s, int type, size_t len, void *arg)); + + void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg); + void *SSL_CTX_get_record_padding_callback_arg(SSL_CTX *ctx); + + void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg); + void *SSL_get_record_padding_callback_arg(SSL *ssl); + + int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size); + int SSL_set_block_padding(SSL *ssl, size_t block_size); + +=head1 DESCRIPTION + +SSL_CTX_set_record_padding_callback() or SSL_set_record_padding_callback() +can be used to assign a callback function I to specify the padding +for TLS 1.3 records. The value set in B is copied to a new SSL by SSL_new(). + +SSL_CTX_set_record_padding_callback_arg() and SSL_set_record_padding_callback_arg() +assign a value B that is passed to the callback when it is invoked. The value +set in B is copied to a new SSL by SSL_new(). + +SSL_CTX_get_record_padding_callback_arg() and SSL_get_record_padding_callback_arg() +retrieve the B value that is passed to the callback. + +SSL_CTX_set_block_padding() and SSL_set_block_padding() pads the record to a multiple +of the B. A B of 0 or 1 disables block padding. The limit of +B is SSL3_RT_MAX_PLAIN_LENGTH. + +The callback is invoked for every record before encryption. +The B parameter is the TLS record type that is being processed; may be +one of SSL3_RT_APPLICATION_DATA, SSL3_RT_HANDSHAKE, or SSL3_RT_ALERT. +The B parameter is the current plaintext length of the record before encryption. +The B parameter is the value set via SSL_CTX_set_record_padding_callback_arg() +or SSL_set_record_padding_callback_arg(). + +=head1 RETURN VALUES + +The SSL_CTX_get_record_padding_callback_arg() and SSL_get_record_padding_callback_arg() +functions return the B value assigned in the corresponding set functions. + +The SSL_CTX_set_block_padding() and SSL_set_block_padding() functions return 1 on success +or 0 if B is too large. + +The B returns the number of padding bytes to add to the record. A return of 0 +indicates no padding will be added. A return value that causes the record to +exceed the maximum record size (SSL3_RT_MAX_PLAIN_LENGTH) will pad out to the +maximum record size. + +=head1 NOTES + +The default behavior is to add no padding to the record. + +A user-supplied padding callback function will override the behavior set by +SSL_set_block_padding() or SSL_CTX_set_block_padding(). Setting the user-supplied +callback to NULL will restore the configured block padding behavior. + +These functions only apply to TLS 1.3 records being written. + +Padding bytes are not added in constant-time. + +=head1 SEE ALSO + +L, L + +=head1 HISTORY + +The record padding API was added for TLS 1.3 support in OpenSSL 1.1.1. + +=head1 COPYRIGHT + +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_security_level.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_security_level.pod similarity index 73% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_set_security_level.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_set_security_level.pod index 577b3937296eb5..8baaaffec5c8dc 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_security_level.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_security_level.pod @@ -15,15 +15,20 @@ SSL_CTX_set_security_level, SSL_set_security_level, SSL_CTX_get_security_level, int SSL_get_security_level(const SSL *s); void SSL_CTX_set_security_callback(SSL_CTX *ctx, - int (*cb)(SSL *s, SSL_CTX *ctx, int op, int bits, int nid, - void *other, void *ex)); + int (*cb)(SSL *s, SSL_CTX *ctx, int op, + int bits, int nid, + void *other, void *ex)); - void SSL_set_security_callback(SSL *s, - int (*cb)(SSL *s, SSL_CTX *ctx, int op, int bits, int nid, - void *other, void *ex)); + void SSL_set_security_callback(SSL *s, int (*cb)(SSL *s, SSL_CTX *ctx, int op, + int bits, int nid, + void *other, void *ex)); - int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx))(SSL *s, SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex); - int (*SSL_get_security_callback(const SSL *s))(SSL *s, SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex); + int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx))(SSL *s, SSL_CTX *ctx, int op, + int bits, int nid, void *other, + void *ex); + int (*SSL_get_security_callback(const SSL *s))(SSL *s, SSL_CTX *ctx, int op, + int bits, int nid, void *other, + void *ex); void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex); void SSL_set0_security_ex_data(SSL *s, void *ex); @@ -70,31 +75,31 @@ OpenSSL. The security level corresponds to a minimum of 80 bits of security. Any parameters offering below 80 bits of security are excluded. As a result RSA, DSA and DH keys shorter than 1024 bits and ECC keys shorter than 160 bits -are prohibited. All export ciphersuites are prohibited since they all offer -less than 80 bits of security. SSL version 2 is prohibited. Any ciphersuite +are prohibited. All export cipher suites are prohibited since they all offer +less than 80 bits of security. SSL version 2 is prohibited. Any cipher suite using MD5 for the MAC is also prohibited. =item B Security level set to 112 bits of security. As a result RSA, DSA and DH keys shorter than 2048 bits and ECC keys shorter than 224 bits are prohibited. -In addition to the level 1 exclusions any ciphersuite using RC4 is also +In addition to the level 1 exclusions any cipher suite using RC4 is also prohibited. SSL version 3 is also not allowed. Compression is disabled. =item B Security level set to 128 bits of security. As a result RSA, DSA and DH keys shorter than 3072 bits and ECC keys shorter than 256 bits are prohibited. -In addition to the level 2 exclusions ciphersuites not offering forward +In addition to the level 2 exclusions cipher suites not offering forward secrecy are prohibited. TLS versions below 1.1 are not permitted. Session tickets are disabled. =item B -Security level set to 192 bits of security. As a result RSA, DSA and DH keys -shorter than 7680 bits and ECC keys shorter than 384 bits are prohibited. -Ciphersuites using SHA1 for the MAC are prohibited. TLS versions below 1.2 are -not permitted. +Security level set to 192 bits of security. As a result RSA, DSA and +DH keys shorter than 7680 bits and ECC keys shorter than 384 bits are +prohibited. Cipher suites using SHA1 for the MAC are prohibited. TLS +versions below 1.2 are not permitted. =item B @@ -128,11 +133,11 @@ By setting an appropriate security level much of this complexity can be avoided. The bits of security limits affect all relevant parameters including -ciphersuite encryption algorithms, supported ECC curves, supported +cipher suite encryption algorithms, supported ECC curves, supported signature algorithms, DH parameter sizes, certificate key sizes and signature algorithms. This limit applies no matter what other custom -settings an application has set: so if the ciphersuite is set to B -then only ciphersuites consistent with the security level are permissible. +settings an application has set: so if the cipher suite is set to B +then only cipher suites consistent with the security level are permissible. See SP800-57 for how the security limits are related to individual algorithms. @@ -141,7 +146,7 @@ Some security levels require large key sizes for non-ECC public key algorithms which can severely degrade performance. For example 256 bits of security requires the use of RSA keys of at least 15360 bits in size. -Some restrictions can be gracefully handled: for example ciphersuites +Some restrictions can be gracefully handled: for example cipher suites offering insufficient security are not sent by the client and will not be selected by the server. Other restrictions such as the peer certificate key size or the DH parameter size will abort the handshake with a fatal @@ -153,13 +158,29 @@ key using SSL_CTX_use_certificate() at level 1. Applications which do not check the return values for errors will misbehave: for example it might appear that a certificate is not set at all because it had been rejected. +=head1 RETURN VALUES + +SSL_CTX_set_security_level() and SSL_set_security_level() do not return values. + +SSL_CTX_get_security_level() and SSL_get_security_level() return a integer that +represents the security level with B or B, respectively. + +SSL_CTX_set_security_callback() and SSL_set_security_callback() do not return +values. + +SSL_CTX_get_security_callback() and SSL_get_security_callback() return the pointer +to the security callback or NULL if the callback is not set. + +SSL_CTX_get0_security_ex_data() and SSL_get0_security_ex_data() return the extra +data pointer or NULL if the ex data is not set. + =head1 HISTORY These functions were first added to OpenSSL 1.1.0 =head1 COPYRIGHT -Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_session_cache_mode.pod similarity index 99% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_set_session_cache_mode.pod index b237076841fad1..18c9783fe0b279 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_session_cache_mode.pod @@ -119,7 +119,7 @@ SSL_CTX_get_session_cache_mode() returns the currently set cache mode. =head1 SEE ALSO -L, L, +L, L, L, L, L, diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_session_id_context.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_session_id_context.pod similarity index 99% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_set_session_id_context.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_set_session_id_context.pod index a873b0389efddb..d83235091cfb41 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_session_id_context.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_session_id_context.pod @@ -78,7 +78,7 @@ The operation succeeded. =head1 SEE ALSO -L +L =head1 COPYRIGHT diff --git a/deps/openssl/openssl/doc/man3/SSL_CTX_set_session_ticket_cb.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_session_ticket_cb.pod new file mode 100644 index 00000000000000..8f98c6f1c99e05 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_session_ticket_cb.pod @@ -0,0 +1,192 @@ +=pod + +=head1 NAME + +SSL_CTX_set_session_ticket_cb, +SSL_SESSION_get0_ticket_appdata, +SSL_SESSION_set1_ticket_appdata, +SSL_CTX_generate_session_ticket_fn, +SSL_CTX_decrypt_session_ticket_fn - manage session ticket application data + +=head1 SYNOPSIS + + #include + + typedef int (*SSL_CTX_generate_session_ticket_fn)(SSL *s, void *arg); + typedef SSL_TICKET_RETURN (*SSL_CTX_decrypt_session_ticket_fn)(SSL *s, SSL_SESSION *ss, + const unsigned char *keyname, + size_t keyname_len, + SSL_TICKET_STATUS status, + void *arg); + int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx, + SSL_CTX_generate_session_ticket_fn gen_cb, + SSL_CTX_decrypt_session_ticket_fn dec_cb, + void *arg); + int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len); + int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len); + +=head1 DESCRIPTION + +SSL_CTX_set_set_session_ticket_cb() sets the application callbacks B +and B that are used by a server to set and get application data stored +with a session, and placed into a session ticket. Either callback function may +be set to NULL. The value of B is passed to the callbacks. + +B is the application defined callback invoked when a session ticket is +about to be created. The application can call SSL_SESSION_set1_ticket_appdata() +at this time to add application data to the session ticket. The value of B +is the same as that given to SSL_CTX_set_session_ticket_cb(). The B +callback is defined as type B. + +B is the application defined callback invoked after session ticket +decryption has been attempted and any session ticket application data is +available. If ticket decryption was successful then the B argument contains +the session data. The B and B arguments identify the key +used to decrypt the session ticket. The B argument is the result of the +ticket decryption. See the L section below for further details. The value +of B is the same as that given to SSL_CTX_set_session_ticket_cb(). The +B callback is defined as type B. + +SSL_SESSION_set1_ticket_appdata() sets the application data specified by +B and B into B which is then placed into any generated session +tickets. It can be called at any time before a session ticket is created to +update the data placed into the session ticket. However, given that sessions +and tickets are created by the handshake, the B is provided to notify +the application that a session ticket is about to be generated. + +SSL_SESSION_get0_ticket_appdata() assigns B to the session ticket +application data and assigns B to the length of the session ticket +application data from B. The application data can be set via +SSL_SESSION_set1_ticket_appdata() or by a session ticket. NULL will be assigned +to B and 0 will be assigned to B if there is no session ticket +application data. SSL_SESSION_get0_ticket_appdata() can be called any time +after a session has been created. The B is provided to notify the +application that a session ticket has just been decrypted. + +=head1 NOTES + +When the B callback is invoked, the SSL_SESSION B has not yet been +assigned to the SSL B. The B indicates the result of the ticket +decryption. The callback must check the B value before performing any +action, as it is called even if ticket decryption fails. + +The B and B arguments to B may be used to identify +the key that was used to encrypt the session ticket. + +The B argument can be any of these values: + +=over 4 + +=item SSL_TICKET_EMPTY + +Empty ticket present. No ticket data will be used and a new ticket should be +sent to the client. This only occurs in TLSv1.2 or below. In TLSv1.3 it is not +valid for a client to send an empty ticket. + +=item SSL_TICKET_NO_DECRYPT + +The ticket couldn't be decrypted. No ticket data will be used and a new ticket +should be sent to the client. + +=item SSL_TICKET_SUCCESS + +A ticket was successfully decrypted, any session ticket application data should +be available. A new ticket should not be sent to the client. + +=item SSL_TICKET_SUCCESS_RENEW + +Same as B, but a new ticket should be sent to the client. + +=back + +The return value can be any of these values: + +=over 4 + +=item SSL_TICKET_RETURN_ABORT + +The handshake should be aborted, either because of an error or because of some +policy. Note that in TLSv1.3 a client may send more than one ticket in a single +handshake. Therefore just because one ticket is unacceptable it does not mean +that all of them are. For this reason this option should be used with caution. + +=item SSL_TICKET_RETURN_IGNORE + +Do not use a ticket (if one was available). Do not send a renewed ticket to the +client. + +=item SSL_TICKET_RETURN_IGNORE_RENEW + +Do not use a ticket (if one was available). Send a renewed ticket to the client. + +If the callback does not wish to change the default ticket behaviour then it +should return this value if B is B or +B. + +=item SSL_TICKET_RETURN_USE + +Use the ticket. Do not send a renewed ticket to the client. It is an error for +the callback to return this value if B has a value other than +B or B. + +If the callback does not wish to change the default ticket behaviour then it +should return this value if B is B. + +=item SSL_TICKET_RETURN_USE_RENEW + +Use the ticket. Send a renewed ticket to the client. It is an error for the +callback to return this value if B has a value other than +B or B. + +If the callback does not wish to change the default ticket behaviour then it +should return this value if B is B. + +=back + +If B has the value B or B then +no session data will be available and the callback must not use the B +argument. If B has the value B or +B then the application can call +SSL_SESSION_get0_ticket_appdata() using the session provided in the B +argument to retrieve the application data. + +When the B callback is invoked, the SSL_get_session() function can be +used to retrieve the SSL_SESSION for SSL_SESSION_set1_ticket_appdata(). + +By default, in TLSv1.2 and below, a new session ticket is not issued on a +successful resumption and therefore B will not be called. In TLSv1.3 the +default behaviour is to always issue a new ticket on resumption. In both cases +this behaviour can be changed if a ticket key callback is in use (see +L). + +=head1 RETURN VALUES + +The SSL_CTX_set_session_ticket_cb(), SSL_SESSION_set1_ticket_appdata() and +SSL_SESSION_get0_ticket_appdata() functions return 1 on success and 0 on +failure. + +The B callback must return 1 to continue the connection. A return of 0 +will terminate the connection with an INTERNAL_ERROR alert. + +The B callback must return a value as described in L above. + +=head1 SEE ALSO + +L, +L + +=head1 HISTORY + +SSL_CTX_set_session_ticket_cb(), SSSL_SESSION_set1_ticket_appdata() and +SSL_SESSION_get_ticket_appdata() were added to OpenSSL 1.1.1. + +=head1 COPYRIGHT + +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_split_send_fragment.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_split_send_fragment.pod similarity index 65% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_set_split_send_fragment.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_set_split_send_fragment.pod index accf5af24792d3..ef5e7cda35a2fc 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_split_send_fragment.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_split_send_fragment.pod @@ -5,8 +5,10 @@ SSL_CTX_set_max_send_fragment, SSL_set_max_send_fragment, SSL_CTX_set_split_send_fragment, SSL_set_split_send_fragment, SSL_CTX_set_max_pipelines, SSL_set_max_pipelines, -SSL_CTX_set_default_read_buffer_len, SSL_set_default_read_buffer_len - Control -fragment sizes and pipelining operations +SSL_CTX_set_default_read_buffer_len, SSL_set_default_read_buffer_len, +SSL_CTX_set_tlsext_max_fragment_length, +SSL_set_tlsext_max_fragment_length, +SSL_SESSION_get_max_fragment_length - Control fragment size settings and pipelining operations =head1 SYNOPSIS @@ -24,6 +26,10 @@ fragment sizes and pipelining operations void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len); void SSL_set_default_read_buffer_len(SSL *s, size_t len); + int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode); + int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode); + uint8_t SSL_SESSION_get_max_fragment_length(SSL_SESSION *session); + =head1 DESCRIPTION Some engines are able to process multiple simultaneous crypto operations. This @@ -51,26 +57,26 @@ used (i.e. normal non-parallel operation). The number of pipelines set must be in the range 1 - SSL_MAX_PIPELINES (32). Setting this to a value > 1 will also automatically turn on "read_ahead" (see L). This is explained further below. OpenSSL will only every use more than one pipeline if -a ciphersuite is negotiated that uses a pipeline capable cipher provided by an +a cipher suite is negotiated that uses a pipeline capable cipher provided by an engine. Pipelining operates slightly differently for reading encrypted data compared to writing encrypted data. SSL_CTX_set_split_send_fragment() and SSL_set_split_send_fragment() define how data is split up into pipelines when writing encrypted data. The number of pipelines used will be determined by the -amount of data provided to the SSL_write() call divided by +amount of data provided to the SSL_write_ex() or SSL_write() call divided by B. For example if B is set to 2000 and B is 4 then: -SSL_write called with 0-2000 bytes == 1 pipeline used +SSL_write/SSL_write_ex called with 0-2000 bytes == 1 pipeline used -SSL_write called with 2001-4000 bytes == 2 pipelines used +SSL_write/SSL_write_ex called with 2001-4000 bytes == 2 pipelines used -SSL_write called with 4001-6000 bytes == 3 pipelines used +SSL_write/SSL_write_ex called with 4001-6000 bytes == 3 pipelines used -SSL_write called with 6001+ bytes == 4 pipelines used +SSL_write/SSL_write_ex called with 6001+ bytes == 4 pipelines used B must always be less than or equal to B. By default it is set to be equal to B. @@ -99,15 +105,62 @@ greater than the default that would have been used anyway. The normal default value depends on a number of factors but it will be at least SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_ENCRYPTED_OVERHEAD (16704) bytes. +SSL_CTX_set_tlsext_max_fragment_length() sets the default maximum fragment +length negotiation mode via value B to B. +This setting affects only SSL instances created after this function is called. +It affects the client-side as only its side may initiate this extension use. + +SSL_set_tlsext_max_fragment_length() sets the maximum fragment length +negotiation mode via value B to B. +This setting will be used during a handshake when extensions are exchanged +between client and server. +So it only affects SSL sessions created after this function is called. +It affects the client-side as only its side may initiate this extension use. + +SSL_SESSION_get_max_fragment_length() gets the maximum fragment length +negotiated in B. + =head1 RETURN VALUES All non-void functions return 1 on success and 0 on failure. =head1 NOTES -With the exception of SSL_CTX_set_default_read_buffer_len() and -SSL_set_default_read_buffer_len() all these functions are implemented using -macros. +The Maximum Fragment Length extension support is optional on the server side. +If the server does not support this extension then +SSL_SESSION_get_max_fragment_length() will return: +TLSEXT_max_fragment_length_DISABLED. + +The following modes are available: + +=over 4 + +=item TLSEXT_max_fragment_length_DISABLED + +Disables Maximum Fragment Length Negotiation (default). + +=item TLSEXT_max_fragment_length_512 + +Sets Maximum Fragment Length to 512 bytes. + +=item TLSEXT_max_fragment_length_1024 + +Sets Maximum Fragment Length to 1024. + +=item TLSEXT_max_fragment_length_2048 + +Sets Maximum Fragment Length to 2048. + +=item TLSEXT_max_fragment_length_4096 + +Sets Maximum Fragment Length to 4096. + +=back + +With the exception of SSL_CTX_set_default_read_buffer_len() +SSL_set_default_read_buffer_len(), SSL_CTX_set_tlsext_max_fragment_length(), +SSL_set_tlsext_max_fragment_length() and SSL_SESSION_get_max_fragment_length() +all these functions are implemented using macros. =head1 HISTORY @@ -116,13 +169,16 @@ SSL_CTX_set_split_send_fragment(), SSL_set_split_send_fragment(), SSL_CTX_set_default_read_buffer_len() and SSL_set_default_read_buffer_len() functions were added in OpenSSL 1.1.0. +SSL_CTX_set_tlsext_max_fragment_length(), SSL_set_tlsext_max_fragment_length() +and SSL_SESSION_get_max_fragment_length() were added in OpenSSL 1.1.1. + =head1 SEE ALSO L, L =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_ssl_version.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_ssl_version.pod similarity index 98% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_set_ssl_version.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_set_ssl_version.pod index 22c0370b75454b..901c057f453a72 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_ssl_version.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_ssl_version.pod @@ -55,7 +55,7 @@ The operation succeeded. =head1 SEE ALSO L, L, -L, L, +L, L, L =head1 COPYRIGHT diff --git a/deps/openssl/openssl/doc/man3/SSL_CTX_set_stateless_cookie_generate_cb.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_stateless_cookie_generate_cb.pod new file mode 100644 index 00000000000000..f29153ed25d8ab --- /dev/null +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_stateless_cookie_generate_cb.pod @@ -0,0 +1,58 @@ +=pod + +=head1 NAME + +SSL_CTX_set_stateless_cookie_generate_cb, +SSL_CTX_set_stateless_cookie_verify_cb +- Callback functions for stateless TLS1.3 cookies + +=head1 SYNOPSIS + + #include + + void SSL_CTX_set_stateless_cookie_generate_cb( + SSL_CTX *ctx, + int (*gen_stateless_cookie_cb) (SSL *ssl, + unsigned char *cookie, + size_t *cookie_len)); + void SSL_CTX_set_stateless_cookie_verify_cb( + SSL_CTX *ctx, + int (*verify_stateless_cookie_cb) (SSL *ssl, + const unsigned char *cookie, + size_t cookie_len)); + +=head1 DESCRIPTION + +SSL_CTX_set_cookie_generate_cb() sets the callback used by L +to generate the application-controlled portion of the cookie provided to clients +in the HelloRetryRequest transmitted as a response to a ClientHello with a +missing or invalid cookie. gen_stateless_cookie_cb() must write at most +SSL_COOKIE_LENGTH bytes into B, and must write the number of bytes +written to B. If a cookie cannot be generated, a zero return value +can be used to abort the handshake. + +SSL_CTX_set_cookie_verify_cb() sets the callback used by L to +determine whether the application-controlled portion of a ClientHello cookie is +valid. A nonzero return value from app_verify_cookie_cb() communicates that the +cookie is valid. The integrity of the entire cookie, including the +application-controlled portion, is automatically verified by HMAC before +verify_stateless_cookie_cb() is called. + +=head1 RETURN VALUES + +Neither function returns a value. + +=head1 SEE ALSO + +L + +=head1 COPYRIGHT + +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_timeout.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_timeout.pod similarity index 99% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_set_timeout.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_set_timeout.pod index 470efdfc29e4f7..c32585e45f9246 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_timeout.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_timeout.pod @@ -50,7 +50,7 @@ SSL_CTX_get_timeout() returns the currently set timeout value. =head1 SEE ALSO -L, +L, L, L, L, diff --git a/deps/openssl/openssl/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod new file mode 100644 index 00000000000000..b1fb5ab7d9fa5d --- /dev/null +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod @@ -0,0 +1,77 @@ +=pod + +=head1 NAME + +SSL_CTX_set_tlsext_servername_callback, SSL_CTX_set_tlsext_servername_arg, +SSL_get_servername_type, SSL_get_servername, +SSL_set_tlsext_host_name - handle server name indication (SNI) + +=head1 SYNOPSIS + + #include + + long SSL_CTX_set_tlsext_servername_callback(SSL_CTX *ctx, + int (*cb)(SSL *, int *, void *)); + long SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg); + + const char *SSL_get_servername(const SSL *s, const int type); + int SSL_get_servername_type(const SSL *s); + + int SSL_set_tlsext_host_name(const SSL *s, const char *name); + +=head1 DESCRIPTION + +The functionality provided by the servername callback is superseded by the +ClientHello callback, which can be set using SSL_CTX_set_client_hello_cb(). +The servername callback is retained for historical compatibility. + +SSL_CTX_set_tlsext_servername_callback() sets the application callback B +used by a server to perform any actions or configuration required based on +the servername extension received in the incoming connection. When B +is NULL, SNI is not used. The B value is a pointer which is passed to +the application callback. + +SSL_CTX_set_tlsext_servername_arg() sets a context-specific argument to be +passed into the callback for this B. + +SSL_get_servername() returns a servername extension value of the specified +type if provided in the Client Hello or NULL. + +SSL_get_servername_type() returns the servername type or -1 if no servername +is present. Currently the only supported type (defined in RFC3546) is +B. + +SSL_set_tlsext_host_name() sets the server name indication ClientHello extension +to contain the value B. The type of server name indication extension is set +to B (defined in RFC3546). + +=head1 NOTES + +Several callbacks are executed during ClientHello processing, including +the ClientHello, ALPN, and servername callbacks. The ClientHello callback is +executed first, then the servername callback, followed by the ALPN callback. + +The SSL_set_tlsext_host_name() function should only be called on SSL objects +that will act as clients; otherwise the configured B will be ignored. + +=head1 RETURN VALUES + +SSL_CTX_set_tlsext_servername_callback() and +SSL_CTX_set_tlsext_servername_arg() both always return 1 indicating success. +SSL_set_tlsext_host_name() returns 1 on success, 0 in case of error. + +=head1 SEE ALSO + +L, L, +L, L + +=head1 COPYRIGHT + +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_tlsext_status_cb.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_tlsext_status_cb.pod similarity index 95% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_set_tlsext_status_cb.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_set_tlsext_status_cb.pod index c12ff0e5878939..d6c04eced8ce97 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_tlsext_status_cb.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_tlsext_status_cb.pod @@ -18,10 +18,8 @@ SSL_set_tlsext_status_ocsp_resp #include - long SSL_CTX_set_tlsext_status_cb(SSL_CTX *ctx, - int (*callback)(SSL *, void *)); - long SSL_CTX_get_tlsext_status_cb(SSL_CTX *ctx, - int (**callback)(SSL *, void *)); + long SSL_CTX_set_tlsext_status_cb(SSL_CTX *ctx, int (*callback)(SSL *, void *)); + long SSL_CTX_get_tlsext_status_cb(SSL_CTX *ctx, int (**callback)(SSL *, void *)); long SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg); long SSL_CTX_get_tlsext_status_arg(SSL_CTX *ctx, void **arg); diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod similarity index 71% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod index 34d8ce9ae08537..9b448db664e176 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod @@ -9,9 +9,9 @@ SSL_CTX_set_tlsext_ticket_key_cb - set a callback for session ticket processing #include long SSL_CTX_set_tlsext_ticket_key_cb(SSL_CTX sslctx, - int (*cb)(SSL *s, unsigned char key_name[16], - unsigned char iv[EVP_MAX_IV_LENGTH], - EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)); + int (*cb)(SSL *s, unsigned char key_name[16], + unsigned char iv[EVP_MAX_IV_LENGTH], + EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)); =head1 DESCRIPTION @@ -112,66 +112,68 @@ exactly as if a full negotiation had occurred. If an attacker can obtain the key used to encrypt a session ticket, they can obtain the master secret for any ticket using that key and decrypt any traffic -using that session: even if the ciphersuite supports forward secrecy. As +using that session: even if the cipher suite supports forward secrecy. As a result applications may wish to use multiple keys and avoid using long term keys stored in files. Applications can use longer keys to maintain a consistent level of security. -For example if a ciphersuite uses 256 bit ciphers but only a 128 bit ticket key +For example if a cipher suite uses 256 bit ciphers but only a 128 bit ticket key the overall security is only 128 bits because breaking the ticket key will enable an attacker to obtain the session keys. =head1 EXAMPLES Reference Implementation: - SSL_CTX_set_tlsext_ticket_key_cb(SSL, ssl_tlsext_ticket_key_cb); - .... - - static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc) - { - if (enc) { /* create new session */ - if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) ) { - return -1; /* insufficient random */ - } - - key = currentkey(); /* something that you need to implement */ - if ( !key ) { - /* current key doesn't exist or isn't valid */ - key = createkey(); /* something that you need to implement. - * createkey needs to initialise, a name, - * an aes_key, a hmac_key and optionally - * an expire time. */ - if ( !key ) { /* key couldn't be created */ - return 0; - } - } - memcpy(key_name, key->name, 16); - - EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv); - HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL); - - return 1; - - } else { /* retrieve session */ - key = findkey(name); - - if (!key || key->expire < now() ) { - return 0; - } - - HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL); - EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv ); - - if (key->expire < ( now() - RENEW_TIME ) ) { - /* return 2 - this session will get a new ticket even though the current is still valid */ - return 2; - } - return 1; - - } - } - + SSL_CTX_set_tlsext_ticket_key_cb(SSL, ssl_tlsext_ticket_key_cb); + ... + + static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], + unsigned char *iv, EVP_CIPHER_CTX *ctx, + HMAC_CTX *hctx, int enc) + { + if (enc) { /* create new session */ + if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) <= 0) + return -1; /* insufficient random */ + + key = currentkey(); /* something that you need to implement */ + if (key == NULL) { + /* current key doesn't exist or isn't valid */ + key = createkey(); /* + * Something that you need to implement. + * createkey needs to initialise a name, + * an aes_key, a hmac_key and optionally + * an expire time. + */ + if (key == NULL) /* key couldn't be created */ + return 0; + } + memcpy(key_name, key->name, 16); + + EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv); + HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL); + + return 1; + + } else { /* retrieve session */ + key = findkey(name); + + if (key == NULL || key->expire < now()) + return 0; + + HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL); + EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv); + + if (key->expire < now() - RENEW_TIME) { + /* + * return 2 - This session will get a new ticket even though the + * current one is still valid. + */ + return 2; + } + return 1; + } + } =head1 RETURN VALUES @@ -179,7 +181,7 @@ returns 0 to indicate the callback function was set. =head1 SEE ALSO -L, L, +L, L, L, L, L, @@ -188,7 +190,7 @@ L, =head1 COPYRIGHT -Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/SSL_CTX_set_tlsext_use_srtp.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_tlsext_use_srtp.pod similarity index 96% rename from deps/openssl/openssl/doc/crypto/SSL_CTX_set_tlsext_use_srtp.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_set_tlsext_use_srtp.pod index 2746d5018c1f99..e501934a757902 100644 --- a/deps/openssl/openssl/doc/crypto/SSL_CTX_set_tlsext_use_srtp.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_tlsext_use_srtp.pod @@ -75,7 +75,7 @@ SSL_get_selected_srtp_profile(). This function will return NULL if no SRTP protection profile was negotiated. The memory returned from this function should not be freed by the caller. -If an SRTP protection profile has been sucessfully negotiated then the SRTP +If an SRTP protection profile has been successfully negotiated then the SRTP keying material (on both the client and server) should be obtained via a call to L. This call should provide a label value of "EXTRACTOR-dtls_srtp" and a NULL context value (use_context is 0). The total @@ -101,7 +101,7 @@ L =head1 COPYRIGHT -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_tmp_dh_callback.pod similarity index 84% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_set_tmp_dh_callback.pod index fbfb8cbaa5598e..a2ac1c0adbbc5a 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_tmp_dh_callback.pod @@ -9,11 +9,13 @@ SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_se #include void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, - DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); + DH *(*tmp_dh_callback)(SSL *ssl, int is_export, + int keylength)); long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh); void SSL_set_tmp_dh_callback(SSL *ctx, - DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); + DH *(*tmp_dh_callback)(SSL *ssl, int is_export, + int keylength)); long SSL_set_tmp_dh(SSL *ssl, DH *dh) =head1 DESCRIPTION @@ -74,7 +76,7 @@ can supply the DH parameters via a callback function. Previous versions of the callback used B and B parameters to control parameter generation for export and non-export -cipher suites. Modern servers that do not support export ciphersuites +cipher suites. Modern servers that do not support export cipher suites are advised to either use SSL_CTX_set_tmp_dh() or alternatively, use the callback but ignore B and B and simply supply at least 2048-bit parameters in the callback. @@ -84,31 +86,27 @@ supply at least 2048-bit parameters in the callback. Setup DH parameters with a key length of 2048 bits. (Error handling partly left out.) - Command-line parameter generation: +Command-line parameter generation: + $ openssl dhparam -out dh_param_2048.pem 2048 - Code for setting up parameters during server initialization: +Code for setting up parameters during server initialization: - ... SSL_CTX ctx = SSL_CTX_new(); - ... - /* Set up ephemeral DH parameters. */ DH *dh_2048 = NULL; - FILE *paramfile; - paramfile = fopen("dh_param_2048.pem", "r"); + FILE *paramfile = fopen("dh_param_2048.pem", "r"); + if (paramfile) { - dh_2048 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); - fclose(paramfile); + dh_2048 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); + fclose(paramfile); } else { - /* Error. */ - } - if (dh_2048 == NULL) { - /* Error. */ - } - if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1) { - /* Error. */ + /* Error. */ } + if (dh_2048 == NULL) + /* Error. */ + if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1) + /* Error. */ ... =head1 RETURN VALUES @@ -121,7 +119,7 @@ on failure. Check the error queue to find out the reason of failure. =head1 SEE ALSO -L, L, +L, L, L, L, L diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_verify.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_verify.pod similarity index 62% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_set_verify.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_set_verify.pod index 799349892c3f99..21d9ae1018dc23 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_verify.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_verify.pod @@ -5,22 +5,28 @@ SSL_get_ex_data_X509_STORE_CTX_idx, SSL_CTX_set_verify, SSL_set_verify, SSL_CTX_set_verify_depth, SSL_set_verify_depth, -SSL_verify_cb +SSL_verify_cb, +SSL_verify_client_post_handshake, +SSL_set_post_handshake_auth, +SSL_CTX_set_post_handshake_auth - set peer certificate verification parameters =head1 SYNOPSIS #include + typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); + void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, SSL_verify_cb verify_callback); - void SSL_set_verify(SSL *s, int mode, SSL_verify_cb verify_callback); + void SSL_set_verify(SSL *ssl, int mode, SSL_verify_cb verify_callback); SSL_get_ex_data_X509_STORE_CTX_idx(void); void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); - void SSL_set_verify_depth(SSL *s, int depth); + void SSL_set_verify_depth(SSL *ssl, int depth); - - typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); + int SSL_verify_client_post_handshake(SSL *ssl); + void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val); + void SSL_set_post_handshake_auth(SSL *ssl, int val); =head1 DESCRIPTION @@ -44,6 +50,17 @@ verification that shall be allowed for B. SSL_set_verify_depth() sets the maximum B for the certificate chain verification that shall be allowed for B. +SSL_CTX_set_post_handshake_auth() and SSL_set_post_handshake_auth() enable the +Post-Handshake Authentication extension to be added to the ClientHello such that +post-handshake authentication can be requested by the server. If B is 0 +then the extension is not sent, otherwise it is. By default the extension is not +sent. A certificate callback will need to be set via +SSL_CTX_set_client_cert_cb() if no certificate is provided at initialization. + +SSL_verify_client_post_handshake() causes a CertificateRequest message to be +sent by a server on the given B connection. The SSL_VERIFY_PEER flag must +be set; the SSL_VERIFY_POST_HANDSHAKE flag is optional. + =head1 NOTES The verification of certificates can be controlled by a set of logically @@ -70,7 +87,8 @@ fails, the TLS/SSL handshake is immediately terminated with an alert message containing the reason for the verification failure. The behaviour can be controlled by the additional -SSL_VERIFY_FAIL_IF_NO_PEER_CERT and SSL_VERIFY_CLIENT_ONCE flags. +SSL_VERIFY_FAIL_IF_NO_PEER_CERT, SSL_VERIFY_CLIENT_ONCE and +SSL_VERIFY_POST_HANDSHAKE flags. B the server certificate is verified. If the verification process fails, the TLS/SSL handshake is @@ -88,9 +106,22 @@ B ignored =item SSL_VERIFY_CLIENT_ONCE -B only request a client certificate on the initial TLS/SSL -handshake. Do not ask for a client certificate again in case of a -renegotiation. This flag must be used together with SSL_VERIFY_PEER. +B only request a client certificate once during the +connection. Do not ask for a client certificate again during +renegotiation or post-authentication if a certificate was requested +during the initial handshake. This flag must be used together with +SSL_VERIFY_PEER. + +B ignored + +=item SSL_VERIFY_POST_HANDSHAKE + +B the server will not send a client certificate request +during the initial handshake, but will send the request via +SSL_verify_client_post_handshake(). This allows the SSL_CTX or SSL +to be configured for post-handshake peer verification before the +handshake occurs. This flag must be used together with +SSL_VERIFY_PEER. TLSv1.3 only; no effect on pre-TLSv1.3 connections. B ignored @@ -155,6 +186,20 @@ Its return value is identical to B, so that any verification failure will lead to a termination of the TLS/SSL handshake with an alert message, if SSL_VERIFY_PEER is set. +After calling SSL_set_post_handshake_auth(), the client will need to add a +certificate or certificate callback to its configuration before it can +successfully authenticate. This must be called before SSL_connect(). + +SSL_verify_client_post_handshake() requires that verify flags have been +previously set, and that a client sent the post-handshake authentication +extension. When the client returns a certificate the verify callback will be +invoked. A write operation must take place for the Certificate Request to be +sent to the client, this can be done with SSL_do_handshake() or SSL_write_ex(). +Only one certificate request may be outstanding at any time. + +When post-handshake authentication occurs, a refreshed NewSessionTicket +message is sent to the client. + =head1 BUGS In client mode, it is not checked whether the SSL_VERIFY_PEER flag @@ -166,6 +211,10 @@ required. The SSL*_set_verify*() functions do not provide diagnostic information. +The SSL_verify_client_post_handshake() function returns 1 if the request +succeeded, and 0 if the request failed. The error stack can be examined +to determine the failure reason. + =head1 EXAMPLES The following code sequence realizes an example B function @@ -190,65 +239,63 @@ L). int always_continue; } mydata_t; int mydata_index; + ... static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx) { - char buf[256]; - X509 *err_cert; - int err, depth; - SSL *ssl; - mydata_t *mydata; - - err_cert = X509_STORE_CTX_get_current_cert(ctx); - err = X509_STORE_CTX_get_error(ctx); - depth = X509_STORE_CTX_get_error_depth(ctx); - - /* - * Retrieve the pointer to the SSL of the connection currently treated - * and the application specific data stored into the SSL object. - */ - ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); - mydata = SSL_get_ex_data(ssl, mydata_index); - - X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256); - - /* - * Catch a too long certificate chain. The depth limit set using - * SSL_CTX_set_verify_depth() is by purpose set to "limit+1" so - * that whenever the "depth>verify_depth" condition is met, we - * have violated the limit and want to log this error condition. - * We must do it here, because the CHAIN_TOO_LONG error would not - * be found explicitly; only errors introduced by cutting off the - * additional certificates would be logged. - */ - if (depth > mydata->verify_depth) { - preverify_ok = 0; - err = X509_V_ERR_CERT_CHAIN_TOO_LONG; - X509_STORE_CTX_set_error(ctx, err); - } - if (!preverify_ok) { - printf("verify error:num=%d:%s:depth=%d:%s\n", err, - X509_verify_cert_error_string(err), depth, buf); - } - else if (mydata->verbose_mode) - { - printf("depth=%d:%s\n", depth, buf); - } - - /* - * At this point, err contains the last verification error. We can use - * it for something special - */ - if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)) - { - X509_NAME_oneline(X509_get_issuer_name(err_cert), buf, 256); - printf("issuer= %s\n", buf); - } - - if (mydata->always_continue) - return 1; - else - return preverify_ok; + char buf[256]; + X509 *err_cert; + int err, depth; + SSL *ssl; + mydata_t *mydata; + + err_cert = X509_STORE_CTX_get_current_cert(ctx); + err = X509_STORE_CTX_get_error(ctx); + depth = X509_STORE_CTX_get_error_depth(ctx); + + /* + * Retrieve the pointer to the SSL of the connection currently treated + * and the application specific data stored into the SSL object. + */ + ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); + mydata = SSL_get_ex_data(ssl, mydata_index); + + X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256); + + /* + * Catch a too long certificate chain. The depth limit set using + * SSL_CTX_set_verify_depth() is by purpose set to "limit+1" so + * that whenever the "depth>verify_depth" condition is met, we + * have violated the limit and want to log this error condition. + * We must do it here, because the CHAIN_TOO_LONG error would not + * be found explicitly; only errors introduced by cutting off the + * additional certificates would be logged. + */ + if (depth > mydata->verify_depth) { + preverify_ok = 0; + err = X509_V_ERR_CERT_CHAIN_TOO_LONG; + X509_STORE_CTX_set_error(ctx, err); + } + if (!preverify_ok) { + printf("verify error:num=%d:%s:depth=%d:%s\n", err, + X509_verify_cert_error_string(err), depth, buf); + } else if (mydata->verbose_mode) { + printf("depth=%d:%s\n", depth, buf); + } + + /* + * At this point, err contains the last verification error. We can use + * it for something special + */ + if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)) { + X509_NAME_oneline(X509_get_issuer_name(err_cert), buf, 256); + printf("issuer= %s\n", buf); + } + + if (mydata->always_continue) + return 1; + else + return preverify_ok; } ... @@ -258,7 +305,7 @@ L). mydata_index = SSL_get_ex_new_index(0, "mydata index", NULL, NULL, NULL); ... - SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE, + SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, verify_callback); /* @@ -276,12 +323,10 @@ L). ... SSL_accept(ssl); /* check of success left out for clarity */ - if (peer = SSL_get_peer_certificate(ssl)) - { - if (SSL_get_verify_result(ssl) == X509_V_OK) - { - /* The client sent a certificate which verified OK */ - } + if (peer = SSL_get_peer_certificate(ssl)) { + if (SSL_get_verify_result(ssl) == X509_V_OK) { + /* The client sent a certificate which verified OK */ + } } =head1 SEE ALSO @@ -293,11 +338,17 @@ L, L, L, L, +L, L +=head1 HISTORY + +The SSL_VERIFY_POST_HANDSHAKE option, and the SSL_verify_client_post_handshake() +and SSL_set_post_handshake_auth() functions were added in OpenSSL 1.1.1. + =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_use_certificate.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_use_certificate.pod similarity index 86% rename from deps/openssl/openssl/doc/ssl/SSL_CTX_use_certificate.pod rename to deps/openssl/openssl/doc/man3/SSL_CTX_use_certificate.pod index 8ed7b5ea15c8c2..b065d8f9e5cb38 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_use_certificate.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_use_certificate.pod @@ -11,7 +11,8 @@ SSL_CTX_use_PrivateKey_file, SSL_CTX_use_RSAPrivateKey, SSL_CTX_use_RSAPrivateKey_ASN1, SSL_CTX_use_RSAPrivateKey_file, SSL_use_PrivateKey_file, SSL_use_PrivateKey_ASN1, SSL_use_PrivateKey, SSL_use_RSAPrivateKey, SSL_use_RSAPrivateKey_ASN1, -SSL_use_RSAPrivateKey_file, SSL_CTX_check_private_key, SSL_check_private_key +SSL_use_RSAPrivateKey_file, SSL_CTX_check_private_key, SSL_check_private_key, +SSL_CTX_use_cert_and_key, SSL_use_cert_and_key - load certificate and key data =head1 SYNOPSIS @@ -45,6 +46,9 @@ SSL_use_RSAPrivateKey_file, SSL_CTX_check_private_key, SSL_check_private_key int SSL_CTX_check_private_key(const SSL_CTX *ctx); int SSL_check_private_key(const SSL *ssl); + int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override); + int SSL_use_cert_and_key(SSL *ssl, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override); + =head1 DESCRIPTION These functions load the certificates and private keys into the SSL_CTX @@ -94,6 +98,19 @@ key pair the new certificate needs to be set with SSL_use_certificate() or SSL_CTX_use_certificate() before setting the private key with SSL_CTX_use_PrivateKey() or SSL_use_PrivateKey(). +SSL_CTX_use_cert_and_key() and SSL_use_cert_and_key() assign the X.509 +certificate B, private key B, and certificate B onto the +corresponding B or B. The B argument must be the private +key of the X.509 certificate B. If the B argument is 0, then +B, B and B are set only if all were not previously set. +If B is non-0, then the certificate, private key and chain certs +are always set. If B is NULL, then the public key of B is used as +the private key. This is intended to be used with hardware (via the ENGINE +interface) that stores the private key securely, such that it cannot be +accessed by OpenSSL. The reference count of the public key is incremented +(twice if there is no private key); it is not copied nor duplicated. This +allows all private key validations checks to succeed without an actual +private key being assigned via SSL_CTX_use_PrivateKey(), etc. SSL_CTX_use_PrivateKey_ASN1() adds the private key of type B stored at memory location B (length B) to B. @@ -103,7 +120,7 @@ SSL_use_PrivateKey_ASN1() and SSL_use_RSAPrivateKey_ASN1() add the private key to B. SSL_CTX_use_PrivateKey_file() adds the first private key found in -B to B. The formatting B of the certificate must be specified +B to B. The formatting B of the private key must be specified from the known types SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1. SSL_CTX_use_RSAPrivateKey_file() adds the first private RSA key found in B to B. SSL_use_PrivateKey_file() adds the first private key found @@ -167,7 +184,7 @@ Otherwise check out the error stack to find out the reason. =head1 SEE ALSO -L, L, L, +L, L, L, L, L, L, diff --git a/deps/openssl/openssl/doc/man3/SSL_CTX_use_psk_identity_hint.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_use_psk_identity_hint.pod new file mode 100644 index 00000000000000..c8f7526610a8a5 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_use_psk_identity_hint.pod @@ -0,0 +1,155 @@ +=pod + +=head1 NAME + +SSL_psk_server_cb_func, +SSL_psk_find_session_cb_func, +SSL_CTX_use_psk_identity_hint, +SSL_use_psk_identity_hint, +SSL_CTX_set_psk_server_callback, +SSL_set_psk_server_callback, +SSL_CTX_set_psk_find_session_callback, +SSL_set_psk_find_session_callback +- set PSK identity hint to use + +=head1 SYNOPSIS + + #include + + typedef int (*SSL_psk_find_session_cb_func)(SSL *ssl, + const unsigned char *identity, + size_t identity_len, + SSL_SESSION **sess); + + + void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx, + SSL_psk_find_session_cb_func cb); + void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb); + + typedef unsigned int (*SSL_psk_server_cb_func)(SSL *ssl, + const char *identity, + unsigned char *psk, + unsigned int max_psk_len); + + int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *hint); + int SSL_use_psk_identity_hint(SSL *ssl, const char *hint); + + void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb); + void SSL_set_psk_server_callback(SSL *ssl, SSL_psk_server_cb_func cb); + +=head1 DESCRIPTION + +A client application wishing to use TLSv1.3 PSKs should set a callback +using either SSL_CTX_set_psk_use_session_callback() or +SSL_set_psk_use_session_callback() as appropriate. + +The callback function is given a pointer to the SSL connection in B and +an identity in B of length B. The callback function +should identify an SSL_SESSION object that provides the PSK details and store it +in B<*sess>. The SSL_SESSION object should, as a minimum, set the master key, +the ciphersuite and the protocol version. See +L for details. + +It is also possible for the callback to succeed but not supply a PSK. In this +case no PSK will be used but the handshake will continue. To do this the +callback should return successfully and ensure that B<*sess> is +NULL. + +Identity hints are not relevant for TLSv1.3. A server application wishing to use +PSK ciphersuites for TLSv1.2 and below may call SSL_CTX_use_psk_identity_hint() +to set the given B-terminated PSK identity hint B for SSL context +object B. SSL_use_psk_identity_hint() sets the given B-terminated PSK +identity hint B for the SSL connection object B. If B is +B the current hint from B or B is deleted. + +In the case where PSK identity hint is B, the server does not send the +ServerKeyExchange message to the client. + +A server application wishing to use PSKs for TLSv1.2 and below must provide a +callback function which is called when the server receives the +ClientKeyExchange message from the client. The purpose of the callback function +is to validate the received PSK identity and to fetch the pre-shared key used +during the connection setup phase. The callback is set using the functions +SSL_CTX_set_psk_server_callback() or SSL_set_psk_server_callback(). The callback +function is given the connection in parameter B, B-terminated PSK +identity sent by the client in parameter B, and a buffer B of +length B bytes where the pre-shared key is to be stored. + +The callback for use in TLSv1.2 will also work in TLSv1.3 although it is +recommended to use SSL_CTX_set_psk_find_session_callback() +or SSL_set_psk_find_session_callback() for this purpose instead. If TLSv1.3 has +been negotiated then OpenSSL will first check to see if a callback has been set +via SSL_CTX_set_psk_find_session_callback() or SSL_set_psk_find_session_callback() +and it will use that in preference. If no such callback is present then it will +check to see if a callback has been set via SSL_CTX_set_psk_server_callback() or +SSL_set_psk_server_callback() and use that. In this case the handshake digest +will default to SHA-256 for any returned PSK. + +=head1 NOTES + +A connection established via a TLSv1.3 PSK will appear as if session resumption +has occurred so that L will return true. + +=head1 RETURN VALUES + +B and B return +1 on success, 0 otherwise. + +Return values from the TLSv1.2 and below server callback are interpreted as +follows: + +=over 4 + +=item Z<>0 + +PSK identity was not found. An "unknown_psk_identity" alert message +will be sent and the connection setup fails. + +=item E0 + +PSK identity was found and the server callback has provided the PSK +successfully in parameter B. Return value is the length of +B in bytes. It is an error to return a value greater than +B. + +If the PSK identity was not found but the callback instructs the +protocol to continue anyway, the callback must provide some random +data to B and return the length of the random data, so the +connection will fail with decryption_error before it will be finished +completely. + +=back + +The B callback should return 1 on success or 0 on +failure. In the event of failure the connection setup fails. + +=head1 NOTES + +There are no known security issues with sharing the same PSK between TLSv1.2 (or +below) and TLSv1.3. However the RFC has this note of caution: + +"While there is no known way in which the same PSK might produce related output +in both versions, only limited analysis has been done. Implementations can +ensure safety from cross-protocol related output by not reusing PSKs between +TLS 1.3 and TLS 1.2." + +=head1 SEE ALSO + +L, +L + +=head1 HISTORY + +SSL_CTX_set_psk_find_session_callback() and SSL_set_psk_find_session_callback() +were added in OpenSSL 1.1.1. + +=head1 COPYRIGHT + +Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/SSL_CTX_use_serverinfo.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_use_serverinfo.pod new file mode 100644 index 00000000000000..d35a196ffea3f2 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_use_serverinfo.pod @@ -0,0 +1,83 @@ +=pod + +=head1 NAME + +SSL_CTX_use_serverinfo_ex, +SSL_CTX_use_serverinfo, +SSL_CTX_use_serverinfo_file +- use serverinfo extension + +=head1 SYNOPSIS + + #include + + int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version, + const unsigned char *serverinfo, + size_t serverinfo_length); + + int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, + size_t serverinfo_length); + + int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); + +=head1 DESCRIPTION + +These functions load "serverinfo" TLS extensions into the SSL_CTX. A +"serverinfo" extension is returned in response to an empty ClientHello +Extension. + +SSL_CTX_use_serverinfo_ex() loads one or more serverinfo extensions from +a byte array into B. The B parameter specifies the format of the +byte array provided in B<*serverinfo> which is of length B. + +If B is B then the extensions in the array must +consist of a 4-byte context, a 2-byte Extension Type, a 2-byte length, and then +length bytes of extension_data. The context and type values have the same +meaning as for L. If serverinfo is being loaded for +extensions to be added to a Certificate message, then the extension will only +be added for the first certificate in the message (which is always the +end-entity certificate). + +If B is B then the extensions in the array must +consist of a 2-byte Extension Type, a 2-byte length, and then length bytes of +extension_data. The type value has the same meaning as for +L. The following default context value will be used +in this case: + + SSL_EXT_TLS1_2_AND_BELOW_ONLY | SSL_EXT_CLIENT_HELLO + | SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_IGNORE_ON_RESUMPTION + +SSL_CTX_use_serverinfo() does the same thing as SSL_CTX_use_serverinfo_ex() +except that there is no B parameter so a default version of +SSL_SERVERINFOV1 is used instead. + +SSL_CTX_use_serverinfo_file() loads one or more serverinfo extensions from +B into B. The extensions must be in PEM format. Each extension +must be in a format as described above for SSL_CTX_use_serverinfo_ex(). Each +PEM extension name must begin with the phrase "BEGIN SERVERINFOV2 FOR " for +SSL_SERVERINFOV2 data or "BEGIN SERVERINFO FOR " for SSL_SERVERINFOV1 data. + +If more than one certificate (RSA/DSA) is installed using +SSL_CTX_use_certificate(), the serverinfo extension will be loaded into the +last certificate installed. If e.g. the last item was a RSA certificate, the +loaded serverinfo extension data will be loaded for that certificate. To +use the serverinfo extension for multiple certificates, +SSL_CTX_use_serverinfo() needs to be called multiple times, once B +each time a certificate is loaded via a call to SSL_CTX_use_certificate(). + +=head1 RETURN VALUES + +On success, the functions return 1. +On failure, the functions return 0. Check out the error stack to find out +the reason. + +=head1 COPYRIGHT + +Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/ssl/SSL_SESSION_free.pod b/deps/openssl/openssl/doc/man3/SSL_SESSION_free.pod similarity index 90% rename from deps/openssl/openssl/doc/ssl/SSL_SESSION_free.pod rename to deps/openssl/openssl/doc/man3/SSL_SESSION_free.pod index 5bea7850701d09..87a1cab1b46294 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_SESSION_free.pod +++ b/deps/openssl/openssl/doc/man3/SSL_SESSION_free.pod @@ -3,6 +3,7 @@ =head1 NAME SSL_SESSION_new, +SSL_SESSION_dup, SSL_SESSION_up_ref, SSL_SESSION_free - create, free and manage SSL_SESSION structures @@ -11,6 +12,7 @@ SSL_SESSION_free - create, free and manage SSL_SESSION structures #include SSL_SESSION *SSL_SESSION_new(void); + SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *src); int SSL_SESSION_up_ref(SSL_SESSION *ses); void SSL_SESSION_free(SSL_SESSION *session); @@ -19,6 +21,9 @@ SSL_SESSION_free - create, free and manage SSL_SESSION structures SSL_SESSION_new() creates a new SSL_SESSION structure and returns a pointer to it. +SSL_SESSION_dup() copies the contents of the SSL_SESSION structure in B +and returns a pointer to it. + SSL_SESSION_up_ref() increments the reference count on the given SSL_SESSION structure. @@ -61,11 +66,15 @@ SSL_SESSION_up_ref returns 1 on success or 0 on error. =head1 SEE ALSO -L, L, +L, L, L, L, L +=head1 HISTORY + +SSL_SESSION_dup() was added in OpenSSL 1.1.1. + =head1 COPYRIGHT Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/deps/openssl/openssl/doc/man3/SSL_SESSION_get0_cipher.pod b/deps/openssl/openssl/doc/man3/SSL_SESSION_get0_cipher.pod new file mode 100644 index 00000000000000..60f66a2d2b9d28 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/SSL_SESSION_get0_cipher.pod @@ -0,0 +1,58 @@ +=pod + +=head1 NAME + +SSL_SESSION_get0_cipher, +SSL_SESSION_set_cipher +- set and retrieve the SSL cipher associated with a session + +=head1 SYNOPSIS + + #include + + const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s); + int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher); + +=head1 DESCRIPTION + +SSL_SESSION_get0_cipher() retrieves the cipher that was used by the +connection when the session was created, or NULL if it cannot be determined. + +The value returned is a pointer to an object maintained within B and +should not be released. + +SSL_SESSION_set_cipher() can be used to set the ciphersuite associated with the +SSL_SESSION B to B. For example, this could be used to set up a +session based PSK (see L). + +=head1 RETURN VALUES + +SSL_SESSION_get0_cipher() returns the SSL_CIPHER associated with the SSL_SESSION +or NULL if it cannot be determined. + +SSL_SESSION_set_cipher() returns 1 on success or 0 on failure. + +=head1 SEE ALSO + +L, +L, +L, +L, +L, +L + +=head1 HISTORY + +SSL_SESSION_get0_cipher() was first added to OpenSSL 1.1.0. +SSL_SESSION_set_cipher() was first added to OpenSSL 1.1.1. + +=head1 COPYRIGHT + +Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/SSL_SESSION_get0_hostname.pod b/deps/openssl/openssl/doc/man3/SSL_SESSION_get0_hostname.pod new file mode 100644 index 00000000000000..c35c89279520a2 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/SSL_SESSION_get0_hostname.pod @@ -0,0 +1,74 @@ +=pod + +=head1 NAME + +SSL_SESSION_get0_hostname, +SSL_SESSION_set1_hostname, +SSL_SESSION_get0_alpn_selected, +SSL_SESSION_set1_alpn_selected +- get and set SNI and ALPN data ssociated with a session + +=head1 SYNOPSIS + + #include + + const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s); + int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname); + + void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s, + const unsigned char **alpn, + size_t *len); + int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, const unsigned char *alpn, + size_t len); + +=head1 DESCRIPTION + +SSL_SESSION_get0_hostname() retrieves the SNI value that was sent by the +client when the session was created, or NULL if no value was sent. + +The value returned is a pointer to memory maintained within B and +should not be free'd. + +SSL_SESSION_set1_hostname() sets the SNI value for the hostname to a copy of +the string provided in hostname. + +SSL_SESSION_get0_alpn_selected() retrieves the selected ALPN protocol for this +session and its associated length in bytes. The returned value of B<*alpn> is a +pointer to memory maintained within B and should not be free'd. + +SSL_SESSION_set1_alpn_selected() sets the ALPN protocol for this session to the +value in B which should be of length B bytes. A copy of the input +value is made, and the caller retains ownership of the memory pointed to by +B. + +=head1 RETURN VALUES + +SSL_SESSION_get0_hostname() returns either a string or NULL based on if there +is the SNI value sent by client. + +SSL_SESSION_set1_hostname() returns 1 on success or 0 on error. + +SSL_SESSION_set1_alpn_selected() returns 1 on success or 0 on error. + +=head1 SEE ALSO + +L, +L, +L, +L + +=head1 HISTORY + +SSL_SESSION_set1_hostname(), SSL_SESSION_get0_alpn_selected() and +SSL_SESSION_set1_alpn_selected() were added in OpenSSL 1.1.1. + +=head1 COPYRIGHT + +Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/ssl/SSL_SESSION_get0_id_context.pod b/deps/openssl/openssl/doc/man3/SSL_SESSION_get0_id_context.pod similarity index 99% rename from deps/openssl/openssl/doc/ssl/SSL_SESSION_get0_id_context.pod rename to deps/openssl/openssl/doc/man3/SSL_SESSION_get0_id_context.pod index ee4a256b06ada3..69619a72b4346c 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_SESSION_get0_id_context.pod +++ b/deps/openssl/openssl/doc/man3/SSL_SESSION_get0_id_context.pod @@ -37,7 +37,7 @@ SSL_SESSION_set1_id_context() returns 1 on success or 0 on error. =head1 SEE ALSO -L, +L, L =head1 HISTORY diff --git a/deps/openssl/openssl/doc/ssl/SSL_SESSION_get0_peer.pod b/deps/openssl/openssl/doc/man3/SSL_SESSION_get0_peer.pod similarity index 98% rename from deps/openssl/openssl/doc/ssl/SSL_SESSION_get0_peer.pod rename to deps/openssl/openssl/doc/man3/SSL_SESSION_get0_peer.pod index a95f8a5b2e95e3..f6f2a1cd25b78e 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_SESSION_get0_peer.pod +++ b/deps/openssl/openssl/doc/man3/SSL_SESSION_get0_peer.pod @@ -24,7 +24,7 @@ no peer certificate is available. =head1 SEE ALSO -L +L =head1 COPYRIGHT diff --git a/deps/openssl/openssl/doc/ssl/SSL_SESSION_get_compress_id.pod b/deps/openssl/openssl/doc/man3/SSL_SESSION_get_compress_id.pod similarity index 98% rename from deps/openssl/openssl/doc/ssl/SSL_SESSION_get_compress_id.pod rename to deps/openssl/openssl/doc/man3/SSL_SESSION_get_compress_id.pod index 5045c537dbfe6f..0bdccb4b76950f 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_SESSION_get_compress_id.pod +++ b/deps/openssl/openssl/doc/man3/SSL_SESSION_get_compress_id.pod @@ -25,7 +25,7 @@ none. =head1 SEE ALSO -L +L =head1 COPYRIGHT diff --git a/deps/openssl/openssl/doc/ssl/SSL_SESSION_get_ex_data.pod b/deps/openssl/openssl/doc/man3/SSL_SESSION_get_ex_data.pod similarity index 99% rename from deps/openssl/openssl/doc/ssl/SSL_SESSION_get_ex_data.pod rename to deps/openssl/openssl/doc/man3/SSL_SESSION_get_ex_data.pod index e922abc57a332a..f44c4e8e1fb536 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_SESSION_get_ex_data.pod +++ b/deps/openssl/openssl/doc/man3/SSL_SESSION_get_ex_data.pod @@ -32,7 +32,7 @@ failure. NULL may also be a valid value. =head1 SEE ALSO -L, +L, L =head1 COPYRIGHT diff --git a/deps/openssl/openssl/doc/ssl/SSL_SESSION_get_protocol_version.pod b/deps/openssl/openssl/doc/man3/SSL_SESSION_get_protocol_version.pod similarity index 52% rename from deps/openssl/openssl/doc/ssl/SSL_SESSION_get_protocol_version.pod rename to deps/openssl/openssl/doc/man3/SSL_SESSION_get_protocol_version.pod index a033fdd9bbdeec..84c9ac173b5c3c 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_SESSION_get_protocol_version.pod +++ b/deps/openssl/openssl/doc/man3/SSL_SESSION_get_protocol_version.pod @@ -2,39 +2,51 @@ =head1 NAME -SSL_SESSION_get_protocol_version - retrieve session protocol version +SSL_SESSION_get_protocol_version, +SSL_SESSION_set_protocol_version +- get and set the session protocol version =head1 SYNOPSIS #include int SSL_SESSION_get_protocol_version(const SSL_SESSION *s); + int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version); =head1 DESCRIPTION SSL_SESSION_get_protocol_version() returns the protocol version number used by session B. +SSL_SESSION_set_protocol_version() sets the protocol version associated with the +SSL_SESSION object B to the value B. This value should be a version +constant such as B etc. For example, this could be used to set +up a session based PSK (see L). + =head1 RETURN VALUES SSL_SESSION_get_protocol_version() returns a number indicating the protocol version used for the session; this number matches the constants I -B or B. +B, B or B. Note that the SSL_SESSION_get_protocol_version() function does B perform a null check on the provided session B pointer. +SSL_SESSION_set_protocol_version() returns 1 on success or 0 on failure. + =head1 SEE ALSO -L +L, +L =head1 HISTORY -SSL_SESSION_get_protocol_version() was first added to OpenSSL 1.1.0 +SSL_SESSION_get_protocol_version() was first added to OpenSSL 1.1.0. +SSL_SESSION_set_protocol_version() was first added to OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/ssl/SSL_SESSION_get_time.pod b/deps/openssl/openssl/doc/man3/SSL_SESSION_get_time.pod similarity index 100% rename from deps/openssl/openssl/doc/ssl/SSL_SESSION_get_time.pod rename to deps/openssl/openssl/doc/man3/SSL_SESSION_get_time.pod diff --git a/deps/openssl/openssl/doc/ssl/SSL_SESSION_has_ticket.pod b/deps/openssl/openssl/doc/man3/SSL_SESSION_has_ticket.pod similarity index 87% rename from deps/openssl/openssl/doc/ssl/SSL_SESSION_has_ticket.pod rename to deps/openssl/openssl/doc/man3/SSL_SESSION_has_ticket.pod index a84440b5ab3dfb..7197382369de4c 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_SESSION_has_ticket.pod +++ b/deps/openssl/openssl/doc/man3/SSL_SESSION_has_ticket.pod @@ -29,6 +29,12 @@ NULL then a pointer to the ticket is written to B<*tick>. The pointer is only valid while the connection is in use. The session (and hence the ticket pointer) may also become invalid as a result of a call to SSL_CTX_flush_sessions(). +=head1 RETURN VALUES + +SSL_SESSION_has_ticket() returns 1 if session ticket exists or 0 otherwise. + +SSL_SESSION_get_ticket_lifetime_hint() returns the number of seconds. + =head1 SEE ALSO L, @@ -43,7 +49,7 @@ SSL_SESSION_get0_ticket were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/SSL_SESSION_is_resumable.pod b/deps/openssl/openssl/doc/man3/SSL_SESSION_is_resumable.pod new file mode 100644 index 00000000000000..729479a99b4810 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/SSL_SESSION_is_resumable.pod @@ -0,0 +1,44 @@ +=pod + +=head1 NAME + +SSL_SESSION_is_resumable +- determine whether an SSL_SESSION object can be used for resumption + +=head1 SYNOPSIS + + #include + + int SSL_SESSION_is_resumable(const SSL_SESSION *s); + +=head1 DESCRIPTION + +SSL_SESSION_is_resumable() determines whether an SSL_SESSION object can be used +to resume a session or not. Returns 1 if it can or 0 if not. Note that +attempting to resume with a non-resumable session will result in a full +handshake. + +=head1 RETURN VALUES + +SSL_SESSION_is_resumable() returns 1 if the session is resumable or 0 otherwise. + +=head1 SEE ALSO + +L, +L, +L + +=head1 HISTORY + +SSL_SESSION_is_resumable() was first added to OpenSSL 1.1.1 + +=head1 COPYRIGHT + +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/ssl/SSL_SESSION_print.pod b/deps/openssl/openssl/doc/man3/SSL_SESSION_print.pod similarity index 99% rename from deps/openssl/openssl/doc/ssl/SSL_SESSION_print.pod rename to deps/openssl/openssl/doc/man3/SSL_SESSION_print.pod index 9a44c11cbd13a7..957411a771a77f 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_SESSION_print.pod +++ b/deps/openssl/openssl/doc/man3/SSL_SESSION_print.pod @@ -33,7 +33,7 @@ SSL_SESSION_print(), SSL_SESSION_print_fp() and SSL_SESSION_print_keylog return =head1 SEE ALSO -L +L =head1 COPYRIGHT diff --git a/deps/openssl/openssl/doc/ssl/SSL_SESSION_set1_id.pod b/deps/openssl/openssl/doc/man3/SSL_SESSION_set1_id.pod similarity index 93% rename from deps/openssl/openssl/doc/ssl/SSL_SESSION_set1_id.pod rename to deps/openssl/openssl/doc/man3/SSL_SESSION_set1_id.pod index 0bd9b8340d000a..f0b131d6a1f6f7 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_SESSION_set1_id.pod +++ b/deps/openssl/openssl/doc/man3/SSL_SESSION_set1_id.pod @@ -21,7 +21,7 @@ SSL_SESSION_get_id() returns a pointer to the internal session id value for the session B. The length of the id in bytes is stored in B<*len>. The length may be 0. The caller should not free the returned pointer directly. -SSL_SESSION_set1_id() sets the the session ID for the B SSL/TLS session +SSL_SESSION_set1_id() sets the session ID for the B SSL/TLS session to B of length B. =head1 RETURN VALUES @@ -32,7 +32,7 @@ if the supplied session ID length exceeds B. =head1 SEE ALSO -L +L =head1 HISTORY diff --git a/deps/openssl/openssl/doc/ssl/SSL_accept.pod b/deps/openssl/openssl/doc/man3/SSL_accept.pod similarity index 98% rename from deps/openssl/openssl/doc/ssl/SSL_accept.pod rename to deps/openssl/openssl/doc/man3/SSL_accept.pod index 3248cacf1e8a18..335655f0c8c8cd 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_accept.pod +++ b/deps/openssl/openssl/doc/man3/SSL_accept.pod @@ -65,7 +65,7 @@ to find out the reason. =head1 SEE ALSO L, L, -L, L, L, +L, L, L, L, L, L diff --git a/deps/openssl/openssl/doc/ssl/SSL_alert_type_string.pod b/deps/openssl/openssl/doc/man3/SSL_alert_type_string.pod similarity index 99% rename from deps/openssl/openssl/doc/ssl/SSL_alert_type_string.pod rename to deps/openssl/openssl/doc/man3/SSL_alert_type_string.pod index 6e2768e8ff43e5..b88465b1bfb5a8 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_alert_type_string.pod +++ b/deps/openssl/openssl/doc/man3/SSL_alert_type_string.pod @@ -228,7 +228,7 @@ Probably B does not contain a correct alert message. =head1 SEE ALSO -L, L +L, L =head1 COPYRIGHT diff --git a/deps/openssl/openssl/doc/man3/SSL_alloc_buffers.pod b/deps/openssl/openssl/doc/man3/SSL_alloc_buffers.pod new file mode 100644 index 00000000000000..94bd05840c84d3 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/SSL_alloc_buffers.pod @@ -0,0 +1,67 @@ +=pod + +=head1 NAME + +SSL_free_buffers, SSL_alloc_buffers - manage SSL structure buffers + +=head1 SYNOPSIS + + #include + + int SSL_free_buffers(SSL *ssl); + int SSL_alloc_buffers(SSL *ssl); + +=head1 DESCRIPTION + +SSL_free_buffers() frees the read and write buffers of the given B. +SSL_alloc_buffers() allocates the read and write buffers of the given B. + +The B mode releases read or write buffers whenever +the buffers have been drained. These functions allow applications to manually +control when buffers are freed and allocated. + +After freeing the buffers, the buffers are automatically reallocated upon a +new read or write. The SSL_alloc_buffers() does not need to be called, but +can be used to make sure the buffers are pre-allocated. This can be used to +avoid allocation during data processing or with CRYPTO_set_mem_functions() +to control where and how buffers are allocated. + +=head1 RETURN VALUES + +The following return values can occur: + +=over 4 + +=item 0 (Failure) + +The SSL_free_buffers() function returns 0 when there is pending data to be +read or written. The SSL_alloc_buffers() function returns 0 when there is +an allocation failure. + +=item 1 (Success) + +The SSL_free_buffers() function returns 1 if the buffers have been freed. This +value is also returned if the buffers had been freed before calling +SSL_free_buffers(). +The SSL_alloc_buffers() function returns 1 if the buffers have been allocated. +This value is also returned if the buffers had been allocated before calling +SSL_alloc_buffers(). + +=back + +=head1 SEE ALSO + +L, L, +L, L, +L + +=head1 COPYRIGHT + +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/ssl/SSL_check_chain.pod b/deps/openssl/openssl/doc/man3/SSL_check_chain.pod similarity index 92% rename from deps/openssl/openssl/doc/ssl/SSL_check_chain.pod rename to deps/openssl/openssl/doc/man3/SSL_check_chain.pod index 8691994229a0a6..4de36cc7878487 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_check_chain.pod +++ b/deps/openssl/openssl/doc/man3/SSL_check_chain.pod @@ -72,19 +72,19 @@ The validity of a chain is determined by checking if it matches a supported signature algorithm, supported curves and in the case of client authentication certificate types and issuer names. -Since the supported signature algorithms extension is only used in TLS 1.2 -and DTLS 1.2 the results for earlier versions of TLS and DTLS may not be -very useful. Applications may wish to specify a different "legacy" chain +Since the supported signature algorithms extension is only used in TLS 1.2, +TLS 1.3 and DTLS 1.2 the results for earlier versions of TLS and DTLS may not +be very useful. Applications may wish to specify a different "legacy" chain for earlier versions of TLS or DTLS. =head1 SEE ALSO L, -L +L =head1 COPYRIGHT -Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/ssl/SSL_clear.pod b/deps/openssl/openssl/doc/man3/SSL_clear.pod similarity index 98% rename from deps/openssl/openssl/doc/ssl/SSL_clear.pod rename to deps/openssl/openssl/doc/man3/SSL_clear.pod index ed0ad60cbea5cd..385e4f6e28d961 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_clear.pod +++ b/deps/openssl/openssl/doc/man3/SSL_clear.pod @@ -69,7 +69,7 @@ The SSL_clear() operation was successful. L, L, L, L, -L, L, +L, L, L =head1 COPYRIGHT diff --git a/deps/openssl/openssl/doc/ssl/SSL_connect.pod b/deps/openssl/openssl/doc/man3/SSL_connect.pod similarity index 70% rename from deps/openssl/openssl/doc/ssl/SSL_connect.pod rename to deps/openssl/openssl/doc/man3/SSL_connect.pod index df198f9b2e7c5b..426b8ad757dbd1 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_connect.pod +++ b/deps/openssl/openssl/doc/man3/SSL_connect.pod @@ -35,6 +35,21 @@ nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. +Many systems implement Nagle's algorithm by default which means that it will +buffer outgoing TCP data if a TCP packet has already been sent for which no +corresponding ACK has been received yet from the peer. This can have performance +impacts after a successful TLSv1.3 handshake or a successful TLSv1.2 (or below) +resumption handshake, because the last peer to communicate in the handshake is +the client. If the client is also the first to send application data (as is +typical for many protocols) then this data could be buffered until an ACK has +been received for the final handshake message. + +The B socket option is often available to disable Nagle's +algorithm. If an application opts to disable Nagle's algorithm consideration +should be given to turning it back on again later if appropriate. The helper +function BIO_set_tcp_ndelay() can be used to turn on or off the B +option. + =head1 RETURN VALUES The following return values can occur: @@ -65,14 +80,14 @@ to find out the reason. =head1 SEE ALSO L, L, -L, L, L, +L, L, L, L, L, L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/ssl/SSL_do_handshake.pod b/deps/openssl/openssl/doc/man3/SSL_do_handshake.pod similarity index 98% rename from deps/openssl/openssl/doc/ssl/SSL_do_handshake.pod rename to deps/openssl/openssl/doc/man3/SSL_do_handshake.pod index ffb71cc0b8c709..a1b973f7b80a36 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_do_handshake.pod +++ b/deps/openssl/openssl/doc/man3/SSL_do_handshake.pod @@ -66,7 +66,7 @@ to find out the reason. =head1 SEE ALSO L, L, -L, L, L, +L, L, L, L =head1 COPYRIGHT diff --git a/deps/openssl/openssl/doc/ssl/SSL_export_keying_material.pod b/deps/openssl/openssl/doc/man3/SSL_export_keying_material.pod similarity index 56% rename from deps/openssl/openssl/doc/ssl/SSL_export_keying_material.pod rename to deps/openssl/openssl/doc/man3/SSL_export_keying_material.pod index ccb99ec9a8e0b2..abebf911fc327c 100644 --- a/deps/openssl/openssl/doc/ssl/SSL_export_keying_material.pod +++ b/deps/openssl/openssl/doc/man3/SSL_export_keying_material.pod @@ -2,7 +2,9 @@ =head1 NAME -SSL_export_keying_material - obtain keying material for application use +SSL_export_keying_material, +SSL_export_keying_material_early +- obtain keying material for application use =head1 SYNOPSIS @@ -13,12 +15,27 @@ SSL_export_keying_material - obtain keying material for application use const unsigned char *context, size_t contextlen, int use_context); + int SSL_export_keying_material_early(SSL *s, unsigned char *out, size_t olen, + const char *label, size_t llen, + const unsigned char *context, + size_t contextlen); + =head1 DESCRIPTION During the creation of a TLS or DTLS connection shared keying material is -established between the two endpoints. The function SSL_export_keying_material() -enables an application to use some of this keying material for its own purposes -in accordance with RFC5705. +established between the two endpoints. The functions +SSL_export_keying_material() and SSL_export_keying_material_early() enable an +application to use some of this keying material for its own purposes in +accordance with RFC5705 (for TLSv1.2 and below) or RFC8446 (for TLSv1.3). + +SSL_export_keying_material() derives keying material using +the F established in the handshake. + +SSL_export_keying_material_early() is only usable with TLSv1.3, and derives +keying material using the F (as defined in the +TLS 1.3 RFC). For the client, the F is only +available when the client attempts to send 0-RTT data. For the server, it is +only available when the server accepts 0-RTT data. An application may need to securely establish the context within which this keying material will be used. For example this may include identifiers for the @@ -32,8 +49,10 @@ pointed to by B and should be B bytes long. Provision of a context is optional. If the context should be omitted entirely then B should be set to 0. Otherwise it should be any other value. If B is 0 then the values of B and B are ignored. -Note that a zero length context is treated differently to no context at all, and -will result in different keying material being returned. +Note that in TLSv1.2 and below a zero length context is treated differently from +no context at all, and will result in different keying material being returned. +In TLSv1.3 a zero length context is that same as no context at all and will +result in the same keying material being returned. An application specific label should be provided in the location pointed to by B and B and returns 0 if they have identical encodings and non-zero otherwise. +=head1 RETURN VALUES + +X509_ALGOR_dup() returns a valid B structure or NULL if an error +occurred. + +X509_ALGOR_set0() returns 1 on success or 0 on error. + +X509_ALGOR_get0() and X509_ALGOR_set_md() return no values. + +X509_ALGOR_cmp() returns 0 if the two parameters have identical encodings and +non-zero otherwise. + =head1 COPYRIGHT -Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/X509_CRL_get0_by_serial.pod b/deps/openssl/openssl/doc/man3/X509_CRL_get0_by_serial.pod similarity index 100% rename from deps/openssl/openssl/doc/crypto/X509_CRL_get0_by_serial.pod rename to deps/openssl/openssl/doc/man3/X509_CRL_get0_by_serial.pod diff --git a/deps/openssl/openssl/doc/crypto/X509_EXTENSION_set_object.pod b/deps/openssl/openssl/doc/man3/X509_EXTENSION_set_object.pod similarity index 100% rename from deps/openssl/openssl/doc/crypto/X509_EXTENSION_set_object.pod rename to deps/openssl/openssl/doc/man3/X509_EXTENSION_set_object.pod diff --git a/deps/openssl/openssl/doc/crypto/X509_LOOKUP_hash_dir.pod b/deps/openssl/openssl/doc/man3/X509_LOOKUP_hash_dir.pod similarity index 88% rename from deps/openssl/openssl/doc/crypto/X509_LOOKUP_hash_dir.pod rename to deps/openssl/openssl/doc/man3/X509_LOOKUP_hash_dir.pod index 4f2768d4f4a54c..dd41f78b124083 100644 --- a/deps/openssl/openssl/doc/crypto/X509_LOOKUP_hash_dir.pod +++ b/deps/openssl/openssl/doc/man3/X509_LOOKUP_hash_dir.pod @@ -10,14 +10,14 @@ lookup methods =head1 SYNOPSIS - #include + #include - X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); - X509_LOOKUP_METHOD *X509_LOOKUP_file(void); + X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); + X509_LOOKUP_METHOD *X509_LOOKUP_file(void); - int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type); - int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type); - int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type); + int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type); + int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type); + int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type); =head1 DESCRIPTION @@ -111,6 +111,14 @@ Note that the hash algorithm used for subject name hashing changed in OpenSSL OpenSSL includes a L utility which creates symlinks with correct hashed names for all files with .pem suffix in a given directory. +=head1 RETURN VALUES + +X509_LOOKUP_hash_dir() and X509_LOOKUP_file() always return a valid +B structure. + +X509_load_cert_file(), X509_load_crl_file() and X509_load_cert_crl_file() return +the number of loaded objects or 0 on error. + =head1 SEE ALSO L, diff --git a/deps/openssl/openssl/doc/crypto/X509_LOOKUP_meth_new.pod b/deps/openssl/openssl/doc/man3/X509_LOOKUP_meth_new.pod similarity index 100% rename from deps/openssl/openssl/doc/crypto/X509_LOOKUP_meth_new.pod rename to deps/openssl/openssl/doc/man3/X509_LOOKUP_meth_new.pod diff --git a/deps/openssl/openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod b/deps/openssl/openssl/doc/man3/X509_NAME_ENTRY_get_object.pod similarity index 64% rename from deps/openssl/openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod rename to deps/openssl/openssl/doc/man3/X509_NAME_ENTRY_get_object.pod index 72e0f7b11dcd0a..5de1b88b99459f 100644 --- a/deps/openssl/openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod +++ b/deps/openssl/openssl/doc/man3/X509_NAME_ENTRY_get_object.pod @@ -11,15 +11,22 @@ X509_NAME_ENTRY_create_by_OBJ - X509_NAME_ENTRY utility functions #include - ASN1_OBJECT * X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne); - ASN1_STRING * X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne); + ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne); + ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne); int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj); - int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, const unsigned char *bytes, int len); - - X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, int type, const unsigned char *bytes, int len); - X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type, const unsigned char *bytes, int len); - X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, const ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len); + int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, + const unsigned char *bytes, int len); + + X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, + int type, const unsigned char *bytes, + int len); + X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, + int type, const unsigned char *bytes, + int len); + X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len); =head1 DESCRIPTION @@ -60,6 +67,21 @@ X509_NAME_add_entry_by_txt(). So for example B can be set to B but in the case of X509_set_data() the field name must be set first so the relevant field information can be looked up internally. +=head1 RETURN VALUES + +X509_NAME_ENTRY_get_object() returns a valid B structure if it is +set or NULL if an error occurred. + +X509_NAME_ENTRY_get_data() returns a valid B structure if it is set +or NULL if an error occurred. + +X509_NAME_ENTRY_set_object() and X509_NAME_ENTRY_set_data() return 1 on success +or 0 on error. + +X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_NID() and +X509_NAME_ENTRY_create_by_OBJ() return a valid B on success or +NULL if an error occurred. + =head1 SEE ALSO L, L, @@ -67,7 +89,7 @@ L =head1 COPYRIGHT -Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/X509_NAME_add_entry_by_txt.pod b/deps/openssl/openssl/doc/man3/X509_NAME_add_entry_by_txt.pod similarity index 87% rename from deps/openssl/openssl/doc/crypto/X509_NAME_add_entry_by_txt.pod rename to deps/openssl/openssl/doc/man3/X509_NAME_add_entry_by_txt.pod index 27e5baf8562eed..b48f0908e81341 100644 --- a/deps/openssl/openssl/doc/crypto/X509_NAME_add_entry_by_txt.pod +++ b/deps/openssl/openssl/doc/man3/X509_NAME_add_entry_by_txt.pod @@ -9,11 +9,14 @@ X509_NAME_add_entry, X509_NAME_delete_entry - X509_NAME modification functions #include - int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, const unsigned char *bytes, int len, int loc, int set); + int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, + const unsigned char *bytes, int len, int loc, int set); - int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len, int loc, int set); + int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len, int loc, int set); - int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, const unsigned char *bytes, int len, int loc, int set); + int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, + const unsigned char *bytes, int len, int loc, int set); int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, int loc, int set); @@ -78,18 +81,19 @@ Create an B structure: "C=UK, O=Disorganized Organization, CN=Joe Bloggs" X509_NAME *nm; + nm = X509_NAME_new(); if (nm == NULL) - /* Some error */ + /* Some error */ if (!X509_NAME_add_entry_by_txt(nm, "C", MBSTRING_ASC, - "UK", -1, -1, 0)) - /* Error */ + "UK", -1, -1, 0)) + /* Error */ if (!X509_NAME_add_entry_by_txt(nm, "O", MBSTRING_ASC, - "Disorganized Organization", -1, -1, 0)) - /* Error */ + "Disorganized Organization", -1, -1, 0)) + /* Error */ if (!X509_NAME_add_entry_by_txt(nm, "CN", MBSTRING_ASC, - "Joe Bloggs", -1, -1, 0)) - /* Error */ + "Joe Bloggs", -1, -1, 0)) + /* Error */ =head1 RETURN VALUES diff --git a/deps/openssl/openssl/doc/crypto/X509_NAME_get0_der.pod b/deps/openssl/openssl/doc/man3/X509_NAME_get0_der.pod similarity index 100% rename from deps/openssl/openssl/doc/crypto/X509_NAME_get0_der.pod rename to deps/openssl/openssl/doc/man3/X509_NAME_get0_der.pod diff --git a/deps/openssl/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod b/deps/openssl/openssl/doc/man3/X509_NAME_get_index_by_NID.pod similarity index 86% rename from deps/openssl/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod rename to deps/openssl/openssl/doc/man3/X509_NAME_get_index_by_NID.pod index 2d6713ba2956ed..5621806bb5305a 100644 --- a/deps/openssl/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod +++ b/deps/openssl/openssl/doc/man3/X509_NAME_get_index_by_NID.pod @@ -48,8 +48,9 @@ of space needed in B (excluding the final null) is returned. =head1 NOTES -X509_NAME_get_text_by_NID() and X509_NAME_get_text_by_OBJ() are -legacy functions which have various limitations which make them +X509_NAME_get_text_by_NID() and X509_NAME_get_text_by_OBJ() should be +considered deprecated because they +have various limitations which make them of minimal use in practice. They can only find the first matching entry and will copy the contents of the field verbatim: this can be highly confusing if the target is a multicharacter string type @@ -75,25 +76,23 @@ Process all entries: int i; X509_NAME_ENTRY *e; - for (i = 0; i < X509_NAME_entry_count(nm); i++) - { - e = X509_NAME_get_entry(nm, i); - /* Do something with e */ - } + for (i = 0; i < X509_NAME_entry_count(nm); i++) { + e = X509_NAME_get_entry(nm, i); + /* Do something with e */ + } Process all commonName entries: int lastpos = -1; X509_NAME_ENTRY *e; - for (;;) - { - lastpos = X509_NAME_get_index_by_NID(nm, NID_commonName, lastpos); - if (lastpos == -1) - break; - e = X509_NAME_get_entry(nm, lastpos); - /* Do something with e */ - } + for (;;) { + lastpos = X509_NAME_get_index_by_NID(nm, NID_commonName, lastpos); + if (lastpos == -1) + break; + e = X509_NAME_get_entry(nm, lastpos); + /* Do something with e */ + } =head1 RETURN VALUES @@ -113,7 +112,7 @@ L, L =head1 COPYRIGHT -Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/X509_NAME_print_ex.pod b/deps/openssl/openssl/doc/man3/X509_NAME_print_ex.pod similarity index 86% rename from deps/openssl/openssl/doc/crypto/X509_NAME_print_ex.pod rename to deps/openssl/openssl/doc/man3/X509_NAME_print_ex.pod index 3e9caa889cfd72..96be1ac8ff34a1 100644 --- a/deps/openssl/openssl/doc/crypto/X509_NAME_print_ex.pod +++ b/deps/openssl/openssl/doc/man3/X509_NAME_print_ex.pod @@ -11,7 +11,7 @@ X509_NAME_oneline - X509_NAME printing routines int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, unsigned long flags); int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent, unsigned long flags); - char * X509_NAME_oneline(const X509_NAME *a, char *buf, int size); + char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size); int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase); =head1 DESCRIPTION @@ -35,10 +35,11 @@ characters. Multiple lines are used if the output (including indent) exceeds =head1 NOTES -The functions X509_NAME_oneline() and X509_NAME_print() are legacy functions which +The functions X509_NAME_oneline() and X509_NAME_print() produce a non standard output form, they don't handle multi character fields and -have various quirks and inconsistencies. Their use is strongly discouraged in new -applications. +have various quirks and inconsistencies. +Their use is strongly discouraged in new applications and they could +be deprecated in a future release. Although there are a large number of possible flags for most purposes B, B or B will suffice. @@ -96,13 +97,23 @@ B is a multiline format which is the same as: B uses a format identical to X509_NAME_print(): in fact it calls X509_NAME_print() internally. +=head1 RETURN VALUES + +X509_NAME_oneline() returns a valid string on success or NULL on error. + +X509_NAME_print() returns 1 on success or 0 on error. + +X509_NAME_print_ex() and X509_NAME_print_ex_fp() return 1 on success or 0 on error +if the B is set, which is the same as X509_NAME_print(). Otherwise, +it returns -1 on error or other values on success. + =head1 SEE ALSO L =head1 COPYRIGHT -Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/X509_PUBKEY_new.pod b/deps/openssl/openssl/doc/man3/X509_PUBKEY_new.pod similarity index 100% rename from deps/openssl/openssl/doc/crypto/X509_PUBKEY_new.pod rename to deps/openssl/openssl/doc/man3/X509_PUBKEY_new.pod diff --git a/deps/openssl/openssl/doc/crypto/X509_SIG_get0.pod b/deps/openssl/openssl/doc/man3/X509_SIG_get0.pod similarity index 86% rename from deps/openssl/openssl/doc/crypto/X509_SIG_get0.pod rename to deps/openssl/openssl/doc/man3/X509_SIG_get0.pod index d24eadcdf9eb29..bbf37230fc707a 100644 --- a/deps/openssl/openssl/doc/crypto/X509_SIG_get0.pod +++ b/deps/openssl/openssl/doc/man3/X509_SIG_get0.pod @@ -20,13 +20,17 @@ value in B. X509_SIG_getm() is identical to X509_SIG_get0() except the pointers returned are not constant and can be modified: for example to initialise them. +=head1 RETURN VALUES + +X509_SIG_get0() and X509_SIG_getm() return no values. + =head1 SEE ALSO L =head1 COPYRIGHT -Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/X509_STORE_CTX_get_error.pod b/deps/openssl/openssl/doc/man3/X509_STORE_CTX_get_error.pod similarity index 99% rename from deps/openssl/openssl/doc/crypto/X509_STORE_CTX_get_error.pod rename to deps/openssl/openssl/doc/man3/X509_STORE_CTX_get_error.pod index 105e051a1d470c..f166b0832d4e61 100644 --- a/deps/openssl/openssl/doc/crypto/X509_STORE_CTX_get_error.pod +++ b/deps/openssl/openssl/doc/man3/X509_STORE_CTX_get_error.pod @@ -70,7 +70,7 @@ is B successful the returned chain may be incomplete or invalid. The returned chain persists after the B structure is freed, when it is no longer needed it should be free up using: - sk_X509_pop_free(chain, X509_free); + sk_X509_pop_free(chain, X509_free); X509_verify_cert_error_string() returns a human readable error string for verification error B. diff --git a/deps/openssl/openssl/doc/crypto/X509_STORE_CTX_new.pod b/deps/openssl/openssl/doc/man3/X509_STORE_CTX_new.pod similarity index 100% rename from deps/openssl/openssl/doc/crypto/X509_STORE_CTX_new.pod rename to deps/openssl/openssl/doc/man3/X509_STORE_CTX_new.pod diff --git a/deps/openssl/openssl/doc/crypto/X509_STORE_CTX_set_verify_cb.pod b/deps/openssl/openssl/doc/man3/X509_STORE_CTX_set_verify_cb.pod similarity index 67% rename from deps/openssl/openssl/doc/crypto/X509_STORE_CTX_set_verify_cb.pod rename to deps/openssl/openssl/doc/man3/X509_STORE_CTX_set_verify_cb.pod index 3be256dc741881..5688ab79a77e1d 100644 --- a/deps/openssl/openssl/doc/crypto/X509_STORE_CTX_set_verify_cb.pod +++ b/deps/openssl/openssl/doc/man3/X509_STORE_CTX_set_verify_cb.pod @@ -100,93 +100,89 @@ X509_STORE_CTX_set_verify_cb() does not return a value. Default callback operation: - int verify_callback(int ok, X509_STORE_CTX *ctx) - { - return ok; - } + int verify_callback(int ok, X509_STORE_CTX *ctx) { + return ok; + } Simple example, suppose a certificate in the chain is expired and we wish to continue after this error: - int verify_callback(int ok, X509_STORE_CTX *ctx) - { - /* Tolerate certificate expiration */ - if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_CERT_HAS_EXPIRED) - return 1; - /* Otherwise don't override */ - return ok; - } + int verify_callback(int ok, X509_STORE_CTX *ctx) { + /* Tolerate certificate expiration */ + if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_CERT_HAS_EXPIRED) + return 1; + /* Otherwise don't override */ + return ok; + } More complex example, we don't wish to continue after B certificate has expired just one specific case: int verify_callback(int ok, X509_STORE_CTX *ctx) - { - int err = X509_STORE_CTX_get_error(ctx); - X509 *err_cert = X509_STORE_CTX_get_current_cert(ctx); - if (err == X509_V_ERR_CERT_HAS_EXPIRED) - { - if (check_is_acceptable_expired_cert(err_cert) - return 1; - } - return ok; - } + { + int err = X509_STORE_CTX_get_error(ctx); + X509 *err_cert = X509_STORE_CTX_get_current_cert(ctx); + + if (err == X509_V_ERR_CERT_HAS_EXPIRED) { + if (check_is_acceptable_expired_cert(err_cert) + return 1; + } + return ok; + } Full featured logging callback. In this case the B is assumed to be a global logging B, an alternative would to store a BIO in B using B. int verify_callback(int ok, X509_STORE_CTX *ctx) - { - X509 *err_cert; - int err, depth; - - err_cert = X509_STORE_CTX_get_current_cert(ctx); - err = X509_STORE_CTX_get_error(ctx); - depth = X509_STORE_CTX_get_error_depth(ctx); - - BIO_printf(bio_err, "depth=%d ", depth); - if (err_cert) - { - X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert), - 0, XN_FLAG_ONELINE); - BIO_puts(bio_err, "\n"); - } - else - BIO_puts(bio_err, "\n"); - if (!ok) - BIO_printf(bio_err, "verify error:num=%d:%s\n", err, - X509_verify_cert_error_string(err)); - switch (err) - { - case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: - BIO_puts(bio_err, "issuer= "); - X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert), - 0, XN_FLAG_ONELINE); - BIO_puts(bio_err, "\n"); - break; - case X509_V_ERR_CERT_NOT_YET_VALID: - case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: - BIO_printf(bio_err, "notBefore="); - ASN1_TIME_print(bio_err, X509_get_notBefore(err_cert)); - BIO_printf(bio_err, "\n"); - break; - case X509_V_ERR_CERT_HAS_EXPIRED: - case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: - BIO_printf(bio_err, "notAfter="); - ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert)); - BIO_printf(bio_err, "\n"); - break; - case X509_V_ERR_NO_EXPLICIT_POLICY: - policies_print(bio_err, ctx); - break; - } - if (err == X509_V_OK && ok == 2) - /* print out policies */ - - BIO_printf(bio_err, "verify return:%d\n", ok); - return(ok); - } + { + X509 *err_cert; + int err, depth; + + err_cert = X509_STORE_CTX_get_current_cert(ctx); + err = X509_STORE_CTX_get_error(ctx); + depth = X509_STORE_CTX_get_error_depth(ctx); + + BIO_printf(bio_err, "depth=%d ", depth); + if (err_cert) { + X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert), + 0, XN_FLAG_ONELINE); + BIO_puts(bio_err, "\n"); + } + else + BIO_puts(bio_err, "\n"); + if (!ok) + BIO_printf(bio_err, "verify error:num=%d:%s\n", err, + X509_verify_cert_error_string(err)); + switch (err) { + case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: + BIO_puts(bio_err, "issuer= "); + X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert), + 0, XN_FLAG_ONELINE); + BIO_puts(bio_err, "\n"); + break; + case X509_V_ERR_CERT_NOT_YET_VALID: + case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: + BIO_printf(bio_err, "notBefore="); + ASN1_TIME_print(bio_err, X509_get_notBefore(err_cert)); + BIO_printf(bio_err, "\n"); + break; + case X509_V_ERR_CERT_HAS_EXPIRED: + case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: + BIO_printf(bio_err, "notAfter="); + ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert)); + BIO_printf(bio_err, "\n"); + break; + case X509_V_ERR_NO_EXPLICIT_POLICY: + policies_print(bio_err, ctx); + break; + } + if (err == X509_V_OK && ok == 2) + /* print out policies */ + + BIO_printf(bio_err, "verify return:%d\n", ok); + return(ok); + } =head1 SEE ALSO diff --git a/deps/openssl/openssl/doc/man3/X509_STORE_add_cert.pod b/deps/openssl/openssl/doc/man3/X509_STORE_add_cert.pod new file mode 100644 index 00000000000000..8ac9729bc3dc1c --- /dev/null +++ b/deps/openssl/openssl/doc/man3/X509_STORE_add_cert.pod @@ -0,0 +1,100 @@ +=pod + +=head1 NAME + +X509_STORE_add_cert, X509_STORE_add_crl, X509_STORE_set_depth, +X509_STORE_set_flags, X509_STORE_set_purpose, X509_STORE_set_trust, +X509_STORE_load_locations, +X509_STORE_set_default_paths +- X509_STORE manipulation + +=head1 SYNOPSIS + + #include + + int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); + int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); + int X509_STORE_set_depth(X509_STORE *store, int depth); + int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags); + int X509_STORE_set_purpose(X509_STORE *ctx, int purpose); + int X509_STORE_set_trust(X509_STORE *ctx, int trust); + + int X509_STORE_load_locations(X509_STORE *ctx, + const char *file, const char *dir); + int X509_STORE_set_default_paths(X509_STORE *ctx); + +=head1 DESCRIPTION + +The B structure is intended to be a consolidated mechanism for +holding information about X.509 certificates and CRLs, and constructing +and validating chains of certificates terminating in trusted roots. +It admits multiple lookup mechanisms and efficient scaling performance +with large numbers of certificates, and a great deal of flexibility in +how validation and policy checks are performed. + +L creates an empty B structure, which contains +no information about trusted certificates or where such certificates +are located on disk, and is generally not usable. Normally, trusted +certificates will be added to the B to prepare it for use, +via mechanisms such as X509_STORE_add_lookup() and X509_LOOKUP_file(), or +PEM_read_bio_X509_AUX() and X509_STORE_add_cert(). CRLs can also be added, +and many behaviors configured as desired. + +Once the B is suitably configured, X509_STORE_CTX_new() is +used to instantiate a single-use B for each chain-building +and verification operation. That process includes providing the end-entity +certificate to be verified and an additional set of untrusted certificates +that may be used in chain-building. As such, it is expected that the +certificates included in the B are certificates that represent +trusted entities such as root certificate authorities (CAs). +OpenSSL represents these trusted certificates internally as B objects +with an associated B, as are produced by +PEM_read_bio_X509_AUX() and similar routines that refer to X509_AUX. +The public interfaces that operate on such trusted certificates still +operate on pointers to B objects, though. + +X509_STORE_add_cert() and X509_STORE_add_crl() add the respective object +to the B's local storage. Untrusted objects should not be +added in this way. + +X509_STORE_set_depth(), X509_STORE_set_flags(), X509_STORE_set_purpose(), +X509_STORE_set_trust(), and X509_STORE_set1_param() set the default values +for the corresponding values used in certificate chain validation. Their +behavior is documented in the corresponding B manual +pages, e.g., L. + +X509_STORE_load_locations() loads trusted certificate(s) into an +B from a given file and/or directory path. It is permitted +to specify just a file, just a directory, or both paths. The certificates +in the directory must be in hashed form, as documented in +L. + +X509_STORE_set_default_paths() is somewhat misnamed, in that it does not +set what default paths should be used for loading certificates. Instead, +it loads certificates into the B from the hardcoded default +paths. + +=head1 RETURN VALUES + +X509_STORE_add_cert(), X509_STORE_add_crl(), X509_STORE_set_depth(), +X509_STORE_set_flags(), X509_STORE_set_purpose(), +X509_STORE_set_trust(), X509_STORE_load_locations(), and +X509_STORE_set_default_paths() return 1 on success or 0 on failure. + +=head1 SEE ALSO + +L. +L. +L, +L + +=head1 COPYRIGHT + +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/crypto/X509_STORE_get0_param.pod b/deps/openssl/openssl/doc/man3/X509_STORE_get0_param.pod similarity index 100% rename from deps/openssl/openssl/doc/crypto/X509_STORE_get0_param.pod rename to deps/openssl/openssl/doc/man3/X509_STORE_get0_param.pod diff --git a/deps/openssl/openssl/doc/crypto/X509_STORE_new.pod b/deps/openssl/openssl/doc/man3/X509_STORE_new.pod similarity index 100% rename from deps/openssl/openssl/doc/crypto/X509_STORE_new.pod rename to deps/openssl/openssl/doc/man3/X509_STORE_new.pod diff --git a/deps/openssl/openssl/doc/crypto/X509_STORE_set_verify_cb_func.pod b/deps/openssl/openssl/doc/man3/X509_STORE_set_verify_cb_func.pod similarity index 100% rename from deps/openssl/openssl/doc/crypto/X509_STORE_set_verify_cb_func.pod rename to deps/openssl/openssl/doc/man3/X509_STORE_set_verify_cb_func.pod diff --git a/deps/openssl/openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/deps/openssl/openssl/doc/man3/X509_VERIFY_PARAM_set_flags.pod similarity index 95% rename from deps/openssl/openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod rename to deps/openssl/openssl/doc/man3/X509_VERIFY_PARAM_set_flags.pod index 320b258a85cd08..9b64e0a915a2e3 100644 --- a/deps/openssl/openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod +++ b/deps/openssl/openssl/doc/man3/X509_VERIFY_PARAM_set_flags.pod @@ -39,15 +39,15 @@ X509_VERIFY_PARAM_set1_ip_asc time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param); int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, - ASN1_OBJECT *policy); + ASN1_OBJECT *policy); int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, - STACK_OF(ASN1_OBJECT) *policies); + STACK_OF(ASN1_OBJECT) *policies); void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth); int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param); void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, - int auth_level); + int auth_level); int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param); int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, @@ -59,7 +59,7 @@ X509_VERIFY_PARAM_set1_ip_asc unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param); char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param); int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, - const char *email, size_t emaillen); + const char *email, size_t emaillen); int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, const unsigned char *ip, size_t iplen); int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc); @@ -155,7 +155,7 @@ B host flag, or because some DNS subject alternative names are present in the certificate, DNS name constraints in issuer certificates will not be applied to the subject DN. As described in X509_check_host(3) the B -flag takes precendence over the B flag. +flag takes precedence over the B flag. X509_VERIFY_PARAM_get_hostflags() returns any host flags previously set via a call to X509_VERIFY_PARAM_set_hostflags(). @@ -332,8 +332,9 @@ of ORed. =head1 NOTES The above functions should be used to manipulate verification parameters -instead of legacy functions which work in specific structures such as -X509_STORE_CTX_set_flags(). +instead of functions which work in specific structures such as +X509_STORE_CTX_set_flags() which are likely to be deprecated in a future +release. =head1 BUGS @@ -350,11 +351,12 @@ CRLs from the CRL distribution points extension. Enable CRL checking when performing certificate verification during SSL connections associated with an B structure B: - X509_VERIFY_PARAM *param; - param = X509_VERIFY_PARAM_new(); - X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK); - SSL_CTX_set1_param(ctx, param); - X509_VERIFY_PARAM_free(param); + X509_VERIFY_PARAM *param; + + param = X509_VERIFY_PARAM_new(); + X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK); + SSL_CTX_set1_param(ctx, param); + X509_VERIFY_PARAM_free(param); =head1 SEE ALSO @@ -367,7 +369,7 @@ L =head1 HISTORY The B flag was added in OpenSSL 1.1.0 -The legacy B flag is deprecated as of +The flag B was deprecated in OpenSSL 1.1.0, and has no effect. X509_VERIFY_PARAM_get_hostflags() was added in OpenSSL 1.1.0i. diff --git a/deps/openssl/openssl/doc/crypto/X509_check_ca.pod b/deps/openssl/openssl/doc/man3/X509_check_ca.pod similarity index 87% rename from deps/openssl/openssl/doc/crypto/X509_check_ca.pod rename to deps/openssl/openssl/doc/man3/X509_check_ca.pod index b79efb5b5aa837..38f0811dd0f54c 100644 --- a/deps/openssl/openssl/doc/crypto/X509_check_ca.pod +++ b/deps/openssl/openssl/doc/man3/X509_check_ca.pod @@ -6,16 +6,16 @@ X509_check_ca - check if given certificate is CA certificate =head1 SYNOPSIS - #include + #include - int X509_check_ca(X509 *cert); + int X509_check_ca(X509 *cert); =head1 DESCRIPTION This function checks if given certificate is CA certificate (can be used to sign other certificates). -=head1 RETURN VALUE +=head1 RETURN VALUES Function return 0, if it is not CA certificate, 1 if it is proper X509v3 CA certificate with B extension CA:TRUE, @@ -35,7 +35,7 @@ L =head1 COPYRIGHT -Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/X509_check_host.pod b/deps/openssl/openssl/doc/man3/X509_check_host.pod similarity index 99% rename from deps/openssl/openssl/doc/crypto/X509_check_host.pod rename to deps/openssl/openssl/doc/man3/X509_check_host.pod index fb9f6a64ecd533..dba6a6976e071b 100644 --- a/deps/openssl/openssl/doc/crypto/X509_check_host.pod +++ b/deps/openssl/openssl/doc/man3/X509_check_host.pod @@ -6,7 +6,7 @@ X509_check_host, X509_check_email, X509_check_ip, X509_check_ip_asc - X.509 cert =head1 SYNOPSIS - #include + #include int X509_check_host(X509 *, const char *name, size_t namelen, unsigned int flags, char **peername); diff --git a/deps/openssl/openssl/doc/crypto/X509_check_issued.pod b/deps/openssl/openssl/doc/man3/X509_check_issued.pod similarity index 92% rename from deps/openssl/openssl/doc/crypto/X509_check_issued.pod rename to deps/openssl/openssl/doc/man3/X509_check_issued.pod index 8e4b1117ca88f5..f9a541ef71def7 100644 --- a/deps/openssl/openssl/doc/crypto/X509_check_issued.pod +++ b/deps/openssl/openssl/doc/man3/X509_check_issued.pod @@ -22,7 +22,7 @@ B of I if B present in the I certificate and checks B field of I. -=head1 RETURN VALUE +=head1 RETURN VALUES Function return B if certificate I is issued by I or some B constant to indicate an error. @@ -35,7 +35,7 @@ L =head1 COPYRIGHT -Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/X509_check_private_key.pod b/deps/openssl/openssl/doc/man3/X509_check_private_key.pod new file mode 100644 index 00000000000000..4735dfd5689c53 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/X509_check_private_key.pod @@ -0,0 +1,54 @@ +=pod + +=head1 NAME + +X509_check_private_key, X509_REQ_check_private_key - check the consistency +of a private key with the public key in an X509 certificate or certificate +request + +=head1 SYNOPSIS + + #include + + int X509_check_private_key(X509 *x, EVP_PKEY *k); + + int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k); + +=head1 DESCRIPTION + +X509_check_private_key() function checks the consistency of private +key B with the public key in B. + +X509_REQ_check_private_key() is equivalent to X509_check_private_key() +except that B represents a certificate request of structure B. + +=head1 RETURN VALUES + +X509_check_private_key() and X509_REQ_check_private_key() return 1 if +the keys match each other, and 0 if not. + +If the key is invalid or an error occurred, the reason code can be +obtained using L. + +=head1 BUGS + +The B functions don't check if B itself is indeed +a private key or not. It merely compares the public materials (e.g. exponent +and modulus of an RSA key) and/or key parameters (e.g. EC params of an EC key) +of a key pair. So if you pass a public key to these functions in B, it will +return success. + +=head1 SEE ALSO + +L + +=head1 COPYRIGHT + +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man3/X509_cmp_time.pod b/deps/openssl/openssl/doc/man3/X509_cmp_time.pod new file mode 100644 index 00000000000000..b55ade455de086 --- /dev/null +++ b/deps/openssl/openssl/doc/man3/X509_cmp_time.pod @@ -0,0 +1,61 @@ +=pod + +=head1 NAME + +X509_cmp_time, X509_cmp_current_time, X509_time_adj, X509_time_adj_ex +- X509 time functions + +=head1 SYNOPSIS + + int X509_cmp_time(const ASN1_TIME *asn1_time, time_t *in_tm); + int X509_cmp_current_time(const ASN1_TIME *asn1_time); + ASN1_TIME *X509_time_adj(ASN1_TIME *asn1_time, long offset_sec, time_t *in_tm); + ASN1_TIME *X509_time_adj_ex(ASN1_TIME *asn1_time, int offset_day, long + offset_sec, time_t *in_tm); + +=head1 DESCRIPTION + +X509_cmp_time() compares the ASN1_TIME in B with the time +in . X509_cmp_current_time() compares the ASN1_TIME in +B with the current time, expressed as time_t. B +must satisfy the ASN1_TIME format mandated by RFC 5280, i.e., its +format must be either YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ. + +X509_time_adj_ex() sets the ASN1_TIME structure B to the time +B and B after B. + +X509_time_adj() sets the ASN1_TIME structure B to the time +B after B. This method can only handle second +offsets up to the capacity of long, so the newer X509_time_adj_ex() +API should be preferred. + +In both methods, if B is NULL, a new ASN1_TIME structure +is allocated and returned. + +In all methods, if B is NULL, the current time, expressed as +time_t, is used. + +=head1 BUGS + +Unlike many standard comparison functions, X509_cmp_time() and +X509_cmp_current_time() return 0 on error. + +=head1 RETURN VALUES + +X509_cmp_time() and X509_cmp_current_time() return -1 if B +is earlier than, or equal to, B (resp. current time), and 1 +otherwise. These methods return 0 on error. + +X509_time_adj() and X509_time_adj_ex() return a pointer to the updated +ASN1_TIME structure, and NULL on error. + +=head1 COPYRIGHT + +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/crypto/X509_digest.pod b/deps/openssl/openssl/doc/man3/X509_digest.pod similarity index 93% rename from deps/openssl/openssl/doc/crypto/X509_digest.pod rename to deps/openssl/openssl/doc/man3/X509_digest.pod index 3c76c8fdfa563e..9322c37dbb6ab3 100644 --- a/deps/openssl/openssl/doc/crypto/X509_digest.pod +++ b/deps/openssl/openssl/doc/man3/X509_digest.pod @@ -17,7 +17,7 @@ PKCS7_ISSUER_AND_SERIAL_digest unsigned int *len); int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md, - unsigned int *len); + unsigned int *len); int X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned char *md, unsigned int *len); @@ -28,6 +28,8 @@ PKCS7_ISSUER_AND_SERIAL_digest int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md, unsigned int *len); + #include + int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, const EVP_MD *type, unsigned char *md, unsigned int *len); @@ -55,7 +57,7 @@ L =head1 COPYRIGHT -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/X509_dup.pod b/deps/openssl/openssl/doc/man3/X509_dup.pod similarity index 95% rename from deps/openssl/openssl/doc/crypto/X509_dup.pod rename to deps/openssl/openssl/doc/man3/X509_dup.pod index c5d01b281f4367..4f982089aa024f 100644 --- a/deps/openssl/openssl/doc/crypto/X509_dup.pod +++ b/deps/openssl/openssl/doc/man3/X509_dup.pod @@ -7,6 +7,10 @@ IMPLEMENT_ASN1_FUNCTIONS, ASN1_ITEM, ACCESS_DESCRIPTION_free, ACCESS_DESCRIPTION_new, +ADMISSIONS_free, +ADMISSIONS_new, +ADMISSION_SYNTAX_free, +ADMISSION_SYNTAX_new, ASIdOrRange_free, ASIdOrRange_new, ASIdentifierChoice_free, @@ -75,6 +79,8 @@ ISSUING_DIST_POINT_free, ISSUING_DIST_POINT_new, NAME_CONSTRAINTS_free, NAME_CONSTRAINTS_new, +NAMING_AUTHORITY_free, +NAMING_AUTHORITY_new, NETSCAPE_CERT_SEQUENCE_free, NETSCAPE_CERT_SEQUENCE_new, NETSCAPE_SPKAC_free, @@ -160,6 +166,10 @@ POLICY_CONSTRAINTS_free, POLICY_CONSTRAINTS_new, POLICY_MAPPING_free, POLICY_MAPPING_new, +PROFESSION_INFO_free, +PROFESSION_INFO_new, +PROFESSION_INFOS_free, +PROFESSION_INFOS_new, PROXY_CERT_INFO_EXTENSION_free, PROXY_CERT_INFO_EXTENSION_new, PROXY_POLICY_free, @@ -170,7 +180,8 @@ RSA_OAEP_PARAMS_free, RSA_OAEP_PARAMS_new, RSA_PSS_PARAMS_free, RSA_PSS_PARAMS_new, -SCT_LIST_free, +SCRYPT_PARAMS_free, +SCRYPT_PARAMS_new, SXNETID_free, SXNETID_new, SXNET_free, @@ -235,10 +246,10 @@ X509_VAL_new, X509_dup, - ASN1 object utilities -=for comment generic - =head1 SYNOPSIS +=for comment generic + #include DECLARE_ASN1_FUNCTIONS(type) @@ -293,7 +304,7 @@ TYPE_print_ctx() returns 1 on success or zero on failure. =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/X509_get0_notBefore.pod b/deps/openssl/openssl/doc/man3/X509_get0_notBefore.pod similarity index 100% rename from deps/openssl/openssl/doc/crypto/X509_get0_notBefore.pod rename to deps/openssl/openssl/doc/man3/X509_get0_notBefore.pod diff --git a/deps/openssl/openssl/doc/crypto/X509_get0_signature.pod b/deps/openssl/openssl/doc/man3/X509_get0_signature.pod similarity index 65% rename from deps/openssl/openssl/doc/crypto/X509_get0_signature.pod rename to deps/openssl/openssl/doc/man3/X509_get0_signature.pod index 61a2dda981f4b9..f63c5a5b689ef6 100644 --- a/deps/openssl/openssl/doc/crypto/X509_get0_signature.pod +++ b/deps/openssl/openssl/doc/man3/X509_get0_signature.pod @@ -4,7 +4,8 @@ X509_get0_signature, X509_get_signature_nid, X509_get0_tbs_sigalg, X509_REQ_get0_signature, X509_REQ_get_signature_nid, X509_CRL_get0_signature, -X509_CRL_get_signature_nid - signature information +X509_CRL_get_signature_nid, X509_get_signature_info, X509_SIG_INFO_get, +X509_SIG_INFO_set - signature information =head1 SYNOPSIS @@ -26,6 +27,14 @@ X509_CRL_get_signature_nid - signature information const X509_ALGOR **palg); int X509_CRL_get_signature_nid(const X509_CRL *crl); + int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits, + uint32_t *flags); + + int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid, + int *secbits, uint32_t *flags); + void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid, + int secbits, uint32_t flags); + =head1 DESCRIPTION X509_get0_signature() sets B<*psig> to the signature of B and B<*palg> @@ -42,6 +51,18 @@ X509_REQ_get0_signature(), X509_REQ_get_signature_nid() X509_CRL_get0_signature() and X509_CRL_get_signature_nid() perform the same function for certificate requests and CRLs. +X509_get_signature_info() retrieves information about the signature of +certificate B. The NID of the signing digest is written to B<*mdnid>, +the public key algorithm to B<*pknid>, the effective security bits to +B<*secbits> and flag details to B<*flags>. Any of the parameters can +be set to B if the information is not required. + +X509_SIG_INFO_get() and X509_SIG_INFO_set() get and set information +about a signature in an B structure. They are only +used by implementations of algorithms which need to set custom +signature information: most applications will never need to call +them. + =head1 NOTES These functions provide lower level access to signatures in certificates @@ -49,6 +70,12 @@ where an application wishes to analyse or generate a signature in a form where X509_sign() et al is not appropriate (for example a non standard or unsupported format). +The security bits returned by X509_get_signature_info() refers to information +available from the certificate signature (such as the signing digest). In some +cases the actual security of the signature is less because the signing +key is less secure: for example a certificate signed using SHA-512 and a +1024 bit RSA key. + =head1 RETURN VALUES X509_get_signature_nid(), X509_REQ_get_signature_nid() and @@ -57,6 +84,10 @@ X509_CRL_get_signature_nid() return a NID. X509_get0_signature(), X509_REQ_get0_signature() and X509_CRL_get0_signature() do not return values. +X509_get_signature_info() returns 1 if the signature information +returned is valid or 0 if the information is not available (e.g. +unknown algorithms or malformed parameters). + =head1 SEE ALSO L, diff --git a/deps/openssl/openssl/doc/crypto/X509_get0_uids.pod b/deps/openssl/openssl/doc/man3/X509_get0_uids.pod similarity index 100% rename from deps/openssl/openssl/doc/crypto/X509_get0_uids.pod rename to deps/openssl/openssl/doc/man3/X509_get0_uids.pod diff --git a/deps/openssl/openssl/doc/crypto/X509_get_extension_flags.pod b/deps/openssl/openssl/doc/man3/X509_get_extension_flags.pod similarity index 92% rename from deps/openssl/openssl/doc/crypto/X509_get_extension_flags.pod rename to deps/openssl/openssl/doc/man3/X509_get_extension_flags.pod index c07ef972eddb8a..fc4ebbb31d8d39 100644 --- a/deps/openssl/openssl/doc/crypto/X509_get_extension_flags.pod +++ b/deps/openssl/openssl/doc/man3/X509_get_extension_flags.pod @@ -14,17 +14,17 @@ X509_get_proxy_pathlen - retrieve certificate extension data =head1 SYNOPSIS - #include - - long X509_get_pathlen(X509 *x); - uint32_t X509_get_extension_flags(X509 *x); - uint32_t X509_get_key_usage(X509 *x); - uint32_t X509_get_extended_key_usage(X509 *x); - const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x); - const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x); - void X509_set_proxy_flag(X509 *x); - void X509_set_proxy_pathlen(int l); - long X509_get_proxy_pathlen(X509 *x); + #include + + long X509_get_pathlen(X509 *x); + uint32_t X509_get_extension_flags(X509 *x); + uint32_t X509_get_key_usage(X509 *x); + uint32_t X509_get_extended_key_usage(X509 *x); + const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x); + const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x); + void X509_set_proxy_flag(X509 *x); + void X509_set_proxy_pathlen(int l); + long X509_get_proxy_pathlen(X509 *x); =head1 DESCRIPTION @@ -144,7 +144,7 @@ If X509_get0_subject_key_id() returns B then the extension may be absent or malformed. Applications can determine the precise reason using X509_get_ext_d2i(). -=head1 RETURN VALUE +=head1 RETURN VALUES X509_get_pathlen() returns the path length value, or -1 if the extension is not present. diff --git a/deps/openssl/openssl/doc/crypto/X509_get_pubkey.pod b/deps/openssl/openssl/doc/man3/X509_get_pubkey.pod similarity index 100% rename from deps/openssl/openssl/doc/crypto/X509_get_pubkey.pod rename to deps/openssl/openssl/doc/man3/X509_get_pubkey.pod diff --git a/deps/openssl/openssl/doc/crypto/X509_get_serialNumber.pod b/deps/openssl/openssl/doc/man3/X509_get_serialNumber.pod similarity index 100% rename from deps/openssl/openssl/doc/crypto/X509_get_serialNumber.pod rename to deps/openssl/openssl/doc/man3/X509_get_serialNumber.pod diff --git a/deps/openssl/openssl/doc/crypto/X509_get_subject_name.pod b/deps/openssl/openssl/doc/man3/X509_get_subject_name.pod similarity index 97% rename from deps/openssl/openssl/doc/crypto/X509_get_subject_name.pod rename to deps/openssl/openssl/doc/man3/X509_get_subject_name.pod index ce36bbf0b27b23..2107c1d0905e9f 100644 --- a/deps/openssl/openssl/doc/crypto/X509_get_subject_name.pod +++ b/deps/openssl/openssl/doc/man3/X509_get_subject_name.pod @@ -37,7 +37,7 @@ X509_get_subject_name() and X509_set_subject_name() except the get and set the issuer name of B. Similarly X509_REQ_get_subject_name(), X509_REQ_set_subject_name(), - X509_CRL_get_issuer() and X509_CRL_set_issuer_name() get or set the subject +X509_CRL_get_issuer() and X509_CRL_set_issuer_name() get or set the subject or issuer names of certificate requests of CRLs respectively. =head1 RETURN VALUES diff --git a/deps/openssl/openssl/doc/crypto/X509_get_version.pod b/deps/openssl/openssl/doc/man3/X509_get_version.pod similarity index 100% rename from deps/openssl/openssl/doc/crypto/X509_get_version.pod rename to deps/openssl/openssl/doc/man3/X509_get_version.pod diff --git a/deps/openssl/openssl/doc/crypto/X509_new.pod b/deps/openssl/openssl/doc/man3/X509_new.pod similarity index 100% rename from deps/openssl/openssl/doc/crypto/X509_new.pod rename to deps/openssl/openssl/doc/man3/X509_new.pod diff --git a/deps/openssl/openssl/doc/crypto/X509_sign.pod b/deps/openssl/openssl/doc/man3/X509_sign.pod similarity index 100% rename from deps/openssl/openssl/doc/crypto/X509_sign.pod rename to deps/openssl/openssl/doc/man3/X509_sign.pod diff --git a/deps/openssl/openssl/doc/crypto/X509_verify_cert.pod b/deps/openssl/openssl/doc/man3/X509_verify_cert.pod similarity index 100% rename from deps/openssl/openssl/doc/crypto/X509_verify_cert.pod rename to deps/openssl/openssl/doc/man3/X509_verify_cert.pod diff --git a/deps/openssl/openssl/doc/crypto/X509v3_get_ext_by_NID.pod b/deps/openssl/openssl/doc/man3/X509v3_get_ext_by_NID.pod similarity index 95% rename from deps/openssl/openssl/doc/crypto/X509v3_get_ext_by_NID.pod rename to deps/openssl/openssl/doc/man3/X509v3_get_ext_by_NID.pod index 032f71c4949508..c81d46365099f6 100644 --- a/deps/openssl/openssl/doc/crypto/X509v3_get_ext_by_NID.pod +++ b/deps/openssl/openssl/doc/man3/X509v3_get_ext_by_NID.pod @@ -50,7 +50,7 @@ X509_REVOKED_add_ext - extension stack utility functions X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc); int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos); int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj, - int lastpos); + int lastpos); int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, int lastpos); X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc); int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); @@ -115,8 +115,8 @@ initial extension will not be checked. X509v3_get_ext_count() returns the extension count. -X509v3_get_ext() and X509v3_delete_ext() return an B pointer -or B if an error occurs. +X509v3_get_ext(), X509v3_delete_ext() and X509_delete_ext() return an +B pointer or B if an error occurs. X509v3_get_ext_by_NID() X509v3_get_ext_by_OBJ() and X509v3_get_ext_by_critical() return the an extension index or B<-1> if an @@ -124,13 +124,15 @@ error occurs. X509v3_add_ext() returns a stack of extensions or B on error. +X509_add_ext() returns 1 on success and 0 on error. + =head1 SEE ALSO L =head1 COPYRIGHT -Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/d2i_DHparams.pod b/deps/openssl/openssl/doc/man3/d2i_DHparams.pod similarity index 73% rename from deps/openssl/openssl/doc/crypto/d2i_DHparams.pod rename to deps/openssl/openssl/doc/man3/d2i_DHparams.pod index cd1c162b406bc7..d4e34fe877feb1 100644 --- a/deps/openssl/openssl/doc/crypto/d2i_DHparams.pod +++ b/deps/openssl/openssl/doc/man3/d2i_DHparams.pod @@ -19,13 +19,20 @@ DHparameter structure described in PKCS#3. Otherwise these behave in a similar way to d2i_X509() and i2d_X509() described in the L manual page. +=head1 RETURN VALUES + +d2i_DHparams() returns a valid B structure or NULL if an error occurred. + +i2d_DHparams() returns the length of encoded data on success or a value which +is less than or equal to 0 on error. + =head1 SEE ALSO L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/d2i_PKCS8PrivateKey_bio.pod b/deps/openssl/openssl/doc/man3/d2i_PKCS8PrivateKey_bio.pod similarity index 62% rename from deps/openssl/openssl/doc/crypto/d2i_PKCS8PrivateKey_bio.pod rename to deps/openssl/openssl/doc/man3/d2i_PKCS8PrivateKey_bio.pod index 164d93ff4f6730..43a218a26a1187 100644 --- a/deps/openssl/openssl/doc/crypto/d2i_PKCS8PrivateKey_bio.pod +++ b/deps/openssl/openssl/doc/man3/d2i_PKCS8PrivateKey_bio.pod @@ -14,20 +14,20 @@ i2d_PKCS8PrivateKey_nid_bio, i2d_PKCS8PrivateKey_nid_fp - PKCS#8 format private EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u); int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, - char *kstr, int klen, - pem_password_cb *cb, void *u); + char *kstr, int klen, + pem_password_cb *cb, void *u); int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, - char *kstr, int klen, - pem_password_cb *cb, void *u); + char *kstr, int klen, + pem_password_cb *cb, void *u); int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid, - char *kstr, int klen, - pem_password_cb *cb, void *u); + char *kstr, int klen, + pem_password_cb *cb, void *u); int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid, - char *kstr, int klen, - pem_password_cb *cb, void *u); + char *kstr, int klen, + pem_password_cb *cb, void *u); =head1 DESCRIPTION @@ -45,13 +45,26 @@ Currently all the functions use BIOs or FILE pointers, there are no functions wh work directly on memory: this can be readily worked around by converting the buffers to memory BIOs, see L for details. +These functions make no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence. + +=head1 RETURN VALUES + +d2i_PKCS8PrivateKey_bio() and d2i_PKCS8PrivateKey_fp() return a valid B +structure or NULL if an error occurred. + +i2d_PKCS8PrivateKey_bio(), i2d_PKCS8PrivateKey_fp(), i2d_PKCS8PrivateKey_nid_bio() +and i2d_PKCS8PrivateKey_nid_fp() return 1 on success or 0 on error. + =head1 SEE ALSO -L +L, +L =head1 COPYRIGHT -Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/d2i_PrivateKey.pod b/deps/openssl/openssl/doc/man3/d2i_PrivateKey.pod similarity index 96% rename from deps/openssl/openssl/doc/crypto/d2i_PrivateKey.pod rename to deps/openssl/openssl/doc/man3/d2i_PrivateKey.pod index f5b4667acde495..13415d5488e8fb 100644 --- a/deps/openssl/openssl/doc/crypto/d2i_PrivateKey.pod +++ b/deps/openssl/openssl/doc/man3/d2i_PrivateKey.pod @@ -44,7 +44,7 @@ These functions are similar to the d2i_X509() functions; see L. All these functions use DER format and unencrypted keys. Applications wishing to encrypt or decrypt private keys should use other functions such as -d2i_PKC8PrivateKey() instead. +d2i_PKCS8PrivateKey() instead. If the B<*a> is not NULL when calling d2i_PrivateKey() or d2i_AutoPrivateKey() (i.e. an existing structure is being reused) and the key format is PKCS#8 @@ -67,7 +67,7 @@ L =head1 COPYRIGHT -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/ssl/d2i_SSL_SESSION.pod b/deps/openssl/openssl/doc/man3/d2i_SSL_SESSION.pod similarity index 94% rename from deps/openssl/openssl/doc/ssl/d2i_SSL_SESSION.pod rename to deps/openssl/openssl/doc/man3/d2i_SSL_SESSION.pod index d6b17071f65cad..68ed302d73a676 100644 --- a/deps/openssl/openssl/doc/ssl/d2i_SSL_SESSION.pod +++ b/deps/openssl/openssl/doc/man3/d2i_SSL_SESSION.pod @@ -8,7 +8,8 @@ d2i_SSL_SESSION, i2d_SSL_SESSION - convert SSL_SESSION object from/to ASN1 repre #include - SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length); + SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, + long length); int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); =head1 DESCRIPTION @@ -33,7 +34,7 @@ When the session is not valid, B<0> is returned and no operation is performed. =head1 SEE ALSO -L, L, +L, L, L, L diff --git a/deps/openssl/openssl/doc/crypto/d2i_X509.pod b/deps/openssl/openssl/doc/man3/d2i_X509.pod similarity index 98% rename from deps/openssl/openssl/doc/crypto/d2i_X509.pod rename to deps/openssl/openssl/doc/man3/d2i_X509.pod index 1fbe5cad4e3e89..71985a44edf430 100644 --- a/deps/openssl/openssl/doc/crypto/d2i_X509.pod +++ b/deps/openssl/openssl/doc/man3/d2i_X509.pod @@ -3,6 +3,8 @@ =head1 NAME d2i_ACCESS_DESCRIPTION, +d2i_ADMISSIONS, +d2i_ADMISSION_SYNTAX, d2i_ASIdOrRange, d2i_ASIdentifierChoice, d2i_ASIdentifiers, @@ -71,6 +73,7 @@ d2i_IPAddressFamily, d2i_IPAddressOrRange, d2i_IPAddressRange, d2i_ISSUING_DIST_POINT, +d2i_NAMING_AUTHORITY, d2i_NETSCAPE_CERT_SEQUENCE, d2i_NETSCAPE_SPKAC, d2i_NETSCAPE_SPKI, @@ -120,6 +123,7 @@ d2i_PKCS8_fp, d2i_PKEY_USAGE_PERIOD, d2i_POLICYINFO, d2i_POLICYQUALINFO, +d2i_PROFESSION_INFO, d2i_PROXY_CERT_INFO_EXTENSION, d2i_PROXY_POLICY, d2i_RSAPrivateKey, @@ -133,6 +137,7 @@ d2i_RSA_PSS_PARAMS, d2i_RSA_PUBKEY, d2i_RSA_PUBKEY_bio, d2i_RSA_PUBKEY_fp, +d2i_SCRYPT_PARAMS, d2i_SCT_LIST, d2i_SXNET, d2i_SXNETID, @@ -174,6 +179,8 @@ d2i_X509_REVOKED, d2i_X509_SIG, d2i_X509_VAL, i2d_ACCESS_DESCRIPTION, +i2d_ADMISSIONS, +i2d_ADMISSION_SYNTAX, i2d_ASIdOrRange, i2d_ASIdentifierChoice, i2d_ASIdentifiers, @@ -242,6 +249,7 @@ i2d_IPAddressFamily, i2d_IPAddressOrRange, i2d_IPAddressRange, i2d_ISSUING_DIST_POINT, +i2d_NAMING_AUTHORITY, i2d_NETSCAPE_CERT_SEQUENCE, i2d_NETSCAPE_SPKAC, i2d_NETSCAPE_SPKI, @@ -294,6 +302,7 @@ i2d_PKCS8_fp, i2d_PKEY_USAGE_PERIOD, i2d_POLICYINFO, i2d_POLICYQUALINFO, +i2d_PROFESSION_INFO, i2d_PROXY_CERT_INFO_EXTENSION, i2d_PROXY_POLICY, i2d_PublicKey, @@ -308,6 +317,7 @@ i2d_RSA_PSS_PARAMS, i2d_RSA_PUBKEY, i2d_RSA_PUBKEY_bio, i2d_RSA_PUBKEY_fp, +i2d_SCRYPT_PARAMS, i2d_SCT_LIST, i2d_SXNET, i2d_SXNETID, @@ -451,7 +461,7 @@ Represents a PKCS#3 DH parameters structure. =item B -Represents a ANSI X9.42 DH parameters structure. +Represents an ANSI X9.42 DH parameters structure. =item B diff --git a/deps/openssl/openssl/doc/crypto/i2d_CMS_bio_stream.pod b/deps/openssl/openssl/doc/man3/i2d_CMS_bio_stream.pod similarity index 100% rename from deps/openssl/openssl/doc/crypto/i2d_CMS_bio_stream.pod rename to deps/openssl/openssl/doc/man3/i2d_CMS_bio_stream.pod diff --git a/deps/openssl/openssl/doc/crypto/i2d_PKCS7_bio_stream.pod b/deps/openssl/openssl/doc/man3/i2d_PKCS7_bio_stream.pod similarity index 100% rename from deps/openssl/openssl/doc/crypto/i2d_PKCS7_bio_stream.pod rename to deps/openssl/openssl/doc/man3/i2d_PKCS7_bio_stream.pod diff --git a/deps/openssl/openssl/doc/crypto/i2d_re_X509_tbs.pod b/deps/openssl/openssl/doc/man3/i2d_re_X509_tbs.pod similarity index 88% rename from deps/openssl/openssl/doc/crypto/i2d_re_X509_tbs.pod rename to deps/openssl/openssl/doc/man3/i2d_re_X509_tbs.pod index 672c7ab5aec6dc..98ac4f41aee496 100644 --- a/deps/openssl/openssl/doc/crypto/i2d_re_X509_tbs.pod +++ b/deps/openssl/openssl/doc/man3/i2d_re_X509_tbs.pod @@ -48,6 +48,15 @@ the encoding is automatically renewed. Otherwise, the encoding of the TBSCertificate portion of the B can be manually renewed by calling i2d_re_X509_tbs(). +=head1 RETURN VALUES + +d2i_X509_AUX() returns a valid B structure or NULL if an error occurred. + +i2d_X509_AUX() returns the length of encoded data or -1 on error. + +i2d_re_X509_tbs(), i2d_re_X509_CRL_tbs() and i2d_re_X509_REQ_tbs() return the +length of encoded data or 0 on error. + =head1 SEE ALSO L @@ -69,7 +78,7 @@ L =head1 COPYRIGHT -Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/crypto/o2i_SCT_LIST.pod b/deps/openssl/openssl/doc/man3/o2i_SCT_LIST.pod similarity index 95% rename from deps/openssl/openssl/doc/crypto/o2i_SCT_LIST.pod rename to deps/openssl/openssl/doc/man3/o2i_SCT_LIST.pod index 82922fce150ad8..28989387edbae4 100644 --- a/deps/openssl/openssl/doc/crypto/o2i_SCT_LIST.pod +++ b/deps/openssl/openssl/doc/man3/o2i_SCT_LIST.pod @@ -9,7 +9,8 @@ decode and encode Signed Certificate Timestamp lists in TLS wire format #include - STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, size_t len); + STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, + size_t len); int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp); SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len); int i2o_SCT(const SCT *sct, unsigned char **out); @@ -28,7 +29,7 @@ L and L. =head1 SEE ALSO -L, +L, L, L diff --git a/deps/openssl/openssl/doc/apps/config.pod b/deps/openssl/openssl/doc/man5/config.pod similarity index 86% rename from deps/openssl/openssl/doc/apps/config.pod rename to deps/openssl/openssl/doc/man5/config.pod index a5153a65f1a53c..3e110b03135be3 100644 --- a/deps/openssl/openssl/doc/apps/config.pod +++ b/deps/openssl/openssl/doc/man5/config.pod @@ -1,7 +1,5 @@ =pod -=for comment openssl_manual_section:5 - =head1 NAME config - OpenSSL CONF library configuration files @@ -29,6 +27,21 @@ The environment is mapped onto a section called B. Comments can be included by preceding them with the B<#> character +Other files can be included using the B<.include> directive followed +by a path. If the path points to a directory all files with +names ending with B<.cnf> or B<.conf> are included from the directory. +Recursive inclusion of directories from files in such directory is not +supported. That means the files in the included directory can also contain +B<.include> directives but only inclusion of regular files is supported +there. The inclusion of directories is not supported on systems without +POSIX IO support. + +It is strongly recommended to use absolute paths with the B<.include> +directive. Relative paths are evaluated based on the application current +working directory so unless the configuration file containing the +B<.include> directive is application specific the inclusion will not +work as expected. + Each section in a configuration file consists of a number of name and value pairs of the form B @@ -54,6 +67,9 @@ or the B<\> character. By making the last character of a line a B<\> a B string can be spread across multiple lines. In addition the sequences B<\n>, B<\r>, B<\b> and B<\t> are recognized. +All expansion and escape rules as described above that apply to B +also apply to the path of the B<.include> directive. + =head1 OPENSSL LIBRARY CONFIGURATION Applications can automatically configure certain @@ -66,14 +82,17 @@ file. To enable library configuration the default section needs to contain an appropriate line which points to the main configuration section. The default name is B which is used by the B utility. Other -applications may use an alternative name such as B. +applications may use an alternative name such as B. +All library configuration lines appear in the default section at the start +of the configuration file. The configuration section should consist of a set of name value pairs which contain specific module configuration information. The B represents -the name of the I the meaning of the B is +the name of the I. The meaning of the B is module specific: it may, for example, represent a further configuration -section containing configuration module specific information. E.g. +section containing configuration module specific information. E.g.: + # This must be in the default section openssl_conf = openssl_init [openssl_init] @@ -196,17 +215,8 @@ This modules has the name B which points to a section containing algorithm commands. Currently the only algorithm command supported is B whose -value should be a boolean string such as B or B. If the value is -B this attempt to enter FIPS mode. If the call fails or the library is -not FIPS capable then an error occurs. - -For example: - - alg_section = evp_settings - - [evp_settings] - - fips_mode = on +value can only be the boolean string B. If B is set to B, +an error occurs as this library version is not FIPS capable. =head2 SSL Configuration Module @@ -237,6 +247,22 @@ For example: ECDSA.Certificate = server-ecdsa.pem Ciphers = ALL:!RC4 +The system default configuration with name B if present will +be applied during any creation of the B structure. + +Example of a configuration with the system default: + + ssl_conf = ssl_sect + + [ssl_sect] + + system_default = system_default_sect + + [system_default_sect] + + MinProtocol = TLSv1.2 + + =head1 NOTES If a configuration file attempts to expand a variable that doesn't exist @@ -358,6 +384,22 @@ will output: showing that the OID "newoid1" has been added as "1.2.3.4.1". +=head1 ENVIRONMENT + +=over 4 + +=item B + +The path to the config file. +Ignored in set-user-ID and set-group-ID programs. + +=item B + +The path to the engines directory. +Ignored in set-user-ID and set-group-ID programs. + +=back + =head1 BUGS Currently there is no way to include characters using the octal B<\nnn> diff --git a/deps/openssl/openssl/doc/apps/x509v3_config.pod b/deps/openssl/openssl/doc/man5/x509v3_config.pod similarity index 98% rename from deps/openssl/openssl/doc/apps/x509v3_config.pod rename to deps/openssl/openssl/doc/man5/x509v3_config.pod index c0742c84da9e8e..a35b4ccfff08cd 100644 --- a/deps/openssl/openssl/doc/apps/x509v3_config.pod +++ b/deps/openssl/openssl/doc/man5/x509v3_config.pod @@ -1,7 +1,5 @@ =pod -=for comment openssl_manual_section:5 - =head1 NAME x509v3_config - X509 V3 certificate extension configuration format @@ -207,7 +205,7 @@ certificate (if possible). Example: - issuserAltName = issuer:copy + issuerAltName = issuer:copy =head2 Authority Info Access. @@ -355,6 +353,12 @@ The B option changes the type of the I field. In RFC2459 it can only be of type DisplayText. In RFC3280 IA5String is also permissible. Some software (for example some versions of MSIE) may require ia5org. +ASN1 type of explicitText can be specified by prepending B, +B or B prefix followed by colon. For example: + + [notice] + explicitText="UTF8:Explicit Text Here" + =head2 Policy Constraints This is a multi-valued extension which consisting of the names diff --git a/deps/openssl/openssl/doc/man7/Ed25519.pod b/deps/openssl/openssl/doc/man7/Ed25519.pod new file mode 100644 index 00000000000000..3f54217918a715 --- /dev/null +++ b/deps/openssl/openssl/doc/man7/Ed25519.pod @@ -0,0 +1,87 @@ +=pod + +=head1 NAME + +Ed25519, +Ed448 +- EVP_PKEY Ed25519 and Ed448 support + +=head1 DESCRIPTION + +The B and B EVP_PKEY implementation supports key generation, +one-shot digest sign and digest verify using PureEdDSA and B or B +(see RFC8032). It has associated private and public key formats compatible with +draft-ietf-curdle-pkix-04. + +No additional parameters can be set during key generation, one-shot signing or +verification. In particular, because PureEdDSA is used, a digest must B be +specified when signing or verifying. + +=head1 NOTES + +The PureEdDSA algorithm does not support the streaming mechanism +of other signature algorithms using, for example, EVP_DigestUpdate(). +The message to sign or verify must be passed using the one-shot +EVP_DigestSign() and EVP_DigestVerify() functions. + +When calling EVP_DigestSignInit() or EVP_DigestVerifyInit(), the +digest B parameter B be set to B. + +Applications wishing to sign certificates (or other structures such as +CRLs or certificate requests) using Ed25519 or Ed448 can either use X509_sign() +or X509_sign_ctx() in the usual way. + +A context for the B algorithm can be obtained by calling: + + EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519, NULL); + +For the B algorithm a context can be obtained by calling: + + EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED448, NULL); + +Ed25519 or Ed448 private keys can be set directly using +L or loaded from a PKCS#8 private key file +using L (or similar function). Completely new keys +can also be generated (see the example below). Setting a private key also sets +the associated public key. + +Ed25519 or Ed448 public keys can be set directly using +L or loaded from a SubjectPublicKeyInfo +structure in a PEM file using L (or similar function). + +Ed25519 and Ed448 can be tested within L application since version 1.1.1. +Valid algorithm names are B, B and B. If B is +specified, then both Ed25519 and Ed448 are benchmarked. + +=head1 EXAMPLE + +This example generates an B private key and writes it to standard +output in PEM format: + + #include + #include + ... + EVP_PKEY *pkey = NULL; + EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519, NULL); + EVP_PKEY_keygen_init(pctx); + EVP_PKEY_keygen(pctx, &pkey); + EVP_PKEY_CTX_free(pctx); + PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL); + +=head1 SEE ALSO + +L, +L, +L, +L, + +=head1 COPYRIGHT + +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man7/RAND.pod b/deps/openssl/openssl/doc/man7/RAND.pod new file mode 100644 index 00000000000000..971b3cdb161287 --- /dev/null +++ b/deps/openssl/openssl/doc/man7/RAND.pod @@ -0,0 +1,81 @@ +=pod + +=head1 NAME + +RAND +- the OpenSSL random generator + +=head1 DESCRIPTION + +Random numbers are a vital part of cryptography, they are needed to provide +unpredictability for tasks like key generation, creating salts, and many more. +Software-based generators must be seeded with external randomness before they +can be used as a cryptographically-secure pseudo-random number generator +(CSPRNG). +The availability of common hardware with special instructions and +modern operating systems, which may use items such as interrupt jitter +and network packet timings, can be reasonable sources of seeding material. + +OpenSSL comes with a default implementation of the RAND API which is based on +the deterministic random bit generator (DRBG) model as described in +[NIST SP 800-90A Rev. 1]. The default random generator will initialize +automatically on first use and will be fully functional without having +to be initialized ('seeded') explicitly. +It seeds and reseeds itself automatically using trusted random sources +provided by the operating system. + +As a normal application developer, you do not have to worry about any details, +just use L to obtain random data. +Having said that, there is one important rule to obey: Always check the error +return value of L and do not take randomness for granted. + +For values that should remain secret, you can use L +instead. +This method does not provide 'better' randomness, it uses the same type of CSPRNG. +The intention behind using a dedicated CSPRNG exclusively for private +values is that none of its output should be visible to an attacker (e.g., +used as salt value), in order to reveal as little information as +possible about its internal state, and that a compromise of the "public" +CSPRNG instance will not affect the secrecy of these private values. + +In the rare case where the default implementation does not satisfy your special +requirements, there are two options: + +=over 2 + +=item * + +Replace the default RAND method by your own RAND method using +L. + +=item * + +Modify the default settings of the OpenSSL RAND method by modifying the security +parameters of the underlying DRBG, which is described in detail in L. + +=back + +Changing the default random generator or its default parameters should be necessary +only in exceptional cases and is not recommended, unless you have a profound knowledge +of cryptographic principles and understand the implications of your changes. + +=head1 SEE ALSO + +L, +L, +L, +L, +L, +L, +L + +=head1 COPYRIGHT + +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man7/RAND_DRBG.pod b/deps/openssl/openssl/doc/man7/RAND_DRBG.pod new file mode 100644 index 00000000000000..ba457f050483e5 --- /dev/null +++ b/deps/openssl/openssl/doc/man7/RAND_DRBG.pod @@ -0,0 +1,301 @@ +=pod + +=head1 NAME + +RAND_DRBG - the deterministic random bit generator + +=head1 SYNOPSIS + + #include + +=head1 DESCRIPTION + +The default OpenSSL RAND method is based on the RAND_DRBG class, +which implements a deterministic random bit generator (DRBG). +A DRBG is a certain type of cryptographically-secure pseudo-random +number generator (CSPRNG), which is described in +[NIST SP 800-90A Rev. 1]. + +While the RAND API is the 'frontend' which is intended to be used by +application developers for obtaining random bytes, the RAND_DRBG API +serves as the 'backend', connecting the former with the operating +systems's entropy sources and providing access to the DRBG's +configuration parameters. + +=head2 Disclaimer + +Unless you have very specific requirements for your random generator, +it is in general not necessary to utilize the RAND_DRBG API directly. +The usual way to obtain random bytes is to use L or +L, see also L. + +=head2 Typical Use Cases + +Typical examples for such special use cases are the following: + +=over 2 + +=item * + +You want to use your own private DRBG instances. +Multiple DRBG instances which are accessed only by a single thread provide +additional security (because their internal states are independent) and +better scalability in multithreaded applications (because they don't need +to be locked). + +=item * + +You need to integrate a previously unsupported entropy source. + +=item * + +You need to change the default settings of the standard OpenSSL RAND +implementation to meet specific requirements. + +=back + + +=head1 CHAINING + +A DRBG instance can be used as the entropy source of another DRBG instance, +provided it has itself access to a valid entropy source. +The DRBG instance which acts as entropy source is called the I DRBG, +the other instance the I DRBG. + +This is called chaining. A chained DRBG instance is created by passing +a pointer to the parent DRBG as argument to the RAND_DRBG_new() call. +It is possible to create chains of more than two DRBG in a row. + +=head1 THE THREE SHARED DRBG INSTANCES + +Currently, there are three shared DRBG instances, +the , , and DRBG. +While the DRBG is a single global instance, the and +DRBG are created per thread and accessed through thread-local storage. + +By default, the functions L and L use +the thread-local and DRBG instance, respectively. + +=head2 The DRBG instance + +The DRBG is not used directly by the application, only for reseeding +the two other two DRBG instances. It reseeds itself by obtaining randomness +either from os entropy sources or by consuming randomness which was added +previously by L. + +=head2 The DRBG instance + +This instance is used per default by L. + +=head2 The DRBG instance + +This instance is used per default by L + + +=head1 LOCKING + +The DRBG is intended to be accessed concurrently for reseeding +by its child DRBG instances. The necessary locking is done internally. +It is I thread-safe to access the DRBG directly via the +RAND_DRBG interface. +The and DRBG are thread-local, i.e. there is an +instance of each per thread. So they can safely be accessed without +locking via the RAND_DRBG interface. + +Pointers to these DRBG instances can be obtained using +RAND_DRBG_get0_master(), +RAND_DRBG_get0_public(), and +RAND_DRBG_get0_private(), respectively. +Note that it is not allowed to store a pointer to one of the thread-local +DRBG instances in a variable or other memory location where it will be +accessed and used by multiple threads. + +All other DRBG instances created by an application don't support locking, +because they are intended to be used by a single thread. +Instead of accessing a single DRBG instance concurrently from different +threads, it is recommended to instantiate a separate DRBG instance per +thread. Using the DRBG as entropy source for multiple DRBG +instances on different threads is thread-safe, because the DRBG instance +will lock the DRBG automatically for obtaining random input. + +=head1 THE OVERALL PICTURE + +The following picture gives an overview over how the DRBG instances work +together and are being used. + + +--------------------+ + | os entropy sources | + +--------------------+ + | + v +-----------------------------+ + RAND_add() ==> <-| shared DRBG (with locking) | + / \ +-----------------------------+ + / \ +---------------------------+ + <- | per-thread DRBG instances | + | | +---------------------------+ + v v + RAND_bytes() RAND_priv_bytes() + | ^ + | | + +------------------+ +------------------------------------+ + | general purpose | | used for secrets like session keys | + | random generator | | and private keys for certificates | + +------------------+ +------------------------------------+ + + +The usual way to obtain random bytes is to call RAND_bytes(...) or +RAND_priv_bytes(...). These calls are roughly equivalent to calling +RAND_DRBG_bytes(, ...) and RAND_DRBG_bytes(, ...), +respectively. The method L is a convenience method +wrapping the L function, which serves the actual +request for random data. + +=head1 RESEEDING + +A DRBG instance seeds itself automatically, pulling random input from +its entropy source. The entropy source can be either a trusted operating +system entropy source, or another DRBG with access to such a source. + +Automatic reseeding occurs after a predefined number of generate requests. +The selection of the trusted entropy sources is configured at build +time using the --with-rand-seed option. The following sections explain +the reseeding process in more detail. + +=head2 Automatic Reseeding + +Before satisfying a generate request (L), the DRBG +reseeds itself automatically, if one of the following conditions holds: + +- the DRBG was not instantiated (=seeded) yet or has been uninstantiated. + +- the number of generate requests since the last reseeding exceeds a +certain threshold, the so called I. +This behaviour can be disabled by setting the I to 0. + +- the time elapsed since the last reseeding exceeds a certain time +interval, the so called I. +This can be disabled by setting the I to 0. + +- the DRBG is in an error state. + +B: An error state is entered if the entropy source fails while +the DRBG is seeding or reseeding. +The last case ensures that the DRBG automatically recovers +from the error as soon as the entropy source is available again. + +=head2 Manual Reseeding + +In addition to automatic reseeding, the caller can request an immediate +reseeding of the DRBG with fresh entropy by setting the +I parameter to 1 when calling L. + +The document [NIST SP 800-90C] describes prediction resistance requests +in detail and imposes strict conditions on the entropy sources that are +approved for providing prediction resistance. +Since the default DRBG implementation does not have access to such an approved +entropy source, a request for prediction resistance will currently always fail. +In other words, prediction resistance is currently not supported yet by the DRBG. + + +For the three shared DRBGs (and only for these) there is another way to +reseed them manually: +If L is called with a positive I argument +(or L), then this will immediately reseed the DRBG. +The and DRBG will detect this on their next generate +call and reseed, pulling randomness from . + +The last feature has been added to support the common practice used with +previous OpenSSL versions to call RAND_add() before calling RAND_bytes(). + + +=head2 Entropy Input vs. Additional Data + +The DRBG distinguishes two different types of random input: I, +which comes from a trusted source, and I', +which can optionally be added by the user and is considered untrusted. +It is possible to add I not only during reseeding, +but also for every generate request. +This is in fact done automatically by L. + + +=head2 Configuring the Random Seed Source + +In most cases OpenSSL will automatically choose a suitable seed source +for automatically seeding and reseeding its DRBG. In some cases +however, it will be necessary to explicitly specify a seed source during +configuration, using the --with-rand-seed option. For more information, +see the INSTALL instructions. There are also operating systems where no +seed source is available and automatic reseeding is disabled by default. + +The following two sections describe the reseeding process of the master +DRBG, depending on whether automatic reseeding is available or not. + + +=head2 Reseeding the master DRBG with automatic seeding enabled + +Calling RAND_poll() or RAND_add() is not necessary, because the DRBG +pulls the necessary entropy from its source automatically. +However, both calls are permitted, and do reseed the RNG. + +RAND_add() can be used to add both kinds of random input, depending on the +value of the B argument: + +=over 4 + +=item randomness == 0: + +The random bytes are mixed as additional input into the current state of +the DRBG. +Mixing in additional input is not considered a full reseeding, hence the +reseed counter is not reset. + + +=item randomness > 0: + +The random bytes are used as entropy input for a full reseeding +(resp. reinstantiation) if the DRBG is instantiated +(resp. uninstantiated or in an error state). +The number of random bits required for reseeding is determined by the +security strength of the DRBG. Currently it defaults to 256 bits (32 bytes). +It is possible to provide less randomness than required. +In this case the missing randomness will be obtained by pulling random input +from the trusted entropy sources. + +=back + +=head2 Reseeding the master DRBG with automatic seeding disabled + +Calling RAND_poll() will always fail. + +RAND_add() needs to be called for initial seeding and periodic reseeding. +At least 48 bytes (384 bits) of randomness have to be provided, otherwise +the (re-)seeding of the DRBG will fail. This corresponds to one and a half +times the security strength of the DRBG. The extra half is used for the +nonce during instantiation. + +More precisely, the number of bytes needed for seeding depend on the +I of the DRBG, which is set to 256 by default. + +=head1 SEE ALSO + +L, +L, +L, +L, +L, +L, +L, +L, +L, +L, + +=head1 COPYRIGHT + +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man7/RSA-PSS.pod b/deps/openssl/openssl/doc/man7/RSA-PSS.pod new file mode 100644 index 00000000000000..29775d86210398 --- /dev/null +++ b/deps/openssl/openssl/doc/man7/RSA-PSS.pod @@ -0,0 +1,61 @@ +=pod + +=head1 NAME + +RSA-PSS - EVP_PKEY RSA-PSS algorithm support + +=head1 DESCRIPTION + +The B EVP_PKEY implementation is a restricted version of the RSA +algorithm which only supports signing, verification and key generation +using PSS padding modes with optional parameter restrictions. + +It has associated private key and public key formats. + +This algorithm shares several control operations with the B algorithm +but with some restrictions described below. + +=head2 Signing and Verification + +Signing and verification is similar to the B algorithm except the +padding mode is always PSS. If the key in use has parameter restrictions then +the corresponding signature parameters are set to the restrictions: +for example, if the key can only be used with digest SHA256, MGF1 SHA256 +and minimum salt length 32 then the digest, MGF1 digest and salt length +will be set to SHA256, SHA256 and 32 respectively. + +=head2 Key Generation + +By default no parameter restrictions are placed on the generated key. + +=head1 NOTES + +The public key format is documented in RFC4055. + +The PKCS#8 private key format used for RSA-PSS keys is similar to the RSA +format except it uses the B OID and the parameters field, if +present, restricts the key parameters in the same way as the public key. + +=head1 CONFORMING TO + +RFC 4055 + +=head1 SEE ALSO + +L, +L, +L, +L, +L, +L + +=head1 COPYRIGHT + +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man7/SM2.pod b/deps/openssl/openssl/doc/man7/SM2.pod new file mode 100644 index 00000000000000..029dc736cbd5dc --- /dev/null +++ b/deps/openssl/openssl/doc/man7/SM2.pod @@ -0,0 +1,79 @@ +=pod + +=head1 NAME + +SM2 - Chinese SM2 signature and encryption algorithm support + +=head1 DESCRIPTION + +The B algorithm was first defined by the Chinese national standard GM/T +0003-2012 and was later standardized by ISO as ISO/IEC 14888. B is actually +an elliptic curve based algorithm. The current implementation in OpenSSL supports +both signature and encryption schemes via the EVP interface. + +When doing the B signature algorithm, it requires a distinguishing identifier +to form the message prefix which is hashed before the real message is hashed. + +=head1 NOTES + +B signatures can be generated by using the 'DigestSign' series of APIs, for +instance, EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal(). +Ditto for the verification process by calling the 'DigestVerify' series of APIs. + +There are several special steps that need to be done before computing an B +signature. + +The B structure will default to using ECDSA for signatures when it is +created. It should be set to B by calling: + + EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2); + +Then an ID should be set by calling: + + EVP_PKEY_CTX_set1_id(pctx, id, id_len); + +When calling the EVP_DigestSignInit() or EVP_DigestVerifyInit() functions, a +pre-allocated B should be assigned to the B. This is +done by calling: + + EVP_MD_CTX_set_pkey_ctx(mctx, pctx); + +And normally there is no need to pass a B parameter to EVP_DigestSignInit() +or EVP_DigestVerifyInit() in such a scenario. + +=head1 EXAMPLE + +This example demonstrates the calling sequence for using an B to verify +a message with the SM2 signature algorithm and the SM3 hash algorithm: + + #include + + /* obtain an EVP_PKEY using whatever methods... */ + EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2); + mctx = EVP_MD_CTX_new(); + pctx = EVP_PKEY_CTX_new(pkey, NULL); + EVP_PKEY_CTX_set1_id(pctx, id, id_len); + EVP_MD_CTX_set_pkey_ctx(mctx, pctx);; + EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey); + EVP_DigestVerifyUpdate(mctx, msg, msg_len); + EVP_DigestVerifyFinal(mctx, sig, sig_len) + +=head1 SEE ALSO + +L, +L, +L, +L, +L, +L + +=head1 COPYRIGHT + +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man7/X25519.pod b/deps/openssl/openssl/doc/man7/X25519.pod new file mode 100644 index 00000000000000..7cb6ff6b3bed09 --- /dev/null +++ b/deps/openssl/openssl/doc/man7/X25519.pod @@ -0,0 +1,74 @@ +=pod + +=head1 NAME + +X25519, +X448 +- EVP_PKEY X25519 and X448 support + +=head1 DESCRIPTION + +The B and B EVP_PKEY implementation supports key generation and +key derivation using B and B. It has associated private and public +key formats compatible with draft-ietf-curdle-pkix-03. + +No additional parameters can be set during key generation. + +The peer public key must be set using EVP_PKEY_derive_set_peer() when +performing key derivation. + +=head1 NOTES + +A context for the B algorithm can be obtained by calling: + + EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X25519, NULL); + +For the B algorithm a context can be obtained by calling: + + EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X448, NULL); + +X25519 or X448 private keys can be set directly using +L or loaded from a PKCS#8 private key file +using L (or similar function). Completely new keys +can also be generated (see the example below). Setting a private key also sets +the associated public key. + +X25519 or X448 public keys can be set directly using +L or loaded from a SubjectPublicKeyInfo +structure in a PEM file using L (or similar function). + +=head1 EXAMPLE + +This example generates an B private key and writes it to standard +output in PEM format: + + #include + #include + ... + EVP_PKEY *pkey = NULL; + EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X25519, NULL); + EVP_PKEY_keygen_init(pctx); + EVP_PKEY_keygen(pctx, &pkey); + EVP_PKEY_CTX_free(pctx); + PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL); + +The key derivation example in L can be used with +B and B. + +=head1 SEE ALSO + +L, +L, +L, +L + +=head1 COPYRIGHT + +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/crypto/bio.pod b/deps/openssl/openssl/doc/man7/bio.pod similarity index 90% rename from deps/openssl/openssl/doc/crypto/bio.pod rename to deps/openssl/openssl/doc/man7/bio.pod index 1e1dd02106db03..d34e722ea76b5e 100644 --- a/deps/openssl/openssl/doc/crypto/bio.pod +++ b/deps/openssl/openssl/doc/man7/bio.pod @@ -1,15 +1,13 @@ =pod -=for comment openssl_manual_section 7 - =head1 NAME bio - Basic I/O abstraction -=for comment generic - =head1 SYNOPSIS +=for comment generic + #include =head1 DESCRIPTION @@ -46,8 +44,8 @@ and frequently a utility function exists to create and initialize such BIOs. If BIO_free() is called on a BIO chain it will only free one BIO resulting in a memory leak. -Calling BIO_free_all() a single BIO has the same effect as calling BIO_free() -on it other than the discarded return value. +Calling BIO_free_all() on a single BIO has the same effect as calling +BIO_free() on it other than the discarded return value. Normally the B argument is supplied by a function which returns a pointer to a BIO_METHOD. There is a naming convention for such functions: @@ -68,18 +66,17 @@ L, L, L, L, L, L, L, -L, L, +L, L, L, L, L, L, L, L, -L, L, L, L, L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy @@ -87,4 +84,3 @@ in the file LICENSE in the source distribution or at L. =cut - diff --git a/deps/openssl/openssl/doc/crypto/crypto.pod b/deps/openssl/openssl/doc/man7/crypto.pod similarity index 96% rename from deps/openssl/openssl/doc/crypto/crypto.pod rename to deps/openssl/openssl/doc/man7/crypto.pod index 082f8435b23868..e08c5c8aec13e6 100644 --- a/deps/openssl/openssl/doc/crypto/crypto.pod +++ b/deps/openssl/openssl/doc/man7/crypto.pod @@ -1,7 +1,5 @@ =pod -=for comment openssl_manual_section:7 - =head1 NAME crypto - OpenSSL cryptographic library @@ -48,7 +46,7 @@ See the individual manual pages for details. =head1 SEE ALSO -L, L +L, L =head1 COPYRIGHT diff --git a/deps/openssl/openssl/doc/crypto/ct.pod b/deps/openssl/openssl/doc/man7/ct.pod similarity index 97% rename from deps/openssl/openssl/doc/crypto/ct.pod rename to deps/openssl/openssl/doc/man7/ct.pod index 60718b3f6dd0e4..355204d2a632cd 100644 --- a/deps/openssl/openssl/doc/crypto/ct.pod +++ b/deps/openssl/openssl/doc/man7/ct.pod @@ -1,7 +1,5 @@ =pod -=for comment openssl_manual_section:7 - =head1 NAME ct - Certificate Transparency diff --git a/deps/openssl/openssl/doc/crypto/des_modes.pod b/deps/openssl/openssl/doc/man7/des_modes.pod similarity index 98% rename from deps/openssl/openssl/doc/crypto/des_modes.pod rename to deps/openssl/openssl/doc/man7/des_modes.pod index d5a3f8d63636d3..f7415d77f48509 100644 --- a/deps/openssl/openssl/doc/crypto/des_modes.pod +++ b/deps/openssl/openssl/doc/man7/des_modes.pod @@ -1,7 +1,5 @@ =pod -=for comment openssl_manual_section:7 - =head1 NAME des_modes - the variants of DES and other crypto algorithms of OpenSSL @@ -18,7 +16,7 @@ other things. Normally, this is found as the function I_ecb_encrypt(). -=over 4 +=over 2 =item * @@ -45,7 +43,7 @@ Normally, this is found as the function I_cbc_encrypt(). Be aware that des_cbc_encrypt() is not really DES CBC (it does not update the IV); use des_ncbc_encrypt() instead. -=over 4 +=over 2 =item * @@ -77,7 +75,7 @@ An error will affect the current and the following ciphertext blocks. Normally, this is found as the function I_cfb_encrypt(). -=over 4 +=over 2 =item * @@ -124,8 +122,7 @@ An error will affect the current and the following ciphertext variables. Normally, this is found as the function I_ofb_encrypt(). -=over 4 - +=over 2 =item * @@ -185,7 +182,7 @@ susceptible to a 'known plaintext' attack. Normally, this is found as the function I_ecb3_encrypt(). -=over 4 +=over 2 =item * @@ -220,7 +217,7 @@ ecb mode. Normally, this is found as the function I_ede3_cbc_encrypt(). -=over 4 +=over 2 =item * diff --git a/deps/openssl/openssl/doc/crypto/evp.pod b/deps/openssl/openssl/doc/man7/evp.pod similarity index 79% rename from deps/openssl/openssl/doc/crypto/evp.pod rename to deps/openssl/openssl/doc/man7/evp.pod index 02051df6bcbb94..e493dacd23135e 100644 --- a/deps/openssl/openssl/doc/crypto/evp.pod +++ b/deps/openssl/openssl/doc/man7/evp.pod @@ -1,7 +1,5 @@ =pod -=for comment openssl_manual_section:7 - =head1 NAME evp - high-level cryptographic functions @@ -15,19 +13,19 @@ evp - high-level cryptographic functions The EVP library provides a high-level interface to cryptographic functions. -LI<...>|EVP_SealInit(3)> and LI<...>|EVP_OpenInit(3)> -provide public key encryption and decryption to implement digital "envelopes". +The LI|EVP_SealInit(3)> and LI|EVP_OpenInit(3)> +functions provide public key encryption and decryption to implement digital "envelopes". -The LI<...>|EVP_DigestSignInit(3)> and -LI<...>|EVP_DigestVerifyInit(3)> functions implement +The LI|EVP_DigestSignInit(3)> and +LI|EVP_DigestVerifyInit(3)> functions implement digital signatures and Message Authentication Codes (MACs). Also see the older -LI<...>|EVP_SignInit(3)> and LI<...>|EVP_VerifyInit(3)> +LI|EVP_SignInit(3)> and LI|EVP_VerifyInit(3)> functions. -Symmetric encryption is available with the LI<...>|EVP_EncryptInit(3)> -functions. The LI<...>|EVP_DigestInit(3)> functions provide message digests. +Symmetric encryption is available with the LI|EVP_EncryptInit(3)> +functions. The LI|EVP_DigestInit(3)> functions provide message digests. -The BI<...> functions provide a high level interface to +The BI functions provide a high level interface to asymmetric algorithms. To create a new EVP_PKEY see L. EVP_PKEYs can be associated with a private key of a particular algorithm by using the functions @@ -63,12 +61,12 @@ based encryption. Careful selection of the parameters will provide a PKCS#5 PBKD implementation. However, new applications should not typically use this (preferring, for example, PBKDF2 from PCKS#5). -The LI<...>|EVP_EncodeInit(3)> and -LI<...>|EVP_EncodeInit(3)> functions implement base 64 encoding +The LI|EVP_EncodeInit(3)> and +LI|EVP_EncodeInit(3)> functions implement base 64 encoding and decoding. All the symmetric algorithms (ciphers), digests and asymmetric algorithms -(public key algorithms) can be replaced by L modules providing alternative +(public key algorithms) can be replaced by ENGINE modules providing alternative implementations. If ENGINE implementations of ciphers or digests are registered as defaults, then the various EVP functions will automatically use those implementations automatically in preference to built in software @@ -102,11 +100,11 @@ L, L, L, L, -L +L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man7/ossl_store-file.pod b/deps/openssl/openssl/doc/man7/ossl_store-file.pod new file mode 100644 index 00000000000000..996043b0fb853c --- /dev/null +++ b/deps/openssl/openssl/doc/man7/ossl_store-file.pod @@ -0,0 +1,71 @@ +=pod + +=begin comment + +This is a recommended way to describe OSSL_STORE loaders, +"ossl_store-{name}", where {name} is replaced with the name of the +scheme it implements, in man section 7. + +=end comment + +=head1 NAME + +ossl_store-file - The store 'file' scheme loader + +=head1 SYNOPSIS + +=for comment generic + +#include + +=head1 DESCRIPTION + +Support for the 'file' scheme is built into C. +Since files come in all kinds of formats and content types, the 'file' +scheme has its own layer of functionality called "file handlers", +which are used to try to decode diverse types of file contents. + +In case a file is formatted as PEM, each called file handler receives +the PEM name (everything following any 'C<-----BEGIN >') as well as +possible PEM headers, together with the decoded PEM body. Since PEM +formatted files can contain more than one object, the file handlers +are called upon for each such object. + +If the file isn't determined to be formatted as PEM, the content is +loaded in raw form in its entirety and passed to the available file +handlers as is, with no PEM name or headers. + +Each file handler is expected to handle PEM and non-PEM content as +appropriate. Some may refuse non-PEM content for the sake of +determinism (for example, there are keys out in the wild that are +represented as an ASN.1 OCTET STRING. In raw form, it's not easily +possible to distinguish those from any other data coming as an ASN.1 +OCTET STRING, so such keys would naturally be accepted as PEM files +only). + +=head1 NOTES + +When needed, the 'file' scheme loader will require a pass phrase by +using the C that was passed via OSSL_STORE_open(). +This pass phrase is expected to be UTF-8 encoded, anything else will +give an undefined result. +The files made accessible through this loader are expected to be +standard compliant with regards to pass phrase encoding. +Files that aren't should be re-generated with a correctly encoded pass +phrase. +See L for more information. + +=head1 SEE ALSO + +L, L + +=head1 COPYRIGHT + +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man7/ossl_store.pod b/deps/openssl/openssl/doc/man7/ossl_store.pod new file mode 100644 index 00000000000000..6e75abd314b703 --- /dev/null +++ b/deps/openssl/openssl/doc/man7/ossl_store.pod @@ -0,0 +1,87 @@ +=pod + +=head1 NAME + +ossl_store - Store retrieval functions + +=head1 SYNOPSIS + +=for comment generic + +#include + +=head1 DESCRIPTION + +=head2 General + +A STORE is a layer of functionality to retrieve a number of supported +objects from a repository of any kind, addressable as a file name or +as a URI. + +The functionality supports the pattern "open a channel to the +repository", "loop and retrieve one object at a time", and "finish up +by closing the channel". + +The retrieved objects are returned as a wrapper type B, +from which an OpenSSL type can be retrieved. + +=head2 URI schemes and loaders + +Support for a URI scheme is called a STORE "loader", and can be added +dynamically from the calling application or from a loadable engine. + +Support for the 'file' scheme is built into C. +See L for more information. + +=head2 UI_METHOD and pass phrases + +The B API does nothing to enforce any specific format or +encoding on the pass phrase that the B provides. However, +the pass phrase is expected to be UTF-8 encoded. The result of any +other encoding is undefined. + +=head1 EXAMPLES + +=head2 A generic call + + OSSL_STORE_CTX *ctx = OSSL_STORE_open("file:/foo/bar/data.pem"); + + /* + * OSSL_STORE_eof() simulates file semantics for any repository to signal + * that no more data can be expected + */ + while (!OSSL_STORE_eof(ctx)) { + OSSL_STORE_INFO *info = OSSL_STORE_load(ctx); + + /* + * Do whatever is necessary with the OSSL_STORE_INFO, + * here just one example + */ + switch (OSSL_STORE_INFO_get_type(info)) { + case OSSL_STORE_INFO_X509: + /* Print the X.509 certificate text */ + X509_print_fp(stdout, OSSL_STORE_INFO_get0_CERT(info)); + /* Print the X.509 certificate PEM output */ + PEM_write_X509(stdout, OSSL_STORE_INFO_get0_CERT(info)); + break; + } + } + + OSSL_STORE_close(ctx); + +=head1 SEE ALSO + +L, L, +L, L, +L + +=head1 COPYRIGHT + +Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man7/passphrase-encoding.pod b/deps/openssl/openssl/doc/man7/passphrase-encoding.pod new file mode 100644 index 00000000000000..68108445269b7a --- /dev/null +++ b/deps/openssl/openssl/doc/man7/passphrase-encoding.pod @@ -0,0 +1,180 @@ +=pod + +=encoding utf8 + +=head1 NAME + +passphrase-encoding +- How diverse parts of OpenSSL treat pass phrases character encoding + +=head1 DESCRIPTION + +In a modern world with all sorts of character encodings, the treatment of pass +phrases has become increasingly complex. +This manual page attempts to give an overview over how this problem is +currently addressed in different parts of the OpenSSL library. + +=head2 The general case + +The OpenSSL library doesn't treat pass phrases in any special way as a general +rule, and trusts the application or user to choose a suitable character set +and stick to that throughout the lifetime of affected objects. +This means that for an object that was encrypted using a pass phrase encoded in +ISO-8859-1, that object needs to be decrypted using a pass phrase encoded in +ISO-8859-1. +Using the wrong encoding is expected to cause a decryption failure. + +=head2 PKCS#12 + +PKCS#12 is a bit different regarding pass phrase encoding. +The standard stipulates that the pass phrase shall be encoded as an ASN.1 +BMPString, which consists of the code points of the basic multilingual plane, +encoded in big endian (UCS-2 BE). + +OpenSSL tries to adapt to this requirements in one of the following manners: + +=over 4 + +=item 1. + +Treats the received pass phrase as UTF-8 encoded and tries to re-encode it to +UTF-16 (which is the same as UCS-2 for characters U+0000 to U+D7FF and U+E000 +to U+FFFF, but becomes an expansion for any other character), or failing that, +proceeds with step 2. + +=item 2. + +Assumes that the pass phrase is encoded in ASCII or ISO-8859-1 and +opportunistically prepends each byte with a zero byte to obtain the UCS-2 +encoding of the characters, which it stores as a BMPString. + +Note that since there is no check of your locale, this may produce UCS-2 / +UTF-16 characters that do not correspond to the original pass phrase characters +for other character sets, such as any ISO-8859-X encoding other than +ISO-8859-1 (or for Windows, CP 1252 with exception for the extra "graphical" +characters in the 0x80-0x9F range). + +=back + +OpenSSL versions older than 1.1.0 do variant 2 only, and that is the reason why +OpenSSL still does this, to be able to read files produced with older versions. + +It should be noted that this approach isn't entirely fault free. + +A pass phrase encoded in ISO-8859-2 could very well have a sequence such as +0xC3 0xAF (which is the two characters "LATIN CAPITAL LETTER A WITH BREVE" +and "LATIN CAPITAL LETTER Z WITH DOT ABOVE" in ISO-8859-2 encoding), but would +be misinterpreted as the perfectly valid UTF-8 encoded code point U+00EF (LATIN +SMALL LETTER I WITH DIARESIS) I. +A pass phrase that contains this kind of byte sequence will give a different +outcome in OpenSSL 1.1.0 and newer than in OpenSSL older than 1.1.0. + + 0x00 0xC3 0x00 0xAF # OpenSSL older than 1.1.0 + 0x00 0xEF # OpenSSL 1.1.0 and newer + +On the same accord, anything encoded in UTF-8 that was given to OpenSSL older +than 1.1.0 was misinterpreted as ISO-8859-1 sequences. + +=head2 OSSL_STORE + +L acts as a general interface to access all kinds of objects, +potentially protected with a pass phrase, a PIN or something else. +This API stipulates that pass phrases should be UTF-8 encoded, and that any +other pass phrase encoding may give undefined results. +This API relies on the application to ensure UTF-8 encoding, and doesn't check +that this is the case, so what it gets, it will also pass to the underlying +loader. + +=head1 RECOMMENDATIONS + +This section assumes that you know what pass phrase was used for encryption, +but that it may have been encoded in a different character encoding than the +one used by your current input method. +For example, the pass phrase may have been used at a time when your default +encoding was ISO-8859-1 (i.e. "naïve" resulting in the byte sequence 0x6E 0x61 +0xEF 0x76 0x65), and you're now in an environment where your default encoding +is UTF-8 (i.e. "naïve" resulting in the byte sequence 0x6E 0x61 0xC3 0xAF 0x76 +0x65). +Whenever it's mentioned that you should use a certain character encoding, it +should be understood that you either change the input method to use the +mentioned encoding when you type in your pass phrase, or use some suitable tool +to convert your pass phrase from your default encoding to the target encoding. + +Also note that the sub-sections below discuss human readable pass phrases. +This is particularly relevant for PKCS#12 objects, where human readable pass +phrases are assumed. +For other objects, it's as legitimate to use any byte sequence (such as a +sequence of bytes from `/dev/urandom` that's been saved away), which makes any +character encoding discussion irrelevant; in such cases, simply use the same +byte sequence as it is. + +=head2 Creating new objects + +For creating new pass phrase protected objects, make sure the pass phrase is +encoded using UTF-8. +This is default on most modern Unixes, but may involve an effort on other +platforms. +Specifically for Windows, setting the environment variable +C will have anything entered on [Windows] console prompt +converted to UTF-8 (command line and separately prompted pass phrases alike). + +=head2 Opening existing objects + +For opening pass phrase protected objects where you know what character +encoding was used for the encryption pass phrase, make sure to use the same +encoding again. + +For opening pass phrase protected objects where the character encoding that was +used is unknown, or where the producing application is unknown, try one of the +following: + +=over 4 + +=item 1. + +Try the pass phrase that you have as it is in the character encoding of your +environment. +It's possible that its byte sequence is exactly right. + +=item 2. + +Convert the pass phrase to UTF-8 and try with the result. +Specifically with PKCS#12, this should open up any object that was created +according to the specification. + +=item 3. + +Do a naïve (i.e. purely mathematical) ISO-8859-1 to UTF-8 conversion and try +with the result. +This differs from the previous attempt because ISO-8859-1 maps directly to +U+0000 to U+00FF, which other non-UTF-8 character sets do not. + +This also takes care of the case when a UTF-8 encoded string was used with +OpenSSL older than 1.1.0. +(for example, C<ï>, which is 0xC3 0xAF when encoded in UTF-8, would become 0xC3 +0x83 0xC2 0xAF when re-encoded in the naïve manner. +The conversion to BMPString would then yield 0x00 0xC3 0x00 0xA4 0x00 0x00, the +erroneous/non-compliant encoding used by OpenSSL older than 1.1.0) + +=back + +=head1 SEE ALSO + +L, +L, +L, L, +L, +L, L, +L + +=head1 COPYRIGHT + +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/man7/scrypt.pod b/deps/openssl/openssl/doc/man7/scrypt.pod new file mode 100644 index 00000000000000..94ff3ab53fce79 --- /dev/null +++ b/deps/openssl/openssl/doc/man7/scrypt.pod @@ -0,0 +1,115 @@ +=pod + +=head1 NAME + +scrypt - EVP_PKEY scrypt KDF support + +=head1 DESCRIPTION + +The EVP_PKEY_SCRYPT algorithm implements the scrypt password based key +derivation function, as described in RFC 7914. It is memory-hard in the sense +that it deliberately requires a significant amount of RAM for efficient +computation. The intention of this is to render brute forcing of passwords on +systems that lack large amounts of main memory (such as GPUs or ASICs) +computationally infeasible. + +scrypt provides three work factors that can be customized: N, r and p. N, which +has to be a positive power of two, is the general work factor and scales CPU +time in an approximately linear fashion. r is the block size of the internally +used hash function and p is the parallelization factor. Both r and p need to be +greater than zero. The amount of RAM that scrypt requires for its computation +is roughly (128 * N * r * p) bytes. + +In the original paper of Colin Percival ("Stronger Key Derivation via +Sequential Memory-Hard Functions", 2009), the suggested values that give a +computation time of less than 5 seconds on a 2.5 GHz Intel Core 2 Duo are N = +2^20 = 1048576, r = 8, p = 1. Consequently, the required amount of memory for +this computation is roughly 1 GiB. On a more recent CPU (Intel i7-5930K at 3.5 +GHz), this computation takes about 3 seconds. When N, r or p are not specified, +they default to 1048576, 8, and 1, respectively. The default amount of RAM that +may be used by scrypt defaults to 1025 MiB. + +=head1 NOTES + +A context for scrypt can be obtained by calling: + + EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, NULL); + +The output length of an scrypt key derivation is specified via the +length parameter to the L function. + +=head1 EXAMPLE + +This example derives a 64-byte long test vector using scrypt using the password +"password", salt "NaCl" and N = 1024, r = 8, p = 16. + + EVP_PKEY_CTX *pctx; + unsigned char out[64]; + + size_t outlen = sizeof(out); + pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, NULL); + + if (EVP_PKEY_derive_init(pctx) <= 0) { + error("EVP_PKEY_derive_init"); + } + if (EVP_PKEY_CTX_set1_pbe_pass(pctx, "password", 8) <= 0) { + error("EVP_PKEY_CTX_set1_pbe_pass"); + } + if (EVP_PKEY_CTX_set1_scrypt_salt(pctx, "NaCl", 4) <= 0) { + error("EVP_PKEY_CTX_set1_scrypt_salt"); + } + if (EVP_PKEY_CTX_set_scrypt_N(pctx, 1024) <= 0) { + error("EVP_PKEY_CTX_set_scrypt_N"); + } + if (EVP_PKEY_CTX_set_scrypt_r(pctx, 8) <= 0) { + error("EVP_PKEY_CTX_set_scrypt_r"); + } + if (EVP_PKEY_CTX_set_scrypt_p(pctx, 16) <= 0) { + error("EVP_PKEY_CTX_set_scrypt_p"); + } + if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) { + error("EVP_PKEY_derive"); + } + + { + const unsigned char expected[sizeof(out)] = { + 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00, + 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe, + 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30, + 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62, + 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88, + 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda, + 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d, + 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40 + }; + + assert(!memcmp(out, expected, sizeof(out))); + } + + EVP_PKEY_CTX_free(pctx); + +=head1 CONFORMING TO + +RFC 7914 + +=head1 SEE ALSO + +L, +L, +L, +L, +L, +L, +L, +L + +=head1 COPYRIGHT + +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/deps/openssl/openssl/doc/ssl/ssl.pod b/deps/openssl/openssl/doc/man7/ssl.pod similarity index 95% rename from deps/openssl/openssl/doc/ssl/ssl.pod rename to deps/openssl/openssl/doc/man7/ssl.pod index da12e29c635153..d439860b5b5b52 100644 --- a/deps/openssl/openssl/doc/ssl/ssl.pod +++ b/deps/openssl/openssl/doc/man7/ssl.pod @@ -1,7 +1,5 @@ =pod -=for comment openssl_manual_section:7 - =head1 NAME ssl - OpenSSL SSL/TLS library @@ -16,7 +14,7 @@ The OpenSSL B library implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols. It provides a rich API which is documented here. -Then an B object is created as a framework to establish +An B object is created as a framework to establish TLS/SSL enabled connections (see L). Various options regarding certificates, algorithms etc. can be set in this object. @@ -27,10 +25,10 @@ L, L or L can be used to associate the network connection with the object. -Then the TLS/SSL handshake is performed using +When the TLS/SSL handshake is performed using L or L respectively. -L and L are +L, L, L and L are used to read and write data on the TLS/SSL connection. L can be used to shut down the TLS/SSL connection. @@ -44,7 +42,7 @@ structures: =item B (SSL Method) -That's a dispatch structure describing the internal B library +This is a dispatch structure describing the internal B library methods/functions which implement the various protocol versions (SSLv3 TLSv1, ...). It's needed to create an B. @@ -52,12 +50,12 @@ TLSv1, ...). It's needed to create an B. This structure holds the algorithm information for a particular cipher which are a core part of the SSL/TLS protocol. The available ciphers are configured -on a B basis and the actually used ones are then part of the +on a B basis and the actual ones used are then part of the B. =item B (SSL Context) -That's the global context structure which is created by a server or client +This is the global context structure which is created by a server or client once per program life-time and which holds mainly default values for the B structures which are later created for the connections. @@ -68,9 +66,9 @@ connection: Bs, client and server certificates, keys, etc. =item B (SSL Connection) -That's the main SSL/TLS structure which is created by a server or client per +This is the main SSL/TLS structure which is created by a server or client per established connection. This actually is the core structure in the SSL API. -Under run-time the application usually deals with this structure which has +At run-time the application usually deals with this structure which has links to mostly all other structures. =back @@ -85,7 +83,7 @@ containing the prototypes for the data structures and functions: =item B -That's the common header file for the SSL/TLS API. Include it into your +This is the common header file for the SSL/TLS API. Include it into your program to make the API of the B library available. It internally includes both more private SSL headers and headers from the B library. Whenever you need hard-core details on the internals of the SSL API, look @@ -97,13 +95,13 @@ Unused. Present for backwards compatibility only. =item B -That's the sub header file dealing with the SSLv3 protocol only. +This is the sub header file dealing with the SSLv3 protocol only. I. =item B -That's the sub header file dealing with the TLSv1 protocol only. +This is the sub header file dealing with the TLSv1 protocol only. I. @@ -130,10 +128,12 @@ See L for details. =item const SSL_METHOD *B(void); Constructor for the I SSL_METHOD structure for clients. +Must be used to support the TLSv1.3 protocol. =item const SSL_METHOD *B(void); Constructor for the I SSL_METHOD structure for servers. +Must be used to support the TLSv1.3 protocol. =item const SSL_METHOD *B(void); @@ -322,6 +322,8 @@ protocol context defined in the B structure. =item void B(SSL_CTX *ctx, X509_STORE *cs); +=item void B(SSL_CTX *ctx, X509_STORE *cs); + =item void B(SSL_CTX *ctx, int (*cb)(), char *arg) =item int B(SSL_CTX *ctx, char *str); @@ -397,6 +399,8 @@ Use the file path to locate trusted CA certificates. =item int B(SSL_CTX *ctx, const char *file, int type); +=item int B(SSL_CTX *ctx, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override); + =item X509 *B(const SSL_CTX *ctx); =item EVP_PKEY *B(const SSL_CTX *ctx); @@ -706,6 +710,8 @@ Returns the current handshake state. =item int B(SSL *ssl, const char *file, int type); +=item int B(SSL *ssl, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override); + =item int B(const SSL *ssl); =item int B(const SSL *ssl); diff --git a/deps/openssl/openssl/doc/crypto/x509.pod b/deps/openssl/openssl/doc/man7/x509.pod similarity index 76% rename from deps/openssl/openssl/doc/crypto/x509.pod rename to deps/openssl/openssl/doc/man7/x509.pod index 483b0376472cca..065dcb14fbeb87 100644 --- a/deps/openssl/openssl/doc/crypto/x509.pod +++ b/deps/openssl/openssl/doc/man7/x509.pod @@ -1,7 +1,5 @@ =pod -=for comment openssl_manual_section:7 - =head1 NAME x509 - X.509 certificate handling @@ -32,20 +30,20 @@ extension) and a few more. Finally, there's the supertype X509_INFO, which can contain a CRL, a certificate and a corresponding private key. -BI<...>, BI<...> and BI<...> handle X.509 -certificates, with some exceptions, shown below. +BI, BI, and BI functions +handle X.509 certificates, with some exceptions, shown below. -BI<...>, BI<...> and BI<...> -handle X.509 CRLs. +BI, BI, and BI +functions handle X.509 CRLs. -BI<...>, BI<...> and BI<...> -handle PKCS#10 certificate requests. +BI, BI, and BI +functions handle PKCS#10 certificate requests. -BI<...> handle certificate names. +BI functions handle certificate names. -BI<...> handle certificate attributes. +BI functions handle certificate attributes. -BI<...> handle certificate extensions. +BI functions handle certificate extensions. =head1 SEE ALSO diff --git a/deps/openssl/openssl/doc/openssl-c-indent.el b/deps/openssl/openssl/doc/openssl-c-indent.el index 852f794f965609..59dec44580cac4 100644 --- a/deps/openssl/openssl/doc/openssl-c-indent.el +++ b/deps/openssl/openssl/doc/openssl-c-indent.el @@ -2,7 +2,7 @@ ;;; ;;; This definition is for the "CC mode" package, which is the default ;;; mode for editing C source files in Emacs 20, not for the older -;;; c-mode.el (which was the default in less recent release of Emacs 19). +;;; c-mode.el (which was the default in less recent releases of Emacs 19). ;;; ;;; Recommended use is to add this line in your .emacs: ;;; diff --git a/deps/openssl/openssl/doc/ssl/DTLSv1_listen.pod b/deps/openssl/openssl/doc/ssl/DTLSv1_listen.pod deleted file mode 100644 index a839d9fec19101..00000000000000 --- a/deps/openssl/openssl/doc/ssl/DTLSv1_listen.pod +++ /dev/null @@ -1,102 +0,0 @@ -=pod - -=head1 NAME - -DTLSv1_listen - listen for incoming DTLS connections - -=head1 SYNOPSIS - - #include - - int DTLSv1_listen(SSL *ssl, BIO_ADDR *peer); - -=head1 DESCRIPTION - -DTLSv1_listen() listens for new incoming DTLS connections. If a ClientHello is -received that does not contain a cookie, then DTLSv1_listen() responds with a -HelloVerifyRequest. If a ClientHello is received with a cookie that is verified -then control is returned to user code to enable the handshake to be completed -(for example by using SSL_accept()). - -=head1 NOTES - -Datagram based protocols can be susceptible to Denial of Service attacks. A -DTLS attacker could, for example, submit a series of handshake initiation -requests that cause the server to allocate state (and possibly perform -cryptographic operations) thus consuming server resources. The attacker could -also (with UDP) quite simply forge the source IP address in such an attack. - -As a counter measure to that DTLS includes a stateless cookie mechanism. The -idea is that when a client attempts to connect to a server it sends a -ClientHello message. The server responds with a HelloVerifyRequest which -contains a unique cookie. The client then resends the ClientHello, but this time -includes the cookie in the message thus proving that the client is capable of -receiving messages sent to that address. All of this can be done by the server -without allocating any state, and thus without consuming expensive resources. - -OpenSSL implements this capability via the DTLSv1_listen() function. The B -parameter should be a newly allocated SSL object with its read and write BIOs -set, in the same way as might be done for a call to SSL_accept(). Typically the -read BIO will be in an "unconnected" state and thus capable of receiving -messages from any peer. - -When a ClientHello is received that contains a cookie that has been verified, -then DTLSv1_listen() will return with the B parameter updated into a state -where the handshake can be continued by a call to (for example) SSL_accept(). -Additionally the B pointed to by B will be filled in with -details of the peer that sent the ClientHello. If the underlying BIO is unable -to obtain the B of the peer (for example because the BIO does not -support this), then B<*peer> will be cleared and the family set to AF_UNSPEC. -Typically user code is expected to "connect" the underlying socket to the peer -and continue the handshake in a connected state. - -Prior to calling DTLSv1_listen() user code must ensure that cookie generation -and verification callbacks have been set up using -SSL_CTX_set_cookie_generate_cb() and SSL_CTX_set_cookie_verify_cb() -respectively. - -Since DTLSv1_listen() operates entirely statelessly whilst processing incoming -ClientHellos it is unable to process fragmented messages (since this would -require the allocation of state). An implication of this is that DTLSv1_listen() -B supports ClientHellos that fit inside a single datagram. - -=head1 RETURN VALUES - -From OpenSSL 1.1.0 a return value of >= 1 indicates success. In this instance -the B value will be filled in and the B object set up ready to -continue the handshake. - -A return value of 0 indicates a non-fatal error. This could (for -example) be because of non-blocking IO, or some invalid message having been -received from a peer. Errors may be placed on the OpenSSL error queue with -further information if appropriate. Typically user code is expected to retry the -call to DTLSv1_listen() in the event of a non-fatal error. Any old errors on the -error queue will be cleared in the subsequent call. - -A return value of <0 indicates a fatal error. This could (for example) be -because of a failure to allocate sufficient memory for the operation. - -Prior to OpenSSL 1.1.0 fatal and non-fatal errors both produce return codes -<= 0 (in typical implementations user code treats all errors as non-fatal), -whilst return codes >0 indicate success. - -=head1 SEE ALSO - -L, L, -L, L - -=head1 HISTORY - -DTLSv1_listen() return codes were clarified in OpenSSL 1.1.0. The type of "peer" -also changed in OpenSSL 1.1.0. - -=head1 COPYRIGHT - -Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the OpenSSL license (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/deps/openssl/openssl/doc/ssl/SSL_CIPHER_get_name.pod b/deps/openssl/openssl/doc/ssl/SSL_CIPHER_get_name.pod deleted file mode 100644 index b7ee3c84f54dd7..00000000000000 --- a/deps/openssl/openssl/doc/ssl/SSL_CIPHER_get_name.pod +++ /dev/null @@ -1,128 +0,0 @@ -=pod - -=head1 NAME - -SSL_CIPHER_get_cipher_nid, SSL_CIPHER_get_digest_nid, SSL_CIPHER_get_kx_nid, -SSL_CIPHER_get_auth_nid, SSL_CIPHER_is_aead, -SSL_CIPHER_get_name, SSL_CIPHER_get_bits, -SSL_CIPHER_get_version, SSL_CIPHER_description -- get SSL_CIPHER properties - -=head1 SYNOPSIS - - #include - - const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher); - int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits); - char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher); - char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int size); - int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c); - int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c); - int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c); - int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c); - int SSL_CIPHER_is_aead(const SSL_CIPHER *c); - -=head1 DESCRIPTION - -SSL_CIPHER_get_name() returns a pointer to the name of B. If the -B is NULL, it returns "(NONE)". - -SSL_CIPHER_get_bits() returns the number of secret bits used for B. -If B is NULL, 0 is returned. - -SSL_CIPHER_get_version() returns string which indicates the SSL/TLS protocol -version that first defined the cipher. It returns "(NONE)" if B is NULL. - -SSL_CIPHER_get_cipher_nid() returns the cipher NID corresponding to B. -If there is no cipher (e.g. for ciphersuites with no encryption) then -B is returned. - -SSL_CIPHER_get_digest_nid() returns the digest NID corresponding to the MAC -used by B. If there is no digest (e.g. for AEAD ciphersuites) then -B is returned. - -SSL_CIPHER_get_kx_nid() returns the key exchange NID corresponding to the method -used by B. If there is no key exchange, then B is returned. Examples (not comprehensive): - - NID_kx_rsa - NID_kx_ecdhe - NID_kx_dhe - NID_kx_psk - -SSL_CIPHER_get_auth_nid() returns the authentication NID corresponding to the method -used by B. If there is no authentication, then B is returned. -Examples (not comprehensive): - - NID_auth_rsa - NID_auth_ecdsa - NID_auth_psk - -SSL_CIPHER_is_aead() returns 1 if the cipher B is AEAD (e.g. GCM or -ChaCha20/Poly1305), and 0 if it is not AEAD. - -SSL_CIPHER_description() returns a textual description of the cipher used -into the buffer B of length B provided. If B is provided, it -must be at least 128 bytes, otherwise a buffer will be allocated using -OPENSSL_malloc(). If the provided buffer is too small, or the allocation fails, -B is returned. - -The string returned by SSL_CIPHER_description() consists of several fields -separated by whitespace: - -=over 4 - -=item - -Textual representation of the cipher name. - -=item - -Protocol version, such as B, when the cipher was first defined. - -=item Kx= - -Key exchange method such as B, B, etc. - -=item Au= - -Authentication method such as B, B, etc.. None is the -representation of anonymous ciphers. - -=item Enc= - -Encryption method, with number of secret bits, such as B. - -=item Mac= - -Message digest, such as B. - -=back - -Some examples for the output of SSL_CIPHER_description(): - - ECDHE-RSA-AES256-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD - RSA-PSK-AES256-CBC-SHA384 TLSv1.0 Kx=RSAPSK Au=RSA Enc=AES(256) Mac=SHA384 - -=head1 HISTORY - -SSL_CIPHER_get_version() was updated to always return the correct protocol -string in OpenSSL 1.1. - -SSL_CIPHER_description() was changed to return B on error, -rather than a fixed string, in OpenSSL 1.1 - -=head1 SEE ALSO - -L, L, -L, L - -=head1 COPYRIGHT - -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the OpenSSL license (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_set1_curves.pod b/deps/openssl/openssl/doc/ssl/SSL_CTX_set1_curves.pod deleted file mode 100644 index b0276c80f3a655..00000000000000 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_set1_curves.pod +++ /dev/null @@ -1,90 +0,0 @@ -=pod - -=head1 NAME - -SSL_CTX_set1_curves, SSL_CTX_set1_curves_list, SSL_set1_curves, -SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve - EC supported curve functions - -=head1 SYNOPSIS - - #include - - int SSL_CTX_set1_curves(SSL_CTX *ctx, int *clist, int clistlen); - int SSL_CTX_set1_curves_list(SSL_CTX *ctx, char *list); - - int SSL_set1_curves(SSL *ssl, int *clist, int clistlen); - int SSL_set1_curves_list(SSL *ssl, char *list); - - int SSL_get1_curves(SSL *ssl, int *curves); - int SSL_get_shared_curve(SSL *s, int n); - -=head1 DESCRIPTION - -SSL_CTX_set1_curves() sets the supported curves for B to B -curves in the array B. The array consist of all NIDs of curves in -preference order. For a TLS client the curves are used directly in the -supported curves extension. For a TLS server the curves are used to -determine the set of shared curves. - -SSL_CTX_set1_curves_list() sets the supported curves for B to -string B. The string is a colon separated list of curve NIDs or -names, for example "P-521:P-384:P-256". - -SSL_set1_curves() and SSL_set1_curves_list() are similar except they set -supported curves for the SSL structure B. - -SSL_get1_curves() returns the set of supported curves sent by a client -in the supported curves extension. It returns the total number of -supported curves. The B parameter can be B to simply -return the number of curves for memory allocation purposes. The -B array is in the form of a set of curve NIDs in preference -order. It can return zero if the client did not send a supported curves -extension. - -SSL_get_shared_curve() returns shared curve B for a server-side -SSL B. If B is -1 then the total number of shared curves is -returned, which may be zero. Other than for diagnostic purposes, -most applications will only be interested in the first shared curve -so B is normally set to zero. If the value B is out of range, -NID_undef is returned. - -All these functions are implemented as macros. - -=head1 NOTES - -If an application wishes to make use of several of these functions for -configuration purposes either on a command line or in a file it should -consider using the SSL_CONF interface instead of manually parsing options. - -=head1 RETURN VALUES - -SSL_CTX_set1_curves(), SSL_CTX_set1_curves_list(), SSL_set1_curves() and -SSL_set1_curves_list(), return 1 for success and 0 for failure. - -SSL_get1_curves() returns the number of curves, which may be zero. - -SSL_get_shared_curve() returns the NID of shared curve B or NID_undef if there -is no shared curve B; or the total number of shared curves if B -is -1. - -When called on a client B, SSL_get_shared_curve() has no meaning and -returns -1. - -=head1 SEE ALSO - -L - -=head1 HISTORY - -These functions were first added to OpenSSL 1.0.2. - -=head1 COPYRIGHT - -Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the OpenSSL license (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod b/deps/openssl/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod deleted file mode 100644 index 0252e7b5216bf1..00000000000000 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod +++ /dev/null @@ -1,103 +0,0 @@ -=pod - -=head1 NAME - -SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_CTX_add_client_CA, -SSL_add_client_CA - set list of CAs sent to the client when requesting a -client certificate - -=head1 SYNOPSIS - - #include - - void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list); - void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list); - int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *cacert); - int SSL_add_client_CA(SSL *ssl, X509 *cacert); - -=head1 DESCRIPTION - -SSL_CTX_set_client_CA_list() sets the B of CAs sent to the client when -requesting a client certificate for B. - -SSL_set_client_CA_list() sets the B of CAs sent to the client when -requesting a client certificate for the chosen B, overriding the -setting valid for B's SSL_CTX object. - -SSL_CTX_add_client_CA() adds the CA name extracted from B to the -list of CAs sent to the client when requesting a client certificate for -B. - -SSL_add_client_CA() adds the CA name extracted from B to the -list of CAs sent to the client when requesting a client certificate for -the chosen B, overriding the setting valid for B's SSL_CTX object. - -=head1 NOTES - -When a TLS/SSL server requests a client certificate (see -B), it sends a list of CAs, for which -it will accept certificates, to the client. - -This list must explicitly be set using SSL_CTX_set_client_CA_list() for -B and SSL_set_client_CA_list() for the specific B. The list -specified overrides the previous setting. The CAs listed do not become -trusted (B only contains the names, not the complete certificates); use -L -to additionally load them for verification. - -If the list of acceptable CAs is compiled in a file, the -L -function can be used to help importing the necessary data. - -SSL_CTX_add_client_CA() and SSL_add_client_CA() can be used to add additional -items the list of client CAs. If no list was specified before using -SSL_CTX_set_client_CA_list() or SSL_set_client_CA_list(), a new client -CA list for B or B (as appropriate) is opened. - -These functions are only useful for TLS/SSL servers. - -=head1 RETURN VALUES - -SSL_CTX_set_client_CA_list() and SSL_set_client_CA_list() do not return -diagnostic information. - -SSL_CTX_add_client_CA() and SSL_add_client_CA() have the following return -values: - -=over 4 - -=item Z<>0 - -A failure while manipulating the STACK_OF(X509_NAME) object occurred or -the X509_NAME could not be extracted from B. Check the error stack -to find out the reason. - -=item Z<>1 - -The operation succeeded. - -=back - -=head1 EXAMPLES - -Scan all certificates in B and list them as acceptable CAs: - - SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile)); - -=head1 SEE ALSO - -L, -L, -L, -L - -=head1 COPYRIGHT - -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the OpenSSL license (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_mode.pod b/deps/openssl/openssl/doc/ssl/SSL_CTX_set_mode.pod deleted file mode 100644 index 1b3e783ad6b8a6..00000000000000 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_mode.pod +++ /dev/null @@ -1,114 +0,0 @@ -=pod - -=head1 NAME - -SSL_CTX_set_mode, SSL_set_mode, SSL_CTX_get_mode, SSL_get_mode - manipulate SSL engine mode - -=head1 SYNOPSIS - - #include - - long SSL_CTX_set_mode(SSL_CTX *ctx, long mode); - long SSL_set_mode(SSL *ssl, long mode); - - long SSL_CTX_get_mode(SSL_CTX *ctx); - long SSL_get_mode(SSL *ssl); - -=head1 DESCRIPTION - -SSL_CTX_set_mode() adds the mode set via bitmask in B to B. -Options already set before are not cleared. - -SSL_set_mode() adds the mode set via bitmask in B to B. -Options already set before are not cleared. - -SSL_CTX_get_mode() returns the mode set for B. - -SSL_get_mode() returns the mode set for B. - -=head1 NOTES - -The following mode changes are available: - -=over 4 - -=item SSL_MODE_ENABLE_PARTIAL_WRITE - -Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success -when just a single record has been written). When not set (the default), -SSL_write() will only report success once the complete chunk was written. -Once SSL_write() returns with r, r bytes have been successfully written -and the next call to SSL_write() must only send the n-r bytes left, -imitating the behaviour of write(). - -=item SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER - -Make it possible to retry SSL_write() with changed buffer location -(the buffer contents must stay the same). This is not the default to avoid -the misconception that non-blocking SSL_write() behaves like -non-blocking write(). - -=item SSL_MODE_AUTO_RETRY - -Never bother the application with retries if the transport is blocking. -If a renegotiation take place during normal operation, a -L or L would return -with -1 and indicate the need to retry with SSL_ERROR_WANT_READ. -In a non-blocking environment applications must be prepared to handle -incomplete read/write operations. -In a blocking environment, applications are not always prepared to -deal with read/write operations returning without success report. The -flag SSL_MODE_AUTO_RETRY will cause read/write operations to only -return after the handshake and successful completion. - -=item SSL_MODE_RELEASE_BUFFERS - -When we no longer need a read buffer or a write buffer for a given SSL, -then release the memory we were using to hold it. -Using this flag can -save around 34k per idle SSL connection. -This flag has no effect on SSL v2 connections, or on DTLS connections. - -=item SSL_MODE_SEND_FALLBACK_SCSV - -Send TLS_FALLBACK_SCSV in the ClientHello. -To be set only by applications that reconnect with a downgraded protocol -version; see draft-ietf-tls-downgrade-scsv-00 for details. - -DO NOT ENABLE THIS if your application attempts a normal handshake. -Only use this in explicit fallback retries, following the guidance -in draft-ietf-tls-downgrade-scsv-00. - -=item SSL_MODE_ASYNC - -Enable asynchronous processing. TLS I/O operations may indicate a retry with -SSL_ERROR_WANT_ASYNC with this mode set if an asynchronous capable engine is -used to perform cryptographic operations. See L. - -=back - -=head1 RETURN VALUES - -SSL_CTX_set_mode() and SSL_set_mode() return the new mode bitmask -after adding B. - -SSL_CTX_get_mode() and SSL_get_mode() return the current bitmask. - -=head1 SEE ALSO - -L, L, L, L - -=head1 HISTORY - -SSL_MODE_ASYNC was first added to OpenSSL 1.1.0. - -=head1 COPYRIGHT - -Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the OpenSSL license (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_msg_callback.pod b/deps/openssl/openssl/doc/ssl/SSL_CTX_set_msg_callback.pod deleted file mode 100644 index 9546e75124ae43..00000000000000 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_msg_callback.pod +++ /dev/null @@ -1,103 +0,0 @@ -=pod - -=head1 NAME - -SSL_CTX_set_msg_callback, SSL_CTX_set_msg_callback_arg, SSL_set_msg_callback, SSL_set_msg_callback_arg - install callback for observing protocol messages - -=head1 SYNOPSIS - - #include - - void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); - void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg); - - void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); - void SSL_set_msg_callback_arg(SSL *ssl, void *arg); - -=head1 DESCRIPTION - -SSL_CTX_set_msg_callback() or SSL_set_msg_callback() can be used to -define a message callback function I for observing all SSL/TLS -protocol messages (such as handshake messages) that are received or -sent. SSL_CTX_set_msg_callback_arg() and SSL_set_msg_callback_arg() -can be used to set argument I to the callback function, which is -available for arbitrary application use. - -SSL_CTX_set_msg_callback() and SSL_CTX_set_msg_callback_arg() specify -default settings that will be copied to new B objects by -L. SSL_set_msg_callback() and -SSL_set_msg_callback_arg() modify the actual settings of an B -object. Using a B<0> pointer for I disables the message callback. - -When I is called by the SSL/TLS library for a protocol message, -the function arguments have the following meaning: - -=over 4 - -=item I - -This flag is B<0> when a protocol message has been received and B<1> -when a protocol message has been sent. - -=item I - -The protocol version according to which the protocol message is -interpreted by the library. Currently, this is one of -B, B and B (for SSL 2.0, SSL -3.0 and TLS 1.0, respectively). - -=item I - -In the case of SSL 2.0, this is always B<0>. In the case of SSL 3.0 -or TLS 1.0, this is one of the B values defined in the -protocol specification (B, B, -B; but never B because the -callback will only be called for protocol messages). - -=item I, I - -I points to a buffer containing the protocol message, which -consists of I bytes. The buffer is no longer valid after the -callback function has returned. - -=item I - -The B object that received or sent the message. - -=item I - -The user-defined argument optionally defined by -SSL_CTX_set_msg_callback_arg() or SSL_set_msg_callback_arg(). - -=back - -=head1 NOTES - -Protocol messages are passed to the callback function after decryption -and fragment collection where applicable. (Thus record boundaries are -not visible.) - -If processing a received protocol message results in an error, -the callback function may not be called. For example, the callback -function will never see messages that are considered too large to be -processed. - -Due to automatic protocol version negotiation, I is not -necessarily the protocol version used by the sender of the message: If -a TLS 1.0 ClientHello message is received by an SSL 3.0-only server, -I will be B. - -=head1 SEE ALSO - -L, L - -=head1 COPYRIGHT - -Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the OpenSSL license (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_psk_client_callback.pod b/deps/openssl/openssl/doc/ssl/SSL_CTX_set_psk_client_callback.pod deleted file mode 100644 index a4175081c5b63e..00000000000000 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_set_psk_client_callback.pod +++ /dev/null @@ -1,63 +0,0 @@ -=pod - -=head1 NAME - -SSL_CTX_set_psk_client_callback, SSL_set_psk_client_callback - set PSK client callback - -=head1 SYNOPSIS - - #include - - void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, - unsigned int (*callback)(SSL *ssl, const char *hint, - char *identity, unsigned int max_identity_len, - unsigned char *psk, unsigned int max_psk_len)); - void SSL_set_psk_client_callback(SSL *ssl, - unsigned int (*callback)(SSL *ssl, const char *hint, - char *identity, unsigned int max_identity_len, - unsigned char *psk, unsigned int max_psk_len)); - - -=head1 DESCRIPTION - -A client application must provide a callback function which is called -when the client is sending the ClientKeyExchange message to the server. - -The purpose of the callback function is to select the PSK identity and -the pre-shared key to use during the connection setup phase. - -The callback is set using functions SSL_CTX_set_psk_client_callback() -or SSL_set_psk_client_callback(). The callback function is given the -connection in parameter B, a B-terminated PSK identity hint -sent by the server in parameter B, a buffer B of -length B bytes where the resulting -B-terminated identity is to be stored, and a buffer B of -length B bytes where the resulting pre-shared key is to -be stored. - -=head1 NOTES - -Note that parameter B given to the callback may be B. - -=head1 RETURN VALUES - -Return values from the client callback are interpreted as follows: - -On success (callback found a PSK identity and a pre-shared key to use) -the length (> 0) of B in bytes is returned. - -Otherwise or on errors callback should return 0. In this case -the connection setup fails. - -=head1 COPYRIGHT - -Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the OpenSSL license (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -Copyright 2005 Nokia. - -=cut diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_use_psk_identity_hint.pod b/deps/openssl/openssl/doc/ssl/SSL_CTX_use_psk_identity_hint.pod deleted file mode 100644 index 753074a720bda9..00000000000000 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_use_psk_identity_hint.pod +++ /dev/null @@ -1,87 +0,0 @@ -=pod - -=head1 NAME - -SSL_CTX_use_psk_identity_hint, SSL_use_psk_identity_hint, -SSL_CTX_set_psk_server_callback, SSL_set_psk_server_callback - set PSK -identity hint to use - -=head1 SYNOPSIS - - #include - - int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *hint); - int SSL_use_psk_identity_hint(SSL *ssl, const char *hint); - - void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, - unsigned int (*callback)(SSL *ssl, const char *identity, - unsigned char *psk, int max_psk_len)); - void SSL_set_psk_server_callback(SSL *ssl, - unsigned int (*callback)(SSL *ssl, const char *identity, - unsigned char *psk, int max_psk_len)); - - -=head1 DESCRIPTION - -SSL_CTX_use_psk_identity_hint() sets the given B-terminated PSK -identity hint B to SSL context object -B. SSL_use_psk_identity_hint() sets the given B-terminated -PSK identity hint B to SSL connection object B. If B -is B the current hint from B or B is deleted. - -In the case where PSK identity hint is B, the server -does not send the ServerKeyExchange message to the client. - -A server application must provide a callback function which is called -when the server receives the ClientKeyExchange message from the -client. The purpose of the callback function is to validate the -received PSK identity and to fetch the pre-shared key used during the -connection setup phase. The callback is set using functions -SSL_CTX_set_psk_server_callback() or -SSL_set_psk_server_callback(). The callback function is given the -connection in parameter B, B-terminated PSK identity sent -by the client in parameter B, and a buffer B of length -B bytes where the pre-shared key is to be stored. - - -=head1 RETURN VALUES - -SSL_CTX_use_psk_identity_hint() and SSL_use_psk_identity_hint() return -1 on success, 0 otherwise. - -Return values from the server callback are interpreted as follows: - -=over 4 - -=item Z<>0 - -PSK identity was not found. An "unknown_psk_identity" alert message -will be sent and the connection setup fails. - -=item E0 - -PSK identity was found and the server callback has provided the PSK -successfully in parameter B. Return value is the length of -B in bytes. It is an error to return a value greater than -B. - -If the PSK identity was not found but the callback instructs the -protocol to continue anyway, the callback must provide some random -data to B and return the length of the random data, so the -connection will fail with decryption_error before it will be finished -completely. - -=back - -=head1 COPYRIGHT - -Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the OpenSSL license (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -Copyright 2005 Nokia. - -=cut diff --git a/deps/openssl/openssl/doc/ssl/SSL_CTX_use_serverinfo.pod b/deps/openssl/openssl/doc/ssl/SSL_CTX_use_serverinfo.pod deleted file mode 100644 index bd496ff8c5fbb2..00000000000000 --- a/deps/openssl/openssl/doc/ssl/SSL_CTX_use_serverinfo.pod +++ /dev/null @@ -1,56 +0,0 @@ -=pod - -=head1 NAME - -SSL_CTX_use_serverinfo, SSL_CTX_use_serverinfo_file - use serverinfo extension - -=head1 SYNOPSIS - - #include - - int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, - size_t serverinfo_length); - - int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); - -=head1 DESCRIPTION - -These functions load "serverinfo" TLS ServerHello Extensions into the SSL_CTX. -A "serverinfo" extension is returned in response to an empty ClientHello -Extension. - -SSL_CTX_use_serverinfo() loads one or more serverinfo extensions from -a byte array into B. The extensions must be concatenated into a -sequence of bytes. Each extension must consist of a 2-byte Extension Type, -a 2-byte length, and then length bytes of extension_data. - -SSL_CTX_use_serverinfo_file() loads one or more serverinfo extensions from -B into B. The extensions must be in PEM format. Each extension -must consist of a 2-byte Extension Type, a 2-byte length, and then length -bytes of extension_data. Each PEM extension name must begin with the phrase -"BEGIN SERVERINFO FOR ". - -If more than one certificate (RSA/DSA) is installed using -SSL_CTX_use_certificate(), the serverinfo extension will be loaded into the -last certificate installed. If e.g. the last item was a RSA certificate, the -loaded serverinfo extension data will be loaded for that certificate. To -use the serverinfo extension for multiple certificates, -SSL_CTX_use_serverinfo() needs to be called multiple times, once B -each time a certificate is loaded. - -=head1 RETURN VALUES - -On success, the functions return 1. -On failure, the functions return 0. Check out the error stack to find out -the reason. - -=head1 COPYRIGHT - -Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the OpenSSL license (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/deps/openssl/openssl/doc/ssl/SSL_SESSION_get0_cipher.pod b/deps/openssl/openssl/doc/ssl/SSL_SESSION_get0_cipher.pod deleted file mode 100644 index fdd36edc0c34c2..00000000000000 --- a/deps/openssl/openssl/doc/ssl/SSL_SESSION_get0_cipher.pod +++ /dev/null @@ -1,42 +0,0 @@ -=pod - -=head1 NAME - -SSL_SESSION_get0_cipher - retrieve the SSL cipher associated with a session - -=head1 SYNOPSIS - - #include - - const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSSION *s); - -=head1 DESCRIPTION - -SSL_SESSION_get0_cipher() retrieves the cipher that was used by the -connection when the session was created, or NULL if it cannot be determined. - -The value returned is a pointer to an object maintained within B and -should not be released. - -=head1 SEE ALSO - -L, -L, -L, -L, -L - -=head1 HISTORY - -SSL_SESSION_get0_cipher() was first added to OpenSSL 1.1.0 - -=head1 COPYRIGHT - -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the OpenSSL license (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/deps/openssl/openssl/doc/ssl/SSL_SESSION_get0_hostname.pod b/deps/openssl/openssl/doc/ssl/SSL_SESSION_get0_hostname.pod deleted file mode 100644 index 6fb12bec373b04..00000000000000 --- a/deps/openssl/openssl/doc/ssl/SSL_SESSION_get0_hostname.pod +++ /dev/null @@ -1,37 +0,0 @@ -=pod - -=head1 NAME - -SSL_SESSION_get0_hostname - retrieve the SNI hostname associated with a session - -=head1 SYNOPSIS - - #include - - const char *SSL_SESSION_get0_hostname(const SSL_SESSSION *s); - -=head1 DESCRIPTION - -SSL_SESSION_get0_hostname() retrieves the SNI value that was sent by the -client when the session was created, or NULL if no value was sent. - -The value returned is a pointer to memory maintained within B and -should not be free'd. - -=head1 SEE ALSO - -L, -L, -L, -L - -=head1 COPYRIGHT - -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the OpenSSL license (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/deps/openssl/openssl/doc/ssl/SSL_extension_supported.pod b/deps/openssl/openssl/doc/ssl/SSL_extension_supported.pod deleted file mode 100644 index 166c35a61de872..00000000000000 --- a/deps/openssl/openssl/doc/ssl/SSL_extension_supported.pod +++ /dev/null @@ -1,145 +0,0 @@ -=pod - -=head1 NAME - -SSL_extension_supported, -SSL_CTX_add_client_custom_ext, SSL_CTX_add_server_custom_ext, -custom_ext_add_cb, custom_ext_free_cb, custom_ext_parse_cb -- custom TLS extension handling - -=head1 SYNOPSIS - - #include - - int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type, - custom_ext_add_cb add_cb, - custom_ext_free_cb free_cb, void *add_arg, - custom_ext_parse_cb parse_cb, - void *parse_arg); - - int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type, - custom_ext_add_cb add_cb, - custom_ext_free_cb free_cb, void *add_arg, - custom_ext_parse_cb parse_cb, - void *parse_arg); - - int SSL_extension_supported(unsigned int ext_type); - - typedef int (*custom_ext_add_cb)(SSL *s, unsigned int ext_type, - const unsigned char **out, - size_t *outlen, int *al, - void *add_arg); - - typedef void (*custom_ext_free_cb)(SSL *s, unsigned int ext_type, - const unsigned char *out, - void *add_arg); - - typedef int (*custom_ext_parse_cb)(SSL *s, unsigned int ext_type, - const unsigned char *in, - size_t inlen, int *al, - void *parse_arg); - - -=head1 DESCRIPTION - -SSL_CTX_add_client_custom_ext() adds a custom extension for a TLS client -with extension type B and callbacks B, B and -B. - -SSL_CTX_add_server_custom_ext() adds a custom extension for a TLS server -with extension type B and callbacks B, B and -B. - -In both cases the extension type must not be handled by OpenSSL internally -or an error occurs. - -SSL_extension_supported() returns 1 if the extension B is handled -internally by OpenSSL and 0 otherwise. - -=head1 EXTENSION CALLBACKS - -The callback B is called to send custom extension data to be -included in ClientHello for TLS clients or ServerHello for servers. The -B parameter is set to the extension type which will be added and -B to the value set when the extension handler was added. - -If the application wishes to include the extension B it should -set B<*out> to the extension data, set B<*outlen> to the length of the -extension data and return 1. - -If the B does not wish to include the extension it must return 0. - -If B returns -1 a fatal handshake error occurs using the TLS -alert value specified in B<*al>. - -For clients (but not servers) if B is set to NULL a zero length -extension is added for B. - -For clients every registered B is always called to see if the -application wishes to add an extension to ClientHello. - -For servers every registered B is called once if and only if the -corresponding extension was received in ClientHello to see if the application -wishes to add the extension to ServerHello. That is, if no corresponding extension -was received in ClientHello then B will not be called. - -If an extension is added (that is B returns 1) B is called -(if it is set) with the value of B set by the add callback. It can be -used to free up any dynamic extension data set by B. Since B is -constant (to permit use of constant data in B) applications may need to -cast away const to free the data. - -The callback B receives data for TLS extensions. For TLS clients -the extension data will come from ServerHello and for TLS servers it will -come from ClientHello. - -The extension data consists of B bytes in the buffer B for the -extension B. - -If the B considers the extension data acceptable it must return -1. If it returns 0 or a negative value a fatal handshake error occurs -using the TLS alert value specified in B<*al>. - -The buffer B is a temporary internal buffer which will not be valid after -the callback returns. - -=head1 NOTES - -The B and B parameters can be set to arbitrary values -which will be passed to the corresponding callbacks. They can, for example, -be used to store the extension data received in a convenient structure or -pass the extension data to be added or freed when adding extensions. - -The B parameter corresponds to the B field of -RFC5246 et al. It is B a NID. - -If the same custom extension type is received multiple times a fatal -B alert is sent and the handshake aborts. If a custom extension -is received in ServerHello which was not sent in ClientHello a fatal -B alert is sent and the handshake is aborted. The -ServerHello B callback is only called if the corresponding extension -was received in ClientHello. This is compliant with the TLS specifications. -This behaviour ensures that each callback is called at most once and that -an application can never send unsolicited extensions. - -=head1 RETURN VALUES - -SSL_CTX_add_client_custom_ext() and SSL_CTX_add_server_custom_ext() return 1 for -success and 0 for failure. A failure can occur if an attempt is made to -add the same B more than once, if an attempt is made to use an -extension type handled internally by OpenSSL or if an internal error occurs -(for example a memory allocation failure). - -SSL_extension_supported() returns 1 if the extension B is handled -internally by OpenSSL and 0 otherwise. - -=head1 COPYRIGHT - -Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the OpenSSL license (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/deps/openssl/openssl/doc/ssl/SSL_get_client_CA_list.pod b/deps/openssl/openssl/doc/ssl/SSL_get_client_CA_list.pod deleted file mode 100644 index b6092fe32df8da..00000000000000 --- a/deps/openssl/openssl/doc/ssl/SSL_get_client_CA_list.pod +++ /dev/null @@ -1,62 +0,0 @@ -=pod - -=head1 NAME - -SSL_get_client_CA_list, SSL_CTX_get_client_CA_list - get list of client CAs - -=head1 SYNOPSIS - - #include - - STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); - STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx); - -=head1 DESCRIPTION - -SSL_CTX_get_client_CA_list() returns the list of client CAs explicitly set for -B using L. - -SSL_get_client_CA_list() returns the list of client CAs explicitly -set for B using SSL_set_client_CA_list() or B's SSL_CTX object with -L, when in -server mode. In client mode, SSL_get_client_CA_list returns the list of -client CAs sent from the server, if any. - -=head1 RETURN VALUES - -SSL_CTX_set_client_CA_list() and SSL_set_client_CA_list() do not return -diagnostic information. - -SSL_CTX_add_client_CA() and SSL_add_client_CA() have the following return -values: - -=over 4 - -=item STACK_OF(X509_NAMES) - -List of CA names explicitly set (for B or in server mode) or send -by the server (client mode). - -=item NULL - -No client CA list was explicitly set (for B or in server mode) or -the server did not send a list of CAs (client mode). - -=back - -=head1 SEE ALSO - -L, -L, -L - -=head1 COPYRIGHT - -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the OpenSSL license (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/deps/openssl/openssl/doc/ssl/SSL_get_version.pod b/deps/openssl/openssl/doc/ssl/SSL_get_version.pod deleted file mode 100644 index 507ca9f3627d4e..00000000000000 --- a/deps/openssl/openssl/doc/ssl/SSL_get_version.pod +++ /dev/null @@ -1,69 +0,0 @@ -=pod - -=head1 NAME - -SSL_get_version, SSL_is_dtls - get the protocol information of a connection - -=head1 SYNOPSIS - - #include - - const char *SSL_get_version(const SSL *ssl); - - int SSL_is_dtls(const SSL *ssl); - -=head1 DESCRIPTION - -SSL_get_version() returns the name of the protocol used for the -connection B. It should only be called after the initial handshake has been -completed. Prior to that the results returned from this function may be -unreliable. - -SSL_is_dtls() returns one if the connection is using DTLS, zero if not. - -=head1 RETURN VALUES - -SSL_get_version() returns one of the following strings: - -=over 4 - -=item SSLv3 - -The connection uses the SSLv3 protocol. - -=item TLSv1 - -The connection uses the TLSv1.0 protocol. - -=item TLSv1.1 - -The connection uses the TLSv1.1 protocol. - -=item TLSv1.2 - -The connection uses the TLSv1.2 protocol. - -=item unknown - -This indicates an unknown protocol version. - -=back - -=head1 SEE ALSO - -L - -=head1 HISTORY - -SSL_is_dtls() was added in OpenSSL 1.1.0. - -=head1 COPYRIGHT - -Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the OpenSSL license (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/deps/openssl/openssl/doc/ssl/SSL_read.pod b/deps/openssl/openssl/doc/ssl/SSL_read.pod deleted file mode 100644 index 20ccf40dfdcc62..00000000000000 --- a/deps/openssl/openssl/doc/ssl/SSL_read.pod +++ /dev/null @@ -1,121 +0,0 @@ -=pod - -=head1 NAME - -SSL_read - read bytes from a TLS/SSL connection - -=head1 SYNOPSIS - - #include - - int SSL_read(SSL *ssl, void *buf, int num); - -=head1 DESCRIPTION - -SSL_read() tries to read B bytes from the specified B into the -buffer B. - -=head1 NOTES - -If necessary, SSL_read() will negotiate a TLS/SSL session, if -not already explicitly performed by L or -L. If the -peer requests a re-negotiation, it will be performed transparently during -the SSL_read() operation. The behaviour of SSL_read() depends on the -underlying BIO. - -For the transparent negotiation to succeed, the B must have been -initialized to client or server mode. This is being done by calling -L or SSL_set_accept_state() -before the first call to an SSL_read() or L -function. - -SSL_read() works based on the SSL/TLS records. The data are received in -records (with a maximum record size of 16kB for SSLv3/TLSv1). Only when a -record has been completely received, it can be processed (decryption and -check of integrity). Therefore data that was not retrieved at the last -call of SSL_read() can still be buffered inside the SSL layer and will be -retrieved on the next call to SSL_read(). If B is higher than the -number of bytes buffered, SSL_read() will return with the bytes buffered. -If no more bytes are in the buffer, SSL_read() will trigger the processing -of the next record. Only when the record has been received and processed -completely, SSL_read() will return reporting success. At most the contents -of the record will be returned. As the size of an SSL/TLS record may exceed -the maximum packet size of the underlying transport (e.g. TCP), it may -be necessary to read several packets from the transport layer before the -record is complete and SSL_read() can succeed. - -If the underlying BIO is B, SSL_read() will only return, once the -read operation has been finished or an error occurred, except when a -renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur. -This behaviour can be controlled with the SSL_MODE_AUTO_RETRY flag of the -L call. - -If the underlying BIO is B, SSL_read() will also return -when the underlying BIO could not satisfy the needs of SSL_read() -to continue the operation. In this case a call to -L with the -return value of SSL_read() will yield B or -B. As at any time a re-negotiation is possible, a -call to SSL_read() can also cause write operations! The calling process -then must repeat the call after taking appropriate action to satisfy the -needs of SSL_read(). The action depends on the underlying BIO. When using a -non-blocking socket, nothing is to be done, but select() can be used to check -for the required condition. When using a buffering BIO, like a BIO pair, data -must be written into or retrieved out of the BIO before being able to continue. - -L can be used to find out whether there -are buffered bytes available for immediate retrieval. In this case -SSL_read() can be called without blocking or actually receiving new -data from the underlying socket. - -=head1 WARNING - -When an SSL_read() operation has to be repeated because of -B or B, it must be repeated -with the same arguments. - -=head1 RETURN VALUES - -The following return values can occur: - -=over 4 - -=item E 0 - -The read operation was successful. -The return value is the number of bytes actually read from the TLS/SSL -connection. - -=item Z<><= 0 - -The read operation was not successful, because either the connection was closed, -an error occurred or action must be taken by the calling process. -Call L with the return value B to find out the reason. - -Old documentation indicated a difference between 0 and -1, and that -1 was -retryable. -You should instead call SSL_get_error() to find out if it's retryable. - -=back - -=head1 SEE ALSO - -L, L, -L, L, -L, L -L, -L, -L, L, -L, L - -=head1 COPYRIGHT - -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the OpenSSL license (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/deps/openssl/openssl/doc/ssl/SSL_shutdown.pod b/deps/openssl/openssl/doc/ssl/SSL_shutdown.pod deleted file mode 100644 index e8ec4546a3c756..00000000000000 --- a/deps/openssl/openssl/doc/ssl/SSL_shutdown.pod +++ /dev/null @@ -1,132 +0,0 @@ -=pod - -=head1 NAME - -SSL_shutdown - shut down a TLS/SSL connection - -=head1 SYNOPSIS - - #include - - int SSL_shutdown(SSL *ssl); - -=head1 DESCRIPTION - -SSL_shutdown() shuts down an active TLS/SSL connection. It sends the -"close notify" shutdown alert to the peer. - -=head1 NOTES - -SSL_shutdown() tries to send the "close notify" shutdown alert to the peer. -Whether the operation succeeds or not, the SSL_SENT_SHUTDOWN flag is set and -a currently open session is considered closed and good and will be kept in the -session cache for further reuse. - -The shutdown procedure consists of 2 steps: the sending of the "close notify" -shutdown alert and the reception of the peer's "close notify" shutdown -alert. According to the TLS standard, it is acceptable for an application -to only send its shutdown alert and then close the underlying connection -without waiting for the peer's response (this way resources can be saved, -as the process can already terminate or serve another connection). -When the underlying connection shall be used for more communications, the -complete shutdown procedure (bidirectional "close notify" alerts) must be -performed, so that the peers stay synchronized. - -SSL_shutdown() supports both uni- and bidirectional shutdown by its 2 step -behaviour. - -=over 4 - -=item When the application is the first party to send the "close notify" -alert, SSL_shutdown() will only send the alert and then set the -SSL_SENT_SHUTDOWN flag (so that the session is considered good and will -be kept in cache). SSL_shutdown() will then return with 0. If a unidirectional -shutdown is enough (the underlying connection shall be closed anyway), this -first call to SSL_shutdown() is sufficient. In order to complete the -bidirectional shutdown handshake, SSL_shutdown() must be called again. -The second call will make SSL_shutdown() wait for the peer's "close notify" -shutdown alert. On success, the second call to SSL_shutdown() will return -with 1. - -=item If the peer already sent the "close notify" alert B it was -already processed implicitly inside another function -(L), the SSL_RECEIVED_SHUTDOWN flag is set. -SSL_shutdown() will send the "close notify" alert, set the SSL_SENT_SHUTDOWN -flag and will immediately return with 1. -Whether SSL_RECEIVED_SHUTDOWN is already set can be checked using the -SSL_get_shutdown() (see also L call. - -=back - -It is therefore recommended, to check the return value of SSL_shutdown() -and call SSL_shutdown() again, if the bidirectional shutdown is not yet -complete (return value of the first call is 0). - -The behaviour of SSL_shutdown() additionally depends on the underlying BIO. - -If the underlying BIO is B, SSL_shutdown() will only return once the -handshake step has been finished or an error occurred. - -If the underlying BIO is B, SSL_shutdown() will also return -when the underlying BIO could not satisfy the needs of SSL_shutdown() -to continue the handshake. In this case a call to SSL_get_error() with the -return value of SSL_shutdown() will yield B or -B. The calling process then must repeat the call after -taking appropriate action to satisfy the needs of SSL_shutdown(). -The action depends on the underlying BIO. When using a non-blocking socket, -nothing is to be done, but select() can be used to check for the required -condition. When using a buffering BIO, like a BIO pair, data must be written -into or retrieved out of the BIO before being able to continue. - -SSL_shutdown() can be modified to only set the connection to "shutdown" -state but not actually send the "close notify" alert messages, -see L. -When "quiet shutdown" is enabled, SSL_shutdown() will always succeed -and return 1. - -=head1 RETURN VALUES - -The following return values can occur: - -=over 4 - -=item Z<>0 - -The shutdown is not yet finished. Call SSL_shutdown() for a second time, -if a bidirectional shutdown shall be performed. -The output of L may be misleading, as an -erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred. - -=item Z<>1 - -The shutdown was successfully completed. The "close notify" alert was sent -and the peer's "close notify" alert was received. - -=item E0 - -The shutdown was not successful because a fatal error occurred either -at the protocol level or a connection failure occurred. It can also occur if -action is need to continue the operation for non-blocking BIOs. -Call L with the return value B -to find out the reason. - -=back - -=head1 SEE ALSO - -L, L, -L, L, -L, -L, L, -L, L - -=head1 COPYRIGHT - -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the OpenSSL license (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/deps/openssl/openssl/doc/ssl/SSL_write.pod b/deps/openssl/openssl/doc/ssl/SSL_write.pod deleted file mode 100644 index ef3b92ad29d24c..00000000000000 --- a/deps/openssl/openssl/doc/ssl/SSL_write.pod +++ /dev/null @@ -1,111 +0,0 @@ -=pod - -=head1 NAME - -SSL_write - write bytes to a TLS/SSL connection - -=head1 SYNOPSIS - - #include - - int SSL_write(SSL *ssl, const void *buf, int num); - -=head1 DESCRIPTION - -SSL_write() writes B bytes from the buffer B into the specified -B connection. - -=head1 NOTES - -If necessary, SSL_write() will negotiate a TLS/SSL session, if -not already explicitly performed by L or -L. If the -peer requests a re-negotiation, it will be performed transparently during -the SSL_write() operation. The behaviour of SSL_write() depends on the -underlying BIO. - -For the transparent negotiation to succeed, the B must have been -initialized to client or server mode. This is being done by calling -L or SSL_set_accept_state() -before the first call to an L or SSL_write() function. - -If the underlying BIO is B, SSL_write() will only return, once the -write operation has been finished or an error occurred, except when a -renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur. -This behaviour can be controlled with the SSL_MODE_AUTO_RETRY flag of the -L call. - -If the underlying BIO is B, SSL_write() will also return, -when the underlying BIO could not satisfy the needs of SSL_write() -to continue the operation. In this case a call to -L with the -return value of SSL_write() will yield B or -B. As at any time a re-negotiation is possible, a -call to SSL_write() can also cause read operations! The calling process -then must repeat the call after taking appropriate action to satisfy the -needs of SSL_write(). The action depends on the underlying BIO. When using a -non-blocking socket, nothing is to be done, but select() can be used to check -for the required condition. When using a buffering BIO, like a BIO pair, data -must be written into or retrieved out of the BIO before being able to continue. - -SSL_write() will only return with success, when the complete contents -of B of length B has been written. This default behaviour -can be changed with the SSL_MODE_ENABLE_PARTIAL_WRITE option of -L. When this flag is set, -SSL_write() will also return with success, when a partial write has been -successfully completed. In this case the SSL_write() operation is considered -completed. The bytes are sent and a new SSL_write() operation with a new -buffer (with the already sent bytes removed) must be started. -A partial write is performed with the size of a message block, which is -16kB for SSLv3/TLSv1. - -=head1 WARNING - -When an SSL_write() operation has to be repeated because of -B or B, it must be repeated -with the same arguments. - -When calling SSL_write() with num=0 bytes to be sent the behaviour is -undefined. - -=head1 RETURN VALUES - -The following return values can occur: - -=over 4 - -=item E 0 - -The write operation was successful, the return value is the number of -bytes actually written to the TLS/SSL connection. - -=item Z<><= 0 - -The write operation was not successful, because either the connection was -closed, an error occurred or action must be taken by the calling process. -Call SSL_get_error() with the return value B to find out the reason. - -Old documentation indicated a difference between 0 and -1, and that -1 was -retryable. -You should instead call SSL_get_error() to find out if it's retryable. - -=back - -=head1 SEE ALSO - -L, L, -L, L, -L, L -L, -L, L - -=head1 COPYRIGHT - -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the OpenSSL license (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/deps/openssl/openssl/e_os.h b/deps/openssl/openssl/e_os.h index dfa159ff9af76a..534059382b0a81 100644 --- a/deps/openssl/openssl/e_os.h +++ b/deps/openssl/openssl/e_os.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,73 +10,46 @@ #ifndef HEADER_E_OS_H # define HEADER_E_OS_H +# include # include # include +# include +# include "internal/nelem.h" + /* * contains what we can justify to make visible to the * outside; this file e_os.h is not part of the exported interface. */ -#ifdef __cplusplus -extern "C" { -#endif - -/* Used to checking reference counts, most while doing perl5 stuff :-) */ -# if defined(OPENSSL_NO_STDIO) -# if defined(REF_PRINT) -# error "REF_PRINT requires stdio" -# endif -# endif - -/* - * BIO_printf format modifier for [u]int64_t. - */ -# if defined(__LP64__) || (defined(__SIZEOF_LONG__) && __SIZEOF_LONG__==8) -# define BIO_PRI64 "l" /* 'll' does work "universally", but 'l' is - * here to shut -Wformat warnings in LP64... */ -# else -# define BIO_PRI64 "ll" -# endif - -# if !defined(NDEBUG) && !defined(OPENSSL_NO_STDIO) -# define REF_ASSERT_ISNT(test) \ - (void)((test) ? (OPENSSL_die("refcount error", __FILE__, __LINE__), 1) : 0) -# else -# define REF_ASSERT_ISNT(i) -# endif -# ifdef REF_PRINT -# define REF_PRINT_COUNT(a, b) \ - fprintf(stderr, "%p:%4d:%s\n", b, b->references, a) -# else -# define REF_PRINT_COUNT(a, b) -# endif - -# define osslargused(x) (void)x -# define OPENSSL_CONF "openssl.cnf" - # ifndef DEVRANDOM /* - * set this to a comma-separated list of 'random' device files to try out. My + * set this to a comma-separated list of 'random' device files to try out. By * default, we will try to read at least one of these files */ -# define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom" +# if defined(__s390__) +# define DEVRANDOM "/dev/prandom","/dev/urandom","/dev/hwrng","/dev/random" +# else +# define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom" +# endif # endif # if !defined(OPENSSL_NO_EGD) && !defined(DEVRANDOM_EGD) /* * set this to a comma-separated list of 'egd' sockets to try out. These * sockets will be tried in the order listed in case accessing the device - * files listed in DEVRANDOM did not return enough entropy. + * files listed in DEVRANDOM did not return enough randomness. */ # define DEVRANDOM_EGD "/var/run/egd-pool","/dev/egd-pool","/etc/egd-pool","/etc/entropy" # endif -# if defined(OPENSSL_SYS_VXWORKS) -# define NO_SYS_PARAM_H +# if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI) # define NO_CHMOD # define NO_SYSLOG # endif +# define get_last_sys_error() errno +# define clear_sys_error() errno=0 + /******************************************************************** The Microsoft section ********************************************************************/ @@ -90,56 +63,15 @@ extern "C" { # define MSDOS # endif -# if (defined(MSDOS) || defined(OPENSSL_SYS_UEFI)) && !defined(GETPID_IS_MEANINGLESS) -# define GETPID_IS_MEANINGLESS -# endif - # ifdef WIN32 -# define NO_SYS_UN_H +# undef get_last_sys_error +# undef clear_sys_error # define get_last_sys_error() GetLastError() # define clear_sys_error() SetLastError(0) # if !defined(WINNT) # define WIN_CONSOLE_BUG # endif # else -# define get_last_sys_error() errno -# define clear_sys_error() errno=0 -# endif - -# if defined(WINDOWS) -# define get_last_socket_error() WSAGetLastError() -# define clear_socket_error() WSASetLastError(0) -# define readsocket(s,b,n) recv((s),(b),(n),0) -# define writesocket(s,b,n) send((s),(b),(n),0) -# elif defined(__DJGPP__) -# define WATT32 -# define WATT32_NO_OLDIES -# define get_last_socket_error() errno -# define clear_socket_error() errno=0 -# define closesocket(s) close_s(s) -# define readsocket(s,b,n) read_s(s,b,n) -# define writesocket(s,b,n) send(s,b,n,0) -# elif defined(OPENSSL_SYS_VMS) -# define get_last_socket_error() errno -# define clear_socket_error() errno=0 -# define ioctlsocket(a,b,c) ioctl(a,b,c) -# define closesocket(s) close(s) -# define readsocket(s,b,n) recv((s),(b),(n),0) -# define writesocket(s,b,n) send((s),(b),(n),0) -# elif defined(OPENSSL_SYS_VXWORKS) -# define get_last_socket_error() errno -# define clear_socket_error() errno=0 -# define ioctlsocket(a,b,c) ioctl((a),(b),(int)(c)) -# define closesocket(s) close(s) -# define readsocket(s,b,n) read((s),(b),(n)) -# define writesocket(s,b,n) write((s),(char *)(b),(n)) -# else -# define get_last_socket_error() errno -# define clear_socket_error() errno=0 -# define ioctlsocket(a,b,c) ioctl(a,b,c) -# define closesocket(s) close(s) -# define readsocket(s,b,n) read((s),(b),(n)) -# define writesocket(s,b,n) write((s),(b),(n)) # endif # if (defined(WINDOWS) || defined(MSDOS)) @@ -147,10 +79,6 @@ extern "C" { # ifdef __DJGPP__ # include # include -# include -# include -# include -# include # define _setmode setmode # define _O_TEXT O_TEXT # define _O_BINARY O_BINARY @@ -220,14 +148,6 @@ static __inline unsigned int _strlen31(const char *str) } # endif # include -# if defined(_MSC_VER) && _MSC_VER<=1200 && defined(_MT) && defined(isspace) - /* compensate for bug in VC6 ctype.h */ -# undef isspace -# undef isdigit -# undef isalnum -# undef isupper -# undef isxdigit -# endif # if defined(_MSC_VER) && !defined(_WIN32_WCE) && !defined(_DLL) && defined(stdin) # if _MSC_VER>=1300 && _MSC_VER<1600 # undef stdin @@ -264,9 +184,6 @@ extern FILE *_imp___iob; # define EXIT(n) exit(n) # define LIST_SEPARATOR_CHAR ';' -# ifndef X_OK -# define X_OK 0 -# endif # ifndef W_OK # define W_OK 2 # endif @@ -290,6 +207,12 @@ extern FILE *_imp___iob; # else /* The non-microsoft world */ +# if defined(OPENSSL_SYS_VXWORKS) +# include +# else +# include +# endif + # ifdef OPENSSL_SYS_VMS # define VMS 1 /* @@ -322,7 +245,7 @@ extern FILE *_imp___iob; Finally, we add the VMS C facility code 0x35a000, because there are some programs, such as Perl, that will reinterpret the code back to something - POSIXly. 'man perlvms' explains it further. + POSIX. 'man perlvms' explains it further. NOTE: the perlvms manual wants to turn all codes 2 to 255 into success codes (status type = 1). I couldn't disagree more. Fortunately, the @@ -331,9 +254,6 @@ extern FILE *_imp___iob; */ # define EXIT(n) exit((n) ? (((n) << 3) | 2 | 0x10000000 | 0x35a000) : 1) -# define NO_SYS_PARAM_H -# define NO_SYS_UN_H - # define DEFAULT_HOME "SYS$LOGIN:" # else @@ -355,124 +275,6 @@ extern FILE *_imp___iob; # endif -/*************/ - -# ifdef USE_SOCKETS -# ifdef OPENSSL_NO_SOCK -# elif defined(WINDOWS) || defined(MSDOS) - /* windows world */ -# if !defined(__DJGPP__) -# if defined(_WIN32_WCE) && _WIN32_WCE<410 -# define getservbyname _masked_declaration_getservbyname -# endif -# if !defined(IPPROTO_IP) - /* winsock[2].h was included already? */ -# include -# endif -# ifdef getservbyname -# undef getservbyname - /* this is used to be wcecompat/include/winsock_extras.h */ -struct servent *PASCAL getservbyname(const char *, const char *); -# endif - -# ifdef _WIN64 -/* - * Even though sizeof(SOCKET) is 8, it's safe to cast it to int, because - * the value constitutes an index in per-process table of limited size - * and not a real pointer. And we also depend on fact that all processors - * Windows run on happen to be two's-complement, which allows to - * interchange INVALID_SOCKET and -1. - */ -# define socket(d,t,p) ((int)socket(d,t,p)) -# define accept(s,f,l) ((int)accept(s,f,l)) -# endif -# else -# endif - -# else - -# ifndef NO_SYS_PARAM_H -# include -# endif -# ifdef OPENSSL_SYS_VXWORKS -# include -# endif - -# include -# if defined(OPENSSL_SYS_VMS_NODECC) -# include -# include -# include -# else -# include -# ifndef NO_SYS_UN_H -# ifdef OPENSSL_SYS_VXWORKS -# include -# else -# include -# endif -# ifndef UNIX_PATH_MAX -# define UNIX_PATH_MAX sizeof(((struct sockaddr_un *)NULL)->sun_path) -# endif -# endif -# ifdef FILIO_H -# include /* FIONBIO in some SVR4, e.g. unixware, solaris */ -# endif -# include -# include -# include -# endif - -# ifdef OPENSSL_SYS_AIX -# include -# endif - -# ifdef __QNX__ -# include -# endif - -# ifndef VMS -# include -# else - /* ioctl is only in VMS > 7.0 and when socketshr is not used */ -# if !defined(TCPIP_TYPE_SOCKETSHR) && defined(__VMS_VER) && (__VMS_VER > 70000000) -# include -# endif -# endif - -# ifdef VMS -# include -# if defined(TCPIP_TYPE_SOCKETSHR) -# include -# endif -# endif - -# ifndef INVALID_SOCKET -# define INVALID_SOCKET (-1) -# endif /* INVALID_SOCKET */ -# endif - -/* - * Some IPv6 implementations are broken, disable them in known bad versions. - */ -# if !defined(OPENSSL_USE_IPV6) -# if defined(AF_INET6) && !defined(NETWARE_CLIB) -# define OPENSSL_USE_IPV6 1 -# else -# define OPENSSL_USE_IPV6 0 -# endif -# endif - -# endif - -# ifndef OPENSSL_EXIT -# if defined(MONOLITH) && !defined(OPENSSL_C) -# define OPENSSL_EXIT(n) return(n) -# else -# define OPENSSL_EXIT(n) do { EXIT(n); return(n); } while(0) -# endif -# endif - /***********************************************/ # if defined(OPENSSL_SYS_WINDOWS) @@ -486,6 +288,7 @@ struct servent *PASCAL getservbyname(const char *, const char *); # define strdup _strdup # endif # define unlink _unlink +# define fileno _fileno # endif # else # include @@ -496,20 +299,16 @@ struct servent *PASCAL getservbyname(const char *, const char *); # include # include # include - -# define TTY_STRUCT int - -# define sleep(a) taskDelay((a) * sysClkRateGet()) - # include # include # include -# define getpid taskIdSelf +# define TTY_STRUCT int +# define sleep(a) taskDelay((a) * sysClkRateGet()) /* * NOTE: these are implemented by helpers in database app! if the database is - * not linked, we need to implement them elswhere + * not linked, we need to implement them elsewhere */ struct hostent *gethostbyname(const char *name); struct hostent *gethostbyaddr(const char *addr, int length, int type); @@ -518,10 +317,15 @@ struct servent *getservbyname(const char *name, const char *proto); # endif /* end vxworks */ -#define OSSL_NELEM(x) (sizeof(x)/sizeof((x)[0])) - -#ifdef __cplusplus -} -#endif +# ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION +# define CRYPTO_memcmp memcmp +# endif +/* unistd.h defines _POSIX_VERSION */ +# if !defined(OPENSSL_NO_SECURE_MEMORY) && defined(OPENSSL_SYS_UNIX) \ + && ( (defined(_POSIX_VERSION) && _POSIX_VERSION >= 200112L) \ + || defined(__sun) || defined(__hpux) || defined(__sgi) \ + || defined(__osf__) ) +# define OPENSSL_SECURE_MEMORY /* secure memory is implemented */ +# endif #endif diff --git a/deps/openssl/openssl/engines/afalg/build.info b/deps/openssl/openssl/engines/afalg/build.info deleted file mode 100644 index 8601b1afca32fc..00000000000000 --- a/deps/openssl/openssl/engines/afalg/build.info +++ /dev/null @@ -1,13 +0,0 @@ -IF[{- !$disabled{"engine"} -}] - IF[{- !$disabled{afalg} -}] - IF[{- $disabled{"dynamic-engine"} -}] - LIBS=../../libcrypto - SOURCE[../../libcrypto]=e_afalg.c e_afalg_err.c - ELSE - ENGINES=afalg - SOURCE[afalg]=e_afalg.c e_afalg_err.c - DEPEND[afalg]=../../libcrypto - INCLUDE[afalg]= ../../include - ENDIF - ENDIF -ENDIF diff --git a/deps/openssl/openssl/engines/afalg/e_afalg.ec b/deps/openssl/openssl/engines/afalg/e_afalg.ec deleted file mode 100644 index 2d14d6597d8fc9..00000000000000 --- a/deps/openssl/openssl/engines/afalg/e_afalg.ec +++ /dev/null @@ -1 +0,0 @@ -L AFALG e_afalg_err.h e_afalg_err.c diff --git a/deps/openssl/openssl/engines/afalg/e_afalg_err.c b/deps/openssl/openssl/engines/afalg/e_afalg_err.c deleted file mode 100644 index ca394edb7b8d10..00000000000000 --- a/deps/openssl/openssl/engines/afalg/e_afalg_err.c +++ /dev/null @@ -1,111 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#include -#include -#include "e_afalg_err.h" - -/* BEGIN ERROR CODES */ -#ifndef OPENSSL_NO_ERR - -# define ERR_FUNC(func) ERR_PACK(0,func,0) -# define ERR_REASON(reason) ERR_PACK(0,0,reason) - -static ERR_STRING_DATA AFALG_str_functs[] = { - {ERR_FUNC(AFALG_F_AFALG_CHK_PLATFORM), "afalg_chk_platform"}, - {ERR_FUNC(AFALG_F_AFALG_CREATE_BIND_SK), "afalg_create_bind_sk"}, - {ERR_FUNC(AFALG_F_AFALG_CREATE_BIND_SOCKET), "afalg_create_bind_sk"}, - {ERR_FUNC(AFALG_F_AFALG_CREATE_SK), "afalg_create_sk"}, - {ERR_FUNC(AFALG_F_AFALG_INIT_AIO), "afalg_init_aio"}, - {ERR_FUNC(AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION), - "afalg_setup_async_event_notification"}, - {ERR_FUNC(AFALG_F_AFALG_SET_KEY), "afalg_set_key"}, - {ERR_FUNC(AFALG_F_AFALG_SOCKET), "afalg_socket"}, - {ERR_FUNC(AFALG_F_AFALG_START_CIPHER_SK), "afalg_start_cipher_sk"}, - {ERR_FUNC(AFALG_F_BIND_AFALG), "bind_afalg"}, - {0, NULL} -}; - -static ERR_STRING_DATA AFALG_str_reasons[] = { - {ERR_REASON(AFALG_R_EVENTFD_FAILED), "eventfd failed"}, - {ERR_REASON(AFALG_R_FAILED_TO_GET_PLATFORM_INFO), - "failed to get platform info"}, - {ERR_REASON(AFALG_R_INIT_FAILED), "init failed"}, - {ERR_REASON(AFALG_R_IO_SETUP_FAILED), "io setup failed"}, - {ERR_REASON(AFALG_R_KERNEL_DOES_NOT_SUPPORT_AFALG), - "kernel does not support afalg"}, - {ERR_REASON(AFALG_R_KERNEL_DOES_NOT_SUPPORT_ASYNC_AFALG), - "kernel does not support async afalg"}, - {ERR_REASON(AFALG_R_MEM_ALLOC_FAILED), "mem alloc failed"}, - {ERR_REASON(AFALG_R_SOCKET_ACCEPT_FAILED), "socket accept failed"}, - {ERR_REASON(AFALG_R_SOCKET_BIND_FAILED), "socket bind failed"}, - {ERR_REASON(AFALG_R_SOCKET_CREATE_FAILED), "socket create failed"}, - {ERR_REASON(AFALG_R_SOCKET_OPERATION_FAILED), "socket operation failed"}, - {ERR_REASON(AFALG_R_SOCKET_SET_KEY_FAILED), "socket set key failed"}, - {0, NULL} -}; - -#endif - -#ifdef AFALG_LIB_NAME -static ERR_STRING_DATA AFALG_lib_name[] = { - {0, AFALG_LIB_NAME}, - {0, NULL} -}; -#endif - -static int AFALG_lib_error_code = 0; -static int AFALG_error_init = 1; - -void ERR_load_AFALG_strings(void) -{ - if (AFALG_lib_error_code == 0) - AFALG_lib_error_code = ERR_get_next_error_library(); - - if (AFALG_error_init) { - AFALG_error_init = 0; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(AFALG_lib_error_code, AFALG_str_functs); - ERR_load_strings(AFALG_lib_error_code, AFALG_str_reasons); -#endif - -#ifdef AFALG_LIB_NAME - AFALG_lib_name->error = ERR_PACK(AFALG_lib_error_code, 0, 0); - ERR_load_strings(0, AFALG_lib_name); -#endif - } -} - -void ERR_unload_AFALG_strings(void) -{ - if (AFALG_error_init == 0) { -#ifndef OPENSSL_NO_ERR - ERR_unload_strings(AFALG_lib_error_code, AFALG_str_functs); - ERR_unload_strings(AFALG_lib_error_code, AFALG_str_reasons); -#endif - -#ifdef AFALG_LIB_NAME - ERR_unload_strings(0, AFALG_lib_name); -#endif - AFALG_error_init = 1; - } -} - -void ERR_AFALG_error(int function, int reason, char *file, int line) -{ - if (AFALG_lib_error_code == 0) - AFALG_lib_error_code = ERR_get_next_error_library(); - ERR_PUT_error(AFALG_lib_error_code, function, reason, file, line); -} diff --git a/deps/openssl/openssl/engines/afalg/e_afalg_err.h b/deps/openssl/openssl/engines/afalg/e_afalg_err.h deleted file mode 100644 index 21abc979c6a50f..00000000000000 --- a/deps/openssl/openssl/engines/afalg/e_afalg_err.h +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#ifndef HEADER_AFALG_ERR_H -# define HEADER_AFALG_ERR_H - -# ifdef __cplusplus -extern "C" { -# endif - -/* BEGIN ERROR CODES */ -void ERR_load_AFALG_strings(void); -void ERR_unload_AFALG_strings(void); -void ERR_AFALG_error(int function, int reason, char *file, int line); -# define AFALGerr(f,r) ERR_AFALG_error((f),(r),__FILE__,__LINE__) - -/* Error codes for the AFALG functions. */ - -/* Function codes. */ -# define AFALG_F_AFALG_CHK_PLATFORM 100 -# define AFALG_F_AFALG_CREATE_BIND_SK 106 -# define AFALG_F_AFALG_CREATE_BIND_SOCKET 105 -# define AFALG_F_AFALG_CREATE_SK 108 -# define AFALG_F_AFALG_INIT_AIO 101 -# define AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION 107 -# define AFALG_F_AFALG_SET_KEY 109 -# define AFALG_F_AFALG_SOCKET 102 -# define AFALG_F_AFALG_START_CIPHER_SK 103 -# define AFALG_F_BIND_AFALG 104 - -/* Reason codes. */ -# define AFALG_R_EVENTFD_FAILED 108 -# define AFALG_R_FAILED_TO_GET_PLATFORM_INFO 111 -# define AFALG_R_INIT_FAILED 100 -# define AFALG_R_IO_SETUP_FAILED 105 -# define AFALG_R_KERNEL_DOES_NOT_SUPPORT_AFALG 101 -# define AFALG_R_KERNEL_DOES_NOT_SUPPORT_ASYNC_AFALG 107 -# define AFALG_R_MEM_ALLOC_FAILED 102 -# define AFALG_R_SOCKET_ACCEPT_FAILED 110 -# define AFALG_R_SOCKET_BIND_FAILED 103 -# define AFALG_R_SOCKET_CREATE_FAILED 109 -# define AFALG_R_SOCKET_OPERATION_FAILED 104 -# define AFALG_R_SOCKET_SET_KEY_FAILED 106 - -#ifdef __cplusplus -} -#endif -#endif diff --git a/deps/openssl/openssl/engines/asm/e_padlock-x86.pl b/deps/openssl/openssl/engines/asm/e_padlock-x86.pl index bf6b312cd1b824..5b097ce3ef9b10 100644 --- a/deps/openssl/openssl/engines/asm/e_padlock-x86.pl +++ b/deps/openssl/openssl/engines/asm/e_padlock-x86.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -45,7 +45,7 @@ $output=pop; open STDOUT,">$output"; -&asm_init($ARGV[0],$0); +&asm_init($ARGV[0]); %PADLOCK_PREFETCH=(ecb=>128, cbc=>64); # prefetch errata $PADLOCK_CHUNK=512; # Must be a power of 2 larger than 16 @@ -73,11 +73,20 @@ &cpuid (); &xor ("eax","eax"); &cmp ("ebx","0x".unpack("H*",'tneC')); - &jne (&label("noluck")); + &jne (&label("zhaoxin")); &cmp ("edx","0x".unpack("H*",'Hrua')); &jne (&label("noluck")); &cmp ("ecx","0x".unpack("H*",'slua')); &jne (&label("noluck")); + &jmp (&label("zhaoxinEnd")); +&set_label("zhaoxin"); + &cmp ("ebx","0x".unpack("H*",'hS ')); + &jne (&label("noluck")); + &cmp ("edx","0x".unpack("H*",'hgna')); + &jne (&label("noluck")); + &cmp ("ecx","0x".unpack("H*",' ia')); + &jne (&label("noluck")); +&set_label("zhaoxinEnd"); &mov ("eax",0xC0000000); &cpuid (); &mov ("edx","eax"); diff --git a/deps/openssl/openssl/engines/asm/e_padlock-x86_64.pl b/deps/openssl/openssl/engines/asm/e_padlock-x86_64.pl index da285abc61dd69..09b0aaa48dfed2 100644 --- a/deps/openssl/openssl/engines/asm/e_padlock-x86_64.pl +++ b/deps/openssl/openssl/engines/asm/e_padlock-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -57,11 +57,20 @@ cpuid xor %eax,%eax cmp \$`"0x".unpack("H*",'tneC')`,%ebx - jne .Lnoluck + jne .Lzhaoxin cmp \$`"0x".unpack("H*",'Hrua')`,%edx jne .Lnoluck cmp \$`"0x".unpack("H*",'slua')`,%ecx jne .Lnoluck + jmp .LzhaoxinEnd +.Lzhaoxin: + cmp \$`"0x".unpack("H*",'hS ')`,%ebx + jne .Lnoluck + cmp \$`"0x".unpack("H*",'hgna')`,%edx + jne .Lnoluck + cmp \$`"0x".unpack("H*",' ia')`,%ecx + jne .Lnoluck +.LzhaoxinEnd: mov \$0xC0000000,%eax cpuid mov %eax,%edx @@ -535,7 +544,7 @@ sub generate_mode { sub $len,%rsp shr \$3,$len lea (%rsp),$out - .byte 0xf3,0x48,0xa5 # rep movsq + .byte 0xf3,0x48,0xa5 # rep movsq lea (%r8),$out lea (%rsp),$inp mov $chunk,$len diff --git a/deps/openssl/openssl/engines/build.info b/deps/openssl/openssl/engines/build.info index 1c47e770993a14..df173ea69d9131 100644 --- a/deps/openssl/openssl/engines/build.info +++ b/deps/openssl/openssl/engines/build.info @@ -1,4 +1,5 @@ IF[{- !$disabled{"engine"} -}] + IF[{- $disabled{"dynamic-engine"} -}] LIBS=../libcrypto SOURCE[../libcrypto]=\ @@ -6,6 +7,9 @@ IF[{- !$disabled{"engine"} -}] IF[{- !$disabled{capieng} -}] SOURCE[../libcrypto]=e_capi.c ENDIF + IF[{- !$disabled{afalgeng} -}] + SOURCE[../libcrypto]=e_afalg.c + ENDIF ELSE ENGINES=padlock SOURCE[padlock]=e_padlock.c {- $target{padlock_asm_src} -} @@ -17,6 +21,12 @@ IF[{- !$disabled{"engine"} -}] DEPEND[capi]=../libcrypto INCLUDE[capi]=../include ENDIF + IF[{- !$disabled{afalgeng} -}] + ENGINES=afalg + SOURCE[afalg]=e_afalg.c + DEPEND[afalg]=../libcrypto + INCLUDE[afalg]= ../include + ENDIF ENGINES_NO_INST=ossltest dasync SOURCE[dasync]=e_dasync.c @@ -27,6 +37,7 @@ IF[{- !$disabled{"engine"} -}] INCLUDE[ossltest]=../include ENDIF - GENERATE[e_padlock-x86.s]=asm/e_padlock-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR) + GENERATE[e_padlock-x86.s]=asm/e_padlock-x86.pl \ + $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR) GENERATE[e_padlock-x86_64.s]=asm/e_padlock-x86_64.pl $(PERLASM_SCHEME) ENDIF diff --git a/deps/openssl/openssl/engines/afalg/e_afalg.c b/deps/openssl/openssl/engines/e_afalg.c similarity index 79% rename from deps/openssl/openssl/engines/afalg/e_afalg.c rename to deps/openssl/openssl/engines/e_afalg.c index 6d6e87785705c9..f09c396ed92386 100644 --- a/deps/openssl/openssl/engines/afalg/e_afalg.c +++ b/deps/openssl/openssl/engines/e_afalg.c @@ -18,6 +18,7 @@ #include #include #include +#include "internal/nelem.h" #include #include @@ -45,9 +46,7 @@ void engine_load_afalg_int(void) # include # include "e_afalg.h" - -# define AFALG_LIB_NAME "AFALG" -# include "e_afalg_err.h" +# include "e_afalg_err.c" # ifndef SOL_ALG # define SOL_ALG 279 @@ -80,7 +79,8 @@ static int afalg_create_sk(afalg_ctx *actx, const char *ciphertype, static int afalg_destroy(ENGINE *e); static int afalg_init(ENGINE *e); static int afalg_finish(ENGINE *e); -static const EVP_CIPHER *afalg_aes_128_cbc(void); +static const EVP_CIPHER *afalg_aes_cbc(int nid); +static cbc_handles *get_cipher_handle(int nid); static int afalg_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); static int afalg_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, @@ -95,10 +95,14 @@ static const char *engine_afalg_id = "afalg"; static const char *engine_afalg_name = "AFALG engine support"; static int afalg_cipher_nids[] = { - NID_aes_128_cbc + NID_aes_128_cbc, + NID_aes_192_cbc, + NID_aes_256_cbc, }; -static EVP_CIPHER *_hidden_aes_128_cbc = NULL; +static cbc_handles cbc_handle[] = {{AES_KEY_SIZE_128, NULL}, + {AES_KEY_SIZE_192, NULL}, + {AES_KEY_SIZE_256, NULL}}; static ossl_inline int io_setup(unsigned n, aio_context_t *ctx) { @@ -144,10 +148,10 @@ static int afalg_setup_async_event_notification(afalg_aio *aio) /* Async mode */ waitctx = ASYNC_get_wait_ctx(job); if (waitctx == NULL) { - ALG_WARN("%s: ASYNC_get_wait_ctx error", __func__); + ALG_WARN("%s(%d): ASYNC_get_wait_ctx error", __FILE__, __LINE__); return 0; } - /* Get waitfd from ASYNC_WAIT_CTX if it is alreday set */ + /* Get waitfd from ASYNC_WAIT_CTX if it is already set */ ret = ASYNC_WAIT_CTX_get_fd(waitctx, engine_afalg_id, &aio->efd, &custom); if (ret == 0) { @@ -157,7 +161,8 @@ static int afalg_setup_async_event_notification(afalg_aio *aio) */ aio->efd = eventfd(0); if (aio->efd == -1) { - ALG_PERR("%s: Failed to get eventfd : ", __func__); + ALG_PERR("%s(%d): Failed to get eventfd : ", __FILE__, + __LINE__); AFALGerr(AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION, AFALG_R_EVENTFD_FAILED); return 0; @@ -166,14 +171,14 @@ static int afalg_setup_async_event_notification(afalg_aio *aio) aio->efd, custom, afalg_waitfd_cleanup); if (ret == 0) { - ALG_WARN("%s: Failed to set wait fd", __func__); + ALG_WARN("%s(%d): Failed to set wait fd", __FILE__, __LINE__); close(aio->efd); return 0; } /* make fd non-blocking in async mode */ if (fcntl(aio->efd, F_SETFL, O_NONBLOCK) != 0) { - ALG_WARN("%s: Failed to set event fd as NONBLOCKING", - __func__); + ALG_WARN("%s(%d): Failed to set event fd as NONBLOCKING", + __FILE__, __LINE__); } } aio->mode = MODE_ASYNC; @@ -181,7 +186,7 @@ static int afalg_setup_async_event_notification(afalg_aio *aio) /* Sync mode */ aio->efd = eventfd(0); if (aio->efd == -1) { - ALG_PERR("%s: Failed to get eventfd : ", __func__); + ALG_PERR("%s(%d): Failed to get eventfd : ", __FILE__, __LINE__); AFALGerr(AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION, AFALG_R_EVENTFD_FAILED); return 0; @@ -199,7 +204,7 @@ static int afalg_init_aio(afalg_aio *aio) aio->aio_ctx = 0; r = io_setup(MAX_INFLIGHTS, &aio->aio_ctx); if (r < 0) { - ALG_PERR("%s: io_setup error : ", __func__); + ALG_PERR("%s(%d): io_setup error : ", __FILE__, __LINE__); AFALGerr(AFALG_F_AFALG_INIT_AIO, AFALG_R_IO_SETUP_FAILED); return 0; } @@ -253,7 +258,7 @@ static int afalg_fin_cipher_aio(afalg_aio *aio, int sfd, unsigned char *buf, */ r = io_read(aio->aio_ctx, 1, &cb); if (r < 0) { - ALG_PWARN("%s: io_read failed : ", __func__); + ALG_PWARN("%s(%d): io_read failed : ", __FILE__, __LINE__); return 0; } @@ -266,11 +271,11 @@ static int afalg_fin_cipher_aio(afalg_aio *aio, int sfd, unsigned char *buf, if (r < 0) { if (errno == EAGAIN || errno == EWOULDBLOCK) continue; - ALG_PERR("%s: read failed for event fd : ", __func__); + ALG_PERR("%s(%d): read failed for event fd : ", __FILE__, __LINE__); return 0; } else if (r == 0 || eval <= 0) { - ALG_WARN("%s: eventfd read %d bytes, eval = %lu\n", __func__, r, - eval); + ALG_WARN("%s(%d): eventfd read %d bytes, eval = %lu\n", __FILE__, + __LINE__, r, eval); } if (eval > 0) { @@ -290,8 +295,8 @@ static int afalg_fin_cipher_aio(afalg_aio *aio, int sfd, unsigned char *buf, if (events[0].res == -EBUSY && retry++ < 3) { r = io_read(aio->aio_ctx, 1, &cb); if (r < 0) { - ALG_PERR("%s: retry %d for io_read failed : ", - __func__, retry); + ALG_PERR("%s(%d): retry %d for io_read failed : ", + __FILE__, __LINE__, retry); return 0; } continue; @@ -301,18 +306,19 @@ static int afalg_fin_cipher_aio(afalg_aio *aio, int sfd, unsigned char *buf, * condition for this instance of operation. */ ALG_WARN - ("%s: Crypto Operation failed with code %lld\n", - __func__, events[0].res); + ("%s(%d): Crypto Operation failed with code %lld\n", + __FILE__, __LINE__, events[0].res); return 0; } } /* Operation successful. */ done = 1; } else if (r < 0) { - ALG_PERR("%s: io_getevents failed : ", __func__); + ALG_PERR("%s(%d): io_getevents failed : ", __FILE__, __LINE__); return 0; } else { - ALG_WARN("%s: io_geteventd read 0 bytes\n", __func__); + ALG_WARN("%s(%d): io_geteventd read 0 bytes\n", __FILE__, + __LINE__); } } } while (!done); @@ -348,11 +354,10 @@ static ossl_inline int afalg_set_key(afalg_ctx *actx, const unsigned char *key, int ret; ret = setsockopt(actx->bfd, SOL_ALG, ALG_SET_KEY, key, klen); if (ret < 0) { - ALG_PERR("%s: Failed to set socket option : ", __func__); + ALG_PERR("%s(%d): Failed to set socket option : ", __FILE__, __LINE__); AFALGerr(AFALG_F_AFALG_SET_KEY, AFALG_R_SOCKET_SET_KEY_FAILED); return 0; } - return 1; } @@ -373,21 +378,21 @@ static int afalg_create_sk(afalg_ctx *actx, const char *ciphertype, actx->bfd = socket(AF_ALG, SOCK_SEQPACKET, 0); if (actx->bfd == -1) { - ALG_PERR("%s: Failed to open socket : ", __func__); + ALG_PERR("%s(%d): Failed to open socket : ", __FILE__, __LINE__); AFALGerr(AFALG_F_AFALG_CREATE_SK, AFALG_R_SOCKET_CREATE_FAILED); goto err; } r = bind(actx->bfd, (struct sockaddr *)&sa, sizeof(sa)); if (r < 0) { - ALG_PERR("%s: Failed to bind socket : ", __func__); + ALG_PERR("%s(%d): Failed to bind socket : ", __FILE__, __LINE__); AFALGerr(AFALG_F_AFALG_CREATE_SK, AFALG_R_SOCKET_BIND_FAILED); goto err; } actx->sfd = accept(actx->bfd, NULL, 0); if (actx->sfd < 0) { - ALG_PERR("%s: Socket Accept Failed : ", __func__); + ALG_PERR("%s(%d): Socket Accept Failed : ", __FILE__, __LINE__); AFALGerr(AFALG_F_AFALG_CREATE_SK, AFALG_R_SOCKET_ACCEPT_FAILED); goto err; } @@ -449,8 +454,8 @@ static int afalg_start_cipher_sk(afalg_ctx *actx, const unsigned char *in, /* Sendmsg() sends iv and cipher direction to the kernel */ sbytes = sendmsg(actx->sfd, &msg, 0); if (sbytes < 0) { - ALG_PERR("%s: sendmsg failed for zero copy cipher operation : ", - __func__); + ALG_PERR("%s(%d): sendmsg failed for zero copy cipher operation : ", + __FILE__, __LINE__); return 0; } @@ -460,13 +465,13 @@ static int afalg_start_cipher_sk(afalg_ctx *actx, const unsigned char *in, */ ret = vmsplice(actx->zc_pipe[1], &iov, 1, SPLICE_F_GIFT); if (ret < 0) { - ALG_PERR("%s: vmsplice failed : ", __func__); + ALG_PERR("%s(%d): vmsplice failed : ", __FILE__, __LINE__); return 0; } ret = splice(actx->zc_pipe[0], NULL, actx->sfd, NULL, inl, 0); if (ret < 0) { - ALG_PERR("%s: splice failed : ", __func__); + ALG_PERR("%s(%d): splice failed : ", __FILE__, __LINE__); return 0; } # else @@ -476,7 +481,8 @@ static int afalg_start_cipher_sk(afalg_ctx *actx, const unsigned char *in, /* Sendmsg() sends iv, cipher direction and input data to the kernel */ sbytes = sendmsg(actx->sfd, &msg, 0); if (sbytes < 0) { - ALG_PERR("%s: sendmsg failed for cipher operation : ", __func__); + ALG_PERR("%s(%d): sendmsg failed for cipher operation : ", __FILE__, + __LINE__); return 0; } @@ -499,35 +505,38 @@ static int afalg_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, char ciphername[ALG_MAX_SALG_NAME]; if (ctx == NULL || key == NULL) { - ALG_WARN("%s: Null Parameter\n", __func__); + ALG_WARN("%s(%d): Null Parameter\n", __FILE__, __LINE__); return 0; } if (EVP_CIPHER_CTX_cipher(ctx) == NULL) { - ALG_WARN("%s: Cipher object NULL\n", __func__); + ALG_WARN("%s(%d): Cipher object NULL\n", __FILE__, __LINE__); return 0; } actx = EVP_CIPHER_CTX_get_cipher_data(ctx); if (actx == NULL) { - ALG_WARN("%s: Cipher data NULL\n", __func__); + ALG_WARN("%s(%d): Cipher data NULL\n", __FILE__, __LINE__); return 0; } ciphertype = EVP_CIPHER_CTX_nid(ctx); switch (ciphertype) { case NID_aes_128_cbc: + case NID_aes_192_cbc: + case NID_aes_256_cbc: strncpy(ciphername, "cbc(aes)", ALG_MAX_SALG_NAME); break; default: - ALG_WARN("%s: Unsupported Cipher type %d\n", __func__, ciphertype); + ALG_WARN("%s(%d): Unsupported Cipher type %d\n", __FILE__, __LINE__, + ciphertype); return 0; } ciphername[ALG_MAX_SALG_NAME-1]='\0'; if (ALG_AES_IV_LEN != EVP_CIPHER_CTX_iv_length(ctx)) { - ALG_WARN("%s: Unsupported IV length :%d\n", __func__, - EVP_CIPHER_CTX_iv_length(ctx)); + ALG_WARN("%s(%d): Unsupported IV length :%d\n", __FILE__, __LINE__, + EVP_CIPHER_CTX_iv_length(ctx)); return 0; } @@ -567,7 +576,8 @@ static int afalg_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, char nxtiv[ALG_AES_IV_LEN] = { 0 }; if (ctx == NULL || out == NULL || in == NULL) { - ALG_WARN("NULL parameter passed to function %s\n", __func__); + ALG_WARN("NULL parameter passed to function %s(%d)\n", __FILE__, + __LINE__); return 0; } @@ -614,7 +624,8 @@ static int afalg_cipher_cleanup(EVP_CIPHER_CTX *ctx) afalg_ctx *actx; if (ctx == NULL) { - ALG_WARN("NULL parameter passed to function %s\n", __func__); + ALG_WARN("NULL parameter passed to function %s(%d)\n", __FILE__, + __LINE__); return 0; } @@ -639,29 +650,45 @@ static int afalg_cipher_cleanup(EVP_CIPHER_CTX *ctx) return 1; } -static const EVP_CIPHER *afalg_aes_128_cbc(void) +static cbc_handles *get_cipher_handle(int nid) +{ + switch (nid) { + case NID_aes_128_cbc: + return &cbc_handle[AES_CBC_128]; + case NID_aes_192_cbc: + return &cbc_handle[AES_CBC_192]; + case NID_aes_256_cbc: + return &cbc_handle[AES_CBC_256]; + default: + return NULL; + } +} + +static const EVP_CIPHER *afalg_aes_cbc(int nid) { - if (_hidden_aes_128_cbc == NULL - && ((_hidden_aes_128_cbc = - EVP_CIPHER_meth_new(NID_aes_128_cbc, - AES_BLOCK_SIZE, - AES_KEY_SIZE_128)) == NULL - || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc, AES_IV_LEN) - || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc, - EVP_CIPH_CBC_MODE | - EVP_CIPH_FLAG_DEFAULT_ASN1) - || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc, - afalg_cipher_init) - || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc, - afalg_do_cipher) - || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc, - afalg_cipher_cleanup) - || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc, - sizeof(afalg_ctx)))) { - EVP_CIPHER_meth_free(_hidden_aes_128_cbc); - _hidden_aes_128_cbc = NULL; - } - return _hidden_aes_128_cbc; + cbc_handles *cipher_handle = get_cipher_handle(nid); + if (cipher_handle->_hidden == NULL + && ((cipher_handle->_hidden = + EVP_CIPHER_meth_new(nid, + AES_BLOCK_SIZE, + cipher_handle->key_size)) == NULL + || !EVP_CIPHER_meth_set_iv_length(cipher_handle->_hidden, + AES_IV_LEN) + || !EVP_CIPHER_meth_set_flags(cipher_handle->_hidden, + EVP_CIPH_CBC_MODE | + EVP_CIPH_FLAG_DEFAULT_ASN1) + || !EVP_CIPHER_meth_set_init(cipher_handle->_hidden, + afalg_cipher_init) + || !EVP_CIPHER_meth_set_do_cipher(cipher_handle->_hidden, + afalg_do_cipher) + || !EVP_CIPHER_meth_set_cleanup(cipher_handle->_hidden, + afalg_cipher_cleanup) + || !EVP_CIPHER_meth_set_impl_ctx_size(cipher_handle->_hidden, + sizeof(afalg_ctx)))) { + EVP_CIPHER_meth_free(cipher_handle->_hidden); + cipher_handle->_hidden= NULL; + } + return cipher_handle->_hidden; } static int afalg_ciphers(ENGINE *e, const EVP_CIPHER **cipher, @@ -676,19 +703,21 @@ static int afalg_ciphers(ENGINE *e, const EVP_CIPHER **cipher, switch (nid) { case NID_aes_128_cbc: - *cipher = afalg_aes_128_cbc(); + case NID_aes_192_cbc: + case NID_aes_256_cbc: + *cipher = afalg_aes_cbc(nid); break; default: *cipher = NULL; r = 0; } - return r; } static int bind_afalg(ENGINE *e) { /* Ensure the afalg error handling is set up */ + unsigned short i; ERR_load_AFALG_strings(); if (!ENGINE_set_id(e, engine_afalg_id) @@ -701,13 +730,15 @@ static int bind_afalg(ENGINE *e) } /* - * Create _hidden_aes_128_cbc by calling afalg_aes_128_cbc + * Create _hidden_aes_xxx_cbc by calling afalg_aes_xxx_cbc * now, as bind_aflag can only be called by one thread at a * time. */ - if (afalg_aes_128_cbc() == NULL) { - AFALGerr(AFALG_F_BIND_AFALG, AFALG_R_INIT_FAILED); - return 0; + for(i = 0; i < OSSL_NELEM(afalg_cipher_nids); i++) { + if (afalg_aes_cbc(afalg_cipher_nids[i]) == NULL) { + AFALGerr(AFALG_F_BIND_AFALG, AFALG_R_INIT_FAILED); + return 0; + } } if (!ENGINE_set_ciphers(e, afalg_ciphers)) { @@ -819,11 +850,20 @@ static int afalg_finish(ENGINE *e) return 1; } +static int free_cbc(void) +{ + short unsigned int i; + for(i = 0; i < OSSL_NELEM(afalg_cipher_nids); i++) { + EVP_CIPHER_meth_free(cbc_handle[i]._hidden); + cbc_handle[i]._hidden = NULL; + } + return 1; +} + static int afalg_destroy(ENGINE *e) { ERR_unload_AFALG_strings(); - EVP_CIPHER_meth_free(_hidden_aes_128_cbc); - _hidden_aes_128_cbc = NULL; + free_cbc(); return 1; } diff --git a/deps/openssl/openssl/engines/e_afalg.ec b/deps/openssl/openssl/engines/e_afalg.ec new file mode 100644 index 00000000000000..6d7420fe5c360d --- /dev/null +++ b/deps/openssl/openssl/engines/e_afalg.ec @@ -0,0 +1,3 @@ +# The INPUT HEADER is scanned for declarations +# LIBNAME INPUT HEADER ERROR-TABLE FILE +L AFALG e_afalg_err.h e_afalg_err.c diff --git a/deps/openssl/openssl/engines/afalg/e_afalg.h b/deps/openssl/openssl/engines/e_afalg.h similarity index 89% rename from deps/openssl/openssl/engines/afalg/e_afalg.h rename to deps/openssl/openssl/engines/e_afalg.h index 948d67e58402b6..2c03c448d684a4 100644 --- a/deps/openssl/openssl/engines/afalg/e_afalg.h +++ b/deps/openssl/openssl/engines/e_afalg.h @@ -41,6 +41,8 @@ # define AES_BLOCK_SIZE 16 # endif # define AES_KEY_SIZE_128 16 +# define AES_KEY_SIZE_192 24 +# define AES_KEY_SIZE_256 32 # define AES_IV_LEN 16 # define MAX_INFLIGHTS 1 @@ -51,6 +53,19 @@ typedef enum { MODE_ASYNC } op_mode; +enum { + AES_CBC_128 = 0, + AES_CBC_192, + AES_CBC_256 +}; + +struct cbc_cipher_handles { + int key_size; + EVP_CIPHER *_hidden; +}; + +typedef struct cbc_cipher_handles cbc_handles; + struct afalg_aio_st { int efd; op_mode mode; diff --git a/deps/openssl/openssl/engines/e_afalg.txt b/deps/openssl/openssl/engines/e_afalg.txt new file mode 100644 index 00000000000000..3b79305acf9ba4 --- /dev/null +++ b/deps/openssl/openssl/engines/e_afalg.txt @@ -0,0 +1,30 @@ +# Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# Function codes +AFALG_F_AFALG_CHK_PLATFORM:100:afalg_chk_platform +AFALG_F_AFALG_CREATE_SK:101:afalg_create_sk +AFALG_F_AFALG_INIT_AIO:102:afalg_init_aio +AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION:103:\ + afalg_setup_async_event_notification +AFALG_F_AFALG_SET_KEY:104:afalg_set_key +AFALG_F_BIND_AFALG:105:bind_afalg + +#Reason codes +AFALG_R_EVENTFD_FAILED:108:eventfd failed +AFALG_R_FAILED_TO_GET_PLATFORM_INFO:111:failed to get platform info +AFALG_R_INIT_FAILED:100:init failed +AFALG_R_IO_SETUP_FAILED:105:io setup failed +AFALG_R_KERNEL_DOES_NOT_SUPPORT_AFALG:101:kernel does not support afalg +AFALG_R_KERNEL_DOES_NOT_SUPPORT_ASYNC_AFALG:107:\ + kernel does not support async afalg +AFALG_R_MEM_ALLOC_FAILED:102:mem alloc failed +AFALG_R_SOCKET_ACCEPT_FAILED:110:socket accept failed +AFALG_R_SOCKET_BIND_FAILED:103:socket bind failed +AFALG_R_SOCKET_CREATE_FAILED:109:socket create failed +AFALG_R_SOCKET_OPERATION_FAILED:104:socket operation failed +AFALG_R_SOCKET_SET_KEY_FAILED:106:socket set key failed diff --git a/deps/openssl/openssl/engines/e_afalg_err.c b/deps/openssl/openssl/engines/e_afalg_err.c new file mode 100644 index 00000000000000..18fe9c34e0e27c --- /dev/null +++ b/deps/openssl/openssl/engines/e_afalg_err.c @@ -0,0 +1,83 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "e_afalg_err.h" + +#ifndef OPENSSL_NO_ERR + +static ERR_STRING_DATA AFALG_str_functs[] = { + {ERR_PACK(0, AFALG_F_AFALG_CHK_PLATFORM, 0), "afalg_chk_platform"}, + {ERR_PACK(0, AFALG_F_AFALG_CREATE_SK, 0), "afalg_create_sk"}, + {ERR_PACK(0, AFALG_F_AFALG_INIT_AIO, 0), "afalg_init_aio"}, + {ERR_PACK(0, AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION, 0), + "afalg_setup_async_event_notification"}, + {ERR_PACK(0, AFALG_F_AFALG_SET_KEY, 0), "afalg_set_key"}, + {ERR_PACK(0, AFALG_F_BIND_AFALG, 0), "bind_afalg"}, + {0, NULL} +}; + +static ERR_STRING_DATA AFALG_str_reasons[] = { + {ERR_PACK(0, 0, AFALG_R_EVENTFD_FAILED), "eventfd failed"}, + {ERR_PACK(0, 0, AFALG_R_FAILED_TO_GET_PLATFORM_INFO), + "failed to get platform info"}, + {ERR_PACK(0, 0, AFALG_R_INIT_FAILED), "init failed"}, + {ERR_PACK(0, 0, AFALG_R_IO_SETUP_FAILED), "io setup failed"}, + {ERR_PACK(0, 0, AFALG_R_KERNEL_DOES_NOT_SUPPORT_AFALG), + "kernel does not support afalg"}, + {ERR_PACK(0, 0, AFALG_R_KERNEL_DOES_NOT_SUPPORT_ASYNC_AFALG), + "kernel does not support async afalg"}, + {ERR_PACK(0, 0, AFALG_R_MEM_ALLOC_FAILED), "mem alloc failed"}, + {ERR_PACK(0, 0, AFALG_R_SOCKET_ACCEPT_FAILED), "socket accept failed"}, + {ERR_PACK(0, 0, AFALG_R_SOCKET_BIND_FAILED), "socket bind failed"}, + {ERR_PACK(0, 0, AFALG_R_SOCKET_CREATE_FAILED), "socket create failed"}, + {ERR_PACK(0, 0, AFALG_R_SOCKET_OPERATION_FAILED), + "socket operation failed"}, + {ERR_PACK(0, 0, AFALG_R_SOCKET_SET_KEY_FAILED), "socket set key failed"}, + {0, NULL} +}; + +#endif + +static int lib_code = 0; +static int error_loaded = 0; + +static int ERR_load_AFALG_strings(void) +{ + if (lib_code == 0) + lib_code = ERR_get_next_error_library(); + + if (!error_loaded) { +#ifndef OPENSSL_NO_ERR + ERR_load_strings(lib_code, AFALG_str_functs); + ERR_load_strings(lib_code, AFALG_str_reasons); +#endif + error_loaded = 1; + } + return 1; +} + +static void ERR_unload_AFALG_strings(void) +{ + if (error_loaded) { +#ifndef OPENSSL_NO_ERR + ERR_unload_strings(lib_code, AFALG_str_functs); + ERR_unload_strings(lib_code, AFALG_str_reasons); +#endif + error_loaded = 0; + } +} + +static void ERR_AFALG_error(int function, int reason, char *file, int line) +{ + if (lib_code == 0) + lib_code = ERR_get_next_error_library(); + ERR_PUT_error(lib_code, function, reason, file, line); +} diff --git a/deps/openssl/openssl/engines/e_afalg_err.h b/deps/openssl/openssl/engines/e_afalg_err.h new file mode 100644 index 00000000000000..3eb1332bbfe465 --- /dev/null +++ b/deps/openssl/openssl/engines/e_afalg_err.h @@ -0,0 +1,43 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_AFALGERR_H +# define HEADER_AFALGERR_H + +# define AFALGerr(f, r) ERR_AFALG_error((f), (r), OPENSSL_FILE, OPENSSL_LINE) + + +/* + * AFALG function codes. + */ +# define AFALG_F_AFALG_CHK_PLATFORM 100 +# define AFALG_F_AFALG_CREATE_SK 101 +# define AFALG_F_AFALG_INIT_AIO 102 +# define AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION 103 +# define AFALG_F_AFALG_SET_KEY 104 +# define AFALG_F_BIND_AFALG 105 + +/* + * AFALG reason codes. + */ +# define AFALG_R_EVENTFD_FAILED 108 +# define AFALG_R_FAILED_TO_GET_PLATFORM_INFO 111 +# define AFALG_R_INIT_FAILED 100 +# define AFALG_R_IO_SETUP_FAILED 105 +# define AFALG_R_KERNEL_DOES_NOT_SUPPORT_AFALG 101 +# define AFALG_R_KERNEL_DOES_NOT_SUPPORT_ASYNC_AFALG 107 +# define AFALG_R_MEM_ALLOC_FAILED 102 +# define AFALG_R_SOCKET_ACCEPT_FAILED 110 +# define AFALG_R_SOCKET_BIND_FAILED 103 +# define AFALG_R_SOCKET_CREATE_FAILED 109 +# define AFALG_R_SOCKET_OPERATION_FAILED 104 +# define AFALG_R_SOCKET_SET_KEY_FAILED 106 + +#endif diff --git a/deps/openssl/openssl/engines/e_capi.c b/deps/openssl/openssl/engines/e_capi.c index a1de0b4b3c05e4..37202b81f398e0 100644 --- a/deps/openssl/openssl/engines/e_capi.c +++ b/deps/openssl/openssl/engines/e_capi.c @@ -577,7 +577,7 @@ static int bind_helper(ENGINE *e, const char *id) } IMPLEMENT_DYNAMIC_CHECK_FN() - IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) +IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) # else static ENGINE *engine_capi(void) { @@ -835,7 +835,7 @@ int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len, CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_GET_KEY); return -1; } -/* Convert the signature type to a CryptoAPI algorithm ID */ + /* Convert the signature type to a CryptoAPI algorithm ID */ switch (dtype) { case NID_sha256: alg = CALG_SHA_256; @@ -870,13 +870,13 @@ int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len, } } -/* Create the hash object */ + /* Create the hash object */ if (!CryptCreateHash(capi_key->hprov, alg, 0, 0, &hash)) { CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_CREATE_HASH_OBJECT); capi_addlasterror(); return -1; } -/* Set the hash value to the value passed */ + /* Set the hash value to the value passed */ if (!CryptSetHashParam(hash, HP_HASHVAL, (unsigned char *)m, 0)) { CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_SET_HASH_VALUE); @@ -884,7 +884,7 @@ int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len, goto err; } -/* Finally sign it */ + /* Finally sign it */ slen = RSA_size(rsa); if (!CryptSignHash(hash, capi_key->keyspec, NULL, 0, sigret, &slen)) { CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_ERROR_SIGNING_HASH); @@ -1491,8 +1491,10 @@ static CAPI_KEY *capi_get_key(CAPI_CTX *ctx, const WCHAR *contname, ptype = PROV_RSA_AES; } if (ctx && ctx->debug_level >= CAPI_DBG_TRACE && ctx->debug_file) { - /* above 'if' is [complementary] copy from CAPI_trace and serves - * as optimization to minimize [below] malloc-ations */ + /* + * above 'if' is [complementary] copy from CAPI_trace and serves + * as optimization to minimize [below] malloc-ations + */ char *_contname = wide_to_asc(contname); char *_provname = wide_to_asc(provname); diff --git a/deps/openssl/openssl/engines/e_capi.ec b/deps/openssl/openssl/engines/e_capi.ec index d2ad668a987cab..d9c7aa510fd340 100644 --- a/deps/openssl/openssl/engines/e_capi.ec +++ b/deps/openssl/openssl/engines/e_capi.ec @@ -1 +1,3 @@ -L CAPI e_capi_err.h e_capi_err.c +# The INPUT HEADER is scanned for declarations +# LIBNAME INPUT HEADER ERROR-TABLE FILE +L CAPI e_capi_err.h e_capi_err.c diff --git a/deps/openssl/openssl/engines/e_capi.txt b/deps/openssl/openssl/engines/e_capi.txt new file mode 100644 index 00000000000000..3f34cdf6b7e9d0 --- /dev/null +++ b/deps/openssl/openssl/engines/e_capi.txt @@ -0,0 +1,62 @@ +# Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# Function codes +CAPI_F_CAPI_CERT_GET_FNAME:99:capi_cert_get_fname +CAPI_F_CAPI_CTRL:100:capi_ctrl +CAPI_F_CAPI_CTX_NEW:101:capi_ctx_new +CAPI_F_CAPI_CTX_SET_PROVNAME:102:capi_ctx_set_provname +CAPI_F_CAPI_DSA_DO_SIGN:114:capi_dsa_do_sign +CAPI_F_CAPI_GET_KEY:103:capi_get_key +CAPI_F_CAPI_GET_PKEY:115:capi_get_pkey +CAPI_F_CAPI_GET_PROVNAME:104:capi_get_provname +CAPI_F_CAPI_GET_PROV_INFO:105:capi_get_prov_info +CAPI_F_CAPI_INIT:106:capi_init +CAPI_F_CAPI_LIST_CONTAINERS:107:capi_list_containers +CAPI_F_CAPI_LOAD_PRIVKEY:108:capi_load_privkey +CAPI_F_CAPI_OPEN_STORE:109:capi_open_store +CAPI_F_CAPI_RSA_PRIV_DEC:110:capi_rsa_priv_dec +CAPI_F_CAPI_RSA_PRIV_ENC:111:capi_rsa_priv_enc +CAPI_F_CAPI_RSA_SIGN:112:capi_rsa_sign +CAPI_F_CAPI_VTRACE:118:capi_vtrace +CAPI_F_CERT_SELECT_DIALOG:117:cert_select_dialog +CAPI_F_CLIENT_CERT_SELECT:116:* +CAPI_F_WIDE_TO_ASC:113:wide_to_asc + +#Reason codes +CAPI_R_CANT_CREATE_HASH_OBJECT:100:cant create hash object +CAPI_R_CANT_FIND_CAPI_CONTEXT:101:cant find capi context +CAPI_R_CANT_GET_KEY:102:cant get key +CAPI_R_CANT_SET_HASH_VALUE:103:cant set hash value +CAPI_R_CRYPTACQUIRECONTEXT_ERROR:104:cryptacquirecontext error +CAPI_R_CRYPTENUMPROVIDERS_ERROR:105:cryptenumproviders error +CAPI_R_DECRYPT_ERROR:106:decrypt error +CAPI_R_ENGINE_NOT_INITIALIZED:107:engine not initialized +CAPI_R_ENUMCONTAINERS_ERROR:108:enumcontainers error +CAPI_R_ERROR_ADDING_CERT:109:error adding cert +CAPI_R_ERROR_CREATING_STORE:110:error creating store +CAPI_R_ERROR_GETTING_FRIENDLY_NAME:111:error getting friendly name +CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO:112:error getting key provider info +CAPI_R_ERROR_OPENING_STORE:113:error opening store +CAPI_R_ERROR_SIGNING_HASH:114:error signing hash +CAPI_R_FILE_OPEN_ERROR:115:file open error +CAPI_R_FUNCTION_NOT_SUPPORTED:116:function not supported +CAPI_R_GETUSERKEY_ERROR:117:getuserkey error +CAPI_R_INVALID_DIGEST_LENGTH:118:invalid digest length +CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER:119:\ + invalid dsa public key blob magic number +CAPI_R_INVALID_LOOKUP_METHOD:120:invalid lookup method +CAPI_R_INVALID_PUBLIC_KEY_BLOB:121:invalid public key blob +CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER:122:\ + invalid rsa public key blob magic number +CAPI_R_PUBKEY_EXPORT_ERROR:123:pubkey export error +CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR:124:pubkey export length error +CAPI_R_UNKNOWN_COMMAND:125:unknown command +CAPI_R_UNSUPPORTED_ALGORITHM_NID:126:unsupported algorithm nid +CAPI_R_UNSUPPORTED_PADDING:127:unsupported padding +CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM:128:unsupported public key algorithm +CAPI_R_WIN32_ERROR:129:win32 error diff --git a/deps/openssl/openssl/engines/e_capi_err.c b/deps/openssl/openssl/engines/e_capi_err.c index 64e963a5eb9d2e..b72bc51a874e0b 100644 --- a/deps/openssl/openssl/engines/e_capi_err.c +++ b/deps/openssl/openssl/engines/e_capi_err.c @@ -1,5 +1,6 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,137 +8,112 @@ * https://www.openssl.org/source/license.html */ -/* - * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#include #include #include "e_capi_err.h" -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -# define ERR_FUNC(func) ERR_PACK(0,func,0) -# define ERR_REASON(reason) ERR_PACK(0,0,reason) - static ERR_STRING_DATA CAPI_str_functs[] = { - {ERR_FUNC(CAPI_F_CAPI_CERT_GET_FNAME), "CAPI_CERT_GET_FNAME"}, - {ERR_FUNC(CAPI_F_CAPI_CTRL), "CAPI_CTRL"}, - {ERR_FUNC(CAPI_F_CAPI_CTX_NEW), "CAPI_CTX_NEW"}, - {ERR_FUNC(CAPI_F_CAPI_CTX_SET_PROVNAME), "CAPI_CTX_SET_PROVNAME"}, - {ERR_FUNC(CAPI_F_CAPI_DSA_DO_SIGN), "CAPI_DSA_DO_SIGN"}, - {ERR_FUNC(CAPI_F_CAPI_GET_KEY), "CAPI_GET_KEY"}, - {ERR_FUNC(CAPI_F_CAPI_GET_PKEY), "CAPI_GET_PKEY"}, - {ERR_FUNC(CAPI_F_CAPI_GET_PROVNAME), "CAPI_GET_PROVNAME"}, - {ERR_FUNC(CAPI_F_CAPI_GET_PROV_INFO), "CAPI_GET_PROV_INFO"}, - {ERR_FUNC(CAPI_F_CAPI_INIT), "CAPI_INIT"}, - {ERR_FUNC(CAPI_F_CAPI_LIST_CONTAINERS), "CAPI_LIST_CONTAINERS"}, - {ERR_FUNC(CAPI_F_CAPI_LOAD_PRIVKEY), "CAPI_LOAD_PRIVKEY"}, - {ERR_FUNC(CAPI_F_CAPI_OPEN_STORE), "CAPI_OPEN_STORE"}, - {ERR_FUNC(CAPI_F_CAPI_RSA_PRIV_DEC), "CAPI_RSA_PRIV_DEC"}, - {ERR_FUNC(CAPI_F_CAPI_RSA_PRIV_ENC), "CAPI_RSA_PRIV_ENC"}, - {ERR_FUNC(CAPI_F_CAPI_RSA_SIGN), "CAPI_RSA_SIGN"}, - {ERR_FUNC(CAPI_F_CAPI_VTRACE), "CAPI_VTRACE"}, - {ERR_FUNC(CAPI_F_CERT_SELECT_DIALOG), "CERT_SELECT_DIALOG"}, - {ERR_FUNC(CAPI_F_CLIENT_CERT_SELECT), "CLIENT_CERT_SELECT"}, - {ERR_FUNC(CAPI_F_WIDE_TO_ASC), "WIDE_TO_ASC"}, + {ERR_PACK(0, CAPI_F_CAPI_CERT_GET_FNAME, 0), "capi_cert_get_fname"}, + {ERR_PACK(0, CAPI_F_CAPI_CTRL, 0), "capi_ctrl"}, + {ERR_PACK(0, CAPI_F_CAPI_CTX_NEW, 0), "capi_ctx_new"}, + {ERR_PACK(0, CAPI_F_CAPI_CTX_SET_PROVNAME, 0), "capi_ctx_set_provname"}, + {ERR_PACK(0, CAPI_F_CAPI_DSA_DO_SIGN, 0), "capi_dsa_do_sign"}, + {ERR_PACK(0, CAPI_F_CAPI_GET_KEY, 0), "capi_get_key"}, + {ERR_PACK(0, CAPI_F_CAPI_GET_PKEY, 0), "capi_get_pkey"}, + {ERR_PACK(0, CAPI_F_CAPI_GET_PROVNAME, 0), "capi_get_provname"}, + {ERR_PACK(0, CAPI_F_CAPI_GET_PROV_INFO, 0), "capi_get_prov_info"}, + {ERR_PACK(0, CAPI_F_CAPI_INIT, 0), "capi_init"}, + {ERR_PACK(0, CAPI_F_CAPI_LIST_CONTAINERS, 0), "capi_list_containers"}, + {ERR_PACK(0, CAPI_F_CAPI_LOAD_PRIVKEY, 0), "capi_load_privkey"}, + {ERR_PACK(0, CAPI_F_CAPI_OPEN_STORE, 0), "capi_open_store"}, + {ERR_PACK(0, CAPI_F_CAPI_RSA_PRIV_DEC, 0), "capi_rsa_priv_dec"}, + {ERR_PACK(0, CAPI_F_CAPI_RSA_PRIV_ENC, 0), "capi_rsa_priv_enc"}, + {ERR_PACK(0, CAPI_F_CAPI_RSA_SIGN, 0), "capi_rsa_sign"}, + {ERR_PACK(0, CAPI_F_CAPI_VTRACE, 0), "capi_vtrace"}, + {ERR_PACK(0, CAPI_F_CERT_SELECT_DIALOG, 0), "cert_select_dialog"}, + {ERR_PACK(0, CAPI_F_CLIENT_CERT_SELECT, 0), ""}, + {ERR_PACK(0, CAPI_F_WIDE_TO_ASC, 0), "wide_to_asc"}, {0, NULL} }; static ERR_STRING_DATA CAPI_str_reasons[] = { - {ERR_REASON(CAPI_R_CANT_CREATE_HASH_OBJECT), "cant create hash object"}, - {ERR_REASON(CAPI_R_CANT_FIND_CAPI_CONTEXT), "cant find capi context"}, - {ERR_REASON(CAPI_R_CANT_GET_KEY), "cant get key"}, - {ERR_REASON(CAPI_R_CANT_SET_HASH_VALUE), "cant set hash value"}, - {ERR_REASON(CAPI_R_CRYPTACQUIRECONTEXT_ERROR), - "cryptacquirecontext error"}, - {ERR_REASON(CAPI_R_CRYPTENUMPROVIDERS_ERROR), "cryptenumproviders error"}, - {ERR_REASON(CAPI_R_DECRYPT_ERROR), "decrypt error"}, - {ERR_REASON(CAPI_R_ENGINE_NOT_INITIALIZED), "engine not initialized"}, - {ERR_REASON(CAPI_R_ENUMCONTAINERS_ERROR), "enumcontainers error"}, - {ERR_REASON(CAPI_R_ERROR_ADDING_CERT), "error adding cert"}, - {ERR_REASON(CAPI_R_ERROR_CREATING_STORE), "error creating store"}, - {ERR_REASON(CAPI_R_ERROR_GETTING_FRIENDLY_NAME), - "error getting friendly name"}, - {ERR_REASON(CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO), - "error getting key provider info"}, - {ERR_REASON(CAPI_R_ERROR_OPENING_STORE), "error opening store"}, - {ERR_REASON(CAPI_R_ERROR_SIGNING_HASH), "error signing hash"}, - {ERR_REASON(CAPI_R_FILE_OPEN_ERROR), "file open error"}, - {ERR_REASON(CAPI_R_FUNCTION_NOT_SUPPORTED), "function not supported"}, - {ERR_REASON(CAPI_R_GETUSERKEY_ERROR), "getuserkey error"}, - {ERR_REASON(CAPI_R_INVALID_DIGEST_LENGTH), "invalid digest length"}, - {ERR_REASON(CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER), - "invalid dsa public key blob magic number"}, - {ERR_REASON(CAPI_R_INVALID_LOOKUP_METHOD), "invalid lookup method"}, - {ERR_REASON(CAPI_R_INVALID_PUBLIC_KEY_BLOB), "invalid public key blob"}, - {ERR_REASON(CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER), - "invalid rsa public key blob magic number"}, - {ERR_REASON(CAPI_R_PUBKEY_EXPORT_ERROR), "pubkey export error"}, - {ERR_REASON(CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR), - "pubkey export length error"}, - {ERR_REASON(CAPI_R_UNKNOWN_COMMAND), "unknown command"}, - {ERR_REASON(CAPI_R_UNSUPPORTED_ALGORITHM_NID), - "unsupported algorithm nid"}, - {ERR_REASON(CAPI_R_UNSUPPORTED_PADDING), "unsupported padding"}, - {ERR_REASON(CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM), - "unsupported public key algorithm"}, - {ERR_REASON(CAPI_R_WIN32_ERROR), "win32 error"}, + {ERR_PACK(0, 0, CAPI_R_CANT_CREATE_HASH_OBJECT), "cant create hash object"}, + {ERR_PACK(0, 0, CAPI_R_CANT_FIND_CAPI_CONTEXT), "cant find capi context"}, + {ERR_PACK(0, 0, CAPI_R_CANT_GET_KEY), "cant get key"}, + {ERR_PACK(0, 0, CAPI_R_CANT_SET_HASH_VALUE), "cant set hash value"}, + {ERR_PACK(0, 0, CAPI_R_CRYPTACQUIRECONTEXT_ERROR), + "cryptacquirecontext error"}, + {ERR_PACK(0, 0, CAPI_R_CRYPTENUMPROVIDERS_ERROR), + "cryptenumproviders error"}, + {ERR_PACK(0, 0, CAPI_R_DECRYPT_ERROR), "decrypt error"}, + {ERR_PACK(0, 0, CAPI_R_ENGINE_NOT_INITIALIZED), "engine not initialized"}, + {ERR_PACK(0, 0, CAPI_R_ENUMCONTAINERS_ERROR), "enumcontainers error"}, + {ERR_PACK(0, 0, CAPI_R_ERROR_ADDING_CERT), "error adding cert"}, + {ERR_PACK(0, 0, CAPI_R_ERROR_CREATING_STORE), "error creating store"}, + {ERR_PACK(0, 0, CAPI_R_ERROR_GETTING_FRIENDLY_NAME), + "error getting friendly name"}, + {ERR_PACK(0, 0, CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO), + "error getting key provider info"}, + {ERR_PACK(0, 0, CAPI_R_ERROR_OPENING_STORE), "error opening store"}, + {ERR_PACK(0, 0, CAPI_R_ERROR_SIGNING_HASH), "error signing hash"}, + {ERR_PACK(0, 0, CAPI_R_FILE_OPEN_ERROR), "file open error"}, + {ERR_PACK(0, 0, CAPI_R_FUNCTION_NOT_SUPPORTED), "function not supported"}, + {ERR_PACK(0, 0, CAPI_R_GETUSERKEY_ERROR), "getuserkey error"}, + {ERR_PACK(0, 0, CAPI_R_INVALID_DIGEST_LENGTH), "invalid digest length"}, + {ERR_PACK(0, 0, CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER), + "invalid dsa public key blob magic number"}, + {ERR_PACK(0, 0, CAPI_R_INVALID_LOOKUP_METHOD), "invalid lookup method"}, + {ERR_PACK(0, 0, CAPI_R_INVALID_PUBLIC_KEY_BLOB), "invalid public key blob"}, + {ERR_PACK(0, 0, CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER), + "invalid rsa public key blob magic number"}, + {ERR_PACK(0, 0, CAPI_R_PUBKEY_EXPORT_ERROR), "pubkey export error"}, + {ERR_PACK(0, 0, CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR), + "pubkey export length error"}, + {ERR_PACK(0, 0, CAPI_R_UNKNOWN_COMMAND), "unknown command"}, + {ERR_PACK(0, 0, CAPI_R_UNSUPPORTED_ALGORITHM_NID), + "unsupported algorithm nid"}, + {ERR_PACK(0, 0, CAPI_R_UNSUPPORTED_PADDING), "unsupported padding"}, + {ERR_PACK(0, 0, CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM), + "unsupported public key algorithm"}, + {ERR_PACK(0, 0, CAPI_R_WIN32_ERROR), "win32 error"}, {0, NULL} }; #endif -#ifdef CAPI_LIB_NAME -static ERR_STRING_DATA CAPI_lib_name[] = { - {0, CAPI_LIB_NAME}, - {0, NULL} -}; -#endif - -static int CAPI_lib_error_code = 0; -static int CAPI_error_init = 1; +static int lib_code = 0; +static int error_loaded = 0; -static void ERR_load_CAPI_strings(void) +static int ERR_load_CAPI_strings(void) { - if (CAPI_lib_error_code == 0) - CAPI_lib_error_code = ERR_get_next_error_library(); + if (lib_code == 0) + lib_code = ERR_get_next_error_library(); - if (CAPI_error_init) { - CAPI_error_init = 0; + if (!error_loaded) { #ifndef OPENSSL_NO_ERR - ERR_load_strings(CAPI_lib_error_code, CAPI_str_functs); - ERR_load_strings(CAPI_lib_error_code, CAPI_str_reasons); -#endif - -#ifdef CAPI_LIB_NAME - CAPI_lib_name->error = ERR_PACK(CAPI_lib_error_code, 0, 0); - ERR_load_strings(0, CAPI_lib_name); + ERR_load_strings(lib_code, CAPI_str_functs); + ERR_load_strings(lib_code, CAPI_str_reasons); #endif + error_loaded = 1; } + return 1; } static void ERR_unload_CAPI_strings(void) { - if (CAPI_error_init == 0) { + if (error_loaded) { #ifndef OPENSSL_NO_ERR - ERR_unload_strings(CAPI_lib_error_code, CAPI_str_functs); - ERR_unload_strings(CAPI_lib_error_code, CAPI_str_reasons); -#endif - -#ifdef CAPI_LIB_NAME - ERR_unload_strings(0, CAPI_lib_name); + ERR_unload_strings(lib_code, CAPI_str_functs); + ERR_unload_strings(lib_code, CAPI_str_reasons); #endif - CAPI_error_init = 1; + error_loaded = 0; } } static void ERR_CAPI_error(int function, int reason, char *file, int line) { - if (CAPI_lib_error_code == 0) - CAPI_lib_error_code = ERR_get_next_error_library(); - ERR_PUT_error(CAPI_lib_error_code, function, reason, file, line); + if (lib_code == 0) + lib_code = ERR_get_next_error_library(); + ERR_PUT_error(lib_code, function, reason, file, line); } diff --git a/deps/openssl/openssl/engines/e_capi_err.h b/deps/openssl/openssl/engines/e_capi_err.h index bbaffada3d8992..e034c98cae842e 100644 --- a/deps/openssl/openssl/engines/e_capi_err.h +++ b/deps/openssl/openssl/engines/e_capi_err.h @@ -1,5 +1,6 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,28 +8,15 @@ * https://www.openssl.org/source/license.html */ -/* - * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#ifndef HEADER_CAPI_ERR_H -# define HEADER_CAPI_ERR_H - -#ifdef __cplusplus -extern "C" { -#endif +#ifndef HEADER_CAPIERR_H +# define HEADER_CAPIERR_H -/* BEGIN ERROR CODES */ -static void ERR_load_CAPI_strings(void); -static void ERR_unload_CAPI_strings(void); -static void ERR_CAPI_error(int function, int reason, char *file, int line); -# define CAPIerr(f,r) ERR_CAPI_error((f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define CAPIerr(f, r) ERR_CAPI_error((f), (r), OPENSSL_FILE, OPENSSL_LINE) -/* Error codes for the CAPI functions. */ -/* Function codes. */ +/* + * CAPI function codes. + */ # define CAPI_F_CAPI_CERT_GET_FNAME 99 # define CAPI_F_CAPI_CTRL 100 # define CAPI_F_CAPI_CTX_NEW 101 @@ -50,39 +38,38 @@ static void ERR_CAPI_error(int function, int reason, char *file, int line); # define CAPI_F_CLIENT_CERT_SELECT 116 # define CAPI_F_WIDE_TO_ASC 113 -/* Reason codes. */ -# define CAPI_R_CANT_CREATE_HASH_OBJECT 99 -# define CAPI_R_CANT_FIND_CAPI_CONTEXT 100 -# define CAPI_R_CANT_GET_KEY 101 -# define CAPI_R_CANT_SET_HASH_VALUE 102 -# define CAPI_R_CRYPTACQUIRECONTEXT_ERROR 103 -# define CAPI_R_CRYPTENUMPROVIDERS_ERROR 104 -# define CAPI_R_DECRYPT_ERROR 105 -# define CAPI_R_ENGINE_NOT_INITIALIZED 106 -# define CAPI_R_ENUMCONTAINERS_ERROR 107 -# define CAPI_R_ERROR_ADDING_CERT 125 -# define CAPI_R_ERROR_CREATING_STORE 126 -# define CAPI_R_ERROR_GETTING_FRIENDLY_NAME 108 -# define CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO 109 -# define CAPI_R_ERROR_OPENING_STORE 110 -# define CAPI_R_ERROR_SIGNING_HASH 111 -# define CAPI_R_FILE_OPEN_ERROR 128 -# define CAPI_R_FUNCTION_NOT_SUPPORTED 112 -# define CAPI_R_GETUSERKEY_ERROR 113 -# define CAPI_R_INVALID_DIGEST_LENGTH 124 -# define CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER 122 -# define CAPI_R_INVALID_LOOKUP_METHOD 114 -# define CAPI_R_INVALID_PUBLIC_KEY_BLOB 115 -# define CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER 123 -# define CAPI_R_PUBKEY_EXPORT_ERROR 116 -# define CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR 117 -# define CAPI_R_UNKNOWN_COMMAND 118 -# define CAPI_R_UNSUPPORTED_ALGORITHM_NID 119 -# define CAPI_R_UNSUPPORTED_PADDING 120 -# define CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM 121 -# define CAPI_R_WIN32_ERROR 127 +/* + * CAPI reason codes. + */ +# define CAPI_R_CANT_CREATE_HASH_OBJECT 100 +# define CAPI_R_CANT_FIND_CAPI_CONTEXT 101 +# define CAPI_R_CANT_GET_KEY 102 +# define CAPI_R_CANT_SET_HASH_VALUE 103 +# define CAPI_R_CRYPTACQUIRECONTEXT_ERROR 104 +# define CAPI_R_CRYPTENUMPROVIDERS_ERROR 105 +# define CAPI_R_DECRYPT_ERROR 106 +# define CAPI_R_ENGINE_NOT_INITIALIZED 107 +# define CAPI_R_ENUMCONTAINERS_ERROR 108 +# define CAPI_R_ERROR_ADDING_CERT 109 +# define CAPI_R_ERROR_CREATING_STORE 110 +# define CAPI_R_ERROR_GETTING_FRIENDLY_NAME 111 +# define CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO 112 +# define CAPI_R_ERROR_OPENING_STORE 113 +# define CAPI_R_ERROR_SIGNING_HASH 114 +# define CAPI_R_FILE_OPEN_ERROR 115 +# define CAPI_R_FUNCTION_NOT_SUPPORTED 116 +# define CAPI_R_GETUSERKEY_ERROR 117 +# define CAPI_R_INVALID_DIGEST_LENGTH 118 +# define CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER 119 +# define CAPI_R_INVALID_LOOKUP_METHOD 120 +# define CAPI_R_INVALID_PUBLIC_KEY_BLOB 121 +# define CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER 122 +# define CAPI_R_PUBKEY_EXPORT_ERROR 123 +# define CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR 124 +# define CAPI_R_UNKNOWN_COMMAND 125 +# define CAPI_R_UNSUPPORTED_ALGORITHM_NID 126 +# define CAPI_R_UNSUPPORTED_PADDING 127 +# define CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM 128 +# define CAPI_R_WIN32_ERROR 129 -#ifdef __cplusplus -} -#endif #endif diff --git a/deps/openssl/openssl/engines/e_chil.c b/deps/openssl/openssl/engines/e_chil.c deleted file mode 100644 index 8d81b46fec5b09..00000000000000 --- a/deps/openssl/openssl/engines/e_chil.c +++ /dev/null @@ -1,1285 +0,0 @@ -/* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include "internal/dso.h" -#include -#include -#include -#ifndef OPENSSL_NO_RSA -# include -#endif -#ifndef OPENSSL_NO_DH -# include -#endif -#include - -#ifndef OPENSSL_NO_HW -# ifndef OPENSSL_NO_HW_CHIL - -/*- - * Attribution notice: nCipher have said several times that it's OK for - * us to implement a general interface to their boxes, and recently declared - * their HWCryptoHook to be public, and therefore available for us to use. - * Thanks, nCipher. - * - * The hwcryptohook.h included here is from May 2000. - * [Richard Levitte] - */ -# ifdef FLAT_INC -# include "hwcryptohook.h" -# else -# include "vendor_defns/hwcryptohook.h" -# endif - -# define HWCRHK_LIB_NAME "CHIL engine" -# include "e_chil_err.c" - -static CRYPTO_RWLOCK *chil_lock; - -static int hwcrhk_destroy(ENGINE *e); -static int hwcrhk_init(ENGINE *e); -static int hwcrhk_finish(ENGINE *e); -static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)); - -/* Functions to handle mutexes */ -static int hwcrhk_mutex_init(HWCryptoHook_Mutex *, - HWCryptoHook_CallerContext *); -static int hwcrhk_mutex_lock(HWCryptoHook_Mutex *); -static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex *); -static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex *); - -/* BIGNUM stuff */ -static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx); - -# ifndef OPENSSL_NO_RSA -/* RSA stuff */ -static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, - BN_CTX *ctx); -/* This function is aliased to mod_exp (with the mont stuff dropped). */ -static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); -static int hwcrhk_rsa_finish(RSA *rsa); -# endif - -# ifndef OPENSSL_NO_DH -/* DH stuff */ -/* This function is alised to mod_exp (with the DH and mont dropped). */ -static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r, - const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); -# endif - -/* RAND stuff */ -static int hwcrhk_rand_bytes(unsigned char *buf, int num); -static int hwcrhk_rand_status(void); - -/* KM stuff */ -static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id, - UI_METHOD *ui_method, - void *callback_data); -static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id, - UI_METHOD *ui_method, - void *callback_data); - -/* Interaction stuff */ -static int hwcrhk_insert_card(const char *prompt_info, - const char *wrong_info, - HWCryptoHook_PassphraseContext * ppctx, - HWCryptoHook_CallerContext * cactx); -static int hwcrhk_get_pass(const char *prompt_info, - int *len_io, char *buf, - HWCryptoHook_PassphraseContext * ppctx, - HWCryptoHook_CallerContext * cactx); -static void hwcrhk_log_message(void *logstr, const char *message); - -/* The definitions for control commands specific to this engine */ -# define HWCRHK_CMD_SO_PATH ENGINE_CMD_BASE -# define HWCRHK_CMD_FORK_CHECK (ENGINE_CMD_BASE + 1) -# define HWCRHK_CMD_THREAD_LOCKING (ENGINE_CMD_BASE + 2) -# define HWCRHK_CMD_SET_USER_INTERFACE (ENGINE_CMD_BASE + 3) -# define HWCRHK_CMD_SET_CALLBACK_DATA (ENGINE_CMD_BASE + 4) -static const ENGINE_CMD_DEFN hwcrhk_cmd_defns[] = { - {HWCRHK_CMD_SO_PATH, - "SO_PATH", - "Specifies the path to the 'hwcrhk' shared library", - ENGINE_CMD_FLAG_STRING}, - {HWCRHK_CMD_FORK_CHECK, - "FORK_CHECK", - "Turns fork() checking on (non-zero) or off (zero)", - ENGINE_CMD_FLAG_NUMERIC}, - {HWCRHK_CMD_THREAD_LOCKING, - "THREAD_LOCKING", - "Turns thread-safe locking on (zero) or off (non-zero)", - ENGINE_CMD_FLAG_NUMERIC}, - {HWCRHK_CMD_SET_USER_INTERFACE, - "SET_USER_INTERFACE", - "Set the global user interface (internal)", - ENGINE_CMD_FLAG_INTERNAL}, - {HWCRHK_CMD_SET_CALLBACK_DATA, - "SET_CALLBACK_DATA", - "Set the global user interface extra data (internal)", - ENGINE_CMD_FLAG_INTERNAL}, - {0, NULL, NULL, 0} -}; - -# ifndef OPENSSL_NO_RSA -/* Our internal RSA_METHOD that we provide pointers to */ -static RSA_METHOD hwcrhk_rsa = { - "CHIL RSA method", - NULL, - NULL, - NULL, - NULL, - hwcrhk_rsa_mod_exp, - hwcrhk_mod_exp_mont, - NULL, - hwcrhk_rsa_finish, - 0, - NULL, - NULL, - NULL, - NULL -}; -# endif - -# ifndef OPENSSL_NO_DH -/* Our internal DH_METHOD that we provide pointers to */ -static DH_METHOD hwcrhk_dh = { - "CHIL DH method", - NULL, - NULL, - hwcrhk_mod_exp_dh, - NULL, - NULL, - 0, - NULL, - NULL -}; -# endif - -static RAND_METHOD hwcrhk_rand = { - /* "CHIL RAND method", */ - NULL, - hwcrhk_rand_bytes, - NULL, - NULL, - hwcrhk_rand_bytes, - hwcrhk_rand_status, -}; - -/* Constants used when creating the ENGINE */ -static const char *engine_hwcrhk_id = "chil"; -static const char *engine_hwcrhk_name = "CHIL hardware engine support"; -# ifndef OPENSSL_NO_DYNAMIC_ENGINE -/* Compatibility hack, the dynamic library uses this form in the path */ -static const char *engine_hwcrhk_id_alt = "ncipher"; -# endif - -/* Internal stuff for HWCryptoHook */ - -/* Some structures needed for proper use of thread locks */ -/* - * hwcryptohook.h has some typedefs that turn struct HWCryptoHook_MutexValue - * into HWCryptoHook_Mutex - */ -struct HWCryptoHook_MutexValue { - CRYPTO_RWLOCK *lock; -}; - -/* - * hwcryptohook.h has some typedefs that turn struct - * HWCryptoHook_PassphraseContextValue into HWCryptoHook_PassphraseContext - */ -struct HWCryptoHook_PassphraseContextValue { - UI_METHOD *ui_method; - void *callback_data; -}; - -/* - * hwcryptohook.h has some typedefs that turn struct - * HWCryptoHook_CallerContextValue into HWCryptoHook_CallerContext - */ -struct HWCryptoHook_CallerContextValue { - pem_password_cb *password_callback; /* Deprecated! Only present for - * backward compatibility! */ - UI_METHOD *ui_method; - void *callback_data; -}; - -/* - * The MPI structure in HWCryptoHook is pretty compatible with OpenSSL - * BIGNUM's, so lets define a couple of conversion macros - */ -# define BN2MPI(mp, bn) \ - {mp.size = bn->top * sizeof(BN_ULONG); mp.buf = (unsigned char *)bn->d;} -# define MPI2BN(bn, mp) \ - {mp.size = bn->dmax * sizeof(BN_ULONG); mp.buf = (unsigned char *)bn->d;} - -static BIO *logstream = NULL; -static int disable_mutex_callbacks = 0; - -/* - * One might wonder why these are needed, since one can pass down at least a - * UI_METHOD and a pointer to callback data to the key-loading functions. The - * thing is that the ModExp and RSAImmed functions can load keys as well, if - * the data they get is in a special, nCipher-defined format (hint: if you - * look at the private exponent of the RSA data as a string, you'll see this - * string: "nCipher KM tool key id", followed by some bytes, followed a key - * identity string, followed by more bytes. This happens when you use - * "embed" keys instead of "hwcrhk" keys). Unfortunately, those functions do - * not take any passphrase or caller context, and our functions can't really - * take any callback data either. Still, the "insert_card" and - * "get_passphrase" callbacks may be called down the line, and will need to - * know what user interface callbacks to call, and having callback data from - * the application may be a nice thing as well, so we need to keep track of - * that globally. - */ -static HWCryptoHook_CallerContext password_context = { NULL, NULL, NULL }; - -/* Stuff to pass to the HWCryptoHook library */ -static HWCryptoHook_InitInfo hwcrhk_globals = { - HWCryptoHook_InitFlags_SimpleForkCheck, /* Flags */ - &logstream, /* logstream */ - sizeof(BN_ULONG), /* limbsize */ - 0, /* mslimb first: false for BNs */ - -1, /* msbyte first: use native */ - 0, /* Max mutexes, 0 = no small limit */ - 0, /* Max simultaneous, 0 = default */ - - /* - * The next few are mutex stuff: we write wrapper functions around the OS - * mutex functions. We initialise them to 0 here, and change that to - * actual function pointers in hwcrhk_init() if dynamic locks are - * supported (that is, if the application programmer has made sure of - * setting up callbacks bafore starting this engine) *and* if - * disable_mutex_callbacks hasn't been set by a call to - * ENGINE_ctrl(ENGINE_CTRL_CHIL_NO_LOCKING). - */ - sizeof(HWCryptoHook_Mutex), - 0, - 0, - 0, - 0, - - /* - * The next few are condvar stuff: we write wrapper functions round the - * OS functions. Currently not implemented and not and absolute - * necessity even in threaded programs, therefore 0'ed. Will hopefully - * be implemented some day, since it enhances the efficiency of - * HWCryptoHook. - */ - 0, /* sizeof(HWCryptoHook_CondVar), */ - 0, /* hwcrhk_cv_init, */ - 0, /* hwcrhk_cv_wait, */ - 0, /* hwcrhk_cv_signal, */ - 0, /* hwcrhk_cv_broadcast, */ - 0, /* hwcrhk_cv_destroy, */ - - hwcrhk_get_pass, /* pass phrase */ - hwcrhk_insert_card, /* insert a card */ - hwcrhk_log_message /* Log message */ -}; - -/* Now, to our own code */ - -/* - * This internal function is used by ENGINE_chil() and possibly by the - * "dynamic" ENGINE support too - */ -static int bind_helper(ENGINE *e) -{ -# ifndef OPENSSL_NO_RSA - const RSA_METHOD *meth1; -# endif -# ifndef OPENSSL_NO_DH - const DH_METHOD *meth2; -# endif - - chil_lock = CRYPTO_THREAD_lock_new(); - if (chil_lock == NULL) { - HWCRHKerr(HWCRHK_F_BIND_HELPER, ERR_R_MALLOC_FAILURE); - return 0; - } - - if (!ENGINE_set_id(e, engine_hwcrhk_id) || - !ENGINE_set_name(e, engine_hwcrhk_name) || -# ifndef OPENSSL_NO_RSA - !ENGINE_set_RSA(e, &hwcrhk_rsa) || -# endif -# ifndef OPENSSL_NO_DH - !ENGINE_set_DH(e, &hwcrhk_dh) || -# endif - !ENGINE_set_RAND(e, &hwcrhk_rand) || - !ENGINE_set_destroy_function(e, hwcrhk_destroy) || - !ENGINE_set_init_function(e, hwcrhk_init) || - !ENGINE_set_finish_function(e, hwcrhk_finish) || - !ENGINE_set_ctrl_function(e, hwcrhk_ctrl) || - !ENGINE_set_load_privkey_function(e, hwcrhk_load_privkey) || - !ENGINE_set_load_pubkey_function(e, hwcrhk_load_pubkey) || - !ENGINE_set_cmd_defns(e, hwcrhk_cmd_defns)) - return 0; - -# ifndef OPENSSL_NO_RSA - /* - * We know that the "PKCS1_OpenSSL()" functions hook properly to the - * cswift-specific mod_exp and mod_exp_crt so we use those functions. NB: - * We don't use ENGINE_openssl() or anything "more generic" because - * something like the RSAref code may not hook properly, and if you own - * one of these cards then you have the right to do RSA operations on it - * anyway! - */ - meth1 = RSA_PKCS1_OpenSSL(); - hwcrhk_rsa.rsa_pub_enc = meth1->rsa_pub_enc; - hwcrhk_rsa.rsa_pub_dec = meth1->rsa_pub_dec; - hwcrhk_rsa.rsa_priv_enc = meth1->rsa_priv_enc; - hwcrhk_rsa.rsa_priv_dec = meth1->rsa_priv_dec; -# endif - -# ifndef OPENSSL_NO_DH - /* Much the same for Diffie-Hellman */ - meth2 = DH_OpenSSL(); - hwcrhk_dh.generate_key = meth2->generate_key; - hwcrhk_dh.compute_key = meth2->compute_key; -# endif - - /* Ensure the hwcrhk error handling is set up */ - ERR_load_HWCRHK_strings(); - - return 1; -} - -# ifdef OPENSSL_NO_DYNAMIC_ENGINE -static ENGINE *engine_chil(void) -{ - ENGINE *ret = ENGINE_new(); - if (ret == NULL) - return NULL; - if (!bind_helper(ret)) { - ENGINE_free(ret); - return NULL; - } - return ret; -} - -void ENGINE_load_chil(void) -{ - /* Copied from eng_[openssl|dyn].c */ - ENGINE *toadd = engine_chil(); - if (!toadd) - return; - ENGINE_add(toadd); - ENGINE_free(toadd); - ERR_clear_error(); -} -# endif - -/* - * This is a process-global DSO handle used for loading and unloading the - * HWCryptoHook library. NB: This is only set (or unset) during an init() or - * finish() call (reference counts permitting) and they're operating with - * global locks, so this should be thread-safe implicitly. - */ -static DSO *hwcrhk_dso = NULL; -static HWCryptoHook_ContextHandle hwcrhk_context = 0; -# ifndef OPENSSL_NO_RSA -/* Index for KM handle. Not really used yet. */ -static int hndidx_rsa = -1; -# endif - -/* - * These are the function pointers that are (un)set when the library has - * successfully (un)loaded. - */ -static HWCryptoHook_Init_t *p_hwcrhk_Init = NULL; -static HWCryptoHook_Finish_t *p_hwcrhk_Finish = NULL; -static HWCryptoHook_ModExp_t *p_hwcrhk_ModExp = NULL; -# ifndef OPENSSL_NO_RSA -static HWCryptoHook_RSA_t *p_hwcrhk_RSA = NULL; -# endif -static HWCryptoHook_RandomBytes_t *p_hwcrhk_RandomBytes = NULL; -# ifndef OPENSSL_NO_RSA -static HWCryptoHook_RSALoadKey_t *p_hwcrhk_RSALoadKey = NULL; -static HWCryptoHook_RSAGetPublicKey_t *p_hwcrhk_RSAGetPublicKey = NULL; -static HWCryptoHook_RSAUnloadKey_t *p_hwcrhk_RSAUnloadKey = NULL; -# endif -static HWCryptoHook_ModExpCRT_t *p_hwcrhk_ModExpCRT = NULL; - -/* Used in the DSO operations. */ -static const char *HWCRHK_LIBNAME = NULL; -static void free_HWCRHK_LIBNAME(void) -{ - OPENSSL_free(HWCRHK_LIBNAME); - HWCRHK_LIBNAME = NULL; -} - -static const char *get_HWCRHK_LIBNAME(void) -{ - if (HWCRHK_LIBNAME) - return HWCRHK_LIBNAME; - return "nfhwcrhk"; -} - -static long set_HWCRHK_LIBNAME(const char *name) -{ - free_HWCRHK_LIBNAME(); - return (((HWCRHK_LIBNAME = OPENSSL_strdup(name)) != NULL) ? 1 : 0); -} - -static const char *n_hwcrhk_Init = "HWCryptoHook_Init"; -static const char *n_hwcrhk_Finish = "HWCryptoHook_Finish"; -static const char *n_hwcrhk_ModExp = "HWCryptoHook_ModExp"; -# ifndef OPENSSL_NO_RSA -static const char *n_hwcrhk_RSA = "HWCryptoHook_RSA"; -# endif -static const char *n_hwcrhk_RandomBytes = "HWCryptoHook_RandomBytes"; -# ifndef OPENSSL_NO_RSA -static const char *n_hwcrhk_RSALoadKey = "HWCryptoHook_RSALoadKey"; -static const char *n_hwcrhk_RSAGetPublicKey = "HWCryptoHook_RSAGetPublicKey"; -static const char *n_hwcrhk_RSAUnloadKey = "HWCryptoHook_RSAUnloadKey"; -# endif -static const char *n_hwcrhk_ModExpCRT = "HWCryptoHook_ModExpCRT"; - -/* - * HWCryptoHook library functions and mechanics - these are used by the - * higher-level functions further down. NB: As and where there's no error - * checking, take a look lower down where these functions are called, the - * checking and error handling is probably down there. - */ - -/* utility function to obtain a context */ -static int get_context(HWCryptoHook_ContextHandle * hac, - HWCryptoHook_CallerContext * cac) -{ - char tempbuf[1024]; - HWCryptoHook_ErrMsgBuf rmsg; - - rmsg.buf = tempbuf; - rmsg.size = sizeof(tempbuf); - - *hac = p_hwcrhk_Init(&hwcrhk_globals, sizeof(hwcrhk_globals), &rmsg, cac); - if (!*hac) - return 0; - return 1; -} - -/* similarly to release one. */ -static void release_context(HWCryptoHook_ContextHandle hac) -{ - p_hwcrhk_Finish(hac); -} - -/* Destructor (complements the "ENGINE_chil()" constructor) */ -static int hwcrhk_destroy(ENGINE *e) -{ - free_HWCRHK_LIBNAME(); - ERR_unload_HWCRHK_strings(); - CRYPTO_THREAD_lock_free(chil_lock); - return 1; -} - -/* (de)initialisation functions. */ -static int hwcrhk_init(ENGINE *e) -{ - HWCryptoHook_Init_t *p1; - HWCryptoHook_Finish_t *p2; - HWCryptoHook_ModExp_t *p3; -# ifndef OPENSSL_NO_RSA - HWCryptoHook_RSA_t *p4; - HWCryptoHook_RSALoadKey_t *p5; - HWCryptoHook_RSAGetPublicKey_t *p6; - HWCryptoHook_RSAUnloadKey_t *p7; -# endif - HWCryptoHook_RandomBytes_t *p8; - HWCryptoHook_ModExpCRT_t *p9; - - if (hwcrhk_dso != NULL) { - HWCRHKerr(HWCRHK_F_HWCRHK_INIT, HWCRHK_R_ALREADY_LOADED); - goto err; - } - /* Attempt to load libnfhwcrhk.so/nfhwcrhk.dll/whatever. */ - hwcrhk_dso = DSO_load(NULL, get_HWCRHK_LIBNAME(), NULL, 0); - if (hwcrhk_dso == NULL) { - HWCRHKerr(HWCRHK_F_HWCRHK_INIT, HWCRHK_R_DSO_FAILURE); - goto err; - } - -#define BINDIT(t, name) (t *)DSO_bind_func(hwcrhk_dso, name) - if ((p1 = BINDIT(HWCryptoHook_Init_t, n_hwcrhk_Init)) == NULL - || (p2 = BINDIT(HWCryptoHook_Finish_t, n_hwcrhk_Finish)) == NULL - || (p3 = BINDIT(HWCryptoHook_ModExp_t, n_hwcrhk_ModExp)) == NULL -# ifndef OPENSSL_NO_RSA - || (p4 = BINDIT(HWCryptoHook_RSA_t, n_hwcrhk_RSA)) == NULL - || (p5 = BINDIT(HWCryptoHook_RSALoadKey_t, n_hwcrhk_RSALoadKey)) == NULL - || (p6 = BINDIT(HWCryptoHook_RSAGetPublicKey_t, n_hwcrhk_RSAGetPublicKey)) == NULL - || (p7 = BINDIT(HWCryptoHook_RSAUnloadKey_t, n_hwcrhk_RSAUnloadKey)) == NULL -# endif - || (p8 = BINDIT(HWCryptoHook_RandomBytes_t, n_hwcrhk_RandomBytes)) == NULL - || (p9 = BINDIT(HWCryptoHook_ModExpCRT_t, n_hwcrhk_ModExpCRT)) == NULL) { - HWCRHKerr(HWCRHK_F_HWCRHK_INIT, HWCRHK_R_DSO_FAILURE); - goto err; - } - /* Copy the pointers */ - p_hwcrhk_Init = p1; - p_hwcrhk_Finish = p2; - p_hwcrhk_ModExp = p3; -# ifndef OPENSSL_NO_RSA - p_hwcrhk_RSA = p4; - p_hwcrhk_RSALoadKey = p5; - p_hwcrhk_RSAGetPublicKey = p6; - p_hwcrhk_RSAUnloadKey = p7; -# endif - p_hwcrhk_RandomBytes = p8; - p_hwcrhk_ModExpCRT = p9; - - /* - * Check if the application decided to support dynamic locks, and if it - * does, use them. - */ - if (disable_mutex_callbacks == 0) { - hwcrhk_globals.mutex_init = hwcrhk_mutex_init; - hwcrhk_globals.mutex_acquire = hwcrhk_mutex_lock; - hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock; - hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy; - } - - /* - * Try and get a context - if not, we may have a DSO but no accelerator! - */ - if (!get_context(&hwcrhk_context, &password_context)) { - HWCRHKerr(HWCRHK_F_HWCRHK_INIT, HWCRHK_R_UNIT_FAILURE); - goto err; - } - /* Everything's fine. */ -# ifndef OPENSSL_NO_RSA - if (hndidx_rsa == -1) - hndidx_rsa = RSA_get_ex_new_index(0, - "nFast HWCryptoHook RSA key handle", - NULL, NULL, NULL); -# endif - return 1; - err: - DSO_free(hwcrhk_dso); - hwcrhk_dso = NULL; - p_hwcrhk_Init = NULL; - p_hwcrhk_Finish = NULL; - p_hwcrhk_ModExp = NULL; -# ifndef OPENSSL_NO_RSA - p_hwcrhk_RSA = NULL; - p_hwcrhk_RSALoadKey = NULL; - p_hwcrhk_RSAGetPublicKey = NULL; - p_hwcrhk_RSAUnloadKey = NULL; -# endif - p_hwcrhk_ModExpCRT = NULL; - p_hwcrhk_RandomBytes = NULL; - return 0; -} - -static int hwcrhk_finish(ENGINE *e) -{ - int to_return = 1; - free_HWCRHK_LIBNAME(); - if (hwcrhk_dso == NULL) { - HWCRHKerr(HWCRHK_F_HWCRHK_FINISH, HWCRHK_R_NOT_LOADED); - to_return = 0; - goto err; - } - release_context(hwcrhk_context); - if (!DSO_free(hwcrhk_dso)) { - HWCRHKerr(HWCRHK_F_HWCRHK_FINISH, HWCRHK_R_DSO_FAILURE); - to_return = 0; - goto err; - } - err: - BIO_free(logstream); - hwcrhk_dso = NULL; - p_hwcrhk_Init = NULL; - p_hwcrhk_Finish = NULL; - p_hwcrhk_ModExp = NULL; -# ifndef OPENSSL_NO_RSA - p_hwcrhk_RSA = NULL; - p_hwcrhk_RSALoadKey = NULL; - p_hwcrhk_RSAGetPublicKey = NULL; - p_hwcrhk_RSAUnloadKey = NULL; -# endif - p_hwcrhk_ModExpCRT = NULL; - p_hwcrhk_RandomBytes = NULL; - return to_return; -} - -static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) -{ - int to_return = 1; - - switch (cmd) { - case HWCRHK_CMD_SO_PATH: - if (hwcrhk_dso) { - HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, HWCRHK_R_ALREADY_LOADED); - return 0; - } - if (p == NULL) { - HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - return set_HWCRHK_LIBNAME((const char *)p); - case ENGINE_CTRL_SET_LOGSTREAM: - { - BIO *bio = (BIO *)p; - - CRYPTO_THREAD_write_lock(chil_lock); - BIO_free(logstream); - logstream = NULL; - if (BIO_up_ref(bio)) - logstream = bio; - else - HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, HWCRHK_R_BIO_WAS_FREED); - } - CRYPTO_THREAD_unlock(chil_lock); - break; - case ENGINE_CTRL_SET_PASSWORD_CALLBACK: - CRYPTO_THREAD_write_lock(chil_lock); - password_context.password_callback = (pem_password_cb *)f; - CRYPTO_THREAD_unlock(chil_lock); - break; - case ENGINE_CTRL_SET_USER_INTERFACE: - case HWCRHK_CMD_SET_USER_INTERFACE: - CRYPTO_THREAD_write_lock(chil_lock); - password_context.ui_method = (UI_METHOD *)p; - CRYPTO_THREAD_unlock(chil_lock); - break; - case ENGINE_CTRL_SET_CALLBACK_DATA: - case HWCRHK_CMD_SET_CALLBACK_DATA: - CRYPTO_THREAD_write_lock(chil_lock); - password_context.callback_data = p; - CRYPTO_THREAD_unlock(chil_lock); - break; - /* - * this enables or disables the "SimpleForkCheck" flag used in the - * initialisation structure. - */ - case ENGINE_CTRL_CHIL_SET_FORKCHECK: - case HWCRHK_CMD_FORK_CHECK: - CRYPTO_THREAD_write_lock(chil_lock); - if (i) - hwcrhk_globals.flags |= HWCryptoHook_InitFlags_SimpleForkCheck; - else - hwcrhk_globals.flags &= ~HWCryptoHook_InitFlags_SimpleForkCheck; - CRYPTO_THREAD_unlock(chil_lock); - break; - /* - * This will prevent the initialisation function from "installing" - * the mutex-handling callbacks, even if they are available from - * within the library (or were provided to the library from the - * calling application). This is to remove any baggage for - * applications not using multithreading. - */ - case ENGINE_CTRL_CHIL_NO_LOCKING: - CRYPTO_THREAD_write_lock(chil_lock); - disable_mutex_callbacks = 1; - CRYPTO_THREAD_unlock(chil_lock); - break; - case HWCRHK_CMD_THREAD_LOCKING: - CRYPTO_THREAD_write_lock(chil_lock); - disable_mutex_callbacks = ((i == 0) ? 0 : 1); - CRYPTO_THREAD_unlock(chil_lock); - break; - - /* The command isn't understood by this engine */ - default: - HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, - HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED); - to_return = 0; - break; - } - - return to_return; -} - -static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id, - UI_METHOD *ui_method, - void *callback_data) -{ -# ifndef OPENSSL_NO_RSA - RSA *rtmp = NULL; -# endif - EVP_PKEY *res = NULL; -# ifndef OPENSSL_NO_RSA - HWCryptoHook_MPI e, n; - HWCryptoHook_RSAKeyHandle *hptr; -# endif -# if !defined(OPENSSL_NO_RSA) - char tempbuf[1024]; - HWCryptoHook_ErrMsgBuf rmsg; - HWCryptoHook_PassphraseContext ppctx; -# endif - -# if !defined(OPENSSL_NO_RSA) - rmsg.buf = tempbuf; - rmsg.size = sizeof(tempbuf); -# endif - - if (!hwcrhk_context) { - HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_NOT_INITIALISED); - goto err; - } -# ifndef OPENSSL_NO_RSA - hptr = OPENSSL_malloc(sizeof(*hptr)); - if (hptr == NULL) { - HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE); - goto err; - } - ppctx.ui_method = ui_method; - ppctx.callback_data = callback_data; - if (p_hwcrhk_RSALoadKey(hwcrhk_context, key_id, hptr, &rmsg, &ppctx)) { - HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_CHIL_ERROR); - ERR_add_error_data(1, rmsg.buf); - goto err; - } - if (!*hptr) { - HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_NO_KEY); - goto err; - } -# endif -# ifndef OPENSSL_NO_RSA - rtmp = RSA_new_method(eng); - RSA_set_ex_data(rtmp, hndidx_rsa, (char *)hptr); - rtmp->e = BN_new(); - rtmp->n = BN_new(); - rtmp->flags |= RSA_FLAG_EXT_PKEY; - MPI2BN(rtmp->e, e); - MPI2BN(rtmp->n, n); - if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg) - != HWCRYPTOHOOK_ERROR_MPISIZE) { - HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_CHIL_ERROR); - ERR_add_error_data(1, rmsg.buf); - goto err; - } - - bn_expand2(rtmp->e, e.size / sizeof(BN_ULONG)); - bn_expand2(rtmp->n, n.size / sizeof(BN_ULONG)); - MPI2BN(rtmp->e, e); - MPI2BN(rtmp->n, n); - - if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg)) { - HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_CHIL_ERROR); - ERR_add_error_data(1, rmsg.buf); - goto err; - } - rtmp->e->top = e.size / sizeof(BN_ULONG); - bn_fix_top(rtmp->e); - rtmp->n->top = n.size / sizeof(BN_ULONG); - bn_fix_top(rtmp->n); - - res = EVP_PKEY_new(); - if (res == NULL) { - HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_CHIL_ERROR); - goto err; - } - EVP_PKEY_assign_RSA(res, rtmp); -# endif - - if (res == NULL) - HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, - HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED); - - return res; - err: -# ifndef OPENSSL_NO_RSA - RSA_free(rtmp); -# endif - return NULL; -} - -static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id, - UI_METHOD *ui_method, void *callback_data) -{ - EVP_PKEY *res = NULL; - -# ifndef OPENSSL_NO_RSA - res = hwcrhk_load_privkey(eng, key_id, ui_method, callback_data); -# endif - - if (res) - switch (res->type) { -# ifndef OPENSSL_NO_RSA - case EVP_PKEY_RSA: - { - RSA *rsa = NULL; - - CRYPTO_THREAD_write_lock(chil_lock); - rsa = res->pkey.rsa; - res->pkey.rsa = RSA_new(); - res->pkey.rsa->n = rsa->n; - res->pkey.rsa->e = rsa->e; - rsa->n = NULL; - rsa->e = NULL; - CRYPTO_THREAD_unlock(chil_lock); - RSA_free(rsa); - } - break; -# endif - default: - HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY, - HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED); - goto err; - } - - return res; - err: - EVP_PKEY_free(res); - return NULL; -} - -/* A little mod_exp */ -static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx) -{ - char tempbuf[1024]; - HWCryptoHook_ErrMsgBuf rmsg; - /* - * Since HWCryptoHook_MPI is pretty compatible with BIGNUM's, we use them - * directly, plus a little macro magic. We only thing we need to make - * sure of is that enough space is allocated. - */ - HWCryptoHook_MPI m_a, m_p, m_n, m_r; - int to_return, ret; - - to_return = 0; /* expect failure */ - rmsg.buf = tempbuf; - rmsg.size = sizeof(tempbuf); - - if (!hwcrhk_context) { - HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP, HWCRHK_R_NOT_INITIALISED); - goto err; - } - /* Prepare the params */ - bn_expand2(r, m->top); /* Check for error !! */ - BN2MPI(m_a, a); - BN2MPI(m_p, p); - BN2MPI(m_n, m); - MPI2BN(r, m_r); - - /* Perform the operation */ - ret = p_hwcrhk_ModExp(hwcrhk_context, m_a, m_p, m_n, &m_r, &rmsg); - - /* Convert the response */ - r->top = m_r.size / sizeof(BN_ULONG); - bn_fix_top(r); - - if (ret < 0) { - /* - * FIXME: When this error is returned, HWCryptoHook is telling us - * that falling back to software computation might be a good thing. - */ - if (ret == HWCRYPTOHOOK_ERROR_FALLBACK) { - HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP, HWCRHK_R_REQUEST_FALLBACK); - } else { - HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP, HWCRHK_R_REQUEST_FAILED); - } - ERR_add_error_data(1, rmsg.buf); - goto err; - } - - to_return = 1; - err: - return to_return; -} - -# ifndef OPENSSL_NO_RSA -static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, - BN_CTX *ctx) -{ - char tempbuf[1024]; - HWCryptoHook_ErrMsgBuf rmsg; - HWCryptoHook_RSAKeyHandle *hptr; - int to_return = 0, ret; - - rmsg.buf = tempbuf; - rmsg.size = sizeof(tempbuf); - - if (!hwcrhk_context) { - HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, HWCRHK_R_NOT_INITIALISED); - goto err; - } - - /* - * This provides support for nForce keys. Since that's opaque data all - * we do is provide a handle to the proper key and let HWCryptoHook take - * care of the rest. - */ - if ((hptr = - (HWCryptoHook_RSAKeyHandle *) RSA_get_ex_data(rsa, hndidx_rsa)) - != NULL) { - HWCryptoHook_MPI m_a, m_r; - - if (!rsa->n) { - HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, - HWCRHK_R_MISSING_KEY_COMPONENTS); - goto err; - } - - /* Prepare the params */ - bn_expand2(r, rsa->n->top); /* Check for error !! */ - BN2MPI(m_a, I); - MPI2BN(r, m_r); - - /* Perform the operation */ - ret = p_hwcrhk_RSA(m_a, *hptr, &m_r, &rmsg); - - /* Convert the response */ - r->top = m_r.size / sizeof(BN_ULONG); - bn_fix_top(r); - - if (ret < 0) { - /* - * FIXME: When this error is returned, HWCryptoHook is telling us - * that falling back to software computation might be a good - * thing. - */ - if (ret == HWCRYPTOHOOK_ERROR_FALLBACK) { - HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, - HWCRHK_R_REQUEST_FALLBACK); - } else { - HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, - HWCRHK_R_REQUEST_FAILED); - } - ERR_add_error_data(1, rmsg.buf); - goto err; - } - } else { - HWCryptoHook_MPI m_a, m_p, m_q, m_dmp1, m_dmq1, m_iqmp, m_r; - - if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) { - HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, - HWCRHK_R_MISSING_KEY_COMPONENTS); - goto err; - } - - /* Prepare the params */ - bn_expand2(r, rsa->n->top); /* Check for error !! */ - BN2MPI(m_a, I); - BN2MPI(m_p, rsa->p); - BN2MPI(m_q, rsa->q); - BN2MPI(m_dmp1, rsa->dmp1); - BN2MPI(m_dmq1, rsa->dmq1); - BN2MPI(m_iqmp, rsa->iqmp); - MPI2BN(r, m_r); - - /* Perform the operation */ - ret = p_hwcrhk_ModExpCRT(hwcrhk_context, m_a, m_p, m_q, - m_dmp1, m_dmq1, m_iqmp, &m_r, &rmsg); - - /* Convert the response */ - r->top = m_r.size / sizeof(BN_ULONG); - bn_fix_top(r); - - if (ret < 0) { - /* - * FIXME: When this error is returned, HWCryptoHook is telling us - * that falling back to software computation might be a good - * thing. - */ - if (ret == HWCRYPTOHOOK_ERROR_FALLBACK) { - HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, - HWCRHK_R_REQUEST_FALLBACK); - } else { - HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, - HWCRHK_R_REQUEST_FAILED); - } - ERR_add_error_data(1, rmsg.buf); - goto err; - } - } - /* - * If we're here, we must be here with some semblance of success :-) - */ - to_return = 1; - err: - return to_return; -} -# endif - -# ifndef OPENSSL_NO_RSA -/* This function is aliased to mod_exp (with the mont stuff dropped). */ -static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx) -{ - return hwcrhk_mod_exp(r, a, p, m, ctx); -} - -static int hwcrhk_rsa_finish(RSA *rsa) -{ - HWCryptoHook_RSAKeyHandle *hptr; - - hptr = RSA_get_ex_data(rsa, hndidx_rsa); - if (hptr) { - p_hwcrhk_RSAUnloadKey(*hptr, NULL); - OPENSSL_free(hptr); - RSA_set_ex_data(rsa, hndidx_rsa, NULL); - } - return 1; -} - -# endif - -# ifndef OPENSSL_NO_DH -/* This function is aliased to mod_exp (with the dh and mont dropped). */ -static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r, - const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) -{ - return hwcrhk_mod_exp(r, a, p, m, ctx); -} -# endif - -/* Random bytes are good */ -static int hwcrhk_rand_bytes(unsigned char *buf, int num) -{ - char tempbuf[1024]; - HWCryptoHook_ErrMsgBuf rmsg; - int to_return = 0; /* assume failure */ - int ret; - - rmsg.buf = tempbuf; - rmsg.size = sizeof(tempbuf); - - if (!hwcrhk_context) { - HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES, HWCRHK_R_NOT_INITIALISED); - goto err; - } - - ret = p_hwcrhk_RandomBytes(hwcrhk_context, buf, num, &rmsg); - if (ret < 0) { - /* - * FIXME: When this error is returned, HWCryptoHook is telling us - * that falling back to software computation might be a good thing. - */ - if (ret == HWCRYPTOHOOK_ERROR_FALLBACK) { - HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES, HWCRHK_R_REQUEST_FALLBACK); - } else { - HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES, HWCRHK_R_REQUEST_FAILED); - } - ERR_add_error_data(1, rmsg.buf); - goto err; - } - to_return = 1; - err: - return to_return; -} - -static int hwcrhk_rand_status(void) -{ - return 1; -} - -/* - * Mutex calls: since the HWCryptoHook model closely follows the POSIX model - * these just wrap the POSIX functions and add some logging. - */ - -static int hwcrhk_mutex_init(HWCryptoHook_Mutex * mt, - HWCryptoHook_CallerContext * cactx) -{ - mt->lock = CRYPTO_THREAD_lock_new(); - if (mt->lock == NULL) { - HWCRHKerr(HWCRHK_F_HWCRHK_MUTEX_INIT, ERR_R_MALLOC_FAILURE); - return 1; /* failure */ - } - return 0; /* success */ -} - -static int hwcrhk_mutex_lock(HWCryptoHook_Mutex * mt) -{ - CRYPTO_THREAD_write_lock(mt->lock); - return 0; -} - -static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex * mt) -{ - CRYPTO_THREAD_unlock(mt->lock); -} - -static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex * mt) -{ - CRYPTO_THREAD_lock_free(mt->lock); -} - -static int hwcrhk_get_pass(const char *prompt_info, - int *len_io, char *buf, - HWCryptoHook_PassphraseContext * ppctx, - HWCryptoHook_CallerContext * cactx) -{ - pem_password_cb *callback = NULL; - void *callback_data = NULL; - UI_METHOD *ui_method = NULL; - /* - * Despite what the documentation says prompt_info can be an empty - * string. - */ - if (prompt_info && !*prompt_info) - prompt_info = NULL; - - if (cactx) { - if (cactx->ui_method) - ui_method = cactx->ui_method; - if (cactx->password_callback) - callback = cactx->password_callback; - if (cactx->callback_data) - callback_data = cactx->callback_data; - } - if (ppctx) { - if (ppctx->ui_method) { - ui_method = ppctx->ui_method; - callback = NULL; - } - if (ppctx->callback_data) - callback_data = ppctx->callback_data; - } - if (callback == NULL && ui_method == NULL) { - HWCRHKerr(HWCRHK_F_HWCRHK_GET_PASS, HWCRHK_R_NO_CALLBACK); - return -1; - } - - if (ui_method) { - UI *ui = UI_new_method(ui_method); - if (ui) { - int ok; - char *prompt = UI_construct_prompt(ui, - "pass phrase", prompt_info); - - ok = UI_add_input_string(ui, prompt, - UI_INPUT_FLAG_DEFAULT_PWD, - buf, 0, (*len_io) - 1); - UI_add_user_data(ui, callback_data); - UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0); - - if (ok >= 0) - do { - ok = UI_process(ui); - } - while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0)); - - if (ok >= 0) - *len_io = strlen(buf); - - UI_free(ui); - OPENSSL_free(prompt); - } - } else { - *len_io = callback(buf, *len_io, 0, callback_data); - } - if (!*len_io) - return -1; - return 0; -} - -static int hwcrhk_insert_card(const char *prompt_info, - const char *wrong_info, - HWCryptoHook_PassphraseContext * ppctx, - HWCryptoHook_CallerContext * cactx) -{ - int ok = -1; - UI *ui; - void *callback_data = NULL; - UI_METHOD *ui_method = NULL; - - if (cactx) { - if (cactx->ui_method) - ui_method = cactx->ui_method; - if (cactx->callback_data) - callback_data = cactx->callback_data; - } - if (ppctx) { - if (ppctx->ui_method) - ui_method = ppctx->ui_method; - if (ppctx->callback_data) - callback_data = ppctx->callback_data; - } - if (ui_method == NULL) { - HWCRHKerr(HWCRHK_F_HWCRHK_INSERT_CARD, HWCRHK_R_NO_CALLBACK); - return -1; - } - - ui = UI_new_method(ui_method); - - if (ui) { - char answer = '\0'; - char buf[BUFSIZ]; - /* - * Despite what the documentation says wrong_info can be an empty - * string. - */ - if (wrong_info && *wrong_info) - BIO_snprintf(buf, sizeof(buf) - 1, - "Current card: \"%s\"\n", wrong_info); - else - buf[0] = 0; - ok = UI_dup_info_string(ui, buf); - if (ok >= 0 && prompt_info) { - BIO_snprintf(buf, sizeof(buf) - 1, - "Insert card \"%s\"", prompt_info); - ok = UI_dup_input_boolean(ui, buf, - "\n then hit or C to cancel\n", - "\r\n", "Cc", UI_INPUT_FLAG_ECHO, - &answer); - } - UI_add_user_data(ui, callback_data); - - if (ok >= 0) - ok = UI_process(ui); - UI_free(ui); - - if (ok == -2 || (ok >= 0 && answer == 'C')) - ok = 1; - else if (ok < 0) - ok = -1; - else - ok = 0; - } - return ok; -} - -static void hwcrhk_log_message(void *logstr, const char *message) -{ - BIO *lstream = NULL; - - if (logstr) - lstream = *(BIO **)logstr; - if (lstream) { - BIO_printf(lstream, "%s\n", message); - } -} - -/* - * This stuff is needed if this ENGINE is being compiled into a - * self-contained shared-library. - */ -# ifndef OPENSSL_NO_DYNAMIC_ENGINE -static int bind_fn(ENGINE *e, const char *id) -{ - if (id && (strcmp(id, engine_hwcrhk_id) != 0) && - (strcmp(id, engine_hwcrhk_id_alt) != 0)) - return 0; - if (!bind_helper(e)) - return 0; - return 1; -} - -IMPLEMENT_DYNAMIC_CHECK_FN() - IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) -# endif /* OPENSSL_NO_DYNAMIC_ENGINE */ -# endif /* !OPENSSL_NO_HW_CHIL */ -#endif /* !OPENSSL_NO_HW */ diff --git a/deps/openssl/openssl/engines/e_chil.ec b/deps/openssl/openssl/engines/e_chil.ec deleted file mode 100644 index b5a76e17df672b..00000000000000 --- a/deps/openssl/openssl/engines/e_chil.ec +++ /dev/null @@ -1 +0,0 @@ -L HWCRHK e_chil_err.h e_chil_err.c diff --git a/deps/openssl/openssl/engines/e_chil_err.c b/deps/openssl/openssl/engines/e_chil_err.c deleted file mode 100644 index 0058684f79c269..00000000000000 --- a/deps/openssl/openssl/engines/e_chil_err.c +++ /dev/null @@ -1,111 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#include -#include -#include "e_chil_err.h" - -/* BEGIN ERROR CODES */ -#ifndef OPENSSL_NO_ERR - -# define ERR_FUNC(func) ERR_PACK(0,func,0) -# define ERR_REASON(reason) ERR_PACK(0,0,reason) - -static ERR_STRING_DATA HWCRHK_str_functs[] = { - {ERR_FUNC(HWCRHK_F_HWCRHK_CTRL), "HWCRHK_CTRL"}, - {ERR_FUNC(HWCRHK_F_HWCRHK_FINISH), "HWCRHK_FINISH"}, - {ERR_FUNC(HWCRHK_F_HWCRHK_GET_PASS), "HWCRHK_GET_PASS"}, - {ERR_FUNC(HWCRHK_F_HWCRHK_INIT), "HWCRHK_INIT"}, - {ERR_FUNC(HWCRHK_F_HWCRHK_INSERT_CARD), "HWCRHK_INSERT_CARD"}, - {ERR_FUNC(HWCRHK_F_HWCRHK_LOAD_PRIVKEY), "HWCRHK_LOAD_PRIVKEY"}, - {ERR_FUNC(HWCRHK_F_HWCRHK_LOAD_PUBKEY), "HWCRHK_LOAD_PUBKEY"}, - {ERR_FUNC(HWCRHK_F_HWCRHK_MOD_EXP), "HWCRHK_MOD_EXP"}, - {ERR_FUNC(HWCRHK_F_HWCRHK_RAND_BYTES), "HWCRHK_RAND_BYTES"}, - {ERR_FUNC(HWCRHK_F_HWCRHK_RSA_MOD_EXP), "HWCRHK_RSA_MOD_EXP"}, - {0, NULL} -}; - -static ERR_STRING_DATA HWCRHK_str_reasons[] = { - {ERR_REASON(HWCRHK_R_ALREADY_LOADED), "already loaded"}, - {ERR_REASON(HWCRHK_R_BIO_WAS_FREED), "bio was freed"}, - {ERR_REASON(HWCRHK_R_CHIL_ERROR), "chil error"}, - {ERR_REASON(HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED), - "ctrl command not implemented"}, - {ERR_REASON(HWCRHK_R_DSO_FAILURE), "dso failure"}, - {ERR_REASON(HWCRHK_R_MISSING_KEY_COMPONENTS), "missing key components"}, - {ERR_REASON(HWCRHK_R_NOT_INITIALISED), "not initialised"}, - {ERR_REASON(HWCRHK_R_NOT_LOADED), "not loaded"}, - {ERR_REASON(HWCRHK_R_NO_CALLBACK), "no callback"}, - {ERR_REASON(HWCRHK_R_NO_KEY), "no key"}, - {ERR_REASON(HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED), - "private key algorithms disabled"}, - {ERR_REASON(HWCRHK_R_REQUEST_FAILED), "request failed"}, - {ERR_REASON(HWCRHK_R_REQUEST_FALLBACK), "request fallback"}, - {ERR_REASON(HWCRHK_R_UNIT_FAILURE), "unit failure"}, - {0, NULL} -}; - -#endif - -#ifdef HWCRHK_LIB_NAME -static ERR_STRING_DATA HWCRHK_lib_name[] = { - {0, HWCRHK_LIB_NAME}, - {0, NULL} -}; -#endif - -static int HWCRHK_lib_error_code = 0; -static int HWCRHK_error_init = 1; - -static void ERR_load_HWCRHK_strings(void) -{ - if (HWCRHK_lib_error_code == 0) - HWCRHK_lib_error_code = ERR_get_next_error_library(); - - if (HWCRHK_error_init) { - HWCRHK_error_init = 0; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(HWCRHK_lib_error_code, HWCRHK_str_functs); - ERR_load_strings(HWCRHK_lib_error_code, HWCRHK_str_reasons); -#endif - -#ifdef HWCRHK_LIB_NAME - HWCRHK_lib_name->error = ERR_PACK(HWCRHK_lib_error_code, 0, 0); - ERR_load_strings(0, HWCRHK_lib_name); -#endif - } -} - -static void ERR_unload_HWCRHK_strings(void) -{ - if (HWCRHK_error_init == 0) { -#ifndef OPENSSL_NO_ERR - ERR_unload_strings(HWCRHK_lib_error_code, HWCRHK_str_functs); - ERR_unload_strings(HWCRHK_lib_error_code, HWCRHK_str_reasons); -#endif - -#ifdef HWCRHK_LIB_NAME - ERR_unload_strings(0, HWCRHK_lib_name); -#endif - HWCRHK_error_init = 1; - } -} - -static void ERR_HWCRHK_error(int function, int reason, char *file, int line) -{ - if (HWCRHK_lib_error_code == 0) - HWCRHK_lib_error_code = ERR_get_next_error_library(); - ERR_PUT_error(HWCRHK_lib_error_code, function, reason, file, line); -} diff --git a/deps/openssl/openssl/engines/e_chil_err.h b/deps/openssl/openssl/engines/e_chil_err.h deleted file mode 100644 index b0f0dd98d3d54e..00000000000000 --- a/deps/openssl/openssl/engines/e_chil_err.h +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#ifndef HEADER_HWCRHK_ERR_H -# define HEADER_HWCRHK_ERR_H - -#ifdef __cplusplus -extern "C" { -#endif - -/* BEGIN ERROR CODES */ -static void ERR_load_HWCRHK_strings(void); -static void ERR_unload_HWCRHK_strings(void); -static void ERR_HWCRHK_error(int function, int reason, char *file, int line); -# define HWCRHKerr(f,r) ERR_HWCRHK_error((f),(r),OPENSSL_FILE,OPENSSL_LINE) - -/* Error codes for the HWCRHK functions. */ - -/* Function codes. */ -# define HWCRHK_F_HWCRHK_CTRL 100 -# define HWCRHK_F_HWCRHK_FINISH 101 -# define HWCRHK_F_HWCRHK_GET_PASS 102 -# define HWCRHK_F_HWCRHK_INIT 103 -# define HWCRHK_F_HWCRHK_INSERT_CARD 104 -# define HWCRHK_F_HWCRHK_LOAD_PRIVKEY 105 -# define HWCRHK_F_HWCRHK_LOAD_PUBKEY 106 -# define HWCRHK_F_HWCRHK_MOD_EXP 107 -# define HWCRHK_F_HWCRHK_RAND_BYTES 108 -# define HWCRHK_F_HWCRHK_RSA_MOD_EXP 109 -# define HWCRHK_F_BIND_HELPER 110 -# define HWCRHK_F_HWCRHK_MUTEX_INIT 111 - -/* Reason codes. */ -# define HWCRHK_R_ALREADY_LOADED 100 -# define HWCRHK_R_BIO_WAS_FREED 101 -# define HWCRHK_R_CHIL_ERROR 102 -# define HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED 103 -# define HWCRHK_R_DSO_FAILURE 104 -# define HWCRHK_R_MISSING_KEY_COMPONENTS 105 -# define HWCRHK_R_NOT_INITIALISED 106 -# define HWCRHK_R_NOT_LOADED 107 -# define HWCRHK_R_NO_CALLBACK 108 -# define HWCRHK_R_NO_KEY 109 -# define HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED 110 -# define HWCRHK_R_REQUEST_FAILED 111 -# define HWCRHK_R_REQUEST_FALLBACK 112 -# define HWCRHK_R_UNIT_FAILURE 113 - -#ifdef __cplusplus -} -#endif -#endif diff --git a/deps/openssl/openssl/engines/e_dasync.c b/deps/openssl/openssl/engines/e_dasync.c index b672a3a6fa4c33..b005f421a66043 100644 --- a/deps/openssl/openssl/engines/e_dasync.c +++ b/deps/openssl/openssl/engines/e_dasync.c @@ -34,7 +34,6 @@ # define ASYNC_WIN #endif -#define DASYNC_LIB_NAME "DASYNC" #include "e_dasync_err.c" /* Engine Id and Name */ @@ -438,8 +437,8 @@ static void dummy_pause_job(void) { #endif *writefd = pipefds[1]; - if(!ASYNC_WAIT_CTX_set_wait_fd(waitctx, engine_dasync_id, pipefds[0], - writefd, wait_cleanup)) { + if (!ASYNC_WAIT_CTX_set_wait_fd(waitctx, engine_dasync_id, pipefds[0], + writefd, wait_cleanup)) { wait_cleanup(waitctx, engine_dasync_id, pipefds[0], writefd); return; } diff --git a/deps/openssl/openssl/engines/e_dasync.ec b/deps/openssl/openssl/engines/e_dasync.ec index 385faa0b6213c1..3d56ebcc5f6aa5 100644 --- a/deps/openssl/openssl/engines/e_dasync.ec +++ b/deps/openssl/openssl/engines/e_dasync.ec @@ -1 +1,3 @@ -L DASYNC e_dasync_err.h e_dasync_err.c +# The INPUT HEADER is scanned for declarations +# LIBNAME INPUT HEADER ERROR-TABLE FILE +L DASYNC e_dasync_err.h e_dasync_err.c diff --git a/deps/openssl/openssl/engines/e_dasync.txt b/deps/openssl/openssl/engines/e_dasync.txt new file mode 100644 index 00000000000000..bff64bcf2f5411 --- /dev/null +++ b/deps/openssl/openssl/engines/e_dasync.txt @@ -0,0 +1,22 @@ +# Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# Function codes +DASYNC_F_BIND_DASYNC:107:bind_dasync +DASYNC_F_CIPHER_AES_128_CBC_CODE:100:* +DASYNC_F_DASYNC_AES128_CBC_HMAC_SHA1_INIT_KEY:109:* +DASYNC_F_DASYNC_AES128_INIT_KEY:108:* +DASYNC_F_DASYNC_BN_MOD_EXP:101:* +DASYNC_F_DASYNC_CIPHER_INIT_KEY_HELPER:110:dasync_cipher_init_key_helper +DASYNC_F_DASYNC_MOD_EXP:102:* +DASYNC_F_DASYNC_PRIVATE_DECRYPT:103:* +DASYNC_F_DASYNC_PRIVATE_ENCRYPT:104:* +DASYNC_F_DASYNC_PUBLIC_DECRYPT:105:* +DASYNC_F_DASYNC_PUBLIC_ENCRYPT:106:* + +#Reason codes +DASYNC_R_INIT_FAILED:100:init failed diff --git a/deps/openssl/openssl/engines/e_dasync_err.c b/deps/openssl/openssl/engines/e_dasync_err.c index a9e77653142839..794fb710cf6e54 100644 --- a/deps/openssl/openssl/engines/e_dasync_err.c +++ b/deps/openssl/openssl/engines/e_dasync_err.c @@ -1,5 +1,6 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,96 +8,66 @@ * https://www.openssl.org/source/license.html */ -/* - * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#include #include #include "e_dasync_err.h" -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -# define ERR_FUNC(func) ERR_PACK(0,func,0) -# define ERR_REASON(reason) ERR_PACK(0,0,reason) - static ERR_STRING_DATA DASYNC_str_functs[] = { - {ERR_FUNC(DASYNC_F_BIND_DASYNC), "bind_dasync"}, - {ERR_FUNC(DASYNC_F_CIPHER_AES_128_CBC_CODE), "CIPHER_AES_128_CBC_CODE"}, - {ERR_FUNC(DASYNC_F_DASYNC_AES128_CBC_HMAC_SHA1_INIT_KEY), - "dasync_aes128_cbc_hmac_sha1_init_key"}, - {ERR_FUNC(DASYNC_F_DASYNC_AES128_INIT_KEY), "dasync_aes128_init_key"}, - {ERR_FUNC(DASYNC_F_DASYNC_BN_MOD_EXP), "DASYNC_BN_MOD_EXP"}, - {ERR_FUNC(DASYNC_F_DASYNC_CIPHER_INIT_KEY_HELPER), + {ERR_PACK(0, DASYNC_F_BIND_DASYNC, 0), "bind_dasync"}, + {ERR_PACK(0, DASYNC_F_CIPHER_AES_128_CBC_CODE, 0), ""}, + {ERR_PACK(0, DASYNC_F_DASYNC_AES128_CBC_HMAC_SHA1_INIT_KEY, 0), ""}, + {ERR_PACK(0, DASYNC_F_DASYNC_AES128_INIT_KEY, 0), ""}, + {ERR_PACK(0, DASYNC_F_DASYNC_BN_MOD_EXP, 0), ""}, + {ERR_PACK(0, DASYNC_F_DASYNC_CIPHER_INIT_KEY_HELPER, 0), "dasync_cipher_init_key_helper"}, - {ERR_FUNC(DASYNC_F_DASYNC_MOD_EXP), "DASYNC_MOD_EXP"}, - {ERR_FUNC(DASYNC_F_DASYNC_PRIVATE_DECRYPT), "DASYNC_PRIVATE_DECRYPT"}, - {ERR_FUNC(DASYNC_F_DASYNC_PRIVATE_ENCRYPT), "DASYNC_PRIVATE_ENCRYPT"}, - {ERR_FUNC(DASYNC_F_DASYNC_PUBLIC_DECRYPT), "DASYNC_PUBLIC_DECRYPT"}, - {ERR_FUNC(DASYNC_F_DASYNC_PUBLIC_ENCRYPT), "DASYNC_PUBLIC_ENCRYPT"}, + {ERR_PACK(0, DASYNC_F_DASYNC_MOD_EXP, 0), ""}, + {ERR_PACK(0, DASYNC_F_DASYNC_PRIVATE_DECRYPT, 0), ""}, + {ERR_PACK(0, DASYNC_F_DASYNC_PRIVATE_ENCRYPT, 0), ""}, + {ERR_PACK(0, DASYNC_F_DASYNC_PUBLIC_DECRYPT, 0), ""}, + {ERR_PACK(0, DASYNC_F_DASYNC_PUBLIC_ENCRYPT, 0), ""}, {0, NULL} }; static ERR_STRING_DATA DASYNC_str_reasons[] = { - {ERR_REASON(DASYNC_R_INIT_FAILED), "init failed"}, - {ERR_REASON(DASYNC_R_LENGTH_NOT_BLOCK_ALIGNED), - "length not block aligned"}, - {ERR_REASON(DASYNC_R_UNKNOWN_FAULT), "unknown fault"}, + {ERR_PACK(0, 0, DASYNC_R_INIT_FAILED), "init failed"}, {0, NULL} }; #endif -#ifdef DASYNC_LIB_NAME -static ERR_STRING_DATA DASYNC_lib_name[] = { - {0, DASYNC_LIB_NAME}, - {0, NULL} -}; -#endif - -static int DASYNC_lib_error_code = 0; -static int DASYNC_error_init = 1; +static int lib_code = 0; +static int error_loaded = 0; -static void ERR_load_DASYNC_strings(void) +static int ERR_load_DASYNC_strings(void) { - if (DASYNC_lib_error_code == 0) - DASYNC_lib_error_code = ERR_get_next_error_library(); + if (lib_code == 0) + lib_code = ERR_get_next_error_library(); - if (DASYNC_error_init) { - DASYNC_error_init = 0; + if (!error_loaded) { #ifndef OPENSSL_NO_ERR - ERR_load_strings(DASYNC_lib_error_code, DASYNC_str_functs); - ERR_load_strings(DASYNC_lib_error_code, DASYNC_str_reasons); -#endif - -#ifdef DASYNC_LIB_NAME - DASYNC_lib_name->error = ERR_PACK(DASYNC_lib_error_code, 0, 0); - ERR_load_strings(0, DASYNC_lib_name); + ERR_load_strings(lib_code, DASYNC_str_functs); + ERR_load_strings(lib_code, DASYNC_str_reasons); #endif + error_loaded = 1; } + return 1; } static void ERR_unload_DASYNC_strings(void) { - if (DASYNC_error_init == 0) { + if (error_loaded) { #ifndef OPENSSL_NO_ERR - ERR_unload_strings(DASYNC_lib_error_code, DASYNC_str_functs); - ERR_unload_strings(DASYNC_lib_error_code, DASYNC_str_reasons); -#endif - -#ifdef DASYNC_LIB_NAME - ERR_unload_strings(0, DASYNC_lib_name); + ERR_unload_strings(lib_code, DASYNC_str_functs); + ERR_unload_strings(lib_code, DASYNC_str_reasons); #endif - DASYNC_error_init = 1; + error_loaded = 0; } } static void ERR_DASYNC_error(int function, int reason, char *file, int line) { - if (DASYNC_lib_error_code == 0) - DASYNC_lib_error_code = ERR_get_next_error_library(); - ERR_PUT_error(DASYNC_lib_error_code, function, reason, file, line); + if (lib_code == 0) + lib_code = ERR_get_next_error_library(); + ERR_PUT_error(lib_code, function, reason, file, line); } diff --git a/deps/openssl/openssl/engines/e_dasync_err.h b/deps/openssl/openssl/engines/e_dasync_err.h index b01fead2acb16e..7c2c0278790b56 100644 --- a/deps/openssl/openssl/engines/e_dasync_err.h +++ b/deps/openssl/openssl/engines/e_dasync_err.h @@ -1,5 +1,6 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,28 +8,15 @@ * https://www.openssl.org/source/license.html */ -/* - * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#ifndef HEADER_DASYNC_ERR_H -# define HEADER_DASYNC_ERR_H - -#ifdef __cplusplus -extern "C" { -#endif +#ifndef HEADER_DASYNCERR_H +# define HEADER_DASYNCERR_H -/* BEGIN ERROR CODES */ -static void ERR_load_DASYNC_strings(void); -static void ERR_unload_DASYNC_strings(void); -static void ERR_DASYNC_error(int function, int reason, char *file, int line); -# define DASYNCerr(f,r) ERR_DASYNC_error((f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define DASYNCerr(f, r) ERR_DASYNC_error((f), (r), OPENSSL_FILE, OPENSSL_LINE) -/* Error codes for the DASYNC functions. */ -/* Function codes. */ +/* + * DASYNC function codes. + */ # define DASYNC_F_BIND_DASYNC 107 # define DASYNC_F_CIPHER_AES_128_CBC_CODE 100 # define DASYNC_F_DASYNC_AES128_CBC_HMAC_SHA1_INIT_KEY 109 @@ -41,12 +29,9 @@ static void ERR_DASYNC_error(int function, int reason, char *file, int line); # define DASYNC_F_DASYNC_PUBLIC_DECRYPT 105 # define DASYNC_F_DASYNC_PUBLIC_ENCRYPT 106 -/* Reason codes. */ -# define DASYNC_R_INIT_FAILED 102 -# define DASYNC_R_LENGTH_NOT_BLOCK_ALIGNED 100 -# define DASYNC_R_UNKNOWN_FAULT 101 +/* + * DASYNC reason codes. + */ +# define DASYNC_R_INIT_FAILED 100 -#ifdef __cplusplus -} -#endif #endif diff --git a/deps/openssl/openssl/engines/e_ossltest.c b/deps/openssl/openssl/engines/e_ossltest.c index b4c83cb7c3f868..64376247c3f033 100644 --- a/deps/openssl/openssl/engines/e_ossltest.c +++ b/deps/openssl/openssl/engines/e_ossltest.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -23,9 +23,9 @@ #include #include #include +#include #include -#define OSSLTEST_LIB_NAME "OSSLTEST" #include "e_ossltest_err.c" /* Engine Id and Name */ @@ -43,6 +43,7 @@ void ENGINE_load_ossltest(void); /* Set up digests */ static int ossltest_digests(ENGINE *e, const EVP_MD **digest, const int **nids, int nid); +static const RAND_METHOD *ossltest_rand_method(void); /* MD5 */ static int digest_md5_init(EVP_MD_CTX *ctx); @@ -226,7 +227,7 @@ static int ossltest_ciphers(ENGINE *, const EVP_CIPHER **, const int **, int); static int ossltest_cipher_nids[] = { - NID_aes_128_cbc, 0 + NID_aes_128_cbc, NID_aes_128_gcm, 0 }; /* AES128 */ @@ -235,6 +236,12 @@ int ossltest_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); int ossltest_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl); +int ossltest_aes128_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); +int ossltest_aes128_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl); +static int ossltest_aes128_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, + void *ptr); static EVP_CIPHER *_hidden_aes_128_cbc = NULL; static const EVP_CIPHER *ossltest_aes_128_cbc(void) @@ -258,9 +265,40 @@ static const EVP_CIPHER *ossltest_aes_128_cbc(void) } return _hidden_aes_128_cbc; } +static EVP_CIPHER *_hidden_aes_128_gcm = NULL; + +#define AES_GCM_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \ + | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ + | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \ + | EVP_CIPH_CUSTOM_COPY |EVP_CIPH_FLAG_AEAD_CIPHER \ + | EVP_CIPH_GCM_MODE) + +static const EVP_CIPHER *ossltest_aes_128_gcm(void) +{ + if (_hidden_aes_128_gcm == NULL + && ((_hidden_aes_128_gcm = EVP_CIPHER_meth_new(NID_aes_128_gcm, + 1 /* block size */, + 16 /* key len */)) == NULL + || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_gcm,12) + || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_gcm, AES_GCM_FLAGS) + || !EVP_CIPHER_meth_set_init(_hidden_aes_128_gcm, + ossltest_aes128_gcm_init_key) + || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_gcm, + ossltest_aes128_gcm_cipher) + || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_gcm, + ossltest_aes128_gcm_ctrl) + || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_gcm, + EVP_CIPHER_impl_ctx_size(EVP_aes_128_gcm())))) { + EVP_CIPHER_meth_free(_hidden_aes_128_gcm); + _hidden_aes_128_gcm = NULL; + } + return _hidden_aes_128_gcm; +} + static void destroy_ciphers(void) { EVP_CIPHER_meth_free(_hidden_aes_128_cbc); + EVP_CIPHER_meth_free(_hidden_aes_128_gcm); _hidden_aes_128_cbc = NULL; } @@ -273,6 +311,7 @@ static int bind_ossltest(ENGINE *e) || !ENGINE_set_name(e, engine_ossltest_name) || !ENGINE_set_digests(e, ossltest_digests) || !ENGINE_set_ciphers(e, ossltest_ciphers) + || !ENGINE_set_RAND(e, ossltest_rand_method()) || !ENGINE_set_destroy_function(e, ossltest_destroy) || !ENGINE_set_init_function(e, ossltest_init) || !ENGINE_set_finish_function(e, ossltest_finish)) { @@ -389,6 +428,9 @@ static int ossltest_ciphers(ENGINE *e, const EVP_CIPHER **cipher, case NID_aes_128_cbc: *cipher = ossltest_aes_128_cbc(); break; + case NID_aes_128_gcm: + *cipher = ossltest_aes_128_gcm(); + break; default: ok = 0; *cipher = NULL; @@ -551,18 +593,104 @@ int ossltest_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, int ret; tmpbuf = OPENSSL_malloc(inl); - if (tmpbuf == NULL) + + /* OPENSSL_malloc will return NULL if inl == 0 */ + if (tmpbuf == NULL && inl > 0) return -1; /* Remember what we were asked to encrypt */ - memcpy(tmpbuf, in, inl); + if (tmpbuf != NULL) + memcpy(tmpbuf, in, inl); /* Go through the motions of encrypting it */ ret = EVP_CIPHER_meth_get_do_cipher(EVP_aes_128_cbc())(ctx, out, in, inl); /* Throw it all away and just use the plaintext as the output */ - memcpy(out, tmpbuf, inl); + if (tmpbuf != NULL) + memcpy(out, tmpbuf, inl); OPENSSL_free(tmpbuf); return ret; } + +int ossltest_aes128_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + return EVP_CIPHER_meth_get_init(EVP_aes_128_gcm()) (ctx, key, iv, enc); +} + + +int ossltest_aes128_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) +{ + unsigned char *tmpbuf = OPENSSL_malloc(inl); + + /* OPENSSL_malloc will return NULL if inl == 0 */ + if (tmpbuf == NULL && inl > 0) + return -1; + + /* Remember what we were asked to encrypt */ + if (tmpbuf != NULL) + memcpy(tmpbuf, in, inl); + + /* Go through the motions of encrypting it */ + EVP_CIPHER_meth_get_do_cipher(EVP_aes_128_gcm())(ctx, out, in, inl); + + /* Throw it all away and just use the plaintext as the output */ + if (tmpbuf != NULL && out != NULL) + memcpy(out, tmpbuf, inl); + OPENSSL_free(tmpbuf); + + return inl; +} + +static int ossltest_aes128_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, + void *ptr) +{ + /* Pass the ctrl down */ + int ret = EVP_CIPHER_meth_get_ctrl(EVP_aes_128_gcm())(ctx, type, arg, ptr); + + if (ret <= 0) + return ret; + + switch(type) { + case EVP_CTRL_AEAD_GET_TAG: + /* Always give the same tag */ + memset(ptr, 0, EVP_GCM_TLS_TAG_LEN); + break; + + default: + break; + } + + return 1; +} + +static int ossltest_rand_bytes(unsigned char *buf, int num) +{ + unsigned char val = 1; + + while (--num >= 0) + *buf++ = val++; + return 1; +} + +static int ossltest_rand_status(void) +{ + return 1; +} + +static const RAND_METHOD *ossltest_rand_method(void) +{ + + static RAND_METHOD osslt_rand_meth = { + NULL, + ossltest_rand_bytes, + NULL, + NULL, + ossltest_rand_bytes, + ossltest_rand_status + }; + + return &osslt_rand_meth; +} diff --git a/deps/openssl/openssl/engines/e_ossltest.ec b/deps/openssl/openssl/engines/e_ossltest.ec index d8a1befa203d6a..a4a55ecb3f69c0 100644 --- a/deps/openssl/openssl/engines/e_ossltest.ec +++ b/deps/openssl/openssl/engines/e_ossltest.ec @@ -1 +1,3 @@ -L OSSLTEST e_ossltest_err.h e_ossltest_err.c +# The INPUT HEADER is scanned for declarations +# LIBNAME INPUT HEADER ERROR-TABLE FILE +L OSSLTEST e_ossltest_err.h e_ossltest_err.c diff --git a/deps/openssl/openssl/engines/e_ossltest.txt b/deps/openssl/openssl/engines/e_ossltest.txt new file mode 100644 index 00000000000000..2b2e31a0756bf6 --- /dev/null +++ b/deps/openssl/openssl/engines/e_ossltest.txt @@ -0,0 +1,13 @@ +# Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# Function codes +OSSLTEST_F_BIND_OSSLTEST:100:bind_ossltest +OSSLTEST_F_OSSLTEST_AES128_INIT_KEY:101:* + +#Reason codes +OSSLTEST_R_INIT_FAILED:100:init failed diff --git a/deps/openssl/openssl/engines/e_ossltest_err.c b/deps/openssl/openssl/engines/e_ossltest_err.c index 71d05788d1c4d8..920a13a6922a67 100644 --- a/deps/openssl/openssl/engines/e_ossltest_err.c +++ b/deps/openssl/openssl/engines/e_ossltest_err.c @@ -1,5 +1,6 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,83 +8,56 @@ * https://www.openssl.org/source/license.html */ -/* - * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#include #include #include "e_ossltest_err.h" -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -# define ERR_FUNC(func) ERR_PACK(0,func,0) -# define ERR_REASON(reason) ERR_PACK(0,0,reason) - static ERR_STRING_DATA OSSLTEST_str_functs[] = { - {ERR_FUNC(OSSLTEST_F_BIND_OSSLTEST), "BIND_OSSLTEST"}, - {ERR_FUNC(OSSLTEST_F_OSSLTEST_AES128_INIT_KEY), - "OSSLTEST_AES128_INIT_KEY"}, + {ERR_PACK(0, OSSLTEST_F_BIND_OSSLTEST, 0), "bind_ossltest"}, + {ERR_PACK(0, OSSLTEST_F_OSSLTEST_AES128_INIT_KEY, 0), ""}, {0, NULL} }; static ERR_STRING_DATA OSSLTEST_str_reasons[] = { - {ERR_REASON(OSSLTEST_R_INIT_FAILED), "init failed"}, + {ERR_PACK(0, 0, OSSLTEST_R_INIT_FAILED), "init failed"}, {0, NULL} }; #endif -#ifdef OSSLTEST_LIB_NAME -static ERR_STRING_DATA OSSLTEST_lib_name[] = { - {0, OSSLTEST_LIB_NAME}, - {0, NULL} -}; -#endif - -static int OSSLTEST_lib_error_code = 0; -static int OSSLTEST_error_init = 1; +static int lib_code = 0; +static int error_loaded = 0; -static void ERR_load_OSSLTEST_strings(void) +static int ERR_load_OSSLTEST_strings(void) { - if (OSSLTEST_lib_error_code == 0) - OSSLTEST_lib_error_code = ERR_get_next_error_library(); + if (lib_code == 0) + lib_code = ERR_get_next_error_library(); - if (OSSLTEST_error_init) { - OSSLTEST_error_init = 0; + if (!error_loaded) { #ifndef OPENSSL_NO_ERR - ERR_load_strings(OSSLTEST_lib_error_code, OSSLTEST_str_functs); - ERR_load_strings(OSSLTEST_lib_error_code, OSSLTEST_str_reasons); -#endif - -#ifdef OSSLTEST_LIB_NAME - OSSLTEST_lib_name->error = ERR_PACK(OSSLTEST_lib_error_code, 0, 0); - ERR_load_strings(0, OSSLTEST_lib_name); + ERR_load_strings(lib_code, OSSLTEST_str_functs); + ERR_load_strings(lib_code, OSSLTEST_str_reasons); #endif + error_loaded = 1; } + return 1; } static void ERR_unload_OSSLTEST_strings(void) { - if (OSSLTEST_error_init == 0) { + if (error_loaded) { #ifndef OPENSSL_NO_ERR - ERR_unload_strings(OSSLTEST_lib_error_code, OSSLTEST_str_functs); - ERR_unload_strings(OSSLTEST_lib_error_code, OSSLTEST_str_reasons); -#endif - -#ifdef OSSLTEST_LIB_NAME - ERR_unload_strings(0, OSSLTEST_lib_name); + ERR_unload_strings(lib_code, OSSLTEST_str_functs); + ERR_unload_strings(lib_code, OSSLTEST_str_reasons); #endif - OSSLTEST_error_init = 1; + error_loaded = 0; } } static void ERR_OSSLTEST_error(int function, int reason, char *file, int line) { - if (OSSLTEST_lib_error_code == 0) - OSSLTEST_lib_error_code = ERR_get_next_error_library(); - ERR_PUT_error(OSSLTEST_lib_error_code, function, reason, file, line); + if (lib_code == 0) + lib_code = ERR_get_next_error_library(); + ERR_PUT_error(lib_code, function, reason, file, line); } diff --git a/deps/openssl/openssl/engines/e_ossltest_err.h b/deps/openssl/openssl/engines/e_ossltest_err.h index a323c398f6e288..e745c1a236d4db 100644 --- a/deps/openssl/openssl/engines/e_ossltest_err.h +++ b/deps/openssl/openssl/engines/e_ossltest_err.h @@ -1,5 +1,6 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,35 +8,21 @@ * https://www.openssl.org/source/license.html */ -/* - * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#ifndef HEADER_OSSLTEST_ERR_H -# define HEADER_OSSLTEST_ERR_H - -#ifdef __cplusplus -extern "C" { -#endif +#ifndef HEADER_OSSLTESTERR_H +# define HEADER_OSSLTESTERR_H -/* BEGIN ERROR CODES */ -static void ERR_load_OSSLTEST_strings(void); -static void ERR_unload_OSSLTEST_strings(void); -static void ERR_OSSLTEST_error(int function, int reason, char *file, int line); -# define OSSLTESTerr(f,r) ERR_OSSLTEST_error((f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define OSSLTESTerr(f, r) ERR_OSSLTEST_error((f), (r), OPENSSL_FILE, OPENSSL_LINE) -/* Error codes for the OSSLTEST functions. */ -/* Function codes. */ +/* + * OSSLTEST function codes. + */ # define OSSLTEST_F_BIND_OSSLTEST 100 # define OSSLTEST_F_OSSLTEST_AES128_INIT_KEY 101 -/* Reason codes. */ +/* + * OSSLTEST reason codes. + */ # define OSSLTEST_R_INIT_FAILED 100 -#ifdef __cplusplus -} -#endif #endif diff --git a/deps/openssl/openssl/engines/e_padlock.c b/deps/openssl/openssl/engines/e_padlock.c index b86f1655044813..f6b1f169810e43 100644 --- a/deps/openssl/openssl/engines/e_padlock.c +++ b/deps/openssl/openssl/engines/e_padlock.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -199,10 +199,10 @@ struct padlock_cipher_data { }; /* Interface to assembler module */ -unsigned int padlock_capability(); +unsigned int padlock_capability(void); void padlock_key_bswap(AES_KEY *key); void padlock_verify_context(struct padlock_cipher_data *ctx); -void padlock_reload_key(); +void padlock_reload_key(void); void padlock_aes_block(void *out, const void *inp, struct padlock_cipher_data *ctx); int padlock_ecb_encrypt(void *out, const void *inp, diff --git a/deps/openssl/openssl/engines/e_padlock.ec b/deps/openssl/openssl/engines/e_padlock.ec deleted file mode 100644 index 5c8a1d26a5b787..00000000000000 --- a/deps/openssl/openssl/engines/e_padlock.ec +++ /dev/null @@ -1 +0,0 @@ -L PADLOCK e_padlock_err.h e_padlock_err.c diff --git a/deps/openssl/openssl/engines/vendor_defns/hwcryptohook.h b/deps/openssl/openssl/engines/vendor_defns/hwcryptohook.h deleted file mode 100644 index c3dcd56f4fc5a0..00000000000000 --- a/deps/openssl/openssl/engines/vendor_defns/hwcryptohook.h +++ /dev/null @@ -1,509 +0,0 @@ -/* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/*- - * ModExp / RSA (with/without KM) plugin API - * - * The application will load a dynamic library which - * exports entrypoint(s) defined in this file. - * - * This set of entrypoints provides only a multithreaded, - * synchronous-within-each-thread, facility. - * - * - * This file is Copyright 1998-2000 nCipher Corporation Limited. - * - * Redistribution and use in source and binary forms, with opr without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the copyright notice, - * this list of conditions, and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions, and the following - * disclaimer, in the documentation and/or other materials provided - * with the distribution - * - * IN NO EVENT SHALL NCIPHER CORPORATION LIMITED (`NCIPHER') AND/OR - * ANY OTHER AUTHORS OR DISTRIBUTORS OF THIS FILE BE LIABLE for any - * damages arising directly or indirectly from this file, its use or - * this licence. Without prejudice to the generality of the - * foregoing: all liability shall be excluded for direct, indirect, - * special, incidental, consequential or other damages or any loss of - * profits, business, revenue goodwill or anticipated savings; - * liability shall be excluded even if nCipher or anyone else has been - * advised of the possibility of damage. In any event, if the - * exclusion of liability is not effective, the liability of nCipher - * or any author or distributor shall be limited to the lesser of the - * price paid and 1,000 pounds sterling. This licence only fails to - * exclude or limit liability for death or personal injury arising out - * of negligence, and only to the extent that such an exclusion or - * limitation is not effective. - * - * NCIPHER AND THE AUTHORS AND DISTRIBUTORS SPECIFICALLY DISCLAIM ALL - * AND ANY WARRANTIES (WHETHER EXPRESS OR IMPLIED), including, but not - * limited to, any implied warranties of merchantability, fitness for - * a particular purpose, satisfactory quality, and/or non-infringement - * of any third party rights. - * - * US Government use: This software and documentation is Commercial - * Computer Software and Computer Software Documentation, as defined in - * sub-paragraphs (a)(1) and (a)(5) of DFAR 252.227-7014, "Rights in - * Noncommercial Computer Software and Noncommercial Computer Software - * Documentation." Use, duplication or disclosure by the Government is - * subject to the terms and conditions specified here. - * - * By using or distributing this file you will be accepting these - * terms and conditions, including the limitation of liability and - * lack of warranty. If you do not wish to accept these terms and - * conditions, DO NOT USE THE FILE. - * - * - * The actual dynamically loadable plugin, and the library files for - * static linking, which are also provided in some distributions, are - * not covered by the licence described above. You should have - * received a separate licence with terms and conditions for these - * library files; if you received the library files without a licence, - * please contact nCipher. - * - */ - -#ifndef HWCRYPTOHOOK_H -# define HWCRYPTOHOOK_H - -# include -# include - -# ifndef HWCRYPTOHOOK_DECLARE_APPTYPES -# define HWCRYPTOHOOK_DECLARE_APPTYPES 1 -# endif - -# define HWCRYPTOHOOK_ERROR_FAILED -1 -# define HWCRYPTOHOOK_ERROR_FALLBACK -2 -# define HWCRYPTOHOOK_ERROR_MPISIZE -3 - -# if HWCRYPTOHOOK_DECLARE_APPTYPES - -/*- - * These structs are defined by the application and opaque to the - * crypto plugin. The application may define these as it sees fit. - * Default declarations are provided here, but the application may - * #define HWCRYPTOHOOK_DECLARE_APPTYPES 0 - * to prevent these declarations, and instead provide its own - * declarations of these types. (Pointers to them must still be - * ordinary pointers to structs or unions, or the resulting combined - * program will have a type inconsistency.) - */ -typedef struct HWCryptoHook_MutexValue HWCryptoHook_Mutex; -typedef struct HWCryptoHook_CondVarValue HWCryptoHook_CondVar; -typedef struct HWCryptoHook_PassphraseContextValue - HWCryptoHook_PassphraseContext; -typedef struct HWCryptoHook_CallerContextValue HWCryptoHook_CallerContext; - -# endif /* HWCRYPTOHOOK_DECLARE_APPTYPES */ - -/*- - * These next two structs are opaque to the application. The crypto - * plugin will return pointers to them; the caller simply manipulates - * the pointers. - */ -typedef struct HWCryptoHook_Context *HWCryptoHook_ContextHandle; -typedef struct HWCryptoHook_RSAKey *HWCryptoHook_RSAKeyHandle; - -typedef struct { - char *buf; - size_t size; -} HWCryptoHook_ErrMsgBuf; -/*- - * Used for error reporting. When a HWCryptoHook function fails it - * will return a sentinel value (0 for pointer-valued functions, or a - * negative number, usually HWCRYPTOHOOK_ERROR_FAILED, for - * integer-valued ones). It will, if an ErrMsgBuf is passed, also put - * an error message there. - * - * size is the size of the buffer, and will not be modified. If you - * pass 0 for size you must pass 0 for buf, and nothing will be - * recorded (just as if you passed 0 for the struct pointer). - * Messages written to the buffer will always be null-terminated, even - * when truncated to fit within size bytes. - * - * The contents of the buffer are not defined if there is no error. - */ - -typedef struct HWCryptoHook_MPIStruct { - unsigned char *buf; - size_t size; -} HWCryptoHook_MPI; -/*- - * When one of these is returned, a pointer is passed to the function. - * At call, size is the space available. Afterwards it is updated to - * be set to the actual length (which may be more than the space available, - * if there was not enough room and the result was truncated). - * buf (the pointer) is not updated. - * - * size is in bytes and may be zero at call or return, but must be a - * multiple of the limb size. Zero limbs at the MS end are not - * permitted. - */ - -# define HWCryptoHook_InitFlags_FallbackModExp 0x0002UL -# define HWCryptoHook_InitFlags_FallbackRSAImmed 0x0004UL -/*- - * Enable requesting fallback to software in case of problems with the - * hardware support. This indicates to the crypto provider that the - * application is prepared to fall back to software operation if the - * ModExp* or RSAImmed* functions return HWCRYPTOHOOK_ERROR_FALLBACK. - * Without this flag those calls will never return - * HWCRYPTOHOOK_ERROR_FALLBACK. The flag will also cause the crypto - * provider to avoid repeatedly attempting to contact dead hardware - * within a short interval, if appropriate. - */ - -# define HWCryptoHook_InitFlags_SimpleForkCheck 0x0010UL -/*- - * Without _SimpleForkCheck the library is allowed to assume that the - * application will not fork and call the library in the child(ren). - * - * When it is specified, this is allowed. However, after a fork - * neither parent nor child may unload any loaded keys or call - * _Finish. Instead, they should call exit (or die with a signal) - * without calling _Finish. After all the children have died the - * parent may unload keys or call _Finish. - * - * This flag only has any effect on UN*X platforms. - */ - -typedef struct { - unsigned long flags; - void *logstream; /* usually a FILE*. See below. */ - size_t limbsize; /* bignum format - size of radix type, must - * be power of 2 */ - int mslimbfirst; /* 0 or 1 */ - int msbytefirst; /* 0 or 1; -1 = native */ - /*- - * All the callback functions should return 0 on success, or a - * nonzero integer (whose value will be visible in the error message - * put in the buffer passed to the call). - * - * If a callback is not available pass a null function pointer. - * - * The callbacks may not call down again into the crypto plugin. - */ - /*- - * For thread-safety. Set everything to 0 if you promise only to be - * singlethreaded. maxsimultaneous is the number of calls to - * ModExp[Crt]/RSAImmed{Priv,Pub}/RSA. If you don't know what to - * put there then say 0 and the hook library will use a default. - * - * maxmutexes is a small limit on the number of simultaneous mutexes - * which will be requested by the library. If there is no small - * limit, set it to 0. If the crypto plugin cannot create the - * advertised number of mutexes the calls to its functions may fail. - * If a low number of mutexes is advertised the plugin will try to - * do the best it can. Making larger numbers of mutexes available - * may improve performance and parallelism by reducing contention - * over critical sections. Unavailability of any mutexes, implying - * single-threaded operation, should be indicated by the setting - * mutex_init et al to 0. - */ - int maxmutexes; - int maxsimultaneous; - size_t mutexsize; - int (*mutex_init) (HWCryptoHook_Mutex *, - HWCryptoHook_CallerContext * cactx); - int (*mutex_acquire) (HWCryptoHook_Mutex *); - void (*mutex_release) (HWCryptoHook_Mutex *); - void (*mutex_destroy) (HWCryptoHook_Mutex *); - /*- - * For greater efficiency, can use condition vars internally for - * synchronisation. In this case maxsimultaneous is ignored, but - * the other mutex stuff must be available. In singlethreaded - * programs, set everything to 0. - */ - size_t condvarsize; - int (*condvar_init) (HWCryptoHook_CondVar *, - HWCryptoHook_CallerContext * cactx); - int (*condvar_wait) (HWCryptoHook_CondVar *, HWCryptoHook_Mutex *); - void (*condvar_signal) (HWCryptoHook_CondVar *); - void (*condvar_broadcast) (HWCryptoHook_CondVar *); - void (*condvar_destroy) (HWCryptoHook_CondVar *); - /*- - * The semantics of acquiring and releasing mutexes and broadcasting - * and waiting on condition variables are expected to be those from - * POSIX threads (pthreads). The mutexes may be (in pthread-speak) - * fast mutexes, recursive mutexes, or nonrecursive ones. - * - * The _release/_signal/_broadcast and _destroy functions must - * always succeed when given a valid argument; if they are given an - * invalid argument then the program (crypto plugin + application) - * has an internal error, and they should abort the program. - */ - int (*getpassphrase) (const char *prompt_info, - int *len_io, char *buf, - HWCryptoHook_PassphraseContext * ppctx, - HWCryptoHook_CallerContext * cactx); - /*- - * Passphrases and the prompt_info, if they contain high-bit-set - * characters, are UTF-8. The prompt_info may be a null pointer if - * no prompt information is available (it should not be an empty - * string). It will not contain text like `enter passphrase'; - * instead it might say something like `Operator Card for John - * Smith' or `SmartCard in nFast Module #1, Slot #1'. - * - * buf points to a buffer in which to return the passphrase; on - * entry *len_io is the length of the buffer. It should be updated - * by the callback. The returned passphrase should not be - * null-terminated by the callback. - */ - int (*getphystoken) (const char *prompt_info, - const char *wrong_info, - HWCryptoHook_PassphraseContext * ppctx, - HWCryptoHook_CallerContext * cactx); - /*- - * Requests that the human user physically insert a different - * smartcard, DataKey, etc. The plugin should check whether the - * currently inserted token(s) are appropriate, and if they are it - * should not make this call. - * - * prompt_info is as before. wrong_info is a description of the - * currently inserted token(s) so that the user is told what - * something is. wrong_info, like prompt_info, may be null, but - * should not be an empty string. Its contents should be - * syntactically similar to that of prompt_info. - */ - /*- - * Note that a single LoadKey operation might cause several calls to - * getpassphrase and/or requestphystoken. If requestphystoken is - * not provided (ie, a null pointer is passed) then the plugin may - * not support loading keys for which authorisation by several cards - * is required. If getpassphrase is not provided then cards with - * passphrases may not be supported. - * - * getpassphrase and getphystoken do not need to check that the - * passphrase has been entered correctly or the correct token - * inserted; the crypto plugin will do that. If this is not the - * case then the crypto plugin is responsible for calling these - * routines again as appropriate until the correct token(s) and - * passphrase(s) are supplied as required, or until any retry limits - * implemented by the crypto plugin are reached. - * - * In either case, the application must allow the user to say `no' - * or `cancel' to indicate that they do not know the passphrase or - * have the appropriate token; this should cause the callback to - * return nonzero indicating error. - */ - void (*logmessage) (void *logstream, const char *message); - /*- - * A log message will be generated at least every time something goes - * wrong and an ErrMsgBuf is filled in (or would be if one was - * provided). Other diagnostic information may be written there too, - * including more detailed reasons for errors which are reported in an - * ErrMsgBuf. - * - * When a log message is generated, this callback is called. It - * should write a message to the relevant logging arrangements. - * - * The message string passed will be null-terminated and may be of arbitrary - * length. It will not be prefixed by the time and date, nor by the - * name of the library that is generating it - if this is required, - * the logmessage callback must do it. The message will not have a - * trailing newline (though it may contain internal newlines). - * - * If a null pointer is passed for logmessage a default function is - * used. The default function treats logstream as a FILE* which has - * been converted to a void*. If logstream is 0 it does nothing. - * Otherwise it prepends the date and time and library name and - * writes the message to logstream. Each line will be prefixed by a - * descriptive string containing the date, time and identity of the - * crypto plugin. Errors on the logstream are not reported - * anywhere, and the default function doesn't flush the stream, so - * the application must set the buffering how it wants it. - * - * The crypto plugin may also provide a facility to have copies of - * log messages sent elsewhere, and or for adjusting the verbosity - * of the log messages; any such facilities will be configured by - * external means. - */ -} HWCryptoHook_InitInfo; - -typedef -HWCryptoHook_ContextHandle HWCryptoHook_Init_t(const HWCryptoHook_InitInfo * - initinfo, size_t initinfosize, - const HWCryptoHook_ErrMsgBuf * - errors, - HWCryptoHook_CallerContext * - cactx); -extern HWCryptoHook_Init_t HWCryptoHook_Init; - -/*- - * Caller should set initinfosize to the size of the HWCryptoHook struct, - * so it can be extended later. - * - * On success, a message for display or logging by the server, - * including the name and version number of the plugin, will be filled - * in into *errors; on failure *errors is used for error handling, as - * usual. - */ - -/*- - * All these functions return 0 on success, HWCRYPTOHOOK_ERROR_FAILED - * on most failures. HWCRYPTOHOOK_ERROR_MPISIZE means at least one of - * the output MPI buffer(s) was too small; the sizes of all have been - * set to the desired size (and for those where the buffer was large - * enough, the value may have been copied in), and no error message - * has been recorded. - * - * You may pass 0 for the errors struct. In any case, unless you set - * _NoStderr at init time then messages may be reported to stderr. - */ - -/*- - * The RSAImmed* functions (and key managed RSA) only work with - * modules which have an RSA patent licence - currently that means KM - * units; the ModExp* ones work with all modules, so you need a patent - * licence in the software in the US. They are otherwise identical. - */ - -typedef -void HWCryptoHook_Finish_t(HWCryptoHook_ContextHandle hwctx); -extern HWCryptoHook_Finish_t HWCryptoHook_Finish; -/* You must not have any calls going or keys loaded when you call this. */ - -typedef -int HWCryptoHook_RandomBytes_t(HWCryptoHook_ContextHandle hwctx, - unsigned char *buf, size_t len, - const HWCryptoHook_ErrMsgBuf * errors); -extern HWCryptoHook_RandomBytes_t HWCryptoHook_RandomBytes; - -typedef -int HWCryptoHook_ModExp_t(HWCryptoHook_ContextHandle hwctx, - HWCryptoHook_MPI a, - HWCryptoHook_MPI p, - HWCryptoHook_MPI n, - HWCryptoHook_MPI * r, - const HWCryptoHook_ErrMsgBuf * errors); -extern HWCryptoHook_ModExp_t HWCryptoHook_ModExp; - -typedef -int HWCryptoHook_RSAImmedPub_t(HWCryptoHook_ContextHandle hwctx, - HWCryptoHook_MPI m, - HWCryptoHook_MPI e, - HWCryptoHook_MPI n, - HWCryptoHook_MPI * r, - const HWCryptoHook_ErrMsgBuf * errors); -extern HWCryptoHook_RSAImmedPub_t HWCryptoHook_RSAImmedPub; - -typedef -int HWCryptoHook_ModExpCRT_t(HWCryptoHook_ContextHandle hwctx, - HWCryptoHook_MPI a, - HWCryptoHook_MPI p, - HWCryptoHook_MPI q, - HWCryptoHook_MPI dmp1, - HWCryptoHook_MPI dmq1, - HWCryptoHook_MPI iqmp, - HWCryptoHook_MPI * r, - const HWCryptoHook_ErrMsgBuf * errors); -extern HWCryptoHook_ModExpCRT_t HWCryptoHook_ModExpCRT; - -typedef -int HWCryptoHook_RSAImmedPriv_t(HWCryptoHook_ContextHandle hwctx, - HWCryptoHook_MPI m, - HWCryptoHook_MPI p, - HWCryptoHook_MPI q, - HWCryptoHook_MPI dmp1, - HWCryptoHook_MPI dmq1, - HWCryptoHook_MPI iqmp, - HWCryptoHook_MPI * r, - const HWCryptoHook_ErrMsgBuf * errors); -extern HWCryptoHook_RSAImmedPriv_t HWCryptoHook_RSAImmedPriv; - -/*- - * The RSAImmed* and ModExp* functions may return E_FAILED or - * E_FALLBACK for failure. - * - * E_FAILED means the failure is permanent and definite and there - * should be no attempt to fall back to software. (Eg, for some - * applications, which support only the acceleration-only - * functions, the `key material' may actually be an encoded key - * identifier, and doing the operation in software would give wrong - * answers.) - * - * E_FALLBACK means that doing the computation in software would seem - * reasonable. If an application pays attention to this and is - * able to fall back, it should also set the Fallback init flags. - */ - -typedef -int HWCryptoHook_RSALoadKey_t(HWCryptoHook_ContextHandle hwctx, - const char *key_ident, - HWCryptoHook_RSAKeyHandle * keyhandle_r, - const HWCryptoHook_ErrMsgBuf * errors, - HWCryptoHook_PassphraseContext * ppctx); -extern HWCryptoHook_RSALoadKey_t HWCryptoHook_RSALoadKey; -/*- - * The key_ident is a null-terminated string configured by the - * user via the application's usual configuration mechanisms. - * It is provided to the user by the crypto provider's key management - * system. The user must be able to enter at least any string of between - * 1 and 1023 characters inclusive, consisting of printable 7-bit - * ASCII characters. The provider should avoid using - * any characters except alphanumerics and the punctuation - * characters _ - + . / @ ~ (the user is expected to be able - * to enter these without quoting). The string may be case-sensitive. - * The application may allow the user to enter other NULL-terminated strings, - * and the provider must cope (returning an error if the string is not - * valid). - * - * If the key does not exist, no error is recorded and 0 is returned; - * keyhandle_r will be set to 0 instead of to a key handle. - */ - -typedef -int HWCryptoHook_RSAGetPublicKey_t(HWCryptoHook_RSAKeyHandle k, - HWCryptoHook_MPI * n, - HWCryptoHook_MPI * e, - const HWCryptoHook_ErrMsgBuf * errors); -extern HWCryptoHook_RSAGetPublicKey_t HWCryptoHook_RSAGetPublicKey; -/*- - * The crypto plugin will not store certificates. - * - * Although this function for acquiring the public key value is - * provided, it is not the purpose of this API to deal fully with the - * handling of the public key. - * - * It is expected that the crypto supplier's key generation program - * will provide general facilities for producing X.509 - * self-certificates and certificate requests in PEM format. These - * will be given to the user so that they can configure them in the - * application, send them to CAs, or whatever. - * - * In case this kind of certificate handling is not appropriate, the - * crypto supplier's key generation program should be able to be - * configured not to generate such a self-certificate or certificate - * request. Then the application will need to do all of this, and - * will need to store and handle the public key and certificates - * itself. - */ - -typedef -int HWCryptoHook_RSAUnloadKey_t(HWCryptoHook_RSAKeyHandle k, - const HWCryptoHook_ErrMsgBuf * errors); -extern HWCryptoHook_RSAUnloadKey_t HWCryptoHook_RSAUnloadKey; -/* Might fail due to locking problems, or other serious internal problems. */ - -typedef -int HWCryptoHook_RSA_t(HWCryptoHook_MPI m, - HWCryptoHook_RSAKeyHandle k, - HWCryptoHook_MPI * r, - const HWCryptoHook_ErrMsgBuf * errors); -extern HWCryptoHook_RSA_t HWCryptoHook_RSA; -/* RSA private key operation (sign or decrypt) - raw, unpadded. */ - -#endif /* HWCRYPTOHOOK_H */ diff --git a/deps/openssl/openssl/fuzz/README.md b/deps/openssl/openssl/fuzz/README.md index c5a1ba9c9ae205..44c73f857e6288 100644 --- a/deps/openssl/openssl/fuzz/README.md +++ b/deps/openssl/openssl/fuzz/README.md @@ -27,7 +27,7 @@ /~https://github.com/llvm-mirror/llvm/tree/master/lib/Fuzzer if you prefer): $ sudo apt-get install subversion $ mkdir svn-work $ cd svn-work - $ svn co http://llvm.org/svn/llvm-project/llvm/trunk/lib/Fuzzer + $ svn co https://llvm.org/svn/llvm-project/compiler-rt/trunk/lib/fuzzer Fuzzer $ cd Fuzzer $ clang++ -c -g -O2 -std=c++11 *.cpp $ ar r libFuzzer.a *.o @@ -37,8 +37,14 @@ Configure for fuzzing: $ CC=clang ./config enable-fuzz-libfuzzer \ --with-fuzzer-include=../../svn-work/Fuzzer \ - --with-fuzzer-lib=../../svn-work/Fuzzer/libFuzzer \ - -DPEDANTIC enable-asan enable-ubsan no-shared + --with-fuzzer-lib=../../svn-work/Fuzzer/libFuzzer.a \ + -DPEDANTIC enable-asan enable-ubsan no-shared \ + -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION \ + -fsanitize-coverage=trace-pc-guard,indirect-calls,trace-cmp \ + enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment enable-tls1_3 \ + enable-weak-ssl-ciphers enable-rc5 enable-md2 \ + enable-ssl3 enable-ssl3-method enable-nextprotoneg \ + --debug $ sudo apt-get install make $ LDCMD=clang++ make -j $ fuzz/helper.py $FUZZER @@ -46,9 +52,7 @@ Configure for fuzzing: Where $FUZZER is one of the executables in `fuzz/`. If you get a crash, you should find a corresponding input file in -`fuzz/corpora/$FUZZER-crash/`. You can reproduce the crash with - - $ fuzz/$FUZZER +`fuzz/corpora/$FUZZER-crash/`. AFL === @@ -56,11 +60,72 @@ AFL Configure for fuzzing: $ sudo apt-get install afl-clang - $ CC=afl-clang-fast ./config enable-fuzz-afl no-shared + $ CC=afl-clang-fast ./config enable-fuzz-afl no-shared -DPEDANTIC \ + enable-tls1_3 enable-weak-ssl-ciphers enable-rc5 enable-md2 \ + enable-ssl3 enable-ssl3-method enable-nextprotoneg \ + enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment \ + --debug $ make +The following options can also be enabled: enable-asan, enable-ubsan, enable-msan + Run one of the fuzzers: $ afl-fuzz -i fuzz/corpora/$FUZZER -o fuzz/corpora/$FUZZER/out fuzz/$FUZZER Where $FUZZER is one of the executables in `fuzz/`. + +Reproducing issues +================== + +If a fuzzer generates a reproducible error, you can reproduce the problem using +the fuzz/*-test binaries and the file generated by the fuzzer. They binaries +don't need to be build for fuzzing, there is no need to set CC or the call +config with enable-fuzz-* or -fsanitize-coverage, but some of the other options +above might be needed. For instance the enable-asan or enable-ubsan option might +be useful to show you when the problem happens. For the client and server fuzzer +it might be needed to use -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION to +reproduce the generated random numbers. + +To reproduce the crash you can run: + + $ fuzz/$FUZZER-test $file + +Random numbers +============== + +The client and server fuzzer normally generate random numbers as part of the TLS +connection setup. This results in the coverage of the fuzzing corpus changing +depending on the random numbers. This also has an effect for coverage of the +rest of the test suite and you see the coverage change for each commit even when +no code has been modified. + +Since we want to maximize the coverage of the fuzzing corpus, the client and +server fuzzer will use predictable numbers instead of the random numbers. This +is controlled by the FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION define. + +The coverage depends on the way the numbers are generated. We don't disable any +check of hashes, but the corpus has the correct hash in it for the random +numbers that were generated. For instance the client fuzzer will always generate +the same client hello with the same random number in it, and so the server, as +emulated by the file, can be generated for that client hello. + +Coverage changes +================ + +Since the corpus depends on the default behaviour of the client and the server, +changes in what they send by default will have an impact on the coverage. The +corpus will need to be updated in that case. + +Updating the corpus +=================== + +The client and server corpus is generated with multiple config options: +- The options as documented above +- Without enable-ec_nistp_64_gcc_128 and without --debug +- With no-asm +- Using 32 bit +- A default config, plus options needed to generate the fuzzer. + +The libfuzzer merge option is used to add the additional coverage +from each config to the minimal set. diff --git a/deps/openssl/openssl/fuzz/asn1.c b/deps/openssl/openssl/fuzz/asn1.c index 5125f363ffc017..fd2271bf5212e3 100644 --- a/deps/openssl/openssl/fuzz/asn1.c +++ b/deps/openssl/openssl/fuzz/asn1.c @@ -27,8 +27,15 @@ #include #include #include +#include +#include +#include +#include +#include #include "fuzzer.h" +#include "rand.inc" + static ASN1_ITEM_EXP *item_type[] = { ASN1_ITEM_ref(ACCESS_DESCRIPTION), #ifndef OPENSSL_NO_RFC3779 @@ -99,7 +106,9 @@ static ASN1_ITEM_EXP *item_type[] = { ASN1_ITEM_ref(IPAddressRange), #endif ASN1_ITEM_ref(ISSUING_DIST_POINT), +#if OPENSSL_API_COMPAT < 0x10200000L ASN1_ITEM_ref(LONG), +#endif ASN1_ITEM_ref(NAME_CONSTRAINTS), ASN1_ITEM_ref(NETSCAPE_CERT_SEQUENCE), ASN1_ITEM_ref(NETSCAPE_SPKAC), @@ -159,7 +168,6 @@ static ASN1_ITEM_EXP *item_type[] = { ASN1_ITEM_ref(RSAPublicKey), ASN1_ITEM_ref(SXNET), ASN1_ITEM_ref(SXNETID), - /*ASN1_ITEM_ref(TS_RESP), want to do this, but type is hidden, however d2i exists... */ ASN1_ITEM_ref(USERNOTICE), ASN1_ITEM_ref(X509), ASN1_ITEM_ref(X509_ALGOR), @@ -179,25 +187,112 @@ static ASN1_ITEM_EXP *item_type[] = { ASN1_ITEM_ref(X509_REVOKED), ASN1_ITEM_ref(X509_SIG), ASN1_ITEM_ref(X509_VAL), +#if OPENSSL_API_COMPAT < 0x10200000L ASN1_ITEM_ref(ZLONG), +#endif + ASN1_ITEM_ref(INT32), + ASN1_ITEM_ref(ZINT32), + ASN1_ITEM_ref(UINT32), + ASN1_ITEM_ref(ZUINT32), + ASN1_ITEM_ref(INT64), + ASN1_ITEM_ref(ZINT64), + ASN1_ITEM_ref(UINT64), + ASN1_ITEM_ref(ZUINT64), NULL }; -int FuzzerInitialize(int *argc, char ***argv) { - return 1; +static ASN1_PCTX *pctx; + +#define DO_TEST(TYPE, D2I, I2D, PRINT) { \ + const unsigned char *p = buf; \ + unsigned char *der = NULL; \ + TYPE *type = D2I(NULL, &p, len); \ + \ + if (type != NULL) { \ + int len2; \ + BIO *bio = BIO_new(BIO_s_null()); \ + \ + PRINT(bio, type); \ + BIO_free(bio); \ + len2 = I2D(type, &der); \ + if (len2 != 0) {} \ + OPENSSL_free(der); \ + TYPE ## _free(type); \ + } \ } -int FuzzerTestOneInput(const uint8_t *buf, size_t len) { - int n; +#define DO_TEST_PRINT_OFFSET(TYPE, D2I, I2D, PRINT) { \ + const unsigned char *p = buf; \ + unsigned char *der = NULL; \ + TYPE *type = D2I(NULL, &p, len); \ + \ + if (type != NULL) { \ + BIO *bio = BIO_new(BIO_s_null()); \ + \ + PRINT(bio, type, 0); \ + BIO_free(bio); \ + I2D(type, &der); \ + OPENSSL_free(der); \ + TYPE ## _free(type); \ + } \ +} + +#define DO_TEST_PRINT_PCTX(TYPE, D2I, I2D, PRINT) { \ + const unsigned char *p = buf; \ + unsigned char *der = NULL; \ + TYPE *type = D2I(NULL, &p, len); \ + \ + if (type != NULL) { \ + BIO *bio = BIO_new(BIO_s_null()); \ + \ + PRINT(bio, type, 0, pctx); \ + BIO_free(bio); \ + I2D(type, &der); \ + OPENSSL_free(der); \ + TYPE ## _free(type); \ + } \ +} - ASN1_PCTX *pctx = ASN1_PCTX_new(); +#define DO_TEST_NO_PRINT(TYPE, D2I, I2D) { \ + const unsigned char *p = buf; \ + unsigned char *der = NULL; \ + TYPE *type = D2I(NULL, &p, len); \ + \ + if (type != NULL) { \ + BIO *bio = BIO_new(BIO_s_null()); \ + \ + BIO_free(bio); \ + I2D(type, &der); \ + OPENSSL_free(der); \ + TYPE ## _free(type); \ + } \ +} + + +int FuzzerInitialize(int *argc, char ***argv) +{ + pctx = ASN1_PCTX_new(); ASN1_PCTX_set_flags(pctx, ASN1_PCTX_FLAGS_SHOW_ABSENT | ASN1_PCTX_FLAGS_SHOW_SEQUENCE | ASN1_PCTX_FLAGS_SHOW_SSOF | ASN1_PCTX_FLAGS_SHOW_TYPE | ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME); ASN1_PCTX_set_str_flags(pctx, ASN1_STRFLGS_UTF8_CONVERT | ASN1_STRFLGS_SHOW_TYPE | ASN1_STRFLGS_DUMP_ALL); + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL); + ERR_get_state(); + CRYPTO_free_ex_index(0, -1); + FuzzerSetRand(); + + return 1; +} + +int FuzzerTestOneInput(const uint8_t *buf, size_t len) +{ + int n; + + for (n = 0; item_type[n] != NULL; ++n) { const uint8_t *b = buf; unsigned char *der = NULL; @@ -206,17 +301,52 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) { if (o != NULL) { BIO *bio = BIO_new(BIO_s_null()); + ASN1_item_print(bio, o, 4, i, pctx); BIO_free(bio); - ASN1_item_i2d(o, &der, i); OPENSSL_free(der); - ASN1_item_free(o, i); } } - ASN1_PCTX_free(pctx); +#ifndef OPENSSL_NO_TS + DO_TEST(TS_REQ, d2i_TS_REQ, i2d_TS_REQ, TS_REQ_print_bio); + DO_TEST(TS_MSG_IMPRINT, d2i_TS_MSG_IMPRINT, i2d_TS_MSG_IMPRINT, TS_MSG_IMPRINT_print_bio); + DO_TEST(TS_RESP, d2i_TS_RESP, i2d_TS_RESP, TS_RESP_print_bio); + DO_TEST(TS_STATUS_INFO, d2i_TS_STATUS_INFO, i2d_TS_STATUS_INFO, TS_STATUS_INFO_print_bio); + DO_TEST(TS_TST_INFO, d2i_TS_TST_INFO, i2d_TS_TST_INFO, TS_TST_INFO_print_bio); + DO_TEST_NO_PRINT(TS_ACCURACY, d2i_TS_ACCURACY, i2d_TS_ACCURACY); + DO_TEST_NO_PRINT(ESS_ISSUER_SERIAL, d2i_ESS_ISSUER_SERIAL, i2d_ESS_ISSUER_SERIAL); + DO_TEST_NO_PRINT(ESS_CERT_ID, d2i_ESS_CERT_ID, i2d_ESS_CERT_ID); + DO_TEST_NO_PRINT(ESS_SIGNING_CERT, d2i_ESS_SIGNING_CERT, i2d_ESS_SIGNING_CERT); +#endif +#ifndef OPENSSL_NO_DH + DO_TEST(DH, d2i_DHparams, i2d_DHparams, DHparams_print); + DO_TEST(DH, d2i_DHxparams, i2d_DHxparams, DHparams_print); +#endif +#ifndef OPENSSL_NO_DSA + DO_TEST_NO_PRINT(DSA_SIG, d2i_DSA_SIG, i2d_DSA_SIG); + DO_TEST_PRINT_OFFSET(DSA, d2i_DSAPrivateKey, i2d_DSAPrivateKey, DSA_print); + DO_TEST_PRINT_OFFSET(DSA, d2i_DSAPublicKey, i2d_DSAPublicKey, DSA_print); + DO_TEST(DSA, d2i_DSAparams, i2d_DSAparams, DSAparams_print); +#endif + DO_TEST_PRINT_OFFSET(RSA, d2i_RSAPublicKey, i2d_RSAPublicKey, RSA_print); +#ifndef OPENSSL_NO_EC + DO_TEST_PRINT_OFFSET(EC_GROUP, d2i_ECPKParameters, i2d_ECPKParameters, ECPKParameters_print); + DO_TEST_PRINT_OFFSET(EC_KEY, d2i_ECPrivateKey, i2d_ECPrivateKey, EC_KEY_print); + DO_TEST(EC_KEY, d2i_ECParameters, i2d_ECParameters, ECParameters_print); + DO_TEST_NO_PRINT(ECDSA_SIG, d2i_ECDSA_SIG, i2d_ECDSA_SIG); +#endif + DO_TEST_PRINT_PCTX(EVP_PKEY, d2i_AutoPrivateKey, i2d_PrivateKey, EVP_PKEY_print_private); + DO_TEST(SSL_SESSION, d2i_SSL_SESSION, i2d_SSL_SESSION, SSL_SESSION_print); + + ERR_clear_error(); return 0; } + +void FuzzerCleanup(void) +{ + ASN1_PCTX_free(pctx); +} diff --git a/deps/openssl/openssl/fuzz/asn1parse.c b/deps/openssl/openssl/fuzz/asn1parse.c index b3a6dab0ea4e3a..cf5ef72a13cf99 100644 --- a/deps/openssl/openssl/fuzz/asn1parse.c +++ b/deps/openssl/openssl/fuzz/asn1parse.c @@ -16,18 +16,28 @@ #include #include #include +#include #include "fuzzer.h" -int FuzzerInitialize(int *argc, char ***argv) { +static BIO *bio_out; + +int FuzzerInitialize(int *argc, char ***argv) +{ + bio_out = BIO_new_file("/dev/null", "w"); + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); + ERR_get_state(); + CRYPTO_free_ex_index(0, -1); return 1; } -int FuzzerTestOneInput(const uint8_t *buf, size_t len) { - static BIO *bio_out; - - if (bio_out == NULL) - bio_out = BIO_new_file("/dev/null", "w"); - +int FuzzerTestOneInput(const uint8_t *buf, size_t len) +{ (void)ASN1_parse_dump(bio_out, buf, len, 0, 0); + ERR_clear_error(); return 0; } + +void FuzzerCleanup(void) +{ + BIO_free(bio_out); +} diff --git a/deps/openssl/openssl/fuzz/bignum.c b/deps/openssl/openssl/fuzz/bignum.c index 43e134bc141081..c5136601b1b1f7 100644 --- a/deps/openssl/openssl/fuzz/bignum.c +++ b/deps/openssl/openssl/fuzz/bignum.c @@ -15,31 +15,37 @@ #include #include +#include #include "fuzzer.h" -int FuzzerInitialize(int *argc, char ***argv) { + +int FuzzerInitialize(int *argc, char ***argv) +{ + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); + ERR_get_state(); + return 1; } -int FuzzerTestOneInput(const uint8_t *buf, size_t len) { - static BN_CTX *ctx; - static BIGNUM *b1; - static BIGNUM *b2; - static BIGNUM *b3; - static BIGNUM *b4; - static BIGNUM *b5; +int FuzzerTestOneInput(const uint8_t *buf, size_t len) +{ int success = 0; size_t l1 = 0, l2 = 0, l3 = 0; - int s1 = 0, s2 = 0, s3 = 0; + int s1 = 0, s3 = 0; + BN_CTX *ctx; + BIGNUM *b1; + BIGNUM *b2; + BIGNUM *b3; + BIGNUM *b4; + BIGNUM *b5; + + b1 = BN_new(); + b2 = BN_new(); + b3 = BN_new(); + b4 = BN_new(); + b5 = BN_new(); + ctx = BN_CTX_new(); - if (ctx == NULL) { - b1 = BN_new(); - b2 = BN_new(); - b3 = BN_new(); - b4 = BN_new(); - b5 = BN_new(); - ctx = BN_CTX_new(); - } /* Divide the input into three parts, using the values of the first two * bytes to choose lengths, which generate b1, b2 and b3. Use three bits * of the third byte to choose signs for the three numbers. @@ -53,14 +59,12 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) { l3 = len - l1 - l2; s1 = buf[0] & 1; - s2 = buf[0] & 2; s3 = buf[0] & 4; ++buf; } OPENSSL_assert(BN_bin2bn(buf, l1, b1) == b1); BN_set_negative(b1, s1); OPENSSL_assert(BN_bin2bn(buf + l1, l2, b2) == b2); - BN_set_negative(b2, s2); OPENSSL_assert(BN_bin2bn(buf + l1 + l2, l3, b3) == b3); BN_set_negative(b3, s3); @@ -89,6 +93,17 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) { done: OPENSSL_assert(success); + BN_free(b1); + BN_free(b2); + BN_free(b3); + BN_free(b4); + BN_free(b5); + BN_CTX_free(ctx); + ERR_clear_error(); return 0; } + +void FuzzerCleanup(void) +{ +} diff --git a/deps/openssl/openssl/fuzz/bndiv.c b/deps/openssl/openssl/fuzz/bndiv.c index 45a3937992d23b..e9c70bbd4c5b1c 100644 --- a/deps/openssl/openssl/fuzz/bndiv.c +++ b/deps/openssl/openssl/fuzz/bndiv.c @@ -15,32 +15,45 @@ #include #include +#include #include "fuzzer.h" -int FuzzerInitialize(int *argc, char ***argv) { +/* 256 kB */ +#define MAX_LEN (256 * 1000) + +static BN_CTX *ctx; +static BIGNUM *b1; +static BIGNUM *b2; +static BIGNUM *b3; +static BIGNUM *b4; +static BIGNUM *b5; + +int FuzzerInitialize(int *argc, char ***argv) +{ + b1 = BN_new(); + b2 = BN_new(); + b3 = BN_new(); + b4 = BN_new(); + b5 = BN_new(); + ctx = BN_CTX_new(); + + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); + ERR_get_state(); + return 1; } -int FuzzerTestOneInput(const uint8_t *buf, size_t len) { - static BN_CTX *ctx; - static BIGNUM *b1; - static BIGNUM *b2; - static BIGNUM *b3; - static BIGNUM *b4; - static BIGNUM *b5; +int FuzzerTestOneInput(const uint8_t *buf, size_t len) +{ int success = 0; size_t l1 = 0, l2 = 0; /* s1 and s2 will be the signs for b1 and b2. */ int s1 = 0, s2 = 0; - if (ctx == NULL) { - b1 = BN_new(); - b2 = BN_new(); - b3 = BN_new(); - b4 = BN_new(); - b5 = BN_new(); - ctx = BN_CTX_new(); - } + /* limit the size of the input to avoid timeout */ + if (len > MAX_LEN) + len = MAX_LEN; + /* We are going to split the buffer in two, sizes l1 and l2, giving b1 and * b2. */ @@ -102,6 +115,17 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) { done: OPENSSL_assert(success); + ERR_clear_error(); return 0; } + +void FuzzerCleanup(void) +{ + BN_free(b1); + BN_free(b2); + BN_free(b3); + BN_free(b4); + BN_free(b5); + BN_CTX_free(ctx); +} diff --git a/deps/openssl/openssl/fuzz/build.info b/deps/openssl/openssl/fuzz/build.info index eade218937d3fc..cde03d34477e75 100644 --- a/deps/openssl/openssl/fuzz/build.info +++ b/deps/openssl/openssl/fuzz/build.info @@ -9,7 +9,7 @@ -} IF[{- !$disabled{"fuzz-afl"} || !$disabled{"fuzz-libfuzzer"} -}] - PROGRAMS_NO_INST=asn1 asn1parse bignum bndiv conf crl server x509 + PROGRAMS_NO_INST=asn1 asn1parse bignum bndiv client conf crl server x509 IF[{- !$disabled{"cms"} -}] PROGRAMS_NO_INST=cms @@ -21,7 +21,7 @@ IF[{- !$disabled{"fuzz-afl"} || !$disabled{"fuzz-libfuzzer"} -}] SOURCE[asn1]=asn1.c driver.c INCLUDE[asn1]=../include {- $ex_inc -} - DEPEND[asn1]=../libcrypto {- $ex_lib -} + DEPEND[asn1]=../libcrypto ../libssl {- $ex_lib -} SOURCE[asn1parse]=asn1parse.c driver.c INCLUDE[asn1parse]=../include {- $ex_inc -} @@ -35,6 +35,10 @@ IF[{- !$disabled{"fuzz-afl"} || !$disabled{"fuzz-libfuzzer"} -}] INCLUDE[bndiv]=../include {- $ex_inc -} DEPEND[bndiv]=../libcrypto {- $ex_lib -} + SOURCE[client]=client.c driver.c + INCLUDE[client]=../include {- $ex_inc -} + DEPEND[client]=../libcrypto ../libssl {- $ex_lib -} + SOURCE[cms]=cms.c driver.c INCLUDE[cms]=../include {- $ex_inc -} DEPEND[cms]=../libcrypto {- $ex_lib -} @@ -61,7 +65,7 @@ IF[{- !$disabled{"fuzz-afl"} || !$disabled{"fuzz-libfuzzer"} -}] ENDIF IF[{- !$disabled{tests} -}] - PROGRAMS_NO_INST=asn1-test asn1parse-test bignum-test bndiv-test conf-test crl-test server-test x509-test + PROGRAMS_NO_INST=asn1-test asn1parse-test bignum-test bndiv-test client-test conf-test crl-test server-test x509-test IF[{- !$disabled{"cms"} -}] PROGRAMS_NO_INST=cms-test @@ -73,7 +77,7 @@ IF[{- !$disabled{tests} -}] SOURCE[asn1-test]=asn1.c test-corpus.c INCLUDE[asn1-test]=../include - DEPEND[asn1-test]=../libcrypto + DEPEND[asn1-test]=../libcrypto ../libssl SOURCE[asn1parse-test]=asn1parse.c test-corpus.c INCLUDE[asn1parse-test]=../include @@ -87,6 +91,10 @@ IF[{- !$disabled{tests} -}] INCLUDE[bndiv-test]=../include DEPEND[bndiv-test]=../libcrypto + SOURCE[client-test]=client.c test-corpus.c + INCLUDE[client-test]=../include + DEPEND[client-test]=../libcrypto ../libssl + SOURCE[cms-test]=cms.c test-corpus.c INCLUDE[cms-test]=../include DEPEND[cms-test]=../libcrypto diff --git a/deps/openssl/openssl/fuzz/client.c b/deps/openssl/openssl/fuzz/client.c new file mode 100644 index 00000000000000..7ce609ca6a033b --- /dev/null +++ b/deps/openssl/openssl/fuzz/client.c @@ -0,0 +1,102 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL licenses, (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * https://www.openssl.org/source/license.html + * or in the file LICENSE in the source distribution. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include "fuzzer.h" + +#include "rand.inc" + +/* unused, to avoid warning. */ +static int idx; + +#define FUZZTIME 1485898104 + +#define TIME_IMPL(t) { if (t != NULL) *t = FUZZTIME; return FUZZTIME; } + +/* + * This might not work in all cases (and definitely not on Windows + * because of the way linkers are) and callees can still get the + * current time instead of the fixed time. This will just result + * in things not being fully reproducible and have a slightly + * different coverage. + */ +#if !defined(_WIN32) +time_t time(time_t *t) TIME_IMPL(t) +#endif + +int FuzzerInitialize(int *argc, char ***argv) +{ + STACK_OF(SSL_COMP) *comp_methods; + + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_ASYNC, NULL); + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL); + ERR_get_state(); + CRYPTO_free_ex_index(0, -1); + idx = SSL_get_ex_data_X509_STORE_CTX_idx(); + FuzzerSetRand(); + comp_methods = SSL_COMP_get_compression_methods(); + if (comp_methods != NULL) + sk_SSL_COMP_sort(comp_methods); + + return 1; +} + +int FuzzerTestOneInput(const uint8_t *buf, size_t len) +{ + SSL *client; + BIO *in; + BIO *out; + SSL_CTX *ctx; + + if (len == 0) + return 0; + + /* + * TODO: use the ossltest engine (optionally?) to disable crypto checks. + */ + + /* This only fuzzes the initial flow from the client so far. */ + ctx = SSL_CTX_new(SSLv23_method()); + + client = SSL_new(ctx); + OPENSSL_assert(SSL_set_min_proto_version(client, 0) == 1); + OPENSSL_assert(SSL_set_cipher_list(client, "ALL:eNULL:@SECLEVEL=0") == 1); + SSL_set_tlsext_host_name(client, "localhost"); + in = BIO_new(BIO_s_mem()); + out = BIO_new(BIO_s_mem()); + SSL_set_bio(client, in, out); + SSL_set_connect_state(client); + OPENSSL_assert((size_t)BIO_write(in, buf, len) == len); + if (SSL_do_handshake(client) == 1) { + /* Keep reading application data until error or EOF. */ + uint8_t tmp[1024]; + for (;;) { + if (SSL_read(client, tmp, sizeof(tmp)) <= 0) { + break; + } + } + } + SSL_free(client); + ERR_clear_error(); + SSL_CTX_free(ctx); + + return 0; +} + +void FuzzerCleanup(void) +{ +} diff --git a/deps/openssl/openssl/fuzz/cms.c b/deps/openssl/openssl/fuzz/cms.c index 94390e7c91c5d4..959ef9365ad1f6 100644 --- a/deps/openssl/openssl/fuzz/cms.c +++ b/deps/openssl/openssl/fuzz/cms.c @@ -14,23 +14,42 @@ #include #include +#include #include "fuzzer.h" -int FuzzerInitialize(int *argc, char ***argv) { +int FuzzerInitialize(int *argc, char ***argv) +{ + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); + ERR_get_state(); + CRYPTO_free_ex_index(0, -1); return 1; } -int FuzzerTestOneInput(const uint8_t *buf, size_t len) { - CMS_ContentInfo *i; +int FuzzerTestOneInput(const uint8_t *buf, size_t len) +{ + CMS_ContentInfo *cms; BIO *in; - if (!len) { + + if (len == 0) return 0; - } in = BIO_new(BIO_s_mem()); OPENSSL_assert((size_t)BIO_write(in, buf, len) == len); - i = d2i_CMS_bio(in, NULL); - CMS_ContentInfo_free(i); + cms = d2i_CMS_bio(in, NULL); + if (cms != NULL) { + BIO *out = BIO_new(BIO_s_null()); + + i2d_CMS_bio(out, cms); + BIO_free(out); + CMS_ContentInfo_free(cms); + } + BIO_free(in); + ERR_clear_error(); + return 0; } + +void FuzzerCleanup(void) +{ +} diff --git a/deps/openssl/openssl/fuzz/conf.c b/deps/openssl/openssl/fuzz/conf.c index 30b13c84f9f21e..87fe857099b848 100644 --- a/deps/openssl/openssl/fuzz/conf.c +++ b/deps/openssl/openssl/fuzz/conf.c @@ -13,13 +13,18 @@ */ #include +#include #include "fuzzer.h" -int FuzzerInitialize(int *argc, char ***argv) { +int FuzzerInitialize(int *argc, char ***argv) +{ + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); + ERR_get_state(); return 1; } -int FuzzerTestOneInput(const uint8_t *buf, size_t len) { +int FuzzerTestOneInput(const uint8_t *buf, size_t len) +{ CONF *conf; BIO *in; long eline; @@ -33,6 +38,11 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) { NCONF_load_bio(conf, in, &eline); NCONF_free(conf); BIO_free(in); + ERR_clear_error(); return 0; } + +void FuzzerCleanup(void) +{ +} diff --git a/deps/openssl/openssl/fuzz/crl.c b/deps/openssl/openssl/fuzz/crl.c index 728943f551e68c..e4b0192f051b3f 100644 --- a/deps/openssl/openssl/fuzz/crl.c +++ b/deps/openssl/openssl/fuzz/crl.c @@ -10,13 +10,19 @@ #include #include +#include #include "fuzzer.h" -int FuzzerInitialize(int *argc, char ***argv) { +int FuzzerInitialize(int *argc, char ***argv) +{ + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); + ERR_get_state(); + CRYPTO_free_ex_index(0, -1); return 1; } -int FuzzerTestOneInput(const uint8_t *buf, size_t len) { +int FuzzerTestOneInput(const uint8_t *buf, size_t len) +{ const unsigned char *p = buf; unsigned char *der = NULL; @@ -31,5 +37,11 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) { X509_CRL_free(crl); } + ERR_clear_error(); + return 0; } + +void FuzzerCleanup(void) +{ +} diff --git a/deps/openssl/openssl/fuzz/ct.c b/deps/openssl/openssl/fuzz/ct.c index 411ccef4a06e54..72dd798711baa0 100644 --- a/deps/openssl/openssl/fuzz/ct.c +++ b/deps/openssl/openssl/fuzz/ct.c @@ -14,13 +14,19 @@ #include #include +#include #include "fuzzer.h" -int FuzzerInitialize(int *argc, char ***argv) { +int FuzzerInitialize(int *argc, char ***argv) +{ + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); + CRYPTO_free_ex_index(0, -1); + ERR_get_state(); return 1; } -int FuzzerTestOneInput(const uint8_t *buf, size_t len) { +int FuzzerTestOneInput(const uint8_t *buf, size_t len) +{ const uint8_t **pp = &buf; unsigned char *der = NULL; STACK_OF(SCT) *scts = d2i_SCT_LIST(NULL, pp, len); @@ -36,5 +42,10 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) { SCT_LIST_free(scts); } + ERR_clear_error(); return 0; } + +void FuzzerCleanup(void) +{ +} diff --git a/deps/openssl/openssl/fuzz/driver.c b/deps/openssl/openssl/fuzz/driver.c index c530fedc844f1e..54d67de202db88 100644 --- a/deps/openssl/openssl/fuzz/driver.c +++ b/deps/openssl/openssl/fuzz/driver.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL licenses, (the "License"); * you may not use this file except in compliance with the License. @@ -15,14 +15,16 @@ #ifndef OPENSSL_NO_FUZZ_LIBFUZZER +int LLVMFuzzerInitialize(int *argc, char ***argv); +int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len); + int LLVMFuzzerInitialize(int *argc, char ***argv) { - if (FuzzerInitialize) - return FuzzerInitialize(argc, argv); - return 0; + return FuzzerInitialize(argc, argv); } -int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { +int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) +{ return FuzzerTestOneInput(buf, len); } @@ -32,8 +34,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { int main(int argc, char** argv) { - if (FuzzerInitialize) - FuzzerInitialize(&argc, &argv); + FuzzerInitialize(&argc, &argv); while (__AFL_LOOP(10000)) { uint8_t *buf = malloc(BUF_SIZE); @@ -42,6 +43,8 @@ int main(int argc, char** argv) FuzzerTestOneInput(buf, size); free(buf); } + + FuzzerCleanup(); return 0; } diff --git a/deps/openssl/openssl/fuzz/fuzzer.h b/deps/openssl/openssl/fuzz/fuzzer.h index 04d605d79a2fba..fcc0d25279fc80 100644 --- a/deps/openssl/openssl/fuzz/fuzzer.h +++ b/deps/openssl/openssl/fuzz/fuzzer.h @@ -10,3 +10,5 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len); int FuzzerInitialize(int *argc, char ***argv); +void FuzzerCleanup(void); +void FuzzerSetRand(void); diff --git a/deps/openssl/openssl/fuzz/helper.py b/deps/openssl/openssl/fuzz/helper.py index f5f9d77daaf259..e83ea00c001ad3 100755 --- a/deps/openssl/openssl/fuzz/helper.py +++ b/deps/openssl/openssl/fuzz/helper.py @@ -1,6 +1,6 @@ #!/usr/bin/python # -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -45,7 +45,7 @@ def main(): cmd = ([os.path.abspath(os.path.join(THIS_DIR, FUZZER))] + sys.argv[2:] + ["-artifact_prefix=" + corpora[1] + "/"] + corpora) - print " ".join(cmd) + print(" ".join(cmd)) subprocess.call(cmd) if __name__ == "__main__": diff --git a/deps/openssl/openssl/fuzz/mkfuzzoids.pl b/deps/openssl/openssl/fuzz/mkfuzzoids.pl new file mode 100755 index 00000000000000..0153a031a67803 --- /dev/null +++ b/deps/openssl/openssl/fuzz/mkfuzzoids.pl @@ -0,0 +1,32 @@ +#! /usr/bin/env perl +# Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +my $obj_dat_h = $ARGV[0]; + +# Output year depends on the date on the input file and the script. +my $YEAR = [localtime([stat($0)]->[9])]->[5] + 1900; +my $iYEAR = [localtime([stat($obj_dat_h)]->[9])]->[5] + 1900; +$YEAR = $iYEAR if $iYEAR > $YEAR; + +open IN, '<', $obj_dat_h + || die "Couldn't open $obj_dat_h : $!\n"; + +while() { + s|\R$||; # Better chomp + + next unless m|^\s+((0x[0-9A-F][0-9A-F],)*)\s+/\*\s\[\s*\d+\]\s(OBJ_\w+)\s\*/$|; + + my $OID = $1; + my $OBJname = $3; + + $OID =~ s|0x|\\x|g; + $OID =~ s|,||g; + + print "$OBJname=\"$OID\"\n"; +} +close IN; diff --git a/deps/openssl/openssl/fuzz/oids.txt b/deps/openssl/openssl/fuzz/oids.txt new file mode 100644 index 00000000000000..fe363fd37eb51c --- /dev/null +++ b/deps/openssl/openssl/fuzz/oids.txt @@ -0,0 +1,1065 @@ +OBJ_rsadsi="\x2A\x86\x48\x86\xF7\x0D" +OBJ_pkcs="\x2A\x86\x48\x86\xF7\x0D\x01" +OBJ_md2="\x2A\x86\x48\x86\xF7\x0D\x02\x02" +OBJ_md5="\x2A\x86\x48\x86\xF7\x0D\x02\x05" +OBJ_rc4="\x2A\x86\x48\x86\xF7\x0D\x03\x04" +OBJ_rsaEncryption="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01" +OBJ_md2WithRSAEncryption="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x02" +OBJ_md5WithRSAEncryption="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04" +OBJ_pbeWithMD2AndDES_CBC="\x2A\x86\x48\x86\xF7\x0D\x01\x05\x01" +OBJ_pbeWithMD5AndDES_CBC="\x2A\x86\x48\x86\xF7\x0D\x01\x05\x03" +OBJ_X500="\x55" +OBJ_X509="\x55\x04" +OBJ_commonName="\x55\x04\x03" +OBJ_countryName="\x55\x04\x06" +OBJ_localityName="\x55\x04\x07" +OBJ_stateOrProvinceName="\x55\x04\x08" +OBJ_organizationName="\x55\x04\x0A" +OBJ_organizationalUnitName="\x55\x04\x0B" +OBJ_rsa="\x55\x08\x01\x01" +OBJ_pkcs7="\x2A\x86\x48\x86\xF7\x0D\x01\x07" +OBJ_pkcs7_data="\x2A\x86\x48\x86\xF7\x0D\x01\x07\x01" +OBJ_pkcs7_signed="\x2A\x86\x48\x86\xF7\x0D\x01\x07\x02" +OBJ_pkcs7_enveloped="\x2A\x86\x48\x86\xF7\x0D\x01\x07\x03" +OBJ_pkcs7_signedAndEnveloped="\x2A\x86\x48\x86\xF7\x0D\x01\x07\x04" +OBJ_pkcs7_digest="\x2A\x86\x48\x86\xF7\x0D\x01\x07\x05" +OBJ_pkcs7_encrypted="\x2A\x86\x48\x86\xF7\x0D\x01\x07\x06" +OBJ_pkcs3="\x2A\x86\x48\x86\xF7\x0D\x01\x03" +OBJ_dhKeyAgreement="\x2A\x86\x48\x86\xF7\x0D\x01\x03\x01" +OBJ_des_ecb="\x2B\x0E\x03\x02\x06" +OBJ_des_cfb64="\x2B\x0E\x03\x02\x09" +OBJ_des_cbc="\x2B\x0E\x03\x02\x07" +OBJ_des_ede_ecb="\x2B\x0E\x03\x02\x11" +OBJ_idea_cbc="\x2B\x06\x01\x04\x01\x81\x3C\x07\x01\x01\x02" +OBJ_rc2_cbc="\x2A\x86\x48\x86\xF7\x0D\x03\x02" +OBJ_sha="\x2B\x0E\x03\x02\x12" +OBJ_shaWithRSAEncryption="\x2B\x0E\x03\x02\x0F" +OBJ_des_ede3_cbc="\x2A\x86\x48\x86\xF7\x0D\x03\x07" +OBJ_des_ofb64="\x2B\x0E\x03\x02\x08" +OBJ_pkcs9="\x2A\x86\x48\x86\xF7\x0D\x01\x09" +OBJ_pkcs9_emailAddress="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01" +OBJ_pkcs9_unstructuredName="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x02" +OBJ_pkcs9_contentType="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x03" +OBJ_pkcs9_messageDigest="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x04" +OBJ_pkcs9_signingTime="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x05" +OBJ_pkcs9_countersignature="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x06" +OBJ_pkcs9_challengePassword="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x07" +OBJ_pkcs9_unstructuredAddress="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x08" +OBJ_pkcs9_extCertAttributes="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x09" +OBJ_netscape="\x60\x86\x48\x01\x86\xF8\x42" +OBJ_netscape_cert_extension="\x60\x86\x48\x01\x86\xF8\x42\x01" +OBJ_netscape_data_type="\x60\x86\x48\x01\x86\xF8\x42\x02" +OBJ_sha1="\x2B\x0E\x03\x02\x1A" +OBJ_sha1WithRSAEncryption="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05" +OBJ_dsaWithSHA="\x2B\x0E\x03\x02\x0D" +OBJ_dsa_2="\x2B\x0E\x03\x02\x0C" +OBJ_pbeWithSHA1AndRC2_CBC="\x2A\x86\x48\x86\xF7\x0D\x01\x05\x0B" +OBJ_id_pbkdf2="\x2A\x86\x48\x86\xF7\x0D\x01\x05\x0C" +OBJ_dsaWithSHA1_2="\x2B\x0E\x03\x02\x1B" +OBJ_netscape_cert_type="\x60\x86\x48\x01\x86\xF8\x42\x01\x01" +OBJ_netscape_base_url="\x60\x86\x48\x01\x86\xF8\x42\x01\x02" +OBJ_netscape_revocation_url="\x60\x86\x48\x01\x86\xF8\x42\x01\x03" +OBJ_netscape_ca_revocation_url="\x60\x86\x48\x01\x86\xF8\x42\x01\x04" +OBJ_netscape_renewal_url="\x60\x86\x48\x01\x86\xF8\x42\x01\x07" +OBJ_netscape_ca_policy_url="\x60\x86\x48\x01\x86\xF8\x42\x01\x08" +OBJ_netscape_ssl_server_name="\x60\x86\x48\x01\x86\xF8\x42\x01\x0C" +OBJ_netscape_comment="\x60\x86\x48\x01\x86\xF8\x42\x01\x0D" +OBJ_netscape_cert_sequence="\x60\x86\x48\x01\x86\xF8\x42\x02\x05" +OBJ_id_ce="\x55\x1D" +OBJ_subject_key_identifier="\x55\x1D\x0E" +OBJ_key_usage="\x55\x1D\x0F" +OBJ_private_key_usage_period="\x55\x1D\x10" +OBJ_subject_alt_name="\x55\x1D\x11" +OBJ_issuer_alt_name="\x55\x1D\x12" +OBJ_basic_constraints="\x55\x1D\x13" +OBJ_crl_number="\x55\x1D\x14" +OBJ_certificate_policies="\x55\x1D\x20" +OBJ_authority_key_identifier="\x55\x1D\x23" +OBJ_bf_cbc="\x2B\x06\x01\x04\x01\x97\x55\x01\x02" +OBJ_mdc2="\x55\x08\x03\x65" +OBJ_mdc2WithRSA="\x55\x08\x03\x64" +OBJ_givenName="\x55\x04\x2A" +OBJ_surname="\x55\x04\x04" +OBJ_initials="\x55\x04\x2B" +OBJ_uniqueIdentifier="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x2C" +OBJ_crl_distribution_points="\x55\x1D\x1F" +OBJ_md5WithRSA="\x2B\x0E\x03\x02\x03" +OBJ_serialNumber="\x55\x04\x05" +OBJ_title="\x55\x04\x0C" +OBJ_description="\x55\x04\x0D" +OBJ_cast5_cbc="\x2A\x86\x48\x86\xF6\x7D\x07\x42\x0A" +OBJ_pbeWithMD5AndCast5_CBC="\x2A\x86\x48\x86\xF6\x7D\x07\x42\x0C" +OBJ_dsaWithSHA1="\x2A\x86\x48\xCE\x38\x04\x03" +OBJ_sha1WithRSA="\x2B\x0E\x03\x02\x1D" +OBJ_dsa="\x2A\x86\x48\xCE\x38\x04\x01" +OBJ_ripemd160="\x2B\x24\x03\x02\x01" +OBJ_ripemd160WithRSA="\x2B\x24\x03\x03\x01\x02" +OBJ_rc5_cbc="\x2A\x86\x48\x86\xF7\x0D\x03\x08" +OBJ_zlib_compression="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x03\x08" +OBJ_ext_key_usage="\x55\x1D\x25" +OBJ_id_pkix="\x2B\x06\x01\x05\x05\x07" +OBJ_id_kp="\x2B\x06\x01\x05\x05\x07\x03" +OBJ_server_auth="\x2B\x06\x01\x05\x05\x07\x03\x01" +OBJ_client_auth="\x2B\x06\x01\x05\x05\x07\x03\x02" +OBJ_code_sign="\x2B\x06\x01\x05\x05\x07\x03\x03" +OBJ_email_protect="\x2B\x06\x01\x05\x05\x07\x03\x04" +OBJ_time_stamp="\x2B\x06\x01\x05\x05\x07\x03\x08" +OBJ_ms_code_ind="\x2B\x06\x01\x04\x01\x82\x37\x02\x01\x15" +OBJ_ms_code_com="\x2B\x06\x01\x04\x01\x82\x37\x02\x01\x16" +OBJ_ms_ctl_sign="\x2B\x06\x01\x04\x01\x82\x37\x0A\x03\x01" +OBJ_ms_sgc="\x2B\x06\x01\x04\x01\x82\x37\x0A\x03\x03" +OBJ_ms_efs="\x2B\x06\x01\x04\x01\x82\x37\x0A\x03\x04" +OBJ_ns_sgc="\x60\x86\x48\x01\x86\xF8\x42\x04\x01" +OBJ_delta_crl="\x55\x1D\x1B" +OBJ_crl_reason="\x55\x1D\x15" +OBJ_invalidity_date="\x55\x1D\x18" +OBJ_sxnet="\x2B\x65\x01\x04\x01" +OBJ_pbe_WithSHA1And128BitRC4="\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x01\x01" +OBJ_pbe_WithSHA1And40BitRC4="\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x01\x02" +OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC="\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x01\x03" +OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC="\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x01\x04" +OBJ_pbe_WithSHA1And128BitRC2_CBC="\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x01\x05" +OBJ_pbe_WithSHA1And40BitRC2_CBC="\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x01\x06" +OBJ_keyBag="\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x0A\x01\x01" +OBJ_pkcs8ShroudedKeyBag="\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x0A\x01\x02" +OBJ_certBag="\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x0A\x01\x03" +OBJ_crlBag="\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x0A\x01\x04" +OBJ_secretBag="\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x0A\x01\x05" +OBJ_safeContentsBag="\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x0A\x01\x06" +OBJ_friendlyName="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x14" +OBJ_localKeyID="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x15" +OBJ_x509Certificate="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x16\x01" +OBJ_sdsiCertificate="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x16\x02" +OBJ_x509Crl="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x17\x01" +OBJ_pbes2="\x2A\x86\x48\x86\xF7\x0D\x01\x05\x0D" +OBJ_pbmac1="\x2A\x86\x48\x86\xF7\x0D\x01\x05\x0E" +OBJ_hmacWithSHA1="\x2A\x86\x48\x86\xF7\x0D\x02\x07" +OBJ_id_qt_cps="\x2B\x06\x01\x05\x05\x07\x02\x01" +OBJ_id_qt_unotice="\x2B\x06\x01\x05\x05\x07\x02\x02" +OBJ_SMIMECapabilities="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x0F" +OBJ_pbeWithMD2AndRC2_CBC="\x2A\x86\x48\x86\xF7\x0D\x01\x05\x04" +OBJ_pbeWithMD5AndRC2_CBC="\x2A\x86\x48\x86\xF7\x0D\x01\x05\x06" +OBJ_pbeWithSHA1AndDES_CBC="\x2A\x86\x48\x86\xF7\x0D\x01\x05\x0A" +OBJ_ms_ext_req="\x2B\x06\x01\x04\x01\x82\x37\x02\x01\x0E" +OBJ_ext_req="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x0E" +OBJ_name="\x55\x04\x29" +OBJ_dnQualifier="\x55\x04\x2E" +OBJ_id_pe="\x2B\x06\x01\x05\x05\x07\x01" +OBJ_id_ad="\x2B\x06\x01\x05\x05\x07\x30" +OBJ_info_access="\x2B\x06\x01\x05\x05\x07\x01\x01" +OBJ_ad_OCSP="\x2B\x06\x01\x05\x05\x07\x30\x01" +OBJ_ad_ca_issuers="\x2B\x06\x01\x05\x05\x07\x30\x02" +OBJ_OCSP_sign="\x2B\x06\x01\x05\x05\x07\x03\x09" +OBJ_member_body="\x2A" +OBJ_ISO_US="\x2A\x86\x48" +OBJ_X9_57="\x2A\x86\x48\xCE\x38" +OBJ_X9cm="\x2A\x86\x48\xCE\x38\x04" +OBJ_pkcs1="\x2A\x86\x48\x86\xF7\x0D\x01\x01" +OBJ_pkcs5="\x2A\x86\x48\x86\xF7\x0D\x01\x05" +OBJ_SMIME="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10" +OBJ_id_smime_mod="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x00" +OBJ_id_smime_ct="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01" +OBJ_id_smime_aa="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02" +OBJ_id_smime_alg="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x03" +OBJ_id_smime_cd="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x04" +OBJ_id_smime_spq="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x05" +OBJ_id_smime_cti="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x06" +OBJ_id_smime_mod_cms="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x00\x01" +OBJ_id_smime_mod_ess="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x00\x02" +OBJ_id_smime_mod_oid="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x00\x03" +OBJ_id_smime_mod_msg_v3="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x00\x04" +OBJ_id_smime_mod_ets_eSignature_88="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x00\x05" +OBJ_id_smime_mod_ets_eSignature_97="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x00\x06" +OBJ_id_smime_mod_ets_eSigPolicy_88="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x00\x07" +OBJ_id_smime_mod_ets_eSigPolicy_97="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x00\x08" +OBJ_id_smime_ct_receipt="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x01" +OBJ_id_smime_ct_authData="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x02" +OBJ_id_smime_ct_publishCert="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x03" +OBJ_id_smime_ct_TSTInfo="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x04" +OBJ_id_smime_ct_TDTInfo="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x05" +OBJ_id_smime_ct_contentInfo="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x06" +OBJ_id_smime_ct_DVCSRequestData="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x07" +OBJ_id_smime_ct_DVCSResponseData="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x08" +OBJ_id_smime_aa_receiptRequest="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x01" +OBJ_id_smime_aa_securityLabel="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x02" +OBJ_id_smime_aa_mlExpandHistory="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x03" +OBJ_id_smime_aa_contentHint="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x04" +OBJ_id_smime_aa_msgSigDigest="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x05" +OBJ_id_smime_aa_encapContentType="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x06" +OBJ_id_smime_aa_contentIdentifier="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x07" +OBJ_id_smime_aa_macValue="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x08" +OBJ_id_smime_aa_equivalentLabels="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x09" +OBJ_id_smime_aa_contentReference="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x0A" +OBJ_id_smime_aa_encrypKeyPref="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x0B" +OBJ_id_smime_aa_signingCertificate="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x0C" +OBJ_id_smime_aa_smimeEncryptCerts="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x0D" +OBJ_id_smime_aa_timeStampToken="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x0E" +OBJ_id_smime_aa_ets_sigPolicyId="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x0F" +OBJ_id_smime_aa_ets_commitmentType="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x10" +OBJ_id_smime_aa_ets_signerLocation="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x11" +OBJ_id_smime_aa_ets_signerAttr="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x12" +OBJ_id_smime_aa_ets_otherSigCert="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x13" +OBJ_id_smime_aa_ets_contentTimestamp="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x14" +OBJ_id_smime_aa_ets_CertificateRefs="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x15" +OBJ_id_smime_aa_ets_RevocationRefs="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x16" +OBJ_id_smime_aa_ets_certValues="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x17" +OBJ_id_smime_aa_ets_revocationValues="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x18" +OBJ_id_smime_aa_ets_escTimeStamp="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x19" +OBJ_id_smime_aa_ets_certCRLTimestamp="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x1A" +OBJ_id_smime_aa_ets_archiveTimeStamp="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x1B" +OBJ_id_smime_aa_signatureType="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x1C" +OBJ_id_smime_aa_dvcs_dvc="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x1D" +OBJ_id_smime_alg_ESDHwith3DES="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x03\x01" +OBJ_id_smime_alg_ESDHwithRC2="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x03\x02" +OBJ_id_smime_alg_3DESwrap="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x03\x03" +OBJ_id_smime_alg_RC2wrap="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x03\x04" +OBJ_id_smime_alg_ESDH="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x03\x05" +OBJ_id_smime_alg_CMS3DESwrap="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x03\x06" +OBJ_id_smime_alg_CMSRC2wrap="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x03\x07" +OBJ_id_smime_cd_ldap="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x04\x01" +OBJ_id_smime_spq_ets_sqt_uri="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x05\x01" +OBJ_id_smime_spq_ets_sqt_unotice="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x05\x02" +OBJ_id_smime_cti_ets_proofOfOrigin="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x06\x01" +OBJ_id_smime_cti_ets_proofOfReceipt="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x06\x02" +OBJ_id_smime_cti_ets_proofOfDelivery="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x06\x03" +OBJ_id_smime_cti_ets_proofOfSender="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x06\x04" +OBJ_id_smime_cti_ets_proofOfApproval="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x06\x05" +OBJ_id_smime_cti_ets_proofOfCreation="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x06\x06" +OBJ_md4="\x2A\x86\x48\x86\xF7\x0D\x02\x04" +OBJ_id_pkix_mod="\x2B\x06\x01\x05\x05\x07\x00" +OBJ_id_qt="\x2B\x06\x01\x05\x05\x07\x02" +OBJ_id_it="\x2B\x06\x01\x05\x05\x07\x04" +OBJ_id_pkip="\x2B\x06\x01\x05\x05\x07\x05" +OBJ_id_alg="\x2B\x06\x01\x05\x05\x07\x06" +OBJ_id_cmc="\x2B\x06\x01\x05\x05\x07\x07" +OBJ_id_on="\x2B\x06\x01\x05\x05\x07\x08" +OBJ_id_pda="\x2B\x06\x01\x05\x05\x07\x09" +OBJ_id_aca="\x2B\x06\x01\x05\x05\x07\x0A" +OBJ_id_qcs="\x2B\x06\x01\x05\x05\x07\x0B" +OBJ_id_cct="\x2B\x06\x01\x05\x05\x07\x0C" +OBJ_id_pkix1_explicit_88="\x2B\x06\x01\x05\x05\x07\x00\x01" +OBJ_id_pkix1_implicit_88="\x2B\x06\x01\x05\x05\x07\x00\x02" +OBJ_id_pkix1_explicit_93="\x2B\x06\x01\x05\x05\x07\x00\x03" +OBJ_id_pkix1_implicit_93="\x2B\x06\x01\x05\x05\x07\x00\x04" +OBJ_id_mod_crmf="\x2B\x06\x01\x05\x05\x07\x00\x05" +OBJ_id_mod_cmc="\x2B\x06\x01\x05\x05\x07\x00\x06" +OBJ_id_mod_kea_profile_88="\x2B\x06\x01\x05\x05\x07\x00\x07" +OBJ_id_mod_kea_profile_93="\x2B\x06\x01\x05\x05\x07\x00\x08" +OBJ_id_mod_cmp="\x2B\x06\x01\x05\x05\x07\x00\x09" +OBJ_id_mod_qualified_cert_88="\x2B\x06\x01\x05\x05\x07\x00\x0A" +OBJ_id_mod_qualified_cert_93="\x2B\x06\x01\x05\x05\x07\x00\x0B" +OBJ_id_mod_attribute_cert="\x2B\x06\x01\x05\x05\x07\x00\x0C" +OBJ_id_mod_timestamp_protocol="\x2B\x06\x01\x05\x05\x07\x00\x0D" +OBJ_id_mod_ocsp="\x2B\x06\x01\x05\x05\x07\x00\x0E" +OBJ_id_mod_dvcs="\x2B\x06\x01\x05\x05\x07\x00\x0F" +OBJ_id_mod_cmp2000="\x2B\x06\x01\x05\x05\x07\x00\x10" +OBJ_biometricInfo="\x2B\x06\x01\x05\x05\x07\x01\x02" +OBJ_qcStatements="\x2B\x06\x01\x05\x05\x07\x01\x03" +OBJ_ac_auditEntity="\x2B\x06\x01\x05\x05\x07\x01\x04" +OBJ_ac_targeting="\x2B\x06\x01\x05\x05\x07\x01\x05" +OBJ_aaControls="\x2B\x06\x01\x05\x05\x07\x01\x06" +OBJ_sbgp_ipAddrBlock="\x2B\x06\x01\x05\x05\x07\x01\x07" +OBJ_sbgp_autonomousSysNum="\x2B\x06\x01\x05\x05\x07\x01\x08" +OBJ_sbgp_routerIdentifier="\x2B\x06\x01\x05\x05\x07\x01\x09" +OBJ_textNotice="\x2B\x06\x01\x05\x05\x07\x02\x03" +OBJ_ipsecEndSystem="\x2B\x06\x01\x05\x05\x07\x03\x05" +OBJ_ipsecTunnel="\x2B\x06\x01\x05\x05\x07\x03\x06" +OBJ_ipsecUser="\x2B\x06\x01\x05\x05\x07\x03\x07" +OBJ_dvcs="\x2B\x06\x01\x05\x05\x07\x03\x0A" +OBJ_id_it_caProtEncCert="\x2B\x06\x01\x05\x05\x07\x04\x01" +OBJ_id_it_signKeyPairTypes="\x2B\x06\x01\x05\x05\x07\x04\x02" +OBJ_id_it_encKeyPairTypes="\x2B\x06\x01\x05\x05\x07\x04\x03" +OBJ_id_it_preferredSymmAlg="\x2B\x06\x01\x05\x05\x07\x04\x04" +OBJ_id_it_caKeyUpdateInfo="\x2B\x06\x01\x05\x05\x07\x04\x05" +OBJ_id_it_currentCRL="\x2B\x06\x01\x05\x05\x07\x04\x06" +OBJ_id_it_unsupportedOIDs="\x2B\x06\x01\x05\x05\x07\x04\x07" +OBJ_id_it_subscriptionRequest="\x2B\x06\x01\x05\x05\x07\x04\x08" +OBJ_id_it_subscriptionResponse="\x2B\x06\x01\x05\x05\x07\x04\x09" +OBJ_id_it_keyPairParamReq="\x2B\x06\x01\x05\x05\x07\x04\x0A" +OBJ_id_it_keyPairParamRep="\x2B\x06\x01\x05\x05\x07\x04\x0B" +OBJ_id_it_revPassphrase="\x2B\x06\x01\x05\x05\x07\x04\x0C" +OBJ_id_it_implicitConfirm="\x2B\x06\x01\x05\x05\x07\x04\x0D" +OBJ_id_it_confirmWaitTime="\x2B\x06\x01\x05\x05\x07\x04\x0E" +OBJ_id_it_origPKIMessage="\x2B\x06\x01\x05\x05\x07\x04\x0F" +OBJ_id_regCtrl="\x2B\x06\x01\x05\x05\x07\x05\x01" +OBJ_id_regInfo="\x2B\x06\x01\x05\x05\x07\x05\x02" +OBJ_id_regCtrl_regToken="\x2B\x06\x01\x05\x05\x07\x05\x01\x01" +OBJ_id_regCtrl_authenticator="\x2B\x06\x01\x05\x05\x07\x05\x01\x02" +OBJ_id_regCtrl_pkiPublicationInfo="\x2B\x06\x01\x05\x05\x07\x05\x01\x03" +OBJ_id_regCtrl_pkiArchiveOptions="\x2B\x06\x01\x05\x05\x07\x05\x01\x04" +OBJ_id_regCtrl_oldCertID="\x2B\x06\x01\x05\x05\x07\x05\x01\x05" +OBJ_id_regCtrl_protocolEncrKey="\x2B\x06\x01\x05\x05\x07\x05\x01\x06" +OBJ_id_regInfo_utf8Pairs="\x2B\x06\x01\x05\x05\x07\x05\x02\x01" +OBJ_id_regInfo_certReq="\x2B\x06\x01\x05\x05\x07\x05\x02\x02" +OBJ_id_alg_des40="\x2B\x06\x01\x05\x05\x07\x06\x01" +OBJ_id_alg_noSignature="\x2B\x06\x01\x05\x05\x07\x06\x02" +OBJ_id_alg_dh_sig_hmac_sha1="\x2B\x06\x01\x05\x05\x07\x06\x03" +OBJ_id_alg_dh_pop="\x2B\x06\x01\x05\x05\x07\x06\x04" +OBJ_id_cmc_statusInfo="\x2B\x06\x01\x05\x05\x07\x07\x01" +OBJ_id_cmc_identification="\x2B\x06\x01\x05\x05\x07\x07\x02" +OBJ_id_cmc_identityProof="\x2B\x06\x01\x05\x05\x07\x07\x03" +OBJ_id_cmc_dataReturn="\x2B\x06\x01\x05\x05\x07\x07\x04" +OBJ_id_cmc_transactionId="\x2B\x06\x01\x05\x05\x07\x07\x05" +OBJ_id_cmc_senderNonce="\x2B\x06\x01\x05\x05\x07\x07\x06" +OBJ_id_cmc_recipientNonce="\x2B\x06\x01\x05\x05\x07\x07\x07" +OBJ_id_cmc_addExtensions="\x2B\x06\x01\x05\x05\x07\x07\x08" +OBJ_id_cmc_encryptedPOP="\x2B\x06\x01\x05\x05\x07\x07\x09" +OBJ_id_cmc_decryptedPOP="\x2B\x06\x01\x05\x05\x07\x07\x0A" +OBJ_id_cmc_lraPOPWitness="\x2B\x06\x01\x05\x05\x07\x07\x0B" +OBJ_id_cmc_getCert="\x2B\x06\x01\x05\x05\x07\x07\x0F" +OBJ_id_cmc_getCRL="\x2B\x06\x01\x05\x05\x07\x07\x10" +OBJ_id_cmc_revokeRequest="\x2B\x06\x01\x05\x05\x07\x07\x11" +OBJ_id_cmc_regInfo="\x2B\x06\x01\x05\x05\x07\x07\x12" +OBJ_id_cmc_responseInfo="\x2B\x06\x01\x05\x05\x07\x07\x13" +OBJ_id_cmc_queryPending="\x2B\x06\x01\x05\x05\x07\x07\x15" +OBJ_id_cmc_popLinkRandom="\x2B\x06\x01\x05\x05\x07\x07\x16" +OBJ_id_cmc_popLinkWitness="\x2B\x06\x01\x05\x05\x07\x07\x17" +OBJ_id_cmc_confirmCertAcceptance="\x2B\x06\x01\x05\x05\x07\x07\x18" +OBJ_id_on_personalData="\x2B\x06\x01\x05\x05\x07\x08\x01" +OBJ_id_pda_dateOfBirth="\x2B\x06\x01\x05\x05\x07\x09\x01" +OBJ_id_pda_placeOfBirth="\x2B\x06\x01\x05\x05\x07\x09\x02" +OBJ_id_pda_gender="\x2B\x06\x01\x05\x05\x07\x09\x03" +OBJ_id_pda_countryOfCitizenship="\x2B\x06\x01\x05\x05\x07\x09\x04" +OBJ_id_pda_countryOfResidence="\x2B\x06\x01\x05\x05\x07\x09\x05" +OBJ_id_aca_authenticationInfo="\x2B\x06\x01\x05\x05\x07\x0A\x01" +OBJ_id_aca_accessIdentity="\x2B\x06\x01\x05\x05\x07\x0A\x02" +OBJ_id_aca_chargingIdentity="\x2B\x06\x01\x05\x05\x07\x0A\x03" +OBJ_id_aca_group="\x2B\x06\x01\x05\x05\x07\x0A\x04" +OBJ_id_aca_role="\x2B\x06\x01\x05\x05\x07\x0A\x05" +OBJ_id_qcs_pkixQCSyntax_v1="\x2B\x06\x01\x05\x05\x07\x0B\x01" +OBJ_id_cct_crs="\x2B\x06\x01\x05\x05\x07\x0C\x01" +OBJ_id_cct_PKIData="\x2B\x06\x01\x05\x05\x07\x0C\x02" +OBJ_id_cct_PKIResponse="\x2B\x06\x01\x05\x05\x07\x0C\x03" +OBJ_ad_timeStamping="\x2B\x06\x01\x05\x05\x07\x30\x03" +OBJ_ad_dvcs="\x2B\x06\x01\x05\x05\x07\x30\x04" +OBJ_id_pkix_OCSP_basic="\x2B\x06\x01\x05\x05\x07\x30\x01\x01" +OBJ_id_pkix_OCSP_Nonce="\x2B\x06\x01\x05\x05\x07\x30\x01\x02" +OBJ_id_pkix_OCSP_CrlID="\x2B\x06\x01\x05\x05\x07\x30\x01\x03" +OBJ_id_pkix_OCSP_acceptableResponses="\x2B\x06\x01\x05\x05\x07\x30\x01\x04" +OBJ_id_pkix_OCSP_noCheck="\x2B\x06\x01\x05\x05\x07\x30\x01\x05" +OBJ_id_pkix_OCSP_archiveCutoff="\x2B\x06\x01\x05\x05\x07\x30\x01\x06" +OBJ_id_pkix_OCSP_serviceLocator="\x2B\x06\x01\x05\x05\x07\x30\x01\x07" +OBJ_id_pkix_OCSP_extendedStatus="\x2B\x06\x01\x05\x05\x07\x30\x01\x08" +OBJ_id_pkix_OCSP_valid="\x2B\x06\x01\x05\x05\x07\x30\x01\x09" +OBJ_id_pkix_OCSP_path="\x2B\x06\x01\x05\x05\x07\x30\x01\x0A" +OBJ_id_pkix_OCSP_trustRoot="\x2B\x06\x01\x05\x05\x07\x30\x01\x0B" +OBJ_algorithm="\x2B\x0E\x03\x02" +OBJ_rsaSignature="\x2B\x0E\x03\x02\x0B" +OBJ_X500algorithms="\x55\x08" +OBJ_org="\x2B" +OBJ_dod="\x2B\x06" +OBJ_iana="\x2B\x06\x01" +OBJ_Directory="\x2B\x06\x01\x01" +OBJ_Management="\x2B\x06\x01\x02" +OBJ_Experimental="\x2B\x06\x01\x03" +OBJ_Private="\x2B\x06\x01\x04" +OBJ_Security="\x2B\x06\x01\x05" +OBJ_SNMPv2="\x2B\x06\x01\x06" +OBJ_Mail="\x2B\x06\x01\x07" +OBJ_Enterprises="\x2B\x06\x01\x04\x01" +OBJ_dcObject="\x2B\x06\x01\x04\x01\x8B\x3A\x82\x58" +OBJ_domainComponent="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19" +OBJ_Domain="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x0D" +OBJ_selected_attribute_types="\x55\x01\x05" +OBJ_clearance="\x55\x01\x05\x37" +OBJ_md4WithRSAEncryption="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x03" +OBJ_ac_proxying="\x2B\x06\x01\x05\x05\x07\x01\x0A" +OBJ_sinfo_access="\x2B\x06\x01\x05\x05\x07\x01\x0B" +OBJ_id_aca_encAttrs="\x2B\x06\x01\x05\x05\x07\x0A\x06" +OBJ_role="\x55\x04\x48" +OBJ_policy_constraints="\x55\x1D\x24" +OBJ_target_information="\x55\x1D\x37" +OBJ_no_rev_avail="\x55\x1D\x38" +OBJ_ansi_X9_62="\x2A\x86\x48\xCE\x3D" +OBJ_X9_62_prime_field="\x2A\x86\x48\xCE\x3D\x01\x01" +OBJ_X9_62_characteristic_two_field="\x2A\x86\x48\xCE\x3D\x01\x02" +OBJ_X9_62_id_ecPublicKey="\x2A\x86\x48\xCE\x3D\x02\x01" +OBJ_X9_62_prime192v1="\x2A\x86\x48\xCE\x3D\x03\x01\x01" +OBJ_X9_62_prime192v2="\x2A\x86\x48\xCE\x3D\x03\x01\x02" +OBJ_X9_62_prime192v3="\x2A\x86\x48\xCE\x3D\x03\x01\x03" +OBJ_X9_62_prime239v1="\x2A\x86\x48\xCE\x3D\x03\x01\x04" +OBJ_X9_62_prime239v2="\x2A\x86\x48\xCE\x3D\x03\x01\x05" +OBJ_X9_62_prime239v3="\x2A\x86\x48\xCE\x3D\x03\x01\x06" +OBJ_X9_62_prime256v1="\x2A\x86\x48\xCE\x3D\x03\x01\x07" +OBJ_ecdsa_with_SHA1="\x2A\x86\x48\xCE\x3D\x04\x01" +OBJ_ms_csp_name="\x2B\x06\x01\x04\x01\x82\x37\x11\x01" +OBJ_aes_128_ecb="\x60\x86\x48\x01\x65\x03\x04\x01\x01" +OBJ_aes_128_cbc="\x60\x86\x48\x01\x65\x03\x04\x01\x02" +OBJ_aes_128_ofb128="\x60\x86\x48\x01\x65\x03\x04\x01\x03" +OBJ_aes_128_cfb128="\x60\x86\x48\x01\x65\x03\x04\x01\x04" +OBJ_aes_192_ecb="\x60\x86\x48\x01\x65\x03\x04\x01\x15" +OBJ_aes_192_cbc="\x60\x86\x48\x01\x65\x03\x04\x01\x16" +OBJ_aes_192_ofb128="\x60\x86\x48\x01\x65\x03\x04\x01\x17" +OBJ_aes_192_cfb128="\x60\x86\x48\x01\x65\x03\x04\x01\x18" +OBJ_aes_256_ecb="\x60\x86\x48\x01\x65\x03\x04\x01\x29" +OBJ_aes_256_cbc="\x60\x86\x48\x01\x65\x03\x04\x01\x2A" +OBJ_aes_256_ofb128="\x60\x86\x48\x01\x65\x03\x04\x01\x2B" +OBJ_aes_256_cfb128="\x60\x86\x48\x01\x65\x03\x04\x01\x2C" +OBJ_hold_instruction_code="\x55\x1D\x17" +OBJ_hold_instruction_none="\x2A\x86\x48\xCE\x38\x02\x01" +OBJ_hold_instruction_call_issuer="\x2A\x86\x48\xCE\x38\x02\x02" +OBJ_hold_instruction_reject="\x2A\x86\x48\xCE\x38\x02\x03" +OBJ_data="\x09" +OBJ_pss="\x09\x92\x26" +OBJ_ucl="\x09\x92\x26\x89\x93\xF2\x2C" +OBJ_pilot="\x09\x92\x26\x89\x93\xF2\x2C\x64" +OBJ_pilotAttributeType="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01" +OBJ_pilotAttributeSyntax="\x09\x92\x26\x89\x93\xF2\x2C\x64\x03" +OBJ_pilotObjectClass="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04" +OBJ_pilotGroups="\x09\x92\x26\x89\x93\xF2\x2C\x64\x0A" +OBJ_iA5StringSyntax="\x09\x92\x26\x89\x93\xF2\x2C\x64\x03\x04" +OBJ_caseIgnoreIA5StringSyntax="\x09\x92\x26\x89\x93\xF2\x2C\x64\x03\x05" +OBJ_pilotObject="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x03" +OBJ_pilotPerson="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x04" +OBJ_account="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x05" +OBJ_document="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x06" +OBJ_room="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x07" +OBJ_documentSeries="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x09" +OBJ_rFC822localPart="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x0E" +OBJ_dNSDomain="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x0F" +OBJ_domainRelatedObject="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x11" +OBJ_friendlyCountry="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x12" +OBJ_simpleSecurityObject="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x13" +OBJ_pilotOrganization="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x14" +OBJ_pilotDSA="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x15" +OBJ_qualityLabelledData="\x09\x92\x26\x89\x93\xF2\x2C\x64\x04\x16" +OBJ_userId="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x01" +OBJ_textEncodedORAddress="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x02" +OBJ_rfc822Mailbox="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x03" +OBJ_info="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x04" +OBJ_favouriteDrink="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x05" +OBJ_roomNumber="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x06" +OBJ_photo="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x07" +OBJ_userClass="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x08" +OBJ_host="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x09" +OBJ_manager="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x0A" +OBJ_documentIdentifier="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x0B" +OBJ_documentTitle="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x0C" +OBJ_documentVersion="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x0D" +OBJ_documentAuthor="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x0E" +OBJ_documentLocation="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x0F" +OBJ_homeTelephoneNumber="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x14" +OBJ_secretary="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x15" +OBJ_otherMailbox="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x16" +OBJ_lastModifiedTime="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x17" +OBJ_lastModifiedBy="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x18" +OBJ_aRecord="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x1A" +OBJ_pilotAttributeType27="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x1B" +OBJ_mXRecord="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x1C" +OBJ_nSRecord="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x1D" +OBJ_sOARecord="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x1E" +OBJ_cNAMERecord="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x1F" +OBJ_associatedDomain="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x25" +OBJ_associatedName="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x26" +OBJ_homePostalAddress="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x27" +OBJ_personalTitle="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x28" +OBJ_mobileTelephoneNumber="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x29" +OBJ_pagerTelephoneNumber="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x2A" +OBJ_friendlyCountryName="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x2B" +OBJ_organizationalStatus="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x2D" +OBJ_janetMailbox="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x2E" +OBJ_mailPreferenceOption="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x2F" +OBJ_buildingName="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x30" +OBJ_dSAQuality="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x31" +OBJ_singleLevelQuality="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x32" +OBJ_subtreeMinimumQuality="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x33" +OBJ_subtreeMaximumQuality="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x34" +OBJ_personalSignature="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x35" +OBJ_dITRedirect="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x36" +OBJ_audio="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x37" +OBJ_documentPublisher="\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x38" +OBJ_x500UniqueIdentifier="\x55\x04\x2D" +OBJ_mime_mhs="\x2B\x06\x01\x07\x01" +OBJ_mime_mhs_headings="\x2B\x06\x01\x07\x01\x01" +OBJ_mime_mhs_bodies="\x2B\x06\x01\x07\x01\x02" +OBJ_id_hex_partial_message="\x2B\x06\x01\x07\x01\x01\x01" +OBJ_id_hex_multipart_message="\x2B\x06\x01\x07\x01\x01\x02" +OBJ_generationQualifier="\x55\x04\x2C" +OBJ_pseudonym="\x55\x04\x41" +OBJ_id_set="\x67\x2A" +OBJ_set_ctype="\x67\x2A\x00" +OBJ_set_msgExt="\x67\x2A\x01" +OBJ_set_attr="\x67\x2A\x03" +OBJ_set_policy="\x67\x2A\x05" +OBJ_set_certExt="\x67\x2A\x07" +OBJ_set_brand="\x67\x2A\x08" +OBJ_setct_PANData="\x67\x2A\x00\x00" +OBJ_setct_PANToken="\x67\x2A\x00\x01" +OBJ_setct_PANOnly="\x67\x2A\x00\x02" +OBJ_setct_OIData="\x67\x2A\x00\x03" +OBJ_setct_PI="\x67\x2A\x00\x04" +OBJ_setct_PIData="\x67\x2A\x00\x05" +OBJ_setct_PIDataUnsigned="\x67\x2A\x00\x06" +OBJ_setct_HODInput="\x67\x2A\x00\x07" +OBJ_setct_AuthResBaggage="\x67\x2A\x00\x08" +OBJ_setct_AuthRevReqBaggage="\x67\x2A\x00\x09" +OBJ_setct_AuthRevResBaggage="\x67\x2A\x00\x0A" +OBJ_setct_CapTokenSeq="\x67\x2A\x00\x0B" +OBJ_setct_PInitResData="\x67\x2A\x00\x0C" +OBJ_setct_PI_TBS="\x67\x2A\x00\x0D" +OBJ_setct_PResData="\x67\x2A\x00\x0E" +OBJ_setct_AuthReqTBS="\x67\x2A\x00\x10" +OBJ_setct_AuthResTBS="\x67\x2A\x00\x11" +OBJ_setct_AuthResTBSX="\x67\x2A\x00\x12" +OBJ_setct_AuthTokenTBS="\x67\x2A\x00\x13" +OBJ_setct_CapTokenData="\x67\x2A\x00\x14" +OBJ_setct_CapTokenTBS="\x67\x2A\x00\x15" +OBJ_setct_AcqCardCodeMsg="\x67\x2A\x00\x16" +OBJ_setct_AuthRevReqTBS="\x67\x2A\x00\x17" +OBJ_setct_AuthRevResData="\x67\x2A\x00\x18" +OBJ_setct_AuthRevResTBS="\x67\x2A\x00\x19" +OBJ_setct_CapReqTBS="\x67\x2A\x00\x1A" +OBJ_setct_CapReqTBSX="\x67\x2A\x00\x1B" +OBJ_setct_CapResData="\x67\x2A\x00\x1C" +OBJ_setct_CapRevReqTBS="\x67\x2A\x00\x1D" +OBJ_setct_CapRevReqTBSX="\x67\x2A\x00\x1E" +OBJ_setct_CapRevResData="\x67\x2A\x00\x1F" +OBJ_setct_CredReqTBS="\x67\x2A\x00\x20" +OBJ_setct_CredReqTBSX="\x67\x2A\x00\x21" +OBJ_setct_CredResData="\x67\x2A\x00\x22" +OBJ_setct_CredRevReqTBS="\x67\x2A\x00\x23" +OBJ_setct_CredRevReqTBSX="\x67\x2A\x00\x24" +OBJ_setct_CredRevResData="\x67\x2A\x00\x25" +OBJ_setct_PCertReqData="\x67\x2A\x00\x26" +OBJ_setct_PCertResTBS="\x67\x2A\x00\x27" +OBJ_setct_BatchAdminReqData="\x67\x2A\x00\x28" +OBJ_setct_BatchAdminResData="\x67\x2A\x00\x29" +OBJ_setct_CardCInitResTBS="\x67\x2A\x00\x2A" +OBJ_setct_MeAqCInitResTBS="\x67\x2A\x00\x2B" +OBJ_setct_RegFormResTBS="\x67\x2A\x00\x2C" +OBJ_setct_CertReqData="\x67\x2A\x00\x2D" +OBJ_setct_CertReqTBS="\x67\x2A\x00\x2E" +OBJ_setct_CertResData="\x67\x2A\x00\x2F" +OBJ_setct_CertInqReqTBS="\x67\x2A\x00\x30" +OBJ_setct_ErrorTBS="\x67\x2A\x00\x31" +OBJ_setct_PIDualSignedTBE="\x67\x2A\x00\x32" +OBJ_setct_PIUnsignedTBE="\x67\x2A\x00\x33" +OBJ_setct_AuthReqTBE="\x67\x2A\x00\x34" +OBJ_setct_AuthResTBE="\x67\x2A\x00\x35" +OBJ_setct_AuthResTBEX="\x67\x2A\x00\x36" +OBJ_setct_AuthTokenTBE="\x67\x2A\x00\x37" +OBJ_setct_CapTokenTBE="\x67\x2A\x00\x38" +OBJ_setct_CapTokenTBEX="\x67\x2A\x00\x39" +OBJ_setct_AcqCardCodeMsgTBE="\x67\x2A\x00\x3A" +OBJ_setct_AuthRevReqTBE="\x67\x2A\x00\x3B" +OBJ_setct_AuthRevResTBE="\x67\x2A\x00\x3C" +OBJ_setct_AuthRevResTBEB="\x67\x2A\x00\x3D" +OBJ_setct_CapReqTBE="\x67\x2A\x00\x3E" +OBJ_setct_CapReqTBEX="\x67\x2A\x00\x3F" +OBJ_setct_CapResTBE="\x67\x2A\x00\x40" +OBJ_setct_CapRevReqTBE="\x67\x2A\x00\x41" +OBJ_setct_CapRevReqTBEX="\x67\x2A\x00\x42" +OBJ_setct_CapRevResTBE="\x67\x2A\x00\x43" +OBJ_setct_CredReqTBE="\x67\x2A\x00\x44" +OBJ_setct_CredReqTBEX="\x67\x2A\x00\x45" +OBJ_setct_CredResTBE="\x67\x2A\x00\x46" +OBJ_setct_CredRevReqTBE="\x67\x2A\x00\x47" +OBJ_setct_CredRevReqTBEX="\x67\x2A\x00\x48" +OBJ_setct_CredRevResTBE="\x67\x2A\x00\x49" +OBJ_setct_BatchAdminReqTBE="\x67\x2A\x00\x4A" +OBJ_setct_BatchAdminResTBE="\x67\x2A\x00\x4B" +OBJ_setct_RegFormReqTBE="\x67\x2A\x00\x4C" +OBJ_setct_CertReqTBE="\x67\x2A\x00\x4D" +OBJ_setct_CertReqTBEX="\x67\x2A\x00\x4E" +OBJ_setct_CertResTBE="\x67\x2A\x00\x4F" +OBJ_setct_CRLNotificationTBS="\x67\x2A\x00\x50" +OBJ_setct_CRLNotificationResTBS="\x67\x2A\x00\x51" +OBJ_setct_BCIDistributionTBS="\x67\x2A\x00\x52" +OBJ_setext_genCrypt="\x67\x2A\x01\x01" +OBJ_setext_miAuth="\x67\x2A\x01\x03" +OBJ_setext_pinSecure="\x67\x2A\x01\x04" +OBJ_setext_pinAny="\x67\x2A\x01\x05" +OBJ_setext_track2="\x67\x2A\x01\x07" +OBJ_setext_cv="\x67\x2A\x01\x08" +OBJ_set_policy_root="\x67\x2A\x05\x00" +OBJ_setCext_hashedRoot="\x67\x2A\x07\x00" +OBJ_setCext_certType="\x67\x2A\x07\x01" +OBJ_setCext_merchData="\x67\x2A\x07\x02" +OBJ_setCext_cCertRequired="\x67\x2A\x07\x03" +OBJ_setCext_tunneling="\x67\x2A\x07\x04" +OBJ_setCext_setExt="\x67\x2A\x07\x05" +OBJ_setCext_setQualf="\x67\x2A\x07\x06" +OBJ_setCext_PGWYcapabilities="\x67\x2A\x07\x07" +OBJ_setCext_TokenIdentifier="\x67\x2A\x07\x08" +OBJ_setCext_Track2Data="\x67\x2A\x07\x09" +OBJ_setCext_TokenType="\x67\x2A\x07\x0A" +OBJ_setCext_IssuerCapabilities="\x67\x2A\x07\x0B" +OBJ_setAttr_Cert="\x67\x2A\x03\x00" +OBJ_setAttr_PGWYcap="\x67\x2A\x03\x01" +OBJ_setAttr_TokenType="\x67\x2A\x03\x02" +OBJ_setAttr_IssCap="\x67\x2A\x03\x03" +OBJ_set_rootKeyThumb="\x67\x2A\x03\x00\x00" +OBJ_set_addPolicy="\x67\x2A\x03\x00\x01" +OBJ_setAttr_Token_EMV="\x67\x2A\x03\x02\x01" +OBJ_setAttr_Token_B0Prime="\x67\x2A\x03\x02\x02" +OBJ_setAttr_IssCap_CVM="\x67\x2A\x03\x03\x03" +OBJ_setAttr_IssCap_T2="\x67\x2A\x03\x03\x04" +OBJ_setAttr_IssCap_Sig="\x67\x2A\x03\x03\x05" +OBJ_setAttr_GenCryptgrm="\x67\x2A\x03\x03\x03\x01" +OBJ_setAttr_T2Enc="\x67\x2A\x03\x03\x04\x01" +OBJ_setAttr_T2cleartxt="\x67\x2A\x03\x03\x04\x02" +OBJ_setAttr_TokICCsig="\x67\x2A\x03\x03\x05\x01" +OBJ_setAttr_SecDevSig="\x67\x2A\x03\x03\x05\x02" +OBJ_set_brand_IATA_ATA="\x67\x2A\x08\x01" +OBJ_set_brand_Diners="\x67\x2A\x08\x1E" +OBJ_set_brand_AmericanExpress="\x67\x2A\x08\x22" +OBJ_set_brand_JCB="\x67\x2A\x08\x23" +OBJ_set_brand_Visa="\x67\x2A\x08\x04" +OBJ_set_brand_MasterCard="\x67\x2A\x08\x05" +OBJ_set_brand_Novus="\x67\x2A\x08\xAE\x7B" +OBJ_des_cdmf="\x2A\x86\x48\x86\xF7\x0D\x03\x0A" +OBJ_rsaOAEPEncryptionSET="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x06" +OBJ_international_organizations="\x67" +OBJ_ms_smartcard_login="\x2B\x06\x01\x04\x01\x82\x37\x14\x02\x02" +OBJ_ms_upn="\x2B\x06\x01\x04\x01\x82\x37\x14\x02\x03" +OBJ_streetAddress="\x55\x04\x09" +OBJ_postalCode="\x55\x04\x11" +OBJ_id_ppl="\x2B\x06\x01\x05\x05\x07\x15" +OBJ_proxyCertInfo="\x2B\x06\x01\x05\x05\x07\x01\x0E" +OBJ_id_ppl_anyLanguage="\x2B\x06\x01\x05\x05\x07\x15\x00" +OBJ_id_ppl_inheritAll="\x2B\x06\x01\x05\x05\x07\x15\x01" +OBJ_name_constraints="\x55\x1D\x1E" +OBJ_Independent="\x2B\x06\x01\x05\x05\x07\x15\x02" +OBJ_sha256WithRSAEncryption="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B" +OBJ_sha384WithRSAEncryption="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0C" +OBJ_sha512WithRSAEncryption="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0D" +OBJ_sha224WithRSAEncryption="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0E" +OBJ_sha256="\x60\x86\x48\x01\x65\x03\x04\x02\x01" +OBJ_sha384="\x60\x86\x48\x01\x65\x03\x04\x02\x02" +OBJ_sha512="\x60\x86\x48\x01\x65\x03\x04\x02\x03" +OBJ_sha224="\x60\x86\x48\x01\x65\x03\x04\x02\x04" +OBJ_identified_organization="\x2B" +OBJ_certicom_arc="\x2B\x81\x04" +OBJ_wap="\x67\x2B" +OBJ_wap_wsg="\x67\x2B\x01" +OBJ_X9_62_id_characteristic_two_basis="\x2A\x86\x48\xCE\x3D\x01\x02\x03" +OBJ_X9_62_onBasis="\x2A\x86\x48\xCE\x3D\x01\x02\x03\x01" +OBJ_X9_62_tpBasis="\x2A\x86\x48\xCE\x3D\x01\x02\x03\x02" +OBJ_X9_62_ppBasis="\x2A\x86\x48\xCE\x3D\x01\x02\x03\x03" +OBJ_X9_62_c2pnb163v1="\x2A\x86\x48\xCE\x3D\x03\x00\x01" +OBJ_X9_62_c2pnb163v2="\x2A\x86\x48\xCE\x3D\x03\x00\x02" +OBJ_X9_62_c2pnb163v3="\x2A\x86\x48\xCE\x3D\x03\x00\x03" +OBJ_X9_62_c2pnb176v1="\x2A\x86\x48\xCE\x3D\x03\x00\x04" +OBJ_X9_62_c2tnb191v1="\x2A\x86\x48\xCE\x3D\x03\x00\x05" +OBJ_X9_62_c2tnb191v2="\x2A\x86\x48\xCE\x3D\x03\x00\x06" +OBJ_X9_62_c2tnb191v3="\x2A\x86\x48\xCE\x3D\x03\x00\x07" +OBJ_X9_62_c2onb191v4="\x2A\x86\x48\xCE\x3D\x03\x00\x08" +OBJ_X9_62_c2onb191v5="\x2A\x86\x48\xCE\x3D\x03\x00\x09" +OBJ_X9_62_c2pnb208w1="\x2A\x86\x48\xCE\x3D\x03\x00\x0A" +OBJ_X9_62_c2tnb239v1="\x2A\x86\x48\xCE\x3D\x03\x00\x0B" +OBJ_X9_62_c2tnb239v2="\x2A\x86\x48\xCE\x3D\x03\x00\x0C" +OBJ_X9_62_c2tnb239v3="\x2A\x86\x48\xCE\x3D\x03\x00\x0D" +OBJ_X9_62_c2onb239v4="\x2A\x86\x48\xCE\x3D\x03\x00\x0E" +OBJ_X9_62_c2onb239v5="\x2A\x86\x48\xCE\x3D\x03\x00\x0F" +OBJ_X9_62_c2pnb272w1="\x2A\x86\x48\xCE\x3D\x03\x00\x10" +OBJ_X9_62_c2pnb304w1="\x2A\x86\x48\xCE\x3D\x03\x00\x11" +OBJ_X9_62_c2tnb359v1="\x2A\x86\x48\xCE\x3D\x03\x00\x12" +OBJ_X9_62_c2pnb368w1="\x2A\x86\x48\xCE\x3D\x03\x00\x13" +OBJ_X9_62_c2tnb431r1="\x2A\x86\x48\xCE\x3D\x03\x00\x14" +OBJ_secp112r1="\x2B\x81\x04\x00\x06" +OBJ_secp112r2="\x2B\x81\x04\x00\x07" +OBJ_secp128r1="\x2B\x81\x04\x00\x1C" +OBJ_secp128r2="\x2B\x81\x04\x00\x1D" +OBJ_secp160k1="\x2B\x81\x04\x00\x09" +OBJ_secp160r1="\x2B\x81\x04\x00\x08" +OBJ_secp160r2="\x2B\x81\x04\x00\x1E" +OBJ_secp192k1="\x2B\x81\x04\x00\x1F" +OBJ_secp224k1="\x2B\x81\x04\x00\x20" +OBJ_secp224r1="\x2B\x81\x04\x00\x21" +OBJ_secp256k1="\x2B\x81\x04\x00\x0A" +OBJ_secp384r1="\x2B\x81\x04\x00\x22" +OBJ_secp521r1="\x2B\x81\x04\x00\x23" +OBJ_sect113r1="\x2B\x81\x04\x00\x04" +OBJ_sect113r2="\x2B\x81\x04\x00\x05" +OBJ_sect131r1="\x2B\x81\x04\x00\x16" +OBJ_sect131r2="\x2B\x81\x04\x00\x17" +OBJ_sect163k1="\x2B\x81\x04\x00\x01" +OBJ_sect163r1="\x2B\x81\x04\x00\x02" +OBJ_sect163r2="\x2B\x81\x04\x00\x0F" +OBJ_sect193r1="\x2B\x81\x04\x00\x18" +OBJ_sect193r2="\x2B\x81\x04\x00\x19" +OBJ_sect233k1="\x2B\x81\x04\x00\x1A" +OBJ_sect233r1="\x2B\x81\x04\x00\x1B" +OBJ_sect239k1="\x2B\x81\x04\x00\x03" +OBJ_sect283k1="\x2B\x81\x04\x00\x10" +OBJ_sect283r1="\x2B\x81\x04\x00\x11" +OBJ_sect409k1="\x2B\x81\x04\x00\x24" +OBJ_sect409r1="\x2B\x81\x04\x00\x25" +OBJ_sect571k1="\x2B\x81\x04\x00\x26" +OBJ_sect571r1="\x2B\x81\x04\x00\x27" +OBJ_wap_wsg_idm_ecid_wtls1="\x67\x2B\x01\x04\x01" +OBJ_wap_wsg_idm_ecid_wtls3="\x67\x2B\x01\x04\x03" +OBJ_wap_wsg_idm_ecid_wtls4="\x67\x2B\x01\x04\x04" +OBJ_wap_wsg_idm_ecid_wtls5="\x67\x2B\x01\x04\x05" +OBJ_wap_wsg_idm_ecid_wtls6="\x67\x2B\x01\x04\x06" +OBJ_wap_wsg_idm_ecid_wtls7="\x67\x2B\x01\x04\x07" +OBJ_wap_wsg_idm_ecid_wtls8="\x67\x2B\x01\x04\x08" +OBJ_wap_wsg_idm_ecid_wtls9="\x67\x2B\x01\x04\x09" +OBJ_wap_wsg_idm_ecid_wtls10="\x67\x2B\x01\x04\x0A" +OBJ_wap_wsg_idm_ecid_wtls11="\x67\x2B\x01\x04\x0B" +OBJ_wap_wsg_idm_ecid_wtls12="\x67\x2B\x01\x04\x0C" +OBJ_any_policy="\x55\x1D\x20\x00" +OBJ_policy_mappings="\x55\x1D\x21" +OBJ_inhibit_any_policy="\x55\x1D\x36" +OBJ_camellia_128_cbc="\x2A\x83\x08\x8C\x9A\x4B\x3D\x01\x01\x01\x02" +OBJ_camellia_192_cbc="\x2A\x83\x08\x8C\x9A\x4B\x3D\x01\x01\x01\x03" +OBJ_camellia_256_cbc="\x2A\x83\x08\x8C\x9A\x4B\x3D\x01\x01\x01\x04" +OBJ_camellia_128_ecb="\x03\xA2\x31\x05\x03\x01\x09\x01" +OBJ_camellia_192_ecb="\x03\xA2\x31\x05\x03\x01\x09\x15" +OBJ_camellia_256_ecb="\x03\xA2\x31\x05\x03\x01\x09\x29" +OBJ_camellia_128_cfb128="\x03\xA2\x31\x05\x03\x01\x09\x04" +OBJ_camellia_192_cfb128="\x03\xA2\x31\x05\x03\x01\x09\x18" +OBJ_camellia_256_cfb128="\x03\xA2\x31\x05\x03\x01\x09\x2C" +OBJ_camellia_128_ofb128="\x03\xA2\x31\x05\x03\x01\x09\x03" +OBJ_camellia_192_ofb128="\x03\xA2\x31\x05\x03\x01\x09\x17" +OBJ_camellia_256_ofb128="\x03\xA2\x31\x05\x03\x01\x09\x2B" +OBJ_subject_directory_attributes="\x55\x1D\x09" +OBJ_issuing_distribution_point="\x55\x1D\x1C" +OBJ_certificate_issuer="\x55\x1D\x1D" +OBJ_kisa="\x2A\x83\x1A\x8C\x9A\x44" +OBJ_seed_ecb="\x2A\x83\x1A\x8C\x9A\x44\x01\x03" +OBJ_seed_cbc="\x2A\x83\x1A\x8C\x9A\x44\x01\x04" +OBJ_seed_ofb128="\x2A\x83\x1A\x8C\x9A\x44\x01\x06" +OBJ_seed_cfb128="\x2A\x83\x1A\x8C\x9A\x44\x01\x05" +OBJ_hmac_md5="\x2B\x06\x01\x05\x05\x08\x01\x01" +OBJ_hmac_sha1="\x2B\x06\x01\x05\x05\x08\x01\x02" +OBJ_id_PasswordBasedMAC="\x2A\x86\x48\x86\xF6\x7D\x07\x42\x0D" +OBJ_id_DHBasedMac="\x2A\x86\x48\x86\xF6\x7D\x07\x42\x1E" +OBJ_id_it_suppLangTags="\x2B\x06\x01\x05\x05\x07\x04\x10" +OBJ_caRepository="\x2B\x06\x01\x05\x05\x07\x30\x05" +OBJ_id_smime_ct_compressedData="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x09" +OBJ_id_ct_asciiTextWithCRLF="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x1B" +OBJ_id_aes128_wrap="\x60\x86\x48\x01\x65\x03\x04\x01\x05" +OBJ_id_aes192_wrap="\x60\x86\x48\x01\x65\x03\x04\x01\x19" +OBJ_id_aes256_wrap="\x60\x86\x48\x01\x65\x03\x04\x01\x2D" +OBJ_ecdsa_with_Recommended="\x2A\x86\x48\xCE\x3D\x04\x02" +OBJ_ecdsa_with_Specified="\x2A\x86\x48\xCE\x3D\x04\x03" +OBJ_ecdsa_with_SHA224="\x2A\x86\x48\xCE\x3D\x04\x03\x01" +OBJ_ecdsa_with_SHA256="\x2A\x86\x48\xCE\x3D\x04\x03\x02" +OBJ_ecdsa_with_SHA384="\x2A\x86\x48\xCE\x3D\x04\x03\x03" +OBJ_ecdsa_with_SHA512="\x2A\x86\x48\xCE\x3D\x04\x03\x04" +OBJ_hmacWithMD5="\x2A\x86\x48\x86\xF7\x0D\x02\x06" +OBJ_hmacWithSHA224="\x2A\x86\x48\x86\xF7\x0D\x02\x08" +OBJ_hmacWithSHA256="\x2A\x86\x48\x86\xF7\x0D\x02\x09" +OBJ_hmacWithSHA384="\x2A\x86\x48\x86\xF7\x0D\x02\x0A" +OBJ_hmacWithSHA512="\x2A\x86\x48\x86\xF7\x0D\x02\x0B" +OBJ_dsa_with_SHA224="\x60\x86\x48\x01\x65\x03\x04\x03\x01" +OBJ_dsa_with_SHA256="\x60\x86\x48\x01\x65\x03\x04\x03\x02" +OBJ_whirlpool="\x28\xCF\x06\x03\x00\x37" +OBJ_cryptopro="\x2A\x85\x03\x02\x02" +OBJ_cryptocom="\x2A\x85\x03\x02\x09" +OBJ_id_GostR3411_94_with_GostR3410_2001="\x2A\x85\x03\x02\x02\x03" +OBJ_id_GostR3411_94_with_GostR3410_94="\x2A\x85\x03\x02\x02\x04" +OBJ_id_GostR3411_94="\x2A\x85\x03\x02\x02\x09" +OBJ_id_HMACGostR3411_94="\x2A\x85\x03\x02\x02\x0A" +OBJ_id_GostR3410_2001="\x2A\x85\x03\x02\x02\x13" +OBJ_id_GostR3410_94="\x2A\x85\x03\x02\x02\x14" +OBJ_id_Gost28147_89="\x2A\x85\x03\x02\x02\x15" +OBJ_id_Gost28147_89_MAC="\x2A\x85\x03\x02\x02\x16" +OBJ_id_GostR3411_94_prf="\x2A\x85\x03\x02\x02\x17" +OBJ_id_GostR3410_2001DH="\x2A\x85\x03\x02\x02\x62" +OBJ_id_GostR3410_94DH="\x2A\x85\x03\x02\x02\x63" +OBJ_id_Gost28147_89_CryptoPro_KeyMeshing="\x2A\x85\x03\x02\x02\x0E\x01" +OBJ_id_Gost28147_89_None_KeyMeshing="\x2A\x85\x03\x02\x02\x0E\x00" +OBJ_id_GostR3411_94_TestParamSet="\x2A\x85\x03\x02\x02\x1E\x00" +OBJ_id_GostR3411_94_CryptoProParamSet="\x2A\x85\x03\x02\x02\x1E\x01" +OBJ_id_Gost28147_89_TestParamSet="\x2A\x85\x03\x02\x02\x1F\x00" +OBJ_id_Gost28147_89_CryptoPro_A_ParamSet="\x2A\x85\x03\x02\x02\x1F\x01" +OBJ_id_Gost28147_89_CryptoPro_B_ParamSet="\x2A\x85\x03\x02\x02\x1F\x02" +OBJ_id_Gost28147_89_CryptoPro_C_ParamSet="\x2A\x85\x03\x02\x02\x1F\x03" +OBJ_id_Gost28147_89_CryptoPro_D_ParamSet="\x2A\x85\x03\x02\x02\x1F\x04" +OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet="\x2A\x85\x03\x02\x02\x1F\x05" +OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet="\x2A\x85\x03\x02\x02\x1F\x06" +OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet="\x2A\x85\x03\x02\x02\x1F\x07" +OBJ_id_GostR3410_94_TestParamSet="\x2A\x85\x03\x02\x02\x20\x00" +OBJ_id_GostR3410_94_CryptoPro_A_ParamSet="\x2A\x85\x03\x02\x02\x20\x02" +OBJ_id_GostR3410_94_CryptoPro_B_ParamSet="\x2A\x85\x03\x02\x02\x20\x03" +OBJ_id_GostR3410_94_CryptoPro_C_ParamSet="\x2A\x85\x03\x02\x02\x20\x04" +OBJ_id_GostR3410_94_CryptoPro_D_ParamSet="\x2A\x85\x03\x02\x02\x20\x05" +OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet="\x2A\x85\x03\x02\x02\x21\x01" +OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet="\x2A\x85\x03\x02\x02\x21\x02" +OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet="\x2A\x85\x03\x02\x02\x21\x03" +OBJ_id_GostR3410_2001_TestParamSet="\x2A\x85\x03\x02\x02\x23\x00" +OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet="\x2A\x85\x03\x02\x02\x23\x01" +OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet="\x2A\x85\x03\x02\x02\x23\x02" +OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet="\x2A\x85\x03\x02\x02\x23\x03" +OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet="\x2A\x85\x03\x02\x02\x24\x00" +OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet="\x2A\x85\x03\x02\x02\x24\x01" +OBJ_id_GostR3410_94_a="\x2A\x85\x03\x02\x02\x14\x01" +OBJ_id_GostR3410_94_aBis="\x2A\x85\x03\x02\x02\x14\x02" +OBJ_id_GostR3410_94_b="\x2A\x85\x03\x02\x02\x14\x03" +OBJ_id_GostR3410_94_bBis="\x2A\x85\x03\x02\x02\x14\x04" +OBJ_id_Gost28147_89_cc="\x2A\x85\x03\x02\x09\x01\x06\x01" +OBJ_id_GostR3410_94_cc="\x2A\x85\x03\x02\x09\x01\x05\x03" +OBJ_id_GostR3410_2001_cc="\x2A\x85\x03\x02\x09\x01\x05\x04" +OBJ_id_GostR3411_94_with_GostR3410_94_cc="\x2A\x85\x03\x02\x09\x01\x03\x03" +OBJ_id_GostR3411_94_with_GostR3410_2001_cc="\x2A\x85\x03\x02\x09\x01\x03\x04" +OBJ_id_GostR3410_2001_ParamSet_cc="\x2A\x85\x03\x02\x09\x01\x08\x01" +OBJ_LocalKeySet="\x2B\x06\x01\x04\x01\x82\x37\x11\x02" +OBJ_freshest_crl="\x55\x1D\x2E" +OBJ_id_on_permanentIdentifier="\x2B\x06\x01\x05\x05\x07\x08\x03" +OBJ_searchGuide="\x55\x04\x0E" +OBJ_businessCategory="\x55\x04\x0F" +OBJ_postalAddress="\x55\x04\x10" +OBJ_postOfficeBox="\x55\x04\x12" +OBJ_physicalDeliveryOfficeName="\x55\x04\x13" +OBJ_telephoneNumber="\x55\x04\x14" +OBJ_telexNumber="\x55\x04\x15" +OBJ_teletexTerminalIdentifier="\x55\x04\x16" +OBJ_facsimileTelephoneNumber="\x55\x04\x17" +OBJ_x121Address="\x55\x04\x18" +OBJ_internationaliSDNNumber="\x55\x04\x19" +OBJ_registeredAddress="\x55\x04\x1A" +OBJ_destinationIndicator="\x55\x04\x1B" +OBJ_preferredDeliveryMethod="\x55\x04\x1C" +OBJ_presentationAddress="\x55\x04\x1D" +OBJ_supportedApplicationContext="\x55\x04\x1E" +OBJ_member="\x55\x04\x1F" +OBJ_owner="\x55\x04\x20" +OBJ_roleOccupant="\x55\x04\x21" +OBJ_seeAlso="\x55\x04\x22" +OBJ_userPassword="\x55\x04\x23" +OBJ_userCertificate="\x55\x04\x24" +OBJ_cACertificate="\x55\x04\x25" +OBJ_authorityRevocationList="\x55\x04\x26" +OBJ_certificateRevocationList="\x55\x04\x27" +OBJ_crossCertificatePair="\x55\x04\x28" +OBJ_enhancedSearchGuide="\x55\x04\x2F" +OBJ_protocolInformation="\x55\x04\x30" +OBJ_distinguishedName="\x55\x04\x31" +OBJ_uniqueMember="\x55\x04\x32" +OBJ_houseIdentifier="\x55\x04\x33" +OBJ_supportedAlgorithms="\x55\x04\x34" +OBJ_deltaRevocationList="\x55\x04\x35" +OBJ_dmdName="\x55\x04\x36" +OBJ_id_alg_PWRI_KEK="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x03\x09" +OBJ_aes_128_gcm="\x60\x86\x48\x01\x65\x03\x04\x01\x06" +OBJ_aes_128_ccm="\x60\x86\x48\x01\x65\x03\x04\x01\x07" +OBJ_id_aes128_wrap_pad="\x60\x86\x48\x01\x65\x03\x04\x01\x08" +OBJ_aes_192_gcm="\x60\x86\x48\x01\x65\x03\x04\x01\x1A" +OBJ_aes_192_ccm="\x60\x86\x48\x01\x65\x03\x04\x01\x1B" +OBJ_id_aes192_wrap_pad="\x60\x86\x48\x01\x65\x03\x04\x01\x1C" +OBJ_aes_256_gcm="\x60\x86\x48\x01\x65\x03\x04\x01\x2E" +OBJ_aes_256_ccm="\x60\x86\x48\x01\x65\x03\x04\x01\x2F" +OBJ_id_aes256_wrap_pad="\x60\x86\x48\x01\x65\x03\x04\x01\x30" +OBJ_id_camellia128_wrap="\x2A\x83\x08\x8C\x9A\x4B\x3D\x01\x01\x03\x02" +OBJ_id_camellia192_wrap="\x2A\x83\x08\x8C\x9A\x4B\x3D\x01\x01\x03\x03" +OBJ_id_camellia256_wrap="\x2A\x83\x08\x8C\x9A\x4B\x3D\x01\x01\x03\x04" +OBJ_anyExtendedKeyUsage="\x55\x1D\x25\x00" +OBJ_mgf1="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x08" +OBJ_rsassaPss="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0A" +OBJ_aes_128_xts="\x2B\x6F\x02\x8C\x53\x00\x01\x01" +OBJ_aes_256_xts="\x2B\x6F\x02\x8C\x53\x00\x01\x02" +OBJ_rsaesOaep="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x07" +OBJ_dhpublicnumber="\x2A\x86\x48\xCE\x3E\x02\x01" +OBJ_brainpoolP160r1="\x2B\x24\x03\x03\x02\x08\x01\x01\x01" +OBJ_brainpoolP160t1="\x2B\x24\x03\x03\x02\x08\x01\x01\x02" +OBJ_brainpoolP192r1="\x2B\x24\x03\x03\x02\x08\x01\x01\x03" +OBJ_brainpoolP192t1="\x2B\x24\x03\x03\x02\x08\x01\x01\x04" +OBJ_brainpoolP224r1="\x2B\x24\x03\x03\x02\x08\x01\x01\x05" +OBJ_brainpoolP224t1="\x2B\x24\x03\x03\x02\x08\x01\x01\x06" +OBJ_brainpoolP256r1="\x2B\x24\x03\x03\x02\x08\x01\x01\x07" +OBJ_brainpoolP256t1="\x2B\x24\x03\x03\x02\x08\x01\x01\x08" +OBJ_brainpoolP320r1="\x2B\x24\x03\x03\x02\x08\x01\x01\x09" +OBJ_brainpoolP320t1="\x2B\x24\x03\x03\x02\x08\x01\x01\x0A" +OBJ_brainpoolP384r1="\x2B\x24\x03\x03\x02\x08\x01\x01\x0B" +OBJ_brainpoolP384t1="\x2B\x24\x03\x03\x02\x08\x01\x01\x0C" +OBJ_brainpoolP512r1="\x2B\x24\x03\x03\x02\x08\x01\x01\x0D" +OBJ_brainpoolP512t1="\x2B\x24\x03\x03\x02\x08\x01\x01\x0E" +OBJ_pSpecified="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x09" +OBJ_dhSinglePass_stdDH_sha1kdf_scheme="\x2B\x81\x05\x10\x86\x48\x3F\x00\x02" +OBJ_dhSinglePass_stdDH_sha224kdf_scheme="\x2B\x81\x04\x01\x0B\x00" +OBJ_dhSinglePass_stdDH_sha256kdf_scheme="\x2B\x81\x04\x01\x0B\x01" +OBJ_dhSinglePass_stdDH_sha384kdf_scheme="\x2B\x81\x04\x01\x0B\x02" +OBJ_dhSinglePass_stdDH_sha512kdf_scheme="\x2B\x81\x04\x01\x0B\x03" +OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme="\x2B\x81\x05\x10\x86\x48\x3F\x00\x03" +OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme="\x2B\x81\x04\x01\x0E\x00" +OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme="\x2B\x81\x04\x01\x0E\x01" +OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme="\x2B\x81\x04\x01\x0E\x02" +OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme="\x2B\x81\x04\x01\x0E\x03" +OBJ_ct_precert_scts="\x2B\x06\x01\x04\x01\xD6\x79\x02\x04\x02" +OBJ_ct_precert_poison="\x2B\x06\x01\x04\x01\xD6\x79\x02\x04\x03" +OBJ_ct_precert_signer="\x2B\x06\x01\x04\x01\xD6\x79\x02\x04\x04" +OBJ_ct_cert_scts="\x2B\x06\x01\x04\x01\xD6\x79\x02\x04\x05" +OBJ_jurisdictionLocalityName="\x2B\x06\x01\x04\x01\x82\x37\x3C\x02\x01\x01" +OBJ_jurisdictionStateOrProvinceName="\x2B\x06\x01\x04\x01\x82\x37\x3C\x02\x01\x02" +OBJ_jurisdictionCountryName="\x2B\x06\x01\x04\x01\x82\x37\x3C\x02\x01\x03" +OBJ_camellia_128_gcm="\x03\xA2\x31\x05\x03\x01\x09\x06" +OBJ_camellia_128_ccm="\x03\xA2\x31\x05\x03\x01\x09\x07" +OBJ_camellia_128_ctr="\x03\xA2\x31\x05\x03\x01\x09\x09" +OBJ_camellia_128_cmac="\x03\xA2\x31\x05\x03\x01\x09\x0A" +OBJ_camellia_192_gcm="\x03\xA2\x31\x05\x03\x01\x09\x1A" +OBJ_camellia_192_ccm="\x03\xA2\x31\x05\x03\x01\x09\x1B" +OBJ_camellia_192_ctr="\x03\xA2\x31\x05\x03\x01\x09\x1D" +OBJ_camellia_192_cmac="\x03\xA2\x31\x05\x03\x01\x09\x1E" +OBJ_camellia_256_gcm="\x03\xA2\x31\x05\x03\x01\x09\x2E" +OBJ_camellia_256_ccm="\x03\xA2\x31\x05\x03\x01\x09\x2F" +OBJ_camellia_256_ctr="\x03\xA2\x31\x05\x03\x01\x09\x31" +OBJ_camellia_256_cmac="\x03\xA2\x31\x05\x03\x01\x09\x32" +OBJ_id_scrypt="\x2B\x06\x01\x04\x01\xDA\x47\x04\x0B" +OBJ_id_tc26="\x2A\x85\x03\x07\x01" +OBJ_id_tc26_algorithms="\x2A\x85\x03\x07\x01\x01" +OBJ_id_tc26_sign="\x2A\x85\x03\x07\x01\x01\x01" +OBJ_id_GostR3410_2012_256="\x2A\x85\x03\x07\x01\x01\x01\x01" +OBJ_id_GostR3410_2012_512="\x2A\x85\x03\x07\x01\x01\x01\x02" +OBJ_id_tc26_digest="\x2A\x85\x03\x07\x01\x01\x02" +OBJ_id_GostR3411_2012_256="\x2A\x85\x03\x07\x01\x01\x02\x02" +OBJ_id_GostR3411_2012_512="\x2A\x85\x03\x07\x01\x01\x02\x03" +OBJ_id_tc26_signwithdigest="\x2A\x85\x03\x07\x01\x01\x03" +OBJ_id_tc26_signwithdigest_gost3410_2012_256="\x2A\x85\x03\x07\x01\x01\x03\x02" +OBJ_id_tc26_signwithdigest_gost3410_2012_512="\x2A\x85\x03\x07\x01\x01\x03\x03" +OBJ_id_tc26_mac="\x2A\x85\x03\x07\x01\x01\x04" +OBJ_id_tc26_hmac_gost_3411_2012_256="\x2A\x85\x03\x07\x01\x01\x04\x01" +OBJ_id_tc26_hmac_gost_3411_2012_512="\x2A\x85\x03\x07\x01\x01\x04\x02" +OBJ_id_tc26_cipher="\x2A\x85\x03\x07\x01\x01\x05" +OBJ_id_tc26_agreement="\x2A\x85\x03\x07\x01\x01\x06" +OBJ_id_tc26_agreement_gost_3410_2012_256="\x2A\x85\x03\x07\x01\x01\x06\x01" +OBJ_id_tc26_agreement_gost_3410_2012_512="\x2A\x85\x03\x07\x01\x01\x06\x02" +OBJ_id_tc26_constants="\x2A\x85\x03\x07\x01\x02" +OBJ_id_tc26_sign_constants="\x2A\x85\x03\x07\x01\x02\x01" +OBJ_id_tc26_gost_3410_2012_512_constants="\x2A\x85\x03\x07\x01\x02\x01\x02" +OBJ_id_tc26_gost_3410_2012_512_paramSetTest="\x2A\x85\x03\x07\x01\x02\x01\x02\x00" +OBJ_id_tc26_gost_3410_2012_512_paramSetA="\x2A\x85\x03\x07\x01\x02\x01\x02\x01" +OBJ_id_tc26_gost_3410_2012_512_paramSetB="\x2A\x85\x03\x07\x01\x02\x01\x02\x02" +OBJ_id_tc26_digest_constants="\x2A\x85\x03\x07\x01\x02\x02" +OBJ_id_tc26_cipher_constants="\x2A\x85\x03\x07\x01\x02\x05" +OBJ_id_tc26_gost_28147_constants="\x2A\x85\x03\x07\x01\x02\x05\x01" +OBJ_id_tc26_gost_28147_param_Z="\x2A\x85\x03\x07\x01\x02\x05\x01\x01" +OBJ_INN="\x2A\x85\x03\x03\x81\x03\x01\x01" +OBJ_OGRN="\x2A\x85\x03\x64\x01" +OBJ_SNILS="\x2A\x85\x03\x64\x03" +OBJ_subjectSignTool="\x2A\x85\x03\x64\x6F" +OBJ_issuerSignTool="\x2A\x85\x03\x64\x70" +OBJ_tlsfeature="\x2B\x06\x01\x05\x05\x07\x01\x18" +OBJ_ipsec_IKE="\x2B\x06\x01\x05\x05\x07\x03\x11" +OBJ_capwapAC="\x2B\x06\x01\x05\x05\x07\x03\x12" +OBJ_capwapWTP="\x2B\x06\x01\x05\x05\x07\x03\x13" +OBJ_sshClient="\x2B\x06\x01\x05\x05\x07\x03\x15" +OBJ_sshServer="\x2B\x06\x01\x05\x05\x07\x03\x16" +OBJ_sendRouter="\x2B\x06\x01\x05\x05\x07\x03\x17" +OBJ_sendProxiedRouter="\x2B\x06\x01\x05\x05\x07\x03\x18" +OBJ_sendOwner="\x2B\x06\x01\x05\x05\x07\x03\x19" +OBJ_sendProxiedOwner="\x2B\x06\x01\x05\x05\x07\x03\x1A" +OBJ_id_pkinit="\x2B\x06\x01\x05\x02\x03" +OBJ_pkInitClientAuth="\x2B\x06\x01\x05\x02\x03\x04" +OBJ_pkInitKDC="\x2B\x06\x01\x05\x02\x03\x05" +OBJ_X25519="\x2B\x65\x6E" +OBJ_X448="\x2B\x65\x6F" +OBJ_blake2b512="\x2B\x06\x01\x04\x01\x8D\x3A\x0C\x02\x01\x10" +OBJ_blake2s256="\x2B\x06\x01\x04\x01\x8D\x3A\x0C\x02\x02\x08" +OBJ_id_smime_ct_contentCollection="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x13" +OBJ_id_smime_ct_authEnvelopedData="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x17" +OBJ_id_ct_xml="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x1C" +OBJ_aria_128_ecb="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x01" +OBJ_aria_128_cbc="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x02" +OBJ_aria_128_cfb128="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x03" +OBJ_aria_128_ofb128="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x04" +OBJ_aria_128_ctr="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x05" +OBJ_aria_192_ecb="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x06" +OBJ_aria_192_cbc="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x07" +OBJ_aria_192_cfb128="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x08" +OBJ_aria_192_ofb128="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x09" +OBJ_aria_192_ctr="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x0A" +OBJ_aria_256_ecb="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x0B" +OBJ_aria_256_cbc="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x0C" +OBJ_aria_256_cfb128="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x0D" +OBJ_aria_256_ofb128="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x0E" +OBJ_aria_256_ctr="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x0F" +OBJ_id_smime_aa_signingCertificateV2="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x2F" +OBJ_ED25519="\x2B\x65\x70" +OBJ_ED448="\x2B\x65\x71" +OBJ_organizationIdentifier="\x55\x04\x61" +OBJ_countryCode3c="\x55\x04\x62" +OBJ_countryCode3n="\x55\x04\x63" +OBJ_dnsName="\x55\x04\x64" +OBJ_x509ExtAdmission="\x2B\x24\x08\x03\x03" +OBJ_sha512_224="\x60\x86\x48\x01\x65\x03\x04\x02\x05" +OBJ_sha512_256="\x60\x86\x48\x01\x65\x03\x04\x02\x06" +OBJ_sha3_224="\x60\x86\x48\x01\x65\x03\x04\x02\x07" +OBJ_sha3_256="\x60\x86\x48\x01\x65\x03\x04\x02\x08" +OBJ_sha3_384="\x60\x86\x48\x01\x65\x03\x04\x02\x09" +OBJ_sha3_512="\x60\x86\x48\x01\x65\x03\x04\x02\x0A" +OBJ_shake128="\x60\x86\x48\x01\x65\x03\x04\x02\x0B" +OBJ_shake256="\x60\x86\x48\x01\x65\x03\x04\x02\x0C" +OBJ_hmac_sha3_224="\x60\x86\x48\x01\x65\x03\x04\x02\x0D" +OBJ_hmac_sha3_256="\x60\x86\x48\x01\x65\x03\x04\x02\x0E" +OBJ_hmac_sha3_384="\x60\x86\x48\x01\x65\x03\x04\x02\x0F" +OBJ_hmac_sha3_512="\x60\x86\x48\x01\x65\x03\x04\x02\x10" +OBJ_dsa_with_SHA384="\x60\x86\x48\x01\x65\x03\x04\x03\x03" +OBJ_dsa_with_SHA512="\x60\x86\x48\x01\x65\x03\x04\x03\x04" +OBJ_dsa_with_SHA3_224="\x60\x86\x48\x01\x65\x03\x04\x03\x05" +OBJ_dsa_with_SHA3_256="\x60\x86\x48\x01\x65\x03\x04\x03\x06" +OBJ_dsa_with_SHA3_384="\x60\x86\x48\x01\x65\x03\x04\x03\x07" +OBJ_dsa_with_SHA3_512="\x60\x86\x48\x01\x65\x03\x04\x03\x08" +OBJ_ecdsa_with_SHA3_224="\x60\x86\x48\x01\x65\x03\x04\x03\x09" +OBJ_ecdsa_with_SHA3_256="\x60\x86\x48\x01\x65\x03\x04\x03\x0A" +OBJ_ecdsa_with_SHA3_384="\x60\x86\x48\x01\x65\x03\x04\x03\x0B" +OBJ_ecdsa_with_SHA3_512="\x60\x86\x48\x01\x65\x03\x04\x03\x0C" +OBJ_RSA_SHA3_224="\x60\x86\x48\x01\x65\x03\x04\x03\x0D" +OBJ_RSA_SHA3_256="\x60\x86\x48\x01\x65\x03\x04\x03\x0E" +OBJ_RSA_SHA3_384="\x60\x86\x48\x01\x65\x03\x04\x03\x0F" +OBJ_RSA_SHA3_512="\x60\x86\x48\x01\x65\x03\x04\x03\x10" +OBJ_aria_128_ccm="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x25" +OBJ_aria_192_ccm="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x26" +OBJ_aria_256_ccm="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x27" +OBJ_aria_128_gcm="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x22" +OBJ_aria_192_gcm="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x23" +OBJ_aria_256_gcm="\x2A\x83\x1A\x8C\x9A\x6E\x01\x01\x24" +OBJ_cmcCA="\x2B\x06\x01\x05\x05\x07\x03\x1B" +OBJ_cmcRA="\x2B\x06\x01\x05\x05\x07\x03\x1C" +OBJ_sm4_ecb="\x2A\x81\x1C\xCF\x55\x01\x68\x01" +OBJ_sm4_cbc="\x2A\x81\x1C\xCF\x55\x01\x68\x02" +OBJ_sm4_ofb128="\x2A\x81\x1C\xCF\x55\x01\x68\x03" +OBJ_sm4_cfb1="\x2A\x81\x1C\xCF\x55\x01\x68\x05" +OBJ_sm4_cfb128="\x2A\x81\x1C\xCF\x55\x01\x68\x04" +OBJ_sm4_cfb8="\x2A\x81\x1C\xCF\x55\x01\x68\x06" +OBJ_sm4_ctr="\x2A\x81\x1C\xCF\x55\x01\x68\x07" +OBJ_ISO_CN="\x2A\x81\x1C" +OBJ_oscca="\x2A\x81\x1C\xCF\x55" +OBJ_sm_scheme="\x2A\x81\x1C\xCF\x55\x01" +OBJ_sm3="\x2A\x81\x1C\xCF\x55\x01\x83\x11" +OBJ_sm3WithRSAEncryption="\x2A\x81\x1C\xCF\x55\x01\x83\x78" +OBJ_sha512_224WithRSAEncryption="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0F" +OBJ_sha512_256WithRSAEncryption="\x2A\x86\x48\x86\xF7\x0D\x01\x01\x10" +OBJ_id_tc26_gost_3410_2012_256_constants="\x2A\x85\x03\x07\x01\x02\x01\x01" +OBJ_id_tc26_gost_3410_2012_256_paramSetA="\x2A\x85\x03\x07\x01\x02\x01\x01\x01" +OBJ_id_tc26_gost_3410_2012_512_paramSetC="\x2A\x85\x03\x07\x01\x02\x01\x02\x03" +OBJ_ISO_UA="\x2A\x86\x24" +OBJ_ua_pki="\x2A\x86\x24\x02\x01\x01\x01" +OBJ_dstu28147="\x2A\x86\x24\x02\x01\x01\x01\x01\x01\x01" +OBJ_dstu28147_ofb="\x2A\x86\x24\x02\x01\x01\x01\x01\x01\x01\x02" +OBJ_dstu28147_cfb="\x2A\x86\x24\x02\x01\x01\x01\x01\x01\x01\x03" +OBJ_dstu28147_wrap="\x2A\x86\x24\x02\x01\x01\x01\x01\x01\x01\x05" +OBJ_hmacWithDstu34311="\x2A\x86\x24\x02\x01\x01\x01\x01\x01\x02" +OBJ_dstu34311="\x2A\x86\x24\x02\x01\x01\x01\x01\x02\x01" +OBJ_dstu4145le="\x2A\x86\x24\x02\x01\x01\x01\x01\x03\x01\x01" +OBJ_dstu4145be="\x2A\x86\x24\x02\x01\x01\x01\x01\x03\x01\x01\x01\x01" +OBJ_uacurve0="\x2A\x86\x24\x02\x01\x01\x01\x01\x03\x01\x01\x02\x00" +OBJ_uacurve1="\x2A\x86\x24\x02\x01\x01\x01\x01\x03\x01\x01\x02\x01" +OBJ_uacurve2="\x2A\x86\x24\x02\x01\x01\x01\x01\x03\x01\x01\x02\x02" +OBJ_uacurve3="\x2A\x86\x24\x02\x01\x01\x01\x01\x03\x01\x01\x02\x03" +OBJ_uacurve4="\x2A\x86\x24\x02\x01\x01\x01\x01\x03\x01\x01\x02\x04" +OBJ_uacurve5="\x2A\x86\x24\x02\x01\x01\x01\x01\x03\x01\x01\x02\x05" +OBJ_uacurve6="\x2A\x86\x24\x02\x01\x01\x01\x01\x03\x01\x01\x02\x06" +OBJ_uacurve7="\x2A\x86\x24\x02\x01\x01\x01\x01\x03\x01\x01\x02\x07" +OBJ_uacurve8="\x2A\x86\x24\x02\x01\x01\x01\x01\x03\x01\x01\x02\x08" +OBJ_uacurve9="\x2A\x86\x24\x02\x01\x01\x01\x01\x03\x01\x01\x02\x09" +OBJ_ieee="\x2B\x6F" +OBJ_ieee_siswg="\x2B\x6F\x02\x8C\x53" +OBJ_sm2="\x2A\x81\x1C\xCF\x55\x01\x82\x2D" +OBJ_id_tc26_cipher_gostr3412_2015_magma="\x2A\x85\x03\x07\x01\x01\x05\x01" +OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm="\x2A\x85\x03\x07\x01\x01\x05\x01\x01" +OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac="\x2A\x85\x03\x07\x01\x01\x05\x01\x02" +OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik="\x2A\x85\x03\x07\x01\x01\x05\x02" +OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm="\x2A\x85\x03\x07\x01\x01\x05\x02\x01" +OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac="\x2A\x85\x03\x07\x01\x01\x05\x02\x02" +OBJ_id_tc26_wrap="\x2A\x85\x03\x07\x01\x01\x07" +OBJ_id_tc26_wrap_gostr3412_2015_magma="\x2A\x85\x03\x07\x01\x01\x07\x01" +OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15="\x2A\x85\x03\x07\x01\x01\x07\x01\x01" +OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik="\x2A\x85\x03\x07\x01\x01\x07\x02" +OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15="\x2A\x85\x03\x07\x01\x01\x07\x01\x01" +OBJ_id_tc26_gost_3410_2012_256_paramSetB="\x2A\x85\x03\x07\x01\x02\x01\x01\x02" +OBJ_id_tc26_gost_3410_2012_256_paramSetC="\x2A\x85\x03\x07\x01\x02\x01\x01\x03" +OBJ_id_tc26_gost_3410_2012_256_paramSetD="\x2A\x85\x03\x07\x01\x02\x01\x01\x04" +OBJ_hmacWithSHA512_224="\x2A\x86\x48\x86\xF7\x0D\x02\x0C" +OBJ_hmacWithSHA512_256="\x2A\x86\x48\x86\xF7\x0D\x02\x0D" diff --git a/deps/openssl/openssl/fuzz/rand.inc b/deps/openssl/openssl/fuzz/rand.inc new file mode 100644 index 00000000000000..991e93552a642c --- /dev/null +++ b/deps/openssl/openssl/fuzz/rand.inc @@ -0,0 +1,38 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL licenses, (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * https://www.openssl.org/source/license.html + * or in the file LICENSE in the source distribution. + */ +#include + +static int fuzz_bytes(unsigned char *buf, int num) +{ + unsigned char val = 1; + + while (--num >= 0) + *buf++ = val++; + return 1; +} + +static int fuzz_status(void) +{ + return 1; +} + +static RAND_METHOD fuzz_rand_method = { + NULL, + fuzz_bytes, + NULL, + NULL, + fuzz_bytes, + fuzz_status +}; + +void FuzzerSetRand(void) +{ + RAND_set_rand_method(&fuzz_rand_method); +} diff --git a/deps/openssl/openssl/fuzz/server.c b/deps/openssl/openssl/fuzz/server.c index 35449d8caa8a76..2d392ac886aeb3 100644 --- a/deps/openssl/openssl/fuzz/server.c +++ b/deps/openssl/openssl/fuzz/server.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL licenses, (the "License"); * you may not use this file except in compliance with the License. @@ -12,12 +12,18 @@ /* Test first part of SSL server handshake. */ - +#include #include #include #include +#include +#include +#include +#include #include "fuzzer.h" +#include "rand.inc" + static const uint8_t kCertificateDER[] = { 0x30, 0x82, 0x02, 0xff, 0x30, 0x82, 0x01, 0xe7, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x11, 0x00, 0xb1, 0x84, 0xee, 0x34, 0x99, 0x98, 0x76, 0xfb, @@ -189,16 +195,352 @@ static const uint8_t kRSAPrivateKeyDER[] = { 0x98, 0x46, 0x89, 0x82, 0x40, }; -static SSL_CTX *ctx; -int FuzzerInitialize(int *argc, char ***argv) { - const uint8_t *bufp = kRSAPrivateKeyDER; +#ifndef OPENSSL_NO_EC +/* + * -----BEGIN EC PRIVATE KEY----- + * MHcCAQEEIJLyl7hJjpQL/RhP1x2zS79xdiPJQB683gWeqcqHPeZkoAoGCCqGSM49 + * AwEHoUQDQgAEdsjygVYjjaKBF4CNECVllNf017p5/MxNSWDoTHy9I2GeDwEDDazI + * D/xy8JiYjtPKVE/Zqwbmivp2UwtH28a7NQ== + * -----END EC PRIVATE KEY----- + */ +static const char ECDSAPrivateKeyPEM[] = { + 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x45, + 0x43, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, 0x54, 0x45, 0x20, 0x4b, 0x45, + 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a, 0x4d, 0x48, 0x63, 0x43, 0x41, + 0x51, 0x45, 0x45, 0x49, 0x4a, 0x4c, 0x79, 0x6c, 0x37, 0x68, 0x4a, 0x6a, + 0x70, 0x51, 0x4c, 0x2f, 0x52, 0x68, 0x50, 0x31, 0x78, 0x32, 0x7a, 0x53, + 0x37, 0x39, 0x78, 0x64, 0x69, 0x50, 0x4a, 0x51, 0x42, 0x36, 0x38, 0x33, + 0x67, 0x57, 0x65, 0x71, 0x63, 0x71, 0x48, 0x50, 0x65, 0x5a, 0x6b, 0x6f, + 0x41, 0x6f, 0x47, 0x43, 0x43, 0x71, 0x47, 0x53, 0x4d, 0x34, 0x39, 0x0a, + 0x41, 0x77, 0x45, 0x48, 0x6f, 0x55, 0x51, 0x44, 0x51, 0x67, 0x41, 0x45, + 0x64, 0x73, 0x6a, 0x79, 0x67, 0x56, 0x59, 0x6a, 0x6a, 0x61, 0x4b, 0x42, + 0x46, 0x34, 0x43, 0x4e, 0x45, 0x43, 0x56, 0x6c, 0x6c, 0x4e, 0x66, 0x30, + 0x31, 0x37, 0x70, 0x35, 0x2f, 0x4d, 0x78, 0x4e, 0x53, 0x57, 0x44, 0x6f, + 0x54, 0x48, 0x79, 0x39, 0x49, 0x32, 0x47, 0x65, 0x44, 0x77, 0x45, 0x44, + 0x44, 0x61, 0x7a, 0x49, 0x0a, 0x44, 0x2f, 0x78, 0x79, 0x38, 0x4a, 0x69, + 0x59, 0x6a, 0x74, 0x50, 0x4b, 0x56, 0x45, 0x2f, 0x5a, 0x71, 0x77, 0x62, + 0x6d, 0x69, 0x76, 0x70, 0x32, 0x55, 0x77, 0x74, 0x48, 0x32, 0x38, 0x61, + 0x37, 0x4e, 0x51, 0x3d, 0x3d, 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, + 0x4e, 0x44, 0x20, 0x45, 0x43, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, 0x54, + 0x45, 0x20, 0x4b, 0x45, 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a +}; + +/* + * -----BEGIN CERTIFICATE----- + * MIIBXzCCAQagAwIBAgIJAK6/Yvf/ain6MAoGCCqGSM49BAMCMBIxEDAOBgNVBAoM + * B0FjbWUgQ28wHhcNMTYxMjI1MTEzOTI3WhcNMjYxMjI1MTEzOTI3WjASMRAwDgYD + * VQQKDAdBY21lIENvMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdsjygVYjjaKB + * F4CNECVllNf017p5/MxNSWDoTHy9I2GeDwEDDazID/xy8JiYjtPKVE/Zqwbmivp2 + * UwtH28a7NaNFMEMwCQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYI + * KwYBBQUHAwEwFAYDVR0RBA0wC4IJbG9jYWxob3N0MAoGCCqGSM49BAMCA0cAMEQC + * IEzr3t/jejVE9oSnBp8c3P2p+lDLVRrB8zxLyjZvirUXAiAyQPaE9MNcL8/nRpuu + * 99I1enCSmWIAJ57IwuJ/n1d45Q== + * -----END CERTIFICATE----- + */ +static const char ECDSACertPEM[] = { + 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x43, + 0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d, + 0x2d, 0x2d, 0x2d, 0x0a, 0x4d, 0x49, 0x49, 0x42, 0x58, 0x7a, 0x43, 0x43, + 0x41, 0x51, 0x61, 0x67, 0x41, 0x77, 0x49, 0x42, 0x41, 0x67, 0x49, 0x4a, + 0x41, 0x4b, 0x36, 0x2f, 0x59, 0x76, 0x66, 0x2f, 0x61, 0x69, 0x6e, 0x36, + 0x4d, 0x41, 0x6f, 0x47, 0x43, 0x43, 0x71, 0x47, 0x53, 0x4d, 0x34, 0x39, + 0x42, 0x41, 0x4d, 0x43, 0x4d, 0x42, 0x49, 0x78, 0x45, 0x44, 0x41, 0x4f, + 0x42, 0x67, 0x4e, 0x56, 0x42, 0x41, 0x6f, 0x4d, 0x0a, 0x42, 0x30, 0x46, + 0x6a, 0x62, 0x57, 0x55, 0x67, 0x51, 0x32, 0x38, 0x77, 0x48, 0x68, 0x63, + 0x4e, 0x4d, 0x54, 0x59, 0x78, 0x4d, 0x6a, 0x49, 0x31, 0x4d, 0x54, 0x45, + 0x7a, 0x4f, 0x54, 0x49, 0x33, 0x57, 0x68, 0x63, 0x4e, 0x4d, 0x6a, 0x59, + 0x78, 0x4d, 0x6a, 0x49, 0x31, 0x4d, 0x54, 0x45, 0x7a, 0x4f, 0x54, 0x49, + 0x33, 0x57, 0x6a, 0x41, 0x53, 0x4d, 0x52, 0x41, 0x77, 0x44, 0x67, 0x59, + 0x44, 0x0a, 0x56, 0x51, 0x51, 0x4b, 0x44, 0x41, 0x64, 0x42, 0x59, 0x32, + 0x31, 0x6c, 0x49, 0x45, 0x4e, 0x76, 0x4d, 0x46, 0x6b, 0x77, 0x45, 0x77, + 0x59, 0x48, 0x4b, 0x6f, 0x5a, 0x49, 0x7a, 0x6a, 0x30, 0x43, 0x41, 0x51, + 0x59, 0x49, 0x4b, 0x6f, 0x5a, 0x49, 0x7a, 0x6a, 0x30, 0x44, 0x41, 0x51, + 0x63, 0x44, 0x51, 0x67, 0x41, 0x45, 0x64, 0x73, 0x6a, 0x79, 0x67, 0x56, + 0x59, 0x6a, 0x6a, 0x61, 0x4b, 0x42, 0x0a, 0x46, 0x34, 0x43, 0x4e, 0x45, + 0x43, 0x56, 0x6c, 0x6c, 0x4e, 0x66, 0x30, 0x31, 0x37, 0x70, 0x35, 0x2f, + 0x4d, 0x78, 0x4e, 0x53, 0x57, 0x44, 0x6f, 0x54, 0x48, 0x79, 0x39, 0x49, + 0x32, 0x47, 0x65, 0x44, 0x77, 0x45, 0x44, 0x44, 0x61, 0x7a, 0x49, 0x44, + 0x2f, 0x78, 0x79, 0x38, 0x4a, 0x69, 0x59, 0x6a, 0x74, 0x50, 0x4b, 0x56, + 0x45, 0x2f, 0x5a, 0x71, 0x77, 0x62, 0x6d, 0x69, 0x76, 0x70, 0x32, 0x0a, + 0x55, 0x77, 0x74, 0x48, 0x32, 0x38, 0x61, 0x37, 0x4e, 0x61, 0x4e, 0x46, + 0x4d, 0x45, 0x4d, 0x77, 0x43, 0x51, 0x59, 0x44, 0x56, 0x52, 0x30, 0x54, + 0x42, 0x41, 0x49, 0x77, 0x41, 0x44, 0x41, 0x4c, 0x42, 0x67, 0x4e, 0x56, + 0x48, 0x51, 0x38, 0x45, 0x42, 0x41, 0x4d, 0x43, 0x42, 0x61, 0x41, 0x77, + 0x45, 0x77, 0x59, 0x44, 0x56, 0x52, 0x30, 0x6c, 0x42, 0x41, 0x77, 0x77, + 0x43, 0x67, 0x59, 0x49, 0x0a, 0x4b, 0x77, 0x59, 0x42, 0x42, 0x51, 0x55, + 0x48, 0x41, 0x77, 0x45, 0x77, 0x46, 0x41, 0x59, 0x44, 0x56, 0x52, 0x30, + 0x52, 0x42, 0x41, 0x30, 0x77, 0x43, 0x34, 0x49, 0x4a, 0x62, 0x47, 0x39, + 0x6a, 0x59, 0x57, 0x78, 0x6f, 0x62, 0x33, 0x4e, 0x30, 0x4d, 0x41, 0x6f, + 0x47, 0x43, 0x43, 0x71, 0x47, 0x53, 0x4d, 0x34, 0x39, 0x42, 0x41, 0x4d, + 0x43, 0x41, 0x30, 0x63, 0x41, 0x4d, 0x45, 0x51, 0x43, 0x0a, 0x49, 0x45, + 0x7a, 0x72, 0x33, 0x74, 0x2f, 0x6a, 0x65, 0x6a, 0x56, 0x45, 0x39, 0x6f, + 0x53, 0x6e, 0x42, 0x70, 0x38, 0x63, 0x33, 0x50, 0x32, 0x70, 0x2b, 0x6c, + 0x44, 0x4c, 0x56, 0x52, 0x72, 0x42, 0x38, 0x7a, 0x78, 0x4c, 0x79, 0x6a, + 0x5a, 0x76, 0x69, 0x72, 0x55, 0x58, 0x41, 0x69, 0x41, 0x79, 0x51, 0x50, + 0x61, 0x45, 0x39, 0x4d, 0x4e, 0x63, 0x4c, 0x38, 0x2f, 0x6e, 0x52, 0x70, + 0x75, 0x75, 0x0a, 0x39, 0x39, 0x49, 0x31, 0x65, 0x6e, 0x43, 0x53, 0x6d, + 0x57, 0x49, 0x41, 0x4a, 0x35, 0x37, 0x49, 0x77, 0x75, 0x4a, 0x2f, 0x6e, + 0x31, 0x64, 0x34, 0x35, 0x51, 0x3d, 0x3d, 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, + 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x43, 0x45, 0x52, 0x54, 0x49, 0x46, 0x49, + 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a +}; +#endif + +#ifndef OPENSSL_NO_DSA +/* + * -----BEGIN DSA PRIVATE KEY----- + * MIIBuwIBAAKBgQDdkFKzNABLOha7Eqj7004+p5fhtR6bxpujToMmSZTYi8igVVXP + * Wzf03ULKS5UKjA6WpR6EiZAhm+PdxusZ5xfAuRZLdKy0bgxn1f348Rwh+EQNaEM8 + * 0TGcnw5ijwKmSw5yyHPDWdiHzoqEBlhAf8Nl22YTXax/clsc/pu/RRLAdwIVAIEg + * QqWRf/1EIZZcgM65Qpd65YuxAoGBAKBauV/RuloFHoSy5iWXESDywiS380tN5974 + * GukGwoYdZo5uSIH6ahpeNSef0MbHGAzr7ZVEnhCQfRAwH1gRvSHoq/Rbmcvtd3r+ + * QtQHOwvQHgLAynhI4i73c794czHaR+439bmcaSwDnQduRM85Mho/jiiZzAVPxBmG + * POIMWNXXAoGAI6Ep5IE7yn3JzkXO9B6tC3bbDM+ZzuuInwZLbtZ8lim7Dsqabg4k + * 2YbE4R95Bnfwnjsyl80mq/DbQN5lAHBvjDrkC6ItojBGKI3+iIrqGUEJdxvl4ulj + * F0PmSD7zvIG8BfocKOel+EHH0YryExiW6krV1KW2ZRmJrqSFw6KCjV0CFFQFbPfU + * xy5PmKytJmXR8BmppkIO + * -----END DSA PRIVATE KEY----- + */ +static const char DSAPrivateKeyPEM[] = { + 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x44, + 0x53, 0x41, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, 0x54, 0x45, 0x20, 0x4b, + 0x45, 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a, 0x4d, 0x49, 0x49, 0x42, + 0x75, 0x77, 0x49, 0x42, 0x41, 0x41, 0x4b, 0x42, 0x67, 0x51, 0x44, 0x64, + 0x6b, 0x46, 0x4b, 0x7a, 0x4e, 0x41, 0x42, 0x4c, 0x4f, 0x68, 0x61, 0x37, + 0x45, 0x71, 0x6a, 0x37, 0x30, 0x30, 0x34, 0x2b, 0x70, 0x35, 0x66, 0x68, + 0x74, 0x52, 0x36, 0x62, 0x78, 0x70, 0x75, 0x6a, 0x54, 0x6f, 0x4d, 0x6d, + 0x53, 0x5a, 0x54, 0x59, 0x69, 0x38, 0x69, 0x67, 0x56, 0x56, 0x58, 0x50, + 0x0a, 0x57, 0x7a, 0x66, 0x30, 0x33, 0x55, 0x4c, 0x4b, 0x53, 0x35, 0x55, + 0x4b, 0x6a, 0x41, 0x36, 0x57, 0x70, 0x52, 0x36, 0x45, 0x69, 0x5a, 0x41, + 0x68, 0x6d, 0x2b, 0x50, 0x64, 0x78, 0x75, 0x73, 0x5a, 0x35, 0x78, 0x66, + 0x41, 0x75, 0x52, 0x5a, 0x4c, 0x64, 0x4b, 0x79, 0x30, 0x62, 0x67, 0x78, + 0x6e, 0x31, 0x66, 0x33, 0x34, 0x38, 0x52, 0x77, 0x68, 0x2b, 0x45, 0x51, + 0x4e, 0x61, 0x45, 0x4d, 0x38, 0x0a, 0x30, 0x54, 0x47, 0x63, 0x6e, 0x77, + 0x35, 0x69, 0x6a, 0x77, 0x4b, 0x6d, 0x53, 0x77, 0x35, 0x79, 0x79, 0x48, + 0x50, 0x44, 0x57, 0x64, 0x69, 0x48, 0x7a, 0x6f, 0x71, 0x45, 0x42, 0x6c, + 0x68, 0x41, 0x66, 0x38, 0x4e, 0x6c, 0x32, 0x32, 0x59, 0x54, 0x58, 0x61, + 0x78, 0x2f, 0x63, 0x6c, 0x73, 0x63, 0x2f, 0x70, 0x75, 0x2f, 0x52, 0x52, + 0x4c, 0x41, 0x64, 0x77, 0x49, 0x56, 0x41, 0x49, 0x45, 0x67, 0x0a, 0x51, + 0x71, 0x57, 0x52, 0x66, 0x2f, 0x31, 0x45, 0x49, 0x5a, 0x5a, 0x63, 0x67, + 0x4d, 0x36, 0x35, 0x51, 0x70, 0x64, 0x36, 0x35, 0x59, 0x75, 0x78, 0x41, + 0x6f, 0x47, 0x42, 0x41, 0x4b, 0x42, 0x61, 0x75, 0x56, 0x2f, 0x52, 0x75, + 0x6c, 0x6f, 0x46, 0x48, 0x6f, 0x53, 0x79, 0x35, 0x69, 0x57, 0x58, 0x45, + 0x53, 0x44, 0x79, 0x77, 0x69, 0x53, 0x33, 0x38, 0x30, 0x74, 0x4e, 0x35, + 0x39, 0x37, 0x34, 0x0a, 0x47, 0x75, 0x6b, 0x47, 0x77, 0x6f, 0x59, 0x64, + 0x5a, 0x6f, 0x35, 0x75, 0x53, 0x49, 0x48, 0x36, 0x61, 0x68, 0x70, 0x65, + 0x4e, 0x53, 0x65, 0x66, 0x30, 0x4d, 0x62, 0x48, 0x47, 0x41, 0x7a, 0x72, + 0x37, 0x5a, 0x56, 0x45, 0x6e, 0x68, 0x43, 0x51, 0x66, 0x52, 0x41, 0x77, + 0x48, 0x31, 0x67, 0x52, 0x76, 0x53, 0x48, 0x6f, 0x71, 0x2f, 0x52, 0x62, + 0x6d, 0x63, 0x76, 0x74, 0x64, 0x33, 0x72, 0x2b, 0x0a, 0x51, 0x74, 0x51, + 0x48, 0x4f, 0x77, 0x76, 0x51, 0x48, 0x67, 0x4c, 0x41, 0x79, 0x6e, 0x68, + 0x49, 0x34, 0x69, 0x37, 0x33, 0x63, 0x37, 0x39, 0x34, 0x63, 0x7a, 0x48, + 0x61, 0x52, 0x2b, 0x34, 0x33, 0x39, 0x62, 0x6d, 0x63, 0x61, 0x53, 0x77, + 0x44, 0x6e, 0x51, 0x64, 0x75, 0x52, 0x4d, 0x38, 0x35, 0x4d, 0x68, 0x6f, + 0x2f, 0x6a, 0x69, 0x69, 0x5a, 0x7a, 0x41, 0x56, 0x50, 0x78, 0x42, 0x6d, + 0x47, 0x0a, 0x50, 0x4f, 0x49, 0x4d, 0x57, 0x4e, 0x58, 0x58, 0x41, 0x6f, + 0x47, 0x41, 0x49, 0x36, 0x45, 0x70, 0x35, 0x49, 0x45, 0x37, 0x79, 0x6e, + 0x33, 0x4a, 0x7a, 0x6b, 0x58, 0x4f, 0x39, 0x42, 0x36, 0x74, 0x43, 0x33, + 0x62, 0x62, 0x44, 0x4d, 0x2b, 0x5a, 0x7a, 0x75, 0x75, 0x49, 0x6e, 0x77, + 0x5a, 0x4c, 0x62, 0x74, 0x5a, 0x38, 0x6c, 0x69, 0x6d, 0x37, 0x44, 0x73, + 0x71, 0x61, 0x62, 0x67, 0x34, 0x6b, 0x0a, 0x32, 0x59, 0x62, 0x45, 0x34, + 0x52, 0x39, 0x35, 0x42, 0x6e, 0x66, 0x77, 0x6e, 0x6a, 0x73, 0x79, 0x6c, + 0x38, 0x30, 0x6d, 0x71, 0x2f, 0x44, 0x62, 0x51, 0x4e, 0x35, 0x6c, 0x41, + 0x48, 0x42, 0x76, 0x6a, 0x44, 0x72, 0x6b, 0x43, 0x36, 0x49, 0x74, 0x6f, + 0x6a, 0x42, 0x47, 0x4b, 0x49, 0x33, 0x2b, 0x69, 0x49, 0x72, 0x71, 0x47, + 0x55, 0x45, 0x4a, 0x64, 0x78, 0x76, 0x6c, 0x34, 0x75, 0x6c, 0x6a, 0x0a, + 0x46, 0x30, 0x50, 0x6d, 0x53, 0x44, 0x37, 0x7a, 0x76, 0x49, 0x47, 0x38, + 0x42, 0x66, 0x6f, 0x63, 0x4b, 0x4f, 0x65, 0x6c, 0x2b, 0x45, 0x48, 0x48, + 0x30, 0x59, 0x72, 0x79, 0x45, 0x78, 0x69, 0x57, 0x36, 0x6b, 0x72, 0x56, + 0x31, 0x4b, 0x57, 0x32, 0x5a, 0x52, 0x6d, 0x4a, 0x72, 0x71, 0x53, 0x46, + 0x77, 0x36, 0x4b, 0x43, 0x6a, 0x56, 0x30, 0x43, 0x46, 0x46, 0x51, 0x46, + 0x62, 0x50, 0x66, 0x55, 0x0a, 0x78, 0x79, 0x35, 0x50, 0x6d, 0x4b, 0x79, + 0x74, 0x4a, 0x6d, 0x58, 0x52, 0x38, 0x42, 0x6d, 0x70, 0x70, 0x6b, 0x49, + 0x4f, 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x44, + 0x53, 0x41, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, 0x54, 0x45, 0x20, 0x4b, + 0x45, 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a +}; + +/* + * -----BEGIN CERTIFICATE----- + * MIICqTCCAmegAwIBAgIJAILDGUk37fWGMAsGCWCGSAFlAwQDAjASMRAwDgYDVQQK + * DAdBY21lIENvMB4XDTE2MTIyNTEzMjUzNloXDTI2MTIyNTEzMjUzNlowEjEQMA4G + * A1UECgwHQWNtZSBDbzCCAbcwggEsBgcqhkjOOAQBMIIBHwKBgQDdkFKzNABLOha7 + * Eqj7004+p5fhtR6bxpujToMmSZTYi8igVVXPWzf03ULKS5UKjA6WpR6EiZAhm+Pd + * xusZ5xfAuRZLdKy0bgxn1f348Rwh+EQNaEM80TGcnw5ijwKmSw5yyHPDWdiHzoqE + * BlhAf8Nl22YTXax/clsc/pu/RRLAdwIVAIEgQqWRf/1EIZZcgM65Qpd65YuxAoGB + * AKBauV/RuloFHoSy5iWXESDywiS380tN5974GukGwoYdZo5uSIH6ahpeNSef0MbH + * GAzr7ZVEnhCQfRAwH1gRvSHoq/Rbmcvtd3r+QtQHOwvQHgLAynhI4i73c794czHa + * R+439bmcaSwDnQduRM85Mho/jiiZzAVPxBmGPOIMWNXXA4GEAAKBgCOhKeSBO8p9 + * yc5FzvQerQt22wzPmc7riJ8GS27WfJYpuw7Kmm4OJNmGxOEfeQZ38J47MpfNJqvw + * 20DeZQBwb4w65AuiLaIwRiiN/oiK6hlBCXcb5eLpYxdD5kg+87yBvAX6HCjnpfhB + * x9GK8hMYlupK1dSltmUZia6khcOigo1do0UwQzAJBgNVHRMEAjAAMAsGA1UdDwQE + * AwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAUBgNVHREEDTALgglsb2NhbGhvc3Qw + * CwYJYIZIAWUDBAMCAy8AMCwCFClxInXTRWNJEWdi5ilNr/fbM1bKAhQy4B7wtmfd + * I+zV6g3w9qBkNqStpA== + * -----END CERTIFICATE----- + */ +static const char DSACertPEM[] = { + 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x43, + 0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d, + 0x2d, 0x2d, 0x2d, 0x0a, 0x4d, 0x49, 0x49, 0x43, 0x71, 0x54, 0x43, 0x43, + 0x41, 0x6d, 0x65, 0x67, 0x41, 0x77, 0x49, 0x42, 0x41, 0x67, 0x49, 0x4a, + 0x41, 0x49, 0x4c, 0x44, 0x47, 0x55, 0x6b, 0x33, 0x37, 0x66, 0x57, 0x47, + 0x4d, 0x41, 0x73, 0x47, 0x43, 0x57, 0x43, 0x47, 0x53, 0x41, 0x46, 0x6c, + 0x41, 0x77, 0x51, 0x44, 0x41, 0x6a, 0x41, 0x53, 0x4d, 0x52, 0x41, 0x77, + 0x44, 0x67, 0x59, 0x44, 0x56, 0x51, 0x51, 0x4b, 0x0a, 0x44, 0x41, 0x64, + 0x42, 0x59, 0x32, 0x31, 0x6c, 0x49, 0x45, 0x4e, 0x76, 0x4d, 0x42, 0x34, + 0x58, 0x44, 0x54, 0x45, 0x32, 0x4d, 0x54, 0x49, 0x79, 0x4e, 0x54, 0x45, + 0x7a, 0x4d, 0x6a, 0x55, 0x7a, 0x4e, 0x6c, 0x6f, 0x58, 0x44, 0x54, 0x49, + 0x32, 0x4d, 0x54, 0x49, 0x79, 0x4e, 0x54, 0x45, 0x7a, 0x4d, 0x6a, 0x55, + 0x7a, 0x4e, 0x6c, 0x6f, 0x77, 0x45, 0x6a, 0x45, 0x51, 0x4d, 0x41, 0x34, + 0x47, 0x0a, 0x41, 0x31, 0x55, 0x45, 0x43, 0x67, 0x77, 0x48, 0x51, 0x57, + 0x4e, 0x74, 0x5a, 0x53, 0x42, 0x44, 0x62, 0x7a, 0x43, 0x43, 0x41, 0x62, + 0x63, 0x77, 0x67, 0x67, 0x45, 0x73, 0x42, 0x67, 0x63, 0x71, 0x68, 0x6b, + 0x6a, 0x4f, 0x4f, 0x41, 0x51, 0x42, 0x4d, 0x49, 0x49, 0x42, 0x48, 0x77, + 0x4b, 0x42, 0x67, 0x51, 0x44, 0x64, 0x6b, 0x46, 0x4b, 0x7a, 0x4e, 0x41, + 0x42, 0x4c, 0x4f, 0x68, 0x61, 0x37, 0x0a, 0x45, 0x71, 0x6a, 0x37, 0x30, + 0x30, 0x34, 0x2b, 0x70, 0x35, 0x66, 0x68, 0x74, 0x52, 0x36, 0x62, 0x78, + 0x70, 0x75, 0x6a, 0x54, 0x6f, 0x4d, 0x6d, 0x53, 0x5a, 0x54, 0x59, 0x69, + 0x38, 0x69, 0x67, 0x56, 0x56, 0x58, 0x50, 0x57, 0x7a, 0x66, 0x30, 0x33, + 0x55, 0x4c, 0x4b, 0x53, 0x35, 0x55, 0x4b, 0x6a, 0x41, 0x36, 0x57, 0x70, + 0x52, 0x36, 0x45, 0x69, 0x5a, 0x41, 0x68, 0x6d, 0x2b, 0x50, 0x64, 0x0a, + 0x78, 0x75, 0x73, 0x5a, 0x35, 0x78, 0x66, 0x41, 0x75, 0x52, 0x5a, 0x4c, + 0x64, 0x4b, 0x79, 0x30, 0x62, 0x67, 0x78, 0x6e, 0x31, 0x66, 0x33, 0x34, + 0x38, 0x52, 0x77, 0x68, 0x2b, 0x45, 0x51, 0x4e, 0x61, 0x45, 0x4d, 0x38, + 0x30, 0x54, 0x47, 0x63, 0x6e, 0x77, 0x35, 0x69, 0x6a, 0x77, 0x4b, 0x6d, + 0x53, 0x77, 0x35, 0x79, 0x79, 0x48, 0x50, 0x44, 0x57, 0x64, 0x69, 0x48, + 0x7a, 0x6f, 0x71, 0x45, 0x0a, 0x42, 0x6c, 0x68, 0x41, 0x66, 0x38, 0x4e, + 0x6c, 0x32, 0x32, 0x59, 0x54, 0x58, 0x61, 0x78, 0x2f, 0x63, 0x6c, 0x73, + 0x63, 0x2f, 0x70, 0x75, 0x2f, 0x52, 0x52, 0x4c, 0x41, 0x64, 0x77, 0x49, + 0x56, 0x41, 0x49, 0x45, 0x67, 0x51, 0x71, 0x57, 0x52, 0x66, 0x2f, 0x31, + 0x45, 0x49, 0x5a, 0x5a, 0x63, 0x67, 0x4d, 0x36, 0x35, 0x51, 0x70, 0x64, + 0x36, 0x35, 0x59, 0x75, 0x78, 0x41, 0x6f, 0x47, 0x42, 0x0a, 0x41, 0x4b, + 0x42, 0x61, 0x75, 0x56, 0x2f, 0x52, 0x75, 0x6c, 0x6f, 0x46, 0x48, 0x6f, + 0x53, 0x79, 0x35, 0x69, 0x57, 0x58, 0x45, 0x53, 0x44, 0x79, 0x77, 0x69, + 0x53, 0x33, 0x38, 0x30, 0x74, 0x4e, 0x35, 0x39, 0x37, 0x34, 0x47, 0x75, + 0x6b, 0x47, 0x77, 0x6f, 0x59, 0x64, 0x5a, 0x6f, 0x35, 0x75, 0x53, 0x49, + 0x48, 0x36, 0x61, 0x68, 0x70, 0x65, 0x4e, 0x53, 0x65, 0x66, 0x30, 0x4d, + 0x62, 0x48, 0x0a, 0x47, 0x41, 0x7a, 0x72, 0x37, 0x5a, 0x56, 0x45, 0x6e, + 0x68, 0x43, 0x51, 0x66, 0x52, 0x41, 0x77, 0x48, 0x31, 0x67, 0x52, 0x76, + 0x53, 0x48, 0x6f, 0x71, 0x2f, 0x52, 0x62, 0x6d, 0x63, 0x76, 0x74, 0x64, + 0x33, 0x72, 0x2b, 0x51, 0x74, 0x51, 0x48, 0x4f, 0x77, 0x76, 0x51, 0x48, + 0x67, 0x4c, 0x41, 0x79, 0x6e, 0x68, 0x49, 0x34, 0x69, 0x37, 0x33, 0x63, + 0x37, 0x39, 0x34, 0x63, 0x7a, 0x48, 0x61, 0x0a, 0x52, 0x2b, 0x34, 0x33, + 0x39, 0x62, 0x6d, 0x63, 0x61, 0x53, 0x77, 0x44, 0x6e, 0x51, 0x64, 0x75, + 0x52, 0x4d, 0x38, 0x35, 0x4d, 0x68, 0x6f, 0x2f, 0x6a, 0x69, 0x69, 0x5a, + 0x7a, 0x41, 0x56, 0x50, 0x78, 0x42, 0x6d, 0x47, 0x50, 0x4f, 0x49, 0x4d, + 0x57, 0x4e, 0x58, 0x58, 0x41, 0x34, 0x47, 0x45, 0x41, 0x41, 0x4b, 0x42, + 0x67, 0x43, 0x4f, 0x68, 0x4b, 0x65, 0x53, 0x42, 0x4f, 0x38, 0x70, 0x39, + 0x0a, 0x79, 0x63, 0x35, 0x46, 0x7a, 0x76, 0x51, 0x65, 0x72, 0x51, 0x74, + 0x32, 0x32, 0x77, 0x7a, 0x50, 0x6d, 0x63, 0x37, 0x72, 0x69, 0x4a, 0x38, + 0x47, 0x53, 0x32, 0x37, 0x57, 0x66, 0x4a, 0x59, 0x70, 0x75, 0x77, 0x37, + 0x4b, 0x6d, 0x6d, 0x34, 0x4f, 0x4a, 0x4e, 0x6d, 0x47, 0x78, 0x4f, 0x45, + 0x66, 0x65, 0x51, 0x5a, 0x33, 0x38, 0x4a, 0x34, 0x37, 0x4d, 0x70, 0x66, + 0x4e, 0x4a, 0x71, 0x76, 0x77, 0x0a, 0x32, 0x30, 0x44, 0x65, 0x5a, 0x51, + 0x42, 0x77, 0x62, 0x34, 0x77, 0x36, 0x35, 0x41, 0x75, 0x69, 0x4c, 0x61, + 0x49, 0x77, 0x52, 0x69, 0x69, 0x4e, 0x2f, 0x6f, 0x69, 0x4b, 0x36, 0x68, + 0x6c, 0x42, 0x43, 0x58, 0x63, 0x62, 0x35, 0x65, 0x4c, 0x70, 0x59, 0x78, + 0x64, 0x44, 0x35, 0x6b, 0x67, 0x2b, 0x38, 0x37, 0x79, 0x42, 0x76, 0x41, + 0x58, 0x36, 0x48, 0x43, 0x6a, 0x6e, 0x70, 0x66, 0x68, 0x42, 0x0a, 0x78, + 0x39, 0x47, 0x4b, 0x38, 0x68, 0x4d, 0x59, 0x6c, 0x75, 0x70, 0x4b, 0x31, + 0x64, 0x53, 0x6c, 0x74, 0x6d, 0x55, 0x5a, 0x69, 0x61, 0x36, 0x6b, 0x68, + 0x63, 0x4f, 0x69, 0x67, 0x6f, 0x31, 0x64, 0x6f, 0x30, 0x55, 0x77, 0x51, + 0x7a, 0x41, 0x4a, 0x42, 0x67, 0x4e, 0x56, 0x48, 0x52, 0x4d, 0x45, 0x41, + 0x6a, 0x41, 0x41, 0x4d, 0x41, 0x73, 0x47, 0x41, 0x31, 0x55, 0x64, 0x44, + 0x77, 0x51, 0x45, 0x0a, 0x41, 0x77, 0x49, 0x46, 0x6f, 0x44, 0x41, 0x54, + 0x42, 0x67, 0x4e, 0x56, 0x48, 0x53, 0x55, 0x45, 0x44, 0x44, 0x41, 0x4b, + 0x42, 0x67, 0x67, 0x72, 0x42, 0x67, 0x45, 0x46, 0x42, 0x51, 0x63, 0x44, + 0x41, 0x54, 0x41, 0x55, 0x42, 0x67, 0x4e, 0x56, 0x48, 0x52, 0x45, 0x45, + 0x44, 0x54, 0x41, 0x4c, 0x67, 0x67, 0x6c, 0x73, 0x62, 0x32, 0x4e, 0x68, + 0x62, 0x47, 0x68, 0x76, 0x63, 0x33, 0x51, 0x77, 0x0a, 0x43, 0x77, 0x59, + 0x4a, 0x59, 0x49, 0x5a, 0x49, 0x41, 0x57, 0x55, 0x44, 0x42, 0x41, 0x4d, + 0x43, 0x41, 0x79, 0x38, 0x41, 0x4d, 0x43, 0x77, 0x43, 0x46, 0x43, 0x6c, + 0x78, 0x49, 0x6e, 0x58, 0x54, 0x52, 0x57, 0x4e, 0x4a, 0x45, 0x57, 0x64, + 0x69, 0x35, 0x69, 0x6c, 0x4e, 0x72, 0x2f, 0x66, 0x62, 0x4d, 0x31, 0x62, + 0x4b, 0x41, 0x68, 0x51, 0x79, 0x34, 0x42, 0x37, 0x77, 0x74, 0x6d, 0x66, + 0x64, 0x0a, 0x49, 0x2b, 0x7a, 0x56, 0x36, 0x67, 0x33, 0x77, 0x39, 0x71, + 0x42, 0x6b, 0x4e, 0x71, 0x53, 0x74, 0x70, 0x41, 0x3d, 0x3d, 0x0a, 0x2d, + 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x43, 0x45, 0x52, 0x54, + 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, + 0x0a +}; +#endif + +/* unused, to avoid warning. */ +static int idx; + +#define FUZZTIME 1485898104 + +#define TIME_IMPL(t) { if (t != NULL) *t = FUZZTIME; return FUZZTIME; } + +/* + * This might not work in all cases (and definitely not on Windows + * because of the way linkers are) and callees can still get the + * current time instead of the fixed time. This will just result + * in things not being fully reproducible and have a slightly + * different coverage. + */ +#if !defined(_WIN32) +time_t time(time_t *t) TIME_IMPL(t) +#endif + +int FuzzerInitialize(int *argc, char ***argv) +{ + STACK_OF(SSL_COMP) *comp_methods; + + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_ASYNC, NULL); + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL); + ERR_get_state(); + CRYPTO_free_ex_index(0, -1); + idx = SSL_get_ex_data_X509_STORE_CTX_idx(); + FuzzerSetRand(); + comp_methods = SSL_COMP_get_compression_methods(); + if (comp_methods != NULL) + sk_SSL_COMP_sort(comp_methods); + + return 1; +} + +int FuzzerTestOneInput(const uint8_t *buf, size_t len) +{ + SSL *server; + BIO *in; + BIO *out; +#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DSA) + BIO *bio_buf; +#endif + SSL_CTX *ctx; + int ret; RSA *privkey; + const uint8_t *bufp; EVP_PKEY *pkey; - int ret; X509 *cert; +#ifndef OPENSSL_NO_EC + EC_KEY *ecdsakey = NULL; +#endif +#ifndef OPENSSL_NO_DSA + DSA *dsakey = NULL; +#endif + uint8_t opt; + + if (len < 2) + return 0; + + /* + * TODO: use the ossltest engine (optionally?) to disable crypto checks. + */ + /* This only fuzzes the initial flow from the client so far. */ ctx = SSL_CTX_new(SSLv23_method()); + + ret = SSL_CTX_set_min_proto_version(ctx, 0); + OPENSSL_assert(ret == 1); + ret = SSL_CTX_set_cipher_list(ctx, "ALL:eNULL:@SECLEVEL=0"); + OPENSSL_assert(ret == 1); + + /* RSA */ + bufp = kRSAPrivateKeyDER; privkey = d2i_RSAPrivateKey(NULL, &bufp, sizeof(kRSAPrivateKeyDER)); OPENSSL_assert(privkey != NULL); pkey = EVP_PKEY_new(); @@ -206,6 +548,7 @@ int FuzzerInitialize(int *argc, char ***argv) { ret = SSL_CTX_use_PrivateKey(ctx, pkey); OPENSSL_assert(ret == 1); EVP_PKEY_free(pkey); + bufp = kCertificateDER; cert = d2i_X509(NULL, &bufp, sizeof(kCertificateDER)); OPENSSL_assert(cert != NULL); @@ -213,29 +556,79 @@ int FuzzerInitialize(int *argc, char ***argv) { OPENSSL_assert(ret == 1); X509_free(cert); - return 1; -} +#ifndef OPENSSL_NO_EC + /* ECDSA */ + bio_buf = BIO_new(BIO_s_mem()); + OPENSSL_assert((size_t)BIO_write(bio_buf, ECDSAPrivateKeyPEM, sizeof(ECDSAPrivateKeyPEM)) == sizeof(ECDSAPrivateKeyPEM)); + ecdsakey = PEM_read_bio_ECPrivateKey(bio_buf, NULL, NULL, NULL); + ERR_print_errors_fp(stderr); + OPENSSL_assert(ecdsakey != NULL); + BIO_free(bio_buf); + pkey = EVP_PKEY_new(); + EVP_PKEY_assign_EC_KEY(pkey, ecdsakey); + ret = SSL_CTX_use_PrivateKey(ctx, pkey); + OPENSSL_assert(ret == 1); + EVP_PKEY_free(pkey); -int FuzzerTestOneInput(const uint8_t *buf, size_t len) { - SSL *server; - BIO *in; - BIO *out; - if (!len) { - return 0; - } - /* TODO: make this work for OpenSSL. There's a PREDICT define that may do - * the job. - * TODO: use the ossltest engine (optionally?) to disable crypto checks. - * RAND_reset_for_fuzzing(); - */ + bio_buf = BIO_new(BIO_s_mem()); + OPENSSL_assert((size_t)BIO_write(bio_buf, ECDSACertPEM, sizeof(ECDSACertPEM)) == sizeof(ECDSACertPEM)); + cert = PEM_read_bio_X509(bio_buf, NULL, NULL, NULL); + OPENSSL_assert(cert != NULL); + BIO_free(bio_buf); + ret = SSL_CTX_use_certificate(ctx, cert); + OPENSSL_assert(ret == 1); + X509_free(cert); +#endif + +#ifndef OPENSSL_NO_DSA + /* DSA */ + bio_buf = BIO_new(BIO_s_mem()); + OPENSSL_assert((size_t)BIO_write(bio_buf, DSAPrivateKeyPEM, sizeof(DSAPrivateKeyPEM)) == sizeof(DSAPrivateKeyPEM)); + dsakey = PEM_read_bio_DSAPrivateKey(bio_buf, NULL, NULL, NULL); + ERR_print_errors_fp(stderr); + OPENSSL_assert(dsakey != NULL); + BIO_free(bio_buf); + pkey = EVP_PKEY_new(); + EVP_PKEY_assign_DSA(pkey, dsakey); + ret = SSL_CTX_use_PrivateKey(ctx, pkey); + OPENSSL_assert(ret == 1); + EVP_PKEY_free(pkey); + + bio_buf = BIO_new(BIO_s_mem()); + OPENSSL_assert((size_t)BIO_write(bio_buf, DSACertPEM, sizeof(DSACertPEM)) == sizeof(DSACertPEM)); + cert = PEM_read_bio_X509(bio_buf, NULL, NULL, NULL); + OPENSSL_assert(cert != NULL); + BIO_free(bio_buf); + ret = SSL_CTX_use_certificate(ctx, cert); + OPENSSL_assert(ret == 1); + X509_free(cert); +#endif + + /* TODO: Set up support for SRP and PSK */ - /* This only fuzzes the initial flow from the client so far. */ server = SSL_new(ctx); in = BIO_new(BIO_s_mem()); out = BIO_new(BIO_s_mem()); SSL_set_bio(server, in, out); SSL_set_accept_state(server); + + opt = (uint8_t)buf[len-1]; + len--; + OPENSSL_assert((size_t)BIO_write(in, buf, len) == len); + + if ((opt & 0x01) != 0) + { + do { + char early_buf[16384]; + size_t early_len; + ret = SSL_read_early_data(server, early_buf, sizeof(early_buf), &early_len); + + if (ret != SSL_READ_EARLY_DATA_SUCCESS) + break; + } while (1); + } + if (SSL_do_handshake(server) == 1) { /* Keep reading application data until error or EOF. */ uint8_t tmp[1024]; @@ -246,5 +639,12 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) { } } SSL_free(server); + ERR_clear_error(); + SSL_CTX_free(ctx); + return 0; } + +void FuzzerCleanup(void) +{ +} diff --git a/deps/openssl/openssl/fuzz/test-corpus.c b/deps/openssl/openssl/fuzz/test-corpus.c index 628e633536d356..86be5337e134a1 100644 --- a/deps/openssl/openssl/fuzz/test-corpus.c +++ b/deps/openssl/openssl/fuzz/test-corpus.c @@ -97,5 +97,8 @@ int main(int argc, char **argv) { free(pathname); } + + FuzzerCleanup(); + return 0; } diff --git a/deps/openssl/openssl/fuzz/x509.c b/deps/openssl/openssl/fuzz/x509.c index b2851f1e114807..926287da486176 100644 --- a/deps/openssl/openssl/fuzz/x509.c +++ b/deps/openssl/openssl/fuzz/x509.c @@ -10,13 +10,23 @@ #include #include +#include +#include #include "fuzzer.h" -int FuzzerInitialize(int *argc, char ***argv) { +#include "rand.inc" + +int FuzzerInitialize(int *argc, char ***argv) +{ + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); + ERR_get_state(); + CRYPTO_free_ex_index(0, -1); + FuzzerSetRand(); return 1; } -int FuzzerTestOneInput(const uint8_t *buf, size_t len) { +int FuzzerTestOneInput(const uint8_t *buf, size_t len) +{ const unsigned char *p = buf; unsigned char *der = NULL; @@ -32,5 +42,10 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) { X509_free(x509); } + ERR_clear_error(); return 0; } + +void FuzzerCleanup(void) +{ +} diff --git a/deps/openssl/openssl/include/internal/__DECC_INCLUDE_EPILOGUE.H b/deps/openssl/openssl/include/internal/__DECC_INCLUDE_EPILOGUE.H index 5f63860808b6d2..c350018ad19067 100644 --- a/deps/openssl/openssl/include/internal/__DECC_INCLUDE_EPILOGUE.H +++ b/deps/openssl/openssl/include/internal/__DECC_INCLUDE_EPILOGUE.H @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/include/internal/__DECC_INCLUDE_PROLOGUE.H b/deps/openssl/openssl/include/internal/__DECC_INCLUDE_PROLOGUE.H index 78b2a87d886831..9a9c777f93f8a0 100644 --- a/deps/openssl/openssl/include/internal/__DECC_INCLUDE_PROLOGUE.H +++ b/deps/openssl/openssl/include/internal/__DECC_INCLUDE_PROLOGUE.H @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/include/internal/bio.h b/deps/openssl/openssl/include/internal/bio.h index 3a933e09c9198b..c343b276295c97 100644 --- a/deps/openssl/openssl/include/internal/bio.h +++ b/deps/openssl/openssl/include/internal/bio.h @@ -12,8 +12,10 @@ struct bio_method_st { int type; char *name; - int (*bwrite) (BIO *, const char *, int); - int (*bread) (BIO *, char *, int); + int (*bwrite) (BIO *, const char *, size_t, size_t *); + int (*bwrite_old) (BIO *, const char *, int); + int (*bread) (BIO *, char *, size_t, size_t *); + int (*bread_old) (BIO *, char *, int); int (*bputs) (BIO *, const char *); int (*bgets) (BIO *, char *, int); long (*ctrl) (BIO *, int, long, void *); @@ -24,3 +26,8 @@ struct bio_method_st { void bio_free_ex_data(BIO *bio); void bio_cleanup(void); + + +/* Old style to new style BIO_METHOD conversion functions */ +int bwrite_conv(BIO *bio, const char *data, size_t datal, size_t *written); +int bread_conv(BIO *bio, char *data, size_t datal, size_t *read); diff --git a/deps/openssl/openssl/include/internal/conf.h b/deps/openssl/openssl/include/internal/conf.h index ada3f92b4d86c6..dc1e72508ace59 100644 --- a/deps/openssl/openssl/include/internal/conf.h +++ b/deps/openssl/openssl/include/internal/conf.h @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,11 +12,6 @@ #include -#ifdef __cplusplus -extern "C" { -#endif - - struct ossl_init_settings_st { char *appname; }; @@ -25,8 +20,4 @@ void openssl_config_int(const char *appname); void openssl_no_config_int(void); void conf_modules_free_int(void); -#ifdef __cplusplus -} -#endif - #endif diff --git a/deps/openssl/openssl/include/internal/constant_time_locl.h b/deps/openssl/openssl/include/internal/constant_time_locl.h index d27fb14c806d1f..82ff74652ecca5 100644 --- a/deps/openssl/openssl/include/internal/constant_time_locl.h +++ b/deps/openssl/openssl/include/internal/constant_time_locl.h @@ -1,5 +1,5 @@ /* - * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,65 +10,55 @@ #ifndef HEADER_CONSTANT_TIME_LOCL_H # define HEADER_CONSTANT_TIME_LOCL_H +# include +# include # include /* For 'ossl_inline' */ -#ifdef __cplusplus -extern "C" { -#endif - /*- * The boolean methods return a bitmask of all ones (0xff...f) for true * and 0 for false. This is useful for choosing a value based on the result * of a conditional in constant time. For example, - * - * if (a < b) { - * c = a; - * } else { - * c = b; - * } - * + * if (a < b) { + * c = a; + * } else { + * c = b; + * } * can be written as - * - * unsigned int lt = constant_time_lt(a, b); - * c = constant_time_select(lt, a, b); + * unsigned int lt = constant_time_lt(a, b); + * c = constant_time_select(lt, a, b); */ -/* - * Returns the given value with the MSB copied to all the other - * bits. Uses the fact that arithmetic shift shifts-in the sign bit. - * However, this is not ensured by the C standard so you may need to - * replace this with something else on odd CPUs. - */ +/* Returns the given value with the MSB copied to all the other bits. */ static ossl_inline unsigned int constant_time_msb(unsigned int a); +/* Convenience method for uint32_t. */ +static ossl_inline uint32_t constant_time_msb_32(uint32_t a); +/* Convenience method for uint64_t. */ +static ossl_inline uint64_t constant_time_msb_64(uint64_t a); -/* - * Returns 0xff..f if a < b and 0 otherwise. - */ +/* Returns 0xff..f if a < b and 0 otherwise. */ static ossl_inline unsigned int constant_time_lt(unsigned int a, unsigned int b); /* Convenience method for getting an 8-bit mask. */ static ossl_inline unsigned char constant_time_lt_8(unsigned int a, unsigned int b); +/* Convenience method for uint64_t. */ +static ossl_inline uint64_t constant_time_lt_64(uint64_t a, uint64_t b); -/* - * Returns 0xff..f if a >= b and 0 otherwise. - */ +/* Returns 0xff..f if a >= b and 0 otherwise. */ static ossl_inline unsigned int constant_time_ge(unsigned int a, unsigned int b); /* Convenience method for getting an 8-bit mask. */ static ossl_inline unsigned char constant_time_ge_8(unsigned int a, unsigned int b); -/* - * Returns 0xff..f if a == 0 and 0 otherwise. - */ +/* Returns 0xff..f if a == 0 and 0 otherwise. */ static ossl_inline unsigned int constant_time_is_zero(unsigned int a); /* Convenience method for getting an 8-bit mask. */ static ossl_inline unsigned char constant_time_is_zero_8(unsigned int a); +/* Convenience method for getting a 32-bit mask. */ +static ossl_inline uint32_t constant_time_is_zero_32(uint32_t a); -/* - * Returns 0xff..f if a == b and 0 otherwise. - */ +/* Returns 0xff..f if a == b and 0 otherwise. */ static ossl_inline unsigned int constant_time_eq(unsigned int a, unsigned int b); /* Convenience method for getting an 8-bit mask. */ @@ -93,25 +83,60 @@ static ossl_inline unsigned int constant_time_select(unsigned int mask, static ossl_inline unsigned char constant_time_select_8(unsigned char mask, unsigned char a, unsigned char b); + +/* Convenience method for uint32_t. */ +static ossl_inline uint32_t constant_time_select_32(uint32_t mask, uint32_t a, + uint32_t b); + +/* Convenience method for uint64_t. */ +static ossl_inline uint64_t constant_time_select_64(uint64_t mask, uint64_t a, + uint64_t b); /* Convenience method for signed integers. */ static ossl_inline int constant_time_select_int(unsigned int mask, int a, int b); + static ossl_inline unsigned int constant_time_msb(unsigned int a) { return 0 - (a >> (sizeof(a) * 8 - 1)); } + +static ossl_inline uint32_t constant_time_msb_32(uint32_t a) +{ + return 0 - (a >> 31); +} + +static ossl_inline uint64_t constant_time_msb_64(uint64_t a) +{ + return 0 - (a >> 63); +} + +static ossl_inline size_t constant_time_msb_s(size_t a) +{ + return 0 - (a >> (sizeof(a) * 8 - 1)); +} + static ossl_inline unsigned int constant_time_lt(unsigned int a, unsigned int b) { return constant_time_msb(a ^ ((a ^ b) | ((a - b) ^ b))); } +static ossl_inline size_t constant_time_lt_s(size_t a, size_t b) +{ + return constant_time_msb_s(a ^ ((a ^ b) | ((a - b) ^ b))); +} + static ossl_inline unsigned char constant_time_lt_8(unsigned int a, unsigned int b) { - return (unsigned char)(constant_time_lt(a, b)); + return (unsigned char)constant_time_lt(a, b); +} + +static ossl_inline uint64_t constant_time_lt_64(uint64_t a, uint64_t b) +{ + return constant_time_msb_64(a ^ ((a ^ b) | ((a - b) ^ b))); } static ossl_inline unsigned int constant_time_ge(unsigned int a, @@ -120,10 +145,20 @@ static ossl_inline unsigned int constant_time_ge(unsigned int a, return ~constant_time_lt(a, b); } +static ossl_inline size_t constant_time_ge_s(size_t a, size_t b) +{ + return ~constant_time_lt_s(a, b); +} + static ossl_inline unsigned char constant_time_ge_8(unsigned int a, unsigned int b) { - return (unsigned char)(constant_time_ge(a, b)); + return (unsigned char)constant_time_ge(a, b); +} + +static ossl_inline unsigned char constant_time_ge_8_s(size_t a, size_t b) +{ + return (unsigned char)constant_time_ge_s(a, b); } static ossl_inline unsigned int constant_time_is_zero(unsigned int a) @@ -131,9 +166,19 @@ static ossl_inline unsigned int constant_time_is_zero(unsigned int a) return constant_time_msb(~a & (a - 1)); } +static ossl_inline size_t constant_time_is_zero_s(size_t a) +{ + return constant_time_msb_s(~a & (a - 1)); +} + static ossl_inline unsigned char constant_time_is_zero_8(unsigned int a) { - return (unsigned char)(constant_time_is_zero(a)); + return (unsigned char)constant_time_is_zero(a); +} + +static ossl_inline uint32_t constant_time_is_zero_32(uint32_t a) +{ + return constant_time_msb_32(~a & (a - 1)); } static ossl_inline unsigned int constant_time_eq(unsigned int a, @@ -142,10 +187,20 @@ static ossl_inline unsigned int constant_time_eq(unsigned int a, return constant_time_is_zero(a ^ b); } +static ossl_inline size_t constant_time_eq_s(size_t a, size_t b) +{ + return constant_time_is_zero_s(a ^ b); +} + static ossl_inline unsigned char constant_time_eq_8(unsigned int a, unsigned int b) { - return (unsigned char)(constant_time_eq(a, b)); + return (unsigned char)constant_time_eq(a, b); +} + +static ossl_inline unsigned char constant_time_eq_8_s(size_t a, size_t b) +{ + return (unsigned char)constant_time_eq_s(a, b); } static ossl_inline unsigned int constant_time_eq_int(int a, int b) @@ -165,21 +220,108 @@ static ossl_inline unsigned int constant_time_select(unsigned int mask, return (mask & a) | (~mask & b); } +static ossl_inline size_t constant_time_select_s(size_t mask, + size_t a, + size_t b) +{ + return (mask & a) | (~mask & b); +} + static ossl_inline unsigned char constant_time_select_8(unsigned char mask, unsigned char a, unsigned char b) { - return (unsigned char)(constant_time_select(mask, a, b)); + return (unsigned char)constant_time_select(mask, a, b); } static ossl_inline int constant_time_select_int(unsigned int mask, int a, int b) { - return (int)(constant_time_select(mask, (unsigned)(a), (unsigned)(b))); + return (int)constant_time_select(mask, (unsigned)(a), (unsigned)(b)); } -#ifdef __cplusplus +static ossl_inline int constant_time_select_int_s(size_t mask, int a, int b) +{ + return (int)constant_time_select((unsigned)mask, (unsigned)(a), + (unsigned)(b)); +} + +static ossl_inline uint32_t constant_time_select_32(uint32_t mask, uint32_t a, + uint32_t b) +{ + return (mask & a) | (~mask & b); +} + +static ossl_inline uint64_t constant_time_select_64(uint64_t mask, uint64_t a, + uint64_t b) +{ + return (mask & a) | (~mask & b); +} + +/* + * mask must be 0xFFFFFFFF or 0x00000000. + * + * if (mask) { + * uint32_t tmp = *a; + * + * *a = *b; + * *b = tmp; + * } + */ +static ossl_inline void constant_time_cond_swap_32(uint32_t mask, uint32_t *a, + uint32_t *b) +{ + uint32_t xor = *a ^ *b; + + xor &= mask; + *a ^= xor; + *b ^= xor; +} + +/* + * mask must be 0xFFFFFFFF or 0x00000000. + * + * if (mask) { + * uint64_t tmp = *a; + * + * *a = *b; + * *b = tmp; + * } + */ +static ossl_inline void constant_time_cond_swap_64(uint64_t mask, uint64_t *a, + uint64_t *b) +{ + uint64_t xor = *a ^ *b; + + xor &= mask; + *a ^= xor; + *b ^= xor; +} + +/* + * table is a two dimensional array of bytes. Each row has rowsize elements. + * Copies row number idx into out. rowsize and numrows are not considered + * private. + */ +static ossl_inline void constant_time_lookup(void *out, + const void *table, + size_t rowsize, + size_t numrows, + size_t idx) +{ + size_t i, j; + const unsigned char *tablec = (const unsigned char *)table; + unsigned char *outc = (unsigned char *)out; + unsigned char mask; + + memset(out, 0, rowsize); + + /* Note idx may underflow - but that is well defined */ + for (i = 0; i < numrows; i++, idx--) { + mask = (unsigned char)constant_time_is_zero_s(idx); + for (j = 0; j < rowsize; j++) + *(outc + j) |= constant_time_select_8(mask, *(tablec++), 0); + } } -#endif #endif /* HEADER_CONSTANT_TIME_LOCL_H */ diff --git a/deps/openssl/openssl/crypto/include/internal/cryptlib.h b/deps/openssl/openssl/include/internal/cryptlib.h similarity index 78% rename from deps/openssl/openssl/crypto/include/internal/cryptlib.h rename to deps/openssl/openssl/include/internal/cryptlib.h index d42a134bdf945e..329ef62014f67f 100644 --- a/deps/openssl/openssl/crypto/include/internal/cryptlib.h +++ b/deps/openssl/openssl/include/internal/cryptlib.h @@ -13,8 +13,6 @@ # include # include -# include "e_os.h" - # ifdef OPENSSL_USE_APPLINK # undef BIO_FLAGS_UPLINK # define BIO_FLAGS_UPLINK 0x8000 @@ -25,9 +23,23 @@ # include # include # include +# include "internal/nelem.h" + +#ifdef NDEBUG +# define ossl_assert(x) ((x) != 0) +#else +__owur static ossl_inline int ossl_assert_int(int expr, const char *exprstr, + const char *file, int line) +{ + if (!expr) + OPENSSL_die(exprstr, file, line); + + return expr; +} + +# define ossl_assert(x) ossl_assert_int((x) != 0, "Assertion failed: "#x, \ + __FILE__, __LINE__) -#ifdef __cplusplus -extern "C" { #endif typedef struct ex_callback_st EX_CALLBACK; @@ -39,6 +51,8 @@ typedef struct app_mem_info_st APP_INFO; typedef struct mem_st MEM; DEFINE_LHASH_OF(MEM); +# define OPENSSL_CONF "openssl.cnf" + # ifndef OPENSSL_SYS_VMS # define X509_CERT_AREA OPENSSLDIR # define X509_CERT_DIR OPENSSLDIR "/certs" @@ -64,11 +78,12 @@ DEFINE_LHASH_OF(MEM); void OPENSSL_cpuid_setup(void); extern unsigned int OPENSSL_ia32cap_P[]; void OPENSSL_showfatal(const char *fmta, ...); -extern int OPENSSL_NONPIC_relocated; void crypto_cleanup_all_ex_data_int(void); +int openssl_init_fork_handlers(void); char *ossl_safe_getenv(const char *name); +extern CRYPTO_RWLOCK *memdbg_lock; int openssl_strerror_r(int errnum, char *buf, size_t buflen); # if !defined(OPENSSL_NO_STDIO) FILE *openssl_fopen(const char *filename, const char *mode); @@ -76,10 +91,6 @@ FILE *openssl_fopen(const char *filename, const char *mode); void *openssl_fopen(const char *filename, const char *mode); # endif -unsigned long OPENSSL_rdtsc(void); - -#ifdef __cplusplus -} -#endif +uint32_t OPENSSL_rdtsc(void); #endif diff --git a/deps/openssl/openssl/include/internal/dso.h b/deps/openssl/openssl/include/internal/dso.h index 7c5203286e3c30..eb5f7d53c7d6fb 100644 --- a/deps/openssl/openssl/include/internal/dso.h +++ b/deps/openssl/openssl/include/internal/dso.h @@ -1,5 +1,5 @@ /* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,10 +11,7 @@ # define HEADER_DSO_H # include - -#ifdef __cplusplus -extern "C" { -#endif +# include "internal/dsoerr.h" /* These values are used as commands to DSO_ctrl() */ # define DSO_CTRL_GET_FLAGS 1 @@ -46,11 +43,6 @@ extern "C" { * Don't unload the DSO when we call DSO_free() */ # define DSO_FLAG_NO_UNLOAD_ON_FREE 0x04 -/* - * The following flag controls the translation of symbol names to upper case. - * This is currently only being implemented for OpenVMS. - */ -# define DSO_FLAG_UPCASE_SYMBOL 0x10 /* * This flag loads the library with public symbols. Meaning: The exported @@ -168,72 +160,6 @@ DSO *DSO_dsobyaddr(void *addr, int flags); */ void *DSO_global_lookup(const char *name); -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - int ERR_load_DSO_strings(void); -/* Error codes for the DSO functions. */ - -/* Function codes. */ -# define DSO_F_DLFCN_BIND_FUNC 100 -# define DSO_F_DLFCN_LOAD 102 -# define DSO_F_DLFCN_MERGER 130 -# define DSO_F_DLFCN_NAME_CONVERTER 123 -# define DSO_F_DLFCN_UNLOAD 103 -# define DSO_F_DL_BIND_FUNC 104 -# define DSO_F_DL_LOAD 106 -# define DSO_F_DL_MERGER 131 -# define DSO_F_DL_NAME_CONVERTER 124 -# define DSO_F_DL_UNLOAD 107 -# define DSO_F_DSO_BIND_FUNC 108 -# define DSO_F_DSO_CONVERT_FILENAME 126 -# define DSO_F_DSO_CTRL 110 -# define DSO_F_DSO_FREE 111 -# define DSO_F_DSO_GET_FILENAME 127 -# define DSO_F_DSO_GLOBAL_LOOKUP 139 -# define DSO_F_DSO_LOAD 112 -# define DSO_F_DSO_MERGE 132 -# define DSO_F_DSO_NEW_METHOD 113 -# define DSO_F_DSO_PATHBYADDR 105 -# define DSO_F_DSO_SET_FILENAME 129 -# define DSO_F_DSO_UP_REF 114 -# define DSO_F_VMS_BIND_SYM 115 -# define DSO_F_VMS_LOAD 116 -# define DSO_F_VMS_MERGER 133 -# define DSO_F_VMS_UNLOAD 117 -# define DSO_F_WIN32_BIND_FUNC 101 -# define DSO_F_WIN32_GLOBALLOOKUP 142 -# define DSO_F_WIN32_JOINER 135 -# define DSO_F_WIN32_LOAD 120 -# define DSO_F_WIN32_MERGER 134 -# define DSO_F_WIN32_NAME_CONVERTER 125 -# define DSO_F_WIN32_PATHBYADDR 109 -# define DSO_F_WIN32_SPLITTER 136 -# define DSO_F_WIN32_UNLOAD 121 - -/* Reason codes. */ -# define DSO_R_CTRL_FAILED 100 -# define DSO_R_DSO_ALREADY_LOADED 110 -# define DSO_R_EMPTY_FILE_STRUCTURE 113 -# define DSO_R_FAILURE 114 -# define DSO_R_FILENAME_TOO_BIG 101 -# define DSO_R_FINISH_FAILED 102 -# define DSO_R_INCORRECT_FILE_SYNTAX 115 -# define DSO_R_LOAD_FAILED 103 -# define DSO_R_NAME_TRANSLATION_FAILED 109 -# define DSO_R_NO_FILENAME 111 -# define DSO_R_NULL_HANDLE 104 -# define DSO_R_SET_FILENAME_FAILED 112 -# define DSO_R_STACK_ERROR 105 -# define DSO_R_SYM_FAILURE 106 -# define DSO_R_UNLOAD_FAILED 107 -# define DSO_R_UNSUPPORTED 108 - -# ifdef __cplusplus -} -# endif #endif diff --git a/deps/openssl/openssl/include/internal/dsoerr.h b/deps/openssl/openssl/include/internal/dsoerr.h new file mode 100644 index 00000000000000..a54a18545e3c75 --- /dev/null +++ b/deps/openssl/openssl/include/internal/dsoerr.h @@ -0,0 +1,83 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_DSOERR_H +# define HEADER_DSOERR_H + +# include + +# ifndef OPENSSL_NO_DSO + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_DSO_strings(void); + +/* + * DSO function codes. + */ +# define DSO_F_DLFCN_BIND_FUNC 100 +# define DSO_F_DLFCN_LOAD 102 +# define DSO_F_DLFCN_MERGER 130 +# define DSO_F_DLFCN_NAME_CONVERTER 123 +# define DSO_F_DLFCN_UNLOAD 103 +# define DSO_F_DL_BIND_FUNC 104 +# define DSO_F_DL_LOAD 106 +# define DSO_F_DL_MERGER 131 +# define DSO_F_DL_NAME_CONVERTER 124 +# define DSO_F_DL_UNLOAD 107 +# define DSO_F_DSO_BIND_FUNC 108 +# define DSO_F_DSO_CONVERT_FILENAME 126 +# define DSO_F_DSO_CTRL 110 +# define DSO_F_DSO_FREE 111 +# define DSO_F_DSO_GET_FILENAME 127 +# define DSO_F_DSO_GLOBAL_LOOKUP 139 +# define DSO_F_DSO_LOAD 112 +# define DSO_F_DSO_MERGE 132 +# define DSO_F_DSO_NEW_METHOD 113 +# define DSO_F_DSO_PATHBYADDR 105 +# define DSO_F_DSO_SET_FILENAME 129 +# define DSO_F_DSO_UP_REF 114 +# define DSO_F_VMS_BIND_SYM 115 +# define DSO_F_VMS_LOAD 116 +# define DSO_F_VMS_MERGER 133 +# define DSO_F_VMS_UNLOAD 117 +# define DSO_F_WIN32_BIND_FUNC 101 +# define DSO_F_WIN32_GLOBALLOOKUP 142 +# define DSO_F_WIN32_JOINER 135 +# define DSO_F_WIN32_LOAD 120 +# define DSO_F_WIN32_MERGER 134 +# define DSO_F_WIN32_NAME_CONVERTER 125 +# define DSO_F_WIN32_PATHBYADDR 109 +# define DSO_F_WIN32_SPLITTER 136 +# define DSO_F_WIN32_UNLOAD 121 + +/* + * DSO reason codes. + */ +# define DSO_R_CTRL_FAILED 100 +# define DSO_R_DSO_ALREADY_LOADED 110 +# define DSO_R_EMPTY_FILE_STRUCTURE 113 +# define DSO_R_FAILURE 114 +# define DSO_R_FILENAME_TOO_BIG 101 +# define DSO_R_FINISH_FAILED 102 +# define DSO_R_INCORRECT_FILE_SYNTAX 115 +# define DSO_R_LOAD_FAILED 103 +# define DSO_R_NAME_TRANSLATION_FAILED 109 +# define DSO_R_NO_FILENAME 111 +# define DSO_R_NULL_HANDLE 104 +# define DSO_R_SET_FILENAME_FAILED 112 +# define DSO_R_STACK_ERROR 105 +# define DSO_R_SYM_FAILURE 106 +# define DSO_R_UNLOAD_FAILED 107 +# define DSO_R_UNSUPPORTED 108 + +# endif +#endif diff --git a/deps/openssl/openssl/include/internal/asn1t.h b/deps/openssl/openssl/include/internal/nelem.h similarity index 58% rename from deps/openssl/openssl/include/internal/asn1t.h rename to deps/openssl/openssl/include/internal/nelem.h index 32d637df79766d..d65a21a9fbef8b 100644 --- a/deps/openssl/openssl/include/internal/asn1t.h +++ b/deps/openssl/openssl/include/internal/nelem.h @@ -7,13 +7,8 @@ * https://www.openssl.org/source/license.html */ -#include +#ifndef HEADER_NELEM_H +# define HEADER_NELEM_H -DECLARE_ASN1_ITEM(INT32) -DECLARE_ASN1_ITEM(ZINT32) -DECLARE_ASN1_ITEM(UINT32) -DECLARE_ASN1_ITEM(ZUINT32) -DECLARE_ASN1_ITEM(INT64) -DECLARE_ASN1_ITEM(ZINT64) -DECLARE_ASN1_ITEM(UINT64) -DECLARE_ASN1_ITEM(ZUINT64) +# define OSSL_NELEM(x) (sizeof(x)/sizeof((x)[0])) +#endif diff --git a/deps/openssl/openssl/include/internal/o_dir.h b/deps/openssl/openssl/include/internal/o_dir.h index 178c2ed2292963..e7b55e0c18b3aa 100644 --- a/deps/openssl/openssl/include/internal/o_dir.h +++ b/deps/openssl/openssl/include/internal/o_dir.h @@ -1,5 +1,5 @@ /* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,12 +8,9 @@ */ /* - * Copied from Richard Levitte's (richard@levitte.org) LP library. All - * symbol names have been changed, with permission from the author. - */ - -/* $LP: LPlib/source/LPdir.h,v 1.1 2004/06/14 08:56:04 _cvs_levitte Exp $ */ -/* + * This file is dual-licensed and is also available under the following + * terms: + * * Copyright (c) 2004, Richard Levitte * All rights reserved. * @@ -42,22 +39,14 @@ #ifndef O_DIR_H # define O_DIR_H -#ifdef __cplusplus -extern "C" { -#endif - typedef struct OPENSSL_dir_context_st OPENSSL_DIR_CTX; - /* - * returns NULL on error or end-of-directory. If it is end-of-directory, - * errno will be zero - */ +/* + * returns NULL on error or end-of-directory. If it is end-of-directory, + * errno will be zero + */ const char *OPENSSL_DIR_read(OPENSSL_DIR_CTX **ctx, const char *directory); - /* returns 1 on success, 0 on error */ +/* returns 1 on success, 0 on error */ int OPENSSL_DIR_end(OPENSSL_DIR_CTX **ctx); -#ifdef __cplusplus -} -#endif - #endif /* LPDIR_H */ diff --git a/deps/openssl/openssl/include/internal/refcount.h b/deps/openssl/openssl/include/internal/refcount.h new file mode 100644 index 00000000000000..75d70a6418b72b --- /dev/null +++ b/deps/openssl/openssl/include/internal/refcount.h @@ -0,0 +1,140 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ +#ifndef HEADER_INTERNAL_REFCOUNT_H +# define HEADER_INTERNAL_REFCOUNT_H + +/* Used to checking reference counts, most while doing perl5 stuff :-) */ +# if defined(OPENSSL_NO_STDIO) +# if defined(REF_PRINT) +# error "REF_PRINT requires stdio" +# endif +# endif + +# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L \ + && !defined(__STDC_NO_ATOMICS__) +# include +# define HAVE_C11_ATOMICS +# endif + +# if defined(HAVE_C11_ATOMICS) && defined(ATOMIC_INT_LOCK_FREE) \ + && ATOMIC_INT_LOCK_FREE > 0 + +# define HAVE_ATOMICS 1 + +typedef _Atomic int CRYPTO_REF_COUNT; + +static inline int CRYPTO_UP_REF(_Atomic int *val, int *ret, void *lock) +{ + *ret = atomic_fetch_add_explicit(val, 1, memory_order_relaxed) + 1; + return 1; +} + +/* + * Changes to shared structure other than reference counter have to be + * serialized. And any kind of serialization implies a release fence. This + * means that by the time reference counter is decremented all other + * changes are visible on all processors. Hence decrement itself can be + * relaxed. In case it hits zero, object will be destructed. Since it's + * last use of the object, destructor programmer might reason that access + * to mutable members doesn't have to be serialized anymore, which would + * otherwise imply an acquire fence. Hence conditional acquire fence... + */ +static inline int CRYPTO_DOWN_REF(_Atomic int *val, int *ret, void *lock) +{ + *ret = atomic_fetch_sub_explicit(val, 1, memory_order_relaxed) - 1; + if (*ret == 0) + atomic_thread_fence(memory_order_acquire); + return 1; +} + +# elif defined(__GNUC__) && defined(__ATOMIC_RELAXED) && __GCC_ATOMIC_INT_LOCK_FREE > 0 + +# define HAVE_ATOMICS 1 + +typedef int CRYPTO_REF_COUNT; + +static __inline__ int CRYPTO_UP_REF(int *val, int *ret, void *lock) +{ + *ret = __atomic_fetch_add(val, 1, __ATOMIC_RELAXED) + 1; + return 1; +} + +static __inline__ int CRYPTO_DOWN_REF(int *val, int *ret, void *lock) +{ + *ret = __atomic_fetch_sub(val, 1, __ATOMIC_RELAXED) - 1; + if (*ret == 0) + __atomic_thread_fence(__ATOMIC_ACQUIRE); + return 1; +} + +# elif defined(_MSC_VER) && _MSC_VER>=1200 + +# define HAVE_ATOMICS 1 + +typedef volatile int CRYPTO_REF_COUNT; + +# if (defined(_M_ARM) && _M_ARM>=7) || defined(_M_ARM64) +# include +# if defined(_M_ARM64) && !defined(_ARM_BARRIER_ISH) +# define _ARM_BARRIER_ISH _ARM64_BARRIER_ISH +# endif + +static __inline int CRYPTO_UP_REF(volatile int *val, int *ret, void *lock) +{ + *ret = _InterlockedExchangeAdd_nf(val, 1) + 1; + return 1; +} + +static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret, void *lock) +{ + *ret = _InterlockedExchangeAdd_nf(val, -1) - 1; + if (*ret == 0) + __dmb(_ARM_BARRIER_ISH); + return 1; +} +# else +# pragma intrinsic(_InterlockedExchangeAdd) + +static __inline int CRYPTO_UP_REF(volatile int *val, int *ret, void *lock) +{ + *ret = _InterlockedExchangeAdd(val, 1) + 1; + return 1; +} + +static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret, void *lock) +{ + *ret = _InterlockedExchangeAdd(val, -1) - 1; + return 1; +} +# endif + +# else + +typedef int CRYPTO_REF_COUNT; + +# define CRYPTO_UP_REF(val, ret, lock) CRYPTO_atomic_add(val, 1, ret, lock) +# define CRYPTO_DOWN_REF(val, ret, lock) CRYPTO_atomic_add(val, -1, ret, lock) + +# endif + +# if !defined(NDEBUG) && !defined(OPENSSL_NO_STDIO) +# define REF_ASSERT_ISNT(test) \ + (void)((test) ? (OPENSSL_die("refcount error", __FILE__, __LINE__), 1) : 0) +# else +# define REF_ASSERT_ISNT(i) +# endif + +# ifdef REF_PRINT +# define REF_PRINT_COUNT(a, b) \ + fprintf(stderr, "%p:%4d:%s\n", b, b->references, a) +# else +# define REF_PRINT_COUNT(a, b) +# endif + +#endif diff --git a/deps/openssl/openssl/include/internal/sockets.h b/deps/openssl/openssl/include/internal/sockets.h new file mode 100644 index 00000000000000..a6026dad081e75 --- /dev/null +++ b/deps/openssl/openssl/include/internal/sockets.h @@ -0,0 +1,159 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + + +#ifndef HEADER_INTERNAL_SOCKETS +# define HEADER_INTERNAL_SOCKETS + +# if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI) +# define NO_SYS_PARAM_H +# endif +# ifdef WIN32 +# define NO_SYS_UN_H +# endif +# ifdef OPENSSL_SYS_VMS +# define NO_SYS_PARAM_H +# define NO_SYS_UN_H +# endif + +# ifdef OPENSSL_NO_SOCK + +# elif defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) +# if defined(__DJGPP__) +# include +# include +# include +# include +# elif defined(_WIN32_WCE) && _WIN32_WCE<410 +# define getservbyname _masked_declaration_getservbyname +# endif +# if !defined(IPPROTO_IP) + /* winsock[2].h was included already? */ +# include +# endif +# ifdef getservbyname + /* this is used to be wcecompat/include/winsock_extras.h */ +# undef getservbyname +struct servent *PASCAL getservbyname(const char *, const char *); +# endif + +# ifdef _WIN64 +/* + * Even though sizeof(SOCKET) is 8, it's safe to cast it to int, because + * the value constitutes an index in per-process table of limited size + * and not a real pointer. And we also depend on fact that all processors + * Windows run on happen to be two's-complement, which allows to + * interchange INVALID_SOCKET and -1. + */ +# define socket(d,t,p) ((int)socket(d,t,p)) +# define accept(s,f,l) ((int)accept(s,f,l)) +# endif + +# else + +# ifndef NO_SYS_PARAM_H +# include +# endif +# ifdef OPENSSL_SYS_VXWORKS +# include +# endif + +# include +# if defined(OPENSSL_SYS_VMS_NODECC) +# include +# include +# include +# else +# include +# ifndef NO_SYS_UN_H +# ifdef OPENSSL_SYS_VXWORKS +# include +# else +# include +# endif +# ifndef UNIX_PATH_MAX +# define UNIX_PATH_MAX sizeof(((struct sockaddr_un *)NULL)->sun_path) +# endif +# endif +# ifdef FILIO_H +# include /* FIONBIO in some SVR4, e.g. unixware, solaris */ +# endif +# include +# include +# include +# endif + +# ifdef OPENSSL_SYS_AIX +# include +# endif + +# ifndef VMS +# include +# else +# if !defined(TCPIP_TYPE_SOCKETSHR) && defined(__VMS_VER) && (__VMS_VER > 70000000) + /* ioctl is only in VMS > 7.0 and when socketshr is not used */ +# include +# endif +# include +# if defined(TCPIP_TYPE_SOCKETSHR) +# include +# endif +# endif + +# ifndef INVALID_SOCKET +# define INVALID_SOCKET (-1) +# endif +# endif + +/* + * Some IPv6 implementations are broken, you can disable them in known + * bad versions. + */ +# if !defined(OPENSSL_USE_IPV6) +# if defined(AF_INET6) +# define OPENSSL_USE_IPV6 1 +# else +# define OPENSSL_USE_IPV6 0 +# endif +# endif + +# define get_last_socket_error() errno +# define clear_socket_error() errno=0 + +# if defined(OPENSSL_SYS_WINDOWS) +# undef get_last_socket_error +# undef clear_socket_error +# define get_last_socket_error() WSAGetLastError() +# define clear_socket_error() WSASetLastError(0) +# define readsocket(s,b,n) recv((s),(b),(n),0) +# define writesocket(s,b,n) send((s),(b),(n),0) +# elif defined(__DJGPP__) +# define WATT32 +# define WATT32_NO_OLDIES +# define closesocket(s) close_s(s) +# define readsocket(s,b,n) read_s(s,b,n) +# define writesocket(s,b,n) send(s,b,n,0) +# elif defined(OPENSSL_SYS_VMS) +# define ioctlsocket(a,b,c) ioctl(a,b,c) +# define closesocket(s) close(s) +# define readsocket(s,b,n) recv((s),(b),(n),0) +# define writesocket(s,b,n) send((s),(b),(n),0) +# elif defined(OPENSSL_SYS_VXWORKS) +# define ioctlsocket(a,b,c) ioctl((a),(b),(int)(c)) +# define closesocket(s) close(s) +# define readsocket(s,b,n) read((s),(b),(n)) +# define writesocket(s,b,n) write((s),(char *)(b),(n)) +# else +# define ioctlsocket(a,b,c) ioctl(a,b,c) +# define closesocket(s) close(s) +# define readsocket(s,b,n) read((s),(b),(n)) +# define writesocket(s,b,n) write((s),(b),(n)) +# endif + +#endif diff --git a/deps/openssl/openssl/include/internal/tsan_assist.h b/deps/openssl/openssl/include/internal/tsan_assist.h new file mode 100644 index 00000000000000..29409ff4f53dbe --- /dev/null +++ b/deps/openssl/openssl/include/internal/tsan_assist.h @@ -0,0 +1,144 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Contemporary compilers implement lock-free atomic memory access + * primitives that facilitate writing "thread-opportunistic" or even real + * multi-threading low-overhead code. "Thread-opportunistic" is when + * exact result is not required, e.g. some statistics, or execution flow + * doesn't have to be unambiguous. Simplest example is lazy "constant" + * initialization when one can synchronize on variable itself, e.g. + * + * if (var == NOT_YET_INITIALIZED) + * var = function_returning_same_value(); + * + * This does work provided that loads and stores are single-instuction + * operations (and integer ones are on *all* supported platforms), but + * it upsets Thread Sanitizer. Suggested solution is + * + * if (tsan_load(&var) == NOT_YET_INITIALIZED) + * tsan_store(&var, function_returning_same_value()); + * + * Production machine code would be the same, so one can wonder why + * bother. Having Thread Sanitizer accept "thread-opportunistic" code + * allows to move on trouble-shooting real bugs. + * + * Resolving Thread Sanitizer nits was the initial purpose for this module, + * but it was later extended with more nuanced primitives that are useful + * even in "non-opportunistic" scenarios. Most notably verifying if a shared + * structure is fully initialized and bypassing the initialization lock. + * It's suggested to view macros defined in this module as "annotations" for + * thread-safe lock-free code, "Thread-Safe ANnotations"... + * + * It's assumed that ATOMIC_{LONG|INT}_LOCK_FREE are assigned same value as + * ATOMIC_POINTER_LOCK_FREE. And check for >= 2 ensures that corresponding + * code is inlined. It should be noted that statistics counters become + * accurate in such case. + * + * Special note about TSAN_QUALIFIER. It might be undesired to use it in + * a shared header. Because whether operation on specific variable or member + * is atomic or not might be irrelevant in other modules. In such case one + * can use TSAN_QUALIFIER in cast specifically when it has to count. + */ + +#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L \ + && !defined(__STDC_NO_ATOMICS__) +# include + +# if defined(ATOMIC_POINTER_LOCK_FREE) \ + && ATOMIC_POINTER_LOCK_FREE >= 2 +# define TSAN_QUALIFIER _Atomic +# define tsan_load(ptr) atomic_load_explicit((ptr), memory_order_relaxed) +# define tsan_store(ptr, val) atomic_store_explicit((ptr), (val), memory_order_relaxed) +# define tsan_counter(ptr) atomic_fetch_add_explicit((ptr), 1, memory_order_relaxed) +# define tsan_decr(ptr) atomic_fetch_add_explicit((ptr), -1, memory_order_relaxed) +# define tsan_ld_acq(ptr) atomic_load_explicit((ptr), memory_order_acquire) +# define tsan_st_rel(ptr, val) atomic_store_explicit((ptr), (val), memory_order_release) +# endif + +#elif defined(__GNUC__) && defined(__ATOMIC_RELAXED) + +# if defined(__GCC_ATOMIC_POINTER_LOCK_FREE) \ + && __GCC_ATOMIC_POINTER_LOCK_FREE >= 2 +# define TSAN_QUALIFIER volatile +# define tsan_load(ptr) __atomic_load_n((ptr), __ATOMIC_RELAXED) +# define tsan_store(ptr, val) __atomic_store_n((ptr), (val), __ATOMIC_RELAXED) +# define tsan_counter(ptr) __atomic_fetch_add((ptr), 1, __ATOMIC_RELAXED) +# define tsan_decr(ptr) __atomic_fetch_add((ptr), -1, __ATOMIC_RELAXED) +# define tsan_ld_acq(ptr) __atomic_load_n((ptr), __ATOMIC_ACQUIRE) +# define tsan_st_rel(ptr, val) __atomic_store_n((ptr), (val), __ATOMIC_RELEASE) +# endif + +#elif defined(_MSC_VER) && _MSC_VER>=1200 \ + && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \ + defined(_M_ARM64) || (defined(_M_ARM) && _M_ARM >= 7)) +/* + * There is subtle dependency on /volatile: command-line option. + * "ms" implies same semantic as memory_order_acquire for loads and + * memory_order_release for stores, while "iso" - memory_order_relaxed for + * either. Real complication is that defaults are different on x86 and ARM. + * There is explanation for that, "ms" is backward compatible with earlier + * compiler versions, while multi-processor ARM can be viewed as brand new + * platform to MSC and its users, and with non-relaxed semantic taking toll + * with additional instructions and penalties, it kind of makes sense to + * default to "iso"... + */ +# define TSAN_QUALIFIER volatile +# if defined(_M_ARM) || defined(_M_ARM64) +# define _InterlockedExchangeAdd _InterlockedExchangeAdd_nf +# pragma intrinsic(_InterlockedExchangeAdd_nf) +# pragma intrinsic(__iso_volatile_load32, __iso_volatile_store32) +# ifdef _WIN64 +# define _InterlockedExchangeAdd64 _InterlockedExchangeAdd64_nf +# pragma intrinsic(_InterlockedExchangeAdd64_nf) +# pragma intrinsic(__iso_volatile_load64, __iso_volatile_store64) +# define tsan_load(ptr) (sizeof(*(ptr)) == 8 ? __iso_volatile_load64(ptr) \ + : __iso_volatile_load32(ptr)) +# define tsan_store(ptr, val) (sizeof(*(ptr)) == 8 ? __iso_volatile_store64((ptr), (val)) \ + : __iso_volatile_store32((ptr), (val))) +# else +# define tsan_load(ptr) __iso_volatile_load32(ptr) +# define tsan_store(ptr, val) __iso_volatile_store32((ptr), (val)) +# endif +# else +# define tsan_load(ptr) (*(ptr)) +# define tsan_store(ptr, val) (*(ptr) = (val)) +# endif +# pragma intrinsic(_InterlockedExchangeAdd) +# ifdef _WIN64 +# pragma intrinsic(_InterlockedExchangeAdd64) +# define tsan_counter(ptr) (sizeof(*(ptr)) == 8 ? _InterlockedExchangeAdd64((ptr), 1) \ + : _InterlockedExchangeAdd((ptr), 1)) +# define tsan_decr(ptr) (sizeof(*(ptr)) == 8 ? _InterlockedExchangeAdd64((ptr), -1) \ + : _InterlockedExchangeAdd((ptr), -1)) +# else +# define tsan_counter(ptr) _InterlockedExchangeAdd((ptr), 1) +# define tsan_decr(ptr) _InterlockedExchangeAdd((ptr), -1) +# endif +# if !defined(_ISO_VOLATILE) +# define tsan_ld_acq(ptr) (*(ptr)) +# define tsan_st_rel(ptr, val) (*(ptr) = (val)) +# endif + +#endif + +#ifndef TSAN_QUALIFIER + +# define TSAN_QUALIFIER volatile +# define tsan_load(ptr) (*(ptr)) +# define tsan_store(ptr, val) (*(ptr) = (val)) +# define tsan_counter(ptr) ((*(ptr))++) +# define tsan_decr(ptr) ((*(ptr))--) +/* + * Lack of tsan_ld_acq and tsan_ld_rel means that compiler support is not + * sophisticated enough to support them. Code that relies on them should be + * protected with #ifdef tsan_ld_acq with locked fallback. + */ + +#endif diff --git a/deps/openssl/openssl/include/openssl/asn1.h b/deps/openssl/openssl/include/openssl/asn1.h index d0b1099a4fafe6..9522eec18f7a95 100644 --- a/deps/openssl/openssl/include/openssl/asn1.h +++ b/deps/openssl/openssl/include/openssl/asn1.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,9 +14,8 @@ # include # include # include -# include # include - +# include # include # include @@ -40,7 +39,7 @@ extern "C" { # define V_ASN1_CONSTRUCTED 0x20 # define V_ASN1_PRIMITIVE_TAG 0x1f -# define V_ASN1_PRIMATIVE_TAG 0x1f +# define V_ASN1_PRIMATIVE_TAG /*compat*/ V_ASN1_PRIMITIVE_TAG # define V_ASN1_APP_CHOOSE -2/* let the recipient choose */ # define V_ASN1_OTHER -3/* used in ASN1_TYPE */ @@ -141,6 +140,8 @@ DEFINE_STACK_OF(X509_ALGOR) # define ASN1_STRING_FLAG_MSTRING 0x040 /* String is embedded and only content should be freed */ # define ASN1_STRING_FLAG_EMBED 0x080 +/* String should be parsed in RFC 5280's time format */ +# define ASN1_STRING_FLAG_X509_TIME 0x100 /* This is the base type that holds just about everything :-) */ struct asn1_string_st { int length; @@ -588,6 +589,7 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, time_t t, int offset_day, long offset_sec); int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str); + int ASN1_TIME_diff(int *pday, int *psec, const ASN1_TIME *from, const ASN1_TIME *to); @@ -628,6 +630,11 @@ int ASN1_TIME_check(const ASN1_TIME *t); ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t, ASN1_GENERALIZEDTIME **out); int ASN1_TIME_set_string(ASN1_TIME *s, const char *str); +int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str); +int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm); +int ASN1_TIME_normalize(ASN1_TIME *s); +int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t); +int ASN1_TIME_compare(const ASN1_TIME *a, const ASN1_TIME *b); int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a); int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size); @@ -870,231 +877,8 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it); int SMIME_crlf_copy(BIO *in, BIO *out, int flags); int SMIME_text(BIO *in, BIO *out); -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - -int ERR_load_ASN1_strings(void); - -/* Error codes for the ASN1 functions. */ - -/* Function codes. */ -# define ASN1_F_A2D_ASN1_OBJECT 100 -# define ASN1_F_A2I_ASN1_INTEGER 102 -# define ASN1_F_A2I_ASN1_STRING 103 -# define ASN1_F_APPEND_EXP 176 -# define ASN1_F_ASN1_BIT_STRING_SET_BIT 183 -# define ASN1_F_ASN1_CB 177 -# define ASN1_F_ASN1_CHECK_TLEN 104 -# define ASN1_F_ASN1_COLLECT 106 -# define ASN1_F_ASN1_D2I_EX_PRIMITIVE 108 -# define ASN1_F_ASN1_D2I_FP 109 -# define ASN1_F_ASN1_D2I_READ_BIO 107 -# define ASN1_F_ASN1_DIGEST 184 -# define ASN1_F_ASN1_DO_ADB 110 -# define ASN1_F_ASN1_DO_LOCK 233 -# define ASN1_F_ASN1_DUP 111 -# define ASN1_F_ASN1_EX_C2I 204 -# define ASN1_F_ASN1_FIND_END 190 -# define ASN1_F_ASN1_GENERALIZEDTIME_ADJ 216 -# define ASN1_F_ASN1_GENERATE_V3 178 -# define ASN1_F_ASN1_GET_INT64 224 -# define ASN1_F_ASN1_GET_OBJECT 114 -# define ASN1_F_ASN1_GET_UINT64 225 -# define ASN1_F_ASN1_I2D_BIO 116 -# define ASN1_F_ASN1_I2D_FP 117 -# define ASN1_F_ASN1_ITEM_D2I_FP 206 -# define ASN1_F_ASN1_ITEM_DUP 191 -# define ASN1_F_ASN1_ITEM_EMBED_D2I 120 -# define ASN1_F_ASN1_ITEM_EMBED_NEW 121 -# define ASN1_F_ASN1_ITEM_I2D_BIO 192 -# define ASN1_F_ASN1_ITEM_I2D_FP 193 -# define ASN1_F_ASN1_ITEM_PACK 198 -# define ASN1_F_ASN1_ITEM_SIGN 195 -# define ASN1_F_ASN1_ITEM_SIGN_CTX 220 -# define ASN1_F_ASN1_ITEM_UNPACK 199 -# define ASN1_F_ASN1_ITEM_VERIFY 197 -# define ASN1_F_ASN1_MBSTRING_NCOPY 122 -# define ASN1_F_ASN1_OBJECT_NEW 123 -# define ASN1_F_ASN1_OUTPUT_DATA 214 -# define ASN1_F_ASN1_PCTX_NEW 205 -# define ASN1_F_ASN1_SCTX_NEW 221 -# define ASN1_F_ASN1_SIGN 128 -# define ASN1_F_ASN1_STR2TYPE 179 -# define ASN1_F_ASN1_STRING_GET_INT64 227 -# define ASN1_F_ASN1_STRING_GET_UINT64 230 -# define ASN1_F_ASN1_STRING_SET 186 -# define ASN1_F_ASN1_STRING_TABLE_ADD 129 -# define ASN1_F_ASN1_STRING_TO_BN 228 -# define ASN1_F_ASN1_STRING_TYPE_NEW 130 -# define ASN1_F_ASN1_TEMPLATE_EX_D2I 132 -# define ASN1_F_ASN1_TEMPLATE_NEW 133 -# define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I 131 -# define ASN1_F_ASN1_TIME_ADJ 217 -# define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134 -# define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135 -# define ASN1_F_ASN1_UTCTIME_ADJ 218 -# define ASN1_F_ASN1_VERIFY 137 -# define ASN1_F_B64_READ_ASN1 209 -# define ASN1_F_B64_WRITE_ASN1 210 -# define ASN1_F_BIO_NEW_NDEF 208 -# define ASN1_F_BITSTR_CB 180 -# define ASN1_F_BN_TO_ASN1_STRING 229 -# define ASN1_F_C2I_ASN1_BIT_STRING 189 -# define ASN1_F_C2I_ASN1_INTEGER 194 -# define ASN1_F_C2I_ASN1_OBJECT 196 -# define ASN1_F_C2I_IBUF 226 -# define ASN1_F_C2I_UINT64_INT 101 -# define ASN1_F_COLLECT_DATA 140 -# define ASN1_F_D2I_ASN1_OBJECT 147 -# define ASN1_F_D2I_ASN1_UINTEGER 150 -# define ASN1_F_D2I_AUTOPRIVATEKEY 207 -# define ASN1_F_D2I_PRIVATEKEY 154 -# define ASN1_F_D2I_PUBLICKEY 155 -# define ASN1_F_DO_BUF 142 -# define ASN1_F_DO_TCREATE 222 -# define ASN1_F_I2D_ASN1_BIO_STREAM 211 -# define ASN1_F_I2D_ASN1_OBJECT 143 -# define ASN1_F_I2D_DSA_PUBKEY 161 -# define ASN1_F_I2D_EC_PUBKEY 181 -# define ASN1_F_I2D_PRIVATEKEY 163 -# define ASN1_F_I2D_PUBLICKEY 164 -# define ASN1_F_I2D_RSA_PUBKEY 165 -# define ASN1_F_LONG_C2I 166 -# define ASN1_F_OID_MODULE_INIT 174 -# define ASN1_F_PARSE_TAGGING 182 -# define ASN1_F_PKCS5_PBE2_SET_IV 167 -# define ASN1_F_PKCS5_PBE2_SET_SCRYPT 231 -# define ASN1_F_PKCS5_PBE_SET 202 -# define ASN1_F_PKCS5_PBE_SET0_ALGOR 215 -# define ASN1_F_PKCS5_PBKDF2_SET 219 -# define ASN1_F_PKCS5_SCRYPT_SET 232 -# define ASN1_F_SMIME_READ_ASN1 212 -# define ASN1_F_SMIME_TEXT 213 -# define ASN1_F_STBL_MODULE_INIT 223 -# define ASN1_F_UINT32_C2I 105 -# define ASN1_F_UINT64_C2I 112 -# define ASN1_F_X509_CRL_ADD0_REVOKED 169 -# define ASN1_F_X509_INFO_NEW 170 -# define ASN1_F_X509_NAME_ENCODE 203 -# define ASN1_F_X509_NAME_EX_D2I 158 -# define ASN1_F_X509_NAME_EX_NEW 171 -# define ASN1_F_X509_PKEY_NEW 173 - -/* Reason codes. */ -# define ASN1_R_ADDING_OBJECT 171 -# define ASN1_R_ASN1_PARSE_ERROR 203 -# define ASN1_R_ASN1_SIG_PARSE_ERROR 204 -# define ASN1_R_AUX_ERROR 100 -# define ASN1_R_BAD_OBJECT_HEADER 102 -# define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214 -# define ASN1_R_BN_LIB 105 -# define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 -# define ASN1_R_BUFFER_TOO_SMALL 107 -# define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 108 -# define ASN1_R_CONTEXT_NOT_INITIALISED 217 -# define ASN1_R_DATA_IS_WRONG 109 -# define ASN1_R_DECODE_ERROR 110 -# define ASN1_R_DEPTH_EXCEEDED 174 -# define ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED 198 -# define ASN1_R_ENCODE_ERROR 112 -# define ASN1_R_ERROR_GETTING_TIME 173 -# define ASN1_R_ERROR_LOADING_SECTION 172 -# define ASN1_R_ERROR_SETTING_CIPHER_PARAMS 114 -# define ASN1_R_EXPECTING_AN_INTEGER 115 -# define ASN1_R_EXPECTING_AN_OBJECT 116 -# define ASN1_R_EXPLICIT_LENGTH_MISMATCH 119 -# define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED 120 -# define ASN1_R_FIELD_MISSING 121 -# define ASN1_R_FIRST_NUM_TOO_LARGE 122 -# define ASN1_R_HEADER_TOO_LONG 123 -# define ASN1_R_ILLEGAL_BITSTRING_FORMAT 175 -# define ASN1_R_ILLEGAL_BOOLEAN 176 -# define ASN1_R_ILLEGAL_CHARACTERS 124 -# define ASN1_R_ILLEGAL_FORMAT 177 -# define ASN1_R_ILLEGAL_HEX 178 -# define ASN1_R_ILLEGAL_IMPLICIT_TAG 179 -# define ASN1_R_ILLEGAL_INTEGER 180 -# define ASN1_R_ILLEGAL_NEGATIVE_VALUE 226 -# define ASN1_R_ILLEGAL_NESTED_TAGGING 181 -# define ASN1_R_ILLEGAL_NULL 125 -# define ASN1_R_ILLEGAL_NULL_VALUE 182 -# define ASN1_R_ILLEGAL_OBJECT 183 -# define ASN1_R_ILLEGAL_OPTIONAL_ANY 126 -# define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 170 -# define ASN1_R_ILLEGAL_PADDING 221 -# define ASN1_R_ILLEGAL_TAGGED_ANY 127 -# define ASN1_R_ILLEGAL_TIME_VALUE 184 -# define ASN1_R_ILLEGAL_ZERO_CONTENT 222 -# define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185 -# define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128 -# define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 220 -# define ASN1_R_INVALID_BMPSTRING_LENGTH 129 -# define ASN1_R_INVALID_DIGIT 130 -# define ASN1_R_INVALID_MIME_TYPE 205 -# define ASN1_R_INVALID_MODIFIER 186 -# define ASN1_R_INVALID_NUMBER 187 -# define ASN1_R_INVALID_OBJECT_ENCODING 216 -# define ASN1_R_INVALID_SCRYPT_PARAMETERS 227 -# define ASN1_R_INVALID_SEPARATOR 131 -# define ASN1_R_INVALID_STRING_TABLE_VALUE 218 -# define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133 -# define ASN1_R_INVALID_UTF8STRING 134 -# define ASN1_R_INVALID_VALUE 219 -# define ASN1_R_LIST_ERROR 188 -# define ASN1_R_MIME_NO_CONTENT_TYPE 206 -# define ASN1_R_MIME_PARSE_ERROR 207 -# define ASN1_R_MIME_SIG_PARSE_ERROR 208 -# define ASN1_R_MISSING_EOC 137 -# define ASN1_R_MISSING_SECOND_NUMBER 138 -# define ASN1_R_MISSING_VALUE 189 -# define ASN1_R_MSTRING_NOT_UNIVERSAL 139 -# define ASN1_R_MSTRING_WRONG_TAG 140 -# define ASN1_R_NESTED_ASN1_STRING 197 -# define ASN1_R_NESTED_TOO_DEEP 201 -# define ASN1_R_NON_HEX_CHARACTERS 141 -# define ASN1_R_NOT_ASCII_FORMAT 190 -# define ASN1_R_NOT_ENOUGH_DATA 142 -# define ASN1_R_NO_CONTENT_TYPE 209 -# define ASN1_R_NO_MATCHING_CHOICE_TYPE 143 -# define ASN1_R_NO_MULTIPART_BODY_FAILURE 210 -# define ASN1_R_NO_MULTIPART_BOUNDARY 211 -# define ASN1_R_NO_SIG_CONTENT_TYPE 212 -# define ASN1_R_NULL_IS_WRONG_LENGTH 144 -# define ASN1_R_OBJECT_NOT_ASCII_FORMAT 191 -# define ASN1_R_ODD_NUMBER_OF_CHARS 145 -# define ASN1_R_SECOND_NUMBER_TOO_LARGE 147 -# define ASN1_R_SEQUENCE_LENGTH_MISMATCH 148 -# define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 149 -# define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 192 -# define ASN1_R_SHORT_LINE 150 -# define ASN1_R_SIG_INVALID_MIME_TYPE 213 -# define ASN1_R_STREAMING_NOT_SUPPORTED 202 -# define ASN1_R_STRING_TOO_LONG 151 -# define ASN1_R_STRING_TOO_SHORT 152 -# define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154 -# define ASN1_R_TIME_NOT_ASCII_FORMAT 193 -# define ASN1_R_TOO_LARGE 223 -# define ASN1_R_TOO_LONG 155 -# define ASN1_R_TOO_SMALL 224 -# define ASN1_R_TYPE_NOT_CONSTRUCTED 156 -# define ASN1_R_TYPE_NOT_PRIMITIVE 195 -# define ASN1_R_UNEXPECTED_EOC 159 -# define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 215 -# define ASN1_R_UNKNOWN_FORMAT 160 -# define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 -# define ASN1_R_UNKNOWN_OBJECT_TYPE 162 -# define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 163 -# define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM 199 -# define ASN1_R_UNKNOWN_TAG 194 -# define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 164 -# define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167 -# define ASN1_R_UNSUPPORTED_TYPE 196 -# define ASN1_R_WRONG_INTEGER_TYPE 225 -# define ASN1_R_WRONG_PUBLIC_KEY_TYPE 200 -# define ASN1_R_WRONG_TAG 168 +const ASN1_ITEM *ASN1_ITEM_lookup(const char *name); +const ASN1_ITEM *ASN1_ITEM_get(size_t i); # ifdef __cplusplus } diff --git a/deps/openssl/openssl/include/openssl/asn1err.h b/deps/openssl/openssl/include/openssl/asn1err.h new file mode 100644 index 00000000000000..5a91126db954d0 --- /dev/null +++ b/deps/openssl/openssl/include/openssl/asn1err.h @@ -0,0 +1,252 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ASN1ERR_H +# define HEADER_ASN1ERR_H + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_ASN1_strings(void); + +/* + * ASN1 function codes. + */ +# define ASN1_F_A2D_ASN1_OBJECT 100 +# define ASN1_F_A2I_ASN1_INTEGER 102 +# define ASN1_F_A2I_ASN1_STRING 103 +# define ASN1_F_APPEND_EXP 176 +# define ASN1_F_ASN1_BIO_INIT 113 +# define ASN1_F_ASN1_BIT_STRING_SET_BIT 183 +# define ASN1_F_ASN1_CB 177 +# define ASN1_F_ASN1_CHECK_TLEN 104 +# define ASN1_F_ASN1_COLLECT 106 +# define ASN1_F_ASN1_D2I_EX_PRIMITIVE 108 +# define ASN1_F_ASN1_D2I_FP 109 +# define ASN1_F_ASN1_D2I_READ_BIO 107 +# define ASN1_F_ASN1_DIGEST 184 +# define ASN1_F_ASN1_DO_ADB 110 +# define ASN1_F_ASN1_DO_LOCK 233 +# define ASN1_F_ASN1_DUP 111 +# define ASN1_F_ASN1_ENC_SAVE 115 +# define ASN1_F_ASN1_EX_C2I 204 +# define ASN1_F_ASN1_FIND_END 190 +# define ASN1_F_ASN1_GENERALIZEDTIME_ADJ 216 +# define ASN1_F_ASN1_GENERATE_V3 178 +# define ASN1_F_ASN1_GET_INT64 224 +# define ASN1_F_ASN1_GET_OBJECT 114 +# define ASN1_F_ASN1_GET_UINT64 225 +# define ASN1_F_ASN1_I2D_BIO 116 +# define ASN1_F_ASN1_I2D_FP 117 +# define ASN1_F_ASN1_ITEM_D2I_FP 206 +# define ASN1_F_ASN1_ITEM_DUP 191 +# define ASN1_F_ASN1_ITEM_EMBED_D2I 120 +# define ASN1_F_ASN1_ITEM_EMBED_NEW 121 +# define ASN1_F_ASN1_ITEM_FLAGS_I2D 118 +# define ASN1_F_ASN1_ITEM_I2D_BIO 192 +# define ASN1_F_ASN1_ITEM_I2D_FP 193 +# define ASN1_F_ASN1_ITEM_PACK 198 +# define ASN1_F_ASN1_ITEM_SIGN 195 +# define ASN1_F_ASN1_ITEM_SIGN_CTX 220 +# define ASN1_F_ASN1_ITEM_UNPACK 199 +# define ASN1_F_ASN1_ITEM_VERIFY 197 +# define ASN1_F_ASN1_MBSTRING_NCOPY 122 +# define ASN1_F_ASN1_OBJECT_NEW 123 +# define ASN1_F_ASN1_OUTPUT_DATA 214 +# define ASN1_F_ASN1_PCTX_NEW 205 +# define ASN1_F_ASN1_PRIMITIVE_NEW 119 +# define ASN1_F_ASN1_SCTX_NEW 221 +# define ASN1_F_ASN1_SIGN 128 +# define ASN1_F_ASN1_STR2TYPE 179 +# define ASN1_F_ASN1_STRING_GET_INT64 227 +# define ASN1_F_ASN1_STRING_GET_UINT64 230 +# define ASN1_F_ASN1_STRING_SET 186 +# define ASN1_F_ASN1_STRING_TABLE_ADD 129 +# define ASN1_F_ASN1_STRING_TO_BN 228 +# define ASN1_F_ASN1_STRING_TYPE_NEW 130 +# define ASN1_F_ASN1_TEMPLATE_EX_D2I 132 +# define ASN1_F_ASN1_TEMPLATE_NEW 133 +# define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I 131 +# define ASN1_F_ASN1_TIME_ADJ 217 +# define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134 +# define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135 +# define ASN1_F_ASN1_UTCTIME_ADJ 218 +# define ASN1_F_ASN1_VERIFY 137 +# define ASN1_F_B64_READ_ASN1 209 +# define ASN1_F_B64_WRITE_ASN1 210 +# define ASN1_F_BIO_NEW_NDEF 208 +# define ASN1_F_BITSTR_CB 180 +# define ASN1_F_BN_TO_ASN1_STRING 229 +# define ASN1_F_C2I_ASN1_BIT_STRING 189 +# define ASN1_F_C2I_ASN1_INTEGER 194 +# define ASN1_F_C2I_ASN1_OBJECT 196 +# define ASN1_F_C2I_IBUF 226 +# define ASN1_F_C2I_UINT64_INT 101 +# define ASN1_F_COLLECT_DATA 140 +# define ASN1_F_D2I_ASN1_OBJECT 147 +# define ASN1_F_D2I_ASN1_UINTEGER 150 +# define ASN1_F_D2I_AUTOPRIVATEKEY 207 +# define ASN1_F_D2I_PRIVATEKEY 154 +# define ASN1_F_D2I_PUBLICKEY 155 +# define ASN1_F_DO_BUF 142 +# define ASN1_F_DO_CREATE 124 +# define ASN1_F_DO_DUMP 125 +# define ASN1_F_DO_TCREATE 222 +# define ASN1_F_I2A_ASN1_OBJECT 126 +# define ASN1_F_I2D_ASN1_BIO_STREAM 211 +# define ASN1_F_I2D_ASN1_OBJECT 143 +# define ASN1_F_I2D_DSA_PUBKEY 161 +# define ASN1_F_I2D_EC_PUBKEY 181 +# define ASN1_F_I2D_PRIVATEKEY 163 +# define ASN1_F_I2D_PUBLICKEY 164 +# define ASN1_F_I2D_RSA_PUBKEY 165 +# define ASN1_F_LONG_C2I 166 +# define ASN1_F_NDEF_PREFIX 127 +# define ASN1_F_NDEF_SUFFIX 136 +# define ASN1_F_OID_MODULE_INIT 174 +# define ASN1_F_PARSE_TAGGING 182 +# define ASN1_F_PKCS5_PBE2_SET_IV 167 +# define ASN1_F_PKCS5_PBE2_SET_SCRYPT 231 +# define ASN1_F_PKCS5_PBE_SET 202 +# define ASN1_F_PKCS5_PBE_SET0_ALGOR 215 +# define ASN1_F_PKCS5_PBKDF2_SET 219 +# define ASN1_F_PKCS5_SCRYPT_SET 232 +# define ASN1_F_SMIME_READ_ASN1 212 +# define ASN1_F_SMIME_TEXT 213 +# define ASN1_F_STABLE_GET 138 +# define ASN1_F_STBL_MODULE_INIT 223 +# define ASN1_F_UINT32_C2I 105 +# define ASN1_F_UINT32_NEW 139 +# define ASN1_F_UINT64_C2I 112 +# define ASN1_F_UINT64_NEW 141 +# define ASN1_F_X509_CRL_ADD0_REVOKED 169 +# define ASN1_F_X509_INFO_NEW 170 +# define ASN1_F_X509_NAME_ENCODE 203 +# define ASN1_F_X509_NAME_EX_D2I 158 +# define ASN1_F_X509_NAME_EX_NEW 171 +# define ASN1_F_X509_PKEY_NEW 173 + +/* + * ASN1 reason codes. + */ +# define ASN1_R_ADDING_OBJECT 171 +# define ASN1_R_ASN1_PARSE_ERROR 203 +# define ASN1_R_ASN1_SIG_PARSE_ERROR 204 +# define ASN1_R_AUX_ERROR 100 +# define ASN1_R_BAD_OBJECT_HEADER 102 +# define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214 +# define ASN1_R_BN_LIB 105 +# define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 +# define ASN1_R_BUFFER_TOO_SMALL 107 +# define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 108 +# define ASN1_R_CONTEXT_NOT_INITIALISED 217 +# define ASN1_R_DATA_IS_WRONG 109 +# define ASN1_R_DECODE_ERROR 110 +# define ASN1_R_DEPTH_EXCEEDED 174 +# define ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED 198 +# define ASN1_R_ENCODE_ERROR 112 +# define ASN1_R_ERROR_GETTING_TIME 173 +# define ASN1_R_ERROR_LOADING_SECTION 172 +# define ASN1_R_ERROR_SETTING_CIPHER_PARAMS 114 +# define ASN1_R_EXPECTING_AN_INTEGER 115 +# define ASN1_R_EXPECTING_AN_OBJECT 116 +# define ASN1_R_EXPLICIT_LENGTH_MISMATCH 119 +# define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED 120 +# define ASN1_R_FIELD_MISSING 121 +# define ASN1_R_FIRST_NUM_TOO_LARGE 122 +# define ASN1_R_HEADER_TOO_LONG 123 +# define ASN1_R_ILLEGAL_BITSTRING_FORMAT 175 +# define ASN1_R_ILLEGAL_BOOLEAN 176 +# define ASN1_R_ILLEGAL_CHARACTERS 124 +# define ASN1_R_ILLEGAL_FORMAT 177 +# define ASN1_R_ILLEGAL_HEX 178 +# define ASN1_R_ILLEGAL_IMPLICIT_TAG 179 +# define ASN1_R_ILLEGAL_INTEGER 180 +# define ASN1_R_ILLEGAL_NEGATIVE_VALUE 226 +# define ASN1_R_ILLEGAL_NESTED_TAGGING 181 +# define ASN1_R_ILLEGAL_NULL 125 +# define ASN1_R_ILLEGAL_NULL_VALUE 182 +# define ASN1_R_ILLEGAL_OBJECT 183 +# define ASN1_R_ILLEGAL_OPTIONAL_ANY 126 +# define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 170 +# define ASN1_R_ILLEGAL_PADDING 221 +# define ASN1_R_ILLEGAL_TAGGED_ANY 127 +# define ASN1_R_ILLEGAL_TIME_VALUE 184 +# define ASN1_R_ILLEGAL_ZERO_CONTENT 222 +# define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185 +# define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128 +# define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 220 +# define ASN1_R_INVALID_BMPSTRING_LENGTH 129 +# define ASN1_R_INVALID_DIGIT 130 +# define ASN1_R_INVALID_MIME_TYPE 205 +# define ASN1_R_INVALID_MODIFIER 186 +# define ASN1_R_INVALID_NUMBER 187 +# define ASN1_R_INVALID_OBJECT_ENCODING 216 +# define ASN1_R_INVALID_SCRYPT_PARAMETERS 227 +# define ASN1_R_INVALID_SEPARATOR 131 +# define ASN1_R_INVALID_STRING_TABLE_VALUE 218 +# define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133 +# define ASN1_R_INVALID_UTF8STRING 134 +# define ASN1_R_INVALID_VALUE 219 +# define ASN1_R_LIST_ERROR 188 +# define ASN1_R_MIME_NO_CONTENT_TYPE 206 +# define ASN1_R_MIME_PARSE_ERROR 207 +# define ASN1_R_MIME_SIG_PARSE_ERROR 208 +# define ASN1_R_MISSING_EOC 137 +# define ASN1_R_MISSING_SECOND_NUMBER 138 +# define ASN1_R_MISSING_VALUE 189 +# define ASN1_R_MSTRING_NOT_UNIVERSAL 139 +# define ASN1_R_MSTRING_WRONG_TAG 140 +# define ASN1_R_NESTED_ASN1_STRING 197 +# define ASN1_R_NESTED_TOO_DEEP 201 +# define ASN1_R_NON_HEX_CHARACTERS 141 +# define ASN1_R_NOT_ASCII_FORMAT 190 +# define ASN1_R_NOT_ENOUGH_DATA 142 +# define ASN1_R_NO_CONTENT_TYPE 209 +# define ASN1_R_NO_MATCHING_CHOICE_TYPE 143 +# define ASN1_R_NO_MULTIPART_BODY_FAILURE 210 +# define ASN1_R_NO_MULTIPART_BOUNDARY 211 +# define ASN1_R_NO_SIG_CONTENT_TYPE 212 +# define ASN1_R_NULL_IS_WRONG_LENGTH 144 +# define ASN1_R_OBJECT_NOT_ASCII_FORMAT 191 +# define ASN1_R_ODD_NUMBER_OF_CHARS 145 +# define ASN1_R_SECOND_NUMBER_TOO_LARGE 147 +# define ASN1_R_SEQUENCE_LENGTH_MISMATCH 148 +# define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 149 +# define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 192 +# define ASN1_R_SHORT_LINE 150 +# define ASN1_R_SIG_INVALID_MIME_TYPE 213 +# define ASN1_R_STREAMING_NOT_SUPPORTED 202 +# define ASN1_R_STRING_TOO_LONG 151 +# define ASN1_R_STRING_TOO_SHORT 152 +# define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154 +# define ASN1_R_TIME_NOT_ASCII_FORMAT 193 +# define ASN1_R_TOO_LARGE 223 +# define ASN1_R_TOO_LONG 155 +# define ASN1_R_TOO_SMALL 224 +# define ASN1_R_TYPE_NOT_CONSTRUCTED 156 +# define ASN1_R_TYPE_NOT_PRIMITIVE 195 +# define ASN1_R_UNEXPECTED_EOC 159 +# define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 215 +# define ASN1_R_UNKNOWN_FORMAT 160 +# define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 +# define ASN1_R_UNKNOWN_OBJECT_TYPE 162 +# define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 163 +# define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM 199 +# define ASN1_R_UNKNOWN_TAG 194 +# define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 164 +# define ASN1_R_UNSUPPORTED_CIPHER 228 +# define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167 +# define ASN1_R_UNSUPPORTED_TYPE 196 +# define ASN1_R_WRONG_INTEGER_TYPE 225 +# define ASN1_R_WRONG_PUBLIC_KEY_TYPE 200 +# define ASN1_R_WRONG_TAG 168 + +#endif diff --git a/deps/openssl/openssl/include/openssl/asn1t.h b/deps/openssl/openssl/include/openssl/asn1t.h index a5248293bedc4e..a450ba0d9dea5d 100644 --- a/deps/openssl/openssl/include/openssl/asn1t.h +++ b/deps/openssl/openssl/include/openssl/asn1t.h @@ -33,7 +33,7 @@ extern "C" { /* Macros for start and end of ASN1_ITEM definition */ # define ASN1_ITEM_start(itname) \ - OPENSSL_GLOBAL const ASN1_ITEM itname##_it = { + const ASN1_ITEM itname##_it = { # define static_ASN1_ITEM_start(itname) \ static const ASN1_ITEM itname##_it = { @@ -44,7 +44,7 @@ extern "C" { # else /* Macro to obtain ASN1_ADB pointer from a type (only used internally) */ -# define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr())) +# define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)((iptr)())) /* Macros for start and end of ASN1_ITEM definition */ @@ -130,7 +130,7 @@ extern "C" { sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ NULL,\ sizeof(stname),\ - #stname \ + #tname \ ASN1_ITEM_end(tname) # define static_ASN1_SEQUENCE_END_name(stname, tname) \ @@ -208,7 +208,7 @@ extern "C" { sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ &tname##_aux,\ sizeof(stname),\ - #stname \ + #tname \ ASN1_ITEM_end(tname) # define static_ASN1_SEQUENCE_END_ref(stname, tname) \ ;\ @@ -325,10 +325,10 @@ extern "C" { /* implicit and explicit helper macros */ # define ASN1_IMP_EX(stname, field, type, tag, ex) \ - ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | ex, tag, stname, field, type) + ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | (ex), tag, stname, field, type) # define ASN1_EXP_EX(stname, field, type, tag, ex) \ - ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | ex, tag, stname, field, type) + ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | (ex), tag, stname, field, type) /* Any defined by macros: the field used is in the table itself */ @@ -531,10 +531,10 @@ struct ASN1_ADB_TABLE_st { # define ASN1_TFLG_TAG_MASK (0x3 << 3) /* context specific IMPLICIT */ -# define ASN1_TFLG_IMPLICIT ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT +# define ASN1_TFLG_IMPLICIT (ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT) /* context specific EXPLICIT */ -# define ASN1_TFLG_EXPLICIT ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT +# define ASN1_TFLG_EXPLICIT (ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT) /* * If tagging is in force these determine the type of tag to use. Otherwise @@ -906,8 +906,24 @@ DECLARE_ASN1_ITEM(ASN1_FBOOLEAN) DECLARE_ASN1_ITEM(ASN1_SEQUENCE) DECLARE_ASN1_ITEM(CBIGNUM) DECLARE_ASN1_ITEM(BIGNUM) +DECLARE_ASN1_ITEM(INT32) +DECLARE_ASN1_ITEM(ZINT32) +DECLARE_ASN1_ITEM(UINT32) +DECLARE_ASN1_ITEM(ZUINT32) +DECLARE_ASN1_ITEM(INT64) +DECLARE_ASN1_ITEM(ZINT64) +DECLARE_ASN1_ITEM(UINT64) +DECLARE_ASN1_ITEM(ZUINT64) + +# if OPENSSL_API_COMPAT < 0x10200000L +/* + * LONG and ZLONG are strongly discouraged for use as stored data, as the + * underlying C type (long) differs in size depending on the architecture. + * They are designed with 32-bit longs in mind. + */ DECLARE_ASN1_ITEM(LONG) DECLARE_ASN1_ITEM(ZLONG) +# endif DEFINE_STACK_OF(ASN1_VALUE) diff --git a/deps/openssl/openssl/include/openssl/async.h b/deps/openssl/openssl/include/openssl/async.h index 5b2e496dbde8d9..7052b89052af26 100644 --- a/deps/openssl/openssl/include/openssl/async.h +++ b/deps/openssl/openssl/include/openssl/async.h @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -22,6 +22,7 @@ #define OSSL_ASYNC_FD int #define OSSL_BAD_ASYNC_FD -1 #endif +# include # ifdef __cplusplus @@ -68,29 +69,6 @@ ASYNC_WAIT_CTX *ASYNC_get_wait_ctx(ASYNC_JOB *job); void ASYNC_block_pause(void); void ASYNC_unblock_pause(void); -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - -int ERR_load_ASYNC_strings(void); - -/* Error codes for the ASYNC functions. */ - -/* Function codes. */ -# define ASYNC_F_ASYNC_CTX_NEW 100 -# define ASYNC_F_ASYNC_INIT_THREAD 101 -# define ASYNC_F_ASYNC_JOB_NEW 102 -# define ASYNC_F_ASYNC_PAUSE_JOB 103 -# define ASYNC_F_ASYNC_START_FUNC 104 -# define ASYNC_F_ASYNC_START_JOB 105 - -/* Reason codes. */ -# define ASYNC_R_FAILED_TO_SET_POOL 101 -# define ASYNC_R_FAILED_TO_SWAP_CONTEXT 102 -# define ASYNC_R_INIT_FAILED 105 -# define ASYNC_R_INVALID_POOL_SIZE 103 # ifdef __cplusplus } diff --git a/deps/openssl/openssl/include/openssl/asyncerr.h b/deps/openssl/openssl/include/openssl/asyncerr.h new file mode 100644 index 00000000000000..5497ba75279ee5 --- /dev/null +++ b/deps/openssl/openssl/include/openssl/asyncerr.h @@ -0,0 +1,38 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ASYNCERR_H +# define HEADER_ASYNCERR_H + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_ASYNC_strings(void); + +/* + * ASYNC function codes. + */ +# define ASYNC_F_ASYNC_CTX_NEW 100 +# define ASYNC_F_ASYNC_INIT_THREAD 101 +# define ASYNC_F_ASYNC_JOB_NEW 102 +# define ASYNC_F_ASYNC_PAUSE_JOB 103 +# define ASYNC_F_ASYNC_START_FUNC 104 +# define ASYNC_F_ASYNC_START_JOB 105 +# define ASYNC_F_ASYNC_WAIT_CTX_SET_WAIT_FD 106 + +/* + * ASYNC reason codes. + */ +# define ASYNC_R_FAILED_TO_SET_POOL 101 +# define ASYNC_R_FAILED_TO_SWAP_CONTEXT 102 +# define ASYNC_R_INIT_FAILED 105 +# define ASYNC_R_INVALID_POOL_SIZE 103 + +#endif diff --git a/deps/openssl/openssl/include/openssl/bio.h b/deps/openssl/openssl/include/openssl/bio.h index 3a72862561fafc..2888b42da84dfc 100644 --- a/deps/openssl/openssl/include/openssl/bio.h +++ b/deps/openssl/openssl/include/openssl/bio.h @@ -18,6 +18,7 @@ # include # include +# include # ifndef OPENSSL_NO_SCTP # include @@ -87,6 +88,7 @@ extern "C" { # define BIO_CTRL_SET_CALLBACK 14/* opt - set callback function */ # define BIO_CTRL_GET_CALLBACK 15/* opt - set callback function */ +# define BIO_CTRL_PEEK 29/* BIO_f_buffer special */ # define BIO_CTRL_SET_FILENAME 30/* BIO_s_file special */ /* dgram BIO stuff */ @@ -236,8 +238,15 @@ void BIO_clear_flags(BIO *b, int flags); typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi, long argl, long ret); +typedef long (*BIO_callback_fn_ex)(BIO *b, int oper, const char *argp, + size_t len, int argi, + long argl, int ret, size_t *processed); BIO_callback_fn BIO_get_callback(const BIO *b); void BIO_set_callback(BIO *b, BIO_callback_fn callback); + +BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b); +void BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex callback); + char *BIO_get_callback_arg(const BIO *b); void BIO_set_callback_arg(BIO *b, char *arg); @@ -359,9 +368,12 @@ struct bio_dgram_sctp_prinfo { # define BIO_FAMILY_IPANY 256 /* BIO_s_connect() */ -# define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name) -# define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port) -# define BIO_set_conn_address(b,addr) BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)addr) +# define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0, \ + (char *)(name)) +# define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1, \ + (char *)(port)) +# define BIO_set_conn_address(b,addr) BIO_ctrl(b,BIO_C_SET_CONNECT,2, \ + (char *)(addr)) # define BIO_set_conn_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,f) # define BIO_get_conn_hostname(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)) # define BIO_get_conn_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)) @@ -370,15 +382,18 @@ struct bio_dgram_sctp_prinfo { # define BIO_set_conn_mode(b,n) BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL) /* BIO_s_accept() */ -# define BIO_set_accept_name(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name) -# define BIO_set_accept_port(b,port) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(char *)port) +# define BIO_set_accept_name(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \ + (char *)(name)) +# define BIO_set_accept_port(b,port) BIO_ctrl(b,BIO_C_SET_ACCEPT,1, \ + (char *)(port)) # define BIO_get_accept_name(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)) # define BIO_get_accept_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,1)) # define BIO_get_peer_name(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,2)) # define BIO_get_peer_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,3)) /* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */ # define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(n)?(void *)"a":NULL) -# define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,3,(char *)bio) +# define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,3, \ + (char *)(bio)) # define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f) # define BIO_get_accept_ip_family(b) BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL) @@ -398,11 +413,11 @@ struct bio_dgram_sctp_prinfo { /* BIO_s_datagram(), BIO_s_fd(), BIO_s_socket(), BIO_s_accept() and BIO_s_connect() */ # define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd) -# define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c) +# define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)(c)) /* BIO_s_file() */ -# define BIO_set_fp(b,fp,c) BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp) -# define BIO_get_fp(b,fpp) BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp) +# define BIO_set_fp(b,fp,c) BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)(fp)) +# define BIO_get_fp(b,fpp) BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)(fpp)) /* BIO_s_fd() and BIO_s_file() */ # define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL) @@ -420,7 +435,7 @@ struct bio_dgram_sctp_prinfo { int BIO_read_filename(BIO *b, const char *name); # else # define BIO_read_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ - BIO_CLOSE|BIO_FP_READ,(char *)name) + BIO_CLOSE|BIO_FP_READ,(char *)(name)) # endif # define BIO_write_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ BIO_CLOSE|BIO_FP_WRITE,name) @@ -435,8 +450,8 @@ int BIO_read_filename(BIO *b, const char *name); * next_bio field in the bio. So when you free the BIO, make sure you are * doing a BIO_free_all() to catch the underlying BIO. */ -# define BIO_set_ssl(b,ssl,c) BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl) -# define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp) +# define BIO_set_ssl(b,ssl,c) BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)(ssl)) +# define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)(sslp)) # define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL) # define BIO_set_ssl_renegotiate_bytes(b,num) \ BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL) @@ -446,11 +461,12 @@ int BIO_read_filename(BIO *b, const char *name); BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL) /* defined in evp.h */ -/* #define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,1,(char *)md) */ +/* #define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,1,(char *)(md)) */ -# define BIO_get_mem_data(b,pp) BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)pp) -# define BIO_set_mem_buf(b,bm,c) BIO_ctrl(b,BIO_C_SET_BUF_MEM,c,(char *)bm) -# define BIO_get_mem_ptr(b,pp) BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0,(char *)pp) +# define BIO_get_mem_data(b,pp) BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)(pp)) +# define BIO_set_mem_buf(b,bm,c) BIO_ctrl(b,BIO_C_SET_BUF_MEM,c,(char *)(bm)) +# define BIO_get_mem_ptr(b,pp) BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0, \ + (char *)(pp)) # define BIO_set_mem_eof_return(b,v) \ BIO_ctrl(b,BIO_C_SET_BUF_MEM_EOF_RETURN,v,NULL) @@ -480,6 +496,7 @@ size_t BIO_ctrl_wpending(BIO *b); /* For the BIO_f_buffer() type */ # define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL) +# define BIO_buffer_peek(b,s,l) BIO_ctrl(b,BIO_CTRL_PEEK,(l),(s)) /* For BIO_s_bio() */ # define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL) @@ -496,17 +513,17 @@ int BIO_ctrl_reset_read_request(BIO *b); /* ctrl macros for dgram */ # define BIO_ctrl_dgram_connect(b,peer) \ - (int)BIO_ctrl(b,BIO_CTRL_DGRAM_CONNECT,0, (char *)peer) + (int)BIO_ctrl(b,BIO_CTRL_DGRAM_CONNECT,0, (char *)(peer)) # define BIO_ctrl_set_connected(b,peer) \ - (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, 0, (char *)peer) + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, 0, (char *)(peer)) # define BIO_dgram_recv_timedout(b) \ (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL) # define BIO_dgram_send_timedout(b) \ (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL) # define BIO_dgram_get_peer(b,peer) \ - (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)peer) + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer)) # define BIO_dgram_set_peer(b,peer) \ - (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)peer) + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer)) # define BIO_dgram_get_mtu_overhead(b) \ (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL) @@ -542,9 +559,11 @@ void BIO_set_shutdown(BIO *a, int shut); int BIO_get_shutdown(BIO *a); void BIO_vfree(BIO *a); int BIO_up_ref(BIO *a); -int BIO_read(BIO *b, void *data, int len); +int BIO_read(BIO *b, void *data, int dlen); +int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes); int BIO_gets(BIO *bp, char *buf, int size); -int BIO_write(BIO *b, const void *data, int len); +int BIO_write(BIO *b, const void *data, int dlen); +int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written); int BIO_puts(BIO *bp, const char *buf); int BIO_indent(BIO *b, int indent, int max); long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg); @@ -655,6 +674,9 @@ enum BIO_lookup_type { int BIO_lookup(const char *host, const char *service, enum BIO_lookup_type lookup_type, int family, int socktype, BIO_ADDRINFO **res); +int BIO_lookup_ex(const char *host, const char *service, + int lookup_type, int family, int socktype, int protocol, + BIO_ADDRINFO **res); int BIO_sock_error(int sock); int BIO_socket_ioctl(int fd, long type, void *arg); int BIO_socket_nbio(int fd, int mode); @@ -687,6 +709,7 @@ int BIO_sock_info(int sock, int BIO_socket(int domain, int socktype, int protocol, int options); int BIO_connect(int sock, const BIO_ADDR *addr, int options); +int BIO_bind(int sock, const BIO_ADDR *addr, int options); int BIO_listen(int sock, const BIO_ADDR *addr, int options); int BIO_accept_ex(int accept_sock, BIO_ADDR *addr, int options); int BIO_closesocket(int sock); @@ -712,30 +735,50 @@ void BIO_copy_next_retry(BIO *b); * long BIO_ghbn_ctrl(int cmd,int iarg,char *parg); */ -# ifdef __GNUC__ -# define __bio_h__attr__ __attribute__ -# else -# define __bio_h__attr__(x) +# define ossl_bio__attr__(x) +# if defined(__GNUC__) && defined(__STDC_VERSION__) \ + && !defined(__APPLE__) + /* + * Because we support the 'z' modifier, which made its appearance in C99, + * we can't use __attribute__ with pre C99 dialects. + */ +# if __STDC_VERSION__ >= 199901L +# undef ossl_bio__attr__ +# define ossl_bio__attr__ __attribute__ +# if __GNUC__*10 + __GNUC_MINOR__ >= 44 +# define ossl_bio__printf__ __gnu_printf__ +# else +# define ossl_bio__printf__ __printf__ +# endif +# endif # endif int BIO_printf(BIO *bio, const char *format, ...) -__bio_h__attr__((__format__(__printf__, 2, 3))); +ossl_bio__attr__((__format__(ossl_bio__printf__, 2, 3))); int BIO_vprintf(BIO *bio, const char *format, va_list args) -__bio_h__attr__((__format__(__printf__, 2, 0))); +ossl_bio__attr__((__format__(ossl_bio__printf__, 2, 0))); int BIO_snprintf(char *buf, size_t n, const char *format, ...) -__bio_h__attr__((__format__(__printf__, 3, 4))); +ossl_bio__attr__((__format__(ossl_bio__printf__, 3, 4))); int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) -__bio_h__attr__((__format__(__printf__, 3, 0))); -# undef __bio_h__attr__ +ossl_bio__attr__((__format__(ossl_bio__printf__, 3, 0))); +# undef ossl_bio__attr__ +# undef ossl_bio__printf__ BIO_METHOD *BIO_meth_new(int type, const char *name); void BIO_meth_free(BIO_METHOD *biom); int (*BIO_meth_get_write(const BIO_METHOD *biom)) (BIO *, const char *, int); +int (*BIO_meth_get_write_ex(const BIO_METHOD *biom)) (BIO *, const char *, size_t, + size_t *); int BIO_meth_set_write(BIO_METHOD *biom, int (*write) (BIO *, const char *, int)); +int BIO_meth_set_write_ex(BIO_METHOD *biom, + int (*bwrite) (BIO *, const char *, size_t, size_t *)); int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int); +int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *); int BIO_meth_set_read(BIO_METHOD *biom, int (*read) (BIO *, char *, int)); +int BIO_meth_set_read_ex(BIO_METHOD *biom, + int (*bread) (BIO *, char *, size_t, size_t *)); int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *); int BIO_meth_set_puts(BIO_METHOD *biom, int (*puts) (BIO *, const char *)); @@ -755,97 +798,6 @@ int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, long (*callback_ctrl) (BIO *, int, BIO_info_cb *)); -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - -int ERR_load_BIO_strings(void); - -/* Error codes for the BIO functions. */ - -/* Function codes. */ -# define BIO_F_ACPT_STATE 100 -# define BIO_F_ADDR_STRINGS 134 -# define BIO_F_BIO_ACCEPT 101 -# define BIO_F_BIO_ACCEPT_EX 137 -# define BIO_F_BIO_ADDR_NEW 144 -# define BIO_F_BIO_CALLBACK_CTRL 131 -# define BIO_F_BIO_CONNECT 138 -# define BIO_F_BIO_CTRL 103 -# define BIO_F_BIO_GETS 104 -# define BIO_F_BIO_GET_HOST_IP 106 -# define BIO_F_BIO_GET_NEW_INDEX 102 -# define BIO_F_BIO_GET_PORT 107 -# define BIO_F_BIO_LISTEN 139 -# define BIO_F_BIO_LOOKUP 135 -# define BIO_F_BIO_MAKE_PAIR 121 -# define BIO_F_BIO_METH_NEW 146 -# define BIO_F_BIO_NEW 108 -# define BIO_F_BIO_NEW_FILE 109 -# define BIO_F_BIO_NEW_MEM_BUF 126 -# define BIO_F_BIO_NREAD 123 -# define BIO_F_BIO_NREAD0 124 -# define BIO_F_BIO_NWRITE 125 -# define BIO_F_BIO_NWRITE0 122 -# define BIO_F_BIO_PARSE_HOSTSERV 136 -# define BIO_F_BIO_PUTS 110 -# define BIO_F_BIO_READ 111 -# define BIO_F_BIO_SOCKET 140 -# define BIO_F_BIO_SOCKET_NBIO 142 -# define BIO_F_BIO_SOCK_INFO 141 -# define BIO_F_BIO_SOCK_INIT 112 -# define BIO_F_BIO_WRITE 113 -# define BIO_F_BUFFER_CTRL 114 -# define BIO_F_CONN_CTRL 127 -# define BIO_F_CONN_STATE 115 -# define BIO_F_DGRAM_SCTP_READ 132 -# define BIO_F_DGRAM_SCTP_WRITE 133 -# define BIO_F_FILE_CTRL 116 -# define BIO_F_FILE_READ 130 -# define BIO_F_LINEBUFFER_CTRL 129 -# define BIO_F_MEM_WRITE 117 -# define BIO_F_SSL_NEW 118 - -/* Reason codes. */ -# define BIO_R_ACCEPT_ERROR 100 -# define BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET 141 -# define BIO_R_AMBIGUOUS_HOST_OR_SERVICE 129 -# define BIO_R_BAD_FOPEN_MODE 101 -# define BIO_R_BROKEN_PIPE 124 -# define BIO_R_CONNECT_ERROR 103 -# define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET 107 -# define BIO_R_GETSOCKNAME_ERROR 132 -# define BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS 133 -# define BIO_R_GETTING_SOCKTYPE 134 -# define BIO_R_INVALID_ARGUMENT 125 -# define BIO_R_INVALID_SOCKET 135 -# define BIO_R_IN_USE 123 -# define BIO_R_LISTEN_V6_ONLY 136 -# define BIO_R_LOOKUP_RETURNED_NOTHING 142 -# define BIO_R_MALFORMED_HOST_OR_SERVICE 130 -# define BIO_R_NBIO_CONNECT_ERROR 110 -# define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED 143 -# define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED 144 -# define BIO_R_NO_PORT_DEFINED 113 -# define BIO_R_NO_SUCH_FILE 128 -# define BIO_R_NULL_PARAMETER 115 -# define BIO_R_UNABLE_TO_BIND_SOCKET 117 -# define BIO_R_UNABLE_TO_CREATE_SOCKET 118 -# define BIO_R_UNABLE_TO_KEEPALIVE 137 -# define BIO_R_UNABLE_TO_LISTEN_SOCKET 119 -# define BIO_R_UNABLE_TO_NODELAY 138 -# define BIO_R_UNABLE_TO_REUSEADDR 139 -# define BIO_R_UNAVAILABLE_IP_FAMILY 145 -# define BIO_R_UNINITIALIZED 120 -# define BIO_R_UNKNOWN_INFO_TYPE 140 -# define BIO_R_UNSUPPORTED_IP_FAMILY 146 -# define BIO_R_UNSUPPORTED_METHOD 121 -# define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY 131 -# define BIO_R_WRITE_TO_READ_ONLY_BIO 126 -# define BIO_R_WSASTARTUP 122 - # ifdef __cplusplus } # endif diff --git a/deps/openssl/openssl/include/openssl/bioerr.h b/deps/openssl/openssl/include/openssl/bioerr.h new file mode 100644 index 00000000000000..f119a59c36ccb1 --- /dev/null +++ b/deps/openssl/openssl/include/openssl/bioerr.h @@ -0,0 +1,120 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_BIOERR_H +# define HEADER_BIOERR_H + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_BIO_strings(void); + +/* + * BIO function codes. + */ +# define BIO_F_ACPT_STATE 100 +# define BIO_F_ADDRINFO_WRAP 148 +# define BIO_F_ADDR_STRINGS 134 +# define BIO_F_BIO_ACCEPT 101 +# define BIO_F_BIO_ACCEPT_EX 137 +# define BIO_F_BIO_ACCEPT_NEW 152 +# define BIO_F_BIO_ADDR_NEW 144 +# define BIO_F_BIO_BIND 147 +# define BIO_F_BIO_CALLBACK_CTRL 131 +# define BIO_F_BIO_CONNECT 138 +# define BIO_F_BIO_CONNECT_NEW 153 +# define BIO_F_BIO_CTRL 103 +# define BIO_F_BIO_GETS 104 +# define BIO_F_BIO_GET_HOST_IP 106 +# define BIO_F_BIO_GET_NEW_INDEX 102 +# define BIO_F_BIO_GET_PORT 107 +# define BIO_F_BIO_LISTEN 139 +# define BIO_F_BIO_LOOKUP 135 +# define BIO_F_BIO_LOOKUP_EX 143 +# define BIO_F_BIO_MAKE_PAIR 121 +# define BIO_F_BIO_METH_NEW 146 +# define BIO_F_BIO_NEW 108 +# define BIO_F_BIO_NEW_DGRAM_SCTP 145 +# define BIO_F_BIO_NEW_FILE 109 +# define BIO_F_BIO_NEW_MEM_BUF 126 +# define BIO_F_BIO_NREAD 123 +# define BIO_F_BIO_NREAD0 124 +# define BIO_F_BIO_NWRITE 125 +# define BIO_F_BIO_NWRITE0 122 +# define BIO_F_BIO_PARSE_HOSTSERV 136 +# define BIO_F_BIO_PUTS 110 +# define BIO_F_BIO_READ 111 +# define BIO_F_BIO_READ_EX 105 +# define BIO_F_BIO_READ_INTERN 120 +# define BIO_F_BIO_SOCKET 140 +# define BIO_F_BIO_SOCKET_NBIO 142 +# define BIO_F_BIO_SOCK_INFO 141 +# define BIO_F_BIO_SOCK_INIT 112 +# define BIO_F_BIO_WRITE 113 +# define BIO_F_BIO_WRITE_EX 119 +# define BIO_F_BIO_WRITE_INTERN 128 +# define BIO_F_BUFFER_CTRL 114 +# define BIO_F_CONN_CTRL 127 +# define BIO_F_CONN_STATE 115 +# define BIO_F_DGRAM_SCTP_NEW 149 +# define BIO_F_DGRAM_SCTP_READ 132 +# define BIO_F_DGRAM_SCTP_WRITE 133 +# define BIO_F_DOAPR_OUTCH 150 +# define BIO_F_FILE_CTRL 116 +# define BIO_F_FILE_READ 130 +# define BIO_F_LINEBUFFER_CTRL 129 +# define BIO_F_LINEBUFFER_NEW 151 +# define BIO_F_MEM_WRITE 117 +# define BIO_F_NBIOF_NEW 154 +# define BIO_F_SLG_WRITE 155 +# define BIO_F_SSL_NEW 118 + +/* + * BIO reason codes. + */ +# define BIO_R_ACCEPT_ERROR 100 +# define BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET 141 +# define BIO_R_AMBIGUOUS_HOST_OR_SERVICE 129 +# define BIO_R_BAD_FOPEN_MODE 101 +# define BIO_R_BROKEN_PIPE 124 +# define BIO_R_CONNECT_ERROR 103 +# define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET 107 +# define BIO_R_GETSOCKNAME_ERROR 132 +# define BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS 133 +# define BIO_R_GETTING_SOCKTYPE 134 +# define BIO_R_INVALID_ARGUMENT 125 +# define BIO_R_INVALID_SOCKET 135 +# define BIO_R_IN_USE 123 +# define BIO_R_LENGTH_TOO_LONG 102 +# define BIO_R_LISTEN_V6_ONLY 136 +# define BIO_R_LOOKUP_RETURNED_NOTHING 142 +# define BIO_R_MALFORMED_HOST_OR_SERVICE 130 +# define BIO_R_NBIO_CONNECT_ERROR 110 +# define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED 143 +# define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED 144 +# define BIO_R_NO_PORT_DEFINED 113 +# define BIO_R_NO_SUCH_FILE 128 +# define BIO_R_NULL_PARAMETER 115 +# define BIO_R_UNABLE_TO_BIND_SOCKET 117 +# define BIO_R_UNABLE_TO_CREATE_SOCKET 118 +# define BIO_R_UNABLE_TO_KEEPALIVE 137 +# define BIO_R_UNABLE_TO_LISTEN_SOCKET 119 +# define BIO_R_UNABLE_TO_NODELAY 138 +# define BIO_R_UNABLE_TO_REUSEADDR 139 +# define BIO_R_UNAVAILABLE_IP_FAMILY 145 +# define BIO_R_UNINITIALIZED 120 +# define BIO_R_UNKNOWN_INFO_TYPE 140 +# define BIO_R_UNSUPPORTED_IP_FAMILY 146 +# define BIO_R_UNSUPPORTED_METHOD 121 +# define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY 131 +# define BIO_R_WRITE_TO_READ_ONLY_BIO 126 +# define BIO_R_WSASTARTUP 122 + +#endif diff --git a/deps/openssl/openssl/include/openssl/bn.h b/deps/openssl/openssl/include/openssl/bn.h index 301edd525062ca..8af05d00e59a90 100644 --- a/deps/openssl/openssl/include/openssl/bn.h +++ b/deps/openssl/openssl/include/openssl/bn.h @@ -1,5 +1,6 @@ /* * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,20 +8,6 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * - * Portions of the attached software ("Contribution") are developed by - * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. - * - * The Contribution is licensed pursuant to the Eric Young open source - * license provided above. - * - * The binary polynomial arithmetic software is originally written by - * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. - * - */ - #ifndef HEADER_BN_H # define HEADER_BN_H @@ -31,6 +18,7 @@ # include # include # include +# include #ifdef __cplusplus extern "C" { @@ -217,8 +205,10 @@ void BN_CTX_start(BN_CTX *ctx); BIGNUM *BN_CTX_get(BN_CTX *ctx); void BN_CTX_end(BN_CTX *ctx); int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); -int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); +int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom); int BN_rand_range(BIGNUM *rnd, const BIGNUM *range); +int BN_priv_rand_range(BIGNUM *rnd, const BIGNUM *range); +int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range); int BN_num_bits(const BIGNUM *a); int BN_num_bits_word(BN_ULONG l); @@ -542,83 +532,6 @@ BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn); int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom); -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - -int ERR_load_BN_strings(void); - -/* Error codes for the BN functions. */ - -/* Function codes. */ -# define BN_F_BNRAND 127 -# define BN_F_BN_BLINDING_CONVERT_EX 100 -# define BN_F_BN_BLINDING_CREATE_PARAM 128 -# define BN_F_BN_BLINDING_INVERT_EX 101 -# define BN_F_BN_BLINDING_NEW 102 -# define BN_F_BN_BLINDING_UPDATE 103 -# define BN_F_BN_BN2DEC 104 -# define BN_F_BN_BN2HEX 105 -# define BN_F_BN_COMPUTE_WNAF 142 -# define BN_F_BN_CTX_GET 116 -# define BN_F_BN_CTX_NEW 106 -# define BN_F_BN_CTX_START 129 -# define BN_F_BN_DIV 107 -# define BN_F_BN_DIV_RECP 130 -# define BN_F_BN_EXP 123 -# define BN_F_BN_EXPAND_INTERNAL 120 -# define BN_F_BN_GENCB_NEW 143 -# define BN_F_BN_GENERATE_DSA_NONCE 140 -# define BN_F_BN_GENERATE_PRIME_EX 141 -# define BN_F_BN_GF2M_MOD 131 -# define BN_F_BN_GF2M_MOD_EXP 132 -# define BN_F_BN_GF2M_MOD_MUL 133 -# define BN_F_BN_GF2M_MOD_SOLVE_QUAD 134 -# define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135 -# define BN_F_BN_GF2M_MOD_SQR 136 -# define BN_F_BN_GF2M_MOD_SQRT 137 -# define BN_F_BN_LSHIFT 145 -# define BN_F_BN_MOD_EXP2_MONT 118 -# define BN_F_BN_MOD_EXP_MONT 109 -# define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124 -# define BN_F_BN_MOD_EXP_MONT_WORD 117 -# define BN_F_BN_MOD_EXP_RECP 125 -# define BN_F_BN_MOD_EXP_SIMPLE 126 -# define BN_F_BN_MOD_INVERSE 110 -# define BN_F_BN_MOD_INVERSE_NO_BRANCH 139 -# define BN_F_BN_MOD_LSHIFT_QUICK 119 -# define BN_F_BN_MOD_SQRT 121 -# define BN_F_BN_MPI2BN 112 -# define BN_F_BN_NEW 113 -# define BN_F_BN_RAND 114 -# define BN_F_BN_RAND_RANGE 122 -# define BN_F_BN_RSHIFT 146 -# define BN_F_BN_SET_WORDS 144 -# define BN_F_BN_USUB 115 - -/* Reason codes. */ -# define BN_R_ARG2_LT_ARG3 100 -# define BN_R_BAD_RECIPROCAL 101 -# define BN_R_BIGNUM_TOO_LONG 114 -# define BN_R_BITS_TOO_SMALL 118 -# define BN_R_CALLED_WITH_EVEN_MODULUS 102 -# define BN_R_DIV_BY_ZERO 103 -# define BN_R_ENCODING_ERROR 104 -# define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105 -# define BN_R_INPUT_NOT_REDUCED 110 -# define BN_R_INVALID_LENGTH 106 -# define BN_R_INVALID_RANGE 115 -# define BN_R_INVALID_SHIFT 119 -# define BN_R_NOT_A_SQUARE 111 -# define BN_R_NOT_INITIALIZED 107 -# define BN_R_NO_INVERSE 108 -# define BN_R_NO_SOLUTION 116 -# define BN_R_PRIVATE_KEY_TOO_LARGE 117 -# define BN_R_P_IS_NOT_PRIME 112 -# define BN_R_TOO_MANY_ITERATIONS 113 -# define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 # ifdef __cplusplus } diff --git a/deps/openssl/openssl/include/openssl/bnerr.h b/deps/openssl/openssl/include/openssl/bnerr.h new file mode 100644 index 00000000000000..8a022cc0698deb --- /dev/null +++ b/deps/openssl/openssl/include/openssl/bnerr.h @@ -0,0 +1,96 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_BNERR_H +# define HEADER_BNERR_H + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_BN_strings(void); + +/* + * BN function codes. + */ +# define BN_F_BNRAND 127 +# define BN_F_BNRAND_RANGE 138 +# define BN_F_BN_BLINDING_CONVERT_EX 100 +# define BN_F_BN_BLINDING_CREATE_PARAM 128 +# define BN_F_BN_BLINDING_INVERT_EX 101 +# define BN_F_BN_BLINDING_NEW 102 +# define BN_F_BN_BLINDING_UPDATE 103 +# define BN_F_BN_BN2DEC 104 +# define BN_F_BN_BN2HEX 105 +# define BN_F_BN_COMPUTE_WNAF 142 +# define BN_F_BN_CTX_GET 116 +# define BN_F_BN_CTX_NEW 106 +# define BN_F_BN_CTX_START 129 +# define BN_F_BN_DIV 107 +# define BN_F_BN_DIV_RECP 130 +# define BN_F_BN_EXP 123 +# define BN_F_BN_EXPAND_INTERNAL 120 +# define BN_F_BN_GENCB_NEW 143 +# define BN_F_BN_GENERATE_DSA_NONCE 140 +# define BN_F_BN_GENERATE_PRIME_EX 141 +# define BN_F_BN_GF2M_MOD 131 +# define BN_F_BN_GF2M_MOD_EXP 132 +# define BN_F_BN_GF2M_MOD_MUL 133 +# define BN_F_BN_GF2M_MOD_SOLVE_QUAD 134 +# define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135 +# define BN_F_BN_GF2M_MOD_SQR 136 +# define BN_F_BN_GF2M_MOD_SQRT 137 +# define BN_F_BN_LSHIFT 145 +# define BN_F_BN_MOD_EXP2_MONT 118 +# define BN_F_BN_MOD_EXP_MONT 109 +# define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124 +# define BN_F_BN_MOD_EXP_MONT_WORD 117 +# define BN_F_BN_MOD_EXP_RECP 125 +# define BN_F_BN_MOD_EXP_SIMPLE 126 +# define BN_F_BN_MOD_INVERSE 110 +# define BN_F_BN_MOD_INVERSE_NO_BRANCH 139 +# define BN_F_BN_MOD_LSHIFT_QUICK 119 +# define BN_F_BN_MOD_SQRT 121 +# define BN_F_BN_MONT_CTX_NEW 149 +# define BN_F_BN_MPI2BN 112 +# define BN_F_BN_NEW 113 +# define BN_F_BN_POOL_GET 147 +# define BN_F_BN_RAND 114 +# define BN_F_BN_RAND_RANGE 122 +# define BN_F_BN_RECP_CTX_NEW 150 +# define BN_F_BN_RSHIFT 146 +# define BN_F_BN_SET_WORDS 144 +# define BN_F_BN_STACK_PUSH 148 +# define BN_F_BN_USUB 115 + +/* + * BN reason codes. + */ +# define BN_R_ARG2_LT_ARG3 100 +# define BN_R_BAD_RECIPROCAL 101 +# define BN_R_BIGNUM_TOO_LONG 114 +# define BN_R_BITS_TOO_SMALL 118 +# define BN_R_CALLED_WITH_EVEN_MODULUS 102 +# define BN_R_DIV_BY_ZERO 103 +# define BN_R_ENCODING_ERROR 104 +# define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105 +# define BN_R_INPUT_NOT_REDUCED 110 +# define BN_R_INVALID_LENGTH 106 +# define BN_R_INVALID_RANGE 115 +# define BN_R_INVALID_SHIFT 119 +# define BN_R_NOT_A_SQUARE 111 +# define BN_R_NOT_INITIALIZED 107 +# define BN_R_NO_INVERSE 108 +# define BN_R_NO_SOLUTION 116 +# define BN_R_PRIVATE_KEY_TOO_LARGE 117 +# define BN_R_P_IS_NOT_PRIME 112 +# define BN_R_TOO_MANY_ITERATIONS 113 +# define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 + +#endif diff --git a/deps/openssl/openssl/include/openssl/buffer.h b/deps/openssl/openssl/include/openssl/buffer.h index 35160b4f2643e9..d2765766b7cebb 100644 --- a/deps/openssl/openssl/include/openssl/buffer.h +++ b/deps/openssl/openssl/include/openssl/buffer.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,6 +14,7 @@ # ifndef HEADER_CRYPTO_H # include # endif +# include #ifdef __cplusplus @@ -50,22 +51,6 @@ size_t BUF_MEM_grow(BUF_MEM *str, size_t len); size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len); void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz); -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - -int ERR_load_BUF_strings(void); - -/* Error codes for the BUF functions. */ - -/* Function codes. */ -# define BUF_F_BUF_MEM_GROW 100 -# define BUF_F_BUF_MEM_GROW_CLEAN 105 -# define BUF_F_BUF_MEM_NEW 101 - -/* Reason codes. */ # ifdef __cplusplus } diff --git a/deps/openssl/openssl/include/openssl/buffererr.h b/deps/openssl/openssl/include/openssl/buffererr.h new file mode 100644 index 00000000000000..3aee1323238363 --- /dev/null +++ b/deps/openssl/openssl/include/openssl/buffererr.h @@ -0,0 +1,30 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_BUFERR_H +# define HEADER_BUFERR_H + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_BUF_strings(void); + +/* + * BUF function codes. + */ +# define BUF_F_BUF_MEM_GROW 100 +# define BUF_F_BUF_MEM_GROW_CLEAN 105 +# define BUF_F_BUF_MEM_NEW 101 + +/* + * BUF reason codes. + */ + +#endif diff --git a/deps/openssl/openssl/include/openssl/cms.h b/deps/openssl/openssl/include/openssl/cms.h index 7e534e0dd6dd16..ddf37e56f8d41f 100644 --- a/deps/openssl/openssl/include/openssl/cms.h +++ b/deps/openssl/openssl/include/openssl/cms.h @@ -1,5 +1,5 @@ /* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -15,6 +15,7 @@ # ifndef OPENSSL_NO_CMS # include # include +# include # ifdef __cplusplus extern "C" { # endif @@ -329,181 +330,10 @@ int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms, int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg, ASN1_OCTET_STRING *ukm, int keylen); -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - -int ERR_load_CMS_strings(void); - -/* Error codes for the CMS functions. */ - -/* Function codes. */ -# define CMS_F_CHECK_CONTENT 99 -# define CMS_F_CMS_ADD0_CERT 164 -# define CMS_F_CMS_ADD0_RECIPIENT_KEY 100 -# define CMS_F_CMS_ADD0_RECIPIENT_PASSWORD 165 -# define CMS_F_CMS_ADD1_RECEIPTREQUEST 158 -# define CMS_F_CMS_ADD1_RECIPIENT_CERT 101 -# define CMS_F_CMS_ADD1_SIGNER 102 -# define CMS_F_CMS_ADD1_SIGNINGTIME 103 -# define CMS_F_CMS_COMPRESS 104 -# define CMS_F_CMS_COMPRESSEDDATA_CREATE 105 -# define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO 106 -# define CMS_F_CMS_COPY_CONTENT 107 -# define CMS_F_CMS_COPY_MESSAGEDIGEST 108 -# define CMS_F_CMS_DATA 109 -# define CMS_F_CMS_DATAFINAL 110 -# define CMS_F_CMS_DATAINIT 111 -# define CMS_F_CMS_DECRYPT 112 -# define CMS_F_CMS_DECRYPT_SET1_KEY 113 -# define CMS_F_CMS_DECRYPT_SET1_PASSWORD 166 -# define CMS_F_CMS_DECRYPT_SET1_PKEY 114 -# define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX 115 -# define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO 116 -# define CMS_F_CMS_DIGESTEDDATA_DO_FINAL 117 -# define CMS_F_CMS_DIGEST_VERIFY 118 -# define CMS_F_CMS_ENCODE_RECEIPT 161 -# define CMS_F_CMS_ENCRYPT 119 -# define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO 120 -# define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT 121 -# define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT 122 -# define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY 123 -# define CMS_F_CMS_ENVELOPEDDATA_CREATE 124 -# define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO 125 -# define CMS_F_CMS_ENVELOPED_DATA_INIT 126 -# define CMS_F_CMS_ENV_ASN1_CTRL 171 -# define CMS_F_CMS_FINAL 127 -# define CMS_F_CMS_GET0_CERTIFICATE_CHOICES 128 -# define CMS_F_CMS_GET0_CONTENT 129 -# define CMS_F_CMS_GET0_ECONTENT_TYPE 130 -# define CMS_F_CMS_GET0_ENVELOPED 131 -# define CMS_F_CMS_GET0_REVOCATION_CHOICES 132 -# define CMS_F_CMS_GET0_SIGNED 133 -# define CMS_F_CMS_MSGSIGDIGEST_ADD1 162 -# define CMS_F_CMS_RECEIPTREQUEST_CREATE0 159 -# define CMS_F_CMS_RECEIPT_VERIFY 160 -# define CMS_F_CMS_RECIPIENTINFO_DECRYPT 134 -# define CMS_F_CMS_RECIPIENTINFO_ENCRYPT 169 -# define CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT 178 -# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG 175 -# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID 173 -# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS 172 -# define CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP 174 -# define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT 135 -# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT 136 -# define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID 137 -# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP 138 -# define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP 139 -# define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT 140 -# define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT 141 -# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS 142 -# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID 143 -# define CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT 167 -# define CMS_F_CMS_RECIPIENTINFO_SET0_KEY 144 -# define CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD 168 -# define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY 145 -# define CMS_F_CMS_SD_ASN1_CTRL 170 -# define CMS_F_CMS_SET1_IAS 176 -# define CMS_F_CMS_SET1_KEYID 177 -# define CMS_F_CMS_SET1_SIGNERIDENTIFIER 146 -# define CMS_F_CMS_SET_DETACHED 147 -# define CMS_F_CMS_SIGN 148 -# define CMS_F_CMS_SIGNED_DATA_INIT 149 -# define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN 150 -# define CMS_F_CMS_SIGNERINFO_SIGN 151 -# define CMS_F_CMS_SIGNERINFO_VERIFY 152 -# define CMS_F_CMS_SIGNERINFO_VERIFY_CERT 153 -# define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT 154 -# define CMS_F_CMS_SIGN_RECEIPT 163 -# define CMS_F_CMS_STREAM 155 -# define CMS_F_CMS_UNCOMPRESS 156 -# define CMS_F_CMS_VERIFY 157 - -/* Reason codes. */ -# define CMS_R_ADD_SIGNER_ERROR 99 -# define CMS_R_CERTIFICATE_ALREADY_PRESENT 175 -# define CMS_R_CERTIFICATE_HAS_NO_KEYID 160 -# define CMS_R_CERTIFICATE_VERIFY_ERROR 100 -# define CMS_R_CIPHER_INITIALISATION_ERROR 101 -# define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR 102 -# define CMS_R_CMS_DATAFINAL_ERROR 103 -# define CMS_R_CMS_LIB 104 -# define CMS_R_CONTENTIDENTIFIER_MISMATCH 170 -# define CMS_R_CONTENT_NOT_FOUND 105 -# define CMS_R_CONTENT_TYPE_MISMATCH 171 -# define CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA 106 -# define CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA 107 -# define CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA 108 -# define CMS_R_CONTENT_VERIFY_ERROR 109 -# define CMS_R_CTRL_ERROR 110 -# define CMS_R_CTRL_FAILURE 111 -# define CMS_R_DECRYPT_ERROR 112 -# define CMS_R_ERROR_GETTING_PUBLIC_KEY 113 -# define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE 114 -# define CMS_R_ERROR_SETTING_KEY 115 -# define CMS_R_ERROR_SETTING_RECIPIENTINFO 116 -# define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH 117 -# define CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER 176 -# define CMS_R_INVALID_KEY_LENGTH 118 -# define CMS_R_MD_BIO_INIT_ERROR 119 -# define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH 120 -# define CMS_R_MESSAGEDIGEST_WRONG_LENGTH 121 -# define CMS_R_MSGSIGDIGEST_ERROR 172 -# define CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE 162 -# define CMS_R_MSGSIGDIGEST_WRONG_LENGTH 163 -# define CMS_R_NEED_ONE_SIGNER 164 -# define CMS_R_NOT_A_SIGNED_RECEIPT 165 -# define CMS_R_NOT_ENCRYPTED_DATA 122 -# define CMS_R_NOT_KEK 123 -# define CMS_R_NOT_KEY_AGREEMENT 181 -# define CMS_R_NOT_KEY_TRANSPORT 124 -# define CMS_R_NOT_PWRI 177 -# define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 125 -# define CMS_R_NO_CIPHER 126 -# define CMS_R_NO_CONTENT 127 -# define CMS_R_NO_CONTENT_TYPE 173 -# define CMS_R_NO_DEFAULT_DIGEST 128 -# define CMS_R_NO_DIGEST_SET 129 -# define CMS_R_NO_KEY 130 -# define CMS_R_NO_KEY_OR_CERT 174 -# define CMS_R_NO_MATCHING_DIGEST 131 -# define CMS_R_NO_MATCHING_RECIPIENT 132 -# define CMS_R_NO_MATCHING_SIGNATURE 166 -# define CMS_R_NO_MSGSIGDIGEST 167 -# define CMS_R_NO_PASSWORD 178 -# define CMS_R_NO_PRIVATE_KEY 133 -# define CMS_R_NO_PUBLIC_KEY 134 -# define CMS_R_NO_RECEIPT_REQUEST 168 -# define CMS_R_NO_SIGNERS 135 -# define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 136 -# define CMS_R_RECEIPT_DECODE_ERROR 169 -# define CMS_R_RECIPIENT_ERROR 137 -# define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND 138 -# define CMS_R_SIGNFINAL_ERROR 139 -# define CMS_R_SMIME_TEXT_ERROR 140 -# define CMS_R_STORE_INIT_ERROR 141 -# define CMS_R_TYPE_NOT_COMPRESSED_DATA 142 -# define CMS_R_TYPE_NOT_DATA 143 -# define CMS_R_TYPE_NOT_DIGESTED_DATA 144 -# define CMS_R_TYPE_NOT_ENCRYPTED_DATA 145 -# define CMS_R_TYPE_NOT_ENVELOPED_DATA 146 -# define CMS_R_UNABLE_TO_FINALIZE_CONTEXT 147 -# define CMS_R_UNKNOWN_CIPHER 148 -# define CMS_R_UNKNOWN_DIGEST_ALGORIHM 149 -# define CMS_R_UNKNOWN_ID 150 -# define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM 151 -# define CMS_R_UNSUPPORTED_CONTENT_TYPE 152 -# define CMS_R_UNSUPPORTED_KEK_ALGORITHM 153 -# define CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM 179 -# define CMS_R_UNSUPPORTED_RECIPIENT_TYPE 154 -# define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE 155 -# define CMS_R_UNSUPPORTED_TYPE 156 -# define CMS_R_UNWRAP_ERROR 157 -# define CMS_R_UNWRAP_FAILURE 180 -# define CMS_R_VERIFICATION_FAILURE 158 -# define CMS_R_WRAP_ERROR 159 +/* Backward compatibility for spelling errors. */ +# define CMS_R_UNKNOWN_DIGEST_ALGORITM CMS_R_UNKNOWN_DIGEST_ALGORITHM +# define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE \ + CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE # ifdef __cplusplus } diff --git a/deps/openssl/openssl/include/openssl/cmserr.h b/deps/openssl/openssl/include/openssl/cmserr.h new file mode 100644 index 00000000000000..3f8ae26da80192 --- /dev/null +++ b/deps/openssl/openssl/include/openssl/cmserr.h @@ -0,0 +1,196 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CMSERR_H +# define HEADER_CMSERR_H + +# include + +# ifndef OPENSSL_NO_CMS + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_CMS_strings(void); + +/* + * CMS function codes. + */ +# define CMS_F_CHECK_CONTENT 99 +# define CMS_F_CMS_ADD0_CERT 164 +# define CMS_F_CMS_ADD0_RECIPIENT_KEY 100 +# define CMS_F_CMS_ADD0_RECIPIENT_PASSWORD 165 +# define CMS_F_CMS_ADD1_RECEIPTREQUEST 158 +# define CMS_F_CMS_ADD1_RECIPIENT_CERT 101 +# define CMS_F_CMS_ADD1_SIGNER 102 +# define CMS_F_CMS_ADD1_SIGNINGTIME 103 +# define CMS_F_CMS_COMPRESS 104 +# define CMS_F_CMS_COMPRESSEDDATA_CREATE 105 +# define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO 106 +# define CMS_F_CMS_COPY_CONTENT 107 +# define CMS_F_CMS_COPY_MESSAGEDIGEST 108 +# define CMS_F_CMS_DATA 109 +# define CMS_F_CMS_DATAFINAL 110 +# define CMS_F_CMS_DATAINIT 111 +# define CMS_F_CMS_DECRYPT 112 +# define CMS_F_CMS_DECRYPT_SET1_KEY 113 +# define CMS_F_CMS_DECRYPT_SET1_PASSWORD 166 +# define CMS_F_CMS_DECRYPT_SET1_PKEY 114 +# define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX 115 +# define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO 116 +# define CMS_F_CMS_DIGESTEDDATA_DO_FINAL 117 +# define CMS_F_CMS_DIGEST_VERIFY 118 +# define CMS_F_CMS_ENCODE_RECEIPT 161 +# define CMS_F_CMS_ENCRYPT 119 +# define CMS_F_CMS_ENCRYPTEDCONTENT_INIT 179 +# define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO 120 +# define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT 121 +# define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT 122 +# define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY 123 +# define CMS_F_CMS_ENVELOPEDDATA_CREATE 124 +# define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO 125 +# define CMS_F_CMS_ENVELOPED_DATA_INIT 126 +# define CMS_F_CMS_ENV_ASN1_CTRL 171 +# define CMS_F_CMS_FINAL 127 +# define CMS_F_CMS_GET0_CERTIFICATE_CHOICES 128 +# define CMS_F_CMS_GET0_CONTENT 129 +# define CMS_F_CMS_GET0_ECONTENT_TYPE 130 +# define CMS_F_CMS_GET0_ENVELOPED 131 +# define CMS_F_CMS_GET0_REVOCATION_CHOICES 132 +# define CMS_F_CMS_GET0_SIGNED 133 +# define CMS_F_CMS_MSGSIGDIGEST_ADD1 162 +# define CMS_F_CMS_RECEIPTREQUEST_CREATE0 159 +# define CMS_F_CMS_RECEIPT_VERIFY 160 +# define CMS_F_CMS_RECIPIENTINFO_DECRYPT 134 +# define CMS_F_CMS_RECIPIENTINFO_ENCRYPT 169 +# define CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT 178 +# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG 175 +# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID 173 +# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS 172 +# define CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP 174 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT 135 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT 136 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID 137 +# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP 138 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP 139 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT 140 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT 141 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS 142 +# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID 143 +# define CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT 167 +# define CMS_F_CMS_RECIPIENTINFO_SET0_KEY 144 +# define CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD 168 +# define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY 145 +# define CMS_F_CMS_SD_ASN1_CTRL 170 +# define CMS_F_CMS_SET1_IAS 176 +# define CMS_F_CMS_SET1_KEYID 177 +# define CMS_F_CMS_SET1_SIGNERIDENTIFIER 146 +# define CMS_F_CMS_SET_DETACHED 147 +# define CMS_F_CMS_SIGN 148 +# define CMS_F_CMS_SIGNED_DATA_INIT 149 +# define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN 150 +# define CMS_F_CMS_SIGNERINFO_SIGN 151 +# define CMS_F_CMS_SIGNERINFO_VERIFY 152 +# define CMS_F_CMS_SIGNERINFO_VERIFY_CERT 153 +# define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT 154 +# define CMS_F_CMS_SIGN_RECEIPT 163 +# define CMS_F_CMS_STREAM 155 +# define CMS_F_CMS_UNCOMPRESS 156 +# define CMS_F_CMS_VERIFY 157 +# define CMS_F_KEK_UNWRAP_KEY 180 + +/* + * CMS reason codes. + */ +# define CMS_R_ADD_SIGNER_ERROR 99 +# define CMS_R_CERTIFICATE_ALREADY_PRESENT 175 +# define CMS_R_CERTIFICATE_HAS_NO_KEYID 160 +# define CMS_R_CERTIFICATE_VERIFY_ERROR 100 +# define CMS_R_CIPHER_INITIALISATION_ERROR 101 +# define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR 102 +# define CMS_R_CMS_DATAFINAL_ERROR 103 +# define CMS_R_CMS_LIB 104 +# define CMS_R_CONTENTIDENTIFIER_MISMATCH 170 +# define CMS_R_CONTENT_NOT_FOUND 105 +# define CMS_R_CONTENT_TYPE_MISMATCH 171 +# define CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA 106 +# define CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA 107 +# define CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA 108 +# define CMS_R_CONTENT_VERIFY_ERROR 109 +# define CMS_R_CTRL_ERROR 110 +# define CMS_R_CTRL_FAILURE 111 +# define CMS_R_DECRYPT_ERROR 112 +# define CMS_R_ERROR_GETTING_PUBLIC_KEY 113 +# define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE 114 +# define CMS_R_ERROR_SETTING_KEY 115 +# define CMS_R_ERROR_SETTING_RECIPIENTINFO 116 +# define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH 117 +# define CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER 176 +# define CMS_R_INVALID_KEY_LENGTH 118 +# define CMS_R_MD_BIO_INIT_ERROR 119 +# define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH 120 +# define CMS_R_MESSAGEDIGEST_WRONG_LENGTH 121 +# define CMS_R_MSGSIGDIGEST_ERROR 172 +# define CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE 162 +# define CMS_R_MSGSIGDIGEST_WRONG_LENGTH 163 +# define CMS_R_NEED_ONE_SIGNER 164 +# define CMS_R_NOT_A_SIGNED_RECEIPT 165 +# define CMS_R_NOT_ENCRYPTED_DATA 122 +# define CMS_R_NOT_KEK 123 +# define CMS_R_NOT_KEY_AGREEMENT 181 +# define CMS_R_NOT_KEY_TRANSPORT 124 +# define CMS_R_NOT_PWRI 177 +# define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 125 +# define CMS_R_NO_CIPHER 126 +# define CMS_R_NO_CONTENT 127 +# define CMS_R_NO_CONTENT_TYPE 173 +# define CMS_R_NO_DEFAULT_DIGEST 128 +# define CMS_R_NO_DIGEST_SET 129 +# define CMS_R_NO_KEY 130 +# define CMS_R_NO_KEY_OR_CERT 174 +# define CMS_R_NO_MATCHING_DIGEST 131 +# define CMS_R_NO_MATCHING_RECIPIENT 132 +# define CMS_R_NO_MATCHING_SIGNATURE 166 +# define CMS_R_NO_MSGSIGDIGEST 167 +# define CMS_R_NO_PASSWORD 178 +# define CMS_R_NO_PRIVATE_KEY 133 +# define CMS_R_NO_PUBLIC_KEY 134 +# define CMS_R_NO_RECEIPT_REQUEST 168 +# define CMS_R_NO_SIGNERS 135 +# define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 136 +# define CMS_R_RECEIPT_DECODE_ERROR 169 +# define CMS_R_RECIPIENT_ERROR 137 +# define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND 138 +# define CMS_R_SIGNFINAL_ERROR 139 +# define CMS_R_SMIME_TEXT_ERROR 140 +# define CMS_R_STORE_INIT_ERROR 141 +# define CMS_R_TYPE_NOT_COMPRESSED_DATA 142 +# define CMS_R_TYPE_NOT_DATA 143 +# define CMS_R_TYPE_NOT_DIGESTED_DATA 144 +# define CMS_R_TYPE_NOT_ENCRYPTED_DATA 145 +# define CMS_R_TYPE_NOT_ENVELOPED_DATA 146 +# define CMS_R_UNABLE_TO_FINALIZE_CONTEXT 147 +# define CMS_R_UNKNOWN_CIPHER 148 +# define CMS_R_UNKNOWN_DIGEST_ALGORITHM 149 +# define CMS_R_UNKNOWN_ID 150 +# define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM 151 +# define CMS_R_UNSUPPORTED_CONTENT_TYPE 152 +# define CMS_R_UNSUPPORTED_KEK_ALGORITHM 153 +# define CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM 179 +# define CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE 155 +# define CMS_R_UNSUPPORTED_RECIPIENT_TYPE 154 +# define CMS_R_UNSUPPORTED_TYPE 156 +# define CMS_R_UNWRAP_ERROR 157 +# define CMS_R_UNWRAP_FAILURE 180 +# define CMS_R_VERIFICATION_FAILURE 158 +# define CMS_R_WRAP_ERROR 159 + +# endif +#endif diff --git a/deps/openssl/openssl/include/openssl/comp.h b/deps/openssl/openssl/include/openssl/comp.h index 260ff1e0acc70c..d814d3cf2518c7 100644 --- a/deps/openssl/openssl/include/openssl/comp.h +++ b/deps/openssl/openssl/include/openssl/comp.h @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,6 +14,7 @@ # ifndef OPENSSL_NO_COMP # include +# include # ifdef __cplusplus extern "C" { # endif @@ -44,26 +45,6 @@ const BIO_METHOD *BIO_f_zlib(void); # endif # endif -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - -int ERR_load_COMP_strings(void); - -/* Error codes for the COMP functions. */ - -/* Function codes. */ -# define COMP_F_BIO_ZLIB_FLUSH 99 -# define COMP_F_BIO_ZLIB_NEW 100 -# define COMP_F_BIO_ZLIB_READ 101 -# define COMP_F_BIO_ZLIB_WRITE 102 - -/* Reason codes. */ -# define COMP_R_ZLIB_DEFLATE_ERROR 99 -# define COMP_R_ZLIB_INFLATE_ERROR 100 -# define COMP_R_ZLIB_NOT_SUPPORTED 101 # ifdef __cplusplus } diff --git a/deps/openssl/openssl/include/openssl/comperr.h b/deps/openssl/openssl/include/openssl/comperr.h new file mode 100644 index 00000000000000..edea63a6809321 --- /dev/null +++ b/deps/openssl/openssl/include/openssl/comperr.h @@ -0,0 +1,40 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_COMPERR_H +# define HEADER_COMPERR_H + +# include + +# ifndef OPENSSL_NO_COMP + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_COMP_strings(void); + +/* + * COMP function codes. + */ +# define COMP_F_BIO_ZLIB_FLUSH 99 +# define COMP_F_BIO_ZLIB_NEW 100 +# define COMP_F_BIO_ZLIB_READ 101 +# define COMP_F_BIO_ZLIB_WRITE 102 +# define COMP_F_COMP_CTX_NEW 103 + +/* + * COMP reason codes. + */ +# define COMP_R_ZLIB_DEFLATE_ERROR 99 +# define COMP_R_ZLIB_INFLATE_ERROR 100 +# define COMP_R_ZLIB_NOT_SUPPORTED 101 + +# endif +#endif diff --git a/deps/openssl/openssl/include/openssl/conf.h b/deps/openssl/openssl/include/openssl/conf.h index e0539e312884f0..7336cd2f1d1a22 100644 --- a/deps/openssl/openssl/include/openssl/conf.h +++ b/deps/openssl/openssl/include/openssl/conf.h @@ -12,11 +12,10 @@ # include # include -# include # include # include - # include +# include #ifdef __cplusplus extern "C" { @@ -162,59 +161,6 @@ int CONF_parse_list(const char *list, int sep, int nospc, void OPENSSL_load_builtin_modules(void); -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - -int ERR_load_CONF_strings(void); - -/* Error codes for the CONF functions. */ - -/* Function codes. */ -# define CONF_F_CONF_DUMP_FP 104 -# define CONF_F_CONF_LOAD 100 -# define CONF_F_CONF_LOAD_FP 103 -# define CONF_F_CONF_PARSE_LIST 119 -# define CONF_F_DEF_LOAD 120 -# define CONF_F_DEF_LOAD_BIO 121 -# define CONF_F_MODULE_INIT 115 -# define CONF_F_MODULE_LOAD_DSO 117 -# define CONF_F_MODULE_RUN 118 -# define CONF_F_NCONF_DUMP_BIO 105 -# define CONF_F_NCONF_DUMP_FP 106 -# define CONF_F_NCONF_GET_NUMBER_E 112 -# define CONF_F_NCONF_GET_SECTION 108 -# define CONF_F_NCONF_GET_STRING 109 -# define CONF_F_NCONF_LOAD 113 -# define CONF_F_NCONF_LOAD_BIO 110 -# define CONF_F_NCONF_LOAD_FP 114 -# define CONF_F_NCONF_NEW 111 -# define CONF_F_SSL_MODULE_INIT 123 -# define CONF_F_STR_COPY 101 - -/* Reason codes. */ -# define CONF_R_ERROR_LOADING_DSO 110 -# define CONF_R_LIST_CANNOT_BE_NULL 115 -# define CONF_R_MISSING_CLOSE_SQUARE_BRACKET 100 -# define CONF_R_MISSING_EQUAL_SIGN 101 -# define CONF_R_MISSING_INIT_FUNCTION 112 -# define CONF_R_MODULE_INITIALIZATION_ERROR 109 -# define CONF_R_NO_CLOSE_BRACE 102 -# define CONF_R_NO_CONF 105 -# define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE 106 -# define CONF_R_NO_SECTION 107 -# define CONF_R_NO_SUCH_FILE 114 -# define CONF_R_NO_VALUE 108 -# define CONF_R_SSL_COMMAND_SECTION_EMPTY 117 -# define CONF_R_SSL_COMMAND_SECTION_NOT_FOUND 118 -# define CONF_R_SSL_SECTION_EMPTY 119 -# define CONF_R_SSL_SECTION_NOT_FOUND 120 -# define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 103 -# define CONF_R_UNKNOWN_MODULE_NAME 113 -# define CONF_R_VARIABLE_EXPANSION_TOO_LONG 116 -# define CONF_R_VARIABLE_HAS_NO_VALUE 104 # ifdef __cplusplus } diff --git a/deps/openssl/openssl/include/openssl/conferr.h b/deps/openssl/openssl/include/openssl/conferr.h new file mode 100644 index 00000000000000..d1c92f45d82dbb --- /dev/null +++ b/deps/openssl/openssl/include/openssl/conferr.h @@ -0,0 +1,72 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CONFERR_H +# define HEADER_CONFERR_H + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_CONF_strings(void); + +/* + * CONF function codes. + */ +# define CONF_F_CONF_DUMP_FP 104 +# define CONF_F_CONF_LOAD 100 +# define CONF_F_CONF_LOAD_FP 103 +# define CONF_F_CONF_PARSE_LIST 119 +# define CONF_F_DEF_LOAD 120 +# define CONF_F_DEF_LOAD_BIO 121 +# define CONF_F_GET_NEXT_FILE 107 +# define CONF_F_MODULE_ADD 122 +# define CONF_F_MODULE_INIT 115 +# define CONF_F_MODULE_LOAD_DSO 117 +# define CONF_F_MODULE_RUN 118 +# define CONF_F_NCONF_DUMP_BIO 105 +# define CONF_F_NCONF_DUMP_FP 106 +# define CONF_F_NCONF_GET_NUMBER_E 112 +# define CONF_F_NCONF_GET_SECTION 108 +# define CONF_F_NCONF_GET_STRING 109 +# define CONF_F_NCONF_LOAD 113 +# define CONF_F_NCONF_LOAD_BIO 110 +# define CONF_F_NCONF_LOAD_FP 114 +# define CONF_F_NCONF_NEW 111 +# define CONF_F_PROCESS_INCLUDE 116 +# define CONF_F_SSL_MODULE_INIT 123 +# define CONF_F_STR_COPY 101 + +/* + * CONF reason codes. + */ +# define CONF_R_ERROR_LOADING_DSO 110 +# define CONF_R_LIST_CANNOT_BE_NULL 115 +# define CONF_R_MISSING_CLOSE_SQUARE_BRACKET 100 +# define CONF_R_MISSING_EQUAL_SIGN 101 +# define CONF_R_MISSING_INIT_FUNCTION 112 +# define CONF_R_MODULE_INITIALIZATION_ERROR 109 +# define CONF_R_NO_CLOSE_BRACE 102 +# define CONF_R_NO_CONF 105 +# define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE 106 +# define CONF_R_NO_SECTION 107 +# define CONF_R_NO_SUCH_FILE 114 +# define CONF_R_NO_VALUE 108 +# define CONF_R_NUMBER_TOO_LARGE 121 +# define CONF_R_RECURSIVE_DIRECTORY_INCLUDE 111 +# define CONF_R_SSL_COMMAND_SECTION_EMPTY 117 +# define CONF_R_SSL_COMMAND_SECTION_NOT_FOUND 118 +# define CONF_R_SSL_SECTION_EMPTY 119 +# define CONF_R_SSL_SECTION_NOT_FOUND 120 +# define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 103 +# define CONF_R_UNKNOWN_MODULE_NAME 113 +# define CONF_R_VARIABLE_EXPANSION_TOO_LONG 116 +# define CONF_R_VARIABLE_HAS_NO_VALUE 104 + +#endif diff --git a/deps/openssl/openssl/include/openssl/crypto.h b/deps/openssl/openssl/include/openssl/crypto.h index fa3f12af3b2308..7e50b1bf469492 100644 --- a/deps/openssl/openssl/include/openssl/crypto.h +++ b/deps/openssl/openssl/include/openssl/crypto.h @@ -1,5 +1,6 @@ /* * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,12 +8,6 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECDH support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ - #ifndef HEADER_CRYPTO_H # define HEADER_CRYPTO_H @@ -25,11 +20,11 @@ # include # endif -# include # include # include # include # include +# include # ifdef CHARSET_EBCDIC # include @@ -110,7 +105,9 @@ DEFINE_STACK_OF(void) # define CRYPTO_EX_INDEX_UI 11 # define CRYPTO_EX_INDEX_BIO 12 # define CRYPTO_EX_INDEX_APP 13 -# define CRYPTO_EX_INDEX__COUNT 14 +# define CRYPTO_EX_INDEX_UI_METHOD 14 +# define CRYPTO_EX_INDEX_DRBG 15 +# define CRYPTO_EX_INDEX__COUNT 16 /* * This is the default callbacks, but we can have others as well: this is @@ -211,7 +208,7 @@ void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx); * The old locking functions have been removed completely without compatibility * macros. This is because the old functions either could not properly report * errors, or the returned error values were not clearly documented. - * Replacing the locking functions with with no-ops would cause race condition + * Replacing the locking functions with no-ops would cause race condition * issues in the affected applications. It is far better for them to fail at * compile time. * On the other hand, the locking callbacks are no longer used. Consequently, @@ -303,6 +300,7 @@ void OPENSSL_cleanse(void *ptr, size_t len); CRYPTO_mem_debug_pop() int CRYPTO_mem_debug_push(const char *info, const char *file, int line); int CRYPTO_mem_debug_pop(void); +void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount); /*- * Debugging functions (enabled by CRYPTO_set_mem_debug(1)) @@ -317,6 +315,8 @@ void CRYPTO_mem_debug_realloc(void *addr1, void *addr2, size_t num, int flag, void CRYPTO_mem_debug_free(void *addr, int flag, const char *file, int line); +int CRYPTO_mem_leaks_cb(int (*cb) (const char *str, size_t len, void *u), + void *u); # ifndef OPENSSL_NO_STDIO int CRYPTO_mem_leaks_fp(FILE *); # endif @@ -337,6 +337,11 @@ int FIPS_mode(void); int FIPS_mode_set(int r); void OPENSSL_init(void); +# ifdef OPENSSL_SYS_UNIX +void OPENSSL_fork_prepare(void); +void OPENSSL_fork_parent(void); +void OPENSSL_fork_child(void); +# endif struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result); int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec); @@ -350,9 +355,7 @@ int OPENSSL_gmtime_diff(int *pday, int *psec, * into a defined order as the return value when a != b is undefined, other * than to be non-zero. */ -int CRYPTO_memcmp(const volatile void * volatile in_a, - const volatile void * volatile in_b, - size_t len); +int CRYPTO_memcmp(const void * in_a, const void * in_b, size_t len); /* Standard initialisation options */ # define OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS 0x00000001L @@ -372,7 +375,7 @@ int CRYPTO_memcmp(const volatile void * volatile in_a, # define OPENSSL_INIT_ENGINE_PADLOCK 0x00004000L # define OPENSSL_INIT_ENGINE_AFALG 0x00008000L /* OPENSSL_INIT_ZLIB 0x00010000L */ -/* currently unused 0x00020000L */ +# define OPENSSL_INIT_ATFORK 0x00020000L /* OPENSSL_INIT_BASE_ONLY 0x00040000L */ /* OPENSSL_INIT flag range 0xfff00000 reserved for OPENSSL_init_ssl() */ /* Max OPENSSL_INIT flag value is 0x80000000 */ @@ -435,33 +438,6 @@ int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key); CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void); int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b); -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - -int ERR_load_CRYPTO_strings(void); - -/* Error codes for the CRYPTO functions. */ - -/* Function codes. */ -# define CRYPTO_F_CRYPTO_DUP_EX_DATA 110 -# define CRYPTO_F_CRYPTO_FREE_EX_DATA 111 -# define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX 100 -# define CRYPTO_F_CRYPTO_MEMDUP 115 -# define CRYPTO_F_CRYPTO_NEW_EX_DATA 112 -# define CRYPTO_F_CRYPTO_SET_EX_DATA 102 -# define CRYPTO_F_FIPS_MODE_SET 109 -# define CRYPTO_F_GET_AND_LOCK 113 -# define CRYPTO_F_OPENSSL_BUF2HEXSTR 117 -# define CRYPTO_F_OPENSSL_HEXSTR2BUF 118 -# define CRYPTO_F_OPENSSL_INIT_CRYPTO 116 - -/* Reason codes. */ -# define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED 101 -# define CRYPTO_R_ILLEGAL_HEX_DIGIT 102 -# define CRYPTO_R_ODD_NUMBER_OF_DIGITS 103 # ifdef __cplusplus } diff --git a/deps/openssl/openssl/include/openssl/cryptoerr.h b/deps/openssl/openssl/include/openssl/cryptoerr.h new file mode 100644 index 00000000000000..10723d0454b3c5 --- /dev/null +++ b/deps/openssl/openssl/include/openssl/cryptoerr.h @@ -0,0 +1,56 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CRYPTOERR_H +# define HEADER_CRYPTOERR_H + +# ifdef __cplusplus +extern "C" +# endif + +# include + +int ERR_load_CRYPTO_strings(void); + +/* + * CRYPTO function codes. + */ +# define CRYPTO_F_CMAC_CTX_NEW 120 +# define CRYPTO_F_CRYPTO_DUP_EX_DATA 110 +# define CRYPTO_F_CRYPTO_FREE_EX_DATA 111 +# define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX 100 +# define CRYPTO_F_CRYPTO_MEMDUP 115 +# define CRYPTO_F_CRYPTO_NEW_EX_DATA 112 +# define CRYPTO_F_CRYPTO_OCB128_COPY_CTX 121 +# define CRYPTO_F_CRYPTO_OCB128_INIT 122 +# define CRYPTO_F_CRYPTO_SET_EX_DATA 102 +# define CRYPTO_F_FIPS_MODE_SET 109 +# define CRYPTO_F_GET_AND_LOCK 113 +# define CRYPTO_F_OPENSSL_ATEXIT 114 +# define CRYPTO_F_OPENSSL_BUF2HEXSTR 117 +# define CRYPTO_F_OPENSSL_FOPEN 119 +# define CRYPTO_F_OPENSSL_HEXSTR2BUF 118 +# define CRYPTO_F_OPENSSL_INIT_CRYPTO 116 +# define CRYPTO_F_OPENSSL_LH_NEW 126 +# define CRYPTO_F_OPENSSL_SK_DEEP_COPY 127 +# define CRYPTO_F_OPENSSL_SK_DUP 128 +# define CRYPTO_F_PKEY_HMAC_INIT 123 +# define CRYPTO_F_PKEY_POLY1305_INIT 124 +# define CRYPTO_F_PKEY_SIPHASH_INIT 125 +# define CRYPTO_F_SK_RESERVE 129 + +/* + * CRYPTO reason codes. + */ +# define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED 101 +# define CRYPTO_R_ILLEGAL_HEX_DIGIT 102 +# define CRYPTO_R_ODD_NUMBER_OF_DIGITS 103 + +#endif diff --git a/deps/openssl/openssl/include/openssl/ct.h b/deps/openssl/openssl/include/openssl/ct.h index bf29fbabe00659..d4262fa0480476 100644 --- a/deps/openssl/openssl/include/openssl/ct.h +++ b/deps/openssl/openssl/include/openssl/ct.h @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -16,6 +16,7 @@ # include # include # include +# include # ifdef __cplusplus extern "C" { # endif @@ -468,64 +469,6 @@ __owur int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file); */ __owur int CTLOG_STORE_load_default_file(CTLOG_STORE *store); -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - -int ERR_load_CT_strings(void); - -/* Error codes for the CT functions. */ - -/* Function codes. */ -# define CT_F_CTLOG_NEW 117 -# define CT_F_CTLOG_NEW_FROM_BASE64 118 -# define CT_F_CTLOG_NEW_FROM_CONF 119 -# define CT_F_CTLOG_STORE_LOAD_CTX_NEW 122 -# define CT_F_CTLOG_STORE_LOAD_FILE 123 -# define CT_F_CTLOG_STORE_LOAD_LOG 130 -# define CT_F_CTLOG_STORE_NEW 131 -# define CT_F_CT_BASE64_DECODE 124 -# define CT_F_CT_POLICY_EVAL_CTX_NEW 133 -# define CT_F_CT_V1_LOG_ID_FROM_PKEY 125 -# define CT_F_I2O_SCT 107 -# define CT_F_I2O_SCT_LIST 108 -# define CT_F_I2O_SCT_SIGNATURE 109 -# define CT_F_O2I_SCT 110 -# define CT_F_O2I_SCT_LIST 111 -# define CT_F_O2I_SCT_SIGNATURE 112 -# define CT_F_SCT_CTX_NEW 126 -# define CT_F_SCT_CTX_VERIFY 128 -# define CT_F_SCT_NEW 100 -# define CT_F_SCT_NEW_FROM_BASE64 127 -# define CT_F_SCT_SET0_LOG_ID 101 -# define CT_F_SCT_SET1_EXTENSIONS 114 -# define CT_F_SCT_SET1_LOG_ID 115 -# define CT_F_SCT_SET1_SIGNATURE 116 -# define CT_F_SCT_SET_LOG_ENTRY_TYPE 102 -# define CT_F_SCT_SET_SIGNATURE_NID 103 -# define CT_F_SCT_SET_VERSION 104 - -/* Reason codes. */ -# define CT_R_BASE64_DECODE_ERROR 108 -# define CT_R_INVALID_LOG_ID_LENGTH 100 -# define CT_R_LOG_CONF_INVALID 109 -# define CT_R_LOG_CONF_INVALID_KEY 110 -# define CT_R_LOG_CONF_MISSING_DESCRIPTION 111 -# define CT_R_LOG_CONF_MISSING_KEY 112 -# define CT_R_LOG_KEY_INVALID 113 -# define CT_R_SCT_FUTURE_TIMESTAMP 116 -# define CT_R_SCT_INVALID 104 -# define CT_R_SCT_INVALID_SIGNATURE 107 -# define CT_R_SCT_LIST_INVALID 105 -# define CT_R_SCT_LOG_ID_MISMATCH 114 -# define CT_R_SCT_NOT_SET 106 -# define CT_R_SCT_UNSUPPORTED_VERSION 115 -# define CT_R_UNRECOGNIZED_SIGNATURE_NID 101 -# define CT_R_UNSUPPORTED_ENTRY_TYPE 102 -# define CT_R_UNSUPPORTED_VERSION 103 - # ifdef __cplusplus } # endif diff --git a/deps/openssl/openssl/include/openssl/cterr.h b/deps/openssl/openssl/include/openssl/cterr.h new file mode 100644 index 00000000000000..764e1a22046240 --- /dev/null +++ b/deps/openssl/openssl/include/openssl/cterr.h @@ -0,0 +1,76 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CTERR_H +# define HEADER_CTERR_H + +# include + +# ifndef OPENSSL_NO_CT + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_CT_strings(void); + +/* + * CT function codes. + */ +# define CT_F_CTLOG_NEW 117 +# define CT_F_CTLOG_NEW_FROM_BASE64 118 +# define CT_F_CTLOG_NEW_FROM_CONF 119 +# define CT_F_CTLOG_STORE_LOAD_CTX_NEW 122 +# define CT_F_CTLOG_STORE_LOAD_FILE 123 +# define CT_F_CTLOG_STORE_LOAD_LOG 130 +# define CT_F_CTLOG_STORE_NEW 131 +# define CT_F_CT_BASE64_DECODE 124 +# define CT_F_CT_POLICY_EVAL_CTX_NEW 133 +# define CT_F_CT_V1_LOG_ID_FROM_PKEY 125 +# define CT_F_I2O_SCT 107 +# define CT_F_I2O_SCT_LIST 108 +# define CT_F_I2O_SCT_SIGNATURE 109 +# define CT_F_O2I_SCT 110 +# define CT_F_O2I_SCT_LIST 111 +# define CT_F_O2I_SCT_SIGNATURE 112 +# define CT_F_SCT_CTX_NEW 126 +# define CT_F_SCT_CTX_VERIFY 128 +# define CT_F_SCT_NEW 100 +# define CT_F_SCT_NEW_FROM_BASE64 127 +# define CT_F_SCT_SET0_LOG_ID 101 +# define CT_F_SCT_SET1_EXTENSIONS 114 +# define CT_F_SCT_SET1_LOG_ID 115 +# define CT_F_SCT_SET1_SIGNATURE 116 +# define CT_F_SCT_SET_LOG_ENTRY_TYPE 102 +# define CT_F_SCT_SET_SIGNATURE_NID 103 +# define CT_F_SCT_SET_VERSION 104 + +/* + * CT reason codes. + */ +# define CT_R_BASE64_DECODE_ERROR 108 +# define CT_R_INVALID_LOG_ID_LENGTH 100 +# define CT_R_LOG_CONF_INVALID 109 +# define CT_R_LOG_CONF_INVALID_KEY 110 +# define CT_R_LOG_CONF_MISSING_DESCRIPTION 111 +# define CT_R_LOG_CONF_MISSING_KEY 112 +# define CT_R_LOG_KEY_INVALID 113 +# define CT_R_SCT_FUTURE_TIMESTAMP 116 +# define CT_R_SCT_INVALID 104 +# define CT_R_SCT_INVALID_SIGNATURE 107 +# define CT_R_SCT_LIST_INVALID 105 +# define CT_R_SCT_LOG_ID_MISMATCH 114 +# define CT_R_SCT_NOT_SET 106 +# define CT_R_SCT_UNSUPPORTED_VERSION 115 +# define CT_R_UNRECOGNIZED_SIGNATURE_NID 101 +# define CT_R_UNSUPPORTED_ENTRY_TYPE 102 +# define CT_R_UNSUPPORTED_VERSION 103 + +# endif +#endif diff --git a/deps/openssl/openssl/include/openssl/dh.h b/deps/openssl/openssl/include/openssl/dh.h index 8cf879e14fad11..3527540cdddb43 100644 --- a/deps/openssl/openssl/include/openssl/dh.h +++ b/deps/openssl/openssl/include/openssl/dh.h @@ -20,6 +20,7 @@ # if OPENSSL_API_COMPAT < 0x10100000L # include # endif +# include # ifdef __cplusplus extern "C" { @@ -141,6 +142,9 @@ DEPRECATEDIN_0_9_8(DH *DH_generate_parameters(int prime_len, int generator, int DH_generate_parameters_ex(DH *dh, int prime_len, int generator, BN_GENCB *cb); +int DH_check_params_ex(const DH *dh); +int DH_check_ex(const DH *dh); +int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key); int DH_check_params(const DH *dh, int *ret); int DH_check(const DH *dh, int *codes); int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *codes); @@ -161,6 +165,10 @@ DH *DH_get_1024_160(void); DH *DH_get_2048_224(void); DH *DH_get_2048_256(void); +/* Named parameters, currently RFC7919 */ +DH *DH_new_by_nid(int nid); +int DH_get_nid(const DH *dh); + # ifndef OPENSSL_NO_CMS /* RFC2631 KDF */ int DH_KDF_X9_42(unsigned char *out, size_t outlen, @@ -175,6 +183,11 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key); int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); +const BIGNUM *DH_get0_p(const DH *dh); +const BIGNUM *DH_get0_q(const DH *dh); +const BIGNUM *DH_get0_g(const DH *dh); +const BIGNUM *DH_get0_priv_key(const DH *dh); +const BIGNUM *DH_get0_pub_key(const DH *dh); void DH_clear_flags(DH *dh, int flags); int DH_test_flags(const DH *dh, int flags); void DH_set_flags(DH *dh, int flags); @@ -237,6 +250,15 @@ int DH_meth_set_generate_params(DH_METHOD *dhm, EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \ EVP_PKEY_CTRL_DH_RFC5114, gen, NULL) +# define EVP_PKEY_CTX_set_dh_nid(ctx, nid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, \ + EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_DH_NID, nid, NULL) + +# define EVP_PKEY_CTX_set_dh_pad(ctx, pad) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_PAD, pad, NULL) + # define EVP_PKEY_CTX_set_dh_kdf_type(ctx, kdf) \ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ EVP_PKEY_OP_DERIVE, \ @@ -250,22 +272,22 @@ int DH_meth_set_generate_params(DH_METHOD *dhm, # define EVP_PKEY_CTX_set0_dh_kdf_oid(ctx, oid) \ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_DH_KDF_OID, 0, (void *)oid) + EVP_PKEY_CTRL_DH_KDF_OID, 0, (void *)(oid)) # define EVP_PKEY_CTX_get0_dh_kdf_oid(ctx, poid) \ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_GET_DH_KDF_OID, 0, (void *)poid) + EVP_PKEY_CTRL_GET_DH_KDF_OID, 0, (void *)(poid)) # define EVP_PKEY_CTX_set_dh_kdf_md(ctx, md) \ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_DH_KDF_MD, 0, (void *)md) + EVP_PKEY_CTRL_DH_KDF_MD, 0, (void *)(md)) # define EVP_PKEY_CTX_get_dh_kdf_md(ctx, pmd) \ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_GET_DH_KDF_MD, 0, (void *)pmd) + EVP_PKEY_CTRL_GET_DH_KDF_MD, 0, (void *)(pmd)) # define EVP_PKEY_CTX_set_dh_kdf_outlen(ctx, len) \ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ @@ -275,17 +297,17 @@ int DH_meth_set_generate_params(DH_METHOD *dhm, # define EVP_PKEY_CTX_get_dh_kdf_outlen(ctx, plen) \ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN, 0, (void *)plen) + EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN, 0, (void *)(plen)) # define EVP_PKEY_CTX_set0_dh_kdf_ukm(ctx, p, plen) \ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_DH_KDF_UKM, plen, (void *)p) + EVP_PKEY_CTRL_DH_KDF_UKM, plen, (void *)(p)) # define EVP_PKEY_CTX_get0_dh_kdf_ukm(ctx, p) \ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_GET_DH_KDF_UKM, 0, (void *)p) + EVP_PKEY_CTRL_GET_DH_KDF_UKM, 0, (void *)(p)) # define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN (EVP_PKEY_ALG_CTRL + 1) # define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR (EVP_PKEY_ALG_CTRL + 2) @@ -301,6 +323,8 @@ int DH_meth_set_generate_params(DH_METHOD *dhm, # define EVP_PKEY_CTRL_GET_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 12) # define EVP_PKEY_CTRL_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 13) # define EVP_PKEY_CTRL_GET_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 14) +# define EVP_PKEY_CTRL_DH_NID (EVP_PKEY_ALG_CTRL + 15) +# define EVP_PKEY_CTRL_DH_PAD (EVP_PKEY_ALG_CTRL + 16) /* KDF types */ # define EVP_PKEY_DH_KDF_NONE 1 @@ -308,51 +332,6 @@ int DH_meth_set_generate_params(DH_METHOD *dhm, # define EVP_PKEY_DH_KDF_X9_42 2 # endif -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - -int ERR_load_DH_strings(void); - -/* Error codes for the DH functions. */ - -/* Function codes. */ -# define DH_F_COMPUTE_KEY 102 -# define DH_F_DHPARAMS_PRINT_FP 101 -# define DH_F_DH_BUILTIN_GENPARAMS 106 -# define DH_F_DH_CMS_DECRYPT 114 -# define DH_F_DH_CMS_SET_PEERKEY 115 -# define DH_F_DH_CMS_SET_SHARED_INFO 116 -# define DH_F_DH_METH_DUP 117 -# define DH_F_DH_METH_NEW 118 -# define DH_F_DH_METH_SET1_NAME 119 -# define DH_F_DH_NEW_METHOD 105 -# define DH_F_DH_PARAM_DECODE 107 -# define DH_F_DH_PRIV_DECODE 110 -# define DH_F_DH_PRIV_ENCODE 111 -# define DH_F_DH_PUB_DECODE 108 -# define DH_F_DH_PUB_ENCODE 109 -# define DH_F_DO_DH_PRINT 100 -# define DH_F_GENERATE_KEY 103 -# define DH_F_PKEY_DH_DERIVE 112 -# define DH_F_PKEY_DH_KEYGEN 113 - -/* Reason codes. */ -# define DH_R_BAD_GENERATOR 101 -# define DH_R_BN_DECODE_ERROR 109 -# define DH_R_BN_ERROR 106 -# define DH_R_DECODE_ERROR 104 -# define DH_R_INVALID_PUBKEY 102 -# define DH_R_KDF_PARAMETER_ERROR 112 -# define DH_R_KEYS_NOT_SET 108 -# define DH_R_MODULUS_TOO_LARGE 103 -# define DH_R_NO_PARAMETERS_SET 107 -# define DH_R_NO_PRIVATE_VALUE 100 -# define DH_R_PARAMETER_ENCODING_ERROR 105 -# define DH_R_PEER_KEY_ERROR 111 -# define DH_R_SHARED_INFO_ERROR 113 # ifdef __cplusplus } diff --git a/deps/openssl/openssl/include/openssl/dherr.h b/deps/openssl/openssl/include/openssl/dherr.h new file mode 100644 index 00000000000000..81e73f75c07d4e --- /dev/null +++ b/deps/openssl/openssl/include/openssl/dherr.h @@ -0,0 +1,84 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_DHERR_H +# define HEADER_DHERR_H + +# include + +# ifndef OPENSSL_NO_DH + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_DH_strings(void); + +/* + * DH function codes. + */ +# define DH_F_COMPUTE_KEY 102 +# define DH_F_DHPARAMS_PRINT_FP 101 +# define DH_F_DH_BUILTIN_GENPARAMS 106 +# define DH_F_DH_CHECK_EX 121 +# define DH_F_DH_CHECK_PARAMS_EX 122 +# define DH_F_DH_CHECK_PUB_KEY_EX 123 +# define DH_F_DH_CMS_DECRYPT 114 +# define DH_F_DH_CMS_SET_PEERKEY 115 +# define DH_F_DH_CMS_SET_SHARED_INFO 116 +# define DH_F_DH_METH_DUP 117 +# define DH_F_DH_METH_NEW 118 +# define DH_F_DH_METH_SET1_NAME 119 +# define DH_F_DH_NEW_BY_NID 104 +# define DH_F_DH_NEW_METHOD 105 +# define DH_F_DH_PARAM_DECODE 107 +# define DH_F_DH_PKEY_PUBLIC_CHECK 124 +# define DH_F_DH_PRIV_DECODE 110 +# define DH_F_DH_PRIV_ENCODE 111 +# define DH_F_DH_PUB_DECODE 108 +# define DH_F_DH_PUB_ENCODE 109 +# define DH_F_DO_DH_PRINT 100 +# define DH_F_GENERATE_KEY 103 +# define DH_F_PKEY_DH_CTRL_STR 120 +# define DH_F_PKEY_DH_DERIVE 112 +# define DH_F_PKEY_DH_INIT 125 +# define DH_F_PKEY_DH_KEYGEN 113 + +/* + * DH reason codes. + */ +# define DH_R_BAD_GENERATOR 101 +# define DH_R_BN_DECODE_ERROR 109 +# define DH_R_BN_ERROR 106 +# define DH_R_CHECK_INVALID_J_VALUE 115 +# define DH_R_CHECK_INVALID_Q_VALUE 116 +# define DH_R_CHECK_PUBKEY_INVALID 122 +# define DH_R_CHECK_PUBKEY_TOO_LARGE 123 +# define DH_R_CHECK_PUBKEY_TOO_SMALL 124 +# define DH_R_CHECK_P_NOT_PRIME 117 +# define DH_R_CHECK_P_NOT_SAFE_PRIME 118 +# define DH_R_CHECK_Q_NOT_PRIME 119 +# define DH_R_DECODE_ERROR 104 +# define DH_R_INVALID_PARAMETER_NAME 110 +# define DH_R_INVALID_PARAMETER_NID 114 +# define DH_R_INVALID_PUBKEY 102 +# define DH_R_KDF_PARAMETER_ERROR 112 +# define DH_R_KEYS_NOT_SET 108 +# define DH_R_MISSING_PUBKEY 125 +# define DH_R_MODULUS_TOO_LARGE 103 +# define DH_R_NOT_SUITABLE_GENERATOR 120 +# define DH_R_NO_PARAMETERS_SET 107 +# define DH_R_NO_PRIVATE_VALUE 100 +# define DH_R_PARAMETER_ENCODING_ERROR 105 +# define DH_R_PEER_KEY_ERROR 111 +# define DH_R_SHARED_INFO_ERROR 113 +# define DH_R_UNABLE_TO_CHECK_GENERATOR 121 + +# endif +#endif diff --git a/deps/openssl/openssl/include/openssl/dsa.h b/deps/openssl/openssl/include/openssl/dsa.h index 3a7b1a626e1973..822eff347a293a 100644 --- a/deps/openssl/openssl/include/openssl/dsa.h +++ b/deps/openssl/openssl/include/openssl/dsa.h @@ -7,11 +7,6 @@ * https://www.openssl.org/source/license.html */ -/* - * The DSS routines are based on patches supplied by - * Steven Schoch . - */ - #ifndef HEADER_DSA_H # define HEADER_DSA_H @@ -25,11 +20,11 @@ extern "C" { # include # include # include -# include # include # if OPENSSL_API_COMPAT < 0x10100000L # include # endif +# include # ifndef OPENSSL_DSA_MAX_MODULUS_BITS # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 @@ -104,7 +99,7 @@ int DSA_size(const DSA *); int DSA_bits(const DSA *d); int DSA_security_bits(const DSA *d); /* next 4 return -1 on error */ -int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); +DEPRECATEDIN_1_2_0(int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)) int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, unsigned int *siglen, DSA *dsa); int DSA_verify(int type, const unsigned char *dgst, int dgst_len, @@ -178,6 +173,11 @@ int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g); void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key); int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key); +const BIGNUM *DSA_get0_p(const DSA *d); +const BIGNUM *DSA_get0_q(const DSA *d); +const BIGNUM *DSA_get0_g(const DSA *d); +const BIGNUM *DSA_get0_pub_key(const DSA *d); +const BIGNUM *DSA_get0_priv_key(const DSA *d); void DSA_clear_flags(DSA *d, int flags); int DSA_test_flags(const DSA *d, int flags); void DSA_set_flags(DSA *d, int flags); @@ -201,7 +201,7 @@ int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam)) int DSA_meth_set_sign_setup(DSA_METHOD *dsam, int (*sign_setup) (DSA *, BN_CTX *, BIGNUM **, BIGNUM **)); int (*DSA_meth_get_verify(const DSA_METHOD *dsam)) - (const unsigned char *, int , DSA_SIG *, DSA *); + (const unsigned char *, int, DSA_SIG *, DSA *); int DSA_meth_set_verify(DSA_METHOD *dsam, int (*verify) (const unsigned char *, int, DSA_SIG *, DSA *)); int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam)) @@ -230,54 +230,6 @@ int DSA_meth_set_paramgen(DSA_METHOD *dsam, int (*DSA_meth_get_keygen(const DSA_METHOD *dsam)) (DSA *); int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *)); -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - -int ERR_load_DSA_strings(void); - -/* Error codes for the DSA functions. */ - -/* Function codes. */ -# define DSA_F_DSAPARAMS_PRINT 100 -# define DSA_F_DSAPARAMS_PRINT_FP 101 -# define DSA_F_DSA_BUILTIN_PARAMGEN 125 -# define DSA_F_DSA_BUILTIN_PARAMGEN2 126 -# define DSA_F_DSA_DO_SIGN 112 -# define DSA_F_DSA_DO_VERIFY 113 -# define DSA_F_DSA_METH_DUP 127 -# define DSA_F_DSA_METH_NEW 128 -# define DSA_F_DSA_METH_SET1_NAME 129 -# define DSA_F_DSA_NEW_METHOD 103 -# define DSA_F_DSA_PARAM_DECODE 119 -# define DSA_F_DSA_PRINT_FP 105 -# define DSA_F_DSA_PRIV_DECODE 115 -# define DSA_F_DSA_PRIV_ENCODE 116 -# define DSA_F_DSA_PUB_DECODE 117 -# define DSA_F_DSA_PUB_ENCODE 118 -# define DSA_F_DSA_SIGN 106 -# define DSA_F_DSA_SIGN_SETUP 107 -# define DSA_F_DSA_SIG_NEW 102 -# define DSA_F_OLD_DSA_PRIV_DECODE 122 -# define DSA_F_PKEY_DSA_CTRL 120 -# define DSA_F_PKEY_DSA_CTRL_STR 104 -# define DSA_F_PKEY_DSA_KEYGEN 121 - -/* Reason codes. */ -# define DSA_R_BAD_Q_VALUE 102 -# define DSA_R_BN_DECODE_ERROR 108 -# define DSA_R_BN_ERROR 109 -# define DSA_R_DECODE_ERROR 104 -# define DSA_R_INVALID_DIGEST_TYPE 106 -# define DSA_R_INVALID_PARAMETERS 112 -# define DSA_R_MISSING_PARAMETERS 101 -# define DSA_R_MODULUS_TOO_LARGE 103 -# define DSA_R_NO_PARAMETERS_SET 107 -# define DSA_R_PARAMETER_ENCODING_ERROR 105 -# define DSA_R_Q_NOT_PRIME 113 -# define DSA_R_SEED_LEN_SMALL 110 # ifdef __cplusplus } diff --git a/deps/openssl/openssl/include/openssl/dsaerr.h b/deps/openssl/openssl/include/openssl/dsaerr.h new file mode 100644 index 00000000000000..d94f97bba8f213 --- /dev/null +++ b/deps/openssl/openssl/include/openssl/dsaerr.h @@ -0,0 +1,67 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_DSAERR_H +# define HEADER_DSAERR_H + +# include + +# ifndef OPENSSL_NO_DSA + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_DSA_strings(void); + +/* + * DSA function codes. + */ +# define DSA_F_DSAPARAMS_PRINT 100 +# define DSA_F_DSAPARAMS_PRINT_FP 101 +# define DSA_F_DSA_BUILTIN_PARAMGEN 125 +# define DSA_F_DSA_BUILTIN_PARAMGEN2 126 +# define DSA_F_DSA_DO_SIGN 112 +# define DSA_F_DSA_DO_VERIFY 113 +# define DSA_F_DSA_METH_DUP 127 +# define DSA_F_DSA_METH_NEW 128 +# define DSA_F_DSA_METH_SET1_NAME 129 +# define DSA_F_DSA_NEW_METHOD 103 +# define DSA_F_DSA_PARAM_DECODE 119 +# define DSA_F_DSA_PRINT_FP 105 +# define DSA_F_DSA_PRIV_DECODE 115 +# define DSA_F_DSA_PRIV_ENCODE 116 +# define DSA_F_DSA_PUB_DECODE 117 +# define DSA_F_DSA_PUB_ENCODE 118 +# define DSA_F_DSA_SIGN 106 +# define DSA_F_DSA_SIGN_SETUP 107 +# define DSA_F_DSA_SIG_NEW 102 +# define DSA_F_OLD_DSA_PRIV_DECODE 122 +# define DSA_F_PKEY_DSA_CTRL 120 +# define DSA_F_PKEY_DSA_CTRL_STR 104 +# define DSA_F_PKEY_DSA_KEYGEN 121 + +/* + * DSA reason codes. + */ +# define DSA_R_BAD_Q_VALUE 102 +# define DSA_R_BN_DECODE_ERROR 108 +# define DSA_R_BN_ERROR 109 +# define DSA_R_DECODE_ERROR 104 +# define DSA_R_INVALID_DIGEST_TYPE 106 +# define DSA_R_INVALID_PARAMETERS 112 +# define DSA_R_MISSING_PARAMETERS 101 +# define DSA_R_MODULUS_TOO_LARGE 103 +# define DSA_R_NO_PARAMETERS_SET 107 +# define DSA_R_PARAMETER_ENCODING_ERROR 105 +# define DSA_R_Q_NOT_PRIME 113 +# define DSA_R_SEED_LEN_SMALL 110 + +# endif +#endif diff --git a/deps/openssl/openssl/include/openssl/dtls1.h b/deps/openssl/openssl/include/openssl/dtls1.h index f4769f83fe65e1..a312e386cf9ac8 100644 --- a/deps/openssl/openssl/include/openssl/dtls1.h +++ b/deps/openssl/openssl/include/openssl/dtls1.h @@ -1,5 +1,5 @@ /* - * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -26,6 +26,10 @@ extern "C" { # define DTLS_ANY_VERSION 0x1FFFF /* lengths of messages */ +/* + * Actually the max cookie length in DTLS is 255. But we can't change this now + * due to compatibility concerns. + */ # define DTLS1_COOKIE_LENGTH 256 # define DTLS1_RT_HEADER_LENGTH 13 @@ -37,12 +41,7 @@ extern "C" { # define DTLS1_CCS_HEADER_LENGTH 1 -# ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE -# define DTLS1_AL_HEADER_LENGTH 7 -# else -# define DTLS1_AL_HEADER_LENGTH 2 -# endif - +# define DTLS1_AL_HEADER_LENGTH 2 /* Timeout multipliers (timeout slice is defined in apps/timeouts.h */ # define DTLS1_TMO_READ_COUNT 2 diff --git a/deps/openssl/openssl/include/openssl/e_os2.h b/deps/openssl/openssl/include/openssl/e_os2.h index 9800e154871947..eeae2154452918 100644 --- a/deps/openssl/openssl/include/openssl/e_os2.h +++ b/deps/openssl/openssl/include/openssl/e_os2.h @@ -146,36 +146,30 @@ extern "C" { # endif /*- - * Definitions of OPENSSL_GLOBAL and OPENSSL_EXTERN, to define and declare - * certain global symbols that, with some compilers under VMS, have to be - * defined and declared explicitly with globaldef and globalref. - * Definitions of OPENSSL_EXPORT and OPENSSL_IMPORT, to define and declare - * DLL exports and imports for compilers under Win32. These are a little - * more complicated to use. Basically, for any library that exports some - * global variables, the following code must be present in the header file - * that declares them, before OPENSSL_EXTERN is used: + * OPENSSL_EXTERN is normally used to declare a symbol with possible extra + * attributes to handle its presence in a shared library. + * OPENSSL_EXPORT is used to define a symbol with extra possible attributes + * to make it visible in a shared library. + * Care needs to be taken when a header file is used both to declare and + * define symbols. Basically, for any library that exports some global + * variables, the following code must be present in the header file that + * declares them, before OPENSSL_EXTERN is used: * * #ifdef SOME_BUILD_FLAG_MACRO * # undef OPENSSL_EXTERN * # define OPENSSL_EXTERN OPENSSL_EXPORT * #endif * - * The default is to have OPENSSL_EXPORT, OPENSSL_EXTERN and OPENSSL_GLOBAL + * The default is to have OPENSSL_EXPORT and OPENSSL_EXTERN * have some generally sensible values. */ -# if defined(OPENSSL_SYS_VMS_NODECC) -# define OPENSSL_EXPORT globalref -# define OPENSSL_EXTERN globalref -# define OPENSSL_GLOBAL globaldef -# elif defined(OPENSSL_SYS_WINDOWS) && defined(OPENSSL_OPT_WINDLL) +# if defined(OPENSSL_SYS_WINDOWS) && defined(OPENSSL_OPT_WINDLL) # define OPENSSL_EXPORT extern __declspec(dllexport) # define OPENSSL_EXTERN extern __declspec(dllimport) -# define OPENSSL_GLOBAL # else # define OPENSSL_EXPORT extern # define OPENSSL_EXTERN extern -# define OPENSSL_GLOBAL # endif /*- @@ -196,7 +190,7 @@ extern "C" { # define OPENSSL_DECLARE_GLOBAL(type,name) type *_shadow_##name(void) # define OPENSSL_GLOBAL_REF(name) (*(_shadow_##name())) # else -# define OPENSSL_IMPLEMENT_GLOBAL(type,name,value) OPENSSL_GLOBAL type _shadow_##name=value; +# define OPENSSL_IMPLEMENT_GLOBAL(type,name,value) type _shadow_##name=value; # define OPENSSL_DECLARE_GLOBAL(type,name) OPENSSL_EXPORT type _shadow_##name # define OPENSSL_GLOBAL_REF(name) _shadow_##name # endif @@ -222,6 +216,8 @@ extern "C" { # define OSSL_SSIZE_MAX SSIZE_MAX # elif defined(_POSIX_SSIZE_MAX) # define OSSL_SSIZE_MAX _POSIX_SSIZE_MAX +# else +# define OSSL_SSIZE_MAX ((ssize_t)(SIZE_MAX>>1)) # endif # endif diff --git a/deps/openssl/openssl/include/openssl/ec.h b/deps/openssl/openssl/include/openssl/ec.h index d6b36c77c09e45..347cfb6d097b91 100644 --- a/deps/openssl/openssl/include/openssl/ec.h +++ b/deps/openssl/openssl/include/openssl/ec.h @@ -1,5 +1,6 @@ /* * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,20 +8,6 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * - * Portions of the attached software ("Contribution") are developed by - * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. - * - * The Contribution is licensed pursuant to the OpenSSL open source - * license provided above. - * - * The elliptic curve binary polynomial software is originally written by - * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. - * - */ - #ifndef HEADER_EC_H # define HEADER_EC_H @@ -32,6 +19,7 @@ # if OPENSSL_API_COMPAT < 0x10100000L # include # endif +# include # ifdef __cplusplus extern "C" { # endif @@ -235,50 +223,84 @@ unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x); size_t EC_GROUP_get_seed_len(const EC_GROUP *); size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len); -/** Sets the parameter of a ec over GFp defined by y^2 = x^3 + a*x + b +/** Sets the parameters of a ec curve defined by y^2 = x^3 + a*x + b (for GFp) + * or y^2 + x*y = x^3 + a*x^2 + b (for GF2m) + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM with parameter a of the equation + * \param b BIGNUM with parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx); + +/** Gets the parameters of the ec curve defined by y^2 = x^3 + a*x + b (for GFp) + * or y^2 + x*y = x^3 + a*x^2 + b (for GF2m) + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM for parameter a of the equation + * \param b BIGNUM for parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, + BN_CTX *ctx); + +/** Sets the parameters of an ec curve. Synonym for EC_GROUP_set_curve * \param group EC_GROUP object - * \param p BIGNUM with the prime number + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) * \param a BIGNUM with parameter a of the equation * \param b BIGNUM with parameter b of the equation * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ -int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, - const BIGNUM *b, BN_CTX *ctx); +DEPRECATEDIN_1_2_0(int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, + const BIGNUM *a, const BIGNUM *b, + BN_CTX *ctx)) -/** Gets the parameter of the ec over GFp defined by y^2 = x^3 + a*x + b +/** Gets the parameters of an ec curve. Synonym for EC_GROUP_get_curve * \param group EC_GROUP object - * \param p BIGNUM for the prime number + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) * \param a BIGNUM for parameter a of the equation * \param b BIGNUM for parameter b of the equation * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ -int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, - BIGNUM *b, BN_CTX *ctx); +DEPRECATEDIN_1_2_0(int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, + BIGNUM *a, BIGNUM *b, + BN_CTX *ctx)) # ifndef OPENSSL_NO_EC2M -/** Sets the parameter of a ec over GF2m defined by y^2 + x*y = x^3 + a*x^2 + b +/** Sets the parameter of an ec curve. Synonym for EC_GROUP_set_curve * \param group EC_GROUP object - * \param p BIGNUM with the polynomial defining the underlying field + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) * \param a BIGNUM with parameter a of the equation * \param b BIGNUM with parameter b of the equation * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ -int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, - const BIGNUM *b, BN_CTX *ctx); +DEPRECATEDIN_1_2_0(int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, + const BIGNUM *a, const BIGNUM *b, + BN_CTX *ctx)) -/** Gets the parameter of the ec over GF2m defined by y^2 + x*y = x^3 + a*x^2 + b +/** Gets the parameters of an ec curve. Synonym for EC_GROUP_get_curve * \param group EC_GROUP object - * \param p BIGNUM for the polynomial defining the underlying field + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) * \param a BIGNUM for parameter a of the equation * \param b BIGNUM for parameter b of the equation * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ -int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, - BIGNUM *b, BN_CTX *ctx); +DEPRECATEDIN_1_2_0(int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, + BIGNUM *a, BIGNUM *b, + BN_CTX *ctx)) # endif /** Returns the number of bits needed to represent a field element * \param group EC_GROUP object @@ -350,7 +372,7 @@ EC_GROUP *EC_GROUP_new_by_curve_name(int nid); */ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params); -/** Creates an ECPARAMETERS object for the the given EC_GROUP object. +/** Creates an ECPARAMETERS object for the given EC_GROUP object. * \param group pointer to the EC_GROUP object * \param params pointer to an existing ECPARAMETERS object or NULL * \return pointer to the new ECPARAMETERS object or NULL @@ -366,7 +388,7 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, */ EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params); -/** Creates an ECPKPARAMETERS object for the the given EC_GROUP object. +/** Creates an ECPKPARAMETERS object for the given EC_GROUP object. * \param group pointer to the EC_GROUP object * \param params pointer to an existing ECPKPARAMETERS object or NULL * \return pointer to the new ECPKPARAMETERS object or NULL @@ -471,7 +493,7 @@ int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, BIGNUM *y, BIGNUM *z, BN_CTX *ctx); -/** Sets the affine coordinates of a EC_POINT over GFp +/** Sets the affine coordinates of an EC_POINT * \param group underlying EC_GROUP object * \param p EC_POINT object * \param x BIGNUM with the x-coordinate @@ -479,11 +501,38 @@ int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ -int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, - const BIGNUM *x, const BIGNUM *y, - BN_CTX *ctx); +int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, + BN_CTX *ctx); + +/** Gets the affine coordinates of an EC_POINT. + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p, + BIGNUM *x, BIGNUM *y, BN_CTX *ctx); + +/** Sets the affine coordinates of an EC_POINT. A synonym of + * EC_POINT_set_affine_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, + EC_POINT *p, + const BIGNUM *x, + const BIGNUM *y, + BN_CTX *ctx)) -/** Gets the affine coordinates of a EC_POINT over GFp +/** Gets the affine coordinates of an EC_POINT. A synonym of + * EC_POINT_get_affine_coordinates * \param group underlying EC_GROUP object * \param p EC_POINT object * \param x BIGNUM for the x-coordinate @@ -491,11 +540,26 @@ int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ -int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, - const EC_POINT *p, BIGNUM *x, - BIGNUM *y, BN_CTX *ctx); +DEPRECATEDIN_1_2_0(int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, + const EC_POINT *p, + BIGNUM *x, + BIGNUM *y, + BN_CTX *ctx)) + +/** Sets the x9.62 compressed coordinates of a EC_POINT + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with x-coordinate + * \param y_bit integer with the y-Bit (either 0 or 1) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, int y_bit, + BN_CTX *ctx); -/** Sets the x9.62 compressed coordinates of a EC_POINT over GFp +/** Sets the x9.62 compressed coordinates of a EC_POINT. A synonym of + * EC_POINT_set_compressed_coordinates * \param group underlying EC_GROUP object * \param p EC_POINT object * \param x BIGNUM with x-coordinate @@ -503,11 +567,14 @@ int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ -int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, - EC_POINT *p, const BIGNUM *x, - int y_bit, BN_CTX *ctx); +DEPRECATEDIN_1_2_0(int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, + EC_POINT *p, + const BIGNUM *x, + int y_bit, + BN_CTX *ctx)) # ifndef OPENSSL_NO_EC2M -/** Sets the affine coordinates of a EC_POINT over GF2m +/** Sets the affine coordinates of an EC_POINT. A synonym of + * EC_POINT_set_affine_coordinates * \param group underlying EC_GROUP object * \param p EC_POINT object * \param x BIGNUM with the x-coordinate @@ -515,11 +582,14 @@ int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ -int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p, - const BIGNUM *x, const BIGNUM *y, - BN_CTX *ctx); +DEPRECATEDIN_1_2_0(int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, + EC_POINT *p, + const BIGNUM *x, + const BIGNUM *y, + BN_CTX *ctx)) -/** Gets the affine coordinates of a EC_POINT over GF2m +/** Gets the affine coordinates of an EC_POINT. A synonym of + * EC_POINT_get_affine_coordinates * \param group underlying EC_GROUP object * \param p EC_POINT object * \param x BIGNUM for the x-coordinate @@ -527,11 +597,14 @@ int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p, * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ -int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, - const EC_POINT *p, BIGNUM *x, - BIGNUM *y, BN_CTX *ctx); +DEPRECATEDIN_1_2_0(int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, + const EC_POINT *p, + BIGNUM *x, + BIGNUM *y, + BN_CTX *ctx)) -/** Sets the x9.62 compressed coordinates of a EC_POINT over GF2m +/** Sets the x9.62 compressed coordinates of a EC_POINT. A synonym of + * EC_POINT_set_compressed_coordinates * \param group underlying EC_GROUP object * \param p EC_POINT object * \param x BIGNUM with x-coordinate @@ -539,9 +612,11 @@ int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ -int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, - EC_POINT *p, const BIGNUM *x, - int y_bit, BN_CTX *ctx); +DEPRECATEDIN_1_2_0(int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, + EC_POINT *p, + const BIGNUM *x, + int y_bit, + BN_CTX *ctx)) # endif /** Encodes a EC_POINT object to a octet string * \param group underlying EC_GROUP object @@ -785,6 +860,12 @@ EC_KEY *EC_KEY_dup(const EC_KEY *src); */ int EC_KEY_up_ref(EC_KEY *key); +/** Returns the ENGINE object of a EC_KEY object + * \param eckey EC_KEY object + * \return the ENGINE object (possibly NULL). + */ +ENGINE *EC_KEY_get0_engine(const EC_KEY *eckey); + /** Returns the EC_GROUP object of a EC_KEY object * \param key EC_KEY object * \return the EC_GROUP object (possibly NULL). @@ -1026,6 +1107,11 @@ const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key); int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth); EC_KEY *EC_KEY_new_method(ENGINE *engine); +/** The old name for ecdh_KDF_X9_63 + * The ECDH KDF specification has been mistakingly attributed to ANSI X9.62, + * it is actually specified in ANSI X9.63. + * This identifier is retained for backwards compatibility + */ int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, const unsigned char *Z, size_t Zlen, const unsigned char *sinfo, size_t sinfolen, @@ -1066,14 +1152,24 @@ int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp); ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len); /** Accessor for r and s fields of ECDSA_SIG - * \param sig pointer to ECDSA_SIG pointer + * \param sig pointer to ECDSA_SIG structure * \param pr pointer to BIGNUM pointer for r (may be NULL) * \param ps pointer to BIGNUM pointer for s (may be NULL) */ void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); +/** Accessor for r field of ECDSA_SIG + * \param sig pointer to ECDSA_SIG structure + */ +const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig); + +/** Accessor for s field of ECDSA_SIG + * \param sig pointer to ECDSA_SIG structure + */ +const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig); + /** Setter for r and s fields of ECDSA_SIG - * \param sig pointer to ECDSA_SIG pointer + * \param sig pointer to ECDSA_SIG structure * \param r pointer to BIGNUM for r (may be NULL) * \param s pointer to BIGNUM for s (may be NULL) */ @@ -1310,12 +1406,12 @@ void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth, # define EVP_PKEY_CTX_set_ecdh_kdf_md(ctx, md) \ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_EC_KDF_MD, 0, (void *)md) + EVP_PKEY_CTRL_EC_KDF_MD, 0, (void *)(md)) # define EVP_PKEY_CTX_get_ecdh_kdf_md(ctx, pmd) \ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_GET_EC_KDF_MD, 0, (void *)pmd) + EVP_PKEY_CTRL_GET_EC_KDF_MD, 0, (void *)(pmd)) # define EVP_PKEY_CTX_set_ecdh_kdf_outlen(ctx, len) \ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ @@ -1325,17 +1421,31 @@ void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth, # define EVP_PKEY_CTX_get_ecdh_kdf_outlen(ctx, plen) \ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN, 0, (void *)plen) + EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN, 0, \ + (void *)(plen)) # define EVP_PKEY_CTX_set0_ecdh_kdf_ukm(ctx, p, plen) \ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_EC_KDF_UKM, plen, (void *)p) + EVP_PKEY_CTRL_EC_KDF_UKM, plen, (void *)(p)) # define EVP_PKEY_CTX_get0_ecdh_kdf_ukm(ctx, p) \ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_GET_EC_KDF_UKM, 0, (void *)p) + EVP_PKEY_CTRL_GET_EC_KDF_UKM, 0, (void *)(p)) + +/* SM2 will skip the operation check so no need to pass operation here */ +# define EVP_PKEY_CTX_set1_id(ctx, id, id_len) \ + EVP_PKEY_CTX_ctrl(ctx, -1, -1, \ + EVP_PKEY_CTRL_SET1_ID, (int)id_len, (void*)(id)) + +# define EVP_PKEY_CTX_get1_id(ctx, id) \ + EVP_PKEY_CTX_ctrl(ctx, -1, -1, \ + EVP_PKEY_CTRL_GET1_ID, 0, (void*)(id)) + +# define EVP_PKEY_CTX_get1_id_len(ctx, id_len) \ + EVP_PKEY_CTX_ctrl(ctx, -1, -1, \ + EVP_PKEY_CTRL_GET1_ID_LEN, 0, (void*)(id_len)) # define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID (EVP_PKEY_ALG_CTRL + 1) # define EVP_PKEY_CTRL_EC_PARAM_ENC (EVP_PKEY_ALG_CTRL + 2) @@ -1347,228 +1457,19 @@ void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth, # define EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 8) # define EVP_PKEY_CTRL_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 9) # define EVP_PKEY_CTRL_GET_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 10) +# define EVP_PKEY_CTRL_SET1_ID (EVP_PKEY_ALG_CTRL + 11) +# define EVP_PKEY_CTRL_GET1_ID (EVP_PKEY_ALG_CTRL + 12) +# define EVP_PKEY_CTRL_GET1_ID_LEN (EVP_PKEY_ALG_CTRL + 13) /* KDF types */ # define EVP_PKEY_ECDH_KDF_NONE 1 -# define EVP_PKEY_ECDH_KDF_X9_62 2 +# define EVP_PKEY_ECDH_KDF_X9_63 2 +/** The old name for EVP_PKEY_ECDH_KDF_X9_63 + * The ECDH KDF specification has been mistakingly attributed to ANSI X9.62, + * it is actually specified in ANSI X9.63. + * This identifier is retained for backwards compatibility + */ +# define EVP_PKEY_ECDH_KDF_X9_62 EVP_PKEY_ECDH_KDF_X9_63 -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - -int ERR_load_EC_strings(void); - -/* Error codes for the EC functions. */ - -/* Function codes. */ -# define EC_F_BN_TO_FELEM 224 -# define EC_F_D2I_ECPARAMETERS 144 -# define EC_F_D2I_ECPKPARAMETERS 145 -# define EC_F_D2I_ECPRIVATEKEY 146 -# define EC_F_DO_EC_KEY_PRINT 221 -# define EC_F_ECDH_CMS_DECRYPT 238 -# define EC_F_ECDH_CMS_SET_SHARED_INFO 239 -# define EC_F_ECDH_COMPUTE_KEY 246 -# define EC_F_ECDH_SIMPLE_COMPUTE_KEY 257 -# define EC_F_ECDSA_DO_SIGN_EX 251 -# define EC_F_ECDSA_DO_VERIFY 252 -# define EC_F_ECDSA_SIGN_EX 254 -# define EC_F_ECDSA_SIGN_SETUP 248 -# define EC_F_ECDSA_SIG_NEW 265 -# define EC_F_ECDSA_VERIFY 253 -# define EC_F_ECKEY_PARAM2TYPE 223 -# define EC_F_ECKEY_PARAM_DECODE 212 -# define EC_F_ECKEY_PRIV_DECODE 213 -# define EC_F_ECKEY_PRIV_ENCODE 214 -# define EC_F_ECKEY_PUB_DECODE 215 -# define EC_F_ECKEY_PUB_ENCODE 216 -# define EC_F_ECKEY_TYPE2PARAM 220 -# define EC_F_ECPARAMETERS_PRINT 147 -# define EC_F_ECPARAMETERS_PRINT_FP 148 -# define EC_F_ECPKPARAMETERS_PRINT 149 -# define EC_F_ECPKPARAMETERS_PRINT_FP 150 -# define EC_F_ECP_NISTZ256_GET_AFFINE 240 -# define EC_F_ECP_NISTZ256_MULT_PRECOMPUTE 243 -# define EC_F_ECP_NISTZ256_POINTS_MUL 241 -# define EC_F_ECP_NISTZ256_PRE_COMP_NEW 244 -# define EC_F_ECP_NISTZ256_WINDOWED_MUL 242 -# define EC_F_ECX_KEY_OP 266 -# define EC_F_ECX_PRIV_ENCODE 267 -# define EC_F_ECX_PUB_ENCODE 268 -# define EC_F_EC_ASN1_GROUP2CURVE 153 -# define EC_F_EC_ASN1_GROUP2FIELDID 154 -# define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY 208 -# define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT 159 -# define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE 195 -# define EC_F_EC_GF2M_SIMPLE_OCT2POINT 160 -# define EC_F_EC_GF2M_SIMPLE_POINT2OCT 161 -# define EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES 162 -# define EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES 163 -# define EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES 164 -# define EC_F_EC_GFP_MONT_FIELD_DECODE 133 -# define EC_F_EC_GFP_MONT_FIELD_ENCODE 134 -# define EC_F_EC_GFP_MONT_FIELD_MUL 131 -# define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE 209 -# define EC_F_EC_GFP_MONT_FIELD_SQR 132 -# define EC_F_EC_GFP_MONT_GROUP_SET_CURVE 189 -# define EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE 225 -# define EC_F_EC_GFP_NISTP224_POINTS_MUL 228 -# define EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES 226 -# define EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE 230 -# define EC_F_EC_GFP_NISTP256_POINTS_MUL 231 -# define EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES 232 -# define EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE 233 -# define EC_F_EC_GFP_NISTP521_POINTS_MUL 234 -# define EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES 235 -# define EC_F_EC_GFP_NIST_FIELD_MUL 200 -# define EC_F_EC_GFP_NIST_FIELD_SQR 201 -# define EC_F_EC_GFP_NIST_GROUP_SET_CURVE 202 -# define EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES 287 -# define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT 165 -# define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE 166 -# define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE 102 -# define EC_F_EC_GFP_SIMPLE_OCT2POINT 103 -# define EC_F_EC_GFP_SIMPLE_POINT2OCT 104 -# define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE 137 -# define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES 167 -# define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES 168 -# define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES 169 -# define EC_F_EC_GROUP_CHECK 170 -# define EC_F_EC_GROUP_CHECK_DISCRIMINANT 171 -# define EC_F_EC_GROUP_COPY 106 -# define EC_F_EC_GROUP_GET_CURVE_GF2M 172 -# define EC_F_EC_GROUP_GET_CURVE_GFP 130 -# define EC_F_EC_GROUP_GET_DEGREE 173 -# define EC_F_EC_GROUP_GET_ECPARAMETERS 261 -# define EC_F_EC_GROUP_GET_ECPKPARAMETERS 262 -# define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS 193 -# define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS 194 -# define EC_F_EC_GROUP_NEW 108 -# define EC_F_EC_GROUP_NEW_BY_CURVE_NAME 174 -# define EC_F_EC_GROUP_NEW_FROM_DATA 175 -# define EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS 263 -# define EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS 264 -# define EC_F_EC_GROUP_SET_CURVE_GF2M 176 -# define EC_F_EC_GROUP_SET_CURVE_GFP 109 -# define EC_F_EC_GROUP_SET_GENERATOR 111 -# define EC_F_EC_KEY_CHECK_KEY 177 -# define EC_F_EC_KEY_COPY 178 -# define EC_F_EC_KEY_GENERATE_KEY 179 -# define EC_F_EC_KEY_NEW 182 -# define EC_F_EC_KEY_NEW_METHOD 245 -# define EC_F_EC_KEY_OCT2PRIV 255 -# define EC_F_EC_KEY_PRINT 180 -# define EC_F_EC_KEY_PRINT_FP 181 -# define EC_F_EC_KEY_PRIV2OCT 256 -# define EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES 229 -# define EC_F_EC_KEY_SIMPLE_CHECK_KEY 258 -# define EC_F_EC_KEY_SIMPLE_OCT2PRIV 259 -# define EC_F_EC_KEY_SIMPLE_PRIV2OCT 260 -# define EC_F_EC_POINTS_MAKE_AFFINE 136 -# define EC_F_EC_POINT_ADD 112 -# define EC_F_EC_POINT_CMP 113 -# define EC_F_EC_POINT_COPY 114 -# define EC_F_EC_POINT_DBL 115 -# define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M 183 -# define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP 116 -# define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP 117 -# define EC_F_EC_POINT_INVERT 210 -# define EC_F_EC_POINT_IS_AT_INFINITY 118 -# define EC_F_EC_POINT_IS_ON_CURVE 119 -# define EC_F_EC_POINT_MAKE_AFFINE 120 -# define EC_F_EC_POINT_NEW 121 -# define EC_F_EC_POINT_OCT2POINT 122 -# define EC_F_EC_POINT_POINT2OCT 123 -# define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M 185 -# define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP 124 -# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M 186 -# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP 125 -# define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP 126 -# define EC_F_EC_POINT_SET_TO_INFINITY 127 -# define EC_F_EC_PRE_COMP_NEW 196 -# define EC_F_EC_WNAF_MUL 187 -# define EC_F_EC_WNAF_PRECOMPUTE_MULT 188 -# define EC_F_I2D_ECPARAMETERS 190 -# define EC_F_I2D_ECPKPARAMETERS 191 -# define EC_F_I2D_ECPRIVATEKEY 192 -# define EC_F_I2O_ECPUBLICKEY 151 -# define EC_F_NISTP224_PRE_COMP_NEW 227 -# define EC_F_NISTP256_PRE_COMP_NEW 236 -# define EC_F_NISTP521_PRE_COMP_NEW 237 -# define EC_F_O2I_ECPUBLICKEY 152 -# define EC_F_OLD_EC_PRIV_DECODE 222 -# define EC_F_OSSL_ECDH_COMPUTE_KEY 247 -# define EC_F_OSSL_ECDSA_SIGN_SIG 249 -# define EC_F_OSSL_ECDSA_VERIFY_SIG 250 -# define EC_F_PKEY_ECX_DERIVE 269 -# define EC_F_PKEY_EC_CTRL 197 -# define EC_F_PKEY_EC_CTRL_STR 198 -# define EC_F_PKEY_EC_DERIVE 217 -# define EC_F_PKEY_EC_KEYGEN 199 -# define EC_F_PKEY_EC_PARAMGEN 219 -# define EC_F_PKEY_EC_SIGN 218 - -/* Reason codes. */ -# define EC_R_ASN1_ERROR 115 -# define EC_R_BAD_SIGNATURE 156 -# define EC_R_BIGNUM_OUT_OF_RANGE 144 -# define EC_R_BUFFER_TOO_SMALL 100 -# define EC_R_COORDINATES_OUT_OF_RANGE 146 -# define EC_R_CURVE_DOES_NOT_SUPPORT_ECDH 160 -# define EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING 159 -# define EC_R_D2I_ECPKPARAMETERS_FAILURE 117 -# define EC_R_DECODE_ERROR 142 -# define EC_R_DISCRIMINANT_IS_ZERO 118 -# define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119 -# define EC_R_FIELD_TOO_LARGE 143 -# define EC_R_GF2M_NOT_SUPPORTED 147 -# define EC_R_GROUP2PKPARAMETERS_FAILURE 120 -# define EC_R_I2D_ECPKPARAMETERS_FAILURE 121 -# define EC_R_INCOMPATIBLE_OBJECTS 101 -# define EC_R_INVALID_ARGUMENT 112 -# define EC_R_INVALID_COMPRESSED_POINT 110 -# define EC_R_INVALID_COMPRESSION_BIT 109 -# define EC_R_INVALID_CURVE 141 -# define EC_R_INVALID_DIGEST 151 -# define EC_R_INVALID_DIGEST_TYPE 138 -# define EC_R_INVALID_ENCODING 102 -# define EC_R_INVALID_FIELD 103 -# define EC_R_INVALID_FORM 104 -# define EC_R_INVALID_GROUP_ORDER 122 -# define EC_R_INVALID_KEY 116 -# define EC_R_INVALID_OUTPUT_LENGTH 161 -# define EC_R_INVALID_PEER_KEY 133 -# define EC_R_INVALID_PENTANOMIAL_BASIS 132 -# define EC_R_INVALID_PRIVATE_KEY 123 -# define EC_R_INVALID_TRINOMIAL_BASIS 137 -# define EC_R_KDF_PARAMETER_ERROR 148 -# define EC_R_KEYS_NOT_SET 140 -# define EC_R_MISSING_PARAMETERS 124 -# define EC_R_MISSING_PRIVATE_KEY 125 -# define EC_R_NEED_NEW_SETUP_VALUES 157 -# define EC_R_NOT_A_NIST_PRIME 135 -# define EC_R_NOT_IMPLEMENTED 126 -# define EC_R_NOT_INITIALIZED 111 -# define EC_R_NO_PARAMETERS_SET 139 -# define EC_R_NO_PRIVATE_VALUE 154 -# define EC_R_OPERATION_NOT_SUPPORTED 152 -# define EC_R_PASSED_NULL_PARAMETER 134 -# define EC_R_PEER_KEY_ERROR 149 -# define EC_R_PKPARAMETERS2GROUP_FAILURE 127 -# define EC_R_POINT_ARITHMETIC_FAILURE 155 -# define EC_R_POINT_AT_INFINITY 106 -# define EC_R_POINT_IS_NOT_ON_CURVE 107 -# define EC_R_RANDOM_NUMBER_GENERATION_FAILED 158 -# define EC_R_SHARED_INFO_ERROR 150 -# define EC_R_SLOT_FULL 108 -# define EC_R_UNDEFINED_GENERATOR 113 -# define EC_R_UNDEFINED_ORDER 128 -# define EC_R_UNKNOWN_GROUP 129 -# define EC_R_UNKNOWN_ORDER 114 -# define EC_R_UNSUPPORTED_FIELD 131 -# define EC_R_WRONG_CURVE_PARAMETERS 145 -# define EC_R_WRONG_ORDER 130 # ifdef __cplusplus } diff --git a/deps/openssl/openssl/include/openssl/ecerr.h b/deps/openssl/openssl/include/openssl/ecerr.h new file mode 100644 index 00000000000000..8d429387a2a29e --- /dev/null +++ b/deps/openssl/openssl/include/openssl/ecerr.h @@ -0,0 +1,267 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ECERR_H +# define HEADER_ECERR_H + +# include + +# ifndef OPENSSL_NO_EC + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_EC_strings(void); + +/* + * EC function codes. + */ +# define EC_F_BN_TO_FELEM 224 +# define EC_F_D2I_ECPARAMETERS 144 +# define EC_F_D2I_ECPKPARAMETERS 145 +# define EC_F_D2I_ECPRIVATEKEY 146 +# define EC_F_DO_EC_KEY_PRINT 221 +# define EC_F_ECDH_CMS_DECRYPT 238 +# define EC_F_ECDH_CMS_SET_SHARED_INFO 239 +# define EC_F_ECDH_COMPUTE_KEY 246 +# define EC_F_ECDH_SIMPLE_COMPUTE_KEY 257 +# define EC_F_ECDSA_DO_SIGN_EX 251 +# define EC_F_ECDSA_DO_VERIFY 252 +# define EC_F_ECDSA_SIGN_EX 254 +# define EC_F_ECDSA_SIGN_SETUP 248 +# define EC_F_ECDSA_SIG_NEW 265 +# define EC_F_ECDSA_VERIFY 253 +# define EC_F_ECD_ITEM_VERIFY 270 +# define EC_F_ECKEY_PARAM2TYPE 223 +# define EC_F_ECKEY_PARAM_DECODE 212 +# define EC_F_ECKEY_PRIV_DECODE 213 +# define EC_F_ECKEY_PRIV_ENCODE 214 +# define EC_F_ECKEY_PUB_DECODE 215 +# define EC_F_ECKEY_PUB_ENCODE 216 +# define EC_F_ECKEY_TYPE2PARAM 220 +# define EC_F_ECPARAMETERS_PRINT 147 +# define EC_F_ECPARAMETERS_PRINT_FP 148 +# define EC_F_ECPKPARAMETERS_PRINT 149 +# define EC_F_ECPKPARAMETERS_PRINT_FP 150 +# define EC_F_ECP_NISTZ256_GET_AFFINE 240 +# define EC_F_ECP_NISTZ256_INV_MOD_ORD 275 +# define EC_F_ECP_NISTZ256_MULT_PRECOMPUTE 243 +# define EC_F_ECP_NISTZ256_POINTS_MUL 241 +# define EC_F_ECP_NISTZ256_PRE_COMP_NEW 244 +# define EC_F_ECP_NISTZ256_WINDOWED_MUL 242 +# define EC_F_ECX_KEY_OP 266 +# define EC_F_ECX_PRIV_ENCODE 267 +# define EC_F_ECX_PUB_ENCODE 268 +# define EC_F_EC_ASN1_GROUP2CURVE 153 +# define EC_F_EC_ASN1_GROUP2FIELDID 154 +# define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY 208 +# define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT 159 +# define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE 195 +# define EC_F_EC_GF2M_SIMPLE_LADDER_POST 285 +# define EC_F_EC_GF2M_SIMPLE_LADDER_PRE 288 +# define EC_F_EC_GF2M_SIMPLE_OCT2POINT 160 +# define EC_F_EC_GF2M_SIMPLE_POINT2OCT 161 +# define EC_F_EC_GF2M_SIMPLE_POINTS_MUL 289 +# define EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES 162 +# define EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES 163 +# define EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES 164 +# define EC_F_EC_GFP_MONT_FIELD_DECODE 133 +# define EC_F_EC_GFP_MONT_FIELD_ENCODE 134 +# define EC_F_EC_GFP_MONT_FIELD_MUL 131 +# define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE 209 +# define EC_F_EC_GFP_MONT_FIELD_SQR 132 +# define EC_F_EC_GFP_MONT_GROUP_SET_CURVE 189 +# define EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE 225 +# define EC_F_EC_GFP_NISTP224_POINTS_MUL 228 +# define EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES 226 +# define EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE 230 +# define EC_F_EC_GFP_NISTP256_POINTS_MUL 231 +# define EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES 232 +# define EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE 233 +# define EC_F_EC_GFP_NISTP521_POINTS_MUL 234 +# define EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES 235 +# define EC_F_EC_GFP_NIST_FIELD_MUL 200 +# define EC_F_EC_GFP_NIST_FIELD_SQR 201 +# define EC_F_EC_GFP_NIST_GROUP_SET_CURVE 202 +# define EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES 287 +# define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT 165 +# define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE 166 +# define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE 102 +# define EC_F_EC_GFP_SIMPLE_OCT2POINT 103 +# define EC_F_EC_GFP_SIMPLE_POINT2OCT 104 +# define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE 137 +# define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES 167 +# define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES 168 +# define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES 169 +# define EC_F_EC_GROUP_CHECK 170 +# define EC_F_EC_GROUP_CHECK_DISCRIMINANT 171 +# define EC_F_EC_GROUP_COPY 106 +# define EC_F_EC_GROUP_GET_CURVE 291 +# define EC_F_EC_GROUP_GET_CURVE_GF2M 172 +# define EC_F_EC_GROUP_GET_CURVE_GFP 130 +# define EC_F_EC_GROUP_GET_DEGREE 173 +# define EC_F_EC_GROUP_GET_ECPARAMETERS 261 +# define EC_F_EC_GROUP_GET_ECPKPARAMETERS 262 +# define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS 193 +# define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS 194 +# define EC_F_EC_GROUP_NEW 108 +# define EC_F_EC_GROUP_NEW_BY_CURVE_NAME 174 +# define EC_F_EC_GROUP_NEW_FROM_DATA 175 +# define EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS 263 +# define EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS 264 +# define EC_F_EC_GROUP_SET_CURVE 292 +# define EC_F_EC_GROUP_SET_CURVE_GF2M 176 +# define EC_F_EC_GROUP_SET_CURVE_GFP 109 +# define EC_F_EC_GROUP_SET_GENERATOR 111 +# define EC_F_EC_GROUP_SET_SEED 286 +# define EC_F_EC_KEY_CHECK_KEY 177 +# define EC_F_EC_KEY_COPY 178 +# define EC_F_EC_KEY_GENERATE_KEY 179 +# define EC_F_EC_KEY_NEW 182 +# define EC_F_EC_KEY_NEW_METHOD 245 +# define EC_F_EC_KEY_OCT2PRIV 255 +# define EC_F_EC_KEY_PRINT 180 +# define EC_F_EC_KEY_PRINT_FP 181 +# define EC_F_EC_KEY_PRIV2BUF 279 +# define EC_F_EC_KEY_PRIV2OCT 256 +# define EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES 229 +# define EC_F_EC_KEY_SIMPLE_CHECK_KEY 258 +# define EC_F_EC_KEY_SIMPLE_OCT2PRIV 259 +# define EC_F_EC_KEY_SIMPLE_PRIV2OCT 260 +# define EC_F_EC_PKEY_CHECK 273 +# define EC_F_EC_PKEY_PARAM_CHECK 274 +# define EC_F_EC_POINTS_MAKE_AFFINE 136 +# define EC_F_EC_POINTS_MUL 290 +# define EC_F_EC_POINT_ADD 112 +# define EC_F_EC_POINT_BN2POINT 280 +# define EC_F_EC_POINT_CMP 113 +# define EC_F_EC_POINT_COPY 114 +# define EC_F_EC_POINT_DBL 115 +# define EC_F_EC_POINT_GET_AFFINE_COORDINATES 293 +# define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M 183 +# define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP 116 +# define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP 117 +# define EC_F_EC_POINT_INVERT 210 +# define EC_F_EC_POINT_IS_AT_INFINITY 118 +# define EC_F_EC_POINT_IS_ON_CURVE 119 +# define EC_F_EC_POINT_MAKE_AFFINE 120 +# define EC_F_EC_POINT_NEW 121 +# define EC_F_EC_POINT_OCT2POINT 122 +# define EC_F_EC_POINT_POINT2BUF 281 +# define EC_F_EC_POINT_POINT2OCT 123 +# define EC_F_EC_POINT_SET_AFFINE_COORDINATES 294 +# define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M 185 +# define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP 124 +# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES 295 +# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M 186 +# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP 125 +# define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP 126 +# define EC_F_EC_POINT_SET_TO_INFINITY 127 +# define EC_F_EC_PRE_COMP_NEW 196 +# define EC_F_EC_SCALAR_MUL_LADDER 284 +# define EC_F_EC_WNAF_MUL 187 +# define EC_F_EC_WNAF_PRECOMPUTE_MULT 188 +# define EC_F_I2D_ECPARAMETERS 190 +# define EC_F_I2D_ECPKPARAMETERS 191 +# define EC_F_I2D_ECPRIVATEKEY 192 +# define EC_F_I2O_ECPUBLICKEY 151 +# define EC_F_NISTP224_PRE_COMP_NEW 227 +# define EC_F_NISTP256_PRE_COMP_NEW 236 +# define EC_F_NISTP521_PRE_COMP_NEW 237 +# define EC_F_O2I_ECPUBLICKEY 152 +# define EC_F_OLD_EC_PRIV_DECODE 222 +# define EC_F_OSSL_ECDH_COMPUTE_KEY 247 +# define EC_F_OSSL_ECDSA_SIGN_SIG 249 +# define EC_F_OSSL_ECDSA_VERIFY_SIG 250 +# define EC_F_PKEY_ECD_CTRL 271 +# define EC_F_PKEY_ECD_DIGESTSIGN 272 +# define EC_F_PKEY_ECD_DIGESTSIGN25519 276 +# define EC_F_PKEY_ECD_DIGESTSIGN448 277 +# define EC_F_PKEY_ECX_DERIVE 269 +# define EC_F_PKEY_EC_CTRL 197 +# define EC_F_PKEY_EC_CTRL_STR 198 +# define EC_F_PKEY_EC_DERIVE 217 +# define EC_F_PKEY_EC_INIT 282 +# define EC_F_PKEY_EC_KDF_DERIVE 283 +# define EC_F_PKEY_EC_KEYGEN 199 +# define EC_F_PKEY_EC_PARAMGEN 219 +# define EC_F_PKEY_EC_SIGN 218 +# define EC_F_VALIDATE_ECX_DERIVE 278 + +/* + * EC reason codes. + */ +# define EC_R_ASN1_ERROR 115 +# define EC_R_BAD_SIGNATURE 156 +# define EC_R_BIGNUM_OUT_OF_RANGE 144 +# define EC_R_BUFFER_TOO_SMALL 100 +# define EC_R_COORDINATES_OUT_OF_RANGE 146 +# define EC_R_CURVE_DOES_NOT_SUPPORT_ECDH 160 +# define EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING 159 +# define EC_R_D2I_ECPKPARAMETERS_FAILURE 117 +# define EC_R_DECODE_ERROR 142 +# define EC_R_DISCRIMINANT_IS_ZERO 118 +# define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119 +# define EC_R_FIELD_TOO_LARGE 143 +# define EC_R_GF2M_NOT_SUPPORTED 147 +# define EC_R_GROUP2PKPARAMETERS_FAILURE 120 +# define EC_R_I2D_ECPKPARAMETERS_FAILURE 121 +# define EC_R_INCOMPATIBLE_OBJECTS 101 +# define EC_R_INVALID_ARGUMENT 112 +# define EC_R_INVALID_COMPRESSED_POINT 110 +# define EC_R_INVALID_COMPRESSION_BIT 109 +# define EC_R_INVALID_CURVE 141 +# define EC_R_INVALID_DIGEST 151 +# define EC_R_INVALID_DIGEST_TYPE 138 +# define EC_R_INVALID_ENCODING 102 +# define EC_R_INVALID_FIELD 103 +# define EC_R_INVALID_FORM 104 +# define EC_R_INVALID_GROUP_ORDER 122 +# define EC_R_INVALID_KEY 116 +# define EC_R_INVALID_OUTPUT_LENGTH 161 +# define EC_R_INVALID_PEER_KEY 133 +# define EC_R_INVALID_PENTANOMIAL_BASIS 132 +# define EC_R_INVALID_PRIVATE_KEY 123 +# define EC_R_INVALID_TRINOMIAL_BASIS 137 +# define EC_R_KDF_PARAMETER_ERROR 148 +# define EC_R_KEYS_NOT_SET 140 +# define EC_R_LADDER_POST_FAILURE 136 +# define EC_R_LADDER_PRE_FAILURE 153 +# define EC_R_LADDER_STEP_FAILURE 162 +# define EC_R_MISSING_PARAMETERS 124 +# define EC_R_MISSING_PRIVATE_KEY 125 +# define EC_R_NEED_NEW_SETUP_VALUES 157 +# define EC_R_NOT_A_NIST_PRIME 135 +# define EC_R_NOT_IMPLEMENTED 126 +# define EC_R_NOT_INITIALIZED 111 +# define EC_R_NO_PARAMETERS_SET 139 +# define EC_R_NO_PRIVATE_VALUE 154 +# define EC_R_OPERATION_NOT_SUPPORTED 152 +# define EC_R_PASSED_NULL_PARAMETER 134 +# define EC_R_PEER_KEY_ERROR 149 +# define EC_R_PKPARAMETERS2GROUP_FAILURE 127 +# define EC_R_POINT_ARITHMETIC_FAILURE 155 +# define EC_R_POINT_AT_INFINITY 106 +# define EC_R_POINT_COORDINATES_BLIND_FAILURE 163 +# define EC_R_POINT_IS_NOT_ON_CURVE 107 +# define EC_R_RANDOM_NUMBER_GENERATION_FAILED 158 +# define EC_R_SHARED_INFO_ERROR 150 +# define EC_R_SLOT_FULL 108 +# define EC_R_UNDEFINED_GENERATOR 113 +# define EC_R_UNDEFINED_ORDER 128 +# define EC_R_UNKNOWN_COFACTOR 164 +# define EC_R_UNKNOWN_GROUP 129 +# define EC_R_UNKNOWN_ORDER 114 +# define EC_R_UNSUPPORTED_FIELD 131 +# define EC_R_WRONG_CURVE_PARAMETERS 145 +# define EC_R_WRONG_ORDER 130 + +# endif +#endif diff --git a/deps/openssl/openssl/include/openssl/engine.h b/deps/openssl/openssl/include/openssl/engine.h index 26cf714843dc86..0780f0fb5f327d 100644 --- a/deps/openssl/openssl/include/openssl/engine.h +++ b/deps/openssl/openssl/include/openssl/engine.h @@ -1,5 +1,6 @@ /* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,12 +8,6 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECDH support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ - #ifndef HEADER_ENGINE_H # define HEADER_ENGINE_H @@ -32,6 +27,7 @@ # include # include # include +# include # ifdef __cplusplus extern "C" { # endif @@ -405,7 +401,7 @@ int ENGINE_register_complete(ENGINE *e); int ENGINE_register_all_complete(void); /* - * Send parametrised control commands to the engine. The possibilities to + * Send parameterised control commands to the engine. The possibilities to * send down an integer, a pointer to data or a function pointer are * provided. Any of the parameters may or may not be NULL, depending on the * command number. In actuality, this function only requires a structural @@ -743,95 +739,10 @@ typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id, */ void *ENGINE_get_static_state(void); -# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) +# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__) DEPRECATEDIN_1_1_0(void ENGINE_setup_bsd_cryptodev(void)) # endif -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - -int ERR_load_ENGINE_strings(void); - -/* Error codes for the ENGINE functions. */ - -/* Function codes. */ -# define ENGINE_F_DYNAMIC_CTRL 180 -# define ENGINE_F_DYNAMIC_GET_DATA_CTX 181 -# define ENGINE_F_DYNAMIC_LOAD 182 -# define ENGINE_F_DYNAMIC_SET_DATA_CTX 183 -# define ENGINE_F_ENGINE_ADD 105 -# define ENGINE_F_ENGINE_BY_ID 106 -# define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE 170 -# define ENGINE_F_ENGINE_CTRL 142 -# define ENGINE_F_ENGINE_CTRL_CMD 178 -# define ENGINE_F_ENGINE_CTRL_CMD_STRING 171 -# define ENGINE_F_ENGINE_FINISH 107 -# define ENGINE_F_ENGINE_GET_CIPHER 185 -# define ENGINE_F_ENGINE_GET_DIGEST 186 -# define ENGINE_F_ENGINE_GET_FIRST 195 -# define ENGINE_F_ENGINE_GET_LAST 196 -# define ENGINE_F_ENGINE_GET_NEXT 115 -# define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH 193 -# define ENGINE_F_ENGINE_GET_PKEY_METH 192 -# define ENGINE_F_ENGINE_GET_PREV 116 -# define ENGINE_F_ENGINE_INIT 119 -# define ENGINE_F_ENGINE_LIST_ADD 120 -# define ENGINE_F_ENGINE_LIST_REMOVE 121 -# define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150 -# define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151 -# define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 194 -# define ENGINE_F_ENGINE_NEW 122 -# define ENGINE_F_ENGINE_PKEY_ASN1_FIND_STR 197 -# define ENGINE_F_ENGINE_REMOVE 123 -# define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189 -# define ENGINE_F_ENGINE_SET_ID 129 -# define ENGINE_F_ENGINE_SET_NAME 130 -# define ENGINE_F_ENGINE_TABLE_REGISTER 184 -# define ENGINE_F_ENGINE_UNLOCKED_FINISH 191 -# define ENGINE_F_ENGINE_UP_REF 190 -# define ENGINE_F_INT_CTRL_HELPER 172 -# define ENGINE_F_INT_ENGINE_CONFIGURE 188 -# define ENGINE_F_INT_ENGINE_MODULE_INIT 187 - -/* Reason codes. */ -# define ENGINE_R_ALREADY_LOADED 100 -# define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER 133 -# define ENGINE_R_CMD_NOT_EXECUTABLE 134 -# define ENGINE_R_COMMAND_TAKES_INPUT 135 -# define ENGINE_R_COMMAND_TAKES_NO_INPUT 136 -# define ENGINE_R_CONFLICTING_ENGINE_ID 103 -# define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 119 -# define ENGINE_R_DSO_FAILURE 104 -# define ENGINE_R_DSO_NOT_FOUND 132 -# define ENGINE_R_ENGINES_SECTION_ERROR 148 -# define ENGINE_R_ENGINE_CONFIGURATION_ERROR 102 -# define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105 -# define ENGINE_R_ENGINE_SECTION_ERROR 149 -# define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128 -# define ENGINE_R_FAILED_LOADING_PUBLIC_KEY 129 -# define ENGINE_R_FINISH_FAILED 106 -# define ENGINE_R_ID_OR_NAME_MISSING 108 -# define ENGINE_R_INIT_FAILED 109 -# define ENGINE_R_INTERNAL_LIST_ERROR 110 -# define ENGINE_R_INVALID_ARGUMENT 143 -# define ENGINE_R_INVALID_CMD_NAME 137 -# define ENGINE_R_INVALID_CMD_NUMBER 138 -# define ENGINE_R_INVALID_INIT_VALUE 151 -# define ENGINE_R_INVALID_STRING 150 -# define ENGINE_R_NOT_INITIALISED 117 -# define ENGINE_R_NOT_LOADED 112 -# define ENGINE_R_NO_CONTROL_FUNCTION 120 -# define ENGINE_R_NO_INDEX 144 -# define ENGINE_R_NO_LOAD_FUNCTION 125 -# define ENGINE_R_NO_REFERENCE 130 -# define ENGINE_R_NO_SUCH_ENGINE 116 -# define ENGINE_R_UNIMPLEMENTED_CIPHER 146 -# define ENGINE_R_UNIMPLEMENTED_DIGEST 147 -# define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD 101 -# define ENGINE_R_VERSION_INCOMPATIBILITY 145 # ifdef __cplusplus } diff --git a/deps/openssl/openssl/include/openssl/engineerr.h b/deps/openssl/openssl/include/openssl/engineerr.h new file mode 100644 index 00000000000000..b4c036b2106eeb --- /dev/null +++ b/deps/openssl/openssl/include/openssl/engineerr.h @@ -0,0 +1,107 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ENGINEERR_H +# define HEADER_ENGINEERR_H + +# include + +# ifndef OPENSSL_NO_ENGINE + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_ENGINE_strings(void); + +/* + * ENGINE function codes. + */ +# define ENGINE_F_DIGEST_UPDATE 198 +# define ENGINE_F_DYNAMIC_CTRL 180 +# define ENGINE_F_DYNAMIC_GET_DATA_CTX 181 +# define ENGINE_F_DYNAMIC_LOAD 182 +# define ENGINE_F_DYNAMIC_SET_DATA_CTX 183 +# define ENGINE_F_ENGINE_ADD 105 +# define ENGINE_F_ENGINE_BY_ID 106 +# define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE 170 +# define ENGINE_F_ENGINE_CTRL 142 +# define ENGINE_F_ENGINE_CTRL_CMD 178 +# define ENGINE_F_ENGINE_CTRL_CMD_STRING 171 +# define ENGINE_F_ENGINE_FINISH 107 +# define ENGINE_F_ENGINE_GET_CIPHER 185 +# define ENGINE_F_ENGINE_GET_DIGEST 186 +# define ENGINE_F_ENGINE_GET_FIRST 195 +# define ENGINE_F_ENGINE_GET_LAST 196 +# define ENGINE_F_ENGINE_GET_NEXT 115 +# define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH 193 +# define ENGINE_F_ENGINE_GET_PKEY_METH 192 +# define ENGINE_F_ENGINE_GET_PREV 116 +# define ENGINE_F_ENGINE_INIT 119 +# define ENGINE_F_ENGINE_LIST_ADD 120 +# define ENGINE_F_ENGINE_LIST_REMOVE 121 +# define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150 +# define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151 +# define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 194 +# define ENGINE_F_ENGINE_NEW 122 +# define ENGINE_F_ENGINE_PKEY_ASN1_FIND_STR 197 +# define ENGINE_F_ENGINE_REMOVE 123 +# define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189 +# define ENGINE_F_ENGINE_SET_ID 129 +# define ENGINE_F_ENGINE_SET_NAME 130 +# define ENGINE_F_ENGINE_TABLE_REGISTER 184 +# define ENGINE_F_ENGINE_UNLOCKED_FINISH 191 +# define ENGINE_F_ENGINE_UP_REF 190 +# define ENGINE_F_INT_CLEANUP_ITEM 199 +# define ENGINE_F_INT_CTRL_HELPER 172 +# define ENGINE_F_INT_ENGINE_CONFIGURE 188 +# define ENGINE_F_INT_ENGINE_MODULE_INIT 187 +# define ENGINE_F_OSSL_HMAC_INIT 200 + +/* + * ENGINE reason codes. + */ +# define ENGINE_R_ALREADY_LOADED 100 +# define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER 133 +# define ENGINE_R_CMD_NOT_EXECUTABLE 134 +# define ENGINE_R_COMMAND_TAKES_INPUT 135 +# define ENGINE_R_COMMAND_TAKES_NO_INPUT 136 +# define ENGINE_R_CONFLICTING_ENGINE_ID 103 +# define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 119 +# define ENGINE_R_DSO_FAILURE 104 +# define ENGINE_R_DSO_NOT_FOUND 132 +# define ENGINE_R_ENGINES_SECTION_ERROR 148 +# define ENGINE_R_ENGINE_CONFIGURATION_ERROR 102 +# define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105 +# define ENGINE_R_ENGINE_SECTION_ERROR 149 +# define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128 +# define ENGINE_R_FAILED_LOADING_PUBLIC_KEY 129 +# define ENGINE_R_FINISH_FAILED 106 +# define ENGINE_R_ID_OR_NAME_MISSING 108 +# define ENGINE_R_INIT_FAILED 109 +# define ENGINE_R_INTERNAL_LIST_ERROR 110 +# define ENGINE_R_INVALID_ARGUMENT 143 +# define ENGINE_R_INVALID_CMD_NAME 137 +# define ENGINE_R_INVALID_CMD_NUMBER 138 +# define ENGINE_R_INVALID_INIT_VALUE 151 +# define ENGINE_R_INVALID_STRING 150 +# define ENGINE_R_NOT_INITIALISED 117 +# define ENGINE_R_NOT_LOADED 112 +# define ENGINE_R_NO_CONTROL_FUNCTION 120 +# define ENGINE_R_NO_INDEX 144 +# define ENGINE_R_NO_LOAD_FUNCTION 125 +# define ENGINE_R_NO_REFERENCE 130 +# define ENGINE_R_NO_SUCH_ENGINE 116 +# define ENGINE_R_UNIMPLEMENTED_CIPHER 146 +# define ENGINE_R_UNIMPLEMENTED_DIGEST 147 +# define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD 101 +# define ENGINE_R_VERSION_INCOMPATIBILITY 145 + +# endif +#endif diff --git a/deps/openssl/openssl/include/openssl/err.h b/deps/openssl/openssl/include/openssl/err.h index 29a261ceb7d55b..6cae1a36510fb5 100644 --- a/deps/openssl/openssl/include/openssl/err.h +++ b/deps/openssl/openssl/include/openssl/err.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -84,7 +84,7 @@ typedef struct err_state_st { # define ERR_LIB_COMP 41 # define ERR_LIB_ECDSA 42 # define ERR_LIB_ECDH 43 -# define ERR_LIB_STORE 44 +# define ERR_LIB_OSSL_STORE 44 # define ERR_LIB_FIPS 45 # define ERR_LIB_CMS 46 # define ERR_LIB_TS 47 @@ -93,6 +93,7 @@ typedef struct err_state_st { # define ERR_LIB_CT 50 # define ERR_LIB_ASYNC 51 # define ERR_LIB_KDF 52 +# define ERR_LIB_SM2 53 # define ERR_LIB_USER 128 @@ -123,7 +124,7 @@ typedef struct err_state_st { # define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),OPENSSL_FILE,OPENSSL_LINE) # define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE) # define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),OPENSSL_FILE,OPENSSL_LINE) -# define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define OSSL_STOREerr(f,r) ERR_PUT_error(ERR_LIB_OSSL_STORE,(f),(r),OPENSSL_FILE,OPENSSL_LINE) # define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) # define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) # define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) @@ -131,6 +132,7 @@ typedef struct err_state_st { # define CTerr(f,r) ERR_PUT_error(ERR_LIB_CT,(f),(r),OPENSSL_FILE,OPENSSL_LINE) # define ASYNCerr(f,r) ERR_PUT_error(ERR_LIB_ASYNC,(f),(r),OPENSSL_FILE,OPENSSL_LINE) # define KDFerr(f,r) ERR_PUT_error(ERR_LIB_KDF,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define SM2err(f,r) ERR_PUT_error(ERR_LIB_SM2,(f),(r),OPENSSL_FILE,OPENSSL_LINE) # define ERR_PACK(l,f,r) ( \ (((unsigned int)(l) & 0x0FF) << 24L) | \ @@ -160,6 +162,12 @@ typedef struct err_state_st { # define SYS_F_GETSOCKNAME 16 # define SYS_F_GETHOSTBYNAME 17 # define SYS_F_FFLUSH 18 +# define SYS_F_OPEN 19 +# define SYS_F_CLOSE 20 +# define SYS_F_IOCTL 21 +# define SYS_F_STAT 22 +# define SYS_F_FCNTL 23 +# define SYS_F_FSTAT 24 /* reasons */ # define ERR_R_SYS_LIB ERR_LIB_SYS/* 2 */ @@ -178,7 +186,9 @@ typedef struct err_state_st { # define ERR_R_PKCS7_LIB ERR_LIB_PKCS7/* 33 */ # define ERR_R_X509V3_LIB ERR_LIB_X509V3/* 34 */ # define ERR_R_ENGINE_LIB ERR_LIB_ENGINE/* 38 */ +# define ERR_R_UI_LIB ERR_LIB_UI/* 40 */ # define ERR_R_ECDSA_LIB ERR_LIB_ECDSA/* 42 */ +# define ERR_R_OSSL_STORE_LIB ERR_LIB_OSSL_STORE/* 44 */ # define ERR_R_NESTED_ASN1_ERROR 58 # define ERR_R_MISSING_ASN1_EOS 63 @@ -192,6 +202,7 @@ typedef struct err_state_st { # define ERR_R_DISABLED (5|ERR_R_FATAL) # define ERR_R_INIT_FAIL (6|ERR_R_FATAL) # define ERR_R_PASSED_INVALID_ARGUMENT (7) +# define ERR_R_OPERATION_FAIL (8|ERR_R_FATAL) /* * 99 is the maximum possible ERR_R_... code, higher values are reserved for @@ -234,8 +245,9 @@ void ERR_print_errors_fp(FILE *fp); void ERR_print_errors(BIO *bp); void ERR_add_error_data(int num, ...); void ERR_add_error_vdata(int num, va_list args); -int ERR_load_strings(int lib, ERR_STRING_DATA str[]); -int ERR_unload_strings(int lib, ERR_STRING_DATA str[]); +int ERR_load_strings(int lib, ERR_STRING_DATA *str); +int ERR_load_strings_const(const ERR_STRING_DATA *str); +int ERR_unload_strings(int lib, ERR_STRING_DATA *str); int ERR_load_ERR_strings(void); #if OPENSSL_API_COMPAT < 0x10100000L @@ -252,6 +264,7 @@ int ERR_get_next_error_library(void); int ERR_set_mark(void); int ERR_pop_to_mark(void); +int ERR_clear_last_mark(void); #ifdef __cplusplus } diff --git a/deps/openssl/openssl/include/openssl/evp.h b/deps/openssl/openssl/include/openssl/evp.h index 36e2934485aaa0..8c8051993ffe1f 100644 --- a/deps/openssl/openssl/include/openssl/evp.h +++ b/deps/openssl/openssl/include/openssl/evp.h @@ -14,6 +14,7 @@ # include # include # include +# include # define EVP_MAX_MD_SIZE 64/* longest known is SHA512 */ # define EVP_MAX_KEY_LENGTH 64 @@ -40,6 +41,7 @@ # define EVP_PKEY_NONE NID_undef # define EVP_PKEY_RSA NID_rsaEncryption # define EVP_PKEY_RSA2 NID_rsa +# define EVP_PKEY_RSA_PSS NID_rsassaPss # define EVP_PKEY_DSA NID_dsa # define EVP_PKEY_DSA1 NID_dsa_2 # define EVP_PKEY_DSA2 NID_dsaWithSHA @@ -48,10 +50,18 @@ # define EVP_PKEY_DH NID_dhKeyAgreement # define EVP_PKEY_DHX NID_dhpublicnumber # define EVP_PKEY_EC NID_X9_62_id_ecPublicKey +# define EVP_PKEY_SM2 NID_sm2 # define EVP_PKEY_HMAC NID_hmac # define EVP_PKEY_CMAC NID_cmac +# define EVP_PKEY_SCRYPT NID_id_scrypt # define EVP_PKEY_TLS1_PRF NID_tls1_prf # define EVP_PKEY_HKDF NID_hkdf +# define EVP_PKEY_POLY1305 NID_poly1305 +# define EVP_PKEY_SIPHASH NID_siphash +# define EVP_PKEY_X25519 NID_X25519 +# define EVP_PKEY_ED25519 NID_ED25519 +# define EVP_PKEY_X448 NID_X448 +# define EVP_PKEY_ED448 NID_ED448 #ifdef __cplusplus extern "C" { @@ -102,6 +112,9 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, /* digest can only handle a single block */ # define EVP_MD_FLAG_ONESHOT 0x0001 +/* digest is extensible-output function, XOF */ +# define EVP_MD_FLAG_XOF 0x0002 + /* DigestAlgorithmIdentifier flags... */ # define EVP_MD_FLAG_DIGALGID_MASK 0x0018 @@ -125,6 +138,7 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, # define EVP_MD_CTRL_DIGALGID 0x1 # define EVP_MD_CTRL_MICALG 0x2 +# define EVP_MD_CTRL_XOF_LEN 0x3 /* Minimum Algorithm specific ctrl value */ @@ -166,6 +180,7 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, * if the following flag is set. */ # define EVP_MD_CTX_FLAG_FINALISE 0x0200 +/* NOTE: 0x0400 is reserved for internal usage in evp_int.h */ EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len); EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher); @@ -364,6 +379,15 @@ typedef struct { # define EVP_CCM_TLS_FIXED_IV_LEN 4 /* Length of explicit part of IV part of TLS records */ # define EVP_CCM_TLS_EXPLICIT_IV_LEN 8 +/* Total length of CCM IV length for TLS */ +# define EVP_CCM_TLS_IV_LEN 12 +/* Length of tag for TLS */ +# define EVP_CCM_TLS_TAG_LEN 16 +/* Length of CCM8 tag for TLS */ +# define EVP_CCM8_TLS_TAG_LEN 8 + +/* Length of tag for TLS */ +# define EVP_CHACHAPOLY_TLS_TAG_LEN 16 typedef struct evp_cipher_info_st { const EVP_CIPHER *cipher; @@ -396,6 +420,15 @@ typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass, # define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\ (char *)(eckey)) # endif +# ifndef OPENSSL_NO_SIPHASH +# define EVP_PKEY_assign_SIPHASH(pkey,shkey) EVP_PKEY_assign((pkey),EVP_PKEY_SIPHASH,\ + (char *)(shkey)) +# endif + +# ifndef OPENSSL_NO_POLY1305 +# define EVP_PKEY_assign_POLY1305(pkey,polykey) EVP_PKEY_assign((pkey),EVP_PKEY_POLY1305,\ + (char *)(polykey)) +# endif /* Add some extra combinations */ # define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) @@ -421,6 +454,7 @@ void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx, # define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e)) # define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e)) EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx); +void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx); void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx); int EVP_CIPHER_nid(const EVP_CIPHER *cipher); @@ -455,8 +489,8 @@ void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data); # endif # define EVP_CIPHER_CTX_mode(c) EVP_CIPHER_mode(EVP_CIPHER_CTX_cipher(c)) -# define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80) -# define EVP_DECODE_LENGTH(l) ((l+3)/4*3+80) +# define EVP_ENCODE_LENGTH(l) ((((l)+2)/3*4)+((l)/48+1)*2+80) +# define EVP_DECODE_LENGTH(l) (((l)+3)/4*3+80) # define EVP_SignInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) # define EVP_SignInit(a,b) EVP_DigestInit(a,b) @@ -472,13 +506,16 @@ void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data); # ifdef CONST_STRICT void BIO_set_md(BIO *, const EVP_MD *md); # else -# define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,0,(char *)md) +# define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,0,(char *)(md)) # endif -# define BIO_get_md(b,mdp) BIO_ctrl(b,BIO_C_GET_MD,0,(char *)mdp) -# define BIO_get_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(char *)mdcp) -# define BIO_set_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_SET_MD_CTX,0,(char *)mdcp) -# define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) -# define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp) +# define BIO_get_md(b,mdp) BIO_ctrl(b,BIO_C_GET_MD,0,(char *)(mdp)) +# define BIO_get_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_GET_MD_CTX,0, \ + (char *)(mdcp)) +# define BIO_set_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_SET_MD_CTX,0, \ + (char *)(mdcp)) +# define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) +# define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0, \ + (char *)(c_pp)) /*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c, unsigned char *out, @@ -518,14 +555,14 @@ __owur int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in); __owur int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); __owur int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); +__owur int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, + size_t len); -#ifndef OPENSSL_NO_UI int EVP_read_pw_string(char *buf, int length, const char *prompt, int verify); int EVP_read_pw_string_min(char *buf, int minlen, int maxlen, const char *prompt, int verify); void EVP_set_pw_prompt(const char *prompt); char *EVP_get_pw_prompt(void); -#endif __owur int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, const unsigned char *salt, @@ -579,9 +616,17 @@ __owur int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, __owur int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s, EVP_PKEY *pkey); +__owur int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, + size_t *siglen, const unsigned char *tbs, + size_t tbslen); + __owur int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, unsigned int siglen, EVP_PKEY *pkey); +__owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, + size_t siglen, const unsigned char *tbs, + size_t tbslen); + /*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); @@ -662,6 +707,14 @@ const EVP_MD *EVP_sha224(void); const EVP_MD *EVP_sha256(void); const EVP_MD *EVP_sha384(void); const EVP_MD *EVP_sha512(void); +const EVP_MD *EVP_sha512_224(void); +const EVP_MD *EVP_sha512_256(void); +const EVP_MD *EVP_sha3_224(void); +const EVP_MD *EVP_sha3_256(void); +const EVP_MD *EVP_sha3_384(void); +const EVP_MD *EVP_sha3_512(void); +const EVP_MD *EVP_shake128(void); +const EVP_MD *EVP_shake256(void); # ifndef OPENSSL_NO_MDC2 const EVP_MD *EVP_mdc2(void); # endif @@ -671,6 +724,9 @@ const EVP_MD *EVP_ripemd160(void); # ifndef OPENSSL_NO_WHIRLPOOL const EVP_MD *EVP_whirlpool(void); # endif +# ifndef OPENSSL_NO_SM3 +const EVP_MD *EVP_sm3(void); +# endif const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */ # ifndef OPENSSL_NO_DES const EVP_CIPHER *EVP_des_ecb(void); @@ -797,6 +853,38 @@ const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void); const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void); const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void); const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void); +# ifndef OPENSSL_NO_ARIA +const EVP_CIPHER *EVP_aria_128_ecb(void); +const EVP_CIPHER *EVP_aria_128_cbc(void); +const EVP_CIPHER *EVP_aria_128_cfb1(void); +const EVP_CIPHER *EVP_aria_128_cfb8(void); +const EVP_CIPHER *EVP_aria_128_cfb128(void); +# define EVP_aria_128_cfb EVP_aria_128_cfb128 +const EVP_CIPHER *EVP_aria_128_ctr(void); +const EVP_CIPHER *EVP_aria_128_ofb(void); +const EVP_CIPHER *EVP_aria_128_gcm(void); +const EVP_CIPHER *EVP_aria_128_ccm(void); +const EVP_CIPHER *EVP_aria_192_ecb(void); +const EVP_CIPHER *EVP_aria_192_cbc(void); +const EVP_CIPHER *EVP_aria_192_cfb1(void); +const EVP_CIPHER *EVP_aria_192_cfb8(void); +const EVP_CIPHER *EVP_aria_192_cfb128(void); +# define EVP_aria_192_cfb EVP_aria_192_cfb128 +const EVP_CIPHER *EVP_aria_192_ctr(void); +const EVP_CIPHER *EVP_aria_192_ofb(void); +const EVP_CIPHER *EVP_aria_192_gcm(void); +const EVP_CIPHER *EVP_aria_192_ccm(void); +const EVP_CIPHER *EVP_aria_256_ecb(void); +const EVP_CIPHER *EVP_aria_256_cbc(void); +const EVP_CIPHER *EVP_aria_256_cfb1(void); +const EVP_CIPHER *EVP_aria_256_cfb8(void); +const EVP_CIPHER *EVP_aria_256_cfb128(void); +# define EVP_aria_256_cfb EVP_aria_256_cfb128 +const EVP_CIPHER *EVP_aria_256_ctr(void); +const EVP_CIPHER *EVP_aria_256_ofb(void); +const EVP_CIPHER *EVP_aria_256_gcm(void); +const EVP_CIPHER *EVP_aria_256_ccm(void); +# endif # ifndef OPENSSL_NO_CAMELLIA const EVP_CIPHER *EVP_camellia_128_ecb(void); const EVP_CIPHER *EVP_camellia_128_cbc(void); @@ -838,6 +926,15 @@ const EVP_CIPHER *EVP_seed_cfb128(void); const EVP_CIPHER *EVP_seed_ofb(void); # endif +# ifndef OPENSSL_NO_SM4 +const EVP_CIPHER *EVP_sm4_ecb(void); +const EVP_CIPHER *EVP_sm4_cbc(void); +const EVP_CIPHER *EVP_sm4_cfb128(void); +# define EVP_sm4_cfb EVP_sm4_cfb128 +const EVP_CIPHER *EVP_sm4_ofb(void); +const EVP_CIPHER *EVP_sm4_ctr(void); +# endif + # if OPENSSL_API_COMPAT < 0x10100000L # define OPENSSL_add_all_algorithms_conf() \ OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ @@ -900,12 +997,19 @@ int EVP_PKEY_security_bits(const EVP_PKEY *pkey); int EVP_PKEY_size(EVP_PKEY *pkey); int EVP_PKEY_set_type(EVP_PKEY *pkey, int type); int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len); +int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type); # ifndef OPENSSL_NO_ENGINE int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *e); # endif int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key); void *EVP_PKEY_get0(const EVP_PKEY *pkey); const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len); +# ifndef OPENSSL_NO_POLY1305 +const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len); +# endif +# ifndef OPENSSL_NO_SIPHASH +const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len); +# endif # ifndef OPENSSL_NO_RSA struct rsa_st; @@ -1114,6 +1218,38 @@ void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth, X509_ALGOR *alg2, ASN1_BIT_STRING *sig)); +void EVP_PKEY_asn1_set_siginf(EVP_PKEY_ASN1_METHOD *ameth, + int (*siginf_set) (X509_SIG_INFO *siginf, + const X509_ALGOR *alg, + const ASN1_STRING *sig)); + +void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_check) (const EVP_PKEY *pk)); + +void EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_pub_check) (const EVP_PKEY *pk)); + +void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_param_check) (const EVP_PKEY *pk)); + +void EVP_PKEY_asn1_set_set_priv_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*set_priv_key) (EVP_PKEY *pk, + const unsigned char + *priv, + size_t len)); +void EVP_PKEY_asn1_set_set_pub_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*set_pub_key) (EVP_PKEY *pk, + const unsigned char *pub, + size_t len)); +void EVP_PKEY_asn1_set_get_priv_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*get_priv_key) (const EVP_PKEY *pk, + unsigned char *priv, + size_t *len)); +void EVP_PKEY_asn1_set_get_pub_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*get_pub_key) (const EVP_PKEY *pk, + unsigned char *pub, + size_t *len)); + void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, int (*pkey_security_bits) (const EVP_PKEY *pk)); @@ -1145,15 +1281,15 @@ void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, # define EVP_PKEY_CTX_set_signature_md(ctx, md) \ EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, \ - EVP_PKEY_CTRL_MD, 0, (void *)md) + EVP_PKEY_CTRL_MD, 0, (void *)(md)) # define EVP_PKEY_CTX_get_signature_md(ctx, pmd) \ EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, \ - EVP_PKEY_CTRL_GET_MD, 0, (void *)pmd) + EVP_PKEY_CTRL_GET_MD, 0, (void *)(pmd)) # define EVP_PKEY_CTX_set_mac_key(ctx, key, len) \ EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_KEYGEN, \ - EVP_PKEY_CTRL_SET_MAC_KEY, len, (void *)key) + EVP_PKEY_CTRL_SET_MAC_KEY, len, (void *)(key)) # define EVP_PKEY_CTRL_MD 1 # define EVP_PKEY_CTRL_PEER_KEY 2 @@ -1178,6 +1314,8 @@ void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, # define EVP_PKEY_CTRL_GET_MD 13 +# define EVP_PKEY_CTRL_SET_DIGEST_SIZE 14 + # define EVP_PKEY_ALG_CTRL 0x1000 # define EVP_PKEY_FLAG_AUTOARGLEN 2 @@ -1193,6 +1331,9 @@ void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src); void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth); int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth); +int EVP_PKEY_meth_remove(const EVP_PKEY_METHOD *pmeth); +size_t EVP_PKEY_meth_get_count(void); +const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx); EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e); @@ -1203,15 +1344,32 @@ int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, int cmd, int p1, void *p2); int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value); +int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype, + int cmd, uint64_t value); int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str); int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex); +int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md); + int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx); void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen); EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key, int keylen); +EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e, + const unsigned char *priv, + size_t len); +EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e, + const unsigned char *pub, + size_t len); +int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, unsigned char *priv, + size_t *len); +int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub, + size_t *len); + +EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, + size_t len, const EVP_CIPHER *cipher); void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data); void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx); @@ -1253,6 +1411,9 @@ int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx); int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx); int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); +int EVP_PKEY_check(EVP_PKEY_CTX *ctx); +int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx); +int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx); void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb); EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx); @@ -1351,6 +1512,19 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, const char *type, const char *value)); +void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, + int (*check) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth, + int (*check) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth, + int (*check) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_digest_custom(EVP_PKEY_METHOD *pmeth, + int (*digest_custom) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx)); + void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD *pmeth, int (**pinit) (EVP_PKEY_CTX *ctx)); @@ -1443,156 +1617,20 @@ void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth, const char *type, const char *value)); -void EVP_add_alg_module(void); +void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth, + int (**pcheck) (EVP_PKEY *pkey)); -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ +void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD *pmeth, + int (**pcheck) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth, + int (**pcheck) (EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD *pmeth, + int (**pdigest_custom) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx)); +void EVP_add_alg_module(void); -int ERR_load_EVP_strings(void); - -/* Error codes for the EVP functions. */ - -/* Function codes. */ -# define EVP_F_AESNI_INIT_KEY 165 -# define EVP_F_AES_INIT_KEY 133 -# define EVP_F_AES_OCB_CIPHER 169 -# define EVP_F_AES_T4_INIT_KEY 178 -# define EVP_F_AES_WRAP_CIPHER 170 -# define EVP_F_ALG_MODULE_INIT 177 -# define EVP_F_CAMELLIA_INIT_KEY 159 -# define EVP_F_CHACHA20_POLY1305_CTRL 182 -# define EVP_F_CMLL_T4_INIT_KEY 179 -# define EVP_F_DES_EDE3_WRAP_CIPHER 171 -# define EVP_F_DO_SIGVER_INIT 161 -# define EVP_F_EVP_CIPHERINIT_EX 123 -# define EVP_F_EVP_CIPHER_CTX_COPY 163 -# define EVP_F_EVP_CIPHER_CTX_CTRL 124 -# define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 -# define EVP_F_EVP_DECRYPTFINAL_EX 101 -# define EVP_F_EVP_DECRYPTUPDATE 166 -# define EVP_F_EVP_DIGESTINIT_EX 128 -# define EVP_F_EVP_ENCRYPTFINAL_EX 127 -# define EVP_F_EVP_ENCRYPTUPDATE 167 -# define EVP_F_EVP_MD_CTX_COPY_EX 110 -# define EVP_F_EVP_MD_SIZE 162 -# define EVP_F_EVP_OPENINIT 102 -# define EVP_F_EVP_PBE_ALG_ADD 115 -# define EVP_F_EVP_PBE_ALG_ADD_TYPE 160 -# define EVP_F_EVP_PBE_CIPHERINIT 116 -# define EVP_F_EVP_PBE_SCRYPT 181 -# define EVP_F_EVP_PKCS82PKEY 111 -# define EVP_F_EVP_PKEY2PKCS8 113 -# define EVP_F_EVP_PKEY_ASN1_ADD0 168 -# define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 -# define EVP_F_EVP_PKEY_CTX_CTRL 137 -# define EVP_F_EVP_PKEY_CTX_CTRL_STR 150 -# define EVP_F_EVP_PKEY_CTX_DUP 156 -# define EVP_F_EVP_PKEY_DECRYPT 104 -# define EVP_F_EVP_PKEY_DECRYPT_INIT 138 -# define EVP_F_EVP_PKEY_DECRYPT_OLD 151 -# define EVP_F_EVP_PKEY_DERIVE 153 -# define EVP_F_EVP_PKEY_DERIVE_INIT 154 -# define EVP_F_EVP_PKEY_DERIVE_SET_PEER 155 -# define EVP_F_EVP_PKEY_ENCRYPT 105 -# define EVP_F_EVP_PKEY_ENCRYPT_INIT 139 -# define EVP_F_EVP_PKEY_ENCRYPT_OLD 152 -# define EVP_F_EVP_PKEY_GET0_DH 119 -# define EVP_F_EVP_PKEY_GET0_DSA 120 -# define EVP_F_EVP_PKEY_GET0_EC_KEY 131 -# define EVP_F_EVP_PKEY_GET0_HMAC 183 -# define EVP_F_EVP_PKEY_GET0_RSA 121 -# define EVP_F_EVP_PKEY_KEYGEN 146 -# define EVP_F_EVP_PKEY_KEYGEN_INIT 147 -# define EVP_F_EVP_PKEY_METH_ADD0 172 -# define EVP_F_EVP_PKEY_METH_NEW 173 -# define EVP_F_EVP_PKEY_NEW 106 -# define EVP_F_EVP_PKEY_PARAMGEN 148 -# define EVP_F_EVP_PKEY_PARAMGEN_INIT 149 -# define EVP_F_EVP_PKEY_SET1_ENGINE 187 -# define EVP_F_EVP_PKEY_SIGN 140 -# define EVP_F_EVP_PKEY_SIGN_INIT 141 -# define EVP_F_EVP_PKEY_VERIFY 142 -# define EVP_F_EVP_PKEY_VERIFY_INIT 143 -# define EVP_F_EVP_PKEY_VERIFY_RECOVER 144 -# define EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT 145 -# define EVP_F_EVP_SIGNFINAL 107 -# define EVP_F_EVP_VERIFYFINAL 108 -# define EVP_F_INT_CTX_NEW 157 -# define EVP_F_PKCS5_PBE_KEYIVGEN 117 -# define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 -# define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 164 -# define EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN 180 -# define EVP_F_PKEY_SET_TYPE 158 -# define EVP_F_RC2_MAGIC_TO_METH 109 -# define EVP_F_RC5_CTRL 125 - -/* Reason codes. */ -# define EVP_R_AES_KEY_SETUP_FAILED 143 -# define EVP_R_BAD_DECRYPT 100 -# define EVP_R_BUFFER_TOO_SMALL 155 -# define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157 -# define EVP_R_CIPHER_PARAMETER_ERROR 122 -# define EVP_R_COMMAND_NOT_SUPPORTED 147 -# define EVP_R_COPY_ERROR 173 -# define EVP_R_CTRL_NOT_IMPLEMENTED 132 -# define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 -# define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 -# define EVP_R_DECODE_ERROR 114 -# define EVP_R_DIFFERENT_KEY_TYPES 101 -# define EVP_R_DIFFERENT_PARAMETERS 153 -# define EVP_R_ERROR_LOADING_SECTION 165 -# define EVP_R_ERROR_SETTING_FIPS_MODE 166 -# define EVP_R_EXPECTING_AN_HMAC_KEY 174 -# define EVP_R_EXPECTING_AN_RSA_KEY 127 -# define EVP_R_EXPECTING_A_DH_KEY 128 -# define EVP_R_EXPECTING_A_DSA_KEY 129 -# define EVP_R_EXPECTING_A_EC_KEY 142 -# define EVP_R_FIPS_MODE_NOT_SUPPORTED 167 -# define EVP_R_ILLEGAL_SCRYPT_PARAMETERS 171 -# define EVP_R_INITIALIZATION_ERROR 134 -# define EVP_R_INPUT_NOT_INITIALIZED 111 -# define EVP_R_INVALID_DIGEST 152 -# define EVP_R_INVALID_FIPS_MODE 168 -# define EVP_R_INVALID_KEY 163 -# define EVP_R_INVALID_KEY_LENGTH 130 -# define EVP_R_INVALID_OPERATION 148 -# define EVP_R_KEYGEN_FAILURE 120 -# define EVP_R_MEMORY_LIMIT_EXCEEDED 172 -# define EVP_R_MESSAGE_DIGEST_IS_NULL 159 -# define EVP_R_METHOD_NOT_SUPPORTED 144 -# define EVP_R_MISSING_PARAMETERS 103 -# define EVP_R_NO_CIPHER_SET 131 -# define EVP_R_NO_DEFAULT_DIGEST 158 -# define EVP_R_NO_DIGEST_SET 139 -# define EVP_R_NO_KEY_SET 154 -# define EVP_R_NO_OPERATION_SET 149 -# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 -# define EVP_R_OPERATON_NOT_INITIALIZED 151 -# define EVP_R_PARTIALLY_OVERLAPPING 162 -# define EVP_R_PBKDF2_ERROR 176 -# define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 175 -# define EVP_R_PKEY_ASN1_METHOD_ALREADY_REGISTERED 164 -# define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 -# define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 -# define EVP_R_PUBLIC_KEY_NOT_RSA 106 -# define EVP_R_UNKNOWN_CIPHER 160 -# define EVP_R_UNKNOWN_DIGEST 161 -# define EVP_R_UNKNOWN_OPTION 169 -# define EVP_R_UNKNOWN_PBE_ALGORITHM 121 -# define EVP_R_UNSUPPORTED_ALGORITHM 156 -# define EVP_R_UNSUPPORTED_CIPHER 107 -# define EVP_R_UNSUPPORTED_KEYLENGTH 123 -# define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 124 -# define EVP_R_UNSUPPORTED_KEY_SIZE 108 -# define EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS 135 -# define EVP_R_UNSUPPORTED_PRF 125 -# define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 118 -# define EVP_R_UNSUPPORTED_SALT_TYPE 126 -# define EVP_R_WRAP_MODE_NOT_ALLOWED 170 -# define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 # ifdef __cplusplus } diff --git a/deps/openssl/openssl/include/openssl/evperr.h b/deps/openssl/openssl/include/openssl/evperr.h new file mode 100644 index 00000000000000..3484fa841d15a9 --- /dev/null +++ b/deps/openssl/openssl/include/openssl/evperr.h @@ -0,0 +1,193 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_EVPERR_H +# define HEADER_EVPERR_H + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_EVP_strings(void); + +/* + * EVP function codes. + */ +# define EVP_F_AESNI_INIT_KEY 165 +# define EVP_F_AES_GCM_CTRL 196 +# define EVP_F_AES_INIT_KEY 133 +# define EVP_F_AES_OCB_CIPHER 169 +# define EVP_F_AES_T4_INIT_KEY 178 +# define EVP_F_AES_WRAP_CIPHER 170 +# define EVP_F_ALG_MODULE_INIT 177 +# define EVP_F_ARIA_CCM_INIT_KEY 175 +# define EVP_F_ARIA_GCM_CTRL 197 +# define EVP_F_ARIA_GCM_INIT_KEY 176 +# define EVP_F_ARIA_INIT_KEY 185 +# define EVP_F_B64_NEW 198 +# define EVP_F_CAMELLIA_INIT_KEY 159 +# define EVP_F_CHACHA20_POLY1305_CTRL 182 +# define EVP_F_CMLL_T4_INIT_KEY 179 +# define EVP_F_DES_EDE3_WRAP_CIPHER 171 +# define EVP_F_DO_SIGVER_INIT 161 +# define EVP_F_ENC_NEW 199 +# define EVP_F_EVP_CIPHERINIT_EX 123 +# define EVP_F_EVP_CIPHER_ASN1_TO_PARAM 204 +# define EVP_F_EVP_CIPHER_CTX_COPY 163 +# define EVP_F_EVP_CIPHER_CTX_CTRL 124 +# define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 +# define EVP_F_EVP_CIPHER_PARAM_TO_ASN1 205 +# define EVP_F_EVP_DECRYPTFINAL_EX 101 +# define EVP_F_EVP_DECRYPTUPDATE 166 +# define EVP_F_EVP_DIGESTFINALXOF 174 +# define EVP_F_EVP_DIGESTINIT_EX 128 +# define EVP_F_EVP_ENCRYPTFINAL_EX 127 +# define EVP_F_EVP_ENCRYPTUPDATE 167 +# define EVP_F_EVP_MD_CTX_COPY_EX 110 +# define EVP_F_EVP_MD_SIZE 162 +# define EVP_F_EVP_OPENINIT 102 +# define EVP_F_EVP_PBE_ALG_ADD 115 +# define EVP_F_EVP_PBE_ALG_ADD_TYPE 160 +# define EVP_F_EVP_PBE_CIPHERINIT 116 +# define EVP_F_EVP_PBE_SCRYPT 181 +# define EVP_F_EVP_PKCS82PKEY 111 +# define EVP_F_EVP_PKEY2PKCS8 113 +# define EVP_F_EVP_PKEY_ASN1_ADD0 188 +# define EVP_F_EVP_PKEY_CHECK 186 +# define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 +# define EVP_F_EVP_PKEY_CTX_CTRL 137 +# define EVP_F_EVP_PKEY_CTX_CTRL_STR 150 +# define EVP_F_EVP_PKEY_CTX_DUP 156 +# define EVP_F_EVP_PKEY_CTX_MD 168 +# define EVP_F_EVP_PKEY_DECRYPT 104 +# define EVP_F_EVP_PKEY_DECRYPT_INIT 138 +# define EVP_F_EVP_PKEY_DECRYPT_OLD 151 +# define EVP_F_EVP_PKEY_DERIVE 153 +# define EVP_F_EVP_PKEY_DERIVE_INIT 154 +# define EVP_F_EVP_PKEY_DERIVE_SET_PEER 155 +# define EVP_F_EVP_PKEY_ENCRYPT 105 +# define EVP_F_EVP_PKEY_ENCRYPT_INIT 139 +# define EVP_F_EVP_PKEY_ENCRYPT_OLD 152 +# define EVP_F_EVP_PKEY_GET0_DH 119 +# define EVP_F_EVP_PKEY_GET0_DSA 120 +# define EVP_F_EVP_PKEY_GET0_EC_KEY 131 +# define EVP_F_EVP_PKEY_GET0_HMAC 183 +# define EVP_F_EVP_PKEY_GET0_POLY1305 184 +# define EVP_F_EVP_PKEY_GET0_RSA 121 +# define EVP_F_EVP_PKEY_GET0_SIPHASH 172 +# define EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY 202 +# define EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY 203 +# define EVP_F_EVP_PKEY_KEYGEN 146 +# define EVP_F_EVP_PKEY_KEYGEN_INIT 147 +# define EVP_F_EVP_PKEY_METH_ADD0 194 +# define EVP_F_EVP_PKEY_METH_NEW 195 +# define EVP_F_EVP_PKEY_NEW 106 +# define EVP_F_EVP_PKEY_NEW_CMAC_KEY 193 +# define EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY 191 +# define EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY 192 +# define EVP_F_EVP_PKEY_PARAMGEN 148 +# define EVP_F_EVP_PKEY_PARAMGEN_INIT 149 +# define EVP_F_EVP_PKEY_PARAM_CHECK 189 +# define EVP_F_EVP_PKEY_PUBLIC_CHECK 190 +# define EVP_F_EVP_PKEY_SET1_ENGINE 187 +# define EVP_F_EVP_PKEY_SET_ALIAS_TYPE 206 +# define EVP_F_EVP_PKEY_SIGN 140 +# define EVP_F_EVP_PKEY_SIGN_INIT 141 +# define EVP_F_EVP_PKEY_VERIFY 142 +# define EVP_F_EVP_PKEY_VERIFY_INIT 143 +# define EVP_F_EVP_PKEY_VERIFY_RECOVER 144 +# define EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT 145 +# define EVP_F_EVP_SIGNFINAL 107 +# define EVP_F_EVP_VERIFYFINAL 108 +# define EVP_F_INT_CTX_NEW 157 +# define EVP_F_OK_NEW 200 +# define EVP_F_PKCS5_PBE_KEYIVGEN 117 +# define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 +# define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 164 +# define EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN 180 +# define EVP_F_PKEY_SET_TYPE 158 +# define EVP_F_RC2_MAGIC_TO_METH 109 +# define EVP_F_RC5_CTRL 125 +# define EVP_F_S390X_AES_GCM_CTRL 201 +# define EVP_F_UPDATE 173 + +/* + * EVP reason codes. + */ +# define EVP_R_AES_KEY_SETUP_FAILED 143 +# define EVP_R_ARIA_KEY_SETUP_FAILED 176 +# define EVP_R_BAD_DECRYPT 100 +# define EVP_R_BUFFER_TOO_SMALL 155 +# define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157 +# define EVP_R_CIPHER_PARAMETER_ERROR 122 +# define EVP_R_COMMAND_NOT_SUPPORTED 147 +# define EVP_R_COPY_ERROR 173 +# define EVP_R_CTRL_NOT_IMPLEMENTED 132 +# define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 +# define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 +# define EVP_R_DECODE_ERROR 114 +# define EVP_R_DIFFERENT_KEY_TYPES 101 +# define EVP_R_DIFFERENT_PARAMETERS 153 +# define EVP_R_ERROR_LOADING_SECTION 165 +# define EVP_R_ERROR_SETTING_FIPS_MODE 166 +# define EVP_R_EXPECTING_AN_HMAC_KEY 174 +# define EVP_R_EXPECTING_AN_RSA_KEY 127 +# define EVP_R_EXPECTING_A_DH_KEY 128 +# define EVP_R_EXPECTING_A_DSA_KEY 129 +# define EVP_R_EXPECTING_A_EC_KEY 142 +# define EVP_R_EXPECTING_A_POLY1305_KEY 164 +# define EVP_R_EXPECTING_A_SIPHASH_KEY 175 +# define EVP_R_FIPS_MODE_NOT_SUPPORTED 167 +# define EVP_R_GET_RAW_KEY_FAILED 182 +# define EVP_R_ILLEGAL_SCRYPT_PARAMETERS 171 +# define EVP_R_INITIALIZATION_ERROR 134 +# define EVP_R_INPUT_NOT_INITIALIZED 111 +# define EVP_R_INVALID_DIGEST 152 +# define EVP_R_INVALID_FIPS_MODE 168 +# define EVP_R_INVALID_KEY 163 +# define EVP_R_INVALID_KEY_LENGTH 130 +# define EVP_R_INVALID_OPERATION 148 +# define EVP_R_KEYGEN_FAILURE 120 +# define EVP_R_KEY_SETUP_FAILED 180 +# define EVP_R_MEMORY_LIMIT_EXCEEDED 172 +# define EVP_R_MESSAGE_DIGEST_IS_NULL 159 +# define EVP_R_METHOD_NOT_SUPPORTED 144 +# define EVP_R_MISSING_PARAMETERS 103 +# define EVP_R_NOT_XOF_OR_INVALID_LENGTH 178 +# define EVP_R_NO_CIPHER_SET 131 +# define EVP_R_NO_DEFAULT_DIGEST 158 +# define EVP_R_NO_DIGEST_SET 139 +# define EVP_R_NO_KEY_SET 154 +# define EVP_R_NO_OPERATION_SET 149 +# define EVP_R_ONLY_ONESHOT_SUPPORTED 177 +# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 +# define EVP_R_OPERATON_NOT_INITIALIZED 151 +# define EVP_R_PARTIALLY_OVERLAPPING 162 +# define EVP_R_PBKDF2_ERROR 181 +# define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179 +# define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 +# define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 +# define EVP_R_PUBLIC_KEY_NOT_RSA 106 +# define EVP_R_UNKNOWN_CIPHER 160 +# define EVP_R_UNKNOWN_DIGEST 161 +# define EVP_R_UNKNOWN_OPTION 169 +# define EVP_R_UNKNOWN_PBE_ALGORITHM 121 +# define EVP_R_UNSUPPORTED_ALGORITHM 156 +# define EVP_R_UNSUPPORTED_CIPHER 107 +# define EVP_R_UNSUPPORTED_KEYLENGTH 123 +# define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 124 +# define EVP_R_UNSUPPORTED_KEY_SIZE 108 +# define EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS 135 +# define EVP_R_UNSUPPORTED_PRF 125 +# define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 118 +# define EVP_R_UNSUPPORTED_SALT_TYPE 126 +# define EVP_R_WRAP_MODE_NOT_ALLOWED 170 +# define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 + +#endif diff --git a/deps/openssl/openssl/include/openssl/hmac.h b/deps/openssl/openssl/include/openssl/hmac.h index 9f068960590e5d..458efc1d5181a8 100644 --- a/deps/openssl/openssl/include/openssl/hmac.h +++ b/deps/openssl/openssl/include/openssl/hmac.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,7 +14,9 @@ # include -# define HMAC_MAX_MD_CBLOCK 128/* largest known is SHA512 */ +# if OPENSSL_API_COMPAT < 0x10200000L +# define HMAC_MAX_MD_CBLOCK 128 /* Deprecated */ +# endif #ifdef __cplusplus extern "C" { diff --git a/deps/openssl/openssl/include/openssl/kdf.h b/deps/openssl/openssl/include/openssl/kdf.h index 9f87f788b216d4..5abd4c3714756a 100644 --- a/deps/openssl/openssl/include/openssl/kdf.h +++ b/deps/openssl/openssl/include/openssl/kdf.h @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,64 +10,86 @@ #ifndef HEADER_KDF_H # define HEADER_KDF_H +# include #ifdef __cplusplus extern "C" { #endif -# define EVP_PKEY_CTRL_TLS_MD (EVP_PKEY_ALG_CTRL) -# define EVP_PKEY_CTRL_TLS_SECRET (EVP_PKEY_ALG_CTRL + 1) -# define EVP_PKEY_CTRL_TLS_SEED (EVP_PKEY_ALG_CTRL + 2) -# define EVP_PKEY_CTRL_HKDF_MD (EVP_PKEY_ALG_CTRL + 3) -# define EVP_PKEY_CTRL_HKDF_SALT (EVP_PKEY_ALG_CTRL + 4) -# define EVP_PKEY_CTRL_HKDF_KEY (EVP_PKEY_ALG_CTRL + 5) -# define EVP_PKEY_CTRL_HKDF_INFO (EVP_PKEY_ALG_CTRL + 6) +# define EVP_PKEY_CTRL_TLS_MD (EVP_PKEY_ALG_CTRL) +# define EVP_PKEY_CTRL_TLS_SECRET (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_TLS_SEED (EVP_PKEY_ALG_CTRL + 2) +# define EVP_PKEY_CTRL_HKDF_MD (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_HKDF_SALT (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_HKDF_KEY (EVP_PKEY_ALG_CTRL + 5) +# define EVP_PKEY_CTRL_HKDF_INFO (EVP_PKEY_ALG_CTRL + 6) +# define EVP_PKEY_CTRL_HKDF_MODE (EVP_PKEY_ALG_CTRL + 7) +# define EVP_PKEY_CTRL_PASS (EVP_PKEY_ALG_CTRL + 8) +# define EVP_PKEY_CTRL_SCRYPT_SALT (EVP_PKEY_ALG_CTRL + 9) +# define EVP_PKEY_CTRL_SCRYPT_N (EVP_PKEY_ALG_CTRL + 10) +# define EVP_PKEY_CTRL_SCRYPT_R (EVP_PKEY_ALG_CTRL + 11) +# define EVP_PKEY_CTRL_SCRYPT_P (EVP_PKEY_ALG_CTRL + 12) +# define EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES (EVP_PKEY_ALG_CTRL + 13) + +# define EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND 0 +# define EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY 1 +# define EVP_PKEY_HKDEF_MODE_EXPAND_ONLY 2 # define EVP_PKEY_CTX_set_tls1_prf_md(pctx, md) \ EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_TLS_MD, 0, (void *)md) + EVP_PKEY_CTRL_TLS_MD, 0, (void *)(md)) # define EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, sec, seclen) \ EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_TLS_SECRET, seclen, (void *)sec) + EVP_PKEY_CTRL_TLS_SECRET, seclen, (void *)(sec)) # define EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed, seedlen) \ EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_TLS_SEED, seedlen, (void *)seed) + EVP_PKEY_CTRL_TLS_SEED, seedlen, (void *)(seed)) # define EVP_PKEY_CTX_set_hkdf_md(pctx, md) \ EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_HKDF_MD, 0, (void *)md) + EVP_PKEY_CTRL_HKDF_MD, 0, (void *)(md)) # define EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, saltlen) \ EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_HKDF_SALT, saltlen, (void *)salt) + EVP_PKEY_CTRL_HKDF_SALT, saltlen, (void *)(salt)) # define EVP_PKEY_CTX_set1_hkdf_key(pctx, key, keylen) \ EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_HKDF_KEY, keylen, (void *)key) + EVP_PKEY_CTRL_HKDF_KEY, keylen, (void *)(key)) # define EVP_PKEY_CTX_add1_hkdf_info(pctx, info, infolen) \ EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_HKDF_INFO, infolen, (void *)info) + EVP_PKEY_CTRL_HKDF_INFO, infolen, (void *)(info)) -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ +# define EVP_PKEY_CTX_hkdf_mode(pctx, mode) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_MODE, mode, NULL) + +# define EVP_PKEY_CTX_set1_pbe_pass(pctx, pass, passlen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_PASS, passlen, (void *)(pass)) + +# define EVP_PKEY_CTX_set1_scrypt_salt(pctx, salt, saltlen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_SCRYPT_SALT, saltlen, (void *)(salt)) + +# define EVP_PKEY_CTX_set_scrypt_N(pctx, n) \ + EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_SCRYPT_N, n) -int ERR_load_KDF_strings(void); +# define EVP_PKEY_CTX_set_scrypt_r(pctx, r) \ + EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_SCRYPT_R, r) -/* Error codes for the KDF functions. */ +# define EVP_PKEY_CTX_set_scrypt_p(pctx, p) \ + EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_SCRYPT_P, p) -/* Function codes. */ -# define KDF_F_PKEY_TLS1_PRF_CTRL_STR 100 -# define KDF_F_PKEY_TLS1_PRF_DERIVE 101 +# define EVP_PKEY_CTX_set_scrypt_maxmem_bytes(pctx, maxmem_bytes) \ + EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES, maxmem_bytes) -/* Reason codes. */ -# define KDF_R_INVALID_DIGEST 100 -# define KDF_R_MISSING_PARAMETER 101 -# define KDF_R_VALUE_MISSING 102 # ifdef __cplusplus } diff --git a/deps/openssl/openssl/include/openssl/kdferr.h b/deps/openssl/openssl/include/openssl/kdferr.h new file mode 100644 index 00000000000000..6437c271dd6ab0 --- /dev/null +++ b/deps/openssl/openssl/include/openssl/kdferr.h @@ -0,0 +1,51 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_KDFERR_H +# define HEADER_KDFERR_H + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_KDF_strings(void); + +/* + * KDF function codes. + */ +# define KDF_F_PKEY_HKDF_CTRL_STR 103 +# define KDF_F_PKEY_HKDF_DERIVE 102 +# define KDF_F_PKEY_HKDF_INIT 108 +# define KDF_F_PKEY_SCRYPT_CTRL_STR 104 +# define KDF_F_PKEY_SCRYPT_CTRL_UINT64 105 +# define KDF_F_PKEY_SCRYPT_DERIVE 109 +# define KDF_F_PKEY_SCRYPT_INIT 106 +# define KDF_F_PKEY_SCRYPT_SET_MEMBUF 107 +# define KDF_F_PKEY_TLS1_PRF_CTRL_STR 100 +# define KDF_F_PKEY_TLS1_PRF_DERIVE 101 +# define KDF_F_PKEY_TLS1_PRF_INIT 110 +# define KDF_F_TLS1_PRF_ALG 111 + +/* + * KDF reason codes. + */ +# define KDF_R_INVALID_DIGEST 100 +# define KDF_R_MISSING_ITERATION_COUNT 109 +# define KDF_R_MISSING_KEY 104 +# define KDF_R_MISSING_MESSAGE_DIGEST 105 +# define KDF_R_MISSING_PARAMETER 101 +# define KDF_R_MISSING_PASS 110 +# define KDF_R_MISSING_SALT 111 +# define KDF_R_MISSING_SECRET 107 +# define KDF_R_MISSING_SEED 106 +# define KDF_R_UNKNOWN_PARAMETER_TYPE 103 +# define KDF_R_VALUE_ERROR 108 +# define KDF_R_VALUE_MISSING 102 + +#endif diff --git a/deps/openssl/openssl/include/openssl/lhash.h b/deps/openssl/openssl/include/openssl/lhash.h index 8ecc5884842030..88d7d977b9ec3f 100644 --- a/deps/openssl/openssl/include/openssl/lhash.h +++ b/deps/openssl/openssl/include/openssl/lhash.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/include/openssl/modes.h b/deps/openssl/openssl/include/openssl/modes.h index a04c6a5981ac40..d544f98d5585e9 100644 --- a/deps/openssl/openssl/include/openssl/modes.h +++ b/deps/openssl/openssl/include/openssl/modes.h @@ -7,11 +7,14 @@ * https://www.openssl.org/source/license.html */ -#include +#ifndef HEADER_MODES_H +# define HEADER_MODES_H -#ifdef __cplusplus +# include + +# ifdef __cplusplus extern "C" { -#endif +# endif typedef void (*block128_f) (const unsigned char in[16], unsigned char out[16], const void *key); @@ -166,7 +169,7 @@ size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv, unsigned char *out, const unsigned char *in, size_t inlen, block128_f block); -#ifndef OPENSSL_NO_OCB +# ifndef OPENSSL_NO_OCB typedef struct ocb128_context OCB128_CONTEXT; typedef void (*ocb128_f) (const unsigned char *in, unsigned char *out, @@ -196,8 +199,10 @@ int CRYPTO_ocb128_finish(OCB128_CONTEXT *ctx, const unsigned char *tag, size_t len); int CRYPTO_ocb128_tag(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len); void CRYPTO_ocb128_cleanup(OCB128_CONTEXT *ctx); -#endif /* OPENSSL_NO_OCB */ +# endif /* OPENSSL_NO_OCB */ -#ifdef __cplusplus +# ifdef __cplusplus } +# endif + #endif diff --git a/deps/openssl/openssl/include/openssl/obj_mac.h b/deps/openssl/openssl/include/openssl/obj_mac.h index f97f3eaa17cfcb..80ff5a7c869785 100644 --- a/deps/openssl/openssl/include/openssl/obj_mac.h +++ b/deps/openssl/openssl/include/openssl/obj_mac.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/objects/objects.pl * - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at @@ -54,10 +54,24 @@ #define NID_hmac_sha1 781 #define OBJ_hmac_sha1 OBJ_identified_organization,6L,1L,5L,5L,8L,1L,2L +#define SN_x509ExtAdmission "x509ExtAdmission" +#define LN_x509ExtAdmission "Professional Information or basis for Admission" +#define NID_x509ExtAdmission 1093 +#define OBJ_x509ExtAdmission OBJ_identified_organization,36L,8L,3L,3L + #define SN_certicom_arc "certicom-arc" #define NID_certicom_arc 677 #define OBJ_certicom_arc OBJ_identified_organization,132L +#define SN_ieee "ieee" +#define NID_ieee 1170 +#define OBJ_ieee OBJ_identified_organization,111L + +#define SN_ieee_siswg "ieee-siswg" +#define LN_ieee_siswg "IEEE Security in Storage Working Group" +#define NID_ieee_siswg 1171 +#define OBJ_ieee_siswg OBJ_ieee,2L,1619L + #define SN_international_organizations "international-organizations" #define LN_international_organizations "International Organizations" #define NID_international_organizations 647 @@ -95,6 +109,19 @@ #define NID_X9cm 185 #define OBJ_X9cm OBJ_X9_57,4L +#define SN_ISO_CN "ISO-CN" +#define LN_ISO_CN "ISO CN Member Body" +#define NID_ISO_CN 1140 +#define OBJ_ISO_CN OBJ_member_body,156L + +#define SN_oscca "oscca" +#define NID_oscca 1141 +#define OBJ_oscca OBJ_ISO_CN,10197L + +#define SN_sm_scheme "sm-scheme" +#define NID_sm_scheme 1142 +#define OBJ_sm_scheme OBJ_oscca,1L + #define SN_dsa "DSA" #define LN_dsa "dsaEncryption" #define NID_dsa 116 @@ -567,6 +594,16 @@ #define NID_sha224WithRSAEncryption 671 #define OBJ_sha224WithRSAEncryption OBJ_pkcs1,14L +#define SN_sha512_224WithRSAEncryption "RSA-SHA512/224" +#define LN_sha512_224WithRSAEncryption "sha512-224WithRSAEncryption" +#define NID_sha512_224WithRSAEncryption 1145 +#define OBJ_sha512_224WithRSAEncryption OBJ_pkcs1,15L + +#define SN_sha512_256WithRSAEncryption "RSA-SHA512/256" +#define LN_sha512_256WithRSAEncryption "sha512-256WithRSAEncryption" +#define NID_sha512_256WithRSAEncryption 1146 +#define OBJ_sha512_256WithRSAEncryption OBJ_pkcs1,16L + #define SN_pkcs3 "pkcs3" #define NID_pkcs3 27 #define OBJ_pkcs3 OBJ_pkcs,3L @@ -932,6 +969,10 @@ #define NID_id_smime_aa_dvcs_dvc 240 #define OBJ_id_smime_aa_dvcs_dvc OBJ_id_smime_aa,29L +#define SN_id_smime_aa_signingCertificateV2 "id-smime-aa-signingCertificateV2" +#define NID_id_smime_aa_signingCertificateV2 1086 +#define OBJ_id_smime_aa_signingCertificateV2 OBJ_id_smime_aa,47L + #define SN_id_smime_alg_ESDHwith3DES "id-smime-alg-ESDHwith3DES" #define NID_id_smime_alg_ESDHwith3DES 241 #define OBJ_id_smime_alg_ESDHwith3DES OBJ_id_smime_alg,1L @@ -1123,6 +1164,21 @@ #define NID_hmacWithSHA1 163 #define OBJ_hmacWithSHA1 OBJ_rsadsi,2L,7L +#define SN_sm2 "SM2" +#define LN_sm2 "sm2" +#define NID_sm2 1172 +#define OBJ_sm2 OBJ_sm_scheme,301L + +#define SN_sm3 "SM3" +#define LN_sm3 "sm3" +#define NID_sm3 1143 +#define OBJ_sm3 OBJ_sm_scheme,401L + +#define SN_sm3WithRSAEncryption "RSA-SM3" +#define LN_sm3WithRSAEncryption "sm3WithRSAEncryption" +#define NID_sm3WithRSAEncryption 1144 +#define OBJ_sm3WithRSAEncryption OBJ_sm_scheme,504L + #define LN_hmacWithSHA224 "hmacWithSHA224" #define NID_hmacWithSHA224 798 #define OBJ_hmacWithSHA224 OBJ_rsadsi,2L,8L @@ -1139,6 +1195,14 @@ #define NID_hmacWithSHA512 801 #define OBJ_hmacWithSHA512 OBJ_rsadsi,2L,11L +#define LN_hmacWithSHA512_224 "hmacWithSHA512-224" +#define NID_hmacWithSHA512_224 1193 +#define OBJ_hmacWithSHA512_224 OBJ_rsadsi,2L,12L + +#define LN_hmacWithSHA512_256 "hmacWithSHA512-256" +#define NID_hmacWithSHA512_256 1194 +#define OBJ_hmacWithSHA512_256 OBJ_rsadsi,2L,13L + #define SN_rc2_cbc "RC2-CBC" #define LN_rc2_cbc "rc2-cbc" #define NID_rc2_cbc 37 @@ -1563,6 +1627,16 @@ #define NID_sendProxiedOwner 1030 #define OBJ_sendProxiedOwner OBJ_id_kp,26L +#define SN_cmcCA "cmcCA" +#define LN_cmcCA "CMC Certificate Authority" +#define NID_cmcCA 1131 +#define OBJ_cmcCA OBJ_id_kp,27L + +#define SN_cmcRA "cmcRA" +#define LN_cmcRA "CMC Registration Authority" +#define NID_cmcRA 1132 +#define OBJ_cmcRA OBJ_id_kp,28L + #define SN_id_it_caProtEncCert "id-it-caProtEncCert" #define NID_id_it_caProtEncCert 298 #define OBJ_id_it_caProtEncCert OBJ_id_it,1L @@ -2293,6 +2367,24 @@ #define NID_role 400 #define OBJ_role OBJ_X509,72L +#define LN_organizationIdentifier "organizationIdentifier" +#define NID_organizationIdentifier 1089 +#define OBJ_organizationIdentifier OBJ_X509,97L + +#define SN_countryCode3c "c3" +#define LN_countryCode3c "countryCode3c" +#define NID_countryCode3c 1090 +#define OBJ_countryCode3c OBJ_X509,98L + +#define SN_countryCode3n "n3" +#define LN_countryCode3n "countryCode3n" +#define NID_countryCode3n 1091 +#define OBJ_countryCode3n OBJ_X509,99L + +#define LN_dnsName "dnsName" +#define NID_dnsName 1092 +#define OBJ_dnsName OBJ_X509,100L + #define SN_X500algorithms "X500algorithms" #define LN_X500algorithms "directory services - algorithms" #define NID_X500algorithms 378 @@ -2723,6 +2815,16 @@ #define NID_id_aes256_wrap_pad 903 #define OBJ_id_aes256_wrap_pad OBJ_aes,48L +#define SN_aes_128_xts "AES-128-XTS" +#define LN_aes_128_xts "aes-128-xts" +#define NID_aes_128_xts 913 +#define OBJ_aes_128_xts OBJ_ieee_siswg,0L,1L,1L + +#define SN_aes_256_xts "AES-256-XTS" +#define LN_aes_256_xts "aes-256-xts" +#define NID_aes_256_xts 914 +#define OBJ_aes_256_xts OBJ_ieee_siswg,0L,1L,2L + #define SN_aes_128_cfb1 "AES-128-CFB1" #define LN_aes_128_cfb1 "aes-128-cfb1" #define NID_aes_128_cfb1 650 @@ -2771,14 +2873,6 @@ #define LN_aes_256_ocb "aes-256-ocb" #define NID_aes_256_ocb 960 -#define SN_aes_128_xts "AES-128-XTS" -#define LN_aes_128_xts "aes-128-xts" -#define NID_aes_128_xts 913 - -#define SN_aes_256_xts "AES-256-XTS" -#define LN_aes_256_xts "aes-256-xts" -#define NID_aes_256_xts 914 - #define SN_des_cfb1 "DES-CFB1" #define LN_des_cfb1 "des-cfb1" #define NID_des_cfb1 656 @@ -2817,6 +2911,66 @@ #define NID_sha224 675 #define OBJ_sha224 OBJ_nist_hashalgs,4L +#define SN_sha512_224 "SHA512-224" +#define LN_sha512_224 "sha512-224" +#define NID_sha512_224 1094 +#define OBJ_sha512_224 OBJ_nist_hashalgs,5L + +#define SN_sha512_256 "SHA512-256" +#define LN_sha512_256 "sha512-256" +#define NID_sha512_256 1095 +#define OBJ_sha512_256 OBJ_nist_hashalgs,6L + +#define SN_sha3_224 "SHA3-224" +#define LN_sha3_224 "sha3-224" +#define NID_sha3_224 1096 +#define OBJ_sha3_224 OBJ_nist_hashalgs,7L + +#define SN_sha3_256 "SHA3-256" +#define LN_sha3_256 "sha3-256" +#define NID_sha3_256 1097 +#define OBJ_sha3_256 OBJ_nist_hashalgs,8L + +#define SN_sha3_384 "SHA3-384" +#define LN_sha3_384 "sha3-384" +#define NID_sha3_384 1098 +#define OBJ_sha3_384 OBJ_nist_hashalgs,9L + +#define SN_sha3_512 "SHA3-512" +#define LN_sha3_512 "sha3-512" +#define NID_sha3_512 1099 +#define OBJ_sha3_512 OBJ_nist_hashalgs,10L + +#define SN_shake128 "SHAKE128" +#define LN_shake128 "shake128" +#define NID_shake128 1100 +#define OBJ_shake128 OBJ_nist_hashalgs,11L + +#define SN_shake256 "SHAKE256" +#define LN_shake256 "shake256" +#define NID_shake256 1101 +#define OBJ_shake256 OBJ_nist_hashalgs,12L + +#define SN_hmac_sha3_224 "id-hmacWithSHA3-224" +#define LN_hmac_sha3_224 "hmac-sha3-224" +#define NID_hmac_sha3_224 1102 +#define OBJ_hmac_sha3_224 OBJ_nist_hashalgs,13L + +#define SN_hmac_sha3_256 "id-hmacWithSHA3-256" +#define LN_hmac_sha3_256 "hmac-sha3-256" +#define NID_hmac_sha3_256 1103 +#define OBJ_hmac_sha3_256 OBJ_nist_hashalgs,14L + +#define SN_hmac_sha3_384 "id-hmacWithSHA3-384" +#define LN_hmac_sha3_384 "hmac-sha3-384" +#define NID_hmac_sha3_384 1104 +#define OBJ_hmac_sha3_384 OBJ_nist_hashalgs,15L + +#define SN_hmac_sha3_512 "id-hmacWithSHA3-512" +#define LN_hmac_sha3_512 "hmac-sha3-512" +#define NID_hmac_sha3_512 1105 +#define OBJ_hmac_sha3_512 OBJ_nist_hashalgs,16L + #define OBJ_dsa_with_sha2 OBJ_nistAlgorithms,3L #define SN_dsa_with_SHA224 "dsa_with_SHA224" @@ -2827,6 +2981,78 @@ #define NID_dsa_with_SHA256 803 #define OBJ_dsa_with_SHA256 OBJ_dsa_with_sha2,2L +#define OBJ_sigAlgs OBJ_nistAlgorithms,3L + +#define SN_dsa_with_SHA384 "id-dsa-with-sha384" +#define LN_dsa_with_SHA384 "dsa_with_SHA384" +#define NID_dsa_with_SHA384 1106 +#define OBJ_dsa_with_SHA384 OBJ_sigAlgs,3L + +#define SN_dsa_with_SHA512 "id-dsa-with-sha512" +#define LN_dsa_with_SHA512 "dsa_with_SHA512" +#define NID_dsa_with_SHA512 1107 +#define OBJ_dsa_with_SHA512 OBJ_sigAlgs,4L + +#define SN_dsa_with_SHA3_224 "id-dsa-with-sha3-224" +#define LN_dsa_with_SHA3_224 "dsa_with_SHA3-224" +#define NID_dsa_with_SHA3_224 1108 +#define OBJ_dsa_with_SHA3_224 OBJ_sigAlgs,5L + +#define SN_dsa_with_SHA3_256 "id-dsa-with-sha3-256" +#define LN_dsa_with_SHA3_256 "dsa_with_SHA3-256" +#define NID_dsa_with_SHA3_256 1109 +#define OBJ_dsa_with_SHA3_256 OBJ_sigAlgs,6L + +#define SN_dsa_with_SHA3_384 "id-dsa-with-sha3-384" +#define LN_dsa_with_SHA3_384 "dsa_with_SHA3-384" +#define NID_dsa_with_SHA3_384 1110 +#define OBJ_dsa_with_SHA3_384 OBJ_sigAlgs,7L + +#define SN_dsa_with_SHA3_512 "id-dsa-with-sha3-512" +#define LN_dsa_with_SHA3_512 "dsa_with_SHA3-512" +#define NID_dsa_with_SHA3_512 1111 +#define OBJ_dsa_with_SHA3_512 OBJ_sigAlgs,8L + +#define SN_ecdsa_with_SHA3_224 "id-ecdsa-with-sha3-224" +#define LN_ecdsa_with_SHA3_224 "ecdsa_with_SHA3-224" +#define NID_ecdsa_with_SHA3_224 1112 +#define OBJ_ecdsa_with_SHA3_224 OBJ_sigAlgs,9L + +#define SN_ecdsa_with_SHA3_256 "id-ecdsa-with-sha3-256" +#define LN_ecdsa_with_SHA3_256 "ecdsa_with_SHA3-256" +#define NID_ecdsa_with_SHA3_256 1113 +#define OBJ_ecdsa_with_SHA3_256 OBJ_sigAlgs,10L + +#define SN_ecdsa_with_SHA3_384 "id-ecdsa-with-sha3-384" +#define LN_ecdsa_with_SHA3_384 "ecdsa_with_SHA3-384" +#define NID_ecdsa_with_SHA3_384 1114 +#define OBJ_ecdsa_with_SHA3_384 OBJ_sigAlgs,11L + +#define SN_ecdsa_with_SHA3_512 "id-ecdsa-with-sha3-512" +#define LN_ecdsa_with_SHA3_512 "ecdsa_with_SHA3-512" +#define NID_ecdsa_with_SHA3_512 1115 +#define OBJ_ecdsa_with_SHA3_512 OBJ_sigAlgs,12L + +#define SN_RSA_SHA3_224 "id-rsassa-pkcs1-v1_5-with-sha3-224" +#define LN_RSA_SHA3_224 "RSA-SHA3-224" +#define NID_RSA_SHA3_224 1116 +#define OBJ_RSA_SHA3_224 OBJ_sigAlgs,13L + +#define SN_RSA_SHA3_256 "id-rsassa-pkcs1-v1_5-with-sha3-256" +#define LN_RSA_SHA3_256 "RSA-SHA3-256" +#define NID_RSA_SHA3_256 1117 +#define OBJ_RSA_SHA3_256 OBJ_sigAlgs,14L + +#define SN_RSA_SHA3_384 "id-rsassa-pkcs1-v1_5-with-sha3-384" +#define LN_RSA_SHA3_384 "RSA-SHA3-384" +#define NID_RSA_SHA3_384 1118 +#define OBJ_RSA_SHA3_384 OBJ_sigAlgs,15L + +#define SN_RSA_SHA3_512 "id-rsassa-pkcs1-v1_5-with-sha3-512" +#define LN_RSA_SHA3_512 "RSA-SHA3-512" +#define NID_RSA_SHA3_512 1119 +#define OBJ_RSA_SHA3_512 OBJ_sigAlgs,16L + #define SN_hold_instruction_code "holdInstructionCode" #define LN_hold_instruction_code "Hold Instruction Code" #define NID_hold_instruction_code 430 @@ -4000,6 +4226,30 @@ #define NID_id_tc26_cipher 990 #define OBJ_id_tc26_cipher OBJ_id_tc26_algorithms,5L +#define SN_id_tc26_cipher_gostr3412_2015_magma "id-tc26-cipher-gostr3412-2015-magma" +#define NID_id_tc26_cipher_gostr3412_2015_magma 1173 +#define OBJ_id_tc26_cipher_gostr3412_2015_magma OBJ_id_tc26_cipher,1L + +#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm "id-tc26-cipher-gostr3412-2015-magma-ctracpkm" +#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm 1174 +#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm OBJ_id_tc26_cipher_gostr3412_2015_magma,1L + +#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac "id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac" +#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac 1175 +#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac OBJ_id_tc26_cipher_gostr3412_2015_magma,2L + +#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik "id-tc26-cipher-gostr3412-2015-kuznyechik" +#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik 1176 +#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik OBJ_id_tc26_cipher,2L + +#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm" +#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm 1177 +#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik,1L + +#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac" +#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac 1178 +#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik,2L + #define SN_id_tc26_agreement "id-tc26-agreement" #define NID_id_tc26_agreement 991 #define OBJ_id_tc26_agreement OBJ_id_tc26_algorithms,6L @@ -4012,6 +4262,26 @@ #define NID_id_tc26_agreement_gost_3410_2012_512 993 #define OBJ_id_tc26_agreement_gost_3410_2012_512 OBJ_id_tc26_agreement,2L +#define SN_id_tc26_wrap "id-tc26-wrap" +#define NID_id_tc26_wrap 1179 +#define OBJ_id_tc26_wrap OBJ_id_tc26_algorithms,7L + +#define SN_id_tc26_wrap_gostr3412_2015_magma "id-tc26-wrap-gostr3412-2015-magma" +#define NID_id_tc26_wrap_gostr3412_2015_magma 1180 +#define OBJ_id_tc26_wrap_gostr3412_2015_magma OBJ_id_tc26_wrap,1L + +#define SN_id_tc26_wrap_gostr3412_2015_magma_kexp15 "id-tc26-wrap-gostr3412-2015-magma-kexp15" +#define NID_id_tc26_wrap_gostr3412_2015_magma_kexp15 1181 +#define OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15 OBJ_id_tc26_wrap_gostr3412_2015_magma,1L + +#define SN_id_tc26_wrap_gostr3412_2015_kuznyechik "id-tc26-wrap-gostr3412-2015-kuznyechik" +#define NID_id_tc26_wrap_gostr3412_2015_kuznyechik 1182 +#define OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik OBJ_id_tc26_wrap,2L + +#define SN_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 "id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15" +#define NID_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 1183 +#define OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 OBJ_id_tc26_wrap_gostr3412_2015_magma,1L + #define SN_id_tc26_constants "id-tc26-constants" #define NID_id_tc26_constants 994 #define OBJ_id_tc26_constants OBJ_id_tc26,2L @@ -4020,6 +4290,30 @@ #define NID_id_tc26_sign_constants 995 #define OBJ_id_tc26_sign_constants OBJ_id_tc26_constants,1L +#define SN_id_tc26_gost_3410_2012_256_constants "id-tc26-gost-3410-2012-256-constants" +#define NID_id_tc26_gost_3410_2012_256_constants 1147 +#define OBJ_id_tc26_gost_3410_2012_256_constants OBJ_id_tc26_sign_constants,1L + +#define SN_id_tc26_gost_3410_2012_256_paramSetA "id-tc26-gost-3410-2012-256-paramSetA" +#define LN_id_tc26_gost_3410_2012_256_paramSetA "GOST R 34.10-2012 (256 bit) ParamSet A" +#define NID_id_tc26_gost_3410_2012_256_paramSetA 1148 +#define OBJ_id_tc26_gost_3410_2012_256_paramSetA OBJ_id_tc26_gost_3410_2012_256_constants,1L + +#define SN_id_tc26_gost_3410_2012_256_paramSetB "id-tc26-gost-3410-2012-256-paramSetB" +#define LN_id_tc26_gost_3410_2012_256_paramSetB "GOST R 34.10-2012 (256 bit) ParamSet B" +#define NID_id_tc26_gost_3410_2012_256_paramSetB 1184 +#define OBJ_id_tc26_gost_3410_2012_256_paramSetB OBJ_id_tc26_gost_3410_2012_256_constants,2L + +#define SN_id_tc26_gost_3410_2012_256_paramSetC "id-tc26-gost-3410-2012-256-paramSetC" +#define LN_id_tc26_gost_3410_2012_256_paramSetC "GOST R 34.10-2012 (256 bit) ParamSet C" +#define NID_id_tc26_gost_3410_2012_256_paramSetC 1185 +#define OBJ_id_tc26_gost_3410_2012_256_paramSetC OBJ_id_tc26_gost_3410_2012_256_constants,3L + +#define SN_id_tc26_gost_3410_2012_256_paramSetD "id-tc26-gost-3410-2012-256-paramSetD" +#define LN_id_tc26_gost_3410_2012_256_paramSetD "GOST R 34.10-2012 (256 bit) ParamSet D" +#define NID_id_tc26_gost_3410_2012_256_paramSetD 1186 +#define OBJ_id_tc26_gost_3410_2012_256_paramSetD OBJ_id_tc26_gost_3410_2012_256_constants,4L + #define SN_id_tc26_gost_3410_2012_512_constants "id-tc26-gost-3410-2012-512-constants" #define NID_id_tc26_gost_3410_2012_512_constants 996 #define OBJ_id_tc26_gost_3410_2012_512_constants OBJ_id_tc26_sign_constants,2L @@ -4039,6 +4333,11 @@ #define NID_id_tc26_gost_3410_2012_512_paramSetB 999 #define OBJ_id_tc26_gost_3410_2012_512_paramSetB OBJ_id_tc26_gost_3410_2012_512_constants,2L +#define SN_id_tc26_gost_3410_2012_512_paramSetC "id-tc26-gost-3410-2012-512-paramSetC" +#define LN_id_tc26_gost_3410_2012_512_paramSetC "GOST R 34.10-2012 (512 bit) ParamSet C" +#define NID_id_tc26_gost_3410_2012_512_paramSetC 1149 +#define OBJ_id_tc26_gost_3410_2012_512_paramSetC OBJ_id_tc26_gost_3410_2012_512_constants,3L + #define SN_id_tc26_digest_constants "id-tc26-digest-constants" #define NID_id_tc26_digest_constants 1000 #define OBJ_id_tc26_digest_constants OBJ_id_tc26_constants,2L @@ -4099,6 +4398,24 @@ #define SN_grasshopper_mac "grasshopper-mac" #define NID_grasshopper_mac 1017 +#define SN_magma_ecb "magma-ecb" +#define NID_magma_ecb 1187 + +#define SN_magma_ctr "magma-ctr" +#define NID_magma_ctr 1188 + +#define SN_magma_ofb "magma-ofb" +#define NID_magma_ofb 1189 + +#define SN_magma_cbc "magma-cbc" +#define NID_magma_cbc 1190 + +#define SN_magma_cfb "magma-cfb" +#define NID_magma_cfb 1191 + +#define SN_magma_mac "magma-mac" +#define NID_magma_mac 1192 + #define SN_camellia_128_cbc "CAMELLIA-128-CBC" #define LN_camellia_128_cbc "camellia-128-cbc" #define NID_camellia_128_cbc 751 @@ -4259,6 +4576,137 @@ #define LN_camellia_256_cfb8 "camellia-256-cfb8" #define NID_camellia_256_cfb8 765 +#define OBJ_aria 1L,2L,410L,200046L,1L,1L + +#define SN_aria_128_ecb "ARIA-128-ECB" +#define LN_aria_128_ecb "aria-128-ecb" +#define NID_aria_128_ecb 1065 +#define OBJ_aria_128_ecb OBJ_aria,1L + +#define SN_aria_128_cbc "ARIA-128-CBC" +#define LN_aria_128_cbc "aria-128-cbc" +#define NID_aria_128_cbc 1066 +#define OBJ_aria_128_cbc OBJ_aria,2L + +#define SN_aria_128_cfb128 "ARIA-128-CFB" +#define LN_aria_128_cfb128 "aria-128-cfb" +#define NID_aria_128_cfb128 1067 +#define OBJ_aria_128_cfb128 OBJ_aria,3L + +#define SN_aria_128_ofb128 "ARIA-128-OFB" +#define LN_aria_128_ofb128 "aria-128-ofb" +#define NID_aria_128_ofb128 1068 +#define OBJ_aria_128_ofb128 OBJ_aria,4L + +#define SN_aria_128_ctr "ARIA-128-CTR" +#define LN_aria_128_ctr "aria-128-ctr" +#define NID_aria_128_ctr 1069 +#define OBJ_aria_128_ctr OBJ_aria,5L + +#define SN_aria_192_ecb "ARIA-192-ECB" +#define LN_aria_192_ecb "aria-192-ecb" +#define NID_aria_192_ecb 1070 +#define OBJ_aria_192_ecb OBJ_aria,6L + +#define SN_aria_192_cbc "ARIA-192-CBC" +#define LN_aria_192_cbc "aria-192-cbc" +#define NID_aria_192_cbc 1071 +#define OBJ_aria_192_cbc OBJ_aria,7L + +#define SN_aria_192_cfb128 "ARIA-192-CFB" +#define LN_aria_192_cfb128 "aria-192-cfb" +#define NID_aria_192_cfb128 1072 +#define OBJ_aria_192_cfb128 OBJ_aria,8L + +#define SN_aria_192_ofb128 "ARIA-192-OFB" +#define LN_aria_192_ofb128 "aria-192-ofb" +#define NID_aria_192_ofb128 1073 +#define OBJ_aria_192_ofb128 OBJ_aria,9L + +#define SN_aria_192_ctr "ARIA-192-CTR" +#define LN_aria_192_ctr "aria-192-ctr" +#define NID_aria_192_ctr 1074 +#define OBJ_aria_192_ctr OBJ_aria,10L + +#define SN_aria_256_ecb "ARIA-256-ECB" +#define LN_aria_256_ecb "aria-256-ecb" +#define NID_aria_256_ecb 1075 +#define OBJ_aria_256_ecb OBJ_aria,11L + +#define SN_aria_256_cbc "ARIA-256-CBC" +#define LN_aria_256_cbc "aria-256-cbc" +#define NID_aria_256_cbc 1076 +#define OBJ_aria_256_cbc OBJ_aria,12L + +#define SN_aria_256_cfb128 "ARIA-256-CFB" +#define LN_aria_256_cfb128 "aria-256-cfb" +#define NID_aria_256_cfb128 1077 +#define OBJ_aria_256_cfb128 OBJ_aria,13L + +#define SN_aria_256_ofb128 "ARIA-256-OFB" +#define LN_aria_256_ofb128 "aria-256-ofb" +#define NID_aria_256_ofb128 1078 +#define OBJ_aria_256_ofb128 OBJ_aria,14L + +#define SN_aria_256_ctr "ARIA-256-CTR" +#define LN_aria_256_ctr "aria-256-ctr" +#define NID_aria_256_ctr 1079 +#define OBJ_aria_256_ctr OBJ_aria,15L + +#define SN_aria_128_cfb1 "ARIA-128-CFB1" +#define LN_aria_128_cfb1 "aria-128-cfb1" +#define NID_aria_128_cfb1 1080 + +#define SN_aria_192_cfb1 "ARIA-192-CFB1" +#define LN_aria_192_cfb1 "aria-192-cfb1" +#define NID_aria_192_cfb1 1081 + +#define SN_aria_256_cfb1 "ARIA-256-CFB1" +#define LN_aria_256_cfb1 "aria-256-cfb1" +#define NID_aria_256_cfb1 1082 + +#define SN_aria_128_cfb8 "ARIA-128-CFB8" +#define LN_aria_128_cfb8 "aria-128-cfb8" +#define NID_aria_128_cfb8 1083 + +#define SN_aria_192_cfb8 "ARIA-192-CFB8" +#define LN_aria_192_cfb8 "aria-192-cfb8" +#define NID_aria_192_cfb8 1084 + +#define SN_aria_256_cfb8 "ARIA-256-CFB8" +#define LN_aria_256_cfb8 "aria-256-cfb8" +#define NID_aria_256_cfb8 1085 + +#define SN_aria_128_ccm "ARIA-128-CCM" +#define LN_aria_128_ccm "aria-128-ccm" +#define NID_aria_128_ccm 1120 +#define OBJ_aria_128_ccm OBJ_aria,37L + +#define SN_aria_192_ccm "ARIA-192-CCM" +#define LN_aria_192_ccm "aria-192-ccm" +#define NID_aria_192_ccm 1121 +#define OBJ_aria_192_ccm OBJ_aria,38L + +#define SN_aria_256_ccm "ARIA-256-CCM" +#define LN_aria_256_ccm "aria-256-ccm" +#define NID_aria_256_ccm 1122 +#define OBJ_aria_256_ccm OBJ_aria,39L + +#define SN_aria_128_gcm "ARIA-128-GCM" +#define LN_aria_128_gcm "aria-128-gcm" +#define NID_aria_128_gcm 1123 +#define OBJ_aria_128_gcm OBJ_aria,34L + +#define SN_aria_192_gcm "ARIA-192-GCM" +#define LN_aria_192_gcm "aria-192-gcm" +#define NID_aria_192_gcm 1124 +#define OBJ_aria_192_gcm OBJ_aria,35L + +#define SN_aria_256_gcm "ARIA-256-GCM" +#define LN_aria_256_gcm "aria-256-gcm" +#define NID_aria_256_gcm 1125 +#define OBJ_aria_256_gcm OBJ_aria,36L + #define SN_kisa "KISA" #define LN_kisa "kisa" #define NID_kisa 773 @@ -4284,6 +4732,41 @@ #define NID_seed_ofb128 778 #define OBJ_seed_ofb128 OBJ_kisa,1L,6L +#define SN_sm4_ecb "SM4-ECB" +#define LN_sm4_ecb "sm4-ecb" +#define NID_sm4_ecb 1133 +#define OBJ_sm4_ecb OBJ_sm_scheme,104L,1L + +#define SN_sm4_cbc "SM4-CBC" +#define LN_sm4_cbc "sm4-cbc" +#define NID_sm4_cbc 1134 +#define OBJ_sm4_cbc OBJ_sm_scheme,104L,2L + +#define SN_sm4_ofb128 "SM4-OFB" +#define LN_sm4_ofb128 "sm4-ofb" +#define NID_sm4_ofb128 1135 +#define OBJ_sm4_ofb128 OBJ_sm_scheme,104L,3L + +#define SN_sm4_cfb128 "SM4-CFB" +#define LN_sm4_cfb128 "sm4-cfb" +#define NID_sm4_cfb128 1137 +#define OBJ_sm4_cfb128 OBJ_sm_scheme,104L,4L + +#define SN_sm4_cfb1 "SM4-CFB1" +#define LN_sm4_cfb1 "sm4-cfb1" +#define NID_sm4_cfb1 1136 +#define OBJ_sm4_cfb1 OBJ_sm_scheme,104L,5L + +#define SN_sm4_cfb8 "SM4-CFB8" +#define LN_sm4_cfb8 "sm4-cfb8" +#define NID_sm4_cfb8 1138 +#define OBJ_sm4_cfb8 OBJ_sm_scheme,104L,6L + +#define SN_sm4_ctr "SM4-CTR" +#define LN_sm4_ctr "sm4-ctr" +#define NID_sm4_ctr 1139 +#define OBJ_sm4_ctr OBJ_sm_scheme,104L,7L + #define SN_hmac "HMAC" #define LN_hmac "hmac" #define NID_hmac 855 @@ -4475,6 +4958,7 @@ #define OBJ_jurisdictionCountryName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L #define SN_id_scrypt "id-scrypt" +#define LN_id_scrypt "scrypt" #define NID_id_scrypt 973 #define OBJ_id_scrypt 1L,3L,6L,1L,4L,1L,11591L,4L,11L @@ -4508,6 +4992,14 @@ #define NID_X448 1035 #define OBJ_X448 1L,3L,101L,111L +#define SN_ED25519 "ED25519" +#define NID_ED25519 1087 +#define OBJ_ED25519 1L,3L,101L,112L + +#define SN_ED448 "ED448" +#define NID_ED448 1088 +#define OBJ_ED448 1L,3L,101L,113L + #define SN_kx_rsa "KxRSA" #define LN_kx_rsa "kx-rsa" #define NID_kx_rsa 1037 @@ -4544,6 +5036,10 @@ #define LN_kx_gost "kx-gost" #define NID_kx_gost 1045 +#define SN_kx_any "KxANY" +#define LN_kx_any "kx-any" +#define NID_kx_any 1063 + #define SN_auth_rsa "AuthRSA" #define LN_auth_rsa "auth-rsa" #define NID_auth_rsa 1046 @@ -4575,3 +5071,128 @@ #define SN_auth_null "AuthNULL" #define LN_auth_null "auth-null" #define NID_auth_null 1053 + +#define SN_auth_any "AuthANY" +#define LN_auth_any "auth-any" +#define NID_auth_any 1064 + +#define SN_poly1305 "Poly1305" +#define LN_poly1305 "poly1305" +#define NID_poly1305 1061 + +#define SN_siphash "SipHash" +#define LN_siphash "siphash" +#define NID_siphash 1062 + +#define SN_ffdhe2048 "ffdhe2048" +#define NID_ffdhe2048 1126 + +#define SN_ffdhe3072 "ffdhe3072" +#define NID_ffdhe3072 1127 + +#define SN_ffdhe4096 "ffdhe4096" +#define NID_ffdhe4096 1128 + +#define SN_ffdhe6144 "ffdhe6144" +#define NID_ffdhe6144 1129 + +#define SN_ffdhe8192 "ffdhe8192" +#define NID_ffdhe8192 1130 + +#define SN_ISO_UA "ISO-UA" +#define NID_ISO_UA 1150 +#define OBJ_ISO_UA OBJ_member_body,804L + +#define SN_ua_pki "ua-pki" +#define NID_ua_pki 1151 +#define OBJ_ua_pki OBJ_ISO_UA,2L,1L,1L,1L + +#define SN_dstu28147 "dstu28147" +#define LN_dstu28147 "DSTU Gost 28147-2009" +#define NID_dstu28147 1152 +#define OBJ_dstu28147 OBJ_ua_pki,1L,1L,1L + +#define SN_dstu28147_ofb "dstu28147-ofb" +#define LN_dstu28147_ofb "DSTU Gost 28147-2009 OFB mode" +#define NID_dstu28147_ofb 1153 +#define OBJ_dstu28147_ofb OBJ_dstu28147,2L + +#define SN_dstu28147_cfb "dstu28147-cfb" +#define LN_dstu28147_cfb "DSTU Gost 28147-2009 CFB mode" +#define NID_dstu28147_cfb 1154 +#define OBJ_dstu28147_cfb OBJ_dstu28147,3L + +#define SN_dstu28147_wrap "dstu28147-wrap" +#define LN_dstu28147_wrap "DSTU Gost 28147-2009 key wrap" +#define NID_dstu28147_wrap 1155 +#define OBJ_dstu28147_wrap OBJ_dstu28147,5L + +#define SN_hmacWithDstu34311 "hmacWithDstu34311" +#define LN_hmacWithDstu34311 "HMAC DSTU Gost 34311-95" +#define NID_hmacWithDstu34311 1156 +#define OBJ_hmacWithDstu34311 OBJ_ua_pki,1L,1L,2L + +#define SN_dstu34311 "dstu34311" +#define LN_dstu34311 "DSTU Gost 34311-95" +#define NID_dstu34311 1157 +#define OBJ_dstu34311 OBJ_ua_pki,1L,2L,1L + +#define SN_dstu4145le "dstu4145le" +#define LN_dstu4145le "DSTU 4145-2002 little endian" +#define NID_dstu4145le 1158 +#define OBJ_dstu4145le OBJ_ua_pki,1L,3L,1L,1L + +#define SN_dstu4145be "dstu4145be" +#define LN_dstu4145be "DSTU 4145-2002 big endian" +#define NID_dstu4145be 1159 +#define OBJ_dstu4145be OBJ_dstu4145le,1L,1L + +#define SN_uacurve0 "uacurve0" +#define LN_uacurve0 "DSTU curve 0" +#define NID_uacurve0 1160 +#define OBJ_uacurve0 OBJ_dstu4145le,2L,0L + +#define SN_uacurve1 "uacurve1" +#define LN_uacurve1 "DSTU curve 1" +#define NID_uacurve1 1161 +#define OBJ_uacurve1 OBJ_dstu4145le,2L,1L + +#define SN_uacurve2 "uacurve2" +#define LN_uacurve2 "DSTU curve 2" +#define NID_uacurve2 1162 +#define OBJ_uacurve2 OBJ_dstu4145le,2L,2L + +#define SN_uacurve3 "uacurve3" +#define LN_uacurve3 "DSTU curve 3" +#define NID_uacurve3 1163 +#define OBJ_uacurve3 OBJ_dstu4145le,2L,3L + +#define SN_uacurve4 "uacurve4" +#define LN_uacurve4 "DSTU curve 4" +#define NID_uacurve4 1164 +#define OBJ_uacurve4 OBJ_dstu4145le,2L,4L + +#define SN_uacurve5 "uacurve5" +#define LN_uacurve5 "DSTU curve 5" +#define NID_uacurve5 1165 +#define OBJ_uacurve5 OBJ_dstu4145le,2L,5L + +#define SN_uacurve6 "uacurve6" +#define LN_uacurve6 "DSTU curve 6" +#define NID_uacurve6 1166 +#define OBJ_uacurve6 OBJ_dstu4145le,2L,6L + +#define SN_uacurve7 "uacurve7" +#define LN_uacurve7 "DSTU curve 7" +#define NID_uacurve7 1167 +#define OBJ_uacurve7 OBJ_dstu4145le,2L,7L + +#define SN_uacurve8 "uacurve8" +#define LN_uacurve8 "DSTU curve 8" +#define NID_uacurve8 1168 +#define OBJ_uacurve8 OBJ_dstu4145le,2L,8L + +#define SN_uacurve9 "uacurve9" +#define LN_uacurve9 "DSTU curve 9" +#define NID_uacurve9 1169 +#define OBJ_uacurve9 OBJ_dstu4145le,2L,9L diff --git a/deps/openssl/openssl/include/openssl/objects.h b/deps/openssl/openssl/include/openssl/objects.h index d4462feed4b5a8..5e8b5762f8729f 100644 --- a/deps/openssl/openssl/include/openssl/objects.h +++ b/deps/openssl/openssl/include/openssl/objects.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,910 +10,10 @@ #ifndef HEADER_OBJECTS_H # define HEADER_OBJECTS_H -# define USE_OBJ_MAC - -# ifdef USE_OBJ_MAC -# include -# else -# define SN_undef "UNDEF" -# define LN_undef "undefined" -# define NID_undef 0 -# define OBJ_undef 0L - -# define SN_Algorithm "Algorithm" -# define LN_algorithm "algorithm" -# define NID_algorithm 38 -# define OBJ_algorithm 1L,3L,14L,3L,2L - -# define LN_rsadsi "rsadsi" -# define NID_rsadsi 1 -# define OBJ_rsadsi 1L,2L,840L,113549L - -# define LN_pkcs "pkcs" -# define NID_pkcs 2 -# define OBJ_pkcs OBJ_rsadsi,1L - -# define SN_md2 "MD2" -# define LN_md2 "md2" -# define NID_md2 3 -# define OBJ_md2 OBJ_rsadsi,2L,2L - -# define SN_md5 "MD5" -# define LN_md5 "md5" -# define NID_md5 4 -# define OBJ_md5 OBJ_rsadsi,2L,5L - -# define SN_rc4 "RC4" -# define LN_rc4 "rc4" -# define NID_rc4 5 -# define OBJ_rc4 OBJ_rsadsi,3L,4L - -# define LN_rsaEncryption "rsaEncryption" -# define NID_rsaEncryption 6 -# define OBJ_rsaEncryption OBJ_pkcs,1L,1L - -# define SN_md2WithRSAEncryption "RSA-MD2" -# define LN_md2WithRSAEncryption "md2WithRSAEncryption" -# define NID_md2WithRSAEncryption 7 -# define OBJ_md2WithRSAEncryption OBJ_pkcs,1L,2L - -# define SN_md5WithRSAEncryption "RSA-MD5" -# define LN_md5WithRSAEncryption "md5WithRSAEncryption" -# define NID_md5WithRSAEncryption 8 -# define OBJ_md5WithRSAEncryption OBJ_pkcs,1L,4L - -# define SN_pbeWithMD2AndDES_CBC "PBE-MD2-DES" -# define LN_pbeWithMD2AndDES_CBC "pbeWithMD2AndDES-CBC" -# define NID_pbeWithMD2AndDES_CBC 9 -# define OBJ_pbeWithMD2AndDES_CBC OBJ_pkcs,5L,1L - -# define SN_pbeWithMD5AndDES_CBC "PBE-MD5-DES" -# define LN_pbeWithMD5AndDES_CBC "pbeWithMD5AndDES-CBC" -# define NID_pbeWithMD5AndDES_CBC 10 -# define OBJ_pbeWithMD5AndDES_CBC OBJ_pkcs,5L,3L - -# define LN_X500 "X500" -# define NID_X500 11 -# define OBJ_X500 2L,5L - -# define LN_X509 "X509" -# define NID_X509 12 -# define OBJ_X509 OBJ_X500,4L - -# define SN_commonName "CN" -# define LN_commonName "commonName" -# define NID_commonName 13 -# define OBJ_commonName OBJ_X509,3L - -# define SN_countryName "C" -# define LN_countryName "countryName" -# define NID_countryName 14 -# define OBJ_countryName OBJ_X509,6L - -# define SN_localityName "L" -# define LN_localityName "localityName" -# define NID_localityName 15 -# define OBJ_localityName OBJ_X509,7L - -/* Postal Address? PA */ - -/* should be "ST" (rfc1327) but MS uses 'S' */ -# define SN_stateOrProvinceName "ST" -# define LN_stateOrProvinceName "stateOrProvinceName" -# define NID_stateOrProvinceName 16 -# define OBJ_stateOrProvinceName OBJ_X509,8L - -# define SN_organizationName "O" -# define LN_organizationName "organizationName" -# define NID_organizationName 17 -# define OBJ_organizationName OBJ_X509,10L - -# define SN_organizationalUnitName "OU" -# define LN_organizationalUnitName "organizationalUnitName" -# define NID_organizationalUnitName 18 -# define OBJ_organizationalUnitName OBJ_X509,11L - -# define SN_rsa "RSA" -# define LN_rsa "rsa" -# define NID_rsa 19 -# define OBJ_rsa OBJ_X500,8L,1L,1L - -# define LN_pkcs7 "pkcs7" -# define NID_pkcs7 20 -# define OBJ_pkcs7 OBJ_pkcs,7L - -# define LN_pkcs7_data "pkcs7-data" -# define NID_pkcs7_data 21 -# define OBJ_pkcs7_data OBJ_pkcs7,1L - -# define LN_pkcs7_signed "pkcs7-signedData" -# define NID_pkcs7_signed 22 -# define OBJ_pkcs7_signed OBJ_pkcs7,2L - -# define LN_pkcs7_enveloped "pkcs7-envelopedData" -# define NID_pkcs7_enveloped 23 -# define OBJ_pkcs7_enveloped OBJ_pkcs7,3L - -# define LN_pkcs7_signedAndEnveloped "pkcs7-signedAndEnvelopedData" -# define NID_pkcs7_signedAndEnveloped 24 -# define OBJ_pkcs7_signedAndEnveloped OBJ_pkcs7,4L - -# define LN_pkcs7_digest "pkcs7-digestData" -# define NID_pkcs7_digest 25 -# define OBJ_pkcs7_digest OBJ_pkcs7,5L - -# define LN_pkcs7_encrypted "pkcs7-encryptedData" -# define NID_pkcs7_encrypted 26 -# define OBJ_pkcs7_encrypted OBJ_pkcs7,6L - -# define LN_pkcs3 "pkcs3" -# define NID_pkcs3 27 -# define OBJ_pkcs3 OBJ_pkcs,3L - -# define LN_dhKeyAgreement "dhKeyAgreement" -# define NID_dhKeyAgreement 28 -# define OBJ_dhKeyAgreement OBJ_pkcs3,1L - -# define SN_des_ecb "DES-ECB" -# define LN_des_ecb "des-ecb" -# define NID_des_ecb 29 -# define OBJ_des_ecb OBJ_algorithm,6L - -# define SN_des_cfb64 "DES-CFB" -# define LN_des_cfb64 "des-cfb" -# define NID_des_cfb64 30 -/* IV + num */ -# define OBJ_des_cfb64 OBJ_algorithm,9L - -# define SN_des_cbc "DES-CBC" -# define LN_des_cbc "des-cbc" -# define NID_des_cbc 31 -/* IV */ -# define OBJ_des_cbc OBJ_algorithm,7L - -# define SN_des_ede "DES-EDE" -# define LN_des_ede "des-ede" -# define NID_des_ede 32 -/* ?? */ -# define OBJ_des_ede OBJ_algorithm,17L - -# define SN_des_ede3 "DES-EDE3" -# define LN_des_ede3 "des-ede3" -# define NID_des_ede3 33 - -# define SN_idea_cbc "IDEA-CBC" -# define LN_idea_cbc "idea-cbc" -# define NID_idea_cbc 34 -# define OBJ_idea_cbc 1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L - -# define SN_idea_cfb64 "IDEA-CFB" -# define LN_idea_cfb64 "idea-cfb" -# define NID_idea_cfb64 35 - -# define SN_idea_ecb "IDEA-ECB" -# define LN_idea_ecb "idea-ecb" -# define NID_idea_ecb 36 - -# define SN_rc2_cbc "RC2-CBC" -# define LN_rc2_cbc "rc2-cbc" -# define NID_rc2_cbc 37 -# define OBJ_rc2_cbc OBJ_rsadsi,3L,2L - -# define SN_rc2_ecb "RC2-ECB" -# define LN_rc2_ecb "rc2-ecb" -# define NID_rc2_ecb 38 - -# define SN_rc2_cfb64 "RC2-CFB" -# define LN_rc2_cfb64 "rc2-cfb" -# define NID_rc2_cfb64 39 - -# define SN_rc2_ofb64 "RC2-OFB" -# define LN_rc2_ofb64 "rc2-ofb" -# define NID_rc2_ofb64 40 - -# define SN_sha "SHA" -# define LN_sha "sha" -# define NID_sha 41 -# define OBJ_sha OBJ_algorithm,18L - -# define SN_shaWithRSAEncryption "RSA-SHA" -# define LN_shaWithRSAEncryption "shaWithRSAEncryption" -# define NID_shaWithRSAEncryption 42 -# define OBJ_shaWithRSAEncryption OBJ_algorithm,15L - -# define SN_des_ede_cbc "DES-EDE-CBC" -# define LN_des_ede_cbc "des-ede-cbc" -# define NID_des_ede_cbc 43 - -# define SN_des_ede3_cbc "DES-EDE3-CBC" -# define LN_des_ede3_cbc "des-ede3-cbc" -# define NID_des_ede3_cbc 44 -# define OBJ_des_ede3_cbc OBJ_rsadsi,3L,7L - -# define SN_des_ofb64 "DES-OFB" -# define LN_des_ofb64 "des-ofb" -# define NID_des_ofb64 45 -# define OBJ_des_ofb64 OBJ_algorithm,8L - -# define SN_idea_ofb64 "IDEA-OFB" -# define LN_idea_ofb64 "idea-ofb" -# define NID_idea_ofb64 46 - -# define LN_pkcs9 "pkcs9" -# define NID_pkcs9 47 -# define OBJ_pkcs9 OBJ_pkcs,9L - -# define SN_pkcs9_emailAddress "Email" -# define LN_pkcs9_emailAddress "emailAddress" -# define NID_pkcs9_emailAddress 48 -# define OBJ_pkcs9_emailAddress OBJ_pkcs9,1L - -# define LN_pkcs9_unstructuredName "unstructuredName" -# define NID_pkcs9_unstructuredName 49 -# define OBJ_pkcs9_unstructuredName OBJ_pkcs9,2L - -# define LN_pkcs9_contentType "contentType" -# define NID_pkcs9_contentType 50 -# define OBJ_pkcs9_contentType OBJ_pkcs9,3L - -# define LN_pkcs9_messageDigest "messageDigest" -# define NID_pkcs9_messageDigest 51 -# define OBJ_pkcs9_messageDigest OBJ_pkcs9,4L - -# define LN_pkcs9_signingTime "signingTime" -# define NID_pkcs9_signingTime 52 -# define OBJ_pkcs9_signingTime OBJ_pkcs9,5L - -# define LN_pkcs9_countersignature "countersignature" -# define NID_pkcs9_countersignature 53 -# define OBJ_pkcs9_countersignature OBJ_pkcs9,6L - -# define LN_pkcs9_challengePassword "challengePassword" -# define NID_pkcs9_challengePassword 54 -# define OBJ_pkcs9_challengePassword OBJ_pkcs9,7L - -# define LN_pkcs9_unstructuredAddress "unstructuredAddress" -# define NID_pkcs9_unstructuredAddress 55 -# define OBJ_pkcs9_unstructuredAddress OBJ_pkcs9,8L - -# define LN_pkcs9_extCertAttributes "extendedCertificateAttributes" -# define NID_pkcs9_extCertAttributes 56 -# define OBJ_pkcs9_extCertAttributes OBJ_pkcs9,9L - -# define SN_netscape "Netscape" -# define LN_netscape "Netscape Communications Corp." -# define NID_netscape 57 -# define OBJ_netscape 2L,16L,840L,1L,113730L - -# define SN_netscape_cert_extension "nsCertExt" -# define LN_netscape_cert_extension "Netscape Certificate Extension" -# define NID_netscape_cert_extension 58 -# define OBJ_netscape_cert_extension OBJ_netscape,1L - -# define SN_netscape_data_type "nsDataType" -# define LN_netscape_data_type "Netscape Data Type" -# define NID_netscape_data_type 59 -# define OBJ_netscape_data_type OBJ_netscape,2L - -# define SN_des_ede_cfb64 "DES-EDE-CFB" -# define LN_des_ede_cfb64 "des-ede-cfb" -# define NID_des_ede_cfb64 60 - -# define SN_des_ede3_cfb64 "DES-EDE3-CFB" -# define LN_des_ede3_cfb64 "des-ede3-cfb" -# define NID_des_ede3_cfb64 61 - -# define SN_des_ede_ofb64 "DES-EDE-OFB" -# define LN_des_ede_ofb64 "des-ede-ofb" -# define NID_des_ede_ofb64 62 - -# define SN_des_ede3_ofb64 "DES-EDE3-OFB" -# define LN_des_ede3_ofb64 "des-ede3-ofb" -# define NID_des_ede3_ofb64 63 - -/* I'm not sure about the object ID */ -# define SN_sha1 "SHA1" -# define LN_sha1 "sha1" -# define NID_sha1 64 -# define OBJ_sha1 OBJ_algorithm,26L -/* 28 Jun 1996 - eay */ -/* #define OBJ_sha1 1L,3L,14L,2L,26L,05L <- wrong */ - -# define SN_sha1WithRSAEncryption "RSA-SHA1" -# define LN_sha1WithRSAEncryption "sha1WithRSAEncryption" -# define NID_sha1WithRSAEncryption 65 -# define OBJ_sha1WithRSAEncryption OBJ_pkcs,1L,5L - -# define SN_dsaWithSHA "DSA-SHA" -# define LN_dsaWithSHA "dsaWithSHA" -# define NID_dsaWithSHA 66 -# define OBJ_dsaWithSHA OBJ_algorithm,13L - -# define SN_dsa_2 "DSA-old" -# define LN_dsa_2 "dsaEncryption-old" -# define NID_dsa_2 67 -# define OBJ_dsa_2 OBJ_algorithm,12L - -/* proposed by microsoft to RSA */ -# define SN_pbeWithSHA1AndRC2_CBC "PBE-SHA1-RC2-64" -# define LN_pbeWithSHA1AndRC2_CBC "pbeWithSHA1AndRC2-CBC" -# define NID_pbeWithSHA1AndRC2_CBC 68 -# define OBJ_pbeWithSHA1AndRC2_CBC OBJ_pkcs,5L,11L - -/* - * proposed by microsoft to RSA as pbeWithSHA1AndRC4: it is now defined - * explicitly in PKCS#5 v2.0 as id-PBKDF2 which is something completely - * different. - */ -# define LN_id_pbkdf2 "PBKDF2" -# define NID_id_pbkdf2 69 -# define OBJ_id_pbkdf2 OBJ_pkcs,5L,12L - -# define SN_dsaWithSHA1_2 "DSA-SHA1-old" -# define LN_dsaWithSHA1_2 "dsaWithSHA1-old" -# define NID_dsaWithSHA1_2 70 -/* Got this one from 'sdn706r20.pdf' which is actually an NSA document :-) */ -# define OBJ_dsaWithSHA1_2 OBJ_algorithm,27L - -# define SN_netscape_cert_type "nsCertType" -# define LN_netscape_cert_type "Netscape Cert Type" -# define NID_netscape_cert_type 71 -# define OBJ_netscape_cert_type OBJ_netscape_cert_extension,1L - -# define SN_netscape_base_url "nsBaseUrl" -# define LN_netscape_base_url "Netscape Base Url" -# define NID_netscape_base_url 72 -# define OBJ_netscape_base_url OBJ_netscape_cert_extension,2L - -# define SN_netscape_revocation_url "nsRevocationUrl" -# define LN_netscape_revocation_url "Netscape Revocation Url" -# define NID_netscape_revocation_url 73 -# define OBJ_netscape_revocation_url OBJ_netscape_cert_extension,3L - -# define SN_netscape_ca_revocation_url "nsCaRevocationUrl" -# define LN_netscape_ca_revocation_url "Netscape CA Revocation Url" -# define NID_netscape_ca_revocation_url 74 -# define OBJ_netscape_ca_revocation_url OBJ_netscape_cert_extension,4L - -# define SN_netscape_renewal_url "nsRenewalUrl" -# define LN_netscape_renewal_url "Netscape Renewal Url" -# define NID_netscape_renewal_url 75 -# define OBJ_netscape_renewal_url OBJ_netscape_cert_extension,7L - -# define SN_netscape_ca_policy_url "nsCaPolicyUrl" -# define LN_netscape_ca_policy_url "Netscape CA Policy Url" -# define NID_netscape_ca_policy_url 76 -# define OBJ_netscape_ca_policy_url OBJ_netscape_cert_extension,8L - -# define SN_netscape_ssl_server_name "nsSslServerName" -# define LN_netscape_ssl_server_name "Netscape SSL Server Name" -# define NID_netscape_ssl_server_name 77 -# define OBJ_netscape_ssl_server_name OBJ_netscape_cert_extension,12L - -# define SN_netscape_comment "nsComment" -# define LN_netscape_comment "Netscape Comment" -# define NID_netscape_comment 78 -# define OBJ_netscape_comment OBJ_netscape_cert_extension,13L - -# define SN_netscape_cert_sequence "nsCertSequence" -# define LN_netscape_cert_sequence "Netscape Certificate Sequence" -# define NID_netscape_cert_sequence 79 -# define OBJ_netscape_cert_sequence OBJ_netscape_data_type,5L - -# define SN_desx_cbc "DESX-CBC" -# define LN_desx_cbc "desx-cbc" -# define NID_desx_cbc 80 - -# define SN_id_ce "id-ce" -# define NID_id_ce 81 -# define OBJ_id_ce 2L,5L,29L - -# define SN_subject_key_identifier "subjectKeyIdentifier" -# define LN_subject_key_identifier "X509v3 Subject Key Identifier" -# define NID_subject_key_identifier 82 -# define OBJ_subject_key_identifier OBJ_id_ce,14L - -# define SN_key_usage "keyUsage" -# define LN_key_usage "X509v3 Key Usage" -# define NID_key_usage 83 -# define OBJ_key_usage OBJ_id_ce,15L - -# define SN_private_key_usage_period "privateKeyUsagePeriod" -# define LN_private_key_usage_period "X509v3 Private Key Usage Period" -# define NID_private_key_usage_period 84 -# define OBJ_private_key_usage_period OBJ_id_ce,16L - -# define SN_subject_alt_name "subjectAltName" -# define LN_subject_alt_name "X509v3 Subject Alternative Name" -# define NID_subject_alt_name 85 -# define OBJ_subject_alt_name OBJ_id_ce,17L - -# define SN_issuer_alt_name "issuerAltName" -# define LN_issuer_alt_name "X509v3 Issuer Alternative Name" -# define NID_issuer_alt_name 86 -# define OBJ_issuer_alt_name OBJ_id_ce,18L - -# define SN_basic_constraints "basicConstraints" -# define LN_basic_constraints "X509v3 Basic Constraints" -# define NID_basic_constraints 87 -# define OBJ_basic_constraints OBJ_id_ce,19L - -# define SN_crl_number "crlNumber" -# define LN_crl_number "X509v3 CRL Number" -# define NID_crl_number 88 -# define OBJ_crl_number OBJ_id_ce,20L - -# define SN_certificate_policies "certificatePolicies" -# define LN_certificate_policies "X509v3 Certificate Policies" -# define NID_certificate_policies 89 -# define OBJ_certificate_policies OBJ_id_ce,32L - -# define SN_authority_key_identifier "authorityKeyIdentifier" -# define LN_authority_key_identifier "X509v3 Authority Key Identifier" -# define NID_authority_key_identifier 90 -# define OBJ_authority_key_identifier OBJ_id_ce,35L - -# define SN_bf_cbc "BF-CBC" -# define LN_bf_cbc "bf-cbc" -# define NID_bf_cbc 91 -# define OBJ_bf_cbc 1L,3L,6L,1L,4L,1L,3029L,1L,2L - -# define SN_bf_ecb "BF-ECB" -# define LN_bf_ecb "bf-ecb" -# define NID_bf_ecb 92 - -# define SN_bf_cfb64 "BF-CFB" -# define LN_bf_cfb64 "bf-cfb" -# define NID_bf_cfb64 93 - -# define SN_bf_ofb64 "BF-OFB" -# define LN_bf_ofb64 "bf-ofb" -# define NID_bf_ofb64 94 - -# define SN_mdc2 "MDC2" -# define LN_mdc2 "mdc2" -# define NID_mdc2 95 -# define OBJ_mdc2 2L,5L,8L,3L,101L -/* An alternative? 1L,3L,14L,3L,2L,19L */ - -# define SN_mdc2WithRSA "RSA-MDC2" -# define LN_mdc2WithRSA "mdc2withRSA" -# define NID_mdc2WithRSA 96 -# define OBJ_mdc2WithRSA 2L,5L,8L,3L,100L - -# define SN_rc4_40 "RC4-40" -# define LN_rc4_40 "rc4-40" -# define NID_rc4_40 97 - -# define SN_rc2_40_cbc "RC2-40-CBC" -# define LN_rc2_40_cbc "rc2-40-cbc" -# define NID_rc2_40_cbc 98 - -# define SN_givenName "G" -# define LN_givenName "givenName" -# define NID_givenName 99 -# define OBJ_givenName OBJ_X509,42L - -# define SN_surname "S" -# define LN_surname "surname" -# define NID_surname 100 -# define OBJ_surname OBJ_X509,4L - -# define SN_initials "I" -# define LN_initials "initials" -# define NID_initials 101 -# define OBJ_initials OBJ_X509,43L - -# define SN_uniqueIdentifier "UID" -# define LN_uniqueIdentifier "uniqueIdentifier" -# define NID_uniqueIdentifier 102 -# define OBJ_uniqueIdentifier OBJ_X509,45L - -# define SN_crl_distribution_points "crlDistributionPoints" -# define LN_crl_distribution_points "X509v3 CRL Distribution Points" -# define NID_crl_distribution_points 103 -# define OBJ_crl_distribution_points OBJ_id_ce,31L - -# define SN_md5WithRSA "RSA-NP-MD5" -# define LN_md5WithRSA "md5WithRSA" -# define NID_md5WithRSA 104 -# define OBJ_md5WithRSA OBJ_algorithm,3L - -# define SN_serialNumber "SN" -# define LN_serialNumber "serialNumber" -# define NID_serialNumber 105 -# define OBJ_serialNumber OBJ_X509,5L - -# define SN_title "T" -# define LN_title "title" -# define NID_title 106 -# define OBJ_title OBJ_X509,12L - -# define SN_description "D" -# define LN_description "description" -# define NID_description 107 -# define OBJ_description OBJ_X509,13L - -/* CAST5 is CAST-128, I'm just sticking with the documentation */ -# define SN_cast5_cbc "CAST5-CBC" -# define LN_cast5_cbc "cast5-cbc" -# define NID_cast5_cbc 108 -# define OBJ_cast5_cbc 1L,2L,840L,113533L,7L,66L,10L - -# define SN_cast5_ecb "CAST5-ECB" -# define LN_cast5_ecb "cast5-ecb" -# define NID_cast5_ecb 109 - -# define SN_cast5_cfb64 "CAST5-CFB" -# define LN_cast5_cfb64 "cast5-cfb" -# define NID_cast5_cfb64 110 - -# define SN_cast5_ofb64 "CAST5-OFB" -# define LN_cast5_ofb64 "cast5-ofb" -# define NID_cast5_ofb64 111 - -# define LN_pbeWithMD5AndCast5_CBC "pbeWithMD5AndCast5CBC" -# define NID_pbeWithMD5AndCast5_CBC 112 -# define OBJ_pbeWithMD5AndCast5_CBC 1L,2L,840L,113533L,7L,66L,12L - -/*- - * This is one sun will soon be using :-( - * id-dsa-with-sha1 ID ::= { - * iso(1) member-body(2) us(840) x9-57 (10040) x9cm(4) 3 } - */ -# define SN_dsaWithSHA1 "DSA-SHA1" -# define LN_dsaWithSHA1 "dsaWithSHA1" -# define NID_dsaWithSHA1 113 -# define OBJ_dsaWithSHA1 1L,2L,840L,10040L,4L,3L - -# define NID_md5_sha1 114 -# define SN_md5_sha1 "MD5-SHA1" -# define LN_md5_sha1 "md5-sha1" - -# define SN_sha1WithRSA "RSA-SHA1-2" -# define LN_sha1WithRSA "sha1WithRSA" -# define NID_sha1WithRSA 115 -# define OBJ_sha1WithRSA OBJ_algorithm,29L - -# define SN_dsa "DSA" -# define LN_dsa "dsaEncryption" -# define NID_dsa 116 -# define OBJ_dsa 1L,2L,840L,10040L,4L,1L - -# define SN_ripemd160 "RIPEMD160" -# define LN_ripemd160 "ripemd160" -# define NID_ripemd160 117 -# define OBJ_ripemd160 1L,3L,36L,3L,2L,1L - -/* - * The name should actually be rsaSignatureWithripemd160, but I'm going to - * continue using the convention I'm using with the other ciphers - */ -# define SN_ripemd160WithRSA "RSA-RIPEMD160" -# define LN_ripemd160WithRSA "ripemd160WithRSA" -# define NID_ripemd160WithRSA 119 -# define OBJ_ripemd160WithRSA 1L,3L,36L,3L,3L,1L,2L - -/*- - * Taken from rfc2040 - * RC5_CBC_Parameters ::= SEQUENCE { - * version INTEGER (v1_0(16)), - * rounds INTEGER (8..127), - * blockSizeInBits INTEGER (64, 128), - * iv OCTET STRING OPTIONAL - * } - */ -# define SN_rc5_cbc "RC5-CBC" -# define LN_rc5_cbc "rc5-cbc" -# define NID_rc5_cbc 120 -# define OBJ_rc5_cbc OBJ_rsadsi,3L,8L - -# define SN_rc5_ecb "RC5-ECB" -# define LN_rc5_ecb "rc5-ecb" -# define NID_rc5_ecb 121 - -# define SN_rc5_cfb64 "RC5-CFB" -# define LN_rc5_cfb64 "rc5-cfb" -# define NID_rc5_cfb64 122 - -# define SN_rc5_ofb64 "RC5-OFB" -# define LN_rc5_ofb64 "rc5-ofb" -# define NID_rc5_ofb64 123 - -# define SN_rle_compression "RLE" -# define LN_rle_compression "run length compression" -# define NID_rle_compression 124 -# define OBJ_rle_compression 1L,1L,1L,1L,666L,1L - -# define SN_zlib_compression "ZLIB" -# define LN_zlib_compression "zlib compression" -# define NID_zlib_compression 125 -# define OBJ_zlib_compression 1L,1L,1L,1L,666L,2L - -# define SN_ext_key_usage "extendedKeyUsage" -# define LN_ext_key_usage "X509v3 Extended Key Usage" -# define NID_ext_key_usage 126 -# define OBJ_ext_key_usage OBJ_id_ce,37 - -# define SN_id_pkix "PKIX" -# define NID_id_pkix 127 -# define OBJ_id_pkix 1L,3L,6L,1L,5L,5L,7L - -# define SN_id_kp "id-kp" -# define NID_id_kp 128 -# define OBJ_id_kp OBJ_id_pkix,3L - -/* PKIX extended key usage OIDs */ - -# define SN_server_auth "serverAuth" -# define LN_server_auth "TLS Web Server Authentication" -# define NID_server_auth 129 -# define OBJ_server_auth OBJ_id_kp,1L - -# define SN_client_auth "clientAuth" -# define LN_client_auth "TLS Web Client Authentication" -# define NID_client_auth 130 -# define OBJ_client_auth OBJ_id_kp,2L - -# define SN_code_sign "codeSigning" -# define LN_code_sign "Code Signing" -# define NID_code_sign 131 -# define OBJ_code_sign OBJ_id_kp,3L - -# define SN_email_protect "emailProtection" -# define LN_email_protect "E-mail Protection" -# define NID_email_protect 132 -# define OBJ_email_protect OBJ_id_kp,4L - -# define SN_time_stamp "timeStamping" -# define LN_time_stamp "Time Stamping" -# define NID_time_stamp 133 -# define OBJ_time_stamp OBJ_id_kp,8L - -/* Additional extended key usage OIDs: Microsoft */ - -# define SN_ms_code_ind "msCodeInd" -# define LN_ms_code_ind "Microsoft Individual Code Signing" -# define NID_ms_code_ind 134 -# define OBJ_ms_code_ind 1L,3L,6L,1L,4L,1L,311L,2L,1L,21L - -# define SN_ms_code_com "msCodeCom" -# define LN_ms_code_com "Microsoft Commercial Code Signing" -# define NID_ms_code_com 135 -# define OBJ_ms_code_com 1L,3L,6L,1L,4L,1L,311L,2L,1L,22L - -# define SN_ms_ctl_sign "msCTLSign" -# define LN_ms_ctl_sign "Microsoft Trust List Signing" -# define NID_ms_ctl_sign 136 -# define OBJ_ms_ctl_sign 1L,3L,6L,1L,4L,1L,311L,10L,3L,1L - -# define SN_ms_sgc "msSGC" -# define LN_ms_sgc "Microsoft Server Gated Crypto" -# define NID_ms_sgc 137 -# define OBJ_ms_sgc 1L,3L,6L,1L,4L,1L,311L,10L,3L,3L - -# define SN_ms_efs "msEFS" -# define LN_ms_efs "Microsoft Encrypted File System" -# define NID_ms_efs 138 -# define OBJ_ms_efs 1L,3L,6L,1L,4L,1L,311L,10L,3L,4L - -/* Additional usage: Netscape */ - -# define SN_ns_sgc "nsSGC" -# define LN_ns_sgc "Netscape Server Gated Crypto" -# define NID_ns_sgc 139 -# define OBJ_ns_sgc OBJ_netscape,4L,1L - -# define SN_delta_crl "deltaCRL" -# define LN_delta_crl "X509v3 Delta CRL Indicator" -# define NID_delta_crl 140 -# define OBJ_delta_crl OBJ_id_ce,27L - -# define SN_crl_reason "CRLReason" -# define LN_crl_reason "CRL Reason Code" -# define NID_crl_reason 141 -# define OBJ_crl_reason OBJ_id_ce,21L - -# define SN_invalidity_date "invalidityDate" -# define LN_invalidity_date "Invalidity Date" -# define NID_invalidity_date 142 -# define OBJ_invalidity_date OBJ_id_ce,24L - -# define SN_sxnet "SXNetID" -# define LN_sxnet "Strong Extranet ID" -# define NID_sxnet 143 -# define OBJ_sxnet 1L,3L,101L,1L,4L,1L - -/* PKCS12 and related OBJECT IDENTIFIERS */ - -# define OBJ_pkcs12 OBJ_pkcs,12L -# define OBJ_pkcs12_pbeids OBJ_pkcs12, 1 - -# define SN_pbe_WithSHA1And128BitRC4 "PBE-SHA1-RC4-128" -# define LN_pbe_WithSHA1And128BitRC4 "pbeWithSHA1And128BitRC4" -# define NID_pbe_WithSHA1And128BitRC4 144 -# define OBJ_pbe_WithSHA1And128BitRC4 OBJ_pkcs12_pbeids, 1L - -# define SN_pbe_WithSHA1And40BitRC4 "PBE-SHA1-RC4-40" -# define LN_pbe_WithSHA1And40BitRC4 "pbeWithSHA1And40BitRC4" -# define NID_pbe_WithSHA1And40BitRC4 145 -# define OBJ_pbe_WithSHA1And40BitRC4 OBJ_pkcs12_pbeids, 2L - -# define SN_pbe_WithSHA1And3_Key_TripleDES_CBC "PBE-SHA1-3DES" -# define LN_pbe_WithSHA1And3_Key_TripleDES_CBC "pbeWithSHA1And3-KeyTripleDES-CBC" -# define NID_pbe_WithSHA1And3_Key_TripleDES_CBC 146 -# define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC OBJ_pkcs12_pbeids, 3L - -# define SN_pbe_WithSHA1And2_Key_TripleDES_CBC "PBE-SHA1-2DES" -# define LN_pbe_WithSHA1And2_Key_TripleDES_CBC "pbeWithSHA1And2-KeyTripleDES-CBC" -# define NID_pbe_WithSHA1And2_Key_TripleDES_CBC 147 -# define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC OBJ_pkcs12_pbeids, 4L - -# define SN_pbe_WithSHA1And128BitRC2_CBC "PBE-SHA1-RC2-128" -# define LN_pbe_WithSHA1And128BitRC2_CBC "pbeWithSHA1And128BitRC2-CBC" -# define NID_pbe_WithSHA1And128BitRC2_CBC 148 -# define OBJ_pbe_WithSHA1And128BitRC2_CBC OBJ_pkcs12_pbeids, 5L - -# define SN_pbe_WithSHA1And40BitRC2_CBC "PBE-SHA1-RC2-40" -# define LN_pbe_WithSHA1And40BitRC2_CBC "pbeWithSHA1And40BitRC2-CBC" -# define NID_pbe_WithSHA1And40BitRC2_CBC 149 -# define OBJ_pbe_WithSHA1And40BitRC2_CBC OBJ_pkcs12_pbeids, 6L - -# define OBJ_pkcs12_Version1 OBJ_pkcs12, 10L - -# define OBJ_pkcs12_BagIds OBJ_pkcs12_Version1, 1L - -# define LN_keyBag "keyBag" -# define NID_keyBag 150 -# define OBJ_keyBag OBJ_pkcs12_BagIds, 1L - -# define LN_pkcs8ShroudedKeyBag "pkcs8ShroudedKeyBag" -# define NID_pkcs8ShroudedKeyBag 151 -# define OBJ_pkcs8ShroudedKeyBag OBJ_pkcs12_BagIds, 2L - -# define LN_certBag "certBag" -# define NID_certBag 152 -# define OBJ_certBag OBJ_pkcs12_BagIds, 3L - -# define LN_crlBag "crlBag" -# define NID_crlBag 153 -# define OBJ_crlBag OBJ_pkcs12_BagIds, 4L - -# define LN_secretBag "secretBag" -# define NID_secretBag 154 -# define OBJ_secretBag OBJ_pkcs12_BagIds, 5L - -# define LN_safeContentsBag "safeContentsBag" -# define NID_safeContentsBag 155 -# define OBJ_safeContentsBag OBJ_pkcs12_BagIds, 6L - -# define LN_friendlyName "friendlyName" -# define NID_friendlyName 156 -# define OBJ_friendlyName OBJ_pkcs9, 20L - -# define LN_localKeyID "localKeyID" -# define NID_localKeyID 157 -# define OBJ_localKeyID OBJ_pkcs9, 21L - -# define OBJ_certTypes OBJ_pkcs9, 22L - -# define LN_x509Certificate "x509Certificate" -# define NID_x509Certificate 158 -# define OBJ_x509Certificate OBJ_certTypes, 1L - -# define LN_sdsiCertificate "sdsiCertificate" -# define NID_sdsiCertificate 159 -# define OBJ_sdsiCertificate OBJ_certTypes, 2L - -# define OBJ_crlTypes OBJ_pkcs9, 23L - -# define LN_x509Crl "x509Crl" -# define NID_x509Crl 160 -# define OBJ_x509Crl OBJ_crlTypes, 1L - -/* PKCS#5 v2 OIDs */ - -# define LN_pbes2 "PBES2" -# define NID_pbes2 161 -# define OBJ_pbes2 OBJ_pkcs,5L,13L - -# define LN_pbmac1 "PBMAC1" -# define NID_pbmac1 162 -# define OBJ_pbmac1 OBJ_pkcs,5L,14L - -# define LN_hmacWithSHA1 "hmacWithSHA1" -# define NID_hmacWithSHA1 163 -# define OBJ_hmacWithSHA1 OBJ_rsadsi,2L,7L - -/* Policy Qualifier Ids */ - -# define LN_id_qt_cps "Policy Qualifier CPS" -# define SN_id_qt_cps "id-qt-cps" -# define NID_id_qt_cps 164 -# define OBJ_id_qt_cps OBJ_id_pkix,2L,1L - -# define LN_id_qt_unotice "Policy Qualifier User Notice" -# define SN_id_qt_unotice "id-qt-unotice" -# define NID_id_qt_unotice 165 -# define OBJ_id_qt_unotice OBJ_id_pkix,2L,2L - -# define SN_rc2_64_cbc "RC2-64-CBC" -# define LN_rc2_64_cbc "rc2-64-cbc" -# define NID_rc2_64_cbc 166 - -# define SN_SMIMECapabilities "SMIME-CAPS" -# define LN_SMIMECapabilities "S/MIME Capabilities" -# define NID_SMIMECapabilities 167 -# define OBJ_SMIMECapabilities OBJ_pkcs9,15L - -# define SN_pbeWithMD2AndRC2_CBC "PBE-MD2-RC2-64" -# define LN_pbeWithMD2AndRC2_CBC "pbeWithMD2AndRC2-CBC" -# define NID_pbeWithMD2AndRC2_CBC 168 -# define OBJ_pbeWithMD2AndRC2_CBC OBJ_pkcs,5L,4L - -# define SN_pbeWithMD5AndRC2_CBC "PBE-MD5-RC2-64" -# define LN_pbeWithMD5AndRC2_CBC "pbeWithMD5AndRC2-CBC" -# define NID_pbeWithMD5AndRC2_CBC 169 -# define OBJ_pbeWithMD5AndRC2_CBC OBJ_pkcs,5L,6L - -# define SN_pbeWithSHA1AndDES_CBC "PBE-SHA1-DES" -# define LN_pbeWithSHA1AndDES_CBC "pbeWithSHA1AndDES-CBC" -# define NID_pbeWithSHA1AndDES_CBC 170 -# define OBJ_pbeWithSHA1AndDES_CBC OBJ_pkcs,5L,10L - -/* Extension request OIDs */ - -# define LN_ms_ext_req "Microsoft Extension Request" -# define SN_ms_ext_req "msExtReq" -# define NID_ms_ext_req 171 -# define OBJ_ms_ext_req 1L,3L,6L,1L,4L,1L,311L,2L,1L,14L - -# define LN_ext_req "Extension Request" -# define SN_ext_req "extReq" -# define NID_ext_req 172 -# define OBJ_ext_req OBJ_pkcs9,14L - -# define SN_name "name" -# define LN_name "name" -# define NID_name 173 -# define OBJ_name OBJ_X509,41L - -# define SN_dnQualifier "dnQualifier" -# define LN_dnQualifier "dnQualifier" -# define NID_dnQualifier 174 -# define OBJ_dnQualifier OBJ_X509,46L - -# define SN_id_pe "id-pe" -# define NID_id_pe 175 -# define OBJ_id_pe OBJ_id_pkix,1L - -# define SN_id_ad "id-ad" -# define NID_id_ad 176 -# define OBJ_id_ad OBJ_id_pkix,48L - -# define SN_info_access "authorityInfoAccess" -# define LN_info_access "Authority Information Access" -# define NID_info_access 177 -# define OBJ_info_access OBJ_id_pe,1L - -# define SN_ad_OCSP "OCSP" -# define LN_ad_OCSP "OCSP" -# define NID_ad_OCSP 178 -# define OBJ_ad_OCSP OBJ_id_ad,1L - -# define SN_ad_ca_issuers "caIssuers" -# define LN_ad_ca_issuers "CA Issuers" -# define NID_ad_ca_issuers 179 -# define OBJ_ad_ca_issuers OBJ_id_ad,2L - -# define SN_OCSP_sign "OCSPSigning" -# define LN_OCSP_sign "OCSP Signing" -# define NID_OCSP_sign 180 -# define OBJ_OCSP_sign OBJ_id_kp,9L -# endif /* USE_OBJ_MAC */ - +# include # include # include +# include # define OBJ_NAME_TYPE_UNDEF 0x00 # define OBJ_NAME_TYPE_MD_METH 0x01 @@ -1068,28 +168,6 @@ int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid); int OBJ_add_sigid(int signid, int dig_id, int pkey_id); void OBJ_sigid_free(void); -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - -int ERR_load_OBJ_strings(void); - -/* Error codes for the OBJ functions. */ - -/* Function codes. */ -# define OBJ_F_OBJ_ADD_OBJECT 105 -# define OBJ_F_OBJ_CREATE 100 -# define OBJ_F_OBJ_DUP 101 -# define OBJ_F_OBJ_NAME_NEW_INDEX 106 -# define OBJ_F_OBJ_NID2LN 102 -# define OBJ_F_OBJ_NID2OBJ 103 -# define OBJ_F_OBJ_NID2SN 104 - -/* Reason codes. */ -# define OBJ_R_OID_EXISTS 102 -# define OBJ_R_UNKNOWN_NID 101 # ifdef __cplusplus } diff --git a/deps/openssl/openssl/include/openssl/objectserr.h b/deps/openssl/openssl/include/openssl/objectserr.h new file mode 100644 index 00000000000000..02308dfac8fd72 --- /dev/null +++ b/deps/openssl/openssl/include/openssl/objectserr.h @@ -0,0 +1,38 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_OBJERR_H +# define HEADER_OBJERR_H + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_OBJ_strings(void); + +/* + * OBJ function codes. + */ +# define OBJ_F_OBJ_ADD_OBJECT 105 +# define OBJ_F_OBJ_ADD_SIGID 107 +# define OBJ_F_OBJ_CREATE 100 +# define OBJ_F_OBJ_DUP 101 +# define OBJ_F_OBJ_NAME_NEW_INDEX 106 +# define OBJ_F_OBJ_NID2LN 102 +# define OBJ_F_OBJ_NID2OBJ 103 +# define OBJ_F_OBJ_NID2SN 104 +# define OBJ_F_OBJ_TXT2OBJ 108 + +/* + * OBJ reason codes. + */ +# define OBJ_R_OID_EXISTS 102 +# define OBJ_R_UNKNOWN_NID 101 + +#endif diff --git a/deps/openssl/openssl/include/openssl/ocsp.h b/deps/openssl/openssl/include/openssl/ocsp.h index ba1b97315bf8b3..0a17166b5bf6a8 100644 --- a/deps/openssl/openssl/include/openssl/ocsp.h +++ b/deps/openssl/openssl/include/openssl/ocsp.h @@ -45,6 +45,7 @@ # include # include # include +# include #ifdef __cplusplus extern "C" { @@ -119,18 +120,20 @@ typedef struct ocsp_service_locator_st OCSP_SERVICELOC; # define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p) # define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL) + (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST, \ + bp,(char **)(x),cb,NULL) -# define PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\ - (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,bp,(char **)x,cb,NULL) +# define PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\ + (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE, \ + bp,(char **)(x),cb,NULL) # define PEM_write_bio_OCSP_REQUEST(bp,o) \ PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\ - bp,(char *)o, NULL,NULL,0,NULL,NULL) + bp,(char *)(o), NULL,NULL,0,NULL,NULL) # define PEM_write_bio_OCSP_RESPONSE(bp,o) \ PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\ - bp,(char *)o, NULL,NULL,0,NULL,NULL) + bp,(char *)(o), NULL,NULL,0,NULL,NULL) # define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o) @@ -203,6 +206,9 @@ const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs); int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, const ASN1_OCTET_STRING **pid, const X509_NAME **pname); +int OCSP_resp_get1_id(const OCSP_BASICRESP *bs, + ASN1_OCTET_STRING **pid, + X509_NAME **pname); int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last); int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, @@ -244,6 +250,9 @@ int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert); int OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, STACK_OF(X509) *certs, unsigned long flags); +int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp, + X509 *signer, EVP_MD_CTX *ctx, + STACK_OF(X509) *certs, unsigned long flags); int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert); int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert); int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert); @@ -335,60 +344,6 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags); int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st, unsigned long flags); -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - -int ERR_load_OCSP_strings(void); - -/* Error codes for the OCSP functions. */ - -/* Function codes. */ -# define OCSP_F_D2I_OCSP_NONCE 102 -# define OCSP_F_OCSP_BASIC_ADD1_STATUS 103 -# define OCSP_F_OCSP_BASIC_SIGN 104 -# define OCSP_F_OCSP_BASIC_VERIFY 105 -# define OCSP_F_OCSP_CERT_ID_NEW 101 -# define OCSP_F_OCSP_CHECK_DELEGATED 106 -# define OCSP_F_OCSP_CHECK_IDS 107 -# define OCSP_F_OCSP_CHECK_ISSUER 108 -# define OCSP_F_OCSP_CHECK_VALIDITY 115 -# define OCSP_F_OCSP_MATCH_ISSUERID 109 -# define OCSP_F_OCSP_PARSE_URL 114 -# define OCSP_F_OCSP_REQUEST_SIGN 110 -# define OCSP_F_OCSP_REQUEST_VERIFY 116 -# define OCSP_F_OCSP_RESPONSE_GET1_BASIC 111 -# define OCSP_F_PARSE_HTTP_LINE1 118 - -/* Reason codes. */ -# define OCSP_R_CERTIFICATE_VERIFY_ERROR 101 -# define OCSP_R_DIGEST_ERR 102 -# define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD 122 -# define OCSP_R_ERROR_IN_THISUPDATE_FIELD 123 -# define OCSP_R_ERROR_PARSING_URL 121 -# define OCSP_R_MISSING_OCSPSIGNING_USAGE 103 -# define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE 124 -# define OCSP_R_NOT_BASIC_RESPONSE 104 -# define OCSP_R_NO_CERTIFICATES_IN_CHAIN 105 -# define OCSP_R_NO_RESPONSE_DATA 108 -# define OCSP_R_NO_REVOKED_TIME 109 -# define OCSP_R_NO_SIGNER_KEY 130 -# define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 110 -# define OCSP_R_REQUEST_NOT_SIGNED 128 -# define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA 111 -# define OCSP_R_ROOT_CA_NOT_TRUSTED 112 -# define OCSP_R_SERVER_RESPONSE_ERROR 114 -# define OCSP_R_SERVER_RESPONSE_PARSE_ERROR 115 -# define OCSP_R_SIGNATURE_FAILURE 117 -# define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND 118 -# define OCSP_R_STATUS_EXPIRED 125 -# define OCSP_R_STATUS_NOT_YET_VALID 126 -# define OCSP_R_STATUS_TOO_OLD 127 -# define OCSP_R_UNKNOWN_MESSAGE_DIGEST 119 -# define OCSP_R_UNKNOWN_NID 120 -# define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE 129 # ifdef __cplusplus } diff --git a/deps/openssl/openssl/include/openssl/ocsperr.h b/deps/openssl/openssl/include/openssl/ocsperr.h new file mode 100644 index 00000000000000..7d93b12d497ee0 --- /dev/null +++ b/deps/openssl/openssl/include/openssl/ocsperr.h @@ -0,0 +1,74 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_OCSPERR_H +# define HEADER_OCSPERR_H + +# include + +# ifndef OPENSSL_NO_OCSP + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_OCSP_strings(void); + +/* + * OCSP function codes. + */ +# define OCSP_F_D2I_OCSP_NONCE 102 +# define OCSP_F_OCSP_BASIC_ADD1_STATUS 103 +# define OCSP_F_OCSP_BASIC_SIGN 104 +# define OCSP_F_OCSP_BASIC_SIGN_CTX 119 +# define OCSP_F_OCSP_BASIC_VERIFY 105 +# define OCSP_F_OCSP_CERT_ID_NEW 101 +# define OCSP_F_OCSP_CHECK_DELEGATED 106 +# define OCSP_F_OCSP_CHECK_IDS 107 +# define OCSP_F_OCSP_CHECK_ISSUER 108 +# define OCSP_F_OCSP_CHECK_VALIDITY 115 +# define OCSP_F_OCSP_MATCH_ISSUERID 109 +# define OCSP_F_OCSP_PARSE_URL 114 +# define OCSP_F_OCSP_REQUEST_SIGN 110 +# define OCSP_F_OCSP_REQUEST_VERIFY 116 +# define OCSP_F_OCSP_RESPONSE_GET1_BASIC 111 +# define OCSP_F_PARSE_HTTP_LINE1 118 + +/* + * OCSP reason codes. + */ +# define OCSP_R_CERTIFICATE_VERIFY_ERROR 101 +# define OCSP_R_DIGEST_ERR 102 +# define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD 122 +# define OCSP_R_ERROR_IN_THISUPDATE_FIELD 123 +# define OCSP_R_ERROR_PARSING_URL 121 +# define OCSP_R_MISSING_OCSPSIGNING_USAGE 103 +# define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE 124 +# define OCSP_R_NOT_BASIC_RESPONSE 104 +# define OCSP_R_NO_CERTIFICATES_IN_CHAIN 105 +# define OCSP_R_NO_RESPONSE_DATA 108 +# define OCSP_R_NO_REVOKED_TIME 109 +# define OCSP_R_NO_SIGNER_KEY 130 +# define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 110 +# define OCSP_R_REQUEST_NOT_SIGNED 128 +# define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA 111 +# define OCSP_R_ROOT_CA_NOT_TRUSTED 112 +# define OCSP_R_SERVER_RESPONSE_ERROR 114 +# define OCSP_R_SERVER_RESPONSE_PARSE_ERROR 115 +# define OCSP_R_SIGNATURE_FAILURE 117 +# define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND 118 +# define OCSP_R_STATUS_EXPIRED 125 +# define OCSP_R_STATUS_NOT_YET_VALID 126 +# define OCSP_R_STATUS_TOO_OLD 127 +# define OCSP_R_UNKNOWN_MESSAGE_DIGEST 119 +# define OCSP_R_UNKNOWN_NID 120 +# define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE 129 + +# endif +#endif diff --git a/deps/openssl/openssl/include/openssl/opensslconf.h b/deps/openssl/openssl/include/openssl/opensslconf.h deleted file mode 100644 index 76c99d433ab886..00000000000000 --- a/deps/openssl/openssl/include/openssl/opensslconf.h +++ /dev/null @@ -1 +0,0 @@ -#include "../../config/opensslconf.h" diff --git a/deps/openssl/openssl/include/openssl/opensslconf.h.in b/deps/openssl/openssl/include/openssl/opensslconf.h.in index 17807fb6bd374c..bc98cad51a64c2 100644 --- a/deps/openssl/openssl/include/openssl/opensslconf.h.in +++ b/deps/openssl/openssl/include/openssl/opensslconf.h.in @@ -9,6 +9,8 @@ * https://www.openssl.org/source/license.html */ +#include + #ifdef __cplusplus extern "C" { #endif @@ -69,15 +71,11 @@ extern "C" { * functions. */ #ifndef DECLARE_DEPRECATED -# if defined(OPENSSL_NO_DEPRECATED) -# define DECLARE_DEPRECATED(f) -# else -# define DECLARE_DEPRECATED(f) f; -# ifdef __GNUC__ -# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0) -# undef DECLARE_DEPRECATED -# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); -# endif +# define DECLARE_DEPRECATED(f) f; +# ifdef __GNUC__ +# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0) +# undef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); # endif # endif #endif @@ -101,6 +99,18 @@ extern "C" { # define OPENSSL_API_COMPAT OPENSSL_MIN_API #endif +/* + * Do not deprecate things to be deprecated in version 1.2.0 before the + * OpenSSL version number matches. + */ +#if OPENSSL_VERSION_NUMBER < 0x10200000L +# define DEPRECATEDIN_1_2_0(f) f; +#elif OPENSSL_API_COMPAT < 0x10200000L +# define DEPRECATEDIN_1_2_0(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_1_2_0(f) +#endif + #if OPENSSL_API_COMPAT < 0x10100000L # define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f) #else @@ -119,8 +129,6 @@ extern "C" { # define DEPRECATEDIN_0_9_8(f) #endif -{- $target{cpuid_obj} ne "mem_clr.o" ? "#define OPENSSL_CPUID_OBJ" : "" -} - /* Generate 80386 code? */ {- $config{processor} eq "386" ? "#define" : "#undef" -} I386_ONLY diff --git a/deps/openssl/openssl/include/openssl/opensslv.h b/deps/openssl/openssl/include/openssl/opensslv.h index 49f3c0a780a0ce..af7a3b564e9deb 100644 --- a/deps/openssl/openssl/include/openssl/opensslv.h +++ b/deps/openssl/openssl/include/openssl/opensslv.h @@ -39,12 +39,8 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x101000afL -# ifdef OPENSSL_FIPS -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0j-fips 20 Nov 2018" -# else -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0j 20 Nov 2018" -# endif +# define OPENSSL_VERSION_NUMBER 0x1010101fL +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1a 20 Nov 2018" /*- * The macros below are to be used for shared library (.so, .dll, ...) diff --git a/deps/openssl/openssl/include/openssl/ossl_typ.h b/deps/openssl/openssl/include/openssl/ossl_typ.h index 129a67f0579d4b..7993ca28f3da5c 100644 --- a/deps/openssl/openssl/include/openssl/ossl_typ.h +++ b/deps/openssl/openssl/include/openssl/ossl_typ.h @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -114,6 +114,7 @@ typedef struct ec_key_st EC_KEY; typedef struct ec_key_method_st EC_KEY_METHOD; typedef struct rand_meth_st RAND_METHOD; +typedef struct rand_drbg_st RAND_DRBG; typedef struct ssl_dane_st SSL_DANE; typedef struct x509_st X509; @@ -131,6 +132,8 @@ typedef struct x509_lookup_st X509_LOOKUP; typedef struct x509_lookup_method_st X509_LOOKUP_METHOD; typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM; +typedef struct x509_sig_info_st X509_SIG_INFO; + typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO; typedef struct v3_ext_ctx X509V3_CTX; @@ -169,6 +172,9 @@ typedef struct ctlog_st CTLOG; typedef struct ctlog_store_st CTLOG_STORE; typedef struct ct_policy_eval_ctx_st CT_POLICY_EVAL_CTX; +typedef struct ossl_store_info_st OSSL_STORE_INFO; +typedef struct ossl_store_search_st OSSL_STORE_SEARCH; + #if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \ defined(INTMAX_MAX) && defined(UINTMAX_MAX) typedef intmax_t ossl_intmax_t; diff --git a/deps/openssl/openssl/include/openssl/pem.h b/deps/openssl/openssl/include/openssl/pem.h index f7ce3c61f5fa84..2ef5b5d04c6e30 100644 --- a/deps/openssl/openssl/include/openssl/pem.h +++ b/deps/openssl/openssl/include/openssl/pem.h @@ -12,10 +12,10 @@ # include # include -# include +# include # include # include -# include +# include #ifdef __cplusplus extern "C" { @@ -54,56 +54,6 @@ extern "C" { # define PEM_TYPE_MIC_CLEAR 30 # define PEM_TYPE_CLEAR 40 -typedef struct pem_recip_st { - char *name; - X509_NAME *dn; - int cipher; - int key_enc; - /* char iv[8]; unused and wrong size */ -} PEM_USER; - -typedef struct pem_ctx_st { - int type; /* what type of object */ - struct { - int version; - int mode; - } proc_type; - - char *domain; - - struct { - int cipher; - /*- - unused, and wrong size - unsigned char iv[8]; */ - } DEK_info; - - PEM_USER *originator; - - int num_recipient; - PEM_USER **recipient; - -/*- - XXX(ben): don#t think this is used! - STACK *x509_chain; / * certificate chain */ - EVP_MD *md; /* signature type */ - - int md_enc; /* is the md encrypted or not? */ - int md_len; /* length of md_data */ - char *md_data; /* message digest, could be pkey encrypted */ - - EVP_CIPHER *dec; /* date encryption cipher */ - int key_len; /* key length */ - unsigned char *key; /* key */ - /*- - unused, and wrong size - unsigned char iv[8]; */ - - int data_enc; /* is the data encrypted */ - int data_len; - unsigned char *data; -} PEM_CTX; - /* * These macros make the PEM_read/PEM_write functions easier to maintain and * write. Now they are all implemented with either: IMPLEMENT_PEM_rw(...) or @@ -286,6 +236,14 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *len, int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, long *len); +# define PEM_FLAG_SECURE 0x1 +# define PEM_FLAG_EAY_COMPATIBLE 0x2 +# define PEM_FLAG_ONLY_B64 0x4 +int PEM_read_bio_ex(BIO *bp, char **name, char **header, + unsigned char **data, long *len, unsigned int flags); +int PEM_bytes_read_bio_secmem(unsigned char **pdata, long *plen, char **pnm, + const char *name, BIO *bp, pem_password_cb *cb, + void *u); int PEM_write_bio(BIO *bp, const char *name, const char *hdr, const unsigned char *data, long len); int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, @@ -414,88 +372,6 @@ int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, # endif # endif -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - -int ERR_load_PEM_strings(void); - -/* Error codes for the PEM functions. */ - -/* Function codes. */ -# define PEM_F_B2I_DSS 127 -# define PEM_F_B2I_PVK_BIO 128 -# define PEM_F_B2I_RSA 129 -# define PEM_F_CHECK_BITLEN_DSA 130 -# define PEM_F_CHECK_BITLEN_RSA 131 -# define PEM_F_D2I_PKCS8PRIVATEKEY_BIO 120 -# define PEM_F_D2I_PKCS8PRIVATEKEY_FP 121 -# define PEM_F_DO_B2I 132 -# define PEM_F_DO_B2I_BIO 133 -# define PEM_F_DO_BLOB_HEADER 134 -# define PEM_F_DO_PK8PKEY 126 -# define PEM_F_DO_PK8PKEY_FP 125 -# define PEM_F_DO_PVK_BODY 135 -# define PEM_F_DO_PVK_HEADER 136 -# define PEM_F_I2B_PVK 137 -# define PEM_F_I2B_PVK_BIO 138 -# define PEM_F_LOAD_IV 101 -# define PEM_F_PEM_ASN1_READ 102 -# define PEM_F_PEM_ASN1_READ_BIO 103 -# define PEM_F_PEM_ASN1_WRITE 104 -# define PEM_F_PEM_ASN1_WRITE_BIO 105 -# define PEM_F_PEM_DEF_CALLBACK 100 -# define PEM_F_PEM_DO_HEADER 106 -# define PEM_F_PEM_GET_EVP_CIPHER_INFO 107 -# define PEM_F_PEM_READ 108 -# define PEM_F_PEM_READ_BIO 109 -# define PEM_F_PEM_READ_BIO_DHPARAMS 141 -# define PEM_F_PEM_READ_BIO_PARAMETERS 140 -# define PEM_F_PEM_READ_BIO_PRIVATEKEY 123 -# define PEM_F_PEM_READ_DHPARAMS 142 -# define PEM_F_PEM_READ_PRIVATEKEY 124 -# define PEM_F_PEM_SIGNFINAL 112 -# define PEM_F_PEM_WRITE 113 -# define PEM_F_PEM_WRITE_BIO 114 -# define PEM_F_PEM_WRITE_PRIVATEKEY 139 -# define PEM_F_PEM_X509_INFO_READ 115 -# define PEM_F_PEM_X509_INFO_READ_BIO 116 -# define PEM_F_PEM_X509_INFO_WRITE_BIO 117 - -/* Reason codes. */ -# define PEM_R_BAD_BASE64_DECODE 100 -# define PEM_R_BAD_DECRYPT 101 -# define PEM_R_BAD_END_LINE 102 -# define PEM_R_BAD_IV_CHARS 103 -# define PEM_R_BAD_MAGIC_NUMBER 116 -# define PEM_R_BAD_PASSWORD_READ 104 -# define PEM_R_BAD_VERSION_NUMBER 117 -# define PEM_R_BIO_WRITE_FAILURE 118 -# define PEM_R_CIPHER_IS_NULL 127 -# define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 115 -# define PEM_R_EXPECTING_PRIVATE_KEY_BLOB 119 -# define PEM_R_EXPECTING_PUBLIC_KEY_BLOB 120 -# define PEM_R_HEADER_TOO_LONG 128 -# define PEM_R_INCONSISTENT_HEADER 121 -# define PEM_R_KEYBLOB_HEADER_PARSE_ERROR 122 -# define PEM_R_KEYBLOB_TOO_SHORT 123 -# define PEM_R_MISSING_DEK_IV 129 -# define PEM_R_NOT_DEK_INFO 105 -# define PEM_R_NOT_ENCRYPTED 106 -# define PEM_R_NOT_PROC_TYPE 107 -# define PEM_R_NO_START_LINE 108 -# define PEM_R_PROBLEMS_GETTING_PASSWORD 109 -# define PEM_R_PVK_DATA_TOO_SHORT 124 -# define PEM_R_PVK_TOO_SHORT 125 -# define PEM_R_READ_KEY 111 -# define PEM_R_SHORT_HEADER 112 -# define PEM_R_UNEXPECTED_DEK_IV 130 -# define PEM_R_UNSUPPORTED_CIPHER 113 -# define PEM_R_UNSUPPORTED_ENCRYPTION 114 -# define PEM_R_UNSUPPORTED_KEY_COMPONENTS 126 - # ifdef __cplusplus } # endif diff --git a/deps/openssl/openssl/include/openssl/pem2.h b/deps/openssl/openssl/include/openssl/pem2.h index cfe73f139ed3c2..038fe790ace230 100644 --- a/deps/openssl/openssl/include/openssl/pem2.h +++ b/deps/openssl/openssl/include/openssl/pem2.h @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,14 +7,7 @@ * https://www.openssl.org/source/license.html */ -#ifdef __cplusplus -extern "C" { -#endif - -#ifndef HEADER_PEM_H -int ERR_load_PEM_strings(void); -#endif - -#ifdef __cplusplus -} +#ifndef HEADER_PEM2_H +# define HEADER_PEM2_H +# include #endif diff --git a/deps/openssl/openssl/include/openssl/pemerr.h b/deps/openssl/openssl/include/openssl/pemerr.h new file mode 100644 index 00000000000000..cd61b823d31750 --- /dev/null +++ b/deps/openssl/openssl/include/openssl/pemerr.h @@ -0,0 +1,99 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_PEMERR_H +# define HEADER_PEMERR_H + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_PEM_strings(void); + +/* + * PEM function codes. + */ +# define PEM_F_B2I_DSS 127 +# define PEM_F_B2I_PVK_BIO 128 +# define PEM_F_B2I_RSA 129 +# define PEM_F_CHECK_BITLEN_DSA 130 +# define PEM_F_CHECK_BITLEN_RSA 131 +# define PEM_F_D2I_PKCS8PRIVATEKEY_BIO 120 +# define PEM_F_D2I_PKCS8PRIVATEKEY_FP 121 +# define PEM_F_DO_B2I 132 +# define PEM_F_DO_B2I_BIO 133 +# define PEM_F_DO_BLOB_HEADER 134 +# define PEM_F_DO_I2B 146 +# define PEM_F_DO_PK8PKEY 126 +# define PEM_F_DO_PK8PKEY_FP 125 +# define PEM_F_DO_PVK_BODY 135 +# define PEM_F_DO_PVK_HEADER 136 +# define PEM_F_GET_HEADER_AND_DATA 143 +# define PEM_F_GET_NAME 144 +# define PEM_F_I2B_PVK 137 +# define PEM_F_I2B_PVK_BIO 138 +# define PEM_F_LOAD_IV 101 +# define PEM_F_PEM_ASN1_READ 102 +# define PEM_F_PEM_ASN1_READ_BIO 103 +# define PEM_F_PEM_ASN1_WRITE 104 +# define PEM_F_PEM_ASN1_WRITE_BIO 105 +# define PEM_F_PEM_DEF_CALLBACK 100 +# define PEM_F_PEM_DO_HEADER 106 +# define PEM_F_PEM_GET_EVP_CIPHER_INFO 107 +# define PEM_F_PEM_READ 108 +# define PEM_F_PEM_READ_BIO 109 +# define PEM_F_PEM_READ_BIO_DHPARAMS 141 +# define PEM_F_PEM_READ_BIO_EX 145 +# define PEM_F_PEM_READ_BIO_PARAMETERS 140 +# define PEM_F_PEM_READ_BIO_PRIVATEKEY 123 +# define PEM_F_PEM_READ_DHPARAMS 142 +# define PEM_F_PEM_READ_PRIVATEKEY 124 +# define PEM_F_PEM_SIGNFINAL 112 +# define PEM_F_PEM_WRITE 113 +# define PEM_F_PEM_WRITE_BIO 114 +# define PEM_F_PEM_WRITE_PRIVATEKEY 139 +# define PEM_F_PEM_X509_INFO_READ 115 +# define PEM_F_PEM_X509_INFO_READ_BIO 116 +# define PEM_F_PEM_X509_INFO_WRITE_BIO 117 + +/* + * PEM reason codes. + */ +# define PEM_R_BAD_BASE64_DECODE 100 +# define PEM_R_BAD_DECRYPT 101 +# define PEM_R_BAD_END_LINE 102 +# define PEM_R_BAD_IV_CHARS 103 +# define PEM_R_BAD_MAGIC_NUMBER 116 +# define PEM_R_BAD_PASSWORD_READ 104 +# define PEM_R_BAD_VERSION_NUMBER 117 +# define PEM_R_BIO_WRITE_FAILURE 118 +# define PEM_R_CIPHER_IS_NULL 127 +# define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 115 +# define PEM_R_EXPECTING_PRIVATE_KEY_BLOB 119 +# define PEM_R_EXPECTING_PUBLIC_KEY_BLOB 120 +# define PEM_R_HEADER_TOO_LONG 128 +# define PEM_R_INCONSISTENT_HEADER 121 +# define PEM_R_KEYBLOB_HEADER_PARSE_ERROR 122 +# define PEM_R_KEYBLOB_TOO_SHORT 123 +# define PEM_R_MISSING_DEK_IV 129 +# define PEM_R_NOT_DEK_INFO 105 +# define PEM_R_NOT_ENCRYPTED 106 +# define PEM_R_NOT_PROC_TYPE 107 +# define PEM_R_NO_START_LINE 108 +# define PEM_R_PROBLEMS_GETTING_PASSWORD 109 +# define PEM_R_PVK_DATA_TOO_SHORT 124 +# define PEM_R_PVK_TOO_SHORT 125 +# define PEM_R_READ_KEY 111 +# define PEM_R_SHORT_HEADER 112 +# define PEM_R_UNEXPECTED_DEK_IV 130 +# define PEM_R_UNSUPPORTED_CIPHER 113 +# define PEM_R_UNSUPPORTED_ENCRYPTION 114 +# define PEM_R_UNSUPPORTED_KEY_COMPONENTS 126 + +#endif diff --git a/deps/openssl/openssl/include/openssl/pkcs12.h b/deps/openssl/openssl/include/openssl/pkcs12.h index deaded9df921f4..3f43dad6d961e0 100644 --- a/deps/openssl/openssl/include/openssl/pkcs12.h +++ b/deps/openssl/openssl/include/openssl/pkcs12.h @@ -12,6 +12,7 @@ # include # include +# include #ifdef __cplusplus extern "C" { @@ -216,66 +217,6 @@ PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12); # endif int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass); -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - -int ERR_load_PKCS12_strings(void); - -/* Error codes for the PKCS12 functions. */ - -/* Function codes. */ -# define PKCS12_F_PKCS12_CREATE 105 -# define PKCS12_F_PKCS12_GEN_MAC 107 -# define PKCS12_F_PKCS12_INIT 109 -# define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I 106 -# define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT 108 -# define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG 117 -# define PKCS12_F_PKCS12_KEY_GEN_ASC 110 -# define PKCS12_F_PKCS12_KEY_GEN_UNI 111 -# define PKCS12_F_PKCS12_KEY_GEN_UTF8 116 -# define PKCS12_F_PKCS12_NEWPASS 128 -# define PKCS12_F_PKCS12_PACK_P7DATA 114 -# define PKCS12_F_PKCS12_PACK_P7ENCDATA 115 -# define PKCS12_F_PKCS12_PARSE 118 -# define PKCS12_F_PKCS12_PBE_CRYPT 119 -# define PKCS12_F_PKCS12_PBE_KEYIVGEN 120 -# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF 112 -# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8 113 -# define PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT 133 -# define PKCS12_F_PKCS12_SETUP_MAC 122 -# define PKCS12_F_PKCS12_SET_MAC 123 -# define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 130 -# define PKCS12_F_PKCS12_UNPACK_P7DATA 131 -# define PKCS12_F_PKCS12_VERIFY_MAC 126 -# define PKCS12_F_PKCS8_ENCRYPT 125 -# define PKCS12_F_PKCS8_SET0_PBE 132 - -/* Reason codes. */ -# define PKCS12_R_CANT_PACK_STRUCTURE 100 -# define PKCS12_R_CONTENT_TYPE_NOT_DATA 121 -# define PKCS12_R_DECODE_ERROR 101 -# define PKCS12_R_ENCODE_ERROR 102 -# define PKCS12_R_ENCRYPT_ERROR 103 -# define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE 120 -# define PKCS12_R_INVALID_NULL_ARGUMENT 104 -# define PKCS12_R_INVALID_NULL_PKCS12_POINTER 105 -# define PKCS12_R_IV_GEN_ERROR 106 -# define PKCS12_R_KEY_GEN_ERROR 107 -# define PKCS12_R_MAC_ABSENT 108 -# define PKCS12_R_MAC_GENERATION_ERROR 109 -# define PKCS12_R_MAC_SETUP_ERROR 110 -# define PKCS12_R_MAC_STRING_SET_ERROR 111 -# define PKCS12_R_MAC_VERIFY_FAILURE 113 -# define PKCS12_R_PARSE_ERROR 114 -# define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR 115 -# define PKCS12_R_PKCS12_CIPHERFINAL_ERROR 116 -# define PKCS12_R_PKCS12_PBE_CRYPT_ERROR 117 -# define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM 118 -# define PKCS12_R_UNSUPPORTED_PKCS12_MODE 119 - # ifdef __cplusplus } # endif diff --git a/deps/openssl/openssl/include/openssl/pkcs12err.h b/deps/openssl/openssl/include/openssl/pkcs12err.h new file mode 100644 index 00000000000000..c7184ffe744d04 --- /dev/null +++ b/deps/openssl/openssl/include/openssl/pkcs12err.h @@ -0,0 +1,77 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_PKCS12ERR_H +# define HEADER_PKCS12ERR_H + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_PKCS12_strings(void); + +/* + * PKCS12 function codes. + */ +# define PKCS12_F_OPENSSL_ASC2UNI 121 +# define PKCS12_F_OPENSSL_UNI2ASC 124 +# define PKCS12_F_OPENSSL_UNI2UTF8 127 +# define PKCS12_F_OPENSSL_UTF82UNI 129 +# define PKCS12_F_PKCS12_CREATE 105 +# define PKCS12_F_PKCS12_GEN_MAC 107 +# define PKCS12_F_PKCS12_INIT 109 +# define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I 106 +# define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT 108 +# define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG 117 +# define PKCS12_F_PKCS12_KEY_GEN_ASC 110 +# define PKCS12_F_PKCS12_KEY_GEN_UNI 111 +# define PKCS12_F_PKCS12_KEY_GEN_UTF8 116 +# define PKCS12_F_PKCS12_NEWPASS 128 +# define PKCS12_F_PKCS12_PACK_P7DATA 114 +# define PKCS12_F_PKCS12_PACK_P7ENCDATA 115 +# define PKCS12_F_PKCS12_PARSE 118 +# define PKCS12_F_PKCS12_PBE_CRYPT 119 +# define PKCS12_F_PKCS12_PBE_KEYIVGEN 120 +# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF 112 +# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8 113 +# define PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT 133 +# define PKCS12_F_PKCS12_SETUP_MAC 122 +# define PKCS12_F_PKCS12_SET_MAC 123 +# define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 130 +# define PKCS12_F_PKCS12_UNPACK_P7DATA 131 +# define PKCS12_F_PKCS12_VERIFY_MAC 126 +# define PKCS12_F_PKCS8_ENCRYPT 125 +# define PKCS12_F_PKCS8_SET0_PBE 132 + +/* + * PKCS12 reason codes. + */ +# define PKCS12_R_CANT_PACK_STRUCTURE 100 +# define PKCS12_R_CONTENT_TYPE_NOT_DATA 121 +# define PKCS12_R_DECODE_ERROR 101 +# define PKCS12_R_ENCODE_ERROR 102 +# define PKCS12_R_ENCRYPT_ERROR 103 +# define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE 120 +# define PKCS12_R_INVALID_NULL_ARGUMENT 104 +# define PKCS12_R_INVALID_NULL_PKCS12_POINTER 105 +# define PKCS12_R_IV_GEN_ERROR 106 +# define PKCS12_R_KEY_GEN_ERROR 107 +# define PKCS12_R_MAC_ABSENT 108 +# define PKCS12_R_MAC_GENERATION_ERROR 109 +# define PKCS12_R_MAC_SETUP_ERROR 110 +# define PKCS12_R_MAC_STRING_SET_ERROR 111 +# define PKCS12_R_MAC_VERIFY_FAILURE 113 +# define PKCS12_R_PARSE_ERROR 114 +# define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR 115 +# define PKCS12_R_PKCS12_CIPHERFINAL_ERROR 116 +# define PKCS12_R_PKCS12_PBE_CRYPT_ERROR 117 +# define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM 118 +# define PKCS12_R_UNSUPPORTED_PKCS12_MODE 119 + +#endif diff --git a/deps/openssl/openssl/include/openssl/pkcs7.h b/deps/openssl/openssl/include/openssl/pkcs7.h index 691f722022d0d5..9b66e002d2851c 100644 --- a/deps/openssl/openssl/include/openssl/pkcs7.h +++ b/deps/openssl/openssl/include/openssl/pkcs7.h @@ -16,6 +16,7 @@ # include # include +# include #ifdef __cplusplus extern "C" { @@ -312,92 +313,6 @@ PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont); BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7); -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - -int ERR_load_PKCS7_strings(void); - -/* Error codes for the PKCS7 functions. */ - -/* Function codes. */ -# define PKCS7_F_DO_PKCS7_SIGNED_ATTRIB 136 -# define PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME 135 -# define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP 118 -# define PKCS7_F_PKCS7_ADD_CERTIFICATE 100 -# define PKCS7_F_PKCS7_ADD_CRL 101 -# define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 102 -# define PKCS7_F_PKCS7_ADD_SIGNATURE 131 -# define PKCS7_F_PKCS7_ADD_SIGNER 103 -# define PKCS7_F_PKCS7_BIO_ADD_DIGEST 125 -# define PKCS7_F_PKCS7_COPY_EXISTING_DIGEST 138 -# define PKCS7_F_PKCS7_CTRL 104 -# define PKCS7_F_PKCS7_DATADECODE 112 -# define PKCS7_F_PKCS7_DATAFINAL 128 -# define PKCS7_F_PKCS7_DATAINIT 105 -# define PKCS7_F_PKCS7_DATAVERIFY 107 -# define PKCS7_F_PKCS7_DECRYPT 114 -# define PKCS7_F_PKCS7_DECRYPT_RINFO 133 -# define PKCS7_F_PKCS7_ENCODE_RINFO 132 -# define PKCS7_F_PKCS7_ENCRYPT 115 -# define PKCS7_F_PKCS7_FINAL 134 -# define PKCS7_F_PKCS7_FIND_DIGEST 127 -# define PKCS7_F_PKCS7_GET0_SIGNERS 124 -# define PKCS7_F_PKCS7_RECIP_INFO_SET 130 -# define PKCS7_F_PKCS7_SET_CIPHER 108 -# define PKCS7_F_PKCS7_SET_CONTENT 109 -# define PKCS7_F_PKCS7_SET_DIGEST 126 -# define PKCS7_F_PKCS7_SET_TYPE 110 -# define PKCS7_F_PKCS7_SIGN 116 -# define PKCS7_F_PKCS7_SIGNATUREVERIFY 113 -# define PKCS7_F_PKCS7_SIGNER_INFO_SET 129 -# define PKCS7_F_PKCS7_SIGNER_INFO_SIGN 139 -# define PKCS7_F_PKCS7_SIGN_ADD_SIGNER 137 -# define PKCS7_F_PKCS7_SIMPLE_SMIMECAP 119 -# define PKCS7_F_PKCS7_VERIFY 117 - -/* Reason codes. */ -# define PKCS7_R_CERTIFICATE_VERIFY_ERROR 117 -# define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 144 -# define PKCS7_R_CIPHER_NOT_INITIALIZED 116 -# define PKCS7_R_CONTENT_AND_DATA_PRESENT 118 -# define PKCS7_R_CTRL_ERROR 152 -# define PKCS7_R_DECRYPT_ERROR 119 -# define PKCS7_R_DIGEST_FAILURE 101 -# define PKCS7_R_ENCRYPTION_CTRL_FAILURE 149 -# define PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 150 -# define PKCS7_R_ERROR_ADDING_RECIPIENT 120 -# define PKCS7_R_ERROR_SETTING_CIPHER 121 -# define PKCS7_R_INVALID_NULL_POINTER 143 -# define PKCS7_R_INVALID_SIGNED_DATA_TYPE 155 -# define PKCS7_R_NO_CONTENT 122 -# define PKCS7_R_NO_DEFAULT_DIGEST 151 -# define PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND 154 -# define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115 -# define PKCS7_R_NO_SIGNATURES_ON_DATA 123 -# define PKCS7_R_NO_SIGNERS 142 -# define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104 -# define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 124 -# define PKCS7_R_PKCS7_ADD_SIGNER_ERROR 153 -# define PKCS7_R_PKCS7_DATASIGN 145 -# define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 127 -# define PKCS7_R_SIGNATURE_FAILURE 105 -# define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND 128 -# define PKCS7_R_SIGNING_CTRL_FAILURE 147 -# define PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 148 -# define PKCS7_R_SMIME_TEXT_ERROR 129 -# define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 106 -# define PKCS7_R_UNABLE_TO_FIND_MEM_BIO 107 -# define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST 108 -# define PKCS7_R_UNKNOWN_DIGEST_TYPE 109 -# define PKCS7_R_UNKNOWN_OPERATION 110 -# define PKCS7_R_UNSUPPORTED_CIPHER_TYPE 111 -# define PKCS7_R_UNSUPPORTED_CONTENT_TYPE 112 -# define PKCS7_R_WRONG_CONTENT_TYPE 113 -# define PKCS7_R_WRONG_PKCS7_TYPE 114 - # ifdef __cplusplus } # endif diff --git a/deps/openssl/openssl/include/openssl/pkcs7err.h b/deps/openssl/openssl/include/openssl/pkcs7err.h new file mode 100644 index 00000000000000..0ba418d7805d07 --- /dev/null +++ b/deps/openssl/openssl/include/openssl/pkcs7err.h @@ -0,0 +1,99 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_PKCS7ERR_H +# define HEADER_PKCS7ERR_H + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_PKCS7_strings(void); + +/* + * PKCS7 function codes. + */ +# define PKCS7_F_DO_PKCS7_SIGNED_ATTRIB 136 +# define PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME 135 +# define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP 118 +# define PKCS7_F_PKCS7_ADD_CERTIFICATE 100 +# define PKCS7_F_PKCS7_ADD_CRL 101 +# define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 102 +# define PKCS7_F_PKCS7_ADD_SIGNATURE 131 +# define PKCS7_F_PKCS7_ADD_SIGNER 103 +# define PKCS7_F_PKCS7_BIO_ADD_DIGEST 125 +# define PKCS7_F_PKCS7_COPY_EXISTING_DIGEST 138 +# define PKCS7_F_PKCS7_CTRL 104 +# define PKCS7_F_PKCS7_DATADECODE 112 +# define PKCS7_F_PKCS7_DATAFINAL 128 +# define PKCS7_F_PKCS7_DATAINIT 105 +# define PKCS7_F_PKCS7_DATAVERIFY 107 +# define PKCS7_F_PKCS7_DECRYPT 114 +# define PKCS7_F_PKCS7_DECRYPT_RINFO 133 +# define PKCS7_F_PKCS7_ENCODE_RINFO 132 +# define PKCS7_F_PKCS7_ENCRYPT 115 +# define PKCS7_F_PKCS7_FINAL 134 +# define PKCS7_F_PKCS7_FIND_DIGEST 127 +# define PKCS7_F_PKCS7_GET0_SIGNERS 124 +# define PKCS7_F_PKCS7_RECIP_INFO_SET 130 +# define PKCS7_F_PKCS7_SET_CIPHER 108 +# define PKCS7_F_PKCS7_SET_CONTENT 109 +# define PKCS7_F_PKCS7_SET_DIGEST 126 +# define PKCS7_F_PKCS7_SET_TYPE 110 +# define PKCS7_F_PKCS7_SIGN 116 +# define PKCS7_F_PKCS7_SIGNATUREVERIFY 113 +# define PKCS7_F_PKCS7_SIGNER_INFO_SET 129 +# define PKCS7_F_PKCS7_SIGNER_INFO_SIGN 139 +# define PKCS7_F_PKCS7_SIGN_ADD_SIGNER 137 +# define PKCS7_F_PKCS7_SIMPLE_SMIMECAP 119 +# define PKCS7_F_PKCS7_VERIFY 117 + +/* + * PKCS7 reason codes. + */ +# define PKCS7_R_CERTIFICATE_VERIFY_ERROR 117 +# define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 144 +# define PKCS7_R_CIPHER_NOT_INITIALIZED 116 +# define PKCS7_R_CONTENT_AND_DATA_PRESENT 118 +# define PKCS7_R_CTRL_ERROR 152 +# define PKCS7_R_DECRYPT_ERROR 119 +# define PKCS7_R_DIGEST_FAILURE 101 +# define PKCS7_R_ENCRYPTION_CTRL_FAILURE 149 +# define PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 150 +# define PKCS7_R_ERROR_ADDING_RECIPIENT 120 +# define PKCS7_R_ERROR_SETTING_CIPHER 121 +# define PKCS7_R_INVALID_NULL_POINTER 143 +# define PKCS7_R_INVALID_SIGNED_DATA_TYPE 155 +# define PKCS7_R_NO_CONTENT 122 +# define PKCS7_R_NO_DEFAULT_DIGEST 151 +# define PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND 154 +# define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115 +# define PKCS7_R_NO_SIGNATURES_ON_DATA 123 +# define PKCS7_R_NO_SIGNERS 142 +# define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104 +# define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 124 +# define PKCS7_R_PKCS7_ADD_SIGNER_ERROR 153 +# define PKCS7_R_PKCS7_DATASIGN 145 +# define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 127 +# define PKCS7_R_SIGNATURE_FAILURE 105 +# define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND 128 +# define PKCS7_R_SIGNING_CTRL_FAILURE 147 +# define PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 148 +# define PKCS7_R_SMIME_TEXT_ERROR 129 +# define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 106 +# define PKCS7_R_UNABLE_TO_FIND_MEM_BIO 107 +# define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST 108 +# define PKCS7_R_UNKNOWN_DIGEST_TYPE 109 +# define PKCS7_R_UNKNOWN_OPERATION 110 +# define PKCS7_R_UNSUPPORTED_CIPHER_TYPE 111 +# define PKCS7_R_UNSUPPORTED_CONTENT_TYPE 112 +# define PKCS7_R_WRONG_CONTENT_TYPE 113 +# define PKCS7_R_WRONG_PKCS7_TYPE 114 + +#endif diff --git a/deps/openssl/openssl/include/openssl/rand.h b/deps/openssl/openssl/include/openssl/rand.h index d521ae192ae4aa..38a2a2718f8b8d 100644 --- a/deps/openssl/openssl/include/openssl/rand.h +++ b/deps/openssl/openssl/include/openssl/rand.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,77 +13,65 @@ # include # include # include +# include #ifdef __cplusplus extern "C" { #endif -/* Already defined in ossl_typ.h */ -/* typedef struct rand_meth_st RAND_METHOD; */ - struct rand_meth_st { int (*seed) (const void *buf, int num); int (*bytes) (unsigned char *buf, int num); void (*cleanup) (void); - int (*add) (const void *buf, int num, double entropy); + int (*add) (const void *buf, int num, double randomness); int (*pseudorand) (unsigned char *buf, int num); int (*status) (void); }; -# ifdef BN_DEBUG -extern int rand_predictable; -# endif - int RAND_set_rand_method(const RAND_METHOD *meth); const RAND_METHOD *RAND_get_rand_method(void); # ifndef OPENSSL_NO_ENGINE int RAND_set_rand_engine(ENGINE *engine); # endif + RAND_METHOD *RAND_OpenSSL(void); -#if OPENSSL_API_COMPAT < 0x10100000L -# define RAND_cleanup() while(0) continue -#endif + +# if OPENSSL_API_COMPAT < 0x10100000L +# define RAND_cleanup() while(0) continue +# endif int RAND_bytes(unsigned char *buf, int num); +int RAND_priv_bytes(unsigned char *buf, int num); DEPRECATEDIN_1_1_0(int RAND_pseudo_bytes(unsigned char *buf, int num)) + void RAND_seed(const void *buf, int num); -#if defined(__ANDROID__) && defined(__NDK_FPABI__) +void RAND_keep_random_devices_open(int keep); + +# if defined(__ANDROID__) && defined(__NDK_FPABI__) __NDK_FPABI__ /* __attribute__((pcs("aapcs"))) on ARM */ -#endif -void RAND_add(const void *buf, int num, double entropy); +# endif +void RAND_add(const void *buf, int num, double randomness); int RAND_load_file(const char *file, long max_bytes); int RAND_write_file(const char *file); const char *RAND_file_name(char *file, size_t num); int RAND_status(void); + # ifndef OPENSSL_NO_EGD int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes); int RAND_egd(const char *path); int RAND_egd_bytes(const char *path, int bytes); # endif + int RAND_poll(void); -#if defined(_WIN32) && (defined(BASETYPES) || defined(_WINDEF_H)) +# if defined(_WIN32) && (defined(BASETYPES) || defined(_WINDEF_H)) /* application has to include in order to use these */ DEPRECATEDIN_1_1_0(void RAND_screen(void)) DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM)) -#endif - -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - -int ERR_load_RAND_strings(void); - -/* Error codes for the RAND functions. */ - -/* Function codes. */ -# define RAND_F_RAND_BYTES 100 +# endif -/* Reason codes. */ -# define RAND_R_PRNG_NOT_SEEDED 100 -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif + #endif diff --git a/deps/openssl/openssl/include/openssl/rand_drbg.h b/deps/openssl/openssl/include/openssl/rand_drbg.h new file mode 100644 index 00000000000000..45b731b73c261e --- /dev/null +++ b/deps/openssl/openssl/include/openssl/rand_drbg.h @@ -0,0 +1,130 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_DRBG_RAND_H +# define HEADER_DRBG_RAND_H + +# include +# include +# include + +/* + * RAND_DRBG flags + * + * Note: if new flags are added, the constant `rand_drbg_used_flags` + * in drbg_lib.c needs to be updated accordingly. + */ + +/* In CTR mode, disable derivation function ctr_df */ +# define RAND_DRBG_FLAG_CTR_NO_DF 0x1 + + +# if OPENSSL_API_COMPAT < 0x10200000L +/* This #define was replaced by an internal constant and should not be used. */ +# define RAND_DRBG_USED_FLAGS (RAND_DRBG_FLAG_CTR_NO_DF) +# endif + +/* + * Default security strength (in the sense of [NIST SP 800-90Ar1]) + * + * NIST SP 800-90Ar1 supports the strength of the DRBG being smaller than that + * of the cipher by collecting less entropy. The current DRBG implementation + * does not take RAND_DRBG_STRENGTH into account and sets the strength of the + * DRBG to that of the cipher. + * + * RAND_DRBG_STRENGTH is currently only used for the legacy RAND + * implementation. + * + * Currently supported ciphers are: NID_aes_128_ctr, NID_aes_192_ctr and + * NID_aes_256_ctr + */ +# define RAND_DRBG_STRENGTH 256 +/* Default drbg type */ +# define RAND_DRBG_TYPE NID_aes_256_ctr +/* Default drbg flags */ +# define RAND_DRBG_FLAGS 0 + + +# ifdef __cplusplus +extern "C" { +# endif + +/* + * Object lifetime functions. + */ +RAND_DRBG *RAND_DRBG_new(int type, unsigned int flags, RAND_DRBG *parent); +RAND_DRBG *RAND_DRBG_secure_new(int type, unsigned int flags, RAND_DRBG *parent); +int RAND_DRBG_set(RAND_DRBG *drbg, int type, unsigned int flags); +int RAND_DRBG_set_defaults(int type, unsigned int flags); +int RAND_DRBG_instantiate(RAND_DRBG *drbg, + const unsigned char *pers, size_t perslen); +int RAND_DRBG_uninstantiate(RAND_DRBG *drbg); +void RAND_DRBG_free(RAND_DRBG *drbg); + +/* + * Object "use" functions. + */ +int RAND_DRBG_reseed(RAND_DRBG *drbg, + const unsigned char *adin, size_t adinlen, + int prediction_resistance); +int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, + int prediction_resistance, + const unsigned char *adin, size_t adinlen); +int RAND_DRBG_bytes(RAND_DRBG *drbg, unsigned char *out, size_t outlen); + +int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg, unsigned int interval); +int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, time_t interval); + +int RAND_DRBG_set_reseed_defaults( + unsigned int master_reseed_interval, + unsigned int slave_reseed_interval, + time_t master_reseed_time_interval, + time_t slave_reseed_time_interval + ); + +RAND_DRBG *RAND_DRBG_get0_master(void); +RAND_DRBG *RAND_DRBG_get0_public(void); +RAND_DRBG *RAND_DRBG_get0_private(void); + +/* + * EXDATA + */ +# define RAND_DRBG_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DRBG, l, p, newf, dupf, freef) +int RAND_DRBG_set_ex_data(RAND_DRBG *drbg, int idx, void *arg); +void *RAND_DRBG_get_ex_data(const RAND_DRBG *drbg, int idx); + +/* + * Callback function typedefs + */ +typedef size_t (*RAND_DRBG_get_entropy_fn)(RAND_DRBG *drbg, + unsigned char **pout, + int entropy, size_t min_len, + size_t max_len, + int prediction_resistance); +typedef void (*RAND_DRBG_cleanup_entropy_fn)(RAND_DRBG *ctx, + unsigned char *out, size_t outlen); +typedef size_t (*RAND_DRBG_get_nonce_fn)(RAND_DRBG *drbg, unsigned char **pout, + int entropy, size_t min_len, + size_t max_len); +typedef void (*RAND_DRBG_cleanup_nonce_fn)(RAND_DRBG *drbg, + unsigned char *out, size_t outlen); + +int RAND_DRBG_set_callbacks(RAND_DRBG *drbg, + RAND_DRBG_get_entropy_fn get_entropy, + RAND_DRBG_cleanup_entropy_fn cleanup_entropy, + RAND_DRBG_get_nonce_fn get_nonce, + RAND_DRBG_cleanup_nonce_fn cleanup_nonce); + + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/deps/openssl/openssl/include/openssl/randerr.h b/deps/openssl/openssl/include/openssl/randerr.h new file mode 100644 index 00000000000000..599a2a18d41ff0 --- /dev/null +++ b/deps/openssl/openssl/include/openssl/randerr.h @@ -0,0 +1,89 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_RANDERR_H +# define HEADER_RANDERR_H + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_RAND_strings(void); + +/* + * RAND function codes. + */ +# define RAND_F_DRBG_BYTES 101 +# define RAND_F_DRBG_GET_ENTROPY 105 +# define RAND_F_DRBG_SETUP 117 +# define RAND_F_GET_ENTROPY 106 +# define RAND_F_RAND_BYTES 100 +# define RAND_F_RAND_DRBG_ENABLE_LOCKING 119 +# define RAND_F_RAND_DRBG_GENERATE 107 +# define RAND_F_RAND_DRBG_GET_ENTROPY 120 +# define RAND_F_RAND_DRBG_GET_NONCE 123 +# define RAND_F_RAND_DRBG_INSTANTIATE 108 +# define RAND_F_RAND_DRBG_NEW 109 +# define RAND_F_RAND_DRBG_RESEED 110 +# define RAND_F_RAND_DRBG_RESTART 102 +# define RAND_F_RAND_DRBG_SET 104 +# define RAND_F_RAND_DRBG_SET_DEFAULTS 121 +# define RAND_F_RAND_DRBG_UNINSTANTIATE 118 +# define RAND_F_RAND_LOAD_FILE 111 +# define RAND_F_RAND_POOL_ACQUIRE_ENTROPY 122 +# define RAND_F_RAND_POOL_ADD 103 +# define RAND_F_RAND_POOL_ADD_BEGIN 113 +# define RAND_F_RAND_POOL_ADD_END 114 +# define RAND_F_RAND_POOL_ATTACH 124 +# define RAND_F_RAND_POOL_BYTES_NEEDED 115 +# define RAND_F_RAND_POOL_NEW 116 +# define RAND_F_RAND_WRITE_FILE 112 + +/* + * RAND reason codes. + */ +# define RAND_R_ADDITIONAL_INPUT_TOO_LONG 102 +# define RAND_R_ALREADY_INSTANTIATED 103 +# define RAND_R_ARGUMENT_OUT_OF_RANGE 105 +# define RAND_R_CANNOT_OPEN_FILE 121 +# define RAND_R_DRBG_ALREADY_INITIALIZED 129 +# define RAND_R_DRBG_NOT_INITIALISED 104 +# define RAND_R_ENTROPY_INPUT_TOO_LONG 106 +# define RAND_R_ENTROPY_OUT_OF_RANGE 124 +# define RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED 127 +# define RAND_R_ERROR_INITIALISING_DRBG 107 +# define RAND_R_ERROR_INSTANTIATING_DRBG 108 +# define RAND_R_ERROR_RETRIEVING_ADDITIONAL_INPUT 109 +# define RAND_R_ERROR_RETRIEVING_ENTROPY 110 +# define RAND_R_ERROR_RETRIEVING_NONCE 111 +# define RAND_R_FAILED_TO_CREATE_LOCK 126 +# define RAND_R_FUNC_NOT_IMPLEMENTED 101 +# define RAND_R_FWRITE_ERROR 123 +# define RAND_R_GENERATE_ERROR 112 +# define RAND_R_INTERNAL_ERROR 113 +# define RAND_R_IN_ERROR_STATE 114 +# define RAND_R_NOT_A_REGULAR_FILE 122 +# define RAND_R_NOT_INSTANTIATED 115 +# define RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED 128 +# define RAND_R_PARENT_LOCKING_NOT_ENABLED 130 +# define RAND_R_PARENT_STRENGTH_TOO_WEAK 131 +# define RAND_R_PERSONALISATION_STRING_TOO_LONG 116 +# define RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED 133 +# define RAND_R_PRNG_NOT_SEEDED 100 +# define RAND_R_RANDOM_POOL_OVERFLOW 125 +# define RAND_R_RANDOM_POOL_UNDERFLOW 134 +# define RAND_R_REQUEST_TOO_LARGE_FOR_DRBG 117 +# define RAND_R_RESEED_ERROR 118 +# define RAND_R_SELFTEST_FAILURE 119 +# define RAND_R_TOO_LITTLE_NONCE_REQUESTED 135 +# define RAND_R_TOO_MUCH_NONCE_REQUESTED 136 +# define RAND_R_UNSUPPORTED_DRBG_FLAGS 132 +# define RAND_R_UNSUPPORTED_DRBG_TYPE 120 + +#endif diff --git a/deps/openssl/openssl/include/openssl/rsa.h b/deps/openssl/openssl/include/openssl/rsa.h index 9c28329f1d8b8d..cdce1264eb5ccd 100644 --- a/deps/openssl/openssl/include/openssl/rsa.h +++ b/deps/openssl/openssl/include/openssl/rsa.h @@ -20,6 +20,7 @@ # if OPENSSL_API_COMPAT < 0x10100000L # include # endif +# include # ifdef __cplusplus extern "C" { # endif @@ -44,6 +45,12 @@ extern "C" { # define RSA_3 0x3L # define RSA_F4 0x10001L +/* based on RFC 8017 appendix A.1.2 */ +# define RSA_ASN1_VERSION_DEFAULT 0 +# define RSA_ASN1_VERSION_MULTI 1 + +# define RSA_DEFAULT_PRIME_NUM 2 + # define RSA_METHOD_FLAG_NO_CHECK 0x0001/* don't check pub/private * match */ @@ -86,58 +93,75 @@ extern "C" { # endif # define EVP_PKEY_CTX_set_rsa_padding(ctx, pad) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, EVP_PKEY_CTRL_RSA_PADDING, \ - pad, NULL) + RSA_pkey_ctx_ctrl(ctx, -1, EVP_PKEY_CTRL_RSA_PADDING, pad, NULL) # define EVP_PKEY_CTX_get_rsa_padding(ctx, ppad) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, \ - EVP_PKEY_CTRL_GET_RSA_PADDING, 0, ppad) + RSA_pkey_ctx_ctrl(ctx, -1, EVP_PKEY_CTRL_GET_RSA_PADDING, 0, ppad) # define EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, len) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \ - (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \ - EVP_PKEY_CTRL_RSA_PSS_SALTLEN, \ - len, NULL) + RSA_pkey_ctx_ctrl(ctx, (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \ + EVP_PKEY_CTRL_RSA_PSS_SALTLEN, len, NULL) +/* Salt length matches digest */ +# define RSA_PSS_SALTLEN_DIGEST -1 +/* Verify only: auto detect salt length */ +# define RSA_PSS_SALTLEN_AUTO -2 +/* Set salt length to maximum possible */ +# define RSA_PSS_SALTLEN_MAX -3 +/* Old compatible max salt length for sign only */ +# define RSA_PSS_SALTLEN_MAX_SIGN -2 + +# define EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_PSS_SALTLEN, len, NULL) # define EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx, plen) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \ - (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \ - EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN, \ - 0, plen) + RSA_pkey_ctx_ctrl(ctx, (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \ + EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN, 0, plen) # define EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \ - EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL) + RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL) # define EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \ - EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp) + RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp) + +# define EVP_PKEY_CTX_set_rsa_keygen_primes(ctx, primes) \ + RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES, primes, NULL) -# define EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \ - EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, \ - EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)md) +# define EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md) \ + RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)(md)) -# define EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ - EVP_PKEY_CTRL_RSA_OAEP_MD, 0, (void *)md) +# define EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_RSA_OAEP_MD, 0, (void *)(md)) # define EVP_PKEY_CTX_get_rsa_mgf1_md(ctx, pmd) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \ - EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, \ - EVP_PKEY_CTRL_GET_RSA_MGF1_MD, 0, (void *)pmd) + RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_GET_RSA_MGF1_MD, 0, (void *)(pmd)) # define EVP_PKEY_CTX_get_rsa_oaep_md(ctx, pmd) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ - EVP_PKEY_CTRL_GET_RSA_OAEP_MD, 0, (void *)pmd) + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_GET_RSA_OAEP_MD, 0, (void *)(pmd)) # define EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, l, llen) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ - EVP_PKEY_CTRL_RSA_OAEP_LABEL, llen, (void *)l) + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_RSA_OAEP_LABEL, llen, (void *)(l)) + +# define EVP_PKEY_CTX_get0_rsa_oaep_label(ctx, l) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, 0, (void *)(l)) -# define EVP_PKEY_CTX_get0_rsa_oaep_label(ctx, l) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ - EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, 0, (void *)l) +# define EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, \ + EVP_PKEY_OP_KEYGEN, EVP_PKEY_CTRL_MD, \ + 0, (void *)(md)) # define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1) # define EVP_PKEY_CTRL_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 2) @@ -156,6 +180,8 @@ extern "C" { # define EVP_PKEY_CTRL_GET_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 11) # define EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 12) +# define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES (EVP_PKEY_ALG_CTRL + 13) + # define RSA_PKCS1_PADDING 1 # define RSA_SSLV23_PADDING 2 # define RSA_NO_PADDING 3 @@ -178,15 +204,30 @@ int RSA_security_bits(const RSA *rsa); int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); int RSA_set0_crt_params(RSA *r,BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp); +int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[], + BIGNUM *coeffs[], int pnum); void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d); void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); +int RSA_get_multi_prime_extra_count(const RSA *r); +int RSA_get0_multi_prime_factors(const RSA *r, const BIGNUM *primes[]); void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, const BIGNUM **iqmp); +int RSA_get0_multi_prime_crt_params(const RSA *r, const BIGNUM *exps[], + const BIGNUM *coeffs[]); +const BIGNUM *RSA_get0_n(const RSA *d); +const BIGNUM *RSA_get0_e(const RSA *d); +const BIGNUM *RSA_get0_d(const RSA *d); +const BIGNUM *RSA_get0_p(const RSA *d); +const BIGNUM *RSA_get0_q(const RSA *d); +const BIGNUM *RSA_get0_dmp1(const RSA *r); +const BIGNUM *RSA_get0_dmq1(const RSA *r); +const BIGNUM *RSA_get0_iqmp(const RSA *r); void RSA_clear_flags(RSA *r, int flags); int RSA_test_flags(const RSA *r, int flags); void RSA_set_flags(RSA *r, int flags); +int RSA_get_version(RSA *r); ENGINE *RSA_get0_engine(const RSA *r); /* Deprecated version */ @@ -196,6 +237,9 @@ DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void /* New version */ int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); +/* Multi-prime version */ +int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes, + BIGNUM *e, BN_GENCB *cb); int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2, @@ -223,13 +267,14 @@ int RSA_flags(const RSA *r); void RSA_set_default_method(const RSA_METHOD *meth); const RSA_METHOD *RSA_get_default_method(void); +const RSA_METHOD *RSA_null_method(void); const RSA_METHOD *RSA_get_method(const RSA *rsa); int RSA_set_method(RSA *rsa, const RSA_METHOD *meth); /* these are the actual RSA functions */ const RSA_METHOD *RSA_PKCS1_OpenSSL(void); -const RSA_METHOD *RSA_null_method(void); +int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2); DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey) DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey) @@ -239,6 +284,8 @@ typedef struct rsa_pss_params_st { X509_ALGOR *maskGenAlgorithm; ASN1_INTEGER *saltLength; ASN1_INTEGER *trailerField; + /* Decoded hash algorithm from maskGenAlgorithm */ + X509_ALGOR *maskHash; } RSA_PSS_PARAMS; DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS) @@ -247,6 +294,8 @@ typedef struct rsa_oaep_params_st { X509_ALGOR *hashFunc; X509_ALGOR *maskGenFunc; X509_ALGOR *pSourceFunc; + /* Decoded hash algorithm from maskGenFunc */ + X509_ALGOR *maskHash; } RSA_OAEP_PARAMS; DECLARE_ASN1_FUNCTIONS(RSA_OAEP_PARAMS) @@ -449,139 +498,12 @@ int (*RSA_meth_get_keygen(const RSA_METHOD *meth)) int RSA_meth_set_keygen(RSA_METHOD *rsa, int (*keygen) (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)); - -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - -int ERR_load_RSA_strings(void); - -/* Error codes for the RSA functions. */ - -/* Function codes. */ -# define RSA_F_CHECK_PADDING_MD 140 -# define RSA_F_ENCODE_PKCS1 146 -# define RSA_F_INT_RSA_VERIFY 145 -# define RSA_F_OLD_RSA_PRIV_DECODE 147 -# define RSA_F_PKEY_RSA_CTRL 143 -# define RSA_F_PKEY_RSA_CTRL_STR 144 -# define RSA_F_PKEY_RSA_SIGN 142 -# define RSA_F_PKEY_RSA_VERIFY 149 -# define RSA_F_PKEY_RSA_VERIFYRECOVER 141 -# define RSA_F_RSA_ALGOR_TO_MD 156 -# define RSA_F_RSA_BUILTIN_KEYGEN 129 -# define RSA_F_RSA_CHECK_KEY 123 -# define RSA_F_RSA_CHECK_KEY_EX 160 -# define RSA_F_RSA_CMS_DECRYPT 159 -# define RSA_F_RSA_ITEM_VERIFY 148 -# define RSA_F_RSA_METH_DUP 161 -# define RSA_F_RSA_METH_NEW 162 -# define RSA_F_RSA_METH_SET1_NAME 163 -# define RSA_F_RSA_MGF1_TO_MD 157 -# define RSA_F_RSA_NEW_METHOD 106 -# define RSA_F_RSA_NULL 124 -# define RSA_F_RSA_NULL_PRIVATE_DECRYPT 132 -# define RSA_F_RSA_NULL_PRIVATE_ENCRYPT 133 -# define RSA_F_RSA_NULL_PUBLIC_DECRYPT 134 -# define RSA_F_RSA_NULL_PUBLIC_ENCRYPT 135 -# define RSA_F_RSA_OSSL_PRIVATE_DECRYPT 101 -# define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT 102 -# define RSA_F_RSA_OSSL_PUBLIC_DECRYPT 103 -# define RSA_F_RSA_OSSL_PUBLIC_ENCRYPT 104 -# define RSA_F_RSA_PADDING_ADD_NONE 107 -# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121 -# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1 154 -# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125 -# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 152 -# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108 -# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109 -# define RSA_F_RSA_PADDING_ADD_SSLV23 110 -# define RSA_F_RSA_PADDING_ADD_X931 127 -# define RSA_F_RSA_PADDING_CHECK_NONE 111 -# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122 -# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1 153 -# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112 -# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113 -# define RSA_F_RSA_PADDING_CHECK_SSLV23 114 -# define RSA_F_RSA_PADDING_CHECK_X931 128 -# define RSA_F_RSA_PRINT 115 -# define RSA_F_RSA_PRINT_FP 116 -# define RSA_F_RSA_PRIV_ENCODE 138 -# define RSA_F_RSA_PSS_TO_CTX 155 -# define RSA_F_RSA_PUB_DECODE 139 -# define RSA_F_RSA_SETUP_BLINDING 136 -# define RSA_F_RSA_SIGN 117 -# define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 -# define RSA_F_RSA_VERIFY 119 -# define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120 -# define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 126 - -/* Reason codes. */ -# define RSA_R_ALGORITHM_MISMATCH 100 -# define RSA_R_BAD_E_VALUE 101 -# define RSA_R_BAD_FIXED_HEADER_DECRYPT 102 -# define RSA_R_BAD_PAD_BYTE_COUNT 103 -# define RSA_R_BAD_SIGNATURE 104 -# define RSA_R_BLOCK_TYPE_IS_NOT_01 106 -# define RSA_R_BLOCK_TYPE_IS_NOT_02 107 -# define RSA_R_DATA_GREATER_THAN_MOD_LEN 108 -# define RSA_R_DATA_TOO_LARGE 109 -# define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110 -# define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 132 -# define RSA_R_DATA_TOO_SMALL 111 -# define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122 -# define RSA_R_DIGEST_DOES_NOT_MATCH 158 -# define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112 -# define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124 -# define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125 -# define RSA_R_D_E_NOT_CONGRUENT_TO_1 123 -# define RSA_R_FIRST_OCTET_INVALID 133 -# define RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 144 -# define RSA_R_INVALID_DIGEST 157 -# define RSA_R_INVALID_DIGEST_LENGTH 143 -# define RSA_R_INVALID_HEADER 137 -# define RSA_R_INVALID_LABEL 160 -# define RSA_R_INVALID_MESSAGE_LENGTH 131 -# define RSA_R_INVALID_MGF1_MD 156 -# define RSA_R_INVALID_OAEP_PARAMETERS 161 -# define RSA_R_INVALID_PADDING 138 -# define RSA_R_INVALID_PADDING_MODE 141 -# define RSA_R_INVALID_PSS_PARAMETERS 149 -# define RSA_R_INVALID_PSS_SALTLEN 146 -# define RSA_R_INVALID_SALT_LENGTH 150 -# define RSA_R_INVALID_TRAILER 139 -# define RSA_R_INVALID_X931_DIGEST 142 -# define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 -# define RSA_R_KEY_SIZE_TOO_SMALL 120 -# define RSA_R_LAST_OCTET_INVALID 134 -# define RSA_R_MODULUS_TOO_LARGE 105 -# define RSA_R_NO_PUBLIC_EXPONENT 140 -# define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 -# define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 -# define RSA_R_OAEP_DECODING_ERROR 121 -# define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 -# define RSA_R_PADDING_CHECK_FAILED 114 -# define RSA_R_PKCS_DECODING_ERROR 159 -# define RSA_R_P_NOT_PRIME 128 -# define RSA_R_Q_NOT_PRIME 129 -# define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130 -# define RSA_R_SLEN_CHECK_FAILED 136 -# define RSA_R_SLEN_RECOVERY_FAILED 135 -# define RSA_R_SSLV3_ROLLBACK_ATTACK 115 -# define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 -# define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 -# define RSA_R_UNKNOWN_DIGEST 166 -# define RSA_R_UNKNOWN_MASK_DIGEST 151 -# define RSA_R_UNKNOWN_PADDING_TYPE 118 -# define RSA_R_UNSUPPORTED_ENCRYPTION_TYPE 162 -# define RSA_R_UNSUPPORTED_LABEL_SOURCE 163 -# define RSA_R_UNSUPPORTED_MASK_ALGORITHM 153 -# define RSA_R_UNSUPPORTED_MASK_PARAMETER 154 -# define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155 -# define RSA_R_VALUE_MISSING 147 -# define RSA_R_WRONG_SIGNATURE_LENGTH 119 +int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth)) + (RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb); +int RSA_meth_set_multi_prime_keygen(RSA_METHOD *meth, + int (*keygen) (RSA *rsa, int bits, + int primes, BIGNUM *e, + BN_GENCB *cb)); # ifdef __cplusplus } diff --git a/deps/openssl/openssl/include/openssl/rsaerr.h b/deps/openssl/openssl/include/openssl/rsaerr.h new file mode 100644 index 00000000000000..d5bc01c1021848 --- /dev/null +++ b/deps/openssl/openssl/include/openssl/rsaerr.h @@ -0,0 +1,162 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_RSAERR_H +# define HEADER_RSAERR_H + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_RSA_strings(void); + +/* + * RSA function codes. + */ +# define RSA_F_CHECK_PADDING_MD 140 +# define RSA_F_ENCODE_PKCS1 146 +# define RSA_F_INT_RSA_VERIFY 145 +# define RSA_F_OLD_RSA_PRIV_DECODE 147 +# define RSA_F_PKEY_PSS_INIT 165 +# define RSA_F_PKEY_RSA_CTRL 143 +# define RSA_F_PKEY_RSA_CTRL_STR 144 +# define RSA_F_PKEY_RSA_SIGN 142 +# define RSA_F_PKEY_RSA_VERIFY 149 +# define RSA_F_PKEY_RSA_VERIFYRECOVER 141 +# define RSA_F_RSA_ALGOR_TO_MD 156 +# define RSA_F_RSA_BUILTIN_KEYGEN 129 +# define RSA_F_RSA_CHECK_KEY 123 +# define RSA_F_RSA_CHECK_KEY_EX 160 +# define RSA_F_RSA_CMS_DECRYPT 159 +# define RSA_F_RSA_CMS_VERIFY 158 +# define RSA_F_RSA_ITEM_VERIFY 148 +# define RSA_F_RSA_METH_DUP 161 +# define RSA_F_RSA_METH_NEW 162 +# define RSA_F_RSA_METH_SET1_NAME 163 +# define RSA_F_RSA_MGF1_TO_MD 157 +# define RSA_F_RSA_MULTIP_INFO_NEW 166 +# define RSA_F_RSA_NEW_METHOD 106 +# define RSA_F_RSA_NULL 124 +# define RSA_F_RSA_NULL_PRIVATE_DECRYPT 132 +# define RSA_F_RSA_NULL_PRIVATE_ENCRYPT 133 +# define RSA_F_RSA_NULL_PUBLIC_DECRYPT 134 +# define RSA_F_RSA_NULL_PUBLIC_ENCRYPT 135 +# define RSA_F_RSA_OSSL_PRIVATE_DECRYPT 101 +# define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT 102 +# define RSA_F_RSA_OSSL_PUBLIC_DECRYPT 103 +# define RSA_F_RSA_OSSL_PUBLIC_ENCRYPT 104 +# define RSA_F_RSA_PADDING_ADD_NONE 107 +# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121 +# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1 154 +# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125 +# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 152 +# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108 +# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109 +# define RSA_F_RSA_PADDING_ADD_SSLV23 110 +# define RSA_F_RSA_PADDING_ADD_X931 127 +# define RSA_F_RSA_PADDING_CHECK_NONE 111 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1 153 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112 +# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113 +# define RSA_F_RSA_PADDING_CHECK_SSLV23 114 +# define RSA_F_RSA_PADDING_CHECK_X931 128 +# define RSA_F_RSA_PARAM_DECODE 164 +# define RSA_F_RSA_PRINT 115 +# define RSA_F_RSA_PRINT_FP 116 +# define RSA_F_RSA_PRIV_DECODE 150 +# define RSA_F_RSA_PRIV_ENCODE 138 +# define RSA_F_RSA_PSS_GET_PARAM 151 +# define RSA_F_RSA_PSS_TO_CTX 155 +# define RSA_F_RSA_PUB_DECODE 139 +# define RSA_F_RSA_SETUP_BLINDING 136 +# define RSA_F_RSA_SIGN 117 +# define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 +# define RSA_F_RSA_VERIFY 119 +# define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120 +# define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 126 +# define RSA_F_SETUP_TBUF 167 + +/* + * RSA reason codes. + */ +# define RSA_R_ALGORITHM_MISMATCH 100 +# define RSA_R_BAD_E_VALUE 101 +# define RSA_R_BAD_FIXED_HEADER_DECRYPT 102 +# define RSA_R_BAD_PAD_BYTE_COUNT 103 +# define RSA_R_BAD_SIGNATURE 104 +# define RSA_R_BLOCK_TYPE_IS_NOT_01 106 +# define RSA_R_BLOCK_TYPE_IS_NOT_02 107 +# define RSA_R_DATA_GREATER_THAN_MOD_LEN 108 +# define RSA_R_DATA_TOO_LARGE 109 +# define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110 +# define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 132 +# define RSA_R_DATA_TOO_SMALL 111 +# define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122 +# define RSA_R_DIGEST_DOES_NOT_MATCH 158 +# define RSA_R_DIGEST_NOT_ALLOWED 145 +# define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112 +# define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124 +# define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125 +# define RSA_R_D_E_NOT_CONGRUENT_TO_1 123 +# define RSA_R_FIRST_OCTET_INVALID 133 +# define RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 144 +# define RSA_R_INVALID_DIGEST 157 +# define RSA_R_INVALID_DIGEST_LENGTH 143 +# define RSA_R_INVALID_HEADER 137 +# define RSA_R_INVALID_LABEL 160 +# define RSA_R_INVALID_MESSAGE_LENGTH 131 +# define RSA_R_INVALID_MGF1_MD 156 +# define RSA_R_INVALID_MULTI_PRIME_KEY 167 +# define RSA_R_INVALID_OAEP_PARAMETERS 161 +# define RSA_R_INVALID_PADDING 138 +# define RSA_R_INVALID_PADDING_MODE 141 +# define RSA_R_INVALID_PSS_PARAMETERS 149 +# define RSA_R_INVALID_PSS_SALTLEN 146 +# define RSA_R_INVALID_SALT_LENGTH 150 +# define RSA_R_INVALID_TRAILER 139 +# define RSA_R_INVALID_X931_DIGEST 142 +# define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 +# define RSA_R_KEY_PRIME_NUM_INVALID 165 +# define RSA_R_KEY_SIZE_TOO_SMALL 120 +# define RSA_R_LAST_OCTET_INVALID 134 +# define RSA_R_MGF1_DIGEST_NOT_ALLOWED 152 +# define RSA_R_MODULUS_TOO_LARGE 105 +# define RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R 168 +# define RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D 169 +# define RSA_R_MP_R_NOT_PRIME 170 +# define RSA_R_NO_PUBLIC_EXPONENT 140 +# define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 +# define RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES 172 +# define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 +# define RSA_R_OAEP_DECODING_ERROR 121 +# define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 +# define RSA_R_PADDING_CHECK_FAILED 114 +# define RSA_R_PKCS_DECODING_ERROR 159 +# define RSA_R_PSS_SALTLEN_TOO_SMALL 164 +# define RSA_R_P_NOT_PRIME 128 +# define RSA_R_Q_NOT_PRIME 129 +# define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130 +# define RSA_R_SLEN_CHECK_FAILED 136 +# define RSA_R_SLEN_RECOVERY_FAILED 135 +# define RSA_R_SSLV3_ROLLBACK_ATTACK 115 +# define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 +# define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 +# define RSA_R_UNKNOWN_DIGEST 166 +# define RSA_R_UNKNOWN_MASK_DIGEST 151 +# define RSA_R_UNKNOWN_PADDING_TYPE 118 +# define RSA_R_UNSUPPORTED_ENCRYPTION_TYPE 162 +# define RSA_R_UNSUPPORTED_LABEL_SOURCE 163 +# define RSA_R_UNSUPPORTED_MASK_ALGORITHM 153 +# define RSA_R_UNSUPPORTED_MASK_PARAMETER 154 +# define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155 +# define RSA_R_VALUE_MISSING 147 +# define RSA_R_WRONG_SIGNATURE_LENGTH 119 + +#endif diff --git a/deps/openssl/openssl/include/openssl/safestack.h b/deps/openssl/openssl/include/openssl/safestack.h index 9fe733c24e4f3c..7438b193608ca3 100644 --- a/deps/openssl/openssl/include/openssl/safestack.h +++ b/deps/openssl/openssl/include/openssl/safestack.h @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -40,6 +40,14 @@ extern "C" { { \ return (STACK_OF(t1) *)OPENSSL_sk_new_null(); \ } \ + static ossl_inline STACK_OF(t1) *sk_##t1##_new_reserve(sk_##t1##_compfunc compare, int n) \ + { \ + return (STACK_OF(t1) *)OPENSSL_sk_new_reserve((OPENSSL_sk_compfunc)compare, n); \ + } \ + static ossl_inline int sk_##t1##_reserve(STACK_OF(t1) *sk, int n) \ + { \ + return OPENSSL_sk_reserve((OPENSSL_STACK *)sk, n); \ + } \ static ossl_inline void sk_##t1##_free(STACK_OF(t1) *sk) \ { \ OPENSSL_sk_free((OPENSSL_STACK *)sk); \ diff --git a/deps/openssl/openssl/include/openssl/srp.h b/deps/openssl/openssl/include/openssl/srp.h index f2b6ec750d51ea..aaf13558e3cb4c 100644 --- a/deps/openssl/openssl/include/openssl/srp.h +++ b/deps/openssl/openssl/include/openssl/srp.h @@ -1,10 +1,14 @@ /* - * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2004, EdelKey Project. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html + * + * Originally written by Christophe Renou and Peter Sylvester, + * for the EdelKey project. */ #ifndef HEADER_SRP_H diff --git a/deps/openssl/openssl/include/openssl/ssl.h b/deps/openssl/openssl/include/openssl/ssl.h index 56e2056260d63e..d6b1b4e6a67032 100644 --- a/deps/openssl/openssl/include/openssl/ssl.h +++ b/deps/openssl/openssl/include/openssl/ssl.h @@ -1,5 +1,7 @@ /* * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * Copyright 2005 Nokia. All rights reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,38 +9,6 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECC cipher suite support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - #ifndef HEADER_SSL_H # define HEADER_SSL_H @@ -49,9 +19,9 @@ # if OPENSSL_API_COMPAT < 0x10100000L # include # include -# include # include # endif +# include # include # include # include @@ -59,6 +29,7 @@ # include # include # include +# include #ifdef __cplusplus extern "C" { @@ -155,6 +126,10 @@ extern "C" { # define SSL_TXT_CAMELLIA "CAMELLIA" # define SSL_TXT_CHACHA20 "CHACHA20" # define SSL_TXT_GOST "GOST89" +# define SSL_TXT_ARIA "ARIA" +# define SSL_TXT_ARIA_GCM "ARIAGCM" +# define SSL_TXT_ARIA128 "ARIA128" +# define SSL_TXT_ARIA256 "ARIA256" # define SSL_TXT_MD5 "MD5" # define SSL_TXT_SHA1 "SHA1" @@ -193,8 +168,18 @@ extern "C" { /* * The following cipher list is used by default. It also is substituted when * an application-defined cipher list string starts with 'DEFAULT'. + * This applies to ciphersuites for TLSv1.2 and below. */ # define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL" +/* This is the default set of TLSv1.3 ciphersuites */ +# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) +# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \ + "TLS_CHACHA20_POLY1305_SHA256:" \ + "TLS_AES_128_GCM_SHA256" +# else +# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \ + "TLS_AES_128_GCM_SHA256" +#endif /* * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always * starts with a reasonable order, and all we have to do for DEFAULT is @@ -241,34 +226,95 @@ typedef struct srtp_protection_profile_st { DEFINE_STACK_OF(SRTP_PROTECTION_PROFILE) -typedef int (*tls_session_ticket_ext_cb_fn) (SSL *s, - const unsigned char *data, - int len, void *arg); -typedef int (*tls_session_secret_cb_fn) (SSL *s, void *secret, - int *secret_len, - STACK_OF(SSL_CIPHER) *peer_ciphers, - const SSL_CIPHER **cipher, void *arg); +typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, + int len, void *arg); +typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, + STACK_OF(SSL_CIPHER) *peer_ciphers, + const SSL_CIPHER **cipher, void *arg); + +/* Extension context codes */ +/* This extension is only allowed in TLS */ +#define SSL_EXT_TLS_ONLY 0x0001 +/* This extension is only allowed in DTLS */ +#define SSL_EXT_DTLS_ONLY 0x0002 +/* Some extensions may be allowed in DTLS but we don't implement them for it */ +#define SSL_EXT_TLS_IMPLEMENTATION_ONLY 0x0004 +/* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */ +#define SSL_EXT_SSL3_ALLOWED 0x0008 +/* Extension is only defined for TLS1.2 and below */ +#define SSL_EXT_TLS1_2_AND_BELOW_ONLY 0x0010 +/* Extension is only defined for TLS1.3 and above */ +#define SSL_EXT_TLS1_3_ONLY 0x0020 +/* Ignore this extension during parsing if we are resuming */ +#define SSL_EXT_IGNORE_ON_RESUMPTION 0x0040 +#define SSL_EXT_CLIENT_HELLO 0x0080 +/* Really means TLS1.2 or below */ +#define SSL_EXT_TLS1_2_SERVER_HELLO 0x0100 +#define SSL_EXT_TLS1_3_SERVER_HELLO 0x0200 +#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS 0x0400 +#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST 0x0800 +#define SSL_EXT_TLS1_3_CERTIFICATE 0x1000 +#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET 0x2000 +#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST 0x4000 /* Typedefs for handling custom extensions */ -typedef int (*custom_ext_add_cb) (SSL *s, unsigned int ext_type, - const unsigned char **out, - size_t *outlen, int *al, void *add_arg); +typedef int (*custom_ext_add_cb)(SSL *s, unsigned int ext_type, + const unsigned char **out, size_t *outlen, + int *al, void *add_arg); + +typedef void (*custom_ext_free_cb)(SSL *s, unsigned int ext_type, + const unsigned char *out, void *add_arg); + +typedef int (*custom_ext_parse_cb)(SSL *s, unsigned int ext_type, + const unsigned char *in, size_t inlen, + int *al, void *parse_arg); -typedef void (*custom_ext_free_cb) (SSL *s, unsigned int ext_type, - const unsigned char *out, void *add_arg); -typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type, - const unsigned char *in, - size_t inlen, int *al, void *parse_arg); +typedef int (*SSL_custom_ext_add_cb_ex)(SSL *s, unsigned int ext_type, + unsigned int context, + const unsigned char **out, + size_t *outlen, X509 *x, + size_t chainidx, + int *al, void *add_arg); + +typedef void (*SSL_custom_ext_free_cb_ex)(SSL *s, unsigned int ext_type, + unsigned int context, + const unsigned char *out, + void *add_arg); + +typedef int (*SSL_custom_ext_parse_cb_ex)(SSL *s, unsigned int ext_type, + unsigned int context, + const unsigned char *in, + size_t inlen, X509 *x, + size_t chainidx, + int *al, void *parse_arg); /* Typedef for verification callback */ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); +/* + * Some values are reserved until OpenSSL 1.2.0 because they were previously + * included in SSL_OP_ALL in a 1.1.x release. + * + * Reserved value (until OpenSSL 1.2.0) 0x00000001U + * Reserved value (until OpenSSL 1.2.0) 0x00000002U + */ /* Allow initial connection to servers that don't support RI */ # define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004U + +/* Reserved value (until OpenSSL 1.2.0) 0x00000008U */ # define SSL_OP_TLSEXT_PADDING 0x00000010U +/* Reserved value (until OpenSSL 1.2.0) 0x00000020U */ # define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040U +/* + * Reserved value (until OpenSSL 1.2.0) 0x00000080U + * Reserved value (until OpenSSL 1.2.0) 0x00000100U + * Reserved value (until OpenSSL 1.2.0) 0x00000200U + */ + +/* In TLSv1.3 allow a non-(ec)dhe based kex_mode */ +# define SSL_OP_ALLOW_NO_DHE_KEX 0x00000400U /* * Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added in @@ -299,6 +345,17 @@ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); # define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000U /* Disable encrypt-then-mac */ # define SSL_OP_NO_ENCRYPT_THEN_MAC 0x00080000U + +/* + * Enable TLSv1.3 Compatibility mode. This is on by default. A future version + * of OpenSSL may have this disabled by default. + */ +# define SSL_OP_ENABLE_MIDDLEBOX_COMPAT 0x00100000U + +/* Prioritize Chacha20Poly1305 when client does. + * Modifies SSL_OP_CIPHER_SERVER_PREFERENCE */ +# define SSL_OP_PRIORITIZE_CHACHA 0x00200000U + /* * Set on servers to choose the cipher according to the server's preferences */ @@ -311,16 +368,23 @@ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); */ # define SSL_OP_TLS_ROLLBACK_BUG 0x00800000U +/* + * Switches off automatic TLSv1.3 anti-replay protection for early data. This + * is a server-side option only (no effect on the client). + */ +# define SSL_OP_NO_ANTI_REPLAY 0x01000000U + # define SSL_OP_NO_SSLv3 0x02000000U # define SSL_OP_NO_TLSv1 0x04000000U # define SSL_OP_NO_TLSv1_2 0x08000000U # define SSL_OP_NO_TLSv1_1 0x10000000U +# define SSL_OP_NO_TLSv1_3 0x20000000U # define SSL_OP_NO_DTLSv1 0x04000000U # define SSL_OP_NO_DTLSv1_2 0x08000000U # define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3|\ - SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2) + SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2|SSL_OP_NO_TLSv1_3) # define SSL_OP_NO_DTLS_MASK (SSL_OP_NO_DTLSv1|SSL_OP_NO_DTLSv1_2) /* Disallow all renegotiation */ @@ -381,7 +445,7 @@ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); # define SSL_OP_PKCS1_CHECK_1 0x0 /* Removed from OpenSSL 1.0.1. Was 0x10000000L */ # define SSL_OP_PKCS1_CHECK_2 0x0 -/* Removed from OpenSSL 1.1.0. Was 0x20000000L */ +/* Removed from OpenSSL 1.1.0. Was 0x20000000L */ # define SSL_OP_NETSCAPE_CA_DN_BUG 0x0 /* Removed from OpenSSL 1.1.0. Was 0x40000000L */ # define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x0 @@ -406,8 +470,7 @@ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); # define SSL_MODE_NO_AUTO_CHAIN 0x00000008U /* * Save RAM by releasing read and write buffers when they're empty. (SSL3 and - * TLS only.) "Released" buffers are put onto a free-list in the context or - * just freed (depending on the context's setting for freelist_max_len). + * TLS only.) Released buffers are freed. */ # define SSL_MODE_RELEASE_BUFFERS 0x00000010U /* @@ -496,13 +559,16 @@ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); # define SSL_CONF_TYPE_DIR 0x3 # define SSL_CONF_TYPE_NONE 0x4 +/* Maximum length of the application-controlled segment of a a TLSv1.3 cookie */ +# define SSL_COOKIE_LENGTH 4096 + /* * Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, they * cannot be used to clear bits. */ unsigned long SSL_CTX_get_options(const SSL_CTX *ctx); -unsigned long SSL_get_options(const SSL* s); +unsigned long SSL_get_options(const SSL *s); unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op); unsigned long SSL_clear_options(SSL *s, unsigned long op); unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op); @@ -587,7 +653,7 @@ __owur int SRP_Calc_A_param(SSL *s); * bytes. The callback can alter this length to be less if desired. It is * also an error for the callback to set the size to zero. */ -typedef int (*GEN_SESSION_CB) (const SSL *ssl, unsigned char *id, +typedef int (*GEN_SESSION_CB) (SSL *ssl, unsigned char *id, unsigned int *id_len); # define SSL_SESS_CACHE_OFF 0x0000 @@ -635,8 +701,7 @@ int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (struct ssl_st *ssl, void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*remove_session_cb) (struct ssl_ctx_st *ctx, - SSL_SESSION - *sess)); + SSL_SESSION *sess)); void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (struct ssl_ctx_st *ctx, SSL_SESSION *sess); void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, @@ -649,8 +714,7 @@ SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (struct ssl_st *ssl, const unsigned char *data, int len, int *copy); void SSL_CTX_set_info_callback(SSL_CTX *ctx, - void (*cb) (const SSL *ssl, int type, - int val)); + void (*cb) (const SSL *ssl, int type, int val)); void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type, int val); void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, @@ -669,32 +733,52 @@ void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, *cookie_len)); void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb) (SSL *ssl, - const unsigned char - *cookie, + const unsigned + char *cookie, unsigned int cookie_len)); + +void SSL_CTX_set_stateless_cookie_generate_cb( + SSL_CTX *ctx, + int (*gen_stateless_cookie_cb) (SSL *ssl, + unsigned char *cookie, + size_t *cookie_len)); +void SSL_CTX_set_stateless_cookie_verify_cb( + SSL_CTX *ctx, + int (*verify_stateless_cookie_cb) (SSL *ssl, + const unsigned char *cookie, + size_t cookie_len)); # ifndef OPENSSL_NO_NEXTPROTONEG + +typedef int (*SSL_CTX_npn_advertised_cb_func)(SSL *ssl, + const unsigned char **out, + unsigned int *outlen, + void *arg); void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, - int (*cb) (SSL *ssl, - const unsigned char - **out, - unsigned int *outlen, - void *arg), void *arg); + SSL_CTX_npn_advertised_cb_func cb, + void *arg); +# define SSL_CTX_set_npn_advertised_cb SSL_CTX_set_next_protos_advertised_cb + +typedef int (*SSL_CTX_npn_select_cb_func)(SSL *s, + unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, + void *arg); void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, - int (*cb) (SSL *ssl, - unsigned char **out, - unsigned char *outlen, - const unsigned char *in, - unsigned int inlen, - void *arg), void *arg); + SSL_CTX_npn_select_cb_func cb, + void *arg); +# define SSL_CTX_set_npn_select_cb SSL_CTX_set_next_proto_select_cb + void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigned *len); +# define SSL_get0_npn_negotiated SSL_get0_next_proto_negotiated # endif __owur int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, - const unsigned char *in, unsigned int inlen, - const unsigned char *client, - unsigned int client_len); + const unsigned char *in, unsigned int inlen, + const unsigned char *client, + unsigned int client_len); # define OPENSSL_NPN_UNSUPPORTED 0 # define OPENSSL_NPN_NEGOTIATED 1 @@ -704,13 +788,15 @@ __owur int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, unsigned int protos_len); __owur int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, unsigned int protos_len); -void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, - int (*cb) (SSL *ssl, +typedef int (*SSL_CTX_alpn_select_cb_func)(SSL *ssl, const unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, - void *arg), void *arg); + void *arg); +void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, + SSL_CTX_alpn_select_cb_func cb, + void *arg); void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, unsigned int *len); @@ -721,87 +807,71 @@ void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, */ # define PSK_MAX_IDENTITY_LEN 128 # define PSK_MAX_PSK_LEN 256 -void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, - unsigned int (*psk_client_callback) (SSL - *ssl, - const - char - *hint, - char - *identity, - unsigned - int - max_identity_len, - unsigned - char - *psk, - unsigned - int - max_psk_len)); -void SSL_set_psk_client_callback(SSL *ssl, - unsigned int (*psk_client_callback) (SSL - *ssl, - const - char - *hint, - char - *identity, - unsigned - int - max_identity_len, - unsigned - char - *psk, - unsigned - int - max_psk_len)); -void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, - unsigned int (*psk_server_callback) (SSL - *ssl, - const - char - *identity, - unsigned - char - *psk, - unsigned - int - max_psk_len)); -void SSL_set_psk_server_callback(SSL *ssl, - unsigned int (*psk_server_callback) (SSL - *ssl, - const - char - *identity, - unsigned - char - *psk, - unsigned - int - max_psk_len)); +typedef unsigned int (*SSL_psk_client_cb_func)(SSL *ssl, + const char *hint, + char *identity, + unsigned int max_identity_len, + unsigned char *psk, + unsigned int max_psk_len); +void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb); +void SSL_set_psk_client_callback(SSL *ssl, SSL_psk_client_cb_func cb); + +typedef unsigned int (*SSL_psk_server_cb_func)(SSL *ssl, + const char *identity, + unsigned char *psk, + unsigned int max_psk_len); +void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb); +void SSL_set_psk_server_callback(SSL *ssl, SSL_psk_server_cb_func cb); + __owur int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint); __owur int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint); const char *SSL_get_psk_identity_hint(const SSL *s); const char *SSL_get_psk_identity(const SSL *s); # endif +typedef int (*SSL_psk_find_session_cb_func)(SSL *ssl, + const unsigned char *identity, + size_t identity_len, + SSL_SESSION **sess); +typedef int (*SSL_psk_use_session_cb_func)(SSL *ssl, const EVP_MD *md, + const unsigned char **id, + size_t *idlen, + SSL_SESSION **sess); + +void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb); +void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx, + SSL_psk_find_session_cb_func cb); +void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb); +void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx, + SSL_psk_use_session_cb_func cb); + /* Register callbacks to handle custom TLS Extensions for client or server. */ __owur int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, unsigned int ext_type); -__owur int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type, - custom_ext_add_cb add_cb, - custom_ext_free_cb free_cb, +__owur int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, + unsigned int ext_type, + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, + void *parse_arg); + +__owur int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, + unsigned int ext_type, + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, + void *parse_arg); + +__owur int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type, + unsigned int context, + SSL_custom_ext_add_cb_ex add_cb, + SSL_custom_ext_free_cb_ex free_cb, void *add_arg, - custom_ext_parse_cb parse_cb, - void *parse_arg); - -__owur int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type, - custom_ext_add_cb add_cb, - custom_ext_free_cb free_cb, - void *add_arg, - custom_ext_parse_cb parse_cb, + SSL_custom_ext_parse_cb_ex parse_cb, void *parse_arg); __owur int SSL_extension_supported(unsigned int ext_type); @@ -812,18 +882,48 @@ __owur int SSL_extension_supported(unsigned int ext_type); # define SSL_X509_LOOKUP 4 # define SSL_ASYNC_PAUSED 5 # define SSL_ASYNC_NO_JOBS 6 +# define SSL_CLIENT_HELLO_CB 7 /* These will only be used when doing non-blocking IO */ -# define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) -# define SSL_want_read(s) (SSL_want(s) == SSL_READING) -# define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) -# define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) -# define SSL_want_async(s) (SSL_want(s) == SSL_ASYNC_PAUSED) -# define SSL_want_async_job(s) (SSL_want(s) == SSL_ASYNC_NO_JOBS) +# define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) +# define SSL_want_read(s) (SSL_want(s) == SSL_READING) +# define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) +# define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) +# define SSL_want_async(s) (SSL_want(s) == SSL_ASYNC_PAUSED) +# define SSL_want_async_job(s) (SSL_want(s) == SSL_ASYNC_NO_JOBS) +# define SSL_want_client_hello_cb(s) (SSL_want(s) == SSL_CLIENT_HELLO_CB) # define SSL_MAC_FLAG_READ_MAC_STREAM 1 # define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 +/* + * A callback for logging out TLS key material. This callback should log out + * |line| followed by a newline. + */ +typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line); + +/* + * SSL_CTX_set_keylog_callback configures a callback to log key material. This + * is intended for debugging use with tools like Wireshark. The cb function + * should log line followed by a newline. + */ +void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb); + +/* + * SSL_CTX_get_keylog_callback returns the callback configured by + * SSL_CTX_set_keylog_callback. + */ +SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx); + +int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data); +uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx); +int SSL_set_max_early_data(SSL *s, uint32_t max_early_data); +uint32_t SSL_get_max_early_data(const SSL *s); +int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data); +uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx); +int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data); +uint32_t SSL_get_recv_max_early_data(const SSL *s); + #ifdef __cplusplus } #endif @@ -846,14 +946,22 @@ DEFINE_STACK_OF_CONST(SSL_CIPHER) DEFINE_STACK_OF(SSL_COMP) /* compatibility */ -# define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg)) +# define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)(arg))) # define SSL_get_app_data(s) (SSL_get_ex_data(s,0)) -# define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0,(char *)a)) +# define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0, \ + (char *)(a))) # define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0)) # define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0)) -# define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0,(char *)arg)) +# define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0, \ + (char *)(arg))) DEPRECATEDIN_1_1_0(void SSL_set_debug(SSL *s, int debug)) +/* TLSv1.3 KeyUpdate message types */ +/* -1 used so that this is an invalid value for the on-the-wire protocol */ +#define SSL_KEY_UPDATE_NONE -1 +/* Values as defined for the on-the-wire protocol */ +#define SSL_KEY_UPDATE_NOT_REQUESTED 0 +#define SSL_KEY_UPDATE_REQUESTED 1 /* * The valid handshake states (one for each type message sent and one for each @@ -904,7 +1012,20 @@ typedef enum { TLS_ST_SW_SESSION_TICKET, TLS_ST_SW_CERT_STATUS, TLS_ST_SW_CHANGE, - TLS_ST_SW_FINISHED + TLS_ST_SW_FINISHED, + TLS_ST_SW_ENCRYPTED_EXTENSIONS, + TLS_ST_CR_ENCRYPTED_EXTENSIONS, + TLS_ST_CR_CERT_VRFY, + TLS_ST_SW_CERT_VRFY, + TLS_ST_CR_HELLO_REQ, + TLS_ST_SW_KEY_UPDATE, + TLS_ST_CW_KEY_UPDATE, + TLS_ST_SR_KEY_UPDATE, + TLS_ST_CR_KEY_UPDATE, + TLS_ST_EARLY_DATA, + TLS_ST_PENDING_EARLY_DATA_END, + TLS_ST_CW_END_OF_EARLY_DATA, + TLS_ST_SR_END_OF_EARLY_DATA } OSSL_HANDSHAKE_STATE; /* @@ -937,9 +1058,9 @@ typedef enum { /* Is the SSL_connection established? */ # define SSL_in_connect_init(a) (SSL_in_init(a) && !SSL_is_server(a)) # define SSL_in_accept_init(a) (SSL_in_init(a) && SSL_is_server(a)) -int SSL_in_init(SSL *s); -int SSL_in_before(SSL *s); -int SSL_is_init_finished(SSL *s); +int SSL_in_init(const SSL *s); +int SSL_in_before(const SSL *s); +int SSL_is_init_finished(const SSL *s); /* * The following 3 states are kept in ssl->rlayer.rstate when reads fail, you @@ -959,13 +1080,14 @@ size_t SSL_get_finished(const SSL *s, void *buf, size_t count); size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); /* - * use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options are + * use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 3 options are * 'ored' with SSL_VERIFY_PEER if they are desired */ # define SSL_VERIFY_NONE 0x00 # define SSL_VERIFY_PEER 0x01 # define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 # define SSL_VERIFY_CLIENT_ONCE 0x04 +# define SSL_VERIFY_POST_HANDSHAKE 0x08 # if OPENSSL_API_COMPAT < 0x10100000L # define OpenSSL_add_ssl_algorithms() SSL_library_init() @@ -1030,6 +1152,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR # define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED # define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION +# define SSL_AD_MISSING_EXTENSION TLS13_AD_MISSING_EXTENSION +# define SSL_AD_CERTIFICATE_REQUIRED TLS13_AD_CERTIFICATE_REQUIRED # define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION # define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE # define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME @@ -1052,6 +1176,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_ERROR_WANT_ACCEPT 8 # define SSL_ERROR_WANT_ASYNC 9 # define SSL_ERROR_WANT_ASYNC_JOB 10 +# define SSL_ERROR_WANT_CLIENT_HELLO_CB 11 # define SSL_CTRL_SET_TMP_DH 3 # define SSL_CTRL_SET_TMP_ECDH 4 # define SSL_CTRL_SET_TMP_DH_CB 6 @@ -1130,10 +1255,10 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 # define SSL_CTRL_CHAIN 88 # define SSL_CTRL_CHAIN_CERT 89 -# define SSL_CTRL_GET_CURVES 90 -# define SSL_CTRL_SET_CURVES 91 -# define SSL_CTRL_SET_CURVES_LIST 92 -# define SSL_CTRL_GET_SHARED_CURVE 93 +# define SSL_CTRL_GET_GROUPS 90 +# define SSL_CTRL_SET_GROUPS 91 +# define SSL_CTRL_SET_GROUPS_LIST 92 +# define SSL_CTRL_GET_SHARED_GROUP 93 # define SSL_CTRL_SET_SIGALGS 97 # define SSL_CTRL_SET_SIGALGS_LIST 98 # define SSL_CTRL_CERT_FLAGS 99 @@ -1146,7 +1271,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_CTRL_SET_VERIFY_CERT_STORE 106 # define SSL_CTRL_SET_CHAIN_CERT_STORE 107 # define SSL_CTRL_GET_PEER_SIGNATURE_NID 108 -# define SSL_CTRL_GET_SERVER_TMP_KEY 109 +# define SSL_CTRL_GET_PEER_TMP_KEY 109 # define SSL_CTRL_GET_RAW_CIPHERLIST 110 # define SSL_CTRL_GET_EC_POINT_FORMATS 111 # define SSL_CTRL_GET_CHAIN_CERTS 115 @@ -1165,11 +1290,13 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129 # define SSL_CTRL_GET_MIN_PROTO_VERSION 130 # define SSL_CTRL_GET_MAX_PROTO_VERSION 131 +# define SSL_CTRL_GET_SIGNATURE_NID 132 +# define SSL_CTRL_GET_TMP_KEY 133 # define SSL_CERT_SET_FIRST 1 # define SSL_CERT_SET_NEXT 2 # define SSL_CERT_SET_SERVER 3 # define DTLSv1_get_timeout(ssl, arg) \ - SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) + SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)(arg)) # define DTLSv1_handle_timeout(ssl) \ SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL) # define SSL_num_renegotiations(ssl) \ @@ -1179,19 +1306,19 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_total_renegotiations(ssl) \ SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL) # define SSL_CTX_set_tmp_dh(ctx,dh) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)(dh)) # define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh)) # define SSL_CTX_set_dh_auto(ctx, onoff) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_DH_AUTO,onoff,NULL) # define SSL_set_dh_auto(s, onoff) \ SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL) # define SSL_set_tmp_dh(ssl,dh) \ - SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh) + SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)(dh)) # define SSL_set_tmp_ecdh(ssl,ecdh) \ - SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) + SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh)) # define SSL_CTX_add_extra_chain_cert(ctx,x509) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) + SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)(x509)) # define SSL_CTX_get_extra_chain_certs(ctx,px509) \ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509) # define SSL_CTX_get_extra_chain_certs_only(ctx,px509) \ @@ -1199,13 +1326,13 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_CTX_clear_extra_chain_certs(ctx) \ SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL) # define SSL_CTX_set0_chain(ctx,sk) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)sk) + SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)(sk)) # define SSL_CTX_set1_chain(ctx,sk) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)sk) + SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)(sk)) # define SSL_CTX_add0_chain_cert(ctx,x509) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)x509) + SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)(x509)) # define SSL_CTX_add1_chain_cert(ctx,x509) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)x509) + SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)(x509)) # define SSL_CTX_get0_chain_certs(ctx,px509) \ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERTS,0,px509) # define SSL_CTX_clear_chain_certs(ctx) \ @@ -1213,25 +1340,25 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_CTX_build_cert_chain(ctx, flags) \ SSL_CTX_ctrl(ctx,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL) # define SSL_CTX_select_current_cert(ctx,x509) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)x509) + SSL_CTX_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)(x509)) # define SSL_CTX_set_current_cert(ctx, op) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL) # define SSL_CTX_set0_verify_cert_store(ctx,st) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)st) + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st)) # define SSL_CTX_set1_verify_cert_store(ctx,st) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)st) + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st)) # define SSL_CTX_set0_chain_cert_store(ctx,st) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)st) + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st)) # define SSL_CTX_set1_chain_cert_store(ctx,st) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)st) + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st)) # define SSL_set0_chain(ctx,sk) \ - SSL_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)sk) + SSL_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)(sk)) # define SSL_set1_chain(ctx,sk) \ - SSL_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)sk) + SSL_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)(sk)) # define SSL_add0_chain_cert(ctx,x509) \ - SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)x509) + SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)(x509)) # define SSL_add1_chain_cert(ctx,x509) \ - SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)x509) + SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)(x509)) # define SSL_get0_chain_certs(ctx,px509) \ SSL_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERTS,0,px509) # define SSL_clear_chain_certs(ctx) \ @@ -1239,92 +1366,119 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_build_cert_chain(s, flags) \ SSL_ctrl(s,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL) # define SSL_select_current_cert(ctx,x509) \ - SSL_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)x509) + SSL_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)(x509)) # define SSL_set_current_cert(ctx,op) \ SSL_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL) # define SSL_set0_verify_cert_store(s,st) \ - SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)st) + SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st)) # define SSL_set1_verify_cert_store(s,st) \ - SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)st) + SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st)) # define SSL_set0_chain_cert_store(s,st) \ - SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)st) + SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st)) # define SSL_set1_chain_cert_store(s,st) \ - SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)st) -# define SSL_get1_curves(ctx, s) \ - SSL_ctrl(ctx,SSL_CTRL_GET_CURVES,0,(char *)s) -# define SSL_CTX_set1_curves(ctx, clist, clistlen) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURVES,clistlen,(char *)clist) -# define SSL_CTX_set1_curves_list(ctx, s) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURVES_LIST,0,(char *)s) -# define SSL_set1_curves(ctx, clist, clistlen) \ - SSL_ctrl(ctx,SSL_CTRL_SET_CURVES,clistlen,(char *)clist) -# define SSL_set1_curves_list(ctx, s) \ - SSL_ctrl(ctx,SSL_CTRL_SET_CURVES_LIST,0,(char *)s) -# define SSL_get_shared_curve(s, n) \ - SSL_ctrl(s,SSL_CTRL_GET_SHARED_CURVE,n,NULL) + SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st)) +# define SSL_get1_groups(ctx, s) \ + SSL_ctrl(ctx,SSL_CTRL_GET_GROUPS,0,(char *)(s)) +# define SSL_CTX_set1_groups(ctx, glist, glistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(char *)(glist)) +# define SSL_CTX_set1_groups_list(ctx, s) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(s)) +# define SSL_set1_groups(ctx, glist, glistlen) \ + SSL_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(char *)(glist)) +# define SSL_set1_groups_list(ctx, s) \ + SSL_ctrl(ctx,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(s)) +# define SSL_get_shared_group(s, n) \ + SSL_ctrl(s,SSL_CTRL_GET_SHARED_GROUP,n,NULL) # define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)slist) + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist)) # define SSL_CTX_set1_sigalgs_list(ctx, s) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s) + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)(s)) # define SSL_set1_sigalgs(ctx, slist, slistlen) \ - SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)slist) + SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist)) # define SSL_set1_sigalgs_list(ctx, s) \ - SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s) + SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)(s)) # define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)slist) + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)(slist)) # define SSL_CTX_set1_client_sigalgs_list(ctx, s) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)s) + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)(s)) # define SSL_set1_client_sigalgs(ctx, slist, slistlen) \ - SSL_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,clistlen,(int *)slist) + SSL_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,clistlen,(int *)(slist)) # define SSL_set1_client_sigalgs_list(ctx, s) \ - SSL_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)s) + SSL_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)(s)) # define SSL_get0_certificate_types(s, clist) \ - SSL_ctrl(s, SSL_CTRL_GET_CLIENT_CERT_TYPES, 0, (char *)clist) + SSL_ctrl(s, SSL_CTRL_GET_CLIENT_CERT_TYPES, 0, (char *)(clist)) # define SSL_CTX_set1_client_certificate_types(ctx, clist, clistlen) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)clist) + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen, \ + (char *)(clist)) # define SSL_set1_client_certificate_types(s, clist, clistlen) \ - SSL_ctrl(s,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)clist) + SSL_ctrl(s,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)(clist)) +# define SSL_get_signature_nid(s, pn) \ + SSL_ctrl(s,SSL_CTRL_GET_SIGNATURE_NID,0,pn) # define SSL_get_peer_signature_nid(s, pn) \ SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NID,0,pn) -# define SSL_get_server_tmp_key(s, pk) \ - SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk) +# define SSL_get_peer_tmp_key(s, pk) \ + SSL_ctrl(s,SSL_CTRL_GET_PEER_TMP_KEY,0,pk) +# define SSL_get_tmp_key(s, pk) \ + SSL_ctrl(s,SSL_CTRL_GET_TMP_KEY,0,pk) # define SSL_get0_raw_cipherlist(s, plst) \ SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,plst) # define SSL_get0_ec_point_formats(s, plst) \ SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,plst) -#define SSL_CTX_set_min_proto_version(ctx, version) \ +# define SSL_CTX_set_min_proto_version(ctx, version) \ SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) -#define SSL_CTX_set_max_proto_version(ctx, version) \ +# define SSL_CTX_set_max_proto_version(ctx, version) \ SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) -#define SSL_CTX_get_min_proto_version(ctx) \ +# define SSL_CTX_get_min_proto_version(ctx) \ SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL) -#define SSL_CTX_get_max_proto_version(ctx) \ +# define SSL_CTX_get_max_proto_version(ctx) \ SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) -#define SSL_set_min_proto_version(s, version) \ +# define SSL_set_min_proto_version(s, version) \ SSL_ctrl(s, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) -#define SSL_set_max_proto_version(s, version) \ +# define SSL_set_max_proto_version(s, version) \ SSL_ctrl(s, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) -#define SSL_get_min_proto_version(s) \ +# define SSL_get_min_proto_version(s) \ SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL) -#define SSL_get_max_proto_version(s) \ +# define SSL_get_max_proto_version(s) \ SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) -#if OPENSSL_API_COMPAT < 0x10100000L +/* Backwards compatibility, original 1.1.0 names */ +# define SSL_CTRL_GET_SERVER_TMP_KEY \ + SSL_CTRL_GET_PEER_TMP_KEY +# define SSL_get_server_tmp_key(s, pk) \ + SSL_get_peer_tmp_key(s, pk) + +/* + * The following symbol names are old and obsolete. They are kept + * for compatibility reasons only and should not be used anymore. + */ +# define SSL_CTRL_GET_CURVES SSL_CTRL_GET_GROUPS +# define SSL_CTRL_SET_CURVES SSL_CTRL_SET_GROUPS +# define SSL_CTRL_SET_CURVES_LIST SSL_CTRL_SET_GROUPS_LIST +# define SSL_CTRL_GET_SHARED_CURVE SSL_CTRL_GET_SHARED_GROUP + +# define SSL_get1_curves SSL_get1_groups +# define SSL_CTX_set1_curves SSL_CTX_set1_groups +# define SSL_CTX_set1_curves_list SSL_CTX_set1_groups_list +# define SSL_set1_curves SSL_set1_groups +# define SSL_set1_curves_list SSL_set1_groups_list +# define SSL_get_shared_curve SSL_get_shared_group + + +# if OPENSSL_API_COMPAT < 0x10100000L /* Provide some compatibility macros for removed functionality. */ -# define SSL_CTX_need_tmp_RSA(ctx) 0 -# define SSL_CTX_set_tmp_rsa(ctx,rsa) 1 -# define SSL_need_tmp_RSA(ssl) 0 -# define SSL_set_tmp_rsa(ssl,rsa) 1 -# define SSL_CTX_set_ecdh_auto(dummy, onoff) ((onoff) != 0) -# define SSL_set_ecdh_auto(dummy, onoff) ((onoff) != 0) +# define SSL_CTX_need_tmp_RSA(ctx) 0 +# define SSL_CTX_set_tmp_rsa(ctx,rsa) 1 +# define SSL_need_tmp_RSA(ssl) 0 +# define SSL_set_tmp_rsa(ssl,rsa) 1 +# define SSL_CTX_set_ecdh_auto(dummy, onoff) ((onoff) != 0) +# define SSL_set_ecdh_auto(dummy, onoff) ((onoff) != 0) /* * We "pretend" to call the callback to avoid warnings about unused static * functions. */ -# define SSL_CTX_set_tmp_rsa_callback(ctx, cb) while(0) (cb)(NULL, 0, 0) -# define SSL_set_tmp_rsa_callback(ssl, cb) while(0) (cb)(NULL, 0, 0) -#endif - +# define SSL_CTX_set_tmp_rsa_callback(ctx, cb) while(0) (cb)(NULL, 0, 0) +# define SSL_set_tmp_rsa_callback(ssl, cb) while(0) (cb)(NULL, 0, 0) +# endif __owur const BIO_METHOD *BIO_f_ssl(void); __owur BIO *BIO_new_ssl(SSL_CTX *ctx, int client); __owur BIO *BIO_new_ssl_connect(SSL_CTX *ctx); @@ -1340,18 +1494,24 @@ __owur long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); __owur long SSL_CTX_get_timeout(const SSL_CTX *ctx); __owur X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *); +void SSL_CTX_set1_cert_store(SSL_CTX *, X509_STORE *); __owur int SSL_want(const SSL *s); __owur int SSL_clear(SSL *s); void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); __owur const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); +__owur const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s); __owur int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits); __owur const char *SSL_CIPHER_get_version(const SSL_CIPHER *c); __owur const char *SSL_CIPHER_get_name(const SSL_CIPHER *c); +__owur const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c); +__owur const char *OPENSSL_cipher_name(const char *rfc_name); __owur uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c); +__owur uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c); __owur int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c); __owur int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c); +__owur const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c); __owur int SSL_CIPHER_is_aead(const SSL_CIPHER *c); __owur int SSL_get_fd(const SSL *s); @@ -1373,6 +1533,8 @@ void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio); __owur BIO *SSL_get_rbio(const SSL *s); __owur BIO *SSL_get_wbio(const SSL *s); __owur int SSL_set_cipher_list(SSL *s, const char *str); +__owur int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str); +__owur int SSL_set_ciphersuites(SSL *s, const char *str); void SSL_set_read_ahead(SSL *s, int yes); __owur int SSL_get_verify_mode(const SSL *s); __owur int SSL_get_verify_depth(const SSL *s); @@ -1382,17 +1544,28 @@ void SSL_set_verify_depth(SSL *s, int depth); void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg); # ifndef OPENSSL_NO_RSA __owur int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); -__owur int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long len); +__owur int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, + long len); # endif __owur int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); __owur int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, - long len); + long len); __owur int SSL_use_certificate(SSL *ssl, X509 *x); __owur int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); +__owur int SSL_use_cert_and_key(SSL *ssl, X509 *x509, EVP_PKEY *privatekey, + STACK_OF(X509) *chain, int override); + + +/* serverinfo file format versions */ +# define SSL_SERVERINFOV1 1 +# define SSL_SERVERINFOV2 2 /* Set serverinfo data for the current active cert. */ __owur int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, - size_t serverinfo_length); + size_t serverinfo_length); +__owur int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version, + const unsigned char *serverinfo, + size_t serverinfo_length); __owur int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); #ifndef OPENSSL_NO_RSA @@ -1403,24 +1576,27 @@ __owur int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); __owur int SSL_use_certificate_file(SSL *ssl, const char *file, int type); #ifndef OPENSSL_NO_RSA -__owur int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); +__owur int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, + int type); #endif -__owur int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); -__owur int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); +__owur int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, + int type); +__owur int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, + int type); /* PEM type */ __owur int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); __owur int SSL_use_certificate_chain_file(SSL *ssl, const char *file); __owur STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); __owur int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, - const char *file); + const char *file); int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, const char *dir); -#if OPENSSL_API_COMPAT < 0x10100000L -# define SSL_load_error_strings() \ +# if OPENSSL_API_COMPAT < 0x10100000L +# define SSL_load_error_strings() \ OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \ | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) -#endif +# endif __owur const char *SSL_state_string(const SSL *s); __owur const char *SSL_rstate_string(const SSL *s); @@ -1431,24 +1607,40 @@ __owur long SSL_SESSION_set_time(SSL_SESSION *s, long t); __owur long SSL_SESSION_get_timeout(const SSL_SESSION *s); __owur long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); __owur int SSL_SESSION_get_protocol_version(const SSL_SESSION *s); +__owur int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version); + __owur const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s); +__owur int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname); +void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s, + const unsigned char **alpn, + size_t *len); +__owur int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, + const unsigned char *alpn, + size_t len); __owur const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s); +__owur int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher); __owur int SSL_SESSION_has_ticket(const SSL_SESSION *s); __owur unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s); void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick, - size_t *len); + size_t *len); +__owur uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s); +__owur int SSL_SESSION_set_max_early_data(SSL_SESSION *s, + uint32_t max_early_data); __owur int SSL_copy_session_id(SSL *to, const SSL *from); __owur X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); -__owur int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, - unsigned int sid_ctx_len); +__owur int SSL_SESSION_set1_id_context(SSL_SESSION *s, + const unsigned char *sid_ctx, + unsigned int sid_ctx_len); __owur int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, unsigned int sid_len); +__owur int SSL_SESSION_is_resumable(const SSL_SESSION *s); __owur SSL_SESSION *SSL_SESSION_new(void); +__owur SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *src); const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len); const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s, - unsigned int *len); + unsigned int *len); __owur unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); # ifndef OPENSSL_NO_STDIO int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses); @@ -1459,12 +1651,13 @@ int SSL_SESSION_up_ref(SSL_SESSION *ses); void SSL_SESSION_free(SSL_SESSION *ses); __owur int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); __owur int SSL_set_session(SSL *to, SSL_SESSION *session); -int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); -int SSL_CTX_remove_session(SSL_CTX *, SSL_SESSION *c); -__owur int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB); -__owur int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB); -__owur int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, - unsigned int id_len); +int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *session); +int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *session); +__owur int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb); +__owur int SSL_set_generate_session_id(SSL *s, GEN_SESSION_CB cb); +__owur int SSL_has_matching_session_id(const SSL *s, + const unsigned char *id, + unsigned int id_len); SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length); @@ -1487,14 +1680,16 @@ void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), # ifndef OPENSSL_NO_RSA __owur int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); __owur int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, - long len); + long len); # endif __owur int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); __owur int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, - const unsigned char *d, long len); + const unsigned char *d, long len); __owur int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); __owur int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, - const unsigned char *d); + const unsigned char *d); +__owur int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey, + STACK_OF(X509) *chain, int override); void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); @@ -1508,19 +1703,20 @@ void *SSL_get_default_passwd_cb_userdata(SSL *s); __owur int SSL_CTX_check_private_key(const SSL_CTX *ctx); __owur int SSL_check_private_key(const SSL *ctx); -__owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, - unsigned int sid_ctx_len); +__owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx, + const unsigned char *sid_ctx, + unsigned int sid_ctx_len); SSL *SSL_new(SSL_CTX *ctx); int SSL_up_ref(SSL *s); int SSL_is_dtls(const SSL *s); __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, - unsigned int sid_ctx_len); + unsigned int sid_ctx_len); -__owur int SSL_CTX_set_purpose(SSL_CTX *s, int purpose); -__owur int SSL_set_purpose(SSL *s, int purpose); -__owur int SSL_CTX_set_trust(SSL_CTX *s, int trust); -__owur int SSL_set_trust(SSL *s, int trust); +__owur int SSL_CTX_set_purpose(SSL_CTX *ctx, int purpose); +__owur int SSL_set_purpose(SSL *ssl, int purpose); +__owur int SSL_CTX_set_trust(SSL_CTX *ctx, int trust); +__owur int SSL_set_trust(SSL *ssl, int trust); __owur int SSL_set1_host(SSL *s, const char *hostname); __owur int SSL_add1_host(SSL *s, const char *hostname); @@ -1580,6 +1776,28 @@ __owur char *SSL_get_srp_username(SSL *s); __owur char *SSL_get_srp_userinfo(SSL *s); # endif +/* + * ClientHello callback and helpers. + */ + +# define SSL_CLIENT_HELLO_SUCCESS 1 +# define SSL_CLIENT_HELLO_ERROR 0 +# define SSL_CLIENT_HELLO_RETRY (-1) + +typedef int (*SSL_client_hello_cb_fn) (SSL *s, int *al, void *arg); +void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb, + void *arg); +int SSL_client_hello_isv2(SSL *s); +unsigned int SSL_client_hello_get0_legacy_version(SSL *s); +size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out); +size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out); +size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out); +size_t SSL_client_hello_get0_compression_methods(SSL *s, + const unsigned char **out); +int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen); +int SSL_client_hello_get0_ext(SSL *s, unsigned int type, + const unsigned char **out, size_t *outlen); + void SSL_certs_clear(SSL *s); void SSL_free(SSL *ssl); # ifdef OSSL_ASYNC_FD @@ -1593,15 +1811,34 @@ __owur int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, size_t *numdelfds); # endif __owur int SSL_accept(SSL *ssl); +__owur int SSL_stateless(SSL *s); __owur int SSL_connect(SSL *ssl); __owur int SSL_read(SSL *ssl, void *buf, int num); +__owur int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); + +# define SSL_READ_EARLY_DATA_ERROR 0 +# define SSL_READ_EARLY_DATA_SUCCESS 1 +# define SSL_READ_EARLY_DATA_FINISH 2 + +__owur int SSL_read_early_data(SSL *s, void *buf, size_t num, + size_t *readbytes); __owur int SSL_peek(SSL *ssl, void *buf, int num); +__owur int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); __owur int SSL_write(SSL *ssl, const void *buf, int num); +__owur int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written); +__owur int SSL_write_early_data(SSL *s, const void *buf, size_t num, + size_t *written); long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); long SSL_callback_ctrl(SSL *, int, void (*)(void)); long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); +# define SSL_EARLY_DATA_NOT_SENT 0 +# define SSL_EARLY_DATA_REJECTED 1 +# define SSL_EARLY_DATA_ACCEPTED 2 + +__owur int SSL_get_early_data_status(const SSL *s); + __owur int SSL_get_error(const SSL *s, int ret_code); __owur const char *SSL_get_version(const SSL *s); @@ -1610,8 +1847,8 @@ __owur int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); # ifndef OPENSSL_NO_SSL3_METHOD DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_method(void)) /* SSLv3 */ -DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_server_method(void)) /* SSLv3 */ -DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_client_method(void)) /* SSLv3 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_client_method(void)) # endif #define SSLv23_method TLS_method @@ -1625,48 +1862,56 @@ __owur const SSL_METHOD *TLS_client_method(void); # ifndef OPENSSL_NO_TLS1_METHOD DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_method(void)) /* TLSv1.0 */ -DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_server_method(void)) /* TLSv1.0 */ -DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_client_method(void)) /* TLSv1.0 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_client_method(void)) # endif # ifndef OPENSSL_NO_TLS1_1_METHOD DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_method(void)) /* TLSv1.1 */ -DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_server_method(void)) /* TLSv1.1 */ -DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_client_method(void)) /* TLSv1.1 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_client_method(void)) # endif # ifndef OPENSSL_NO_TLS1_2_METHOD DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_method(void)) /* TLSv1.2 */ -DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_server_method(void)) /* TLSv1.2 */ -DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_client_method(void)) /* TLSv1.2 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_client_method(void)) # endif # ifndef OPENSSL_NO_DTLS1_METHOD DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_method(void)) /* DTLSv1.0 */ -DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_server_method(void)) /* DTLSv1.0 */ -DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_client_method(void)) /* DTLSv1.0 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_client_method(void)) # endif # ifndef OPENSSL_NO_DTLS1_2_METHOD -DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_method(void)) /* DTLSv1.2 */ -DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_server_method(void)) /* DTLSv1.2 */ -DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_client_method(void)) /* DTLSv1.2 */ -#endif +/* DTLSv1.2 */ +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_server_method(void)) +DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_client_method(void)) +# endif __owur const SSL_METHOD *DTLS_method(void); /* DTLS 1.0 and 1.2 */ __owur const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */ __owur const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */ +__owur size_t DTLS_get_data_mtu(const SSL *s); + __owur STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); __owur STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx); __owur STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s); __owur STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s); __owur int SSL_do_handshake(SSL *s); +int SSL_key_update(SSL *s, int updatetype); +int SSL_get_key_update_type(SSL *s); int SSL_renegotiate(SSL *s); -__owur int SSL_renegotiate_abbreviated(SSL *s); +int SSL_renegotiate_abbreviated(SSL *s); __owur int SSL_renegotiate_pending(SSL *s); int SSL_shutdown(SSL *s); +__owur int SSL_verify_client_post_handshake(SSL *s); +void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val); +void SSL_set_post_handshake_auth(SSL *s, int val); __owur const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx); __owur const SSL_METHOD *SSL_get_ssl_method(SSL *s); @@ -1676,6 +1921,14 @@ __owur const char *SSL_alert_type_string(int value); __owur const char *SSL_alert_desc_string_long(int value); __owur const char *SSL_alert_desc_string(int value); +void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); +void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); +__owur const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s); +__owur const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx); +__owur int SSL_add1_to_CA_list(SSL *ssl, const X509 *x); +__owur int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x); +__owur const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s); + void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); __owur STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); @@ -1688,19 +1941,20 @@ void SSL_set_accept_state(SSL *s); __owur long SSL_get_default_timeout(const SSL *s); -#if OPENSSL_API_COMPAT < 0x10100000L -# define SSL_library_init() OPENSSL_init_ssl(0, NULL) -#endif +# if OPENSSL_API_COMPAT < 0x10100000L +# define SSL_library_init() OPENSSL_init_ssl(0, NULL) +# endif __owur char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size); -__owur STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk); +__owur STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk); __owur SSL *SSL_dup(SSL *ssl); __owur X509 *SSL_get_certificate(const SSL *ssl); /* * EVP_PKEY - */ struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl); + */ +struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl); __owur X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx); __owur EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx); @@ -1717,7 +1971,7 @@ __owur int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); __owur int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx); __owur int SSL_CTX_set_default_verify_file(SSL_CTX *ctx); __owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, - const char *CApath); + const char *CApath); # define SSL_get0_session SSL_get_session/* just peek at pointer */ __owur SSL_SESSION *SSL_get_session(const SSL *ssl); __owur SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ @@ -1737,8 +1991,11 @@ __owur size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen); __owur size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen); -__owur size_t SSL_SESSION_get_master_key(const SSL_SESSION *ssl, +__owur size_t SSL_SESSION_get_master_key(const SSL_SESSION *sess, unsigned char *out, size_t outlen); +__owur int SSL_SESSION_set1_master_key(SSL_SESSION *sess, + const unsigned char *in, size_t len); +uint8_t SSL_SESSION_get_max_fragment_length(const SSL_SESSION *sess); #define SSL_get_ex_new_index(l, p, newf, dupf, freef) \ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, l, p, newf, dupf, freef) @@ -1812,26 +2069,30 @@ __owur const char *SSL_COMP_get0_name(const SSL_COMP *comp); __owur int SSL_COMP_get_id(const SSL_COMP *comp); STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); __owur STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) - *meths); -#if OPENSSL_API_COMPAT < 0x10100000L -# define SSL_COMP_free_compression_methods() while(0) continue -#endif + *meths); +# if OPENSSL_API_COMPAT < 0x10100000L +# define SSL_COMP_free_compression_methods() while(0) continue +# endif __owur int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c); int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c); +int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len, + int isv2format, STACK_OF(SSL_CIPHER) **sk, + STACK_OF(SSL_CIPHER) **scsvs); /* TLS extensions functions */ __owur int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len); -__owur int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, - void *arg); +__owur int SSL_set_session_ticket_ext_cb(SSL *s, + tls_session_ticket_ext_cb_fn cb, + void *arg); /* Pre-shared secret session resumption functions */ __owur int SSL_set_session_secret_cb(SSL *s, - tls_session_secret_cb_fn tls_session_secret_cb, - void *arg); + tls_session_secret_cb_fn session_secret_cb, + void *arg); void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, int (*cb) (SSL *ssl, @@ -1840,8 +2101,27 @@ void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, void SSL_set_not_resumable_session_callback(SSL *ssl, int (*cb) (SSL *ssl, - int - is_forward_secure)); + int is_forward_secure)); + +void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx, + size_t (*cb) (SSL *ssl, int type, + size_t len, void *arg)); +void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg); +void *SSL_CTX_get_record_padding_callback_arg(SSL_CTX *ctx); +int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size); + +void SSL_set_record_padding_callback(SSL *ssl, + size_t (*cb) (SSL *ssl, int type, + size_t len, void *arg)); +void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg); +void *SSL_get_record_padding_callback_arg(SSL *ssl); +int SSL_set_block_padding(SSL *ssl, size_t block_size); + +int SSL_set_num_tickets(SSL *s, size_t num_tickets); +size_t SSL_get_num_tickets(SSL *s); +int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets); +size_t SSL_CTX_get_num_tickets(SSL_CTX *ctx); + # if OPENSSL_API_COMPAT < 0x10100000L # define SSL_cache_hit(s) SSL_session_reused(s) # endif @@ -1853,7 +2133,8 @@ __owur __owur SSL_CONF_CTX *SSL_CONF_CTX_new(void); int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx); void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx); unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags); -__owur unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags); +__owur unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, + unsigned int flags); __owur int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre); void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl); @@ -1870,7 +2151,6 @@ int SSL_CTX_config(SSL_CTX *ctx, const char *name); # ifndef OPENSSL_NO_SSL_TRACE void SSL_trace(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); -__owur const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c); # endif # ifndef OPENSSL_NO_SOCK @@ -1885,8 +2165,8 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client); * May return a negative integer if an error occurs. * A connection should be aborted if the SCTs are deemed insufficient. */ -typedef int(*ssl_ct_validation_cb)(const CT_POLICY_EVAL_CTX *ctx, - const STACK_OF(SCT) *scts, void *arg); +typedef int (*ssl_ct_validation_cb)(const CT_POLICY_EVAL_CTX *ctx, + const STACK_OF(SCT) *scts, void *arg); /* * Sets a |callback| that is invoked upon receipt of ServerHelloDone to validate @@ -2036,21 +2316,22 @@ const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx); void SSL_set_security_level(SSL *s, int level); __owur int SSL_get_security_level(const SSL *s); void SSL_set_security_callback(SSL *s, - int (*cb) (const SSL *s, const SSL_CTX *ctx, int op, - int bits, int nid, void *other, - void *ex)); -int (*SSL_get_security_callback(const SSL *s)) (const SSL *s, const SSL_CTX *ctx, int op, - int bits, int nid, - void *other, void *ex); + int (*cb) (const SSL *s, const SSL_CTX *ctx, + int op, int bits, int nid, + void *other, void *ex)); +int (*SSL_get_security_callback(const SSL *s)) (const SSL *s, + const SSL_CTX *ctx, int op, + int bits, int nid, void *other, + void *ex); void SSL_set0_security_ex_data(SSL *s, void *ex); __owur void *SSL_get0_security_ex_data(const SSL *s); void SSL_CTX_set_security_level(SSL_CTX *ctx, int level); __owur int SSL_CTX_get_security_level(const SSL_CTX *ctx); void SSL_CTX_set_security_callback(SSL_CTX *ctx, - int (*cb) (const SSL *s, const SSL_CTX *ctx, int op, - int bits, int nid, void *other, - void *ex)); + int (*cb) (const SSL *s, const SSL_CTX *ctx, + int op, int bits, int nid, + void *other, void *ex)); int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s, const SSL_CTX *ctx, int op, int bits, @@ -2061,10 +2342,10 @@ void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex); __owur void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx); /* OPENSSL_INIT flag 0x010000 reserved for internal use */ -#define OPENSSL_INIT_NO_LOAD_SSL_STRINGS 0x00100000L -#define OPENSSL_INIT_LOAD_SSL_STRINGS 0x00200000L +# define OPENSSL_INIT_NO_LOAD_SSL_STRINGS 0x00100000L +# define OPENSSL_INIT_LOAD_SSL_STRINGS 0x00200000L -#define OPENSSL_INIT_SSL_DEFAULT \ +# define OPENSSL_INIT_SSL_DEFAULT \ (OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS) int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); @@ -2073,493 +2354,70 @@ int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); __owur const struct openssl_ssl_test_functions *SSL_test_functions(void); # endif +__owur int SSL_free_buffers(SSL *ssl); +__owur int SSL_alloc_buffers(SSL *ssl); + +/* Status codes passed to the decrypt session ticket callback. Some of these + * are for internal use only and are never passed to the callback. */ +typedef int SSL_TICKET_STATUS; + +/* Support for ticket appdata */ +/* fatal error, malloc failure */ +# define SSL_TICKET_FATAL_ERR_MALLOC 0 +/* fatal error, either from parsing or decrypting the ticket */ +# define SSL_TICKET_FATAL_ERR_OTHER 1 +/* No ticket present */ +# define SSL_TICKET_NONE 2 +/* Empty ticket present */ +# define SSL_TICKET_EMPTY 3 +/* the ticket couldn't be decrypted */ +# define SSL_TICKET_NO_DECRYPT 4 +/* a ticket was successfully decrypted */ +# define SSL_TICKET_SUCCESS 5 +/* same as above but the ticket needs to be renewed */ +# define SSL_TICKET_SUCCESS_RENEW 6 + +/* Return codes for the decrypt session ticket callback */ +typedef int SSL_TICKET_RETURN; + +/* An error occurred */ +#define SSL_TICKET_RETURN_ABORT 0 +/* Do not use the ticket, do not send a renewed ticket to the client */ +#define SSL_TICKET_RETURN_IGNORE 1 +/* Do not use the ticket, send a renewed ticket to the client */ +#define SSL_TICKET_RETURN_IGNORE_RENEW 2 +/* Use the ticket, do not send a renewed ticket to the client */ +#define SSL_TICKET_RETURN_USE 3 +/* Use the ticket, send a renewed ticket to the client */ +#define SSL_TICKET_RETURN_USE_RENEW 4 + +typedef int (*SSL_CTX_generate_session_ticket_fn)(SSL *s, void *arg); +typedef SSL_TICKET_RETURN (*SSL_CTX_decrypt_session_ticket_fn)(SSL *s, SSL_SESSION *ss, + const unsigned char *keyname, + size_t keyname_length, + SSL_TICKET_STATUS status, + void *arg); +int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx, + SSL_CTX_generate_session_ticket_fn gen_cb, + SSL_CTX_decrypt_session_ticket_fn dec_cb, + void *arg); +int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len); +int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len); + extern const char SSL_version_str[]; -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ +typedef unsigned int (*DTLS_timer_cb)(SSL *s, unsigned int timer_us); + +void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb); + -int ERR_load_SSL_strings(void); - -/* Error codes for the SSL functions. */ - -/* Function codes. */ -# define SSL_F_CHECK_SUITEB_CIPHER_LIST 331 -# define SSL_F_CT_MOVE_SCTS 345 -# define SSL_F_CT_STRICT 349 -# define SSL_F_D2I_SSL_SESSION 103 -# define SSL_F_DANE_CTX_ENABLE 347 -# define SSL_F_DANE_MTYPE_SET 393 -# define SSL_F_DANE_TLSA_ADD 394 -# define SSL_F_DO_DTLS1_WRITE 245 -# define SSL_F_DO_SSL3_WRITE 104 -# define SSL_F_DTLS1_BUFFER_RECORD 247 -# define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 318 -# define SSL_F_DTLS1_HEARTBEAT 305 -# define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288 -# define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS 424 -# define SSL_F_DTLS1_PROCESS_RECORD 257 -# define SSL_F_DTLS1_READ_BYTES 258 -# define SSL_F_DTLS1_READ_FAILED 339 -# define SSL_F_DTLS1_RETRANSMIT_MESSAGE 390 -# define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268 -# define SSL_F_DTLSV1_LISTEN 350 -# define SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC 371 -# define SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST 385 -# define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE 370 -# define SSL_F_DTLS_PROCESS_HELLO_VERIFY 386 -# define SSL_F_DTLS_WAIT_FOR_DRY 592 -# define SSL_F_OPENSSL_INIT_SSL 342 -# define SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION 417 -# define SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION 418 -# define SSL_F_READ_STATE_MACHINE 352 -# define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 -# define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 -# define SSL_F_SSL3_CTRL 213 -# define SSL_F_SSL3_CTX_CTRL 133 -# define SSL_F_SSL3_DIGEST_CACHED_RECORDS 293 -# define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292 -# define SSL_F_SSL3_FINAL_FINISH_MAC 285 -# define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 -# define SSL_F_SSL3_GENERATE_MASTER_SECRET 388 -# define SSL_F_SSL3_GET_RECORD 143 -# define SSL_F_SSL3_INIT_FINISHED_MAC 397 -# define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 -# define SSL_F_SSL3_READ_BYTES 148 -# define SSL_F_SSL3_READ_N 149 -# define SSL_F_SSL3_SETUP_KEY_BLOCK 157 -# define SSL_F_SSL3_SETUP_READ_BUFFER 156 -# define SSL_F_SSL3_SETUP_WRITE_BUFFER 291 -# define SSL_F_SSL3_TAKE_MAC 425 -# define SSL_F_SSL3_WRITE_BYTES 158 -# define SSL_F_SSL3_WRITE_PENDING 159 -# define SSL_F_SSL_ADD_CERT_CHAIN 316 -# define SSL_F_SSL_ADD_CERT_TO_BUF 319 -# define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 298 -# define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 277 -# define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT 307 -# define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215 -# define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216 -# define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 299 -# define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 278 -# define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT 308 -# define SSL_F_SSL_BAD_METHOD 160 -# define SSL_F_SSL_BUILD_CERT_CHAIN 332 -# define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 -# define SSL_F_SSL_CERT_ADD0_CHAIN_CERT 346 -# define SSL_F_SSL_CERT_DUP 221 -# define SSL_F_SSL_CERT_NEW 162 -# define SSL_F_SSL_CERT_SET0_CHAIN 340 -# define SSL_F_SSL_CHECK_PRIVATE_KEY 163 -# define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 280 -# define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG 279 -# define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230 -# define SSL_F_SSL_CIPHER_STRENGTH_SORT 231 -# define SSL_F_SSL_CLEAR 164 -# define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165 -# define SSL_F_SSL_CONF_CMD 334 -# define SSL_F_SSL_CREATE_CIPHER_LIST 166 -# define SSL_F_SSL_CTRL 232 -# define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 -# define SSL_F_SSL_CTX_ENABLE_CT 398 -# define SSL_F_SSL_CTX_MAKE_PROFILES 309 -# define SSL_F_SSL_CTX_NEW 169 -# define SSL_F_SSL_CTX_SET_ALPN_PROTOS 343 -# define SSL_F_SSL_CTX_SET_CIPHER_LIST 269 -# define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 290 -# define SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK 396 -# define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 -# define SSL_F_SSL_CTX_SET_SSL_VERSION 170 -# define SSL_F_SSL_CTX_USE_CERTIFICATE 171 -# define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172 -# define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173 -# define SSL_F_SSL_CTX_USE_PRIVATEKEY 174 -# define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175 -# define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176 -# define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT 272 -# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177 -# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178 -# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179 -# define SSL_F_SSL_CTX_USE_SERVERINFO 336 -# define SSL_F_SSL_CTX_USE_SERVERINFO_FILE 337 -# define SSL_F_SSL_DANE_DUP 403 -# define SSL_F_SSL_DANE_ENABLE 395 -# define SSL_F_SSL_DO_CONFIG 391 -# define SSL_F_SSL_DO_HANDSHAKE 180 -# define SSL_F_SSL_DUP_CA_LIST 408 -# define SSL_F_SSL_ENABLE_CT 402 -# define SSL_F_SSL_GET_NEW_SESSION 181 -# define SSL_F_SSL_GET_PREV_SESSION 217 -# define SSL_F_SSL_GET_SERVER_CERT_INDEX 322 -# define SSL_F_SSL_GET_SIGN_PKEY 183 -# define SSL_F_SSL_INIT_WBIO_BUFFER 184 -# define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 -# define SSL_F_SSL_MODULE_INIT 392 -# define SSL_F_SSL_NEW 186 -# define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300 -# define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302 -# define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT 310 -# define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 301 -# define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303 -# define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311 -# define SSL_F_SSL_PEEK 270 -# define SSL_F_SSL_READ 223 -# define SSL_F_SSL_RENEGOTIATE 516 -# define SSL_F_SSL_RENEGOTIATE_ABBREVIATED 546 -# define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 320 -# define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 321 -# define SSL_F_SSL_SESSION_DUP 348 -# define SSL_F_SSL_SESSION_NEW 189 -# define SSL_F_SSL_SESSION_PRINT_FP 190 -# define SSL_F_SSL_SESSION_SET1_ID 423 -# define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312 -# define SSL_F_SSL_SET_ALPN_PROTOS 344 -# define SSL_F_SSL_SET_CERT 191 -# define SSL_F_SSL_SET_CIPHER_LIST 271 -# define SSL_F_SSL_SET_CT_VALIDATION_CALLBACK 399 -# define SSL_F_SSL_SET_FD 192 -# define SSL_F_SSL_SET_PKEY 193 -# define SSL_F_SSL_SET_RFD 194 -# define SSL_F_SSL_SET_SESSION 195 -# define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218 -# define SSL_F_SSL_SET_SESSION_TICKET_EXT 294 -# define SSL_F_SSL_SET_WFD 196 -# define SSL_F_SSL_SHUTDOWN 224 -# define SSL_F_SSL_SRP_CTX_INIT 313 -# define SSL_F_SSL_START_ASYNC_JOB 389 -# define SSL_F_SSL_UNDEFINED_FUNCTION 197 -# define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244 -# define SSL_F_SSL_USE_CERTIFICATE 198 -# define SSL_F_SSL_USE_CERTIFICATE_ASN1 199 -# define SSL_F_SSL_USE_CERTIFICATE_FILE 200 -# define SSL_F_SSL_USE_PRIVATEKEY 201 -# define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202 -# define SSL_F_SSL_USE_PRIVATEKEY_FILE 203 -# define SSL_F_SSL_USE_PSK_IDENTITY_HINT 273 -# define SSL_F_SSL_USE_RSAPRIVATEKEY 204 -# define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205 -# define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206 -# define SSL_F_SSL_VALIDATE_CT 400 -# define SSL_F_SSL_VERIFY_CERT_CHAIN 207 -# define SSL_F_SSL_WRITE 208 -# define SSL_F_STATE_MACHINE 353 -# define SSL_F_TLS12_CHECK_PEER_SIGALG 333 -# define SSL_F_TLS1_CHANGE_CIPHER_STATE 209 -# define SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS 341 -# define SSL_F_TLS1_ENC 401 -# define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 314 -# define SSL_F_TLS1_GET_CURVELIST 338 -# define SSL_F_TLS1_PRF 284 -# define SSL_F_TLS1_SETUP_KEY_BLOCK 211 -# define SSL_F_TLS1_SET_SERVER_SIGALGS 335 -# define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK 354 -# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST 372 -# define SSL_F_TLS_CONSTRUCT_CKE_DHE 404 -# define SSL_F_TLS_CONSTRUCT_CKE_ECDHE 405 -# define SSL_F_TLS_CONSTRUCT_CKE_GOST 406 -# define SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE 407 -# define SSL_F_TLS_CONSTRUCT_CKE_RSA 409 -# define SSL_F_TLS_CONSTRUCT_CKE_SRP 410 -# define SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE 355 -# define SSL_F_TLS_CONSTRUCT_CLIENT_HELLO 356 -# define SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE 357 -# define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY 358 -# define SSL_F_TLS_CONSTRUCT_FINISHED 359 -# define SSL_F_TLS_CONSTRUCT_HELLO_REQUEST 373 -# define SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET 428 -# define SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE 374 -# define SSL_F_TLS_CONSTRUCT_SERVER_DONE 375 -# define SSL_F_TLS_CONSTRUCT_SERVER_HELLO 376 -# define SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE 377 -# define SSL_F_TLS_GET_MESSAGE_BODY 351 -# define SSL_F_TLS_GET_MESSAGE_HEADER 387 -# define SSL_F_TLS_POST_PROCESS_CLIENT_HELLO 378 -# define SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE 384 -# define SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE 360 -# define SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST 361 -# define SSL_F_TLS_PROCESS_CERT_STATUS 362 -# define SSL_F_TLS_PROCESS_CERT_VERIFY 379 -# define SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC 363 -# define SSL_F_TLS_PROCESS_CKE_DHE 411 -# define SSL_F_TLS_PROCESS_CKE_ECDHE 412 -# define SSL_F_TLS_PROCESS_CKE_GOST 413 -# define SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE 414 -# define SSL_F_TLS_PROCESS_CKE_RSA 415 -# define SSL_F_TLS_PROCESS_CKE_SRP 416 -# define SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE 380 -# define SSL_F_TLS_PROCESS_CLIENT_HELLO 381 -# define SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE 382 -# define SSL_F_TLS_PROCESS_FINISHED 364 -# define SSL_F_TLS_PROCESS_KEY_EXCHANGE 365 -# define SSL_F_TLS_PROCESS_NEW_SESSION_TICKET 366 -# define SSL_F_TLS_PROCESS_NEXT_PROTO 383 -# define SSL_F_TLS_PROCESS_SERVER_CERTIFICATE 367 -# define SSL_F_TLS_PROCESS_SERVER_DONE 368 -# define SSL_F_TLS_PROCESS_SERVER_HELLO 369 -# define SSL_F_TLS_PROCESS_SKE_DHE 419 -# define SSL_F_TLS_PROCESS_SKE_ECDHE 420 -# define SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE 421 -# define SSL_F_TLS_PROCESS_SKE_SRP 422 -# define SSL_F_USE_CERTIFICATE_CHAIN_FILE 220 - -/* Reason codes. */ -# define SSL_R_APP_DATA_IN_HANDSHAKE 100 -# define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272 -# define SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE 143 -# define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE 158 -# define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 -# define SSL_R_BAD_DATA 390 -# define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 -# define SSL_R_BAD_DECOMPRESSION 107 -# define SSL_R_BAD_DH_VALUE 102 -# define SSL_R_BAD_DIGEST_LENGTH 111 -# define SSL_R_BAD_ECC_CERT 304 -# define SSL_R_BAD_ECPOINT 306 -# define SSL_R_BAD_HANDSHAKE_LENGTH 332 -# define SSL_R_BAD_HELLO_REQUEST 105 -# define SSL_R_BAD_LENGTH 271 -# define SSL_R_BAD_PACKET_LENGTH 115 -# define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116 -# define SSL_R_BAD_RSA_ENCRYPT 119 -# define SSL_R_BAD_SIGNATURE 123 -# define SSL_R_BAD_SRP_A_LENGTH 347 -# define SSL_R_BAD_SRP_PARAMETERS 371 -# define SSL_R_BAD_SRTP_MKI_VALUE 352 -# define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 353 -# define SSL_R_BAD_SSL_FILETYPE 124 -# define SSL_R_BAD_VALUE 384 -# define SSL_R_BAD_WRITE_RETRY 127 -# define SSL_R_BIO_NOT_SET 128 -# define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129 -# define SSL_R_BN_LIB 130 -# define SSL_R_CA_DN_LENGTH_MISMATCH 131 -# define SSL_R_CA_KEY_TOO_SMALL 397 -# define SSL_R_CA_MD_TOO_WEAK 398 -# define SSL_R_CCS_RECEIVED_EARLY 133 -# define SSL_R_CERTIFICATE_VERIFY_FAILED 134 -# define SSL_R_CERT_CB_ERROR 377 -# define SSL_R_CERT_LENGTH_MISMATCH 135 -# define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 -# define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138 -# define SSL_R_CLIENTHELLO_TLSEXT 226 -# define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 -# define SSL_R_COMPRESSION_DISABLED 343 -# define SSL_R_COMPRESSION_FAILURE 141 -# define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307 -# define SSL_R_COMPRESSION_LIBRARY_ERROR 142 -# define SSL_R_CONNECTION_TYPE_NOT_SET 144 -# define SSL_R_CONTEXT_NOT_DANE_ENABLED 167 -# define SSL_R_COOKIE_GEN_CALLBACK_FAILURE 400 -# define SSL_R_COOKIE_MISMATCH 308 -# define SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED 206 -# define SSL_R_DANE_ALREADY_ENABLED 172 -# define SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL 173 -# define SSL_R_DANE_NOT_ENABLED 175 -# define SSL_R_DANE_TLSA_BAD_CERTIFICATE 180 -# define SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE 184 -# define SSL_R_DANE_TLSA_BAD_DATA_LENGTH 189 -# define SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH 192 -# define SSL_R_DANE_TLSA_BAD_MATCHING_TYPE 200 -# define SSL_R_DANE_TLSA_BAD_PUBLIC_KEY 201 -# define SSL_R_DANE_TLSA_BAD_SELECTOR 202 -# define SSL_R_DANE_TLSA_NULL_DATA 203 -# define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 -# define SSL_R_DATA_LENGTH_TOO_LONG 146 -# define SSL_R_DECRYPTION_FAILED 147 -# define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 -# define SSL_R_DH_KEY_TOO_SMALL 394 -# define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 -# define SSL_R_DIGEST_CHECK_FAILED 149 -# define SSL_R_DTLS_MESSAGE_TOO_BIG 334 -# define SSL_R_DUPLICATE_COMPRESSION_ID 309 -# define SSL_R_ECC_CERT_NOT_FOR_SIGNING 318 -# define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE 374 -# define SSL_R_EE_KEY_TOO_SMALL 399 -# define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354 -# define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 -# define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 -# define SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN 204 -# define SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE 194 -# define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 -# define SSL_R_EXTRA_DATA_IN_MESSAGE 153 -# define SSL_R_FAILED_TO_INIT_ASYNC 405 -# define SSL_R_FRAGMENTED_CLIENT_HELLO 401 -# define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 -# define SSL_R_HTTPS_PROXY_REQUEST 155 -# define SSL_R_HTTP_REQUEST 156 -# define SSL_R_ILLEGAL_SUITEB_DIGEST 380 -# define SSL_R_INAPPROPRIATE_FALLBACK 373 -# define SSL_R_INCONSISTENT_COMPRESSION 340 -# define SSL_R_INCONSISTENT_EXTMS 104 -# define SSL_R_INVALID_COMMAND 280 -# define SSL_R_INVALID_COMPRESSION_ALGORITHM 341 -# define SSL_R_INVALID_CONFIGURATION_NAME 113 -# define SSL_R_INVALID_CT_VALIDATION_TYPE 212 -# define SSL_R_INVALID_NULL_CMD_NAME 385 -# define SSL_R_INVALID_SEQUENCE_NUMBER 402 -# define SSL_R_INVALID_SERVERINFO_DATA 388 -# define SSL_R_INVALID_SRP_USERNAME 357 -# define SSL_R_INVALID_STATUS_RESPONSE 328 -# define SSL_R_INVALID_TICKET_KEYS_LENGTH 325 -# define SSL_R_LENGTH_MISMATCH 159 -# define SSL_R_LENGTH_TOO_LONG 404 -# define SSL_R_LENGTH_TOO_SHORT 160 -# define SSL_R_LIBRARY_BUG 274 -# define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 -# define SSL_R_MISSING_DSA_SIGNING_CERT 165 -# define SSL_R_MISSING_ECDSA_SIGNING_CERT 381 -# define SSL_R_MISSING_RSA_CERTIFICATE 168 -# define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 -# define SSL_R_MISSING_RSA_SIGNING_CERT 170 -# define SSL_R_MISSING_SRP_PARAM 358 -# define SSL_R_MISSING_TMP_DH_KEY 171 -# define SSL_R_MISSING_TMP_ECDH_KEY 311 -# define SSL_R_NO_CERTIFICATES_RETURNED 176 -# define SSL_R_NO_CERTIFICATE_ASSIGNED 177 -# define SSL_R_NO_CERTIFICATE_SET 179 -# define SSL_R_NO_CIPHERS_AVAILABLE 181 -# define SSL_R_NO_CIPHERS_SPECIFIED 183 -# define SSL_R_NO_CIPHER_MATCH 185 -# define SSL_R_NO_CLIENT_CERT_METHOD 331 -# define SSL_R_NO_COMPRESSION_SPECIFIED 187 -# define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330 -# define SSL_R_NO_METHOD_SPECIFIED 188 -# define SSL_R_NO_PEM_EXTENSIONS 389 -# define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 -# define SSL_R_NO_PROTOCOLS_AVAILABLE 191 -# define SSL_R_NO_RENEGOTIATION 339 -# define SSL_R_NO_REQUIRED_DIGEST 324 -# define SSL_R_NO_SHARED_CIPHER 193 -# define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS 376 -# define SSL_R_NO_SRTP_PROFILES 359 -# define SSL_R_NO_VALID_SCTS 216 -# define SSL_R_NO_VERIFY_COOKIE_CALLBACK 403 -# define SSL_R_NULL_SSL_CTX 195 -# define SSL_R_NULL_SSL_METHOD_PASSED 196 -# define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 -# define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344 -# define SSL_R_PACKET_LENGTH_TOO_LONG 198 -# define SSL_R_PARSE_TLSEXT 227 -# define SSL_R_PATH_TOO_LONG 270 -# define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 -# define SSL_R_PEM_NAME_BAD_PREFIX 391 -# define SSL_R_PEM_NAME_TOO_SHORT 392 -# define SSL_R_PIPELINE_FAILURE 406 -# define SSL_R_PROTOCOL_IS_SHUTDOWN 207 -# define SSL_R_PSK_IDENTITY_NOT_FOUND 223 -# define SSL_R_PSK_NO_CLIENT_CB 224 -# define SSL_R_PSK_NO_SERVER_CB 225 -# define SSL_R_READ_BIO_NOT_SET 211 -# define SSL_R_READ_TIMEOUT_EXPIRED 312 -# define SSL_R_RECORD_LENGTH_MISMATCH 213 -# define SSL_R_RECORD_TOO_SMALL 298 -# define SSL_R_RENEGOTIATE_EXT_TOO_LONG 335 -# define SSL_R_RENEGOTIATION_ENCODING_ERR 336 -# define SSL_R_RENEGOTIATION_MISMATCH 337 -# define SSL_R_REQUIRED_CIPHER_MISSING 215 -# define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING 342 -# define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345 -# define SSL_R_SCT_VERIFICATION_FAILED 208 -# define SSL_R_SERVERHELLO_TLSEXT 275 -# define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 -# define SSL_R_SHUTDOWN_WHILE_IN_INIT 407 -# define SSL_R_SIGNATURE_ALGORITHMS_ERROR 360 -# define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 -# define SSL_R_SRP_A_CALC 361 -# define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 362 -# define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 363 -# define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 364 -# define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319 -# define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320 -# define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 -# define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 -# define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 -# define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 -# define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044 -# define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046 -# define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030 -# define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 -# define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 -# define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 -# define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 -# define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 -# define SSL_R_SSL_COMMAND_SECTION_EMPTY 117 -# define SSL_R_SSL_COMMAND_SECTION_NOT_FOUND 125 -# define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228 -# define SSL_R_SSL_HANDSHAKE_FAILURE 229 -# define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230 -# define SSL_R_SSL_NEGATIVE_LENGTH 372 -# define SSL_R_SSL_SECTION_EMPTY 126 -# define SSL_R_SSL_SECTION_NOT_FOUND 136 -# define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301 -# define SSL_R_SSL_SESSION_ID_CONFLICT 302 -# define SSL_R_SSL_SESSION_ID_TOO_LONG 408 -# define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273 -# define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303 -# define SSL_R_SSL_SESSION_VERSION_MISMATCH 210 -# define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 -# define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 -# define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 -# define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 -# define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 -# define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 -# define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 -# define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 -# define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 -# define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 -# define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 -# define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 -# define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 -# define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 -# define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 -# define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 -# define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 -# define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 -# define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT 365 -# define SSL_R_TLS_HEARTBEAT_PENDING 366 -# define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367 -# define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 -# define SSL_R_TOO_MANY_WARN_ALERTS 409 -# define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314 -# define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 -# define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242 -# define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243 -# define SSL_R_UNEXPECTED_MESSAGE 244 -# define SSL_R_UNEXPECTED_RECORD 245 -# define SSL_R_UNINITIALIZED 276 -# define SSL_R_UNKNOWN_ALERT_TYPE 246 -# define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247 -# define SSL_R_UNKNOWN_CIPHER_RETURNED 248 -# define SSL_R_UNKNOWN_CIPHER_TYPE 249 -# define SSL_R_UNKNOWN_CMD_NAME 386 -# define SSL_R_UNKNOWN_COMMAND 139 -# define SSL_R_UNKNOWN_DIGEST 368 -# define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250 -# define SSL_R_UNKNOWN_PKEY_TYPE 251 -# define SSL_R_UNKNOWN_PROTOCOL 252 -# define SSL_R_UNKNOWN_SSL_VERSION 254 -# define SSL_R_UNKNOWN_STATE 255 -# define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 338 -# define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 -# define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315 -# define SSL_R_UNSUPPORTED_PROTOCOL 258 -# define SSL_R_UNSUPPORTED_SSL_VERSION 259 -# define SSL_R_UNSUPPORTED_STATUS_TYPE 329 -# define SSL_R_USE_SRTP_NOT_NEGOTIATED 369 -# define SSL_R_VERSION_TOO_HIGH 166 -# define SSL_R_VERSION_TOO_LOW 396 -# define SSL_R_WRONG_CERTIFICATE_TYPE 383 -# define SSL_R_WRONG_CIPHER_RETURNED 261 -# define SSL_R_WRONG_CURVE 378 -# define SSL_R_WRONG_SIGNATURE_LENGTH 264 -# define SSL_R_WRONG_SIGNATURE_SIZE 265 -# define SSL_R_WRONG_SIGNATURE_TYPE 370 -# define SSL_R_WRONG_SSL_VERSION 266 -# define SSL_R_WRONG_VERSION_NUMBER 267 -# define SSL_R_X509_LIB 268 -# define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269 +typedef int (*SSL_allow_early_data_cb_fn)(SSL *s, void *arg); +void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx, + SSL_allow_early_data_cb_fn cb, + void *arg); +void SSL_set_allow_early_data_cb(SSL *s, + SSL_allow_early_data_cb_fn cb, + void *arg); # ifdef __cplusplus } diff --git a/deps/openssl/openssl/include/openssl/ssl3.h b/deps/openssl/openssl/include/openssl/ssl3.h index 115940ad315757..8d01fcc487651f 100644 --- a/deps/openssl/openssl/include/openssl/ssl3.h +++ b/deps/openssl/openssl/include/openssl/ssl3.h @@ -1,5 +1,6 @@ /* * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,12 +8,6 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECC cipher suite support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ - #ifndef HEADER_SSL3_H # define HEADER_SSL3_H @@ -74,6 +69,18 @@ extern "C" { # define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A # define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B +/* a bundle of RFC standard cipher names, generated from ssl3_ciphers[] */ +# define SSL3_RFC_RSA_NULL_MD5 "TLS_RSA_WITH_NULL_MD5" +# define SSL3_RFC_RSA_NULL_SHA "TLS_RSA_WITH_NULL_SHA" +# define SSL3_RFC_RSA_DES_192_CBC3_SHA "TLS_RSA_WITH_3DES_EDE_CBC_SHA" +# define SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" +# define SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" +# define SSL3_RFC_ADH_DES_192_CBC_SHA "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" +# define SSL3_RFC_RSA_IDEA_128_SHA "TLS_RSA_WITH_IDEA_CBC_SHA" +# define SSL3_RFC_RSA_RC4_128_MD5 "TLS_RSA_WITH_RC4_128_MD5" +# define SSL3_RFC_RSA_RC4_128_SHA "TLS_RSA_WITH_RC4_128_SHA" +# define SSL3_RFC_ADH_RC4_128_MD5 "TLS_DH_anon_WITH_RC4_128_MD5" + # define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5" # define SSL3_TXT_RSA_NULL_SHA "NULL-SHA" # define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5" @@ -170,7 +177,8 @@ extern "C" { * practice the value is lower than this. The overhead is the maximum number * of padding bytes (256) plus the mac size. */ -# define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE) +# define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE) +# define SSL3_RT_MAX_TLS13_ENCRYPTED_OVERHEAD 256 /* * OpenSSL currently only uses a padding length of at most one block so the @@ -186,12 +194,14 @@ extern "C" { # define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH # else # define SSL3_RT_MAX_COMPRESSED_LENGTH \ - (SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD) + (SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD) # endif # define SSL3_RT_MAX_ENCRYPTED_LENGTH \ - (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH) + (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH) +# define SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH \ + (SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_TLS13_ENCRYPTED_OVERHEAD) # define SSL3_RT_MAX_PACKET_SIZE \ - (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) + (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) # define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54" # define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52" @@ -220,8 +230,9 @@ extern "C" { # define TLS1_RT_CRYPTO_IV (TLS1_RT_CRYPTO | 0x7) # define TLS1_RT_CRYPTO_FIXED_IV (TLS1_RT_CRYPTO | 0x8) -/* Pseudo content type for SSL/TLS header info */ +/* Pseudo content types for SSL/TLS header info */ # define SSL3_RT_HEADER 0x100 +# define SSL3_RT_INNER_CONTENT_TYPE 0x101 # define SSL3_AL_WARNING 1 # define SSL3_AL_FATAL 2 @@ -262,6 +273,7 @@ extern "C" { # endif # endif +/* No longer used as of OpenSSL 1.1.1 */ # define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 /* Removed from OpenSSL 1.1.0 */ @@ -278,10 +290,14 @@ extern "C" { # define TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE 0x0400 +# define TLS1_FLAGS_STATELESS 0x0800 + # define SSL3_MT_HELLO_REQUEST 0 # define SSL3_MT_CLIENT_HELLO 1 # define SSL3_MT_SERVER_HELLO 2 # define SSL3_MT_NEWSESSION_TICKET 4 +# define SSL3_MT_END_OF_EARLY_DATA 5 +# define SSL3_MT_ENCRYPTED_EXTENSIONS 8 # define SSL3_MT_CERTIFICATE 11 # define SSL3_MT_SERVER_KEY_EXCHANGE 12 # define SSL3_MT_CERTIFICATE_REQUEST 13 @@ -289,11 +305,15 @@ extern "C" { # define SSL3_MT_CERTIFICATE_VERIFY 15 # define SSL3_MT_CLIENT_KEY_EXCHANGE 16 # define SSL3_MT_FINISHED 20 +# define SSL3_MT_CERTIFICATE_URL 21 # define SSL3_MT_CERTIFICATE_STATUS 22 +# define SSL3_MT_SUPPLEMENTAL_DATA 23 +# define SSL3_MT_KEY_UPDATE 24 # ifndef OPENSSL_NO_NEXTPROTONEG -# define SSL3_MT_NEXT_PROTO 67 +# define SSL3_MT_NEXT_PROTO 67 # endif -# define DTLS1_MT_HELLO_VERIFY_REQUEST 3 +# define SSL3_MT_MESSAGE_HASH 254 +# define DTLS1_MT_HELLO_VERIFY_REQUEST 3 /* Dummy message type for handling CCS like a normal handshake message */ # define SSL3_MT_CHANGE_CIPHER_SPEC 0x0101 @@ -301,10 +321,13 @@ extern "C" { # define SSL3_MT_CCS 1 /* These are used when changing over to a new cipher */ -# define SSL3_CC_READ 0x01 -# define SSL3_CC_WRITE 0x02 -# define SSL3_CC_CLIENT 0x10 -# define SSL3_CC_SERVER 0x20 +# define SSL3_CC_READ 0x001 +# define SSL3_CC_WRITE 0x002 +# define SSL3_CC_CLIENT 0x010 +# define SSL3_CC_SERVER 0x020 +# define SSL3_CC_EARLY 0x040 +# define SSL3_CC_HANDSHAKE 0x080 +# define SSL3_CC_APPLICATION 0x100 # define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE) # define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ) # define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ) diff --git a/deps/openssl/openssl/include/openssl/sslerr.h b/deps/openssl/openssl/include/openssl/sslerr.h new file mode 100644 index 00000000000000..87b295c9f93bfe --- /dev/null +++ b/deps/openssl/openssl/include/openssl/sslerr.h @@ -0,0 +1,767 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_SSLERR_H +# define HEADER_SSLERR_H + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_SSL_strings(void); + +/* + * SSL function codes. + */ +# define SSL_F_ADD_CLIENT_KEY_SHARE_EXT 438 +# define SSL_F_ADD_KEY_SHARE 512 +# define SSL_F_BYTES_TO_CIPHER_LIST 519 +# define SSL_F_CHECK_SUITEB_CIPHER_LIST 331 +# define SSL_F_CIPHERSUITE_CB 622 +# define SSL_F_CONSTRUCT_CA_NAMES 552 +# define SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS 553 +# define SSL_F_CONSTRUCT_STATEFUL_TICKET 636 +# define SSL_F_CONSTRUCT_STATELESS_TICKET 637 +# define SSL_F_CREATE_SYNTHETIC_MESSAGE_HASH 539 +# define SSL_F_CREATE_TICKET_PREQUEL 638 +# define SSL_F_CT_MOVE_SCTS 345 +# define SSL_F_CT_STRICT 349 +# define SSL_F_CUSTOM_EXT_ADD 554 +# define SSL_F_CUSTOM_EXT_PARSE 555 +# define SSL_F_D2I_SSL_SESSION 103 +# define SSL_F_DANE_CTX_ENABLE 347 +# define SSL_F_DANE_MTYPE_SET 393 +# define SSL_F_DANE_TLSA_ADD 394 +# define SSL_F_DERIVE_SECRET_KEY_AND_IV 514 +# define SSL_F_DO_DTLS1_WRITE 245 +# define SSL_F_DO_SSL3_WRITE 104 +# define SSL_F_DTLS1_BUFFER_RECORD 247 +# define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 318 +# define SSL_F_DTLS1_HEARTBEAT 305 +# define SSL_F_DTLS1_HM_FRAGMENT_NEW 623 +# define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288 +# define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS 424 +# define SSL_F_DTLS1_PROCESS_RECORD 257 +# define SSL_F_DTLS1_READ_BYTES 258 +# define SSL_F_DTLS1_READ_FAILED 339 +# define SSL_F_DTLS1_RETRANSMIT_MESSAGE 390 +# define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268 +# define SSL_F_DTLS1_WRITE_BYTES 545 +# define SSL_F_DTLSV1_LISTEN 350 +# define SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC 371 +# define SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST 385 +# define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE 370 +# define SSL_F_DTLS_PROCESS_HELLO_VERIFY 386 +# define SSL_F_DTLS_RECORD_LAYER_NEW 635 +# define SSL_F_DTLS_WAIT_FOR_DRY 592 +# define SSL_F_EARLY_DATA_COUNT_OK 532 +# define SSL_F_FINAL_EARLY_DATA 556 +# define SSL_F_FINAL_EC_PT_FORMATS 485 +# define SSL_F_FINAL_EMS 486 +# define SSL_F_FINAL_KEY_SHARE 503 +# define SSL_F_FINAL_MAXFRAGMENTLEN 557 +# define SSL_F_FINAL_RENEGOTIATE 483 +# define SSL_F_FINAL_SERVER_NAME 558 +# define SSL_F_FINAL_SIG_ALGS 497 +# define SSL_F_GET_CERT_VERIFY_TBS_DATA 588 +# define SSL_F_NSS_KEYLOG_INT 500 +# define SSL_F_OPENSSL_INIT_SSL 342 +# define SSL_F_OSSL_STATEM_CLIENT13_READ_TRANSITION 436 +# define SSL_F_OSSL_STATEM_CLIENT13_WRITE_TRANSITION 598 +# define SSL_F_OSSL_STATEM_CLIENT_CONSTRUCT_MESSAGE 430 +# define SSL_F_OSSL_STATEM_CLIENT_POST_PROCESS_MESSAGE 593 +# define SSL_F_OSSL_STATEM_CLIENT_PROCESS_MESSAGE 594 +# define SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION 417 +# define SSL_F_OSSL_STATEM_CLIENT_WRITE_TRANSITION 599 +# define SSL_F_OSSL_STATEM_SERVER13_READ_TRANSITION 437 +# define SSL_F_OSSL_STATEM_SERVER13_WRITE_TRANSITION 600 +# define SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE 431 +# define SSL_F_OSSL_STATEM_SERVER_POST_PROCESS_MESSAGE 601 +# define SSL_F_OSSL_STATEM_SERVER_POST_WORK 602 +# define SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE 603 +# define SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION 418 +# define SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION 604 +# define SSL_F_PARSE_CA_NAMES 541 +# define SSL_F_PITEM_NEW 624 +# define SSL_F_PQUEUE_NEW 625 +# define SSL_F_PROCESS_KEY_SHARE_EXT 439 +# define SSL_F_READ_STATE_MACHINE 352 +# define SSL_F_SET_CLIENT_CIPHERSUITE 540 +# define SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET 595 +# define SSL_F_SRP_GENERATE_SERVER_MASTER_SECRET 589 +# define SSL_F_SRP_VERIFY_SERVER_PARAM 596 +# define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 +# define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 +# define SSL_F_SSL3_CTRL 213 +# define SSL_F_SSL3_CTX_CTRL 133 +# define SSL_F_SSL3_DIGEST_CACHED_RECORDS 293 +# define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292 +# define SSL_F_SSL3_ENC 608 +# define SSL_F_SSL3_FINAL_FINISH_MAC 285 +# define SSL_F_SSL3_FINISH_MAC 587 +# define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 +# define SSL_F_SSL3_GENERATE_MASTER_SECRET 388 +# define SSL_F_SSL3_GET_RECORD 143 +# define SSL_F_SSL3_INIT_FINISHED_MAC 397 +# define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 +# define SSL_F_SSL3_READ_BYTES 148 +# define SSL_F_SSL3_READ_N 149 +# define SSL_F_SSL3_SETUP_KEY_BLOCK 157 +# define SSL_F_SSL3_SETUP_READ_BUFFER 156 +# define SSL_F_SSL3_SETUP_WRITE_BUFFER 291 +# define SSL_F_SSL3_WRITE_BYTES 158 +# define SSL_F_SSL3_WRITE_PENDING 159 +# define SSL_F_SSL_ADD_CERT_CHAIN 316 +# define SSL_F_SSL_ADD_CERT_TO_BUF 319 +# define SSL_F_SSL_ADD_CERT_TO_WPACKET 493 +# define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 298 +# define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 277 +# define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT 307 +# define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215 +# define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216 +# define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 299 +# define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 278 +# define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT 308 +# define SSL_F_SSL_BAD_METHOD 160 +# define SSL_F_SSL_BUILD_CERT_CHAIN 332 +# define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 +# define SSL_F_SSL_CACHE_CIPHERLIST 520 +# define SSL_F_SSL_CERT_ADD0_CHAIN_CERT 346 +# define SSL_F_SSL_CERT_DUP 221 +# define SSL_F_SSL_CERT_NEW 162 +# define SSL_F_SSL_CERT_SET0_CHAIN 340 +# define SSL_F_SSL_CHECK_PRIVATE_KEY 163 +# define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 280 +# define SSL_F_SSL_CHECK_SRP_EXT_CLIENTHELLO 606 +# define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG 279 +# define SSL_F_SSL_CHOOSE_CLIENT_VERSION 607 +# define SSL_F_SSL_CIPHER_DESCRIPTION 626 +# define SSL_F_SSL_CIPHER_LIST_TO_BYTES 425 +# define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230 +# define SSL_F_SSL_CIPHER_STRENGTH_SORT 231 +# define SSL_F_SSL_CLEAR 164 +# define SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT 627 +# define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165 +# define SSL_F_SSL_CONF_CMD 334 +# define SSL_F_SSL_CREATE_CIPHER_LIST 166 +# define SSL_F_SSL_CTRL 232 +# define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 +# define SSL_F_SSL_CTX_ENABLE_CT 398 +# define SSL_F_SSL_CTX_MAKE_PROFILES 309 +# define SSL_F_SSL_CTX_NEW 169 +# define SSL_F_SSL_CTX_SET_ALPN_PROTOS 343 +# define SSL_F_SSL_CTX_SET_CIPHER_LIST 269 +# define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 290 +# define SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK 396 +# define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 +# define SSL_F_SSL_CTX_SET_SSL_VERSION 170 +# define SSL_F_SSL_CTX_SET_TLSEXT_MAX_FRAGMENT_LENGTH 551 +# define SSL_F_SSL_CTX_USE_CERTIFICATE 171 +# define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172 +# define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173 +# define SSL_F_SSL_CTX_USE_PRIVATEKEY 174 +# define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175 +# define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176 +# define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT 272 +# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177 +# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178 +# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179 +# define SSL_F_SSL_CTX_USE_SERVERINFO 336 +# define SSL_F_SSL_CTX_USE_SERVERINFO_EX 543 +# define SSL_F_SSL_CTX_USE_SERVERINFO_FILE 337 +# define SSL_F_SSL_DANE_DUP 403 +# define SSL_F_SSL_DANE_ENABLE 395 +# define SSL_F_SSL_DERIVE 590 +# define SSL_F_SSL_DO_CONFIG 391 +# define SSL_F_SSL_DO_HANDSHAKE 180 +# define SSL_F_SSL_DUP_CA_LIST 408 +# define SSL_F_SSL_ENABLE_CT 402 +# define SSL_F_SSL_GENERATE_PKEY_GROUP 559 +# define SSL_F_SSL_GENERATE_SESSION_ID 547 +# define SSL_F_SSL_GET_NEW_SESSION 181 +# define SSL_F_SSL_GET_PREV_SESSION 217 +# define SSL_F_SSL_GET_SERVER_CERT_INDEX 322 +# define SSL_F_SSL_GET_SIGN_PKEY 183 +# define SSL_F_SSL_HANDSHAKE_HASH 560 +# define SSL_F_SSL_INIT_WBIO_BUFFER 184 +# define SSL_F_SSL_KEY_UPDATE 515 +# define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 +# define SSL_F_SSL_LOG_MASTER_SECRET 498 +# define SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE 499 +# define SSL_F_SSL_MODULE_INIT 392 +# define SSL_F_SSL_NEW 186 +# define SSL_F_SSL_NEXT_PROTO_VALIDATE 565 +# define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300 +# define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302 +# define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT 310 +# define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 301 +# define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303 +# define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311 +# define SSL_F_SSL_PEEK 270 +# define SSL_F_SSL_PEEK_EX 432 +# define SSL_F_SSL_PEEK_INTERNAL 522 +# define SSL_F_SSL_READ 223 +# define SSL_F_SSL_READ_EARLY_DATA 529 +# define SSL_F_SSL_READ_EX 434 +# define SSL_F_SSL_READ_INTERNAL 523 +# define SSL_F_SSL_RENEGOTIATE 516 +# define SSL_F_SSL_RENEGOTIATE_ABBREVIATED 546 +# define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 320 +# define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 321 +# define SSL_F_SSL_SESSION_DUP 348 +# define SSL_F_SSL_SESSION_NEW 189 +# define SSL_F_SSL_SESSION_PRINT_FP 190 +# define SSL_F_SSL_SESSION_SET1_ID 423 +# define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312 +# define SSL_F_SSL_SET_ALPN_PROTOS 344 +# define SSL_F_SSL_SET_CERT 191 +# define SSL_F_SSL_SET_CERT_AND_KEY 621 +# define SSL_F_SSL_SET_CIPHER_LIST 271 +# define SSL_F_SSL_SET_CT_VALIDATION_CALLBACK 399 +# define SSL_F_SSL_SET_FD 192 +# define SSL_F_SSL_SET_PKEY 193 +# define SSL_F_SSL_SET_RFD 194 +# define SSL_F_SSL_SET_SESSION 195 +# define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218 +# define SSL_F_SSL_SET_SESSION_TICKET_EXT 294 +# define SSL_F_SSL_SET_TLSEXT_MAX_FRAGMENT_LENGTH 550 +# define SSL_F_SSL_SET_WFD 196 +# define SSL_F_SSL_SHUTDOWN 224 +# define SSL_F_SSL_SRP_CTX_INIT 313 +# define SSL_F_SSL_START_ASYNC_JOB 389 +# define SSL_F_SSL_UNDEFINED_FUNCTION 197 +# define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244 +# define SSL_F_SSL_USE_CERTIFICATE 198 +# define SSL_F_SSL_USE_CERTIFICATE_ASN1 199 +# define SSL_F_SSL_USE_CERTIFICATE_FILE 200 +# define SSL_F_SSL_USE_PRIVATEKEY 201 +# define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202 +# define SSL_F_SSL_USE_PRIVATEKEY_FILE 203 +# define SSL_F_SSL_USE_PSK_IDENTITY_HINT 273 +# define SSL_F_SSL_USE_RSAPRIVATEKEY 204 +# define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205 +# define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206 +# define SSL_F_SSL_VALIDATE_CT 400 +# define SSL_F_SSL_VERIFY_CERT_CHAIN 207 +# define SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE 616 +# define SSL_F_SSL_WRITE 208 +# define SSL_F_SSL_WRITE_EARLY_DATA 526 +# define SSL_F_SSL_WRITE_EARLY_FINISH 527 +# define SSL_F_SSL_WRITE_EX 433 +# define SSL_F_SSL_WRITE_INTERNAL 524 +# define SSL_F_STATE_MACHINE 353 +# define SSL_F_TLS12_CHECK_PEER_SIGALG 333 +# define SSL_F_TLS12_COPY_SIGALGS 533 +# define SSL_F_TLS13_CHANGE_CIPHER_STATE 440 +# define SSL_F_TLS13_ENC 609 +# define SSL_F_TLS13_FINAL_FINISH_MAC 605 +# define SSL_F_TLS13_GENERATE_SECRET 591 +# define SSL_F_TLS13_HKDF_EXPAND 561 +# define SSL_F_TLS13_RESTORE_HANDSHAKE_DIGEST_FOR_PHA 617 +# define SSL_F_TLS13_SAVE_HANDSHAKE_DIGEST_FOR_PHA 618 +# define SSL_F_TLS13_SETUP_KEY_BLOCK 441 +# define SSL_F_TLS1_CHANGE_CIPHER_STATE 209 +# define SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS 341 +# define SSL_F_TLS1_ENC 401 +# define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 314 +# define SSL_F_TLS1_GET_CURVELIST 338 +# define SSL_F_TLS1_PRF 284 +# define SSL_F_TLS1_SAVE_U16 628 +# define SSL_F_TLS1_SETUP_KEY_BLOCK 211 +# define SSL_F_TLS1_SET_GROUPS 629 +# define SSL_F_TLS1_SET_RAW_SIGALGS 630 +# define SSL_F_TLS1_SET_SERVER_SIGALGS 335 +# define SSL_F_TLS1_SET_SHARED_SIGALGS 631 +# define SSL_F_TLS1_SET_SIGALGS 632 +# define SSL_F_TLS_CHOOSE_SIGALG 513 +# define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK 354 +# define SSL_F_TLS_COLLECT_EXTENSIONS 435 +# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_AUTHORITIES 542 +# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST 372 +# define SSL_F_TLS_CONSTRUCT_CERT_STATUS 429 +# define SSL_F_TLS_CONSTRUCT_CERT_STATUS_BODY 494 +# define SSL_F_TLS_CONSTRUCT_CERT_VERIFY 496 +# define SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC 427 +# define SSL_F_TLS_CONSTRUCT_CKE_DHE 404 +# define SSL_F_TLS_CONSTRUCT_CKE_ECDHE 405 +# define SSL_F_TLS_CONSTRUCT_CKE_GOST 406 +# define SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE 407 +# define SSL_F_TLS_CONSTRUCT_CKE_RSA 409 +# define SSL_F_TLS_CONSTRUCT_CKE_SRP 410 +# define SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE 484 +# define SSL_F_TLS_CONSTRUCT_CLIENT_HELLO 487 +# define SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE 488 +# define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY 489 +# define SSL_F_TLS_CONSTRUCT_CTOS_ALPN 466 +# define SSL_F_TLS_CONSTRUCT_CTOS_CERTIFICATE 355 +# define SSL_F_TLS_CONSTRUCT_CTOS_COOKIE 535 +# define SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA 530 +# define SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS 467 +# define SSL_F_TLS_CONSTRUCT_CTOS_EMS 468 +# define SSL_F_TLS_CONSTRUCT_CTOS_ETM 469 +# define SSL_F_TLS_CONSTRUCT_CTOS_HELLO 356 +# define SSL_F_TLS_CONSTRUCT_CTOS_KEY_EXCHANGE 357 +# define SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE 470 +# define SSL_F_TLS_CONSTRUCT_CTOS_MAXFRAGMENTLEN 549 +# define SSL_F_TLS_CONSTRUCT_CTOS_NPN 471 +# define SSL_F_TLS_CONSTRUCT_CTOS_PADDING 472 +# define SSL_F_TLS_CONSTRUCT_CTOS_POST_HANDSHAKE_AUTH 619 +# define SSL_F_TLS_CONSTRUCT_CTOS_PSK 501 +# define SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES 509 +# define SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE 473 +# define SSL_F_TLS_CONSTRUCT_CTOS_SCT 474 +# define SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME 475 +# define SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET 476 +# define SSL_F_TLS_CONSTRUCT_CTOS_SIG_ALGS 477 +# define SSL_F_TLS_CONSTRUCT_CTOS_SRP 478 +# define SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST 479 +# define SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS 480 +# define SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS 481 +# define SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP 482 +# define SSL_F_TLS_CONSTRUCT_CTOS_VERIFY 358 +# define SSL_F_TLS_CONSTRUCT_ENCRYPTED_EXTENSIONS 443 +# define SSL_F_TLS_CONSTRUCT_END_OF_EARLY_DATA 536 +# define SSL_F_TLS_CONSTRUCT_EXTENSIONS 447 +# define SSL_F_TLS_CONSTRUCT_FINISHED 359 +# define SSL_F_TLS_CONSTRUCT_HELLO_REQUEST 373 +# define SSL_F_TLS_CONSTRUCT_HELLO_RETRY_REQUEST 510 +# define SSL_F_TLS_CONSTRUCT_KEY_UPDATE 517 +# define SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET 428 +# define SSL_F_TLS_CONSTRUCT_NEXT_PROTO 426 +# define SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE 490 +# define SSL_F_TLS_CONSTRUCT_SERVER_HELLO 491 +# define SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE 492 +# define SSL_F_TLS_CONSTRUCT_STOC_ALPN 451 +# define SSL_F_TLS_CONSTRUCT_STOC_CERTIFICATE 374 +# define SSL_F_TLS_CONSTRUCT_STOC_COOKIE 613 +# define SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG 452 +# define SSL_F_TLS_CONSTRUCT_STOC_DONE 375 +# define SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA 531 +# define SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA_INFO 525 +# define SSL_F_TLS_CONSTRUCT_STOC_EC_PT_FORMATS 453 +# define SSL_F_TLS_CONSTRUCT_STOC_EMS 454 +# define SSL_F_TLS_CONSTRUCT_STOC_ETM 455 +# define SSL_F_TLS_CONSTRUCT_STOC_HELLO 376 +# define SSL_F_TLS_CONSTRUCT_STOC_KEY_EXCHANGE 377 +# define SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE 456 +# define SSL_F_TLS_CONSTRUCT_STOC_MAXFRAGMENTLEN 548 +# define SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG 457 +# define SSL_F_TLS_CONSTRUCT_STOC_PSK 504 +# define SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE 458 +# define SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME 459 +# define SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET 460 +# define SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST 461 +# define SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS 544 +# define SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS 611 +# define SSL_F_TLS_CONSTRUCT_STOC_USE_SRTP 462 +# define SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO 521 +# define SSL_F_TLS_FINISH_HANDSHAKE 597 +# define SSL_F_TLS_GET_MESSAGE_BODY 351 +# define SSL_F_TLS_GET_MESSAGE_HEADER 387 +# define SSL_F_TLS_HANDLE_ALPN 562 +# define SSL_F_TLS_HANDLE_STATUS_REQUEST 563 +# define SSL_F_TLS_PARSE_CERTIFICATE_AUTHORITIES 566 +# define SSL_F_TLS_PARSE_CLIENTHELLO_TLSEXT 449 +# define SSL_F_TLS_PARSE_CTOS_ALPN 567 +# define SSL_F_TLS_PARSE_CTOS_COOKIE 614 +# define SSL_F_TLS_PARSE_CTOS_EARLY_DATA 568 +# define SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS 569 +# define SSL_F_TLS_PARSE_CTOS_EMS 570 +# define SSL_F_TLS_PARSE_CTOS_KEY_SHARE 463 +# define SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN 571 +# define SSL_F_TLS_PARSE_CTOS_POST_HANDSHAKE_AUTH 620 +# define SSL_F_TLS_PARSE_CTOS_PSK 505 +# define SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES 572 +# define SSL_F_TLS_PARSE_CTOS_RENEGOTIATE 464 +# define SSL_F_TLS_PARSE_CTOS_SERVER_NAME 573 +# define SSL_F_TLS_PARSE_CTOS_SESSION_TICKET 574 +# define SSL_F_TLS_PARSE_CTOS_SIG_ALGS 575 +# define SSL_F_TLS_PARSE_CTOS_SIG_ALGS_CERT 615 +# define SSL_F_TLS_PARSE_CTOS_SRP 576 +# define SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST 577 +# define SSL_F_TLS_PARSE_CTOS_SUPPORTED_GROUPS 578 +# define SSL_F_TLS_PARSE_CTOS_USE_SRTP 465 +# define SSL_F_TLS_PARSE_STOC_ALPN 579 +# define SSL_F_TLS_PARSE_STOC_COOKIE 534 +# define SSL_F_TLS_PARSE_STOC_EARLY_DATA 538 +# define SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO 528 +# define SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS 580 +# define SSL_F_TLS_PARSE_STOC_KEY_SHARE 445 +# define SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN 581 +# define SSL_F_TLS_PARSE_STOC_NPN 582 +# define SSL_F_TLS_PARSE_STOC_PSK 502 +# define SSL_F_TLS_PARSE_STOC_RENEGOTIATE 448 +# define SSL_F_TLS_PARSE_STOC_SCT 564 +# define SSL_F_TLS_PARSE_STOC_SERVER_NAME 583 +# define SSL_F_TLS_PARSE_STOC_SESSION_TICKET 584 +# define SSL_F_TLS_PARSE_STOC_STATUS_REQUEST 585 +# define SSL_F_TLS_PARSE_STOC_SUPPORTED_VERSIONS 612 +# define SSL_F_TLS_PARSE_STOC_USE_SRTP 446 +# define SSL_F_TLS_POST_PROCESS_CLIENT_HELLO 378 +# define SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE 384 +# define SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE 360 +# define SSL_F_TLS_PROCESS_AS_HELLO_RETRY_REQUEST 610 +# define SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST 361 +# define SSL_F_TLS_PROCESS_CERT_STATUS 362 +# define SSL_F_TLS_PROCESS_CERT_STATUS_BODY 495 +# define SSL_F_TLS_PROCESS_CERT_VERIFY 379 +# define SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC 363 +# define SSL_F_TLS_PROCESS_CKE_DHE 411 +# define SSL_F_TLS_PROCESS_CKE_ECDHE 412 +# define SSL_F_TLS_PROCESS_CKE_GOST 413 +# define SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE 414 +# define SSL_F_TLS_PROCESS_CKE_RSA 415 +# define SSL_F_TLS_PROCESS_CKE_SRP 416 +# define SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE 380 +# define SSL_F_TLS_PROCESS_CLIENT_HELLO 381 +# define SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE 382 +# define SSL_F_TLS_PROCESS_ENCRYPTED_EXTENSIONS 444 +# define SSL_F_TLS_PROCESS_END_OF_EARLY_DATA 537 +# define SSL_F_TLS_PROCESS_FINISHED 364 +# define SSL_F_TLS_PROCESS_HELLO_REQ 507 +# define SSL_F_TLS_PROCESS_HELLO_RETRY_REQUEST 511 +# define SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT 442 +# define SSL_F_TLS_PROCESS_KEY_EXCHANGE 365 +# define SSL_F_TLS_PROCESS_KEY_UPDATE 518 +# define SSL_F_TLS_PROCESS_NEW_SESSION_TICKET 366 +# define SSL_F_TLS_PROCESS_NEXT_PROTO 383 +# define SSL_F_TLS_PROCESS_SERVER_CERTIFICATE 367 +# define SSL_F_TLS_PROCESS_SERVER_DONE 368 +# define SSL_F_TLS_PROCESS_SERVER_HELLO 369 +# define SSL_F_TLS_PROCESS_SKE_DHE 419 +# define SSL_F_TLS_PROCESS_SKE_ECDHE 420 +# define SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE 421 +# define SSL_F_TLS_PROCESS_SKE_SRP 422 +# define SSL_F_TLS_PSK_DO_BINDER 506 +# define SSL_F_TLS_SCAN_CLIENTHELLO_TLSEXT 450 +# define SSL_F_TLS_SETUP_HANDSHAKE 508 +# define SSL_F_USE_CERTIFICATE_CHAIN_FILE 220 +# define SSL_F_WPACKET_INTERN_INIT_LEN 633 +# define SSL_F_WPACKET_START_SUB_PACKET_LEN__ 634 +# define SSL_F_WRITE_STATE_MACHINE 586 + +/* + * SSL reason codes. + */ +# define SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY 291 +# define SSL_R_APP_DATA_IN_HANDSHAKE 100 +# define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272 +# define SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE 143 +# define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE 158 +# define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 +# define SSL_R_BAD_CIPHER 186 +# define SSL_R_BAD_DATA 390 +# define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 +# define SSL_R_BAD_DECOMPRESSION 107 +# define SSL_R_BAD_DH_VALUE 102 +# define SSL_R_BAD_DIGEST_LENGTH 111 +# define SSL_R_BAD_EARLY_DATA 233 +# define SSL_R_BAD_ECC_CERT 304 +# define SSL_R_BAD_ECPOINT 306 +# define SSL_R_BAD_EXTENSION 110 +# define SSL_R_BAD_HANDSHAKE_LENGTH 332 +# define SSL_R_BAD_HANDSHAKE_STATE 236 +# define SSL_R_BAD_HELLO_REQUEST 105 +# define SSL_R_BAD_HRR_VERSION 263 +# define SSL_R_BAD_KEY_SHARE 108 +# define SSL_R_BAD_KEY_UPDATE 122 +# define SSL_R_BAD_LEGACY_VERSION 292 +# define SSL_R_BAD_LENGTH 271 +# define SSL_R_BAD_PACKET 240 +# define SSL_R_BAD_PACKET_LENGTH 115 +# define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116 +# define SSL_R_BAD_PSK 219 +# define SSL_R_BAD_PSK_IDENTITY 114 +# define SSL_R_BAD_RECORD_TYPE 443 +# define SSL_R_BAD_RSA_ENCRYPT 119 +# define SSL_R_BAD_SIGNATURE 123 +# define SSL_R_BAD_SRP_A_LENGTH 347 +# define SSL_R_BAD_SRP_PARAMETERS 371 +# define SSL_R_BAD_SRTP_MKI_VALUE 352 +# define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 353 +# define SSL_R_BAD_SSL_FILETYPE 124 +# define SSL_R_BAD_VALUE 384 +# define SSL_R_BAD_WRITE_RETRY 127 +# define SSL_R_BINDER_DOES_NOT_VERIFY 253 +# define SSL_R_BIO_NOT_SET 128 +# define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129 +# define SSL_R_BN_LIB 130 +# define SSL_R_CALLBACK_FAILED 234 +# define SSL_R_CANNOT_CHANGE_CIPHER 109 +# define SSL_R_CA_DN_LENGTH_MISMATCH 131 +# define SSL_R_CA_KEY_TOO_SMALL 397 +# define SSL_R_CA_MD_TOO_WEAK 398 +# define SSL_R_CCS_RECEIVED_EARLY 133 +# define SSL_R_CERTIFICATE_VERIFY_FAILED 134 +# define SSL_R_CERT_CB_ERROR 377 +# define SSL_R_CERT_LENGTH_MISMATCH 135 +# define SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED 218 +# define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 +# define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138 +# define SSL_R_CLIENTHELLO_TLSEXT 226 +# define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 +# define SSL_R_COMPRESSION_DISABLED 343 +# define SSL_R_COMPRESSION_FAILURE 141 +# define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307 +# define SSL_R_COMPRESSION_LIBRARY_ERROR 142 +# define SSL_R_CONNECTION_TYPE_NOT_SET 144 +# define SSL_R_CONTEXT_NOT_DANE_ENABLED 167 +# define SSL_R_COOKIE_GEN_CALLBACK_FAILURE 400 +# define SSL_R_COOKIE_MISMATCH 308 +# define SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED 206 +# define SSL_R_DANE_ALREADY_ENABLED 172 +# define SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL 173 +# define SSL_R_DANE_NOT_ENABLED 175 +# define SSL_R_DANE_TLSA_BAD_CERTIFICATE 180 +# define SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE 184 +# define SSL_R_DANE_TLSA_BAD_DATA_LENGTH 189 +# define SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH 192 +# define SSL_R_DANE_TLSA_BAD_MATCHING_TYPE 200 +# define SSL_R_DANE_TLSA_BAD_PUBLIC_KEY 201 +# define SSL_R_DANE_TLSA_BAD_SELECTOR 202 +# define SSL_R_DANE_TLSA_NULL_DATA 203 +# define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 +# define SSL_R_DATA_LENGTH_TOO_LONG 146 +# define SSL_R_DECRYPTION_FAILED 147 +# define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 +# define SSL_R_DH_KEY_TOO_SMALL 394 +# define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 +# define SSL_R_DIGEST_CHECK_FAILED 149 +# define SSL_R_DTLS_MESSAGE_TOO_BIG 334 +# define SSL_R_DUPLICATE_COMPRESSION_ID 309 +# define SSL_R_ECC_CERT_NOT_FOR_SIGNING 318 +# define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE 374 +# define SSL_R_EE_KEY_TOO_SMALL 399 +# define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354 +# define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 +# define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 +# define SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN 204 +# define SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE 194 +# define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 +# define SSL_R_EXTENSION_NOT_RECEIVED 279 +# define SSL_R_EXTRA_DATA_IN_MESSAGE 153 +# define SSL_R_EXT_LENGTH_MISMATCH 163 +# define SSL_R_FAILED_TO_INIT_ASYNC 405 +# define SSL_R_FRAGMENTED_CLIENT_HELLO 401 +# define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 +# define SSL_R_HTTPS_PROXY_REQUEST 155 +# define SSL_R_HTTP_REQUEST 156 +# define SSL_R_ILLEGAL_POINT_COMPRESSION 162 +# define SSL_R_ILLEGAL_SUITEB_DIGEST 380 +# define SSL_R_INAPPROPRIATE_FALLBACK 373 +# define SSL_R_INCONSISTENT_COMPRESSION 340 +# define SSL_R_INCONSISTENT_EARLY_DATA_ALPN 222 +# define SSL_R_INCONSISTENT_EARLY_DATA_SNI 231 +# define SSL_R_INCONSISTENT_EXTMS 104 +# define SSL_R_INSUFFICIENT_SECURITY 241 +# define SSL_R_INVALID_ALERT 205 +# define SSL_R_INVALID_CCS_MESSAGE 260 +# define SSL_R_INVALID_CERTIFICATE_OR_ALG 238 +# define SSL_R_INVALID_COMMAND 280 +# define SSL_R_INVALID_COMPRESSION_ALGORITHM 341 +# define SSL_R_INVALID_CONFIG 283 +# define SSL_R_INVALID_CONFIGURATION_NAME 113 +# define SSL_R_INVALID_CONTEXT 282 +# define SSL_R_INVALID_CT_VALIDATION_TYPE 212 +# define SSL_R_INVALID_KEY_UPDATE_TYPE 120 +# define SSL_R_INVALID_MAX_EARLY_DATA 174 +# define SSL_R_INVALID_NULL_CMD_NAME 385 +# define SSL_R_INVALID_SEQUENCE_NUMBER 402 +# define SSL_R_INVALID_SERVERINFO_DATA 388 +# define SSL_R_INVALID_SESSION_ID 999 +# define SSL_R_INVALID_SRP_USERNAME 357 +# define SSL_R_INVALID_STATUS_RESPONSE 328 +# define SSL_R_INVALID_TICKET_KEYS_LENGTH 325 +# define SSL_R_LENGTH_MISMATCH 159 +# define SSL_R_LENGTH_TOO_LONG 404 +# define SSL_R_LENGTH_TOO_SHORT 160 +# define SSL_R_LIBRARY_BUG 274 +# define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 +# define SSL_R_MISSING_DSA_SIGNING_CERT 165 +# define SSL_R_MISSING_ECDSA_SIGNING_CERT 381 +# define SSL_R_MISSING_FATAL 256 +# define SSL_R_MISSING_PARAMETERS 290 +# define SSL_R_MISSING_RSA_CERTIFICATE 168 +# define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 +# define SSL_R_MISSING_RSA_SIGNING_CERT 170 +# define SSL_R_MISSING_SIGALGS_EXTENSION 112 +# define SSL_R_MISSING_SIGNING_CERT 221 +# define SSL_R_MISSING_SRP_PARAM 358 +# define SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION 209 +# define SSL_R_MISSING_TMP_DH_KEY 171 +# define SSL_R_MISSING_TMP_ECDH_KEY 311 +# define SSL_R_NOT_ON_RECORD_BOUNDARY 182 +# define SSL_R_NOT_REPLACING_CERTIFICATE 289 +# define SSL_R_NOT_SERVER 284 +# define SSL_R_NO_APPLICATION_PROTOCOL 235 +# define SSL_R_NO_CERTIFICATES_RETURNED 176 +# define SSL_R_NO_CERTIFICATE_ASSIGNED 177 +# define SSL_R_NO_CERTIFICATE_SET 179 +# define SSL_R_NO_CHANGE_FOLLOWING_HRR 214 +# define SSL_R_NO_CIPHERS_AVAILABLE 181 +# define SSL_R_NO_CIPHERS_SPECIFIED 183 +# define SSL_R_NO_CIPHER_MATCH 185 +# define SSL_R_NO_CLIENT_CERT_METHOD 331 +# define SSL_R_NO_COMPRESSION_SPECIFIED 187 +# define SSL_R_NO_COOKIE_CALLBACK_SET 287 +# define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330 +# define SSL_R_NO_METHOD_SPECIFIED 188 +# define SSL_R_NO_PEM_EXTENSIONS 389 +# define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 +# define SSL_R_NO_PROTOCOLS_AVAILABLE 191 +# define SSL_R_NO_RENEGOTIATION 339 +# define SSL_R_NO_REQUIRED_DIGEST 324 +# define SSL_R_NO_SHARED_CIPHER 193 +# define SSL_R_NO_SHARED_GROUPS 410 +# define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS 376 +# define SSL_R_NO_SRTP_PROFILES 359 +# define SSL_R_NO_SUITABLE_KEY_SHARE 101 +# define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM 118 +# define SSL_R_NO_VALID_SCTS 216 +# define SSL_R_NO_VERIFY_COOKIE_CALLBACK 403 +# define SSL_R_NULL_SSL_CTX 195 +# define SSL_R_NULL_SSL_METHOD_PASSED 196 +# define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 +# define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344 +# define SSL_R_OVERFLOW_ERROR 237 +# define SSL_R_PACKET_LENGTH_TOO_LONG 198 +# define SSL_R_PARSE_TLSEXT 227 +# define SSL_R_PATH_TOO_LONG 270 +# define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 +# define SSL_R_PEM_NAME_BAD_PREFIX 391 +# define SSL_R_PEM_NAME_TOO_SHORT 392 +# define SSL_R_PIPELINE_FAILURE 406 +# define SSL_R_POST_HANDSHAKE_AUTH_ENCODING_ERR 278 +# define SSL_R_PRIVATE_KEY_MISMATCH 288 +# define SSL_R_PROTOCOL_IS_SHUTDOWN 207 +# define SSL_R_PSK_IDENTITY_NOT_FOUND 223 +# define SSL_R_PSK_NO_CLIENT_CB 224 +# define SSL_R_PSK_NO_SERVER_CB 225 +# define SSL_R_READ_BIO_NOT_SET 211 +# define SSL_R_READ_TIMEOUT_EXPIRED 312 +# define SSL_R_RECORD_LENGTH_MISMATCH 213 +# define SSL_R_RECORD_TOO_SMALL 298 +# define SSL_R_RENEGOTIATE_EXT_TOO_LONG 335 +# define SSL_R_RENEGOTIATION_ENCODING_ERR 336 +# define SSL_R_RENEGOTIATION_MISMATCH 337 +# define SSL_R_REQUEST_PENDING 285 +# define SSL_R_REQUEST_SENT 286 +# define SSL_R_REQUIRED_CIPHER_MISSING 215 +# define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING 342 +# define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345 +# define SSL_R_SCT_VERIFICATION_FAILED 208 +# define SSL_R_SERVERHELLO_TLSEXT 275 +# define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 +# define SSL_R_SHUTDOWN_WHILE_IN_INIT 407 +# define SSL_R_SIGNATURE_ALGORITHMS_ERROR 360 +# define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 +# define SSL_R_SRP_A_CALC 361 +# define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 362 +# define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 363 +# define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 364 +# define SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH 232 +# define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319 +# define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320 +# define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 +# define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 +# define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 +# define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 +# define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044 +# define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046 +# define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030 +# define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 +# define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 +# define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 +# define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 +# define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 +# define SSL_R_SSL_COMMAND_SECTION_EMPTY 117 +# define SSL_R_SSL_COMMAND_SECTION_NOT_FOUND 125 +# define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228 +# define SSL_R_SSL_HANDSHAKE_FAILURE 229 +# define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230 +# define SSL_R_SSL_NEGATIVE_LENGTH 372 +# define SSL_R_SSL_SECTION_EMPTY 126 +# define SSL_R_SSL_SECTION_NOT_FOUND 136 +# define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301 +# define SSL_R_SSL_SESSION_ID_CONFLICT 302 +# define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273 +# define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303 +# define SSL_R_SSL_SESSION_ID_TOO_LONG 408 +# define SSL_R_SSL_SESSION_VERSION_MISMATCH 210 +# define SSL_R_STILL_IN_INIT 121 +# define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED 1116 +# define SSL_R_TLSV13_ALERT_MISSING_EXTENSION 1109 +# define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 +# define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 +# define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 +# define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 +# define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 +# define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 +# define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 +# define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 +# define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 +# define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 +# define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 +# define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 +# define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 +# define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 +# define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 +# define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 +# define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 +# define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 +# define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT 365 +# define SSL_R_TLS_HEARTBEAT_PENDING 366 +# define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367 +# define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 +# define SSL_R_TOO_MANY_KEY_UPDATES 132 +# define SSL_R_TOO_MANY_WARN_ALERTS 409 +# define SSL_R_TOO_MUCH_EARLY_DATA 164 +# define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314 +# define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 +# define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242 +# define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243 +# define SSL_R_UNEXPECTED_CCS_MESSAGE 262 +# define SSL_R_UNEXPECTED_END_OF_EARLY_DATA 178 +# define SSL_R_UNEXPECTED_MESSAGE 244 +# define SSL_R_UNEXPECTED_RECORD 245 +# define SSL_R_UNINITIALIZED 276 +# define SSL_R_UNKNOWN_ALERT_TYPE 246 +# define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247 +# define SSL_R_UNKNOWN_CIPHER_RETURNED 248 +# define SSL_R_UNKNOWN_CIPHER_TYPE 249 +# define SSL_R_UNKNOWN_CMD_NAME 386 +# define SSL_R_UNKNOWN_COMMAND 139 +# define SSL_R_UNKNOWN_DIGEST 368 +# define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250 +# define SSL_R_UNKNOWN_PKEY_TYPE 251 +# define SSL_R_UNKNOWN_PROTOCOL 252 +# define SSL_R_UNKNOWN_SSL_VERSION 254 +# define SSL_R_UNKNOWN_STATE 255 +# define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 338 +# define SSL_R_UNSOLICITED_EXTENSION 217 +# define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 +# define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315 +# define SSL_R_UNSUPPORTED_PROTOCOL 258 +# define SSL_R_UNSUPPORTED_SSL_VERSION 259 +# define SSL_R_UNSUPPORTED_STATUS_TYPE 329 +# define SSL_R_USE_SRTP_NOT_NEGOTIATED 369 +# define SSL_R_VERSION_TOO_HIGH 166 +# define SSL_R_VERSION_TOO_LOW 396 +# define SSL_R_WRONG_CERTIFICATE_TYPE 383 +# define SSL_R_WRONG_CIPHER_RETURNED 261 +# define SSL_R_WRONG_CURVE 378 +# define SSL_R_WRONG_SIGNATURE_LENGTH 264 +# define SSL_R_WRONG_SIGNATURE_SIZE 265 +# define SSL_R_WRONG_SIGNATURE_TYPE 370 +# define SSL_R_WRONG_SSL_VERSION 266 +# define SSL_R_WRONG_VERSION_NUMBER 267 +# define SSL_R_X509_LIB 268 +# define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269 + +#endif diff --git a/deps/openssl/openssl/include/openssl/stack.h b/deps/openssl/openssl/include/openssl/stack.h index 23ad3b89f953ba..cfc075057ae4bd 100644 --- a/deps/openssl/openssl/include/openssl/stack.h +++ b/deps/openssl/openssl/include/openssl/stack.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -27,9 +27,13 @@ void *OPENSSL_sk_set(OPENSSL_STACK *st, int i, const void *data); OPENSSL_STACK *OPENSSL_sk_new(OPENSSL_sk_compfunc cmp); OPENSSL_STACK *OPENSSL_sk_new_null(void); +OPENSSL_STACK *OPENSSL_sk_new_reserve(OPENSSL_sk_compfunc c, int n); +int OPENSSL_sk_reserve(OPENSSL_STACK *st, int n); void OPENSSL_sk_free(OPENSSL_STACK *); void OPENSSL_sk_pop_free(OPENSSL_STACK *st, void (*func) (void *)); -OPENSSL_STACK *OPENSSL_sk_deep_copy(const OPENSSL_STACK *, OPENSSL_sk_copyfunc c, OPENSSL_sk_freefunc f); +OPENSSL_STACK *OPENSSL_sk_deep_copy(const OPENSSL_STACK *, + OPENSSL_sk_copyfunc c, + OPENSSL_sk_freefunc f); int OPENSSL_sk_insert(OPENSSL_STACK *sk, const void *data, int where); void *OPENSSL_sk_delete(OPENSSL_STACK *st, int loc); void *OPENSSL_sk_delete_ptr(OPENSSL_STACK *st, const void *p); @@ -40,7 +44,8 @@ int OPENSSL_sk_unshift(OPENSSL_STACK *st, const void *data); void *OPENSSL_sk_shift(OPENSSL_STACK *st); void *OPENSSL_sk_pop(OPENSSL_STACK *st); void OPENSSL_sk_zero(OPENSSL_STACK *st); -OPENSSL_sk_compfunc OPENSSL_sk_set_cmp_func(OPENSSL_STACK *sk, OPENSSL_sk_compfunc cmp); +OPENSSL_sk_compfunc OPENSSL_sk_set_cmp_func(OPENSSL_STACK *sk, + OPENSSL_sk_compfunc cmp); OPENSSL_STACK *OPENSSL_sk_dup(const OPENSSL_STACK *st); void OPENSSL_sk_sort(OPENSSL_STACK *st); int OPENSSL_sk_is_sorted(const OPENSSL_STACK *st); diff --git a/deps/openssl/openssl/include/openssl/store.h b/deps/openssl/openssl/include/openssl/store.h new file mode 100644 index 00000000000000..7b43e8bd03ac2c --- /dev/null +++ b/deps/openssl/openssl/include/openssl/store.h @@ -0,0 +1,266 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_OSSL_STORE_H +# define HEADER_OSSL_STORE_H + +# include +# include +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +/*- + * The main OSSL_STORE functions. + * ------------------------------ + * + * These allow applications to open a channel to a resource with supported + * data (keys, certs, crls, ...), read the data a piece at a time and decide + * what to do with it, and finally close. + */ + +typedef struct ossl_store_ctx_st OSSL_STORE_CTX; + +/* + * Typedef for the OSSL_STORE_INFO post processing callback. This can be used + * to massage the given OSSL_STORE_INFO, or to drop it entirely (by returning + * NULL). + */ +typedef OSSL_STORE_INFO *(*OSSL_STORE_post_process_info_fn)(OSSL_STORE_INFO *, + void *); + +/* + * Open a channel given a URI. The given UI method will be used any time the + * loader needs extra input, for example when a password or pin is needed, and + * will be passed the same user data every time it's needed in this context. + * + * Returns a context reference which represents the channel to communicate + * through. + */ +OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method, + void *ui_data, + OSSL_STORE_post_process_info_fn post_process, + void *post_process_data); + +/* + * Control / fine tune the OSSL_STORE channel. |cmd| determines what is to be + * done, and depends on the underlying loader (use OSSL_STORE_get0_scheme to + * determine which loader is used), except for common commands (see below). + * Each command takes different arguments. + */ +int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ... /* args */); +int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, va_list args); + +/* + * Common ctrl commands that different loaders may choose to support. + */ +/* int on = 0 or 1; STORE_ctrl(ctx, STORE_C_USE_SECMEM, &on); */ +# define OSSL_STORE_C_USE_SECMEM 1 +/* Where custom commands start */ +# define OSSL_STORE_C_CUSTOM_START 100 + +/* + * Read one data item (a key, a cert, a CRL) that is supported by the OSSL_STORE + * functionality, given a context. + * Returns a OSSL_STORE_INFO pointer, from which OpenSSL typed data can be + * extracted with OSSL_STORE_INFO_get0_PKEY(), OSSL_STORE_INFO_get0_CERT(), ... + * NULL is returned on error, which may include that the data found at the URI + * can't be figured out for certain or is ambiguous. + */ +OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx); + +/* + * Check if end of data (end of file) is reached + * Returns 1 on end, 0 otherwise. + */ +int OSSL_STORE_eof(OSSL_STORE_CTX *ctx); + +/* + * Check if an error occured + * Returns 1 if it did, 0 otherwise. + */ +int OSSL_STORE_error(OSSL_STORE_CTX *ctx); + +/* + * Close the channel + * Returns 1 on success, 0 on error. + */ +int OSSL_STORE_close(OSSL_STORE_CTX *ctx); + + +/*- + * Extracting OpenSSL types from and creating new OSSL_STORE_INFOs + * --------------------------------------------------------------- + */ + +/* + * Types of data that can be ossl_stored in a OSSL_STORE_INFO. + * OSSL_STORE_INFO_NAME is typically found when getting a listing of + * available "files" / "tokens" / what have you. + */ +# define OSSL_STORE_INFO_NAME 1 /* char * */ +# define OSSL_STORE_INFO_PARAMS 2 /* EVP_PKEY * */ +# define OSSL_STORE_INFO_PKEY 3 /* EVP_PKEY * */ +# define OSSL_STORE_INFO_CERT 4 /* X509 * */ +# define OSSL_STORE_INFO_CRL 5 /* X509_CRL * */ + +/* + * Functions to generate OSSL_STORE_INFOs, one function for each type we + * support having in them, as well as a generic constructor. + * + * In all cases, ownership of the object is transfered to the OSSL_STORE_INFO + * and will therefore be freed when the OSSL_STORE_INFO is freed. + */ +OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name); +int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc); +OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params); +OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey); +OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509); +OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl); + +/* + * Functions to try to extract data from a OSSL_STORE_INFO. + */ +int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *info); +const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *info); +char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *info); +const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO *info); +char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *info); +EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *info); +EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *info); +EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *info); +EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *info); +X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *info); +X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *info); +X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *info); +X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *info); + +const char *OSSL_STORE_INFO_type_string(int type); + +/* + * Free the OSSL_STORE_INFO + */ +void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info); + + +/*- + * Functions to construct a search URI from a base URI and search criteria + * ----------------------------------------------------------------------- + */ + +/* OSSL_STORE search types */ +# define OSSL_STORE_SEARCH_BY_NAME 1 /* subject in certs, issuer in CRLs */ +# define OSSL_STORE_SEARCH_BY_ISSUER_SERIAL 2 +# define OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT 3 +# define OSSL_STORE_SEARCH_BY_ALIAS 4 + +/* To check what search types the scheme handler supports */ +int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int search_type); + +/* Search term constructors */ +/* + * The input is considered to be owned by the caller, and must therefore + * remain present throughout the lifetime of the returned OSSL_STORE_SEARCH + */ +OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name); +OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name, + const ASN1_INTEGER + *serial); +OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest, + const unsigned char + *bytes, size_t len); +OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias); + +/* Search term destructor */ +void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search); + +/* Search term accessors */ +int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion); +X509_NAME *OSSL_STORE_SEARCH_get0_name(OSSL_STORE_SEARCH *criterion); +const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH + *criterion); +const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH + *criterion, size_t *length); +const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion); +const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH *criterion); + +/* + * Add search criterion and expected return type (which can be unspecified) + * to the loading channel. This MUST happen before the first OSSL_STORE_load(). + */ +int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type); +int OSSL_STORE_find(OSSL_STORE_CTX *ctx, OSSL_STORE_SEARCH *search); + + +/*- + * Function to register a loader for the given URI scheme. + * ------------------------------------------------------- + * + * The loader receives all the main components of an URI except for the + * scheme. + */ + +typedef struct ossl_store_loader_st OSSL_STORE_LOADER; +OSSL_STORE_LOADER *OSSL_STORE_LOADER_new(ENGINE *e, const char *scheme); +const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader); +const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader); +/* struct ossl_store_loader_ctx_st is defined differently by each loader */ +typedef struct ossl_store_loader_ctx_st OSSL_STORE_LOADER_CTX; +typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_fn)(const OSSL_STORE_LOADER + *loader, + const char *uri, + const UI_METHOD *ui_method, + void *ui_data); +int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *loader, + OSSL_STORE_open_fn open_function); +typedef int (*OSSL_STORE_ctrl_fn)(OSSL_STORE_LOADER_CTX *ctx, int cmd, + va_list args); +int OSSL_STORE_LOADER_set_ctrl(OSSL_STORE_LOADER *loader, + OSSL_STORE_ctrl_fn ctrl_function); +typedef int (*OSSL_STORE_expect_fn)(OSSL_STORE_LOADER_CTX *ctx, int expected); +int OSSL_STORE_LOADER_set_expect(OSSL_STORE_LOADER *loader, + OSSL_STORE_expect_fn expect_function); +typedef int (*OSSL_STORE_find_fn)(OSSL_STORE_LOADER_CTX *ctx, + OSSL_STORE_SEARCH *criteria); +int OSSL_STORE_LOADER_set_find(OSSL_STORE_LOADER *loader, + OSSL_STORE_find_fn find_function); +typedef OSSL_STORE_INFO *(*OSSL_STORE_load_fn)(OSSL_STORE_LOADER_CTX *ctx, + const UI_METHOD *ui_method, + void *ui_data); +int OSSL_STORE_LOADER_set_load(OSSL_STORE_LOADER *loader, + OSSL_STORE_load_fn load_function); +typedef int (*OSSL_STORE_eof_fn)(OSSL_STORE_LOADER_CTX *ctx); +int OSSL_STORE_LOADER_set_eof(OSSL_STORE_LOADER *loader, + OSSL_STORE_eof_fn eof_function); +typedef int (*OSSL_STORE_error_fn)(OSSL_STORE_LOADER_CTX *ctx); +int OSSL_STORE_LOADER_set_error(OSSL_STORE_LOADER *loader, + OSSL_STORE_error_fn error_function); +typedef int (*OSSL_STORE_close_fn)(OSSL_STORE_LOADER_CTX *ctx); +int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader, + OSSL_STORE_close_fn close_function); +void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *loader); + +int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader); +OSSL_STORE_LOADER *OSSL_STORE_unregister_loader(const char *scheme); + +/*- + * Functions to list STORE loaders + * ------------------------------- + */ +int OSSL_STORE_do_all_loaders(void (*do_function) (const OSSL_STORE_LOADER + *loader, void *do_arg), + void *do_arg); + +# ifdef __cplusplus +} +# endif +#endif diff --git a/deps/openssl/openssl/include/openssl/storeerr.h b/deps/openssl/openssl/include/openssl/storeerr.h new file mode 100644 index 00000000000000..33d0ab7903a20b --- /dev/null +++ b/deps/openssl/openssl/include/openssl/storeerr.h @@ -0,0 +1,87 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_OSSL_STOREERR_H +# define HEADER_OSSL_STOREERR_H + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_OSSL_STORE_strings(void); + +/* + * OSSL_STORE function codes. + */ +# define OSSL_STORE_F_FILE_CTRL 129 +# define OSSL_STORE_F_FILE_FIND 138 +# define OSSL_STORE_F_FILE_GET_PASS 118 +# define OSSL_STORE_F_FILE_LOAD 119 +# define OSSL_STORE_F_FILE_LOAD_TRY_DECODE 124 +# define OSSL_STORE_F_FILE_NAME_TO_URI 126 +# define OSSL_STORE_F_FILE_OPEN 120 +# define OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO 127 +# define OSSL_STORE_F_OSSL_STORE_EXPECT 130 +# define OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT 128 +# define OSSL_STORE_F_OSSL_STORE_FIND 131 +# define OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT 100 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT 101 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL 102 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME 103 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION 135 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_PARAMS 104 +# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_PKEY 105 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_CERT 106 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_CRL 107 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED 123 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_NAME 109 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_PARAMS 110 +# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_PKEY 111 +# define OSSL_STORE_F_OSSL_STORE_INFO_SET0_NAME_DESCRIPTION 134 +# define OSSL_STORE_F_OSSL_STORE_INIT_ONCE 112 +# define OSSL_STORE_F_OSSL_STORE_LOADER_NEW 113 +# define OSSL_STORE_F_OSSL_STORE_OPEN 114 +# define OSSL_STORE_F_OSSL_STORE_OPEN_INT 115 +# define OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT 117 +# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ALIAS 132 +# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ISSUER_SERIAL 133 +# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT 136 +# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_NAME 137 +# define OSSL_STORE_F_OSSL_STORE_UNREGISTER_LOADER_INT 116 +# define OSSL_STORE_F_TRY_DECODE_PARAMS 121 +# define OSSL_STORE_F_TRY_DECODE_PKCS12 122 +# define OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED 125 + +/* + * OSSL_STORE reason codes. + */ +# define OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE 107 +# define OSSL_STORE_R_BAD_PASSWORD_READ 115 +# define OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC 113 +# define OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST 121 +# define OSSL_STORE_R_INVALID_SCHEME 106 +# define OSSL_STORE_R_IS_NOT_A 112 +# define OSSL_STORE_R_LOADER_INCOMPLETE 116 +# define OSSL_STORE_R_LOADING_STARTED 117 +# define OSSL_STORE_R_NOT_A_CERTIFICATE 100 +# define OSSL_STORE_R_NOT_A_CRL 101 +# define OSSL_STORE_R_NOT_A_KEY 102 +# define OSSL_STORE_R_NOT_A_NAME 103 +# define OSSL_STORE_R_NOT_PARAMETERS 104 +# define OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR 114 +# define OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE 108 +# define OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES 119 +# define OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED 109 +# define OSSL_STORE_R_UNREGISTERED_SCHEME 105 +# define OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE 110 +# define OSSL_STORE_R_UNSUPPORTED_OPERATION 118 +# define OSSL_STORE_R_UNSUPPORTED_SEARCH_TYPE 120 +# define OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED 111 + +#endif diff --git a/deps/openssl/openssl/include/openssl/tls1.h b/deps/openssl/openssl/include/openssl/tls1.h index 732e87ab35c226..e13b5dd4bc65b5 100644 --- a/deps/openssl/openssl/include/openssl/tls1.h +++ b/deps/openssl/openssl/include/openssl/tls1.h @@ -1,5 +1,7 @@ /* * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * Copyright 2005 Nokia. All rights reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,46 +9,6 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * - * Portions of the attached software ("Contribution") are developed by - * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. - * - * The Contribution is licensed pursuant to the OpenSSL open source - * license provided above. - * - * ECC cipher suite support in OpenSSL originally written by - * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. - * - */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - #ifndef HEADER_TLS1_H # define HEADER_TLS1_H @@ -65,7 +27,8 @@ extern "C" { # define TLS1_VERSION 0x0301 # define TLS1_1_VERSION 0x0302 # define TLS1_2_VERSION 0x0303 -# define TLS_MAX_VERSION TLS1_2_VERSION +# define TLS1_3_VERSION 0x0304 +# define TLS_MAX_VERSION TLS1_3_VERSION /* Special value for method supporting multiple versions */ # define TLS_ANY_VERSION 0x10000 @@ -80,10 +43,10 @@ extern "C" { # define TLS1_2_VERSION_MINOR 0x03 # define TLS1_get_version(s) \ - ((SSL_version(s) >> 8) == TLS1_VERSION_MAJOR ? SSL_version(s) : 0) + ((SSL_version(s) >> 8) == TLS1_VERSION_MAJOR ? SSL_version(s) : 0) # define TLS1_get_client_version(s) \ - ((SSL_client_version(s) >> 8) == TLS1_VERSION_MAJOR ? SSL_client_version(s) : 0) + ((SSL_client_version(s) >> 8) == TLS1_VERSION_MAJOR ? SSL_client_version(s) : 0) # define TLS1_AD_DECRYPTION_FAILED 21 # define TLS1_AD_RECORD_OVERFLOW 22 @@ -98,6 +61,9 @@ extern "C" { # define TLS1_AD_INAPPROPRIATE_FALLBACK 86/* fatal */ # define TLS1_AD_USER_CANCELLED 90 # define TLS1_AD_NO_RENEGOTIATION 100 +/* TLSv1.3 alerts */ +# define TLS13_AD_MISSING_EXTENSION 109 /* fatal */ +# define TLS13_AD_CERTIFICATE_REQUIRED 116 /* fatal */ /* codes 110-114 are from RFC3546 */ # define TLS1_AD_UNSUPPORTED_EXTENSION 110 # define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111 @@ -123,9 +89,15 @@ extern "C" { # define TLSEXT_TYPE_cert_type 9 /* ExtensionType values from RFC4492 */ -# define TLSEXT_TYPE_elliptic_curves 10 +/* + * Prior to TLSv1.3 the supported_groups extension was known as + * elliptic_curves + */ +# define TLSEXT_TYPE_supported_groups 10 +# define TLSEXT_TYPE_elliptic_curves TLSEXT_TYPE_supported_groups # define TLSEXT_TYPE_ec_point_formats 11 + /* ExtensionType value from RFC5054 */ # define TLSEXT_TYPE_srp 12 @@ -162,6 +134,17 @@ extern "C" { /* ExtensionType value from RFC4507 */ # define TLSEXT_TYPE_session_ticket 35 +/* As defined for TLS1.3 */ +# define TLSEXT_TYPE_psk 41 +# define TLSEXT_TYPE_early_data 42 +# define TLSEXT_TYPE_supported_versions 43 +# define TLSEXT_TYPE_cookie 44 +# define TLSEXT_TYPE_psk_kex_modes 45 +# define TLSEXT_TYPE_certificate_authorities 47 +# define TLSEXT_TYPE_post_handshake_auth 49 +# define TLSEXT_TYPE_signature_algorithms_cert 50 +# define TLSEXT_TYPE_key_share 51 + /* Temporary extension type */ # define TLSEXT_TYPE_renegotiate 0xff01 @@ -217,6 +200,17 @@ extern "C" { # define TLSEXT_curve_P_256 23 # define TLSEXT_curve_P_384 24 +/* OpenSSL value to disable maximum fragment length extension */ +# define TLSEXT_max_fragment_length_DISABLED 0 +/* Allowed values for max fragment length extension */ +# define TLSEXT_max_fragment_length_512 1 +# define TLSEXT_max_fragment_length_1024 2 +# define TLSEXT_max_fragment_length_2048 3 +# define TLSEXT_max_fragment_length_4096 4 + +int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode); +int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode); + # define TLSEXT_MAXLEN_host_name 255 __owur const char *SSL_get_servername(const SSL *s, const int type); @@ -233,6 +227,22 @@ __owur int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, const unsigned char *context, size_t contextlen, int use_context); +/* + * SSL_export_keying_material_early exports a value derived from the + * early exporter master secret, as specified in + * https://tools.ietf.org/html/draft-ietf-tls-tls13-23. It writes + * |olen| bytes to |out| given a label and optional context. It + * returns 1 on success and 0 otherwise. + */ +__owur int SSL_export_keying_material_early(SSL *s, unsigned char *out, + size_t olen, const char *label, + size_t llen, + const unsigned char *context, + size_t contextlen); + +int SSL_get_peer_signature_type_nid(const SSL *s, int *pnid); +int SSL_get_signature_type_nid(const SSL *s, int *pnid); + int SSL_get_sigalgs(SSL *s, int idx, int *psign, int *phash, int *psignandhash, unsigned char *rsig, unsigned char *rhash); @@ -244,40 +254,43 @@ int SSL_get_shared_sigalgs(SSL *s, int idx, __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain); # define SSL_set_tlsext_host_name(s,name) \ -SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name) + SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,\ + (void *)name) # define SSL_set_tlsext_debug_callback(ssl, cb) \ -SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb) + SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,\ + (void (*)(void))cb) # define SSL_set_tlsext_debug_arg(ssl, arg) \ -SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg) + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0,arg) # define SSL_get_tlsext_status_type(ssl) \ -SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE,0, NULL) + SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE,0,NULL) # define SSL_set_tlsext_status_type(ssl, type) \ -SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL) + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type,NULL) # define SSL_get_tlsext_status_exts(ssl, arg) \ -SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg) + SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0,arg) # define SSL_set_tlsext_status_exts(ssl, arg) \ -SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg) + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0,arg) # define SSL_get_tlsext_status_ids(ssl, arg) \ -SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg) + SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0,arg) # define SSL_set_tlsext_status_ids(ssl, arg) \ -SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg) + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0,arg) # define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \ -SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, (void *)arg) + SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0,arg) # define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \ -SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)arg) + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen,arg) # define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \ -SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb) + SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,\ + (void (*)(void))cb) # define SSL_TLSEXT_ERR_OK 0 # define SSL_TLSEXT_ERR_ALERT_WARNING 1 @@ -285,40 +298,42 @@ SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb) # define SSL_TLSEXT_ERR_NOACK 3 # define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \ -SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg) + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0,arg) # define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \ - SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLSEXT_TICKET_KEYS,(keylen),(keys)) + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_TLSEXT_TICKET_KEYS,keylen,keys) # define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ - SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,(keylen),(keys)) + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_TICKET_KEYS,keylen,keys) # define SSL_CTX_get_tlsext_status_cb(ssl, cb) \ -SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,0, (void (**)(void))cb) + SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,0,(void *)cb) # define SSL_CTX_set_tlsext_status_cb(ssl, cb) \ -SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb) + SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,\ + (void (*)(void))cb) # define SSL_CTX_get_tlsext_status_arg(ssl, arg) \ - SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg) + SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG,0,arg) # define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ - SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg) + SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0,arg) -#define SSL_CTX_set_tlsext_status_type(ssl, type) \ - SSL_CTX_ctrl(ssl, SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE, type, NULL) +# define SSL_CTX_set_tlsext_status_type(ssl, type) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type,NULL) -#define SSL_CTX_get_tlsext_status_type(ssl) \ - SSL_CTX_ctrl(ssl, SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE, 0, NULL) +# define SSL_CTX_get_tlsext_status_type(ssl) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE,0,NULL) # define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ -SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) + SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,\ + (void (*)(void))cb) # ifndef OPENSSL_NO_HEARTBEATS # define SSL_DTLSEXT_HB_ENABLED 0x01 # define SSL_DTLSEXT_HB_DONT_SEND_REQUESTS 0x02 # define SSL_DTLSEXT_HB_DONT_RECV_REQUESTS 0x04 # define SSL_get_dtlsext_heartbeat_pending(ssl) \ - SSL_ctrl((ssl),SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING,0,NULL) + SSL_ctrl(ssl,SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING,0,NULL) # define SSL_set_dtlsext_heartbeat_no_requests(ssl, arg) \ - SSL_ctrl((ssl),SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL) + SSL_ctrl(ssl,SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL) # if OPENSSL_API_COMPAT < 0x10100000L # define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT \ @@ -336,7 +351,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define SSL_get_tlsext_heartbeat_pending(ssl) \ SSL_get_dtlsext_heartbeat_pending(ssl) # define SSL_set_tlsext_heartbeat_no_requests(ssl, arg) \ - SSL_set_dtlsext_heartbeat_no_requests(ssl, arg) + SSL_set_dtlsext_heartbeat_no_requests(ssl,arg) # endif # endif @@ -345,12 +360,10 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008B # define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C # define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D - # define TLS1_CK_DHE_PSK_WITH_RC4_128_SHA 0x0300008E # define TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008F # define TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA 0x03000090 # define TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA 0x03000091 - # define TLS1_CK_RSA_PSK_WITH_RC4_128_SHA 0x03000092 # define TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA 0x03000093 # define TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA 0x03000094 @@ -363,17 +376,14 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384 0x030000AB # define TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256 0x030000AC # define TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384 0x030000AD - # define TLS1_CK_PSK_WITH_AES_128_CBC_SHA256 0x030000AE # define TLS1_CK_PSK_WITH_AES_256_CBC_SHA384 0x030000AF # define TLS1_CK_PSK_WITH_NULL_SHA256 0x030000B0 # define TLS1_CK_PSK_WITH_NULL_SHA384 0x030000B1 - # define TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256 0x030000B2 # define TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384 0x030000B3 # define TLS1_CK_DHE_PSK_WITH_NULL_SHA256 0x030000B4 # define TLS1_CK_DHE_PSK_WITH_NULL_SHA384 0x030000B5 - # define TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256 0x030000B6 # define TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384 0x030000B7 # define TLS1_CK_RSA_PSK_WITH_NULL_SHA256 0x030000B8 @@ -391,7 +401,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_CK_DHE_DSS_WITH_AES_128_SHA 0x03000032 # define TLS1_CK_DHE_RSA_WITH_AES_128_SHA 0x03000033 # define TLS1_CK_ADH_WITH_AES_128_SHA 0x03000034 - # define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035 # define TLS1_CK_DH_DSS_WITH_AES_256_SHA 0x03000036 # define TLS1_CK_DH_RSA_WITH_AES_256_SHA 0x03000037 @@ -536,7 +545,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA 0x0300C022 /* ECDH HMAC based ciphersuites from RFC5289 */ - # define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 0x0300C023 # define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 0x0300C024 # define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256 0x0300C025 @@ -566,7 +574,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0x0300C038 /* NULL PSK ciphersuites from RFC4785 */ - # define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA 0x0300C039 # define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256 0x0300C03A # define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384 0x0300C03B @@ -599,6 +606,233 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305 0x0300CCAD # define TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305 0x0300CCAE +/* TLS v1.3 ciphersuites */ +# define TLS1_3_CK_AES_128_GCM_SHA256 0x03001301 +# define TLS1_3_CK_AES_256_GCM_SHA384 0x03001302 +# define TLS1_3_CK_CHACHA20_POLY1305_SHA256 0x03001303 +# define TLS1_3_CK_AES_128_CCM_SHA256 0x03001304 +# define TLS1_3_CK_AES_128_CCM_8_SHA256 0x03001305 + +/* Aria ciphersuites from RFC6209 */ +# define TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C050 +# define TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C051 +# define TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C052 +# define TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C053 +# define TLS1_CK_DH_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C054 +# define TLS1_CK_DH_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C055 +# define TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256 0x0300C056 +# define TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384 0x0300C057 +# define TLS1_CK_DH_DSS_WITH_ARIA_128_GCM_SHA256 0x0300C058 +# define TLS1_CK_DH_DSS_WITH_ARIA_256_GCM_SHA384 0x0300C059 +# define TLS1_CK_DH_anon_WITH_ARIA_128_GCM_SHA256 0x0300C05A +# define TLS1_CK_DH_anon_WITH_ARIA_256_GCM_SHA384 0x0300C05B +# define TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0x0300C05C +# define TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0x0300C05D +# define TLS1_CK_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0x0300C05E +# define TLS1_CK_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 0x0300C05F +# define TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C060 +# define TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C061 +# define TLS1_CK_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C062 +# define TLS1_CK_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C063 +# define TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256 0x0300C06A +# define TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384 0x0300C06B +# define TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256 0x0300C06C +# define TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384 0x0300C06D +# define TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256 0x0300C06E +# define TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384 0x0300C06F + +/* a bundle of RFC standard cipher names, generated from ssl3_ciphers[] */ +# define TLS1_RFC_RSA_WITH_AES_128_SHA "TLS_RSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_AES_128_SHA "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_SHA "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ADH_WITH_AES_128_SHA "TLS_DH_anon_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_RSA_WITH_AES_256_SHA "TLS_RSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_AES_256_SHA "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_SHA "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ADH_WITH_AES_256_SHA "TLS_DH_anon_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_RSA_WITH_NULL_SHA256 "TLS_RSA_WITH_NULL_SHA256" +# define TLS1_RFC_RSA_WITH_AES_128_SHA256 "TLS_RSA_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_RSA_WITH_AES_256_SHA256 "TLS_RSA_WITH_AES_256_CBC_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" +# define TLS1_RFC_ADH_WITH_AES_128_SHA256 "TLS_DH_anon_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_ADH_WITH_AES_256_SHA256 "TLS_DH_anon_WITH_AES_256_CBC_SHA256" +# define TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256 "TLS_RSA_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384 "TLS_RSA_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256 "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384 "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256 "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384 "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256 "TLS_DH_anon_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384 "TLS_DH_anon_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_RSA_WITH_AES_128_CCM "TLS_RSA_WITH_AES_128_CCM" +# define TLS1_RFC_RSA_WITH_AES_256_CCM "TLS_RSA_WITH_AES_256_CCM" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_CCM "TLS_DHE_RSA_WITH_AES_128_CCM" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_CCM "TLS_DHE_RSA_WITH_AES_256_CCM" +# define TLS1_RFC_RSA_WITH_AES_128_CCM_8 "TLS_RSA_WITH_AES_128_CCM_8" +# define TLS1_RFC_RSA_WITH_AES_256_CCM_8 "TLS_RSA_WITH_AES_256_CCM_8" +# define TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8 "TLS_DHE_RSA_WITH_AES_128_CCM_8" +# define TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8 "TLS_DHE_RSA_WITH_AES_256_CCM_8" +# define TLS1_RFC_PSK_WITH_AES_128_CCM "TLS_PSK_WITH_AES_128_CCM" +# define TLS1_RFC_PSK_WITH_AES_256_CCM "TLS_PSK_WITH_AES_256_CCM" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_CCM "TLS_DHE_PSK_WITH_AES_128_CCM" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_CCM "TLS_DHE_PSK_WITH_AES_256_CCM" +# define TLS1_RFC_PSK_WITH_AES_128_CCM_8 "TLS_PSK_WITH_AES_128_CCM_8" +# define TLS1_RFC_PSK_WITH_AES_256_CCM_8 "TLS_PSK_WITH_AES_256_CCM_8" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8 "TLS_PSK_DHE_WITH_AES_128_CCM_8" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8 "TLS_PSK_DHE_WITH_AES_256_CCM_8" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM "TLS_ECDHE_ECDSA_WITH_AES_128_CCM" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM "TLS_ECDHE_ECDSA_WITH_AES_256_CCM" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8 "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8 "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8" +# define TLS1_3_RFC_AES_128_GCM_SHA256 "TLS_AES_128_GCM_SHA256" +# define TLS1_3_RFC_AES_256_GCM_SHA384 "TLS_AES_256_GCM_SHA384" +# define TLS1_3_RFC_CHACHA20_POLY1305_SHA256 "TLS_CHACHA20_POLY1305_SHA256" +# define TLS1_3_RFC_AES_128_CCM_SHA256 "TLS_AES_128_CCM_SHA256" +# define TLS1_3_RFC_AES_128_CCM_8_SHA256 "TLS_AES_128_CCM_8_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA "TLS_ECDHE_ECDSA_WITH_NULL_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA "TLS_ECDHE_RSA_WITH_NULL_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ECDH_anon_WITH_NULL_SHA "TLS_ECDH_anon_WITH_NULL_SHA" +# define TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA "TLS_ECDH_anon_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA "TLS_ECDH_anon_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_PSK_WITH_NULL_SHA "TLS_PSK_WITH_NULL_SHA" +# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA "TLS_DHE_PSK_WITH_NULL_SHA" +# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA "TLS_RSA_PSK_WITH_NULL_SHA" +# define TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA "TLS_PSK_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_PSK_WITH_AES_128_CBC_SHA "TLS_PSK_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_PSK_WITH_AES_256_CBC_SHA "TLS_PSK_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA "TLS_DHE_PSK_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA "TLS_DHE_PSK_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA "TLS_RSA_PSK_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA "TLS_RSA_PSK_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256 "TLS_PSK_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384 "TLS_PSK_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256 "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384 "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256 "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384 "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384" +# define TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256 "TLS_PSK_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384 "TLS_PSK_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_PSK_WITH_NULL_SHA256 "TLS_PSK_WITH_NULL_SHA256" +# define TLS1_RFC_PSK_WITH_NULL_SHA384 "TLS_PSK_WITH_NULL_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256 "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384 "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA256 "TLS_DHE_PSK_WITH_NULL_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA384 "TLS_DHE_PSK_WITH_NULL_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256 "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384 "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA256 "TLS_RSA_PSK_WITH_NULL_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA384 "TLS_RSA_PSK_WITH_NULL_SHA384" +# define TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384 "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA "TLS_ECDHE_PSK_WITH_NULL_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256 "TLS_ECDHE_PSK_WITH_NULL_SHA256" +# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384 "TLS_ECDHE_PSK_WITH_NULL_SHA384" +# define TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA" +# define TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA "TLS_SRP_SHA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA" +# define TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA "TLS_SRP_SHA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305 "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_PSK_WITH_CHACHA20_POLY1305 "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305 "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305 "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305 "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256 "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256" +# define TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256 "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256" +# define TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" +# define TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA" +# define TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" +# define TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" +# define TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" +# define TLS1_RFC_RSA_WITH_SEED_SHA "TLS_RSA_WITH_SEED_CBC_SHA" +# define TLS1_RFC_DHE_DSS_WITH_SEED_SHA "TLS_DHE_DSS_WITH_SEED_CBC_SHA" +# define TLS1_RFC_DHE_RSA_WITH_SEED_SHA "TLS_DHE_RSA_WITH_SEED_CBC_SHA" +# define TLS1_RFC_ADH_WITH_SEED_SHA "TLS_DH_anon_WITH_SEED_CBC_SHA" +# define TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA "TLS_ECDHE_PSK_WITH_RC4_128_SHA" +# define TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA "TLS_ECDH_anon_WITH_RC4_128_SHA" +# define TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA" +# define TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA "TLS_ECDHE_RSA_WITH_RC4_128_SHA" +# define TLS1_RFC_PSK_WITH_RC4_128_SHA "TLS_PSK_WITH_RC4_128_SHA" +# define TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA "TLS_RSA_PSK_WITH_RC4_128_SHA" +# define TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA "TLS_DHE_PSK_WITH_RC4_128_SHA" +# define TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DH_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DH_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256 "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384 "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DH_DSS_WITH_ARIA_128_GCM_SHA256 "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DH_DSS_WITH_ARIA_256_GCM_SHA384 "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DH_anon_WITH_ARIA_128_GCM_SHA256 "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DH_anon_WITH_ARIA_256_GCM_SHA384 "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256 "TLS_PSK_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384 "TLS_PSK_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256 "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384 "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384" +# define TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256 "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256" +# define TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384 "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384" + + /* * XXX Backward compatibility alert: Older versions of OpenSSL gave some DHE * ciphers names with "EDH" instead of "DHE". Going forward, we should be @@ -783,7 +1017,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384" /* CCM ciphersuites from RFC6655 */ - # define TLS1_TXT_RSA_WITH_AES_128_CCM "AES128-CCM" # define TLS1_TXT_RSA_WITH_AES_256_CCM "AES256-CCM" # define TLS1_TXT_DHE_RSA_WITH_AES_128_CCM "DHE-RSA-AES128-CCM" @@ -805,14 +1038,12 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8 "DHE-PSK-AES256-CCM8" /* CCM ciphersuites from RFC7251 */ - # define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM "ECDHE-ECDSA-AES128-CCM" # define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM "ECDHE-ECDSA-AES256-CCM" # define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8 "ECDHE-ECDSA-AES128-CCM8" # define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8 "ECDHE-ECDSA-AES256-CCM8" /* ECDH HMAC based ciphersuites from RFC5289 */ - # define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256" # define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384 "ECDHE-ECDSA-AES256-SHA384" # define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256 "ECDH-ECDSA-AES128-SHA256" @@ -868,6 +1099,34 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305 "DHE-PSK-CHACHA20-POLY1305" # define TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305 "RSA-PSK-CHACHA20-POLY1305" +/* Aria ciphersuites from RFC6209 */ +# define TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256 "ARIA128-GCM-SHA256" +# define TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384 "ARIA256-GCM-SHA384" +# define TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256 "DHE-RSA-ARIA128-GCM-SHA256" +# define TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384 "DHE-RSA-ARIA256-GCM-SHA384" +# define TLS1_TXT_DH_RSA_WITH_ARIA_128_GCM_SHA256 "DH-RSA-ARIA128-GCM-SHA256" +# define TLS1_TXT_DH_RSA_WITH_ARIA_256_GCM_SHA384 "DH-RSA-ARIA256-GCM-SHA384" +# define TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256 "DHE-DSS-ARIA128-GCM-SHA256" +# define TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384 "DHE-DSS-ARIA256-GCM-SHA384" +# define TLS1_TXT_DH_DSS_WITH_ARIA_128_GCM_SHA256 "DH-DSS-ARIA128-GCM-SHA256" +# define TLS1_TXT_DH_DSS_WITH_ARIA_256_GCM_SHA384 "DH-DSS-ARIA256-GCM-SHA384" +# define TLS1_TXT_DH_anon_WITH_ARIA_128_GCM_SHA256 "ADH-ARIA128-GCM-SHA256" +# define TLS1_TXT_DH_anon_WITH_ARIA_256_GCM_SHA384 "ADH-ARIA256-GCM-SHA384" +# define TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 "ECDHE-ECDSA-ARIA128-GCM-SHA256" +# define TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 "ECDHE-ECDSA-ARIA256-GCM-SHA384" +# define TLS1_TXT_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 "ECDH-ECDSA-ARIA128-GCM-SHA256" +# define TLS1_TXT_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 "ECDH-ECDSA-ARIA256-GCM-SHA384" +# define TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 "ECDHE-ARIA128-GCM-SHA256" +# define TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 "ECDHE-ARIA256-GCM-SHA384" +# define TLS1_TXT_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 "ECDH-ARIA128-GCM-SHA256" +# define TLS1_TXT_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 "ECDH-ARIA256-GCM-SHA384" +# define TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256 "PSK-ARIA128-GCM-SHA256" +# define TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384 "PSK-ARIA256-GCM-SHA384" +# define TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256 "DHE-PSK-ARIA128-GCM-SHA256" +# define TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384 "DHE-PSK-ARIA256-GCM-SHA384" +# define TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256 "RSA-PSK-ARIA128-GCM-SHA256" +# define TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384 "RSA-PSK-ARIA256-GCM-SHA384" + # define TLS_CT_RSA_SIGN 1 # define TLS_CT_DSS_SIGN 2 # define TLS_CT_RSA_FIXED_DH 3 diff --git a/deps/openssl/openssl/include/openssl/ts.h b/deps/openssl/openssl/include/openssl/ts.h index a5659825fbeae5..3b58aa527ede3b 100644 --- a/deps/openssl/openssl/include/openssl/ts.h +++ b/deps/openssl/openssl/include/openssl/ts.h @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -17,12 +17,12 @@ # include # include # include -# include # include # include # include # include # include +# include # ifdef __cplusplus extern "C" { # endif @@ -61,6 +61,11 @@ typedef struct ESS_signing_cert ESS_SIGNING_CERT; DEFINE_STACK_OF(ESS_CERT_ID) +typedef struct ESS_cert_id_v2_st ESS_CERT_ID_V2; +typedef struct ESS_signing_cert_v2_st ESS_SIGNING_CERT_V2; + +DEFINE_STACK_OF(ESS_CERT_ID_V2) + typedef struct TS_resp_st TS_RESP; TS_REQ *TS_REQ_new(void); @@ -156,6 +161,21 @@ ESS_SIGNING_CERT *d2i_ESS_SIGNING_CERT(ESS_SIGNING_CERT **a, const unsigned char **pp, long length); ESS_SIGNING_CERT *ESS_SIGNING_CERT_dup(ESS_SIGNING_CERT *a); +ESS_CERT_ID_V2 *ESS_CERT_ID_V2_new(void); +void ESS_CERT_ID_V2_free(ESS_CERT_ID_V2 *a); +int i2d_ESS_CERT_ID_V2(const ESS_CERT_ID_V2 *a, unsigned char **pp); +ESS_CERT_ID_V2 *d2i_ESS_CERT_ID_V2(ESS_CERT_ID_V2 **a, + const unsigned char **pp, long length); +ESS_CERT_ID_V2 *ESS_CERT_ID_V2_dup(ESS_CERT_ID_V2 *a); + +ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_new(void); +void ESS_SIGNING_CERT_V2_free(ESS_SIGNING_CERT_V2 *a); +int i2d_ESS_SIGNING_CERT_V2(const ESS_SIGNING_CERT_V2 *a, unsigned char **pp); +ESS_SIGNING_CERT_V2 *d2i_ESS_SIGNING_CERT_V2(ESS_SIGNING_CERT_V2 **a, + const unsigned char **pp, + long length); +ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_dup(ESS_SIGNING_CERT_V2 *a); + int TS_REQ_set_version(TS_REQ *a, long version); long TS_REQ_get_version(const TS_REQ *a); @@ -316,6 +336,7 @@ int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key); int TS_RESP_CTX_set_signer_digest(TS_RESP_CTX *ctx, const EVP_MD *signer_digest); +int TS_RESP_CTX_set_ess_cert_id_digest(TS_RESP_CTX *ctx, const EVP_MD *md); /* This parameter must be set. */ int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *def_policy); @@ -528,113 +549,8 @@ int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx); int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx); int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section, TS_RESP_CTX *ctx); - -/* -------------------------------------------------- */ -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - -int ERR_load_TS_strings(void); - -/* Error codes for the TS functions. */ - -/* Function codes. */ -# define TS_F_DEF_SERIAL_CB 110 -# define TS_F_DEF_TIME_CB 111 -# define TS_F_ESS_ADD_SIGNING_CERT 112 -# define TS_F_ESS_CERT_ID_NEW_INIT 113 -# define TS_F_ESS_SIGNING_CERT_NEW_INIT 114 -# define TS_F_INT_TS_RESP_VERIFY_TOKEN 149 -# define TS_F_PKCS7_TO_TS_TST_INFO 148 -# define TS_F_TS_ACCURACY_SET_MICROS 115 -# define TS_F_TS_ACCURACY_SET_MILLIS 116 -# define TS_F_TS_ACCURACY_SET_SECONDS 117 -# define TS_F_TS_CHECK_IMPRINTS 100 -# define TS_F_TS_CHECK_NONCES 101 -# define TS_F_TS_CHECK_POLICY 102 -# define TS_F_TS_CHECK_SIGNING_CERTS 103 -# define TS_F_TS_CHECK_STATUS_INFO 104 -# define TS_F_TS_COMPUTE_IMPRINT 145 -# define TS_F_TS_CONF_INVALID 151 -# define TS_F_TS_CONF_LOAD_CERT 153 -# define TS_F_TS_CONF_LOAD_CERTS 154 -# define TS_F_TS_CONF_LOAD_KEY 155 -# define TS_F_TS_CONF_LOOKUP_FAIL 152 -# define TS_F_TS_CONF_SET_DEFAULT_ENGINE 146 -# define TS_F_TS_GET_STATUS_TEXT 105 -# define TS_F_TS_MSG_IMPRINT_SET_ALGO 118 -# define TS_F_TS_REQ_SET_MSG_IMPRINT 119 -# define TS_F_TS_REQ_SET_NONCE 120 -# define TS_F_TS_REQ_SET_POLICY_ID 121 -# define TS_F_TS_RESP_CREATE_RESPONSE 122 -# define TS_F_TS_RESP_CREATE_TST_INFO 123 -# define TS_F_TS_RESP_CTX_ADD_FAILURE_INFO 124 -# define TS_F_TS_RESP_CTX_ADD_MD 125 -# define TS_F_TS_RESP_CTX_ADD_POLICY 126 -# define TS_F_TS_RESP_CTX_NEW 127 -# define TS_F_TS_RESP_CTX_SET_ACCURACY 128 -# define TS_F_TS_RESP_CTX_SET_CERTS 129 -# define TS_F_TS_RESP_CTX_SET_DEF_POLICY 130 -# define TS_F_TS_RESP_CTX_SET_SIGNER_CERT 131 -# define TS_F_TS_RESP_CTX_SET_STATUS_INFO 132 -# define TS_F_TS_RESP_GET_POLICY 133 -# define TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION 134 -# define TS_F_TS_RESP_SET_STATUS_INFO 135 -# define TS_F_TS_RESP_SET_TST_INFO 150 -# define TS_F_TS_RESP_SIGN 136 -# define TS_F_TS_RESP_VERIFY_SIGNATURE 106 -# define TS_F_TS_TST_INFO_SET_ACCURACY 137 -# define TS_F_TS_TST_INFO_SET_MSG_IMPRINT 138 -# define TS_F_TS_TST_INFO_SET_NONCE 139 -# define TS_F_TS_TST_INFO_SET_POLICY_ID 140 -# define TS_F_TS_TST_INFO_SET_SERIAL 141 -# define TS_F_TS_TST_INFO_SET_TIME 142 -# define TS_F_TS_TST_INFO_SET_TSA 143 -# define TS_F_TS_VERIFY 108 -# define TS_F_TS_VERIFY_CERT 109 -# define TS_F_TS_VERIFY_CTX_NEW 144 - -/* Reason codes. */ -# define TS_R_BAD_PKCS7_TYPE 132 -# define TS_R_BAD_TYPE 133 -# define TS_R_CANNOT_LOAD_CERT 137 -# define TS_R_CANNOT_LOAD_KEY 138 -# define TS_R_CERTIFICATE_VERIFY_ERROR 100 -# define TS_R_COULD_NOT_SET_ENGINE 127 -# define TS_R_COULD_NOT_SET_TIME 115 -# define TS_R_DETACHED_CONTENT 134 -# define TS_R_ESS_ADD_SIGNING_CERT_ERROR 116 -# define TS_R_ESS_SIGNING_CERTIFICATE_ERROR 101 -# define TS_R_INVALID_NULL_POINTER 102 -# define TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE 117 -# define TS_R_MESSAGE_IMPRINT_MISMATCH 103 -# define TS_R_NONCE_MISMATCH 104 -# define TS_R_NONCE_NOT_RETURNED 105 -# define TS_R_NO_CONTENT 106 -# define TS_R_NO_TIME_STAMP_TOKEN 107 -# define TS_R_PKCS7_ADD_SIGNATURE_ERROR 118 -# define TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR 119 -# define TS_R_PKCS7_TO_TS_TST_INFO_FAILED 129 -# define TS_R_POLICY_MISMATCH 108 -# define TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 120 -# define TS_R_RESPONSE_SETUP_ERROR 121 -# define TS_R_SIGNATURE_FAILURE 109 -# define TS_R_THERE_MUST_BE_ONE_SIGNER 110 -# define TS_R_TIME_SYSCALL_ERROR 122 -# define TS_R_TOKEN_NOT_PRESENT 130 -# define TS_R_TOKEN_PRESENT 131 -# define TS_R_TSA_NAME_MISMATCH 111 -# define TS_R_TSA_UNTRUSTED 112 -# define TS_R_TST_INFO_SETUP_ERROR 123 -# define TS_R_TS_DATASIGN 124 -# define TS_R_UNACCEPTABLE_POLICY 125 -# define TS_R_UNSUPPORTED_MD_ALGORITHM 126 -# define TS_R_UNSUPPORTED_VERSION 113 -# define TS_R_VAR_BAD_VALUE 135 -# define TS_R_VAR_LOOKUP_FAILURE 136 -# define TS_R_WRONG_CONTENT_TYPE 114 +int TS_CONF_set_ess_cert_id_digest(CONF *conf, const char *section, + TS_RESP_CTX *ctx); # ifdef __cplusplus } diff --git a/deps/openssl/openssl/include/openssl/tserr.h b/deps/openssl/openssl/include/openssl/tserr.h new file mode 100644 index 00000000000000..3e0492565764e8 --- /dev/null +++ b/deps/openssl/openssl/include/openssl/tserr.h @@ -0,0 +1,128 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_TSERR_H +# define HEADER_TSERR_H + +# include + +# ifndef OPENSSL_NO_TS + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_TS_strings(void); + +/* + * TS function codes. + */ +# define TS_F_DEF_SERIAL_CB 110 +# define TS_F_DEF_TIME_CB 111 +# define TS_F_ESS_ADD_SIGNING_CERT 112 +# define TS_F_ESS_ADD_SIGNING_CERT_V2 147 +# define TS_F_ESS_CERT_ID_NEW_INIT 113 +# define TS_F_ESS_CERT_ID_V2_NEW_INIT 156 +# define TS_F_ESS_SIGNING_CERT_NEW_INIT 114 +# define TS_F_ESS_SIGNING_CERT_V2_NEW_INIT 157 +# define TS_F_INT_TS_RESP_VERIFY_TOKEN 149 +# define TS_F_PKCS7_TO_TS_TST_INFO 148 +# define TS_F_TS_ACCURACY_SET_MICROS 115 +# define TS_F_TS_ACCURACY_SET_MILLIS 116 +# define TS_F_TS_ACCURACY_SET_SECONDS 117 +# define TS_F_TS_CHECK_IMPRINTS 100 +# define TS_F_TS_CHECK_NONCES 101 +# define TS_F_TS_CHECK_POLICY 102 +# define TS_F_TS_CHECK_SIGNING_CERTS 103 +# define TS_F_TS_CHECK_STATUS_INFO 104 +# define TS_F_TS_COMPUTE_IMPRINT 145 +# define TS_F_TS_CONF_INVALID 151 +# define TS_F_TS_CONF_LOAD_CERT 153 +# define TS_F_TS_CONF_LOAD_CERTS 154 +# define TS_F_TS_CONF_LOAD_KEY 155 +# define TS_F_TS_CONF_LOOKUP_FAIL 152 +# define TS_F_TS_CONF_SET_DEFAULT_ENGINE 146 +# define TS_F_TS_GET_STATUS_TEXT 105 +# define TS_F_TS_MSG_IMPRINT_SET_ALGO 118 +# define TS_F_TS_REQ_SET_MSG_IMPRINT 119 +# define TS_F_TS_REQ_SET_NONCE 120 +# define TS_F_TS_REQ_SET_POLICY_ID 121 +# define TS_F_TS_RESP_CREATE_RESPONSE 122 +# define TS_F_TS_RESP_CREATE_TST_INFO 123 +# define TS_F_TS_RESP_CTX_ADD_FAILURE_INFO 124 +# define TS_F_TS_RESP_CTX_ADD_MD 125 +# define TS_F_TS_RESP_CTX_ADD_POLICY 126 +# define TS_F_TS_RESP_CTX_NEW 127 +# define TS_F_TS_RESP_CTX_SET_ACCURACY 128 +# define TS_F_TS_RESP_CTX_SET_CERTS 129 +# define TS_F_TS_RESP_CTX_SET_DEF_POLICY 130 +# define TS_F_TS_RESP_CTX_SET_SIGNER_CERT 131 +# define TS_F_TS_RESP_CTX_SET_STATUS_INFO 132 +# define TS_F_TS_RESP_GET_POLICY 133 +# define TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION 134 +# define TS_F_TS_RESP_SET_STATUS_INFO 135 +# define TS_F_TS_RESP_SET_TST_INFO 150 +# define TS_F_TS_RESP_SIGN 136 +# define TS_F_TS_RESP_VERIFY_SIGNATURE 106 +# define TS_F_TS_TST_INFO_SET_ACCURACY 137 +# define TS_F_TS_TST_INFO_SET_MSG_IMPRINT 138 +# define TS_F_TS_TST_INFO_SET_NONCE 139 +# define TS_F_TS_TST_INFO_SET_POLICY_ID 140 +# define TS_F_TS_TST_INFO_SET_SERIAL 141 +# define TS_F_TS_TST_INFO_SET_TIME 142 +# define TS_F_TS_TST_INFO_SET_TSA 143 +# define TS_F_TS_VERIFY 108 +# define TS_F_TS_VERIFY_CERT 109 +# define TS_F_TS_VERIFY_CTX_NEW 144 + +/* + * TS reason codes. + */ +# define TS_R_BAD_PKCS7_TYPE 132 +# define TS_R_BAD_TYPE 133 +# define TS_R_CANNOT_LOAD_CERT 137 +# define TS_R_CANNOT_LOAD_KEY 138 +# define TS_R_CERTIFICATE_VERIFY_ERROR 100 +# define TS_R_COULD_NOT_SET_ENGINE 127 +# define TS_R_COULD_NOT_SET_TIME 115 +# define TS_R_DETACHED_CONTENT 134 +# define TS_R_ESS_ADD_SIGNING_CERT_ERROR 116 +# define TS_R_ESS_ADD_SIGNING_CERT_V2_ERROR 139 +# define TS_R_ESS_SIGNING_CERTIFICATE_ERROR 101 +# define TS_R_INVALID_NULL_POINTER 102 +# define TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE 117 +# define TS_R_MESSAGE_IMPRINT_MISMATCH 103 +# define TS_R_NONCE_MISMATCH 104 +# define TS_R_NONCE_NOT_RETURNED 105 +# define TS_R_NO_CONTENT 106 +# define TS_R_NO_TIME_STAMP_TOKEN 107 +# define TS_R_PKCS7_ADD_SIGNATURE_ERROR 118 +# define TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR 119 +# define TS_R_PKCS7_TO_TS_TST_INFO_FAILED 129 +# define TS_R_POLICY_MISMATCH 108 +# define TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 120 +# define TS_R_RESPONSE_SETUP_ERROR 121 +# define TS_R_SIGNATURE_FAILURE 109 +# define TS_R_THERE_MUST_BE_ONE_SIGNER 110 +# define TS_R_TIME_SYSCALL_ERROR 122 +# define TS_R_TOKEN_NOT_PRESENT 130 +# define TS_R_TOKEN_PRESENT 131 +# define TS_R_TSA_NAME_MISMATCH 111 +# define TS_R_TSA_UNTRUSTED 112 +# define TS_R_TST_INFO_SETUP_ERROR 123 +# define TS_R_TS_DATASIGN 124 +# define TS_R_UNACCEPTABLE_POLICY 125 +# define TS_R_UNSUPPORTED_MD_ALGORITHM 126 +# define TS_R_UNSUPPORTED_VERSION 113 +# define TS_R_VAR_BAD_VALUE 135 +# define TS_R_VAR_LOOKUP_FAILURE 136 +# define TS_R_WRONG_CONTENT_TYPE 114 + +# endif +#endif diff --git a/deps/openssl/openssl/include/openssl/txt_db.h b/deps/openssl/openssl/include/openssl/txt_db.h index 0e6c943e0eb829..ec981a439fe8bf 100644 --- a/deps/openssl/openssl/include/openssl/txt_db.h +++ b/deps/openssl/openssl/include/openssl/txt_db.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,7 +12,7 @@ # include # include -# include +# include # include # define DB_ERROR_OK 0 diff --git a/deps/openssl/openssl/include/openssl/ui.h b/deps/openssl/openssl/include/openssl/ui.h index 49e763de3e7df8..7c721ec818ddbf 100644 --- a/deps/openssl/openssl/include/openssl/ui.h +++ b/deps/openssl/openssl/include/openssl/ui.h @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,17 +12,24 @@ # include -# ifndef OPENSSL_NO_UI - -# if OPENSSL_API_COMPAT < 0x10100000L -# include +# if OPENSSL_API_COMPAT < 0x10100000L +# include +# endif +# include +# include +# include +# include + +/* For compatibility reasons, the macro OPENSSL_NO_UI is currently retained */ +# if OPENSSL_API_COMPAT < 0x10200000L +# ifdef OPENSSL_NO_UI_CONSOLE +# define OPENSSL_NO_UI # endif -# include -# include +# endif -#ifdef __cplusplus +# ifdef __cplusplus extern "C" { -#endif +# endif /* * All the following functions return -1 or NULL on error and in some cases @@ -110,7 +117,7 @@ int UI_dup_error_string(UI *ui, const char *text); * each UI being marked with this flag, or the application might get * confused. */ -# define UI_INPUT_FLAG_DEFAULT_PWD 0x02 +# define UI_INPUT_FLAG_DEFAULT_PWD 0x02 /*- * The user of these routines may want to define flags of their own. The core @@ -122,7 +129,7 @@ int UI_dup_error_string(UI *ui, const char *text); * #define MY_UI_FLAG1 (0x01 << UI_INPUT_FLAG_USER_BASE) * */ -# define UI_INPUT_FLAG_USER_BASE 16 +# define UI_INPUT_FLAG_USER_BASE 16 /*- * The following function helps construct a prompt. object_desc is a @@ -157,17 +164,24 @@ char *UI_construct_prompt(UI *ui_method, * methods may not, however. */ void *UI_add_user_data(UI *ui, void *user_data); +/* + * Alternatively, this function is used to duplicate the user data. + * This uses the duplicator method function. The destroy function will + * be used to free the user data in this case. + */ +int UI_dup_user_data(UI *ui, void *user_data); /* We need a user data retrieving function as well. */ void *UI_get0_user_data(UI *ui); /* Return the result associated with a prompt given with the index i. */ const char *UI_get0_result(UI *ui, int i); +int UI_get_result_length(UI *ui, int i); /* When all strings have been added, process the whole thing. */ int UI_process(UI *ui); /* - * Give a user interface parametrised control commands. This can be used to + * Give a user interface parameterised control commands. This can be used to * send down an integer, a data pointer or a function pointer, as well as be * used to get information from a UI. */ @@ -179,7 +193,7 @@ int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void)); * OpenSSL error stack before printing any info or added error messages and * before any prompting. */ -# define UI_CTRL_PRINT_ERRORS 1 +# define UI_CTRL_PRINT_ERRORS 1 /* * Check if a UI_process() is possible to do again with the same instance of * a user interface. This makes UI_ctrl() return 1 if it is redoable, and 0 @@ -191,7 +205,7 @@ int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void)); # define UI_set_app_data(s,arg) UI_set_ex_data(s,0,arg) # define UI_get_app_data(s) UI_get_ex_data(s,0) -#define UI_get_ex_new_index(l, p, newf, dupf, freef) \ +# define UI_get_ex_new_index(l, p, newf, dupf, freef) \ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, l, p, newf, dupf, freef) int UI_set_ex_data(UI *r, int idx, void *arg); void *UI_get_ex_data(UI *r, int idx); @@ -202,9 +216,19 @@ const UI_METHOD *UI_get_default_method(void); const UI_METHOD *UI_get_method(UI *ui); const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth); +# ifndef OPENSSL_NO_UI_CONSOLE + /* The method with all the built-in thingies */ UI_METHOD *UI_OpenSSL(void); +# endif + +/* + * NULL method. Literally does nothing, but may serve as a placeholder + * to avoid internal default. + */ +const UI_METHOD *UI_null(void); + /* ---------- For method writers ---------- */ /*- A method contains a number of functions that implement the low level @@ -278,20 +302,26 @@ int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui)); int UI_method_set_reader(UI_METHOD *method, int (*reader) (UI *ui, UI_STRING *uis)); int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui)); +int UI_method_set_data_duplicator(UI_METHOD *method, + void *(*duplicator) (UI *ui, void *ui_data), + void (*destructor)(UI *ui, void *ui_data)); int UI_method_set_prompt_constructor(UI_METHOD *method, char *(*prompt_constructor) (UI *ui, const char *object_desc, const char *object_name)); -int (*UI_method_get_opener(UI_METHOD *method)) (UI *); -int (*UI_method_get_writer(UI_METHOD *method)) (UI *, UI_STRING *); -int (*UI_method_get_flusher(UI_METHOD *method)) (UI *); -int (*UI_method_get_reader(UI_METHOD *method)) (UI *, UI_STRING *); -int (*UI_method_get_closer(UI_METHOD *method)) (UI *); -char *(*UI_method_get_prompt_constructor(UI_METHOD *method)) (UI *, - const char *, - const char *); +int UI_method_set_ex_data(UI_METHOD *method, int idx, void *data); +int (*UI_method_get_opener(const UI_METHOD *method)) (UI *); +int (*UI_method_get_writer(const UI_METHOD *method)) (UI *, UI_STRING *); +int (*UI_method_get_flusher(const UI_METHOD *method)) (UI *); +int (*UI_method_get_reader(const UI_METHOD *method)) (UI *, UI_STRING *); +int (*UI_method_get_closer(const UI_METHOD *method)) (UI *); +char *(*UI_method_get_prompt_constructor(const UI_METHOD *method)) + (UI *, const char *, const char *); +void *(*UI_method_get_data_duplicator(const UI_METHOD *method)) (UI *, void *); +void (*UI_method_get_data_destructor(const UI_METHOD *method)) (UI *, void *); +const void *UI_method_get_ex_data(const UI_METHOD *method, int idx); /* * The following functions are helpers for method writers to access relevant @@ -311,6 +341,7 @@ const char *UI_get0_output_string(UI_STRING *uis); const char *UI_get0_action_string(UI_STRING *uis); /* Return the result of a prompt */ const char *UI_get0_result_string(UI_STRING *uis); +int UI_get_result_string_length(UI_STRING *uis); /* * Return the string to test the result against. Only useful with verifies. */ @@ -321,58 +352,17 @@ int UI_get_result_minsize(UI_STRING *uis); int UI_get_result_maxsize(UI_STRING *uis); /* Set the result of a UI_STRING. */ int UI_set_result(UI *ui, UI_STRING *uis, const char *result); +int UI_set_result_ex(UI *ui, UI_STRING *uis, const char *result, int len); /* A couple of popular utility functions */ int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, int verify); int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt, int verify); +UI_METHOD *UI_UTIL_wrap_read_pem_callback(pem_password_cb *cb, int rwflag); -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -int ERR_load_UI_strings(void); - -/* Error codes for the UI functions. */ - -/* Function codes. */ -# define UI_F_CLOSE_CONSOLE 115 -# define UI_F_ECHO_CONSOLE 116 -# define UI_F_GENERAL_ALLOCATE_BOOLEAN 108 -# define UI_F_GENERAL_ALLOCATE_PROMPT 109 -# define UI_F_NOECHO_CONSOLE 117 -# define UI_F_OPEN_CONSOLE 114 -# define UI_F_UI_CREATE_METHOD 112 -# define UI_F_UI_CTRL 111 -# define UI_F_UI_DUP_ERROR_STRING 101 -# define UI_F_UI_DUP_INFO_STRING 102 -# define UI_F_UI_DUP_INPUT_BOOLEAN 110 -# define UI_F_UI_DUP_INPUT_STRING 103 -# define UI_F_UI_DUP_VERIFY_STRING 106 -# define UI_F_UI_GET0_RESULT 107 -# define UI_F_UI_NEW_METHOD 104 -# define UI_F_UI_PROCESS 113 -# define UI_F_UI_SET_RESULT 105 - -/* Reason codes. */ -# define UI_R_COMMON_OK_AND_CANCEL_CHARACTERS 104 -# define UI_R_INDEX_TOO_LARGE 102 -# define UI_R_INDEX_TOO_SMALL 103 -# define UI_R_NO_RESULT_BUFFER 105 -# define UI_R_PROCESSING_ERROR 107 -# define UI_R_RESULT_TOO_LARGE 100 -# define UI_R_RESULT_TOO_SMALL 101 -# define UI_R_SYSASSIGN_ERROR 109 -# define UI_R_SYSDASSGN_ERROR 110 -# define UI_R_SYSQIOW_ERROR 111 -# define UI_R_UNKNOWN_CONTROL_COMMAND 106 -# define UI_R_UNKNOWN_TTYGET_ERRNO_VALUE 108 - -# ifdef __cplusplus +# ifdef __cplusplus } -# endif # endif #endif diff --git a/deps/openssl/openssl/include/openssl/uierr.h b/deps/openssl/openssl/include/openssl/uierr.h new file mode 100644 index 00000000000000..72fd9a9db04af6 --- /dev/null +++ b/deps/openssl/openssl/include/openssl/uierr.h @@ -0,0 +1,61 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_UIERR_H +# define HEADER_UIERR_H + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_UI_strings(void); + +/* + * UI function codes. + */ +# define UI_F_CLOSE_CONSOLE 115 +# define UI_F_ECHO_CONSOLE 116 +# define UI_F_GENERAL_ALLOCATE_BOOLEAN 108 +# define UI_F_GENERAL_ALLOCATE_PROMPT 109 +# define UI_F_NOECHO_CONSOLE 117 +# define UI_F_OPEN_CONSOLE 114 +# define UI_F_UI_CONSTRUCT_PROMPT 121 +# define UI_F_UI_CREATE_METHOD 112 +# define UI_F_UI_CTRL 111 +# define UI_F_UI_DUP_ERROR_STRING 101 +# define UI_F_UI_DUP_INFO_STRING 102 +# define UI_F_UI_DUP_INPUT_BOOLEAN 110 +# define UI_F_UI_DUP_INPUT_STRING 103 +# define UI_F_UI_DUP_USER_DATA 118 +# define UI_F_UI_DUP_VERIFY_STRING 106 +# define UI_F_UI_GET0_RESULT 107 +# define UI_F_UI_GET_RESULT_LENGTH 119 +# define UI_F_UI_NEW_METHOD 104 +# define UI_F_UI_PROCESS 113 +# define UI_F_UI_SET_RESULT 105 +# define UI_F_UI_SET_RESULT_EX 120 + +/* + * UI reason codes. + */ +# define UI_R_COMMON_OK_AND_CANCEL_CHARACTERS 104 +# define UI_R_INDEX_TOO_LARGE 102 +# define UI_R_INDEX_TOO_SMALL 103 +# define UI_R_NO_RESULT_BUFFER 105 +# define UI_R_PROCESSING_ERROR 107 +# define UI_R_RESULT_TOO_LARGE 100 +# define UI_R_RESULT_TOO_SMALL 101 +# define UI_R_SYSASSIGN_ERROR 109 +# define UI_R_SYSDASSGN_ERROR 110 +# define UI_R_SYSQIOW_ERROR 111 +# define UI_R_UNKNOWN_CONTROL_COMMAND 106 +# define UI_R_UNKNOWN_TTYGET_ERRNO_VALUE 108 +# define UI_R_USER_DATA_DUPLICATION_UNSUPPORTED 112 + +#endif diff --git a/deps/openssl/openssl/include/openssl/x509.h b/deps/openssl/openssl/include/openssl/x509.h index 780386d530ce1a..39ca0ba575615a 100644 --- a/deps/openssl/openssl/include/openssl/x509.h +++ b/deps/openssl/openssl/include/openssl/x509.h @@ -1,5 +1,6 @@ /* * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,12 +8,6 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECDH support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ - #ifndef HEADER_X509_H # define HEADER_X509_H @@ -22,7 +17,6 @@ # include # include # include -# include # include # include # include @@ -34,11 +28,19 @@ # endif # include +# include #ifdef __cplusplus extern "C" { #endif + +/* Flags for X509_get_signature_info() */ +/* Signature info is valid */ +# define X509_SIG_INFO_VALID 0x1 +/* Signature is suitable for TLS use */ +# define X509_SIG_INFO_TLS 0x2 + # define X509_FILETYPE_PEM 1 # define X509_FILETYPE_ASN1 2 # define X509_FILETYPE_DEFAULT 3 @@ -252,9 +254,8 @@ typedef struct X509_info_st { DEFINE_STACK_OF(X509_INFO) /* - * The next 2 structures and their 8 routines were sent to me by Pat Richard - * and are used to manipulate Netscapes spki structures - - * useful if you are writing a CA web page + * The next 2 structures and their 8 routines are used to manipulate Netscape's + * spki structures - useful if you are writing a CA web page */ typedef struct Netscape_spkac_st { X509_PUBKEY *pubkey; @@ -302,6 +303,16 @@ typedef struct PBKDF2PARAM_st { X509_ALGOR *prf; } PBKDF2PARAM; +#ifndef OPENSSL_NO_SCRYPT +typedef struct SCRYPT_PARAMS_st { + ASN1_OCTET_STRING *salt; + ASN1_INTEGER *costParameter; + ASN1_INTEGER *blockSize; + ASN1_INTEGER *parallelizationParameter; + ASN1_INTEGER *keyLength; +} SCRYPT_PARAMS; +#endif + #ifdef __cplusplus } #endif @@ -549,6 +560,14 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length); int i2d_re_X509_tbs(X509 *x, unsigned char **pp); +int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid, + int *secbits, uint32_t *flags); +void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid, + int secbits, uint32_t flags); + +int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits, + uint32_t *flags); + void X509_get0_signature(const ASN1_BIT_STRING **psig, const X509_ALGOR **palg, const X509 *x); int X509_get_signature_nid(const X509 *x); @@ -641,7 +660,7 @@ int X509_get_signature_type(const X509 *x); /* * This one is only used so that a binary form can output, as in - * i2d_X509_NAME(X509_get_X509_PUBKEY(x), &buf) + * i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &buf) */ X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x); const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x); @@ -773,6 +792,7 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag, unsigned long cflag); int X509_print(BIO *bp, X509 *x); int X509_ocspid_print(BIO *bp, X509 *x); +int X509_CRL_print_ex(BIO *out, X509_CRL *x, unsigned long nmflag); int X509_CRL_print(BIO *bp, X509_CRL *x); int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, unsigned long cflag); @@ -805,7 +825,7 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const unsigned char *bytes, int len); X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, - int type, + int type, const unsigned char *bytes, int len); int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, @@ -959,6 +979,9 @@ X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name); DECLARE_ASN1_FUNCTIONS(PBEPARAM) DECLARE_ASN1_FUNCTIONS(PBE2PARAM) DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM) +#ifndef OPENSSL_NO_SCRYPT +DECLARE_ASN1_FUNCTIONS(SCRYPT_PARAMS) +#endif int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, const unsigned char *salt, int saltlen); @@ -1018,106 +1041,6 @@ int X509_TRUST_get_flags(const X509_TRUST *xp); char *X509_TRUST_get0_name(const X509_TRUST *xp); int X509_TRUST_get_trust(const X509_TRUST *xp); -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - -int ERR_load_X509_strings(void); - -/* Error codes for the X509 functions. */ - -/* Function codes. */ -# define X509_F_ADD_CERT_DIR 100 -# define X509_F_BUILD_CHAIN 106 -# define X509_F_BY_FILE_CTRL 101 -# define X509_F_CHECK_NAME_CONSTRAINTS 149 -# define X509_F_CHECK_POLICY 145 -# define X509_F_DANE_I2D 107 -# define X509_F_DIR_CTRL 102 -# define X509_F_GET_CERT_BY_SUBJECT 103 -# define X509_F_NETSCAPE_SPKI_B64_DECODE 129 -# define X509_F_NETSCAPE_SPKI_B64_ENCODE 130 -# define X509_F_X509AT_ADD1_ATTR 135 -# define X509_F_X509V3_ADD_EXT 104 -# define X509_F_X509_ATTRIBUTE_CREATE_BY_NID 136 -# define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ 137 -# define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT 140 -# define X509_F_X509_ATTRIBUTE_GET0_DATA 139 -# define X509_F_X509_ATTRIBUTE_SET1_DATA 138 -# define X509_F_X509_CHECK_PRIVATE_KEY 128 -# define X509_F_X509_CRL_DIFF 105 -# define X509_F_X509_CRL_PRINT_FP 147 -# define X509_F_X509_EXTENSION_CREATE_BY_NID 108 -# define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109 -# define X509_F_X509_GET_PUBKEY_PARAMETERS 110 -# define X509_F_X509_LOAD_CERT_CRL_FILE 132 -# define X509_F_X509_LOAD_CERT_FILE 111 -# define X509_F_X509_LOAD_CRL_FILE 112 -# define X509_F_X509_LOOKUP_METH_NEW 160 -# define X509_F_X509_NAME_ADD_ENTRY 113 -# define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114 -# define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT 131 -# define X509_F_X509_NAME_ENTRY_SET_OBJECT 115 -# define X509_F_X509_NAME_ONELINE 116 -# define X509_F_X509_NAME_PRINT 117 -# define X509_F_X509_OBJECT_NEW 150 -# define X509_F_X509_PRINT_EX_FP 118 -# define X509_F_X509_PUBKEY_DECODE 148 -# define X509_F_X509_PUBKEY_GET0 119 -# define X509_F_X509_PUBKEY_SET 120 -# define X509_F_X509_REQ_CHECK_PRIVATE_KEY 144 -# define X509_F_X509_REQ_PRINT_EX 121 -# define X509_F_X509_REQ_PRINT_FP 122 -# define X509_F_X509_REQ_TO_X509 123 -# define X509_F_X509_STORE_ADD_CERT 124 -# define X509_F_X509_STORE_ADD_CRL 125 -# define X509_F_X509_STORE_CTX_GET1_ISSUER 146 -# define X509_F_X509_STORE_CTX_INIT 143 -# define X509_F_X509_STORE_CTX_NEW 142 -# define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 134 -# define X509_F_X509_TO_X509_REQ 126 -# define X509_F_X509_TRUST_ADD 133 -# define X509_F_X509_TRUST_SET 141 -# define X509_F_X509_VERIFY_CERT 127 - -/* Reason codes. */ -# define X509_R_AKID_MISMATCH 110 -# define X509_R_BAD_SELECTOR 133 -# define X509_R_BAD_X509_FILETYPE 100 -# define X509_R_BASE64_DECODE_ERROR 118 -# define X509_R_CANT_CHECK_DH_KEY 114 -# define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 -# define X509_R_CRL_ALREADY_DELTA 127 -# define X509_R_CRL_VERIFY_FAILURE 131 -# define X509_R_IDP_MISMATCH 128 -# define X509_R_INVALID_DIRECTORY 113 -# define X509_R_INVALID_FIELD_NAME 119 -# define X509_R_INVALID_TRUST 123 -# define X509_R_ISSUER_MISMATCH 129 -# define X509_R_KEY_TYPE_MISMATCH 115 -# define X509_R_KEY_VALUES_MISMATCH 116 -# define X509_R_LOADING_CERT_DIR 103 -# define X509_R_LOADING_DEFAULTS 104 -# define X509_R_METHOD_NOT_SUPPORTED 124 -# define X509_R_NAME_TOO_LONG 134 -# define X509_R_NEWER_CRL_NOT_NEWER 132 -# define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105 -# define X509_R_NO_CRL_NUMBER 130 -# define X509_R_PUBLIC_KEY_DECODE_ERROR 125 -# define X509_R_PUBLIC_KEY_ENCODE_ERROR 126 -# define X509_R_SHOULD_RETRY 106 -# define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107 -# define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108 -# define X509_R_UNKNOWN_KEY_TYPE 117 -# define X509_R_UNKNOWN_NID 109 -# define X509_R_UNKNOWN_PURPOSE_ID 121 -# define X509_R_UNKNOWN_TRUST_ID 120 -# define X509_R_UNSUPPORTED_ALGORITHM 111 -# define X509_R_WRONG_LOOKUP_TYPE 112 -# define X509_R_WRONG_TYPE 122 - # ifdef __cplusplus } # endif diff --git a/deps/openssl/openssl/include/openssl/x509_vfy.h b/deps/openssl/openssl/include/openssl/x509_vfy.h index 131b6cf7918ce9..2adb1559700ffc 100644 --- a/deps/openssl/openssl/include/openssl/x509_vfy.h +++ b/deps/openssl/openssl/include/openssl/x509_vfy.h @@ -180,6 +180,10 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); # define X509_V_ERR_NO_VALID_SCTS 71 # define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 72 +/* OCSP status errors */ +# define X509_V_ERR_OCSP_VERIFY_NEEDED 73 /* Need OCSP verification */ +# define X509_V_ERR_OCSP_VERIFY_FAILED 74 /* Couldn't verify cert through OCSP */ +# define X509_V_ERR_OCSP_CERT_UNKNOWN 75 /* Certificate wasn't recognized by the OCSP responder */ /* Certificate verify flags */ diff --git a/deps/openssl/openssl/include/openssl/x509err.h b/deps/openssl/openssl/include/openssl/x509err.h new file mode 100644 index 00000000000000..b1d6a87095c707 --- /dev/null +++ b/deps/openssl/openssl/include/openssl/x509err.h @@ -0,0 +1,125 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_X509ERR_H +# define HEADER_X509ERR_H + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_X509_strings(void); + +/* + * X509 function codes. + */ +# define X509_F_ADD_CERT_DIR 100 +# define X509_F_BUILD_CHAIN 106 +# define X509_F_BY_FILE_CTRL 101 +# define X509_F_CHECK_NAME_CONSTRAINTS 149 +# define X509_F_CHECK_POLICY 145 +# define X509_F_DANE_I2D 107 +# define X509_F_DIR_CTRL 102 +# define X509_F_GET_CERT_BY_SUBJECT 103 +# define X509_F_I2D_X509_AUX 151 +# define X509_F_LOOKUP_CERTS_SK 152 +# define X509_F_NETSCAPE_SPKI_B64_DECODE 129 +# define X509_F_NETSCAPE_SPKI_B64_ENCODE 130 +# define X509_F_NEW_DIR 153 +# define X509_F_X509AT_ADD1_ATTR 135 +# define X509_F_X509V3_ADD_EXT 104 +# define X509_F_X509_ATTRIBUTE_CREATE_BY_NID 136 +# define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ 137 +# define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT 140 +# define X509_F_X509_ATTRIBUTE_GET0_DATA 139 +# define X509_F_X509_ATTRIBUTE_SET1_DATA 138 +# define X509_F_X509_CHECK_PRIVATE_KEY 128 +# define X509_F_X509_CRL_DIFF 105 +# define X509_F_X509_CRL_METHOD_NEW 154 +# define X509_F_X509_CRL_PRINT_FP 147 +# define X509_F_X509_EXTENSION_CREATE_BY_NID 108 +# define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109 +# define X509_F_X509_GET_PUBKEY_PARAMETERS 110 +# define X509_F_X509_LOAD_CERT_CRL_FILE 132 +# define X509_F_X509_LOAD_CERT_FILE 111 +# define X509_F_X509_LOAD_CRL_FILE 112 +# define X509_F_X509_LOOKUP_METH_NEW 160 +# define X509_F_X509_LOOKUP_NEW 155 +# define X509_F_X509_NAME_ADD_ENTRY 113 +# define X509_F_X509_NAME_CANON 156 +# define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114 +# define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT 131 +# define X509_F_X509_NAME_ENTRY_SET_OBJECT 115 +# define X509_F_X509_NAME_ONELINE 116 +# define X509_F_X509_NAME_PRINT 117 +# define X509_F_X509_OBJECT_NEW 150 +# define X509_F_X509_PRINT_EX_FP 118 +# define X509_F_X509_PUBKEY_DECODE 148 +# define X509_F_X509_PUBKEY_GET0 119 +# define X509_F_X509_PUBKEY_SET 120 +# define X509_F_X509_REQ_CHECK_PRIVATE_KEY 144 +# define X509_F_X509_REQ_PRINT_EX 121 +# define X509_F_X509_REQ_PRINT_FP 122 +# define X509_F_X509_REQ_TO_X509 123 +# define X509_F_X509_STORE_ADD_CERT 124 +# define X509_F_X509_STORE_ADD_CRL 125 +# define X509_F_X509_STORE_ADD_LOOKUP 157 +# define X509_F_X509_STORE_CTX_GET1_ISSUER 146 +# define X509_F_X509_STORE_CTX_INIT 143 +# define X509_F_X509_STORE_CTX_NEW 142 +# define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 134 +# define X509_F_X509_STORE_NEW 158 +# define X509_F_X509_TO_X509_REQ 126 +# define X509_F_X509_TRUST_ADD 133 +# define X509_F_X509_TRUST_SET 141 +# define X509_F_X509_VERIFY_CERT 127 +# define X509_F_X509_VERIFY_PARAM_NEW 159 + +/* + * X509 reason codes. + */ +# define X509_R_AKID_MISMATCH 110 +# define X509_R_BAD_SELECTOR 133 +# define X509_R_BAD_X509_FILETYPE 100 +# define X509_R_BASE64_DECODE_ERROR 118 +# define X509_R_CANT_CHECK_DH_KEY 114 +# define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 +# define X509_R_CRL_ALREADY_DELTA 127 +# define X509_R_CRL_VERIFY_FAILURE 131 +# define X509_R_IDP_MISMATCH 128 +# define X509_R_INVALID_DIRECTORY 113 +# define X509_R_INVALID_FIELD_NAME 119 +# define X509_R_INVALID_TRUST 123 +# define X509_R_ISSUER_MISMATCH 129 +# define X509_R_KEY_TYPE_MISMATCH 115 +# define X509_R_KEY_VALUES_MISMATCH 116 +# define X509_R_LOADING_CERT_DIR 103 +# define X509_R_LOADING_DEFAULTS 104 +# define X509_R_METHOD_NOT_SUPPORTED 124 +# define X509_R_NAME_TOO_LONG 134 +# define X509_R_NEWER_CRL_NOT_NEWER 132 +# define X509_R_NO_CERTIFICATE_FOUND 135 +# define X509_R_NO_CERTIFICATE_OR_CRL_FOUND 136 +# define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105 +# define X509_R_NO_CRL_FOUND 137 +# define X509_R_NO_CRL_NUMBER 130 +# define X509_R_PUBLIC_KEY_DECODE_ERROR 125 +# define X509_R_PUBLIC_KEY_ENCODE_ERROR 126 +# define X509_R_SHOULD_RETRY 106 +# define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107 +# define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108 +# define X509_R_UNKNOWN_KEY_TYPE 117 +# define X509_R_UNKNOWN_NID 109 +# define X509_R_UNKNOWN_PURPOSE_ID 121 +# define X509_R_UNKNOWN_TRUST_ID 120 +# define X509_R_UNSUPPORTED_ALGORITHM 111 +# define X509_R_WRONG_LOOKUP_TYPE 112 +# define X509_R_WRONG_TYPE 122 + +#endif diff --git a/deps/openssl/openssl/include/openssl/x509v3.h b/deps/openssl/openssl/include/openssl/x509v3.h index c93b112f36760c..fe1791c6819af5 100644 --- a/deps/openssl/openssl/include/openssl/x509v3.h +++ b/deps/openssl/openssl/include/openssl/x509v3.h @@ -13,6 +13,7 @@ # include # include # include +# include #ifdef __cplusplus extern "C" { @@ -319,8 +320,9 @@ struct ISSUING_DIST_POINT_st { /* onlysomereasons present */ # define IDP_REASONS 0x40 -# define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \ -",name:", val->name, ",value:", val->value); +# define X509V3_conf_err(val) ERR_add_error_data(6, \ + "section:", (val)->section, \ + ",name:", (val)->name, ",value:", (val)->value) # define X509V3_set_ctx_test(ctx) \ X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST) @@ -862,145 +864,70 @@ int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain, #endif /* OPENSSL_NO_RFC3779 */ -/* BEGIN ERROR CODES */ +DEFINE_STACK_OF(ASN1_STRING) + /* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. + * Admission Syntax */ - -int ERR_load_X509V3_strings(void); - -/* Error codes for the X509V3 functions. */ - -/* Function codes. */ -# define X509V3_F_A2I_GENERAL_NAME 164 -# define X509V3_F_ADDR_VALIDATE_PATH_INTERNAL 166 -# define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 161 -# define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 162 -# define X509V3_F_BIGNUM_TO_STRING 167 -# define X509V3_F_COPY_EMAIL 122 -# define X509V3_F_COPY_ISSUER 123 -# define X509V3_F_DO_DIRNAME 144 -# define X509V3_F_DO_EXT_I2D 135 -# define X509V3_F_DO_EXT_NCONF 151 -# define X509V3_F_GNAMES_FROM_SECTNAME 156 -# define X509V3_F_I2S_ASN1_ENUMERATED 121 -# define X509V3_F_I2S_ASN1_IA5STRING 149 -# define X509V3_F_I2S_ASN1_INTEGER 120 -# define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138 -# define X509V3_F_NOTICE_SECTION 132 -# define X509V3_F_NREF_NOS 133 -# define X509V3_F_POLICY_SECTION 131 -# define X509V3_F_PROCESS_PCI_VALUE 150 -# define X509V3_F_R2I_CERTPOL 130 -# define X509V3_F_R2I_PCI 155 -# define X509V3_F_S2I_ASN1_IA5STRING 100 -# define X509V3_F_S2I_ASN1_INTEGER 108 -# define X509V3_F_S2I_ASN1_OCTET_STRING 112 -# define X509V3_F_S2I_SKEY_ID 115 -# define X509V3_F_SET_DIST_POINT_NAME 158 -# define X509V3_F_SXNET_ADD_ID_ASC 125 -# define X509V3_F_SXNET_ADD_ID_INTEGER 126 -# define X509V3_F_SXNET_ADD_ID_ULONG 127 -# define X509V3_F_SXNET_GET_ID_ASC 128 -# define X509V3_F_SXNET_GET_ID_ULONG 129 -# define X509V3_F_V2I_ASIDENTIFIERS 163 -# define X509V3_F_V2I_ASN1_BIT_STRING 101 -# define X509V3_F_V2I_AUTHORITY_INFO_ACCESS 139 -# define X509V3_F_V2I_AUTHORITY_KEYID 119 -# define X509V3_F_V2I_BASIC_CONSTRAINTS 102 -# define X509V3_F_V2I_CRLD 134 -# define X509V3_F_V2I_EXTENDED_KEY_USAGE 103 -# define X509V3_F_V2I_GENERAL_NAMES 118 -# define X509V3_F_V2I_GENERAL_NAME_EX 117 -# define X509V3_F_V2I_IDP 157 -# define X509V3_F_V2I_IPADDRBLOCKS 159 -# define X509V3_F_V2I_ISSUER_ALT 153 -# define X509V3_F_V2I_NAME_CONSTRAINTS 147 -# define X509V3_F_V2I_POLICY_CONSTRAINTS 146 -# define X509V3_F_V2I_POLICY_MAPPINGS 145 -# define X509V3_F_V2I_SUBJECT_ALT 154 -# define X509V3_F_V2I_TLS_FEATURE 165 -# define X509V3_F_V3_GENERIC_EXTENSION 116 -# define X509V3_F_X509V3_ADD1_I2D 140 -# define X509V3_F_X509V3_ADD_VALUE 105 -# define X509V3_F_X509V3_EXT_ADD 104 -# define X509V3_F_X509V3_EXT_ADD_ALIAS 106 -# define X509V3_F_X509V3_EXT_I2D 136 -# define X509V3_F_X509V3_EXT_NCONF 152 -# define X509V3_F_X509V3_GET_SECTION 142 -# define X509V3_F_X509V3_GET_STRING 143 -# define X509V3_F_X509V3_GET_VALUE_BOOL 110 -# define X509V3_F_X509V3_PARSE_LIST 109 -# define X509V3_F_X509_PURPOSE_ADD 137 -# define X509V3_F_X509_PURPOSE_SET 141 - -/* Reason codes. */ -# define X509V3_R_BAD_IP_ADDRESS 118 -# define X509V3_R_BAD_OBJECT 119 -# define X509V3_R_BN_DEC2BN_ERROR 100 -# define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101 -# define X509V3_R_DIRNAME_ERROR 149 -# define X509V3_R_DISTPOINT_ALREADY_SET 160 -# define X509V3_R_DUPLICATE_ZONE_ID 133 -# define X509V3_R_ERROR_CONVERTING_ZONE 131 -# define X509V3_R_ERROR_CREATING_EXTENSION 144 -# define X509V3_R_ERROR_IN_EXTENSION 128 -# define X509V3_R_EXPECTED_A_SECTION_NAME 137 -# define X509V3_R_EXTENSION_EXISTS 145 -# define X509V3_R_EXTENSION_NAME_ERROR 115 -# define X509V3_R_EXTENSION_NOT_FOUND 102 -# define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103 -# define X509V3_R_EXTENSION_VALUE_ERROR 116 -# define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151 -# define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 152 -# define X509V3_R_INVALID_ASNUMBER 162 -# define X509V3_R_INVALID_ASRANGE 163 -# define X509V3_R_INVALID_BOOLEAN_STRING 104 -# define X509V3_R_INVALID_EXTENSION_STRING 105 -# define X509V3_R_INVALID_INHERITANCE 165 -# define X509V3_R_INVALID_IPADDRESS 166 -# define X509V3_R_INVALID_MULTIPLE_RDNS 161 -# define X509V3_R_INVALID_NAME 106 -# define X509V3_R_INVALID_NULL_ARGUMENT 107 -# define X509V3_R_INVALID_NULL_NAME 108 -# define X509V3_R_INVALID_NULL_VALUE 109 -# define X509V3_R_INVALID_NUMBER 140 -# define X509V3_R_INVALID_NUMBERS 141 -# define X509V3_R_INVALID_OBJECT_IDENTIFIER 110 -# define X509V3_R_INVALID_OPTION 138 -# define X509V3_R_INVALID_POLICY_IDENTIFIER 134 -# define X509V3_R_INVALID_PROXY_POLICY_SETTING 153 -# define X509V3_R_INVALID_PURPOSE 146 -# define X509V3_R_INVALID_SAFI 164 -# define X509V3_R_INVALID_SECTION 135 -# define X509V3_R_INVALID_SYNTAX 143 -# define X509V3_R_ISSUER_DECODE_ERROR 126 -# define X509V3_R_MISSING_VALUE 124 -# define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 142 -# define X509V3_R_NO_CONFIG_DATABASE 136 -# define X509V3_R_NO_ISSUER_CERTIFICATE 121 -# define X509V3_R_NO_ISSUER_DETAILS 127 -# define X509V3_R_NO_POLICY_IDENTIFIER 139 -# define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 154 -# define X509V3_R_NO_PUBLIC_KEY 114 -# define X509V3_R_NO_SUBJECT_DETAILS 125 -# define X509V3_R_OPERATION_NOT_DEFINED 148 -# define X509V3_R_OTHERNAME_ERROR 147 -# define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED 155 -# define X509V3_R_POLICY_PATH_LENGTH 156 -# define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED 157 -# define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159 -# define X509V3_R_SECTION_NOT_FOUND 150 -# define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122 -# define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123 -# define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111 -# define X509V3_R_UNKNOWN_EXTENSION 129 -# define X509V3_R_UNKNOWN_EXTENSION_NAME 130 -# define X509V3_R_UNKNOWN_OPTION 120 -# define X509V3_R_UNSUPPORTED_OPTION 117 -# define X509V3_R_UNSUPPORTED_TYPE 167 -# define X509V3_R_USER_TOO_LONG 132 +typedef struct NamingAuthority_st NAMING_AUTHORITY; +typedef struct ProfessionInfo_st PROFESSION_INFO; +typedef struct Admissions_st ADMISSIONS; +typedef struct AdmissionSyntax_st ADMISSION_SYNTAX; +DECLARE_ASN1_FUNCTIONS(NAMING_AUTHORITY) +DECLARE_ASN1_FUNCTIONS(PROFESSION_INFO) +DECLARE_ASN1_FUNCTIONS(ADMISSIONS) +DECLARE_ASN1_FUNCTIONS(ADMISSION_SYNTAX) +DEFINE_STACK_OF(ADMISSIONS) +DEFINE_STACK_OF(PROFESSION_INFO) +typedef STACK_OF(PROFESSION_INFO) PROFESSION_INFOS; + +const ASN1_OBJECT *NAMING_AUTHORITY_get0_authorityId( + const NAMING_AUTHORITY *n); +const ASN1_IA5STRING *NAMING_AUTHORITY_get0_authorityURL( + const NAMING_AUTHORITY *n); +const ASN1_STRING *NAMING_AUTHORITY_get0_authorityText( + const NAMING_AUTHORITY *n); +void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY *n, + ASN1_OBJECT* namingAuthorityId); +void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY *n, + ASN1_IA5STRING* namingAuthorityUrl); +void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY *n, + ASN1_STRING* namingAuthorityText); + +const GENERAL_NAME *ADMISSION_SYNTAX_get0_admissionAuthority( + const ADMISSION_SYNTAX *as); +void ADMISSION_SYNTAX_set0_admissionAuthority( + ADMISSION_SYNTAX *as, GENERAL_NAME *aa); +const STACK_OF(ADMISSIONS) *ADMISSION_SYNTAX_get0_contentsOfAdmissions( + const ADMISSION_SYNTAX *as); +void ADMISSION_SYNTAX_set0_contentsOfAdmissions( + ADMISSION_SYNTAX *as, STACK_OF(ADMISSIONS) *a); +const GENERAL_NAME *ADMISSIONS_get0_admissionAuthority(const ADMISSIONS *a); +void ADMISSIONS_set0_admissionAuthority(ADMISSIONS *a, GENERAL_NAME *aa); +const NAMING_AUTHORITY *ADMISSIONS_get0_namingAuthority(const ADMISSIONS *a); +void ADMISSIONS_set0_namingAuthority(ADMISSIONS *a, NAMING_AUTHORITY *na); +const PROFESSION_INFOS *ADMISSIONS_get0_professionInfos(const ADMISSIONS *a); +void ADMISSIONS_set0_professionInfos(ADMISSIONS *a, PROFESSION_INFOS *pi); +const ASN1_OCTET_STRING *PROFESSION_INFO_get0_addProfessionInfo( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_addProfessionInfo( + PROFESSION_INFO *pi, ASN1_OCTET_STRING *aos); +const NAMING_AUTHORITY *PROFESSION_INFO_get0_namingAuthority( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_namingAuthority( + PROFESSION_INFO *pi, NAMING_AUTHORITY *na); +const STACK_OF(ASN1_STRING) *PROFESSION_INFO_get0_professionItems( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_professionItems( + PROFESSION_INFO *pi, STACK_OF(ASN1_STRING) *as); +const STACK_OF(ASN1_OBJECT) *PROFESSION_INFO_get0_professionOIDs( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_professionOIDs( + PROFESSION_INFO *pi, STACK_OF(ASN1_OBJECT) *po); +const ASN1_PRINTABLESTRING *PROFESSION_INFO_get0_registrationNumber( + const PROFESSION_INFO *pi); +void PROFESSION_INFO_set0_registrationNumber( + PROFESSION_INFO *pi, ASN1_PRINTABLESTRING *rn); # ifdef __cplusplus } diff --git a/deps/openssl/openssl/include/openssl/x509v3err.h b/deps/openssl/openssl/include/openssl/x509v3err.h new file mode 100644 index 00000000000000..6b3df12b63e3c0 --- /dev/null +++ b/deps/openssl/openssl/include/openssl/x509v3err.h @@ -0,0 +1,158 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_X509V3ERR_H +# define HEADER_X509V3ERR_H + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_X509V3_strings(void); + +/* + * X509V3 function codes. + */ +# define X509V3_F_A2I_GENERAL_NAME 164 +# define X509V3_F_ADDR_VALIDATE_PATH_INTERNAL 166 +# define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 161 +# define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 162 +# define X509V3_F_BIGNUM_TO_STRING 167 +# define X509V3_F_COPY_EMAIL 122 +# define X509V3_F_COPY_ISSUER 123 +# define X509V3_F_DO_DIRNAME 144 +# define X509V3_F_DO_EXT_I2D 135 +# define X509V3_F_DO_EXT_NCONF 151 +# define X509V3_F_GNAMES_FROM_SECTNAME 156 +# define X509V3_F_I2S_ASN1_ENUMERATED 121 +# define X509V3_F_I2S_ASN1_IA5STRING 149 +# define X509V3_F_I2S_ASN1_INTEGER 120 +# define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138 +# define X509V3_F_LEVEL_ADD_NODE 168 +# define X509V3_F_NOTICE_SECTION 132 +# define X509V3_F_NREF_NOS 133 +# define X509V3_F_POLICY_CACHE_CREATE 169 +# define X509V3_F_POLICY_CACHE_NEW 170 +# define X509V3_F_POLICY_DATA_NEW 171 +# define X509V3_F_POLICY_SECTION 131 +# define X509V3_F_PROCESS_PCI_VALUE 150 +# define X509V3_F_R2I_CERTPOL 130 +# define X509V3_F_R2I_PCI 155 +# define X509V3_F_S2I_ASN1_IA5STRING 100 +# define X509V3_F_S2I_ASN1_INTEGER 108 +# define X509V3_F_S2I_ASN1_OCTET_STRING 112 +# define X509V3_F_S2I_SKEY_ID 115 +# define X509V3_F_SET_DIST_POINT_NAME 158 +# define X509V3_F_SXNET_ADD_ID_ASC 125 +# define X509V3_F_SXNET_ADD_ID_INTEGER 126 +# define X509V3_F_SXNET_ADD_ID_ULONG 127 +# define X509V3_F_SXNET_GET_ID_ASC 128 +# define X509V3_F_SXNET_GET_ID_ULONG 129 +# define X509V3_F_TREE_INIT 172 +# define X509V3_F_V2I_ASIDENTIFIERS 163 +# define X509V3_F_V2I_ASN1_BIT_STRING 101 +# define X509V3_F_V2I_AUTHORITY_INFO_ACCESS 139 +# define X509V3_F_V2I_AUTHORITY_KEYID 119 +# define X509V3_F_V2I_BASIC_CONSTRAINTS 102 +# define X509V3_F_V2I_CRLD 134 +# define X509V3_F_V2I_EXTENDED_KEY_USAGE 103 +# define X509V3_F_V2I_GENERAL_NAMES 118 +# define X509V3_F_V2I_GENERAL_NAME_EX 117 +# define X509V3_F_V2I_IDP 157 +# define X509V3_F_V2I_IPADDRBLOCKS 159 +# define X509V3_F_V2I_ISSUER_ALT 153 +# define X509V3_F_V2I_NAME_CONSTRAINTS 147 +# define X509V3_F_V2I_POLICY_CONSTRAINTS 146 +# define X509V3_F_V2I_POLICY_MAPPINGS 145 +# define X509V3_F_V2I_SUBJECT_ALT 154 +# define X509V3_F_V2I_TLS_FEATURE 165 +# define X509V3_F_V3_GENERIC_EXTENSION 116 +# define X509V3_F_X509V3_ADD1_I2D 140 +# define X509V3_F_X509V3_ADD_VALUE 105 +# define X509V3_F_X509V3_EXT_ADD 104 +# define X509V3_F_X509V3_EXT_ADD_ALIAS 106 +# define X509V3_F_X509V3_EXT_I2D 136 +# define X509V3_F_X509V3_EXT_NCONF 152 +# define X509V3_F_X509V3_GET_SECTION 142 +# define X509V3_F_X509V3_GET_STRING 143 +# define X509V3_F_X509V3_GET_VALUE_BOOL 110 +# define X509V3_F_X509V3_PARSE_LIST 109 +# define X509V3_F_X509_PURPOSE_ADD 137 +# define X509V3_F_X509_PURPOSE_SET 141 + +/* + * X509V3 reason codes. + */ +# define X509V3_R_BAD_IP_ADDRESS 118 +# define X509V3_R_BAD_OBJECT 119 +# define X509V3_R_BN_DEC2BN_ERROR 100 +# define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101 +# define X509V3_R_DIRNAME_ERROR 149 +# define X509V3_R_DISTPOINT_ALREADY_SET 160 +# define X509V3_R_DUPLICATE_ZONE_ID 133 +# define X509V3_R_ERROR_CONVERTING_ZONE 131 +# define X509V3_R_ERROR_CREATING_EXTENSION 144 +# define X509V3_R_ERROR_IN_EXTENSION 128 +# define X509V3_R_EXPECTED_A_SECTION_NAME 137 +# define X509V3_R_EXTENSION_EXISTS 145 +# define X509V3_R_EXTENSION_NAME_ERROR 115 +# define X509V3_R_EXTENSION_NOT_FOUND 102 +# define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103 +# define X509V3_R_EXTENSION_VALUE_ERROR 116 +# define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151 +# define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 152 +# define X509V3_R_INVALID_ASNUMBER 162 +# define X509V3_R_INVALID_ASRANGE 163 +# define X509V3_R_INVALID_BOOLEAN_STRING 104 +# define X509V3_R_INVALID_EXTENSION_STRING 105 +# define X509V3_R_INVALID_INHERITANCE 165 +# define X509V3_R_INVALID_IPADDRESS 166 +# define X509V3_R_INVALID_MULTIPLE_RDNS 161 +# define X509V3_R_INVALID_NAME 106 +# define X509V3_R_INVALID_NULL_ARGUMENT 107 +# define X509V3_R_INVALID_NULL_NAME 108 +# define X509V3_R_INVALID_NULL_VALUE 109 +# define X509V3_R_INVALID_NUMBER 140 +# define X509V3_R_INVALID_NUMBERS 141 +# define X509V3_R_INVALID_OBJECT_IDENTIFIER 110 +# define X509V3_R_INVALID_OPTION 138 +# define X509V3_R_INVALID_POLICY_IDENTIFIER 134 +# define X509V3_R_INVALID_PROXY_POLICY_SETTING 153 +# define X509V3_R_INVALID_PURPOSE 146 +# define X509V3_R_INVALID_SAFI 164 +# define X509V3_R_INVALID_SECTION 135 +# define X509V3_R_INVALID_SYNTAX 143 +# define X509V3_R_ISSUER_DECODE_ERROR 126 +# define X509V3_R_MISSING_VALUE 124 +# define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 142 +# define X509V3_R_NO_CONFIG_DATABASE 136 +# define X509V3_R_NO_ISSUER_CERTIFICATE 121 +# define X509V3_R_NO_ISSUER_DETAILS 127 +# define X509V3_R_NO_POLICY_IDENTIFIER 139 +# define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 154 +# define X509V3_R_NO_PUBLIC_KEY 114 +# define X509V3_R_NO_SUBJECT_DETAILS 125 +# define X509V3_R_OPERATION_NOT_DEFINED 148 +# define X509V3_R_OTHERNAME_ERROR 147 +# define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED 155 +# define X509V3_R_POLICY_PATH_LENGTH 156 +# define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED 157 +# define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159 +# define X509V3_R_SECTION_NOT_FOUND 150 +# define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122 +# define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123 +# define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111 +# define X509V3_R_UNKNOWN_EXTENSION 129 +# define X509V3_R_UNKNOWN_EXTENSION_NAME 130 +# define X509V3_R_UNKNOWN_OPTION 120 +# define X509V3_R_UNSUPPORTED_OPTION 117 +# define X509V3_R_UNSUPPORTED_TYPE 167 +# define X509V3_R_USER_TOO_LONG 132 + +#endif diff --git a/deps/openssl/openssl/ms/segrenam.pl b/deps/openssl/openssl/ms/segrenam.pl deleted file mode 100755 index 372444a22953ad..00000000000000 --- a/deps/openssl/openssl/ms/segrenam.pl +++ /dev/null @@ -1,71 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the OpenSSL license (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -my $quiet = 1; - -unpack("L",pack("N",1))!=1 || die "only little-endian hosts are supported"; - -# first argument can specify custom suffix... -$suffix=(@ARGV[0]=~/^\$/) ? shift(@ARGV) : "\$m"; -################################################################# -# rename segments in COFF modules according to %map table below # -%map=( ".text" => "fipstx$suffix", # - ".text\$"=> "fipstx$suffix", # - ".rdata" => "fipsrd$suffix", # - ".data" => "fipsda$suffix" ); # -################################################################# - -# collect file list -foreach (@ARGV) { - if (/\*/) { push(@files,glob($_)); } - else { push(@files,$_); } -} - -use Fcntl; -use Fcntl ":seek"; - -foreach (@files) { - $file=$_; - print "processing $file\n" unless $quiet; - - sysopen(FD,$file,O_RDWR|O_BINARY) || die "sysopen($file): $!"; - - # read IMAGE_DOS_HEADER - sysread(FD,$mz,64)==64 || die "$file is too short"; - @dos_header=unpack("a2C58I",$mz); - if (@dos_header[0] eq "MZ") { - $e_lfanew=pop(@dos_header); - sysseek(FD,$e_lfanew,SEEK_SET) || die "$file is too short"; - sysread(FD,$Magic,4)==4 || die "$file is too short"; - unpack("I",$Magic)==0x4550 || die "$file is not COFF image"; - } elsif ($file =~ /\.obj$/i) { - # .obj files have no IMAGE_DOS_HEADER - sysseek(FD,0,SEEK_SET) || die "unable to rewind $file"; - } else { next; } - - # read IMAGE_FILE_HEADER - sysread(FD,$coff,20)==20 || die "$file is too short"; - ($Machine,$NumberOfSections,$TimeDateStamp, - $PointerToSymbolTable,$NumberOfSysmbols, - $SizeOfOptionalHeader,$Characteristics)=unpack("SSIIISS",$coff); - - # skip over IMAGE_OPTIONAL_HEADER - sysseek(FD,$SizeOfOptionalHeader,SEEK_CUR) || die "$file is too short"; - - # traverse IMAGE_SECTION_HEADER table - for($i=0;$i<$NumberOfSections;$i++) { - sysread(FD,$SectionHeader,40)==40 || die "$file is too short"; - ($Name,@opaque)=unpack("Z8C*",$SectionHeader); - if ($map{$Name}) { - sysseek(FD,-40,SEEK_CUR) || die "unable to rewind $file"; - syswrite(FD,pack("a8C*",$map{$Name},@opaque))==40 || die "syswrite failed: $!"; - printf " %-8s -> %.8s\n",$Name,$map{$Name} unless $quiet; - } - } - close(FD); -} diff --git a/deps/openssl/openssl/ms/tlhelp32.h b/deps/openssl/openssl/ms/tlhelp32.h deleted file mode 100644 index 9408dc32449745..00000000000000 --- a/deps/openssl/openssl/ms/tlhelp32.h +++ /dev/null @@ -1,136 +0,0 @@ -/*- - tlhelp32.h - Include file for Tool help functions. - - Written by Mumit Khan - - This file is part of a free library for the Win32 API. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - -*/ -#ifndef _TLHELP32_H -# define _TLHELP32_H -#ifdef __cplusplus -extern "C" { -#endif -# define HF32_DEFAULT 1 -# define HF32_SHARED 2 -# define LF32_FIXED 0x1 -# define LF32_FREE 0x2 -# define LF32_MOVEABLE 0x4 -# define MAX_MODULE_NAME32 255 -# define TH32CS_SNAPHEAPLIST 0x1 -# define TH32CS_SNAPPROCESS 0x2 -# define TH32CS_SNAPTHREAD 0x4 -# define TH32CS_SNAPMODULE 0x8 -# define TH32CS_SNAPALL (TH32CS_SNAPHEAPLIST|TH32CS_SNAPPROCESS|TH32CS_SNAPTHREAD|TH32CS_SNAPMODULE) -# define TH32CS_INHERIT 0x80000000 -typedef struct tagHEAPLIST32 { - DWORD dwSize; - DWORD th32ProcessID; - DWORD th32HeapID; - DWORD dwFlags; -} HEAPLIST32, *PHEAPLIST32, *LPHEAPLIST32; -typedef struct tagHEAPENTRY32 { - DWORD dwSize; - HANDLE hHandle; - DWORD dwAddress; - DWORD dwBlockSize; - DWORD dwFlags; - DWORD dwLockCount; - DWORD dwResvd; - DWORD th32ProcessID; - DWORD th32HeapID; -} HEAPENTRY32, *PHEAPENTRY32, *LPHEAPENTRY32; -typedef struct tagPROCESSENTRY32W { - DWORD dwSize; - DWORD cntUsage; - DWORD th32ProcessID; - DWORD th32DefaultHeapID; - DWORD th32ModuleID; - DWORD cntThreads; - DWORD th32ParentProcessID; - LONG pcPriClassBase; - DWORD dwFlags; - WCHAR szExeFile[MAX_PATH]; -} PROCESSENTRY32W, *PPROCESSENTRY32W, *LPPROCESSENTRY32W; -typedef struct tagPROCESSENTRY32 { - DWORD dwSize; - DWORD cntUsage; - DWORD th32ProcessID; - DWORD th32DefaultHeapID; - DWORD th32ModuleID; - DWORD cntThreads; - DWORD th32ParentProcessID; - LONG pcPriClassBase; - DWORD dwFlags; - CHAR szExeFile[MAX_PATH]; -} PROCESSENTRY32, *PPROCESSENTRY32, *LPPROCESSENTRY32; -typedef struct tagTHREADENTRY32 { - DWORD dwSize; - DWORD cntUsage; - DWORD th32ThreadID; - DWORD th32OwnerProcessID; - LONG tpBasePri; - LONG tpDeltaPri; - DWORD dwFlags; -} THREADENTRY32, *PTHREADENTRY32, *LPTHREADENTRY32; -typedef struct tagMODULEENTRY32W { - DWORD dwSize; - DWORD th32ModuleID; - DWORD th32ProcessID; - DWORD GlblcntUsage; - DWORD ProccntUsage; - BYTE *modBaseAddr; - DWORD modBaseSize; - HMODULE hModule; - WCHAR szModule[MAX_MODULE_NAME32 + 1]; - WCHAR szExePath[MAX_PATH]; -} MODULEENTRY32W, *PMODULEENTRY32W, *LPMODULEENTRY32W; -typedef struct tagMODULEENTRY32 { - DWORD dwSize; - DWORD th32ModuleID; - DWORD th32ProcessID; - DWORD GlblcntUsage; - DWORD ProccntUsage; - BYTE *modBaseAddr; - DWORD modBaseSize; - HMODULE hModule; - char szModule[MAX_MODULE_NAME32 + 1]; - char szExePath[MAX_PATH]; -} MODULEENTRY32, *PMODULEENTRY32, *LPMODULEENTRY32; -BOOL WINAPI Heap32First(LPHEAPENTRY32, DWORD, DWORD); -BOOL WINAPI Heap32ListFirst(HANDLE, LPHEAPLIST32); -BOOL WINAPI Heap32ListNext(HANDLE, LPHEAPLIST32); -BOOL WINAPI Heap32Next(LPHEAPENTRY32); -BOOL WINAPI Module32First(HANDLE, LPMODULEENTRY32); -BOOL WINAPI Module32FirstW(HANDLE, LPMODULEENTRY32W); -BOOL WINAPI Module32Next(HANDLE, LPMODULEENTRY32); -BOOL WINAPI Module32NextW(HANDLE, LPMODULEENTRY32W); -BOOL WINAPI Process32First(HANDLE, LPPROCESSENTRY32); -BOOL WINAPI Process32FirstW(HANDLE, LPPROCESSENTRY32W); -BOOL WINAPI Process32Next(HANDLE, LPPROCESSENTRY32); -BOOL WINAPI Process32NextW(HANDLE, LPPROCESSENTRY32W); -BOOL WINAPI Thread32First(HANDLE, LPTHREADENTRY32); -BOOL WINAPI Thread32Next(HANDLE, LPTHREADENTRY32); -BOOL WINAPI Toolhelp32ReadProcessMemory(DWORD, LPCVOID, LPVOID, DWORD, - LPDWORD); -HANDLE WINAPI CreateToolhelp32Snapshot(DWORD, DWORD); -# ifdef UNICODE -# define LPMODULEENTRY32 LPMODULEENTRY32W -# define LPPROCESSENTRY32 LPPROCESSENTRY32W -# define MODULEENTRY32 MODULEENTRY32W -# define Module32First Module32FirstW -# define Module32Next Module32NextW -# define PMODULEENTRY32 PMODULEENTRY32W -# define PPROCESSENTRY32 PPROCESSENTRY32W -# define PROCESSENTRY32 PROCESSENTRY32W -# define Process32First Process32FirstW -# define Process32Next Process32NextW -# endif /* UNICODE */ -#ifdef __cplusplus -} -#endif -#endif /* _TLHELP32_H */ diff --git a/deps/openssl/openssl/ms/uplink-x86.pl b/deps/openssl/openssl/ms/uplink-x86.pl index 2c0b12b86e7499..e79cff72d10376 100755 --- a/deps/openssl/openssl/ms/uplink-x86.pl +++ b/deps/openssl/openssl/ms/uplink-x86.pl @@ -15,7 +15,7 @@ $output = pop; open STDOUT,">$output"; -&asm_init($ARGV[0],"uplink-x86"); +&asm_init($ARGV[0]); &external_label("OPENSSL_Uplink"); &public_label("OPENSSL_UplinkTable"); diff --git a/deps/openssl/openssl/ssl/bio_ssl.c b/deps/openssl/openssl/ssl/bio_ssl.c index 97540e6c7cedee..d1876d8b8c1f4a 100644 --- a/deps/openssl/openssl/ssl/bio_ssl.c +++ b/deps/openssl/openssl/ssl/bio_ssl.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -16,8 +16,8 @@ #include #include "ssl_locl.h" -static int ssl_write(BIO *h, const char *buf, int num); -static int ssl_read(BIO *h, char *buf, int size); +static int ssl_write(BIO *h, const char *buf, size_t size, size_t *written); +static int ssl_read(BIO *b, char *buf, size_t size, size_t *readbytes); static int ssl_puts(BIO *h, const char *str); static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int ssl_new(BIO *h); @@ -28,7 +28,7 @@ typedef struct bio_ssl_st { /* re-negotiate every time the total number of bytes is this size */ int num_renegotiates; unsigned long renegotiate_count; - unsigned long byte_count; + size_t byte_count; unsigned long renegotiate_timeout; unsigned long last_time; } BIO_SSL; @@ -37,7 +37,9 @@ static const BIO_METHOD methods_sslp = { BIO_TYPE_SSL, "ssl", ssl_write, + NULL, /* ssl_write_old, */ ssl_read, + NULL, /* ssl_read_old, */ ssl_puts, NULL, /* ssl_gets, */ ssl_ctrl, @@ -48,7 +50,7 @@ static const BIO_METHOD methods_sslp = { const BIO_METHOD *BIO_f_ssl(void) { - return (&methods_sslp); + return &methods_sslp; } static int ssl_new(BIO *bi) @@ -57,7 +59,7 @@ static int ssl_new(BIO *bi) if (bs == NULL) { BIOerr(BIO_F_SSL_NEW, ERR_R_MALLOC_FAILURE); - return (0); + return 0; } BIO_set_init(bi, 0); BIO_set_data(bi, bs); @@ -72,7 +74,7 @@ static int ssl_free(BIO *a) BIO_SSL *bs; if (a == NULL) - return (0); + return 0; bs = BIO_get_data(a); if (bs->ssl != NULL) SSL_shutdown(bs->ssl); @@ -87,7 +89,7 @@ static int ssl_free(BIO *a) return 1; } -static int ssl_read(BIO *b, char *out, int outl) +static int ssl_read(BIO *b, char *buf, size_t size, size_t *readbytes) { int ret = 1; BIO_SSL *sb; @@ -95,21 +97,19 @@ static int ssl_read(BIO *b, char *out, int outl) int retry_reason = 0; int r = 0; - if (out == NULL) - return (0); + if (buf == NULL) + return 0; sb = BIO_get_data(b); ssl = sb->ssl; BIO_clear_retry_flags(b); - ret = SSL_read(ssl, out, outl); + ret = ssl_read_internal(ssl, buf, size, readbytes); switch (SSL_get_error(ssl, ret)) { case SSL_ERROR_NONE: - if (ret <= 0) - break; if (sb->renegotiate_count > 0) { - sb->byte_count += ret; + sb->byte_count += *readbytes; if (sb->byte_count > sb->renegotiate_count) { sb->byte_count = 0; sb->num_renegotiates++; @@ -155,34 +155,30 @@ static int ssl_read(BIO *b, char *out, int outl) } BIO_set_retry_reason(b, retry_reason); - return (ret); + + return ret; } -static int ssl_write(BIO *b, const char *out, int outl) +static int ssl_write(BIO *b, const char *buf, size_t size, size_t *written) { int ret, r = 0; int retry_reason = 0; SSL *ssl; BIO_SSL *bs; - if (out == NULL) - return (0); + if (buf == NULL) + return 0; bs = BIO_get_data(b); ssl = bs->ssl; BIO_clear_retry_flags(b); - /* - * ret=SSL_do_handshake(ssl); if (ret > 0) - */ - ret = SSL_write(ssl, out, outl); + ret = ssl_write_internal(ssl, buf, size, written); switch (SSL_get_error(ssl, ret)) { case SSL_ERROR_NONE: - if (ret <= 0) - break; if (bs->renegotiate_count > 0) { - bs->byte_count += ret; + bs->byte_count += *written; if (bs->byte_count > bs->renegotiate_count) { bs->byte_count = 0; bs->num_renegotiates++; @@ -221,6 +217,7 @@ static int ssl_write(BIO *b, const char *out, int outl) } BIO_set_retry_reason(b, retry_reason); + return ret; } @@ -236,7 +233,7 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr) next = BIO_next(b); ssl = bs->ssl; if ((ssl == NULL) && (cmd != BIO_C_SET_SSL)) - return (0); + return 0; switch (cmd) { case BIO_CTRL_RESET: SSL_shutdown(ssl); @@ -384,21 +381,13 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr) ret = BIO_ctrl(ssl->rbio, cmd, num, ptr); break; case BIO_CTRL_SET_CALLBACK: - { -#if 0 /* FIXME: Should this be used? -- Richard - * Levitte */ - SSLerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - ret = -1; -#else - ret = 0; -#endif - } + ret = 0; /* use callback ctrl */ break; default: ret = BIO_ctrl(ssl->rbio, cmd, num, ptr); break; } - return (ret); + return ret; } static long ssl_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) @@ -417,7 +406,7 @@ static long ssl_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) ret = 0; break; } - return (ret); + return ret; } static int ssl_puts(BIO *bp, const char *str) @@ -426,7 +415,7 @@ static int ssl_puts(BIO *bp, const char *str) n = strlen(str); ret = BIO_write(bp, str, n); - return (ret); + return ret; } BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx) @@ -435,17 +424,17 @@ BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx) BIO *ret = NULL, *buf = NULL, *ssl = NULL; if ((buf = BIO_new(BIO_f_buffer())) == NULL) - return (NULL); + return NULL; if ((ssl = BIO_new_ssl_connect(ctx)) == NULL) goto err; if ((ret = BIO_push(buf, ssl)) == NULL) goto err; - return (ret); + return ret; err: BIO_free(buf); BIO_free(ssl); #endif - return (NULL); + return NULL; } BIO *BIO_new_ssl_connect(SSL_CTX *ctx) @@ -454,16 +443,16 @@ BIO *BIO_new_ssl_connect(SSL_CTX *ctx) BIO *ret = NULL, *con = NULL, *ssl = NULL; if ((con = BIO_new(BIO_s_connect())) == NULL) - return (NULL); + return NULL; if ((ssl = BIO_new_ssl(ctx, 1)) == NULL) goto err; if ((ret = BIO_push(ssl, con)) == NULL) goto err; - return (ret); + return ret; err: BIO_free(con); #endif - return (NULL); + return NULL; } BIO *BIO_new_ssl(SSL_CTX *ctx, int client) @@ -472,10 +461,10 @@ BIO *BIO_new_ssl(SSL_CTX *ctx, int client) SSL *ssl; if ((ret = BIO_new(BIO_f_ssl())) == NULL) - return (NULL); + return NULL; if ((ssl = SSL_new(ctx)) == NULL) { BIO_free(ret); - return (NULL); + return NULL; } if (client) SSL_set_connect_state(ssl); @@ -483,7 +472,7 @@ BIO *BIO_new_ssl(SSL_CTX *ctx, int client) SSL_set_accept_state(ssl); BIO_set_ssl(ret, ssl, BIO_CLOSE); - return (ret); + return ret; } int BIO_ssl_copy_session_id(BIO *t, BIO *f) @@ -496,10 +485,10 @@ int BIO_ssl_copy_session_id(BIO *t, BIO *f) tdata = BIO_get_data(t); fdata = BIO_get_data(f); if ((tdata->ssl == NULL) || (fdata->ssl == NULL)) - return (0); + return 0; if (!SSL_copy_session_id(tdata->ssl, (fdata->ssl))) return 0; - return (1); + return 1; } void BIO_ssl_shutdown(BIO *b) diff --git a/deps/openssl/openssl/ssl/build.info b/deps/openssl/openssl/ssl/build.info index 69772465d9ccb3..bb2f1deb530066 100644 --- a/deps/openssl/openssl/ssl/build.info +++ b/deps/openssl/openssl/ssl/build.info @@ -1,14 +1,15 @@ LIBS=../libssl SOURCE[../libssl]=\ - pqueue.c \ + pqueue.c packet.c \ statem/statem_srvr.c statem/statem_clnt.c s3_lib.c s3_enc.c record/rec_layer_s3.c \ - statem/statem_lib.c s3_cbc.c s3_msg.c \ - methods.c t1_lib.c t1_enc.c t1_ext.c \ + statem/statem_lib.c statem/extensions.c statem/extensions_srvr.c \ + statem/extensions_clnt.c statem/extensions_cust.c s3_cbc.c s3_msg.c \ + methods.c t1_lib.c t1_enc.c tls13_enc.c \ d1_lib.c record/rec_layer_d1.c d1_msg.c \ statem/statem_dtls.c d1_srtp.c \ ssl_lib.c ssl_cert.c ssl_sess.c \ ssl_ciph.c ssl_stat.c ssl_rsa.c \ ssl_asn1.c ssl_txt.c ssl_init.c ssl_conf.c ssl_mcnf.c \ - bio_ssl.c ssl_err.c t1_reneg.c tls_srp.c t1_trce.c ssl_utst.c \ + bio_ssl.c ssl_err.c tls_srp.c t1_trce.c ssl_utst.c \ record/ssl3_buffer.c record/ssl3_record.c record/dtls1_bitmap.c \ - statem/statem.c + statem/statem.c record/ssl3_record_tls13.c diff --git a/deps/openssl/openssl/ssl/d1_lib.c b/deps/openssl/openssl/ssl/d1_lib.c index 55a81c34ba678d..fcda32754735ca 100644 --- a/deps/openssl/openssl/ssl/d1_lib.c +++ b/deps/openssl/openssl/ssl/d1_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,27 +7,18 @@ * https://www.openssl.org/source/license.html */ +#include "e_os.h" #include -#define USE_SOCKETS #include #include #include "ssl_locl.h" -#if defined(OPENSSL_SYS_VMS) -# include -#elif defined(OPENSSL_SYS_VXWORKS) -# include -#elif !defined(OPENSSL_SYS_WIN32) -# include -#endif - static void get_current_time(struct timeval *t); -static int dtls1_set_handshake_header(SSL *s, int type, unsigned long len); static int dtls1_handshake_write(SSL *s); -static unsigned int dtls1_link_min_mtu(void); +static size_t dtls1_link_min_mtu(void); /* XDTLS: figure out the right values */ -static const unsigned int g_probable_mtu[] = { 1500, 512, 256 }; +static const size_t g_probable_mtu[] = { 1500, 512, 256 }; const SSL3_ENC_METHOD DTLSv1_enc_data = { tls1_enc, @@ -36,14 +27,13 @@ const SSL3_ENC_METHOD DTLSv1_enc_data = { tls1_generate_master_secret, tls1_change_cipher_state, tls1_final_finish_mac, - TLS1_FINISH_MAC_LENGTH, TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE, TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE, tls1_alert_code, tls1_export_keying_material, SSL_ENC_FLAG_DTLS | SSL_ENC_FLAG_EXPLICIT_IV, - DTLS1_HM_HEADER_LENGTH, dtls1_set_handshake_header, + dtls1_close_construct_packet, dtls1_handshake_write }; @@ -54,15 +44,14 @@ const SSL3_ENC_METHOD DTLSv1_2_enc_data = { tls1_generate_master_secret, tls1_change_cipher_state, tls1_final_finish_mac, - TLS1_FINISH_MAC_LENGTH, TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE, TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE, tls1_alert_code, tls1_export_keying_material, SSL_ENC_FLAG_DTLS | SSL_ENC_FLAG_EXPLICIT_IV | SSL_ENC_FLAG_SIGALGS | SSL_ENC_FLAG_SHA256_PRF | SSL_ENC_FLAG_TLS1_2_CIPHERS, - DTLS1_HM_HEADER_LENGTH, dtls1_set_handshake_header, + dtls1_close_construct_packet, dtls1_handshake_write }; @@ -84,10 +73,10 @@ int dtls1_new(SSL *s) } if (!ssl3_new(s)) - return (0); + return 0; if ((d1 = OPENSSL_zalloc(sizeof(*d1))) == NULL) { ssl3_free(s); - return (0); + return 0; } d1->buffered_messages = pqueue_new(); @@ -105,12 +94,15 @@ int dtls1_new(SSL *s) pqueue_free(d1->sent_messages); OPENSSL_free(d1); ssl3_free(s); - return (0); + return 0; } s->d1 = d1; - s->method->ssl_clear(s); - return (1); + + if (!s->method->ssl_clear(s)) + return 0; + + return 1; } static void dtls1_clear_queues(SSL *s) @@ -159,16 +151,18 @@ void dtls1_free(SSL *s) s->d1 = NULL; } -void dtls1_clear(SSL *s) +int dtls1_clear(SSL *s) { pqueue *buffered_messages; pqueue *sent_messages; - unsigned int mtu; - unsigned int link_mtu; + size_t mtu; + size_t link_mtu; DTLS_RECORD_LAYER_clear(&s->rlayer); if (s->d1) { + DTLS_timer_cb timer_cb = s->d1->timer_cb; + buffered_messages = s->d1->buffered_messages; sent_messages = s->d1->sent_messages; mtu = s->d1->mtu; @@ -178,6 +172,9 @@ void dtls1_clear(SSL *s) memset(s->d1, 0, sizeof(*s->d1)); + /* Restore the timer callback from previous state */ + s->d1->timer_cb = timer_cb; + if (s->server) { s->d1->cookie_len = sizeof(s->d1->cookie); } @@ -191,7 +188,8 @@ void dtls1_clear(SSL *s) s->d1->sent_messages = sent_messages; } - ssl3_clear(s); + if (!ssl3_clear(s)) + return 0; if (s->method->version == DTLS_ANY_VERSION) s->version = DTLS_MAX_VERSION; @@ -201,6 +199,8 @@ void dtls1_clear(SSL *s) #endif else s->version = s->method->version; + + return 1; } long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg) @@ -236,11 +236,13 @@ long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg) ret = ssl3_ctrl(s, cmd, larg, parg); break; } - return (ret); + return ret; } void dtls1_start_timer(SSL *s) { + unsigned int sec, usec; + #ifndef OPENSSL_NO_SCTP /* Disable timer for SCTP */ if (BIO_dgram_is_sctp(SSL_get_wbio(s))) { @@ -249,16 +251,34 @@ void dtls1_start_timer(SSL *s) } #endif - /* If timer is not set, initialize duration with 1 second */ + /* + * If timer is not set, initialize duration with 1 second or + * a user-specified value if the timer callback is installed. + */ if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) { - s->d1->timeout_duration = 1; + + if (s->d1->timer_cb != NULL) + s->d1->timeout_duration_us = s->d1->timer_cb(s, 0); + else + s->d1->timeout_duration_us = 1000000; } /* Set timeout to current time */ get_current_time(&(s->d1->next_timeout)); /* Add duration to current time */ - s->d1->next_timeout.tv_sec += s->d1->timeout_duration; + + sec = s->d1->timeout_duration_us / 1000000; + usec = s->d1->timeout_duration_us - (sec * 1000000); + + s->d1->next_timeout.tv_sec += sec; + s->d1->next_timeout.tv_usec += usec; + + if (s->d1->next_timeout.tv_usec >= 1000000) { + s->d1->next_timeout.tv_sec++; + s->d1->next_timeout.tv_usec -= 1000000; + } + BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout)); } @@ -323,9 +343,9 @@ int dtls1_is_timer_expired(SSL *s) void dtls1_double_timeout(SSL *s) { - s->d1->timeout_duration *= 2; - if (s->d1->timeout_duration > 60) - s->d1->timeout_duration = 60; + s->d1->timeout_duration_us *= 2; + if (s->d1->timeout_duration_us > 60000000) + s->d1->timeout_duration_us = 60000000; dtls1_start_timer(s); } @@ -334,7 +354,7 @@ void dtls1_stop_timer(SSL *s) /* Reset everything */ memset(&s->d1->timeout, 0, sizeof(s->d1->timeout)); memset(&s->d1->next_timeout, 0, sizeof(s->d1->next_timeout)); - s->d1->timeout_duration = 1; + s->d1->timeout_duration_us = 1000000; BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout)); /* Clear retransmission buffer */ @@ -343,7 +363,7 @@ void dtls1_stop_timer(SSL *s) int dtls1_check_timeout_num(SSL *s) { - unsigned int mtu; + size_t mtu; s->d1->timeout.num_alerts++; @@ -358,7 +378,8 @@ int dtls1_check_timeout_num(SSL *s) if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) { /* fail the connection, enough alerts have been sent */ - SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM, SSL_R_READ_TIMEOUT_EXPIRED); + SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_DTLS1_CHECK_TIMEOUT_NUM, + SSL_R_READ_TIMEOUT_EXPIRED); return -1; } @@ -372,23 +393,23 @@ int dtls1_handle_timeout(SSL *s) return 0; } - dtls1_double_timeout(s); + if (s->d1->timer_cb != NULL) + s->d1->timeout_duration_us = s->d1->timer_cb(s, s->d1->timeout_duration_us); + else + dtls1_double_timeout(s); - if (dtls1_check_timeout_num(s) < 0) + if (dtls1_check_timeout_num(s) < 0) { + /* SSLfatal() already called */ return -1; + } s->d1->timeout.read_timeouts++; if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) { s->d1->timeout.read_timeouts = 1; } -#ifndef OPENSSL_NO_HEARTBEATS - if (s->tlsext_hb_pending) { - s->tlsext_hb_pending = 0; - return dtls1_heartbeat(s); - } -#endif dtls1_start_timer(s); + /* Calls SSLfatal() if required */ return dtls1_retransmit_buffered_messages(s); } @@ -413,11 +434,6 @@ static void get_current_time(struct timeval *t) # endif t->tv_sec = (long)(now.ul / 10000000); t->tv_usec = ((int)(now.ul % 10000000)) / 10; -#elif defined(OPENSSL_SYS_VMS) - struct timeb tb; - ftime(&tb); - t->tv_sec = (long)tb.time; - t->tv_usec = (long)tb.millitm * 1000; #else gettimeofday(t, NULL); #endif @@ -429,15 +445,14 @@ static void get_current_time(struct timeval *t) #ifndef OPENSSL_NO_SOCK int DTLSv1_listen(SSL *s, BIO_ADDR *client) { - int next, n, ret = 0, clearpkt = 0; + int next, n, ret = 0; unsigned char cookie[DTLS1_COOKIE_LENGTH]; unsigned char seq[SEQ_NUM_SIZE]; const unsigned char *data; - unsigned char *p, *buf; - unsigned long reclen, fragoff, fraglen, msglen; + unsigned char *buf, *wbuf; + size_t fragoff, fraglen, msglen, reclen, align = 0; unsigned int rectype, versmajor, msgseq, msgtype, clientvers, cookielen; BIO *rbio, *wbio; - BUF_MEM *bufm; BIO_ADDR *tmpclient = NULL; PACKET pkt, msgpkt, msgpayload, session, cookiepkt; @@ -460,13 +475,6 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) return -1; } - /* - * We only peek at incoming ClientHello's until we're sure we are going to - * to respond with a HelloVerifyRequest. If its a ClientHello with a valid - * cookie then we leave it in the BIO for accept to handle. - */ - BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 1, NULL); - /* * Note: This check deliberately excludes DTLS1_BAD_VER because that version * requires the MAC to be calculated *including* the first ClientHello @@ -479,35 +487,32 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) return -1; } - if (s->init_buf == NULL) { - if ((bufm = BUF_MEM_new()) == NULL) { - SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_MALLOC_FAILURE); - return -1; - } - - if (!BUF_MEM_grow(bufm, SSL3_RT_MAX_PLAIN_LENGTH)) { - BUF_MEM_free(bufm); - SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_MALLOC_FAILURE); - return -1; - } - s->init_buf = bufm; + if (!ssl3_setup_buffers(s)) { + /* SSLerr already called */ + return -1; } - buf = (unsigned char *)s->init_buf->data; + buf = RECORD_LAYER_get_rbuf(&s->rlayer)->buf; + wbuf = RECORD_LAYER_get_wbuf(&s->rlayer)[0].buf; +#if defined(SSL3_ALIGN_PAYLOAD) +# if SSL3_ALIGN_PAYLOAD != 0 + /* + * Using SSL3_RT_HEADER_LENGTH here instead of DTLS1_RT_HEADER_LENGTH for + * consistency with ssl3_read_n. In practice it should make no difference + * for sensible values of SSL3_ALIGN_PAYLOAD because the difference between + * SSL3_RT_HEADER_LENGTH and DTLS1_RT_HEADER_LENGTH is exactly 8 + */ + align = (size_t)buf + SSL3_RT_HEADER_LENGTH; + align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD); +# endif +#endif + buf += align; do { /* Get a packet */ clear_sys_error(); - /* - * Technically a ClientHello could be SSL3_RT_MAX_PLAIN_LENGTH - * + DTLS1_RT_HEADER_LENGTH bytes long. Normally init_buf does not store - * the record header as well, but we do here. We've set up init_buf to - * be the standard size for simplicity. In practice we shouldn't ever - * receive a ClientHello as long as this. If we do it will get dropped - * in the record length check below. - */ - n = BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH); - + n = BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH + + DTLS1_RT_HEADER_LENGTH); if (n <= 0) { if (BIO_should_retry(rbio)) { /* Non-blocking IO */ @@ -516,9 +521,6 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) return -1; } - /* If we hit any problems we need to clear this packet from the BIO */ - clearpkt = 1; - if (!PACKET_buf_init(&pkt, buf, n)) { SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_INTERNAL_ERROR); return -1; @@ -571,6 +573,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_LENGTH_MISMATCH); goto end; } + reclen = PACKET_remaining(&msgpkt); /* * We allow data remaining at the end of the packet because there could * be a second record (but we ignore it) @@ -587,10 +590,10 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) /* Finished processing the record header, now process the message */ if (!PACKET_get_1(&msgpkt, &msgtype) - || !PACKET_get_net_3(&msgpkt, &msglen) + || !PACKET_get_net_3_len(&msgpkt, &msglen) || !PACKET_get_net_2(&msgpkt, &msgseq) - || !PACKET_get_net_3(&msgpkt, &fragoff) - || !PACKET_get_net_3(&msgpkt, &fraglen) + || !PACKET_get_net_3_len(&msgpkt, &fragoff) + || !PACKET_get_net_3_len(&msgpkt, &fraglen) || !PACKET_get_sub_packet(&msgpkt, &msgpayload, fraglen) || PACKET_remaining(&msgpkt) != 0) { SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_LENGTH_MISMATCH); @@ -667,8 +670,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) return -1; } if (s->ctx->app_verify_cookie_cb(s, PACKET_data(&cookiepkt), - PACKET_remaining(&cookiepkt)) == - 0) { + (unsigned int)PACKET_remaining(&cookiepkt)) == 0) { /* * We treat invalid cookies in the same was as no cookie as * per RFC6347 @@ -681,20 +683,16 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) } if (next == LISTEN_SEND_VERIFY_REQUEST) { + WPACKET wpkt; + unsigned int version; + size_t wreclen; + /* * There was no cookie in the ClientHello so we need to send a * HelloVerifyRequest. If this fails we do not worry about trying * to resend, we just drop it. */ - /* - * Dump the read packet, we don't need it any more. Ignore return - * value - */ - BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 0, NULL); - BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH); - BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 1, NULL); - /* Generate the cookie */ if (s->ctx->app_gen_cookie_cb == NULL || s->ctx->app_gen_cookie_cb(s, cookie, &cookielen) == 0 || @@ -704,60 +702,80 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) return -1; } - p = &buf[DTLS1_RT_HEADER_LENGTH]; - msglen = dtls_raw_hello_verify_request(p + DTLS1_HM_HEADER_LENGTH, - cookie, cookielen); - - *p++ = DTLS1_MT_HELLO_VERIFY_REQUEST; - - /* Message length */ - l2n3(msglen, p); - - /* Message sequence number is always 0 for a HelloVerifyRequest */ - s2n(0, p); - - /* - * We never fragment a HelloVerifyRequest, so fragment offset is 0 - * and fragment length is message length - */ - l2n3(0, p); - l2n3(msglen, p); - - /* Set reclen equal to length of whole handshake message */ - reclen = msglen + DTLS1_HM_HEADER_LENGTH; - - /* Add the record header */ - p = buf; - - *(p++) = SSL3_RT_HANDSHAKE; /* * Special case: for hello verify request, client version 1.0 and we * haven't decided which version to use yet send back using version * 1.0 header: otherwise some clients will ignore it. */ - if (s->method->version == DTLS_ANY_VERSION) { - *(p++) = DTLS1_VERSION >> 8; - *(p++) = DTLS1_VERSION & 0xff; - } else { - *(p++) = s->version >> 8; - *(p++) = s->version & 0xff; + version = (s->method->version == DTLS_ANY_VERSION) ? DTLS1_VERSION + : s->version; + + /* Construct the record and message headers */ + if (!WPACKET_init_static_len(&wpkt, + wbuf, + ssl_get_max_send_fragment(s) + + DTLS1_RT_HEADER_LENGTH, + 0) + || !WPACKET_put_bytes_u8(&wpkt, SSL3_RT_HANDSHAKE) + || !WPACKET_put_bytes_u16(&wpkt, version) + /* + * Record sequence number is always the same as in the + * received ClientHello + */ + || !WPACKET_memcpy(&wpkt, seq, SEQ_NUM_SIZE) + /* End of record, start sub packet for message */ + || !WPACKET_start_sub_packet_u16(&wpkt) + /* Message type */ + || !WPACKET_put_bytes_u8(&wpkt, + DTLS1_MT_HELLO_VERIFY_REQUEST) + /* + * Message length - doesn't follow normal TLS convention: + * the length isn't the last thing in the message header. + * We'll need to fill this in later when we know the + * length. Set it to zero for now + */ + || !WPACKET_put_bytes_u24(&wpkt, 0) + /* + * Message sequence number is always 0 for a + * HelloVerifyRequest + */ + || !WPACKET_put_bytes_u16(&wpkt, 0) + /* + * We never fragment a HelloVerifyRequest, so fragment + * offset is 0 + */ + || !WPACKET_put_bytes_u24(&wpkt, 0) + /* + * Fragment length is the same as message length, but + * this *is* the last thing in the message header so we + * can just start a sub-packet. No need to come back + * later for this one. + */ + || !WPACKET_start_sub_packet_u24(&wpkt) + /* Create the actual HelloVerifyRequest body */ + || !dtls_raw_hello_verify_request(&wpkt, cookie, cookielen) + /* Close message body */ + || !WPACKET_close(&wpkt) + /* Close record body */ + || !WPACKET_close(&wpkt) + || !WPACKET_get_total_written(&wpkt, &wreclen) + || !WPACKET_finish(&wpkt)) { + SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_INTERNAL_ERROR); + WPACKET_cleanup(&wpkt); + /* This is fatal */ + return -1; } /* - * Record sequence number is always the same as in the received - * ClientHello + * Fix up the message len in the message header. Its the same as the + * fragment len which has been filled in by WPACKET, so just copy + * that. Destination for the message len is after the record header + * plus one byte for the message content type. The source is the + * last 3 bytes of the message header */ - memcpy(p, seq, SEQ_NUM_SIZE); - p += SEQ_NUM_SIZE; - - /* Length */ - s2n(reclen, p); - - /* - * Set reclen equal to length of whole record including record - * header - */ - reclen += DTLS1_RT_HEADER_LENGTH; + memcpy(&wbuf[DTLS1_RT_HEADER_LENGTH + 1], + &wbuf[DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH - 3], + 3); if (s->msg_callback) s->msg_callback(1, 0, SSL3_RT_HEADER, buf, @@ -779,7 +797,8 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) BIO_ADDR_free(tmpclient); tmpclient = NULL; - if (BIO_write(wbio, buf, reclen) < (int)reclen) { + /* TODO(size_t): convert this call */ + if (BIO_write(wbio, wbuf, wreclen) < (int)wreclen) { if (BIO_should_retry(wbio)) { /* * Non-blocking IO...but we're stateless, so we're just @@ -829,197 +848,22 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) if (BIO_dgram_get_peer(rbio, client) <= 0) BIO_ADDR_clear(client); + /* Buffer the record in the processed_rcds queue */ + if (!dtls_buffer_listen_record(s, reclen, seq, align)) + return -1; + ret = 1; - clearpkt = 0; end: BIO_ADDR_free(tmpclient); - BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 0, NULL); - if (clearpkt) { - /* Dump this packet. Ignore return value */ - BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH); - } return ret; } #endif -static int dtls1_set_handshake_header(SSL *s, int htype, unsigned long len) -{ - dtls1_set_message_header(s, htype, len, 0, len); - s->init_num = (int)len + DTLS1_HM_HEADER_LENGTH; - s->init_off = 0; - /* Buffer the message to handle re-xmits */ - - if (!dtls1_buffer_message(s, 0)) - return 0; - - return 1; -} - static int dtls1_handshake_write(SSL *s) { return dtls1_do_write(s, SSL3_RT_HANDSHAKE); } -#ifndef OPENSSL_NO_HEARTBEATS - -# define HEARTBEAT_SIZE(payload, padding) ( \ - 1 /* heartbeat type */ + \ - 2 /* heartbeat length */ + \ - (payload) + (padding)) - -# define HEARTBEAT_SIZE_STD(payload) HEARTBEAT_SIZE(payload, 16) - -int dtls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length) -{ - unsigned char *pl; - unsigned short hbtype; - unsigned int payload; - unsigned int padding = 16; /* Use minimum padding */ - - if (s->msg_callback) - s->msg_callback(0, s->version, DTLS1_RT_HEARTBEAT, - p, length, s, s->msg_callback_arg); - - /* Read type and payload length */ - if (HEARTBEAT_SIZE_STD(0) > length) - return 0; /* silently discard */ - if (length > SSL3_RT_MAX_PLAIN_LENGTH) - return 0; /* silently discard per RFC 6520 sec. 4 */ - - hbtype = *p++; - n2s(p, payload); - if (HEARTBEAT_SIZE_STD(payload) > length) - return 0; /* silently discard per RFC 6520 sec. 4 */ - pl = p; - - if (hbtype == TLS1_HB_REQUEST) { - unsigned char *buffer, *bp; - unsigned int write_length = HEARTBEAT_SIZE(payload, padding); - int r; - - if (write_length > SSL3_RT_MAX_PLAIN_LENGTH) - return 0; - - /* Allocate memory for the response. */ - buffer = OPENSSL_malloc(write_length); - if (buffer == NULL) - return -1; - bp = buffer; - - /* Enter response type, length and copy payload */ - *bp++ = TLS1_HB_RESPONSE; - s2n(payload, bp); - memcpy(bp, pl, payload); - bp += payload; - /* Random padding */ - if (RAND_bytes(bp, padding) <= 0) { - OPENSSL_free(buffer); - return -1; - } - - r = dtls1_write_bytes(s, DTLS1_RT_HEARTBEAT, buffer, write_length); - - if (r >= 0 && s->msg_callback) - s->msg_callback(1, s->version, DTLS1_RT_HEARTBEAT, - buffer, write_length, s, s->msg_callback_arg); - - OPENSSL_free(buffer); - - if (r < 0) - return r; - } else if (hbtype == TLS1_HB_RESPONSE) { - unsigned int seq; - - /* - * We only send sequence numbers (2 bytes unsigned int), and 16 - * random bytes, so we just try to read the sequence number - */ - n2s(pl, seq); - - if (payload == 18 && seq == s->tlsext_hb_seq) { - dtls1_stop_timer(s); - s->tlsext_hb_seq++; - s->tlsext_hb_pending = 0; - } - } - - return 0; -} - -int dtls1_heartbeat(SSL *s) -{ - unsigned char *buf, *p; - int ret = -1; - unsigned int payload = 18; /* Sequence number + random bytes */ - unsigned int padding = 16; /* Use minimum padding */ - unsigned int size; - - /* Only send if peer supports and accepts HB requests... */ - if (!(s->tlsext_heartbeat & SSL_DTLSEXT_HB_ENABLED) || - s->tlsext_heartbeat & SSL_DTLSEXT_HB_DONT_SEND_REQUESTS) { - SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT); - return -1; - } - - /* ...and there is none in flight yet... */ - if (s->tlsext_hb_pending) { - SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_TLS_HEARTBEAT_PENDING); - return -1; - } - - /* ...and no handshake in progress. */ - if (SSL_in_init(s) || ossl_statem_get_in_handshake(s)) { - SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_UNEXPECTED_MESSAGE); - return -1; - } - - /*- - * Create HeartBeat message, we just use a sequence number - * as payload to distinguish different messages and add - * some random stuff. - */ - size = HEARTBEAT_SIZE(payload, padding); - buf = OPENSSL_malloc(size); - if (buf == NULL) { - SSLerr(SSL_F_DTLS1_HEARTBEAT, ERR_R_MALLOC_FAILURE); - return -1; - } - p = buf; - /* Message Type */ - *p++ = TLS1_HB_REQUEST; - /* Payload length (18 bytes here) */ - s2n(payload, p); - /* Sequence number */ - s2n(s->tlsext_hb_seq, p); - /* 16 random bytes */ - if (RAND_bytes(p, 16) <= 0) { - SSLerr(SSL_F_DTLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR); - goto err; - } - p += 16; - /* Random padding */ - if (RAND_bytes(p, padding) <= 0) { - SSLerr(SSL_F_DTLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR); - goto err; - } - - ret = dtls1_write_bytes(s, DTLS1_RT_HEARTBEAT, buf, size); - if (ret >= 0) { - if (s->msg_callback) - s->msg_callback(1, s->version, DTLS1_RT_HEARTBEAT, - buf, size, s, s->msg_callback_arg); - - dtls1_start_timer(s); - s->tlsext_hb_pending = 1; - } - - err: - OPENSSL_free(buf); - - return ret; -} -#endif - int dtls1_shutdown(SSL *s) { int ret; @@ -1067,7 +911,7 @@ int dtls1_query_mtu(SSL *s) /* Set to min mtu */ s->d1->mtu = dtls1_min_mtu(s); BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU, - s->d1->mtu, NULL); + (long)s->d1->mtu, NULL); } } else return 0; @@ -1075,13 +919,54 @@ int dtls1_query_mtu(SSL *s) return 1; } -static unsigned int dtls1_link_min_mtu(void) +static size_t dtls1_link_min_mtu(void) { return (g_probable_mtu[(sizeof(g_probable_mtu) / sizeof(g_probable_mtu[0])) - 1]); } -unsigned int dtls1_min_mtu(SSL *s) +size_t dtls1_min_mtu(SSL *s) { return dtls1_link_min_mtu() - BIO_dgram_get_mtu_overhead(SSL_get_wbio(s)); } + +size_t DTLS_get_data_mtu(const SSL *s) +{ + size_t mac_overhead, int_overhead, blocksize, ext_overhead; + const SSL_CIPHER *ciph = SSL_get_current_cipher(s); + size_t mtu = s->d1->mtu; + + if (ciph == NULL) + return 0; + + if (!ssl_cipher_get_overhead(ciph, &mac_overhead, &int_overhead, + &blocksize, &ext_overhead)) + return 0; + + if (SSL_READ_ETM(s)) + ext_overhead += mac_overhead; + else + int_overhead += mac_overhead; + + /* Subtract external overhead (e.g. IV/nonce, separate MAC) */ + if (ext_overhead + DTLS1_RT_HEADER_LENGTH >= mtu) + return 0; + mtu -= ext_overhead + DTLS1_RT_HEADER_LENGTH; + + /* Round encrypted payload down to cipher block size (for CBC etc.) + * No check for overflow since 'mtu % blocksize' cannot exceed mtu. */ + if (blocksize) + mtu -= (mtu % blocksize); + + /* Subtract internal overhead (e.g. CBC padding len byte) */ + if (int_overhead >= mtu) + return 0; + mtu -= int_overhead; + + return mtu; +} + +void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb) +{ + s->d1->timer_cb = cb; +} diff --git a/deps/openssl/openssl/ssl/d1_msg.c b/deps/openssl/openssl/ssl/d1_msg.c index 7471fd3e9880cd..5906e88ca68f69 100644 --- a/deps/openssl/openssl/ssl/d1_msg.c +++ b/deps/openssl/openssl/ssl/d1_msg.c @@ -7,17 +7,17 @@ * https://www.openssl.org/source/license.html */ -#define USE_SOCKETS #include "ssl_locl.h" -int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len) +int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, size_t len, + size_t *written) { int i; if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s)) { i = s->handshake_func(s); if (i < 0) - return (i); + return i; if (i == 0) { SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); @@ -30,8 +30,7 @@ int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len) return -1; } - i = dtls1_write_bytes(s, type, buf_, len); - return i; + return dtls1_write_bytes(s, type, buf_, len, written); } int dtls1_dispatch_alert(SSL *s) @@ -40,6 +39,7 @@ int dtls1_dispatch_alert(SSL *s) void (*cb) (const SSL *ssl, int type, int val) = NULL; unsigned char buf[DTLS1_AL_HEADER_LENGTH]; unsigned char *ptr = &buf[0]; + size_t written; s->s3->alert_dispatch = 0; @@ -47,23 +47,12 @@ int dtls1_dispatch_alert(SSL *s) *ptr++ = s->s3->send_alert[0]; *ptr++ = s->s3->send_alert[1]; -#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE - if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) { - s2n(s->d1->handshake_read_seq, ptr); - l2n3(s->d1->r_msg_hdr.frag_off, ptr); - } -#endif - - i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0); + i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0, &written); if (i <= 0) { s->s3->alert_dispatch = 1; /* fprintf( stderr, "not done with alert\n" ); */ } else { - if (s->s3->send_alert[0] == SSL3_AL_FATAL -#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE - || s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE -#endif - ) + if (s->s3->send_alert[0] == SSL3_AL_FATAL) (void)BIO_flush(s->wbio); if (s->msg_callback) @@ -80,5 +69,5 @@ int dtls1_dispatch_alert(SSL *s) cb(s, SSL_CB_WRITE_ALERT, j); } } - return (i); + return i; } diff --git a/deps/openssl/openssl/ssl/d1_srtp.c b/deps/openssl/openssl/ssl/d1_srtp.c index 7e88f17754267f..ff8f0c5712df54 100644 --- a/deps/openssl/openssl/ssl/d1_srtp.c +++ b/deps/openssl/openssl/ssl/d1_srtp.c @@ -40,7 +40,7 @@ static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = { }; static int find_profile_by_name(char *profile_name, - SRTP_PROTECTION_PROFILE **pptr, unsigned len) + SRTP_PROTECTION_PROFILE **pptr, size_t len) { SRTP_PROTECTION_PROFILE *p; @@ -76,7 +76,8 @@ static int ssl_ctx_make_profiles(const char *profiles_string, do { col = strchr(ptr, ':'); - if (!find_profile_by_name(ptr, &p, col ? col - ptr : (int)strlen(ptr))) { + if (!find_profile_by_name(ptr, &p, col ? (size_t)(col - ptr) + : strlen(ptr))) { if (sk_SRTP_PROTECTION_PROFILE_find(profiles, p) >= 0) { SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); @@ -135,195 +136,4 @@ SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s) { return s->srtp_profile; } - -/* - * Note: this function returns 0 length if there are no profiles specified - */ -int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, - int maxlen) -{ - int ct = 0; - int i; - STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = 0; - SRTP_PROTECTION_PROFILE *prof; - - clnt = SSL_get_srtp_profiles(s); - ct = sk_SRTP_PROTECTION_PROFILE_num(clnt); /* -1 if clnt == 0 */ - - if (p) { - if (ct == 0) { - SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT, - SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST); - return 1; - } - - if ((2 + ct * 2 + 1) > maxlen) { - SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT, - SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG); - return 1; - } - - /* Add the length */ - s2n(ct * 2, p); - for (i = 0; i < ct; i++) { - prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i); - s2n(prof->id, p); - } - - /* Add an empty use_mki value */ - *p++ = 0; - } - - *len = 2 + ct * 2 + 1; - - return 0; -} - -int ssl_parse_clienthello_use_srtp_ext(SSL *s, PACKET *pkt, int *al) -{ - SRTP_PROTECTION_PROFILE *sprof; - STACK_OF(SRTP_PROTECTION_PROFILE) *srvr; - unsigned int ct, mki_len, id; - int i, srtp_pref; - PACKET subpkt; - - /* Pull off the length of the cipher suite list and check it is even */ - if (!PACKET_get_net_2(pkt, &ct) - || (ct & 1) != 0 || !PACKET_get_sub_packet(pkt, &subpkt, ct)) { - SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, - SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); - *al = SSL_AD_DECODE_ERROR; - return 1; - } - - srvr = SSL_get_srtp_profiles(s); - s->srtp_profile = NULL; - /* Search all profiles for a match initially */ - srtp_pref = sk_SRTP_PROTECTION_PROFILE_num(srvr); - - while (PACKET_remaining(&subpkt)) { - if (!PACKET_get_net_2(&subpkt, &id)) { - SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, - SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); - *al = SSL_AD_DECODE_ERROR; - return 1; - } - - /* - * Only look for match in profiles of higher preference than - * current match. - * If no profiles have been have been configured then this - * does nothing. - */ - for (i = 0; i < srtp_pref; i++) { - sprof = sk_SRTP_PROTECTION_PROFILE_value(srvr, i); - if (sprof->id == id) { - s->srtp_profile = sprof; - srtp_pref = i; - break; - } - } - } - - /* - * Now extract the MKI value as a sanity check, but discard it for now - */ - if (!PACKET_get_1(pkt, &mki_len)) { - SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, - SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); - *al = SSL_AD_DECODE_ERROR; - return 1; - } - - if (!PACKET_forward(pkt, mki_len) - || PACKET_remaining(pkt)) { - SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, - SSL_R_BAD_SRTP_MKI_VALUE); - *al = SSL_AD_DECODE_ERROR; - return 1; - } - - return 0; -} - -int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, - int maxlen) -{ - if (p) { - if (maxlen < 5) { - SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT, - SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG); - return 1; - } - - if (s->srtp_profile == 0) { - SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT, - SSL_R_USE_SRTP_NOT_NEGOTIATED); - return 1; - } - s2n(2, p); - s2n(s->srtp_profile->id, p); - *p++ = 0; - } - *len = 5; - - return 0; -} - -int ssl_parse_serverhello_use_srtp_ext(SSL *s, PACKET *pkt, int *al) -{ - unsigned int id, ct, mki; - int i; - - STACK_OF(SRTP_PROTECTION_PROFILE) *clnt; - SRTP_PROTECTION_PROFILE *prof; - - if (!PACKET_get_net_2(pkt, &ct) - || ct != 2 || !PACKET_get_net_2(pkt, &id) - || !PACKET_get_1(pkt, &mki) - || PACKET_remaining(pkt) != 0) { - SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, - SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); - *al = SSL_AD_DECODE_ERROR; - return 1; - } - - if (mki != 0) { - /* Must be no MKI, since we never offer one */ - SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, - SSL_R_BAD_SRTP_MKI_VALUE); - *al = SSL_AD_ILLEGAL_PARAMETER; - return 1; - } - - clnt = SSL_get_srtp_profiles(s); - - /* Throw an error if the server gave us an unsolicited extension */ - if (clnt == NULL) { - SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, - SSL_R_NO_SRTP_PROFILES); - *al = SSL_AD_DECODE_ERROR; - return 1; - } - - /* - * Check to see if the server gave us something we support (and - * presumably offered) - */ - for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(clnt); i++) { - prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i); - - if (prof->id == id) { - s->srtp_profile = prof; - *al = 0; - return 0; - } - } - - SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, - SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); - *al = SSL_AD_DECODE_ERROR; - return 1; -} - #endif diff --git a/deps/openssl/openssl/ssl/methods.c b/deps/openssl/openssl/ssl/methods.c index c846143277f7c5..348efe467dbbcb 100644 --- a/deps/openssl/openssl/ssl/methods.c +++ b/deps/openssl/openssl/ssl/methods.c @@ -19,6 +19,10 @@ IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0, TLS_method, ossl_statem_accept, ossl_statem_connect, TLSv1_2_enc_data) +IMPLEMENT_tls_meth_func(TLS1_3_VERSION, 0, SSL_OP_NO_TLSv1_3, + tlsv1_3_method, + ossl_statem_accept, + ossl_statem_connect, TLSv1_3_enc_data) #ifndef OPENSSL_NO_TLS1_2_METHOD IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2, tlsv1_2_method, @@ -46,6 +50,10 @@ IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0, TLS_server_method, ossl_statem_accept, ssl_undefined_function, TLSv1_2_enc_data) +IMPLEMENT_tls_meth_func(TLS1_3_VERSION, 0, SSL_OP_NO_TLSv1_3, + tlsv1_3_server_method, + ossl_statem_accept, + ssl_undefined_function, TLSv1_3_enc_data) #ifndef OPENSSL_NO_TLS1_2_METHOD IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2, tlsv1_2_server_method, @@ -75,6 +83,10 @@ IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0, TLS_client_method, ssl_undefined_function, ossl_statem_connect, TLSv1_2_enc_data) +IMPLEMENT_tls_meth_func(TLS1_3_VERSION, 0, SSL_OP_NO_TLSv1_3, + tlsv1_3_client_method, + ssl_undefined_function, + ossl_statem_connect, TLSv1_3_enc_data) #ifndef OPENSSL_NO_TLS1_2_METHOD IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2, tlsv1_2_client_method, diff --git a/deps/openssl/openssl/ssl/packet.c b/deps/openssl/openssl/ssl/packet.c new file mode 100644 index 00000000000000..95031430ed6687 --- /dev/null +++ b/deps/openssl/openssl/ssl/packet.c @@ -0,0 +1,424 @@ +/* + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "internal/cryptlib.h" +#include "packet_locl.h" +#include + +#define DEFAULT_BUF_SIZE 256 + +int WPACKET_allocate_bytes(WPACKET *pkt, size_t len, unsigned char **allocbytes) +{ + if (!WPACKET_reserve_bytes(pkt, len, allocbytes)) + return 0; + + pkt->written += len; + pkt->curr += len; + return 1; +} + +int WPACKET_sub_allocate_bytes__(WPACKET *pkt, size_t len, + unsigned char **allocbytes, size_t lenbytes) +{ + if (!WPACKET_start_sub_packet_len__(pkt, lenbytes) + || !WPACKET_allocate_bytes(pkt, len, allocbytes) + || !WPACKET_close(pkt)) + return 0; + + return 1; +} + +#define GETBUF(p) (((p)->staticbuf != NULL) \ + ? (p)->staticbuf : (unsigned char *)(p)->buf->data) + +int WPACKET_reserve_bytes(WPACKET *pkt, size_t len, unsigned char **allocbytes) +{ + /* Internal API, so should not fail */ + if (!ossl_assert(pkt->subs != NULL && len != 0)) + return 0; + + if (pkt->maxsize - pkt->written < len) + return 0; + + if (pkt->staticbuf == NULL && (pkt->buf->length - pkt->written < len)) { + size_t newlen; + size_t reflen; + + reflen = (len > pkt->buf->length) ? len : pkt->buf->length; + + if (reflen > SIZE_MAX / 2) { + newlen = SIZE_MAX; + } else { + newlen = reflen * 2; + if (newlen < DEFAULT_BUF_SIZE) + newlen = DEFAULT_BUF_SIZE; + } + if (BUF_MEM_grow(pkt->buf, newlen) == 0) + return 0; + } + if (allocbytes != NULL) + *allocbytes = WPACKET_get_curr(pkt); + + return 1; +} + +int WPACKET_sub_reserve_bytes__(WPACKET *pkt, size_t len, + unsigned char **allocbytes, size_t lenbytes) +{ + if (!WPACKET_reserve_bytes(pkt, lenbytes + len, allocbytes)) + return 0; + + *allocbytes += lenbytes; + + return 1; +} + +static size_t maxmaxsize(size_t lenbytes) +{ + if (lenbytes >= sizeof(size_t) || lenbytes == 0) + return SIZE_MAX; + + return ((size_t)1 << (lenbytes * 8)) - 1 + lenbytes; +} + +static int wpacket_intern_init_len(WPACKET *pkt, size_t lenbytes) +{ + unsigned char *lenchars; + + pkt->curr = 0; + pkt->written = 0; + + if ((pkt->subs = OPENSSL_zalloc(sizeof(*pkt->subs))) == NULL) { + SSLerr(SSL_F_WPACKET_INTERN_INIT_LEN, ERR_R_MALLOC_FAILURE); + return 0; + } + + if (lenbytes == 0) + return 1; + + pkt->subs->pwritten = lenbytes; + pkt->subs->lenbytes = lenbytes; + + if (!WPACKET_allocate_bytes(pkt, lenbytes, &lenchars)) { + OPENSSL_free(pkt->subs); + pkt->subs = NULL; + return 0; + } + pkt->subs->packet_len = lenchars - GETBUF(pkt); + + return 1; +} + +int WPACKET_init_static_len(WPACKET *pkt, unsigned char *buf, size_t len, + size_t lenbytes) +{ + size_t max = maxmaxsize(lenbytes); + + /* Internal API, so should not fail */ + if (!ossl_assert(buf != NULL && len > 0)) + return 0; + + pkt->staticbuf = buf; + pkt->buf = NULL; + pkt->maxsize = (max < len) ? max : len; + + return wpacket_intern_init_len(pkt, lenbytes); +} + +int WPACKET_init_len(WPACKET *pkt, BUF_MEM *buf, size_t lenbytes) +{ + /* Internal API, so should not fail */ + if (!ossl_assert(buf != NULL)) + return 0; + + pkt->staticbuf = NULL; + pkt->buf = buf; + pkt->maxsize = maxmaxsize(lenbytes); + + return wpacket_intern_init_len(pkt, lenbytes); +} + +int WPACKET_init(WPACKET *pkt, BUF_MEM *buf) +{ + return WPACKET_init_len(pkt, buf, 0); +} + +int WPACKET_set_flags(WPACKET *pkt, unsigned int flags) +{ + /* Internal API, so should not fail */ + if (!ossl_assert(pkt->subs != NULL)) + return 0; + + pkt->subs->flags = flags; + + return 1; +} + +/* Store the |value| of length |len| at location |data| */ +static int put_value(unsigned char *data, size_t value, size_t len) +{ + for (data += len - 1; len > 0; len--) { + *data = (unsigned char)(value & 0xff); + data--; + value >>= 8; + } + + /* Check whether we could fit the value in the assigned number of bytes */ + if (value > 0) + return 0; + + return 1; +} + + +/* + * Internal helper function used by WPACKET_close(), WPACKET_finish() and + * WPACKET_fill_lengths() to close a sub-packet and write out its length if + * necessary. If |doclose| is 0 then it goes through the motions of closing + * (i.e. it fills in all the lengths), but doesn't actually close anything. + */ +static int wpacket_intern_close(WPACKET *pkt, WPACKET_SUB *sub, int doclose) +{ + size_t packlen = pkt->written - sub->pwritten; + + if (packlen == 0 + && (sub->flags & WPACKET_FLAGS_NON_ZERO_LENGTH) != 0) + return 0; + + if (packlen == 0 + && sub->flags & WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH) { + /* We can't handle this case. Return an error */ + if (!doclose) + return 0; + + /* Deallocate any bytes allocated for the length of the WPACKET */ + if ((pkt->curr - sub->lenbytes) == sub->packet_len) { + pkt->written -= sub->lenbytes; + pkt->curr -= sub->lenbytes; + } + + /* Don't write out the packet length */ + sub->packet_len = 0; + sub->lenbytes = 0; + } + + /* Write out the WPACKET length if needed */ + if (sub->lenbytes > 0 + && !put_value(&GETBUF(pkt)[sub->packet_len], packlen, + sub->lenbytes)) + return 0; + + if (doclose) { + pkt->subs = sub->parent; + OPENSSL_free(sub); + } + + return 1; +} + +int WPACKET_fill_lengths(WPACKET *pkt) +{ + WPACKET_SUB *sub; + + if (!ossl_assert(pkt->subs != NULL)) + return 0; + + for (sub = pkt->subs; sub != NULL; sub = sub->parent) { + if (!wpacket_intern_close(pkt, sub, 0)) + return 0; + } + + return 1; +} + +int WPACKET_close(WPACKET *pkt) +{ + /* + * Internal API, so should not fail - but we do negative testing of this + * so no assert (otherwise the tests fail) + */ + if (pkt->subs == NULL || pkt->subs->parent == NULL) + return 0; + + return wpacket_intern_close(pkt, pkt->subs, 1); +} + +int WPACKET_finish(WPACKET *pkt) +{ + int ret; + + /* + * Internal API, so should not fail - but we do negative testing of this + * so no assert (otherwise the tests fail) + */ + if (pkt->subs == NULL || pkt->subs->parent != NULL) + return 0; + + ret = wpacket_intern_close(pkt, pkt->subs, 1); + if (ret) { + OPENSSL_free(pkt->subs); + pkt->subs = NULL; + } + + return ret; +} + +int WPACKET_start_sub_packet_len__(WPACKET *pkt, size_t lenbytes) +{ + WPACKET_SUB *sub; + unsigned char *lenchars; + + /* Internal API, so should not fail */ + if (!ossl_assert(pkt->subs != NULL)) + return 0; + + if ((sub = OPENSSL_zalloc(sizeof(*sub))) == NULL) { + SSLerr(SSL_F_WPACKET_START_SUB_PACKET_LEN__, ERR_R_MALLOC_FAILURE); + return 0; + } + + sub->parent = pkt->subs; + pkt->subs = sub; + sub->pwritten = pkt->written + lenbytes; + sub->lenbytes = lenbytes; + + if (lenbytes == 0) { + sub->packet_len = 0; + return 1; + } + + if (!WPACKET_allocate_bytes(pkt, lenbytes, &lenchars)) + return 0; + /* Convert to an offset in case the underlying BUF_MEM gets realloc'd */ + sub->packet_len = lenchars - GETBUF(pkt); + + return 1; +} + +int WPACKET_start_sub_packet(WPACKET *pkt) +{ + return WPACKET_start_sub_packet_len__(pkt, 0); +} + +int WPACKET_put_bytes__(WPACKET *pkt, unsigned int val, size_t size) +{ + unsigned char *data; + + /* Internal API, so should not fail */ + if (!ossl_assert(size <= sizeof(unsigned int)) + || !WPACKET_allocate_bytes(pkt, size, &data) + || !put_value(data, val, size)) + return 0; + + return 1; +} + +int WPACKET_set_max_size(WPACKET *pkt, size_t maxsize) +{ + WPACKET_SUB *sub; + size_t lenbytes; + + /* Internal API, so should not fail */ + if (!ossl_assert(pkt->subs != NULL)) + return 0; + + /* Find the WPACKET_SUB for the top level */ + for (sub = pkt->subs; sub->parent != NULL; sub = sub->parent) + continue; + + lenbytes = sub->lenbytes; + if (lenbytes == 0) + lenbytes = sizeof(pkt->maxsize); + + if (maxmaxsize(lenbytes) < maxsize || maxsize < pkt->written) + return 0; + + pkt->maxsize = maxsize; + + return 1; +} + +int WPACKET_memset(WPACKET *pkt, int ch, size_t len) +{ + unsigned char *dest; + + if (len == 0) + return 1; + + if (!WPACKET_allocate_bytes(pkt, len, &dest)) + return 0; + + memset(dest, ch, len); + + return 1; +} + +int WPACKET_memcpy(WPACKET *pkt, const void *src, size_t len) +{ + unsigned char *dest; + + if (len == 0) + return 1; + + if (!WPACKET_allocate_bytes(pkt, len, &dest)) + return 0; + + memcpy(dest, src, len); + + return 1; +} + +int WPACKET_sub_memcpy__(WPACKET *pkt, const void *src, size_t len, + size_t lenbytes) +{ + if (!WPACKET_start_sub_packet_len__(pkt, lenbytes) + || !WPACKET_memcpy(pkt, src, len) + || !WPACKET_close(pkt)) + return 0; + + return 1; +} + +int WPACKET_get_total_written(WPACKET *pkt, size_t *written) +{ + /* Internal API, so should not fail */ + if (!ossl_assert(written != NULL)) + return 0; + + *written = pkt->written; + + return 1; +} + +int WPACKET_get_length(WPACKET *pkt, size_t *len) +{ + /* Internal API, so should not fail */ + if (!ossl_assert(pkt->subs != NULL && len != NULL)) + return 0; + + *len = pkt->written - pkt->subs->pwritten; + + return 1; +} + +unsigned char *WPACKET_get_curr(WPACKET *pkt) +{ + return GETBUF(pkt) + pkt->curr; +} + +void WPACKET_cleanup(WPACKET *pkt) +{ + WPACKET_SUB *sub, *parent; + + for (sub = pkt->subs; sub != NULL; sub = parent) { + parent = sub->parent; + OPENSSL_free(sub); + } + pkt->subs = NULL; +} diff --git a/deps/openssl/openssl/ssl/packet_locl.h b/deps/openssl/openssl/ssl/packet_locl.h index d34034dedb09d3..860360b8b2317a 100644 --- a/deps/openssl/openssl/ssl/packet_locl.h +++ b/deps/openssl/openssl/ssl/packet_locl.h @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -18,10 +18,6 @@ # include "internal/numbers.h" -# ifdef __cplusplus -extern "C" { -# endif - typedef struct { /* Pointer to where we are currently reading from */ const unsigned char *curr; @@ -160,6 +156,18 @@ __owur static ossl_inline int PACKET_get_net_2(PACKET *pkt, unsigned int *data) return 1; } +/* Same as PACKET_get_net_2() but for a size_t */ +__owur static ossl_inline int PACKET_get_net_2_len(PACKET *pkt, size_t *data) +{ + unsigned int i; + int ret = PACKET_get_net_2(pkt, &i); + + if (ret) + *data = (size_t)i; + + return ret; +} + /* * Peek ahead at 3 bytes in network order from |pkt| and store the value in * |*data| @@ -189,6 +197,18 @@ __owur static ossl_inline int PACKET_get_net_3(PACKET *pkt, unsigned long *data) return 1; } +/* Same as PACKET_get_net_3() but for a size_t */ +__owur static ossl_inline int PACKET_get_net_3_len(PACKET *pkt, size_t *data) +{ + unsigned long i; + int ret = PACKET_get_net_3(pkt, &i); + + if (ret) + *data = (size_t)i; + + return ret; +} + /* * Peek ahead at 4 bytes in network order from |pkt| and store the value in * |*data| @@ -219,6 +239,18 @@ __owur static ossl_inline int PACKET_get_net_4(PACKET *pkt, unsigned long *data) return 1; } +/* Same as PACKET_get_net_4() but for a size_t */ +__owur static ossl_inline int PACKET_get_net_4_len(PACKET *pkt, size_t *data) +{ + unsigned long i; + int ret = PACKET_get_net_4(pkt, &i); + + if (ret) + *data = (size_t)i; + + return ret; +} + /* Peek ahead at 1 byte from |pkt| and store the value in |*data| */ __owur static ossl_inline int PACKET_peek_1(const PACKET *pkt, unsigned int *data) @@ -242,6 +274,18 @@ __owur static ossl_inline int PACKET_get_1(PACKET *pkt, unsigned int *data) return 1; } +/* Same as PACKET_get_1() but for a size_t */ +__owur static ossl_inline int PACKET_get_1_len(PACKET *pkt, size_t *data) +{ + unsigned int i; + int ret = PACKET_get_1(pkt, &i); + + if (ret) + *data = (size_t)i; + + return ret; +} + /* * Peek ahead at 4 bytes in reverse network order from |pkt| and store the value * in |*data| @@ -548,8 +592,283 @@ __owur static ossl_inline int PACKET_get_length_prefixed_3(PACKET *pkt, return 1; } -# ifdef __cplusplus -} -# endif + +/* Writeable packets */ + +typedef struct wpacket_sub WPACKET_SUB; +struct wpacket_sub { + /* The parent WPACKET_SUB if we have one or NULL otherwise */ + WPACKET_SUB *parent; + + /* + * Offset into the buffer where the length of this WPACKET goes. We use an + * offset in case the buffer grows and gets reallocated. + */ + size_t packet_len; + + /* Number of bytes in the packet_len or 0 if we don't write the length */ + size_t lenbytes; + + /* Number of bytes written to the buf prior to this packet starting */ + size_t pwritten; + + /* Flags for this sub-packet */ + unsigned int flags; +}; + +typedef struct wpacket_st WPACKET; +struct wpacket_st { + /* The buffer where we store the output data */ + BUF_MEM *buf; + + /* Fixed sized buffer which can be used as an alternative to buf */ + unsigned char *staticbuf; + + /* + * Offset into the buffer where we are currently writing. We use an offset + * in case the buffer grows and gets reallocated. + */ + size_t curr; + + /* Number of bytes written so far */ + size_t written; + + /* Maximum number of bytes we will allow to be written to this WPACKET */ + size_t maxsize; + + /* Our sub-packets (always at least one if not finished) */ + WPACKET_SUB *subs; +}; + +/* Flags */ + +/* Default */ +#define WPACKET_FLAGS_NONE 0 + +/* Error on WPACKET_close() if no data written to the WPACKET */ +#define WPACKET_FLAGS_NON_ZERO_LENGTH 1 + +/* + * Abandon all changes on WPACKET_close() if no data written to the WPACKET, + * i.e. this does not write out a zero packet length + */ +#define WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH 2 + + +/* + * Initialise a WPACKET with the buffer in |buf|. The buffer must exist + * for the whole time that the WPACKET is being used. Additionally |lenbytes| of + * data is preallocated at the start of the buffer to store the length of the + * WPACKET once we know it. + */ +int WPACKET_init_len(WPACKET *pkt, BUF_MEM *buf, size_t lenbytes); + +/* + * Same as WPACKET_init_len except there is no preallocation of the WPACKET + * length. + */ +int WPACKET_init(WPACKET *pkt, BUF_MEM *buf); + +/* + * Same as WPACKET_init_len except we do not use a growable BUF_MEM structure. + * A fixed buffer of memory |buf| of size |len| is used instead. A failure will + * occur if you attempt to write beyond the end of the buffer + */ +int WPACKET_init_static_len(WPACKET *pkt, unsigned char *buf, size_t len, + size_t lenbytes); +/* + * Set the flags to be applied to the current sub-packet + */ +int WPACKET_set_flags(WPACKET *pkt, unsigned int flags); + +/* + * Closes the most recent sub-packet. It also writes out the length of the + * packet to the required location (normally the start of the WPACKET) if + * appropriate. The top level WPACKET should be closed using WPACKET_finish() + * instead of this function. + */ +int WPACKET_close(WPACKET *pkt); + +/* + * The same as WPACKET_close() but only for the top most WPACKET. Additionally + * frees memory resources for this WPACKET. + */ +int WPACKET_finish(WPACKET *pkt); + +/* + * Iterate through all the sub-packets and write out their lengths as if they + * were being closed. The lengths will be overwritten with the final lengths + * when the sub-packets are eventually closed (which may be different if more + * data is added to the WPACKET). This function fails if a sub-packet is of 0 + * length and WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH is set. + */ +int WPACKET_fill_lengths(WPACKET *pkt); + +/* + * Initialise a new sub-packet. Additionally |lenbytes| of data is preallocated + * at the start of the sub-packet to store its length once we know it. Don't + * call this directly. Use the convenience macros below instead. + */ +int WPACKET_start_sub_packet_len__(WPACKET *pkt, size_t lenbytes); + +/* + * Convenience macros for calling WPACKET_start_sub_packet_len with different + * lengths + */ +#define WPACKET_start_sub_packet_u8(pkt) \ + WPACKET_start_sub_packet_len__((pkt), 1) +#define WPACKET_start_sub_packet_u16(pkt) \ + WPACKET_start_sub_packet_len__((pkt), 2) +#define WPACKET_start_sub_packet_u24(pkt) \ + WPACKET_start_sub_packet_len__((pkt), 3) +#define WPACKET_start_sub_packet_u32(pkt) \ + WPACKET_start_sub_packet_len__((pkt), 4) + +/* + * Same as WPACKET_start_sub_packet_len__() except no bytes are pre-allocated + * for the sub-packet length. + */ +int WPACKET_start_sub_packet(WPACKET *pkt); + +/* + * Allocate bytes in the WPACKET for the output. This reserves the bytes + * and counts them as "written", but doesn't actually do the writing. A pointer + * to the allocated bytes is stored in |*allocbytes|. |allocbytes| may be NULL. + * WARNING: the allocated bytes must be filled in immediately, without further + * WPACKET_* calls. If not then the underlying buffer may be realloc'd and + * change its location. + */ +int WPACKET_allocate_bytes(WPACKET *pkt, size_t len, + unsigned char **allocbytes); + +/* + * The same as WPACKET_allocate_bytes() except additionally a new sub-packet is + * started for the allocated bytes, and then closed immediately afterwards. The + * number of length bytes for the sub-packet is in |lenbytes|. Don't call this + * directly. Use the convenience macros below instead. + */ +int WPACKET_sub_allocate_bytes__(WPACKET *pkt, size_t len, + unsigned char **allocbytes, size_t lenbytes); + +/* + * Convenience macros for calling WPACKET_sub_allocate_bytes with different + * lengths + */ +#define WPACKET_sub_allocate_bytes_u8(pkt, len, bytes) \ + WPACKET_sub_allocate_bytes__((pkt), (len), (bytes), 1) +#define WPACKET_sub_allocate_bytes_u16(pkt, len, bytes) \ + WPACKET_sub_allocate_bytes__((pkt), (len), (bytes), 2) +#define WPACKET_sub_allocate_bytes_u24(pkt, len, bytes) \ + WPACKET_sub_allocate_bytes__((pkt), (len), (bytes), 3) +#define WPACKET_sub_allocate_bytes_u32(pkt, len, bytes) \ + WPACKET_sub_allocate_bytes__((pkt), (len), (bytes), 4) + +/* + * The same as WPACKET_allocate_bytes() except the reserved bytes are not + * actually counted as written. Typically this will be for when we don't know + * how big arbitrary data is going to be up front, but we do know what the + * maximum size will be. If this function is used, then it should be immediately + * followed by a WPACKET_allocate_bytes() call before any other WPACKET + * functions are called (unless the write to the allocated bytes is abandoned). + * + * For example: If we are generating a signature, then the size of that + * signature may not be known in advance. We can use WPACKET_reserve_bytes() to + * handle this: + * + * if (!WPACKET_sub_reserve_bytes_u16(&pkt, EVP_PKEY_size(pkey), &sigbytes1) + * || EVP_SignFinal(md_ctx, sigbytes1, &siglen, pkey) <= 0 + * || !WPACKET_sub_allocate_bytes_u16(&pkt, siglen, &sigbytes2) + * || sigbytes1 != sigbytes2) + * goto err; + */ +int WPACKET_reserve_bytes(WPACKET *pkt, size_t len, unsigned char **allocbytes); + +/* + * The "reserve_bytes" equivalent of WPACKET_sub_allocate_bytes__() + */ +int WPACKET_sub_reserve_bytes__(WPACKET *pkt, size_t len, + unsigned char **allocbytes, size_t lenbytes); + +/* + * Convenience macros for WPACKET_sub_reserve_bytes with different lengths + */ +#define WPACKET_sub_reserve_bytes_u8(pkt, len, bytes) \ + WPACKET_reserve_bytes__((pkt), (len), (bytes), 1) +#define WPACKET_sub_reserve_bytes_u16(pkt, len, bytes) \ + WPACKET_sub_reserve_bytes__((pkt), (len), (bytes), 2) +#define WPACKET_sub_reserve_bytes_u24(pkt, len, bytes) \ + WPACKET_sub_reserve_bytes__((pkt), (len), (bytes), 3) +#define WPACKET_sub_reserve_bytes_u32(pkt, len, bytes) \ + WPACKET_sub_reserve_bytes__((pkt), (len), (bytes), 4) + +/* + * Write the value stored in |val| into the WPACKET. The value will consume + * |bytes| amount of storage. An error will occur if |val| cannot be + * accommodated in |bytes| storage, e.g. attempting to write the value 256 into + * 1 byte will fail. Don't call this directly. Use the convenience macros below + * instead. + */ +int WPACKET_put_bytes__(WPACKET *pkt, unsigned int val, size_t bytes); + +/* + * Convenience macros for calling WPACKET_put_bytes with different + * lengths + */ +#define WPACKET_put_bytes_u8(pkt, val) \ + WPACKET_put_bytes__((pkt), (val), 1) +#define WPACKET_put_bytes_u16(pkt, val) \ + WPACKET_put_bytes__((pkt), (val), 2) +#define WPACKET_put_bytes_u24(pkt, val) \ + WPACKET_put_bytes__((pkt), (val), 3) +#define WPACKET_put_bytes_u32(pkt, val) \ + WPACKET_put_bytes__((pkt), (val), 4) + +/* Set a maximum size that we will not allow the WPACKET to grow beyond */ +int WPACKET_set_max_size(WPACKET *pkt, size_t maxsize); + +/* Copy |len| bytes of data from |*src| into the WPACKET. */ +int WPACKET_memcpy(WPACKET *pkt, const void *src, size_t len); + +/* Set |len| bytes of data to |ch| into the WPACKET. */ +int WPACKET_memset(WPACKET *pkt, int ch, size_t len); + +/* + * Copy |len| bytes of data from |*src| into the WPACKET and prefix with its + * length (consuming |lenbytes| of data for the length). Don't call this + * directly. Use the convenience macros below instead. + */ +int WPACKET_sub_memcpy__(WPACKET *pkt, const void *src, size_t len, + size_t lenbytes); + +/* Convenience macros for calling WPACKET_sub_memcpy with different lengths */ +#define WPACKET_sub_memcpy_u8(pkt, src, len) \ + WPACKET_sub_memcpy__((pkt), (src), (len), 1) +#define WPACKET_sub_memcpy_u16(pkt, src, len) \ + WPACKET_sub_memcpy__((pkt), (src), (len), 2) +#define WPACKET_sub_memcpy_u24(pkt, src, len) \ + WPACKET_sub_memcpy__((pkt), (src), (len), 3) +#define WPACKET_sub_memcpy_u32(pkt, src, len) \ + WPACKET_sub_memcpy__((pkt), (src), (len), 4) + +/* + * Return the total number of bytes written so far to the underlying buffer + * including any storage allocated for length bytes + */ +int WPACKET_get_total_written(WPACKET *pkt, size_t *written); + +/* + * Returns the length of the current sub-packet. This excludes any bytes + * allocated for the length itself. + */ +int WPACKET_get_length(WPACKET *pkt, size_t *len); + +/* + * Returns a pointer to the current write location, but does not allocate any + * bytes. + */ +unsigned char *WPACKET_get_curr(WPACKET *pkt); + +/* Release resources in a WPACKET if a failure has occurred. */ +void WPACKET_cleanup(WPACKET *pkt); #endif /* HEADER_PACKET_LOCL_H */ diff --git a/deps/openssl/openssl/ssl/pqueue.c b/deps/openssl/openssl/ssl/pqueue.c index b447e1dceb7702..548a7a443d9145 100644 --- a/deps/openssl/openssl/ssl/pqueue.c +++ b/deps/openssl/openssl/ssl/pqueue.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -18,14 +18,15 @@ struct pqueue_st { pitem *pitem_new(unsigned char *prio64be, void *data) { pitem *item = OPENSSL_malloc(sizeof(*item)); - if (item == NULL) + + if (item == NULL) { + SSLerr(SSL_F_PITEM_NEW, ERR_R_MALLOC_FAILURE); return NULL; + } memcpy(item->priority, prio64be, sizeof(item->priority)); - item->data = data; item->next = NULL; - return item; } @@ -34,10 +35,13 @@ void pitem_free(pitem *item) OPENSSL_free(item); } -pqueue *pqueue_new() +pqueue *pqueue_new(void) { pqueue *pq = OPENSSL_zalloc(sizeof(*pq)); + if (pq == NULL) + SSLerr(SSL_F_PQUEUE_NEW, ERR_R_MALLOC_FAILURE); + return pq; } @@ -127,7 +131,7 @@ pitem *pqueue_iterator(pqueue *pq) return pqueue_peek(pq); } -pitem *pqueue_next(pitem **item) +pitem *pqueue_next(piterator *item) { pitem *ret; @@ -141,10 +145,10 @@ pitem *pqueue_next(pitem **item) return ret; } -int pqueue_size(pqueue *pq) +size_t pqueue_size(pqueue *pq) { pitem *item = pq->items; - int count = 0; + size_t count = 0; while (item != NULL) { count++; diff --git a/deps/openssl/openssl/ssl/record/rec_layer_d1.c b/deps/openssl/openssl/ssl/record/rec_layer_d1.c index 6111a2e1913e50..1f9b31969d8268 100644 --- a/deps/openssl/openssl/ssl/record/rec_layer_d1.c +++ b/deps/openssl/openssl/ssl/record/rec_layer_d1.c @@ -9,18 +9,21 @@ #include #include -#define USE_SOCKETS #include "../ssl_locl.h" #include #include #include "record_locl.h" +#include "../packet_locl.h" +#include "internal/cryptlib.h" int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl) { DTLS_RECORD_LAYER *d; - if ((d = OPENSSL_malloc(sizeof(*d))) == NULL) - return (0); + if ((d = OPENSSL_malloc(sizeof(*d))) == NULL) { + SSLerr(SSL_F_DTLS_RECORD_LAYER_NEW, ERR_R_MALLOC_FAILURE); + return 0; + } rl->d = d; @@ -35,7 +38,7 @@ int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl) pqueue_free(d->buffered_app_data.q); OPENSSL_free(d); rl->d = NULL; - return (0); + return 0; } return 1; @@ -108,19 +111,11 @@ void DTLS_RECORD_LAYER_set_saved_w_epoch(RECORD_LAYER *rl, unsigned short e) rl->d->w_epoch = e; } -void DTLS_RECORD_LAYER_resync_write(RECORD_LAYER *rl) -{ - memcpy(rl->write_sequence, rl->read_sequence, sizeof(rl->write_sequence)); -} - void DTLS_RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, unsigned char *seq) { memcpy(rl->write_sequence, seq, SEQ_NUM_SIZE); } -static int have_handshake_fragment(SSL *s, int type, unsigned char *buf, - int len); - /* copy buffered record into SSL structure */ static int dtls1_copy_record(SSL *s, pitem *item) { @@ -138,7 +133,7 @@ static int dtls1_copy_record(SSL *s, pitem *item) /* Set proper sequence number for mac calculation */ memcpy(&(s->rlayer.read_sequence[2]), &(rdata->packet[5]), 6); - return (1); + return 1; } int dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) @@ -155,7 +150,8 @@ int dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) if (rdata == NULL || item == NULL) { OPENSSL_free(rdata); pitem_free(item); - SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_BUFFER_RECORD, + ERR_R_INTERNAL_ERROR); return -1; } @@ -182,23 +178,21 @@ int dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) memset(&s->rlayer.rrec, 0, sizeof(s->rlayer.rrec)); if (!ssl3_setup_buffers(s)) { - SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); + /* SSLfatal() already called */ OPENSSL_free(rdata->rbuf.buf); OPENSSL_free(rdata); pitem_free(item); - return (-1); + return -1; } - /* insert should not fail, since duplicates are dropped */ if (pqueue_insert(queue->q, item) == NULL) { - SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); + /* Must be a duplicate so ignore it */ OPENSSL_free(rdata->rbuf.buf); OPENSSL_free(rdata); pitem_free(item); - return (-1); } - return (1); + return 1; } int dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue) @@ -212,10 +206,10 @@ int dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue) OPENSSL_free(item->data); pitem_free(item); - return (1); + return 1; } - return (0); + return 0; } /* @@ -265,8 +259,9 @@ int dtls1_process_buffered_records(SSL *s) * current record is from a different epoch. But that cannot * be the case because we already checked the epoch above */ - SSLerr(SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS, + ERR_R_INTERNAL_ERROR); return 0; } #ifndef OPENSSL_NO_SCTP @@ -284,6 +279,10 @@ int dtls1_process_buffered_records(SSL *s) } if (!replayok || !dtls1_process_record(s, bitmap)) { + if (ossl_statem_in_error(s)) { + /* dtls1_process_record called SSLfatal() */ + return -1; + } /* dump this record */ rr->length = 0; RECORD_LAYER_reset_packet_length(&s->rlayer); @@ -291,8 +290,10 @@ int dtls1_process_buffered_records(SSL *s) } if (dtls1_buffer_record(s, &(s->rlayer.d->processed_rcds), - SSL3_RECORD_get_seq_num(s->rlayer.rrec)) < 0) + SSL3_RECORD_get_seq_num(s->rlayer.rrec)) < 0) { + /* SSLfatal() already called */ return 0; + } } } @@ -336,49 +337,37 @@ int dtls1_process_buffered_records(SSL *s) * none of our business */ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, - int len, int peek) + size_t len, int peek, size_t *readbytes) { - int al, i, j, ret; - unsigned int n; + int i, j, iret; + size_t n; SSL3_RECORD *rr; void (*cb) (const SSL *ssl, int type2, int val) = NULL; if (!SSL3_BUFFER_is_initialised(&s->rlayer.rbuf)) { /* Not initialized yet */ - if (!ssl3_setup_buffers(s)) - return (-1); + if (!ssl3_setup_buffers(s)) { + /* SSLfatal() already called */ + return -1; + } } if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE)) || (peek && (type != SSL3_RT_APPLICATION_DATA))) { - SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_READ_BYTES, + ERR_R_INTERNAL_ERROR); return -1; } - /* - * check whether there's a handshake message (client hello?) waiting - */ - if ((ret = have_handshake_fragment(s, type, buf, len))) { - *recvd_type = SSL3_RT_HANDSHAKE; - return ret; - } - - /* - * Now s->rlayer.d->handshake_fragment_len == 0 if - * type == SSL3_RT_HANDSHAKE. - */ - - if (!ossl_statem_get_in_handshake(s) && SSL_in_init(s)) - { + if (!ossl_statem_get_in_handshake(s) && SSL_in_init(s)) { /* type == SSL3_RT_APPLICATION_DATA */ i = s->handshake_func(s); + /* SSLfatal() already called if appropriate */ if (i < 0) - return (i); - if (i == 0) { - SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); - return (-1); - } + return i; + if (i == 0) + return -1; } start: @@ -417,19 +406,26 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } /* Check for timeout */ - if (dtls1_handle_timeout(s) > 0) + if (dtls1_handle_timeout(s) > 0) { goto start; + } else if (ossl_statem_in_error(s)) { + /* dtls1_handle_timeout() has failed with a fatal error */ + return -1; + } /* get new packet if necessary */ if ((SSL3_RECORD_get_length(rr) == 0) || (s->rlayer.rstate == SSL_ST_READ_BODY)) { RECORD_LAYER_set_numrpipes(&s->rlayer, 0); - ret = dtls1_get_record(s); - if (ret <= 0) { - ret = dtls1_read_failed(s, ret); - /* anything other than a timeout is an error */ - if (ret <= 0) - return (ret); + iret = dtls1_get_record(s); + if (iret <= 0) { + iret = dtls1_read_failed(s, iret); + /* + * Anything other than a timeout is an error. SSLfatal() already + * called if appropriate. + */ + if (iret <= 0) + return iret; else goto start; } @@ -469,7 +465,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, */ if (dtls1_buffer_record(s, &(s->rlayer.d->buffered_app_data), SSL3_RECORD_get_seq_num(rr)) < 0) { - SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR); + /* SSLfatal() already called */ return -1; } SSL3_RECORD_set_length(rr, 0); @@ -502,15 +498,15 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, */ if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && (s->enc_read_ctx == NULL)) { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_APP_DATA_IN_HANDSHAKE); - goto f_err; + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES, + SSL_R_APP_DATA_IN_HANDSHAKE); + return -1; } if (recvd_type != NULL) *recvd_type = SSL3_RECORD_get_type(rr); - if (len <= 0) { + if (len == 0) { /* * Mark a zero length record as read. This ensures multiple calls to * SSL_read() with a zero length buffer will eventually cause @@ -518,13 +514,13 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, */ if (SSL3_RECORD_get_length(rr) == 0) SSL3_RECORD_set_read(rr); - return len; + return 0; } - if ((unsigned int)len > SSL3_RECORD_get_length(rr)) + if (len > SSL3_RECORD_get_length(rr)) n = SSL3_RECORD_get_length(rr); else - n = (unsigned int)len; + n = len; memcpy(buf, &(SSL3_RECORD_get_data(rr)[SSL3_RECORD_get_off(rr)]), n); if (peek) { @@ -549,10 +545,11 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, s->d1->shutdown_received && !BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) { s->shutdown |= SSL_RECEIVED_SHUTDOWN; - return (0); + return 0; } #endif - return (n); + *readbytes = n; + return 1; } /* @@ -560,199 +557,23 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * then it was unexpected (Hello Request or Client Hello). */ - /* - * In case of record types for which we have 'fragment' storage, fill - * that so that we can process the data at a fixed place. - */ - { - unsigned int k, dest_maxlen = 0; - unsigned char *dest = NULL; - unsigned int *dest_len = NULL; - - if (SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) { - dest_maxlen = sizeof(s->rlayer.d->handshake_fragment); - dest = s->rlayer.d->handshake_fragment; - dest_len = &s->rlayer.d->handshake_fragment_len; - } else if (SSL3_RECORD_get_type(rr) == SSL3_RT_ALERT) { - dest_maxlen = sizeof(s->rlayer.d->alert_fragment); - dest = s->rlayer.d->alert_fragment; - dest_len = &s->rlayer.d->alert_fragment_len; - } -#ifndef OPENSSL_NO_HEARTBEATS - else if (SSL3_RECORD_get_type(rr) == DTLS1_RT_HEARTBEAT) { - /* We allow a 0 return */ - if (dtls1_process_heartbeat(s, SSL3_RECORD_get_data(rr), - SSL3_RECORD_get_length(rr)) < 0) { - return -1; - } - /* Exit and notify application to read again */ - SSL3_RECORD_set_length(rr, 0); - SSL3_RECORD_set_read(rr); - s->rwstate = SSL_READING; - BIO_clear_retry_flags(SSL_get_rbio(s)); - BIO_set_retry_read(SSL_get_rbio(s)); - return (-1); - } -#endif - /* else it's a CCS message, or application data or wrong */ - else if (SSL3_RECORD_get_type(rr) != SSL3_RT_CHANGE_CIPHER_SPEC) { - /* - * Application data while renegotiating is allowed. Try again - * reading. - */ - if (SSL3_RECORD_get_type(rr) == SSL3_RT_APPLICATION_DATA) { - BIO *bio; - s->s3->in_read_app_data = 2; - bio = SSL_get_rbio(s); - s->rwstate = SSL_READING; - BIO_clear_retry_flags(bio); - BIO_set_retry_read(bio); - return (-1); - } - - /* Not certain if this is the right error handling */ - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD); - goto f_err; - } - - if (dest_maxlen > 0) { - /* - * XDTLS: In a pathological case, the Client Hello may be - * fragmented--don't always expect dest_maxlen bytes - */ - if (SSL3_RECORD_get_length(rr) < dest_maxlen) { -#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE - /* - * for normal alerts rr->length is 2, while - * dest_maxlen is 7 if we were to handle this - * non-existing alert... - */ - FIX ME; -#endif - s->rlayer.rstate = SSL_ST_READ_HEADER; - SSL3_RECORD_set_length(rr, 0); - SSL3_RECORD_set_read(rr); - goto start; - } - - /* now move 'n' bytes: */ - for (k = 0; k < dest_maxlen; k++) { - dest[k] = SSL3_RECORD_get_data(rr)[SSL3_RECORD_get_off(rr)]; - SSL3_RECORD_add_off(rr, 1); - SSL3_RECORD_add_length(rr, -1); - } - if (SSL3_RECORD_get_length(rr) == 0) - SSL3_RECORD_set_read(rr); - *dest_len = dest_maxlen; - } - } - - /*- - * s->rlayer.d->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE; - * s->rlayer.d->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT. - * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) - */ - - /* If we are a client, check for an incoming 'Hello Request': */ - if ((!s->server) && - (s->rlayer.d->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) && - (s->rlayer.d->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) && - (s->session != NULL) && (s->session->cipher != NULL)) { - s->rlayer.d->handshake_fragment_len = 0; - - if ((s->rlayer.d->handshake_fragment[1] != 0) || - (s->rlayer.d->handshake_fragment[2] != 0) || - (s->rlayer.d->handshake_fragment[3] != 0)) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_BAD_HELLO_REQUEST); - goto f_err; - } - - /* - * no need to check sequence number on HELLO REQUEST messages - */ - - if (s->msg_callback) - s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, - s->rlayer.d->handshake_fragment, 4, s, - s->msg_callback_arg); - - if (SSL_is_init_finished(s) && - (s->options & SSL_OP_NO_RENEGOTIATION) == 0 && - !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && - !s->s3->renegotiate) { - s->d1->handshake_read_seq++; - s->new_session = 1; - ssl3_renegotiate(s); - if (ssl3_renegotiate_check(s)) { - i = s->handshake_func(s); - if (i < 0) - return (i); - if (i == 0) { - SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); - return (-1); - } - - if (!(s->mode & SSL_MODE_AUTO_RETRY)) { - if (SSL3_BUFFER_get_left(&s->rlayer.rbuf) == 0) { - /* no read-ahead left? */ - BIO *bio; - /* - * In the case where we try to read application data, - * but we trigger an SSL handshake, we return -1 with - * the retry option set. Otherwise renegotiation may - * cause nasty problems in the blocking world - */ - s->rwstate = SSL_READING; - bio = SSL_get_rbio(s); - BIO_clear_retry_flags(bio); - BIO_set_retry_read(bio); - return (-1); - } - } - } - } else { - SSL3_RECORD_set_length(rr, 0); - SSL3_RECORD_set_read(rr); - ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); + if (SSL3_RECORD_get_type(rr) == SSL3_RT_ALERT) { + unsigned int alert_level, alert_descr; + unsigned char *alert_bytes = SSL3_RECORD_get_data(rr) + + SSL3_RECORD_get_off(rr); + PACKET alert; + + if (!PACKET_buf_init(&alert, alert_bytes, SSL3_RECORD_get_length(rr)) + || !PACKET_get_1(&alert, &alert_level) + || !PACKET_get_1(&alert, &alert_descr) + || PACKET_remaining(&alert) != 0) { + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES, + SSL_R_INVALID_ALERT); + return -1; } - /* - * we either finished a handshake or ignored the request, now try - * again to obtain the (application) data we were asked for - */ - goto start; - } - - /* - * If we are a server and get a client hello when renegotiation isn't - * allowed send back a no renegotiation alert and carry on. - */ - if (s->server - && SSL_is_init_finished(s) - && s->rlayer.d->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH - && s->rlayer.d->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO - && s->s3->previous_client_finished_len != 0 - && ((!s->s3->send_connection_binding - && (s->options - & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) == 0) - || (s->options & SSL_OP_NO_RENEGOTIATION) != 0)) { - s->rlayer.d->handshake_fragment_len = 0; - SSL3_RECORD_set_length(rr, 0); - SSL3_RECORD_set_read(rr); - ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); - goto start; - } - - if (s->rlayer.d->alert_fragment_len >= DTLS1_AL_HEADER_LENGTH) { - int alert_level = s->rlayer.d->alert_fragment[0]; - int alert_descr = s->rlayer.d->alert_fragment[1]; - - s->rlayer.d->alert_fragment_len = 0; if (s->msg_callback) - s->msg_callback(0, s->version, SSL3_RT_ALERT, - s->rlayer.d->alert_fragment, 2, s, + s->msg_callback(0, s->version, SSL3_RT_ALERT, alert_bytes, 2, s, s->msg_callback_arg); if (s->info_callback != NULL) @@ -771,9 +592,9 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, s->rlayer.alert_count++; if (s->rlayer.alert_count == MAX_WARN_ALERT_COUNT) { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS); - goto f_err; + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES, + SSL_R_TOO_MANY_WARN_ALERTS); + return -1; } if (alert_descr == SSL_AD_CLOSE_NOTIFY) { @@ -793,52 +614,25 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } #endif s->shutdown |= SSL_RECEIVED_SHUTDOWN; - return (0); - } -#if 0 - /* XXX: this is a possible improvement in the future */ - /* now check if it's a missing record */ - if (alert_descr == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) { - unsigned short seq; - unsigned int frag_off; - unsigned char *p = &(s->rlayer.d->alert_fragment[2]); - - n2s(p, seq); - n2l3(p, frag_off); - - dtls1_retransmit_message(s, - dtls1_get_queue_priority - (frag->msg_header.seq, 0), frag_off, - &found); - if (!found && SSL_in_init(s)) { - /* - * fprintf( stderr,"in init = %d\n", SSL_in_init(s)); - */ - /* - * requested a message not yet sent, send an alert - * ourselves - */ - ssl3_send_alert(s, SSL3_AL_WARNING, - DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); - } + return 0; } -#endif } else if (alert_level == SSL3_AL_FATAL) { char tmp[16]; s->rwstate = SSL_NOTHING; s->s3->fatal_alert = alert_descr; - SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr); - BIO_snprintf(tmp, sizeof(tmp), "%d", alert_descr); + SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_DTLS1_READ_BYTES, + SSL_AD_REASON_OFFSET + alert_descr); + BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr); ERR_add_error_data(2, "SSL alert number ", tmp); s->shutdown |= SSL_RECEIVED_SHUTDOWN; SSL3_RECORD_set_read(rr); SSL_CTX_remove_session(s->session_ctx, s->session); - return (0); + return 0; } else { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE); - goto f_err; + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_DTLS1_READ_BYTES, + SSL_R_UNKNOWN_ALERT_TYPE); + return -1; } goto start; @@ -865,27 +659,38 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, /* * Unexpected handshake message (Client Hello, or protocol violation) */ - if ((s->rlayer.d->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) && - !ossl_statem_get_in_handshake(s)) { + if ((SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) && + !ossl_statem_get_in_handshake(s)) { struct hm_header_st msg_hdr; - /* this may just be a stale retransmit */ - dtls1_get_message_header(rr->data, &msg_hdr); - if (SSL3_RECORD_get_epoch(rr) != s->rlayer.d->r_epoch) { + /* + * This may just be a stale retransmit. Also sanity check that we have + * at least enough record bytes for a message header + */ + if (SSL3_RECORD_get_epoch(rr) != s->rlayer.d->r_epoch + || SSL3_RECORD_get_length(rr) < DTLS1_HM_HEADER_LENGTH) { SSL3_RECORD_set_length(rr, 0); SSL3_RECORD_set_read(rr); goto start; } + dtls1_get_message_header(rr->data, &msg_hdr); + /* * If we are server, we may have a repeated FINISHED of the client * here, then retransmit our CCS and FINISHED. */ if (msg_hdr.type == SSL3_MT_FINISHED) { - if (dtls1_check_timeout_num(s) < 0) + if (dtls1_check_timeout_num(s) < 0) { + /* SSLfatal) already called */ return -1; + } - dtls1_retransmit_buffered_messages(s); + if (dtls1_retransmit_buffered_messages(s) <= 0) { + /* Fail if we encountered a fatal error */ + if (ossl_statem_in_error(s)) + return -1; + } SSL3_RECORD_set_length(rr, 0); SSL3_RECORD_set_read(rr); if (!(s->mode & SSL_MODE_AUTO_RETRY)) { @@ -903,19 +708,27 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, goto start; } - if (SSL_is_init_finished(s) && - !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) { - ossl_statem_set_in_init(s, 1); - s->renegotiate = 1; - s->new_session = 1; + /* + * To get here we must be trying to read app data but found handshake + * data. But if we're trying to read app data, and we're not in init + * (which is tested for at the top of this function) then init must be + * finished + */ + if (!ossl_assert(SSL_is_init_finished(s))) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_READ_BYTES, + ERR_R_INTERNAL_ERROR); + return -1; } + + /* We found handshake data, so we're going back into init */ + ossl_statem_set_in_init(s, 1); + i = s->handshake_func(s); + /* SSLfatal() called if appropriate */ if (i < 0) - return (i); - if (i == 0) { - SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); - return (-1); - } + return i; + if (i == 0) + return -1; if (!(s->mode & SSL_MODE_AUTO_RETRY)) { if (SSL3_BUFFER_get_left(&s->rlayer.rbuf) == 0) { @@ -931,7 +744,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, bio = SSL_get_rbio(s); BIO_clear_retry_flags(bio); BIO_set_retry_read(bio); - return (-1); + return -1; } } goto start; @@ -939,15 +752,9 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, switch (SSL3_RECORD_get_type(rr)) { default: - /* TLS just ignores unknown message types */ - if (s->version == TLS1_VERSION) { - SSL3_RECORD_set_length(rr, 0); - SSL3_RECORD_set_read(rr); - goto start; - } - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD); - goto f_err; + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES, + SSL_R_UNEXPECTED_RECORD); + return -1; case SSL3_RT_CHANGE_CIPHER_SPEC: case SSL3_RT_ALERT: case SSL3_RT_HANDSHAKE: @@ -956,9 +763,9 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * SSL3_RT_HANDSHAKE when ossl_statem_get_in_handshake(s) is true, but * that should not happen when type != rr->type */ - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR); - goto f_err; + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES, + ERR_R_INTERNAL_ERROR); + return -1; case SSL3_RT_APPLICATION_DATA: /* * At this point, we were expecting handshake data, but have @@ -971,73 +778,41 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, (s->s3->total_renegotiations != 0) && ossl_statem_app_data_allowed(s)) { s->s3->in_read_app_data = 2; - return (-1); + return -1; } else { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD); - goto f_err; + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES, + SSL_R_UNEXPECTED_RECORD); + return -1; } } /* not reached */ - - f_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - return (-1); -} - - /* - * this only happens when a client hello is received and a handshake - * is started. - */ -static int have_handshake_fragment(SSL *s, int type, unsigned char *buf, - int len) -{ - - if ((type == SSL3_RT_HANDSHAKE) - && (s->rlayer.d->handshake_fragment_len > 0)) - /* (partially) satisfy request from storage */ - { - unsigned char *src = s->rlayer.d->handshake_fragment; - unsigned char *dst = buf; - unsigned int k, n; - - /* peek == 0 */ - n = 0; - while ((len > 0) && (s->rlayer.d->handshake_fragment_len > 0)) { - *dst++ = *src++; - len--; - s->rlayer.d->handshake_fragment_len--; - n++; - } - /* move any remaining fragment bytes: */ - for (k = 0; k < s->rlayer.d->handshake_fragment_len; k++) - s->rlayer.d->handshake_fragment[k] = *src++; - return n; - } - - return 0; } /* * Call this to write data in records of type 'type' It will return <= 0 if * not all data has been sent or non-blocking IO. */ -int dtls1_write_bytes(SSL *s, int type, const void *buf, int len) +int dtls1_write_bytes(SSL *s, int type, const void *buf, size_t len, + size_t *written) { int i; - OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH); + if (!ossl_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_WRITE_BYTES, + ERR_R_INTERNAL_ERROR); + return -1; + } s->rwstate = SSL_NOTHING; - i = do_dtls1_write(s, type, buf, len, 0); + i = do_dtls1_write(s, type, buf, len, 0, written); return i; } int do_dtls1_write(SSL *s, int type, const unsigned char *buf, - unsigned int len, int create_empty_fragment) + size_t len, int create_empty_fragment, size_t *written) { unsigned char *p, *pseq; int i, mac_size, clear = 0; - int prefix_len = 0; + size_t prefix_len = 0; int eivlen; SSL3_RECORD wr; SSL3_BUFFER *wb; @@ -1049,24 +824,26 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, * first check if there is a SSL3_BUFFER still being written out. This * will happen with non blocking IO */ - if (SSL3_BUFFER_get_left(wb) != 0) { - OPENSSL_assert(0); /* XDTLS: want to see if we ever get here */ - return (ssl3_write_pending(s, type, buf, len)); + if (!ossl_assert(SSL3_BUFFER_get_left(wb) == 0)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE, + ERR_R_INTERNAL_ERROR); + return 0; } /* If we have an alert to send, lets send it */ if (s->s3->alert_dispatch) { i = s->method->ssl_dispatch_alert(s); if (i <= 0) - return (i); + return i; /* if it went, fall through and send more stuff */ } if (len == 0 && !create_empty_fragment) return 0; - if (len > s->max_send_fragment) { - SSLerr(SSL_F_DO_DTLS1_WRITE, SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE); + if (len > ssl_get_max_send_fragment(s)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE, + SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE); return 0; } @@ -1080,8 +857,11 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, mac_size = 0; else { mac_size = EVP_MD_CTX_size(s->write_hash); - if (mac_size < 0) - goto err; + if (mac_size < 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE, + SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE); + return -1; + } } p = SSL3_BUFFER_get_buf(wb) + prefix_len; @@ -1128,7 +908,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, /* lets setup the record stuff. */ SSL3_RECORD_set_data(&wr, p + eivlen); /* make room for IV in case of CBC */ - SSL3_RECORD_set_length(&wr, (int)len); + SSL3_RECORD_set_length(&wr, len); SSL3_RECORD_set_input(&wr, (unsigned char *)buf); /* @@ -1138,8 +918,9 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, /* first we compress */ if (s->compress != NULL) { if (!ssl3_do_compress(s, &wr)) { - SSLerr(SSL_F_DO_DTLS1_WRITE, SSL_R_COMPRESSION_FAILURE); - goto err; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE, + SSL_R_COMPRESSION_FAILURE); + return -1; } } else { memcpy(SSL3_RECORD_get_data(&wr), SSL3_RECORD_get_input(&wr), @@ -1153,11 +934,14 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, * wb->buf */ - if (mac_size != 0) { - if (s->method->ssl3_enc->mac(s, &wr, - &(p[SSL3_RECORD_get_length(&wr) + eivlen]), - 1) < 0) - goto err; + if (!SSL_WRITE_ETM(s) && mac_size != 0) { + if (!s->method->ssl3_enc->mac(s, &wr, + &(p[SSL3_RECORD_get_length(&wr) + eivlen]), + 1)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE, + ERR_R_INTERNAL_ERROR); + return -1; + } SSL3_RECORD_add_length(&wr, mac_size); } @@ -1168,24 +952,30 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, if (eivlen) SSL3_RECORD_add_length(&wr, eivlen); - if (s->method->ssl3_enc->enc(s, &wr, 1, 1) < 1) - goto err; + if (s->method->ssl3_enc->enc(s, &wr, 1, 1) < 1) { + if (!ossl_statem_in_error(s)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE, + ERR_R_INTERNAL_ERROR); + } + return -1; + } + + if (SSL_WRITE_ETM(s) && mac_size != 0) { + if (!s->method->ssl3_enc->mac(s, &wr, + &(p[SSL3_RECORD_get_length(&wr)]), 1)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE, + ERR_R_INTERNAL_ERROR); + return -1; + } + SSL3_RECORD_add_length(&wr, mac_size); + } /* record length after mac and block padding */ - /* - * if (type == SSL3_RT_APPLICATION_DATA || (type == SSL3_RT_ALERT && ! - * SSL_in_init(s))) - */ /* there's only one epoch between handshake and app data */ s2n(s->rlayer.d->w_epoch, pseq); - /* XDTLS: ?? */ - /* - * else s2n(s->d1->handshake_epoch, pseq); - */ - memcpy(pseq, &(s->rlayer.write_sequence[2]), 6); pseq += 6; s2n(SSL3_RECORD_get_length(&wr), pseq); @@ -1208,7 +998,8 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, * we are in a recursive call; just return the length, don't write * out anything here */ - return wr.length; + *written = wr.length; + return 1; } /* now let's set up wb */ @@ -1224,10 +1015,8 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, s->rlayer.wpend_type = type; s->rlayer.wpend_ret = len; - /* we now just need to write the buffer */ - return ssl3_write_pending(s, type, buf, len); - err: - return -1; + /* we now just need to write the buffer. Calls SSLfatal() as required. */ + return ssl3_write_pending(s, type, buf, len, written); } DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, diff --git a/deps/openssl/openssl/ssl/record/rec_layer_s3.c b/deps/openssl/openssl/ssl/record/rec_layer_s3.c index 1ffc1205d97bf9..6d495715b22abc 100644 --- a/deps/openssl/openssl/ssl/record/rec_layer_s3.c +++ b/deps/openssl/openssl/ssl/record/rec_layer_s3.c @@ -10,12 +10,12 @@ #include #include #include -#define USE_SOCKETS #include "../ssl_locl.h" #include #include #include #include "record_locl.h" +#include "../packet_locl.h" #if defined(OPENSSL_SMALL_FOOTPRINT) || \ !( defined(AES_ASM) && ( \ @@ -46,8 +46,6 @@ void RECORD_LAYER_clear(RECORD_LAYER *rl) rl->packet = NULL; rl->packet_length = 0; rl->wnum = 0; - memset(rl->alert_fragment, 0, sizeof(rl->alert_fragment)); - rl->alert_fragment_len = 0; memset(rl->handshake_fragment, 0, sizeof(rl->handshake_fragment)); rl->handshake_fragment_len = 0; rl->wpend_tot = 0; @@ -100,22 +98,6 @@ int RECORD_LAYER_write_pending(const RECORD_LAYER *rl) && SSL3_BUFFER_get_left(&rl->wbuf[rl->numwpipes - 1]) != 0; } -int RECORD_LAYER_set_data(RECORD_LAYER *rl, const unsigned char *buf, int len) -{ - rl->packet_length = len; - if (len != 0) { - rl->rstate = SSL_ST_READ_HEADER; - if (!SSL3_BUFFER_is_initialised(&rl->rbuf)) - if (!ssl3_setup_read_buffer(rl->s)) - return 0; - } - - rl->packet = SSL3_BUFFER_get_buf(&rl->rbuf); - SSL3_BUFFER_set_data(&rl->rbuf, buf, len); - - return 1; -} - void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl) { memset(rl->read_sequence, 0, sizeof(rl->read_sequence)); @@ -126,10 +108,9 @@ void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl) memset(rl->write_sequence, 0, sizeof(rl->write_sequence)); } -int ssl3_pending(const SSL *s) +size_t ssl3_pending(const SSL *s) { - unsigned int i; - int num = 0; + size_t i, num = 0; if (s->rlayer.rstate == SSL_ST_READ_BODY) return 0; @@ -185,7 +166,8 @@ const char *SSL_rstate_string(const SSL *s) /* * Return values are as per SSL_read() */ -int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold) +int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold, + size_t *readbytes) { /* * If extend == 0, obtain new n-byte packet; if extend == 1, increase @@ -196,18 +178,19 @@ int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold) * if clearold == 1, move the packet to the start of the buffer; if * clearold == 0 then leave any old packets where they were */ - int i, len, left; - size_t align = 0; + size_t len, left, align = 0; unsigned char *pkt; SSL3_BUFFER *rb; - if (n <= 0) - return n; + if (n == 0) + return 0; rb = &s->rlayer.rbuf; if (rb->buf == NULL) - if (!ssl3_setup_read_buffer(s)) + if (!ssl3_setup_read_buffer(s)) { + /* SSLfatal() already called */ return -1; + } left = rb->left; #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 @@ -272,13 +255,16 @@ int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold) s->rlayer.packet_length += n; rb->left = left - n; rb->offset += n; - return (n); + *readbytes = n; + return 1; } /* else we need to read more data */ - if (n > (int)(rb->len - rb->offset)) { /* does not happen */ - SSLerr(SSL_F_SSL3_READ_N, ERR_R_INTERNAL_ERROR); + if (n > rb->len - rb->offset) { + /* does not happen */ + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_N, + ERR_R_INTERNAL_ERROR); return -1; } @@ -289,11 +275,14 @@ int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold) else { if (max < n) max = n; - if (max > (int)(rb->len - rb->offset)) + if (max > rb->len - rb->offset) max = rb->len - rb->offset; } while (left < n) { + size_t bioread = 0; + int ret; + /* * Now we have len+left bytes at the front of s->s3->rbuf.buf and * need to read in more until we have len+n (up to len+max if @@ -303,20 +292,24 @@ int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold) clear_sys_error(); if (s->rbio != NULL) { s->rwstate = SSL_READING; - i = BIO_read(s->rbio, pkt + len + left, max - left); + /* TODO(size_t): Convert this function */ + ret = BIO_read(s->rbio, pkt + len + left, max - left); + if (ret >= 0) + bioread = ret; } else { - SSLerr(SSL_F_SSL3_READ_N, SSL_R_READ_BIO_NOT_SET); - i = -1; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_N, + SSL_R_READ_BIO_NOT_SET); + ret = -1; } - if (i <= 0) { + if (ret <= 0) { rb->left = left; if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_IS_DTLS(s)) if (len + left == 0) ssl3_release_read_buffer(s); - return i; + return ret; } - left += i; + left += bioread; /* * reads should *never* span multiple packets for DTLS because the * underlying transport protocol is message oriented as opposed to @@ -333,55 +326,65 @@ int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold) rb->left = left - n; s->rlayer.packet_length += n; s->rwstate = SSL_NOTHING; - return (n); + *readbytes = n; + return 1; } /* * Call this to write data in records of type 'type' It will return <= 0 if * not all data has been sent or non-blocking IO. */ -int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) +int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, + size_t *written) { const unsigned char *buf = buf_; - int tot; - unsigned int n, split_send_fragment, maxpipes; + size_t tot; + size_t n, max_send_fragment, split_send_fragment, maxpipes; #if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK - unsigned int max_send_fragment, nw; - unsigned int u_len = (unsigned int)len; + size_t nw; #endif SSL3_BUFFER *wb = &s->rlayer.wbuf[0]; int i; - - if (len < 0) { - SSLerr(SSL_F_SSL3_WRITE_BYTES, SSL_R_SSL_NEGATIVE_LENGTH); - return -1; - } + size_t tmpwrit; s->rwstate = SSL_NOTHING; tot = s->rlayer.wnum; /* * ensure that if we end up with a smaller value of data to write out - * than the the original len from a write which didn't complete for + * than the original len from a write which didn't complete for * non-blocking I/O and also somehow ended up avoiding the check for * this in ssl3_write_pending/SSL_R_BAD_WRITE_RETRY as it must never be * possible to end up with (len-tot) as a large number that will then * promptly send beyond the end of the users buffer ... so we trap and * report the error in a way the user will notice */ - if (((unsigned int)len < s->rlayer.wnum) - || ((wb->left != 0) && ((unsigned int)len < (s->rlayer.wnum + s->rlayer.wpend_tot)))) { - SSLerr(SSL_F_SSL3_WRITE_BYTES, SSL_R_BAD_LENGTH); + if ((len < s->rlayer.wnum) + || ((wb->left != 0) && (len < (s->rlayer.wnum + s->rlayer.wpend_tot)))) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_WRITE_BYTES, + SSL_R_BAD_LENGTH); + return -1; + } + + if (s->early_data_state == SSL_EARLY_DATA_WRITING + && !early_data_count_ok(s, len, 0, 1)) { + /* SSLfatal() already called */ return -1; } s->rlayer.wnum = 0; - if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s)) { + /* + * When writing early data on the server side we could be "in_init" in + * between receiving the EoED and the CF - but we don't want to handle those + * messages yet. + */ + if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s) + && s->early_data_state != SSL_EARLY_DATA_UNAUTH_WRITING) { i = s->handshake_func(s); + /* SSLfatal() already called */ if (i < 0) - return (i); + return i; if (i == 0) { - SSLerr(SSL_F_SSL3_WRITE_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); return -1; } } @@ -391,13 +394,15 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) * will happen with non blocking IO */ if (wb->left != 0) { - i = ssl3_write_pending(s, type, &buf[tot], s->rlayer.wpend_tot); + /* SSLfatal() already called if appropriate */ + i = ssl3_write_pending(s, type, &buf[tot], s->rlayer.wpend_tot, + &tmpwrit); if (i <= 0) { /* XXX should we ssl3_release_write_buffer if i<0? */ s->rlayer.wnum = tot; return i; } - tot += i; /* this might be last fragment */ + tot += tmpwrit; /* this might be last fragment */ } #if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK /* @@ -407,14 +412,15 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) * compromise is considered worthy. */ if (type == SSL3_RT_APPLICATION_DATA && - u_len >= 4 * (max_send_fragment = s->max_send_fragment) && + len >= 4 * (max_send_fragment = ssl_get_max_send_fragment(s)) && s->compress == NULL && s->msg_callback == NULL && !SSL_WRITE_ETM(s) && SSL_USE_EXPLICIT_IV(s) && EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_write_ctx)) & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) { unsigned char aad[13]; EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param; - int packlen; + size_t packlen; + int packleni; /* minimize address aliasing conflicts */ if ((max_send_fragment & 0xfff) == 0) @@ -425,21 +431,22 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) packlen = EVP_CIPHER_CTX_ctrl(s->enc_write_ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE, - max_send_fragment, NULL); + (int)max_send_fragment, NULL); - if (u_len >= 8 * max_send_fragment) + if (len >= 8 * max_send_fragment) packlen *= 8; else packlen *= 4; if (!ssl3_setup_write_buffer(s, 1, packlen)) { - SSLerr(SSL_F_SSL3_WRITE_BYTES, ERR_R_MALLOC_FAILURE); + /* SSLfatal() already called */ return -1; } } else if (tot == len) { /* done? */ /* free jumbo buffer */ ssl3_release_write_buffer(s); - return tot; + *written = tot; + return 1; } n = (len - tot); @@ -453,6 +460,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) if (s->s3->alert_dispatch) { i = s->method->ssl_dispatch_alert(s); if (i <= 0) { + /* SSLfatal() already called if appropriate */ s->rlayer.wnum = tot; return i; } @@ -473,11 +481,11 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) mb_param.inp = aad; mb_param.len = nw; - packlen = EVP_CIPHER_CTX_ctrl(s->enc_write_ctx, + packleni = EVP_CIPHER_CTX_ctrl(s->enc_write_ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_AAD, sizeof(mb_param), &mb_param); - - if (packlen <= 0 || packlen > (int)wb->len) { /* never happens */ + packlen = (size_t)packleni; + if (packleni <= 0 || packlen > wb->len) { /* never happens */ /* free jumbo buffer */ ssl3_release_write_buffer(s); break; @@ -506,8 +514,9 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) s->rlayer.wpend_type = type; s->rlayer.wpend_ret = nw; - i = ssl3_write_pending(s, type, &buf[tot], nw); + i = ssl3_write_pending(s, type, &buf[tot], nw, &tmpwrit); if (i <= 0) { + /* SSLfatal() already called if appropriate */ if (i < 0 && (!s->wbio || !BIO_should_retry(s->wbio))) { /* free jumbo buffer */ ssl3_release_write_buffer(s); @@ -515,26 +524,29 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) s->rlayer.wnum = tot; return i; } - if (i == (int)n) { + if (tmpwrit == n) { /* free jumbo buffer */ ssl3_release_write_buffer(s); - return tot + i; + *written = tot + tmpwrit; + return 1; } - n -= i; - tot += i; + n -= tmpwrit; + tot += tmpwrit; } } else -#endif +#endif /* !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK */ if (tot == len) { /* done? */ if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_IS_DTLS(s)) ssl3_release_write_buffer(s); - return tot; + *written = tot; + return 1; } n = (len - tot); - split_send_fragment = s->split_send_fragment; + max_send_fragment = ssl_get_max_send_fragment(s); + split_send_fragment = ssl_get_split_send_fragment(s); /* * If max_pipelines is 0 then this means "undefined" and we default to * 1 pipeline. Similarly if the cipher does not support pipelined @@ -547,7 +559,8 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) * We should have prevented this when we set max_pipelines so we * shouldn't get here */ - SSLerr(SSL_F_SSL3_WRITE_BYTES, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_WRITE_BYTES, + ERR_R_INTERNAL_ERROR); return -1; } if (maxpipes == 0 @@ -556,19 +569,20 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) & EVP_CIPH_FLAG_PIPELINE) || !SSL_USE_EXPLICIT_IV(s)) maxpipes = 1; - if (s->max_send_fragment == 0 || split_send_fragment > s->max_send_fragment - || split_send_fragment == 0) { + if (max_send_fragment == 0 || split_send_fragment == 0 + || split_send_fragment > max_send_fragment) { /* - * We should have prevented this when we set the split and max send + * We should have prevented this when we set/get the split and max send * fragments so we shouldn't get here */ - SSLerr(SSL_F_SSL3_WRITE_BYTES, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_WRITE_BYTES, + ERR_R_INTERNAL_ERROR); return -1; } for (;;) { - unsigned int pipelens[SSL_MAX_PIPELINES], tmppipelen, remain; - unsigned int numpipes, j; + size_t pipelens[SSL_MAX_PIPELINES], tmppipelen, remain; + size_t numpipes, j; if (n == 0) numpipes = 1; @@ -577,13 +591,13 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) if (numpipes > maxpipes) numpipes = maxpipes; - if (n / numpipes >= s->max_send_fragment) { + if (n / numpipes >= max_send_fragment) { /* * We have enough data to completely fill all available * pipelines */ for (j = 0; j < numpipes; j++) { - pipelens[j] = s->max_send_fragment; + pipelens[j] = max_send_fragment; } } else { /* We can partially fill all available pipelines */ @@ -596,14 +610,16 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) } } - i = do_ssl3_write(s, type, &(buf[tot]), pipelens, numpipes, 0); + i = do_ssl3_write(s, type, &(buf[tot]), pipelens, numpipes, 0, + &tmpwrit); if (i <= 0) { + /* SSLfatal() already called if appropriate */ /* XXX should we ssl3_release_write_buffer if i<0? */ s->rlayer.wnum = tot; return i; } - if ((i == (int)n) || + if (tmpwrit == n || (type == SSL3_RT_APPLICATION_DATA && (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) { /* @@ -616,28 +632,32 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) !SSL_IS_DTLS(s)) ssl3_release_write_buffer(s); - return tot + i; + *written = tot + tmpwrit; + return 1; } - n -= i; - tot += i; + n -= tmpwrit; + tot += tmpwrit; } } int do_ssl3_write(SSL *s, int type, const unsigned char *buf, - unsigned int *pipelens, unsigned int numpipes, - int create_empty_fragment) + size_t *pipelens, size_t numpipes, + int create_empty_fragment, size_t *written) { - unsigned char *outbuf[SSL_MAX_PIPELINES], *plen[SSL_MAX_PIPELINES]; + WPACKET pkt[SSL_MAX_PIPELINES]; SSL3_RECORD wr[SSL_MAX_PIPELINES]; + WPACKET *thispkt; + SSL3_RECORD *thiswr; + unsigned char *recordstart; int i, mac_size, clear = 0; - int prefix_len = 0; - int eivlen; + size_t prefix_len = 0; + int eivlen = 0; size_t align = 0; SSL3_BUFFER *wb; SSL_SESSION *sess; - unsigned int totlen = 0; - unsigned int j; + size_t totlen = 0, len, wpinited = 0; + size_t j; for (j = 0; j < numpipes; j++) totlen += pipelens[j]; @@ -645,20 +665,27 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, * first check if there is a SSL3_BUFFER still being written out. This * will happen with non blocking IO */ - if (RECORD_LAYER_write_pending(&s->rlayer)) - return (ssl3_write_pending(s, type, buf, totlen)); + if (RECORD_LAYER_write_pending(&s->rlayer)) { + /* Calls SSLfatal() as required */ + return ssl3_write_pending(s, type, buf, totlen, written); + } /* If we have an alert to send, lets send it */ if (s->s3->alert_dispatch) { i = s->method->ssl_dispatch_alert(s); - if (i <= 0) - return (i); + if (i <= 0) { + /* SSLfatal() already called if appropriate */ + return i; + } /* if it went, fall through and send more stuff */ } - if (s->rlayer.numwpipes < numpipes) - if (!ssl3_setup_write_buffer(s, numpipes, 0)) + if (s->rlayer.numwpipes < numpipes) { + if (!ssl3_setup_write_buffer(s, numpipes, 0)) { + /* SSLfatal() already called */ return -1; + } + } if (totlen == 0 && !create_empty_fragment) return 0; @@ -670,9 +697,13 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, clear = s->enc_write_ctx ? 0 : 1; /* must be AEAD cipher */ mac_size = 0; } else { + /* TODO(siz_t): Convert me */ mac_size = EVP_MD_CTX_size(s->write_hash); - if (mac_size < 0) + if (mac_size < 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE, + ERR_R_INTERNAL_ERROR); goto err; + } } /* @@ -691,16 +722,20 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, * 'prefix_len' bytes are sent out later together with the actual * payload) */ - unsigned int tmppipelen = 0; + size_t tmppipelen = 0; + int ret; - prefix_len = do_ssl3_write(s, type, buf, &tmppipelen, 1, 1); - if (prefix_len <= 0) + ret = do_ssl3_write(s, type, buf, &tmppipelen, 1, 1, &prefix_len); + if (ret <= 0) { + /* SSLfatal() already called if appropriate */ goto err; + } if (prefix_len > (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) { /* insufficient space */ - SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE, + ERR_R_INTERNAL_ERROR); goto err; } } @@ -719,136 +754,325 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, align = (size_t)SSL3_BUFFER_get_buf(wb) + 2 * SSL3_RT_HEADER_LENGTH; align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD); #endif - outbuf[0] = SSL3_BUFFER_get_buf(wb) + align; SSL3_BUFFER_set_offset(wb, align); + if (!WPACKET_init_static_len(&pkt[0], SSL3_BUFFER_get_buf(wb), + SSL3_BUFFER_get_len(wb), 0) + || !WPACKET_allocate_bytes(&pkt[0], align, NULL)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE, + ERR_R_INTERNAL_ERROR); + goto err; + } + wpinited = 1; } else if (prefix_len) { wb = &s->rlayer.wbuf[0]; - outbuf[0] = SSL3_BUFFER_get_buf(wb) + SSL3_BUFFER_get_offset(wb) - + prefix_len; + if (!WPACKET_init_static_len(&pkt[0], + SSL3_BUFFER_get_buf(wb), + SSL3_BUFFER_get_len(wb), 0) + || !WPACKET_allocate_bytes(&pkt[0], SSL3_BUFFER_get_offset(wb) + + prefix_len, NULL)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE, + ERR_R_INTERNAL_ERROR); + goto err; + } + wpinited = 1; } else { for (j = 0; j < numpipes; j++) { + thispkt = &pkt[j]; + wb = &s->rlayer.wbuf[j]; -#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 +#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD != 0 align = (size_t)SSL3_BUFFER_get_buf(wb) + SSL3_RT_HEADER_LENGTH; align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD); #endif - outbuf[j] = SSL3_BUFFER_get_buf(wb) + align; SSL3_BUFFER_set_offset(wb, align); + if (!WPACKET_init_static_len(thispkt, SSL3_BUFFER_get_buf(wb), + SSL3_BUFFER_get_len(wb), 0) + || !WPACKET_allocate_bytes(thispkt, align, NULL)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE, + ERR_R_INTERNAL_ERROR); + goto err; + } + wpinited++; } } /* Explicit IV length, block ciphers appropriate version flag */ - if (s->enc_write_ctx && SSL_USE_EXPLICIT_IV(s)) { + if (s->enc_write_ctx && SSL_USE_EXPLICIT_IV(s) && !SSL_TREAT_AS_TLS13(s)) { int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx); if (mode == EVP_CIPH_CBC_MODE) { + /* TODO(size_t): Convert me */ eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx); if (eivlen <= 1) eivlen = 0; - } - /* Need explicit part of IV for GCM mode */ - else if (mode == EVP_CIPH_GCM_MODE) + } else if (mode == EVP_CIPH_GCM_MODE) { + /* Need explicit part of IV for GCM mode */ eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN; - else if (mode == EVP_CIPH_CCM_MODE) + } else if (mode == EVP_CIPH_CCM_MODE) { eivlen = EVP_CCM_TLS_EXPLICIT_IV_LEN; - else - eivlen = 0; - } else - eivlen = 0; + } + } totlen = 0; /* Clear our SSL3_RECORD structures */ memset(wr, 0, sizeof(wr)); for (j = 0; j < numpipes; j++) { - /* write the header */ - *(outbuf[j]++) = type & 0xff; - SSL3_RECORD_set_type(&wr[j], type); + unsigned int version = (s->version == TLS1_3_VERSION) ? TLS1_2_VERSION + : s->version; + unsigned char *compressdata = NULL; + size_t maxcomplen; + unsigned int rectype; + + thispkt = &pkt[j]; + thiswr = &wr[j]; + + /* + * In TLSv1.3, once encrypting, we always use application data for the + * record type + */ + if (SSL_TREAT_AS_TLS13(s) + && s->enc_write_ctx != NULL + && (s->statem.enc_write_state != ENC_WRITE_STATE_WRITE_PLAIN_ALERTS + || type != SSL3_RT_ALERT)) + rectype = SSL3_RT_APPLICATION_DATA; + else + rectype = type; + SSL3_RECORD_set_type(thiswr, rectype); - *(outbuf[j]++) = (s->version >> 8); /* * Some servers hang if initial client hello is larger than 256 bytes * and record version number > TLS 1.0 */ if (SSL_get_state(s) == TLS_ST_CW_CLNT_HELLO - && !s->renegotiate && TLS1_get_version(s) > TLS1_VERSION) - *(outbuf[j]++) = 0x1; - else - *(outbuf[j]++) = s->version & 0xff; + && !s->renegotiate + && TLS1_get_version(s) > TLS1_VERSION + && s->hello_retry_request == SSL_HRR_NONE) + version = TLS1_VERSION; + SSL3_RECORD_set_rec_version(thiswr, version); + + maxcomplen = pipelens[j]; + if (s->compress != NULL) + maxcomplen += SSL3_RT_MAX_COMPRESSED_OVERHEAD; - /* field where we are to write out packet length */ - plen[j] = outbuf[j]; - outbuf[j] += 2; + /* write the header */ + if (!WPACKET_put_bytes_u8(thispkt, rectype) + || !WPACKET_put_bytes_u16(thispkt, version) + || !WPACKET_start_sub_packet_u16(thispkt) + || (eivlen > 0 + && !WPACKET_allocate_bytes(thispkt, eivlen, NULL)) + || (maxcomplen > 0 + && !WPACKET_reserve_bytes(thispkt, maxcomplen, + &compressdata))) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE, + ERR_R_INTERNAL_ERROR); + goto err; + } /* lets setup the record stuff. */ - SSL3_RECORD_set_data(&wr[j], outbuf[j] + eivlen); - SSL3_RECORD_set_length(&wr[j], (int)pipelens[j]); - SSL3_RECORD_set_input(&wr[j], (unsigned char *)&buf[totlen]); + SSL3_RECORD_set_data(thiswr, compressdata); + SSL3_RECORD_set_length(thiswr, pipelens[j]); + SSL3_RECORD_set_input(thiswr, (unsigned char *)&buf[totlen]); totlen += pipelens[j]; /* - * we now 'read' from wr->input, wr->length bytes into wr->data + * we now 'read' from thiswr->input, thiswr->length bytes into + * thiswr->data */ /* first we compress */ if (s->compress != NULL) { - if (!ssl3_do_compress(s, &wr[j])) { - SSLerr(SSL_F_DO_SSL3_WRITE, SSL_R_COMPRESSION_FAILURE); + if (!ssl3_do_compress(s, thiswr) + || !WPACKET_allocate_bytes(thispkt, thiswr->length, NULL)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE, + SSL_R_COMPRESSION_FAILURE); goto err; } } else { - memcpy(wr[j].data, wr[j].input, wr[j].length); + if (!WPACKET_memcpy(thispkt, thiswr->input, thiswr->length)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE, + ERR_R_INTERNAL_ERROR); + goto err; + } SSL3_RECORD_reset_input(&wr[j]); } + if (SSL_TREAT_AS_TLS13(s) + && s->enc_write_ctx != NULL + && (s->statem.enc_write_state != ENC_WRITE_STATE_WRITE_PLAIN_ALERTS + || type != SSL3_RT_ALERT)) { + size_t rlen, max_send_fragment; + + if (!WPACKET_put_bytes_u8(thispkt, type)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE, + ERR_R_INTERNAL_ERROR); + goto err; + } + SSL3_RECORD_add_length(thiswr, 1); + + /* Add TLS1.3 padding */ + max_send_fragment = ssl_get_max_send_fragment(s); + rlen = SSL3_RECORD_get_length(thiswr); + if (rlen < max_send_fragment) { + size_t padding = 0; + size_t max_padding = max_send_fragment - rlen; + if (s->record_padding_cb != NULL) { + padding = s->record_padding_cb(s, type, rlen, s->record_padding_arg); + } else if (s->block_padding > 0) { + size_t mask = s->block_padding - 1; + size_t remainder; + + /* optimize for power of 2 */ + if ((s->block_padding & mask) == 0) + remainder = rlen & mask; + else + remainder = rlen % s->block_padding; + /* don't want to add a block of padding if we don't have to */ + if (remainder == 0) + padding = 0; + else + padding = s->block_padding - remainder; + } + if (padding > 0) { + /* do not allow the record to exceed max plaintext length */ + if (padding > max_padding) + padding = max_padding; + if (!WPACKET_memset(thispkt, 0, padding)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE, + ERR_R_INTERNAL_ERROR); + goto err; + } + SSL3_RECORD_add_length(thiswr, padding); + } + } + } + /* - * we should still have the output to wr->data and the input from - * wr->input. Length should be wr->length. wr->data still points in the - * wb->buf + * we should still have the output to thiswr->data and the input from + * wr->input. Length should be thiswr->length. thiswr->data still points + * in the wb->buf */ if (!SSL_WRITE_ETM(s) && mac_size != 0) { - if (s->method->ssl3_enc->mac(s, &wr[j], - &(outbuf[j][wr[j].length + eivlen]), - 1) < 0) + unsigned char *mac; + + if (!WPACKET_allocate_bytes(thispkt, mac_size, &mac) + || !s->method->ssl3_enc->mac(s, thiswr, mac, 1)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE, + ERR_R_INTERNAL_ERROR); goto err; - SSL3_RECORD_add_length(&wr[j], mac_size); + } } - SSL3_RECORD_set_data(&wr[j], outbuf[j]); - SSL3_RECORD_reset_input(&wr[j]); - - if (eivlen) { - /* - * if (RAND_pseudo_bytes(p, eivlen) <= 0) goto err; - */ - SSL3_RECORD_add_length(&wr[j], eivlen); + /* + * Reserve some bytes for any growth that may occur during encryption. + * This will be at most one cipher block or the tag length if using + * AEAD. SSL_RT_MAX_CIPHER_BLOCK_SIZE covers either case. + */ + if (!WPACKET_reserve_bytes(thispkt, SSL_RT_MAX_CIPHER_BLOCK_SIZE, + NULL) + /* + * We also need next the amount of bytes written to this + * sub-packet + */ + || !WPACKET_get_length(thispkt, &len)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE, + ERR_R_INTERNAL_ERROR); + goto err; } + + /* Get a pointer to the start of this record excluding header */ + recordstart = WPACKET_get_curr(thispkt) - len; + + SSL3_RECORD_set_data(thiswr, recordstart); + SSL3_RECORD_reset_input(thiswr); + SSL3_RECORD_set_length(thiswr, len); } - if (s->method->ssl3_enc->enc(s, wr, numpipes, 1) < 1) - goto err; + if (s->statem.enc_write_state == ENC_WRITE_STATE_WRITE_PLAIN_ALERTS) { + /* + * We haven't actually negotiated the version yet, but we're trying to + * send early data - so we need to use the tls13enc function. + */ + if (tls13_enc(s, wr, numpipes, 1) < 1) { + if (!ossl_statem_in_error(s)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE, + ERR_R_INTERNAL_ERROR); + } + goto err; + } + } else { + if (s->method->ssl3_enc->enc(s, wr, numpipes, 1) < 1) { + if (!ossl_statem_in_error(s)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE, + ERR_R_INTERNAL_ERROR); + } + goto err; + } + } for (j = 0; j < numpipes; j++) { + size_t origlen; + + thispkt = &pkt[j]; + thiswr = &wr[j]; + + /* Allocate bytes for the encryption overhead */ + if (!WPACKET_get_length(thispkt, &origlen) + /* Encryption should never shrink the data! */ + || origlen > thiswr->length + || (thiswr->length > origlen + && !WPACKET_allocate_bytes(thispkt, + thiswr->length - origlen, NULL))) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE, + ERR_R_INTERNAL_ERROR); + goto err; + } if (SSL_WRITE_ETM(s) && mac_size != 0) { - if (s->method->ssl3_enc->mac(s, &wr[j], - outbuf[j] + wr[j].length, 1) < 0) + unsigned char *mac; + + if (!WPACKET_allocate_bytes(thispkt, mac_size, &mac) + || !s->method->ssl3_enc->mac(s, thiswr, mac, 1)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE, + ERR_R_INTERNAL_ERROR); goto err; - SSL3_RECORD_add_length(&wr[j], mac_size); + } + SSL3_RECORD_add_length(thiswr, mac_size); } - /* record length after mac and block padding */ - s2n(SSL3_RECORD_get_length(&wr[j]), plen[j]); + if (!WPACKET_get_length(thispkt, &len) + || !WPACKET_close(thispkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE, + ERR_R_INTERNAL_ERROR); + goto err; + } - if (s->msg_callback) - s->msg_callback(1, 0, SSL3_RT_HEADER, plen[j] - 5, 5, s, + if (s->msg_callback) { + recordstart = WPACKET_get_curr(thispkt) - len + - SSL3_RT_HEADER_LENGTH; + s->msg_callback(1, 0, SSL3_RT_HEADER, recordstart, + SSL3_RT_HEADER_LENGTH, s, s->msg_callback_arg); + if (SSL_TREAT_AS_TLS13(s) && s->enc_write_ctx != NULL) { + unsigned char ctype = type; + + s->msg_callback(1, s->version, SSL3_RT_INNER_CONTENT_TYPE, + &ctype, 1, s, s->msg_callback_arg); + } + } + + if (!WPACKET_finish(thispkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE, + ERR_R_INTERNAL_ERROR); + goto err; + } + /* - * we should now have wr->data pointing to the encrypted data, which is - * wr->length long + * we should now have thiswr->data pointing to the encrypted data, which + * is thiswr->length long */ - SSL3_RECORD_set_type(&wr[j], type); /* not needed but helps for + SSL3_RECORD_set_type(thiswr, type); /* not needed but helps for * debugging */ - SSL3_RECORD_add_length(&wr[j], SSL3_RT_HEADER_LENGTH); + SSL3_RECORD_add_length(thiswr, SSL3_RT_HEADER_LENGTH); if (create_empty_fragment) { /* @@ -857,15 +1081,17 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, */ if (j > 0) { /* We should never be pipelining an empty fragment!! */ - SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE, + ERR_R_INTERNAL_ERROR); goto err; } - return SSL3_RECORD_get_length(wr); + *written = SSL3_RECORD_get_length(thiswr); + return 1; } /* now let's set up wb */ SSL3_BUFFER_set_left(&s->rlayer.wbuf[j], - prefix_len + SSL3_RECORD_get_length(&wr[j])); + prefix_len + SSL3_RECORD_get_length(thiswr)); } /* @@ -878,8 +1104,10 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, s->rlayer.wpend_ret = totlen; /* we now just need to write the buffer */ - return ssl3_write_pending(s, type, buf, totlen); + return ssl3_write_pending(s, type, buf, totlen, written); err: + for (j = 0; j < wpinited; j++) + WPACKET_cleanup(&pkt[j]); return -1; } @@ -887,19 +1115,21 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, * * Return values are as per SSL_write() */ -int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, - unsigned int len) +int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len, + size_t *written) { int i; SSL3_BUFFER *wb = s->rlayer.wbuf; - unsigned int currbuf = 0; + size_t currbuf = 0; + size_t tmpwrit = 0; - if ((s->rlayer.wpend_tot > (int)len) + if ((s->rlayer.wpend_tot > len) || (!(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER) && (s->rlayer.wpend_buf != buf)) || (s->rlayer.wpend_type != type)) { - SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BAD_WRITE_RETRY); - return (-1); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_WRITE_PENDING, + SSL_R_BAD_WRITE_RETRY); + return -1; } for (;;) { @@ -912,21 +1142,26 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, clear_sys_error(); if (s->wbio != NULL) { s->rwstate = SSL_WRITING; + /* TODO(size_t): Convert this call */ i = BIO_write(s->wbio, (char *) &(SSL3_BUFFER_get_buf(&wb[currbuf]) [SSL3_BUFFER_get_offset(&wb[currbuf])]), (unsigned int)SSL3_BUFFER_get_left(&wb[currbuf])); + if (i >= 0) + tmpwrit = i; } else { - SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BIO_NOT_SET); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_WRITE_PENDING, + SSL_R_BIO_NOT_SET); i = -1; } - if (i == SSL3_BUFFER_get_left(&wb[currbuf])) { + if (i > 0 && tmpwrit == SSL3_BUFFER_get_left(&wb[currbuf])) { SSL3_BUFFER_set_left(&wb[currbuf], 0); - SSL3_BUFFER_add_offset(&wb[currbuf], i); + SSL3_BUFFER_add_offset(&wb[currbuf], tmpwrit); if (currbuf + 1 < s->rlayer.numwpipes) continue; s->rwstate = SSL_NOTHING; - return (s->rlayer.wpend_ret); + *written = s->rlayer.wpend_ret; + return 1; } else if (i <= 0) { if (SSL_IS_DTLS(s)) { /* @@ -937,8 +1172,8 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, } return i; } - SSL3_BUFFER_add_offset(&wb[currbuf], i); - SSL3_BUFFER_add_left(&wb[currbuf], -i); + SSL3_BUFFER_add_offset(&wb[currbuf], tmpwrit); + SSL3_BUFFER_sub_left(&wb[currbuf], tmpwrit); } } @@ -972,27 +1207,31 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, * none of our business */ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, - int len, int peek) + size_t len, int peek, size_t *readbytes) { - int al, i, j, ret; - unsigned int n, curr_rec, num_recs, read_bytes; + int i, j, ret; + size_t n, curr_rec, num_recs, totalbytes; SSL3_RECORD *rr; SSL3_BUFFER *rbuf; void (*cb) (const SSL *ssl, int type2, int val) = NULL; + int is_tls13 = SSL_IS_TLS13(s); rbuf = &s->rlayer.rbuf; if (!SSL3_BUFFER_is_initialised(rbuf)) { /* Not initialized yet */ - if (!ssl3_setup_read_buffer(s)) - return (-1); + if (!ssl3_setup_read_buffer(s)) { + /* SSLfatal() already called */ + return -1; + } } if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE)) || (peek && (type != SSL3_RT_APPLICATION_DATA))) { - SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_BYTES, + ERR_R_INTERNAL_ERROR); return -1; } @@ -1018,7 +1257,8 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (recvd_type != NULL) *recvd_type = SSL3_RT_HANDSHAKE; - return n; + *readbytes = n; + return 1; } /* @@ -1028,12 +1268,11 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (!ossl_statem_get_in_handshake(s) && SSL_in_init(s)) { /* type == SSL3_RT_APPLICATION_DATA */ i = s->handshake_func(s); + /* SSLfatal() already called */ if (i < 0) - return (i); - if (i == 0) { - SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); - return (-1); - } + return i; + if (i == 0) + return -1; } start: s->rwstate = SSL_NOTHING; @@ -1052,14 +1291,16 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, /* get new records if necessary */ if (num_recs == 0) { ret = ssl3_get_record(s); - if (ret <= 0) - return (ret); + if (ret <= 0) { + /* SSLfatal() already called if appropriate */ + return ret; + } num_recs = RECORD_LAYER_get_numrpipes(&s->rlayer); if (num_recs == 0) { /* Shouldn't happen */ - al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR); - goto f_err; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_BYTES, + ERR_R_INTERNAL_ERROR); + return -1; } } /* Skip over any records we have already read */ @@ -1087,9 +1328,9 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, * reset by ssl3_get_finished */ && (SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE)) { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED); - goto f_err; + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES, + SSL_R_DATA_BETWEEN_CCS_AND_FINISHED); + return -1; } /* @@ -1099,12 +1340,13 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { SSL3_RECORD_set_length(rr, 0); s->rwstate = SSL_NOTHING; - return (0); + return 0; } if (type == SSL3_RECORD_get_type(rr) || (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC - && type == SSL3_RT_HANDSHAKE && recvd_type != NULL)) { + && type == SSL3_RT_HANDSHAKE && recvd_type != NULL + && !is_tls13)) { /* * SSL3_RT_APPLICATION_DATA or * SSL3_RT_HANDSHAKE or @@ -1116,23 +1358,23 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, */ if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && (s->enc_read_ctx == NULL)) { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_APP_DATA_IN_HANDSHAKE); - goto f_err; + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES, + SSL_R_APP_DATA_IN_HANDSHAKE); + return -1; } if (type == SSL3_RT_HANDSHAKE && SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC && s->rlayer.handshake_fragment_len > 0) { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_CCS_RECEIVED_EARLY); - goto f_err; + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES, + SSL_R_CCS_RECEIVED_EARLY); + return -1; } if (recvd_type != NULL) *recvd_type = SSL3_RECORD_get_type(rr); - if (len <= 0) { + if (len == 0) { /* * Mark a zero length record as read. This ensures multiple calls to * SSL_read() with a zero length buffer will eventually cause @@ -1140,15 +1382,15 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, */ if (SSL3_RECORD_get_length(rr) == 0) SSL3_RECORD_set_read(rr); - return len; + return 0; } - read_bytes = 0; + totalbytes = 0; do { - if ((unsigned int)len - read_bytes > SSL3_RECORD_get_length(rr)) + if (len - totalbytes > SSL3_RECORD_get_length(rr)) n = SSL3_RECORD_get_length(rr); else - n = (unsigned int)len - read_bytes; + n = len - totalbytes; memcpy(buf, &(rr->data[rr->off]), n); buf += n; @@ -1170,10 +1412,10 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, curr_rec++; rr++; } - read_bytes += n; + totalbytes += n; } while (type == SSL3_RT_APPLICATION_DATA && curr_rec < num_recs - && read_bytes < (unsigned int)len); - if (read_bytes == 0) { + && totalbytes < len); + if (totalbytes == 0) { /* We must have read empty records. Get more data */ goto start; } @@ -1181,7 +1423,8 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, && (s->mode & SSL_MODE_RELEASE_BUFFERS) && SSL3_BUFFER_get_left(rbuf) == 0) ssl3_release_read_buffer(s); - return read_bytes; + *readbytes = totalbytes; + return 1; } /* @@ -1200,9 +1443,9 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * initial ClientHello. Therefore |type| should always be equal to * |rr->type|. If not then something has gone horribly wrong */ - al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR); - goto f_err; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_BYTES, + ERR_R_INTERNAL_ERROR); + return -1; } if (s->method->version == TLS_ANY_VERSION @@ -1214,147 +1457,33 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * other than a ClientHello if we are a server. */ s->version = rr->rec_version; - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_MESSAGE); - goto f_err; - } - - /* - * In case of record types for which we have 'fragment' storage, fill - * that so that we can process the data at a fixed place. - */ - { - unsigned int dest_maxlen = 0; - unsigned char *dest = NULL; - unsigned int *dest_len = NULL; - - if (SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) { - dest_maxlen = sizeof(s->rlayer.handshake_fragment); - dest = s->rlayer.handshake_fragment; - dest_len = &s->rlayer.handshake_fragment_len; - } else if (SSL3_RECORD_get_type(rr) == SSL3_RT_ALERT) { - dest_maxlen = sizeof(s->rlayer.alert_fragment); - dest = s->rlayer.alert_fragment; - dest_len = &s->rlayer.alert_fragment_len; - } - - if (dest_maxlen > 0) { - n = dest_maxlen - *dest_len; /* available space in 'dest' */ - if (SSL3_RECORD_get_length(rr) < n) - n = SSL3_RECORD_get_length(rr); /* available bytes */ - - /* now move 'n' bytes: */ - while (n-- > 0) { - dest[(*dest_len)++] = - SSL3_RECORD_get_data(rr)[SSL3_RECORD_get_off(rr)]; - SSL3_RECORD_add_off(rr, 1); - SSL3_RECORD_add_length(rr, -1); - } - - if (*dest_len < dest_maxlen) { - SSL3_RECORD_set_read(rr); - goto start; /* fragment was too small */ - } - } + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES, + SSL_R_UNEXPECTED_MESSAGE); + return -1; } /*- * s->rlayer.handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE; - * s->rlayer.alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT. * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */ - /* If we are a client, check for an incoming 'Hello Request': */ - if ((!s->server) && - (s->rlayer.handshake_fragment_len >= 4) && - (s->rlayer.handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) && - (s->session != NULL) && (s->session->cipher != NULL)) { - s->rlayer.handshake_fragment_len = 0; - - if ((s->rlayer.handshake_fragment[1] != 0) || - (s->rlayer.handshake_fragment[2] != 0) || - (s->rlayer.handshake_fragment[3] != 0)) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_BAD_HELLO_REQUEST); - goto f_err; - } - - if (s->msg_callback) - s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, - s->rlayer.handshake_fragment, 4, s, - s->msg_callback_arg); - if (SSL_is_init_finished(s) && - (s->options & SSL_OP_NO_RENEGOTIATION) == 0 && - !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && - !s->s3->renegotiate) { - ssl3_renegotiate(s); - if (ssl3_renegotiate_check(s)) { - i = s->handshake_func(s); - if (i < 0) - return (i); - if (i == 0) { - SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); - return (-1); - } - - if (!(s->mode & SSL_MODE_AUTO_RETRY)) { - if (SSL3_BUFFER_get_left(rbuf) == 0) { - /* no read-ahead left? */ - BIO *bio; - /* - * In the case where we try to read application data, - * but we trigger an SSL handshake, we return -1 with - * the retry option set. Otherwise renegotiation may - * cause nasty problems in the blocking world - */ - s->rwstate = SSL_READING; - bio = SSL_get_rbio(s); - BIO_clear_retry_flags(bio); - BIO_set_retry_read(bio); - return (-1); - } - } - } else { - SSL3_RECORD_set_read(rr); - } - } else { - ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); - SSL3_RECORD_set_read(rr); + if (SSL3_RECORD_get_type(rr) == SSL3_RT_ALERT) { + unsigned int alert_level, alert_descr; + unsigned char *alert_bytes = SSL3_RECORD_get_data(rr) + + SSL3_RECORD_get_off(rr); + PACKET alert; + + if (!PACKET_buf_init(&alert, alert_bytes, SSL3_RECORD_get_length(rr)) + || !PACKET_get_1(&alert, &alert_level) + || !PACKET_get_1(&alert, &alert_descr) + || PACKET_remaining(&alert) != 0) { + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES, + SSL_R_INVALID_ALERT); + return -1; } - /* - * we either finished a handshake or ignored the request, now try - * again to obtain the (application) data we were asked for - */ - goto start; - } - /* - * If we are a server and get a client hello when renegotiation isn't - * allowed send back a no renegotiation alert and carry on. - */ - if (s->server - && SSL_is_init_finished(s) - && s->version > SSL3_VERSION - && s->rlayer.handshake_fragment_len >= SSL3_HM_HEADER_LENGTH - && s->rlayer.handshake_fragment[0] == SSL3_MT_CLIENT_HELLO - && s->s3->previous_client_finished_len != 0 - && ((!s->s3->send_connection_binding - && (s->options - & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) == 0) - || (s->options & SSL_OP_NO_RENEGOTIATION) != 0)) { - SSL3_RECORD_set_length(rr, 0); - SSL3_RECORD_set_read(rr); - ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); - goto start; - } - if (s->rlayer.alert_fragment_len >= 2) { - int alert_level = s->rlayer.alert_fragment[0]; - int alert_descr = s->rlayer.alert_fragment[1]; - - s->rlayer.alert_fragment_len = 0; if (s->msg_callback) - s->msg_callback(0, s->version, SSL3_RT_ALERT, - s->rlayer.alert_fragment, 2, s, + s->msg_callback(0, s->version, SSL3_RT_ALERT, alert_bytes, 2, s, s->msg_callback_arg); if (s->info_callback != NULL) @@ -1367,21 +1496,43 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, cb(s, SSL_CB_READ_ALERT, j); } - if (alert_level == SSL3_AL_WARNING) { + if (alert_level == SSL3_AL_WARNING + || (is_tls13 && alert_descr == SSL_AD_USER_CANCELLED)) { s->s3->warn_alert = alert_descr; SSL3_RECORD_set_read(rr); s->rlayer.alert_count++; if (s->rlayer.alert_count == MAX_WARN_ALERT_COUNT) { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS); - goto f_err; + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES, + SSL_R_TOO_MANY_WARN_ALERTS); + return -1; } + } - if (alert_descr == SSL_AD_CLOSE_NOTIFY) { - s->shutdown |= SSL_RECEIVED_SHUTDOWN; - return (0); - } + /* + * Apart from close_notify the only other warning alert in TLSv1.3 + * is user_cancelled - which we just ignore. + */ + if (is_tls13 && alert_descr == SSL_AD_USER_CANCELLED) { + goto start; + } else if (alert_descr == SSL_AD_CLOSE_NOTIFY + && (is_tls13 || alert_level == SSL3_AL_WARNING)) { + s->shutdown |= SSL_RECEIVED_SHUTDOWN; + return 0; + } else if (alert_level == SSL3_AL_FATAL || is_tls13) { + char tmp[16]; + + s->rwstate = SSL_NOTHING; + s->s3->fatal_alert = alert_descr; + SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_READ_BYTES, + SSL_AD_REASON_OFFSET + alert_descr); + BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr); + ERR_add_error_data(2, "SSL alert number ", tmp); + s->shutdown |= SSL_RECEIVED_SHUTDOWN; + SSL3_RECORD_set_read(rr); + SSL_CTX_remove_session(s->session_ctx, s->session); + return 0; + } else if (alert_descr == SSL_AD_NO_RENEGOTIATION) { /* * This is a warning but we receive it if we requested * renegotiation and the peer denied it. Terminate with a fatal @@ -1390,69 +1541,120 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * future we might have a renegotiation where we don't care if * the peer refused it where we carry on. */ - else if (alert_descr == SSL_AD_NO_RENEGOTIATION) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_NO_RENEGOTIATION); - goto f_err; - } -#ifdef SSL_AD_MISSING_SRP_USERNAME - else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME) - return (0); -#endif - } else if (alert_level == SSL3_AL_FATAL) { - char tmp[16]; + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_SSL3_READ_BYTES, + SSL_R_NO_RENEGOTIATION); + return -1; + } else if (alert_level == SSL3_AL_WARNING) { + /* We ignore any other warning alert in TLSv1.2 and below */ + goto start; + } - s->rwstate = SSL_NOTHING; - s->s3->fatal_alert = alert_descr; - SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr); - BIO_snprintf(tmp, sizeof(tmp), "%d", alert_descr); - ERR_add_error_data(2, "SSL alert number ", tmp); - s->shutdown |= SSL_RECEIVED_SHUTDOWN; - SSL3_RECORD_set_read(rr); - SSL_CTX_remove_session(s->session_ctx, s->session); - return (0); + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL3_READ_BYTES, + SSL_R_UNKNOWN_ALERT_TYPE); + return -1; + } + + if ((s->shutdown & SSL_SENT_SHUTDOWN) != 0) { + if (SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) { + BIO *rbio; + + /* + * We ignore any handshake messages sent to us unless they are + * TLSv1.3 in which case we want to process them. For all other + * handshake messages we can't do anything reasonable with them + * because we are unable to write any response due to having already + * sent close_notify. + */ + if (!SSL_IS_TLS13(s)) { + SSL3_RECORD_set_length(rr, 0); + SSL3_RECORD_set_read(rr); + + if ((s->mode & SSL_MODE_AUTO_RETRY) != 0) + goto start; + + s->rwstate = SSL_READING; + rbio = SSL_get_rbio(s); + BIO_clear_retry_flags(rbio); + BIO_set_retry_read(rbio); + return -1; + } } else { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE); - goto f_err; + /* + * The peer is continuing to send application data, but we have + * already sent close_notify. If this was expected we should have + * been called via SSL_read() and this would have been handled + * above. + * No alert sent because we already sent close_notify + */ + SSL3_RECORD_set_length(rr, 0); + SSL3_RECORD_set_read(rr); + SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_READ_BYTES, + SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY); + return -1; } - - goto start; } - if (s->shutdown & SSL_SENT_SHUTDOWN) { /* but we have not received a - * shutdown */ - s->rwstate = SSL_NOTHING; - SSL3_RECORD_set_length(rr, 0); - SSL3_RECORD_set_read(rr); - return (0); + /* + * For handshake data we have 'fragment' storage, so fill that so that we + * can process the header at a fixed place. This is done after the + * "SHUTDOWN" code above to avoid filling the fragment storage with data + * that we're just going to discard. + */ + if (SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) { + size_t dest_maxlen = sizeof(s->rlayer.handshake_fragment); + unsigned char *dest = s->rlayer.handshake_fragment; + size_t *dest_len = &s->rlayer.handshake_fragment_len; + + n = dest_maxlen - *dest_len; /* available space in 'dest' */ + if (SSL3_RECORD_get_length(rr) < n) + n = SSL3_RECORD_get_length(rr); /* available bytes */ + + /* now move 'n' bytes: */ + memcpy(dest + *dest_len, + SSL3_RECORD_get_data(rr) + SSL3_RECORD_get_off(rr), n); + SSL3_RECORD_add_off(rr, n); + SSL3_RECORD_sub_length(rr, n); + *dest_len += n; + if (SSL3_RECORD_get_length(rr) == 0) + SSL3_RECORD_set_read(rr); + + if (*dest_len < dest_maxlen) + goto start; /* fragment was too small */ } if (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC) { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_CCS_RECEIVED_EARLY); - goto f_err; + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES, + SSL_R_CCS_RECEIVED_EARLY); + return -1; } /* - * Unexpected handshake message (Client Hello, or protocol violation) + * Unexpected handshake message (ClientHello, NewSessionTicket (TLS1.3) or + * protocol violation) */ if ((s->rlayer.handshake_fragment_len >= 4) - && !ossl_statem_get_in_handshake(s)) { - if (SSL_is_init_finished(s) && - !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) { - ossl_statem_set_in_init(s, 1); - s->renegotiate = 1; - s->new_session = 1; - } + && !ossl_statem_get_in_handshake(s)) { + int ined = (s->early_data_state == SSL_EARLY_DATA_READING); + + /* We found handshake data, so we're going back into init */ + ossl_statem_set_in_init(s, 1); + i = s->handshake_func(s); + /* SSLfatal() already called if appropriate */ if (i < 0) - return (i); + return i; if (i == 0) { - SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); - return (-1); + return -1; } + /* + * If we were actually trying to read early data and we found a + * handshake message, then we don't want to continue to try and read + * the application data any more. It won't be "early" now. + */ + if (ined) + return -1; + if (!(s->mode & SSL_MODE_AUTO_RETRY)) { if (SSL3_BUFFER_get_left(rbuf) == 0) { /* no read-ahead left? */ @@ -1467,7 +1669,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, bio = SSL_get_rbio(s); BIO_clear_retry_flags(bio); BIO_set_retry_read(bio); - return (-1); + return -1; } } goto start; @@ -1482,9 +1684,9 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * no progress is being made and the peer continually sends unrecognised * record types, using up resources processing them. */ - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD); - goto f_err; + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES, + SSL_R_UNEXPECTED_RECORD); + return -1; case SSL3_RT_CHANGE_CIPHER_SPEC: case SSL3_RT_ALERT: case SSL3_RT_HANDSHAKE: @@ -1493,9 +1695,9 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * SSL3_RT_HANDSHAKE when ossl_statem_get_in_handshake(s) is true, but * that should not happen when type != rr->type */ - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR); - goto f_err; + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES, + ERR_R_INTERNAL_ERROR); + return -1; case SSL3_RT_APPLICATION_DATA: /* * At this point, we were expecting handshake data, but have @@ -1506,18 +1708,30 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, */ if (ossl_statem_app_data_allowed(s)) { s->s3->in_read_app_data = 2; - return (-1); + return -1; + } else if (ossl_statem_skip_early_data(s)) { + /* + * This can happen after a client sends a CH followed by early_data, + * but the server responds with a HelloRetryRequest. The server + * reads the next record from the client expecting to find a + * plaintext ClientHello but gets a record which appears to be + * application data. The trial decrypt "works" because null + * decryption was applied. We just skip it and move on to the next + * record. + */ + if (!early_data_count_ok(s, rr->length, + EARLY_DATA_CIPHERTEXT_OVERHEAD, 0)) { + /* SSLfatal() already called */ + return -1; + } + SSL3_RECORD_set_read(rr); + goto start; } else { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD); - goto f_err; + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES, + SSL_R_UNEXPECTED_RECORD); + return -1; } } - /* not reached */ - - f_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - return (-1); } void ssl3_record_sequence_update(unsigned char *seq) @@ -1543,7 +1757,7 @@ int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl) /* * Returns the length in bytes of the current rrec */ -unsigned int RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl) +size_t RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl) { return SSL3_RECORD_get_length(&rl->rrec[0]); } diff --git a/deps/openssl/openssl/ssl/record/record.h b/deps/openssl/openssl/ssl/record/record.h index 9bb24311be43df..af56206e07c97a 100644 --- a/deps/openssl/openssl/ssl/record/record.h +++ b/deps/openssl/openssl/ssl/record/record.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -22,9 +22,9 @@ typedef struct ssl3_buffer_st { /* buffer size */ size_t len; /* where to 'copy from' */ - int offset; + size_t offset; /* how many bytes left */ - int left; + size_t left; } SSL3_BUFFER; #define SEQ_NUM_SIZE 8 @@ -38,16 +38,16 @@ typedef struct ssl3_record_st { int type; /* How many bytes available */ /* rw */ - unsigned int length; + size_t length; /* * How many bytes were available before padding was removed? This is used * to implement the MAC check in constant time for CBC records. */ /* rw */ - unsigned int orig_len; + size_t orig_len; /* read/write offset into 'buf' */ /* r */ - unsigned int off; + size_t off; /* pointer to the record data */ /* rw */ unsigned char *data; @@ -82,7 +82,7 @@ typedef struct record_pqueue_st { typedef struct dtls1_record_data_st { unsigned char *packet; - unsigned int packet_length; + size_t packet_length; SSL3_BUFFER rbuf; SSL3_RECORD rrec; #ifndef OPENSSL_NO_SCTP @@ -111,14 +111,6 @@ typedef struct dtls_record_layer_st { * loss. */ record_pqueue buffered_app_data; - /* - * storage for Alert/Handshake protocol data received but not yet - * processed by ssl3_read_bytes: - */ - unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH]; - unsigned int alert_fragment_len; - unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH]; - unsigned int handshake_fragment_len; /* save last and current sequence numbers for retransmissions */ unsigned char last_write_sequence[8]; unsigned char curr_write_sequence[8]; @@ -143,9 +135,9 @@ typedef struct record_layer_st { /* where we are when reading */ int rstate; /* How many pipelines can be used to read data */ - unsigned int numrpipes; + size_t numrpipes; /* How many pipelines can be used to write data */ - unsigned int numwpipes; + size_t numwpipes; /* read IO goes into here */ SSL3_BUFFER rbuf; /* write IO goes into here */ @@ -154,25 +146,19 @@ typedef struct record_layer_st { SSL3_RECORD rrec[SSL_MAX_PIPELINES]; /* used internally to point at a raw packet */ unsigned char *packet; - unsigned int packet_length; + size_t packet_length; /* number of bytes sent so far */ - unsigned int wnum; - /* - * storage for Alert/Handshake protocol data received but not yet - * processed by ssl3_read_bytes: - */ - unsigned char alert_fragment[2]; - unsigned int alert_fragment_len; + size_t wnum; unsigned char handshake_fragment[4]; - unsigned int handshake_fragment_len; + size_t handshake_fragment_len; /* The number of consecutive empty records we have received */ - unsigned int empty_record_count; + size_t empty_record_count; /* partial write - check the numbers match */ /* number bytes written */ - int wpend_tot; + size_t wpend_tot; int wpend_type; /* number of bytes submitted */ - int wpend_ret; + size_t wpend_ret; const unsigned char *wpend_buf; unsigned char read_sequence[SEQ_NUM_SIZE]; unsigned char write_sequence[SEQ_NUM_SIZE]; @@ -202,6 +188,8 @@ typedef struct record_layer_st { ((rl)->d->processed_rcds) #define DTLS_RECORD_LAYER_get_unprocessed_rcds(rl) \ ((rl)->d->unprocessed_rcds) +#define RECORD_LAYER_get_rbuf(rl) (&(rl)->rbuf) +#define RECORD_LAYER_get_wbuf(rl) ((rl)->wbuf) void RECORD_LAYER_init(RECORD_LAYER *rl, SSL *s); void RECORD_LAYER_clear(RECORD_LAYER *rl); @@ -209,35 +197,40 @@ void RECORD_LAYER_release(RECORD_LAYER *rl); int RECORD_LAYER_read_pending(const RECORD_LAYER *rl); int RECORD_LAYER_processed_read_pending(const RECORD_LAYER *rl); int RECORD_LAYER_write_pending(const RECORD_LAYER *rl); -int RECORD_LAYER_set_data(RECORD_LAYER *rl, const unsigned char *buf, int len); void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl); void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl); int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl); -unsigned int RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl); -__owur int ssl3_pending(const SSL *s); -__owur int ssl3_write_bytes(SSL *s, int type, const void *buf, int len); -__owur int do_ssl3_write(SSL *s, int type, const unsigned char *buf, - unsigned int *pipelens, unsigned int numpipes, - int create_empty_fragment); +size_t RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl); +__owur size_t ssl3_pending(const SSL *s); +__owur int ssl3_write_bytes(SSL *s, int type, const void *buf, size_t len, + size_t *written); +int do_ssl3_write(SSL *s, int type, const unsigned char *buf, + size_t *pipelens, size_t numpipes, + int create_empty_fragment, size_t *written); __owur int ssl3_read_bytes(SSL *s, int type, int *recvd_type, - unsigned char *buf, int len, int peek); + unsigned char *buf, size_t len, int peek, + size_t *readbytes); __owur int ssl3_setup_buffers(SSL *s); -__owur int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int send); +__owur int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int send); __owur int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send); -__owur int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, - unsigned int len); -__owur int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send); +__owur int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len, + size_t *written); +__owur int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int send); __owur int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send); +__owur int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int send); int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl); void DTLS_RECORD_LAYER_free(RECORD_LAYER *rl); void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl); void DTLS_RECORD_LAYER_set_saved_w_epoch(RECORD_LAYER *rl, unsigned short e); void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl); -void DTLS_RECORD_LAYER_resync_write(RECORD_LAYER *rl); void DTLS_RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, unsigned char *seq); __owur int dtls1_read_bytes(SSL *s, int type, int *recvd_type, - unsigned char *buf, int len, int peek); -__owur int dtls1_write_bytes(SSL *s, int type, const void *buf, int len); -__owur int do_dtls1_write(SSL *s, int type, const unsigned char *buf, - unsigned int len, int create_empty_fragement); + unsigned char *buf, size_t len, int peek, + size_t *readbytes); +__owur int dtls1_write_bytes(SSL *s, int type, const void *buf, size_t len, + size_t *written); +int do_dtls1_write(SSL *s, int type, const unsigned char *buf, + size_t len, int create_empty_fragment, size_t *written); void dtls1_reset_seq_numbers(SSL *s, int rw); +int dtls_buffer_listen_record(SSL *s, size_t len, unsigned char *seq, + size_t off); diff --git a/deps/openssl/openssl/ssl/record/record_locl.h b/deps/openssl/openssl/ssl/record/record_locl.h index b69afd800237a5..5e8dd7f7044200 100644 --- a/deps/openssl/openssl/ssl/record/record_locl.h +++ b/deps/openssl/openssl/ssl/record/record_locl.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -18,8 +18,6 @@ /* Functions/macros provided by the RECORD_LAYER component */ -#define RECORD_LAYER_get_rbuf(rl) (&(rl)->rbuf) -#define RECORD_LAYER_get_wbuf(rl) ((rl)->wbuf) #define RECORD_LAYER_get_rrec(rl) ((rl)->rrec) #define RECORD_LAYER_set_packet(rl, p) ((rl)->packet = (p)) #define RECORD_LAYER_reset_packet_length(rl) ((rl)->packet_length = 0) @@ -38,9 +36,9 @@ #define RECORD_LAYER_clear_first_record(rl) ((rl)->is_first_record = 0) #define DTLS_RECORD_LAYER_get_r_epoch(rl) ((rl)->d->r_epoch) -__owur int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold); +__owur int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold, + size_t *readbytes); -void RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, const unsigned char *ws); DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, unsigned int *is_next_epoch); int dtls1_process_buffered_records(SSL *s); @@ -61,7 +59,7 @@ void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap); #define SSL3_BUFFER_set_len(b, l) ((b)->len = (l)) #define SSL3_BUFFER_get_left(b) ((b)->left) #define SSL3_BUFFER_set_left(b, l) ((b)->left = (l)) -#define SSL3_BUFFER_add_left(b, l) ((b)->left += (l)) +#define SSL3_BUFFER_sub_left(b, l) ((b)->left -= (l)) #define SSL3_BUFFER_get_offset(b) ((b)->offset) #define SSL3_BUFFER_set_offset(b, o) ((b)->offset = (o)) #define SSL3_BUFFER_add_offset(b, o) ((b)->offset += (o)) @@ -69,10 +67,10 @@ void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap); #define SSL3_BUFFER_set_default_len(b, l) ((b)->default_len = (l)) void SSL3_BUFFER_clear(SSL3_BUFFER *b); -void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, int n); +void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, size_t n); void SSL3_BUFFER_release(SSL3_BUFFER *b); __owur int ssl3_setup_read_buffer(SSL *s); -__owur int ssl3_setup_write_buffer(SSL *s, unsigned int numwpipes, size_t len); +__owur int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len); int ssl3_release_read_buffer(SSL *s); int ssl3_release_write_buffer(SSL *s); @@ -80,6 +78,7 @@ int ssl3_release_write_buffer(SSL *s); #define SSL3_RECORD_get_type(r) ((r)->type) #define SSL3_RECORD_set_type(r, t) ((r)->type = (t)) +#define SSL3_RECORD_set_rec_version(r, v) ((r)->rec_version = (v)) #define SSL3_RECORD_get_length(r) ((r)->length) #define SSL3_RECORD_set_length(r, l) ((r)->length = (l)) #define SSL3_RECORD_add_length(r, l) ((r)->length += (l)) @@ -99,18 +98,19 @@ int ssl3_release_write_buffer(SSL *s); #define SSL3_RECORD_is_read(r) ((r)->read) #define SSL3_RECORD_set_read(r) ((r)->read = 1) -void SSL3_RECORD_clear(SSL3_RECORD *r, unsigned int num_recs); -void SSL3_RECORD_release(SSL3_RECORD *r, unsigned int num_recs); +void SSL3_RECORD_clear(SSL3_RECORD *r, size_t); +void SSL3_RECORD_release(SSL3_RECORD *r, size_t num_recs); void SSL3_RECORD_set_seq_num(SSL3_RECORD *r, const unsigned char *seq_num); int ssl3_get_record(SSL *s); __owur int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr); __owur int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr); -void ssl3_cbc_copy_mac(unsigned char *out, - const SSL3_RECORD *rec, unsigned md_size); +int ssl3_cbc_copy_mac(unsigned char *out, + const SSL3_RECORD *rec, size_t md_size); __owur int ssl3_cbc_remove_padding(SSL3_RECORD *rec, - unsigned block_size, unsigned mac_size); + size_t block_size, size_t mac_size); __owur int tls1_cbc_remove_padding(const SSL *s, SSL3_RECORD *rec, - unsigned block_size, unsigned mac_size); + size_t block_size, size_t mac_size); int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap); __owur int dtls1_get_record(SSL *s); +int early_data_count_ok(SSL *s, size_t length, size_t overhead, int send); diff --git a/deps/openssl/openssl/ssl/record/ssl3_buffer.c b/deps/openssl/openssl/ssl/record/ssl3_buffer.c index b6ed771ca9a1b0..53bd4cb190d0e7 100644 --- a/deps/openssl/openssl/ssl/record/ssl3_buffer.c +++ b/deps/openssl/openssl/ssl/record/ssl3_buffer.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,7 +10,7 @@ #include "../ssl_locl.h" #include "record_locl.h" -void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, int n) +void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, size_t n) { if (d != NULL) memcpy(b->buf, d, n); @@ -60,26 +60,30 @@ int ssl3_setup_read_buffer(SSL *s) #endif if (b->default_len > len) len = b->default_len; - if ((p = OPENSSL_malloc(len)) == NULL) - goto err; + if ((p = OPENSSL_malloc(len)) == NULL) { + /* + * We've got a malloc failure, and we're still initialising buffers. + * We assume we're so doomed that we won't even be able to send an + * alert. + */ + SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_SETUP_READ_BUFFER, + ERR_R_MALLOC_FAILURE); + return 0; + } b->buf = p; b->len = len; } RECORD_LAYER_set_packet(&s->rlayer, &(b->buf[0])); return 1; - - err: - SSLerr(SSL_F_SSL3_SETUP_READ_BUFFER, ERR_R_MALLOC_FAILURE); - return 0; } -int ssl3_setup_write_buffer(SSL *s, unsigned int numwpipes, size_t len) +int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len) { unsigned char *p; size_t align = 0, headerlen; SSL3_BUFFER *wb; - unsigned int currpipe; + size_t currpipe; s->rlayer.numwpipes = numwpipes; @@ -93,7 +97,7 @@ int ssl3_setup_write_buffer(SSL *s, unsigned int numwpipes, size_t len) align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1); #endif - len = s->max_send_fragment + len = ssl_get_max_send_fragment(s) + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align; #ifndef OPENSSL_NO_COMP if (ssl_allow_compression(s)) @@ -107,11 +111,23 @@ int ssl3_setup_write_buffer(SSL *s, unsigned int numwpipes, size_t len) for (currpipe = 0; currpipe < numwpipes; currpipe++) { SSL3_BUFFER *thiswb = &wb[currpipe]; + if (thiswb->buf != NULL && thiswb->len != len) { + OPENSSL_free(thiswb->buf); + thiswb->buf = NULL; /* force reallocation */ + } + if (thiswb->buf == NULL) { p = OPENSSL_malloc(len); if (p == NULL) { s->rlayer.numwpipes = currpipe; - goto err; + /* + * We've got a malloc failure, and we're still initialising + * buffers. We assume we're so doomed that we won't even be able + * to send an alert. + */ + SSLfatal(s, SSL_AD_NO_ALERT, + SSL_F_SSL3_SETUP_WRITE_BUFFER, ERR_R_MALLOC_FAILURE); + return 0; } memset(thiswb, 0, sizeof(SSL3_BUFFER)); thiswb->buf = p; @@ -120,25 +136,25 @@ int ssl3_setup_write_buffer(SSL *s, unsigned int numwpipes, size_t len) } return 1; - - err: - SSLerr(SSL_F_SSL3_SETUP_WRITE_BUFFER, ERR_R_MALLOC_FAILURE); - return 0; } int ssl3_setup_buffers(SSL *s) { - if (!ssl3_setup_read_buffer(s)) + if (!ssl3_setup_read_buffer(s)) { + /* SSLfatal() already called */ return 0; - if (!ssl3_setup_write_buffer(s, 1, 0)) + } + if (!ssl3_setup_write_buffer(s, 1, 0)) { + /* SSLfatal() already called */ return 0; + } return 1; } int ssl3_release_write_buffer(SSL *s) { SSL3_BUFFER *wb; - unsigned int pipes; + size_t pipes; pipes = s->rlayer.numwpipes; while (pipes > 0) { diff --git a/deps/openssl/openssl/ssl/record/ssl3_record.c b/deps/openssl/openssl/ssl/record/ssl3_record.c index c80add37f931c2..e59ac5a676761e 100644 --- a/deps/openssl/openssl/ssl/record/ssl3_record.c +++ b/deps/openssl/openssl/ssl/record/ssl3_record.c @@ -7,11 +7,11 @@ * https://www.openssl.org/source/license.html */ -#include #include "../ssl_locl.h" #include "internal/constant_time_locl.h" #include #include "record_locl.h" +#include "internal/cryptlib.h" static const unsigned char ssl3_pad_1[48] = { 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, @@ -34,10 +34,10 @@ static const unsigned char ssl3_pad_2[48] = { /* * Clear the contents of an SSL3_RECORD but retain any memory allocated */ -void SSL3_RECORD_clear(SSL3_RECORD *r, unsigned int num_recs) +void SSL3_RECORD_clear(SSL3_RECORD *r, size_t num_recs) { unsigned char *comp; - unsigned int i; + size_t i; for (i = 0; i < num_recs; i++) { comp = r[i].comp; @@ -47,9 +47,9 @@ void SSL3_RECORD_clear(SSL3_RECORD *r, unsigned int num_recs) } } -void SSL3_RECORD_release(SSL3_RECORD *r, unsigned int num_recs) +void SSL3_RECORD_release(SSL3_RECORD *r, size_t num_recs) { - unsigned int i; + size_t i; for (i = 0; i < num_recs; i++) { OPENSSL_free(r[i].comp); @@ -69,7 +69,7 @@ void SSL3_RECORD_set_seq_num(SSL3_RECORD *r, const unsigned char *seq_num) static int ssl3_record_app_data_waiting(SSL *s) { SSL3_BUFFER *rbuf; - int left, len; + size_t left, len; unsigned char *p; rbuf = RECORD_LAYER_get_rbuf(&s->rlayer); @@ -101,6 +101,53 @@ static int ssl3_record_app_data_waiting(SSL *s) return 1; } +int early_data_count_ok(SSL *s, size_t length, size_t overhead, int send) +{ + uint32_t max_early_data; + SSL_SESSION *sess = s->session; + + /* + * If we are a client then we always use the max_early_data from the + * session/psksession. Otherwise we go with the lowest out of the max early + * data set in the session and the configured max_early_data. + */ + if (!s->server && sess->ext.max_early_data == 0) { + if (!ossl_assert(s->psksession != NULL + && s->psksession->ext.max_early_data > 0)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_EARLY_DATA_COUNT_OK, + ERR_R_INTERNAL_ERROR); + return 0; + } + sess = s->psksession; + } + + if (!s->server) + max_early_data = sess->ext.max_early_data; + else if (s->ext.early_data != SSL_EARLY_DATA_ACCEPTED) + max_early_data = s->recv_max_early_data; + else + max_early_data = s->recv_max_early_data < sess->ext.max_early_data + ? s->recv_max_early_data : sess->ext.max_early_data; + + if (max_early_data == 0) { + SSLfatal(s, send ? SSL_AD_INTERNAL_ERROR : SSL_AD_UNEXPECTED_MESSAGE, + SSL_F_EARLY_DATA_COUNT_OK, SSL_R_TOO_MUCH_EARLY_DATA); + return 0; + } + + /* If we are dealing with ciphertext we need to allow for the overhead */ + max_early_data += overhead; + + if (s->early_data_count + length > max_early_data) { + SSLfatal(s, send ? SSL_AD_INTERNAL_ERROR : SSL_AD_UNEXPECTED_MESSAGE, + SSL_F_EARLY_DATA_COUNT_OK, SSL_R_TOO_MUCH_EARLY_DATA); + return 0; + } + s->early_data_count += length; + + return 1; +} + /* * MAX_EMPTY_RECORDS defines the number of consecutive, empty records that * will be processed per call to ssl3_get_record. Without this limit an @@ -125,19 +172,20 @@ static int ssl3_record_app_data_waiting(SSL *s) /* used only by ssl3_read_bytes */ int ssl3_get_record(SSL *s) { - int ssl_major, ssl_minor, al; - int enc_err, n, i, ret = -1; - SSL3_RECORD *rr; + int enc_err, rret; + int i; + size_t more, n; + SSL3_RECORD *rr, *thisrr; SSL3_BUFFER *rbuf; SSL_SESSION *sess; unsigned char *p; unsigned char md[EVP_MAX_MD_SIZE]; - short version; - unsigned mac_size; + unsigned int version; + size_t mac_size; int imac_size; - unsigned int num_recs = 0; - unsigned int max_recs; - unsigned int j; + size_t num_recs = 0, max_recs, j; + PACKET pkt, sslv2pkt; + size_t first_rec_len; rr = RECORD_LAYER_get_rrec(&s->rlayer); rbuf = RECORD_LAYER_get_rbuf(&s->rlayer); @@ -147,24 +195,42 @@ int ssl3_get_record(SSL *s) sess = s->session; do { + thisrr = &rr[num_recs]; + /* check if we have the header */ if ((RECORD_LAYER_get_rstate(&s->rlayer) != SSL_ST_READ_BODY) || (RECORD_LAYER_get_packet_length(&s->rlayer) < SSL3_RT_HEADER_LENGTH)) { - n = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, - SSL3_BUFFER_get_len(rbuf), 0, - num_recs == 0 ? 1 : 0); - if (n <= 0) - return (n); /* error or non-blocking */ + size_t sslv2len; + unsigned int type; + + rret = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, + SSL3_BUFFER_get_len(rbuf), 0, + num_recs == 0 ? 1 : 0, &n); + if (rret <= 0) + return rret; /* error or non-blocking */ RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_BODY); p = RECORD_LAYER_get_packet(&s->rlayer); - + if (!PACKET_buf_init(&pkt, RECORD_LAYER_get_packet(&s->rlayer), + RECORD_LAYER_get_packet_length(&s->rlayer))) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GET_RECORD, + ERR_R_INTERNAL_ERROR); + return -1; + } + sslv2pkt = pkt; + if (!PACKET_get_net_2_len(&sslv2pkt, &sslv2len) + || !PACKET_get_1(&sslv2pkt, &type)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_GET_RECORD, + ERR_R_INTERNAL_ERROR); + return -1; + } /* * The first record received by the server may be a V2ClientHello. */ if (s->server && RECORD_LAYER_is_first_record(&s->rlayer) - && (p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO)) { + && (sslv2len & 0x8000) != 0 + && (type == SSL2_MT_CLIENT_HELLO)) { /* * SSLv2 style record * @@ -174,22 +240,22 @@ int ssl3_get_record(SSL *s) * because it is an SSLv2ClientHello. We keep it using * |num_recs| for the sake of consistency */ - rr[num_recs].type = SSL3_RT_HANDSHAKE; - rr[num_recs].rec_version = SSL2_VERSION; + thisrr->type = SSL3_RT_HANDSHAKE; + thisrr->rec_version = SSL2_VERSION; - rr[num_recs].length = ((p[0] & 0x7f) << 8) | p[1]; + thisrr->length = sslv2len & 0x7fff; - if (rr[num_recs].length > SSL3_BUFFER_get_len(rbuf) + if (thisrr->length > SSL3_BUFFER_get_len(rbuf) - SSL2_RT_HEADER_LENGTH) { - al = SSL_AD_RECORD_OVERFLOW; - SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_PACKET_LENGTH_TOO_LONG); - goto f_err; + SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD, + SSL_R_PACKET_LENGTH_TOO_LONG); + return -1; } - if (rr[num_recs].length < MIN_SSL2_RECORD_LEN) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_LENGTH_TOO_SHORT); - goto f_err; + if (thisrr->length < MIN_SSL2_RECORD_LEN) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_GET_RECORD, + SSL_R_LENGTH_TOO_SHORT); + return -1; } } else { /* SSLv3+ style record */ @@ -198,19 +264,29 @@ int ssl3_get_record(SSL *s) s->msg_callback_arg); /* Pull apart the header into the SSL3_RECORD */ - rr[num_recs].type = *(p++); - ssl_major = *(p++); - ssl_minor = *(p++); - version = (ssl_major << 8) | ssl_minor; - rr[num_recs].rec_version = version; - n2s(p, rr[num_recs].length); - - /* Lets check version */ - if (!s->first_packet && version != s->version) { - SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER); + if (!PACKET_get_1(&pkt, &type) + || !PACKET_get_net_2(&pkt, &version) + || !PACKET_get_net_2_len(&pkt, &thisrr->length)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_GET_RECORD, + ERR_R_INTERNAL_ERROR); + return -1; + } + thisrr->type = type; + thisrr->rec_version = version; + + /* + * Lets check version. In TLSv1.3 we only check this field + * when encryption is occurring (see later check). For the + * ServerHello after an HRR we haven't actually selected TLSv1.3 + * yet, but we still treat it as TLSv1.3, so we must check for + * that explicitly + */ + if (!s->first_packet && !SSL_IS_TLS13(s) + && s->hello_retry_request != SSL_HRR_PENDING + && version != (unsigned int)s->version) { if ((s->version & 0xFF00) == (version & 0xFF00) && !s->enc_write_ctx && !s->write_hash) { - if (rr->type == SSL3_RT_ALERT) { + if (thisrr->type == SSL3_RT_ALERT) { /* * The record is using an incorrect version number, * but what we've got appears to be an alert. We @@ -219,15 +295,18 @@ int ssl3_get_record(SSL *s) * shouldn't send a fatal alert back. We'll just * end. */ - goto err; + SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_GET_RECORD, + SSL_R_WRONG_VERSION_NUMBER); + return -1; } /* * Send back error using their minor version number :-) */ s->version = (unsigned short)version; } - al = SSL_AD_PROTOCOL_VERSION; - goto f_err; + SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_F_SSL3_GET_RECORD, + SSL_R_WRONG_VERSION_NUMBER); + return -1; } if ((version >> 8) != SSL3_VERSION_MAJOR) { @@ -239,97 +318,135 @@ int ssl3_get_record(SSL *s) strncmp((char *)p, "POST ", 5) == 0 || strncmp((char *)p, "HEAD ", 5) == 0 || strncmp((char *)p, "PUT ", 4) == 0) { - SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_HTTP_REQUEST); - goto err; + SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_GET_RECORD, + SSL_R_HTTP_REQUEST); + return -1; } else if (strncmp((char *)p, "CONNE", 5) == 0) { - SSLerr(SSL_F_SSL3_GET_RECORD, - SSL_R_HTTPS_PROXY_REQUEST); - goto err; + SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_GET_RECORD, + SSL_R_HTTPS_PROXY_REQUEST); + return -1; } /* Doesn't look like TLS - don't send an alert */ - SSLerr(SSL_F_SSL3_GET_RECORD, - SSL_R_WRONG_VERSION_NUMBER); - goto err; + SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_GET_RECORD, + SSL_R_WRONG_VERSION_NUMBER); + return -1; } else { - SSLerr(SSL_F_SSL3_GET_RECORD, - SSL_R_WRONG_VERSION_NUMBER); - al = SSL_AD_PROTOCOL_VERSION; - goto f_err; + SSLfatal(s, SSL_AD_PROTOCOL_VERSION, + SSL_F_SSL3_GET_RECORD, + SSL_R_WRONG_VERSION_NUMBER); + return -1; + } + } + + if (SSL_IS_TLS13(s) && s->enc_read_ctx != NULL) { + if (thisrr->type != SSL3_RT_APPLICATION_DATA + && (thisrr->type != SSL3_RT_CHANGE_CIPHER_SPEC + || !SSL_IS_FIRST_HANDSHAKE(s)) + && (thisrr->type != SSL3_RT_ALERT + || s->statem.enc_read_state + != ENC_READ_STATE_ALLOW_PLAIN_ALERTS)) { + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, + SSL_F_SSL3_GET_RECORD, SSL_R_BAD_RECORD_TYPE); + return -1; + } + if (thisrr->rec_version != TLS1_2_VERSION) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_GET_RECORD, + SSL_R_WRONG_VERSION_NUMBER); + return -1; } } - if (rr[num_recs].length > + if (thisrr->length > SSL3_BUFFER_get_len(rbuf) - SSL3_RT_HEADER_LENGTH) { - al = SSL_AD_RECORD_OVERFLOW; - SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_PACKET_LENGTH_TOO_LONG); - goto f_err; + SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD, + SSL_R_PACKET_LENGTH_TOO_LONG); + return -1; } } /* now s->rlayer.rstate == SSL_ST_READ_BODY */ } + if (SSL_IS_TLS13(s)) { + if (thisrr->length > SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH) { + SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD, + SSL_R_ENCRYPTED_LENGTH_TOO_LONG); + return -1; + } + } else { + size_t len = SSL3_RT_MAX_ENCRYPTED_LENGTH; + +#ifndef OPENSSL_NO_COMP + /* + * If OPENSSL_NO_COMP is defined then SSL3_RT_MAX_ENCRYPTED_LENGTH + * does not include the compression overhead anyway. + */ + if (s->expand == NULL) + len -= SSL3_RT_MAX_COMPRESSED_OVERHEAD; +#endif + + if (thisrr->length > len) { + SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD, + SSL_R_ENCRYPTED_LENGTH_TOO_LONG); + return -1; + } + } + /* * s->rlayer.rstate == SSL_ST_READ_BODY, get and decode the data. * Calculate how much more data we need to read for the rest of the * record */ - if (rr[num_recs].rec_version == SSL2_VERSION) { - i = rr[num_recs].length + SSL2_RT_HEADER_LENGTH + if (thisrr->rec_version == SSL2_VERSION) { + more = thisrr->length + SSL2_RT_HEADER_LENGTH - SSL3_RT_HEADER_LENGTH; } else { - i = rr[num_recs].length; + more = thisrr->length; } - if (i > 0) { + if (more > 0) { /* now s->packet_length == SSL3_RT_HEADER_LENGTH */ - n = ssl3_read_n(s, i, i, 1, 0); - if (n <= 0) - return (n); /* error or non-blocking io */ + rret = ssl3_read_n(s, more, more, 1, 0, &n); + if (rret <= 0) + return rret; /* error or non-blocking io */ } /* set state for later operations */ RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_HEADER); /* - * At this point, s->packet_length == SSL3_RT_HEADER_LENGTH + rr->length, - * or s->packet_length == SSL2_RT_HEADER_LENGTH + rr->length - * and we have that many bytes in s->packet + * At this point, s->packet_length == SSL3_RT_HEADER_LENGTH + * + thisrr->length, or s->packet_length == SSL2_RT_HEADER_LENGTH + * + thisrr->length and we have that many bytes in s->packet */ - if (rr[num_recs].rec_version == SSL2_VERSION) { - rr[num_recs].input = + if (thisrr->rec_version == SSL2_VERSION) { + thisrr->input = &(RECORD_LAYER_get_packet(&s->rlayer)[SSL2_RT_HEADER_LENGTH]); } else { - rr[num_recs].input = + thisrr->input = &(RECORD_LAYER_get_packet(&s->rlayer)[SSL3_RT_HEADER_LENGTH]); } /* - * ok, we can now read from 's->packet' data into 'rr' rr->input points - * at rr->length bytes, which need to be copied into rr->data by either - * the decryption or by the decompression When the data is 'copied' into - * the rr->data buffer, rr->input will be pointed at the new buffer + * ok, we can now read from 's->packet' data into 'thisrr' thisrr->input + * points at thisrr->length bytes, which need to be copied into + * thisrr->data by either the decryption or by the decompression When + * the data is 'copied' into the thisrr->data buffer, thisrr->input will + * be pointed at the new buffer */ /* - * We now have - encrypted [ MAC [ compressed [ plain ] ] ] rr->length - * bytes of encrypted compressed stuff. + * We now have - encrypted [ MAC [ compressed [ plain ] ] ] + * thisrr->length bytes of encrypted compressed stuff. */ - /* check is not needed I believe */ - if (rr[num_recs].length > SSL3_RT_MAX_ENCRYPTED_LENGTH) { - al = SSL_AD_RECORD_OVERFLOW; - SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG); - goto f_err; - } - - /* decrypt in place in 'rr->input' */ - rr[num_recs].data = rr[num_recs].input; - rr[num_recs].orig_len = rr[num_recs].length; + /* decrypt in place in 'thisrr->input' */ + thisrr->data = thisrr->input; + thisrr->orig_len = thisrr->length; /* Mark this record as not read by upper layers yet */ - rr[num_recs].read = 0; + thisrr->read = 0; num_recs++; @@ -337,65 +454,121 @@ int ssl3_get_record(SSL *s) RECORD_LAYER_reset_packet_length(&s->rlayer); RECORD_LAYER_clear_first_record(&s->rlayer); } while (num_recs < max_recs - && rr[num_recs - 1].type == SSL3_RT_APPLICATION_DATA + && thisrr->type == SSL3_RT_APPLICATION_DATA && SSL_USE_EXPLICIT_IV(s) && s->enc_read_ctx != NULL && (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_read_ctx)) & EVP_CIPH_FLAG_PIPELINE) && ssl3_record_app_data_waiting(s)); + if (num_recs == 1 + && thisrr->type == SSL3_RT_CHANGE_CIPHER_SPEC + && (SSL_IS_TLS13(s) || s->hello_retry_request != SSL_HRR_NONE) + && SSL_IS_FIRST_HANDSHAKE(s)) { + /* + * CCS messages must be exactly 1 byte long, containing the value 0x01 + */ + if (thisrr->length != 1 || thisrr->data[0] != 0x01) { + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL3_GET_RECORD, + SSL_R_INVALID_CCS_MESSAGE); + return -1; + } + /* + * CCS messages are ignored in TLSv1.3. We treat it like an empty + * handshake record + */ + thisrr->type = SSL3_RT_HANDSHAKE; + RECORD_LAYER_inc_empty_record_count(&s->rlayer); + if (RECORD_LAYER_get_empty_record_count(&s->rlayer) + > MAX_EMPTY_RECORDS) { + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_GET_RECORD, + SSL_R_UNEXPECTED_CCS_MESSAGE); + return -1; + } + thisrr->read = 1; + RECORD_LAYER_set_numrpipes(&s->rlayer, 1); + + return 1; + } + /* * If in encrypt-then-mac mode calculate mac from encrypted record. All * the details below are public so no timing details can leak. */ if (SSL_READ_ETM(s) && s->read_hash) { unsigned char *mac; - + /* TODO(size_t): convert this to do size_t properly */ imac_size = EVP_MD_CTX_size(s->read_hash); - assert(imac_size >= 0 && imac_size <= EVP_MAX_MD_SIZE); - if (imac_size < 0 || imac_size > EVP_MAX_MD_SIZE) { - al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_SSL3_GET_RECORD, ERR_LIB_EVP); - goto f_err; + if (!ossl_assert(imac_size >= 0 && imac_size <= EVP_MAX_MD_SIZE)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GET_RECORD, + ERR_LIB_EVP); + return -1; } - mac_size = (unsigned)imac_size; - + mac_size = (size_t)imac_size; for (j = 0; j < num_recs; j++) { - if (rr[j].length < mac_size) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_LENGTH_TOO_SHORT); - goto f_err; + thisrr = &rr[j]; + + if (thisrr->length < mac_size) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_GET_RECORD, + SSL_R_LENGTH_TOO_SHORT); + return -1; } - rr[j].length -= mac_size; - mac = rr[j].data + rr[j].length; - i = s->method->ssl3_enc->mac(s, &rr[j], md, 0 /* not send */ ); - if (i < 0 || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) { - al = SSL_AD_BAD_RECORD_MAC; - SSLerr(SSL_F_SSL3_GET_RECORD, + thisrr->length -= mac_size; + mac = thisrr->data + thisrr->length; + i = s->method->ssl3_enc->mac(s, thisrr, md, 0 /* not send */ ); + if (i == 0 || CRYPTO_memcmp(md, mac, mac_size) != 0) { + SSLfatal(s, SSL_AD_BAD_RECORD_MAC, SSL_F_SSL3_GET_RECORD, SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); - goto f_err; + return -1; } } } + first_rec_len = rr[0].length; + enc_err = s->method->ssl3_enc->enc(s, rr, num_recs, 0); + /*- * enc_err is: - * 0: (in non-constant time) if the record is publically invalid. + * 0: (in non-constant time) if the record is publicly invalid. * 1: if the padding is valid * -1: if the padding is invalid */ if (enc_err == 0) { - al = SSL_AD_DECRYPTION_FAILED; - SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); - goto f_err; + if (ossl_statem_in_error(s)) { + /* SSLfatal() already got called */ + return -1; + } + if (num_recs == 1 && ossl_statem_skip_early_data(s)) { + /* + * Valid early_data that we cannot decrypt might fail here as + * publicly invalid. We treat it like an empty record. + */ + + thisrr = &rr[0]; + + if (!early_data_count_ok(s, thisrr->length, + EARLY_DATA_CIPHERTEXT_OVERHEAD, 0)) { + /* SSLfatal() already called */ + return -1; + } + + thisrr->length = 0; + thisrr->read = 1; + RECORD_LAYER_set_numrpipes(&s->rlayer, 1); + RECORD_LAYER_reset_read_sequence(&s->rlayer); + return 1; + } + SSLfatal(s, SSL_AD_DECRYPTION_FAILED, SSL_F_SSL3_GET_RECORD, + SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); + return -1; } #ifdef SSL_DEBUG - printf("dec %d\n", rr->length); + printf("dec %lu\n", (unsigned long)rr[0].length); { - unsigned int z; - for (z = 0; z < rr->length; z++) - printf("%02X%c", rr->data[z], ((z + 1) % 16) ? ' ' : '\n'); + size_t z; + for (z = 0; z < rr[0].length; z++) + printf("%02X%c", rr[0].data[z], ((z + 1) % 16) ? ' ' : '\n'); } printf("\n"); #endif @@ -409,22 +582,27 @@ int ssl3_get_record(SSL *s) unsigned char mac_tmp[EVP_MAX_MD_SIZE]; mac_size = EVP_MD_CTX_size(s->read_hash); - OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE); + if (!ossl_assert(mac_size <= EVP_MAX_MD_SIZE)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GET_RECORD, + ERR_R_INTERNAL_ERROR); + return -1; + } for (j = 0; j < num_recs; j++) { + thisrr = &rr[j]; /* * orig_len is the length of the record before any padding was * removed. This is public information, as is the MAC in use, * therefore we can safely process the record in a different amount * of time if it's too short to possibly contain a MAC. */ - if (rr[j].orig_len < mac_size || + if (thisrr->orig_len < mac_size || /* CBC records must have a padding length byte too. */ (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE && - rr[j].orig_len < mac_size + 1)) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_LENGTH_TOO_SHORT); - goto f_err; + thisrr->orig_len < mac_size + 1)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_GET_RECORD, + SSL_R_LENGTH_TOO_SHORT); + return -1; } if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) { @@ -435,28 +613,59 @@ int ssl3_get_record(SSL *s) * contents of the padding bytes. */ mac = mac_tmp; - ssl3_cbc_copy_mac(mac_tmp, &rr[j], mac_size); - rr[j].length -= mac_size; + if (!ssl3_cbc_copy_mac(mac_tmp, thisrr, mac_size)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GET_RECORD, + ERR_R_INTERNAL_ERROR); + return -1; + } + thisrr->length -= mac_size; } else { /* * In this case there's no padding, so |rec->orig_len| equals * |rec->length| and we checked that there's enough bytes for * |mac_size| above. */ - rr[j].length -= mac_size; - mac = &rr[j].data[rr[j].length]; + thisrr->length -= mac_size; + mac = &thisrr->data[thisrr->length]; } - i = s->method->ssl3_enc->mac(s, &rr[j], md, 0 /* not send */ ); - if (i < 0 || mac == NULL + i = s->method->ssl3_enc->mac(s, thisrr, md, 0 /* not send */ ); + if (i == 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) enc_err = -1; - if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size) + if (thisrr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size) enc_err = -1; } } if (enc_err < 0) { + if (ossl_statem_in_error(s)) { + /* We already called SSLfatal() */ + return -1; + } + if (num_recs == 1 && ossl_statem_skip_early_data(s)) { + /* + * We assume this is unreadable early_data - we treat it like an + * empty record + */ + + /* + * The record length may have been modified by the mac check above + * so we use the previously saved value + */ + if (!early_data_count_ok(s, first_rec_len, + EARLY_DATA_CIPHERTEXT_OVERHEAD, 0)) { + /* SSLfatal() already called */ + return -1; + } + + thisrr = &rr[0]; + thisrr->length = 0; + thisrr->read = 1; + RECORD_LAYER_set_numrpipes(&s->rlayer, 1); + RECORD_LAYER_reset_read_sequence(&s->rlayer); + return 1; + } /* * A separate 'decryption_failed' alert was introduced with TLS 1.0, * SSL 3.0 only has 'bad_record_mac'. But unless a decryption @@ -464,63 +673,120 @@ int ssl3_get_record(SSL *s) * not reveal which kind of error occurred -- this might become * visible to an attacker (e.g. via a logfile) */ - al = SSL_AD_BAD_RECORD_MAC; - SSLerr(SSL_F_SSL3_GET_RECORD, - SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); - goto f_err; + SSLfatal(s, SSL_AD_BAD_RECORD_MAC, SSL_F_SSL3_GET_RECORD, + SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); + return -1; } for (j = 0; j < num_recs; j++) { - /* rr[j].length is now just compressed */ + thisrr = &rr[j]; + + /* thisrr->length is now just compressed */ if (s->expand != NULL) { - if (rr[j].length > SSL3_RT_MAX_COMPRESSED_LENGTH) { - al = SSL_AD_RECORD_OVERFLOW; - SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_COMPRESSED_LENGTH_TOO_LONG); - goto f_err; + if (thisrr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) { + SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD, + SSL_R_COMPRESSED_LENGTH_TOO_LONG); + return -1; } - if (!ssl3_do_uncompress(s, &rr[j])) { - al = SSL_AD_DECOMPRESSION_FAILURE; - SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BAD_DECOMPRESSION); - goto f_err; + if (!ssl3_do_uncompress(s, thisrr)) { + SSLfatal(s, SSL_AD_DECOMPRESSION_FAILURE, SSL_F_SSL3_GET_RECORD, + SSL_R_BAD_DECOMPRESSION); + return -1; } } - if (rr[j].length > SSL3_RT_MAX_PLAIN_LENGTH) { - al = SSL_AD_RECORD_OVERFLOW; - SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_DATA_LENGTH_TOO_LONG); - goto f_err; + if (SSL_IS_TLS13(s) + && s->enc_read_ctx != NULL + && thisrr->type != SSL3_RT_ALERT) { + size_t end; + + if (thisrr->length == 0 + || thisrr->type != SSL3_RT_APPLICATION_DATA) { + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_GET_RECORD, + SSL_R_BAD_RECORD_TYPE); + return -1; + } + + /* Strip trailing padding */ + for (end = thisrr->length - 1; end > 0 && thisrr->data[end] == 0; + end--) + continue; + + thisrr->length = end; + thisrr->type = thisrr->data[end]; + if (thisrr->type != SSL3_RT_APPLICATION_DATA + && thisrr->type != SSL3_RT_ALERT + && thisrr->type != SSL3_RT_HANDSHAKE) { + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_GET_RECORD, + SSL_R_BAD_RECORD_TYPE); + return -1; + } + if (s->msg_callback) + s->msg_callback(0, s->version, SSL3_RT_INNER_CONTENT_TYPE, + &thisrr->data[end], 1, s, s->msg_callback_arg); } - rr[j].off = 0; + /* + * TLSv1.3 alert and handshake records are required to be non-zero in + * length. + */ + if (SSL_IS_TLS13(s) + && (thisrr->type == SSL3_RT_HANDSHAKE + || thisrr->type == SSL3_RT_ALERT) + && thisrr->length == 0) { + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_GET_RECORD, + SSL_R_BAD_LENGTH); + return -1; + } + + if (thisrr->length > SSL3_RT_MAX_PLAIN_LENGTH) { + SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD, + SSL_R_DATA_LENGTH_TOO_LONG); + return -1; + } + + /* If received packet overflows current Max Fragment Length setting */ + if (s->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(s->session) + && thisrr->length > GET_MAX_FRAGMENT_LENGTH(s->session)) { + SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD, + SSL_R_DATA_LENGTH_TOO_LONG); + return -1; + } + + thisrr->off = 0; /*- * So at this point the following is true - * rr[j].type is the type of record - * rr[j].length == number of bytes in record - * rr[j].off == offset to first valid byte - * rr[j].data == where to take bytes from, increment after use :-). + * thisrr->type is the type of record + * thisrr->length == number of bytes in record + * thisrr->off == offset to first valid byte + * thisrr->data == where to take bytes from, increment after use :-). */ /* just read a 0 length packet */ - if (rr[j].length == 0) { + if (thisrr->length == 0) { RECORD_LAYER_inc_empty_record_count(&s->rlayer); if (RECORD_LAYER_get_empty_record_count(&s->rlayer) > MAX_EMPTY_RECORDS) { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_RECORD_TOO_SMALL); - goto f_err; + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_GET_RECORD, + SSL_R_RECORD_TOO_SMALL); + return -1; } } else { RECORD_LAYER_reset_empty_record_count(&s->rlayer); } } + if (s->early_data_state == SSL_EARLY_DATA_READING) { + thisrr = &rr[0]; + if (thisrr->type == SSL3_RT_APPLICATION_DATA + && !early_data_count_ok(s, thisrr->length, 0, 0)) { + /* SSLfatal already called */ + return -1; + } + } + RECORD_LAYER_set_numrpipes(&s->rlayer, num_recs); return 1; - - f_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - err: - return ret; } int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr) @@ -535,6 +801,7 @@ int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr) if (rr->comp == NULL) return 0; + /* TODO(size_t): Convert this call */ i = COMP_expand_block(ssl->expand, rr->comp, SSL3_RT_MAX_PLAIN_LENGTH, rr->data, (int)rr->length); if (i < 0) @@ -551,21 +818,23 @@ int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr) #ifndef OPENSSL_NO_COMP int i; + /* TODO(size_t): Convert this call */ i = COMP_compress_block(ssl->compress, wr->data, - SSL3_RT_MAX_COMPRESSED_LENGTH, + (int)(wr->length + SSL3_RT_MAX_COMPRESSED_OVERHEAD), wr->input, (int)wr->length); if (i < 0) - return (0); + return 0; else wr->length = i; wr->input = wr->data; #endif - return (1); + return 1; } /*- - * ssl3_enc encrypts/decrypts |n_recs| records in |inrecs| + * ssl3_enc encrypts/decrypts |n_recs| records in |inrecs|. Will call + * SSLfatal() for internal errors, but not otherwise. * * Returns: * 0: (in non-constant time) if the record is publically invalid (i.e. too @@ -574,12 +843,13 @@ int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr) * -1: if the record's padding is invalid or, if sending, an internal error * occurred. */ -int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int sending) +int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending) { SSL3_RECORD *rec; EVP_CIPHER_CTX *ds; - unsigned long l; - int bs, i, mac_size = 0; + size_t l, i; + size_t bs, mac_size = 0; + int imac_size; const EVP_CIPHER *enc; rec = inrecs; @@ -607,12 +877,13 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int sending) rec->input = rec->data; } else { l = rec->length; + /* TODO(size_t): Convert this call */ bs = EVP_CIPHER_CTX_block_size(ds); /* COMPRESS */ if ((bs != 1) && sending) { - i = bs - ((int)l % bs); + i = bs - (l % bs); /* we need to add 'i-1' padding bytes */ l += i; @@ -622,7 +893,7 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int sending) */ memset(&rec->input[rec->length], 0, i); rec->length += i; - rec->input[l - 1] = (i - 1); + rec->input[l - 1] = (unsigned char)(i - 1); } if (!sending) { @@ -631,19 +902,30 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int sending) /* otherwise, rec->length >= bs */ } - if (EVP_Cipher(ds, rec->data, rec->input, l) < 1) + /* TODO(size_t): Convert this call */ + if (EVP_Cipher(ds, rec->data, rec->input, (unsigned int)l) < 1) return -1; - if (EVP_MD_CTX_md(s->read_hash) != NULL) - mac_size = EVP_MD_CTX_size(s->read_hash); + if (EVP_MD_CTX_md(s->read_hash) != NULL) { + /* TODO(size_t): convert me */ + imac_size = EVP_MD_CTX_size(s->read_hash); + if (imac_size < 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_ENC, + ERR_R_INTERNAL_ERROR); + return -1; + } + mac_size = (size_t)imac_size; + } if ((bs != 1) && !sending) return ssl3_cbc_remove_padding(rec, bs, mac_size); } - return (1); + return 1; } +#define MAX_PADDING 256 /*- - * tls1_enc encrypts/decrypts |n_recs| in |recs|. + * tls1_enc encrypts/decrypts |n_recs| in |recs|. Will call SSLfatal() for + * internal errors, but not otherwise. * * Returns: * 0: (in non-constant time) if the record is publically invalid (i.e. too @@ -652,22 +934,31 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int sending) * -1: if the record's padding/AEAD-authenticator is invalid or, if sending, * an internal error occurred. */ -int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int sending) +int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) { EVP_CIPHER_CTX *ds; size_t reclen[SSL_MAX_PIPELINES]; unsigned char buf[SSL_MAX_PIPELINES][EVP_AEAD_TLS1_AAD_LEN]; - int bs, i, j, k, pad = 0, ret, mac_size = 0; + int i, pad = 0, ret, tmpr; + size_t bs, mac_size = 0, ctr, padnum, loop; + unsigned char padval; + int imac_size; const EVP_CIPHER *enc; - unsigned int ctr; - if (n_recs == 0) + if (n_recs == 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC, + ERR_R_INTERNAL_ERROR); return 0; + } if (sending) { if (EVP_MD_CTX_md(s->write_hash)) { int n = EVP_MD_CTX_size(s->write_hash); - OPENSSL_assert(n >= 0); + if (!ossl_assert(n >= 0)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC, + ERR_R_INTERNAL_ERROR); + return -1; + } } ds = s->enc_write_ctx; if (s->enc_write_ctx == NULL) @@ -688,10 +979,12 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int sending) * we can't write into the input stream: Can this ever * happen?? (steve) */ - SSLerr(SSL_F_TLS1_ENC, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC, + ERR_R_INTERNAL_ERROR); return -1; } else if (RAND_bytes(recs[ctr].input, ivlen) <= 0) { - SSLerr(SSL_F_TLS1_ENC, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC, + ERR_R_INTERNAL_ERROR); return -1; } } @@ -700,7 +993,11 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int sending) } else { if (EVP_MD_CTX_md(s->read_hash)) { int n = EVP_MD_CTX_size(s->read_hash); - OPENSSL_assert(n >= 0); + if (!ossl_assert(n >= 0)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC, + ERR_R_INTERNAL_ERROR); + return -1; + } } ds = s->enc_read_ctx; if (s->enc_read_ctx == NULL) @@ -725,7 +1022,8 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int sending) * We shouldn't have been called with pipeline data if the * cipher doesn't support pipelining */ - SSLerr(SSL_F_TLS1_ENC, SSL_R_PIPELINE_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC, + SSL_R_PIPELINE_FAILURE); return -1; } } @@ -759,12 +1057,15 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int sending) buf[ctr][8] = recs[ctr].type; buf[ctr][9] = (unsigned char)(s->version >> 8); buf[ctr][10] = (unsigned char)(s->version); - buf[ctr][11] = recs[ctr].length >> 8; - buf[ctr][12] = recs[ctr].length & 0xff; + buf[ctr][11] = (unsigned char)(recs[ctr].length >> 8); + buf[ctr][12] = (unsigned char)(recs[ctr].length & 0xff); pad = EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_AEAD_TLS1_AAD, EVP_AEAD_TLS1_AAD_LEN, buf[ctr]); - if (pad <= 0) + if (pad <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC, + ERR_R_INTERNAL_ERROR); return -1; + } if (sending) { reclen[ctr] += pad; @@ -772,16 +1073,21 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int sending) } } else if ((bs != 1) && sending) { - i = bs - ((int)reclen[ctr] % bs); + padnum = bs - (reclen[ctr] % bs); /* Add weird padding of upto 256 bytes */ - /* we need to add 'i' padding bytes of value j */ - j = i - 1; - for (k = (int)reclen[ctr]; k < (int)(reclen[ctr] + i); k++) - recs[ctr].input[k] = j; - reclen[ctr] += i; - recs[ctr].length += i; + if (padnum > MAX_PADDING) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC, + ERR_R_INTERNAL_ERROR); + return -1; + } + /* we need to add 'padnum' padding bytes of value padval */ + padval = (unsigned char)(padnum - 1); + for (loop = reclen[ctr]; loop < reclen[ctr] + padnum; loop++) + recs[ctr].input[loop] = padval; + reclen[ctr] += padnum; + recs[ctr].length += padnum; } if (!sending) { @@ -797,28 +1103,34 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int sending) data[ctr] = recs[ctr].data; } if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS, - n_recs, data) <= 0) { - SSLerr(SSL_F_TLS1_ENC, SSL_R_PIPELINE_FAILURE); + (int)n_recs, data) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC, + SSL_R_PIPELINE_FAILURE); + return -1; } /* Set the input buffers */ for (ctr = 0; ctr < n_recs; ctr++) { data[ctr] = recs[ctr].input; } if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_INPUT_BUFS, - n_recs, data) <= 0 + (int)n_recs, data) <= 0 || EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_INPUT_LENS, - n_recs, reclen) <= 0) { - SSLerr(SSL_F_TLS1_ENC, SSL_R_PIPELINE_FAILURE); + (int)n_recs, reclen) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC, + SSL_R_PIPELINE_FAILURE); return -1; } } - i = EVP_Cipher(ds, recs[0].data, recs[0].input, reclen[0]); + /* TODO(size_t): Convert this call */ + tmpr = EVP_Cipher(ds, recs[0].data, recs[0].input, + (unsigned int)reclen[0]); if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds)) & EVP_CIPH_FLAG_CUSTOM_CIPHER) - ? (i < 0) - : (i == 0)) + ? (tmpr < 0) + : (tmpr == 0)) return -1; /* AEAD can fail to verify MAC */ + if (sending == 0) { if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE) { for (ctr = 0; ctr < n_recs; ctr++) { @@ -836,8 +1148,15 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int sending) } ret = 1; - if (!SSL_READ_ETM(s) && EVP_MD_CTX_md(s->read_hash) != NULL) - mac_size = EVP_MD_CTX_size(s->read_hash); + if (!SSL_READ_ETM(s) && EVP_MD_CTX_md(s->read_hash) != NULL) { + imac_size = EVP_MD_CTX_size(s->read_hash); + if (imac_size < 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC, + ERR_R_INTERNAL_ERROR); + return -1; + } + mac_size = (size_t)imac_size; + } if ((bs != 1) && !sending) { int tmpret; for (ctr = 0; ctr < n_recs; ctr++) { @@ -868,7 +1187,7 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) const EVP_MD_CTX *hash; unsigned char *p, rec_char; size_t md_size; - int npad; + size_t npad; int t; if (sending) { @@ -883,7 +1202,7 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) t = EVP_MD_CTX_size(hash); if (t < 0) - return -1; + return 0; md_size = t; npad = (48 / md_size) * md_size; @@ -905,7 +1224,7 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) * total size. */ unsigned char header[75]; - unsigned j = 0; + size_t j = 0; memcpy(header + j, mac_sec, md_size); j += md_size; memcpy(header + j, ssl3_pad_1, npad); @@ -913,8 +1232,8 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) memcpy(header + j, seq, 8); j += 8; header[j++] = rec->type; - header[j++] = rec->length >> 8; - header[j++] = rec->length & 0xff; + header[j++] = (unsigned char)(rec->length >> 8); + header[j++] = (unsigned char)(rec->length & 0xff); /* Final param == is SSLv3 */ if (ssl3_cbc_digest_record(hash, @@ -922,14 +1241,14 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) header, rec->input, rec->length + md_size, rec->orig_len, mac_sec, md_size, 1) <= 0) - return -1; + return 0; } else { unsigned int md_size_u; /* Chop the digest off the end :-) */ EVP_MD_CTX *md_ctx = EVP_MD_CTX_new(); if (md_ctx == NULL) - return -1; + return 0; rec_char = rec->type; p = md; @@ -948,15 +1267,14 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) || EVP_DigestUpdate(md_ctx, md, md_size) <= 0 || EVP_DigestFinal_ex(md_ctx, md, &md_size_u) <= 0) { EVP_MD_CTX_free(md_ctx); - return -1; + return 0; } - md_size = md_size_u; EVP_MD_CTX_free(md_ctx); } ssl3_record_sequence_update(seq); - return (md_size); + return 1; } int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) @@ -980,7 +1298,8 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) } t = EVP_MD_CTX_size(hash); - OPENSSL_assert(t >= 0); + if (!ossl_assert(t >= 0)) + return 0; md_size = t; /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */ @@ -990,7 +1309,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) hmac = EVP_MD_CTX_new(); if (hmac == NULL || !EVP_MD_CTX_copy(hmac, hash)) { EVP_MD_CTX_free(hmac); - return -1; + return 0; } mac_ctx = hmac; } @@ -1009,8 +1328,8 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) header[8] = rec->type; header[9] = (unsigned char)(ssl->version >> 8); header[10] = (unsigned char)(ssl->version); - header[11] = (rec->length) >> 8; - header[12] = (rec->length) & 0xff; + header[11] = (unsigned char)(rec->length >> 8); + header[12] = (unsigned char)(rec->length & 0xff); if (!sending && !SSL_READ_ETM(ssl) && EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE && @@ -1028,22 +1347,16 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) ssl->s3->read_mac_secret, ssl->s3->read_mac_secret_size, 0) <= 0) { EVP_MD_CTX_free(hmac); - return -1; + return 0; } } else { + /* TODO(size_t): Convert these calls */ if (EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)) <= 0 || EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0 || EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0) { EVP_MD_CTX_free(hmac); - return -1; + return 0; } - if (!sending && !SSL_READ_ETM(ssl) && FIPS_mode()) - if (!tls_fips_digest_extra(ssl->enc_read_ctx, - mac_ctx, rec->input, - rec->length, rec->orig_len)) { - EVP_MD_CTX_free(hmac); - return -1; - } } EVP_MD_CTX_free(hmac); @@ -1058,7 +1371,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) } fprintf(stderr, "rec="); { - unsigned int z; + size_t z; for (z = 0; z < rec->length; z++) fprintf(stderr, "%02X ", rec->data[z]); fprintf(stderr, "\n"); @@ -1080,7 +1393,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) fprintf(stderr, "\n"); } #endif - return (md_size); + return 1; } /*- @@ -1094,10 +1407,11 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) * -1: otherwise. */ int ssl3_cbc_remove_padding(SSL3_RECORD *rec, - unsigned block_size, unsigned mac_size) + size_t block_size, size_t mac_size) { - unsigned padding_length, good; - const unsigned overhead = 1 /* padding length byte */ + mac_size; + size_t padding_length; + size_t good; + const size_t overhead = 1 /* padding length byte */ + mac_size; /* * These lengths are all public so we can test them in non-constant time. @@ -1106,11 +1420,11 @@ int ssl3_cbc_remove_padding(SSL3_RECORD *rec, return 0; padding_length = rec->data[rec->length - 1]; - good = constant_time_ge(rec->length, padding_length + overhead); + good = constant_time_ge_s(rec->length, padding_length + overhead); /* SSLv3 requires that the padding is minimal. */ - good &= constant_time_ge(block_size, padding_length + 1); + good &= constant_time_ge_s(block_size, padding_length + 1); rec->length -= good & (padding_length + 1); - return constant_time_select_int(good, 1, -1); + return constant_time_select_int_s(good, 1, -1); } /*- @@ -1128,10 +1442,11 @@ int ssl3_cbc_remove_padding(SSL3_RECORD *rec, */ int tls1_cbc_remove_padding(const SSL *s, SSL3_RECORD *rec, - unsigned block_size, unsigned mac_size) + size_t block_size, size_t mac_size) { - unsigned padding_length, good, to_check, i; - const unsigned overhead = 1 /* padding length byte */ + mac_size; + size_t good; + size_t padding_length, to_check, i; + const size_t overhead = 1 /* padding length byte */ + mac_size; /* Check if version requires explicit IV */ if (SSL_USE_EXPLICIT_IV(s)) { /* @@ -1157,7 +1472,7 @@ int tls1_cbc_remove_padding(const SSL *s, return 1; } - good = constant_time_ge(rec->length, overhead + padding_length); + good = constant_time_ge_s(rec->length, overhead + padding_length); /* * The padding consists of a length byte at the end of the record and * then that many bytes of padding, all with the same value as the length @@ -1172,7 +1487,7 @@ int tls1_cbc_remove_padding(const SSL *s, to_check = rec->length; for (i = 0; i < to_check; i++) { - unsigned char mask = constant_time_ge_8(padding_length, i); + unsigned char mask = constant_time_ge_8_s(padding_length, i); unsigned char b = rec->data[rec->length - 1 - i]; /* * The final |padding_length+1| bytes should all have the value @@ -1185,10 +1500,10 @@ int tls1_cbc_remove_padding(const SSL *s, * If any of the final |padding_length+1| bytes had the wrong value, one * or more of the lower eight bits of |good| will be cleared. */ - good = constant_time_eq(0xff, good & 0xff); + good = constant_time_eq_s(0xff, good & 0xff); rec->length -= good & (padding_length + 1); - return constant_time_select_int(good, 1, -1); + return constant_time_select_int_s(good, 1, -1); } /*- @@ -1211,8 +1526,8 @@ int tls1_cbc_remove_padding(const SSL *s, */ #define CBC_MAC_ROTATE_IN_PLACE -void ssl3_cbc_copy_mac(unsigned char *out, - const SSL3_RECORD *rec, unsigned md_size) +int ssl3_cbc_copy_mac(unsigned char *out, + const SSL3_RECORD *rec, size_t md_size) { #if defined(CBC_MAC_ROTATE_IN_PLACE) unsigned char rotated_mac_buf[64 + EVP_MAX_MD_SIZE]; @@ -1224,19 +1539,20 @@ void ssl3_cbc_copy_mac(unsigned char *out, /* * mac_end is the index of |rec->data| just after the end of the MAC. */ - unsigned mac_end = rec->length; - unsigned mac_start = mac_end - md_size; - unsigned in_mac; + size_t mac_end = rec->length; + size_t mac_start = mac_end - md_size; + size_t in_mac; /* * scan_start contains the number of bytes that we can ignore because the * MAC's position can only vary by 255 bytes. */ - unsigned scan_start = 0; - unsigned i, j; - unsigned rotate_offset; + size_t scan_start = 0; + size_t i, j; + size_t rotate_offset; - OPENSSL_assert(rec->orig_len >= md_size); - OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE); + if (!ossl_assert(rec->orig_len >= md_size + && md_size <= EVP_MAX_MD_SIZE)) + return 0; #if defined(CBC_MAC_ROTATE_IN_PLACE) rotated_mac = rotated_mac_buf + ((0 - (size_t)rotated_mac_buf) & 63); @@ -1250,15 +1566,15 @@ void ssl3_cbc_copy_mac(unsigned char *out, rotate_offset = 0; memset(rotated_mac, 0, md_size); for (i = scan_start, j = 0; i < rec->orig_len; i++) { - unsigned mac_started = constant_time_eq(i, mac_start); - unsigned mac_ended = constant_time_lt(i, mac_end); + size_t mac_started = constant_time_eq_s(i, mac_start); + size_t mac_ended = constant_time_lt_s(i, mac_end); unsigned char b = rec->data[i]; in_mac |= mac_started; in_mac &= mac_ended; rotate_offset |= j & mac_started; rotated_mac[j++] |= b & in_mac; - j &= constant_time_lt(j, md_size); + j &= constant_time_lt_s(j, md_size); } /* Now rotate the MAC */ @@ -1268,28 +1584,31 @@ void ssl3_cbc_copy_mac(unsigned char *out, /* in case cache-line is 32 bytes, touch second line */ ((volatile unsigned char *)rotated_mac)[rotate_offset ^ 32]; out[j++] = rotated_mac[rotate_offset++]; - rotate_offset &= constant_time_lt(rotate_offset, md_size); + rotate_offset &= constant_time_lt_s(rotate_offset, md_size); } #else memset(out, 0, md_size); rotate_offset = md_size - rotate_offset; - rotate_offset &= constant_time_lt(rotate_offset, md_size); + rotate_offset &= constant_time_lt_s(rotate_offset, md_size); for (i = 0; i < md_size; i++) { for (j = 0; j < md_size; j++) - out[j] |= rotated_mac[i] & constant_time_eq_8(j, rotate_offset); + out[j] |= rotated_mac[i] & constant_time_eq_8_s(j, rotate_offset); rotate_offset++; - rotate_offset &= constant_time_lt(rotate_offset, md_size); + rotate_offset &= constant_time_lt_s(rotate_offset, md_size); } #endif + + return 1; } int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) { - int i, al; + int i; int enc_err; SSL_SESSION *sess; SSL3_RECORD *rr; - unsigned int mac_size; + int imac_size; + size_t mac_size; unsigned char md[EVP_MAX_MD_SIZE]; rr = RECORD_LAYER_get_rrec(&s->rlayer); @@ -1315,15 +1634,38 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) /* check is not needed I believe */ if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) { - al = SSL_AD_RECORD_OVERFLOW; - SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG); - goto f_err; + SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_DTLS1_PROCESS_RECORD, + SSL_R_ENCRYPTED_LENGTH_TOO_LONG); + return 0; } /* decrypt in place in 'rr->input' */ rr->data = rr->input; rr->orig_len = rr->length; + if (SSL_READ_ETM(s) && s->read_hash) { + unsigned char *mac; + mac_size = EVP_MD_CTX_size(s->read_hash); + if (!ossl_assert(mac_size <= EVP_MAX_MD_SIZE)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_PROCESS_RECORD, + ERR_R_INTERNAL_ERROR); + return 0; + } + if (rr->orig_len < mac_size) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_DTLS1_PROCESS_RECORD, + SSL_R_LENGTH_TOO_SHORT); + return 0; + } + rr->length -= mac_size; + mac = rr->data + rr->length; + i = s->method->ssl3_enc->mac(s, rr, md, 0 /* not send */ ); + if (i == 0 || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) { + SSLfatal(s, SSL_AD_BAD_RECORD_MAC, SSL_F_DTLS1_PROCESS_RECORD, + SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); + return 0; + } + } + enc_err = s->method->ssl3_enc->enc(s, rr, 1, 0); /*- * enc_err is: @@ -1332,15 +1674,19 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) * -1: if the padding is invalid */ if (enc_err == 0) { + if (ossl_statem_in_error(s)) { + /* SSLfatal() got called */ + return 0; + } /* For DTLS we simply ignore bad packets. */ rr->length = 0; RECORD_LAYER_reset_packet_length(&s->rlayer); - goto err; + return 0; } #ifdef SSL_DEBUG - printf("dec %d\n", rr->length); + printf("dec %ld\n", rr->length); { - unsigned int z; + size_t z; for (z = 0; z < rr->length; z++) printf("%02X%c", rr->data[z], ((z + 1) % 16) ? ' ' : '\n'); } @@ -1348,13 +1694,25 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) #endif /* r->length is now the compressed data plus mac */ - if ((sess != NULL) && + if ((sess != NULL) && !SSL_READ_ETM(s) && (s->enc_read_ctx != NULL) && (EVP_MD_CTX_md(s->read_hash) != NULL)) { /* s->read_hash != NULL => mac_size != -1 */ unsigned char *mac = NULL; unsigned char mac_tmp[EVP_MAX_MD_SIZE]; - mac_size = EVP_MD_CTX_size(s->read_hash); - OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE); + + /* TODO(size_t): Convert this to do size_t properly */ + imac_size = EVP_MD_CTX_size(s->read_hash); + if (imac_size < 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_PROCESS_RECORD, + ERR_LIB_EVP); + return 0; + } + mac_size = (size_t)imac_size; + if (!ossl_assert(mac_size <= EVP_MAX_MD_SIZE)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_PROCESS_RECORD, + ERR_R_INTERNAL_ERROR); + return 0; + } /* * orig_len is the length of the record before any padding was @@ -1366,9 +1724,9 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) /* CBC records must have a padding length byte too. */ (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE && rr->orig_len < mac_size + 1)) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_LENGTH_TOO_SHORT); - goto f_err; + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_DTLS1_PROCESS_RECORD, + SSL_R_LENGTH_TOO_SHORT); + return 0; } if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) { @@ -1379,7 +1737,11 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) * contents of the padding bytes. */ mac = mac_tmp; - ssl3_cbc_copy_mac(mac_tmp, rr, mac_size); + if (!ssl3_cbc_copy_mac(mac_tmp, rr, mac_size)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_PROCESS_RECORD, + ERR_R_INTERNAL_ERROR); + return 0; + } rr->length -= mac_size; } else { /* @@ -1392,8 +1754,8 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) } i = s->method->ssl3_enc->mac(s, rr, md, 0 /* not send */ ); - if (i < 0 || mac == NULL - || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) + if (i == 0 || mac == NULL + || CRYPTO_memcmp(md, mac, mac_size) != 0) enc_err = -1; if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size) enc_err = -1; @@ -1403,28 +1765,27 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) /* decryption failed, silently discard message */ rr->length = 0; RECORD_LAYER_reset_packet_length(&s->rlayer); - goto err; + return 0; } /* r->length is now just compressed */ if (s->expand != NULL) { if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) { - al = SSL_AD_RECORD_OVERFLOW; - SSLerr(SSL_F_DTLS1_PROCESS_RECORD, - SSL_R_COMPRESSED_LENGTH_TOO_LONG); - goto f_err; + SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_DTLS1_PROCESS_RECORD, + SSL_R_COMPRESSED_LENGTH_TOO_LONG); + return 0; } if (!ssl3_do_uncompress(s, rr)) { - al = SSL_AD_DECOMPRESSION_FAILURE; - SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_BAD_DECOMPRESSION); - goto f_err; + SSLfatal(s, SSL_AD_DECOMPRESSION_FAILURE, + SSL_F_DTLS1_PROCESS_RECORD, SSL_R_BAD_DECOMPRESSION); + return 0; } } if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) { - al = SSL_AD_RECORD_OVERFLOW; - SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_DATA_LENGTH_TOO_LONG); - goto f_err; + SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_DTLS1_PROCESS_RECORD, + SSL_R_DATA_LENGTH_TOO_LONG); + return 0; } rr->off = 0; @@ -1443,12 +1804,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) /* Mark receipt of record. */ dtls1_record_bitmap_update(s, bitmap); - return (1); - - f_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - err: - return (0); + return 1; } /* @@ -1471,7 +1827,8 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) int dtls1_get_record(SSL *s) { int ssl_major, ssl_minor; - int i, n; + int rret; + size_t more, n; SSL3_RECORD *rr; unsigned char *p = NULL; unsigned short version; @@ -1485,8 +1842,10 @@ int dtls1_get_record(SSL *s) * The epoch may have changed. If so, process all the pending records. * This is a non-blocking operation. */ - if (!dtls1_process_buffered_records(s)) + if (!dtls1_process_buffered_records(s)) { + /* SSLfatal() already called */ return -1; + } /* if we're renegotiating, then there may be buffered records */ if (dtls1_get_processed_record(s)) @@ -1497,11 +1856,13 @@ int dtls1_get_record(SSL *s) /* check if we have the header */ if ((RECORD_LAYER_get_rstate(&s->rlayer) != SSL_ST_READ_BODY) || (RECORD_LAYER_get_packet_length(&s->rlayer) < DTLS1_RT_HEADER_LENGTH)) { - n = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, - SSL3_BUFFER_get_len(&s->rlayer.rbuf), 0, 1); + rret = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, + SSL3_BUFFER_get_len(&s->rlayer.rbuf), 0, 1, &n); /* read timeout is handled by dtls1_read_bytes */ - if (n <= 0) - return (n); /* error or non-blocking */ + if (rret <= 0) { + /* SSLfatal() already called if appropriate */ + return rret; /* error or non-blocking */ + } /* this packet contained a partial record, dump it */ if (RECORD_LAYER_get_packet_length(&s->rlayer) != @@ -1562,6 +1923,17 @@ int dtls1_get_record(SSL *s) RECORD_LAYER_reset_packet_length(&s->rlayer); goto again; } + + /* If received packet overflows own-client Max Fragment Length setting */ + if (s->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(s->session) + && rr->length > GET_MAX_FRAGMENT_LENGTH(s->session)) { + /* record too long, silently discard it */ + rr->length = 0; + rr->read = 1; + RECORD_LAYER_reset_packet_length(&s->rlayer); + goto again; + } + /* now s->rlayer.rstate == SSL_ST_READ_BODY */ } @@ -1570,10 +1942,14 @@ int dtls1_get_record(SSL *s) if (rr->length > RECORD_LAYER_get_packet_length(&s->rlayer) - DTLS1_RT_HEADER_LENGTH) { /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */ - i = rr->length; - n = ssl3_read_n(s, i, i, 1, 1); + more = rr->length; + rret = ssl3_read_n(s, more, more, 1, 1, &n); /* this packet contained a partial record, dump it */ - if (n != i) { + if (rret <= 0 || n != more) { + if (ossl_statem_in_error(s)) { + /* ssl3_read_n() called SSLfatal() */ + return -1; + } rr->length = 0; rr->read = 1; RECORD_LAYER_reset_packet_length(&s->rlayer); @@ -1592,7 +1968,6 @@ int dtls1_get_record(SSL *s) bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch); if (bitmap == NULL) { rr->length = 0; - rr->read = 1; RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */ goto again; /* get another record */ } @@ -1628,10 +2003,12 @@ int dtls1_get_record(SSL *s) */ if (is_next_epoch) { if ((SSL_in_init(s) || ossl_statem_get_in_handshake(s))) { - if (dtls1_buffer_record - (s, &(DTLS_RECORD_LAYER_get_unprocessed_rcds(&s->rlayer)), - rr->seq_num) < 0) + if (dtls1_buffer_record (s, + &(DTLS_RECORD_LAYER_get_unprocessed_rcds(&s->rlayer)), + rr->seq_num) < 0) { + /* SSLfatal() already called */ return -1; + } } rr->length = 0; rr->read = 1; @@ -1640,12 +2017,41 @@ int dtls1_get_record(SSL *s) } if (!dtls1_process_record(s, bitmap)) { + if (ossl_statem_in_error(s)) { + /* dtls1_process_record() called SSLfatal */ + return -1; + } rr->length = 0; rr->read = 1; RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */ goto again; /* get another record */ } - return (1); + return 1; + +} + +int dtls_buffer_listen_record(SSL *s, size_t len, unsigned char *seq, size_t off) +{ + SSL3_RECORD *rr; + rr = RECORD_LAYER_get_rrec(&s->rlayer); + memset(rr, 0, sizeof(SSL3_RECORD)); + + rr->length = len; + rr->type = SSL3_RT_HANDSHAKE; + memcpy(rr->seq_num, seq, sizeof(rr->seq_num)); + rr->off = off; + + s->rlayer.packet = RECORD_LAYER_get_rbuf(&s->rlayer)->buf; + s->rlayer.packet_length = DTLS1_RT_HEADER_LENGTH + len; + rr->data = s->rlayer.packet + DTLS1_RT_HEADER_LENGTH; + + if (dtls1_buffer_record(s, &(s->rlayer.d->processed_rcds), + SSL3_RECORD_get_seq_num(s->rlayer.rrec)) <= 0) { + /* SSLfatal() already called */ + return 0; + } + + return 1; } diff --git a/deps/openssl/openssl/ssl/record/ssl3_record_tls13.c b/deps/openssl/openssl/ssl/record/ssl3_record_tls13.c new file mode 100644 index 00000000000000..a11ed483e6682b --- /dev/null +++ b/deps/openssl/openssl/ssl/record/ssl3_record_tls13.c @@ -0,0 +1,196 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "../ssl_locl.h" +#include "record_locl.h" +#include "internal/cryptlib.h" + +/*- + * tls13_enc encrypts/decrypts |n_recs| in |recs|. Will call SSLfatal() for + * internal errors, but not otherwise. + * + * Returns: + * 0: (in non-constant time) if the record is publically invalid (i.e. too + * short etc). + * 1: if the record encryption was successful. + * -1: if the record's AEAD-authenticator is invalid or, if sending, + * an internal error occurred. + */ +int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) +{ + EVP_CIPHER_CTX *ctx; + unsigned char iv[EVP_MAX_IV_LENGTH], recheader[SSL3_RT_HEADER_LENGTH]; + size_t ivlen, taglen, offset, loop, hdrlen; + unsigned char *staticiv; + unsigned char *seq; + int lenu, lenf; + SSL3_RECORD *rec = &recs[0]; + uint32_t alg_enc; + WPACKET wpkt; + + if (n_recs != 1) { + /* Should not happen */ + /* TODO(TLS1.3): Support pipelining */ + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC, + ERR_R_INTERNAL_ERROR); + return -1; + } + + if (sending) { + ctx = s->enc_write_ctx; + staticiv = s->write_iv; + seq = RECORD_LAYER_get_write_sequence(&s->rlayer); + } else { + ctx = s->enc_read_ctx; + staticiv = s->read_iv; + seq = RECORD_LAYER_get_read_sequence(&s->rlayer); + } + + /* + * If we're sending an alert and ctx != NULL then we must be forcing + * plaintext alerts. If we're reading and ctx != NULL then we allow + * plaintext alerts at certain points in the handshake. If we've got this + * far then we have already validated that a plaintext alert is ok here. + */ + if (ctx == NULL || rec->type == SSL3_RT_ALERT) { + memmove(rec->data, rec->input, rec->length); + rec->input = rec->data; + return 1; + } + + ivlen = EVP_CIPHER_CTX_iv_length(ctx); + + if (s->early_data_state == SSL_EARLY_DATA_WRITING + || s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) { + if (s->session != NULL && s->session->ext.max_early_data > 0) { + alg_enc = s->session->cipher->algorithm_enc; + } else { + if (!ossl_assert(s->psksession != NULL + && s->psksession->ext.max_early_data > 0)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC, + ERR_R_INTERNAL_ERROR); + return -1; + } + alg_enc = s->psksession->cipher->algorithm_enc; + } + } else { + /* + * To get here we must have selected a ciphersuite - otherwise ctx would + * be NULL + */ + if (!ossl_assert(s->s3->tmp.new_cipher != NULL)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC, + ERR_R_INTERNAL_ERROR); + return -1; + } + alg_enc = s->s3->tmp.new_cipher->algorithm_enc; + } + + if (alg_enc & SSL_AESCCM) { + if (alg_enc & (SSL_AES128CCM8 | SSL_AES256CCM8)) + taglen = EVP_CCM8_TLS_TAG_LEN; + else + taglen = EVP_CCM_TLS_TAG_LEN; + if (sending && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, + NULL) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC, + ERR_R_INTERNAL_ERROR); + return -1; + } + } else if (alg_enc & SSL_AESGCM) { + taglen = EVP_GCM_TLS_TAG_LEN; + } else if (alg_enc & SSL_CHACHA20) { + taglen = EVP_CHACHAPOLY_TLS_TAG_LEN; + } else { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC, + ERR_R_INTERNAL_ERROR); + return -1; + } + + if (!sending) { + /* + * Take off tag. There must be at least one byte of content type as + * well as the tag + */ + if (rec->length < taglen + 1) + return 0; + rec->length -= taglen; + } + + /* Set up IV */ + if (ivlen < SEQ_NUM_SIZE) { + /* Should not happen */ + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC, + ERR_R_INTERNAL_ERROR); + return -1; + } + offset = ivlen - SEQ_NUM_SIZE; + memcpy(iv, staticiv, offset); + for (loop = 0; loop < SEQ_NUM_SIZE; loop++) + iv[offset + loop] = staticiv[offset + loop] ^ seq[loop]; + + /* Increment the sequence counter */ + for (loop = SEQ_NUM_SIZE; loop > 0; loop--) { + ++seq[loop - 1]; + if (seq[loop - 1] != 0) + break; + } + if (loop == 0) { + /* Sequence has wrapped */ + return -1; + } + + /* TODO(size_t): lenu/lenf should be a size_t but EVP doesn't support it */ + if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, sending) <= 0 + || (!sending && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, + taglen, + rec->data + rec->length) <= 0)) { + return -1; + } + + /* Set up the AAD */ + if (!WPACKET_init_static_len(&wpkt, recheader, sizeof(recheader), 0) + || !WPACKET_put_bytes_u8(&wpkt, rec->type) + || !WPACKET_put_bytes_u16(&wpkt, rec->rec_version) + || !WPACKET_put_bytes_u16(&wpkt, rec->length + taglen) + || !WPACKET_get_total_written(&wpkt, &hdrlen) + || hdrlen != SSL3_RT_HEADER_LENGTH + || !WPACKET_finish(&wpkt)) { + WPACKET_cleanup(&wpkt); + return -1; + } + + /* + * For CCM we must explicitly set the total plaintext length before we add + * any AAD. + */ + if (((alg_enc & SSL_AESCCM) != 0 + && EVP_CipherUpdate(ctx, NULL, &lenu, NULL, + (unsigned int)rec->length) <= 0) + || EVP_CipherUpdate(ctx, NULL, &lenu, recheader, + sizeof(recheader)) <= 0 + || EVP_CipherUpdate(ctx, rec->data, &lenu, rec->input, + (unsigned int)rec->length) <= 0 + || EVP_CipherFinal_ex(ctx, rec->data + lenu, &lenf) <= 0 + || (size_t)(lenu + lenf) != rec->length) { + return -1; + } + if (sending) { + /* Add the tag */ + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, + rec->data + rec->length) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC, + ERR_R_INTERNAL_ERROR); + return -1; + } + rec->length += taglen; + } + + return 1; +} diff --git a/deps/openssl/openssl/ssl/s3_cbc.c b/deps/openssl/openssl/ssl/s3_cbc.c index 9a228f7de27cd7..8377d7fe13dcb2 100644 --- a/deps/openssl/openssl/ssl/s3_cbc.c +++ b/deps/openssl/openssl/ssl/s3_cbc.c @@ -1,5 +1,5 @@ /* - * Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,6 +9,7 @@ #include "internal/constant_time_locl.h" #include "ssl_locl.h" +#include "internal/cryptlib.h" #include #include @@ -89,8 +90,6 @@ static void tls1_sha512_final_raw(void *ctx, unsigned char *md_out) */ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx) { - if (FIPS_mode()) - return 0; switch (EVP_MD_CTX_type(ctx)) { case NID_md5: case NID_sha1: @@ -134,7 +133,7 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, size_t data_plus_mac_size, size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret, - unsigned mac_secret_length, char is_sslv3) + size_t mac_secret_length, char is_sslv3) { union { double align; @@ -142,23 +141,24 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, } md_state; void (*md_final_raw) (void *ctx, unsigned char *md_out); void (*md_transform) (void *ctx, const unsigned char *block); - unsigned md_size, md_block_size = 64; - unsigned sslv3_pad_length = 40, header_length, variance_blocks, + size_t md_size, md_block_size = 64; + size_t sslv3_pad_length = 40, header_length, variance_blocks, len, max_mac_bytes, num_blocks, num_starting_blocks, k, mac_end_offset, c, index_a, index_b; - unsigned int bits; /* at most 18 bits */ + size_t bits; /* at most 18 bits */ unsigned char length_bytes[MAX_HASH_BIT_COUNT_BYTES]; /* hmac_pad is the masked HMAC key. */ unsigned char hmac_pad[MAX_HASH_BLOCK_SIZE]; unsigned char first_block[MAX_HASH_BLOCK_SIZE]; unsigned char mac_out[EVP_MAX_MD_SIZE]; - unsigned i, j, md_out_size_u; + size_t i, j; + unsigned md_out_size_u; EVP_MD_CTX *md_ctx = NULL; /* * mdLengthSize is the number of bytes in the length field that * terminates * the hash. */ - unsigned md_length_size = 8; + size_t md_length_size = 8; char length_is_big_endian = 1; int ret; @@ -166,7 +166,8 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, * This is a, hopefully redundant, check that allows us to forget about * many possible overflows later in this function. */ - OPENSSL_assert(data_plus_mac_plus_padding_size < 1024 * 1024); + if (!ossl_assert(data_plus_mac_plus_padding_size < 1024 * 1024)) + return 0; switch (EVP_MD_CTX_type(ctx)) { case NID_md5: @@ -228,15 +229,15 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, * ssl3_cbc_record_digest_supported should have been called first to * check that the hash function is supported. */ - OPENSSL_assert(0); - if (md_out_size) + if (md_out_size != NULL) *md_out_size = 0; - return 0; + return ossl_assert(0); } - OPENSSL_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES); - OPENSSL_assert(md_block_size <= MAX_HASH_BLOCK_SIZE); - OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE); + if (!ossl_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES) + || !ossl_assert(md_block_size <= MAX_HASH_BLOCK_SIZE) + || !ossl_assert(md_size <= EVP_MAX_MD_SIZE)) + return 0; header_length = 13; if (is_sslv3) { @@ -255,12 +256,13 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, * of hash termination (0x80 + 64-bit length) don't fit in the final * block, we say that the final two blocks can vary based on the padding. * TLSv1 has MACs up to 48 bytes long (SHA-384) and the padding is not - * required to be minimal. Therefore we say that the final six blocks can + * required to be minimal. Therefore we say that the final |variance_blocks| + * blocks can * vary based on the padding. Later in the function, if the message is * short and there obviously cannot be this many blocks then * variance_blocks can be reduced. */ - variance_blocks = is_sslv3 ? 2 : 6; + variance_blocks = is_sslv3 ? 2 : ( ((255 + 1 + md_size + md_block_size - 1) / md_block_size) + 1); /* * From now on we're dealing with the MAC, which conceptually has 13 * bytes of `header' before the start of the data (TLS) or 71/75 bytes @@ -332,7 +334,8 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, */ bits += 8 * md_block_size; memset(hmac_pad, 0, md_block_size); - OPENSSL_assert(mac_secret_length <= sizeof(hmac_pad)); + if (!ossl_assert(mac_secret_length <= sizeof(hmac_pad))) + return 0; memcpy(hmac_pad, mac_secret, mac_secret_length); for (i = 0; i < md_block_size; i++) hmac_pad[i] ^= 0x36; @@ -356,7 +359,7 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, if (k > 0) { if (is_sslv3) { - unsigned overhang; + size_t overhang; /* * The SSLv3 header is larger than a single block. overhang is @@ -399,8 +402,8 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, for (i = num_starting_blocks; i <= num_starting_blocks + variance_blocks; i++) { unsigned char block[MAX_HASH_BLOCK_SIZE]; - unsigned char is_block_a = constant_time_eq_8(i, index_a); - unsigned char is_block_b = constant_time_eq_8(i, index_b); + unsigned char is_block_a = constant_time_eq_8_s(i, index_a); + unsigned char is_block_b = constant_time_eq_8_s(i, index_b); for (j = 0; j < md_block_size; j++) { unsigned char b = 0, is_past_c, is_past_cp1; if (k < header_length) @@ -409,8 +412,8 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, b = data[k - header_length]; k++; - is_past_c = is_block_a & constant_time_ge_8(j, c); - is_past_cp1 = is_block_a & constant_time_ge_8(j, c + 1); + is_past_c = is_block_a & constant_time_ge_8_s(j, c); + is_past_cp1 = is_block_a & constant_time_ge_8_s(j, c + 1); /* * If this is the block containing the end of the application * data, and we are at the offset for the 0x80 value, then @@ -418,8 +421,8 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, */ b = constant_time_select_8(is_past_c, 0x80, b); /* - * If this the the block containing the end of the application - * data and we're past the 0x80 value then just write zero. + * If this block contains the end of the application data + * and we're past the 0x80 value then just write zero. */ b = b & ~is_past_cp1; /* @@ -471,6 +474,7 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, || EVP_DigestUpdate(md_ctx, mac_out, md_size) <= 0) goto err; } + /* TODO(size_t): Convert me */ ret = EVP_DigestFinal(md_ctx, md_out, &md_out_size_u); if (ret && md_out_size) *md_out_size = md_out_size_u; @@ -481,49 +485,3 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, EVP_MD_CTX_free(md_ctx); return 0; } - -/* - * Due to the need to use EVP in FIPS mode we can't reimplement digests but - * we can ensure the number of blocks processed is equal for all cases by - * digesting additional data. - */ - -int tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx, - EVP_MD_CTX *mac_ctx, const unsigned char *data, - size_t data_len, size_t orig_len) -{ - size_t block_size, digest_pad, blocks_data, blocks_orig; - if (EVP_CIPHER_CTX_mode(cipher_ctx) != EVP_CIPH_CBC_MODE) - return 1; - block_size = EVP_MD_CTX_block_size(mac_ctx); - /*- - * We are in FIPS mode if we get this far so we know we have only SHA* - * digests and TLS to deal with. - * Minimum digest padding length is 17 for SHA384/SHA512 and 9 - * otherwise. - * Additional header is 13 bytes. To get the number of digest blocks - * processed round up the amount of data plus padding to the nearest - * block length. Block length is 128 for SHA384/SHA512 and 64 otherwise. - * So we have: - * blocks = (payload_len + digest_pad + 13 + block_size - 1)/block_size - * equivalently: - * blocks = (payload_len + digest_pad + 12)/block_size + 1 - * HMAC adds a constant overhead. - * We're ultimately only interested in differences so this becomes - * blocks = (payload_len + 29)/128 - * for SHA384/SHA512 and - * blocks = (payload_len + 21)/64 - * otherwise. - */ - digest_pad = block_size == 64 ? 21 : 29; - blocks_orig = (orig_len + digest_pad) / block_size; - blocks_data = (data_len + digest_pad) / block_size; - /* - * MAC enough blocks to make up the difference between the original and - * actual lengths plus one extra block to ensure this is never a no op. - * The "data" pointer should always have enough space to perform this - * operation as it is large enough for a maximum length TLS buffer. - */ - return EVP_DigestSignUpdate(mac_ctx, data, - (blocks_orig - blocks_data + 1) * block_size); -} diff --git a/deps/openssl/openssl/ssl/s3_enc.c b/deps/openssl/openssl/ssl/s3_enc.c index 65fe913141f749..fca84ef99acf40 100644 --- a/deps/openssl/openssl/ssl/s3_enc.c +++ b/deps/openssl/openssl/ssl/s3_enc.c @@ -1,5 +1,6 @@ /* * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005 Nokia. All rights reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,37 +8,11 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - #include #include "ssl_locl.h" #include #include +#include "internal/cryptlib.h" static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) { @@ -55,7 +30,8 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) m5 = EVP_MD_CTX_new(); s1 = EVP_MD_CTX_new(); if (m5 == NULL || s1 == NULL) { - SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_KEY_BLOCK, + ERR_R_MALLOC_FAILURE); goto err; } EVP_MD_CTX_set_flags(m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); @@ -63,7 +39,8 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) k++; if (k > sizeof(buf)) { /* bug: 'buf' is too small for this ciphersuite */ - SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_KEY_BLOCK, + ERR_R_INTERNAL_ERROR); goto err; } @@ -80,15 +57,24 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) || !EVP_DigestInit_ex(m5, EVP_md5(), NULL) || !EVP_DigestUpdate(m5, s->session->master_key, s->session->master_key_length) - || !EVP_DigestUpdate(m5, smd, SHA_DIGEST_LENGTH)) + || !EVP_DigestUpdate(m5, smd, SHA_DIGEST_LENGTH)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_KEY_BLOCK, + ERR_R_INTERNAL_ERROR); goto err; + } if ((int)(i + MD5_DIGEST_LENGTH) > num) { - if (!EVP_DigestFinal_ex(m5, smd, NULL)) + if (!EVP_DigestFinal_ex(m5, smd, NULL)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR); goto err; + } memcpy(km, smd, (num - i)); } else { - if (!EVP_DigestFinal_ex(m5, km, NULL)) + if (!EVP_DigestFinal_ex(m5, km, NULL)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR); goto err; + } } km += MD5_DIGEST_LENGTH; @@ -113,13 +99,18 @@ int ssl3_change_cipher_state(SSL *s, int which) COMP_METHOD *comp; #endif const EVP_MD *m; - int n, i, j, k, cl; + int mdi; + size_t n, i, j, k, cl; int reuse_dd = 0; c = s->s3->tmp.new_sym_enc; m = s->s3->tmp.new_hash; /* m == NULL will lead to a crash later */ - OPENSSL_assert(m); + if (!ossl_assert(m != NULL)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, + ERR_R_INTERNAL_ERROR); + goto err; + } #ifndef OPENSSL_NO_COMP if (s->s3->tmp.new_compression == NULL) comp = NULL; @@ -128,20 +119,24 @@ int ssl3_change_cipher_state(SSL *s, int which) #endif if (which & SSL3_CC_READ) { - if (s->enc_read_ctx != NULL) + if (s->enc_read_ctx != NULL) { reuse_dd = 1; - else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL) + } else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, + ERR_R_MALLOC_FAILURE); goto err; - else + } else { /* * make sure it's initialised in case we exit later with an error */ EVP_CIPHER_CTX_reset(s->enc_read_ctx); + } dd = s->enc_read_ctx; if (ssl_replace_hash(&s->read_hash, m) == NULL) { - SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); - goto err2; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, + ERR_R_INTERNAL_ERROR); + goto err; } #ifndef OPENSSL_NO_COMP /* COMPRESS */ @@ -150,28 +145,34 @@ int ssl3_change_cipher_state(SSL *s, int which) if (comp != NULL) { s->expand = COMP_CTX_new(comp); if (s->expand == NULL) { - SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, - SSL_R_COMPRESSION_LIBRARY_ERROR); - goto err2; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_SSL3_CHANGE_CIPHER_STATE, + SSL_R_COMPRESSION_LIBRARY_ERROR); + goto err; } } #endif RECORD_LAYER_reset_read_sequence(&s->rlayer); mac_secret = &(s->s3->read_mac_secret[0]); } else { - if (s->enc_write_ctx != NULL) + s->statem.enc_write_state = ENC_WRITE_STATE_INVALID; + if (s->enc_write_ctx != NULL) { reuse_dd = 1; - else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) + } else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, + ERR_R_MALLOC_FAILURE); goto err; - else + } else { /* * make sure it's initialised in case we exit later with an error */ EVP_CIPHER_CTX_reset(s->enc_write_ctx); + } dd = s->enc_write_ctx; if (ssl_replace_hash(&s->write_hash, m) == NULL) { - SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); - goto err2; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, + ERR_R_MALLOC_FAILURE); + goto err; } #ifndef OPENSSL_NO_COMP /* COMPRESS */ @@ -180,9 +181,10 @@ int ssl3_change_cipher_state(SSL *s, int which) if (comp != NULL) { s->compress = COMP_CTX_new(comp); if (s->compress == NULL) { - SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, - SSL_R_COMPRESSION_LIBRARY_ERROR); - goto err2; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_SSL3_CHANGE_CIPHER_STATE, + SSL_R_COMPRESSION_LIBRARY_ERROR); + goto err; } } #endif @@ -194,9 +196,13 @@ int ssl3_change_cipher_state(SSL *s, int which) EVP_CIPHER_CTX_reset(dd); p = s->s3->tmp.key_block; - i = EVP_MD_size(m); - if (i < 0) - goto err2; + mdi = EVP_MD_size(m); + if (mdi < 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, + ERR_R_INTERNAL_ERROR); + goto err; + } + i = mdi; cl = EVP_CIPHER_key_length(c); j = cl; k = EVP_CIPHER_iv_length(c); @@ -219,24 +225,27 @@ int ssl3_change_cipher_state(SSL *s, int which) } if (n > s->s3->tmp.key_block_length) { - SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); - goto err2; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, + ERR_R_INTERNAL_ERROR); + goto err; } memcpy(mac_secret, ms, i); - if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE))) - goto err2; + if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE))) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, + ERR_R_INTERNAL_ERROR); + goto err; + } + s->statem.enc_write_state = ENC_WRITE_STATE_VALID; OPENSSL_cleanse(exp_key, sizeof(exp_key)); OPENSSL_cleanse(exp_iv, sizeof(exp_iv)); - return (1); + return 1; err: - SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE); - err2: OPENSSL_cleanse(exp_key, sizeof(exp_key)); OPENSSL_cleanse(exp_iv, sizeof(exp_iv)); - return (0); + return 0; } int ssl3_setup_key_block(SSL *s) @@ -249,11 +258,12 @@ int ssl3_setup_key_block(SSL *s) SSL_COMP *comp; if (s->s3->tmp.key_block_length != 0) - return (1); + return 1; if (!ssl_cipher_get_evp(s->session, &c, &hash, NULL, NULL, &comp, 0)) { - SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK, SSL_R_CIPHER_OR_HASH_UNAVAILABLE); - return (0); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_SETUP_KEY_BLOCK, + SSL_R_CIPHER_OR_HASH_UNAVAILABLE); + return 0; } s->s3->tmp.new_sym_enc = c; @@ -273,12 +283,16 @@ int ssl3_setup_key_block(SSL *s) ssl3_cleanup_key_block(s); - if ((p = OPENSSL_malloc(num)) == NULL) - goto err; + if ((p = OPENSSL_malloc(num)) == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_SETUP_KEY_BLOCK, + ERR_R_MALLOC_FAILURE); + return 0; + } s->s3->tmp.key_block_length = num; s->s3->tmp.key_block = p; + /* Calls SSLfatal() as required */ ret = ssl3_generate_key_block(s, p, num); if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) { @@ -300,10 +314,6 @@ int ssl3_setup_key_block(SSL *s) } return ret; - - err: - SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE); - return (0); } void ssl3_cleanup_key_block(SSL *s) @@ -318,7 +328,8 @@ int ssl3_init_finished_mac(SSL *s) BIO *buf = BIO_new(BIO_s_mem()); if (buf == NULL) { - SSLerr(SSL_F_SSL3_INIT_FINISHED_MAC, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_INIT_FINISHED_MAC, + ERR_R_MALLOC_FAILURE); return 0; } ssl3_free_digest_list(s); @@ -340,13 +351,32 @@ void ssl3_free_digest_list(SSL *s) s->s3->handshake_dgst = NULL; } -int ssl3_finish_mac(SSL *s, const unsigned char *buf, int len) +int ssl3_finish_mac(SSL *s, const unsigned char *buf, size_t len) { - if (s->s3->handshake_dgst == NULL) + int ret; + + if (s->s3->handshake_dgst == NULL) { /* Note: this writes to a memory BIO so a failure is a fatal error */ - return BIO_write(s->s3->handshake_buffer, (void *)buf, len) == len; - else - return EVP_DigestUpdate(s->s3->handshake_dgst, buf, len); + if (len > INT_MAX) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC, + SSL_R_OVERFLOW_ERROR); + return 0; + } + ret = BIO_write(s->s3->handshake_buffer, (void *)buf, (int)len); + if (ret <= 0 || ret != (int)len) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC, + ERR_R_INTERNAL_ERROR); + return 0; + } + } else { + ret = EVP_DigestUpdate(s->s3->handshake_dgst, buf, len); + if (!ret) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC, + ERR_R_INTERNAL_ERROR); + return 0; + } + } + return 1; } int ssl3_digest_cached_records(SSL *s, int keep) @@ -358,21 +388,23 @@ int ssl3_digest_cached_records(SSL *s, int keep) if (s->s3->handshake_dgst == NULL) { hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); if (hdatalen <= 0) { - SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, - SSL_R_BAD_HANDSHAKE_LENGTH); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS, + SSL_R_BAD_HANDSHAKE_LENGTH); return 0; } s->s3->handshake_dgst = EVP_MD_CTX_new(); if (s->s3->handshake_dgst == NULL) { - SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS, + ERR_R_MALLOC_FAILURE); return 0; } md = ssl_handshake_md(s); if (md == NULL || !EVP_DigestInit_ex(s->s3->handshake_dgst, md, NULL) || !EVP_DigestUpdate(s->s3->handshake_dgst, hdata, hdatalen)) { - SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS, + ERR_R_INTERNAL_ERROR); return 0; } } @@ -384,42 +416,51 @@ int ssl3_digest_cached_records(SSL *s, int keep) return 1; } -int ssl3_final_finish_mac(SSL *s, const char *sender, int len, unsigned char *p) +size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len, + unsigned char *p) { int ret; EVP_MD_CTX *ctx = NULL; - if (!ssl3_digest_cached_records(s, 0)) + if (!ssl3_digest_cached_records(s, 0)) { + /* SSLfatal() already called */ return 0; + } if (EVP_MD_CTX_type(s->s3->handshake_dgst) != NID_md5_sha1) { - SSLerr(SSL_F_SSL3_FINAL_FINISH_MAC, SSL_R_NO_REQUIRED_DIGEST); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC, + SSL_R_NO_REQUIRED_DIGEST); return 0; } ctx = EVP_MD_CTX_new(); if (ctx == NULL) { - SSLerr(SSL_F_SSL3_FINAL_FINISH_MAC, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC, + ERR_R_MALLOC_FAILURE); return 0; } if (!EVP_MD_CTX_copy_ex(ctx, s->s3->handshake_dgst)) { - SSLerr(SSL_F_SSL3_FINAL_FINISH_MAC, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC, + ERR_R_INTERNAL_ERROR); ret = 0; goto err; } ret = EVP_MD_CTX_size(ctx); if (ret < 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC, + ERR_R_INTERNAL_ERROR); ret = 0; goto err; } if ((sender != NULL && EVP_DigestUpdate(ctx, sender, len) <= 0) || EVP_MD_CTX_ctrl(ctx, EVP_CTRL_SSL3_MASTER_SECRET, - s->session->master_key_length, + (int)s->session->master_key_length, s->session->master_key) <= 0 || EVP_DigestFinal_ex(ctx, p, NULL) <= 0) { - SSLerr(SSL_F_SSL3_FINAL_FINISH_MAC, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC, + ERR_R_INTERNAL_ERROR); ret = 0; } @@ -430,7 +471,7 @@ int ssl3_final_finish_mac(SSL *s, const char *sender, int len, unsigned char *p) } int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, - int len) + size_t len, size_t *secret_size) { static const unsigned char *salt[3] = { #ifndef CHARSET_EBCDIC @@ -445,11 +486,13 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, }; unsigned char buf[EVP_MAX_MD_SIZE]; EVP_MD_CTX *ctx = EVP_MD_CTX_new(); - int i, ret = 0; + int i, ret = 1; unsigned int n; + size_t ret_secret_size = 0; if (ctx == NULL) { - SSLerr(SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_MASTER_SECRET, + ERR_R_MALLOC_FAILURE); return 0; } for (i = 0; i < 3; i++) { @@ -461,92 +504,98 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, SSL3_RANDOM_SIZE) <= 0 || EVP_DigestUpdate(ctx, &(s->s3->server_random[0]), SSL3_RANDOM_SIZE) <= 0 + /* TODO(size_t) : convert me */ || EVP_DigestFinal_ex(ctx, buf, &n) <= 0 || EVP_DigestInit_ex(ctx, s->ctx->md5, NULL) <= 0 || EVP_DigestUpdate(ctx, p, len) <= 0 || EVP_DigestUpdate(ctx, buf, n) <= 0 || EVP_DigestFinal_ex(ctx, out, &n) <= 0) { - SSLerr(SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_INTERNAL_ERROR); ret = 0; break; } out += n; - ret += n; + ret_secret_size += n; } EVP_MD_CTX_free(ctx); OPENSSL_cleanse(buf, sizeof(buf)); - return (ret); + if (ret) + *secret_size = ret_secret_size; + return ret; } int ssl3_alert_code(int code) { switch (code) { case SSL_AD_CLOSE_NOTIFY: - return (SSL3_AD_CLOSE_NOTIFY); + return SSL3_AD_CLOSE_NOTIFY; case SSL_AD_UNEXPECTED_MESSAGE: - return (SSL3_AD_UNEXPECTED_MESSAGE); + return SSL3_AD_UNEXPECTED_MESSAGE; case SSL_AD_BAD_RECORD_MAC: - return (SSL3_AD_BAD_RECORD_MAC); + return SSL3_AD_BAD_RECORD_MAC; case SSL_AD_DECRYPTION_FAILED: - return (SSL3_AD_BAD_RECORD_MAC); + return SSL3_AD_BAD_RECORD_MAC; case SSL_AD_RECORD_OVERFLOW: - return (SSL3_AD_BAD_RECORD_MAC); + return SSL3_AD_BAD_RECORD_MAC; case SSL_AD_DECOMPRESSION_FAILURE: - return (SSL3_AD_DECOMPRESSION_FAILURE); + return SSL3_AD_DECOMPRESSION_FAILURE; case SSL_AD_HANDSHAKE_FAILURE: - return (SSL3_AD_HANDSHAKE_FAILURE); + return SSL3_AD_HANDSHAKE_FAILURE; case SSL_AD_NO_CERTIFICATE: - return (SSL3_AD_NO_CERTIFICATE); + return SSL3_AD_NO_CERTIFICATE; case SSL_AD_BAD_CERTIFICATE: - return (SSL3_AD_BAD_CERTIFICATE); + return SSL3_AD_BAD_CERTIFICATE; case SSL_AD_UNSUPPORTED_CERTIFICATE: - return (SSL3_AD_UNSUPPORTED_CERTIFICATE); + return SSL3_AD_UNSUPPORTED_CERTIFICATE; case SSL_AD_CERTIFICATE_REVOKED: - return (SSL3_AD_CERTIFICATE_REVOKED); + return SSL3_AD_CERTIFICATE_REVOKED; case SSL_AD_CERTIFICATE_EXPIRED: - return (SSL3_AD_CERTIFICATE_EXPIRED); + return SSL3_AD_CERTIFICATE_EXPIRED; case SSL_AD_CERTIFICATE_UNKNOWN: - return (SSL3_AD_CERTIFICATE_UNKNOWN); + return SSL3_AD_CERTIFICATE_UNKNOWN; case SSL_AD_ILLEGAL_PARAMETER: - return (SSL3_AD_ILLEGAL_PARAMETER); + return SSL3_AD_ILLEGAL_PARAMETER; case SSL_AD_UNKNOWN_CA: - return (SSL3_AD_BAD_CERTIFICATE); + return SSL3_AD_BAD_CERTIFICATE; case SSL_AD_ACCESS_DENIED: - return (SSL3_AD_HANDSHAKE_FAILURE); + return SSL3_AD_HANDSHAKE_FAILURE; case SSL_AD_DECODE_ERROR: - return (SSL3_AD_HANDSHAKE_FAILURE); + return SSL3_AD_HANDSHAKE_FAILURE; case SSL_AD_DECRYPT_ERROR: - return (SSL3_AD_HANDSHAKE_FAILURE); + return SSL3_AD_HANDSHAKE_FAILURE; case SSL_AD_EXPORT_RESTRICTION: - return (SSL3_AD_HANDSHAKE_FAILURE); + return SSL3_AD_HANDSHAKE_FAILURE; case SSL_AD_PROTOCOL_VERSION: - return (SSL3_AD_HANDSHAKE_FAILURE); + return SSL3_AD_HANDSHAKE_FAILURE; case SSL_AD_INSUFFICIENT_SECURITY: - return (SSL3_AD_HANDSHAKE_FAILURE); + return SSL3_AD_HANDSHAKE_FAILURE; case SSL_AD_INTERNAL_ERROR: - return (SSL3_AD_HANDSHAKE_FAILURE); + return SSL3_AD_HANDSHAKE_FAILURE; case SSL_AD_USER_CANCELLED: - return (SSL3_AD_HANDSHAKE_FAILURE); + return SSL3_AD_HANDSHAKE_FAILURE; case SSL_AD_NO_RENEGOTIATION: - return (-1); /* Don't send it :-) */ + return -1; /* Don't send it :-) */ case SSL_AD_UNSUPPORTED_EXTENSION: - return (SSL3_AD_HANDSHAKE_FAILURE); + return SSL3_AD_HANDSHAKE_FAILURE; case SSL_AD_CERTIFICATE_UNOBTAINABLE: - return (SSL3_AD_HANDSHAKE_FAILURE); + return SSL3_AD_HANDSHAKE_FAILURE; case SSL_AD_UNRECOGNIZED_NAME: - return (SSL3_AD_HANDSHAKE_FAILURE); + return SSL3_AD_HANDSHAKE_FAILURE; case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: - return (SSL3_AD_HANDSHAKE_FAILURE); + return SSL3_AD_HANDSHAKE_FAILURE; case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: - return (SSL3_AD_HANDSHAKE_FAILURE); + return SSL3_AD_HANDSHAKE_FAILURE; case SSL_AD_UNKNOWN_PSK_IDENTITY: - return (TLS1_AD_UNKNOWN_PSK_IDENTITY); + return TLS1_AD_UNKNOWN_PSK_IDENTITY; case SSL_AD_INAPPROPRIATE_FALLBACK: - return (TLS1_AD_INAPPROPRIATE_FALLBACK); + return TLS1_AD_INAPPROPRIATE_FALLBACK; case SSL_AD_NO_APPLICATION_PROTOCOL: - return (TLS1_AD_NO_APPLICATION_PROTOCOL); + return TLS1_AD_NO_APPLICATION_PROTOCOL; + case SSL_AD_CERTIFICATE_REQUIRED: + return SSL_AD_HANDSHAKE_FAILURE; default: - return (-1); + return -1; } } diff --git a/deps/openssl/openssl/ssl/s3_lib.c b/deps/openssl/openssl/ssl/s3_lib.c index ad7532bd0c4d90..866ca4dfa9b067 100644 --- a/deps/openssl/openssl/ssl/s3_lib.c +++ b/deps/openssl/openssl/ssl/s3_lib.c @@ -1,5 +1,7 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * Copyright 2005 Nokia. All rights reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,54 +9,110 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * - * Portions of the attached software ("Contribution") are developed by - * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. - * - * The Contribution is licensed pursuant to the OpenSSL open source - * license provided above. - * - * ECC cipher suite support in OpenSSL originally written by - * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. - * - */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - #include #include +#include "internal/nelem.h" #include "ssl_locl.h" #include #include #include +#include "internal/cryptlib.h" +#define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers) #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers) +#define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs) + +/* TLSv1.3 downgrade protection sentinel values */ +const unsigned char tls11downgrade[] = { + 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00 +}; +const unsigned char tls12downgrade[] = { + 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01 +}; + +/* The list of available TLSv1.3 ciphers */ +static SSL_CIPHER tls13_ciphers[] = { + { + 1, + TLS1_3_RFC_AES_128_GCM_SHA256, + TLS1_3_RFC_AES_128_GCM_SHA256, + TLS1_3_CK_AES_128_GCM_SHA256, + SSL_kANY, + SSL_aANY, + SSL_AES128GCM, + SSL_AEAD, + TLS1_3_VERSION, TLS1_3_VERSION, + 0, 0, + SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256, + 128, + 128, + }, { + 1, + TLS1_3_RFC_AES_256_GCM_SHA384, + TLS1_3_RFC_AES_256_GCM_SHA384, + TLS1_3_CK_AES_256_GCM_SHA384, + SSL_kANY, + SSL_aANY, + SSL_AES256GCM, + SSL_AEAD, + TLS1_3_VERSION, TLS1_3_VERSION, + 0, 0, + SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384, + 256, + 256, + }, +#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) + { + 1, + TLS1_3_RFC_CHACHA20_POLY1305_SHA256, + TLS1_3_RFC_CHACHA20_POLY1305_SHA256, + TLS1_3_CK_CHACHA20_POLY1305_SHA256, + SSL_kANY, + SSL_aANY, + SSL_CHACHA20POLY1305, + SSL_AEAD, + TLS1_3_VERSION, TLS1_3_VERSION, + 0, 0, + SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256, + 256, + 256, + }, +#endif + { + 1, + TLS1_3_RFC_AES_128_CCM_SHA256, + TLS1_3_RFC_AES_128_CCM_SHA256, + TLS1_3_CK_AES_128_CCM_SHA256, + SSL_kANY, + SSL_aANY, + SSL_AES128CCM, + SSL_AEAD, + TLS1_3_VERSION, TLS1_3_VERSION, + 0, 0, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256, + 128, + 128, + }, { + 1, + TLS1_3_RFC_AES_128_CCM_8_SHA256, + TLS1_3_RFC_AES_128_CCM_8_SHA256, + TLS1_3_CK_AES_128_CCM_8_SHA256, + SSL_kANY, + SSL_aANY, + SSL_AES128CCM8, + SSL_AEAD, + TLS1_3_VERSION, TLS1_3_VERSION, + 0, 0, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256, + 128, + 128, + } +}; /* * The list of available ciphers, mostly organized into the following @@ -63,13 +121,14 @@ * EC * PSK * SRP (within that: RSA EC PSK) - * Cipher families: Chacha/poly, Camellila, Gost, IDEA, SEED + * Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED * Weak ciphers */ static SSL_CIPHER ssl3_ciphers[] = { { 1, SSL3_TXT_RSA_NULL_MD5, + SSL3_RFC_RSA_NULL_MD5, SSL3_CK_RSA_NULL_MD5, SSL_kRSA, SSL_aRSA, @@ -85,6 +144,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, SSL3_TXT_RSA_NULL_SHA, + SSL3_RFC_RSA_NULL_SHA, SSL3_CK_RSA_NULL_SHA, SSL_kRSA, SSL_aRSA, @@ -101,6 +161,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, SSL3_TXT_RSA_DES_192_CBC3_SHA, + SSL3_RFC_RSA_DES_192_CBC3_SHA, SSL3_CK_RSA_DES_192_CBC3_SHA, SSL_kRSA, SSL_aRSA, @@ -116,6 +177,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA, + SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA, SSL3_CK_DHE_DSS_DES_192_CBC3_SHA, SSL_kDHE, SSL_aDSS, @@ -131,6 +193,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA, + SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA, SSL3_CK_DHE_RSA_DES_192_CBC3_SHA, SSL_kDHE, SSL_aRSA, @@ -146,6 +209,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, SSL3_TXT_ADH_DES_192_CBC_SHA, + SSL3_RFC_ADH_DES_192_CBC_SHA, SSL3_CK_ADH_DES_192_CBC_SHA, SSL_kDHE, SSL_aNULL, @@ -162,6 +226,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_RSA_WITH_AES_128_SHA, + TLS1_RFC_RSA_WITH_AES_128_SHA, TLS1_CK_RSA_WITH_AES_128_SHA, SSL_kRSA, SSL_aRSA, @@ -177,6 +242,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, + TLS1_RFC_DHE_DSS_WITH_AES_128_SHA, TLS1_CK_DHE_DSS_WITH_AES_128_SHA, SSL_kDHE, SSL_aDSS, @@ -192,6 +258,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, + TLS1_RFC_DHE_RSA_WITH_AES_128_SHA, TLS1_CK_DHE_RSA_WITH_AES_128_SHA, SSL_kDHE, SSL_aRSA, @@ -207,6 +274,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ADH_WITH_AES_128_SHA, + TLS1_RFC_ADH_WITH_AES_128_SHA, TLS1_CK_ADH_WITH_AES_128_SHA, SSL_kDHE, SSL_aNULL, @@ -222,6 +290,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_RSA_WITH_AES_256_SHA, + TLS1_RFC_RSA_WITH_AES_256_SHA, TLS1_CK_RSA_WITH_AES_256_SHA, SSL_kRSA, SSL_aRSA, @@ -237,6 +306,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, + TLS1_RFC_DHE_DSS_WITH_AES_256_SHA, TLS1_CK_DHE_DSS_WITH_AES_256_SHA, SSL_kDHE, SSL_aDSS, @@ -252,6 +322,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, + TLS1_RFC_DHE_RSA_WITH_AES_256_SHA, TLS1_CK_DHE_RSA_WITH_AES_256_SHA, SSL_kDHE, SSL_aRSA, @@ -267,6 +338,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ADH_WITH_AES_256_SHA, + TLS1_RFC_ADH_WITH_AES_256_SHA, TLS1_CK_ADH_WITH_AES_256_SHA, SSL_kDHE, SSL_aNULL, @@ -282,6 +354,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_RSA_WITH_NULL_SHA256, + TLS1_RFC_RSA_WITH_NULL_SHA256, TLS1_CK_RSA_WITH_NULL_SHA256, SSL_kRSA, SSL_aRSA, @@ -297,6 +370,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_RSA_WITH_AES_128_SHA256, + TLS1_RFC_RSA_WITH_AES_128_SHA256, TLS1_CK_RSA_WITH_AES_128_SHA256, SSL_kRSA, SSL_aRSA, @@ -312,6 +386,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_RSA_WITH_AES_256_SHA256, + TLS1_RFC_RSA_WITH_AES_256_SHA256, TLS1_CK_RSA_WITH_AES_256_SHA256, SSL_kRSA, SSL_aRSA, @@ -327,6 +402,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256, + TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256, TLS1_CK_DHE_DSS_WITH_AES_128_SHA256, SSL_kDHE, SSL_aDSS, @@ -342,6 +418,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, + TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256, TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, SSL_kDHE, SSL_aRSA, @@ -357,6 +434,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256, + TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256, TLS1_CK_DHE_DSS_WITH_AES_256_SHA256, SSL_kDHE, SSL_aDSS, @@ -372,6 +450,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, + TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256, TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, SSL_kDHE, SSL_aRSA, @@ -387,6 +466,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ADH_WITH_AES_128_SHA256, + TLS1_RFC_ADH_WITH_AES_128_SHA256, TLS1_CK_ADH_WITH_AES_128_SHA256, SSL_kDHE, SSL_aNULL, @@ -402,6 +482,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ADH_WITH_AES_256_SHA256, + TLS1_RFC_ADH_WITH_AES_256_SHA256, TLS1_CK_ADH_WITH_AES_256_SHA256, SSL_kDHE, SSL_aNULL, @@ -417,6 +498,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256, + TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256, TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, SSL_kRSA, SSL_aRSA, @@ -432,6 +514,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384, + TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384, TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, SSL_kRSA, SSL_aRSA, @@ -447,6 +530,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, + TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_kDHE, SSL_aRSA, @@ -462,6 +546,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, + TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_kDHE, SSL_aRSA, @@ -477,6 +562,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256, + TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256, SSL_kDHE, SSL_aDSS, @@ -492,6 +578,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384, + TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384, SSL_kDHE, SSL_aDSS, @@ -507,6 +594,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, + TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256, TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, SSL_kDHE, SSL_aNULL, @@ -522,6 +610,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, + TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384, TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, SSL_kDHE, SSL_aNULL, @@ -537,6 +626,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_RSA_WITH_AES_128_CCM, + TLS1_RFC_RSA_WITH_AES_128_CCM, TLS1_CK_RSA_WITH_AES_128_CCM, SSL_kRSA, SSL_aRSA, @@ -552,6 +642,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_RSA_WITH_AES_256_CCM, + TLS1_RFC_RSA_WITH_AES_256_CCM, TLS1_CK_RSA_WITH_AES_256_CCM, SSL_kRSA, SSL_aRSA, @@ -567,6 +658,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_DHE_RSA_WITH_AES_128_CCM, + TLS1_RFC_DHE_RSA_WITH_AES_128_CCM, TLS1_CK_DHE_RSA_WITH_AES_128_CCM, SSL_kDHE, SSL_aRSA, @@ -582,6 +674,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_DHE_RSA_WITH_AES_256_CCM, + TLS1_RFC_DHE_RSA_WITH_AES_256_CCM, TLS1_CK_DHE_RSA_WITH_AES_256_CCM, SSL_kDHE, SSL_aRSA, @@ -597,6 +690,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_RSA_WITH_AES_128_CCM_8, + TLS1_RFC_RSA_WITH_AES_128_CCM_8, TLS1_CK_RSA_WITH_AES_128_CCM_8, SSL_kRSA, SSL_aRSA, @@ -612,6 +706,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_RSA_WITH_AES_256_CCM_8, + TLS1_RFC_RSA_WITH_AES_256_CCM_8, TLS1_CK_RSA_WITH_AES_256_CCM_8, SSL_kRSA, SSL_aRSA, @@ -627,6 +722,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8, + TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8, TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8, SSL_kDHE, SSL_aRSA, @@ -642,6 +738,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8, + TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8, TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8, SSL_kDHE, SSL_aRSA, @@ -657,6 +754,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_PSK_WITH_AES_128_CCM, + TLS1_RFC_PSK_WITH_AES_128_CCM, TLS1_CK_PSK_WITH_AES_128_CCM, SSL_kPSK, SSL_aPSK, @@ -672,6 +770,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_PSK_WITH_AES_256_CCM, + TLS1_RFC_PSK_WITH_AES_256_CCM, TLS1_CK_PSK_WITH_AES_256_CCM, SSL_kPSK, SSL_aPSK, @@ -687,6 +786,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_DHE_PSK_WITH_AES_128_CCM, + TLS1_RFC_DHE_PSK_WITH_AES_128_CCM, TLS1_CK_DHE_PSK_WITH_AES_128_CCM, SSL_kDHEPSK, SSL_aPSK, @@ -702,6 +802,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_DHE_PSK_WITH_AES_256_CCM, + TLS1_RFC_DHE_PSK_WITH_AES_256_CCM, TLS1_CK_DHE_PSK_WITH_AES_256_CCM, SSL_kDHEPSK, SSL_aPSK, @@ -717,6 +818,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_PSK_WITH_AES_128_CCM_8, + TLS1_RFC_PSK_WITH_AES_128_CCM_8, TLS1_CK_PSK_WITH_AES_128_CCM_8, SSL_kPSK, SSL_aPSK, @@ -732,6 +834,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_PSK_WITH_AES_256_CCM_8, + TLS1_RFC_PSK_WITH_AES_256_CCM_8, TLS1_CK_PSK_WITH_AES_256_CCM_8, SSL_kPSK, SSL_aPSK, @@ -747,6 +850,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8, + TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8, TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8, SSL_kDHEPSK, SSL_aPSK, @@ -762,6 +866,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8, + TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8, TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8, SSL_kDHEPSK, SSL_aPSK, @@ -777,6 +882,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM, + TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM, TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM, SSL_kECDHE, SSL_aECDSA, @@ -792,6 +898,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM, + TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM, TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM, SSL_kECDHE, SSL_aECDSA, @@ -807,6 +914,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8, + TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8, TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8, SSL_kECDHE, SSL_aECDSA, @@ -822,6 +930,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8, + TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8, TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8, SSL_kECDHE, SSL_aECDSA, @@ -834,11 +943,10 @@ static SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, - -#ifndef OPENSSL_NO_EC { 1, TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, + TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA, TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, SSL_kECDHE, SSL_aECDSA, @@ -855,6 +963,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, + TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, SSL_kECDHE, SSL_aECDSA, @@ -871,6 +980,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_kECDHE, SSL_aECDSA, @@ -886,6 +996,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_kECDHE, SSL_aECDSA, @@ -901,6 +1012,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, + TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA, TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, SSL_kECDHE, SSL_aRSA, @@ -917,6 +1029,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, + TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA, TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, SSL_kECDHE, SSL_aRSA, @@ -933,6 +1046,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, + TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_kECDHE, SSL_aRSA, @@ -948,6 +1062,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_kECDHE, SSL_aRSA, @@ -963,6 +1078,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ECDH_anon_WITH_NULL_SHA, + TLS1_RFC_ECDH_anon_WITH_NULL_SHA, TLS1_CK_ECDH_anon_WITH_NULL_SHA, SSL_kECDHE, SSL_aNULL, @@ -979,6 +1095,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, + TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA, TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, SSL_kECDHE, SSL_aNULL, @@ -995,6 +1112,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, + TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA, TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, SSL_kECDHE, SSL_aNULL, @@ -1010,6 +1128,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, + TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA, TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, SSL_kECDHE, SSL_aNULL, @@ -1025,6 +1144,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, + TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256, TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, SSL_kECDHE, SSL_aECDSA, @@ -1040,6 +1160,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, + TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384, TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, SSL_kECDHE, SSL_aECDSA, @@ -1055,6 +1176,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, + TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256, TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, SSL_kECDHE, SSL_aRSA, @@ -1070,6 +1192,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, + TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384, TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, SSL_kECDHE, SSL_aRSA, @@ -1085,6 +1208,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_kECDHE, SSL_aECDSA, @@ -1100,6 +1224,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_kECDHE, SSL_aECDSA, @@ -1115,6 +1240,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_kECDHE, SSL_aRSA, @@ -1130,6 +1256,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_kECDHE, SSL_aRSA, @@ -1142,12 +1269,10 @@ static SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, -#endif /* OPENSSL_NO_EC */ - -#ifndef OPENSSL_NO_PSK { 1, TLS1_TXT_PSK_WITH_NULL_SHA, + TLS1_RFC_PSK_WITH_NULL_SHA, TLS1_CK_PSK_WITH_NULL_SHA, SSL_kPSK, SSL_aPSK, @@ -1163,6 +1288,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_DHE_PSK_WITH_NULL_SHA, + TLS1_RFC_DHE_PSK_WITH_NULL_SHA, TLS1_CK_DHE_PSK_WITH_NULL_SHA, SSL_kDHEPSK, SSL_aPSK, @@ -1178,6 +1304,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_RSA_PSK_WITH_NULL_SHA, + TLS1_RFC_RSA_PSK_WITH_NULL_SHA, TLS1_CK_RSA_PSK_WITH_NULL_SHA, SSL_kRSAPSK, SSL_aRSA, @@ -1194,6 +1321,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA, + TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA, TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA, SSL_kPSK, SSL_aPSK, @@ -1210,6 +1338,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, + TLS1_RFC_PSK_WITH_AES_128_CBC_SHA, TLS1_CK_PSK_WITH_AES_128_CBC_SHA, SSL_kPSK, SSL_aPSK, @@ -1225,6 +1354,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, + TLS1_RFC_PSK_WITH_AES_256_CBC_SHA, TLS1_CK_PSK_WITH_AES_256_CBC_SHA, SSL_kPSK, SSL_aPSK, @@ -1241,6 +1371,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA, + TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA, TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA, SSL_kDHEPSK, SSL_aPSK, @@ -1257,6 +1388,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA, + TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA, TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA, SSL_kDHEPSK, SSL_aPSK, @@ -1272,6 +1404,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA, + TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA, TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA, SSL_kDHEPSK, SSL_aPSK, @@ -1288,6 +1421,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA, + TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA, TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA, SSL_kRSAPSK, SSL_aRSA, @@ -1304,6 +1438,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA, + TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA, TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA, SSL_kRSAPSK, SSL_aRSA, @@ -1319,6 +1454,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA, + TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA, TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA, SSL_kRSAPSK, SSL_aRSA, @@ -1334,6 +1470,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256, + TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256, TLS1_CK_PSK_WITH_AES_128_GCM_SHA256, SSL_kPSK, SSL_aPSK, @@ -1349,6 +1486,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384, + TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384, TLS1_CK_PSK_WITH_AES_256_GCM_SHA384, SSL_kPSK, SSL_aPSK, @@ -1364,6 +1502,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256, + TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256, TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256, SSL_kDHEPSK, SSL_aPSK, @@ -1379,6 +1518,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384, + TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384, TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384, SSL_kDHEPSK, SSL_aPSK, @@ -1394,6 +1534,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256, + TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256, TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256, SSL_kRSAPSK, SSL_aRSA, @@ -1409,6 +1550,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384, + TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384, TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384, SSL_kRSAPSK, SSL_aRSA, @@ -1424,6 +1566,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256, + TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256, TLS1_CK_PSK_WITH_AES_128_CBC_SHA256, SSL_kPSK, SSL_aPSK, @@ -1439,6 +1582,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384, + TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384, TLS1_CK_PSK_WITH_AES_256_CBC_SHA384, SSL_kPSK, SSL_aPSK, @@ -1454,6 +1598,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_PSK_WITH_NULL_SHA256, + TLS1_RFC_PSK_WITH_NULL_SHA256, TLS1_CK_PSK_WITH_NULL_SHA256, SSL_kPSK, SSL_aPSK, @@ -1469,6 +1614,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_PSK_WITH_NULL_SHA384, + TLS1_RFC_PSK_WITH_NULL_SHA384, TLS1_CK_PSK_WITH_NULL_SHA384, SSL_kPSK, SSL_aPSK, @@ -1484,6 +1630,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256, + TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256, TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256, SSL_kDHEPSK, SSL_aPSK, @@ -1499,6 +1646,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384, + TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384, TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384, SSL_kDHEPSK, SSL_aPSK, @@ -1514,6 +1662,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_DHE_PSK_WITH_NULL_SHA256, + TLS1_RFC_DHE_PSK_WITH_NULL_SHA256, TLS1_CK_DHE_PSK_WITH_NULL_SHA256, SSL_kDHEPSK, SSL_aPSK, @@ -1529,6 +1678,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_DHE_PSK_WITH_NULL_SHA384, + TLS1_RFC_DHE_PSK_WITH_NULL_SHA384, TLS1_CK_DHE_PSK_WITH_NULL_SHA384, SSL_kDHEPSK, SSL_aPSK, @@ -1544,6 +1694,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256, + TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256, TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256, SSL_kRSAPSK, SSL_aRSA, @@ -1559,6 +1710,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384, + TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384, TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384, SSL_kRSAPSK, SSL_aRSA, @@ -1574,6 +1726,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_RSA_PSK_WITH_NULL_SHA256, + TLS1_RFC_RSA_PSK_WITH_NULL_SHA256, TLS1_CK_RSA_PSK_WITH_NULL_SHA256, SSL_kRSAPSK, SSL_aRSA, @@ -1589,6 +1742,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_RSA_PSK_WITH_NULL_SHA384, + TLS1_RFC_RSA_PSK_WITH_NULL_SHA384, TLS1_CK_RSA_PSK_WITH_NULL_SHA384, SSL_kRSAPSK, SSL_aRSA, @@ -1601,11 +1755,11 @@ static SSL_CIPHER ssl3_ciphers[] = { 0, 0, }, -# ifndef OPENSSL_NO_EC # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, + TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, SSL_kECDHEPSK, SSL_aPSK, @@ -1622,6 +1776,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA, + TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA, TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA, SSL_kECDHEPSK, SSL_aPSK, @@ -1637,6 +1792,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA, + TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA, TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA, SSL_kECDHEPSK, SSL_aPSK, @@ -1652,6 +1808,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256, + TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256, TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256, SSL_kECDHEPSK, SSL_aPSK, @@ -1667,6 +1824,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384, + TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384, TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384, SSL_kECDHEPSK, SSL_aPSK, @@ -1682,6 +1840,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA, + TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA, TLS1_CK_ECDHE_PSK_WITH_NULL_SHA, SSL_kECDHEPSK, SSL_aPSK, @@ -1697,6 +1856,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256, + TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256, TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256, SSL_kECDHEPSK, SSL_aPSK, @@ -1712,6 +1872,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384, + TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384, TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384, SSL_kECDHEPSK, SSL_aPSK, @@ -1724,14 +1885,12 @@ static SSL_CIPHER ssl3_ciphers[] = { 0, 0, }, -# endif /* OPENSSL_NO_EC */ -#endif /* OPENSSL_NO_PSK */ -#ifndef OPENSSL_NO_SRP # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA, + TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA, TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA, SSL_kSRP, SSL_aSRP, @@ -1747,6 +1906,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, + TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, SSL_kSRP, SSL_aRSA, @@ -1762,6 +1922,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, + TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, SSL_kSRP, SSL_aDSS, @@ -1778,6 +1939,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA, + TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA, TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA, SSL_kSRP, SSL_aSRP, @@ -1793,6 +1955,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, + TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, SSL_kSRP, SSL_aRSA, @@ -1808,6 +1971,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, + TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, SSL_kSRP, SSL_aDSS, @@ -1823,6 +1987,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA, + TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA, TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA, SSL_kSRP, SSL_aSRP, @@ -1838,6 +2003,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, + TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, SSL_kSRP, SSL_aRSA, @@ -1853,6 +2019,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, + TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, SSL_kSRP, SSL_aDSS, @@ -1865,13 +2032,12 @@ static SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, -#endif /* OPENSSL_NO_SRP */ #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) -# ifndef OPENSSL_NO_RSA { 1, TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305, + TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305, TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305, SSL_kDHE, SSL_aRSA, @@ -1884,12 +2050,10 @@ static SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, -# endif /* OPENSSL_NO_RSA */ - -# ifndef OPENSSL_NO_EC { 1, TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305, + TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305, TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305, SSL_kECDHE, SSL_aRSA, @@ -1905,6 +2069,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, + TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, SSL_kECDHE, SSL_aECDSA, @@ -1917,12 +2082,10 @@ static SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, -# endif /* OPENSSL_NO_EC */ - -# ifndef OPENSSL_NO_PSK { 1, TLS1_TXT_PSK_WITH_CHACHA20_POLY1305, + TLS1_RFC_PSK_WITH_CHACHA20_POLY1305, TLS1_CK_PSK_WITH_CHACHA20_POLY1305, SSL_kPSK, SSL_aPSK, @@ -1938,6 +2101,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305, + TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305, TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305, SSL_kECDHEPSK, SSL_aPSK, @@ -1953,6 +2117,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305, + TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305, TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305, SSL_kDHEPSK, SSL_aPSK, @@ -1968,6 +2133,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305, + TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305, TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305, SSL_kRSAPSK, SSL_aRSA, @@ -1980,7 +2146,6 @@ static SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, -# endif /* OPENSSL_NO_PSK */ #endif /* !defined(OPENSSL_NO_CHACHA) && * !defined(OPENSSL_NO_POLY1305) */ @@ -1988,6 +2153,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256, TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256, SSL_kRSA, SSL_aRSA, @@ -2003,6 +2169,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, SSL_kEDH, SSL_aDSS, @@ -2018,6 +2185,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, SSL_kEDH, SSL_aRSA, @@ -2033,6 +2201,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256, TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256, SSL_kEDH, SSL_aNULL, @@ -2048,6 +2217,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256, + TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256, TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256, SSL_kRSA, SSL_aRSA, @@ -2063,6 +2233,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, + TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, SSL_kEDH, SSL_aDSS, @@ -2078,6 +2249,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, + TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, SSL_kEDH, SSL_aRSA, @@ -2093,6 +2265,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256, + TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256, TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256, SSL_kEDH, SSL_aNULL, @@ -2108,6 +2281,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, + TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_kRSA, SSL_aRSA, @@ -2123,6 +2297,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, + TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_kDHE, SSL_aDSS, @@ -2138,6 +2313,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, + TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_kDHE, SSL_aRSA, @@ -2153,6 +2329,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, + TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA, TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, SSL_kDHE, SSL_aNULL, @@ -2168,6 +2345,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, + TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA, TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_kRSA, SSL_aRSA, @@ -2183,6 +2361,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, + TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, SSL_kDHE, SSL_aDSS, @@ -2198,6 +2377,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, + TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_kDHE, SSL_aRSA, @@ -2213,6 +2393,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, + TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA, TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, SSL_kDHE, SSL_aNULL, @@ -2225,11 +2406,10 @@ static SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, - -# ifndef OPENSSL_NO_EC { 1, TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, SSL_kECDHE, SSL_aECDSA, @@ -2245,6 +2425,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, SSL_kECDHE, SSL_aECDSA, @@ -2260,6 +2441,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, SSL_kECDHE, SSL_aRSA, @@ -2275,6 +2457,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, SSL_kECDHE, SSL_aRSA, @@ -2287,12 +2470,10 @@ static SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, -# endif /* OPENSSL_NO_EC */ - -# ifndef OPENSSL_NO_PSK { 1, TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256, TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256, SSL_kPSK, SSL_aPSK, @@ -2308,6 +2489,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384, TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384, SSL_kPSK, SSL_aPSK, @@ -2323,6 +2505,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, SSL_kDHEPSK, SSL_aPSK, @@ -2338,6 +2521,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, SSL_kDHEPSK, SSL_aPSK, @@ -2353,6 +2537,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, SSL_kRSAPSK, SSL_aRSA, @@ -2368,6 +2553,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, SSL_kRSAPSK, SSL_aRSA, @@ -2383,6 +2569,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, + TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, SSL_kECDHEPSK, SSL_aPSK, @@ -2398,6 +2585,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, + TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, SSL_kECDHEPSK, SSL_aPSK, @@ -2410,14 +2598,13 @@ static SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, -# endif /* OPENSSL_NO_PSK */ - #endif /* OPENSSL_NO_CAMELLIA */ #ifndef OPENSSL_NO_GOST { 1, "GOST2001-GOST89-GOST89", + "TLS_GOSTR341001_WITH_28147_CNT_IMIT", 0x3000081, SSL_kGOST, SSL_aGOST01, @@ -2433,6 +2620,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, "GOST2001-NULL-GOST94", + "TLS_GOSTR341001_WITH_NULL_GOSTR3411", 0x3000083, SSL_kGOST, SSL_aGOST01, @@ -2448,6 +2636,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, "GOST2012-GOST8912-GOST8912", + NULL, 0x0300ff85, SSL_kGOST, SSL_aGOST12 | SSL_aGOST01, @@ -2463,6 +2652,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, "GOST2012-NULL-GOST12", + NULL, 0x0300ff87, SSL_kGOST, SSL_aGOST12 | SSL_aGOST01, @@ -2481,6 +2671,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, SSL3_TXT_RSA_IDEA_128_SHA, + SSL3_RFC_RSA_IDEA_128_SHA, SSL3_CK_RSA_IDEA_128_SHA, SSL_kRSA, SSL_aRSA, @@ -2499,6 +2690,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_RSA_WITH_SEED_SHA, + TLS1_RFC_RSA_WITH_SEED_SHA, TLS1_CK_RSA_WITH_SEED_SHA, SSL_kRSA, SSL_aRSA, @@ -2514,6 +2706,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_DHE_DSS_WITH_SEED_SHA, + TLS1_RFC_DHE_DSS_WITH_SEED_SHA, TLS1_CK_DHE_DSS_WITH_SEED_SHA, SSL_kDHE, SSL_aDSS, @@ -2529,6 +2722,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_DHE_RSA_WITH_SEED_SHA, + TLS1_RFC_DHE_RSA_WITH_SEED_SHA, TLS1_CK_DHE_RSA_WITH_SEED_SHA, SSL_kDHE, SSL_aRSA, @@ -2544,6 +2738,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ADH_WITH_SEED_SHA, + TLS1_RFC_ADH_WITH_SEED_SHA, TLS1_CK_ADH_WITH_SEED_SHA, SSL_kDHE, SSL_aNULL, @@ -2562,6 +2757,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, SSL3_TXT_RSA_RC4_128_MD5, + SSL3_RFC_RSA_RC4_128_MD5, SSL3_CK_RSA_RC4_128_MD5, SSL_kRSA, SSL_aRSA, @@ -2577,6 +2773,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, SSL3_TXT_RSA_RC4_128_SHA, + SSL3_RFC_RSA_RC4_128_SHA, SSL3_CK_RSA_RC4_128_SHA, SSL_kRSA, SSL_aRSA, @@ -2592,6 +2789,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, SSL3_TXT_ADH_RC4_128_MD5, + SSL3_RFC_ADH_RC4_128_MD5, SSL3_CK_ADH_RC4_128_MD5, SSL_kDHE, SSL_aNULL, @@ -2604,11 +2802,10 @@ static SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, - -# ifndef OPENSSL_NO_EC { 1, TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA, + TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA, TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA, SSL_kECDHEPSK, SSL_aPSK, @@ -2624,6 +2821,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, + TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA, TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, SSL_kECDHE, SSL_aNULL, @@ -2639,6 +2837,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, + TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_kECDHE, SSL_aECDSA, @@ -2654,6 +2853,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, + TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA, TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, SSL_kECDHE, SSL_aRSA, @@ -2666,12 +2866,10 @@ static SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, -# endif /* OPENSSL_NO_EC */ - -# ifndef OPENSSL_NO_PSK { 1, TLS1_TXT_PSK_WITH_RC4_128_SHA, + TLS1_RFC_PSK_WITH_RC4_128_SHA, TLS1_CK_PSK_WITH_RC4_128_SHA, SSL_kPSK, SSL_aPSK, @@ -2687,6 +2885,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA, + TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA, TLS1_CK_RSA_PSK_WITH_RC4_128_SHA, SSL_kRSAPSK, SSL_aRSA, @@ -2702,6 +2901,7 @@ static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA, + TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA, TLS1_CK_DHE_PSK_WITH_RC4_128_SHA, SSL_kDHEPSK, SSL_aPSK, @@ -2714,10 +2914,288 @@ static SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, -# endif /* OPENSSL_NO_PSK */ - #endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */ +#ifndef OPENSSL_NO_ARIA + { + 1, + TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256, + TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256, + TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256, + SSL_kRSA, + SSL_aRSA, + SSL_ARIA128GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + { + 1, + TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384, + TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384, + TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384, + SSL_kRSA, + SSL_aRSA, + SSL_ARIA256GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, + { + 1, + TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256, + TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256, + TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256, + SSL_kDHE, + SSL_aRSA, + SSL_ARIA128GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + { + 1, + TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384, + TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384, + TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384, + SSL_kDHE, + SSL_aRSA, + SSL_ARIA256GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, + { + 1, + TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256, + TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256, + TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256, + SSL_kDHE, + SSL_aDSS, + SSL_ARIA128GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + { + 1, + TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384, + TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384, + TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384, + SSL_kDHE, + SSL_aDSS, + SSL_ARIA256GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, + { + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, + TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, + TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, + SSL_kECDHE, + SSL_aECDSA, + SSL_ARIA128GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + { + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, + TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, + TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, + SSL_kECDHE, + SSL_aECDSA, + SSL_ARIA256GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, + { + 1, + TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, + TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, + TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, + SSL_kECDHE, + SSL_aRSA, + SSL_ARIA128GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + { + 1, + TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, + TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, + TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, + SSL_kECDHE, + SSL_aRSA, + SSL_ARIA256GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, + { + 1, + TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256, + TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256, + TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256, + SSL_kPSK, + SSL_aPSK, + SSL_ARIA128GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + { + 1, + TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384, + TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384, + TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384, + SSL_kPSK, + SSL_aPSK, + SSL_ARIA256GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, + { + 1, + TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256, + TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256, + TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256, + SSL_kDHEPSK, + SSL_aPSK, + SSL_ARIA128GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + { + 1, + TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384, + TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384, + TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384, + SSL_kDHEPSK, + SSL_aPSK, + SSL_ARIA256GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, + { + 1, + TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256, + TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256, + TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256, + SSL_kRSAPSK, + SSL_aRSA, + SSL_ARIA128GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + { + 1, + TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384, + TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384, + TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384, + SSL_kRSAPSK, + SSL_aRSA, + SSL_ARIA256GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, +#endif /* OPENSSL_NO_ARIA */ +}; + +/* + * The list of known Signalling Cipher-Suite Value "ciphers", non-valid + * values stuffed into the ciphers field of the wire protocol for signalling + * purposes. + */ +static SSL_CIPHER ssl3_scsvs[] = { + { + 0, + "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", + "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", + SSL3_CK_SCSV, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + }, + { + 0, + "TLS_FALLBACK_SCSV", + "TLS_FALLBACK_SCSV", + SSL3_CK_FALLBACK_SCSV, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + }, }; static int cipher_compare(const void *a, const void *b) @@ -2732,8 +3210,11 @@ static int cipher_compare(const void *a, const void *b) void ssl_sort_cipher_list(void) { - qsort(ssl3_ciphers, OSSL_NELEM(ssl3_ciphers), sizeof(ssl3_ciphers[0]), + qsort(tls13_ciphers, TLS13_NUM_CIPHERS, sizeof(tls13_ciphers[0]), cipher_compare); + qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(ssl3_ciphers[0]), + cipher_compare); + qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof(ssl3_scsvs[0]), cipher_compare); } static int ssl_undefined_function_1(SSL *ssl, unsigned char *r, size_t s, @@ -2757,14 +3238,13 @@ const SSL3_ENC_METHOD SSLv3_enc_data = { ssl3_generate_master_secret, ssl3_change_cipher_state, ssl3_final_finish_mac, - MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, SSL3_MD_CLIENT_FINISHED_CONST, 4, SSL3_MD_SERVER_FINISHED_CONST, 4, ssl3_alert_code, ssl_undefined_function_1, 0, - SSL3_HM_HEADER_LENGTH, ssl3_set_handshake_header, + tls_close_construct_packet, ssl3_handshake_write }; @@ -2779,24 +3259,27 @@ long ssl3_default_timeout(void) int ssl3_num_ciphers(void) { - return (SSL3_NUM_CIPHERS); + return SSL3_NUM_CIPHERS; } const SSL_CIPHER *ssl3_get_cipher(unsigned int u) { if (u < SSL3_NUM_CIPHERS) - return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u])); + return &(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]); else - return (NULL); + return NULL; } -int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len) +int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype) { - unsigned char *p = (unsigned char *)s->init_buf->data; - *(p++) = htype; - l2n3(len, p); - s->init_num = (int)len + SSL3_HM_HEADER_LENGTH; - s->init_off = 0; + /* No header in the event of a CCS */ + if (htype == SSL3_MT_CHANGE_CIPHER_SPEC) + return 1; + + /* Set the content type and 3 bytes for the message len */ + if (!WPACKET_put_bytes_u8(pkt, htype) + || !WPACKET_start_sub_packet_u24(pkt)) + return 0; return 1; } @@ -2818,10 +3301,13 @@ int ssl3_new(SSL *s) if (!SSL_SRP_CTX_init(s)) goto err; #endif - s->method->ssl_clear(s); - return (1); + + if (!s->method->ssl_clear(s)) + return 0; + + return 1; err: - return (0); + return 0; } void ssl3_free(SSL *s) @@ -2838,10 +3324,12 @@ void ssl3_free(SSL *s) s->s3->tmp.pkey = NULL; #endif - sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); + OPENSSL_free(s->s3->tmp.ctype); + sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free); OPENSSL_free(s->s3->tmp.ciphers_raw); OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen); OPENSSL_free(s->s3->tmp.peer_sigalgs); + OPENSSL_free(s->s3->tmp.peer_cert_sigalgs); ssl3_free_digest_list(s); OPENSSL_free(s->s3->alpn_selected); OPENSSL_free(s->s3->alpn_proposed); @@ -2853,13 +3341,15 @@ void ssl3_free(SSL *s) s->s3 = NULL; } -void ssl3_clear(SSL *s) +int ssl3_clear(SSL *s) { ssl3_cleanup_key_block(s); - sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); + OPENSSL_free(s->s3->tmp.ctype); + sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free); OPENSSL_free(s->s3->tmp.ciphers_raw); OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen); OPENSSL_free(s->s3->tmp.peer_sigalgs); + OPENSSL_free(s->s3->tmp.peer_cert_sigalgs); #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) EVP_PKEY_free(s->s3->tmp.pkey); @@ -2874,15 +3364,18 @@ void ssl3_clear(SSL *s) /* NULL/zero-out everything in the s3 struct */ memset(s->s3, 0, sizeof(*s->s3)); - ssl_free_wbio_buffer(s); + if (!ssl_free_wbio_buffer(s)) + return 0; s->version = SSL3_VERSION; #if !defined(OPENSSL_NO_NEXTPROTONEG) - OPENSSL_free(s->next_proto_negotiated); - s->next_proto_negotiated = NULL; - s->next_proto_negotiated_len = 0; + OPENSSL_free(s->ext.npn); + s->ext.npn = NULL; + s->ext.npn_len = 0; #endif + + return 1; } #ifndef OPENSSL_NO_SRP @@ -2921,7 +3414,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) EVP_PKEY *pkdh = NULL; if (dh == NULL) { SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); - return (ret); + return ret; } pkdh = ssl_dh_to_pkey(dh); if (pkdh == NULL) { @@ -2942,7 +3435,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_SET_TMP_DH_CB: { SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return (ret); + return ret; } case SSL_CTRL_SET_DH_AUTO: s->cert->dh_tmp_auto = larg; @@ -2966,18 +3459,27 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) nid = EC_GROUP_get_curve_name(group); if (nid == NID_undef) return 0; - return tls1_set_curves(&s->tlsext_ellipticcurvelist, - &s->tlsext_ellipticcurvelist_length, + return tls1_set_groups(&s->ext.supportedgroups, + &s->ext.supportedgroups_len, &nid, 1); } break; #endif /* !OPENSSL_NO_EC */ case SSL_CTRL_SET_TLSEXT_HOSTNAME: + /* + * TODO(OpenSSL1.2) + * This API is only used for a client to set what SNI it will request + * from the server, but we currently allow it to be used on servers + * as well, which is a programming error. Currently we just clear + * the field in SSL_do_handshake() for server SSLs, but when we can + * make ABI-breaking changes, we may want to make use of this API + * an error on server SSLs. + */ if (larg == TLSEXT_NAMETYPE_host_name) { size_t len; - OPENSSL_free(s->tlsext_hostname); - s->tlsext_hostname = NULL; + OPENSSL_free(s->ext.hostname); + s->ext.hostname = NULL; ret = 1; if (parg == NULL) @@ -2987,7 +3489,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME); return 0; } - if ((s->tlsext_hostname = OPENSSL_strdup((char *)parg)) == NULL) { + if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) { SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR); return 0; } @@ -2997,69 +3499,57 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) } break; case SSL_CTRL_SET_TLSEXT_DEBUG_ARG: - s->tlsext_debug_arg = parg; + s->ext.debug_arg = parg; ret = 1; break; case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE: - ret = s->tlsext_status_type; + ret = s->ext.status_type; break; case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: - s->tlsext_status_type = larg; + s->ext.status_type = larg; ret = 1; break; case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS: - *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts; + *(STACK_OF(X509_EXTENSION) **)parg = s->ext.ocsp.exts; ret = 1; break; case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS: - s->tlsext_ocsp_exts = parg; + s->ext.ocsp.exts = parg; ret = 1; break; case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS: - *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids; + *(STACK_OF(OCSP_RESPID) **)parg = s->ext.ocsp.ids; ret = 1; break; case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS: - s->tlsext_ocsp_ids = parg; + s->ext.ocsp.ids = parg; ret = 1; break; case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: - *(unsigned char **)parg = s->tlsext_ocsp_resp; - return s->tlsext_ocsp_resplen; + *(unsigned char **)parg = s->ext.ocsp.resp; + if (s->ext.ocsp.resp_len == 0 + || s->ext.ocsp.resp_len > LONG_MAX) + return -1; + return (long)s->ext.ocsp.resp_len; case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: - OPENSSL_free(s->tlsext_ocsp_resp); - s->tlsext_ocsp_resp = parg; - s->tlsext_ocsp_resplen = larg; + OPENSSL_free(s->ext.ocsp.resp); + s->ext.ocsp.resp = parg; + s->ext.ocsp.resp_len = larg; ret = 1; break; #ifndef OPENSSL_NO_HEARTBEATS case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT: - if (SSL_IS_DTLS(s)) - ret = dtls1_heartbeat(s); - break; - case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING: - if (SSL_IS_DTLS(s)) - ret = s->tlsext_hb_pending; - break; - case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS: - if (SSL_IS_DTLS(s)) { - if (larg) - s->tlsext_heartbeat |= SSL_DTLSEXT_HB_DONT_RECV_REQUESTS; - else - s->tlsext_heartbeat &= ~SSL_DTLSEXT_HB_DONT_RECV_REQUESTS; - ret = 1; - } break; #endif @@ -3084,12 +3574,11 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_SET_CURRENT_CERT: if (larg == SSL_CERT_SET_SERVER) { - CERT_PKEY *cpk; const SSL_CIPHER *cipher; if (!s->server) return 0; cipher = s->s3->tmp.new_cipher; - if (!cipher) + if (cipher == NULL) return 0; /* * No certificate for unauthenticated ciphersuites or using SRP @@ -3097,50 +3586,58 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) */ if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP)) return 2; - cpk = ssl_get_server_send_pkey(s); - if (!cpk) + if (s->s3->tmp.cert == NULL) return 0; - s->cert->key = cpk; + s->cert->key = s->s3->tmp.cert; return 1; } return ssl_cert_set_current(s->cert, larg); #ifndef OPENSSL_NO_EC - case SSL_CTRL_GET_CURVES: + case SSL_CTRL_GET_GROUPS: { - unsigned char *clist; + uint16_t *clist; size_t clistlen; + if (!s->session) return 0; - clist = s->session->tlsext_ellipticcurvelist; - clistlen = s->session->tlsext_ellipticcurvelist_length / 2; + clist = s->session->ext.supportedgroups; + clistlen = s->session->ext.supportedgroups_len; if (parg) { size_t i; int *cptr = parg; - unsigned int cid, nid; + for (i = 0; i < clistlen; i++) { - n2s(clist, cid); - nid = tls1_ec_curve_id2nid(cid, NULL); - if (nid != 0) - cptr[i] = nid; + const TLS_GROUP_INFO *cinf = tls1_group_id_lookup(clist[i]); + + if (cinf != NULL) + cptr[i] = cinf->nid; else - cptr[i] = TLSEXT_nid_unknown | cid; + cptr[i] = TLSEXT_nid_unknown | clist[i]; } } return (int)clistlen; } - case SSL_CTRL_SET_CURVES: - return tls1_set_curves(&s->tlsext_ellipticcurvelist, - &s->tlsext_ellipticcurvelist_length, parg, larg); + case SSL_CTRL_SET_GROUPS: + return tls1_set_groups(&s->ext.supportedgroups, + &s->ext.supportedgroups_len, parg, larg); + + case SSL_CTRL_SET_GROUPS_LIST: + return tls1_set_groups_list(&s->ext.supportedgroups, + &s->ext.supportedgroups_len, parg); - case SSL_CTRL_SET_CURVES_LIST: - return tls1_set_curves_list(&s->tlsext_ellipticcurvelist, - &s->tlsext_ellipticcurvelist_length, parg); + case SSL_CTRL_GET_SHARED_GROUP: + { + uint16_t id = tls1_shared_group(s, larg); - case SSL_CTRL_GET_SHARED_CURVE: - return tls1_shared_curve(s, larg); + if (larg != -1) { + const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id); + return ginf == NULL ? 0 : ginf->nid; + } + return id; + } #endif case SSL_CTRL_SET_SIGALGS: return tls1_set_sigalgs(s->cert, parg, larg, 0); @@ -3159,14 +3656,9 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) const unsigned char **pctype = parg; if (s->server || !s->s3->tmp.cert_req) return 0; - if (s->cert->ctypes) { - if (pctype) - *pctype = s->cert->ctypes; - return (int)s->cert->ctype_num; - } if (pctype) - *pctype = (unsigned char *)s->s3->tmp.ctype; - return s->s3->tmp.ctype_num; + *pctype = s->s3->tmp.ctype; + return s->s3->tmp.ctype_len; } case SSL_CTRL_SET_CLIENT_CERT_TYPES: @@ -3184,24 +3676,20 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) return ssl_cert_set_cert_store(s->cert, parg, 1, larg); case SSL_CTRL_GET_PEER_SIGNATURE_NID: - if (SSL_USE_SIGALGS(s)) { - if (s->session) { - const EVP_MD *sig; - sig = s->s3->tmp.peer_md; - if (sig) { - *(int *)parg = EVP_MD_type(sig); - return 1; - } - } + if (s->s3->tmp.peer_sigalg == NULL) return 0; - } - /* Might want to do something here for other versions */ - else + *(int *)parg = s->s3->tmp.peer_sigalg->hash; + return 1; + + case SSL_CTRL_GET_SIGNATURE_NID: + if (s->s3->tmp.sigalg == NULL) return 0; + *(int *)parg = s->s3->tmp.sigalg->hash; + return 1; - case SSL_CTRL_GET_SERVER_TMP_KEY: + case SSL_CTRL_GET_PEER_TMP_KEY: #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) - if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) { + if (s->session == NULL || s->s3->peer_tmp == NULL) { return 0; } else { EVP_PKEY_up_ref(s->s3->peer_tmp); @@ -3211,22 +3699,37 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) #else return 0; #endif + + case SSL_CTRL_GET_TMP_KEY: +#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) + if (s->session == NULL || s->s3->tmp.pkey == NULL) { + return 0; + } else { + EVP_PKEY_up_ref(s->s3->tmp.pkey); + *(EVP_PKEY **)parg = s->s3->tmp.pkey; + return 1; + } +#else + return 0; +#endif + #ifndef OPENSSL_NO_EC case SSL_CTRL_GET_EC_POINT_FORMATS: { SSL_SESSION *sess = s->session; const unsigned char **pformat = parg; - if (!sess || !sess->tlsext_ecpointformatlist) + + if (sess == NULL || sess->ext.ecpointformats == NULL) return 0; - *pformat = sess->tlsext_ecpointformatlist; - return (int)sess->tlsext_ecpointformatlist_length; + *pformat = sess->ext.ecpointformats; + return (int)sess->ext.ecpointformats_len; } #endif default: break; } - return (ret); + return ret; } long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void)) @@ -3242,8 +3745,8 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void)) break; #endif case SSL_CTRL_SET_TLSEXT_DEBUG_CB: - s->tlsext_debug_cb = (void (*)(SSL *, int, int, - const unsigned char *, int, void *))fp; + s->ext.debug_cb = (void (*)(SSL *, int, int, + const unsigned char *, int, void *))fp; break; case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB: @@ -3254,7 +3757,7 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void)) default: break; } - return (ret); + return ret; } long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) @@ -3284,13 +3787,10 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) ctx->cert->dh_tmp = pkdh; return 1; } - /* - * break; - */ case SSL_CTRL_SET_TMP_DH_CB: { SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return (0); + return 0; } case SSL_CTRL_SET_DH_AUTO: ctx->cert->dh_tmp_auto = larg; @@ -3314,69 +3814,68 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) nid = EC_GROUP_get_curve_name(group); if (nid == NID_undef) return 0; - return tls1_set_curves(&ctx->tlsext_ellipticcurvelist, - &ctx->tlsext_ellipticcurvelist_length, + return tls1_set_groups(&ctx->ext.supportedgroups, + &ctx->ext.supportedgroups_len, &nid, 1); } - /* break; */ #endif /* !OPENSSL_NO_EC */ case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: - ctx->tlsext_servername_arg = parg; + ctx->ext.servername_arg = parg; break; case SSL_CTRL_SET_TLSEXT_TICKET_KEYS: case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: { unsigned char *keys = parg; - long tlsext_tick_keylen = (sizeof(ctx->tlsext_tick_key_name) + - sizeof(ctx->tlsext_tick_hmac_key) + - sizeof(ctx->tlsext_tick_aes_key)); + long tick_keylen = (sizeof(ctx->ext.tick_key_name) + + sizeof(ctx->ext.secure->tick_hmac_key) + + sizeof(ctx->ext.secure->tick_aes_key)); if (keys == NULL) - return tlsext_tick_keylen; - if (larg != tlsext_tick_keylen) { + return tick_keylen; + if (larg != tick_keylen) { SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH); return 0; } if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) { - memcpy(ctx->tlsext_tick_key_name, keys, - sizeof(ctx->tlsext_tick_key_name)); - memcpy(ctx->tlsext_tick_hmac_key, - keys + sizeof(ctx->tlsext_tick_key_name), - sizeof(ctx->tlsext_tick_hmac_key)); - memcpy(ctx->tlsext_tick_aes_key, - keys + sizeof(ctx->tlsext_tick_key_name) + - sizeof(ctx->tlsext_tick_hmac_key), - sizeof(ctx->tlsext_tick_aes_key)); + memcpy(ctx->ext.tick_key_name, keys, + sizeof(ctx->ext.tick_key_name)); + memcpy(ctx->ext.secure->tick_hmac_key, + keys + sizeof(ctx->ext.tick_key_name), + sizeof(ctx->ext.secure->tick_hmac_key)); + memcpy(ctx->ext.secure->tick_aes_key, + keys + sizeof(ctx->ext.tick_key_name) + + sizeof(ctx->ext.secure->tick_hmac_key), + sizeof(ctx->ext.secure->tick_aes_key)); } else { - memcpy(keys, ctx->tlsext_tick_key_name, - sizeof(ctx->tlsext_tick_key_name)); - memcpy(keys + sizeof(ctx->tlsext_tick_key_name), - ctx->tlsext_tick_hmac_key, - sizeof(ctx->tlsext_tick_hmac_key)); - memcpy(keys + sizeof(ctx->tlsext_tick_key_name) + - sizeof(ctx->tlsext_tick_hmac_key), - ctx->tlsext_tick_aes_key, - sizeof(ctx->tlsext_tick_aes_key)); + memcpy(keys, ctx->ext.tick_key_name, + sizeof(ctx->ext.tick_key_name)); + memcpy(keys + sizeof(ctx->ext.tick_key_name), + ctx->ext.secure->tick_hmac_key, + sizeof(ctx->ext.secure->tick_hmac_key)); + memcpy(keys + sizeof(ctx->ext.tick_key_name) + + sizeof(ctx->ext.secure->tick_hmac_key), + ctx->ext.secure->tick_aes_key, + sizeof(ctx->ext.secure->tick_aes_key)); } return 1; } case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE: - return ctx->tlsext_status_type; + return ctx->ext.status_type; case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: - ctx->tlsext_status_type = larg; + ctx->ext.status_type = larg; break; case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: - ctx->tlsext_status_arg = parg; + ctx->ext.status_arg = parg; return 1; case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG: - *(void**)parg = ctx->tlsext_status_arg; + *(void**)parg = ctx->ext.status_arg; break; case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB: - *(int (**)(SSL*, void*))parg = ctx->tlsext_status_cb; + *(int (**)(SSL*, void*))parg = ctx->ext.status_cb; break; #ifndef OPENSSL_NO_SRP @@ -3416,14 +3915,14 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) #endif #ifndef OPENSSL_NO_EC - case SSL_CTRL_SET_CURVES: - return tls1_set_curves(&ctx->tlsext_ellipticcurvelist, - &ctx->tlsext_ellipticcurvelist_length, + case SSL_CTRL_SET_GROUPS: + return tls1_set_groups(&ctx->ext.supportedgroups, + &ctx->ext.supportedgroups_len, parg, larg); - case SSL_CTRL_SET_CURVES_LIST: - return tls1_set_curves_list(&ctx->tlsext_ellipticcurvelist, - &ctx->tlsext_ellipticcurvelist_length, + case SSL_CTRL_SET_GROUPS_LIST: + return tls1_set_groups_list(&ctx->ext.supportedgroups, + &ctx->ext.supportedgroups_len, parg); #endif case SSL_CTRL_SET_SIGALGS: @@ -3499,9 +3998,9 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) return ssl_cert_set_current(ctx->cert, larg); default: - return (0); + return 0; } - return (1); + return 1; } long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) @@ -3515,15 +4014,15 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) break; #endif case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: - ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp; + ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp; break; case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: - ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp; + ctx->ext.status_cb = (int (*)(SSL *, void *))fp; break; case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB: - ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *, + ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *, unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp; @@ -3551,39 +4050,78 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) } break; default: - return (0); + return 0; } - return (1); + return 1; } -/* - * This function needs to check if the ciphers required are actually - * available - */ -const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) +const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id) { SSL_CIPHER c; const SSL_CIPHER *cp; - uint32_t id; - id = 0x03000000 | ((uint32_t)p[0] << 8L) | (uint32_t)p[1]; c.id = id; + cp = OBJ_bsearch_ssl_cipher_id(&c, tls13_ciphers, TLS13_NUM_CIPHERS); + if (cp != NULL) + return cp; cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS); - return cp; + if (cp != NULL) + return cp; + return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS); } -int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) +const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname) { - long l; - - if (p != NULL) { - l = c->id; - if ((l & 0xff000000) != 0x03000000) - return (0); - p[0] = ((unsigned char)(l >> 8L)) & 0xFF; - p[1] = ((unsigned char)(l)) & 0xFF; + SSL_CIPHER *c = NULL, *tbl; + SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers}; + size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS}; + + /* this is not efficient, necessary to optimize this? */ + for (j = 0; j < OSSL_NELEM(alltabs); j++) { + for (i = 0, tbl = alltabs[j]; i < tblsize[j]; i++, tbl++) { + if (tbl->stdname == NULL) + continue; + if (strcmp(stdname, tbl->stdname) == 0) { + c = tbl; + break; + } + } } - return (2); + if (c == NULL) { + tbl = ssl3_scsvs; + for (i = 0; i < SSL3_NUM_SCSVS; i++, tbl++) { + if (strcmp(stdname, tbl->stdname) == 0) { + c = tbl; + break; + } + } + } + return c; +} + +/* + * This function needs to check if the ciphers required are actually + * available + */ +const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) +{ + return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG + | ((uint32_t)p[0] << 8L) + | (uint32_t)p[1]); +} + +int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len) +{ + if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) { + *len = 0; + return 1; + } + + if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff)) + return 0; + + *len = 2; + return 1; } /* @@ -3599,21 +4137,21 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, { const SSL_CIPHER *c, *ret = NULL; STACK_OF(SSL_CIPHER) *prio, *allow; - int i, ii, ok; - unsigned long alg_k, alg_a, mask_k, mask_a; + int i, ii, ok, prefer_sha256 = 0; + unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0; + const EVP_MD *mdsha256 = EVP_sha256(); +#ifndef OPENSSL_NO_CHACHA + STACK_OF(SSL_CIPHER) *prio_chacha = NULL; +#endif /* Let's see which ciphers we can support */ -#if 0 /* * Do not set the compare functions, because this may lead to a * reordering by "id". We want to keep the original ordering. We may pay * a price in performance during sk_SSL_CIPHER_find(), but would have to * pay with the price of sk_SSL_CIPHER_dup(). */ - sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp); - sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp); -#endif #ifdef CIPHER_DEBUG fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), @@ -3630,16 +4168,81 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, } #endif - if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s)) { + /* SUITE-B takes precedence over server preference and ChaCha priortiy */ + if (tls1_suiteb(s)) { + prio = srvr; + allow = clnt; + } else if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) { prio = srvr; allow = clnt; +#ifndef OPENSSL_NO_CHACHA + /* If ChaCha20 is at the top of the client preference list, + and there are ChaCha20 ciphers in the server list, then + temporarily prioritize all ChaCha20 ciphers in the servers list. */ + if (s->options & SSL_OP_PRIORITIZE_CHACHA && sk_SSL_CIPHER_num(clnt) > 0) { + c = sk_SSL_CIPHER_value(clnt, 0); + if (c->algorithm_enc == SSL_CHACHA20POLY1305) { + /* ChaCha20 is client preferred, check server... */ + int num = sk_SSL_CIPHER_num(srvr); + int found = 0; + for (i = 0; i < num; i++) { + c = sk_SSL_CIPHER_value(srvr, i); + if (c->algorithm_enc == SSL_CHACHA20POLY1305) { + found = 1; + break; + } + } + if (found) { + prio_chacha = sk_SSL_CIPHER_new_reserve(NULL, num); + /* if reserve fails, then there's likely a memory issue */ + if (prio_chacha != NULL) { + /* Put all ChaCha20 at the top, starting with the one we just found */ + sk_SSL_CIPHER_push(prio_chacha, c); + for (i++; i < num; i++) { + c = sk_SSL_CIPHER_value(srvr, i); + if (c->algorithm_enc == SSL_CHACHA20POLY1305) + sk_SSL_CIPHER_push(prio_chacha, c); + } + /* Pull in the rest */ + for (i = 0; i < num; i++) { + c = sk_SSL_CIPHER_value(srvr, i); + if (c->algorithm_enc != SSL_CHACHA20POLY1305) + sk_SSL_CIPHER_push(prio_chacha, c); + } + prio = prio_chacha; + } + } + } + } +# endif } else { prio = clnt; allow = srvr; } - tls1_set_cert_validity(s); - ssl_set_masks(s); + if (SSL_IS_TLS13(s)) { +#ifndef OPENSSL_NO_PSK + int j; + + /* + * If we allow "old" style PSK callbacks, and we have no certificate (so + * we're not going to succeed without a PSK anyway), and we're in + * TLSv1.3 then the default hash for a PSK is SHA-256 (as per the + * TLSv1.3 spec). Therefore we should prioritise ciphersuites using + * that. + */ + if (s->psk_server_callback != NULL) { + for (j = 0; j < SSL_PKEY_NUM && !ssl_has_cert(s, j); j++); + if (j == SSL_PKEY_NUM) { + /* There are no certificates */ + prefer_sha256 = 1; + } + } +#endif + } else { + tls1_set_cert_validity(s); + ssl_set_masks(s); + } for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) { c = sk_SSL_CIPHER_value(prio, i); @@ -3653,41 +4256,47 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, DTLS_VERSION_GT(s->version, c->max_dtls))) continue; - mask_k = s->s3->tmp.mask_k; - mask_a = s->s3->tmp.mask_a; + /* + * Since TLS 1.3 ciphersuites can be used with any auth or + * key exchange scheme skip tests. + */ + if (!SSL_IS_TLS13(s)) { + mask_k = s->s3->tmp.mask_k; + mask_a = s->s3->tmp.mask_a; #ifndef OPENSSL_NO_SRP - if (s->srp_ctx.srp_Mask & SSL_kSRP) { - mask_k |= SSL_kSRP; - mask_a |= SSL_aSRP; - } + if (s->srp_ctx.srp_Mask & SSL_kSRP) { + mask_k |= SSL_kSRP; + mask_a |= SSL_aSRP; + } #endif - alg_k = c->algorithm_mkey; - alg_a = c->algorithm_auth; + alg_k = c->algorithm_mkey; + alg_a = c->algorithm_auth; #ifndef OPENSSL_NO_PSK - /* with PSK there must be server callback set */ - if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL) - continue; + /* with PSK there must be server callback set */ + if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL) + continue; #endif /* OPENSSL_NO_PSK */ - ok = (alg_k & mask_k) && (alg_a & mask_a); + ok = (alg_k & mask_k) && (alg_a & mask_a); #ifdef CIPHER_DEBUG - fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k, - alg_a, mask_k, mask_a, (void *)c, c->name); + fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k, + alg_a, mask_k, mask_a, (void *)c, c->name); #endif #ifndef OPENSSL_NO_EC - /* - * if we are considering an ECC cipher suite that uses an ephemeral - * EC key check it - */ - if (alg_k & SSL_kECDHE) - ok = ok && tls1_check_ec_tmp_key(s, c->id); + /* + * if we are considering an ECC cipher suite that uses an ephemeral + * EC key check it + */ + if (alg_k & SSL_kECDHE) + ok = ok && tls1_check_ec_tmp_key(s, c->id); #endif /* OPENSSL_NO_EC */ - if (!ok) - continue; + if (!ok) + continue; + } ii = sk_SSL_CIPHER_find(allow, c); if (ii >= 0) { /* Check security callback permits this cipher */ @@ -3702,83 +4311,92 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, continue; } #endif + if (prefer_sha256) { + const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii); + + if (ssl_md(tmp->algorithm2) == mdsha256) { + ret = tmp; + break; + } + if (ret == NULL) + ret = tmp; + continue; + } ret = sk_SSL_CIPHER_value(allow, ii); break; } } - return (ret); +#ifndef OPENSSL_NO_CHACHA + sk_SSL_CIPHER_free(prio_chacha); +#endif + return ret; } -int ssl3_get_req_cert_type(SSL *s, unsigned char *p) +int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt) { - int ret = 0; uint32_t alg_k, alg_a = 0; /* If we have custom certificate types set, use them */ - if (s->cert->ctypes) { - memcpy(p, s->cert->ctypes, s->cert->ctype_num); - return (int)s->cert->ctype_num; - } + if (s->cert->ctype) + return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len); /* Get mask of algorithms disabled by signature list */ ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK); alg_k = s->s3->tmp.new_cipher->algorithm_mkey; #ifndef OPENSSL_NO_GOST - if (s->version >= TLS1_VERSION) { - if (alg_k & SSL_kGOST) { - p[ret++] = TLS_CT_GOST01_SIGN; - p[ret++] = TLS_CT_GOST12_SIGN; - p[ret++] = TLS_CT_GOST12_512_SIGN; - return (ret); - } - } + if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST)) + return WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN) + && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_SIGN) + && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_512_SIGN); #endif if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) { #ifndef OPENSSL_NO_DH # ifndef OPENSSL_NO_RSA - p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH; + if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH)) + return 0; # endif # ifndef OPENSSL_NO_DSA - p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH; + if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH)) + return 0; # endif #endif /* !OPENSSL_NO_DH */ } #ifndef OPENSSL_NO_RSA - if (!(alg_a & SSL_aRSA)) - p[ret++] = SSL3_CT_RSA_SIGN; + if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN)) + return 0; #endif #ifndef OPENSSL_NO_DSA - if (!(alg_a & SSL_aDSS)) - p[ret++] = SSL3_CT_DSS_SIGN; + if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN)) + return 0; #endif #ifndef OPENSSL_NO_EC /* * ECDSA certs can be used with RSA cipher suites too so we don't * need to check for SSL_kECDH or SSL_kECDHE */ - if (s->version >= TLS1_VERSION) { - if (!(alg_a & SSL_aECDSA)) - p[ret++] = TLS_CT_ECDSA_SIGN; - } + if (s->version >= TLS1_VERSION + && !(alg_a & SSL_aECDSA) + && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN)) + return 0; #endif - return (ret); + return 1; } static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len) { - OPENSSL_free(c->ctypes); - c->ctypes = NULL; - if (!p || !len) + OPENSSL_free(c->ctype); + c->ctype = NULL; + c->ctype_len = 0; + if (p == NULL || len == 0) return 1; if (len > 0xff) return 0; - c->ctypes = OPENSSL_malloc(len); - if (c->ctypes == NULL) + c->ctype = OPENSSL_memdup(p, len); + if (c->ctype == NULL) return 0; - memcpy(c->ctypes, p, len); - c->ctype_num = len; + c->ctype_len = len; return 1; } @@ -3792,7 +4410,7 @@ int ssl3_shutdown(SSL *s) */ if (s->quiet_shutdown || SSL_in_before(s)) { s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); - return (1); + return 1; } if (!(s->shutdown & SSL_SENT_SHUTDOWN)) { @@ -3803,7 +4421,7 @@ int ssl3_shutdown(SSL *s) * written, s->s3->alert_dispatch will be true */ if (s->s3->alert_dispatch) - return (-1); /* return WANT_WRITE */ + return -1; /* return WANT_WRITE */ } else if (s->s3->alert_dispatch) { /* resend it if not sent */ ret = s->method->ssl_dispatch_alert(s); @@ -3813,45 +4431,48 @@ int ssl3_shutdown(SSL *s) * have already signalled return 0 upon a previous invocation, * return WANT_WRITE */ - return (ret); + return ret; } } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { + size_t readbytes; /* * If we are waiting for a close from our peer, we are closed */ - s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0); + s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes); if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { - return (-1); /* return WANT_READ */ + return -1; /* return WANT_READ */ } } if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) && !s->s3->alert_dispatch) - return (1); + return 1; else - return (0); + return 0; } -int ssl3_write(SSL *s, const void *buf, int len) +int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written) { clear_sys_error(); if (s->s3->renegotiate) - ssl3_renegotiate_check(s); + ssl3_renegotiate_check(s, 0); - return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len); + return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, + written); } -static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) +static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek, + size_t *readbytes) { int ret; clear_sys_error(); if (s->s3->renegotiate) - ssl3_renegotiate_check(s); + ssl3_renegotiate_check(s, 0); s->s3->in_read_app_data = 1; ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len, - peek); + peek, readbytes); if ((ret == -1) && (s->s3->in_read_app_data == 2)) { /* * ssl3_read_bytes decided to call s->handshake_func, which called @@ -3863,44 +4484,49 @@ static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) ossl_statem_set_in_handshake(s, 1); ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, - len, peek); + len, peek, readbytes); ossl_statem_set_in_handshake(s, 0); } else s->s3->in_read_app_data = 0; - return (ret); + return ret; } -int ssl3_read(SSL *s, void *buf, int len) +int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes) { - return ssl3_read_internal(s, buf, len, 0); + return ssl3_read_internal(s, buf, len, 0, readbytes); } -int ssl3_peek(SSL *s, void *buf, int len) +int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes) { - return ssl3_read_internal(s, buf, len, 1); + return ssl3_read_internal(s, buf, len, 1, readbytes); } int ssl3_renegotiate(SSL *s) { if (s->handshake_func == NULL) - return (1); - - if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) - return (0); + return 1; s->s3->renegotiate = 1; - return (1); + return 1; } -int ssl3_renegotiate_check(SSL *s) +/* + * Check if we are waiting to do a renegotiation and if so whether now is a + * good time to do it. If |initok| is true then we are being called from inside + * the state machine so ignore the result of SSL_in_init(s). Otherwise we + * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we + * should do a renegotiation now and sets up the state machine for it. Otherwise + * returns 0. + */ +int ssl3_renegotiate_check(SSL *s, int initok) { int ret = 0; if (s->s3->renegotiate) { if (!RECORD_LAYER_read_pending(&s->rlayer) && !RECORD_LAYER_write_pending(&s->rlayer) - && !SSL_in_init(s)) { + && (initok || !SSL_in_init(s))) { /* * if we are the server, and we have sent a 'RENEGOTIATE' * message, we need to set the state machine into the renegotiate @@ -3913,7 +4539,7 @@ int ssl3_renegotiate_check(SSL *s) ret = 1; } } - return (ret); + return ret; } /* @@ -3942,9 +4568,10 @@ long ssl_get_algorithm2(SSL *s) * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on * failure, 1 on success. */ -int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len) +int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len, + DOWNGRADE dgrd) { - int send_time = 0; + int send_time = 0, ret; if (len < 4) return 0; @@ -3955,16 +4582,34 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len) if (send_time) { unsigned long Time = (unsigned long)time(NULL); unsigned char *p = result; + l2n(Time, p); - return RAND_bytes(p, len - 4); - } else - return RAND_bytes(result, len); + ret = RAND_bytes(p, len - 4); + } else { + ret = RAND_bytes(result, len); + } + + if (ret > 0) { + if (!ossl_assert(sizeof(tls11downgrade) < len) + || !ossl_assert(sizeof(tls12downgrade) < len)) + return 0; + if (dgrd == DOWNGRADE_TO_1_2) + memcpy(result + len - sizeof(tls12downgrade), tls12downgrade, + sizeof(tls12downgrade)); + else if (dgrd == DOWNGRADE_TO_1_1) + memcpy(result + len - sizeof(tls11downgrade), tls11downgrade, + sizeof(tls11downgrade)); + } + + return ret; } int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, int free_pms) { unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; + int ret = 0; + if (alg_k & SSL_PSK) { #ifndef OPENSSL_NO_PSK unsigned char *pskpms, *t; @@ -3979,10 +4624,8 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, pskpmslen = 4 + pmslen + psklen; pskpms = OPENSSL_malloc(pskpmslen); - if (pskpms == NULL) { - s->session->master_key_length = 0; + if (pskpms == NULL) goto err; - } t = pskpms; s2n(pmslen, t); if (alg_k & SSL_kPSK) @@ -3995,23 +4638,28 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, OPENSSL_clear_free(s->s3->tmp.psk, psklen); s->s3->tmp.psk = NULL; - s->session->master_key_length = - s->method->ssl3_enc->generate_master_secret(s, - s->session->master_key, - pskpms, pskpmslen); + if (!s->method->ssl3_enc->generate_master_secret(s, + s->session->master_key,pskpms, pskpmslen, + &s->session->master_key_length)) { + OPENSSL_clear_free(pskpms, pskpmslen); + /* SSLfatal() already called */ + goto err; + } OPENSSL_clear_free(pskpms, pskpmslen); #else /* Should never happen */ - s->session->master_key_length = 0; goto err; #endif } else { - s->session->master_key_length = - s->method->ssl3_enc->generate_master_secret(s, - s->session->master_key, - pms, pmslen); + if (!s->method->ssl3_enc->generate_master_secret(s, + s->session->master_key, pms, pmslen, + &s->session->master_key_length)) { + /* SSLfatal() already called */ + goto err; + } } + ret = 1; err: if (pms) { if (free_pms) @@ -4021,7 +4669,7 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, } if (s->server == 0) s->s3->tmp.pms = NULL; - return s->session->master_key_length >= 0; + return ret; } /* Generate a private key from parameters */ @@ -4047,29 +4695,80 @@ EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm) return pkey; } #ifndef OPENSSL_NO_EC -/* Generate a private key a curve ID */ -EVP_PKEY *ssl_generate_pkey_curve(int id) +/* Generate a private key from a group ID */ +EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id) { EVP_PKEY_CTX *pctx = NULL; EVP_PKEY *pkey = NULL; - unsigned int curve_flags; - int nid = tls1_ec_curve_id2nid(id, &curve_flags); + const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id); + uint16_t gtype; - if (nid == 0) + if (ginf == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP, + ERR_R_INTERNAL_ERROR); goto err; - if ((curve_flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) { - pctx = EVP_PKEY_CTX_new_id(nid, NULL); - nid = 0; - } else { + } + gtype = ginf->flags & TLS_CURVE_TYPE; + if (gtype == TLS_CURVE_CUSTOM) + pctx = EVP_PKEY_CTX_new_id(ginf->nid, NULL); + else pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL); + if (pctx == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP, + ERR_R_MALLOC_FAILURE); + goto err; + } + if (EVP_PKEY_keygen_init(pctx) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP, + ERR_R_EVP_LIB); + goto err; + } + if (gtype != TLS_CURVE_CUSTOM + && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP, + ERR_R_EVP_LIB); + goto err; } + if (EVP_PKEY_keygen(pctx, &pkey) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP, + ERR_R_EVP_LIB); + EVP_PKEY_free(pkey); + pkey = NULL; + } + + err: + EVP_PKEY_CTX_free(pctx); + return pkey; +} + +/* + * Generate parameters from a group ID + */ +EVP_PKEY *ssl_generate_param_group(uint16_t id) +{ + EVP_PKEY_CTX *pctx = NULL; + EVP_PKEY *pkey = NULL; + const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id); + + if (ginf == NULL) + goto err; + + if ((ginf->flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) { + pkey = EVP_PKEY_new(); + if (pkey != NULL && EVP_PKEY_set_type(pkey, ginf->nid)) + return pkey; + EVP_PKEY_free(pkey); + return NULL; + } + + pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL); if (pctx == NULL) goto err; - if (EVP_PKEY_keygen_init(pctx) <= 0) + if (EVP_PKEY_paramgen_init(pctx) <= 0) goto err; - if (nid != 0 && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid) <= 0) + if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0) goto err; - if (EVP_PKEY_keygen(pctx, &pkey) <= 0) { + if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) { EVP_PKEY_free(pkey); pkey = NULL; } @@ -4080,38 +4779,63 @@ EVP_PKEY *ssl_generate_pkey_curve(int id) } #endif -/* Derive premaster or master secret for ECDH/DH */ -int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey) +/* Derive secrets for ECDH/DH */ +int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret) { int rv = 0; unsigned char *pms = NULL; size_t pmslen = 0; EVP_PKEY_CTX *pctx; - if (privkey == NULL || pubkey == NULL) + if (privkey == NULL || pubkey == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE, + ERR_R_INTERNAL_ERROR); return 0; + } pctx = EVP_PKEY_CTX_new(privkey, NULL); if (EVP_PKEY_derive_init(pctx) <= 0 || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0 || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE, + ERR_R_INTERNAL_ERROR); goto err; } pms = OPENSSL_malloc(pmslen); - if (pms == NULL) + if (pms == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE, + ERR_R_MALLOC_FAILURE); goto err; + } - if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) + if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE, + ERR_R_INTERNAL_ERROR); goto err; + } - if (s->server) { - /* For server generate master secret and discard premaster */ - rv = ssl_generate_master_secret(s, pms, pmslen, 1); - pms = NULL; + if (gensecret) { + /* SSLfatal() called as appropriate in the below functions */ + if (SSL_IS_TLS13(s)) { + /* + * If we are resuming then we already generated the early secret + * when we created the ClientHello, so don't recreate it. + */ + if (!s->hit) + rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL, + 0, + (unsigned char *)&s->early_secret); + else + rv = 1; + + rv = rv && tls13_generate_handshake_secret(s, pms, pmslen); + } else { + rv = ssl_generate_master_secret(s, pms, pmslen, 0); + } } else { - /* For client just save premaster secret */ + /* Save premaster secret */ s->s3->tmp.pms = pms; s->s3->tmp.pmslen = pmslen; pms = NULL; diff --git a/deps/openssl/openssl/ssl/s3_msg.c b/deps/openssl/openssl/ssl/s3_msg.c index 4961cc88da20ad..42382547fb2abb 100644 --- a/deps/openssl/openssl/ssl/s3_msg.c +++ b/deps/openssl/openssl/ssl/s3_msg.c @@ -7,7 +7,6 @@ * https://www.openssl.org/source/license.html */ -#define USE_SOCKETS #include "ssl_locl.h" int ssl3_do_change_cipher_spec(SSL *s) @@ -23,16 +22,16 @@ int ssl3_do_change_cipher_spec(SSL *s) if (s->session == NULL || s->session->master_key_length == 0) { /* might happen if dtls1_read_bytes() calls this */ SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, SSL_R_CCS_RECEIVED_EARLY); - return (0); + return 0; } s->session->cipher = s->s3->tmp.new_cipher; if (!s->method->ssl3_enc->setup_key_block(s)) - return (0); + return 0; } if (!s->method->ssl3_enc->change_cipher_state(s, i)) - return (0); + return 0; return 1; } @@ -40,7 +39,10 @@ int ssl3_do_change_cipher_spec(SSL *s) int ssl3_send_alert(SSL *s, int level, int desc) { /* Map tls/ssl alert value to correct one */ - desc = s->method->ssl3_enc->alert_value(desc); + if (SSL_TREAT_AS_TLS13(s)) + desc = tls13_alert_code(desc); + else + desc = s->method->ssl3_enc->alert_value(desc); if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION) desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have * protocol_version alerts */ @@ -67,22 +69,22 @@ int ssl3_send_alert(SSL *s, int level, int desc) int ssl3_dispatch_alert(SSL *s) { int i, j; - unsigned int alertlen; + size_t alertlen; void (*cb) (const SSL *ssl, int type, int val) = NULL; + size_t written; s->s3->alert_dispatch = 0; alertlen = 2; - i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], &alertlen, 1, 0); + i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], &alertlen, 1, 0, + &written); if (i <= 0) { s->s3->alert_dispatch = 1; } else { /* - * Alert sent to BIO. If it is important, flush it now. If the - * message does not get sent due to non-blocking IO, we will not - * worry too much. + * Alert sent to BIO - now flush. If the message does not get sent due + * to non-blocking IO, we will not worry too much. */ - if (s->s3->send_alert[0] == SSL3_AL_FATAL) - (void)BIO_flush(s->wbio); + (void)BIO_flush(s->wbio); if (s->msg_callback) s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert, @@ -98,5 +100,5 @@ int ssl3_dispatch_alert(SSL *s) cb(s, SSL_CB_WRITE_ALERT, j); } } - return (i); + return i; } diff --git a/deps/openssl/openssl/ssl/ssl_asn1.c b/deps/openssl/openssl/ssl/ssl_asn1.c index 3e9c1c4f2a64a0..b56c5e96c53019 100644 --- a/deps/openssl/openssl/ssl/ssl_asn1.c +++ b/deps/openssl/openssl/ssl/ssl_asn1.c @@ -1,5 +1,6 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005 Nokia. All rights reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,37 +8,10 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - #include #include #include "ssl_locl.h" -#include "internal/asn1t.h" +#include #include typedef struct { @@ -54,7 +28,8 @@ typedef struct { ASN1_OCTET_STRING *session_id_context; int32_t verify_result; ASN1_OCTET_STRING *tlsext_hostname; - int64_t tlsext_tick_lifetime_hint; + uint64_t tlsext_tick_lifetime_hint; + uint32_t tlsext_tick_age_add; ASN1_OCTET_STRING *tlsext_tick; #ifndef OPENSSL_NO_PSK ASN1_OCTET_STRING *psk_identity_hint; @@ -64,6 +39,10 @@ typedef struct { ASN1_OCTET_STRING *srp_username; #endif uint64_t flags; + uint32_t max_early_data; + ASN1_OCTET_STRING *alpn_selected; + uint32_t tlsext_max_fragment_len_mode; + ASN1_OCTET_STRING *ticket_appdata; } SSL_SESSION_ASN1; ASN1_SEQUENCE(SSL_SESSION_ASN1) = { @@ -89,7 +68,12 @@ ASN1_SEQUENCE(SSL_SESSION_ASN1) = { #ifndef OPENSSL_NO_SRP ASN1_EXP_OPT(SSL_SESSION_ASN1, srp_username, ASN1_OCTET_STRING, 12), #endif - ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, flags, ZUINT64, 13) + ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, flags, ZUINT64, 13), + ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_tick_age_add, ZUINT32, 14), + ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, max_early_data, ZUINT32, 15), + ASN1_EXP_OPT(SSL_SESSION_ASN1, alpn_selected, ASN1_OCTET_STRING, 16), + ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_max_fragment_len_mode, ZUINT32, 17), + ASN1_EXP_OPT(SSL_SESSION_ASN1, ticket_appdata, ASN1_OCTET_STRING, 18) } static_ASN1_SEQUENCE_END(SSL_SESSION_ASN1) IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(SSL_SESSION_ASN1) @@ -102,7 +86,7 @@ static void ssl_session_oinit(ASN1_OCTET_STRING **dest, ASN1_OCTET_STRING *os, unsigned char *data, size_t len) { os->data = data; - os->length = len; + os->length = (int)len; os->flags = 0; *dest = os; } @@ -130,16 +114,15 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) ASN1_OCTET_STRING comp_id; unsigned char comp_id_data; #endif - ASN1_OCTET_STRING tlsext_hostname, tlsext_tick; - #ifndef OPENSSL_NO_SRP ASN1_OCTET_STRING srp_username; #endif - #ifndef OPENSSL_NO_PSK ASN1_OCTET_STRING psk_identity, psk_identity_hint; #endif + ASN1_OCTET_STRING alpn_selected; + ASN1_OCTET_STRING ticket_appdata; long l; @@ -183,13 +166,14 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) as.peer = in->peer; ssl_session_sinit(&as.tlsext_hostname, &tlsext_hostname, - in->tlsext_hostname); - if (in->tlsext_tick) { + in->ext.hostname); + if (in->ext.tick) { ssl_session_oinit(&as.tlsext_tick, &tlsext_tick, - in->tlsext_tick, in->tlsext_ticklen); + in->ext.tick, in->ext.ticklen); } - if (in->tlsext_tick_lifetime_hint > 0) - as.tlsext_tick_lifetime_hint = in->tlsext_tick_lifetime_hint; + if (in->ext.tick_lifetime_hint > 0) + as.tlsext_tick_lifetime_hint = in->ext.tick_lifetime_hint; + as.tlsext_tick_age_add = in->ext.tick_age_add; #ifndef OPENSSL_NO_PSK ssl_session_sinit(&as.psk_identity_hint, &psk_identity_hint, in->psk_identity_hint); @@ -200,6 +184,21 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) #endif /* OPENSSL_NO_SRP */ as.flags = in->flags; + as.max_early_data = in->ext.max_early_data; + + if (in->ext.alpn_selected == NULL) + as.alpn_selected = NULL; + else + ssl_session_oinit(&as.alpn_selected, &alpn_selected, + in->ext.alpn_selected, in->ext.alpn_selected_len); + + as.tlsext_max_fragment_len_mode = in->ext.max_fragment_len_mode; + + if (in->ticket_appdata == NULL) + as.ticket_appdata = NULL; + else + ssl_session_oinit(&as.ticket_appdata, &ticket_appdata, + in->ticket_appdata, in->ticket_appdata_len); return i2d_SSL_SESSION_ASN1(&as, pp); @@ -223,14 +222,14 @@ static int ssl_session_strndup(char **pdst, ASN1_OCTET_STRING *src) /* Copy an OCTET STRING, return error if it exceeds maximum length */ -static int ssl_session_memcpy(unsigned char *dst, unsigned int *pdstlen, - ASN1_OCTET_STRING *src, int maxlen) +static int ssl_session_memcpy(unsigned char *dst, size_t *pdstlen, + ASN1_OCTET_STRING *src, size_t maxlen) { if (src == NULL) { *pdstlen = 0; return 1; } - if (src->length > maxlen) + if (src->length < 0 || src->length > (int)maxlen) return 0; memcpy(dst, src->data, src->length); *pdstlen = src->length; @@ -241,7 +240,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length) { long id; - unsigned int tmpl; + size_t tmpl; const unsigned char *p = *pp; SSL_SESSION_ASN1 *as = NULL; SSL_SESSION *ret = NULL; @@ -281,26 +280,28 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, id = 0x03000000L | ((unsigned long)as->cipher->data[0] << 8L) | (unsigned long)as->cipher->data[1]; - ret->cipher = NULL; ret->cipher_id = id; + ret->cipher = ssl3_get_cipher_by_id(id); + if (ret->cipher == NULL) + goto err; if (!ssl_session_memcpy(ret->session_id, &ret->session_id_length, as->session_id, SSL3_MAX_SSL_SESSION_ID_LENGTH)) goto err; if (!ssl_session_memcpy(ret->master_key, &tmpl, - as->master_key, SSL_MAX_MASTER_KEY_LENGTH)) + as->master_key, TLS13_MAX_RESUMPTION_PSK_LENGTH)) goto err; ret->master_key_length = tmpl; if (as->time != 0) - ret->time = as->time; + ret->time = (long)as->time; else - ret->time = (unsigned long)time(NULL); + ret->time = (long)time(NULL); if (as->timeout != 0) - ret->timeout = as->timeout; + ret->timeout = (long)as->timeout; else ret->timeout = 3; @@ -315,7 +316,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, /* NB: this defaults to zero which is X509_V_OK */ ret->verify_result = as->verify_result; - if (!ssl_session_strndup(&ret->tlsext_hostname, as->tlsext_hostname)) + if (!ssl_session_strndup(&ret->ext.hostname, as->tlsext_hostname)) goto err; #ifndef OPENSSL_NO_PSK @@ -325,13 +326,15 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, goto err; #endif - ret->tlsext_tick_lifetime_hint = as->tlsext_tick_lifetime_hint; - if (as->tlsext_tick) { - ret->tlsext_tick = as->tlsext_tick->data; - ret->tlsext_ticklen = as->tlsext_tick->length; + ret->ext.tick_lifetime_hint = (unsigned long)as->tlsext_tick_lifetime_hint; + ret->ext.tick_age_add = as->tlsext_tick_age_add; + OPENSSL_free(ret->ext.tick); + if (as->tlsext_tick != NULL) { + ret->ext.tick = as->tlsext_tick->data; + ret->ext.ticklen = as->tlsext_tick->length; as->tlsext_tick->data = NULL; } else { - ret->tlsext_tick = NULL; + ret->ext.tick = NULL; } #ifndef OPENSSL_NO_COMP if (as->comp_id) { @@ -350,7 +353,30 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, goto err; #endif /* OPENSSL_NO_SRP */ /* Flags defaults to zero which is fine */ - ret->flags = as->flags; + ret->flags = (int32_t)as->flags; + ret->ext.max_early_data = as->max_early_data; + + OPENSSL_free(ret->ext.alpn_selected); + if (as->alpn_selected != NULL) { + ret->ext.alpn_selected = as->alpn_selected->data; + ret->ext.alpn_selected_len = as->alpn_selected->length; + as->alpn_selected->data = NULL; + } else { + ret->ext.alpn_selected = NULL; + ret->ext.alpn_selected_len = 0; + } + + ret->ext.max_fragment_len_mode = as->tlsext_max_fragment_len_mode; + + OPENSSL_free(ret->ticket_appdata); + if (as->ticket_appdata != NULL) { + ret->ticket_appdata = as->ticket_appdata->data; + ret->ticket_appdata_len = as->ticket_appdata->length; + as->ticket_appdata->data = NULL; + } else { + ret->ticket_appdata = NULL; + ret->ticket_appdata_len = 0; + } M_ASN1_free_of(as, SSL_SESSION_ASN1); diff --git a/deps/openssl/openssl/ssl/ssl_cert.c b/deps/openssl/openssl/ssl/ssl_cert.c index deaaeb0936e8d4..33145078963d95 100644 --- a/deps/openssl/openssl/ssl/ssl_cert.c +++ b/deps/openssl/openssl/ssl/ssl_cert.c @@ -1,5 +1,6 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,25 +8,20 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECC cipher suite support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ - #include #include -#include "e_os.h" +#include "internal/nelem.h" #include "internal/o_dir.h" -#include #include #include #include #include #include #include +#include "internal/refcount.h" #include "ssl_locl.h" +#include "ssl_cert_table.h" #include "internal/thread_once.h" static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx, @@ -60,7 +56,7 @@ CERT *ssl_cert_new(void) return NULL; } - ret->key = &(ret->pkeys[SSL_PKEY_RSA_ENC]); + ret->key = &(ret->pkeys[SSL_PKEY_RSA]); ret->references = 1; ret->sec_cb = ssl_security_default_callback; ret->sec_level = OPENSSL_TLS_SECURITY_LEVEL; @@ -138,32 +134,34 @@ CERT *ssl_cert_dup(CERT *cert) /* Configured sigalgs copied across */ if (cert->conf_sigalgs) { - ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen); + ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen + * sizeof(*cert->conf_sigalgs)); if (ret->conf_sigalgs == NULL) goto err; - memcpy(ret->conf_sigalgs, cert->conf_sigalgs, cert->conf_sigalgslen); + memcpy(ret->conf_sigalgs, cert->conf_sigalgs, + cert->conf_sigalgslen * sizeof(*cert->conf_sigalgs)); ret->conf_sigalgslen = cert->conf_sigalgslen; } else ret->conf_sigalgs = NULL; if (cert->client_sigalgs) { - ret->client_sigalgs = OPENSSL_malloc(cert->client_sigalgslen); + ret->client_sigalgs = OPENSSL_malloc(cert->client_sigalgslen + * sizeof(*cert->client_sigalgs)); if (ret->client_sigalgs == NULL) goto err; memcpy(ret->client_sigalgs, cert->client_sigalgs, - cert->client_sigalgslen); + cert->client_sigalgslen * sizeof(*cert->client_sigalgs)); ret->client_sigalgslen = cert->client_sigalgslen; } else ret->client_sigalgs = NULL; /* Shared sigalgs also NULL */ ret->shared_sigalgs = NULL; /* Copy any custom client certificate types */ - if (cert->ctypes) { - ret->ctypes = OPENSSL_malloc(cert->ctype_num); - if (ret->ctypes == NULL) + if (cert->ctype) { + ret->ctype = OPENSSL_memdup(cert->ctype, cert->ctype_len); + if (ret->ctype == NULL) goto err; - memcpy(ret->ctypes, cert->ctypes, cert->ctype_num); - ret->ctype_num = cert->ctype_num; + ret->ctype_len = cert->ctype_len; } ret->cert_flags = cert->cert_flags; @@ -185,9 +183,7 @@ CERT *ssl_cert_dup(CERT *cert) ret->sec_level = cert->sec_level; ret->sec_ex = cert->sec_ex; - if (!custom_exts_copy(&ret->cli_ext, &cert->cli_ext)) - goto err; - if (!custom_exts_copy(&ret->srv_ext, &cert->srv_ext)) + if (!custom_exts_copy(&ret->custext, &cert->custext)) goto err; #ifndef OPENSSL_NO_PSK if (cert->psk_identity_hint) { @@ -231,8 +227,7 @@ void ssl_cert_free(CERT *c) if (c == NULL) return; - - CRYPTO_atomic_add(&c->references, -1, &i, c->lock); + CRYPTO_DOWN_REF(&c->references, &i, c->lock); REF_PRINT_COUNT("CERT", c); if (i > 0) return; @@ -246,11 +241,10 @@ void ssl_cert_free(CERT *c) OPENSSL_free(c->conf_sigalgs); OPENSSL_free(c->client_sigalgs); OPENSSL_free(c->shared_sigalgs); - OPENSSL_free(c->ctypes); + OPENSSL_free(c->ctype); X509_STORE_free(c->verify_store); X509_STORE_free(c->chain_store); - custom_exts_free(&c->cli_ext); - custom_exts_free(&c->srv_ext); + custom_exts_free(&c->custext); #ifndef OPENSSL_NO_PSK OPENSSL_free(c->psk_identity_hint); #endif @@ -454,102 +448,155 @@ int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) return i; } -static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list, - STACK_OF(X509_NAME) *name_list) +static void set0_CA_list(STACK_OF(X509_NAME) **ca_list, + STACK_OF(X509_NAME) *name_list) { sk_X509_NAME_pop_free(*ca_list, X509_NAME_free); *ca_list = name_list; } -STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk) +STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk) { int i; + const int num = sk_X509_NAME_num(sk); STACK_OF(X509_NAME) *ret; X509_NAME *name; - ret = sk_X509_NAME_new_null(); + ret = sk_X509_NAME_new_reserve(NULL, num); if (ret == NULL) { SSLerr(SSL_F_SSL_DUP_CA_LIST, ERR_R_MALLOC_FAILURE); return NULL; } - for (i = 0; i < sk_X509_NAME_num(sk); i++) { + for (i = 0; i < num; i++) { name = X509_NAME_dup(sk_X509_NAME_value(sk, i)); - if (name == NULL || !sk_X509_NAME_push(ret, name)) { + if (name == NULL) { + SSLerr(SSL_F_SSL_DUP_CA_LIST, ERR_R_MALLOC_FAILURE); sk_X509_NAME_pop_free(ret, X509_NAME_free); - X509_NAME_free(name); return NULL; } + sk_X509_NAME_push(ret, name); /* Cannot fail after reserve call */ } - return (ret); + return ret; } -void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list) +void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list) +{ + set0_CA_list(&s->ca_names, name_list); +} + +void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list) +{ + set0_CA_list(&ctx->ca_names, name_list); +} + +const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx) { - set_client_CA_list(&(s->client_CA), name_list); + return ctx->ca_names; +} + +const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s) +{ + return s->ca_names != NULL ? s->ca_names : s->ctx->ca_names; } void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list) { - set_client_CA_list(&(ctx->client_CA), name_list); + set0_CA_list(&ctx->client_ca_names, name_list); } STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx) { - return (ctx->client_CA); + return ctx->client_ca_names; +} + +void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list) +{ + set0_CA_list(&s->client_ca_names, name_list); +} + +const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s) +{ + return s->s3 != NULL ? s->s3->tmp.peer_ca_names : NULL; } STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s) { - if (!s->server) { /* we are in the client */ - if (((s->version >> 8) == SSL3_VERSION_MAJOR) && (s->s3 != NULL)) - return (s->s3->tmp.ca_names); - else - return (NULL); - } else { - if (s->client_CA != NULL) - return (s->client_CA); - else - return (s->ctx->client_CA); - } + if (!s->server) + return s->s3 != NULL ? s->s3->tmp.peer_ca_names : NULL; + return s->client_ca_names != NULL ? s->client_ca_names + : s->ctx->client_ca_names; } -static int add_client_CA(STACK_OF(X509_NAME) **sk, X509 *x) +static int add_ca_name(STACK_OF(X509_NAME) **sk, const X509 *x) { X509_NAME *name; if (x == NULL) - return (0); - if ((*sk == NULL) && ((*sk = sk_X509_NAME_new_null()) == NULL)) - return (0); + return 0; + if (*sk == NULL && ((*sk = sk_X509_NAME_new_null()) == NULL)) + return 0; if ((name = X509_NAME_dup(X509_get_subject_name(x))) == NULL) - return (0); + return 0; if (!sk_X509_NAME_push(*sk, name)) { X509_NAME_free(name); - return (0); + return 0; } - return (1); + return 1; +} + +int SSL_add1_to_CA_list(SSL *ssl, const X509 *x) +{ + return add_ca_name(&ssl->ca_names, x); +} + +int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x) +{ + return add_ca_name(&ctx->ca_names, x); } +/* + * The following two are older names are to be replaced with + * SSL(_CTX)_add1_to_CA_list + */ int SSL_add_client_CA(SSL *ssl, X509 *x) { - return (add_client_CA(&(ssl->client_CA), x)); + return add_ca_name(&ssl->client_ca_names, x); } int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) { - return (add_client_CA(&(ctx->client_CA), x)); + return add_ca_name(&ctx->client_ca_names, x); } -static int xname_sk_cmp(const X509_NAME *const *a, const X509_NAME *const *b) +static int xname_cmp(const X509_NAME *a, const X509_NAME *b) { - return (X509_NAME_cmp(*a, *b)); + unsigned char *abuf = NULL, *bbuf = NULL; + int alen, blen, ret; + + /* X509_NAME_cmp() itself casts away constness in this way, so + * assume it's safe: + */ + alen = i2d_X509_NAME((X509_NAME *)a, &abuf); + blen = i2d_X509_NAME((X509_NAME *)b, &bbuf); + + if (alen < 0 || blen < 0) + ret = -2; + else if (alen != blen) + ret = alen - blen; + else /* alen == blen */ + ret = memcmp(abuf, bbuf, alen); + + OPENSSL_free(abuf); + OPENSSL_free(bbuf); + + return ret; } -static int xname_cmp(const X509_NAME *a, const X509_NAME *b) +static int xname_sk_cmp(const X509_NAME *const *a, const X509_NAME *const *b) { - return X509_NAME_cmp(a, b); + return xname_cmp(*a, *b); } static unsigned long xname_hash(const X509_NAME *a) @@ -619,7 +666,7 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) lh_X509_NAME_free(name_hash); if (ret != NULL) ERR_clear_error(); - return (ret); + return ret; } /** @@ -737,128 +784,6 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, return ret; } -/* Add a certificate to a BUF_MEM structure */ - -static int ssl_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x) -{ - int n; - unsigned char *p; - - n = i2d_X509(x, NULL); - if (n < 0 || !BUF_MEM_grow_clean(buf, (int)(n + (*l) + 3))) { - SSLerr(SSL_F_SSL_ADD_CERT_TO_BUF, ERR_R_BUF_LIB); - return 0; - } - p = (unsigned char *)&(buf->data[*l]); - l2n3(n, p); - n = i2d_X509(x, &p); - if (n < 0) { - /* Shouldn't happen */ - SSLerr(SSL_F_SSL_ADD_CERT_TO_BUF, ERR_R_BUF_LIB); - return 0; - } - *l += n + 3; - - return 1; -} - -/* Add certificate chain to internal SSL BUF_MEM structure */ -int ssl_add_cert_chain(SSL *s, CERT_PKEY *cpk, unsigned long *l) -{ - BUF_MEM *buf = s->init_buf; - int i, chain_count; - X509 *x; - STACK_OF(X509) *extra_certs; - STACK_OF(X509) *chain = NULL; - X509_STORE *chain_store; - - /* TLSv1 sends a chain with nothing in it, instead of an alert */ - if (!BUF_MEM_grow_clean(buf, 10)) { - SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, ERR_R_BUF_LIB); - return 0; - } - - if (!cpk || !cpk->x509) - return 1; - - x = cpk->x509; - - /* - * If we have a certificate specific chain use it, else use parent ctx. - */ - if (cpk->chain) - extra_certs = cpk->chain; - else - extra_certs = s->ctx->extra_certs; - - if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || extra_certs) - chain_store = NULL; - else if (s->cert->chain_store) - chain_store = s->cert->chain_store; - else - chain_store = s->ctx->cert_store; - - if (chain_store) { - X509_STORE_CTX *xs_ctx = X509_STORE_CTX_new(); - - if (xs_ctx == NULL) { - SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, ERR_R_MALLOC_FAILURE); - return (0); - } - if (!X509_STORE_CTX_init(xs_ctx, chain_store, x, NULL)) { - X509_STORE_CTX_free(xs_ctx); - SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, ERR_R_X509_LIB); - return (0); - } - /* - * It is valid for the chain not to be complete (because normally we - * don't include the root cert in the chain). Therefore we deliberately - * ignore the error return from this call. We're not actually verifying - * the cert - we're just building as much of the chain as we can - */ - (void)X509_verify_cert(xs_ctx); - /* Don't leave errors in the queue */ - ERR_clear_error(); - chain = X509_STORE_CTX_get0_chain(xs_ctx); - i = ssl_security_cert_chain(s, chain, NULL, 0); - if (i != 1) { -#if 0 - /* Dummy error calls so mkerr generates them */ - SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, SSL_R_EE_KEY_TOO_SMALL); - SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, SSL_R_CA_KEY_TOO_SMALL); - SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, SSL_R_CA_MD_TOO_WEAK); -#endif - X509_STORE_CTX_free(xs_ctx); - SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, i); - return 0; - } - chain_count = sk_X509_num(chain); - for (i = 0; i < chain_count; i++) { - x = sk_X509_value(chain, i); - - if (!ssl_add_cert_to_buf(buf, l, x)) { - X509_STORE_CTX_free(xs_ctx); - return 0; - } - } - X509_STORE_CTX_free(xs_ctx); - } else { - i = ssl_security_cert_chain(s, extra_certs, x, 0); - if (i != 1) { - SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, i); - return 0; - } - if (!ssl_add_cert_to_buf(buf, l, x)) - return 0; - for (i = 0; i < sk_X509_num(extra_certs); i++) { - x = sk_X509_value(extra_certs, i); - if (!ssl_add_cert_to_buf(buf, l, x)) - return 0; - } - } - return 1; -} - /* Build a certificate chain for current certificate */ int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags) { @@ -869,7 +794,6 @@ int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags) STACK_OF(X509) *chain = NULL, *untrusted = NULL; X509 *x; int i, rv = 0; - unsigned long error; if (!cpk->x509) { SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, SSL_R_NO_CERTIFICATE_SET); @@ -882,22 +806,12 @@ int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags) goto err; for (i = 0; i < sk_X509_num(cpk->chain); i++) { x = sk_X509_value(cpk->chain, i); - if (!X509_STORE_add_cert(chain_store, x)) { - error = ERR_peek_last_error(); - if (ERR_GET_LIB(error) != ERR_LIB_X509 || - ERR_GET_REASON(error) != X509_R_CERT_ALREADY_IN_HASH_TABLE) - goto err; - ERR_clear_error(); - } - } - /* Add EE cert too: it might be self signed */ - if (!X509_STORE_add_cert(chain_store, cpk->x509)) { - error = ERR_peek_last_error(); - if (ERR_GET_LIB(error) != ERR_LIB_X509 || - ERR_GET_REASON(error) != X509_R_CERT_ALREADY_IN_HASH_TABLE) + if (!X509_STORE_add_cert(chain_store, x)) goto err; - ERR_clear_error(); } + /* Add EE cert too: it might be self signed */ + if (!X509_STORE_add_cert(chain_store, cpk->x509)) + goto err; } else { if (c->chain_store) chain_store = c->chain_store; @@ -1038,7 +952,8 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx, if (level >= 2 && c->algorithm_enc == SSL_RC4) return 0; /* Level 3: forward secure ciphersuites only */ - if (level >= 3 && !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH))) + if (level >= 3 && c->min_tls != TLS1_3_VERSION && + !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH))) return 0; break; } @@ -1085,3 +1000,41 @@ int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, void *other) return ctx->cert->sec_cb(NULL, ctx, op, bits, nid, other, ctx->cert->sec_ex); } + +int ssl_cert_lookup_by_nid(int nid, size_t *pidx) +{ + size_t i; + + for (i = 0; i < OSSL_NELEM(ssl_cert_info); i++) { + if (ssl_cert_info[i].nid == nid) { + *pidx = i; + return 1; + } + } + + return 0; +} + +const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk, size_t *pidx) +{ + int nid = EVP_PKEY_id(pk); + size_t tmpidx; + + if (nid == NID_undef) + return NULL; + + if (!ssl_cert_lookup_by_nid(nid, &tmpidx)) + return NULL; + + if (pidx != NULL) + *pidx = tmpidx; + + return &ssl_cert_info[tmpidx]; +} + +const SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx) +{ + if (idx >= OSSL_NELEM(ssl_cert_info)) + return NULL; + return &ssl_cert_info[idx]; +} diff --git a/deps/openssl/openssl/ssl/ssl_cert_table.h b/deps/openssl/openssl/ssl/ssl_cert_table.h new file mode 100644 index 00000000000000..0c47241c02b8f7 --- /dev/null +++ b/deps/openssl/openssl/ssl/ssl_cert_table.h @@ -0,0 +1,23 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Certificate table information. NB: table entries must match SSL_PKEY indices + */ +static const SSL_CERT_LOOKUP ssl_cert_info [] = { + {EVP_PKEY_RSA, SSL_aRSA}, /* SSL_PKEY_RSA */ + {EVP_PKEY_RSA_PSS, SSL_aRSA}, /* SSL_PKEY_RSA_PSS_SIGN */ + {EVP_PKEY_DSA, SSL_aDSS}, /* SSL_PKEY_DSA_SIGN */ + {EVP_PKEY_EC, SSL_aECDSA}, /* SSL_PKEY_ECC */ + {NID_id_GostR3410_2001, SSL_aGOST01}, /* SSL_PKEY_GOST01 */ + {NID_id_GostR3410_2012_256, SSL_aGOST12}, /* SSL_PKEY_GOST12_256 */ + {NID_id_GostR3410_2012_512, SSL_aGOST12}, /* SSL_PKEY_GOST12_512 */ + {EVP_PKEY_ED25519, SSL_aECDSA}, /* SSL_PKEY_ED25519 */ + {EVP_PKEY_ED448, SSL_aECDSA} /* SSL_PKEY_ED448 */ +}; diff --git a/deps/openssl/openssl/ssl/ssl_ciph.c b/deps/openssl/openssl/ssl/ssl_ciph.c index b8da9821058509..14066d0ea45198 100644 --- a/deps/openssl/openssl/ssl/ssl_ciph.c +++ b/deps/openssl/openssl/ssl/ssl_ciph.c @@ -1,5 +1,7 @@ /* * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * Copyright 2005 Nokia. All rights reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,46 +9,17 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECC cipher suite support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - #include #include #include #include #include #include +#include +#include "internal/nelem.h" #include "ssl_locl.h" #include "internal/thread_once.h" +#include "internal/cryptlib.h" #define SSL_ENC_DES_IDX 0 #define SSL_ENC_3DES_IDX 1 @@ -68,7 +41,9 @@ #define SSL_ENC_AES256CCM8_IDX 17 #define SSL_ENC_GOST8912_IDX 18 #define SSL_ENC_CHACHA_IDX 19 -#define SSL_ENC_NUM_IDX 20 +#define SSL_ENC_ARIA128GCM_IDX 20 +#define SSL_ENC_ARIA256GCM_IDX 21 +#define SSL_ENC_NUM_IDX 22 /* NB: make sure indices in these tables match values above */ @@ -97,8 +72,10 @@ static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = { {SSL_AES256CCM, NID_aes_256_ccm}, /* SSL_ENC_AES256CCM_IDX 15 */ {SSL_AES128CCM8, NID_aes_128_ccm}, /* SSL_ENC_AES128CCM8_IDX 16 */ {SSL_AES256CCM8, NID_aes_256_ccm}, /* SSL_ENC_AES256CCM8_IDX 17 */ - {SSL_eGOST2814789CNT12, NID_gost89_cnt_12}, /* SSL_ENC_GOST8912_IDX */ - {SSL_CHACHA20POLY1305, NID_chacha20_poly1305}, + {SSL_eGOST2814789CNT12, NID_gost89_cnt_12}, /* SSL_ENC_GOST8912_IDX 18 */ + {SSL_CHACHA20POLY1305, NID_chacha20_poly1305}, /* SSL_ENC_CHACHA_IDX 19 */ + {SSL_ARIA128GCM, NID_aria_128_gcm}, /* SSL_ENC_ARIA128GCM_IDX 20 */ + {SSL_ARIA256GCM, NID_aria_256_gcm}, /* SSL_ENC_ARIA256GCM_IDX 21 */ }; static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]; @@ -150,7 +127,8 @@ static const ssl_cipher_table ssl_cipher_table_kx[] = { {SSL_kRSAPSK, NID_kx_rsa_psk}, {SSL_kPSK, NID_kx_psk}, {SSL_kSRP, NID_kx_srp}, - {SSL_kGOST, NID_kx_gost} + {SSL_kGOST, NID_kx_gost}, + {SSL_kANY, NID_kx_any} }; static const ssl_cipher_table ssl_cipher_table_auth[] = { @@ -161,7 +139,8 @@ static const ssl_cipher_table ssl_cipher_table_auth[] = { {SSL_aGOST01, NID_auth_gost01}, {SSL_aGOST12, NID_auth_gost12}, {SSL_aSRP, NID_auth_srp}, - {SSL_aNULL, NID_auth_null} + {SSL_aNULL, NID_auth_null}, + {SSL_aANY, NID_auth_any} }; /* *INDENT-ON* */ @@ -172,7 +151,7 @@ static int ssl_cipher_info_find(const ssl_cipher_table * table, size_t i; for (i = 0; i < table_cnt; i++, table++) { if (table->mask == mask) - return i; + return (int)i; } return -1; } @@ -194,7 +173,7 @@ static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = { EVP_PKEY_HMAC, }; -static int ssl_mac_secret_size[SSL_MD_NUM_IDX]; +static size_t ssl_mac_secret_size[SSL_MD_NUM_IDX]; #define CIPHER_ADD 1 #define CIPHER_KILL 2 @@ -216,112 +195,117 @@ typedef struct cipher_order_st { static const SSL_CIPHER cipher_aliases[] = { /* "ALL" doesn't include eNULL (must be specifically enabled) */ - {0, SSL_TXT_ALL, 0, 0, 0, ~SSL_eNULL}, + {0, SSL_TXT_ALL, NULL, 0, 0, 0, ~SSL_eNULL}, /* "COMPLEMENTOFALL" */ - {0, SSL_TXT_CMPALL, 0, 0, 0, SSL_eNULL}, + {0, SSL_TXT_CMPALL, NULL, 0, 0, 0, SSL_eNULL}, /* * "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in * ALL!) */ - {0, SSL_TXT_CMPDEF, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_NOT_DEFAULT}, + {0, SSL_TXT_CMPDEF, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_NOT_DEFAULT}, /* * key exchange aliases (some of those using only a single bit here * combine multiple key exchange algs according to the RFCs, e.g. kDHE * combines DHE_DSS and DHE_RSA) */ - {0, SSL_TXT_kRSA, 0, SSL_kRSA}, + {0, SSL_TXT_kRSA, NULL, 0, SSL_kRSA}, - {0, SSL_TXT_kEDH, 0, SSL_kDHE}, - {0, SSL_TXT_kDHE, 0, SSL_kDHE}, - {0, SSL_TXT_DH, 0, SSL_kDHE}, + {0, SSL_TXT_kEDH, NULL, 0, SSL_kDHE}, + {0, SSL_TXT_kDHE, NULL, 0, SSL_kDHE}, + {0, SSL_TXT_DH, NULL, 0, SSL_kDHE}, - {0, SSL_TXT_kEECDH, 0, SSL_kECDHE}, - {0, SSL_TXT_kECDHE, 0, SSL_kECDHE}, - {0, SSL_TXT_ECDH, 0, SSL_kECDHE}, + {0, SSL_TXT_kEECDH, NULL, 0, SSL_kECDHE}, + {0, SSL_TXT_kECDHE, NULL, 0, SSL_kECDHE}, + {0, SSL_TXT_ECDH, NULL, 0, SSL_kECDHE}, - {0, SSL_TXT_kPSK, 0, SSL_kPSK}, - {0, SSL_TXT_kRSAPSK, 0, SSL_kRSAPSK}, - {0, SSL_TXT_kECDHEPSK, 0, SSL_kECDHEPSK}, - {0, SSL_TXT_kDHEPSK, 0, SSL_kDHEPSK}, - {0, SSL_TXT_kSRP, 0, SSL_kSRP}, - {0, SSL_TXT_kGOST, 0, SSL_kGOST}, + {0, SSL_TXT_kPSK, NULL, 0, SSL_kPSK}, + {0, SSL_TXT_kRSAPSK, NULL, 0, SSL_kRSAPSK}, + {0, SSL_TXT_kECDHEPSK, NULL, 0, SSL_kECDHEPSK}, + {0, SSL_TXT_kDHEPSK, NULL, 0, SSL_kDHEPSK}, + {0, SSL_TXT_kSRP, NULL, 0, SSL_kSRP}, + {0, SSL_TXT_kGOST, NULL, 0, SSL_kGOST}, /* server authentication aliases */ - {0, SSL_TXT_aRSA, 0, 0, SSL_aRSA}, - {0, SSL_TXT_aDSS, 0, 0, SSL_aDSS}, - {0, SSL_TXT_DSS, 0, 0, SSL_aDSS}, - {0, SSL_TXT_aNULL, 0, 0, SSL_aNULL}, - {0, SSL_TXT_aECDSA, 0, 0, SSL_aECDSA}, - {0, SSL_TXT_ECDSA, 0, 0, SSL_aECDSA}, - {0, SSL_TXT_aPSK, 0, 0, SSL_aPSK}, - {0, SSL_TXT_aGOST01, 0, 0, SSL_aGOST01}, - {0, SSL_TXT_aGOST12, 0, 0, SSL_aGOST12}, - {0, SSL_TXT_aGOST, 0, 0, SSL_aGOST01 | SSL_aGOST12}, - {0, SSL_TXT_aSRP, 0, 0, SSL_aSRP}, + {0, SSL_TXT_aRSA, NULL, 0, 0, SSL_aRSA}, + {0, SSL_TXT_aDSS, NULL, 0, 0, SSL_aDSS}, + {0, SSL_TXT_DSS, NULL, 0, 0, SSL_aDSS}, + {0, SSL_TXT_aNULL, NULL, 0, 0, SSL_aNULL}, + {0, SSL_TXT_aECDSA, NULL, 0, 0, SSL_aECDSA}, + {0, SSL_TXT_ECDSA, NULL, 0, 0, SSL_aECDSA}, + {0, SSL_TXT_aPSK, NULL, 0, 0, SSL_aPSK}, + {0, SSL_TXT_aGOST01, NULL, 0, 0, SSL_aGOST01}, + {0, SSL_TXT_aGOST12, NULL, 0, 0, SSL_aGOST12}, + {0, SSL_TXT_aGOST, NULL, 0, 0, SSL_aGOST01 | SSL_aGOST12}, + {0, SSL_TXT_aSRP, NULL, 0, 0, SSL_aSRP}, /* aliases combining key exchange and server authentication */ - {0, SSL_TXT_EDH, 0, SSL_kDHE, ~SSL_aNULL}, - {0, SSL_TXT_DHE, 0, SSL_kDHE, ~SSL_aNULL}, - {0, SSL_TXT_EECDH, 0, SSL_kECDHE, ~SSL_aNULL}, - {0, SSL_TXT_ECDHE, 0, SSL_kECDHE, ~SSL_aNULL}, - {0, SSL_TXT_NULL, 0, 0, 0, SSL_eNULL}, - {0, SSL_TXT_RSA, 0, SSL_kRSA, SSL_aRSA}, - {0, SSL_TXT_ADH, 0, SSL_kDHE, SSL_aNULL}, - {0, SSL_TXT_AECDH, 0, SSL_kECDHE, SSL_aNULL}, - {0, SSL_TXT_PSK, 0, SSL_PSK}, - {0, SSL_TXT_SRP, 0, SSL_kSRP}, + {0, SSL_TXT_EDH, NULL, 0, SSL_kDHE, ~SSL_aNULL}, + {0, SSL_TXT_DHE, NULL, 0, SSL_kDHE, ~SSL_aNULL}, + {0, SSL_TXT_EECDH, NULL, 0, SSL_kECDHE, ~SSL_aNULL}, + {0, SSL_TXT_ECDHE, NULL, 0, SSL_kECDHE, ~SSL_aNULL}, + {0, SSL_TXT_NULL, NULL, 0, 0, 0, SSL_eNULL}, + {0, SSL_TXT_RSA, NULL, 0, SSL_kRSA, SSL_aRSA}, + {0, SSL_TXT_ADH, NULL, 0, SSL_kDHE, SSL_aNULL}, + {0, SSL_TXT_AECDH, NULL, 0, SSL_kECDHE, SSL_aNULL}, + {0, SSL_TXT_PSK, NULL, 0, SSL_PSK}, + {0, SSL_TXT_SRP, NULL, 0, SSL_kSRP}, /* symmetric encryption aliases */ - {0, SSL_TXT_3DES, 0, 0, 0, SSL_3DES}, - {0, SSL_TXT_RC4, 0, 0, 0, SSL_RC4}, - {0, SSL_TXT_RC2, 0, 0, 0, SSL_RC2}, - {0, SSL_TXT_IDEA, 0, 0, 0, SSL_IDEA}, - {0, SSL_TXT_SEED, 0, 0, 0, SSL_SEED}, - {0, SSL_TXT_eNULL, 0, 0, 0, SSL_eNULL}, - {0, SSL_TXT_GOST, 0, 0, 0, SSL_eGOST2814789CNT | SSL_eGOST2814789CNT12}, - {0, SSL_TXT_AES128, 0, 0, 0, + {0, SSL_TXT_3DES, NULL, 0, 0, 0, SSL_3DES}, + {0, SSL_TXT_RC4, NULL, 0, 0, 0, SSL_RC4}, + {0, SSL_TXT_RC2, NULL, 0, 0, 0, SSL_RC2}, + {0, SSL_TXT_IDEA, NULL, 0, 0, 0, SSL_IDEA}, + {0, SSL_TXT_SEED, NULL, 0, 0, 0, SSL_SEED}, + {0, SSL_TXT_eNULL, NULL, 0, 0, 0, SSL_eNULL}, + {0, SSL_TXT_GOST, NULL, 0, 0, 0, SSL_eGOST2814789CNT | SSL_eGOST2814789CNT12}, + {0, SSL_TXT_AES128, NULL, 0, 0, 0, SSL_AES128 | SSL_AES128GCM | SSL_AES128CCM | SSL_AES128CCM8}, - {0, SSL_TXT_AES256, 0, 0, 0, + {0, SSL_TXT_AES256, NULL, 0, 0, 0, SSL_AES256 | SSL_AES256GCM | SSL_AES256CCM | SSL_AES256CCM8}, - {0, SSL_TXT_AES, 0, 0, 0, SSL_AES}, - {0, SSL_TXT_AES_GCM, 0, 0, 0, SSL_AES128GCM | SSL_AES256GCM}, - {0, SSL_TXT_AES_CCM, 0, 0, 0, + {0, SSL_TXT_AES, NULL, 0, 0, 0, SSL_AES}, + {0, SSL_TXT_AES_GCM, NULL, 0, 0, 0, SSL_AES128GCM | SSL_AES256GCM}, + {0, SSL_TXT_AES_CCM, NULL, 0, 0, 0, SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8}, - {0, SSL_TXT_AES_CCM_8, 0, 0, 0, SSL_AES128CCM8 | SSL_AES256CCM8}, - {0, SSL_TXT_CAMELLIA128, 0, 0, 0, SSL_CAMELLIA128}, - {0, SSL_TXT_CAMELLIA256, 0, 0, 0, SSL_CAMELLIA256}, - {0, SSL_TXT_CAMELLIA, 0, 0, 0, SSL_CAMELLIA}, - {0, SSL_TXT_CHACHA20, 0, 0, 0, SSL_CHACHA20}, + {0, SSL_TXT_AES_CCM_8, NULL, 0, 0, 0, SSL_AES128CCM8 | SSL_AES256CCM8}, + {0, SSL_TXT_CAMELLIA128, NULL, 0, 0, 0, SSL_CAMELLIA128}, + {0, SSL_TXT_CAMELLIA256, NULL, 0, 0, 0, SSL_CAMELLIA256}, + {0, SSL_TXT_CAMELLIA, NULL, 0, 0, 0, SSL_CAMELLIA}, + {0, SSL_TXT_CHACHA20, NULL, 0, 0, 0, SSL_CHACHA20}, + + {0, SSL_TXT_ARIA, NULL, 0, 0, 0, SSL_ARIA}, + {0, SSL_TXT_ARIA_GCM, NULL, 0, 0, 0, SSL_ARIA128GCM | SSL_ARIA256GCM}, + {0, SSL_TXT_ARIA128, NULL, 0, 0, 0, SSL_ARIA128GCM}, + {0, SSL_TXT_ARIA256, NULL, 0, 0, 0, SSL_ARIA256GCM}, /* MAC aliases */ - {0, SSL_TXT_MD5, 0, 0, 0, 0, SSL_MD5}, - {0, SSL_TXT_SHA1, 0, 0, 0, 0, SSL_SHA1}, - {0, SSL_TXT_SHA, 0, 0, 0, 0, SSL_SHA1}, - {0, SSL_TXT_GOST94, 0, 0, 0, 0, SSL_GOST94}, - {0, SSL_TXT_GOST89MAC, 0, 0, 0, 0, SSL_GOST89MAC | SSL_GOST89MAC12}, - {0, SSL_TXT_SHA256, 0, 0, 0, 0, SSL_SHA256}, - {0, SSL_TXT_SHA384, 0, 0, 0, 0, SSL_SHA384}, - {0, SSL_TXT_GOST12, 0, 0, 0, 0, SSL_GOST12_256}, + {0, SSL_TXT_MD5, NULL, 0, 0, 0, 0, SSL_MD5}, + {0, SSL_TXT_SHA1, NULL, 0, 0, 0, 0, SSL_SHA1}, + {0, SSL_TXT_SHA, NULL, 0, 0, 0, 0, SSL_SHA1}, + {0, SSL_TXT_GOST94, NULL, 0, 0, 0, 0, SSL_GOST94}, + {0, SSL_TXT_GOST89MAC, NULL, 0, 0, 0, 0, SSL_GOST89MAC | SSL_GOST89MAC12}, + {0, SSL_TXT_SHA256, NULL, 0, 0, 0, 0, SSL_SHA256}, + {0, SSL_TXT_SHA384, NULL, 0, 0, 0, 0, SSL_SHA384}, + {0, SSL_TXT_GOST12, NULL, 0, 0, 0, 0, SSL_GOST12_256}, /* protocol version aliases */ - {0, SSL_TXT_SSLV3, 0, 0, 0, 0, 0, SSL3_VERSION}, - {0, SSL_TXT_TLSV1, 0, 0, 0, 0, 0, TLS1_VERSION}, - {0, "TLSv1.0", 0, 0, 0, 0, 0, TLS1_VERSION}, - {0, SSL_TXT_TLSV1_2, 0, 0, 0, 0, 0, TLS1_2_VERSION}, + {0, SSL_TXT_SSLV3, NULL, 0, 0, 0, 0, 0, SSL3_VERSION}, + {0, SSL_TXT_TLSV1, NULL, 0, 0, 0, 0, 0, TLS1_VERSION}, + {0, "TLSv1.0", NULL, 0, 0, 0, 0, 0, TLS1_VERSION}, + {0, SSL_TXT_TLSV1_2, NULL, 0, 0, 0, 0, 0, TLS1_2_VERSION}, /* strength classes */ - {0, SSL_TXT_LOW, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_LOW}, - {0, SSL_TXT_MEDIUM, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_MEDIUM}, - {0, SSL_TXT_HIGH, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_HIGH}, + {0, SSL_TXT_LOW, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_LOW}, + {0, SSL_TXT_MEDIUM, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_MEDIUM}, + {0, SSL_TXT_HIGH, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_HIGH}, /* FIPS 140-2 approved ciphersuite */ - {0, SSL_TXT_FIPS, 0, 0, 0, ~SSL_eNULL, 0, 0, 0, 0, 0, SSL_FIPS}, + {0, SSL_TXT_FIPS, NULL, 0, 0, 0, ~SSL_eNULL, 0, 0, 0, 0, 0, SSL_FIPS}, /* "EDH-" aliases to "DHE-" labels (for backward compatibility) */ - {0, SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, 0, + {0, SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, NULL, 0, SSL_kDHE, SSL_aDSS, SSL_3DES, SSL_SHA1, 0, 0, 0, 0, SSL_HIGH | SSL_FIPS}, - {0, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, 0, + {0, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, NULL, 0, SSL_kDHE, SSL_aRSA, SSL_3DES, SSL_SHA1, 0, 0, 0, 0, SSL_HIGH | SSL_FIPS}, }; @@ -338,9 +322,8 @@ static int get_optional_pkey_id(const char *pkey_name) int pkey_id = 0; ameth = EVP_PKEY_asn1_find_str(NULL, pkey_name, -1); if (ameth && EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, - ameth) > 0) { + ameth) > 0) return pkey_id; - } return 0; } @@ -369,7 +352,7 @@ static uint32_t disabled_mac_mask; static uint32_t disabled_mkey_mask; static uint32_t disabled_auth_mask; -void ssl_load_ciphers(void) +int ssl_load_ciphers(void) { size_t i; const ssl_cipher_table *t; @@ -386,9 +369,6 @@ void ssl_load_ciphers(void) disabled_enc_mask |= t->mask; } } -#ifdef SSL_FORBID_ENULL - disabled_enc_mask |= SSL_eNULL; -#endif disabled_mac_mask = 0; for (i = 0, t = ssl_cipher_table_mac; i < SSL_MD_NUM_IDX; i++, t++) { const EVP_MD *md = EVP_get_digestbynid(t->nid); @@ -396,13 +376,17 @@ void ssl_load_ciphers(void) if (md == NULL) { disabled_mac_mask |= t->mask; } else { - ssl_mac_secret_size[i] = EVP_MD_size(md); - OPENSSL_assert(ssl_mac_secret_size[i] >= 0); + int tmpsize = EVP_MD_size(md); + if (!ossl_assert(tmpsize >= 0)) + return 0; + ssl_mac_secret_size[i] = tmpsize; } } /* Make sure we can access MD5 and SHA1 */ - OPENSSL_assert(ssl_digest_methods[SSL_MD_MD5_IDX] != NULL); - OPENSSL_assert(ssl_digest_methods[SSL_MD_SHA1_IDX] != NULL); + if (!ossl_assert(ssl_digest_methods[SSL_MD_MD5_IDX] != NULL)) + return 0; + if (!ossl_assert(ssl_digest_methods[SSL_MD_SHA1_IDX] != NULL)) + return 0; disabled_mkey_mask = 0; disabled_auth_mask = 0; @@ -418,7 +402,7 @@ void ssl_load_ciphers(void) disabled_mkey_mask |= SSL_kDHE | SSL_kDHEPSK; #endif #ifdef OPENSSL_NO_EC - disabled_mkey_mask |= SSL_kECDHEPSK; + disabled_mkey_mask |= SSL_kECDHE | SSL_kECDHEPSK; disabled_auth_mask |= SSL_aECDSA; #endif #ifdef OPENSSL_NO_PSK @@ -434,19 +418,17 @@ void ssl_load_ciphers(void) * present, disable appropriate auth and key exchange */ ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac"); - if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) { + if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX] = 32; - } else { + else disabled_mac_mask |= SSL_GOST89MAC; - } ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX] = get_optional_pkey_id("gost-mac-12"); - if (ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX]) { + if (ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX]) ssl_mac_secret_size[SSL_MD_GOST89MAC12_IDX] = 32; - } else { + else disabled_mac_mask |= SSL_GOST89MAC12; - } if (!get_optional_pkey_id("gost2001")) disabled_auth_mask |= SSL_aGOST01 | SSL_aGOST12; @@ -460,6 +442,8 @@ void ssl_load_ciphers(void) if ((disabled_auth_mask & (SSL_aGOST01 | SSL_aGOST12)) == (SSL_aGOST01 | SSL_aGOST12)) disabled_mkey_mask |= SSL_kGOST; + + return 1; } #ifndef OPENSSL_NO_COMP @@ -499,14 +483,14 @@ static int load_builtin_compressions(void) int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, const EVP_MD **md, int *mac_pkey_type, - int *mac_secret_size, SSL_COMP **comp, int use_etm) + size_t *mac_secret_size, SSL_COMP **comp, int use_etm) { int i; const SSL_CIPHER *c; c = s->cipher; if (c == NULL) - return (0); + return 0; if (comp != NULL) { SSL_COMP ctmp; #ifndef OPENSSL_NO_COMP @@ -521,10 +505,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, ctmp.id = s->compress_meth; if (ssl_comp_methods != NULL) { i = sk_SSL_COMP_find(ssl_comp_methods, &ctmp); - if (i >= 0) - *comp = sk_SSL_COMP_value(ssl_comp_methods, i); - else - *comp = NULL; + *comp = sk_SSL_COMP_value(ssl_comp_methods, i); } /* If were only interested in comp then return success */ if ((enc == NULL) && (md == NULL)) @@ -536,9 +517,9 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, i = ssl_cipher_info_lookup(ssl_cipher_table_cipher, c->algorithm_enc); - if (i == -1) + if (i == -1) { *enc = NULL; - else { + } else { if (i == SSL_ENC_NULL_IDX) *enc = EVP_enc_null(); else @@ -574,9 +555,6 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, s->ssl_version < TLS1_VERSION) return 1; - if (FIPS_mode()) - return 1; - if (c->algorithm_enc == SSL_RC4 && c->algorithm_mac == SSL_MD5 && (evp = EVP_get_cipherbyname("RC4-HMAC-MD5"))) @@ -597,9 +575,10 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, c->algorithm_mac == SSL_SHA256 && (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA256"))) *enc = evp, *md = NULL; - return (1); - } else - return (0); + return 1; + } else { + return 0; + } } const EVP_MD *ssl_md(int idx) @@ -684,8 +663,6 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, /* drop those that use any of that is not available */ if (c == NULL || !c->valid) continue; - if (FIPS_mode() && (c->algo_strength & SSL_FIPS)) - continue; if ((c->algorithm_mkey & disabled_mkey) || (c->algorithm_auth & disabled_auth) || (c->algorithm_enc & disabled_enc) || @@ -703,9 +680,6 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, co_list[co_list_num].prev = NULL; co_list[co_list_num].active = 0; co_list_num++; - /* - * if (!sk_push(ca_list,(char *)c)) goto err; - */ } /* @@ -856,6 +830,8 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey, cp->algorithm_enc, cp->algorithm_mac, cp->min_tls, cp->algo_strength); #endif + if (cipher_id != 0 && (cipher_id != cp->id)) + continue; if (alg_mkey && !(alg_mkey & cp->algorithm_mkey)) continue; if (alg_auth && !(alg_auth & cp->algorithm_auth)) @@ -951,7 +927,7 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, number_uses = OPENSSL_zalloc(sizeof(int) * (max_strength_bits + 1)); if (number_uses == NULL) { SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT, ERR_R_MALLOC_FAILURE); - return (0); + return 0; } /* @@ -973,7 +949,7 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, tail_p); OPENSSL_free(number_uses); - return (1); + return 1; } static int ssl_cipher_process_rulestr(const char *rule_str, @@ -990,7 +966,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str, retval = 1; l = rule_str; - for (;;) { + for ( ; ; ) { ch = *l; if (ch == '\0') @@ -1062,8 +1038,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str, if (ch == '+') { multi = 1; l++; - } else + } else { multi = 0; + } /* * Now search for the cipher alias in the ca_list. Be careful @@ -1097,8 +1074,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str, found = 0; break; } - } else + } else { alg_mkey = ca_list[j]->algorithm_mkey; + } } if (ca_list[j]->algorithm_auth) { @@ -1108,8 +1086,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str, found = 0; break; } - } else + } else { alg_auth = ca_list[j]->algorithm_auth; + } } if (ca_list[j]->algorithm_enc) { @@ -1119,8 +1098,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str, found = 0; break; } - } else + } else { alg_enc = ca_list[j]->algorithm_enc; + } } if (ca_list[j]->algorithm_mac) { @@ -1130,8 +1110,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str, found = 0; break; } - } else + } else { alg_mac = ca_list[j]->algorithm_mac; + } } if (ca_list[j]->algo_strength & SSL_STRONG_MASK) { @@ -1143,8 +1124,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str, found = 0; break; } - } else + } else { algo_strength = ca_list[j]->algo_strength & SSL_STRONG_MASK; + } } if (ca_list[j]->algo_strength & SSL_DEFAULT_MASK) { @@ -1156,9 +1138,10 @@ static int ssl_cipher_process_rulestr(const char *rule_str, found = 0; break; } - } else + } else { algo_strength |= ca_list[j]->algo_strength & SSL_DEFAULT_MASK; + } } if (ca_list[j]->valid) { @@ -1193,9 +1176,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str, */ if (rule == CIPHER_SPECIAL) { /* special command */ ok = 0; - if ((buflen == 8) && strncmp(buf, "STRENGTH", 8) == 0) + if ((buflen == 8) && strncmp(buf, "STRENGTH", 8) == 0) { ok = ssl_cipher_strength_sort(head_p, tail_p); - else if (buflen == 10 && strncmp(buf, "SECLEVEL=", 9) == 0) { + } else if (buflen == 10 && strncmp(buf, "SECLEVEL=", 9) == 0) { int level = buf[9] - '0'; if (level < 0 || level > 5) { SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, @@ -1204,8 +1187,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str, c->sec_level = level; ok = 1; } - } else + } else { SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, SSL_R_INVALID_COMMAND); + } if (ok == 0) retval = 0; /* @@ -1229,7 +1213,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str, break; /* done */ } - return (retval); + return retval; } #ifndef OPENSSL_NO_EC @@ -1251,8 +1235,9 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c, if (suiteb_flags) { c->cert_flags &= ~SSL_CERT_FLAG_SUITEB_128_LOS; c->cert_flags |= suiteb_flags; - } else + } else { suiteb_flags = c->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS; + } if (!suiteb_flags) return 1; @@ -1287,14 +1272,141 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c, } #endif -STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK_OF(SSL_CIPHER) - **cipher_list, STACK_OF(SSL_CIPHER) - **cipher_list_by_id, - const char *rule_str, CERT *c) +static int ciphersuite_cb(const char *elem, int len, void *arg) +{ + STACK_OF(SSL_CIPHER) *ciphersuites = (STACK_OF(SSL_CIPHER) *)arg; + const SSL_CIPHER *cipher; + /* Arbitrary sized temp buffer for the cipher name. Should be big enough */ + char name[80]; + + if (len > (int)(sizeof(name) - 1)) { + SSLerr(SSL_F_CIPHERSUITE_CB, SSL_R_NO_CIPHER_MATCH); + return 0; + } + + memcpy(name, elem, len); + name[len] = '\0'; + + cipher = ssl3_get_cipher_by_std_name(name); + if (cipher == NULL) { + SSLerr(SSL_F_CIPHERSUITE_CB, SSL_R_NO_CIPHER_MATCH); + return 0; + } + + if (!sk_SSL_CIPHER_push(ciphersuites, cipher)) { + SSLerr(SSL_F_CIPHERSUITE_CB, ERR_R_INTERNAL_ERROR); + return 0; + } + + return 1; +} + +static __owur int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str) +{ + STACK_OF(SSL_CIPHER) *newciphers = sk_SSL_CIPHER_new_null(); + + if (newciphers == NULL) + return 0; + + /* Parse the list. We explicitly allow an empty list */ + if (*str != '\0' + && !CONF_parse_list(str, ':', 1, ciphersuite_cb, newciphers)) { + sk_SSL_CIPHER_free(newciphers); + return 0; + } + sk_SSL_CIPHER_free(*currciphers); + *currciphers = newciphers; + + return 1; +} + +static int update_cipher_list_by_id(STACK_OF(SSL_CIPHER) **cipher_list_by_id, + STACK_OF(SSL_CIPHER) *cipherstack) +{ + STACK_OF(SSL_CIPHER) *tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack); + + if (tmp_cipher_list == NULL) { + return 0; + } + + sk_SSL_CIPHER_free(*cipher_list_by_id); + *cipher_list_by_id = tmp_cipher_list; + + (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id, ssl_cipher_ptr_id_cmp); + sk_SSL_CIPHER_sort(*cipher_list_by_id); + + return 1; +} + +static int update_cipher_list(STACK_OF(SSL_CIPHER) **cipher_list, + STACK_OF(SSL_CIPHER) **cipher_list_by_id, + STACK_OF(SSL_CIPHER) *tls13_ciphersuites) +{ + int i; + STACK_OF(SSL_CIPHER) *tmp_cipher_list = sk_SSL_CIPHER_dup(*cipher_list); + + if (tmp_cipher_list == NULL) + return 0; + + /* + * Delete any existing TLSv1.3 ciphersuites. These are always first in the + * list. + */ + while (sk_SSL_CIPHER_num(tmp_cipher_list) > 0 + && sk_SSL_CIPHER_value(tmp_cipher_list, 0)->min_tls + == TLS1_3_VERSION) + sk_SSL_CIPHER_delete(tmp_cipher_list, 0); + + /* Insert the new TLSv1.3 ciphersuites */ + for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) + sk_SSL_CIPHER_insert(tmp_cipher_list, + sk_SSL_CIPHER_value(tls13_ciphersuites, i), i); + + if (!update_cipher_list_by_id(cipher_list_by_id, tmp_cipher_list)) + return 0; + + sk_SSL_CIPHER_free(*cipher_list); + *cipher_list = tmp_cipher_list; + + return 1; +} + +int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str) +{ + int ret = set_ciphersuites(&(ctx->tls13_ciphersuites), str); + + if (ret && ctx->cipher_list != NULL) { + /* We already have a cipher_list, so we need to update it */ + return update_cipher_list(&ctx->cipher_list, &ctx->cipher_list_by_id, + ctx->tls13_ciphersuites); + } + + return ret; +} + +int SSL_set_ciphersuites(SSL *s, const char *str) { - int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; + int ret = set_ciphersuites(&(s->tls13_ciphersuites), str); + + if (ret && s->cipher_list != NULL) { + /* We already have a cipher_list, so we need to update it */ + return update_cipher_list(&s->cipher_list, &s->cipher_list_by_id, + s->tls13_ciphersuites); + } + + return ret; +} + +STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, + STACK_OF(SSL_CIPHER) *tls13_ciphersuites, + STACK_OF(SSL_CIPHER) **cipher_list, + STACK_OF(SSL_CIPHER) **cipher_list_by_id, + const char *rule_str, + CERT *c) +{ + int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases, i; uint32_t disabled_mkey, disabled_auth, disabled_enc, disabled_mac; - STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list; + STACK_OF(SSL_CIPHER) *cipherstack; const char *rule_p; CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; const SSL_CIPHER **ca_list = NULL; @@ -1329,7 +1441,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers); if (co_list == NULL) { SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); - return (NULL); /* Failure */ + return NULL; /* Failure */ } ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, @@ -1386,7 +1498,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK ssl_cipher_apply_rule(0, SSL_kPSK, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); - /* RC4 is sort-of broken -- move the the end */ + /* RC4 is sort-of broken -- move to the end */ ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); @@ -1443,7 +1555,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK if (ca_list == NULL) { OPENSSL_free(co_list); SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); - return (NULL); /* Failure */ + return NULL; /* Failure */ } ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, disabled_mkey, disabled_auth, disabled_enc, @@ -1470,7 +1582,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK if (!ok) { /* Rule processing failure */ OPENSSL_free(co_list); - return (NULL); + return NULL; } /* @@ -1479,7 +1591,16 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK */ if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) { OPENSSL_free(co_list); - return (NULL); + return NULL; + } + + /* Add TLSv1.3 ciphers first - we always prefer those if possible */ + for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) { + if (!sk_SSL_CIPHER_push(cipherstack, + sk_SSL_CIPHER_value(tls13_ciphersuites, i))) { + sk_SSL_CIPHER_free(cipherstack); + return NULL; + } } /* @@ -1487,8 +1608,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK * to the resulting precedence to the STACK_OF(SSL_CIPHER). */ for (curr = head; curr != NULL; curr = curr->next) { - if (curr->active - && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS)) { + if (curr->active) { if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) { OPENSSL_free(co_list); sk_SSL_CIPHER_free(cipherstack); @@ -1501,20 +1621,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK } OPENSSL_free(co_list); /* Not needed any longer */ - tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack); - if (tmp_cipher_list == NULL) { + if (!update_cipher_list_by_id(cipher_list_by_id, cipherstack)) { sk_SSL_CIPHER_free(cipherstack); return NULL; } sk_SSL_CIPHER_free(*cipher_list); *cipher_list = cipherstack; - if (*cipher_list_by_id != NULL) - sk_SSL_CIPHER_free(*cipher_list_by_id); - *cipher_list_by_id = tmp_cipher_list; - (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id, ssl_cipher_ptr_id_cmp); - sk_SSL_CIPHER_sort(*cipher_list_by_id); - return (cipherstack); + return cipherstack; } char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) @@ -1526,11 +1640,13 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) if (buf == NULL) { len = 128; - buf = OPENSSL_malloc(len); - if (buf == NULL) + if ((buf = OPENSSL_malloc(len)) == NULL) { + SSLerr(SSL_F_SSL_CIPHER_DESCRIPTION, ERR_R_MALLOC_FAILURE); return NULL; - } else if (len < 128) + } + } else if (len < 128) { return NULL; + } alg_mkey = cipher->algorithm_mkey; alg_auth = cipher->algorithm_auth; @@ -1567,6 +1683,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_kGOST: kx = "GOST"; break; + case SSL_kANY: + kx = "any"; + break; default: kx = "unknown"; } @@ -1593,10 +1712,13 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_aGOST01: au = "GOST01"; break; - /* New GOST ciphersuites have both SSL_aGOST12 and SSL_aGOST01 bits */ + /* New GOST ciphersuites have both SSL_aGOST12 and SSL_aGOST01 bits */ case (SSL_aGOST12 | SSL_aGOST01): au = "GOST12"; break; + case SSL_aANY: + au = "any"; + break; default: au = "unknown"; break; @@ -1651,6 +1773,12 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_CAMELLIA256: enc = "Camellia(256)"; break; + case SSL_ARIA128GCM: + enc = "ARIAGCM(128)"; + break; + case SSL_ARIA256GCM: + enc = "ARIAGCM(256)"; + break; case SSL_SEED: enc = "SEED(128)"; break; @@ -1700,7 +1828,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac); - return (buf); + return buf; } const char *SSL_CIPHER_get_version(const SSL_CIPHER *c) @@ -1721,8 +1849,27 @@ const char *SSL_CIPHER_get_version(const SSL_CIPHER *c) const char *SSL_CIPHER_get_name(const SSL_CIPHER *c) { if (c != NULL) - return (c->name); - return ("(NONE)"); + return c->name; + return "(NONE)"; +} + +/* return the actual cipher being used in RFC standard name */ +const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c) +{ + if (c != NULL) + return c->stdname; + return "(NONE)"; +} + +/* return the OpenSSL name based on given RFC standard name */ +const char *OPENSSL_cipher_name(const char *stdname) +{ + const SSL_CIPHER *c; + + if (stdname == NULL) + return "(NONE)"; + c = ssl3_get_cipher_by_std_name(stdname); + return SSL_CIPHER_get_name(c); } /* number of bits for symmetric cipher */ @@ -1743,20 +1890,25 @@ uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c) return c->id; } +uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c) +{ + return c->id & 0xFFFF; +} + SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n) { SSL_COMP *ctmp; int i, nn; if ((n == 0) || (sk == NULL)) - return (NULL); + return NULL; nn = sk_SSL_COMP_num(sk); for (i = 0; i < nn; i++) { ctmp = sk_SSL_COMP_value(sk, i); if (ctmp->id == n) - return (ctmp); + return ctmp; } - return (NULL); + return NULL; } #ifdef OPENSSL_NO_COMP @@ -1780,7 +1932,7 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) { load_builtin_compressions(); - return (ssl_comp_methods); + return ssl_comp_methods; } STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) @@ -1829,7 +1981,7 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) if (comp == NULL) { CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE); - return (1); + return 1; } comp->id = id; @@ -1840,16 +1992,16 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, SSL_R_DUPLICATE_COMPRESSION_ID); - return (1); + return 1; } if (ssl_comp_methods == NULL || !sk_SSL_COMP_push(ssl_comp_methods, comp)) { OPENSSL_free(comp); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE); - return (1); + return 1; } CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); - return (0); + return 0; } #endif @@ -1880,32 +2032,12 @@ int SSL_COMP_get_id(const SSL_COMP *comp) #endif } -/* For a cipher return the index corresponding to the certificate type */ -int ssl_cipher_get_cert_index(const SSL_CIPHER *c) -{ - uint32_t alg_a; - - alg_a = c->algorithm_auth; - - if (alg_a & SSL_aECDSA) - return SSL_PKEY_ECC; - else if (alg_a & SSL_aDSS) - return SSL_PKEY_DSA_SIGN; - else if (alg_a & SSL_aRSA) - return SSL_PKEY_RSA_ENC; - else if (alg_a & SSL_aGOST12) - return SSL_PKEY_GOST_EC; - else if (alg_a & SSL_aGOST01) - return SSL_PKEY_GOST01; - - return -1; -} - -const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr) +const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr, + int all) { const SSL_CIPHER *c = ssl->method->get_cipher_by_char(ptr); - if (c == NULL || c->valid == 0) + if (c == NULL || (!all && c->valid == 0)) return NULL; return c; } @@ -1953,7 +2085,77 @@ int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c) return ssl_cipher_table_auth[i].nid; } +const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c) +{ + int idx = c->algorithm2 & SSL_HANDSHAKE_MAC_MASK; + + if (idx < 0 || idx >= SSL_MD_NUM_IDX) + return NULL; + return ssl_digest_methods[idx]; +} + int SSL_CIPHER_is_aead(const SSL_CIPHER *c) { return (c->algorithm_mac & SSL_AEAD) ? 1 : 0; } + +int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead, + size_t *int_overhead, size_t *blocksize, + size_t *ext_overhead) +{ + size_t mac = 0, in = 0, blk = 0, out = 0; + + /* Some hard-coded numbers for the CCM/Poly1305 MAC overhead + * because there are no handy #defines for those. */ + if (c->algorithm_enc & (SSL_AESGCM | SSL_ARIAGCM)) { + out = EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN; + } else if (c->algorithm_enc & (SSL_AES128CCM | SSL_AES256CCM)) { + out = EVP_CCM_TLS_EXPLICIT_IV_LEN + 16; + } else if (c->algorithm_enc & (SSL_AES128CCM8 | SSL_AES256CCM8)) { + out = EVP_CCM_TLS_EXPLICIT_IV_LEN + 8; + } else if (c->algorithm_enc & SSL_CHACHA20POLY1305) { + out = 16; + } else if (c->algorithm_mac & SSL_AEAD) { + /* We're supposed to have handled all the AEAD modes above */ + return 0; + } else { + /* Non-AEAD modes. Calculate MAC/cipher overhead separately */ + int digest_nid = SSL_CIPHER_get_digest_nid(c); + const EVP_MD *e_md = EVP_get_digestbynid(digest_nid); + + if (e_md == NULL) + return 0; + + mac = EVP_MD_size(e_md); + if (c->algorithm_enc != SSL_eNULL) { + int cipher_nid = SSL_CIPHER_get_cipher_nid(c); + const EVP_CIPHER *e_ciph = EVP_get_cipherbynid(cipher_nid); + + /* If it wasn't AEAD or SSL_eNULL, we expect it to be a + known CBC cipher. */ + if (e_ciph == NULL || + EVP_CIPHER_mode(e_ciph) != EVP_CIPH_CBC_MODE) + return 0; + + in = 1; /* padding length byte */ + out = EVP_CIPHER_iv_length(e_ciph); + blk = EVP_CIPHER_block_size(e_ciph); + } + } + + *mac_overhead = mac; + *int_overhead = in; + *blocksize = blk; + *ext_overhead = out; + + return 1; +} + +int ssl_cert_is_disabled(size_t idx) +{ + const SSL_CERT_LOOKUP *cl = ssl_cert_lookup_by_idx(idx); + + if (cl == NULL || (cl->amask & disabled_auth_mask) != 0) + return 1; + return 0; +} diff --git a/deps/openssl/openssl/ssl/ssl_conf.c b/deps/openssl/openssl/ssl/ssl_conf.c index 9d9309ac15f305..9c202708d7d9dd 100644 --- a/deps/openssl/openssl/ssl/ssl_conf.c +++ b/deps/openssl/openssl/ssl/ssl_conf.c @@ -12,6 +12,7 @@ #include #include #include +#include "internal/nelem.h" /* * structure holding name tables. This is used for permitted elements in lists @@ -202,17 +203,23 @@ static int cmd_ClientSignatureAlgorithms(SSL_CONF_CTX *cctx, const char *value) return rv > 0; } -static int cmd_Curves(SSL_CONF_CTX *cctx, const char *value) +static int cmd_Groups(SSL_CONF_CTX *cctx, const char *value) { int rv; if (cctx->ssl) - rv = SSL_set1_curves_list(cctx->ssl, value); + rv = SSL_set1_groups_list(cctx->ssl, value); /* NB: ctx == NULL performs syntax checking only */ else - rv = SSL_CTX_set1_curves_list(cctx->ctx, value); + rv = SSL_CTX_set1_groups_list(cctx->ctx, value); return rv > 0; } +/* This is the old name for cmd_Groups - retained for backwards compatibility */ +static int cmd_Curves(SSL_CONF_CTX *cctx, const char *value) +{ + return cmd_Groups(cctx, value); +} + #ifndef OPENSSL_NO_EC /* ECDH temporary parameters */ static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value) @@ -250,6 +257,7 @@ static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value) static int cmd_CipherString(SSL_CONF_CTX *cctx, const char *value) { int rv = 1; + if (cctx->ctx) rv = SSL_CTX_set_cipher_list(cctx->ctx, value); if (cctx->ssl) @@ -257,6 +265,17 @@ static int cmd_CipherString(SSL_CONF_CTX *cctx, const char *value) return rv > 0; } +static int cmd_Ciphersuites(SSL_CONF_CTX *cctx, const char *value) +{ + int rv = 1; + + if (cctx->ctx) + rv = SSL_CTX_set_ciphersuites(cctx->ctx, value); + if (cctx->ssl) + rv = SSL_set_ciphersuites(cctx->ssl, value); + return rv > 0; +} + static int cmd_Protocol(SSL_CONF_CTX *cctx, const char *value) { static const ssl_flag_tbl ssl_protocol_list[] = { @@ -266,6 +285,7 @@ static int cmd_Protocol(SSL_CONF_CTX *cctx, const char *value) SSL_FLAG_TBL_INV("TLSv1", SSL_OP_NO_TLSv1), SSL_FLAG_TBL_INV("TLSv1.1", SSL_OP_NO_TLSv1_1), SSL_FLAG_TBL_INV("TLSv1.2", SSL_OP_NO_TLSv1_2), + SSL_FLAG_TBL_INV("TLSv1.3", SSL_OP_NO_TLSv1_3), SSL_FLAG_TBL_INV("DTLSv1", SSL_OP_NO_DTLSv1), SSL_FLAG_TBL_INV("DTLSv1.2", SSL_OP_NO_DTLSv1_2) }; @@ -291,6 +311,7 @@ static int protocol_from_string(const char *value) {"TLSv1", TLS1_VERSION}, {"TLSv1.1", TLS1_1_VERSION}, {"TLSv1.2", TLS1_2_VERSION}, + {"TLSv1.3", TLS1_3_VERSION}, {"DTLSv1", DTLS1_VERSION}, {"DTLSv1.2", DTLS1_2_VERSION} }; @@ -360,6 +381,10 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value) SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION), SSL_FLAG_TBL_INV("EncryptThenMac", SSL_OP_NO_ENCRYPT_THEN_MAC), SSL_FLAG_TBL("NoRenegotiation", SSL_OP_NO_RENEGOTIATION), + SSL_FLAG_TBL("AllowNoDHEKEX", SSL_OP_ALLOW_NO_DHE_KEX), + SSL_FLAG_TBL("PrioritizeChaCha", SSL_OP_PRIORITIZE_CHACHA), + SSL_FLAG_TBL("MiddleboxCompat", SSL_OP_ENABLE_MIDDLEBOX_COMPAT), + SSL_FLAG_TBL_INV("AntiReplay", SSL_OP_NO_ANTI_REPLAY) }; if (value == NULL) return -3; @@ -375,7 +400,12 @@ static int cmd_VerifyMode(SSL_CONF_CTX *cctx, const char *value) SSL_FLAG_VFY_SRV("Request", SSL_VERIFY_PEER), SSL_FLAG_VFY_SRV("Require", SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT), - SSL_FLAG_VFY_SRV("Once", SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE) + SSL_FLAG_VFY_SRV("Once", SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE), + SSL_FLAG_VFY_SRV("RequestPostHandshake", + SSL_VERIFY_PEER | SSL_VERIFY_POST_HANDSHAKE), + SSL_FLAG_VFY_SRV("RequirePostHandshake", + SSL_VERIFY_PEER | SSL_VERIFY_POST_HANDSHAKE | + SSL_VERIFY_FAIL_IF_NO_PEER_CERT), }; if (value == NULL) return -3; @@ -467,7 +497,7 @@ static int cmd_VerifyCAFile(SSL_CONF_CTX *cctx, const char *value) return do_store(cctx, value, NULL, 1); } -static int cmd_ClientCAFile(SSL_CONF_CTX *cctx, const char *value) +static int cmd_RequestCAFile(SSL_CONF_CTX *cctx, const char *value) { if (cctx->canames == NULL) cctx->canames = sk_X509_NAME_new_null(); @@ -476,7 +506,12 @@ static int cmd_ClientCAFile(SSL_CONF_CTX *cctx, const char *value) return SSL_add_file_cert_subjects_to_stack(cctx->canames, value); } -static int cmd_ClientCAPath(SSL_CONF_CTX *cctx, const char *value) +static int cmd_ClientCAFile(SSL_CONF_CTX *cctx, const char *value) +{ + return cmd_RequestCAFile(cctx, value); +} + +static int cmd_RequestCAPath(SSL_CONF_CTX *cctx, const char *value) { if (cctx->canames == NULL) cctx->canames = sk_X509_NAME_new_null(); @@ -485,6 +520,11 @@ static int cmd_ClientCAPath(SSL_CONF_CTX *cctx, const char *value) return SSL_add_dir_cert_subjects_to_stack(cctx->canames, value); } +static int cmd_ClientCAPath(SSL_CONF_CTX *cctx, const char *value) +{ + return cmd_RequestCAPath(cctx, value); +} + #ifndef OPENSSL_NO_DH static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value) { @@ -512,6 +552,40 @@ static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value) return rv > 0; } #endif + +static int cmd_RecordPadding(SSL_CONF_CTX *cctx, const char *value) +{ + int rv = 0; + int block_size = atoi(value); + + /* + * All we care about is a non-negative value, + * the setters check the range + */ + if (block_size >= 0) { + if (cctx->ctx) + rv = SSL_CTX_set_block_padding(cctx->ctx, block_size); + if (cctx->ssl) + rv = SSL_set_block_padding(cctx->ssl, block_size); + } + return rv; +} + + +static int cmd_NumTickets(SSL_CONF_CTX *cctx, const char *value) +{ + int rv = 0; + int num_tickets = atoi(value); + + if (num_tickets >= 0) { + if (cctx->ctx) + rv = SSL_CTX_set_num_tickets(cctx->ctx, num_tickets); + if (cctx->ssl) + rv = SSL_set_num_tickets(cctx->ssl, num_tickets); + } + return rv; +} + typedef struct { int (*cmd) (SSL_CONF_CTX *cctx, const char *value); const char *str_file; @@ -537,6 +611,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = { SSL_CONF_CMD_SWITCH("no_tls1", 0), SSL_CONF_CMD_SWITCH("no_tls1_1", 0), SSL_CONF_CMD_SWITCH("no_tls1_2", 0), + SSL_CONF_CMD_SWITCH("no_tls1_3", 0), SSL_CONF_CMD_SWITCH("bugs", 0), SSL_CONF_CMD_SWITCH("no_comp", 0), SSL_CONF_CMD_SWITCH("comp", 0), @@ -548,14 +623,21 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = { SSL_CONF_CMD_SWITCH("no_renegotiation", 0), SSL_CONF_CMD_SWITCH("no_resumption_on_reneg", SSL_CONF_FLAG_SERVER), SSL_CONF_CMD_SWITCH("no_legacy_server_connect", SSL_CONF_FLAG_SERVER), + SSL_CONF_CMD_SWITCH("allow_no_dhe_kex", 0), + SSL_CONF_CMD_SWITCH("prioritize_chacha", SSL_CONF_FLAG_SERVER), SSL_CONF_CMD_SWITCH("strict", 0), + SSL_CONF_CMD_SWITCH("no_middlebox", 0), + SSL_CONF_CMD_SWITCH("anti_replay", SSL_CONF_FLAG_SERVER), + SSL_CONF_CMD_SWITCH("no_anti_replay", SSL_CONF_FLAG_SERVER), SSL_CONF_CMD_STRING(SignatureAlgorithms, "sigalgs", 0), SSL_CONF_CMD_STRING(ClientSignatureAlgorithms, "client_sigalgs", 0), SSL_CONF_CMD_STRING(Curves, "curves", 0), + SSL_CONF_CMD_STRING(Groups, "groups", 0), #ifndef OPENSSL_NO_EC SSL_CONF_CMD_STRING(ECDHParameters, "named_curve", SSL_CONF_FLAG_SERVER), #endif SSL_CONF_CMD_STRING(CipherString, "cipher", 0), + SSL_CONF_CMD_STRING(Ciphersuites, "ciphersuites", 0), SSL_CONF_CMD_STRING(Protocol, NULL, 0), SSL_CONF_CMD_STRING(MinProtocol, "min_protocol", 0), SSL_CONF_CMD_STRING(MaxProtocol, "max_protocol", 0), @@ -576,17 +658,23 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = { SSL_CONF_TYPE_DIR), SSL_CONF_CMD(VerifyCAFile, "verifyCAfile", SSL_CONF_FLAG_CERTIFICATE, SSL_CONF_TYPE_FILE), + SSL_CONF_CMD(RequestCAFile, "requestCAFile", SSL_CONF_FLAG_CERTIFICATE, + SSL_CONF_TYPE_FILE), SSL_CONF_CMD(ClientCAFile, NULL, SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE, SSL_CONF_TYPE_FILE), + SSL_CONF_CMD(RequestCAPath, NULL, SSL_CONF_FLAG_CERTIFICATE, + SSL_CONF_TYPE_DIR), SSL_CONF_CMD(ClientCAPath, NULL, SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE, SSL_CONF_TYPE_DIR), #ifndef OPENSSL_NO_DH SSL_CONF_CMD(DHParameters, "dhparam", SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE, - SSL_CONF_TYPE_FILE) + SSL_CONF_TYPE_FILE), #endif + SSL_CONF_CMD_STRING(RecordPadding, "record_padding", 0), + SSL_CONF_CMD_STRING(NumTickets, "num_tickets", SSL_CONF_FLAG_SERVER), }; /* Supported switches: must match order of switches in ssl_conf_cmds */ @@ -595,6 +683,7 @@ static const ssl_switch_tbl ssl_cmd_switches[] = { {SSL_OP_NO_TLSv1, 0}, /* no_tls1 */ {SSL_OP_NO_TLSv1_1, 0}, /* no_tls1_1 */ {SSL_OP_NO_TLSv1_2, 0}, /* no_tls1_2 */ + {SSL_OP_NO_TLSv1_3, 0}, /* no_tls1_3 */ {SSL_OP_ALL, 0}, /* bugs */ {SSL_OP_NO_COMPRESSION, 0}, /* no_comp */ {SSL_OP_NO_COMPRESSION, SSL_TFLAG_INV}, /* comp */ @@ -611,7 +700,17 @@ static const ssl_switch_tbl ssl_cmd_switches[] = { {SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION, 0}, /* no_legacy_server_connect */ {SSL_OP_LEGACY_SERVER_CONNECT, SSL_TFLAG_INV}, + /* allow_no_dhe_kex */ + {SSL_OP_ALLOW_NO_DHE_KEX, 0}, + /* chacha reprioritization */ + {SSL_OP_PRIORITIZE_CHACHA, 0}, {SSL_CERT_FLAG_TLS_STRICT, SSL_TFLAG_CERT}, /* strict */ + /* no_middlebox */ + {SSL_OP_ENABLE_MIDDLEBOX_COMPAT, SSL_TFLAG_INV}, + /* anti_replay */ + {SSL_OP_NO_ANTI_REPLAY, SSL_TFLAG_INV}, + /* no_anti_replay */ + {SSL_OP_NO_ANTI_REPLAY, 0}, }; static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd) @@ -804,9 +903,9 @@ int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx) } if (cctx->canames) { if (cctx->ssl) - SSL_set_client_CA_list(cctx->ssl, cctx->canames); + SSL_set0_CA_list(cctx->ssl, cctx->canames); else if (cctx->ctx) - SSL_CTX_set_client_CA_list(cctx->ctx, cctx->canames); + SSL_CTX_set0_CA_list(cctx->ctx, cctx->canames); else sk_X509_NAME_pop_free(cctx->canames, X509_NAME_free); cctx->canames = NULL; diff --git a/deps/openssl/openssl/ssl/ssl_err.c b/deps/openssl/openssl/ssl/ssl_err.c index 580861eaed8fd0..11331ce41fd3e6 100644 --- a/deps/openssl/openssl/ssl/ssl_err.c +++ b/deps/openssl/openssl/ssl/ssl_err.c @@ -8,669 +8,1256 @@ * https://www.openssl.org/source/license.html */ -#include #include -#include +#include -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -# define ERR_FUNC(func) ERR_PACK(ERR_LIB_SSL,func,0) -# define ERR_REASON(reason) ERR_PACK(ERR_LIB_SSL,0,reason) - -static ERR_STRING_DATA SSL_str_functs[] = { - {ERR_FUNC(SSL_F_CHECK_SUITEB_CIPHER_LIST), "check_suiteb_cipher_list"}, - {ERR_FUNC(SSL_F_CT_MOVE_SCTS), "ct_move_scts"}, - {ERR_FUNC(SSL_F_CT_STRICT), "ct_strict"}, - {ERR_FUNC(SSL_F_D2I_SSL_SESSION), "d2i_SSL_SESSION"}, - {ERR_FUNC(SSL_F_DANE_CTX_ENABLE), "dane_ctx_enable"}, - {ERR_FUNC(SSL_F_DANE_MTYPE_SET), "dane_mtype_set"}, - {ERR_FUNC(SSL_F_DANE_TLSA_ADD), "dane_tlsa_add"}, - {ERR_FUNC(SSL_F_DO_DTLS1_WRITE), "do_dtls1_write"}, - {ERR_FUNC(SSL_F_DO_SSL3_WRITE), "do_ssl3_write"}, - {ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD), "dtls1_buffer_record"}, - {ERR_FUNC(SSL_F_DTLS1_CHECK_TIMEOUT_NUM), "dtls1_check_timeout_num"}, - {ERR_FUNC(SSL_F_DTLS1_HEARTBEAT), "dtls1_heartbeat"}, - {ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "dtls1_preprocess_fragment"}, - {ERR_FUNC(SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS), +static const ERR_STRING_DATA SSL_str_functs[] = { + {ERR_PACK(ERR_LIB_SSL, SSL_F_ADD_CLIENT_KEY_SHARE_EXT, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_ADD_KEY_SHARE, 0), "add_key_share"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_BYTES_TO_CIPHER_LIST, 0), + "bytes_to_cipher_list"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_CHECK_SUITEB_CIPHER_LIST, 0), + "check_suiteb_cipher_list"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_CIPHERSUITE_CB, 0), "ciphersuite_cb"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_CONSTRUCT_CA_NAMES, 0), "construct_ca_names"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS, 0), + "construct_key_exchange_tbs"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_CONSTRUCT_STATEFUL_TICKET, 0), + "construct_stateful_ticket"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_CONSTRUCT_STATELESS_TICKET, 0), + "construct_stateless_ticket"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_CREATE_SYNTHETIC_MESSAGE_HASH, 0), + "create_synthetic_message_hash"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_CREATE_TICKET_PREQUEL, 0), + "create_ticket_prequel"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_CT_MOVE_SCTS, 0), "ct_move_scts"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_CT_STRICT, 0), "ct_strict"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_CUSTOM_EXT_ADD, 0), "custom_ext_add"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_CUSTOM_EXT_PARSE, 0), "custom_ext_parse"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_D2I_SSL_SESSION, 0), "d2i_SSL_SESSION"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_DANE_CTX_ENABLE, 0), "dane_ctx_enable"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_DANE_MTYPE_SET, 0), "dane_mtype_set"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_DANE_TLSA_ADD, 0), "dane_tlsa_add"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_DERIVE_SECRET_KEY_AND_IV, 0), + "derive_secret_key_and_iv"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_DO_DTLS1_WRITE, 0), "do_dtls1_write"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_DO_SSL3_WRITE, 0), "do_ssl3_write"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_BUFFER_RECORD, 0), + "dtls1_buffer_record"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_CHECK_TIMEOUT_NUM, 0), + "dtls1_check_timeout_num"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_HEARTBEAT, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_HM_FRAGMENT_NEW, 0), + "dtls1_hm_fragment_new"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_PREPROCESS_FRAGMENT, 0), + "dtls1_preprocess_fragment"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS, 0), "dtls1_process_buffered_records"}, - {ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD), "dtls1_process_record"}, - {ERR_FUNC(SSL_F_DTLS1_READ_BYTES), "dtls1_read_bytes"}, - {ERR_FUNC(SSL_F_DTLS1_READ_FAILED), "dtls1_read_failed"}, - {ERR_FUNC(SSL_F_DTLS1_RETRANSMIT_MESSAGE), "dtls1_retransmit_message"}, - {ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES), + {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_PROCESS_RECORD, 0), + "dtls1_process_record"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_READ_BYTES, 0), "dtls1_read_bytes"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_READ_FAILED, 0), "dtls1_read_failed"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_RETRANSMIT_MESSAGE, 0), + "dtls1_retransmit_message"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_WRITE_APP_DATA_BYTES, 0), "dtls1_write_app_data_bytes"}, - {ERR_FUNC(SSL_F_DTLSV1_LISTEN), "DTLSv1_listen"}, - {ERR_FUNC(SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC), + {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_WRITE_BYTES, 0), "dtls1_write_bytes"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLSV1_LISTEN, 0), "DTLSv1_listen"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC, 0), "dtls_construct_change_cipher_spec"}, - {ERR_FUNC(SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST), + {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST, 0), "dtls_construct_hello_verify_request"}, - {ERR_FUNC(SSL_F_DTLS_GET_REASSEMBLED_MESSAGE), + {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, 0), "dtls_get_reassembled_message"}, - {ERR_FUNC(SSL_F_DTLS_PROCESS_HELLO_VERIFY), "dtls_process_hello_verify"}, - {ERR_FUNC(SSL_F_DTLS_WAIT_FOR_DRY), "dtls_wait_for_dry"}, - {ERR_FUNC(SSL_F_OPENSSL_INIT_SSL), "OPENSSL_init_ssl"}, - {ERR_FUNC(SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION), + {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS_PROCESS_HELLO_VERIFY, 0), + "dtls_process_hello_verify"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS_RECORD_LAYER_NEW, 0), + "DTLS_RECORD_LAYER_new"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS_WAIT_FOR_DRY, 0), "dtls_wait_for_dry"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_EARLY_DATA_COUNT_OK, 0), + "early_data_count_ok"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_EARLY_DATA, 0), "final_early_data"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_EC_PT_FORMATS, 0), + "final_ec_pt_formats"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_EMS, 0), "final_ems"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_KEY_SHARE, 0), "final_key_share"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_MAXFRAGMENTLEN, 0), + "final_maxfragmentlen"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_RENEGOTIATE, 0), "final_renegotiate"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_SERVER_NAME, 0), "final_server_name"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_SIG_ALGS, 0), "final_sig_algs"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_GET_CERT_VERIFY_TBS_DATA, 0), + "get_cert_verify_tbs_data"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_NSS_KEYLOG_INT, 0), "nss_keylog_int"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_OPENSSL_INIT_SSL, 0), "OPENSSL_init_ssl"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_CLIENT13_READ_TRANSITION, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_CLIENT13_WRITE_TRANSITION, 0), + "ossl_statem_client13_write_transition"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_CLIENT_CONSTRUCT_MESSAGE, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_CLIENT_POST_PROCESS_MESSAGE, 0), + "ossl_statem_client_post_process_message"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_CLIENT_PROCESS_MESSAGE, 0), + "ossl_statem_client_process_message"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION, 0), "ossl_statem_client_read_transition"}, - {ERR_FUNC(SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION), + {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_CLIENT_WRITE_TRANSITION, 0), + "ossl_statem_client_write_transition"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER13_READ_TRANSITION, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER13_WRITE_TRANSITION, 0), + "ossl_statem_server13_write_transition"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER_POST_PROCESS_MESSAGE, 0), + "ossl_statem_server_post_process_message"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER_POST_WORK, 0), + "ossl_statem_server_post_work"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE, 0), + "ossl_statem_server_process_message"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION, 0), "ossl_statem_server_read_transition"}, - {ERR_FUNC(SSL_F_READ_STATE_MACHINE), "read_state_machine"}, - {ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "ssl3_change_cipher_state"}, - {ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), + {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION, 0), + "ossl_statem_server_write_transition"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_PARSE_CA_NAMES, 0), "parse_ca_names"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_PITEM_NEW, 0), "pitem_new"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_PQUEUE_NEW, 0), "pqueue_new"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_PROCESS_KEY_SHARE_EXT, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_READ_STATE_MACHINE, 0), "read_state_machine"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SET_CLIENT_CIPHERSUITE, 0), + "set_client_ciphersuite"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET, 0), + "srp_generate_client_master_secret"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SRP_GENERATE_SERVER_MASTER_SECRET, 0), + "srp_generate_server_master_secret"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SRP_VERIFY_SERVER_PARAM, 0), + "srp_verify_server_param"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_CHANGE_CIPHER_STATE, 0), + "ssl3_change_cipher_state"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, 0), "ssl3_check_cert_and_algorithm"}, - {ERR_FUNC(SSL_F_SSL3_CTRL), "ssl3_ctrl"}, - {ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "ssl3_ctx_ctrl"}, - {ERR_FUNC(SSL_F_SSL3_DIGEST_CACHED_RECORDS), + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_CTRL, 0), "ssl3_ctrl"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_CTX_CTRL, 0), "ssl3_ctx_ctrl"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_DIGEST_CACHED_RECORDS, 0), "ssl3_digest_cached_records"}, - {ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC), + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, 0), "ssl3_do_change_cipher_spec"}, - {ERR_FUNC(SSL_F_SSL3_FINAL_FINISH_MAC), "ssl3_final_finish_mac"}, - {ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "ssl3_generate_key_block"}, - {ERR_FUNC(SSL_F_SSL3_GENERATE_MASTER_SECRET), + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_ENC, 0), "ssl3_enc"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_FINAL_FINISH_MAC, 0), + "ssl3_final_finish_mac"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_FINISH_MAC, 0), "ssl3_finish_mac"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_GENERATE_KEY_BLOCK, 0), + "ssl3_generate_key_block"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_GENERATE_MASTER_SECRET, 0), "ssl3_generate_master_secret"}, - {ERR_FUNC(SSL_F_SSL3_GET_RECORD), "ssl3_get_record"}, - {ERR_FUNC(SSL_F_SSL3_INIT_FINISHED_MAC), "ssl3_init_finished_mac"}, - {ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "ssl3_output_cert_chain"}, - {ERR_FUNC(SSL_F_SSL3_READ_BYTES), "ssl3_read_bytes"}, - {ERR_FUNC(SSL_F_SSL3_READ_N), "ssl3_read_n"}, - {ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "ssl3_setup_key_block"}, - {ERR_FUNC(SSL_F_SSL3_SETUP_READ_BUFFER), "ssl3_setup_read_buffer"}, - {ERR_FUNC(SSL_F_SSL3_SETUP_WRITE_BUFFER), "ssl3_setup_write_buffer"}, - {ERR_FUNC(SSL_F_SSL3_TAKE_MAC), "ssl3_take_mac"}, - {ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "ssl3_write_bytes"}, - {ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "ssl3_write_pending"}, - {ERR_FUNC(SSL_F_SSL_ADD_CERT_CHAIN), "ssl_add_cert_chain"}, - {ERR_FUNC(SSL_F_SSL_ADD_CERT_TO_BUF), "ssl_add_cert_to_buf"}, - {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT), - "ssl_add_clienthello_renegotiate_ext"}, - {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT), - "ssl_add_clienthello_tlsext"}, - {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT), - "ssl_add_clienthello_use_srtp_ext"}, - {ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK), + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_GET_RECORD, 0), "ssl3_get_record"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_INIT_FINISHED_MAC, 0), + "ssl3_init_finished_mac"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_OUTPUT_CERT_CHAIN, 0), + "ssl3_output_cert_chain"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_READ_BYTES, 0), "ssl3_read_bytes"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_READ_N, 0), "ssl3_read_n"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_SETUP_KEY_BLOCK, 0), + "ssl3_setup_key_block"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_SETUP_READ_BUFFER, 0), + "ssl3_setup_read_buffer"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_SETUP_WRITE_BUFFER, 0), + "ssl3_setup_write_buffer"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_WRITE_BYTES, 0), "ssl3_write_bytes"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_WRITE_PENDING, 0), "ssl3_write_pending"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_CERT_CHAIN, 0), "ssl_add_cert_chain"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_CERT_TO_BUF, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_CERT_TO_WPACKET, 0), + "ssl_add_cert_to_wpacket"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, 0), "SSL_add_dir_cert_subjects_to_stack"}, - {ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK), + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK, 0), "SSL_add_file_cert_subjects_to_stack"}, - {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT), - "ssl_add_serverhello_renegotiate_ext"}, - {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT), - "ssl_add_serverhello_tlsext"}, - {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT), - "ssl_add_serverhello_use_srtp_ext"}, - {ERR_FUNC(SSL_F_SSL_BAD_METHOD), "ssl_bad_method"}, - {ERR_FUNC(SSL_F_SSL_BUILD_CERT_CHAIN), "ssl_build_cert_chain"}, - {ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "ssl_bytes_to_cipher_list"}, - {ERR_FUNC(SSL_F_SSL_CERT_ADD0_CHAIN_CERT), "ssl_cert_add0_chain_cert"}, - {ERR_FUNC(SSL_F_SSL_CERT_DUP), "ssl_cert_dup"}, - {ERR_FUNC(SSL_F_SSL_CERT_NEW), "ssl_cert_new"}, - {ERR_FUNC(SSL_F_SSL_CERT_SET0_CHAIN), "ssl_cert_set0_chain"}, - {ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"}, - {ERR_FUNC(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT), - "ssl_check_serverhello_tlsext"}, - {ERR_FUNC(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG), + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_BAD_METHOD, 0), "ssl_bad_method"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_BUILD_CERT_CHAIN, 0), + "ssl_build_cert_chain"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_BYTES_TO_CIPHER_LIST, 0), + "SSL_bytes_to_cipher_list"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CACHE_CIPHERLIST, 0), + "ssl_cache_cipherlist"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CERT_ADD0_CHAIN_CERT, 0), + "ssl_cert_add0_chain_cert"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CERT_DUP, 0), "ssl_cert_dup"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CERT_NEW, 0), "ssl_cert_new"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CERT_SET0_CHAIN, 0), + "ssl_cert_set0_chain"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CHECK_PRIVATE_KEY, 0), + "SSL_check_private_key"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CHECK_SRP_EXT_CLIENTHELLO, 0), + "ssl_check_srp_ext_ClientHello"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, 0), "ssl_check_srvr_ecc_cert_and_alg"}, - {ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR), + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CHOOSE_CLIENT_VERSION, 0), + "ssl_choose_client_version"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CIPHER_DESCRIPTION, 0), + "SSL_CIPHER_description"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CIPHER_LIST_TO_BYTES, 0), + "ssl_cipher_list_to_bytes"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CIPHER_PROCESS_RULESTR, 0), "ssl_cipher_process_rulestr"}, - {ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "ssl_cipher_strength_sort"}, - {ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"}, - {ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD), + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CIPHER_STRENGTH_SORT, 0), + "ssl_cipher_strength_sort"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CLEAR, 0), "SSL_clear"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT, 0), + "SSL_client_hello_get1_extensions_present"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, 0), "SSL_COMP_add_compression_method"}, - {ERR_FUNC(SSL_F_SSL_CONF_CMD), "SSL_CONF_cmd"}, - {ERR_FUNC(SSL_F_SSL_CREATE_CIPHER_LIST), "ssl_create_cipher_list"}, - {ERR_FUNC(SSL_F_SSL_CTRL), "SSL_ctrl"}, - {ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY), "SSL_CTX_check_private_key"}, - {ERR_FUNC(SSL_F_SSL_CTX_ENABLE_CT), "SSL_CTX_enable_ct"}, - {ERR_FUNC(SSL_F_SSL_CTX_MAKE_PROFILES), "ssl_ctx_make_profiles"}, - {ERR_FUNC(SSL_F_SSL_CTX_NEW), "SSL_CTX_new"}, - {ERR_FUNC(SSL_F_SSL_CTX_SET_ALPN_PROTOS), "SSL_CTX_set_alpn_protos"}, - {ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST), "SSL_CTX_set_cipher_list"}, - {ERR_FUNC(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE), + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CONF_CMD, 0), "SSL_CONF_cmd"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CREATE_CIPHER_LIST, 0), + "ssl_create_cipher_list"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTRL, 0), "SSL_ctrl"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, 0), + "SSL_CTX_check_private_key"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_ENABLE_CT, 0), "SSL_CTX_enable_ct"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_MAKE_PROFILES, 0), + "ssl_ctx_make_profiles"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_NEW, 0), "SSL_CTX_new"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_SET_ALPN_PROTOS, 0), + "SSL_CTX_set_alpn_protos"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_SET_CIPHER_LIST, 0), + "SSL_CTX_set_cipher_list"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, 0), "SSL_CTX_set_client_cert_engine"}, - {ERR_FUNC(SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK), + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK, 0), "SSL_CTX_set_ct_validation_callback"}, - {ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT), + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT, 0), "SSL_CTX_set_session_id_context"}, - {ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION), "SSL_CTX_set_ssl_version"}, - {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE), "SSL_CTX_use_certificate"}, - {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1), + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_SET_SSL_VERSION, 0), + "SSL_CTX_set_ssl_version"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_SET_TLSEXT_MAX_FRAGMENT_LENGTH, 0), + "SSL_CTX_set_tlsext_max_fragment_length"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_CERTIFICATE, 0), + "SSL_CTX_use_certificate"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1, 0), "SSL_CTX_use_certificate_ASN1"}, - {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE), + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, 0), "SSL_CTX_use_certificate_file"}, - {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY), "SSL_CTX_use_PrivateKey"}, - {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1), + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_PRIVATEKEY, 0), + "SSL_CTX_use_PrivateKey"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1, 0), "SSL_CTX_use_PrivateKey_ASN1"}, - {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE), + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, 0), "SSL_CTX_use_PrivateKey_file"}, - {ERR_FUNC(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT), + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, 0), "SSL_CTX_use_psk_identity_hint"}, - {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY), "SSL_CTX_use_RSAPrivateKey"}, - {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1), + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, 0), + "SSL_CTX_use_RSAPrivateKey"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1, 0), "SSL_CTX_use_RSAPrivateKey_ASN1"}, - {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE), + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, 0), "SSL_CTX_use_RSAPrivateKey_file"}, - {ERR_FUNC(SSL_F_SSL_CTX_USE_SERVERINFO), "SSL_CTX_use_serverinfo"}, - {ERR_FUNC(SSL_F_SSL_CTX_USE_SERVERINFO_FILE), + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_SERVERINFO, 0), + "SSL_CTX_use_serverinfo"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_SERVERINFO_EX, 0), + "SSL_CTX_use_serverinfo_ex"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_SERVERINFO_FILE, 0), "SSL_CTX_use_serverinfo_file"}, - {ERR_FUNC(SSL_F_SSL_DANE_DUP), "ssl_dane_dup"}, - {ERR_FUNC(SSL_F_SSL_DANE_ENABLE), "SSL_dane_enable"}, - {ERR_FUNC(SSL_F_SSL_DO_CONFIG), "ssl_do_config"}, - {ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"}, - {ERR_FUNC(SSL_F_SSL_DUP_CA_LIST), "SSL_dup_CA_list"}, - {ERR_FUNC(SSL_F_SSL_ENABLE_CT), "SSL_enable_ct"}, - {ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "ssl_get_new_session"}, - {ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "ssl_get_prev_session"}, - {ERR_FUNC(SSL_F_SSL_GET_SERVER_CERT_INDEX), "ssl_get_server_cert_index"}, - {ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "ssl_get_sign_pkey"}, - {ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "ssl_init_wbio_buffer"}, - {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"}, - {ERR_FUNC(SSL_F_SSL_MODULE_INIT), "ssl_module_init"}, - {ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"}, - {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT), - "ssl_parse_clienthello_renegotiate_ext"}, - {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT), - "ssl_parse_clienthello_tlsext"}, - {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT), - "ssl_parse_clienthello_use_srtp_ext"}, - {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT), - "ssl_parse_serverhello_renegotiate_ext"}, - {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT), - "ssl_parse_serverhello_tlsext"}, - {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT), - "ssl_parse_serverhello_use_srtp_ext"}, - {ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"}, - {ERR_FUNC(SSL_F_SSL_READ), "SSL_read"}, - {ERR_FUNC(SSL_F_SSL_RENEGOTIATE), "SSL_renegotiate"}, - {ERR_FUNC(SSL_F_SSL_RENEGOTIATE_ABBREVIATED), + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_DANE_DUP, 0), "ssl_dane_dup"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_DANE_ENABLE, 0), "SSL_dane_enable"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_DERIVE, 0), "ssl_derive"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_DO_CONFIG, 0), "ssl_do_config"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_DO_HANDSHAKE, 0), "SSL_do_handshake"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_DUP_CA_LIST, 0), "SSL_dup_CA_list"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ENABLE_CT, 0), "SSL_enable_ct"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_GENERATE_PKEY_GROUP, 0), + "ssl_generate_pkey_group"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_GENERATE_SESSION_ID, 0), + "ssl_generate_session_id"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_GET_NEW_SESSION, 0), + "ssl_get_new_session"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_GET_PREV_SESSION, 0), + "ssl_get_prev_session"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_GET_SERVER_CERT_INDEX, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_GET_SIGN_PKEY, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_HANDSHAKE_HASH, 0), "ssl_handshake_hash"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_INIT_WBIO_BUFFER, 0), + "ssl_init_wbio_buffer"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_KEY_UPDATE, 0), "SSL_key_update"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_LOAD_CLIENT_CA_FILE, 0), + "SSL_load_client_CA_file"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_LOG_MASTER_SECRET, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE, 0), + "ssl_log_rsa_client_key_exchange"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_MODULE_INIT, 0), "ssl_module_init"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_NEW, 0), "SSL_new"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_NEXT_PROTO_VALIDATE, 0), + "ssl_next_proto_validate"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PEEK, 0), "SSL_peek"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PEEK_EX, 0), "SSL_peek_ex"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PEEK_INTERNAL, 0), "ssl_peek_internal"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_READ, 0), "SSL_read"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_READ_EARLY_DATA, 0), + "SSL_read_early_data"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_READ_EX, 0), "SSL_read_ex"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_READ_INTERNAL, 0), "ssl_read_internal"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_RENEGOTIATE, 0), "SSL_renegotiate"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_RENEGOTIATE_ABBREVIATED, 0), "SSL_renegotiate_abbreviated"}, - {ERR_FUNC(SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT), - "ssl_scan_clienthello_tlsext"}, - {ERR_FUNC(SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT), - "ssl_scan_serverhello_tlsext"}, - {ERR_FUNC(SSL_F_SSL_SESSION_DUP), "ssl_session_dup"}, - {ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"}, - {ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"}, - {ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID), "SSL_SESSION_set1_id"}, - {ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID_CONTEXT), + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SESSION_DUP, 0), "ssl_session_dup"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SESSION_NEW, 0), "SSL_SESSION_new"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SESSION_PRINT_FP, 0), + "SSL_SESSION_print_fp"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SESSION_SET1_ID, 0), + "SSL_SESSION_set1_id"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SESSION_SET1_ID_CONTEXT, 0), "SSL_SESSION_set1_id_context"}, - {ERR_FUNC(SSL_F_SSL_SET_ALPN_PROTOS), "SSL_set_alpn_protos"}, - {ERR_FUNC(SSL_F_SSL_SET_CERT), "ssl_set_cert"}, - {ERR_FUNC(SSL_F_SSL_SET_CIPHER_LIST), "SSL_set_cipher_list"}, - {ERR_FUNC(SSL_F_SSL_SET_CT_VALIDATION_CALLBACK), + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_ALPN_PROTOS, 0), + "SSL_set_alpn_protos"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_CERT, 0), "ssl_set_cert"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_CERT_AND_KEY, 0), + "ssl_set_cert_and_key"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_CIPHER_LIST, 0), + "SSL_set_cipher_list"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_CT_VALIDATION_CALLBACK, 0), "SSL_set_ct_validation_callback"}, - {ERR_FUNC(SSL_F_SSL_SET_FD), "SSL_set_fd"}, - {ERR_FUNC(SSL_F_SSL_SET_PKEY), "ssl_set_pkey"}, - {ERR_FUNC(SSL_F_SSL_SET_RFD), "SSL_set_rfd"}, - {ERR_FUNC(SSL_F_SSL_SET_SESSION), "SSL_set_session"}, - {ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT), + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_FD, 0), "SSL_set_fd"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_PKEY, 0), "ssl_set_pkey"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_RFD, 0), "SSL_set_rfd"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_SESSION, 0), "SSL_set_session"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_SESSION_ID_CONTEXT, 0), "SSL_set_session_id_context"}, - {ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT), + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_SESSION_TICKET_EXT, 0), "SSL_set_session_ticket_ext"}, - {ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"}, - {ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"}, - {ERR_FUNC(SSL_F_SSL_SRP_CTX_INIT), "SSL_SRP_CTX_init"}, - {ERR_FUNC(SSL_F_SSL_START_ASYNC_JOB), "ssl_start_async_job"}, - {ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION), "ssl_undefined_function"}, - {ERR_FUNC(SSL_F_SSL_UNDEFINED_VOID_FUNCTION), + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_TLSEXT_MAX_FRAGMENT_LENGTH, 0), + "SSL_set_tlsext_max_fragment_length"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_WFD, 0), "SSL_set_wfd"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SHUTDOWN, 0), "SSL_shutdown"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SRP_CTX_INIT, 0), "SSL_SRP_CTX_init"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_START_ASYNC_JOB, 0), + "ssl_start_async_job"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_UNDEFINED_FUNCTION, 0), + "ssl_undefined_function"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_UNDEFINED_VOID_FUNCTION, 0), "ssl_undefined_void_function"}, - {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE), "SSL_use_certificate"}, - {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1), "SSL_use_certificate_ASN1"}, - {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE), "SSL_use_certificate_file"}, - {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY), "SSL_use_PrivateKey"}, - {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_ASN1), "SSL_use_PrivateKey_ASN1"}, - {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE), "SSL_use_PrivateKey_file"}, - {ERR_FUNC(SSL_F_SSL_USE_PSK_IDENTITY_HINT), "SSL_use_psk_identity_hint"}, - {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"}, - {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1), + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_CERTIFICATE, 0), + "SSL_use_certificate"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_CERTIFICATE_ASN1, 0), + "SSL_use_certificate_ASN1"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_CERTIFICATE_FILE, 0), + "SSL_use_certificate_file"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_PRIVATEKEY, 0), "SSL_use_PrivateKey"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_PRIVATEKEY_ASN1, 0), + "SSL_use_PrivateKey_ASN1"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_PRIVATEKEY_FILE, 0), + "SSL_use_PrivateKey_file"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_PSK_IDENTITY_HINT, 0), + "SSL_use_psk_identity_hint"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_RSAPRIVATEKEY, 0), + "SSL_use_RSAPrivateKey"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1, 0), "SSL_use_RSAPrivateKey_ASN1"}, - {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE), + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, 0), "SSL_use_RSAPrivateKey_file"}, - {ERR_FUNC(SSL_F_SSL_VALIDATE_CT), "ssl_validate_ct"}, - {ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "ssl_verify_cert_chain"}, - {ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"}, - {ERR_FUNC(SSL_F_STATE_MACHINE), "state_machine"}, - {ERR_FUNC(SSL_F_TLS12_CHECK_PEER_SIGALG), "tls12_check_peer_sigalg"}, - {ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "tls1_change_cipher_state"}, - {ERR_FUNC(SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS), - "tls1_check_duplicate_extensions"}, - {ERR_FUNC(SSL_F_TLS1_ENC), "tls1_enc"}, - {ERR_FUNC(SSL_F_TLS1_EXPORT_KEYING_MATERIAL), + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_VALIDATE_CT, 0), "ssl_validate_ct"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_VERIFY_CERT_CHAIN, 0), + "ssl_verify_cert_chain"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, 0), + "SSL_verify_client_post_handshake"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_WRITE, 0), "SSL_write"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_WRITE_EARLY_DATA, 0), + "SSL_write_early_data"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_WRITE_EARLY_FINISH, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_WRITE_EX, 0), "SSL_write_ex"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_WRITE_INTERNAL, 0), "ssl_write_internal"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_STATE_MACHINE, 0), "state_machine"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS12_CHECK_PEER_SIGALG, 0), + "tls12_check_peer_sigalg"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS12_COPY_SIGALGS, 0), "tls12_copy_sigalgs"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_CHANGE_CIPHER_STATE, 0), + "tls13_change_cipher_state"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_ENC, 0), "tls13_enc"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_FINAL_FINISH_MAC, 0), + "tls13_final_finish_mac"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_GENERATE_SECRET, 0), + "tls13_generate_secret"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_HKDF_EXPAND, 0), "tls13_hkdf_expand"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_RESTORE_HANDSHAKE_DIGEST_FOR_PHA, 0), + "tls13_restore_handshake_digest_for_pha"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_SAVE_HANDSHAKE_DIGEST_FOR_PHA, 0), + "tls13_save_handshake_digest_for_pha"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_SETUP_KEY_BLOCK, 0), + "tls13_setup_key_block"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_CHANGE_CIPHER_STATE, 0), + "tls1_change_cipher_state"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_ENC, 0), "tls1_enc"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_EXPORT_KEYING_MATERIAL, 0), "tls1_export_keying_material"}, - {ERR_FUNC(SSL_F_TLS1_GET_CURVELIST), "tls1_get_curvelist"}, - {ERR_FUNC(SSL_F_TLS1_PRF), "tls1_PRF"}, - {ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "tls1_setup_key_block"}, - {ERR_FUNC(SSL_F_TLS1_SET_SERVER_SIGALGS), "tls1_set_server_sigalgs"}, - {ERR_FUNC(SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK), + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_GET_CURVELIST, 0), "tls1_get_curvelist"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_PRF, 0), "tls1_PRF"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SAVE_U16, 0), "tls1_save_u16"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SETUP_KEY_BLOCK, 0), + "tls1_setup_key_block"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SET_GROUPS, 0), "tls1_set_groups"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SET_RAW_SIGALGS, 0), + "tls1_set_raw_sigalgs"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SET_SERVER_SIGALGS, 0), + "tls1_set_server_sigalgs"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SET_SHARED_SIGALGS, 0), + "tls1_set_shared_sigalgs"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SET_SIGALGS, 0), "tls1_set_sigalgs"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CHOOSE_SIGALG, 0), "tls_choose_sigalg"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK, 0), "tls_client_key_exchange_post_work"}, - {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST), + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_COLLECT_EXTENSIONS, 0), + "tls_collect_extensions"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CERTIFICATE_AUTHORITIES, 0), + "tls_construct_certificate_authorities"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, 0), "tls_construct_certificate_request"}, - {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_DHE), "tls_construct_cke_dhe"}, - {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_ECDHE), "tls_construct_cke_ecdhe"}, - {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_GOST), "tls_construct_cke_gost"}, - {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE), + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CERT_STATUS, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CERT_STATUS_BODY, 0), + "tls_construct_cert_status_body"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CERT_VERIFY, 0), + "tls_construct_cert_verify"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC, 0), + "tls_construct_change_cipher_spec"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CKE_DHE, 0), + "tls_construct_cke_dhe"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CKE_ECDHE, 0), + "tls_construct_cke_ecdhe"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CKE_GOST, 0), + "tls_construct_cke_gost"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, 0), "tls_construct_cke_psk_preamble"}, - {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_RSA), "tls_construct_cke_rsa"}, - {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_SRP), "tls_construct_cke_srp"}, - {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE), + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CKE_RSA, 0), + "tls_construct_cke_rsa"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CKE_SRP, 0), + "tls_construct_cke_srp"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE, 0), "tls_construct_client_certificate"}, - {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO), + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, 0), "tls_construct_client_hello"}, - {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE), + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, 0), "tls_construct_client_key_exchange"}, - {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY), - "tls_construct_client_verify"}, - {ERR_FUNC(SSL_F_TLS_CONSTRUCT_FINISHED), "tls_construct_finished"}, - {ERR_FUNC(SSL_F_TLS_CONSTRUCT_HELLO_REQUEST), - "tls_construct_hello_request"}, - {ERR_FUNC(SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET), + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_ALPN, 0), + "tls_construct_ctos_alpn"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_CERTIFICATE, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_COOKIE, 0), + "tls_construct_ctos_cookie"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA, 0), + "tls_construct_ctos_early_data"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS, 0), + "tls_construct_ctos_ec_pt_formats"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_EMS, 0), + "tls_construct_ctos_ems"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_ETM, 0), + "tls_construct_ctos_etm"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_HELLO, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_KEY_EXCHANGE, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE, 0), + "tls_construct_ctos_key_share"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_MAXFRAGMENTLEN, 0), + "tls_construct_ctos_maxfragmentlen"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_NPN, 0), + "tls_construct_ctos_npn"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_PADDING, 0), + "tls_construct_ctos_padding"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_POST_HANDSHAKE_AUTH, 0), + "tls_construct_ctos_post_handshake_auth"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_PSK, 0), + "tls_construct_ctos_psk"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES, 0), + "tls_construct_ctos_psk_kex_modes"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE, 0), + "tls_construct_ctos_renegotiate"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_SCT, 0), + "tls_construct_ctos_sct"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME, 0), + "tls_construct_ctos_server_name"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET, 0), + "tls_construct_ctos_session_ticket"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_SIG_ALGS, 0), + "tls_construct_ctos_sig_algs"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_SRP, 0), + "tls_construct_ctos_srp"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST, 0), + "tls_construct_ctos_status_request"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS, 0), + "tls_construct_ctos_supported_groups"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS, 0), + "tls_construct_ctos_supported_versions"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP, 0), + "tls_construct_ctos_use_srtp"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_VERIFY, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_ENCRYPTED_EXTENSIONS, 0), + "tls_construct_encrypted_extensions"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_END_OF_EARLY_DATA, 0), + "tls_construct_end_of_early_data"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_EXTENSIONS, 0), + "tls_construct_extensions"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_FINISHED, 0), + "tls_construct_finished"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_HELLO_REQUEST, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_HELLO_RETRY_REQUEST, 0), + "tls_construct_hello_retry_request"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_KEY_UPDATE, 0), + "tls_construct_key_update"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, 0), "tls_construct_new_session_ticket"}, - {ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE), + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_NEXT_PROTO, 0), + "tls_construct_next_proto"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE, 0), "tls_construct_server_certificate"}, - {ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_DONE), "tls_construct_server_done"}, - {ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_HELLO), + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_SERVER_HELLO, 0), "tls_construct_server_hello"}, - {ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE), + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, 0), "tls_construct_server_key_exchange"}, - {ERR_FUNC(SSL_F_TLS_GET_MESSAGE_BODY), "tls_get_message_body"}, - {ERR_FUNC(SSL_F_TLS_GET_MESSAGE_HEADER), "tls_get_message_header"}, - {ERR_FUNC(SSL_F_TLS_POST_PROCESS_CLIENT_HELLO), + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_ALPN, 0), + "tls_construct_stoc_alpn"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_CERTIFICATE, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_COOKIE, 0), + "tls_construct_stoc_cookie"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG, 0), + "tls_construct_stoc_cryptopro_bug"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_DONE, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA, 0), + "tls_construct_stoc_early_data"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA_INFO, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_EC_PT_FORMATS, 0), + "tls_construct_stoc_ec_pt_formats"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_EMS, 0), + "tls_construct_stoc_ems"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_ETM, 0), + "tls_construct_stoc_etm"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_HELLO, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_KEY_EXCHANGE, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE, 0), + "tls_construct_stoc_key_share"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_MAXFRAGMENTLEN, 0), + "tls_construct_stoc_maxfragmentlen"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG, 0), + "tls_construct_stoc_next_proto_neg"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_PSK, 0), + "tls_construct_stoc_psk"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE, 0), + "tls_construct_stoc_renegotiate"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME, 0), + "tls_construct_stoc_server_name"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET, 0), + "tls_construct_stoc_session_ticket"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST, 0), + "tls_construct_stoc_status_request"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS, 0), + "tls_construct_stoc_supported_groups"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS, 0), + "tls_construct_stoc_supported_versions"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_USE_SRTP, 0), + "tls_construct_stoc_use_srtp"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, 0), + "tls_early_post_process_client_hello"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_FINISH_HANDSHAKE, 0), + "tls_finish_handshake"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_GET_MESSAGE_BODY, 0), + "tls_get_message_body"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_GET_MESSAGE_HEADER, 0), + "tls_get_message_header"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_HANDLE_ALPN, 0), "tls_handle_alpn"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_HANDLE_STATUS_REQUEST, 0), + "tls_handle_status_request"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CERTIFICATE_AUTHORITIES, 0), + "tls_parse_certificate_authorities"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CLIENTHELLO_TLSEXT, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_ALPN, 0), + "tls_parse_ctos_alpn"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_COOKIE, 0), + "tls_parse_ctos_cookie"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_EARLY_DATA, 0), + "tls_parse_ctos_early_data"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS, 0), + "tls_parse_ctos_ec_pt_formats"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_EMS, 0), "tls_parse_ctos_ems"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_KEY_SHARE, 0), + "tls_parse_ctos_key_share"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN, 0), + "tls_parse_ctos_maxfragmentlen"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_POST_HANDSHAKE_AUTH, 0), + "tls_parse_ctos_post_handshake_auth"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_PSK, 0), "tls_parse_ctos_psk"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES, 0), + "tls_parse_ctos_psk_kex_modes"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_RENEGOTIATE, 0), + "tls_parse_ctos_renegotiate"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_SERVER_NAME, 0), + "tls_parse_ctos_server_name"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_SESSION_TICKET, 0), + "tls_parse_ctos_session_ticket"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_SIG_ALGS, 0), + "tls_parse_ctos_sig_algs"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_SIG_ALGS_CERT, 0), + "tls_parse_ctos_sig_algs_cert"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_SRP, 0), "tls_parse_ctos_srp"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST, 0), + "tls_parse_ctos_status_request"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_SUPPORTED_GROUPS, 0), + "tls_parse_ctos_supported_groups"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_USE_SRTP, 0), + "tls_parse_ctos_use_srtp"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_ALPN, 0), + "tls_parse_stoc_alpn"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_COOKIE, 0), + "tls_parse_stoc_cookie"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_EARLY_DATA, 0), + "tls_parse_stoc_early_data"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS, 0), + "tls_parse_stoc_ec_pt_formats"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_KEY_SHARE, 0), + "tls_parse_stoc_key_share"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN, 0), + "tls_parse_stoc_maxfragmentlen"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_NPN, 0), "tls_parse_stoc_npn"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_PSK, 0), "tls_parse_stoc_psk"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_RENEGOTIATE, 0), + "tls_parse_stoc_renegotiate"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_SCT, 0), "tls_parse_stoc_sct"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_SERVER_NAME, 0), + "tls_parse_stoc_server_name"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_SESSION_TICKET, 0), + "tls_parse_stoc_session_ticket"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_STATUS_REQUEST, 0), + "tls_parse_stoc_status_request"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_SUPPORTED_VERSIONS, 0), + "tls_parse_stoc_supported_versions"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_USE_SRTP, 0), + "tls_parse_stoc_use_srtp"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_POST_PROCESS_CLIENT_HELLO, 0), "tls_post_process_client_hello"}, - {ERR_FUNC(SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE), + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE, 0), "tls_post_process_client_key_exchange"}, - {ERR_FUNC(SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE), + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE, 0), "tls_prepare_client_certificate"}, - {ERR_FUNC(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST), + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_AS_HELLO_RETRY_REQUEST, 0), + "tls_process_as_hello_retry_request"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, 0), "tls_process_certificate_request"}, - {ERR_FUNC(SSL_F_TLS_PROCESS_CERT_STATUS), "tls_process_cert_status"}, - {ERR_FUNC(SSL_F_TLS_PROCESS_CERT_VERIFY), "tls_process_cert_verify"}, - {ERR_FUNC(SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC), + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CERT_STATUS, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CERT_STATUS_BODY, 0), + "tls_process_cert_status_body"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CERT_VERIFY, 0), + "tls_process_cert_verify"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC, 0), "tls_process_change_cipher_spec"}, - {ERR_FUNC(SSL_F_TLS_PROCESS_CKE_DHE), "tls_process_cke_dhe"}, - {ERR_FUNC(SSL_F_TLS_PROCESS_CKE_ECDHE), "tls_process_cke_ecdhe"}, - {ERR_FUNC(SSL_F_TLS_PROCESS_CKE_GOST), "tls_process_cke_gost"}, - {ERR_FUNC(SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE), + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CKE_DHE, 0), + "tls_process_cke_dhe"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CKE_ECDHE, 0), + "tls_process_cke_ecdhe"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CKE_GOST, 0), + "tls_process_cke_gost"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, 0), "tls_process_cke_psk_preamble"}, - {ERR_FUNC(SSL_F_TLS_PROCESS_CKE_RSA), "tls_process_cke_rsa"}, - {ERR_FUNC(SSL_F_TLS_PROCESS_CKE_SRP), "tls_process_cke_srp"}, - {ERR_FUNC(SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE), + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CKE_RSA, 0), + "tls_process_cke_rsa"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CKE_SRP, 0), + "tls_process_cke_srp"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, 0), "tls_process_client_certificate"}, - {ERR_FUNC(SSL_F_TLS_PROCESS_CLIENT_HELLO), "tls_process_client_hello"}, - {ERR_FUNC(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE), + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CLIENT_HELLO, 0), + "tls_process_client_hello"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, 0), "tls_process_client_key_exchange"}, - {ERR_FUNC(SSL_F_TLS_PROCESS_FINISHED), "tls_process_finished"}, - {ERR_FUNC(SSL_F_TLS_PROCESS_KEY_EXCHANGE), "tls_process_key_exchange"}, - {ERR_FUNC(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET), + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_ENCRYPTED_EXTENSIONS, 0), + "tls_process_encrypted_extensions"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_END_OF_EARLY_DATA, 0), + "tls_process_end_of_early_data"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_FINISHED, 0), + "tls_process_finished"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_HELLO_REQ, 0), + "tls_process_hello_req"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_HELLO_RETRY_REQUEST, 0), + "tls_process_hello_retry_request"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT, 0), + "tls_process_initial_server_flight"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_KEY_EXCHANGE, 0), + "tls_process_key_exchange"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_KEY_UPDATE, 0), + "tls_process_key_update"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, 0), "tls_process_new_session_ticket"}, - {ERR_FUNC(SSL_F_TLS_PROCESS_NEXT_PROTO), "tls_process_next_proto"}, - {ERR_FUNC(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE), + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_NEXT_PROTO, 0), + "tls_process_next_proto"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, 0), "tls_process_server_certificate"}, - {ERR_FUNC(SSL_F_TLS_PROCESS_SERVER_DONE), "tls_process_server_done"}, - {ERR_FUNC(SSL_F_TLS_PROCESS_SERVER_HELLO), "tls_process_server_hello"}, - {ERR_FUNC(SSL_F_TLS_PROCESS_SKE_DHE), "tls_process_ske_dhe"}, - {ERR_FUNC(SSL_F_TLS_PROCESS_SKE_ECDHE), "tls_process_ske_ecdhe"}, - {ERR_FUNC(SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE), + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_SERVER_DONE, 0), + "tls_process_server_done"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_SERVER_HELLO, 0), + "tls_process_server_hello"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_SKE_DHE, 0), + "tls_process_ske_dhe"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_SKE_ECDHE, 0), + "tls_process_ske_ecdhe"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE, 0), "tls_process_ske_psk_preamble"}, - {ERR_FUNC(SSL_F_TLS_PROCESS_SKE_SRP), "tls_process_ske_srp"}, - {ERR_FUNC(SSL_F_USE_CERTIFICATE_CHAIN_FILE), + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_SKE_SRP, 0), + "tls_process_ske_srp"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PSK_DO_BINDER, 0), "tls_psk_do_binder"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_SCAN_CLIENTHELLO_TLSEXT, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_SETUP_HANDSHAKE, 0), + "tls_setup_handshake"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_USE_CERTIFICATE_CHAIN_FILE, 0), "use_certificate_chain_file"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_WPACKET_INTERN_INIT_LEN, 0), + "wpacket_intern_init_len"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_WPACKET_START_SUB_PACKET_LEN__, 0), + "WPACKET_start_sub_packet_len__"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_WRITE_STATE_MACHINE, 0), + "write_state_machine"}, {0, NULL} }; -static ERR_STRING_DATA SSL_str_reasons[] = { - {ERR_REASON(SSL_R_APP_DATA_IN_HANDSHAKE), "app data in handshake"}, - {ERR_REASON(SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT), - "attempt to reuse session in different context"}, - {ERR_REASON(SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE), - "at least TLS 1.0 needed in FIPS mode"}, - {ERR_REASON(SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE), - "at least (D)TLS 1.2 needed in Suite B mode"}, - {ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC), "bad change cipher spec"}, - {ERR_REASON(SSL_R_BAD_DATA), "bad data"}, - {ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK), - "bad data returned by callback"}, - {ERR_REASON(SSL_R_BAD_DECOMPRESSION), "bad decompression"}, - {ERR_REASON(SSL_R_BAD_DH_VALUE), "bad dh value"}, - {ERR_REASON(SSL_R_BAD_DIGEST_LENGTH), "bad digest length"}, - {ERR_REASON(SSL_R_BAD_ECC_CERT), "bad ecc cert"}, - {ERR_REASON(SSL_R_BAD_ECPOINT), "bad ecpoint"}, - {ERR_REASON(SSL_R_BAD_HANDSHAKE_LENGTH), "bad handshake length"}, - {ERR_REASON(SSL_R_BAD_HELLO_REQUEST), "bad hello request"}, - {ERR_REASON(SSL_R_BAD_LENGTH), "bad length"}, - {ERR_REASON(SSL_R_BAD_PACKET_LENGTH), "bad packet length"}, - {ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER), - "bad protocol version number"}, - {ERR_REASON(SSL_R_BAD_RSA_ENCRYPT), "bad rsa encrypt"}, - {ERR_REASON(SSL_R_BAD_SIGNATURE), "bad signature"}, - {ERR_REASON(SSL_R_BAD_SRP_A_LENGTH), "bad srp a length"}, - {ERR_REASON(SSL_R_BAD_SRP_PARAMETERS), "bad srp parameters"}, - {ERR_REASON(SSL_R_BAD_SRTP_MKI_VALUE), "bad srtp mki value"}, - {ERR_REASON(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST), - "bad srtp protection profile list"}, - {ERR_REASON(SSL_R_BAD_SSL_FILETYPE), "bad ssl filetype"}, - {ERR_REASON(SSL_R_BAD_VALUE), "bad value"}, - {ERR_REASON(SSL_R_BAD_WRITE_RETRY), "bad write retry"}, - {ERR_REASON(SSL_R_BIO_NOT_SET), "bio not set"}, - {ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG), - "block cipher pad is wrong"}, - {ERR_REASON(SSL_R_BN_LIB), "bn lib"}, - {ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH), "ca dn length mismatch"}, - {ERR_REASON(SSL_R_CA_KEY_TOO_SMALL), "ca key too small"}, - {ERR_REASON(SSL_R_CA_MD_TOO_WEAK), "ca md too weak"}, - {ERR_REASON(SSL_R_CCS_RECEIVED_EARLY), "ccs received early"}, - {ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED), - "certificate verify failed"}, - {ERR_REASON(SSL_R_CERT_CB_ERROR), "cert cb error"}, - {ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH), "cert length mismatch"}, - {ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH), "cipher code wrong length"}, - {ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE), - "cipher or hash unavailable"}, - {ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT), "clienthello tlsext"}, - {ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG), - "compressed length too long"}, - {ERR_REASON(SSL_R_COMPRESSION_DISABLED), "compression disabled"}, - {ERR_REASON(SSL_R_COMPRESSION_FAILURE), "compression failure"}, - {ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE), - "compression id not within private range"}, - {ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR), - "compression library error"}, - {ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET), "connection type not set"}, - {ERR_REASON(SSL_R_CONTEXT_NOT_DANE_ENABLED), "context not dane enabled"}, - {ERR_REASON(SSL_R_COOKIE_GEN_CALLBACK_FAILURE), - "cookie gen callback failure"}, - {ERR_REASON(SSL_R_COOKIE_MISMATCH), "cookie mismatch"}, - {ERR_REASON(SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED), - "custom ext handler already installed"}, - {ERR_REASON(SSL_R_DANE_ALREADY_ENABLED), "dane already enabled"}, - {ERR_REASON(SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL), - "dane cannot override mtype full"}, - {ERR_REASON(SSL_R_DANE_NOT_ENABLED), "dane not enabled"}, - {ERR_REASON(SSL_R_DANE_TLSA_BAD_CERTIFICATE), - "dane tlsa bad certificate"}, - {ERR_REASON(SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE), - "dane tlsa bad certificate usage"}, - {ERR_REASON(SSL_R_DANE_TLSA_BAD_DATA_LENGTH), - "dane tlsa bad data length"}, - {ERR_REASON(SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH), - "dane tlsa bad digest length"}, - {ERR_REASON(SSL_R_DANE_TLSA_BAD_MATCHING_TYPE), - "dane tlsa bad matching type"}, - {ERR_REASON(SSL_R_DANE_TLSA_BAD_PUBLIC_KEY), "dane tlsa bad public key"}, - {ERR_REASON(SSL_R_DANE_TLSA_BAD_SELECTOR), "dane tlsa bad selector"}, - {ERR_REASON(SSL_R_DANE_TLSA_NULL_DATA), "dane tlsa null data"}, - {ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED), - "data between ccs and finished"}, - {ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG), "data length too long"}, - {ERR_REASON(SSL_R_DECRYPTION_FAILED), "decryption failed"}, - {ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC), - "decryption failed or bad record mac"}, - {ERR_REASON(SSL_R_DH_KEY_TOO_SMALL), "dh key too small"}, - {ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG), - "dh public value length is wrong"}, - {ERR_REASON(SSL_R_DIGEST_CHECK_FAILED), "digest check failed"}, - {ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG), "dtls message too big"}, - {ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID), "duplicate compression id"}, - {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_SIGNING), "ecc cert not for signing"}, - {ERR_REASON(SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE), - "ecdh required for suiteb mode"}, - {ERR_REASON(SSL_R_EE_KEY_TOO_SMALL), "ee key too small"}, - {ERR_REASON(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST), - "empty srtp protection profile list"}, - {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG), - "encrypted length too long"}, - {ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST), - "error in received cipher list"}, - {ERR_REASON(SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN), - "error setting tlsa base domain"}, - {ERR_REASON(SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE), - "exceeds max fragment size"}, - {ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE), "excessive message size"}, - {ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE), "extra data in message"}, - {ERR_REASON(SSL_R_FAILED_TO_INIT_ASYNC), "failed to init async"}, - {ERR_REASON(SSL_R_FRAGMENTED_CLIENT_HELLO), "fragmented client hello"}, - {ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS), "got a fin before a ccs"}, - {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST), "https proxy request"}, - {ERR_REASON(SSL_R_HTTP_REQUEST), "http request"}, - {ERR_REASON(SSL_R_ILLEGAL_SUITEB_DIGEST), "illegal Suite B digest"}, - {ERR_REASON(SSL_R_INAPPROPRIATE_FALLBACK), "inappropriate fallback"}, - {ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION), "inconsistent compression"}, - {ERR_REASON(SSL_R_INCONSISTENT_EXTMS), "inconsistent extms"}, - {ERR_REASON(SSL_R_INVALID_COMMAND), "invalid command"}, - {ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM), - "invalid compression algorithm"}, - {ERR_REASON(SSL_R_INVALID_CONFIGURATION_NAME), - "invalid configuration name"}, - {ERR_REASON(SSL_R_INVALID_CT_VALIDATION_TYPE), - "invalid ct validation type"}, - {ERR_REASON(SSL_R_INVALID_NULL_CMD_NAME), "invalid null cmd name"}, - {ERR_REASON(SSL_R_INVALID_SEQUENCE_NUMBER), "invalid sequence number"}, - {ERR_REASON(SSL_R_INVALID_SERVERINFO_DATA), "invalid serverinfo data"}, - {ERR_REASON(SSL_R_INVALID_SRP_USERNAME), "invalid srp username"}, - {ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE), "invalid status response"}, - {ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH), - "invalid ticket keys length"}, - {ERR_REASON(SSL_R_LENGTH_MISMATCH), "length mismatch"}, - {ERR_REASON(SSL_R_LENGTH_TOO_LONG), "length too long"}, - {ERR_REASON(SSL_R_LENGTH_TOO_SHORT), "length too short"}, - {ERR_REASON(SSL_R_LIBRARY_BUG), "library bug"}, - {ERR_REASON(SSL_R_LIBRARY_HAS_NO_CIPHERS), "library has no ciphers"}, - {ERR_REASON(SSL_R_MISSING_DSA_SIGNING_CERT), "missing dsa signing cert"}, - {ERR_REASON(SSL_R_MISSING_ECDSA_SIGNING_CERT), - "missing ecdsa signing cert"}, - {ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE), "missing rsa certificate"}, - {ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT), - "missing rsa encrypting cert"}, - {ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT), "missing rsa signing cert"}, - {ERR_REASON(SSL_R_MISSING_SRP_PARAM), "can't find SRP server param"}, - {ERR_REASON(SSL_R_MISSING_TMP_DH_KEY), "missing tmp dh key"}, - {ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY), "missing tmp ecdh key"}, - {ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED), "no certificates returned"}, - {ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED), "no certificate assigned"}, - {ERR_REASON(SSL_R_NO_CERTIFICATE_SET), "no certificate set"}, - {ERR_REASON(SSL_R_NO_CIPHERS_AVAILABLE), "no ciphers available"}, - {ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED), "no ciphers specified"}, - {ERR_REASON(SSL_R_NO_CIPHER_MATCH), "no cipher match"}, - {ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD), "no client cert method"}, - {ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED), "no compression specified"}, - {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER), - "Peer haven't sent GOST certificate, required for selected ciphersuite"}, - {ERR_REASON(SSL_R_NO_METHOD_SPECIFIED), "no method specified"}, - {ERR_REASON(SSL_R_NO_PEM_EXTENSIONS), "no pem extensions"}, - {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED), "no private key assigned"}, - {ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE), "no protocols available"}, - {ERR_REASON(SSL_R_NO_RENEGOTIATION), "no renegotiation"}, - {ERR_REASON(SSL_R_NO_REQUIRED_DIGEST), "no required digest"}, - {ERR_REASON(SSL_R_NO_SHARED_CIPHER), "no shared cipher"}, - {ERR_REASON(SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS), - "no shared signature algorithms"}, - {ERR_REASON(SSL_R_NO_SRTP_PROFILES), "no srtp profiles"}, - {ERR_REASON(SSL_R_NO_VALID_SCTS), "no valid scts"}, - {ERR_REASON(SSL_R_NO_VERIFY_COOKIE_CALLBACK), - "no verify cookie callback"}, - {ERR_REASON(SSL_R_NULL_SSL_CTX), "null ssl ctx"}, - {ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED), "null ssl method passed"}, - {ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED), - "old session cipher not returned"}, - {ERR_REASON(SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED), - "old session compression algorithm not returned"}, - {ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG), "packet length too long"}, - {ERR_REASON(SSL_R_PARSE_TLSEXT), "parse tlsext"}, - {ERR_REASON(SSL_R_PATH_TOO_LONG), "path too long"}, - {ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE), - "peer did not return a certificate"}, - {ERR_REASON(SSL_R_PEM_NAME_BAD_PREFIX), "pem name bad prefix"}, - {ERR_REASON(SSL_R_PEM_NAME_TOO_SHORT), "pem name too short"}, - {ERR_REASON(SSL_R_PIPELINE_FAILURE), "pipeline failure"}, - {ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN), "protocol is shutdown"}, - {ERR_REASON(SSL_R_PSK_IDENTITY_NOT_FOUND), "psk identity not found"}, - {ERR_REASON(SSL_R_PSK_NO_CLIENT_CB), "psk no client cb"}, - {ERR_REASON(SSL_R_PSK_NO_SERVER_CB), "psk no server cb"}, - {ERR_REASON(SSL_R_READ_BIO_NOT_SET), "read bio not set"}, - {ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED), "read timeout expired"}, - {ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH), "record length mismatch"}, - {ERR_REASON(SSL_R_RECORD_TOO_SMALL), "record too small"}, - {ERR_REASON(SSL_R_RENEGOTIATE_EXT_TOO_LONG), "renegotiate ext too long"}, - {ERR_REASON(SSL_R_RENEGOTIATION_ENCODING_ERR), - "renegotiation encoding err"}, - {ERR_REASON(SSL_R_RENEGOTIATION_MISMATCH), "renegotiation mismatch"}, - {ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING), "required cipher missing"}, - {ERR_REASON(SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING), - "required compression algorithm missing"}, - {ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING), - "scsv received when renegotiating"}, - {ERR_REASON(SSL_R_SCT_VERIFICATION_FAILED), "sct verification failed"}, - {ERR_REASON(SSL_R_SERVERHELLO_TLSEXT), "serverhello tlsext"}, - {ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED), - "session id context uninitialized"}, - {ERR_REASON(SSL_R_SHUTDOWN_WHILE_IN_INIT), "shutdown while in init"}, - {ERR_REASON(SSL_R_SIGNATURE_ALGORITHMS_ERROR), - "signature algorithms error"}, - {ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE), - "signature for non signing certificate"}, - {ERR_REASON(SSL_R_SRP_A_CALC), "error with the srp params"}, - {ERR_REASON(SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES), - "srtp could not allocate profiles"}, - {ERR_REASON(SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG), - "srtp protection profile list too long"}, - {ERR_REASON(SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE), - "srtp unknown protection profile"}, - {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME), - "ssl3 ext invalid servername"}, - {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE), - "ssl3 ext invalid servername type"}, - {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG), "ssl3 session id too long"}, - {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE), - "sslv3 alert bad certificate"}, - {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC), - "sslv3 alert bad record mac"}, - {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED), - "sslv3 alert certificate expired"}, - {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED), - "sslv3 alert certificate revoked"}, - {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN), - "sslv3 alert certificate unknown"}, - {ERR_REASON(SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE), - "sslv3 alert decompression failure"}, - {ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE), - "sslv3 alert handshake failure"}, - {ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER), - "sslv3 alert illegal parameter"}, - {ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE), - "sslv3 alert no certificate"}, - {ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE), - "sslv3 alert unexpected message"}, - {ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE), - "sslv3 alert unsupported certificate"}, - {ERR_REASON(SSL_R_SSL_COMMAND_SECTION_EMPTY), - "ssl command section empty"}, - {ERR_REASON(SSL_R_SSL_COMMAND_SECTION_NOT_FOUND), - "ssl command section not found"}, - {ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION), - "ssl ctx has no default ssl version"}, - {ERR_REASON(SSL_R_SSL_HANDSHAKE_FAILURE), "ssl handshake failure"}, - {ERR_REASON(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS), - "ssl library has no ciphers"}, - {ERR_REASON(SSL_R_SSL_NEGATIVE_LENGTH), "ssl negative length"}, - {ERR_REASON(SSL_R_SSL_SECTION_EMPTY), "ssl section empty"}, - {ERR_REASON(SSL_R_SSL_SECTION_NOT_FOUND), "ssl section not found"}, - {ERR_REASON(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED), - "ssl session id callback failed"}, - {ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT), "ssl session id conflict"}, - {ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG), - "ssl session id context too long"}, - {ERR_REASON(SSL_R_SSL_SESSION_ID_TOO_LONG), - "ssl session id too long"}, - {ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH), - "ssl session id has bad length"}, - {ERR_REASON(SSL_R_SSL_SESSION_VERSION_MISMATCH), - "ssl session version mismatch"}, - {ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED), - "tlsv1 alert access denied"}, - {ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR), "tlsv1 alert decode error"}, - {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED), - "tlsv1 alert decryption failed"}, - {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR), - "tlsv1 alert decrypt error"}, - {ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION), - "tlsv1 alert export restriction"}, - {ERR_REASON(SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK), - "tlsv1 alert inappropriate fallback"}, - {ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY), - "tlsv1 alert insufficient security"}, - {ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR), - "tlsv1 alert internal error"}, - {ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION), - "tlsv1 alert no renegotiation"}, - {ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION), - "tlsv1 alert protocol version"}, - {ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW), - "tlsv1 alert record overflow"}, - {ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA), "tlsv1 alert unknown ca"}, - {ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED), - "tlsv1 alert user cancelled"}, - {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE), - "tlsv1 bad certificate hash value"}, - {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE), - "tlsv1 bad certificate status response"}, - {ERR_REASON(SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE), - "tlsv1 certificate unobtainable"}, - {ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME), "tlsv1 unrecognized name"}, - {ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION), - "tlsv1 unsupported extension"}, - {ERR_REASON(SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT), - "peer does not accept heartbeats"}, - {ERR_REASON(SSL_R_TLS_HEARTBEAT_PENDING), - "heartbeat request already pending"}, - {ERR_REASON(SSL_R_TLS_ILLEGAL_EXPORTER_LABEL), - "tls illegal exporter label"}, - {ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST), - "tls invalid ecpointformat list"}, - {ERR_REASON(SSL_R_TOO_MANY_WARN_ALERTS), "too many warn alerts"}, - {ERR_REASON(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS), - "unable to find ecdh parameters"}, - {ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS), - "unable to find public key parameters"}, - {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES), - "unable to load ssl3 md5 routines"}, - {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES), - "unable to load ssl3 sha1 routines"}, - {ERR_REASON(SSL_R_UNEXPECTED_MESSAGE), "unexpected message"}, - {ERR_REASON(SSL_R_UNEXPECTED_RECORD), "unexpected record"}, - {ERR_REASON(SSL_R_UNINITIALIZED), "uninitialized"}, - {ERR_REASON(SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"}, - {ERR_REASON(SSL_R_UNKNOWN_CERTIFICATE_TYPE), "unknown certificate type"}, - {ERR_REASON(SSL_R_UNKNOWN_CIPHER_RETURNED), "unknown cipher returned"}, - {ERR_REASON(SSL_R_UNKNOWN_CIPHER_TYPE), "unknown cipher type"}, - {ERR_REASON(SSL_R_UNKNOWN_CMD_NAME), "unknown cmd name"}, - {ERR_REASON(SSL_R_UNKNOWN_COMMAND), "unknown command"}, - {ERR_REASON(SSL_R_UNKNOWN_DIGEST), "unknown digest"}, - {ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE), - "unknown key exchange type"}, - {ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE), "unknown pkey type"}, - {ERR_REASON(SSL_R_UNKNOWN_PROTOCOL), "unknown protocol"}, - {ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION), "unknown ssl version"}, - {ERR_REASON(SSL_R_UNKNOWN_STATE), "unknown state"}, - {ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED), - "unsafe legacy renegotiation disabled"}, - {ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM), - "unsupported compression algorithm"}, - {ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE), - "unsupported elliptic curve"}, - {ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL), "unsupported protocol"}, - {ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION), "unsupported ssl version"}, - {ERR_REASON(SSL_R_UNSUPPORTED_STATUS_TYPE), "unsupported status type"}, - {ERR_REASON(SSL_R_USE_SRTP_NOT_NEGOTIATED), "use srtp not negotiated"}, - {ERR_REASON(SSL_R_VERSION_TOO_HIGH), "version too high"}, - {ERR_REASON(SSL_R_VERSION_TOO_LOW), "version too low"}, - {ERR_REASON(SSL_R_WRONG_CERTIFICATE_TYPE), "wrong certificate type"}, - {ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED), "wrong cipher returned"}, - {ERR_REASON(SSL_R_WRONG_CURVE), "wrong curve"}, - {ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"}, - {ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE), "wrong signature size"}, - {ERR_REASON(SSL_R_WRONG_SIGNATURE_TYPE), "wrong signature type"}, - {ERR_REASON(SSL_R_WRONG_SSL_VERSION), "wrong ssl version"}, - {ERR_REASON(SSL_R_WRONG_VERSION_NUMBER), "wrong version number"}, - {ERR_REASON(SSL_R_X509_LIB), "x509 lib"}, - {ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS), - "x509 verification setup problems"}, +static const ERR_STRING_DATA SSL_str_reasons[] = { + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY), + "application data after close notify"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_APP_DATA_IN_HANDSHAKE), + "app data in handshake"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT), + "attempt to reuse session in different context"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE), + "at least TLS 1.0 needed in FIPS mode"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE), + "at least (D)TLS 1.2 needed in Suite B mode"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_CHANGE_CIPHER_SPEC), + "bad change cipher spec"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_CIPHER), "bad cipher"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DATA), "bad data"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DATA_RETURNED_BY_CALLBACK), + "bad data returned by callback"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DECOMPRESSION), "bad decompression"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DH_VALUE), "bad dh value"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DIGEST_LENGTH), "bad digest length"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_EARLY_DATA), "bad early data"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_ECC_CERT), "bad ecc cert"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_ECPOINT), "bad ecpoint"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_EXTENSION), "bad extension"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HANDSHAKE_LENGTH), + "bad handshake length"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HANDSHAKE_STATE), + "bad handshake state"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HELLO_REQUEST), "bad hello request"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HRR_VERSION), "bad hrr version"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_KEY_SHARE), "bad key share"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_KEY_UPDATE), "bad key update"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_LEGACY_VERSION), "bad legacy version"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_LENGTH), "bad length"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PACKET), "bad packet"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PACKET_LENGTH), "bad packet length"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PROTOCOL_VERSION_NUMBER), + "bad protocol version number"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PSK), "bad psk"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PSK_IDENTITY), "bad psk identity"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_RECORD_TYPE), "bad record type"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_RSA_ENCRYPT), "bad rsa encrypt"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SIGNATURE), "bad signature"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SRP_A_LENGTH), "bad srp a length"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SRP_PARAMETERS), "bad srp parameters"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SRTP_MKI_VALUE), "bad srtp mki value"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST), + "bad srtp protection profile list"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SSL_FILETYPE), "bad ssl filetype"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_VALUE), "bad value"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_WRITE_RETRY), "bad write retry"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BINDER_DOES_NOT_VERIFY), + "binder does not verify"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BIO_NOT_SET), "bio not set"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG), + "block cipher pad is wrong"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BN_LIB), "bn lib"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CALLBACK_FAILED), "callback failed"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CANNOT_CHANGE_CIPHER), + "cannot change cipher"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CA_DN_LENGTH_MISMATCH), + "ca dn length mismatch"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CA_KEY_TOO_SMALL), "ca key too small"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CA_MD_TOO_WEAK), "ca md too weak"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CCS_RECEIVED_EARLY), "ccs received early"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CERTIFICATE_VERIFY_FAILED), + "certificate verify failed"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CERT_CB_ERROR), "cert cb error"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CERT_LENGTH_MISMATCH), + "cert length mismatch"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED), + "ciphersuite digest has changed"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CIPHER_CODE_WRONG_LENGTH), + "cipher code wrong length"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CIPHER_OR_HASH_UNAVAILABLE), + "cipher or hash unavailable"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CLIENTHELLO_TLSEXT), "clienthello tlsext"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSED_LENGTH_TOO_LONG), + "compressed length too long"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSION_DISABLED), + "compression disabled"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSION_FAILURE), + "compression failure"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE), + "compression id not within private range"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSION_LIBRARY_ERROR), + "compression library error"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CONNECTION_TYPE_NOT_SET), + "connection type not set"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CONTEXT_NOT_DANE_ENABLED), + "context not dane enabled"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COOKIE_GEN_CALLBACK_FAILURE), + "cookie gen callback failure"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COOKIE_MISMATCH), "cookie mismatch"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED), + "custom ext handler already installed"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_ALREADY_ENABLED), + "dane already enabled"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL), + "dane cannot override mtype full"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_NOT_ENABLED), "dane not enabled"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_CERTIFICATE), + "dane tlsa bad certificate"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE), + "dane tlsa bad certificate usage"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_DATA_LENGTH), + "dane tlsa bad data length"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH), + "dane tlsa bad digest length"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_MATCHING_TYPE), + "dane tlsa bad matching type"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY), + "dane tlsa bad public key"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_SELECTOR), + "dane tlsa bad selector"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_NULL_DATA), + "dane tlsa null data"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED), + "data between ccs and finished"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DATA_LENGTH_TOO_LONG), + "data length too long"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DECRYPTION_FAILED), "decryption failed"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC), + "decryption failed or bad record mac"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DH_KEY_TOO_SMALL), "dh key too small"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG), + "dh public value length is wrong"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DIGEST_CHECK_FAILED), + "digest check failed"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DTLS_MESSAGE_TOO_BIG), + "dtls message too big"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DUPLICATE_COMPRESSION_ID), + "duplicate compression id"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ECC_CERT_NOT_FOR_SIGNING), + "ecc cert not for signing"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE), + "ecdh required for suiteb mode"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EE_KEY_TOO_SMALL), "ee key too small"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST), + "empty srtp protection profile list"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ENCRYPTED_LENGTH_TOO_LONG), + "encrypted length too long"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST), + "error in received cipher list"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN), + "error setting tlsa base domain"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE), + "exceeds max fragment size"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EXCESSIVE_MESSAGE_SIZE), + "excessive message size"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EXTENSION_NOT_RECEIVED), + "extension not received"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EXTRA_DATA_IN_MESSAGE), + "extra data in message"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EXT_LENGTH_MISMATCH), + "ext length mismatch"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_FAILED_TO_INIT_ASYNC), + "failed to init async"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_FRAGMENTED_CLIENT_HELLO), + "fragmented client hello"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_GOT_A_FIN_BEFORE_A_CCS), + "got a fin before a ccs"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_HTTPS_PROXY_REQUEST), + "https proxy request"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_HTTP_REQUEST), "http request"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ILLEGAL_POINT_COMPRESSION), + "illegal point compression"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ILLEGAL_SUITEB_DIGEST), + "illegal Suite B digest"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INAPPROPRIATE_FALLBACK), + "inappropriate fallback"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INCONSISTENT_COMPRESSION), + "inconsistent compression"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INCONSISTENT_EARLY_DATA_ALPN), + "inconsistent early data alpn"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INCONSISTENT_EARLY_DATA_SNI), + "inconsistent early data sni"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INCONSISTENT_EXTMS), "inconsistent extms"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INSUFFICIENT_SECURITY), + "insufficient security"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_ALERT), "invalid alert"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CCS_MESSAGE), + "invalid ccs message"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CERTIFICATE_OR_ALG), + "invalid certificate or alg"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_COMMAND), "invalid command"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_COMPRESSION_ALGORITHM), + "invalid compression algorithm"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CONFIG), "invalid config"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CONFIGURATION_NAME), + "invalid configuration name"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CONTEXT), "invalid context"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CT_VALIDATION_TYPE), + "invalid ct validation type"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_KEY_UPDATE_TYPE), + "invalid key update type"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_MAX_EARLY_DATA), + "invalid max early data"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_NULL_CMD_NAME), + "invalid null cmd name"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_SEQUENCE_NUMBER), + "invalid sequence number"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_SERVERINFO_DATA), + "invalid serverinfo data"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_SESSION_ID), "invalid session id"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_SRP_USERNAME), + "invalid srp username"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_STATUS_RESPONSE), + "invalid status response"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_TICKET_KEYS_LENGTH), + "invalid ticket keys length"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LENGTH_MISMATCH), "length mismatch"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LENGTH_TOO_LONG), "length too long"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LENGTH_TOO_SHORT), "length too short"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LIBRARY_BUG), "library bug"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LIBRARY_HAS_NO_CIPHERS), + "library has no ciphers"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_DSA_SIGNING_CERT), + "missing dsa signing cert"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_ECDSA_SIGNING_CERT), + "missing ecdsa signing cert"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_FATAL), "missing fatal"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_PARAMETERS), "missing parameters"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_CERTIFICATE), + "missing rsa certificate"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_ENCRYPTING_CERT), + "missing rsa encrypting cert"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_SIGNING_CERT), + "missing rsa signing cert"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_SIGALGS_EXTENSION), + "missing sigalgs extension"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_SIGNING_CERT), + "missing signing cert"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_SRP_PARAM), + "can't find SRP server param"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION), + "missing supported groups extension"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_TMP_DH_KEY), "missing tmp dh key"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_TMP_ECDH_KEY), + "missing tmp ecdh key"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_ON_RECORD_BOUNDARY), + "not on record boundary"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_REPLACING_CERTIFICATE), + "not replacing certificate"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_SERVER), "not server"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_APPLICATION_PROTOCOL), + "no application protocol"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CERTIFICATES_RETURNED), + "no certificates returned"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CERTIFICATE_ASSIGNED), + "no certificate assigned"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CERTIFICATE_SET), "no certificate set"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CHANGE_FOLLOWING_HRR), + "no change following hrr"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CIPHERS_AVAILABLE), + "no ciphers available"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CIPHERS_SPECIFIED), + "no ciphers specified"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CIPHER_MATCH), "no cipher match"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CLIENT_CERT_METHOD), + "no client cert method"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_COMPRESSION_SPECIFIED), + "no compression specified"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_COOKIE_CALLBACK_SET), + "no cookie callback set"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER), + "Peer haven't sent GOST certificate, required for selected ciphersuite"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_METHOD_SPECIFIED), + "no method specified"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_PEM_EXTENSIONS), "no pem extensions"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_PRIVATE_KEY_ASSIGNED), + "no private key assigned"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_PROTOCOLS_AVAILABLE), + "no protocols available"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_RENEGOTIATION), "no renegotiation"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_REQUIRED_DIGEST), "no required digest"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SHARED_CIPHER), "no shared cipher"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SHARED_GROUPS), "no shared groups"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS), + "no shared signature algorithms"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SRTP_PROFILES), "no srtp profiles"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SUITABLE_KEY_SHARE), + "no suitable key share"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM), + "no suitable signature algorithm"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_VALID_SCTS), "no valid scts"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_VERIFY_COOKIE_CALLBACK), + "no verify cookie callback"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_CTX), "null ssl ctx"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_METHOD_PASSED), + "null ssl method passed"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED), + "old session cipher not returned"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED), + "old session compression algorithm not returned"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OVERFLOW_ERROR), "overflow error"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PACKET_LENGTH_TOO_LONG), + "packet length too long"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PARSE_TLSEXT), "parse tlsext"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PATH_TOO_LONG), "path too long"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE), + "peer did not return a certificate"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PEM_NAME_BAD_PREFIX), + "pem name bad prefix"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PEM_NAME_TOO_SHORT), "pem name too short"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PIPELINE_FAILURE), "pipeline failure"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_POST_HANDSHAKE_AUTH_ENCODING_ERR), + "post handshake auth encoding err"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PRIVATE_KEY_MISMATCH), + "private key mismatch"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PROTOCOL_IS_SHUTDOWN), + "protocol is shutdown"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PSK_IDENTITY_NOT_FOUND), + "psk identity not found"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PSK_NO_CLIENT_CB), "psk no client cb"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PSK_NO_SERVER_CB), "psk no server cb"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_READ_BIO_NOT_SET), "read bio not set"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_READ_TIMEOUT_EXPIRED), + "read timeout expired"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RECORD_LENGTH_MISMATCH), + "record length mismatch"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RECORD_TOO_SMALL), "record too small"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RENEGOTIATE_EXT_TOO_LONG), + "renegotiate ext too long"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RENEGOTIATION_ENCODING_ERR), + "renegotiation encoding err"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RENEGOTIATION_MISMATCH), + "renegotiation mismatch"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_REQUEST_PENDING), "request pending"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_REQUEST_SENT), "request sent"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_REQUIRED_CIPHER_MISSING), + "required cipher missing"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING), + "required compression algorithm missing"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING), + "scsv received when renegotiating"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SCT_VERIFICATION_FAILED), + "sct verification failed"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SERVERHELLO_TLSEXT), "serverhello tlsext"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED), + "session id context uninitialized"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SHUTDOWN_WHILE_IN_INIT), + "shutdown while in init"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SIGNATURE_ALGORITHMS_ERROR), + "signature algorithms error"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE), + "signature for non signing certificate"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SRP_A_CALC), "error with the srp params"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES), + "srtp could not allocate profiles"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG), + "srtp protection profile list too long"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE), + "srtp unknown protection profile"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH), + "ssl3 ext invalid max fragment length"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_EXT_INVALID_SERVERNAME), + "ssl3 ext invalid servername"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE), + "ssl3 ext invalid servername type"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_SESSION_ID_TOO_LONG), + "ssl3 session id too long"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_BAD_CERTIFICATE), + "sslv3 alert bad certificate"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_BAD_RECORD_MAC), + "sslv3 alert bad record mac"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED), + "sslv3 alert certificate expired"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED), + "sslv3 alert certificate revoked"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN), + "sslv3 alert certificate unknown"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE), + "sslv3 alert decompression failure"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE), + "sslv3 alert handshake failure"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER), + "sslv3 alert illegal parameter"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_NO_CERTIFICATE), + "sslv3 alert no certificate"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE), + "sslv3 alert unexpected message"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE), + "sslv3 alert unsupported certificate"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_COMMAND_SECTION_EMPTY), + "ssl command section empty"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_COMMAND_SECTION_NOT_FOUND), + "ssl command section not found"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION), + "ssl ctx has no default ssl version"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_HANDSHAKE_FAILURE), + "ssl handshake failure"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS), + "ssl library has no ciphers"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_NEGATIVE_LENGTH), + "ssl negative length"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SECTION_EMPTY), "ssl section empty"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SECTION_NOT_FOUND), + "ssl section not found"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_CALLBACK_FAILED), + "ssl session id callback failed"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_CONFLICT), + "ssl session id conflict"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG), + "ssl session id context too long"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH), + "ssl session id has bad length"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_TOO_LONG), + "ssl session id too long"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_VERSION_MISMATCH), + "ssl session version mismatch"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_STILL_IN_INIT), "still in init"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED), + "tlsv13 alert certificate required"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV13_ALERT_MISSING_EXTENSION), + "tlsv13 alert missing extension"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_ACCESS_DENIED), + "tlsv1 alert access denied"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_DECODE_ERROR), + "tlsv1 alert decode error"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_DECRYPTION_FAILED), + "tlsv1 alert decryption failed"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_DECRYPT_ERROR), + "tlsv1 alert decrypt error"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION), + "tlsv1 alert export restriction"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK), + "tlsv1 alert inappropriate fallback"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY), + "tlsv1 alert insufficient security"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_INTERNAL_ERROR), + "tlsv1 alert internal error"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_NO_RENEGOTIATION), + "tlsv1 alert no renegotiation"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_PROTOCOL_VERSION), + "tlsv1 alert protocol version"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_RECORD_OVERFLOW), + "tlsv1 alert record overflow"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_UNKNOWN_CA), + "tlsv1 alert unknown ca"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_USER_CANCELLED), + "tlsv1 alert user cancelled"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE), + "tlsv1 bad certificate hash value"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE), + "tlsv1 bad certificate status response"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE), + "tlsv1 certificate unobtainable"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_UNRECOGNIZED_NAME), + "tlsv1 unrecognized name"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_UNSUPPORTED_EXTENSION), + "tlsv1 unsupported extension"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT), + "peer does not accept heartbeats"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_HEARTBEAT_PENDING), + "heartbeat request already pending"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL), + "tls illegal exporter label"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST), + "tls invalid ecpointformat list"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TOO_MANY_KEY_UPDATES), + "too many key updates"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TOO_MANY_WARN_ALERTS), + "too many warn alerts"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TOO_MUCH_EARLY_DATA), + "too much early data"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS), + "unable to find ecdh parameters"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS), + "unable to find public key parameters"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES), + "unable to load ssl3 md5 routines"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES), + "unable to load ssl3 sha1 routines"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_CCS_MESSAGE), + "unexpected ccs message"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_END_OF_EARLY_DATA), + "unexpected end of early data"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_MESSAGE), "unexpected message"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_RECORD), "unexpected record"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_CERTIFICATE_TYPE), + "unknown certificate type"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_CIPHER_RETURNED), + "unknown cipher returned"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_CIPHER_TYPE), + "unknown cipher type"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_CMD_NAME), "unknown cmd name"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_COMMAND), "unknown command"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_DIGEST), "unknown digest"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE), + "unknown key exchange type"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_PKEY_TYPE), "unknown pkey type"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_PROTOCOL), "unknown protocol"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_SSL_VERSION), + "unknown ssl version"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_STATE), "unknown state"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED), + "unsafe legacy renegotiation disabled"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSOLICITED_EXTENSION), + "unsolicited extension"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM), + "unsupported compression algorithm"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_ELLIPTIC_CURVE), + "unsupported elliptic curve"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_PROTOCOL), + "unsupported protocol"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_SSL_VERSION), + "unsupported ssl version"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_STATUS_TYPE), + "unsupported status type"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_USE_SRTP_NOT_NEGOTIATED), + "use srtp not negotiated"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_VERSION_TOO_HIGH), "version too high"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_VERSION_TOO_LOW), "version too low"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_CERTIFICATE_TYPE), + "wrong certificate type"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_CIPHER_RETURNED), + "wrong cipher returned"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_CURVE), "wrong curve"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_SIGNATURE_LENGTH), + "wrong signature length"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_SIGNATURE_SIZE), + "wrong signature size"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_SIGNATURE_TYPE), + "wrong signature type"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_SSL_VERSION), "wrong ssl version"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_VERSION_NUMBER), + "wrong version number"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_X509_LIB), "x509 lib"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS), + "x509 verification setup problems"}, {0, NULL} }; @@ -679,10 +1266,9 @@ static ERR_STRING_DATA SSL_str_reasons[] = { int ERR_load_SSL_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(SSL_str_functs[0].error) == NULL) { - ERR_load_strings(0, SSL_str_functs); - ERR_load_strings(0, SSL_str_reasons); + ERR_load_strings_const(SSL_str_functs); + ERR_load_strings_const(SSL_str_reasons); } #endif return 1; diff --git a/deps/openssl/openssl/ssl/ssl_init.c b/deps/openssl/openssl/ssl/ssl_init.c index dc16e39bf34167..c0ccb9304a636c 100644 --- a/deps/openssl/openssl/ssl/ssl_init.c +++ b/deps/openssl/openssl/ssl/ssl_init.c @@ -12,8 +12,6 @@ #include "internal/err.h" #include #include -#include -#include #include "ssl_locl.h" #include "internal/thread_once.h" @@ -61,6 +59,10 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base) EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1()); EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256()); EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256()); +#ifndef OPENSSL_NO_ARIA + EVP_add_cipher(EVP_aria_128_gcm()); + EVP_add_cipher(EVP_aria_256_gcm()); +#endif #ifndef OPENSSL_NO_CAMELLIA EVP_add_cipher(EVP_camellia_128_cbc()); EVP_add_cipher(EVP_camellia_256_cbc()); @@ -97,13 +99,13 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base) SSL_COMP_get_compression_methods(); #endif /* initialize cipher/digest methods table */ - ssl_load_ciphers(); + if (!ssl_load_ciphers()) + return 0; #ifdef OPENSSL_INIT_DEBUG fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " "SSL_add_ssl_module()\n"); #endif - SSL_add_ssl_module(); /* * We ignore an error return here. Not much we can do - but not that bad * either. We can still safely continue. @@ -193,6 +195,9 @@ int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS * settings) } if (!OPENSSL_init_crypto(opts +#ifndef OPENSSL_NO_AUTOLOAD_CONFIG + | OPENSSL_INIT_LOAD_CONFIG +#endif | OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS, settings)) diff --git a/deps/openssl/openssl/ssl/ssl_lib.c b/deps/openssl/openssl/ssl/ssl_lib.c index 2002c1712f688d..61a0ea2cc974b2 100644 --- a/deps/openssl/openssl/ssl/ssl_lib.c +++ b/deps/openssl/openssl/ssl/ssl_lib.c @@ -1,5 +1,7 @@ /* * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * Copyright 2005 Nokia. All rights reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,55 +9,23 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECC cipher suite support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - -#include #include #include "ssl_locl.h" #include -#include #include #include +#include #include #include #include #include #include +#include "internal/cryptlib.h" +#include "internal/refcount.h" const char SSL_version_str[] = OPENSSL_VERSION_TEXT; -static int ssl_undefined_function_1(SSL *ssl, SSL3_RECORD *r, unsigned int s, - int t) +static int ssl_undefined_function_1(SSL *ssl, SSL3_RECORD *r, size_t s, int t) { (void)r; (void)s; @@ -73,11 +43,12 @@ static int ssl_undefined_function_2(SSL *ssl, SSL3_RECORD *r, unsigned char *s, } static int ssl_undefined_function_3(SSL *ssl, unsigned char *r, - unsigned char *s, int t) + unsigned char *s, size_t t, size_t *u) { (void)r; (void)s; (void)t; + (void)u; return ssl_undefined_function(ssl); } @@ -87,8 +58,8 @@ static int ssl_undefined_function_4(SSL *ssl, int r) return ssl_undefined_function(ssl); } -static int ssl_undefined_function_5(SSL *ssl, const char *r, int s, - unsigned char *t) +static size_t ssl_undefined_function_5(SSL *ssl, const char *r, size_t s, + unsigned char *t) { (void)r; (void)s; @@ -123,7 +94,6 @@ SSL3_ENC_METHOD ssl3_undef_enc_method = { ssl_undefined_function_3, ssl_undefined_function_4, ssl_undefined_function_5, - 0, /* finish_mac_length */ NULL, /* client_finished_label */ 0, /* client_finished_label_len */ NULL, /* server_finished_label */ @@ -135,11 +105,11 @@ SSL3_ENC_METHOD ssl3_undef_enc_method = { struct ssl_async_args { SSL *s; void *buf; - int num; + size_t num; enum { READFUNC, WRITEFUNC, OTHERFUNC } type; union { - int (*func_read) (SSL *, void *, int); - int (*func_write) (SSL *, const void *, int); + int (*func_read) (SSL *, void *, size_t, size_t *); + int (*func_write) (SSL *, const void *, size_t, size_t *); int (*func_other) (SSL *); } f; }; @@ -244,17 +214,17 @@ static int ssl_dane_dup(SSL *to, SSL *from) if (!DANETLS_ENABLED(&from->dane)) return 1; + num = sk_danetls_record_num(from->dane.trecs); dane_final(&to->dane); to->dane.flags = from->dane.flags; to->dane.dctx = &to->ctx->dane; - to->dane.trecs = sk_danetls_record_new_null(); + to->dane.trecs = sk_danetls_record_new_reserve(NULL, num); if (to->dane.trecs == NULL) { SSLerr(SSL_F_SSL_DANE_DUP, ERR_R_MALLOC_FAILURE); return 0; } - num = sk_danetls_record_num(from->dane.trecs); for (i = 0; i < num; ++i) { danetls_record *t = sk_danetls_record_value(from->dane.trecs, i); @@ -373,14 +343,14 @@ static int dane_tlsa_add(SSL_DANE *dane, t->usage = usage; t->selector = selector; t->mtype = mtype; - t->data = OPENSSL_malloc(ilen); + t->data = OPENSSL_malloc(dlen); if (t->data == NULL) { tlsa_free(t); SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE); return -1; } - memcpy(t->data, data, ilen); - t->dlen = ilen; + memcpy(t->data, data, dlen); + t->dlen = dlen; /* Validate and cache full certificate or public key */ if (mtype == DANETLS_MATCHING_FULL) { @@ -390,7 +360,7 @@ static int dane_tlsa_add(SSL_DANE *dane, switch (selector) { case DANETLS_SELECTOR_CERT: - if (!d2i_X509(&cert, &p, dlen) || p < data || + if (!d2i_X509(&cert, &p, ilen) || p < data || dlen != (size_t)(p - data)) { tlsa_free(t); SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE); @@ -425,7 +395,7 @@ static int dane_tlsa_add(SSL_DANE *dane, break; case DANETLS_SELECTOR_SPKI: - if (!d2i_PUBKEY(&pkey, &p, dlen) || p < data || + if (!d2i_PUBKEY(&pkey, &p, ilen) || p < data || dlen != (size_t)(p - data)) { tlsa_free(t); SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY); @@ -523,8 +493,8 @@ static int ssl_check_allowed_versions(int min_version, int max_version) if (min_version == DTLS1_VERSION) min_version = DTLS1_2_VERSION; #endif - /* Done massaging versions; do the check. */ - if (0 + /* Done massaging versions; do the check. */ + if (0 #ifdef OPENSSL_NO_DTLS1 || (DTLS_VERSION_GE(min_version, DTLS1_VERSION) && DTLS_VERSION_GE(DTLS1_VERSION, max_version)) @@ -537,36 +507,44 @@ static int ssl_check_allowed_versions(int min_version, int max_version) return 0; } else { /* Regular TLS version checks. */ - if (min_version == 0) - min_version = SSL3_VERSION; - if (max_version == 0) - max_version = TLS1_2_VERSION; + if (min_version == 0) + min_version = SSL3_VERSION; + if (max_version == 0) + max_version = TLS1_3_VERSION; +#ifdef OPENSSL_NO_TLS1_3 + if (max_version == TLS1_3_VERSION) + max_version = TLS1_2_VERSION; +#endif #ifdef OPENSSL_NO_TLS1_2 - if (max_version == TLS1_2_VERSION) - max_version = TLS1_1_VERSION; + if (max_version == TLS1_2_VERSION) + max_version = TLS1_1_VERSION; #endif #ifdef OPENSSL_NO_TLS1_1 - if (max_version == TLS1_1_VERSION) - max_version = TLS1_VERSION; + if (max_version == TLS1_1_VERSION) + max_version = TLS1_VERSION; #endif #ifdef OPENSSL_NO_TLS1 - if (max_version == TLS1_VERSION) - max_version = SSL3_VERSION; + if (max_version == TLS1_VERSION) + max_version = SSL3_VERSION; #endif #ifdef OPENSSL_NO_SSL3 - if (min_version == SSL3_VERSION) - min_version = TLS1_VERSION; + if (min_version == SSL3_VERSION) + min_version = TLS1_VERSION; #endif #ifdef OPENSSL_NO_TLS1 - if (min_version == TLS1_VERSION) - min_version = TLS1_1_VERSION; + if (min_version == TLS1_VERSION) + min_version = TLS1_1_VERSION; #endif #ifdef OPENSSL_NO_TLS1_1 - if (min_version == TLS1_1_VERSION) - min_version = TLS1_2_VERSION; + if (min_version == TLS1_1_VERSION) + min_version = TLS1_2_VERSION; +#endif +#ifdef OPENSSL_NO_TLS1_2 + if (min_version == TLS1_2_VERSION) + min_version = TLS1_3_VERSION; #endif - /* Done massaging versions; do the check. */ - if (0 + /* Done massaging versions; do the check. */ + if (0 #ifdef OPENSSL_NO_SSL3 || (min_version <= SSL3_VERSION && SSL3_VERSION <= max_version) #endif @@ -578,6 +556,9 @@ static int ssl_check_allowed_versions(int min_version, int max_version) #endif #ifdef OPENSSL_NO_TLS1_2 || (min_version <= TLS1_2_VERSION && TLS1_2_VERSION <= max_version) +#endif +#ifdef OPENSSL_NO_TLS1_3 + || (min_version <= TLS1_3_VERSION && TLS1_3_VERSION <= max_version) #endif ) return 0; @@ -597,13 +578,20 @@ int SSL_clear(SSL *s) { if (s->method == NULL) { SSLerr(SSL_F_SSL_CLEAR, SSL_R_NO_METHOD_SPECIFIED); - return (0); + return 0; } if (ssl_clear_bad_session(s)) { SSL_SESSION_free(s->session); s->session = NULL; } + SSL_SESSION_free(s->psksession); + s->psksession = NULL; + OPENSSL_free(s->psksession_id); + s->psksession_id = NULL; + s->psksession_id_len = 0; + s->hello_retry_request = 0; + s->sent_tickets = 0; s->error = 0; s->hit = 0; @@ -625,6 +613,11 @@ int SSL_clear(SSL *s) clear_ciphers(s); s->first_packet = 0; + s->key_update = SSL_KEY_UPDATE_NONE; + + EVP_MD_CTX_free(s->pha_dgst); + s->pha_dgst = NULL; + /* Reset DANE verification result state */ s->dane.mdpth = -1; s->dane.pdpth = -1; @@ -637,20 +630,21 @@ int SSL_clear(SSL *s) /* * Check to see if we were changed into a different method, if so, revert - * back if we are not doing session-id reuse. + * back. */ - if (!ossl_statem_get_in_handshake(s) && (s->session == NULL) - && (s->method != s->ctx->method)) { + if (s->method != s->ctx->method) { s->method->ssl_free(s); s->method = s->ctx->method; if (!s->method->ssl_new(s)) - return (0); - } else - s->method->ssl_clear(s); + return 0; + } else { + if (!s->method->ssl_clear(s)) + return 0; + } RECORD_LAYER_clear(&s->rlayer); - return (1); + return 1; } /** Used to change an SSL_CTXs default SSL method type */ @@ -660,14 +654,20 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) ctx->method = meth; - sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list), + if (!SSL_CTX_set_ciphersuites(ctx, TLS_DEFAULT_CIPHERSUITES)) { + SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); + return 0; + } + sk = ssl_create_cipher_list(ctx->method, + ctx->tls13_ciphersuites, + &(ctx->cipher_list), &(ctx->cipher_list_by_id), SSL_DEFAULT_CIPHER_LIST, ctx->cert); if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); - return (0); + return 0; } - return (1); + return 1; } SSL *SSL_new(SSL_CTX *ctx) @@ -676,22 +676,23 @@ SSL *SSL_new(SSL_CTX *ctx) if (ctx == NULL) { SSLerr(SSL_F_SSL_NEW, SSL_R_NULL_SSL_CTX); - return (NULL); + return NULL; } if (ctx->method == NULL) { SSLerr(SSL_F_SSL_NEW, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION); - return (NULL); + return NULL; } s = OPENSSL_zalloc(sizeof(*s)); if (s == NULL) goto err; + s->references = 1; s->lock = CRYPTO_THREAD_lock_new(); if (s->lock == NULL) { - SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE); OPENSSL_free(s); - return NULL; + s = NULL; + goto err; } RECORD_LAYER_init(&s->rlayer, s); @@ -702,7 +703,15 @@ SSL *SSL_new(SSL_CTX *ctx) s->max_proto_version = ctx->max_proto_version; s->mode = ctx->mode; s->max_cert_list = ctx->max_cert_list; - s->references = 1; + s->max_early_data = ctx->max_early_data; + s->recv_max_early_data = ctx->recv_max_early_data; + s->num_tickets = ctx->num_tickets; + s->pha_enabled = ctx->pha_enabled; + + /* Shallow copy of the ciphersuites stack */ + s->tls13_ciphersuites = sk_SSL_CIPHER_dup(ctx->tls13_ciphersuites); + if (s->tls13_ciphersuites == NULL) + goto err; /* * Earlier library versions used to copy the pointer to the CERT, not @@ -722,8 +731,12 @@ SSL *SSL_new(SSL_CTX *ctx) s->msg_callback_arg = ctx->msg_callback_arg; s->verify_mode = ctx->verify_mode; s->not_resumable_session_cb = ctx->not_resumable_session_cb; + s->record_padding_cb = ctx->record_padding_cb; + s->record_padding_arg = ctx->record_padding_arg; + s->block_padding = ctx->block_padding; s->sid_ctx_length = ctx->sid_ctx_length; - OPENSSL_assert(s->sid_ctx_length <= sizeof(s->sid_ctx)); + if (!ossl_assert(s->sid_ctx_length <= sizeof(s->sid_ctx))) + goto err; memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx)); s->verify_callback = ctx->default_verify_callback; s->generate_session_id = ctx->generate_session_id; @@ -733,6 +746,8 @@ SSL *SSL_new(SSL_CTX *ctx) goto err; X509_VERIFY_PARAM_inherit(s->param, ctx->param); s->quiet_shutdown = ctx->quiet_shutdown; + + s->ext.max_fragment_len_mode = ctx->ext.max_fragment_len_mode; s->max_send_fragment = ctx->max_send_fragment; s->split_send_fragment = ctx->split_send_fragment; s->max_pipelines = ctx->max_pipelines; @@ -743,49 +758,47 @@ SSL *SSL_new(SSL_CTX *ctx) SSL_CTX_up_ref(ctx); s->ctx = ctx; - s->tlsext_debug_cb = 0; - s->tlsext_debug_arg = NULL; - s->tlsext_ticket_expected = 0; - s->tlsext_status_type = ctx->tlsext_status_type; - s->tlsext_status_expected = 0; - s->tlsext_ocsp_ids = NULL; - s->tlsext_ocsp_exts = NULL; - s->tlsext_ocsp_resp = NULL; - s->tlsext_ocsp_resplen = -1; + s->ext.debug_cb = 0; + s->ext.debug_arg = NULL; + s->ext.ticket_expected = 0; + s->ext.status_type = ctx->ext.status_type; + s->ext.status_expected = 0; + s->ext.ocsp.ids = NULL; + s->ext.ocsp.exts = NULL; + s->ext.ocsp.resp = NULL; + s->ext.ocsp.resp_len = 0; SSL_CTX_up_ref(ctx); s->session_ctx = ctx; #ifndef OPENSSL_NO_EC - if (ctx->tlsext_ecpointformatlist) { - s->tlsext_ecpointformatlist = - OPENSSL_memdup(ctx->tlsext_ecpointformatlist, - ctx->tlsext_ecpointformatlist_length); - if (!s->tlsext_ecpointformatlist) + if (ctx->ext.ecpointformats) { + s->ext.ecpointformats = + OPENSSL_memdup(ctx->ext.ecpointformats, + ctx->ext.ecpointformats_len); + if (!s->ext.ecpointformats) goto err; - s->tlsext_ecpointformatlist_length = - ctx->tlsext_ecpointformatlist_length; - } - if (ctx->tlsext_ellipticcurvelist) { - s->tlsext_ellipticcurvelist = - OPENSSL_memdup(ctx->tlsext_ellipticcurvelist, - ctx->tlsext_ellipticcurvelist_length); - if (!s->tlsext_ellipticcurvelist) + s->ext.ecpointformats_len = + ctx->ext.ecpointformats_len; + } + if (ctx->ext.supportedgroups) { + s->ext.supportedgroups = + OPENSSL_memdup(ctx->ext.supportedgroups, + ctx->ext.supportedgroups_len + * sizeof(*ctx->ext.supportedgroups)); + if (!s->ext.supportedgroups) goto err; - s->tlsext_ellipticcurvelist_length = - ctx->tlsext_ellipticcurvelist_length; + s->ext.supportedgroups_len = ctx->ext.supportedgroups_len; } #endif #ifndef OPENSSL_NO_NEXTPROTONEG - s->next_proto_negotiated = NULL; + s->ext.npn = NULL; #endif - if (s->ctx->alpn_client_proto_list) { - s->alpn_client_proto_list = - OPENSSL_malloc(s->ctx->alpn_client_proto_list_len); - if (s->alpn_client_proto_list == NULL) + if (s->ctx->ext.alpn) { + s->ext.alpn = OPENSSL_malloc(s->ctx->ext.alpn_len); + if (s->ext.alpn == NULL) goto err; - memcpy(s->alpn_client_proto_list, s->ctx->alpn_client_proto_list, - s->ctx->alpn_client_proto_list_len); - s->alpn_client_proto_list_len = s->ctx->alpn_client_proto_list_len; + memcpy(s->ext.alpn, s->ctx->ext.alpn, s->ctx->ext.alpn_len); + s->ext.alpn_len = s->ctx->ext.alpn_len; } s->verified_chain = NULL; @@ -796,6 +809,11 @@ SSL *SSL_new(SSL_CTX *ctx) s->method = ctx->method; + s->key_update = SSL_KEY_UPDATE_NONE; + + s->allow_early_data_cb = ctx->allow_early_data_cb; + s->allow_early_data_cb_data = ctx->allow_early_data_cb_data; + if (!s->method->ssl_new(s)) goto err; @@ -811,6 +829,8 @@ SSL *SSL_new(SSL_CTX *ctx) s->psk_client_callback = ctx->psk_client_callback; s->psk_server_callback = ctx->psk_server_callback; #endif + s->psk_find_session_cb = ctx->psk_find_session_cb; + s->psk_use_session_cb = ctx->psk_use_session_cb; s->job = NULL; @@ -836,7 +856,7 @@ int SSL_up_ref(SSL *s) { int i; - if (CRYPTO_atomic_add(&s->references, 1, &i, s->lock) <= 0) + if (CRYPTO_UP_REF(&s->references, &i, s->lock) <= 0) return 0; REF_PRINT_COUNT("SSL", s); @@ -992,7 +1012,7 @@ int SSL_dane_enable(SSL *s, const char *basedomain) * accepts them and disables host name checks. To avoid side-effects with * invalid input, set the SNI name first. */ - if (s->tlsext_hostname == NULL) { + if (s->ext.hostname == NULL) { if (!SSL_set_tlsext_host_name(s, basedomain)) { SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN); return -1; @@ -1118,8 +1138,7 @@ void SSL_free(SSL *s) if (s == NULL) return; - - CRYPTO_atomic_add(&s->references, -1, &i, s->lock); + CRYPTO_DOWN_REF(&s->references, &i, s->lock); REF_PRINT_COUNT("SSL", s); if (i > 0) return; @@ -1129,6 +1148,7 @@ void SSL_free(SSL *s) dane_final(&s->dane); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); + /* Ignore return value */ ssl_free_wbio_buffer(s); BIO_free_all(s->wbio); @@ -1139,36 +1159,44 @@ void SSL_free(SSL *s) /* add extra stuff */ sk_SSL_CIPHER_free(s->cipher_list); sk_SSL_CIPHER_free(s->cipher_list_by_id); + sk_SSL_CIPHER_free(s->tls13_ciphersuites); /* Make the next call work :-) */ if (s->session != NULL) { ssl_clear_bad_session(s); SSL_SESSION_free(s->session); } + SSL_SESSION_free(s->psksession); + OPENSSL_free(s->psksession_id); clear_ciphers(s); ssl_cert_free(s->cert); /* Free up if allocated */ - OPENSSL_free(s->tlsext_hostname); + OPENSSL_free(s->ext.hostname); SSL_CTX_free(s->session_ctx); #ifndef OPENSSL_NO_EC - OPENSSL_free(s->tlsext_ecpointformatlist); - OPENSSL_free(s->tlsext_ellipticcurvelist); + OPENSSL_free(s->ext.ecpointformats); + OPENSSL_free(s->ext.supportedgroups); #endif /* OPENSSL_NO_EC */ - sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free); + sk_X509_EXTENSION_pop_free(s->ext.ocsp.exts, X509_EXTENSION_free); #ifndef OPENSSL_NO_OCSP - sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); + sk_OCSP_RESPID_pop_free(s->ext.ocsp.ids, OCSP_RESPID_free); #endif #ifndef OPENSSL_NO_CT SCT_LIST_free(s->scts); - OPENSSL_free(s->tlsext_scts); + OPENSSL_free(s->ext.scts); #endif - OPENSSL_free(s->tlsext_ocsp_resp); - OPENSSL_free(s->alpn_client_proto_list); + OPENSSL_free(s->ext.ocsp.resp); + OPENSSL_free(s->ext.alpn); + OPENSSL_free(s->ext.tls13_cookie); + OPENSSL_free(s->clienthello); + OPENSSL_free(s->pha_context); + EVP_MD_CTX_free(s->pha_dgst); - sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free); + sk_X509_NAME_pop_free(s->ca_names, X509_NAME_free); + sk_X509_NAME_pop_free(s->client_ca_names, X509_NAME_free); sk_X509_pop_free(s->verified_chain, X509_free); @@ -1182,7 +1210,7 @@ void SSL_free(SSL *s) ASYNC_WAIT_CTX_free(s->waitctx); #if !defined(OPENSSL_NO_NEXTPROTONEG) - OPENSSL_free(s->next_proto_negotiated); + OPENSSL_free(s->ext.npn); #endif #ifndef OPENSSL_NO_SRTP @@ -1287,7 +1315,7 @@ int SSL_get_rfd(const SSL *s) r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); if (r != NULL) BIO_get_fd(r, &ret); - return (ret); + return ret; } int SSL_get_wfd(const SSL *s) @@ -1299,7 +1327,7 @@ int SSL_get_wfd(const SSL *s) r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); if (r != NULL) BIO_get_fd(r, &ret); - return (ret); + return ret; } #ifndef OPENSSL_NO_SOCK @@ -1318,7 +1346,7 @@ int SSL_set_fd(SSL *s, int fd) SSL_set_bio(s, bio, bio); ret = 1; err: - return (ret); + return ret; } int SSL_set_wfd(SSL *s, int fd) @@ -1395,7 +1423,7 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count) int SSL_get_verify_mode(const SSL *s) { - return (s->verify_mode); + return s->verify_mode; } int SSL_get_verify_depth(const SSL *s) @@ -1404,12 +1432,12 @@ int SSL_get_verify_depth(const SSL *s) } int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *) { - return (s->verify_callback); + return s->verify_callback; } int SSL_CTX_get_verify_mode(const SSL_CTX *ctx) { - return (ctx->verify_mode); + return ctx->verify_mode; } int SSL_CTX_get_verify_depth(const SSL_CTX *ctx) @@ -1418,7 +1446,7 @@ int SSL_CTX_get_verify_depth(const SSL_CTX *ctx) } int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int, X509_STORE_CTX *) { - return (ctx->default_verify_callback); + return ctx->default_verify_callback; } void SSL_set_verify(SSL *s, int mode, @@ -1446,14 +1474,19 @@ int SSL_get_read_ahead(const SSL *s) int SSL_pending(const SSL *s) { + size_t pending = s->method->ssl_pending(s); + /* * SSL_pending cannot work properly if read-ahead is enabled * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), and it is * impossible to fix since SSL_pending cannot report errors that may be * observed while scanning the new data. (Note that SSL_pending() is * often used as a boolean value, so we'd better not return -1.) + * + * SSL_pending also cannot work properly if the value >INT_MAX. In that case + * we just return INT_MAX. */ - return (s->method->ssl_pending(s)); + return pending < INT_MAX ? (int)pending : INT_MAX; } int SSL_has_pending(const SSL *s) @@ -1482,11 +1515,11 @@ X509 *SSL_get_peer_certificate(const SSL *s) r = s->session->peer; if (r == NULL) - return (r); + return r; X509_up_ref(r); - return (r); + return r; } STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s) @@ -1503,7 +1536,7 @@ STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s) * we are a server, it does not. */ - return (r); + return r; } /* @@ -1528,10 +1561,10 @@ int SSL_copy_session_id(SSL *t, const SSL *f) return 0; } - CRYPTO_atomic_add(&f->cert->references, 1, &i, f->cert->lock); + CRYPTO_UP_REF(&f->cert->references, &i, f->cert->lock); ssl_cert_free(t->cert); t->cert = f->cert; - if (!SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length)) { + if (!SSL_set_session_id_context(t, f->sid_ctx, (int)f->sid_ctx_length)) { return 0; } @@ -1543,14 +1576,14 @@ int SSL_CTX_check_private_key(const SSL_CTX *ctx) { if ((ctx == NULL) || (ctx->cert->key->x509 == NULL)) { SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); - return (0); + return 0; } if (ctx->cert->key->privatekey == NULL) { SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED); - return (0); + return 0; } - return (X509_check_private_key - (ctx->cert->key->x509, ctx->cert->key->privatekey)); + return X509_check_private_key + (ctx->cert->key->x509, ctx->cert->key->privatekey); } /* Fix this function so that it takes an optional type parameter */ @@ -1558,18 +1591,18 @@ int SSL_check_private_key(const SSL *ssl) { if (ssl == NULL) { SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, ERR_R_PASSED_NULL_PARAMETER); - return (0); + return 0; } if (ssl->cert->key->x509 == NULL) { SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); - return (0); + return 0; } if (ssl->cert->key->privatekey == NULL) { SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED); - return (0); + return 0; } - return (X509_check_private_key(ssl->cert->key->x509, - ssl->cert->key->privatekey)); + return X509_check_private_key(ssl->cert->key->x509, + ssl->cert->key->privatekey); } int SSL_waiting_for_async(SSL *s) @@ -1622,7 +1655,7 @@ int SSL_connect(SSL *s) long SSL_get_default_timeout(const SSL *s) { - return (s->method->get_timeout()); + return s->method->get_timeout(); } static int ssl_start_async_job(SSL *s, struct ssl_async_args *args, @@ -1662,7 +1695,7 @@ static int ssl_io_intern(void *vargs) struct ssl_async_args *args; SSL *s; void *buf; - int num; + size_t num; args = (struct ssl_async_args *)vargs; s = args->s; @@ -1670,29 +1703,41 @@ static int ssl_io_intern(void *vargs) num = args->num; switch (args->type) { case READFUNC: - return args->f.func_read(s, buf, num); + return args->f.func_read(s, buf, num, &s->asyncrw); case WRITEFUNC: - return args->f.func_write(s, buf, num); + return args->f.func_write(s, buf, num, &s->asyncrw); case OTHERFUNC: return args->f.func_other(s); } return -1; } -int SSL_read(SSL *s, void *buf, int num) +int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes) { if (s->handshake_func == NULL) { - SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED); + SSLerr(SSL_F_SSL_READ_INTERNAL, SSL_R_UNINITIALIZED); return -1; } if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { s->rwstate = SSL_NOTHING; - return (0); + return 0; } + if (s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY + || s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY) { + SSLerr(SSL_F_SSL_READ_INTERNAL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + /* + * If we are a client and haven't received the ServerHello etc then we + * better do that + */ + ossl_statem_check_finish_init(s, 0); + if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { struct ssl_async_args args; + int ret; args.s = s; args.buf = buf; @@ -1700,24 +1745,118 @@ int SSL_read(SSL *s, void *buf, int num) args.type = READFUNC; args.f.func_read = s->method->ssl_read; - return ssl_start_async_job(s, &args, ssl_io_intern); + ret = ssl_start_async_job(s, &args, ssl_io_intern); + *readbytes = s->asyncrw; + return ret; } else { - return s->method->ssl_read(s, buf, num); + return s->method->ssl_read(s, buf, num, readbytes); } } -int SSL_peek(SSL *s, void *buf, int num) +int SSL_read(SSL *s, void *buf, int num) +{ + int ret; + size_t readbytes; + + if (num < 0) { + SSLerr(SSL_F_SSL_READ, SSL_R_BAD_LENGTH); + return -1; + } + + ret = ssl_read_internal(s, buf, (size_t)num, &readbytes); + + /* + * The cast is safe here because ret should be <= INT_MAX because num is + * <= INT_MAX + */ + if (ret > 0) + ret = (int)readbytes; + + return ret; +} + +int SSL_read_ex(SSL *s, void *buf, size_t num, size_t *readbytes) +{ + int ret = ssl_read_internal(s, buf, num, readbytes); + + if (ret < 0) + ret = 0; + return ret; +} + +int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes) +{ + int ret; + + if (!s->server) { + SSLerr(SSL_F_SSL_READ_EARLY_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return SSL_READ_EARLY_DATA_ERROR; + } + + switch (s->early_data_state) { + case SSL_EARLY_DATA_NONE: + if (!SSL_in_before(s)) { + SSLerr(SSL_F_SSL_READ_EARLY_DATA, + ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return SSL_READ_EARLY_DATA_ERROR; + } + /* fall through */ + + case SSL_EARLY_DATA_ACCEPT_RETRY: + s->early_data_state = SSL_EARLY_DATA_ACCEPTING; + ret = SSL_accept(s); + if (ret <= 0) { + /* NBIO or error */ + s->early_data_state = SSL_EARLY_DATA_ACCEPT_RETRY; + return SSL_READ_EARLY_DATA_ERROR; + } + /* fall through */ + + case SSL_EARLY_DATA_READ_RETRY: + if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) { + s->early_data_state = SSL_EARLY_DATA_READING; + ret = SSL_read_ex(s, buf, num, readbytes); + /* + * State machine will update early_data_state to + * SSL_EARLY_DATA_FINISHED_READING if we get an EndOfEarlyData + * message + */ + if (ret > 0 || (ret <= 0 && s->early_data_state + != SSL_EARLY_DATA_FINISHED_READING)) { + s->early_data_state = SSL_EARLY_DATA_READ_RETRY; + return ret > 0 ? SSL_READ_EARLY_DATA_SUCCESS + : SSL_READ_EARLY_DATA_ERROR; + } + } else { + s->early_data_state = SSL_EARLY_DATA_FINISHED_READING; + } + *readbytes = 0; + return SSL_READ_EARLY_DATA_FINISH; + + default: + SSLerr(SSL_F_SSL_READ_EARLY_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return SSL_READ_EARLY_DATA_ERROR; + } +} + +int SSL_get_early_data_status(const SSL *s) +{ + return s->ext.early_data; +} + +static int ssl_peek_internal(SSL *s, void *buf, size_t num, size_t *readbytes) { if (s->handshake_func == NULL) { - SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED); + SSLerr(SSL_F_SSL_PEEK_INTERNAL, SSL_R_UNINITIALIZED); return -1; } if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { - return (0); + return 0; } if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { struct ssl_async_args args; + int ret; args.s = s; args.buf = buf; @@ -1725,26 +1864,70 @@ int SSL_peek(SSL *s, void *buf, int num) args.type = READFUNC; args.f.func_read = s->method->ssl_peek; - return ssl_start_async_job(s, &args, ssl_io_intern); + ret = ssl_start_async_job(s, &args, ssl_io_intern); + *readbytes = s->asyncrw; + return ret; } else { - return s->method->ssl_peek(s, buf, num); + return s->method->ssl_peek(s, buf, num, readbytes); } } -int SSL_write(SSL *s, const void *buf, int num) +int SSL_peek(SSL *s, void *buf, int num) +{ + int ret; + size_t readbytes; + + if (num < 0) { + SSLerr(SSL_F_SSL_PEEK, SSL_R_BAD_LENGTH); + return -1; + } + + ret = ssl_peek_internal(s, buf, (size_t)num, &readbytes); + + /* + * The cast is safe here because ret should be <= INT_MAX because num is + * <= INT_MAX + */ + if (ret > 0) + ret = (int)readbytes; + + return ret; +} + + +int SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *readbytes) +{ + int ret = ssl_peek_internal(s, buf, num, readbytes); + + if (ret < 0) + ret = 0; + return ret; +} + +int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written) { if (s->handshake_func == NULL) { - SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED); + SSLerr(SSL_F_SSL_WRITE_INTERNAL, SSL_R_UNINITIALIZED); return -1; } if (s->shutdown & SSL_SENT_SHUTDOWN) { s->rwstate = SSL_NOTHING; - SSLerr(SSL_F_SSL_WRITE, SSL_R_PROTOCOL_IS_SHUTDOWN); - return (-1); + SSLerr(SSL_F_SSL_WRITE_INTERNAL, SSL_R_PROTOCOL_IS_SHUTDOWN); + return -1; + } + + if (s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY + || s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY + || s->early_data_state == SSL_EARLY_DATA_READ_RETRY) { + SSLerr(SSL_F_SSL_WRITE_INTERNAL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; } + /* If we are a client and haven't sent the Finished we better do that */ + ossl_statem_check_finish_init(s, 1); if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { + int ret; struct ssl_async_args args; args.s = s; @@ -1753,9 +1936,114 @@ int SSL_write(SSL *s, const void *buf, int num) args.type = WRITEFUNC; args.f.func_write = s->method->ssl_write; - return ssl_start_async_job(s, &args, ssl_io_intern); + ret = ssl_start_async_job(s, &args, ssl_io_intern); + *written = s->asyncrw; + return ret; } else { - return s->method->ssl_write(s, buf, num); + return s->method->ssl_write(s, buf, num, written); + } +} + +int SSL_write(SSL *s, const void *buf, int num) +{ + int ret; + size_t written; + + if (num < 0) { + SSLerr(SSL_F_SSL_WRITE, SSL_R_BAD_LENGTH); + return -1; + } + + ret = ssl_write_internal(s, buf, (size_t)num, &written); + + /* + * The cast is safe here because ret should be <= INT_MAX because num is + * <= INT_MAX + */ + if (ret > 0) + ret = (int)written; + + return ret; +} + +int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written) +{ + int ret = ssl_write_internal(s, buf, num, written); + + if (ret < 0) + ret = 0; + return ret; +} + +int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written) +{ + int ret, early_data_state; + size_t writtmp; + uint32_t partialwrite; + + switch (s->early_data_state) { + case SSL_EARLY_DATA_NONE: + if (s->server + || !SSL_in_before(s) + || ((s->session == NULL || s->session->ext.max_early_data == 0) + && (s->psk_use_session_cb == NULL))) { + SSLerr(SSL_F_SSL_WRITE_EARLY_DATA, + ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + /* fall through */ + + case SSL_EARLY_DATA_CONNECT_RETRY: + s->early_data_state = SSL_EARLY_DATA_CONNECTING; + ret = SSL_connect(s); + if (ret <= 0) { + /* NBIO or error */ + s->early_data_state = SSL_EARLY_DATA_CONNECT_RETRY; + return 0; + } + /* fall through */ + + case SSL_EARLY_DATA_WRITE_RETRY: + s->early_data_state = SSL_EARLY_DATA_WRITING; + /* + * We disable partial write for early data because we don't keep track + * of how many bytes we've written between the SSL_write_ex() call and + * the flush if the flush needs to be retried) + */ + partialwrite = s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE; + s->mode &= ~SSL_MODE_ENABLE_PARTIAL_WRITE; + ret = SSL_write_ex(s, buf, num, &writtmp); + s->mode |= partialwrite; + if (!ret) { + s->early_data_state = SSL_EARLY_DATA_WRITE_RETRY; + return ret; + } + s->early_data_state = SSL_EARLY_DATA_WRITE_FLUSH; + /* fall through */ + + case SSL_EARLY_DATA_WRITE_FLUSH: + /* The buffering BIO is still in place so we need to flush it */ + if (statem_flush(s) != 1) + return 0; + *written = num; + s->early_data_state = SSL_EARLY_DATA_WRITE_RETRY; + return 1; + + case SSL_EARLY_DATA_FINISHED_READING: + case SSL_EARLY_DATA_READ_RETRY: + early_data_state = s->early_data_state; + /* We are a server writing to an unauthenticated client */ + s->early_data_state = SSL_EARLY_DATA_UNAUTH_WRITING; + ret = SSL_write_ex(s, buf, num, written); + /* The buffering BIO is still in place */ + if (ret) + (void)BIO_flush(s->wbio); + s->early_data_state = early_data_state; + return ret; + + default: + SSLerr(SSL_F_SSL_WRITE_EARLY_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; } } @@ -1791,34 +2079,73 @@ int SSL_shutdown(SSL *s) } } +int SSL_key_update(SSL *s, int updatetype) +{ + /* + * TODO(TLS1.3): How will applications know whether TLSv1.3 has been + * negotiated, and that it is appropriate to call SSL_key_update() instead + * of SSL_renegotiate(). + */ + if (!SSL_IS_TLS13(s)) { + SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_WRONG_SSL_VERSION); + return 0; + } + + if (updatetype != SSL_KEY_UPDATE_NOT_REQUESTED + && updatetype != SSL_KEY_UPDATE_REQUESTED) { + SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_INVALID_KEY_UPDATE_TYPE); + return 0; + } + + if (!SSL_is_init_finished(s)) { + SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_STILL_IN_INIT); + return 0; + } + + ossl_statem_set_in_init(s, 1); + s->key_update = updatetype; + return 1; +} + +int SSL_get_key_update_type(SSL *s) +{ + return s->key_update; +} + int SSL_renegotiate(SSL *s) { + if (SSL_IS_TLS13(s)) { + SSLerr(SSL_F_SSL_RENEGOTIATE, SSL_R_WRONG_SSL_VERSION); + return 0; + } + if ((s->options & SSL_OP_NO_RENEGOTIATION)) { SSLerr(SSL_F_SSL_RENEGOTIATE, SSL_R_NO_RENEGOTIATION); return 0; } - if (s->renegotiate == 0) - s->renegotiate = 1; - + s->renegotiate = 1; s->new_session = 1; - return (s->method->ssl_renegotiate(s)); + return s->method->ssl_renegotiate(s); } int SSL_renegotiate_abbreviated(SSL *s) { + if (SSL_IS_TLS13(s)) { + SSLerr(SSL_F_SSL_RENEGOTIATE_ABBREVIATED, SSL_R_WRONG_SSL_VERSION); + return 0; + } + if ((s->options & SSL_OP_NO_RENEGOTIATION)) { SSLerr(SSL_F_SSL_RENEGOTIATE_ABBREVIATED, SSL_R_NO_RENEGOTIATION); return 0; } - if (s->renegotiate == 0) - s->renegotiate = 1; - + s->renegotiate = 1; s->new_session = 0; - return (s->method->ssl_renegotiate(s)); + return s->method->ssl_renegotiate(s); } int SSL_renegotiate_pending(SSL *s) @@ -1836,11 +2163,11 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg) switch (cmd) { case SSL_CTRL_GET_READ_AHEAD: - return (RECORD_LAYER_get_read_ahead(&s->rlayer)); + return RECORD_LAYER_get_read_ahead(&s->rlayer); case SSL_CTRL_SET_READ_AHEAD: l = RECORD_LAYER_get_read_ahead(&s->rlayer); RECORD_LAYER_set_read_ahead(&s->rlayer, larg); - return (l); + return l; case SSL_CTRL_SET_MSG_CALLBACK_ARG: s->msg_callback_arg = parg; @@ -1851,11 +2178,13 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_CLEAR_MODE: return (s->mode &= ~larg); case SSL_CTRL_GET_MAX_CERT_LIST: - return (s->max_cert_list); + return (long)s->max_cert_list; case SSL_CTRL_SET_MAX_CERT_LIST: - l = s->max_cert_list; - s->max_cert_list = larg; - return (l); + if (larg < 0) + return 0; + l = (long)s->max_cert_list; + s->max_cert_list = (size_t)larg; + return l; case SSL_CTRL_SET_MAX_SEND_FRAGMENT: if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) return 0; @@ -1864,7 +2193,7 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg) s->split_send_fragment = s->max_send_fragment; return 1; case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT: - if ((unsigned int)larg > s->max_send_fragment || larg == 0) + if ((size_t)larg > s->max_send_fragment || larg == 0) return 0; s->split_send_fragment = larg; return 1; @@ -1914,7 +2243,7 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_GET_MAX_PROTO_VERSION: return s->max_proto_version; default: - return (s->method->ssl_ctrl(s, cmd, larg, parg)); + return s->method->ssl_ctrl(s, cmd, larg, parg); } } @@ -1929,7 +2258,7 @@ long SSL_callback_ctrl(SSL *s, int cmd, void (*fp) (void)) return 1; default: - return (s->method->ssl_callback_ctrl(s, cmd, fp)); + return s->method->ssl_callback_ctrl(s, cmd, fp); } } @@ -1945,8 +2274,8 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) if (ctx == NULL) { switch (cmd) { #ifndef OPENSSL_NO_EC - case SSL_CTRL_SET_CURVES_LIST: - return tls1_set_curves_list(NULL, NULL, parg); + case SSL_CTRL_SET_GROUPS_LIST: + return tls1_set_groups_list(NULL, NULL, parg); #endif case SSL_CTRL_SET_SIGALGS_LIST: case SSL_CTRL_SET_CLIENT_SIGALGS_LIST: @@ -1958,60 +2287,64 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) switch (cmd) { case SSL_CTRL_GET_READ_AHEAD: - return (ctx->read_ahead); + return ctx->read_ahead; case SSL_CTRL_SET_READ_AHEAD: l = ctx->read_ahead; ctx->read_ahead = larg; - return (l); + return l; case SSL_CTRL_SET_MSG_CALLBACK_ARG: ctx->msg_callback_arg = parg; return 1; case SSL_CTRL_GET_MAX_CERT_LIST: - return (ctx->max_cert_list); + return (long)ctx->max_cert_list; case SSL_CTRL_SET_MAX_CERT_LIST: - l = ctx->max_cert_list; - ctx->max_cert_list = larg; - return (l); + if (larg < 0) + return 0; + l = (long)ctx->max_cert_list; + ctx->max_cert_list = (size_t)larg; + return l; case SSL_CTRL_SET_SESS_CACHE_SIZE: - l = ctx->session_cache_size; - ctx->session_cache_size = larg; - return (l); + if (larg < 0) + return 0; + l = (long)ctx->session_cache_size; + ctx->session_cache_size = (size_t)larg; + return l; case SSL_CTRL_GET_SESS_CACHE_SIZE: - return (ctx->session_cache_size); + return (long)ctx->session_cache_size; case SSL_CTRL_SET_SESS_CACHE_MODE: l = ctx->session_cache_mode; ctx->session_cache_mode = larg; - return (l); + return l; case SSL_CTRL_GET_SESS_CACHE_MODE: - return (ctx->session_cache_mode); + return ctx->session_cache_mode; case SSL_CTRL_SESS_NUMBER: - return (lh_SSL_SESSION_num_items(ctx->sessions)); + return lh_SSL_SESSION_num_items(ctx->sessions); case SSL_CTRL_SESS_CONNECT: - return (ctx->stats.sess_connect); + return tsan_load(&ctx->stats.sess_connect); case SSL_CTRL_SESS_CONNECT_GOOD: - return (ctx->stats.sess_connect_good); + return tsan_load(&ctx->stats.sess_connect_good); case SSL_CTRL_SESS_CONNECT_RENEGOTIATE: - return (ctx->stats.sess_connect_renegotiate); + return tsan_load(&ctx->stats.sess_connect_renegotiate); case SSL_CTRL_SESS_ACCEPT: - return (ctx->stats.sess_accept); + return tsan_load(&ctx->stats.sess_accept); case SSL_CTRL_SESS_ACCEPT_GOOD: - return (ctx->stats.sess_accept_good); + return tsan_load(&ctx->stats.sess_accept_good); case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE: - return (ctx->stats.sess_accept_renegotiate); + return tsan_load(&ctx->stats.sess_accept_renegotiate); case SSL_CTRL_SESS_HIT: - return (ctx->stats.sess_hit); + return tsan_load(&ctx->stats.sess_hit); case SSL_CTRL_SESS_CB_HIT: - return (ctx->stats.sess_cb_hit); + return tsan_load(&ctx->stats.sess_cb_hit); case SSL_CTRL_SESS_MISSES: - return (ctx->stats.sess_miss); + return tsan_load(&ctx->stats.sess_miss); case SSL_CTRL_SESS_TIMEOUTS: - return (ctx->stats.sess_timeout); + return tsan_load(&ctx->stats.sess_timeout); case SSL_CTRL_SESS_CACHE_FULL: - return (ctx->stats.sess_cache_full); + return tsan_load(&ctx->stats.sess_cache_full); case SSL_CTRL_MODE: return (ctx->mode |= larg); case SSL_CTRL_CLEAR_MODE: @@ -2024,7 +2357,7 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) ctx->split_send_fragment = ctx->max_send_fragment; return 1; case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT: - if ((unsigned int)larg > ctx->max_send_fragment || larg == 0) + if ((size_t)larg > ctx->max_send_fragment || larg == 0) return 0; ctx->split_send_fragment = larg; return 1; @@ -2050,7 +2383,7 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) case SSL_CTRL_GET_MAX_PROTO_VERSION: return ctx->max_proto_version; default: - return (ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg)); + return ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg); } } @@ -2065,7 +2398,7 @@ long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) return 1; default: - return (ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp)); + return ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp); } } @@ -2094,12 +2427,12 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) { if (s != NULL) { if (s->cipher_list != NULL) { - return (s->cipher_list); + return s->cipher_list; } else if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL)) { - return (s->ctx->cipher_list); + return s->ctx->cipher_list; } } - return (NULL); + return NULL; } STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s) @@ -2113,10 +2446,12 @@ STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s) { STACK_OF(SSL_CIPHER) *sk = NULL, *ciphers; int i; + ciphers = SSL_get_ciphers(s); if (!ciphers) return NULL; - ssl_set_client_disabled(s); + if (!ssl_set_client_disabled(s)) + return NULL; for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { const SSL_CIPHER *c = sk_SSL_CIPHER_value(ciphers, i); if (!ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED, 0)) { @@ -2139,12 +2474,12 @@ STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s) { if (s != NULL) { if (s->cipher_list_by_id != NULL) { - return (s->cipher_list_by_id); + return s->cipher_list_by_id; } else if ((s->ctx != NULL) && (s->ctx->cipher_list_by_id != NULL)) { - return (s->ctx->cipher_list_by_id); + return s->ctx->cipher_list_by_id; } } - return (NULL); + return NULL; } /** The old interface to get the same thing as SSL_get_ciphers() */ @@ -2154,14 +2489,14 @@ const char *SSL_get_cipher_list(const SSL *s, int n) STACK_OF(SSL_CIPHER) *sk; if (s == NULL) - return (NULL); + return NULL; sk = SSL_get_ciphers(s); if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n)) - return (NULL); + return NULL; c = sk_SSL_CIPHER_value(sk, n); if (c == NULL) - return (NULL); - return (c->name); + return NULL; + return c->name; } /** return a STACK of the ciphers available for the SSL_CTX and in order of @@ -2178,8 +2513,9 @@ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) { STACK_OF(SSL_CIPHER) *sk; - sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list, - &ctx->cipher_list_by_id, str, ctx->cert); + sk = ssl_create_cipher_list(ctx->method, ctx->tls13_ciphersuites, + &ctx->cipher_list, &ctx->cipher_list_by_id, str, + ctx->cert); /* * ssl_create_cipher_list may return an empty stack if it was unable to * find a cipher matching the given rule string (for example if the rule @@ -2201,8 +2537,9 @@ int SSL_set_cipher_list(SSL *s, const char *str) { STACK_OF(SSL_CIPHER) *sk; - sk = ssl_create_cipher_list(s->ctx->method, &s->cipher_list, - &s->cipher_list_by_id, str, s->cert); + sk = ssl_create_cipher_list(s->ctx->method, s->tls13_ciphersuites, + &s->cipher_list, &s->cipher_list_by_id, str, + s->cert); /* see comment in SSL_CTX_set_cipher_list */ if (sk == NULL) return 0; @@ -2249,13 +2586,13 @@ char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size) *p = '\0'; return buf; } - memcpy(p, c->name, n + 1); + strcpy(p, c->name); p += n; *(p++) = ':'; size -= n + 1; } p[-1] = '\0'; - return (buf); + return buf; } /** return a servername extension value if provided in Client Hello, or NULL. @@ -2267,15 +2604,22 @@ const char *SSL_get_servername(const SSL *s, const int type) if (type != TLSEXT_NAMETYPE_host_name) return NULL; - return s->session && !s->tlsext_hostname ? - s->session->tlsext_hostname : s->tlsext_hostname; + /* + * SNI is not negotiated in pre-TLS-1.3 resumption flows, so fake up an + * SNI value to return if we are resuming/resumed. N.B. that we still + * call the relevant callbacks for such resumption flows, and callbacks + * might error out if there is not a SNI value available. + */ + if (s->hit) + return s->session->ext.hostname; + return s->ext.hostname; } int SSL_get_servername_type(const SSL *s) { if (s->session - && (!s->tlsext_hostname ? s->session-> - tlsext_hostname : s->tlsext_hostname)) + && (!s->ext.hostname ? s->session-> + ext.hostname : s->ext.hostname)) return TLSEXT_NAMETYPE_host_name; return -1; } @@ -2350,16 +2694,16 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigned *len) { - *data = s->next_proto_negotiated; + *data = s->ext.npn; if (!*data) { *len = 0; } else { - *len = s->next_proto_negotiated_len; + *len = (unsigned int)s->ext.npn_len; } } /* - * SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when + * SSL_CTX_set_npn_advertised_cb sets a callback that is called when * a TLS server needs a list of supported protocols for Next Protocol * Negotiation. The returned list must be in wire format. The list is * returned by setting |out| to point to it and |outlen| to its length. This @@ -2368,15 +2712,12 @@ void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, * wishes to advertise. Otherwise, no such extension will be included in the * ServerHello. */ -void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, - int (*cb) (SSL *ssl, - const unsigned char - **out, - unsigned int *outlen, - void *arg), void *arg) +void SSL_CTX_set_npn_advertised_cb(SSL_CTX *ctx, + SSL_CTX_npn_advertised_cb_func cb, + void *arg) { - ctx->next_protos_advertised_cb = cb; - ctx->next_protos_advertised_cb_arg = arg; + ctx->ext.npn_advertised_cb = cb; + ctx->ext.npn_advertised_cb_arg = arg; } /* @@ -2389,15 +2730,12 @@ void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, * select a protocol. It is fatal to the connection if this callback returns * a value other than SSL_TLSEXT_ERR_OK. */ -void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, - int (*cb) (SSL *s, unsigned char **out, - unsigned char *outlen, - const unsigned char *in, - unsigned int inlen, - void *arg), void *arg) +void SSL_CTX_set_npn_select_cb(SSL_CTX *ctx, + SSL_CTX_npn_select_cb_func cb, + void *arg) { - ctx->next_proto_select_cb = cb; - ctx->next_proto_select_cb_arg = arg; + ctx->ext.npn_select_cb = cb; + ctx->ext.npn_select_cb_arg = arg; } #endif @@ -2409,13 +2747,13 @@ void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, unsigned int protos_len) { - OPENSSL_free(ctx->alpn_client_proto_list); - ctx->alpn_client_proto_list = OPENSSL_memdup(protos, protos_len); - if (ctx->alpn_client_proto_list == NULL) { + OPENSSL_free(ctx->ext.alpn); + ctx->ext.alpn = OPENSSL_memdup(protos, protos_len); + if (ctx->ext.alpn == NULL) { SSLerr(SSL_F_SSL_CTX_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE); return 1; } - ctx->alpn_client_proto_list_len = protos_len; + ctx->ext.alpn_len = protos_len; return 0; } @@ -2428,13 +2766,13 @@ int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, unsigned int protos_len) { - OPENSSL_free(ssl->alpn_client_proto_list); - ssl->alpn_client_proto_list = OPENSSL_memdup(protos, protos_len); - if (ssl->alpn_client_proto_list == NULL) { + OPENSSL_free(ssl->ext.alpn); + ssl->ext.alpn = OPENSSL_memdup(protos, protos_len); + if (ssl->ext.alpn == NULL) { SSLerr(SSL_F_SSL_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE); return 1; } - ssl->alpn_client_proto_list_len = protos_len; + ssl->ext.alpn_len = protos_len; return 0; } @@ -2445,15 +2783,11 @@ int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, * from the client's list of offered protocols. */ void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, - int (*cb) (SSL *ssl, - const unsigned char **out, - unsigned char *outlen, - const unsigned char *in, - unsigned int inlen, - void *arg), void *arg) + SSL_CTX_alpn_select_cb_func cb, + void *arg) { - ctx->alpn_select_cb = cb; - ctx->alpn_select_cb_arg = arg; + ctx->ext.alpn_select_cb = cb; + ctx->ext.alpn_select_cb_arg = arg; } /* @@ -2471,7 +2805,7 @@ void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, if (*data == NULL) *len = 0; else - *len = ssl->s3->alpn_selected_len; + *len = (unsigned int)ssl->s3->alpn_selected_len; } int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, @@ -2487,6 +2821,18 @@ int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, contextlen, use_context); } +int SSL_export_keying_material_early(SSL *s, unsigned char *out, size_t olen, + const char *label, size_t llen, + const unsigned char *context, + size_t contextlen) +{ + if (s->version != TLS1_3_VERSION) + return 0; + + return tls13_export_keying_material_early(s, out, olen, label, llen, + context, contextlen); +} + static unsigned long ssl_session_hash(const SSL_SESSION *a) { const unsigned char *session_id = a->session_id; @@ -2504,7 +2850,7 @@ static unsigned long ssl_session_hash(const SSL_SESSION *a) ((unsigned long)session_id[1] << 8L) | ((unsigned long)session_id[2] << 16L) | ((unsigned long)session_id[3] << 24L); - return (l); + return l; } /* @@ -2517,10 +2863,10 @@ static unsigned long ssl_session_hash(const SSL_SESSION *a) static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) { if (a->ssl_version != b->ssl_version) - return (1); + return 1; if (a->session_id_length != b->session_id_length) - return (1); - return (memcmp(a->session_id, b->session_id, a->session_id_length)); + return 1; + return memcmp(a->session_id, b->session_id, a->session_id_length); } /* @@ -2536,17 +2882,12 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) if (meth == NULL) { SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_NULL_SSL_METHOD_PASSED); - return (NULL); + return NULL; } if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL)) return NULL; - if (FIPS_mode() && (meth->version < TLS1_VERSION)) { - SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE); - return NULL; - } - if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); goto err; @@ -2558,6 +2899,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) ret->method = meth; ret->min_proto_version = 0; ret->max_proto_version = 0; + ret->mode = SSL_MODE_AUTO_RETRY; ret->session_cache_mode = SSL_SESS_CACHE_SERVER; ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT; /* We take the system default. */ @@ -2585,7 +2927,12 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) if (ret->ctlog_store == NULL) goto err; #endif + + if (!SSL_CTX_set_ciphersuites(ret, TLS_DEFAULT_CIPHERSUITES)) + goto err; + if (!ssl_create_cipher_list(ret->method, + ret->tls13_ciphersuites, &ret->cipher_list, &ret->cipher_list_by_id, SSL_DEFAULT_CIPHER_LIST, ret->cert) || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { @@ -2606,12 +2953,18 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) goto err2; } - if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL) + if ((ret->ca_names = sk_X509_NAME_new_null()) == NULL) + goto err; + + if ((ret->client_ca_names = sk_X509_NAME_new_null()) == NULL) goto err; if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data)) goto err; + if ((ret->ext.secure = OPENSSL_secure_zalloc(sizeof(*ret->ext.secure))) == NULL) + goto err; + /* No compression for DTLS */ if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)) ret->comp_methods = SSL_COMP_get_compression_methods(); @@ -2620,14 +2973,18 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) ret->split_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; /* Setup RFC5077 ticket keys */ - if ((RAND_bytes(ret->tlsext_tick_key_name, - sizeof(ret->tlsext_tick_key_name)) <= 0) - || (RAND_bytes(ret->tlsext_tick_hmac_key, - sizeof(ret->tlsext_tick_hmac_key)) <= 0) - || (RAND_bytes(ret->tlsext_tick_aes_key, - sizeof(ret->tlsext_tick_aes_key)) <= 0)) + if ((RAND_bytes(ret->ext.tick_key_name, + sizeof(ret->ext.tick_key_name)) <= 0) + || (RAND_priv_bytes(ret->ext.secure->tick_hmac_key, + sizeof(ret->ext.secure->tick_hmac_key)) <= 0) + || (RAND_priv_bytes(ret->ext.secure->tick_aes_key, + sizeof(ret->ext.secure->tick_aes_key)) <= 0)) ret->options |= SSL_OP_NO_TICKET; + if (RAND_priv_bytes(ret->ext.cookie_hmac_key, + sizeof(ret->ext.cookie_hmac_key)) <= 0) + goto err; + #ifndef OPENSSL_NO_SRP if (!SSL_CTX_SRP_CTX_init(ret)) goto err; @@ -2659,11 +3016,46 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) * Disable compression by default to prevent CRIME. Applications can * re-enable compression by configuring * SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION); - * or by using the SSL_CONF library. + * or by using the SSL_CONF library. Similarly we also enable TLSv1.3 + * middlebox compatibility by default. This may be disabled by default in + * a later OpenSSL version. */ - ret->options |= SSL_OP_NO_COMPRESSION; + ret->options |= SSL_OP_NO_COMPRESSION | SSL_OP_ENABLE_MIDDLEBOX_COMPAT; - ret->tlsext_status_type = -1; + ret->ext.status_type = TLSEXT_STATUSTYPE_nothing; + + /* + * We cannot usefully set a default max_early_data here (which gets + * propagated in SSL_new(), for the following reason: setting the + * SSL field causes tls_construct_stoc_early_data() to tell the + * client that early data will be accepted when constructing a TLS 1.3 + * session ticket, and the client will accordingly send us early data + * when using that ticket (if the client has early data to send). + * However, in order for the early data to actually be consumed by + * the application, the application must also have calls to + * SSL_read_early_data(); otherwise we'll just skip past the early data + * and ignore it. So, since the application must add calls to + * SSL_read_early_data(), we also require them to add + * calls to SSL_CTX_set_max_early_data() in order to use early data, + * eliminating the bandwidth-wasting early data in the case described + * above. + */ + ret->max_early_data = 0; + + /* + * Default recv_max_early_data is a fully loaded single record. Could be + * split across multiple records in practice. We set this differently to + * max_early_data so that, in the default case, we do not advertise any + * support for early_data, but if a client were to send us some (e.g. + * because of an old, stale ticket) then we will tolerate it and skip over + * it. + */ + ret->recv_max_early_data = SSL3_RT_MAX_PLAIN_LENGTH; + + /* By default we send two session tickets automatically in TLSv1.3 */ + ret->num_tickets = 2; + + ssl_ctx_system_config(ret); return ret; err: @@ -2677,7 +3069,7 @@ int SSL_CTX_up_ref(SSL_CTX *ctx) { int i; - if (CRYPTO_atomic_add(&ctx->references, 1, &i, ctx->lock) <= 0) + if (CRYPTO_UP_REF(&ctx->references, &i, ctx->lock) <= 0) return 0; REF_PRINT_COUNT("SSL_CTX", ctx); @@ -2692,7 +3084,7 @@ void SSL_CTX_free(SSL_CTX *a) if (a == NULL) return; - CRYPTO_atomic_add(&a->references, -1, &i, a->lock); + CRYPTO_DOWN_REF(&a->references, &i, a->lock); REF_PRINT_COUNT("SSL_CTX", a); if (i > 0) return; @@ -2721,8 +3113,10 @@ void SSL_CTX_free(SSL_CTX *a) #endif sk_SSL_CIPHER_free(a->cipher_list); sk_SSL_CIPHER_free(a->cipher_list_by_id); + sk_SSL_CIPHER_free(a->tls13_ciphersuites); ssl_cert_free(a->cert); - sk_X509_NAME_pop_free(a->client_CA, X509_NAME_free); + sk_X509_NAME_pop_free(a->ca_names, X509_NAME_free); + sk_X509_NAME_pop_free(a->client_ca_names, X509_NAME_free); sk_X509_pop_free(a->extra_certs, X509_free); a->comp_methods = NULL; #ifndef OPENSSL_NO_SRTP @@ -2736,10 +3130,11 @@ void SSL_CTX_free(SSL_CTX *a) #endif #ifndef OPENSSL_NO_EC - OPENSSL_free(a->tlsext_ecpointformatlist); - OPENSSL_free(a->tlsext_ellipticcurvelist); + OPENSSL_free(a->ext.ecpointformats); + OPENSSL_free(a->ext.supportedgroups); #endif - OPENSSL_free(a->alpn_client_proto_list); + OPENSSL_free(a->ext.alpn); + OPENSSL_secure_free(a->ext.secure); CRYPTO_THREAD_lock_free(a->lock); @@ -2818,16 +3213,12 @@ void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg) void ssl_set_masks(SSL *s) { -#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_GOST) - CERT_PKEY *cpk; -#endif CERT *c = s->cert; uint32_t *pvalid = s->s3->tmp.valid_flags; int rsa_enc, rsa_sign, dh_tmp, dsa_sign; unsigned long mask_k, mask_a; #ifndef OPENSSL_NO_EC int have_ecc_cert, ecdsa_ok; - X509 *x = NULL; #endif if (c == NULL) return; @@ -2838,9 +3229,9 @@ void ssl_set_masks(SSL *s) dh_tmp = 0; #endif - rsa_enc = pvalid[SSL_PKEY_RSA_ENC] & CERT_PKEY_VALID; - rsa_sign = pvalid[SSL_PKEY_RSA_SIGN] & CERT_PKEY_SIGN; - dsa_sign = pvalid[SSL_PKEY_DSA_SIGN] & CERT_PKEY_SIGN; + rsa_enc = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID; + rsa_sign = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID; + dsa_sign = pvalid[SSL_PKEY_DSA_SIGN] & CERT_PKEY_VALID; #ifndef OPENSSL_NO_EC have_ecc_cert = pvalid[SSL_PKEY_ECC] & CERT_PKEY_VALID; #endif @@ -2853,18 +3244,15 @@ void ssl_set_masks(SSL *s) #endif #ifndef OPENSSL_NO_GOST - cpk = &(c->pkeys[SSL_PKEY_GOST12_512]); - if (cpk->x509 != NULL && cpk->privatekey != NULL) { + if (ssl_has_cert(s, SSL_PKEY_GOST12_512)) { mask_k |= SSL_kGOST; mask_a |= SSL_aGOST12; } - cpk = &(c->pkeys[SSL_PKEY_GOST12_256]); - if (cpk->x509 != NULL && cpk->privatekey != NULL) { + if (ssl_has_cert(s, SSL_PKEY_GOST12_256)) { mask_k |= SSL_kGOST; mask_a |= SSL_aGOST12; } - cpk = &(c->pkeys[SSL_PKEY_GOST01]); - if (cpk->x509 != NULL && cpk->privatekey != NULL) { + if (ssl_has_cert(s, SSL_PKEY_GOST01)) { mask_k |= SSL_kGOST; mask_a |= SSL_aGOST01; } @@ -2876,9 +3264,15 @@ void ssl_set_masks(SSL *s) if (dh_tmp) mask_k |= SSL_kDHE; - if (rsa_enc || rsa_sign) { + /* + * If we only have an RSA-PSS certificate allow RSA authentication + * if TLS 1.2 and peer supports it. + */ + + if (rsa_enc || rsa_sign || (ssl_has_cert(s, SSL_PKEY_RSA_PSS_SIGN) + && pvalid[SSL_PKEY_RSA_PSS_SIGN] & CERT_PKEY_EXPLICIT_SIGN + && TLS1_get_version(s) == TLS1_2_VERSION)) mask_a |= SSL_aRSA; - } if (dsa_sign) { mask_a |= SSL_aDSS; @@ -2893,15 +3287,24 @@ void ssl_set_masks(SSL *s) #ifndef OPENSSL_NO_EC if (have_ecc_cert) { uint32_t ex_kusage; - cpk = &c->pkeys[SSL_PKEY_ECC]; - x = cpk->x509; - ex_kusage = X509_get_key_usage(x); + ex_kusage = X509_get_key_usage(c->pkeys[SSL_PKEY_ECC].x509); ecdsa_ok = ex_kusage & X509v3_KU_DIGITAL_SIGNATURE; if (!(pvalid[SSL_PKEY_ECC] & CERT_PKEY_SIGN)) ecdsa_ok = 0; if (ecdsa_ok) mask_a |= SSL_aECDSA; } + /* Allow Ed25519 for TLS 1.2 if peer supports it */ + if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED25519) + && pvalid[SSL_PKEY_ED25519] & CERT_PKEY_EXPLICIT_SIGN + && TLS1_get_version(s) == TLS1_2_VERSION) + mask_a |= SSL_aECDSA; + + /* Allow Ed448 for TLS 1.2 if peer supports it */ + if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED448) + && pvalid[SSL_PKEY_ED448] & CERT_PKEY_EXPLICIT_SIGN + && TLS1_get_version(s) == TLS1_2_VERSION) + mask_a |= SSL_aECDSA; #endif #ifndef OPENSSL_NO_EC @@ -2940,93 +3343,17 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) #endif -static int ssl_get_server_cert_index(const SSL *s) -{ - int idx; - idx = ssl_cipher_get_cert_index(s->s3->tmp.new_cipher); - if (idx == SSL_PKEY_RSA_ENC && !s->cert->pkeys[SSL_PKEY_RSA_ENC].x509) - idx = SSL_PKEY_RSA_SIGN; - if (idx == SSL_PKEY_GOST_EC) { - if (s->cert->pkeys[SSL_PKEY_GOST12_512].x509) - idx = SSL_PKEY_GOST12_512; - else if (s->cert->pkeys[SSL_PKEY_GOST12_256].x509) - idx = SSL_PKEY_GOST12_256; - else if (s->cert->pkeys[SSL_PKEY_GOST01].x509) - idx = SSL_PKEY_GOST01; - else - idx = -1; - } - if (idx == -1) - SSLerr(SSL_F_SSL_GET_SERVER_CERT_INDEX, ERR_R_INTERNAL_ERROR); - return idx; -} - -CERT_PKEY *ssl_get_server_send_pkey(SSL *s) -{ - CERT *c; - int i; - - c = s->cert; - if (!s->s3 || !s->s3->tmp.new_cipher) - return NULL; - ssl_set_masks(s); - - i = ssl_get_server_cert_index(s); - - /* This may or may not be an error. */ - if (i < 0) - return NULL; - - /* May be NULL. */ - return &c->pkeys[i]; -} - -EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, - const EVP_MD **pmd) -{ - unsigned long alg_a; - CERT *c; - int idx = -1; - - alg_a = cipher->algorithm_auth; - c = s->cert; - - if ((alg_a & SSL_aDSS) && (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL)) - idx = SSL_PKEY_DSA_SIGN; - else if (alg_a & SSL_aRSA) { - if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL) - idx = SSL_PKEY_RSA_SIGN; - else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL) - idx = SSL_PKEY_RSA_ENC; - } else if ((alg_a & SSL_aECDSA) && - (c->pkeys[SSL_PKEY_ECC].privatekey != NULL)) - idx = SSL_PKEY_ECC; - if (idx == -1) { - SSLerr(SSL_F_SSL_GET_SIGN_PKEY, ERR_R_INTERNAL_ERROR); - return (NULL); - } - if (pmd) - *pmd = s->s3->tmp.md[idx]; - return c->pkeys[idx].privatekey; -} - int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo, size_t *serverinfo_length) { - CERT *c = NULL; - int i = 0; + CERT_PKEY *cpk = s->s3->tmp.cert; *serverinfo_length = 0; - c = s->cert; - i = ssl_get_server_cert_index(s); - - if (i == -1) - return 0; - if (c->pkeys[i].serverinfo == NULL) + if (cpk == NULL || cpk->serverinfo == NULL) return 0; - *serverinfo = c->pkeys[i].serverinfo; - *serverinfo_length = c->pkeys[i].serverinfo_length; + *serverinfo = cpk->serverinfo; + *serverinfo_length = cpk->serverinfo_length; return 1; } @@ -3055,22 +3382,49 @@ void ssl_update_cache(SSL *s, int mode) return; i = s->session_ctx->session_cache_mode; - if ((i & mode) && (!s->hit) - && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) - || SSL_CTX_add_session(s->session_ctx, s->session)) - && (s->session_ctx->new_session_cb != NULL)) { - SSL_SESSION_up_ref(s->session); - if (!s->session_ctx->new_session_cb(s, s->session)) - SSL_SESSION_free(s->session); + if ((i & mode) != 0 + && (!s->hit || SSL_IS_TLS13(s))) { + /* + * Add the session to the internal cache. In server side TLSv1.3 we + * normally don't do this because by default it's a full stateless ticket + * with only a dummy session id so there is no reason to cache it, + * unless: + * - we are doing early_data, in which case we cache so that we can + * detect replays + * - the application has set a remove_session_cb so needs to know about + * session timeout events + * - SSL_OP_NO_TICKET is set in which case it is a stateful ticket + */ + if ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0 + && (!SSL_IS_TLS13(s) + || !s->server + || (s->max_early_data > 0 + && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0) + || s->session_ctx->remove_session_cb != NULL + || (s->options & SSL_OP_NO_TICKET) != 0)) + SSL_CTX_add_session(s->session_ctx, s->session); + + /* + * Add the session to the external cache. We do this even in server side + * TLSv1.3 without early data because some applications just want to + * know about the creation of a session and aren't doing a full cache. + */ + if (s->session_ctx->new_session_cb != NULL) { + SSL_SESSION_up_ref(s->session); + if (!s->session_ctx->new_session_cb(s, s->session)) + SSL_SESSION_free(s->session); + } } /* auto flush every 255 connections */ if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && ((i & mode) == mode)) { - if ((((mode & SSL_SESS_CACHE_CLIENT) - ? s->session_ctx->stats.sess_connect_good - : s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) { + TSAN_QUALIFIER int *stat; + if (mode & SSL_SESS_CACHE_CLIENT) + stat = &s->session_ctx->stats.sess_connect_good; + else + stat = &s->session_ctx->stats.sess_accept_good; + if ((tsan_load(stat) & 0xff) == 0xff) SSL_CTX_flush_sessions(s->session_ctx, (unsigned long)time(NULL)); - } } } @@ -3081,7 +3435,7 @@ const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx) const SSL_METHOD *SSL_get_ssl_method(SSL *s) { - return (s->method); + return s->method; } int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth) @@ -3105,7 +3459,7 @@ int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth) else if (hf == sm->ssl_accept) s->handshake_func = meth->ssl_accept; } - return (ret); + return ret; } int SSL_get_error(const SSL *s, int i) @@ -3115,7 +3469,7 @@ int SSL_get_error(const SSL *s, int i) BIO *bio; if (i > 0) - return (SSL_ERROR_NONE); + return SSL_ERROR_NONE; /* * Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake etc, @@ -3123,78 +3477,71 @@ int SSL_get_error(const SSL *s, int i) */ if ((l = ERR_peek_error()) != 0) { if (ERR_GET_LIB(l) == ERR_LIB_SYS) - return (SSL_ERROR_SYSCALL); + return SSL_ERROR_SYSCALL; else - return (SSL_ERROR_SSL); - } - - if (i < 0) { - if (SSL_want_read(s)) { - bio = SSL_get_rbio(s); - if (BIO_should_read(bio)) - return (SSL_ERROR_WANT_READ); - else if (BIO_should_write(bio)) - /* - * This one doesn't make too much sense ... We never try to write - * to the rbio, and an application program where rbio and wbio - * are separate couldn't even know what it should wait for. - * However if we ever set s->rwstate incorrectly (so that we have - * SSL_want_read(s) instead of SSL_want_write(s)) and rbio and - * wbio *are* the same, this test works around that bug; so it - * might be safer to keep it. - */ - return (SSL_ERROR_WANT_WRITE); - else if (BIO_should_io_special(bio)) { - reason = BIO_get_retry_reason(bio); - if (reason == BIO_RR_CONNECT) - return (SSL_ERROR_WANT_CONNECT); - else if (reason == BIO_RR_ACCEPT) - return (SSL_ERROR_WANT_ACCEPT); - else - return (SSL_ERROR_SYSCALL); /* unknown */ - } - } + return SSL_ERROR_SSL; + } - if (SSL_want_write(s)) { + if (SSL_want_read(s)) { + bio = SSL_get_rbio(s); + if (BIO_should_read(bio)) + return SSL_ERROR_WANT_READ; + else if (BIO_should_write(bio)) /* - * Access wbio directly - in order to use the buffered bio if - * present + * This one doesn't make too much sense ... We never try to write + * to the rbio, and an application program where rbio and wbio + * are separate couldn't even know what it should wait for. + * However if we ever set s->rwstate incorrectly (so that we have + * SSL_want_read(s) instead of SSL_want_write(s)) and rbio and + * wbio *are* the same, this test works around that bug; so it + * might be safer to keep it. */ - bio = s->wbio; - if (BIO_should_write(bio)) - return (SSL_ERROR_WANT_WRITE); - else if (BIO_should_read(bio)) - /* - * See above (SSL_want_read(s) with BIO_should_write(bio)) - */ - return (SSL_ERROR_WANT_READ); - else if (BIO_should_io_special(bio)) { - reason = BIO_get_retry_reason(bio); - if (reason == BIO_RR_CONNECT) - return (SSL_ERROR_WANT_CONNECT); - else if (reason == BIO_RR_ACCEPT) - return (SSL_ERROR_WANT_ACCEPT); - else - return (SSL_ERROR_SYSCALL); - } - } - if (SSL_want_x509_lookup(s)) { - return (SSL_ERROR_WANT_X509_LOOKUP); - } - if (SSL_want_async(s)) { - return SSL_ERROR_WANT_ASYNC; - } - if (SSL_want_async_job(s)) { - return SSL_ERROR_WANT_ASYNC_JOB; + return SSL_ERROR_WANT_WRITE; + else if (BIO_should_io_special(bio)) { + reason = BIO_get_retry_reason(bio); + if (reason == BIO_RR_CONNECT) + return SSL_ERROR_WANT_CONNECT; + else if (reason == BIO_RR_ACCEPT) + return SSL_ERROR_WANT_ACCEPT; + else + return SSL_ERROR_SYSCALL; /* unknown */ } } - if (i == 0) { - if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && - (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) - return (SSL_ERROR_ZERO_RETURN); + if (SSL_want_write(s)) { + /* Access wbio directly - in order to use the buffered bio if present */ + bio = s->wbio; + if (BIO_should_write(bio)) + return SSL_ERROR_WANT_WRITE; + else if (BIO_should_read(bio)) + /* + * See above (SSL_want_read(s) with BIO_should_write(bio)) + */ + return SSL_ERROR_WANT_READ; + else if (BIO_should_io_special(bio)) { + reason = BIO_get_retry_reason(bio); + if (reason == BIO_RR_CONNECT) + return SSL_ERROR_WANT_CONNECT; + else if (reason == BIO_RR_ACCEPT) + return SSL_ERROR_WANT_ACCEPT; + else + return SSL_ERROR_SYSCALL; + } } - return (SSL_ERROR_SYSCALL); + if (SSL_want_x509_lookup(s)) + return SSL_ERROR_WANT_X509_LOOKUP; + if (SSL_want_async(s)) + return SSL_ERROR_WANT_ASYNC; + if (SSL_want_async_job(s)) + return SSL_ERROR_WANT_ASYNC_JOB; + if (SSL_want_client_hello_cb(s)) + return SSL_ERROR_WANT_CLIENT_HELLO_CB; + + if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && + (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) + return SSL_ERROR_ZERO_RETURN; + + return SSL_ERROR_SYSCALL; } static int ssl_do_handshake_intern(void *vargs) @@ -3217,7 +3564,9 @@ int SSL_do_handshake(SSL *s) return -1; } - s->method->ssl_renegotiate_check(s); + ossl_statem_check_finish_init(s, -1); + + s->method->ssl_renegotiate_check(s, 0); if (SSL_in_init(s) || SSL_in_before(s)) { if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { @@ -3254,45 +3603,58 @@ void SSL_set_connect_state(SSL *s) int ssl_undefined_function(SSL *s) { SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return (0); + return 0; } int ssl_undefined_void_function(void) { SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return (0); + return 0; } int ssl_undefined_const_function(const SSL *s) { - return (0); + return 0; } const SSL_METHOD *ssl_bad_method(int ver) { SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return (NULL); + return NULL; } const char *ssl_protocol_to_string(int version) { - if (version == TLS1_2_VERSION) + switch(version) + { + case TLS1_3_VERSION: + return "TLSv1.3"; + + case TLS1_2_VERSION: return "TLSv1.2"; - else if (version == TLS1_1_VERSION) + + case TLS1_1_VERSION: return "TLSv1.1"; - else if (version == TLS1_VERSION) + + case TLS1_VERSION: return "TLSv1"; - else if (version == SSL3_VERSION) + + case SSL3_VERSION: return "SSLv3"; - else if (version == DTLS1_BAD_VER) + + case DTLS1_BAD_VER: return "DTLSv0.9"; - else if (version == DTLS1_VERSION) + + case DTLS1_VERSION: return "DTLSv1"; - else if (version == DTLS1_2_VERSION) + + case DTLS1_2_VERSION: return "DTLSv1.2"; - else - return ("unknown"); + + default: + return "unknown"; + } } const char *SSL_get_version(const SSL *s) @@ -3300,16 +3662,44 @@ const char *SSL_get_version(const SSL *s) return ssl_protocol_to_string(s->version); } -SSL *SSL_dup(SSL *s) +static int dup_ca_names(STACK_OF(X509_NAME) **dst, STACK_OF(X509_NAME) *src) { STACK_OF(X509_NAME) *sk; X509_NAME *xn; + int i; + + if (src == NULL) { + *dst = NULL; + return 1; + } + + if ((sk = sk_X509_NAME_new_null()) == NULL) + return 0; + for (i = 0; i < sk_X509_NAME_num(src); i++) { + xn = X509_NAME_dup(sk_X509_NAME_value(src, i)); + if (xn == NULL) { + sk_X509_NAME_pop_free(sk, X509_NAME_free); + return 0; + } + if (sk_X509_NAME_insert(sk, xn, i) == 0) { + X509_NAME_free(xn); + sk_X509_NAME_pop_free(sk, X509_NAME_free); + return 0; + } + } + *dst = sk; + + return 1; +} + +SSL *SSL_dup(SSL *s) +{ SSL *ret; int i; /* If we're not quiescent, just up_ref! */ if (!SSL_in_init(s) || !SSL_in_before(s)) { - CRYPTO_atomic_add(&s->references, 1, &i, s->lock); + CRYPTO_UP_REF(&s->references, &i, s->lock); return s; } @@ -3317,7 +3707,7 @@ SSL *SSL_dup(SSL *s) * Otherwise, copy configuration state, and session if set. */ if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL) - return (NULL); + return NULL; if (s->session != NULL) { /* @@ -3343,7 +3733,8 @@ SSL *SSL_dup(SSL *s) goto err; } - if (!SSL_set_session_id_context(ret, s->sid_ctx, s->sid_ctx_length)) + if (!SSL_set_session_id_context(ret, s->sid_ctx, + (int)s->sid_ctx_length)) goto err; } @@ -3407,18 +3798,10 @@ SSL *SSL_dup(SSL *s) goto err; /* Dup the client_CA list */ - if (s->client_CA != NULL) { - if ((sk = sk_X509_NAME_dup(s->client_CA)) == NULL) - goto err; - ret->client_CA = sk; - for (i = 0; i < sk_X509_NAME_num(sk); i++) { - xn = sk_X509_NAME_value(sk, i); - if (sk_X509_NAME_set(sk, i, X509_NAME_dup(xn)) == NULL) { - X509_NAME_free(xn); - goto err; - } - } - } + if (!dup_ca_names(&ret->ca_names, s->ca_names) + || !dup_ca_names(&ret->client_ca_names, s->client_ca_names)) + goto err; + return ret; err: @@ -3447,17 +3830,17 @@ void ssl_clear_cipher_ctx(SSL *s) X509 *SSL_get_certificate(const SSL *s) { if (s->cert != NULL) - return (s->cert->key->x509); + return s->cert->key->x509; else - return (NULL); + return NULL; } EVP_PKEY *SSL_get_privatekey(const SSL *s) { if (s->cert != NULL) - return (s->cert->key->privatekey); + return s->cert->key->privatekey; else - return (NULL); + return NULL; } X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx) @@ -3479,8 +3862,13 @@ EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx) const SSL_CIPHER *SSL_get_current_cipher(const SSL *s) { if ((s->session != NULL) && (s->session->cipher != NULL)) - return (s->session->cipher); - return (NULL); + return s->session->cipher; + return NULL; +} + +const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s) +{ + return s->s3->tmp.new_cipher; } const COMP_METHOD *SSL_get_current_compression(SSL *s) @@ -3522,15 +3910,17 @@ int ssl_init_wbio_buffer(SSL *s) return 1; } -void ssl_free_wbio_buffer(SSL *s) +int ssl_free_wbio_buffer(SSL *s) { /* callers ensure s is never null */ if (s->bbio == NULL) - return; + return 1; s->wbio = BIO_pop(s->wbio); BIO_free(s->bbio); s->bbio = NULL; + + return 1; } void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode) @@ -3540,7 +3930,7 @@ void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode) int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) { - return (ctx->quiet_shutdown); + return ctx->quiet_shutdown; } void SSL_set_quiet_shutdown(SSL *s, int mode) @@ -3550,7 +3940,7 @@ void SSL_set_quiet_shutdown(SSL *s, int mode) int SSL_get_quiet_shutdown(const SSL *s) { - return (s->quiet_shutdown); + return s->quiet_shutdown; } void SSL_set_shutdown(SSL *s, int mode) @@ -3590,7 +3980,7 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx) return NULL; } - if (!custom_exts_copy_flags(&new_cert->srv_ext, &ssl->cert->srv_ext)) { + if (!custom_exts_copy_flags(&new_cert->custext, &ssl->cert->custext)) { ssl_cert_free(new_cert); return NULL; } @@ -3602,7 +3992,8 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx) * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH), * so setter APIs must prevent invalid lengths from entering the system. */ - OPENSSL_assert(ssl->sid_ctx_length <= sizeof(ssl->sid_ctx)); + if (!ossl_assert(ssl->sid_ctx_length <= sizeof(ssl->sid_ctx))) + return NULL; /* * If the session ID context matches that of the parent SSL_CTX, @@ -3626,7 +4017,7 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx) int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) { - return (X509_STORE_set_default_paths(ctx->cert_store)); + return X509_STORE_set_default_paths(ctx->cert_store); } int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx) @@ -3663,7 +4054,7 @@ int SSL_CTX_set_default_verify_file(SSL_CTX *ctx) int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath) { - return (X509_STORE_load_locations(ctx->cert_store, CAfile, CApath)); + return X509_STORE_load_locations(ctx->cert_store, CAfile, CApath); } void SSL_set_info_callback(SSL *ssl, @@ -3689,7 +4080,7 @@ void SSL_set_verify_result(SSL *ssl, long arg) long SSL_get_verify_result(const SSL *ssl) { - return (ssl->verify_result); + return ssl->verify_result; } size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen) @@ -3715,46 +4106,49 @@ size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen) size_t SSL_SESSION_get_master_key(const SSL_SESSION *session, unsigned char *out, size_t outlen) { - if (session->master_key_length < 0) { - /* Should never happen */ - return 0; - } if (outlen == 0) return session->master_key_length; - if (outlen > (size_t)session->master_key_length) + if (outlen > session->master_key_length) outlen = session->master_key_length; memcpy(out, session->master_key, outlen); return outlen; } +int SSL_SESSION_set1_master_key(SSL_SESSION *sess, const unsigned char *in, + size_t len) +{ + if (len > sizeof(sess->master_key)) + return 0; + + memcpy(sess->master_key, in, len); + sess->master_key_length = len; + return 1; +} + + int SSL_set_ex_data(SSL *s, int idx, void *arg) { - return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); + return CRYPTO_set_ex_data(&s->ex_data, idx, arg); } void *SSL_get_ex_data(const SSL *s, int idx) { - return (CRYPTO_get_ex_data(&s->ex_data, idx)); + return CRYPTO_get_ex_data(&s->ex_data, idx); } int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg) { - return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); + return CRYPTO_set_ex_data(&s->ex_data, idx, arg); } void *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx) { - return (CRYPTO_get_ex_data(&s->ex_data, idx)); -} - -int ssl_ok(SSL *s) -{ - return (1); + return CRYPTO_get_ex_data(&s->ex_data, idx); } X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) { - return (ctx->cert_store); + return ctx->cert_store; } void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store) @@ -3763,9 +4157,16 @@ void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store) ctx->cert_store = store; } +void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store) +{ + if (store != NULL) + X509_STORE_up_ref(store); + SSL_CTX_set_cert_store(ctx, store); +} + int SSL_want(const SSL *s) { - return (s->rwstate); + return s->rwstate; } /** @@ -3829,61 +4230,59 @@ const char *SSL_get_psk_identity_hint(const SSL *s) { if (s == NULL || s->session == NULL) return NULL; - return (s->session->psk_identity_hint); + return s->session->psk_identity_hint; } const char *SSL_get_psk_identity(const SSL *s) { if (s == NULL || s->session == NULL) return NULL; - return (s->session->psk_identity); + return s->session->psk_identity; } -void SSL_set_psk_client_callback(SSL *s, - unsigned int (*cb) (SSL *ssl, - const char *hint, - char *identity, - unsigned int - max_identity_len, - unsigned char *psk, - unsigned int max_psk_len)) +void SSL_set_psk_client_callback(SSL *s, SSL_psk_client_cb_func cb) { s->psk_client_callback = cb; } -void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, - unsigned int (*cb) (SSL *ssl, - const char *hint, - char *identity, - unsigned int - max_identity_len, - unsigned char *psk, - unsigned int - max_psk_len)) +void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb) { ctx->psk_client_callback = cb; } -void SSL_set_psk_server_callback(SSL *s, - unsigned int (*cb) (SSL *ssl, - const char *identity, - unsigned char *psk, - unsigned int max_psk_len)) +void SSL_set_psk_server_callback(SSL *s, SSL_psk_server_cb_func cb) { s->psk_server_callback = cb; } -void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, - unsigned int (*cb) (SSL *ssl, - const char *identity, - unsigned char *psk, - unsigned int - max_psk_len)) +void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb) { ctx->psk_server_callback = cb; } #endif +void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb) +{ + s->psk_find_session_cb = cb; +} + +void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx, + SSL_psk_find_session_cb_func cb) +{ + ctx->psk_find_session_cb = cb; +} + +void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb) +{ + s->psk_use_session_cb = cb; +} + +void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx, + SSL_psk_use_session_cb_func cb) +{ + ctx->psk_use_session_cb = cb; +} + void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb) (int write_p, int version, int content_type, const void *buf, @@ -3917,6 +4316,88 @@ void SSL_set_not_resumable_session_callback(SSL *ssl, (void (*)(void))cb); } +void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx, + size_t (*cb) (SSL *ssl, int type, + size_t len, void *arg)) +{ + ctx->record_padding_cb = cb; +} + +void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg) +{ + ctx->record_padding_arg = arg; +} + +void *SSL_CTX_get_record_padding_callback_arg(SSL_CTX *ctx) +{ + return ctx->record_padding_arg; +} + +int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size) +{ + /* block size of 0 or 1 is basically no padding */ + if (block_size == 1) + ctx->block_padding = 0; + else if (block_size <= SSL3_RT_MAX_PLAIN_LENGTH) + ctx->block_padding = block_size; + else + return 0; + return 1; +} + +void SSL_set_record_padding_callback(SSL *ssl, + size_t (*cb) (SSL *ssl, int type, + size_t len, void *arg)) +{ + ssl->record_padding_cb = cb; +} + +void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg) +{ + ssl->record_padding_arg = arg; +} + +void *SSL_get_record_padding_callback_arg(SSL *ssl) +{ + return ssl->record_padding_arg; +} + +int SSL_set_block_padding(SSL *ssl, size_t block_size) +{ + /* block size of 0 or 1 is basically no padding */ + if (block_size == 1) + ssl->block_padding = 0; + else if (block_size <= SSL3_RT_MAX_PLAIN_LENGTH) + ssl->block_padding = block_size; + else + return 0; + return 1; +} + +int SSL_set_num_tickets(SSL *s, size_t num_tickets) +{ + s->num_tickets = num_tickets; + + return 1; +} + +size_t SSL_get_num_tickets(SSL *s) +{ + return s->num_tickets; +} + +int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets) +{ + ctx->num_tickets = num_tickets; + + return 1; +} + +size_t SSL_CTX_get_num_tickets(SSL_CTX *ctx) +{ + return ctx->num_tickets; +} + /* * Allocates new EVP_MD_CTX and sets pointer to it into given pointer * variable, freeing EVP_MD_CTX previously stored in that variable, if any. @@ -3939,29 +4420,39 @@ EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md) void ssl_clear_hash_ctx(EVP_MD_CTX **hash) { - if (*hash) - EVP_MD_CTX_free(*hash); + EVP_MD_CTX_free(*hash); *hash = NULL; } /* Retrieve handshake hashes */ -int ssl_handshake_hash(SSL *s, unsigned char *out, int outlen) +int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen, + size_t *hashlen) { EVP_MD_CTX *ctx = NULL; EVP_MD_CTX *hdgst = s->s3->handshake_dgst; - int ret = EVP_MD_CTX_size(hdgst); - if (ret < 0 || ret > outlen) { - ret = 0; + int hashleni = EVP_MD_CTX_size(hdgst); + int ret = 0; + + if (hashleni < 0 || (size_t)hashleni > outlen) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_HANDSHAKE_HASH, + ERR_R_INTERNAL_ERROR); goto err; } + ctx = EVP_MD_CTX_new(); - if (ctx == NULL) { - ret = 0; + if (ctx == NULL) goto err; - } + if (!EVP_MD_CTX_copy_ex(ctx, hdgst) - || EVP_DigestFinal_ex(ctx, out, NULL) <= 0) - ret = 0; + || EVP_DigestFinal_ex(ctx, out, NULL) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_HANDSHAKE_HASH, + ERR_R_INTERNAL_ERROR); + goto err; + } + + *hashlen = hashleni; + + ret = 1; err: EVP_MD_CTX_free(ctx); return ret; @@ -4147,9 +4638,9 @@ static int ct_extract_tls_extension_scts(SSL *s) { int scts_extracted = 0; - if (s->tlsext_scts != NULL) { - const unsigned char *p = s->tlsext_scts; - STACK_OF(SCT) *scts = o2i_SCT_LIST(NULL, &p, s->tlsext_scts_len); + if (s->ext.scts != NULL) { + const unsigned char *p = s->ext.scts; + STACK_OF(SCT) *scts = o2i_SCT_LIST(NULL, &p, s->ext.scts_len); scts_extracted = ct_move_scts(&s->scts, scts, SCT_SOURCE_TLS_EXTENSION); @@ -4177,11 +4668,11 @@ static int ct_extract_ocsp_response_scts(SSL *s) STACK_OF(SCT) *scts = NULL; int i; - if (s->tlsext_ocsp_resp == NULL || s->tlsext_ocsp_resplen == 0) + if (s->ext.ocsp.resp == NULL || s->ext.ocsp.resp_len == 0) goto err; - p = s->tlsext_ocsp_resp; - rsp = d2i_OCSP_RESPONSE(NULL, &p, s->tlsext_ocsp_resplen); + p = s->ext.ocsp.resp; + rsp = d2i_OCSP_RESPONSE(NULL, &p, (int)s->ext.ocsp.resp_len); if (rsp == NULL) goto err; @@ -4377,7 +4868,8 @@ int ssl_validate_ct(SSL *s) ctx = CT_POLICY_EVAL_CTX_new(); if (ctx == NULL) { - SSLerr(SSL_F_SSL_VALIDATE_CT, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_VALIDATE_CT, + ERR_R_MALLOC_FAILURE); goto end; } @@ -4405,13 +4897,17 @@ int ssl_validate_ct(SSL *s) * ought to correspond to an inability to carry out its duties. */ if (SCT_LIST_validate(scts, ctx) < 0) { - SSLerr(SSL_F_SSL_VALIDATE_CT, SSL_R_SCT_VERIFICATION_FAILED); + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_SSL_VALIDATE_CT, + SSL_R_SCT_VERIFICATION_FAILED); goto end; } ret = s->ct_validation_callback(ctx, scts, s->ct_validation_callback_arg); if (ret < 0) ret = 0; /* This function returns 0 on failure */ + if (!ret) + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_SSL_VALIDATE_CT, + SSL_R_CALLBACK_FAILED); end: CT_POLICY_EVAL_CTX_free(ctx); @@ -4482,4 +4978,584 @@ const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx) return ctx->ctlog_store; } -#endif +#endif /* OPENSSL_NO_CT */ + +void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb, + void *arg) +{ + c->client_hello_cb = cb; + c->client_hello_cb_arg = arg; +} + +int SSL_client_hello_isv2(SSL *s) +{ + if (s->clienthello == NULL) + return 0; + return s->clienthello->isv2; +} + +unsigned int SSL_client_hello_get0_legacy_version(SSL *s) +{ + if (s->clienthello == NULL) + return 0; + return s->clienthello->legacy_version; +} + +size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out) +{ + if (s->clienthello == NULL) + return 0; + if (out != NULL) + *out = s->clienthello->random; + return SSL3_RANDOM_SIZE; +} + +size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out) +{ + if (s->clienthello == NULL) + return 0; + if (out != NULL) + *out = s->clienthello->session_id; + return s->clienthello->session_id_len; +} + +size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out) +{ + if (s->clienthello == NULL) + return 0; + if (out != NULL) + *out = PACKET_data(&s->clienthello->ciphersuites); + return PACKET_remaining(&s->clienthello->ciphersuites); +} + +size_t SSL_client_hello_get0_compression_methods(SSL *s, const unsigned char **out) +{ + if (s->clienthello == NULL) + return 0; + if (out != NULL) + *out = s->clienthello->compressions; + return s->clienthello->compressions_len; +} + +int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen) +{ + RAW_EXTENSION *ext; + int *present; + size_t num = 0, i; + + if (s->clienthello == NULL || out == NULL || outlen == NULL) + return 0; + for (i = 0; i < s->clienthello->pre_proc_exts_len; i++) { + ext = s->clienthello->pre_proc_exts + i; + if (ext->present) + num++; + } + if ((present = OPENSSL_malloc(sizeof(*present) * num)) == NULL) { + SSLerr(SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT, + ERR_R_MALLOC_FAILURE); + return 0; + } + for (i = 0; i < s->clienthello->pre_proc_exts_len; i++) { + ext = s->clienthello->pre_proc_exts + i; + if (ext->present) { + if (ext->received_order >= num) + goto err; + present[ext->received_order] = ext->type; + } + } + *out = present; + *outlen = num; + return 1; + err: + OPENSSL_free(present); + return 0; +} + +int SSL_client_hello_get0_ext(SSL *s, unsigned int type, const unsigned char **out, + size_t *outlen) +{ + size_t i; + RAW_EXTENSION *r; + + if (s->clienthello == NULL) + return 0; + for (i = 0; i < s->clienthello->pre_proc_exts_len; ++i) { + r = s->clienthello->pre_proc_exts + i; + if (r->present && r->type == type) { + if (out != NULL) + *out = PACKET_data(&r->data); + if (outlen != NULL) + *outlen = PACKET_remaining(&r->data); + return 1; + } + } + return 0; +} + +int SSL_free_buffers(SSL *ssl) +{ + RECORD_LAYER *rl = &ssl->rlayer; + + if (RECORD_LAYER_read_pending(rl) || RECORD_LAYER_write_pending(rl)) + return 0; + + RECORD_LAYER_release(rl); + return 1; +} + +int SSL_alloc_buffers(SSL *ssl) +{ + return ssl3_setup_buffers(ssl); +} + +void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb) +{ + ctx->keylog_callback = cb; +} + +SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx) +{ + return ctx->keylog_callback; +} + +static int nss_keylog_int(const char *prefix, + SSL *ssl, + const uint8_t *parameter_1, + size_t parameter_1_len, + const uint8_t *parameter_2, + size_t parameter_2_len) +{ + char *out = NULL; + char *cursor = NULL; + size_t out_len = 0; + size_t i; + size_t prefix_len; + + if (ssl->ctx->keylog_callback == NULL) + return 1; + + /* + * Our output buffer will contain the following strings, rendered with + * space characters in between, terminated by a NULL character: first the + * prefix, then the first parameter, then the second parameter. The + * meaning of each parameter depends on the specific key material being + * logged. Note that the first and second parameters are encoded in + * hexadecimal, so we need a buffer that is twice their lengths. + */ + prefix_len = strlen(prefix); + out_len = prefix_len + (2 * parameter_1_len) + (2 * parameter_2_len) + 3; + if ((out = cursor = OPENSSL_malloc(out_len)) == NULL) { + SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, SSL_F_NSS_KEYLOG_INT, + ERR_R_MALLOC_FAILURE); + return 0; + } + + strcpy(cursor, prefix); + cursor += prefix_len; + *cursor++ = ' '; + + for (i = 0; i < parameter_1_len; i++) { + sprintf(cursor, "%02x", parameter_1[i]); + cursor += 2; + } + *cursor++ = ' '; + + for (i = 0; i < parameter_2_len; i++) { + sprintf(cursor, "%02x", parameter_2[i]); + cursor += 2; + } + *cursor = '\0'; + + ssl->ctx->keylog_callback(ssl, (const char *)out); + OPENSSL_clear_free(out, out_len); + return 1; + +} + +int ssl_log_rsa_client_key_exchange(SSL *ssl, + const uint8_t *encrypted_premaster, + size_t encrypted_premaster_len, + const uint8_t *premaster, + size_t premaster_len) +{ + if (encrypted_premaster_len < 8) { + SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, + SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); + return 0; + } + + /* We only want the first 8 bytes of the encrypted premaster as a tag. */ + return nss_keylog_int("RSA", + ssl, + encrypted_premaster, + 8, + premaster, + premaster_len); +} + +int ssl_log_secret(SSL *ssl, + const char *label, + const uint8_t *secret, + size_t secret_len) +{ + return nss_keylog_int(label, + ssl, + ssl->s3->client_random, + SSL3_RANDOM_SIZE, + secret, + secret_len); +} + +#define SSLV2_CIPHER_LEN 3 + +int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format) +{ + int n; + + n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN; + + if (PACKET_remaining(cipher_suites) == 0) { + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL_CACHE_CIPHERLIST, + SSL_R_NO_CIPHERS_SPECIFIED); + return 0; + } + + if (PACKET_remaining(cipher_suites) % n != 0) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL_CACHE_CIPHERLIST, + SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); + return 0; + } + + OPENSSL_free(s->s3->tmp.ciphers_raw); + s->s3->tmp.ciphers_raw = NULL; + s->s3->tmp.ciphers_rawlen = 0; + + if (sslv2format) { + size_t numciphers = PACKET_remaining(cipher_suites) / n; + PACKET sslv2ciphers = *cipher_suites; + unsigned int leadbyte; + unsigned char *raw; + + /* + * We store the raw ciphers list in SSLv3+ format so we need to do some + * preprocessing to convert the list first. If there are any SSLv2 only + * ciphersuites with a non-zero leading byte then we are going to + * slightly over allocate because we won't store those. But that isn't a + * problem. + */ + raw = OPENSSL_malloc(numciphers * TLS_CIPHER_LEN); + s->s3->tmp.ciphers_raw = raw; + if (raw == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CACHE_CIPHERLIST, + ERR_R_MALLOC_FAILURE); + return 0; + } + for (s->s3->tmp.ciphers_rawlen = 0; + PACKET_remaining(&sslv2ciphers) > 0; + raw += TLS_CIPHER_LEN) { + if (!PACKET_get_1(&sslv2ciphers, &leadbyte) + || (leadbyte == 0 + && !PACKET_copy_bytes(&sslv2ciphers, raw, + TLS_CIPHER_LEN)) + || (leadbyte != 0 + && !PACKET_forward(&sslv2ciphers, TLS_CIPHER_LEN))) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL_CACHE_CIPHERLIST, + SSL_R_BAD_PACKET); + OPENSSL_free(s->s3->tmp.ciphers_raw); + s->s3->tmp.ciphers_raw = NULL; + s->s3->tmp.ciphers_rawlen = 0; + return 0; + } + if (leadbyte == 0) + s->s3->tmp.ciphers_rawlen += TLS_CIPHER_LEN; + } + } else if (!PACKET_memdup(cipher_suites, &s->s3->tmp.ciphers_raw, + &s->s3->tmp.ciphers_rawlen)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CACHE_CIPHERLIST, + ERR_R_INTERNAL_ERROR); + return 0; + } + return 1; +} + +int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len, + int isv2format, STACK_OF(SSL_CIPHER) **sk, + STACK_OF(SSL_CIPHER) **scsvs) +{ + PACKET pkt; + + if (!PACKET_buf_init(&pkt, bytes, len)) + return 0; + return bytes_to_cipher_list(s, &pkt, sk, scsvs, isv2format, 0); +} + +int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites, + STACK_OF(SSL_CIPHER) **skp, + STACK_OF(SSL_CIPHER) **scsvs_out, + int sslv2format, int fatal) +{ + const SSL_CIPHER *c; + STACK_OF(SSL_CIPHER) *sk = NULL; + STACK_OF(SSL_CIPHER) *scsvs = NULL; + int n; + /* 3 = SSLV2_CIPHER_LEN > TLS_CIPHER_LEN = 2. */ + unsigned char cipher[SSLV2_CIPHER_LEN]; + + n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN; + + if (PACKET_remaining(cipher_suites) == 0) { + if (fatal) + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_BYTES_TO_CIPHER_LIST, + SSL_R_NO_CIPHERS_SPECIFIED); + else + SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, SSL_R_NO_CIPHERS_SPECIFIED); + return 0; + } + + if (PACKET_remaining(cipher_suites) % n != 0) { + if (fatal) + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_BYTES_TO_CIPHER_LIST, + SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); + else + SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, + SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); + return 0; + } + + sk = sk_SSL_CIPHER_new_null(); + scsvs = sk_SSL_CIPHER_new_null(); + if (sk == NULL || scsvs == NULL) { + if (fatal) + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_BYTES_TO_CIPHER_LIST, + ERR_R_MALLOC_FAILURE); + else + SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); + goto err; + } + + while (PACKET_copy_bytes(cipher_suites, cipher, n)) { + /* + * SSLv3 ciphers wrapped in an SSLv2-compatible ClientHello have the + * first byte set to zero, while true SSLv2 ciphers have a non-zero + * first byte. We don't support any true SSLv2 ciphers, so skip them. + */ + if (sslv2format && cipher[0] != '\0') + continue; + + /* For SSLv2-compat, ignore leading 0-byte. */ + c = ssl_get_cipher_by_char(s, sslv2format ? &cipher[1] : cipher, 1); + if (c != NULL) { + if ((c->valid && !sk_SSL_CIPHER_push(sk, c)) || + (!c->valid && !sk_SSL_CIPHER_push(scsvs, c))) { + if (fatal) + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); + else + SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); + goto err; + } + } + } + if (PACKET_remaining(cipher_suites) > 0) { + if (fatal) + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_BYTES_TO_CIPHER_LIST, + SSL_R_BAD_LENGTH); + else + SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, SSL_R_BAD_LENGTH); + goto err; + } + + if (skp != NULL) + *skp = sk; + else + sk_SSL_CIPHER_free(sk); + if (scsvs_out != NULL) + *scsvs_out = scsvs; + else + sk_SSL_CIPHER_free(scsvs); + return 1; + err: + sk_SSL_CIPHER_free(sk); + sk_SSL_CIPHER_free(scsvs); + return 0; +} + +int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data) +{ + ctx->max_early_data = max_early_data; + + return 1; +} + +uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx) +{ + return ctx->max_early_data; +} + +int SSL_set_max_early_data(SSL *s, uint32_t max_early_data) +{ + s->max_early_data = max_early_data; + + return 1; +} + +uint32_t SSL_get_max_early_data(const SSL *s) +{ + return s->max_early_data; +} + +int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data) +{ + ctx->recv_max_early_data = recv_max_early_data; + + return 1; +} + +uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx) +{ + return ctx->recv_max_early_data; +} + +int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data) +{ + s->recv_max_early_data = recv_max_early_data; + + return 1; +} + +uint32_t SSL_get_recv_max_early_data(const SSL *s) +{ + return s->recv_max_early_data; +} + +__owur unsigned int ssl_get_max_send_fragment(const SSL *ssl) +{ + /* Return any active Max Fragment Len extension */ + if (ssl->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(ssl->session)) + return GET_MAX_FRAGMENT_LENGTH(ssl->session); + + /* return current SSL connection setting */ + return ssl->max_send_fragment; +} + +__owur unsigned int ssl_get_split_send_fragment(const SSL *ssl) +{ + /* Return a value regarding an active Max Fragment Len extension */ + if (ssl->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(ssl->session) + && ssl->split_send_fragment > GET_MAX_FRAGMENT_LENGTH(ssl->session)) + return GET_MAX_FRAGMENT_LENGTH(ssl->session); + + /* else limit |split_send_fragment| to current |max_send_fragment| */ + if (ssl->split_send_fragment > ssl->max_send_fragment) + return ssl->max_send_fragment; + + /* return current SSL connection setting */ + return ssl->split_send_fragment; +} + +int SSL_stateless(SSL *s) +{ + int ret; + + /* Ensure there is no state left over from a previous invocation */ + if (!SSL_clear(s)) + return 0; + + ERR_clear_error(); + + s->s3->flags |= TLS1_FLAGS_STATELESS; + ret = SSL_accept(s); + s->s3->flags &= ~TLS1_FLAGS_STATELESS; + + if (ret > 0 && s->ext.cookieok) + return 1; + + if (s->hello_retry_request == SSL_HRR_PENDING && !ossl_statem_in_error(s)) + return 0; + + return -1; +} + +void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val) +{ + ctx->pha_enabled = val; +} + +void SSL_set_post_handshake_auth(SSL *ssl, int val) +{ + ssl->pha_enabled = val; +} + +int SSL_verify_client_post_handshake(SSL *ssl) +{ + if (!SSL_IS_TLS13(ssl)) { + SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_WRONG_SSL_VERSION); + return 0; + } + if (!ssl->server) { + SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_NOT_SERVER); + return 0; + } + + if (!SSL_is_init_finished(ssl)) { + SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_STILL_IN_INIT); + return 0; + } + + switch (ssl->post_handshake_auth) { + case SSL_PHA_NONE: + SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_EXTENSION_NOT_RECEIVED); + return 0; + default: + case SSL_PHA_EXT_SENT: + SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, ERR_R_INTERNAL_ERROR); + return 0; + case SSL_PHA_EXT_RECEIVED: + break; + case SSL_PHA_REQUEST_PENDING: + SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_REQUEST_PENDING); + return 0; + case SSL_PHA_REQUESTED: + SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_REQUEST_SENT); + return 0; + } + + ssl->post_handshake_auth = SSL_PHA_REQUEST_PENDING; + + /* checks verify_mode and algorithm_auth */ + if (!send_certificate_request(ssl)) { + ssl->post_handshake_auth = SSL_PHA_EXT_RECEIVED; /* restore on error */ + SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_INVALID_CONFIG); + return 0; + } + + ossl_statem_set_in_init(ssl, 1); + return 1; +} + +int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx, + SSL_CTX_generate_session_ticket_fn gen_cb, + SSL_CTX_decrypt_session_ticket_fn dec_cb, + void *arg) +{ + ctx->generate_ticket_cb = gen_cb; + ctx->decrypt_ticket_cb = dec_cb; + ctx->ticket_cb_data = arg; + return 1; +} + +void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx, + SSL_allow_early_data_cb_fn cb, + void *arg) +{ + ctx->allow_early_data_cb = cb; + ctx->allow_early_data_cb_data = arg; +} + +void SSL_set_allow_early_data_cb(SSL *s, + SSL_allow_early_data_cb_fn cb, + void *arg) +{ + s->allow_early_data_cb = cb; + s->allow_early_data_cb_data = arg; +} diff --git a/deps/openssl/openssl/ssl/ssl_locl.h b/deps/openssl/openssl/ssl/ssl_locl.h index 3c7c1a8e648361..70e5a1740f9c4d 100644 --- a/deps/openssl/openssl/ssl/ssl_locl.h +++ b/deps/openssl/openssl/ssl/ssl_locl.h @@ -1,5 +1,7 @@ /* * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * Copyright 2005 Nokia. All rights reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,54 +9,18 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECC cipher suite support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - #ifndef HEADER_SSL_LOCL_H # define HEADER_SSL_LOCL_H + +# include "e_os.h" /* struct timeval for DTLS */ # include # include # include # include -# include "e_os.h" -# if defined(__unix) || defined(__unix__) -# include /* struct timeval for DTLS */ -# endif - # include # include # include -# include # include # include # include @@ -66,14 +32,14 @@ # include "statem/statem.h" # include "packet_locl.h" # include "internal/dane.h" +# include "internal/refcount.h" +# include "internal/tsan_assist.h" # ifdef OPENSSL_BUILD_SHLIBSSL # undef OPENSSL_EXTERN # define OPENSSL_EXTERN OPENSSL_EXPORT # endif -# undef PKCS1_CHECK - # define c2l(c,l) (l = ((unsigned long)(*((c)++))) , \ l|=(((unsigned long)(*((c)++)))<< 8), \ l|=(((unsigned long)(*((c)++)))<<16), \ @@ -164,8 +130,6 @@ (c)[1]=(unsigned char)(((l)>> 8)&0xff), \ (c)[2]=(unsigned char)(((l) )&0xff)),(c)+=3) -# define SSL_MAX_2_BYTE_LEN (0xffff) - /* * DTLS version numbers are strange because they're inverted. Except for * DTLS1_BAD_VER, which should be considered "lower" than the rest. @@ -176,19 +140,6 @@ # define DTLS_VERSION_LT(v1, v2) (dtls_ver_ordinal(v1) > dtls_ver_ordinal(v2)) # define DTLS_VERSION_LE(v1, v2) (dtls_ver_ordinal(v1) >= dtls_ver_ordinal(v2)) -/* LOCAL STUFF */ - -# define SSL_DECRYPT 0 -# define SSL_ENCRYPT 1 - -# define TWO_BYTE_BIT 0x80 -# define SEC_ESC_BIT 0x40 -# define TWO_BYTE_MASK 0x7fff -# define THREE_BYTE_MASK 0x3fff - -# define INC32(a) ((a)=((a)+1)&0xffffffffL) -# define DEC32(a) ((a)=((a)-1)&0xffffffffL) -# define MAX_MAC_SIZE 20 /* up from 16 for SSLv3 */ /* * Define the Bitmasks for SSL_CIPHER.algorithms. @@ -230,6 +181,9 @@ # define SSL_PSK (SSL_kPSK | SSL_kRSAPSK | SSL_kECDHEPSK | SSL_kDHEPSK) +/* Any appropriate key exchange algorithm (for TLS 1.3 ciphersuites) */ +# define SSL_kANY 0x00000000U + /* Bits for algorithm_auth (server authentication) */ /* RSA auth */ # define SSL_aRSA 0x00000001U @@ -247,6 +201,11 @@ # define SSL_aSRP 0x00000040U /* GOST R 34.10-2012 signature auth */ # define SSL_aGOST12 0x00000080U +/* Any appropriate signature auth (for TLS 1.3 ciphersuites) */ +# define SSL_aANY 0x00000000U +/* All bits requiring a certificate */ +#define SSL_aCERT \ + (SSL_aRSA | SSL_aDSS | SSL_aECDSA | SSL_aGOST01 | SSL_aGOST12) /* Bits for algorithm_enc (symmetric encryption) */ # define SSL_DES 0x00000001U @@ -269,12 +228,16 @@ # define SSL_AES256CCM8 0x00020000U # define SSL_eGOST2814789CNT12 0x00040000U # define SSL_CHACHA20POLY1305 0x00080000U +# define SSL_ARIA128GCM 0x00100000U +# define SSL_ARIA256GCM 0x00200000U # define SSL_AESGCM (SSL_AES128GCM | SSL_AES256GCM) # define SSL_AESCCM (SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8) # define SSL_AES (SSL_AES128|SSL_AES256|SSL_AESGCM|SSL_AESCCM) # define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256) # define SSL_CHACHA20 (SSL_CHACHA20POLY1305) +# define SSL_ARIAGCM (SSL_ARIA128GCM | SSL_ARIA256GCM) +# define SSL_ARIA (SSL_ARIAGCM) /* Bits for algorithm_mac (symmetric authentication) */ @@ -349,11 +312,27 @@ /* we have used 0000003f - 26 bits left to go */ -# define SSL_IS_FIRST_HANDSHAKE(S) ((s)->s3->tmp.finish_md_len == 0 \ - || (s)->s3->tmp.peer_finish_md_len == 0) +/* Flag used on OpenSSL ciphersuite ids to indicate they are for SSLv3+ */ +# define SSL3_CK_CIPHERSUITE_FLAG 0x03000000 /* Check if an SSL structure is using DTLS */ # define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) + +/* Check if we are using TLSv1.3 */ +# define SSL_IS_TLS13(s) (!SSL_IS_DTLS(s) \ + && (s)->method->version >= TLS1_3_VERSION \ + && (s)->method->version != TLS_ANY_VERSION) + +# define SSL_TREAT_AS_TLS13(s) \ + (SSL_IS_TLS13(s) || (s)->early_data_state == SSL_EARLY_DATA_CONNECTING \ + || (s)->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY \ + || (s)->early_data_state == SSL_EARLY_DATA_WRITING \ + || (s)->early_data_state == SSL_EARLY_DATA_WRITE_RETRY \ + || (s)->hello_retry_request == SSL_HRR_PENDING) + +# define SSL_IS_FIRST_HANDSHAKE(S) ((s)->s3->tmp.finish_md_len == 0 \ + || (s)->s3->tmp.peer_finish_md_len == 0) + /* See if we need explicit IV */ # define SSL_USE_EXPLICIT_IV(s) \ (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV) @@ -383,23 +362,28 @@ # define SSL_CLIENT_USE_SIGALGS(s) \ SSL_CLIENT_USE_TLS1_2_CIPHERS(s) +# define IS_MAX_FRAGMENT_LENGTH_EXT_VALID(value) \ + (((value) >= TLSEXT_max_fragment_length_512) && \ + ((value) <= TLSEXT_max_fragment_length_4096)) +# define USE_MAX_FRAGMENT_LENGTH_EXT(session) \ + IS_MAX_FRAGMENT_LENGTH_EXT_VALID(session->ext.max_fragment_len_mode) +# define GET_MAX_FRAGMENT_LENGTH(session) \ + (512U << (session->ext.max_fragment_len_mode - 1)) + # define SSL_READ_ETM(s) (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC_READ) # define SSL_WRITE_ETM(s) (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE) /* Mostly for SSLv3 */ -# define SSL_PKEY_RSA_ENC 0 -# define SSL_PKEY_RSA_SIGN 1 +# define SSL_PKEY_RSA 0 +# define SSL_PKEY_RSA_PSS_SIGN 1 # define SSL_PKEY_DSA_SIGN 2 # define SSL_PKEY_ECC 3 # define SSL_PKEY_GOST01 4 # define SSL_PKEY_GOST12_256 5 # define SSL_PKEY_GOST12_512 6 -# define SSL_PKEY_NUM 7 -/* - * Pseudo-constant. GOST cipher suites can use different certs for 1 - * SSL_CIPHER. So let's see which one we have in fact. - */ -# define SSL_PKEY_GOST_EC SSL_PKEY_NUM+1 +# define SSL_PKEY_ED25519 7 +# define SSL_PKEY_ED448 8 +# define SSL_PKEY_NUM 9 /*- * SSL_kRSA <- RSA_ENC @@ -415,12 +399,22 @@ #define CERT_PRIVATE_KEY 2 */ +/* Post-Handshake Authentication state */ +typedef enum { + SSL_PHA_NONE = 0, + SSL_PHA_EXT_SENT, /* client-side only: extension sent */ + SSL_PHA_EXT_RECEIVED, /* server-side only: extension received */ + SSL_PHA_REQUEST_PENDING, /* server-side only: request pending */ + SSL_PHA_REQUESTED /* request received by client, or sent by server */ +} SSL_PHA_STATE; + /* CipherSuite length. SSLv3 and all TLS versions. */ # define TLS_CIPHER_LEN 2 /* used to hold info on the particular ciphers used */ struct ssl_cipher_st { uint32_t valid; const char *name; /* text name */ + const char *stdname; /* RFC name */ uint32_t id; /* id, 4 bytes, first is version */ /* * changed in 1.0.0: these four used to be portions of a single value @@ -446,25 +440,28 @@ struct ssl_method_st { unsigned flags; unsigned long mask; int (*ssl_new) (SSL *s); - void (*ssl_clear) (SSL *s); + int (*ssl_clear) (SSL *s); void (*ssl_free) (SSL *s); int (*ssl_accept) (SSL *s); int (*ssl_connect) (SSL *s); - int (*ssl_read) (SSL *s, void *buf, int len); - int (*ssl_peek) (SSL *s, void *buf, int len); - int (*ssl_write) (SSL *s, const void *buf, int len); + int (*ssl_read) (SSL *s, void *buf, size_t len, size_t *readbytes); + int (*ssl_peek) (SSL *s, void *buf, size_t len, size_t *readbytes); + int (*ssl_write) (SSL *s, const void *buf, size_t len, size_t *written); int (*ssl_shutdown) (SSL *s); int (*ssl_renegotiate) (SSL *s); - int (*ssl_renegotiate_check) (SSL *s); + int (*ssl_renegotiate_check) (SSL *s, int); int (*ssl_read_bytes) (SSL *s, int type, int *recvd_type, - unsigned char *buf, int len, int peek); - int (*ssl_write_bytes) (SSL *s, int type, const void *buf_, int len); + unsigned char *buf, size_t len, int peek, + size_t *readbytes); + int (*ssl_write_bytes) (SSL *s, int type, const void *buf_, size_t len, + size_t *written); int (*ssl_dispatch_alert) (SSL *s); long (*ssl_ctrl) (SSL *s, int cmd, long larg, void *parg); long (*ssl_ctx_ctrl) (SSL_CTX *ctx, int cmd, long larg, void *parg); const SSL_CIPHER *(*get_cipher_by_char) (const unsigned char *ptr); - int (*put_cipher_by_char) (const SSL_CIPHER *cipher, unsigned char *ptr); - int (*ssl_pending) (const SSL *s); + int (*put_cipher_by_char) (const SSL_CIPHER *cipher, WPACKET *pkt, + size_t *len); + size_t (*ssl_pending) (const SSL *s); int (*num_ciphers) (void); const SSL_CIPHER *(*get_cipher) (unsigned ncipher); long (*get_timeout) (void); @@ -474,6 +471,12 @@ struct ssl_method_st { long (*ssl_ctx_callback_ctrl) (SSL_CTX *s, int cb_id, void (*fp) (void)); }; +/* + * Matches the length of PSK_MAX_PSK_LEN. We keep it the same value for + * consistency, even in the event of OPENSSL_NO_PSK being defined. + */ +# define TLS13_MAX_RESUMPTION_PSK_LENGTH 256 + /*- * Lets make this into an ASN.1 type structure as follows * SSL_SESSION_ID ::= SEQUENCE { @@ -503,17 +506,24 @@ struct ssl_method_st { struct ssl_session_st { int ssl_version; /* what ssl version session info is being kept * in here? */ - int master_key_length; - unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; + size_t master_key_length; + + /* TLSv1.3 early_secret used for external PSKs */ + unsigned char early_secret[EVP_MAX_MD_SIZE]; + /* + * For <=TLS1.2 this is the master_key. For TLS1.3 this is the resumption + * PSK + */ + unsigned char master_key[TLS13_MAX_RESUMPTION_PSK_LENGTH]; /* session_id - valid? */ - unsigned int session_id_length; + size_t session_id_length; unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; /* * this is used to determine whether the session is being reused in the * appropriate context. It is up to the application to set this, via * SSL_new */ - unsigned int sid_ctx_length; + size_t sid_ctx_length; unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; # ifndef OPENSSL_NO_PSK char *psk_identity_hint; @@ -528,14 +538,14 @@ struct ssl_session_st { /* This is the cert and type for the other end. */ X509 *peer; int peer_type; - /* Certificate chain peer sent */ + /* Certificate chain peer sent. */ STACK_OF(X509) *peer_chain; /* * when app_verify_callback accepts a session where the peer's * certificate is not ok, we must remember the error for session reuse: */ long verify_result; /* only for servers */ - int references; + CRYPTO_REF_COUNT references; long timeout; long time; unsigned int compress_meth; /* Need to lookup the method */ @@ -549,21 +559,40 @@ struct ssl_session_st { * implement a maximum cache size. */ struct ssl_session_st *prev, *next; - char *tlsext_hostname; + + struct { + char *hostname; # ifndef OPENSSL_NO_EC - size_t tlsext_ecpointformatlist_length; - unsigned char *tlsext_ecpointformatlist; /* peer's list */ - size_t tlsext_ellipticcurvelist_length; - unsigned char *tlsext_ellipticcurvelist; /* peer's list */ + size_t ecpointformats_len; + unsigned char *ecpointformats; /* peer's list */ # endif /* OPENSSL_NO_EC */ + size_t supportedgroups_len; + uint16_t *supportedgroups; /* peer's list */ /* RFC4507 info */ - unsigned char *tlsext_tick; /* Session ticket */ - size_t tlsext_ticklen; /* Session ticket length */ - unsigned long tlsext_tick_lifetime_hint; /* Session lifetime hint in - * seconds */ + unsigned char *tick; /* Session ticket */ + size_t ticklen; /* Session ticket length */ + /* Session lifetime hint in seconds */ + unsigned long tick_lifetime_hint; + uint32_t tick_age_add; + int tick_identity; + /* Max number of bytes that can be sent as early data */ + uint32_t max_early_data; + /* The ALPN protocol selected for this session */ + unsigned char *alpn_selected; + size_t alpn_selected_len; + /* + * Maximum Fragment Length as per RFC 4366. + * If this value does not contain RFC 4366 allowed values (1-4) then + * either the Maximum Fragment Length Negotiation failed or was not + * performed at all. + */ + uint8_t max_fragment_len_mode; + } ext; # ifndef OPENSSL_NO_SRP char *srp_username; # endif + unsigned char *ticket_appdata; + size_t ticket_appdata_len; uint32_t flags; CRYPTO_RWLOCK *lock; }; @@ -592,30 +621,140 @@ typedef struct srp_ctx_st { # endif +typedef enum { + SSL_EARLY_DATA_NONE = 0, + SSL_EARLY_DATA_CONNECT_RETRY, + SSL_EARLY_DATA_CONNECTING, + SSL_EARLY_DATA_WRITE_RETRY, + SSL_EARLY_DATA_WRITING, + SSL_EARLY_DATA_WRITE_FLUSH, + SSL_EARLY_DATA_UNAUTH_WRITING, + SSL_EARLY_DATA_FINISHED_WRITING, + SSL_EARLY_DATA_ACCEPT_RETRY, + SSL_EARLY_DATA_ACCEPTING, + SSL_EARLY_DATA_READ_RETRY, + SSL_EARLY_DATA_READING, + SSL_EARLY_DATA_FINISHED_READING +} SSL_EARLY_DATA_STATE; + +/* + * We check that the amount of unreadable early data doesn't exceed + * max_early_data. max_early_data is given in plaintext bytes. However if it is + * unreadable then we only know the number of ciphertext bytes. We also don't + * know how much the overhead should be because it depends on the ciphersuite. + * We make a small allowance. We assume 5 records of actual data plus the end + * of early data alert record. Each record has a tag and a content type byte. + * The longest tag length we know of is EVP_GCM_TLS_TAG_LEN. We don't count the + * content of the alert record either which is 2 bytes. + */ +# define EARLY_DATA_CIPHERTEXT_OVERHEAD ((6 * (EVP_GCM_TLS_TAG_LEN + 1)) + 2) + +/* + * The allowance we have between the client's calculated ticket age and our own. + * We allow for 10 seconds (units are in ms). If a ticket is presented and the + * client's age calculation is different by more than this than our own then we + * do not allow that ticket for early_data. + */ +# define TICKET_AGE_ALLOWANCE (10 * 1000) + +#define MAX_COMPRESSIONS_SIZE 255 + struct ssl_comp_st { int id; const char *name; COMP_METHOD *method; }; +typedef struct raw_extension_st { + /* Raw packet data for the extension */ + PACKET data; + /* Set to 1 if the extension is present or 0 otherwise */ + int present; + /* Set to 1 if we have already parsed the extension or 0 otherwise */ + int parsed; + /* The type of this extension, i.e. a TLSEXT_TYPE_* value */ + unsigned int type; + /* Track what order extensions are received in (0-based). */ + size_t received_order; +} RAW_EXTENSION; + +typedef struct { + unsigned int isv2; + unsigned int legacy_version; + unsigned char random[SSL3_RANDOM_SIZE]; + size_t session_id_len; + unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; + size_t dtls_cookie_len; + unsigned char dtls_cookie[DTLS1_COOKIE_LENGTH]; + PACKET ciphersuites; + size_t compressions_len; + unsigned char compressions[MAX_COMPRESSIONS_SIZE]; + PACKET extensions; + size_t pre_proc_exts_len; + RAW_EXTENSION *pre_proc_exts; +} CLIENTHELLO_MSG; + +/* + * Extension index values NOTE: Any updates to these defines should be mirrored + * with equivalent updates to ext_defs in extensions.c + */ +typedef enum tlsext_index_en { + TLSEXT_IDX_renegotiate, + TLSEXT_IDX_server_name, + TLSEXT_IDX_max_fragment_length, + TLSEXT_IDX_srp, + TLSEXT_IDX_ec_point_formats, + TLSEXT_IDX_supported_groups, + TLSEXT_IDX_session_ticket, + TLSEXT_IDX_status_request, + TLSEXT_IDX_next_proto_neg, + TLSEXT_IDX_application_layer_protocol_negotiation, + TLSEXT_IDX_use_srtp, + TLSEXT_IDX_encrypt_then_mac, + TLSEXT_IDX_signed_certificate_timestamp, + TLSEXT_IDX_extended_master_secret, + TLSEXT_IDX_signature_algorithms_cert, + TLSEXT_IDX_post_handshake_auth, + TLSEXT_IDX_signature_algorithms, + TLSEXT_IDX_supported_versions, + TLSEXT_IDX_psk_kex_modes, + TLSEXT_IDX_key_share, + TLSEXT_IDX_cookie, + TLSEXT_IDX_cryptopro_bug, + TLSEXT_IDX_early_data, + TLSEXT_IDX_certificate_authorities, + TLSEXT_IDX_padding, + TLSEXT_IDX_psk, + /* Dummy index - must always be the last entry */ + TLSEXT_IDX_num_builtins +} TLSEXT_INDEX; + DEFINE_LHASH_OF(SSL_SESSION); /* Needed in ssl_cert.c */ DEFINE_LHASH_OF(X509_NAME); -# define TLSEXT_KEYNAME_LENGTH 16 +# define TLSEXT_KEYNAME_LENGTH 16 +# define TLSEXT_TICK_KEY_LENGTH 32 + +typedef struct ssl_ctx_ext_secure_st { + unsigned char tick_hmac_key[TLSEXT_TICK_KEY_LENGTH]; + unsigned char tick_aes_key[TLSEXT_TICK_KEY_LENGTH]; +} SSL_CTX_EXT_SECURE; struct ssl_ctx_st { const SSL_METHOD *method; STACK_OF(SSL_CIPHER) *cipher_list; /* same as above but sorted for lookup */ STACK_OF(SSL_CIPHER) *cipher_list_by_id; + /* TLSv1.3 specific ciphersuites */ + STACK_OF(SSL_CIPHER) *tls13_ciphersuites; struct x509_store_st /* X509_STORE */ *cert_store; LHASH_OF(SSL_SESSION) *sessions; /* * Most session-ids that will be cached, default is * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */ - unsigned long session_cache_size; + size_t session_cache_size; struct ssl_session_st *session_cache_head; struct ssl_session_st *session_cache_tail; /* @@ -645,24 +784,26 @@ struct ssl_ctx_st { const unsigned char *data, int len, int *copy); struct { - int sess_connect; /* SSL new conn - started */ - int sess_connect_renegotiate; /* SSL reneg - requested */ - int sess_connect_good; /* SSL new conne/reneg - finished */ - int sess_accept; /* SSL new accept - started */ - int sess_accept_renegotiate; /* SSL reneg - requested */ - int sess_accept_good; /* SSL accept/reneg - finished */ - int sess_miss; /* session lookup misses */ - int sess_timeout; /* reuse attempt on timeouted session */ - int sess_cache_full; /* session removed due to full cache */ - int sess_hit; /* session reuse actually done */ - int sess_cb_hit; /* session-id that was not in the cache was - * passed back via the callback. This - * indicates that the application is supplying - * session-id's from other processes - spooky - * :-) */ + TSAN_QUALIFIER int sess_connect; /* SSL new conn - started */ + TSAN_QUALIFIER int sess_connect_renegotiate; /* SSL reneg - requested */ + TSAN_QUALIFIER int sess_connect_good; /* SSL new conne/reneg - finished */ + TSAN_QUALIFIER int sess_accept; /* SSL new accept - started */ + TSAN_QUALIFIER int sess_accept_renegotiate; /* SSL reneg - requested */ + TSAN_QUALIFIER int sess_accept_good; /* SSL accept/reneg - finished */ + TSAN_QUALIFIER int sess_miss; /* session lookup misses */ + TSAN_QUALIFIER int sess_timeout; /* reuse attempt on timeouted session */ + TSAN_QUALIFIER int sess_cache_full; /* session removed due to full cache */ + TSAN_QUALIFIER int sess_hit; /* session reuse actually done */ + TSAN_QUALIFIER int sess_cb_hit; /* session-id that was not in + * the cache was passed back via + * the callback. This indicates + * that the application is + * supplying session-id's from + * other processes - spooky + * :-) */ } stats; - int references; + CRYPTO_REF_COUNT references; /* if defined, these override the X509_verify_cert() calls */ int (*app_verify_callback) (X509_STORE_CTX *, void *); @@ -689,6 +830,14 @@ struct ssl_ctx_st { int (*app_verify_cookie_cb) (SSL *ssl, const unsigned char *cookie, unsigned int cookie_len); + /* TLS1.3 app-controlled cookie generate callback */ + int (*gen_stateless_cookie_cb) (SSL *ssl, unsigned char *cookie, + size_t *cookie_len); + + /* TLS1.3 verify app-controlled cookie callback */ + int (*verify_stateless_cookie_cb) (SSL *ssl, const unsigned char *cookie, + size_t cookie_len); + CRYPTO_EX_DATA ex_data; const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ @@ -702,8 +851,14 @@ struct ssl_ctx_st { /* used if SSL's info_callback is NULL */ void (*info_callback) (const SSL *ssl, int type, int val); - /* what we put in client cert requests */ - STACK_OF(X509_NAME) *client_CA; + /* + * What we put in certificate_authorities extension for TLS 1.3 + * (ClientHello and CertificateRequest) or just client cert requests for + * earlier versions. If client_ca_names is populated then it is only used + * for client cert requests, and in preference to ca_names. + */ + STACK_OF(X509_NAME) *ca_names; + STACK_OF(X509_NAME) *client_ca_names; /* * Default values to use in SSL structures follow (these are copied by @@ -714,7 +869,7 @@ struct ssl_ctx_st { uint32_t mode; int min_proto_version; int max_proto_version; - long max_cert_list; + size_t max_cert_list; struct cert_st /* CERT */ *cert; int read_ahead; @@ -725,7 +880,7 @@ struct ssl_ctx_st { void *msg_callback_arg; uint32_t verify_mode; - unsigned int sid_ctx_length; + size_t sid_ctx_length; unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; /* called 'verify_callback' in the SSL */ int (*default_verify_callback) (int ok, X509_STORE_CTX *ctx); @@ -751,15 +906,15 @@ struct ssl_ctx_st { * If we're using more than one pipeline how should we divide the data * up between the pipes? */ - unsigned int split_send_fragment; + size_t split_send_fragment; /* * Maximum amount of data to send in one fragment. actual record size can * be more than this due to padding and MAC overheads. */ - unsigned int max_send_fragment; + size_t max_send_fragment; /* Up to how many pipelines should we use? If 0 then 1 is assumed */ - unsigned int max_pipelines; + size_t max_pipelines; /* The default read buffer length to use (0 means not set) */ size_t default_read_buf_len; @@ -771,63 +926,44 @@ struct ssl_ctx_st { ENGINE *client_cert_engine; # endif - /* TLS extensions servername callback */ - int (*tlsext_servername_callback) (SSL *, int *, void *); - void *tlsext_servername_arg; - /* RFC 4507 session ticket keys */ - unsigned char tlsext_tick_key_name[TLSEXT_KEYNAME_LENGTH]; - unsigned char tlsext_tick_hmac_key[32]; - unsigned char tlsext_tick_aes_key[32]; - /* Callback to support customisation of ticket key setting */ - int (*tlsext_ticket_key_cb) (SSL *ssl, - unsigned char *name, unsigned char *iv, - EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc); - - /* certificate status request info */ - /* Callback for status request */ - int (*tlsext_status_cb) (SSL *ssl, void *arg); - void *tlsext_status_arg; - -# ifndef OPENSSL_NO_PSK - unsigned int (*psk_client_callback) (SSL *ssl, const char *hint, - char *identity, - unsigned int max_identity_len, - unsigned char *psk, - unsigned int max_psk_len); - unsigned int (*psk_server_callback) (SSL *ssl, const char *identity, - unsigned char *psk, - unsigned int max_psk_len); -# endif - -# ifndef OPENSSL_NO_SRP - SRP_CTX srp_ctx; /* ctx for SRP authentication */ -# endif + /* ClientHello callback. Mostly for extensions, but not entirely. */ + SSL_client_hello_cb_fn client_hello_cb; + void *client_hello_cb_arg; -# ifndef OPENSSL_NO_NEXTPROTONEG - /* Next protocol negotiation information */ + /* TLS extensions. */ + struct { + /* TLS extensions servername callback */ + int (*servername_cb) (SSL *, int *, void *); + void *servername_arg; + /* RFC 4507 session ticket keys */ + unsigned char tick_key_name[TLSEXT_KEYNAME_LENGTH]; + SSL_CTX_EXT_SECURE *secure; + /* Callback to support customisation of ticket key setting */ + int (*ticket_key_cb) (SSL *ssl, + unsigned char *name, unsigned char *iv, + EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc); + + /* certificate status request info */ + /* Callback for status request */ + int (*status_cb) (SSL *ssl, void *arg); + void *status_arg; + /* ext status type used for CSR extension (OCSP Stapling) */ + int status_type; + /* RFC 4366 Maximum Fragment Length Negotiation */ + uint8_t max_fragment_len_mode; - /* - * For a server, this contains a callback function by which the set of - * advertised protocols can be provided. - */ - int (*next_protos_advertised_cb) (SSL *s, const unsigned char **buf, - unsigned int *len, void *arg); - void *next_protos_advertised_cb_arg; - /* - * For a client, this contains a callback function that selects the next - * protocol from the list provided by the server. - */ - int (*next_proto_select_cb) (SSL *s, unsigned char **out, - unsigned char *outlen, - const unsigned char *in, - unsigned int inlen, void *arg); - void *next_proto_select_cb_arg; -# endif +# ifndef OPENSSL_NO_EC + /* EC extension values inherited by SSL structure */ + size_t ecpointformats_len; + unsigned char *ecpointformats; + size_t supportedgroups_len; + uint16_t *supportedgroups; +# endif /* OPENSSL_NO_EC */ - /* - * ALPN information (we are in the process of transitioning from NPN to - * ALPN.) - */ + /* + * ALPN information (we are in the process of transitioning from NPN to + * ALPN.) + */ /*- * For a server, this contains a callback function that allows the @@ -839,42 +975,103 @@ struct ssl_ctx_st { * wire-format. * inlen: the length of |in|. */ - int (*alpn_select_cb) (SSL *s, - const unsigned char **out, - unsigned char *outlen, - const unsigned char *in, - unsigned int inlen, void *arg); - void *alpn_select_cb_arg; + int (*alpn_select_cb) (SSL *s, + const unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, void *arg); + void *alpn_select_cb_arg; - /* - * For a client, this contains the list of supported protocols in wire - * format. - */ - unsigned char *alpn_client_proto_list; - unsigned alpn_client_proto_list_len; + /* + * For a client, this contains the list of supported protocols in wire + * format. + */ + unsigned char *alpn; + size_t alpn_len; + +# ifndef OPENSSL_NO_NEXTPROTONEG + /* Next protocol negotiation information */ + + /* + * For a server, this contains a callback function by which the set of + * advertised protocols can be provided. + */ + SSL_CTX_npn_advertised_cb_func npn_advertised_cb; + void *npn_advertised_cb_arg; + /* + * For a client, this contains a callback function that selects the next + * protocol from the list provided by the server. + */ + SSL_CTX_npn_select_cb_func npn_select_cb; + void *npn_select_cb_arg; +# endif + + unsigned char cookie_hmac_key[SHA256_DIGEST_LENGTH]; + } ext; + +# ifndef OPENSSL_NO_PSK + SSL_psk_client_cb_func psk_client_callback; + SSL_psk_server_cb_func psk_server_callback; +# endif + SSL_psk_find_session_cb_func psk_find_session_cb; + SSL_psk_use_session_cb_func psk_use_session_cb; + +# ifndef OPENSSL_NO_SRP + SRP_CTX srp_ctx; /* ctx for SRP authentication */ +# endif /* Shared DANE context */ struct dane_ctx_st dane; +# ifndef OPENSSL_NO_SRTP /* SRTP profiles we are willing to do from RFC 5764 */ STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; +# endif /* * Callback for disabling session caching and ticket support on a session * basis, depending on the chosen cipher. */ int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure); -# ifndef OPENSSL_NO_EC - /* EC extension values inherited by SSL structure */ - size_t tlsext_ecpointformatlist_length; - unsigned char *tlsext_ecpointformatlist; - size_t tlsext_ellipticcurvelist_length; - unsigned char *tlsext_ellipticcurvelist; -# endif /* OPENSSL_NO_EC */ - - /* ext status type used for CSR extension (OCSP Stapling) */ - int tlsext_status_type; CRYPTO_RWLOCK *lock; + + /* + * Callback for logging key material for use with debugging tools like + * Wireshark. The callback should log `line` followed by a newline. + */ + SSL_CTX_keylog_cb_func keylog_callback; + + /* + * The maximum number of bytes advertised in session tickets that can be + * sent as early data. + */ + uint32_t max_early_data; + + /* + * The maximum number of bytes of early data that a server will tolerate + * (which should be at least as much as max_early_data). + */ + uint32_t recv_max_early_data; + + /* TLS1.3 padding callback */ + size_t (*record_padding_cb)(SSL *s, int type, size_t len, void *arg); + void *record_padding_arg; + size_t block_padding; + + /* Session ticket appdata */ + SSL_CTX_generate_session_ticket_fn generate_ticket_cb; + SSL_CTX_decrypt_session_ticket_fn decrypt_ticket_cb; + void *ticket_cb_data; + + /* The number of TLS1.3 tickets to automatically send */ + size_t num_tickets; + + /* Callback to determine if early_data is acceptable or not */ + SSL_allow_early_data_cb_fn allow_early_data_cb; + void *allow_early_data_cb_data; + + /* Do we advertise Post-handshake auth support? */ + int pha_enabled; }; struct ssl_st { @@ -924,11 +1121,12 @@ struct ssl_st { int shutdown; /* where we are */ OSSL_STATEM statem; + SSL_EARLY_DATA_STATE early_data_state; BUF_MEM *init_buf; /* buffer used during init */ void *init_msg; /* pointer to handshake message body, set by * ssl3_get_message() */ - int init_num; /* amount read/written */ - int init_off; /* amount read/written */ + size_t init_num; /* amount read/written */ + size_t init_off; /* amount read/written */ struct ssl3_state_st *s3; /* SSLv3 variables */ struct dtls1_state_st *d1; /* DTLSv1 variables */ /* callback that allows applications to peek at protocol messages */ @@ -942,31 +1140,74 @@ struct ssl_st { /* crypto */ STACK_OF(SSL_CIPHER) *cipher_list; STACK_OF(SSL_CIPHER) *cipher_list_by_id; + /* TLSv1.3 specific ciphersuites */ + STACK_OF(SSL_CIPHER) *tls13_ciphersuites; /* * These are the ones being used, the ones in SSL_SESSION are the ones to * be 'copied' into these ones */ uint32_t mac_flags; + /* + * The TLS1.3 secrets. + */ + unsigned char early_secret[EVP_MAX_MD_SIZE]; + unsigned char handshake_secret[EVP_MAX_MD_SIZE]; + unsigned char master_secret[EVP_MAX_MD_SIZE]; + unsigned char resumption_master_secret[EVP_MAX_MD_SIZE]; + unsigned char client_finished_secret[EVP_MAX_MD_SIZE]; + unsigned char server_finished_secret[EVP_MAX_MD_SIZE]; + unsigned char server_finished_hash[EVP_MAX_MD_SIZE]; + unsigned char handshake_traffic_hash[EVP_MAX_MD_SIZE]; + unsigned char client_app_traffic_secret[EVP_MAX_MD_SIZE]; + unsigned char server_app_traffic_secret[EVP_MAX_MD_SIZE]; + unsigned char exporter_master_secret[EVP_MAX_MD_SIZE]; + unsigned char early_exporter_master_secret[EVP_MAX_MD_SIZE]; EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ + unsigned char read_iv[EVP_MAX_IV_LENGTH]; /* TLSv1.3 static read IV */ EVP_MD_CTX *read_hash; /* used for mac generation */ COMP_CTX *compress; /* compression */ COMP_CTX *expand; /* uncompress */ EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ + unsigned char write_iv[EVP_MAX_IV_LENGTH]; /* TLSv1.3 static write IV */ EVP_MD_CTX *write_hash; /* used for mac generation */ + /* Count of how many KeyUpdate messages we have received */ + unsigned int key_update_count; /* session info */ /* client cert? */ /* This is used to hold the server certificate used */ struct cert_st /* CERT */ *cert; + + /* + * The hash of all messages prior to the CertificateVerify, and the length + * of that hash. + */ + unsigned char cert_verify_hash[EVP_MAX_MD_SIZE]; + size_t cert_verify_hash_len; + + /* Flag to indicate whether we should send a HelloRetryRequest or not */ + enum {SSL_HRR_NONE = 0, SSL_HRR_PENDING, SSL_HRR_COMPLETE} + hello_retry_request; + /* * the session_id_context is used to ensure sessions are only reused in * the appropriate context */ - unsigned int sid_ctx_length; + size_t sid_ctx_length; unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; /* This can also be in the session once a session is established */ SSL_SESSION *session; + /* TLSv1.3 PSK session */ + SSL_SESSION *psksession; + unsigned char *psksession_id; + size_t psksession_id_len; /* Default generate session ID callback. */ GEN_SESSION_CB generate_session_id; + /* + * The temporary TLSv1.3 session id. This isn't really a session id at all + * but is a random value sent in the legacy session id field. + */ + unsigned char tmp_session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; + size_t tmp_session_id_len; /* Used in SSL3 */ /* * 0 don't care about verify failure. @@ -982,51 +1223,149 @@ struct ssl_st { /* actual code */ int error_code; # ifndef OPENSSL_NO_PSK - unsigned int (*psk_client_callback) (SSL *ssl, const char *hint, - char *identity, - unsigned int max_identity_len, - unsigned char *psk, - unsigned int max_psk_len); - unsigned int (*psk_server_callback) (SSL *ssl, const char *identity, - unsigned char *psk, - unsigned int max_psk_len); + SSL_psk_client_cb_func psk_client_callback; + SSL_psk_server_cb_func psk_server_callback; # endif + SSL_psk_find_session_cb_func psk_find_session_cb; + SSL_psk_use_session_cb_func psk_use_session_cb; + SSL_CTX *ctx; /* Verified chain of peer */ STACK_OF(X509) *verified_chain; long verify_result; /* extra application data */ CRYPTO_EX_DATA ex_data; - /* for server side, keep the list of CA_dn we can use */ - STACK_OF(X509_NAME) *client_CA; - int references; + /* + * What we put in certificate_authorities extension for TLS 1.3 + * (ClientHello and CertificateRequest) or just client cert requests for + * earlier versions. If client_ca_names is populated then it is only used + * for client cert requests, and in preference to ca_names. + */ + STACK_OF(X509_NAME) *ca_names; + STACK_OF(X509_NAME) *client_ca_names; + CRYPTO_REF_COUNT references; /* protocol behaviour */ uint32_t options; /* API behaviour */ uint32_t mode; int min_proto_version; int max_proto_version; - long max_cert_list; + size_t max_cert_list; int first_packet; - /* what was passed, used for SSLv3/TLS rollback check */ + /* + * What was passed in ClientHello.legacy_version. Used for RSA pre-master + * secret and SSLv3/TLS (<=1.2) rollback check + */ int client_version; /* * If we're using more than one pipeline how should we divide the data * up between the pipes? */ - unsigned int split_send_fragment; + size_t split_send_fragment; /* * Maximum amount of data to send in one fragment. actual record size can * be more than this due to padding and MAC overheads. */ - unsigned int max_send_fragment; + size_t max_send_fragment; /* Up to how many pipelines should we use? If 0 then 1 is assumed */ - unsigned int max_pipelines; - /* TLS extension debug callback */ - void (*tlsext_debug_cb) (SSL *s, int client_server, int type, - const unsigned char *data, int len, void *arg); - void *tlsext_debug_arg; - char *tlsext_hostname; + size_t max_pipelines; + + struct { + /* Built-in extension flags */ + uint8_t extflags[TLSEXT_IDX_num_builtins]; + /* TLS extension debug callback */ + void (*debug_cb)(SSL *s, int client_server, int type, + const unsigned char *data, int len, void *arg); + void *debug_arg; + char *hostname; + /* certificate status request info */ + /* Status type or -1 if no status type */ + int status_type; + /* Raw extension data, if seen */ + unsigned char *scts; + /* Length of raw extension data, if seen */ + uint16_t scts_len; + /* Expect OCSP CertificateStatus message */ + int status_expected; + + struct { + /* OCSP status request only */ + STACK_OF(OCSP_RESPID) *ids; + X509_EXTENSIONS *exts; + /* OCSP response received or to be sent */ + unsigned char *resp; + size_t resp_len; + } ocsp; + + /* RFC4507 session ticket expected to be received or sent */ + int ticket_expected; +# ifndef OPENSSL_NO_EC + size_t ecpointformats_len; + /* our list */ + unsigned char *ecpointformats; +# endif /* OPENSSL_NO_EC */ + size_t supportedgroups_len; + /* our list */ + uint16_t *supportedgroups; + /* TLS Session Ticket extension override */ + TLS_SESSION_TICKET_EXT *session_ticket; + /* TLS Session Ticket extension callback */ + tls_session_ticket_ext_cb_fn session_ticket_cb; + void *session_ticket_cb_arg; + /* TLS pre-shared secret session resumption */ + tls_session_secret_cb_fn session_secret_cb; + void *session_secret_cb_arg; + /* + * For a client, this contains the list of supported protocols in wire + * format. + */ + unsigned char *alpn; + size_t alpn_len; + /* + * Next protocol negotiation. For the client, this is the protocol that + * we sent in NextProtocol and is set when handling ServerHello + * extensions. For a server, this is the client's selected_protocol from + * NextProtocol and is set when handling the NextProtocol message, before + * the Finished message. + */ + unsigned char *npn; + size_t npn_len; + + /* The available PSK key exchange modes */ + int psk_kex_mode; + + /* Set to one if we have negotiated ETM */ + int use_etm; + + /* Are we expecting to receive early data? */ + int early_data; + /* Is the session suitable for early data? */ + int early_data_ok; + + /* May be sent by a server in HRR. Must be echoed back in ClientHello */ + unsigned char *tls13_cookie; + size_t tls13_cookie_len; + /* Have we received a cookie from the client? */ + int cookieok; + + /* + * Maximum Fragment Length as per RFC 4366. + * If this member contains one of the allowed values (1-4) + * then we should include Maximum Fragment Length Negotiation + * extension in Client Hello. + * Please note that value of this member does not have direct + * effect. The actual (binding) value is stored in SSL_SESSION, + * as this extension is optional on server side. + */ + uint8_t max_fragment_len_mode; + } ext; + + /* + * Parsed form of the ClientHello, kept around across client_hello_cb + * calls. + */ + CLIENTHELLO_MSG *clienthello; + /*- * no further mod of servername * 0 : call the servername extension callback. @@ -1034,98 +1373,45 @@ struct ssl_st { * 2 : don't call servername callback, no ack in server hello */ int servername_done; - /* certificate status request info */ - /* Status type or -1 if no status type */ - int tlsext_status_type; # ifndef OPENSSL_NO_CT /* * Validates that the SCTs (Signed Certificate Timestamps) are sufficient. * If they are not, the connection should be aborted. */ ssl_ct_validation_cb ct_validation_callback; - /* User-supplied argument tha tis passed to the ct_validation_callback */ + /* User-supplied argument that is passed to the ct_validation_callback */ void *ct_validation_callback_arg; /* * Consolidated stack of SCTs from all sources. * Lazily populated by CT_get_peer_scts(SSL*) */ STACK_OF(SCT) *scts; - /* Raw extension data, if seen */ - unsigned char *tlsext_scts; - /* Length of raw extension data, if seen */ - uint16_t tlsext_scts_len; /* Have we attempted to find/parse SCTs yet? */ int scts_parsed; # endif - /* Expect OCSP CertificateStatus message */ - int tlsext_status_expected; - /* OCSP status request only */ - STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids; - X509_EXTENSIONS *tlsext_ocsp_exts; - /* OCSP response received or to be sent */ - unsigned char *tlsext_ocsp_resp; - int tlsext_ocsp_resplen; - /* RFC4507 session ticket expected to be received or sent */ - int tlsext_ticket_expected; -# ifndef OPENSSL_NO_EC - size_t tlsext_ecpointformatlist_length; - /* our list */ - unsigned char *tlsext_ecpointformatlist; - size_t tlsext_ellipticcurvelist_length; - /* our list */ - unsigned char *tlsext_ellipticcurvelist; -# endif /* OPENSSL_NO_EC */ - /* TLS Session Ticket extension override */ - TLS_SESSION_TICKET_EXT *tlsext_session_ticket; - /* TLS Session Ticket extension callback */ - tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb; - void *tls_session_ticket_ext_cb_arg; - /* TLS pre-shared secret session resumption */ - tls_session_secret_cb_fn tls_session_secret_cb; - void *tls_session_secret_cb_arg; SSL_CTX *session_ctx; /* initial ctx, used to store sessions */ -# ifndef OPENSSL_NO_NEXTPROTONEG - /* - * Next protocol negotiation. For the client, this is the protocol that - * we sent in NextProtocol and is set when handling ServerHello - * extensions. For a server, this is the client's selected_protocol from - * NextProtocol and is set when handling the NextProtocol message, before - * the Finished message. - */ - unsigned char *next_proto_negotiated; - unsigned char next_proto_negotiated_len; -# endif +# ifndef OPENSSL_NO_SRTP /* What we'll do */ STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; /* What's been chosen */ SRTP_PROTECTION_PROFILE *srtp_profile; - /*- - * Is use of the Heartbeat extension negotiated? - * 0: disabled - * 1: enabled - * 2: enabled, but not allowed to send Requests - */ - unsigned int tlsext_heartbeat; - /* Indicates if a HeartbeatRequest is in flight */ - unsigned int tlsext_hb_pending; - /* HeartbeatRequest sequence number */ - unsigned int tlsext_hb_seq; - /* - * For a client, this contains the list of supported protocols in wire - * format. - */ - unsigned char *alpn_client_proto_list; - unsigned alpn_client_proto_list_len; - - /* Set to one if we have negotiated ETM */ - int tlsext_use_etm; - +# endif /*- * 1 if we are renegotiating. * 2 if we are a server and are inside a handshake * (i.e. not just sending a HelloRequest) */ int renegotiate; + /* If sending a KeyUpdate is pending */ + int key_update; + /* Post-handshake authentication state */ + SSL_PHA_STATE post_handshake_auth; + int pha_enabled; + uint8_t* pha_context; + size_t pha_context_len; + int certreqs_sent; + EVP_MD_CTX *pha_dgst; /* this is just the digest through ClientFinished */ + # ifndef OPENSSL_NO_SRP /* ctx for SRP authentication */ SRP_CTX srp_ctx; @@ -1143,14 +1429,97 @@ struct ssl_st { /* Async Job info */ ASYNC_JOB *job; ASYNC_WAIT_CTX *waitctx; + size_t asyncrw; + + /* + * The maximum number of bytes advertised in session tickets that can be + * sent as early data. + */ + uint32_t max_early_data; + /* + * The maximum number of bytes of early data that a server will tolerate + * (which should be at least as much as max_early_data). + */ + uint32_t recv_max_early_data; + + /* + * The number of bytes of early data received so far. If we accepted early + * data then this is a count of the plaintext bytes. If we rejected it then + * this is a count of the ciphertext bytes. + */ + uint32_t early_data_count; + + /* TLS1.3 padding callback */ + size_t (*record_padding_cb)(SSL *s, int type, size_t len, void *arg); + void *record_padding_arg; + size_t block_padding; + CRYPTO_RWLOCK *lock; + RAND_DRBG *drbg; + + /* The number of TLS1.3 tickets to automatically send */ + size_t num_tickets; + /* The number of TLS1.3 tickets actually sent so far */ + size_t sent_tickets; + /* The next nonce value to use when we send a ticket on this connection */ + uint64_t next_ticket_nonce; + + /* Callback to determine if early_data is acceptable or not */ + SSL_allow_early_data_cb_fn allow_early_data_cb; + void *allow_early_data_cb_data; }; +/* + * Structure containing table entry of values associated with the signature + * algorithms (signature scheme) extension +*/ +typedef struct sigalg_lookup_st { + /* TLS 1.3 signature scheme name */ + const char *name; + /* Raw value used in extension */ + uint16_t sigalg; + /* NID of hash algorithm or NID_undef if no hash */ + int hash; + /* Index of hash algorithm or -1 if no hash algorithm */ + int hash_idx; + /* NID of signature algorithm */ + int sig; + /* Index of signature algorithm */ + int sig_idx; + /* Combined hash and signature NID, if any */ + int sigandhash; + /* Required public key curve (ECDSA only) */ + int curve; +} SIGALG_LOOKUP; + +typedef struct tls_group_info_st { + int nid; /* Curve NID */ + int secbits; /* Bits of security (from SP800-57) */ + uint16_t flags; /* Flags: currently just group type */ +} TLS_GROUP_INFO; + +/* flags values */ +# define TLS_CURVE_TYPE 0x3 /* Mask for group type */ +# define TLS_CURVE_PRIME 0x0 +# define TLS_CURVE_CHAR2 0x1 +# define TLS_CURVE_CUSTOM 0x2 + +typedef struct cert_pkey_st CERT_PKEY; + +/* + * Structure containing table entry of certificate info corresponding to + * CERT_PKEY entries + */ +typedef struct { + int nid; /* NID of pubic key algorithm */ + uint32_t amask; /* authmask corresponding to key type */ +} SSL_CERT_LOOKUP; + typedef struct ssl3_state_st { long flags; - int read_mac_secret_size; + size_t read_mac_secret_size; unsigned char read_mac_secret[EVP_MAX_MD_SIZE]; - int write_mac_secret_size; + size_t write_mac_secret_size; unsigned char write_mac_secret[EVP_MAX_MD_SIZE]; unsigned char server_random[SSL3_RANDOM_SIZE]; unsigned char client_random[SSL3_RANDOM_SIZE]; @@ -1189,10 +1558,10 @@ typedef struct ssl3_state_st { struct { /* actually only need to be 16+20 for SSLv3 and 12 for TLS */ unsigned char finish_md[EVP_MAX_MD_SIZE * 2]; - int finish_md_len; + size_t finish_md_len; unsigned char peer_finish_md[EVP_MAX_MD_SIZE * 2]; - int peer_finish_md_len; - unsigned long message_size; + size_t peer_finish_md_len; + size_t message_size; int message_type; /* used to hold the new cipher we are going to use */ const SSL_CIPHER *new_cipher; @@ -1201,15 +1570,17 @@ typedef struct ssl3_state_st { # endif /* used for certificate requests */ int cert_req; - int ctype_num; - char ctype[SSL3_CT_NUMBER]; - STACK_OF(X509_NAME) *ca_names; - int key_block_length; + /* Certificate types in certificate request message. */ + uint8_t *ctype; + size_t ctype_len; + /* Certificate authorities list peer sent */ + STACK_OF(X509_NAME) *peer_ca_names; + size_t key_block_length; unsigned char *key_block; const EVP_CIPHER *new_sym_enc; const EVP_MD *new_hash; int new_mac_pkey_type; - int new_mac_secret_size; + size_t new_mac_secret_size; # ifndef OPENSSL_NO_COMP const SSL_COMP *new_compression; # else @@ -1227,18 +1598,23 @@ typedef struct ssl3_state_st { unsigned char *psk; size_t psklen; # endif + /* Signature algorithm we actually use */ + const SIGALG_LOOKUP *sigalg; + /* Pointer to certificate we use */ + CERT_PKEY *cert; /* * signature algorithms peer reports: e.g. supported signature * algorithms extension for server or as part of a certificate * request for client. + * Keep track of the algorithms for TLS and X.509 usage separately. */ - unsigned char *peer_sigalgs; - /* Size of above array */ + uint16_t *peer_sigalgs; + uint16_t *peer_cert_sigalgs; + /* Size of above arrays */ size_t peer_sigalgslen; - /* Digest peer uses for signing */ - const EVP_MD *peer_md; - /* Array of digests used for signing */ - const EVP_MD *md[SSL_PKEY_NUM]; + size_t peer_cert_sigalgslen; + /* Sigalg peer actually uses */ + const SIGALG_LOOKUP *peer_sigalg; /* * Set if corresponding CERT_PKEY can be used with current * SSL session: e.g. appropriate curve, signature algorithms etc. @@ -1263,16 +1639,16 @@ typedef struct ssl3_state_st { /* Connection binding to prevent renegotiation attacks */ unsigned char previous_client_finished[EVP_MAX_MD_SIZE]; - unsigned char previous_client_finished_len; + size_t previous_client_finished_len; unsigned char previous_server_finished[EVP_MAX_MD_SIZE]; - unsigned char previous_server_finished_len; + size_t previous_server_finished_len; int send_connection_binding; /* TODOEKR */ # ifndef OPENSSL_NO_NEXTPROTONEG /* * Set if we saw the Next Protocol Negotiation extension from our peer. */ - int next_proto_neg_seen; + int npn_seen; # endif /* @@ -1304,6 +1680,8 @@ typedef struct ssl3_state_st { /* For clients: peer temporary key */ # if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) + /* The group_id for the DH/ECDH key */ + uint16_t group_id; EVP_PKEY *peer_tmp; # endif @@ -1320,7 +1698,7 @@ typedef struct ssl3_state_st { /* * Flag used in message reuse to indicate the buffer contains the record - * header as well as the the handshake message header. + * header as well as the handshake message header. */ # define DTLS1_SKIP_RECORD_HEADER 2 @@ -1334,10 +1712,10 @@ struct dtls1_retransmit_state { struct hm_header_st { unsigned char type; - unsigned long msg_len; + size_t msg_len; unsigned short seq; - unsigned long frag_off; - unsigned long frag_len; + size_t frag_off; + size_t frag_len; unsigned int is_ccs; struct dtls1_retransmit_state saved_retransmit_state; }; @@ -1378,11 +1756,11 @@ pitem *pqueue_pop(pqueue *pq); pitem *pqueue_find(pqueue *pq, unsigned char *prio64be); pitem *pqueue_iterator(pqueue *pq); pitem *pqueue_next(piterator *iter); -int pqueue_size(pqueue *pq); +size_t pqueue_size(pqueue *pq); typedef struct dtls1_state_st { unsigned char cookie[DTLS1_COOKIE_LENGTH]; - unsigned int cookie_len; + size_t cookie_len; unsigned int cookie_verified; /* handshake message numbers */ unsigned short handshake_write_seq; @@ -1392,21 +1770,25 @@ typedef struct dtls1_state_st { pqueue *buffered_messages; /* Buffered (sent) handshake records */ pqueue *sent_messages; - unsigned int link_mtu; /* max on-the-wire DTLS packet size */ - unsigned int mtu; /* max DTLS packet size */ + size_t link_mtu; /* max on-the-wire DTLS packet size */ + size_t mtu; /* max DTLS packet size */ struct hm_header_st w_msg_hdr; struct hm_header_st r_msg_hdr; struct dtls1_timeout_st timeout; /* - * Indicates when the last handshake msg or heartbeat sent will timeout + * Indicates when the last handshake msg sent will timeout */ struct timeval next_timeout; /* Timeout duration */ - unsigned short timeout_duration; + unsigned int timeout_duration_us; + unsigned int retransmitting; # ifndef OPENSSL_NO_SCTP int shutdown_received; # endif + + DTLS_timer_cb timer_cb; + } DTLS1_STATE; # ifndef OPENSSL_NO_EC @@ -1418,7 +1800,7 @@ typedef struct dtls1_state_st { # define NAMED_CURVE_TYPE 3 # endif /* OPENSSL_NO_EC */ -typedef struct cert_pkey_st { +struct cert_pkey_st { X509 *x509; EVP_PKEY *privatekey; /* Chain for this certificate */ @@ -1432,24 +1814,34 @@ typedef struct cert_pkey_st { */ unsigned char *serverinfo; size_t serverinfo_length; -} CERT_PKEY; +}; /* Retrieve Suite B flags */ # define tls1_suiteb(s) (s->cert->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS) /* Uses to check strict mode: suite B modes are always strict */ # define SSL_CERT_FLAGS_CHECK_TLS_STRICT \ (SSL_CERT_FLAG_SUITEB_128_LOS|SSL_CERT_FLAG_TLS_STRICT) +typedef enum { + ENDPOINT_CLIENT = 0, + ENDPOINT_SERVER, + ENDPOINT_BOTH +} ENDPOINT; + + typedef struct { unsigned short ext_type; + ENDPOINT role; + /* The context which this extension applies to */ + unsigned int context; /* * Per-connection flags relating to this extension type: not used if * part of an SSL_CTX structure. */ uint32_t ext_flags; - custom_ext_add_cb add_cb; - custom_ext_free_cb free_cb; + SSL_custom_ext_add_cb_ex add_cb; + SSL_custom_ext_free_cb_ex free_cb; void *add_arg; - custom_ext_parse_cb parse_cb; + SSL_custom_ext_parse_cb_ex parse_cb; void *parse_arg; } custom_ext_method; @@ -1487,36 +1879,32 @@ typedef struct cert_st { /* Flags related to certificates */ uint32_t cert_flags; CERT_PKEY pkeys[SSL_PKEY_NUM]; - /* - * Certificate types (received or sent) in certificate request message. - * On receive this is only set if number of certificate types exceeds - * SSL3_CT_NUMBER. - */ - unsigned char *ctypes; - size_t ctype_num; + /* Custom certificate types sent in certificate request message. */ + uint8_t *ctype; + size_t ctype_len; /* * supported signature algorithms. When set on a client this is sent in * the client hello as the supported signature algorithms extension. For * servers it represents the signature algorithms we are willing to use. */ - unsigned char *conf_sigalgs; + uint16_t *conf_sigalgs; /* Size of above array */ size_t conf_sigalgslen; /* * Client authentication signature algorithms, if not set then uses * conf_sigalgs. On servers these will be the signature algorithms sent - * to the client in a cerificate request for TLS 1.2. On a client this - * represents the signature algortithms we are willing to use for client + * to the client in a certificate request for TLS 1.2. On a client this + * represents the signature algorithms we are willing to use for client * authentication. */ - unsigned char *client_sigalgs; + uint16_t *client_sigalgs; /* Size of above array */ size_t client_sigalgslen; /* * Signature algorithms shared by client and server: cached because these * are used most often. */ - TLS_SIGALGS *shared_sigalgs; + const SIGALG_LOOKUP **shared_sigalgs; size_t shared_sigalgslen; /* * Certificate setup callback: if set is called whenever a certificate @@ -1533,9 +1921,8 @@ typedef struct cert_st { */ X509_STORE *chain_store; X509_STORE *verify_store; - /* Custom extension methods for server and client */ - custom_ext_methods cli_ext; - custom_ext_methods srv_ext; + /* Custom extensions */ + custom_ext_methods custext; /* Security callback */ int (*sec_cb) (const SSL *s, const SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex); @@ -1546,23 +1933,10 @@ typedef struct cert_st { /* If not NULL psk identity hint to use for servers */ char *psk_identity_hint; # endif - int references; /* >1 only if SSL_copy_session_id is used */ + CRYPTO_REF_COUNT references; /* >1 only if SSL_copy_session_id is used */ CRYPTO_RWLOCK *lock; } CERT; -/* Structure containing decoded values of signature algorithms extension */ -struct tls_sigalgs_st { - /* NID of hash algorithm */ - int hash_nid; - /* NID of signature algorithm */ - int sign_nid; - /* Combined hash and signature NID */ - int signandhash_nid; - /* Raw values used in extension */ - unsigned char rsign; - unsigned char rhash; -}; - # define FP_ICC (int (*)(const void *,const void *)) /* @@ -1570,18 +1944,17 @@ struct tls_sigalgs_st { * of a mess of functions, but hell, think of it as an opaque structure :-) */ typedef struct ssl3_enc_method { - int (*enc) (SSL *, SSL3_RECORD *, unsigned int, int); + int (*enc) (SSL *, SSL3_RECORD *, size_t, int); int (*mac) (SSL *, SSL3_RECORD *, unsigned char *, int); int (*setup_key_block) (SSL *); int (*generate_master_secret) (SSL *, unsigned char *, unsigned char *, - int); + size_t, size_t *); int (*change_cipher_state) (SSL *, int); - int (*final_finish_mac) (SSL *, const char *, int, unsigned char *); - int finish_mac_length; + size_t (*final_finish_mac) (SSL *, const char *, size_t, unsigned char *); const char *client_finished_label; - int client_finished_label_len; + size_t client_finished_label_len; const char *server_finished_label; - int server_finished_label_len; + size_t server_finished_label_len; int (*alert_value) (int); int (*export_keying_material) (SSL *, unsigned char *, size_t, const char *, size_t, @@ -1589,19 +1962,18 @@ typedef struct ssl3_enc_method { int use_context); /* Various flags indicating protocol version requirements */ uint32_t enc_flags; - /* Handshake header length */ - unsigned int hhlen; /* Set the handshake header */ - int (*set_handshake_header) (SSL *s, int type, unsigned long len); + int (*set_handshake_header) (SSL *s, WPACKET *pkt, int type); + /* Close construction of the handshake message */ + int (*close_construct_packet) (SSL *s, WPACKET *pkt, int htype); /* Write out handshake message */ int (*do_write) (SSL *s); } SSL3_ENC_METHOD; -# define SSL_HM_HEADER_LENGTH(s) s->method->ssl3_enc->hhlen -# define ssl_handshake_start(s) \ - (((unsigned char *)s->init_buf->data) + s->method->ssl3_enc->hhlen) -# define ssl_set_handshake_header(s, htype, len) \ - s->method->ssl3_enc->set_handshake_header(s, htype, len) +# define ssl_set_handshake_header(s, pkt, htype) \ + s->method->ssl3_enc->set_handshake_header((s), (pkt), (htype)) +# define ssl_close_construct_packet(s, pkt, htype) \ + s->method->ssl3_enc->close_construct_packet((s), (pkt), (htype)) # define ssl_do_write(s) s->method->ssl3_enc->do_write(s) /* Values for enc_flags */ @@ -1630,6 +2002,71 @@ typedef struct ssl3_comp_st { } SSL3_COMP; # endif +typedef enum downgrade_en { + DOWNGRADE_NONE, + DOWNGRADE_TO_1_2, + DOWNGRADE_TO_1_1 +} DOWNGRADE; + +/* + * Dummy status type for the status_type extension. Indicates no status type + * set + */ +#define TLSEXT_STATUSTYPE_nothing -1 + +/* Sigalgs values */ +#define TLSEXT_SIGALG_ecdsa_secp256r1_sha256 0x0403 +#define TLSEXT_SIGALG_ecdsa_secp384r1_sha384 0x0503 +#define TLSEXT_SIGALG_ecdsa_secp521r1_sha512 0x0603 +#define TLSEXT_SIGALG_ecdsa_sha224 0x0303 +#define TLSEXT_SIGALG_ecdsa_sha1 0x0203 +#define TLSEXT_SIGALG_rsa_pss_rsae_sha256 0x0804 +#define TLSEXT_SIGALG_rsa_pss_rsae_sha384 0x0805 +#define TLSEXT_SIGALG_rsa_pss_rsae_sha512 0x0806 +#define TLSEXT_SIGALG_rsa_pss_pss_sha256 0x0809 +#define TLSEXT_SIGALG_rsa_pss_pss_sha384 0x080a +#define TLSEXT_SIGALG_rsa_pss_pss_sha512 0x080b +#define TLSEXT_SIGALG_rsa_pkcs1_sha256 0x0401 +#define TLSEXT_SIGALG_rsa_pkcs1_sha384 0x0501 +#define TLSEXT_SIGALG_rsa_pkcs1_sha512 0x0601 +#define TLSEXT_SIGALG_rsa_pkcs1_sha224 0x0301 +#define TLSEXT_SIGALG_rsa_pkcs1_sha1 0x0201 +#define TLSEXT_SIGALG_dsa_sha256 0x0402 +#define TLSEXT_SIGALG_dsa_sha384 0x0502 +#define TLSEXT_SIGALG_dsa_sha512 0x0602 +#define TLSEXT_SIGALG_dsa_sha224 0x0302 +#define TLSEXT_SIGALG_dsa_sha1 0x0202 +#define TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256 0xeeee +#define TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512 0xefef +#define TLSEXT_SIGALG_gostr34102001_gostr3411 0xeded + +#define TLSEXT_SIGALG_ed25519 0x0807 +#define TLSEXT_SIGALG_ed448 0x0808 + +/* Known PSK key exchange modes */ +#define TLSEXT_KEX_MODE_KE 0x00 +#define TLSEXT_KEX_MODE_KE_DHE 0x01 + +/* + * Internal representations of key exchange modes + */ +#define TLSEXT_KEX_MODE_FLAG_NONE 0 +#define TLSEXT_KEX_MODE_FLAG_KE 1 +#define TLSEXT_KEX_MODE_FLAG_KE_DHE 2 + +/* An invalid index into the TLSv1.3 PSK identities */ +#define TLSEXT_PSK_BAD_IDENTITY -1 + +#define SSL_USE_PSS(s) (s->s3->tmp.peer_sigalg != NULL && \ + s->s3->tmp.peer_sigalg->sig == EVP_PKEY_RSA_PSS) + +/* A dummy signature value not valid for TLSv1.2 signature algs */ +#define TLSEXT_signature_rsa_pss 0x0101 + +/* TLSv1.3 downgrade protection sentinel values */ +extern const unsigned char tls11downgrade[8]; +extern const unsigned char tls12downgrade[8]; + extern SSL3_ENC_METHOD ssl3_undef_enc_method; __owur const SSL_METHOD *ssl_bad_method(int ver); @@ -1645,6 +2082,9 @@ __owur const SSL_METHOD *tlsv1_1_client_method(void); __owur const SSL_METHOD *tlsv1_2_method(void); __owur const SSL_METHOD *tlsv1_2_server_method(void); __owur const SSL_METHOD *tlsv1_2_client_method(void); +__owur const SSL_METHOD *tlsv1_3_method(void); +__owur const SSL_METHOD *tlsv1_3_server_method(void); +__owur const SSL_METHOD *tlsv1_3_client_method(void); __owur const SSL_METHOD *dtlsv1_method(void); __owur const SSL_METHOD *dtlsv1_server_method(void); __owur const SSL_METHOD *dtlsv1_client_method(void); @@ -1656,6 +2096,7 @@ __owur const SSL_METHOD *dtlsv1_2_client_method(void); extern const SSL3_ENC_METHOD TLSv1_enc_data; extern const SSL3_ENC_METHOD TLSv1_1_enc_data; extern const SSL3_ENC_METHOD TLSv1_2_enc_data; +extern const SSL3_ENC_METHOD TLSv1_3_enc_data; extern const SSL3_ENC_METHOD SSLv3_enc_data; extern const SSL3_ENC_METHOD DTLSv1_enc_data; extern const SSL3_ENC_METHOD DTLSv1_2_enc_data; @@ -1782,55 +2223,78 @@ const SSL_METHOD *func_name(void) \ struct openssl_ssl_test_functions { int (*p_ssl_init_wbio_buffer) (SSL *s); int (*p_ssl3_setup_buffers) (SSL *s); -# ifndef OPENSSL_NO_HEARTBEATS - int (*p_dtls1_process_heartbeat) (SSL *s, - unsigned char *p, unsigned int length); -# endif }; const char *ssl_protocol_to_string(int version); +/* Returns true if certificate and private key for 'idx' are present */ +static ossl_inline int ssl_has_cert(const SSL *s, int idx) +{ + if (idx < 0 || idx >= SSL_PKEY_NUM) + return 0; + return s->cert->pkeys[idx].x509 != NULL + && s->cert->pkeys[idx].privatekey != NULL; +} + +static ossl_inline void tls1_get_peer_groups(SSL *s, const uint16_t **pgroups, + size_t *pgroupslen) +{ + *pgroups = s->session->ext.supportedgroups; + *pgroupslen = s->session->ext.supportedgroups_len; +} + # ifndef OPENSSL_UNIT_TEST +__owur int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes); +__owur int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written); void ssl_clear_cipher_ctx(SSL *s); int ssl_clear_bad_session(SSL *s); __owur CERT *ssl_cert_new(void); __owur CERT *ssl_cert_dup(CERT *cert); void ssl_cert_clear_certs(CERT *c); void ssl_cert_free(CERT *c); +__owur int ssl_generate_session_id(SSL *s, SSL_SESSION *ss); __owur int ssl_get_new_session(SSL *s, int session); -__owur int ssl_get_prev_session(SSL *s, const PACKET *ext, - const PACKET *session_id); +__owur SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id, + size_t sess_id_len); +__owur int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello); __owur SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket); __owur int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b); DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, const SSL_CIPHER *const *bp); -__owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth, - STACK_OF(SSL_CIPHER) **pref, - STACK_OF(SSL_CIPHER) - **sorted, +__owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, + STACK_OF(SSL_CIPHER) *tls13_ciphersuites, + STACK_OF(SSL_CIPHER) **cipher_list, + STACK_OF(SSL_CIPHER) **cipher_list_by_id, const char *rule_str, CERT *c); +__owur int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format); +__owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites, + STACK_OF(SSL_CIPHER) **skp, + STACK_OF(SSL_CIPHER) **scsvs, int sslv2format, + int fatal); void ssl_update_cache(SSL *s, int mode); __owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, const EVP_MD **md, int *mac_pkey_type, - int *mac_secret_size, SSL_COMP **comp, + size_t *mac_secret_size, SSL_COMP **comp, int use_etm); -__owur int ssl_cipher_get_cert_index(const SSL_CIPHER *c); +__owur int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead, + size_t *int_overhead, size_t *blocksize, + size_t *ext_overhead); +__owur int ssl_cert_is_disabled(size_t idx); __owur const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, - const unsigned char *ptr); + const unsigned char *ptr, + int all); __owur int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain); __owur int ssl_cert_set1_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain); __owur int ssl_cert_add0_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x); __owur int ssl_cert_add1_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x); __owur int ssl_cert_select_current(CERT *c, X509 *x); __owur int ssl_cert_set_current(CERT *c, long arg); -__owur X509 *ssl_cert_get0_next_certificate(CERT *c, int first); void ssl_cert_set_cert_cb(CERT *c, int (*cb) (SSL *ssl, void *arg), void *arg); __owur int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk); -__owur int ssl_add_cert_chain(SSL *s, CERT_PKEY *cpk, unsigned long *l); __owur int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags); __owur int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref); @@ -1839,31 +2303,38 @@ __owur int ssl_security(const SSL *s, int op, int bits, int nid, void *other); __owur int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, void *other); +__owur int ssl_cert_lookup_by_nid(int nid, size_t *pidx); +__owur const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk, + size_t *pidx); +__owur const SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx); + int ssl_undefined_function(SSL *s); __owur int ssl_undefined_void_function(void); __owur int ssl_undefined_const_function(const SSL *s); -__owur CERT_PKEY *ssl_get_server_send_pkey(SSL *s); __owur int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo, size_t *serverinfo_length); -__owur EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *c, - const EVP_MD **pmd); -__owur int ssl_cert_type(const X509 *x, const EVP_PKEY *pkey); void ssl_set_masks(SSL *s); __owur STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); -__owur int ssl_verify_alarm_type(long type); +__owur int ssl_x509err2alert(int type); void ssl_sort_cipher_list(void); -void ssl_load_ciphers(void); +int ssl_load_ciphers(void); __owur int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, - int len); + size_t len, DOWNGRADE dgrd); __owur int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, int free_pms); __owur EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm); -__owur int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey); +__owur int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, + int genmaster); __owur EVP_PKEY *ssl_dh_to_pkey(DH *dh); +__owur unsigned int ssl_get_max_send_fragment(const SSL *ssl); +__owur unsigned int ssl_get_split_send_fragment(const SSL *ssl); +__owur const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id); +__owur const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname); __owur const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p); -__owur int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p); +__owur int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, + size_t *len); int ssl3_init_finished_mac(SSL *s); __owur int ssl3_setup_key_block(SSL *s); __owur int ssl3_change_cipher_state(SSL *s, int which); @@ -1871,29 +2342,31 @@ void ssl3_cleanup_key_block(SSL *s); __owur int ssl3_do_write(SSL *s, int type); int ssl3_send_alert(SSL *s, int level, int desc); __owur int ssl3_generate_master_secret(SSL *s, unsigned char *out, - unsigned char *p, int len); -__owur int ssl3_get_req_cert_type(SSL *s, unsigned char *p); + unsigned char *p, size_t len, + size_t *secret_size); +__owur int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt); __owur int ssl3_num_ciphers(void); __owur const SSL_CIPHER *ssl3_get_cipher(unsigned int u); int ssl3_renegotiate(SSL *ssl); -int ssl3_renegotiate_check(SSL *ssl); +int ssl3_renegotiate_check(SSL *ssl, int initok); __owur int ssl3_dispatch_alert(SSL *s); -__owur int ssl3_final_finish_mac(SSL *s, const char *sender, int slen, - unsigned char *p); -__owur int ssl3_finish_mac(SSL *s, const unsigned char *buf, int len); +__owur size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t slen, + unsigned char *p); +__owur int ssl3_finish_mac(SSL *s, const unsigned char *buf, size_t len); void ssl3_free_digest_list(SSL *s); -__owur unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk); +__owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, + CERT_PKEY *cpk); __owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt, STACK_OF(SSL_CIPHER) *srvr); __owur int ssl3_digest_cached_records(SSL *s, int keep); __owur int ssl3_new(SSL *s); void ssl3_free(SSL *s); -__owur int ssl3_read(SSL *s, void *buf, int len); -__owur int ssl3_peek(SSL *s, void *buf, int len); -__owur int ssl3_write(SSL *s, const void *buf, int len); +__owur int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes); +__owur int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes); +__owur int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written); __owur int ssl3_shutdown(SSL *s); -void ssl3_clear(SSL *s); +int ssl3_clear(SSL *s); __owur long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg); __owur long ssl3_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg); __owur long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void)); @@ -1902,30 +2375,37 @@ __owur long ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp) (void)); __owur int ssl3_do_change_cipher_spec(SSL *ssl); __owur long ssl3_default_timeout(void); -__owur int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len); +__owur int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype); +__owur int tls_close_construct_packet(SSL *s, WPACKET *pkt, int htype); +__owur int tls_setup_handshake(SSL *s); +__owur int dtls1_set_handshake_header(SSL *s, WPACKET *pkt, int htype); +__owur int dtls1_close_construct_packet(SSL *s, WPACKET *pkt, int htype); __owur int ssl3_handshake_write(SSL *s); __owur int ssl_allow_compression(SSL *s); -__owur int ssl_version_supported(const SSL *s, int version); +__owur int ssl_version_supported(const SSL *s, int version, + const SSL_METHOD **meth); __owur int ssl_set_client_hello_version(SSL *s); __owur int ssl_check_version_downgrade(SSL *s); __owur int ssl_set_version_bound(int method_version, int version, int *bound); -__owur int ssl_choose_server_version(SSL *s); -__owur int ssl_choose_client_version(SSL *s, int version); -int ssl_get_client_min_max_version(const SSL *s, int *min_version, - int *max_version); +__owur int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, + DOWNGRADE *dgrd); +__owur int ssl_choose_client_version(SSL *s, int version, + RAW_EXTENSION *extensions); +__owur int ssl_get_min_max_version(const SSL *s, int *min_version, + int *max_version, int *real_max); __owur long tls1_default_timeout(void); __owur int dtls1_do_write(SSL *s, int type); void dtls1_set_message_header(SSL *s, unsigned char mt, - unsigned long len, - unsigned long frag_off, unsigned long frag_len); + size_t len, + size_t frag_off, size_t frag_len); -__owur int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, - int len); +int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, size_t len, + size_t *written); __owur int dtls1_read_failed(SSL *s, int code); __owur int dtls1_buffer_message(SSL *s, int ccs); @@ -1944,44 +2424,80 @@ void dtls1_start_timer(SSL *s); void dtls1_stop_timer(SSL *s); __owur int dtls1_is_timer_expired(SSL *s); void dtls1_double_timeout(SSL *s); -__owur unsigned int dtls_raw_hello_verify_request(unsigned char *buf, - unsigned char *cookie, - unsigned char cookie_len); -__owur int dtls1_send_newsession_ticket(SSL *s); -__owur unsigned int dtls1_min_mtu(SSL *s); +__owur int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie, + size_t cookie_len); +__owur size_t dtls1_min_mtu(SSL *s); void dtls1_hm_fragment_free(hm_fragment *frag); __owur int dtls1_query_mtu(SSL *s); __owur int tls1_new(SSL *s); void tls1_free(SSL *s); -void tls1_clear(SSL *s); -long tls1_ctrl(SSL *s, int cmd, long larg, void *parg); -long tls1_callback_ctrl(SSL *s, int cmd, void (*fp) (void)); +int tls1_clear(SSL *s); __owur int dtls1_new(SSL *s); void dtls1_free(SSL *s); -void dtls1_clear(SSL *s); +int dtls1_clear(SSL *s); long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg); __owur int dtls1_shutdown(SSL *s); __owur int dtls1_dispatch_alert(SSL *s); __owur int ssl_init_wbio_buffer(SSL *s); -void ssl_free_wbio_buffer(SSL *s); +int ssl_free_wbio_buffer(SSL *s); __owur int tls1_change_cipher_state(SSL *s, int which); __owur int tls1_setup_key_block(SSL *s); -__owur int tls1_final_finish_mac(SSL *s, - const char *str, int slen, unsigned char *p); +__owur size_t tls1_final_finish_mac(SSL *s, const char *str, size_t slen, + unsigned char *p); __owur int tls1_generate_master_secret(SSL *s, unsigned char *out, - unsigned char *p, int len); + unsigned char *p, size_t len, + size_t *secret_size); +__owur int tls13_setup_key_block(SSL *s); +__owur size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, + unsigned char *p); +__owur int tls13_change_cipher_state(SSL *s, int which); +__owur int tls13_update_key(SSL *s, int send); +__owur int tls13_hkdf_expand(SSL *s, const EVP_MD *md, + const unsigned char *secret, + const unsigned char *label, size_t labellen, + const unsigned char *data, size_t datalen, + unsigned char *out, size_t outlen); +__owur int tls13_derive_key(SSL *s, const EVP_MD *md, + const unsigned char *secret, unsigned char *key, + size_t keylen); +__owur int tls13_derive_iv(SSL *s, const EVP_MD *md, + const unsigned char *secret, unsigned char *iv, + size_t ivlen); +__owur int tls13_derive_finishedkey(SSL *s, const EVP_MD *md, + const unsigned char *secret, + unsigned char *fin, size_t finlen); +int tls13_generate_secret(SSL *s, const EVP_MD *md, + const unsigned char *prevsecret, + const unsigned char *insecret, + size_t insecretlen, + unsigned char *outsecret); +__owur int tls13_generate_handshake_secret(SSL *s, + const unsigned char *insecret, + size_t insecretlen); +__owur int tls13_generate_master_secret(SSL *s, unsigned char *out, + unsigned char *prev, size_t prevlen, + size_t *secret_size); __owur int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, const char *label, size_t llen, const unsigned char *p, size_t plen, int use_context); +__owur int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen, + const char *label, size_t llen, + const unsigned char *context, + size_t contextlen, int use_context); +__owur int tls13_export_keying_material_early(SSL *s, unsigned char *out, + size_t olen, const char *label, + size_t llen, + const unsigned char *context, + size_t contextlen); __owur int tls1_alert_code(int code); +__owur int tls13_alert_code(int code); __owur int ssl3_alert_code(int code); -__owur int ssl_ok(SSL *s); # ifndef OPENSSL_NO_EC __owur int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s); @@ -1990,56 +2506,41 @@ __owur int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s); SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n); # ifndef OPENSSL_NO_EC -/* Flags values from tls1_ec_curve_id2nid() */ -/* Mask for curve type */ -# define TLS_CURVE_TYPE 0x3 -# define TLS_CURVE_PRIME 0x0 -# define TLS_CURVE_CHAR2 0x1 -# define TLS_CURVE_CUSTOM 0x2 -__owur int tls1_ec_curve_id2nid(int curve_id, unsigned int *pflags); -__owur int tls1_ec_nid2curve_id(int nid); -__owur int tls1_check_curve(SSL *s, const unsigned char *p, size_t len); -__owur int tls1_shared_curve(SSL *s, int nmatch); -__owur int tls1_set_curves(unsigned char **pext, size_t *pextlen, + +__owur const TLS_GROUP_INFO *tls1_group_id_lookup(uint16_t curve_id); +__owur int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_curves); +__owur uint16_t tls1_shared_group(SSL *s, int nmatch); +__owur int tls1_set_groups(uint16_t **pext, size_t *pextlen, int *curves, size_t ncurves); -__owur int tls1_set_curves_list(unsigned char **pext, size_t *pextlen, +__owur int tls1_set_groups_list(uint16_t **pext, size_t *pextlen, const char *str); +void tls1_get_formatlist(SSL *s, const unsigned char **pformats, + size_t *num_formats); __owur int tls1_check_ec_tmp_key(SSL *s, unsigned long id); -__owur EVP_PKEY *ssl_generate_pkey_curve(int id); +__owur EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id); +__owur EVP_PKEY *ssl_generate_param_group(uint16_t id); # endif /* OPENSSL_NO_EC */ -__owur int tls1_shared_list(SSL *s, - const unsigned char *l1, size_t l1len, - const unsigned char *l2, size_t l2len, int nmatch); -__owur unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, - unsigned char *limit, int *al); -__owur unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, - unsigned char *limit, int *al); -__owur int ssl_parse_clienthello_tlsext(SSL *s, PACKET *pkt); -void ssl_set_default_md(SSL *s); +__owur int tls_curve_allowed(SSL *s, uint16_t curve, int op); +void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups, + size_t *pgroupslen); + __owur int tls1_set_server_sigalgs(SSL *s); -__owur int ssl_check_clienthello_tlsext_late(SSL *s, int *al); -__owur int ssl_parse_serverhello_tlsext(SSL *s, PACKET *pkt); -__owur int ssl_prepare_clienthello_tlsext(SSL *s); -__owur int ssl_prepare_serverhello_tlsext(SSL *s); - -# ifndef OPENSSL_NO_HEARTBEATS -__owur int dtls1_heartbeat(SSL *s); -__owur int dtls1_process_heartbeat(SSL *s, unsigned char *p, - unsigned int length); -# endif -__owur int tls_check_serverhello_tlsext_early(SSL *s, const PACKET *ext, - const PACKET *session_id, - SSL_SESSION **ret); +__owur SSL_TICKET_STATUS tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello, + SSL_SESSION **ret); +__owur SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick, + size_t eticklen, + const unsigned char *sess_id, + size_t sesslen, SSL_SESSION **psess); + +__owur int tls_use_ticket(SSL *s); -__owur int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk, - const EVP_MD *md); -__owur int tls12_get_sigid(const EVP_PKEY *pk); -__owur const EVP_MD *tls12_get_hash(unsigned char hash_alg); void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op); __owur int tls1_set_sigalgs_list(CERT *c, const char *str, int client); +__owur int tls1_set_raw_sigalgs(CERT *c, const uint16_t *psigs, size_t salglen, + int client); __owur int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen, int client); int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, @@ -2058,37 +2559,61 @@ __owur int ssl_security_cert(SSL *s, SSL_CTX *ctx, X509 *x, int vfy, int is_ee); __owur int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *ex, int vfy); +int tls_choose_sigalg(SSL *s, int fatalerrs); + __owur EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md); void ssl_clear_hash_ctx(EVP_MD_CTX **hash); -__owur int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, - int *len, int maxlen); -__owur int ssl_parse_serverhello_renegotiate_ext(SSL *s, PACKET *pkt, int *al); -__owur int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, - int *len, int maxlen); -__owur int ssl_parse_clienthello_renegotiate_ext(SSL *s, PACKET *pkt, int *al); __owur long ssl_get_algorithm2(SSL *s); -__owur size_t tls12_copy_sigalgs(SSL *s, unsigned char *out, - const unsigned char *psig, size_t psiglen); -__owur int tls1_save_sigalgs(SSL *s, const unsigned char *data, int dsize); +__owur int tls12_copy_sigalgs(SSL *s, WPACKET *pkt, + const uint16_t *psig, size_t psiglen); +__owur int tls1_save_u16(PACKET *pkt, uint16_t **pdest, size_t *pdestlen); +__owur int tls1_save_sigalgs(SSL *s, PACKET *pkt, int cert); __owur int tls1_process_sigalgs(SSL *s); -__owur size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned char **psigs); -__owur int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s, - const unsigned char *sig, EVP_PKEY *pkey); -void ssl_set_client_disabled(SSL *s); +__owur int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey); +__owur int tls1_lookup_md(const SIGALG_LOOKUP *lu, const EVP_MD **pmd); +__owur size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs); +# ifndef OPENSSL_NO_EC +__owur int tls_check_sigalg_curve(const SSL *s, int curve); +# endif +__owur int tls12_check_peer_sigalg(SSL *s, uint16_t, EVP_PKEY *pkey); +__owur int ssl_set_client_disabled(SSL *s); __owur int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op, int echde); -__owur int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, - int maxlen); -__owur int ssl_parse_clienthello_use_srtp_ext(SSL *s, PACKET *pkt, int *al); -__owur int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, - int maxlen); -__owur int ssl_parse_serverhello_use_srtp_ext(SSL *s, PACKET *pkt, int *al); - -__owur int ssl_handshake_hash(SSL *s, unsigned char *out, int outlen); +__owur int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen, + size_t *hashlen); __owur const EVP_MD *ssl_md(int idx); __owur const EVP_MD *ssl_handshake_md(SSL *s); __owur const EVP_MD *ssl_prf_md(SSL *s); +/* + * ssl_log_rsa_client_key_exchange logs |premaster| to the SSL_CTX associated + * with |ssl|, if logging is enabled. It returns one on success and zero on + * failure. The entry is identified by the first 8 bytes of + * |encrypted_premaster|. + */ +__owur int ssl_log_rsa_client_key_exchange(SSL *ssl, + const uint8_t *encrypted_premaster, + size_t encrypted_premaster_len, + const uint8_t *premaster, + size_t premaster_len); + +/* + * ssl_log_secret logs |secret| to the SSL_CTX associated with |ssl|, if + * logging is available. It returns one on success and zero on failure. It tags + * the entry with |label|. + */ +__owur int ssl_log_secret(SSL *ssl, const char *label, + const uint8_t *secret, size_t secret_len); + +#define MASTER_SECRET_LABEL "CLIENT_RANDOM" +#define CLIENT_EARLY_LABEL "CLIENT_EARLY_TRAFFIC_SECRET" +#define CLIENT_HANDSHAKE_LABEL "CLIENT_HANDSHAKE_TRAFFIC_SECRET" +#define SERVER_HANDSHAKE_LABEL "SERVER_HANDSHAKE_TRAFFIC_SECRET" +#define CLIENT_APPLICATION_LABEL "CLIENT_TRAFFIC_SECRET_0" +#define SERVER_APPLICATION_LABEL "SERVER_TRAFFIC_SECRET_0" +#define EARLY_EXPORTER_SECRET_LABEL "EARLY_EXPORTER_SECRET" +#define EXPORTER_SECRET_LABEL "EXPORTER_SECRET" + /* s3_cbc.c */ __owur char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx); __owur int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, @@ -2099,26 +2624,29 @@ __owur int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, size_t data_plus_mac_size, size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret, - unsigned mac_secret_length, char is_sslv3); - -__owur int tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx, - EVP_MD_CTX *mac_ctx, const unsigned char *data, - size_t data_len, size_t orig_len); + size_t mac_secret_length, char is_sslv3); __owur int srp_generate_server_master_secret(SSL *s); __owur int srp_generate_client_master_secret(SSL *s); -__owur int srp_verify_server_param(SSL *s, int *al); +__owur int srp_verify_server_param(SSL *s); + +/* statem/statem_srvr.c */ + +__owur int send_certificate_request(SSL *s); -/* t1_ext.c */ +/* statem/extensions_cust.c */ + +custom_ext_method *custom_ext_find(const custom_ext_methods *exts, + ENDPOINT role, unsigned int ext_type, + size_t *idx); void custom_ext_init(custom_ext_methods *meths); -__owur int custom_ext_parse(SSL *s, int server, - unsigned int ext_type, +__owur int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type, const unsigned char *ext_data, size_t ext_size, - int *al); -__owur int custom_ext_add(SSL *s, int server, unsigned char **pret, - unsigned char *limit, int *al); + X509 *x, size_t chainidx); +__owur int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x, + size_t chainidx, int maxversion); __owur int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src); @@ -2128,11 +2656,13 @@ void custom_exts_free(custom_ext_methods *exts); void ssl_comp_free_compression_methods_int(void); -# else +/* ssl_mcnf.c */ +void ssl_ctx_system_config(SSL_CTX *ctx); + +# else /* OPENSSL_UNIT_TEST */ # define ssl_init_wbio_buffer SSL_test_functions()->p_ssl_init_wbio_buffer # define ssl3_setup_buffers SSL_test_functions()->p_ssl3_setup_buffers -# define dtls1_process_heartbeat SSL_test_functions()->p_dtls1_process_heartbeat # endif #endif diff --git a/deps/openssl/openssl/ssl/ssl_mcnf.c b/deps/openssl/openssl/ssl/ssl_mcnf.c index 24742660e4340e..a0e26577144917 100644 --- a/deps/openssl/openssl/ssl/ssl_mcnf.c +++ b/deps/openssl/openssl/ssl/ssl_mcnf.c @@ -17,11 +17,10 @@ void SSL_add_ssl_module(void) { - /* Just load all of the crypto builtin modules. This includes the SSL one */ - OPENSSL_load_builtin_modules(); + /* Do nothing. This will be added automatically by libcrypto */ } -static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name) +static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name, int system) { SSL_CONF_CTX *cctx = NULL; size_t i, idx, cmd_count; @@ -34,9 +33,14 @@ static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name) SSLerr(SSL_F_SSL_DO_CONFIG, ERR_R_PASSED_NULL_PARAMETER); goto err; } + + if (name == NULL && system) + name = "system_default"; if (!conf_ssl_name_find(name, &idx)) { - SSLerr(SSL_F_SSL_DO_CONFIG, SSL_R_INVALID_CONFIGURATION_NAME); - ERR_add_error_data(2, "name=", name); + if (!system) { + SSLerr(SSL_F_SSL_DO_CONFIG, SSL_R_INVALID_CONFIGURATION_NAME); + ERR_add_error_data(2, "name=", name); + } goto err; } cmds = conf_ssl_get(idx, &name, &cmd_count); @@ -44,7 +48,8 @@ static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name) if (cctx == NULL) goto err; flags = SSL_CONF_FLAG_FILE; - flags |= SSL_CONF_FLAG_CERTIFICATE | SSL_CONF_FLAG_REQUIRE_PRIVATE; + if (!system) + flags |= SSL_CONF_FLAG_CERTIFICATE | SSL_CONF_FLAG_REQUIRE_PRIVATE; if (s != NULL) { meth = s->method; SSL_CONF_CTX_set_ssl(cctx, s); @@ -80,10 +85,15 @@ static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name) int SSL_config(SSL *s, const char *name) { - return ssl_do_config(s, NULL, name); + return ssl_do_config(s, NULL, name, 0); } int SSL_CTX_config(SSL_CTX *ctx, const char *name) { - return ssl_do_config(NULL, ctx, name); + return ssl_do_config(NULL, ctx, name, 0); +} + +void ssl_ctx_system_config(SSL_CTX *ctx) +{ + ssl_do_config(NULL, ctx, NULL, 1); } diff --git a/deps/openssl/openssl/ssl/ssl_rsa.c b/deps/openssl/openssl/ssl/ssl_rsa.c index a94fb13b89b54c..172e15f9208741 100644 --- a/deps/openssl/openssl/ssl/ssl_rsa.c +++ b/deps/openssl/openssl/ssl/ssl_rsa.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,6 +9,7 @@ #include #include "ssl_locl.h" +#include "packet_locl.h" #include #include #include @@ -17,12 +18,18 @@ static int ssl_set_cert(CERT *c, X509 *x509); static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); + +#define SYNTHV1CONTEXT (SSL_EXT_TLS1_2_AND_BELOW_ONLY \ + | SSL_EXT_CLIENT_HELLO \ + | SSL_EXT_TLS1_2_SERVER_HELLO \ + | SSL_EXT_IGNORE_ON_RESUMPTION) + int SSL_use_certificate(SSL *ssl, X509 *x) { int rv; if (x == NULL) { SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER); - return (0); + return 0; } rv = ssl_security_cert(ssl, NULL, x, 0, 1); if (rv != 1) { @@ -30,7 +37,7 @@ int SSL_use_certificate(SSL *ssl, X509 *x) return 0; } - return (ssl_set_cert(ssl->cert, x)); + return ssl_set_cert(ssl->cert, x); } int SSL_use_certificate_file(SSL *ssl, const char *file, int type) @@ -71,7 +78,7 @@ int SSL_use_certificate_file(SSL *ssl, const char *file, int type) end: X509_free(x); BIO_free(in); - return (ret); + return ret; } int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len) @@ -82,12 +89,12 @@ int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len) x = d2i_X509(NULL, &d, (long)len); if (x == NULL) { SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB); - return (0); + return 0; } ret = SSL_use_certificate(ssl, x); X509_free(x); - return (ret); + return ret; } #ifndef OPENSSL_NO_RSA @@ -98,11 +105,11 @@ int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) if (rsa == NULL) { SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); - return (0); + return 0; } if ((pkey = EVP_PKEY_new()) == NULL) { SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB); - return (0); + return 0; } RSA_up_ref(rsa); @@ -114,17 +121,17 @@ int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) ret = ssl_set_pkey(ssl->cert, pkey); EVP_PKEY_free(pkey); - return (ret); + return ret; } #endif static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) { - int i; - i = ssl_cert_type(NULL, pkey); - if (i < 0) { + size_t i; + + if (ssl_cert_lookup_by_pkey(pkey, &i) == NULL) { SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE); - return (0); + return 0; } if (c->pkeys[i].x509 != NULL) { @@ -160,8 +167,8 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) EVP_PKEY_free(c->pkeys[i].privatekey); EVP_PKEY_up_ref(pkey); c->pkeys[i].privatekey = pkey; - c->key = &(c->pkeys[i]); - return (1); + c->key = &c->pkeys[i]; + return 1; } #ifndef OPENSSL_NO_RSA @@ -201,7 +208,7 @@ int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) RSA_free(rsa); end: BIO_free(in); - return (ret); + return ret; } int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long len) @@ -213,12 +220,12 @@ int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long len) p = d; if ((rsa = d2i_RSAPrivateKey(NULL, &p, (long)len)) == NULL) { SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB); - return (0); + return 0; } ret = SSL_use_RSAPrivateKey(ssl, rsa); RSA_free(rsa); - return (ret); + return ret; } #endif /* !OPENSSL_NO_RSA */ @@ -228,10 +235,10 @@ int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) if (pkey == NULL) { SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); - return (0); + return 0; } ret = ssl_set_pkey(ssl->cert, pkey); - return (ret); + return ret; } int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) @@ -270,7 +277,7 @@ int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) EVP_PKEY_free(pkey); end: BIO_free(in); - return (ret); + return ret; } int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, @@ -283,12 +290,12 @@ int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, p = d; if ((pkey = d2i_PrivateKey(type, NULL, &p, (long)len)) == NULL) { SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB); - return (0); + return 0; } ret = SSL_use_PrivateKey(ssl, pkey); EVP_PKEY_free(pkey); - return (ret); + return ret; } int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) @@ -296,29 +303,28 @@ int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) int rv; if (x == NULL) { SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER); - return (0); + return 0; } rv = ssl_security_cert(NULL, ctx, x, 0, 1); if (rv != 1) { SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, rv); return 0; } - return (ssl_set_cert(ctx->cert, x)); + return ssl_set_cert(ctx->cert, x); } static int ssl_set_cert(CERT *c, X509 *x) { EVP_PKEY *pkey; - int i; + size_t i; pkey = X509_get0_pubkey(x); if (pkey == NULL) { SSLerr(SSL_F_SSL_SET_CERT, SSL_R_X509_LIB); - return (0); + return 0; } - i = ssl_cert_type(x, pkey); - if (i < 0) { + if (ssl_cert_lookup_by_pkey(pkey, &i) == NULL) { SSLerr(SSL_F_SSL_SET_CERT, SSL_R_UNKNOWN_CERTIFICATE_TYPE); return 0; } @@ -405,7 +411,7 @@ int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) end: X509_free(x); BIO_free(in); - return (ret); + return ret; } int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d) @@ -416,12 +422,12 @@ int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d) x = d2i_X509(NULL, &d, (long)len); if (x == NULL) { SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB); - return (0); + return 0; } ret = SSL_CTX_use_certificate(ctx, x); X509_free(x); - return (ret); + return ret; } #ifndef OPENSSL_NO_RSA @@ -432,11 +438,11 @@ int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) if (rsa == NULL) { SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); - return (0); + return 0; } if ((pkey = EVP_PKEY_new()) == NULL) { SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB); - return (0); + return 0; } RSA_up_ref(rsa); @@ -448,7 +454,7 @@ int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) ret = ssl_set_pkey(ctx->cert, pkey); EVP_PKEY_free(pkey); - return (ret); + return ret; } int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) @@ -487,7 +493,7 @@ int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) RSA_free(rsa); end: BIO_free(in); - return (ret); + return ret; } int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, @@ -500,12 +506,12 @@ int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, p = d; if ((rsa = d2i_RSAPrivateKey(NULL, &p, (long)len)) == NULL) { SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB); - return (0); + return 0; } ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa); RSA_free(rsa); - return (ret); + return ret; } #endif /* !OPENSSL_NO_RSA */ @@ -513,9 +519,9 @@ int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) { if (pkey == NULL) { SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); - return (0); + return 0; } - return (ssl_set_pkey(ctx->cert, pkey)); + return ssl_set_pkey(ctx->cert, pkey); } int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) @@ -554,7 +560,7 @@ int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) EVP_PKEY_free(pkey); end: BIO_free(in); - return (ret); + return ret; } int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, @@ -567,12 +573,12 @@ int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, p = d; if ((pkey = d2i_PrivateKey(type, NULL, &p, (long)len)) == NULL) { SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB); - return (0); + return 0; } ret = SSL_CTX_use_PrivateKey(ctx, pkey); EVP_PKEY_free(pkey); - return (ret); + return ret; } /* @@ -674,7 +680,7 @@ static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file) end: X509_free(x); BIO_free(in); - return (ret); + return ret; } int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) @@ -693,50 +699,43 @@ static int serverinfo_find_extension(const unsigned char *serverinfo, const unsigned char **extension_data, size_t *extension_length) { + PACKET pkt, data; + *extension_data = NULL; *extension_length = 0; if (serverinfo == NULL || serverinfo_length == 0) return -1; + + if (!PACKET_buf_init(&pkt, serverinfo, serverinfo_length)) + return -1; + for (;;) { unsigned int type = 0; - size_t len = 0; + unsigned long context = 0; /* end of serverinfo */ - if (serverinfo_length == 0) + if (PACKET_remaining(&pkt) == 0) return 0; /* Extension not found */ - /* read 2-byte type field */ - if (serverinfo_length < 2) - return -1; /* Error */ - type = (serverinfo[0] << 8) + serverinfo[1]; - serverinfo += 2; - serverinfo_length -= 2; - - /* read 2-byte len field */ - if (serverinfo_length < 2) - return -1; /* Error */ - len = (serverinfo[0] << 8) + serverinfo[1]; - serverinfo += 2; - serverinfo_length -= 2; - - if (len > serverinfo_length) - return -1; /* Error */ + if (!PACKET_get_net_4(&pkt, &context) + || !PACKET_get_net_2(&pkt, &type) + || !PACKET_get_length_prefixed_2(&pkt, &data)) + return -1; if (type == extension_type) { - *extension_data = serverinfo; - *extension_length = len; + *extension_data = PACKET_data(&data); + *extension_length = PACKET_remaining(&data);; return 1; /* Success */ } - - serverinfo += len; - serverinfo_length -= len; } /* Unreachable */ } -static int serverinfo_srv_parse_cb(SSL *s, unsigned int ext_type, - const unsigned char *in, - size_t inlen, int *al, void *arg) +static int serverinfoex_srv_parse_cb(SSL *s, unsigned int ext_type, + unsigned int context, + const unsigned char *in, + size_t inlen, X509 *x, size_t chainidx, + int *al, void *arg) { if (inlen != 0) { @@ -747,13 +746,27 @@ static int serverinfo_srv_parse_cb(SSL *s, unsigned int ext_type, return 1; } -static int serverinfo_srv_add_cb(SSL *s, unsigned int ext_type, - const unsigned char **out, size_t *outlen, - int *al, void *arg) +static int serverinfo_srv_parse_cb(SSL *s, unsigned int ext_type, + const unsigned char *in, + size_t inlen, int *al, void *arg) +{ + return serverinfoex_srv_parse_cb(s, ext_type, 0, in, inlen, NULL, 0, al, + arg); +} + +static int serverinfoex_srv_add_cb(SSL *s, unsigned int ext_type, + unsigned int context, + const unsigned char **out, + size_t *outlen, X509 *x, size_t chainidx, + int *al, void *arg) { const unsigned char *serverinfo = NULL; size_t serverinfo_length = 0; + /* We only support extensions for the first Certificate */ + if ((context & SSL_EXT_TLS1_3_CERTIFICATE) != 0 && chainidx > 0) + return 0; + /* Is there serverinfo data for the chosen server cert? */ if ((ssl_get_server_cert_serverinfo(s, &serverinfo, &serverinfo_length)) != 0) { @@ -761,7 +774,7 @@ static int serverinfo_srv_add_cb(SSL *s, unsigned int ext_type, int retval = serverinfo_find_extension(serverinfo, serverinfo_length, ext_type, out, outlen); if (retval == -1) { - *al = SSL_AD_DECODE_ERROR; + *al = SSL_AD_INTERNAL_ERROR; return -1; /* Error */ } if (retval == 0) @@ -772,91 +785,101 @@ static int serverinfo_srv_add_cb(SSL *s, unsigned int ext_type, * extension */ } +static int serverinfo_srv_add_cb(SSL *s, unsigned int ext_type, + const unsigned char **out, size_t *outlen, + int *al, void *arg) +{ + return serverinfoex_srv_add_cb(s, ext_type, 0, out, outlen, NULL, 0, al, + arg); +} + /* * With a NULL context, this function just checks that the serverinfo data * parses correctly. With a non-NULL context, it registers callbacks for * the included extensions. */ -static int serverinfo_process_buffer(const unsigned char *serverinfo, +static int serverinfo_process_buffer(unsigned int version, + const unsigned char *serverinfo, size_t serverinfo_length, SSL_CTX *ctx) { + PACKET pkt; + if (serverinfo == NULL || serverinfo_length == 0) return 0; - for (;;) { - unsigned int ext_type = 0; - size_t len = 0; - - /* end of serverinfo */ - if (serverinfo_length == 0) - return 1; - /* read 2-byte type field */ - if (serverinfo_length < 2) - return 0; - /* FIXME: check for types we understand explicitly? */ - - /* Register callbacks for extensions */ - ext_type = (serverinfo[0] << 8) + serverinfo[1]; - if (ctx) { - int have_ext_cbs = 0; - size_t i; - custom_ext_methods *exts = &ctx->cert->srv_ext; - custom_ext_method *meth = exts->meths; - - for (i = 0; i < exts->meths_count; i++, meth++) { - if (ext_type == meth->ext_type) { - have_ext_cbs = 1; - break; - } - } + if (version != SSL_SERVERINFOV1 && version != SSL_SERVERINFOV2) + return 0; - if (!have_ext_cbs && !SSL_CTX_add_server_custom_ext(ctx, ext_type, - serverinfo_srv_add_cb, - NULL, NULL, - serverinfo_srv_parse_cb, - NULL)) - return 0; - } + if (!PACKET_buf_init(&pkt, serverinfo, serverinfo_length)) + return 0; - serverinfo += 2; - serverinfo_length -= 2; + while (PACKET_remaining(&pkt)) { + unsigned long context = 0; + unsigned int ext_type = 0; + PACKET data; - /* read 2-byte len field */ - if (serverinfo_length < 2) + if ((version == SSL_SERVERINFOV2 && !PACKET_get_net_4(&pkt, &context)) + || !PACKET_get_net_2(&pkt, &ext_type) + || !PACKET_get_length_prefixed_2(&pkt, &data)) return 0; - len = (serverinfo[0] << 8) + serverinfo[1]; - serverinfo += 2; - serverinfo_length -= 2; - if (len > serverinfo_length) - return 0; + if (ctx == NULL) + continue; - serverinfo += len; - serverinfo_length -= len; + /* + * The old style custom extensions API could be set separately for + * server/client, i.e. you could set one custom extension for a client, + * and *for the same extension in the same SSL_CTX* you could set a + * custom extension for the server as well. It seems quite weird to be + * setting a custom extension for both client and server in a single + * SSL_CTX - but theoretically possible. This isn't possible in the + * new API. Therefore, if we have V1 serverinfo we use the old API. We + * also use the old API even if we have V2 serverinfo but the context + * looks like an old style <= TLSv1.2 extension. + */ + if (version == SSL_SERVERINFOV1 || context == SYNTHV1CONTEXT) { + if (!SSL_CTX_add_server_custom_ext(ctx, ext_type, + serverinfo_srv_add_cb, + NULL, NULL, + serverinfo_srv_parse_cb, + NULL)) + return 0; + } else { + if (!SSL_CTX_add_custom_ext(ctx, ext_type, context, + serverinfoex_srv_add_cb, + NULL, NULL, + serverinfoex_srv_parse_cb, + NULL)) + return 0; + } } + + return 1; } -int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, - size_t serverinfo_length) +int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version, + const unsigned char *serverinfo, + size_t serverinfo_length) { unsigned char *new_serverinfo; if (ctx == NULL || serverinfo == NULL || serverinfo_length == 0) { - SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO, ERR_R_PASSED_NULL_PARAMETER); + SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, ERR_R_PASSED_NULL_PARAMETER); return 0; } - if (!serverinfo_process_buffer(serverinfo, serverinfo_length, NULL)) { - SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO, SSL_R_INVALID_SERVERINFO_DATA); + if (!serverinfo_process_buffer(version, serverinfo, serverinfo_length, + NULL)) { + SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, SSL_R_INVALID_SERVERINFO_DATA); return 0; } if (ctx->cert->key == NULL) { - SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO, ERR_R_INTERNAL_ERROR); + SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, ERR_R_INTERNAL_ERROR); return 0; } new_serverinfo = OPENSSL_realloc(ctx->cert->key->serverinfo, serverinfo_length); if (new_serverinfo == NULL) { - SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO, ERR_R_MALLOC_FAILURE); + SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, ERR_R_MALLOC_FAILURE); return 0; } ctx->cert->key->serverinfo = new_serverinfo; @@ -867,13 +890,21 @@ int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, * Now that the serverinfo is validated and stored, go ahead and * register callbacks. */ - if (!serverinfo_process_buffer(serverinfo, serverinfo_length, ctx)) { - SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO, SSL_R_INVALID_SERVERINFO_DATA); + if (!serverinfo_process_buffer(version, serverinfo, serverinfo_length, + ctx)) { + SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, SSL_R_INVALID_SERVERINFO_DATA); return 0; } return 1; } +int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, + size_t serverinfo_length) +{ + return SSL_CTX_use_serverinfo_ex(ctx, SSL_SERVERINFOV1, serverinfo, + serverinfo_length); +} + int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file) { unsigned char *serverinfo = NULL; @@ -883,10 +914,11 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file) long extension_length = 0; char *name = NULL; char *header = NULL; - char namePrefix[] = "SERVERINFO FOR "; + char namePrefix1[] = "SERVERINFO FOR "; + char namePrefix2[] = "SERVERINFOV2 FOR "; int ret = 0; BIO *bin = NULL; - size_t num_extensions = 0; + size_t num_extensions = 0, contextoff = 0; if (ctx == NULL || file == NULL) { SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PASSED_NULL_PARAMETER); @@ -904,6 +936,8 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file) } for (num_extensions = 0;; num_extensions++) { + unsigned int version; + if (PEM_read_bio(bin, &name, &header, &extension, &extension_length) == 0) { /* @@ -917,32 +951,70 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file) break; } /* Check that PEM name starts with "BEGIN SERVERINFO FOR " */ - if (strlen(name) < strlen(namePrefix)) { + if (strlen(name) < strlen(namePrefix1)) { SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_PEM_NAME_TOO_SHORT); goto end; } - if (strncmp(name, namePrefix, strlen(namePrefix)) != 0) { - SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, - SSL_R_PEM_NAME_BAD_PREFIX); - goto end; + if (strncmp(name, namePrefix1, strlen(namePrefix1)) == 0) { + version = SSL_SERVERINFOV1; + } else { + if (strlen(name) < strlen(namePrefix2)) { + SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, + SSL_R_PEM_NAME_TOO_SHORT); + goto end; + } + if (strncmp(name, namePrefix2, strlen(namePrefix2)) != 0) { + SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, + SSL_R_PEM_NAME_BAD_PREFIX); + goto end; + } + version = SSL_SERVERINFOV2; } /* * Check that the decoded PEM data is plausible (valid length field) */ - if (extension_length < 4 - || (extension[2] << 8) + extension[3] != extension_length - 4) { - SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_BAD_DATA); - goto end; + if (version == SSL_SERVERINFOV1) { + /* 4 byte header: 2 bytes type, 2 bytes len */ + if (extension_length < 4 + || (extension[2] << 8) + extension[3] + != extension_length - 4) { + SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_BAD_DATA); + goto end; + } + /* + * File does not have a context value so we must take account of + * this later. + */ + contextoff = 4; + } else { + /* 8 byte header: 4 bytes context, 2 bytes type, 2 bytes len */ + if (extension_length < 8 + || (extension[6] << 8) + extension[7] + != extension_length - 8) { + SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_BAD_DATA); + goto end; + } } /* Append the decoded extension to the serverinfo buffer */ - tmp = OPENSSL_realloc(serverinfo, serverinfo_length + extension_length); + tmp = OPENSSL_realloc(serverinfo, serverinfo_length + extension_length + + contextoff); if (tmp == NULL) { SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_MALLOC_FAILURE); goto end; } serverinfo = tmp; - memcpy(serverinfo + serverinfo_length, extension, extension_length); - serverinfo_length += extension_length; + if (contextoff > 0) { + unsigned char *sinfo = serverinfo + serverinfo_length; + + /* We know this only uses the last 2 bytes */ + sinfo[0] = 0; + sinfo[1] = 0; + sinfo[2] = (SYNTHV1CONTEXT >> 8) & 0xff; + sinfo[3] = SYNTHV1CONTEXT & 0xff; + } + memcpy(serverinfo + serverinfo_length + contextoff, + extension, extension_length); + serverinfo_length += extension_length + contextoff; OPENSSL_free(name); name = NULL; @@ -952,7 +1024,8 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file) extension = NULL; } - ret = SSL_CTX_use_serverinfo(ctx, serverinfo, serverinfo_length); + ret = SSL_CTX_use_serverinfo_ex(ctx, SSL_SERVERINFOV2, serverinfo, + serverinfo_length); end: /* SSL_CTX_use_serverinfo makes a local copy of the serverinfo. */ OPENSSL_free(name); @@ -962,3 +1035,114 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file) BIO_free(bin); return ret; } + +static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey, + STACK_OF(X509) *chain, int override) +{ + int ret = 0; + size_t i; + int j; + int rv; + CERT *c = ssl != NULL ? ssl->cert : ctx->cert; + STACK_OF(X509) *dup_chain = NULL; + EVP_PKEY *pubkey = NULL; + + /* Do all security checks before anything else */ + rv = ssl_security_cert(ssl, ctx, x509, 0, 1); + if (rv != 1) { + SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, rv); + goto out; + } + for (j = 0; j < sk_X509_num(chain); j++) { + rv = ssl_security_cert(ssl, ctx, sk_X509_value(chain, j), 0, 0); + if (rv != 1) { + SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, rv); + goto out; + } + } + + pubkey = X509_get_pubkey(x509); /* bumps reference */ + if (pubkey == NULL) + goto out; + if (privatekey == NULL) { + privatekey = pubkey; + } else { + /* For RSA, which has no parameters, missing returns 0 */ + if (EVP_PKEY_missing_parameters(privatekey)) { + if (EVP_PKEY_missing_parameters(pubkey)) { + /* nobody has parameters? - error */ + SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, SSL_R_MISSING_PARAMETERS); + goto out; + } else { + /* copy to privatekey from pubkey */ + EVP_PKEY_copy_parameters(privatekey, pubkey); + } + } else if (EVP_PKEY_missing_parameters(pubkey)) { + /* copy to pubkey from privatekey */ + EVP_PKEY_copy_parameters(pubkey, privatekey); + } /* else both have parameters */ + + /* Copied from ssl_set_cert/pkey */ +#ifndef OPENSSL_NO_RSA + if ((EVP_PKEY_id(privatekey) == EVP_PKEY_RSA) && + ((RSA_flags(EVP_PKEY_get0_RSA(privatekey)) & RSA_METHOD_FLAG_NO_CHECK))) + /* no-op */ ; + else +#endif + /* check that key <-> cert match */ + if (EVP_PKEY_cmp(pubkey, privatekey) != 1) { + SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, SSL_R_PRIVATE_KEY_MISMATCH); + goto out; + } + } + if (ssl_cert_lookup_by_pkey(pubkey, &i) == NULL) { + SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE); + goto out; + } + + if (!override && (c->pkeys[i].x509 != NULL + || c->pkeys[i].privatekey != NULL + || c->pkeys[i].chain != NULL)) { + /* No override, and something already there */ + SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, SSL_R_NOT_REPLACING_CERTIFICATE); + goto out; + } + + if (chain != NULL) { + dup_chain = X509_chain_up_ref(chain); + if (dup_chain == NULL) { + SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, ERR_R_MALLOC_FAILURE); + goto out; + } + } + + sk_X509_pop_free(c->pkeys[i].chain, X509_free); + c->pkeys[i].chain = dup_chain; + + X509_free(c->pkeys[i].x509); + X509_up_ref(x509); + c->pkeys[i].x509 = x509; + + EVP_PKEY_free(c->pkeys[i].privatekey); + EVP_PKEY_up_ref(privatekey); + c->pkeys[i].privatekey = privatekey; + + c->key = &(c->pkeys[i]); + + ret = 1; + out: + EVP_PKEY_free(pubkey); + return ret; +} + +int SSL_use_cert_and_key(SSL *ssl, X509 *x509, EVP_PKEY *privatekey, + STACK_OF(X509) *chain, int override) +{ + return ssl_set_cert_and_key(ssl, NULL, x509, privatekey, chain, override); +} + +int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey, + STACK_OF(X509) *chain, int override) +{ + return ssl_set_cert_and_key(NULL, ctx, x509, privatekey, chain, override); +} diff --git a/deps/openssl/openssl/ssl/ssl_sess.c b/deps/openssl/openssl/ssl/ssl_sess.c index 926b55c7ba2b1a..5ad2792a1b4c90 100644 --- a/deps/openssl/openssl/ssl/ssl_sess.c +++ b/deps/openssl/openssl/ssl/ssl_sess.c @@ -1,5 +1,6 @@ /* * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005 Nokia. All rights reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,47 +8,31 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - #include -#include #include #include +#include "internal/refcount.h" +#include "internal/cryptlib.h" #include "ssl_locl.h" +#include "statem/statem_locl.h" static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s); static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck); +/* + * SSL_get_session() and SSL_get1_session() are problematic in TLS1.3 because, + * unlike in earlier protocol versions, the session ticket may not have been + * sent yet even though a handshake has finished. The session ticket data could + * come in sometime later...or even change if multiple session ticket messages + * are sent from the server. The preferred way for applications to obtain + * a resumable session is to use SSL_CTX_sess_set_new_cb(). + */ + SSL_SESSION *SSL_get_session(const SSL *ssl) /* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */ { - return (ssl->session); + return ssl->session; } SSL_SESSION *SSL_get1_session(SSL *ssl) @@ -69,18 +54,21 @@ SSL_SESSION *SSL_get1_session(SSL *ssl) int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg) { - return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); + return CRYPTO_set_ex_data(&s->ex_data, idx, arg); } void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx) { - return (CRYPTO_get_ex_data(&s->ex_data, idx)); + return CRYPTO_get_ex_data(&s->ex_data, idx); } SSL_SESSION *SSL_SESSION_new(void) { SSL_SESSION *ss; + if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL)) + return NULL; + ss = OPENSSL_zalloc(sizeof(*ss)); if (ss == NULL) { SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE); @@ -106,6 +94,11 @@ SSL_SESSION *SSL_SESSION_new(void) return ss; } +SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *src) +{ + return ssl_session_dup(src, 1); +} + /* * Create a new SSL_SESSION and duplicate the contents of |src| into it. If * ticket == 0 then no ticket information is duplicated, otherwise it is. @@ -129,17 +122,19 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) dest->psk_identity = NULL; #endif dest->ciphers = NULL; - dest->tlsext_hostname = NULL; + dest->ext.hostname = NULL; #ifndef OPENSSL_NO_EC - dest->tlsext_ecpointformatlist = NULL; - dest->tlsext_ellipticcurvelist = NULL; + dest->ext.ecpointformats = NULL; + dest->ext.supportedgroups = NULL; #endif - dest->tlsext_tick = NULL; + dest->ext.tick = NULL; + dest->ext.alpn_selected = NULL; #ifndef OPENSSL_NO_SRP dest->srp_username = NULL; #endif dest->peer_chain = NULL; dest->peer = NULL; + dest->ticket_appdata = NULL; memset(&dest->ex_data, 0, sizeof(dest->ex_data)); /* We deliberately don't copy the prev and next pointers */ @@ -192,37 +187,45 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) goto err; } - if (src->tlsext_hostname) { - dest->tlsext_hostname = OPENSSL_strdup(src->tlsext_hostname); - if (dest->tlsext_hostname == NULL) { + if (src->ext.hostname) { + dest->ext.hostname = OPENSSL_strdup(src->ext.hostname); + if (dest->ext.hostname == NULL) { goto err; } } #ifndef OPENSSL_NO_EC - if (src->tlsext_ecpointformatlist) { - dest->tlsext_ecpointformatlist = - OPENSSL_memdup(src->tlsext_ecpointformatlist, - src->tlsext_ecpointformatlist_length); - if (dest->tlsext_ecpointformatlist == NULL) + if (src->ext.ecpointformats) { + dest->ext.ecpointformats = + OPENSSL_memdup(src->ext.ecpointformats, + src->ext.ecpointformats_len); + if (dest->ext.ecpointformats == NULL) goto err; } - if (src->tlsext_ellipticcurvelist) { - dest->tlsext_ellipticcurvelist = - OPENSSL_memdup(src->tlsext_ellipticcurvelist, - src->tlsext_ellipticcurvelist_length); - if (dest->tlsext_ellipticcurvelist == NULL) + if (src->ext.supportedgroups) { + dest->ext.supportedgroups = + OPENSSL_memdup(src->ext.supportedgroups, + src->ext.supportedgroups_len + * sizeof(*src->ext.supportedgroups)); + if (dest->ext.supportedgroups == NULL) goto err; } #endif - if (ticket != 0 && src->tlsext_tick != NULL) { - dest->tlsext_tick = - OPENSSL_memdup(src->tlsext_tick, src->tlsext_ticklen); - if (dest->tlsext_tick == NULL) + if (ticket != 0 && src->ext.tick != NULL) { + dest->ext.tick = + OPENSSL_memdup(src->ext.tick, src->ext.ticklen); + if (dest->ext.tick == NULL) goto err; } else { - dest->tlsext_tick_lifetime_hint = 0; - dest->tlsext_ticklen = 0; + dest->ext.tick_lifetime_hint = 0; + dest->ext.ticklen = 0; + } + + if (src->ext.alpn_selected != NULL) { + dest->ext.alpn_selected = OPENSSL_memdup(src->ext.alpn_selected, + src->ext.alpn_selected_len); + if (dest->ext.alpn_selected == NULL) + goto err; } #ifndef OPENSSL_NO_SRP @@ -234,6 +237,13 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) } #endif + if (src->ticket_appdata != NULL) { + dest->ticket_appdata = + OPENSSL_memdup(src->ticket_appdata, src->ticket_appdata_len); + if (dest->ticket_appdata == NULL) + goto err; + } + return dest; err: SSLerr(SSL_F_SSL_SESSION_DUP, ERR_R_MALLOC_FAILURE); @@ -244,14 +254,14 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) { if (len) - *len = s->session_id_length; + *len = (unsigned int)s->session_id_length; return s->session_id; } const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s, unsigned int *len) { if (len != NULL) - *len = s->sid_ctx_length; + *len = (unsigned int)s->sid_ctx_length; return s->sid_ctx; } @@ -272,7 +282,7 @@ unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s) */ #define MAX_SESS_ID_ATTEMPTS 10 -static int def_generate_session_id(const SSL *ssl, unsigned char *id, +static int def_generate_session_id(SSL *ssl, unsigned char *id, unsigned int *id_len) { unsigned int retry = 0; @@ -295,16 +305,99 @@ static int def_generate_session_id(const SSL *ssl, unsigned char *id, return 0; } +int ssl_generate_session_id(SSL *s, SSL_SESSION *ss) +{ + unsigned int tmp; + GEN_SESSION_CB cb = def_generate_session_id; + + switch (s->version) { + case SSL3_VERSION: + case TLS1_VERSION: + case TLS1_1_VERSION: + case TLS1_2_VERSION: + case TLS1_3_VERSION: + case DTLS1_BAD_VER: + case DTLS1_VERSION: + case DTLS1_2_VERSION: + ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; + break; + default: + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_SESSION_ID, + SSL_R_UNSUPPORTED_SSL_VERSION); + return 0; + } + + /*- + * If RFC5077 ticket, use empty session ID (as server). + * Note that: + * (a) ssl_get_prev_session() does lookahead into the + * ClientHello extensions to find the session ticket. + * When ssl_get_prev_session() fails, statem_srvr.c calls + * ssl_get_new_session() in tls_process_client_hello(). + * At that point, it has not yet parsed the extensions, + * however, because of the lookahead, it already knows + * whether a ticket is expected or not. + * + * (b) statem_clnt.c calls ssl_get_new_session() before parsing + * ServerHello extensions, and before recording the session + * ID received from the server, so this block is a noop. + */ + if (s->ext.ticket_expected) { + ss->session_id_length = 0; + return 1; + } + + /* Choose which callback will set the session ID */ + CRYPTO_THREAD_read_lock(s->lock); + CRYPTO_THREAD_read_lock(s->session_ctx->lock); + if (s->generate_session_id) + cb = s->generate_session_id; + else if (s->session_ctx->generate_session_id) + cb = s->session_ctx->generate_session_id; + CRYPTO_THREAD_unlock(s->session_ctx->lock); + CRYPTO_THREAD_unlock(s->lock); + /* Choose a session ID */ + memset(ss->session_id, 0, ss->session_id_length); + tmp = (int)ss->session_id_length; + if (!cb(s, ss->session_id, &tmp)) { + /* The callback failed */ + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_SESSION_ID, + SSL_R_SSL_SESSION_ID_CALLBACK_FAILED); + return 0; + } + /* + * Don't allow the callback to set the session length to zero. nor + * set it higher than it was. + */ + if (tmp == 0 || tmp > ss->session_id_length) { + /* The callback set an illegal length */ + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_SESSION_ID, + SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH); + return 0; + } + ss->session_id_length = tmp; + /* Finally, check for a conflict */ + if (SSL_has_matching_session_id(s, ss->session_id, + (unsigned int)ss->session_id_length)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_SESSION_ID, + SSL_R_SSL_SESSION_ID_CONFLICT); + return 0; + } + + return 1; +} + int ssl_get_new_session(SSL *s, int session) { /* This gets used by clients and servers. */ - unsigned int tmp; SSL_SESSION *ss = NULL; - GEN_SESSION_CB cb = def_generate_session_id; - if ((ss = SSL_SESSION_new()) == NULL) - return (0); + if ((ss = SSL_SESSION_new()) == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GET_NEW_SESSION, + ERR_R_MALLOC_FAILURE); + return 0; + } /* If the context has a default timeout, use it */ if (s->session_ctx->session_timeout == 0) @@ -316,107 +409,25 @@ int ssl_get_new_session(SSL *s, int session) s->session = NULL; if (session) { - if (s->version == SSL3_VERSION) { - ss->ssl_version = SSL3_VERSION; - ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; - } else if (s->version == TLS1_VERSION) { - ss->ssl_version = TLS1_VERSION; - ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; - } else if (s->version == TLS1_1_VERSION) { - ss->ssl_version = TLS1_1_VERSION; - ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; - } else if (s->version == TLS1_2_VERSION) { - ss->ssl_version = TLS1_2_VERSION; - ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; - } else if (s->version == DTLS1_BAD_VER) { - ss->ssl_version = DTLS1_BAD_VER; - ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; - } else if (s->version == DTLS1_VERSION) { - ss->ssl_version = DTLS1_VERSION; - ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; - } else if (s->version == DTLS1_2_VERSION) { - ss->ssl_version = DTLS1_2_VERSION; - ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; - } else { - SSLerr(SSL_F_SSL_GET_NEW_SESSION, SSL_R_UNSUPPORTED_SSL_VERSION); - SSL_SESSION_free(ss); - return (0); - } - - /*- - * If RFC5077 ticket, use empty session ID (as server). - * Note that: - * (a) ssl_get_prev_session() does lookahead into the - * ClientHello extensions to find the session ticket. - * When ssl_get_prev_session() fails, statem_srvr.c calls - * ssl_get_new_session() in tls_process_client_hello(). - * At that point, it has not yet parsed the extensions, - * however, because of the lookahead, it already knows - * whether a ticket is expected or not. - * - * (b) statem_clnt.c calls ssl_get_new_session() before parsing - * ServerHello extensions, and before recording the session - * ID received from the server, so this block is a noop. - */ - if (s->tlsext_ticket_expected) { + if (SSL_IS_TLS13(s)) { + /* + * We generate the session id while constructing the + * NewSessionTicket in TLSv1.3. + */ ss->session_id_length = 0; - goto sess_id_done; - } - - /* Choose which callback will set the session ID */ - CRYPTO_THREAD_read_lock(s->lock); - CRYPTO_THREAD_read_lock(s->session_ctx->lock); - if (s->generate_session_id) - cb = s->generate_session_id; - else if (s->session_ctx->generate_session_id) - cb = s->session_ctx->generate_session_id; - CRYPTO_THREAD_unlock(s->session_ctx->lock); - CRYPTO_THREAD_unlock(s->lock); - /* Choose a session ID */ - memset(ss->session_id, 0, ss->session_id_length); - tmp = ss->session_id_length; - if (!cb(s, ss->session_id, &tmp)) { - /* The callback failed */ - SSLerr(SSL_F_SSL_GET_NEW_SESSION, - SSL_R_SSL_SESSION_ID_CALLBACK_FAILED); + } else if (!ssl_generate_session_id(s, ss)) { + /* SSLfatal() already called */ SSL_SESSION_free(ss); - return (0); - } - /* - * Don't allow the callback to set the session length to zero. nor - * set it higher than it was. - */ - if (tmp == 0 || tmp > ss->session_id_length) { - /* The callback set an illegal length */ - SSLerr(SSL_F_SSL_GET_NEW_SESSION, - SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH); - SSL_SESSION_free(ss); - return (0); - } - ss->session_id_length = tmp; - /* Finally, check for a conflict */ - if (SSL_has_matching_session_id(s, ss->session_id, - ss->session_id_length)) { - SSLerr(SSL_F_SSL_GET_NEW_SESSION, SSL_R_SSL_SESSION_ID_CONFLICT); - SSL_SESSION_free(ss); - return (0); + return 0; } - sess_id_done: - if (s->tlsext_hostname) { - ss->tlsext_hostname = OPENSSL_strdup(s->tlsext_hostname); - if (ss->tlsext_hostname == NULL) { - SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); - SSL_SESSION_free(ss); - return 0; - } - } } else { ss->session_id_length = 0; } if (s->sid_ctx_length > sizeof(ss->sid_ctx)) { - SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GET_NEW_SESSION, + ERR_R_INTERNAL_ERROR); SSL_SESSION_free(ss); return 0; } @@ -430,68 +441,25 @@ int ssl_get_new_session(SSL *s, int session) if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) ss->flags |= SSL_SESS_FLAG_EXTMS; - return (1); + return 1; } -/*- - * ssl_get_prev attempts to find an SSL_SESSION to be used to resume this - * connection. It is only called by servers. - * - * ext: ClientHello extensions (including length prefix) - * session_id: ClientHello session ID. - * - * Returns: - * -1: error - * 0: a session may have been found. - * - * Side effects: - * - If a session is found then s->session is pointed at it (after freeing an - * existing session if need be) and s->verify_result is set from the session. - * - Both for new and resumed sessions, s->tlsext_ticket_expected is set to 1 - * if the server should issue a new session ticket (to 0 otherwise). - */ -int ssl_get_prev_session(SSL *s, const PACKET *ext, const PACKET *session_id) +SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id, + size_t sess_id_len) { - /* This is used only by servers. */ - SSL_SESSION *ret = NULL; - int fatal = 0; - int try_session_cache = 1; - int r; - if (PACKET_remaining(session_id) == 0) - try_session_cache = 0; - - /* sets s->tlsext_ticket_expected and extended master secret flag */ - r = tls_check_serverhello_tlsext_early(s, ext, session_id, &ret); - switch (r) { - case -1: /* Error during processing */ - fatal = 1; - goto err; - case 0: /* No ticket found */ - case 1: /* Zero length ticket found */ - break; /* Ok to carry on processing session id. */ - case 2: /* Ticket found but not decrypted. */ - case 3: /* Ticket decrypted, *ret has been set. */ - try_session_cache = 0; - break; - default: - abort(); - } - - if (try_session_cache && - ret == NULL && - !(s->session_ctx->session_cache_mode & - SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) { + if ((s->session_ctx->session_cache_mode + & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP) == 0) { SSL_SESSION data; - size_t local_len; + data.ssl_version = s->version; - memset(data.session_id, 0, sizeof(data.session_id)); - if (!PACKET_copy_all(session_id, data.session_id, - sizeof(data.session_id), &local_len)) { - goto err; - } - data.session_id_length = local_len; + if (!ossl_assert(sess_id_len <= SSL_MAX_SSL_SESSION_ID_LENGTH)) + return NULL; + + memcpy(data.session_id, sess_id, sess_id_len); + data.session_id_length = sess_id_len; + CRYPTO_THREAD_read_lock(s->session_ctx->lock); ret = lh_SSL_SESSION_retrieve(s->session_ctx->sessions, &data); if (ret != NULL) { @@ -500,18 +468,16 @@ int ssl_get_prev_session(SSL *s, const PACKET *ext, const PACKET *session_id) } CRYPTO_THREAD_unlock(s->session_ctx->lock); if (ret == NULL) - s->session_ctx->stats.sess_miss++; + tsan_counter(&s->session_ctx->stats.sess_miss); } - if (try_session_cache && - ret == NULL && s->session_ctx->get_session_cb != NULL) { + if (ret == NULL && s->session_ctx->get_session_cb != NULL) { int copy = 1; - ret = s->session_ctx->get_session_cb(s, PACKET_data(session_id), - PACKET_remaining(session_id), - ©); + + ret = s->session_ctx->get_session_cb(s, sess_id, sess_id_len, ©); if (ret != NULL) { - s->session_ctx->stats.sess_cb_hit++; + tsan_counter(&s->session_ctx->stats.sess_cb_hit); /* * Increment reference count now if the session callback asks us @@ -527,16 +493,83 @@ int ssl_get_prev_session(SSL *s, const PACKET *ext, const PACKET *session_id) * Add the externally cached session to the internal cache as * well if and only if we are supposed to. */ - if (! - (s->session_ctx->session_cache_mode & - SSL_SESS_CACHE_NO_INTERNAL_STORE)) { + if ((s->session_ctx->session_cache_mode & + SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0) { /* * Either return value of SSL_CTX_add_session should not * interrupt the session resumption process. The return * value is intentionally ignored. */ - SSL_CTX_add_session(s->session_ctx, ret); + (void)SSL_CTX_add_session(s->session_ctx, ret); + } + } + } + + return ret; +} + +/*- + * ssl_get_prev attempts to find an SSL_SESSION to be used to resume this + * connection. It is only called by servers. + * + * hello: The parsed ClientHello data + * + * Returns: + * -1: fatal error + * 0: no session found + * 1: a session may have been found. + * + * Side effects: + * - If a session is found then s->session is pointed at it (after freeing an + * existing session if need be) and s->verify_result is set from the session. + * - Both for new and resumed sessions, s->ext.ticket_expected is set to 1 + * if the server should issue a new session ticket (to 0 otherwise). + */ +int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello) +{ + /* This is used only by servers. */ + + SSL_SESSION *ret = NULL; + int fatal = 0; + int try_session_cache = 0; + SSL_TICKET_STATUS r; + + if (SSL_IS_TLS13(s)) { + /* + * By default we will send a new ticket. This can be overridden in the + * ticket processing. + */ + s->ext.ticket_expected = 1; + if (!tls_parse_extension(s, TLSEXT_IDX_psk_kex_modes, + SSL_EXT_CLIENT_HELLO, hello->pre_proc_exts, + NULL, 0) + || !tls_parse_extension(s, TLSEXT_IDX_psk, SSL_EXT_CLIENT_HELLO, + hello->pre_proc_exts, NULL, 0)) + return -1; + + ret = s->session; + } else { + /* sets s->ext.ticket_expected */ + r = tls_get_ticket_from_client(s, hello, &ret); + switch (r) { + case SSL_TICKET_FATAL_ERR_MALLOC: + case SSL_TICKET_FATAL_ERR_OTHER: + fatal = 1; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GET_PREV_SESSION, + ERR_R_INTERNAL_ERROR); + goto err; + case SSL_TICKET_NONE: + case SSL_TICKET_EMPTY: + if (hello->session_id_len > 0) { + try_session_cache = 1; + ret = lookup_sess_in_cache(s, hello->session_id, + hello->session_id_len); } + break; + case SSL_TICKET_NO_DECRYPT: + case SSL_TICKET_SUCCESS: + case SSL_TICKET_SUCCESS_RENEW: + break; } } @@ -545,6 +578,10 @@ int ssl_get_prev_session(SSL *s, const PACKET *ext, const PACKET *session_id) /* Now ret is non-NULL and we own one of its reference counts. */ + /* Check TLS version consistency */ + if (ret->ssl_version != s->version) + goto err; + if (ret->sid_ctx_length != s->sid_ctx_length || memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) { /* @@ -565,29 +602,14 @@ int ssl_get_prev_session(SSL *s, const PACKET *ext, const PACKET *session_id) * noticing). */ - SSLerr(SSL_F_SSL_GET_PREV_SESSION, - SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GET_PREV_SESSION, + SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); fatal = 1; goto err; } - if (ret->cipher == NULL) { - unsigned char buf[5], *p; - unsigned long l; - - p = buf; - l = ret->cipher_id; - l2n(l, p); - if ((ret->ssl_version >> 8) >= SSL3_VERSION_MAJOR) - ret->cipher = ssl_get_cipher_by_char(s, &(buf[2])); - else - ret->cipher = ssl_get_cipher_by_char(s, &(buf[1])); - if (ret->cipher == NULL) - goto err; - } - if (ret->timeout < (long)(time(NULL) - ret->time)) { /* timeout */ - s->session_ctx->stats.sess_timeout++; + tsan_counter(&s->session_ctx->stats.sess_timeout); if (try_session_cache) { /* session was from the cache, so remove it */ SSL_CTX_remove_session(s->session_ctx, ret); @@ -599,8 +621,8 @@ int ssl_get_prev_session(SSL *s, const PACKET *ext, const PACKET *session_id) if (ret->flags & SSL_SESS_FLAG_EXTMS) { /* If old session includes extms, but new does not: abort handshake */ if (!(s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS)) { - SSLerr(SSL_F_SSL_GET_PREV_SESSION, SSL_R_INCONSISTENT_EXTMS); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL_GET_PREV_SESSION, + SSL_R_INCONSISTENT_EXTMS); fatal = 1; goto err; } @@ -609,29 +631,35 @@ int ssl_get_prev_session(SSL *s, const PACKET *ext, const PACKET *session_id) goto err; } - s->session_ctx->stats.sess_hit++; + if (!SSL_IS_TLS13(s)) { + /* We already did this for TLS1.3 */ + SSL_SESSION_free(s->session); + s->session = ret; + } - SSL_SESSION_free(s->session); - s->session = ret; + tsan_counter(&s->session_ctx->stats.sess_hit); s->verify_result = s->session->verify_result; return 1; err: if (ret != NULL) { SSL_SESSION_free(ret); + /* In TLSv1.3 s->session was already set to ret, so we NULL it out */ + if (SSL_IS_TLS13(s)) + s->session = NULL; if (!try_session_cache) { /* * The session was from a ticket, so we should issue a ticket for * the new session */ - s->tlsext_ticket_expected = 1; + s->ext.ticket_expected = 1; } } if (fatal) return -1; - else - return 0; + + return 0; } int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) @@ -703,7 +731,7 @@ int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) if (!remove_session_lock(ctx, ctx->session_cache_tail, 0)) break; else - ctx->stats.sess_cache_full++; + tsan_counter(&ctx->stats.sess_cache_full); } } } @@ -724,10 +752,10 @@ static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck) if ((c != NULL) && (c->session_id_length != 0)) { if (lck) CRYPTO_THREAD_write_lock(ctx->lock); - if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) == c) { + if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) != NULL) { ret = 1; - r = lh_SSL_SESSION_delete(ctx->sessions, c); - SSL_SESSION_list_remove(ctx, c); + r = lh_SSL_SESSION_delete(ctx->sessions, r); + SSL_SESSION_list_remove(ctx, r); } c->not_resumable = 1; @@ -741,7 +769,7 @@ static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck) SSL_SESSION_free(r); } else ret = 0; - return (ret); + return ret; } void SSL_SESSION_free(SSL_SESSION *ss) @@ -750,8 +778,7 @@ void SSL_SESSION_free(SSL_SESSION *ss) if (ss == NULL) return; - - CRYPTO_atomic_add(&ss->references, -1, &i, ss->lock); + CRYPTO_DOWN_REF(&ss->references, &i, ss->lock); REF_PRINT_COUNT("SSL_SESSION", ss); if (i > 0) return; @@ -764,13 +791,15 @@ void SSL_SESSION_free(SSL_SESSION *ss) X509_free(ss->peer); sk_X509_pop_free(ss->peer_chain, X509_free); sk_SSL_CIPHER_free(ss->ciphers); - OPENSSL_free(ss->tlsext_hostname); - OPENSSL_free(ss->tlsext_tick); + OPENSSL_free(ss->ext.hostname); + OPENSSL_free(ss->ext.tick); #ifndef OPENSSL_NO_EC - ss->tlsext_ecpointformatlist_length = 0; - OPENSSL_free(ss->tlsext_ecpointformatlist); - ss->tlsext_ellipticcurvelist_length = 0; - OPENSSL_free(ss->tlsext_ellipticcurvelist); + OPENSSL_free(ss->ext.ecpointformats); + ss->ext.ecpointformats = NULL; + ss->ext.ecpointformats_len = 0; + OPENSSL_free(ss->ext.supportedgroups); + ss->ext.supportedgroups = NULL; + ss->ext.supportedgroups_len = 0; #endif /* OPENSSL_NO_EC */ #ifndef OPENSSL_NO_PSK OPENSSL_free(ss->psk_identity_hint); @@ -779,6 +808,8 @@ void SSL_SESSION_free(SSL_SESSION *ss) #ifndef OPENSSL_NO_SRP OPENSSL_free(ss->srp_username); #endif + OPENSSL_free(ss->ext.alpn_selected); + OPENSSL_free(ss->ticket_appdata); CRYPTO_THREAD_lock_free(ss->lock); OPENSSL_clear_free(ss, sizeof(*ss)); } @@ -787,7 +818,7 @@ int SSL_SESSION_up_ref(SSL_SESSION *ss) { int i; - if (CRYPTO_atomic_add(&ss->references, 1, &i, ss->lock) <= 0) + if (CRYPTO_UP_REF(&ss->references, &i, ss->lock) <= 0) return 0; REF_PRINT_COUNT("SSL_SESSION", ss); @@ -830,31 +861,31 @@ int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, long SSL_SESSION_set_timeout(SSL_SESSION *s, long t) { if (s == NULL) - return (0); + return 0; s->timeout = t; - return (1); + return 1; } long SSL_SESSION_get_timeout(const SSL_SESSION *s) { if (s == NULL) - return (0); - return (s->timeout); + return 0; + return s->timeout; } long SSL_SESSION_get_time(const SSL_SESSION *s) { if (s == NULL) - return (0); - return (s->time); + return 0; + return s->time; } long SSL_SESSION_set_time(SSL_SESSION *s, long t) { if (s == NULL) - return (0); + return 0; s->time = t; - return (t); + return t; } int SSL_SESSION_get_protocol_version(const SSL_SESSION *s) @@ -862,32 +893,95 @@ int SSL_SESSION_get_protocol_version(const SSL_SESSION *s) return s->ssl_version; } +int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version) +{ + s->ssl_version = version; + return 1; +} + const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s) { return s->cipher; } +int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher) +{ + s->cipher = cipher; + return 1; +} + const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s) { - return s->tlsext_hostname; + return s->ext.hostname; +} + +int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname) +{ + OPENSSL_free(s->ext.hostname); + if (hostname == NULL) { + s->ext.hostname = NULL; + return 1; + } + s->ext.hostname = OPENSSL_strdup(hostname); + + return s->ext.hostname != NULL; } int SSL_SESSION_has_ticket(const SSL_SESSION *s) { - return (s->tlsext_ticklen > 0) ? 1 : 0; + return (s->ext.ticklen > 0) ? 1 : 0; } unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s) { - return s->tlsext_tick_lifetime_hint; + return s->ext.tick_lifetime_hint; } void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick, size_t *len) { - *len = s->tlsext_ticklen; + *len = s->ext.ticklen; if (tick != NULL) - *tick = s->tlsext_tick; + *tick = s->ext.tick; +} + +uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s) +{ + return s->ext.max_early_data; +} + +int SSL_SESSION_set_max_early_data(SSL_SESSION *s, uint32_t max_early_data) +{ + s->ext.max_early_data = max_early_data; + + return 1; +} + +void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s, + const unsigned char **alpn, + size_t *len) +{ + *alpn = s->ext.alpn_selected; + *len = s->ext.alpn_selected_len; +} + +int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, const unsigned char *alpn, + size_t len) +{ + OPENSSL_free(s->ext.alpn_selected); + if (alpn == NULL || len == 0) { + s->ext.alpn_selected = NULL; + s->ext.alpn_selected_len = 0; + return 1; + } + s->ext.alpn_selected = OPENSSL_memdup(alpn, len); + if (s->ext.alpn_selected == NULL) { + s->ext.alpn_selected_len = 0; + return 0; + } + s->ext.alpn_selected_len = len; + + return 1; } X509 *SSL_SESSION_get0_peer(SSL_SESSION *s) @@ -910,70 +1004,73 @@ int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, return 1; } +int SSL_SESSION_is_resumable(const SSL_SESSION *s) +{ + /* + * In the case of EAP-FAST, we can have a pre-shared "ticket" without a + * session ID. + */ + return !s->not_resumable + && (s->session_id_length > 0 || s->ext.ticklen > 0); +} + long SSL_CTX_set_timeout(SSL_CTX *s, long t) { long l; if (s == NULL) - return (0); + return 0; l = s->session_timeout; s->session_timeout = t; - return (l); + return l; } long SSL_CTX_get_timeout(const SSL_CTX *s) { if (s == NULL) - return (0); - return (s->session_timeout); + return 0; + return s->session_timeout; } int SSL_set_session_secret_cb(SSL *s, - int (*tls_session_secret_cb) (SSL *s, - void *secret, - int *secret_len, - STACK_OF(SSL_CIPHER) - *peer_ciphers, - const SSL_CIPHER - **cipher, - void *arg), + tls_session_secret_cb_fn tls_session_secret_cb, void *arg) { if (s == NULL) - return (0); - s->tls_session_secret_cb = tls_session_secret_cb; - s->tls_session_secret_cb_arg = arg; - return (1); + return 0; + s->ext.session_secret_cb = tls_session_secret_cb; + s->ext.session_secret_cb_arg = arg; + return 1; } int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, void *arg) { if (s == NULL) - return (0); - s->tls_session_ticket_ext_cb = cb; - s->tls_session_ticket_ext_cb_arg = arg; - return (1); + return 0; + s->ext.session_ticket_cb = cb; + s->ext.session_ticket_cb_arg = arg; + return 1; } int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) { if (s->version >= TLS1_VERSION) { - OPENSSL_free(s->tlsext_session_ticket); - s->tlsext_session_ticket = NULL; - s->tlsext_session_ticket = + OPENSSL_free(s->ext.session_ticket); + s->ext.session_ticket = NULL; + s->ext.session_ticket = OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len); - if (s->tlsext_session_ticket == NULL) { + if (s->ext.session_ticket == NULL) { SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE); return 0; } - if (ext_data) { - s->tlsext_session_ticket->length = ext_len; - s->tlsext_session_ticket->data = s->tlsext_session_ticket + 1; - memcpy(s->tlsext_session_ticket->data, ext_data, ext_len); + if (ext_data != NULL) { + s->ext.session_ticket->length = ext_len; + s->ext.session_ticket->data = s->ext.session_ticket + 1; + memcpy(s->ext.session_ticket->data, ext_data, ext_len); } else { - s->tlsext_session_ticket->length = 0; - s->tlsext_session_ticket->data = NULL; + s->ext.session_ticket->length = 0; + s->ext.session_ticket->data = NULL; } return 1; @@ -1030,9 +1127,9 @@ int ssl_clear_bad_session(SSL *s) !(s->shutdown & SSL_SENT_SHUTDOWN) && !(SSL_in_init(s) || SSL_in_before(s))) { SSL_CTX_remove_session(s->session_ctx, s->session); - return (1); + return 1; } else - return (0); + return 0; } /* locked by SSL_CTX in the calling function */ @@ -1176,4 +1273,45 @@ void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, ctx->app_verify_cookie_cb = cb; } +int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len) +{ + OPENSSL_free(ss->ticket_appdata); + ss->ticket_appdata_len = 0; + if (data == NULL || len == 0) { + ss->ticket_appdata = NULL; + return 1; + } + ss->ticket_appdata = OPENSSL_memdup(data, len); + if (ss->ticket_appdata != NULL) { + ss->ticket_appdata_len = len; + return 1; + } + return 0; +} + +int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len) +{ + *data = ss->ticket_appdata; + *len = ss->ticket_appdata_len; + return 1; +} + +void SSL_CTX_set_stateless_cookie_generate_cb( + SSL_CTX *ctx, + int (*cb) (SSL *ssl, + unsigned char *cookie, + size_t *cookie_len)) +{ + ctx->gen_stateless_cookie_cb = cb; +} + +void SSL_CTX_set_stateless_cookie_verify_cb( + SSL_CTX *ctx, + int (*cb) (SSL *ssl, + const unsigned char *cookie, + size_t cookie_len)) +{ + ctx->verify_stateless_cookie_cb = cb; +} + IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION) diff --git a/deps/openssl/openssl/ssl/ssl_stat.c b/deps/openssl/openssl/ssl/ssl_stat.c index ad7a019b251cd5..179513b1a3d0cd 100644 --- a/deps/openssl/openssl/ssl/ssl_stat.c +++ b/deps/openssl/openssl/ssl/ssl_stat.c @@ -1,5 +1,6 @@ /* * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005 Nokia. All rights reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,33 +8,6 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - #include #include "ssl_locl.h" @@ -113,6 +87,32 @@ const char *SSL_state_string_long(const SSL *s) return "DTLS1 read hello verify request"; case DTLS_ST_SW_HELLO_VERIFY_REQUEST: return "DTLS1 write hello verify request"; + case TLS_ST_SW_ENCRYPTED_EXTENSIONS: + return "TLSv1.3 write encrypted extensions"; + case TLS_ST_CR_ENCRYPTED_EXTENSIONS: + return "TLSv1.3 read encrypted extensions"; + case TLS_ST_CR_CERT_VRFY: + return "TLSv1.3 read server certificate verify"; + case TLS_ST_SW_CERT_VRFY: + return "TLSv1.3 write server certificate verify"; + case TLS_ST_CR_HELLO_REQ: + return "SSLv3/TLS read hello request"; + case TLS_ST_SW_KEY_UPDATE: + return "TLSv1.3 write server key update"; + case TLS_ST_CW_KEY_UPDATE: + return "TLSv1.3 write client key update"; + case TLS_ST_SR_KEY_UPDATE: + return "TLSv1.3 read client key update"; + case TLS_ST_CR_KEY_UPDATE: + return "TLSv1.3 read server key update"; + case TLS_ST_EARLY_DATA: + return "TLSv1.3 early data"; + case TLS_ST_PENDING_EARLY_DATA_END: + return "TLSv1.3 pending early data end"; + case TLS_ST_CW_END_OF_EARLY_DATA: + return "TLSv1.3 write end of early data"; + case TLS_ST_SR_END_OF_EARLY_DATA: + return "TLSv1.3 read end of early data"; default: return "unknown state"; } @@ -194,6 +194,32 @@ const char *SSL_state_string(const SSL *s) return "DRCHV"; case DTLS_ST_SW_HELLO_VERIFY_REQUEST: return "DWCHV"; + case TLS_ST_SW_ENCRYPTED_EXTENSIONS: + return "TWEE"; + case TLS_ST_CR_ENCRYPTED_EXTENSIONS: + return "TREE"; + case TLS_ST_CR_CERT_VRFY: + return "TRSCV"; + case TLS_ST_SW_CERT_VRFY: + return "TRSCV"; + case TLS_ST_CR_HELLO_REQ: + return "TRHR"; + case TLS_ST_SW_KEY_UPDATE: + return "TWSKU"; + case TLS_ST_CW_KEY_UPDATE: + return "TWCKU"; + case TLS_ST_SR_KEY_UPDATE: + return "TRCKU"; + case TLS_ST_CR_KEY_UPDATE: + return "TRSKU"; + case TLS_ST_EARLY_DATA: + return "TED"; + case TLS_ST_PENDING_EARLY_DATA_END: + return "TPEDE"; + case TLS_ST_CW_END_OF_EARLY_DATA: + return "TWEOED"; + case TLS_ST_SR_END_OF_EARLY_DATA: + return "TWEOED"; default: return "UNKWN "; } diff --git a/deps/openssl/openssl/ssl/ssl_txt.c b/deps/openssl/openssl/ssl/ssl_txt.c index f149a3ad091511..cf6e4c3c05799f 100644 --- a/deps/openssl/openssl/ssl/ssl_txt.c +++ b/deps/openssl/openssl/ssl/ssl_txt.c @@ -1,5 +1,6 @@ /* * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005 Nokia. All rights reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,33 +8,6 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - #include #include #include "ssl_locl.h" @@ -46,22 +20,24 @@ int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x) if ((b = BIO_new(BIO_s_file())) == NULL) { SSLerr(SSL_F_SSL_SESSION_PRINT_FP, ERR_R_BUF_LIB); - return (0); + return 0; } BIO_set_fp(b, fp, BIO_NOCLOSE); ret = SSL_SESSION_print(b, x); BIO_free(b); - return (ret); + return ret; } #endif int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) { - unsigned int i; + size_t i; const char *s; + int istls13; if (x == NULL) goto err; + istls13 = (x->ssl_version == TLS1_3_VERSION); if (BIO_puts(bp, "SSL-Session:\n") <= 0) goto err; s = ssl_protocol_to_string(x->ssl_version); @@ -96,9 +72,12 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) if (BIO_printf(bp, "%02X", x->sid_ctx[i]) <= 0) goto err; } - if (BIO_puts(bp, "\n Master-Key: ") <= 0) + if (istls13) { + if (BIO_puts(bp, "\n Resumption PSK: ") <= 0) + goto err; + } else if (BIO_puts(bp, "\n Master-Key: ") <= 0) goto err; - for (i = 0; i < (unsigned int)x->master_key_length; i++) { + for (i = 0; i < x->master_key_length; i++) { if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0) goto err; } @@ -119,17 +98,18 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) if (BIO_printf(bp, "%s", x->srp_username ? x->srp_username : "None") <= 0) goto err; #endif - if (x->tlsext_tick_lifetime_hint) { + if (x->ext.tick_lifetime_hint) { if (BIO_printf(bp, "\n TLS session ticket lifetime hint: %ld (seconds)", - x->tlsext_tick_lifetime_hint) <= 0) + x->ext.tick_lifetime_hint) <= 0) goto err; } - if (x->tlsext_tick) { + if (x->ext.tick) { if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0) goto err; + /* TODO(size_t): Convert this call */ if (BIO_dump_indent - (bp, (const char *)x->tlsext_tick, x->tlsext_ticklen, 4) + (bp, (const char *)x->ext.tick, (int)x->ext.ticklen, 4) <= 0) goto err; } @@ -170,9 +150,15 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) x->flags & SSL_SESS_FLAG_EXTMS ? "yes" : "no") <= 0) goto err; - return (1); + if (istls13) { + if (BIO_printf(bp, " Max Early Data: %u\n", + x->ext.max_early_data) <= 0) + goto err; + } + + return 1; err: - return (0); + return 0; } /* @@ -181,7 +167,7 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) */ int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x) { - unsigned int i; + size_t i; if (x == NULL) goto err; @@ -204,14 +190,14 @@ int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x) } if (BIO_puts(bp, " Master-Key:") <= 0) goto err; - for (i = 0; i < (unsigned int)x->master_key_length; i++) { + for (i = 0; i < x->master_key_length; i++) { if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0) goto err; } if (BIO_puts(bp, "\n") <= 0) goto err; - return (1); + return 1; err: - return (0); + return 0; } diff --git a/deps/openssl/openssl/ssl/ssl_utst.c b/deps/openssl/openssl/ssl/ssl_utst.c index 09e76d14a73623..cea1bc2707a835 100644 --- a/deps/openssl/openssl/ssl/ssl_utst.c +++ b/deps/openssl/openssl/ssl/ssl_utst.c @@ -14,10 +14,6 @@ static const struct openssl_ssl_test_functions ssl_test_functions = { ssl_init_wbio_buffer, ssl3_setup_buffers, -# ifndef OPENSSL_NO_HEARTBEATS -# undef dtls1_process_heartbeat - dtls1_process_heartbeat -# endif }; const struct openssl_ssl_test_functions *SSL_test_functions(void) diff --git a/deps/openssl/openssl/ssl/statem/extensions.c b/deps/openssl/openssl/ssl/statem/extensions.c new file mode 100644 index 00000000000000..63e61c6184acfd --- /dev/null +++ b/deps/openssl/openssl/ssl/statem/extensions.c @@ -0,0 +1,1693 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "internal/nelem.h" +#include "internal/cryptlib.h" +#include "../ssl_locl.h" +#include "statem_locl.h" +#include "internal/cryptlib.h" + +static int final_renegotiate(SSL *s, unsigned int context, int sent); +static int init_server_name(SSL *s, unsigned int context); +static int final_server_name(SSL *s, unsigned int context, int sent); +#ifndef OPENSSL_NO_EC +static int final_ec_pt_formats(SSL *s, unsigned int context, int sent); +#endif +static int init_session_ticket(SSL *s, unsigned int context); +#ifndef OPENSSL_NO_OCSP +static int init_status_request(SSL *s, unsigned int context); +#endif +#ifndef OPENSSL_NO_NEXTPROTONEG +static int init_npn(SSL *s, unsigned int context); +#endif +static int init_alpn(SSL *s, unsigned int context); +static int final_alpn(SSL *s, unsigned int context, int sent); +static int init_sig_algs_cert(SSL *s, unsigned int context); +static int init_sig_algs(SSL *s, unsigned int context); +static int init_certificate_authorities(SSL *s, unsigned int context); +static EXT_RETURN tls_construct_certificate_authorities(SSL *s, WPACKET *pkt, + unsigned int context, + X509 *x, + size_t chainidx); +static int tls_parse_certificate_authorities(SSL *s, PACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx); +#ifndef OPENSSL_NO_SRP +static int init_srp(SSL *s, unsigned int context); +#endif +static int init_etm(SSL *s, unsigned int context); +static int init_ems(SSL *s, unsigned int context); +static int final_ems(SSL *s, unsigned int context, int sent); +static int init_psk_kex_modes(SSL *s, unsigned int context); +#ifndef OPENSSL_NO_EC +static int final_key_share(SSL *s, unsigned int context, int sent); +#endif +#ifndef OPENSSL_NO_SRTP +static int init_srtp(SSL *s, unsigned int context); +#endif +static int final_sig_algs(SSL *s, unsigned int context, int sent); +static int final_early_data(SSL *s, unsigned int context, int sent); +static int final_maxfragmentlen(SSL *s, unsigned int context, int sent); +static int init_post_handshake_auth(SSL *s, unsigned int context); + +/* Structure to define a built-in extension */ +typedef struct extensions_definition_st { + /* The defined type for the extension */ + unsigned int type; + /* + * The context that this extension applies to, e.g. what messages and + * protocol versions + */ + unsigned int context; + /* + * Initialise extension before parsing. Always called for relevant contexts + * even if extension not present + */ + int (*init)(SSL *s, unsigned int context); + /* Parse extension sent from client to server */ + int (*parse_ctos)(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx); + /* Parse extension send from server to client */ + int (*parse_stoc)(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx); + /* Construct extension sent from server to client */ + EXT_RETURN (*construct_stoc)(SSL *s, WPACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); + /* Construct extension sent from client to server */ + EXT_RETURN (*construct_ctos)(SSL *s, WPACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); + /* + * Finalise extension after parsing. Always called where an extensions was + * initialised even if the extension was not present. |sent| is set to 1 if + * the extension was seen, or 0 otherwise. + */ + int (*final)(SSL *s, unsigned int context, int sent); +} EXTENSION_DEFINITION; + +/* + * Definitions of all built-in extensions. NOTE: Changes in the number or order + * of these extensions should be mirrored with equivalent changes to the + * indexes ( TLSEXT_IDX_* ) defined in ssl_locl.h. + * Each extension has an initialiser, a client and + * server side parser and a finaliser. The initialiser is called (if the + * extension is relevant to the given context) even if we did not see the + * extension in the message that we received. The parser functions are only + * called if we see the extension in the message. The finalisers are always + * called if the initialiser was called. + * There are also server and client side constructor functions which are always + * called during message construction if the extension is relevant for the + * given context. + * The initialisation, parsing, finalisation and construction functions are + * always called in the order defined in this list. Some extensions may depend + * on others having been processed first, so the order of this list is + * significant. + * The extension context is defined by a series of flags which specify which + * messages the extension is relevant to. These flags also specify whether the + * extension is relevant to a particular protocol or protocol version. + * + * TODO(TLS1.3): Make sure we have a test to check the consistency of these + * + * NOTE: WebSphere Application Server 7+ cannot handle empty extensions at + * the end, keep these extensions before signature_algorithm. + */ +#define INVALID_EXTENSION { 0x10000, 0, NULL, NULL, NULL, NULL, NULL, NULL } +static const EXTENSION_DEFINITION ext_defs[] = { + { + TLSEXT_TYPE_renegotiate, + SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO + | SSL_EXT_SSL3_ALLOWED | SSL_EXT_TLS1_2_AND_BELOW_ONLY, + NULL, tls_parse_ctos_renegotiate, tls_parse_stoc_renegotiate, + tls_construct_stoc_renegotiate, tls_construct_ctos_renegotiate, + final_renegotiate + }, + { + TLSEXT_TYPE_server_name, + SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO + | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, + init_server_name, + tls_parse_ctos_server_name, tls_parse_stoc_server_name, + tls_construct_stoc_server_name, tls_construct_ctos_server_name, + final_server_name + }, + { + TLSEXT_TYPE_max_fragment_length, + SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO + | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, + NULL, tls_parse_ctos_maxfragmentlen, tls_parse_stoc_maxfragmentlen, + tls_construct_stoc_maxfragmentlen, tls_construct_ctos_maxfragmentlen, + final_maxfragmentlen + }, +#ifndef OPENSSL_NO_SRP + { + TLSEXT_TYPE_srp, + SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_AND_BELOW_ONLY, + init_srp, tls_parse_ctos_srp, NULL, NULL, tls_construct_ctos_srp, NULL + }, +#else + INVALID_EXTENSION, +#endif +#ifndef OPENSSL_NO_EC + { + TLSEXT_TYPE_ec_point_formats, + SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO + | SSL_EXT_TLS1_2_AND_BELOW_ONLY, + NULL, tls_parse_ctos_ec_pt_formats, tls_parse_stoc_ec_pt_formats, + tls_construct_stoc_ec_pt_formats, tls_construct_ctos_ec_pt_formats, + final_ec_pt_formats + }, + { + /* + * "supported_groups" is spread across several specifications. + * It was originally specified as "elliptic_curves" in RFC 4492, + * and broadened to include named FFDH groups by RFC 7919. + * Both RFCs 4492 and 7919 do not include a provision for the server + * to indicate to the client the complete list of groups supported + * by the server, with the server instead just indicating the + * selected group for this connection in the ServerKeyExchange + * message. TLS 1.3 adds a scheme for the server to indicate + * to the client its list of supported groups in the + * EncryptedExtensions message, but none of the relevant + * specifications permit sending supported_groups in the ServerHello. + * Nonetheless (possibly due to the close proximity to the + * "ec_point_formats" extension, which is allowed in the ServerHello), + * there are several servers that send this extension in the + * ServerHello anyway. Up to and including the 1.1.0 release, + * we did not check for the presence of nonpermitted extensions, + * so to avoid a regression, we must permit this extension in the + * TLS 1.2 ServerHello as well. + * + * Note that there is no tls_parse_stoc_supported_groups function, + * so we do not perform any additional parsing, validation, or + * processing on the server's group list -- this is just a minimal + * change to preserve compatibility with these misbehaving servers. + */ + TLSEXT_TYPE_supported_groups, + SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS + | SSL_EXT_TLS1_2_SERVER_HELLO, + NULL, tls_parse_ctos_supported_groups, NULL, + tls_construct_stoc_supported_groups, + tls_construct_ctos_supported_groups, NULL + }, +#else + INVALID_EXTENSION, + INVALID_EXTENSION, +#endif + { + TLSEXT_TYPE_session_ticket, + SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO + | SSL_EXT_TLS1_2_AND_BELOW_ONLY, + init_session_ticket, tls_parse_ctos_session_ticket, + tls_parse_stoc_session_ticket, tls_construct_stoc_session_ticket, + tls_construct_ctos_session_ticket, NULL + }, +#ifndef OPENSSL_NO_OCSP + { + TLSEXT_TYPE_status_request, + SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO + | SSL_EXT_TLS1_3_CERTIFICATE | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, + init_status_request, tls_parse_ctos_status_request, + tls_parse_stoc_status_request, tls_construct_stoc_status_request, + tls_construct_ctos_status_request, NULL + }, +#else + INVALID_EXTENSION, +#endif +#ifndef OPENSSL_NO_NEXTPROTONEG + { + TLSEXT_TYPE_next_proto_neg, + SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO + | SSL_EXT_TLS1_2_AND_BELOW_ONLY, + init_npn, tls_parse_ctos_npn, tls_parse_stoc_npn, + tls_construct_stoc_next_proto_neg, tls_construct_ctos_npn, NULL + }, +#else + INVALID_EXTENSION, +#endif + { + /* + * Must appear in this list after server_name so that finalisation + * happens after server_name callbacks + */ + TLSEXT_TYPE_application_layer_protocol_negotiation, + SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO + | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, + init_alpn, tls_parse_ctos_alpn, tls_parse_stoc_alpn, + tls_construct_stoc_alpn, tls_construct_ctos_alpn, final_alpn + }, +#ifndef OPENSSL_NO_SRTP + { + TLSEXT_TYPE_use_srtp, + SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO + | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS | SSL_EXT_DTLS_ONLY, + init_srtp, tls_parse_ctos_use_srtp, tls_parse_stoc_use_srtp, + tls_construct_stoc_use_srtp, tls_construct_ctos_use_srtp, NULL + }, +#else + INVALID_EXTENSION, +#endif + { + TLSEXT_TYPE_encrypt_then_mac, + SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO + | SSL_EXT_TLS1_2_AND_BELOW_ONLY, + init_etm, tls_parse_ctos_etm, tls_parse_stoc_etm, + tls_construct_stoc_etm, tls_construct_ctos_etm, NULL + }, +#ifndef OPENSSL_NO_CT + { + TLSEXT_TYPE_signed_certificate_timestamp, + SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO + | SSL_EXT_TLS1_3_CERTIFICATE | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, + NULL, + /* + * No server side support for this, but can be provided by a custom + * extension. This is an exception to the rule that custom extensions + * cannot override built in ones. + */ + NULL, tls_parse_stoc_sct, NULL, tls_construct_ctos_sct, NULL + }, +#else + INVALID_EXTENSION, +#endif + { + TLSEXT_TYPE_extended_master_secret, + SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO + | SSL_EXT_TLS1_2_AND_BELOW_ONLY, + init_ems, tls_parse_ctos_ems, tls_parse_stoc_ems, + tls_construct_stoc_ems, tls_construct_ctos_ems, final_ems + }, + { + TLSEXT_TYPE_signature_algorithms_cert, + SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, + init_sig_algs_cert, tls_parse_ctos_sig_algs_cert, + tls_parse_ctos_sig_algs_cert, + /* We do not generate signature_algorithms_cert at present. */ + NULL, NULL, NULL + }, + { + TLSEXT_TYPE_post_handshake_auth, + SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_ONLY, + init_post_handshake_auth, + tls_parse_ctos_post_handshake_auth, NULL, + NULL, tls_construct_ctos_post_handshake_auth, + NULL, + }, + { + TLSEXT_TYPE_signature_algorithms, + SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, + init_sig_algs, tls_parse_ctos_sig_algs, + tls_parse_ctos_sig_algs, tls_construct_ctos_sig_algs, + tls_construct_ctos_sig_algs, final_sig_algs + }, + { + TLSEXT_TYPE_supported_versions, + SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO + | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST | SSL_EXT_TLS_IMPLEMENTATION_ONLY, + NULL, + /* Processed inline as part of version selection */ + NULL, tls_parse_stoc_supported_versions, + tls_construct_stoc_supported_versions, + tls_construct_ctos_supported_versions, NULL + }, + { + TLSEXT_TYPE_psk_kex_modes, + SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS_IMPLEMENTATION_ONLY + | SSL_EXT_TLS1_3_ONLY, + init_psk_kex_modes, tls_parse_ctos_psk_kex_modes, NULL, NULL, + tls_construct_ctos_psk_kex_modes, NULL + }, +#ifndef OPENSSL_NO_EC + { + /* + * Must be in this list after supported_groups. We need that to have + * been parsed before we do this one. + */ + TLSEXT_TYPE_key_share, + SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO + | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST | SSL_EXT_TLS_IMPLEMENTATION_ONLY + | SSL_EXT_TLS1_3_ONLY, + NULL, tls_parse_ctos_key_share, tls_parse_stoc_key_share, + tls_construct_stoc_key_share, tls_construct_ctos_key_share, + final_key_share + }, +#endif + { + /* Must be after key_share */ + TLSEXT_TYPE_cookie, + SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST + | SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY, + NULL, tls_parse_ctos_cookie, tls_parse_stoc_cookie, + tls_construct_stoc_cookie, tls_construct_ctos_cookie, NULL + }, + { + /* + * Special unsolicited ServerHello extension only used when + * SSL_OP_CRYPTOPRO_TLSEXT_BUG is set + */ + TLSEXT_TYPE_cryptopro_bug, + SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_TLS1_2_AND_BELOW_ONLY, + NULL, NULL, NULL, tls_construct_stoc_cryptopro_bug, NULL, NULL + }, + { + TLSEXT_TYPE_early_data, + SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS + | SSL_EXT_TLS1_3_NEW_SESSION_TICKET | SSL_EXT_TLS1_3_ONLY, + NULL, tls_parse_ctos_early_data, tls_parse_stoc_early_data, + tls_construct_stoc_early_data, tls_construct_ctos_early_data, + final_early_data + }, + { + TLSEXT_TYPE_certificate_authorities, + SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST + | SSL_EXT_TLS1_3_ONLY, + init_certificate_authorities, + tls_parse_certificate_authorities, tls_parse_certificate_authorities, + tls_construct_certificate_authorities, + tls_construct_certificate_authorities, NULL, + }, + { + /* Must be immediately before pre_shared_key */ + TLSEXT_TYPE_padding, + SSL_EXT_CLIENT_HELLO, + NULL, + /* We send this, but don't read it */ + NULL, NULL, NULL, tls_construct_ctos_padding, NULL + }, + { + /* Required by the TLSv1.3 spec to always be the last extension */ + TLSEXT_TYPE_psk, + SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO + | SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY, + NULL, tls_parse_ctos_psk, tls_parse_stoc_psk, tls_construct_stoc_psk, + tls_construct_ctos_psk, NULL + } +}; + +/* Check whether an extension's context matches the current context */ +static int validate_context(SSL *s, unsigned int extctx, unsigned int thisctx) +{ + /* Check we're allowed to use this extension in this context */ + if ((thisctx & extctx) == 0) + return 0; + + if (SSL_IS_DTLS(s)) { + if ((extctx & SSL_EXT_TLS_ONLY) != 0) + return 0; + } else if ((extctx & SSL_EXT_DTLS_ONLY) != 0) { + return 0; + } + + return 1; +} + +int tls_validate_all_contexts(SSL *s, unsigned int thisctx, RAW_EXTENSION *exts) +{ + size_t i, num_exts, builtin_num = OSSL_NELEM(ext_defs), offset; + RAW_EXTENSION *thisext; + unsigned int context; + ENDPOINT role = ENDPOINT_BOTH; + + if ((thisctx & SSL_EXT_CLIENT_HELLO) != 0) + role = ENDPOINT_SERVER; + else if ((thisctx & SSL_EXT_TLS1_2_SERVER_HELLO) != 0) + role = ENDPOINT_CLIENT; + + /* Calculate the number of extensions in the extensions list */ + num_exts = builtin_num + s->cert->custext.meths_count; + + for (thisext = exts, i = 0; i < num_exts; i++, thisext++) { + if (!thisext->present) + continue; + + if (i < builtin_num) { + context = ext_defs[i].context; + } else { + custom_ext_method *meth = NULL; + + meth = custom_ext_find(&s->cert->custext, role, thisext->type, + &offset); + if (!ossl_assert(meth != NULL)) + return 0; + context = meth->context; + } + + if (!validate_context(s, context, thisctx)) + return 0; + } + + return 1; +} + +/* + * Verify whether we are allowed to use the extension |type| in the current + * |context|. Returns 1 to indicate the extension is allowed or unknown or 0 to + * indicate the extension is not allowed. If returning 1 then |*found| is set to + * the definition for the extension we found. + */ +static int verify_extension(SSL *s, unsigned int context, unsigned int type, + custom_ext_methods *meths, RAW_EXTENSION *rawexlist, + RAW_EXTENSION **found) +{ + size_t i; + size_t builtin_num = OSSL_NELEM(ext_defs); + const EXTENSION_DEFINITION *thisext; + + for (i = 0, thisext = ext_defs; i < builtin_num; i++, thisext++) { + if (type == thisext->type) { + if (!validate_context(s, thisext->context, context)) + return 0; + + *found = &rawexlist[i]; + return 1; + } + } + + /* Check the custom extensions */ + if (meths != NULL) { + size_t offset = 0; + ENDPOINT role = ENDPOINT_BOTH; + custom_ext_method *meth = NULL; + + if ((context & SSL_EXT_CLIENT_HELLO) != 0) + role = ENDPOINT_SERVER; + else if ((context & SSL_EXT_TLS1_2_SERVER_HELLO) != 0) + role = ENDPOINT_CLIENT; + + meth = custom_ext_find(meths, role, type, &offset); + if (meth != NULL) { + if (!validate_context(s, meth->context, context)) + return 0; + *found = &rawexlist[offset + builtin_num]; + return 1; + } + } + + /* Unknown extension. We allow it */ + *found = NULL; + return 1; +} + +/* + * Check whether the context defined for an extension |extctx| means whether + * the extension is relevant for the current context |thisctx| or not. Returns + * 1 if the extension is relevant for this context, and 0 otherwise + */ +int extension_is_relevant(SSL *s, unsigned int extctx, unsigned int thisctx) +{ + int is_tls13; + + /* + * For HRR we haven't selected the version yet but we know it will be + * TLSv1.3 + */ + if ((thisctx & SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST) != 0) + is_tls13 = 1; + else + is_tls13 = SSL_IS_TLS13(s); + + if ((SSL_IS_DTLS(s) + && (extctx & SSL_EXT_TLS_IMPLEMENTATION_ONLY) != 0) + || (s->version == SSL3_VERSION + && (extctx & SSL_EXT_SSL3_ALLOWED) == 0) + /* + * Note that SSL_IS_TLS13() means "TLS 1.3 has been negotiated", + * which is never true when generating the ClientHello. + * However, version negotiation *has* occurred by the time the + * ClientHello extensions are being parsed. + * Be careful to allow TLS 1.3-only extensions when generating + * the ClientHello. + */ + || (is_tls13 && (extctx & SSL_EXT_TLS1_2_AND_BELOW_ONLY) != 0) + || (!is_tls13 && (extctx & SSL_EXT_TLS1_3_ONLY) != 0 + && (thisctx & SSL_EXT_CLIENT_HELLO) == 0) + || (s->server && !is_tls13 && (extctx & SSL_EXT_TLS1_3_ONLY) != 0) + || (s->hit && (extctx & SSL_EXT_IGNORE_ON_RESUMPTION) != 0)) + return 0; + return 1; +} + +/* + * Gather a list of all the extensions from the data in |packet]. |context| + * tells us which message this extension is for. The raw extension data is + * stored in |*res| on success. We don't actually process the content of the + * extensions yet, except to check their types. This function also runs the + * initialiser functions for all known extensions if |init| is nonzero (whether + * we have collected them or not). If successful the caller is responsible for + * freeing the contents of |*res|. + * + * Per http://tools.ietf.org/html/rfc5246#section-7.4.1.4, there may not be + * more than one extension of the same type in a ClientHello or ServerHello. + * This function returns 1 if all extensions are unique and we have parsed their + * types, and 0 if the extensions contain duplicates, could not be successfully + * found, or an internal error occurred. We only check duplicates for + * extensions that we know about. We ignore others. + */ +int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, + RAW_EXTENSION **res, size_t *len, int init) +{ + PACKET extensions = *packet; + size_t i = 0; + size_t num_exts; + custom_ext_methods *exts = &s->cert->custext; + RAW_EXTENSION *raw_extensions = NULL; + const EXTENSION_DEFINITION *thisexd; + + *res = NULL; + + /* + * Initialise server side custom extensions. Client side is done during + * construction of extensions for the ClientHello. + */ + if ((context & SSL_EXT_CLIENT_HELLO) != 0) + custom_ext_init(&s->cert->custext); + + num_exts = OSSL_NELEM(ext_defs) + (exts != NULL ? exts->meths_count : 0); + raw_extensions = OPENSSL_zalloc(num_exts * sizeof(*raw_extensions)); + if (raw_extensions == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_COLLECT_EXTENSIONS, + ERR_R_MALLOC_FAILURE); + return 0; + } + + i = 0; + while (PACKET_remaining(&extensions) > 0) { + unsigned int type, idx; + PACKET extension; + RAW_EXTENSION *thisex; + + if (!PACKET_get_net_2(&extensions, &type) || + !PACKET_get_length_prefixed_2(&extensions, &extension)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_COLLECT_EXTENSIONS, + SSL_R_BAD_EXTENSION); + goto err; + } + /* + * Verify this extension is allowed. We only check duplicates for + * extensions that we recognise. We also have a special case for the + * PSK extension, which must be the last one in the ClientHello. + */ + if (!verify_extension(s, context, type, exts, raw_extensions, &thisex) + || (thisex != NULL && thisex->present == 1) + || (type == TLSEXT_TYPE_psk + && (context & SSL_EXT_CLIENT_HELLO) != 0 + && PACKET_remaining(&extensions) != 0)) { + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_COLLECT_EXTENSIONS, + SSL_R_BAD_EXTENSION); + goto err; + } + idx = thisex - raw_extensions; + /*- + * Check that we requested this extension (if appropriate). Requests can + * be sent in the ClientHello and CertificateRequest. Unsolicited + * extensions can be sent in the NewSessionTicket. We only do this for + * the built-in extensions. Custom extensions have a different but + * similar check elsewhere. + * Special cases: + * - The HRR cookie extension is unsolicited + * - The renegotiate extension is unsolicited (the client signals + * support via an SCSV) + * - The signed_certificate_timestamp extension can be provided by a + * custom extension or by the built-in version. We let the extension + * itself handle unsolicited response checks. + */ + if (idx < OSSL_NELEM(ext_defs) + && (context & (SSL_EXT_CLIENT_HELLO + | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST + | SSL_EXT_TLS1_3_NEW_SESSION_TICKET)) == 0 + && type != TLSEXT_TYPE_cookie + && type != TLSEXT_TYPE_renegotiate + && type != TLSEXT_TYPE_signed_certificate_timestamp + && (s->ext.extflags[idx] & SSL_EXT_FLAG_SENT) == 0) { + SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION, + SSL_F_TLS_COLLECT_EXTENSIONS, SSL_R_UNSOLICITED_EXTENSION); + goto err; + } + if (thisex != NULL) { + thisex->data = extension; + thisex->present = 1; + thisex->type = type; + thisex->received_order = i++; + if (s->ext.debug_cb) + s->ext.debug_cb(s, !s->server, thisex->type, + PACKET_data(&thisex->data), + PACKET_remaining(&thisex->data), + s->ext.debug_arg); + } + } + + if (init) { + /* + * Initialise all known extensions relevant to this context, + * whether we have found them or not + */ + for (thisexd = ext_defs, i = 0; i < OSSL_NELEM(ext_defs); + i++, thisexd++) { + if (thisexd->init != NULL && (thisexd->context & context) != 0 + && extension_is_relevant(s, thisexd->context, context) + && !thisexd->init(s, context)) { + /* SSLfatal() already called */ + goto err; + } + } + } + + *res = raw_extensions; + if (len != NULL) + *len = num_exts; + return 1; + + err: + OPENSSL_free(raw_extensions); + return 0; +} + +/* + * Runs the parser for a given extension with index |idx|. |exts| contains the + * list of all parsed extensions previously collected by + * tls_collect_extensions(). The parser is only run if it is applicable for the + * given |context| and the parser has not already been run. If this is for a + * Certificate message, then we also provide the parser with the relevant + * Certificate |x| and its position in the |chainidx| with 0 being the first + * Certificate. Returns 1 on success or 0 on failure. If an extension is not + * present this counted as success. + */ +int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context, + RAW_EXTENSION *exts, X509 *x, size_t chainidx) +{ + RAW_EXTENSION *currext = &exts[idx]; + int (*parser)(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx) = NULL; + + /* Skip if the extension is not present */ + if (!currext->present) + return 1; + + /* Skip if we've already parsed this extension */ + if (currext->parsed) + return 1; + + currext->parsed = 1; + + if (idx < OSSL_NELEM(ext_defs)) { + /* We are handling a built-in extension */ + const EXTENSION_DEFINITION *extdef = &ext_defs[idx]; + + /* Check if extension is defined for our protocol. If not, skip */ + if (!extension_is_relevant(s, extdef->context, context)) + return 1; + + parser = s->server ? extdef->parse_ctos : extdef->parse_stoc; + + if (parser != NULL) + return parser(s, &currext->data, context, x, chainidx); + + /* + * If the parser is NULL we fall through to the custom extension + * processing + */ + } + + /* Parse custom extensions */ + return custom_ext_parse(s, context, currext->type, + PACKET_data(&currext->data), + PACKET_remaining(&currext->data), + x, chainidx); +} + +/* + * Parse all remaining extensions that have not yet been parsed. Also calls the + * finalisation for all extensions at the end if |fin| is nonzero, whether we + * collected them or not. Returns 1 for success or 0 for failure. If we are + * working on a Certificate message then we also pass the Certificate |x| and + * its position in the |chainidx|, with 0 being the first certificate. + */ +int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts, X509 *x, + size_t chainidx, int fin) +{ + size_t i, numexts = OSSL_NELEM(ext_defs); + const EXTENSION_DEFINITION *thisexd; + + /* Calculate the number of extensions in the extensions list */ + numexts += s->cert->custext.meths_count; + + /* Parse each extension in turn */ + for (i = 0; i < numexts; i++) { + if (!tls_parse_extension(s, i, context, exts, x, chainidx)) { + /* SSLfatal() already called */ + return 0; + } + } + + if (fin) { + /* + * Finalise all known extensions relevant to this context, + * whether we have found them or not + */ + for (i = 0, thisexd = ext_defs; i < OSSL_NELEM(ext_defs); + i++, thisexd++) { + if (thisexd->final != NULL && (thisexd->context & context) != 0 + && !thisexd->final(s, context, exts[i].present)) { + /* SSLfatal() already called */ + return 0; + } + } + } + + return 1; +} + +int should_add_extension(SSL *s, unsigned int extctx, unsigned int thisctx, + int max_version) +{ + /* Skip if not relevant for our context */ + if ((extctx & thisctx) == 0) + return 0; + + /* Check if this extension is defined for our protocol. If not, skip */ + if (!extension_is_relevant(s, extctx, thisctx) + || ((extctx & SSL_EXT_TLS1_3_ONLY) != 0 + && (thisctx & SSL_EXT_CLIENT_HELLO) != 0 + && (SSL_IS_DTLS(s) || max_version < TLS1_3_VERSION))) + return 0; + + return 1; +} + +/* + * Construct all the extensions relevant to the current |context| and write + * them to |pkt|. If this is an extension for a Certificate in a Certificate + * message, then |x| will be set to the Certificate we are handling, and + * |chainidx| will indicate the position in the chainidx we are processing (with + * 0 being the first in the chain). Returns 1 on success or 0 on failure. On a + * failure construction stops at the first extension to fail to construct. + */ +int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) +{ + size_t i; + int min_version, max_version = 0, reason; + const EXTENSION_DEFINITION *thisexd; + + if (!WPACKET_start_sub_packet_u16(pkt) + /* + * If extensions are of zero length then we don't even add the + * extensions length bytes to a ClientHello/ServerHello + * (for non-TLSv1.3). + */ + || ((context & + (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO)) != 0 + && !WPACKET_set_flags(pkt, + WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH))) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_EXTENSIONS, + ERR_R_INTERNAL_ERROR); + return 0; + } + + if ((context & SSL_EXT_CLIENT_HELLO) != 0) { + reason = ssl_get_min_max_version(s, &min_version, &max_version, NULL); + if (reason != 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_EXTENSIONS, + reason); + return 0; + } + } + + /* Add custom extensions first */ + if ((context & SSL_EXT_CLIENT_HELLO) != 0) { + /* On the server side with initialise during ClientHello parsing */ + custom_ext_init(&s->cert->custext); + } + if (!custom_ext_add(s, context, pkt, x, chainidx, max_version)) { + /* SSLfatal() already called */ + return 0; + } + + for (i = 0, thisexd = ext_defs; i < OSSL_NELEM(ext_defs); i++, thisexd++) { + EXT_RETURN (*construct)(SSL *s, WPACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); + EXT_RETURN ret; + + /* Skip if not relevant for our context */ + if (!should_add_extension(s, thisexd->context, context, max_version)) + continue; + + construct = s->server ? thisexd->construct_stoc + : thisexd->construct_ctos; + + if (construct == NULL) + continue; + + ret = construct(s, pkt, context, x, chainidx); + if (ret == EXT_RETURN_FAIL) { + /* SSLfatal() already called */ + return 0; + } + if (ret == EXT_RETURN_SENT + && (context & (SSL_EXT_CLIENT_HELLO + | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST + | SSL_EXT_TLS1_3_NEW_SESSION_TICKET)) != 0) + s->ext.extflags[i] |= SSL_EXT_FLAG_SENT; + } + + if (!WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_EXTENSIONS, + ERR_R_INTERNAL_ERROR); + return 0; + } + + return 1; +} + +/* + * Built in extension finalisation and initialisation functions. All initialise + * or finalise the associated extension type for the given |context|. For + * finalisers |sent| is set to 1 if we saw the extension during parsing, and 0 + * otherwise. These functions return 1 on success or 0 on failure. + */ + +static int final_renegotiate(SSL *s, unsigned int context, int sent) +{ + if (!s->server) { + /* + * Check if we can connect to a server that doesn't support safe + * renegotiation + */ + if (!(s->options & SSL_OP_LEGACY_SERVER_CONNECT) + && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) + && !sent) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_FINAL_RENEGOTIATE, + SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); + return 0; + } + + return 1; + } + + /* Need RI if renegotiating */ + if (s->renegotiate + && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) + && !sent) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_FINAL_RENEGOTIATE, + SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); + return 0; + } + + + return 1; +} + +static int init_server_name(SSL *s, unsigned int context) +{ + if (s->server) { + s->servername_done = 0; + + OPENSSL_free(s->ext.hostname); + s->ext.hostname = NULL; + } + + return 1; +} + +static int final_server_name(SSL *s, unsigned int context, int sent) +{ + int ret = SSL_TLSEXT_ERR_NOACK; + int altmp = SSL_AD_UNRECOGNIZED_NAME; + int was_ticket = (SSL_get_options(s) & SSL_OP_NO_TICKET) == 0; + + if (!ossl_assert(s->ctx != NULL) || !ossl_assert(s->session_ctx != NULL)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_SERVER_NAME, + ERR_R_INTERNAL_ERROR); + return 0; + } + + if (s->ctx->ext.servername_cb != NULL) + ret = s->ctx->ext.servername_cb(s, &altmp, + s->ctx->ext.servername_arg); + else if (s->session_ctx->ext.servername_cb != NULL) + ret = s->session_ctx->ext.servername_cb(s, &altmp, + s->session_ctx->ext.servername_arg); + + /* + * For servers, propagate the SNI hostname from the temporary + * storage in the SSL to the persistent SSL_SESSION, now that we + * know we accepted it. + * Clients make this copy when parsing the server's response to + * the extension, which is when they find out that the negotiation + * was successful. + */ + if (s->server) { + /* TODO(OpenSSL1.2) revisit !sent case */ + if (sent && ret == SSL_TLSEXT_ERR_OK && (!s->hit || SSL_IS_TLS13(s))) { + /* Only store the hostname in the session if we accepted it. */ + OPENSSL_free(s->session->ext.hostname); + s->session->ext.hostname = OPENSSL_strdup(s->ext.hostname); + if (s->session->ext.hostname == NULL && s->ext.hostname != NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_SERVER_NAME, + ERR_R_INTERNAL_ERROR); + } + } + } + + /* + * If we switched contexts (whether here or in the client_hello callback), + * move the sess_accept increment from the session_ctx to the new + * context, to avoid the confusing situation of having sess_accept_good + * exceed sess_accept (zero) for the new context. + */ + if (SSL_IS_FIRST_HANDSHAKE(s) && s->ctx != s->session_ctx) { + tsan_counter(&s->ctx->stats.sess_accept); + tsan_decr(&s->session_ctx->stats.sess_accept); + } + + /* + * If we're expecting to send a ticket, and tickets were previously enabled, + * and now tickets are disabled, then turn off expected ticket. + * Also, if this is not a resumption, create a new session ID + */ + if (ret == SSL_TLSEXT_ERR_OK && s->ext.ticket_expected + && was_ticket && (SSL_get_options(s) & SSL_OP_NO_TICKET) != 0) { + s->ext.ticket_expected = 0; + if (!s->hit) { + SSL_SESSION* ss = SSL_get_session(s); + + if (ss != NULL) { + OPENSSL_free(ss->ext.tick); + ss->ext.tick = NULL; + ss->ext.ticklen = 0; + ss->ext.tick_lifetime_hint = 0; + ss->ext.tick_age_add = 0; + ss->ext.tick_identity = 0; + if (!ssl_generate_session_id(s, ss)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_SERVER_NAME, + ERR_R_INTERNAL_ERROR); + return 0; + } + } else { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_SERVER_NAME, + ERR_R_INTERNAL_ERROR); + return 0; + } + } + } + + switch (ret) { + case SSL_TLSEXT_ERR_ALERT_FATAL: + SSLfatal(s, altmp, SSL_F_FINAL_SERVER_NAME, SSL_R_CALLBACK_FAILED); + return 0; + + case SSL_TLSEXT_ERR_ALERT_WARNING: + /* TLSv1.3 doesn't have warning alerts so we suppress this */ + if (!SSL_IS_TLS13(s)) + ssl3_send_alert(s, SSL3_AL_WARNING, altmp); + return 1; + + case SSL_TLSEXT_ERR_NOACK: + s->servername_done = 0; + return 1; + + default: + return 1; + } +} + +#ifndef OPENSSL_NO_EC +static int final_ec_pt_formats(SSL *s, unsigned int context, int sent) +{ + unsigned long alg_k, alg_a; + + if (s->server) + return 1; + + alg_k = s->s3->tmp.new_cipher->algorithm_mkey; + alg_a = s->s3->tmp.new_cipher->algorithm_auth; + + /* + * If we are client and using an elliptic curve cryptography cipher + * suite, then if server returns an EC point formats lists extension it + * must contain uncompressed. + */ + if (s->ext.ecpointformats != NULL + && s->ext.ecpointformats_len > 0 + && s->session->ext.ecpointformats != NULL + && s->session->ext.ecpointformats_len > 0 + && ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))) { + /* we are using an ECC cipher */ + size_t i; + unsigned char *list = s->session->ext.ecpointformats; + + for (i = 0; i < s->session->ext.ecpointformats_len; i++) { + if (*list++ == TLSEXT_ECPOINTFORMAT_uncompressed) + break; + } + if (i == s->session->ext.ecpointformats_len) { + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_FINAL_EC_PT_FORMATS, + SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST); + return 0; + } + } + + return 1; +} +#endif + +static int init_session_ticket(SSL *s, unsigned int context) +{ + if (!s->server) + s->ext.ticket_expected = 0; + + return 1; +} + +#ifndef OPENSSL_NO_OCSP +static int init_status_request(SSL *s, unsigned int context) +{ + if (s->server) { + s->ext.status_type = TLSEXT_STATUSTYPE_nothing; + } else { + /* + * Ensure we get sensible values passed to tlsext_status_cb in the event + * that we don't receive a status message + */ + OPENSSL_free(s->ext.ocsp.resp); + s->ext.ocsp.resp = NULL; + s->ext.ocsp.resp_len = 0; + } + + return 1; +} +#endif + +#ifndef OPENSSL_NO_NEXTPROTONEG +static int init_npn(SSL *s, unsigned int context) +{ + s->s3->npn_seen = 0; + + return 1; +} +#endif + +static int init_alpn(SSL *s, unsigned int context) +{ + OPENSSL_free(s->s3->alpn_selected); + s->s3->alpn_selected = NULL; + s->s3->alpn_selected_len = 0; + if (s->server) { + OPENSSL_free(s->s3->alpn_proposed); + s->s3->alpn_proposed = NULL; + s->s3->alpn_proposed_len = 0; + } + return 1; +} + +static int final_alpn(SSL *s, unsigned int context, int sent) +{ + if (!s->server && !sent && s->session->ext.alpn_selected != NULL) + s->ext.early_data_ok = 0; + + if (!s->server || !SSL_IS_TLS13(s)) + return 1; + + /* + * Call alpn_select callback if needed. Has to be done after SNI and + * cipher negotiation (HTTP/2 restricts permitted ciphers). In TLSv1.3 + * we also have to do this before we decide whether to accept early_data. + * In TLSv1.3 we've already negotiated our cipher so we do this call now. + * For < TLSv1.3 we defer it until after cipher negotiation. + * + * On failure SSLfatal() already called. + */ + return tls_handle_alpn(s); +} + +static int init_sig_algs(SSL *s, unsigned int context) +{ + /* Clear any signature algorithms extension received */ + OPENSSL_free(s->s3->tmp.peer_sigalgs); + s->s3->tmp.peer_sigalgs = NULL; + + return 1; +} + +static int init_sig_algs_cert(SSL *s, unsigned int context) +{ + /* Clear any signature algorithms extension received */ + OPENSSL_free(s->s3->tmp.peer_cert_sigalgs); + s->s3->tmp.peer_cert_sigalgs = NULL; + + return 1; +} + +#ifndef OPENSSL_NO_SRP +static int init_srp(SSL *s, unsigned int context) +{ + OPENSSL_free(s->srp_ctx.login); + s->srp_ctx.login = NULL; + + return 1; +} +#endif + +static int init_etm(SSL *s, unsigned int context) +{ + s->ext.use_etm = 0; + + return 1; +} + +static int init_ems(SSL *s, unsigned int context) +{ + if (!s->server) + s->s3->flags &= ~TLS1_FLAGS_RECEIVED_EXTMS; + + return 1; +} + +static int final_ems(SSL *s, unsigned int context, int sent) +{ + if (!s->server && s->hit) { + /* + * Check extended master secret extension is consistent with + * original session. + */ + if (!(s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) != + !(s->session->flags & SSL_SESS_FLAG_EXTMS)) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_FINAL_EMS, + SSL_R_INCONSISTENT_EXTMS); + return 0; + } + } + + return 1; +} + +static int init_certificate_authorities(SSL *s, unsigned int context) +{ + sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free); + s->s3->tmp.peer_ca_names = NULL; + return 1; +} + +static EXT_RETURN tls_construct_certificate_authorities(SSL *s, WPACKET *pkt, + unsigned int context, + X509 *x, + size_t chainidx) +{ + const STACK_OF(X509_NAME) *ca_sk = get_ca_names(s); + + if (ca_sk == NULL || sk_X509_NAME_num(ca_sk) == 0) + return EXT_RETURN_NOT_SENT; + + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_certificate_authorities) + || !WPACKET_start_sub_packet_u16(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CERTIFICATE_AUTHORITIES, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + if (!construct_ca_names(s, ca_sk, pkt)) { + /* SSLfatal() already called */ + return EXT_RETURN_FAIL; + } + + if (!WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CERTIFICATE_AUTHORITIES, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + return EXT_RETURN_SENT; +} + +static int tls_parse_certificate_authorities(SSL *s, PACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx) +{ + if (!parse_ca_names(s, pkt)) + return 0; + if (PACKET_remaining(pkt) != 0) { + SSLfatal(s, SSL_AD_DECODE_ERROR, + SSL_F_TLS_PARSE_CERTIFICATE_AUTHORITIES, SSL_R_BAD_EXTENSION); + return 0; + } + return 1; +} + +#ifndef OPENSSL_NO_SRTP +static int init_srtp(SSL *s, unsigned int context) +{ + if (s->server) + s->srtp_profile = NULL; + + return 1; +} +#endif + +static int final_sig_algs(SSL *s, unsigned int context, int sent) +{ + if (!sent && SSL_IS_TLS13(s) && !s->hit) { + SSLfatal(s, TLS13_AD_MISSING_EXTENSION, SSL_F_FINAL_SIG_ALGS, + SSL_R_MISSING_SIGALGS_EXTENSION); + return 0; + } + + return 1; +} + +#ifndef OPENSSL_NO_EC +static int final_key_share(SSL *s, unsigned int context, int sent) +{ + if (!SSL_IS_TLS13(s)) + return 1; + + /* Nothing to do for key_share in an HRR */ + if ((context & SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST) != 0) + return 1; + + /* + * If + * we are a client + * AND + * we have no key_share + * AND + * (we are not resuming + * OR the kex_mode doesn't allow non key_share resumes) + * THEN + * fail; + */ + if (!s->server + && !sent + && (!s->hit + || (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE) == 0)) { + /* Nothing left we can do - just fail */ + SSLfatal(s, SSL_AD_MISSING_EXTENSION, SSL_F_FINAL_KEY_SHARE, + SSL_R_NO_SUITABLE_KEY_SHARE); + return 0; + } + /* + * IF + * we are a server + * THEN + * IF + * we have a suitable key_share + * THEN + * IF + * we are stateless AND we have no cookie + * THEN + * send a HelloRetryRequest + * ELSE + * IF + * we didn't already send a HelloRetryRequest + * AND + * the client sent a key_share extension + * AND + * (we are not resuming + * OR the kex_mode allows key_share resumes) + * AND + * a shared group exists + * THEN + * send a HelloRetryRequest + * ELSE IF + * we are not resuming + * OR + * the kex_mode doesn't allow non key_share resumes + * THEN + * fail + * ELSE IF + * we are stateless AND we have no cookie + * THEN + * send a HelloRetryRequest + */ + if (s->server) { + if (s->s3->peer_tmp != NULL) { + /* We have a suitable key_share */ + if ((s->s3->flags & TLS1_FLAGS_STATELESS) != 0 + && !s->ext.cookieok) { + if (!ossl_assert(s->hello_retry_request == SSL_HRR_NONE)) { + /* + * If we are stateless then we wouldn't know about any + * previously sent HRR - so how can this be anything other + * than 0? + */ + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_KEY_SHARE, + ERR_R_INTERNAL_ERROR); + return 0; + } + s->hello_retry_request = SSL_HRR_PENDING; + return 1; + } + } else { + /* No suitable key_share */ + if (s->hello_retry_request == SSL_HRR_NONE && sent + && (!s->hit + || (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE) + != 0)) { + const uint16_t *pgroups, *clntgroups; + size_t num_groups, clnt_num_groups, i; + unsigned int group_id = 0; + + /* Check if a shared group exists */ + + /* Get the clients list of supported groups. */ + tls1_get_peer_groups(s, &clntgroups, &clnt_num_groups); + tls1_get_supported_groups(s, &pgroups, &num_groups); + + /* + * Find the first group we allow that is also in client's list + */ + for (i = 0; i < num_groups; i++) { + group_id = pgroups[i]; + + if (check_in_list(s, group_id, clntgroups, clnt_num_groups, + 1)) + break; + } + + if (i < num_groups) { + /* A shared group exists so send a HelloRetryRequest */ + s->s3->group_id = group_id; + s->hello_retry_request = SSL_HRR_PENDING; + return 1; + } + } + if (!s->hit + || (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE) == 0) { + /* Nothing left we can do - just fail */ + SSLfatal(s, sent ? SSL_AD_HANDSHAKE_FAILURE + : SSL_AD_MISSING_EXTENSION, + SSL_F_FINAL_KEY_SHARE, SSL_R_NO_SUITABLE_KEY_SHARE); + return 0; + } + + if ((s->s3->flags & TLS1_FLAGS_STATELESS) != 0 + && !s->ext.cookieok) { + if (!ossl_assert(s->hello_retry_request == SSL_HRR_NONE)) { + /* + * If we are stateless then we wouldn't know about any + * previously sent HRR - so how can this be anything other + * than 0? + */ + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_KEY_SHARE, + ERR_R_INTERNAL_ERROR); + return 0; + } + s->hello_retry_request = SSL_HRR_PENDING; + return 1; + } + } + + /* + * We have a key_share so don't send any more HelloRetryRequest + * messages + */ + if (s->hello_retry_request == SSL_HRR_PENDING) + s->hello_retry_request = SSL_HRR_COMPLETE; + } else { + /* + * For a client side resumption with no key_share we need to generate + * the handshake secret (otherwise this is done during key_share + * processing). + */ + if (!sent && !tls13_generate_handshake_secret(s, NULL, 0)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_KEY_SHARE, + ERR_R_INTERNAL_ERROR); + return 0; + } + } + + return 1; +} +#endif + +static int init_psk_kex_modes(SSL *s, unsigned int context) +{ + s->ext.psk_kex_mode = TLSEXT_KEX_MODE_FLAG_NONE; + return 1; +} + +int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, + size_t binderoffset, const unsigned char *binderin, + unsigned char *binderout, SSL_SESSION *sess, int sign, + int external) +{ + EVP_PKEY *mackey = NULL; + EVP_MD_CTX *mctx = NULL; + unsigned char hash[EVP_MAX_MD_SIZE], binderkey[EVP_MAX_MD_SIZE]; + unsigned char finishedkey[EVP_MAX_MD_SIZE], tmpbinder[EVP_MAX_MD_SIZE]; + unsigned char *early_secret; + static const unsigned char resumption_label[] = "res binder"; + static const unsigned char external_label[] = "ext binder"; + const unsigned char *label; + size_t bindersize, labelsize, hashsize; + int hashsizei = EVP_MD_size(md); + int ret = -1; + int usepskfored = 0; + + /* Ensure cast to size_t is safe */ + if (!ossl_assert(hashsizei >= 0)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER, + ERR_R_INTERNAL_ERROR); + goto err; + } + hashsize = (size_t)hashsizei; + + if (external + && s->early_data_state == SSL_EARLY_DATA_CONNECTING + && s->session->ext.max_early_data == 0 + && sess->ext.max_early_data > 0) + usepskfored = 1; + + if (external) { + label = external_label; + labelsize = sizeof(external_label) - 1; + } else { + label = resumption_label; + labelsize = sizeof(resumption_label) - 1; + } + + /* + * Generate the early_secret. On the server side we've selected a PSK to + * resume with (internal or external) so we always do this. On the client + * side we do this for a non-external (i.e. resumption) PSK or external PSK + * that will be used for early_data so that it is in place for sending early + * data. For client side external PSK not being used for early_data we + * generate it but store it away for later use. + */ + if (s->server || !external || usepskfored) + early_secret = (unsigned char *)s->early_secret; + else + early_secret = (unsigned char *)sess->early_secret; + + if (!tls13_generate_secret(s, md, NULL, sess->master_key, + sess->master_key_length, early_secret)) { + /* SSLfatal() already called */ + goto err; + } + + /* + * Create the handshake hash for the binder key...the messages so far are + * empty! + */ + mctx = EVP_MD_CTX_new(); + if (mctx == NULL + || EVP_DigestInit_ex(mctx, md, NULL) <= 0 + || EVP_DigestFinal_ex(mctx, hash, NULL) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER, + ERR_R_INTERNAL_ERROR); + goto err; + } + + /* Generate the binder key */ + if (!tls13_hkdf_expand(s, md, early_secret, label, labelsize, hash, + hashsize, binderkey, hashsize)) { + /* SSLfatal() already called */ + goto err; + } + + /* Generate the finished key */ + if (!tls13_derive_finishedkey(s, md, binderkey, finishedkey, hashsize)) { + /* SSLfatal() already called */ + goto err; + } + + if (EVP_DigestInit_ex(mctx, md, NULL) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER, + ERR_R_INTERNAL_ERROR); + goto err; + } + + /* + * Get a hash of the ClientHello up to the start of the binders. If we are + * following a HelloRetryRequest then this includes the hash of the first + * ClientHello and the HelloRetryRequest itself. + */ + if (s->hello_retry_request == SSL_HRR_PENDING) { + size_t hdatalen; + long hdatalen_l; + void *hdata; + + hdatalen = hdatalen_l = + BIO_get_mem_data(s->s3->handshake_buffer, &hdata); + if (hdatalen_l <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER, + SSL_R_BAD_HANDSHAKE_LENGTH); + goto err; + } + + /* + * For servers the handshake buffer data will include the second + * ClientHello - which we don't want - so we need to take that bit off. + */ + if (s->server) { + PACKET hashprefix, msg; + + /* Find how many bytes are left after the first two messages */ + if (!PACKET_buf_init(&hashprefix, hdata, hdatalen) + || !PACKET_forward(&hashprefix, 1) + || !PACKET_get_length_prefixed_3(&hashprefix, &msg) + || !PACKET_forward(&hashprefix, 1) + || !PACKET_get_length_prefixed_3(&hashprefix, &msg)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER, + ERR_R_INTERNAL_ERROR); + goto err; + } + hdatalen -= PACKET_remaining(&hashprefix); + } + + if (EVP_DigestUpdate(mctx, hdata, hdatalen) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER, + ERR_R_INTERNAL_ERROR); + goto err; + } + } + + if (EVP_DigestUpdate(mctx, msgstart, binderoffset) <= 0 + || EVP_DigestFinal_ex(mctx, hash, NULL) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER, + ERR_R_INTERNAL_ERROR); + goto err; + } + + mackey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, finishedkey, + hashsize); + if (mackey == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER, + ERR_R_INTERNAL_ERROR); + goto err; + } + + if (!sign) + binderout = tmpbinder; + + bindersize = hashsize; + if (EVP_DigestSignInit(mctx, NULL, md, NULL, mackey) <= 0 + || EVP_DigestSignUpdate(mctx, hash, hashsize) <= 0 + || EVP_DigestSignFinal(mctx, binderout, &bindersize) <= 0 + || bindersize != hashsize) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER, + ERR_R_INTERNAL_ERROR); + goto err; + } + + if (sign) { + ret = 1; + } else { + /* HMAC keys can't do EVP_DigestVerify* - use CRYPTO_memcmp instead */ + ret = (CRYPTO_memcmp(binderin, binderout, hashsize) == 0); + if (!ret) + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PSK_DO_BINDER, + SSL_R_BINDER_DOES_NOT_VERIFY); + } + + err: + OPENSSL_cleanse(binderkey, sizeof(binderkey)); + OPENSSL_cleanse(finishedkey, sizeof(finishedkey)); + EVP_PKEY_free(mackey); + EVP_MD_CTX_free(mctx); + + return ret; +} + +static int final_early_data(SSL *s, unsigned int context, int sent) +{ + if (!sent) + return 1; + + if (!s->server) { + if (context == SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS + && sent + && !s->ext.early_data_ok) { + /* + * If we get here then the server accepted our early_data but we + * later realised that it shouldn't have done (e.g. inconsistent + * ALPN) + */ + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_FINAL_EARLY_DATA, + SSL_R_BAD_EARLY_DATA); + return 0; + } + + return 1; + } + + if (s->max_early_data == 0 + || !s->hit + || s->session->ext.tick_identity != 0 + || s->early_data_state != SSL_EARLY_DATA_ACCEPTING + || !s->ext.early_data_ok + || s->hello_retry_request != SSL_HRR_NONE + || (s->ctx->allow_early_data_cb != NULL + && !s->ctx->allow_early_data_cb(s, + s->ctx->allow_early_data_cb_data))) { + s->ext.early_data = SSL_EARLY_DATA_REJECTED; + } else { + s->ext.early_data = SSL_EARLY_DATA_ACCEPTED; + + if (!tls13_change_cipher_state(s, + SSL3_CC_EARLY | SSL3_CHANGE_CIPHER_SERVER_READ)) { + /* SSLfatal() already called */ + return 0; + } + } + + return 1; +} + +static int final_maxfragmentlen(SSL *s, unsigned int context, int sent) +{ + /* + * Session resumption on server-side with MFL extension active + * BUT MFL extension packet was not resent (i.e. sent == 0) + */ + if (s->server && s->hit && USE_MAX_FRAGMENT_LENGTH_EXT(s->session) + && !sent ) { + SSLfatal(s, SSL_AD_MISSING_EXTENSION, SSL_F_FINAL_MAXFRAGMENTLEN, + SSL_R_BAD_EXTENSION); + return 0; + } + + /* Current SSL buffer is lower than requested MFL */ + if (s->session && USE_MAX_FRAGMENT_LENGTH_EXT(s->session) + && s->max_send_fragment < GET_MAX_FRAGMENT_LENGTH(s->session)) + /* trigger a larger buffer reallocation */ + if (!ssl3_setup_buffers(s)) { + /* SSLfatal() already called */ + return 0; + } + + return 1; +} + +static int init_post_handshake_auth(SSL *s, unsigned int context) +{ + s->post_handshake_auth = SSL_PHA_NONE; + + return 1; +} diff --git a/deps/openssl/openssl/ssl/statem/extensions_clnt.c b/deps/openssl/openssl/ssl/statem/extensions_clnt.c new file mode 100644 index 00000000000000..ab4dbf67131ec8 --- /dev/null +++ b/deps/openssl/openssl/ssl/statem/extensions_clnt.c @@ -0,0 +1,1991 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "../ssl_locl.h" +#include "internal/cryptlib.h" +#include "statem_locl.h" + +EXT_RETURN tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx) +{ + /* Add RI if renegotiating */ + if (!s->renegotiate) + return EXT_RETURN_NOT_SENT; + + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_renegotiate) + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_sub_memcpy_u8(pkt, s->s3->previous_client_finished, + s->s3->previous_client_finished_len) + || !WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + return EXT_RETURN_SENT; +} + +EXT_RETURN tls_construct_ctos_server_name(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx) +{ + if (s->ext.hostname == NULL) + return EXT_RETURN_NOT_SENT; + + /* Add TLS extension servername to the Client Hello message */ + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_server_name) + /* Sub-packet for server_name extension */ + || !WPACKET_start_sub_packet_u16(pkt) + /* Sub-packet for servername list (always 1 hostname)*/ + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_put_bytes_u8(pkt, TLSEXT_NAMETYPE_host_name) + || !WPACKET_sub_memcpy_u16(pkt, s->ext.hostname, + strlen(s->ext.hostname)) + || !WPACKET_close(pkt) + || !WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + return EXT_RETURN_SENT; +} + +/* Push a Max Fragment Len extension into ClientHello */ +EXT_RETURN tls_construct_ctos_maxfragmentlen(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx) +{ + if (s->ext.max_fragment_len_mode == TLSEXT_max_fragment_length_DISABLED) + return EXT_RETURN_NOT_SENT; + + /* Add Max Fragment Length extension if client enabled it. */ + /*- + * 4 bytes for this extension type and extension length + * 1 byte for the Max Fragment Length code value. + */ + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_max_fragment_length) + /* Sub-packet for Max Fragment Length extension (1 byte) */ + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_put_bytes_u8(pkt, s->ext.max_fragment_len_mode) + || !WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CTOS_MAXFRAGMENTLEN, ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + return EXT_RETURN_SENT; +} + +#ifndef OPENSSL_NO_SRP +EXT_RETURN tls_construct_ctos_srp(SSL *s, WPACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) +{ + /* Add SRP username if there is one */ + if (s->srp_ctx.login == NULL) + return EXT_RETURN_NOT_SENT; + + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_srp) + /* Sub-packet for SRP extension */ + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_start_sub_packet_u8(pkt) + /* login must not be zero...internal error if so */ + || !WPACKET_set_flags(pkt, WPACKET_FLAGS_NON_ZERO_LENGTH) + || !WPACKET_memcpy(pkt, s->srp_ctx.login, + strlen(s->srp_ctx.login)) + || !WPACKET_close(pkt) + || !WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_SRP, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + return EXT_RETURN_SENT; +} +#endif + +#ifndef OPENSSL_NO_EC +static int use_ecc(SSL *s) +{ + int i, end, ret = 0; + unsigned long alg_k, alg_a; + STACK_OF(SSL_CIPHER) *cipher_stack = NULL; + + /* See if we support any ECC ciphersuites */ + if (s->version == SSL3_VERSION) + return 0; + + cipher_stack = SSL_get1_supported_ciphers(s); + end = sk_SSL_CIPHER_num(cipher_stack); + for (i = 0; i < end; i++) { + const SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i); + + alg_k = c->algorithm_mkey; + alg_a = c->algorithm_auth; + if ((alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) + || (alg_a & SSL_aECDSA) + || c->min_tls >= TLS1_3_VERSION) { + ret = 1; + break; + } + } + + sk_SSL_CIPHER_free(cipher_stack); + return ret; +} + +EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx) +{ + const unsigned char *pformats; + size_t num_formats; + + if (!use_ecc(s)) + return EXT_RETURN_NOT_SENT; + + /* Add TLS extension ECPointFormats to the ClientHello message */ + tls1_get_formatlist(s, &pformats, &num_formats); + + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_ec_point_formats) + /* Sub-packet for formats extension */ + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_sub_memcpy_u8(pkt, pformats, num_formats) + || !WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + return EXT_RETURN_SENT; +} + +EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx) +{ + const uint16_t *pgroups = NULL; + size_t num_groups = 0, i; + + if (!use_ecc(s)) + return EXT_RETURN_NOT_SENT; + + /* + * Add TLS extension supported_groups to the ClientHello message + */ + /* TODO(TLS1.3): Add support for DHE groups */ + tls1_get_supported_groups(s, &pgroups, &num_groups); + + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_groups) + /* Sub-packet for supported_groups extension */ + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_start_sub_packet_u16(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + /* Copy curve ID if supported */ + for (i = 0; i < num_groups; i++) { + uint16_t ctmp = pgroups[i]; + + if (tls_curve_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) { + if (!WPACKET_put_bytes_u16(pkt, ctmp)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + } + } + if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + return EXT_RETURN_SENT; +} +#endif + +EXT_RETURN tls_construct_ctos_session_ticket(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx) +{ + size_t ticklen; + + if (!tls_use_ticket(s)) + return EXT_RETURN_NOT_SENT; + + if (!s->new_session && s->session != NULL + && s->session->ext.tick != NULL + && s->session->ssl_version != TLS1_3_VERSION) { + ticklen = s->session->ext.ticklen; + } else if (s->session && s->ext.session_ticket != NULL + && s->ext.session_ticket->data != NULL) { + ticklen = s->ext.session_ticket->length; + s->session->ext.tick = OPENSSL_malloc(ticklen); + if (s->session->ext.tick == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + memcpy(s->session->ext.tick, + s->ext.session_ticket->data, ticklen); + s->session->ext.ticklen = ticklen; + } else { + ticklen = 0; + } + + if (ticklen == 0 && s->ext.session_ticket != NULL && + s->ext.session_ticket->data == NULL) + return EXT_RETURN_NOT_SENT; + + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_session_ticket) + || !WPACKET_sub_memcpy_u16(pkt, s->session->ext.tick, ticklen)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET, ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + return EXT_RETURN_SENT; +} + +EXT_RETURN tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx) +{ + size_t salglen; + const uint16_t *salg; + + if (!SSL_CLIENT_USE_SIGALGS(s)) + return EXT_RETURN_NOT_SENT; + + salglen = tls12_get_psigalgs(s, 1, &salg); + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_signature_algorithms) + /* Sub-packet for sig-algs extension */ + || !WPACKET_start_sub_packet_u16(pkt) + /* Sub-packet for the actual list */ + || !WPACKET_start_sub_packet_u16(pkt) + || !tls12_copy_sigalgs(s, pkt, salg, salglen) + || !WPACKET_close(pkt) + || !WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_SIG_ALGS, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + return EXT_RETURN_SENT; +} + +#ifndef OPENSSL_NO_OCSP +EXT_RETURN tls_construct_ctos_status_request(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx) +{ + int i; + + /* This extension isn't defined for client Certificates */ + if (x != NULL) + return EXT_RETURN_NOT_SENT; + + if (s->ext.status_type != TLSEXT_STATUSTYPE_ocsp) + return EXT_RETURN_NOT_SENT; + + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_status_request) + /* Sub-packet for status request extension */ + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_put_bytes_u8(pkt, TLSEXT_STATUSTYPE_ocsp) + /* Sub-packet for the ids */ + || !WPACKET_start_sub_packet_u16(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST, ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + for (i = 0; i < sk_OCSP_RESPID_num(s->ext.ocsp.ids); i++) { + unsigned char *idbytes; + OCSP_RESPID *id = sk_OCSP_RESPID_value(s->ext.ocsp.ids, i); + int idlen = i2d_OCSP_RESPID(id, NULL); + + if (idlen <= 0 + /* Sub-packet for an individual id */ + || !WPACKET_sub_allocate_bytes_u16(pkt, idlen, &idbytes) + || i2d_OCSP_RESPID(id, &idbytes) != idlen) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + } + if (!WPACKET_close(pkt) + || !WPACKET_start_sub_packet_u16(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST, ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + if (s->ext.ocsp.exts) { + unsigned char *extbytes; + int extlen = i2d_X509_EXTENSIONS(s->ext.ocsp.exts, NULL); + + if (extlen < 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + if (!WPACKET_allocate_bytes(pkt, extlen, &extbytes) + || i2d_X509_EXTENSIONS(s->ext.ocsp.exts, &extbytes) + != extlen) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + } + if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST, ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + return EXT_RETURN_SENT; +} +#endif + +#ifndef OPENSSL_NO_NEXTPROTONEG +EXT_RETURN tls_construct_ctos_npn(SSL *s, WPACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) +{ + if (s->ctx->ext.npn_select_cb == NULL || !SSL_IS_FIRST_HANDSHAKE(s)) + return EXT_RETURN_NOT_SENT; + + /* + * The client advertises an empty extension to indicate its support + * for Next Protocol Negotiation + */ + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_next_proto_neg) + || !WPACKET_put_bytes_u16(pkt, 0)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_NPN, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + return EXT_RETURN_SENT; +} +#endif + +EXT_RETURN tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) +{ + s->s3->alpn_sent = 0; + + if (s->ext.alpn == NULL || !SSL_IS_FIRST_HANDSHAKE(s)) + return EXT_RETURN_NOT_SENT; + + if (!WPACKET_put_bytes_u16(pkt, + TLSEXT_TYPE_application_layer_protocol_negotiation) + /* Sub-packet ALPN extension */ + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_sub_memcpy_u16(pkt, s->ext.alpn, s->ext.alpn_len) + || !WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_ALPN, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + s->s3->alpn_sent = 1; + + return EXT_RETURN_SENT; +} + + +#ifndef OPENSSL_NO_SRTP +EXT_RETURN tls_construct_ctos_use_srtp(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx) +{ + STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = SSL_get_srtp_profiles(s); + int i, end; + + if (clnt == NULL) + return EXT_RETURN_NOT_SENT; + + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_use_srtp) + /* Sub-packet for SRTP extension */ + || !WPACKET_start_sub_packet_u16(pkt) + /* Sub-packet for the protection profile list */ + || !WPACKET_start_sub_packet_u16(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + end = sk_SRTP_PROTECTION_PROFILE_num(clnt); + for (i = 0; i < end; i++) { + const SRTP_PROTECTION_PROFILE *prof = + sk_SRTP_PROTECTION_PROFILE_value(clnt, i); + + if (prof == NULL || !WPACKET_put_bytes_u16(pkt, prof->id)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP, ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + } + if (!WPACKET_close(pkt) + /* Add an empty use_mki value */ + || !WPACKET_put_bytes_u8(pkt, 0) + || !WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + return EXT_RETURN_SENT; +} +#endif + +EXT_RETURN tls_construct_ctos_etm(SSL *s, WPACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) +{ + if (s->options & SSL_OP_NO_ENCRYPT_THEN_MAC) + return EXT_RETURN_NOT_SENT; + + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_encrypt_then_mac) + || !WPACKET_put_bytes_u16(pkt, 0)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_ETM, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + return EXT_RETURN_SENT; +} + +#ifndef OPENSSL_NO_CT +EXT_RETURN tls_construct_ctos_sct(SSL *s, WPACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) +{ + if (s->ct_validation_callback == NULL) + return EXT_RETURN_NOT_SENT; + + /* Not defined for client Certificates */ + if (x != NULL) + return EXT_RETURN_NOT_SENT; + + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_signed_certificate_timestamp) + || !WPACKET_put_bytes_u16(pkt, 0)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_SCT, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + return EXT_RETURN_SENT; +} +#endif + +EXT_RETURN tls_construct_ctos_ems(SSL *s, WPACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) +{ + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret) + || !WPACKET_put_bytes_u16(pkt, 0)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_EMS, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + return EXT_RETURN_SENT; +} + +EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx) +{ + int currv, min_version, max_version, reason; + + reason = ssl_get_min_max_version(s, &min_version, &max_version, NULL); + if (reason != 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS, reason); + return EXT_RETURN_FAIL; + } + + /* + * Don't include this if we can't negotiate TLSv1.3. We can do a straight + * comparison here because we will never be called in DTLS. + */ + if (max_version < TLS1_3_VERSION) + return EXT_RETURN_NOT_SENT; + + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_versions) + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_start_sub_packet_u8(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + for (currv = max_version; currv >= min_version; currv--) { + if (!WPACKET_put_bytes_u16(pkt, currv)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + } + if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + return EXT_RETURN_SENT; +} + +/* + * Construct a psk_kex_modes extension. + */ +EXT_RETURN tls_construct_ctos_psk_kex_modes(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx) +{ +#ifndef OPENSSL_NO_TLS1_3 + int nodhe = s->options & SSL_OP_ALLOW_NO_DHE_KEX; + + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_psk_kex_modes) + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_start_sub_packet_u8(pkt) + || !WPACKET_put_bytes_u8(pkt, TLSEXT_KEX_MODE_KE_DHE) + || (nodhe && !WPACKET_put_bytes_u8(pkt, TLSEXT_KEX_MODE_KE)) + || !WPACKET_close(pkt) + || !WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES, ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + s->ext.psk_kex_mode = TLSEXT_KEX_MODE_FLAG_KE_DHE; + if (nodhe) + s->ext.psk_kex_mode |= TLSEXT_KEX_MODE_FLAG_KE; +#endif + + return EXT_RETURN_SENT; +} + +#ifndef OPENSSL_NO_TLS1_3 +static int add_key_share(SSL *s, WPACKET *pkt, unsigned int curve_id) +{ + unsigned char *encoded_point = NULL; + EVP_PKEY *key_share_key = NULL; + size_t encodedlen; + + if (s->s3->tmp.pkey != NULL) { + if (!ossl_assert(s->hello_retry_request == SSL_HRR_PENDING)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_ADD_KEY_SHARE, + ERR_R_INTERNAL_ERROR); + return 0; + } + /* + * Could happen if we got an HRR that wasn't requesting a new key_share + */ + key_share_key = s->s3->tmp.pkey; + } else { + key_share_key = ssl_generate_pkey_group(s, curve_id); + if (key_share_key == NULL) { + /* SSLfatal() already called */ + return 0; + } + } + + /* Encode the public key. */ + encodedlen = EVP_PKEY_get1_tls_encodedpoint(key_share_key, + &encoded_point); + if (encodedlen == 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_ADD_KEY_SHARE, ERR_R_EC_LIB); + goto err; + } + + /* Create KeyShareEntry */ + if (!WPACKET_put_bytes_u16(pkt, curve_id) + || !WPACKET_sub_memcpy_u16(pkt, encoded_point, encodedlen)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_ADD_KEY_SHARE, + ERR_R_INTERNAL_ERROR); + goto err; + } + + /* + * TODO(TLS1.3): When changing to send more than one key_share we're + * going to need to be able to save more than one EVP_PKEY. For now + * we reuse the existing tmp.pkey + */ + s->s3->tmp.pkey = key_share_key; + s->s3->group_id = curve_id; + OPENSSL_free(encoded_point); + + return 1; + err: + if (s->s3->tmp.pkey == NULL) + EVP_PKEY_free(key_share_key); + OPENSSL_free(encoded_point); + return 0; +} +#endif + +EXT_RETURN tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx) +{ +#ifndef OPENSSL_NO_TLS1_3 + size_t i, num_groups = 0; + const uint16_t *pgroups = NULL; + uint16_t curve_id = 0; + + /* key_share extension */ + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_key_share) + /* Extension data sub-packet */ + || !WPACKET_start_sub_packet_u16(pkt) + /* KeyShare list sub-packet */ + || !WPACKET_start_sub_packet_u16(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + tls1_get_supported_groups(s, &pgroups, &num_groups); + + /* + * TODO(TLS1.3): Make the number of key_shares sent configurable. For + * now, just send one + */ + if (s->s3->group_id != 0) { + curve_id = s->s3->group_id; + } else { + for (i = 0; i < num_groups; i++) { + + if (!tls_curve_allowed(s, pgroups[i], SSL_SECOP_CURVE_SUPPORTED)) + continue; + + curve_id = pgroups[i]; + break; + } + } + + if (curve_id == 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE, + SSL_R_NO_SUITABLE_KEY_SHARE); + return EXT_RETURN_FAIL; + } + + if (!add_key_share(s, pkt, curve_id)) { + /* SSLfatal() already called */ + return EXT_RETURN_FAIL; + } + + if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + return EXT_RETURN_SENT; +#else + return EXT_RETURN_NOT_SENT; +#endif +} + +EXT_RETURN tls_construct_ctos_cookie(SSL *s, WPACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) +{ + EXT_RETURN ret = EXT_RETURN_FAIL; + + /* Should only be set if we've had an HRR */ + if (s->ext.tls13_cookie_len == 0) + return EXT_RETURN_NOT_SENT; + + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_cookie) + /* Extension data sub-packet */ + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_sub_memcpy_u16(pkt, s->ext.tls13_cookie, + s->ext.tls13_cookie_len) + || !WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_COOKIE, + ERR_R_INTERNAL_ERROR); + goto end; + } + + ret = EXT_RETURN_SENT; + end: + OPENSSL_free(s->ext.tls13_cookie); + s->ext.tls13_cookie = NULL; + s->ext.tls13_cookie_len = 0; + + return ret; +} + +EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx) +{ +#ifndef OPENSSL_NO_PSK + char identity[PSK_MAX_IDENTITY_LEN + 1]; +#endif /* OPENSSL_NO_PSK */ + const unsigned char *id = NULL; + size_t idlen = 0; + SSL_SESSION *psksess = NULL; + SSL_SESSION *edsess = NULL; + const EVP_MD *handmd = NULL; + + if (s->hello_retry_request == SSL_HRR_PENDING) + handmd = ssl_handshake_md(s); + + if (s->psk_use_session_cb != NULL + && (!s->psk_use_session_cb(s, handmd, &id, &idlen, &psksess) + || (psksess != NULL + && psksess->ssl_version != TLS1_3_VERSION))) { + SSL_SESSION_free(psksess); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA, + SSL_R_BAD_PSK); + return EXT_RETURN_FAIL; + } + +#ifndef OPENSSL_NO_PSK + if (psksess == NULL && s->psk_client_callback != NULL) { + unsigned char psk[PSK_MAX_PSK_LEN]; + size_t psklen = 0; + + memset(identity, 0, sizeof(identity)); + psklen = s->psk_client_callback(s, NULL, identity, sizeof(identity) - 1, + psk, sizeof(psk)); + + if (psklen > PSK_MAX_PSK_LEN) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, + SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA, ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } else if (psklen > 0) { + const unsigned char tls13_aes128gcmsha256_id[] = { 0x13, 0x01 }; + const SSL_CIPHER *cipher; + + idlen = strlen(identity); + if (idlen > PSK_MAX_IDENTITY_LEN) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + id = (unsigned char *)identity; + + /* + * We found a PSK using an old style callback. We don't know + * the digest so we default to SHA256 as per the TLSv1.3 spec + */ + cipher = SSL_CIPHER_find(s, tls13_aes128gcmsha256_id); + if (cipher == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + psksess = SSL_SESSION_new(); + if (psksess == NULL + || !SSL_SESSION_set1_master_key(psksess, psk, psklen) + || !SSL_SESSION_set_cipher(psksess, cipher) + || !SSL_SESSION_set_protocol_version(psksess, TLS1_3_VERSION)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA, + ERR_R_INTERNAL_ERROR); + OPENSSL_cleanse(psk, psklen); + return EXT_RETURN_FAIL; + } + OPENSSL_cleanse(psk, psklen); + } + } +#endif /* OPENSSL_NO_PSK */ + + SSL_SESSION_free(s->psksession); + s->psksession = psksess; + if (psksess != NULL) { + OPENSSL_free(s->psksession_id); + s->psksession_id = OPENSSL_memdup(id, idlen); + if (s->psksession_id == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA, ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + s->psksession_id_len = idlen; + } + + if (s->early_data_state != SSL_EARLY_DATA_CONNECTING + || (s->session->ext.max_early_data == 0 + && (psksess == NULL || psksess->ext.max_early_data == 0))) { + s->max_early_data = 0; + return EXT_RETURN_NOT_SENT; + } + edsess = s->session->ext.max_early_data != 0 ? s->session : psksess; + s->max_early_data = edsess->ext.max_early_data; + + if (edsess->ext.hostname != NULL) { + if (s->ext.hostname == NULL + || (s->ext.hostname != NULL + && strcmp(s->ext.hostname, edsess->ext.hostname) != 0)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA, + SSL_R_INCONSISTENT_EARLY_DATA_SNI); + return EXT_RETURN_FAIL; + } + } + + if ((s->ext.alpn == NULL && edsess->ext.alpn_selected != NULL)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA, + SSL_R_INCONSISTENT_EARLY_DATA_ALPN); + return EXT_RETURN_FAIL; + } + + /* + * Verify that we are offering an ALPN protocol consistent with the early + * data. + */ + if (edsess->ext.alpn_selected != NULL) { + PACKET prots, alpnpkt; + int found = 0; + + if (!PACKET_buf_init(&prots, s->ext.alpn, s->ext.alpn_len)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA, ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + while (PACKET_get_length_prefixed_1(&prots, &alpnpkt)) { + if (PACKET_equal(&alpnpkt, edsess->ext.alpn_selected, + edsess->ext.alpn_selected_len)) { + found = 1; + break; + } + } + if (!found) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA, + SSL_R_INCONSISTENT_EARLY_DATA_ALPN); + return EXT_RETURN_FAIL; + } + } + + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_early_data) + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + /* + * We set this to rejected here. Later, if the server acknowledges the + * extension, we set it to accepted. + */ + s->ext.early_data = SSL_EARLY_DATA_REJECTED; + s->ext.early_data_ok = 1; + + return EXT_RETURN_SENT; +} + +#define F5_WORKAROUND_MIN_MSG_LEN 0xff +#define F5_WORKAROUND_MAX_MSG_LEN 0x200 + +/* + * PSK pre binder overhead = + * 2 bytes for TLSEXT_TYPE_psk + * 2 bytes for extension length + * 2 bytes for identities list length + * 2 bytes for identity length + * 4 bytes for obfuscated_ticket_age + * 2 bytes for binder list length + * 1 byte for binder length + * The above excludes the number of bytes for the identity itself and the + * subsequent binder bytes + */ +#define PSK_PRE_BINDER_OVERHEAD (2 + 2 + 2 + 2 + 4 + 2 + 1) + +EXT_RETURN tls_construct_ctos_padding(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx) +{ + unsigned char *padbytes; + size_t hlen; + + if ((s->options & SSL_OP_TLSEXT_PADDING) == 0) + return EXT_RETURN_NOT_SENT; + + /* + * Add padding to workaround bugs in F5 terminators. See RFC7685. + * This code calculates the length of all extensions added so far but + * excludes the PSK extension (because that MUST be written last). Therefore + * this extension MUST always appear second to last. + */ + if (!WPACKET_get_total_written(pkt, &hlen)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PADDING, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + /* + * If we're going to send a PSK then that will be written out after this + * extension, so we need to calculate how long it is going to be. + */ + if (s->session->ssl_version == TLS1_3_VERSION + && s->session->ext.ticklen != 0 + && s->session->cipher != NULL) { + const EVP_MD *md = ssl_md(s->session->cipher->algorithm2); + + if (md != NULL) { + /* + * Add the fixed PSK overhead, the identity length and the binder + * length. + */ + hlen += PSK_PRE_BINDER_OVERHEAD + s->session->ext.ticklen + + EVP_MD_size(md); + } + } + + if (hlen > F5_WORKAROUND_MIN_MSG_LEN && hlen < F5_WORKAROUND_MAX_MSG_LEN) { + /* Calculate the amount of padding we need to add */ + hlen = F5_WORKAROUND_MAX_MSG_LEN - hlen; + + /* + * Take off the size of extension header itself (2 bytes for type and + * 2 bytes for length bytes), but ensure that the extension is at least + * 1 byte long so as not to have an empty extension last (WebSphere 7.x, + * 8.x are intolerant of that condition) + */ + if (hlen > 4) + hlen -= 4; + else + hlen = 1; + + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_padding) + || !WPACKET_sub_allocate_bytes_u16(pkt, hlen, &padbytes)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PADDING, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + memset(padbytes, 0, hlen); + } + + return EXT_RETURN_SENT; +} + +/* + * Construct the pre_shared_key extension + */ +EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) +{ +#ifndef OPENSSL_NO_TLS1_3 + uint32_t now, agesec, agems = 0; + size_t reshashsize = 0, pskhashsize = 0, binderoffset, msglen; + unsigned char *resbinder = NULL, *pskbinder = NULL, *msgstart = NULL; + const EVP_MD *handmd = NULL, *mdres = NULL, *mdpsk = NULL; + int dores = 0; + + s->session->ext.tick_identity = TLSEXT_PSK_BAD_IDENTITY; + + /* + * Note: At this stage of the code we only support adding a single + * resumption PSK. If we add support for multiple PSKs then the length + * calculations in the padding extension will need to be adjusted. + */ + + /* + * If this is an incompatible or new session then we have nothing to resume + * so don't add this extension. + */ + if (s->session->ssl_version != TLS1_3_VERSION + || (s->session->ext.ticklen == 0 && s->psksession == NULL)) + return EXT_RETURN_NOT_SENT; + + if (s->hello_retry_request == SSL_HRR_PENDING) + handmd = ssl_handshake_md(s); + + if (s->session->ext.ticklen != 0) { + /* Get the digest associated with the ciphersuite in the session */ + if (s->session->cipher == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PSK, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + mdres = ssl_md(s->session->cipher->algorithm2); + if (mdres == NULL) { + /* + * Don't recognize this cipher so we can't use the session. + * Ignore it + */ + goto dopsksess; + } + + if (s->hello_retry_request == SSL_HRR_PENDING && mdres != handmd) { + /* + * Selected ciphersuite hash does not match the hash for the session + * so we can't use it. + */ + goto dopsksess; + } + + /* + * Technically the C standard just says time() returns a time_t and says + * nothing about the encoding of that type. In practice most + * implementations follow POSIX which holds it as an integral type in + * seconds since epoch. We've already made the assumption that we can do + * this in multiple places in the code, so portability shouldn't be an + * issue. + */ + now = (uint32_t)time(NULL); + agesec = now - (uint32_t)s->session->time; + /* + * We calculate the age in seconds but the server may work in ms. Due to + * rounding errors we could overestimate the age by up to 1s. It is + * better to underestimate it. Otherwise, if the RTT is very short, when + * the server calculates the age reported by the client it could be + * bigger than the age calculated on the server - which should never + * happen. + */ + if (agesec > 0) + agesec--; + + if (s->session->ext.tick_lifetime_hint < agesec) { + /* Ticket is too old. Ignore it. */ + goto dopsksess; + } + + /* + * Calculate age in ms. We're just doing it to nearest second. Should be + * good enough. + */ + agems = agesec * (uint32_t)1000; + + if (agesec != 0 && agems / (uint32_t)1000 != agesec) { + /* + * Overflow. Shouldn't happen unless this is a *really* old session. + * If so we just ignore it. + */ + goto dopsksess; + } + + /* + * Obfuscate the age. Overflow here is fine, this addition is supposed + * to be mod 2^32. + */ + agems += s->session->ext.tick_age_add; + + reshashsize = EVP_MD_size(mdres); + dores = 1; + } + + dopsksess: + if (!dores && s->psksession == NULL) + return EXT_RETURN_NOT_SENT; + + if (s->psksession != NULL) { + mdpsk = ssl_md(s->psksession->cipher->algorithm2); + if (mdpsk == NULL) { + /* + * Don't recognize this cipher so we can't use the session. + * If this happens it's an application bug. + */ + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PSK, + SSL_R_BAD_PSK); + return EXT_RETURN_FAIL; + } + + if (s->hello_retry_request == SSL_HRR_PENDING && mdpsk != handmd) { + /* + * Selected ciphersuite hash does not match the hash for the PSK + * session. This is an application bug. + */ + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PSK, + SSL_R_BAD_PSK); + return EXT_RETURN_FAIL; + } + + pskhashsize = EVP_MD_size(mdpsk); + } + + /* Create the extension, but skip over the binder for now */ + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_psk) + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_start_sub_packet_u16(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PSK, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + if (dores) { + if (!WPACKET_sub_memcpy_u16(pkt, s->session->ext.tick, + s->session->ext.ticklen) + || !WPACKET_put_bytes_u32(pkt, agems)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PSK, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + } + + if (s->psksession != NULL) { + if (!WPACKET_sub_memcpy_u16(pkt, s->psksession_id, + s->psksession_id_len) + || !WPACKET_put_bytes_u32(pkt, 0)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PSK, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + } + + if (!WPACKET_close(pkt) + || !WPACKET_get_total_written(pkt, &binderoffset) + || !WPACKET_start_sub_packet_u16(pkt) + || (dores + && !WPACKET_sub_allocate_bytes_u8(pkt, reshashsize, &resbinder)) + || (s->psksession != NULL + && !WPACKET_sub_allocate_bytes_u8(pkt, pskhashsize, &pskbinder)) + || !WPACKET_close(pkt) + || !WPACKET_close(pkt) + || !WPACKET_get_total_written(pkt, &msglen) + /* + * We need to fill in all the sub-packet lengths now so we can + * calculate the HMAC of the message up to the binders + */ + || !WPACKET_fill_lengths(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PSK, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + msgstart = WPACKET_get_curr(pkt) - msglen; + + if (dores + && tls_psk_do_binder(s, mdres, msgstart, binderoffset, NULL, + resbinder, s->session, 1, 0) != 1) { + /* SSLfatal() already called */ + return EXT_RETURN_FAIL; + } + + if (s->psksession != NULL + && tls_psk_do_binder(s, mdpsk, msgstart, binderoffset, NULL, + pskbinder, s->psksession, 1, 1) != 1) { + /* SSLfatal() already called */ + return EXT_RETURN_FAIL; + } + + if (dores) + s->session->ext.tick_identity = 0; + if (s->psksession != NULL) + s->psksession->ext.tick_identity = (dores ? 1 : 0); + + return EXT_RETURN_SENT; +#else + return EXT_RETURN_NOT_SENT; +#endif +} + +EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL *s, WPACKET *pkt, + unsigned int context, + X509 *x, size_t chainidx) +{ +#ifndef OPENSSL_NO_TLS1_3 + if (!s->pha_enabled) + return EXT_RETURN_NOT_SENT; + + /* construct extension - 0 length, no contents */ + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_post_handshake_auth) + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CTOS_POST_HANDSHAKE_AUTH, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + s->post_handshake_auth = SSL_PHA_EXT_SENT; + + return EXT_RETURN_SENT; +#else + return EXT_RETURN_NOT_SENT; +#endif +} + + +/* + * Parse the server's renegotiation binding and abort if it's not right + */ +int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) +{ + size_t expected_len = s->s3->previous_client_finished_len + + s->s3->previous_server_finished_len; + size_t ilen; + const unsigned char *data; + + /* Check for logic errors */ + if (!ossl_assert(expected_len == 0 + || s->s3->previous_client_finished_len != 0) + || !ossl_assert(expected_len == 0 + || s->s3->previous_server_finished_len != 0)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_RENEGOTIATE, + ERR_R_INTERNAL_ERROR); + return 0; + } + + /* Parse the length byte */ + if (!PACKET_get_1_len(pkt, &ilen)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_RENEGOTIATE, + SSL_R_RENEGOTIATION_ENCODING_ERR); + return 0; + } + + /* Consistency check */ + if (PACKET_remaining(pkt) != ilen) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_RENEGOTIATE, + SSL_R_RENEGOTIATION_ENCODING_ERR); + return 0; + } + + /* Check that the extension matches */ + if (ilen != expected_len) { + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_RENEGOTIATE, + SSL_R_RENEGOTIATION_MISMATCH); + return 0; + } + + if (!PACKET_get_bytes(pkt, &data, s->s3->previous_client_finished_len) + || memcmp(data, s->s3->previous_client_finished, + s->s3->previous_client_finished_len) != 0) { + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_RENEGOTIATE, + SSL_R_RENEGOTIATION_MISMATCH); + return 0; + } + + if (!PACKET_get_bytes(pkt, &data, s->s3->previous_server_finished_len) + || memcmp(data, s->s3->previous_server_finished, + s->s3->previous_server_finished_len) != 0) { + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_RENEGOTIATE, + SSL_R_RENEGOTIATION_MISMATCH); + return 0; + } + s->s3->send_connection_binding = 1; + + return 1; +} + +/* Parse the server's max fragment len extension packet */ +int tls_parse_stoc_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) +{ + unsigned int value; + + if (PACKET_remaining(pkt) != 1 || !PACKET_get_1(pkt, &value)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN, + SSL_R_BAD_EXTENSION); + return 0; + } + + /* |value| should contains a valid max-fragment-length code. */ + if (!IS_MAX_FRAGMENT_LENGTH_EXT_VALID(value)) { + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, + SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN, + SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH); + return 0; + } + + /* Must be the same value as client-configured one who was sent to server */ + /*- + * RFC 6066: if a client receives a maximum fragment length negotiation + * response that differs from the length it requested, ... + * It must abort with SSL_AD_ILLEGAL_PARAMETER alert + */ + if (value != s->ext.max_fragment_len_mode) { + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, + SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN, + SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH); + return 0; + } + + /* + * Maximum Fragment Length Negotiation succeeded. + * The negotiated Maximum Fragment Length is binding now. + */ + s->session->ext.max_fragment_len_mode = value; + + return 1; +} + +int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) +{ + if (s->ext.hostname == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_SERVER_NAME, + ERR_R_INTERNAL_ERROR); + return 0; + } + + if (PACKET_remaining(pkt) > 0) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_SERVER_NAME, + SSL_R_BAD_EXTENSION); + return 0; + } + + if (!s->hit) { + if (s->session->ext.hostname != NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_SERVER_NAME, + ERR_R_INTERNAL_ERROR); + return 0; + } + s->session->ext.hostname = OPENSSL_strdup(s->ext.hostname); + if (s->session->ext.hostname == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_SERVER_NAME, + ERR_R_INTERNAL_ERROR); + return 0; + } + } + + return 1; +} + +#ifndef OPENSSL_NO_EC +int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) +{ + size_t ecpointformats_len; + PACKET ecptformatlist; + + if (!PACKET_as_length_prefixed_1(pkt, &ecptformatlist)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS, + SSL_R_BAD_EXTENSION); + return 0; + } + if (!s->hit) { + ecpointformats_len = PACKET_remaining(&ecptformatlist); + if (ecpointformats_len == 0) { + SSLfatal(s, SSL_AD_DECODE_ERROR, + SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS, SSL_R_BAD_LENGTH); + return 0; + } + + s->session->ext.ecpointformats_len = 0; + OPENSSL_free(s->session->ext.ecpointformats); + s->session->ext.ecpointformats = OPENSSL_malloc(ecpointformats_len); + if (s->session->ext.ecpointformats == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR); + return 0; + } + + s->session->ext.ecpointformats_len = ecpointformats_len; + + if (!PACKET_copy_bytes(&ecptformatlist, + s->session->ext.ecpointformats, + ecpointformats_len)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR); + return 0; + } + } + + return 1; +} +#endif + +int tls_parse_stoc_session_ticket(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) +{ + if (s->ext.session_ticket_cb != NULL && + !s->ext.session_ticket_cb(s, PACKET_data(pkt), + PACKET_remaining(pkt), + s->ext.session_ticket_cb_arg)) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, + SSL_F_TLS_PARSE_STOC_SESSION_TICKET, SSL_R_BAD_EXTENSION); + return 0; + } + + if (!tls_use_ticket(s)) { + SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION, + SSL_F_TLS_PARSE_STOC_SESSION_TICKET, SSL_R_BAD_EXTENSION); + return 0; + } + if (PACKET_remaining(pkt) > 0) { + SSLfatal(s, SSL_AD_DECODE_ERROR, + SSL_F_TLS_PARSE_STOC_SESSION_TICKET, SSL_R_BAD_EXTENSION); + return 0; + } + + s->ext.ticket_expected = 1; + + return 1; +} + +#ifndef OPENSSL_NO_OCSP +int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) +{ + if (context == SSL_EXT_TLS1_3_CERTIFICATE_REQUEST) { + /* We ignore this if the server sends a CertificateRequest */ + /* TODO(TLS1.3): Add support for this */ + return 1; + } + + /* + * MUST only be sent if we've requested a status + * request message. In TLS <= 1.2 it must also be empty. + */ + if (s->ext.status_type != TLSEXT_STATUSTYPE_ocsp) { + SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION, + SSL_F_TLS_PARSE_STOC_STATUS_REQUEST, SSL_R_BAD_EXTENSION); + return 0; + } + if (!SSL_IS_TLS13(s) && PACKET_remaining(pkt) > 0) { + SSLfatal(s, SSL_AD_DECODE_ERROR, + SSL_F_TLS_PARSE_STOC_STATUS_REQUEST, SSL_R_BAD_EXTENSION); + return 0; + } + + if (SSL_IS_TLS13(s)) { + /* We only know how to handle this if it's for the first Certificate in + * the chain. We ignore any other responses. + */ + if (chainidx != 0) + return 1; + + /* SSLfatal() already called */ + return tls_process_cert_status_body(s, pkt); + } + + /* Set flag to expect CertificateStatus message */ + s->ext.status_expected = 1; + + return 1; +} +#endif + + +#ifndef OPENSSL_NO_CT +int tls_parse_stoc_sct(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx) +{ + if (context == SSL_EXT_TLS1_3_CERTIFICATE_REQUEST) { + /* We ignore this if the server sends it in a CertificateRequest */ + /* TODO(TLS1.3): Add support for this */ + return 1; + } + + /* + * Only take it if we asked for it - i.e if there is no CT validation + * callback set, then a custom extension MAY be processing it, so we + * need to let control continue to flow to that. + */ + if (s->ct_validation_callback != NULL) { + size_t size = PACKET_remaining(pkt); + + /* Simply copy it off for later processing */ + OPENSSL_free(s->ext.scts); + s->ext.scts = NULL; + + s->ext.scts_len = (uint16_t)size; + if (size > 0) { + s->ext.scts = OPENSSL_malloc(size); + if (s->ext.scts == NULL + || !PACKET_copy_bytes(pkt, s->ext.scts, size)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_SCT, + ERR_R_INTERNAL_ERROR); + return 0; + } + } + } else { + ENDPOINT role = (context & SSL_EXT_TLS1_2_SERVER_HELLO) != 0 + ? ENDPOINT_CLIENT : ENDPOINT_BOTH; + + /* + * If we didn't ask for it then there must be a custom extension, + * otherwise this is unsolicited. + */ + if (custom_ext_find(&s->cert->custext, role, + TLSEXT_TYPE_signed_certificate_timestamp, + NULL) == NULL) { + SSLfatal(s, TLS1_AD_UNSUPPORTED_EXTENSION, SSL_F_TLS_PARSE_STOC_SCT, + SSL_R_BAD_EXTENSION); + return 0; + } + + if (!custom_ext_parse(s, context, + TLSEXT_TYPE_signed_certificate_timestamp, + PACKET_data(pkt), PACKET_remaining(pkt), + x, chainidx)) { + /* SSLfatal already called */ + return 0; + } + } + + return 1; +} +#endif + + +#ifndef OPENSSL_NO_NEXTPROTONEG +/* + * ssl_next_proto_validate validates a Next Protocol Negotiation block. No + * elements of zero length are allowed and the set of elements must exactly + * fill the length of the block. Returns 1 on success or 0 on failure. + */ +static int ssl_next_proto_validate(SSL *s, PACKET *pkt) +{ + PACKET tmp_protocol; + + while (PACKET_remaining(pkt)) { + if (!PACKET_get_length_prefixed_1(pkt, &tmp_protocol) + || PACKET_remaining(&tmp_protocol) == 0) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL_NEXT_PROTO_VALIDATE, + SSL_R_BAD_EXTENSION); + return 0; + } + } + + return 1; +} + +int tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx) +{ + unsigned char *selected; + unsigned char selected_len; + PACKET tmppkt; + + /* Check if we are in a renegotiation. If so ignore this extension */ + if (!SSL_IS_FIRST_HANDSHAKE(s)) + return 1; + + /* We must have requested it. */ + if (s->ctx->ext.npn_select_cb == NULL) { + SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION, SSL_F_TLS_PARSE_STOC_NPN, + SSL_R_BAD_EXTENSION); + return 0; + } + + /* The data must be valid */ + tmppkt = *pkt; + if (!ssl_next_proto_validate(s, &tmppkt)) { + /* SSLfatal() already called */ + return 0; + } + if (s->ctx->ext.npn_select_cb(s, &selected, &selected_len, + PACKET_data(pkt), + PACKET_remaining(pkt), + s->ctx->ext.npn_select_cb_arg) != + SSL_TLSEXT_ERR_OK) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PARSE_STOC_NPN, + SSL_R_BAD_EXTENSION); + return 0; + } + + /* + * Could be non-NULL if server has sent multiple NPN extensions in + * a single Serverhello + */ + OPENSSL_free(s->ext.npn); + s->ext.npn = OPENSSL_malloc(selected_len); + if (s->ext.npn == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_NPN, + ERR_R_INTERNAL_ERROR); + return 0; + } + + memcpy(s->ext.npn, selected, selected_len); + s->ext.npn_len = selected_len; + s->s3->npn_seen = 1; + + return 1; +} +#endif + +int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx) +{ + size_t len; + + /* We must have requested it. */ + if (!s->s3->alpn_sent) { + SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION, SSL_F_TLS_PARSE_STOC_ALPN, + SSL_R_BAD_EXTENSION); + return 0; + } + /*- + * The extension data consists of: + * uint16 list_length + * uint8 proto_length; + * uint8 proto[proto_length]; + */ + if (!PACKET_get_net_2_len(pkt, &len) + || PACKET_remaining(pkt) != len || !PACKET_get_1_len(pkt, &len) + || PACKET_remaining(pkt) != len) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_ALPN, + SSL_R_BAD_EXTENSION); + return 0; + } + OPENSSL_free(s->s3->alpn_selected); + s->s3->alpn_selected = OPENSSL_malloc(len); + if (s->s3->alpn_selected == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN, + ERR_R_INTERNAL_ERROR); + return 0; + } + if (!PACKET_copy_bytes(pkt, s->s3->alpn_selected, len)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_ALPN, + SSL_R_BAD_EXTENSION); + return 0; + } + s->s3->alpn_selected_len = len; + + if (s->session->ext.alpn_selected == NULL + || s->session->ext.alpn_selected_len != len + || memcmp(s->session->ext.alpn_selected, s->s3->alpn_selected, len) + != 0) { + /* ALPN not consistent with the old session so cannot use early_data */ + s->ext.early_data_ok = 0; + } + if (!s->hit) { + /* + * This is a new session and so alpn_selected should have been + * initialised to NULL. We should update it with the selected ALPN. + */ + if (!ossl_assert(s->session->ext.alpn_selected == NULL)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN, + ERR_R_INTERNAL_ERROR); + return 0; + } + s->session->ext.alpn_selected = + OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len); + if (s->session->ext.alpn_selected == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN, + ERR_R_INTERNAL_ERROR); + return 0; + } + s->session->ext.alpn_selected_len = s->s3->alpn_selected_len; + } + + return 1; +} + +#ifndef OPENSSL_NO_SRTP +int tls_parse_stoc_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx) +{ + unsigned int id, ct, mki; + int i; + STACK_OF(SRTP_PROTECTION_PROFILE) *clnt; + SRTP_PROTECTION_PROFILE *prof; + + if (!PACKET_get_net_2(pkt, &ct) || ct != 2 + || !PACKET_get_net_2(pkt, &id) + || !PACKET_get_1(pkt, &mki) + || PACKET_remaining(pkt) != 0) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_USE_SRTP, + SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); + return 0; + } + + if (mki != 0) { + /* Must be no MKI, since we never offer one */ + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_USE_SRTP, + SSL_R_BAD_SRTP_MKI_VALUE); + return 0; + } + + /* Throw an error if the server gave us an unsolicited extension */ + clnt = SSL_get_srtp_profiles(s); + if (clnt == NULL) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_USE_SRTP, + SSL_R_NO_SRTP_PROFILES); + return 0; + } + + /* + * Check to see if the server gave us something we support (and + * presumably offered) + */ + for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(clnt); i++) { + prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i); + + if (prof->id == id) { + s->srtp_profile = prof; + return 1; + } + } + + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_USE_SRTP, + SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); + return 0; +} +#endif + +int tls_parse_stoc_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx) +{ + /* Ignore if inappropriate ciphersuite */ + if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC) + && s->s3->tmp.new_cipher->algorithm_mac != SSL_AEAD + && s->s3->tmp.new_cipher->algorithm_enc != SSL_RC4) + s->ext.use_etm = 1; + + return 1; +} + +int tls_parse_stoc_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx) +{ + s->s3->flags |= TLS1_FLAGS_RECEIVED_EXTMS; + if (!s->hit) + s->session->flags |= SSL_SESS_FLAG_EXTMS; + + return 1; +} + +int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) +{ + unsigned int version; + + if (!PACKET_get_net_2(pkt, &version) + || PACKET_remaining(pkt) != 0) { + SSLfatal(s, SSL_AD_DECODE_ERROR, + SSL_F_TLS_PARSE_STOC_SUPPORTED_VERSIONS, + SSL_R_LENGTH_MISMATCH); + return 0; + } + + /* + * The only protocol version we support which is valid in this extension in + * a ServerHello is TLSv1.3 therefore we shouldn't be getting anything else. + */ + if (version != TLS1_3_VERSION) { + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, + SSL_F_TLS_PARSE_STOC_SUPPORTED_VERSIONS, + SSL_R_BAD_PROTOCOL_VERSION_NUMBER); + return 0; + } + + /* We ignore this extension for HRRs except to sanity check it */ + if (context == SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST) + return 1; + + /* We just set it here. We validate it in ssl_choose_client_version */ + s->version = version; + + return 1; +} + +int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx) +{ +#ifndef OPENSSL_NO_TLS1_3 + unsigned int group_id; + PACKET encoded_pt; + EVP_PKEY *ckey = s->s3->tmp.pkey, *skey = NULL; + + /* Sanity check */ + if (ckey == NULL || s->s3->peer_tmp != NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE, + ERR_R_INTERNAL_ERROR); + return 0; + } + + if (!PACKET_get_net_2(pkt, &group_id)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE, + SSL_R_LENGTH_MISMATCH); + return 0; + } + + if ((context & SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST) != 0) { + const uint16_t *pgroups = NULL; + size_t i, num_groups; + + if (PACKET_remaining(pkt) != 0) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE, + SSL_R_LENGTH_MISMATCH); + return 0; + } + + /* + * It is an error if the HelloRetryRequest wants a key_share that we + * already sent in the first ClientHello + */ + if (group_id == s->s3->group_id) { + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, + SSL_F_TLS_PARSE_STOC_KEY_SHARE, SSL_R_BAD_KEY_SHARE); + return 0; + } + + /* Validate the selected group is one we support */ + tls1_get_supported_groups(s, &pgroups, &num_groups); + for (i = 0; i < num_groups; i++) { + if (group_id == pgroups[i]) + break; + } + if (i >= num_groups + || !tls_curve_allowed(s, group_id, SSL_SECOP_CURVE_SUPPORTED)) { + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, + SSL_F_TLS_PARSE_STOC_KEY_SHARE, SSL_R_BAD_KEY_SHARE); + return 0; + } + + s->s3->group_id = group_id; + EVP_PKEY_free(s->s3->tmp.pkey); + s->s3->tmp.pkey = NULL; + return 1; + } + + if (group_id != s->s3->group_id) { + /* + * This isn't for the group that we sent in the original + * key_share! + */ + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_KEY_SHARE, + SSL_R_BAD_KEY_SHARE); + return 0; + } + + if (!PACKET_as_length_prefixed_2(pkt, &encoded_pt) + || PACKET_remaining(&encoded_pt) == 0) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE, + SSL_R_LENGTH_MISMATCH); + return 0; + } + + skey = ssl_generate_pkey(ckey); + if (skey == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE, + ERR_R_MALLOC_FAILURE); + return 0; + } + if (!EVP_PKEY_set1_tls_encodedpoint(skey, PACKET_data(&encoded_pt), + PACKET_remaining(&encoded_pt))) { + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_KEY_SHARE, + SSL_R_BAD_ECPOINT); + EVP_PKEY_free(skey); + return 0; + } + + if (ssl_derive(s, ckey, skey, 1) == 0) { + /* SSLfatal() already called */ + EVP_PKEY_free(skey); + return 0; + } + s->s3->peer_tmp = skey; +#endif + + return 1; +} + +int tls_parse_stoc_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx) +{ + PACKET cookie; + + if (!PACKET_as_length_prefixed_2(pkt, &cookie) + || !PACKET_memdup(&cookie, &s->ext.tls13_cookie, + &s->ext.tls13_cookie_len)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_COOKIE, + SSL_R_LENGTH_MISMATCH); + return 0; + } + + return 1; +} + +int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) +{ + if (context == SSL_EXT_TLS1_3_NEW_SESSION_TICKET) { + unsigned long max_early_data; + + if (!PACKET_get_net_4(pkt, &max_early_data) + || PACKET_remaining(pkt) != 0) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_EARLY_DATA, + SSL_R_INVALID_MAX_EARLY_DATA); + return 0; + } + + s->session->ext.max_early_data = max_early_data; + + return 1; + } + + if (PACKET_remaining(pkt) != 0) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_EARLY_DATA, + SSL_R_BAD_EXTENSION); + return 0; + } + + if (!s->ext.early_data_ok + || !s->hit + || s->session->ext.tick_identity != 0) { + /* + * If we get here then we didn't send early data, or we didn't resume + * using the first identity, or the SNI/ALPN is not consistent so the + * server should not be accepting it. + */ + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_EARLY_DATA, + SSL_R_BAD_EXTENSION); + return 0; + } + + s->ext.early_data = SSL_EARLY_DATA_ACCEPTED; + + return 1; +} + +int tls_parse_stoc_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx) +{ +#ifndef OPENSSL_NO_TLS1_3 + unsigned int identity; + + if (!PACKET_get_net_2(pkt, &identity) || PACKET_remaining(pkt) != 0) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_PSK, + SSL_R_LENGTH_MISMATCH); + return 0; + } + + if (s->session->ext.tick_identity == (int)identity) { + s->hit = 1; + SSL_SESSION_free(s->psksession); + s->psksession = NULL; + return 1; + } + + if (s->psksession == NULL + || s->psksession->ext.tick_identity != (int)identity) { + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_PSK, + SSL_R_BAD_PSK_IDENTITY); + return 0; + } + + /* + * If we used the external PSK for sending early_data then s->early_secret + * is already set up, so don't overwrite it. Otherwise we copy the + * early_secret across that we generated earlier. + */ + if ((s->early_data_state != SSL_EARLY_DATA_WRITE_RETRY + && s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING) + || s->session->ext.max_early_data > 0 + || s->psksession->ext.max_early_data == 0) + memcpy(s->early_secret, s->psksession->early_secret, EVP_MAX_MD_SIZE); + + SSL_SESSION_free(s->session); + s->session = s->psksession; + s->psksession = NULL; + s->hit = 1; +#endif + + return 1; +} diff --git a/deps/openssl/openssl/ssl/statem/extensions_cust.c b/deps/openssl/openssl/ssl/statem/extensions_cust.c new file mode 100644 index 00000000000000..a4cdc81d68b922 --- /dev/null +++ b/deps/openssl/openssl/ssl/statem/extensions_cust.c @@ -0,0 +1,533 @@ +/* + * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Custom extension utility functions */ + +#include +#include "../ssl_locl.h" +#include "internal/cryptlib.h" +#include "statem_locl.h" + +typedef struct { + void *add_arg; + custom_ext_add_cb add_cb; + custom_ext_free_cb free_cb; +} custom_ext_add_cb_wrap; + +typedef struct { + void *parse_arg; + custom_ext_parse_cb parse_cb; +} custom_ext_parse_cb_wrap; + +/* + * Provide thin wrapper callbacks which convert new style arguments to old style + */ +static int custom_ext_add_old_cb_wrap(SSL *s, unsigned int ext_type, + unsigned int context, + const unsigned char **out, + size_t *outlen, X509 *x, size_t chainidx, + int *al, void *add_arg) +{ + custom_ext_add_cb_wrap *add_cb_wrap = (custom_ext_add_cb_wrap *)add_arg; + + if (add_cb_wrap->add_cb == NULL) + return 1; + + return add_cb_wrap->add_cb(s, ext_type, out, outlen, al, + add_cb_wrap->add_arg); +} + +static void custom_ext_free_old_cb_wrap(SSL *s, unsigned int ext_type, + unsigned int context, + const unsigned char *out, void *add_arg) +{ + custom_ext_add_cb_wrap *add_cb_wrap = (custom_ext_add_cb_wrap *)add_arg; + + if (add_cb_wrap->free_cb == NULL) + return; + + add_cb_wrap->free_cb(s, ext_type, out, add_cb_wrap->add_arg); +} + +static int custom_ext_parse_old_cb_wrap(SSL *s, unsigned int ext_type, + unsigned int context, + const unsigned char *in, + size_t inlen, X509 *x, size_t chainidx, + int *al, void *parse_arg) +{ + custom_ext_parse_cb_wrap *parse_cb_wrap = + (custom_ext_parse_cb_wrap *)parse_arg; + + if (parse_cb_wrap->parse_cb == NULL) + return 1; + + return parse_cb_wrap->parse_cb(s, ext_type, in, inlen, al, + parse_cb_wrap->parse_arg); +} + +/* + * Find a custom extension from the list. The |role| param is there to + * support the legacy API where custom extensions for client and server could + * be set independently on the same SSL_CTX. It is set to ENDPOINT_SERVER if we + * are trying to find a method relevant to the server, ENDPOINT_CLIENT for the + * client, or ENDPOINT_BOTH for either + */ +custom_ext_method *custom_ext_find(const custom_ext_methods *exts, + ENDPOINT role, unsigned int ext_type, + size_t *idx) +{ + size_t i; + custom_ext_method *meth = exts->meths; + + for (i = 0; i < exts->meths_count; i++, meth++) { + if (ext_type == meth->ext_type + && (role == ENDPOINT_BOTH || role == meth->role + || meth->role == ENDPOINT_BOTH)) { + if (idx != NULL) + *idx = i; + return meth; + } + } + return NULL; +} + +/* + * Initialise custom extensions flags to indicate neither sent nor received. + */ +void custom_ext_init(custom_ext_methods *exts) +{ + size_t i; + custom_ext_method *meth = exts->meths; + + for (i = 0; i < exts->meths_count; i++, meth++) + meth->ext_flags = 0; +} + +/* Pass received custom extension data to the application for parsing. */ +int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type, + const unsigned char *ext_data, size_t ext_size, X509 *x, + size_t chainidx) +{ + int al; + custom_ext_methods *exts = &s->cert->custext; + custom_ext_method *meth; + ENDPOINT role = ENDPOINT_BOTH; + + if ((context & (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO)) != 0) + role = s->server ? ENDPOINT_SERVER : ENDPOINT_CLIENT; + + meth = custom_ext_find(exts, role, ext_type, NULL); + /* If not found return success */ + if (!meth) + return 1; + + /* Check if extension is defined for our protocol. If not, skip */ + if (!extension_is_relevant(s, meth->context, context)) + return 1; + + if ((context & (SSL_EXT_TLS1_2_SERVER_HELLO + | SSL_EXT_TLS1_3_SERVER_HELLO + | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS)) != 0) { + /* + * If it's ServerHello or EncryptedExtensions we can't have any + * extensions not sent in ClientHello. + */ + if ((meth->ext_flags & SSL_EXT_FLAG_SENT) == 0) { + SSLfatal(s, TLS1_AD_UNSUPPORTED_EXTENSION, SSL_F_CUSTOM_EXT_PARSE, + SSL_R_BAD_EXTENSION); + return 0; + } + } + + /* + * Extensions received in the ClientHello are marked with the + * SSL_EXT_FLAG_RECEIVED. This is so we know to add the equivalent + * extensions in the ServerHello/EncryptedExtensions message + */ + if ((context & SSL_EXT_CLIENT_HELLO) != 0) + meth->ext_flags |= SSL_EXT_FLAG_RECEIVED; + + /* If no parse function set return success */ + if (!meth->parse_cb) + return 1; + + if (meth->parse_cb(s, ext_type, context, ext_data, ext_size, x, chainidx, + &al, meth->parse_arg) <= 0) { + SSLfatal(s, al, SSL_F_CUSTOM_EXT_PARSE, SSL_R_BAD_EXTENSION); + return 0; + } + + return 1; +} + +/* + * Request custom extension data from the application and add to the return + * buffer. + */ +int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x, size_t chainidx, + int maxversion) +{ + custom_ext_methods *exts = &s->cert->custext; + custom_ext_method *meth; + size_t i; + int al; + + for (i = 0; i < exts->meths_count; i++) { + const unsigned char *out = NULL; + size_t outlen = 0; + + meth = exts->meths + i; + + if (!should_add_extension(s, meth->context, context, maxversion)) + continue; + + if ((context & (SSL_EXT_TLS1_2_SERVER_HELLO + | SSL_EXT_TLS1_3_SERVER_HELLO + | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS + | SSL_EXT_TLS1_3_CERTIFICATE + | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST)) != 0) { + /* Only send extensions present in ClientHello. */ + if (!(meth->ext_flags & SSL_EXT_FLAG_RECEIVED)) + continue; + } + /* + * We skip it if the callback is absent - except for a ClientHello where + * we add an empty extension. + */ + if ((context & SSL_EXT_CLIENT_HELLO) == 0 && meth->add_cb == NULL) + continue; + + if (meth->add_cb != NULL) { + int cb_retval = meth->add_cb(s, meth->ext_type, context, &out, + &outlen, x, chainidx, &al, + meth->add_arg); + + if (cb_retval < 0) { + SSLfatal(s, al, SSL_F_CUSTOM_EXT_ADD, SSL_R_CALLBACK_FAILED); + return 0; /* error */ + } + if (cb_retval == 0) + continue; /* skip this extension */ + } + + if (!WPACKET_put_bytes_u16(pkt, meth->ext_type) + || !WPACKET_start_sub_packet_u16(pkt) + || (outlen > 0 && !WPACKET_memcpy(pkt, out, outlen)) + || !WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CUSTOM_EXT_ADD, + ERR_R_INTERNAL_ERROR); + return 0; + } + if ((context & SSL_EXT_CLIENT_HELLO) != 0) { + /* + * We can't send duplicates: code logic should prevent this. + */ + if (!ossl_assert((meth->ext_flags & SSL_EXT_FLAG_SENT) == 0)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CUSTOM_EXT_ADD, + ERR_R_INTERNAL_ERROR); + return 0; + } + /* + * Indicate extension has been sent: this is both a sanity check to + * ensure we don't send duplicate extensions and indicates that it + * is not an error if the extension is present in ServerHello. + */ + meth->ext_flags |= SSL_EXT_FLAG_SENT; + } + if (meth->free_cb != NULL) + meth->free_cb(s, meth->ext_type, context, out, meth->add_arg); + } + return 1; +} + +/* Copy the flags from src to dst for any extensions that exist in both */ +int custom_exts_copy_flags(custom_ext_methods *dst, + const custom_ext_methods *src) +{ + size_t i; + custom_ext_method *methsrc = src->meths; + + for (i = 0; i < src->meths_count; i++, methsrc++) { + custom_ext_method *methdst = custom_ext_find(dst, methsrc->role, + methsrc->ext_type, NULL); + + if (methdst == NULL) + continue; + + methdst->ext_flags = methsrc->ext_flags; + } + + return 1; +} + +/* Copy table of custom extensions */ +int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src) +{ + size_t i; + int err = 0; + + if (src->meths_count > 0) { + dst->meths = + OPENSSL_memdup(src->meths, + sizeof(*src->meths) * src->meths_count); + if (dst->meths == NULL) + return 0; + dst->meths_count = src->meths_count; + + for (i = 0; i < src->meths_count; i++) { + custom_ext_method *methsrc = src->meths + i; + custom_ext_method *methdst = dst->meths + i; + + if (methsrc->add_cb != custom_ext_add_old_cb_wrap) + continue; + + /* + * We have found an old style API wrapper. We need to copy the + * arguments too. + */ + + if (err) { + methdst->add_arg = NULL; + methdst->parse_arg = NULL; + continue; + } + + methdst->add_arg = OPENSSL_memdup(methsrc->add_arg, + sizeof(custom_ext_add_cb_wrap)); + methdst->parse_arg = OPENSSL_memdup(methsrc->parse_arg, + sizeof(custom_ext_parse_cb_wrap)); + + if (methdst->add_arg == NULL || methdst->parse_arg == NULL) + err = 1; + } + } + + if (err) { + custom_exts_free(dst); + return 0; + } + + return 1; +} + +void custom_exts_free(custom_ext_methods *exts) +{ + size_t i; + custom_ext_method *meth; + + for (i = 0, meth = exts->meths; i < exts->meths_count; i++, meth++) { + if (meth->add_cb != custom_ext_add_old_cb_wrap) + continue; + + /* Old style API wrapper. Need to free the arguments too */ + OPENSSL_free(meth->add_arg); + OPENSSL_free(meth->parse_arg); + } + OPENSSL_free(exts->meths); +} + +/* Return true if a client custom extension exists, false otherwise */ +int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, unsigned int ext_type) +{ + return custom_ext_find(&ctx->cert->custext, ENDPOINT_CLIENT, ext_type, + NULL) != NULL; +} + +static int add_custom_ext_intern(SSL_CTX *ctx, ENDPOINT role, + unsigned int ext_type, + unsigned int context, + SSL_custom_ext_add_cb_ex add_cb, + SSL_custom_ext_free_cb_ex free_cb, + void *add_arg, + SSL_custom_ext_parse_cb_ex parse_cb, + void *parse_arg) +{ + custom_ext_methods *exts = &ctx->cert->custext; + custom_ext_method *meth, *tmp; + + /* + * Check application error: if add_cb is not set free_cb will never be + * called. + */ + if (add_cb == NULL && free_cb != NULL) + return 0; + +#ifndef OPENSSL_NO_CT + /* + * We don't want applications registering callbacks for SCT extensions + * whilst simultaneously using the built-in SCT validation features, as + * these two things may not play well together. + */ + if (ext_type == TLSEXT_TYPE_signed_certificate_timestamp + && (context & SSL_EXT_CLIENT_HELLO) != 0 + && SSL_CTX_ct_is_enabled(ctx)) + return 0; +#endif + + /* + * Don't add if extension supported internally, but make exception + * for extension types that previously were not supported, but now are. + */ + if (SSL_extension_supported(ext_type) + && ext_type != TLSEXT_TYPE_signed_certificate_timestamp) + return 0; + + /* Extension type must fit in 16 bits */ + if (ext_type > 0xffff) + return 0; + /* Search for duplicate */ + if (custom_ext_find(exts, role, ext_type, NULL)) + return 0; + tmp = OPENSSL_realloc(exts->meths, + (exts->meths_count + 1) * sizeof(custom_ext_method)); + if (tmp == NULL) + return 0; + + exts->meths = tmp; + meth = exts->meths + exts->meths_count; + memset(meth, 0, sizeof(*meth)); + meth->role = role; + meth->context = context; + meth->parse_cb = parse_cb; + meth->add_cb = add_cb; + meth->free_cb = free_cb; + meth->ext_type = ext_type; + meth->add_arg = add_arg; + meth->parse_arg = parse_arg; + exts->meths_count++; + return 1; +} + +static int add_old_custom_ext(SSL_CTX *ctx, ENDPOINT role, + unsigned int ext_type, + unsigned int context, + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, void *parse_arg) +{ + custom_ext_add_cb_wrap *add_cb_wrap + = OPENSSL_malloc(sizeof(*add_cb_wrap)); + custom_ext_parse_cb_wrap *parse_cb_wrap + = OPENSSL_malloc(sizeof(*parse_cb_wrap)); + int ret; + + if (add_cb_wrap == NULL || parse_cb_wrap == NULL) { + OPENSSL_free(add_cb_wrap); + OPENSSL_free(parse_cb_wrap); + return 0; + } + + add_cb_wrap->add_arg = add_arg; + add_cb_wrap->add_cb = add_cb; + add_cb_wrap->free_cb = free_cb; + parse_cb_wrap->parse_arg = parse_arg; + parse_cb_wrap->parse_cb = parse_cb; + + ret = add_custom_ext_intern(ctx, role, ext_type, + context, + custom_ext_add_old_cb_wrap, + custom_ext_free_old_cb_wrap, + add_cb_wrap, + custom_ext_parse_old_cb_wrap, + parse_cb_wrap); + + if (!ret) { + OPENSSL_free(add_cb_wrap); + OPENSSL_free(parse_cb_wrap); + } + + return ret; +} + +/* Application level functions to add the old custom extension callbacks */ +int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type, + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, void *parse_arg) +{ + return add_old_custom_ext(ctx, ENDPOINT_CLIENT, ext_type, + SSL_EXT_TLS1_2_AND_BELOW_ONLY + | SSL_EXT_CLIENT_HELLO + | SSL_EXT_TLS1_2_SERVER_HELLO + | SSL_EXT_IGNORE_ON_RESUMPTION, + add_cb, free_cb, add_arg, parse_cb, parse_arg); +} + +int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type, + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, void *parse_arg) +{ + return add_old_custom_ext(ctx, ENDPOINT_SERVER, ext_type, + SSL_EXT_TLS1_2_AND_BELOW_ONLY + | SSL_EXT_CLIENT_HELLO + | SSL_EXT_TLS1_2_SERVER_HELLO + | SSL_EXT_IGNORE_ON_RESUMPTION, + add_cb, free_cb, add_arg, parse_cb, parse_arg); +} + +int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type, + unsigned int context, + SSL_custom_ext_add_cb_ex add_cb, + SSL_custom_ext_free_cb_ex free_cb, + void *add_arg, + SSL_custom_ext_parse_cb_ex parse_cb, void *parse_arg) +{ + return add_custom_ext_intern(ctx, ENDPOINT_BOTH, ext_type, context, add_cb, + free_cb, add_arg, parse_cb, parse_arg); +} + +int SSL_extension_supported(unsigned int ext_type) +{ + switch (ext_type) { + /* Internally supported extensions. */ + case TLSEXT_TYPE_application_layer_protocol_negotiation: +#ifndef OPENSSL_NO_EC + case TLSEXT_TYPE_ec_point_formats: + case TLSEXT_TYPE_supported_groups: + case TLSEXT_TYPE_key_share: +#endif +#ifndef OPENSSL_NO_NEXTPROTONEG + case TLSEXT_TYPE_next_proto_neg: +#endif + case TLSEXT_TYPE_padding: + case TLSEXT_TYPE_renegotiate: + case TLSEXT_TYPE_max_fragment_length: + case TLSEXT_TYPE_server_name: + case TLSEXT_TYPE_session_ticket: + case TLSEXT_TYPE_signature_algorithms: +#ifndef OPENSSL_NO_SRP + case TLSEXT_TYPE_srp: +#endif +#ifndef OPENSSL_NO_OCSP + case TLSEXT_TYPE_status_request: +#endif +#ifndef OPENSSL_NO_CT + case TLSEXT_TYPE_signed_certificate_timestamp: +#endif +#ifndef OPENSSL_NO_SRTP + case TLSEXT_TYPE_use_srtp: +#endif + case TLSEXT_TYPE_encrypt_then_mac: + case TLSEXT_TYPE_supported_versions: + case TLSEXT_TYPE_extended_master_secret: + case TLSEXT_TYPE_psk_kex_modes: + case TLSEXT_TYPE_cookie: + case TLSEXT_TYPE_early_data: + case TLSEXT_TYPE_certificate_authorities: + case TLSEXT_TYPE_psk: + case TLSEXT_TYPE_post_handshake_auth: + return 1; + default: + return 0; + } +} diff --git a/deps/openssl/openssl/ssl/statem/extensions_srvr.c b/deps/openssl/openssl/ssl/statem/extensions_srvr.c new file mode 100644 index 00000000000000..0f2b22392bcafa --- /dev/null +++ b/deps/openssl/openssl/ssl/statem/extensions_srvr.c @@ -0,0 +1,1959 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "../ssl_locl.h" +#include "statem_locl.h" +#include "internal/cryptlib.h" + +#define COOKIE_STATE_FORMAT_VERSION 0 + +/* + * 2 bytes for packet length, 2 bytes for format version, 2 bytes for + * protocol version, 2 bytes for group id, 2 bytes for cipher id, 1 byte for + * key_share present flag, 4 bytes for timestamp, 2 bytes for the hashlen, + * EVP_MAX_MD_SIZE for transcript hash, 1 byte for app cookie length, app cookie + * length bytes, SHA256_DIGEST_LENGTH bytes for the HMAC of the whole thing. + */ +#define MAX_COOKIE_SIZE (2 + 2 + 2 + 2 + 2 + 1 + 4 + 2 + EVP_MAX_MD_SIZE + 1 \ + + SSL_COOKIE_LENGTH + SHA256_DIGEST_LENGTH) + +/* + * Message header + 2 bytes for protocol version + number of random bytes + + * + 1 byte for legacy session id length + number of bytes in legacy session id + * + 2 bytes for ciphersuite + 1 byte for legacy compression + * + 2 bytes for extension block length + 6 bytes for key_share extension + * + 4 bytes for cookie extension header + the number of bytes in the cookie + */ +#define MAX_HRR_SIZE (SSL3_HM_HEADER_LENGTH + 2 + SSL3_RANDOM_SIZE + 1 \ + + SSL_MAX_SSL_SESSION_ID_LENGTH + 2 + 1 + 2 + 6 + 4 \ + + MAX_COOKIE_SIZE) + +/* + * Parse the client's renegotiation binding and abort if it's not right + */ +int tls_parse_ctos_renegotiate(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) +{ + unsigned int ilen; + const unsigned char *data; + + /* Parse the length byte */ + if (!PACKET_get_1(pkt, &ilen) + || !PACKET_get_bytes(pkt, &data, ilen)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_RENEGOTIATE, + SSL_R_RENEGOTIATION_ENCODING_ERR); + return 0; + } + + /* Check that the extension matches */ + if (ilen != s->s3->previous_client_finished_len) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PARSE_CTOS_RENEGOTIATE, + SSL_R_RENEGOTIATION_MISMATCH); + return 0; + } + + if (memcmp(data, s->s3->previous_client_finished, + s->s3->previous_client_finished_len)) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PARSE_CTOS_RENEGOTIATE, + SSL_R_RENEGOTIATION_MISMATCH); + return 0; + } + + s->s3->send_connection_binding = 1; + + return 1; +} + +/*- + * The servername extension is treated as follows: + * + * - Only the hostname type is supported with a maximum length of 255. + * - The servername is rejected if too long or if it contains zeros, + * in which case an fatal alert is generated. + * - The servername field is maintained together with the session cache. + * - When a session is resumed, the servername call back invoked in order + * to allow the application to position itself to the right context. + * - The servername is acknowledged if it is new for a session or when + * it is identical to a previously used for the same session. + * Applications can control the behaviour. They can at any time + * set a 'desirable' servername for a new SSL object. This can be the + * case for example with HTTPS when a Host: header field is received and + * a renegotiation is requested. In this case, a possible servername + * presented in the new client hello is only acknowledged if it matches + * the value of the Host: field. + * - Applications must use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION + * if they provide for changing an explicit servername context for the + * session, i.e. when the session has been established with a servername + * extension. + * - On session reconnect, the servername extension may be absent. + */ +int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) +{ + unsigned int servname_type; + PACKET sni, hostname; + + if (!PACKET_as_length_prefixed_2(pkt, &sni) + /* ServerNameList must be at least 1 byte long. */ + || PACKET_remaining(&sni) == 0) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_SERVER_NAME, + SSL_R_BAD_EXTENSION); + return 0; + } + + /* + * Although the intent was for server_name to be extensible, RFC 4366 + * was not clear about it; and so OpenSSL among other implementations, + * always and only allows a 'host_name' name types. + * RFC 6066 corrected the mistake but adding new name types + * is nevertheless no longer feasible, so act as if no other + * SNI types can exist, to simplify parsing. + * + * Also note that the RFC permits only one SNI value per type, + * i.e., we can only have a single hostname. + */ + if (!PACKET_get_1(&sni, &servname_type) + || servname_type != TLSEXT_NAMETYPE_host_name + || !PACKET_as_length_prefixed_2(&sni, &hostname)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_SERVER_NAME, + SSL_R_BAD_EXTENSION); + return 0; + } + + if (!s->hit || SSL_IS_TLS13(s)) { + if (PACKET_remaining(&hostname) > TLSEXT_MAXLEN_host_name) { + SSLfatal(s, SSL_AD_UNRECOGNIZED_NAME, + SSL_F_TLS_PARSE_CTOS_SERVER_NAME, + SSL_R_BAD_EXTENSION); + return 0; + } + + if (PACKET_contains_zero_byte(&hostname)) { + SSLfatal(s, SSL_AD_UNRECOGNIZED_NAME, + SSL_F_TLS_PARSE_CTOS_SERVER_NAME, + SSL_R_BAD_EXTENSION); + return 0; + } + + /* + * Store the requested SNI in the SSL as temporary storage. + * If we accept it, it will get stored in the SSL_SESSION as well. + */ + OPENSSL_free(s->ext.hostname); + s->ext.hostname = NULL; + if (!PACKET_strndup(&hostname, &s->ext.hostname)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_SERVER_NAME, + ERR_R_INTERNAL_ERROR); + return 0; + } + + s->servername_done = 1; + } + if (s->hit) { + /* + * TODO(openssl-team): if the SNI doesn't match, we MUST + * fall back to a full handshake. + */ + s->servername_done = (s->session->ext.hostname != NULL) + && PACKET_equal(&hostname, s->session->ext.hostname, + strlen(s->session->ext.hostname)); + + if (!s->servername_done && s->session->ext.hostname != NULL) + s->ext.early_data_ok = 0; + } + + return 1; +} + +int tls_parse_ctos_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) +{ + unsigned int value; + + if (PACKET_remaining(pkt) != 1 || !PACKET_get_1(pkt, &value)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN, + SSL_R_BAD_EXTENSION); + return 0; + } + + /* Received |value| should be a valid max-fragment-length code. */ + if (!IS_MAX_FRAGMENT_LENGTH_EXT_VALID(value)) { + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, + SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN, + SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH); + return 0; + } + + /* + * RFC 6066: The negotiated length applies for the duration of the session + * including session resumptions. + * We should receive the same code as in resumed session ! + */ + if (s->hit && s->session->ext.max_fragment_len_mode != value) { + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, + SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN, + SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH); + return 0; + } + + /* + * Store it in session, so it'll become binding for us + * and we'll include it in a next Server Hello. + */ + s->session->ext.max_fragment_len_mode = value; + return 1; +} + +#ifndef OPENSSL_NO_SRP +int tls_parse_ctos_srp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx) +{ + PACKET srp_I; + + if (!PACKET_as_length_prefixed_1(pkt, &srp_I) + || PACKET_contains_zero_byte(&srp_I)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, + SSL_F_TLS_PARSE_CTOS_SRP, + SSL_R_BAD_EXTENSION); + return 0; + } + + /* + * TODO(openssl-team): currently, we re-authenticate the user + * upon resumption. Instead, we MUST ignore the login. + */ + if (!PACKET_strndup(&srp_I, &s->srp_ctx.login)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_SRP, + ERR_R_INTERNAL_ERROR); + return 0; + } + + return 1; +} +#endif + +#ifndef OPENSSL_NO_EC +int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) +{ + PACKET ec_point_format_list; + + if (!PACKET_as_length_prefixed_1(pkt, &ec_point_format_list) + || PACKET_remaining(&ec_point_format_list) == 0) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS, + SSL_R_BAD_EXTENSION); + return 0; + } + + if (!s->hit) { + if (!PACKET_memdup(&ec_point_format_list, + &s->session->ext.ecpointformats, + &s->session->ext.ecpointformats_len)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR); + return 0; + } + } + + return 1; +} +#endif /* OPENSSL_NO_EC */ + +int tls_parse_ctos_session_ticket(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) +{ + if (s->ext.session_ticket_cb && + !s->ext.session_ticket_cb(s, PACKET_data(pkt), + PACKET_remaining(pkt), + s->ext.session_ticket_cb_arg)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_PARSE_CTOS_SESSION_TICKET, ERR_R_INTERNAL_ERROR); + return 0; + } + + return 1; +} + +int tls_parse_ctos_sig_algs_cert(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) +{ + PACKET supported_sig_algs; + + if (!PACKET_as_length_prefixed_2(pkt, &supported_sig_algs) + || PACKET_remaining(&supported_sig_algs) == 0) { + SSLfatal(s, SSL_AD_DECODE_ERROR, + SSL_F_TLS_PARSE_CTOS_SIG_ALGS_CERT, SSL_R_BAD_EXTENSION); + return 0; + } + + if (!s->hit && !tls1_save_sigalgs(s, &supported_sig_algs, 1)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, + SSL_F_TLS_PARSE_CTOS_SIG_ALGS_CERT, SSL_R_BAD_EXTENSION); + return 0; + } + + return 1; +} + +int tls_parse_ctos_sig_algs(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx) +{ + PACKET supported_sig_algs; + + if (!PACKET_as_length_prefixed_2(pkt, &supported_sig_algs) + || PACKET_remaining(&supported_sig_algs) == 0) { + SSLfatal(s, SSL_AD_DECODE_ERROR, + SSL_F_TLS_PARSE_CTOS_SIG_ALGS, SSL_R_BAD_EXTENSION); + return 0; + } + + if (!s->hit && !tls1_save_sigalgs(s, &supported_sig_algs, 0)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, + SSL_F_TLS_PARSE_CTOS_SIG_ALGS, SSL_R_BAD_EXTENSION); + return 0; + } + + return 1; +} + +#ifndef OPENSSL_NO_OCSP +int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) +{ + PACKET responder_id_list, exts; + + /* We ignore this in a resumption handshake */ + if (s->hit) + return 1; + + /* Not defined if we get one of these in a client Certificate */ + if (x != NULL) + return 1; + + if (!PACKET_get_1(pkt, (unsigned int *)&s->ext.status_type)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, + SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST, SSL_R_BAD_EXTENSION); + return 0; + } + + if (s->ext.status_type != TLSEXT_STATUSTYPE_ocsp) { + /* + * We don't know what to do with any other type so ignore it. + */ + s->ext.status_type = TLSEXT_STATUSTYPE_nothing; + return 1; + } + + if (!PACKET_get_length_prefixed_2 (pkt, &responder_id_list)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, + SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST, SSL_R_BAD_EXTENSION); + return 0; + } + + /* + * We remove any OCSP_RESPIDs from a previous handshake + * to prevent unbounded memory growth - CVE-2016-6304 + */ + sk_OCSP_RESPID_pop_free(s->ext.ocsp.ids, OCSP_RESPID_free); + if (PACKET_remaining(&responder_id_list) > 0) { + s->ext.ocsp.ids = sk_OCSP_RESPID_new_null(); + if (s->ext.ocsp.ids == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST, ERR_R_MALLOC_FAILURE); + return 0; + } + } else { + s->ext.ocsp.ids = NULL; + } + + while (PACKET_remaining(&responder_id_list) > 0) { + OCSP_RESPID *id; + PACKET responder_id; + const unsigned char *id_data; + + if (!PACKET_get_length_prefixed_2(&responder_id_list, &responder_id) + || PACKET_remaining(&responder_id) == 0) { + SSLfatal(s, SSL_AD_DECODE_ERROR, + SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST, SSL_R_BAD_EXTENSION); + return 0; + } + + id_data = PACKET_data(&responder_id); + /* TODO(size_t): Convert d2i_* to size_t */ + id = d2i_OCSP_RESPID(NULL, &id_data, + (int)PACKET_remaining(&responder_id)); + if (id == NULL) { + SSLfatal(s, SSL_AD_DECODE_ERROR, + SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST, SSL_R_BAD_EXTENSION); + return 0; + } + + if (id_data != PACKET_end(&responder_id)) { + OCSP_RESPID_free(id); + SSLfatal(s, SSL_AD_DECODE_ERROR, + SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST, SSL_R_BAD_EXTENSION); + + return 0; + } + + if (!sk_OCSP_RESPID_push(s->ext.ocsp.ids, id)) { + OCSP_RESPID_free(id); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST, ERR_R_INTERNAL_ERROR); + + return 0; + } + } + + /* Read in request_extensions */ + if (!PACKET_as_length_prefixed_2(pkt, &exts)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, + SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST, SSL_R_BAD_EXTENSION); + return 0; + } + + if (PACKET_remaining(&exts) > 0) { + const unsigned char *ext_data = PACKET_data(&exts); + + sk_X509_EXTENSION_pop_free(s->ext.ocsp.exts, + X509_EXTENSION_free); + s->ext.ocsp.exts = + d2i_X509_EXTENSIONS(NULL, &ext_data, (int)PACKET_remaining(&exts)); + if (s->ext.ocsp.exts == NULL || ext_data != PACKET_end(&exts)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, + SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST, SSL_R_BAD_EXTENSION); + return 0; + } + } + + return 1; +} +#endif + +#ifndef OPENSSL_NO_NEXTPROTONEG +int tls_parse_ctos_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx) +{ + /* + * We shouldn't accept this extension on a + * renegotiation. + */ + if (SSL_IS_FIRST_HANDSHAKE(s)) + s->s3->npn_seen = 1; + + return 1; +} +#endif + +/* + * Save the ALPN extension in a ClientHello.|pkt| holds the contents of the ALPN + * extension, not including type and length. Returns: 1 on success, 0 on error. + */ +int tls_parse_ctos_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx) +{ + PACKET protocol_list, save_protocol_list, protocol; + + if (!SSL_IS_FIRST_HANDSHAKE(s)) + return 1; + + if (!PACKET_as_length_prefixed_2(pkt, &protocol_list) + || PACKET_remaining(&protocol_list) < 2) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_ALPN, + SSL_R_BAD_EXTENSION); + return 0; + } + + save_protocol_list = protocol_list; + do { + /* Protocol names can't be empty. */ + if (!PACKET_get_length_prefixed_1(&protocol_list, &protocol) + || PACKET_remaining(&protocol) == 0) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_ALPN, + SSL_R_BAD_EXTENSION); + return 0; + } + } while (PACKET_remaining(&protocol_list) != 0); + + OPENSSL_free(s->s3->alpn_proposed); + s->s3->alpn_proposed = NULL; + s->s3->alpn_proposed_len = 0; + if (!PACKET_memdup(&save_protocol_list, + &s->s3->alpn_proposed, &s->s3->alpn_proposed_len)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_ALPN, + ERR_R_INTERNAL_ERROR); + return 0; + } + + return 1; +} + +#ifndef OPENSSL_NO_SRTP +int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx) +{ + STACK_OF(SRTP_PROTECTION_PROFILE) *srvr; + unsigned int ct, mki_len, id; + int i, srtp_pref; + PACKET subpkt; + + /* Ignore this if we have no SRTP profiles */ + if (SSL_get_srtp_profiles(s) == NULL) + return 1; + + /* Pull off the length of the cipher suite list and check it is even */ + if (!PACKET_get_net_2(pkt, &ct) || (ct & 1) != 0 + || !PACKET_get_sub_packet(pkt, &subpkt, ct)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_USE_SRTP, + SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); + return 0; + } + + srvr = SSL_get_srtp_profiles(s); + s->srtp_profile = NULL; + /* Search all profiles for a match initially */ + srtp_pref = sk_SRTP_PROTECTION_PROFILE_num(srvr); + + while (PACKET_remaining(&subpkt)) { + if (!PACKET_get_net_2(&subpkt, &id)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_USE_SRTP, + SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); + return 0; + } + + /* + * Only look for match in profiles of higher preference than + * current match. + * If no profiles have been have been configured then this + * does nothing. + */ + for (i = 0; i < srtp_pref; i++) { + SRTP_PROTECTION_PROFILE *sprof = + sk_SRTP_PROTECTION_PROFILE_value(srvr, i); + + if (sprof->id == id) { + s->srtp_profile = sprof; + srtp_pref = i; + break; + } + } + } + + /* Now extract the MKI value as a sanity check, but discard it for now */ + if (!PACKET_get_1(pkt, &mki_len)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_USE_SRTP, + SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); + return 0; + } + + if (!PACKET_forward(pkt, mki_len) + || PACKET_remaining(pkt)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_USE_SRTP, + SSL_R_BAD_SRTP_MKI_VALUE); + return 0; + } + + return 1; +} +#endif + +int tls_parse_ctos_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx) +{ + if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC)) + s->ext.use_etm = 1; + + return 1; +} + +/* + * Process a psk_kex_modes extension received in the ClientHello. |pkt| contains + * the raw PACKET data for the extension. Returns 1 on success or 0 on failure. + */ +int tls_parse_ctos_psk_kex_modes(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) +{ +#ifndef OPENSSL_NO_TLS1_3 + PACKET psk_kex_modes; + unsigned int mode; + + if (!PACKET_as_length_prefixed_1(pkt, &psk_kex_modes) + || PACKET_remaining(&psk_kex_modes) == 0) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES, + SSL_R_BAD_EXTENSION); + return 0; + } + + while (PACKET_get_1(&psk_kex_modes, &mode)) { + if (mode == TLSEXT_KEX_MODE_KE_DHE) + s->ext.psk_kex_mode |= TLSEXT_KEX_MODE_FLAG_KE_DHE; + else if (mode == TLSEXT_KEX_MODE_KE + && (s->options & SSL_OP_ALLOW_NO_DHE_KEX) != 0) + s->ext.psk_kex_mode |= TLSEXT_KEX_MODE_FLAG_KE; + } +#endif + + return 1; +} + +/* + * Process a key_share extension received in the ClientHello. |pkt| contains + * the raw PACKET data for the extension. Returns 1 on success or 0 on failure. + */ +int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx) +{ +#ifndef OPENSSL_NO_TLS1_3 + unsigned int group_id; + PACKET key_share_list, encoded_pt; + const uint16_t *clntgroups, *srvrgroups; + size_t clnt_num_groups, srvr_num_groups; + int found = 0; + + if (s->hit && (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE) == 0) + return 1; + + /* Sanity check */ + if (s->s3->peer_tmp != NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_KEY_SHARE, + ERR_R_INTERNAL_ERROR); + return 0; + } + + if (!PACKET_as_length_prefixed_2(pkt, &key_share_list)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_KEY_SHARE, + SSL_R_LENGTH_MISMATCH); + return 0; + } + + /* Get our list of supported groups */ + tls1_get_supported_groups(s, &srvrgroups, &srvr_num_groups); + /* Get the clients list of supported groups. */ + tls1_get_peer_groups(s, &clntgroups, &clnt_num_groups); + if (clnt_num_groups == 0) { + /* + * This can only happen if the supported_groups extension was not sent, + * because we verify that the length is non-zero when we process that + * extension. + */ + SSLfatal(s, SSL_AD_MISSING_EXTENSION, SSL_F_TLS_PARSE_CTOS_KEY_SHARE, + SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION); + return 0; + } + + if (s->s3->group_id != 0 && PACKET_remaining(&key_share_list) == 0) { + /* + * If we set a group_id already, then we must have sent an HRR + * requesting a new key_share. If we haven't got one then that is an + * error + */ + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_CTOS_KEY_SHARE, + SSL_R_BAD_KEY_SHARE); + return 0; + } + + while (PACKET_remaining(&key_share_list) > 0) { + if (!PACKET_get_net_2(&key_share_list, &group_id) + || !PACKET_get_length_prefixed_2(&key_share_list, &encoded_pt) + || PACKET_remaining(&encoded_pt) == 0) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_KEY_SHARE, + SSL_R_LENGTH_MISMATCH); + return 0; + } + + /* + * If we already found a suitable key_share we loop through the + * rest to verify the structure, but don't process them. + */ + if (found) + continue; + + /* + * If we sent an HRR then the key_share sent back MUST be for the group + * we requested, and must be the only key_share sent. + */ + if (s->s3->group_id != 0 + && (group_id != s->s3->group_id + || PACKET_remaining(&key_share_list) != 0)) { + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, + SSL_F_TLS_PARSE_CTOS_KEY_SHARE, SSL_R_BAD_KEY_SHARE); + return 0; + } + + /* Check if this share is in supported_groups sent from client */ + if (!check_in_list(s, group_id, clntgroups, clnt_num_groups, 0)) { + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, + SSL_F_TLS_PARSE_CTOS_KEY_SHARE, SSL_R_BAD_KEY_SHARE); + return 0; + } + + /* Check if this share is for a group we can use */ + if (!check_in_list(s, group_id, srvrgroups, srvr_num_groups, 1)) { + /* Share not suitable */ + continue; + } + + if ((s->s3->peer_tmp = ssl_generate_param_group(group_id)) == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_KEY_SHARE, + SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); + return 0; + } + + s->s3->group_id = group_id; + + if (!EVP_PKEY_set1_tls_encodedpoint(s->s3->peer_tmp, + PACKET_data(&encoded_pt), + PACKET_remaining(&encoded_pt))) { + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, + SSL_F_TLS_PARSE_CTOS_KEY_SHARE, SSL_R_BAD_ECPOINT); + return 0; + } + + found = 1; + } +#endif + + return 1; +} + +int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx) +{ +#ifndef OPENSSL_NO_TLS1_3 + unsigned int format, version, key_share, group_id; + EVP_MD_CTX *hctx; + EVP_PKEY *pkey; + PACKET cookie, raw, chhash, appcookie; + WPACKET hrrpkt; + const unsigned char *data, *mdin, *ciphdata; + unsigned char hmac[SHA256_DIGEST_LENGTH]; + unsigned char hrr[MAX_HRR_SIZE]; + size_t rawlen, hmaclen, hrrlen, ciphlen; + unsigned long tm, now; + + /* Ignore any cookie if we're not set up to verify it */ + if (s->ctx->verify_stateless_cookie_cb == NULL + || (s->s3->flags & TLS1_FLAGS_STATELESS) == 0) + return 1; + + if (!PACKET_as_length_prefixed_2(pkt, &cookie)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE, + SSL_R_LENGTH_MISMATCH); + return 0; + } + + raw = cookie; + data = PACKET_data(&raw); + rawlen = PACKET_remaining(&raw); + if (rawlen < SHA256_DIGEST_LENGTH + || !PACKET_forward(&raw, rawlen - SHA256_DIGEST_LENGTH)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE, + SSL_R_LENGTH_MISMATCH); + return 0; + } + mdin = PACKET_data(&raw); + + /* Verify the HMAC of the cookie */ + hctx = EVP_MD_CTX_create(); + pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, + s->session_ctx->ext.cookie_hmac_key, + sizeof(s->session_ctx->ext + .cookie_hmac_key)); + if (hctx == NULL || pkey == NULL) { + EVP_MD_CTX_free(hctx); + EVP_PKEY_free(pkey); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE, + ERR_R_MALLOC_FAILURE); + return 0; + } + + hmaclen = SHA256_DIGEST_LENGTH; + if (EVP_DigestSignInit(hctx, NULL, EVP_sha256(), NULL, pkey) <= 0 + || EVP_DigestSign(hctx, hmac, &hmaclen, data, + rawlen - SHA256_DIGEST_LENGTH) <= 0 + || hmaclen != SHA256_DIGEST_LENGTH) { + EVP_MD_CTX_free(hctx); + EVP_PKEY_free(pkey); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE, + ERR_R_INTERNAL_ERROR); + return 0; + } + + EVP_MD_CTX_free(hctx); + EVP_PKEY_free(pkey); + + if (CRYPTO_memcmp(hmac, mdin, SHA256_DIGEST_LENGTH) != 0) { + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_CTOS_COOKIE, + SSL_R_COOKIE_MISMATCH); + return 0; + } + + if (!PACKET_get_net_2(&cookie, &format)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE, + SSL_R_LENGTH_MISMATCH); + return 0; + } + /* Check the cookie format is something we recognise. Ignore it if not */ + if (format != COOKIE_STATE_FORMAT_VERSION) + return 1; + + /* + * The rest of these checks really shouldn't fail since we have verified the + * HMAC above. + */ + + /* Check the version number is sane */ + if (!PACKET_get_net_2(&cookie, &version)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE, + SSL_R_LENGTH_MISMATCH); + return 0; + } + if (version != TLS1_3_VERSION) { + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_CTOS_COOKIE, + SSL_R_BAD_PROTOCOL_VERSION_NUMBER); + return 0; + } + + if (!PACKET_get_net_2(&cookie, &group_id)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE, + SSL_R_LENGTH_MISMATCH); + return 0; + } + + ciphdata = PACKET_data(&cookie); + if (!PACKET_forward(&cookie, 2)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE, + SSL_R_LENGTH_MISMATCH); + return 0; + } + if (group_id != s->s3->group_id + || s->s3->tmp.new_cipher + != ssl_get_cipher_by_char(s, ciphdata, 0)) { + /* + * We chose a different cipher or group id this time around to what is + * in the cookie. Something must have changed. + */ + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_CTOS_COOKIE, + SSL_R_BAD_CIPHER); + return 0; + } + + if (!PACKET_get_1(&cookie, &key_share) + || !PACKET_get_net_4(&cookie, &tm) + || !PACKET_get_length_prefixed_2(&cookie, &chhash) + || !PACKET_get_length_prefixed_1(&cookie, &appcookie) + || PACKET_remaining(&cookie) != SHA256_DIGEST_LENGTH) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE, + SSL_R_LENGTH_MISMATCH); + return 0; + } + + /* We tolerate a cookie age of up to 10 minutes (= 60 * 10 seconds) */ + now = (unsigned long)time(NULL); + if (tm > now || (now - tm) > 600) { + /* Cookie is stale. Ignore it */ + return 1; + } + + /* Verify the app cookie */ + if (s->ctx->verify_stateless_cookie_cb(s, PACKET_data(&appcookie), + PACKET_remaining(&appcookie)) == 0) { + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_CTOS_COOKIE, + SSL_R_COOKIE_MISMATCH); + return 0; + } + + /* + * Reconstruct the HRR that we would have sent in response to the original + * ClientHello so we can add it to the transcript hash. + * Note: This won't work with custom HRR extensions + */ + if (!WPACKET_init_static_len(&hrrpkt, hrr, sizeof(hrr), 0)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE, + ERR_R_INTERNAL_ERROR); + return 0; + } + if (!WPACKET_put_bytes_u8(&hrrpkt, SSL3_MT_SERVER_HELLO) + || !WPACKET_start_sub_packet_u24(&hrrpkt) + || !WPACKET_put_bytes_u16(&hrrpkt, TLS1_2_VERSION) + || !WPACKET_memcpy(&hrrpkt, hrrrandom, SSL3_RANDOM_SIZE) + || !WPACKET_sub_memcpy_u8(&hrrpkt, s->tmp_session_id, + s->tmp_session_id_len) + || !s->method->put_cipher_by_char(s->s3->tmp.new_cipher, &hrrpkt, + &ciphlen) + || !WPACKET_put_bytes_u8(&hrrpkt, 0) + || !WPACKET_start_sub_packet_u16(&hrrpkt)) { + WPACKET_cleanup(&hrrpkt); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE, + ERR_R_INTERNAL_ERROR); + return 0; + } + if (!WPACKET_put_bytes_u16(&hrrpkt, TLSEXT_TYPE_supported_versions) + || !WPACKET_start_sub_packet_u16(&hrrpkt) + || !WPACKET_put_bytes_u16(&hrrpkt, s->version) + || !WPACKET_close(&hrrpkt)) { + WPACKET_cleanup(&hrrpkt); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE, + ERR_R_INTERNAL_ERROR); + return 0; + } + if (key_share) { + if (!WPACKET_put_bytes_u16(&hrrpkt, TLSEXT_TYPE_key_share) + || !WPACKET_start_sub_packet_u16(&hrrpkt) + || !WPACKET_put_bytes_u16(&hrrpkt, s->s3->group_id) + || !WPACKET_close(&hrrpkt)) { + WPACKET_cleanup(&hrrpkt); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE, + ERR_R_INTERNAL_ERROR); + return 0; + } + } + if (!WPACKET_put_bytes_u16(&hrrpkt, TLSEXT_TYPE_cookie) + || !WPACKET_start_sub_packet_u16(&hrrpkt) + || !WPACKET_sub_memcpy_u16(&hrrpkt, data, rawlen) + || !WPACKET_close(&hrrpkt) /* cookie extension */ + || !WPACKET_close(&hrrpkt) /* extension block */ + || !WPACKET_close(&hrrpkt) /* message */ + || !WPACKET_get_total_written(&hrrpkt, &hrrlen) + || !WPACKET_finish(&hrrpkt)) { + WPACKET_cleanup(&hrrpkt); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE, + ERR_R_INTERNAL_ERROR); + return 0; + } + + /* Reconstruct the transcript hash */ + if (!create_synthetic_message_hash(s, PACKET_data(&chhash), + PACKET_remaining(&chhash), hrr, + hrrlen)) { + /* SSLfatal() already called */ + return 0; + } + + /* Act as if this ClientHello came after a HelloRetryRequest */ + s->hello_retry_request = 1; + + s->ext.cookieok = 1; +#endif + + return 1; +} + +#ifndef OPENSSL_NO_EC +int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) +{ + PACKET supported_groups_list; + + /* Each group is 2 bytes and we must have at least 1. */ + if (!PACKET_as_length_prefixed_2(pkt, &supported_groups_list) + || PACKET_remaining(&supported_groups_list) == 0 + || (PACKET_remaining(&supported_groups_list) % 2) != 0) { + SSLfatal(s, SSL_AD_DECODE_ERROR, + SSL_F_TLS_PARSE_CTOS_SUPPORTED_GROUPS, SSL_R_BAD_EXTENSION); + return 0; + } + + if (!s->hit || SSL_IS_TLS13(s)) { + OPENSSL_free(s->session->ext.supportedgroups); + s->session->ext.supportedgroups = NULL; + s->session->ext.supportedgroups_len = 0; + if (!tls1_save_u16(&supported_groups_list, + &s->session->ext.supportedgroups, + &s->session->ext.supportedgroups_len)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_PARSE_CTOS_SUPPORTED_GROUPS, + ERR_R_INTERNAL_ERROR); + return 0; + } + } + + return 1; +} +#endif + +int tls_parse_ctos_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx) +{ + /* The extension must always be empty */ + if (PACKET_remaining(pkt) != 0) { + SSLfatal(s, SSL_AD_DECODE_ERROR, + SSL_F_TLS_PARSE_CTOS_EMS, SSL_R_BAD_EXTENSION); + return 0; + } + + s->s3->flags |= TLS1_FLAGS_RECEIVED_EXTMS; + + return 1; +} + + +int tls_parse_ctos_early_data(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) +{ + if (PACKET_remaining(pkt) != 0) { + SSLfatal(s, SSL_AD_DECODE_ERROR, + SSL_F_TLS_PARSE_CTOS_EARLY_DATA, SSL_R_BAD_EXTENSION); + return 0; + } + + if (s->hello_retry_request != SSL_HRR_NONE) { + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, + SSL_F_TLS_PARSE_CTOS_EARLY_DATA, SSL_R_BAD_EXTENSION); + return 0; + } + + return 1; +} + +static SSL_TICKET_STATUS tls_get_stateful_ticket(SSL *s, PACKET *tick, + SSL_SESSION **sess) +{ + SSL_SESSION *tmpsess = NULL; + + s->ext.ticket_expected = 1; + + switch (PACKET_remaining(tick)) { + case 0: + return SSL_TICKET_EMPTY; + + case SSL_MAX_SSL_SESSION_ID_LENGTH: + break; + + default: + return SSL_TICKET_NO_DECRYPT; + } + + tmpsess = lookup_sess_in_cache(s, PACKET_data(tick), + SSL_MAX_SSL_SESSION_ID_LENGTH); + + if (tmpsess == NULL) + return SSL_TICKET_NO_DECRYPT; + + *sess = tmpsess; + return SSL_TICKET_SUCCESS; +} + +int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx) +{ + PACKET identities, binders, binder; + size_t binderoffset, hashsize; + SSL_SESSION *sess = NULL; + unsigned int id, i, ext = 0; + const EVP_MD *md = NULL; + + /* + * If we have no PSK kex mode that we recognise then we can't resume so + * ignore this extension + */ + if ((s->ext.psk_kex_mode + & (TLSEXT_KEX_MODE_FLAG_KE | TLSEXT_KEX_MODE_FLAG_KE_DHE)) == 0) + return 1; + + if (!PACKET_get_length_prefixed_2(pkt, &identities)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, + SSL_F_TLS_PARSE_CTOS_PSK, SSL_R_BAD_EXTENSION); + return 0; + } + + s->ext.ticket_expected = 0; + for (id = 0; PACKET_remaining(&identities) != 0; id++) { + PACKET identity; + unsigned long ticket_agel; + size_t idlen; + + if (!PACKET_get_length_prefixed_2(&identities, &identity) + || !PACKET_get_net_4(&identities, &ticket_agel)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, + SSL_F_TLS_PARSE_CTOS_PSK, SSL_R_BAD_EXTENSION); + return 0; + } + + idlen = PACKET_remaining(&identity); + if (s->psk_find_session_cb != NULL + && !s->psk_find_session_cb(s, PACKET_data(&identity), idlen, + &sess)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_PARSE_CTOS_PSK, SSL_R_BAD_EXTENSION); + return 0; + } + +#ifndef OPENSSL_NO_PSK + if(sess == NULL + && s->psk_server_callback != NULL + && idlen <= PSK_MAX_IDENTITY_LEN) { + char *pskid = NULL; + unsigned char pskdata[PSK_MAX_PSK_LEN]; + unsigned int pskdatalen; + + if (!PACKET_strndup(&identity, &pskid)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_PSK, + ERR_R_INTERNAL_ERROR); + return 0; + } + pskdatalen = s->psk_server_callback(s, pskid, pskdata, + sizeof(pskdata)); + OPENSSL_free(pskid); + if (pskdatalen > PSK_MAX_PSK_LEN) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_PSK, + ERR_R_INTERNAL_ERROR); + return 0; + } else if (pskdatalen > 0) { + const SSL_CIPHER *cipher; + const unsigned char tls13_aes128gcmsha256_id[] = { 0x13, 0x01 }; + + /* + * We found a PSK using an old style callback. We don't know + * the digest so we default to SHA256 as per the TLSv1.3 spec + */ + cipher = SSL_CIPHER_find(s, tls13_aes128gcmsha256_id); + if (cipher == NULL) { + OPENSSL_cleanse(pskdata, pskdatalen); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_PSK, + ERR_R_INTERNAL_ERROR); + return 0; + } + + sess = SSL_SESSION_new(); + if (sess == NULL + || !SSL_SESSION_set1_master_key(sess, pskdata, + pskdatalen) + || !SSL_SESSION_set_cipher(sess, cipher) + || !SSL_SESSION_set_protocol_version(sess, + TLS1_3_VERSION)) { + OPENSSL_cleanse(pskdata, pskdatalen); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_PSK, + ERR_R_INTERNAL_ERROR); + goto err; + } + OPENSSL_cleanse(pskdata, pskdatalen); + } + } +#endif /* OPENSSL_NO_PSK */ + + if (sess != NULL) { + /* We found a PSK */ + SSL_SESSION *sesstmp = ssl_session_dup(sess, 0); + + if (sesstmp == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_PARSE_CTOS_PSK, ERR_R_INTERNAL_ERROR); + return 0; + } + SSL_SESSION_free(sess); + sess = sesstmp; + + /* + * We've just been told to use this session for this context so + * make sure the sid_ctx matches up. + */ + memcpy(sess->sid_ctx, s->sid_ctx, s->sid_ctx_length); + sess->sid_ctx_length = s->sid_ctx_length; + ext = 1; + if (id == 0) + s->ext.early_data_ok = 1; + s->ext.ticket_expected = 1; + } else { + uint32_t ticket_age = 0, now, agesec, agems; + int ret; + + /* + * If we are using anti-replay protection then we behave as if + * SSL_OP_NO_TICKET is set - we are caching tickets anyway so there + * is no point in using full stateless tickets. + */ + if ((s->options & SSL_OP_NO_TICKET) != 0 + || (s->max_early_data > 0 + && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0)) + ret = tls_get_stateful_ticket(s, &identity, &sess); + else + ret = tls_decrypt_ticket(s, PACKET_data(&identity), + PACKET_remaining(&identity), NULL, 0, + &sess); + + if (ret == SSL_TICKET_EMPTY) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_PSK, + SSL_R_BAD_EXTENSION); + return 0; + } + + if (ret == SSL_TICKET_FATAL_ERR_MALLOC + || ret == SSL_TICKET_FATAL_ERR_OTHER) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_PARSE_CTOS_PSK, ERR_R_INTERNAL_ERROR); + return 0; + } + if (ret == SSL_TICKET_NONE || ret == SSL_TICKET_NO_DECRYPT) + continue; + + /* Check for replay */ + if (s->max_early_data > 0 + && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0 + && !SSL_CTX_remove_session(s->session_ctx, sess)) { + SSL_SESSION_free(sess); + sess = NULL; + continue; + } + + ticket_age = (uint32_t)ticket_agel; + now = (uint32_t)time(NULL); + agesec = now - (uint32_t)sess->time; + agems = agesec * (uint32_t)1000; + ticket_age -= sess->ext.tick_age_add; + + /* + * For simplicity we do our age calculations in seconds. If the + * client does it in ms then it could appear that their ticket age + * is longer than ours (our ticket age calculation should always be + * slightly longer than the client's due to the network latency). + * Therefore we add 1000ms to our age calculation to adjust for + * rounding errors. + */ + if (id == 0 + && sess->timeout >= (long)agesec + && agems / (uint32_t)1000 == agesec + && ticket_age <= agems + 1000 + && ticket_age + TICKET_AGE_ALLOWANCE >= agems + 1000) { + /* + * Ticket age is within tolerance and not expired. We allow it + * for early data + */ + s->ext.early_data_ok = 1; + } + } + + md = ssl_md(sess->cipher->algorithm2); + if (md != ssl_md(s->s3->tmp.new_cipher->algorithm2)) { + /* The ciphersuite is not compatible with this session. */ + SSL_SESSION_free(sess); + sess = NULL; + s->ext.early_data_ok = 0; + s->ext.ticket_expected = 0; + continue; + } + break; + } + + if (sess == NULL) + return 1; + + binderoffset = PACKET_data(pkt) - (const unsigned char *)s->init_buf->data; + hashsize = EVP_MD_size(md); + + if (!PACKET_get_length_prefixed_2(pkt, &binders)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_PSK, + SSL_R_BAD_EXTENSION); + goto err; + } + + for (i = 0; i <= id; i++) { + if (!PACKET_get_length_prefixed_1(&binders, &binder)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_PSK, + SSL_R_BAD_EXTENSION); + goto err; + } + } + + if (PACKET_remaining(&binder) != hashsize) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_PSK, + SSL_R_BAD_EXTENSION); + goto err; + } + if (tls_psk_do_binder(s, md, (const unsigned char *)s->init_buf->data, + binderoffset, PACKET_data(&binder), NULL, sess, 0, + ext) != 1) { + /* SSLfatal() already called */ + goto err; + } + + sess->ext.tick_identity = id; + + SSL_SESSION_free(s->session); + s->session = sess; + return 1; +err: + SSL_SESSION_free(sess); + return 0; +} + +int tls_parse_ctos_post_handshake_auth(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) +{ + if (PACKET_remaining(pkt) != 0) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_POST_HANDSHAKE_AUTH, + SSL_R_POST_HANDSHAKE_AUTH_ENCODING_ERR); + return 0; + } + + s->post_handshake_auth = SSL_PHA_EXT_RECEIVED; + + return 1; +} + +/* + * Add the server's renegotiation binding + */ +EXT_RETURN tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx) +{ + if (!s->s3->send_connection_binding) + return EXT_RETURN_NOT_SENT; + + /* Still add this even if SSL_OP_NO_RENEGOTIATION is set */ + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_renegotiate) + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_start_sub_packet_u8(pkt) + || !WPACKET_memcpy(pkt, s->s3->previous_client_finished, + s->s3->previous_client_finished_len) + || !WPACKET_memcpy(pkt, s->s3->previous_server_finished, + s->s3->previous_server_finished_len) + || !WPACKET_close(pkt) + || !WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + return EXT_RETURN_SENT; +} + +EXT_RETURN tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx) +{ + if (s->hit || s->servername_done != 1 + || s->ext.hostname == NULL) + return EXT_RETURN_NOT_SENT; + + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_server_name) + || !WPACKET_put_bytes_u16(pkt, 0)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + return EXT_RETURN_SENT; +} + +/* Add/include the server's max fragment len extension into ServerHello */ +EXT_RETURN tls_construct_stoc_maxfragmentlen(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx) +{ + if (!USE_MAX_FRAGMENT_LENGTH_EXT(s->session)) + return EXT_RETURN_NOT_SENT; + + /*- + * 4 bytes for this extension type and extension length + * 1 byte for the Max Fragment Length code value. + */ + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_max_fragment_length) + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_put_bytes_u8(pkt, s->session->ext.max_fragment_len_mode) + || !WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_STOC_MAXFRAGMENTLEN, ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + return EXT_RETURN_SENT; +} + +#ifndef OPENSSL_NO_EC +EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx) +{ + unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; + unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; + int using_ecc = ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)) + && (s->session->ext.ecpointformats != NULL); + const unsigned char *plist; + size_t plistlen; + + if (!using_ecc) + return EXT_RETURN_NOT_SENT; + + tls1_get_formatlist(s, &plist, &plistlen); + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_ec_point_formats) + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_sub_memcpy_u8(pkt, plist, plistlen) + || !WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_STOC_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + return EXT_RETURN_SENT; +} +#endif + +#ifndef OPENSSL_NO_EC +EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx) +{ + const uint16_t *groups; + size_t numgroups, i, first = 1; + + /* s->s3->group_id is non zero if we accepted a key_share */ + if (s->s3->group_id == 0) + return EXT_RETURN_NOT_SENT; + + /* Get our list of supported groups */ + tls1_get_supported_groups(s, &groups, &numgroups); + if (numgroups == 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS, ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + /* Copy group ID if supported */ + for (i = 0; i < numgroups; i++) { + uint16_t group = groups[i]; + + if (tls_curve_allowed(s, group, SSL_SECOP_CURVE_SUPPORTED)) { + if (first) { + /* + * Check if the client is already using our preferred group. If + * so we don't need to add this extension + */ + if (s->s3->group_id == group) + return EXT_RETURN_NOT_SENT; + + /* Add extension header */ + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_groups) + /* Sub-packet for supported_groups extension */ + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_start_sub_packet_u16(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + first = 0; + } + if (!WPACKET_put_bytes_u16(pkt, group)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + } + } + + if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + return EXT_RETURN_SENT; +} +#endif + +EXT_RETURN tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx) +{ + if (!s->ext.ticket_expected || !tls_use_ticket(s)) { + s->ext.ticket_expected = 0; + return EXT_RETURN_NOT_SENT; + } + + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_session_ticket) + || !WPACKET_put_bytes_u16(pkt, 0)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET, ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + return EXT_RETURN_SENT; +} + +#ifndef OPENSSL_NO_OCSP +EXT_RETURN tls_construct_stoc_status_request(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx) +{ + if (!s->ext.status_expected) + return EXT_RETURN_NOT_SENT; + + if (SSL_IS_TLS13(s) && chainidx != 0) + return EXT_RETURN_NOT_SENT; + + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_status_request) + || !WPACKET_start_sub_packet_u16(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST, ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + /* + * In TLSv1.3 we include the certificate status itself. In <= TLSv1.2 we + * send back an empty extension, with the certificate status appearing as a + * separate message + */ + if (SSL_IS_TLS13(s) && !tls_construct_cert_status_body(s, pkt)) { + /* SSLfatal() already called */ + return EXT_RETURN_FAIL; + } + if (!WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST, ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + return EXT_RETURN_SENT; +} +#endif + +#ifndef OPENSSL_NO_NEXTPROTONEG +EXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx) +{ + const unsigned char *npa; + unsigned int npalen; + int ret; + int npn_seen = s->s3->npn_seen; + + s->s3->npn_seen = 0; + if (!npn_seen || s->ctx->ext.npn_advertised_cb == NULL) + return EXT_RETURN_NOT_SENT; + + ret = s->ctx->ext.npn_advertised_cb(s, &npa, &npalen, + s->ctx->ext.npn_advertised_cb_arg); + if (ret == SSL_TLSEXT_ERR_OK) { + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_next_proto_neg) + || !WPACKET_sub_memcpy_u16(pkt, npa, npalen)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + s->s3->npn_seen = 1; + } + + return EXT_RETURN_SENT; +} +#endif + +EXT_RETURN tls_construct_stoc_alpn(SSL *s, WPACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) +{ + if (s->s3->alpn_selected == NULL) + return EXT_RETURN_NOT_SENT; + + if (!WPACKET_put_bytes_u16(pkt, + TLSEXT_TYPE_application_layer_protocol_negotiation) + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_sub_memcpy_u8(pkt, s->s3->alpn_selected, + s->s3->alpn_selected_len) + || !WPACKET_close(pkt) + || !WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_STOC_ALPN, ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + return EXT_RETURN_SENT; +} + +#ifndef OPENSSL_NO_SRTP +EXT_RETURN tls_construct_stoc_use_srtp(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx) +{ + if (s->srtp_profile == NULL) + return EXT_RETURN_NOT_SENT; + + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_use_srtp) + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_put_bytes_u16(pkt, 2) + || !WPACKET_put_bytes_u16(pkt, s->srtp_profile->id) + || !WPACKET_put_bytes_u8(pkt, 0) + || !WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_USE_SRTP, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + return EXT_RETURN_SENT; +} +#endif + +EXT_RETURN tls_construct_stoc_etm(SSL *s, WPACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) +{ + if (!s->ext.use_etm) + return EXT_RETURN_NOT_SENT; + + /* + * Don't use encrypt_then_mac if AEAD or RC4 might want to disable + * for other cases too. + */ + if (s->s3->tmp.new_cipher->algorithm_mac == SSL_AEAD + || s->s3->tmp.new_cipher->algorithm_enc == SSL_RC4 + || s->s3->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT + || s->s3->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT12) { + s->ext.use_etm = 0; + return EXT_RETURN_NOT_SENT; + } + + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_encrypt_then_mac) + || !WPACKET_put_bytes_u16(pkt, 0)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_ETM, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + return EXT_RETURN_SENT; +} + +EXT_RETURN tls_construct_stoc_ems(SSL *s, WPACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) +{ + if ((s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0) + return EXT_RETURN_NOT_SENT; + + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret) + || !WPACKET_put_bytes_u16(pkt, 0)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_EMS, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + return EXT_RETURN_SENT; +} + +EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx) +{ + if (!ossl_assert(SSL_IS_TLS13(s))) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_versions) + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_put_bytes_u16(pkt, s->version) + || !WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + return EXT_RETURN_SENT; +} + +EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx) +{ +#ifndef OPENSSL_NO_TLS1_3 + unsigned char *encodedPoint; + size_t encoded_pt_len = 0; + EVP_PKEY *ckey = s->s3->peer_tmp, *skey = NULL; + + if (s->hello_retry_request == SSL_HRR_PENDING) { + if (ckey != NULL) { + /* Original key_share was acceptable so don't ask for another one */ + return EXT_RETURN_NOT_SENT; + } + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_key_share) + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_put_bytes_u16(pkt, s->s3->group_id) + || !WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + return EXT_RETURN_SENT; + } + + if (ckey == NULL) { + /* No key_share received from client - must be resuming */ + if (!s->hit || !tls13_generate_handshake_secret(s, NULL, 0)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE, ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + return EXT_RETURN_NOT_SENT; + } + + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_key_share) + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_put_bytes_u16(pkt, s->s3->group_id)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE, ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + skey = ssl_generate_pkey(ckey); + if (skey == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE, + ERR_R_MALLOC_FAILURE); + return EXT_RETURN_FAIL; + } + + /* Generate encoding of server key */ + encoded_pt_len = EVP_PKEY_get1_tls_encodedpoint(skey, &encodedPoint); + if (encoded_pt_len == 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE, + ERR_R_EC_LIB); + EVP_PKEY_free(skey); + return EXT_RETURN_FAIL; + } + + if (!WPACKET_sub_memcpy_u16(pkt, encodedPoint, encoded_pt_len) + || !WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE, + ERR_R_INTERNAL_ERROR); + EVP_PKEY_free(skey); + OPENSSL_free(encodedPoint); + return EXT_RETURN_FAIL; + } + OPENSSL_free(encodedPoint); + + /* This causes the crypto state to be updated based on the derived keys */ + s->s3->tmp.pkey = skey; + if (ssl_derive(s, skey, ckey, 1) == 0) { + /* SSLfatal() already called */ + return EXT_RETURN_FAIL; + } + return EXT_RETURN_SENT; +#else + return EXT_RETURN_FAIL; +#endif +} + +EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) +{ +#ifndef OPENSSL_NO_TLS1_3 + unsigned char *hashval1, *hashval2, *appcookie1, *appcookie2, *cookie; + unsigned char *hmac, *hmac2; + size_t startlen, ciphlen, totcookielen, hashlen, hmaclen, appcookielen; + EVP_MD_CTX *hctx; + EVP_PKEY *pkey; + int ret = EXT_RETURN_FAIL; + + if ((s->s3->flags & TLS1_FLAGS_STATELESS) == 0) + return EXT_RETURN_NOT_SENT; + + if (s->ctx->gen_stateless_cookie_cb == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE, + SSL_R_NO_COOKIE_CALLBACK_SET); + return EXT_RETURN_FAIL; + } + + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_cookie) + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_get_total_written(pkt, &startlen) + || !WPACKET_reserve_bytes(pkt, MAX_COOKIE_SIZE, &cookie) + || !WPACKET_put_bytes_u16(pkt, COOKIE_STATE_FORMAT_VERSION) + || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION) + || !WPACKET_put_bytes_u16(pkt, s->s3->group_id) + || !s->method->put_cipher_by_char(s->s3->tmp.new_cipher, pkt, + &ciphlen) + /* Is there a key_share extension present in this HRR? */ + || !WPACKET_put_bytes_u8(pkt, s->s3->peer_tmp == NULL) + || !WPACKET_put_bytes_u32(pkt, (unsigned int)time(NULL)) + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_reserve_bytes(pkt, EVP_MAX_MD_SIZE, &hashval1)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + /* + * Get the hash of the initial ClientHello. ssl_handshake_hash() operates + * on raw buffers, so we first reserve sufficient bytes (above) and then + * subsequently allocate them (below) + */ + if (!ssl3_digest_cached_records(s, 0) + || !ssl_handshake_hash(s, hashval1, EVP_MAX_MD_SIZE, &hashlen)) { + /* SSLfatal() already called */ + return EXT_RETURN_FAIL; + } + + if (!WPACKET_allocate_bytes(pkt, hashlen, &hashval2) + || !ossl_assert(hashval1 == hashval2) + || !WPACKET_close(pkt) + || !WPACKET_start_sub_packet_u8(pkt) + || !WPACKET_reserve_bytes(pkt, SSL_COOKIE_LENGTH, &appcookie1)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + /* Generate the application cookie */ + if (s->ctx->gen_stateless_cookie_cb(s, appcookie1, &appcookielen) == 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE, + SSL_R_COOKIE_GEN_CALLBACK_FAILURE); + return EXT_RETURN_FAIL; + } + + if (!WPACKET_allocate_bytes(pkt, appcookielen, &appcookie2) + || !ossl_assert(appcookie1 == appcookie2) + || !WPACKET_close(pkt) + || !WPACKET_get_total_written(pkt, &totcookielen) + || !WPACKET_reserve_bytes(pkt, SHA256_DIGEST_LENGTH, &hmac)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + hmaclen = SHA256_DIGEST_LENGTH; + + totcookielen -= startlen; + if (!ossl_assert(totcookielen <= MAX_COOKIE_SIZE - SHA256_DIGEST_LENGTH)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + /* HMAC the cookie */ + hctx = EVP_MD_CTX_create(); + pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, + s->session_ctx->ext.cookie_hmac_key, + sizeof(s->session_ctx->ext + .cookie_hmac_key)); + if (hctx == NULL || pkey == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE, + ERR_R_MALLOC_FAILURE); + goto err; + } + + if (EVP_DigestSignInit(hctx, NULL, EVP_sha256(), NULL, pkey) <= 0 + || EVP_DigestSign(hctx, hmac, &hmaclen, cookie, + totcookielen) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE, + ERR_R_INTERNAL_ERROR); + goto err; + } + + if (!ossl_assert(totcookielen + hmaclen <= MAX_COOKIE_SIZE)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE, + ERR_R_INTERNAL_ERROR); + goto err; + } + + if (!WPACKET_allocate_bytes(pkt, hmaclen, &hmac2) + || !ossl_assert(hmac == hmac2) + || !ossl_assert(cookie == hmac - totcookielen) + || !WPACKET_close(pkt) + || !WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE, + ERR_R_INTERNAL_ERROR); + goto err; + } + + ret = EXT_RETURN_SENT; + + err: + EVP_MD_CTX_free(hctx); + EVP_PKEY_free(pkey); + return ret; +#else + return EXT_RETURN_FAIL; +#endif +} + +EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx) +{ + const unsigned char cryptopro_ext[36] = { + 0xfd, 0xe8, /* 65000 */ + 0x00, 0x20, /* 32 bytes length */ + 0x30, 0x1e, 0x30, 0x08, 0x06, 0x06, 0x2a, 0x85, + 0x03, 0x02, 0x02, 0x09, 0x30, 0x08, 0x06, 0x06, + 0x2a, 0x85, 0x03, 0x02, 0x02, 0x16, 0x30, 0x08, + 0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x17 + }; + + if (((s->s3->tmp.new_cipher->id & 0xFFFF) != 0x80 + && (s->s3->tmp.new_cipher->id & 0xFFFF) != 0x81) + || (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG) == 0) + return EXT_RETURN_NOT_SENT; + + if (!WPACKET_memcpy(pkt, cryptopro_ext, sizeof(cryptopro_ext))) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG, ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + return EXT_RETURN_SENT; +} + +EXT_RETURN tls_construct_stoc_early_data(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx) +{ + if (context == SSL_EXT_TLS1_3_NEW_SESSION_TICKET) { + if (s->max_early_data == 0) + return EXT_RETURN_NOT_SENT; + + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_early_data) + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_put_bytes_u32(pkt, s->max_early_data) + || !WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA, ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + return EXT_RETURN_SENT; + } + + if (s->ext.early_data != SSL_EARLY_DATA_ACCEPTED) + return EXT_RETURN_NOT_SENT; + + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_early_data) + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA, + ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + return EXT_RETURN_SENT; +} + +EXT_RETURN tls_construct_stoc_psk(SSL *s, WPACKET *pkt, unsigned int context, + X509 *x, size_t chainidx) +{ + if (!s->hit) + return EXT_RETURN_NOT_SENT; + + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_psk) + || !WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_put_bytes_u16(pkt, s->session->ext.tick_identity) + || !WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_STOC_PSK, ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + + return EXT_RETURN_SENT; +} diff --git a/deps/openssl/openssl/ssl/statem/statem.c b/deps/openssl/openssl/ssl/statem/statem.c index 69bb40f00e114f..f76c0e48034b8f 100644 --- a/deps/openssl/openssl/ssl/statem/statem.c +++ b/deps/openssl/openssl/ssl/statem/statem.c @@ -7,9 +7,11 @@ * https://www.openssl.org/source/license.html */ +#include "internal/cryptlib.h" #include #include "../ssl_locl.h" #include "statem_locl.h" +#include /* * This file implements the SSL/TLS/DTLS state machines. @@ -66,17 +68,17 @@ OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl) return ssl->statem.hand_state; } -int SSL_in_init(SSL *s) +int SSL_in_init(const SSL *s) { return s->statem.in_init; } -int SSL_is_init_finished(SSL *s) +int SSL_is_init_finished(const SSL *s) { return !(s->statem.in_init) && (s->statem.hand_state == TLS_ST_OK); } -int SSL_in_before(SSL *s) +int SSL_in_before(const SSL *s) { /* * Historically being "in before" meant before anything had happened. In the @@ -105,19 +107,41 @@ void ossl_statem_clear(SSL *s) */ void ossl_statem_set_renegotiate(SSL *s) { - s->statem.state = MSG_FLOW_RENEGOTIATE; s->statem.in_init = 1; + s->statem.request_state = TLS_ST_SW_HELLO_REQ; } /* - * Put the state machine into an error state. This is a permanent error for - * the current connection. + * Put the state machine into an error state and send an alert if appropriate. + * This is a permanent error for the current connection. */ -void ossl_statem_set_error(SSL *s) +void ossl_statem_fatal(SSL *s, int al, int func, int reason, const char *file, + int line) { + ERR_put_error(ERR_LIB_SSL, func, reason, file, line); + /* We shouldn't call SSLfatal() twice. Once is enough */ + if (s->statem.in_init && s->statem.state == MSG_FLOW_ERROR) + return; + s->statem.in_init = 1; s->statem.state = MSG_FLOW_ERROR; + if (al != SSL_AD_NO_ALERT + && s->statem.enc_write_state != ENC_WRITE_STATE_INVALID) + ssl3_send_alert(s, SSL3_AL_FATAL, al); } +/* + * This macro should only be called if we are already expecting to be in + * a fatal error state. We verify that we are, and set it if not (this would + * indicate a bug). + */ +#define check_fatal(s, f) \ + do { \ + if (!ossl_assert((s)->statem.in_init \ + && (s)->statem.state == MSG_FLOW_ERROR)) \ + SSLfatal(s, SSL_AD_INTERNAL_ERROR, (f), \ + SSL_R_MISSING_FATAL); \ + } while (0) + /* * Discover whether the current connection is in the error state. * @@ -151,6 +175,62 @@ void ossl_statem_set_in_handshake(SSL *s, int inhand) s->statem.in_handshake--; } +/* Are we in a sensible state to skip over unreadable early data? */ +int ossl_statem_skip_early_data(SSL *s) +{ + if (s->ext.early_data != SSL_EARLY_DATA_REJECTED) + return 0; + + if (!s->server + || s->statem.hand_state != TLS_ST_EARLY_DATA + || s->hello_retry_request == SSL_HRR_COMPLETE) + return 0; + + return 1; +} + +/* + * Called when we are in SSL_read*(), SSL_write*(), or SSL_accept() + * /SSL_connect()/SSL_do_handshake(). Used to test whether we are in an early + * data state and whether we should attempt to move the handshake on if so. + * |sending| is 1 if we are attempting to send data (SSL_write*()), 0 if we are + * attempting to read data (SSL_read*()), or -1 if we are in SSL_do_handshake() + * or similar. + */ +void ossl_statem_check_finish_init(SSL *s, int sending) +{ + if (sending == -1) { + if (s->statem.hand_state == TLS_ST_PENDING_EARLY_DATA_END + || s->statem.hand_state == TLS_ST_EARLY_DATA) { + ossl_statem_set_in_init(s, 1); + if (s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) { + /* + * SSL_connect() or SSL_do_handshake() has been called directly. + * We don't allow any more writing of early data. + */ + s->early_data_state = SSL_EARLY_DATA_FINISHED_WRITING; + } + } + } else if (!s->server) { + if ((sending && (s->statem.hand_state == TLS_ST_PENDING_EARLY_DATA_END + || s->statem.hand_state == TLS_ST_EARLY_DATA) + && s->early_data_state != SSL_EARLY_DATA_WRITING) + || (!sending && s->statem.hand_state == TLS_ST_EARLY_DATA)) { + ossl_statem_set_in_init(s, 1); + /* + * SSL_write() has been called directly. We don't allow any more + * writing of early data. + */ + if (sending && s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) + s->early_data_state = SSL_EARLY_DATA_FINISHED_WRITING; + } + } else { + if (s->early_data_state == SSL_EARLY_DATA_FINISHED_READING + && s->statem.hand_state == TLS_ST_EARLY_DATA) + ossl_statem_set_in_init(s, 1); + } +} + void ossl_statem_set_hello_verify_done(SSL *s) { s->statem.state = MSG_FLOW_UNINITED; @@ -189,10 +269,10 @@ static info_cb get_callback(SSL *s) /* * The main message flow state machine. We start in the MSG_FLOW_UNINITED or - * MSG_FLOW_RENEGOTIATE state and finish in MSG_FLOW_FINISHED. Valid states and + * MSG_FLOW_FINISHED state and finish in MSG_FLOW_FINISHED. Valid states and * transitions are as follows: * - * MSG_FLOW_UNINITED MSG_FLOW_RENEGOTIATE + * MSG_FLOW_UNINITED MSG_FLOW_FINISHED * | | * +-----------------------+ * v @@ -218,7 +298,6 @@ static info_cb get_callback(SSL *s) static int state_machine(SSL *s, int server) { BUF_MEM *buf = NULL; - unsigned long Time = (unsigned long)time(NULL); void (*cb) (const SSL *ssl, int type, int val) = NULL; OSSL_STATEM *st = &s->statem; int ret = -1; @@ -229,7 +308,6 @@ static int state_machine(SSL *s, int server) return -1; } - RAND_add(&Time, sizeof(Time), 0); ERR_clear_error(); clear_sys_error(); @@ -237,7 +315,11 @@ static int state_machine(SSL *s, int server) st->in_handshake++; if (!SSL_in_init(s) || SSL_in_before(s)) { - if (!SSL_clear(s)) + /* + * If we are stateless then we already called SSL_clear() - don't do + * it again and clear the STATELESS flag itself. + */ + if ((s->s3->flags & TLS1_FLAGS_STATELESS) == 0 && !SSL_clear(s)) return -1; } #ifndef OPENSSL_NO_SCTP @@ -251,60 +333,54 @@ static int state_machine(SSL *s, int server) } #endif -#ifndef OPENSSL_NO_HEARTBEATS - /* - * If we're awaiting a HeartbeatResponse, pretend we already got and - * don't await it anymore, because Heartbeats don't make sense during - * handshakes anyway. - */ - if (s->tlsext_hb_pending) { - if (SSL_IS_DTLS(s)) - dtls1_stop_timer(s); - s->tlsext_hb_pending = 0; - s->tlsext_hb_seq++; - } -#endif - /* Initialise state machine */ - - if (st->state == MSG_FLOW_RENEGOTIATE) { - s->renegotiate = 1; - if (!server) - s->ctx->stats.sess_connect_renegotiate++; - } - - if (st->state == MSG_FLOW_UNINITED || st->state == MSG_FLOW_RENEGOTIATE) { + if (st->state == MSG_FLOW_UNINITED + || st->state == MSG_FLOW_FINISHED) { if (st->state == MSG_FLOW_UNINITED) { st->hand_state = TLS_ST_BEFORE; + st->request_state = TLS_ST_BEFORE; } s->server = server; if (cb != NULL) cb(s, SSL_CB_HANDSHAKE_START, 1); + /* + * Fatal errors in this block don't send an alert because we have + * failed to even initialise properly. Sending an alert is probably + * doomed to failure. + */ + if (SSL_IS_DTLS(s)) { if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00) && (server || (s->version & 0xff00) != (DTLS1_BAD_VER & 0xff00))) { - SSLerr(SSL_F_STATE_MACHINE, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_STATE_MACHINE, + ERR_R_INTERNAL_ERROR); goto end; } } else { if ((s->version >> 8) != SSL3_VERSION_MAJOR) { - SSLerr(SSL_F_STATE_MACHINE, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_STATE_MACHINE, + ERR_R_INTERNAL_ERROR); goto end; } } if (!ssl_security(s, SSL_SECOP_VERSION, 0, s->version, NULL)) { - SSLerr(SSL_F_STATE_MACHINE, SSL_R_VERSION_TOO_LOW); + SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_STATE_MACHINE, + ERR_R_INTERNAL_ERROR); goto end; } if (s->init_buf == NULL) { if ((buf = BUF_MEM_new()) == NULL) { + SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_STATE_MACHINE, + ERR_R_INTERNAL_ERROR); goto end; } if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) { + SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_STATE_MACHINE, + ERR_R_INTERNAL_ERROR); goto end; } s->init_buf = buf; @@ -312,6 +388,8 @@ static int state_machine(SSL *s, int server) } if (!ssl3_setup_buffers(s)) { + SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_STATE_MACHINE, + ERR_R_INTERNAL_ERROR); goto end; } s->init_num = 0; @@ -329,65 +407,24 @@ static int state_machine(SSL *s, int server) if (!SSL_IS_DTLS(s) || !BIO_dgram_is_sctp(SSL_get_wbio(s))) #endif if (!ssl_init_wbio_buffer(s)) { + SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_STATE_MACHINE, + ERR_R_INTERNAL_ERROR); goto end; } - if (!server || st->state != MSG_FLOW_RENEGOTIATE) { - if (!ssl3_init_finished_mac(s)) { - ossl_statem_set_error(s); - goto end; - } - } - - if (server) { - if (st->state != MSG_FLOW_RENEGOTIATE) { - s->ctx->stats.sess_accept++; - } else if ((s->options & SSL_OP_NO_RENEGOTIATION)) { - /* - * Shouldn't happen? The record layer should have prevented this - */ - SSLerr(SSL_F_STATE_MACHINE, ERR_R_INTERNAL_ERROR); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); - ossl_statem_set_error(s); + if ((SSL_in_before(s)) + || s->renegotiate) { + if (!tls_setup_handshake(s)) { + /* SSLfatal() already called */ goto end; - } else if (!s->s3->send_connection_binding && - !(s->options & - SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) { - /* - * Server attempting to renegotiate with client that doesn't - * support secure renegotiation. - */ - SSLerr(SSL_F_STATE_MACHINE, - SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); - ossl_statem_set_error(s); - goto end; - } else { - /* - * st->state == MSG_FLOW_RENEGOTIATE, we will just send a - * HelloRequest - */ - s->ctx->stats.sess_accept_renegotiate++; } - s->s3->tmp.cert_request = 0; - } else { - s->ctx->stats.sess_connect++; - - /* mark client_random uninitialized */ - memset(s->s3->client_random, 0, sizeof(s->s3->client_random)); - s->hit = 0; - - s->s3->tmp.cert_req = 0; - - if (SSL_IS_DTLS(s)) { - st->use_timer = 1; - } + if (SSL_IS_FIRST_HANDSHAKE(s)) + st->read_state_first_init = 1; } st->state = MSG_FLOW_WRITING; init_write_state_machine(s); - st->read_state_first_init = 1; } while (st->state != MSG_FLOW_FINISHED) { @@ -413,12 +450,12 @@ static int state_machine(SSL *s, int server) } } else { /* Error */ - ossl_statem_set_error(s); + check_fatal(s, SSL_F_STATE_MACHINE); + SSLerr(SSL_F_STATE_MACHINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); goto end; } } - st->state = MSG_FLOW_UNINITED; ret = 1; end: @@ -500,12 +537,12 @@ static SUB_STATE_RETURN read_state_machine(SSL *s) { OSSL_STATEM *st = &s->statem; int ret, mt; - unsigned long len = 0; + size_t len = 0; int (*transition) (SSL *s, int mt); PACKET pkt; MSG_PROCESS_RETURN(*process_message) (SSL *s, PACKET *pkt); WORK_STATE(*post_process_message) (SSL *s, WORK_STATE wst); - unsigned long (*max_message_size) (SSL *s); + size_t (*max_message_size) (SSL *s); void (*cb) (const SSL *ssl, int type, int val) = NULL; cb = get_callback(s); @@ -560,8 +597,8 @@ static SUB_STATE_RETURN read_state_machine(SSL *s) return SUB_STATE_ERROR; if (s->s3->tmp.message_size > max_message_size(s)) { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); - SSLerr(SSL_F_READ_STATE_MACHINE, SSL_R_EXCESSIVE_MESSAGE_SIZE); + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_READ_STATE_MACHINE, + SSL_R_EXCESSIVE_MESSAGE_SIZE); return SUB_STATE_ERROR; } @@ -570,8 +607,8 @@ static SUB_STATE_RETURN read_state_machine(SSL *s) && s->s3->tmp.message_size > 0 && !grow_init_buf(s, s->s3->tmp.message_size + SSL3_HM_HEADER_LENGTH)) { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); - SSLerr(SSL_F_READ_STATE_MACHINE, ERR_R_BUF_LIB); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_READ_STATE_MACHINE, + ERR_R_BUF_LIB); return SUB_STATE_ERROR; } @@ -590,8 +627,8 @@ static SUB_STATE_RETURN read_state_machine(SSL *s) s->first_packet = 0; if (!PACKET_buf_init(&pkt, s->init_msg, len)) { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); - SSLerr(SSL_F_READ_STATE_MACHINE, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_READ_STATE_MACHINE, + ERR_R_INTERNAL_ERROR); return SUB_STATE_ERROR; } ret = process_message(s, &pkt); @@ -601,6 +638,7 @@ static SUB_STATE_RETURN read_state_machine(SSL *s) switch (ret) { case MSG_PROCESS_ERROR: + check_fatal(s, SSL_F_READ_STATE_MACHINE); return SUB_STATE_ERROR; case MSG_PROCESS_FINISHED_READING: @@ -623,7 +661,12 @@ static SUB_STATE_RETURN read_state_machine(SSL *s) case READ_STATE_POST_PROCESS: st->read_state_work = post_process_message(s, st->read_state_work); switch (st->read_state_work) { - default: + case WORK_ERROR: + check_fatal(s, SSL_F_READ_STATE_MACHINE); + /* Fall through */ + case WORK_MORE_A: + case WORK_MORE_B: + case WORK_MORE_C: return SUB_STATE_ERROR; case WORK_FINISHED_CONTINUE: @@ -640,9 +683,8 @@ static SUB_STATE_RETURN read_state_machine(SSL *s) default: /* Shouldn't happen */ - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); - SSLerr(SSL_F_READ_STATE_MACHINE, ERR_R_INTERNAL_ERROR); - ossl_statem_set_error(s); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_READ_STATE_MACHINE, + ERR_R_INTERNAL_ERROR); return SUB_STATE_ERROR; } } @@ -714,8 +756,13 @@ static SUB_STATE_RETURN write_state_machine(SSL *s) WRITE_TRAN(*transition) (SSL *s); WORK_STATE(*pre_work) (SSL *s, WORK_STATE wst); WORK_STATE(*post_work) (SSL *s, WORK_STATE wst); - int (*construct_message) (SSL *s); + int (*get_construct_message_f) (SSL *s, WPACKET *pkt, + int (**confunc) (SSL *s, WPACKET *pkt), + int *mt); void (*cb) (const SSL *ssl, int type, int val) = NULL; + int (*confunc) (SSL *s, WPACKET *pkt); + int mt; + WPACKET pkt; cb = get_callback(s); @@ -723,12 +770,12 @@ static SUB_STATE_RETURN write_state_machine(SSL *s) transition = ossl_statem_server_write_transition; pre_work = ossl_statem_server_pre_work; post_work = ossl_statem_server_post_work; - construct_message = ossl_statem_server_construct_message; + get_construct_message_f = ossl_statem_server_construct_message; } else { transition = ossl_statem_client_write_transition; pre_work = ossl_statem_client_pre_work; post_work = ossl_statem_client_post_work; - construct_message = ossl_statem_client_construct_message; + get_construct_message_f = ossl_statem_client_construct_message; } while (1) { @@ -751,14 +798,20 @@ static SUB_STATE_RETURN write_state_machine(SSL *s) return SUB_STATE_FINISHED; break; - default: + case WRITE_TRAN_ERROR: + check_fatal(s, SSL_F_WRITE_STATE_MACHINE); return SUB_STATE_ERROR; } break; case WRITE_STATE_PRE_WORK: switch (st->write_state_work = pre_work(s, st->write_state_work)) { - default: + case WORK_ERROR: + check_fatal(s, SSL_F_WRITE_STATE_MACHINE); + /* Fall through */ + case WORK_MORE_A: + case WORK_MORE_B: + case WORK_MORE_C: return SUB_STATE_ERROR; case WORK_FINISHED_CONTINUE: @@ -768,8 +821,35 @@ static SUB_STATE_RETURN write_state_machine(SSL *s) case WORK_FINISHED_STOP: return SUB_STATE_END_HANDSHAKE; } - if (construct_message(s) == 0) + if (!get_construct_message_f(s, &pkt, &confunc, &mt)) { + /* SSLfatal() already called */ + return SUB_STATE_ERROR; + } + if (mt == SSL3_MT_DUMMY) { + /* Skip construction and sending. This isn't a "real" state */ + st->write_state = WRITE_STATE_POST_WORK; + st->write_state_work = WORK_MORE_A; + break; + } + if (!WPACKET_init(&pkt, s->init_buf) + || !ssl_set_handshake_header(s, &pkt, mt)) { + WPACKET_cleanup(&pkt); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_WRITE_STATE_MACHINE, + ERR_R_INTERNAL_ERROR); return SUB_STATE_ERROR; + } + if (confunc != NULL && !confunc(s, &pkt)) { + WPACKET_cleanup(&pkt); + check_fatal(s, SSL_F_WRITE_STATE_MACHINE); + return SUB_STATE_ERROR; + } + if (!ssl_close_construct_packet(s, &pkt, mt) + || !WPACKET_finish(&pkt)) { + WPACKET_cleanup(&pkt); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_WRITE_STATE_MACHINE, + ERR_R_INTERNAL_ERROR); + return SUB_STATE_ERROR; + } /* Fall through */ @@ -787,7 +867,12 @@ static SUB_STATE_RETURN write_state_machine(SSL *s) case WRITE_STATE_POST_WORK: switch (st->write_state_work = post_work(s, st->write_state_work)) { - default: + case WORK_ERROR: + check_fatal(s, SSL_F_WRITE_STATE_MACHINE); + /* Fall through */ + case WORK_MORE_A: + case WORK_MORE_B: + case WORK_MORE_C: return SUB_STATE_ERROR; case WORK_FINISHED_CONTINUE: @@ -800,6 +885,8 @@ static SUB_STATE_RETURN write_state_machine(SSL *s) break; default: + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_WRITE_STATE_MACHINE, + ERR_R_INTERNAL_ERROR); return SUB_STATE_ERROR; } } @@ -821,7 +908,7 @@ int statem_flush(SSL *s) /* * Called by the record layer to determine whether application data is - * allowed to be sent in the current handshake state or not. + * allowed to be received in the current handshake state or not. * * Return values are: * 1: Yes (application data allowed) @@ -831,7 +918,7 @@ int ossl_statem_app_data_allowed(SSL *s) { OSSL_STATEM *st = &s->statem; - if (st->state == MSG_FLOW_UNINITED || st->state == MSG_FLOW_RENEGOTIATE) + if (st->state == MSG_FLOW_UNINITED) return 0; if (!s->s3->in_read_app_data || (s->s3->total_renegotiations == 0)) @@ -856,3 +943,28 @@ int ossl_statem_app_data_allowed(SSL *s) return 0; } + +/* + * This function returns 1 if TLS exporter is ready to export keying + * material, or 0 if otherwise. + */ +int ossl_statem_export_allowed(SSL *s) +{ + return s->s3->previous_server_finished_len != 0 + && s->statem.hand_state != TLS_ST_SW_FINISHED; +} + +/* + * Return 1 if early TLS exporter is ready to export keying material, + * or 0 if otherwise. + */ +int ossl_statem_export_early_allowed(SSL *s) +{ + /* + * The early exporter secret is only present on the server if we + * have accepted early_data. It is present on the client as long + * as we have sent early_data. + */ + return s->ext.early_data == SSL_EARLY_DATA_ACCEPTED + || (!s->server && s->ext.early_data != SSL_EARLY_DATA_NOT_SENT); +} diff --git a/deps/openssl/openssl/ssl/statem/statem.h b/deps/openssl/openssl/ssl/statem/statem.h index c669ee9e78159e..144d930fc7c5e4 100644 --- a/deps/openssl/openssl/ssl/statem/statem.h +++ b/deps/openssl/openssl/ssl/statem/statem.h @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -27,7 +27,9 @@ typedef enum { /* We're working on phase A */ WORK_MORE_A, /* We're working on phase B */ - WORK_MORE_B + WORK_MORE_B, + /* We're working on phase C */ + WORK_MORE_C } WORK_STATE; /* Write transition return codes */ @@ -46,8 +48,6 @@ typedef enum { MSG_FLOW_UNINITED, /* A permanent error with this connection */ MSG_FLOW_ERROR, - /* We are about to renegotiate */ - MSG_FLOW_RENEGOTIATE, /* We are reading messages */ MSG_FLOW_READING, /* We are writing messages */ @@ -71,6 +71,22 @@ typedef enum { WRITE_STATE_POST_WORK } WRITE_STATE; +typedef enum { + /* The enc_write_ctx can be used normally */ + ENC_WRITE_STATE_VALID, + /* The enc_write_ctx cannot be used */ + ENC_WRITE_STATE_INVALID, + /* Write alerts in plaintext, but otherwise use the enc_write_ctx */ + ENC_WRITE_STATE_WRITE_PLAIN_ALERTS +} ENC_WRITE_STATES; + +typedef enum { + /* The enc_read_ctx can be used normally */ + ENC_READ_STATE_VALID, + /* We may receive encrypted or plaintext alerts */ + ENC_READ_STATE_ALLOW_PLAIN_ALERTS +} ENC_READ_STATES; + /***************************************************************************** * * * This structure should be considered "opaque" to anything outside of the * @@ -86,13 +102,22 @@ struct ossl_statem_st { READ_STATE read_state; WORK_STATE read_state_work; OSSL_HANDSHAKE_STATE hand_state; + /* The handshake state requested by an API call (e.g. HelloRequest) */ + OSSL_HANDSHAKE_STATE request_state; int in_init; int read_state_first_init; /* true when we are actually in SSL_accept() or SSL_connect() */ int in_handshake; + /* + * True when are processing a "real" handshake that needs cleaning up (not + * just a HelloRequest or similar). + */ + int cleanuphand; /* Should we skip the CertificateVerify message? */ unsigned int no_cert_verify; int use_timer; + ENC_WRITE_STATES enc_write_state; + ENC_READ_STATES enc_read_state; }; typedef struct ossl_statem_st OSSL_STATEM; @@ -107,10 +132,26 @@ __owur int ossl_statem_accept(SSL *s); __owur int ossl_statem_connect(SSL *s); void ossl_statem_clear(SSL *s); void ossl_statem_set_renegotiate(SSL *s); -void ossl_statem_set_error(SSL *s); +void ossl_statem_fatal(SSL *s, int al, int func, int reason, const char *file, + int line); +# define SSL_AD_NO_ALERT -1 +# ifndef OPENSSL_NO_ERR +# define SSLfatal(s, al, f, r) ossl_statem_fatal((s), (al), (f), (r), \ + OPENSSL_FILE, OPENSSL_LINE) +# else +# define SSLfatal(s, al, f, r) ossl_statem_fatal((s), (al), (f), (r), NULL, 0) +# endif + int ossl_statem_in_error(const SSL *s); void ossl_statem_set_in_init(SSL *s, int init); int ossl_statem_get_in_handshake(SSL *s); void ossl_statem_set_in_handshake(SSL *s, int inhand); +__owur int ossl_statem_skip_early_data(SSL *s); +void ossl_statem_check_finish_init(SSL *s, int send); void ossl_statem_set_hello_verify_done(SSL *s); __owur int ossl_statem_app_data_allowed(SSL *s); +__owur int ossl_statem_export_allowed(SSL *s); +__owur int ossl_statem_export_early_allowed(SSL *s); + +/* Flush the write BIO */ +int statem_flush(SSL *s); diff --git a/deps/openssl/openssl/ssl/statem/statem_clnt.c b/deps/openssl/openssl/ssl/statem/statem_clnt.c index ed993553c56ecc..0a11b88183e337 100644 --- a/deps/openssl/openssl/ssl/statem/statem_clnt.c +++ b/deps/openssl/openssl/ssl/statem/statem_clnt.c @@ -1,5 +1,7 @@ /* * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * Copyright 2005 Nokia. All rights reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,47 +9,9 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * - * Portions of the attached software ("Contribution") are developed by - * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. - * - * The Contribution is licensed pursuant to the OpenSSL open source - * license provided above. - * - * ECC cipher suite support in OpenSSL originally written by - * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. - * - */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - #include +#include +#include #include "../ssl_locl.h" #include "statem_locl.h" #include @@ -58,12 +22,15 @@ #include #include #include +#include + +static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL *s, PACKET *pkt); +static MSG_PROCESS_RETURN tls_process_encrypted_extensions(SSL *s, PACKET *pkt); static ossl_inline int cert_req_allowed(SSL *s); static int key_exchange_expected(SSL *s); -static int ca_dn_cmp(const X509_NAME *const *a, const X509_NAME *const *b); static int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, - unsigned char *p); + WPACKET *pkt); /* * Is a CertificateRequest message allowed at the moment or not? @@ -106,22 +73,150 @@ static int key_exchange_expected(SSL *s) return 0; } +/* + * ossl_statem_client_read_transition() encapsulates the logic for the allowed + * handshake state transitions when a TLS1.3 client is reading messages from the + * server. The message type that the server has sent is provided in |mt|. The + * current state is in |s->statem.hand_state|. + * + * Return values are 1 for success (transition allowed) and 0 on error + * (transition not allowed) + */ +static int ossl_statem_client13_read_transition(SSL *s, int mt) +{ + OSSL_STATEM *st = &s->statem; + + /* + * Note: There is no case for TLS_ST_CW_CLNT_HELLO, because we haven't + * yet negotiated TLSv1.3 at that point so that is handled by + * ossl_statem_client_read_transition() + */ + + switch (st->hand_state) { + default: + break; + + case TLS_ST_CW_CLNT_HELLO: + /* + * This must a ClientHello following a HelloRetryRequest, so the only + * thing we can get now is a ServerHello. + */ + if (mt == SSL3_MT_SERVER_HELLO) { + st->hand_state = TLS_ST_CR_SRVR_HELLO; + return 1; + } + break; + + case TLS_ST_CR_SRVR_HELLO: + if (mt == SSL3_MT_ENCRYPTED_EXTENSIONS) { + st->hand_state = TLS_ST_CR_ENCRYPTED_EXTENSIONS; + return 1; + } + break; + + case TLS_ST_CR_ENCRYPTED_EXTENSIONS: + if (s->hit) { + if (mt == SSL3_MT_FINISHED) { + st->hand_state = TLS_ST_CR_FINISHED; + return 1; + } + } else { + if (mt == SSL3_MT_CERTIFICATE_REQUEST) { + st->hand_state = TLS_ST_CR_CERT_REQ; + return 1; + } + if (mt == SSL3_MT_CERTIFICATE) { + st->hand_state = TLS_ST_CR_CERT; + return 1; + } + } + break; + + case TLS_ST_CR_CERT_REQ: + if (mt == SSL3_MT_CERTIFICATE) { + st->hand_state = TLS_ST_CR_CERT; + return 1; + } + break; + + case TLS_ST_CR_CERT: + if (mt == SSL3_MT_CERTIFICATE_VERIFY) { + st->hand_state = TLS_ST_CR_CERT_VRFY; + return 1; + } + break; + + case TLS_ST_CR_CERT_VRFY: + if (mt == SSL3_MT_FINISHED) { + st->hand_state = TLS_ST_CR_FINISHED; + return 1; + } + break; + + case TLS_ST_OK: + if (mt == SSL3_MT_NEWSESSION_TICKET) { + st->hand_state = TLS_ST_CR_SESSION_TICKET; + return 1; + } + if (mt == SSL3_MT_KEY_UPDATE) { + st->hand_state = TLS_ST_CR_KEY_UPDATE; + return 1; + } + if (mt == SSL3_MT_CERTIFICATE_REQUEST) { +#if DTLS_MAX_VERSION != DTLS1_2_VERSION +# error TODO(DTLS1.3): Restore digest for PHA before adding message. +#endif + if (!SSL_IS_DTLS(s) && s->post_handshake_auth == SSL_PHA_EXT_SENT) { + s->post_handshake_auth = SSL_PHA_REQUESTED; + /* + * In TLS, this is called before the message is added to the + * digest. In DTLS, this is expected to be called after adding + * to the digest. Either move the digest restore, or add the + * message here after the swap, or do it after the clientFinished? + */ + if (!tls13_restore_handshake_digest_for_pha(s)) { + /* SSLfatal() already called */ + return 0; + } + st->hand_state = TLS_ST_CR_CERT_REQ; + return 1; + } + } + break; + } + + /* No valid transition found */ + return 0; +} + /* * ossl_statem_client_read_transition() encapsulates the logic for the allowed * handshake state transitions when the client is reading messages from the * server. The message type that the server has sent is provided in |mt|. The * current state is in |s->statem.hand_state|. * - * Return values are: - * 1: Success (transition allowed) - * 0: Error (transition not allowed) + * Return values are 1 for success (transition allowed) and 0 on error + * (transition not allowed) */ int ossl_statem_client_read_transition(SSL *s, int mt) { OSSL_STATEM *st = &s->statem; int ske_expected; + /* + * Note that after writing the first ClientHello we don't know what version + * we are going to negotiate yet, so we don't take this branch until later. + */ + if (SSL_IS_TLS13(s)) { + if (!ossl_statem_client13_read_transition(s, mt)) + goto err; + return 1; + } + switch (st->hand_state) { + default: + break; + case TLS_ST_CW_CLNT_HELLO: if (mt == SSL3_MT_SERVER_HELLO) { st->hand_state = TLS_ST_CR_SRVR_HELLO; @@ -136,9 +231,21 @@ int ossl_statem_client_read_transition(SSL *s, int mt) } break; + case TLS_ST_EARLY_DATA: + /* + * We've not actually selected TLSv1.3 yet, but we have sent early + * data. The only thing allowed now is a ServerHello or a + * HelloRetryRequest. + */ + if (mt == SSL3_MT_SERVER_HELLO) { + st->hand_state = TLS_ST_CR_SRVR_HELLO; + return 1; + } + break; + case TLS_ST_CR_SRVR_HELLO: if (s->hit) { - if (s->tlsext_ticket_expected) { + if (s->ext.ticket_expected) { if (mt == SSL3_MT_NEWSESSION_TICKET) { st->hand_state = TLS_ST_CR_SESSION_TICKET; return 1; @@ -152,8 +259,8 @@ int ossl_statem_client_read_transition(SSL *s, int mt) st->hand_state = DTLS_ST_CR_HELLO_VERIFY_REQUEST; return 1; } else if (s->version >= TLS1_VERSION - && s->tls_session_secret_cb != NULL - && s->session->tlsext_tick != NULL + && s->ext.session_secret_cb != NULL + && s->session->ext.tick != NULL && mt == SSL3_MT_CHANGE_CIPHER_SPEC) { /* * Normally, we can tell if the server is resuming the session @@ -195,9 +302,9 @@ int ossl_statem_client_read_transition(SSL *s, int mt) case TLS_ST_CR_CERT: /* * The CertificateStatus message is optional even if - * |tlsext_status_expected| is set + * |ext.status_expected| is set */ - if (s->tlsext_status_expected && mt == SSL3_MT_CERTIFICATE_STATUS) { + if (s->ext.status_expected && mt == SSL3_MT_CERTIFICATE_STATUS) { st->hand_state = TLS_ST_CR_CERT_STATUS; return 1; } @@ -234,7 +341,7 @@ int ossl_statem_client_read_transition(SSL *s, int mt) break; case TLS_ST_CW_FINISHED: - if (s->tlsext_ticket_expected) { + if (s->ext.ticket_expected) { if (mt == SSL3_MT_NEWSESSION_TICKET) { st->hand_state = TLS_ST_CR_SESSION_TICKET; return 1; @@ -259,7 +366,11 @@ int ossl_statem_client_read_transition(SSL *s, int mt) } break; - default: + case TLS_ST_OK: + if (mt == SSL3_MT_HELLO_REQUEST) { + st->hand_state = TLS_ST_CR_HELLO_REQ; + return 1; + } break; } @@ -279,34 +390,184 @@ int ossl_statem_client_read_transition(SSL *s, int mt) BIO_set_retry_read(rbio); return 0; } - ossl_statem_set_error(s); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL3_AD_UNEXPECTED_MESSAGE); - SSLerr(SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION, SSL_R_UNEXPECTED_MESSAGE); + SSLfatal(s, SSL3_AD_UNEXPECTED_MESSAGE, + SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION, + SSL_R_UNEXPECTED_MESSAGE); return 0; } /* - * client_write_transition() works out what handshake state to move to next - * when the client is writing messages to be sent to the server. + * ossl_statem_client13_write_transition() works out what handshake state to + * move to next when the TLSv1.3 client is writing messages to be sent to the + * server. + */ +static WRITE_TRAN ossl_statem_client13_write_transition(SSL *s) +{ + OSSL_STATEM *st = &s->statem; + + /* + * Note: There are no cases for TLS_ST_BEFORE because we haven't negotiated + * TLSv1.3 yet at that point. They are handled by + * ossl_statem_client_write_transition(). + */ + switch (st->hand_state) { + default: + /* Shouldn't happen */ + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_OSSL_STATEM_CLIENT13_WRITE_TRANSITION, + ERR_R_INTERNAL_ERROR); + return WRITE_TRAN_ERROR; + + case TLS_ST_CR_CERT_REQ: + if (s->post_handshake_auth == SSL_PHA_REQUESTED) { + st->hand_state = TLS_ST_CW_CERT; + return WRITE_TRAN_CONTINUE; + } + /* + * We should only get here if we received a CertificateRequest after + * we already sent close_notify + */ + if (!ossl_assert((s->shutdown & SSL_SENT_SHUTDOWN) != 0)) { + /* Shouldn't happen - same as default case */ + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_OSSL_STATEM_CLIENT13_WRITE_TRANSITION, + ERR_R_INTERNAL_ERROR); + return WRITE_TRAN_ERROR; + } + st->hand_state = TLS_ST_OK; + return WRITE_TRAN_CONTINUE; + + case TLS_ST_CR_FINISHED: + if (s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY + || s->early_data_state == SSL_EARLY_DATA_FINISHED_WRITING) + st->hand_state = TLS_ST_PENDING_EARLY_DATA_END; + else if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0 + && s->hello_retry_request == SSL_HRR_NONE) + st->hand_state = TLS_ST_CW_CHANGE; + else + st->hand_state = (s->s3->tmp.cert_req != 0) ? TLS_ST_CW_CERT + : TLS_ST_CW_FINISHED; + return WRITE_TRAN_CONTINUE; + + case TLS_ST_PENDING_EARLY_DATA_END: + if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) { + st->hand_state = TLS_ST_CW_END_OF_EARLY_DATA; + return WRITE_TRAN_CONTINUE; + } + /* Fall through */ + + case TLS_ST_CW_END_OF_EARLY_DATA: + case TLS_ST_CW_CHANGE: + st->hand_state = (s->s3->tmp.cert_req != 0) ? TLS_ST_CW_CERT + : TLS_ST_CW_FINISHED; + return WRITE_TRAN_CONTINUE; + + case TLS_ST_CW_CERT: + /* If a non-empty Certificate we also send CertificateVerify */ + st->hand_state = (s->s3->tmp.cert_req == 1) ? TLS_ST_CW_CERT_VRFY + : TLS_ST_CW_FINISHED; + return WRITE_TRAN_CONTINUE; + + case TLS_ST_CW_CERT_VRFY: + st->hand_state = TLS_ST_CW_FINISHED; + return WRITE_TRAN_CONTINUE; + + case TLS_ST_CR_KEY_UPDATE: + if (s->key_update != SSL_KEY_UPDATE_NONE) { + st->hand_state = TLS_ST_CW_KEY_UPDATE; + return WRITE_TRAN_CONTINUE; + } + /* Fall through */ + + case TLS_ST_CW_KEY_UPDATE: + case TLS_ST_CR_SESSION_TICKET: + case TLS_ST_CW_FINISHED: + st->hand_state = TLS_ST_OK; + return WRITE_TRAN_CONTINUE; + + case TLS_ST_OK: + if (s->key_update != SSL_KEY_UPDATE_NONE) { + st->hand_state = TLS_ST_CW_KEY_UPDATE; + return WRITE_TRAN_CONTINUE; + } + + /* Try to read from the server instead */ + return WRITE_TRAN_FINISHED; + } +} + +/* + * ossl_statem_client_write_transition() works out what handshake state to + * move to next when the client is writing messages to be sent to the server. */ WRITE_TRAN ossl_statem_client_write_transition(SSL *s) { OSSL_STATEM *st = &s->statem; + /* + * Note that immediately before/after a ClientHello we don't know what + * version we are going to negotiate yet, so we don't take this branch until + * later + */ + if (SSL_IS_TLS13(s)) + return ossl_statem_client13_write_transition(s); + switch (st->hand_state) { + default: + /* Shouldn't happen */ + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_OSSL_STATEM_CLIENT_WRITE_TRANSITION, + ERR_R_INTERNAL_ERROR); + return WRITE_TRAN_ERROR; + case TLS_ST_OK: - /* Renegotiation - fall through */ + if (!s->renegotiate) { + /* + * We haven't requested a renegotiation ourselves so we must have + * received a message from the server. Better read it. + */ + return WRITE_TRAN_FINISHED; + } + /* Renegotiation */ + /* fall thru */ case TLS_ST_BEFORE: st->hand_state = TLS_ST_CW_CLNT_HELLO; return WRITE_TRAN_CONTINUE; case TLS_ST_CW_CLNT_HELLO: + if (s->early_data_state == SSL_EARLY_DATA_CONNECTING) { + /* + * We are assuming this is a TLSv1.3 connection, although we haven't + * actually selected a version yet. + */ + if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0) + st->hand_state = TLS_ST_CW_CHANGE; + else + st->hand_state = TLS_ST_EARLY_DATA; + return WRITE_TRAN_CONTINUE; + } /* * No transition at the end of writing because we don't know what * we will be sent */ return WRITE_TRAN_FINISHED; + case TLS_ST_CR_SRVR_HELLO: + /* + * We only get here in TLSv1.3. We just received an HRR, so issue a + * CCS unless middlebox compat mode is off, or we already issued one + * because we did early data. + */ + if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0 + && s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING) + st->hand_state = TLS_ST_CW_CHANGE; + else + st->hand_state = TLS_ST_CW_CLNT_HELLO; + return WRITE_TRAN_CONTINUE; + + case TLS_ST_EARLY_DATA: + return WRITE_TRAN_FINISHED; + case DTLS_ST_CR_HELLO_VERIFY_REQUEST: st->hand_state = TLS_ST_CW_CLNT_HELLO; return WRITE_TRAN_CONTINUE; @@ -348,14 +609,20 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s) return WRITE_TRAN_CONTINUE; case TLS_ST_CW_CHANGE: + if (s->hello_retry_request == SSL_HRR_PENDING) { + st->hand_state = TLS_ST_CW_CLNT_HELLO; + } else if (s->early_data_state == SSL_EARLY_DATA_CONNECTING) { + st->hand_state = TLS_ST_EARLY_DATA; + } else { #if defined(OPENSSL_NO_NEXTPROTONEG) - st->hand_state = TLS_ST_CW_FINISHED; -#else - if (!SSL_IS_DTLS(s) && s->s3->next_proto_neg_seen) - st->hand_state = TLS_ST_CW_NEXT_PROTO; - else st->hand_state = TLS_ST_CW_FINISHED; +#else + if (!SSL_IS_DTLS(s) && s->s3->npn_seen) + st->hand_state = TLS_ST_CW_NEXT_PROTO; + else + st->hand_state = TLS_ST_CW_FINISHED; #endif + } return WRITE_TRAN_CONTINUE; #if !defined(OPENSSL_NO_NEXTPROTONEG) @@ -367,7 +634,6 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s) case TLS_ST_CW_FINISHED: if (s->hit) { st->hand_state = TLS_ST_OK; - ossl_statem_set_in_init(s, 0); return WRITE_TRAN_CONTINUE; } else { return WRITE_TRAN_FINISHED; @@ -379,13 +645,24 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s) return WRITE_TRAN_CONTINUE; } else { st->hand_state = TLS_ST_OK; - ossl_statem_set_in_init(s, 0); return WRITE_TRAN_CONTINUE; } - default: - /* Shouldn't happen */ - return WRITE_TRAN_ERROR; + case TLS_ST_CR_HELLO_REQ: + /* + * If we can renegotiate now then do so, otherwise wait for a more + * convenient time. + */ + if (ssl3_renegotiate_check(s, 1)) { + if (!tls_setup_handshake(s)) { + /* SSLfatal() already called */ + return WRITE_TRAN_ERROR; + } + st->hand_state = TLS_ST_CW_CLNT_HELLO; + return WRITE_TRAN_CONTINUE; + } + st->hand_state = TLS_ST_OK; + return WRITE_TRAN_CONTINUE; } } @@ -398,12 +675,16 @@ WORK_STATE ossl_statem_client_pre_work(SSL *s, WORK_STATE wst) OSSL_STATEM *st = &s->statem; switch (st->hand_state) { + default: + /* No pre work to be done */ + break; + case TLS_ST_CW_CLNT_HELLO: s->shutdown = 0; if (SSL_IS_DTLS(s)) { /* every DTLS ClientHello resets Finished MAC */ if (!ssl3_init_finished_mac(s)) { - ossl_statem_set_error(s); + /* SSLfatal() already called */ return WORK_ERROR; } } @@ -419,18 +700,31 @@ WORK_STATE ossl_statem_client_pre_work(SSL *s, WORK_STATE wst) st->use_timer = 0; } #ifndef OPENSSL_NO_SCTP - if (BIO_dgram_is_sctp(SSL_get_wbio(s))) + if (BIO_dgram_is_sctp(SSL_get_wbio(s))) { + /* Calls SSLfatal() as required */ return dtls_wait_for_dry(s); + } #endif } - return WORK_FINISHED_CONTINUE; + break; - case TLS_ST_OK: - return tls_finish_handshake(s, wst); + case TLS_ST_PENDING_EARLY_DATA_END: + /* + * If we've been called by SSL_do_handshake()/SSL_write(), or we did not + * attempt to write early data before calling SSL_read() then we press + * on with the handshake. Otherwise we pause here. + */ + if (s->early_data_state == SSL_EARLY_DATA_FINISHED_WRITING + || s->early_data_state == SSL_EARLY_DATA_NONE) + return WORK_FINISHED_CONTINUE; + /* Fall through */ - default: - /* No pre work to be done */ - break; + case TLS_ST_EARLY_DATA: + return tls_finish_handshake(s, wst, 0, 1); + + case TLS_ST_OK: + /* Calls SSLfatal() as required */ + return tls_finish_handshake(s, wst, 1, 1); } return WORK_FINISHED_CONTINUE; @@ -447,9 +741,29 @@ WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst) s->init_num = 0; switch (st->hand_state) { + default: + /* No post work to be done */ + break; + case TLS_ST_CW_CLNT_HELLO: - if (wst == WORK_MORE_A && statem_flush(s) != 1) + if (s->early_data_state == SSL_EARLY_DATA_CONNECTING + && s->max_early_data > 0) { + /* + * We haven't selected TLSv1.3 yet so we don't call the change + * cipher state function associated with the SSL_METHOD. Instead + * we call tls13_change_cipher_state() directly. + */ + if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) == 0) { + if (!tls13_change_cipher_state(s, + SSL3_CC_EARLY | SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { + /* SSLfatal() already called */ + return WORK_ERROR; + } + } + /* else we're in compat mode so we delay flushing until after CCS */ + } else if (!statem_flush(s)) { return WORK_MORE_A; + } if (SSL_IS_DTLS(s)) { /* Treat the next message as the first packet */ @@ -457,12 +771,37 @@ WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst) } break; + case TLS_ST_CW_END_OF_EARLY_DATA: + /* + * We set the enc_write_ctx back to NULL because we may end up writing + * in cleartext again if we get a HelloRetryRequest from the server. + */ + EVP_CIPHER_CTX_free(s->enc_write_ctx); + s->enc_write_ctx = NULL; + break; + case TLS_ST_CW_KEY_EXCH: - if (tls_client_key_exchange_post_work(s) == 0) + if (tls_client_key_exchange_post_work(s) == 0) { + /* SSLfatal() already called */ return WORK_ERROR; + } break; case TLS_ST_CW_CHANGE: + if (SSL_IS_TLS13(s) || s->hello_retry_request == SSL_HRR_PENDING) + break; + if (s->early_data_state == SSL_EARLY_DATA_CONNECTING + && s->max_early_data > 0) { + /* + * We haven't selected TLSv1.3 yet so we don't call the change + * cipher state function associated with the SSL_METHOD. Instead + * we call tls13_change_cipher_state() directly. + */ + if (!tls13_change_cipher_state(s, + SSL3_CC_EARLY | SSL3_CHANGE_CIPHER_CLIENT_WRITE)) + return WORK_ERROR; + break; + } s->session->cipher = s->s3->tmp.new_cipher; #ifdef OPENSSL_NO_COMP s->session->compress_meth = 0; @@ -472,12 +811,16 @@ WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst) else s->session->compress_meth = s->s3->tmp.new_compression->id; #endif - if (!s->method->ssl3_enc->setup_key_block(s)) + if (!s->method->ssl3_enc->setup_key_block(s)) { + /* SSLfatal() already called */ return WORK_ERROR; + } if (!s->method->ssl3_enc->change_cipher_state(s, - SSL3_CHANGE_CIPHER_CLIENT_WRITE)) + SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { + /* SSLfatal() already called */ return WORK_ERROR; + } if (SSL_IS_DTLS(s)) { #ifndef OPENSSL_NO_SCTP @@ -508,10 +851,29 @@ WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst) #endif if (statem_flush(s) != 1) return WORK_MORE_B; + + if (SSL_IS_TLS13(s)) { + if (!tls13_save_handshake_digest_for_pha(s)) { + /* SSLfatal() already called */ + return WORK_ERROR; + } + if (s->post_handshake_auth != SSL_PHA_REQUESTED) { + if (!s->method->ssl3_enc->change_cipher_state(s, + SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { + /* SSLfatal() already called */ + return WORK_ERROR; + } + } + } break; - default: - /* No post work to be done */ + case TLS_ST_CW_KEY_UPDATE: + if (statem_flush(s) != 1) + return WORK_MORE_A; + if (!tls13_update_key(s, 1)) { + /* SSLfatal() already called */ + return WORK_ERROR; + } break; } @@ -519,63 +881,97 @@ WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst) } /* - * Construct a message to be sent from the client to the server. + * Get the message construction function and message type for sending from the + * client * * Valid return values are: * 1: Success * 0: Error */ -int ossl_statem_client_construct_message(SSL *s) +int ossl_statem_client_construct_message(SSL *s, WPACKET *pkt, + confunc_f *confunc, int *mt) { OSSL_STATEM *st = &s->statem; switch (st->hand_state) { + default: + /* Shouldn't happen */ + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_OSSL_STATEM_CLIENT_CONSTRUCT_MESSAGE, + SSL_R_BAD_HANDSHAKE_STATE); + return 0; + + case TLS_ST_CW_CHANGE: + if (SSL_IS_DTLS(s)) + *confunc = dtls_construct_change_cipher_spec; + else + *confunc = tls_construct_change_cipher_spec; + *mt = SSL3_MT_CHANGE_CIPHER_SPEC; + break; + case TLS_ST_CW_CLNT_HELLO: - return tls_construct_client_hello(s); + *confunc = tls_construct_client_hello; + *mt = SSL3_MT_CLIENT_HELLO; + break; + + case TLS_ST_CW_END_OF_EARLY_DATA: + *confunc = tls_construct_end_of_early_data; + *mt = SSL3_MT_END_OF_EARLY_DATA; + break; + + case TLS_ST_PENDING_EARLY_DATA_END: + *confunc = NULL; + *mt = SSL3_MT_DUMMY; + break; case TLS_ST_CW_CERT: - return tls_construct_client_certificate(s); + *confunc = tls_construct_client_certificate; + *mt = SSL3_MT_CERTIFICATE; + break; case TLS_ST_CW_KEY_EXCH: - return tls_construct_client_key_exchange(s); + *confunc = tls_construct_client_key_exchange; + *mt = SSL3_MT_CLIENT_KEY_EXCHANGE; + break; case TLS_ST_CW_CERT_VRFY: - return tls_construct_client_verify(s); - - case TLS_ST_CW_CHANGE: - if (SSL_IS_DTLS(s)) - return dtls_construct_change_cipher_spec(s); - else - return tls_construct_change_cipher_spec(s); + *confunc = tls_construct_cert_verify; + *mt = SSL3_MT_CERTIFICATE_VERIFY; + break; #if !defined(OPENSSL_NO_NEXTPROTONEG) case TLS_ST_CW_NEXT_PROTO: - return tls_construct_next_proto(s); + *confunc = tls_construct_next_proto; + *mt = SSL3_MT_NEXT_PROTO; + break; #endif case TLS_ST_CW_FINISHED: - return tls_construct_finished(s, - s->method-> - ssl3_enc->client_finished_label, - s->method-> - ssl3_enc->client_finished_label_len); + *confunc = tls_construct_finished; + *mt = SSL3_MT_FINISHED; + break; - default: - /* Shouldn't happen */ + case TLS_ST_CW_KEY_UPDATE: + *confunc = tls_construct_key_update; + *mt = SSL3_MT_KEY_UPDATE; break; } - return 0; + return 1; } /* * Returns the maximum allowed length for the current message that we are * reading. Excludes the message header. */ -unsigned long ossl_statem_client_max_message_size(SSL *s) +size_t ossl_statem_client_max_message_size(SSL *s) { OSSL_STATEM *st = &s->statem; switch (st->hand_state) { + default: + /* Shouldn't happen */ + return 0; + case TLS_ST_CR_SRVR_HELLO: return SERVER_HELLO_MAX_LENGTH; @@ -585,6 +981,9 @@ unsigned long ossl_statem_client_max_message_size(SSL *s) case TLS_ST_CR_CERT: return s->max_cert_list; + case TLS_ST_CR_CERT_VRFY: + return SSL3_RT_MAX_PLAIN_LENGTH; + case TLS_ST_CR_CERT_STATUS: return SSL3_RT_MAX_PLAIN_LENGTH; @@ -613,12 +1012,12 @@ unsigned long ossl_statem_client_max_message_size(SSL *s) case TLS_ST_CR_FINISHED: return FINISHED_MAX_LENGTH; - default: - /* Shouldn't happen */ - break; - } + case TLS_ST_CR_ENCRYPTED_EXTENSIONS: + return ENCRYPTED_EXTENSIONS_MAX_LENGTH; - return 0; + case TLS_ST_CR_KEY_UPDATE: + return KEY_UPDATE_MAX_LENGTH; + } } /* @@ -629,6 +1028,13 @@ MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL *s, PACKET *pkt) OSSL_STATEM *st = &s->statem; switch (st->hand_state) { + default: + /* Shouldn't happen */ + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_OSSL_STATEM_CLIENT_PROCESS_MESSAGE, + ERR_R_INTERNAL_ERROR); + return MSG_PROCESS_ERROR; + case TLS_ST_CR_SRVR_HELLO: return tls_process_server_hello(s, pkt); @@ -638,6 +1044,9 @@ MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL *s, PACKET *pkt) case TLS_ST_CR_CERT: return tls_process_server_certificate(s, pkt); + case TLS_ST_CR_CERT_VRFY: + return tls_process_cert_verify(s, pkt); + case TLS_ST_CR_CERT_STATUS: return tls_process_cert_status(s, pkt); @@ -659,12 +1068,15 @@ MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL *s, PACKET *pkt) case TLS_ST_CR_FINISHED: return tls_process_finished(s, pkt); - default: - /* Shouldn't happen */ - break; - } + case TLS_ST_CR_HELLO_REQ: + return tls_process_hello_req(s, pkt); - return MSG_PROCESS_ERROR; + case TLS_ST_CR_ENCRYPTED_EXTENSIONS: + return tls_process_encrypted_extensions(s, pkt); + + case TLS_ST_CR_KEY_UPDATE: + return tls_process_key_update(s, pkt); + } } /* @@ -676,49 +1088,53 @@ WORK_STATE ossl_statem_client_post_process_message(SSL *s, WORK_STATE wst) OSSL_STATEM *st = &s->statem; switch (st->hand_state) { + default: + /* Shouldn't happen */ + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_OSSL_STATEM_CLIENT_POST_PROCESS_MESSAGE, + ERR_R_INTERNAL_ERROR); + return WORK_ERROR; + + case TLS_ST_CR_CERT_VRFY: case TLS_ST_CR_CERT_REQ: return tls_prepare_client_certificate(s, wst); - - default: - break; } - - /* Shouldn't happen */ - return WORK_ERROR; } -int tls_construct_client_hello(SSL *s) +int tls_construct_client_hello(SSL *s, WPACKET *pkt) { - unsigned char *buf; - unsigned char *p, *d; - int i; - int protverr; - unsigned long l; - int al = 0; + unsigned char *p; + size_t sess_id_len; + int i, protverr; #ifndef OPENSSL_NO_COMP - int j; SSL_COMP *comp; #endif SSL_SESSION *sess = s->session; + unsigned char *session_id; - buf = (unsigned char *)s->init_buf->data; + if (!WPACKET_set_max_size(pkt, SSL3_RT_MAX_PLAIN_LENGTH)) { + /* Should not happen */ + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); + return 0; + } /* Work out what SSL/TLS/DTLS version to use */ protverr = ssl_set_client_hello_version(s); if (protverr != 0) { - SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, protverr); - goto err; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, + protverr); + return 0; } - if ((sess == NULL) || !ssl_version_supported(s, sess->ssl_version) || - /* - * In the case of EAP-FAST, we can have a pre-shared - * "ticket" without a session ID. - */ - (!sess->session_id_length && !sess->tlsext_tick) || - (sess->not_resumable)) { - if (!ssl_get_new_session(s, 0)) - goto err; + if (sess == NULL + || !ssl_version_supported(s, sess->ssl_version, NULL) + || !SSL_SESSION_is_resumable(sess)) { + if (s->hello_retry_request == SSL_HRR_NONE + && !ssl_get_new_session(s, 0)) { + /* SSLfatal() already called */ + return 0; + } } /* else use the pre-loaded session */ @@ -737,14 +1153,16 @@ int tls_construct_client_hello(SSL *s) break; } } - } else - i = 1; - - if (i && ssl_fill_hello_random(s, 0, p, sizeof(s->s3->client_random)) <= 0) - goto err; + } else { + i = (s->hello_retry_request == SSL_HRR_NONE); + } - /* Do the message type and length last */ - d = p = ssl_handshake_start(s); + if (i && ssl_fill_hello_random(s, 0, p, sizeof(s->s3->client_random), + DOWNGRADE_NONE) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, + ERR_R_INTERNAL_ERROR); + return 0; + } /*- * version indicates the negotiated version: for example from @@ -775,273 +1193,465 @@ int tls_construct_client_hello(SSL *s) * TLS 1.0 and renegotiating with TLS 1.2. We do this by using * client_version in client hello and not resetting it to * the negotiated version. + * + * For TLS 1.3 we always set the ClientHello version to 1.2 and rely on the + * supported_versions extension for the real supported versions. */ - *(p++) = s->client_version >> 8; - *(p++) = s->client_version & 0xff; - - /* Random stuff */ - memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE); - p += SSL3_RANDOM_SIZE; + if (!WPACKET_put_bytes_u16(pkt, s->client_version) + || !WPACKET_memcpy(pkt, s->s3->client_random, SSL3_RANDOM_SIZE)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, + ERR_R_INTERNAL_ERROR); + return 0; + } /* Session ID */ - if (s->new_session) - i = 0; - else - i = s->session->session_id_length; - *(p++) = i; - if (i != 0) { - if (i > (int)sizeof(s->session->session_id)) { - SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); - goto err; + session_id = s->session->session_id; + if (s->new_session || s->session->ssl_version == TLS1_3_VERSION) { + if (s->version == TLS1_3_VERSION + && (s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0) { + sess_id_len = sizeof(s->tmp_session_id); + s->tmp_session_id_len = sess_id_len; + session_id = s->tmp_session_id; + if (s->hello_retry_request == SSL_HRR_NONE + && RAND_bytes(s->tmp_session_id, sess_id_len) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, + ERR_R_INTERNAL_ERROR); + return 0; + } + } else { + sess_id_len = 0; } - memcpy(p, s->session->session_id, i); - p += i; + } else { + assert(s->session->session_id_length <= sizeof(s->session->session_id)); + sess_id_len = s->session->session_id_length; + if (s->version == TLS1_3_VERSION) { + s->tmp_session_id_len = sess_id_len; + memcpy(s->tmp_session_id, s->session->session_id, sess_id_len); + } + } + if (!WPACKET_start_sub_packet_u8(pkt) + || (sess_id_len != 0 && !WPACKET_memcpy(pkt, session_id, + sess_id_len)) + || !WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, + ERR_R_INTERNAL_ERROR); + return 0; } /* cookie stuff for DTLS */ if (SSL_IS_DTLS(s)) { - if (s->d1->cookie_len > sizeof(s->d1->cookie)) { - SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); - goto err; + if (s->d1->cookie_len > sizeof(s->d1->cookie) + || !WPACKET_sub_memcpy_u8(pkt, s->d1->cookie, + s->d1->cookie_len)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, + ERR_R_INTERNAL_ERROR); + return 0; } - *(p++) = s->d1->cookie_len; - memcpy(p, s->d1->cookie, s->d1->cookie_len); - p += s->d1->cookie_len; } /* Ciphers supported */ - i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2])); - if (i == 0) { - SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE); - goto err; + if (!WPACKET_start_sub_packet_u16(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, + ERR_R_INTERNAL_ERROR); + return 0; } -#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH - /* - * Some servers hang if client hello > 256 bytes as hack workaround - * chop number of supported ciphers to keep it well below this if we - * use TLS v1.2 - */ - if (TLS1_get_version(s) >= TLS1_2_VERSION - && i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH) - i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1; -#endif - s2n(i, p); - p += i; - /* COMPRESSION */ -#ifdef OPENSSL_NO_COMP - *(p++) = 1; -#else - - if (!ssl_allow_compression(s) || !s->ctx->comp_methods) - j = 0; - else - j = sk_SSL_COMP_num(s->ctx->comp_methods); - *(p++) = 1 + j; - for (i = 0; i < j; i++) { - comp = sk_SSL_COMP_value(s->ctx->comp_methods, i); - *(p++) = comp->id; + if (!ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), pkt)) { + /* SSLfatal() already called */ + return 0; + } + if (!WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, + ERR_R_INTERNAL_ERROR); + return 0; } -#endif - *(p++) = 0; /* Add the NULL method */ - /* TLS extensions */ - if (ssl_prepare_clienthello_tlsext(s) <= 0) { - SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT); - goto err; + /* COMPRESSION */ + if (!WPACKET_start_sub_packet_u8(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, + ERR_R_INTERNAL_ERROR); + return 0; } - if ((p = - ssl_add_clienthello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH, - &al)) == NULL) { - ssl3_send_alert(s, SSL3_AL_FATAL, al); - SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); - goto err; +#ifndef OPENSSL_NO_COMP + if (ssl_allow_compression(s) + && s->ctx->comp_methods + && (SSL_IS_DTLS(s) || s->s3->tmp.max_ver < TLS1_3_VERSION)) { + int compnum = sk_SSL_COMP_num(s->ctx->comp_methods); + for (i = 0; i < compnum; i++) { + comp = sk_SSL_COMP_value(s->ctx->comp_methods, i); + if (!WPACKET_put_bytes_u8(pkt, comp->id)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, + ERR_R_INTERNAL_ERROR); + return 0; + } + } + } +#endif + /* Add the NULL method */ + if (!WPACKET_put_bytes_u8(pkt, 0) || !WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, + ERR_R_INTERNAL_ERROR); + return 0; } - l = p - d; - if (!ssl_set_handshake_header(s, SSL3_MT_CLIENT_HELLO, l)) { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); - SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); - goto err; + /* TLS extensions */ + if (!tls_construct_extensions(s, pkt, SSL_EXT_CLIENT_HELLO, NULL, 0)) { + /* SSLfatal() already called */ + return 0; } return 1; - err: - ossl_statem_set_error(s); - return 0; } MSG_PROCESS_RETURN dtls_process_hello_verify(SSL *s, PACKET *pkt) { - int al; - unsigned int cookie_len; + size_t cookie_len; PACKET cookiepkt; if (!PACKET_forward(pkt, 2) || !PACKET_get_length_prefixed_1(pkt, &cookiepkt)) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_DTLS_PROCESS_HELLO_VERIFY, SSL_R_LENGTH_MISMATCH); - goto f_err; + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_DTLS_PROCESS_HELLO_VERIFY, + SSL_R_LENGTH_MISMATCH); + return MSG_PROCESS_ERROR; } cookie_len = PACKET_remaining(&cookiepkt); if (cookie_len > sizeof(s->d1->cookie)) { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_DTLS_PROCESS_HELLO_VERIFY, SSL_R_LENGTH_TOO_LONG); - goto f_err; + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_DTLS_PROCESS_HELLO_VERIFY, + SSL_R_LENGTH_TOO_LONG); + return MSG_PROCESS_ERROR; } if (!PACKET_copy_bytes(&cookiepkt, s->d1->cookie, cookie_len)) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_DTLS_PROCESS_HELLO_VERIFY, SSL_R_LENGTH_MISMATCH); - goto f_err; + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_DTLS_PROCESS_HELLO_VERIFY, + SSL_R_LENGTH_MISMATCH); + return MSG_PROCESS_ERROR; } s->d1->cookie_len = cookie_len; return MSG_PROCESS_FINISHED_READING; - f_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - ossl_statem_set_error(s); - return MSG_PROCESS_ERROR; } -MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) +static int set_client_ciphersuite(SSL *s, const unsigned char *cipherchars) { STACK_OF(SSL_CIPHER) *sk; const SSL_CIPHER *c; - PACKET session_id; + int i; + + c = ssl_get_cipher_by_char(s, cipherchars, 0); + if (c == NULL) { + /* unknown cipher */ + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SET_CLIENT_CIPHERSUITE, + SSL_R_UNKNOWN_CIPHER_RETURNED); + return 0; + } + /* + * If it is a disabled cipher we either didn't send it in client hello, + * or it's not allowed for the selected protocol. So we return an error. + */ + if (ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_CHECK, 1)) { + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SET_CLIENT_CIPHERSUITE, + SSL_R_WRONG_CIPHER_RETURNED); + return 0; + } + + sk = ssl_get_ciphers_by_id(s); + i = sk_SSL_CIPHER_find(sk, c); + if (i < 0) { + /* we did not say we would use this cipher */ + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SET_CLIENT_CIPHERSUITE, + SSL_R_WRONG_CIPHER_RETURNED); + return 0; + } + + if (SSL_IS_TLS13(s) && s->s3->tmp.new_cipher != NULL + && s->s3->tmp.new_cipher->id != c->id) { + /* ServerHello selected a different ciphersuite to that in the HRR */ + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SET_CLIENT_CIPHERSUITE, + SSL_R_WRONG_CIPHER_RETURNED); + return 0; + } + + /* + * Depending on the session caching (internal/external), the cipher + * and/or cipher_id values may not be set. Make sure that cipher_id is + * set and use it for comparison. + */ + if (s->session->cipher != NULL) + s->session->cipher_id = s->session->cipher->id; + if (s->hit && (s->session->cipher_id != c->id)) { + if (SSL_IS_TLS13(s)) { + /* + * In TLSv1.3 it is valid for the server to select a different + * ciphersuite as long as the hash is the same. + */ + if (ssl_md(c->algorithm2) + != ssl_md(s->session->cipher->algorithm2)) { + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, + SSL_F_SET_CLIENT_CIPHERSUITE, + SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED); + return 0; + } + } else { + /* + * Prior to TLSv1.3 resuming a session always meant using the same + * ciphersuite. + */ + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SET_CLIENT_CIPHERSUITE, + SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); + return 0; + } + } + s->s3->tmp.new_cipher = c; + + return 1; +} + +MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) +{ + PACKET session_id, extpkt; size_t session_id_len; const unsigned char *cipherchars; - int i, al = SSL_AD_INTERNAL_ERROR; + int hrr = 0; unsigned int compression; unsigned int sversion; - int protverr; + unsigned int context; + RAW_EXTENSION *extensions = NULL; #ifndef OPENSSL_NO_COMP SSL_COMP *comp; #endif if (!PACKET_get_net_2(pkt, &sversion)) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_LENGTH_MISMATCH); - goto f_err; - } - - protverr = ssl_choose_client_version(s, sversion); - if (protverr != 0) { - al = SSL_AD_PROTOCOL_VERSION; - SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, protverr); - goto f_err; + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO, + SSL_R_LENGTH_MISMATCH); + goto err; } - /* load the server hello data */ /* load the server random */ - if (!PACKET_copy_bytes(pkt, s->s3->server_random, SSL3_RANDOM_SIZE)) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_LENGTH_MISMATCH); - goto f_err; + if (s->version == TLS1_3_VERSION + && sversion == TLS1_2_VERSION + && PACKET_remaining(pkt) >= SSL3_RANDOM_SIZE + && memcmp(hrrrandom, PACKET_data(pkt), SSL3_RANDOM_SIZE) == 0) { + s->hello_retry_request = SSL_HRR_PENDING; + hrr = 1; + if (!PACKET_forward(pkt, SSL3_RANDOM_SIZE)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO, + SSL_R_LENGTH_MISMATCH); + goto err; + } + } else { + if (!PACKET_copy_bytes(pkt, s->s3->server_random, SSL3_RANDOM_SIZE)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO, + SSL_R_LENGTH_MISMATCH); + goto err; + } } - s->hit = 0; - /* Get the session-id. */ if (!PACKET_get_length_prefixed_1(pkt, &session_id)) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_LENGTH_MISMATCH); - goto f_err; + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO, + SSL_R_LENGTH_MISMATCH); + goto err; } session_id_len = PACKET_remaining(&session_id); if (session_id_len > sizeof(s->session->session_id) || session_id_len > SSL3_SESSION_ID_SIZE) { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_SSL3_SESSION_ID_TOO_LONG); - goto f_err; + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SERVER_HELLO, + SSL_R_SSL3_SESSION_ID_TOO_LONG); + goto err; } if (!PACKET_get_bytes(pkt, &cipherchars, TLS_CIPHER_LEN)) { - SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_LENGTH_MISMATCH); - al = SSL_AD_DECODE_ERROR; - goto f_err; + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO, + SSL_R_LENGTH_MISMATCH); + goto err; } - /* - * Check if we can resume the session based on external pre-shared secret. - * EAP-FAST (RFC 4851) supports two types of session resumption. - * Resumption based on server-side state works with session IDs. - * Resumption based on pre-shared Protected Access Credentials (PACs) - * works by overriding the SessionTicket extension at the application - * layer, and does not send a session ID. (We do not know whether EAP-FAST - * servers would honour the session ID.) Therefore, the session ID alone - * is not a reliable indicator of session resumption, so we first check if - * we can resume, and later peek at the next handshake message to see if the - * server wants to resume. - */ - if (s->version >= TLS1_VERSION && s->tls_session_secret_cb && - s->session->tlsext_tick) { - const SSL_CIPHER *pref_cipher = NULL; - s->session->master_key_length = sizeof(s->session->master_key); - if (s->tls_session_secret_cb(s, s->session->master_key, - &s->session->master_key_length, - NULL, &pref_cipher, - s->tls_session_secret_cb_arg)) { - s->session->cipher = pref_cipher ? - pref_cipher : ssl_get_cipher_by_char(s, cipherchars); - } else { - SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, ERR_R_INTERNAL_ERROR); - al = SSL_AD_INTERNAL_ERROR; - goto f_err; + if (!PACKET_get_1(pkt, &compression)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO, + SSL_R_LENGTH_MISMATCH); + goto err; + } + + /* TLS extensions */ + if (PACKET_remaining(pkt) == 0 && !hrr) { + PACKET_null_init(&extpkt); + } else if (!PACKET_as_length_prefixed_2(pkt, &extpkt) + || PACKET_remaining(pkt) != 0) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO, + SSL_R_BAD_LENGTH); + goto err; + } + + if (!hrr) { + if (!tls_collect_extensions(s, &extpkt, + SSL_EXT_TLS1_2_SERVER_HELLO + | SSL_EXT_TLS1_3_SERVER_HELLO, + &extensions, NULL, 1)) { + /* SSLfatal() already called */ + goto err; + } + + if (!ssl_choose_client_version(s, sversion, extensions)) { + /* SSLfatal() already called */ + goto err; + } + } + + if (SSL_IS_TLS13(s) || hrr) { + if (compression != 0) { + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, + SSL_F_TLS_PROCESS_SERVER_HELLO, + SSL_R_INVALID_COMPRESSION_ALGORITHM); + goto err; + } + + if (session_id_len != s->tmp_session_id_len + || memcmp(PACKET_data(&session_id), s->tmp_session_id, + session_id_len) != 0) { + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, + SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_INVALID_SESSION_ID); + goto err; + } + } + + if (hrr) { + if (!set_client_ciphersuite(s, cipherchars)) { + /* SSLfatal() already called */ + goto err; + } + + return tls_process_as_hello_retry_request(s, &extpkt); + } + + /* + * Now we have chosen the version we need to check again that the extensions + * are appropriate for this version. + */ + context = SSL_IS_TLS13(s) ? SSL_EXT_TLS1_3_SERVER_HELLO + : SSL_EXT_TLS1_2_SERVER_HELLO; + if (!tls_validate_all_contexts(s, context, extensions)) { + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SERVER_HELLO, + SSL_R_BAD_EXTENSION); + goto err; + } + + s->hit = 0; + + if (SSL_IS_TLS13(s)) { + /* + * In TLSv1.3 a ServerHello message signals a key change so the end of + * the message must be on a record boundary. + */ + if (RECORD_LAYER_processed_read_pending(&s->rlayer)) { + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, + SSL_F_TLS_PROCESS_SERVER_HELLO, + SSL_R_NOT_ON_RECORD_BOUNDARY); + goto err; + } + + /* This will set s->hit if we are resuming */ + if (!tls_parse_extension(s, TLSEXT_IDX_psk, + SSL_EXT_TLS1_3_SERVER_HELLO, + extensions, NULL, 0)) { + /* SSLfatal() already called */ + goto err; + } + } else { + /* + * Check if we can resume the session based on external pre-shared + * secret. EAP-FAST (RFC 4851) supports two types of session resumption. + * Resumption based on server-side state works with session IDs. + * Resumption based on pre-shared Protected Access Credentials (PACs) + * works by overriding the SessionTicket extension at the application + * layer, and does not send a session ID. (We do not know whether + * EAP-FAST servers would honour the session ID.) Therefore, the session + * ID alone is not a reliable indicator of session resumption, so we + * first check if we can resume, and later peek at the next handshake + * message to see if the server wants to resume. + */ + if (s->version >= TLS1_VERSION + && s->ext.session_secret_cb != NULL && s->session->ext.tick) { + const SSL_CIPHER *pref_cipher = NULL; + /* + * s->session->master_key_length is a size_t, but this is an int for + * backwards compat reasons + */ + int master_key_length; + master_key_length = sizeof(s->session->master_key); + if (s->ext.session_secret_cb(s, s->session->master_key, + &master_key_length, + NULL, &pref_cipher, + s->ext.session_secret_cb_arg) + && master_key_length > 0) { + s->session->master_key_length = master_key_length; + s->session->cipher = pref_cipher ? + pref_cipher : ssl_get_cipher_by_char(s, cipherchars, 0); + } else { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_PROCESS_SERVER_HELLO, ERR_R_INTERNAL_ERROR); + goto err; + } } + + if (session_id_len != 0 + && session_id_len == s->session->session_id_length + && memcmp(PACKET_data(&session_id), s->session->session_id, + session_id_len) == 0) + s->hit = 1; } - if (session_id_len != 0 && session_id_len == s->session->session_id_length - && memcmp(PACKET_data(&session_id), s->session->session_id, - session_id_len) == 0) { + if (s->hit) { if (s->sid_ctx_length != s->session->sid_ctx_length - || memcmp(s->session->sid_ctx, s->sid_ctx, s->sid_ctx_length)) { + || memcmp(s->session->sid_ctx, s->sid_ctx, s->sid_ctx_length)) { /* actually a client application bug */ - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, - SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); - goto f_err; + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, + SSL_F_TLS_PROCESS_SERVER_HELLO, + SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); + goto err; } - s->hit = 1; } else { /* * If we were trying for session-id reuse but the server - * didn't echo the ID, make a new SSL_SESSION. + * didn't resume, make a new SSL_SESSION. * In the case of EAP-FAST and PAC, we do not send a session ID, * so the PAC-based session secret is always preserved. It'll be * overwritten if the server refuses resumption. */ - if (s->session->session_id_length > 0) { - s->ctx->stats.sess_miss++; + if (s->session->session_id_length > 0 + || (SSL_IS_TLS13(s) + && s->session->ext.tick_identity + != TLSEXT_PSK_BAD_IDENTITY)) { + tsan_counter(&s->session_ctx->stats.sess_miss); if (!ssl_get_new_session(s, 0)) { - goto f_err; + /* SSLfatal() already called */ + goto err; } } s->session->ssl_version = s->version; - s->session->session_id_length = session_id_len; - /* session_id_len could be 0 */ - if (session_id_len > 0) - memcpy(s->session->session_id, PACKET_data(&session_id), - session_id_len); + /* + * In TLSv1.2 and below we save the session id we were sent so we can + * resume it later. In TLSv1.3 the session id we were sent is just an + * echo of what we originally sent in the ClientHello and should not be + * used for resumption. + */ + if (!SSL_IS_TLS13(s)) { + s->session->session_id_length = session_id_len; + /* session_id_len could be 0 */ + if (session_id_len > 0) + memcpy(s->session->session_id, PACKET_data(&session_id), + session_id_len); + } } /* Session version and negotiated protocol version should match */ if (s->version != s->session->ssl_version) { - al = SSL_AD_PROTOCOL_VERSION; - - SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, - SSL_R_SSL_SESSION_VERSION_MISMATCH); - goto f_err; - } - - c = ssl_get_cipher_by_char(s, cipherchars); - if (c == NULL) { - /* unknown cipher */ - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_UNKNOWN_CIPHER_RETURNED); - goto f_err; + SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_F_TLS_PROCESS_SERVER_HELLO, + SSL_R_SSL_SESSION_VERSION_MISMATCH); + goto err; } /* * Now that we know the version, update the check to see if it's an allowed @@ -1049,100 +1659,57 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) */ s->s3->tmp.min_ver = s->version; s->s3->tmp.max_ver = s->version; - /* - * If it is a disabled cipher we either didn't send it in client hello, - * or it's not allowed for the selected protocol. So we return an error. - */ - if (ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_CHECK, 1)) { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_WRONG_CIPHER_RETURNED); - goto f_err; - } - sk = ssl_get_ciphers_by_id(s); - i = sk_SSL_CIPHER_find(sk, c); - if (i < 0) { - /* we did not say we would use this cipher */ - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_WRONG_CIPHER_RETURNED); - goto f_err; + if (!set_client_ciphersuite(s, cipherchars)) { + /* SSLfatal() already called */ + goto err; } - /* - * Depending on the session caching (internal/external), the cipher - * and/or cipher_id values may not be set. Make sure that cipher_id is - * set and use it for comparison. - */ - if (s->session->cipher) - s->session->cipher_id = s->session->cipher->id; - if (s->hit && (s->session->cipher_id != c->id)) { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, - SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); - goto f_err; - } - s->s3->tmp.new_cipher = c; - /* lets get the compression algorithm */ - /* COMPRESSION */ - if (!PACKET_get_1(pkt, &compression)) { - SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_LENGTH_MISMATCH); - al = SSL_AD_DECODE_ERROR; - goto f_err; - } #ifdef OPENSSL_NO_COMP if (compression != 0) { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, - SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); - goto f_err; + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SERVER_HELLO, + SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); + goto err; } /* * If compression is disabled we'd better not try to resume a session * using compression. */ if (s->session->compress_meth != 0) { - SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_INCONSISTENT_COMPRESSION); - goto f_err; + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_SERVER_HELLO, + SSL_R_INCONSISTENT_COMPRESSION); + goto err; } #else if (s->hit && compression != s->session->compress_meth) { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, - SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED); - goto f_err; + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SERVER_HELLO, + SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED); + goto err; } if (compression == 0) comp = NULL; else if (!ssl_allow_compression(s)) { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_COMPRESSION_DISABLED); - goto f_err; + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SERVER_HELLO, + SSL_R_COMPRESSION_DISABLED); + goto err; } else { comp = ssl3_comp_find(s->ctx->comp_methods, compression); } if (compression != 0 && comp == NULL) { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, - SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); - goto f_err; + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SERVER_HELLO, + SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); + goto err; } else { s->s3->tmp.new_compression = comp; } #endif - /* TLS extensions */ - if (!ssl_parse_serverhello_tlsext(s, pkt)) { - SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_PARSE_TLSEXT); + if (!tls_parse_all_extensions(s, context, extensions, NULL, 0, 1)) { + /* SSLfatal() already called */ goto err; } - if (PACKET_remaining(pkt) != 0) { - /* wrong packet length */ - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_BAD_PACKET_LENGTH); - goto f_err; - } #ifndef OPENSSL_NO_SCTP if (SSL_IS_DTLS(s) && s->hit) { unsigned char sctpauthkey[64]; @@ -1158,8 +1725,11 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) if (SSL_export_keying_material(s, sctpauthkey, sizeof(sctpauthkey), labelbuffer, - sizeof(labelbuffer), NULL, 0, 0) <= 0) + sizeof(labelbuffer), NULL, 0, 0) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO, + ERR_R_INTERNAL_ERROR); goto err; + } BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, @@ -1167,58 +1737,168 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) } #endif + /* + * In TLSv1.3 we have some post-processing to change cipher state, otherwise + * we're done with this message + */ + if (SSL_IS_TLS13(s) + && (!s->method->ssl3_enc->setup_key_block(s) + || !s->method->ssl3_enc->change_cipher_state(s, + SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_READ))) { + /* SSLfatal() already called */ + goto err; + } + + OPENSSL_free(extensions); return MSG_PROCESS_CONTINUE_READING; - f_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); err: - ossl_statem_set_error(s); + OPENSSL_free(extensions); + return MSG_PROCESS_ERROR; +} + +static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL *s, + PACKET *extpkt) +{ + RAW_EXTENSION *extensions = NULL; + + /* + * If we were sending early_data then the enc_write_ctx is now invalid and + * should not be used. + */ + EVP_CIPHER_CTX_free(s->enc_write_ctx); + s->enc_write_ctx = NULL; + + if (!tls_collect_extensions(s, extpkt, SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST, + &extensions, NULL, 1) + || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST, + extensions, NULL, 0, 1)) { + /* SSLfatal() already called */ + goto err; + } + + OPENSSL_free(extensions); + extensions = NULL; + + if (s->ext.tls13_cookie_len == 0 +#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) + && s->s3->tmp.pkey != NULL +#endif + ) { + /* + * We didn't receive a cookie or a new key_share so the next + * ClientHello will not change + */ + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, + SSL_F_TLS_PROCESS_AS_HELLO_RETRY_REQUEST, + SSL_R_NO_CHANGE_FOLLOWING_HRR); + goto err; + } + + /* + * Re-initialise the Transcript Hash. We're going to prepopulate it with + * a synthetic message_hash in place of ClientHello1. + */ + if (!create_synthetic_message_hash(s, NULL, 0, NULL, 0)) { + /* SSLfatal() already called */ + goto err; + } + + /* + * Add this message to the Transcript Hash. Normally this is done + * automatically prior to the message processing stage. However due to the + * need to create the synthetic message hash, we defer that step until now + * for HRR messages. + */ + if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, + s->init_num + SSL3_HM_HEADER_LENGTH)) { + /* SSLfatal() already called */ + goto err; + } + + return MSG_PROCESS_FINISHED_READING; + err: + OPENSSL_free(extensions); return MSG_PROCESS_ERROR; } MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt) { - int al, i, ret = MSG_PROCESS_ERROR, exp_idx; + int i; + MSG_PROCESS_RETURN ret = MSG_PROCESS_ERROR; unsigned long cert_list_len, cert_len; X509 *x = NULL; const unsigned char *certstart, *certbytes; STACK_OF(X509) *sk = NULL; EVP_PKEY *pkey = NULL; + size_t chainidx, certidx; + unsigned int context = 0; + const SSL_CERT_LOOKUP *clu; if ((sk = sk_X509_new_null()) == NULL) { - SSLerr(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, + ERR_R_MALLOC_FAILURE); goto err; } - if (!PACKET_get_net_3(pkt, &cert_list_len) - || PACKET_remaining(pkt) != cert_list_len) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, SSL_R_LENGTH_MISMATCH); - goto f_err; + if ((SSL_IS_TLS13(s) && !PACKET_get_1(pkt, &context)) + || context != 0 + || !PACKET_get_net_3(pkt, &cert_list_len) + || PACKET_remaining(pkt) != cert_list_len + || PACKET_remaining(pkt) == 0) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, + SSL_R_LENGTH_MISMATCH); + goto err; } - while (PACKET_remaining(pkt)) { + for (chainidx = 0; PACKET_remaining(pkt); chainidx++) { if (!PACKET_get_net_3(pkt, &cert_len) || !PACKET_get_bytes(pkt, &certbytes, cert_len)) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, - SSL_R_CERT_LENGTH_MISMATCH); - goto f_err; + SSLfatal(s, SSL_AD_DECODE_ERROR, + SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, + SSL_R_CERT_LENGTH_MISMATCH); + goto err; } certstart = certbytes; x = d2i_X509(NULL, (const unsigned char **)&certbytes, cert_len); if (x == NULL) { - al = SSL_AD_BAD_CERTIFICATE; - SSLerr(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, ERR_R_ASN1_LIB); - goto f_err; + SSLfatal(s, SSL_AD_BAD_CERTIFICATE, + SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, ERR_R_ASN1_LIB); + goto err; } if (certbytes != (certstart + cert_len)) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, - SSL_R_CERT_LENGTH_MISMATCH); - goto f_err; + SSLfatal(s, SSL_AD_DECODE_ERROR, + SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, + SSL_R_CERT_LENGTH_MISMATCH); + goto err; + } + + if (SSL_IS_TLS13(s)) { + RAW_EXTENSION *rawexts = NULL; + PACKET extensions; + + if (!PACKET_get_length_prefixed_2(pkt, &extensions)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, + SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, + SSL_R_BAD_LENGTH); + goto err; + } + if (!tls_collect_extensions(s, &extensions, + SSL_EXT_TLS1_3_CERTIFICATE, &rawexts, + NULL, chainidx == 0) + || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_CERTIFICATE, + rawexts, x, chainidx, + PACKET_remaining(pkt) == 0)) { + OPENSSL_free(rawexts); + /* SSLfatal already called */ + goto err; + } + OPENSSL_free(rawexts); } + if (!sk_X509_push(sk, x)) { - SSLerr(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, + ERR_R_MALLOC_FAILURE); goto err; } x = NULL; @@ -1240,16 +1920,16 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt) * set. The *documented* interface remains the same. */ if (s->verify_mode != SSL_VERIFY_NONE && i <= 0) { - al = ssl_verify_alarm_type(s->verify_result); - SSLerr(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, - SSL_R_CERTIFICATE_VERIFY_FAILED); - goto f_err; + SSLfatal(s, ssl_x509err2alert(s->verify_result), + SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, + SSL_R_CERTIFICATE_VERIFY_FAILED); + goto err; } ERR_clear_error(); /* but we keep s->verify_result */ if (i > 1) { - SSLerr(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, i); - al = SSL_AD_HANDSHAKE_FAILURE; - goto f_err; + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, + SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, i); + goto err; } s->session->peer_chain = sk; @@ -1264,54 +1944,58 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt) if (pkey == NULL || EVP_PKEY_missing_parameters(pkey)) { x = NULL; - al = SSL3_AL_FATAL; - SSLerr(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, - SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS); - goto f_err; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, + SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS); + goto err; } - i = ssl_cert_type(x, pkey); - if (i < 0) { + if ((clu = ssl_cert_lookup_by_pkey(pkey, &certidx)) == NULL) { x = NULL; - al = SSL3_AL_FATAL; - SSLerr(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, - SSL_R_UNKNOWN_CERTIFICATE_TYPE); - goto f_err; + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, + SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, + SSL_R_UNKNOWN_CERTIFICATE_TYPE); + goto err; } - - exp_idx = ssl_cipher_get_cert_index(s->s3->tmp.new_cipher); - if (exp_idx >= 0 && i != exp_idx - && (exp_idx != SSL_PKEY_GOST_EC || - (i != SSL_PKEY_GOST12_512 && i != SSL_PKEY_GOST12_256 - && i != SSL_PKEY_GOST01))) { - x = NULL; - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, - SSL_R_WRONG_CERTIFICATE_TYPE); - goto f_err; + /* + * Check certificate type is consistent with ciphersuite. For TLS 1.3 + * skip check since TLS 1.3 ciphersuites can be used with any certificate + * type. + */ + if (!SSL_IS_TLS13(s)) { + if ((clu->amask & s->s3->tmp.new_cipher->algorithm_auth) == 0) { + x = NULL; + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, + SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, + SSL_R_WRONG_CERTIFICATE_TYPE); + goto err; + } } - s->session->peer_type = i; + s->session->peer_type = certidx; X509_free(s->session->peer); X509_up_ref(x); s->session->peer = x; s->session->verify_result = s->verify_result; - x = NULL; + + /* Save the current hash state for when we receive the CertificateVerify */ + if (SSL_IS_TLS13(s) + && !ssl_handshake_hash(s, s->cert_verify_hash, + sizeof(s->cert_verify_hash), + &s->cert_verify_hash_len)) { + /* SSLfatal() already called */; + goto err; + } + ret = MSG_PROCESS_CONTINUE_READING; - goto done; - f_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); err: - ossl_statem_set_error(s); - done: X509_free(x); sk_X509_pop_free(sk, X509_free); return ret; } -static int tls_process_ske_psk_preamble(SSL *s, PACKET *pkt, int *al) +static int tls_process_ske_psk_preamble(SSL *s, PACKET *pkt) { #ifndef OPENSSL_NO_PSK PACKET psk_identity_hint; @@ -1319,8 +2003,8 @@ static int tls_process_ske_psk_preamble(SSL *s, PACKET *pkt, int *al) /* PSK ciphersuites are preceded by an identity hint */ if (!PACKET_get_length_prefixed_2(pkt, &psk_identity_hint)) { - *al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE, SSL_R_LENGTH_MISMATCH); + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE, + SSL_R_LENGTH_MISMATCH); return 0; } @@ -1331,8 +2015,9 @@ static int tls_process_ske_psk_preamble(SSL *s, PACKET *pkt, int *al) * identity. */ if (PACKET_remaining(&psk_identity_hint) > PSK_MAX_IDENTITY_LEN) { - *al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE, SSL_R_DATA_LENGTH_TOO_LONG); + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, + SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE, + SSL_R_DATA_LENGTH_TOO_LONG); return 0; } @@ -1341,19 +2026,20 @@ static int tls_process_ske_psk_preamble(SSL *s, PACKET *pkt, int *al) s->session->psk_identity_hint = NULL; } else if (!PACKET_strndup(&psk_identity_hint, &s->session->psk_identity_hint)) { - *al = SSL_AD_INTERNAL_ERROR; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE, + ERR_R_INTERNAL_ERROR); return 0; } return 1; #else - SSLerr(SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR); - *al = SSL_AD_INTERNAL_ERROR; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE, + ERR_R_INTERNAL_ERROR); return 0; #endif } -static int tls_process_ske_srp(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al) +static int tls_process_ske_srp(SSL *s, PACKET *pkt, EVP_PKEY **pkey) { #ifndef OPENSSL_NO_SRP PACKET prime, generator, salt, server_pub; @@ -1362,31 +2048,31 @@ static int tls_process_ske_srp(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al) || !PACKET_get_length_prefixed_2(pkt, &generator) || !PACKET_get_length_prefixed_1(pkt, &salt) || !PACKET_get_length_prefixed_2(pkt, &server_pub)) { - *al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_SKE_SRP, SSL_R_LENGTH_MISMATCH); + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SKE_SRP, + SSL_R_LENGTH_MISMATCH); return 0; } + /* TODO(size_t): Convert BN_bin2bn() calls */ if ((s->srp_ctx.N = BN_bin2bn(PACKET_data(&prime), - PACKET_remaining(&prime), NULL)) == NULL + (int)PACKET_remaining(&prime), NULL)) == NULL || (s->srp_ctx.g = BN_bin2bn(PACKET_data(&generator), - PACKET_remaining(&generator), NULL)) == NULL + (int)PACKET_remaining(&generator), NULL)) == NULL || (s->srp_ctx.s = BN_bin2bn(PACKET_data(&salt), - PACKET_remaining(&salt), NULL)) == NULL + (int)PACKET_remaining(&salt), NULL)) == NULL || (s->srp_ctx.B = BN_bin2bn(PACKET_data(&server_pub), - PACKET_remaining(&server_pub), NULL)) == NULL) { - *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_SKE_SRP, ERR_R_BN_LIB); + (int)PACKET_remaining(&server_pub), NULL)) == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_SRP, + ERR_R_BN_LIB); return 0; } - if (!srp_verify_server_param(s, al)) { - *al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_SKE_SRP, SSL_R_BAD_SRP_PARAMETERS); + if (!srp_verify_server_param(s)) { + /* SSLfatal() already called */ return 0; } @@ -1396,13 +2082,13 @@ static int tls_process_ske_srp(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al) return 1; #else - SSLerr(SSL_F_TLS_PROCESS_SKE_SRP, ERR_R_INTERNAL_ERROR); - *al = SSL_AD_INTERNAL_ERROR; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_SRP, + ERR_R_INTERNAL_ERROR); return 0; #endif } -static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al) +static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey) { #ifndef OPENSSL_NO_DH PACKET prime, generator, pub_key; @@ -1416,8 +2102,8 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al) if (!PACKET_get_length_prefixed_2(pkt, &prime) || !PACKET_get_length_prefixed_2(pkt, &generator) || !PACKET_get_length_prefixed_2(pkt, &pub_key)) { - *al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, SSL_R_LENGTH_MISMATCH); + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SKE_DHE, + SSL_R_LENGTH_MISMATCH); return 0; } @@ -1425,57 +2111,59 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al) dh = DH_new(); if (peer_tmp == NULL || dh == NULL) { - *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE, + ERR_R_MALLOC_FAILURE); goto err; } - p = BN_bin2bn(PACKET_data(&prime), PACKET_remaining(&prime), NULL); - g = BN_bin2bn(PACKET_data(&generator), PACKET_remaining(&generator), NULL); - bnpub_key = BN_bin2bn(PACKET_data(&pub_key), PACKET_remaining(&pub_key), - NULL); + /* TODO(size_t): Convert these calls */ + p = BN_bin2bn(PACKET_data(&prime), (int)PACKET_remaining(&prime), NULL); + g = BN_bin2bn(PACKET_data(&generator), (int)PACKET_remaining(&generator), + NULL); + bnpub_key = BN_bin2bn(PACKET_data(&pub_key), + (int)PACKET_remaining(&pub_key), NULL); if (p == NULL || g == NULL || bnpub_key == NULL) { - *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, ERR_R_BN_LIB); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE, + ERR_R_BN_LIB); goto err; } /* test non-zero pubkey */ if (BN_is_zero(bnpub_key)) { - *al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, SSL_R_BAD_DH_VALUE); + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SKE_DHE, + SSL_R_BAD_DH_VALUE); goto err; } if (!DH_set0_pqg(dh, p, NULL, g)) { - *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, ERR_R_BN_LIB); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE, + ERR_R_BN_LIB); goto err; } p = g = NULL; if (DH_check_params(dh, &check_bits) == 0 || check_bits != 0) { - *al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, SSL_R_BAD_DH_VALUE); + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SKE_DHE, + SSL_R_BAD_DH_VALUE); goto err; } if (!DH_set0_key(dh, bnpub_key, NULL)) { - *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, ERR_R_BN_LIB); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE, + ERR_R_BN_LIB); goto err; } bnpub_key = NULL; if (!ssl_security(s, SSL_SECOP_TMP_DH, DH_security_bits(dh), 0, dh)) { - *al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, SSL_R_DH_KEY_TOO_SMALL); + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_SKE_DHE, + SSL_R_DH_KEY_TOO_SMALL); goto err; } if (EVP_PKEY_assign_DH(peer_tmp, dh) == 0) { - *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, ERR_R_EVP_LIB); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE, + ERR_R_EVP_LIB); goto err; } @@ -1500,87 +2188,56 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al) return 0; #else - SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, ERR_R_INTERNAL_ERROR); - *al = SSL_AD_INTERNAL_ERROR; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE, + ERR_R_INTERNAL_ERROR); return 0; #endif } -static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al) +static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey) { #ifndef OPENSSL_NO_EC PACKET encoded_pt; - const unsigned char *ecparams; - int curve_nid; - unsigned int curve_flags; - EVP_PKEY_CTX *pctx = NULL; + unsigned int curve_type, curve_id; /* * Extract elliptic curve parameters and the server's ephemeral ECDH - * public key. For now we only support named (not generic) curves and + * public key. We only support named (not generic) curves and * ECParameters in this case is just three bytes. */ - if (!PACKET_get_bytes(pkt, &ecparams, 3)) { - *al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, SSL_R_LENGTH_TOO_SHORT); + if (!PACKET_get_1(pkt, &curve_type) || !PACKET_get_net_2(pkt, &curve_id)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SKE_ECDHE, + SSL_R_LENGTH_TOO_SHORT); return 0; } /* - * Check curve is one of our preferences, if not server has sent an - * invalid curve. ECParameters is 3 bytes. + * Check curve is named curve type and one of our preferences, if not + * server has sent an invalid curve. */ - if (!tls1_check_curve(s, ecparams, 3)) { - *al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, SSL_R_WRONG_CURVE); + if (curve_type != NAMED_CURVE_TYPE + || !tls1_check_group_id(s, curve_id, 1)) { + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SKE_ECDHE, + SSL_R_WRONG_CURVE); return 0; } - curve_nid = tls1_ec_curve_id2nid(*(ecparams + 2), &curve_flags); - - if (curve_nid == 0) { - *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, - SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); + if ((s->s3->peer_tmp = ssl_generate_param_group(curve_id)) == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_ECDHE, + SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); return 0; } - if ((curve_flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) { - EVP_PKEY *key = EVP_PKEY_new(); - - if (key == NULL || !EVP_PKEY_set_type(key, curve_nid)) { - *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, ERR_R_EVP_LIB); - EVP_PKEY_free(key); - return 0; - } - s->s3->peer_tmp = key; - } else { - /* Set up EVP_PKEY with named curve as parameters */ - pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL); - if (pctx == NULL - || EVP_PKEY_paramgen_init(pctx) <= 0 - || EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, curve_nid) <= 0 - || EVP_PKEY_paramgen(pctx, &s->s3->peer_tmp) <= 0) { - *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, ERR_R_EVP_LIB); - EVP_PKEY_CTX_free(pctx); - return 0; - } - EVP_PKEY_CTX_free(pctx); - pctx = NULL; - } - if (!PACKET_get_length_prefixed_1(pkt, &encoded_pt)) { - *al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, SSL_R_LENGTH_MISMATCH); + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SKE_ECDHE, + SSL_R_LENGTH_MISMATCH); return 0; } if (!EVP_PKEY_set1_tls_encodedpoint(s->s3->peer_tmp, PACKET_data(&encoded_pt), PACKET_remaining(&encoded_pt))) { - *al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, SSL_R_BAD_ECPOINT); + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SKE_ECDHE, + SSL_R_BAD_ECPOINT); return 0; } @@ -1597,17 +2254,18 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al) return 1; #else - SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, ERR_R_INTERNAL_ERROR); - *al = SSL_AD_INTERNAL_ERROR; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_ECDHE, + ERR_R_INTERNAL_ERROR); return 0; #endif } MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) { - int al = -1; long alg_k; EVP_PKEY *pkey = NULL; + EVP_MD_CTX *md_ctx = NULL; + EVP_PKEY_CTX *pctx = NULL; PACKET save_param_start, signature; alg_k = s->s3->tmp.new_cipher->algorithm_mkey; @@ -1620,24 +2278,32 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) #endif if (alg_k & SSL_PSK) { - if (!tls_process_ske_psk_preamble(s, pkt, &al)) + if (!tls_process_ske_psk_preamble(s, pkt)) { + /* SSLfatal() already called */ goto err; + } } /* Nothing else to do for plain PSK or RSAPSK */ if (alg_k & (SSL_kPSK | SSL_kRSAPSK)) { } else if (alg_k & SSL_kSRP) { - if (!tls_process_ske_srp(s, pkt, &pkey, &al)) + if (!tls_process_ske_srp(s, pkt, &pkey)) { + /* SSLfatal() already called */ goto err; + } } else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) { - if (!tls_process_ske_dhe(s, pkt, &pkey, &al)) + if (!tls_process_ske_dhe(s, pkt, &pkey)) { + /* SSLfatal() already called */ goto err; + } } else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) { - if (!tls_process_ske_ecdhe(s, pkt, &pkey, &al)) + if (!tls_process_ske_ecdhe(s, pkt, &pkey)) { + /* SSLfatal() already called */ goto err; + } } else if (alg_k) { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE); + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_TLS_PROCESS_KEY_EXCHANGE, + SSL_R_UNEXPECTED_MESSAGE); goto err; } @@ -1646,7 +2312,9 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) PACKET params; int maxsig; const EVP_MD *md = NULL; - EVP_MD_CTX *md_ctx; + unsigned char *tbs; + size_t tbslen; + int rv; /* * |pkt| now points to the beginning of the signature, so the difference @@ -1655,46 +2323,49 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) if (!PACKET_get_sub_packet(&save_param_start, ¶ms, PACKET_remaining(&save_param_start) - PACKET_remaining(pkt))) { - al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); goto err; } if (SSL_USE_SIGALGS(s)) { - const unsigned char *sigalgs; - int rv; - if (!PACKET_get_bytes(pkt, &sigalgs, 2)) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT); + unsigned int sigalg; + + if (!PACKET_get_net_2(pkt, &sigalg)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE, + SSL_R_LENGTH_TOO_SHORT); goto err; } - rv = tls12_check_peer_sigalg(&md, s, sigalgs, pkey); - if (rv == -1) { - al = SSL_AD_INTERNAL_ERROR; - goto err; - } else if (rv == 0) { - al = SSL_AD_DECODE_ERROR; + if (tls12_check_peer_sigalg(s, sigalg, pkey) <=0) { + /* SSLfatal() already called */ goto err; } + } else if (!tls1_set_peer_legacy_sigalg(s, pkey)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + goto err; + } + + if (!tls1_lookup_md(s->s3->tmp.peer_sigalg, &md)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + goto err; + } #ifdef SSL_DEBUG + if (SSL_USE_SIGALGS(s)) fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md)); #endif - } else if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) { - md = EVP_md5_sha1(); - } else { - md = EVP_sha1(); - } if (!PACKET_get_length_prefixed_2(pkt, &signature) || PACKET_remaining(pkt) != 0) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH); + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE, + SSL_R_LENGTH_MISMATCH); goto err; } maxsig = EVP_PKEY_size(pkey); if (maxsig < 0) { - al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); goto err; } @@ -1703,255 +2374,324 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) */ if (PACKET_remaining(&signature) > (size_t)maxsig) { /* wrong packet length */ - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_WRONG_SIGNATURE_LENGTH); goto err; } md_ctx = EVP_MD_CTX_new(); if (md_ctx == NULL) { - al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE, + ERR_R_MALLOC_FAILURE); goto err; } - if (EVP_VerifyInit_ex(md_ctx, md, NULL) <= 0 - || EVP_VerifyUpdate(md_ctx, &(s->s3->client_random[0]), - SSL3_RANDOM_SIZE) <= 0 - || EVP_VerifyUpdate(md_ctx, &(s->s3->server_random[0]), - SSL3_RANDOM_SIZE) <= 0 - || EVP_VerifyUpdate(md_ctx, PACKET_data(¶ms), - PACKET_remaining(¶ms)) <= 0) { - EVP_MD_CTX_free(md_ctx); - al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EVP_LIB); + if (EVP_DigestVerifyInit(md_ctx, &pctx, md, NULL, pkey) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE, + ERR_R_EVP_LIB); + goto err; + } + if (SSL_USE_PSS(s)) { + if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) <= 0 + || EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, + RSA_PSS_SALTLEN_DIGEST) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EVP_LIB); + goto err; + } + } + tbslen = construct_key_exchange_tbs(s, &tbs, PACKET_data(¶ms), + PACKET_remaining(¶ms)); + if (tbslen == 0) { + /* SSLfatal() already called */ goto err; } - if (EVP_VerifyFinal(md_ctx, PACKET_data(&signature), - PACKET_remaining(&signature), pkey) <= 0) { - /* bad signature */ - EVP_MD_CTX_free(md_ctx); - al = SSL_AD_DECRYPT_ERROR; - SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_BAD_SIGNATURE); + + rv = EVP_DigestVerify(md_ctx, PACKET_data(&signature), + PACKET_remaining(&signature), tbs, tbslen); + OPENSSL_free(tbs); + if (rv <= 0) { + SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE, + SSL_R_BAD_SIGNATURE); goto err; } EVP_MD_CTX_free(md_ctx); + md_ctx = NULL; } else { /* aNULL, aSRP or PSK do not need public keys */ if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP)) && !(alg_k & SSL_PSK)) { /* Might be wrong key type, check it */ if (ssl3_check_cert_and_algorithm(s)) { - /* Otherwise this shouldn't happen */ - al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); - } else { - al = SSL_AD_DECODE_ERROR; + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE, + SSL_R_BAD_DATA); } + /* else this shouldn't happen, SSLfatal() already called */ goto err; } /* still data left over */ if (PACKET_remaining(pkt) != 0) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_EXTRA_DATA_IN_MESSAGE); + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE, + SSL_R_EXTRA_DATA_IN_MESSAGE); goto err; } } return MSG_PROCESS_CONTINUE_READING; err: - if (al != -1) - ssl3_send_alert(s, SSL3_AL_FATAL, al); - ossl_statem_set_error(s); + EVP_MD_CTX_free(md_ctx); return MSG_PROCESS_ERROR; } MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt) { - int ret = MSG_PROCESS_ERROR; - unsigned int list_len, ctype_num, i, name_len; - X509_NAME *xn = NULL; - const unsigned char *data; - const unsigned char *namestart, *namebytes; - STACK_OF(X509_NAME) *ca_sk = NULL; + size_t i; - if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) { - SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, ERR_R_MALLOC_FAILURE); - goto err; - } + /* Clear certificate validity flags */ + for (i = 0; i < SSL_PKEY_NUM; i++) + s->s3->tmp.valid_flags[i] = 0; - /* get the certificate types */ - if (!PACKET_get_1(pkt, &ctype_num) - || !PACKET_get_bytes(pkt, &data, ctype_num)) { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, SSL_R_LENGTH_MISMATCH); - goto err; - } - OPENSSL_free(s->cert->ctypes); - s->cert->ctypes = NULL; - if (ctype_num > SSL3_CT_NUMBER) { - /* If we exceed static buffer copy all to cert structure */ - s->cert->ctypes = OPENSSL_malloc(ctype_num); - if (s->cert->ctypes == NULL) { - SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, ERR_R_MALLOC_FAILURE); - goto err; + if (SSL_IS_TLS13(s)) { + PACKET reqctx, extensions; + RAW_EXTENSION *rawexts = NULL; + + if ((s->shutdown & SSL_SENT_SHUTDOWN) != 0) { + /* + * We already sent close_notify. This can only happen in TLSv1.3 + * post-handshake messages. We can't reasonably respond to this, so + * we just ignore it + */ + return MSG_PROCESS_FINISHED_READING; } - memcpy(s->cert->ctypes, data, ctype_num); - s->cert->ctype_num = (size_t)ctype_num; - ctype_num = SSL3_CT_NUMBER; - } - for (i = 0; i < ctype_num; i++) - s->s3->tmp.ctype[i] = data[i]; - if (SSL_USE_SIGALGS(s)) { - if (!PACKET_get_net_2(pkt, &list_len) - || !PACKET_get_bytes(pkt, &data, list_len)) { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, - SSL_R_LENGTH_MISMATCH); - goto err; + /* Free and zero certificate types: it is not present in TLS 1.3 */ + OPENSSL_free(s->s3->tmp.ctype); + s->s3->tmp.ctype = NULL; + s->s3->tmp.ctype_len = 0; + OPENSSL_free(s->pha_context); + s->pha_context = NULL; + + if (!PACKET_get_length_prefixed_1(pkt, &reqctx) || + !PACKET_memdup(&reqctx, &s->pha_context, &s->pha_context_len)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, + SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, + SSL_R_LENGTH_MISMATCH); + return MSG_PROCESS_ERROR; } - /* Clear certificate digests and validity flags */ - for (i = 0; i < SSL_PKEY_NUM; i++) { - s->s3->tmp.md[i] = NULL; - s->s3->tmp.valid_flags[i] = 0; + if (!PACKET_get_length_prefixed_2(pkt, &extensions)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, + SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, + SSL_R_BAD_LENGTH); + return MSG_PROCESS_ERROR; } - if ((list_len & 1) || !tls1_save_sigalgs(s, data, list_len)) { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, - SSL_R_SIGNATURE_ALGORITHMS_ERROR); - goto err; + if (!tls_collect_extensions(s, &extensions, + SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, + &rawexts, NULL, 1) + || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, + rawexts, NULL, 0, 1)) { + /* SSLfatal() already called */ + OPENSSL_free(rawexts); + return MSG_PROCESS_ERROR; } + OPENSSL_free(rawexts); if (!tls1_process_sigalgs(s)) { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); - SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, ERR_R_MALLOC_FAILURE); - goto err; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, + SSL_R_BAD_LENGTH); + return MSG_PROCESS_ERROR; } } else { - ssl_set_default_md(s); - } + PACKET ctypes; - /* get the CA RDNs */ - if (!PACKET_get_net_2(pkt, &list_len) - || PACKET_remaining(pkt) != list_len) { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, SSL_R_LENGTH_MISMATCH); - goto err; - } + /* get the certificate types */ + if (!PACKET_get_length_prefixed_1(pkt, &ctypes)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, + SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, + SSL_R_LENGTH_MISMATCH); + return MSG_PROCESS_ERROR; + } - while (PACKET_remaining(pkt)) { - if (!PACKET_get_net_2(pkt, &name_len) - || !PACKET_get_bytes(pkt, &namebytes, name_len)) { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, - SSL_R_LENGTH_MISMATCH); - goto err; + if (!PACKET_memdup(&ctypes, &s->s3->tmp.ctype, &s->s3->tmp.ctype_len)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, + ERR_R_INTERNAL_ERROR); + return MSG_PROCESS_ERROR; } - namestart = namebytes; + if (SSL_USE_SIGALGS(s)) { + PACKET sigalgs; - if ((xn = d2i_X509_NAME(NULL, (const unsigned char **)&namebytes, - name_len)) == NULL) { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, ERR_R_ASN1_LIB); - goto err; - } + if (!PACKET_get_length_prefixed_2(pkt, &sigalgs)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, + SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, + SSL_R_LENGTH_MISMATCH); + return MSG_PROCESS_ERROR; + } - if (namebytes != (namestart + name_len)) { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, - SSL_R_CA_DN_LENGTH_MISMATCH); - goto err; + /* + * Despite this being for certificates, preserve compatibility + * with pre-TLS 1.3 and use the regular sigalgs field. + */ + if (!tls1_save_sigalgs(s, &sigalgs, 0)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, + SSL_R_SIGNATURE_ALGORITHMS_ERROR); + return MSG_PROCESS_ERROR; + } + if (!tls1_process_sigalgs(s)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, + ERR_R_MALLOC_FAILURE); + return MSG_PROCESS_ERROR; + } } - if (!sk_X509_NAME_push(ca_sk, xn)) { - SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, ERR_R_MALLOC_FAILURE); - goto err; + + /* get the CA RDNs */ + if (!parse_ca_names(s, pkt)) { + /* SSLfatal() already called */ + return MSG_PROCESS_ERROR; } - xn = NULL; + } + + if (PACKET_remaining(pkt) != 0) { + SSLfatal(s, SSL_AD_DECODE_ERROR, + SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, + SSL_R_LENGTH_MISMATCH); + return MSG_PROCESS_ERROR; } /* we should setup a certificate to return.... */ s->s3->tmp.cert_req = 1; - s->s3->tmp.ctype_num = ctype_num; - sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); - s->s3->tmp.ca_names = ca_sk; - ca_sk = NULL; - ret = MSG_PROCESS_CONTINUE_PROCESSING; - goto done; - err: - ossl_statem_set_error(s); - done: - X509_NAME_free(xn); - sk_X509_NAME_pop_free(ca_sk, X509_NAME_free); - return ret; -} + /* + * In TLSv1.3 we don't prepare the client certificate yet. We wait until + * after the CertificateVerify message has been received. This is because + * in TLSv1.3 the CertificateRequest arrives before the Certificate message + * but in TLSv1.2 it is the other way around. We want to make sure that + * SSL_get_peer_certificate() returns something sensible in + * client_cert_cb. + */ + if (SSL_IS_TLS13(s) && s->post_handshake_auth != SSL_PHA_REQUESTED) + return MSG_PROCESS_CONTINUE_READING; -static int ca_dn_cmp(const X509_NAME *const *a, const X509_NAME *const *b) -{ - return (X509_NAME_cmp(*a, *b)); + return MSG_PROCESS_CONTINUE_PROCESSING; } MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) { - int al; unsigned int ticklen; - unsigned long ticket_lifetime_hint; + unsigned long ticket_lifetime_hint, age_add = 0; + unsigned int sess_len; + RAW_EXTENSION *exts = NULL; + PACKET nonce; + + PACKET_null_init(&nonce); if (!PACKET_get_net_4(pkt, &ticket_lifetime_hint) + || (SSL_IS_TLS13(s) + && (!PACKET_get_net_4(pkt, &age_add) + || !PACKET_get_length_prefixed_1(pkt, &nonce))) || !PACKET_get_net_2(pkt, &ticklen) - || PACKET_remaining(pkt) != ticklen) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH); - goto f_err; + || (SSL_IS_TLS13(s) ? (ticklen == 0 || PACKET_remaining(pkt) < ticklen) + : PACKET_remaining(pkt) != ticklen)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, + SSL_R_LENGTH_MISMATCH); + goto err; } - /* Server is allowed to change its mind and send an empty ticket. */ + /* + * Server is allowed to change its mind (in <=TLSv1.2) and send an empty + * ticket. We already checked this TLSv1.3 case above, so it should never + * be 0 here in that instance + */ if (ticklen == 0) return MSG_PROCESS_CONTINUE_READING; - if (s->session->session_id_length > 0) { - int i = s->session_ctx->session_cache_mode; + /* + * Sessions must be immutable once they go into the session cache. Otherwise + * we can get multi-thread problems. Therefore we don't "update" sessions, + * we replace them with a duplicate. In TLSv1.3 we need to do this every + * time a NewSessionTicket arrives because those messages arrive + * post-handshake and the session may have already gone into the session + * cache. + */ + if (SSL_IS_TLS13(s) || s->session->session_id_length > 0) { SSL_SESSION *new_sess; + /* * We reused an existing session, so we need to replace it with a new * one */ - if (i & SSL_SESS_CACHE_CLIENT) { + if ((new_sess = ssl_session_dup(s->session, 0)) == 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, + ERR_R_MALLOC_FAILURE); + goto err; + } + + if ((s->session_ctx->session_cache_mode & SSL_SESS_CACHE_CLIENT) != 0 + && !SSL_IS_TLS13(s)) { /* - * Remove the old session from the cache. We carry on if this fails + * In TLSv1.2 and below the arrival of a new tickets signals that + * any old ticket we were using is now out of date, so we remove the + * old session from the cache. We carry on if this fails */ SSL_CTX_remove_session(s->session_ctx, s->session); } - if ((new_sess = ssl_session_dup(s->session, 0)) == 0) { - al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE); - goto f_err; - } - SSL_SESSION_free(s->session); s->session = new_sess; } - OPENSSL_free(s->session->tlsext_tick); - s->session->tlsext_ticklen = 0; + /* + * Technically the cast to long here is not guaranteed by the C standard - + * but we use it elsewhere, so this should be ok. + */ + s->session->time = (long)time(NULL); - s->session->tlsext_tick = OPENSSL_malloc(ticklen); - if (s->session->tlsext_tick == NULL) { - SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE); + OPENSSL_free(s->session->ext.tick); + s->session->ext.tick = NULL; + s->session->ext.ticklen = 0; + + s->session->ext.tick = OPENSSL_malloc(ticklen); + if (s->session->ext.tick == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, + ERR_R_MALLOC_FAILURE); + goto err; + } + if (!PACKET_copy_bytes(pkt, s->session->ext.tick, ticklen)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, + SSL_R_LENGTH_MISMATCH); goto err; } - if (!PACKET_copy_bytes(pkt, s->session->tlsext_tick, ticklen)) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH); - goto f_err; + + s->session->ext.tick_lifetime_hint = ticket_lifetime_hint; + s->session->ext.tick_age_add = age_add; + s->session->ext.ticklen = ticklen; + + if (SSL_IS_TLS13(s)) { + PACKET extpkt; + + if (!PACKET_as_length_prefixed_2(pkt, &extpkt) + || PACKET_remaining(pkt) != 0) { + SSLfatal(s, SSL_AD_DECODE_ERROR, + SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, + SSL_R_LENGTH_MISMATCH); + goto err; + } + + if (!tls_collect_extensions(s, &extpkt, + SSL_EXT_TLS1_3_NEW_SESSION_TICKET, &exts, + NULL, 1) + || !tls_parse_all_extensions(s, + SSL_EXT_TLS1_3_NEW_SESSION_TICKET, + exts, NULL, 0, 1)) { + /* SSLfatal() already called */ + goto err; + } } - s->session->tlsext_tick_lifetime_hint = ticket_lifetime_hint; - s->session->tlsext_ticklen = ticklen; /* * There are two ways to detect a resumed ticket session. One is to set * an appropriate session ID and then the server must return a match in @@ -1963,123 +2703,186 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) * elsewhere in OpenSSL. The session ID is set to the SHA256 (or SHA1 is * SHA256 is disabled) hash of the ticket. */ - if (!EVP_Digest(s->session->tlsext_tick, ticklen, - s->session->session_id, &s->session->session_id_length, + /* + * TODO(size_t): we use sess_len here because EVP_Digest expects an int + * but s->session->session_id_length is a size_t + */ + if (!EVP_Digest(s->session->ext.tick, ticklen, + s->session->session_id, &sess_len, EVP_sha256(), NULL)) { - SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, ERR_R_EVP_LIB); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, + ERR_R_EVP_LIB); goto err; } + s->session->session_id_length = sess_len; + s->session->not_resumable = 0; + + /* This is a standalone message in TLSv1.3, so there is no more to read */ + if (SSL_IS_TLS13(s)) { + const EVP_MD *md = ssl_handshake_md(s); + int hashleni = EVP_MD_size(md); + size_t hashlen; + static const unsigned char nonce_label[] = "resumption"; + + /* Ensure cast to size_t is safe */ + if (!ossl_assert(hashleni >= 0)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, + ERR_R_INTERNAL_ERROR); + goto err; + } + hashlen = (size_t)hashleni; + + if (!tls13_hkdf_expand(s, md, s->resumption_master_secret, + nonce_label, + sizeof(nonce_label) - 1, + PACKET_data(&nonce), + PACKET_remaining(&nonce), + s->session->master_key, + hashlen)) { + /* SSLfatal() already called */ + goto err; + } + s->session->master_key_length = hashlen; + + OPENSSL_free(exts); + ssl_update_cache(s, SSL_SESS_CACHE_CLIENT); + return MSG_PROCESS_FINISHED_READING; + } + return MSG_PROCESS_CONTINUE_READING; - f_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); err: - ossl_statem_set_error(s); + OPENSSL_free(exts); return MSG_PROCESS_ERROR; } +/* + * In TLSv1.3 this is called from the extensions code, otherwise it is used to + * parse a separate message. Returns 1 on success or 0 on failure + */ +int tls_process_cert_status_body(SSL *s, PACKET *pkt) +{ + size_t resplen; + unsigned int type; + + if (!PACKET_get_1(pkt, &type) + || type != TLSEXT_STATUSTYPE_ocsp) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY, + SSL_R_UNSUPPORTED_STATUS_TYPE); + return 0; + } + if (!PACKET_get_net_3_len(pkt, &resplen) + || PACKET_remaining(pkt) != resplen) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY, + SSL_R_LENGTH_MISMATCH); + return 0; + } + s->ext.ocsp.resp = OPENSSL_malloc(resplen); + if (s->ext.ocsp.resp == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY, + ERR_R_MALLOC_FAILURE); + return 0; + } + if (!PACKET_copy_bytes(pkt, s->ext.ocsp.resp, resplen)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY, + SSL_R_LENGTH_MISMATCH); + return 0; + } + s->ext.ocsp.resp_len = resplen; + + return 1; +} + + MSG_PROCESS_RETURN tls_process_cert_status(SSL *s, PACKET *pkt) { - int al; - unsigned long resplen; - unsigned int type; - - if (!PACKET_get_1(pkt, &type) - || type != TLSEXT_STATUSTYPE_ocsp) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CERT_STATUS, SSL_R_UNSUPPORTED_STATUS_TYPE); - goto f_err; + if (!tls_process_cert_status_body(s, pkt)) { + /* SSLfatal() already called */ + return MSG_PROCESS_ERROR; } - if (!PACKET_get_net_3(pkt, &resplen) - || PACKET_remaining(pkt) != resplen) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CERT_STATUS, SSL_R_LENGTH_MISMATCH); - goto f_err; - } - s->tlsext_ocsp_resp = OPENSSL_malloc(resplen); - if (s->tlsext_ocsp_resp == NULL) { - al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CERT_STATUS, ERR_R_MALLOC_FAILURE); - goto f_err; - } - if (!PACKET_copy_bytes(pkt, s->tlsext_ocsp_resp, resplen)) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CERT_STATUS, SSL_R_LENGTH_MISMATCH); - goto f_err; - } - s->tlsext_ocsp_resplen = resplen; + return MSG_PROCESS_CONTINUE_READING; - f_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - ossl_statem_set_error(s); - return MSG_PROCESS_ERROR; } -MSG_PROCESS_RETURN tls_process_server_done(SSL *s, PACKET *pkt) +/* + * Perform miscellaneous checks and processing after we have received the + * server's initial flight. In TLS1.3 this is after the Server Finished message. + * In <=TLS1.2 this is after the ServerDone message. Returns 1 on success or 0 + * on failure. + */ +int tls_process_initial_server_flight(SSL *s) { - if (PACKET_remaining(pkt) > 0) { - /* should contain no data */ - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - SSLerr(SSL_F_TLS_PROCESS_SERVER_DONE, SSL_R_LENGTH_MISMATCH); - ossl_statem_set_error(s); - return MSG_PROCESS_ERROR; - } -#ifndef OPENSSL_NO_SRP - if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) { - if (SRP_Calc_A_param(s) <= 0) { - SSLerr(SSL_F_TLS_PROCESS_SERVER_DONE, SSL_R_SRP_A_CALC); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); - ossl_statem_set_error(s); - return MSG_PROCESS_ERROR; - } - } -#endif - /* * at this point we check that we have the required stuff from * the server */ if (!ssl3_check_cert_and_algorithm(s)) { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); - ossl_statem_set_error(s); - return MSG_PROCESS_ERROR; + /* SSLfatal() already called */ + return 0; } /* - * Call the ocsp status callback if needed. The |tlsext_ocsp_resp| and - * |tlsext_ocsp_resplen| values will be set if we actually received a status + * Call the ocsp status callback if needed. The |ext.ocsp.resp| and + * |ext.ocsp.resp_len| values will be set if we actually received a status * message, or NULL and -1 otherwise */ - if (s->tlsext_status_type != -1 && s->ctx->tlsext_status_cb != NULL) { - int ret; - ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); + if (s->ext.status_type != TLSEXT_STATUSTYPE_nothing + && s->ctx->ext.status_cb != NULL) { + int ret = s->ctx->ext.status_cb(s, s->ctx->ext.status_arg); + if (ret == 0) { - ssl3_send_alert(s, SSL3_AL_FATAL, - SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE); - SSLerr(SSL_F_TLS_PROCESS_SERVER_DONE, - SSL_R_INVALID_STATUS_RESPONSE); - return MSG_PROCESS_ERROR; + SSLfatal(s, SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE, + SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT, + SSL_R_INVALID_STATUS_RESPONSE); + return 0; } if (ret < 0) { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); - SSLerr(SSL_F_TLS_PROCESS_SERVER_DONE, ERR_R_MALLOC_FAILURE); - return MSG_PROCESS_ERROR; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT, + ERR_R_MALLOC_FAILURE); + return 0; } } #ifndef OPENSSL_NO_CT if (s->ct_validation_callback != NULL) { /* Note we validate the SCTs whether or not we abort on error */ if (!ssl_validate_ct(s) && (s->verify_mode & SSL_VERIFY_PEER)) { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); + /* SSLfatal() already called */ + return 0; + } + } +#endif + + return 1; +} + +MSG_PROCESS_RETURN tls_process_server_done(SSL *s, PACKET *pkt) +{ + if (PACKET_remaining(pkt) > 0) { + /* should contain no data */ + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_DONE, + SSL_R_LENGTH_MISMATCH); + return MSG_PROCESS_ERROR; + } +#ifndef OPENSSL_NO_SRP + if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) { + if (SRP_Calc_A_param(s) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SERVER_DONE, + SSL_R_SRP_A_CALC); return MSG_PROCESS_ERROR; } } #endif + if (!tls_process_initial_server_flight(s)) { + /* SSLfatal() already called */ + return MSG_PROCESS_ERROR; + } + return MSG_PROCESS_FINISHED_READING; } -static int tls_construct_cke_psk_preamble(SSL *s, unsigned char **p, - size_t *pskhdrlen, int *al) +static int tls_construct_cke_psk_preamble(SSL *s, WPACKET *pkt) { #ifndef OPENSSL_NO_PSK int ret = 0; @@ -2096,8 +2899,8 @@ static int tls_construct_cke_psk_preamble(SSL *s, unsigned char **p, size_t psklen = 0; if (s->psk_client_callback == NULL) { - SSLerr(SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, SSL_R_PSK_NO_CLIENT_CB); - *al = SSL_AD_INTERNAL_ERROR; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, + SSL_R_PSK_NO_CLIENT_CB); goto err; } @@ -2108,28 +2911,28 @@ static int tls_construct_cke_psk_preamble(SSL *s, unsigned char **p, psk, sizeof(psk)); if (psklen > PSK_MAX_PSK_LEN) { - SSLerr(SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR); - *al = SSL_AD_HANDSHAKE_FAILURE; + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, + SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR); goto err; } else if (psklen == 0) { - SSLerr(SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, - SSL_R_PSK_IDENTITY_NOT_FOUND); - *al = SSL_AD_HANDSHAKE_FAILURE; + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, + SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, + SSL_R_PSK_IDENTITY_NOT_FOUND); goto err; } identitylen = strlen(identity); if (identitylen > PSK_MAX_IDENTITY_LEN) { - SSLerr(SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR); - *al = SSL_AD_HANDSHAKE_FAILURE; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, + ERR_R_INTERNAL_ERROR); goto err; } tmppsk = OPENSSL_memdup(psk, psklen); tmpidentity = OPENSSL_strdup(identity); if (tmppsk == NULL || tmpidentity == NULL) { - SSLerr(SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, ERR_R_MALLOC_FAILURE); - *al = SSL_AD_INTERNAL_ERROR; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, + ERR_R_MALLOC_FAILURE); goto err; } @@ -2140,10 +2943,12 @@ static int tls_construct_cke_psk_preamble(SSL *s, unsigned char **p, OPENSSL_free(s->session->psk_identity); s->session->psk_identity = tmpidentity; tmpidentity = NULL; - s2n(identitylen, *p); - memcpy(*p, identity, identitylen); - *pskhdrlen = 2 + identitylen; - *p += identitylen; + + if (!WPACKET_sub_memcpy_u16(pkt, identity, identitylen)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, + ERR_R_INTERNAL_ERROR); + goto err; + } ret = 1; @@ -2155,16 +2960,16 @@ static int tls_construct_cke_psk_preamble(SSL *s, unsigned char **p, return ret; #else - SSLerr(SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR); - *al = SSL_AD_INTERNAL_ERROR; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, + ERR_R_INTERNAL_ERROR); return 0; #endif } -static int tls_construct_cke_rsa(SSL *s, unsigned char **p, int *len, int *al) +static int tls_construct_cke_rsa(SSL *s, WPACKET *pkt) { #ifndef OPENSSL_NO_RSA - unsigned char *q; + unsigned char *encdata = NULL; EVP_PKEY *pkey = NULL; EVP_PKEY_CTX *pctx = NULL; size_t enclen; @@ -2175,58 +2980,68 @@ static int tls_construct_cke_rsa(SSL *s, unsigned char **p, int *len, int *al) /* * We should always have a server certificate with SSL_kRSA. */ - SSLerr(SSL_F_TLS_CONSTRUCT_CKE_RSA, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA, + ERR_R_INTERNAL_ERROR); return 0; } pkey = X509_get0_pubkey(s->session->peer); if (EVP_PKEY_get0_RSA(pkey) == NULL) { - SSLerr(SSL_F_TLS_CONSTRUCT_CKE_RSA, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA, + ERR_R_INTERNAL_ERROR); return 0; } pmslen = SSL_MAX_MASTER_KEY_LENGTH; pms = OPENSSL_malloc(pmslen); if (pms == NULL) { - SSLerr(SSL_F_TLS_CONSTRUCT_CKE_RSA, ERR_R_MALLOC_FAILURE); - *al = SSL_AD_INTERNAL_ERROR; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA, + ERR_R_MALLOC_FAILURE); return 0; } pms[0] = s->client_version >> 8; pms[1] = s->client_version & 0xff; - if (RAND_bytes(pms + 2, pmslen - 2) <= 0) { + /* TODO(size_t): Convert this function */ + if (RAND_bytes(pms + 2, (int)(pmslen - 2)) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA, + ERR_R_MALLOC_FAILURE); goto err; } - q = *p; /* Fix buf for TLS and beyond */ - if (s->version > SSL3_VERSION) - *p += 2; + if (s->version > SSL3_VERSION && !WPACKET_start_sub_packet_u16(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA, + ERR_R_INTERNAL_ERROR); + goto err; + } pctx = EVP_PKEY_CTX_new(pkey, NULL); if (pctx == NULL || EVP_PKEY_encrypt_init(pctx) <= 0 || EVP_PKEY_encrypt(pctx, NULL, &enclen, pms, pmslen) <= 0) { - SSLerr(SSL_F_TLS_CONSTRUCT_CKE_RSA, ERR_R_EVP_LIB); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA, + ERR_R_EVP_LIB); goto err; } - if (EVP_PKEY_encrypt(pctx, *p, &enclen, pms, pmslen) <= 0) { - SSLerr(SSL_F_TLS_CONSTRUCT_CKE_RSA, SSL_R_BAD_RSA_ENCRYPT); + if (!WPACKET_allocate_bytes(pkt, enclen, &encdata) + || EVP_PKEY_encrypt(pctx, encdata, &enclen, pms, pmslen) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA, + SSL_R_BAD_RSA_ENCRYPT); goto err; } - *len = enclen; EVP_PKEY_CTX_free(pctx); pctx = NULL; -# ifdef PKCS1_CHECK - if (s->options & SSL_OP_PKCS1_CHECK_1) - (*p)[1]++; - if (s->options & SSL_OP_PKCS1_CHECK_2) - tmp_buf[0] = 0x70; -# endif /* Fix buf for TLS and beyond */ - if (s->version > SSL3_VERSION) { - s2n(*len, q); - *len += 2; + if (s->version > SSL3_VERSION && !WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA, + ERR_R_INTERNAL_ERROR); + goto err; + } + + /* Log the premaster secret, if logging is enabled. */ + if (!ssl_log_rsa_client_key_exchange(s, encdata, enclen, pms, pmslen)) { + /* SSLfatal() already called */ + goto err; } s->s3->tmp.pms = pms; @@ -2239,75 +3054,94 @@ static int tls_construct_cke_rsa(SSL *s, unsigned char **p, int *len, int *al) return 0; #else - SSLerr(SSL_F_TLS_CONSTRUCT_CKE_RSA, ERR_R_INTERNAL_ERROR); - *al = SSL_AD_INTERNAL_ERROR; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA, + ERR_R_INTERNAL_ERROR); return 0; #endif } -static int tls_construct_cke_dhe(SSL *s, unsigned char **p, int *len, int *al) +static int tls_construct_cke_dhe(SSL *s, WPACKET *pkt) { #ifndef OPENSSL_NO_DH DH *dh_clnt = NULL; const BIGNUM *pub_key; EVP_PKEY *ckey = NULL, *skey = NULL; + unsigned char *keybytes = NULL; skey = s->s3->peer_tmp; if (skey == NULL) { - SSLerr(SSL_F_TLS_CONSTRUCT_CKE_DHE, ERR_R_INTERNAL_ERROR); - return 0; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE, + ERR_R_INTERNAL_ERROR); + goto err; } + ckey = ssl_generate_pkey(skey); if (ckey == NULL) { - SSLerr(SSL_F_TLS_CONSTRUCT_CKE_DHE, ERR_R_INTERNAL_ERROR); - return 0; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE, + ERR_R_INTERNAL_ERROR); + goto err; } dh_clnt = EVP_PKEY_get0_DH(ckey); - if (dh_clnt == NULL || ssl_derive(s, ckey, skey) == 0) { - SSLerr(SSL_F_TLS_CONSTRUCT_CKE_DHE, ERR_R_INTERNAL_ERROR); - EVP_PKEY_free(ckey); - return 0; + if (dh_clnt == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE, + ERR_R_INTERNAL_ERROR); + goto err; + } + + if (ssl_derive(s, ckey, skey, 0) == 0) { + /* SSLfatal() already called */ + goto err; } /* send off the data */ DH_get0_key(dh_clnt, &pub_key, NULL); - *len = BN_num_bytes(pub_key); - s2n(*len, *p); - BN_bn2bin(pub_key, *p); - *len += 2; + if (!WPACKET_sub_allocate_bytes_u16(pkt, BN_num_bytes(pub_key), + &keybytes)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE, + ERR_R_INTERNAL_ERROR); + goto err; + } + + BN_bn2bin(pub_key, keybytes); EVP_PKEY_free(ckey); return 1; + err: + EVP_PKEY_free(ckey); + return 0; #else - SSLerr(SSL_F_TLS_CONSTRUCT_CKE_DHE, ERR_R_INTERNAL_ERROR); - *al = SSL_AD_INTERNAL_ERROR; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE, + ERR_R_INTERNAL_ERROR); return 0; #endif } -static int tls_construct_cke_ecdhe(SSL *s, unsigned char **p, int *len, int *al) +static int tls_construct_cke_ecdhe(SSL *s, WPACKET *pkt) { #ifndef OPENSSL_NO_EC unsigned char *encodedPoint = NULL; - int encoded_pt_len = 0; + size_t encoded_pt_len = 0; EVP_PKEY *ckey = NULL, *skey = NULL; + int ret = 0; skey = s->s3->peer_tmp; if (skey == NULL) { - SSLerr(SSL_F_TLS_CONSTRUCT_CKE_ECDHE, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_ECDHE, + ERR_R_INTERNAL_ERROR); return 0; } ckey = ssl_generate_pkey(skey); if (ckey == NULL) { - SSLerr(SSL_F_TLS_CONSTRUCT_CKE_ECDHE, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_ECDHE, + ERR_R_MALLOC_FAILURE); goto err; } - if (ssl_derive(s, ckey, skey) == 0) { - SSLerr(SSL_F_TLS_CONSTRUCT_CKE_ECDHE, ERR_R_EVP_LIB); + if (ssl_derive(s, ckey, skey, 0) == 0) { + /* SSLfatal() already called */ goto err; } @@ -2315,37 +3149,30 @@ static int tls_construct_cke_ecdhe(SSL *s, unsigned char **p, int *len, int *al) encoded_pt_len = EVP_PKEY_get1_tls_encodedpoint(ckey, &encodedPoint); if (encoded_pt_len == 0) { - SSLerr(SSL_F_TLS_CONSTRUCT_CKE_ECDHE, ERR_R_EC_LIB); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_ECDHE, + ERR_R_EC_LIB); goto err; } - EVP_PKEY_free(ckey); - ckey = NULL; - - *len = encoded_pt_len; - - /* length of encoded point */ - **p = *len; - *p += 1; - /* copy the point */ - memcpy(*p, encodedPoint, *len); - /* increment len to account for length field */ - *len += 1; - - OPENSSL_free(encodedPoint); + if (!WPACKET_sub_memcpy_u8(pkt, encodedPoint, encoded_pt_len)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_ECDHE, + ERR_R_INTERNAL_ERROR); + goto err; + } - return 1; + ret = 1; err: + OPENSSL_free(encodedPoint); EVP_PKEY_free(ckey); - return 0; + return ret; #else - SSLerr(SSL_F_TLS_CONSTRUCT_CKE_ECDHE, ERR_R_INTERNAL_ERROR); - *al = SSL_AD_INTERNAL_ERROR; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_ECDHE, + ERR_R_INTERNAL_ERROR); return 0; #endif } -static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al) +static int tls_construct_cke_gost(SSL *s, WPACKET *pkt) { #ifndef OPENSSL_NO_GOST /* GOST key exchange message creation */ @@ -2367,16 +3194,15 @@ static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al) */ peer_cert = s->session->peer; if (!peer_cert) { - *al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_CONSTRUCT_CKE_GOST, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER); return 0; } pkey_ctx = EVP_PKEY_CTX_new(X509_get0_pubkey(peer_cert), NULL); if (pkey_ctx == NULL) { - *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST, + ERR_R_MALLOC_FAILURE); return 0; } /* @@ -2389,16 +3215,18 @@ static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al) pmslen = 32; pms = OPENSSL_malloc(pmslen); if (pms == NULL) { - *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST, + ERR_R_MALLOC_FAILURE); goto err; } if (EVP_PKEY_encrypt_init(pkey_ctx) <= 0 - /* Generate session key */ - || RAND_bytes(pms, pmslen) <= 0) { - *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_INTERNAL_ERROR); + /* Generate session key + * TODO(size_t): Convert this function + */ + || RAND_bytes(pms, (int)pmslen) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST, + ERR_R_INTERNAL_ERROR); goto err; }; /* @@ -2413,38 +3241,36 @@ static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al) || EVP_DigestUpdate(ukm_hash, s->s3->server_random, SSL3_RANDOM_SIZE) <= 0 || EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len) <= 0) { - *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST, + ERR_R_INTERNAL_ERROR); goto err; } EVP_MD_CTX_free(ukm_hash); ukm_hash = NULL; if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT, EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) < 0) { - *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, SSL_R_LIBRARY_BUG); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST, + SSL_R_LIBRARY_BUG); goto err; } /* Make GOST keytransport blob message */ /* * Encapsulate it into sequence */ - *((*p)++) = V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED; msglen = 255; if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, pms, pmslen) <= 0) { - *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, SSL_R_LIBRARY_BUG); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST, + SSL_R_LIBRARY_BUG); goto err; } - if (msglen >= 0x80) { - *((*p)++) = 0x81; - *((*p)++) = msglen & 0xff; - *len = msglen + 3; - } else { - *((*p)++) = msglen & 0xff; - *len = msglen + 2; + + if (!WPACKET_put_bytes_u8(pkt, V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED) + || (msglen >= 0x80 && !WPACKET_put_bytes_u8(pkt, 0x81)) + || !WPACKET_sub_memcpy_u8(pkt, tmp, msglen)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST, + ERR_R_INTERNAL_ERROR); + goto err; } - memcpy(*p, tmp, msglen); EVP_PKEY_CTX_free(pkey_ctx); s->s3->tmp.pms = pms; @@ -2457,98 +3283,85 @@ static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al) EVP_MD_CTX_free(ukm_hash); return 0; #else - SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_INTERNAL_ERROR); - *al = SSL_AD_INTERNAL_ERROR; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST, + ERR_R_INTERNAL_ERROR); return 0; #endif } -static int tls_construct_cke_srp(SSL *s, unsigned char **p, int *len, int *al) +static int tls_construct_cke_srp(SSL *s, WPACKET *pkt) { #ifndef OPENSSL_NO_SRP - if (s->srp_ctx.A != NULL) { - /* send off the data */ - *len = BN_num_bytes(s->srp_ctx.A); - s2n(*len, *p); - BN_bn2bin(s->srp_ctx.A, *p); - *len += 2; - } else { - SSLerr(SSL_F_TLS_CONSTRUCT_CKE_SRP, ERR_R_INTERNAL_ERROR); + unsigned char *abytes = NULL; + + if (s->srp_ctx.A == NULL + || !WPACKET_sub_allocate_bytes_u16(pkt, BN_num_bytes(s->srp_ctx.A), + &abytes)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_SRP, + ERR_R_INTERNAL_ERROR); return 0; } + BN_bn2bin(s->srp_ctx.A, abytes); + OPENSSL_free(s->session->srp_username); s->session->srp_username = OPENSSL_strdup(s->srp_ctx.login); if (s->session->srp_username == NULL) { - SSLerr(SSL_F_TLS_CONSTRUCT_CKE_SRP, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_SRP, + ERR_R_MALLOC_FAILURE); return 0; } return 1; #else - SSLerr(SSL_F_TLS_CONSTRUCT_CKE_SRP, ERR_R_INTERNAL_ERROR); - *al = SSL_AD_INTERNAL_ERROR; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_SRP, + ERR_R_INTERNAL_ERROR); return 0; #endif } -int tls_construct_client_key_exchange(SSL *s) +int tls_construct_client_key_exchange(SSL *s, WPACKET *pkt) { - unsigned char *p; - int len; - size_t pskhdrlen = 0; unsigned long alg_k; - int al = -1; alg_k = s->s3->tmp.new_cipher->algorithm_mkey; - p = ssl_handshake_start(s); - + /* + * All of the construct functions below call SSLfatal() if necessary so + * no need to do so here. + */ if ((alg_k & SSL_PSK) - && !tls_construct_cke_psk_preamble(s, &p, &pskhdrlen, &al)) + && !tls_construct_cke_psk_preamble(s, pkt)) goto err; - if (alg_k & SSL_kPSK) { - len = 0; - } else if (alg_k & (SSL_kRSA | SSL_kRSAPSK)) { - if (!tls_construct_cke_rsa(s, &p, &len, &al)) + if (alg_k & (SSL_kRSA | SSL_kRSAPSK)) { + if (!tls_construct_cke_rsa(s, pkt)) goto err; } else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) { - if (!tls_construct_cke_dhe(s, &p, &len, &al)) + if (!tls_construct_cke_dhe(s, pkt)) goto err; } else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) { - if (!tls_construct_cke_ecdhe(s, &p, &len, &al)) + if (!tls_construct_cke_ecdhe(s, pkt)) goto err; } else if (alg_k & SSL_kGOST) { - if (!tls_construct_cke_gost(s, &p, &len, &al)) + if (!tls_construct_cke_gost(s, pkt)) goto err; } else if (alg_k & SSL_kSRP) { - if (!tls_construct_cke_srp(s, &p, &len, &al)) + if (!tls_construct_cke_srp(s, pkt)) goto err; - } else { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); - SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); - goto err; - } - - len += pskhdrlen; - - if (!ssl_set_handshake_header(s, SSL3_MT_CLIENT_KEY_EXCHANGE, len)) { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); - SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); + } else if (!(alg_k & SSL_kPSK)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto err; } return 1; err: - if (al != -1) - ssl3_send_alert(s, SSL3_AL_FATAL, al); OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen); s->s3->tmp.pms = NULL; #ifndef OPENSSL_NO_PSK OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen); s->s3->tmp.psk = NULL; #endif - ossl_statem_set_error(s); return 0; } @@ -2564,8 +3377,7 @@ int tls_client_key_exchange_post_work(SSL *s) /* Check for SRP */ if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) { if (!srp_generate_client_master_secret(s)) { - SSLerr(SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK, - ERR_R_INTERNAL_ERROR); + /* SSLfatal() already called */ goto err; } return 1; @@ -2573,13 +3385,12 @@ int tls_client_key_exchange_post_work(SSL *s) #endif if (pms == NULL && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); - SSLerr(SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK, ERR_R_MALLOC_FAILURE); goto err; } if (!ssl_generate_master_secret(s, pms, pmslen, 1)) { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); - SSLerr(SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK, ERR_R_INTERNAL_ERROR); + /* SSLfatal() already called */ /* ssl_generate_master_secret frees the pms even on error */ pms = NULL; pmslen = 0; @@ -2602,8 +3413,12 @@ int tls_client_key_exchange_post_work(SSL *s) if (SSL_export_keying_material(s, sctpauthkey, sizeof(sctpauthkey), labelbuffer, - sizeof(labelbuffer), NULL, 0, 0) <= 0) + sizeof(labelbuffer), NULL, 0, 0) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK, + ERR_R_INTERNAL_ERROR); goto err; + } BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, sizeof(sctpauthkey), sctpauthkey); @@ -2617,79 +3432,6 @@ int tls_client_key_exchange_post_work(SSL *s) return 0; } -int tls_construct_client_verify(SSL *s) -{ - unsigned char *p; - EVP_PKEY *pkey; - const EVP_MD *md = s->s3->tmp.md[s->cert->key - s->cert->pkeys]; - EVP_MD_CTX *mctx; - unsigned u = 0; - unsigned long n = 0; - long hdatalen = 0; - void *hdata; - - mctx = EVP_MD_CTX_new(); - if (mctx == NULL) { - SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_MALLOC_FAILURE); - goto err; - } - - p = ssl_handshake_start(s); - pkey = s->cert->key->privatekey; - - hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); - if (hdatalen <= 0) { - SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR); - goto err; - } - if (SSL_USE_SIGALGS(s)) { - if (!tls12_get_sigandhash(p, pkey, md)) { - SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR); - goto err; - } - p += 2; - n = 2; - } -#ifdef SSL_DEBUG - fprintf(stderr, "Using client alg %s\n", EVP_MD_name(md)); -#endif - if (!EVP_SignInit_ex(mctx, md, NULL) - || !EVP_SignUpdate(mctx, hdata, hdatalen) - || (s->version == SSL3_VERSION - && !EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET, - s->session->master_key_length, - s->session->master_key)) - || !EVP_SignFinal(mctx, p + 2, &u, pkey)) { - SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_EVP_LIB); - goto err; - } -#ifndef OPENSSL_NO_GOST - { - int pktype = EVP_PKEY_id(pkey); - if (pktype == NID_id_GostR3410_2001 - || pktype == NID_id_GostR3410_2012_256 - || pktype == NID_id_GostR3410_2012_512) - BUF_reverse(p + 2, NULL, u); - } -#endif - - s2n(u, p); - n += u + 2; - /* Digest cached records and discard handshake buffer */ - if (!ssl3_digest_cached_records(s, 0)) - goto err; - if (!ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE_VERIFY, n)) { - SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR); - goto err; - } - - EVP_MD_CTX_free(mctx); - return 1; - err: - EVP_MD_CTX_free(mctx); - return 0; -} - /* * Check a certificate can be used for client authentication. Currently check * cert exists, if we have a suitable digest for TLS 1.2 if static DH client @@ -2697,10 +3439,8 @@ int tls_construct_client_verify(SSL *s) */ static int ssl3_check_client_certificate(SSL *s) { - if (!s->cert || !s->cert->key->x509 || !s->cert->key->privatekey) - return 0; /* If no suitable signature algorithm can't use certificate */ - if (SSL_USE_SIGALGS(s) && !s->s3->tmp.md[s->cert->key - s->cert->pkeys]) + if (!tls_choose_sigalg(s, 0) || s->s3->tmp.sigalg == NULL) return 0; /* * If strict mode check suitability of chain before using it. This also @@ -2727,14 +3467,19 @@ WORK_STATE tls_prepare_client_certificate(SSL *s, WORK_STATE wst) return WORK_MORE_A; } if (i == 0) { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); - ossl_statem_set_error(s); - return 0; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE, + SSL_R_CALLBACK_FAILED); + return WORK_ERROR; } s->rwstate = SSL_NOTHING; } - if (ssl3_check_client_certificate(s)) + if (ssl3_check_client_certificate(s)) { + if (s->post_handshake_auth == SSL_PHA_REQUESTED) { + return WORK_FINISHED_STOP; + } return WORK_FINISHED_CONTINUE; + } /* Fall through to WORK_MORE_B */ wst = WORK_MORE_B; @@ -2773,131 +3518,194 @@ WORK_STATE tls_prepare_client_certificate(SSL *s, WORK_STATE wst) } else { s->s3->tmp.cert_req = 2; if (!ssl3_digest_cached_records(s, 0)) { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); - ossl_statem_set_error(s); - return 0; + /* SSLfatal() already called */ + return WORK_ERROR; } } } + if (s->post_handshake_auth == SSL_PHA_REQUESTED) + return WORK_FINISHED_STOP; return WORK_FINISHED_CONTINUE; } /* Shouldn't ever get here */ + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE, + ERR_R_INTERNAL_ERROR); return WORK_ERROR; } -int tls_construct_client_certificate(SSL *s) +int tls_construct_client_certificate(SSL *s, WPACKET *pkt) { - if (!ssl3_output_cert_chain(s, - (s->s3->tmp.cert_req == - 2) ? NULL : s->cert->key)) { - SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); - ossl_statem_set_error(s); + if (SSL_IS_TLS13(s)) { + if (s->pha_context == NULL) { + /* no context available, add 0-length context */ + if (!WPACKET_put_bytes_u8(pkt, 0)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR); + return 0; + } + } else if (!WPACKET_sub_memcpy_u8(pkt, s->pha_context, s->pha_context_len)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR); + return 0; + } + } + if (!ssl3_output_cert_chain(s, pkt, + (s->s3->tmp.cert_req == 2) ? NULL + : s->cert->key)) { + /* SSLfatal() already called */ + return 0; + } + + if (SSL_IS_TLS13(s) + && SSL_IS_FIRST_HANDSHAKE(s) + && (!s->method->ssl3_enc->change_cipher_state(s, + SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE))) { + /* + * This is a fatal error, which leaves enc_write_ctx in an inconsistent + * state and thus ssl3_send_alert may crash. + */ + SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE, + SSL_R_CANNOT_CHANGE_CIPHER); return 0; } return 1; } -#define has_bits(i,m) (((i)&(m)) == (m)) - int ssl3_check_cert_and_algorithm(SSL *s) { - int i; -#ifndef OPENSSL_NO_EC - int idx; -#endif + const SSL_CERT_LOOKUP *clu; + size_t idx; long alg_k, alg_a; - EVP_PKEY *pkey = NULL; - int al = SSL_AD_HANDSHAKE_FAILURE; alg_k = s->s3->tmp.new_cipher->algorithm_mkey; alg_a = s->s3->tmp.new_cipher->algorithm_auth; /* we don't have a certificate */ - if ((alg_a & SSL_aNULL) || (alg_k & SSL_kPSK)) - return (1); + if (!(alg_a & SSL_aCERT)) + return 1; /* This is the passed certificate */ + clu = ssl_cert_lookup_by_pkey(X509_get0_pubkey(s->session->peer), &idx); -#ifndef OPENSSL_NO_EC - idx = s->session->peer_type; - if (idx == SSL_PKEY_ECC) { - if (ssl_check_srvr_ecc_cert_and_alg(s->session->peer, s) == 0) { - /* check failed */ - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_BAD_ECC_CERT); - goto f_err; - } else { - return 1; - } - } else if (alg_a & SSL_aECDSA) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, - SSL_R_MISSING_ECDSA_SIGNING_CERT); - goto f_err; + /* Check certificate is recognised and suitable for cipher */ + if (clu == NULL || (alg_a & clu->amask) == 0) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, + SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSL_R_MISSING_SIGNING_CERT); + return 0; } -#endif - pkey = X509_get0_pubkey(s->session->peer); - i = X509_certificate_type(s->session->peer, pkey); - /* Check that we have a certificate if we require one */ - if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA | EVP_PKT_SIGN)) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, - SSL_R_MISSING_RSA_SIGNING_CERT); - goto f_err; - } -#ifndef OPENSSL_NO_DSA - else if ((alg_a & SSL_aDSS) && !has_bits(i, EVP_PK_DSA | EVP_PKT_SIGN)) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, - SSL_R_MISSING_DSA_SIGNING_CERT); - goto f_err; +#ifndef OPENSSL_NO_EC + if (clu->amask & SSL_aECDSA) { + if (ssl_check_srvr_ecc_cert_and_alg(s->session->peer, s)) + return 1; + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, + SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_BAD_ECC_CERT); + return 0; } #endif #ifndef OPENSSL_NO_RSA - if (alg_k & (SSL_kRSA | SSL_kRSAPSK) && - !has_bits(i, EVP_PK_RSA | EVP_PKT_ENC)) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, - SSL_R_MISSING_RSA_ENCRYPTING_CERT); - goto f_err; + if (alg_k & (SSL_kRSA | SSL_kRSAPSK) && idx != SSL_PKEY_RSA) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, + SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSL_R_MISSING_RSA_ENCRYPTING_CERT); + return 0; } #endif #ifndef OPENSSL_NO_DH if ((alg_k & SSL_kDHE) && (s->s3->peer_tmp == NULL)) { - al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR); - goto f_err; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + ERR_R_INTERNAL_ERROR); + return 0; } #endif - return (1); - f_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - return (0); + return 1; } #ifndef OPENSSL_NO_NEXTPROTONEG -int tls_construct_next_proto(SSL *s) +int tls_construct_next_proto(SSL *s, WPACKET *pkt) { - unsigned int len, padding_len; - unsigned char *d; + size_t len, padding_len; + unsigned char *padding = NULL; - len = s->next_proto_negotiated_len; + len = s->ext.npn_len; padding_len = 32 - ((len + 2) % 32); - d = (unsigned char *)s->init_buf->data; - d[4] = len; - memcpy(d + 5, s->next_proto_negotiated, len); - d[5 + len] = padding_len; - memset(d + 6 + len, 0, padding_len); - *(d++) = SSL3_MT_NEXT_PROTO; - l2n3(2 + len + padding_len, d); - s->init_num = 4 + 2 + len + padding_len; - s->init_off = 0; + + if (!WPACKET_sub_memcpy_u8(pkt, s->ext.npn, len) + || !WPACKET_sub_allocate_bytes_u8(pkt, padding_len, &padding)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_NEXT_PROTO, + ERR_R_INTERNAL_ERROR); + return 0; + } + + memset(padding, 0, padding_len); return 1; } #endif +MSG_PROCESS_RETURN tls_process_hello_req(SSL *s, PACKET *pkt) +{ + if (PACKET_remaining(pkt) > 0) { + /* should contain no data */ + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_HELLO_REQ, + SSL_R_LENGTH_MISMATCH); + return MSG_PROCESS_ERROR; + } + + if ((s->options & SSL_OP_NO_RENEGOTIATION)) { + ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); + return MSG_PROCESS_FINISHED_READING; + } + + /* + * This is a historical discrepancy (not in the RFC) maintained for + * compatibility reasons. If a TLS client receives a HelloRequest it will + * attempt an abbreviated handshake. However if a DTLS client receives a + * HelloRequest it will do a full handshake. Either behaviour is reasonable + * but doing one for TLS and another for DTLS is odd. + */ + if (SSL_IS_DTLS(s)) + SSL_renegotiate(s); + else + SSL_renegotiate_abbreviated(s); + + return MSG_PROCESS_FINISHED_READING; +} + +static MSG_PROCESS_RETURN tls_process_encrypted_extensions(SSL *s, PACKET *pkt) +{ + PACKET extensions; + RAW_EXTENSION *rawexts = NULL; + + if (!PACKET_as_length_prefixed_2(pkt, &extensions) + || PACKET_remaining(pkt) != 0) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_ENCRYPTED_EXTENSIONS, + SSL_R_LENGTH_MISMATCH); + goto err; + } + + if (!tls_collect_extensions(s, &extensions, + SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, &rawexts, + NULL, 1) + || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, + rawexts, NULL, 0, 1)) { + /* SSLfatal() already called */ + goto err; + } + + OPENSSL_free(rawexts); + return MSG_PROCESS_CONTINUE_READING; + + err: + OPENSSL_free(rawexts); + return MSG_PROCESS_ERROR; +} + int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey) { int i = 0; @@ -2915,47 +3723,123 @@ int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey) return i; } -int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p) +int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, WPACKET *pkt) { - int i, j = 0; - const SSL_CIPHER *c; - unsigned char *q; + int i; + size_t totlen = 0, len, maxlen, maxverok = 0; int empty_reneg_info_scsv = !s->renegotiate; + /* Set disabled masks for this session */ - ssl_set_client_disabled(s); + if (!ssl_set_client_disabled(s)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CIPHER_LIST_TO_BYTES, + SSL_R_NO_PROTOCOLS_AVAILABLE); + return 0; + } + + if (sk == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CIPHER_LIST_TO_BYTES, + ERR_R_INTERNAL_ERROR); + return 0; + } + +#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH +# if OPENSSL_MAX_TLS1_2_CIPHER_LENGTH < 6 +# error Max cipher length too short +# endif + /* + * Some servers hang if client hello > 256 bytes as hack workaround + * chop number of supported ciphers to keep it well below this if we + * use TLS v1.2 + */ + if (TLS1_get_version(s) >= TLS1_2_VERSION) + maxlen = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1; + else +#endif + /* Maximum length that can be stored in 2 bytes. Length must be even */ + maxlen = 0xfffe; + + if (empty_reneg_info_scsv) + maxlen -= 2; + if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) + maxlen -= 2; - if (sk == NULL) - return (0); - q = p; + for (i = 0; i < sk_SSL_CIPHER_num(sk) && totlen < maxlen; i++) { + const SSL_CIPHER *c; - for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { c = sk_SSL_CIPHER_value(sk, i); /* Skip disabled ciphers */ if (ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED, 0)) continue; - j = s->method->put_cipher_by_char(c, p); - p += j; + + if (!s->method->put_cipher_by_char(c, pkt, &len)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CIPHER_LIST_TO_BYTES, + ERR_R_INTERNAL_ERROR); + return 0; + } + + /* Sanity check that the maximum version we offer has ciphers enabled */ + if (!maxverok) { + if (SSL_IS_DTLS(s)) { + if (DTLS_VERSION_GE(c->max_dtls, s->s3->tmp.max_ver) + && DTLS_VERSION_LE(c->min_dtls, s->s3->tmp.max_ver)) + maxverok = 1; + } else { + if (c->max_tls >= s->s3->tmp.max_ver + && c->min_tls <= s->s3->tmp.max_ver) + maxverok = 1; + } + } + + totlen += len; } - /* - * If p == q, no ciphers; caller indicates an error. Otherwise, add - * applicable SCSVs. - */ - if (p != q) { + + if (totlen == 0 || !maxverok) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CIPHER_LIST_TO_BYTES, + SSL_R_NO_CIPHERS_AVAILABLE); + + if (!maxverok) + ERR_add_error_data(1, "No ciphers enabled for max supported " + "SSL/TLS version"); + + return 0; + } + + if (totlen != 0) { if (empty_reneg_info_scsv) { static SSL_CIPHER scsv = { - 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 + 0, NULL, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; - j = s->method->put_cipher_by_char(&scsv, p); - p += j; + if (!s->method->put_cipher_by_char(&scsv, pkt, &len)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_SSL_CIPHER_LIST_TO_BYTES, ERR_R_INTERNAL_ERROR); + return 0; + } } if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) { static SSL_CIPHER scsv = { - 0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 + 0, NULL, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; - j = s->method->put_cipher_by_char(&scsv, p); - p += j; + if (!s->method->put_cipher_by_char(&scsv, pkt, &len)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_SSL_CIPHER_LIST_TO_BYTES, ERR_R_INTERNAL_ERROR); + return 0; + } } } - return (p - q); + return 1; +} + +int tls_construct_end_of_early_data(SSL *s, WPACKET *pkt) +{ + if (s->early_data_state != SSL_EARLY_DATA_WRITE_RETRY + && s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_END_OF_EARLY_DATA, + ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + + s->early_data_state = SSL_EARLY_DATA_FINISHED_WRITING; + return 1; } diff --git a/deps/openssl/openssl/ssl/statem/statem_dtls.c b/deps/openssl/openssl/ssl/statem/statem_dtls.c index 5b34425445363a..b016fa7cff74eb 100644 --- a/deps/openssl/openssl/ssl/statem/statem_dtls.c +++ b/deps/openssl/openssl/ssl/statem/statem_dtls.c @@ -12,6 +12,7 @@ #include #include "../ssl_locl.h" #include "statem_locl.h" +#include "internal/cryptlib.h" #include #include #include @@ -32,7 +33,6 @@ #define RSMBLY_BITMASK_IS_COMPLETE(bitmask, msg_len, is_complete) { \ long ii; \ - OPENSSL_assert((msg_len) > 0); \ is_complete = 1; \ if (bitmask[(((msg_len) - 1) >> 3)] != bitmask_end_values[((msg_len) & 7)]) is_complete = 0; \ if (is_complete) for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0 ; ii--) \ @@ -43,30 +43,30 @@ static unsigned char bitmask_start_values[] = static unsigned char bitmask_end_values[] = { 0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f }; -static void dtls1_fix_message_header(SSL *s, unsigned long frag_off, - unsigned long frag_len); +static void dtls1_fix_message_header(SSL *s, size_t frag_off, + size_t frag_len); static unsigned char *dtls1_write_message_header(SSL *s, unsigned char *p); static void dtls1_set_message_header_int(SSL *s, unsigned char mt, - unsigned long len, + size_t len, unsigned short seq_num, - unsigned long frag_off, - unsigned long frag_len); -static int dtls_get_reassembled_message(SSL *s, long *len); + size_t frag_off, + size_t frag_len); +static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len); -static hm_fragment *dtls1_hm_fragment_new(unsigned long frag_len, - int reassembly) +static hm_fragment *dtls1_hm_fragment_new(size_t frag_len, int reassembly) { hm_fragment *frag = NULL; unsigned char *buf = NULL; unsigned char *bitmask = NULL; - frag = OPENSSL_malloc(sizeof(*frag)); - if (frag == NULL) + if ((frag = OPENSSL_malloc(sizeof(*frag))) == NULL) { + SSLerr(SSL_F_DTLS1_HM_FRAGMENT_NEW, ERR_R_MALLOC_FAILURE); return NULL; + } if (frag_len) { - buf = OPENSSL_malloc(frag_len); - if (buf == NULL) { + if ((buf = OPENSSL_malloc(frag_len)) == NULL) { + SSLerr(SSL_F_DTLS1_HM_FRAGMENT_NEW, ERR_R_MALLOC_FAILURE); OPENSSL_free(frag); return NULL; } @@ -79,6 +79,7 @@ static hm_fragment *dtls1_hm_fragment_new(unsigned long frag_len, if (reassembly) { bitmask = OPENSSL_zalloc(RSMBLY_BITMASK_SIZE(frag_len)); if (bitmask == NULL) { + SSLerr(SSL_F_DTLS1_HM_FRAGMENT_NEW, ERR_R_MALLOC_FAILURE); OPENSSL_free(buf); OPENSSL_free(frag); return NULL; @@ -111,9 +112,10 @@ void dtls1_hm_fragment_free(hm_fragment *frag) int dtls1_do_write(SSL *s, int type) { int ret; - unsigned int curr_mtu; + size_t written; + size_t curr_mtu; int retry = 1; - unsigned int len, frag_off, mac_size, blocksize, used_len; + size_t len, frag_off, mac_size, blocksize, used_len; if (!dtls1_query_mtu(s)) return -1; @@ -122,9 +124,11 @@ int dtls1_do_write(SSL *s, int type) /* should have something reasonable now */ return -1; - if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE) - OPENSSL_assert(s->init_num == - (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); + if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE) { + if (!ossl_assert(s->init_num == + s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH)) + return -1; + } if (s->write_hash) { if (s->enc_write_ctx @@ -235,7 +239,8 @@ int dtls1_do_write(SSL *s, int type) data[s->init_off]); } - ret = dtls1_write_bytes(s, type, &s->init_buf->data[s->init_off], len); + ret = dtls1_write_bytes(s, type, &s->init_buf->data[s->init_off], len, + &written); if (ret < 0) { /* * might need to update MTU here, but we don't know which @@ -253,7 +258,7 @@ int dtls1_do_write(SSL *s, int type) } else return -1; } else { - return (-1); + return -1; } } else { @@ -261,7 +266,8 @@ int dtls1_do_write(SSL *s, int type) * bad if this assert fails, only part of the handshake message * got sent. but why would this happen? */ - OPENSSL_assert(len == (unsigned int)ret); + if (!ossl_assert(len == written)) + return -1; if (type == SSL3_RT_HANDSHAKE && !s->d1->retransmitting) { /* @@ -271,7 +277,7 @@ int dtls1_do_write(SSL *s, int type) unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off]; const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; - int xlen; + size_t xlen; if (frag_off == 0 && s->version != DTLS1_BAD_VER) { /* @@ -284,17 +290,17 @@ int dtls1_do_write(SSL *s, int type) l2n3(0, p); l2n3(msg_hdr->msg_len, p); p -= DTLS1_HM_HEADER_LENGTH; - xlen = ret; + xlen = written; } else { p += DTLS1_HM_HEADER_LENGTH; - xlen = ret - DTLS1_HM_HEADER_LENGTH; + xlen = written - DTLS1_HM_HEADER_LENGTH; } if (!ssl3_finish_mac(s, p, xlen)) return -1; } - if (ret == s->init_num) { + if (written == s->init_num) { if (s->msg_callback) s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, @@ -303,12 +309,12 @@ int dtls1_do_write(SSL *s, int type) s->init_off = 0; /* done writing this message */ s->init_num = 0; - return (1); + return 1; } - s->init_off += ret; - s->init_num -= ret; - ret -= DTLS1_HM_HEADER_LENGTH; - frag_off += ret; + s->init_off += written; + s->init_num -= written; + written -= DTLS1_HM_HEADER_LENGTH; + frag_off += written; /* * We save the fragment offset for the next fragment so we have it @@ -319,32 +325,34 @@ int dtls1_do_write(SSL *s, int type) dtls1_fix_message_header(s, frag_off, 0); } } - return (0); + return 0; } -int dtls_get_message(SSL *s, int *mt, unsigned long *len) +int dtls_get_message(SSL *s, int *mt, size_t *len) { struct hm_header_st *msg_hdr; unsigned char *p; - unsigned long msg_len; - int ok; - long tmplen; + size_t msg_len; + size_t tmplen; + int errtype; msg_hdr = &s->d1->r_msg_hdr; memset(msg_hdr, 0, sizeof(*msg_hdr)); again: - ok = dtls_get_reassembled_message(s, &tmplen); - if (tmplen == DTLS1_HM_BAD_FRAGMENT || tmplen == DTLS1_HM_FRAGMENT_RETRY) { - /* bad fragment received */ - goto again; - } else if (tmplen <= 0 && !ok) { + if (!dtls_get_reassembled_message(s, &errtype, &tmplen)) { + if (errtype == DTLS1_HM_BAD_FRAGMENT + || errtype == DTLS1_HM_FRAGMENT_RETRY) { + /* bad fragment received */ + goto again; + } return 0; } *mt = s->s3->tmp.message_type; p = (unsigned char *)s->init_buf->data; + *len = s->init_num; if (*mt == SSL3_MT_CHANGE_CIPHER_SPEC) { if (s->msg_callback) { @@ -354,7 +362,6 @@ int dtls_get_message(SSL *s, int *mt, unsigned long *len) /* * This isn't a real handshake message so skip the processing below. */ - *len = (unsigned long)tmplen; return 1; } @@ -391,7 +398,6 @@ int dtls_get_message(SSL *s, int *mt, unsigned long *len) s->d1->handshake_read_seq++; s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; - *len = s->init_num; return 1; } @@ -401,11 +407,10 @@ int dtls_get_message(SSL *s, int *mt, unsigned long *len) * permitted in a DTLS handshake message for |s|. The minimum is 16KB, but * may be greater if the maximum certificate list size requires it. */ -static unsigned long dtls1_max_handshake_message_len(const SSL *s) +static size_t dtls1_max_handshake_message_len(const SSL *s) { - unsigned long max_len = - DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH; - if (max_len < (unsigned long)s->max_cert_list) + size_t max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH; + if (max_len < s->max_cert_list) return s->max_cert_list; return max_len; } @@ -421,8 +426,9 @@ static int dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr) /* sanity checking */ if ((frag_off + frag_len) > msg_len || msg_len > dtls1_max_handshake_message_len(s)) { - SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, SSL_R_EXCESSIVE_MESSAGE_SIZE); - return SSL_AD_ILLEGAL_PARAMETER; + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_DTLS1_PREPROCESS_FRAGMENT, + SSL_R_EXCESSIVE_MESSAGE_SIZE); + return 0; } if (s->d1->r_msg_hdr.frag_off == 0) { /* first fragment */ @@ -431,8 +437,9 @@ static int dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr) * dtls_max_handshake_message_len(s) above */ if (!BUF_MEM_grow_clean(s->init_buf, msg_len + DTLS1_HM_HEADER_LENGTH)) { - SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, ERR_R_BUF_LIB); - return SSL_AD_INTERNAL_ERROR; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_PREPROCESS_FRAGMENT, + ERR_R_BUF_LIB); + return 0; } s->s3->tmp.message_size = msg_len; @@ -445,14 +452,19 @@ static int dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr) * They must be playing with us! BTW, failure to enforce upper limit * would open possibility for buffer overrun. */ - SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, SSL_R_EXCESSIVE_MESSAGE_SIZE); - return SSL_AD_ILLEGAL_PARAMETER; + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_DTLS1_PREPROCESS_FRAGMENT, + SSL_R_EXCESSIVE_MESSAGE_SIZE); + return 0; } - return 0; /* no error */ + return 1; } -static int dtls1_retrieve_buffered_fragment(SSL *s, int *ok) +/* + * Returns 1 if there is a buffered fragment available, 0 if not, or -1 on a + * fatal error. + */ +static int dtls1_retrieve_buffered_fragment(SSL *s, size_t *len) { /*- * (0) check whether the desired fragment is available @@ -462,9 +474,7 @@ static int dtls1_retrieve_buffered_fragment(SSL *s, int *ok) */ pitem *item; hm_fragment *frag; - int al; - - *ok = 0; + int ret; do { item = pqueue_peek(s->d1->buffered_messages); @@ -488,13 +498,13 @@ static int dtls1_retrieve_buffered_fragment(SSL *s, int *ok) return 0; if (s->d1->handshake_read_seq == frag->msg_header.seq) { - unsigned long frag_len = frag->msg_header.frag_len; + size_t frag_len = frag->msg_header.frag_len; pqueue_pop(s->d1->buffered_messages); - al = dtls1_preprocess_fragment(s, &frag->msg_header); + /* Calls SSLfatal() as required */ + ret = dtls1_preprocess_fragment(s, &frag->msg_header); - /* al will be 0 if no alert */ - if (al == 0 && frag->msg_header.frag_len > 0) { + if (ret && frag->msg_header.frag_len > 0) { unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH; memcpy(&p[frag->msg_header.frag_off], frag->fragment, @@ -504,34 +514,36 @@ static int dtls1_retrieve_buffered_fragment(SSL *s, int *ok) dtls1_hm_fragment_free(frag); pitem_free(item); - if (al == 0) { - *ok = 1; - return frag_len; + if (ret) { + *len = frag_len; + return 1; } - ssl3_send_alert(s, SSL3_AL_FATAL, al); + /* Fatal error */ s->init_num = 0; - *ok = 0; return -1; - } else + } else { return 0; + } } static int -dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr, int *ok) +dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr) { hm_fragment *frag = NULL; pitem *item = NULL; int i = -1, is_complete; unsigned char seq64be[8]; - unsigned long frag_len = msg_hdr->frag_len; + size_t frag_len = msg_hdr->frag_len; + size_t readbytes; if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len || msg_hdr->msg_len > dtls1_max_handshake_message_len(s)) goto err; - if (frag_len == 0) + if (frag_len == 0) { return DTLS1_HM_FRAGMENT_RETRY; + } /* Try to find item in queue */ memset(seq64be, 0, sizeof(seq64be)); @@ -568,10 +580,10 @@ dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr, int *ok) devnull, frag_len > sizeof(devnull) ? sizeof(devnull) : - frag_len, 0); + frag_len, 0, &readbytes); if (i <= 0) goto err; - frag_len -= i; + frag_len -= readbytes; } return DTLS1_HM_FRAGMENT_RETRY; } @@ -579,8 +591,8 @@ dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr, int *ok) /* read the body of the fragment (header has already been read */ i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL, frag->fragment + msg_hdr->frag_off, - frag_len, 0); - if ((unsigned long)i != frag_len) + frag_len, 0, &readbytes); + if (i <= 0 || readbytes != frag_len) i = -1; if (i <= 0) goto err; @@ -588,6 +600,8 @@ dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr, int *ok) RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off, (long)(msg_hdr->frag_off + frag_len)); + if (!ossl_assert(msg_hdr->msg_len > 0)) + goto err; RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len, is_complete); @@ -610,7 +624,8 @@ dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr, int *ok) * would have returned it and control would never have reached this * branch. */ - OPENSSL_assert(item != NULL); + if (!ossl_assert(item != NULL)) + goto err; } return DTLS1_HM_FRAGMENT_RETRY; @@ -618,19 +633,18 @@ dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr, int *ok) err: if (item == NULL) dtls1_hm_fragment_free(frag); - *ok = 0; - return i; + return -1; } static int -dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr, - int *ok) +dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr) { int i = -1; hm_fragment *frag = NULL; pitem *item = NULL; unsigned char seq64be[8]; - unsigned long frag_len = msg_hdr->frag_len; + size_t frag_len = msg_hdr->frag_len; + size_t readbytes; if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len) goto err; @@ -663,14 +677,15 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr, devnull, frag_len > sizeof(devnull) ? sizeof(devnull) : - frag_len, 0); + frag_len, 0, &readbytes); if (i <= 0) goto err; - frag_len -= i; + frag_len -= readbytes; } } else { - if (frag_len != msg_hdr->msg_len) - return dtls1_reassemble_fragment(s, msg_hdr, ok); + if (frag_len != msg_hdr->msg_len) { + return dtls1_reassemble_fragment(s, msg_hdr); + } if (frag_len > dtls1_max_handshake_message_len(s)) goto err; @@ -686,8 +701,9 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr, * read the body of the fragment (header has already been read */ i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL, - frag->fragment, frag_len, 0); - if ((unsigned long)i != frag_len) + frag->fragment, frag_len, 0, + &readbytes); + if (i<=0 || readbytes != frag_len) i = -1; if (i <= 0) goto err; @@ -706,7 +722,8 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr, * have been processed with |dtls1_reassemble_fragment|, above, or * the record will have been discarded. */ - OPENSSL_assert(item != NULL); + if (!ossl_assert(item != NULL)) + goto err; } return DTLS1_HM_FRAGMENT_RETRY; @@ -714,56 +731,61 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr, err: if (item == NULL) dtls1_hm_fragment_free(frag); - *ok = 0; - return i; + return 0; } -static int dtls_get_reassembled_message(SSL *s, long *len) +static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len) { unsigned char wire[DTLS1_HM_HEADER_LENGTH]; - unsigned long mlen, frag_off, frag_len; - int i, al, recvd_type; + size_t mlen, frag_off, frag_len; + int i, ret, recvd_type; struct hm_header_st msg_hdr; - int ok; + size_t readbytes; + + *errtype = 0; redo: /* see if we have the required fragment already */ - if ((frag_len = dtls1_retrieve_buffered_fragment(s, &ok)) || ok) { - if (ok) - s->init_num = frag_len; + ret = dtls1_retrieve_buffered_fragment(s, &frag_len); + if (ret < 0) { + /* SSLfatal() already called */ + return 0; + } + if (ret > 0) { + s->init_num = frag_len; *len = frag_len; - return ok; + return 1; } /* read handshake message header */ i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type, wire, - DTLS1_HM_HEADER_LENGTH, 0); + DTLS1_HM_HEADER_LENGTH, 0, &readbytes); if (i <= 0) { /* nbio, or an error */ s->rwstate = SSL_READING; - *len = i; + *len = 0; return 0; } if (recvd_type == SSL3_RT_CHANGE_CIPHER_SPEC) { if (wire[0] != SSL3_MT_CCS) { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, - SSL_R_BAD_CHANGE_CIPHER_SPEC); + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, + SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, + SSL_R_BAD_CHANGE_CIPHER_SPEC); goto f_err; } - memcpy(s->init_buf->data, wire, i); - s->init_num = i - 1; + memcpy(s->init_buf->data, wire, readbytes); + s->init_num = readbytes - 1; s->init_msg = s->init_buf->data + 1; s->s3->tmp.message_type = SSL3_MT_CHANGE_CIPHER_SPEC; - s->s3->tmp.message_size = i - 1; - *len = i - 1; + s->s3->tmp.message_size = readbytes - 1; + *len = readbytes - 1; return 1; } /* Handshake fails if message header is incomplete */ - if (i != DTLS1_HM_HEADER_LENGTH) { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, SSL_R_UNEXPECTED_MESSAGE); + if (readbytes != DTLS1_HM_HEADER_LENGTH) { + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, + SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, SSL_R_UNEXPECTED_MESSAGE); goto f_err; } @@ -779,8 +801,8 @@ static int dtls_get_reassembled_message(SSL *s, long *len) * Fragments must not span records. */ if (frag_len > RECORD_LAYER_get_rrec_length(&s->rlayer)) { - al = SSL3_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, SSL_R_BAD_LENGTH); + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, + SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, SSL_R_BAD_LENGTH); goto f_err; } @@ -791,17 +813,19 @@ static int dtls_get_reassembled_message(SSL *s, long *len) * although we're still expecting seq 0 (ClientHello) */ if (msg_hdr.seq != s->d1->handshake_read_seq) { - *len = dtls1_process_out_of_seq_message(s, &msg_hdr, &ok); - return ok; + *errtype = dtls1_process_out_of_seq_message(s, &msg_hdr); + return 0; } if (frag_len && frag_len < mlen) { - *len = dtls1_reassemble_fragment(s, &msg_hdr, &ok); - return ok; + *errtype = dtls1_reassemble_fragment(s, &msg_hdr); + return 0; } - if (!s->server && s->d1->r_msg_hdr.frag_off == 0 && - wire[0] == SSL3_MT_HELLO_REQUEST) { + if (!s->server + && s->d1->r_msg_hdr.frag_off == 0 + && s->statem.hand_state != TLS_ST_OK + && wire[0] == SSL3_MT_HELLO_REQUEST) { /* * The server may always send 'Hello Request' messages -- we are * doing a handshake anyway now, so ignore them if their format is @@ -817,22 +841,24 @@ static int dtls_get_reassembled_message(SSL *s, long *len) goto redo; } else { /* Incorrectly formatted Hello request */ - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, - SSL_R_UNEXPECTED_MESSAGE); + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, + SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, + SSL_R_UNEXPECTED_MESSAGE); goto f_err; } } - if ((al = dtls1_preprocess_fragment(s, &msg_hdr))) + if (!dtls1_preprocess_fragment(s, &msg_hdr)) { + /* SSLfatal() already called */ goto f_err; + } if (frag_len > 0) { unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH; i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL, - &p[frag_off], frag_len, 0); + &p[frag_off], frag_len, 0, &readbytes); /* * This shouldn't ever fail due to NBIO because we already checked @@ -840,19 +866,20 @@ static int dtls_get_reassembled_message(SSL *s, long *len) */ if (i <= 0) { s->rwstate = SSL_READING; - *len = i; + *len = 0; return 0; } - } else - i = 0; + } else { + readbytes = 0; + } /* * XDTLS: an incorrectly formatted fragment should cause the handshake * to fail */ - if (i != (int)frag_len) { - al = SSL3_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, SSL3_AD_ILLEGAL_PARAMETER); + if (readbytes != frag_len) { + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, + SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, SSL_R_BAD_LENGTH); goto f_err; } @@ -866,9 +893,8 @@ static int dtls_get_reassembled_message(SSL *s, long *len) return 1; f_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); s->init_num = 0; - *len = -1; + *len = 0; return 0; } @@ -881,30 +907,17 @@ static int dtls_get_reassembled_message(SSL *s, long *len) * ssl->session->read_compression assign * ssl->session->read_hash assign */ -int dtls_construct_change_cipher_spec(SSL *s) +int dtls_construct_change_cipher_spec(SSL *s, WPACKET *pkt) { - unsigned char *p; - - p = (unsigned char *)s->init_buf->data; - *p++ = SSL3_MT_CCS; - s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; - s->init_num = DTLS1_CCS_HEADER_LENGTH; - if (s->version == DTLS1_BAD_VER) { s->d1->next_handshake_write_seq++; - s2n(s->d1->handshake_write_seq, p); - s->init_num += 2; - } - s->init_off = 0; - - dtls1_set_message_header_int(s, SSL3_MT_CCS, 0, - s->d1->handshake_write_seq, 0, 0); - - /* buffer the message to handle re-xmits */ - if (!dtls1_buffer_message(s, 1)) { - SSLerr(SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR); - return 0; + if (!WPACKET_put_bytes_u16(pkt, s->d1->handshake_write_seq)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC, + ERR_R_INTERNAL_ERROR); + return 0; + } } return 1; @@ -913,17 +926,20 @@ int dtls_construct_change_cipher_spec(SSL *s) #ifndef OPENSSL_NO_SCTP /* * Wait for a dry event. Should only be called at a point in the handshake - * where we are not expecting any data from the peer (except possibly an alert). + * where we are not expecting any data from the peer except an alert. */ WORK_STATE dtls_wait_for_dry(SSL *s) { - int ret; - long len; + int ret, errtype; + size_t len; /* read app data until dry event */ ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s)); - if (ret < 0) + if (ret < 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS_WAIT_FOR_DRY, + ERR_R_INTERNAL_ERROR); return WORK_ERROR; + } if (ret == 0) { /* @@ -932,11 +948,10 @@ WORK_STATE dtls_wait_for_dry(SSL *s) * return successfully. Therefore we attempt to read a message. This * should never succeed but will process any waiting alerts. */ - if (dtls_get_reassembled_message(s, &len)) { + if (dtls_get_reassembled_message(s, &errtype, &len)) { /* The call succeeded! This should never happen */ - SSLerr(SSL_F_DTLS_WAIT_FOR_DRY, SSL_R_UNEXPECTED_MESSAGE); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); - ossl_statem_set_error(s); + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS_WAIT_FOR_DRY, + SSL_R_UNEXPECTED_MESSAGE); return WORK_ERROR; } @@ -953,24 +968,20 @@ WORK_STATE dtls_wait_for_dry(SSL *s) int dtls1_read_failed(SSL *s, int code) { if (code > 0) { - SSLerr(SSL_F_DTLS1_READ_FAILED, ERR_R_INTERNAL_ERROR); - return 1; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_DTLS1_READ_FAILED, ERR_R_INTERNAL_ERROR); + return 0; } - if (!dtls1_is_timer_expired(s)) { + if (!dtls1_is_timer_expired(s) || ossl_statem_in_error(s)) { /* * not a timeout, none of our business, let higher layers handle * this. in fact it's probably an error */ return code; } -#ifndef OPENSSL_NO_HEARTBEATS - /* done, no need to send a retransmit */ - if (!SSL_in_init(s) && !s->tlsext_hb_pending) -#else /* done, no need to send a retransmit */ if (!SSL_in_init(s)) -#endif { BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ); return code; @@ -1026,7 +1037,8 @@ int dtls1_buffer_message(SSL *s, int is_ccs) * this function is called immediately after a message has been * serialized */ - OPENSSL_assert(s->init_off == 0); + if (!ossl_assert(s->init_off == 0)) + return 0; frag = dtls1_hm_fragment_new(s->init_num, 0); if (frag == NULL) @@ -1036,13 +1048,15 @@ int dtls1_buffer_message(SSL *s, int is_ccs) if (is_ccs) { /* For DTLS1_BAD_VER the header length is non-standard */ - OPENSSL_assert(s->d1->w_msg_hdr.msg_len + - ((s->version == - DTLS1_BAD_VER) ? 3 : DTLS1_CCS_HEADER_LENGTH) - == (unsigned int)s->init_num); + if (!ossl_assert(s->d1->w_msg_hdr.msg_len + + ((s->version == + DTLS1_BAD_VER) ? 3 : DTLS1_CCS_HEADER_LENGTH) + == (unsigned int)s->init_num)) + return 0; } else { - OPENSSL_assert(s->d1->w_msg_hdr.msg_len + - DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num); + if (!ossl_assert(s->d1->w_msg_hdr.msg_len + + DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num)) + return 0; } frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len; @@ -1090,11 +1104,6 @@ int dtls1_retransmit_message(SSL *s, unsigned short seq, int *found) unsigned char seq64be[8]; struct dtls1_retransmit_state saved_state; - /*- - OPENSSL_assert(s->init_num == 0); - OPENSSL_assert(s->init_off == 0); - */ - /* XDTLS: the requested message ought to be found, otherwise error */ memset(seq64be, 0, sizeof(seq64be)); seq64be[6] = (unsigned char)(seq >> 8); @@ -1102,7 +1111,8 @@ int dtls1_retransmit_message(SSL *s, unsigned short seq, int *found) item = pqueue_find(s->d1->sent_messages, seq64be); if (item == NULL) { - SSLerr(SSL_F_DTLS1_RETRANSMIT_MESSAGE, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_RETRANSMIT_MESSAGE, + ERR_R_INTERNAL_ERROR); *found = 0; return 0; } @@ -1159,8 +1169,8 @@ int dtls1_retransmit_message(SSL *s, unsigned short seq, int *found) } void dtls1_set_message_header(SSL *s, - unsigned char mt, unsigned long len, - unsigned long frag_off, unsigned long frag_len) + unsigned char mt, size_t len, + size_t frag_off, size_t frag_len) { if (frag_off == 0) { s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; @@ -1174,8 +1184,8 @@ void dtls1_set_message_header(SSL *s, /* don't actually do the writing, wait till the MTU has been retrieved */ static void dtls1_set_message_header_int(SSL *s, unsigned char mt, - unsigned long len, unsigned short seq_num, - unsigned long frag_off, unsigned long frag_len) + size_t len, unsigned short seq_num, + size_t frag_off, size_t frag_len) { struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; @@ -1187,7 +1197,7 @@ dtls1_set_message_header_int(SSL *s, unsigned char mt, } static void -dtls1_fix_message_header(SSL *s, unsigned long frag_off, unsigned long frag_len) +dtls1_fix_message_header(SSL *s, size_t frag_off, size_t frag_len) { struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; @@ -1219,3 +1229,53 @@ void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr) n2l3(data, msg_hdr->frag_off); n2l3(data, msg_hdr->frag_len); } + +int dtls1_set_handshake_header(SSL *s, WPACKET *pkt, int htype) +{ + unsigned char *header; + + if (htype == SSL3_MT_CHANGE_CIPHER_SPEC) { + s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; + dtls1_set_message_header_int(s, SSL3_MT_CCS, 0, + s->d1->handshake_write_seq, 0, 0); + if (!WPACKET_put_bytes_u8(pkt, SSL3_MT_CCS)) + return 0; + } else { + dtls1_set_message_header(s, htype, 0, 0, 0); + /* + * We allocate space at the start for the message header. This gets + * filled in later + */ + if (!WPACKET_allocate_bytes(pkt, DTLS1_HM_HEADER_LENGTH, &header) + || !WPACKET_start_sub_packet(pkt)) + return 0; + } + + return 1; +} + +int dtls1_close_construct_packet(SSL *s, WPACKET *pkt, int htype) +{ + size_t msglen; + + if ((htype != SSL3_MT_CHANGE_CIPHER_SPEC && !WPACKET_close(pkt)) + || !WPACKET_get_length(pkt, &msglen) + || msglen > INT_MAX) + return 0; + + if (htype != SSL3_MT_CHANGE_CIPHER_SPEC) { + s->d1->w_msg_hdr.msg_len = msglen - DTLS1_HM_HEADER_LENGTH; + s->d1->w_msg_hdr.frag_len = msglen - DTLS1_HM_HEADER_LENGTH; + } + s->init_num = (int)msglen; + s->init_off = 0; + + if (htype != DTLS1_MT_HELLO_VERIFY_REQUEST) { + /* Buffer the message to handle re-xmits */ + if (!dtls1_buffer_message(s, htype == SSL3_MT_CHANGE_CIPHER_SPEC + ? 1 : 0)) + return 0; + } + + return 1; +} diff --git a/deps/openssl/openssl/ssl/statem/statem_lib.c b/deps/openssl/openssl/ssl/statem/statem_lib.c index eba4c6fb40118b..4324896f500ac1 100644 --- a/deps/openssl/openssl/ssl/statem/statem_lib.c +++ b/deps/openssl/openssl/ssl/statem/statem_lib.c @@ -1,5 +1,6 @@ /* * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,22 +8,32 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECC cipher suite support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ - #include #include #include #include "../ssl_locl.h" #include "statem_locl.h" +#include "internal/cryptlib.h" #include #include #include #include +/* + * Map error codes to TLS/SSL alart types. + */ +typedef struct x509err2alert_st { + int x509err; + int alert; +} X509ERR2ALERT; + +/* Fixed value used in the ServerHello random field to identify an HRR */ +const unsigned char hrrrandom[] = { + 0xcf, 0x21, 0xad, 0x74, 0xe5, 0x9a, 0x61, 0x11, 0xbe, 0x1d, 0x8c, 0x02, + 0x1e, 0x65, 0xb8, 0x91, 0xc2, 0xa2, 0x11, 0x16, 0x7a, 0xbb, 0x8c, 0x5e, + 0x07, 0x9e, 0x09, 0xe2, 0xc8, 0xa8, 0x33, 0x9c +}; + /* * send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or * SSL3_RT_CHANGE_CIPHER_SPEC) @@ -30,71 +41,631 @@ int ssl3_do_write(SSL *s, int type) { int ret; + size_t written = 0; ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off], - s->init_num); + s->init_num, &written); if (ret < 0) - return (-1); + return -1; if (type == SSL3_RT_HANDSHAKE) /* * should not be done for 'Hello Request's, but in that case we'll * ignore the result anyway + * TLS1.3 KeyUpdate and NewSessionTicket do not need to be added */ - if (!ssl3_finish_mac(s, - (unsigned char *)&s->init_buf->data[s->init_off], - ret)) - return -1; - - if (ret == s->init_num) { + if (!SSL_IS_TLS13(s) || (s->statem.hand_state != TLS_ST_SW_SESSION_TICKET + && s->statem.hand_state != TLS_ST_CW_KEY_UPDATE + && s->statem.hand_state != TLS_ST_SW_KEY_UPDATE)) + if (!ssl3_finish_mac(s, + (unsigned char *)&s->init_buf->data[s->init_off], + written)) + return -1; + if (written == s->init_num) { if (s->msg_callback) s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg); - return (1); + return 1; } - s->init_off += ret; - s->init_num -= ret; - return (0); + s->init_off += written; + s->init_num -= written; + return 0; } -int tls_construct_finished(SSL *s, const char *sender, int slen) +int tls_close_construct_packet(SSL *s, WPACKET *pkt, int htype) { - unsigned char *p; - int i; - unsigned long l; + size_t msglen; - p = ssl_handshake_start(s); + if ((htype != SSL3_MT_CHANGE_CIPHER_SPEC && !WPACKET_close(pkt)) + || !WPACKET_get_length(pkt, &msglen) + || msglen > INT_MAX) + return 0; + s->init_num = (int)msglen; + s->init_off = 0; + + return 1; +} - i = s->method->ssl3_enc->final_finish_mac(s, - sender, slen, - s->s3->tmp.finish_md); - if (i <= 0) +int tls_setup_handshake(SSL *s) +{ + if (!ssl3_init_finished_mac(s)) { + /* SSLfatal() already called */ return 0; - s->s3->tmp.finish_md_len = i; - memcpy(p, s->s3->tmp.finish_md, i); - l = i; + } + + /* Reset any extension flags */ + memset(s->ext.extflags, 0, sizeof(s->ext.extflags)); + + if (s->server) { + STACK_OF(SSL_CIPHER) *ciphers = SSL_get_ciphers(s); + int i, ver_min, ver_max, ok = 0; + + /* + * Sanity check that the maximum version we accept has ciphers + * enabled. For clients we do this check during construction of the + * ClientHello. + */ + if (ssl_get_min_max_version(s, &ver_min, &ver_max, NULL) != 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_SETUP_HANDSHAKE, + ERR_R_INTERNAL_ERROR); + return 0; + } + for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { + const SSL_CIPHER *c = sk_SSL_CIPHER_value(ciphers, i); + + if (SSL_IS_DTLS(s)) { + if (DTLS_VERSION_GE(ver_max, c->min_dtls) && + DTLS_VERSION_LE(ver_max, c->max_dtls)) + ok = 1; + } else if (ver_max >= c->min_tls && ver_max <= c->max_tls) { + ok = 1; + } + if (ok) + break; + } + if (!ok) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_SETUP_HANDSHAKE, + SSL_R_NO_CIPHERS_AVAILABLE); + ERR_add_error_data(1, "No ciphers enabled for max supported " + "SSL/TLS version"); + return 0; + } + if (SSL_IS_FIRST_HANDSHAKE(s)) { + /* N.B. s->session_ctx == s->ctx here */ + tsan_counter(&s->session_ctx->stats.sess_accept); + } else { + /* N.B. s->ctx may not equal s->session_ctx */ + tsan_counter(&s->ctx->stats.sess_accept_renegotiate); + + s->s3->tmp.cert_request = 0; + } + } else { + if (SSL_IS_FIRST_HANDSHAKE(s)) + tsan_counter(&s->session_ctx->stats.sess_connect); + else + tsan_counter(&s->session_ctx->stats.sess_connect_renegotiate); + + /* mark client_random uninitialized */ + memset(s->s3->client_random, 0, sizeof(s->s3->client_random)); + s->hit = 0; + + s->s3->tmp.cert_req = 0; + + if (SSL_IS_DTLS(s)) + s->statem.use_timer = 1; + } + + return 1; +} + +/* + * Size of the to-be-signed TLS13 data, without the hash size itself: + * 64 bytes of value 32, 33 context bytes, 1 byte separator + */ +#define TLS13_TBS_START_SIZE 64 +#define TLS13_TBS_PREAMBLE_SIZE (TLS13_TBS_START_SIZE + 33 + 1) + +static int get_cert_verify_tbs_data(SSL *s, unsigned char *tls13tbs, + void **hdata, size_t *hdatalen) +{ + static const char *servercontext = "TLS 1.3, server CertificateVerify"; + static const char *clientcontext = "TLS 1.3, client CertificateVerify"; + + if (SSL_IS_TLS13(s)) { + size_t hashlen; + + /* Set the first 64 bytes of to-be-signed data to octet 32 */ + memset(tls13tbs, 32, TLS13_TBS_START_SIZE); + /* This copies the 33 bytes of context plus the 0 separator byte */ + if (s->statem.hand_state == TLS_ST_CR_CERT_VRFY + || s->statem.hand_state == TLS_ST_SW_CERT_VRFY) + strcpy((char *)tls13tbs + TLS13_TBS_START_SIZE, servercontext); + else + strcpy((char *)tls13tbs + TLS13_TBS_START_SIZE, clientcontext); + + /* + * If we're currently reading then we need to use the saved handshake + * hash value. We can't use the current handshake hash state because + * that includes the CertVerify itself. + */ + if (s->statem.hand_state == TLS_ST_CR_CERT_VRFY + || s->statem.hand_state == TLS_ST_SR_CERT_VRFY) { + memcpy(tls13tbs + TLS13_TBS_PREAMBLE_SIZE, s->cert_verify_hash, + s->cert_verify_hash_len); + hashlen = s->cert_verify_hash_len; + } else if (!ssl_handshake_hash(s, tls13tbs + TLS13_TBS_PREAMBLE_SIZE, + EVP_MAX_MD_SIZE, &hashlen)) { + /* SSLfatal() already called */ + return 0; + } + + *hdata = tls13tbs; + *hdatalen = TLS13_TBS_PREAMBLE_SIZE + hashlen; + } else { + size_t retlen; + long retlen_l; + + retlen = retlen_l = BIO_get_mem_data(s->s3->handshake_buffer, hdata); + if (retlen_l <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_GET_CERT_VERIFY_TBS_DATA, + ERR_R_INTERNAL_ERROR); + return 0; + } + *hdatalen = retlen; + } + + return 1; +} + +int tls_construct_cert_verify(SSL *s, WPACKET *pkt) +{ + EVP_PKEY *pkey = NULL; + const EVP_MD *md = NULL; + EVP_MD_CTX *mctx = NULL; + EVP_PKEY_CTX *pctx = NULL; + size_t hdatalen = 0, siglen = 0; + void *hdata; + unsigned char *sig = NULL; + unsigned char tls13tbs[TLS13_TBS_PREAMBLE_SIZE + EVP_MAX_MD_SIZE]; + const SIGALG_LOOKUP *lu = s->s3->tmp.sigalg; + + if (lu == NULL || s->s3->tmp.cert == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY, + ERR_R_INTERNAL_ERROR); + goto err; + } + pkey = s->s3->tmp.cert->privatekey; + + if (pkey == NULL || !tls1_lookup_md(lu, &md)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY, + ERR_R_INTERNAL_ERROR); + goto err; + } + + mctx = EVP_MD_CTX_new(); + if (mctx == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY, + ERR_R_MALLOC_FAILURE); + goto err; + } + + /* Get the data to be signed */ + if (!get_cert_verify_tbs_data(s, tls13tbs, &hdata, &hdatalen)) { + /* SSLfatal() already called */ + goto err; + } + + if (SSL_USE_SIGALGS(s) && !WPACKET_put_bytes_u16(pkt, lu->sigalg)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY, + ERR_R_INTERNAL_ERROR); + goto err; + } + siglen = EVP_PKEY_size(pkey); + sig = OPENSSL_malloc(siglen); + if (sig == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY, + ERR_R_MALLOC_FAILURE); + goto err; + } + + if (EVP_DigestSignInit(mctx, &pctx, md, NULL, pkey) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY, + ERR_R_EVP_LIB); + goto err; + } + + if (lu->sig == EVP_PKEY_RSA_PSS) { + if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) <= 0 + || EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, + RSA_PSS_SALTLEN_DIGEST) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY, + ERR_R_EVP_LIB); + goto err; + } + } + if (s->version == SSL3_VERSION) { + if (EVP_DigestSignUpdate(mctx, hdata, hdatalen) <= 0 + || !EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET, + (int)s->session->master_key_length, + s->session->master_key) + || EVP_DigestSignFinal(mctx, sig, &siglen) <= 0) { + + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY, + ERR_R_EVP_LIB); + goto err; + } + } else if (EVP_DigestSign(mctx, sig, &siglen, hdata, hdatalen) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY, + ERR_R_EVP_LIB); + goto err; + } + +#ifndef OPENSSL_NO_GOST + { + int pktype = lu->sig; + + if (pktype == NID_id_GostR3410_2001 + || pktype == NID_id_GostR3410_2012_256 + || pktype == NID_id_GostR3410_2012_512) + BUF_reverse(sig, NULL, siglen); + } +#endif + + if (!WPACKET_sub_memcpy_u16(pkt, sig, siglen)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY, + ERR_R_INTERNAL_ERROR); + goto err; + } + + /* Digest cached records and discard handshake buffer */ + if (!ssl3_digest_cached_records(s, 0)) { + /* SSLfatal() already called */ + goto err; + } + + OPENSSL_free(sig); + EVP_MD_CTX_free(mctx); + return 1; + err: + OPENSSL_free(sig); + EVP_MD_CTX_free(mctx); + return 0; +} + +MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) +{ + EVP_PKEY *pkey = NULL; + const unsigned char *data; +#ifndef OPENSSL_NO_GOST + unsigned char *gost_data = NULL; +#endif + MSG_PROCESS_RETURN ret = MSG_PROCESS_ERROR; + int j; + unsigned int len; + X509 *peer; + const EVP_MD *md = NULL; + size_t hdatalen = 0; + void *hdata; + unsigned char tls13tbs[TLS13_TBS_PREAMBLE_SIZE + EVP_MAX_MD_SIZE]; + EVP_MD_CTX *mctx = EVP_MD_CTX_new(); + EVP_PKEY_CTX *pctx = NULL; + + if (mctx == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY, + ERR_R_MALLOC_FAILURE); + goto err; + } + + peer = s->session->peer; + pkey = X509_get0_pubkey(peer); + if (pkey == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY, + ERR_R_INTERNAL_ERROR); + goto err; + } + + if (ssl_cert_lookup_by_pkey(pkey, NULL) == NULL) { + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_CERT_VERIFY, + SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE); + goto err; + } + + if (SSL_USE_SIGALGS(s)) { + unsigned int sigalg; + + if (!PACKET_get_net_2(pkt, &sigalg)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY, + SSL_R_BAD_PACKET); + goto err; + } + if (tls12_check_peer_sigalg(s, sigalg, pkey) <= 0) { + /* SSLfatal() already called */ + goto err; + } + } else if (!tls1_set_peer_legacy_sigalg(s, pkey)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY, + ERR_R_INTERNAL_ERROR); + goto err; + } + + if (!tls1_lookup_md(s->s3->tmp.peer_sigalg, &md)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY, + ERR_R_INTERNAL_ERROR); + goto err; + } + +#ifdef SSL_DEBUG + if (SSL_USE_SIGALGS(s)) + fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md)); +#endif + + /* Check for broken implementations of GOST ciphersuites */ + /* + * If key is GOST and len is exactly 64 or 128, it is signature without + * length field (CryptoPro implementations at least till TLS 1.2) + */ +#ifndef OPENSSL_NO_GOST + if (!SSL_USE_SIGALGS(s) + && ((PACKET_remaining(pkt) == 64 + && (EVP_PKEY_id(pkey) == NID_id_GostR3410_2001 + || EVP_PKEY_id(pkey) == NID_id_GostR3410_2012_256)) + || (PACKET_remaining(pkt) == 128 + && EVP_PKEY_id(pkey) == NID_id_GostR3410_2012_512))) { + len = PACKET_remaining(pkt); + } else +#endif + if (!PACKET_get_net_2(pkt, &len)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY, + SSL_R_LENGTH_MISMATCH); + goto err; + } + + j = EVP_PKEY_size(pkey); + if (((int)len > j) || ((int)PACKET_remaining(pkt) > j) + || (PACKET_remaining(pkt) == 0)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY, + SSL_R_WRONG_SIGNATURE_SIZE); + goto err; + } + if (!PACKET_get_bytes(pkt, &data, len)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY, + SSL_R_LENGTH_MISMATCH); + goto err; + } + + if (!get_cert_verify_tbs_data(s, tls13tbs, &hdata, &hdatalen)) { + /* SSLfatal() already called */ + goto err; + } + +#ifdef SSL_DEBUG + fprintf(stderr, "Using client verify alg %s\n", EVP_MD_name(md)); +#endif + if (EVP_DigestVerifyInit(mctx, &pctx, md, NULL, pkey) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY, + ERR_R_EVP_LIB); + goto err; + } +#ifndef OPENSSL_NO_GOST + { + int pktype = EVP_PKEY_id(pkey); + if (pktype == NID_id_GostR3410_2001 + || pktype == NID_id_GostR3410_2012_256 + || pktype == NID_id_GostR3410_2012_512) { + if ((gost_data = OPENSSL_malloc(len)) == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; + } + BUF_reverse(gost_data, data, len); + data = gost_data; + } + } +#endif + + if (SSL_USE_PSS(s)) { + if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) <= 0 + || EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, + RSA_PSS_SALTLEN_DIGEST) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY, + ERR_R_EVP_LIB); + goto err; + } + } + if (s->version == SSL3_VERSION) { + if (EVP_DigestVerifyUpdate(mctx, hdata, hdatalen) <= 0 + || !EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET, + (int)s->session->master_key_length, + s->session->master_key)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY, + ERR_R_EVP_LIB); + goto err; + } + if (EVP_DigestVerifyFinal(mctx, data, len) <= 0) { + SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY, + SSL_R_BAD_SIGNATURE); + goto err; + } + } else { + j = EVP_DigestVerify(mctx, data, len, hdata, hdatalen); + if (j <= 0) { + SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY, + SSL_R_BAD_SIGNATURE); + goto err; + } + } + + /* + * In TLSv1.3 on the client side we make sure we prepare the client + * certificate after the CertVerify instead of when we get the + * CertificateRequest. This is because in TLSv1.3 the CertificateRequest + * comes *before* the Certificate message. In TLSv1.2 it comes after. We + * want to make sure that SSL_get_peer_certificate() will return the actual + * server certificate from the client_cert_cb callback. + */ + if (!s->server && SSL_IS_TLS13(s) && s->s3->tmp.cert_req == 1) + ret = MSG_PROCESS_CONTINUE_PROCESSING; + else + ret = MSG_PROCESS_CONTINUE_READING; + err: + BIO_free(s->s3->handshake_buffer); + s->s3->handshake_buffer = NULL; + EVP_MD_CTX_free(mctx); +#ifndef OPENSSL_NO_GOST + OPENSSL_free(gost_data); +#endif + return ret; +} + +int tls_construct_finished(SSL *s, WPACKET *pkt) +{ + size_t finish_md_len; + const char *sender; + size_t slen; + + /* This is a real handshake so make sure we clean it up at the end */ + if (!s->server && s->post_handshake_auth != SSL_PHA_REQUESTED) + s->statem.cleanuphand = 1; + + /* + * We only change the keys if we didn't already do this when we sent the + * client certificate + */ + if (SSL_IS_TLS13(s) + && !s->server + && s->s3->tmp.cert_req == 0 + && (!s->method->ssl3_enc->change_cipher_state(s, + SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE))) {; + /* SSLfatal() already called */ + return 0; + } + + if (s->server) { + sender = s->method->ssl3_enc->server_finished_label; + slen = s->method->ssl3_enc->server_finished_label_len; + } else { + sender = s->method->ssl3_enc->client_finished_label; + slen = s->method->ssl3_enc->client_finished_label_len; + } + + finish_md_len = s->method->ssl3_enc->final_finish_mac(s, + sender, slen, + s->s3->tmp.finish_md); + if (finish_md_len == 0) { + /* SSLfatal() already called */ + return 0; + } + + s->s3->tmp.finish_md_len = finish_md_len; + + if (!WPACKET_memcpy(pkt, s->s3->tmp.finish_md, finish_md_len)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_FINISHED, + ERR_R_INTERNAL_ERROR); + return 0; + } + + /* + * Log the master secret, if logging is enabled. We don't log it for + * TLSv1.3: there's a different key schedule for that. + */ + if (!SSL_IS_TLS13(s) && !ssl_log_secret(s, MASTER_SECRET_LABEL, + s->session->master_key, + s->session->master_key_length)) { + /* SSLfatal() already called */ + return 0; + } /* * Copy the finished so we can use it for renegotiation checks */ + if (!ossl_assert(finish_md_len <= EVP_MAX_MD_SIZE)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_FINISHED, + ERR_R_INTERNAL_ERROR); + return 0; + } if (!s->server) { - OPENSSL_assert(i <= EVP_MAX_MD_SIZE); - memcpy(s->s3->previous_client_finished, s->s3->tmp.finish_md, i); - s->s3->previous_client_finished_len = i; + memcpy(s->s3->previous_client_finished, s->s3->tmp.finish_md, + finish_md_len); + s->s3->previous_client_finished_len = finish_md_len; } else { - OPENSSL_assert(i <= EVP_MAX_MD_SIZE); - memcpy(s->s3->previous_server_finished, s->s3->tmp.finish_md, i); - s->s3->previous_server_finished_len = i; + memcpy(s->s3->previous_server_finished, s->s3->tmp.finish_md, + finish_md_len); + s->s3->previous_server_finished_len = finish_md_len; } - if (!ssl_set_handshake_header(s, SSL3_MT_FINISHED, l)) { - SSLerr(SSL_F_TLS_CONSTRUCT_FINISHED, ERR_R_INTERNAL_ERROR); + return 1; +} + +int tls_construct_key_update(SSL *s, WPACKET *pkt) +{ + if (!WPACKET_put_bytes_u8(pkt, s->key_update)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_KEY_UPDATE, + ERR_R_INTERNAL_ERROR); return 0; } + s->key_update = SSL_KEY_UPDATE_NONE; return 1; } +MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt) +{ + unsigned int updatetype; + + s->key_update_count++; + if (s->key_update_count > MAX_KEY_UPDATE_MESSAGES) { + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_KEY_UPDATE, + SSL_R_TOO_MANY_KEY_UPDATES); + return MSG_PROCESS_ERROR; + } + + /* + * A KeyUpdate message signals a key change so the end of the message must + * be on a record boundary. + */ + if (RECORD_LAYER_processed_read_pending(&s->rlayer)) { + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_TLS_PROCESS_KEY_UPDATE, + SSL_R_NOT_ON_RECORD_BOUNDARY); + return MSG_PROCESS_ERROR; + } + + if (!PACKET_get_1(pkt, &updatetype) + || PACKET_remaining(pkt) != 0) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_UPDATE, + SSL_R_BAD_KEY_UPDATE); + return MSG_PROCESS_ERROR; + } + + /* + * There are only two defined key update types. Fail if we get a value we + * didn't recognise. + */ + if (updatetype != SSL_KEY_UPDATE_NOT_REQUESTED + && updatetype != SSL_KEY_UPDATE_REQUESTED) { + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_KEY_UPDATE, + SSL_R_BAD_KEY_UPDATE); + return MSG_PROCESS_ERROR; + } + + /* + * If we get a request for us to update our sending keys too then, we need + * to additionally send a KeyUpdate message. However that message should + * not also request an update (otherwise we get into an infinite loop). We + * ignore a request for us to update our sending keys too if we already + * sent close_notify. + */ + if (updatetype == SSL_KEY_UPDATE_REQUESTED + && (s->shutdown & SSL_SENT_SHUTDOWN) == 0) + s->key_update = SSL_KEY_UPDATE_NOT_REQUESTED; + + if (!tls13_update_key(s, 0)) { + /* SSLfatal() already called */ + return MSG_PROCESS_ERROR; + } + + return MSG_PROCESS_FINISHED_READING; +} + /* * ssl3_take_mac calculates the Finished MAC for the handshakes messages seen * to far. @@ -102,7 +673,7 @@ int tls_construct_finished(SSL *s, const char *sender, int slen) int ssl3_take_mac(SSL *s) { const char *sender; - int slen; + size_t slen; if (!s->server) { sender = s->method->ssl3_enc->server_finished_label; @@ -117,7 +688,7 @@ int ssl3_take_mac(SSL *s) s->s3->tmp.peer_finish_md); if (s->s3->tmp.peer_finish_md_len == 0) { - SSLerr(SSL_F_SSL3_TAKE_MAC, ERR_R_INTERNAL_ERROR); + /* SSLfatal() already called */ return 0; } @@ -126,8 +697,7 @@ int ssl3_take_mac(SSL *s) MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt) { - int al; - long remain; + size_t remain; remain = PACKET_remaining(pkt); /* @@ -140,32 +710,32 @@ MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt) && remain != DTLS1_CCS_HEADER_LENGTH + 1) || (s->version != DTLS1_BAD_VER && remain != DTLS1_CCS_HEADER_LENGTH - 1)) { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC, - SSL_R_BAD_CHANGE_CIPHER_SPEC); - goto f_err; + SSLfatal(s, SSL_AD_DECODE_ERROR, + SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC, + SSL_R_BAD_CHANGE_CIPHER_SPEC); + return MSG_PROCESS_ERROR; } } else { if (remain != 0) { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC, - SSL_R_BAD_CHANGE_CIPHER_SPEC); - goto f_err; + SSLfatal(s, SSL_AD_DECODE_ERROR, + SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC, + SSL_R_BAD_CHANGE_CIPHER_SPEC); + return MSG_PROCESS_ERROR; } } /* Check we have a cipher to change to */ if (s->s3->tmp.new_cipher == NULL) { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC, SSL_R_CCS_RECEIVED_EARLY); - goto f_err; + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, + SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC, SSL_R_CCS_RECEIVED_EARLY); + return MSG_PROCESS_ERROR; } s->s3->change_cipher_spec = 1; if (!ssl3_do_change_cipher_spec(s)) { - al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR); - goto f_err; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC, + ERR_R_INTERNAL_ERROR); + return MSG_PROCESS_ERROR; } if (SSL_IS_DTLS(s)) { @@ -185,119 +755,324 @@ MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt) } return MSG_PROCESS_CONTINUE_READING; - f_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - ossl_statem_set_error(s); - return MSG_PROCESS_ERROR; } MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt) { - int al, i; + size_t md_len; + + + /* This is a real handshake so make sure we clean it up at the end */ + if (s->server) { + /* + * To get this far we must have read encrypted data from the client. We + * no longer tolerate unencrypted alerts. This value is ignored if less + * than TLSv1.3 + */ + s->statem.enc_read_state = ENC_READ_STATE_VALID; + if (s->post_handshake_auth != SSL_PHA_REQUESTED) + s->statem.cleanuphand = 1; + if (SSL_IS_TLS13(s) && !tls13_save_handshake_digest_for_pha(s)) { + /* SSLfatal() already called */ + return MSG_PROCESS_ERROR; + } + } + + /* + * In TLSv1.3 a Finished message signals a key change so the end of the + * message must be on a record boundary. + */ + if (SSL_IS_TLS13(s) && RECORD_LAYER_processed_read_pending(&s->rlayer)) { + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_TLS_PROCESS_FINISHED, + SSL_R_NOT_ON_RECORD_BOUNDARY); + return MSG_PROCESS_ERROR; + } /* If this occurs, we have missed a message */ - if (!s->s3->change_cipher_spec) { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_TLS_PROCESS_FINISHED, SSL_R_GOT_A_FIN_BEFORE_A_CCS); - goto f_err; + if (!SSL_IS_TLS13(s) && !s->s3->change_cipher_spec) { + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_TLS_PROCESS_FINISHED, + SSL_R_GOT_A_FIN_BEFORE_A_CCS); + return MSG_PROCESS_ERROR; } s->s3->change_cipher_spec = 0; - i = s->s3->tmp.peer_finish_md_len; + md_len = s->s3->tmp.peer_finish_md_len; - if ((unsigned long)i != PACKET_remaining(pkt)) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_FINISHED, SSL_R_BAD_DIGEST_LENGTH); - goto f_err; + if (md_len != PACKET_remaining(pkt)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_FINISHED, + SSL_R_BAD_DIGEST_LENGTH); + return MSG_PROCESS_ERROR; } - if (CRYPTO_memcmp(PACKET_data(pkt), s->s3->tmp.peer_finish_md, i) != 0) { - al = SSL_AD_DECRYPT_ERROR; - SSLerr(SSL_F_TLS_PROCESS_FINISHED, SSL_R_DIGEST_CHECK_FAILED); - goto f_err; + if (CRYPTO_memcmp(PACKET_data(pkt), s->s3->tmp.peer_finish_md, + md_len) != 0) { + SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_F_TLS_PROCESS_FINISHED, + SSL_R_DIGEST_CHECK_FAILED); + return MSG_PROCESS_ERROR; } /* * Copy the finished so we can use it for renegotiation checks */ + if (!ossl_assert(md_len <= EVP_MAX_MD_SIZE)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_FINISHED, + ERR_R_INTERNAL_ERROR); + return MSG_PROCESS_ERROR; + } if (s->server) { - OPENSSL_assert(i <= EVP_MAX_MD_SIZE); - memcpy(s->s3->previous_client_finished, s->s3->tmp.peer_finish_md, i); - s->s3->previous_client_finished_len = i; + memcpy(s->s3->previous_client_finished, s->s3->tmp.peer_finish_md, + md_len); + s->s3->previous_client_finished_len = md_len; } else { - OPENSSL_assert(i <= EVP_MAX_MD_SIZE); - memcpy(s->s3->previous_server_finished, s->s3->tmp.peer_finish_md, i); - s->s3->previous_server_finished_len = i; + memcpy(s->s3->previous_server_finished, s->s3->tmp.peer_finish_md, + md_len); + s->s3->previous_server_finished_len = md_len; + } + + /* + * In TLS1.3 we also have to change cipher state and do any final processing + * of the initial server flight (if we are a client) + */ + if (SSL_IS_TLS13(s)) { + if (s->server) { + if (s->post_handshake_auth != SSL_PHA_REQUESTED && + !s->method->ssl3_enc->change_cipher_state(s, + SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_READ)) { + /* SSLfatal() already called */ + return MSG_PROCESS_ERROR; + } + } else { + if (!s->method->ssl3_enc->generate_master_secret(s, + s->master_secret, s->handshake_secret, 0, + &s->session->master_key_length)) { + /* SSLfatal() already called */ + return MSG_PROCESS_ERROR; + } + if (!s->method->ssl3_enc->change_cipher_state(s, + SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_CLIENT_READ)) { + /* SSLfatal() already called */ + return MSG_PROCESS_ERROR; + } + if (!tls_process_initial_server_flight(s)) { + /* SSLfatal() already called */ + return MSG_PROCESS_ERROR; + } + } } return MSG_PROCESS_FINISHED_READING; - f_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - ossl_statem_set_error(s); - return MSG_PROCESS_ERROR; } -int tls_construct_change_cipher_spec(SSL *s) +int tls_construct_change_cipher_spec(SSL *s, WPACKET *pkt) { - unsigned char *p; - - p = (unsigned char *)s->init_buf->data; - *p = SSL3_MT_CCS; - s->init_num = 1; - s->init_off = 0; + if (!WPACKET_put_bytes_u8(pkt, SSL3_MT_CCS)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR); + return 0; + } return 1; } -unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk) +/* Add a certificate to the WPACKET */ +static int ssl_add_cert_to_wpacket(SSL *s, WPACKET *pkt, X509 *x, int chain) { - unsigned char *p; - unsigned long l = 3 + SSL_HM_HEADER_LENGTH(s); + int len; + unsigned char *outbytes; - if (!ssl_add_cert_chain(s, cpk, &l)) + len = i2d_X509(x, NULL); + if (len < 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_ADD_CERT_TO_WPACKET, + ERR_R_BUF_LIB); return 0; + } + if (!WPACKET_sub_allocate_bytes_u24(pkt, len, &outbytes) + || i2d_X509(x, &outbytes) != len) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_ADD_CERT_TO_WPACKET, + ERR_R_INTERNAL_ERROR); + return 0; + } - l -= 3 + SSL_HM_HEADER_LENGTH(s); - p = ssl_handshake_start(s); - l2n3(l, p); - l += 3; - - if (!ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE, l)) { - SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_INTERNAL_ERROR); + if (SSL_IS_TLS13(s) + && !tls_construct_extensions(s, pkt, SSL_EXT_TLS1_3_CERTIFICATE, x, + chain)) { + /* SSLfatal() already called */ return 0; } - return l + SSL_HM_HEADER_LENGTH(s); + + return 1; } -WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst) +/* Add certificate chain to provided WPACKET */ +static int ssl_add_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk) { - void (*cb) (const SSL *ssl, int type, int val) = NULL; + int i, chain_count; + X509 *x; + STACK_OF(X509) *extra_certs; + STACK_OF(X509) *chain = NULL; + X509_STORE *chain_store; + + if (cpk == NULL || cpk->x509 == NULL) + return 1; - /* clean a few things up */ - ssl3_cleanup_key_block(s); + x = cpk->x509; - if (!SSL_IS_DTLS(s)) { + /* + * If we have a certificate specific chain use it, else use parent ctx. + */ + if (cpk->chain != NULL) + extra_certs = cpk->chain; + else + extra_certs = s->ctx->extra_certs; + + if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || extra_certs) + chain_store = NULL; + else if (s->cert->chain_store) + chain_store = s->cert->chain_store; + else + chain_store = s->ctx->cert_store; + + if (chain_store != NULL) { + X509_STORE_CTX *xs_ctx = X509_STORE_CTX_new(); + + if (xs_ctx == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_ADD_CERT_CHAIN, + ERR_R_MALLOC_FAILURE); + return 0; + } + if (!X509_STORE_CTX_init(xs_ctx, chain_store, x, NULL)) { + X509_STORE_CTX_free(xs_ctx); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_ADD_CERT_CHAIN, + ERR_R_X509_LIB); + return 0; + } /* - * We don't do this in DTLS because we may still need the init_buf - * in case there are any unexpected retransmits + * It is valid for the chain not to be complete (because normally we + * don't include the root cert in the chain). Therefore we deliberately + * ignore the error return from this call. We're not actually verifying + * the cert - we're just building as much of the chain as we can */ - BUF_MEM_free(s->init_buf); - s->init_buf = NULL; + (void)X509_verify_cert(xs_ctx); + /* Don't leave errors in the queue */ + ERR_clear_error(); + chain = X509_STORE_CTX_get0_chain(xs_ctx); + i = ssl_security_cert_chain(s, chain, NULL, 0); + if (i != 1) { +#if 0 + /* Dummy error calls so mkerr generates them */ + SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, SSL_R_EE_KEY_TOO_SMALL); + SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, SSL_R_CA_KEY_TOO_SMALL); + SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, SSL_R_CA_MD_TOO_WEAK); +#endif + X509_STORE_CTX_free(xs_ctx); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_ADD_CERT_CHAIN, i); + return 0; + } + chain_count = sk_X509_num(chain); + for (i = 0; i < chain_count; i++) { + x = sk_X509_value(chain, i); + + if (!ssl_add_cert_to_wpacket(s, pkt, x, i)) { + /* SSLfatal() already called */ + X509_STORE_CTX_free(xs_ctx); + return 0; + } + } + X509_STORE_CTX_free(xs_ctx); + } else { + i = ssl_security_cert_chain(s, extra_certs, x, 0); + if (i != 1) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_ADD_CERT_CHAIN, i); + return 0; + } + if (!ssl_add_cert_to_wpacket(s, pkt, x, 0)) { + /* SSLfatal() already called */ + return 0; + } + for (i = 0; i < sk_X509_num(extra_certs); i++) { + x = sk_X509_value(extra_certs, i); + if (!ssl_add_cert_to_wpacket(s, pkt, x, i + 1)) { + /* SSLfatal() already called */ + return 0; + } + } + } + return 1; +} + +unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk) +{ + if (!WPACKET_start_sub_packet_u24(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_OUTPUT_CERT_CHAIN, + ERR_R_INTERNAL_ERROR); + return 0; + } + + if (!ssl_add_cert_chain(s, pkt, cpk)) + return 0; + + if (!WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_OUTPUT_CERT_CHAIN, + ERR_R_INTERNAL_ERROR); + return 0; } - ssl_free_wbio_buffer(s); + return 1; +} + +/* + * Tidy up after the end of a handshake. In the case of SCTP this may result + * in NBIO events. If |clearbufs| is set then init_buf and the wbio buffer is + * freed up as well. + */ +WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, int stop) +{ + void (*cb) (const SSL *ssl, int type, int val) = NULL; + + if (clearbufs) { + if (!SSL_IS_DTLS(s)) { + /* + * We don't do this in DTLS because we may still need the init_buf + * in case there are any unexpected retransmits + */ + BUF_MEM_free(s->init_buf); + s->init_buf = NULL; + } + if (!ssl_free_wbio_buffer(s)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_FINISH_HANDSHAKE, + ERR_R_INTERNAL_ERROR); + return WORK_ERROR; + } + s->init_num = 0; + } - s->init_num = 0; + if (SSL_IS_TLS13(s) && !s->server + && s->post_handshake_auth == SSL_PHA_REQUESTED) + s->post_handshake_auth = SSL_PHA_EXT_SENT; - if (!s->server || s->renegotiate == 2) { + /* + * Only set if there was a Finished message and this isn't after a TLSv1.3 + * post handshake exchange + */ + if (s->statem.cleanuphand) { /* skipped if we just sent a HelloRequest */ s->renegotiate = 0; s->new_session = 0; + s->statem.cleanuphand = 0; + s->ext.ticket_expected = 0; - if (s->server) { - ssl_update_cache(s, SSL_SESS_CACHE_SERVER); + ssl3_cleanup_key_block(s); - s->ctx->stats.sess_accept_good++; + if (s->server) { + /* + * In TLSv1.3 we update the cache as part of constructing the + * NewSessionTicket + */ + if (!SSL_IS_TLS13(s)) + ssl_update_cache(s, SSL_SESS_CACHE_SERVER); + + /* N.B. s->ctx may not equal s->session_ctx */ + tsan_counter(&s->ctx->stats.sess_accept_good); s->handshake_func = ossl_statem_accept; if (SSL_IS_DTLS(s) && !s->hit) { @@ -309,12 +1084,26 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst) dtls1_start_timer(s); } } else { - ssl_update_cache(s, SSL_SESS_CACHE_CLIENT); + if (SSL_IS_TLS13(s)) { + /* + * We encourage applications to only use TLSv1.3 tickets once, + * so we remove this one from the cache. + */ + if ((s->session_ctx->session_cache_mode + & SSL_SESS_CACHE_CLIENT) != 0) + SSL_CTX_remove_session(s->session_ctx, s->session); + } else { + /* + * In TLSv1.3 we update the cache as part of processing the + * NewSessionTicket + */ + ssl_update_cache(s, SSL_SESS_CACHE_CLIENT); + } if (s->hit) - s->ctx->stats.sess_hit++; + tsan_counter(&s->session_ctx->stats.sess_hit); s->handshake_func = ossl_statem_connect; - s->ctx->stats.sess_connect_good++; + tsan_counter(&s->session_ctx->stats.sess_connect_good); if (SSL_IS_DTLS(s) && s->hit) { /* @@ -326,14 +1115,6 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst) } } - if (s->info_callback != NULL) - cb = s->info_callback; - else if (s->ctx->info_callback != NULL) - cb = s->ctx->info_callback; - - if (cb != NULL) - cb(s, SSL_CB_HANDSHAKE_DONE, 1); - if (SSL_IS_DTLS(s)) { /* done with handshaking */ s->d1->handshake_read_seq = 0; @@ -343,15 +1124,32 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst) } } + if (s->info_callback != NULL) + cb = s->info_callback; + else if (s->ctx->info_callback != NULL) + cb = s->ctx->info_callback; + + /* The callback may expect us to not be in init at handshake done */ + ossl_statem_set_in_init(s, 0); + + if (cb != NULL) + cb(s, SSL_CB_HANDSHAKE_DONE, 1); + + if (!stop) { + /* If we've got more work to do we go back into init */ + ossl_statem_set_in_init(s, 1); + return WORK_FINISHED_CONTINUE; + } + return WORK_FINISHED_STOP; } int tls_get_message_header(SSL *s, int *mt) { /* s->init_num < SSL3_HM_HEADER_LENGTH */ - int skip_message, i, recvd_type, al; + int skip_message, i, recvd_type; unsigned char *p; - unsigned long l; + size_t l, readbytes; p = (unsigned char *)s->init_buf->data; @@ -360,7 +1158,7 @@ int tls_get_message_header(SSL *s, int *mt) i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type, &p[s->init_num], SSL3_HM_HEADER_LENGTH - s->init_num, - 0); + 0, &readbytes); if (i <= 0) { s->rwstate = SSL_READING; return 0; @@ -370,28 +1168,41 @@ int tls_get_message_header(SSL *s, int *mt) * A ChangeCipherSpec must be a single byte and may not occur * in the middle of a handshake message. */ - if (s->init_num != 0 || i != 1 || p[0] != SSL3_MT_CCS) { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_TLS_GET_MESSAGE_HEADER, - SSL_R_BAD_CHANGE_CIPHER_SPEC); - goto f_err; + if (s->init_num != 0 || readbytes != 1 || p[0] != SSL3_MT_CCS) { + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, + SSL_F_TLS_GET_MESSAGE_HEADER, + SSL_R_BAD_CHANGE_CIPHER_SPEC); + return 0; + } + if (s->statem.hand_state == TLS_ST_BEFORE + && (s->s3->flags & TLS1_FLAGS_STATELESS) != 0) { + /* + * We are stateless and we received a CCS. Probably this is + * from a client between the first and second ClientHellos. + * We should ignore this, but return an error because we do + * not return success until we see the second ClientHello + * with a valid cookie. + */ + return 0; } s->s3->tmp.message_type = *mt = SSL3_MT_CHANGE_CIPHER_SPEC; - s->init_num = i - 1; + s->init_num = readbytes - 1; s->init_msg = s->init_buf->data; - s->s3->tmp.message_size = i; + s->s3->tmp.message_size = readbytes; return 1; } else if (recvd_type != SSL3_RT_HANDSHAKE) { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_TLS_GET_MESSAGE_HEADER, SSL_R_CCS_RECEIVED_EARLY); - goto f_err; + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, + SSL_F_TLS_GET_MESSAGE_HEADER, + SSL_R_CCS_RECEIVED_EARLY); + return 0; } - s->init_num += i; + s->init_num += readbytes; } skip_message = 0; if (!s->server) - if (p[0] == SSL3_MT_HELLO_REQUEST) + if (s->statem.hand_state != TLS_ST_OK + && p[0] == SSL3_MT_HELLO_REQUEST) /* * The server may always send 'Hello Request' messages -- * we are doing a handshake anyway now, so ignore them if @@ -431,9 +1242,9 @@ int tls_get_message_header(SSL *s, int *mt) n2l3(p, l); /* BUF_MEM_grow takes an 'int' parameter */ if (l > (INT_MAX - SSL3_HM_HEADER_LENGTH)) { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_TLS_GET_MESSAGE_HEADER, SSL_R_EXCESSIVE_MESSAGE_SIZE); - goto f_err; + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_GET_MESSAGE_HEADER, + SSL_R_EXCESSIVE_MESSAGE_SIZE); + return 0; } s->s3->tmp.message_size = l; @@ -442,14 +1253,11 @@ int tls_get_message_header(SSL *s, int *mt) } return 1; - f_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - return 0; } -int tls_get_message_body(SSL *s, unsigned long *len) +int tls_get_message_body(SSL *s, size_t *len) { - long n; + size_t n, readbytes; unsigned char *p; int i; @@ -463,14 +1271,14 @@ int tls_get_message_body(SSL *s, unsigned long *len) n = s->s3->tmp.message_size - s->init_num; while (n > 0) { i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL, - &p[s->init_num], n, 0); + &p[s->init_num], n, 0, &readbytes); if (i <= 0) { s->rwstate = SSL_READING; *len = 0; return 0; } - s->init_num += i; - n -= i; + s->init_num += readbytes; + n -= readbytes; } /* @@ -487,8 +1295,7 @@ int tls_get_message_body(SSL *s, unsigned long *len) if (RECORD_LAYER_is_sslv2_record(&s->rlayer)) { if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num)) { - SSLerr(SSL_F_TLS_GET_MESSAGE_BODY, ERR_R_EVP_LIB); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); + /* SSLfatal() already called */ *len = 0; return 0; } @@ -496,12 +1303,28 @@ int tls_get_message_body(SSL *s, unsigned long *len) s->msg_callback(0, SSL2_VERSION, 0, s->init_buf->data, (size_t)s->init_num, s, s->msg_callback_arg); } else { - if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, - s->init_num + SSL3_HM_HEADER_LENGTH)) { - SSLerr(SSL_F_TLS_GET_MESSAGE_BODY, ERR_R_EVP_LIB); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); - *len = 0; - return 0; + /* + * We defer feeding in the HRR until later. We'll do it as part of + * processing the message + * The TLsv1.3 handshake transcript stops at the ClientFinished + * message. + */ +#define SERVER_HELLO_RANDOM_OFFSET (SSL3_HM_HEADER_LENGTH + 2) + /* KeyUpdate and NewSessionTicket do not need to be added */ + if (!SSL_IS_TLS13(s) || (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET + && s->s3->tmp.message_type != SSL3_MT_KEY_UPDATE)) { + if (s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO + || s->init_num < SERVER_HELLO_RANDOM_OFFSET + SSL3_RANDOM_SIZE + || memcmp(hrrrandom, + s->init_buf->data + SERVER_HELLO_RANDOM_OFFSET, + SSL3_RANDOM_SIZE) != 0) { + if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, + s->init_num + SSL3_HM_HEADER_LENGTH)) { + /* SSLfatal() already called */ + *len = 0; + return 0; + } + } } if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, @@ -509,114 +1332,63 @@ int tls_get_message_body(SSL *s, unsigned long *len) s->msg_callback_arg); } - /* - * init_num should never be negative...should probably be declared - * unsigned - */ - if (s->init_num < 0) { - SSLerr(SSL_F_TLS_GET_MESSAGE_BODY, ERR_R_INTERNAL_ERROR); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); - *len = 0; - return 0; - } - *len = (unsigned long)s->init_num; + *len = s->init_num; return 1; } -int ssl_cert_type(const X509 *x, const EVP_PKEY *pk) -{ - if (pk == NULL && (pk = X509_get0_pubkey(x)) == NULL) - return -1; - - switch (EVP_PKEY_id(pk)) { - default: - return -1; - case EVP_PKEY_RSA: - return SSL_PKEY_RSA_ENC; - case EVP_PKEY_DSA: - return SSL_PKEY_DSA_SIGN; -#ifndef OPENSSL_NO_EC - case EVP_PKEY_EC: - return SSL_PKEY_ECC; -#endif -#ifndef OPENSSL_NO_GOST - case NID_id_GostR3410_2001: - return SSL_PKEY_GOST01; - case NID_id_GostR3410_2012_256: - return SSL_PKEY_GOST12_256; - case NID_id_GostR3410_2012_512: - return SSL_PKEY_GOST12_512; -#endif - } -} +static const X509ERR2ALERT x509table[] = { + {X509_V_ERR_APPLICATION_VERIFICATION, SSL_AD_HANDSHAKE_FAILURE}, + {X509_V_ERR_CA_KEY_TOO_SMALL, SSL_AD_BAD_CERTIFICATE}, + {X509_V_ERR_CA_MD_TOO_WEAK, SSL_AD_BAD_CERTIFICATE}, + {X509_V_ERR_CERT_CHAIN_TOO_LONG, SSL_AD_UNKNOWN_CA}, + {X509_V_ERR_CERT_HAS_EXPIRED, SSL_AD_CERTIFICATE_EXPIRED}, + {X509_V_ERR_CERT_NOT_YET_VALID, SSL_AD_BAD_CERTIFICATE}, + {X509_V_ERR_CERT_REJECTED, SSL_AD_BAD_CERTIFICATE}, + {X509_V_ERR_CERT_REVOKED, SSL_AD_CERTIFICATE_REVOKED}, + {X509_V_ERR_CERT_SIGNATURE_FAILURE, SSL_AD_DECRYPT_ERROR}, + {X509_V_ERR_CERT_UNTRUSTED, SSL_AD_BAD_CERTIFICATE}, + {X509_V_ERR_CRL_HAS_EXPIRED, SSL_AD_CERTIFICATE_EXPIRED}, + {X509_V_ERR_CRL_NOT_YET_VALID, SSL_AD_BAD_CERTIFICATE}, + {X509_V_ERR_CRL_SIGNATURE_FAILURE, SSL_AD_DECRYPT_ERROR}, + {X509_V_ERR_DANE_NO_MATCH, SSL_AD_BAD_CERTIFICATE}, + {X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT, SSL_AD_UNKNOWN_CA}, + {X509_V_ERR_EE_KEY_TOO_SMALL, SSL_AD_BAD_CERTIFICATE}, + {X509_V_ERR_EMAIL_MISMATCH, SSL_AD_BAD_CERTIFICATE}, + {X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD, SSL_AD_BAD_CERTIFICATE}, + {X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD, SSL_AD_BAD_CERTIFICATE}, + {X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD, SSL_AD_BAD_CERTIFICATE}, + {X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD, SSL_AD_BAD_CERTIFICATE}, + {X509_V_ERR_HOSTNAME_MISMATCH, SSL_AD_BAD_CERTIFICATE}, + {X509_V_ERR_INVALID_CA, SSL_AD_UNKNOWN_CA}, + {X509_V_ERR_INVALID_CALL, SSL_AD_INTERNAL_ERROR}, + {X509_V_ERR_INVALID_PURPOSE, SSL_AD_UNSUPPORTED_CERTIFICATE}, + {X509_V_ERR_IP_ADDRESS_MISMATCH, SSL_AD_BAD_CERTIFICATE}, + {X509_V_ERR_OUT_OF_MEM, SSL_AD_INTERNAL_ERROR}, + {X509_V_ERR_PATH_LENGTH_EXCEEDED, SSL_AD_UNKNOWN_CA}, + {X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN, SSL_AD_UNKNOWN_CA}, + {X509_V_ERR_STORE_LOOKUP, SSL_AD_INTERNAL_ERROR}, + {X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY, SSL_AD_BAD_CERTIFICATE}, + {X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE, SSL_AD_BAD_CERTIFICATE}, + {X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE, SSL_AD_BAD_CERTIFICATE}, + {X509_V_ERR_UNABLE_TO_GET_CRL, SSL_AD_UNKNOWN_CA}, + {X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER, SSL_AD_UNKNOWN_CA}, + {X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT, SSL_AD_UNKNOWN_CA}, + {X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, SSL_AD_UNKNOWN_CA}, + {X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE, SSL_AD_UNKNOWN_CA}, + {X509_V_ERR_UNSPECIFIED, SSL_AD_INTERNAL_ERROR}, + + /* Last entry; return this if we don't find the value above. */ + {X509_V_OK, SSL_AD_CERTIFICATE_UNKNOWN} +}; -int ssl_verify_alarm_type(long type) +int ssl_x509err2alert(int x509err) { - int al; + const X509ERR2ALERT *tp; - switch (type) { - case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: - case X509_V_ERR_UNABLE_TO_GET_CRL: - case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: - al = SSL_AD_UNKNOWN_CA; - break; - case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: - case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: - case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: - case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: - case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: - case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: - case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: - case X509_V_ERR_CERT_NOT_YET_VALID: - case X509_V_ERR_CRL_NOT_YET_VALID: - case X509_V_ERR_CERT_UNTRUSTED: - case X509_V_ERR_CERT_REJECTED: - case X509_V_ERR_HOSTNAME_MISMATCH: - case X509_V_ERR_EMAIL_MISMATCH: - case X509_V_ERR_IP_ADDRESS_MISMATCH: - case X509_V_ERR_DANE_NO_MATCH: - case X509_V_ERR_EE_KEY_TOO_SMALL: - case X509_V_ERR_CA_KEY_TOO_SMALL: - case X509_V_ERR_CA_MD_TOO_WEAK: - al = SSL_AD_BAD_CERTIFICATE; - break; - case X509_V_ERR_CERT_SIGNATURE_FAILURE: - case X509_V_ERR_CRL_SIGNATURE_FAILURE: - al = SSL_AD_DECRYPT_ERROR; - break; - case X509_V_ERR_CERT_HAS_EXPIRED: - case X509_V_ERR_CRL_HAS_EXPIRED: - al = SSL_AD_CERTIFICATE_EXPIRED; - break; - case X509_V_ERR_CERT_REVOKED: - al = SSL_AD_CERTIFICATE_REVOKED; - break; - case X509_V_ERR_UNSPECIFIED: - case X509_V_ERR_OUT_OF_MEM: - case X509_V_ERR_INVALID_CALL: - case X509_V_ERR_STORE_LOOKUP: - al = SSL_AD_INTERNAL_ERROR; - break; - case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: - case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: - case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: - case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: - case X509_V_ERR_CERT_CHAIN_TOO_LONG: - case X509_V_ERR_PATH_LENGTH_EXCEEDED: - case X509_V_ERR_INVALID_CA: - al = SSL_AD_UNKNOWN_CA; - break; - case X509_V_ERR_APPLICATION_VERIFICATION: - al = SSL_AD_HANDSHAKE_FAILURE; - break; - case X509_V_ERR_INVALID_PURPOSE: - al = SSL_AD_UNSUPPORTED_CERTIFICATE; - break; - default: - al = SSL_AD_CERTIFICATE_UNKNOWN; - break; - } - return (al); + for (tp = x509table; tp->x509err != X509_V_OK; ++tp) + if (tp->x509err == x509err) + break; + return tp->alert; } int ssl_allow_compression(SSL *s) @@ -643,11 +1415,17 @@ typedef struct { const SSL_METHOD *(*smeth) (void); } version_info; -#if TLS_MAX_VERSION != TLS1_2_VERSION -# error Code needs update for TLS_method() support beyond TLS1_2_VERSION. +#if TLS_MAX_VERSION != TLS1_3_VERSION +# error Code needs update for TLS_method() support beyond TLS1_3_VERSION. #endif +/* Must be in order high to low */ static const version_info tls_version_table[] = { +#ifndef OPENSSL_NO_TLS1_3 + {TLS1_3_VERSION, tlsv1_3_client_method, tlsv1_3_server_method}, +#else + {TLS1_3_VERSION, NULL, NULL}, +#endif #ifndef OPENSSL_NO_TLS1_2 {TLS1_2_VERSION, tlsv1_2_client_method, tlsv1_2_server_method}, #else @@ -675,6 +1453,7 @@ static const version_info tls_version_table[] = { # error Code needs update for DTLS_method() support beyond DTLS1_2_VERSION. #endif +/* Must be in order high to low */ static const version_info dtls_version_table[] = { #ifndef OPENSSL_NO_DTLS1_2 {DTLS1_2_VERSION, dtlsv1_2_client_method, dtlsv1_2_server_method}, @@ -716,8 +1495,62 @@ static int ssl_method_error(const SSL *s, const SSL_METHOD *method) return SSL_R_UNSUPPORTED_PROTOCOL; if ((method->flags & SSL_METHOD_NO_SUITEB) != 0 && tls1_suiteb(s)) return SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE; - else if ((method->flags & SSL_METHOD_NO_FIPS) != 0 && FIPS_mode()) - return SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE; + + return 0; +} + +/* + * Only called by servers. Returns 1 if the server has a TLSv1.3 capable + * certificate type, or has PSK or a certificate callback configured. Otherwise + * returns 0. + */ +static int is_tls13_capable(const SSL *s) +{ + int i; +#ifndef OPENSSL_NO_EC + int curve; + EC_KEY *eckey; +#endif + +#ifndef OPENSSL_NO_PSK + if (s->psk_server_callback != NULL) + return 1; +#endif + + if (s->psk_find_session_cb != NULL || s->cert->cert_cb != NULL) + return 1; + + for (i = 0; i < SSL_PKEY_NUM; i++) { + /* Skip over certs disallowed for TLSv1.3 */ + switch (i) { + case SSL_PKEY_DSA_SIGN: + case SSL_PKEY_GOST01: + case SSL_PKEY_GOST12_256: + case SSL_PKEY_GOST12_512: + continue; + default: + break; + } + if (!ssl_has_cert(s, i)) + continue; +#ifndef OPENSSL_NO_EC + if (i != SSL_PKEY_ECC) + return 1; + /* + * Prior to TLSv1.3 sig algs allowed any curve to be used. TLSv1.3 is + * more restrictive so check that our sig algs are consistent with this + * EC cert. See section 4.2.3 of RFC8446. + */ + eckey = EVP_PKEY_get0_EC_KEY(s->cert->pkeys[SSL_PKEY_ECC].privatekey); + if (eckey == NULL) + continue; + curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(eckey)); + if (tls_check_sigalg_curve(s, curve)) + return 1; +#else + return 1; +#endif + } return 0; } @@ -731,7 +1564,7 @@ static int ssl_method_error(const SSL *s, const SSL_METHOD *method) * * Returns 1 when supported, otherwise 0 */ -int ssl_version_supported(const SSL *s, int version) +int ssl_version_supported(const SSL *s, int version, const SSL_METHOD **meth) { const version_info *vent; const version_info *table; @@ -751,9 +1584,14 @@ int ssl_version_supported(const SSL *s, int version) for (vent = table; vent->version != 0 && version_cmp(s, version, vent->version) <= 0; ++vent) { - if (vent->cmeth != NULL && - version_cmp(s, version, vent->version) == 0 && - ssl_method_error(s, vent->cmeth()) == 0) { + if (vent->cmeth != NULL + && version_cmp(s, version, vent->version) == 0 + && ssl_method_error(s, vent->cmeth()) == 0 + && (!s->server + || version != TLS1_3_VERSION + || is_tls13_capable(s))) { + if (meth != NULL) + *meth = vent->cmeth(); return 1; } } @@ -859,6 +1697,27 @@ int ssl_set_version_bound(int method_version, int version, int *bound) return 1; } +static void check_for_downgrade(SSL *s, int vers, DOWNGRADE *dgrd) +{ + if (vers == TLS1_2_VERSION + && ssl_version_supported(s, TLS1_3_VERSION, NULL)) { + *dgrd = DOWNGRADE_TO_1_2; + } else if (!SSL_IS_DTLS(s) + && vers < TLS1_2_VERSION + /* + * We need to ensure that a server that disables TLSv1.2 + * (creating a hole between TLSv1.3 and TLSv1.1) can still + * complete handshakes with clients that support TLSv1.2 and + * below. Therefore we do not enable the sentinel if TLSv1.3 is + * enabled and TLSv1.2 is not. + */ + && ssl_version_supported(s, TLS1_2_VERSION, NULL)) { + *dgrd = DOWNGRADE_TO_1_1; + } else { + *dgrd = DOWNGRADE_NONE; + } +} + /* * ssl_choose_server_version - Choose server (D)TLS version. Called when the * client HELLO is received to select the final server protocol version and @@ -868,7 +1727,7 @@ int ssl_set_version_bound(int method_version, int version, int *bound) * * Returns 0 on success or an SSL error reason number on failure. */ -int ssl_choose_server_version(SSL *s) +int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd) { /*- * With version-flexible methods we have an initial state with: @@ -880,23 +1739,34 @@ int ssl_choose_server_version(SSL *s) * handle version. */ int server_version = s->method->version; - int client_version = s->client_version; + int client_version = hello->legacy_version; const version_info *vent; const version_info *table; int disabled = 0; + RAW_EXTENSION *suppversions; + + s->client_version = client_version; switch (server_version) { default: - if (version_cmp(s, client_version, s->version) < 0) - return SSL_R_WRONG_SSL_VERSION; + if (!SSL_IS_TLS13(s)) { + if (version_cmp(s, client_version, s->version) < 0) + return SSL_R_WRONG_SSL_VERSION; + *dgrd = DOWNGRADE_NONE; + /* + * If this SSL handle is not from a version flexible method we don't + * (and never did) check min/max FIPS or Suite B constraints. Hope + * that's OK. It is up to the caller to not choose fixed protocol + * versions they don't want. If not, then easy to fix, just return + * ssl_method_error(s, s->method) + */ + return 0; + } /* - * If this SSL handle is not from a version flexible method we don't - * (and never did) check min/max FIPS or Suite B constraints. Hope - * that's OK. It is up to the caller to not choose fixed protocol - * versions they don't want. If not, then easy to fix, just return - * ssl_method_error(s, s->method) + * Fall through if we are TLSv1.3 already (this means we must be after + * a HelloRetryRequest */ - return 0; + /* fall thru */ case TLS_ANY_VERSION: table = tls_version_table; break; @@ -905,6 +1775,77 @@ int ssl_choose_server_version(SSL *s) break; } + suppversions = &hello->pre_proc_exts[TLSEXT_IDX_supported_versions]; + + /* If we did an HRR then supported versions is mandatory */ + if (!suppversions->present && s->hello_retry_request != SSL_HRR_NONE) + return SSL_R_UNSUPPORTED_PROTOCOL; + + if (suppversions->present && !SSL_IS_DTLS(s)) { + unsigned int candidate_vers = 0; + unsigned int best_vers = 0; + const SSL_METHOD *best_method = NULL; + PACKET versionslist; + + suppversions->parsed = 1; + + if (!PACKET_as_length_prefixed_1(&suppversions->data, &versionslist)) { + /* Trailing or invalid data? */ + return SSL_R_LENGTH_MISMATCH; + } + + /* + * The TLSv1.3 spec says the client MUST set this to TLS1_2_VERSION. + * The spec only requires servers to check that it isn't SSLv3: + * "Any endpoint receiving a Hello message with + * ClientHello.legacy_version or ServerHello.legacy_version set to + * 0x0300 MUST abort the handshake with a "protocol_version" alert." + * We are slightly stricter and require that it isn't SSLv3 or lower. + * We tolerate TLSv1 and TLSv1.1. + */ + if (client_version <= SSL3_VERSION) + return SSL_R_BAD_LEGACY_VERSION; + + while (PACKET_get_net_2(&versionslist, &candidate_vers)) { + if (version_cmp(s, candidate_vers, best_vers) <= 0) + continue; + if (ssl_version_supported(s, candidate_vers, &best_method)) + best_vers = candidate_vers; + } + if (PACKET_remaining(&versionslist) != 0) { + /* Trailing data? */ + return SSL_R_LENGTH_MISMATCH; + } + + if (best_vers > 0) { + if (s->hello_retry_request != SSL_HRR_NONE) { + /* + * This is after a HelloRetryRequest so we better check that we + * negotiated TLSv1.3 + */ + if (best_vers != TLS1_3_VERSION) + return SSL_R_UNSUPPORTED_PROTOCOL; + return 0; + } + check_for_downgrade(s, best_vers, dgrd); + s->version = best_vers; + s->method = best_method; + return 0; + } + return SSL_R_UNSUPPORTED_PROTOCOL; + } + + /* + * If the supported versions extension isn't present, then the highest + * version we can negotiate is TLSv1.2 + */ + if (version_cmp(s, client_version, TLS1_3_VERSION) >= 0) + client_version = TLS1_2_VERSION; + + /* + * No supported versions extension, so we just use the version supplied in + * the ClientHello. + */ for (vent = table; vent->version != 0; ++vent) { const SSL_METHOD *method; @@ -913,6 +1854,7 @@ int ssl_choose_server_version(SSL *s) continue; method = vent->smeth(); if (ssl_method_error(s, method) == 0) { + check_for_downgrade(s, vent->version, dgrd); s->version = vent->version; s->method = method; return 0; @@ -929,18 +1871,45 @@ int ssl_choose_server_version(SSL *s) * * @s: client SSL handle. * @version: The proposed version from the server's HELLO. + * @extensions: The extensions received * - * Returns 0 on success or an SSL error reason number on failure. + * Returns 1 on success or 0 on error. */ -int ssl_choose_client_version(SSL *s, int version) +int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions) { const version_info *vent; const version_info *table; + int ret, ver_min, ver_max, real_max, origv; + + origv = s->version; + s->version = version; + + /* This will overwrite s->version if the extension is present */ + if (!tls_parse_extension(s, TLSEXT_IDX_supported_versions, + SSL_EXT_TLS1_2_SERVER_HELLO + | SSL_EXT_TLS1_3_SERVER_HELLO, extensions, + NULL, 0)) { + s->version = origv; + return 0; + } + + if (s->hello_retry_request != SSL_HRR_NONE + && s->version != TLS1_3_VERSION) { + s->version = origv; + SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_F_SSL_CHOOSE_CLIENT_VERSION, + SSL_R_WRONG_SSL_VERSION); + return 0; + } switch (s->method->version) { default: - if (version != s->version) - return SSL_R_WRONG_SSL_VERSION; + if (s->version != s->method->version) { + s->version = origv; + SSLfatal(s, SSL_AD_PROTOCOL_VERSION, + SSL_F_SSL_CHOOSE_CLIENT_VERSION, + SSL_R_WRONG_SSL_VERSION); + return 0; + } /* * If this SSL handle is not from a version flexible method we don't * (and never did) check min/max, FIPS or Suite B constraints. Hope @@ -948,7 +1917,7 @@ int ssl_choose_client_version(SSL *s, int version) * versions they don't want. If not, then easy to fix, just return * ssl_method_error(s, s->method) */ - return 0; + return 1; case TLS_ANY_VERSION: table = tls_version_table; break; @@ -957,36 +1926,84 @@ int ssl_choose_client_version(SSL *s, int version) break; } - for (vent = table; vent->version != 0; ++vent) { - const SSL_METHOD *method; - int err; + ret = ssl_get_min_max_version(s, &ver_min, &ver_max, &real_max); + if (ret != 0) { + s->version = origv; + SSLfatal(s, SSL_AD_PROTOCOL_VERSION, + SSL_F_SSL_CHOOSE_CLIENT_VERSION, ret); + return 0; + } + if (SSL_IS_DTLS(s) ? DTLS_VERSION_LT(s->version, ver_min) + : s->version < ver_min) { + s->version = origv; + SSLfatal(s, SSL_AD_PROTOCOL_VERSION, + SSL_F_SSL_CHOOSE_CLIENT_VERSION, SSL_R_UNSUPPORTED_PROTOCOL); + return 0; + } else if (SSL_IS_DTLS(s) ? DTLS_VERSION_GT(s->version, ver_max) + : s->version > ver_max) { + s->version = origv; + SSLfatal(s, SSL_AD_PROTOCOL_VERSION, + SSL_F_SSL_CHOOSE_CLIENT_VERSION, SSL_R_UNSUPPORTED_PROTOCOL); + return 0; + } + + if ((s->mode & SSL_MODE_SEND_FALLBACK_SCSV) == 0) + real_max = ver_max; + + /* Check for downgrades */ + if (s->version == TLS1_2_VERSION && real_max > s->version) { + if (memcmp(tls12downgrade, + s->s3->server_random + SSL3_RANDOM_SIZE + - sizeof(tls12downgrade), + sizeof(tls12downgrade)) == 0) { + s->version = origv; + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, + SSL_F_SSL_CHOOSE_CLIENT_VERSION, + SSL_R_INAPPROPRIATE_FALLBACK); + return 0; + } + } else if (!SSL_IS_DTLS(s) + && s->version < TLS1_2_VERSION + && real_max > s->version) { + if (memcmp(tls11downgrade, + s->s3->server_random + SSL3_RANDOM_SIZE + - sizeof(tls11downgrade), + sizeof(tls11downgrade)) == 0) { + s->version = origv; + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, + SSL_F_SSL_CHOOSE_CLIENT_VERSION, + SSL_R_INAPPROPRIATE_FALLBACK); + return 0; + } + } - if (version != vent->version) + for (vent = table; vent->version != 0; ++vent) { + if (vent->cmeth == NULL || s->version != vent->version) continue; - if (vent->cmeth == NULL) - break; - method = vent->cmeth(); - err = ssl_method_error(s, method); - if (err != 0) - return err; - s->method = method; - s->version = version; - return 0; + + s->method = vent->cmeth(); + return 1; } - return SSL_R_UNSUPPORTED_PROTOCOL; + s->version = origv; + SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_F_SSL_CHOOSE_CLIENT_VERSION, + SSL_R_UNSUPPORTED_PROTOCOL); + return 0; } /* - * ssl_get_client_min_max_version - get minimum and maximum client version + * ssl_get_min_max_version - get minimum and maximum protocol version * @s: The SSL connection * @min_version: The minimum supported version * @max_version: The maximum supported version + * @real_max: The highest version below the lowest compile time version hole + * where that hole lies above at least one run-time enabled + * protocol. * * Work out what version we should be using for the initial ClientHello if the * version is initially (D)TLS_ANY_VERSION. We apply any explicit SSL_OP_NO_xxx * options, the MinProtocol and MaxProtocol configuration commands, any Suite B - * or FIPS_mode() constraints and any floor imposed by the security level here, + * constraints and any floor imposed by the security level here, * so we don't advertise the wrong protocol version to only reject the outcome later. * * Computing the right floor matters. If, e.g., TLS 1.0 and 1.2 are enabled, @@ -996,10 +2013,10 @@ int ssl_choose_client_version(SSL *s, int version) * Returns 0 on success or an SSL error reason number on failure. On failure * min_version and max_version will also be set to 0. */ -int ssl_get_client_min_max_version(const SSL *s, int *min_version, - int *max_version) +int ssl_get_min_max_version(const SSL *s, int *min_version, int *max_version, + int *real_max) { - int version; + int version, tmp_real_max; int hole; const SSL_METHOD *single = NULL; const SSL_METHOD *method; @@ -1016,6 +2033,12 @@ int ssl_get_client_min_max_version(const SSL *s, int *min_version, * ssl_method_error(s, s->method) */ *min_version = *max_version = s->version; + /* + * Providing a real_max only makes sense where we're using a version + * flexible method. + */ + if (!ossl_assert(real_max == NULL)) + return ERR_R_INTERNAL_ERROR; return 0; case TLS_ANY_VERSION: table = tls_version_table; @@ -1048,6 +2071,9 @@ int ssl_get_client_min_max_version(const SSL *s, int *min_version, */ *min_version = version = 0; hole = 1; + if (real_max != NULL) + *real_max = 0; + tmp_real_max = 0; for (vent = table; vent->version != 0; ++vent) { /* * A table entry with a NULL client method is still a hole in the @@ -1055,15 +2081,22 @@ int ssl_get_client_min_max_version(const SSL *s, int *min_version, */ if (vent->cmeth == NULL) { hole = 1; + tmp_real_max = 0; continue; } method = vent->cmeth(); + + if (hole == 1 && tmp_real_max == 0) + tmp_real_max = vent->version; + if (ssl_method_error(s, method) != 0) { hole = 1; } else if (!hole) { single = NULL; *min_version = method->version; } else { + if (real_max != NULL && tmp_real_max != 0) + *real_max = tmp_real_max; version = (single = method)->version; *min_version = version; hole = 0; @@ -1081,7 +2114,7 @@ int ssl_get_client_min_max_version(const SSL *s, int *min_version, /* * ssl_set_client_hello_version - Work out what version we should be using for - * the initial ClientHello. + * the initial ClientHello.legacy_version field. * * @s: client SSL handle. * @@ -1098,11 +2131,291 @@ int ssl_set_client_hello_version(SSL *s) if (!SSL_IS_FIRST_HANDSHAKE(s)) return 0; - ret = ssl_get_client_min_max_version(s, &ver_min, &ver_max); + ret = ssl_get_min_max_version(s, &ver_min, &ver_max, NULL); if (ret != 0) return ret; - s->client_version = s->version = ver_max; + s->version = ver_max; + + /* TLS1.3 always uses TLS1.2 in the legacy_version field */ + if (!SSL_IS_DTLS(s) && ver_max > TLS1_2_VERSION) + ver_max = TLS1_2_VERSION; + + s->client_version = ver_max; + return 0; +} + +/* + * Checks a list of |groups| to determine if the |group_id| is in it. If it is + * and |checkallow| is 1 then additionally check if the group is allowed to be + * used. Returns 1 if the group is in the list (and allowed if |checkallow| is + * 1) or 0 otherwise. + */ +#ifndef OPENSSL_NO_EC +int check_in_list(SSL *s, uint16_t group_id, const uint16_t *groups, + size_t num_groups, int checkallow) +{ + size_t i; + + if (groups == NULL || num_groups == 0) + return 0; + + for (i = 0; i < num_groups; i++) { + uint16_t group = groups[i]; + + if (group_id == group + && (!checkallow + || tls_curve_allowed(s, group, SSL_SECOP_CURVE_CHECK))) { + return 1; + } + } + + return 0; +} +#endif + +/* Replace ClientHello1 in the transcript hash with a synthetic message */ +int create_synthetic_message_hash(SSL *s, const unsigned char *hashval, + size_t hashlen, const unsigned char *hrr, + size_t hrrlen) +{ + unsigned char hashvaltmp[EVP_MAX_MD_SIZE]; + unsigned char msghdr[SSL3_HM_HEADER_LENGTH]; + + memset(msghdr, 0, sizeof(msghdr)); + + if (hashval == NULL) { + hashval = hashvaltmp; + hashlen = 0; + /* Get the hash of the initial ClientHello */ + if (!ssl3_digest_cached_records(s, 0) + || !ssl_handshake_hash(s, hashvaltmp, sizeof(hashvaltmp), + &hashlen)) { + /* SSLfatal() already called */ + return 0; + } + } + + /* Reinitialise the transcript hash */ + if (!ssl3_init_finished_mac(s)) { + /* SSLfatal() already called */ + return 0; + } + + /* Inject the synthetic message_hash message */ + msghdr[0] = SSL3_MT_MESSAGE_HASH; + msghdr[SSL3_HM_HEADER_LENGTH - 1] = (unsigned char)hashlen; + if (!ssl3_finish_mac(s, msghdr, SSL3_HM_HEADER_LENGTH) + || !ssl3_finish_mac(s, hashval, hashlen)) { + /* SSLfatal() already called */ + return 0; + } + + /* + * Now re-inject the HRR and current message if appropriate (we just deleted + * it when we reinitialised the transcript hash above). Only necessary after + * receiving a ClientHello2 with a cookie. + */ + if (hrr != NULL + && (!ssl3_finish_mac(s, hrr, hrrlen) + || !ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, + s->s3->tmp.message_size + + SSL3_HM_HEADER_LENGTH))) { + /* SSLfatal() already called */ + return 0; + } + + return 1; +} + +static int ca_dn_cmp(const X509_NAME *const *a, const X509_NAME *const *b) +{ + return X509_NAME_cmp(*a, *b); +} + +int parse_ca_names(SSL *s, PACKET *pkt) +{ + STACK_OF(X509_NAME) *ca_sk = sk_X509_NAME_new(ca_dn_cmp); + X509_NAME *xn = NULL; + PACKET cadns; + + if (ca_sk == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_PARSE_CA_NAMES, + ERR_R_MALLOC_FAILURE); + goto err; + } + /* get the CA RDNs */ + if (!PACKET_get_length_prefixed_2(pkt, &cadns)) { + SSLfatal(s, SSL_AD_DECODE_ERROR,SSL_F_PARSE_CA_NAMES, + SSL_R_LENGTH_MISMATCH); + goto err; + } + + while (PACKET_remaining(&cadns)) { + const unsigned char *namestart, *namebytes; + unsigned int name_len; + + if (!PACKET_get_net_2(&cadns, &name_len) + || !PACKET_get_bytes(&cadns, &namebytes, name_len)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_PARSE_CA_NAMES, + SSL_R_LENGTH_MISMATCH); + goto err; + } + + namestart = namebytes; + if ((xn = d2i_X509_NAME(NULL, &namebytes, name_len)) == NULL) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_PARSE_CA_NAMES, + ERR_R_ASN1_LIB); + goto err; + } + if (namebytes != (namestart + name_len)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_PARSE_CA_NAMES, + SSL_R_CA_DN_LENGTH_MISMATCH); + goto err; + } + + if (!sk_X509_NAME_push(ca_sk, xn)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_PARSE_CA_NAMES, + ERR_R_MALLOC_FAILURE); + goto err; + } + xn = NULL; + } + + sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free); + s->s3->tmp.peer_ca_names = ca_sk; + + return 1; + + err: + sk_X509_NAME_pop_free(ca_sk, X509_NAME_free); + X509_NAME_free(xn); return 0; } + +const STACK_OF(X509_NAME) *get_ca_names(SSL *s) +{ + const STACK_OF(X509_NAME) *ca_sk = NULL;; + + if (s->server) { + ca_sk = SSL_get_client_CA_list(s); + if (ca_sk != NULL && sk_X509_NAME_num(ca_sk) == 0) + ca_sk = NULL; + } + + if (ca_sk == NULL) + ca_sk = SSL_get0_CA_list(s); + + return ca_sk; +} + +int construct_ca_names(SSL *s, const STACK_OF(X509_NAME) *ca_sk, WPACKET *pkt) +{ + /* Start sub-packet for client CA list */ + if (!WPACKET_start_sub_packet_u16(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_CA_NAMES, + ERR_R_INTERNAL_ERROR); + return 0; + } + + if (ca_sk != NULL) { + int i; + + for (i = 0; i < sk_X509_NAME_num(ca_sk); i++) { + unsigned char *namebytes; + X509_NAME *name = sk_X509_NAME_value(ca_sk, i); + int namelen; + + if (name == NULL + || (namelen = i2d_X509_NAME(name, NULL)) < 0 + || !WPACKET_sub_allocate_bytes_u16(pkt, namelen, + &namebytes) + || i2d_X509_NAME(name, &namebytes) != namelen) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_CA_NAMES, + ERR_R_INTERNAL_ERROR); + return 0; + } + } + } + + if (!WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_CA_NAMES, + ERR_R_INTERNAL_ERROR); + return 0; + } + + return 1; +} + +/* Create a buffer containing data to be signed for server key exchange */ +size_t construct_key_exchange_tbs(SSL *s, unsigned char **ptbs, + const void *param, size_t paramlen) +{ + size_t tbslen = 2 * SSL3_RANDOM_SIZE + paramlen; + unsigned char *tbs = OPENSSL_malloc(tbslen); + + if (tbs == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS, + ERR_R_MALLOC_FAILURE); + return 0; + } + memcpy(tbs, s->s3->client_random, SSL3_RANDOM_SIZE); + memcpy(tbs + SSL3_RANDOM_SIZE, s->s3->server_random, SSL3_RANDOM_SIZE); + + memcpy(tbs + SSL3_RANDOM_SIZE * 2, param, paramlen); + + *ptbs = tbs; + return tbslen; +} + +/* + * Saves the current handshake digest for Post-Handshake Auth, + * Done after ClientFinished is processed, done exactly once + */ +int tls13_save_handshake_digest_for_pha(SSL *s) +{ + if (s->pha_dgst == NULL) { + if (!ssl3_digest_cached_records(s, 1)) + /* SSLfatal() already called */ + return 0; + + s->pha_dgst = EVP_MD_CTX_new(); + if (s->pha_dgst == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS13_SAVE_HANDSHAKE_DIGEST_FOR_PHA, + ERR_R_INTERNAL_ERROR); + return 0; + } + if (!EVP_MD_CTX_copy_ex(s->pha_dgst, + s->s3->handshake_dgst)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS13_SAVE_HANDSHAKE_DIGEST_FOR_PHA, + ERR_R_INTERNAL_ERROR); + return 0; + } + } + return 1; +} + +/* + * Restores the Post-Handshake Auth handshake digest + * Done just before sending/processing the Cert Request + */ +int tls13_restore_handshake_digest_for_pha(SSL *s) +{ + if (s->pha_dgst == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS13_RESTORE_HANDSHAKE_DIGEST_FOR_PHA, + ERR_R_INTERNAL_ERROR); + return 0; + } + if (!EVP_MD_CTX_copy_ex(s->s3->handshake_dgst, + s->pha_dgst)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS13_RESTORE_HANDSHAKE_DIGEST_FOR_PHA, + ERR_R_INTERNAL_ERROR); + return 0; + } + return 1; +} diff --git a/deps/openssl/openssl/ssl/statem/statem_locl.h b/deps/openssl/openssl/ssl/statem/statem_locl.h index 5dbc62b67f6b97..6b8cf37faa0116 100644 --- a/deps/openssl/openssl/ssl/statem/statem_locl.h +++ b/deps/openssl/openssl/ssl/statem/statem_locl.h @@ -18,13 +18,25 @@ /* The spec allows for a longer length than this, but we limit it */ #define HELLO_VERIFY_REQUEST_MAX_LENGTH 258 +#define END_OF_EARLY_DATA_MAX_LENGTH 0 #define SERVER_HELLO_MAX_LENGTH 20000 +#define HELLO_RETRY_REQUEST_MAX_LENGTH 20000 +#define ENCRYPTED_EXTENSIONS_MAX_LENGTH 20000 #define SERVER_KEY_EXCH_MAX_LENGTH 102400 #define SERVER_HELLO_DONE_MAX_LENGTH 0 +#define KEY_UPDATE_MAX_LENGTH 1 #define CCS_MAX_LENGTH 1 /* Max should actually be 36 but we are generous */ #define FINISHED_MAX_LENGTH 64 +/* The maximum number of incoming KeyUpdate messages we will accept */ +#define MAX_KEY_UPDATE_MESSAGES 32 + +/* Dummy message type */ +#define SSL3_MT_DUMMY -1 + +extern const unsigned char hrrrandom[]; + /* Message processing return codes */ typedef enum { /* Something bad happened */ @@ -40,9 +52,19 @@ typedef enum { MSG_PROCESS_CONTINUE_READING } MSG_PROCESS_RETURN; -/* Flush the write BIO */ -int statem_flush(SSL *s); +typedef int (*confunc_f) (SSL *s, WPACKET *pkt); + int ssl3_take_mac(SSL *s); +int check_in_list(SSL *s, uint16_t group_id, const uint16_t *groups, + size_t num_groups, int checkallow); +int create_synthetic_message_hash(SSL *s, const unsigned char *hashval, + size_t hashlen, const unsigned char *hrr, + size_t hrrlen); +int parse_ca_names(SSL *s, PACKET *pkt); +const STACK_OF(X509_NAME) *get_ca_names(SSL *s); +int construct_ca_names(SSL *s, const STACK_OF(X509_NAME) *ca_sk, WPACKET *pkt); +size_t construct_key_exchange_tbs(SSL *s, unsigned char **ptbs, + const void *param, size_t paramlen); /* * TLS/DTLS client state machine functions @@ -51,8 +73,9 @@ int ossl_statem_client_read_transition(SSL *s, int mt); WRITE_TRAN ossl_statem_client_write_transition(SSL *s); WORK_STATE ossl_statem_client_pre_work(SSL *s, WORK_STATE wst); WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst); -int ossl_statem_client_construct_message(SSL *s); -unsigned long ossl_statem_client_max_message_size(SSL *s); +int ossl_statem_client_construct_message(SSL *s, WPACKET *pkt, + confunc_f *confunc, int *mt); +size_t ossl_statem_client_max_message_size(SSL *s); MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL *s, PACKET *pkt); WORK_STATE ossl_statem_client_post_process_message(SSL *s, WORK_STATE wst); @@ -63,58 +86,66 @@ int ossl_statem_server_read_transition(SSL *s, int mt); WRITE_TRAN ossl_statem_server_write_transition(SSL *s); WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst); WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst); -int ossl_statem_server_construct_message(SSL *s); -unsigned long ossl_statem_server_max_message_size(SSL *s); +int ossl_statem_server_construct_message(SSL *s, WPACKET *pkt, + confunc_f *confunc,int *mt); +size_t ossl_statem_server_max_message_size(SSL *s); MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL *s, PACKET *pkt); WORK_STATE ossl_statem_server_post_process_message(SSL *s, WORK_STATE wst); /* Functions for getting new message data */ __owur int tls_get_message_header(SSL *s, int *mt); -__owur int tls_get_message_body(SSL *s, unsigned long *len); -__owur int dtls_get_message(SSL *s, int *mt, unsigned long *len); +__owur int tls_get_message_body(SSL *s, size_t *len); +__owur int dtls_get_message(SSL *s, int *mt, size_t *len); /* Message construction and processing functions */ +__owur int tls_process_initial_server_flight(SSL *s); __owur MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt); __owur MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt); -__owur int tls_construct_change_cipher_spec(SSL *s); -__owur int dtls_construct_change_cipher_spec(SSL *s); +__owur int tls_construct_change_cipher_spec(SSL *s, WPACKET *pkt); +__owur int dtls_construct_change_cipher_spec(SSL *s, WPACKET *pkt); -__owur int tls_construct_finished(SSL *s, const char *sender, int slen); -__owur WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst); +__owur int tls_construct_finished(SSL *s, WPACKET *pkt); +__owur int tls_construct_key_update(SSL *s, WPACKET *pkt); +__owur MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt); +__owur WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, + int stop); __owur WORK_STATE dtls_wait_for_dry(SSL *s); /* some client-only functions */ -__owur int tls_construct_client_hello(SSL *s); +__owur int tls_construct_client_hello(SSL *s, WPACKET *pkt); __owur MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt); __owur MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt); __owur MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt); +__owur int tls_process_cert_status_body(SSL *s, PACKET *pkt); __owur MSG_PROCESS_RETURN tls_process_cert_status(SSL *s, PACKET *pkt); __owur MSG_PROCESS_RETURN tls_process_server_done(SSL *s, PACKET *pkt); -__owur int tls_construct_client_verify(SSL *s); +__owur int tls_construct_cert_verify(SSL *s, WPACKET *pkt); __owur WORK_STATE tls_prepare_client_certificate(SSL *s, WORK_STATE wst); -__owur int tls_construct_client_certificate(SSL *s); +__owur int tls_construct_client_certificate(SSL *s, WPACKET *pkt); __owur int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey); -__owur int tls_construct_client_key_exchange(SSL *s); +__owur int tls_construct_client_key_exchange(SSL *s, WPACKET *pkt); __owur int tls_client_key_exchange_post_work(SSL *s); -__owur int tls_construct_cert_status(SSL *s); +__owur int tls_construct_cert_status_body(SSL *s, WPACKET *pkt); +__owur int tls_construct_cert_status(SSL *s, WPACKET *pkt); __owur MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt); __owur MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt); __owur int ssl3_check_cert_and_algorithm(SSL *s); #ifndef OPENSSL_NO_NEXTPROTONEG -__owur int tls_construct_next_proto(SSL *s); +__owur int tls_construct_next_proto(SSL *s, WPACKET *pkt); #endif +__owur MSG_PROCESS_RETURN tls_process_hello_req(SSL *s, PACKET *pkt); __owur MSG_PROCESS_RETURN dtls_process_hello_verify(SSL *s, PACKET *pkt); +__owur int tls_construct_end_of_early_data(SSL *s, WPACKET *pkt); /* some server-only functions */ __owur MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt); __owur WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst); -__owur int tls_construct_server_hello(SSL *s); -__owur int tls_construct_hello_request(SSL *s); -__owur int dtls_construct_hello_verify_request(SSL *s); -__owur int tls_construct_server_certificate(SSL *s); -__owur int tls_construct_server_key_exchange(SSL *s); -__owur int tls_construct_certificate_request(SSL *s); -__owur int tls_construct_server_done(SSL *s); +__owur int tls_construct_server_hello(SSL *s, WPACKET *pkt); +__owur int dtls_construct_hello_verify_request(SSL *s, WPACKET *pkt); +__owur int tls_construct_server_certificate(SSL *s, WPACKET *pkt); +__owur int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt); +__owur int tls_construct_certificate_request(SSL *s, WPACKET *pkt); +__owur int tls_construct_server_done(SSL *s, WPACKET *pkt); __owur MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt); __owur MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt); __owur WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst); @@ -122,4 +153,271 @@ __owur MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt); #ifndef OPENSSL_NO_NEXTPROTONEG __owur MSG_PROCESS_RETURN tls_process_next_proto(SSL *s, PACKET *pkt); #endif -__owur int tls_construct_new_session_ticket(SSL *s); +__owur int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt); +MSG_PROCESS_RETURN tls_process_end_of_early_data(SSL *s, PACKET *pkt); + + +/* Extension processing */ + +typedef enum ext_return_en { + EXT_RETURN_FAIL, + EXT_RETURN_SENT, + EXT_RETURN_NOT_SENT +} EXT_RETURN; + +__owur int tls_validate_all_contexts(SSL *s, unsigned int thisctx, + RAW_EXTENSION *exts); +__owur int extension_is_relevant(SSL *s, unsigned int extctx, + unsigned int thisctx); +__owur int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, + RAW_EXTENSION **res, size_t *len, int init); +__owur int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context, + RAW_EXTENSION *exts, X509 *x, size_t chainidx); +__owur int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts, + X509 *x, size_t chainidx, int fin); +__owur int should_add_extension(SSL *s, unsigned int extctx, + unsigned int thisctx, int max_version); +__owur int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); + +__owur int tls_psk_do_binder(SSL *s, const EVP_MD *md, + const unsigned char *msgstart, + size_t binderoffset, const unsigned char *binderin, + unsigned char *binderout, + SSL_SESSION *sess, int sign, int external); + +/* Server Extension processing */ +int tls_parse_ctos_renegotiate(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); +int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); +int tls_parse_ctos_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); +#ifndef OPENSSL_NO_SRP +int tls_parse_ctos_srp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx); +#endif +int tls_parse_ctos_early_data(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); +#ifndef OPENSSL_NO_EC +int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); +int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidxl); +#endif +int tls_parse_ctos_session_ticket(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); +int tls_parse_ctos_sig_algs_cert(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); +int tls_parse_ctos_sig_algs(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx); +#ifndef OPENSSL_NO_OCSP +int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); +#endif +#ifndef OPENSSL_NO_NEXTPROTONEG +int tls_parse_ctos_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx); +#endif +int tls_parse_ctos_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx); +#ifndef OPENSSL_NO_SRTP +int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx); +#endif +int tls_parse_ctos_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx); +int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx); +int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx); +int tls_parse_ctos_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx); +int tls_parse_ctos_psk_kex_modes(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); +int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx); +int tls_parse_ctos_post_handshake_auth(SSL *, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); + +EXT_RETURN tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx); +EXT_RETURN tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx); +EXT_RETURN tls_construct_stoc_early_data(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx); +EXT_RETURN tls_construct_stoc_maxfragmentlen(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx); +#ifndef OPENSSL_NO_EC +EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx); +#endif +EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx); +EXT_RETURN tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx); +#ifndef OPENSSL_NO_OCSP +EXT_RETURN tls_construct_stoc_status_request(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx); +#endif +#ifndef OPENSSL_NO_NEXTPROTONEG +EXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx); +#endif +EXT_RETURN tls_construct_stoc_alpn(SSL *s, WPACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); +#ifndef OPENSSL_NO_SRTP +EXT_RETURN tls_construct_stoc_use_srtp(SSL *s, WPACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); +#endif +EXT_RETURN tls_construct_stoc_etm(SSL *s, WPACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); +EXT_RETURN tls_construct_stoc_ems(SSL *s, WPACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); +EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx); +EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx); +EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); +/* + * Not in public headers as this is not an official extension. Only used when + * SSL_OP_CRYPTOPRO_TLSEXT_BUG is set. + */ +#define TLSEXT_TYPE_cryptopro_bug 0xfde8 +EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx); +EXT_RETURN tls_construct_stoc_psk(SSL *s, WPACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); + +/* Client Extension processing */ +EXT_RETURN tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); +EXT_RETURN tls_construct_ctos_server_name(SSL *s, WPACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); +EXT_RETURN tls_construct_ctos_maxfragmentlen(SSL *s, WPACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); +#ifndef OPENSSL_NO_SRP +EXT_RETURN tls_construct_ctos_srp(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, + size_t chainidx); +#endif +#ifndef OPENSSL_NO_EC +EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx); +EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx); +#endif +EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx); +EXT_RETURN tls_construct_ctos_session_ticket(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx); +EXT_RETURN tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx); +#ifndef OPENSSL_NO_OCSP +EXT_RETURN tls_construct_ctos_status_request(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx); +#endif +#ifndef OPENSSL_NO_NEXTPROTONEG +EXT_RETURN tls_construct_ctos_npn(SSL *s, WPACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); +#endif +EXT_RETURN tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); +#ifndef OPENSSL_NO_SRTP +EXT_RETURN tls_construct_ctos_use_srtp(SSL *s, WPACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); +#endif +EXT_RETURN tls_construct_ctos_etm(SSL *s, WPACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); +#ifndef OPENSSL_NO_CT +EXT_RETURN tls_construct_ctos_sct(SSL *s, WPACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); +#endif +EXT_RETURN tls_construct_ctos_ems(SSL *s, WPACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); +EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx); +EXT_RETURN tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx); +EXT_RETURN tls_construct_ctos_psk_kex_modes(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx); +EXT_RETURN tls_construct_ctos_cookie(SSL *s, WPACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); +EXT_RETURN tls_construct_ctos_padding(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, + size_t chainidx); +EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); +EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL *s, WPACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); + +int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); +int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); +int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); +int tls_parse_stoc_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); +#ifndef OPENSSL_NO_EC +int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); +#endif +int tls_parse_stoc_session_ticket(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); +#ifndef OPENSSL_NO_OCSP +int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); +#endif +#ifndef OPENSSL_NO_CT +int tls_parse_stoc_sct(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx); +#endif +#ifndef OPENSSL_NO_NEXTPROTONEG +int tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx); +#endif +int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx); +#ifndef OPENSSL_NO_SRTP +int tls_parse_stoc_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx); +#endif +int tls_parse_stoc_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx); +int tls_parse_stoc_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx); +int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); +int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx); +int tls_parse_stoc_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx); +int tls_parse_stoc_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx); + +int tls_handle_alpn(SSL *s); + +int tls13_save_handshake_digest_for_pha(SSL *s); +int tls13_restore_handshake_digest_for_pha(SSL *s); diff --git a/deps/openssl/openssl/ssl/statem/statem_srvr.c b/deps/openssl/openssl/ssl/statem/statem_srvr.c index f81fa5e199438f..e7c11c4bea4dee 100644 --- a/deps/openssl/openssl/ssl/statem/statem_srvr.c +++ b/deps/openssl/openssl/ssl/statem/statem_srvr.c @@ -1,5 +1,7 @@ /* * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * Copyright 2005 Nokia. All rights reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,50 +9,11 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * - * Portions of the attached software ("Contribution") are developed by - * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. - * - * The Contribution is licensed pursuant to the OpenSSL open source - * license provided above. - * - * ECC cipher suite support in OpenSSL originally written by - * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. - * - */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - #include #include "../ssl_locl.h" #include "statem_locl.h" #include "internal/constant_time_locl.h" +#include "internal/cryptlib.h" #include #include #include @@ -61,28 +24,134 @@ #include #include -static STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, - PACKET *cipher_suites, - STACK_OF(SSL_CIPHER) - **skp, int sslv2format, - int *al); +#define TICKET_NONCE_SIZE 8 + +static int tls_construct_encrypted_extensions(SSL *s, WPACKET *pkt); + +/* + * ossl_statem_server13_read_transition() encapsulates the logic for the allowed + * handshake state transitions when a TLSv1.3 server is reading messages from + * the client. The message type that the client has sent is provided in |mt|. + * The current state is in |s->statem.hand_state|. + * + * Return values are 1 for success (transition allowed) and 0 on error + * (transition not allowed) + */ +static int ossl_statem_server13_read_transition(SSL *s, int mt) +{ + OSSL_STATEM *st = &s->statem; + + /* + * Note: There is no case for TLS_ST_BEFORE because at that stage we have + * not negotiated TLSv1.3 yet, so that case is handled by + * ossl_statem_server_read_transition() + */ + switch (st->hand_state) { + default: + break; + + case TLS_ST_EARLY_DATA: + if (s->hello_retry_request == SSL_HRR_PENDING) { + if (mt == SSL3_MT_CLIENT_HELLO) { + st->hand_state = TLS_ST_SR_CLNT_HELLO; + return 1; + } + break; + } else if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) { + if (mt == SSL3_MT_END_OF_EARLY_DATA) { + st->hand_state = TLS_ST_SR_END_OF_EARLY_DATA; + return 1; + } + break; + } + /* Fall through */ + + case TLS_ST_SR_END_OF_EARLY_DATA: + case TLS_ST_SW_FINISHED: + if (s->s3->tmp.cert_request) { + if (mt == SSL3_MT_CERTIFICATE) { + st->hand_state = TLS_ST_SR_CERT; + return 1; + } + } else { + if (mt == SSL3_MT_FINISHED) { + st->hand_state = TLS_ST_SR_FINISHED; + return 1; + } + } + break; + + case TLS_ST_SR_CERT: + if (s->session->peer == NULL) { + if (mt == SSL3_MT_FINISHED) { + st->hand_state = TLS_ST_SR_FINISHED; + return 1; + } + } else { + if (mt == SSL3_MT_CERTIFICATE_VERIFY) { + st->hand_state = TLS_ST_SR_CERT_VRFY; + return 1; + } + } + break; + + case TLS_ST_SR_CERT_VRFY: + if (mt == SSL3_MT_FINISHED) { + st->hand_state = TLS_ST_SR_FINISHED; + return 1; + } + break; + + case TLS_ST_OK: + /* + * Its never ok to start processing handshake messages in the middle of + * early data (i.e. before we've received the end of early data alert) + */ + if (s->early_data_state == SSL_EARLY_DATA_READING) + break; + + if (mt == SSL3_MT_CERTIFICATE + && s->post_handshake_auth == SSL_PHA_REQUESTED) { + st->hand_state = TLS_ST_SR_CERT; + return 1; + } + + if (mt == SSL3_MT_KEY_UPDATE) { + st->hand_state = TLS_ST_SR_KEY_UPDATE; + return 1; + } + break; + } + + /* No valid transition found */ + return 0; +} /* - * server_read_transition() encapsulates the logic for the allowed handshake - * state transitions when the server is reading messages from the client. The - * message type that the client has sent is provided in |mt|. The current state - * is in |s->statem.hand_state|. + * ossl_statem_server_read_transition() encapsulates the logic for the allowed + * handshake state transitions when the server is reading messages from the + * client. The message type that the client has sent is provided in |mt|. The + * current state is in |s->statem.hand_state|. * - * Valid return values are: - * 1: Success (transition allowed) - * 0: Error (transition not allowed) + * Return values are 1 for success (transition allowed) and 0 on error + * (transition not allowed) */ int ossl_statem_server_read_transition(SSL *s, int mt) { OSSL_STATEM *st = &s->statem; + if (SSL_IS_TLS13(s)) { + if (!ossl_statem_server13_read_transition(s, mt)) + goto err; + return 1; + } + switch (st->hand_state) { + default: + break; + case TLS_ST_BEFORE: + case TLS_ST_OK: case DTLS_ST_SW_HELLO_VERIFY_REQUEST: if (mt == SSL3_MT_CLIENT_HELLO) { st->hand_state = TLS_ST_SR_CLNT_HELLO; @@ -111,10 +180,9 @@ int ossl_statem_server_read_transition(SSL *s, int mt) * not going to accept it because we require a client * cert. */ - ssl3_send_alert(s, SSL3_AL_FATAL, - SSL3_AD_HANDSHAKE_FAILURE); - SSLerr(SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION, - SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, + SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION, + SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); return 0; } st->hand_state = TLS_ST_SR_KEY_EXCH; @@ -176,7 +244,7 @@ int ossl_statem_server_read_transition(SSL *s, int mt) case TLS_ST_SR_CHANGE: #ifndef OPENSSL_NO_NEXTPROTONEG - if (s->s3->next_proto_neg_seen) { + if (s->s3->npn_seen) { if (mt == SSL3_MT_NEXT_PROTO) { st->hand_state = TLS_ST_SR_NEXT_PROTO; return 1; @@ -207,11 +275,9 @@ int ossl_statem_server_read_transition(SSL *s, int mt) return 1; } break; - - default: - break; } + err: /* No valid transition found */ if (SSL_IS_DTLS(s) && mt == SSL3_MT_CHANGE_CIPHER_SPEC) { BIO *rbio; @@ -227,9 +293,9 @@ int ossl_statem_server_read_transition(SSL *s, int mt) BIO_set_retry_read(rbio); return 0; } - ossl_statem_set_error(s); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL3_AD_UNEXPECTED_MESSAGE); - SSLerr(SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION, SSL_R_UNEXPECTED_MESSAGE); + SSLfatal(s, SSL3_AD_UNEXPECTED_MESSAGE, + SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION, + SSL_R_UNEXPECTED_MESSAGE); return 0; } @@ -282,16 +348,22 @@ static int send_server_key_exchange(SSL *s) * 1: Yes * 0: No */ -static int send_certificate_request(SSL *s) +int send_certificate_request(SSL *s) { if ( /* don't request cert unless asked for it: */ s->verify_mode & SSL_VERIFY_PEER + /* + * don't request if post-handshake-only unless doing + * post-handshake in TLSv1.3: + */ + && (!SSL_IS_TLS13(s) || !(s->verify_mode & SSL_VERIFY_POST_HANDSHAKE) + || s->post_handshake_auth == SSL_PHA_REQUEST_PENDING) /* * if SSL_VERIFY_CLIENT_ONCE is set, don't request cert - * during re-negotiation: + * a second time: */ - && (s->s3->tmp.finish_md_len == 0 || + && (s->certreqs_sent < 1 || !(s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) /* * never request cert in anonymous ciphersuites (see @@ -319,34 +391,197 @@ static int send_certificate_request(SSL *s) } /* - * server_write_transition() works out what handshake state to move to next - * when the server is writing messages to be sent to the client. + * ossl_statem_server13_write_transition() works out what handshake state to + * move to next when a TLSv1.3 server is writing messages to be sent to the + * client. + */ +static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s) +{ + OSSL_STATEM *st = &s->statem; + + /* + * No case for TLS_ST_BEFORE, because at that stage we have not negotiated + * TLSv1.3 yet, so that is handled by ossl_statem_server_write_transition() + */ + + switch (st->hand_state) { + default: + /* Shouldn't happen */ + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_OSSL_STATEM_SERVER13_WRITE_TRANSITION, + ERR_R_INTERNAL_ERROR); + return WRITE_TRAN_ERROR; + + case TLS_ST_OK: + if (s->key_update != SSL_KEY_UPDATE_NONE) { + st->hand_state = TLS_ST_SW_KEY_UPDATE; + return WRITE_TRAN_CONTINUE; + } + if (s->post_handshake_auth == SSL_PHA_REQUEST_PENDING) { + st->hand_state = TLS_ST_SW_CERT_REQ; + return WRITE_TRAN_CONTINUE; + } + /* Try to read from the client instead */ + return WRITE_TRAN_FINISHED; + + case TLS_ST_SR_CLNT_HELLO: + st->hand_state = TLS_ST_SW_SRVR_HELLO; + return WRITE_TRAN_CONTINUE; + + case TLS_ST_SW_SRVR_HELLO: + if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0 + && s->hello_retry_request != SSL_HRR_COMPLETE) + st->hand_state = TLS_ST_SW_CHANGE; + else if (s->hello_retry_request == SSL_HRR_PENDING) + st->hand_state = TLS_ST_EARLY_DATA; + else + st->hand_state = TLS_ST_SW_ENCRYPTED_EXTENSIONS; + return WRITE_TRAN_CONTINUE; + + case TLS_ST_SW_CHANGE: + if (s->hello_retry_request == SSL_HRR_PENDING) + st->hand_state = TLS_ST_EARLY_DATA; + else + st->hand_state = TLS_ST_SW_ENCRYPTED_EXTENSIONS; + return WRITE_TRAN_CONTINUE; + + case TLS_ST_SW_ENCRYPTED_EXTENSIONS: + if (s->hit) + st->hand_state = TLS_ST_SW_FINISHED; + else if (send_certificate_request(s)) + st->hand_state = TLS_ST_SW_CERT_REQ; + else + st->hand_state = TLS_ST_SW_CERT; + + return WRITE_TRAN_CONTINUE; + + case TLS_ST_SW_CERT_REQ: + if (s->post_handshake_auth == SSL_PHA_REQUEST_PENDING) { + s->post_handshake_auth = SSL_PHA_REQUESTED; + st->hand_state = TLS_ST_OK; + } else { + st->hand_state = TLS_ST_SW_CERT; + } + return WRITE_TRAN_CONTINUE; + + case TLS_ST_SW_CERT: + st->hand_state = TLS_ST_SW_CERT_VRFY; + return WRITE_TRAN_CONTINUE; + + case TLS_ST_SW_CERT_VRFY: + st->hand_state = TLS_ST_SW_FINISHED; + return WRITE_TRAN_CONTINUE; + + case TLS_ST_SW_FINISHED: + st->hand_state = TLS_ST_EARLY_DATA; + return WRITE_TRAN_CONTINUE; + + case TLS_ST_EARLY_DATA: + return WRITE_TRAN_FINISHED; + + case TLS_ST_SR_FINISHED: + /* + * Technically we have finished the handshake at this point, but we're + * going to remain "in_init" for now and write out any session tickets + * immediately. + */ + if (s->post_handshake_auth == SSL_PHA_REQUESTED) { + s->post_handshake_auth = SSL_PHA_EXT_RECEIVED; + } else if (!s->ext.ticket_expected) { + /* + * If we're not going to renew the ticket then we just finish the + * handshake at this point. + */ + st->hand_state = TLS_ST_OK; + return WRITE_TRAN_CONTINUE; + } + if (s->num_tickets > s->sent_tickets) + st->hand_state = TLS_ST_SW_SESSION_TICKET; + else + st->hand_state = TLS_ST_OK; + return WRITE_TRAN_CONTINUE; + + case TLS_ST_SR_KEY_UPDATE: + if (s->key_update != SSL_KEY_UPDATE_NONE) { + st->hand_state = TLS_ST_SW_KEY_UPDATE; + return WRITE_TRAN_CONTINUE; + } + /* Fall through */ + + case TLS_ST_SW_KEY_UPDATE: + st->hand_state = TLS_ST_OK; + return WRITE_TRAN_CONTINUE; + + case TLS_ST_SW_SESSION_TICKET: + /* In a resumption we only ever send a maximum of one new ticket. + * Following an initial handshake we send the number of tickets we have + * been configured for. + */ + if (s->hit || s->num_tickets <= s->sent_tickets) { + /* We've written enough tickets out. */ + st->hand_state = TLS_ST_OK; + } + return WRITE_TRAN_CONTINUE; + } +} + +/* + * ossl_statem_server_write_transition() works out what handshake state to move + * to next when the server is writing messages to be sent to the client. */ WRITE_TRAN ossl_statem_server_write_transition(SSL *s) { OSSL_STATEM *st = &s->statem; + /* + * Note that before the ClientHello we don't know what version we are going + * to negotiate yet, so we don't take this branch until later + */ + + if (SSL_IS_TLS13(s)) + return ossl_statem_server13_write_transition(s); + switch (st->hand_state) { + default: + /* Shouldn't happen */ + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION, + ERR_R_INTERNAL_ERROR); + return WRITE_TRAN_ERROR; + + case TLS_ST_OK: + if (st->request_state == TLS_ST_SW_HELLO_REQ) { + /* We must be trying to renegotiate */ + st->hand_state = TLS_ST_SW_HELLO_REQ; + st->request_state = TLS_ST_BEFORE; + return WRITE_TRAN_CONTINUE; + } + /* Must be an incoming ClientHello */ + if (!tls_setup_handshake(s)) { + /* SSLfatal() already called */ + return WRITE_TRAN_ERROR; + } + /* Fall through */ + case TLS_ST_BEFORE: /* Just go straight to trying to read from the client */ return WRITE_TRAN_FINISHED; - case TLS_ST_OK: - /* We must be trying to renegotiate */ - st->hand_state = TLS_ST_SW_HELLO_REQ; - return WRITE_TRAN_CONTINUE; - case TLS_ST_SW_HELLO_REQ: st->hand_state = TLS_ST_OK; - ossl_statem_set_in_init(s, 0); return WRITE_TRAN_CONTINUE; case TLS_ST_SR_CLNT_HELLO: if (SSL_IS_DTLS(s) && !s->d1->cookie_verified - && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE)) + && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE)) { st->hand_state = DTLS_ST_SW_HELLO_VERIFY_REQUEST; - else + } else if (s->renegotiate == 0 && !SSL_IS_FIRST_HANDSHAKE(s)) { + /* We must have rejected the renegotiation */ + st->hand_state = TLS_ST_OK; + return WRITE_TRAN_CONTINUE; + } else { st->hand_state = TLS_ST_SW_SRVR_HELLO; + } return WRITE_TRAN_CONTINUE; case DTLS_ST_SW_HELLO_VERIFY_REQUEST: @@ -354,7 +589,7 @@ WRITE_TRAN ossl_statem_server_write_transition(SSL *s) case TLS_ST_SW_SRVR_HELLO: if (s->hit) { - if (s->tlsext_ticket_expected) + if (s->ext.ticket_expected) st->hand_state = TLS_ST_SW_SESSION_TICKET; else st->hand_state = TLS_ST_SW_CHANGE; @@ -375,7 +610,7 @@ WRITE_TRAN ossl_statem_server_write_transition(SSL *s) return WRITE_TRAN_CONTINUE; case TLS_ST_SW_CERT: - if (s->tlsext_status_expected) { + if (s->ext.status_expected) { st->hand_state = TLS_ST_SW_CERT_STATUS; return WRITE_TRAN_CONTINUE; } @@ -405,9 +640,8 @@ WRITE_TRAN ossl_statem_server_write_transition(SSL *s) case TLS_ST_SR_FINISHED: if (s->hit) { st->hand_state = TLS_ST_OK; - ossl_statem_set_in_init(s, 0); return WRITE_TRAN_CONTINUE; - } else if (s->tlsext_ticket_expected) { + } else if (s->ext.ticket_expected) { st->hand_state = TLS_ST_SW_SESSION_TICKET; } else { st->hand_state = TLS_ST_SW_CHANGE; @@ -427,12 +661,7 @@ WRITE_TRAN ossl_statem_server_write_transition(SSL *s) return WRITE_TRAN_FINISHED; } st->hand_state = TLS_ST_OK; - ossl_statem_set_in_init(s, 0); return WRITE_TRAN_CONTINUE; - - default: - /* Shouldn't happen */ - return WRITE_TRAN_ERROR; } } @@ -445,6 +674,10 @@ WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst) OSSL_STATEM *st = &s->statem; switch (st->hand_state) { + default: + /* No pre work to be done */ + break; + case TLS_ST_SW_HELLO_REQ: s->shutdown = 0; if (SSL_IS_DTLS(s)) @@ -472,13 +705,24 @@ WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst) case TLS_ST_SW_SRVR_DONE: #ifndef OPENSSL_NO_SCTP - if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) + if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) { + /* Calls SSLfatal() as required */ return dtls_wait_for_dry(s); + } #endif return WORK_FINISHED_CONTINUE; case TLS_ST_SW_SESSION_TICKET: - if (SSL_IS_DTLS(s)) { + if (SSL_IS_TLS13(s) && s->sent_tickets == 0) { + /* + * Actually this is the end of the handshake, but we're going + * straight into writing the session ticket out. So we finish off + * the handshake, but keep the various buffers active. + * + * Calls SSLfatal as required. + */ + return tls_finish_handshake(s, wst, 0, 0); + } if (SSL_IS_DTLS(s)) { /* * We're into the last flight. We don't retransmit the last flight * unless we need to, so we don't use the timer @@ -488,9 +732,11 @@ WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst) break; case TLS_ST_SW_CHANGE: + if (SSL_IS_TLS13(s)) + break; s->session->cipher = s->s3->tmp.new_cipher; if (!s->method->ssl3_enc->setup_key_block(s)) { - ossl_statem_set_error(s); + /* SSLfatal() already called */ return WORK_ERROR; } if (SSL_IS_DTLS(s)) { @@ -504,17 +750,36 @@ WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst) } return WORK_FINISHED_CONTINUE; - case TLS_ST_OK: - return tls_finish_handshake(s, wst); + case TLS_ST_EARLY_DATA: + if (s->early_data_state != SSL_EARLY_DATA_ACCEPTING + && (s->s3->flags & TLS1_FLAGS_STATELESS) == 0) + return WORK_FINISHED_CONTINUE; + /* Fall through */ - default: - /* No pre work to be done */ - break; + case TLS_ST_OK: + /* Calls SSLfatal() as required */ + return tls_finish_handshake(s, wst, 1, 1); } return WORK_FINISHED_CONTINUE; } +static ossl_inline int conn_is_closed(void) +{ + switch (get_last_sys_error()) { +#if defined(EPIPE) + case EPIPE: + return 1; +#endif +#if defined(ECONNRESET) + case ECONNRESET: + return 1; +#endif + default: + return 0; + } +} + /* * Perform any work that needs to be done after sending a message from the * server to the client. @@ -526,11 +791,15 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst) s->init_num = 0; switch (st->hand_state) { + default: + /* No post work to be done */ + break; + case TLS_ST_SW_HELLO_REQ: if (statem_flush(s) != 1) return WORK_MORE_A; if (!ssl3_init_finished_mac(s)) { - ossl_statem_set_error(s); + /* SSLfatal() already called */ return WORK_ERROR; } break; @@ -540,7 +809,7 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst) return WORK_MORE_A; /* HelloVerifyRequest resets Finished MAC */ if (s->version != DTLS1_BAD_VER && !ssl3_init_finished_mac(s)) { - ossl_statem_set_error(s); + /* SSLfatal() already called */ return WORK_ERROR; } /* @@ -551,6 +820,12 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst) break; case TLS_ST_SW_SRVR_HELLO: + if (SSL_IS_TLS13(s) && s->hello_retry_request == SSL_HRR_PENDING) { + if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) == 0 + && statem_flush(s) != 1) + return WORK_MORE_A; + break; + } #ifndef OPENSSL_NO_SCTP if (SSL_IS_DTLS(s) && s->hit) { unsigned char sctpauthkey[64]; @@ -567,7 +842,9 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst) sizeof(sctpauthkey), labelbuffer, sizeof(labelbuffer), NULL, 0, 0) <= 0) { - ossl_statem_set_error(s); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_OSSL_STATEM_SERVER_POST_WORK, + ERR_R_INTERNAL_ERROR); return WORK_ERROR; } @@ -575,9 +852,42 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst) sizeof(sctpauthkey), sctpauthkey); } #endif - break; + if (!SSL_IS_TLS13(s) + || ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0 + && s->hello_retry_request != SSL_HRR_COMPLETE)) + break; + /* Fall through */ case TLS_ST_SW_CHANGE: + if (s->hello_retry_request == SSL_HRR_PENDING) { + if (!statem_flush(s)) + return WORK_MORE_A; + break; + } + + if (SSL_IS_TLS13(s)) { + if (!s->method->ssl3_enc->setup_key_block(s) + || !s->method->ssl3_enc->change_cipher_state(s, + SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_SERVER_WRITE)) { + /* SSLfatal() already called */ + return WORK_ERROR; + } + + if (s->ext.early_data != SSL_EARLY_DATA_ACCEPTED + && !s->method->ssl3_enc->change_cipher_state(s, + SSL3_CC_HANDSHAKE |SSL3_CHANGE_CIPHER_SERVER_READ)) { + /* SSLfatal() already called */ + return WORK_ERROR; + } + /* + * We don't yet know whether the next record we are going to receive + * is an unencrypted alert, an encrypted alert, or an encrypted + * handshake message. We temporarily tolerate unencrypted alerts. + */ + s->statem.enc_read_state = ENC_READ_STATE_ALLOW_PLAIN_ALERTS; + break; + } + #ifndef OPENSSL_NO_SCTP if (SSL_IS_DTLS(s) && !s->hit) { /* @@ -591,7 +901,7 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst) if (!s->method->ssl3_enc->change_cipher_state(s, SSL3_CHANGE_CIPHER_SERVER_WRITE)) { - ossl_statem_set_error(s); + /* SSLfatal() already called */ return WORK_ERROR; } @@ -617,10 +927,51 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst) 0, NULL); } #endif + if (SSL_IS_TLS13(s)) { + if (!s->method->ssl3_enc->generate_master_secret(s, + s->master_secret, s->handshake_secret, 0, + &s->session->master_key_length) + || !s->method->ssl3_enc->change_cipher_state(s, + SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_WRITE)) + /* SSLfatal() already called */ + return WORK_ERROR; + } break; - default: - /* No post work to be done */ + case TLS_ST_SW_CERT_REQ: + if (s->post_handshake_auth == SSL_PHA_REQUEST_PENDING) { + if (statem_flush(s) != 1) + return WORK_MORE_A; + } + break; + + case TLS_ST_SW_KEY_UPDATE: + if (statem_flush(s) != 1) + return WORK_MORE_A; + if (!tls13_update_key(s, 1)) { + /* SSLfatal() already called */ + return WORK_ERROR; + } + break; + + case TLS_ST_SW_SESSION_TICKET: + clear_sys_error(); + if (SSL_IS_TLS13(s) && statem_flush(s) != 1) { + if (SSL_get_error(s, 0) == SSL_ERROR_SYSCALL + && conn_is_closed()) { + /* + * We ignore connection closed errors in TLSv1.3 when sending a + * NewSessionTicket and behave as if we were successful. This is + * so that we are still able to read data sent to us by a client + * that closes soon after the end of the handshake without + * waiting to read our post-handshake NewSessionTickets. + */ + s->rwstate = SSL_NOTHING; + break; + } + + return WORK_MORE_A; + } break; } @@ -628,63 +979,108 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst) } /* - * Construct a message to be sent from the server to the client. + * Get the message construction function and message type for sending from the + * server * * Valid return values are: * 1: Success * 0: Error */ -int ossl_statem_server_construct_message(SSL *s) +int ossl_statem_server_construct_message(SSL *s, WPACKET *pkt, + confunc_f *confunc, int *mt) { OSSL_STATEM *st = &s->statem; switch (st->hand_state) { + default: + /* Shouldn't happen */ + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE, + SSL_R_BAD_HANDSHAKE_STATE); + return 0; + + case TLS_ST_SW_CHANGE: + if (SSL_IS_DTLS(s)) + *confunc = dtls_construct_change_cipher_spec; + else + *confunc = tls_construct_change_cipher_spec; + *mt = SSL3_MT_CHANGE_CIPHER_SPEC; + break; + case DTLS_ST_SW_HELLO_VERIFY_REQUEST: - return dtls_construct_hello_verify_request(s); + *confunc = dtls_construct_hello_verify_request; + *mt = DTLS1_MT_HELLO_VERIFY_REQUEST; + break; case TLS_ST_SW_HELLO_REQ: - return tls_construct_hello_request(s); + /* No construction function needed */ + *confunc = NULL; + *mt = SSL3_MT_HELLO_REQUEST; + break; case TLS_ST_SW_SRVR_HELLO: - return tls_construct_server_hello(s); + *confunc = tls_construct_server_hello; + *mt = SSL3_MT_SERVER_HELLO; + break; case TLS_ST_SW_CERT: - return tls_construct_server_certificate(s); + *confunc = tls_construct_server_certificate; + *mt = SSL3_MT_CERTIFICATE; + break; + + case TLS_ST_SW_CERT_VRFY: + *confunc = tls_construct_cert_verify; + *mt = SSL3_MT_CERTIFICATE_VERIFY; + break; + case TLS_ST_SW_KEY_EXCH: - return tls_construct_server_key_exchange(s); + *confunc = tls_construct_server_key_exchange; + *mt = SSL3_MT_SERVER_KEY_EXCHANGE; + break; case TLS_ST_SW_CERT_REQ: - return tls_construct_certificate_request(s); + *confunc = tls_construct_certificate_request; + *mt = SSL3_MT_CERTIFICATE_REQUEST; + break; case TLS_ST_SW_SRVR_DONE: - return tls_construct_server_done(s); + *confunc = tls_construct_server_done; + *mt = SSL3_MT_SERVER_DONE; + break; case TLS_ST_SW_SESSION_TICKET: - return tls_construct_new_session_ticket(s); + *confunc = tls_construct_new_session_ticket; + *mt = SSL3_MT_NEWSESSION_TICKET; + break; case TLS_ST_SW_CERT_STATUS: - return tls_construct_cert_status(s); - - case TLS_ST_SW_CHANGE: - if (SSL_IS_DTLS(s)) - return dtls_construct_change_cipher_spec(s); - else - return tls_construct_change_cipher_spec(s); + *confunc = tls_construct_cert_status; + *mt = SSL3_MT_CERTIFICATE_STATUS; + break; case TLS_ST_SW_FINISHED: - return tls_construct_finished(s, - s->method-> - ssl3_enc->server_finished_label, - s->method-> - ssl3_enc->server_finished_label_len); + *confunc = tls_construct_finished; + *mt = SSL3_MT_FINISHED; + break; - default: - /* Shouldn't happen */ + case TLS_ST_EARLY_DATA: + *confunc = NULL; + *mt = SSL3_MT_DUMMY; + break; + + case TLS_ST_SW_ENCRYPTED_EXTENSIONS: + *confunc = tls_construct_encrypted_extensions; + *mt = SSL3_MT_ENCRYPTED_EXTENSIONS; + break; + + case TLS_ST_SW_KEY_UPDATE: + *confunc = tls_construct_key_update; + *mt = SSL3_MT_KEY_UPDATE; break; } - return 0; + return 1; } /* @@ -711,14 +1107,21 @@ int ossl_statem_server_construct_message(SSL *s) * Returns the maximum allowed length for the current message that we are * reading. Excludes the message header. */ -unsigned long ossl_statem_server_max_message_size(SSL *s) +size_t ossl_statem_server_max_message_size(SSL *s) { OSSL_STATEM *st = &s->statem; switch (st->hand_state) { + default: + /* Shouldn't happen */ + return 0; + case TLS_ST_SR_CLNT_HELLO: return CLIENT_HELLO_MAX_LENGTH; + case TLS_ST_SR_END_OF_EARLY_DATA: + return END_OF_EARLY_DATA_MAX_LENGTH; + case TLS_ST_SR_CERT: return s->max_cert_list; @@ -739,12 +1142,9 @@ unsigned long ossl_statem_server_max_message_size(SSL *s) case TLS_ST_SR_FINISHED: return FINISHED_MAX_LENGTH; - default: - /* Shouldn't happen */ - break; + case TLS_ST_SR_KEY_UPDATE: + return KEY_UPDATE_MAX_LENGTH; } - - return 0; } /* @@ -755,9 +1155,19 @@ MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL *s, PACKET *pkt) OSSL_STATEM *st = &s->statem; switch (st->hand_state) { + default: + /* Shouldn't happen */ + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE, + ERR_R_INTERNAL_ERROR); + return MSG_PROCESS_ERROR; + case TLS_ST_SR_CLNT_HELLO: return tls_process_client_hello(s, pkt); + case TLS_ST_SR_END_OF_EARLY_DATA: + return tls_process_end_of_early_data(s, pkt); + case TLS_ST_SR_CERT: return tls_process_client_certificate(s, pkt); @@ -778,12 +1188,10 @@ MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL *s, PACKET *pkt) case TLS_ST_SR_FINISHED: return tls_process_finished(s, pkt); - default: - /* Shouldn't happen */ - break; - } + case TLS_ST_SR_KEY_UPDATE: + return tls_process_key_update(s, pkt); - return MSG_PROCESS_ERROR; + } } /* @@ -795,26 +1203,27 @@ WORK_STATE ossl_statem_server_post_process_message(SSL *s, WORK_STATE wst) OSSL_STATEM *st = &s->statem; switch (st->hand_state) { + default: + /* Shouldn't happen */ + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_OSSL_STATEM_SERVER_POST_PROCESS_MESSAGE, + ERR_R_INTERNAL_ERROR); + return WORK_ERROR; + case TLS_ST_SR_CLNT_HELLO: return tls_post_process_client_hello(s, wst); case TLS_ST_SR_KEY_EXCH: return tls_post_process_client_key_exchange(s, wst); - - default: - break; } - - /* Shouldn't happen */ - return WORK_ERROR; } #ifndef OPENSSL_NO_SRP -static int ssl_check_srp_ext_ClientHello(SSL *s, int *al) +/* Returns 1 on success, 0 for retryable error, -1 for fatal error */ +static int ssl_check_srp_ext_ClientHello(SSL *s) { - int ret = SSL_ERROR_NONE; - - *al = SSL_AD_UNRECOGNIZED_NAME; + int ret; + int al = SSL_AD_UNRECOGNIZED_NAME; if ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) && (s->srp_ctx.TLS_ext_srp_username_callback != NULL)) { @@ -823,100 +1232,173 @@ static int ssl_check_srp_ext_ClientHello(SSL *s, int *al) * RFC 5054 says SHOULD reject, we do so if There is no srp * login name */ - ret = SSL3_AL_FATAL; - *al = SSL_AD_UNKNOWN_PSK_IDENTITY; + SSLfatal(s, SSL_AD_UNKNOWN_PSK_IDENTITY, + SSL_F_SSL_CHECK_SRP_EXT_CLIENTHELLO, + SSL_R_PSK_IDENTITY_NOT_FOUND); + return -1; } else { - ret = SSL_srp_server_param_with_username(s, al); + ret = SSL_srp_server_param_with_username(s, &al); + if (ret < 0) + return 0; + if (ret == SSL3_AL_FATAL) { + SSLfatal(s, al, SSL_F_SSL_CHECK_SRP_EXT_CLIENTHELLO, + al == SSL_AD_UNKNOWN_PSK_IDENTITY + ? SSL_R_PSK_IDENTITY_NOT_FOUND + : SSL_R_CLIENTHELLO_TLSEXT); + return -1; + } } } - return ret; + return 1; } #endif -int tls_construct_hello_request(SSL *s) +int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie, + size_t cookie_len) { - if (!ssl_set_handshake_header(s, SSL3_MT_HELLO_REQUEST, 0)) { - SSLerr(SSL_F_TLS_CONSTRUCT_HELLO_REQUEST, ERR_R_INTERNAL_ERROR); - ossl_statem_set_error(s); + /* Always use DTLS 1.0 version: see RFC 6347 */ + if (!WPACKET_put_bytes_u16(pkt, DTLS1_VERSION) + || !WPACKET_sub_memcpy_u8(pkt, cookie, cookie_len)) return 0; - } return 1; } -unsigned int dtls_raw_hello_verify_request(unsigned char *buf, - unsigned char *cookie, - unsigned char cookie_len) +int dtls_construct_hello_verify_request(SSL *s, WPACKET *pkt) { - unsigned int msg_len; - unsigned char *p; - - p = buf; - /* Always use DTLS 1.0 version: see RFC 6347 */ - *(p++) = DTLS1_VERSION >> 8; - *(p++) = DTLS1_VERSION & 0xFF; + unsigned int cookie_leni; + if (s->ctx->app_gen_cookie_cb == NULL || + s->ctx->app_gen_cookie_cb(s, s->d1->cookie, + &cookie_leni) == 0 || + cookie_leni > 255) { + SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST, + SSL_R_COOKIE_GEN_CALLBACK_FAILURE); + return 0; + } + s->d1->cookie_len = cookie_leni; - *(p++) = (unsigned char)cookie_len; - memcpy(p, cookie, cookie_len); - p += cookie_len; - msg_len = p - buf; + if (!dtls_raw_hello_verify_request(pkt, s->d1->cookie, + s->d1->cookie_len)) { + SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST, + ERR_R_INTERNAL_ERROR); + return 0; + } - return msg_len; + return 1; } -int dtls_construct_hello_verify_request(SSL *s) +#ifndef OPENSSL_NO_EC +/*- + * ssl_check_for_safari attempts to fingerprint Safari using OS X + * SecureTransport using the TLS extension block in |hello|. + * Safari, since 10.6, sends exactly these extensions, in this order: + * SNI, + * elliptic_curves + * ec_point_formats + * signature_algorithms (for TLSv1.2 only) + * + * We wish to fingerprint Safari because they broke ECDHE-ECDSA support in 10.8, + * but they advertise support. So enabling ECDHE-ECDSA ciphers breaks them. + * Sadly we cannot differentiate 10.6, 10.7 and 10.8.4 (which work), from + * 10.8..10.8.3 (which don't work). + */ +static void ssl_check_for_safari(SSL *s, const CLIENTHELLO_MSG *hello) { - unsigned int len; - unsigned char *buf; - - buf = (unsigned char *)s->init_buf->data; - - if (s->ctx->app_gen_cookie_cb == NULL || - s->ctx->app_gen_cookie_cb(s, s->d1->cookie, - &(s->d1->cookie_len)) == 0 || - s->d1->cookie_len > 255) { - SSLerr(SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST, - SSL_R_COOKIE_GEN_CALLBACK_FAILURE); - ossl_statem_set_error(s); - return 0; + static const unsigned char kSafariExtensionsBlock[] = { + 0x00, 0x0a, /* elliptic_curves extension */ + 0x00, 0x08, /* 8 bytes */ + 0x00, 0x06, /* 6 bytes of curve ids */ + 0x00, 0x17, /* P-256 */ + 0x00, 0x18, /* P-384 */ + 0x00, 0x19, /* P-521 */ + + 0x00, 0x0b, /* ec_point_formats */ + 0x00, 0x02, /* 2 bytes */ + 0x01, /* 1 point format */ + 0x00, /* uncompressed */ + /* The following is only present in TLS 1.2 */ + 0x00, 0x0d, /* signature_algorithms */ + 0x00, 0x0c, /* 12 bytes */ + 0x00, 0x0a, /* 10 bytes */ + 0x05, 0x01, /* SHA-384/RSA */ + 0x04, 0x01, /* SHA-256/RSA */ + 0x02, 0x01, /* SHA-1/RSA */ + 0x04, 0x03, /* SHA-256/ECDSA */ + 0x02, 0x03, /* SHA-1/ECDSA */ + }; + /* Length of the common prefix (first two extensions). */ + static const size_t kSafariCommonExtensionsLength = 18; + unsigned int type; + PACKET sni, tmppkt; + size_t ext_len; + + tmppkt = hello->extensions; + + if (!PACKET_forward(&tmppkt, 2) + || !PACKET_get_net_2(&tmppkt, &type) + || !PACKET_get_length_prefixed_2(&tmppkt, &sni)) { + return; } - len = dtls_raw_hello_verify_request(&buf[DTLS1_HM_HEADER_LENGTH], - s->d1->cookie, s->d1->cookie_len); + if (type != TLSEXT_TYPE_server_name) + return; - dtls1_set_message_header(s, DTLS1_MT_HELLO_VERIFY_REQUEST, len, 0, len); - len += DTLS1_HM_HEADER_LENGTH; + ext_len = TLS1_get_client_version(s) >= TLS1_2_VERSION ? + sizeof(kSafariExtensionsBlock) : kSafariCommonExtensionsLength; - /* number of bytes to write */ - s->init_num = len; - s->init_off = 0; - - return 1; + s->s3->is_probably_safari = PACKET_equal(&tmppkt, kSafariExtensionsBlock, + ext_len); } +#endif /* !OPENSSL_NO_EC */ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) { - int i, al = SSL_AD_INTERNAL_ERROR; - unsigned int j, complen = 0; - unsigned long id; - const SSL_CIPHER *c; -#ifndef OPENSSL_NO_COMP - SSL_COMP *comp = NULL; -#endif - STACK_OF(SSL_CIPHER) *ciphers = NULL; - int protverr; /* |cookie| will only be initialized for DTLS. */ - PACKET session_id, cipher_suites, compression, extensions, cookie; - int is_v2_record; + PACKET session_id, compression, extensions, cookie; static const unsigned char null_compression = 0; + CLIENTHELLO_MSG *clienthello = NULL; + + /* Check if this is actually an unexpected renegotiation ClientHello */ + if (s->renegotiate == 0 && !SSL_IS_FIRST_HANDSHAKE(s)) { + if (!ossl_assert(!SSL_IS_TLS13(s))) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO, + ERR_R_INTERNAL_ERROR); + goto err; + } + if ((s->options & SSL_OP_NO_RENEGOTIATION) != 0 + || (!s->s3->send_connection_binding + && (s->options + & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) == 0)) { + ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); + return MSG_PROCESS_FINISHED_READING; + } + s->renegotiate = 1; + s->new_session = 1; + } - is_v2_record = RECORD_LAYER_is_sslv2_record(&s->rlayer); + clienthello = OPENSSL_zalloc(sizeof(*clienthello)); + if (clienthello == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO, + ERR_R_INTERNAL_ERROR); + goto err; + } + /* + * First, parse the raw ClientHello data into the CLIENTHELLO_MSG structure. + */ + clienthello->isv2 = RECORD_LAYER_is_sslv2_record(&s->rlayer); PACKET_null_init(&cookie); - /* First lets get s->client_version set correctly */ - if (is_v2_record) { - unsigned int version; + + if (clienthello->isv2) { unsigned int mt; + + if (!SSL_IS_FIRST_HANDSHAKE(s) + || s->hello_retry_request != SSL_HRR_NONE) { + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, + SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_UNEXPECTED_MESSAGE); + goto err; + } + /*- * An SSLv3/TLSv1 backwards-compatible CLIENT-HELLO in an SSLv2 * header is sent directly on the wire, not wrapped as a TLS @@ -939,136 +1421,97 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) * layer in order to have determined that this is a SSLv2 record * in the first place */ - SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); - goto err; - } - - if (!PACKET_get_net_2(pkt, &version)) { - /* No protocol version supplied! */ - SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_UNKNOWN_PROTOCOL); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO, + ERR_R_INTERNAL_ERROR); goto err; } - if (version == 0x0002) { - /* This is real SSLv2. We don't support it. */ - SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_UNKNOWN_PROTOCOL); - goto err; - } else if ((version & 0xff00) == (SSL3_VERSION_MAJOR << 8)) { - /* SSLv3/TLS */ - s->client_version = version; - } else { - /* No idea what protocol this is */ - SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_UNKNOWN_PROTOCOL); - goto err; - } - } else { - /* - * use version from inside client hello, not from record header (may - * differ: see RFC 2246, Appendix E, second paragraph) - */ - if (!PACKET_get_net_2(pkt, (unsigned int *)&s->client_version)) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); - goto f_err; - } } - /* - * Do SSL/TLS version negotiation if applicable. For DTLS we just check - * versions are potentially compatible. Version negotiation comes later. - */ - if (!SSL_IS_DTLS(s)) { - protverr = ssl_choose_server_version(s); - } else if (s->method->version != DTLS_ANY_VERSION && - DTLS_VERSION_LT(s->client_version, s->version)) { - protverr = SSL_R_VERSION_TOO_LOW; - } else { - protverr = 0; - } - - if (protverr) { - SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, protverr); - if ((!s->enc_write_ctx && !s->write_hash)) { - /* - * similar to ssl3_get_record, send alert using remote version - * number - */ - s->version = s->client_version; - } - al = SSL_AD_PROTOCOL_VERSION; - goto f_err; + if (!PACKET_get_net_2(pkt, &clienthello->legacy_version)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO, + SSL_R_LENGTH_TOO_SHORT); + goto err; } /* Parse the message and load client random. */ - if (is_v2_record) { + if (clienthello->isv2) { /* * Handle an SSLv2 backwards compatible ClientHello * Note, this is only for SSLv3+ using the backward compatible format. - * Real SSLv2 is not supported, and is rejected above. + * Real SSLv2 is not supported, and is rejected below. */ - unsigned int cipher_len, session_id_len, challenge_len; + unsigned int ciphersuite_len, session_id_len, challenge_len; PACKET challenge; - if (!PACKET_get_net_2(pkt, &cipher_len) + if (!PACKET_get_net_2(pkt, &ciphersuite_len) || !PACKET_get_net_2(pkt, &session_id_len) || !PACKET_get_net_2(pkt, &challenge_len)) { - SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, - SSL_R_RECORD_LENGTH_MISMATCH); - al = SSL_AD_DECODE_ERROR; - goto f_err; + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO, + SSL_R_RECORD_LENGTH_MISMATCH); + goto err; } if (session_id_len > SSL_MAX_SSL_SESSION_ID_LENGTH) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); - goto f_err; + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, + SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); + goto err; } - if (!PACKET_get_sub_packet(pkt, &cipher_suites, cipher_len) - || !PACKET_get_sub_packet(pkt, &session_id, session_id_len) + if (!PACKET_get_sub_packet(pkt, &clienthello->ciphersuites, + ciphersuite_len) + || !PACKET_copy_bytes(pkt, clienthello->session_id, session_id_len) || !PACKET_get_sub_packet(pkt, &challenge, challenge_len) /* No extensions. */ || PACKET_remaining(pkt) != 0) { - SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, - SSL_R_RECORD_LENGTH_MISMATCH); - al = SSL_AD_DECODE_ERROR; - goto f_err; + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO, + SSL_R_RECORD_LENGTH_MISMATCH); + goto err; } + clienthello->session_id_len = session_id_len; - /* Load the client random and compression list. */ - challenge_len = challenge_len > SSL3_RANDOM_SIZE ? SSL3_RANDOM_SIZE : - challenge_len; - memset(s->s3->client_random, 0, SSL3_RANDOM_SIZE); + /* Load the client random and compression list. We use SSL3_RANDOM_SIZE + * here rather than sizeof(clienthello->random) because that is the limit + * for SSLv3 and it is fixed. It won't change even if + * sizeof(clienthello->random) does. + */ + challenge_len = challenge_len > SSL3_RANDOM_SIZE + ? SSL3_RANDOM_SIZE : challenge_len; + memset(clienthello->random, 0, SSL3_RANDOM_SIZE); if (!PACKET_copy_bytes(&challenge, - s->s3->client_random + SSL3_RANDOM_SIZE - + clienthello->random + SSL3_RANDOM_SIZE - challenge_len, challenge_len) /* Advertise only null compression. */ || !PACKET_buf_init(&compression, &null_compression, 1)) { - SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); - al = SSL_AD_INTERNAL_ERROR; - goto f_err; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO, + ERR_R_INTERNAL_ERROR); + goto err; } - PACKET_null_init(&extensions); + PACKET_null_init(&clienthello->extensions); } else { /* Regular ClientHello. */ - if (!PACKET_copy_bytes(pkt, s->s3->client_random, SSL3_RANDOM_SIZE) - || !PACKET_get_length_prefixed_1(pkt, &session_id)) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); - goto f_err; - } - - if (PACKET_remaining(&session_id) > SSL_MAX_SSL_SESSION_ID_LENGTH) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); - goto f_err; + if (!PACKET_copy_bytes(pkt, clienthello->random, SSL3_RANDOM_SIZE) + || !PACKET_get_length_prefixed_1(pkt, &session_id) + || !PACKET_copy_all(&session_id, clienthello->session_id, + SSL_MAX_SSL_SESSION_ID_LENGTH, + &clienthello->session_id_len)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO, + SSL_R_LENGTH_MISMATCH); + goto err; } if (SSL_IS_DTLS(s)) { if (!PACKET_get_length_prefixed_1(pkt, &cookie)) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); - goto f_err; + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO, + SSL_R_LENGTH_MISMATCH); + goto err; + } + if (!PACKET_copy_all(&cookie, clienthello->dtls_cookie, + DTLS1_COOKIE_LENGTH, + &clienthello->dtls_cookie_len)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_PROCESS_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); + goto err; } /* * If we require cookies and this ClientHello doesn't contain one, @@ -1076,106 +1519,313 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) * So check cookie length... */ if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) { - if (PACKET_remaining(&cookie) == 0) - return 1; + if (clienthello->dtls_cookie_len == 0) { + OPENSSL_free(clienthello); + return MSG_PROCESS_FINISHED_READING; + } } } - if (!PACKET_get_length_prefixed_2(pkt, &cipher_suites) - || !PACKET_get_length_prefixed_1(pkt, &compression)) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); - goto f_err; + if (!PACKET_get_length_prefixed_2(pkt, &clienthello->ciphersuites)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO, + SSL_R_LENGTH_MISMATCH); + goto err; + } + + if (!PACKET_get_length_prefixed_1(pkt, &compression)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO, + SSL_R_LENGTH_MISMATCH); + goto err; } + /* Could be empty. */ - extensions = *pkt; + if (PACKET_remaining(pkt) == 0) { + PACKET_null_init(&clienthello->extensions); + } else { + if (!PACKET_get_length_prefixed_2(pkt, &clienthello->extensions) + || PACKET_remaining(pkt) != 0) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO, + SSL_R_LENGTH_MISMATCH); + goto err; + } + } + } + + if (!PACKET_copy_all(&compression, clienthello->compressions, + MAX_COMPRESSIONS_SIZE, + &clienthello->compressions_len)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO, + ERR_R_INTERNAL_ERROR); + goto err; + } + + /* Preserve the raw extensions PACKET for later use */ + extensions = clienthello->extensions; + if (!tls_collect_extensions(s, &extensions, SSL_EXT_CLIENT_HELLO, + &clienthello->pre_proc_exts, + &clienthello->pre_proc_exts_len, 1)) { + /* SSLfatal already been called */ + goto err; + } + s->clienthello = clienthello; + + return MSG_PROCESS_CONTINUE_PROCESSING; + + err: + if (clienthello != NULL) + OPENSSL_free(clienthello->pre_proc_exts); + OPENSSL_free(clienthello); + + return MSG_PROCESS_ERROR; +} + +static int tls_early_post_process_client_hello(SSL *s) +{ + unsigned int j; + int i, al = SSL_AD_INTERNAL_ERROR; + int protverr; + size_t loop; + unsigned long id; +#ifndef OPENSSL_NO_COMP + SSL_COMP *comp = NULL; +#endif + const SSL_CIPHER *c; + STACK_OF(SSL_CIPHER) *ciphers = NULL; + STACK_OF(SSL_CIPHER) *scsvs = NULL; + CLIENTHELLO_MSG *clienthello = s->clienthello; + DOWNGRADE dgrd = DOWNGRADE_NONE; + + /* Finished parsing the ClientHello, now we can start processing it */ + /* Give the ClientHello callback a crack at things */ + if (s->ctx->client_hello_cb != NULL) { + /* A failure in the ClientHello callback terminates the connection. */ + switch (s->ctx->client_hello_cb(s, &al, s->ctx->client_hello_cb_arg)) { + case SSL_CLIENT_HELLO_SUCCESS: + break; + case SSL_CLIENT_HELLO_RETRY: + s->rwstate = SSL_CLIENT_HELLO_CB; + return -1; + case SSL_CLIENT_HELLO_ERROR: + default: + SSLfatal(s, al, + SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, + SSL_R_CALLBACK_FAILED); + goto err; + } + } + + /* Set up the client_random */ + memcpy(s->s3->client_random, clienthello->random, SSL3_RANDOM_SIZE); + + /* Choose the version */ + + if (clienthello->isv2) { + if (clienthello->legacy_version == SSL2_VERSION + || (clienthello->legacy_version & 0xff00) + != (SSL3_VERSION_MAJOR << 8)) { + /* + * This is real SSLv2 or something completely unknown. We don't + * support it. + */ + SSLfatal(s, SSL_AD_PROTOCOL_VERSION, + SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, + SSL_R_UNKNOWN_PROTOCOL); + goto err; + } + /* SSLv3/TLS */ + s->client_version = clienthello->legacy_version; + } + /* + * Do SSL/TLS version negotiation if applicable. For DTLS we just check + * versions are potentially compatible. Version negotiation comes later. + */ + if (!SSL_IS_DTLS(s)) { + protverr = ssl_choose_server_version(s, clienthello, &dgrd); + } else if (s->method->version != DTLS_ANY_VERSION && + DTLS_VERSION_LT((int)clienthello->legacy_version, s->version)) { + protverr = SSL_R_VERSION_TOO_LOW; + } else { + protverr = 0; + } + + if (protverr) { + if (SSL_IS_FIRST_HANDSHAKE(s)) { + /* like ssl3_get_record, send alert using remote version number */ + s->version = s->client_version = clienthello->legacy_version; + } + SSLfatal(s, SSL_AD_PROTOCOL_VERSION, + SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, protverr); + goto err; + } + + /* TLSv1.3 specifies that a ClientHello must end on a record boundary */ + if (SSL_IS_TLS13(s) && RECORD_LAYER_processed_read_pending(&s->rlayer)) { + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, + SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, + SSL_R_NOT_ON_RECORD_BOUNDARY); + goto err; } if (SSL_IS_DTLS(s)) { /* Empty cookie was already handled above by returning early. */ if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) { if (s->ctx->app_verify_cookie_cb != NULL) { - if (s->ctx->app_verify_cookie_cb(s, PACKET_data(&cookie), - PACKET_remaining(&cookie)) == - 0) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, - SSL_R_COOKIE_MISMATCH); - goto f_err; + if (s->ctx->app_verify_cookie_cb(s, clienthello->dtls_cookie, + clienthello->dtls_cookie_len) == 0) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, + SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, + SSL_R_COOKIE_MISMATCH); + goto err; /* else cookie verification succeeded */ } /* default verification */ - } else if (!PACKET_equal(&cookie, s->d1->cookie, s->d1->cookie_len)) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH); - goto f_err; + } else if (s->d1->cookie_len != clienthello->dtls_cookie_len + || memcmp(clienthello->dtls_cookie, s->d1->cookie, + s->d1->cookie_len) != 0) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, + SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, + SSL_R_COOKIE_MISMATCH); + goto err; } s->d1->cookie_verified = 1; } if (s->method->version == DTLS_ANY_VERSION) { - protverr = ssl_choose_server_version(s); + protverr = ssl_choose_server_version(s, clienthello, &dgrd); if (protverr != 0) { - SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, protverr); s->version = s->client_version; - al = SSL_AD_PROTOCOL_VERSION; - goto f_err; + SSLfatal(s, SSL_AD_PROTOCOL_VERSION, + SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, protverr); + goto err; } } } s->hit = 0; - /* - * We don't allow resumption in a backwards compatible ClientHello. - * TODO(openssl-team): in TLS1.1+, session_id MUST be empty. - * - * Versions before 0.9.7 always allow clients to resume sessions in - * renegotiation. 0.9.7 and later allow this by default, but optionally - * ignore resumption requests with flag - * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION (it's a new flag rather - * than a change to default behavior so that applications relying on - * this for security won't even compile against older library versions). - * 1.0.1 and later also have a function SSL_renegotiate_abbreviated() to - * request renegotiation but not a new session (s->new_session remains - * unset): for servers, this essentially just means that the - * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION setting will be - * ignored. - */ - if (is_v2_record || - (s->new_session && - (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) { - if (!ssl_get_new_session(s, 1)) - goto err; + if (!ssl_cache_cipherlist(s, &clienthello->ciphersuites, + clienthello->isv2) || + !bytes_to_cipher_list(s, &clienthello->ciphersuites, &ciphers, &scsvs, + clienthello->isv2, 1)) { + /* SSLfatal() already called */ + goto err; + } + + s->s3->send_connection_binding = 0; + /* Check what signalling cipher-suite values were received. */ + if (scsvs != NULL) { + for(i = 0; i < sk_SSL_CIPHER_num(scsvs); i++) { + c = sk_SSL_CIPHER_value(scsvs, i); + if (SSL_CIPHER_get_id(c) == SSL3_CK_SCSV) { + if (s->renegotiate) { + /* SCSV is fatal if renegotiating */ + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, + SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, + SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); + goto err; + } + s->s3->send_connection_binding = 1; + } else if (SSL_CIPHER_get_id(c) == SSL3_CK_FALLBACK_SCSV && + !ssl_check_version_downgrade(s)) { + /* + * This SCSV indicates that the client previously tried + * a higher version. We should fail if the current version + * is an unexpected downgrade, as that indicates that the first + * connection may have been tampered with in order to trigger + * an insecure downgrade. + */ + SSLfatal(s, SSL_AD_INAPPROPRIATE_FALLBACK, + SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, + SSL_R_INAPPROPRIATE_FALLBACK); + goto err; + } + } + } + + /* For TLSv1.3 we must select the ciphersuite *before* session resumption */ + if (SSL_IS_TLS13(s)) { + const SSL_CIPHER *cipher = + ssl3_choose_cipher(s, ciphers, SSL_get_ciphers(s)); + + if (cipher == NULL) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, + SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, + SSL_R_NO_SHARED_CIPHER); + goto err; + } + if (s->hello_retry_request == SSL_HRR_PENDING + && (s->s3->tmp.new_cipher == NULL + || s->s3->tmp.new_cipher->id != cipher->id)) { + /* + * A previous HRR picked a different ciphersuite to the one we + * just selected. Something must have changed. + */ + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, + SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, + SSL_R_BAD_CIPHER); + goto err; + } + s->s3->tmp.new_cipher = cipher; + } + + /* We need to do this before getting the session */ + if (!tls_parse_extension(s, TLSEXT_IDX_extended_master_secret, + SSL_EXT_CLIENT_HELLO, + clienthello->pre_proc_exts, NULL, 0)) { + /* SSLfatal() already called */ + goto err; + } + + /* + * We don't allow resumption in a backwards compatible ClientHello. + * TODO(openssl-team): in TLS1.1+, session_id MUST be empty. + * + * Versions before 0.9.7 always allow clients to resume sessions in + * renegotiation. 0.9.7 and later allow this by default, but optionally + * ignore resumption requests with flag + * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION (it's a new flag rather + * than a change to default behavior so that applications relying on + * this for security won't even compile against older library versions). + * 1.0.1 and later also have a function SSL_renegotiate_abbreviated() to + * request renegotiation but not a new session (s->new_session remains + * unset): for servers, this essentially just means that the + * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION setting will be + * ignored. + */ + if (clienthello->isv2 || + (s->new_session && + (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) { + if (!ssl_get_new_session(s, 1)) { + /* SSLfatal() already called */ + goto err; + } } else { - i = ssl_get_prev_session(s, &extensions, &session_id); - /* - * Only resume if the session's version matches the negotiated - * version. - * RFC 5246 does not provide much useful advice on resumption - * with a different protocol version. It doesn't forbid it but - * the sanity of such behaviour would be questionable. - * In practice, clients do not accept a version mismatch and - * will abort the handshake with an error. - */ - if (i == 1 && s->version == s->session->ssl_version) { + i = ssl_get_prev_session(s, clienthello); + if (i == 1) { /* previous session */ s->hit = 1; } else if (i == -1) { + /* SSLfatal() already called */ goto err; } else { /* i == 0 */ - if (!ssl_get_new_session(s, 1)) + if (!ssl_get_new_session(s, 1)) { + /* SSLfatal() already called */ goto err; + } } } - if (ssl_bytes_to_cipher_list(s, &cipher_suites, &(ciphers), - is_v2_record, &al) == NULL) { - goto f_err; + if (SSL_IS_TLS13(s)) { + memcpy(s->tmp_session_id, s->clienthello->session_id, + s->clienthello->session_id_len); + s->tmp_session_id_len = s->clienthello->session_id_len; } - /* If it is a hit, check that the cipher is in the list */ - if (s->hit) { + /* + * If it is a hit, check that the cipher is in the list. In TLSv1.3 we check + * ciphersuite compatibility with the session as part of resumption. + */ + if (!SSL_IS_TLS13(s) && s->hit) { j = 0; id = s->session->cipher->id; @@ -1198,32 +1848,36 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) * we need to have the cipher in the cipher list if we are asked * to reuse it */ - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, - SSL_R_REQUIRED_CIPHER_MISSING); - goto f_err; + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, + SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, + SSL_R_REQUIRED_CIPHER_MISSING); + goto err; } } - complen = PACKET_remaining(&compression); - for (j = 0; j < complen; j++) { - if (PACKET_data(&compression)[j] == 0) + for (loop = 0; loop < clienthello->compressions_len; loop++) { + if (clienthello->compressions[loop] == 0) break; } - if (j >= complen) { + if (loop >= clienthello->compressions_len) { /* no compress */ - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_NO_COMPRESSION_SPECIFIED); - goto f_err; + SSLfatal(s, SSL_AD_DECODE_ERROR, + SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, + SSL_R_NO_COMPRESSION_SPECIFIED); + goto err; } +#ifndef OPENSSL_NO_EC + if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG) + ssl_check_for_safari(s, clienthello); +#endif /* !OPENSSL_NO_EC */ + /* TLS extensions */ - if (s->version >= SSL3_VERSION) { - if (!ssl_parse_clienthello_tlsext(s, &extensions)) { - SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_PARSE_TLSEXT); - goto err; - } + if (!tls_parse_all_extensions(s, SSL_EXT_CLIENT_HELLO, + clienthello->pre_proc_exts, NULL, 0, 1)) { + /* SSLfatal() already called */ + goto err; } /* @@ -1235,19 +1889,33 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) { unsigned char *pos; pos = s->s3->server_random; - if (ssl_fill_hello_random(s, 1, pos, SSL3_RANDOM_SIZE) <= 0) { - goto f_err; + if (ssl_fill_hello_random(s, 1, pos, SSL3_RANDOM_SIZE, dgrd) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, + ERR_R_INTERNAL_ERROR); + goto err; } } - if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb) { + if (!s->hit + && s->version >= TLS1_VERSION + && !SSL_IS_TLS13(s) + && !SSL_IS_DTLS(s) + && s->ext.session_secret_cb) { const SSL_CIPHER *pref_cipher = NULL; + /* + * s->session->master_key_length is a size_t, but this is an int for + * backwards compat reasons + */ + int master_key_length; - s->session->master_key_length = sizeof(s->session->master_key); - if (s->tls_session_secret_cb(s, s->session->master_key, - &s->session->master_key_length, ciphers, + master_key_length = sizeof(s->session->master_key); + if (s->ext.session_secret_cb(s, s->session->master_key, + &master_key_length, ciphers, &pref_cipher, - s->tls_session_secret_cb_arg)) { + s->ext.session_secret_cb_arg) + && master_key_length > 0) { + s->session->master_key_length = master_key_length; s->hit = 1; s->session->ciphers = ciphers; s->session->verify_result = X509_V_OK; @@ -1255,16 +1923,14 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) ciphers = NULL; /* check if some cipher was preferred by call back */ - pref_cipher = - pref_cipher ? pref_cipher : ssl3_choose_cipher(s, - s-> - session->ciphers, - SSL_get_ciphers - (s)); + if (pref_cipher == NULL) + pref_cipher = ssl3_choose_cipher(s, s->session->ciphers, + SSL_get_ciphers(s)); if (pref_cipher == NULL) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_NO_SHARED_CIPHER); - goto f_err; + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, + SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, + SSL_R_NO_SHARED_CIPHER); + goto err; } s->session->cipher = pref_cipher; @@ -1281,17 +1947,31 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) * algorithms from the client, starting at q. */ s->s3->tmp.new_compression = NULL; + if (SSL_IS_TLS13(s)) { + /* + * We already checked above that the NULL compression method appears in + * the list. Now we check there aren't any others (which is illegal in + * a TLSv1.3 ClientHello. + */ + if (clienthello->compressions_len != 1) { + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, + SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, + SSL_R_INVALID_COMPRESSION_ALGORITHM); + goto err; + } + } #ifndef OPENSSL_NO_COMP /* This only happens if we have a cache hit */ - if (s->session->compress_meth != 0) { + else if (s->session->compress_meth != 0) { int m, comp_id = s->session->compress_meth; unsigned int k; /* Perform sanity checks on resumed compression algorithm */ /* Can't disable compression */ if (!ssl_allow_compression(s)) { - SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, - SSL_R_INCONSISTENT_COMPRESSION); - goto f_err; + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, + SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, + SSL_R_INCONSISTENT_COMPRESSION); + goto err; } /* Look for resumed compression method */ for (m = 0; m < sk_SSL_COMP_num(s->ctx->comp_methods); m++) { @@ -1302,24 +1982,25 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) } } if (s->s3->tmp.new_compression == NULL) { - SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, - SSL_R_INVALID_COMPRESSION_ALGORITHM); - goto f_err; + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, + SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, + SSL_R_INVALID_COMPRESSION_ALGORITHM); + goto err; } /* Look for resumed method in compression list */ - for (k = 0; k < complen; k++) { - if (PACKET_data(&compression)[k] == comp_id) + for (k = 0; k < clienthello->compressions_len; k++) { + if (clienthello->compressions[k] == comp_id) break; } - if (k >= complen) { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, - SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING); - goto f_err; + if (k >= clienthello->compressions_len) { + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, + SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, + SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING); + goto err; } - } else if (s->hit) + } else if (s->hit) { comp = NULL; - else if (ssl_allow_compression(s) && s->ctx->comp_methods) { + } else if (ssl_allow_compression(s) && s->ctx->comp_methods) { /* See if we have a match */ int m, nn, v, done = 0; unsigned int o; @@ -1328,8 +2009,8 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) for (m = 0; m < nn; m++) { comp = sk_SSL_COMP_value(s->ctx->comp_methods, m); v = comp->id; - for (o = 0; o < complen; o++) { - if (v == PACKET_data(&compression)[o]) { + for (o = 0; o < clienthello->compressions_len; o++) { + if (v == clienthello->compressions[o]) { done = 1; break; } @@ -1348,8 +2029,10 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) * using compression. */ if (s->session->compress_meth != 0) { - SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_INCONSISTENT_COMPRESSION); - goto f_err; + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, + SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, + SSL_R_INCONSISTENT_COMPRESSION); + goto err; } #endif @@ -1357,88 +2040,245 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) * Given s->session->ciphers and SSL_get_ciphers, we must pick a cipher */ + if (!s->hit || SSL_IS_TLS13(s)) { + sk_SSL_CIPHER_free(s->session->ciphers); + s->session->ciphers = ciphers; + if (ciphers == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, + ERR_R_INTERNAL_ERROR); + goto err; + } + ciphers = NULL; + } + if (!s->hit) { #ifdef OPENSSL_NO_COMP s->session->compress_meth = 0; #else s->session->compress_meth = (comp == NULL) ? 0 : comp->id; #endif - sk_SSL_CIPHER_free(s->session->ciphers); - s->session->ciphers = ciphers; - if (ciphers == NULL) { - al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); - goto f_err; - } - ciphers = NULL; - if (!tls1_set_server_sigalgs(s)) { - SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT); - goto err; - } } sk_SSL_CIPHER_free(ciphers); - return MSG_PROCESS_CONTINUE_PROCESSING; - f_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); + sk_SSL_CIPHER_free(scsvs); + OPENSSL_free(clienthello->pre_proc_exts); + OPENSSL_free(s->clienthello); + s->clienthello = NULL; + return 1; err: - ossl_statem_set_error(s); - sk_SSL_CIPHER_free(ciphers); - return MSG_PROCESS_ERROR; + sk_SSL_CIPHER_free(scsvs); + OPENSSL_free(clienthello->pre_proc_exts); + OPENSSL_free(s->clienthello); + s->clienthello = NULL; + + return 0; +} + +/* + * Call the status request callback if needed. Upon success, returns 1. + * Upon failure, returns 0. + */ +static int tls_handle_status_request(SSL *s) +{ + s->ext.status_expected = 0; + + /* + * If status request then ask callback what to do. Note: this must be + * called after servername callbacks in case the certificate has changed, + * and must be called after the cipher has been chosen because this may + * influence which certificate is sent + */ + if (s->ext.status_type != TLSEXT_STATUSTYPE_nothing && s->ctx != NULL + && s->ctx->ext.status_cb != NULL) { + int ret; + + /* If no certificate can't return certificate status */ + if (s->s3->tmp.cert != NULL) { + /* + * Set current certificate to one we will use so SSL_get_certificate + * et al can pick it up. + */ + s->cert->key = s->s3->tmp.cert; + ret = s->ctx->ext.status_cb(s, s->ctx->ext.status_arg); + switch (ret) { + /* We don't want to send a status request response */ + case SSL_TLSEXT_ERR_NOACK: + s->ext.status_expected = 0; + break; + /* status request response should be sent */ + case SSL_TLSEXT_ERR_OK: + if (s->ext.ocsp.resp) + s->ext.status_expected = 1; + break; + /* something bad happened */ + case SSL_TLSEXT_ERR_ALERT_FATAL: + default: + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_HANDLE_STATUS_REQUEST, + SSL_R_CLIENTHELLO_TLSEXT); + return 0; + } + } + } + + return 1; +} + +/* + * Call the alpn_select callback if needed. Upon success, returns 1. + * Upon failure, returns 0. + */ +int tls_handle_alpn(SSL *s) +{ + const unsigned char *selected = NULL; + unsigned char selected_len = 0; + + if (s->ctx->ext.alpn_select_cb != NULL && s->s3->alpn_proposed != NULL) { + int r = s->ctx->ext.alpn_select_cb(s, &selected, &selected_len, + s->s3->alpn_proposed, + (unsigned int)s->s3->alpn_proposed_len, + s->ctx->ext.alpn_select_cb_arg); + + if (r == SSL_TLSEXT_ERR_OK) { + OPENSSL_free(s->s3->alpn_selected); + s->s3->alpn_selected = OPENSSL_memdup(selected, selected_len); + if (s->s3->alpn_selected == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_HANDLE_ALPN, + ERR_R_INTERNAL_ERROR); + return 0; + } + s->s3->alpn_selected_len = selected_len; +#ifndef OPENSSL_NO_NEXTPROTONEG + /* ALPN takes precedence over NPN. */ + s->s3->npn_seen = 0; +#endif + + /* Check ALPN is consistent with session */ + if (s->session->ext.alpn_selected == NULL + || selected_len != s->session->ext.alpn_selected_len + || memcmp(selected, s->session->ext.alpn_selected, + selected_len) != 0) { + /* Not consistent so can't be used for early_data */ + s->ext.early_data_ok = 0; + + if (!s->hit) { + /* + * This is a new session and so alpn_selected should have + * been initialised to NULL. We should update it with the + * selected ALPN. + */ + if (!ossl_assert(s->session->ext.alpn_selected == NULL)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_HANDLE_ALPN, + ERR_R_INTERNAL_ERROR); + return 0; + } + s->session->ext.alpn_selected = OPENSSL_memdup(selected, + selected_len); + if (s->session->ext.alpn_selected == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_HANDLE_ALPN, + ERR_R_INTERNAL_ERROR); + return 0; + } + s->session->ext.alpn_selected_len = selected_len; + } + } + + return 1; + } else if (r != SSL_TLSEXT_ERR_NOACK) { + SSLfatal(s, SSL_AD_NO_APPLICATION_PROTOCOL, SSL_F_TLS_HANDLE_ALPN, + SSL_R_NO_APPLICATION_PROTOCOL); + return 0; + } + /* + * If r == SSL_TLSEXT_ERR_NOACK then behave as if no callback was + * present. + */ + } + + /* Check ALPN is consistent with session */ + if (s->session->ext.alpn_selected != NULL) { + /* Not consistent so can't be used for early_data */ + s->ext.early_data_ok = 0; + } + return 1; } WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst) { - int al = SSL_AD_HANDSHAKE_FAILURE; const SSL_CIPHER *cipher; if (wst == WORK_MORE_A) { - if (!s->hit) { + int rv = tls_early_post_process_client_hello(s); + if (rv == 0) { + /* SSLfatal() was already called */ + goto err; + } + if (rv < 0) + return WORK_MORE_A; + wst = WORK_MORE_B; + } + if (wst == WORK_MORE_B) { + if (!s->hit || SSL_IS_TLS13(s)) { /* Let cert callback update server certificates if required */ - if (s->cert->cert_cb) { - int rv = s->cert->cert_cb(s, s->cert->cert_cb_arg); - if (rv == 0) { - al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_POST_PROCESS_CLIENT_HELLO, - SSL_R_CERT_CB_ERROR); - goto f_err; + if (!s->hit) { + if (s->cert->cert_cb != NULL) { + int rv = s->cert->cert_cb(s, s->cert->cert_cb_arg); + if (rv == 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_POST_PROCESS_CLIENT_HELLO, + SSL_R_CERT_CB_ERROR); + goto err; + } + if (rv < 0) { + s->rwstate = SSL_X509_LOOKUP; + return WORK_MORE_B; + } + s->rwstate = SSL_NOTHING; } - if (rv < 0) { - s->rwstate = SSL_X509_LOOKUP; - return WORK_MORE_A; + if (!tls1_set_server_sigalgs(s)) { + /* SSLfatal already called */ + goto err; } - s->rwstate = SSL_NOTHING; } - cipher = - ssl3_choose_cipher(s, s->session->ciphers, SSL_get_ciphers(s)); - if (cipher == NULL) { - SSLerr(SSL_F_TLS_POST_PROCESS_CLIENT_HELLO, - SSL_R_NO_SHARED_CIPHER); - goto f_err; + /* In TLSv1.3 we selected the ciphersuite before resumption */ + if (!SSL_IS_TLS13(s)) { + cipher = + ssl3_choose_cipher(s, s->session->ciphers, SSL_get_ciphers(s)); + + if (cipher == NULL) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, + SSL_F_TLS_POST_PROCESS_CLIENT_HELLO, + SSL_R_NO_SHARED_CIPHER); + goto err; + } + s->s3->tmp.new_cipher = cipher; + } + if (!s->hit) { + if (!tls_choose_sigalg(s, 1)) { + /* SSLfatal already called */ + goto err; + } + /* check whether we should disable session resumption */ + if (s->not_resumable_session_cb != NULL) + s->session->not_resumable = + s->not_resumable_session_cb(s, + ((s->s3->tmp.new_cipher->algorithm_mkey + & (SSL_kDHE | SSL_kECDHE)) != 0)); + if (s->session->not_resumable) + /* do not send a session ticket */ + s->ext.ticket_expected = 0; } - s->s3->tmp.new_cipher = cipher; - /* check whether we should disable session resumption */ - if (s->not_resumable_session_cb != NULL) - s->session->not_resumable = s->not_resumable_session_cb(s, - ((cipher->algorithm_mkey & (SSL_kDHE | SSL_kECDHE)) != 0)); - if (s->session->not_resumable) - /* do not send a session ticket */ - s->tlsext_ticket_expected = 0; } else { /* Session-id reuse */ s->s3->tmp.new_cipher = s->session->cipher; } - if (!(s->verify_mode & SSL_VERIFY_PEER)) { - if (!ssl3_digest_cached_records(s, 0)) { - al = SSL_AD_INTERNAL_ERROR; - goto f_err; - } - } - /*- * we now have the following setup. * client_random @@ -1451,73 +2291,71 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst) * s->s3->tmp.new_cipher- the new cipher to use. */ - /* Handles TLS extensions that we couldn't check earlier */ - if (s->version >= SSL3_VERSION) { - if (!ssl_check_clienthello_tlsext_late(s, &al)) { - SSLerr(SSL_F_TLS_POST_PROCESS_CLIENT_HELLO, - SSL_R_CLIENTHELLO_TLSEXT); - goto f_err; - } + /* + * Call status_request callback if needed. Has to be done after the + * certificate callbacks etc above. + */ + if (!tls_handle_status_request(s)) { + /* SSLfatal() already called */ + goto err; + } + /* + * Call alpn_select callback if needed. Has to be done after SNI and + * cipher negotiation (HTTP/2 restricts permitted ciphers). In TLSv1.3 + * we already did this because cipher negotiation happens earlier, and + * we must handle ALPN before we decide whether to accept early_data. + */ + if (!SSL_IS_TLS13(s) && !tls_handle_alpn(s)) { + /* SSLfatal() already called */ + goto err; } - wst = WORK_MORE_B; + wst = WORK_MORE_C; } #ifndef OPENSSL_NO_SRP - if (wst == WORK_MORE_B) { + if (wst == WORK_MORE_C) { int ret; - if ((ret = ssl_check_srp_ext_ClientHello(s, &al)) < 0) { + if ((ret = ssl_check_srp_ext_ClientHello(s)) == 0) { /* * callback indicates further work to be done */ s->rwstate = SSL_X509_LOOKUP; - return WORK_MORE_B; + return WORK_MORE_C; } - if (ret != SSL_ERROR_NONE) { - /* - * This is not really an error but the only means to for - * a client to detect whether srp is supported. - */ - if (al != TLS1_AD_UNKNOWN_PSK_IDENTITY) - SSLerr(SSL_F_TLS_POST_PROCESS_CLIENT_HELLO, - SSL_R_CLIENTHELLO_TLSEXT); - else - SSLerr(SSL_F_TLS_POST_PROCESS_CLIENT_HELLO, - SSL_R_PSK_IDENTITY_NOT_FOUND); - goto f_err; + if (ret < 0) { + /* SSLfatal() already called */ + goto err; } } #endif - s->renegotiate = 2; return WORK_FINISHED_STOP; - f_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - ossl_statem_set_error(s); + err: return WORK_ERROR; } -int tls_construct_server_hello(SSL *s) +int tls_construct_server_hello(SSL *s, WPACKET *pkt) { - unsigned char *buf; - unsigned char *p, *d; - int i, sl; - int al = 0; - unsigned long l; - - buf = (unsigned char *)s->init_buf->data; - - /* Do the message type and length last */ - d = p = ssl_handshake_start(s); - - *(p++) = s->version >> 8; - *(p++) = s->version & 0xff; - - /* - * Random stuff. Filling of the server_random takes place in - * tls_process_client_hello() - */ - memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE); - p += SSL3_RANDOM_SIZE; + int compm; + size_t sl, len; + int version; + unsigned char *session_id; + int usetls13 = SSL_IS_TLS13(s) || s->hello_retry_request == SSL_HRR_PENDING; + + version = usetls13 ? TLS1_2_VERSION : s->version; + if (!WPACKET_put_bytes_u16(pkt, version) + /* + * Random stuff. Filling of the server_random takes place in + * tls_process_client_hello() + */ + || !WPACKET_memcpy(pkt, + s->hello_retry_request == SSL_HRR_PENDING + ? hrrrandom : s->s3->server_random, + SSL3_RANDOM_SIZE)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_SERVER_HELLO, + ERR_R_INTERNAL_ERROR); + return 0; + } /*- * There are several cases for the session ID to send @@ -1531,6 +2369,8 @@ int tls_construct_server_hello(SSL *s) * session ID. * - However, if we want the new session to be single-use, * we send back a 0-length session ID. + * - In TLSv1.3 we echo back the session id sent to us by the client + * regardless * s->hit is non-zero in either case of session reuse, * so the following won't overwrite an ID that we're supposed * to send back. @@ -1540,115 +2380,117 @@ int tls_construct_server_hello(SSL *s) && !s->hit)) s->session->session_id_length = 0; - sl = s->session->session_id_length; - if (sl > (int)sizeof(s->session->session_id)) { - SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_HELLO, ERR_R_INTERNAL_ERROR); - ossl_statem_set_error(s); - return 0; + if (usetls13) { + sl = s->tmp_session_id_len; + session_id = s->tmp_session_id; + } else { + sl = s->session->session_id_length; + session_id = s->session->session_id; } - *(p++) = sl; - memcpy(p, s->session->session_id, sl); - p += sl; - /* put the cipher */ - i = ssl3_put_cipher_by_char(s->s3->tmp.new_cipher, p); - p += i; + if (sl > sizeof(s->session->session_id)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_SERVER_HELLO, + ERR_R_INTERNAL_ERROR); + return 0; + } - /* put the compression method */ + /* set up the compression method */ #ifdef OPENSSL_NO_COMP - *(p++) = 0; + compm = 0; #else - if (s->s3->tmp.new_compression == NULL) - *(p++) = 0; + if (usetls13 || s->s3->tmp.new_compression == NULL) + compm = 0; else - *(p++) = s->s3->tmp.new_compression->id; + compm = s->s3->tmp.new_compression->id; #endif - if (ssl_prepare_serverhello_tlsext(s) <= 0) { - SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_HELLO, SSL_R_SERVERHELLO_TLSEXT); - ossl_statem_set_error(s); + if (!WPACKET_sub_memcpy_u8(pkt, session_id, sl) + || !s->method->put_cipher_by_char(s->s3->tmp.new_cipher, pkt, &len) + || !WPACKET_put_bytes_u8(pkt, compm)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_SERVER_HELLO, + ERR_R_INTERNAL_ERROR); return 0; } - if ((p = - ssl_add_serverhello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH, - &al)) == NULL) { - ssl3_send_alert(s, SSL3_AL_FATAL, al); - SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_HELLO, ERR_R_INTERNAL_ERROR); - ossl_statem_set_error(s); + + if (!tls_construct_extensions(s, pkt, + s->hello_retry_request == SSL_HRR_PENDING + ? SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST + : (SSL_IS_TLS13(s) + ? SSL_EXT_TLS1_3_SERVER_HELLO + : SSL_EXT_TLS1_2_SERVER_HELLO), + NULL, 0)) { + /* SSLfatal() already called */ return 0; } - /* do the header */ - l = (p - d); - if (!ssl_set_handshake_header(s, SSL3_MT_SERVER_HELLO, l)) { - SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_HELLO, ERR_R_INTERNAL_ERROR); - ossl_statem_set_error(s); + if (s->hello_retry_request == SSL_HRR_PENDING) { + /* Ditch the session. We'll create a new one next time around */ + SSL_SESSION_free(s->session); + s->session = NULL; + s->hit = 0; + + /* + * Re-initialise the Transcript Hash. We're going to prepopulate it with + * a synthetic message_hash in place of ClientHello1. + */ + if (!create_synthetic_message_hash(s, NULL, 0, NULL, 0)) { + /* SSLfatal() already called */ + return 0; + } + } else if (!(s->verify_mode & SSL_VERIFY_PEER) + && !ssl3_digest_cached_records(s, 0)) { + /* SSLfatal() already called */; return 0; } return 1; } -int tls_construct_server_done(SSL *s) +int tls_construct_server_done(SSL *s, WPACKET *pkt) { - if (!ssl_set_handshake_header(s, SSL3_MT_SERVER_DONE, 0)) { - SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_DONE, ERR_R_INTERNAL_ERROR); - ossl_statem_set_error(s); - return 0; - } - if (!s->s3->tmp.cert_request) { if (!ssl3_digest_cached_records(s, 0)) { - ossl_statem_set_error(s); + /* SSLfatal() already called */ + return 0; } } - return 1; } -int tls_construct_server_key_exchange(SSL *s) +int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) { #ifndef OPENSSL_NO_DH EVP_PKEY *pkdh = NULL; - int j; #endif #ifndef OPENSSL_NO_EC unsigned char *encodedPoint = NULL; - int encodedlen = 0; + size_t encodedlen = 0; int curve_id = 0; #endif - EVP_PKEY *pkey; - const EVP_MD *md = NULL; - unsigned char *p, *d; - int al, i; + const SIGALG_LOOKUP *lu = s->s3->tmp.sigalg; + int i; unsigned long type; - int n; const BIGNUM *r[4]; - int nr[4], kn; - BUF_MEM *buf; EVP_MD_CTX *md_ctx = EVP_MD_CTX_new(); + EVP_PKEY_CTX *pctx = NULL; + size_t paramlen, paramoffset; + + if (!WPACKET_get_total_written(pkt, ¶moffset)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); + goto err; + } if (md_ctx == NULL) { - SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); - al = SSL_AD_INTERNAL_ERROR; - goto f_err; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); + goto err; } type = s->s3->tmp.new_cipher->algorithm_mkey; - buf = s->init_buf; - r[0] = r[1] = r[2] = r[3] = NULL; - n = 0; #ifndef OPENSSL_NO_PSK - if (type & SSL_PSK) { - /* - * reserve size for record length and PSK identity hint - */ - n += 2; - if (s->cert->psk_identity_hint) - n += strlen(s->cert->psk_identity_hint); - } /* Plain PSK or RSAPSK nothing to do */ if (type & (SSL_kPSK | SSL_kRSAPSK)) { } else @@ -1665,10 +2507,10 @@ int tls_construct_server_key_exchange(SSL *s) pkdh = EVP_PKEY_new(); if (pkdh == NULL || dhp == NULL) { DH_free(dhp); - al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); - goto f_err; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + goto err; } EVP_PKEY_assign_DH(pkdh, dhp); pkdhp = pkdh; @@ -1679,44 +2521,44 @@ int tls_construct_server_key_exchange(SSL *s) DH *dhp = s->cert->dh_tmp_cb(s, 0, 1024); pkdh = ssl_dh_to_pkey(dhp); if (pkdh == NULL) { - al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); - goto f_err; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + goto err; } pkdhp = pkdh; } if (pkdhp == NULL) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, - SSL_R_MISSING_TMP_DH_KEY); - goto f_err; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, + SSL_R_MISSING_TMP_DH_KEY); + goto err; } if (!ssl_security(s, SSL_SECOP_TMP_DH, EVP_PKEY_security_bits(pkdhp), 0, pkdhp)) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, - SSL_R_DH_KEY_TOO_SMALL); - goto f_err; + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, + SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, + SSL_R_DH_KEY_TOO_SMALL); + goto err; } if (s->s3->tmp.pkey != NULL) { - SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); goto err; } s->s3->tmp.pkey = ssl_generate_pkey(pkdhp); - if (s->s3->tmp.pkey == NULL) { - SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_EVP_LIB); + /* SSLfatal() already called */ goto err; } dh = EVP_PKEY_get0_DH(s->s3->tmp.pkey); if (dh == NULL) { - al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); goto err; } @@ -1729,45 +2571,38 @@ int tls_construct_server_key_exchange(SSL *s) #endif #ifndef OPENSSL_NO_EC if (type & (SSL_kECDHE | SSL_kECDHEPSK)) { - int nid; if (s->s3->tmp.pkey != NULL) { - SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); goto err; } /* Get NID of appropriate shared curve */ - nid = tls1_shared_curve(s, -2); - curve_id = tls1_ec_nid2curve_id(nid); + curve_id = tls1_shared_group(s, -2); if (curve_id == 0) { - SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, - SSL_R_UNSUPPORTED_ELLIPTIC_CURVE); + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, + SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, + SSL_R_UNSUPPORTED_ELLIPTIC_CURVE); goto err; } - s->s3->tmp.pkey = ssl_generate_pkey_curve(curve_id); + s->s3->tmp.pkey = ssl_generate_pkey_group(s, curve_id); /* Generate a new key for this curve */ if (s->s3->tmp.pkey == NULL) { - al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_EVP_LIB); - goto f_err; + /* SSLfatal() already called */ + goto err; } /* Encode the public key. */ encodedlen = EVP_PKEY_get1_tls_encodedpoint(s->s3->tmp.pkey, &encodedPoint); if (encodedlen == 0) { - SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_EC_LIB); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_EC_LIB); goto err; } - /* - * We only support named (not generic) curves in ECDH ephemeral key - * exchanges. In this situation, we need four additional bytes to - * encode the entire ServerECDHParams structure. - */ - n += 4 + encodedlen; - /* * We'll generate the serverKeyExchange message explicitly so we * can set these to NULLs @@ -1783,8 +2618,9 @@ int tls_construct_server_key_exchange(SSL *s) if ((s->srp_ctx.N == NULL) || (s->srp_ctx.g == NULL) || (s->srp_ctx.s == NULL) || (s->srp_ctx.B == NULL)) { - SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, - SSL_R_MISSING_SRP_PARAM); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, + SSL_R_MISSING_SRP_PARAM); goto err; } r[0] = s->srp_ctx.N; @@ -1794,85 +2630,59 @@ int tls_construct_server_key_exchange(SSL *s) } else #endif { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, - SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); - goto f_err; - } - for (i = 0; i < 4 && r[i] != NULL; i++) { - nr[i] = BN_num_bytes(r[i]); -#ifndef OPENSSL_NO_SRP - if ((i == 2) && (type & SSL_kSRP)) - n += 1 + nr[i]; - else -#endif -#ifndef OPENSSL_NO_DH - /*- - * for interoperability with some versions of the Microsoft TLS - * stack, we need to zero pad the DHE pub key to the same length - * as the prime, so use the length of the prime here - */ - if ((i == 2) && (type & (SSL_kDHE | SSL_kDHEPSK))) - n += 2 + nr[0]; - else -#endif - n += 2 + nr[i]; - } - - if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP)) - && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)) { - if ((pkey = ssl_get_sign_pkey(s, s->s3->tmp.new_cipher, &md)) - == NULL) { - al = SSL_AD_DECODE_ERROR; - goto f_err; - } - kn = EVP_PKEY_size(pkey); - /* Allow space for signature algorithm */ - if (SSL_USE_SIGALGS(s)) - kn += 2; - /* Allow space for signature length */ - kn += 2; - } else { - pkey = NULL; - kn = 0; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, + SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); + goto err; } - if (!BUF_MEM_grow_clean(buf, n + SSL_HM_HEADER_LENGTH(s) + kn)) { - SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_LIB_BUF); + if (((s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP)) != 0) + || ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)) != 0) { + lu = NULL; + } else if (lu == NULL) { + SSLfatal(s, SSL_AD_DECODE_ERROR, + SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto err; } - d = p = ssl_handshake_start(s); #ifndef OPENSSL_NO_PSK if (type & SSL_PSK) { - /* copy PSK identity hint */ - if (s->cert->psk_identity_hint) { - size_t len = strlen(s->cert->psk_identity_hint); - if (len > PSK_MAX_IDENTITY_LEN) { - /* - * Should not happen - we already checked this when we set - * the identity hint - */ - SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); - goto err; - } - s2n(len, p); - memcpy(p, s->cert->psk_identity_hint, len); - p += len; - } else { - s2n(0, p); + size_t len = (s->cert->psk_identity_hint == NULL) + ? 0 : strlen(s->cert->psk_identity_hint); + + /* + * It should not happen that len > PSK_MAX_IDENTITY_LEN - we already + * checked this when we set the identity hint - but just in case + */ + if (len > PSK_MAX_IDENTITY_LEN + || !WPACKET_sub_memcpy_u16(pkt, s->cert->psk_identity_hint, + len)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + goto err; } } #endif for (i = 0; i < 4 && r[i] != NULL; i++) { + unsigned char *binval; + int res; + #ifndef OPENSSL_NO_SRP if ((i == 2) && (type & SSL_kSRP)) { - *p = nr[i]; - p++; + res = WPACKET_start_sub_packet_u8(pkt); } else #endif + res = WPACKET_start_sub_packet_u16(pkt); + + if (!res) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + goto err; + } + #ifndef OPENSSL_NO_DH /*- * for interoperability with some versions of the Microsoft TLS @@ -1880,97 +2690,124 @@ int tls_construct_server_key_exchange(SSL *s) * as the prime */ if ((i == 2) && (type & (SSL_kDHE | SSL_kDHEPSK))) { - s2n(nr[0], p); - for (j = 0; j < (nr[0] - nr[2]); ++j) { - *p = 0; - ++p; + size_t len = BN_num_bytes(r[0]) - BN_num_bytes(r[2]); + + if (len > 0) { + if (!WPACKET_allocate_bytes(pkt, len, &binval)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + goto err; + } + memset(binval, 0, len); } - } else + } #endif - s2n(nr[i], p); - BN_bn2bin(r[i], p); - p += nr[i]; + if (!WPACKET_allocate_bytes(pkt, BN_num_bytes(r[i]), &binval) + || !WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + goto err; + } + + BN_bn2bin(r[i], binval); } #ifndef OPENSSL_NO_EC if (type & (SSL_kECDHE | SSL_kECDHEPSK)) { /* - * XXX: For now, we only support named (not generic) curves. In - * this situation, the serverKeyExchange message has: [1 byte - * CurveType], [2 byte CurveName] [1 byte length of encoded - * point], followed by the actual encoded point itself + * We only support named (not generic) curves. In this situation, the + * ServerKeyExchange message has: [1 byte CurveType], [2 byte CurveName] + * [1 byte length of encoded point], followed by the actual encoded + * point itself */ - *p = NAMED_CURVE_TYPE; - p += 1; - *p = 0; - p += 1; - *p = curve_id; - p += 1; - *p = encodedlen; - p += 1; - memcpy(p, encodedPoint, encodedlen); + if (!WPACKET_put_bytes_u8(pkt, NAMED_CURVE_TYPE) + || !WPACKET_put_bytes_u8(pkt, 0) + || !WPACKET_put_bytes_u8(pkt, curve_id) + || !WPACKET_sub_memcpy_u8(pkt, encodedPoint, encodedlen)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + goto err; + } OPENSSL_free(encodedPoint); encodedPoint = NULL; - p += encodedlen; } #endif /* not anonymous */ - if (pkey != NULL) { + if (lu != NULL) { + EVP_PKEY *pkey = s->s3->tmp.cert->privatekey; + const EVP_MD *md; + unsigned char *sigbytes1, *sigbytes2, *tbs; + size_t siglen, tbslen; + int rv; + + if (pkey == NULL || !tls1_lookup_md(lu, &md)) { + /* Should never happen */ + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + goto err; + } + /* Get length of the parameters we have written above */ + if (!WPACKET_get_length(pkt, ¶mlen)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + goto err; + } + /* send signature algorithm */ + if (SSL_USE_SIGALGS(s) && !WPACKET_put_bytes_u16(pkt, lu->sigalg)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + goto err; + } /* - * n is the length of the params, they start at &(d[4]) and p - * points to the space at the end. + * Create the signature. We don't know the actual length of the sig + * until after we've created it, so we reserve enough bytes for it + * up front, and then properly allocate them in the WPACKET + * afterwards. */ - if (md) { - /* send signature algorithm */ - if (SSL_USE_SIGALGS(s)) { - if (!tls12_get_sigandhash(p, pkey, md)) { - /* Should never happen */ - al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); - goto f_err; - } - p += 2; - } -#ifdef SSL_DEBUG - fprintf(stderr, "Using hash %s\n", EVP_MD_name(md)); -#endif - if (EVP_SignInit_ex(md_ctx, md, NULL) <= 0 - || EVP_SignUpdate(md_ctx, &(s->s3->client_random[0]), - SSL3_RANDOM_SIZE) <= 0 - || EVP_SignUpdate(md_ctx, &(s->s3->server_random[0]), - SSL3_RANDOM_SIZE) <= 0 - || EVP_SignUpdate(md_ctx, d, n) <= 0 - || EVP_SignFinal(md_ctx, &(p[2]), - (unsigned int *)&i, pkey) <= 0) { - SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_LIB_EVP); - al = SSL_AD_INTERNAL_ERROR; - goto f_err; + siglen = EVP_PKEY_size(pkey); + if (!WPACKET_sub_reserve_bytes_u16(pkt, siglen, &sigbytes1) + || EVP_DigestSignInit(md_ctx, &pctx, md, NULL, pkey) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + goto err; + } + if (lu->sig == EVP_PKEY_RSA_PSS) { + if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) <= 0 + || EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, RSA_PSS_SALTLEN_DIGEST) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, + ERR_R_EVP_LIB); + goto err; } - s2n(i, p); - n += i + 2; - if (SSL_USE_SIGALGS(s)) - n += 2; - } else { - /* Is this error check actually needed? */ - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, - SSL_R_UNKNOWN_PKEY_TYPE); - goto f_err; } - } - - if (!ssl_set_handshake_header(s, SSL3_MT_SERVER_KEY_EXCHANGE, n)) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); - goto f_err; + tbslen = construct_key_exchange_tbs(s, &tbs, + s->init_buf->data + paramoffset, + paramlen); + if (tbslen == 0) { + /* SSLfatal() already called */ + goto err; + } + rv = EVP_DigestSign(md_ctx, sigbytes1, &siglen, tbs, tbslen); + OPENSSL_free(tbs); + if (rv <= 0 || !WPACKET_sub_allocate_bytes_u16(pkt, siglen, &sigbytes2) + || sigbytes1 != sigbytes2) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + goto err; + } } EVP_MD_CTX_free(md_ctx); return 1; - f_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); err: #ifndef OPENSSL_NO_DH EVP_PKEY_free(pkdh); @@ -1979,96 +2816,82 @@ int tls_construct_server_key_exchange(SSL *s) OPENSSL_free(encodedPoint); #endif EVP_MD_CTX_free(md_ctx); - ossl_statem_set_error(s); return 0; } -int tls_construct_certificate_request(SSL *s) +int tls_construct_certificate_request(SSL *s, WPACKET *pkt) { - unsigned char *p, *d; - int i, j, nl, off, n; - STACK_OF(X509_NAME) *sk = NULL; - X509_NAME *name; - BUF_MEM *buf; - - buf = s->init_buf; + if (SSL_IS_TLS13(s)) { + /* Send random context when doing post-handshake auth */ + if (s->post_handshake_auth == SSL_PHA_REQUEST_PENDING) { + OPENSSL_free(s->pha_context); + s->pha_context_len = 32; + if ((s->pha_context = OPENSSL_malloc(s->pha_context_len)) == NULL + || RAND_bytes(s->pha_context, s->pha_context_len) <= 0 + || !WPACKET_sub_memcpy_u8(pkt, s->pha_context, s->pha_context_len)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, + ERR_R_INTERNAL_ERROR); + return 0; + } + /* reset the handshake hash back to just after the ClientFinished */ + if (!tls13_restore_handshake_digest_for_pha(s)) { + /* SSLfatal() already called */ + return 0; + } + } else { + if (!WPACKET_put_bytes_u8(pkt, 0)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, + ERR_R_INTERNAL_ERROR); + return 0; + } + } - d = p = ssl_handshake_start(s); + if (!tls_construct_extensions(s, pkt, + SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, NULL, + 0)) { + /* SSLfatal() already called */ + return 0; + } + goto done; + } /* get the list of acceptable cert types */ - p++; - n = ssl3_get_req_cert_type(s, p); - d[0] = n; - p += n; - n++; + if (!WPACKET_start_sub_packet_u8(pkt) + || !ssl3_get_req_cert_type(s, pkt) || !WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, ERR_R_INTERNAL_ERROR); + return 0; + } if (SSL_USE_SIGALGS(s)) { - const unsigned char *psigs; - unsigned char *etmp = p; - nl = tls12_get_psigalgs(s, 1, &psigs); - if (nl > SSL_MAX_2_BYTE_LEN) { - SSLerr(SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, - SSL_R_LENGTH_TOO_LONG); - goto err; - } - /* Skip over length for now */ - p += 2; - nl = tls12_copy_sigalgs(s, p, psigs, nl); - /* Now fill in length */ - s2n(nl, etmp); - p += nl; - n += nl + 2; - } - - off = n; - p += 2; - n += 2; - - sk = SSL_get_client_CA_list(s); - nl = 0; - if (sk != NULL) { - for (i = 0; i < sk_X509_NAME_num(sk); i++) { - name = sk_X509_NAME_value(sk, i); - j = i2d_X509_NAME(name, NULL); - if (j > SSL_MAX_2_BYTE_LEN) { - SSLerr(SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, - SSL_R_LENGTH_TOO_LONG); - goto err; - } - if (!BUF_MEM_grow_clean(buf, SSL_HM_HEADER_LENGTH(s) + n + j + 2)) { - SSLerr(SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, ERR_R_BUF_LIB); - goto err; - } - p = ssl_handshake_start(s) + n; - s2n(j, p); - i2d_X509_NAME(name, &p); - n += 2 + j; - nl += 2 + j; - if (nl > SSL_MAX_2_BYTE_LEN) { - SSLerr(SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, - SSL_R_LENGTH_TOO_LONG); - goto err; - } + const uint16_t *psigs; + size_t nl = tls12_get_psigalgs(s, 1, &psigs); + + if (!WPACKET_start_sub_packet_u16(pkt) + || !WPACKET_set_flags(pkt, WPACKET_FLAGS_NON_ZERO_LENGTH) + || !tls12_copy_sigalgs(s, pkt, psigs, nl) + || !WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, + ERR_R_INTERNAL_ERROR); + return 0; } } - /* else no CA names */ - p = ssl_handshake_start(s) + off; - s2n(nl, p); - if (!ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE_REQUEST, n)) { - SSLerr(SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, ERR_R_INTERNAL_ERROR); - goto err; + if (!construct_ca_names(s, get_ca_names(s), pkt)) { + /* SSLfatal() already called */ + return 0; } + done: + s->certreqs_sent++; s->s3->tmp.cert_request = 1; - return 1; - err: - ossl_statem_set_error(s); - return 0; } -static int tls_process_cke_psk_preamble(SSL *s, PACKET *pkt, int *al) +static int tls_process_cke_psk_preamble(SSL *s, PACKET *pkt) { #ifndef OPENSSL_NO_PSK unsigned char psk[PSK_MAX_PSK_LEN]; @@ -2076,24 +2899,24 @@ static int tls_process_cke_psk_preamble(SSL *s, PACKET *pkt, int *al) PACKET psk_identity; if (!PACKET_get_length_prefixed_2(pkt, &psk_identity)) { - *al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, SSL_R_LENGTH_MISMATCH); + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, + SSL_R_LENGTH_MISMATCH); return 0; } if (PACKET_remaining(&psk_identity) > PSK_MAX_IDENTITY_LEN) { - *al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, SSL_R_DATA_LENGTH_TOO_LONG); + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, + SSL_R_DATA_LENGTH_TOO_LONG); return 0; } if (s->psk_server_callback == NULL) { - *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, SSL_R_PSK_NO_SERVER_CB); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, + SSL_R_PSK_NO_SERVER_CB); return 0; } if (!PACKET_strndup(&psk_identity, &s->session->psk_identity)) { - *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, + ERR_R_INTERNAL_ERROR); return 0; } @@ -2101,16 +2924,16 @@ static int tls_process_cke_psk_preamble(SSL *s, PACKET *pkt, int *al) psk, sizeof(psk)); if (psklen > PSK_MAX_PSK_LEN) { - *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, + ERR_R_INTERNAL_ERROR); return 0; } else if (psklen == 0) { /* * PSK related to the given identity not found */ - *al = SSL_AD_UNKNOWN_PSK_IDENTITY; - SSLerr(SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, - SSL_R_PSK_IDENTITY_NOT_FOUND); + SSLfatal(s, SSL_AD_UNKNOWN_PSK_IDENTITY, + SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, + SSL_R_PSK_IDENTITY_NOT_FOUND); return 0; } @@ -2119,8 +2942,8 @@ static int tls_process_cke_psk_preamble(SSL *s, PACKET *pkt, int *al) OPENSSL_cleanse(psk, psklen); if (s->s3->tmp.psk == NULL) { - *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, ERR_R_MALLOC_FAILURE); return 0; } @@ -2129,13 +2952,13 @@ static int tls_process_cke_psk_preamble(SSL *s, PACKET *pkt, int *al) return 1; #else /* Should never happen */ - *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, + ERR_R_INTERNAL_ERROR); return 0; #endif } -static int tls_process_cke_rsa(SSL *s, PACKET *pkt, int *al) +static int tls_process_cke_rsa(SSL *s, PACKET *pkt) { #ifndef OPENSSL_NO_RSA unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH]; @@ -2147,10 +2970,10 @@ static int tls_process_cke_rsa(SSL *s, PACKET *pkt, int *al) unsigned char *rsa_decrypt = NULL; int ret = 0; - rsa = EVP_PKEY_get0_RSA(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey); + rsa = EVP_PKEY_get0_RSA(s->cert->pkeys[SSL_PKEY_RSA].privatekey); if (rsa == NULL) { - *al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_TLS_PROCESS_CKE_RSA, SSL_R_MISSING_RSA_CERTIFICATE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_RSA, + SSL_R_MISSING_RSA_CERTIFICATE); return 0; } @@ -2160,8 +2983,8 @@ static int tls_process_cke_rsa(SSL *s, PACKET *pkt, int *al) } else { if (!PACKET_get_length_prefixed_2(pkt, &enc_premaster) || PACKET_remaining(pkt) != 0) { - *al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CKE_RSA, SSL_R_LENGTH_MISMATCH); + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_RSA, + SSL_R_LENGTH_MISMATCH); return 0; } } @@ -2173,15 +2996,15 @@ static int tls_process_cke_rsa(SSL *s, PACKET *pkt, int *al) * their ciphertext cannot accommodate a premaster secret anyway. */ if (RSA_size(rsa) < SSL_MAX_MASTER_KEY_LENGTH) { - *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CKE_RSA, RSA_R_KEY_SIZE_TOO_SMALL); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_RSA, + RSA_R_KEY_SIZE_TOO_SMALL); return 0; } rsa_decrypt = OPENSSL_malloc(RSA_size(rsa)); if (rsa_decrypt == NULL) { - *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CKE_RSA, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_RSA, + ERR_R_MALLOC_FAILURE); return 0; } @@ -2193,18 +3016,26 @@ static int tls_process_cke_rsa(SSL *s, PACKET *pkt, int *al) * fails. See https://tools.ietf.org/html/rfc5246#section-7.4.7.1 */ - if (RAND_bytes(rand_premaster_secret, sizeof(rand_premaster_secret)) <= 0) + if (RAND_priv_bytes(rand_premaster_secret, + sizeof(rand_premaster_secret)) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_RSA, + ERR_R_INTERNAL_ERROR); goto err; + } /* * Decrypt with no padding. PKCS#1 padding will be removed as part of * the timing-sensitive code below. */ - decrypt_len = RSA_private_decrypt(PACKET_remaining(&enc_premaster), - PACKET_data(&enc_premaster), - rsa_decrypt, rsa, RSA_NO_PADDING); - if (decrypt_len < 0) + /* TODO(size_t): Convert this function */ + decrypt_len = (int)RSA_private_decrypt((int)PACKET_remaining(&enc_premaster), + PACKET_data(&enc_premaster), + rsa_decrypt, rsa, RSA_NO_PADDING); + if (decrypt_len < 0) { + SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_F_TLS_PROCESS_CKE_RSA, + ERR_R_INTERNAL_ERROR); goto err; + } /* Check the padding. See RFC 3447, section 7.2.2. */ @@ -2214,8 +3045,8 @@ static int tls_process_cke_rsa(SSL *s, PACKET *pkt, int *al) * PS is at least 8 bytes. */ if (decrypt_len < 11 + SSL_MAX_MASTER_KEY_LENGTH) { - *al = SSL_AD_DECRYPT_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CKE_RSA, SSL_R_DECRYPTION_FAILED); + SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_F_TLS_PROCESS_CKE_RSA, + SSL_R_DECRYPTION_FAILED); goto err; } @@ -2282,8 +3113,7 @@ static int tls_process_cke_rsa(SSL *s, PACKET *pkt, int *al) if (!ssl_generate_master_secret(s, rsa_decrypt + padding_len, sizeof(rand_premaster_secret), 0)) { - *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CKE_RSA, ERR_R_INTERNAL_ERROR); + /* SSLfatal() already called */ goto err; } @@ -2293,13 +3123,13 @@ static int tls_process_cke_rsa(SSL *s, PACKET *pkt, int *al) return ret; #else /* Should never happen */ - *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CKE_RSA, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_RSA, + ERR_R_INTERNAL_ERROR); return 0; #endif } -static int tls_process_cke_dhe(SSL *s, PACKET *pkt, int *al) +static int tls_process_cke_dhe(SSL *s, PACKET *pkt) { #ifndef OPENSSL_NO_DH EVP_PKEY *skey = NULL; @@ -2311,46 +3141,46 @@ static int tls_process_cke_dhe(SSL *s, PACKET *pkt, int *al) int ret = 0; if (!PACKET_get_net_2(pkt, &i) || PACKET_remaining(pkt) != i) { - *al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_TLS_PROCESS_CKE_DHE, + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_DHE, SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG); goto err; } skey = s->s3->tmp.pkey; if (skey == NULL) { - *al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_TLS_PROCESS_CKE_DHE, SSL_R_MISSING_TMP_DH_KEY); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_DHE, + SSL_R_MISSING_TMP_DH_KEY); goto err; } if (PACKET_remaining(pkt) == 0L) { - *al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_TLS_PROCESS_CKE_DHE, SSL_R_MISSING_TMP_DH_KEY); + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_DHE, + SSL_R_MISSING_TMP_DH_KEY); goto err; } if (!PACKET_get_bytes(pkt, &data, i)) { /* We already checked we have enough data */ - *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CKE_DHE, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_DHE, + ERR_R_INTERNAL_ERROR); goto err; } ckey = EVP_PKEY_new(); if (ckey == NULL || EVP_PKEY_copy_parameters(ckey, skey) == 0) { - SSLerr(SSL_F_TLS_PROCESS_CKE_DHE, SSL_R_BN_LIB); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_DHE, + SSL_R_BN_LIB); goto err; } cdh = EVP_PKEY_get0_DH(ckey); pub_key = BN_bin2bn(data, i, NULL); if (pub_key == NULL || cdh == NULL || !DH_set0_key(cdh, pub_key, NULL)) { - SSLerr(SSL_F_TLS_PROCESS_CKE_DHE, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_DHE, + ERR_R_INTERNAL_ERROR); BN_free(pub_key); goto err; } - if (ssl_derive(s, skey, ckey) == 0) { - *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CKE_DHE, ERR_R_INTERNAL_ERROR); + if (ssl_derive(s, skey, ckey, 1) == 0) { + /* SSLfatal() already called */ goto err; } @@ -2362,13 +3192,13 @@ static int tls_process_cke_dhe(SSL *s, PACKET *pkt, int *al) return ret; #else /* Should never happen */ - *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CKE_DHE, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_DHE, + ERR_R_INTERNAL_ERROR); return 0; #endif } -static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt, int *al) +static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt) { #ifndef OPENSSL_NO_EC EVP_PKEY *skey = s->s3->tmp.pkey; @@ -2377,8 +3207,8 @@ static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt, int *al) if (PACKET_remaining(pkt) == 0L) { /* We don't support ECDH client auth */ - *al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_TLS_PROCESS_CKE_ECDHE, SSL_R_MISSING_TMP_ECDH_KEY); + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_CKE_ECDHE, + SSL_R_MISSING_TMP_ECDH_KEY); goto err; } else { unsigned int i; @@ -2392,25 +3222,31 @@ static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt, int *al) /* Get encoded point length */ if (!PACKET_get_1(pkt, &i) || !PACKET_get_bytes(pkt, &data, i) || PACKET_remaining(pkt) != 0) { - *al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CKE_ECDHE, SSL_R_LENGTH_MISMATCH); + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE, + SSL_R_LENGTH_MISMATCH); goto err; } + if (skey == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE, + SSL_R_MISSING_TMP_ECDH_KEY); + goto err; + } + ckey = EVP_PKEY_new(); if (ckey == NULL || EVP_PKEY_copy_parameters(ckey, skey) <= 0) { - SSLerr(SSL_F_TLS_PROCESS_CKE_ECDHE, ERR_R_EVP_LIB); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE, + ERR_R_EVP_LIB); goto err; } if (EVP_PKEY_set1_tls_encodedpoint(ckey, data, i) == 0) { - *al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_TLS_PROCESS_CKE_ECDHE, ERR_R_EC_LIB); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE, + ERR_R_EC_LIB); goto err; } } - if (ssl_derive(s, skey, ckey) == 0) { - *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CKE_ECDHE, ERR_R_INTERNAL_ERROR); + if (ssl_derive(s, skey, ckey, 1) == 0) { + /* SSLfatal() already called */ goto err; } @@ -2423,13 +3259,13 @@ static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt, int *al) return ret; #else /* Should never happen */ - *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CKE_ECDHE, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE, + ERR_R_INTERNAL_ERROR); return 0; #endif } -static int tls_process_cke_srp(SSL *s, PACKET *pkt, int *al) +static int tls_process_cke_srp(SSL *s, PACKET *pkt) { #ifndef OPENSSL_NO_SRP unsigned int i; @@ -2437,41 +3273,43 @@ static int tls_process_cke_srp(SSL *s, PACKET *pkt, int *al) if (!PACKET_get_net_2(pkt, &i) || !PACKET_get_bytes(pkt, &data, i)) { - *al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CKE_SRP, SSL_R_BAD_SRP_A_LENGTH); + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_SRP, + SSL_R_BAD_SRP_A_LENGTH); return 0; } if ((s->srp_ctx.A = BN_bin2bn(data, i, NULL)) == NULL) { - SSLerr(SSL_F_TLS_PROCESS_CKE_SRP, ERR_R_BN_LIB); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_SRP, + ERR_R_BN_LIB); return 0; } if (BN_ucmp(s->srp_ctx.A, s->srp_ctx.N) >= 0 || BN_is_zero(s->srp_ctx.A)) { - *al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_TLS_PROCESS_CKE_SRP, SSL_R_BAD_SRP_PARAMETERS); + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_CKE_SRP, + SSL_R_BAD_SRP_PARAMETERS); return 0; } OPENSSL_free(s->session->srp_username); s->session->srp_username = OPENSSL_strdup(s->srp_ctx.login); if (s->session->srp_username == NULL) { - SSLerr(SSL_F_TLS_PROCESS_CKE_SRP, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_SRP, + ERR_R_MALLOC_FAILURE); return 0; } if (!srp_generate_server_master_secret(s)) { - SSLerr(SSL_F_TLS_PROCESS_CKE_SRP, ERR_R_INTERNAL_ERROR); + /* SSLfatal() already called */ return 0; } return 1; #else /* Should never happen */ - *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CKE_SRP, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_SRP, + ERR_R_INTERNAL_ERROR); return 0; #endif } -static int tls_process_cke_gost(SSL *s, PACKET *pkt, int *al) +static int tls_process_cke_gost(SSL *s, PACKET *pkt) { #ifndef OPENSSL_NO_GOST EVP_PKEY_CTX *pkey_ctx; @@ -2480,11 +3318,9 @@ static int tls_process_cke_gost(SSL *s, PACKET *pkt, int *al) const unsigned char *start; size_t outlen = 32, inlen; unsigned long alg_a; - int Ttag, Tclass; - long Tlen; - long sess_key_len; - const unsigned char *data; + unsigned int asn1id, asn1len; int ret = 0; + PACKET encdata; /* Get our certificate private key */ alg_a = s->s3->tmp.new_cipher->algorithm_auth; @@ -2505,13 +3341,13 @@ static int tls_process_cke_gost(SSL *s, PACKET *pkt, int *al) pkey_ctx = EVP_PKEY_CTX_new(pk, NULL); if (pkey_ctx == NULL) { - *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CKE_GOST, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST, + ERR_R_MALLOC_FAILURE); return 0; } if (EVP_PKEY_decrypt_init(pkey_ctx) <= 0) { - *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CKE_GOST, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST, + ERR_R_INTERNAL_ERROR); return 0; } /* @@ -2526,37 +3362,57 @@ static int tls_process_cke_gost(SSL *s, PACKET *pkt, int *al) ERR_clear_error(); } /* Decrypt session key */ - sess_key_len = PACKET_remaining(pkt); - if (!PACKET_get_bytes(pkt, &data, sess_key_len)) { - *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CKE_GOST, ERR_R_INTERNAL_ERROR); + if (!PACKET_get_1(pkt, &asn1id) + || asn1id != (V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED) + || !PACKET_peek_1(pkt, &asn1len)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_GOST, + SSL_R_DECRYPTION_FAILED); goto err; } - if (ASN1_get_object((const unsigned char **)&data, &Tlen, &Ttag, - &Tclass, sess_key_len) != V_ASN1_CONSTRUCTED - || Ttag != V_ASN1_SEQUENCE || Tclass != V_ASN1_UNIVERSAL) { - *al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CKE_GOST, SSL_R_DECRYPTION_FAILED); + if (asn1len == 0x81) { + /* + * Long form length. Should only be one byte of length. Anything else + * isn't supported. + * We did a successful peek before so this shouldn't fail + */ + if (!PACKET_forward(pkt, 1)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST, + SSL_R_DECRYPTION_FAILED); + goto err; + } + } else if (asn1len >= 0x80) { + /* + * Indefinite length, or more than one long form length bytes. We don't + * support it + */ + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_GOST, + SSL_R_DECRYPTION_FAILED); + goto err; + } /* else short form length */ + + if (!PACKET_as_length_prefixed_1(pkt, &encdata)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_GOST, + SSL_R_DECRYPTION_FAILED); goto err; } - start = data; - inlen = Tlen; - if (EVP_PKEY_decrypt - (pkey_ctx, premaster_secret, &outlen, start, inlen) <= 0) { - *al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CKE_GOST, SSL_R_DECRYPTION_FAILED); + inlen = PACKET_remaining(&encdata); + start = PACKET_data(&encdata); + + if (EVP_PKEY_decrypt(pkey_ctx, premaster_secret, &outlen, start, + inlen) <= 0) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_GOST, + SSL_R_DECRYPTION_FAILED); goto err; } /* Generate master secret */ if (!ssl_generate_master_secret(s, premaster_secret, sizeof(premaster_secret), 0)) { - *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CKE_GOST, ERR_R_INTERNAL_ERROR); + /* SSLfatal() already called */ goto err; } /* Check if pubkey from client certificate was used */ - if (EVP_PKEY_CTX_ctrl - (pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0) + if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, + NULL) > 0) s->statem.no_cert_verify = 1; ret = 1; @@ -2565,68 +3421,75 @@ static int tls_process_cke_gost(SSL *s, PACKET *pkt, int *al) return ret; #else /* Should never happen */ - *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CKE_GOST, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST, + ERR_R_INTERNAL_ERROR); return 0; #endif } MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) { - int al = -1; unsigned long alg_k; alg_k = s->s3->tmp.new_cipher->algorithm_mkey; /* For PSK parse and retrieve identity, obtain PSK key */ - if ((alg_k & SSL_PSK) && !tls_process_cke_psk_preamble(s, pkt, &al)) + if ((alg_k & SSL_PSK) && !tls_process_cke_psk_preamble(s, pkt)) { + /* SSLfatal() already called */ goto err; + } if (alg_k & SSL_kPSK) { /* Identity extracted earlier: should be nothing left */ if (PACKET_remaining(pkt) != 0) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, - SSL_R_LENGTH_MISMATCH); + SSLfatal(s, SSL_AD_DECODE_ERROR, + SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, + SSL_R_LENGTH_MISMATCH); goto err; } /* PSK handled by ssl_generate_master_secret */ if (!ssl_generate_master_secret(s, NULL, 0, 0)) { - al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); + /* SSLfatal() already called */ goto err; } } else if (alg_k & (SSL_kRSA | SSL_kRSAPSK)) { - if (!tls_process_cke_rsa(s, pkt, &al)) + if (!tls_process_cke_rsa(s, pkt)) { + /* SSLfatal() already called */ goto err; + } } else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) { - if (!tls_process_cke_dhe(s, pkt, &al)) + if (!tls_process_cke_dhe(s, pkt)) { + /* SSLfatal() already called */ goto err; + } } else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) { - if (!tls_process_cke_ecdhe(s, pkt, &al)) + if (!tls_process_cke_ecdhe(s, pkt)) { + /* SSLfatal() already called */ goto err; + } } else if (alg_k & SSL_kSRP) { - if (!tls_process_cke_srp(s, pkt, &al)) + if (!tls_process_cke_srp(s, pkt)) { + /* SSLfatal() already called */ goto err; + } } else if (alg_k & SSL_kGOST) { - if (!tls_process_cke_gost(s, pkt, &al)) + if (!tls_process_cke_gost(s, pkt)) { + /* SSLfatal() already called */ goto err; + } } else { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, - SSL_R_UNKNOWN_CIPHER_TYPE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, + SSL_R_UNKNOWN_CIPHER_TYPE); goto err; } return MSG_PROCESS_CONTINUE_PROCESSING; err: - if (al != -1) - ssl3_send_alert(s, SSL3_AL_FATAL, al); #ifndef OPENSSL_NO_PSK OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen); s->s3->tmp.psk = NULL; #endif - ossl_statem_set_error(s); return MSG_PROCESS_ERROR; } @@ -2648,8 +3511,10 @@ WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst) sizeof(sctpauthkey), labelbuffer, sizeof(labelbuffer), NULL, 0, 0) <= 0) { - ossl_statem_set_error(s); - return WORK_ERROR;; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + return WORK_ERROR; } BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, @@ -2664,15 +3529,15 @@ WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst) * the handshake_buffer */ if (!ssl3_digest_cached_records(s, 0)) { - ossl_statem_set_error(s); + /* SSLfatal() already called */ return WORK_ERROR; } return WORK_FINISHED_CONTINUE; } else { if (!s->s3->handshake_buffer) { - SSLerr(SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); - ossl_statem_set_error(s); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); return WORK_ERROR; } /* @@ -2680,7 +3545,7 @@ WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst) * extms we've done this already so this is a no-op */ if (!ssl3_digest_cached_records(s, 1)) { - ossl_statem_set_error(s); + /* SSLfatal() already called */ return WORK_ERROR; } } @@ -2688,216 +3553,97 @@ WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst) return WORK_FINISHED_CONTINUE; } -MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) -{ - EVP_PKEY *pkey = NULL; - const unsigned char *sig, *data; -#ifndef OPENSSL_NO_GOST - unsigned char *gost_data = NULL; -#endif - int al, ret = MSG_PROCESS_ERROR; - int type = 0, j; - unsigned int len; - X509 *peer; - const EVP_MD *md = NULL; - long hdatalen = 0; - void *hdata; - - EVP_MD_CTX *mctx = EVP_MD_CTX_new(); - - if (mctx == NULL) { - SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_MALLOC_FAILURE); - al = SSL_AD_INTERNAL_ERROR; - goto f_err; - } - - peer = s->session->peer; - pkey = X509_get0_pubkey(peer); - if (pkey == NULL) { - al = SSL_AD_INTERNAL_ERROR; - goto f_err; - } - - type = X509_certificate_type(peer, pkey); - - if (!(type & EVP_PKT_SIGN)) { - SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, - SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE); - al = SSL_AD_ILLEGAL_PARAMETER; - goto f_err; - } - - if (SSL_USE_SIGALGS(s)) { - int rv; - - if (!PACKET_get_bytes(pkt, &sig, 2)) { - al = SSL_AD_DECODE_ERROR; - goto f_err; - } - rv = tls12_check_peer_sigalg(&md, s, sig, pkey); - if (rv == -1) { - al = SSL_AD_INTERNAL_ERROR; - goto f_err; - } else if (rv == 0) { - al = SSL_AD_DECODE_ERROR; - goto f_err; - } -#ifdef SSL_DEBUG - fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md)); -#endif - } else { - /* Use default digest for this key type */ - int idx = ssl_cert_type(NULL, pkey); - if (idx >= 0) - md = s->s3->tmp.md[idx]; - if (md == NULL) { - al = SSL_AD_INTERNAL_ERROR; - goto f_err; - } - } - - /* Check for broken implementations of GOST ciphersuites */ - /* - * If key is GOST and len is exactly 64 or 128, it is signature without - * length field (CryptoPro implementations at least till TLS 1.2) - */ -#ifndef OPENSSL_NO_GOST - if (!SSL_USE_SIGALGS(s) - && ((PACKET_remaining(pkt) == 64 - && (EVP_PKEY_id(pkey) == NID_id_GostR3410_2001 - || EVP_PKEY_id(pkey) == NID_id_GostR3410_2012_256)) - || (PACKET_remaining(pkt) == 128 - && EVP_PKEY_id(pkey) == NID_id_GostR3410_2012_512))) { - len = PACKET_remaining(pkt); - } else -#endif - if (!PACKET_get_net_2(pkt, &len)) { - SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, SSL_R_LENGTH_MISMATCH); - al = SSL_AD_DECODE_ERROR; - goto f_err; - } - - j = EVP_PKEY_size(pkey); - if (((int)len > j) || ((int)PACKET_remaining(pkt) > j) - || (PACKET_remaining(pkt) == 0)) { - SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, SSL_R_WRONG_SIGNATURE_SIZE); - al = SSL_AD_DECODE_ERROR; - goto f_err; - } - if (!PACKET_get_bytes(pkt, &data, len)) { - SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, SSL_R_LENGTH_MISMATCH); - al = SSL_AD_DECODE_ERROR; - goto f_err; - } - - hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); - if (hdatalen <= 0) { - SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_INTERNAL_ERROR); - al = SSL_AD_INTERNAL_ERROR; - goto f_err; - } -#ifdef SSL_DEBUG - fprintf(stderr, "Using client verify alg %s\n", EVP_MD_name(md)); -#endif - if (!EVP_VerifyInit_ex(mctx, md, NULL) - || !EVP_VerifyUpdate(mctx, hdata, hdatalen)) { - SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_EVP_LIB); - al = SSL_AD_INTERNAL_ERROR; - goto f_err; - } -#ifndef OPENSSL_NO_GOST - { - int pktype = EVP_PKEY_id(pkey); - if (pktype == NID_id_GostR3410_2001 - || pktype == NID_id_GostR3410_2012_256 - || pktype == NID_id_GostR3410_2012_512) { - if ((gost_data = OPENSSL_malloc(len)) == NULL) { - SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_MALLOC_FAILURE); - al = SSL_AD_INTERNAL_ERROR; - goto f_err; - } - BUF_reverse(gost_data, data, len); - data = gost_data; - } - } -#endif - - if (s->version == SSL3_VERSION - && !EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET, - s->session->master_key_length, - s->session->master_key)) { - SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_EVP_LIB); - al = SSL_AD_INTERNAL_ERROR; - goto f_err; - } - - if (EVP_VerifyFinal(mctx, data, len, pkey) <= 0) { - al = SSL_AD_DECRYPT_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, SSL_R_BAD_SIGNATURE); - goto f_err; - } - - ret = MSG_PROCESS_CONTINUE_READING; - if (0) { - f_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - ossl_statem_set_error(s); - } - BIO_free(s->s3->handshake_buffer); - s->s3->handshake_buffer = NULL; - EVP_MD_CTX_free(mctx); -#ifndef OPENSSL_NO_GOST - OPENSSL_free(gost_data); -#endif - return ret; -} - MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt) { - int i, al = SSL_AD_INTERNAL_ERROR, ret = MSG_PROCESS_ERROR; + int i; + MSG_PROCESS_RETURN ret = MSG_PROCESS_ERROR; X509 *x = NULL; - unsigned long l, llen; + unsigned long l; const unsigned char *certstart, *certbytes; STACK_OF(X509) *sk = NULL; - PACKET spkt; + PACKET spkt, context; + size_t chainidx; + SSL_SESSION *new_sess = NULL; + + /* + * To get this far we must have read encrypted data from the client. We no + * longer tolerate unencrypted alerts. This value is ignored if less than + * TLSv1.3 + */ + s->statem.enc_read_state = ENC_READ_STATE_VALID; if ((sk = sk_X509_new_null()) == NULL) { - SSLerr(SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE); - goto f_err; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, + ERR_R_MALLOC_FAILURE); + goto err; + } + + if (SSL_IS_TLS13(s) && (!PACKET_get_length_prefixed_1(pkt, &context) + || (s->pha_context == NULL && PACKET_remaining(&context) != 0) + || (s->pha_context != NULL && + !PACKET_equal(&context, s->pha_context, s->pha_context_len)))) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, + SSL_R_INVALID_CONTEXT); + goto err; } - if (!PACKET_get_net_3(pkt, &llen) - || !PACKET_get_sub_packet(pkt, &spkt, llen) - || PACKET_remaining(pkt) != 0) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, SSL_R_LENGTH_MISMATCH); - goto f_err; + if (!PACKET_get_length_prefixed_3(pkt, &spkt) + || PACKET_remaining(pkt) != 0) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, + SSL_R_LENGTH_MISMATCH); + goto err; } - while (PACKET_remaining(&spkt) > 0) { + for (chainidx = 0; PACKET_remaining(&spkt) > 0; chainidx++) { if (!PACKET_get_net_3(&spkt, &l) || !PACKET_get_bytes(&spkt, &certbytes, l)) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, - SSL_R_CERT_LENGTH_MISMATCH); - goto f_err; + SSLfatal(s, SSL_AD_DECODE_ERROR, + SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, + SSL_R_CERT_LENGTH_MISMATCH); + goto err; } certstart = certbytes; x = d2i_X509(NULL, (const unsigned char **)&certbytes, l); if (x == NULL) { - SSLerr(SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, ERR_R_ASN1_LIB); - goto f_err; + SSLfatal(s, SSL_AD_DECODE_ERROR, + SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, ERR_R_ASN1_LIB); + goto err; } if (certbytes != (certstart + l)) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, - SSL_R_CERT_LENGTH_MISMATCH); - goto f_err; + SSLfatal(s, SSL_AD_DECODE_ERROR, + SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, + SSL_R_CERT_LENGTH_MISMATCH); + goto err; + } + + if (SSL_IS_TLS13(s)) { + RAW_EXTENSION *rawexts = NULL; + PACKET extensions; + + if (!PACKET_get_length_prefixed_2(&spkt, &extensions)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, + SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, + SSL_R_BAD_LENGTH); + goto err; + } + if (!tls_collect_extensions(s, &extensions, + SSL_EXT_TLS1_3_CERTIFICATE, &rawexts, + NULL, chainidx == 0) + || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_CERTIFICATE, + rawexts, x, chainidx, + PACKET_remaining(&spkt) == 0)) { + OPENSSL_free(rawexts); + goto err; + } + OPENSSL_free(rawexts); } + if (!sk_X509_push(sk, x)) { - SSLerr(SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE); - goto f_err; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, + ERR_R_MALLOC_FAILURE); + goto err; } x = NULL; } @@ -2905,44 +3651,65 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt) if (sk_X509_num(sk) <= 0) { /* TLS does not mind 0 certs returned */ if (s->version == SSL3_VERSION) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, - SSL_R_NO_CERTIFICATES_RETURNED); - goto f_err; + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, + SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, + SSL_R_NO_CERTIFICATES_RETURNED); + goto err; } /* Fail for TLS only if we required a certificate */ else if ((s->verify_mode & SSL_VERIFY_PEER) && (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) { - SSLerr(SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, - SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); - al = SSL_AD_HANDSHAKE_FAILURE; - goto f_err; + SSLfatal(s, SSL_AD_CERTIFICATE_REQUIRED, + SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, + SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); + goto err; } /* No client certificate so digest cached records */ if (s->s3->handshake_buffer && !ssl3_digest_cached_records(s, 0)) { - goto f_err; + /* SSLfatal() already called */ + goto err; } } else { EVP_PKEY *pkey; i = ssl_verify_cert_chain(s, sk); if (i <= 0) { - al = ssl_verify_alarm_type(s->verify_result); - SSLerr(SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, - SSL_R_CERTIFICATE_VERIFY_FAILED); - goto f_err; + SSLfatal(s, ssl_x509err2alert(s->verify_result), + SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, + SSL_R_CERTIFICATE_VERIFY_FAILED); + goto err; } if (i > 1) { - SSLerr(SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, i); - al = SSL_AD_HANDSHAKE_FAILURE; - goto f_err; + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, + SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, i); + goto err; } pkey = X509_get0_pubkey(sk_X509_value(sk, 0)); if (pkey == NULL) { - al = SSL3_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, - SSL_R_UNKNOWN_CERTIFICATE_TYPE); - goto f_err; + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, + SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, + SSL_R_UNKNOWN_CERTIFICATE_TYPE); + goto err; + } + } + + /* + * Sessions must be immutable once they go into the session cache. Otherwise + * we can get multi-thread problems. Therefore we don't "update" sessions, + * we replace them with a duplicate. Here, we need to do this every time + * a new certificate is received via post-handshake authentication, as the + * session may have already gone into the session cache. + */ + + if (s->post_handshake_auth == SSL_PHA_REQUESTED) { + if ((new_sess = ssl_session_dup(s->session, 0)) == 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, + ERR_R_MALLOC_FAILURE); + goto err; } + + SSL_SESSION_free(s->session); + s->session = new_sess; } X509_free(s->session->peer); @@ -2951,57 +3718,122 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt) sk_X509_pop_free(s->session->peer_chain, X509_free); s->session->peer_chain = sk; + + /* + * Freeze the handshake buffer. For cert_verify_hash, + sizeof(s->cert_verify_hash), + &s->cert_verify_hash_len)) { + /* SSLfatal() already called */ + goto err; + } + + /* Resend session tickets */ + s->sent_tickets = 0; + } + ret = MSG_PROCESS_CONTINUE_READING; - goto done; - f_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - ossl_statem_set_error(s); - done: + err: X509_free(x); sk_X509_pop_free(sk, X509_free); return ret; } -int tls_construct_server_certificate(SSL *s) +int tls_construct_server_certificate(SSL *s, WPACKET *pkt) { - CERT_PKEY *cpk; + CERT_PKEY *cpk = s->s3->tmp.cert; - cpk = ssl_get_server_send_pkey(s); if (cpk == NULL) { - SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR); - ossl_statem_set_error(s); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR); return 0; } - if (!ssl3_output_cert_chain(s, cpk)) { - SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR); - ossl_statem_set_error(s); + /* + * In TLSv1.3 the certificate chain is always preceded by a 0 length context + * for the server Certificate message + */ + if (SSL_IS_TLS13(s) && !WPACKET_put_bytes_u8(pkt, 0)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR); + return 0; + } + if (!ssl3_output_cert_chain(s, pkt, cpk)) { + /* SSLfatal() already called */ + return 0; + } + + return 1; +} + +static int create_ticket_prequel(SSL *s, WPACKET *pkt, uint32_t age_add, + unsigned char *tick_nonce) +{ + /* + * Ticket lifetime hint: For TLSv1.2 this is advisory only and we leave this + * unspecified for resumed session (for simplicity). + * In TLSv1.3 we reset the "time" field above, and always specify the + * timeout. + */ + if (!WPACKET_put_bytes_u32(pkt, + (s->hit && !SSL_IS_TLS13(s)) + ? 0 : s->session->timeout)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CREATE_TICKET_PREQUEL, + ERR_R_INTERNAL_ERROR); + return 0; + } + + if (SSL_IS_TLS13(s)) { + if (!WPACKET_put_bytes_u32(pkt, age_add) + || !WPACKET_sub_memcpy_u8(pkt, tick_nonce, TICKET_NONCE_SIZE)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CREATE_TICKET_PREQUEL, + ERR_R_INTERNAL_ERROR); + return 0; + } + } + + /* Start the sub-packet for the actual ticket data */ + if (!WPACKET_start_sub_packet_u16(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CREATE_TICKET_PREQUEL, + ERR_R_INTERNAL_ERROR); return 0; } return 1; } -int tls_construct_new_session_ticket(SSL *s) +static int construct_stateless_ticket(SSL *s, WPACKET *pkt, uint32_t age_add, + unsigned char *tick_nonce) { unsigned char *senc = NULL; EVP_CIPHER_CTX *ctx = NULL; HMAC_CTX *hctx = NULL; - unsigned char *p, *macstart; + unsigned char *p, *encdata1, *encdata2, *macdata1, *macdata2; const unsigned char *const_p; - int len, slen_full, slen; + int len, slen_full, slen, lenfinal; SSL_SESSION *sess; unsigned int hlen; SSL_CTX *tctx = s->session_ctx; unsigned char iv[EVP_MAX_IV_LENGTH]; unsigned char key_name[TLSEXT_KEYNAME_LENGTH]; - int iv_len; + int iv_len, ok = 0; + size_t macoffset, macendoffset; /* get session encoding length */ slen_full = i2d_SSL_SESSION(s->session, NULL); @@ -3010,190 +3842,357 @@ int tls_construct_new_session_ticket(SSL *s) * long */ if (slen_full == 0 || slen_full > 0xFF00) { - ossl_statem_set_error(s); - return 0; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET, + ERR_R_INTERNAL_ERROR); + goto err; } senc = OPENSSL_malloc(slen_full); if (senc == NULL) { - ossl_statem_set_error(s); - return 0; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_CONSTRUCT_STATELESS_TICKET, ERR_R_MALLOC_FAILURE); + goto err; } ctx = EVP_CIPHER_CTX_new(); hctx = HMAC_CTX_new(); if (ctx == NULL || hctx == NULL) { - SSLerr(SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET, + ERR_R_MALLOC_FAILURE); goto err; } p = senc; - if (!i2d_SSL_SESSION(s->session, &p)) + if (!i2d_SSL_SESSION(s->session, &p)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET, + ERR_R_INTERNAL_ERROR); goto err; + } /* * create a fresh copy (not shared with other threads) to clean up */ const_p = senc; sess = d2i_SSL_SESSION(NULL, &const_p, slen_full); - if (sess == NULL) + if (sess == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET, + ERR_R_INTERNAL_ERROR); goto err; - sess->session_id_length = 0; /* ID is irrelevant for the ticket */ + } slen = i2d_SSL_SESSION(sess, NULL); - if (slen == 0 || slen > slen_full) { /* shouldn't ever happen */ + if (slen == 0 || slen > slen_full) { + /* shouldn't ever happen */ + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET, + ERR_R_INTERNAL_ERROR); SSL_SESSION_free(sess); goto err; } p = senc; if (!i2d_SSL_SESSION(sess, &p)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET, + ERR_R_INTERNAL_ERROR); SSL_SESSION_free(sess); goto err; } SSL_SESSION_free(sess); - /*- - * Grow buffer if need be: the length calculation is as - * follows handshake_header_length + - * 4 (ticket lifetime hint) + 2 (ticket length) + - * sizeof(keyname) + max_iv_len (iv length) + - * max_enc_block_size (max encrypted session * length) + - * max_md_size (HMAC) + session_length. - */ - if (!BUF_MEM_grow(s->init_buf, - SSL_HM_HEADER_LENGTH(s) + 6 + sizeof(key_name) + - EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH + - EVP_MAX_MD_SIZE + slen)) - goto err; - - p = ssl_handshake_start(s); /* * Initialize HMAC and cipher contexts. If callback present it does * all the work otherwise use generated values from parent ctx. */ - if (tctx->tlsext_ticket_key_cb) { + if (tctx->ext.ticket_key_cb) { /* if 0 is returned, write an empty ticket */ - int ret = tctx->tlsext_ticket_key_cb(s, key_name, iv, ctx, + int ret = tctx->ext.ticket_key_cb(s, key_name, iv, ctx, hctx, 1); if (ret == 0) { - l2n(0, p); /* timeout */ - s2n(0, p); /* length */ - if (!ssl_set_handshake_header - (s, SSL3_MT_NEWSESSION_TICKET, p - ssl_handshake_start(s))) + + /* Put timeout and length */ + if (!WPACKET_put_bytes_u32(pkt, 0) + || !WPACKET_put_bytes_u16(pkt, 0)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_CONSTRUCT_STATELESS_TICKET, + ERR_R_INTERNAL_ERROR); goto err; + } OPENSSL_free(senc); EVP_CIPHER_CTX_free(ctx); HMAC_CTX_free(hctx); return 1; } - if (ret < 0) + if (ret < 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET, + SSL_R_CALLBACK_FAILED); goto err; + } iv_len = EVP_CIPHER_CTX_iv_length(ctx); } else { const EVP_CIPHER *cipher = EVP_aes_256_cbc(); iv_len = EVP_CIPHER_iv_length(cipher); - if (RAND_bytes(iv, iv_len) <= 0) - goto err; - if (!EVP_EncryptInit_ex(ctx, cipher, NULL, - tctx->tlsext_tick_aes_key, iv)) + if (RAND_bytes(iv, iv_len) <= 0 + || !EVP_EncryptInit_ex(ctx, cipher, NULL, + tctx->ext.secure->tick_aes_key, iv) + || !HMAC_Init_ex(hctx, tctx->ext.secure->tick_hmac_key, + sizeof(tctx->ext.secure->tick_hmac_key), + EVP_sha256(), NULL)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET, + ERR_R_INTERNAL_ERROR); goto err; - if (!HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key, - sizeof(tctx->tlsext_tick_hmac_key), - EVP_sha256(), NULL)) - goto err; - memcpy(key_name, tctx->tlsext_tick_key_name, - sizeof(tctx->tlsext_tick_key_name)); + } + memcpy(key_name, tctx->ext.tick_key_name, + sizeof(tctx->ext.tick_key_name)); } - /* - * Ticket lifetime hint (advisory only): We leave this unspecified - * for resumed session (for simplicity), and guess that tickets for - * new sessions will live as long as their sessions. - */ - l2n(s->hit ? 0 : s->session->timeout, p); - - /* Skip ticket length for now */ - p += 2; - /* Output key name */ - macstart = p; - memcpy(p, key_name, sizeof(key_name)); - p += sizeof(key_name); - /* output IV */ - memcpy(p, iv, iv_len); - p += iv_len; - /* Encrypt session data */ - if (!EVP_EncryptUpdate(ctx, p, &len, senc, slen)) - goto err; - p += len; - if (!EVP_EncryptFinal(ctx, p, &len)) + if (!create_ticket_prequel(s, pkt, age_add, tick_nonce)) { + /* SSLfatal() already called */ goto err; - p += len; + } - if (!HMAC_Update(hctx, macstart, p - macstart)) - goto err; - if (!HMAC_Final(hctx, p, &hlen)) + if (!WPACKET_get_total_written(pkt, &macoffset) + /* Output key name */ + || !WPACKET_memcpy(pkt, key_name, sizeof(key_name)) + /* output IV */ + || !WPACKET_memcpy(pkt, iv, iv_len) + || !WPACKET_reserve_bytes(pkt, slen + EVP_MAX_BLOCK_LENGTH, + &encdata1) + /* Encrypt session data */ + || !EVP_EncryptUpdate(ctx, encdata1, &len, senc, slen) + || !WPACKET_allocate_bytes(pkt, len, &encdata2) + || encdata1 != encdata2 + || !EVP_EncryptFinal(ctx, encdata1 + len, &lenfinal) + || !WPACKET_allocate_bytes(pkt, lenfinal, &encdata2) + || encdata1 + len != encdata2 + || len + lenfinal > slen + EVP_MAX_BLOCK_LENGTH + || !WPACKET_get_total_written(pkt, &macendoffset) + || !HMAC_Update(hctx, + (unsigned char *)s->init_buf->data + macoffset, + macendoffset - macoffset) + || !WPACKET_reserve_bytes(pkt, EVP_MAX_MD_SIZE, &macdata1) + || !HMAC_Final(hctx, macdata1, &hlen) + || hlen > EVP_MAX_MD_SIZE + || !WPACKET_allocate_bytes(pkt, hlen, &macdata2) + || macdata1 != macdata2) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_CONSTRUCT_STATELESS_TICKET, ERR_R_INTERNAL_ERROR); goto err; + } - EVP_CIPHER_CTX_free(ctx); - HMAC_CTX_free(hctx); - ctx = NULL; - hctx = NULL; - - p += hlen; - /* Now write out lengths: p points to end of data written */ - /* Total length */ - len = p - ssl_handshake_start(s); - /* Skip ticket lifetime hint */ - p = ssl_handshake_start(s) + 4; - s2n(len - 6, p); - if (!ssl_set_handshake_header(s, SSL3_MT_NEWSESSION_TICKET, len)) + /* Close the sub-packet created by create_ticket_prequel() */ + if (!WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET, + ERR_R_INTERNAL_ERROR); goto err; - OPENSSL_free(senc); + } - return 1; + ok = 1; err: OPENSSL_free(senc); EVP_CIPHER_CTX_free(ctx); HMAC_CTX_free(hctx); - ossl_statem_set_error(s); - return 0; + return ok; } -int tls_construct_cert_status(SSL *s) +static int construct_stateful_ticket(SSL *s, WPACKET *pkt, uint32_t age_add, + unsigned char *tick_nonce) { - unsigned char *p; - size_t msglen; + if (!create_ticket_prequel(s, pkt, age_add, tick_nonce)) { + /* SSLfatal() already called */ + return 0; + } - /*- - * Grow buffer if need be: the length calculation is as - * follows handshake_header_length + - * 1 (ocsp response type) + 3 (ocsp response length) - * + (ocsp response) - */ - msglen = 4 + s->tlsext_ocsp_resplen; - if (!BUF_MEM_grow(s->init_buf, SSL_HM_HEADER_LENGTH(s) + msglen)) - goto err; + if (!WPACKET_memcpy(pkt, s->session->session_id, + s->session->session_id_length) + || !WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATEFUL_TICKET, + ERR_R_INTERNAL_ERROR); + return 0; + } + + return 1; +} + +int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) +{ + SSL_CTX *tctx = s->session_ctx; + unsigned char tick_nonce[TICKET_NONCE_SIZE]; + union { + unsigned char age_add_c[sizeof(uint32_t)]; + uint32_t age_add; + } age_add_u; + + age_add_u.age_add = 0; + + if (SSL_IS_TLS13(s)) { + size_t i, hashlen; + uint64_t nonce; + static const unsigned char nonce_label[] = "resumption"; + const EVP_MD *md = ssl_handshake_md(s); + void (*cb) (const SSL *ssl, int type, int val) = NULL; + int hashleni = EVP_MD_size(md); + + /* Ensure cast to size_t is safe */ + if (!ossl_assert(hashleni >= 0)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, + ERR_R_INTERNAL_ERROR); + goto err; + } + hashlen = (size_t)hashleni; + + if (s->info_callback != NULL) + cb = s->info_callback; + else if (s->ctx->info_callback != NULL) + cb = s->ctx->info_callback; + + if (cb != NULL) { + /* + * We don't start and stop the handshake in between each ticket when + * sending more than one - but it should appear that way to the info + * callback. + */ + if (s->sent_tickets != 0) { + ossl_statem_set_in_init(s, 0); + cb(s, SSL_CB_HANDSHAKE_DONE, 1); + ossl_statem_set_in_init(s, 1); + } + cb(s, SSL_CB_HANDSHAKE_START, 1); + } + /* + * If we already sent one NewSessionTicket, or we resumed then + * s->session may already be in a cache and so we must not modify it. + * Instead we need to take a copy of it and modify that. + */ + if (s->sent_tickets != 0 || s->hit) { + SSL_SESSION *new_sess = ssl_session_dup(s->session, 0); + + if (new_sess == NULL) { + /* SSLfatal already called */ + goto err; + } + + SSL_SESSION_free(s->session); + s->session = new_sess; + } + + if (!ssl_generate_session_id(s, s->session)) { + /* SSLfatal() already called */ + goto err; + } + if (RAND_bytes(age_add_u.age_add_c, sizeof(age_add_u)) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, + ERR_R_INTERNAL_ERROR); + goto err; + } + s->session->ext.tick_age_add = age_add_u.age_add; - p = ssl_handshake_start(s); + nonce = s->next_ticket_nonce; + for (i = TICKET_NONCE_SIZE; i > 0; i--) { + tick_nonce[i - 1] = (unsigned char)(nonce & 0xff); + nonce >>= 8; + } - /* status type */ - *(p++) = s->tlsext_status_type; - /* length of OCSP response */ - l2n3(s->tlsext_ocsp_resplen, p); - /* actual response */ - memcpy(p, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen); + if (!tls13_hkdf_expand(s, md, s->resumption_master_secret, + nonce_label, + sizeof(nonce_label) - 1, + tick_nonce, + TICKET_NONCE_SIZE, + s->session->master_key, + hashlen)) { + /* SSLfatal() already called */ + goto err; + } + s->session->master_key_length = hashlen; + + s->session->time = (long)time(NULL); + if (s->s3->alpn_selected != NULL) { + OPENSSL_free(s->session->ext.alpn_selected); + s->session->ext.alpn_selected = + OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len); + if (s->session->ext.alpn_selected == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, + ERR_R_MALLOC_FAILURE); + goto err; + } + s->session->ext.alpn_selected_len = s->s3->alpn_selected_len; + } + s->session->ext.max_early_data = s->max_early_data; + } - if (!ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE_STATUS, msglen)) + if (tctx->generate_ticket_cb != NULL && + tctx->generate_ticket_cb(s, tctx->ticket_cb_data) == 0) goto err; - return 1; + /* + * If we are using anti-replay protection then we behave as if + * SSL_OP_NO_TICKET is set - we are caching tickets anyway so there + * is no point in using full stateless tickets. + */ + if (SSL_IS_TLS13(s) + && ((s->options & SSL_OP_NO_TICKET) != 0 + || (s->max_early_data > 0 + && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0))) { + if (!construct_stateful_ticket(s, pkt, age_add_u.age_add, tick_nonce)) { + /* SSLfatal() already called */ + goto err; + } + } else if (!construct_stateless_ticket(s, pkt, age_add_u.age_add, + tick_nonce)) { + /* SSLfatal() already called */ + goto err; + } + + if (SSL_IS_TLS13(s)) { + if (!tls_construct_extensions(s, pkt, + SSL_EXT_TLS1_3_NEW_SESSION_TICKET, + NULL, 0)) { + /* SSLfatal() already called */ + goto err; + } + /* + * Increment both |sent_tickets| and |next_ticket_nonce|. |sent_tickets| + * gets reset to 0 if we send more tickets following a post-handshake + * auth, but |next_ticket_nonce| does not. + */ + s->sent_tickets++; + s->next_ticket_nonce++; + ssl_update_cache(s, SSL_SESS_CACHE_SERVER); + } + return 1; err: - ossl_statem_set_error(s); return 0; } +/* + * In TLSv1.3 this is called from the extensions code, otherwise it is used to + * create a separate message. Returns 1 on success or 0 on failure. + */ +int tls_construct_cert_status_body(SSL *s, WPACKET *pkt) +{ + if (!WPACKET_put_bytes_u8(pkt, s->ext.status_type) + || !WPACKET_sub_memcpy_u24(pkt, s->ext.ocsp.resp, + s->ext.ocsp.resp_len)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_STATUS_BODY, + ERR_R_INTERNAL_ERROR); + return 0; + } + + return 1; +} + +int tls_construct_cert_status(SSL *s, WPACKET *pkt) +{ + if (!tls_construct_cert_status_body(s, pkt)) { + /* SSLfatal() already called */ + return 0; + } + + return 1; +} + #ifndef OPENSSL_NO_NEXTPROTONEG /* * tls_process_next_proto reads a Next Protocol Negotiation handshake message. @@ -3214,163 +4213,67 @@ MSG_PROCESS_RETURN tls_process_next_proto(SSL *s, PACKET *pkt) if (!PACKET_get_length_prefixed_1(pkt, &next_proto) || !PACKET_get_length_prefixed_1(pkt, &padding) || PACKET_remaining(pkt) > 0) { - SSLerr(SSL_F_TLS_PROCESS_NEXT_PROTO, SSL_R_LENGTH_MISMATCH); - goto err; + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_NEXT_PROTO, + SSL_R_LENGTH_MISMATCH); + return MSG_PROCESS_ERROR; } - if (!PACKET_memdup(&next_proto, &s->next_proto_negotiated, &next_proto_len)) { - s->next_proto_negotiated_len = 0; - goto err; + if (!PACKET_memdup(&next_proto, &s->ext.npn, &next_proto_len)) { + s->ext.npn_len = 0; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_NEXT_PROTO, + ERR_R_INTERNAL_ERROR); + return MSG_PROCESS_ERROR; } - s->next_proto_negotiated_len = (unsigned char)next_proto_len; + s->ext.npn_len = (unsigned char)next_proto_len; return MSG_PROCESS_CONTINUE_READING; - err: - ossl_statem_set_error(s); - return MSG_PROCESS_ERROR; } #endif -#define SSLV2_CIPHER_LEN 3 - -STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, - PACKET *cipher_suites, - STACK_OF(SSL_CIPHER) **skp, - int sslv2format, int *al) +static int tls_construct_encrypted_extensions(SSL *s, WPACKET *pkt) { - const SSL_CIPHER *c; - STACK_OF(SSL_CIPHER) *sk; - int n; - /* 3 = SSLV2_CIPHER_LEN > TLS_CIPHER_LEN = 2. */ - unsigned char cipher[SSLV2_CIPHER_LEN]; - - s->s3->send_connection_binding = 0; - - n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN; - - if (PACKET_remaining(cipher_suites) == 0) { - SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, SSL_R_NO_CIPHERS_SPECIFIED); - *al = SSL_AD_ILLEGAL_PARAMETER; - return NULL; + if (!tls_construct_extensions(s, pkt, SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, + NULL, 0)) { + /* SSLfatal() already called */ + return 0; } - if (PACKET_remaining(cipher_suites) % n != 0) { - SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, - SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); - *al = SSL_AD_DECODE_ERROR; - return NULL; - } + return 1; +} - sk = sk_SSL_CIPHER_new_null(); - if (sk == NULL) { - SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); - *al = SSL_AD_INTERNAL_ERROR; - return NULL; +MSG_PROCESS_RETURN tls_process_end_of_early_data(SSL *s, PACKET *pkt) +{ + if (PACKET_remaining(pkt) != 0) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_END_OF_EARLY_DATA, + SSL_R_LENGTH_MISMATCH); + return MSG_PROCESS_ERROR; } - if (sslv2format) { - size_t numciphers = PACKET_remaining(cipher_suites) / n; - PACKET sslv2ciphers = *cipher_suites; - unsigned int leadbyte; - unsigned char *raw; - - /* - * We store the raw ciphers list in SSLv3+ format so we need to do some - * preprocessing to convert the list first. If there are any SSLv2 only - * ciphersuites with a non-zero leading byte then we are going to - * slightly over allocate because we won't store those. But that isn't a - * problem. - */ - raw = OPENSSL_malloc(numciphers * TLS_CIPHER_LEN); - s->s3->tmp.ciphers_raw = raw; - if (raw == NULL) { - *al = SSL_AD_INTERNAL_ERROR; - goto err; - } - for (s->s3->tmp.ciphers_rawlen = 0; - PACKET_remaining(&sslv2ciphers) > 0; - raw += TLS_CIPHER_LEN) { - if (!PACKET_get_1(&sslv2ciphers, &leadbyte) - || (leadbyte == 0 - && !PACKET_copy_bytes(&sslv2ciphers, raw, - TLS_CIPHER_LEN)) - || (leadbyte != 0 - && !PACKET_forward(&sslv2ciphers, TLS_CIPHER_LEN))) { - *al = SSL_AD_INTERNAL_ERROR; - OPENSSL_free(s->s3->tmp.ciphers_raw); - s->s3->tmp.ciphers_raw = NULL; - s->s3->tmp.ciphers_rawlen = 0; - goto err; - } - if (leadbyte == 0) - s->s3->tmp.ciphers_rawlen += TLS_CIPHER_LEN; - } - } else if (!PACKET_memdup(cipher_suites, &s->s3->tmp.ciphers_raw, - &s->s3->tmp.ciphers_rawlen)) { - *al = SSL_AD_INTERNAL_ERROR; - goto err; + if (s->early_data_state != SSL_EARLY_DATA_READING + && s->early_data_state != SSL_EARLY_DATA_READ_RETRY) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_END_OF_EARLY_DATA, + ERR_R_INTERNAL_ERROR); + return MSG_PROCESS_ERROR; } - while (PACKET_copy_bytes(cipher_suites, cipher, n)) { - /* - * SSLv3 ciphers wrapped in an SSLv2-compatible ClientHello have the - * first byte set to zero, while true SSLv2 ciphers have a non-zero - * first byte. We don't support any true SSLv2 ciphers, so skip them. - */ - if (sslv2format && cipher[0] != '\0') - continue; - - /* Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV */ - if ((cipher[n - 2] == ((SSL3_CK_SCSV >> 8) & 0xff)) && - (cipher[n - 1] == (SSL3_CK_SCSV & 0xff))) { - /* SCSV fatal if renegotiating */ - if (s->renegotiate) { - SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, - SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); - *al = SSL_AD_HANDSHAKE_FAILURE; - goto err; - } - s->s3->send_connection_binding = 1; - continue; - } - - /* Check for TLS_FALLBACK_SCSV */ - if ((cipher[n - 2] == ((SSL3_CK_FALLBACK_SCSV >> 8) & 0xff)) && - (cipher[n - 1] == (SSL3_CK_FALLBACK_SCSV & 0xff))) { - /* - * The SCSV indicates that the client previously tried a higher - * version. Fail if the current version is an unexpected - * downgrade. - */ - if (!ssl_check_version_downgrade(s)) { - SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, - SSL_R_INAPPROPRIATE_FALLBACK); - *al = SSL_AD_INAPPROPRIATE_FALLBACK; - goto err; - } - continue; - } - - /* For SSLv2-compat, ignore leading 0-byte. */ - c = ssl_get_cipher_by_char(s, sslv2format ? &cipher[1] : cipher); - if (c != NULL) { - if (!sk_SSL_CIPHER_push(sk, c)) { - SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); - *al = SSL_AD_INTERNAL_ERROR; - goto err; - } - } + /* + * EndOfEarlyData signals a key change so the end of the message must be on + * a record boundary. + */ + if (RECORD_LAYER_processed_read_pending(&s->rlayer)) { + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, + SSL_F_TLS_PROCESS_END_OF_EARLY_DATA, + SSL_R_NOT_ON_RECORD_BOUNDARY); + return MSG_PROCESS_ERROR; } - if (PACKET_remaining(cipher_suites) > 0) { - *al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_INTERNAL_ERROR); - goto err; + + s->early_data_state = SSL_EARLY_DATA_FINISHED_READING; + if (!s->method->ssl3_enc->change_cipher_state(s, + SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_SERVER_READ)) { + /* SSLfatal() already called */ + return MSG_PROCESS_ERROR; } - *skp = sk; - return sk; - err: - sk_SSL_CIPHER_free(sk); - return NULL; + return MSG_PROCESS_CONTINUE_READING; } diff --git a/deps/openssl/openssl/ssl/t1_enc.c b/deps/openssl/openssl/ssl/t1_enc.c index 235c5e4bc8b2ce..2db913fb0687fd 100644 --- a/deps/openssl/openssl/ssl/t1_enc.c +++ b/deps/openssl/openssl/ssl/t1_enc.c @@ -1,5 +1,6 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005 Nokia. All rights reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,33 +8,6 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - #include #include "ssl_locl.h" #include @@ -43,44 +17,45 @@ /* seed1 through seed5 are concatenated */ static int tls1_PRF(SSL *s, - const void *seed1, int seed1_len, - const void *seed2, int seed2_len, - const void *seed3, int seed3_len, - const void *seed4, int seed4_len, - const void *seed5, int seed5_len, - const unsigned char *sec, int slen, - unsigned char *out, int olen) + const void *seed1, size_t seed1_len, + const void *seed2, size_t seed2_len, + const void *seed3, size_t seed3_len, + const void *seed4, size_t seed4_len, + const void *seed5, size_t seed5_len, + const unsigned char *sec, size_t slen, + unsigned char *out, size_t olen, int fatal) { const EVP_MD *md = ssl_prf_md(s); EVP_PKEY_CTX *pctx = NULL; - int ret = 0; - size_t outlen = olen; if (md == NULL) { /* Should never happen */ - SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR); + if (fatal) + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_PRF, + ERR_R_INTERNAL_ERROR); + else + SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR); return 0; } pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL); if (pctx == NULL || EVP_PKEY_derive_init(pctx) <= 0 || EVP_PKEY_CTX_set_tls1_prf_md(pctx, md) <= 0 - || EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, sec, slen) <= 0) - goto err; - - if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed1, seed1_len) <= 0) - goto err; - if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed2, seed2_len) <= 0) - goto err; - if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed3, seed3_len) <= 0) - goto err; - if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed4, seed4_len) <= 0) - goto err; - if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed5, seed5_len) <= 0) + || EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, sec, (int)slen) <= 0 + || EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed1, (int)seed1_len) <= 0 + || EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed2, (int)seed2_len) <= 0 + || EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed3, (int)seed3_len) <= 0 + || EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed4, (int)seed4_len) <= 0 + || EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed5, (int)seed5_len) <= 0 + || EVP_PKEY_derive(pctx, out, &olen) <= 0) { + if (fatal) + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_PRF, + ERR_R_INTERNAL_ERROR); + else + SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR); goto err; + } - if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) - goto err; ret = 1; err: @@ -88,15 +63,17 @@ static int tls1_PRF(SSL *s, return ret; } -static int tls1_generate_key_block(SSL *s, unsigned char *km, int num) +static int tls1_generate_key_block(SSL *s, unsigned char *km, size_t num) { int ret; + + /* Calls SSLfatal() as required */ ret = tls1_PRF(s, TLS_MD_KEY_EXPANSION_CONST, TLS_MD_KEY_EXPANSION_CONST_SIZE, s->s3->server_random, SSL3_RANDOM_SIZE, s->s3->client_random, SSL3_RANDOM_SIZE, NULL, 0, NULL, 0, s->session->master_key, - s->session->master_key_length, km, num); + s->session->master_key_length, km, num, 1); return ret; } @@ -116,10 +93,10 @@ int tls1_change_cipher_state(SSL *s, int which) #endif const EVP_MD *m; int mac_type; - int *mac_secret_size; + size_t *mac_secret_size; EVP_MD_CTX *mac_ctx; EVP_PKEY *mac_key; - int n, i, j, k, cl; + size_t n, i, j, k, cl; int reuse_dd = 0; c = s->s3->tmp.new_sym_enc; @@ -130,7 +107,7 @@ int tls1_change_cipher_state(SSL *s, int which) #endif if (which & SSL3_CC_READ) { - if (s->tlsext_use_etm) + if (s->ext.use_etm) s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC_READ; else s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC_READ; @@ -140,15 +117,18 @@ int tls1_change_cipher_state(SSL *s, int which) else s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM; - if (s->enc_read_ctx != NULL) + if (s->enc_read_ctx != NULL) { reuse_dd = 1; - else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL) + } else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE, + ERR_R_MALLOC_FAILURE); goto err; - else + } else { /* * make sure it's initialised in case we exit later with an error */ EVP_CIPHER_CTX_reset(s->enc_read_ctx); + } dd = s->enc_read_ctx; mac_ctx = ssl_replace_hash(&s->read_hash, NULL); if (mac_ctx == NULL) @@ -159,9 +139,10 @@ int tls1_change_cipher_state(SSL *s, int which) if (comp != NULL) { s->expand = COMP_CTX_new(comp->method); if (s->expand == NULL) { - SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, - SSL_R_COMPRESSION_LIBRARY_ERROR); - goto err2; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS1_CHANGE_CIPHER_STATE, + SSL_R_COMPRESSION_LIBRARY_ERROR); + goto err; } } #endif @@ -173,7 +154,8 @@ int tls1_change_cipher_state(SSL *s, int which) mac_secret = &(s->s3->read_mac_secret[0]); mac_secret_size = &(s->s3->read_mac_secret_size); } else { - if (s->tlsext_use_etm) + s->statem.enc_write_state = ENC_WRITE_STATE_INVALID; + if (s->ext.use_etm) s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE; else s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE; @@ -182,20 +164,31 @@ int tls1_change_cipher_state(SSL *s, int which) s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM; else s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM; - if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s)) + if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s)) { reuse_dd = 1; - else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) + } else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE, + ERR_R_MALLOC_FAILURE); goto err; + } dd = s->enc_write_ctx; if (SSL_IS_DTLS(s)) { mac_ctx = EVP_MD_CTX_new(); - if (mac_ctx == NULL) + if (mac_ctx == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS1_CHANGE_CIPHER_STATE, + ERR_R_MALLOC_FAILURE); goto err; + } s->write_hash = mac_ctx; } else { mac_ctx = ssl_replace_hash(&s->write_hash, NULL); - if (mac_ctx == NULL) + if (mac_ctx == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS1_CHANGE_CIPHER_STATE, + ERR_R_MALLOC_FAILURE); goto err; + } } #ifndef OPENSSL_NO_COMP COMP_CTX_free(s->compress); @@ -203,9 +196,10 @@ int tls1_change_cipher_state(SSL *s, int which) if (comp != NULL) { s->compress = COMP_CTX_new(comp->method); if (s->compress == NULL) { - SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, - SSL_R_COMPRESSION_LIBRARY_ERROR); - goto err2; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS1_CHANGE_CIPHER_STATE, + SSL_R_COMPRESSION_LIBRARY_ERROR); + goto err; } } #endif @@ -224,6 +218,7 @@ int tls1_change_cipher_state(SSL *s, int which) p = s->s3->tmp.key_block; i = *mac_secret_size = s->s3->tmp.new_mac_secret_size; + /* TODO(size_t): convert me */ cl = EVP_CIPHER_key_length(c); j = cl; /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */ @@ -253,27 +248,30 @@ int tls1_change_cipher_state(SSL *s, int which) } if (n > s->s3->tmp.key_block_length) { - SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); - goto err2; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE, + ERR_R_INTERNAL_ERROR); + goto err; } memcpy(mac_secret, ms, i); if (!(EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER)) { - mac_key = EVP_PKEY_new_mac_key(mac_type, NULL, - mac_secret, *mac_secret_size); + /* TODO(size_t): Convert this function */ + mac_key = EVP_PKEY_new_mac_key(mac_type, NULL, mac_secret, + (int)*mac_secret_size); if (mac_key == NULL || EVP_DigestSignInit(mac_ctx, NULL, m, NULL, mac_key) <= 0) { EVP_PKEY_free(mac_key); - SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); - goto err2; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE, + ERR_R_INTERNAL_ERROR); + goto err; } EVP_PKEY_free(mac_key); } #ifdef SSL_DEBUG printf("which = %04X\nmac key=", which); { - int z; + size_t z; for (z = 0; z < i; z++) printf("%02X%c", ms[z], ((z + 1) % 16) ? ' ' : '\n'); } @@ -281,38 +279,44 @@ int tls1_change_cipher_state(SSL *s, int which) if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) { if (!EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE)) - || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, k, iv)) { - SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); - goto err2; + || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, (int)k, + iv)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE, + ERR_R_INTERNAL_ERROR); + goto err; } } else if (EVP_CIPHER_mode(c) == EVP_CIPH_CCM_MODE) { int taglen; if (s->s3->tmp. new_cipher->algorithm_enc & (SSL_AES128CCM8 | SSL_AES256CCM8)) - taglen = 8; + taglen = EVP_CCM8_TLS_TAG_LEN; else - taglen = 16; + taglen = EVP_CCM_TLS_TAG_LEN; if (!EVP_CipherInit_ex(dd, c, NULL, NULL, NULL, (which & SSL3_CC_WRITE)) || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_IVLEN, 12, NULL) || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_TAG, taglen, NULL) - || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_CCM_SET_IV_FIXED, k, iv) + || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_CCM_SET_IV_FIXED, (int)k, iv) || !EVP_CipherInit_ex(dd, NULL, NULL, key, NULL, -1)) { - SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); - goto err2; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE, + ERR_R_INTERNAL_ERROR); + goto err; } } else { if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE))) { - SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); - goto err2; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE, + ERR_R_INTERNAL_ERROR); + goto err; } } /* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */ if ((EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER) && *mac_secret_size && !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY, - *mac_secret_size, mac_secret)) { - SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); - goto err2; + (int)*mac_secret_size, mac_secret)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE, + ERR_R_INTERNAL_ERROR); + goto err; } + s->statem.enc_write_state = ENC_WRITE_STATE_VALID; #ifdef SSL_DEBUG printf("which = %04X\nkey=", which); @@ -323,7 +327,7 @@ int tls1_change_cipher_state(SSL *s, int which) } printf("\niv="); { - int z; + size_t z; for (z = 0; z < k; z++) printf("%02X%c", iv[z], ((z + 1) % 16) ? ' ' : '\n'); } @@ -334,15 +338,13 @@ int tls1_change_cipher_state(SSL *s, int which) OPENSSL_cleanse(tmp2, sizeof(tmp1)); OPENSSL_cleanse(iv1, sizeof(iv1)); OPENSSL_cleanse(iv2, sizeof(iv2)); - return (1); + return 1; err: - SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE); - err2: OPENSSL_cleanse(tmp1, sizeof(tmp1)); OPENSSL_cleanse(tmp2, sizeof(tmp1)); OPENSSL_cleanse(iv1, sizeof(iv1)); OPENSSL_cleanse(iv2, sizeof(iv2)); - return (0); + return 0; } int tls1_setup_key_block(SSL *s) @@ -350,18 +352,19 @@ int tls1_setup_key_block(SSL *s) unsigned char *p; const EVP_CIPHER *c; const EVP_MD *hash; - int num; SSL_COMP *comp; - int mac_type = NID_undef, mac_secret_size = 0; + int mac_type = NID_undef; + size_t num, mac_secret_size = 0; int ret = 0; if (s->s3->tmp.key_block_length != 0) - return (1); + return 1; if (!ssl_cipher_get_evp(s->session, &c, &hash, &mac_type, &mac_secret_size, - &comp, s->tlsext_use_etm)) { - SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, SSL_R_CIPHER_OR_HASH_UNAVAILABLE); - return (0); + &comp, s->ext.use_etm)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_SETUP_KEY_BLOCK, + SSL_R_CIPHER_OR_HASH_UNAVAILABLE); + return 0; } s->s3->tmp.new_sym_enc = c; @@ -374,7 +377,8 @@ int tls1_setup_key_block(SSL *s) ssl3_cleanup_key_block(s); if ((p = OPENSSL_malloc(num)) == NULL) { - SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_SETUP_KEY_BLOCK, + ERR_R_MALLOC_FAILURE); goto err; } @@ -398,18 +402,20 @@ int tls1_setup_key_block(SSL *s) } printf("master key\n"); { - int z; + size_t z; for (z = 0; z < s->session->master_key_length; z++) printf("%02X%c", s->session->master_key[z], ((z + 1) % 16) ? ' ' : '\n'); } #endif - if (!tls1_generate_key_block(s, p, num)) + if (!tls1_generate_key_block(s, p, num)) { + /* SSLfatal() already called */ goto err; + } #ifdef SSL_DEBUG printf("\nkey block\n"); { - int z; + size_t z; for (z = 0; z < num; z++) printf("%02X%c", p[z], ((z + 1) % 16) ? ' ' : '\n'); } @@ -436,66 +442,79 @@ int tls1_setup_key_block(SSL *s) ret = 1; err: - return (ret); + return ret; } -int tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *out) +size_t tls1_final_finish_mac(SSL *s, const char *str, size_t slen, + unsigned char *out) { - int hashlen; + size_t hashlen; unsigned char hash[EVP_MAX_MD_SIZE]; - if (!ssl3_digest_cached_records(s, 0)) + if (!ssl3_digest_cached_records(s, 0)) { + /* SSLfatal() already called */ return 0; + } - hashlen = ssl_handshake_hash(s, hash, sizeof(hash)); - - if (hashlen == 0) + if (!ssl_handshake_hash(s, hash, sizeof(hash), &hashlen)) { + /* SSLfatal() already called */ return 0; + } if (!tls1_PRF(s, str, slen, hash, hashlen, NULL, 0, NULL, 0, NULL, 0, s->session->master_key, s->session->master_key_length, - out, TLS1_FINISH_MAC_LENGTH)) + out, TLS1_FINISH_MAC_LENGTH, 1)) { + /* SSLfatal() already called */ return 0; + } OPENSSL_cleanse(hash, hashlen); return TLS1_FINISH_MAC_LENGTH; } int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, - int len) + size_t len, size_t *secret_size) { if (s->session->flags & SSL_SESS_FLAG_EXTMS) { unsigned char hash[EVP_MAX_MD_SIZE * 2]; - int hashlen; + size_t hashlen; /* * Digest cached records keeping record buffer (if present): this wont * affect client auth because we're freezing the buffer at the same * point (after client key exchange and before certificate verify) */ - if (!ssl3_digest_cached_records(s, 1)) - return -1; - hashlen = ssl_handshake_hash(s, hash, sizeof(hash)); + if (!ssl3_digest_cached_records(s, 1) + || !ssl_handshake_hash(s, hash, sizeof(hash), &hashlen)) { + /* SSLfatal() already called */ + return 0; + } #ifdef SSL_DEBUG fprintf(stderr, "Handshake hashes:\n"); BIO_dump_fp(stderr, (char *)hash, hashlen); #endif - tls1_PRF(s, - TLS_MD_EXTENDED_MASTER_SECRET_CONST, - TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE, - hash, hashlen, - NULL, 0, - NULL, 0, - NULL, 0, p, len, s->session->master_key, - SSL3_MASTER_SECRET_SIZE); + if (!tls1_PRF(s, + TLS_MD_EXTENDED_MASTER_SECRET_CONST, + TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE, + hash, hashlen, + NULL, 0, + NULL, 0, + NULL, 0, p, len, out, + SSL3_MASTER_SECRET_SIZE, 1)) { + /* SSLfatal() already called */ + return 0; + } OPENSSL_cleanse(hash, hashlen); } else { - tls1_PRF(s, - TLS_MD_MASTER_SECRET_CONST, - TLS_MD_MASTER_SECRET_CONST_SIZE, - s->s3->client_random, SSL3_RANDOM_SIZE, - NULL, 0, - s->s3->server_random, SSL3_RANDOM_SIZE, - NULL, 0, p, len, s->session->master_key, - SSL3_MASTER_SECRET_SIZE); + if (!tls1_PRF(s, + TLS_MD_MASTER_SECRET_CONST, + TLS_MD_MASTER_SECRET_CONST_SIZE, + s->s3->client_random, SSL3_RANDOM_SIZE, + NULL, 0, + s->s3->server_random, SSL3_RANDOM_SIZE, + NULL, 0, p, len, out, + SSL3_MASTER_SECRET_SIZE, 1)) { + /* SSLfatal() already called */ + return 0; + } } #ifdef SSL_DEBUG fprintf(stderr, "Premaster Secret:\n"); @@ -509,7 +528,8 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, SSL3_MASTER_SECRET_SIZE); #endif - return (SSL3_MASTER_SECRET_SIZE); + *secret_size = SSL3_MASTER_SECRET_SIZE; + return 1; } int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, @@ -580,7 +600,7 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, NULL, 0, NULL, 0, s->session->master_key, s->session->master_key_length, - out, olen); + out, olen, 0); goto ret; err1: @@ -592,77 +612,79 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, rv = 0; ret: OPENSSL_clear_free(val, vallen); - return (rv); + return rv; } int tls1_alert_code(int code) { switch (code) { case SSL_AD_CLOSE_NOTIFY: - return (SSL3_AD_CLOSE_NOTIFY); + return SSL3_AD_CLOSE_NOTIFY; case SSL_AD_UNEXPECTED_MESSAGE: - return (SSL3_AD_UNEXPECTED_MESSAGE); + return SSL3_AD_UNEXPECTED_MESSAGE; case SSL_AD_BAD_RECORD_MAC: - return (SSL3_AD_BAD_RECORD_MAC); + return SSL3_AD_BAD_RECORD_MAC; case SSL_AD_DECRYPTION_FAILED: - return (TLS1_AD_DECRYPTION_FAILED); + return TLS1_AD_DECRYPTION_FAILED; case SSL_AD_RECORD_OVERFLOW: - return (TLS1_AD_RECORD_OVERFLOW); + return TLS1_AD_RECORD_OVERFLOW; case SSL_AD_DECOMPRESSION_FAILURE: - return (SSL3_AD_DECOMPRESSION_FAILURE); + return SSL3_AD_DECOMPRESSION_FAILURE; case SSL_AD_HANDSHAKE_FAILURE: - return (SSL3_AD_HANDSHAKE_FAILURE); + return SSL3_AD_HANDSHAKE_FAILURE; case SSL_AD_NO_CERTIFICATE: - return (-1); + return -1; case SSL_AD_BAD_CERTIFICATE: - return (SSL3_AD_BAD_CERTIFICATE); + return SSL3_AD_BAD_CERTIFICATE; case SSL_AD_UNSUPPORTED_CERTIFICATE: - return (SSL3_AD_UNSUPPORTED_CERTIFICATE); + return SSL3_AD_UNSUPPORTED_CERTIFICATE; case SSL_AD_CERTIFICATE_REVOKED: - return (SSL3_AD_CERTIFICATE_REVOKED); + return SSL3_AD_CERTIFICATE_REVOKED; case SSL_AD_CERTIFICATE_EXPIRED: - return (SSL3_AD_CERTIFICATE_EXPIRED); + return SSL3_AD_CERTIFICATE_EXPIRED; case SSL_AD_CERTIFICATE_UNKNOWN: - return (SSL3_AD_CERTIFICATE_UNKNOWN); + return SSL3_AD_CERTIFICATE_UNKNOWN; case SSL_AD_ILLEGAL_PARAMETER: - return (SSL3_AD_ILLEGAL_PARAMETER); + return SSL3_AD_ILLEGAL_PARAMETER; case SSL_AD_UNKNOWN_CA: - return (TLS1_AD_UNKNOWN_CA); + return TLS1_AD_UNKNOWN_CA; case SSL_AD_ACCESS_DENIED: - return (TLS1_AD_ACCESS_DENIED); + return TLS1_AD_ACCESS_DENIED; case SSL_AD_DECODE_ERROR: - return (TLS1_AD_DECODE_ERROR); + return TLS1_AD_DECODE_ERROR; case SSL_AD_DECRYPT_ERROR: - return (TLS1_AD_DECRYPT_ERROR); + return TLS1_AD_DECRYPT_ERROR; case SSL_AD_EXPORT_RESTRICTION: - return (TLS1_AD_EXPORT_RESTRICTION); + return TLS1_AD_EXPORT_RESTRICTION; case SSL_AD_PROTOCOL_VERSION: - return (TLS1_AD_PROTOCOL_VERSION); + return TLS1_AD_PROTOCOL_VERSION; case SSL_AD_INSUFFICIENT_SECURITY: - return (TLS1_AD_INSUFFICIENT_SECURITY); + return TLS1_AD_INSUFFICIENT_SECURITY; case SSL_AD_INTERNAL_ERROR: - return (TLS1_AD_INTERNAL_ERROR); + return TLS1_AD_INTERNAL_ERROR; case SSL_AD_USER_CANCELLED: - return (TLS1_AD_USER_CANCELLED); + return TLS1_AD_USER_CANCELLED; case SSL_AD_NO_RENEGOTIATION: - return (TLS1_AD_NO_RENEGOTIATION); + return TLS1_AD_NO_RENEGOTIATION; case SSL_AD_UNSUPPORTED_EXTENSION: - return (TLS1_AD_UNSUPPORTED_EXTENSION); + return TLS1_AD_UNSUPPORTED_EXTENSION; case SSL_AD_CERTIFICATE_UNOBTAINABLE: - return (TLS1_AD_CERTIFICATE_UNOBTAINABLE); + return TLS1_AD_CERTIFICATE_UNOBTAINABLE; case SSL_AD_UNRECOGNIZED_NAME: - return (TLS1_AD_UNRECOGNIZED_NAME); + return TLS1_AD_UNRECOGNIZED_NAME; case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: - return (TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE); + return TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE; case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: - return (TLS1_AD_BAD_CERTIFICATE_HASH_VALUE); + return TLS1_AD_BAD_CERTIFICATE_HASH_VALUE; case SSL_AD_UNKNOWN_PSK_IDENTITY: - return (TLS1_AD_UNKNOWN_PSK_IDENTITY); + return TLS1_AD_UNKNOWN_PSK_IDENTITY; case SSL_AD_INAPPROPRIATE_FALLBACK: - return (TLS1_AD_INAPPROPRIATE_FALLBACK); + return TLS1_AD_INAPPROPRIATE_FALLBACK; case SSL_AD_NO_APPLICATION_PROTOCOL: - return (TLS1_AD_NO_APPLICATION_PROTOCOL); + return TLS1_AD_NO_APPLICATION_PROTOCOL; + case SSL_AD_CERTIFICATE_REQUIRED: + return SSL_AD_HANDSHAKE_FAILURE; default: - return (-1); + return -1; } } diff --git a/deps/openssl/openssl/ssl/t1_ext.c b/deps/openssl/openssl/ssl/t1_ext.c deleted file mode 100644 index a996a20decc72b..00000000000000 --- a/deps/openssl/openssl/ssl/t1_ext.c +++ /dev/null @@ -1,283 +0,0 @@ -/* - * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* Custom extension utility functions */ - -#include -#include "ssl_locl.h" - -/* Find a custom extension from the list. */ -static custom_ext_method *custom_ext_find(const custom_ext_methods *exts, - unsigned int ext_type) -{ - size_t i; - custom_ext_method *meth = exts->meths; - for (i = 0; i < exts->meths_count; i++, meth++) { - if (ext_type == meth->ext_type) - return meth; - } - return NULL; -} - -/* - * Initialise custom extensions flags to indicate neither sent nor received. - */ -void custom_ext_init(custom_ext_methods *exts) -{ - size_t i; - custom_ext_method *meth = exts->meths; - for (i = 0; i < exts->meths_count; i++, meth++) - meth->ext_flags = 0; -} - -/* Pass received custom extension data to the application for parsing. */ -int custom_ext_parse(SSL *s, int server, - unsigned int ext_type, - const unsigned char *ext_data, size_t ext_size, int *al) -{ - custom_ext_methods *exts = server ? &s->cert->srv_ext : &s->cert->cli_ext; - custom_ext_method *meth; - meth = custom_ext_find(exts, ext_type); - /* If not found return success */ - if (!meth) - return 1; - if (!server) { - /* - * If it's ServerHello we can't have any extensions not sent in - * ClientHello. - */ - if (!(meth->ext_flags & SSL_EXT_FLAG_SENT)) { - *al = TLS1_AD_UNSUPPORTED_EXTENSION; - return 0; - } - } - /* If already present it's a duplicate */ - if (meth->ext_flags & SSL_EXT_FLAG_RECEIVED) { - *al = TLS1_AD_DECODE_ERROR; - return 0; - } - meth->ext_flags |= SSL_EXT_FLAG_RECEIVED; - /* If no parse function set return success */ - if (!meth->parse_cb) - return 1; - - return meth->parse_cb(s, ext_type, ext_data, ext_size, al, meth->parse_arg); -} - -/* - * Request custom extension data from the application and add to the return - * buffer. - */ -int custom_ext_add(SSL *s, int server, - unsigned char **pret, unsigned char *limit, int *al) -{ - custom_ext_methods *exts = server ? &s->cert->srv_ext : &s->cert->cli_ext; - custom_ext_method *meth; - unsigned char *ret = *pret; - size_t i; - - for (i = 0; i < exts->meths_count; i++) { - const unsigned char *out = NULL; - size_t outlen = 0; - meth = exts->meths + i; - - if (server) { - /* - * For ServerHello only send extensions present in ClientHello. - */ - if (!(meth->ext_flags & SSL_EXT_FLAG_RECEIVED)) - continue; - /* If callback absent for server skip it */ - if (!meth->add_cb) - continue; - } - if (meth->add_cb) { - int cb_retval = 0; - cb_retval = meth->add_cb(s, meth->ext_type, - &out, &outlen, al, meth->add_arg); - if (cb_retval < 0) - return 0; /* error */ - if (cb_retval == 0) - continue; /* skip this extension */ - } - if (4 > limit - ret || outlen > (size_t)(limit - ret - 4)) - return 0; - s2n(meth->ext_type, ret); - s2n(outlen, ret); - if (outlen) { - memcpy(ret, out, outlen); - ret += outlen; - } - /* - * We can't send duplicates: code logic should prevent this. - */ - OPENSSL_assert(!(meth->ext_flags & SSL_EXT_FLAG_SENT)); - /* - * Indicate extension has been sent: this is both a sanity check to - * ensure we don't send duplicate extensions and indicates that it is - * not an error if the extension is present in ServerHello. - */ - meth->ext_flags |= SSL_EXT_FLAG_SENT; - if (meth->free_cb) - meth->free_cb(s, meth->ext_type, out, meth->add_arg); - } - *pret = ret; - return 1; -} - -/* Copy the flags from src to dst for any extensions that exist in both */ -int custom_exts_copy_flags(custom_ext_methods *dst, - const custom_ext_methods *src) -{ - size_t i; - custom_ext_method *methsrc = src->meths; - - for (i = 0; i < src->meths_count; i++, methsrc++) { - custom_ext_method *methdst = custom_ext_find(dst, methsrc->ext_type); - - if (methdst == NULL) - continue; - - methdst->ext_flags = methsrc->ext_flags; - } - - return 1; -} - -/* Copy table of custom extensions */ -int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src) -{ - if (src->meths_count) { - dst->meths = - OPENSSL_memdup(src->meths, - sizeof(custom_ext_method) * src->meths_count); - if (dst->meths == NULL) - return 0; - dst->meths_count = src->meths_count; - } - return 1; -} - -void custom_exts_free(custom_ext_methods *exts) -{ - OPENSSL_free(exts->meths); -} - -/* Set callbacks for a custom extension. */ -static int custom_ext_meth_add(custom_ext_methods *exts, - unsigned int ext_type, - custom_ext_add_cb add_cb, - custom_ext_free_cb free_cb, - void *add_arg, - custom_ext_parse_cb parse_cb, void *parse_arg) -{ - custom_ext_method *meth, *tmp; - /* - * Check application error: if add_cb is not set free_cb will never be - * called. - */ - if (!add_cb && free_cb) - return 0; - /* - * Don't add if extension supported internally, but make exception - * for extension types that previously were not supported, but now are. - */ - if (SSL_extension_supported(ext_type) && - ext_type != TLSEXT_TYPE_signed_certificate_timestamp) - return 0; - /* Extension type must fit in 16 bits */ - if (ext_type > 0xffff) - return 0; - /* Search for duplicate */ - if (custom_ext_find(exts, ext_type)) - return 0; - tmp = OPENSSL_realloc(exts->meths, - (exts->meths_count + 1) * sizeof(custom_ext_method)); - - if (tmp == NULL) - return 0; - - exts->meths = tmp; - meth = exts->meths + exts->meths_count; - memset(meth, 0, sizeof(*meth)); - meth->parse_cb = parse_cb; - meth->add_cb = add_cb; - meth->free_cb = free_cb; - meth->ext_type = ext_type; - meth->add_arg = add_arg; - meth->parse_arg = parse_arg; - exts->meths_count++; - return 1; -} - -/* Return true if a client custom extension exists, false otherwise */ -int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, unsigned int ext_type) -{ - return custom_ext_find(&ctx->cert->cli_ext, ext_type) != NULL; -} - -/* Application level functions to add custom extension callbacks */ -int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type, - custom_ext_add_cb add_cb, - custom_ext_free_cb free_cb, - void *add_arg, - custom_ext_parse_cb parse_cb, void *parse_arg) -{ -#ifndef OPENSSL_NO_CT - /* - * We don't want applications registering callbacks for SCT extensions - * whilst simultaneously using the built-in SCT validation features, as - * these two things may not play well together. - */ - if (ext_type == TLSEXT_TYPE_signed_certificate_timestamp && - SSL_CTX_ct_is_enabled(ctx)) - return 0; -#endif - return custom_ext_meth_add(&ctx->cert->cli_ext, ext_type, add_cb, - free_cb, add_arg, parse_cb, parse_arg); -} - -int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type, - custom_ext_add_cb add_cb, - custom_ext_free_cb free_cb, - void *add_arg, - custom_ext_parse_cb parse_cb, void *parse_arg) -{ - return custom_ext_meth_add(&ctx->cert->srv_ext, ext_type, - add_cb, free_cb, add_arg, parse_cb, parse_arg); -} - -int SSL_extension_supported(unsigned int ext_type) -{ - switch (ext_type) { - /* Internally supported extensions. */ - case TLSEXT_TYPE_application_layer_protocol_negotiation: - case TLSEXT_TYPE_ec_point_formats: - case TLSEXT_TYPE_elliptic_curves: - case TLSEXT_TYPE_heartbeat: -#ifndef OPENSSL_NO_NEXTPROTONEG - case TLSEXT_TYPE_next_proto_neg: -#endif - case TLSEXT_TYPE_padding: - case TLSEXT_TYPE_renegotiate: - case TLSEXT_TYPE_server_name: - case TLSEXT_TYPE_session_ticket: - case TLSEXT_TYPE_signature_algorithms: - case TLSEXT_TYPE_srp: - case TLSEXT_TYPE_status_request: - case TLSEXT_TYPE_signed_certificate_timestamp: - case TLSEXT_TYPE_use_srtp: -#ifdef TLSEXT_TYPE_encrypt_then_mac - case TLSEXT_TYPE_encrypt_then_mac: -#endif - return 1; - default: - return 0; - } -} diff --git a/deps/openssl/openssl/ssl/t1_lib.c b/deps/openssl/openssl/ssl/t1_lib.c index 95711fb6df8776..fc41ed90e710d8 100644 --- a/deps/openssl/openssl/ssl/t1_lib.c +++ b/deps/openssl/openssl/ssl/t1_lib.c @@ -17,19 +17,10 @@ #include #include #include +#include "internal/nelem.h" #include "ssl_locl.h" #include - -#define CHECKLEN(curr, val, limit) \ - (((curr) >= (limit)) || (size_t)((limit) - (curr)) < (size_t)(val)) - -static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen, - const unsigned char *sess_id, int sesslen, - SSL_SESSION **psess); -static int ssl_check_clienthello_tlsext_early(SSL *s); -static int ssl_check_serverhello_tlsext(SSL *s); - SSL3_ENC_METHOD const TLSv1_enc_data = { tls1_enc, tls1_mac, @@ -37,14 +28,13 @@ SSL3_ENC_METHOD const TLSv1_enc_data = { tls1_generate_master_secret, tls1_change_cipher_state, tls1_final_finish_mac, - TLS1_FINISH_MAC_LENGTH, TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE, TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE, tls1_alert_code, tls1_export_keying_material, 0, - SSL3_HM_HEADER_LENGTH, ssl3_set_handshake_header, + tls_close_construct_packet, ssl3_handshake_write }; @@ -55,14 +45,13 @@ SSL3_ENC_METHOD const TLSv1_1_enc_data = { tls1_generate_master_secret, tls1_change_cipher_state, tls1_final_finish_mac, - TLS1_FINISH_MAC_LENGTH, TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE, TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE, tls1_alert_code, tls1_export_keying_material, SSL_ENC_FLAG_EXPLICIT_IV, - SSL3_HM_HEADER_LENGTH, ssl3_set_handshake_header, + tls_close_construct_packet, ssl3_handshake_write }; @@ -73,15 +62,31 @@ SSL3_ENC_METHOD const TLSv1_2_enc_data = { tls1_generate_master_secret, tls1_change_cipher_state, tls1_final_finish_mac, - TLS1_FINISH_MAC_LENGTH, TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE, TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE, tls1_alert_code, tls1_export_keying_material, SSL_ENC_FLAG_EXPLICIT_IV | SSL_ENC_FLAG_SIGALGS | SSL_ENC_FLAG_SHA256_PRF | SSL_ENC_FLAG_TLS1_2_CIPHERS, - SSL3_HM_HEADER_LENGTH, ssl3_set_handshake_header, + tls_close_construct_packet, + ssl3_handshake_write +}; + +SSL3_ENC_METHOD const TLSv1_3_enc_data = { + tls13_enc, + tls1_mac, + tls13_setup_key_block, + tls13_generate_master_secret, + tls13_change_cipher_state, + tls13_final_finish_mac, + TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE, + TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE, + tls13_alert_code, + tls13_export_keying_material, + SSL_ENC_FLAG_SIGALGS | SSL_ENC_FLAG_SHA256_PRF, + ssl3_set_handshake_header, + tls_close_construct_packet, ssl3_handshake_write }; @@ -97,40 +102,40 @@ long tls1_default_timeout(void) int tls1_new(SSL *s) { if (!ssl3_new(s)) - return (0); - s->method->ssl_clear(s); - return (1); + return 0; + if (!s->method->ssl_clear(s)) + return 0; + + return 1; } void tls1_free(SSL *s) { - OPENSSL_free(s->tlsext_session_ticket); + OPENSSL_free(s->ext.session_ticket); ssl3_free(s); } -void tls1_clear(SSL *s) +int tls1_clear(SSL *s) { - ssl3_clear(s); + if (!ssl3_clear(s)) + return 0; + if (s->method->version == TLS_ANY_VERSION) s->version = TLS_MAX_VERSION; else s->version = s->method->version; + + return 1; } #ifndef OPENSSL_NO_EC -typedef struct { - int nid; /* Curve NID */ - int secbits; /* Bits of security (from SP800-57) */ - unsigned int flags; /* Flags: currently just field type */ -} tls_curve_info; - /* * Table of curve information. * Do not delete entries or reorder this array! It is used as a lookup * table: the index of each entry is one less than the TLS curve id. */ -static const tls_curve_info nid_list[] = { +static const TLS_GROUP_INFO nid_list[] = { {NID_sect163k1, 80, TLS_CURVE_CHAR2}, /* sect163k1 (1) */ {NID_sect163r1, 80, TLS_CURVE_CHAR2}, /* sect163r1 (2) */ {NID_sect163r2, 80, TLS_CURVE_CHAR2}, /* sect163r2 (3) */ @@ -159,7 +164,8 @@ static const tls_curve_info nid_list[] = { {NID_brainpoolP256r1, 128, TLS_CURVE_PRIME}, /* brainpoolP256r1 (26) */ {NID_brainpoolP384r1, 192, TLS_CURVE_PRIME}, /* brainpoolP384r1 (27) */ {NID_brainpoolP512r1, 256, TLS_CURVE_PRIME}, /* brainpool512r1 (28) */ - {NID_X25519, 128, TLS_CURVE_CUSTOM}, /* X25519 (29) */ + {EVP_PKEY_X25519, 128, TLS_CURVE_CUSTOM}, /* X25519 (29) */ + {EVP_PKEY_X448, 224, TLS_CURVE_CUSTOM}, /* X448 (30) */ }; static const unsigned char ecformats_default[] = { @@ -169,160 +175,117 @@ static const unsigned char ecformats_default[] = { }; /* The default curves */ -static const unsigned char eccurves_default[] = { - 0, 29, /* X25519 (29) */ - 0, 23, /* secp256r1 (23) */ - 0, 25, /* secp521r1 (25) */ - 0, 24, /* secp384r1 (24) */ +static const uint16_t eccurves_default[] = { + 29, /* X25519 (29) */ + 23, /* secp256r1 (23) */ + 30, /* X448 (30) */ + 25, /* secp521r1 (25) */ + 24, /* secp384r1 (24) */ }; -static const unsigned char suiteb_curves[] = { - 0, TLSEXT_curve_P_256, - 0, TLSEXT_curve_P_384 +static const uint16_t suiteb_curves[] = { + TLSEXT_curve_P_256, + TLSEXT_curve_P_384 }; -int tls1_ec_curve_id2nid(int curve_id, unsigned int *pflags) +const TLS_GROUP_INFO *tls1_group_id_lookup(uint16_t group_id) { - const tls_curve_info *cinfo; /* ECC curves from RFC 4492 and RFC 7027 */ - if ((curve_id < 1) || ((unsigned int)curve_id > OSSL_NELEM(nid_list))) - return 0; - cinfo = nid_list + curve_id - 1; - if (pflags) - *pflags = cinfo->flags; - return cinfo->nid; + if (group_id < 1 || group_id > OSSL_NELEM(nid_list)) + return NULL; + return &nid_list[group_id - 1]; } -int tls1_ec_nid2curve_id(int nid) +static uint16_t tls1_nid2group_id(int nid) { size_t i; for (i = 0; i < OSSL_NELEM(nid_list); i++) { if (nid_list[i].nid == nid) - return i + 1; + return (uint16_t)(i + 1); } return 0; } /* - * Get curves list, if "sess" is set return client curves otherwise - * preferred list. - * Sets |num_curves| to the number of curves in the list, i.e., - * the length of |pcurves| is 2 * num_curves. - * Returns 1 on success and 0 if the client curves list has invalid format. - * The latter indicates an internal error: we should not be accepting such - * lists in the first place. - * TODO(emilia): we should really be storing the curves list in explicitly - * parsed form instead. (However, this would affect binary compatibility - * so cannot happen in the 1.0.x series.) + * Set *pgroups to the supported groups list and *pgroupslen to + * the number of groups supported. */ -static int tls1_get_curvelist(SSL *s, int sess, - const unsigned char **pcurves, size_t *num_curves) +void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups, + size_t *pgroupslen) { - size_t pcurveslen = 0; - if (sess) { - *pcurves = s->session->tlsext_ellipticcurvelist; - pcurveslen = s->session->tlsext_ellipticcurvelist_length; - } else { - /* For Suite B mode only include P-256, P-384 */ - switch (tls1_suiteb(s)) { - case SSL_CERT_FLAG_SUITEB_128_LOS: - *pcurves = suiteb_curves; - pcurveslen = sizeof(suiteb_curves); - break; + /* For Suite B mode only include P-256, P-384 */ + switch (tls1_suiteb(s)) { + case SSL_CERT_FLAG_SUITEB_128_LOS: + *pgroups = suiteb_curves; + *pgroupslen = OSSL_NELEM(suiteb_curves); + break; - case SSL_CERT_FLAG_SUITEB_128_LOS_ONLY: - *pcurves = suiteb_curves; - pcurveslen = 2; - break; + case SSL_CERT_FLAG_SUITEB_128_LOS_ONLY: + *pgroups = suiteb_curves; + *pgroupslen = 1; + break; - case SSL_CERT_FLAG_SUITEB_192_LOS: - *pcurves = suiteb_curves + 2; - pcurveslen = 2; - break; - default: - *pcurves = s->tlsext_ellipticcurvelist; - pcurveslen = s->tlsext_ellipticcurvelist_length; - } - if (!*pcurves) { - *pcurves = eccurves_default; - pcurveslen = sizeof(eccurves_default); - } - } + case SSL_CERT_FLAG_SUITEB_192_LOS: + *pgroups = suiteb_curves + 1; + *pgroupslen = 1; + break; - /* We do not allow odd length arrays to enter the system. */ - if (pcurveslen & 1) { - SSLerr(SSL_F_TLS1_GET_CURVELIST, ERR_R_INTERNAL_ERROR); - *num_curves = 0; - return 0; + default: + if (s->ext.supportedgroups == NULL) { + *pgroups = eccurves_default; + *pgroupslen = OSSL_NELEM(eccurves_default); + } else { + *pgroups = s->ext.supportedgroups; + *pgroupslen = s->ext.supportedgroups_len; + } + break; } - *num_curves = pcurveslen / 2; - return 1; } /* See if curve is allowed by security callback */ -static int tls_curve_allowed(SSL *s, const unsigned char *curve, int op) +int tls_curve_allowed(SSL *s, uint16_t curve, int op) { - const tls_curve_info *cinfo; - if (curve[0]) - return 1; - if ((curve[1] < 1) || ((size_t)curve[1] > OSSL_NELEM(nid_list))) + const TLS_GROUP_INFO *cinfo = tls1_group_id_lookup(curve); + unsigned char ctmp[2]; + + if (cinfo == NULL) return 0; - cinfo = &nid_list[curve[1] - 1]; # ifdef OPENSSL_NO_EC2M if (cinfo->flags & TLS_CURVE_CHAR2) return 0; # endif - return ssl_security(s, op, cinfo->secbits, cinfo->nid, (void *)curve); + ctmp[0] = curve >> 8; + ctmp[1] = curve & 0xff; + return ssl_security(s, op, cinfo->secbits, cinfo->nid, (void *)ctmp); } -/* Check a curve is one of our preferences */ -int tls1_check_curve(SSL *s, const unsigned char *p, size_t len) +/* Return 1 if "id" is in "list" */ +static int tls1_in_list(uint16_t id, const uint16_t *list, size_t listlen) { - const unsigned char *curves; - size_t num_curves, i; - unsigned int suiteb_flags = tls1_suiteb(s); - if (len != 3 || p[0] != NAMED_CURVE_TYPE) - return 0; - /* Check curve matches Suite B preferences */ - if (suiteb_flags) { - unsigned long cid = s->s3->tmp.new_cipher->id; - if (p[1]) - return 0; - if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) { - if (p[2] != TLSEXT_curve_P_256) - return 0; - } else if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) { - if (p[2] != TLSEXT_curve_P_384) - return 0; - } else /* Should never happen */ - return 0; - } - if (!tls1_get_curvelist(s, 0, &curves, &num_curves)) - return 0; - for (i = 0; i < num_curves; i++, curves += 2) { - if (p[1] == curves[0] && p[2] == curves[1]) - return tls_curve_allowed(s, p + 1, SSL_SECOP_CURVE_CHECK); - } + size_t i; + for (i = 0; i < listlen; i++) + if (list[i] == id) + return 1; return 0; } /*- - * For nmatch >= 0, return the NID of the |nmatch|th shared curve or NID_undef + * For nmatch >= 0, return the id of the |nmatch|th shared group or 0 * if there is no match. * For nmatch == -1, return number of matches - * For nmatch == -2, return the NID of the curve to use for - * an EC tmp key, or NID_undef if there is no match. + * For nmatch == -2, return the id of the group to use for + * a tmp key, or 0 if there is no match. */ -int tls1_shared_curve(SSL *s, int nmatch) +uint16_t tls1_shared_group(SSL *s, int nmatch) { - const unsigned char *pref, *supp; - size_t num_pref, num_supp, i, j; + const uint16_t *pref, *supp; + size_t num_pref, num_supp, i; int k; /* Can't do anything on client side */ if (s->server == 0) - return -1; + return 0; if (nmatch == -2) { if (tls1_suiteb(s)) { /* @@ -332,79 +295,78 @@ int tls1_shared_curve(SSL *s, int nmatch) unsigned long cid = s->s3->tmp.new_cipher->id; if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) - return NID_X9_62_prime256v1; /* P-256 */ + return TLSEXT_curve_P_256; if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) - return NID_secp384r1; /* P-384 */ + return TLSEXT_curve_P_384; /* Should never happen */ - return NID_undef; + return 0; } /* If not Suite B just return first preference shared curve */ nmatch = 0; } /* - * Avoid truncation. tls1_get_curvelist takes an int - * but s->options is a long... + * If server preference set, our groups are the preference order + * otherwise peer decides. */ - if (!tls1_get_curvelist(s, - (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) != 0, - &supp, &num_supp)) - /* In practice, NID_undef == 0 but let's be precise. */ - return nmatch == -1 ? 0 : NID_undef; - if (!tls1_get_curvelist(s, - (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) == 0, - &pref, &num_pref)) - return nmatch == -1 ? 0 : NID_undef; - - for (k = 0, i = 0; i < num_pref; i++, pref += 2) { - const unsigned char *tsupp = supp; - - for (j = 0; j < num_supp; j++, tsupp += 2) { - if (pref[0] == tsupp[0] && pref[1] == tsupp[1]) { - if (!tls_curve_allowed(s, pref, SSL_SECOP_CURVE_SHARED)) - continue; - if (nmatch == k) { - int id = (pref[0] << 8) | pref[1]; + if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) { + tls1_get_supported_groups(s, &pref, &num_pref); + tls1_get_peer_groups(s, &supp, &num_supp); + } else { + tls1_get_peer_groups(s, &pref, &num_pref); + tls1_get_supported_groups(s, &supp, &num_supp); + } - return tls1_ec_curve_id2nid(id, NULL); - } - k++; - } - } + for (k = 0, i = 0; i < num_pref; i++) { + uint16_t id = pref[i]; + + if (!tls1_in_list(id, supp, num_supp) + || !tls_curve_allowed(s, id, SSL_SECOP_CURVE_SHARED)) + continue; + if (nmatch == k) + return id; + k++; } if (nmatch == -1) return k; /* Out of range (nmatch > k). */ - return NID_undef; + return 0; } -int tls1_set_curves(unsigned char **pext, size_t *pextlen, - int *curves, size_t ncurves) +int tls1_set_groups(uint16_t **pext, size_t *pextlen, + int *groups, size_t ngroups) { - unsigned char *clist, *p; + uint16_t *glist; size_t i; /* - * Bitmap of curves included to detect duplicates: only works while curve + * Bitmap of groups included to detect duplicates: only works while group * ids < 32 */ unsigned long dup_list = 0; - clist = OPENSSL_malloc(ncurves * 2); - if (clist == NULL) + + if (ngroups == 0) { + SSLerr(SSL_F_TLS1_SET_GROUPS, SSL_R_BAD_LENGTH); + return 0; + } + if ((glist = OPENSSL_malloc(ngroups * sizeof(*glist))) == NULL) { + SSLerr(SSL_F_TLS1_SET_GROUPS, ERR_R_MALLOC_FAILURE); return 0; - for (i = 0, p = clist; i < ncurves; i++) { + } + for (i = 0; i < ngroups; i++) { unsigned long idmask; - int id; - id = tls1_ec_nid2curve_id(curves[i]); + uint16_t id; + /* TODO(TLS1.3): Convert for DH groups */ + id = tls1_nid2group_id(groups[i]); idmask = 1L << id; if (!id || (dup_list & idmask)) { - OPENSSL_free(clist); + OPENSSL_free(glist); return 0; } dup_list |= idmask; - s2n(id, p); + glist[i] = id; } OPENSSL_free(*pext); - *pext = clist; - *pextlen = ncurves * 2; + *pext = glist; + *pextlen = ngroups; return 1; } @@ -443,8 +405,8 @@ static int nid_cb(const char *elem, int len, void *arg) return 1; } -/* Set curves based on a colon separate list */ -int tls1_set_curves_list(unsigned char **pext, size_t *pextlen, const char *str) +/* Set groups based on a colon separate list */ +int tls1_set_groups_list(uint16_t **pext, size_t *pextlen, const char *str) { nid_cb_st ncb; ncb.nidcnt = 0; @@ -452,110 +414,129 @@ int tls1_set_curves_list(unsigned char **pext, size_t *pextlen, const char *str) return 0; if (pext == NULL) return 1; - return tls1_set_curves(pext, pextlen, ncb.nid_arr, ncb.nidcnt); + return tls1_set_groups(pext, pextlen, ncb.nid_arr, ncb.nidcnt); } - -/* For an EC key set TLS id and required compression based on parameters */ -static int tls1_set_ec_id(unsigned char *curve_id, unsigned char *comp_id, - EC_KEY *ec) +/* Return group id of a key */ +static uint16_t tls1_get_group_id(EVP_PKEY *pkey) { - int id; + EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); const EC_GROUP *grp; - if (!ec) + + if (ec == NULL) return 0; - /* Determine if it is a prime field */ grp = EC_KEY_get0_group(ec); - if (!grp) - return 0; - /* Determine curve ID */ - id = EC_GROUP_get_curve_name(grp); - id = tls1_ec_nid2curve_id(id); - /* If no id return error: we don't support arbitrary explicit curves */ - if (id == 0) - return 0; - curve_id[0] = 0; - curve_id[1] = (unsigned char)id; - if (comp_id) { - if (EC_KEY_get0_public_key(ec) == NULL) - return 0; - if (EC_KEY_get_conv_form(ec) == POINT_CONVERSION_UNCOMPRESSED) { - *comp_id = TLSEXT_ECPOINTFORMAT_uncompressed; - } else { - if ((nid_list[id - 1].flags & TLS_CURVE_TYPE) == TLS_CURVE_PRIME) - *comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; - else - *comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; - } - } - return 1; + return tls1_nid2group_id(EC_GROUP_get_curve_name(grp)); } -# define DONT_CHECK_OWN_GROUPS 0 -# define CHECK_OWN_GROUPS 1 -/* Check an EC key is compatible with extensions */ -static int tls1_check_ec_key(SSL *s, unsigned char *curve_id, - unsigned char *comp_id, int check_own_groups) +/* Check a key is compatible with compression extension */ +static int tls1_check_pkey_comp(SSL *s, EVP_PKEY *pkey) { - const unsigned char *pformats, *pcurves; - size_t num_formats, num_curves, i; - int j; + const EC_KEY *ec; + const EC_GROUP *grp; + unsigned char comp_id; + size_t i; + + /* If not an EC key nothing to check */ + if (EVP_PKEY_id(pkey) != EVP_PKEY_EC) + return 1; + ec = EVP_PKEY_get0_EC_KEY(pkey); + grp = EC_KEY_get0_group(ec); + + /* Get required compression id */ + if (EC_KEY_get_conv_form(ec) == POINT_CONVERSION_UNCOMPRESSED) { + comp_id = TLSEXT_ECPOINTFORMAT_uncompressed; + } else if (SSL_IS_TLS13(s)) { + /* + * ec_point_formats extension is not used in TLSv1.3 so we ignore + * this check. + */ + return 1; + } else { + int field_type = EC_METHOD_get_field_type(EC_GROUP_method_of(grp)); + if (field_type == NID_X9_62_prime_field) + comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; + else if (field_type == NID_X9_62_characteristic_two_field) + comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; + else + return 0; + } /* * If point formats extension present check it, otherwise everything is * supported (see RFC4492). */ - if (comp_id && s->session->tlsext_ecpointformatlist) { - pformats = s->session->tlsext_ecpointformatlist; - num_formats = s->session->tlsext_ecpointformatlist_length; - for (i = 0; i < num_formats; i++, pformats++) { - if (*comp_id == *pformats) - break; - } - if (i == num_formats) - return 0; - } - if (!curve_id) + if (s->session->ext.ecpointformats == NULL) return 1; - if (!s->server && !check_own_groups) - return 1; + for (i = 0; i < s->session->ext.ecpointformats_len; i++) { + if (s->session->ext.ecpointformats[i] == comp_id) + return 1; + } + return 0; +} + +/* Check a group id matches preferences */ +int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_groups) + { + const uint16_t *groups; + size_t groups_len; + + if (group_id == 0) + return 0; + + /* Check for Suite B compliance */ + if (tls1_suiteb(s) && s->s3->tmp.new_cipher != NULL) { + unsigned long cid = s->s3->tmp.new_cipher->id; - /* Check curve is consistent with client and server preferences */ - for (j = check_own_groups ? 0 : 1; j <= 1; j++) { - if (!tls1_get_curvelist(s, j, &pcurves, &num_curves)) + if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) { + if (group_id != TLSEXT_curve_P_256) + return 0; + } else if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) { + if (group_id != TLSEXT_curve_P_384) + return 0; + } else { + /* Should never happen */ return 0; - if (j == 1 && num_curves == 0) { - /* - * If we've not received any curves then skip this check. - * RFC 4492 does not require the supported elliptic curves extension - * so if it is not sent we can just choose any curve. - * It is invalid to send an empty list in the elliptic curves - * extension, so num_curves == 0 always means no extension. - */ - break; } - for (i = 0; i < num_curves; i++, pcurves += 2) { - if (pcurves[0] == curve_id[0] && pcurves[1] == curve_id[1]) - break; - } - if (i == num_curves) + } + + if (check_own_groups) { + /* Check group is one of our preferences */ + tls1_get_supported_groups(s, &groups, &groups_len); + if (!tls1_in_list(group_id, groups, groups_len)) return 0; - /* For clients can only check sent curve list */ - if (!s->server) - break; } - return 1; + + if (!tls_curve_allowed(s, group_id, SSL_SECOP_CURVE_CHECK)) + return 0; + + /* For clients, nothing more to check */ + if (!s->server) + return 1; + + /* Check group is one of peers preferences */ + tls1_get_peer_groups(s, &groups, &groups_len); + + /* + * RFC 4492 does not require the supported elliptic curves extension + * so if it is not sent we can just choose any curve. + * It is invalid to send an empty list in the supported groups + * extension, so groups_len == 0 always means no extension. + */ + if (groups_len == 0) + return 1; + return tls1_in_list(group_id, groups, groups_len); } -static void tls1_get_formatlist(SSL *s, const unsigned char **pformats, - size_t *num_formats) +void tls1_get_formatlist(SSL *s, const unsigned char **pformats, + size_t *num_formats) { /* * If we have a custom point format list use it otherwise use default */ - if (s->tlsext_ecpointformatlist) { - *pformats = s->tlsext_ecpointformatlist; - *num_formats = s->tlsext_ecpointformatlist_length; + if (s->ext.ecpointformats) { + *pformats = s->ext.ecpointformats; + *num_formats = s->ext.ecpointformats_len; } else { *pformats = ecformats_default; /* For Suite B we don't support char2 fields */ @@ -570,63 +551,51 @@ static void tls1_get_formatlist(SSL *s, const unsigned char **pformats, * Check cert parameters compatible with extensions: currently just checks EC * certificates have compatible curves and compression. */ -static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md) +static int tls1_check_cert_param(SSL *s, X509 *x, int check_ee_md) { - unsigned char comp_id, curve_id[2]; + uint16_t group_id; EVP_PKEY *pkey; - int rv; pkey = X509_get0_pubkey(x); - if (!pkey) + if (pkey == NULL) return 0; /* If not EC nothing to do */ if (EVP_PKEY_id(pkey) != EVP_PKEY_EC) return 1; - rv = tls1_set_ec_id(curve_id, &comp_id, EVP_PKEY_get0_EC_KEY(pkey)); - if (!rv) + /* Check compression */ + if (!tls1_check_pkey_comp(s, pkey)) return 0; + group_id = tls1_get_group_id(pkey); /* - * Can't check curve_id for client certs as we don't have a supported - * curves extension. For server certs we will tolerate certificates that - * aren't in our own list of curves. If we've been configured to use an EC - * cert then we should use it - therefore we use DONT_CHECK_OWN_GROUPS here. + * For a server we allow the certificate to not be in our list of supported + * groups. */ - rv = tls1_check_ec_key(s, s->server ? curve_id : NULL, &comp_id, - DONT_CHECK_OWN_GROUPS); - if (!rv) + if (!tls1_check_group_id(s, group_id, !s->server)) return 0; /* * Special case for suite B. We *MUST* sign using SHA256+P-256 or - * SHA384+P-384, adjust digest if necessary. + * SHA384+P-384. */ - if (set_ee_md && tls1_suiteb(s)) { + if (check_ee_md && tls1_suiteb(s)) { int check_md; size_t i; CERT *c = s->cert; - if (curve_id[0]) - return 0; + /* Check to see we have necessary signing algorithm */ - if (curve_id[1] == TLSEXT_curve_P_256) + if (group_id == TLSEXT_curve_P_256) check_md = NID_ecdsa_with_SHA256; - else if (curve_id[1] == TLSEXT_curve_P_384) + else if (group_id == TLSEXT_curve_P_384) check_md = NID_ecdsa_with_SHA384; else return 0; /* Should never happen */ - for (i = 0; i < c->shared_sigalgslen; i++) - if (check_md == c->shared_sigalgs[i].signandhash_nid) - break; - if (i == c->shared_sigalgslen) - return 0; - if (set_ee_md == 2) { - if (check_md == NID_ecdsa_with_SHA256) - s->s3->tmp.md[SSL_PKEY_ECC] = EVP_sha256(); - else - s->s3->tmp.md[SSL_PKEY_ECC] = EVP_sha384(); + for (i = 0; i < c->shared_sigalgslen; i++) { + if (check_md == c->shared_sigalgs[i]->sigandhash) + return 1;; } + return 0; } - return rv; + return 1; } -# ifndef OPENSSL_NO_EC /* * tls1_check_ec_tmp_key - Check EC temporary key compatibility * @s: SSL connection @@ -639,31 +608,20 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md) */ int tls1_check_ec_tmp_key(SSL *s, unsigned long cid) { + /* If not Suite B just need a shared group */ + if (!tls1_suiteb(s)) + return tls1_shared_group(s, 0) != 0; /* * If Suite B, AES128 MUST use P-256 and AES256 MUST use P-384, no other * curves permitted. */ - if (tls1_suiteb(s)) { - unsigned char curve_id[2]; - /* Curve to check determined by ciphersuite */ - if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) - curve_id[1] = TLSEXT_curve_P_256; - else if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) - curve_id[1] = TLSEXT_curve_P_384; - else - return 0; - curve_id[0] = 0; - /* Check this curve is acceptable */ - if (!tls1_check_ec_key(s, curve_id, NULL, CHECK_OWN_GROUPS)) - return 0; - return 1; - } - /* Need a shared curve */ - if (tls1_shared_curve(s, 0)) - return 1; + if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) + return tls1_check_group_id(s, TLSEXT_curve_P_256, 1); + if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) + return tls1_check_group_id(s, TLSEXT_curve_P_384, 1); + return 0; } -# endif /* OPENSSL_NO_EC */ #else @@ -674,54 +632,286 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md) #endif /* OPENSSL_NO_EC */ -/* - * List of supported signature algorithms and hashes. Should make this - * customisable at some point, for now include everything we support. - */ - -#ifdef OPENSSL_NO_RSA -# define tlsext_sigalg_rsa(md) /* */ -#else -# define tlsext_sigalg_rsa(md) md, TLSEXT_signature_rsa, +/* Default sigalg schemes */ +static const uint16_t tls12_sigalgs[] = { +#ifndef OPENSSL_NO_EC + TLSEXT_SIGALG_ecdsa_secp256r1_sha256, + TLSEXT_SIGALG_ecdsa_secp384r1_sha384, + TLSEXT_SIGALG_ecdsa_secp521r1_sha512, + TLSEXT_SIGALG_ed25519, + TLSEXT_SIGALG_ed448, #endif -#ifdef OPENSSL_NO_DSA -# define tlsext_sigalg_dsa(md) /* */ -#else -# define tlsext_sigalg_dsa(md) md, TLSEXT_signature_dsa, -#endif + TLSEXT_SIGALG_rsa_pss_pss_sha256, + TLSEXT_SIGALG_rsa_pss_pss_sha384, + TLSEXT_SIGALG_rsa_pss_pss_sha512, + TLSEXT_SIGALG_rsa_pss_rsae_sha256, + TLSEXT_SIGALG_rsa_pss_rsae_sha384, + TLSEXT_SIGALG_rsa_pss_rsae_sha512, -#ifdef OPENSSL_NO_EC -# define tlsext_sigalg_ecdsa(md)/* */ -#else -# define tlsext_sigalg_ecdsa(md) md, TLSEXT_signature_ecdsa, + TLSEXT_SIGALG_rsa_pkcs1_sha256, + TLSEXT_SIGALG_rsa_pkcs1_sha384, + TLSEXT_SIGALG_rsa_pkcs1_sha512, + +#ifndef OPENSSL_NO_EC + TLSEXT_SIGALG_ecdsa_sha224, + TLSEXT_SIGALG_ecdsa_sha1, #endif + TLSEXT_SIGALG_rsa_pkcs1_sha224, + TLSEXT_SIGALG_rsa_pkcs1_sha1, +#ifndef OPENSSL_NO_DSA + TLSEXT_SIGALG_dsa_sha224, + TLSEXT_SIGALG_dsa_sha1, -#define tlsext_sigalg(md) \ - tlsext_sigalg_rsa(md) \ - tlsext_sigalg_dsa(md) \ - tlsext_sigalg_ecdsa(md) - -static const unsigned char tls12_sigalgs[] = { - tlsext_sigalg(TLSEXT_hash_sha512) - tlsext_sigalg(TLSEXT_hash_sha384) - tlsext_sigalg(TLSEXT_hash_sha256) - tlsext_sigalg(TLSEXT_hash_sha224) - tlsext_sigalg(TLSEXT_hash_sha1) + TLSEXT_SIGALG_dsa_sha256, + TLSEXT_SIGALG_dsa_sha384, + TLSEXT_SIGALG_dsa_sha512, +#endif #ifndef OPENSSL_NO_GOST - TLSEXT_hash_gostr3411, TLSEXT_signature_gostr34102001, - TLSEXT_hash_gostr34112012_256, TLSEXT_signature_gostr34102012_256, - TLSEXT_hash_gostr34112012_512, TLSEXT_signature_gostr34102012_512 + TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256, + TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, + TLSEXT_SIGALG_gostr34102001_gostr3411, #endif }; #ifndef OPENSSL_NO_EC -static const unsigned char suiteb_sigalgs[] = { - tlsext_sigalg_ecdsa(TLSEXT_hash_sha256) - tlsext_sigalg_ecdsa(TLSEXT_hash_sha384) +static const uint16_t suiteb_sigalgs[] = { + TLSEXT_SIGALG_ecdsa_secp256r1_sha256, + TLSEXT_SIGALG_ecdsa_secp384r1_sha384 }; #endif -size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned char **psigs) + +static const SIGALG_LOOKUP sigalg_lookup_tbl[] = { +#ifndef OPENSSL_NO_EC + {"ecdsa_secp256r1_sha256", TLSEXT_SIGALG_ecdsa_secp256r1_sha256, + NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, + NID_ecdsa_with_SHA256, NID_X9_62_prime256v1}, + {"ecdsa_secp384r1_sha384", TLSEXT_SIGALG_ecdsa_secp384r1_sha384, + NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, + NID_ecdsa_with_SHA384, NID_secp384r1}, + {"ecdsa_secp521r1_sha512", TLSEXT_SIGALG_ecdsa_secp521r1_sha512, + NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, + NID_ecdsa_with_SHA512, NID_secp521r1}, + {"ed25519", TLSEXT_SIGALG_ed25519, + NID_undef, -1, EVP_PKEY_ED25519, SSL_PKEY_ED25519, + NID_undef, NID_undef}, + {"ed448", TLSEXT_SIGALG_ed448, + NID_undef, -1, EVP_PKEY_ED448, SSL_PKEY_ED448, + NID_undef, NID_undef}, + {NULL, TLSEXT_SIGALG_ecdsa_sha224, + NID_sha224, SSL_MD_SHA224_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, + NID_ecdsa_with_SHA224, NID_undef}, + {NULL, TLSEXT_SIGALG_ecdsa_sha1, + NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, + NID_ecdsa_with_SHA1, NID_undef}, +#endif + {"rsa_pss_rsae_sha256", TLSEXT_SIGALG_rsa_pss_rsae_sha256, + NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA, + NID_undef, NID_undef}, + {"rsa_pss_rsae_sha384", TLSEXT_SIGALG_rsa_pss_rsae_sha384, + NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA, + NID_undef, NID_undef}, + {"rsa_pss_rsae_sha512", TLSEXT_SIGALG_rsa_pss_rsae_sha512, + NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA, + NID_undef, NID_undef}, + {"rsa_pss_pss_sha256", TLSEXT_SIGALG_rsa_pss_pss_sha256, + NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN, + NID_undef, NID_undef}, + {"rsa_pss_pss_sha384", TLSEXT_SIGALG_rsa_pss_pss_sha384, + NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN, + NID_undef, NID_undef}, + {"rsa_pss_pss_sha512", TLSEXT_SIGALG_rsa_pss_pss_sha512, + NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN, + NID_undef, NID_undef}, + {"rsa_pkcs1_sha256", TLSEXT_SIGALG_rsa_pkcs1_sha256, + NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA, + NID_sha256WithRSAEncryption, NID_undef}, + {"rsa_pkcs1_sha384", TLSEXT_SIGALG_rsa_pkcs1_sha384, + NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA, + NID_sha384WithRSAEncryption, NID_undef}, + {"rsa_pkcs1_sha512", TLSEXT_SIGALG_rsa_pkcs1_sha512, + NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA, + NID_sha512WithRSAEncryption, NID_undef}, + {"rsa_pkcs1_sha224", TLSEXT_SIGALG_rsa_pkcs1_sha224, + NID_sha224, SSL_MD_SHA224_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA, + NID_sha224WithRSAEncryption, NID_undef}, + {"rsa_pkcs1_sha1", TLSEXT_SIGALG_rsa_pkcs1_sha1, + NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA, + NID_sha1WithRSAEncryption, NID_undef}, +#ifndef OPENSSL_NO_DSA + {NULL, TLSEXT_SIGALG_dsa_sha256, + NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN, + NID_dsa_with_SHA256, NID_undef}, + {NULL, TLSEXT_SIGALG_dsa_sha384, + NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN, + NID_undef, NID_undef}, + {NULL, TLSEXT_SIGALG_dsa_sha512, + NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN, + NID_undef, NID_undef}, + {NULL, TLSEXT_SIGALG_dsa_sha224, + NID_sha224, SSL_MD_SHA224_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN, + NID_undef, NID_undef}, + {NULL, TLSEXT_SIGALG_dsa_sha1, + NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN, + NID_dsaWithSHA1, NID_undef}, +#endif +#ifndef OPENSSL_NO_GOST + {NULL, TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256, + NID_id_GostR3411_2012_256, SSL_MD_GOST12_256_IDX, + NID_id_GostR3410_2012_256, SSL_PKEY_GOST12_256, + NID_undef, NID_undef}, + {NULL, TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, + NID_id_GostR3411_2012_512, SSL_MD_GOST12_512_IDX, + NID_id_GostR3410_2012_512, SSL_PKEY_GOST12_512, + NID_undef, NID_undef}, + {NULL, TLSEXT_SIGALG_gostr34102001_gostr3411, + NID_id_GostR3411_94, SSL_MD_GOST94_IDX, + NID_id_GostR3410_2001, SSL_PKEY_GOST01, + NID_undef, NID_undef} +#endif +}; +/* Legacy sigalgs for TLS < 1.2 RSA TLS signatures */ +static const SIGALG_LOOKUP legacy_rsa_sigalg = { + "rsa_pkcs1_md5_sha1", 0, + NID_md5_sha1, SSL_MD_MD5_SHA1_IDX, + EVP_PKEY_RSA, SSL_PKEY_RSA, + NID_undef, NID_undef +}; + +/* + * Default signature algorithm values used if signature algorithms not present. + * From RFC5246. Note: order must match certificate index order. + */ +static const uint16_t tls_default_sigalg[] = { + TLSEXT_SIGALG_rsa_pkcs1_sha1, /* SSL_PKEY_RSA */ + 0, /* SSL_PKEY_RSA_PSS_SIGN */ + TLSEXT_SIGALG_dsa_sha1, /* SSL_PKEY_DSA_SIGN */ + TLSEXT_SIGALG_ecdsa_sha1, /* SSL_PKEY_ECC */ + TLSEXT_SIGALG_gostr34102001_gostr3411, /* SSL_PKEY_GOST01 */ + TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256, /* SSL_PKEY_GOST12_256 */ + TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, /* SSL_PKEY_GOST12_512 */ + 0, /* SSL_PKEY_ED25519 */ + 0, /* SSL_PKEY_ED448 */ +}; + +/* Lookup TLS signature algorithm */ +static const SIGALG_LOOKUP *tls1_lookup_sigalg(uint16_t sigalg) +{ + size_t i; + const SIGALG_LOOKUP *s; + + for (i = 0, s = sigalg_lookup_tbl; i < OSSL_NELEM(sigalg_lookup_tbl); + i++, s++) { + if (s->sigalg == sigalg) + return s; + } + return NULL; +} +/* Lookup hash: return 0 if invalid or not enabled */ +int tls1_lookup_md(const SIGALG_LOOKUP *lu, const EVP_MD **pmd) +{ + const EVP_MD *md; + if (lu == NULL) + return 0; + /* lu->hash == NID_undef means no associated digest */ + if (lu->hash == NID_undef) { + md = NULL; + } else { + md = ssl_md(lu->hash_idx); + if (md == NULL) + return 0; + } + if (pmd) + *pmd = md; + return 1; +} + +/* + * Check if key is large enough to generate RSA-PSS signature. + * + * The key must greater than or equal to 2 * hash length + 2. + * SHA512 has a hash length of 64 bytes, which is incompatible + * with a 128 byte (1024 bit) key. + */ +#define RSA_PSS_MINIMUM_KEY_SIZE(md) (2 * EVP_MD_size(md) + 2) +static int rsa_pss_check_min_key_size(const RSA *rsa, const SIGALG_LOOKUP *lu) +{ + const EVP_MD *md; + + if (rsa == NULL) + return 0; + if (!tls1_lookup_md(lu, &md) || md == NULL) + return 0; + if (RSA_size(rsa) < RSA_PSS_MINIMUM_KEY_SIZE(md)) + return 0; + return 1; +} + +/* + * Return a signature algorithm for TLS < 1.2 where the signature type + * is fixed by the certificate type. + */ +static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL *s, int idx) +{ + if (idx == -1) { + if (s->server) { + size_t i; + + /* Work out index corresponding to ciphersuite */ + for (i = 0; i < SSL_PKEY_NUM; i++) { + const SSL_CERT_LOOKUP *clu = ssl_cert_lookup_by_idx(i); + + if (clu->amask & s->s3->tmp.new_cipher->algorithm_auth) { + idx = i; + break; + } + } + + /* + * Some GOST ciphersuites allow more than one signature algorithms + * */ + if (idx == SSL_PKEY_GOST01 && s->s3->tmp.new_cipher->algorithm_auth != SSL_aGOST01) { + int real_idx; + + for (real_idx = SSL_PKEY_GOST12_512; real_idx >= SSL_PKEY_GOST01; + real_idx--) { + if (s->cert->pkeys[real_idx].privatekey != NULL) { + idx = real_idx; + break; + } + } + } + } else { + idx = s->cert->key - s->cert->pkeys; + } + } + if (idx < 0 || idx >= (int)OSSL_NELEM(tls_default_sigalg)) + return NULL; + if (SSL_USE_SIGALGS(s) || idx != SSL_PKEY_RSA) { + const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(tls_default_sigalg[idx]); + + if (!tls1_lookup_md(lu, NULL)) + return NULL; + return lu; + } + return &legacy_rsa_sigalg; +} +/* Set peer sigalg based key type */ +int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey) +{ + size_t idx; + const SIGALG_LOOKUP *lu; + + if (ssl_cert_lookup_by_pkey(pkey, &idx) == NULL) + return 0; + lu = tls1_get_legacy_sigalg(s, idx); + if (lu == NULL) + return 0; + s->s3->tmp.peer_sigalg = lu; + return 1; +} + +size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs) { /* * If Suite B mode use Suite B sigalgs only, ignore any other @@ -731,19 +921,23 @@ size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned char **psigs) switch (tls1_suiteb(s)) { case SSL_CERT_FLAG_SUITEB_128_LOS: *psigs = suiteb_sigalgs; - return sizeof(suiteb_sigalgs); + return OSSL_NELEM(suiteb_sigalgs); case SSL_CERT_FLAG_SUITEB_128_LOS_ONLY: *psigs = suiteb_sigalgs; - return 2; + return 1; case SSL_CERT_FLAG_SUITEB_192_LOS: - *psigs = suiteb_sigalgs + 2; - return 2; + *psigs = suiteb_sigalgs + 1; + return 1; } #endif - /* If server use client authentication sigalgs if not NULL */ - if (s->server == sent && s->cert->client_sigalgs) { + /* + * We use client_sigalgs (if not NULL) if we're a server + * and sending a certificate request or if we're a client and + * determining which shared algorithm to use. + */ + if ((s->server == sent) && s->cert->client_sigalgs != NULL) { *psigs = s->cert->client_sigalgs; return s->cert->client_sigalgslen; } else if (s->cert->conf_sigalgs) { @@ -751,91 +945,190 @@ size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned char **psigs) return s->cert->conf_sigalgslen; } else { *psigs = tls12_sigalgs; - return sizeof(tls12_sigalgs); + return OSSL_NELEM(tls12_sigalgs); + } +} + +#ifndef OPENSSL_NO_EC +/* + * Called by servers only. Checks that we have a sig alg that supports the + * specified EC curve. + */ +int tls_check_sigalg_curve(const SSL *s, int curve) +{ + const uint16_t *sigs; + size_t siglen, i; + + if (s->cert->conf_sigalgs) { + sigs = s->cert->conf_sigalgs; + siglen = s->cert->conf_sigalgslen; + } else { + sigs = tls12_sigalgs; + siglen = OSSL_NELEM(tls12_sigalgs); + } + + for (i = 0; i < siglen; i++) { + const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(sigs[i]); + + if (lu == NULL) + continue; + if (lu->sig == EVP_PKEY_EC + && lu->curve != NID_undef + && curve == lu->curve) + return 1; } + + return 0; } +#endif /* - * Check signature algorithm received from the peer with a signature is - * consistent with the sent supported signature algorithms and if so return - * relevant digest. + * Check signature algorithm is consistent with sent supported signature + * algorithms and if so set relevant digest and signature scheme in + * s. */ -int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s, - const unsigned char *sig, EVP_PKEY *pkey) +int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) { - const unsigned char *sent_sigs; - size_t sent_sigslen, i; - int sigalg = tls12_get_sigid(pkey); + const uint16_t *sent_sigs; + const EVP_MD *md = NULL; + char sigalgstr[2]; + size_t sent_sigslen, i, cidx; + int pkeyid = EVP_PKEY_id(pkey); + const SIGALG_LOOKUP *lu; + /* Should never happen */ - if (sigalg == -1) + if (pkeyid == -1) return -1; - /* Check key type is consistent with signature */ - if (sigalg != (int)sig[1]) { - SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG, SSL_R_WRONG_SIGNATURE_TYPE); - return 0; + if (SSL_IS_TLS13(s)) { + /* Disallow DSA for TLS 1.3 */ + if (pkeyid == EVP_PKEY_DSA) { + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS12_CHECK_PEER_SIGALG, + SSL_R_WRONG_SIGNATURE_TYPE); + return 0; + } + /* Only allow PSS for TLS 1.3 */ + if (pkeyid == EVP_PKEY_RSA) + pkeyid = EVP_PKEY_RSA_PSS; + } + lu = tls1_lookup_sigalg(sig); + /* + * Check sigalgs is known. Disallow SHA1/SHA224 with TLS 1.3. Check key type + * is consistent with signature: RSA keys can be used for RSA-PSS + */ + if (lu == NULL + || (SSL_IS_TLS13(s) && (lu->hash == NID_sha1 || lu->hash == NID_sha224)) + || (pkeyid != lu->sig + && (lu->sig != EVP_PKEY_RSA_PSS || pkeyid != EVP_PKEY_RSA))) { + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS12_CHECK_PEER_SIGALG, + SSL_R_WRONG_SIGNATURE_TYPE); + return 0; + } + /* Check the sigalg is consistent with the key OID */ + if (!ssl_cert_lookup_by_nid(EVP_PKEY_id(pkey), &cidx) + || lu->sig_idx != (int)cidx) { + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS12_CHECK_PEER_SIGALG, + SSL_R_WRONG_SIGNATURE_TYPE); + return 0; } + #ifndef OPENSSL_NO_EC - if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) { - unsigned char curve_id[2], comp_id; - /* Check compression and curve matches extensions */ - if (!tls1_set_ec_id(curve_id, &comp_id, EVP_PKEY_get0_EC_KEY(pkey))) - return 0; - if (!s->server && !tls1_check_ec_key(s, curve_id, &comp_id, - CHECK_OWN_GROUPS)) { - SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG, SSL_R_WRONG_CURVE); + if (pkeyid == EVP_PKEY_EC) { + + /* Check point compression is permitted */ + if (!tls1_check_pkey_comp(s, pkey)) { + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, + SSL_F_TLS12_CHECK_PEER_SIGALG, + SSL_R_ILLEGAL_POINT_COMPRESSION); return 0; } - /* If Suite B only P-384+SHA384 or P-256+SHA-256 allowed */ - if (tls1_suiteb(s)) { - if (curve_id[0]) + + /* For TLS 1.3 or Suite B check curve matches signature algorithm */ + if (SSL_IS_TLS13(s) || tls1_suiteb(s)) { + EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); + int curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); + + if (lu->curve != NID_undef && curve != lu->curve) { + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, + SSL_F_TLS12_CHECK_PEER_SIGALG, SSL_R_WRONG_CURVE); return 0; - if (curve_id[1] == TLSEXT_curve_P_256) { - if (sig[0] != TLSEXT_hash_sha256) { - SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG, - SSL_R_ILLEGAL_SUITEB_DIGEST); - return 0; - } - } else if (curve_id[1] == TLSEXT_curve_P_384) { - if (sig[0] != TLSEXT_hash_sha384) { - SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG, - SSL_R_ILLEGAL_SUITEB_DIGEST); + } + } + if (!SSL_IS_TLS13(s)) { + /* Check curve matches extensions */ + if (!tls1_check_group_id(s, tls1_get_group_id(pkey), 1)) { + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, + SSL_F_TLS12_CHECK_PEER_SIGALG, SSL_R_WRONG_CURVE); + return 0; + } + if (tls1_suiteb(s)) { + /* Check sigalg matches a permissible Suite B value */ + if (sig != TLSEXT_SIGALG_ecdsa_secp256r1_sha256 + && sig != TLSEXT_SIGALG_ecdsa_secp384r1_sha384) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, + SSL_F_TLS12_CHECK_PEER_SIGALG, + SSL_R_WRONG_SIGNATURE_TYPE); return 0; } - } else - return 0; + } } - } else if (tls1_suiteb(s)) + } else if (tls1_suiteb(s)) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS12_CHECK_PEER_SIGALG, + SSL_R_WRONG_SIGNATURE_TYPE); return 0; + } #endif /* Check signature matches a type we sent */ sent_sigslen = tls12_get_psigalgs(s, 1, &sent_sigs); - for (i = 0; i < sent_sigslen; i += 2, sent_sigs += 2) { - if (sig[0] == sent_sigs[0] && sig[1] == sent_sigs[1]) + for (i = 0; i < sent_sigslen; i++, sent_sigs++) { + if (sig == *sent_sigs) break; } /* Allow fallback to SHA1 if not strict mode */ - if (i == sent_sigslen - && (sig[0] != TLSEXT_hash_sha1 - || s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)) { - SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG, SSL_R_WRONG_SIGNATURE_TYPE); + if (i == sent_sigslen && (lu->hash != NID_sha1 + || s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS12_CHECK_PEER_SIGALG, + SSL_R_WRONG_SIGNATURE_TYPE); return 0; } - *pmd = tls12_get_hash(sig[0]); - if (*pmd == NULL) { - SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG, SSL_R_UNKNOWN_DIGEST); + if (!tls1_lookup_md(lu, &md)) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS12_CHECK_PEER_SIGALG, + SSL_R_UNKNOWN_DIGEST); return 0; } - /* Make sure security callback allows algorithm */ - if (!ssl_security(s, SSL_SECOP_SIGALG_CHECK, - EVP_MD_size(*pmd) * 4, EVP_MD_type(*pmd), (void *)sig)) { - SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG, SSL_R_WRONG_SIGNATURE_TYPE); - return 0; + if (md != NULL) { + /* + * Make sure security callback allows algorithm. For historical + * reasons we have to pass the sigalg as a two byte char array. + */ + sigalgstr[0] = (sig >> 8) & 0xff; + sigalgstr[1] = sig & 0xff; + if (!ssl_security(s, SSL_SECOP_SIGALG_CHECK, + EVP_MD_size(md) * 4, EVP_MD_type(md), + (void *)sigalgstr)) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS12_CHECK_PEER_SIGALG, + SSL_R_WRONG_SIGNATURE_TYPE); + return 0; + } } - /* - * Store the digest used so applications can retrieve it if they wish. - */ - s->s3->tmp.peer_md = *pmd; + /* Store the sigalg the peer uses */ + s->s3->tmp.peer_sigalg = lu; + return 1; +} + +int SSL_get_peer_signature_type_nid(const SSL *s, int *pnid) +{ + if (s->s3->tmp.peer_sigalg == NULL) + return 0; + *pnid = s->s3->tmp.peer_sigalg->sig; + return 1; +} + +int SSL_get_signature_type_nid(const SSL *s, int *pnid) +{ + if (s->s3->tmp.sigalg == NULL) + return 0; + *pnid = s->s3->tmp.sigalg->sig; return 1; } @@ -849,12 +1142,14 @@ int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s, * * Call ssl_cipher_disabled() to check that it's enabled or not. */ -void ssl_set_client_disabled(SSL *s) +int ssl_set_client_disabled(SSL *s) { s->s3->tmp.mask_a = 0; s->s3->tmp.mask_k = 0; ssl_set_sig_mask(&s->s3->tmp.mask_a, s, SSL_SECOP_SIGALG_MASK); - ssl_get_client_min_max_version(s, &s->s3->tmp.min_ver, &s->s3->tmp.max_ver); + if (ssl_get_min_max_version(s, &s->s3->tmp.min_ver, + &s->s3->tmp.max_ver, NULL) != 0) + return 0; #ifndef OPENSSL_NO_PSK /* with PSK there must be client callback set */ if (!s->psk_client_callback) { @@ -868,6 +1163,7 @@ void ssl_set_client_disabled(SSL *s) s->s3->tmp.mask_k |= SSL_kSRP; } #endif + return 1; } /* @@ -878,2345 +1174,280 @@ void ssl_set_client_disabled(SSL *s) * @ecdhe: If set to 1 then TLSv1 ECDHE ciphers are also allowed in SSLv3 * * Returns 1 when it's disabled, 0 when enabled. - */ -int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op, int ecdhe) -{ - if (c->algorithm_mkey & s->s3->tmp.mask_k - || c->algorithm_auth & s->s3->tmp.mask_a) - return 1; - if (s->s3->tmp.max_ver == 0) - return 1; - if (!SSL_IS_DTLS(s)) { - int min_tls = c->min_tls; - - /* - * For historical reasons we will allow ECHDE to be selected by a server - * in SSLv3 if we are a client - */ - if (min_tls == TLS1_VERSION && ecdhe - && (c->algorithm_mkey & (SSL_kECDHE | SSL_kECDHEPSK)) != 0) - min_tls = SSL3_VERSION; - - if ((min_tls > s->s3->tmp.max_ver) || (c->max_tls < s->s3->tmp.min_ver)) - return 1; - } - if (SSL_IS_DTLS(s) && (DTLS_VERSION_GT(c->min_dtls, s->s3->tmp.max_ver) - || DTLS_VERSION_LT(c->max_dtls, s->s3->tmp.min_ver))) - return 1; - - return !ssl_security(s, op, c->strength_bits, 0, (void *)c); -} - -static int tls_use_ticket(SSL *s) -{ - if (s->options & SSL_OP_NO_TICKET) - return 0; - return ssl_security(s, SSL_SECOP_TICKET, 0, 0, NULL); -} - -static int compare_uint(const void *p1, const void *p2) -{ - unsigned int u1 = *((const unsigned int *)p1); - unsigned int u2 = *((const unsigned int *)p2); - if (u1 < u2) - return -1; - else if (u1 > u2) - return 1; - else - return 0; -} - -/* - * Per http://tools.ietf.org/html/rfc5246#section-7.4.1.4, there may not be - * more than one extension of the same type in a ClientHello or ServerHello. - * This function does an initial scan over the extensions block to filter those - * out. It returns 1 if all extensions are unique, and 0 if the extensions - * contain duplicates, could not be successfully parsed, or an internal error - * occurred. - */ -static int tls1_check_duplicate_extensions(const PACKET *packet) -{ - PACKET extensions = *packet; - size_t num_extensions = 0, i = 0; - unsigned int *extension_types = NULL; - int ret = 0; - - /* First pass: count the extensions. */ - while (PACKET_remaining(&extensions) > 0) { - unsigned int type; - PACKET extension; - if (!PACKET_get_net_2(&extensions, &type) || - !PACKET_get_length_prefixed_2(&extensions, &extension)) { - goto done; - } - num_extensions++; - } - - if (num_extensions <= 1) - return 1; - - extension_types = OPENSSL_malloc(sizeof(unsigned int) * num_extensions); - if (extension_types == NULL) { - SSLerr(SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS, ERR_R_MALLOC_FAILURE); - goto done; - } - - /* Second pass: gather the extension types. */ - extensions = *packet; - for (i = 0; i < num_extensions; i++) { - PACKET extension; - if (!PACKET_get_net_2(&extensions, &extension_types[i]) || - !PACKET_get_length_prefixed_2(&extensions, &extension)) { - /* This should not happen. */ - SSLerr(SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS, ERR_R_INTERNAL_ERROR); - goto done; - } - } - - if (PACKET_remaining(&extensions) != 0) { - SSLerr(SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS, ERR_R_INTERNAL_ERROR); - goto done; - } - /* Sort the extensions and make sure there are no duplicates. */ - qsort(extension_types, num_extensions, sizeof(unsigned int), compare_uint); - for (i = 1; i < num_extensions; i++) { - if (extension_types[i - 1] == extension_types[i]) - goto done; - } - ret = 1; - done: - OPENSSL_free(extension_types); - return ret; -} - -unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, - unsigned char *limit, int *al) -{ - int extdatalen = 0; - unsigned char *orig = buf; - unsigned char *ret = buf; -#ifndef OPENSSL_NO_EC - /* See if we support any ECC ciphersuites */ - int using_ecc = 0; - if (s->version >= TLS1_VERSION || SSL_IS_DTLS(s)) { - int i; - unsigned long alg_k, alg_a; - STACK_OF(SSL_CIPHER) *cipher_stack = SSL_get_ciphers(s); - - for (i = 0; i < sk_SSL_CIPHER_num(cipher_stack); i++) { - const SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i); - - alg_k = c->algorithm_mkey; - alg_a = c->algorithm_auth; - if ((alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) - || (alg_a & SSL_aECDSA)) { - using_ecc = 1; - break; - } - } - } -#endif - - ret += 2; - - if (ret >= limit) - return NULL; /* this really never occurs, but ... */ - - /* Add RI if renegotiating */ - if (s->renegotiate) { - int el; - - if (!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0)) { - SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); - return NULL; - } - - if (CHECKLEN(ret, 4 + el, limit)) - return NULL; - - s2n(TLSEXT_TYPE_renegotiate, ret); - s2n(el, ret); - - if (!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el)) { - SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); - return NULL; - } - - ret += el; - } - /* Only add RI for SSLv3 */ - if (s->client_version == SSL3_VERSION) - goto done; - - if (s->tlsext_hostname != NULL) { - /* Add TLS extension servername to the Client Hello message */ - size_t size_str; - - /*- - * check for enough space. - * 4 for the servername type and extension length - * 2 for servernamelist length - * 1 for the hostname type - * 2 for hostname length - * + hostname length - */ - size_str = strlen(s->tlsext_hostname); - if (CHECKLEN(ret, 9 + size_str, limit)) - return NULL; - - /* extension type and length */ - s2n(TLSEXT_TYPE_server_name, ret); - s2n(size_str + 5, ret); - - /* length of servername list */ - s2n(size_str + 3, ret); - - /* hostname type, length and hostname */ - *(ret++) = (unsigned char)TLSEXT_NAMETYPE_host_name; - s2n(size_str, ret); - memcpy(ret, s->tlsext_hostname, size_str); - ret += size_str; - } -#ifndef OPENSSL_NO_SRP - /* Add SRP username if there is one */ - if (s->srp_ctx.login != NULL) { /* Add TLS extension SRP username to the - * Client Hello message */ - - size_t login_len = strlen(s->srp_ctx.login); - if (login_len > 255 || login_len == 0) { - SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); - return NULL; - } - - /*- - * check for enough space. - * 4 for the srp type type and extension length - * 1 for the srp user identity - * + srp user identity length - */ - if (CHECKLEN(ret, 5 + login_len, limit)) - return NULL; - - /* fill in the extension */ - s2n(TLSEXT_TYPE_srp, ret); - s2n(login_len + 1, ret); - (*ret++) = (unsigned char)login_len; - memcpy(ret, s->srp_ctx.login, login_len); - ret += login_len; - } -#endif - -#ifndef OPENSSL_NO_EC - if (using_ecc) { - /* - * Add TLS extension ECPointFormats to the ClientHello message - */ - const unsigned char *pcurves, *pformats; - size_t num_curves, num_formats, curves_list_len; - size_t i; - unsigned char *etmp; - - tls1_get_formatlist(s, &pformats, &num_formats); - - if (num_formats > 255) { - SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); - return NULL; - } - /*- - * check for enough space. - * 4 bytes for the ec point formats type and extension length - * 1 byte for the length of the formats - * + formats length - */ - if (CHECKLEN(ret, 5 + num_formats, limit)) - return NULL; - - s2n(TLSEXT_TYPE_ec_point_formats, ret); - /* The point format list has 1-byte length. */ - s2n(num_formats + 1, ret); - *(ret++) = (unsigned char)num_formats; - memcpy(ret, pformats, num_formats); - ret += num_formats; - - /* - * Add TLS extension EllipticCurves to the ClientHello message - */ - pcurves = s->tlsext_ellipticcurvelist; - if (!tls1_get_curvelist(s, 0, &pcurves, &num_curves)) - return NULL; - - if (num_curves > 65532 / 2) { - SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); - return NULL; - } - /*- - * check for enough space. - * 4 bytes for the ec curves type and extension length - * 2 bytes for the curve list length - * + curve list length - */ - if (CHECKLEN(ret, 6 + (num_curves * 2), limit)) - return NULL; - - s2n(TLSEXT_TYPE_elliptic_curves, ret); - etmp = ret + 4; - /* Copy curve ID if supported */ - for (i = 0; i < num_curves; i++, pcurves += 2) { - if (tls_curve_allowed(s, pcurves, SSL_SECOP_CURVE_SUPPORTED)) { - *etmp++ = pcurves[0]; - *etmp++ = pcurves[1]; - } - } - - curves_list_len = etmp - ret - 4; - - s2n(curves_list_len + 2, ret); - s2n(curves_list_len, ret); - ret += curves_list_len; - } -#endif /* OPENSSL_NO_EC */ - - if (tls_use_ticket(s)) { - size_t ticklen; - if (!s->new_session && s->session && s->session->tlsext_tick) - ticklen = s->session->tlsext_ticklen; - else if (s->session && s->tlsext_session_ticket && - s->tlsext_session_ticket->data) { - ticklen = s->tlsext_session_ticket->length; - s->session->tlsext_tick = OPENSSL_malloc(ticklen); - if (s->session->tlsext_tick == NULL) - return NULL; - memcpy(s->session->tlsext_tick, - s->tlsext_session_ticket->data, ticklen); - s->session->tlsext_ticklen = ticklen; - } else - ticklen = 0; - if (ticklen == 0 && s->tlsext_session_ticket && - s->tlsext_session_ticket->data == NULL) - goto skip_ext; - /* - * Check for enough room 2 for extension type, 2 for len rest for - * ticket - */ - if (CHECKLEN(ret, 4 + ticklen, limit)) - return NULL; - s2n(TLSEXT_TYPE_session_ticket, ret); - s2n(ticklen, ret); - if (ticklen > 0) { - memcpy(ret, s->session->tlsext_tick, ticklen); - ret += ticklen; - } - } - skip_ext: - -#ifndef OPENSSL_NO_OCSP - if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) { - int i; - size_t extlen, idlen; - int lentmp; - OCSP_RESPID *id; - - idlen = 0; - for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) { - id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i); - lentmp = i2d_OCSP_RESPID(id, NULL); - if (lentmp <= 0) - return NULL; - idlen += (size_t)lentmp + 2; - } - - if (s->tlsext_ocsp_exts) { - lentmp = i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, NULL); - if (lentmp < 0) - return NULL; - extlen = (size_t)lentmp; - } else - extlen = 0; - - if (extlen + idlen > 0xFFF0) - return NULL; - /* - * 2 bytes for status request type - * 2 bytes for status request len - * 1 byte for OCSP request type - * 2 bytes for length of ids - * 2 bytes for length of extensions - * + length of ids - * + length of extensions - */ - if (CHECKLEN(ret, 9 + idlen + extlen, limit)) - return NULL; - - s2n(TLSEXT_TYPE_status_request, ret); - s2n(extlen + idlen + 5, ret); - *(ret++) = TLSEXT_STATUSTYPE_ocsp; - s2n(idlen, ret); - for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) { - /* save position of id len */ - unsigned char *q = ret; - id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i); - /* skip over id len */ - ret += 2; - lentmp = i2d_OCSP_RESPID(id, &ret); - /* write id len */ - s2n(lentmp, q); - } - s2n(extlen, ret); - if (extlen > 0) - i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret); - } -#endif -#ifndef OPENSSL_NO_HEARTBEATS - if (SSL_IS_DTLS(s)) { - /* Add Heartbeat extension */ - - /*- - * check for enough space. - * 4 bytes for the heartbeat ext type and extension length - * 1 byte for the mode - */ - if (CHECKLEN(ret, 5, limit)) - return NULL; - - s2n(TLSEXT_TYPE_heartbeat, ret); - s2n(1, ret); - /*- - * Set mode: - * 1: peer may send requests - * 2: peer not allowed to send requests - */ - if (s->tlsext_heartbeat & SSL_DTLSEXT_HB_DONT_RECV_REQUESTS) - *(ret++) = SSL_DTLSEXT_HB_DONT_SEND_REQUESTS; - else - *(ret++) = SSL_DTLSEXT_HB_ENABLED; - } -#endif - -#ifndef OPENSSL_NO_NEXTPROTONEG - if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len) { - /* - * The client advertises an empty extension to indicate its support - * for Next Protocol Negotiation - */ - - /*- - * check for enough space. - * 4 bytes for the NPN ext type and extension length - */ - if (CHECKLEN(ret, 4, limit)) - return NULL; - s2n(TLSEXT_TYPE_next_proto_neg, ret); - s2n(0, ret); - } -#endif - - /* - * finish_md_len is non-zero during a renegotiation, so - * this avoids sending ALPN during the renegotiation - * (see longer comment below) - */ - if (s->alpn_client_proto_list && !s->s3->tmp.finish_md_len) { - /*- - * check for enough space. - * 4 bytes for the ALPN type and extension length - * 2 bytes for the ALPN protocol list length - * + ALPN protocol list length - */ - if (CHECKLEN(ret, 6 + s->alpn_client_proto_list_len, limit)) - return NULL; - s2n(TLSEXT_TYPE_application_layer_protocol_negotiation, ret); - s2n(2 + s->alpn_client_proto_list_len, ret); - s2n(s->alpn_client_proto_list_len, ret); - memcpy(ret, s->alpn_client_proto_list, s->alpn_client_proto_list_len); - ret += s->alpn_client_proto_list_len; - s->s3->alpn_sent = 1; - } -#ifndef OPENSSL_NO_SRTP - if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)) { - int el; - - /* Returns 0 on success!! */ - if (ssl_add_clienthello_use_srtp_ext(s, 0, &el, 0)) { - SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); - return NULL; - } - - /*- - * check for enough space. - * 4 bytes for the SRTP type and extension length - * + SRTP profiles length - */ - if (CHECKLEN(ret, 4 + el, limit)) - return NULL; - - s2n(TLSEXT_TYPE_use_srtp, ret); - s2n(el, ret); - - if (ssl_add_clienthello_use_srtp_ext(s, ret, &el, el)) { - SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); - return NULL; - } - ret += el; - } -#endif - custom_ext_init(&s->cert->cli_ext); - /* Add custom TLS Extensions to ClientHello */ - if (!custom_ext_add(s, 0, &ret, limit, al)) - return NULL; - /* - * In 1.1.0 before 1.1.0c we negotiated EtM with DTLS, then just - * silently failed to actually do it. It is fixed in 1.1.1 but to - * ease the transition especially from 1.1.0b to 1.1.0c, we just - * disable it in 1.1.0. - * Also skip if SSL_OP_NO_ENCRYPT_THEN_MAC is set. - */ - if (!SSL_IS_DTLS(s) && !(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC)) { - /*- - * check for enough space. - * 4 bytes for the ETM type and extension length - */ - if (CHECKLEN(ret, 4, limit)) - return NULL; - s2n(TLSEXT_TYPE_encrypt_then_mac, ret); - s2n(0, ret); - } - -#ifndef OPENSSL_NO_CT - if (s->ct_validation_callback != NULL) { - /*- - * check for enough space. - * 4 bytes for the SCT type and extension length - */ - if (CHECKLEN(ret, 4, limit)) - return NULL; - - s2n(TLSEXT_TYPE_signed_certificate_timestamp, ret); - s2n(0, ret); - } -#endif - - /*- - * check for enough space. - * 4 bytes for the EMS type and extension length - */ - if (CHECKLEN(ret, 4, limit)) - return NULL; - s2n(TLSEXT_TYPE_extended_master_secret, ret); - s2n(0, ret); - - /* - * WebSphere application server can not handle having the - * last extension be 0-length (e.g. EMS, EtM), so keep those - * before SigAlgs - */ - if (SSL_CLIENT_USE_SIGALGS(s)) { - size_t salglen; - const unsigned char *salg; - unsigned char *etmp; - salglen = tls12_get_psigalgs(s, 1, &salg); - - /*- - * check for enough space. - * 4 bytes for the sigalgs type and extension length - * 2 bytes for the sigalg list length - * + sigalg list length - */ - if (CHECKLEN(ret, salglen + 6, limit)) - return NULL; - s2n(TLSEXT_TYPE_signature_algorithms, ret); - etmp = ret; - /* Skip over lengths for now */ - ret += 4; - salglen = tls12_copy_sigalgs(s, ret, salg, salglen); - /* Fill in lengths */ - s2n(salglen + 2, etmp); - s2n(salglen, etmp); - ret += salglen; - } - - /* - * Add padding to workaround bugs in F5 terminators. See - * https://tools.ietf.org/html/draft-agl-tls-padding-03 NB: because this - * code works out the length of all existing extensions it MUST always - * appear last. WebSphere 7.x/8.x is intolerant of empty extensions - * being last, so minimum length of 1. - */ - if (s->options & SSL_OP_TLSEXT_PADDING) { - int hlen = ret - (unsigned char *)s->init_buf->data; - - if (hlen > 0xff && hlen < 0x200) { - hlen = 0x200 - hlen; - if (hlen >= 4) - hlen -= 4; - else - hlen = 1; - - /*- - * check for enough space. Strictly speaking we know we've already - * got enough space because to get here the message size is < 0x200, - * but we know that we've allocated far more than that in the buffer - * - but for consistency and robustness we're going to check anyway. - * - * 4 bytes for the padding type and extension length - * + padding length - */ - if (CHECKLEN(ret, 4 + hlen, limit)) - return NULL; - s2n(TLSEXT_TYPE_padding, ret); - s2n(hlen, ret); - memset(ret, 0, hlen); - ret += hlen; - } - } - - done: - - if ((extdatalen = ret - orig - 2) == 0) - return orig; - - s2n(extdatalen, orig); - return ret; -} - -unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, - unsigned char *limit, int *al) -{ - int extdatalen = 0; - unsigned char *orig = buf; - unsigned char *ret = buf; -#ifndef OPENSSL_NO_NEXTPROTONEG - int next_proto_neg_seen; -#endif -#ifndef OPENSSL_NO_EC - unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; - unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; - int using_ecc = (alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA); - using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL); -#endif - - ret += 2; - if (ret >= limit) - return NULL; /* this really never occurs, but ... */ - - if (s->s3->send_connection_binding) { - int el; - - /* Still add this even if SSL_OP_NO_RENEGOTIATION is set */ - if (!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0)) { - SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); - return NULL; - } - - /*- - * check for enough space. - * 4 bytes for the reneg type and extension length - * + reneg data length - */ - if (CHECKLEN(ret, 4 + el, limit)) - return NULL; - - s2n(TLSEXT_TYPE_renegotiate, ret); - s2n(el, ret); - - if (!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el)) { - SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); - return NULL; - } - - ret += el; - } - - /* Only add RI for SSLv3 */ - if (s->version == SSL3_VERSION) - goto done; - - if (!s->hit && s->servername_done == 1 - && s->session->tlsext_hostname != NULL) { - /*- - * check for enough space. - * 4 bytes for the server name type and extension length - */ - if (CHECKLEN(ret, 4, limit)) - return NULL; - - s2n(TLSEXT_TYPE_server_name, ret); - s2n(0, ret); - } -#ifndef OPENSSL_NO_EC - if (using_ecc) { - const unsigned char *plist; - size_t plistlen; - /* - * Add TLS extension ECPointFormats to the ServerHello message - */ - - tls1_get_formatlist(s, &plist, &plistlen); - - if (plistlen > 255) { - SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); - return NULL; - } - - /*- - * check for enough space. - * 4 bytes for the ec points format type and extension length - * 1 byte for the points format list length - * + length of points format list - */ - if (CHECKLEN(ret, 5 + plistlen, limit)) - return NULL; - - s2n(TLSEXT_TYPE_ec_point_formats, ret); - s2n(plistlen + 1, ret); - *(ret++) = (unsigned char)plistlen; - memcpy(ret, plist, plistlen); - ret += plistlen; - - } - /* - * Currently the server should not respond with a SupportedCurves - * extension - */ -#endif /* OPENSSL_NO_EC */ - - if (s->tlsext_ticket_expected && tls_use_ticket(s)) { - /*- - * check for enough space. - * 4 bytes for the Ticket type and extension length - */ - if (CHECKLEN(ret, 4, limit)) - return NULL; - s2n(TLSEXT_TYPE_session_ticket, ret); - s2n(0, ret); - } else { - /* - * if we don't add the above TLSEXT, we can't add a session ticket - * later - */ - s->tlsext_ticket_expected = 0; - } - - if (s->tlsext_status_expected) { - /*- - * check for enough space. - * 4 bytes for the Status request type and extension length - */ - if (CHECKLEN(ret, 4, limit)) - return NULL; - s2n(TLSEXT_TYPE_status_request, ret); - s2n(0, ret); - } -#ifndef OPENSSL_NO_SRTP - if (SSL_IS_DTLS(s) && s->srtp_profile) { - int el; - - /* Returns 0 on success!! */ - if (ssl_add_serverhello_use_srtp_ext(s, 0, &el, 0)) { - SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); - return NULL; - } - /*- - * check for enough space. - * 4 bytes for the SRTP profiles type and extension length - * + length of the SRTP profiles list - */ - if (CHECKLEN(ret, 4 + el, limit)) - return NULL; - - s2n(TLSEXT_TYPE_use_srtp, ret); - s2n(el, ret); - - if (ssl_add_serverhello_use_srtp_ext(s, ret, &el, el)) { - SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); - return NULL; - } - ret += el; - } -#endif - - if (((s->s3->tmp.new_cipher->id & 0xFFFF) == 0x80 - || (s->s3->tmp.new_cipher->id & 0xFFFF) == 0x81) - && (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG)) { - const unsigned char cryptopro_ext[36] = { - 0xfd, 0xe8, /* 65000 */ - 0x00, 0x20, /* 32 bytes length */ - 0x30, 0x1e, 0x30, 0x08, 0x06, 0x06, 0x2a, 0x85, - 0x03, 0x02, 0x02, 0x09, 0x30, 0x08, 0x06, 0x06, - 0x2a, 0x85, 0x03, 0x02, 0x02, 0x16, 0x30, 0x08, - 0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x17 - }; - - /* check for enough space. */ - if (CHECKLEN(ret, sizeof(cryptopro_ext), limit)) - return NULL; - memcpy(ret, cryptopro_ext, sizeof(cryptopro_ext)); - ret += sizeof(cryptopro_ext); - - } -#ifndef OPENSSL_NO_HEARTBEATS - /* Add Heartbeat extension if we've received one */ - if (SSL_IS_DTLS(s) && (s->tlsext_heartbeat & SSL_DTLSEXT_HB_ENABLED)) { - /*- - * check for enough space. - * 4 bytes for the Heartbeat type and extension length - * 1 byte for the mode - */ - if (CHECKLEN(ret, 5, limit)) - return NULL; - s2n(TLSEXT_TYPE_heartbeat, ret); - s2n(1, ret); - /*- - * Set mode: - * 1: peer may send requests - * 2: peer not allowed to send requests - */ - if (s->tlsext_heartbeat & SSL_DTLSEXT_HB_DONT_RECV_REQUESTS) - *(ret++) = SSL_DTLSEXT_HB_DONT_SEND_REQUESTS; - else - *(ret++) = SSL_DTLSEXT_HB_ENABLED; - - } -#endif - -#ifndef OPENSSL_NO_NEXTPROTONEG - next_proto_neg_seen = s->s3->next_proto_neg_seen; - s->s3->next_proto_neg_seen = 0; - if (next_proto_neg_seen && s->ctx->next_protos_advertised_cb) { - const unsigned char *npa; - unsigned int npalen; - int r; - - r = s->ctx->next_protos_advertised_cb(s, &npa, &npalen, - s-> - ctx->next_protos_advertised_cb_arg); - if (r == SSL_TLSEXT_ERR_OK) { - /*- - * check for enough space. - * 4 bytes for the NPN type and extension length - * + length of protocols list - */ - if (CHECKLEN(ret, 4 + npalen, limit)) - return NULL; - s2n(TLSEXT_TYPE_next_proto_neg, ret); - s2n(npalen, ret); - memcpy(ret, npa, npalen); - ret += npalen; - s->s3->next_proto_neg_seen = 1; - } - } -#endif - if (!custom_ext_add(s, 1, &ret, limit, al)) - return NULL; - if (s->tlsext_use_etm) { - /* - * Don't use encrypt_then_mac if AEAD or RC4 might want to disable - * for other cases too. - */ - if (SSL_IS_DTLS(s) || s->s3->tmp.new_cipher->algorithm_mac == SSL_AEAD - || s->s3->tmp.new_cipher->algorithm_enc == SSL_RC4 - || s->s3->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT - || s->s3->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT12) - s->tlsext_use_etm = 0; - else { - /*- - * check for enough space. - * 4 bytes for the ETM type and extension length - */ - if (CHECKLEN(ret, 4, limit)) - return NULL; - s2n(TLSEXT_TYPE_encrypt_then_mac, ret); - s2n(0, ret); - } - } - if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) { - /*- - * check for enough space. - * 4 bytes for the EMS type and extension length - */ - if (CHECKLEN(ret, 4, limit)) - return NULL; - s2n(TLSEXT_TYPE_extended_master_secret, ret); - s2n(0, ret); - } - - if (s->s3->alpn_selected != NULL) { - const unsigned char *selected = s->s3->alpn_selected; - size_t len = s->s3->alpn_selected_len; - - /*- - * check for enough space. - * 4 bytes for the ALPN type and extension length - * 2 bytes for ALPN data length - * 1 byte for selected protocol length - * + length of the selected protocol - */ - if (CHECKLEN(ret, 7 + len, limit)) - return NULL; - s2n(TLSEXT_TYPE_application_layer_protocol_negotiation, ret); - s2n(3 + len, ret); - s2n(1 + len, ret); - *ret++ = len; - memcpy(ret, selected, len); - ret += len; - } - - done: - - if ((extdatalen = ret - orig - 2) == 0) - return orig; - - s2n(extdatalen, orig); - return ret; -} - -/* - * Save the ALPN extension in a ClientHello. - * pkt: the contents of the ALPN extension, not including type and length. - * al: a pointer to the alert value to send in the event of a failure. - * returns: 1 on success, 0 on error. - */ -static int tls1_alpn_handle_client_hello(SSL *s, PACKET *pkt, int *al) -{ - PACKET protocol_list, save_protocol_list, protocol; - - *al = SSL_AD_DECODE_ERROR; - - if (!PACKET_as_length_prefixed_2(pkt, &protocol_list) - || PACKET_remaining(&protocol_list) < 2) { - return 0; - } - - save_protocol_list = protocol_list; - do { - /* Protocol names can't be empty. */ - if (!PACKET_get_length_prefixed_1(&protocol_list, &protocol) - || PACKET_remaining(&protocol) == 0) { - return 0; - } - } while (PACKET_remaining(&protocol_list) != 0); - - if (!PACKET_memdup(&save_protocol_list, - &s->s3->alpn_proposed, &s->s3->alpn_proposed_len)) { - *al = TLS1_AD_INTERNAL_ERROR; - return 0; - } - - return 1; -} - -/* - * Process the ALPN extension in a ClientHello. - * al: a pointer to the alert value to send in the event of a failure. - * returns 1 on success, 0 on error. - */ -static int tls1_alpn_handle_client_hello_late(SSL *s, int *al) -{ - const unsigned char *selected = NULL; - unsigned char selected_len = 0; - - if (s->ctx->alpn_select_cb != NULL && s->s3->alpn_proposed != NULL) { - int r = s->ctx->alpn_select_cb(s, &selected, &selected_len, - s->s3->alpn_proposed, - s->s3->alpn_proposed_len, - s->ctx->alpn_select_cb_arg); - - if (r == SSL_TLSEXT_ERR_OK) { - OPENSSL_free(s->s3->alpn_selected); - s->s3->alpn_selected = OPENSSL_memdup(selected, selected_len); - if (s->s3->alpn_selected == NULL) { - *al = SSL_AD_INTERNAL_ERROR; - return 0; - } - s->s3->alpn_selected_len = selected_len; -#ifndef OPENSSL_NO_NEXTPROTONEG - /* ALPN takes precedence over NPN. */ - s->s3->next_proto_neg_seen = 0; -#endif - } else if (r == SSL_TLSEXT_ERR_NOACK) { - /* Behave as if no callback was present. */ - return 1; - } else { - *al = SSL_AD_NO_APPLICATION_PROTOCOL; - return 0; - } - } - - return 1; -} - -#ifndef OPENSSL_NO_EC -/*- - * ssl_check_for_safari attempts to fingerprint Safari using OS X - * SecureTransport using the TLS extension block in |pkt|. - * Safari, since 10.6, sends exactly these extensions, in this order: - * SNI, - * elliptic_curves - * ec_point_formats - * - * We wish to fingerprint Safari because they broke ECDHE-ECDSA support in 10.8, - * but they advertise support. So enabling ECDHE-ECDSA ciphers breaks them. - * Sadly we cannot differentiate 10.6, 10.7 and 10.8.4 (which work), from - * 10.8..10.8.3 (which don't work). - */ -static void ssl_check_for_safari(SSL *s, const PACKET *pkt) -{ - unsigned int type; - PACKET sni, tmppkt; - size_t ext_len; - - static const unsigned char kSafariExtensionsBlock[] = { - 0x00, 0x0a, /* elliptic_curves extension */ - 0x00, 0x08, /* 8 bytes */ - 0x00, 0x06, /* 6 bytes of curve ids */ - 0x00, 0x17, /* P-256 */ - 0x00, 0x18, /* P-384 */ - 0x00, 0x19, /* P-521 */ - - 0x00, 0x0b, /* ec_point_formats */ - 0x00, 0x02, /* 2 bytes */ - 0x01, /* 1 point format */ - 0x00, /* uncompressed */ - /* The following is only present in TLS 1.2 */ - 0x00, 0x0d, /* signature_algorithms */ - 0x00, 0x0c, /* 12 bytes */ - 0x00, 0x0a, /* 10 bytes */ - 0x05, 0x01, /* SHA-384/RSA */ - 0x04, 0x01, /* SHA-256/RSA */ - 0x02, 0x01, /* SHA-1/RSA */ - 0x04, 0x03, /* SHA-256/ECDSA */ - 0x02, 0x03, /* SHA-1/ECDSA */ - }; - - /* Length of the common prefix (first two extensions). */ - static const size_t kSafariCommonExtensionsLength = 18; - - tmppkt = *pkt; - - if (!PACKET_forward(&tmppkt, 2) - || !PACKET_get_net_2(&tmppkt, &type) - || !PACKET_get_length_prefixed_2(&tmppkt, &sni)) { - return; - } - - if (type != TLSEXT_TYPE_server_name) - return; - - ext_len = TLS1_get_client_version(s) >= TLS1_2_VERSION ? - sizeof(kSafariExtensionsBlock) : kSafariCommonExtensionsLength; - - s->s3->is_probably_safari = PACKET_equal(&tmppkt, kSafariExtensionsBlock, - ext_len); -} -#endif /* !OPENSSL_NO_EC */ - -/* - * Parse ClientHello extensions and stash extension info in various parts of - * the SSL object. Verify that there are no duplicate extensions. - * - * Behaviour upon resumption is extension-specific. If the extension has no - * effect during resumption, it is parsed (to verify its format) but otherwise - * ignored. - * - * Consumes the entire packet in |pkt|. Returns 1 on success and 0 on failure. - * Upon failure, sets |al| to the appropriate alert. - */ -static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al) -{ - unsigned int type; - int renegotiate_seen = 0; - PACKET extensions; - - *al = SSL_AD_DECODE_ERROR; - s->servername_done = 0; - s->tlsext_status_type = -1; -#ifndef OPENSSL_NO_NEXTPROTONEG - s->s3->next_proto_neg_seen = 0; -#endif - - OPENSSL_free(s->s3->alpn_selected); - s->s3->alpn_selected = NULL; - s->s3->alpn_selected_len = 0; - OPENSSL_free(s->s3->alpn_proposed); - s->s3->alpn_proposed = NULL; - s->s3->alpn_proposed_len = 0; -#ifndef OPENSSL_NO_HEARTBEATS - s->tlsext_heartbeat &= ~(SSL_DTLSEXT_HB_ENABLED | - SSL_DTLSEXT_HB_DONT_SEND_REQUESTS); -#endif - -#ifndef OPENSSL_NO_EC - if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG) - ssl_check_for_safari(s, pkt); -#endif /* !OPENSSL_NO_EC */ - - /* Clear any signature algorithms extension received */ - OPENSSL_free(s->s3->tmp.peer_sigalgs); - s->s3->tmp.peer_sigalgs = NULL; - s->tlsext_use_etm = 0; - -#ifndef OPENSSL_NO_SRP - OPENSSL_free(s->srp_ctx.login); - s->srp_ctx.login = NULL; -#endif - - s->srtp_profile = NULL; - - if (PACKET_remaining(pkt) == 0) - goto ri_check; - - if (!PACKET_as_length_prefixed_2(pkt, &extensions)) - return 0; - - if (!tls1_check_duplicate_extensions(&extensions)) - return 0; - - /* - * We parse all extensions to ensure the ClientHello is well-formed but, - * unless an extension specifies otherwise, we ignore extensions upon - * resumption. - */ - while (PACKET_get_net_2(&extensions, &type)) { - PACKET extension; - if (!PACKET_get_length_prefixed_2(&extensions, &extension)) - return 0; - - if (s->tlsext_debug_cb) - s->tlsext_debug_cb(s, 0, type, PACKET_data(&extension), - PACKET_remaining(&extension), - s->tlsext_debug_arg); - - if (type == TLSEXT_TYPE_renegotiate) { - if (!ssl_parse_clienthello_renegotiate_ext(s, &extension, al)) - return 0; - renegotiate_seen = 1; - } else if (s->version == SSL3_VERSION) { - } -/*- - * The servername extension is treated as follows: - * - * - Only the hostname type is supported with a maximum length of 255. - * - The servername is rejected if too long or if it contains zeros, - * in which case an fatal alert is generated. - * - The servername field is maintained together with the session cache. - * - When a session is resumed, the servername call back invoked in order - * to allow the application to position itself to the right context. - * - The servername is acknowledged if it is new for a session or when - * it is identical to a previously used for the same session. - * Applications can control the behaviour. They can at any time - * set a 'desirable' servername for a new SSL object. This can be the - * case for example with HTTPS when a Host: header field is received and - * a renegotiation is requested. In this case, a possible servername - * presented in the new client hello is only acknowledged if it matches - * the value of the Host: field. - * - Applications must use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION - * if they provide for changing an explicit servername context for the - * session, i.e. when the session has been established with a servername - * extension. - * - On session reconnect, the servername extension may be absent. - * - */ - - else if (type == TLSEXT_TYPE_server_name) { - unsigned int servname_type; - PACKET sni, hostname; - - if (!PACKET_as_length_prefixed_2(&extension, &sni) - /* ServerNameList must be at least 1 byte long. */ - || PACKET_remaining(&sni) == 0) { - return 0; - } - - /* - * Although the server_name extension was intended to be - * extensible to new name types, RFC 4366 defined the - * syntax inextensibility and OpenSSL 1.0.x parses it as - * such. - * RFC 6066 corrected the mistake but adding new name types - * is nevertheless no longer feasible, so act as if no other - * SNI types can exist, to simplify parsing. - * - * Also note that the RFC permits only one SNI value per type, - * i.e., we can only have a single hostname. - */ - if (!PACKET_get_1(&sni, &servname_type) - || servname_type != TLSEXT_NAMETYPE_host_name - || !PACKET_as_length_prefixed_2(&sni, &hostname)) { - return 0; - } - - if (!s->hit) { - if (PACKET_remaining(&hostname) > TLSEXT_MAXLEN_host_name) { - *al = TLS1_AD_UNRECOGNIZED_NAME; - return 0; - } - - if (PACKET_contains_zero_byte(&hostname)) { - *al = TLS1_AD_UNRECOGNIZED_NAME; - return 0; - } - - if (!PACKET_strndup(&hostname, &s->session->tlsext_hostname)) { - *al = TLS1_AD_INTERNAL_ERROR; - return 0; - } - - s->servername_done = 1; - } else { - /* - * TODO(openssl-team): if the SNI doesn't match, we MUST - * fall back to a full handshake. - */ - s->servername_done = s->session->tlsext_hostname - && PACKET_equal(&hostname, s->session->tlsext_hostname, - strlen(s->session->tlsext_hostname)); - } - } -#ifndef OPENSSL_NO_SRP - else if (type == TLSEXT_TYPE_srp) { - PACKET srp_I; - - if (!PACKET_as_length_prefixed_1(&extension, &srp_I)) - return 0; - - if (PACKET_contains_zero_byte(&srp_I)) - return 0; - - /* - * TODO(openssl-team): currently, we re-authenticate the user - * upon resumption. Instead, we MUST ignore the login. - */ - if (!PACKET_strndup(&srp_I, &s->srp_ctx.login)) { - *al = TLS1_AD_INTERNAL_ERROR; - return 0; - } - } -#endif - -#ifndef OPENSSL_NO_EC - else if (type == TLSEXT_TYPE_ec_point_formats) { - PACKET ec_point_format_list; - - if (!PACKET_as_length_prefixed_1(&extension, &ec_point_format_list) - || PACKET_remaining(&ec_point_format_list) == 0) { - return 0; - } - - if (!s->hit) { - if (!PACKET_memdup(&ec_point_format_list, - &s->session->tlsext_ecpointformatlist, - &s-> - session->tlsext_ecpointformatlist_length)) { - *al = TLS1_AD_INTERNAL_ERROR; - return 0; - } - } - } else if (type == TLSEXT_TYPE_elliptic_curves) { - PACKET elliptic_curve_list; - - /* Each NamedCurve is 2 bytes and we must have at least 1. */ - if (!PACKET_as_length_prefixed_2(&extension, &elliptic_curve_list) - || PACKET_remaining(&elliptic_curve_list) == 0 - || (PACKET_remaining(&elliptic_curve_list) % 2) != 0) { - return 0; - } - - if (!s->hit) { - if (!PACKET_memdup(&elliptic_curve_list, - &s->session->tlsext_ellipticcurvelist, - &s-> - session->tlsext_ellipticcurvelist_length)) { - *al = TLS1_AD_INTERNAL_ERROR; - return 0; - } - } - } -#endif /* OPENSSL_NO_EC */ - else if (type == TLSEXT_TYPE_session_ticket) { - if (s->tls_session_ticket_ext_cb && - !s->tls_session_ticket_ext_cb(s, PACKET_data(&extension), - PACKET_remaining(&extension), - s->tls_session_ticket_ext_cb_arg)) - { - *al = TLS1_AD_INTERNAL_ERROR; - return 0; - } - } else if (type == TLSEXT_TYPE_signature_algorithms) { - PACKET supported_sig_algs; - - if (!PACKET_as_length_prefixed_2(&extension, &supported_sig_algs) - || (PACKET_remaining(&supported_sig_algs) % 2) != 0 - || PACKET_remaining(&supported_sig_algs) == 0) { - return 0; - } - - if (!s->hit) { - if (!tls1_save_sigalgs(s, PACKET_data(&supported_sig_algs), - PACKET_remaining(&supported_sig_algs))) { - return 0; - } - } - } else if (type == TLSEXT_TYPE_status_request) { - /* Ignore this if resuming */ - if (s->hit) - continue; - - if (!PACKET_get_1(&extension, - (unsigned int *)&s->tlsext_status_type)) { - return 0; - } -#ifndef OPENSSL_NO_OCSP - if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) { - const unsigned char *ext_data; - PACKET responder_id_list, exts; - if (!PACKET_get_length_prefixed_2 - (&extension, &responder_id_list)) - return 0; - - /* - * We remove any OCSP_RESPIDs from a previous handshake - * to prevent unbounded memory growth - CVE-2016-6304 - */ - sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, - OCSP_RESPID_free); - if (PACKET_remaining(&responder_id_list) > 0) { - s->tlsext_ocsp_ids = sk_OCSP_RESPID_new_null(); - if (s->tlsext_ocsp_ids == NULL) { - *al = SSL_AD_INTERNAL_ERROR; - return 0; - } - } else { - s->tlsext_ocsp_ids = NULL; - } - - while (PACKET_remaining(&responder_id_list) > 0) { - OCSP_RESPID *id; - PACKET responder_id; - const unsigned char *id_data; - - if (!PACKET_get_length_prefixed_2(&responder_id_list, - &responder_id) - || PACKET_remaining(&responder_id) == 0) { - return 0; - } - - id_data = PACKET_data(&responder_id); - id = d2i_OCSP_RESPID(NULL, &id_data, - PACKET_remaining(&responder_id)); - if (id == NULL) - return 0; - - if (id_data != PACKET_end(&responder_id)) { - OCSP_RESPID_free(id); - return 0; - } - - if (!sk_OCSP_RESPID_push(s->tlsext_ocsp_ids, id)) { - OCSP_RESPID_free(id); - *al = SSL_AD_INTERNAL_ERROR; - return 0; - } - } - - /* Read in request_extensions */ - if (!PACKET_as_length_prefixed_2(&extension, &exts)) - return 0; - - if (PACKET_remaining(&exts) > 0) { - ext_data = PACKET_data(&exts); - sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, - X509_EXTENSION_free); - s->tlsext_ocsp_exts = - d2i_X509_EXTENSIONS(NULL, &ext_data, - PACKET_remaining(&exts)); - if (s->tlsext_ocsp_exts == NULL - || ext_data != PACKET_end(&exts)) { - return 0; - } - } - } else -#endif - { - /* - * We don't know what to do with any other type so ignore it. - */ - s->tlsext_status_type = -1; - } - } -#ifndef OPENSSL_NO_HEARTBEATS - else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_heartbeat) { - unsigned int hbtype; - - if (!PACKET_get_1(&extension, &hbtype) - || PACKET_remaining(&extension)) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - switch (hbtype) { - case 0x01: /* Client allows us to send HB requests */ - s->tlsext_heartbeat |= SSL_DTLSEXT_HB_ENABLED; - break; - case 0x02: /* Client doesn't accept HB requests */ - s->tlsext_heartbeat |= SSL_DTLSEXT_HB_ENABLED; - s->tlsext_heartbeat |= SSL_DTLSEXT_HB_DONT_SEND_REQUESTS; - break; - default: - *al = SSL_AD_ILLEGAL_PARAMETER; - return 0; - } - } -#endif -#ifndef OPENSSL_NO_NEXTPROTONEG - else if (type == TLSEXT_TYPE_next_proto_neg && - s->s3->tmp.finish_md_len == 0) { - /*- - * We shouldn't accept this extension on a - * renegotiation. - * - * s->new_session will be set on renegotiation, but we - * probably shouldn't rely that it couldn't be set on - * the initial renegotiation too in certain cases (when - * there's some other reason to disallow resuming an - * earlier session -- the current code won't be doing - * anything like that, but this might change). - * - * A valid sign that there's been a previous handshake - * in this connection is if s->s3->tmp.finish_md_len > - * 0. (We are talking about a check that will happen - * in the Hello protocol round, well before a new - * Finished message could have been computed.) - */ - s->s3->next_proto_neg_seen = 1; - } -#endif - - else if (type == TLSEXT_TYPE_application_layer_protocol_negotiation && - s->s3->tmp.finish_md_len == 0) { - if (!tls1_alpn_handle_client_hello(s, &extension, al)) - return 0; - } - - /* session ticket processed earlier */ -#ifndef OPENSSL_NO_SRTP - else if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s) - && type == TLSEXT_TYPE_use_srtp) { - if (ssl_parse_clienthello_use_srtp_ext(s, &extension, al)) - return 0; - } -#endif - else if (type == TLSEXT_TYPE_encrypt_then_mac && - !(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC)) - s->tlsext_use_etm = 1; - /* - * Note: extended master secret extension handled in - * tls_check_serverhello_tlsext_early() - */ - - /* - * If this ClientHello extension was unhandled and this is a - * nonresumed connection, check whether the extension is a custom - * TLS Extension (has a custom_srv_ext_record), and if so call the - * callback and record the extension number so that an appropriate - * ServerHello may be later returned. - */ - else if (!s->hit) { - if (custom_ext_parse(s, 1, type, PACKET_data(&extension), - PACKET_remaining(&extension), al) <= 0) - return 0; - } - } - - if (PACKET_remaining(pkt) != 0) { - /* - * tls1_check_duplicate_extensions should ensure this never happens. - */ - *al = SSL_AD_INTERNAL_ERROR; - return 0; - } - - ri_check: - - /* Need RI if renegotiating */ - - if (!renegotiate_seen && s->renegotiate && - !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) { - *al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT, - SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); - return 0; - } - - /* - * This function currently has no state to clean up, so it returns directly. - * If parsing fails at any point, the function returns early. - * The SSL object may be left with partial data from extensions, but it must - * then no longer be used, and clearing it up will free the leftovers. - */ - return 1; -} - -int ssl_parse_clienthello_tlsext(SSL *s, PACKET *pkt) -{ - int al = -1; - custom_ext_init(&s->cert->srv_ext); - if (ssl_scan_clienthello_tlsext(s, pkt, &al) <= 0) { - ssl3_send_alert(s, SSL3_AL_FATAL, al); - return 0; - } - if (ssl_check_clienthello_tlsext_early(s) <= 0) { - SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, SSL_R_CLIENTHELLO_TLSEXT); - return 0; - } - return 1; -} - -#ifndef OPENSSL_NO_NEXTPROTONEG -/* - * ssl_next_proto_validate validates a Next Protocol Negotiation block. No - * elements of zero length are allowed and the set of elements must exactly - * fill the length of the block. - */ -static char ssl_next_proto_validate(PACKET *pkt) -{ - PACKET tmp_protocol; - - while (PACKET_remaining(pkt)) { - if (!PACKET_get_length_prefixed_1(pkt, &tmp_protocol) - || PACKET_remaining(&tmp_protocol) == 0) - return 0; - } - - return 1; -} -#endif - -static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al) -{ - unsigned int length, type, size; - int tlsext_servername = 0; - int renegotiate_seen = 0; - -#ifndef OPENSSL_NO_NEXTPROTONEG - s->s3->next_proto_neg_seen = 0; -#endif - s->tlsext_ticket_expected = 0; - - OPENSSL_free(s->s3->alpn_selected); - s->s3->alpn_selected = NULL; -#ifndef OPENSSL_NO_HEARTBEATS - s->tlsext_heartbeat &= ~(SSL_DTLSEXT_HB_ENABLED | - SSL_DTLSEXT_HB_DONT_SEND_REQUESTS); -#endif - - s->tlsext_use_etm = 0; - - s->s3->flags &= ~TLS1_FLAGS_RECEIVED_EXTMS; - - if (!PACKET_get_net_2(pkt, &length)) - goto ri_check; - - if (PACKET_remaining(pkt) != length) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - - if (!tls1_check_duplicate_extensions(pkt)) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - - while (PACKET_get_net_2(pkt, &type) && PACKET_get_net_2(pkt, &size)) { - const unsigned char *data; - PACKET spkt; - - if (!PACKET_get_sub_packet(pkt, &spkt, size) - || !PACKET_peek_bytes(&spkt, &data, size)) - goto ri_check; - - if (s->tlsext_debug_cb) - s->tlsext_debug_cb(s, 1, type, data, size, s->tlsext_debug_arg); - - if (type == TLSEXT_TYPE_renegotiate) { - if (!ssl_parse_serverhello_renegotiate_ext(s, &spkt, al)) - return 0; - renegotiate_seen = 1; - } else if (s->version == SSL3_VERSION) { - } else if (type == TLSEXT_TYPE_server_name) { - if (s->tlsext_hostname == NULL || size > 0) { - *al = TLS1_AD_UNRECOGNIZED_NAME; - return 0; - } - tlsext_servername = 1; - } -#ifndef OPENSSL_NO_EC - else if (type == TLSEXT_TYPE_ec_point_formats) { - unsigned int ecpointformatlist_length; - if (!PACKET_get_1(&spkt, &ecpointformatlist_length) - || ecpointformatlist_length != size - 1) { - *al = TLS1_AD_DECODE_ERROR; - return 0; - } - if (!s->hit) { - s->session->tlsext_ecpointformatlist_length = 0; - OPENSSL_free(s->session->tlsext_ecpointformatlist); - if ((s->session->tlsext_ecpointformatlist = - OPENSSL_malloc(ecpointformatlist_length)) == NULL) { - *al = TLS1_AD_INTERNAL_ERROR; - return 0; - } - s->session->tlsext_ecpointformatlist_length = - ecpointformatlist_length; - if (!PACKET_copy_bytes(&spkt, - s->session->tlsext_ecpointformatlist, - ecpointformatlist_length)) { - *al = TLS1_AD_DECODE_ERROR; - return 0; - } - - } - } -#endif /* OPENSSL_NO_EC */ - - else if (type == TLSEXT_TYPE_session_ticket) { - if (s->tls_session_ticket_ext_cb && - !s->tls_session_ticket_ext_cb(s, data, size, - s->tls_session_ticket_ext_cb_arg)) - { - *al = TLS1_AD_INTERNAL_ERROR; - return 0; - } - if (!tls_use_ticket(s) || (size > 0)) { - *al = TLS1_AD_UNSUPPORTED_EXTENSION; - return 0; - } - s->tlsext_ticket_expected = 1; - } else if (type == TLSEXT_TYPE_status_request) { - /* - * MUST be empty and only sent if we've requested a status - * request message. - */ - if ((s->tlsext_status_type == -1) || (size > 0)) { - *al = TLS1_AD_UNSUPPORTED_EXTENSION; - return 0; - } - /* Set flag to expect CertificateStatus message */ - s->tlsext_status_expected = 1; - } -#ifndef OPENSSL_NO_CT - /* - * Only take it if we asked for it - i.e if there is no CT validation - * callback set, then a custom extension MAY be processing it, so we - * need to let control continue to flow to that. - */ - else if (type == TLSEXT_TYPE_signed_certificate_timestamp && - s->ct_validation_callback != NULL) { - /* Simply copy it off for later processing */ - if (s->tlsext_scts != NULL) { - OPENSSL_free(s->tlsext_scts); - s->tlsext_scts = NULL; - } - s->tlsext_scts_len = size; - if (size > 0) { - s->tlsext_scts = OPENSSL_malloc(size); - if (s->tlsext_scts == NULL) { - *al = TLS1_AD_INTERNAL_ERROR; - return 0; - } - memcpy(s->tlsext_scts, data, size); - } - } -#endif -#ifndef OPENSSL_NO_NEXTPROTONEG - else if (type == TLSEXT_TYPE_next_proto_neg && - s->s3->tmp.finish_md_len == 0) { - unsigned char *selected; - unsigned char selected_len; - /* We must have requested it. */ - if (s->ctx->next_proto_select_cb == NULL) { - *al = TLS1_AD_UNSUPPORTED_EXTENSION; - return 0; - } - /* The data must be valid */ - if (!ssl_next_proto_validate(&spkt)) { - *al = TLS1_AD_DECODE_ERROR; - return 0; - } - if (s->ctx->next_proto_select_cb(s, &selected, &selected_len, data, - size, - s-> - ctx->next_proto_select_cb_arg) != - SSL_TLSEXT_ERR_OK) { - *al = TLS1_AD_INTERNAL_ERROR; - return 0; - } - /* - * Could be non-NULL if server has sent multiple NPN extensions in - * a single Serverhello - */ - OPENSSL_free(s->next_proto_negotiated); - s->next_proto_negotiated = OPENSSL_malloc(selected_len); - if (s->next_proto_negotiated == NULL) { - *al = TLS1_AD_INTERNAL_ERROR; - return 0; - } - memcpy(s->next_proto_negotiated, selected, selected_len); - s->next_proto_negotiated_len = selected_len; - s->s3->next_proto_neg_seen = 1; - } -#endif - - else if (type == TLSEXT_TYPE_application_layer_protocol_negotiation) { - unsigned len; - /* We must have requested it. */ - if (!s->s3->alpn_sent) { - *al = TLS1_AD_UNSUPPORTED_EXTENSION; - return 0; - } - /*- - * The extension data consists of: - * uint16 list_length - * uint8 proto_length; - * uint8 proto[proto_length]; - */ - if (!PACKET_get_net_2(&spkt, &len) - || PACKET_remaining(&spkt) != len || !PACKET_get_1(&spkt, &len) - || PACKET_remaining(&spkt) != len) { - *al = TLS1_AD_DECODE_ERROR; - return 0; - } - OPENSSL_free(s->s3->alpn_selected); - s->s3->alpn_selected = OPENSSL_malloc(len); - if (s->s3->alpn_selected == NULL) { - *al = TLS1_AD_INTERNAL_ERROR; - return 0; - } - if (!PACKET_copy_bytes(&spkt, s->s3->alpn_selected, len)) { - *al = TLS1_AD_DECODE_ERROR; - return 0; - } - s->s3->alpn_selected_len = len; - } -#ifndef OPENSSL_NO_HEARTBEATS - else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_heartbeat) { - unsigned int hbtype; - if (!PACKET_get_1(&spkt, &hbtype)) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - switch (hbtype) { - case 0x01: /* Server allows us to send HB requests */ - s->tlsext_heartbeat |= SSL_DTLSEXT_HB_ENABLED; - break; - case 0x02: /* Server doesn't accept HB requests */ - s->tlsext_heartbeat |= SSL_DTLSEXT_HB_ENABLED; - s->tlsext_heartbeat |= SSL_DTLSEXT_HB_DONT_SEND_REQUESTS; - break; - default: - *al = SSL_AD_ILLEGAL_PARAMETER; - return 0; - } - } -#endif -#ifndef OPENSSL_NO_SRTP - else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_use_srtp) { - if (ssl_parse_serverhello_use_srtp_ext(s, &spkt, al)) - return 0; - } -#endif - else if (type == TLSEXT_TYPE_encrypt_then_mac) { - /* Ignore if inappropriate ciphersuite */ - if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC) && - s->s3->tmp.new_cipher->algorithm_mac != SSL_AEAD - && s->s3->tmp.new_cipher->algorithm_enc != SSL_RC4) - s->tlsext_use_etm = 1; - } else if (type == TLSEXT_TYPE_extended_master_secret) { - s->s3->flags |= TLS1_FLAGS_RECEIVED_EXTMS; - if (!s->hit) - s->session->flags |= SSL_SESS_FLAG_EXTMS; - } - /* - * If this extension type was not otherwise handled, but matches a - * custom_cli_ext_record, then send it to the c callback - */ - else if (custom_ext_parse(s, 0, type, data, size, al) <= 0) - return 0; - } - - if (PACKET_remaining(pkt) != 0) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - - if (!s->hit && tlsext_servername == 1) { - if (s->tlsext_hostname) { - if (s->session->tlsext_hostname == NULL) { - s->session->tlsext_hostname = - OPENSSL_strdup(s->tlsext_hostname); - if (!s->session->tlsext_hostname) { - *al = SSL_AD_UNRECOGNIZED_NAME; - return 0; - } - } else { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - } - } - - ri_check: - - /* - * Determine if we need to see RI. Strictly speaking if we want to avoid - * an attack we should *always* see RI even on initial server hello - * because the client doesn't see any renegotiation during an attack. - * However this would mean we could not connect to any server which - * doesn't support RI so for the immediate future tolerate RI absence - */ - if (!renegotiate_seen && !(s->options & SSL_OP_LEGACY_SERVER_CONNECT) - && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) { - *al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT, - SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); - return 0; - } - - if (s->hit) { - /* - * Check extended master secret extension is consistent with - * original session. - */ - if (!(s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) != - !(s->session->flags & SSL_SESS_FLAG_EXTMS)) { - *al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT, SSL_R_INCONSISTENT_EXTMS); - return 0; - } - } - - return 1; -} - -int ssl_prepare_clienthello_tlsext(SSL *s) -{ - s->s3->alpn_sent = 0; - return 1; -} - -int ssl_prepare_serverhello_tlsext(SSL *s) -{ - return 1; -} - -static int ssl_check_clienthello_tlsext_early(SSL *s) -{ - int ret = SSL_TLSEXT_ERR_NOACK; - int al = SSL_AD_UNRECOGNIZED_NAME; - -#ifndef OPENSSL_NO_EC - /* - * The handling of the ECPointFormats extension is done elsewhere, namely - * in ssl3_choose_cipher in s3_lib.c. - */ - /* - * The handling of the EllipticCurves extension is done elsewhere, namely - * in ssl3_choose_cipher in s3_lib.c. - */ -#endif + */ +int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op, int ecdhe) +{ + if (c->algorithm_mkey & s->s3->tmp.mask_k + || c->algorithm_auth & s->s3->tmp.mask_a) + return 1; + if (s->s3->tmp.max_ver == 0) + return 1; + if (!SSL_IS_DTLS(s)) { + int min_tls = c->min_tls; - if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) - ret = - s->ctx->tlsext_servername_callback(s, &al, - s->ctx->tlsext_servername_arg); - else if (s->session_ctx != NULL - && s->session_ctx->tlsext_servername_callback != 0) - ret = - s->session_ctx->tlsext_servername_callback(s, &al, - s-> - session_ctx->tlsext_servername_arg); - - switch (ret) { - case SSL_TLSEXT_ERR_ALERT_FATAL: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - return -1; + /* + * For historical reasons we will allow ECHDE to be selected by a server + * in SSLv3 if we are a client + */ + if (min_tls == TLS1_VERSION && ecdhe + && (c->algorithm_mkey & (SSL_kECDHE | SSL_kECDHEPSK)) != 0) + min_tls = SSL3_VERSION; - case SSL_TLSEXT_ERR_ALERT_WARNING: - ssl3_send_alert(s, SSL3_AL_WARNING, al); + if ((min_tls > s->s3->tmp.max_ver) || (c->max_tls < s->s3->tmp.min_ver)) + return 1; + } + if (SSL_IS_DTLS(s) && (DTLS_VERSION_GT(c->min_dtls, s->s3->tmp.max_ver) + || DTLS_VERSION_LT(c->max_dtls, s->s3->tmp.min_ver))) return 1; - case SSL_TLSEXT_ERR_NOACK: - s->servername_done = 0; - /* fall thru */ - default: - return 1; - } + return !ssl_security(s, op, c->strength_bits, 0, (void *)c); } -/* Initialise digests to default values */ -void ssl_set_default_md(SSL *s) +int tls_use_ticket(SSL *s) { - const EVP_MD **pmd = s->s3->tmp.md; -#ifndef OPENSSL_NO_DSA - pmd[SSL_PKEY_DSA_SIGN] = ssl_md(SSL_MD_SHA1_IDX); -#endif -#ifndef OPENSSL_NO_RSA - if (SSL_USE_SIGALGS(s)) - pmd[SSL_PKEY_RSA_SIGN] = ssl_md(SSL_MD_SHA1_IDX); - else - pmd[SSL_PKEY_RSA_SIGN] = ssl_md(SSL_MD_MD5_SHA1_IDX); - pmd[SSL_PKEY_RSA_ENC] = pmd[SSL_PKEY_RSA_SIGN]; -#endif -#ifndef OPENSSL_NO_EC - pmd[SSL_PKEY_ECC] = ssl_md(SSL_MD_SHA1_IDX); -#endif -#ifndef OPENSSL_NO_GOST - pmd[SSL_PKEY_GOST01] = ssl_md(SSL_MD_GOST94_IDX); - pmd[SSL_PKEY_GOST12_256] = ssl_md(SSL_MD_GOST12_256_IDX); - pmd[SSL_PKEY_GOST12_512] = ssl_md(SSL_MD_GOST12_512_IDX); -#endif + if ((s->options & SSL_OP_NO_TICKET)) + return 0; + return ssl_security(s, SSL_SECOP_TICKET, 0, 0, NULL); } int tls1_set_server_sigalgs(SSL *s) { - int al; size_t i; /* Clear any shared signature algorithms */ OPENSSL_free(s->cert->shared_sigalgs); s->cert->shared_sigalgs = NULL; s->cert->shared_sigalgslen = 0; - /* Clear certificate digests and validity flags */ - for (i = 0; i < SSL_PKEY_NUM; i++) { - s->s3->tmp.md[i] = NULL; + /* Clear certificate validity flags */ + for (i = 0; i < SSL_PKEY_NUM; i++) s->s3->tmp.valid_flags[i] = 0; - } - - /* If sigalgs received process it. */ - if (s->s3->tmp.peer_sigalgs) { - if (!tls1_process_sigalgs(s)) { - SSLerr(SSL_F_TLS1_SET_SERVER_SIGALGS, ERR_R_MALLOC_FAILURE); - al = SSL_AD_INTERNAL_ERROR; - goto err; - } - /* Fatal error is no shared signature algorithms */ - if (!s->cert->shared_sigalgs) { - SSLerr(SSL_F_TLS1_SET_SERVER_SIGALGS, - SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS); - al = SSL_AD_HANDSHAKE_FAILURE; - goto err; - } - } else { - ssl_set_default_md(s); - } - return 1; - err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - return 0; -} - -/* - * Upon success, returns 1. - * Upon failure, returns 0 and sets |al| to the appropriate fatal alert. - */ -int ssl_check_clienthello_tlsext_late(SSL *s, int *al) -{ - s->tlsext_status_expected = 0; - /* - * If status request then ask callback what to do. Note: this must be - * called after servername callbacks in case the certificate has changed, - * and must be called after the cipher has been chosen because this may - * influence which certificate is sent + * If peer sent no signature algorithms check to see if we support + * the default algorithm for each certificate type */ - if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb) { - int ret; - CERT_PKEY *certpkey; - certpkey = ssl_get_server_send_pkey(s); - /* If no certificate can't return certificate status */ - if (certpkey != NULL) { - /* - * Set current certificate to one we will use so SSL_get_certificate - * et al can pick it up. - */ - s->cert->key = certpkey; - ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); - switch (ret) { - /* We don't want to send a status request response */ - case SSL_TLSEXT_ERR_NOACK: - s->tlsext_status_expected = 0; - break; - /* status request response should be sent */ - case SSL_TLSEXT_ERR_OK: - if (s->tlsext_ocsp_resp) - s->tlsext_status_expected = 1; - break; - /* something bad happened */ - case SSL_TLSEXT_ERR_ALERT_FATAL: - default: - *al = SSL_AD_INTERNAL_ERROR; - return 0; - } - } - } - - if (!tls1_alpn_handle_client_hello_late(s, al)) { - return 0; - } - - return 1; -} + if (s->s3->tmp.peer_cert_sigalgs == NULL + && s->s3->tmp.peer_sigalgs == NULL) { + const uint16_t *sent_sigs; + size_t sent_sigslen = tls12_get_psigalgs(s, 1, &sent_sigs); -int ssl_check_serverhello_tlsext(SSL *s) -{ - int ret = SSL_TLSEXT_ERR_NOACK; - int al = SSL_AD_UNRECOGNIZED_NAME; + for (i = 0; i < SSL_PKEY_NUM; i++) { + const SIGALG_LOOKUP *lu = tls1_get_legacy_sigalg(s, i); + size_t j; -#ifndef OPENSSL_NO_EC - /* - * If we are client and using an elliptic curve cryptography cipher - * suite, then if server returns an EC point formats lists extension it - * must contain uncompressed. - */ - unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; - unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; - if ((s->tlsext_ecpointformatlist != NULL) - && (s->tlsext_ecpointformatlist_length > 0) - && (s->session->tlsext_ecpointformatlist != NULL) - && (s->session->tlsext_ecpointformatlist_length > 0) - && ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))) { - /* we are using an ECC cipher */ - size_t i; - unsigned char *list; - int found_uncompressed = 0; - list = s->session->tlsext_ecpointformatlist; - for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++) { - if (*(list++) == TLSEXT_ECPOINTFORMAT_uncompressed) { - found_uncompressed = 1; - break; + if (lu == NULL) + continue; + /* Check default matches a type we sent */ + for (j = 0; j < sent_sigslen; j++) { + if (lu->sigalg == sent_sigs[j]) { + s->s3->tmp.valid_flags[i] = CERT_PKEY_SIGN; + break; + } } } - if (!found_uncompressed) { - SSLerr(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT, - SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST); - return -1; - } - } - ret = SSL_TLSEXT_ERR_OK; -#endif /* OPENSSL_NO_EC */ - - if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) - ret = - s->ctx->tlsext_servername_callback(s, &al, - s->ctx->tlsext_servername_arg); - else if (s->session_ctx != NULL - && s->session_ctx->tlsext_servername_callback != 0) - ret = - s->session_ctx->tlsext_servername_callback(s, &al, - s-> - session_ctx->tlsext_servername_arg); - - /* - * Ensure we get sensible values passed to tlsext_status_cb in the event - * that we don't receive a status message - */ - OPENSSL_free(s->tlsext_ocsp_resp); - s->tlsext_ocsp_resp = NULL; - s->tlsext_ocsp_resplen = -1; - - switch (ret) { - case SSL_TLSEXT_ERR_ALERT_FATAL: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - return -1; - - case SSL_TLSEXT_ERR_ALERT_WARNING: - ssl3_send_alert(s, SSL3_AL_WARNING, al); - return 1; - - case SSL_TLSEXT_ERR_NOACK: - s->servername_done = 0; - /* fall thru */ - default: return 1; } -} -int ssl_parse_serverhello_tlsext(SSL *s, PACKET *pkt) -{ - int al = -1; - if (s->version < SSL3_VERSION) - return 1; - if (ssl_scan_serverhello_tlsext(s, pkt, &al) <= 0) { - ssl3_send_alert(s, SSL3_AL_FATAL, al); + if (!tls1_process_sigalgs(s)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS1_SET_SERVER_SIGALGS, ERR_R_INTERNAL_ERROR); return 0; } + if (s->cert->shared_sigalgs != NULL) + return 1; - if (ssl_check_serverhello_tlsext(s) <= 0) { - SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, SSL_R_SERVERHELLO_TLSEXT); - return 0; - } - return 1; + /* Fatal error if no shared signature algorithms */ + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS1_SET_SERVER_SIGALGS, + SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS); + return 0; } /*- - * Since the server cache lookup is done early on in the processing of the - * ClientHello and other operations depend on the result some extensions - * need to be handled at the same time. - * - * Two extensions are currently handled, session ticket and extended master - * secret. + * Gets the ticket information supplied by the client if any. * - * session_id: ClientHello session ID. - * ext: ClientHello extensions (including length prefix) + * hello: The parsed ClientHello data * ret: (output) on return, if a ticket was decrypted, then this is set to * point to the resulting session. - * - * If s->tls_session_secret_cb is set then we are expecting a pre-shared key - * ciphersuite, in which case we have no use for session tickets and one will - * never be decrypted, nor will s->tlsext_ticket_expected be set to 1. - * - * Returns: - * -1: fatal error, either from parsing or decrypting the ticket. - * 0: no ticket was found (or was ignored, based on settings). - * 1: a zero length extension was found, indicating that the client supports - * session tickets but doesn't currently have one to offer. - * 2: either s->tls_session_secret_cb was set, or a ticket was offered but - * couldn't be decrypted because of a non-fatal error. - * 3: a ticket was successfully decrypted and *ret was set. - * - * Side effects: - * Sets s->tlsext_ticket_expected to 1 if the server will have to issue - * a new session ticket to the client because the client indicated support - * (and s->tls_session_secret_cb is NULL) but the client either doesn't have - * a session ticket or we couldn't use the one it gave us, or if - * s->ctx->tlsext_ticket_key_cb asked to renew the client's ticket. - * Otherwise, s->tlsext_ticket_expected is set to 0. - * - * For extended master secret flag is set if the extension is present. - * */ -int tls_check_serverhello_tlsext_early(SSL *s, const PACKET *ext, - const PACKET *session_id, - SSL_SESSION **ret) +SSL_TICKET_STATUS tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello, + SSL_SESSION **ret) { - unsigned int i; - PACKET local_ext = *ext; - int retv = -1; - - int have_ticket = 0; - int use_ticket = tls_use_ticket(s); + size_t size; + RAW_EXTENSION *ticketext; *ret = NULL; - s->tlsext_ticket_expected = 0; - s->s3->flags &= ~TLS1_FLAGS_RECEIVED_EXTMS; + s->ext.ticket_expected = 0; /* - * If tickets disabled behave as if no ticket present to permit stateful + * If tickets disabled or not supported by the protocol version + * (e.g. TLSv1.3) behave as if no ticket present to permit stateful * resumption. */ - if ((s->version <= SSL3_VERSION)) - return 0; - - if (!PACKET_get_net_2(&local_ext, &i)) { - retv = 0; - goto end; - } - while (PACKET_remaining(&local_ext) >= 4) { - unsigned int type, size; + if (s->version <= SSL3_VERSION || !tls_use_ticket(s)) + return SSL_TICKET_NONE; - if (!PACKET_get_net_2(&local_ext, &type) - || !PACKET_get_net_2(&local_ext, &size)) { - /* Shouldn't ever happen */ - retv = -1; - goto end; - } - if (PACKET_remaining(&local_ext) < size) { - retv = 0; - goto end; - } - if (type == TLSEXT_TYPE_session_ticket && use_ticket) { - int r; - const unsigned char *etick; + ticketext = &hello->pre_proc_exts[TLSEXT_IDX_session_ticket]; + if (!ticketext->present) + return SSL_TICKET_NONE; - /* Duplicate extension */ - if (have_ticket != 0) { - retv = -1; - goto end; - } - have_ticket = 1; + size = PACKET_remaining(&ticketext->data); - if (size == 0) { - /* - * The client will accept a ticket but doesn't currently have - * one. - */ - s->tlsext_ticket_expected = 1; - retv = 1; - continue; - } - if (s->tls_session_secret_cb) { - /* - * Indicate that the ticket couldn't be decrypted rather than - * generating the session from ticket now, trigger - * abbreviated handshake based on external mechanism to - * calculate the master secret later. - */ - retv = 2; - continue; - } - if (!PACKET_get_bytes(&local_ext, &etick, size)) { - /* Shouldn't ever happen */ - retv = -1; - goto end; - } - r = tls_decrypt_ticket(s, etick, size, PACKET_data(session_id), - PACKET_remaining(session_id), ret); - switch (r) { - case 2: /* ticket couldn't be decrypted */ - s->tlsext_ticket_expected = 1; - retv = 2; - break; - case 3: /* ticket was decrypted */ - retv = r; - break; - case 4: /* ticket decrypted but need to renew */ - s->tlsext_ticket_expected = 1; - retv = 3; - break; - default: /* fatal error */ - retv = -1; - break; - } - continue; - } else { - if (type == TLSEXT_TYPE_extended_master_secret) - s->s3->flags |= TLS1_FLAGS_RECEIVED_EXTMS; - if (!PACKET_forward(&local_ext, size)) { - retv = -1; - goto end; - } - } - } - if (have_ticket == 0) - retv = 0; - end: - return retv; + return tls_decrypt_ticket(s, PACKET_data(&ticketext->data), size, + hello->session_id, hello->session_id_len, ret); } /*- * tls_decrypt_ticket attempts to decrypt a session ticket. * + * If s->tls_session_secret_cb is set and we're not doing TLSv1.3 then we are + * expecting a pre-shared key ciphersuite, in which case we have no use for + * session tickets and one will never be decrypted, nor will + * s->ext.ticket_expected be set to 1. + * + * Side effects: + * Sets s->ext.ticket_expected to 1 if the server will have to issue + * a new session ticket to the client because the client indicated support + * (and s->tls_session_secret_cb is NULL) but the client either doesn't have + * a session ticket or we couldn't use the one it gave us, or if + * s->ctx->ext.ticket_key_cb asked to renew the client's ticket. + * Otherwise, s->ext.ticket_expected is set to 0. + * * etick: points to the body of the session ticket extension. * eticklen: the length of the session tickets extension. * sess_id: points at the session ID. * sesslen: the length of the session ID. * psess: (output) on return, if a ticket was decrypted, then this is set to * point to the resulting session. - * - * Returns: - * -2: fatal error, malloc failure. - * -1: fatal error, either from parsing or decrypting the ticket. - * 2: the ticket couldn't be decrypted. - * 3: a ticket was successfully decrypted and *psess was set. - * 4: same as 3, but the ticket needs to be renewed. */ -static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, - int eticklen, const unsigned char *sess_id, - int sesslen, SSL_SESSION **psess) +SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick, + size_t eticklen, const unsigned char *sess_id, + size_t sesslen, SSL_SESSION **psess) { - SSL_SESSION *sess; + SSL_SESSION *sess = NULL; unsigned char *sdec; const unsigned char *p; - int slen, mlen, renew_ticket = 0, ret = -1; + int slen, renew_ticket = 0, declen; + SSL_TICKET_STATUS ret = SSL_TICKET_FATAL_ERR_OTHER; + size_t mlen; unsigned char tick_hmac[EVP_MAX_MD_SIZE]; HMAC_CTX *hctx = NULL; EVP_CIPHER_CTX *ctx = NULL; SSL_CTX *tctx = s->session_ctx; + if (eticklen == 0) { + /* + * The client will accept a ticket but doesn't currently have + * one (TLSv1.2 and below), or treated as a fatal error in TLSv1.3 + */ + ret = SSL_TICKET_EMPTY; + goto end; + } + if (!SSL_IS_TLS13(s) && s->ext.session_secret_cb) { + /* + * Indicate that the ticket couldn't be decrypted rather than + * generating the session from ticket now, trigger + * abbreviated handshake based on external mechanism to + * calculate the master secret later. + */ + ret = SSL_TICKET_NO_DECRYPT; + goto end; + } + /* Need at least keyname + iv */ if (eticklen < TLSEXT_KEYNAME_LENGTH + EVP_MAX_IV_LENGTH) { - ret = 2; - goto err; + ret = SSL_TICKET_NO_DECRYPT; + goto end; } /* Initialize session ticket encryption and HMAC contexts */ hctx = HMAC_CTX_new(); - if (hctx == NULL) - return -2; + if (hctx == NULL) { + ret = SSL_TICKET_FATAL_ERR_MALLOC; + goto end; + } ctx = EVP_CIPHER_CTX_new(); if (ctx == NULL) { - ret = -2; - goto err; + ret = SSL_TICKET_FATAL_ERR_MALLOC; + goto end; } - if (tctx->tlsext_ticket_key_cb) { + if (tctx->ext.ticket_key_cb) { unsigned char *nctick = (unsigned char *)etick; - int rv = tctx->tlsext_ticket_key_cb(s, nctick, - nctick + TLSEXT_KEYNAME_LENGTH, - ctx, hctx, 0); - if (rv < 0) - goto err; + int rv = tctx->ext.ticket_key_cb(s, nctick, + nctick + TLSEXT_KEYNAME_LENGTH, + ctx, hctx, 0); + if (rv < 0) { + ret = SSL_TICKET_FATAL_ERR_OTHER; + goto end; + } if (rv == 0) { - ret = 2; - goto err; + ret = SSL_TICKET_NO_DECRYPT; + goto end; } if (rv == 2) renew_ticket = 1; } else { /* Check key name matches */ - if (memcmp(etick, tctx->tlsext_tick_key_name, + if (memcmp(etick, tctx->ext.tick_key_name, TLSEXT_KEYNAME_LENGTH) != 0) { - ret = 2; - goto err; + ret = SSL_TICKET_NO_DECRYPT; + goto end; } - if (HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key, - sizeof(tctx->tlsext_tick_hmac_key), + if (HMAC_Init_ex(hctx, tctx->ext.secure->tick_hmac_key, + sizeof(tctx->ext.secure->tick_hmac_key), EVP_sha256(), NULL) <= 0 || EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, - tctx->tlsext_tick_aes_key, + tctx->ext.secure->tick_aes_key, etick + TLSEXT_KEYNAME_LENGTH) <= 0) { - goto err; + ret = SSL_TICKET_FATAL_ERR_OTHER; + goto end; } + if (SSL_IS_TLS13(s)) + renew_ticket = 1; } /* * Attempt to process session ticket, first conduct sanity and integrity * checks on ticket. */ mlen = HMAC_size(hctx); - if (mlen < 0) { - goto err; + if (mlen == 0) { + ret = SSL_TICKET_FATAL_ERR_OTHER; + goto end; } + /* Sanity check ticket length: must exceed keyname + IV + HMAC */ if (eticklen <= TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_iv_length(ctx) + mlen) { - ret = 2; - goto err; + ret = SSL_TICKET_NO_DECRYPT; + goto end; } eticklen -= mlen; /* Check HMAC of encrypted ticket */ if (HMAC_Update(hctx, etick, eticklen) <= 0 || HMAC_Final(hctx, tick_hmac, NULL) <= 0) { - goto err; + ret = SSL_TICKET_FATAL_ERR_OTHER; + goto end; } - HMAC_CTX_free(hctx); + if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen)) { - EVP_CIPHER_CTX_free(ctx); - return 2; + ret = SSL_TICKET_NO_DECRYPT; + goto end; } /* Attempt to decrypt session data */ /* Move p after IV to start of encrypted ticket, update length */ p = etick + TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_iv_length(ctx); eticklen -= TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_iv_length(ctx); sdec = OPENSSL_malloc(eticklen); - if (sdec == NULL || EVP_DecryptUpdate(ctx, sdec, &slen, p, eticklen) <= 0) { - EVP_CIPHER_CTX_free(ctx); + if (sdec == NULL || EVP_DecryptUpdate(ctx, sdec, &slen, p, + (int)eticklen) <= 0) { OPENSSL_free(sdec); - return -1; + ret = SSL_TICKET_FATAL_ERR_OTHER; + goto end; } - if (EVP_DecryptFinal(ctx, sdec + slen, &mlen) <= 0) { - EVP_CIPHER_CTX_free(ctx); + if (EVP_DecryptFinal(ctx, sdec + slen, &declen) <= 0) { OPENSSL_free(sdec); - return 2; + ret = SSL_TICKET_NO_DECRYPT; + goto end; } - slen += mlen; - EVP_CIPHER_CTX_free(ctx); - ctx = NULL; + slen += declen; p = sdec; sess = d2i_SSL_SESSION(NULL, &p, slen); @@ -3224,9 +1455,11 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, OPENSSL_free(sdec); if (sess) { /* Some additional consistency checks */ - if (slen != 0 || sess->session_id_length != 0) { + if (slen != 0) { SSL_SESSION_free(sess); - return 2; + sess = NULL; + ret = SSL_TICKET_NO_DECRYPT; + goto end; } /* * The session ID, if non-empty, is used by some clients to detect @@ -3234,206 +1467,163 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, * structure. If it is empty set length to zero as required by * standard. */ - if (sesslen) + if (sesslen) { memcpy(sess->session_id, sess_id, sesslen); - sess->session_id_length = sesslen; - *psess = sess; + sess->session_id_length = sesslen; + } if (renew_ticket) - return 4; + ret = SSL_TICKET_SUCCESS_RENEW; else - return 3; + ret = SSL_TICKET_SUCCESS; + goto end; } ERR_clear_error(); /* * For session parse failure, indicate that we need to send a new ticket. */ - return 2; - err: + ret = SSL_TICKET_NO_DECRYPT; + + end: EVP_CIPHER_CTX_free(ctx); HMAC_CTX_free(hctx); - return ret; -} -/* Tables to translate from NIDs to TLS v1.2 ids */ + /* + * If set, the decrypt_ticket_cb() is called unless a fatal error was + * detected above. The callback is responsible for checking |ret| before it + * performs any action + */ + if (s->session_ctx->decrypt_ticket_cb != NULL + && (ret == SSL_TICKET_EMPTY + || ret == SSL_TICKET_NO_DECRYPT + || ret == SSL_TICKET_SUCCESS + || ret == SSL_TICKET_SUCCESS_RENEW)) { + size_t keyname_len = eticklen; + int retcb; + + if (keyname_len > TLSEXT_KEYNAME_LENGTH) + keyname_len = TLSEXT_KEYNAME_LENGTH; + retcb = s->session_ctx->decrypt_ticket_cb(s, sess, etick, keyname_len, + ret, + s->session_ctx->ticket_cb_data); + switch (retcb) { + case SSL_TICKET_RETURN_ABORT: + ret = SSL_TICKET_FATAL_ERR_OTHER; + break; + + case SSL_TICKET_RETURN_IGNORE: + ret = SSL_TICKET_NONE; + SSL_SESSION_free(sess); + sess = NULL; + break; -typedef struct { - int nid; - int id; -} tls12_lookup; - -static const tls12_lookup tls12_md[] = { - {NID_md5, TLSEXT_hash_md5}, - {NID_sha1, TLSEXT_hash_sha1}, - {NID_sha224, TLSEXT_hash_sha224}, - {NID_sha256, TLSEXT_hash_sha256}, - {NID_sha384, TLSEXT_hash_sha384}, - {NID_sha512, TLSEXT_hash_sha512}, - {NID_id_GostR3411_94, TLSEXT_hash_gostr3411}, - {NID_id_GostR3411_2012_256, TLSEXT_hash_gostr34112012_256}, - {NID_id_GostR3411_2012_512, TLSEXT_hash_gostr34112012_512}, -}; + case SSL_TICKET_RETURN_IGNORE_RENEW: + if (ret != SSL_TICKET_EMPTY && ret != SSL_TICKET_NO_DECRYPT) + ret = SSL_TICKET_NO_DECRYPT; + /* else the value of |ret| will already do the right thing */ + SSL_SESSION_free(sess); + sess = NULL; + break; -static const tls12_lookup tls12_sig[] = { - {EVP_PKEY_RSA, TLSEXT_signature_rsa}, - {EVP_PKEY_DSA, TLSEXT_signature_dsa}, - {EVP_PKEY_EC, TLSEXT_signature_ecdsa}, - {NID_id_GostR3410_2001, TLSEXT_signature_gostr34102001}, - {NID_id_GostR3410_2012_256, TLSEXT_signature_gostr34102012_256}, - {NID_id_GostR3410_2012_512, TLSEXT_signature_gostr34102012_512} -}; + case SSL_TICKET_RETURN_USE: + case SSL_TICKET_RETURN_USE_RENEW: + if (ret != SSL_TICKET_SUCCESS + && ret != SSL_TICKET_SUCCESS_RENEW) + ret = SSL_TICKET_FATAL_ERR_OTHER; + else if (retcb == SSL_TICKET_RETURN_USE) + ret = SSL_TICKET_SUCCESS; + else + ret = SSL_TICKET_SUCCESS_RENEW; + break; -static int tls12_find_id(int nid, const tls12_lookup *table, size_t tlen) -{ - size_t i; - for (i = 0; i < tlen; i++) { - if (table[i].nid == nid) - return table[i].id; + default: + ret = SSL_TICKET_FATAL_ERR_OTHER; + } } - return -1; -} -static int tls12_find_nid(int id, const tls12_lookup *table, size_t tlen) -{ - size_t i; - for (i = 0; i < tlen; i++) { - if ((table[i].id) == id) - return table[i].nid; + if (s->ext.session_secret_cb == NULL || SSL_IS_TLS13(s)) { + switch (ret) { + case SSL_TICKET_NO_DECRYPT: + case SSL_TICKET_SUCCESS_RENEW: + case SSL_TICKET_EMPTY: + s->ext.ticket_expected = 1; + } } - return NID_undef; -} -int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk, const EVP_MD *md) -{ - int sig_id, md_id; - if (!md) - return 0; - md_id = tls12_find_id(EVP_MD_type(md), tls12_md, OSSL_NELEM(tls12_md)); - if (md_id == -1) - return 0; - sig_id = tls12_get_sigid(pk); - if (sig_id == -1) - return 0; - p[0] = (unsigned char)md_id; - p[1] = (unsigned char)sig_id; - return 1; -} + *psess = sess; -int tls12_get_sigid(const EVP_PKEY *pk) -{ - return tls12_find_id(EVP_PKEY_id(pk), tls12_sig, OSSL_NELEM(tls12_sig)); + return ret; } -typedef struct { - int nid; - int secbits; - int md_idx; - unsigned char tlsext_hash; -} tls12_hash_info; - -static const tls12_hash_info tls12_md_info[] = { - {NID_md5, 64, SSL_MD_MD5_IDX, TLSEXT_hash_md5}, - {NID_sha1, 80, SSL_MD_SHA1_IDX, TLSEXT_hash_sha1}, - {NID_sha224, 112, SSL_MD_SHA224_IDX, TLSEXT_hash_sha224}, - {NID_sha256, 128, SSL_MD_SHA256_IDX, TLSEXT_hash_sha256}, - {NID_sha384, 192, SSL_MD_SHA384_IDX, TLSEXT_hash_sha384}, - {NID_sha512, 256, SSL_MD_SHA512_IDX, TLSEXT_hash_sha512}, - {NID_id_GostR3411_94, 128, SSL_MD_GOST94_IDX, TLSEXT_hash_gostr3411}, - {NID_id_GostR3411_2012_256, 128, SSL_MD_GOST12_256_IDX, - TLSEXT_hash_gostr34112012_256}, - {NID_id_GostR3411_2012_512, 256, SSL_MD_GOST12_512_IDX, - TLSEXT_hash_gostr34112012_512}, -}; - -static const tls12_hash_info *tls12_get_hash_info(unsigned char hash_alg) +/* Check to see if a signature algorithm is allowed */ +static int tls12_sigalg_allowed(SSL *s, int op, const SIGALG_LOOKUP *lu) { - unsigned int i; - if (hash_alg == 0) - return NULL; + unsigned char sigalgstr[2]; + int secbits; - for (i = 0; i < OSSL_NELEM(tls12_md_info); i++) { - if (tls12_md_info[i].tlsext_hash == hash_alg) - return tls12_md_info + i; - } + /* See if sigalgs is recognised and if hash is enabled */ + if (!tls1_lookup_md(lu, NULL)) + return 0; + /* DSA is not allowed in TLS 1.3 */ + if (SSL_IS_TLS13(s) && lu->sig == EVP_PKEY_DSA) + return 0; + /* TODO(OpenSSL1.2) fully axe DSA/etc. in ClientHello per TLS 1.3 spec */ + if (!s->server && !SSL_IS_DTLS(s) && s->s3->tmp.min_ver >= TLS1_3_VERSION + && (lu->sig == EVP_PKEY_DSA || lu->hash_idx == SSL_MD_SHA1_IDX + || lu->hash_idx == SSL_MD_MD5_IDX + || lu->hash_idx == SSL_MD_SHA224_IDX)) + return 0; - return NULL; -} + /* See if public key algorithm allowed */ + if (ssl_cert_is_disabled(lu->sig_idx)) + return 0; -const EVP_MD *tls12_get_hash(unsigned char hash_alg) -{ - const tls12_hash_info *inf; - if (hash_alg == TLSEXT_hash_md5 && FIPS_mode()) - return NULL; - inf = tls12_get_hash_info(hash_alg); - if (!inf) - return NULL; - return ssl_md(inf->md_idx); -} + if (lu->sig == NID_id_GostR3410_2012_256 + || lu->sig == NID_id_GostR3410_2012_512 + || lu->sig == NID_id_GostR3410_2001) { + /* We never allow GOST sig algs on the server with TLSv1.3 */ + if (s->server && SSL_IS_TLS13(s)) + return 0; + if (!s->server + && s->method->version == TLS_ANY_VERSION + && s->s3->tmp.max_ver >= TLS1_3_VERSION) { + int i, num; + STACK_OF(SSL_CIPHER) *sk; -static int tls12_get_pkey_idx(unsigned char sig_alg) -{ - switch (sig_alg) { -#ifndef OPENSSL_NO_RSA - case TLSEXT_signature_rsa: - return SSL_PKEY_RSA_SIGN; -#endif -#ifndef OPENSSL_NO_DSA - case TLSEXT_signature_dsa: - return SSL_PKEY_DSA_SIGN; -#endif -#ifndef OPENSSL_NO_EC - case TLSEXT_signature_ecdsa: - return SSL_PKEY_ECC; -#endif -#ifndef OPENSSL_NO_GOST - case TLSEXT_signature_gostr34102001: - return SSL_PKEY_GOST01; + /* + * We're a client that could negotiate TLSv1.3. We only allow GOST + * sig algs if we could negotiate TLSv1.2 or below and we have GOST + * ciphersuites enabled. + */ - case TLSEXT_signature_gostr34102012_256: - return SSL_PKEY_GOST12_256; + if (s->s3->tmp.min_ver >= TLS1_3_VERSION) + return 0; - case TLSEXT_signature_gostr34102012_512: - return SSL_PKEY_GOST12_512; -#endif - } - return -1; -} + sk = SSL_get_ciphers(s); + num = sk != NULL ? sk_SSL_CIPHER_num(sk) : 0; + for (i = 0; i < num; i++) { + const SSL_CIPHER *c; -/* Convert TLS 1.2 signature algorithm extension values into NIDs */ -static void tls1_lookup_sigalg(int *phash_nid, int *psign_nid, - int *psignhash_nid, const unsigned char *data) -{ - int sign_nid = NID_undef, hash_nid = NID_undef; - if (!phash_nid && !psign_nid && !psignhash_nid) - return; - if (phash_nid || psignhash_nid) { - hash_nid = tls12_find_nid(data[0], tls12_md, OSSL_NELEM(tls12_md)); - if (phash_nid) - *phash_nid = hash_nid; - } - if (psign_nid || psignhash_nid) { - sign_nid = tls12_find_nid(data[1], tls12_sig, OSSL_NELEM(tls12_sig)); - if (psign_nid) - *psign_nid = sign_nid; - } - if (psignhash_nid) { - if (sign_nid == NID_undef || hash_nid == NID_undef - || OBJ_find_sigid_by_algs(psignhash_nid, hash_nid, sign_nid) <= 0) - *psignhash_nid = NID_undef; + c = sk_SSL_CIPHER_value(sk, i); + /* Skip disabled ciphers */ + if (ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED, 0)) + continue; + + if ((c->algorithm_mkey & SSL_kGOST) != 0) + break; + } + if (i == num) + return 0; + } } -} -/* Check to see if a signature algorithm is allowed */ -static int tls12_sigalg_allowed(SSL *s, int op, const unsigned char *ptmp) -{ - /* See if we have an entry in the hash table and it is enabled */ - const tls12_hash_info *hinf = tls12_get_hash_info(ptmp[0]); - if (hinf == NULL || ssl_md(hinf->md_idx) == NULL) - return 0; - /* See if public key algorithm allowed */ - if (tls12_get_pkey_idx(ptmp[1]) == -1) - return 0; + if (lu->hash == NID_undef) + return 1; + /* Security bits: half digest bits */ + secbits = EVP_MD_size(ssl_md(lu->hash_idx)) * 4; /* Finally see if security callback allows it */ - return ssl_security(s, op, hinf->secbits, hinf->nid, (void *)ptmp); + sigalgstr[0] = (lu->sigalg >> 8) & 0xff; + sigalgstr[1] = lu->sigalg & 0xff; + return ssl_security(s, op, secbits, lu->hash, (void *)sigalgstr); } /* @@ -3444,81 +1634,79 @@ static int tls12_sigalg_allowed(SSL *s, int op, const unsigned char *ptmp) void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op) { - const unsigned char *sigalgs; + const uint16_t *sigalgs; size_t i, sigalgslen; - int have_rsa = 0, have_dsa = 0, have_ecdsa = 0; + uint32_t disabled_mask = SSL_aRSA | SSL_aDSS | SSL_aECDSA; /* - * Now go through all signature algorithms seeing if we support any for - * RSA, DSA, ECDSA. Do this for all versions not just TLS 1.2. To keep - * down calls to security callback only check if we have to. + * Go through all signature algorithms seeing if we support any + * in disabled_mask. */ sigalgslen = tls12_get_psigalgs(s, 1, &sigalgs); - for (i = 0; i < sigalgslen; i += 2, sigalgs += 2) { - switch (sigalgs[1]) { -#ifndef OPENSSL_NO_RSA - case TLSEXT_signature_rsa: - if (!have_rsa && tls12_sigalg_allowed(s, op, sigalgs)) - have_rsa = 1; - break; -#endif -#ifndef OPENSSL_NO_DSA - case TLSEXT_signature_dsa: - if (!have_dsa && tls12_sigalg_allowed(s, op, sigalgs)) - have_dsa = 1; - break; -#endif -#ifndef OPENSSL_NO_EC - case TLSEXT_signature_ecdsa: - if (!have_ecdsa && tls12_sigalg_allowed(s, op, sigalgs)) - have_ecdsa = 1; - break; -#endif - } + for (i = 0; i < sigalgslen; i++, sigalgs++) { + const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(*sigalgs); + const SSL_CERT_LOOKUP *clu; + + if (lu == NULL) + continue; + + clu = ssl_cert_lookup_by_idx(lu->sig_idx); + if (clu == NULL) + continue; + + /* If algorithm is disabled see if we can enable it */ + if ((clu->amask & disabled_mask) != 0 + && tls12_sigalg_allowed(s, op, lu)) + disabled_mask &= ~clu->amask; } - if (!have_rsa) - *pmask_a |= SSL_aRSA; - if (!have_dsa) - *pmask_a |= SSL_aDSS; - if (!have_ecdsa) - *pmask_a |= SSL_aECDSA; + *pmask_a |= disabled_mask; } -size_t tls12_copy_sigalgs(SSL *s, unsigned char *out, - const unsigned char *psig, size_t psiglen) +int tls12_copy_sigalgs(SSL *s, WPACKET *pkt, + const uint16_t *psig, size_t psiglen) { - unsigned char *tmpout = out; size_t i; - for (i = 0; i < psiglen; i += 2, psig += 2) { - if (tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, psig)) { - *tmpout++ = psig[0]; - *tmpout++ = psig[1]; - } - } - return tmpout - out; + int rv = 0; + + for (i = 0; i < psiglen; i++, psig++) { + const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(*psig); + + if (!tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, lu)) + continue; + if (!WPACKET_put_bytes_u16(pkt, *psig)) + return 0; + /* + * If TLS 1.3 must have at least one valid TLS 1.3 message + * signing algorithm: i.e. neither RSA nor SHA1/SHA224 + */ + if (rv == 0 && (!SSL_IS_TLS13(s) + || (lu->sig != EVP_PKEY_RSA + && lu->hash != NID_sha1 + && lu->hash != NID_sha224))) + rv = 1; + } + if (rv == 0) + SSLerr(SSL_F_TLS12_COPY_SIGALGS, SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM); + return rv; } /* Given preference and allowed sigalgs set shared sigalgs */ -static int tls12_shared_sigalgs(SSL *s, TLS_SIGALGS *shsig, - const unsigned char *pref, size_t preflen, - const unsigned char *allow, size_t allowlen) +static size_t tls12_shared_sigalgs(SSL *s, const SIGALG_LOOKUP **shsig, + const uint16_t *pref, size_t preflen, + const uint16_t *allow, size_t allowlen) { - const unsigned char *ptmp, *atmp; + const uint16_t *ptmp, *atmp; size_t i, j, nmatch = 0; - for (i = 0, ptmp = pref; i < preflen; i += 2, ptmp += 2) { + for (i = 0, ptmp = pref; i < preflen; i++, ptmp++) { + const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(*ptmp); + /* Skip disabled hashes or signature algorithms */ - if (!tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SHARED, ptmp)) + if (!tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SHARED, lu)) continue; - for (j = 0, atmp = allow; j < allowlen; j += 2, atmp += 2) { - if (ptmp[0] == atmp[0] && ptmp[1] == atmp[1]) { + for (j = 0, atmp = allow; j < allowlen; j++, atmp++) { + if (*ptmp == *atmp) { nmatch++; - if (shsig) { - shsig->rhash = ptmp[0]; - shsig->rsign = ptmp[1]; - tls1_lookup_sigalg(&shsig->hash_nid, - &shsig->sign_nid, - &shsig->signandhash_nid, ptmp); - shsig++; - } + if (shsig) + *shsig++ = lu; break; } } @@ -3529,10 +1717,10 @@ static int tls12_shared_sigalgs(SSL *s, TLS_SIGALGS *shsig, /* Set shared signature algorithms for SSL structures */ static int tls1_set_shared_sigalgs(SSL *s) { - const unsigned char *pref, *allow, *conf; + const uint16_t *pref, *allow, *conf; size_t preflen, allowlen, conflen; size_t nmatch; - TLS_SIGALGS *salgs = NULL; + const SIGALG_LOOKUP **salgs = NULL; CERT *c = s->cert; unsigned int is_suiteb = tls1_suiteb(s); @@ -3561,9 +1749,10 @@ static int tls1_set_shared_sigalgs(SSL *s) } nmatch = tls12_shared_sigalgs(s, NULL, pref, preflen, allow, allowlen); if (nmatch) { - salgs = OPENSSL_malloc(nmatch * sizeof(TLS_SIGALGS)); - if (salgs == NULL) + if ((salgs = OPENSSL_malloc(nmatch * sizeof(*salgs))) == NULL) { + SSLerr(SSL_F_TLS1_SET_SHARED_SIGALGS, ERR_R_MALLOC_FAILURE); return 0; + } nmatch = tls12_shared_sigalgs(s, salgs, pref, preflen, allow, allowlen); } else { salgs = NULL; @@ -3573,86 +1762,81 @@ static int tls1_set_shared_sigalgs(SSL *s) return 1; } -/* Set preferred digest for each key type */ +int tls1_save_u16(PACKET *pkt, uint16_t **pdest, size_t *pdestlen) +{ + unsigned int stmp; + size_t size, i; + uint16_t *buf; + + size = PACKET_remaining(pkt); + + /* Invalid data length */ + if (size == 0 || (size & 1) != 0) + return 0; + + size >>= 1; -int tls1_save_sigalgs(SSL *s, const unsigned char *data, int dsize) + if ((buf = OPENSSL_malloc(size * sizeof(*buf))) == NULL) { + SSLerr(SSL_F_TLS1_SAVE_U16, ERR_R_MALLOC_FAILURE); + return 0; + } + for (i = 0; i < size && PACKET_get_net_2(pkt, &stmp); i++) + buf[i] = stmp; + + if (i != size) { + OPENSSL_free(buf); + return 0; + } + + OPENSSL_free(*pdest); + *pdest = buf; + *pdestlen = size; + + return 1; +} + +int tls1_save_sigalgs(SSL *s, PACKET *pkt, int cert) { - CERT *c = s->cert; /* Extension ignored for inappropriate versions */ if (!SSL_USE_SIGALGS(s)) return 1; /* Should never happen */ - if (!c) + if (s->cert == NULL) return 0; - OPENSSL_free(s->s3->tmp.peer_sigalgs); - s->s3->tmp.peer_sigalgs = OPENSSL_malloc(dsize); - if (s->s3->tmp.peer_sigalgs == NULL) - return 0; - s->s3->tmp.peer_sigalgslen = dsize; - memcpy(s->s3->tmp.peer_sigalgs, data, dsize); - return 1; + if (cert) + return tls1_save_u16(pkt, &s->s3->tmp.peer_cert_sigalgs, + &s->s3->tmp.peer_cert_sigalgslen); + else + return tls1_save_u16(pkt, &s->s3->tmp.peer_sigalgs, + &s->s3->tmp.peer_sigalgslen); + } +/* Set preferred digest for each key type */ + int tls1_process_sigalgs(SSL *s) { - int idx; size_t i; - const EVP_MD *md; - const EVP_MD **pmd = s->s3->tmp.md; uint32_t *pvalid = s->s3->tmp.valid_flags; CERT *c = s->cert; - TLS_SIGALGS *sigptr; + if (!tls1_set_shared_sigalgs(s)) return 0; - for (i = 0, sigptr = c->shared_sigalgs; - i < c->shared_sigalgslen; i++, sigptr++) { - idx = tls12_get_pkey_idx(sigptr->rsign); - if (idx > 0 && pmd[idx] == NULL) { - md = tls12_get_hash(sigptr->rhash); - pmd[idx] = md; - pvalid[idx] = CERT_PKEY_EXPLICIT_SIGN; - if (idx == SSL_PKEY_RSA_SIGN) { - pvalid[SSL_PKEY_RSA_ENC] = CERT_PKEY_EXPLICIT_SIGN; - pmd[SSL_PKEY_RSA_ENC] = md; - } - } + for (i = 0; i < SSL_PKEY_NUM; i++) + pvalid[i] = 0; - } - /* - * In strict mode leave unset digests as NULL to indicate we can't use - * the certificate for signing. - */ - if (!(s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)) { - /* - * Set any remaining keys to default values. NOTE: if alg is not - * supported it stays as NULL. - */ -#ifndef OPENSSL_NO_DSA - if (pmd[SSL_PKEY_DSA_SIGN] == NULL) - pmd[SSL_PKEY_DSA_SIGN] = EVP_sha1(); -#endif -#ifndef OPENSSL_NO_RSA - if (pmd[SSL_PKEY_RSA_SIGN] == NULL) { - pmd[SSL_PKEY_RSA_SIGN] = EVP_sha1(); - pmd[SSL_PKEY_RSA_ENC] = EVP_sha1(); - } -#endif -#ifndef OPENSSL_NO_EC - if (pmd[SSL_PKEY_ECC] == NULL) - pmd[SSL_PKEY_ECC] = EVP_sha1(); -#endif -#ifndef OPENSSL_NO_GOST - if (pmd[SSL_PKEY_GOST01] == NULL) - pmd[SSL_PKEY_GOST01] = EVP_get_digestbynid(NID_id_GostR3411_94); - if (pmd[SSL_PKEY_GOST12_256] == NULL) - pmd[SSL_PKEY_GOST12_256] = - EVP_get_digestbynid(NID_id_GostR3411_2012_256); - if (pmd[SSL_PKEY_GOST12_512] == NULL) - pmd[SSL_PKEY_GOST12_512] = - EVP_get_digestbynid(NID_id_GostR3411_2012_512); -#endif + for (i = 0; i < c->shared_sigalgslen; i++) { + const SIGALG_LOOKUP *sigptr = c->shared_sigalgs[i]; + int idx = sigptr->sig_idx; + + /* Ignore PKCS1 based sig algs in TLSv1.3 */ + if (SSL_IS_TLS13(s) && sigptr->sig == EVP_PKEY_RSA) + continue; + /* If not disabled indicate we can explicitly sign */ + if (pvalid[idx] == 0 && !ssl_cert_is_disabled(idx)) + pvalid[idx] = CERT_PKEY_EXPLICIT_SIGN | CERT_PKEY_SIGN; } return 1; } @@ -3661,55 +1845,70 @@ int SSL_get_sigalgs(SSL *s, int idx, int *psign, int *phash, int *psignhash, unsigned char *rsig, unsigned char *rhash) { - const unsigned char *psig = s->s3->tmp.peer_sigalgs; - if (psig == NULL) + uint16_t *psig = s->s3->tmp.peer_sigalgs; + size_t numsigalgs = s->s3->tmp.peer_sigalgslen; + if (psig == NULL || numsigalgs > INT_MAX) return 0; if (idx >= 0) { - idx <<= 1; - if (idx >= (int)s->s3->tmp.peer_sigalgslen) + const SIGALG_LOOKUP *lu; + + if (idx >= (int)numsigalgs) return 0; psig += idx; - if (rhash) - *rhash = psig[0]; - if (rsig) - *rsig = psig[1]; - tls1_lookup_sigalg(phash, psign, psignhash, psig); + if (rhash != NULL) + *rhash = (unsigned char)((*psig >> 8) & 0xff); + if (rsig != NULL) + *rsig = (unsigned char)(*psig & 0xff); + lu = tls1_lookup_sigalg(*psig); + if (psign != NULL) + *psign = lu != NULL ? lu->sig : NID_undef; + if (phash != NULL) + *phash = lu != NULL ? lu->hash : NID_undef; + if (psignhash != NULL) + *psignhash = lu != NULL ? lu->sigandhash : NID_undef; } - return s->s3->tmp.peer_sigalgslen / 2; + return (int)numsigalgs; } int SSL_get_shared_sigalgs(SSL *s, int idx, int *psign, int *phash, int *psignhash, unsigned char *rsig, unsigned char *rhash) { - TLS_SIGALGS *shsigalgs = s->cert->shared_sigalgs; - if (!shsigalgs || idx >= (int)s->cert->shared_sigalgslen) + const SIGALG_LOOKUP *shsigalgs; + if (s->cert->shared_sigalgs == NULL + || idx < 0 + || idx >= (int)s->cert->shared_sigalgslen + || s->cert->shared_sigalgslen > INT_MAX) return 0; - shsigalgs += idx; - if (phash) - *phash = shsigalgs->hash_nid; - if (psign) - *psign = shsigalgs->sign_nid; - if (psignhash) - *psignhash = shsigalgs->signandhash_nid; - if (rsig) - *rsig = shsigalgs->rsign; - if (rhash) - *rhash = shsigalgs->rhash; - return s->cert->shared_sigalgslen; -} - -#define MAX_SIGALGLEN (TLSEXT_hash_num * TLSEXT_signature_num * 2) + shsigalgs = s->cert->shared_sigalgs[idx]; + if (phash != NULL) + *phash = shsigalgs->hash; + if (psign != NULL) + *psign = shsigalgs->sig; + if (psignhash != NULL) + *psignhash = shsigalgs->sigandhash; + if (rsig != NULL) + *rsig = (unsigned char)(shsigalgs->sigalg & 0xff); + if (rhash != NULL) + *rhash = (unsigned char)((shsigalgs->sigalg >> 8) & 0xff); + return (int)s->cert->shared_sigalgslen; +} + +/* Maximum possible number of unique entries in sigalgs array */ +#define TLS_MAX_SIGALGCNT (OSSL_NELEM(sigalg_lookup_tbl) * 2) typedef struct { size_t sigalgcnt; - int sigalgs[MAX_SIGALGLEN]; + /* TLSEXT_SIGALG_XXX values */ + uint16_t sigalgs[TLS_MAX_SIGALGCNT]; } sig_cb_st; static void get_sigorhash(int *psig, int *phash, const char *str) { if (strcmp(str, "RSA") == 0) { *psig = EVP_PKEY_RSA; + } else if (strcmp(str, "RSA-PSS") == 0 || strcmp(str, "PSS") == 0) { + *psig = EVP_PKEY_RSA_PSS; } else if (strcmp(str, "DSA") == 0) { *psig = EVP_PKEY_DSA; } else if (strcmp(str, "ECDSA") == 0) { @@ -3720,41 +1919,71 @@ static void get_sigorhash(int *psig, int *phash, const char *str) *phash = OBJ_ln2nid(str); } } +/* Maximum length of a signature algorithm string component */ +#define TLS_MAX_SIGSTRING_LEN 40 static int sig_cb(const char *elem, int len, void *arg) { sig_cb_st *sarg = arg; size_t i; - char etmp[20], *p; + const SIGALG_LOOKUP *s; + char etmp[TLS_MAX_SIGSTRING_LEN], *p; int sig_alg = NID_undef, hash_alg = NID_undef; if (elem == NULL) return 0; - if (sarg->sigalgcnt == MAX_SIGALGLEN) + if (sarg->sigalgcnt == TLS_MAX_SIGALGCNT) return 0; if (len > (int)(sizeof(etmp) - 1)) return 0; memcpy(etmp, elem, len); etmp[len] = 0; p = strchr(etmp, '+'); - if (!p) - return 0; - *p = 0; - p++; - if (!*p) - return 0; - - get_sigorhash(&sig_alg, &hash_alg, etmp); - get_sigorhash(&sig_alg, &hash_alg, p); - - if (sig_alg == NID_undef || hash_alg == NID_undef) - return 0; + /* + * We only allow SignatureSchemes listed in the sigalg_lookup_tbl; + * if there's no '+' in the provided name, look for the new-style combined + * name. If not, match both sig+hash to find the needed SIGALG_LOOKUP. + * Just sig+hash is not unique since TLS 1.3 adds rsa_pss_pss_* and + * rsa_pss_rsae_* that differ only by public key OID; in such cases + * we will pick the _rsae_ variant, by virtue of them appearing earlier + * in the table. + */ + if (p == NULL) { + for (i = 0, s = sigalg_lookup_tbl; i < OSSL_NELEM(sigalg_lookup_tbl); + i++, s++) { + if (s->name != NULL && strcmp(etmp, s->name) == 0) { + sarg->sigalgs[sarg->sigalgcnt++] = s->sigalg; + break; + } + } + if (i == OSSL_NELEM(sigalg_lookup_tbl)) + return 0; + } else { + *p = 0; + p++; + if (*p == 0) + return 0; + get_sigorhash(&sig_alg, &hash_alg, etmp); + get_sigorhash(&sig_alg, &hash_alg, p); + if (sig_alg == NID_undef || hash_alg == NID_undef) + return 0; + for (i = 0, s = sigalg_lookup_tbl; i < OSSL_NELEM(sigalg_lookup_tbl); + i++, s++) { + if (s->hash == hash_alg && s->sig == sig_alg) { + sarg->sigalgs[sarg->sigalgcnt++] = s->sigalg; + break; + } + } + if (i == OSSL_NELEM(sigalg_lookup_tbl)) + return 0; + } - for (i = 0; i < sarg->sigalgcnt; i += 2) { - if (sarg->sigalgs[i] == sig_alg && sarg->sigalgs[i + 1] == hash_alg) + /* Reject duplicates */ + for (i = 0; i < sarg->sigalgcnt - 1; i++) { + if (sarg->sigalgs[i] == sarg->sigalgs[sarg->sigalgcnt - 1]) { + sarg->sigalgcnt--; return 0; + } } - sarg->sigalgs[sarg->sigalgcnt++] = hash_alg; - sarg->sigalgs[sarg->sigalgcnt++] = sig_alg; return 1; } @@ -3770,37 +1999,70 @@ int tls1_set_sigalgs_list(CERT *c, const char *str, int client) return 0; if (c == NULL) return 1; - return tls1_set_sigalgs(c, sig.sigalgs, sig.sigalgcnt, client); + return tls1_set_raw_sigalgs(c, sig.sigalgs, sig.sigalgcnt, client); +} + +int tls1_set_raw_sigalgs(CERT *c, const uint16_t *psigs, size_t salglen, + int client) +{ + uint16_t *sigalgs; + + if ((sigalgs = OPENSSL_malloc(salglen * sizeof(*sigalgs))) == NULL) { + SSLerr(SSL_F_TLS1_SET_RAW_SIGALGS, ERR_R_MALLOC_FAILURE); + return 0; + } + memcpy(sigalgs, psigs, salglen * sizeof(*sigalgs)); + + if (client) { + OPENSSL_free(c->client_sigalgs); + c->client_sigalgs = sigalgs; + c->client_sigalgslen = salglen; + } else { + OPENSSL_free(c->conf_sigalgs); + c->conf_sigalgs = sigalgs; + c->conf_sigalgslen = salglen; + } + + return 1; } int tls1_set_sigalgs(CERT *c, const int *psig_nids, size_t salglen, int client) { - unsigned char *sigalgs, *sptr; - int rhash, rsign; + uint16_t *sigalgs, *sptr; size_t i; + if (salglen & 1) return 0; - sigalgs = OPENSSL_malloc(salglen); - if (sigalgs == NULL) + if ((sigalgs = OPENSSL_malloc((salglen / 2) * sizeof(*sigalgs))) == NULL) { + SSLerr(SSL_F_TLS1_SET_SIGALGS, ERR_R_MALLOC_FAILURE); return 0; + } for (i = 0, sptr = sigalgs; i < salglen; i += 2) { - rhash = tls12_find_id(*psig_nids++, tls12_md, OSSL_NELEM(tls12_md)); - rsign = tls12_find_id(*psig_nids++, tls12_sig, OSSL_NELEM(tls12_sig)); + size_t j; + const SIGALG_LOOKUP *curr; + int md_id = *psig_nids++; + int sig_id = *psig_nids++; + + for (j = 0, curr = sigalg_lookup_tbl; j < OSSL_NELEM(sigalg_lookup_tbl); + j++, curr++) { + if (curr->hash == md_id && curr->sig == sig_id) { + *sptr++ = curr->sigalg; + break; + } + } - if (rhash == -1 || rsign == -1) + if (j == OSSL_NELEM(sigalg_lookup_tbl)) goto err; - *sptr++ = rhash; - *sptr++ = rsign; } if (client) { OPENSSL_free(c->client_sigalgs); c->client_sigalgs = sigalgs; - c->client_sigalgslen = salglen; + c->client_sigalgslen = salglen / 2; } else { OPENSSL_free(c->conf_sigalgs); c->conf_sigalgs = sigalgs; - c->conf_sigalgslen = salglen; + c->conf_sigalgslen = salglen / 2; } return 1; @@ -3820,7 +2082,7 @@ static int tls1_check_sig_alg(CERT *c, X509 *x, int default_nid) if (default_nid) return sig_nid == default_nid ? 1 : 0; for (i = 0; i < c->shared_sigalgslen; i++) - if (sig_nid == c->shared_sigalgs[i].signandhash_nid) + if (sig_nid == c->shared_sigalgs[i]->sigandhash) return 1; return 0; } @@ -3869,7 +2131,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, /* idx == -2 means checking client certificate chains */ if (idx == -2) { cpk = c->key; - idx = cpk - c->pkeys; + idx = (int)(cpk - c->pkeys); } else cpk = c->pkeys + idx; pvalid = s->s3->tmp.valid_flags + idx; @@ -3881,11 +2143,14 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, if (!x || !pk) goto end; } else { + size_t certidx; + if (!x || !pk) return 0; - idx = ssl_cert_type(x, pk); - if (idx == -1) + + if (ssl_cert_lookup_by_pkey(pk, &certidx) == NULL) return 0; + idx = certidx; pvalid = s->s3->tmp.valid_flags + idx; if (c->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT) @@ -3912,40 +2177,40 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, */ if (TLS1_get_version(s) >= TLS1_2_VERSION && strict_mode) { int default_nid; - unsigned char rsign = 0; - if (s->s3->tmp.peer_sigalgs) + int rsign = 0; + if (s->s3->tmp.peer_cert_sigalgs != NULL + || s->s3->tmp.peer_sigalgs != NULL) { default_nid = 0; /* If no sigalgs extension use defaults from RFC5246 */ - else { + } else { switch (idx) { - case SSL_PKEY_RSA_ENC: - case SSL_PKEY_RSA_SIGN: - rsign = TLSEXT_signature_rsa; + case SSL_PKEY_RSA: + rsign = EVP_PKEY_RSA; default_nid = NID_sha1WithRSAEncryption; break; case SSL_PKEY_DSA_SIGN: - rsign = TLSEXT_signature_dsa; + rsign = EVP_PKEY_DSA; default_nid = NID_dsaWithSHA1; break; case SSL_PKEY_ECC: - rsign = TLSEXT_signature_ecdsa; + rsign = EVP_PKEY_EC; default_nid = NID_ecdsa_with_SHA1; break; case SSL_PKEY_GOST01: - rsign = TLSEXT_signature_gostr34102001; + rsign = NID_id_GostR3410_2001; default_nid = NID_id_GostR3411_94_with_GostR3410_2001; break; case SSL_PKEY_GOST12_256: - rsign = TLSEXT_signature_gostr34102012_256; + rsign = NID_id_GostR3410_2012_256; default_nid = NID_id_tc26_signwithdigest_gost3410_2012_256; break; case SSL_PKEY_GOST12_512: - rsign = TLSEXT_signature_gostr34102012_512; + rsign = NID_id_GostR3410_2012_512; default_nid = NID_id_tc26_signwithdigest_gost3410_2012_512; break; @@ -3960,9 +2225,11 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, */ if (default_nid > 0 && c->conf_sigalgs) { size_t j; - const unsigned char *p = c->conf_sigalgs; - for (j = 0; j < c->conf_sigalgslen; j += 2, p += 2) { - if (p[0] == TLSEXT_hash_sha1 && p[1] == rsign) + const uint16_t *p = c->conf_sigalgs; + for (j = 0; j < c->conf_sigalgslen; j++, p++) { + const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(*p); + + if (lu != NULL && lu->hash == NID_sha1 && lu->sig == rsign) break; } if (j == c->conf_sigalgslen) { @@ -3994,7 +2261,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, rv |= CERT_PKEY_EE_SIGNATURE | CERT_PKEY_CA_SIGNATURE; skip_sigs: /* Check cert parameters are consistent */ - if (tls1_check_cert_param(s, x, check_flags ? 1 : 2)) + if (tls1_check_cert_param(s, x, 1)) rv |= CERT_PKEY_EE_PARAM; else if (!check_flags) goto end; @@ -4029,27 +2296,22 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, break; } if (check_type) { - const unsigned char *ctypes; - int ctypelen; - if (c->ctypes) { - ctypes = c->ctypes; - ctypelen = (int)c->ctype_num; - } else { - ctypes = (unsigned char *)s->s3->tmp.ctype; - ctypelen = s->s3->tmp.ctype_num; - } - for (i = 0; i < ctypelen; i++) { - if (ctypes[i] == check_type) { + const uint8_t *ctypes = s->s3->tmp.ctype; + size_t j; + + for (j = 0; j < s->s3->tmp.ctype_len; j++, ctypes++) { + if (*ctypes == check_type) { rv |= CERT_PKEY_CERT_TYPE; break; } } if (!(rv & CERT_PKEY_CERT_TYPE) && !check_flags) goto end; - } else + } else { rv |= CERT_PKEY_CERT_TYPE; + } - ca_dn = s->s3->tmp.ca_names; + ca_dn = s->s3->tmp.peer_ca_names; if (!sk_X509_NAME_num(ca_dn)) rv |= CERT_PKEY_ISSUER_NAME; @@ -4077,12 +2339,9 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, end: - if (TLS1_get_version(s) >= TLS1_2_VERSION) { - if (*pvalid & CERT_PKEY_EXPLICIT_SIGN) - rv |= CERT_PKEY_EXPLICIT_SIGN | CERT_PKEY_SIGN; - else if (s->s3->tmp.md[idx] != NULL) - rv |= CERT_PKEY_SIGN; - } else + if (TLS1_get_version(s) >= TLS1_2_VERSION) + rv |= *pvalid & (CERT_PKEY_EXPLICIT_SIGN | CERT_PKEY_SIGN); + else rv |= CERT_PKEY_SIGN | CERT_PKEY_EXPLICIT_SIGN; /* @@ -4090,11 +2349,11 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, * chain is invalid. */ if (!check_flags) { - if (rv & CERT_PKEY_VALID) + if (rv & CERT_PKEY_VALID) { *pvalid = rv; - else { - /* Preserve explicit sign flag, clear rest */ - *pvalid &= CERT_PKEY_EXPLICIT_SIGN; + } else { + /* Preserve sign and explicit sign flag, clear rest */ + *pvalid &= CERT_PKEY_EXPLICIT_SIGN | CERT_PKEY_SIGN; return 0; } } @@ -4104,13 +2363,15 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, /* Set validity of certificates in an SSL structure */ void tls1_set_cert_validity(SSL *s) { - tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA_ENC); - tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA_SIGN); + tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA); + tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA_PSS_SIGN); tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DSA_SIGN); tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ECC); tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST01); tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST12_256); tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST12_512); + tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ED25519); + tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ED448); } /* User level utility function to check a chain is suitable */ @@ -4131,8 +2392,9 @@ DH *ssl_get_auto_dh(SSL *s) else dh_secbits = 80; } else { - CERT_PKEY *cpk = ssl_get_server_send_pkey(s); - dh_secbits = EVP_PKEY_security_bits(cpk->privatekey); + if (s->s3->tmp.cert == NULL) + return NULL; + dh_secbits = EVP_PKEY_security_bits(s->s3->tmp.cert->privatekey); } if (dh_secbits >= 128) { @@ -4186,23 +2448,19 @@ static int ssl_security_cert_key(SSL *s, SSL_CTX *ctx, X509 *x, int op) static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op) { /* Lookup signature algorithm digest */ - int secbits = -1, md_nid = NID_undef, sig_nid; + int secbits, nid, pknid; /* Don't check signature if self signed */ if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0) return 1; - sig_nid = X509_get_signature_nid(x); - /* We are not able to look up the CA MD for RSA PSS in this version */ - if (sig_nid == NID_rsassaPss) - return 1; - if (sig_nid && OBJ_find_sigid_algs(sig_nid, &md_nid, NULL)) { - const EVP_MD *md; - if (md_nid && (md = EVP_get_digestbynid(md_nid))) - secbits = EVP_MD_size(md) * 4; - } + if (!X509_get_signature_info(x, &nid, &pknid, &secbits, NULL)) + secbits = -1; + /* If digest NID not defined use signature NID */ + if (nid == NID_undef) + nid = pknid; if (s) - return ssl_security(s, op, secbits, md_nid, x); + return ssl_security(s, op, secbits, nid, x); else - return ssl_ctx_security(ctx, op, secbits, md_nid, x); + return ssl_ctx_security(ctx, op, secbits, nid, x); } int ssl_security_cert(SSL *s, SSL_CTX *ctx, X509 *x, int vfy, int is_ee) @@ -4248,3 +2506,272 @@ int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *x, int vfy) } return 1; } + +/* + * For TLS 1.2 servers check if we have a certificate which can be used + * with the signature algorithm "lu" and return index of certificate. + */ + +static int tls12_get_cert_sigalg_idx(const SSL *s, const SIGALG_LOOKUP *lu) +{ + int sig_idx = lu->sig_idx; + const SSL_CERT_LOOKUP *clu = ssl_cert_lookup_by_idx(sig_idx); + + /* If not recognised or not supported by cipher mask it is not suitable */ + if (clu == NULL + || (clu->amask & s->s3->tmp.new_cipher->algorithm_auth) == 0 + || (clu->nid == EVP_PKEY_RSA_PSS + && (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kRSA) != 0)) + return -1; + + return s->s3->tmp.valid_flags[sig_idx] & CERT_PKEY_VALID ? sig_idx : -1; +} + +/* + * Returns true if |s| has a usable certificate configured for use + * with signature scheme |sig|. + * "Usable" includes a check for presence as well as applying + * the signature_algorithm_cert restrictions sent by the peer (if any). + * Returns false if no usable certificate is found. + */ +static int has_usable_cert(SSL *s, const SIGALG_LOOKUP *sig, int idx) +{ + const SIGALG_LOOKUP *lu; + int mdnid, pknid; + size_t i; + + /* TLS 1.2 callers can override lu->sig_idx, but not TLS 1.3 callers. */ + if (idx == -1) + idx = sig->sig_idx; + if (!ssl_has_cert(s, idx)) + return 0; + if (s->s3->tmp.peer_cert_sigalgs != NULL) { + for (i = 0; i < s->s3->tmp.peer_cert_sigalgslen; i++) { + lu = tls1_lookup_sigalg(s->s3->tmp.peer_cert_sigalgs[i]); + if (lu == NULL + || !X509_get_signature_info(s->cert->pkeys[idx].x509, &mdnid, + &pknid, NULL, NULL)) + continue; + /* + * TODO this does not differentiate between the + * rsa_pss_pss_* and rsa_pss_rsae_* schemes since we do not + * have a chain here that lets us look at the key OID in the + * signing certificate. + */ + if (mdnid == lu->hash && pknid == lu->sig) + return 1; + } + return 0; + } + return 1; +} + +/* + * Choose an appropriate signature algorithm based on available certificates + * Sets chosen certificate and signature algorithm. + * + * For servers if we fail to find a required certificate it is a fatal error, + * an appropriate error code is set and a TLS alert is sent. + * + * For clients fatalerrs is set to 0. If a certificate is not suitable it is not + * a fatal error: we will either try another certificate or not present one + * to the server. In this case no error is set. + */ +int tls_choose_sigalg(SSL *s, int fatalerrs) +{ + const SIGALG_LOOKUP *lu = NULL; + int sig_idx = -1; + + s->s3->tmp.cert = NULL; + s->s3->tmp.sigalg = NULL; + + if (SSL_IS_TLS13(s)) { + size_t i; +#ifndef OPENSSL_NO_EC + int curve = -1; +#endif + + /* Look for a certificate matching shared sigalgs */ + for (i = 0; i < s->cert->shared_sigalgslen; i++) { + lu = s->cert->shared_sigalgs[i]; + sig_idx = -1; + + /* Skip SHA1, SHA224, DSA and RSA if not PSS */ + if (lu->hash == NID_sha1 + || lu->hash == NID_sha224 + || lu->sig == EVP_PKEY_DSA + || lu->sig == EVP_PKEY_RSA) + continue; + /* Check that we have a cert, and signature_algorithms_cert */ + if (!tls1_lookup_md(lu, NULL) || !has_usable_cert(s, lu, -1)) + continue; + if (lu->sig == EVP_PKEY_EC) { +#ifndef OPENSSL_NO_EC + if (curve == -1) { + EC_KEY *ec = EVP_PKEY_get0_EC_KEY(s->cert->pkeys[SSL_PKEY_ECC].privatekey); + + curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); + } + if (lu->curve != NID_undef && curve != lu->curve) + continue; +#else + continue; +#endif + } else if (lu->sig == EVP_PKEY_RSA_PSS) { + /* validate that key is large enough for the signature algorithm */ + EVP_PKEY *pkey; + + pkey = s->cert->pkeys[lu->sig_idx].privatekey; + if (!rsa_pss_check_min_key_size(EVP_PKEY_get0(pkey), lu)) + continue; + } + break; + } + if (i == s->cert->shared_sigalgslen) { + if (!fatalerrs) + return 1; + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_CHOOSE_SIGALG, + SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM); + return 0; + } + } else { + /* If ciphersuite doesn't require a cert nothing to do */ + if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aCERT)) + return 1; + if (!s->server && !ssl_has_cert(s, s->cert->key - s->cert->pkeys)) + return 1; + + if (SSL_USE_SIGALGS(s)) { + size_t i; + if (s->s3->tmp.peer_sigalgs != NULL) { +#ifndef OPENSSL_NO_EC + int curve; + + /* For Suite B need to match signature algorithm to curve */ + if (tls1_suiteb(s)) { + EC_KEY *ec = EVP_PKEY_get0_EC_KEY(s->cert->pkeys[SSL_PKEY_ECC].privatekey); + curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); + } else { + curve = -1; + } +#endif + + /* + * Find highest preference signature algorithm matching + * cert type + */ + for (i = 0; i < s->cert->shared_sigalgslen; i++) { + lu = s->cert->shared_sigalgs[i]; + + if (s->server) { + if ((sig_idx = tls12_get_cert_sigalg_idx(s, lu)) == -1) + continue; + } else { + int cc_idx = s->cert->key - s->cert->pkeys; + + sig_idx = lu->sig_idx; + if (cc_idx != sig_idx) + continue; + } + /* Check that we have a cert, and sig_algs_cert */ + if (!has_usable_cert(s, lu, sig_idx)) + continue; + if (lu->sig == EVP_PKEY_RSA_PSS) { + /* validate that key is large enough for the signature algorithm */ + EVP_PKEY *pkey = s->cert->pkeys[sig_idx].privatekey; + + if (!rsa_pss_check_min_key_size(EVP_PKEY_get0(pkey), lu)) + continue; + } +#ifndef OPENSSL_NO_EC + if (curve == -1 || lu->curve == curve) +#endif + break; + } + if (i == s->cert->shared_sigalgslen) { + if (!fatalerrs) + return 1; + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, + SSL_F_TLS_CHOOSE_SIGALG, + SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM); + return 0; + } + } else { + /* + * If we have no sigalg use defaults + */ + const uint16_t *sent_sigs; + size_t sent_sigslen; + + if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) { + if (!fatalerrs) + return 1; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CHOOSE_SIGALG, + ERR_R_INTERNAL_ERROR); + return 0; + } + + /* Check signature matches a type we sent */ + sent_sigslen = tls12_get_psigalgs(s, 1, &sent_sigs); + for (i = 0; i < sent_sigslen; i++, sent_sigs++) { + if (lu->sigalg == *sent_sigs + && has_usable_cert(s, lu, lu->sig_idx)) + break; + } + if (i == sent_sigslen) { + if (!fatalerrs) + return 1; + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, + SSL_F_TLS_CHOOSE_SIGALG, + SSL_R_WRONG_SIGNATURE_TYPE); + return 0; + } + } + } else { + if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) { + if (!fatalerrs) + return 1; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CHOOSE_SIGALG, + ERR_R_INTERNAL_ERROR); + return 0; + } + } + } + if (sig_idx == -1) + sig_idx = lu->sig_idx; + s->s3->tmp.cert = &s->cert->pkeys[sig_idx]; + s->cert->key = s->s3->tmp.cert; + s->s3->tmp.sigalg = lu; + return 1; +} + +int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode) +{ + if (mode != TLSEXT_max_fragment_length_DISABLED + && !IS_MAX_FRAGMENT_LENGTH_EXT_VALID(mode)) { + SSLerr(SSL_F_SSL_CTX_SET_TLSEXT_MAX_FRAGMENT_LENGTH, + SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH); + return 0; + } + + ctx->ext.max_fragment_len_mode = mode; + return 1; +} + +int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode) +{ + if (mode != TLSEXT_max_fragment_length_DISABLED + && !IS_MAX_FRAGMENT_LENGTH_EXT_VALID(mode)) { + SSLerr(SSL_F_SSL_SET_TLSEXT_MAX_FRAGMENT_LENGTH, + SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH); + return 0; + } + + ssl->ext.max_fragment_len_mode = mode; + return 1; +} + +uint8_t SSL_SESSION_get_max_fragment_length(const SSL_SESSION *session) +{ + return session->ext.max_fragment_len_mode; +} diff --git a/deps/openssl/openssl/ssl/t1_reneg.c b/deps/openssl/openssl/ssl/t1_reneg.c deleted file mode 100644 index 01dc403bdb571e..00000000000000 --- a/deps/openssl/openssl/ssl/t1_reneg.c +++ /dev/null @@ -1,165 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "ssl_locl.h" - -/* Add the client's renegotiation binding */ -int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len, - int maxlen) -{ - if (p) { - if ((s->s3->previous_client_finished_len + 1) > maxlen) { - SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT, - SSL_R_RENEGOTIATE_EXT_TOO_LONG); - return 0; - } - - /* Length byte */ - *p = s->s3->previous_client_finished_len; - p++; - - memcpy(p, s->s3->previous_client_finished, - s->s3->previous_client_finished_len); - } - - *len = s->s3->previous_client_finished_len + 1; - - return 1; -} - -/* - * Parse the client's renegotiation binding and abort if it's not right - */ -int ssl_parse_clienthello_renegotiate_ext(SSL *s, PACKET *pkt, int *al) -{ - unsigned int ilen; - const unsigned char *d; - - /* Parse the length byte */ - if (!PACKET_get_1(pkt, &ilen) - || !PACKET_get_bytes(pkt, &d, ilen)) { - SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, - SSL_R_RENEGOTIATION_ENCODING_ERR); - *al = SSL_AD_ILLEGAL_PARAMETER; - return 0; - } - - /* Check that the extension matches */ - if (ilen != s->s3->previous_client_finished_len) { - SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, - SSL_R_RENEGOTIATION_MISMATCH); - *al = SSL_AD_HANDSHAKE_FAILURE; - return 0; - } - - if (memcmp(d, s->s3->previous_client_finished, - s->s3->previous_client_finished_len)) { - SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, - SSL_R_RENEGOTIATION_MISMATCH); - *al = SSL_AD_HANDSHAKE_FAILURE; - return 0; - } - - s->s3->send_connection_binding = 1; - - return 1; -} - -/* Add the server's renegotiation binding */ -int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len, - int maxlen) -{ - if (p) { - if ((s->s3->previous_client_finished_len + - s->s3->previous_server_finished_len + 1) > maxlen) { - SSLerr(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT, - SSL_R_RENEGOTIATE_EXT_TOO_LONG); - return 0; - } - - /* Length byte */ - *p = s->s3->previous_client_finished_len + - s->s3->previous_server_finished_len; - p++; - - memcpy(p, s->s3->previous_client_finished, - s->s3->previous_client_finished_len); - p += s->s3->previous_client_finished_len; - - memcpy(p, s->s3->previous_server_finished, - s->s3->previous_server_finished_len); - } - - *len = s->s3->previous_client_finished_len - + s->s3->previous_server_finished_len + 1; - - return 1; -} - -/* - * Parse the server's renegotiation binding and abort if it's not right - */ -int ssl_parse_serverhello_renegotiate_ext(SSL *s, PACKET *pkt, int *al) -{ - unsigned int expected_len = s->s3->previous_client_finished_len - + s->s3->previous_server_finished_len; - unsigned int ilen; - const unsigned char *data; - - /* Check for logic errors */ - OPENSSL_assert(!expected_len || s->s3->previous_client_finished_len); - OPENSSL_assert(!expected_len || s->s3->previous_server_finished_len); - - /* Parse the length byte */ - if (!PACKET_get_1(pkt, &ilen)) { - SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, - SSL_R_RENEGOTIATION_ENCODING_ERR); - *al = SSL_AD_ILLEGAL_PARAMETER; - return 0; - } - - /* Consistency check */ - if (PACKET_remaining(pkt) != ilen) { - SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, - SSL_R_RENEGOTIATION_ENCODING_ERR); - *al = SSL_AD_ILLEGAL_PARAMETER; - return 0; - } - - /* Check that the extension matches */ - if (ilen != expected_len) { - SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, - SSL_R_RENEGOTIATION_MISMATCH); - *al = SSL_AD_HANDSHAKE_FAILURE; - return 0; - } - - if (!PACKET_get_bytes(pkt, &data, s->s3->previous_client_finished_len) - || memcmp(data, s->s3->previous_client_finished, - s->s3->previous_client_finished_len) != 0) { - SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, - SSL_R_RENEGOTIATION_MISMATCH); - *al = SSL_AD_HANDSHAKE_FAILURE; - return 0; - } - - if (!PACKET_get_bytes(pkt, &data, s->s3->previous_server_finished_len) - || memcmp(data, s->s3->previous_server_finished, - s->s3->previous_server_finished_len) != 0) { - SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, - SSL_R_RENEGOTIATION_MISMATCH); - *al = SSL_AD_ILLEGAL_PARAMETER; - return 0; - } - s->s3->send_connection_binding = 1; - - return 1; -} diff --git a/deps/openssl/openssl/ssl/t1_trce.c b/deps/openssl/openssl/ssl/t1_trce.c index 588cb8cc3d8fc3..be3039af38223d 100644 --- a/deps/openssl/openssl/ssl/t1_trce.c +++ b/deps/openssl/openssl/ssl/t1_trce.c @@ -19,15 +19,17 @@ typedef struct { } ssl_trace_tbl; # define ssl_trace_str(val, tbl) \ - do_ssl_trace_str(val, tbl, OSSL_NELEM(tbl)) + do_ssl_trace_str(val, tbl, OSSL_NELEM(tbl)) # define ssl_trace_list(bio, indent, msg, msglen, value, table) \ - do_ssl_trace_list(bio, indent, msg, msglen, value, \ - table, OSSL_NELEM(table)) + do_ssl_trace_list(bio, indent, msg, msglen, value, \ + table, OSSL_NELEM(table)) -static const char *do_ssl_trace_str(int val, ssl_trace_tbl *tbl, size_t ntbl) +static const char *do_ssl_trace_str(int val, const ssl_trace_tbl *tbl, + size_t ntbl) { size_t i; + for (i = 0; i < ntbl; i++, tbl++) { if (tbl->num == val) return tbl->name; @@ -37,9 +39,10 @@ static const char *do_ssl_trace_str(int val, ssl_trace_tbl *tbl, size_t ntbl) static int do_ssl_trace_list(BIO *bio, int indent, const unsigned char *msg, size_t msglen, - size_t vlen, ssl_trace_tbl *tbl, size_t ntbl) + size_t vlen, const ssl_trace_tbl *tbl, size_t ntbl) { int val; + if (msglen % vlen) return 0; while (msglen) { @@ -56,73 +59,80 @@ static int do_ssl_trace_list(BIO *bio, int indent, /* Version number */ -static ssl_trace_tbl ssl_version_tbl[] = { +static const ssl_trace_tbl ssl_version_tbl[] = { {SSL3_VERSION, "SSL 3.0"}, {TLS1_VERSION, "TLS 1.0"}, {TLS1_1_VERSION, "TLS 1.1"}, {TLS1_2_VERSION, "TLS 1.2"}, + {TLS1_3_VERSION, "TLS 1.3"}, {DTLS1_VERSION, "DTLS 1.0"}, {DTLS1_2_VERSION, "DTLS 1.2"}, {DTLS1_BAD_VER, "DTLS 1.0 (bad)"} }; -static ssl_trace_tbl ssl_content_tbl[] = { +static const ssl_trace_tbl ssl_content_tbl[] = { {SSL3_RT_CHANGE_CIPHER_SPEC, "ChangeCipherSpec"}, {SSL3_RT_ALERT, "Alert"}, {SSL3_RT_HANDSHAKE, "Handshake"}, {SSL3_RT_APPLICATION_DATA, "ApplicationData"}, - {DTLS1_RT_HEARTBEAT, "HeartBeat"} }; -/* Handshake types */ -static ssl_trace_tbl ssl_handshake_tbl[] = { +/* Handshake types, sorted by ascending id */ +static const ssl_trace_tbl ssl_handshake_tbl[] = { {SSL3_MT_HELLO_REQUEST, "HelloRequest"}, {SSL3_MT_CLIENT_HELLO, "ClientHello"}, {SSL3_MT_SERVER_HELLO, "ServerHello"}, {DTLS1_MT_HELLO_VERIFY_REQUEST, "HelloVerifyRequest"}, {SSL3_MT_NEWSESSION_TICKET, "NewSessionTicket"}, + {SSL3_MT_END_OF_EARLY_DATA, "EndOfEarlyData"}, + {SSL3_MT_ENCRYPTED_EXTENSIONS, "EncryptedExtensions"}, {SSL3_MT_CERTIFICATE, "Certificate"}, {SSL3_MT_SERVER_KEY_EXCHANGE, "ServerKeyExchange"}, {SSL3_MT_CERTIFICATE_REQUEST, "CertificateRequest"}, - {SSL3_MT_CLIENT_KEY_EXCHANGE, "ClientKeyExchange"}, - {SSL3_MT_CERTIFICATE_STATUS, "CertificateStatus"}, {SSL3_MT_SERVER_DONE, "ServerHelloDone"}, {SSL3_MT_CERTIFICATE_VERIFY, "CertificateVerify"}, {SSL3_MT_CLIENT_KEY_EXCHANGE, "ClientKeyExchange"}, {SSL3_MT_FINISHED, "Finished"}, - {SSL3_MT_CERTIFICATE_STATUS, "CertificateStatus"} + {SSL3_MT_CERTIFICATE_URL, "CertificateUrl"}, + {SSL3_MT_CERTIFICATE_STATUS, "CertificateStatus"}, + {SSL3_MT_SUPPLEMENTAL_DATA, "SupplementalData"}, + {SSL3_MT_KEY_UPDATE, "KeyUpdate"}, +# ifndef OPENSSL_NO_NEXTPROTONEG + {SSL3_MT_NEXT_PROTO, "NextProto"}, +# endif + {SSL3_MT_MESSAGE_HASH, "MessageHash"} }; /* Cipher suites */ -static ssl_trace_tbl ssl_ciphers_tbl[] = { - {0x0000, "SSL_NULL_WITH_NULL_NULL"}, - {0x0001, "SSL_RSA_WITH_NULL_MD5"}, - {0x0002, "SSL_RSA_WITH_NULL_SHA"}, - {0x0003, "SSL_RSA_EXPORT_WITH_RC4_40_MD5"}, - {0x0004, "SSL_RSA_WITH_RC4_128_MD5"}, - {0x0005, "SSL_RSA_WITH_RC4_128_SHA"}, - {0x0006, "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5"}, - {0x0007, "SSL_RSA_WITH_IDEA_CBC_SHA"}, - {0x0008, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA"}, - {0x0009, "SSL_RSA_WITH_DES_CBC_SHA"}, - {0x000A, "SSL_RSA_WITH_3DES_EDE_CBC_SHA"}, - {0x000B, "SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"}, - {0x000C, "SSL_DH_DSS_WITH_DES_CBC_SHA"}, - {0x000D, "SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA"}, - {0x000E, "SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"}, - {0x000F, "SSL_DH_RSA_WITH_DES_CBC_SHA"}, - {0x0010, "SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA"}, - {0x0011, "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"}, - {0x0012, "SSL_DHE_DSS_WITH_DES_CBC_SHA"}, - {0x0013, "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"}, - {0x0014, "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"}, - {0x0015, "SSL_DHE_RSA_WITH_DES_CBC_SHA"}, - {0x0016, "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA"}, - {0x0017, "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5"}, - {0x0018, "SSL_DH_anon_WITH_RC4_128_MD5"}, - {0x0019, "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"}, - {0x001A, "SSL_DH_anon_WITH_DES_CBC_SHA"}, - {0x001B, "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"}, +static const ssl_trace_tbl ssl_ciphers_tbl[] = { + {0x0000, "TLS_NULL_WITH_NULL_NULL"}, + {0x0001, "TLS_RSA_WITH_NULL_MD5"}, + {0x0002, "TLS_RSA_WITH_NULL_SHA"}, + {0x0003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5"}, + {0x0004, "TLS_RSA_WITH_RC4_128_MD5"}, + {0x0005, "TLS_RSA_WITH_RC4_128_SHA"}, + {0x0006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5"}, + {0x0007, "TLS_RSA_WITH_IDEA_CBC_SHA"}, + {0x0008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"}, + {0x0009, "TLS_RSA_WITH_DES_CBC_SHA"}, + {0x000A, "TLS_RSA_WITH_3DES_EDE_CBC_SHA"}, + {0x000B, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"}, + {0x000C, "TLS_DH_DSS_WITH_DES_CBC_SHA"}, + {0x000D, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA"}, + {0x000E, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"}, + {0x000F, "TLS_DH_RSA_WITH_DES_CBC_SHA"}, + {0x0010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA"}, + {0x0011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"}, + {0x0012, "TLS_DHE_DSS_WITH_DES_CBC_SHA"}, + {0x0013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"}, + {0x0014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"}, + {0x0015, "TLS_DHE_RSA_WITH_DES_CBC_SHA"}, + {0x0016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"}, + {0x0017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5"}, + {0x0018, "TLS_DH_anon_WITH_RC4_128_MD5"}, + {0x0019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA"}, + {0x001A, "TLS_DH_anon_WITH_DES_CBC_SHA"}, + {0x001B, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA"}, {0x001D, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA"}, {0x001E, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA"}, {0x001F, "TLS_KRB5_WITH_3DES_EDE_CBC_SHA"}, @@ -172,6 +182,8 @@ static ssl_trace_tbl ssl_ciphers_tbl[] = { {0x006B, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"}, {0x006C, "TLS_DH_anon_WITH_AES_128_CBC_SHA256"}, {0x006D, "TLS_DH_anon_WITH_AES_256_CBC_SHA256"}, + {0x0081, "TLS_GOSTR341001_WITH_28147_CNT_IMIT"}, + {0x0083, "TLS_GOSTR341001_WITH_NULL_GOSTR3411"}, {0x0084, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"}, {0x0085, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA"}, {0x0086, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA"}, @@ -422,18 +434,25 @@ static ssl_trace_tbl ssl_ciphers_tbl[] = { {0xCCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"}, {0xCCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256"}, {0xCCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256"}, + {0x1301, "TLS_AES_128_GCM_SHA256"}, + {0x1302, "TLS_AES_256_GCM_SHA384"}, + {0x1303, "TLS_CHACHA20_POLY1305_SHA256"}, + {0x1304, "TLS_AES_128_CCM_SHA256"}, + {0x1305, "TLS_AES_128_CCM_8_SHA256"}, {0xFEFE, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"}, {0xFEFF, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"}, + {0xFF85, "GOST2012-GOST8912-GOST8912"}, + {0xFF87, "GOST2012-NULL-GOST12"}, }; /* Compression methods */ -static ssl_trace_tbl ssl_comp_tbl[] = { +static const ssl_trace_tbl ssl_comp_tbl[] = { {0x0000, "No Compression"}, {0x0001, "Zlib Compression"} }; -/* Extensions */ -static ssl_trace_tbl ssl_exts_tbl[] = { +/* Extensions sorted by ascending id */ +static const ssl_trace_tbl ssl_exts_tbl[] = { {TLSEXT_TYPE_server_name, "server_name"}, {TLSEXT_TYPE_max_fragment_length, "max_fragment_length"}, {TLSEXT_TYPE_client_certificate_url, "client_certificate_url"}, @@ -444,24 +463,35 @@ static ssl_trace_tbl ssl_exts_tbl[] = { {TLSEXT_TYPE_client_authz, "client_authz"}, {TLSEXT_TYPE_server_authz, "server_authz"}, {TLSEXT_TYPE_cert_type, "cert_type"}, - {TLSEXT_TYPE_elliptic_curves, "elliptic_curves"}, + {TLSEXT_TYPE_supported_groups, "supported_groups"}, {TLSEXT_TYPE_ec_point_formats, "ec_point_formats"}, {TLSEXT_TYPE_srp, "srp"}, {TLSEXT_TYPE_signature_algorithms, "signature_algorithms"}, {TLSEXT_TYPE_use_srtp, "use_srtp"}, - {TLSEXT_TYPE_heartbeat, "heartbeat"}, + {TLSEXT_TYPE_heartbeat, "tls_heartbeat"}, + {TLSEXT_TYPE_application_layer_protocol_negotiation, + "application_layer_protocol_negotiation"}, + {TLSEXT_TYPE_signed_certificate_timestamp, "signed_certificate_timestamps"}, + {TLSEXT_TYPE_padding, "padding"}, + {TLSEXT_TYPE_encrypt_then_mac, "encrypt_then_mac"}, + {TLSEXT_TYPE_extended_master_secret, "extended_master_secret"}, {TLSEXT_TYPE_session_ticket, "session_ticket"}, + {TLSEXT_TYPE_psk, "psk"}, + {TLSEXT_TYPE_early_data, "early_data"}, + {TLSEXT_TYPE_supported_versions, "supported_versions"}, + {TLSEXT_TYPE_cookie, "cookie_ext"}, + {TLSEXT_TYPE_psk_kex_modes, "psk_key_exchange_modes"}, + {TLSEXT_TYPE_certificate_authorities, "certificate_authorities"}, + {TLSEXT_TYPE_post_handshake_auth, "post_handshake_auth"}, + {TLSEXT_TYPE_signature_algorithms_cert, "signature_algorithms_cert"}, + {TLSEXT_TYPE_key_share, "key_share"}, {TLSEXT_TYPE_renegotiate, "renegotiate"}, # ifndef OPENSSL_NO_NEXTPROTONEG {TLSEXT_TYPE_next_proto_neg, "next_proto_neg"}, # endif - {TLSEXT_TYPE_signed_certificate_timestamp, "signed_certificate_timestamps"}, - {TLSEXT_TYPE_padding, "padding"}, - {TLSEXT_TYPE_encrypt_then_mac, "encrypt_then_mac"}, - {TLSEXT_TYPE_extended_master_secret, "extended_master_secret"} }; -static ssl_trace_tbl ssl_curve_tbl[] = { +static const ssl_trace_tbl ssl_groups_tbl[] = { {1, "sect163k1 (K-163)"}, {2, "sect163r1"}, {3, "sect163r2 (B-163)"}, @@ -491,50 +521,60 @@ static ssl_trace_tbl ssl_curve_tbl[] = { {27, "brainpoolP384r1"}, {28, "brainpoolP512r1"}, {29, "ecdh_x25519"}, + {30, "ecdh_x448"}, + {256, "ffdhe2048"}, + {257, "ffdhe3072"}, + {258, "ffdhe4096"}, + {259, "ffdhe6144"}, + {260, "ffdhe8192"}, {0xFF01, "arbitrary_explicit_prime_curves"}, {0xFF02, "arbitrary_explicit_char2_curves"} }; -static ssl_trace_tbl ssl_point_tbl[] = { +static const ssl_trace_tbl ssl_point_tbl[] = { {0, "uncompressed"}, {1, "ansiX962_compressed_prime"}, {2, "ansiX962_compressed_char2"} }; -static ssl_trace_tbl ssl_md_tbl[] = { - {TLSEXT_hash_none, "none"}, - {TLSEXT_hash_md5, "md5"}, - {TLSEXT_hash_sha1, "sha1"}, - {TLSEXT_hash_sha224, "sha224"}, - {TLSEXT_hash_sha256, "sha256"}, - {TLSEXT_hash_sha384, "sha384"}, - {TLSEXT_hash_sha512, "sha512"}, - {TLSEXT_hash_gostr3411, "md_gost94"}, - {TLSEXT_hash_gostr34112012_256, "md_gost2012_256"}, - {TLSEXT_hash_gostr34112012_512, "md_gost2012_512"} +static const ssl_trace_tbl ssl_mfl_tbl[] = { + {0, "disabled"}, + {1, "max_fragment_length := 2^9 (512 bytes)"}, + {2, "max_fragment_length := 2^10 (1024 bytes)"}, + {3, "max_fragment_length := 2^11 (2048 bytes)"}, + {4, "max_fragment_length := 2^12 (4096 bytes)"} }; -static ssl_trace_tbl ssl_sig_tbl[] = { - {TLSEXT_signature_anonymous, "anonymous"}, - {TLSEXT_signature_rsa, "rsa"}, - {TLSEXT_signature_dsa, "dsa"}, - {TLSEXT_signature_ecdsa, "ecdsa"}, - {TLSEXT_signature_gostr34102001, "gost2001"}, - {TLSEXT_signature_gostr34102012_256, "gost2012_256"}, - {TLSEXT_signature_gostr34102012_512, "gost2012_512"} +static const ssl_trace_tbl ssl_sigalg_tbl[] = { + {TLSEXT_SIGALG_ecdsa_secp256r1_sha256, "ecdsa_secp256r1_sha256"}, + {TLSEXT_SIGALG_ecdsa_secp384r1_sha384, "ecdsa_secp384r1_sha384"}, + {TLSEXT_SIGALG_ecdsa_secp521r1_sha512, "ecdsa_secp521r1_sha512"}, + {TLSEXT_SIGALG_ecdsa_sha224, "ecdsa_sha224"}, + {TLSEXT_SIGALG_ed25519, "ed25519"}, + {TLSEXT_SIGALG_ed448, "ed448"}, + {TLSEXT_SIGALG_ecdsa_sha1, "ecdsa_sha1"}, + {TLSEXT_SIGALG_rsa_pss_rsae_sha256, "rsa_pss_rsae_sha256"}, + {TLSEXT_SIGALG_rsa_pss_rsae_sha384, "rsa_pss_rsae_sha384"}, + {TLSEXT_SIGALG_rsa_pss_rsae_sha512, "rsa_pss_rsae_sha512"}, + {TLSEXT_SIGALG_rsa_pss_pss_sha256, "rsa_pss_pss_sha256"}, + {TLSEXT_SIGALG_rsa_pss_pss_sha384, "rsa_pss_pss_sha384"}, + {TLSEXT_SIGALG_rsa_pss_pss_sha512, "rsa_pss_pss_sha512"}, + {TLSEXT_SIGALG_rsa_pkcs1_sha256, "rsa_pkcs1_sha256"}, + {TLSEXT_SIGALG_rsa_pkcs1_sha384, "rsa_pkcs1_sha384"}, + {TLSEXT_SIGALG_rsa_pkcs1_sha512, "rsa_pkcs1_sha512"}, + {TLSEXT_SIGALG_rsa_pkcs1_sha224, "rsa_pkcs1_sha224"}, + {TLSEXT_SIGALG_rsa_pkcs1_sha1, "rsa_pkcs1_sha1"}, + {TLSEXT_SIGALG_dsa_sha256, "dsa_sha256"}, + {TLSEXT_SIGALG_dsa_sha384, "dsa_sha384"}, + {TLSEXT_SIGALG_dsa_sha512, "dsa_sha512"}, + {TLSEXT_SIGALG_dsa_sha224, "dsa_sha224"}, + {TLSEXT_SIGALG_dsa_sha1, "dsa_sha1"}, + {TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256, "gost2012_256"}, + {TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, "gost2012_512"}, + {TLSEXT_SIGALG_gostr34102001_gostr3411, "gost2001_gost94"}, }; -static ssl_trace_tbl ssl_hb_tbl[] = { - {1, "peer_allowed_to_send"}, - {2, "peer_not_allowed_to_send"} -}; - -static ssl_trace_tbl ssl_hb_type_tbl[] = { - {1, "heartbeat_request"}, - {2, "heartbeat_response"} -}; - -static ssl_trace_tbl ssl_ctype_tbl[] = { +static const ssl_trace_tbl ssl_ctype_tbl[] = { {1, "rsa_sign"}, {2, "dss_sign"}, {3, "rsa_fixed_dh"}, @@ -547,10 +587,21 @@ static ssl_trace_tbl ssl_ctype_tbl[] = { {66, "ecdsa_fixed_ecdh"} }; +static const ssl_trace_tbl ssl_psk_kex_modes_tbl[] = { + {TLSEXT_KEX_MODE_KE, "psk_ke"}, + {TLSEXT_KEX_MODE_KE_DHE, "psk_dhe_ke"} +}; + +static const ssl_trace_tbl ssl_key_update_tbl[] = { + {SSL_KEY_UPDATE_NOT_REQUESTED, "update_not_requested"}, + {SSL_KEY_UPDATE_REQUESTED, "update_requested"} +}; + static void ssl_print_hex(BIO *bio, int indent, const char *name, const unsigned char *msg, size_t msglen) { size_t i; + BIO_indent(bio, indent, 80); BIO_printf(bio, "%s (len=%d): ", name, (int)msglen); for (i = 0; i < msglen; i++) @@ -558,12 +609,12 @@ static void ssl_print_hex(BIO *bio, int indent, const char *name, BIO_puts(bio, "\n"); } -static int ssl_print_hexbuf(BIO *bio, int indent, - const char *name, size_t nlen, +static int ssl_print_hexbuf(BIO *bio, int indent, const char *name, size_t nlen, const unsigned char **pmsg, size_t *pmsglen) { size_t blen; const unsigned char *p = *pmsg; + if (*pmsglen < nlen) return 0; blen = p[0]; @@ -579,12 +630,16 @@ static int ssl_print_hexbuf(BIO *bio, int indent, } static int ssl_print_version(BIO *bio, int indent, const char *name, - const unsigned char **pmsg, size_t *pmsglen) + const unsigned char **pmsg, size_t *pmsglen, + unsigned int *version) { int vers; + if (*pmsglen < 2) return 0; vers = ((*pmsg)[0] << 8) | (*pmsg)[1]; + if (version != NULL) + *version = vers; BIO_indent(bio, indent, 80); BIO_printf(bio, "%s=0x%x (%s)\n", name, vers, ssl_trace_str(vers, ssl_version_tbl)); @@ -598,6 +653,7 @@ static int ssl_print_random(BIO *bio, int indent, { unsigned int tm; const unsigned char *p = *pmsg; + if (*pmsglen < 32) return 0; tm = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; @@ -612,31 +668,42 @@ static int ssl_print_random(BIO *bio, int indent, return 1; } -static int ssl_print_signature(BIO *bio, int indent, SSL *s, +static int ssl_print_signature(BIO *bio, int indent, const SSL *ssl, const unsigned char **pmsg, size_t *pmsglen) { if (*pmsglen < 2) return 0; - if (SSL_USE_SIGALGS(s)) { + if (SSL_USE_SIGALGS(ssl)) { const unsigned char *p = *pmsg; + unsigned int sigalg = (p[0] << 8) | p[1]; + BIO_indent(bio, indent, 80); - BIO_printf(bio, "Signature Algorithm %s+%s (%d+%d)\n", - ssl_trace_str(p[0], ssl_md_tbl), - ssl_trace_str(p[1], ssl_sig_tbl), p[0], p[1]); + BIO_printf(bio, "Signature Algorithm: %s (0x%04x)\n", + ssl_trace_str(sigalg, ssl_sigalg_tbl), sigalg); *pmsg += 2; *pmsglen -= 2; } return ssl_print_hexbuf(bio, indent, "Signature", 2, pmsg, pmsglen); } -static int ssl_print_extension(BIO *bio, int indent, int server, int extype, +static int ssl_print_extension(BIO *bio, int indent, int server, + unsigned char mt, int extype, const unsigned char *ext, size_t extlen) { - size_t xlen; + size_t xlen, share_len; + unsigned int sigalg; + uint32_t max_early_data; + BIO_indent(bio, indent, 80); BIO_printf(bio, "extension_type=%s(%d), length=%d\n", ssl_trace_str(extype, ssl_exts_tbl), extype, (int)extlen); switch (extype) { + case TLSEXT_TYPE_max_fragment_length: + if (extlen < 1) + return 0; + xlen = extlen; + return ssl_trace_list(bio, indent + 2, ext, xlen, 1, ssl_mfl_tbl); + case TLSEXT_TYPE_ec_point_formats: if (extlen < 1) return 0; @@ -645,13 +712,32 @@ static int ssl_print_extension(BIO *bio, int indent, int server, int extype, return 0; return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 1, ssl_point_tbl); - case TLSEXT_TYPE_elliptic_curves: + case TLSEXT_TYPE_supported_groups: if (extlen < 2) return 0; xlen = (ext[0] << 8) | ext[1]; if (extlen != xlen + 2) return 0; - return ssl_trace_list(bio, indent + 2, ext + 2, xlen, 2, ssl_curve_tbl); + return ssl_trace_list(bio, indent + 2, ext + 2, xlen, 2, ssl_groups_tbl); + case TLSEXT_TYPE_application_layer_protocol_negotiation: + if (extlen < 2) + return 0; + xlen = (ext[0] << 8) | ext[1]; + if (extlen != xlen + 2) + return 0; + ext += 2; + while (xlen > 0) { + size_t plen = *ext++; + + if (plen + 1 > xlen) + return 0; + BIO_indent(bio, indent + 2, 80); + BIO_write(bio, ext, plen); + BIO_puts(bio, "\n"); + ext += plen; + xlen -= plen + 1; + } + return 1; case TLSEXT_TYPE_signature_algorithms: @@ -665,9 +751,9 @@ static int ssl_print_extension(BIO *bio, int indent, int server, int extype, ext += 2; while (xlen > 0) { BIO_indent(bio, indent + 2, 80); - BIO_printf(bio, "%s+%s (%d+%d)\n", - ssl_trace_str(ext[0], ssl_md_tbl), - ssl_trace_str(ext[1], ssl_sig_tbl), ext[0], ext[1]); + sigalg = (ext[0] << 8) | ext[1]; + BIO_printf(bio, "%s (0x%04x)\n", + ssl_trace_str(sigalg, ssl_sigalg_tbl), sigalg); xlen -= 2; ext += 2; } @@ -698,18 +784,92 @@ static int ssl_print_extension(BIO *bio, int indent, int server, int extype, break; case TLSEXT_TYPE_heartbeat: - if (extlen != 1) - return 0; - BIO_indent(bio, indent + 2, 80); - BIO_printf(bio, "HeartbeatMode: %s\n", - ssl_trace_str(ext[0], ssl_hb_tbl)); - break; + return 0; case TLSEXT_TYPE_session_ticket: if (extlen != 0) ssl_print_hex(bio, indent + 4, "ticket", ext, extlen); break; + case TLSEXT_TYPE_key_share: + if (server && extlen == 2) { + int group_id; + + /* We assume this is an HRR, otherwise this is an invalid key_share */ + group_id = (ext[0] << 8) | ext[1]; + BIO_indent(bio, indent + 4, 80); + BIO_printf(bio, "NamedGroup: %s (%d)\n", + ssl_trace_str(group_id, ssl_groups_tbl), group_id); + break; + } + if (extlen < 2) + return 0; + if (server) { + xlen = extlen; + } else { + xlen = (ext[0] << 8) | ext[1]; + if (extlen != xlen + 2) + return 0; + ext += 2; + } + for (; xlen > 0; ext += share_len, xlen -= share_len) { + int group_id; + + if (xlen < 4) + return 0; + group_id = (ext[0] << 8) | ext[1]; + share_len = (ext[2] << 8) | ext[3]; + ext += 4; + xlen -= 4; + if (xlen < share_len) + return 0; + BIO_indent(bio, indent + 4, 80); + BIO_printf(bio, "NamedGroup: %s (%d)\n", + ssl_trace_str(group_id, ssl_groups_tbl), group_id); + ssl_print_hex(bio, indent + 4, "key_exchange: ", ext, share_len); + } + break; + + case TLSEXT_TYPE_supported_versions: + if (server) { + int version; + + if (extlen != 2) + return 0; + version = (ext[0] << 8) | ext[1]; + BIO_indent(bio, indent + 4, 80); + BIO_printf(bio, "%s (%d)\n", + ssl_trace_str(version, ssl_version_tbl), version); + break; + } + if (extlen < 1) + return 0; + xlen = ext[0]; + if (extlen != xlen + 1) + return 0; + return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 2, + ssl_version_tbl); + + case TLSEXT_TYPE_psk_kex_modes: + if (extlen < 1) + return 0; + xlen = ext[0]; + if (extlen != xlen + 1) + return 0; + return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 1, + ssl_psk_kex_modes_tbl); + + case TLSEXT_TYPE_early_data: + if (mt != SSL3_MT_NEWSESSION_TICKET) + break; + if (extlen != 4) + return 0; + max_early_data = (ext[0] << 24) | (ext[1] << 16) | (ext[2] << 8) + | ext[3]; + BIO_indent(bio, indent + 2, 80); + BIO_printf(bio, "max_early_data=%u\n", max_early_data); + break; + default: BIO_dump_indent(bio, (const char *)ext, extlen, indent + 2); } @@ -717,46 +877,65 @@ static int ssl_print_extension(BIO *bio, int indent, int server, int extype, } static int ssl_print_extensions(BIO *bio, int indent, int server, - const unsigned char *msg, size_t msglen) + unsigned char mt, const unsigned char **msgin, + size_t *msginlen) { - size_t extslen; + size_t extslen, msglen = *msginlen; + const unsigned char *msg = *msgin; + BIO_indent(bio, indent, 80); if (msglen == 0) { - BIO_puts(bio, "No Extensions\n"); + BIO_puts(bio, "No extensions\n"); return 1; } if (msglen < 2) return 0; extslen = (msg[0] << 8) | msg[1]; - if (extslen != msglen - 2) - return 0; + msglen -= 2; msg += 2; - msglen = extslen; - BIO_printf(bio, "extensions, length = %d\n", (int)msglen); - while (msglen > 0) { + if (extslen == 0) { + BIO_puts(bio, "No extensions\n"); + *msgin = msg; + *msginlen = msglen; + return 1; + } + if (extslen > msglen) + return 0; + BIO_printf(bio, "extensions, length = %d\n", (int)extslen); + msglen -= extslen; + while (extslen > 0) { int extype; size_t extlen; - if (msglen < 4) + if (extslen < 4) return 0; extype = (msg[0] << 8) | msg[1]; extlen = (msg[2] << 8) | msg[3]; - if (msglen < extlen + 4) + if (extslen < extlen + 4) { + BIO_printf(bio, "extensions, extype = %d, extlen = %d\n", extype, + (int)extlen); + BIO_dump_indent(bio, (const char *)msg, extslen, indent + 2); return 0; + } msg += 4; - if (!ssl_print_extension(bio, indent + 2, server, extype, msg, extlen)) + if (!ssl_print_extension(bio, indent + 2, server, mt, extype, msg, + extlen)) return 0; msg += extlen; - msglen -= extlen + 4; + extslen -= extlen + 4; } + + *msgin = msg; + *msginlen = msglen; return 1; } -static int ssl_print_client_hello(BIO *bio, SSL *ssl, int indent, +static int ssl_print_client_hello(BIO *bio, const SSL *ssl, int indent, const unsigned char *msg, size_t msglen) { size_t len; unsigned int cs; - if (!ssl_print_version(bio, indent, "client_version", &msg, &msglen)) + + if (!ssl_print_version(bio, indent, "client_version", &msg, &msglen, NULL)) return 0; if (!ssl_print_random(bio, indent, &msg, &msglen)) return 0; @@ -801,7 +980,8 @@ static int ssl_print_client_hello(BIO *bio, SSL *ssl, int indent, msglen--; len--; } - if (!ssl_print_extensions(bio, indent, 0, msg, msglen)) + if (!ssl_print_extensions(bio, indent, 0, SSL3_MT_CLIENT_HELLO, &msg, + &msglen)) return 0; return 1; } @@ -809,7 +989,7 @@ static int ssl_print_client_hello(BIO *bio, SSL *ssl, int indent, static int dtls_print_hello_vfyrequest(BIO *bio, int indent, const unsigned char *msg, size_t msglen) { - if (!ssl_print_version(bio, indent, "server_version", &msg, &msglen)) + if (!ssl_print_version(bio, indent, "server_version", &msg, &msglen, NULL)) return 0; if (!ssl_print_hexbuf(bio, indent, "cookie", 1, &msg, &msglen)) return 0; @@ -820,11 +1000,14 @@ static int ssl_print_server_hello(BIO *bio, int indent, const unsigned char *msg, size_t msglen) { unsigned int cs; - if (!ssl_print_version(bio, indent, "server_version", &msg, &msglen)) + unsigned int vers; + + if (!ssl_print_version(bio, indent, "server_version", &msg, &msglen, &vers)) return 0; if (!ssl_print_random(bio, indent, &msg, &msglen)) return 0; - if (!ssl_print_hexbuf(bio, indent, "session_id", 1, &msg, &msglen)) + if (vers != TLS1_3_VERSION + && !ssl_print_hexbuf(bio, indent, "session_id", 1, &msg, &msglen)) return 0; if (msglen < 2) return 0; @@ -834,21 +1017,25 @@ static int ssl_print_server_hello(BIO *bio, int indent, msg[0], msg[1], ssl_trace_str(cs, ssl_ciphers_tbl)); msg += 2; msglen -= 2; - if (msglen < 1) - return 0; - BIO_indent(bio, indent, 80); - BIO_printf(bio, "compression_method: %s (0x%02X)\n", - ssl_trace_str(msg[0], ssl_comp_tbl), msg[0]); - msg++; - msglen--; - if (!ssl_print_extensions(bio, indent, 1, msg, msglen)) + if (vers != TLS1_3_VERSION) { + if (msglen < 1) + return 0; + BIO_indent(bio, indent, 80); + BIO_printf(bio, "compression_method: %s (0x%02X)\n", + ssl_trace_str(msg[0], ssl_comp_tbl), msg[0]); + msg++; + msglen--; + } + if (!ssl_print_extensions(bio, indent, 1, SSL3_MT_SERVER_HELLO, &msg, + &msglen)) return 0; return 1; } -static int ssl_get_keyex(const char **pname, SSL *ssl) +static int ssl_get_keyex(const char **pname, const SSL *ssl) { unsigned long alg_k = ssl->s3->tmp.new_cipher->algorithm_mkey; + if (alg_k & SSL_kRSA) { *pname = "rsa"; return SSL_kRSA; @@ -889,12 +1076,12 @@ static int ssl_get_keyex(const char **pname, SSL *ssl) return 0; } -static int ssl_print_client_keyex(BIO *bio, int indent, SSL *ssl, +static int ssl_print_client_keyex(BIO *bio, int indent, const SSL *ssl, const unsigned char *msg, size_t msglen) { const char *algname; - int id; - id = ssl_get_keyex(&algname, ssl); + int id = ssl_get_keyex(&algname, ssl); + BIO_indent(bio, indent, 80); BIO_printf(bio, "KeyExchangeAlgorithm=%s\n", algname); if (id & SSL_PSK) { @@ -908,10 +1095,10 @@ static int ssl_print_client_keyex(BIO *bio, int indent, SSL *ssl, case SSL_kRSAPSK: if (TLS1_get_version(ssl) == SSL3_VERSION) { ssl_print_hex(bio, indent + 2, - "EncyptedPreMasterSecret", msg, msglen); + "EncryptedPreMasterSecret", msg, msglen); } else { if (!ssl_print_hexbuf(bio, indent + 2, - "EncyptedPreMasterSecret", 2, &msg, &msglen)) + "EncryptedPreMasterSecret", 2, &msg, &msglen)) return 0; } break; @@ -933,12 +1120,12 @@ static int ssl_print_client_keyex(BIO *bio, int indent, SSL *ssl, return !msglen; } -static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl, +static int ssl_print_server_keyex(BIO *bio, int indent, const SSL *ssl, const unsigned char *msg, size_t msglen) { const char *algname; - int id; - id = ssl_get_keyex(&algname, ssl); + int id = ssl_get_keyex(&algname, ssl); + BIO_indent(bio, indent, 80); BIO_printf(bio, "KeyExchangeAlgorithm=%s\n", algname); if (id & SSL_PSK) { @@ -982,7 +1169,7 @@ static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl, return 0; curve = (msg[1] << 8) | msg[2]; BIO_printf(bio, "named_curve: %s (%d)\n", - ssl_trace_str(curve, ssl_curve_tbl), curve); + ssl_trace_str(curve, ssl_groups_tbl), curve); msg += 3; msglen -= 3; if (!ssl_print_hexbuf(bio, indent + 2, "point", 1, &msg, &msglen)) @@ -1010,6 +1197,7 @@ static int ssl_print_certificate(BIO *bio, int indent, size_t clen; X509 *x; const unsigned char *p = *pmsg, *q; + if (msglen < 3) return 0; clen = (p[0] << 16) | (p[1] << 8) | p[2]; @@ -1037,10 +1225,16 @@ static int ssl_print_certificate(BIO *bio, int indent, return 1; } -static int ssl_print_certificates(BIO *bio, int indent, - const unsigned char *msg, size_t msglen) +static int ssl_print_certificates(BIO *bio, const SSL *ssl, int server, + int indent, const unsigned char *msg, + size_t msglen) { size_t clen; + + if (SSL_IS_TLS13(ssl) + && !ssl_print_hexbuf(bio, indent, "context", 1, &msg, &msglen)) + return 0; + if (msglen < 3) return 0; clen = (msg[0] << 16) | (msg[1] << 8) | msg[2]; @@ -1052,48 +1246,62 @@ static int ssl_print_certificates(BIO *bio, int indent, while (clen > 0) { if (!ssl_print_certificate(bio, indent + 2, &msg, &clen)) return 0; + if (!ssl_print_extensions(bio, indent + 2, server, SSL3_MT_CERTIFICATE, + &msg, &clen)) + return 0; + } return 1; } -static int ssl_print_cert_request(BIO *bio, int indent, SSL *s, +static int ssl_print_cert_request(BIO *bio, int indent, const SSL *ssl, const unsigned char *msg, size_t msglen) { size_t xlen; - if (msglen < 1) - return 0; - xlen = msg[0]; - if (msglen < xlen + 1) - return 0; - msg++; - BIO_indent(bio, indent, 80); - BIO_printf(bio, "certificate_types (len=%d)\n", (int)xlen); - if (!ssl_trace_list(bio, indent + 2, msg, xlen, 1, ssl_ctype_tbl)) - return 0; - msg += xlen; - msglen -= xlen + 1; - if (!SSL_USE_SIGALGS(s)) - goto skip_sig; - if (msglen < 2) - return 0; - xlen = (msg[0] << 8) | msg[1]; - if (msglen < xlen + 2 || (xlen & 1)) - return 0; - msg += 2; - BIO_indent(bio, indent, 80); - BIO_printf(bio, "signature_algorithms (len=%d)\n", (int)xlen); - while (xlen > 0) { - BIO_indent(bio, indent + 2, 80); - BIO_printf(bio, "%s+%s (%d+%d)\n", - ssl_trace_str(msg[0], ssl_md_tbl), - ssl_trace_str(msg[1], ssl_sig_tbl), msg[0], msg[1]); - xlen -= 2; + unsigned int sigalg; + + if (SSL_IS_TLS13(ssl)) { + if (!ssl_print_hexbuf(bio, indent, "request_context", 1, &msg, &msglen)) + return 0; + if (!ssl_print_extensions(bio, indent, 1, + SSL3_MT_CERTIFICATE_REQUEST, &msg, &msglen)) + return 0; + return 1; + } else { + if (msglen < 1) + return 0; + xlen = msg[0]; + if (msglen < xlen + 1) + return 0; + msg++; + BIO_indent(bio, indent, 80); + BIO_printf(bio, "certificate_types (len=%d)\n", (int)xlen); + if (!ssl_trace_list(bio, indent + 2, msg, xlen, 1, ssl_ctype_tbl)) + return 0; + msg += xlen; + msglen -= xlen + 1; + } + if (SSL_USE_SIGALGS(ssl)) { + if (msglen < 2) + return 0; + xlen = (msg[0] << 8) | msg[1]; + if (msglen < xlen + 2 || (xlen & 1)) + return 0; msg += 2; + msglen -= xlen + 2; + BIO_indent(bio, indent, 80); + BIO_printf(bio, "signature_algorithms (len=%d)\n", (int)xlen); + while (xlen > 0) { + BIO_indent(bio, indent + 2, 80); + sigalg = (msg[0] << 8) | msg[1]; + BIO_printf(bio, "%s (0x%04x)\n", + ssl_trace_str(sigalg, ssl_sigalg_tbl), sigalg); + xlen -= 2; + msg += 2; + } + msg += xlen; } - msg += xlen; - msglen -= xlen + 2; - skip_sig: if (msglen < 2) return 0; xlen = (msg[0] << 8) | msg[1]; @@ -1101,7 +1309,7 @@ static int ssl_print_cert_request(BIO *bio, int indent, SSL *s, if (msglen < xlen + 2) return 0; msg += 2; - msglen -= 2; + msglen -= 2 + xlen; BIO_printf(bio, "certificate_authorities (len=%d)\n", (int)xlen); while (xlen > 0) { size_t dlen; @@ -1127,13 +1335,19 @@ static int ssl_print_cert_request(BIO *bio, int indent, SSL *s, xlen -= dlen + 2; msg += dlen; } - return 1; + if (SSL_IS_TLS13(ssl)) { + if (!ssl_print_hexbuf(bio, indent, "request_extensions", 2, + &msg, &msglen)) + return 0; + } + return msglen == 0; } -static int ssl_print_ticket(BIO *bio, int indent, +static int ssl_print_ticket(BIO *bio, int indent, const SSL *ssl, const unsigned char *msg, size_t msglen) { unsigned int tick_life; + if (msglen == 0) { BIO_indent(bio, indent + 2, 80); BIO_puts(bio, "No Ticket\n"); @@ -1146,19 +1360,39 @@ static int ssl_print_ticket(BIO *bio, int indent, msg += 4; BIO_indent(bio, indent + 2, 80); BIO_printf(bio, "ticket_lifetime_hint=%u\n", tick_life); + if (SSL_IS_TLS13(ssl)) { + unsigned int ticket_age_add; + + if (msglen < 4) + return 0; + ticket_age_add = + (msg[0] << 24) | (msg[1] << 16) | (msg[2] << 8) | msg[3]; + msglen -= 4; + msg += 4; + BIO_indent(bio, indent + 2, 80); + BIO_printf(bio, "ticket_age_add=%u\n", ticket_age_add); + if (!ssl_print_hexbuf(bio, indent + 2, "ticket_nonce", 1, &msg, + &msglen)) + return 0; + } if (!ssl_print_hexbuf(bio, indent + 2, "ticket", 2, &msg, &msglen)) return 0; + if (SSL_IS_TLS13(ssl) + && !ssl_print_extensions(bio, indent + 2, 0, + SSL3_MT_NEWSESSION_TICKET, &msg, &msglen)) + return 0; if (msglen) return 0; return 1; } -static int ssl_print_handshake(BIO *bio, SSL *ssl, +static int ssl_print_handshake(BIO *bio, const SSL *ssl, int server, const unsigned char *msg, size_t msglen, int indent) { size_t hlen; unsigned char htype; + if (msglen < 4) return 0; htype = msg[0]; @@ -1209,7 +1443,7 @@ static int ssl_print_handshake(BIO *bio, SSL *ssl, break; case SSL3_MT_CERTIFICATE: - if (!ssl_print_certificates(bio, indent + 2, msg, msglen)) + if (!ssl_print_certificates(bio, ssl, server, indent + 2, msg, msglen)) return 0; break; @@ -1233,7 +1467,23 @@ static int ssl_print_handshake(BIO *bio, SSL *ssl, break; case SSL3_MT_NEWSESSION_TICKET: - if (!ssl_print_ticket(bio, indent + 2, msg, msglen)) + if (!ssl_print_ticket(bio, indent + 2, ssl, msg, msglen)) + return 0; + break; + + case SSL3_MT_ENCRYPTED_EXTENSIONS: + if (!ssl_print_extensions(bio, indent + 2, 1, + SSL3_MT_ENCRYPTED_EXTENSIONS, &msg, &msglen)) + return 0; + break; + + case SSL3_MT_KEY_UPDATE: + if (msglen != 1) { + ssl_print_hex(bio, indent + 2, "unexpected value", msg, msglen); + return 0; + } + if (!ssl_trace_list(bio, indent + 2, msg, msglen, 1, + ssl_key_update_tbl)) return 0; break; @@ -1245,27 +1495,6 @@ static int ssl_print_handshake(BIO *bio, SSL *ssl, return 1; } -static int ssl_print_heartbeat(BIO *bio, int indent, - const unsigned char *msg, size_t msglen) -{ - if (msglen < 3) - return 0; - BIO_indent(bio, indent, 80); - BIO_printf(bio, "HeartBeatMessageType: %s\n", - ssl_trace_str(msg[0], ssl_hb_type_tbl)); - msg++; - msglen--; - if (!ssl_print_hexbuf(bio, indent, "payload", 2, &msg, &msglen)) - return 0; - ssl_print_hex(bio, indent, "padding", msg, msglen); - return 1; -} - -const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c) -{ - return ssl_trace_str(c->id & 0xFFFF, ssl_ciphers_tbl); -} - void SSL_trace(int write_p, int version, int content_type, const void *buf, size_t msglen, SSL *ssl, void *arg) { @@ -1279,7 +1508,7 @@ void SSL_trace(int write_p, int version, int content_type, /* avoid overlapping with length at the end of buffer */ if (msglen < (size_t)(SSL_IS_DTLS(ssl) ? - DTLS1_RT_HEADER_LENGTH : SSL3_RT_HEADER_LENGTH)) { + DTLS1_RT_HEADER_LENGTH : SSL3_RT_HEADER_LENGTH)) { BIO_puts(bio, write_p ? "Sent" : "Received"); ssl_print_hex(bio, 0, " too short message", msg, msglen); break; @@ -1301,8 +1530,15 @@ void SSL_trace(int write_p, int version, int content_type, msg[msglen - 2] << 8 | msg[msglen - 1]); } break; + + case SSL3_RT_INNER_CONTENT_TYPE: + BIO_printf(bio, " Inner Content Type = %s (%d)", + ssl_trace_str(msg[0], ssl_content_tbl), msg[0]); + break; + case SSL3_RT_HANDSHAKE: - if (!ssl_print_handshake(bio, ssl, msg, msglen, 4)) + if (!ssl_print_handshake(bio, ssl, ssl->server ? write_p : !write_p, + msg, msglen, 4)) BIO_printf(bio, "Message length parse error!\n"); break; @@ -1314,18 +1550,13 @@ void SSL_trace(int write_p, int version, int content_type, break; case SSL3_RT_ALERT: - if (msglen != 2) { + if (msglen != 2) BIO_puts(bio, " Illegal Alert Length\n"); - } else { + else { BIO_printf(bio, " Level=%s(%d), description=%s(%d)\n", SSL_alert_type_string_long(msg[0] << 8), msg[0], SSL_alert_desc_string_long(msg[1]), msg[1]); } - break; - - case DTLS1_RT_HEARTBEAT: - ssl_print_heartbeat(bio, 4, msg, msglen); - break; } diff --git a/deps/openssl/openssl/ssl/tls13_enc.c b/deps/openssl/openssl/ssl/tls13_enc.c new file mode 100644 index 00000000000000..b6825d20c2dc0b --- /dev/null +++ b/deps/openssl/openssl/ssl/tls13_enc.c @@ -0,0 +1,818 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "ssl_locl.h" +#include "internal/cryptlib.h" +#include +#include + +/* + * RFC 8446, 7.1 Key Schedule, says: + * Note: With common hash functions, any label longer than 12 characters + * requires an additional iteration of the hash function to compute. + * The labels in this specification have all been chosen to fit within + * this limit. + */ +#define TLS13_MAX_LABEL_LEN 12 + +/* Always filled with zeros */ +static const unsigned char default_zeros[EVP_MAX_MD_SIZE]; + +/* + * Given a |secret|; a |label| of length |labellen|; and |data| of length + * |datalen| (e.g. typically a hash of the handshake messages), derive a new + * secret |outlen| bytes long and store it in the location pointed to be |out|. + * The |data| value may be zero length. Returns 1 on success 0 on failure. + */ +int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret, + const unsigned char *label, size_t labellen, + const unsigned char *data, size_t datalen, + unsigned char *out, size_t outlen) +{ + static const unsigned char label_prefix[] = "tls13 "; + EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); + int ret; + size_t hkdflabellen; + size_t hashlen; + /* + * 2 bytes for length of derived secret + 1 byte for length of combined + * prefix and label + bytes for the label itself + 1 byte length of hash + * + bytes for the hash itself + */ + unsigned char hkdflabel[sizeof(uint16_t) + sizeof(uint8_t) + + + sizeof(label_prefix) + TLS13_MAX_LABEL_LEN + + EVP_MAX_MD_SIZE]; + WPACKET pkt; + + if (pctx == NULL) + return 0; + + hashlen = EVP_MD_size(md); + + if (!WPACKET_init_static_len(&pkt, hkdflabel, sizeof(hkdflabel), 0) + || !WPACKET_put_bytes_u16(&pkt, outlen) + || !WPACKET_start_sub_packet_u8(&pkt) + || !WPACKET_memcpy(&pkt, label_prefix, sizeof(label_prefix) - 1) + || !WPACKET_memcpy(&pkt, label, labellen) + || !WPACKET_close(&pkt) + || !WPACKET_sub_memcpy_u8(&pkt, data, (data == NULL) ? 0 : datalen) + || !WPACKET_get_total_written(&pkt, &hkdflabellen) + || !WPACKET_finish(&pkt)) { + EVP_PKEY_CTX_free(pctx); + WPACKET_cleanup(&pkt); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_HKDF_EXPAND, + ERR_R_INTERNAL_ERROR); + return 0; + } + + ret = EVP_PKEY_derive_init(pctx) <= 0 + || EVP_PKEY_CTX_hkdf_mode(pctx, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) + <= 0 + || EVP_PKEY_CTX_set_hkdf_md(pctx, md) <= 0 + || EVP_PKEY_CTX_set1_hkdf_key(pctx, secret, hashlen) <= 0 + || EVP_PKEY_CTX_add1_hkdf_info(pctx, hkdflabel, hkdflabellen) <= 0 + || EVP_PKEY_derive(pctx, out, &outlen) <= 0; + + EVP_PKEY_CTX_free(pctx); + + if (ret != 0) + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_HKDF_EXPAND, + ERR_R_INTERNAL_ERROR); + + return ret == 0; +} + +/* + * Given a |secret| generate a |key| of length |keylen| bytes. Returns 1 on + * success 0 on failure. + */ +int tls13_derive_key(SSL *s, const EVP_MD *md, const unsigned char *secret, + unsigned char *key, size_t keylen) +{ + static const unsigned char keylabel[] = "key"; + + return tls13_hkdf_expand(s, md, secret, keylabel, sizeof(keylabel) - 1, + NULL, 0, key, keylen); +} + +/* + * Given a |secret| generate an |iv| of length |ivlen| bytes. Returns 1 on + * success 0 on failure. + */ +int tls13_derive_iv(SSL *s, const EVP_MD *md, const unsigned char *secret, + unsigned char *iv, size_t ivlen) +{ + static const unsigned char ivlabel[] = "iv"; + + return tls13_hkdf_expand(s, md, secret, ivlabel, sizeof(ivlabel) - 1, + NULL, 0, iv, ivlen); +} + +int tls13_derive_finishedkey(SSL *s, const EVP_MD *md, + const unsigned char *secret, + unsigned char *fin, size_t finlen) +{ + static const unsigned char finishedlabel[] = "finished"; + + return tls13_hkdf_expand(s, md, secret, finishedlabel, + sizeof(finishedlabel) - 1, NULL, 0, fin, finlen); +} + +/* + * Given the previous secret |prevsecret| and a new input secret |insecret| of + * length |insecretlen|, generate a new secret and store it in the location + * pointed to by |outsecret|. Returns 1 on success 0 on failure. + */ +int tls13_generate_secret(SSL *s, const EVP_MD *md, + const unsigned char *prevsecret, + const unsigned char *insecret, + size_t insecretlen, + unsigned char *outsecret) +{ + size_t mdlen, prevsecretlen; + int mdleni; + int ret; + EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); + static const char derived_secret_label[] = "derived"; + unsigned char preextractsec[EVP_MAX_MD_SIZE]; + + if (pctx == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_GENERATE_SECRET, + ERR_R_INTERNAL_ERROR); + return 0; + } + + mdleni = EVP_MD_size(md); + /* Ensure cast to size_t is safe */ + if (!ossl_assert(mdleni >= 0)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_GENERATE_SECRET, + ERR_R_INTERNAL_ERROR); + return 0; + } + mdlen = (size_t)mdleni; + + if (insecret == NULL) { + insecret = default_zeros; + insecretlen = mdlen; + } + if (prevsecret == NULL) { + prevsecret = default_zeros; + prevsecretlen = 0; + } else { + EVP_MD_CTX *mctx = EVP_MD_CTX_new(); + unsigned char hash[EVP_MAX_MD_SIZE]; + + /* The pre-extract derive step uses a hash of no messages */ + if (mctx == NULL + || EVP_DigestInit_ex(mctx, md, NULL) <= 0 + || EVP_DigestFinal_ex(mctx, hash, NULL) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_GENERATE_SECRET, + ERR_R_INTERNAL_ERROR); + EVP_MD_CTX_free(mctx); + EVP_PKEY_CTX_free(pctx); + return 0; + } + EVP_MD_CTX_free(mctx); + + /* Generate the pre-extract secret */ + if (!tls13_hkdf_expand(s, md, prevsecret, + (unsigned char *)derived_secret_label, + sizeof(derived_secret_label) - 1, hash, mdlen, + preextractsec, mdlen)) { + /* SSLfatal() already called */ + EVP_PKEY_CTX_free(pctx); + return 0; + } + + prevsecret = preextractsec; + prevsecretlen = mdlen; + } + + ret = EVP_PKEY_derive_init(pctx) <= 0 + || EVP_PKEY_CTX_hkdf_mode(pctx, EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY) + <= 0 + || EVP_PKEY_CTX_set_hkdf_md(pctx, md) <= 0 + || EVP_PKEY_CTX_set1_hkdf_key(pctx, insecret, insecretlen) <= 0 + || EVP_PKEY_CTX_set1_hkdf_salt(pctx, prevsecret, prevsecretlen) + <= 0 + || EVP_PKEY_derive(pctx, outsecret, &mdlen) + <= 0; + + if (ret != 0) + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_GENERATE_SECRET, + ERR_R_INTERNAL_ERROR); + + EVP_PKEY_CTX_free(pctx); + if (prevsecret == preextractsec) + OPENSSL_cleanse(preextractsec, mdlen); + return ret == 0; +} + +/* + * Given an input secret |insecret| of length |insecretlen| generate the + * handshake secret. This requires the early secret to already have been + * generated. Returns 1 on success 0 on failure. + */ +int tls13_generate_handshake_secret(SSL *s, const unsigned char *insecret, + size_t insecretlen) +{ + /* Calls SSLfatal() if required */ + return tls13_generate_secret(s, ssl_handshake_md(s), s->early_secret, + insecret, insecretlen, + (unsigned char *)&s->handshake_secret); +} + +/* + * Given the handshake secret |prev| of length |prevlen| generate the master + * secret and store its length in |*secret_size|. Returns 1 on success 0 on + * failure. + */ +int tls13_generate_master_secret(SSL *s, unsigned char *out, + unsigned char *prev, size_t prevlen, + size_t *secret_size) +{ + const EVP_MD *md = ssl_handshake_md(s); + + *secret_size = EVP_MD_size(md); + /* Calls SSLfatal() if required */ + return tls13_generate_secret(s, md, prev, NULL, 0, out); +} + +/* + * Generates the mac for the Finished message. Returns the length of the MAC or + * 0 on error. + */ +size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, + unsigned char *out) +{ + const EVP_MD *md = ssl_handshake_md(s); + unsigned char hash[EVP_MAX_MD_SIZE]; + size_t hashlen, ret = 0; + EVP_PKEY *key = NULL; + EVP_MD_CTX *ctx = EVP_MD_CTX_new(); + + if (!ssl_handshake_hash(s, hash, sizeof(hash), &hashlen)) { + /* SSLfatal() already called */ + goto err; + } + + if (str == s->method->ssl3_enc->server_finished_label) { + key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, + s->server_finished_secret, hashlen); + } else if (SSL_IS_FIRST_HANDSHAKE(s)) { + key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, + s->client_finished_secret, hashlen); + } else { + unsigned char finsecret[EVP_MAX_MD_SIZE]; + + if (!tls13_derive_finishedkey(s, ssl_handshake_md(s), + s->client_app_traffic_secret, + finsecret, hashlen)) + goto err; + + key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, finsecret, + hashlen); + OPENSSL_cleanse(finsecret, sizeof(finsecret)); + } + + if (key == NULL + || ctx == NULL + || EVP_DigestSignInit(ctx, NULL, md, NULL, key) <= 0 + || EVP_DigestSignUpdate(ctx, hash, hashlen) <= 0 + || EVP_DigestSignFinal(ctx, out, &hashlen) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_FINAL_FINISH_MAC, + ERR_R_INTERNAL_ERROR); + goto err; + } + + ret = hashlen; + err: + EVP_PKEY_free(key); + EVP_MD_CTX_free(ctx); + return ret; +} + +/* + * There isn't really a key block in TLSv1.3, but we still need this function + * for initialising the cipher and hash. Returns 1 on success or 0 on failure. + */ +int tls13_setup_key_block(SSL *s) +{ + const EVP_CIPHER *c; + const EVP_MD *hash; + int mac_type = NID_undef; + + s->session->cipher = s->s3->tmp.new_cipher; + if (!ssl_cipher_get_evp + (s->session, &c, &hash, &mac_type, NULL, NULL, 0)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_SETUP_KEY_BLOCK, + SSL_R_CIPHER_OR_HASH_UNAVAILABLE); + return 0; + } + + s->s3->tmp.new_sym_enc = c; + s->s3->tmp.new_hash = hash; + + return 1; +} + +static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md, + const EVP_CIPHER *ciph, + const unsigned char *insecret, + const unsigned char *hash, + const unsigned char *label, + size_t labellen, unsigned char *secret, + unsigned char *iv, EVP_CIPHER_CTX *ciph_ctx) +{ + unsigned char key[EVP_MAX_KEY_LENGTH]; + size_t ivlen, keylen, taglen; + int hashleni = EVP_MD_size(md); + size_t hashlen; + + /* Ensure cast to size_t is safe */ + if (!ossl_assert(hashleni >= 0)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DERIVE_SECRET_KEY_AND_IV, + ERR_R_EVP_LIB); + goto err; + } + hashlen = (size_t)hashleni; + + if (!tls13_hkdf_expand(s, md, insecret, label, labellen, hash, hashlen, + secret, hashlen)) { + /* SSLfatal() already called */ + goto err; + } + + /* TODO(size_t): convert me */ + keylen = EVP_CIPHER_key_length(ciph); + if (EVP_CIPHER_mode(ciph) == EVP_CIPH_CCM_MODE) { + uint32_t algenc; + + ivlen = EVP_CCM_TLS_IV_LEN; + if (s->s3->tmp.new_cipher == NULL) { + /* We've not selected a cipher yet - we must be doing early data */ + algenc = s->session->cipher->algorithm_enc; + } else { + algenc = s->s3->tmp.new_cipher->algorithm_enc; + } + if (algenc & (SSL_AES128CCM8 | SSL_AES256CCM8)) + taglen = EVP_CCM8_TLS_TAG_LEN; + else + taglen = EVP_CCM_TLS_TAG_LEN; + } else { + ivlen = EVP_CIPHER_iv_length(ciph); + taglen = 0; + } + + if (!tls13_derive_key(s, md, secret, key, keylen) + || !tls13_derive_iv(s, md, secret, iv, ivlen)) { + /* SSLfatal() already called */ + goto err; + } + + if (EVP_CipherInit_ex(ciph_ctx, ciph, NULL, NULL, NULL, sending) <= 0 + || !EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL) + || (taglen != 0 && !EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_TAG, + taglen, NULL)) + || EVP_CipherInit_ex(ciph_ctx, NULL, NULL, key, NULL, -1) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DERIVE_SECRET_KEY_AND_IV, + ERR_R_EVP_LIB); + goto err; + } + + return 1; + err: + OPENSSL_cleanse(key, sizeof(key)); + return 0; +} + +int tls13_change_cipher_state(SSL *s, int which) +{ + static const unsigned char client_early_traffic[] = "c e traffic"; + static const unsigned char client_handshake_traffic[] = "c hs traffic"; + static const unsigned char client_application_traffic[] = "c ap traffic"; + static const unsigned char server_handshake_traffic[] = "s hs traffic"; + static const unsigned char server_application_traffic[] = "s ap traffic"; + static const unsigned char exporter_master_secret[] = "exp master"; + static const unsigned char resumption_master_secret[] = "res master"; + static const unsigned char early_exporter_master_secret[] = "e exp master"; + unsigned char *iv; + unsigned char secret[EVP_MAX_MD_SIZE]; + unsigned char hashval[EVP_MAX_MD_SIZE]; + unsigned char *hash = hashval; + unsigned char *insecret; + unsigned char *finsecret = NULL; + const char *log_label = NULL; + EVP_CIPHER_CTX *ciph_ctx; + size_t finsecretlen = 0; + const unsigned char *label; + size_t labellen, hashlen = 0; + int ret = 0; + const EVP_MD *md = NULL; + const EVP_CIPHER *cipher = NULL; + + if (which & SSL3_CC_READ) { + if (s->enc_read_ctx != NULL) { + EVP_CIPHER_CTX_reset(s->enc_read_ctx); + } else { + s->enc_read_ctx = EVP_CIPHER_CTX_new(); + if (s->enc_read_ctx == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE); + goto err; + } + } + ciph_ctx = s->enc_read_ctx; + iv = s->read_iv; + + RECORD_LAYER_reset_read_sequence(&s->rlayer); + } else { + s->statem.enc_write_state = ENC_WRITE_STATE_INVALID; + if (s->enc_write_ctx != NULL) { + EVP_CIPHER_CTX_reset(s->enc_write_ctx); + } else { + s->enc_write_ctx = EVP_CIPHER_CTX_new(); + if (s->enc_write_ctx == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE); + goto err; + } + } + ciph_ctx = s->enc_write_ctx; + iv = s->write_iv; + + RECORD_LAYER_reset_write_sequence(&s->rlayer); + } + + if (((which & SSL3_CC_CLIENT) && (which & SSL3_CC_WRITE)) + || ((which & SSL3_CC_SERVER) && (which & SSL3_CC_READ))) { + if (which & SSL3_CC_EARLY) { + EVP_MD_CTX *mdctx = NULL; + long handlen; + void *hdata; + unsigned int hashlenui; + const SSL_CIPHER *sslcipher = SSL_SESSION_get0_cipher(s->session); + + insecret = s->early_secret; + label = client_early_traffic; + labellen = sizeof(client_early_traffic) - 1; + log_label = CLIENT_EARLY_LABEL; + + handlen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); + if (handlen <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS13_CHANGE_CIPHER_STATE, + SSL_R_BAD_HANDSHAKE_LENGTH); + goto err; + } + + if (s->early_data_state == SSL_EARLY_DATA_CONNECTING + && s->max_early_data > 0 + && s->session->ext.max_early_data == 0) { + /* + * If we are attempting to send early data, and we've decided to + * actually do it but max_early_data in s->session is 0 then we + * must be using an external PSK. + */ + if (!ossl_assert(s->psksession != NULL + && s->max_early_data == + s->psksession->ext.max_early_data)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS13_CHANGE_CIPHER_STATE, + ERR_R_INTERNAL_ERROR); + goto err; + } + sslcipher = SSL_SESSION_get0_cipher(s->psksession); + } + if (sslcipher == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS13_CHANGE_CIPHER_STATE, SSL_R_BAD_PSK); + goto err; + } + + /* + * We need to calculate the handshake digest using the digest from + * the session. We haven't yet selected our ciphersuite so we can't + * use ssl_handshake_md(). + */ + mdctx = EVP_MD_CTX_new(); + if (mdctx == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE); + goto err; + } + cipher = EVP_get_cipherbynid(SSL_CIPHER_get_cipher_nid(sslcipher)); + md = ssl_md(sslcipher->algorithm2); + if (md == NULL || !EVP_DigestInit_ex(mdctx, md, NULL) + || !EVP_DigestUpdate(mdctx, hdata, handlen) + || !EVP_DigestFinal_ex(mdctx, hashval, &hashlenui)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); + EVP_MD_CTX_free(mdctx); + goto err; + } + hashlen = hashlenui; + EVP_MD_CTX_free(mdctx); + + if (!tls13_hkdf_expand(s, md, insecret, + early_exporter_master_secret, + sizeof(early_exporter_master_secret) - 1, + hashval, hashlen, + s->early_exporter_master_secret, hashlen)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); + goto err; + } + + if (!ssl_log_secret(s, EARLY_EXPORTER_SECRET_LABEL, + s->early_exporter_master_secret, hashlen)) { + /* SSLfatal() already called */ + goto err; + } + } else if (which & SSL3_CC_HANDSHAKE) { + insecret = s->handshake_secret; + finsecret = s->client_finished_secret; + finsecretlen = EVP_MD_size(ssl_handshake_md(s)); + label = client_handshake_traffic; + labellen = sizeof(client_handshake_traffic) - 1; + log_label = CLIENT_HANDSHAKE_LABEL; + /* + * The handshake hash used for the server read/client write handshake + * traffic secret is the same as the hash for the server + * write/client read handshake traffic secret. However, if we + * processed early data then we delay changing the server + * read/client write cipher state until later, and the handshake + * hashes have moved on. Therefore we use the value saved earlier + * when we did the server write/client read change cipher state. + */ + hash = s->handshake_traffic_hash; + } else { + insecret = s->master_secret; + label = client_application_traffic; + labellen = sizeof(client_application_traffic) - 1; + log_label = CLIENT_APPLICATION_LABEL; + /* + * For this we only use the handshake hashes up until the server + * Finished hash. We do not include the client's Finished, which is + * what ssl_handshake_hash() would give us. Instead we use the + * previously saved value. + */ + hash = s->server_finished_hash; + } + } else { + /* Early data never applies to client-read/server-write */ + if (which & SSL3_CC_HANDSHAKE) { + insecret = s->handshake_secret; + finsecret = s->server_finished_secret; + finsecretlen = EVP_MD_size(ssl_handshake_md(s)); + label = server_handshake_traffic; + labellen = sizeof(server_handshake_traffic) - 1; + log_label = SERVER_HANDSHAKE_LABEL; + } else { + insecret = s->master_secret; + label = server_application_traffic; + labellen = sizeof(server_application_traffic) - 1; + log_label = SERVER_APPLICATION_LABEL; + } + } + + if (!(which & SSL3_CC_EARLY)) { + md = ssl_handshake_md(s); + cipher = s->s3->tmp.new_sym_enc; + if (!ssl3_digest_cached_records(s, 1) + || !ssl_handshake_hash(s, hashval, sizeof(hashval), &hashlen)) { + /* SSLfatal() already called */; + goto err; + } + } + + /* + * Save the hash of handshakes up to now for use when we calculate the + * client application traffic secret + */ + if (label == server_application_traffic) + memcpy(s->server_finished_hash, hashval, hashlen); + + if (label == server_handshake_traffic) + memcpy(s->handshake_traffic_hash, hashval, hashlen); + + if (label == client_application_traffic) { + /* + * We also create the resumption master secret, but this time use the + * hash for the whole handshake including the Client Finished + */ + if (!tls13_hkdf_expand(s, ssl_handshake_md(s), insecret, + resumption_master_secret, + sizeof(resumption_master_secret) - 1, + hashval, hashlen, s->resumption_master_secret, + hashlen)) { + /* SSLfatal() already called */ + goto err; + } + } + + if (!derive_secret_key_and_iv(s, which & SSL3_CC_WRITE, md, cipher, + insecret, hash, label, labellen, secret, iv, + ciph_ctx)) { + /* SSLfatal() already called */ + goto err; + } + + if (label == server_application_traffic) { + memcpy(s->server_app_traffic_secret, secret, hashlen); + /* Now we create the exporter master secret */ + if (!tls13_hkdf_expand(s, ssl_handshake_md(s), insecret, + exporter_master_secret, + sizeof(exporter_master_secret) - 1, + hash, hashlen, s->exporter_master_secret, + hashlen)) { + /* SSLfatal() already called */ + goto err; + } + + if (!ssl_log_secret(s, EXPORTER_SECRET_LABEL, s->exporter_master_secret, + hashlen)) { + /* SSLfatal() already called */ + goto err; + } + } else if (label == client_application_traffic) + memcpy(s->client_app_traffic_secret, secret, hashlen); + + if (!ssl_log_secret(s, log_label, secret, hashlen)) { + /* SSLfatal() already called */ + goto err; + } + + if (finsecret != NULL + && !tls13_derive_finishedkey(s, ssl_handshake_md(s), secret, + finsecret, finsecretlen)) { + /* SSLfatal() already called */ + goto err; + } + + if (!s->server && label == client_early_traffic) + s->statem.enc_write_state = ENC_WRITE_STATE_WRITE_PLAIN_ALERTS; + else + s->statem.enc_write_state = ENC_WRITE_STATE_VALID; + ret = 1; + err: + OPENSSL_cleanse(secret, sizeof(secret)); + return ret; +} + +int tls13_update_key(SSL *s, int sending) +{ + static const unsigned char application_traffic[] = "traffic upd"; + const EVP_MD *md = ssl_handshake_md(s); + size_t hashlen = EVP_MD_size(md); + unsigned char *insecret, *iv; + unsigned char secret[EVP_MAX_MD_SIZE]; + EVP_CIPHER_CTX *ciph_ctx; + int ret = 0; + + if (s->server == sending) + insecret = s->server_app_traffic_secret; + else + insecret = s->client_app_traffic_secret; + + if (sending) { + s->statem.enc_write_state = ENC_WRITE_STATE_INVALID; + iv = s->write_iv; + ciph_ctx = s->enc_write_ctx; + RECORD_LAYER_reset_write_sequence(&s->rlayer); + } else { + iv = s->read_iv; + ciph_ctx = s->enc_read_ctx; + RECORD_LAYER_reset_read_sequence(&s->rlayer); + } + + if (!derive_secret_key_and_iv(s, sending, ssl_handshake_md(s), + s->s3->tmp.new_sym_enc, insecret, NULL, + application_traffic, + sizeof(application_traffic) - 1, secret, iv, + ciph_ctx)) { + /* SSLfatal() already called */ + goto err; + } + + memcpy(insecret, secret, hashlen); + + s->statem.enc_write_state = ENC_WRITE_STATE_VALID; + ret = 1; + err: + OPENSSL_cleanse(secret, sizeof(secret)); + return ret; +} + +int tls13_alert_code(int code) +{ + /* There are 2 additional alerts in TLSv1.3 compared to TLSv1.2 */ + if (code == SSL_AD_MISSING_EXTENSION || code == SSL_AD_CERTIFICATE_REQUIRED) + return code; + + return tls1_alert_code(code); +} + +int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen, + const char *label, size_t llen, + const unsigned char *context, + size_t contextlen, int use_context) +{ + unsigned char exportsecret[EVP_MAX_MD_SIZE]; + static const unsigned char exporterlabel[] = "exporter"; + unsigned char hash[EVP_MAX_MD_SIZE], data[EVP_MAX_MD_SIZE]; + const EVP_MD *md = ssl_handshake_md(s); + EVP_MD_CTX *ctx = EVP_MD_CTX_new(); + unsigned int hashsize, datalen; + int ret = 0; + + if (ctx == NULL || !ossl_statem_export_allowed(s)) + goto err; + + if (!use_context) + contextlen = 0; + + if (EVP_DigestInit_ex(ctx, md, NULL) <= 0 + || EVP_DigestUpdate(ctx, context, contextlen) <= 0 + || EVP_DigestFinal_ex(ctx, hash, &hashsize) <= 0 + || EVP_DigestInit_ex(ctx, md, NULL) <= 0 + || EVP_DigestFinal_ex(ctx, data, &datalen) <= 0 + || !tls13_hkdf_expand(s, md, s->exporter_master_secret, + (const unsigned char *)label, llen, + data, datalen, exportsecret, hashsize) + || !tls13_hkdf_expand(s, md, exportsecret, exporterlabel, + sizeof(exporterlabel) - 1, hash, hashsize, + out, olen)) + goto err; + + ret = 1; + err: + EVP_MD_CTX_free(ctx); + return ret; +} + +int tls13_export_keying_material_early(SSL *s, unsigned char *out, size_t olen, + const char *label, size_t llen, + const unsigned char *context, + size_t contextlen) +{ + static const unsigned char exporterlabel[] = "exporter"; + unsigned char exportsecret[EVP_MAX_MD_SIZE]; + unsigned char hash[EVP_MAX_MD_SIZE], data[EVP_MAX_MD_SIZE]; + const EVP_MD *md; + EVP_MD_CTX *ctx = EVP_MD_CTX_new(); + unsigned int hashsize, datalen; + int ret = 0; + const SSL_CIPHER *sslcipher; + + if (ctx == NULL || !ossl_statem_export_early_allowed(s)) + goto err; + + if (!s->server && s->max_early_data > 0 + && s->session->ext.max_early_data == 0) + sslcipher = SSL_SESSION_get0_cipher(s->psksession); + else + sslcipher = SSL_SESSION_get0_cipher(s->session); + + md = ssl_md(sslcipher->algorithm2); + + /* + * Calculate the hash value and store it in |data|. The reason why + * the empty string is used is that the definition of TLS-Exporter + * is like so: + * + * TLS-Exporter(label, context_value, key_length) = + * HKDF-Expand-Label(Derive-Secret(Secret, label, ""), + * "exporter", Hash(context_value), key_length) + * + * Derive-Secret(Secret, Label, Messages) = + * HKDF-Expand-Label(Secret, Label, + * Transcript-Hash(Messages), Hash.length) + * + * Here Transcript-Hash is the cipher suite hash algorithm. + */ + if (EVP_DigestInit_ex(ctx, md, NULL) <= 0 + || EVP_DigestUpdate(ctx, context, contextlen) <= 0 + || EVP_DigestFinal_ex(ctx, hash, &hashsize) <= 0 + || EVP_DigestInit_ex(ctx, md, NULL) <= 0 + || EVP_DigestFinal_ex(ctx, data, &datalen) <= 0 + || !tls13_hkdf_expand(s, md, s->early_exporter_master_secret, + (const unsigned char *)label, llen, + data, datalen, exportsecret, hashsize) + || !tls13_hkdf_expand(s, md, exportsecret, exporterlabel, + sizeof(exporterlabel) - 1, hash, hashsize, + out, olen)) + goto err; + + ret = 1; + err: + EVP_MD_CTX_free(ctx); + return ret; +} diff --git a/deps/openssl/openssl/ssl/tls_srp.c b/deps/openssl/openssl/ssl/tls_srp.c index bfdbdf58744d5c..f94e46b4e872c0 100644 --- a/deps/openssl/openssl/ssl/tls_srp.c +++ b/deps/openssl/openssl/ssl/tls_srp.c @@ -1,10 +1,14 @@ /* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2004, EdelKey Project. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html + * + * Originally written by Christophe Renou and Peter Sylvester, + * for the EdelKey project. */ #include @@ -31,7 +35,7 @@ int SSL_CTX_SRP_CTX_free(struct ssl_ctx_st *ctx) BN_free(ctx->srp_ctx.v); memset(&ctx->srp_ctx, 0, sizeof(ctx->srp_ctx)); ctx->srp_ctx.strength = SRP_MINIMAL_N; - return (1); + return 1; } int SSL_SRP_CTX_free(struct ssl_st *s) @@ -50,7 +54,7 @@ int SSL_SRP_CTX_free(struct ssl_st *s) BN_free(s->srp_ctx.v); memset(&s->srp_ctx, 0, sizeof(s->srp_ctx)); s->srp_ctx.strength = SRP_MINIMAL_N; - return (1); + return 1; } int SSL_SRP_CTX_init(struct ssl_st *s) @@ -106,7 +110,7 @@ int SSL_SRP_CTX_init(struct ssl_st *s) } s->srp_ctx.srp_Mask = ctx->srp_ctx.srp_Mask; - return (1); + return 1; err: OPENSSL_free(s->srp_ctx.login); OPENSSL_free(s->srp_ctx.info); @@ -119,7 +123,7 @@ int SSL_SRP_CTX_init(struct ssl_st *s) BN_free(s->srp_ctx.b); BN_free(s->srp_ctx.v); memset(&s->srp_ctx, 0, sizeof(s->srp_ctx)); - return (0); + return 0; } int SSL_CTX_SRP_CTX_init(struct ssl_ctx_st *ctx) @@ -130,7 +134,7 @@ int SSL_CTX_SRP_CTX_init(struct ssl_ctx_st *ctx) memset(&ctx->srp_ctx, 0, sizeof(ctx->srp_ctx)); ctx->srp_ctx.strength = SRP_MINIMAL_N; - return (1); + return 1; } /* server side */ @@ -153,7 +157,7 @@ int SSL_srp_server_param_with_username(SSL *s, int *ad) (s->srp_ctx.s == NULL) || (s->srp_ctx.v == NULL)) return SSL3_AL_FATAL; - if (RAND_bytes(b, sizeof(b)) <= 0) + if (RAND_priv_bytes(b, sizeof(b)) <= 0) return SSL3_AL_FATAL; s->srp_ctx.b = BN_bin2bn(b, sizeof(b), NULL); OPENSSL_cleanse(b, sizeof(b)); @@ -257,9 +261,13 @@ int srp_generate_server_master_secret(SSL *s) goto err; tmp_len = BN_num_bytes(K); - if ((tmp = OPENSSL_malloc(tmp_len)) == NULL) + if ((tmp = OPENSSL_malloc(tmp_len)) == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_SRP_GENERATE_SERVER_MASTER_SECRET, ERR_R_MALLOC_FAILURE); goto err; + } BN_bn2bin(K, tmp); + /* Calls SSLfatal() as required */ ret = ssl_generate_master_secret(s, tmp, tmp_len, 1); err: BN_clear_free(K); @@ -278,26 +286,39 @@ int srp_generate_client_master_secret(SSL *s) /* * Checks if b % n == 0 */ - if (SRP_Verify_B_mod_N(s->srp_ctx.B, s->srp_ctx.N) == 0) - goto err; - if ((u = SRP_Calc_u(s->srp_ctx.A, s->srp_ctx.B, s->srp_ctx.N)) == NULL) - goto err; - if (s->srp_ctx.SRP_give_srp_client_pwd_callback == NULL) + if (SRP_Verify_B_mod_N(s->srp_ctx.B, s->srp_ctx.N) == 0 + || (u = SRP_Calc_u(s->srp_ctx.A, s->srp_ctx.B, s->srp_ctx.N)) + == NULL + || s->srp_ctx.SRP_give_srp_client_pwd_callback == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET, ERR_R_INTERNAL_ERROR); goto err; - if (! - (passwd = - s->srp_ctx.SRP_give_srp_client_pwd_callback(s, s->srp_ctx.SRP_cb_arg))) - goto err; - if ((x = SRP_Calc_x(s->srp_ctx.s, s->srp_ctx.login, passwd)) == NULL) + } + if ((passwd = s->srp_ctx.SRP_give_srp_client_pwd_callback(s, + s->srp_ctx.SRP_cb_arg)) + == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET, + SSL_R_CALLBACK_FAILED); goto err; - if ((K = SRP_Calc_client_key(s->srp_ctx.N, s->srp_ctx.B, s->srp_ctx.g, x, - s->srp_ctx.a, u)) == NULL) + } + if ((x = SRP_Calc_x(s->srp_ctx.s, s->srp_ctx.login, passwd)) == NULL + || (K = SRP_Calc_client_key(s->srp_ctx.N, s->srp_ctx.B, + s->srp_ctx.g, x, + s->srp_ctx.a, u)) == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET, ERR_R_INTERNAL_ERROR); goto err; + } tmp_len = BN_num_bytes(K); - if ((tmp = OPENSSL_malloc(tmp_len)) == NULL) + if ((tmp = OPENSSL_malloc(tmp_len)) == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET, ERR_R_MALLOC_FAILURE); goto err; + } BN_bn2bin(K, tmp); + /* Calls SSLfatal() as required */ ret = ssl_generate_master_secret(s, tmp, tmp_len, 1); err: BN_clear_free(K); @@ -308,7 +329,7 @@ int srp_generate_client_master_secret(SSL *s) return ret; } -int srp_verify_server_param(SSL *s, int *al) +int srp_verify_server_param(SSL *s) { SRP_CTX *srp = &s->srp_ctx; /* @@ -317,22 +338,27 @@ int srp_verify_server_param(SSL *s, int *al) */ if (BN_ucmp(srp->g, srp->N) >= 0 || BN_ucmp(srp->B, srp->N) >= 0 || BN_is_zero(srp->B)) { - *al = SSL3_AD_ILLEGAL_PARAMETER; + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SRP_VERIFY_SERVER_PARAM, + SSL_R_BAD_DATA); return 0; } if (BN_num_bits(srp->N) < srp->strength) { - *al = TLS1_AD_INSUFFICIENT_SECURITY; + SSLfatal(s, SSL_AD_INSUFFICIENT_SECURITY, SSL_F_SRP_VERIFY_SERVER_PARAM, + SSL_R_INSUFFICIENT_SECURITY); return 0; } if (srp->SRP_verify_param_callback) { if (srp->SRP_verify_param_callback(s, srp->SRP_cb_arg) <= 0) { - *al = TLS1_AD_INSUFFICIENT_SECURITY; + SSLfatal(s, SSL_AD_INSUFFICIENT_SECURITY, + SSL_F_SRP_VERIFY_SERVER_PARAM, + SSL_R_CALLBACK_FAILED); return 0; } } else if (!SRP_check_known_gN_param(srp->g, srp->N)) { - *al = TLS1_AD_INSUFFICIENT_SECURITY; + SSLfatal(s, SSL_AD_INSUFFICIENT_SECURITY, SSL_F_SRP_VERIFY_SERVER_PARAM, + SSL_R_INSUFFICIENT_SECURITY); return 0; } @@ -343,7 +369,7 @@ int SRP_Calc_A_param(SSL *s) { unsigned char rnd[SSL_MAX_MASTER_KEY_LENGTH]; - if (RAND_bytes(rnd, sizeof(rnd)) <= 0) + if (RAND_priv_bytes(rnd, sizeof(rnd)) <= 0) return 0; s->srp_ctx.a = BN_bin2bn(rnd, sizeof(rnd), s->srp_ctx.a); OPENSSL_cleanse(rnd, sizeof(rnd)); diff --git a/deps/openssl/openssl/test/CAtsa.cnf b/deps/openssl/openssl/test/CAtsa.cnf index ab2f84aa0feb0c..d1642879be3bae 100644 --- a/deps/openssl/openssl/test/CAtsa.cnf +++ b/deps/openssl/openssl/test/CAtsa.cnf @@ -144,6 +144,8 @@ tsa_name = yes # Must the TSA name be included in the reply? # (optional, default: no) ess_cert_id_chain = yes # Must the ESS cert id chain be included? # (optional, default: no) +ess_cert_id_alg = sha256 # algorithm to compute certificate + # identifier (optional, default: sha1) [ tsa_config2 ] diff --git a/deps/openssl/openssl/test/README b/deps/openssl/openssl/test/README index ef39d38ac97c66..37722e79f3934b 100644 --- a/deps/openssl/openssl/test/README +++ b/deps/openssl/openssl/test/README @@ -29,7 +29,8 @@ The number {nn} is (somewhat loosely) grouped as follows: 60-79 APIs 70 PACKET layer 80-89 "larger" protocols (CA, CMS, OCSP, SSL, TSA) -90-99 misc +90-98 misc +99 most time consuming tests [such as test_fuzz] A recipe that just runs a test executable @@ -38,9 +39,9 @@ A recipe that just runs a test executable A script that just runs a program looks like this: #! /usr/bin/perl - + use OpenSSL::Test::Simple; - + simple_test("test_{name}", "{name}test", "{name}"); {name} is the unique name you have chosen for your test. @@ -49,7 +50,7 @@ The second argument to `simple_test' is the test executable, and `simple_test' expects it to be located in test/ For documentation on OpenSSL::Test::Simple, do -`perldoc test/testlib/OpenSSL/Test/Simple.pm'. +`perldoc util/perl/OpenSSL/Test/Simple.pm'. A recipe that runs a more complex test @@ -57,53 +58,92 @@ A recipe that runs a more complex test For more complex tests, you will need to read up on Test::More and OpenSSL::Test. Test::More is normally preinstalled, do `man Test::More' for -documentation. For OpenSSL::Test, do `perldoc test/testlib/OpenSSL/Test.pm'. +documentation. For OpenSSL::Test, do `perldoc util/perl/OpenSSL/Test.pm'. A script to start from could be this: #! /usr/bin/perl - + use strict; use warnings; use OpenSSL::Test; - + setup("test_{name}"); - + plan tests => 2; # The number of tests being performed - + ok(test1, "test1"); ok(test2, "test1"); - + sub test1 { # test feature 1 } - + sub test2 { # test feature 2 } - -Changes to test/Makefile -======================== + +Changes to test/build.info +========================== Whenever a new test involves a new test executable you need to do the following (at all times, replace {NAME} and {name} with the name of your test): -* among the variables for test executables at the beginning, add a line like - this: +* add {name} to the list of programs under PROGRAMS_NO_INST + +* create a three line description of how to build the test, you will have +to modify the include paths and source files if you don't want to use the +basic test framework: + + SOURCE[{name}]={name}.c + INCLUDE[{name}]=.. ../include + DEPEND[{name}]=../libcrypto libtestutil.a + +Generic form of C test executables +================================== + + #include "testutil.h" + + static int my_test(void) + { + int testresult = 0; /* Assume the test will fail */ + int observed; + + observed = function(); /* Call the code under test */ + if (!TEST_int_equal(observed, 2)) /* Check the result is correct */ + goto end; /* Exit on failure - optional */ + + testresult = 1; /* Mark the test case a success */ + end: + cleanup(); /* Any cleanup you require */ + return testresult; + } + + int setup_tests(void) + { + ADD_TEST(my_test); /* Add each test separately */ + return 1; /* Indicate success */ + } - {NAME}TEST= {name}test +You should use the TEST_xxx macros provided by testutil.h to test all failure +conditions. These macros produce an error message in a standard format if the +condition is not met (and nothing if the condition is met). Additional +information can be presented with the TEST_info macro that takes a printf +format string and arguments. TEST_error is useful for complicated conditions, +it also takes a printf format string and argument. In all cases the TEST_xxx +macros are guaranteed to evaluate their arguments exactly once. This means +that expressions with side effects are allowed as parameters. Thus, -* add `$({NAME}TEST)$(EXE_EXT)' to the assignment of EXE: + if (!TEST_ptr(ptr = OPENSSL_malloc(..))) -* add `$({NAME}TEST).o' to the assignment of OBJ: +works fine and can be used in place of: -* add `$({NAME}TEST).c' to the assignment of SRC: + ptr = OPENSSL_malloc(..); + if (!TEST_ptr(ptr)) -* add the following lines for building the executable: +The former produces a more meaningful message on failure than the latter. - $({NAME}TEST)$(EXE_EXT): $({NAME}TEST).o $(DLIBCRYPTO) - @target=$({NAME}TEST); $(BUILD_CMD) diff --git a/deps/openssl/openssl/test/README.external b/deps/openssl/openssl/test/README.external new file mode 100644 index 00000000000000..2c842322b63347 --- /dev/null +++ b/deps/openssl/openssl/test/README.external @@ -0,0 +1,163 @@ +Running external test suites with OpenSSL +========================================= + +It is possible to integrate external test suites into OpenSSL's "make test". +This capability is considered a developer option and does not work on all +platforms. + + + +The BoringSSL test suite +======================== + +In order to run the BoringSSL tests with OpenSSL, first checkout the BoringSSL +source code into an appropriate directory. This can be done in two ways: + +1) Separately from the OpenSSL checkout using: + + $ git clone https://boringssl.googlesource.com/boringssl boringssl + + The BoringSSL tests are only confirmed to work at a specific commit in the + BoringSSL repository. Later commits may or may not pass the test suite: + + $ cd boringssl + $ git checkout 490469f850e + +2) Using the already configured submodule settings in OpenSSL: + + $ git submodule update --init + +Configure the OpenSSL source code to enable the external tests: + +$ cd ../openssl +$ ./config enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers \ + enable-external-tests + +Note that using other config options than those given above may cause the tests +to fail. + +Run the OpenSSL tests by providing the path to the BoringSSL test runner in the +BORING_RUNNER_DIR environment variable: + +$ BORING_RUNNER_DIR=/path/to/boringssl/ssl/test/runner make test + +Note that the test suite may change directory while running so the path provided +should be absolute and not relative to the current working directory. + +To see more detailed output you can run just the BoringSSL tests with the +verbose option: + +$ VERBOSE=1 BORING_RUNNER_DIR=/path/to/boringssl/ssl/test/runner make \ + TESTS="test_external_boringssl" test + + +Test failures and suppressions +------------------------------ + +A large number of the BoringSSL tests are known to fail. A test could fail +because of many possible reasons. For example: + +- A bug in OpenSSL +- Different interpretations of standards +- Assumptions about the way BoringSSL works that do not apply to OpenSSL +- The test uses APIs added to BoringSSL that are not present in OpenSSL +- etc + +In order to provide a "clean" baseline run with all the tests passing a config +file has been provided that suppresses the running of tests that are known to +fail. These suppressions are held in the file "test/ossl_shim/ossl_config.json" +within the OpenSSL source code. + +The community is encouraged to contribute patches which reduce the number of +suppressions that are currently present. + + +Python PYCA/Cryptography test suite +=================================== + +This python test suite runs cryptographic tests with a local OpenSSL build as +the implementation. + +First checkout the PYCA/Cryptography module into ./pyca-cryptography using: + +$ git submodule update --init + +Then configure/build OpenSSL compatible with the python module: + +$ ./config shared enable-external-tests +$ make + +The tests will run in a python virtual environment which requires virtualenv +to be installed. + +$ make test VERBOSE=1 TESTS=test_external_pyca + +Test failures and suppressions +------------------------------ + +Some tests target older (<=1.0.2) versions so will not run. Other tests target +other crypto implementations so are not relevant. Currently no tests fail. + + +krb5 test suite +=============== + +Much like the PYCA/Cryptography test suite, this builds and runs the krb5 +tests against the local OpenSSL build. + +You will need a git checkout of krb5 at the top level: + +$ git clone /~https://github.com/krb5/krb5 + +krb5's master has to pass this same CI, but a known-good version is +krb5-1.15.1-final if you want to be sure. + +$ cd krb5 +$ git checkout krb5-1.15.1-final +$ cd .. + +OpenSSL must be built with external tests enabled: + +$ ./config enable-external-tests +$ make + +krb5's tests will then be run as part of the rest of the suite, or can be +explicitly run (with more debugging): + +$ VERBOSE=1 make TESTS=test_external_krb5 test + +Test-failures suppressions +-------------------------- + +krb5 will automatically adapt its test suite to account for the configuration +of your system. Certain tests may require more installed packages to run. No +tests are expected to fail. + + +Updating test suites +==================== + +To update the commit for any of the above test suites: + +- Make sure the submodules are cloned locally: + + $ git submodule update --init --recursive + +- Enter subdirectory and pull from the repository (use a specific branch/tag if required): + + $ cd + $ git pull origin master + +- Go to root directory, there should be a new git status: + + $ cd ../ + $ git status + ... + # modified: (new commits) + ... + +- Add/commit/push the update + + git add + git commit -m "Updated to latest commit" + git push diff --git a/deps/openssl/openssl/test/README.ssltest.md b/deps/openssl/openssl/test/README.ssltest.md index c1edda5aed73b5..3b4bb564f11e6d 100644 --- a/deps/openssl/openssl/test/README.ssltest.md +++ b/deps/openssl/openssl/test/README.ssltest.md @@ -81,6 +81,11 @@ handshake. - Yes - a session ticket is expected - No - a session ticket is not expected +* SessionIdExpected - whether or not a session id is expected + - Ignore - do not check for a session id (default) + - Yes - a session id is expected + - No - a session id is not expected + * ResumptionExpected - whether or not resumption is expected (Resume mode only) - Yes - resumed handshake - No - full handshake (default) @@ -89,6 +94,23 @@ handshake. * ExpectedTmpKeyType - the expected algorithm or curve of server temp key +* ExpectedServerCertType, ExpectedClientCertType - the expected algorithm or + curve of server or client certificate + +* ExpectedServerSignHash, ExpectedClientSignHash - the expected + signing hash used by server or client certificate + +* ExpectedServerSignType, ExpectedClientSignType - the expected + signature type used by server or client when signing messages + +* ExpectedClientCANames - for client auth list of CA names the server must + send. If this is "empty" the list is expected to be empty otherwise it + is a file of certificates whose subject names form the list. + +* ExpectedServerCANames - list of CA names the client must send, TLS 1.3 only. + If this is "empty" the list is expected to be empty otherwise it is a file + of certificates whose subject names form the list. + ## Configuring the client and server The client and server configurations can be any valid `SSL_CTX` @@ -170,6 +192,9 @@ client => { protocols can be specified as a comma-separated list, and a callback with the recommended behaviour will be installed automatically. +* SRPUser, SRPPassword - SRP settings. For client, this is the SRP user to + connect as; for server, this is a known SRP user. + ### Default server and client configurations The default server certificate and CA files are added to the configurations @@ -202,7 +227,7 @@ client => { ``` $ ./config $ cd test -$ TOP=.. perl -I testlib/ generate_ssl_tests.pl ssl-tests/my.conf.in \ +$ TOP=.. perl -I ../util/perl/ generate_ssl_tests.pl ssl-tests/my.conf.in \ > ssl-tests/my.conf ``` @@ -211,7 +236,7 @@ where `my.conf.in` is your test input file. For example, to generate the test cases in `ssl-tests/01-simple.conf.in`, do ``` -$ TOP=.. perl -I testlib/ generate_ssl_tests.pl ssl-tests/01-simple.conf.in > ssl-tests/01-simple.conf +$ TOP=.. perl -I ../util/perl/ generate_ssl_tests.pl ssl-tests/01-simple.conf.in > ssl-tests/01-simple.conf ``` Alternatively (hackish but simple), you can comment out diff --git a/deps/openssl/openssl/test/afalgtest.c b/deps/openssl/openssl/test/afalgtest.c index e6e02f03eb3164..adb2977f3028e6 100644 --- a/deps/openssl/openssl/test/afalgtest.c +++ b/deps/openssl/openssl/test/afalgtest.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,6 +10,20 @@ #include #include +#include +#include +#include +#include +#include "testutil.h" + +/* Use a buffer size which is not aligned to block size */ +#define BUFFER_SIZE 17 + +#ifndef OPENSSL_NO_ENGINE +static ENGINE *e; +#endif + + #ifndef OPENSSL_NO_AFALGENG # include # define K_MAJ 4 @@ -27,107 +41,109 @@ #endif #ifndef OPENSSL_NO_AFALGENG -#include -#include -#include -#include - -/* Use a buffer size which is not aligned to block size */ -#define BUFFER_SIZE (8 * 1024) - 13 - -static int test_afalg_aes_128_cbc(ENGINE *e) +static int test_afalg_aes_cbc(int keysize_idx) { EVP_CIPHER_CTX *ctx; - const EVP_CIPHER *cipher = EVP_aes_128_cbc(); - unsigned char key[] = "\x5F\x4D\xCC\x3B\x5A\xA7\x65\xD6\ - \x1D\x83\x27\xDE\xB8\x82\xCF\x99"; - unsigned char iv[] = "\x2B\x95\x99\x0A\x91\x51\x37\x4A\ - \xBD\x8F\xF8\xC5\xA7\xA0\xFE\x08"; - - unsigned char in[BUFFER_SIZE]; + const EVP_CIPHER *cipher; + unsigned char key[] = "\x06\xa9\x21\x40\x36\xb8\xa1\x5b" + "\x51\x2e\x03\xd5\x34\x12\x00\x06" + "\x06\xa9\x21\x40\x36\xb8\xa1\x5b" + "\x51\x2e\x03\xd5\x34\x12\x00\x06"; + unsigned char iv[] = "\x3d\xaf\xba\x42\x9d\x9e\xb4\x30" + "\xb4\x22\xda\x80\x2c\x9f\xac\x41"; + /* input = "Single block msg\n" 17Bytes*/ + unsigned char in[BUFFER_SIZE] = "\x53\x69\x6e\x67\x6c\x65\x20\x62" + "\x6c\x6f\x63\x6b\x20\x6d\x73\x67\x0a"; unsigned char ebuf[BUFFER_SIZE + 32]; unsigned char dbuf[BUFFER_SIZE + 32]; - int encl, encf, decl, decf; - unsigned int status = 0; + unsigned char encresult_128[] = "\xe3\x53\x77\x9c\x10\x79\xae\xb8" + "\x27\x08\x94\x2d\xbe\x77\x18\x1a\x2d"; + unsigned char encresult_192[] = "\xf7\xe4\x26\xd1\xd5\x4f\x8f\x39" + "\xb1\x9e\xe0\xdf\x61\xb9\xc2\x55\xeb"; + unsigned char encresult_256[] = "\xa0\x76\x85\xfd\xc1\x65\x71\x9d" + "\xc7\xe9\x13\x6e\xae\x55\x49\xb4\x13"; + unsigned char *enc_result = NULL; - ctx = EVP_CIPHER_CTX_new(); - if (ctx == NULL) { - fprintf(stderr, "%s() failed to allocate ctx\n", __func__); - return 0; + int encl, encf, decl, decf; + int ret = 0; + + switch (keysize_idx) { + case 0: + cipher = EVP_aes_128_cbc(); + enc_result = &encresult_128[0]; + break; + case 1: + cipher = EVP_aes_192_cbc(); + enc_result = &encresult_192[0]; + break; + case 2: + cipher = EVP_aes_256_cbc(); + enc_result = &encresult_256[0]; + break; + default: + cipher = NULL; } - RAND_bytes(in, BUFFER_SIZE); + if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) + return 0; - if ( !EVP_CipherInit_ex(ctx, cipher, e, key, iv, 1) - || !EVP_CipherUpdate(ctx, ebuf, &encl, in, BUFFER_SIZE) - || !EVP_CipherFinal_ex(ctx, ebuf+encl, &encf)) { - fprintf(stderr, "%s() failed encryption\n", __func__); + if (!TEST_true(EVP_CipherInit_ex(ctx, cipher, e, key, iv, 1)) + || !TEST_true(EVP_CipherUpdate(ctx, ebuf, &encl, in, BUFFER_SIZE)) + || !TEST_true(EVP_CipherFinal_ex(ctx, ebuf+encl, &encf))) goto end; - } encl += encf; - if ( !EVP_CIPHER_CTX_reset(ctx) - || !EVP_CipherInit_ex(ctx, cipher, e, key, iv, 0) - || !EVP_CipherUpdate(ctx, dbuf, &decl, ebuf, encl) - || !EVP_CipherFinal_ex(ctx, dbuf+decl, &decf)) { - fprintf(stderr, "%s() failed decryption\n", __func__); + if (!TEST_mem_eq(enc_result, BUFFER_SIZE, ebuf, BUFFER_SIZE)) + goto end; + + if (!TEST_true(EVP_CIPHER_CTX_reset(ctx)) + || !TEST_true(EVP_CipherInit_ex(ctx, cipher, e, key, iv, 0)) + || !TEST_true(EVP_CipherUpdate(ctx, dbuf, &decl, ebuf, encl)) + || !TEST_true(EVP_CipherFinal_ex(ctx, dbuf+decl, &decf))) goto end; - } decl += decf; - if ( decl != BUFFER_SIZE - || memcmp(dbuf, in, BUFFER_SIZE)) { - fprintf(stderr, "%s() failed Dec(Enc(P)) != P\n", __func__); + if (!TEST_int_eq(decl, BUFFER_SIZE) + || !TEST_mem_eq(dbuf, BUFFER_SIZE, in, BUFFER_SIZE)) goto end; - } - status = 1; + ret = 1; end: EVP_CIPHER_CTX_free(ctx); - return status; + return ret; } +#endif -int main(int argc, char **argv) +#ifndef OPENSSL_NO_ENGINE +int global_init(void) { - ENGINE *e; - - CRYPTO_set_mem_debug(1); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - ENGINE_load_builtin_engines(); - # ifndef OPENSSL_NO_STATIC_ENGINE OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_AFALG, NULL); # endif + return 1; +} +#endif - e = ENGINE_by_id("afalg"); - if (e == NULL) { - /* - * A failure to load is probably a platform environment problem so we - * don't treat this as an OpenSSL test failure, i.e. we return 0 - */ - fprintf(stderr, - "AFALG Test: Failed to load AFALG Engine - skipping test\n"); - return 0; - } - - if (test_afalg_aes_128_cbc(e) == 0) { - ENGINE_free(e); - return 1; +int setup_tests(void) +{ +#ifndef OPENSSL_NO_ENGINE + if ((e = ENGINE_by_id("afalg")) == NULL) { + /* Probably a platform env issue, not a test failure. */ + TEST_info("Can't load AFALG engine"); + } else { +# ifndef OPENSSL_NO_AFALGENG + ADD_ALL_TESTS(test_afalg_aes_cbc, 3); +# endif } +#endif - ENGINE_free(e); - printf("PASS\n"); - return 0; + return 1; } -#else /* OPENSSL_NO_AFALGENG */ - -int main(int argc, char **argv) +#ifndef OPENSSL_NO_ENGINE +void cleanup_tests(void) { - fprintf(stderr, "AFALG not supported - skipping AFALG tests\n"); - printf("PASS\n"); - return 0; + ENGINE_free(e); } - #endif diff --git a/deps/openssl/openssl/test/asynciotest.c b/deps/openssl/openssl/test/asynciotest.c index 7e51efb466f7b5..5e85cbb044a2e0 100644 --- a/deps/openssl/openssl/test/asynciotest.c +++ b/deps/openssl/openssl/test/asynciotest.c @@ -16,10 +16,14 @@ #include "../ssl/packet_locl.h" #include "ssltestlib.h" +#include "testutil.h" /* Should we fragment records or not? 0 = no, !0 = yes*/ static int fragment = 0; +static char *cert = NULL; +static char *privkey = NULL; + static int async_new(BIO *bi); static int async_free(BIO *a); static int async_read(BIO *b, char *out, int outl); @@ -38,7 +42,7 @@ struct async_ctrs { unsigned int wctr; }; -static const BIO_METHOD *bio_f_async_filter() +static const BIO_METHOD *bio_f_async_filter(void) { if (methods_async == NULL) { methods_async = BIO_meth_new(BIO_TYPE_ASYNC_FILTER, "Async filter"); @@ -85,7 +89,7 @@ static int async_free(BIO *bio) static int async_read(BIO *bio, char *out, int outl) { struct async_ctrs *ctrs; - int ret = -1; + int ret = 0; BIO *next = BIO_next(bio); if (outl <= 0) @@ -120,7 +124,7 @@ static int async_read(BIO *bio, char *out, int outl) static int async_write(BIO *bio, const char *in, int inl) { struct async_ctrs *ctrs; - int ret = -1; + int ret = 0; size_t written = 0; BIO *next = BIO_next(bio); @@ -139,21 +143,65 @@ static int async_write(BIO *bio, const char *in, int inl) PACKET pkt; if (!PACKET_buf_init(&pkt, (const unsigned char *)in, inl)) - abort(); + return -1; while (PACKET_remaining(&pkt) > 0) { - PACKET payload; + PACKET payload, wholebody, sessionid, extensions; unsigned int contenttype, versionhi, versionlo, data; + unsigned int msgtype = 0, negversion = 0; - if ( !PACKET_get_1(&pkt, &contenttype) - || !PACKET_get_1(&pkt, &versionhi) - || !PACKET_get_1(&pkt, &versionlo) - || !PACKET_get_length_prefixed_2(&pkt, &payload)) - abort(); + if (!PACKET_get_1(&pkt, &contenttype) + || !PACKET_get_1(&pkt, &versionhi) + || !PACKET_get_1(&pkt, &versionlo) + || !PACKET_get_length_prefixed_2(&pkt, &payload)) + return -1; /* Pretend we wrote out the record header */ written += SSL3_RT_HEADER_LENGTH; + wholebody = payload; + if (contenttype == SSL3_RT_HANDSHAKE + && !PACKET_get_1(&wholebody, &msgtype)) + return -1; + + if (msgtype == SSL3_MT_SERVER_HELLO) { + if (!PACKET_forward(&wholebody, + SSL3_HM_HEADER_LENGTH - 1) + || !PACKET_get_net_2(&wholebody, &negversion) + /* Skip random (32 bytes) */ + || !PACKET_forward(&wholebody, 32) + /* Skip session id */ + || !PACKET_get_length_prefixed_1(&wholebody, + &sessionid) + /* + * Skip ciphersuite (2 bytes) and compression + * method (1 byte) + */ + || !PACKET_forward(&wholebody, 2 + 1) + || !PACKET_get_length_prefixed_2(&wholebody, + &extensions)) + return -1; + + /* + * Find the negotiated version in supported_versions + * extension, if present. + */ + while (PACKET_remaining(&extensions)) { + unsigned int type; + PACKET extbody; + + if (!PACKET_get_net_2(&extensions, &type) + || !PACKET_get_length_prefixed_2(&extensions, + &extbody)) + return -1; + + if (type == TLSEXT_TYPE_supported_versions + && (!PACKET_get_net_2(&extbody, &negversion) + || PACKET_remaining(&extbody) != 0)) + return -1; + } + } + while (PACKET_get_1(&payload, &data)) { /* Create a new one byte long record for each byte in the * record in the input buffer @@ -173,14 +221,16 @@ static int async_write(BIO *bio, const char *in, int inl) smallrec[DATAPOS] = data; ret = BIO_write(next, smallrec, MIN_RECORD_LEN); if (ret <= 0) - abort(); + return -1; written++; } /* - * We can't fragment anything after the CCS, otherwise we - * get a bad record MAC + * We can't fragment anything after the ServerHello (or CCS <= + * TLS1.2), otherwise we get a bad record MAC */ - if (contenttype == SSL3_RT_CHANGE_CIPHER_SPEC) { + if (contenttype == SSL3_RT_CHANGE_CIPHER_SPEC + || (negversion == TLS1_3_VERSION + && msgtype == SSL3_MT_SERVER_HELLO)) { fragment = 0; break; } @@ -189,7 +239,7 @@ static int async_write(BIO *bio, const char *in, int inl) /* Write any data we have left after fragmenting */ ret = 0; if ((int)written < inl) { - ret = BIO_write(next, in + written , inl - written); + ret = BIO_write(next, in + written, inl - written); } if (ret <= 0 && BIO_should_write(next)) @@ -236,30 +286,20 @@ static int async_puts(BIO *bio, const char *str) #define MAX_ATTEMPTS 100 -int main(int argc, char *argv[]) +static int test_asyncio(int test) { SSL_CTX *serverctx = NULL, *clientctx = NULL; SSL *serverssl = NULL, *clientssl = NULL; BIO *s_to_c_fbio = NULL, *c_to_s_fbio = NULL; - int test, err = 1, ret; + int testresult = 0, ret; size_t i, j; const char testdata[] = "Test data"; char buf[sizeof(testdata)]; - CRYPTO_set_mem_debug(1); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - - if (argc != 3) { - printf("Invalid argument count\n"); + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), + TLS1_VERSION, TLS_MAX_VERSION, + &serverctx, &clientctx, cert, privkey))) goto end; - } - - if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, - &serverctx, &clientctx, argv[1], argv[2])) { - printf("Failed to create SSL_CTX pair\n"); - goto end; - } /* * We do 2 test runs. The first time around we just do a normal handshake @@ -267,116 +307,103 @@ int main(int argc, char *argv[]) * all records so that the content is only one byte length (up until the * CCS) */ - for (test = 1; test < 3; test++) { - if (test == 2) - fragment = 1; + if (test == 1) + fragment = 1; - s_to_c_fbio = BIO_new(bio_f_async_filter()); - c_to_s_fbio = BIO_new(bio_f_async_filter()); - if (s_to_c_fbio == NULL || c_to_s_fbio == NULL) { - printf("Failed to create filter BIOs\n"); - BIO_free(s_to_c_fbio); - BIO_free(c_to_s_fbio); - goto end; - } + s_to_c_fbio = BIO_new(bio_f_async_filter()); + c_to_s_fbio = BIO_new(bio_f_async_filter()); + if (!TEST_ptr(s_to_c_fbio) + || !TEST_ptr(c_to_s_fbio)) { + BIO_free(s_to_c_fbio); + BIO_free(c_to_s_fbio); + goto end; + } - /* BIOs get freed on error */ - if (!create_ssl_objects(serverctx, clientctx, &serverssl, &clientssl, - s_to_c_fbio, c_to_s_fbio)) { - printf("Test %d failed: Create SSL objects failed\n", test); - goto end; - } + /* BIOs get freed on error */ + if (!TEST_true(create_ssl_objects(serverctx, clientctx, &serverssl, + &clientssl, s_to_c_fbio, c_to_s_fbio)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; - if (!create_ssl_connection(serverssl, clientssl)) { - printf("Test %d failed: Create SSL connection failed\n", test); - goto end; - } + /* + * Send and receive some test data. Do the whole thing twice to ensure + * we hit at least one async event in both reading and writing + */ + for (j = 0; j < 2; j++) { + int len; /* - * Send and receive some test data. Do the whole thing twice to ensure - * we hit at least one async event in both reading and writing + * Write some test data. It should never take more than 2 attempts + * (the first one might be a retryable fail). */ - for (j = 0; j < 2; j++) { - int len; - - /* - * Write some test data. It should never take more than 2 attempts - * (the first one might be a retryable fail). - */ - for (ret = -1, i = 0, len = 0; len != sizeof(testdata) && i < 2; - i++) { - ret = SSL_write(clientssl, testdata + len, - sizeof(testdata) - len); - if (ret > 0) { - len += ret; - } else { - int ssl_error = SSL_get_error(clientssl, ret); - - if (ssl_error == SSL_ERROR_SYSCALL || - ssl_error == SSL_ERROR_SSL) { - printf("Test %d failed: Failed to write app data\n", test); - err = -1; - goto end; - } - } - } - if (len != sizeof(testdata)) { - err = -1; - printf("Test %d failed: Failed to write all app data\n", test); - goto end; - } - /* - * Now read the test data. It may take more attempts here because - * it could fail once for each byte read, including all overhead - * bytes from the record header/padding etc. - */ - for (ret = -1, i = 0, len = 0; len != sizeof(testdata) && - i < MAX_ATTEMPTS; i++) - { - ret = SSL_read(serverssl, buf + len, sizeof(buf) - len); - if (ret > 0) { - len += ret; - } else { - int ssl_error = SSL_get_error(serverssl, ret); - - if (ssl_error == SSL_ERROR_SYSCALL || - ssl_error == SSL_ERROR_SSL) { - printf("Test %d failed: Failed to read app data\n", test); - err = -1; - goto end; - } - } - } - if (len != sizeof(testdata) - || memcmp(buf, testdata, sizeof(testdata)) != 0) { - err = -1; - printf("Test %d failed: Unexpected app data received\n", test); - goto end; + for (ret = -1, i = 0, len = 0; len != sizeof(testdata) && i < 2; + i++) { + ret = SSL_write(clientssl, testdata + len, + sizeof(testdata) - len); + if (ret > 0) { + len += ret; + } else { + int ssl_error = SSL_get_error(clientssl, ret); + + if (!TEST_false(ssl_error == SSL_ERROR_SYSCALL || + ssl_error == SSL_ERROR_SSL)) + goto end; } } + if (!TEST_size_t_eq(len, sizeof(testdata))) + goto end; - /* Also frees the BIOs */ - SSL_free(clientssl); - SSL_free(serverssl); - clientssl = serverssl = NULL; + /* + * Now read the test data. It may take more attempts here because + * it could fail once for each byte read, including all overhead + * bytes from the record header/padding etc. + */ + for (ret = -1, i = 0, len = 0; len != sizeof(testdata) && + i < MAX_ATTEMPTS; i++) { + ret = SSL_read(serverssl, buf + len, sizeof(buf) - len); + if (ret > 0) { + len += ret; + } else { + int ssl_error = SSL_get_error(serverssl, ret); + + if (!TEST_false(ssl_error == SSL_ERROR_SYSCALL || + ssl_error == SSL_ERROR_SSL)) + goto end; + } + } + if (!TEST_mem_eq(testdata, sizeof(testdata), buf, len)) + goto end; } - printf("Test success\n"); + /* Also frees the BIOs */ + SSL_free(clientssl); + SSL_free(serverssl); + clientssl = serverssl = NULL; - err = 0; - end: - if (err) - ERR_print_errors_fp(stderr); + testresult = 1; + end: SSL_free(clientssl); SSL_free(serverssl); SSL_CTX_free(clientctx); SSL_CTX_free(serverctx); -# ifndef OPENSSL_NO_CRYPTO_MDEBUG - CRYPTO_mem_leaks_fp(stderr); -# endif + return testresult; +} - return err; +int setup_tests(void) +{ + if (!TEST_ptr(cert = test_get_argument(0)) + || !TEST_ptr(privkey = test_get_argument(1))) + return 0; + + ADD_ALL_TESTS(test_asyncio, 2); + return 1; +} + +void cleanup_tests(void) +{ + BIO_meth_free(methods_async); } diff --git a/deps/openssl/openssl/test/asynctest.c b/deps/openssl/openssl/test/asynctest.c index eef3c3214ce9f3..9728a379117a65 100644 --- a/deps/openssl/openssl/test/asynctest.c +++ b/deps/openssl/openssl/test/asynctest.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -87,7 +87,7 @@ static int blockpause(void *args) return 1; } -static int test_ASYNC_init_thread() +static int test_ASYNC_init_thread(void) { ASYNC_JOB *job1 = NULL, *job2 = NULL, *job3 = NULL; int funcret1, funcret2, funcret3; @@ -123,7 +123,7 @@ static int test_ASYNC_init_thread() return 1; } -static int test_ASYNC_start_job() +static int test_ASYNC_start_job(void) { ASYNC_JOB *job = NULL; int funcret; @@ -151,7 +151,7 @@ static int test_ASYNC_start_job() return 1; } -static int test_ASYNC_get_current_job() +static int test_ASYNC_get_current_job(void) { ASYNC_JOB *job = NULL; int funcret; @@ -178,7 +178,7 @@ static int test_ASYNC_get_current_job() return 1; } -static int test_ASYNC_WAIT_CTX_get_all_fds() +static int test_ASYNC_WAIT_CTX_get_all_fds(void) { ASYNC_JOB *job = NULL; int funcret; @@ -245,7 +245,7 @@ static int test_ASYNC_WAIT_CTX_get_all_fds() return 1; } -static int test_ASYNC_block_pause() +static int test_ASYNC_block_pause(void) { ASYNC_JOB *job = NULL; int funcret; diff --git a/deps/openssl/openssl/test/bad_dtls_test.c b/deps/openssl/openssl/test/bad_dtls_test.c index 2e33010cb4f319..1c836b9c17cb41 100644 --- a/deps/openssl/openssl/test/bad_dtls_test.c +++ b/deps/openssl/openssl/test/bad_dtls_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -37,9 +37,9 @@ #include #include #include - #include "../ssl/packet_locl.h" -#include "../e_os.h" /* for OSSL_NELEM() */ +#include "internal/nelem.h" +#include "testutil.h" /* For DTLS1_BAD_VER packets the MAC doesn't include the handshake header */ #define MAC_OFFSET (DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH) @@ -118,7 +118,7 @@ static int validate_client_hello(BIO *wbio) long len; unsigned char *data; int cookie_found = 0; - unsigned int u; + unsigned int u = 0; len = BIO_get_mem_data(wbio, (char **)&data); if (!PACKET_buf_init(&pkt, data, len)) @@ -182,7 +182,7 @@ static int validate_client_hello(BIO *wbio) /* Update handshake MAC for second ClientHello (with cookie) */ if (cookie_found && !EVP_DigestUpdate(handshake_md, data + MAC_OFFSET, len - MAC_OFFSET)) - printf("EVP_DigestUpdate() failed\n"); + return 0; (void)BIO_reset(wbio); @@ -259,7 +259,7 @@ static int send_server_hello(BIO *rbio) if (!EVP_DigestUpdate(handshake_md, server_hello + MAC_OFFSET, sizeof(server_hello) - MAC_OFFSET)) - printf("EVP_DigestUpdate() failed\n"); + return 0; BIO_write(rbio, server_hello, sizeof(server_hello)); BIO_write(rbio, change_cipher_spec, sizeof(change_cipher_spec)); @@ -268,7 +268,7 @@ static int send_server_hello(BIO *rbio) } /* Create header, HMAC, pad, encrypt and send a record */ -static int send_record(BIO *rbio, unsigned char type, unsigned long seqnr, +static int send_record(BIO *rbio, unsigned char type, uint64_t seqnr, const void *msg, size_t len) { /* Note that the order of the record header fields on the wire, @@ -284,10 +284,8 @@ static int send_record(BIO *rbio, unsigned char type, unsigned long seqnr, unsigned char pad; unsigned char *enc; -#ifdef SIXTY_FOUR_BIT_LONG seq[0] = (seqnr >> 40) & 0xff; seq[1] = (seqnr >> 32) & 0xff; -#endif seq[2] = (seqnr >> 24) & 0xff; seq[3] = (seqnr >> 16) & 0xff; seq[4] = (seqnr >> 8) & 0xff; @@ -308,8 +306,8 @@ static int send_record(BIO *rbio, unsigned char type, unsigned long seqnr, HMAC_Update(ctx, seq, 6); HMAC_Update(ctx, &type, 1); HMAC_Update(ctx, ver, 2); /* Version */ - lenbytes[0] = len >> 8; - lenbytes[1] = len & 0xff; + lenbytes[0] = (unsigned char)(len >> 8); + lenbytes[1] = (unsigned char)(len); HMAC_Update(ctx, lenbytes, 2); /* Length */ HMAC_Update(ctx, enc, len); /* Finally the data itself */ HMAC_Final(ctx, enc + len, NULL); @@ -333,8 +331,8 @@ static int send_record(BIO *rbio, unsigned char type, unsigned long seqnr, BIO_write(rbio, ver, 2); BIO_write(rbio, epoch, 2); BIO_write(rbio, seq, 6); - lenbytes[0] = (len + sizeof(iv)) >> 8; - lenbytes[1] = (len + sizeof(iv)) & 0xff; + lenbytes[0] = (unsigned char)((len + sizeof(iv)) >> 8); + lenbytes[1] = (unsigned char)(len + sizeof(iv)); BIO_write(rbio, lenbytes, 2); BIO_write(rbio, iv, sizeof(iv)); @@ -365,7 +363,7 @@ static int send_finished(SSL *s, BIO *rbio) /* Generate Finished MAC */ if (!EVP_DigestFinal_ex(handshake_md, handshake_hash, NULL)) - printf("EVP_DigestFinal_ex() failed\n"); + return 0; do_PRF(TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE, handshake_hash, EVP_MD_CTX_size(handshake_md), @@ -428,7 +426,7 @@ static int validate_ccs(BIO *wbio) #define DROP(x) { x##UL, 1 } static struct { - unsigned long seq; + uint64_t seq; int drop; } tests[] = { NODROP(1), NODROP(3), NODROP(2), @@ -443,24 +441,18 @@ static struct { /* The last test should be NODROP, because a DROP wouldn't get tested. */ }; -int main(int argc, char *argv[]) +static int test_bad_dtls(void) { - SSL_SESSION *sess; - SSL_CTX *ctx; - SSL *con; - BIO *rbio; - BIO *wbio; - BIO *err; + SSL_SESSION *sess = NULL; + SSL_CTX *ctx = NULL; + SSL *con = NULL; + BIO *rbio = NULL; + BIO *wbio = NULL; time_t now = 0; int testresult = 0; int ret; int i; - err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); - - CRYPTO_set_mem_debug(1); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - RAND_bytes(session_id, sizeof(session_id)); RAND_bytes(master_secret, sizeof(master_secret)); RAND_bytes(cookie, sizeof(cookie)); @@ -470,99 +462,78 @@ int main(int argc, char *argv[]) memcpy(server_random, &now, sizeof(now)); sess = client_session(); - if (sess == NULL) { - printf("Failed to generate SSL_SESSION\n"); + if (!TEST_ptr(sess)) goto end; - } handshake_md = EVP_MD_CTX_new(); - if (handshake_md == NULL || - !EVP_DigestInit_ex(handshake_md, EVP_md5_sha1(), NULL)) { - printf("Failed to initialise handshake_md\n"); + if (!TEST_ptr(handshake_md) + || !TEST_true(EVP_DigestInit_ex(handshake_md, EVP_md5_sha1(), + NULL))) goto end; - } ctx = SSL_CTX_new(DTLS_client_method()); - if (ctx == NULL) { - printf("Failed to allocate SSL_CTX\n"); - goto end_md; - } - if (!SSL_CTX_set_min_proto_version(ctx, DTLS1_BAD_VER)) { - printf("SSL_CTX_set_min_proto_version() failed\n"); - goto end_ctx; - } - if (!SSL_CTX_set_max_proto_version(ctx, DTLS1_BAD_VER)) { - printf("SSL_CTX_set_max_proto_version() failed\n"); - goto end_ctx; - } - - if (!SSL_CTX_set_cipher_list(ctx, "AES128-SHA")) { - printf("SSL_CTX_set_cipher_list() failed\n"); - goto end_ctx; - } + if (!TEST_ptr(ctx) + || !TEST_true(SSL_CTX_set_min_proto_version(ctx, DTLS1_BAD_VER)) + || !TEST_true(SSL_CTX_set_max_proto_version(ctx, DTLS1_BAD_VER)) + || !TEST_true(SSL_CTX_set_cipher_list(ctx, "AES128-SHA"))) + goto end; con = SSL_new(ctx); - if (!SSL_set_session(con, sess)) { - printf("SSL_set_session() failed\n"); - goto end_con; - } + if (!TEST_ptr(con) + || !TEST_true(SSL_set_session(con, sess))) + goto end; SSL_SESSION_free(sess); rbio = BIO_new(BIO_s_mem()); wbio = BIO_new(BIO_s_mem()); - BIO_set_nbio(rbio, 1); - BIO_set_nbio(wbio, 1); + if (!TEST_ptr(rbio) + || !TEST_ptr(wbio)) + goto end; SSL_set_bio(con, rbio, wbio); + + if (!TEST_true(BIO_up_ref(rbio))) { + /* + * We can't up-ref but we assigned ownership to con, so we shouldn't + * free in the "end" block + */ + rbio = wbio = NULL; + goto end; + } + + if (!TEST_true(BIO_up_ref(wbio))) { + wbio = NULL; + goto end; + } + SSL_set_connect_state(con); /* Send initial ClientHello */ ret = SSL_do_handshake(con); - if (ret > 0 || SSL_get_error(con, ret) != SSL_ERROR_WANT_READ) { - printf("Unexpected handshake result at initial call!\n"); - goto end_con; - } + if (!TEST_int_le(ret, 0) + || !TEST_int_eq(SSL_get_error(con, ret), SSL_ERROR_WANT_READ) + || !TEST_int_eq(validate_client_hello(wbio), 1) + || !TEST_true(send_hello_verify(rbio))) + goto end; - if (validate_client_hello(wbio) != 1) { - printf("Initial ClientHello failed validation\n"); - goto end_con; - } - if (send_hello_verify(rbio) != 1) { - printf("Failed to send HelloVerify\n"); - goto end_con; - } ret = SSL_do_handshake(con); - if (ret > 0 || SSL_get_error(con, ret) != SSL_ERROR_WANT_READ) { - printf("Unexpected handshake result after HelloVerify!\n"); - goto end_con; - } - if (validate_client_hello(wbio) != 2) { - printf("Second ClientHello failed validation\n"); - goto end_con; - } - if (send_server_hello(rbio) != 1) { - printf("Failed to send ServerHello\n"); - goto end_con; - } + if (!TEST_int_le(ret, 0) + || !TEST_int_eq(SSL_get_error(con, ret), SSL_ERROR_WANT_READ) + || !TEST_int_eq(validate_client_hello(wbio), 2) + || !TEST_true(send_server_hello(rbio))) + goto end; + ret = SSL_do_handshake(con); - if (ret > 0 || SSL_get_error(con, ret) != SSL_ERROR_WANT_READ) { - printf("Unexpected handshake result after ServerHello!\n"); - goto end_con; - } - if (send_finished(con, rbio) != 1) { - printf("Failed to send Finished\n"); - goto end_con; - } + if (!TEST_int_le(ret, 0) + || !TEST_int_eq(SSL_get_error(con, ret), SSL_ERROR_WANT_READ) + || !TEST_true(send_finished(con, rbio))) + goto end; + ret = SSL_do_handshake(con); - if (ret < 1) { - printf("Handshake not successful after Finished!\n"); - goto end_con; - } - if (validate_ccs(wbio) != 1) { - printf("Failed to validate client CCS/Finished\n"); - goto end_con; - } + if (!TEST_int_gt(ret, 0) + || !TEST_true(validate_ccs(wbio))) + goto end; /* While we're here and crafting packets by hand, we might as well do a bit of a stress test on the DTLS record replay handling. Not Cisco-DTLS @@ -570,55 +541,46 @@ int main(int argc, char *argv[]) before, and in fact was broken even for a basic 0, 2, 1 test case when this test was first added.... */ for (i = 0; i < (int)OSSL_NELEM(tests); i++) { - unsigned long recv_buf[2]; + uint64_t recv_buf[2]; - if (send_record(rbio, SSL3_RT_APPLICATION_DATA, tests[i].seq, - &tests[i].seq, sizeof(unsigned long)) != 1) { - printf("Failed to send data seq #0x%lx (%d)\n", - tests[i].seq, i); - goto end_con; + if (!TEST_true(send_record(rbio, SSL3_RT_APPLICATION_DATA, tests[i].seq, + &tests[i].seq, sizeof(uint64_t)))) { + TEST_error("Failed to send data seq #0x%x%08x (%d)\n", + (unsigned int)(tests[i].seq >> 32), (unsigned int)tests[i].seq, i); + goto end; } if (tests[i].drop) continue; - ret = SSL_read(con, recv_buf, 2 * sizeof(unsigned long)); - if (ret != sizeof(unsigned long)) { - printf("SSL_read failed or wrong size on seq#0x%lx (%d)\n", - tests[i].seq, i); - goto end_con; + ret = SSL_read(con, recv_buf, 2 * sizeof(uint64_t)); + if (!TEST_int_eq(ret, (int)sizeof(uint64_t))) { + TEST_error("SSL_read failed or wrong size on seq#0x%x%08x (%d)\n", + (unsigned int)(tests[i].seq >> 32), (unsigned int)tests[i].seq, i); + goto end; } - if (recv_buf[0] != tests[i].seq) { - printf("Wrong data packet received (0x%lx not 0x%lx) at packet %d\n", - recv_buf[0], tests[i].seq, i); - goto end_con; - } - } - if (tests[i-1].drop) { - printf("Error: last test cannot be DROP()\n"); - goto end_con; + if (!TEST_true(recv_buf[0] == tests[i].seq)) + goto end; } - testresult=1; - end_con: + /* The last test cannot be DROP() */ + if (!TEST_false(tests[i-1].drop)) + goto end; + + testresult = 1; + + end: + BIO_free(rbio); + BIO_free(wbio); SSL_free(con); - end_ctx: SSL_CTX_free(ctx); - end_md: EVP_MD_CTX_free(handshake_md); - end: - ERR_print_errors_fp(stderr); - if (!testresult) { - printf("Cisco BadDTLS test: FAILED\n"); - } - - -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - if (CRYPTO_mem_leaks(err) <= 0) - testresult = 0; -#endif - BIO_free(err); + return testresult; +} - return testresult?0:1; +int setup_tests(void) +{ + ADD_TEST(test_bad_dtls); + return 1; } diff --git a/deps/openssl/openssl/test/bftest.c b/deps/openssl/openssl/test/bftest.c index a513660e4a39ed..5abb81d7c911f8 100644 --- a/deps/openssl/openssl/test/bftest.c +++ b/deps/openssl/openssl/test/bftest.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -16,16 +16,11 @@ #include #include #include /* To see if OPENSSL_NO_BF is defined */ +#include "testutil.h" -#include "../e_os.h" +#include "internal/nelem.h" -#ifdef OPENSSL_NO_BF -int main(int argc, char *argv[]) -{ - printf("No BF support\n"); - return (0); -} -#else +#ifndef OPENSSL_NO_BF # include # ifdef CHARSET_EBCDIC @@ -229,20 +224,6 @@ static unsigned char key_out[KEY_TEST_NUM][8] = { {0x05, 0x04, 0x4B, 0x62, 0xFA, 0x52, 0xD0, 0x80}, }; -static int test(void); -static int print_test_data(void); -int main(int argc, char *argv[]) -{ - int ret; - - if (argc > 1) - ret = print_test_data(); - else - ret = test(); - - EXIT(ret); -} - static int print_test_data(void) { unsigned int i, j; @@ -305,106 +286,71 @@ static int print_test_data(void) for (j = 0; j < strlen(cbc_data) + 1; j++) printf("%02X", ofb64_ok[j]); printf("\n"); - return (0); + return 0; } -static int test(void) +static int test_bf_ecb_raw(int n) { - unsigned char cbc_in[40], cbc_out[40], iv[8]; - int i, n, err = 0; + int ret = 1; BF_KEY key; BF_LONG data[2]; + + BF_set_key(&key, strlen(bf_key[n]), (unsigned char *)bf_key[n]); + + data[0] = bf_plain[n][0]; + data[1] = bf_plain[n][1]; + BF_encrypt(data, &key); + if (!TEST_mem_eq(&(bf_cipher[n][0]), BF_BLOCK, &(data[0]), BF_BLOCK)) + ret = 0; + + BF_decrypt(&(data[0]), &key); + if (!TEST_mem_eq(&(bf_plain[n][0]), BF_BLOCK, &(data[0]), BF_BLOCK)) + ret = 0; + + return ret; +} + +static int test_bf_ecb(int n) +{ + int ret = 1; + BF_KEY key; unsigned char out[8]; - BF_LONG len; -# ifdef CHARSET_EBCDIC - ebcdic2ascii(cbc_data, cbc_data, strlen(cbc_data)); -# endif + BF_set_key(&key, 8, ecb_data[n]); - printf("testing blowfish in raw ecb mode\n"); - for (n = 0; n < 2; n++) { -# ifdef CHARSET_EBCDIC - ebcdic2ascii(bf_key[n], bf_key[n], strlen(bf_key[n])); -# endif - BF_set_key(&key, strlen(bf_key[n]), (unsigned char *)bf_key[n]); - - data[0] = bf_plain[n][0]; - data[1] = bf_plain[n][1]; - BF_encrypt(data, &key); - if (memcmp(&(bf_cipher[n][0]), &(data[0]), 8) != 0) { - printf("BF_encrypt error encrypting\n"); - printf("got :"); - for (i = 0; i < 2; i++) - printf("%08lX ", (unsigned long)data[i]); - printf("\n"); - printf("expected:"); - for (i = 0; i < 2; i++) - printf("%08lX ", (unsigned long)bf_cipher[n][i]); - err = 1; - printf("\n"); - } - - BF_decrypt(&(data[0]), &key); - if (memcmp(&(bf_plain[n][0]), &(data[0]), 8) != 0) { - printf("BF_encrypt error decrypting\n"); - printf("got :"); - for (i = 0; i < 2; i++) - printf("%08lX ", (unsigned long)data[i]); - printf("\n"); - printf("expected:"); - for (i = 0; i < 2; i++) - printf("%08lX ", (unsigned long)bf_plain[n][i]); - printf("\n"); - err = 1; - } - } + BF_ecb_encrypt(&(plain_data[n][0]), out, &key, BF_ENCRYPT); + if (!TEST_mem_eq(&(cipher_data[n][0]), BF_BLOCK, out, BF_BLOCK)) + ret = 0; - printf("testing blowfish in ecb mode\n"); - - for (n = 0; n < NUM_TESTS; n++) { - BF_set_key(&key, 8, ecb_data[n]); - - BF_ecb_encrypt(&(plain_data[n][0]), out, &key, BF_ENCRYPT); - if (memcmp(&(cipher_data[n][0]), out, 8) != 0) { - printf("BF_ecb_encrypt blowfish error encrypting\n"); - printf("got :"); - for (i = 0; i < 8; i++) - printf("%02X ", out[i]); - printf("\n"); - printf("expected:"); - for (i = 0; i < 8; i++) - printf("%02X ", cipher_data[n][i]); - err = 1; - printf("\n"); - } - - BF_ecb_encrypt(out, out, &key, BF_DECRYPT); - if (memcmp(&(plain_data[n][0]), out, 8) != 0) { - printf("BF_ecb_encrypt error decrypting\n"); - printf("got :"); - for (i = 0; i < 8; i++) - printf("%02X ", out[i]); - printf("\n"); - printf("expected:"); - for (i = 0; i < 8; i++) - printf("%02X ", plain_data[n][i]); - printf("\n"); - err = 1; - } - } + BF_ecb_encrypt(out, out, &key, BF_DECRYPT); + if (!TEST_mem_eq(&(plain_data[n][0]), BF_BLOCK, out, BF_BLOCK)) + ret = 0; - printf("testing blowfish set_key\n"); - for (n = 1; n < KEY_TEST_NUM; n++) { - BF_set_key(&key, n, key_test); - BF_ecb_encrypt(key_data, out, &key, BF_ENCRYPT); - /* mips-sgi-irix6.5-gcc vv -mabi=64 bug workaround */ - if (memcmp(out, &(key_out[i = n - 1][0]), 8) != 0) { - printf("blowfish setkey error\n"); - err = 1; - } - } + return ret; +} + +static int test_bf_set_key(int n) +{ + int ret = 1; + BF_KEY key; + unsigned char out[8]; + + BF_set_key(&key, n+1, key_test); + BF_ecb_encrypt(key_data, out, &key, BF_ENCRYPT); + /* mips-sgi-irix6.5-gcc vv -mabi=64 bug workaround */ + if (!TEST_mem_eq(out, 8, &(key_out[n][0]), 8)) + ret = 0; + + return ret; +} + +static int test_bf_cbc(void) +{ + unsigned char cbc_in[40], cbc_out[40], iv[8]; + int ret = 1; + BF_KEY key; + BF_LONG len; - printf("testing blowfish in cbc mode\n"); len = strlen(cbc_data) + 1; BF_set_key(&key, 16, cbc_key); @@ -413,20 +359,25 @@ static int test(void) memcpy(iv, cbc_iv, sizeof(iv)); BF_cbc_encrypt((unsigned char *)cbc_data, cbc_out, len, &key, iv, BF_ENCRYPT); - if (memcmp(cbc_out, cbc_ok, 32) != 0) { - err = 1; - printf("BF_cbc_encrypt encrypt error\n"); - for (i = 0; i < 32; i++) - printf("0x%02X,", cbc_out[i]); - } + if (!TEST_mem_eq(cbc_out, 32, cbc_ok, 32)) + ret = 0; + memcpy(iv, cbc_iv, 8); BF_cbc_encrypt(cbc_out, cbc_in, len, &key, iv, BF_DECRYPT); - if (memcmp(cbc_in, cbc_data, strlen(cbc_data) + 1) != 0) { - printf("BF_cbc_encrypt decrypt error\n"); - err = 1; - } + if (!TEST_mem_eq(cbc_in, len, cbc_data, strlen(cbc_data) + 1)) + ret = 0; + + return ret; +} + +static int test_bf_cfb64(void) +{ + unsigned char cbc_in[40], cbc_out[40], iv[8]; + int n, ret = 1; + BF_KEY key; + BF_LONG len; - printf("testing blowfish in cfb64 mode\n"); + len = strlen(cbc_data) + 1; BF_set_key(&key, 16, cbc_key); memset(cbc_in, 0, 40); @@ -437,23 +388,28 @@ static int test(void) &key, iv, &n, BF_ENCRYPT); BF_cfb64_encrypt((unsigned char *)&(cbc_data[13]), &(cbc_out[13]), len - 13, &key, iv, &n, BF_ENCRYPT); - if (memcmp(cbc_out, cfb64_ok, (int)len) != 0) { - err = 1; - printf("BF_cfb64_encrypt encrypt error\n"); - for (i = 0; i < (int)len; i++) - printf("0x%02X,", cbc_out[i]); - } + if (!TEST_mem_eq(cbc_out, (int)len, cfb64_ok, (int)len)) + ret = 0; + n = 0; memcpy(iv, cbc_iv, 8); BF_cfb64_encrypt(cbc_out, cbc_in, 17, &key, iv, &n, BF_DECRYPT); BF_cfb64_encrypt(&(cbc_out[17]), &(cbc_in[17]), len - 17, &key, iv, &n, BF_DECRYPT); - if (memcmp(cbc_in, cbc_data, (int)len) != 0) { - printf("BF_cfb64_encrypt decrypt error\n"); - err = 1; - } + if (!TEST_mem_eq(cbc_in, (int)len, cbc_data, (int)len)) + ret = 0; - printf("testing blowfish in ofb64\n"); + return ret; +} + +static int test_bf_ofb64(void) +{ + unsigned char cbc_in[40], cbc_out[40], iv[8]; + int n, ret = 1; + BF_KEY key; + BF_LONG len; + + len = strlen(cbc_data) + 1; BF_set_key(&key, 16, cbc_key); memset(cbc_in, 0, 40); @@ -464,21 +420,42 @@ static int test(void) &n); BF_ofb64_encrypt((unsigned char *)&(cbc_data[13]), &(cbc_out[13]), len - 13, &key, iv, &n); - if (memcmp(cbc_out, ofb64_ok, (int)len) != 0) { - err = 1; - printf("BF_ofb64_encrypt encrypt error\n"); - for (i = 0; i < (int)len; i++) - printf("0x%02X,", cbc_out[i]); - } + if (!TEST_mem_eq(cbc_out, (int)len, ofb64_ok, (int)len)) + ret = 0; + n = 0; memcpy(iv, cbc_iv, 8); BF_ofb64_encrypt(cbc_out, cbc_in, 17, &key, iv, &n); BF_ofb64_encrypt(&(cbc_out[17]), &(cbc_in[17]), len - 17, &key, iv, &n); - if (memcmp(cbc_in, cbc_data, (int)len) != 0) { - printf("BF_ofb64_encrypt decrypt error\n"); - err = 1; - } + if (!TEST_mem_eq(cbc_in, (int)len, cbc_data, (int)len)) + ret = 0; - return (err); + return ret; } #endif + +int setup_tests(void) +{ +#ifndef OPENSSL_NO_BF +# ifdef CHARSET_EBCDIC + int n; + + ebcdic2ascii(cbc_data, cbc_data, strlen(cbc_data)); + for (n = 0; n < 2; n++) { + ebcdic2ascii(bf_key[n], bf_key[n], strlen(bf_key[n])); + } +# endif + + if (test_get_argument(0) != NULL) { + print_test_data(); + } else { + ADD_ALL_TESTS(test_bf_ecb_raw, 2); + ADD_ALL_TESTS(test_bf_ecb, NUM_TESTS); + ADD_ALL_TESTS(test_bf_set_key, KEY_TEST_NUM-1); + ADD_TEST(test_bf_cbc); + ADD_TEST(test_bf_cfb64); + ADD_TEST(test_bf_ofb64); + } +#endif + return 1; +} diff --git a/deps/openssl/openssl/test/bio_enc_test.c b/deps/openssl/openssl/test/bio_enc_test.c index fad1a1901320e0..282e8dac61c583 100644 --- a/deps/openssl/openssl/test/bio_enc_test.c +++ b/deps/openssl/openssl/test/bio_enc_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,50 +12,73 @@ #include #include -int main() +#include "testutil.h" + +#define ENCRYPT 1 +#define DECRYPT 0 + +#define DATA_SIZE 1024 +#define MAX_IV 32 +#define BUF_SIZE (DATA_SIZE + MAX_IV) + +static const unsigned char KEY[] = { + 0x51, 0x50, 0xd1, 0x77, 0x2f, 0x50, 0x83, 0x4a, + 0x50, 0x3e, 0x06, 0x9a, 0x97, 0x3f, 0xbd, 0x7c, + 0xe6, 0x1c, 0x43, 0x2b, 0x72, 0x0b, 0x19, 0xd1, + 0x8e, 0xc8, 0xd8, 0x4b, 0xdc, 0x63, 0x15, 0x1b +}; + +static const unsigned char IV[] = { + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 +}; + +static int do_bio_cipher(const EVP_CIPHER* cipher, const unsigned char* key, + const unsigned char* iv) { BIO *b; - static const unsigned char key[16] = { 0 }; - static unsigned char inp[1024] = { 0 }; - unsigned char out[1024], ref[1024]; + static unsigned char inp[BUF_SIZE] = { 0 }; + unsigned char out[BUF_SIZE], ref[BUF_SIZE]; int i, lref, len; /* Fill buffer with non-zero data so that over steps can be detected */ - if (RAND_bytes(inp, sizeof(inp)) <= 0) - return -1; + if (!TEST_int_gt(RAND_bytes(inp, DATA_SIZE), 0)) + return 0; - /* - * Exercise CBC cipher - */ + /* Encrypt tests */ /* reference output for single-chunk operation */ b = BIO_new(BIO_f_cipher()); - if (!BIO_set_cipher(b, EVP_aes_128_cbc(), key, NULL, 0)) - return -1; - BIO_push(b, BIO_new_mem_buf(inp, sizeof(inp))); + if (!TEST_true(BIO_set_cipher(b, cipher, key, iv, ENCRYPT))) + return 0; + BIO_push(b, BIO_new_mem_buf(inp, DATA_SIZE)); lref = BIO_read(b, ref, sizeof(ref)); BIO_free_all(b); /* perform split operations and compare to reference */ for (i = 1; i < lref; i++) { b = BIO_new(BIO_f_cipher()); - if (!BIO_set_cipher(b, EVP_aes_128_cbc(), key, NULL, 0)) - return -1; - BIO_push(b, BIO_new_mem_buf(inp, sizeof(inp))); + if (!TEST_true(BIO_set_cipher(b, cipher, key, iv, ENCRYPT))) { + TEST_info("Split encrypt failed @ operation %d", i); + return 0; + } + BIO_push(b, BIO_new_mem_buf(inp, DATA_SIZE)); memset(out, 0, sizeof(out)); out[i] = ~ref[i]; len = BIO_read(b, out, i); /* check for overstep */ - if (out[i] != (unsigned char)~ref[i]) { - fprintf(stderr, "CBC output overstep@%d\n", i); - return 1; + if (!TEST_uchar_eq(out[i], (unsigned char)~ref[i])) { + TEST_info("Encrypt overstep check failed @ operation %d", i); + return 0; } len += BIO_read(b, out + len, sizeof(out) - len); BIO_free_all(b); - if (len != lref || memcmp(out, ref, len)) { - fprintf(stderr, "CBC output mismatch@%d\n", i); - return 2; + if (!TEST_mem_eq(out, len, ref, lref)) { + TEST_info("Encrypt compare failed @ operation %d", i); + return 0; } } @@ -64,53 +87,61 @@ int main() int delta; b = BIO_new(BIO_f_cipher()); - if (!BIO_set_cipher(b, EVP_aes_128_cbc(), key, NULL, 0)) - return -1; - BIO_push(b, BIO_new_mem_buf(inp, sizeof(inp))); + if (!TEST_true(BIO_set_cipher(b, cipher, key, iv, ENCRYPT))) { + TEST_info("Small chunk encrypt failed @ operation %d", i); + return 0; + } + BIO_push(b, BIO_new_mem_buf(inp, DATA_SIZE)); memset(out, 0, sizeof(out)); for (len = 0; (delta = BIO_read(b, out + len, i)); ) { len += delta; } BIO_free_all(b); - if (len != lref || memcmp(out, ref, len)) { - fprintf(stderr, "CBC output mismatch@%d\n", i); - return 3; + if (!TEST_mem_eq(out, len, ref, lref)) { + TEST_info("Small chunk encrypt compare failed @ operation %d", i); + return 0; } } - /* - * Exercise CTR cipher - */ + /* Decrypt tests */ /* reference output for single-chunk operation */ b = BIO_new(BIO_f_cipher()); - if (!BIO_set_cipher(b, EVP_aes_128_ctr(), key, NULL, 0)) - return -1; - BIO_push(b, BIO_new_mem_buf(inp, sizeof(inp))); - lref = BIO_read(b, ref, sizeof(ref)); + if (!TEST_true(BIO_set_cipher(b, cipher, key, iv, DECRYPT))) + return 0; + /* Use original reference output as input */ + BIO_push(b, BIO_new_mem_buf(ref, lref)); + (void)BIO_flush(b); + memset(out, 0, sizeof(out)); + len = BIO_read(b, out, sizeof(out)); BIO_free_all(b); + if (!TEST_mem_eq(inp, DATA_SIZE, out, len)) + return 0; + /* perform split operations and compare to reference */ for (i = 1; i < lref; i++) { b = BIO_new(BIO_f_cipher()); - if (!BIO_set_cipher(b, EVP_aes_128_ctr(), key, NULL, 0)) - return -1; - BIO_push(b, BIO_new_mem_buf(inp, sizeof(inp))); + if (!TEST_true(BIO_set_cipher(b, cipher, key, iv, DECRYPT))) { + TEST_info("Split decrypt failed @ operation %d", i); + return 0; + } + BIO_push(b, BIO_new_mem_buf(ref, lref)); memset(out, 0, sizeof(out)); out[i] = ~ref[i]; len = BIO_read(b, out, i); /* check for overstep */ - if (out[i] != (unsigned char)~ref[i]) { - fprintf(stderr, "CTR output overstep@%d\n", i); - return 4; + if (!TEST_uchar_eq(out[i], (unsigned char)~ref[i])) { + TEST_info("Decrypt overstep check failed @ operation %d", i); + return 0; } len += BIO_read(b, out + len, sizeof(out) - len); BIO_free_all(b); - if (len != lref || memcmp(out, ref, len)) { - fprintf(stderr, "CTR output mismatch@%d\n", i); - return 5; + if (!TEST_mem_eq(inp, DATA_SIZE, out, len)) { + TEST_info("Decrypt compare failed @ operation %d", i); + return 0; } } @@ -119,20 +150,83 @@ int main() int delta; b = BIO_new(BIO_f_cipher()); - if (!BIO_set_cipher(b, EVP_aes_128_ctr(), key, NULL, 0)) - return -1; - BIO_push(b, BIO_new_mem_buf(inp, sizeof(inp))); + if (!TEST_true(BIO_set_cipher(b, cipher, key, iv, DECRYPT))) { + TEST_info("Small chunk decrypt failed @ operation %d", i); + return 0; + } + BIO_push(b, BIO_new_mem_buf(ref, lref)); memset(out, 0, sizeof(out)); for (len = 0; (delta = BIO_read(b, out + len, i)); ) { len += delta; } BIO_free_all(b); - if (len != lref || memcmp(out, ref, len)) { - fprintf(stderr, "CTR output mismatch@%d\n", i); - return 6; + if (!TEST_mem_eq(inp, DATA_SIZE, out, len)) { + TEST_info("Small chunk decrypt compare failed @ operation %d", i); + return 0; } } + return 1; +} + +static int do_test_bio_cipher(const EVP_CIPHER* cipher, int idx) +{ + switch(idx) + { + case 0: + return do_bio_cipher(cipher, KEY, NULL); + case 1: + return do_bio_cipher(cipher, KEY, IV); + } return 0; } + +static int test_bio_enc_aes_128_cbc(int idx) +{ + return do_test_bio_cipher(EVP_aes_128_cbc(), idx); +} + +static int test_bio_enc_aes_128_ctr(int idx) +{ + return do_test_bio_cipher(EVP_aes_128_ctr(), idx); +} + +static int test_bio_enc_aes_256_cfb(int idx) +{ + return do_test_bio_cipher(EVP_aes_256_cfb(), idx); +} + +static int test_bio_enc_aes_256_ofb(int idx) +{ + return do_test_bio_cipher(EVP_aes_256_ofb(), idx); +} + +# ifndef OPENSSL_NO_CHACHA +static int test_bio_enc_chacha20(int idx) +{ + return do_test_bio_cipher(EVP_chacha20(), idx); +} + +# ifndef OPENSSL_NO_POLY1305 +static int test_bio_enc_chacha20_poly1305(int idx) +{ + return do_test_bio_cipher(EVP_chacha20_poly1305(), idx); +} +# endif +# endif + +int setup_tests(void) +{ + ADD_ALL_TESTS(test_bio_enc_aes_128_cbc, 2); + ADD_ALL_TESTS(test_bio_enc_aes_128_ctr, 2); + ADD_ALL_TESTS(test_bio_enc_aes_256_cfb, 2); + ADD_ALL_TESTS(test_bio_enc_aes_256_ofb, 2); +# ifndef OPENSSL_NO_CHACHA + ADD_ALL_TESTS(test_bio_enc_chacha20, 2); +# ifndef OPENSSL_NO_POLY1305 + ADD_ALL_TESTS(test_bio_enc_chacha20_poly1305, 2); +# endif +# endif + return 1; +} diff --git a/deps/openssl/openssl/test/bioprinttest.c b/deps/openssl/openssl/test/bioprinttest.c index b2d26225e52cb5..d35bffa8408b94 100644 --- a/deps/openssl/openssl/test/bioprinttest.c +++ b/deps/openssl/openssl/test/bioprinttest.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,23 +7,33 @@ * https://www.openssl.org/source/license.html */ +#define TESTUTIL_NO_size_t_COMPARISON + #include #include #include +#include "internal/numbers.h" +#include "testutil.h" +#include "testutil/output.h" + +#define nelem(x) (int)(sizeof(x) / sizeof((x)[0])) static int justprint = 0; -static char *fpexpected[][5] = { - /* 0 */ { "0.0000e+00", "0.0000", "0", "0.0000E+00", "0" }, - /* 1 */ { "6.7000e-01", "0.6700", "0.67", "6.7000E-01", "0.67" }, - /* 2 */ { "6.6667e-01", "0.6667", "0.6667", "6.6667E-01", "0.6667" }, - /* 3 */ { "6.6667e-04", "0.0007", "0.0006667", "6.6667E-04", "0.0006667" }, - /* 4 */ { "6.6667e-05", "0.0001", "6.667e-05", "6.6667E-05", "6.667E-05" }, - /* 5 */ { "6.6667e+00", "6.6667", "6.667", "6.6667E+00", "6.667" }, - /* 6 */ { "6.6667e+01", "66.6667", "66.67", "6.6667E+01", "66.67" }, - /* 7 */ { "6.6667e+02", "666.6667", "666.7", "6.6667E+02", "666.7" }, - /* 8 */ { "6.6667e+03", "6666.6667", "6667", "6.6667E+03", "6667" }, - /* 9 */ { "6.6667e+04", "66666.6667", "6.667e+04", "6.6667E+04", "6.667E+04" }, +static char *fpexpected[][10][5] = { + { + /* 00 */ { "0.0000e+00", "0.0000", "0", "0.0000E+00", "0" }, + /* 01 */ { "6.7000e-01", "0.6700", "0.67", "6.7000E-01", "0.67" }, + /* 02 */ { "6.6667e-01", "0.6667", "0.6667", "6.6667E-01", "0.6667" }, + /* 03 */ { "6.6667e-04", "0.0007", "0.0006667", "6.6667E-04", "0.0006667" }, + /* 04 */ { "6.6667e-05", "0.0001", "6.667e-05", "6.6667E-05", "6.667E-05" }, + /* 05 */ { "6.6667e+00", "6.6667", "6.667", "6.6667E+00", "6.667" }, + /* 06 */ { "6.6667e+01", "66.6667", "66.67", "6.6667E+01", "66.67" }, + /* 07 */ { "6.6667e+02", "666.6667", "666.7", "6.6667E+02", "666.7" }, + /* 08 */ { "6.6667e+03", "6666.6667", "6667", "6.6667E+03", "6667" }, + /* 09 */ { "6.6667e+04", "66666.6667", "6.667e+04", "6.6667E+04", "6.667E+04" }, + }, + { /* 10 */ { "0.00000e+00", "0.00000", "0", "0.00000E+00", "0" }, /* 11 */ { "6.70000e-01", "0.67000", "0.67", "6.70000E-01", "0.67" }, /* 12 */ { "6.66667e-01", "0.66667", "0.66667", "6.66667E-01", "0.66667" }, @@ -34,6 +44,8 @@ static char *fpexpected[][5] = { /* 17 */ { "6.66667e+02", "666.66667", "666.67", "6.66667E+02", "666.67" }, /* 18 */ { "6.66667e+03", "6666.66667", "6666.7", "6.66667E+03", "6666.7" }, /* 19 */ { "6.66667e+04", "66666.66667", "66667", "6.66667E+04", "66667" }, + }, + { /* 20 */ { " 0.0000e+00", " 0.0000", " 0", " 0.0000E+00", " 0" }, /* 21 */ { " 6.7000e-01", " 0.6700", " 0.67", " 6.7000E-01", " 0.67" }, /* 22 */ { " 6.6667e-01", " 0.6667", " 0.6667", " 6.6667E-01", " 0.6667" }, @@ -44,6 +56,8 @@ static char *fpexpected[][5] = { /* 27 */ { " 6.6667e+02", " 666.6667", " 666.7", " 6.6667E+02", " 666.7" }, /* 28 */ { " 6.6667e+03", " 6666.6667", " 6667", " 6.6667E+03", " 6667" }, /* 29 */ { " 6.6667e+04", " 66666.6667", " 6.667e+04", " 6.6667E+04", " 6.667E+04" }, + }, + { /* 30 */ { " 0.00000e+00", " 0.00000", " 0", " 0.00000E+00", " 0" }, /* 31 */ { " 6.70000e-01", " 0.67000", " 0.67", " 6.70000E-01", " 0.67" }, /* 32 */ { " 6.66667e-01", " 0.66667", " 0.66667", " 6.66667E-01", " 0.66667" }, @@ -54,6 +68,8 @@ static char *fpexpected[][5] = { /* 37 */ { " 6.66667e+02", " 666.66667", " 666.67", " 6.66667E+02", " 666.67" }, /* 38 */ { " 6.66667e+03", " 6666.66667", " 6666.7", " 6.66667E+03", " 6666.7" }, /* 39 */ { " 6.66667e+04", " 66666.66667", " 66667", " 6.66667E+04", " 66667" }, + }, + { /* 40 */ { "0e+00", "0", "0", "0E+00", "0" }, /* 41 */ { "7e-01", "1", "0.7", "7E-01", "0.7" }, /* 42 */ { "7e-01", "1", "0.7", "7E-01", "0.7" }, @@ -64,6 +80,8 @@ static char *fpexpected[][5] = { /* 47 */ { "7e+02", "667", "7e+02", "7E+02", "7E+02" }, /* 48 */ { "7e+03", "6667", "7e+03", "7E+03", "7E+03" }, /* 49 */ { "7e+04", "66667", "7e+04", "7E+04", "7E+04" }, + }, + { /* 50 */ { "0.000000e+00", "0.000000", "0", "0.000000E+00", "0" }, /* 51 */ { "6.700000e-01", "0.670000", "0.67", "6.700000E-01", "0.67" }, /* 52 */ { "6.666667e-01", "0.666667", "0.666667", "6.666667E-01", "0.666667" }, @@ -74,6 +92,8 @@ static char *fpexpected[][5] = { /* 57 */ { "6.666667e+02", "666.666667", "666.667", "6.666667E+02", "666.667" }, /* 58 */ { "6.666667e+03", "6666.666667", "6666.67", "6.666667E+03", "6666.67" }, /* 59 */ { "6.666667e+04", "66666.666667", "66666.7", "6.666667E+04", "66666.7" }, + }, + { /* 60 */ { "0.0000e+00", "000.0000", "00000000", "0.0000E+00", "00000000" }, /* 61 */ { "6.7000e-01", "000.6700", "00000.67", "6.7000E-01", "00000.67" }, /* 62 */ { "6.6667e-01", "000.6667", "000.6667", "6.6667E-01", "000.6667" }, @@ -84,32 +104,96 @@ static char *fpexpected[][5] = { /* 67 */ { "6.6667e+02", "666.6667", "000666.7", "6.6667E+02", "000666.7" }, /* 68 */ { "6.6667e+03", "6666.6667", "00006667", "6.6667E+03", "00006667" }, /* 69 */ { "6.6667e+04", "66666.6667", "6.667e+04", "6.6667E+04", "6.667E+04" }, + }, +}; + +typedef struct z_data_st { + size_t value; + const char *format; + const char *expected; +} z_data; + +static z_data zu_data[] = { + { SIZE_MAX, "%zu", (sizeof(size_t) == 4 ? "4294967295" + : sizeof(size_t) == 8 ? "18446744073709551615" + : "") }, + /* + * in 2-complement, the unsigned number divided by two plus one becomes the + * smallest possible negative signed number of the corresponding type + */ + { SIZE_MAX / 2 + 1, "%zi", (sizeof(size_t) == 4 ? "-2147483648" + : sizeof(size_t) == 8 ? "-9223372036854775808" + : "") }, + { 0, "%zu", "0" }, + { 0, "%zi", "0" }, +}; + +static int test_zu(int i) +{ + char bio_buf[80]; + const z_data *data = &zu_data[i]; + + BIO_snprintf(bio_buf, sizeof(bio_buf) - 1, data->format, data->value); + if (!TEST_str_eq(bio_buf, data->expected)) + return 0; + return 1; +} + +typedef struct j_data_st { + uint64_t value; + const char *format; + const char *expected; +} j_data; + +static j_data jf_data[] = { + { 0xffffffffffffffffU, "%ju", "18446744073709551615" }, + { 0xffffffffffffffffU, "%jx", "ffffffffffffffff" }, + { 0x8000000000000000U, "%ju", "9223372036854775808" }, + /* + * These tests imply two's-complement, but it's the only binary + * representation we support, see test/sanitytest.c... + */ + { 0x8000000000000000U, "%ji", "-9223372036854775808" }, +}; + +static int test_j(int i) +{ + const j_data *data = &jf_data[i]; + char bio_buf[80]; + + BIO_snprintf(bio_buf, sizeof(bio_buf) - 1, data->format, data->value); + if (!TEST_str_eq(bio_buf, data->expected)) + return 0; + return 1; +} + + +/* Precision and width. */ +typedef struct pw_st { + int p; + const char *w; +} pw; + +static pw pw_params[] = { + { 4, "" }, + { 5, "" }, + { 4, "12" }, + { 5, "12" }, + { 0, "" }, + { -1, "" }, + { 4, "08" } }; -static void dofptest(int test, double val, char *width, int prec, int *fail) +static int dofptest(int test, int sub, double val, const char *width, int prec) { + static const char *fspecs[] = { + "e", "f", "g", "E", "G" + }; char format[80], result[80]; - int i; - - for (i = 0; i < 5; i++) { - char *fspec = NULL; - switch (i) { - case 0: - fspec = "e"; - break; - case 1: - fspec = "f"; - break; - case 2: - fspec = "g"; - break; - case 3: - fspec = "E"; - break; - case 4: - fspec = "G"; - break; - } + int ret = 1, i; + + for (i = 0; i < nelem(fspecs); i++) { + const char *fspec = fspecs[i]; if (prec >= 0) BIO_snprintf(format, sizeof(format), "%%%s.%d%s", width, prec, @@ -119,107 +203,100 @@ static void dofptest(int test, double val, char *width, int prec, int *fail) BIO_snprintf(result, sizeof(result), format, val); if (justprint) { - if (i == 0) { - printf(" /* %3d */ { \"%s\"", test, result); - } else { + if (i == 0) + printf(" /* %d%d */ { \"%s\"", test, sub, result); + else printf(", \"%s\"", result); - } - } else { - if (strcmp(fpexpected[test][i], result) != 0) { - printf("Test %d(%d) failed. Expected \"%s\". Got \"%s\". " - "Format \"%s\"\n", test, i, fpexpected[test][i], result, - format); - *fail = 1; - } + } else if (!TEST_str_eq(fpexpected[test][sub][i], result)) { + TEST_info("test %d format=|%s| exp=|%s|, ret=|%s|", + test, format, fpexpected[test][sub][i], result); + ret = 0; } } - if (justprint) { + if (justprint) printf(" },\n"); - } + return ret; } -int main(int argc, char **argv) +static int test_fp(int i) +{ + int t = 0, r; + const double frac = 2.0 / 3.0; + const pw *pwp = &pw_params[i]; + + if (justprint) + printf(" {\n"); + r = TEST_true(dofptest(i, t++, 0.0, pwp->w, pwp->p)) + && TEST_true(dofptest(i, t++, 0.67, pwp->w, pwp->p)) + && TEST_true(dofptest(i, t++, frac, pwp->w, pwp->p)) + && TEST_true(dofptest(i, t++, frac / 1000, pwp->w, pwp->p)) + && TEST_true(dofptest(i, t++, frac / 10000, pwp->w, pwp->p)) + && TEST_true(dofptest(i, t++, 6.0 + frac, pwp->w, pwp->p)) + && TEST_true(dofptest(i, t++, 66.0 + frac, pwp->w, pwp->p)) + && TEST_true(dofptest(i, t++, 666.0 + frac, pwp->w, pwp->p)) + && TEST_true(dofptest(i, t++, 6666.0 + frac, pwp->w, pwp->p)) + && TEST_true(dofptest(i, t++, 66666.0 + frac, pwp->w, pwp->p)); + if (justprint) + printf(" },\n"); + return r; +} + +static int test_big(void) { - int test = 0; - int i; - int fail = 0; - int prec = -1; - char *width = ""; - const double frac = 2.0/3.0; char buf[80]; - if (argc == 2 && strcmp(argv[1], "-expected") == 0) { - justprint = 1; - } + /* Test excessively big number. Should fail */ + if (!TEST_int_eq(BIO_snprintf(buf, sizeof(buf), + "%f\n", 2 * (double)ULONG_MAX), -1)) + return 0; + return 1; +} - CRYPTO_set_mem_debug(1); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - - /* Tests for floating point format specifiers */ - for (i = 0; i < 7; i++) { - switch (i) { - case 0: - prec = 4; - width = ""; - break; - case 1: - prec = 5; - width = ""; - break; - case 2: - prec = 4; - width = "12"; - break; - case 3: - prec = 5; - width = "12"; - break; - case 4: - prec = 0; - width = ""; - break; - case 5: - prec = -1; - width = ""; - break; - case 6: - prec = 4; - width = "08"; - break; - } - dofptest(test++, 0.0, width, prec, &fail); - dofptest(test++, 0.67, width, prec, &fail); - dofptest(test++, frac, width, prec, &fail); - dofptest(test++, frac / 1000, width, prec, &fail); - dofptest(test++, frac / 10000, width, prec, &fail); - dofptest(test++, 6.0 + frac, width, prec, &fail); - dofptest(test++, 66.0 + frac, width, prec, &fail); - dofptest(test++, 666.0 + frac, width, prec, &fail); - dofptest(test++, 6666.0 + frac, width, prec, &fail); - dofptest(test++, 66666.0 + frac, width, prec, &fail); - } +int setup_tests(void) +{ + justprint = test_has_option("-expected"); - /* Test excessively big number. Should fail */ - if (BIO_snprintf(buf, sizeof(buf), "%f\n", 2 * (double)ULONG_MAX) != -1) { - printf("Test %d failed. Unexpected success return from " - "BIO_snprintf()\n", test); - fail = 1; - } + ADD_TEST(test_big); + ADD_ALL_TESTS(test_fp, nelem(pw_params)); + ADD_ALL_TESTS(test_zu, nelem(zu_data)); + ADD_ALL_TESTS(test_j, nelem(jf_data)); + return 1; +} -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - if (CRYPTO_mem_leaks_fp(stderr) <= 0) - return 1; -# endif +/* + * Replace testutil output routines. We do this to eliminate possible sources + * of BIO error + */ +void test_open_streams(void) +{ +} - if (!justprint) { - if (fail) { - printf("FAIL\n"); - return 1; - } - printf ("PASS\n"); - } - return 0; +void test_close_streams(void) +{ } +/* + * This works out as long as caller doesn't use any "fancy" formats. + * But we are caller's caller, and test_str_eq is the only one called, + * and it uses only "%s", which is not "fancy"... + */ +int test_vprintf_stdout(const char *fmt, va_list ap) +{ + return vfprintf(stdout, fmt, ap); +} +int test_vprintf_stderr(const char *fmt, va_list ap) +{ + return vfprintf(stderr, fmt, ap); +} + +int test_flush_stdout(void) +{ + return fflush(stdout); +} + +int test_flush_stderr(void) +{ + return fflush(stderr); +} diff --git a/deps/openssl/openssl/test/bntest.c b/deps/openssl/openssl/test/bntest.c index 686eab8af82b7a..0502497fe3dbd3 100644 --- a/deps/openssl/openssl/test/bntest.c +++ b/deps/openssl/openssl/test/bntest.c @@ -1,841 +1,412 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ - -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * - * Portions of the attached software ("Contribution") are developed by - * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. - * - * The Contribution is licensed pursuant to the Eric Young open source - * license provided above. - * - * The binary polynomial arithmetic software is originally written by - * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. - * - */ - +#include +#include #include -#include #include +#include -#include "e_os.h" - -#include #include -#include -#include +#include #include +#include +#include "internal/nelem.h" +#include "internal/numbers.h" +#include "testutil.h" + +#ifdef OPENSSL_SYS_WINDOWS +# define strcasecmp _stricmp +#endif /* - * In bn_lcl.h, bn_expand() is defined as a static ossl_inline function. - * This is fine in itself, it will end up as an unused static function in - * the worst case. However, it referenses bn_expand2(), which is a private - * function in libcrypto and therefore unavailable on some systems. This - * may result in a linker error because of unresolved symbols. - * - * To avoid this, we define a dummy variant of bn_expand2() here, and to - * avoid possible clashes with libcrypto, we rename it first, using a macro. + * Things in boring, not in openssl. TODO we should add them. */ -#define bn_expand2 dummy_bn_expand2 -BIGNUM *bn_expand2(BIGNUM *b, int words); -BIGNUM *bn_expand2(BIGNUM *b, int words) { return NULL; } - -#include "../crypto/bn/bn_lcl.h" - -static const int num0 = 100; /* number of tests */ -static const int num1 = 50; /* additional tests for some functions */ -static const int num2 = 5; /* number of tests for slow functions */ - -int test_add(BIO *bp); -int test_sub(BIO *bp); -int test_lshift1(BIO *bp); -int test_lshift(BIO *bp, BN_CTX *ctx, BIGNUM *a_); -int test_rshift1(BIO *bp); -int test_rshift(BIO *bp, BN_CTX *ctx); -int test_div(BIO *bp, BN_CTX *ctx); -int test_div_word(BIO *bp); -int test_div_recp(BIO *bp, BN_CTX *ctx); -int test_mul(BIO *bp); -int test_sqr(BIO *bp, BN_CTX *ctx); -int test_mont(BIO *bp, BN_CTX *ctx); -int test_mod(BIO *bp, BN_CTX *ctx); -int test_mod_mul(BIO *bp, BN_CTX *ctx); -int test_mod_exp(BIO *bp, BN_CTX *ctx); -int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx); -int test_mod_exp_mont5(BIO *bp, BN_CTX *ctx); -int test_exp(BIO *bp, BN_CTX *ctx); -int test_gf2m_add(BIO *bp); -int test_gf2m_mod(BIO *bp); -int test_gf2m_mod_mul(BIO *bp, BN_CTX *ctx); -int test_gf2m_mod_sqr(BIO *bp, BN_CTX *ctx); -int test_gf2m_mod_inv(BIO *bp, BN_CTX *ctx); -int test_gf2m_mod_div(BIO *bp, BN_CTX *ctx); -int test_gf2m_mod_exp(BIO *bp, BN_CTX *ctx); -int test_gf2m_mod_sqrt(BIO *bp, BN_CTX *ctx); -int test_gf2m_mod_solve_quad(BIO *bp, BN_CTX *ctx); -int test_kron(BIO *bp, BN_CTX *ctx); -int test_sqrt(BIO *bp, BN_CTX *ctx); -int test_small_prime(BIO *bp, BN_CTX *ctx); -int test_bn2dec(BIO *bp); -int rand_neg(void); -static int results = 0; - -static unsigned char lst[] = - "\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9" - "\x9B\x04\x5D\x48\x36\xC2\xFD\x16\xC9\x64\xF0"; - -static const char rnd_seed[] = - "string to make the random number generator think it has entropy"; - -static void message(BIO *out, char *m) -{ - fprintf(stderr, "test %s\n", m); - BIO_puts(out, "print \"test "); - BIO_puts(out, m); - BIO_puts(out, "\\n\"\n"); -} - -int main(int argc, char *argv[]) -{ - BN_CTX *ctx; - BIO *out; - char *outfile = NULL; - - CRYPTO_set_mem_debug(1); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - - results = 0; - - RAND_seed(rnd_seed, sizeof(rnd_seed)); /* or BN_generate_prime may fail */ - - argc--; - argv++; - while (argc >= 1) { - if (strcmp(*argv, "-results") == 0) - results = 1; - else if (strcmp(*argv, "-out") == 0) { - if (--argc < 1) - break; - outfile = *(++argv); - } - argc--; - argv++; - } - - ctx = BN_CTX_new(); - if (ctx == NULL) - EXIT(1); - - out = BIO_new(BIO_s_file()); - if (out == NULL) - EXIT(1); - if (outfile == NULL) { - BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); - } else { - if (!BIO_write_filename(out, outfile)) { - perror(outfile); - EXIT(1); - } - } -#ifdef OPENSSL_SYS_VMS - { - BIO *tmpbio = BIO_new(BIO_f_linebuffer()); - out = BIO_push(tmpbio, out); - } -#endif +#define HAVE_BN_PADDED 0 +#define HAVE_BN_SQRT 0 - if (!results) - BIO_puts(out, "obase=16\nibase=16\n"); +typedef struct filetest_st { + const char *name; + int (*func)(STANZA *s); +} FILETEST; - message(out, "BN_add"); - if (!test_add(out)) - goto err; - (void)BIO_flush(out); +typedef struct mpitest_st { + const char *base10; + const char *mpi; + size_t mpi_len; +} MPITEST; - message(out, "BN_sub"); - if (!test_sub(out)) - goto err; - (void)BIO_flush(out); +static const int NUM0 = 100; /* number of tests */ +static const int NUM1 = 50; /* additional tests for some functions */ +static BN_CTX *ctx; - message(out, "BN_lshift1"); - if (!test_lshift1(out)) - goto err; - (void)BIO_flush(out); +/* + * Polynomial coefficients used in GFM tests. + */ +#ifndef OPENSSL_NO_EC2M +static int p0[] = { 163, 7, 6, 3, 0, -1 }; +static int p1[] = { 193, 15, 0, -1 }; +#endif - message(out, "BN_lshift (fixed)"); - if (!test_lshift(out, ctx, BN_bin2bn(lst, sizeof(lst) - 1, NULL))) - goto err; - (void)BIO_flush(out); +/* + * Look for |key| in the stanza and return it or NULL if not found. + */ +static const char *findattr(STANZA *s, const char *key) +{ + int i = s->numpairs; + PAIR *pp = s->pairs; - message(out, "BN_lshift"); - if (!test_lshift(out, ctx, NULL)) - goto err; - (void)BIO_flush(out); + for ( ; --i >= 0; pp++) + if (strcasecmp(pp->key, key) == 0) + return pp->value; + return NULL; +} - message(out, "BN_rshift1"); - if (!test_rshift1(out)) - goto err; - (void)BIO_flush(out); +/* + * Parse BIGNUM from sparse hex-strings, return |BN_hex2bn| result. + */ +static int parse_bigBN(BIGNUM **out, const char *bn_strings[]) +{ + char *bigstring = glue_strings(bn_strings, NULL); + int ret = BN_hex2bn(out, bigstring); - message(out, "BN_rshift"); - if (!test_rshift(out, ctx)) - goto err; - (void)BIO_flush(out); + OPENSSL_free(bigstring); + return ret; +} - message(out, "BN_sqr"); - if (!test_sqr(out, ctx)) - goto err; - (void)BIO_flush(out); +/* + * Parse BIGNUM, return number of bytes parsed. + */ +static int parseBN(BIGNUM **out, const char *in) +{ + *out = NULL; + return BN_hex2bn(out, in); +} - message(out, "BN_mul"); - if (!test_mul(out)) - goto err; - (void)BIO_flush(out); +static int parsedecBN(BIGNUM **out, const char *in) +{ + *out = NULL; + return BN_dec2bn(out, in); +} - message(out, "BN_div"); - if (!test_div(out, ctx)) - goto err; - (void)BIO_flush(out); +static BIGNUM *getBN(STANZA *s, const char *attribute) +{ + const char *hex; + BIGNUM *ret = NULL; - message(out, "BN_div_word"); - if (!test_div_word(out)) - goto err; - (void)BIO_flush(out); + if ((hex = findattr(s, attribute)) == NULL) { + TEST_error("%s:%d: Can't find %s", s->test_file, s->start, attribute); + return NULL; + } - message(out, "BN_div_recp"); - if (!test_div_recp(out, ctx)) - goto err; - (void)BIO_flush(out); + if (parseBN(&ret, hex) != (int)strlen(hex)) { + TEST_error("Could not decode '%s'", hex); + return NULL; + } + return ret; +} - message(out, "BN_mod"); - if (!test_mod(out, ctx)) - goto err; - (void)BIO_flush(out); +static int getint(STANZA *s, int *out, const char *attribute) +{ + BIGNUM *ret; + BN_ULONG word; + int st = 0; - message(out, "BN_mod_mul"); - if (!test_mod_mul(out, ctx)) + if (!TEST_ptr(ret = getBN(s, attribute)) + || !TEST_ulong_le(word = BN_get_word(ret), INT_MAX)) goto err; - (void)BIO_flush(out); - message(out, "BN_mont"); - if (!test_mont(out, ctx)) - goto err; - (void)BIO_flush(out); + *out = (int)word; + st = 1; +err: + BN_free(ret); + return st; +} - message(out, "BN_mod_exp"); - if (!test_mod_exp(out, ctx)) - goto err; - (void)BIO_flush(out); +static int equalBN(const char *op, const BIGNUM *expected, const BIGNUM *actual) +{ + if (BN_cmp(expected, actual) == 0) + return 1; - message(out, "BN_mod_exp_mont_consttime"); - if (!test_mod_exp_mont_consttime(out, ctx)) - goto err; - if (!test_mod_exp_mont5(out, ctx)) - goto err; - (void)BIO_flush(out); + TEST_error("unexpected %s value", op); + TEST_BN_eq(expected, actual); + return 0; +} - message(out, "BN_exp"); - if (!test_exp(out, ctx)) - goto err; - (void)BIO_flush(out); - message(out, "BN_kronecker"); - if (!test_kron(out, ctx)) - goto err; - (void)BIO_flush(out); +/* + * Return a "random" flag for if a BN should be negated. + */ +static int rand_neg(void) +{ + static unsigned int neg = 0; + static int sign[8] = { 0, 0, 0, 1, 1, 0, 1, 1 }; - message(out, "BN_mod_sqrt"); - if (!test_sqrt(out, ctx)) - goto err; - (void)BIO_flush(out); + return sign[(neg++) % 8]; +} - message(out, "Small prime generation"); - if (!test_small_prime(out, ctx)) - goto err; - (void)BIO_flush(out); - message(out, "BN_bn2dec"); - if (!test_bn2dec(out)) - goto err; - (void)BIO_flush(out); +static int test_swap(void) +{ + BIGNUM *a = NULL, *b = NULL, *c = NULL, *d = NULL; + int top, cond, st = 0; -#ifndef OPENSSL_NO_EC2M - message(out, "BN_GF2m_add"); - if (!test_gf2m_add(out)) + if (!TEST_ptr(a = BN_new()) + || !TEST_ptr(b = BN_new()) + || !TEST_ptr(c = BN_new()) + || !TEST_ptr(d = BN_new())) goto err; - (void)BIO_flush(out); - message(out, "BN_GF2m_mod"); - if (!test_gf2m_mod(out)) - goto err; - (void)BIO_flush(out); + BN_bntest_rand(a, 1024, 1, 0); + BN_bntest_rand(b, 1024, 1, 0); + BN_copy(c, a); + BN_copy(d, b); + top = BN_num_bits(a)/BN_BITS2; - message(out, "BN_GF2m_mod_mul"); - if (!test_gf2m_mod_mul(out, ctx)) + /* regular swap */ + BN_swap(a, b); + if (!equalBN("swap", a, d) + || !equalBN("swap", b, c)) goto err; - (void)BIO_flush(out); - message(out, "BN_GF2m_mod_sqr"); - if (!test_gf2m_mod_sqr(out, ctx)) + /* conditional swap: true */ + cond = 1; + BN_consttime_swap(cond, a, b, top); + if (!equalBN("cswap true", a, c) + || !equalBN("cswap true", b, d)) goto err; - (void)BIO_flush(out); - message(out, "BN_GF2m_mod_inv"); - if (!test_gf2m_mod_inv(out, ctx)) + /* conditional swap: false */ + cond = 0; + BN_consttime_swap(cond, a, b, top); + if (!equalBN("cswap false", a, c) + || !equalBN("cswap false", b, d)) goto err; - (void)BIO_flush(out); - message(out, "BN_GF2m_mod_div"); - if (!test_gf2m_mod_div(out, ctx)) - goto err; - (void)BIO_flush(out); + /* same tests but checking flag swap */ + BN_set_flags(a, BN_FLG_CONSTTIME); - message(out, "BN_GF2m_mod_exp"); - if (!test_gf2m_mod_exp(out, ctx)) + BN_swap(a, b); + if (!equalBN("swap, flags", a, d) + || !equalBN("swap, flags", b, c) + || !TEST_true(BN_get_flags(b, BN_FLG_CONSTTIME)) + || !TEST_false(BN_get_flags(a, BN_FLG_CONSTTIME))) goto err; - (void)BIO_flush(out); - message(out, "BN_GF2m_mod_sqrt"); - if (!test_gf2m_mod_sqrt(out, ctx)) + cond = 1; + BN_consttime_swap(cond, a, b, top); + if (!equalBN("cswap true, flags", a, c) + || !equalBN("cswap true, flags", b, d) + || !TEST_true(BN_get_flags(a, BN_FLG_CONSTTIME)) + || !TEST_false(BN_get_flags(b, BN_FLG_CONSTTIME))) goto err; - (void)BIO_flush(out); - message(out, "BN_GF2m_mod_solve_quad"); - if (!test_gf2m_mod_solve_quad(out, ctx)) + cond = 0; + BN_consttime_swap(cond, a, b, top); + if (!equalBN("cswap false, flags", a, c) + || !equalBN("cswap false, flags", b, d) + || !TEST_true(BN_get_flags(a, BN_FLG_CONSTTIME)) + || !TEST_false(BN_get_flags(b, BN_FLG_CONSTTIME))) goto err; - (void)BIO_flush(out); -#endif - BN_CTX_free(ctx); - BIO_free(out); - ERR_print_errors_fp(stderr); - -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - if (CRYPTO_mem_leaks_fp(stderr) <= 0) - EXIT(1); -#endif - EXIT(0); + st = 1; err: - BIO_puts(out, "1\n"); /* make sure the Perl script fed by bc - * notices the failure, see test_bn in - * test/Makefile.ssl */ - (void)BIO_flush(out); - BN_CTX_free(ctx); - BIO_free(out); - - ERR_print_errors_fp(stderr); - EXIT(1); -} - -int test_add(BIO *bp) -{ - BIGNUM *a, *b, *c; - int i; - - a = BN_new(); - b = BN_new(); - c = BN_new(); - - BN_bntest_rand(a, 512, 0, 0); - for (i = 0; i < num0; i++) { - BN_bntest_rand(b, 450 + i, 0, 0); - a->neg = rand_neg(); - b->neg = rand_neg(); - BN_add(c, a, b); - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " + "); - BN_print(bp, b); - BIO_puts(bp, " - "); - } - BN_print(bp, c); - BIO_puts(bp, "\n"); - } - a->neg = !a->neg; - b->neg = !b->neg; - BN_add(c, c, b); - BN_add(c, c, a); - if (!BN_is_zero(c)) { - fprintf(stderr, "Add test failed!\n"); - return 0; - } - } BN_free(a); BN_free(b); BN_free(c); - return (1); + BN_free(d); + return st; } -int test_sub(BIO *bp) +static int test_sub(void) { - BIGNUM *a, *b, *c; - int i; + BIGNUM *a = NULL, *b = NULL, *c = NULL; + int i, st = 0; - a = BN_new(); - b = BN_new(); - c = BN_new(); + if (!TEST_ptr(a = BN_new()) + || !TEST_ptr(b = BN_new()) + || !TEST_ptr(c = BN_new())) + goto err; - for (i = 0; i < num0 + num1; i++) { - if (i < num1) { + for (i = 0; i < NUM0 + NUM1; i++) { + if (i < NUM1) { BN_bntest_rand(a, 512, 0, 0); BN_copy(b, a); - if (BN_set_bit(a, i) == 0) - return (0); + if (!TEST_int_ne(BN_set_bit(a, i), 0)) + goto err; BN_add_word(b, i); } else { - BN_bntest_rand(b, 400 + i - num1, 0, 0); - a->neg = rand_neg(); - b->neg = rand_neg(); + BN_bntest_rand(b, 400 + i - NUM1, 0, 0); + BN_set_negative(a, rand_neg()); + BN_set_negative(b, rand_neg()); } BN_sub(c, a, b); - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " - "); - BN_print(bp, b); - BIO_puts(bp, " - "); - } - BN_print(bp, c); - BIO_puts(bp, "\n"); - } BN_add(c, c, b); BN_sub(c, c, a); - if (!BN_is_zero(c)) { - fprintf(stderr, "Subtract test failed!\n"); - return 0; - } - } - BN_free(a); - BN_free(b); - BN_free(c); - return (1); -} - -int test_div(BIO *bp, BN_CTX *ctx) -{ - BIGNUM *a, *b, *c, *d, *e; - int i; - - a = BN_new(); - b = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); - - BN_one(a); - BN_zero(b); - - if (BN_div(d, c, a, b, ctx)) { - fprintf(stderr, "Division by zero succeeded!\n"); - return 0; - } - - for (i = 0; i < num0 + num1; i++) { - if (i < num1) { - BN_bntest_rand(a, 400, 0, 0); - BN_copy(b, a); - BN_lshift(a, a, i); - BN_add_word(a, i); - } else - BN_bntest_rand(b, 50 + 3 * (i - num1), 0, 0); - a->neg = rand_neg(); - b->neg = rand_neg(); - BN_div(d, c, a, b, ctx); - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " / "); - BN_print(bp, b); - BIO_puts(bp, " - "); - } - BN_print(bp, d); - BIO_puts(bp, "\n"); - - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " % "); - BN_print(bp, b); - BIO_puts(bp, " - "); - } - BN_print(bp, c); - BIO_puts(bp, "\n"); - } - BN_mul(e, d, b, ctx); - BN_add(d, e, c); - BN_sub(d, d, a); - if (!BN_is_zero(d)) { - fprintf(stderr, "Division test failed!\n"); - return 0; - } + if (!TEST_BN_eq_zero(c)) + goto err; } + st = 1; +err: BN_free(a); BN_free(b); BN_free(c); - BN_free(d); - BN_free(e); - return (1); + return st; } -static void print_word(BIO *bp, BN_ULONG w) -{ - int i = sizeof(w) * 8; - char *fmt = NULL; - unsigned char byte; - - do { - i -= 8; - byte = (unsigned char)(w >> i); - if (fmt == NULL) - fmt = byte ? "%X" : NULL; - else - fmt = "%02X"; - - if (fmt != NULL) - BIO_printf(bp, fmt, byte); - } while (i); - - /* If we haven't printed anything, at least print a zero! */ - if (fmt == NULL) - BIO_printf(bp, "0"); -} -int test_div_word(BIO *bp) +static int test_div_recip(void) { - BIGNUM *a, *b; - BN_ULONG r, rmod, s; - int i; - - a = BN_new(); - b = BN_new(); - - for (i = 0; i < num0; i++) { - do { - BN_bntest_rand(a, 512, -1, 0); - BN_bntest_rand(b, BN_BITS2, -1, 0); - } while (BN_is_zero(b)); - - s = b->d[0]; - BN_copy(b, a); - rmod = BN_mod_word(b, s); - r = BN_div_word(b, s); - - if (rmod != r) { - fprintf(stderr, "Mod (word) test failed!\n"); - return 0; - } - - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " / "); - print_word(bp, s); - BIO_puts(bp, " - "); - } - BN_print(bp, b); - BIO_puts(bp, "\n"); - - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " % "); - print_word(bp, s); - BIO_puts(bp, " - "); - } - print_word(bp, r); - BIO_puts(bp, "\n"); - } - BN_mul_word(b, s); - BN_add_word(b, r); - BN_sub(b, a, b); - if (!BN_is_zero(b)) { - fprintf(stderr, "Division (word) test failed!\n"); - return 0; - } - } - BN_free(a); - BN_free(b); - return (1); -} + BIGNUM *a = NULL, *b = NULL, *c = NULL, *d = NULL, *e = NULL; + BN_RECP_CTX *recp = NULL; + int st = 0, i; + + if (!TEST_ptr(a = BN_new()) + || !TEST_ptr(b = BN_new()) + || !TEST_ptr(c = BN_new()) + || !TEST_ptr(d = BN_new()) + || !TEST_ptr(e = BN_new()) + || !TEST_ptr(recp = BN_RECP_CTX_new())) + goto err; -int test_div_recp(BIO *bp, BN_CTX *ctx) -{ - BIGNUM *a, *b, *c, *d, *e; - BN_RECP_CTX *recp; - int i; - - recp = BN_RECP_CTX_new(); - a = BN_new(); - b = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); - - for (i = 0; i < num0 + num1; i++) { - if (i < num1) { + for (i = 0; i < NUM0 + NUM1; i++) { + if (i < NUM1) { BN_bntest_rand(a, 400, 0, 0); BN_copy(b, a); BN_lshift(a, a, i); BN_add_word(a, i); } else - BN_bntest_rand(b, 50 + 3 * (i - num1), 0, 0); - a->neg = rand_neg(); - b->neg = rand_neg(); + BN_bntest_rand(b, 50 + 3 * (i - NUM1), 0, 0); + BN_set_negative(a, rand_neg()); + BN_set_negative(b, rand_neg()); BN_RECP_CTX_set(recp, b, ctx); BN_div_recp(d, c, a, recp, ctx); - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " / "); - BN_print(bp, b); - BIO_puts(bp, " - "); - } - BN_print(bp, d); - BIO_puts(bp, "\n"); - - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " % "); - BN_print(bp, b); - BIO_puts(bp, " - "); - } - BN_print(bp, c); - BIO_puts(bp, "\n"); - } BN_mul(e, d, b, ctx); BN_add(d, e, c); BN_sub(d, d, a); - if (!BN_is_zero(d)) { - fprintf(stderr, "Reciprocal division test failed!\n"); - fprintf(stderr, "a="); - BN_print_fp(stderr, a); - fprintf(stderr, "\nb="); - BN_print_fp(stderr, b); - fprintf(stderr, "\n"); - return 0; - } + if (!TEST_BN_eq_zero(d)) + goto err; } + st = 1; +err: BN_free(a); BN_free(b); BN_free(c); BN_free(d); BN_free(e); BN_RECP_CTX_free(recp); - return (1); + return st; } -int test_mul(BIO *bp) -{ - BIGNUM *a, *b, *c, *d, *e; - int i; - BN_CTX *ctx; - - ctx = BN_CTX_new(); - if (ctx == NULL) - EXIT(1); - - a = BN_new(); - b = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); - - for (i = 0; i < num0 + num1; i++) { - if (i <= num1) { - BN_bntest_rand(a, 100, 0, 0); - BN_bntest_rand(b, 100, 0, 0); - } else - BN_bntest_rand(b, i - num1, 0, 0); - a->neg = rand_neg(); - b->neg = rand_neg(); - BN_mul(c, a, b, ctx); - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " * "); - BN_print(bp, b); - BIO_puts(bp, " - "); - } - BN_print(bp, c); - BIO_puts(bp, "\n"); - } - BN_div(d, e, c, a, ctx); - BN_sub(d, d, b); - if (!BN_is_zero(d) || !BN_is_zero(e)) { - fprintf(stderr, "Multiplication test failed!\n"); - return 0; - } - } - BN_free(a); - BN_free(b); - BN_free(c); - BN_free(d); - BN_free(e); - BN_CTX_free(ctx); - return (1); -} -int test_sqr(BIO *bp, BN_CTX *ctx) +static int test_mod(void) { - BIGNUM *a, *c, *d, *e; - int i, ret = 0; - - a = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); - if (a == NULL || c == NULL || d == NULL || e == NULL) { + BIGNUM *a = NULL, *b = NULL, *c = NULL, *d = NULL, *e = NULL; + int st = 0, i; + + if (!TEST_ptr(a = BN_new()) + || !TEST_ptr(b = BN_new()) + || !TEST_ptr(c = BN_new()) + || !TEST_ptr(d = BN_new()) + || !TEST_ptr(e = BN_new())) goto err; - } - for (i = 0; i < num0; i++) { - BN_bntest_rand(a, 40 + i * 10, 0, 0); - a->neg = rand_neg(); - BN_sqr(c, a, ctx); - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " * "); - BN_print(bp, a); - BIO_puts(bp, " - "); - } - BN_print(bp, c); - BIO_puts(bp, "\n"); - } - BN_div(d, e, c, a, ctx); - BN_sub(d, d, a); - if (!BN_is_zero(d) || !BN_is_zero(e)) { - fprintf(stderr, "Square test failed!\n"); + BN_bntest_rand(a, 1024, 0, 0); + for (i = 0; i < NUM0; i++) { + BN_bntest_rand(b, 450 + i * 10, 0, 0); + BN_set_negative(a, rand_neg()); + BN_set_negative(b, rand_neg()); + BN_mod(c, a, b, ctx); + BN_div(d, e, a, b, ctx); + BN_sub(e, e, c); + if (!TEST_BN_eq_zero(e)) goto err; - } - } - - /* Regression test for a BN_sqr overflow bug. */ - BN_hex2bn(&a, - "80000000000000008000000000000001" - "FFFFFFFFFFFFFFFE0000000000000000"); - BN_sqr(c, a, ctx); - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " * "); - BN_print(bp, a); - BIO_puts(bp, " - "); - } - BN_print(bp, c); - BIO_puts(bp, "\n"); - } - BN_mul(d, a, a, ctx); - if (BN_cmp(c, d)) { - fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce " - "different results!\n"); - goto err; } - - /* Regression test for a BN_sqr overflow bug. */ - BN_hex2bn(&a, - "80000000000000000000000080000001" - "FFFFFFFE000000000000000000000000"); - BN_sqr(c, a, ctx); - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " * "); - BN_print(bp, a); - BIO_puts(bp, " - "); - } - BN_print(bp, c); - BIO_puts(bp, "\n"); - } - BN_mul(d, a, a, ctx); - if (BN_cmp(c, d)) { - fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce " - "different results!\n"); - goto err; - } - ret = 1; - err: + st = 1; +err: BN_free(a); + BN_free(b); BN_free(c); BN_free(d); BN_free(e); - return ret; + return st; } -int test_mont(BIO *bp, BN_CTX *ctx) -{ - BIGNUM *a, *b, *c, *d, *A, *B; - BIGNUM *n; - int i; - BN_MONT_CTX *mont; - - a = BN_new(); - b = BN_new(); - c = BN_new(); - d = BN_new(); - A = BN_new(); - B = BN_new(); - n = BN_new(); - - mont = BN_MONT_CTX_new(); - if (mont == NULL) - return 0; - - BN_zero(n); - if (BN_MONT_CTX_set(mont, n, ctx)) { - fprintf(stderr, "BN_MONT_CTX_set succeeded for zero modulus!\n"); - return 0; - } - - BN_set_word(n, 16); - if (BN_MONT_CTX_set(mont, n, ctx)) { - fprintf(stderr, "BN_MONT_CTX_set succeeded for even modulus!\n"); - return 0; - } +static const char *bn1strings[] = { + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000000000FFFFFFFF00", + "0000000000000000000000000000000000000000000000000000000000000000", + "0000000000000000000000000000000000000000000000000000000000000000", + "0000000000000000000000000000000000000000000000000000000000000000", + "0000000000000000000000000000000000000000000000000000000000000000", + "0000000000000000000000000000000000000000000000000000000000000000", + "0000000000000000000000000000000000000000000000000000000000000000", + "0000000000000000000000000000000000000000000000000000000000000000", + "00000000000000000000000000000000000000000000000000FFFFFFFFFFFFFF", + NULL +}; + +static const char *bn2strings[] = { + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000000000FFFFFFFF0000000000", + "0000000000000000000000000000000000000000000000000000000000000000", + "0000000000000000000000000000000000000000000000000000000000000000", + "0000000000000000000000000000000000000000000000000000000000000000", + "0000000000000000000000000000000000000000000000000000000000000000", + "0000000000000000000000000000000000000000000000000000000000000000", + "0000000000000000000000000000000000000000000000000000000000000000", + "0000000000000000000000000000000000000000000000000000000000000000", + "000000000000000000000000000000000000000000FFFFFFFFFFFFFF00000000", + NULL +}; - BN_bntest_rand(a, 100, 0, 0); - BN_bntest_rand(b, 100, 0, 0); - for (i = 0; i < num2; i++) { - int bits = (200 * (i + 1)) / num2; +/* + * Test constant-time modular exponentiation with 1024-bit inputs, which on + * x86_64 cause a different code branch to be taken. + */ +static int test_modexp_mont5(void) +{ + BIGNUM *a = NULL, *p = NULL, *m = NULL, *d = NULL, *e = NULL; + BIGNUM *b = NULL, *n = NULL, *c = NULL; + BN_MONT_CTX *mont = NULL; + int st = 0; + + if (!TEST_ptr(a = BN_new()) + || !TEST_ptr(p = BN_new()) + || !TEST_ptr(m = BN_new()) + || !TEST_ptr(d = BN_new()) + || !TEST_ptr(e = BN_new()) + || !TEST_ptr(b = BN_new()) + || !TEST_ptr(n = BN_new()) + || !TEST_ptr(c = BN_new()) + || !TEST_ptr(mont = BN_MONT_CTX_new())) + goto err; - if (bits == 0) - continue; - BN_bntest_rand(n, bits, 0, 1); - BN_MONT_CTX_set(mont, n, ctx); - - BN_nnmod(a, a, n, ctx); - BN_nnmod(b, b, n, ctx); - - BN_to_montgomery(A, a, mont, ctx); - BN_to_montgomery(B, b, mont, ctx); - - BN_mod_mul_montgomery(c, A, B, mont, ctx); - BN_from_montgomery(A, c, mont, ctx); - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " * "); - BN_print(bp, b); - BIO_puts(bp, " % "); - BN_print(bp, &mont->N); - BIO_puts(bp, " - "); - } - BN_print(bp, A); - BIO_puts(bp, "\n"); - } - BN_mod_mul(d, a, b, n, ctx); - BN_sub(d, d, A); - if (!BN_is_zero(d)) { - fprintf(stderr, "Montgomery multiplication test failed!\n"); - return 0; - } - } + BN_bntest_rand(m, 1024, 0, 1); /* must be odd for montgomery */ + /* Zero exponent */ + BN_bntest_rand(a, 1024, 0, 0); + BN_zero(p); + if (!TEST_true(BN_mod_exp_mont_consttime(d, a, p, m, ctx, NULL))) + goto err; + if (!TEST_BN_eq_one(d)) + goto err; /* Regression test for carry bug in mulx4x_mont */ BN_hex2bn(&a, @@ -856,309 +427,105 @@ int test_mont(BIO *bp, BN_CTX *ctx) BN_MONT_CTX_set(mont, n, ctx); BN_mod_mul_montgomery(c, a, b, mont, ctx); BN_mod_mul_montgomery(d, b, a, mont, ctx); - if (BN_cmp(c, d)) { - fprintf(stderr, "Montgomery multiplication test failed:" - " a*b != b*a.\n"); - return 0; - } + if (!TEST_BN_eq(c, d)) + goto err; - BN_MONT_CTX_free(mont); - BN_free(a); + /* Regression test for carry bug in sqr[x]8x_mont */ + parse_bigBN(&n, bn1strings); + parse_bigBN(&a, bn2strings); BN_free(b); - BN_free(c); - BN_free(d); - BN_free(A); - BN_free(B); - BN_free(n); - return (1); -} - -int test_mod(BIO *bp, BN_CTX *ctx) -{ - BIGNUM *a, *b, *c, *d, *e; - int i; - - a = BN_new(); - b = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); + b = BN_dup(a); + BN_MONT_CTX_set(mont, n, ctx); + BN_mod_mul_montgomery(c, a, a, mont, ctx); + BN_mod_mul_montgomery(d, a, b, mont, ctx); + if (!TEST_BN_eq(c, d)) + goto err; - BN_bntest_rand(a, 1024, 0, 0); - for (i = 0; i < num0; i++) { - BN_bntest_rand(b, 450 + i * 10, 0, 0); - a->neg = rand_neg(); - b->neg = rand_neg(); - BN_mod(c, a, b, ctx); - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " % "); - BN_print(bp, b); - BIO_puts(bp, " - "); - } - BN_print(bp, c); - BIO_puts(bp, "\n"); - } - BN_div(d, e, a, b, ctx); - BN_sub(e, e, c); - if (!BN_is_zero(e)) { - fprintf(stderr, "Modulo test failed!\n"); - return 0; - } + /* Regression test for carry bug in bn_sqrx8x_internal */ + { + static const char *ahex[] = { + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8FFEADBCFC4DAE7FFF908E92820306B", + "9544D954000000006C0000000000000000000000000000000000000000000000", + "00000000000000000000FF030202FFFFF8FFEBDBCFC4DAE7FFF908E92820306B", + "9544D954000000006C000000FF0302030000000000FFFFFFFFFFFFFFFFFFFFFF", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF01FC00FF02FFFFFFFF", + "00FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FCFD", + "FCFFFFFFFFFF000000000000000000FF0302030000000000FFFFFFFFFFFFFFFF", + "FF00FCFDFDFF030202FF00000000FFFFFFFFFFFFFFFFFF00FCFDFCFFFFFFFFFF", + NULL + }; + static const char *nhex[] = { + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8F8F8F8000000", + "00000010000000006C0000000000000000000000000000000000000000000000", + "00000000000000000000000000000000000000FFFFFFFFFFFFF8F8F8F8000000", + "00000010000000006C000000000000000000000000FFFFFFFFFFFFFFFFFFFFFF", + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", + "00FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", + "FFFFFFFFFFFF000000000000000000000000000000000000FFFFFFFFFFFFFFFF", + "FFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", + NULL + }; + + parse_bigBN(&a, ahex); + parse_bigBN(&n, nhex); } - BN_free(a); BN_free(b); - BN_free(c); - BN_free(d); - BN_free(e); - return (1); -} - -int test_mod_mul(BIO *bp, BN_CTX *ctx) -{ - BIGNUM *a, *b, *c, *d, *e; - int i, j; - - a = BN_new(); - b = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); - - BN_one(a); - BN_one(b); - BN_zero(c); - if (BN_mod_mul(e, a, b, c, ctx)) { - fprintf(stderr, "BN_mod_mul with zero modulus succeeded!\n"); - return 0; - } - - for (j = 0; j < 3; j++) { - BN_bntest_rand(c, 1024, 0, 0); - for (i = 0; i < num0; i++) { - BN_bntest_rand(a, 475 + i * 10, 0, 0); - BN_bntest_rand(b, 425 + i * 11, 0, 0); - a->neg = rand_neg(); - b->neg = rand_neg(); - if (!BN_mod_mul(e, a, b, c, ctx)) { - unsigned long l; - - while ((l = ERR_get_error())) - fprintf(stderr, "ERROR:%s\n", ERR_error_string(l, NULL)); - EXIT(1); - } - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " * "); - BN_print(bp, b); - BIO_puts(bp, " % "); - BN_print(bp, c); - if ((a->neg ^ b->neg) && !BN_is_zero(e)) { - /* - * If (a*b) % c is negative, c must be added in order - * to obtain the normalized remainder (new with - * OpenSSL 0.9.7, previous versions of BN_mod_mul - * could generate negative results) - */ - BIO_puts(bp, " + "); - BN_print(bp, c); - } - BIO_puts(bp, " - "); - } - BN_print(bp, e); - BIO_puts(bp, "\n"); - } - BN_mul(d, a, b, ctx); - BN_sub(d, d, e); - BN_div(a, b, d, c, ctx); - if (!BN_is_zero(b)) { - fprintf(stderr, "Modulo multiply test failed!\n"); - ERR_print_errors_fp(stderr); - return 0; - } - } - } - BN_free(a); - BN_free(b); - BN_free(c); - BN_free(d); - BN_free(e); - return (1); -} - -int test_mod_exp(BIO *bp, BN_CTX *ctx) -{ - BIGNUM *a, *b, *c, *d, *e; - int i; - - a = BN_new(); - b = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); - - BN_one(a); - BN_one(b); - BN_zero(c); - if (BN_mod_exp(d, a, b, c, ctx)) { - fprintf(stderr, "BN_mod_exp with zero modulus succeeded!\n"); - return 0; - } - - BN_bntest_rand(c, 30, 0, 1); /* must be odd for montgomery */ - for (i = 0; i < num2; i++) { - BN_bntest_rand(a, 20 + i * 5, 0, 0); - BN_bntest_rand(b, 2 + i, 0, 0); - - if (!BN_mod_exp(d, a, b, c, ctx)) - return (0); - - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " ^ "); - BN_print(bp, b); - BIO_puts(bp, " % "); - BN_print(bp, c); - BIO_puts(bp, " - "); - } - BN_print(bp, d); - BIO_puts(bp, "\n"); - } - BN_exp(e, a, b, ctx); - BN_sub(e, e, d); - BN_div(a, b, e, c, ctx); - if (!BN_is_zero(b)) { - fprintf(stderr, "Modulo exponentiation test failed!\n"); - return 0; - } - } - - /* Regression test for carry propagation bug in sqr8x_reduction */ - BN_hex2bn(&a, "050505050505"); - BN_hex2bn(&b, "02"); - BN_hex2bn(&c, - "4141414141414141414141274141414141414141414141414141414141414141" - "4141414141414141414141414141414141414141414141414141414141414141" - "4141414141414141414141800000000000000000000000000000000000000000" - "0000000000000000000000000000000000000000000000000000000000000000" - "0000000000000000000000000000000000000000000000000000000000000000" - "0000000000000000000000000000000000000000000000000000000001"); - BN_mod_exp(d, a, b, c, ctx); - BN_mul(e, a, a, ctx); - if (BN_cmp(d, e)) { - fprintf(stderr, "BN_mod_exp and BN_mul produce different results!\n"); - return 0; - } - - BN_free(a); - BN_free(b); - BN_free(c); - BN_free(d); - BN_free(e); - return (1); -} - -int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx) -{ - BIGNUM *a, *b, *c, *d, *e; - int i; - - a = BN_new(); - b = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); - - BN_one(a); - BN_one(b); - BN_zero(c); - if (BN_mod_exp_mont_consttime(d, a, b, c, ctx, NULL)) { - fprintf(stderr, "BN_mod_exp_mont_consttime with zero modulus " - "succeeded\n"); - return 0; - } - - BN_set_word(c, 16); - if (BN_mod_exp_mont_consttime(d, a, b, c, ctx, NULL)) { - fprintf(stderr, "BN_mod_exp_mont_consttime with even modulus " - "succeeded\n"); - return 0; - } - - BN_bntest_rand(c, 30, 0, 1); /* must be odd for montgomery */ - for (i = 0; i < num2; i++) { - BN_bntest_rand(a, 20 + i * 5, 0, 0); - BN_bntest_rand(b, 2 + i, 0, 0); - - if (!BN_mod_exp_mont_consttime(d, a, b, c, ctx, NULL)) - return (00); - - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " ^ "); - BN_print(bp, b); - BIO_puts(bp, " % "); - BN_print(bp, c); - BIO_puts(bp, " - "); - } - BN_print(bp, d); - BIO_puts(bp, "\n"); - } - BN_exp(e, a, b, ctx); - BN_sub(e, e, d); - BN_div(a, b, e, c, ctx); - if (!BN_is_zero(b)) { - fprintf(stderr, "Modulo exponentiation test failed!\n"); - return 0; - } - } - BN_free(a); - BN_free(b); - BN_free(c); - BN_free(d); - BN_free(e); - return (1); -} + b = BN_dup(a); + BN_MONT_CTX_set(mont, n, ctx); + if (!TEST_true(BN_mod_mul_montgomery(c, a, a, mont, ctx)) + || !TEST_true(BN_mod_mul_montgomery(d, a, b, mont, ctx)) + || !TEST_BN_eq(c, d)) + goto err; -/* - * Test constant-time modular exponentiation with 1024-bit inputs, which on - * x86_64 cause a different code branch to be taken. - */ -int test_mod_exp_mont5(BIO *bp, BN_CTX *ctx) -{ - BIGNUM *a, *p, *m, *d, *e; - BN_MONT_CTX *mont; + /* Regression test for bug in BN_from_montgomery_word */ + BN_hex2bn(&a, + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"); + BN_hex2bn(&n, + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"); + BN_MONT_CTX_set(mont, n, ctx); + if (!TEST_false(BN_mod_mul_montgomery(d, a, a, mont, ctx))) + goto err; - a = BN_new(); - p = BN_new(); - m = BN_new(); - d = BN_new(); - e = BN_new(); - mont = BN_MONT_CTX_new(); + /* Regression test for bug in rsaz_1024_mul_avx2 */ + BN_hex2bn(&a, + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2020202020DF"); + BN_hex2bn(&b, + "2020202020202020202020202020202020202020202020202020202020202020" + "2020202020202020202020202020202020202020202020202020202020202020" + "20202020202020FF202020202020202020202020202020202020202020202020" + "2020202020202020202020202020202020202020202020202020202020202020"); + BN_hex2bn(&n, + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2020202020FF"); + BN_MONT_CTX_set(mont, n, ctx); + BN_mod_exp_mont_consttime(c, a, b, n, ctx, mont); + BN_mod_exp_mont(d, a, b, n, ctx, mont); + if (!TEST_BN_eq(c, d)) + goto err; - BN_bntest_rand(m, 1024, 0, 1); /* must be odd for montgomery */ - /* Zero exponent */ - BN_bntest_rand(a, 1024, 0, 0); - BN_zero(p); - if (!BN_mod_exp_mont_consttime(d, a, p, m, ctx, NULL)) - return 0; - if (!BN_is_one(d)) { - fprintf(stderr, "Modular exponentiation test failed!\n"); - return 0; - } /* Zero input */ BN_bntest_rand(p, 1024, 0, 0); BN_zero(a); - if (!BN_mod_exp_mont_consttime(d, a, p, m, ctx, NULL)) - return 0; - if (!BN_is_zero(d)) { - fprintf(stderr, "Modular exponentiation test failed!\n"); - return 0; - } + if (!TEST_true(BN_mod_exp_mont_consttime(d, a, p, m, ctx, NULL)) + || !TEST_BN_eq_zero(d)) + goto err; + /* * Craft an input whose Montgomery representation is 1, i.e., shorter * than the modulus m, in order to test the const time precomputation @@ -1166,149 +533,96 @@ int test_mod_exp_mont5(BIO *bp, BN_CTX *ctx) */ BN_one(a); BN_MONT_CTX_set(mont, m, ctx); - if (!BN_from_montgomery(e, a, mont, ctx)) - return 0; - if (!BN_mod_exp_mont_consttime(d, e, p, m, ctx, NULL)) - return 0; - if (!BN_mod_exp_simple(a, e, p, m, ctx)) - return 0; - if (BN_cmp(a, d) != 0) { - fprintf(stderr, "Modular exponentiation test failed!\n"); - return 0; - } + if (!TEST_true(BN_from_montgomery(e, a, mont, ctx)) + || !TEST_true(BN_mod_exp_mont_consttime(d, e, p, m, ctx, NULL)) + || !TEST_true(BN_mod_exp_simple(a, e, p, m, ctx)) + || !TEST_BN_eq(a, d)) + goto err; + /* Finally, some regular test vectors. */ BN_bntest_rand(e, 1024, 0, 0); - if (!BN_mod_exp_mont_consttime(d, e, p, m, ctx, NULL)) - return 0; - if (!BN_mod_exp_simple(a, e, p, m, ctx)) - return 0; - if (BN_cmp(a, d) != 0) { - fprintf(stderr, "Modular exponentiation test failed!\n"); - return 0; - } + if (!TEST_true(BN_mod_exp_mont_consttime(d, e, p, m, ctx, NULL)) + || !TEST_true(BN_mod_exp_simple(a, e, p, m, ctx)) + || !TEST_BN_eq(a, d)) + goto err; + + st = 1; + +err: BN_MONT_CTX_free(mont); BN_free(a); BN_free(p); BN_free(m); BN_free(d); BN_free(e); - return (1); -} - -int test_exp(BIO *bp, BN_CTX *ctx) -{ - BIGNUM *a, *b, *d, *e, *one; - int i; - - a = BN_new(); - b = BN_new(); - d = BN_new(); - e = BN_new(); - one = BN_new(); - BN_one(one); - - for (i = 0; i < num2; i++) { - BN_bntest_rand(a, 20 + i * 5, 0, 0); - BN_bntest_rand(b, 2 + i, 0, 0); - - if (BN_exp(d, a, b, ctx) <= 0) - return (0); - - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " ^ "); - BN_print(bp, b); - BIO_puts(bp, " - "); - } - BN_print(bp, d); - BIO_puts(bp, "\n"); - } - BN_one(e); - for (; !BN_is_zero(b); BN_sub(b, b, one)) - BN_mul(e, e, a, ctx); - BN_sub(e, e, d); - if (!BN_is_zero(e)) { - fprintf(stderr, "Exponentiation test failed!\n"); - return 0; - } - } - BN_free(a); BN_free(b); - BN_free(d); - BN_free(e); - BN_free(one); - return (1); + BN_free(n); + BN_free(c); + return st; } #ifndef OPENSSL_NO_EC2M -int test_gf2m_add(BIO *bp) +static int test_gf2m_add(void) { - BIGNUM *a, *b, *c; - int i, ret = 0; + BIGNUM *a = NULL, *b = NULL, *c = NULL; + int i, st = 0; - a = BN_new(); - b = BN_new(); - c = BN_new(); + if (!TEST_ptr(a = BN_new()) + || !TEST_ptr(b = BN_new()) + || !TEST_ptr(c = BN_new())) + goto err; - for (i = 0; i < num0; i++) { - BN_rand(a, 512, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY); + for (i = 0; i < NUM0; i++) { + BN_rand(a, 512, 0, 0); BN_copy(b, BN_value_one()); - a->neg = rand_neg(); - b->neg = rand_neg(); + BN_set_negative(a, rand_neg()); + BN_set_negative(b, rand_neg()); BN_GF2m_add(c, a, b); /* Test that two added values have the correct parity. */ - if ((BN_is_odd(a) && BN_is_odd(c)) - || (!BN_is_odd(a) && !BN_is_odd(c))) { - fprintf(stderr, "GF(2^m) addition test (a) failed!\n"); + if (!TEST_false((BN_is_odd(a) && BN_is_odd(c)) + || (!BN_is_odd(a) && !BN_is_odd(c)))) goto err; - } BN_GF2m_add(c, c, c); /* Test that c + c = 0. */ - if (!BN_is_zero(c)) { - fprintf(stderr, "GF(2^m) addition test (b) failed!\n"); + if (!TEST_BN_eq_zero(c)) goto err; - } } - ret = 1; + st = 1; err: BN_free(a); BN_free(b); BN_free(c); - return ret; + return st; } -int test_gf2m_mod(BIO *bp) +static int test_gf2m_mod(void) { - BIGNUM *a, *b[2], *c, *d, *e; - int i, j, ret = 0; - int p0[] = { 163, 7, 6, 3, 0, -1 }; - int p1[] = { 193, 15, 0, -1 }; - - a = BN_new(); - b[0] = BN_new(); - b[1] = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); + BIGNUM *a = NULL, *b[2] = {NULL,NULL}, *c = NULL, *d = NULL, *e = NULL; + int i, j, st = 0; + + if (!TEST_ptr(a = BN_new()) + || !TEST_ptr(b[0] = BN_new()) + || !TEST_ptr(b[1] = BN_new()) + || !TEST_ptr(c = BN_new()) + || !TEST_ptr(d = BN_new()) + || !TEST_ptr(e = BN_new())) + goto err; BN_GF2m_arr2poly(p0, b[0]); BN_GF2m_arr2poly(p1, b[1]); - for (i = 0; i < num0; i++) { + for (i = 0; i < NUM0; i++) { BN_bntest_rand(a, 1024, 0, 0); for (j = 0; j < 2; j++) { BN_GF2m_mod(c, a, b[j]); BN_GF2m_add(d, a, c); BN_GF2m_mod(e, d, b[j]); /* Test that a + (a mod p) mod p == 0. */ - if (!BN_is_zero(e)) { - fprintf(stderr, "GF(2^m) modulo test failed!\n"); + if (!TEST_BN_eq_zero(e)) goto err; - } } } - ret = 1; + st = 1; err: BN_free(a); BN_free(b[0]); @@ -1316,30 +630,30 @@ int test_gf2m_mod(BIO *bp) BN_free(c); BN_free(d); BN_free(e); - return ret; + return st; } -int test_gf2m_mod_mul(BIO *bp, BN_CTX *ctx) +static int test_gf2m_mul(void) { - BIGNUM *a, *b[2], *c, *d, *e, *f, *g, *h; - int i, j, ret = 0; - int p0[] = { 163, 7, 6, 3, 0, -1 }; - int p1[] = { 193, 15, 0, -1 }; - - a = BN_new(); - b[0] = BN_new(); - b[1] = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); - f = BN_new(); - g = BN_new(); - h = BN_new(); + BIGNUM *a, *b[2] = {NULL, NULL}, *c = NULL, *d = NULL; + BIGNUM *e = NULL, *f = NULL, *g = NULL, *h = NULL; + int i, j, st = 0; + + if (!TEST_ptr(a = BN_new()) + || !TEST_ptr(b[0] = BN_new()) + || !TEST_ptr(b[1] = BN_new()) + || !TEST_ptr(c = BN_new()) + || !TEST_ptr(d = BN_new()) + || !TEST_ptr(e = BN_new()) + || !TEST_ptr(f = BN_new()) + || !TEST_ptr(g = BN_new()) + || !TEST_ptr(h = BN_new())) + goto err; BN_GF2m_arr2poly(p0, b[0]); BN_GF2m_arr2poly(p1, b[1]); - for (i = 0; i < num0; i++) { + for (i = 0; i < NUM0; i++) { BN_bntest_rand(a, 1024, 0, 0); BN_bntest_rand(c, 1024, 0, 0); BN_bntest_rand(d, 1024, 0, 0); @@ -1351,14 +665,12 @@ int test_gf2m_mod_mul(BIO *bp, BN_CTX *ctx) BN_GF2m_add(f, e, g); BN_GF2m_add(f, f, h); /* Test that (a+d)*c = a*c + d*c. */ - if (!BN_is_zero(f)) { - fprintf(stderr, - "GF(2^m) modular multiplication test failed!\n"); + if (!TEST_BN_eq_zero(f)) goto err; - } } } - ret = 1; + st = 1; + err: BN_free(a); BN_free(b[0]); @@ -1369,26 +681,25 @@ int test_gf2m_mod_mul(BIO *bp, BN_CTX *ctx) BN_free(f); BN_free(g); BN_free(h); - return ret; + return st; } -int test_gf2m_mod_sqr(BIO *bp, BN_CTX *ctx) +static int test_gf2m_sqr(void) { - BIGNUM *a, *b[2], *c, *d; - int i, j, ret = 0; - int p0[] = { 163, 7, 6, 3, 0, -1 }; - int p1[] = { 193, 15, 0, -1 }; - - a = BN_new(); - b[0] = BN_new(); - b[1] = BN_new(); - c = BN_new(); - d = BN_new(); + BIGNUM *a = NULL, *b[2] = {NULL,NULL}, *c = NULL, *d = NULL; + int i, j, st = 0; + + if (!TEST_ptr(a = BN_new()) + || !TEST_ptr(b[0] = BN_new()) + || !TEST_ptr(b[1] = BN_new()) + || !TEST_ptr(c = BN_new()) + || !TEST_ptr(d = BN_new())) + goto err; BN_GF2m_arr2poly(p0, b[0]); BN_GF2m_arr2poly(p1, b[1]); - for (i = 0; i < num0; i++) { + for (i = 0; i < NUM0; i++) { BN_bntest_rand(a, 1024, 0, 0); for (j = 0; j < 2; j++) { BN_GF2m_mod_sqr(c, a, b[j], ctx); @@ -1396,79 +707,74 @@ int test_gf2m_mod_sqr(BIO *bp, BN_CTX *ctx) BN_GF2m_mod_mul(d, a, d, b[j], ctx); BN_GF2m_add(d, c, d); /* Test that a*a = a^2. */ - if (!BN_is_zero(d)) { - fprintf(stderr, "GF(2^m) modular squaring test failed!\n"); + if (!TEST_BN_eq_zero(d)) goto err; - } } } - ret = 1; + st = 1; err: BN_free(a); BN_free(b[0]); BN_free(b[1]); BN_free(c); BN_free(d); - return ret; + return st; } -int test_gf2m_mod_inv(BIO *bp, BN_CTX *ctx) +static int test_gf2m_modinv(void) { - BIGNUM *a, *b[2], *c, *d; - int i, j, ret = 0; - int p0[] = { 163, 7, 6, 3, 0, -1 }; - int p1[] = { 193, 15, 0, -1 }; - - a = BN_new(); - b[0] = BN_new(); - b[1] = BN_new(); - c = BN_new(); - d = BN_new(); + BIGNUM *a = NULL, *b[2] = {NULL,NULL}, *c = NULL, *d = NULL; + int i, j, st = 0; + + if (!TEST_ptr(a = BN_new()) + || !TEST_ptr(b[0] = BN_new()) + || !TEST_ptr(b[1] = BN_new()) + || !TEST_ptr(c = BN_new()) + || !TEST_ptr(d = BN_new())) + goto err; BN_GF2m_arr2poly(p0, b[0]); BN_GF2m_arr2poly(p1, b[1]); - for (i = 0; i < num0; i++) { + for (i = 0; i < NUM0; i++) { BN_bntest_rand(a, 512, 0, 0); for (j = 0; j < 2; j++) { BN_GF2m_mod_inv(c, a, b[j], ctx); BN_GF2m_mod_mul(d, a, c, b[j], ctx); /* Test that ((1/a)*a) = 1. */ - if (!BN_is_one(d)) { - fprintf(stderr, "GF(2^m) modular inversion test failed!\n"); + if (!TEST_BN_eq_one(d)) goto err; - } } } - ret = 1; + st = 1; err: BN_free(a); BN_free(b[0]); BN_free(b[1]); BN_free(c); BN_free(d); - return ret; + return st; } -int test_gf2m_mod_div(BIO *bp, BN_CTX *ctx) +static int test_gf2m_moddiv(void) { - BIGNUM *a, *b[2], *c, *d, *e, *f; - int i, j, ret = 0; - int p0[] = { 163, 7, 6, 3, 0, -1 }; - int p1[] = { 193, 15, 0, -1 }; - - a = BN_new(); - b[0] = BN_new(); - b[1] = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); - f = BN_new(); + BIGNUM *a = NULL, *b[2] = {NULL,NULL}, *c = NULL, *d = NULL; + BIGNUM *e = NULL, *f = NULL; + int i, j, st = 0; + + if (!TEST_ptr(a = BN_new()) + || !TEST_ptr(b[0] = BN_new()) + || !TEST_ptr(b[1] = BN_new()) + || !TEST_ptr(c = BN_new()) + || !TEST_ptr(d = BN_new()) + || !TEST_ptr(e = BN_new()) + || !TEST_ptr(f = BN_new())) + goto err; BN_GF2m_arr2poly(p0, b[0]); BN_GF2m_arr2poly(p1, b[1]); - for (i = 0; i < num0; i++) { + for (i = 0; i < NUM0; i++) { BN_bntest_rand(a, 512, 0, 0); BN_bntest_rand(c, 512, 0, 0); for (j = 0; j < 2; j++) { @@ -1476,13 +782,11 @@ int test_gf2m_mod_div(BIO *bp, BN_CTX *ctx) BN_GF2m_mod_mul(e, d, c, b[j], ctx); BN_GF2m_mod_div(f, a, e, b[j], ctx); /* Test that ((a/c)*c)/a = 1. */ - if (!BN_is_one(f)) { - fprintf(stderr, "GF(2^m) modular division test failed!\n"); + if (!TEST_BN_eq_one(f)) goto err; - } } } - ret = 1; + st = 1; err: BN_free(a); BN_free(b[0]); @@ -1491,28 +795,28 @@ int test_gf2m_mod_div(BIO *bp, BN_CTX *ctx) BN_free(d); BN_free(e); BN_free(f); - return ret; + return st; } -int test_gf2m_mod_exp(BIO *bp, BN_CTX *ctx) +static int test_gf2m_modexp(void) { - BIGNUM *a, *b[2], *c, *d, *e, *f; - int i, j, ret = 0; - int p0[] = { 163, 7, 6, 3, 0, -1 }; - int p1[] = { 193, 15, 0, -1 }; - - a = BN_new(); - b[0] = BN_new(); - b[1] = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); - f = BN_new(); + BIGNUM *a = NULL, *b[2] = {NULL,NULL}, *c = NULL, *d = NULL; + BIGNUM *e = NULL, *f = NULL; + int i, j, st = 0; + + if (!TEST_ptr(a = BN_new()) + || !TEST_ptr(b[0] = BN_new()) + || !TEST_ptr(b[1] = BN_new()) + || !TEST_ptr(c = BN_new()) + || !TEST_ptr(d = BN_new()) + || !TEST_ptr(e = BN_new()) + || !TEST_ptr(f = BN_new())) + goto err; BN_GF2m_arr2poly(p0, b[0]); BN_GF2m_arr2poly(p1, b[1]); - for (i = 0; i < num0; i++) { + for (i = 0; i < NUM0; i++) { BN_bntest_rand(a, 512, 0, 0); BN_bntest_rand(c, 512, 0, 0); BN_bntest_rand(d, 512, 0, 0); @@ -1524,14 +828,11 @@ int test_gf2m_mod_exp(BIO *bp, BN_CTX *ctx) BN_GF2m_mod_exp(f, a, f, b[j], ctx); BN_GF2m_add(f, e, f); /* Test that a^(c+d)=a^c*a^d. */ - if (!BN_is_zero(f)) { - fprintf(stderr, - "GF(2^m) modular exponentiation test failed!\n"); + if (!TEST_BN_eq_zero(f)) goto err; - } } } - ret = 1; + st = 1; err: BN_free(a); BN_free(b[0]); @@ -1540,28 +841,28 @@ int test_gf2m_mod_exp(BIO *bp, BN_CTX *ctx) BN_free(d); BN_free(e); BN_free(f); - return ret; + return st; } -int test_gf2m_mod_sqrt(BIO *bp, BN_CTX *ctx) +static int test_gf2m_modsqrt(void) { - BIGNUM *a, *b[2], *c, *d, *e, *f; - int i, j, ret = 0; - int p0[] = { 163, 7, 6, 3, 0, -1 }; - int p1[] = { 193, 15, 0, -1 }; - - a = BN_new(); - b[0] = BN_new(); - b[1] = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); - f = BN_new(); + BIGNUM *a = NULL, *b[2] = {NULL,NULL}, *c = NULL, *d = NULL; + BIGNUM *e = NULL, *f = NULL; + int i, j, st = 0; + + if (!TEST_ptr(a = BN_new()) + || !TEST_ptr(b[0] = BN_new()) + || !TEST_ptr(b[1] = BN_new()) + || !TEST_ptr(c = BN_new()) + || !TEST_ptr(d = BN_new()) + || !TEST_ptr(e = BN_new()) + || !TEST_ptr(f = BN_new())) + goto err; BN_GF2m_arr2poly(p0, b[0]); BN_GF2m_arr2poly(p1, b[1]); - for (i = 0; i < num0; i++) { + for (i = 0; i < NUM0; i++) { BN_bntest_rand(a, 512, 0, 0); for (j = 0; j < 2; j++) { BN_GF2m_mod(c, a, b[j]); @@ -1569,13 +870,11 @@ int test_gf2m_mod_sqrt(BIO *bp, BN_CTX *ctx) BN_GF2m_mod_sqr(e, d, b[j], ctx); BN_GF2m_add(f, c, e); /* Test that d^2 = a, where d = sqrt(a). */ - if (!BN_is_zero(f)) { - fprintf(stderr, "GF(2^m) modular square root test failed!\n"); + if (!TEST_BN_eq_zero(f)) goto err; - } } } - ret = 1; + st = 1; err: BN_free(a); BN_free(b[0]); @@ -1584,27 +883,27 @@ int test_gf2m_mod_sqrt(BIO *bp, BN_CTX *ctx) BN_free(d); BN_free(e); BN_free(f); - return ret; + return st; } -int test_gf2m_mod_solve_quad(BIO *bp, BN_CTX *ctx) +static int test_gf2m_modsolvequad(void) { - BIGNUM *a, *b[2], *c, *d, *e; - int i, j, s = 0, t, ret = 0; - int p0[] = { 163, 7, 6, 3, 0, -1 }; - int p1[] = { 193, 15, 0, -1 }; - - a = BN_new(); - b[0] = BN_new(); - b[1] = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); + BIGNUM *a = NULL, *b[2] = {NULL,NULL}, *c = NULL, *d = NULL; + BIGNUM *e = NULL; + int i, j, s = 0, t, st = 0; + + if (!TEST_ptr(a = BN_new()) + || !TEST_ptr(b[0] = BN_new()) + || !TEST_ptr(b[1] = BN_new()) + || !TEST_ptr(c = BN_new()) + || !TEST_ptr(d = BN_new()) + || !TEST_ptr(e = BN_new())) + goto err; BN_GF2m_arr2poly(p0, b[0]); BN_GF2m_arr2poly(p1, b[1]); - for (i = 0; i < num0; i++) { + for (i = 0; i < NUM0; i++) { BN_bntest_rand(a, 512, 0, 0); for (j = 0; j < 2; j++) { t = BN_GF2m_mod_solve_quad(c, a, b[j], ctx); @@ -1617,24 +916,16 @@ int test_gf2m_mod_solve_quad(BIO *bp, BN_CTX *ctx) /* * Test that solution of quadratic c satisfies c^2 + c = a. */ - if (!BN_is_zero(e)) { - fprintf(stderr, - "GF(2^m) modular solve quadratic test failed!\n"); + if (!TEST_BN_eq_zero(e)) goto err; - } - } } } - if (s == 0) { - fprintf(stderr, - "All %i tests of GF(2^m) modular solve quadratic resulted in no roots;\n", - num0); - fprintf(stderr, - "this is very unlikely and probably indicates an error.\n"); + if (!TEST_int_ge(s, 0)) { + TEST_info("%d tests found no roots; probably an error", NUM0); goto err; } - ret = 1; + st = 1; err: BN_free(a); BN_free(b[0]); @@ -1642,43 +933,21 @@ int test_gf2m_mod_solve_quad(BIO *bp, BN_CTX *ctx) BN_free(c); BN_free(d); BN_free(e); - return ret; + return st; } #endif -static int genprime_cb(int p, int n, BN_GENCB *arg) -{ - char c = '*'; - - if (p == 0) - c = '.'; - if (p == 1) - c = '+'; - if (p == 2) - c = '*'; - if (p == 3) - c = '\n'; - putc(c, stderr); - fflush(stderr); - return 1; -} -int test_kron(BIO *bp, BN_CTX *ctx) +static int test_kronecker(void) { - BN_GENCB cb; - BIGNUM *a, *b, *r, *t; - int i; - int legendre, kronecker; - int ret = 0; + BIGNUM *a = NULL, *b = NULL, *r = NULL, *t = NULL; + int i, legendre, kronecker, st = 0; - a = BN_new(); - b = BN_new(); - r = BN_new(); - t = BN_new(); - if (a == NULL || b == NULL || r == NULL || t == NULL) + if (!TEST_ptr(a = BN_new()) + || !TEST_ptr(b = BN_new()) + || !TEST_ptr(r = BN_new()) + || !TEST_ptr(t = BN_new())) goto err; - BN_GENCB_set(&cb, genprime_cb, NULL); - /* * We test BN_kronecker(a, b, ctx) just for b odd (Jacobi symbol). In * this case we know that if b is prime, then BN_kronecker(a, b, ctx) is @@ -1689,406 +958,1330 @@ int test_kron(BIO *bp, BN_CTX *ctx) * is prime but whether BN_kronecker works.) */ - if (!BN_generate_prime_ex(b, 512, 0, NULL, NULL, &cb)) + if (!TEST_true(BN_generate_prime_ex(b, 512, 0, NULL, NULL, NULL))) goto err; - b->neg = rand_neg(); - putc('\n', stderr); + BN_set_negative(b, rand_neg()); - for (i = 0; i < num0; i++) { - if (!BN_bntest_rand(a, 512, 0, 0)) + for (i = 0; i < NUM0; i++) { + if (!TEST_true(BN_bntest_rand(a, 512, 0, 0))) goto err; - a->neg = rand_neg(); + BN_set_negative(a, rand_neg()); /* t := (|b|-1)/2 (note that b is odd) */ - if (!BN_copy(t, b)) + if (!TEST_true(BN_copy(t, b))) goto err; - t->neg = 0; - if (!BN_sub_word(t, 1)) + BN_set_negative(t, 0); + if (!TEST_true(BN_sub_word(t, 1))) goto err; - if (!BN_rshift1(t, t)) + if (!TEST_true(BN_rshift1(t, t))) goto err; /* r := a^t mod b */ - b->neg = 0; + BN_set_negative(b, 0); - if (!BN_mod_exp_recp(r, a, t, b, ctx)) + if (!TEST_true(BN_mod_exp_recp(r, a, t, b, ctx))) goto err; - b->neg = 1; + BN_set_negative(b, 1); if (BN_is_word(r, 1)) legendre = 1; else if (BN_is_zero(r)) legendre = 0; else { - if (!BN_add_word(r, 1)) + if (!TEST_true(BN_add_word(r, 1))) goto err; - if (0 != BN_ucmp(r, b)) { - fprintf(stderr, "Legendre symbol computation failed\n"); + if (!TEST_int_eq(BN_ucmp(r, b), 0)) { + TEST_info("Legendre symbol computation failed"); goto err; } legendre = -1; } - kronecker = BN_kronecker(a, b, ctx); - if (kronecker < -1) + if (!TEST_int_ge(kronecker = BN_kronecker(a, b, ctx), -1)) goto err; /* we actually need BN_kronecker(a, |b|) */ - if (a->neg && b->neg) + if (BN_is_negative(a) && BN_is_negative(b)) kronecker = -kronecker; - if (legendre != kronecker) { - fprintf(stderr, "legendre != kronecker; a = "); - BN_print_fp(stderr, a); - fprintf(stderr, ", b = "); - BN_print_fp(stderr, b); - fprintf(stderr, "\n"); + if (!TEST_int_eq(legendre, kronecker)) goto err; - } - - putc('.', stderr); - fflush(stderr); } - putc('\n', stderr); - fflush(stderr); - ret = 1; + st = 1; err: BN_free(a); BN_free(b); BN_free(r); BN_free(t); - return ret; + return st; } -int test_sqrt(BIO *bp, BN_CTX *ctx) +static int file_sum(STANZA *s) { - BN_GENCB cb; - BIGNUM *a, *p, *r; - int i, j; - int ret = 0; - - a = BN_new(); - p = BN_new(); - r = BN_new(); - if (a == NULL || p == NULL || r == NULL) + BIGNUM *a = NULL, *b = NULL, *sum = NULL, *ret = NULL; + BN_ULONG b_word; + int st = 0; + + if (!TEST_ptr(a = getBN(s, "A")) + || !TEST_ptr(b = getBN(s, "B")) + || !TEST_ptr(sum = getBN(s, "Sum")) + || !TEST_ptr(ret = BN_new())) goto err; - BN_GENCB_set(&cb, genprime_cb, NULL); + if (!TEST_true(BN_add(ret, a, b)) + || !equalBN("A + B", sum, ret) + || !TEST_true(BN_sub(ret, sum, a)) + || !equalBN("Sum - A", b, ret) + || !TEST_true(BN_sub(ret, sum, b)) + || !equalBN("Sum - B", a, ret)) + goto err; - for (i = 0; i < 16; i++) { - if (i < 8) { - unsigned primes[8] = { 2, 3, 5, 7, 11, 13, 17, 19 }; + /* + * Test that the functions work when |r| and |a| point to the same BIGNUM, + * or when |r| and |b| point to the same BIGNUM. + * TODO: Test where all of |r|, |a|, and |b| point to the same BIGNUM. + */ + if (!TEST_true(BN_copy(ret, a)) + || !TEST_true(BN_add(ret, ret, b)) + || !equalBN("A + B (r is a)", sum, ret) + || !TEST_true(BN_copy(ret, b)) + || !TEST_true(BN_add(ret, a, ret)) + || !equalBN("A + B (r is b)", sum, ret) + || !TEST_true(BN_copy(ret, sum)) + || !TEST_true(BN_sub(ret, ret, a)) + || !equalBN("Sum - A (r is a)", b, ret) + || !TEST_true(BN_copy(ret, a)) + || !TEST_true(BN_sub(ret, sum, ret)) + || !equalBN("Sum - A (r is b)", b, ret) + || !TEST_true(BN_copy(ret, sum)) + || !TEST_true(BN_sub(ret, ret, b)) + || !equalBN("Sum - B (r is a)", a, ret) + || !TEST_true(BN_copy(ret, b)) + || !TEST_true(BN_sub(ret, sum, ret)) + || !equalBN("Sum - B (r is b)", a, ret)) + goto err; - if (!BN_set_word(p, primes[i])) - goto err; - } else { - if (!BN_set_word(a, 32)) - goto err; - if (!BN_set_word(r, 2 * i + 1)) - goto err; + /* + * Test BN_uadd() and BN_usub() with the prerequisites they are + * documented as having. Note that these functions are frequently used + * when the prerequisites don't hold. In those cases, they are supposed + * to work as if the prerequisite hold, but we don't test that yet. + * TODO: test that. + */ + if (!BN_is_negative(a) && !BN_is_negative(b) && BN_cmp(a, b) >= 0) { + if (!TEST_true(BN_uadd(ret, a, b)) + || !equalBN("A +u B", sum, ret) + || !TEST_true(BN_usub(ret, sum, a)) + || !equalBN("Sum -u A", b, ret) + || !TEST_true(BN_usub(ret, sum, b)) + || !equalBN("Sum -u B", a, ret)) + goto err; + /* + * Test that the functions work when |r| and |a| point to the same + * BIGNUM, or when |r| and |b| point to the same BIGNUM. + * TODO: Test where all of |r|, |a|, and |b| point to the same BIGNUM. + */ + if (!TEST_true(BN_copy(ret, a)) + || !TEST_true(BN_uadd(ret, ret, b)) + || !equalBN("A +u B (r is a)", sum, ret) + || !TEST_true(BN_copy(ret, b)) + || !TEST_true(BN_uadd(ret, a, ret)) + || !equalBN("A +u B (r is b)", sum, ret) + || !TEST_true(BN_copy(ret, sum)) + || !TEST_true(BN_usub(ret, ret, a)) + || !equalBN("Sum -u A (r is a)", b, ret) + || !TEST_true(BN_copy(ret, a)) + || !TEST_true(BN_usub(ret, sum, ret)) + || !equalBN("Sum -u A (r is b)", b, ret) + || !TEST_true(BN_copy(ret, sum)) + || !TEST_true(BN_usub(ret, ret, b)) + || !equalBN("Sum -u B (r is a)", a, ret) + || !TEST_true(BN_copy(ret, b)) + || !TEST_true(BN_usub(ret, sum, ret)) + || !equalBN("Sum -u B (r is b)", a, ret)) + goto err; + } - if (!BN_generate_prime_ex(p, 256, 0, a, r, &cb)) - goto err; - putc('\n', stderr); - } - p->neg = rand_neg(); - - for (j = 0; j < num2; j++) { - /* - * construct 'a' such that it is a square modulo p, but in - * general not a proper square and not reduced modulo p - */ - if (!BN_bntest_rand(r, 256, 0, 3)) - goto err; - if (!BN_nnmod(r, r, p, ctx)) - goto err; - if (!BN_mod_sqr(r, r, p, ctx)) - goto err; - if (!BN_bntest_rand(a, 256, 0, 3)) - goto err; - if (!BN_nnmod(a, a, p, ctx)) - goto err; - if (!BN_mod_sqr(a, a, p, ctx)) - goto err; - if (!BN_mul(a, a, r, ctx)) - goto err; - if (rand_neg()) - if (!BN_sub(a, a, p)) - goto err; + /* + * Test with BN_add_word() and BN_sub_word() if |b| is small enough. + */ + b_word = BN_get_word(b); + if (!BN_is_negative(b) && b_word != (BN_ULONG)-1) { + if (!TEST_true(BN_copy(ret, a)) + || !TEST_true(BN_add_word(ret, b_word)) + || !equalBN("A + B (word)", sum, ret) + || !TEST_true(BN_copy(ret, sum)) + || !TEST_true(BN_sub_word(ret, b_word)) + || !equalBN("Sum - B (word)", a, ret)) + goto err; + } + st = 1; - if (!BN_mod_sqrt(r, a, p, ctx)) - goto err; - if (!BN_mod_sqr(r, r, p, ctx)) - goto err; +err: + BN_free(a); + BN_free(b); + BN_free(sum); + BN_free(ret); + return st; +} - if (!BN_nnmod(a, a, p, ctx)) - goto err; +static int file_lshift1(STANZA *s) +{ + BIGNUM *a = NULL, *lshift1 = NULL, *zero = NULL, *ret = NULL; + BIGNUM *two = NULL, *remainder = NULL; + int st = 0; + + if (!TEST_ptr(a = getBN(s, "A")) + || !TEST_ptr(lshift1 = getBN(s, "LShift1")) + || !TEST_ptr(zero = BN_new()) + || !TEST_ptr(ret = BN_new()) + || !TEST_ptr(two = BN_new()) + || !TEST_ptr(remainder = BN_new())) + goto err; - if (BN_cmp(a, r) != 0) { - fprintf(stderr, "BN_mod_sqrt failed: a = "); - BN_print_fp(stderr, a); - fprintf(stderr, ", r = "); - BN_print_fp(stderr, r); - fprintf(stderr, ", p = "); - BN_print_fp(stderr, p); - fprintf(stderr, "\n"); - goto err; - } + BN_zero(zero); + + if (!TEST_true(BN_set_word(two, 2)) + || !TEST_true(BN_add(ret, a, a)) + || !equalBN("A + A", lshift1, ret) + || !TEST_true(BN_mul(ret, a, two, ctx)) + || !equalBN("A * 2", lshift1, ret) + || !TEST_true(BN_div(ret, remainder, lshift1, two, ctx)) + || !equalBN("LShift1 / 2", a, ret) + || !equalBN("LShift1 % 2", zero, remainder) + || !TEST_true(BN_lshift1(ret, a)) + || !equalBN("A << 1", lshift1, ret) + || !TEST_true(BN_rshift1(ret, lshift1)) + || !equalBN("LShift >> 1", a, ret) + || !TEST_true(BN_rshift1(ret, lshift1)) + || !equalBN("LShift >> 1", a, ret)) + goto err; - putc('.', stderr); - fflush(stderr); - } + /* Set the LSB to 1 and test rshift1 again. */ + if (!TEST_true(BN_set_bit(lshift1, 0)) + || !TEST_true(BN_div(ret, NULL /* rem */ , lshift1, two, ctx)) + || !equalBN("(LShift1 | 1) / 2", a, ret) + || !TEST_true(BN_rshift1(ret, lshift1)) + || !equalBN("(LShift | 1) >> 1", a, ret)) + goto err; - putc('\n', stderr); - fflush(stderr); - } - ret = 1; - err: + st = 1; +err: BN_free(a); - BN_free(p); - BN_free(r); - return ret; + BN_free(lshift1); + BN_free(zero); + BN_free(ret); + BN_free(two); + BN_free(remainder); + + return st; } -int test_small_prime(BIO *bp, BN_CTX *ctx) +static int file_lshift(STANZA *s) { - static const int bits = 10; - int ret = 0; - BIGNUM *r; + BIGNUM *a = NULL, *lshift = NULL, *ret = NULL; + int n = 0, st = 0; - r = BN_new(); - if (!BN_generate_prime_ex(r, bits, 0, NULL, NULL, NULL)) - goto err; - if (BN_num_bits(r) != bits) { - BIO_printf(bp, "Expected %d bit prime, got %d bit number\n", bits, - BN_num_bits(r)); + if (!TEST_ptr(a = getBN(s, "A")) + || !TEST_ptr(lshift = getBN(s, "LShift")) + || !TEST_ptr(ret = BN_new()) + || !getint(s, &n, "N")) goto err; - } - ret = 1; + if (!TEST_true(BN_lshift(ret, a, n)) + || !equalBN("A << N", lshift, ret) + || !TEST_true(BN_rshift(ret, lshift, n)) + || !equalBN("A >> N", a, ret)) + goto err; - err: - BN_clear_free(r); - return ret; + st = 1; +err: + BN_free(a); + BN_free(lshift); + BN_free(ret); + return st; } -int test_bn2dec(BIO *bp) +static int file_rshift(STANZA *s) { - static const char *bn2dec_tests[] = { - "0", - "1", - "-1", - "100", - "-100", - "123456789012345678901234567890", - "-123456789012345678901234567890", - "123456789012345678901234567890123456789012345678901234567890", - "-123456789012345678901234567890123456789012345678901234567890", - }; - int ret = 0; - size_t i; - BIGNUM *bn = NULL; - char *dec = NULL; + BIGNUM *a = NULL, *rshift = NULL, *ret = NULL; + int n = 0, st = 0; - for (i = 0; i < OSSL_NELEM(bn2dec_tests); i++) { - if (!BN_dec2bn(&bn, bn2dec_tests[i])) - goto err; + if (!TEST_ptr(a = getBN(s, "A")) + || !TEST_ptr(rshift = getBN(s, "RShift")) + || !TEST_ptr(ret = BN_new()) + || !getint(s, &n, "N")) + goto err; - dec = BN_bn2dec(bn); - if (dec == NULL) { - fprintf(stderr, "BN_bn2dec failed on %s.\n", bn2dec_tests[i]); - goto err; - } + if (!TEST_true(BN_rshift(ret, a, n)) + || !equalBN("A >> N", rshift, ret)) + goto err; - if (strcmp(dec, bn2dec_tests[i]) != 0) { - fprintf(stderr, "BN_bn2dec gave %s, wanted %s.\n", dec, - bn2dec_tests[i]); + /* If N == 1, try with rshift1 as well */ + if (n == 1) { + if (!TEST_true(BN_rshift1(ret, a)) + || !equalBN("A >> 1 (rshift1)", rshift, ret)) goto err; - } - - OPENSSL_free(dec); - dec = NULL; } - - ret = 1; + st = 1; err: - BN_free(bn); - OPENSSL_free(dec); - return ret; + BN_free(a); + BN_free(rshift); + BN_free(ret); + return st; } -int test_lshift(BIO *bp, BN_CTX *ctx, BIGNUM *a_) +static int file_square(STANZA *s) { - BIGNUM *a, *b, *c, *d; - int i; - - b = BN_new(); - c = BN_new(); - d = BN_new(); - BN_one(c); - - if (a_) - a = a_; - else { - a = BN_new(); - BN_bntest_rand(a, 200, 0, 0); - a->neg = rand_neg(); - } - for (i = 0; i < num0; i++) { - BN_lshift(b, a, i + 1); - BN_add(c, c, c); - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " * "); - BN_print(bp, c); - BIO_puts(bp, " - "); - } - BN_print(bp, b); - BIO_puts(bp, "\n"); - } - BN_mul(d, a, c, ctx); - BN_sub(d, d, b); - if (!BN_is_zero(d)) { - fprintf(stderr, "Left shift test failed!\n"); - fprintf(stderr, "a="); - BN_print_fp(stderr, a); - fprintf(stderr, "\nb="); - BN_print_fp(stderr, b); - fprintf(stderr, "\nc="); - BN_print_fp(stderr, c); - fprintf(stderr, "\nd="); - BN_print_fp(stderr, d); - fprintf(stderr, "\n"); - return 0; - } + BIGNUM *a = NULL, *square = NULL, *zero = NULL, *ret = NULL; + BIGNUM *remainder = NULL, *tmp = NULL; + int st = 0; + + if (!TEST_ptr(a = getBN(s, "A")) + || !TEST_ptr(square = getBN(s, "Square")) + || !TEST_ptr(zero = BN_new()) + || !TEST_ptr(ret = BN_new()) + || !TEST_ptr(remainder = BN_new())) + goto err; + + BN_zero(zero); + if (!TEST_true(BN_sqr(ret, a, ctx)) + || !equalBN("A^2", square, ret) + || !TEST_true(BN_mul(ret, a, a, ctx)) + || !equalBN("A * A", square, ret) + || !TEST_true(BN_div(ret, remainder, square, a, ctx)) + || !equalBN("Square / A", a, ret) + || !equalBN("Square % A", zero, remainder)) + goto err; + +#if HAVE_BN_SQRT + BN_set_negative(a, 0); + if (!TEST_true(BN_sqrt(ret, square, ctx)) + || !equalBN("sqrt(Square)", a, ret)) + goto err; + + /* BN_sqrt should fail on non-squares and negative numbers. */ + if (!TEST_BN_eq_zero(square)) { + if (!TEST_ptr(tmp = BN_new()) + || !TEST_true(BN_copy(tmp, square))) + goto err; + BN_set_negative(tmp, 1); + + if (!TEST_int_eq(BN_sqrt(ret, tmp, ctx), 0)) + goto err; + ERR_clear_error(); + + BN_set_negative(tmp, 0); + if (BN_add(tmp, tmp, BN_value_one())) + goto err; + if (!TEST_int_eq(BN_sqrt(ret, tmp, ctx))) + goto err; + ERR_clear_error(); } +#endif + + st = 1; +err: + BN_free(a); + BN_free(square); + BN_free(zero); + BN_free(ret); + BN_free(remainder); + BN_free(tmp); + return st; +} + +static int file_product(STANZA *s) +{ + BIGNUM *a = NULL, *b = NULL, *product = NULL, *ret = NULL; + BIGNUM *remainder = NULL, *zero = NULL; + int st = 0; + + if (!TEST_ptr(a = getBN(s, "A")) + || !TEST_ptr(b = getBN(s, "B")) + || !TEST_ptr(product = getBN(s, "Product")) + || !TEST_ptr(ret = BN_new()) + || !TEST_ptr(remainder = BN_new()) + || !TEST_ptr(zero = BN_new())) + goto err; + + BN_zero(zero); + + if (!TEST_true(BN_mul(ret, a, b, ctx)) + || !equalBN("A * B", product, ret) + || !TEST_true(BN_div(ret, remainder, product, a, ctx)) + || !equalBN("Product / A", b, ret) + || !equalBN("Product % A", zero, remainder) + || !TEST_true(BN_div(ret, remainder, product, b, ctx)) + || !equalBN("Product / B", a, ret) + || !equalBN("Product % B", zero, remainder)) + goto err; + + st = 1; +err: BN_free(a); BN_free(b); - BN_free(c); - BN_free(d); - return (1); + BN_free(product); + BN_free(ret); + BN_free(remainder); + BN_free(zero); + return st; } -int test_lshift1(BIO *bp) +static int file_quotient(STANZA *s) { - BIGNUM *a, *b, *c; - int i; - - a = BN_new(); - b = BN_new(); - c = BN_new(); - - BN_bntest_rand(a, 200, 0, 0); - a->neg = rand_neg(); - for (i = 0; i < num0; i++) { - BN_lshift1(b, a); - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " * 2"); - BIO_puts(bp, " - "); - } - BN_print(bp, b); - BIO_puts(bp, "\n"); + BIGNUM *a = NULL, *b = NULL, *quotient = NULL, *remainder = NULL; + BIGNUM *ret = NULL, *ret2 = NULL, *nnmod = NULL; + BN_ULONG b_word, ret_word; + int st = 0; + + if (!TEST_ptr(a = getBN(s, "A")) + || !TEST_ptr(b = getBN(s, "B")) + || !TEST_ptr(quotient = getBN(s, "Quotient")) + || !TEST_ptr(remainder = getBN(s, "Remainder")) + || !TEST_ptr(ret = BN_new()) + || !TEST_ptr(ret2 = BN_new()) + || !TEST_ptr(nnmod = BN_new())) + goto err; + + if (!TEST_true(BN_div(ret, ret2, a, b, ctx)) + || !equalBN("A / B", quotient, ret) + || !equalBN("A % B", remainder, ret2) + || !TEST_true(BN_mul(ret, quotient, b, ctx)) + || !TEST_true(BN_add(ret, ret, remainder)) + || !equalBN("Quotient * B + Remainder", a, ret)) + goto err; + + /* + * Test with BN_mod_word() and BN_div_word() if the divisor is + * small enough. + */ + b_word = BN_get_word(b); + if (!BN_is_negative(b) && b_word != (BN_ULONG)-1) { + BN_ULONG remainder_word = BN_get_word(remainder); + + assert(remainder_word != (BN_ULONG)-1); + if (!TEST_ptr(BN_copy(ret, a))) + goto err; + ret_word = BN_div_word(ret, b_word); + if (ret_word != remainder_word) { +#ifdef BN_DEC_FMT1 + TEST_error( + "Got A %% B (word) = " BN_DEC_FMT1 ", wanted " BN_DEC_FMT1, + ret_word, remainder_word); +#else + TEST_error("Got A %% B (word) mismatch"); +#endif + goto err; } - BN_add(c, a, a); - BN_sub(a, b, c); - if (!BN_is_zero(a)) { - fprintf(stderr, "Left shift one test failed!\n"); - return 0; + if (!equalBN ("A / B (word)", quotient, ret)) + goto err; + + ret_word = BN_mod_word(a, b_word); + if (ret_word != remainder_word) { +#ifdef BN_DEC_FMT1 + TEST_error( + "Got A %% B (word) = " BN_DEC_FMT1 ", wanted " BN_DEC_FMT1 "", + ret_word, remainder_word); +#else + TEST_error("Got A %% B (word) mismatch"); +#endif + goto err; } + } - BN_copy(a, b); + /* Test BN_nnmod. */ + if (!BN_is_negative(b)) { + if (!TEST_true(BN_copy(nnmod, remainder)) + || (BN_is_negative(nnmod) + && !TEST_true(BN_add(nnmod, nnmod, b))) + || !TEST_true(BN_nnmod(ret, a, b, ctx)) + || !equalBN("A % B (non-negative)", nnmod, ret)) + goto err; } + + st = 1; +err: BN_free(a); BN_free(b); - BN_free(c); - return (1); + BN_free(quotient); + BN_free(remainder); + BN_free(ret); + BN_free(ret2); + BN_free(nnmod); + return st; } -int test_rshift(BIO *bp, BN_CTX *ctx) +static int file_modmul(STANZA *s) { - BIGNUM *a, *b, *c, *d, *e; - int i; - - a = BN_new(); - b = BN_new(); - c = BN_new(); - d = BN_new(); - e = BN_new(); - BN_one(c); - - BN_bntest_rand(a, 200, 0, 0); - a->neg = rand_neg(); - for (i = 0; i < num0; i++) { - BN_rshift(b, a, i + 1); - BN_add(c, c, c); - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " / "); - BN_print(bp, c); - BIO_puts(bp, " - "); - } - BN_print(bp, b); - BIO_puts(bp, "\n"); - } - BN_div(d, e, a, c, ctx); - BN_sub(d, d, b); - if (!BN_is_zero(d)) { - fprintf(stderr, "Right shift test failed!\n"); - return 0; - } + BIGNUM *a = NULL, *b = NULL, *m = NULL, *mod_mul = NULL, *ret = NULL; + int st = 0; + + if (!TEST_ptr(a = getBN(s, "A")) + || !TEST_ptr(b = getBN(s, "B")) + || !TEST_ptr(m = getBN(s, "M")) + || !TEST_ptr(mod_mul = getBN(s, "ModMul")) + || !TEST_ptr(ret = BN_new())) + goto err; + + if (!TEST_true(BN_mod_mul(ret, a, b, m, ctx)) + || !equalBN("A * B (mod M)", mod_mul, ret)) + goto err; + + if (BN_is_odd(m)) { + /* Reduce |a| and |b| and test the Montgomery version. */ + BN_MONT_CTX *mont = BN_MONT_CTX_new(); + BIGNUM *a_tmp = BN_new(); + BIGNUM *b_tmp = BN_new(); + + if (mont == NULL || a_tmp == NULL || b_tmp == NULL + || !TEST_true(BN_MONT_CTX_set(mont, m, ctx)) + || !TEST_true(BN_nnmod(a_tmp, a, m, ctx)) + || !TEST_true(BN_nnmod(b_tmp, b, m, ctx)) + || !TEST_true(BN_to_montgomery(a_tmp, a_tmp, mont, ctx)) + || !TEST_true(BN_to_montgomery(b_tmp, b_tmp, mont, ctx)) + || !TEST_true(BN_mod_mul_montgomery(ret, a_tmp, b_tmp, + mont, ctx)) + || !TEST_true(BN_from_montgomery(ret, ret, mont, ctx)) + || !equalBN("A * B (mod M) (mont)", mod_mul, ret)) + st = 0; + else + st = 1; + BN_MONT_CTX_free(mont); + BN_free(a_tmp); + BN_free(b_tmp); + if (st == 0) + goto err; + } + + st = 1; +err: + BN_free(a); + BN_free(b); + BN_free(m); + BN_free(mod_mul); + BN_free(ret); + return st; +} + +static int file_modexp(STANZA *s) +{ + BIGNUM *a = NULL, *e = NULL, *m = NULL, *mod_exp = NULL, *ret = NULL; + BIGNUM *b = NULL, *c = NULL, *d = NULL; + int st = 0; + + if (!TEST_ptr(a = getBN(s, "A")) + || !TEST_ptr(e = getBN(s, "E")) + || !TEST_ptr(m = getBN(s, "M")) + || !TEST_ptr(mod_exp = getBN(s, "ModExp")) + || !TEST_ptr(ret = BN_new()) + || !TEST_ptr(d = BN_new())) + goto err; + + if (!TEST_true(BN_mod_exp(ret, a, e, m, ctx)) + || !equalBN("A ^ E (mod M)", mod_exp, ret)) + goto err; + + if (BN_is_odd(m)) { + if (!TEST_true(BN_mod_exp_mont(ret, a, e, m, ctx, NULL)) + || !equalBN("A ^ E (mod M) (mont)", mod_exp, ret) + || !TEST_true(BN_mod_exp_mont_consttime(ret, a, e, m, + ctx, NULL)) + || !equalBN("A ^ E (mod M) (mont const", mod_exp, ret)) + goto err; } + + /* Regression test for carry propagation bug in sqr8x_reduction */ + BN_hex2bn(&a, "050505050505"); + BN_hex2bn(&b, "02"); + BN_hex2bn(&c, + "4141414141414141414141274141414141414141414141414141414141414141" + "4141414141414141414141414141414141414141414141414141414141414141" + "4141414141414141414141800000000000000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000001"); + if (!TEST_true(BN_mod_exp(d, a, b, c, ctx)) + || !TEST_true(BN_mul(e, a, a, ctx)) + || !TEST_BN_eq(d, e)) + goto err; + + st = 1; +err: BN_free(a); BN_free(b); BN_free(c); BN_free(d); BN_free(e); - return (1); + BN_free(m); + BN_free(mod_exp); + BN_free(ret); + return st; } -int test_rshift1(BIO *bp) +static int file_exp(STANZA *s) { - BIGNUM *a, *b, *c; - int i; - - a = BN_new(); - b = BN_new(); - c = BN_new(); - - BN_bntest_rand(a, 200, 0, 0); - a->neg = rand_neg(); - for (i = 0; i < num0; i++) { - BN_rshift1(b, a); - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " / 2"); - BIO_puts(bp, " - "); - } - BN_print(bp, b); - BIO_puts(bp, "\n"); - } - BN_sub(c, a, b); - BN_sub(c, c, b); - if (!BN_is_zero(c) && !BN_abs_is_word(c, 1)) { - fprintf(stderr, "Right shift one test failed!\n"); - return 0; + BIGNUM *a = NULL, *e = NULL, *exp = NULL, *ret = NULL; + int st = 0; + + if (!TEST_ptr(a = getBN(s, "A")) + || !TEST_ptr(e = getBN(s, "E")) + || !TEST_ptr(exp = getBN(s, "Exp")) + || !TEST_ptr(ret = BN_new())) + goto err; + + if (!TEST_true(BN_exp(ret, a, e, ctx)) + || !equalBN("A ^ E", exp, ret)) + goto err; + + st = 1; +err: + BN_free(a); + BN_free(e); + BN_free(exp); + BN_free(ret); + return st; +} + +static int file_modsqrt(STANZA *s) +{ + BIGNUM *a = NULL, *p = NULL, *mod_sqrt = NULL, *ret = NULL, *ret2 = NULL; + int st = 0; + + if (!TEST_ptr(a = getBN(s, "A")) + || !TEST_ptr(p = getBN(s, "P")) + || !TEST_ptr(mod_sqrt = getBN(s, "ModSqrt")) + || !TEST_ptr(ret = BN_new()) + || !TEST_ptr(ret2 = BN_new())) + goto err; + + /* There are two possible answers. */ + if (!TEST_true(BN_mod_sqrt(ret, a, p, ctx)) + || !TEST_true(BN_sub(ret2, p, ret))) + goto err; + + /* The first condition should NOT be a test. */ + if (BN_cmp(ret2, mod_sqrt) != 0 + && !equalBN("sqrt(A) (mod P)", mod_sqrt, ret)) + goto err; + + st = 1; +err: + BN_free(a); + BN_free(p); + BN_free(mod_sqrt); + BN_free(ret); + BN_free(ret2); + return st; +} + +static int test_bn2padded(void) +{ +#if HAVE_BN_PADDED + uint8_t zeros[256], out[256], reference[128]; + BIGNUM *n = BN_new(); + int st = 0; + + /* Test edge case at 0. */ + if (n == NULL) + goto err; + if (!TEST_true(BN_bn2bin_padded(NULL, 0, n))) + goto err; + memset(out, -1, sizeof(out)); + if (!TEST_true(BN_bn2bin_padded(out, sizeof(out)), n)) + goto err; + memset(zeros, 0, sizeof(zeros)); + if (!TEST_mem_eq(zeros, sizeof(zeros), out, sizeof(out))) + goto err; + + /* Test a random numbers at various byte lengths. */ + for (size_t bytes = 128 - 7; bytes <= 128; bytes++) { +#define TOP_BIT_ON 0 +#define BOTTOM_BIT_NOTOUCH 0 + if (!TEST_true(BN_rand(n, bytes * 8, TOP_BIT_ON, BOTTOM_BIT_NOTOUCH))) + goto err; + if (!TEST_int_eq(BN_num_bytes(n),A) bytes + || TEST_int_eq(BN_bn2bin(n, reference), bytes)) + goto err; + /* Empty buffer should fail. */ + if (!TEST_int_eq(BN_bn2bin_padded(NULL, 0, n)), 0) + goto err; + /* One byte short should fail. */ + if (BN_bn2bin_padded(out, bytes - 1, n)) + goto err; + /* Exactly right size should encode. */ + if (!TEST_true(BN_bn2bin_padded(out, bytes, n)) + || TEST_mem_eq(out, bytes, reference, bytes)) + goto err; + /* Pad up one byte extra. */ + if (!TEST_true(BN_bn2bin_padded(out, bytes + 1, n)) + || !TEST_mem_eq(out + 1, bytes, reference, bytes) + || !TEST_mem_eq(out, 1, zeros, 1)) + goto err; + /* Pad up to 256. */ + if (!TEST_true(BN_bn2bin_padded(out, sizeof(out)), n) + || !TEST_mem_eq(out + sizeof(out) - bytes, bytes, + reference, bytes) + || !TEST_mem_eq(out, sizseof(out) - bytes, + zeros, sizeof(out) - bytes)) + goto err; + } + + st = 1; +err: + BN_free(n); + return st; +#else + return ctx != NULL; +#endif +} + +static int test_dec2bn(void) +{ + BIGNUM *bn = NULL; + int st = 0; + + if (!TEST_int_eq(parsedecBN(&bn, "0"), 1) + || !TEST_BN_eq_word(bn, 0) + || !TEST_BN_eq_zero(bn) + || !TEST_BN_le_zero(bn) + || !TEST_BN_ge_zero(bn) + || !TEST_BN_even(bn)) + goto err; + BN_free(bn); + bn = NULL; + + if (!TEST_int_eq(parsedecBN(&bn, "256"), 3) + || !TEST_BN_eq_word(bn, 256) + || !TEST_BN_ge_zero(bn) + || !TEST_BN_gt_zero(bn) + || !TEST_BN_ne_zero(bn) + || !TEST_BN_even(bn)) + goto err; + BN_free(bn); + bn = NULL; + + if (!TEST_int_eq(parsedecBN(&bn, "-42"), 3) + || !TEST_BN_abs_eq_word(bn, 42) + || !TEST_BN_lt_zero(bn) + || !TEST_BN_le_zero(bn) + || !TEST_BN_ne_zero(bn) + || !TEST_BN_even(bn)) + goto err; + BN_free(bn); + bn = NULL; + + if (!TEST_int_eq(parsedecBN(&bn, "1"), 1) + || !TEST_BN_eq_word(bn, 1) + || !TEST_BN_ne_zero(bn) + || !TEST_BN_gt_zero(bn) + || !TEST_BN_ge_zero(bn) + || !TEST_BN_eq_one(bn) + || !TEST_BN_odd(bn)) + goto err; + BN_free(bn); + bn = NULL; + + if (!TEST_int_eq(parsedecBN(&bn, "-0"), 2) + || !TEST_BN_eq_zero(bn) + || !TEST_BN_ge_zero(bn) + || !TEST_BN_le_zero(bn) + || !TEST_BN_even(bn)) + goto err; + BN_free(bn); + bn = NULL; + + if (!TEST_int_eq(parsedecBN(&bn, "42trailing garbage is ignored"), 2) + || !TEST_BN_abs_eq_word(bn, 42) + || !TEST_BN_ge_zero(bn) + || !TEST_BN_gt_zero(bn) + || !TEST_BN_ne_zero(bn) + || !TEST_BN_even(bn)) + goto err; + + st = 1; +err: + BN_free(bn); + return st; +} + +static int test_hex2bn(void) +{ + BIGNUM *bn = NULL; + int st = 0; + + if (!TEST_int_eq(parseBN(&bn, "0"), 1) + || !TEST_BN_eq_zero(bn) + || !TEST_BN_ge_zero(bn) + || !TEST_BN_even(bn)) + goto err; + BN_free(bn); + bn = NULL; + + if (!TEST_int_eq(parseBN(&bn, "256"), 3) + || !TEST_BN_eq_word(bn, 0x256) + || !TEST_BN_ge_zero(bn) + || !TEST_BN_gt_zero(bn) + || !TEST_BN_ne_zero(bn) + || !TEST_BN_even(bn)) + goto err; + BN_free(bn); + bn = NULL; + + if (!TEST_int_eq(parseBN(&bn, "-42"), 3) + || !TEST_BN_abs_eq_word(bn, 0x42) + || !TEST_BN_lt_zero(bn) + || !TEST_BN_le_zero(bn) + || !TEST_BN_ne_zero(bn) + || !TEST_BN_even(bn)) + goto err; + BN_free(bn); + bn = NULL; + + if (!TEST_int_eq(parseBN(&bn, "cb"), 2) + || !TEST_BN_eq_word(bn, 0xCB) + || !TEST_BN_ge_zero(bn) + || !TEST_BN_gt_zero(bn) + || !TEST_BN_ne_zero(bn) + || !TEST_BN_odd(bn)) + goto err; + BN_free(bn); + bn = NULL; + + if (!TEST_int_eq(parseBN(&bn, "-0"), 2) + || !TEST_BN_eq_zero(bn) + || !TEST_BN_ge_zero(bn) + || !TEST_BN_le_zero(bn) + || !TEST_BN_even(bn)) + goto err; + BN_free(bn); + bn = NULL; + + if (!TEST_int_eq(parseBN(&bn, "abctrailing garbage is ignored"), 3) + || !TEST_BN_eq_word(bn, 0xabc) + || !TEST_BN_ge_zero(bn) + || !TEST_BN_gt_zero(bn) + || !TEST_BN_ne_zero(bn) + || !TEST_BN_even(bn)) + goto err; + st = 1; + +err: + BN_free(bn); + return st; +} + +static int test_asc2bn(void) +{ + BIGNUM *bn = NULL; + int st = 0; + + if (!TEST_ptr(bn = BN_new())) + goto err; + + if (!TEST_true(BN_asc2bn(&bn, "0")) + || !TEST_BN_eq_zero(bn) + || !TEST_BN_ge_zero(bn)) + goto err; + + if (!TEST_true(BN_asc2bn(&bn, "256")) + || !TEST_BN_eq_word(bn, 256) + || !TEST_BN_ge_zero(bn)) + goto err; + + if (!TEST_true(BN_asc2bn(&bn, "-42")) + || !TEST_BN_abs_eq_word(bn, 42) + || !TEST_BN_lt_zero(bn)) + goto err; + + if (!TEST_true(BN_asc2bn(&bn, "0x1234")) + || !TEST_BN_eq_word(bn, 0x1234) + || !TEST_BN_ge_zero(bn)) + goto err; + + if (!TEST_true(BN_asc2bn(&bn, "0X1234")) + || !TEST_BN_eq_word(bn, 0x1234) + || !TEST_BN_ge_zero(bn)) + goto err; + + if (!TEST_true(BN_asc2bn(&bn, "-0xabcd")) + || !TEST_BN_abs_eq_word(bn, 0xabcd) + || !TEST_BN_lt_zero(bn)) + goto err; + + if (!TEST_true(BN_asc2bn(&bn, "-0")) + || !TEST_BN_eq_zero(bn) + || !TEST_BN_ge_zero(bn)) + goto err; + + if (!TEST_true(BN_asc2bn(&bn, "123trailing garbage is ignored")) + || !TEST_BN_eq_word(bn, 123) + || !TEST_BN_ge_zero(bn)) + goto err; + + st = 1; +err: + BN_free(bn); + return st; +} + +static const MPITEST kMPITests[] = { + {"0", "\x00\x00\x00\x00", 4}, + {"1", "\x00\x00\x00\x01\x01", 5}, + {"-1", "\x00\x00\x00\x01\x81", 5}, + {"128", "\x00\x00\x00\x02\x00\x80", 6}, + {"256", "\x00\x00\x00\x02\x01\x00", 6}, + {"-256", "\x00\x00\x00\x02\x81\x00", 6}, +}; + +static int test_mpi(int i) +{ + uint8_t scratch[8]; + const MPITEST *test = &kMPITests[i]; + size_t mpi_len, mpi_len2; + BIGNUM *bn = NULL; + BIGNUM *bn2 = NULL; + int st = 0; + + if (!TEST_ptr(bn = BN_new()) + || !TEST_true(BN_asc2bn(&bn, test->base10))) + goto err; + mpi_len = BN_bn2mpi(bn, NULL); + if (!TEST_size_t_le(mpi_len, sizeof(scratch))) + goto err; + + if (!TEST_size_t_eq(mpi_len2 = BN_bn2mpi(bn, scratch), mpi_len) + || !TEST_mem_eq(test->mpi, test->mpi_len, scratch, mpi_len)) + goto err; + + if (!TEST_ptr(bn2 = BN_mpi2bn(scratch, mpi_len, NULL))) + goto err; + + if (!TEST_BN_eq(bn, bn2)) { + BN_free(bn2); + goto err; + } + BN_free(bn2); + + st = 1; +err: + BN_free(bn); + return st; +} + +static int test_rand(void) +{ + BIGNUM *bn = NULL; + int st = 0; + + if (!TEST_ptr(bn = BN_new())) + return 0; + + /* Test BN_rand for degenerate cases with |top| and |bottom| parameters. */ + if (!TEST_false(BN_rand(bn, 0, 0 /* top */ , 0 /* bottom */ )) + || !TEST_false(BN_rand(bn, 0, 1 /* top */ , 1 /* bottom */ )) + || !TEST_true(BN_rand(bn, 1, 0 /* top */ , 0 /* bottom */ )) + || !TEST_BN_eq_one(bn) + || !TEST_false(BN_rand(bn, 1, 1 /* top */ , 0 /* bottom */ )) + || !TEST_true(BN_rand(bn, 1, -1 /* top */ , 1 /* bottom */ )) + || !TEST_BN_eq_one(bn) + || !TEST_true(BN_rand(bn, 2, 1 /* top */ , 0 /* bottom */ )) + || !TEST_BN_eq_word(bn, 3)) + goto err; + + st = 1; +err: + BN_free(bn); + return st; +} + +static int test_negzero(void) +{ + BIGNUM *a = NULL, *b = NULL, *c = NULL, *d = NULL; + BIGNUM *numerator = NULL, *denominator = NULL; + int consttime, st = 0; + + if (!TEST_ptr(a = BN_new()) + || !TEST_ptr(b = BN_new()) + || !TEST_ptr(c = BN_new()) + || !TEST_ptr(d = BN_new())) + goto err; + + /* Test that BN_mul never gives negative zero. */ + if (!TEST_true(BN_set_word(a, 1))) + goto err; + BN_set_negative(a, 1); + BN_zero(b); + if (!TEST_true(BN_mul(c, a, b, ctx))) + goto err; + if (!TEST_BN_eq_zero(c) + || !TEST_BN_ge_zero(c)) + goto err; + + for (consttime = 0; consttime < 2; consttime++) { + if (!TEST_ptr(numerator = BN_new()) + || !TEST_ptr(denominator = BN_new())) + goto err; + if (consttime) { + BN_set_flags(numerator, BN_FLG_CONSTTIME); + BN_set_flags(denominator, BN_FLG_CONSTTIME); } - BN_copy(a, b); + /* Test that BN_div never gives negative zero in the quotient. */ + if (!TEST_true(BN_set_word(numerator, 1)) + || !TEST_true(BN_set_word(denominator, 2))) + goto err; + BN_set_negative(numerator, 1); + if (!TEST_true(BN_div(a, b, numerator, denominator, ctx)) + || !TEST_BN_eq_zero(a) + || !TEST_BN_ge_zero(a)) + goto err; + + /* Test that BN_div never gives negative zero in the remainder. */ + if (!TEST_true(BN_set_word(denominator, 1)) + || !TEST_true(BN_div(a, b, numerator, denominator, ctx)) + || !TEST_BN_eq_zero(b) + || !TEST_BN_ge_zero(b)) + goto err; + BN_free(numerator); + BN_free(denominator); + numerator = denominator = NULL; } + + /* Test that BN_set_negative will not produce a negative zero. */ + BN_zero(a); + BN_set_negative(a, 1); + if (BN_is_negative(a)) + goto err; + st = 1; + +err: BN_free(a); BN_free(b); BN_free(c); - return (1); + BN_free(d); + BN_free(numerator); + BN_free(denominator); + return st; } -int rand_neg(void) +static int test_badmod(void) { - static unsigned int neg = 0; - static int sign[8] = { 0, 0, 0, 1, 1, 0, 1, 1 }; + BIGNUM *a = NULL, *b = NULL, *zero = NULL; + BN_MONT_CTX *mont = NULL; + int st = 0; + + if (!TEST_ptr(a = BN_new()) + || !TEST_ptr(b = BN_new()) + || !TEST_ptr(zero = BN_new()) + || !TEST_ptr(mont = BN_MONT_CTX_new())) + goto err; + BN_zero(zero); + + if (!TEST_false(BN_div(a, b, BN_value_one(), zero, ctx))) + goto err; + ERR_clear_error(); + + if (!TEST_false(BN_mod_mul(a, BN_value_one(), BN_value_one(), zero, ctx))) + goto err; + ERR_clear_error(); + + if (!TEST_false(BN_mod_exp(a, BN_value_one(), BN_value_one(), zero, ctx))) + goto err; + ERR_clear_error(); + + if (!TEST_false(BN_mod_exp_mont(a, BN_value_one(), BN_value_one(), + zero, ctx, NULL))) + goto err; + ERR_clear_error(); + + if (!TEST_false(BN_mod_exp_mont_consttime(a, BN_value_one(), BN_value_one(), + zero, ctx, NULL))) + goto err; + ERR_clear_error(); + + if (!TEST_false(BN_MONT_CTX_set(mont, zero, ctx))) + goto err; + ERR_clear_error(); + + /* Some operations also may not be used with an even modulus. */ + if (!TEST_true(BN_set_word(b, 16))) + goto err; + + if (!TEST_false(BN_MONT_CTX_set(mont, b, ctx))) + goto err; + ERR_clear_error(); + + if (!TEST_false(BN_mod_exp_mont(a, BN_value_one(), BN_value_one(), + b, ctx, NULL))) + goto err; + ERR_clear_error(); + + if (!TEST_false(BN_mod_exp_mont_consttime(a, BN_value_one(), BN_value_one(), + b, ctx, NULL))) + goto err; + ERR_clear_error(); + + st = 1; +err: + BN_free(a); + BN_free(b); + BN_free(zero); + BN_MONT_CTX_free(mont); + return st; +} + +static int test_expmodzero(void) +{ + BIGNUM *a = NULL, *r = NULL, *zero = NULL; + int st = 0; + + if (!TEST_ptr(zero = BN_new()) + || !TEST_ptr(a = BN_new()) + || !TEST_ptr(r = BN_new())) + goto err; + BN_zero(zero); + + if (!TEST_true(BN_mod_exp(r, a, zero, BN_value_one(), NULL)) + || !TEST_BN_eq_zero(r) + || !TEST_true(BN_mod_exp_mont(r, a, zero, BN_value_one(), + NULL, NULL)) + || !TEST_BN_eq_zero(r) + || !TEST_true(BN_mod_exp_mont_consttime(r, a, zero, + BN_value_one(), + NULL, NULL)) + || !TEST_BN_eq_zero(r) + || !TEST_true(BN_mod_exp_mont_word(r, 42, zero, + BN_value_one(), NULL, NULL)) + || !TEST_BN_eq_zero(r)) + goto err; - return (sign[(neg++) % 8]); + st = 1; +err: + BN_free(zero); + BN_free(a); + BN_free(r); + return st; +} + +static int test_expmodone(void) +{ + int ret = 0, i; + BIGNUM *r = BN_new(); + BIGNUM *a = BN_new(); + BIGNUM *p = BN_new(); + BIGNUM *m = BN_new(); + + if (!TEST_ptr(r) + || !TEST_ptr(a) + || !TEST_ptr(p) + || !TEST_ptr(p) + || !TEST_ptr(m) + || !TEST_true(BN_set_word(a, 1)) + || !TEST_true(BN_set_word(p, 0)) + || !TEST_true(BN_set_word(m, 1))) + goto err; + + /* Calculate r = 1 ^ 0 mod 1, and check the result is always 0 */ + for (i = 0; i < 2; i++) { + if (!TEST_true(BN_mod_exp(r, a, p, m, NULL)) + || !TEST_BN_eq_zero(r) + || !TEST_true(BN_mod_exp_mont(r, a, p, m, NULL, NULL)) + || !TEST_BN_eq_zero(r) + || !TEST_true(BN_mod_exp_mont_consttime(r, a, p, m, NULL, NULL)) + || !TEST_BN_eq_zero(r) + || !TEST_true(BN_mod_exp_mont_word(r, 1, p, m, NULL, NULL)) + || !TEST_BN_eq_zero(r) + || !TEST_true(BN_mod_exp_simple(r, a, p, m, NULL)) + || !TEST_BN_eq_zero(r) + || !TEST_true(BN_mod_exp_recp(r, a, p, m, NULL)) + || !TEST_BN_eq_zero(r)) + goto err; + /* Repeat for r = 1 ^ 0 mod -1 */ + if (i == 0) + BN_set_negative(m, 1); + } + + ret = 1; +err: + BN_free(r); + BN_free(a); + BN_free(p); + BN_free(m); + return ret; +} + +static int test_smallprime(void) +{ + static const int kBits = 10; + BIGNUM *r; + int st = 0; + + if (!TEST_ptr(r = BN_new()) + || !TEST_true(BN_generate_prime_ex(r, (int)kBits, 0, + NULL, NULL, NULL)) + || !TEST_int_eq(BN_num_bits(r), kBits)) + goto err; + + st = 1; +err: + BN_free(r); + return st; +} + +static int primes[] = { 2, 3, 5, 7, 17863 }; + +static int test_is_prime(int i) +{ + int ret = 0; + BIGNUM *r = NULL; + int trial; + + if (!TEST_ptr(r = BN_new())) + goto err; + + for (trial = 0; trial <= 1; ++trial) { + if (!TEST_true(BN_set_word(r, primes[i])) + || !TEST_int_eq(BN_is_prime_fasttest_ex(r, 1, ctx, trial, NULL), + 1)) + goto err; + } + + ret = 1; +err: + BN_free(r); + return ret; +} + +static int not_primes[] = { -1, 0, 1, 4 }; + +static int test_not_prime(int i) +{ + int ret = 0; + BIGNUM *r = NULL; + int trial; + + if (!TEST_ptr(r = BN_new())) + goto err; + + for (trial = 0; trial <= 1; ++trial) { + if (!TEST_true(BN_set_word(r, not_primes[i])) + || !TEST_false(BN_is_prime_fasttest_ex(r, 1, ctx, trial, NULL))) + goto err; + } + + ret = 1; +err: + BN_free(r); + return ret; +} + +static int file_test_run(STANZA *s) +{ + static const FILETEST filetests[] = { + {"Sum", file_sum}, + {"LShift1", file_lshift1}, + {"LShift", file_lshift}, + {"RShift", file_rshift}, + {"Square", file_square}, + {"Product", file_product}, + {"Quotient", file_quotient}, + {"ModMul", file_modmul}, + {"ModExp", file_modexp}, + {"Exp", file_exp}, + {"ModSqrt", file_modsqrt}, + }; + int numtests = OSSL_NELEM(filetests); + const FILETEST *tp = filetests; + + for ( ; --numtests >= 0; tp++) { + if (findattr(s, tp->name) != NULL) { + if (!tp->func(s)) { + TEST_info("%s:%d: Failed %s test", + s->test_file, s->start, tp->name); + return 0; + } + return 1; + } + } + TEST_info("%s:%d: Unknown test", s->test_file, s->start); + return 0; +} + +static int run_file_tests(int i) +{ + STANZA *s = NULL; + char *testfile = test_get_argument(i); + int c; + + if (!TEST_ptr(s = OPENSSL_zalloc(sizeof(*s)))) + return 0; + if (!test_start_file(s, testfile)) { + OPENSSL_free(s); + return 0; + } + + /* Read test file. */ + while (!BIO_eof(s->fp) && test_readstanza(s)) { + if (s->numpairs == 0) + continue; + if (!file_test_run(s)) + s->errors++; + s->numtests++; + test_clearstanza(s); + } + test_end_file(s); + c = s->errors; + OPENSSL_free(s); + + return c == 0; +} + + +int setup_tests(void) +{ + int n = test_get_argument_count(); + + if (!TEST_ptr(ctx = BN_CTX_new())) + return 0; + + if (n == 0) { + ADD_TEST(test_sub); + ADD_TEST(test_div_recip); + ADD_TEST(test_mod); + ADD_TEST(test_modexp_mont5); + ADD_TEST(test_kronecker); + ADD_TEST(test_rand); + ADD_TEST(test_bn2padded); + ADD_TEST(test_dec2bn); + ADD_TEST(test_hex2bn); + ADD_TEST(test_asc2bn); + ADD_ALL_TESTS(test_mpi, (int)OSSL_NELEM(kMPITests)); + ADD_TEST(test_negzero); + ADD_TEST(test_badmod); + ADD_TEST(test_expmodzero); + ADD_TEST(test_expmodone); + ADD_TEST(test_smallprime); + ADD_TEST(test_swap); +#ifndef OPENSSL_NO_EC2M + ADD_TEST(test_gf2m_add); + ADD_TEST(test_gf2m_mod); + ADD_TEST(test_gf2m_mul); + ADD_TEST(test_gf2m_sqr); + ADD_TEST(test_gf2m_modinv); + ADD_TEST(test_gf2m_moddiv); + ADD_TEST(test_gf2m_modexp); + ADD_TEST(test_gf2m_modsqrt); + ADD_TEST(test_gf2m_modsolvequad); +#endif + ADD_ALL_TESTS(test_is_prime, (int)OSSL_NELEM(primes)); + ADD_ALL_TESTS(test_not_prime, (int)OSSL_NELEM(not_primes)); + } else { + ADD_ALL_TESTS(run_file_tests, n); + } + return 1; +} + +void cleanup_tests(void) +{ + BN_CTX_free(ctx); } diff --git a/deps/openssl/openssl/test/bntests.pl b/deps/openssl/openssl/test/bntests.pl new file mode 100755 index 00000000000000..9adeaef177c165 --- /dev/null +++ b/deps/openssl/openssl/test/bntests.pl @@ -0,0 +1,156 @@ +#! /usr/bin/env perl +# Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# Run the tests specified in bntests.txt, as a check against OpenSSL. +use strict; +use warnings; +use Math::BigInt; + +my $EXPECTED_FAILURES = 0; +my $failures = 0; + +sub bn +{ + my $x = shift; + my ($sign, $hex) = ($x =~ /^([+\-]?)(.*)$/); + + $hex = '0x' . $hex if $hex !~ /^0x/; + return Math::BigInt->from_hex($sign.$hex); +} + +sub evaluate +{ + my $lineno = shift; + my %s = @_; + + if ( defined $s{'Sum'} ) { + # Sum = A + B + my $sum = bn($s{'Sum'}); + my $a = bn($s{'A'}); + my $b = bn($s{'B'}); + return if $sum == $a + $b; + } elsif ( defined $s{'LShift1'} ) { + # LShift1 = A * 2 + my $lshift1 = bn($s{'LShift1'}); + my $a = bn($s{'A'}); + return if $lshift1 == $a->bmul(2); + } elsif ( defined $s{'LShift'} ) { + # LShift = A * 2**N + my $lshift = bn($s{'LShift'}); + my $a = bn($s{'A'}); + my $n = bn($s{'N'}); + return if $lshift == $a->blsft($n); + } elsif ( defined $s{'RShift'} ) { + # RShift = A / 2**N + my $rshift = bn($s{'RShift'}); + my $a = bn($s{'A'}); + my $n = bn($s{'N'}); + return if $rshift == $a->brsft($n); + } elsif ( defined $s{'Square'} ) { + # Square = A * A + my $square = bn($s{'Square'}); + my $a = bn($s{'A'}); + return if $square == $a->bmul($a); + } elsif ( defined $s{'Product'} ) { + # Product = A * B + my $product = bn($s{'Product'}); + my $a = bn($s{'A'}); + my $b = bn($s{'B'}); + return if $product == $a->bmul($b); + } elsif ( defined $s{'Quotient'} ) { + # Quotient = A / B + # Remainder = A - B * Quotient + my $quotient = bn($s{'Quotient'}); + my $remainder = bn($s{'Remainder'}); + my $a = bn($s{'A'}); + my $b = bn($s{'B'}); + + # First the remainder test. + $b->bmul($quotient); + my $rempassed = $remainder == $a->bsub($b) ? 1 : 0; + + # Math::BigInt->bdiv() is documented to do floored division, + # i.e. 1 / -4 = -1, while OpenSSL BN_div does truncated + # division, i.e. 1 / -4 = 0. We need to make the operation + # work like OpenSSL's BN_div to be able to verify. + $a = bn($s{'A'}); + $b = bn($s{'B'}); + my $neg = $a->is_neg() ? !$b->is_neg() : $b->is_neg(); + $a->babs(); + $b->babs(); + $a->bdiv($b); + $a->bneg() if $neg; + return if $rempassed && $quotient == $a; + } elsif ( defined $s{'ModMul'} ) { + # ModMul = (A * B) mod M + my $modmul = bn($s{'ModMul'}); + my $a = bn($s{'A'}); + my $b = bn($s{'B'}); + my $m = bn($s{'M'}); + $a->bmul($b); + return if $modmul == $a->bmod($m); + } elsif ( defined $s{'ModExp'} ) { + # ModExp = (A ** E) mod M + my $modexp = bn($s{'ModExp'}); + my $a = bn($s{'A'}); + my $e = bn($s{'E'}); + my $m = bn($s{'M'}); + return if $modexp == $a->bmodpow($e, $m); + } elsif ( defined $s{'Exp'} ) { + my $exp = bn($s{'Exp'}); + my $a = bn($s{'A'}); + my $e = bn($s{'E'}); + return if $exp == $a ** $e; + } elsif ( defined $s{'ModSqrt'} ) { + # (ModSqrt * ModSqrt) mod P = A mod P + my $modsqrt = bn($s{'ModSqrt'}); + my $a = bn($s{'A'}); + my $p = bn($s{'P'}); + $modsqrt->bmul($modsqrt); + $modsqrt->bmod($p); + $a->bmod($p); + return if $modsqrt == $a; + } else { + print "# Unknown test: "; + } + $failures++; + print "# #$failures Test (before line $lineno) failed\n"; + foreach ( keys %s ) { + print "$_ = $s{$_}\n"; + } + print "\n"; +} + +my $infile = shift || 'bntests.txt'; +die "No such file, $infile" unless -f $infile; +open my $IN, $infile || die "Can't read $infile, $!\n"; + +my %stanza = (); +my $l = 0; +while ( <$IN> ) { + $l++; + s|\R$||; + next if /^#/; + if ( /^$/ ) { + if ( keys %stanza ) { + evaluate($l, %stanza); + %stanza = (); + } + next; + } + # Parse 'key = value' + if ( ! /\s*([^\s]*)\s*=\s*(.*)\s*/ ) { + print "Skipping $_\n"; + next; + } + $stanza{$1} = $2; +}; +evaluate($l, %stanza) if keys %stanza; +die "Got $failures, expected $EXPECTED_FAILURES" + if $infile eq 'bntests.txt' and $failures != $EXPECTED_FAILURES; +close($IN) diff --git a/deps/openssl/openssl/test/build.info b/deps/openssl/openssl/test/build.info index 2367ab841aec19..b6bb711c8b34d5 100644 --- a/deps/openssl/openssl/test/build.info +++ b/deps/openssl/openssl/test/build.info @@ -1,24 +1,56 @@ +{- + use File::Spec::Functions; + sub rebase_files + { + my ($base, $files) = @_; + return join(" ", map { "$base/$_" } split(/\s+/, $files)); + } + "" +-} IF[{- !$disabled{tests} -}] + LIBS_NO_INST=libtestutil.a + SOURCE[libtestutil.a]=testutil/basic_output.c testutil/output_helpers.c \ + testutil/driver.c testutil/tests.c testutil/cb.c testutil/stanza.c \ + testutil/format_output.c testutil/tap_bio.c \ + testutil/test_cleanup.c testutil/main.c testutil/init.c + INCLUDE[libtestutil.a]=../include + DEPEND[libtestutil.a]=../libcrypto + + # Special hack for descrip.mms to include the MAIN object module + # explicitly. This will only be done if there isn't a MAIN in the + # program's object modules already. + BEGINRAW[descrip.mms] +INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN + ENDRAW[descrip.mms] + PROGRAMS_NO_INST=\ versions \ - aborttest \ + aborttest test_test \ sanitytest rsa_complex exdatatest bntest \ - ectest ecdsatest gmdifftest pbelutest ideatest \ - md2test md4test md5test \ - hmactest wp_test \ + ectest ecstresstest ecdsatest gmdifftest pbelutest ideatest \ + md2test \ + hmactest \ rc2test rc4test rc5test \ - destest sha1test sha256t sha512t \ - mdc2test rmdtest \ - randtest dhtest enginetest casttest \ - bftest ssltest_old dsatest exptest rsa_test \ + destest mdc2test \ + dhtest enginetest casttest \ + bftest ssltest_old dsatest dsa_no_digest_size_test exptest rsa_test \ evp_test evp_extra_test igetest v3nametest v3ext \ - crltest danetest heartbeat_test p5_crpt2_test bad_dtls_test \ + crltest danetest bad_dtls_test lhash_test \ + conf_include_test \ constant_time_test verify_extra_test clienthellotest \ - packettest asynctest secmemtest srptest memleaktest \ + packettest asynctest secmemtest srptest memleaktest stack_test \ dtlsv1listentest ct_test threadstest afalgtest d2i_test \ ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \ + bio_callback_test \ bioprinttest sslapitest dtlstest sslcorrupttest bio_enc_test \ - ocspapitest fatalerrtest x509_time_test x509_dup_cert_test errtest + pkey_meth_test pkey_meth_kdf_test uitest cipherbytes_test \ + asn1_encode_test asn1_decode_test asn1_string_table_test \ + x509_time_test x509_dup_cert_test x509_check_cert_pkey_test \ + recordlentest drbgtest sslbuffertest \ + recordlentest drbgtest drbg_cavs_test sslbuffertest \ + time_offset_test pemtest ssl_cert_table_internal_test ciphername_test \ + servername_test ocspapitest rsa_mp_test fatalerrtest tls13ccstest \ + sysdefaulttest errtest gosttest SOURCE[versions]=versions.c INCLUDE[versions]=../include @@ -30,114 +62,90 @@ IF[{- !$disabled{tests} -}] SOURCE[sanitytest]=sanitytest.c INCLUDE[sanitytest]=../include - DEPEND[sanitytest]=../libcrypto + DEPEND[sanitytest]=../libcrypto libtestutil.a SOURCE[rsa_complex]=rsa_complex.c INCLUDE[rsa_complex]=../include + SOURCE[test_test]=test_test.c + INCLUDE[test_test]=../include + DEPEND[test_test]=../libcrypto libtestutil.a + SOURCE[exdatatest]=exdatatest.c INCLUDE[exdatatest]=../include - DEPEND[exdatatest]=../libcrypto + DEPEND[exdatatest]=../libcrypto libtestutil.a SOURCE[bntest]=bntest.c - INCLUDE[bntest]=.. ../crypto/include ../include - DEPEND[bntest]=../libcrypto + INCLUDE[bntest]=../include + DEPEND[bntest]=../libcrypto libtestutil.a SOURCE[ectest]=ectest.c INCLUDE[ectest]=../include - DEPEND[ectest]=../libcrypto + DEPEND[ectest]=../libcrypto libtestutil.a + + SOURCE[ecstresstest]=ecstresstest.c + INCLUDE[ecstresstest]=../include + DEPEND[ecstresstest]=../libcrypto libtestutil.a SOURCE[ecdsatest]=ecdsatest.c INCLUDE[ecdsatest]=../include - DEPEND[ecdsatest]=../libcrypto + DEPEND[ecdsatest]=../libcrypto libtestutil.a SOURCE[gmdifftest]=gmdifftest.c INCLUDE[gmdifftest]=../include - DEPEND[gmdifftest]=../libcrypto + DEPEND[gmdifftest]=../libcrypto libtestutil.a SOURCE[pbelutest]=pbelutest.c INCLUDE[pbelutest]=../include - DEPEND[pbelutest]=../libcrypto + DEPEND[pbelutest]=../libcrypto libtestutil.a SOURCE[ideatest]=ideatest.c INCLUDE[ideatest]=../include - DEPEND[ideatest]=../libcrypto + DEPEND[ideatest]=../libcrypto libtestutil.a SOURCE[md2test]=md2test.c INCLUDE[md2test]=../include - DEPEND[md2test]=../libcrypto - - SOURCE[md4test]=md4test.c - INCLUDE[md4test]=../include - DEPEND[md4test]=../libcrypto - - SOURCE[md5test]=md5test.c - INCLUDE[md5test]=../include - DEPEND[md5test]=../libcrypto + DEPEND[md2test]=../libcrypto libtestutil.a SOURCE[hmactest]=hmactest.c INCLUDE[hmactest]=../include - DEPEND[hmactest]=../libcrypto - - SOURCE[wp_test]=wp_test.c - INCLUDE[wp_test]=../include - DEPEND[wp_test]=../libcrypto + DEPEND[hmactest]=../libcrypto libtestutil.a SOURCE[rc2test]=rc2test.c INCLUDE[rc2test]=../include - DEPEND[rc2test]=../libcrypto + DEPEND[rc2test]=../libcrypto libtestutil.a SOURCE[rc4test]=rc4test.c INCLUDE[rc4test]=../include - DEPEND[rc4test]=../libcrypto + DEPEND[rc4test]=../libcrypto libtestutil.a SOURCE[rc5test]=rc5test.c INCLUDE[rc5test]=../include - DEPEND[rc5test]=../libcrypto + DEPEND[rc5test]=../libcrypto libtestutil.a SOURCE[destest]=destest.c INCLUDE[destest]=../include - DEPEND[destest]=../libcrypto - - SOURCE[sha1test]=sha1test.c - INCLUDE[sha1test]=../include - DEPEND[sha1test]=../libcrypto - - SOURCE[sha256t]=sha256t.c - INCLUDE[sha256t]=../include - DEPEND[sha256t]=../libcrypto - - SOURCE[sha512t]=sha512t.c - INCLUDE[sha512t]=../include - DEPEND[sha512t]=../libcrypto + DEPEND[destest]=../libcrypto libtestutil.a SOURCE[mdc2test]=mdc2test.c INCLUDE[mdc2test]=../include - DEPEND[mdc2test]=../libcrypto - - SOURCE[rmdtest]=rmdtest.c - INCLUDE[rmdtest]=../include - DEPEND[rmdtest]=../libcrypto - - SOURCE[randtest]=randtest.c - INCLUDE[randtest]=../include - DEPEND[randtest]=../libcrypto + DEPEND[mdc2test]=../libcrypto libtestutil.a SOURCE[dhtest]=dhtest.c INCLUDE[dhtest]=../include - DEPEND[dhtest]=../libcrypto + DEPEND[dhtest]=../libcrypto libtestutil.a SOURCE[enginetest]=enginetest.c INCLUDE[enginetest]=../include - DEPEND[enginetest]=../libcrypto + DEPEND[enginetest]=../libcrypto libtestutil.a SOURCE[casttest]=casttest.c INCLUDE[casttest]=../include - DEPEND[casttest]=../libcrypto + DEPEND[casttest]=../libcrypto libtestutil.a SOURCE[bftest]=bftest.c INCLUDE[bftest]=../include - DEPEND[bftest]=../libcrypto + DEPEND[bftest]=../libcrypto libtestutil.a SOURCE[ssltest_old]=ssltest_old.c INCLUDE[ssltest_old]=.. ../include @@ -145,178 +153,403 @@ IF[{- !$disabled{tests} -}] SOURCE[dsatest]=dsatest.c INCLUDE[dsatest]=../include - DEPEND[dsatest]=../libcrypto + DEPEND[dsatest]=../libcrypto libtestutil.a + + SOURCE[dsa_no_digest_size_test]=dsa_no_digest_size_test.c + INCLUDE[dsa_no_digest_size_test]=../include + DEPEND[dsa_no_digest_size_test]=../libcrypto libtestutil.a SOURCE[exptest]=exptest.c INCLUDE[exptest]=../include - DEPEND[exptest]=../libcrypto + DEPEND[exptest]=../libcrypto libtestutil.a SOURCE[rsa_test]=rsa_test.c - INCLUDE[rsa_test]=.. ../include - DEPEND[rsa_test]=../libcrypto + INCLUDE[rsa_test]=../include + DEPEND[rsa_test]=../libcrypto libtestutil.a + + SOURCE[rsa_mp_test]=rsa_mp_test.c + INCLUDE[rsa_mp_test]=../include + DEPEND[rsa_mp_test]=../libcrypto libtestutil.a + + SOURCE[fatalerrtest]=fatalerrtest.c ssltestlib.c + INCLUDE[fatalerrtest]=../include + DEPEND[fatalerrtest]=../libcrypto ../libssl libtestutil.a - SOURCE[fatalerrtest]=fatalerrtest.c ssltestlib.c testutil.c - INCLUDE[fatalerrtest]=../include .. - DEPEND[fatalerrtest]=../libcrypto ../libssl + SOURCE[tls13ccstest]=tls13ccstest.c ssltestlib.c + INCLUDE[tls13ccstest]=../include + DEPEND[tls13ccstest]=../libcrypto ../libssl libtestutil.a SOURCE[evp_test]=evp_test.c INCLUDE[evp_test]=../include - DEPEND[evp_test]=../libcrypto + DEPEND[evp_test]=../libcrypto libtestutil.a SOURCE[evp_extra_test]=evp_extra_test.c - INCLUDE[evp_extra_test]=../include - DEPEND[evp_extra_test]=../libcrypto + INCLUDE[evp_extra_test]=../include ../crypto/include + DEPEND[evp_extra_test]=../libcrypto libtestutil.a SOURCE[igetest]=igetest.c - INCLUDE[igetest]=.. ../include - DEPEND[igetest]=../libcrypto + INCLUDE[igetest]=../include + DEPEND[igetest]=../libcrypto libtestutil.a SOURCE[v3nametest]=v3nametest.c INCLUDE[v3nametest]=../include - DEPEND[v3nametest]=../libcrypto + DEPEND[v3nametest]=../libcrypto libtestutil.a - SOURCE[crltest]=crltest.c testutil.c + SOURCE[crltest]=crltest.c INCLUDE[crltest]=../include - DEPEND[crltest]=../libcrypto + DEPEND[crltest]=../libcrypto libtestutil.a SOURCE[v3ext]=v3ext.c INCLUDE[v3ext]=../include - DEPEND[v3ext]=../libcrypto + DEPEND[v3ext]=../libcrypto libtestutil.a SOURCE[danetest]=danetest.c INCLUDE[danetest]=../include - DEPEND[danetest]=../libcrypto ../libssl - - SOURCE[heartbeat_test]=heartbeat_test.c testutil.c - INCLUDE[heartbeat_test]=.. ../include - DEPEND[heartbeat_test]=../libcrypto ../libssl - - SOURCE[p5_crpt2_test]=p5_crpt2_test.c - INCLUDE[p5_crpt2_test]=../include - DEPEND[p5_crpt2_test]=../libcrypto + DEPEND[danetest]=../libcrypto ../libssl libtestutil.a SOURCE[constant_time_test]=constant_time_test.c - INCLUDE[constant_time_test]=.. ../include - DEPEND[constant_time_test]=../libcrypto + INCLUDE[constant_time_test]=../include + DEPEND[constant_time_test]=../libcrypto libtestutil.a SOURCE[verify_extra_test]=verify_extra_test.c INCLUDE[verify_extra_test]=../include - DEPEND[verify_extra_test]=../libcrypto + DEPEND[verify_extra_test]=../libcrypto libtestutil.a SOURCE[clienthellotest]=clienthellotest.c INCLUDE[clienthellotest]=../include - DEPEND[clienthellotest]=../libcrypto ../libssl + DEPEND[clienthellotest]=../libcrypto ../libssl libtestutil.a SOURCE[bad_dtls_test]=bad_dtls_test.c INCLUDE[bad_dtls_test]=../include - DEPEND[bad_dtls_test]=../libcrypto ../libssl + DEPEND[bad_dtls_test]=../libcrypto ../libssl libtestutil.a SOURCE[packettest]=packettest.c INCLUDE[packettest]=../include - DEPEND[packettest]=../libcrypto + DEPEND[packettest]=../libcrypto libtestutil.a SOURCE[asynctest]=asynctest.c - INCLUDE[asynctest]=.. ../include + INCLUDE[asynctest]=../include DEPEND[asynctest]=../libcrypto SOURCE[secmemtest]=secmemtest.c INCLUDE[secmemtest]=../include - DEPEND[secmemtest]=../libcrypto + DEPEND[secmemtest]=../libcrypto libtestutil.a SOURCE[srptest]=srptest.c INCLUDE[srptest]=../include - DEPEND[srptest]=../libcrypto + DEPEND[srptest]=../libcrypto libtestutil.a SOURCE[memleaktest]=memleaktest.c INCLUDE[memleaktest]=../include - DEPEND[memleaktest]=../libcrypto + DEPEND[memleaktest]=../libcrypto libtestutil.a + + SOURCE[stack_test]=stack_test.c + INCLUDE[stack_test]=../include + DEPEND[stack_test]=../libcrypto libtestutil.a + + SOURCE[lhash_test]=lhash_test.c + INCLUDE[lhash_test]=../include + DEPEND[lhash_test]=../libcrypto libtestutil.a SOURCE[dtlsv1listentest]=dtlsv1listentest.c - INCLUDE[dtlsv1listentest]=.. ../include - DEPEND[dtlsv1listentest]=../libssl + INCLUDE[dtlsv1listentest]=../include + DEPEND[dtlsv1listentest]=../libssl libtestutil.a - SOURCE[ct_test]=ct_test.c testutil.c - INCLUDE[ct_test]=../crypto/include ../include - DEPEND[ct_test]=../libcrypto + SOURCE[ct_test]=ct_test.c + INCLUDE[ct_test]=../include + DEPEND[ct_test]=../libcrypto libtestutil.a SOURCE[threadstest]=threadstest.c - INCLUDE[threadstest]=.. ../include - DEPEND[threadstest]=../libcrypto + INCLUDE[threadstest]=../include + DEPEND[threadstest]=../libcrypto libtestutil.a SOURCE[afalgtest]=afalgtest.c - INCLUDE[afalgtest]=.. ../include - DEPEND[afalgtest]=../libcrypto + INCLUDE[afalgtest]=../include + DEPEND[afalgtest]=../libcrypto libtestutil.a - SOURCE[d2i_test]=d2i_test.c testutil.c - INCLUDE[d2i_test]=.. ../include - DEPEND[d2i_test]=../libcrypto + SOURCE[d2i_test]=d2i_test.c + INCLUDE[d2i_test]=../include + DEPEND[d2i_test]=../libcrypto libtestutil.a - SOURCE[ssl_test_ctx_test]=ssl_test_ctx_test.c ssl_test_ctx.c testutil.c - INCLUDE[ssl_test_ctx_test]=.. ../include - DEPEND[ssl_test_ctx_test]=../libcrypto + SOURCE[ssl_test_ctx_test]=ssl_test_ctx_test.c ssl_test_ctx.c + INCLUDE[ssl_test_ctx_test]=../include + DEPEND[ssl_test_ctx_test]=../libcrypto ../libssl libtestutil.a - SOURCE[ssl_test]=ssl_test.c ssl_test_ctx.c testutil.c handshake_helper.c - INCLUDE[ssl_test]=.. ../include - DEPEND[ssl_test]=../libcrypto ../libssl + SOURCE[ssl_test]=ssl_test.c ssl_test_ctx.c handshake_helper.c + INCLUDE[ssl_test]=../include + DEPEND[ssl_test]=../libcrypto ../libssl libtestutil.a - SOURCE[cipherlist_test]=cipherlist_test.c testutil.c - INCLUDE[cipherlist_test]=.. ../include - DEPEND[cipherlist_test]=../libcrypto ../libssl + SOURCE[cipherlist_test]=cipherlist_test.c + INCLUDE[cipherlist_test]=../include + DEPEND[cipherlist_test]=../libcrypto ../libssl libtestutil.a - INCLUDE[testutil.o]=.. INCLUDE[ssl_test_ctx.o]=../include - INCLUDE[handshake_helper.o]=../include + INCLUDE[handshake_helper.o]=.. ../include INCLUDE[ssltestlib.o]=.. ../include SOURCE[x509aux]=x509aux.c INCLUDE[x509aux]=../include - DEPEND[x509aux]=../libcrypto + DEPEND[x509aux]=../libcrypto libtestutil.a SOURCE[asynciotest]=asynciotest.c ssltestlib.c INCLUDE[asynciotest]=../include - DEPEND[asynciotest]=../libcrypto ../libssl + DEPEND[asynciotest]=../libcrypto ../libssl libtestutil.a + + SOURCE[bio_callback_test]=bio_callback_test.c + INCLUDE[bio_callback_test]=../include + DEPEND[bio_callback_test]=../libcrypto libtestutil.a SOURCE[bioprinttest]=bioprinttest.c INCLUDE[bioprinttest]=../include - DEPEND[bioprinttest]=../libcrypto + DEPEND[bioprinttest]=../libcrypto libtestutil.a - SOURCE[sslapitest]=sslapitest.c ssltestlib.c testutil.c + SOURCE[sslapitest]=sslapitest.c ssltestlib.c INCLUDE[sslapitest]=../include .. - DEPEND[sslapitest]=../libcrypto ../libssl + DEPEND[sslapitest]=../libcrypto ../libssl libtestutil.a - SOURCE[ocspapitest]=ocspapitest.c testutil.c - INCLUDE[ocspapitest]=../include .. - DEPEND[ocspapitest]=../libcrypto + SOURCE[ocspapitest]=ocspapitest.c + INCLUDE[ocspapitest]=../include + DEPEND[ocspapitest]=../libcrypto libtestutil.a - SOURCE[dtlstest]=dtlstest.c ssltestlib.c testutil.c - INCLUDE[dtlstest]=../include . - DEPEND[dtlstest]=../libcrypto ../libssl + SOURCE[dtlstest]=dtlstest.c ssltestlib.c + INCLUDE[dtlstest]=../include + DEPEND[dtlstest]=../libcrypto ../libssl libtestutil.a - SOURCE[sslcorrupttest]=sslcorrupttest.c ssltestlib.c testutil.c - INCLUDE[sslcorrupttest]=../include . - DEPEND[sslcorrupttest]=../libcrypto ../libssl + SOURCE[sslcorrupttest]=sslcorrupttest.c ssltestlib.c + INCLUDE[sslcorrupttest]=../include + DEPEND[sslcorrupttest]=../libcrypto ../libssl libtestutil.a SOURCE[bio_enc_test]=bio_enc_test.c INCLUDE[bio_enc_test]=../include - DEPEND[bio_enc_test]=../libcrypto + DEPEND[bio_enc_test]=../libcrypto libtestutil.a + + SOURCE[pkey_meth_test]=pkey_meth_test.c + INCLUDE[pkey_meth_test]=../include + DEPEND[pkey_meth_test]=../libcrypto libtestutil.a + + SOURCE[pkey_meth_kdf_test]=pkey_meth_kdf_test.c + INCLUDE[pkey_meth_kdf_test]=../include + DEPEND[pkey_meth_kdf_test]=../libcrypto libtestutil.a + + SOURCE[x509_time_test]=x509_time_test.c + INCLUDE[x509_time_test]=../include + DEPEND[x509_time_test]=../libcrypto libtestutil.a + + SOURCE[recordlentest]=recordlentest.c ssltestlib.c + INCLUDE[recordlentest]=../include + DEPEND[recordlentest]=../libcrypto ../libssl libtestutil.a - SOURCE[x509_time_test]=x509_time_test.c testutil.c - INCLUDE[x509_time_test]=.. ../include - DEPEND[x509_time_test]=../libcrypto + SOURCE[drbgtest]=drbgtest.c + INCLUDE[drbgtest]=../include + DEPEND[drbgtest]=../libcrypto.a libtestutil.a + + SOURCE[drbg_cavs_test]=drbg_cavs_test.c drbg_cavs_data.c + INCLUDE[drbg_cavs_test]=../include . .. + DEPEND[drbg_cavs_test]=../libcrypto libtestutil.a SOURCE[x509_dup_cert_test]=x509_dup_cert_test.c INCLUDE[x509_dup_cert_test]=../include - DEPEND[x509_dup_cert_test]=../libcrypto + DEPEND[x509_dup_cert_test]=../libcrypto libtestutil.a + + SOURCE[x509_check_cert_pkey_test]=x509_check_cert_pkey_test.c + INCLUDE[x509_check_cert_pkey_test]=../include + DEPEND[x509_check_cert_pkey_test]=../libcrypto libtestutil.a + + SOURCE[pemtest]=pemtest.c + INCLUDE[pemtest]=../include + DEPEND[pemtest]=../libcrypto libtestutil.a + + SOURCE[ssl_cert_table_internal_test]=ssl_cert_table_internal_test.c + INCLUDE[ssl_cert_table_internal_test]=.. ../include + DEPEND[ssl_cert_table_internal_test]=../libcrypto libtestutil.a + + SOURCE[ciphername_test]=ciphername_test.c + INCLUDE[ciphername_test]=../include + DEPEND[ciphername_test]=../libcrypto ../libssl libtestutil.a + + SOURCE[servername_test]=servername_test.c ssltestlib.c + INCLUDE[servername_test]=../include + DEPEND[servername_test]=../libcrypto ../libssl libtestutil.a + + IF[{- !$disabled{cms} -}] + PROGRAMS_NO_INST=cmsapitest + SOURCE[cmsapitest]=cmsapitest.c + INCLUDE[cmsapitest]=../include + DEPEND[cmsapitest]=../libcrypto libtestutil.a + ENDIF + + IF[{- !$disabled{psk} -}] + PROGRAMS_NO_INST=dtls_mtu_test + SOURCE[dtls_mtu_test]=dtls_mtu_test.c ssltestlib.c + INCLUDE[dtls_mtu_test]=.. ../include + DEPEND[dtls_mtu_test]=../libcrypto ../libssl libtestutil.a + ENDIF IF[{- !$disabled{shared} -}] PROGRAMS_NO_INST=shlibloadtest SOURCE[shlibloadtest]=shlibloadtest.c - INCLUDE[shlibloadtest]=../include + INCLUDE[shlibloadtest]=../include ../crypto/include + DEPEND[shlibloadtest]=libtestutil.a + ENDIF + + IF[{- $disabled{shared} -}] + PROGRAMS_NO_INST=cipher_overhead_test + SOURCE[cipher_overhead_test]=cipher_overhead_test.c + INCLUDE[cipher_overhead_test]=.. ../include + DEPEND[cipher_overhead_test]=../libcrypto ../libssl libtestutil.a ENDIF - SOURCE[errtest]=errtest.c testutil.c + SOURCE[uitest]=uitest.c \ + {- rebase_files("../apps", + split(/\s+/, $target{apps_init_src})) -} + INCLUDE[uitest]=.. ../include ../apps + DEPEND[uitest]=../apps/libapps.a ../libcrypto ../libssl libtestutil.a + + SOURCE[cipherbytes_test]=cipherbytes_test.c + INCLUDE[cipherbytes_test]=../include + DEPEND[cipherbytes_test]=../libcrypto ../libssl libtestutil.a + + SOURCE[asn1_encode_test]=asn1_encode_test.c + INCLUDE[asn1_encode_test]=../include + DEPEND[asn1_encode_test]=../libcrypto libtestutil.a + + SOURCE[asn1_decode_test]=asn1_decode_test.c + INCLUDE[asn1_decode_test]=../include + DEPEND[asn1_decode_test]=../libcrypto libtestutil.a + + SOURCE[asn1_string_table_test]=asn1_string_table_test.c + INCLUDE[asn1_string_table_test]=../include + DEPEND[asn1_string_table_test]=../libcrypto libtestutil.a + + SOURCE[time_offset_test]=time_offset_test.c + INCLUDE[time_offset_test]=../include + DEPEND[time_offset_test]=../libcrypto libtestutil.a + + SOURCE[conf_include_test]=conf_include_test.c + INCLUDE[conf_include_test]=../include + DEPEND[conf_include_test]=../libcrypto libtestutil.a + + # Internal test programs. These are essentially a collection of internal + # test routines. Some of them need to reach internal symbols that aren't + # available through the shared library (at least on Linux, Solaris, Windows + # and VMS, where the exported symbols are those listed in util/*.num), these + # programs are forcibly linked with the static libraries, where all symbols + # are always available. + IF[1] + PROGRAMS_NO_INST=asn1_internal_test modes_internal_test x509_internal_test \ + tls13encryptiontest wpackettest ctype_internal_test \ + rdrand_sanitytest + IF[{- !$disabled{poly1305} -}] + PROGRAMS_NO_INST=poly1305_internal_test + ENDIF + IF[{- !$disabled{chacha} -}] + PROGRAMS_NO_INST=chacha_internal_test + ENDIF + IF[{- !$disabled{siphash} -}] + PROGRAMS_NO_INST=siphash_internal_test + ENDIF + IF[{- !$disabled{sm2} -}] + PROGRAMS_NO_INST=sm2_internal_test + ENDIF + IF[{- !$disabled{sm4} -}] + PROGRAMS_NO_INST=sm4_internal_test + ENDIF + IF[{- !$disabled{ec} -}] + PROGRAMS_NO_INST=curve448_internal_test + ENDIF + + SOURCE[poly1305_internal_test]=poly1305_internal_test.c + INCLUDE[poly1305_internal_test]=.. ../include ../crypto/include + DEPEND[poly1305_internal_test]=../libcrypto.a libtestutil.a + + SOURCE[chacha_internal_test]=chacha_internal_test.c + INCLUDE[chacha_internal_test]=.. ../include ../crypto/include + DEPEND[chacha_internal_test]=../libcrypto.a libtestutil.a + + SOURCE[asn1_internal_test]=asn1_internal_test.c + INCLUDE[asn1_internal_test]=.. ../include ../crypto/include + DEPEND[asn1_internal_test]=../libcrypto.a libtestutil.a + + SOURCE[modes_internal_test]=modes_internal_test.c + INCLUDE[modes_internal_test]=.. ../include + DEPEND[modes_internal_test]=../libcrypto.a libtestutil.a + + SOURCE[x509_internal_test]=x509_internal_test.c + INCLUDE[x509_internal_test]=.. ../include + DEPEND[x509_internal_test]=../libcrypto.a libtestutil.a + + SOURCE[tls13encryptiontest]=tls13encryptiontest.c + INCLUDE[tls13encryptiontest]=.. ../include + DEPEND[tls13encryptiontest]=../libcrypto ../libssl.a libtestutil.a + + SOURCE[wpackettest]=wpackettest.c + INCLUDE[wpackettest]=../include + DEPEND[wpackettest]=../libcrypto ../libssl.a libtestutil.a + + SOURCE[ctype_internal_test]=ctype_internal_test.c + INCLUDE[ctype_internal_test]=.. ../crypto/include ../include + DEPEND[ctype_internal_test]=../libcrypto.a libtestutil.a + + SOURCE[siphash_internal_test]=siphash_internal_test.c + INCLUDE[siphash_internal_test]=.. ../include ../crypto/include + DEPEND[siphash_internal_test]=../libcrypto.a libtestutil.a + + SOURCE[sm2_internal_test]=sm2_internal_test.c + INCLUDE[sm2_internal_test]=../include ../crypto/include + DEPEND[sm2_internal_test]=../libcrypto.a libtestutil.a + + SOURCE[sm4_internal_test]=sm4_internal_test.c + INCLUDE[sm4_internal_test]=.. ../include ../crypto/include + DEPEND[sm4_internal_test]=../libcrypto.a libtestutil.a + + SOURCE[curve448_internal_test]=curve448_internal_test.c + INCLUDE[curve448_internal_test]=.. ../include ../crypto/ec/curve448 + DEPEND[curve448_internal_test]=../libcrypto.a libtestutil.a + + SOURCE[rdrand_sanitytest]=rdrand_sanitytest.c + INCLUDE[rdrand_sanitytest]=../include + DEPEND[rdrand_sanitytest]=../libcrypto.a libtestutil.a + ENDIF + + IF[{- !$disabled{mdc2} -}] + PROGRAMS_NO_INST=mdc2_internal_test + ENDIF + + SOURCE[mdc2_internal_test]=mdc2_internal_test.c + INCLUDE[mdc2_internal_test]=.. ../include + DEPEND[mdc2_internal_test]=../libcrypto libtestutil.a + + PROGRAMS_NO_INST=asn1_time_test + SOURCE[asn1_time_test]=asn1_time_test.c + INCLUDE[asn1_time_test]=../include + DEPEND[asn1_time_test]=../libcrypto libtestutil.a + + # We disable this test completely in a shared build because it deliberately + # redefines some internal libssl symbols. This doesn't work in a non-shared + # build + IF[{- !$disabled{shared} -}] + PROGRAMS_NO_INST=tls13secretstest + SOURCE[tls13secretstest]=tls13secretstest.c + SOURCE[tls13secretstest]= ../ssl/tls13_enc.c ../ssl/packet.c + INCLUDE[tls13secretstest]=.. ../include + DEPEND[tls13secretstest]=../libcrypto ../libssl libtestutil.a + ENDIF + + SOURCE[sslbuffertest]=sslbuffertest.c ssltestlib.c + INCLUDE[sslbuffertest]=../include + DEPEND[sslbuffertest]=../libcrypto ../libssl libtestutil.a + + SOURCE[sysdefaulttest]=sysdefaulttest.c + INCLUDE[sysdefaulttest]=../include + DEPEND[sysdefaulttest]=../libcrypto ../libssl libtestutil.a + + SOURCE[errtest]=errtest.c INCLUDE[errtest]=../include - DEPEND[errtest]=../libcrypto + DEPEND[errtest]=../libcrypto libtestutil.a + + SOURCE[gosttest]=gosttest.c ssltestlib.c + INCLUDE[gosttest]=../include .. + DEPEND[gosttest]=../libcrypto ../libssl libtestutil.a ENDIF {- @@ -325,8 +558,10 @@ ENDIF use OpenSSL::Glob; my @nogo_headers = ( "asn1_mac.h", + "opensslconf.h", "__decc_include_prologue.h", "__decc_include_epilogue.h" ); + my @nogo_headers_re = ( qr/.*err\.h/ ); my @headerfiles = glob catfile($sourcedir, updir(), "include", "openssl", "*.h"); @@ -334,6 +569,7 @@ ENDIF my $name = basename($headerfile, ".h"); next if $disabled{$name}; next if grep { $_ eq lc("$name.h") } @nogo_headers; + next if grep { lc("$name.h") =~ m/$_/i } @nogo_headers_re; $OUT .= <<"_____"; PROGRAMS_NO_INST=buildtest_$name diff --git a/deps/openssl/openssl/test/casttest.c b/deps/openssl/openssl/test/casttest.c index c2a0ab584c3b0a..179d7d56d31310 100644 --- a/deps/openssl/openssl/test/casttest.c +++ b/deps/openssl/openssl/test/casttest.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,21 +10,14 @@ #include #include #include -#include /* To see if OPENSSL_NO_CAST is defined */ -#include "../e_os.h" +#include /* To see if OPENSSL_NO_CAST is defined */ +#include "internal/nelem.h" +#include "testutil.h" -#ifdef OPENSSL_NO_CAST -int main(int argc, char *argv[]) -{ - printf("No CAST support\n"); - return (0); -} -#else +#ifndef OPENSSL_NO_CAST # include -# define FULL_TEST - static unsigned char k[16] = { 0x01, 0x23, 0x45, 0x67, 0x12, 0x34, 0x56, 0x78, 0x23, 0x45, 0x67, 0x89, 0x34, 0x56, 0x78, 0x9A @@ -41,8 +34,6 @@ static unsigned char c[3][8] = { {0x7A, 0xC8, 0x16, 0xD1, 0x6E, 0x9B, 0x30, 0x2E}, }; -static unsigned char out[80]; - static unsigned char in_a[16] = { 0x01, 0x23, 0x45, 0x67, 0x12, 0x34, 0x56, 0x78, 0x23, 0x45, 0x67, 0x89, 0x34, 0x56, 0x78, 0x9A @@ -63,101 +54,59 @@ static unsigned char c_b[16] = { 0x80, 0xAC, 0x05, 0xB8, 0xE8, 0x3D, 0x69, 0x6E }; -int main(int argc, char *argv[]) +static int cast_test_vector(int z) { -# ifdef FULL_TEST - long l; - CAST_KEY key_b; -# endif - int i, z, err = 0; + int testresult = 1; CAST_KEY key; + unsigned char out[80]; + + CAST_set_key(&key, k_len[z], k); + CAST_ecb_encrypt(in, out, &key, CAST_ENCRYPT); + if (!TEST_mem_eq(out, sizeof(c[z]), c[z], sizeof(c[z]))) { + TEST_info("CAST_ENCRYPT iteration %d failed (len=%d)", z, k_len[z]); + testresult = 0; + } - for (z = 0; z < 3; z++) { - CAST_set_key(&key, k_len[z], k); - - CAST_ecb_encrypt(in, out, &key, CAST_ENCRYPT); - if (memcmp(out, &(c[z][0]), 8) != 0) { - printf("ecb cast error encrypting for keysize %d\n", - k_len[z] * 8); - printf("got :"); - for (i = 0; i < 8; i++) - printf("%02X ", out[i]); - printf("\n"); - printf("expected:"); - for (i = 0; i < 8; i++) - printf("%02X ", c[z][i]); - err = 20; - printf("\n"); - } - - CAST_ecb_encrypt(out, out, &key, CAST_DECRYPT); - if (memcmp(out, in, 8) != 0) { - printf("ecb cast error decrypting for keysize %d\n", - k_len[z] * 8); - printf("got :"); - for (i = 0; i < 8; i++) - printf("%02X ", out[i]); - printf("\n"); - printf("expected:"); - for (i = 0; i < 8; i++) - printf("%02X ", in[i]); - printf("\n"); - err = 3; - } + CAST_ecb_encrypt(out, out, &key, CAST_DECRYPT); + if (!TEST_mem_eq(out, sizeof(in), in, sizeof(in))) { + TEST_info("CAST_DECRYPT iteration %d failed (len=%d)", z, k_len[z]); + testresult = 0; } - if (err == 0) - printf("ecb cast5 ok\n"); - -# ifdef FULL_TEST - { - unsigned char out_a[16], out_b[16]; - static char *hex = "0123456789ABCDEF"; - - printf("This test will take some time...."); - fflush(stdout); - memcpy(out_a, in_a, sizeof(in_a)); - memcpy(out_b, in_b, sizeof(in_b)); - i = 1; - - for (l = 0; l < 1000000L; l++) { - CAST_set_key(&key_b, 16, out_b); - CAST_ecb_encrypt(&(out_a[0]), &(out_a[0]), &key_b, CAST_ENCRYPT); - CAST_ecb_encrypt(&(out_a[8]), &(out_a[8]), &key_b, CAST_ENCRYPT); - CAST_set_key(&key, 16, out_a); - CAST_ecb_encrypt(&(out_b[0]), &(out_b[0]), &key, CAST_ENCRYPT); - CAST_ecb_encrypt(&(out_b[8]), &(out_b[8]), &key, CAST_ENCRYPT); - if ((l & 0xffff) == 0xffff) { - printf("%c", hex[i & 0x0f]); - fflush(stdout); - i++; - } - } - - if ((memcmp(out_a, c_a, sizeof(c_a)) != 0) || - (memcmp(out_b, c_b, sizeof(c_b)) != 0)) { - printf("\n"); - printf("Error\n"); - - printf("A out ="); - for (i = 0; i < 16; i++) - printf("%02X ", out_a[i]); - printf("\nactual="); - for (i = 0; i < 16; i++) - printf("%02X ", c_a[i]); - printf("\n"); - - printf("B out ="); - for (i = 0; i < 16; i++) - printf("%02X ", out_b[i]); - printf("\nactual="); - for (i = 0; i < 16; i++) - printf("%02X ", c_b[i]); - printf("\n"); - } else - printf(" ok\n"); + return testresult; +} + +static int cast_test_iterations(void) +{ + long l; + int testresult = 1; + CAST_KEY key, key_b; + unsigned char out_a[16], out_b[16]; + + memcpy(out_a, in_a, sizeof(in_a)); + memcpy(out_b, in_b, sizeof(in_b)); + + for (l = 0; l < 1000000L; l++) { + CAST_set_key(&key_b, 16, out_b); + CAST_ecb_encrypt(&(out_a[0]), &(out_a[0]), &key_b, CAST_ENCRYPT); + CAST_ecb_encrypt(&(out_a[8]), &(out_a[8]), &key_b, CAST_ENCRYPT); + CAST_set_key(&key, 16, out_a); + CAST_ecb_encrypt(&(out_b[0]), &(out_b[0]), &key, CAST_ENCRYPT); + CAST_ecb_encrypt(&(out_b[8]), &(out_b[8]), &key, CAST_ENCRYPT); } -# endif - EXIT(err); + if (!TEST_mem_eq(out_a, sizeof(c_a), c_a, sizeof(c_a)) + || !TEST_mem_eq(out_b, sizeof(c_b), c_b, sizeof(c_b))) + testresult = 0; + + return testresult; } #endif + +int setup_tests(void) +{ +#ifndef OPENSSL_NO_CAST + ADD_ALL_TESTS(cast_test_vector, OSSL_NELEM(k_len)); + ADD_TEST(cast_test_iterations); +#endif + return 1; +} diff --git a/deps/openssl/openssl/test/certs/client-ed25519-cert.pem b/deps/openssl/openssl/test/certs/client-ed25519-cert.pem new file mode 100644 index 00000000000000..5cd01f669af8c1 --- /dev/null +++ b/deps/openssl/openssl/test/certs/client-ed25519-cert.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIICJjCCAQ6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg +Fw0xNzA2MTgxNjMzMjBaGA8yMTE3MDYxOTE2MzMyMFowGTEXMBUGA1UEAwwOQ2xp +ZW50LUVkMjU1MTkwKjAFBgMrZXADIQDWm1IkIasMcyVYSiKuFl6zZMRM4x7h/Qbf +fmpdgcM8/6N9MHswHQYDVR0OBBYEFDAIOfJie9HYZehOjFLE+amS8RH7MB8GA1Ud +IwQYMBaAFLQRM/HX4l73U54gIhBPhga/H8leMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwIwGQYDVR0RBBIwEIIOQ2xpZW50LUVkMjU1MTkwDQYJKoZIhvcN +AQELBQADggEBAFvF2AWOELLBafWwmemtFALQcJbXndS8QyBAkBSPwIp6Q8Oledeh +gynamdc+66c5Ozdl4lNknXPGVGcNaW0RmlkqcqSMksuL11OGba0iIZkiUU2QPA07 +BRunnV4/pgFsy0ewYKEdaSplyfoBoIJwuxPHL1ExlzAmhSYWYYOFMgD302Be4dXr +pm0c4hj1XcJmtsD5wBcBCRrvOj+uCdqIwtWgdwo6poqzsO1AofuAgsjE9WWyi/NQ +ule8nVKIVbwVFP8/dI240v0RF1VLyE+8lPf2nYuFAXbzL/8MRwJeeFVIYNiy+51B +10ZVx5WtbbMjbr7e+xSU5jIAPZQS0r/4M8U= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIC7DCCAdSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjANMQswCQYDVQQD +DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd +j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz +n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W +l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l +YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc +ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9 +CLNNsUcCAwEAAaNQME4wHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G +A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wDQYJ +KoZIhvcNAQELBQADggEBADnZ9uXGAdwfNC3xuERIlBwgLROeBRGgcfHWdXZB/tWk +IM9ox88wYKWynanPbra4n0zhepooKt+naeY2HLR8UgwT6sTi0Yfld9mjytA8/DP6 +AcqtIDDf60vNI00sgxjgZqofVayA9KShzIPzjBec4zI1sg5YzoSNyH28VXFstEpi +8CVtmRYQHhc2gDI9MGge4sHRYwaIFkegzpwcEUnp6tTVe9ZvHawgsXF/rCGfH4M6 +uNO0D+9Md1bdW7382yOtWbkyibsugqnfBYCUH6hAhDlfYzpba2Smb0roc6Crq7HR +5HpEYY6qEir9wFMkD5MZsWrNRGRuzd5am82J+aaHz/4= +-----END CERTIFICATE----- diff --git a/deps/openssl/openssl/test/certs/client-ed25519-key.pem b/deps/openssl/openssl/test/certs/client-ed25519-key.pem new file mode 100644 index 00000000000000..3f673b311bb8e2 --- /dev/null +++ b/deps/openssl/openssl/test/certs/client-ed25519-key.pem @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEINZzpIpIiXXsKx4M7mUr2cb+DMfgHyu2msRAgNa5CxJJ +-----END PRIVATE KEY----- diff --git a/deps/openssl/openssl/test/certs/client-ed448-cert.pem b/deps/openssl/openssl/test/certs/client-ed448-cert.pem new file mode 100644 index 00000000000000..3d6d5e87c97535 --- /dev/null +++ b/deps/openssl/openssl/test/certs/client-ed448-cert.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICQDCCASigAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE4MDIyNzE3MTAxN1oYDzIxMTgwMjI4MTcxMDE3WjAXMRUwEwYDVQQD +DAxDbGllbnQtRWQ0NDgwQzAFBgMrZXEDOgB4bFbdmw9IviAHXKt/2/hRDaiEr6JH +bsLr3IPNQq3XIYxYh4AIPx3YffYW3xukHDGWTQ50dptQiwCjezB5MB0GA1UdDgQW +BBTEno3ezhmTYZzGdD65nVRMp3f2hzAfBgNVHSMEGDAWgBSO9SWvHptrhD18gJrJ +U5xNcvejUjAJBgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMBcGA1UdEQQQ +MA6CDENsaWVudC1FZDQ0ODANBgkqhkiG9w0BAQsFAAOCAQEAP2/y30iko57i8lUY +ju9Vb4V0TCATKa+HNnzHG1jyWAgiWpPtHe269Cnb8AvdwWKVeppKkG6LeWHo3btP +LOd8xEFhnklM4rPkxMYMCQ0lcw2xagbw3CW12mLs15N3QCjxSnA/kuuftzor9fRl +gzazVh4Kf/jXtlRyBI6R4+bXSGgKhIipdBF5xWmTPvZBViWKxgysQuP1bNzw9AC4 +QMGm4ApOVuY9iE8dPYKgJUVGWc3d9l23fkd422kEgz5euK66HovjYaBj0S0kZhEZ +tWUCRTcv4k40ke2jr8/Zm3Ugab09XWU2T98k/OvXu+Y0AlLMZp2ehC6wXObprEXv +dY5URg== +-----END CERTIFICATE----- diff --git a/deps/openssl/openssl/test/certs/client-ed448-key.pem b/deps/openssl/openssl/test/certs/client-ed448-key.pem new file mode 100644 index 00000000000000..ab4d7ff3de29c6 --- /dev/null +++ b/deps/openssl/openssl/test/certs/client-ed448-key.pem @@ -0,0 +1,4 @@ +-----BEGIN PRIVATE KEY----- +MEcCAQAwBQYDK2VxBDsEOWmRn7GCRupyB1q/qQZ+h1lEt+TGtZSNJ5U+Saa+X+hk +gWpeKJP9MTpw7kdMAeAhb6XlhCANH2zV9A== +-----END PRIVATE KEY----- diff --git a/deps/openssl/openssl/test/certs/cyrillic.msb b/deps/openssl/openssl/test/certs/cyrillic.msb new file mode 100644 index 00000000000000..8329590bf00f0a --- /dev/null +++ b/deps/openssl/openssl/test/certs/cyrillic.msb @@ -0,0 +1,83 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + be:47:3c:53:a6:2a:c0:3a + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=RU, ST=\U041C\U043E\U0441\U043A\U0432\U0430, L=\U041C\U043E\U0441\U043A\U0432\U0430, O=\U0414\U043C\U0438\U0442\U0440\U0438\U0439 \U0411\U0435\U043B\U044F\U0432\U0441\U043A\U0438\U0439, OU=\U042F, CN=Dmitry Belyavskiy, emailAddress=beldmit@example.com + Validity + Not Before: Feb 21 19:35:22 2017 GMT + Not After : Mar 23 19:35:22 2017 GMT + Subject: C=RU, ST=\U041C\U043E\U0441\U043A\U0432\U0430, L=\U041C\U043E\U0441\U043A\U0432\U0430, O=\U0414\U043C\U0438\U0442\U0440\U0438\U0439 \U0411\U0435\U043B\U044F\U0432\U0441\U043A\U0438\U0439, OU=\U042F, CN=Dmitry Belyavskiy, emailAddress=beldmit@example.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:a4:57:96:36:55:6d:95:21:25:17:f8:85:87:53: + ba:bc:d5:9a:d6:dc:21:66:72:30:36:ca:94:43:3c: + 37:22:81:31:af:bb:8f:31:df:20:e2:6a:04:ee:12: + a1:ea:8c:94:63:84:ab:66:ca:e7:cf:ae:3f:f0:c0: + 38:7f:67:a8:bf:f4:8a:70:65:3d:5c:1f:60:0c:6a: + 86:b9:68:4f:45:37:0c:89:ef:45:e8:ab:c4:bd:1a: + 88:49:05:4b:5f:f4:a2:8d:1c:38:e4:50:54:aa:25: + a6:4d:5c:64:eb:1c:31:91:d1:38:f0:b4:82:4c:c4: + 58:60:4f:21:95:94:56:16:dc:d9:a7:30:46:54:bc: + cd:3a:3f:a4:54:58:a4:ea:0b:b0:7d:72:03:15:49: + 52:22:0f:a1:9b:aa:ca:0b:05:c6:ee:0c:0b:f4:58: + 0d:4c:1a:71:29:93:db:f7:12:f5:dc:df:01:15:18: + 07:d4:e4:f6:e0:c9:a9:09:da:03:23:da:fc:b4:07: + f3:86:18:87:1b:db:3f:50:fe:21:7a:9c:c1:00:5d: + 93:ec:f1:b9:5f:78:14:57:e1:01:b8:a9:e6:07:fd: + d3:77:bb:71:b4:1d:86:65:a8:0a:0a:a3:fe:f9:f5: + 83:a5:5c:cd:5d:ea:29:3c:1a:d8:63:6b:c5:c5:3e: + b2:d1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 11:49:46:19:2A:4E:4D:D1:C8:FB:79:55:3D:81:99:22:EE:34:4F:22 + X509v3 Authority Key Identifier: + keyid:11:49:46:19:2A:4E:4D:D1:C8:FB:79:55:3D:81:99:22:EE:34:4F:22 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 04:8f:c3:77:48:06:29:c0:8d:66:2e:6b:48:a3:b3:e0:dd:5b: + 0a:e7:a4:0b:7e:72:91:fc:37:29:7f:81:1e:60:66:7b:ba:94: + 30:f8:c0:79:56:bc:ed:87:88:d9:bd:d8:7b:dc:1b:87:bb:ef: + 15:d0:77:74:59:d7:3f:30:09:71:86:da:d7:d7:50:cb:ef:8f: + 34:26:76:b5:0a:de:d0:ce:ca:40:57:86:ce:13:24:2a:9e:97: + db:5d:3e:73:8c:24:cc:89:84:42:04:45:62:f9:fd:4b:79:b2: + 1b:a0:01:d7:4c:1f:4d:d1:4c:5b:99:0a:27:5e:c9:79:3c:0f: + b7:3c:09:db:32:d6:ca:56:91:32:0d:7f:79:94:bc:bc:a8:ba: + 54:4b:39:6e:2d:9a:21:77:13:f8:b5:62:5d:a8:8c:c8:8d:ec: + 67:6c:14:2d:f6:ce:e6:d3:a6:fa:37:36:5b:31:7a:80:66:83: + 02:64:82:c1:ec:bf:38:8e:49:b0:e5:ec:09:9b:80:16:e4:32: + 91:4e:72:c4:5f:2d:b3:e9:57:b1:00:36:2d:1a:e9:9f:4a:b1: + 1c:d1:ae:fb:15:79:02:0b:14:97:81:ee:42:01:ed:00:58:38: + b2:30:89:f2:89:11:b7:03:7c:16:95:30:eb:32:9c:9f:00:e5: + 22:12:db:7a +-----BEGIN CERTIFICATE----- +MIIEPTCCAyWgAwIBAgIJAL5HPFOmKsA6MA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD +VQQGEwJSVTEVMBMGA1UECAwM0JzQvtGB0LrQstCwMRUwEwYDVQQHDAzQnNC+0YHQ +utCy0LAxKjAoBgNVBAoMIdCU0LzQuNGC0YDQuNC5INCR0LXQu9GP0LLRgdC60LjQ +uTELMAkGA1UECwwC0K8xGjAYBgNVBAMMEURtaXRyeSBCZWx5YXZza2l5MSIwIAYJ +KoZIhvcNAQkBFhNiZWxkbWl0QGV4YW1wbGUuY29tMB4XDTE3MDIyMTE5MzUyMloX +DTE3MDMyMzE5MzUyMlowgbQxCzAJBgNVBAYTAlJVMRUwEwYDVQQIDAzQnNC+0YHQ +utCy0LAxFTATBgNVBAcMDNCc0L7RgdC60LLQsDEqMCgGA1UECgwh0JTQvNC40YLR +gNC40Lkg0JHQtdC70Y/QstGB0LrQuNC5MQswCQYDVQQLDALQrzEaMBgGA1UEAwwR +RG1pdHJ5IEJlbHlhdnNraXkxIjAgBgkqhkiG9w0BCQEWE2JlbGRtaXRAZXhhbXBs +ZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkV5Y2VW2VISUX ++IWHU7q81ZrW3CFmcjA2ypRDPDcigTGvu48x3yDiagTuEqHqjJRjhKtmyufPrj/w +wDh/Z6i/9IpwZT1cH2AMaoa5aE9FNwyJ70Xoq8S9GohJBUtf9KKNHDjkUFSqJaZN +XGTrHDGR0TjwtIJMxFhgTyGVlFYW3NmnMEZUvM06P6RUWKTqC7B9cgMVSVIiD6Gb +qsoLBcbuDAv0WA1MGnEpk9v3EvXc3wEVGAfU5PbgyakJ2gMj2vy0B/OGGIcb2z9Q +/iF6nMEAXZPs8blfeBRX4QG4qeYH/dN3u3G0HYZlqAoKo/759YOlXM1d6ik8Gthj +a8XFPrLRAgMBAAGjUDBOMB0GA1UdDgQWBBQRSUYZKk5N0cj7eVU9gZki7jRPIjAf +BgNVHSMEGDAWgBQRSUYZKk5N0cj7eVU9gZki7jRPIjAMBgNVHRMEBTADAQH/MA0G +CSqGSIb3DQEBCwUAA4IBAQAEj8N3SAYpwI1mLmtIo7Pg3VsK56QLfnKR/Dcpf4Ee +YGZ7upQw+MB5Vrzth4jZvdh73BuHu+8V0Hd0Wdc/MAlxhtrX11DL7480Jna1Ct7Q +zspAV4bOEyQqnpfbXT5zjCTMiYRCBEVi+f1LebIboAHXTB9N0UxbmQonXsl5PA+3 +PAnbMtbKVpEyDX95lLy8qLpUSzluLZohdxP4tWJdqIzIjexnbBQt9s7m06b6NzZb +MXqAZoMCZILB7L84jkmw5ewJm4AW5DKRTnLEXy2z6VexADYtGumfSrEc0a77FXkC +CxSXge5CAe0AWDiyMInyiRG3A3wWlTDrMpyfAOUiEtt6 +-----END CERTIFICATE----- diff --git a/deps/openssl/openssl/test/certs/cyrillic.pem b/deps/openssl/openssl/test/certs/cyrillic.pem new file mode 100644 index 00000000000000..7bf135d4b64d55 --- /dev/null +++ b/deps/openssl/openssl/test/certs/cyrillic.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEPTCCAyWgAwIBAgIJAL5HPFOmKsA6MA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD +VQQGEwJSVTEVMBMGA1UECAwM0JzQvtGB0LrQstCwMRUwEwYDVQQHDAzQnNC+0YHQ +utCy0LAxKjAoBgNVBAoMIdCU0LzQuNGC0YDQuNC5INCR0LXQu9GP0LLRgdC60LjQ +uTELMAkGA1UECwwC0K8xGjAYBgNVBAMMEURtaXRyeSBCZWx5YXZza2l5MSIwIAYJ +KoZIhvcNAQkBFhNiZWxkbWl0QGV4YW1wbGUuY29tMB4XDTE3MDIyMTE5MzUyMloX +DTE3MDMyMzE5MzUyMlowgbQxCzAJBgNVBAYTAlJVMRUwEwYDVQQIDAzQnNC+0YHQ +utCy0LAxFTATBgNVBAcMDNCc0L7RgdC60LLQsDEqMCgGA1UECgwh0JTQvNC40YLR +gNC40Lkg0JHQtdC70Y/QstGB0LrQuNC5MQswCQYDVQQLDALQrzEaMBgGA1UEAwwR +RG1pdHJ5IEJlbHlhdnNraXkxIjAgBgkqhkiG9w0BCQEWE2JlbGRtaXRAZXhhbXBs +ZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkV5Y2VW2VISUX ++IWHU7q81ZrW3CFmcjA2ypRDPDcigTGvu48x3yDiagTuEqHqjJRjhKtmyufPrj/w +wDh/Z6i/9IpwZT1cH2AMaoa5aE9FNwyJ70Xoq8S9GohJBUtf9KKNHDjkUFSqJaZN +XGTrHDGR0TjwtIJMxFhgTyGVlFYW3NmnMEZUvM06P6RUWKTqC7B9cgMVSVIiD6Gb +qsoLBcbuDAv0WA1MGnEpk9v3EvXc3wEVGAfU5PbgyakJ2gMj2vy0B/OGGIcb2z9Q +/iF6nMEAXZPs8blfeBRX4QG4qeYH/dN3u3G0HYZlqAoKo/759YOlXM1d6ik8Gthj +a8XFPrLRAgMBAAGjUDBOMB0GA1UdDgQWBBQRSUYZKk5N0cj7eVU9gZki7jRPIjAf +BgNVHSMEGDAWgBQRSUYZKk5N0cj7eVU9gZki7jRPIjAMBgNVHRMEBTADAQH/MA0G +CSqGSIb3DQEBCwUAA4IBAQAEj8N3SAYpwI1mLmtIo7Pg3VsK56QLfnKR/Dcpf4Ee +YGZ7upQw+MB5Vrzth4jZvdh73BuHu+8V0Hd0Wdc/MAlxhtrX11DL7480Jna1Ct7Q +zspAV4bOEyQqnpfbXT5zjCTMiYRCBEVi+f1LebIboAHXTB9N0UxbmQonXsl5PA+3 +PAnbMtbKVpEyDX95lLy8qLpUSzluLZohdxP4tWJdqIzIjexnbBQt9s7m06b6NzZb +MXqAZoMCZILB7L84jkmw5ewJm4AW5DKRTnLEXy2z6VexADYtGumfSrEc0a77FXkC +CxSXge5CAe0AWDiyMInyiRG3A3wWlTDrMpyfAOUiEtt6 +-----END CERTIFICATE----- diff --git a/deps/openssl/openssl/test/certs/cyrillic.utf8 b/deps/openssl/openssl/test/certs/cyrillic.utf8 new file mode 100644 index 00000000000000..bd2995fefe9695 --- /dev/null +++ b/deps/openssl/openssl/test/certs/cyrillic.utf8 @@ -0,0 +1,83 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + be:47:3c:53:a6:2a:c0:3a + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=RU, ST=Москва, L=Москва, O=Дмитрий Белявский, OU=Я, CN=Dmitry Belyavskiy, emailAddress=beldmit@example.com + Validity + Not Before: Feb 21 19:35:22 2017 GMT + Not After : Mar 23 19:35:22 2017 GMT + Subject: C=RU, ST=Москва, L=Москва, O=Дмитрий Белявский, OU=Я, CN=Dmitry Belyavskiy, emailAddress=beldmit@example.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:a4:57:96:36:55:6d:95:21:25:17:f8:85:87:53: + ba:bc:d5:9a:d6:dc:21:66:72:30:36:ca:94:43:3c: + 37:22:81:31:af:bb:8f:31:df:20:e2:6a:04:ee:12: + a1:ea:8c:94:63:84:ab:66:ca:e7:cf:ae:3f:f0:c0: + 38:7f:67:a8:bf:f4:8a:70:65:3d:5c:1f:60:0c:6a: + 86:b9:68:4f:45:37:0c:89:ef:45:e8:ab:c4:bd:1a: + 88:49:05:4b:5f:f4:a2:8d:1c:38:e4:50:54:aa:25: + a6:4d:5c:64:eb:1c:31:91:d1:38:f0:b4:82:4c:c4: + 58:60:4f:21:95:94:56:16:dc:d9:a7:30:46:54:bc: + cd:3a:3f:a4:54:58:a4:ea:0b:b0:7d:72:03:15:49: + 52:22:0f:a1:9b:aa:ca:0b:05:c6:ee:0c:0b:f4:58: + 0d:4c:1a:71:29:93:db:f7:12:f5:dc:df:01:15:18: + 07:d4:e4:f6:e0:c9:a9:09:da:03:23:da:fc:b4:07: + f3:86:18:87:1b:db:3f:50:fe:21:7a:9c:c1:00:5d: + 93:ec:f1:b9:5f:78:14:57:e1:01:b8:a9:e6:07:fd: + d3:77:bb:71:b4:1d:86:65:a8:0a:0a:a3:fe:f9:f5: + 83:a5:5c:cd:5d:ea:29:3c:1a:d8:63:6b:c5:c5:3e: + b2:d1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 11:49:46:19:2A:4E:4D:D1:C8:FB:79:55:3D:81:99:22:EE:34:4F:22 + X509v3 Authority Key Identifier: + keyid:11:49:46:19:2A:4E:4D:D1:C8:FB:79:55:3D:81:99:22:EE:34:4F:22 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 04:8f:c3:77:48:06:29:c0:8d:66:2e:6b:48:a3:b3:e0:dd:5b: + 0a:e7:a4:0b:7e:72:91:fc:37:29:7f:81:1e:60:66:7b:ba:94: + 30:f8:c0:79:56:bc:ed:87:88:d9:bd:d8:7b:dc:1b:87:bb:ef: + 15:d0:77:74:59:d7:3f:30:09:71:86:da:d7:d7:50:cb:ef:8f: + 34:26:76:b5:0a:de:d0:ce:ca:40:57:86:ce:13:24:2a:9e:97: + db:5d:3e:73:8c:24:cc:89:84:42:04:45:62:f9:fd:4b:79:b2: + 1b:a0:01:d7:4c:1f:4d:d1:4c:5b:99:0a:27:5e:c9:79:3c:0f: + b7:3c:09:db:32:d6:ca:56:91:32:0d:7f:79:94:bc:bc:a8:ba: + 54:4b:39:6e:2d:9a:21:77:13:f8:b5:62:5d:a8:8c:c8:8d:ec: + 67:6c:14:2d:f6:ce:e6:d3:a6:fa:37:36:5b:31:7a:80:66:83: + 02:64:82:c1:ec:bf:38:8e:49:b0:e5:ec:09:9b:80:16:e4:32: + 91:4e:72:c4:5f:2d:b3:e9:57:b1:00:36:2d:1a:e9:9f:4a:b1: + 1c:d1:ae:fb:15:79:02:0b:14:97:81:ee:42:01:ed:00:58:38: + b2:30:89:f2:89:11:b7:03:7c:16:95:30:eb:32:9c:9f:00:e5: + 22:12:db:7a +-----BEGIN CERTIFICATE----- +MIIEPTCCAyWgAwIBAgIJAL5HPFOmKsA6MA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD +VQQGEwJSVTEVMBMGA1UECAwM0JzQvtGB0LrQstCwMRUwEwYDVQQHDAzQnNC+0YHQ +utCy0LAxKjAoBgNVBAoMIdCU0LzQuNGC0YDQuNC5INCR0LXQu9GP0LLRgdC60LjQ +uTELMAkGA1UECwwC0K8xGjAYBgNVBAMMEURtaXRyeSBCZWx5YXZza2l5MSIwIAYJ +KoZIhvcNAQkBFhNiZWxkbWl0QGV4YW1wbGUuY29tMB4XDTE3MDIyMTE5MzUyMloX +DTE3MDMyMzE5MzUyMlowgbQxCzAJBgNVBAYTAlJVMRUwEwYDVQQIDAzQnNC+0YHQ +utCy0LAxFTATBgNVBAcMDNCc0L7RgdC60LLQsDEqMCgGA1UECgwh0JTQvNC40YLR +gNC40Lkg0JHQtdC70Y/QstGB0LrQuNC5MQswCQYDVQQLDALQrzEaMBgGA1UEAwwR +RG1pdHJ5IEJlbHlhdnNraXkxIjAgBgkqhkiG9w0BCQEWE2JlbGRtaXRAZXhhbXBs +ZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkV5Y2VW2VISUX ++IWHU7q81ZrW3CFmcjA2ypRDPDcigTGvu48x3yDiagTuEqHqjJRjhKtmyufPrj/w +wDh/Z6i/9IpwZT1cH2AMaoa5aE9FNwyJ70Xoq8S9GohJBUtf9KKNHDjkUFSqJaZN +XGTrHDGR0TjwtIJMxFhgTyGVlFYW3NmnMEZUvM06P6RUWKTqC7B9cgMVSVIiD6Gb +qsoLBcbuDAv0WA1MGnEpk9v3EvXc3wEVGAfU5PbgyakJ2gMj2vy0B/OGGIcb2z9Q +/iF6nMEAXZPs8blfeBRX4QG4qeYH/dN3u3G0HYZlqAoKo/759YOlXM1d6ik8Gthj +a8XFPrLRAgMBAAGjUDBOMB0GA1UdDgQWBBQRSUYZKk5N0cj7eVU9gZki7jRPIjAf +BgNVHSMEGDAWgBQRSUYZKk5N0cj7eVU9gZki7jRPIjAMBgNVHRMEBTADAQH/MA0G +CSqGSIb3DQEBCwUAA4IBAQAEj8N3SAYpwI1mLmtIo7Pg3VsK56QLfnKR/Dcpf4Ee +YGZ7upQw+MB5Vrzth4jZvdh73BuHu+8V0Hd0Wdc/MAlxhtrX11DL7480Jna1Ct7Q +zspAV4bOEyQqnpfbXT5zjCTMiYRCBEVi+f1LebIboAHXTB9N0UxbmQonXsl5PA+3 +PAnbMtbKVpEyDX95lLy8qLpUSzluLZohdxP4tWJdqIzIjexnbBQt9s7m06b6NzZb +MXqAZoMCZILB7L84jkmw5ewJm4AW5DKRTnLEXy2z6VexADYtGumfSrEc0a77FXkC +CxSXge5CAe0AWDiyMInyiRG3A3wWlTDrMpyfAOUiEtt6 +-----END CERTIFICATE----- diff --git a/deps/openssl/openssl/test/certs/cyrillic_crl.pem b/deps/openssl/openssl/test/certs/cyrillic_crl.pem new file mode 100644 index 00000000000000..5ba2b2c9771bbb --- /dev/null +++ b/deps/openssl/openssl/test/certs/cyrillic_crl.pem @@ -0,0 +1,13 @@ +-----BEGIN X509 CRL----- +MIIB6DCB0QIBATANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMCUlUxFTATBgNV +BAgMDNCc0L7RgdC60LLQsDELMAkGA1UECgwC0K8xCzAJBgNVBAsMAtCvMSowKAYD +VQQDDCHQlNC80LjRgtGA0LjQuSDQkdC10LvRj9Cy0YHQutC40LkxIjAgBgkqhkiG +9w0BCQEWE2JlbGRtaXRAZXhhbXBsZS5jb20XDTE3MDQyNDEzMjUzMVoXDTE3MDUy +NDEzMjUzMVqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQCF5eX+ +1BM/BxoHU2/3pQHJgPSKevN0/K/daiFHiJl7Kb9GCwKY14B1RvbN2rUP/58Mt+aq +jvauf1yBzlaJQeJKZcsCmG9p6Tr1y0BJXhrq5kC0SLyNDsfGUTfuxnwmo+clHXRU ++gKuk+h0WkJL022ZYbJ38w588k4NT3CWVHeE23EDC264p942mlDE7en6MyL152Pe +Ld9YrWiq5iOIOrIbQLErq0EjwxvHG9sMiYFUa6VrwmRf26nyZ7u9RKJDP+o2dltw +diBaSXC3Qt3pZ8BIfv/l81lwp8Dr63SwCII2pIRplyICdQqmX/a+1q8kThXIP2Kx ++X48g7VE2o2X4cfy +-----END X509 CRL----- diff --git a/deps/openssl/openssl/test/certs/cyrillic_crl.utf8 b/deps/openssl/openssl/test/certs/cyrillic_crl.utf8 new file mode 100644 index 00000000000000..e71aa5b09c84ea --- /dev/null +++ b/deps/openssl/openssl/test/certs/cyrillic_crl.utf8 @@ -0,0 +1,39 @@ +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=RU, ST=Москва, O=Я, OU=Я, CN=Дмитрий Белявский, emailAddress=beldmit@example.com + Last Update: Apr 24 13:25:31 2017 GMT + Next Update: May 24 13:25:31 2017 GMT + CRL extensions: + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha256WithRSAEncryption + 85:e5:e5:fe:d4:13:3f:07:1a:07:53:6f:f7:a5:01:c9:80:f4: + 8a:7a:f3:74:fc:af:dd:6a:21:47:88:99:7b:29:bf:46:0b:02: + 98:d7:80:75:46:f6:cd:da:b5:0f:ff:9f:0c:b7:e6:aa:8e:f6: + ae:7f:5c:81:ce:56:89:41:e2:4a:65:cb:02:98:6f:69:e9:3a: + f5:cb:40:49:5e:1a:ea:e6:40:b4:48:bc:8d:0e:c7:c6:51:37: + ee:c6:7c:26:a3:e7:25:1d:74:54:fa:02:ae:93:e8:74:5a:42: + 4b:d3:6d:99:61:b2:77:f3:0e:7c:f2:4e:0d:4f:70:96:54:77: + 84:db:71:03:0b:6e:b8:a7:de:36:9a:50:c4:ed:e9:fa:33:22: + f5:e7:63:de:2d:df:58:ad:68:aa:e6:23:88:3a:b2:1b:40:b1: + 2b:ab:41:23:c3:1b:c7:1b:db:0c:89:81:54:6b:a5:6b:c2:64: + 5f:db:a9:f2:67:bb:bd:44:a2:43:3f:ea:36:76:5b:70:76:20: + 5a:49:70:b7:42:dd:e9:67:c0:48:7e:ff:e5:f3:59:70:a7:c0: + eb:eb:74:b0:08:82:36:a4:84:69:97:22:02:75:0a:a6:5f:f6: + be:d6:af:24:4e:15:c8:3f:62:b1:f9:7e:3c:83:b5:44:da:8d: + 97:e1:c7:f2 +-----BEGIN X509 CRL----- +MIIB6DCB0QIBATANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMCUlUxFTATBgNV +BAgMDNCc0L7RgdC60LLQsDELMAkGA1UECgwC0K8xCzAJBgNVBAsMAtCvMSowKAYD +VQQDDCHQlNC80LjRgtGA0LjQuSDQkdC10LvRj9Cy0YHQutC40LkxIjAgBgkqhkiG +9w0BCQEWE2JlbGRtaXRAZXhhbXBsZS5jb20XDTE3MDQyNDEzMjUzMVoXDTE3MDUy +NDEzMjUzMVqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQCF5eX+ +1BM/BxoHU2/3pQHJgPSKevN0/K/daiFHiJl7Kb9GCwKY14B1RvbN2rUP/58Mt+aq +jvauf1yBzlaJQeJKZcsCmG9p6Tr1y0BJXhrq5kC0SLyNDsfGUTfuxnwmo+clHXRU ++gKuk+h0WkJL022ZYbJ38w588k4NT3CWVHeE23EDC264p942mlDE7en6MyL152Pe +Ld9YrWiq5iOIOrIbQLErq0EjwxvHG9sMiYFUa6VrwmRf26nyZ7u9RKJDP+o2dltw +diBaSXC3Qt3pZ8BIfv/l81lwp8Dr63SwCII2pIRplyICdQqmX/a+1q8kThXIP2Kx ++X48g7VE2o2X4cfy +-----END X509 CRL----- diff --git a/deps/openssl/openssl/test/certs/dhp2048.pem b/deps/openssl/openssl/test/certs/dhp2048.pem new file mode 100644 index 00000000000000..9ee474b82056f0 --- /dev/null +++ b/deps/openssl/openssl/test/certs/dhp2048.pem @@ -0,0 +1,8 @@ +-----BEGIN DH PARAMETERS----- +MIIBCAKCAQEAoI0V5HKAcsG4LlAnVJhYnnl2ErOcdvz7WN4n+LoSkZVkfPcPExAF +uXnT6v16rYfxCgZDPB/tSYaRhOxpJgaAHGA9PrfwprM4xQm9HLIWtidyIGtkgynQ +rrtxaCculbPOMxc1od7V0jw8/Sj4pdKjijmdvY3VsvuQPu6Lo7qV94u3pYN+WSP9 +ESPcY0lvIV0s0eYxzU5LOU7FZRv6gpe658yxnpaQf13M3sFBqcQEnw+vIjNyaBBK +Nm4jVFeKCN3aIz+yJL8y14HEnV/tnhtIrr33MAJvsG1qFBY7iFvbvlx/gKDW7qyk +V0/iN2uElrJZIGxD2uPMZNXO+dci+EriMwIBAg== +-----END DH PARAMETERS----- diff --git a/deps/openssl/openssl/test/certs/ee-ecdsa-client-chain.pem b/deps/openssl/openssl/test/certs/ee-ecdsa-client-chain.pem new file mode 100644 index 00000000000000..ba04fdbd793e5b --- /dev/null +++ b/deps/openssl/openssl/test/certs/ee-ecdsa-client-chain.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIICXDCCAUSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg +Fw0xNzAyMTUxOTMxMTBaGA8yMTE3MDIxNjE5MzExMFowHDEaMBgGA1UEAwwRRUNE +U0EgQ2xpZW50IEF1dGgwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATpeZcBUFBT +zmRIEaNlNcLA3+dvPgc5T3y2/Cut6ixNHjGCM1KzMSyZC2LwBhtKAl1CJxAfPvoP +WECveS18FWXWo4GAMH4wHQYDVR0OBBYEFKP225wj9a3okk5Y2GvNHvJqH8sAMB8G +A1UdIwQYMBaAFLQRM/HX4l73U54gIhBPhga/H8leMAkGA1UdEwQCMAAwEwYDVR0l +BAwwCgYIKwYBBQUHAwIwHAYDVR0RBBUwE4IRRUNEU0EgQ2xpZW50IEF1dGgwDQYJ +KoZIhvcNAQELBQADggEBAG8P/XEQnwHrd3O6GIAE5/Yloxqrjw5CoxbKmmVwrojz +JGMHXPqE+V+RGUUnvP9Za8mIxtTi6hfvPRGNxRUhsPHXcQ52kwYf6r/ZeSXT0yFF +ITVFFXM63p/jfF1NQgeEQ2NgPYJ9H6WTQbOu7EkaF/2E//DPUf93is8DKUgFLtdM +p5Afb4yMul64wS2nHZIa3oR+15BDCQJ0FQtYX5bM2+6AZ0EZZT6q6t1cRRW8Tk4d +YyUS5SSfxEdhdxnLPM5n88IYFhHV5klhgfp42CRXOWgLSBQeBZ8LqgUs7buHSxv5 +duOKJn5+mGvktlxvThrXpKgBx3yApThRKmBvb6Avrq8= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIC7DCCAdSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjANMQswCQYDVQQD +DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd +j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz +n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W +l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l +YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc +ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9 +CLNNsUcCAwEAAaNQME4wHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G +A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wDQYJ +KoZIhvcNAQELBQADggEBADnZ9uXGAdwfNC3xuERIlBwgLROeBRGgcfHWdXZB/tWk +IM9ox88wYKWynanPbra4n0zhepooKt+naeY2HLR8UgwT6sTi0Yfld9mjytA8/DP6 +AcqtIDDf60vNI00sgxjgZqofVayA9KShzIPzjBec4zI1sg5YzoSNyH28VXFstEpi +8CVtmRYQHhc2gDI9MGge4sHRYwaIFkegzpwcEUnp6tTVe9ZvHawgsXF/rCGfH4M6 +uNO0D+9Md1bdW7382yOtWbkyibsugqnfBYCUH6hAhDlfYzpba2Smb0roc6Crq7HR +5HpEYY6qEir9wFMkD5MZsWrNRGRuzd5am82J+aaHz/4= +-----END CERTIFICATE----- diff --git a/deps/openssl/openssl/test/certs/ee-ecdsa-key.pem b/deps/openssl/openssl/test/certs/ee-ecdsa-key.pem new file mode 100644 index 00000000000000..6844a0b363ba26 --- /dev/null +++ b/deps/openssl/openssl/test/certs/ee-ecdsa-key.pem @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgi5sKk1Y8QjhMSK6P +69wCABpFCv9/aCaMpLhlzAMfEjOhRANCAATpeZcBUFBTzmRIEaNlNcLA3+dvPgc5 +T3y2/Cut6ixNHjGCM1KzMSyZC2LwBhtKAl1CJxAfPvoPWECveS18FWXW +-----END PRIVATE KEY----- diff --git a/deps/openssl/openssl/test/certs/ee-ed25519.pem b/deps/openssl/openssl/test/certs/ee-ed25519.pem new file mode 100644 index 00000000000000..3f4b5b2ac79d96 --- /dev/null +++ b/deps/openssl/openssl/test/certs/ee-ed25519.pem @@ -0,0 +1,9 @@ +-----BEGIN CERTIFICATE----- +MIIBLDCB36ADAgECAghWAUdKKo3DMDAFBgMrZXAwGTEXMBUGA1UEAwwOSUVURiBUZX +N0IERlbW8wHhcNMTYwODAxMTIxOTI0WhcNNDAxMjMxMjM1OTU5WjAZMRcwFQYDVQQD +DA5JRVRGIFRlc3QgRGVtbzAqMAUGAytlbgMhAIUg8AmJMKdUdIt93LQ+91oNvzoNJj +ga9OukqY6qm05qo0UwQzAPBgNVHRMBAf8EBTADAQEAMA4GA1UdDwEBAAQEAwIDCDAg +BgNVHQ4BAQAEFgQUmx9e7e0EM4Xk97xiPFl1uQvIuzswBQYDK2VwA0EAryMB/t3J5v +/BzKc9dNZIpDmAgs3babFOTQbs+BolzlDUwsPrdGxO3YNGhW7Ibz3OGhhlxXrCe1Cg +w1AH9efZBw== +-----END CERTIFICATE----- diff --git a/deps/openssl/openssl/test/certs/ee-pss-sha1-cert.pem b/deps/openssl/openssl/test/certs/ee-pss-sha1-cert.pem new file mode 100644 index 00000000000000..b504aea5813ae8 --- /dev/null +++ b/deps/openssl/openssl/test/certs/ee-pss-sha1-cert.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDFDCCAfygAwIBAgIBAjANBgkqhkiG9w0BAQowADANMQswCQYDVQQDDAJDQTAg +Fw0xNzA0MjQyMTE5NDlaGA8yMTE3MDQyNTIxMTk0OVowEzERMA8GA1UEAwwIUFNT +LVNIQTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lYYYWu3tss +D9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT5Rcf/w3G +Q/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1lDz9mjsI2 +oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1U7OWaoIb +FYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5ep5LR2in +Kcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tniIQPYf55 +NB9KiR+3AgMBAAGjdzB1MB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gil+FzojAf +BgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAAMBMGA1Ud +JQQMMAoGCCsGAQUFBwMBMBMGA1UdEQQMMAqCCFBTUy1TSEExMA0GCSqGSIb3DQEB +CjAAA4IBAQCC4qIOu7FVYMvRx13IrvzviF+RFRRfAD5NZSPFw5+riLMeRlA4Pdw/ +vCctNIpqjDaSFu8BRTUuyHPXSIvPo0Rl64TsfQNHP1Ut1/8XCecYCEBx/ROJHbM5 +YjoHMCAy+mR3f4BK1827Mp5U/wRJ6ljvE5EbALQ06ZEuIO6zqEAO6AROUCjWSyFd +z9fkEHS0XmploIywH4QXR7X+ueWOE3n76x+vziM4qoGsYxy0sxePfTWM1DscT1Kt +l5skZdZEKo6J8m8ImxfmtLutky2/tw5cdeWbovX3xfipabjPqpzO9Tf9aa4iblJa +AEQwRss+D6ixFO1rNKs1fjFva7A+9lrO +-----END CERTIFICATE----- diff --git a/deps/openssl/openssl/test/certs/ee-pss-sha256-cert.pem b/deps/openssl/openssl/test/certs/ee-pss-sha256-cert.pem new file mode 100644 index 00000000000000..cde508992639cd --- /dev/null +++ b/deps/openssl/openssl/test/certs/ee-pss-sha256-cert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDeDCCAjCgAwIBAgIBAjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEa +MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIDANMQswCQYDVQQDDAJDQTAg +Fw0xNzA0MjQyMTE5NDlaGA8yMTE3MDQyNTIxMTk0OVowFTETMBEGA1UEAwwKUFNT +LVNIQTI1NjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKj/iVhhha7e +2ywP1XP74reoG3p1YCvUfTxzdrWu3pMvfySQbckc9Io4zZ+igBZWy7Qsu5PlFx// +DcZD/jE0+CjYdemju4iC76Ny4lNiBUVN4DGX76qdENJYDZ4GnjK7GwhWXWUPP2aO +wjagEf/AWTX9SRzdHEIzBniuBDgj5ed1Z9OUrVqpQB+sWRD1DMFkrUrExjVTs5Zq +ghsVi9GZq+Seb5Sq0pblV/uMkWSKPCQWxtIZvoJgEztisO0+HbPK+WvfMbl6nktH +aKcpxz9K4iIntO+QY9fv0HJJPlutuRvUK2+GaN3VcxK4Q8ncQQ+io0ZPi2eIhA9h +/nk0H0qJH7cCAwEAAaN5MHcwHQYDVR0OBBYEFOeb4iqtimw6y3ZR5Y4HmCKX4XOi +MB8GA1UdIwQYMBaAFLQRM/HX4l73U54gIhBPhga/H8leMAkGA1UdEwQCMAAwEwYD +VR0lBAwwCgYIKwYBBQUHAwEwFQYDVR0RBA4wDIIKUFNTLVNIQTI1NjA9BgkqhkiG +9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQME +AgGiAwIBIAOCAQEAfKQyXj7HSdUQJA599+SBjalw3dsaxYg6wgLH1IW3GHXPR+c0 +4cugrsPFNRTZL2u/xwHfdxcR3N2vzsdqa+Ep3iyC6egiwxmhIkw0OI+uk/WO9P8Z +42bznkeDjOQ3Y04IIt7a5VbMY7AuWdQfnuVRFiJFAZi7s4+b6QL7+iwydZESVNRL +K+Y6rjMEOrGK7codcRKxrwIt7kxkcT7MI/O7Jt5aa1XDvdSzrieo/CpNVCLCm/zq +Hn1MZ7SAxjTlvwZIj1FhDrFJJppPc5fS7rQDcEaEV6qkBMowtccQR61Iim4834gV +ZTesKQBRtAgW/h4OD5Za98hSEesP6YNhE3GK7A== +-----END CERTIFICATE----- diff --git a/deps/openssl/openssl/test/certs/mkcert.sh b/deps/openssl/openssl/test/certs/mkcert.sh index ee31bf0097007f..bf61548dba72b4 100755 --- a/deps/openssl/openssl/test/certs/mkcert.sh +++ b/deps/openssl/openssl/test/certs/mkcert.sh @@ -1,13 +1,18 @@ #! /bin/bash # +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. # Copyright (c) 2016 Viktor Dukhovni . # All rights reserved. # -# Contributed to the OpenSSL project under the terms of the OpenSSL license -# included with the version of the OpenSSL software that includes this module. +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# This file is dual-licensed and is also available under other terms. +# Please contact the author. # 100 years should be enough for now -# if [ -z "$DAYS" ]; then DAYS=36525 fi @@ -48,6 +53,9 @@ key() { rsa) args=("${args[@]}" -pkeyopt rsa_keygen_bits:$bits );; ec) args=("${args[@]}" -pkeyopt "ec_paramgen_curve:$bits") args=("${args[@]}" -pkeyopt ec_param_enc:named_curve);; + dsa) args=(-paramfile "$bits");; + ed25519) ;; + ed448) ;; *) printf "Unsupported key algorithm: %s\n" "$alg" >&2; return 1;; esac stderr_onerror \ @@ -171,11 +179,11 @@ genpc() { -set_serial 2 -days "${DAYS}" } -# Usage: $0 genalt keyname certname eekeyname eecertname alt1 alt2 ... +# Usage: $0 geneealt keyname certname eekeyname eecertname alt1 alt2 ... # # Note: takes csr on stdin, so must be used with $0 req like this: # -# $0 req keyname dn | $0 genalt keyname certname eekeyname eecertname alt ... +# $0 req keyname dn | $0 geneealt keyname certname eekeyname eecertname alt ... geneealt() { local key=$1; shift local cert=$1; shift diff --git a/deps/openssl/openssl/test/certs/p256-server-cert.pem b/deps/openssl/openssl/test/certs/p256-server-cert.pem new file mode 100644 index 00000000000000..f144e11dcd102e --- /dev/null +++ b/deps/openssl/openssl/test/certs/p256-server-cert.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIByjCCAU+gAwIBAgIBAjAKBggqhkjOPQQDAjAbMRkwFwYDVQQDDBBFQ0RTQSBQ +LTM4NCByb290MCAXDTE3MDIxODE4NTA1NloYDzIxMTcwMjE5MTg1MDU2WjAcMRow +GAYDVQQDDBFQLTI1NiBTZXJ2ZXIgQ2VydDBZMBMGByqGSM49AgEGCCqGSM49AwEH +A0IABBQtneXPCnPgmqOCJdOnixLtRxYCYJoKLMTKpVRHg1toZa5hst1EmlfcIJ2q +0mwDj2N7MZxHCQKrY7h2ussdSuujgYAwfjAdBgNVHQ4EFgQUXkNyi959A0GuCidm +beH0E4OStLYwHwYDVR0jBBgwFoAUJtCPHXtf3B5/QYB9Y8ocdYHWhWkwCQYDVR0T +BAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAcBgNVHREEFTATghFQLTI1NiBTZXJ2 +ZXIgQ2VydDAKBggqhkjOPQQDAgNpADBmAjEA5Bli9loRg3x9jCo/Xyu6pxN9xmaA +GzGrJ+sVfAoKCDPjfvXR3VA+auFR7c65R3lvAjEAuNC6+SIYdp0kOXB9W0s5RcMl +e9e1+PVLCMU9PG1+lfy8cJV4iDymomx/+jX2f0R0 +-----END CERTIFICATE----- diff --git a/deps/openssl/openssl/test/certs/p256-server-key.pem b/deps/openssl/openssl/test/certs/p256-server-key.pem new file mode 100644 index 00000000000000..b2ebd6957db89b --- /dev/null +++ b/deps/openssl/openssl/test/certs/p256-server-key.pem @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgJ51ke8aiotgRnxNb +le4OYpOA/E5Cuj0+yU8lbeg0GgOhRANCAAQULZ3lzwpz4JqjgiXTp4sS7UcWAmCa +CizEyqVUR4NbaGWuYbLdRJpX3CCdqtJsA49jezGcRwkCq2O4drrLHUrr +-----END PRIVATE KEY----- diff --git a/deps/openssl/openssl/test/certs/p384-root-key.pem b/deps/openssl/openssl/test/certs/p384-root-key.pem new file mode 100644 index 00000000000000..6556c56e1b2f92 --- /dev/null +++ b/deps/openssl/openssl/test/certs/p384-root-key.pem @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAp+VkMpwM7uCJWk+fo +bSxLtiF2nd/4YDJy2IjO+IjzoEDGJB4Ekr1AGxYmiS57IVWhZANiAAS/4vfY5YBd +dvcJs81VXvm3gqwIvzycNtT48ZQ9bqGJBERMAXkmOgzPVz4cSIr33KfIKGhfgjVK +xSAorUKfc0cWf0dZZh3UxpXeN1x3dxtK3hED1y8pemwuz3tYuuOBbtw= +-----END PRIVATE KEY----- diff --git a/deps/openssl/openssl/test/certs/p384-root.pem b/deps/openssl/openssl/test/certs/p384-root.pem new file mode 100644 index 00000000000000..df5057f94a3da5 --- /dev/null +++ b/deps/openssl/openssl/test/certs/p384-root.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBtzCCAT2gAwIBAgIBATAKBggqhkjOPQQDAjAbMRkwFwYDVQQDDBBFQ0RTQSBQ +LTM4NCByb290MCAXDTE3MDIxODEzNDUzN1oYDzIxMTcwMjE5MTM0NTM3WjAbMRkw +FwYDVQQDDBBFQ0RTQSBQLTM4NCByb290MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE +v+L32OWAXXb3CbPNVV75t4KsCL88nDbU+PGUPW6hiQRETAF5JjoMz1c+HEiK99yn +yChoX4I1SsUgKK1Cn3NHFn9HWWYd1MaV3jdcd3cbSt4RA9cvKXpsLs97WLrjgW7c +o1MwUTAdBgNVHQ4EFgQUJtCPHXtf3B5/QYB9Y8ocdYHWhWkwHwYDVR0jBBgwFoAU +JtCPHXtf3B5/QYB9Y8ocdYHWhWkwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQD +AgNoADBlAjEA9ZGtIjZhUPqqyjB2YdfXh7K+AUIXdxmtHmioVNbksIApEzbZ25rI +o1WkqRowwbkNAjAw0TzgEv0q4MtQN0G5Lh/z0aVdaFICpXI6UhDXZyiZeRjt2Lbi +3Da3rKRZdHHswY4= +-----END CERTIFICATE----- diff --git a/deps/openssl/openssl/test/certs/p384-server-cert.pem b/deps/openssl/openssl/test/certs/p384-server-cert.pem new file mode 100644 index 00000000000000..c6435122a13d2e --- /dev/null +++ b/deps/openssl/openssl/test/certs/p384-server-cert.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB5jCCAWygAwIBAgIBAjAKBggqhkjOPQQDAjAbMRkwFwYDVQQDDBBFQ0RTQSBQ +LTM4NCByb290MCAXDTE3MDIxODE4NDk1NFoYDzIxMTcwMjE5MTg0OTU0WjAcMRow +GAYDVQQDDBFQLTM4NCBTZXJ2ZXIgQ2VydDB2MBAGByqGSM49AgEGBSuBBAAiA2IA +BNgfdX1zL/wbUQekHkIYpI9KKBDH5oxUbjeHqc0EkEDOLHs7zb3f7UdsqaZ/4Ukn +Wqm8Kmcz5TOYpvg7gn+jPmtVpI2BCfxqYD2WceePkllWENoJFtt/VwOPMGMymeUH +3KOBgDB+MB0GA1UdDgQWBBSY+ffqAKeBpiQl4b6hjUOXuBbIljAfBgNVHSMEGDAW +gBQm0I8de1/cHn9BgH1jyhx1gdaFaTAJBgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsG +AQUFBwMBMBwGA1UdEQQVMBOCEVAtMzg0IFNlcnZlciBDZXJ0MAoGCCqGSM49BAMC +A2gAMGUCMQDD1uzmDMxAmkyokImzX4hW6f2Hxt/iZJhT6C15zCjYfoWcBdP/EiF5 +m2FMPUvxq+0CMAmKOndcfOwQ7OoaEUySx2q10iXgrkE42HsTvFER8FUN7repOUnD +JhC9UKJW7I5A9w== +-----END CERTIFICATE----- diff --git a/deps/openssl/openssl/test/certs/p384-server-key.pem b/deps/openssl/openssl/test/certs/p384-server-key.pem new file mode 100644 index 00000000000000..438e8f47f9254b --- /dev/null +++ b/deps/openssl/openssl/test/certs/p384-server-key.pem @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBg3D9RcSwjYqyeLmW+ +nw3mGtBTeNFH2heMO4uOl3EAzJAB8Q+1DjD9Prlrsc+JX7yhZANiAATYH3V9cy/8 +G1EHpB5CGKSPSigQx+aMVG43h6nNBJBAzix7O8293+1HbKmmf+FJJ1qpvCpnM+Uz +mKb4O4J/oz5rVaSNgQn8amA9lnHnj5JZVhDaCRbbf1cDjzBjMpnlB9w= +-----END PRIVATE KEY----- diff --git a/deps/openssl/openssl/test/certs/root-ed25519.pem b/deps/openssl/openssl/test/certs/root-ed25519.pem new file mode 100644 index 00000000000000..e509d540110f72 --- /dev/null +++ b/deps/openssl/openssl/test/certs/root-ed25519.pem @@ -0,0 +1,9 @@ +-----BEGIN CERTIFICATE----- +MIIBODCB66ADAgECAgkAhPEIPRzjLZUwBQYDK2VwMBkxFzAVBgNVBAMMDklFVEYg +VGVzdCBEZW1vMB4XDTE3MDQxOTIxMzYzOVoXDTQxMDIxMjIxMzYzOVowGTEXMBUG +A1UEAwwOSUVURiBUZXN0IERlbW8wKjAFBgMrZXADIQAZv0QJaYTN/oVBusFn3DuW +yFCGqjC2tssMXDitcDFm4aNQME4wHQYDVR0OBBYEFKKMwfhuWWDT4DrnXJYsl6jU +SCk8MB8GA1UdIwQYMBaAFKKMwfhuWWDT4DrnXJYsl6jUSCk8MAwGA1UdEwQFMAMB +Af8wBQYDK2VwA0EAa6iEoQZBWB1MhCzASv5HuFM7fR5Nz2/KM7GxYjQWsfvK2Ds1 +jaPSG7Lx4uywIndMafp5CoPoFr6yLBkt+NZLAg== +-----END CERTIFICATE----- diff --git a/deps/openssl/openssl/test/certs/server-cecdsa-cert.pem b/deps/openssl/openssl/test/certs/server-cecdsa-cert.pem new file mode 100644 index 00000000000000..6446bbf08a4de2 --- /dev/null +++ b/deps/openssl/openssl/test/certs/server-cecdsa-cert.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICSDCCATCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE3MDIyNDE3MjgxOFoYDzIxMTcwMjI1MTcyODE4WjAfMR0wGwYDVQQD +DBRFQ0RTQSBjb21wcmVzc2VkIGtleTA5MBMGByqGSM49AgEGCCqGSM49AwEHAyIA +AuI7NNxE483tJyIKT6KOQM5Zlfrigh12BEcHxnzpudgVo4GEMIGBMB0GA1UdDgQW +BBRYM6sJF9MGP6q5g0lxnwQzVozv2DAfBgNVHSMEGDAWgBRwfy6ug2hZmAQjKs3r +PhfNJN0BSTAJBgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB8GA1UdEQQY +MBaCFEVDRFNBIGNvbXByZXNzZWQga2V5MA0GCSqGSIb3DQEBCwUAA4IBAQCEmLt+ +eW36thd16Coscs4LYV8aFS6cyCw1dXUOAsDn8SH6zFkhidahgGY4cXdYeNpffYWZ +yL1ydfL5ce76Ye4liLY0N/3tvsMTdyvtMxzVrC27W7yxfh65tPGhQtZNbzWZPkUr +pBQ5w8pN9go/B/tCmflffzAXz5XOI2dRGxENfHV/6KTjn+ojbgWL2JmkbBuTSk7w +18s5ae+T7rUFPTxlN9vFoFyCf+mjHArRhIHBR1AiZ9/Q1XN44u7EWYbKkiJgki1Q +VBd4jvGz3GsH2DWMm1B1VqO0vddRNFDy7DtMO36VRz0k0k2ysOw1Y82XAniPboS7 +jC8uUGdh3iKWaOb5 +-----END CERTIFICATE----- diff --git a/deps/openssl/openssl/test/certs/server-cecdsa-key.pem b/deps/openssl/openssl/test/certs/server-cecdsa-key.pem new file mode 100644 index 00000000000000..ae157dfe71d154 --- /dev/null +++ b/deps/openssl/openssl/test/certs/server-cecdsa-key.pem @@ -0,0 +1,4 @@ +-----BEGIN EC PRIVATE KEY----- +MFcCAQEEIEyOTc8v2AjaRLgE6+oxbbmQOVbNec21ziVORF5fiQHuoAoGCCqGSM49 +AwEHoSQDIgAC4js03ETjze0nIgpPoo5AzlmV+uKCHXYERwfGfOm52BU= +-----END EC PRIVATE KEY----- diff --git a/deps/openssl/openssl/test/certs/server-dsa-cert.pem b/deps/openssl/openssl/test/certs/server-dsa-cert.pem new file mode 100644 index 00000000000000..0ea18949295e22 --- /dev/null +++ b/deps/openssl/openssl/test/certs/server-dsa-cert.pem @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFQzCCBCugAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE3MDIxNzE0MDgxOVoYDzIxMTcwMjE4MTQwODE5WjAVMRMwEQYDVQQD +DApTZXJ2ZXIgRFNBMIIDSDCCAjoGByqGSM44BAEwggItAoIBAQD+P3LcpaA+AYu9 +M1gSsHi8fixl7VPCsKK96oaH7/ZJqvOD0TdASkn+4Td8SPvkc+KG2bBbmp39FCxG +pa4d8CRLKVbIHAFtaKHIDFuMlPuFnsiaU0uWN/s3lROhAHWrTiODhehFM+NiPrAO +JmtXQURBoeQ07t4HoyKz7sUyTF2qotw1JDvBRb6JXw+13Z2a1iZGJopLZN3Ricvo +Hee3rYEsM5AHMS3cntYX2NhQUHjiQ451iL2OkFJtVeaUoX5JV6KYSzz4lzNlYwJf +F/Tzac/+l1aFA1NDbNFcQ1UC0JXscKeT/J2Wo8kRwpx042UKaayw5jkOv3GndgKC +OaCe29UrAiEAh8hMJV/kKTLolNr6kV87KV8eTaJfrnSRS2E3ToOhWH0CggEBAOd/ +YKl8svYqvJtThaOsmVETeXwEvz/MLqpj4hZr029Oqps7z6OmeZ2er7aldxC5+BKM +xCfPlhFo0iQ9XITp+J7UqS3qrRZqAnxMjd6VmEGXKWOoeAc0CpEzR1QNkjKodzgs +tQj5oYbiiPG0SgCtBV4I1b/IuKzkjcLxQaF+8Rob/lzLBwA6pFjZNa6FcDjthmtH +2pC+zI760sv05rbZGcXDj8G0SLsvbkrfiRIn/8LkgBpoTWpKfa8BmvYtt9WI/CYk +beQYIwM9sXUPwRSD1VONSg5bXTW3Sxmzy3Yfy9RYt+suMKzi78oSv81e5BoL1D2H +tfxSAFQbiJU3kipxvhsDggEGAAKCAQEArDidnkCegHb/itBTFeyGsebv+I8Z93V3 +jGcKPOs3s1wqB/+HRL5ERlhQOq/lfYPigUFKhfC8tlCVAM+MtUDqXCzqAkomw0yX +8oVkp9plswxHKlqjzKr6PWLOJGp/NDBAL1ZcUzHB1omvmkUHy9pYiapVVNUuUdL2 +Z5EvDze8jQoiR0k9zgMKiH+MyCfV0tLo8W8djFJPlIM9Ypa7DH4fazcEfRuzq1jv +K/uX4+HWmg3Nswdh5eysb++RqtJSUBtGT3tAQY59WjBf2nXMG0nkZGkT7TCJ6icv +NdbSl1AlAGMV/nZN3PFsFH17L8uMUYS7V5PWiqQTxe5COHqpGumo9KN5MHcwHQYD +VR0OBBYEFDrWNm+9we7UIIpUiKJ8aOrCviIUMB8GA1UdIwQYMBaAFHB/Lq6DaFmY +BCMqzes+F80k3QFJMAkGA1UdEwQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFQYD +VR0RBA4wDIIKU2VydmVyIERTQTANBgkqhkiG9w0BAQsFAAOCAQEAsKn2puy5BLfg +eVnxJiDOxYeHHB82GBZjzG4kmroWqP/yKGLQa0CWw/GNcP2zVNKZ12fzQJRRhiHd +MohKKSHJlmKwP/6qXhRConlIVzVHdAQHxIS6rr/hwctUpX1lFvxd7hUOnwyOlvvq +Qu0R8OIYZVmCdQuoM+nFek25TxUI160/6H7UhY4t2Y0iry+QjQCBLw/yHb2a3iQE +Ho84MDYGNWauDK/rohSRm/CzPSqfZaFyykwRRE47x4XOmtQPRZCIaHSA7LsNqJ42 +OJRAv3kePiW4XSWAbVJ8gRHRFg9wjrMV8zBL00durls1mZVNbh81I3Bdu62y0lY0 +L6LYw0U7GQ== +-----END CERTIFICATE----- diff --git a/deps/openssl/openssl/test/certs/server-dsa-key.pem b/deps/openssl/openssl/test/certs/server-dsa-key.pem new file mode 100644 index 00000000000000..fdd1da299c7749 --- /dev/null +++ b/deps/openssl/openssl/test/certs/server-dsa-key.pem @@ -0,0 +1,15 @@ +-----BEGIN PRIVATE KEY----- +MIICZQIBADCCAjoGByqGSM44BAEwggItAoIBAQD+P3LcpaA+AYu9M1gSsHi8fixl +7VPCsKK96oaH7/ZJqvOD0TdASkn+4Td8SPvkc+KG2bBbmp39FCxGpa4d8CRLKVbI +HAFtaKHIDFuMlPuFnsiaU0uWN/s3lROhAHWrTiODhehFM+NiPrAOJmtXQURBoeQ0 +7t4HoyKz7sUyTF2qotw1JDvBRb6JXw+13Z2a1iZGJopLZN3RicvoHee3rYEsM5AH +MS3cntYX2NhQUHjiQ451iL2OkFJtVeaUoX5JV6KYSzz4lzNlYwJfF/Tzac/+l1aF +A1NDbNFcQ1UC0JXscKeT/J2Wo8kRwpx042UKaayw5jkOv3GndgKCOaCe29UrAiEA +h8hMJV/kKTLolNr6kV87KV8eTaJfrnSRS2E3ToOhWH0CggEBAOd/YKl8svYqvJtT +haOsmVETeXwEvz/MLqpj4hZr029Oqps7z6OmeZ2er7aldxC5+BKMxCfPlhFo0iQ9 +XITp+J7UqS3qrRZqAnxMjd6VmEGXKWOoeAc0CpEzR1QNkjKodzgstQj5oYbiiPG0 +SgCtBV4I1b/IuKzkjcLxQaF+8Rob/lzLBwA6pFjZNa6FcDjthmtH2pC+zI760sv0 +5rbZGcXDj8G0SLsvbkrfiRIn/8LkgBpoTWpKfa8BmvYtt9WI/CYkbeQYIwM9sXUP +wRSD1VONSg5bXTW3Sxmzy3Yfy9RYt+suMKzi78oSv81e5BoL1D2HtfxSAFQbiJU3 +kipxvhsEIgIgFadGQ61c3i/D01zXhSsKyE0/BerqJmTrrlVK1o0ZFu8= +-----END PRIVATE KEY----- diff --git a/deps/openssl/openssl/test/certs/server-ecdsa-brainpoolP256r1-cert.pem b/deps/openssl/openssl/test/certs/server-ecdsa-brainpoolP256r1-cert.pem new file mode 100644 index 00000000000000..bb41f999074011 --- /dev/null +++ b/deps/openssl/openssl/test/certs/server-ecdsa-brainpoolP256r1-cert.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICgzCCAWugAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE4MTAyNDEzNDUwOFoYDzIxMTgxMDI1MTM0NTA4WjAsMSowKAYDVQQD +DCFTZXJ2ZXIgRUNEU0EgYnJhaW5wb29sUDI1NnIxIGNlcnQwWjAUBgcqhkjOPQIB +BgkrJAMDAggBAQcDQgAETYDLIgpvvoxSBJxB5apcNrTZ0vYpVyG18hDEOplqkyln +W7kekN9a83WtIwPRoSwhczgFg/MhvLZ/BHQJW2SU3qOBkTCBjjAdBgNVHQ4EFgQU +it8K0UIpDYE264JfNmQ/44H1WMUwHwYDVR0jBBgwFoAUcH8uroNoWZgEIyrN6z4X +zSTdAUkwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAsBgNVHREEJTAj +giFTZXJ2ZXIgRUNEU0EgYnJhaW5wb29sUDI1NnIxIGNlcnQwDQYJKoZIhvcNAQEL +BQADggEBAKCEUMQlB+M6crHe2zfGmQJnsEGzY4fJUFYdFfOM359dXR8Xs+JHF2XP +0BHJ64BHLzy+3eoa9w/B+/i6OVJo3VhCoCChcP+gnGzQVQy5Maxq55DlsVdpellS +Tml/BnLcqcZFAP63qEpcuZuC4CytZcHYCU+NLI/3JGzH1/xHxk4UgRTa2B7OhjXt +Ptl3vLaSqJXEmVeCP0hibhhiszs0zR14fJqmVn0V5MKC7twmG8CBlW03ksLjzzvn +m7WAy7q5WcFcAcrFR3zAPqcx4UQSS9FiwJ+OOZGqIasMk9i9zxqh0ic5M5ls7Qaf +roudyLLkkvDFkcb88RwYGKrdVFGDgF0= +-----END CERTIFICATE----- diff --git a/deps/openssl/openssl/test/certs/server-ecdsa-brainpoolP256r1-key.pem b/deps/openssl/openssl/test/certs/server-ecdsa-brainpoolP256r1-key.pem new file mode 100644 index 00000000000000..c9d233fa544b61 --- /dev/null +++ b/deps/openssl/openssl/test/certs/server-ecdsa-brainpoolP256r1-key.pem @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGIAgEAMBQGByqGSM49AgEGCSskAwMCCAEBBwRtMGsCAQEEIKZSRhbD6lGhKbIm +5JVgxnN8MHGB0whroUsSf0zmsAz+oUQDQgAETYDLIgpvvoxSBJxB5apcNrTZ0vYp +VyG18hDEOplqkylnW7kekN9a83WtIwPRoSwhczgFg/MhvLZ/BHQJW2SU3g== +-----END PRIVATE KEY----- diff --git a/deps/openssl/openssl/test/certs/server-ecdsa-cert.pem b/deps/openssl/openssl/test/certs/server-ecdsa-cert.pem new file mode 100644 index 00000000000000..e61026b50789e5 --- /dev/null +++ b/deps/openssl/openssl/test/certs/server-ecdsa-cert.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICYTCCAUmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE3MDExMjE0NDUwMVoYDzIxMTcwMTEzMTQ0NTAxWjAcMRowGAYDVQQD +DBFTZXJ2ZXIgRUNEU0EgY2VydDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOI7 +NNxE483tJyIKT6KOQM5Zlfrigh12BEcHxnzpudgVHYA4aL5D5JulYGFzL0LQ5Q55 +GpCub1V2j+AhyBMKPQqjgYAwfjAdBgNVHQ4EFgQUSDzlr0Ayx22BljPtY6YRLTes +qgwwHwYDVR0jBBgwFoAUcH8uroNoWZgEIyrN6z4XzSTdAUkwCQYDVR0TBAIwADAT +BgNVHSUEDDAKBggrBgEFBQcDATAcBgNVHREEFTATghFTZXJ2ZXIgRUNEU0EgY2Vy +dDANBgkqhkiG9w0BAQsFAAOCAQEAOJDgr1hRNuxW1D93yDWFwP1o2KuaI0BMZVFS +6rzzLThCo3FeS6X7DCrBP699PCYcKeyMDmQwg9mVMABSZzox2GBO3hoqtnUXjsK3 +Qxh+4O5EmIXX4v8szdSBP14O2c5krAk4lbVWxLHE78NAc8dL94VORndyTcmaXUTn +FQeBaRJjXto3okPvwYlczPS9sq0AhuBh5hwsLOYwpLf6/loPLjl40iwPQ+iqQ1EV +m0Sac3o+0qI0cKiz4nXgd4NkFvV3G8lwd0Um8KSS/EFuZbgJNKKD6+1+90sibM4a +Y/JiO6weK/VTlqCLn7zV9LcDT4gU18UCn85UV1XlVYKXZlaXYQ== +-----END CERTIFICATE----- diff --git a/deps/openssl/openssl/test/certs/server-ecdsa-key.pem b/deps/openssl/openssl/test/certs/server-ecdsa-key.pem new file mode 100644 index 00000000000000..b4d075db139ffd --- /dev/null +++ b/deps/openssl/openssl/test/certs/server-ecdsa-key.pem @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgTI5Nzy/YCNpEuATr +6jFtuZA5Vs15zbXOJU5EXl+JAe6hRANCAATiOzTcROPN7SciCk+ijkDOWZX64oId +dgRHB8Z86bnYFR2AOGi+Q+SbpWBhcy9C0OUOeRqQrm9Vdo/gIcgTCj0K +-----END PRIVATE KEY----- diff --git a/deps/openssl/openssl/test/certs/server-ed25519-cert.pem b/deps/openssl/openssl/test/certs/server-ed25519-cert.pem new file mode 100644 index 00000000000000..729ccfbd06f138 --- /dev/null +++ b/deps/openssl/openssl/test/certs/server-ed25519-cert.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICHTCCAQWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE3MDYxNDIzMzExOVoYDzIxMTcwNjE1MjMzMTE5WjASMRAwDgYDVQQD +DAdFZDI1NTE5MCowBQYDK2VwAyEACkEMj+SRLjZSth3SIrG013cyYVN9frrVnfbN +M2IqaT6jdjB0MB0GA1UdDgQWBBQqd22ipNHF0d+yJjFDgI/Jruq3rjAfBgNVHSME +GDAWgBRwfy6ug2hZmAQjKs3rPhfNJN0BSTAJBgNVHRMEAjAAMBMGA1UdJQQMMAoG +CCsGAQUFBwMBMBIGA1UdEQQLMAmCB0VkMjU1MTkwDQYJKoZIhvcNAQELBQADggEB +AIdNMPRa2sgUW/qtCBWxmi0iVRoazl5pjU35cRl/ahBpI4pL5+fDVYuBzSOgEh7W +6FUVix9mGvY9CK3ZkqrXCGRKeWnKrmdql5jrra5Qew43B+aZqa63639TGWqtm7Rk +rWT14P7gma4K9Ea8eiXcT5NJ8sT7D2BOL0sL2alUmRT+k3YDUxiih7AiTkpo7f2Q +x5l9f8qoRb6Skec+kuMQ4hIjBIe/3C+j4nqq9kDkJs8+VEaW7+7shSQzv0tnzBOl +v5ty89x7LYAbGKvZNi8Z3814AWBWbYTskF0kW2/f6aZDpt239llYDazdErU1dEsS +cc1gKHOG3zgz9wfih55M0dE= +-----END CERTIFICATE----- diff --git a/deps/openssl/openssl/test/certs/server-ed25519-key.pem b/deps/openssl/openssl/test/certs/server-ed25519-key.pem new file mode 100644 index 00000000000000..f9f150e0541c05 --- /dev/null +++ b/deps/openssl/openssl/test/certs/server-ed25519-key.pem @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEINa5/E1IzuSLg1rwoHxl1VV7BdcnmMeul9pvsvzKorjm +-----END PRIVATE KEY----- diff --git a/deps/openssl/openssl/test/certs/server-ed448-cert.pem b/deps/openssl/openssl/test/certs/server-ed448-cert.pem new file mode 100644 index 00000000000000..740f2755497738 --- /dev/null +++ b/deps/openssl/openssl/test/certs/server-ed448-cert.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICHTCCAQWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE4MDIyNzE1MDcxM1oYDzIxMTgwMjI4MTUwNzEzWjAQMQ4wDAYDVQQD +DAVFZDQ0ODBDMAUGAytlcQM6ABBicYlhG1s3AoG5BFmY3r50lJzjQoER4zwuieEe +QTvKxLEV06vGh79UWO6yQ5FxqmxvM1F/Xw7RAKNfMF0wHQYDVR0OBBYEFAwa1L4m +3pwA8+IEJ7K/4izrjJIHMB8GA1UdIwQYMBaAFHB/Lq6DaFmYBCMqzes+F80k3QFJ +MAkGA1UdEwQCMAAwEAYDVR0RBAkwB4IFRWQ0NDgwDQYJKoZIhvcNAQELBQADggEB +AAugH2aE6VvArnOVjKBtalqtHlx+NCC3+S65sdWc9A9sNgI1ZiN7dn76TKn5d0T7 +NqV8nY1rwQg6WPGrCD6Eh63qhotytqYIxltppb4MOUJcz/Zf0ZwhB5bUfwNB//Ih +5aZT86FpXVuyMnwUTWPcISJqpZiBv95yzZFMpniHFvecvV445ly4TFW5y6VURh40 +Tg4tMgjPTE7ADw+dX4FvnTWY3blxT1GzGxGvqWW4HgP8dOETnjmAwCzN0nUVmH9s +7ybHORcSljcpe0XH6L/K7mbI+r8mVLsAoIzUeDwUdKKJZ2uGEtdhQDmJBp4EjOXE +3qIn3wEQQ6ax4NIwkZihdLI= +-----END CERTIFICATE----- diff --git a/deps/openssl/openssl/test/certs/server-ed448-key.pem b/deps/openssl/openssl/test/certs/server-ed448-key.pem new file mode 100644 index 00000000000000..25a750fec806d3 --- /dev/null +++ b/deps/openssl/openssl/test/certs/server-ed448-key.pem @@ -0,0 +1,4 @@ +-----BEGIN PRIVATE KEY----- +MEcCAQAwBQYDK2VxBDsEOTiHqANC9pFHbs8VAeqZ52cwKi0jPTSM5GjsKW4vbgG6 +BMFSdURqGj2FD02H7xsyrR20pIXI1GbE+A== +-----END PRIVATE KEY----- diff --git a/deps/openssl/openssl/test/certs/server-pss-cert.pem b/deps/openssl/openssl/test/certs/server-pss-cert.pem new file mode 100644 index 00000000000000..5777c4d29666ba --- /dev/null +++ b/deps/openssl/openssl/test/certs/server-pss-cert.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDGzCCAgOgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE3MDkxNDEyNTg0MVoYDzIxMTcwOTE1MTI1ODQxWjAVMRMwEQYDVQQD +DApSU0FTU0EtUFNTMIIBIDALBgkqhkiG9w0BAQoDggEPADCCAQoCggEBAJzIk36B +urRLuRWsMHUzcmoNDYEZw4VMN0ZNVGUYj7RJtCP6wKBcQEkHu667J3XGxUm3RHT8 +EBv2R+XKcVX+VOc8SSb5+k1/QCHXF1qamNFan7wtYjgbAXiA0/Wg9ydlhfwj5gp4 +n5168Lc/DnkFBdyMSylNOESUvtKyu811l+ecakeidUbUnLGF2XbqyK1WKp18t1n1 +rJYi/+oMm8xoJPMtWjoC2zit3wT1k8+9lClxWZFhLmDFy0lmT8FAVvMOk4Y/E+2e +Q0sRrV+REsfyFEoytmoGKlwO9z2gK5n3WaJx+Y15EykMG6CsjBp84iCiFkd6LOND +nXQBBLAvmg1Ci8UCAwEAAaN5MHcwHQYDVR0OBBYEFG+1oaEnl3Bs6E2vHFdWwUY0 +qdlhMB8GA1UdIwQYMBaAFHB/Lq6DaFmYBCMqzes+F80k3QFJMAkGA1UdEwQCMAAw +EwYDVR0lBAwwCgYIKwYBBQUHAwEwFQYDVR0RBA4wDIIKUlNBU1NBLVBTUzANBgkq +hkiG9w0BAQsFAAOCAQEAh1MrKKwdpsjT7Q+gfyAXQRgwBz15m08eZip7rznzieE0 ++PuXaGQT9jOEmSKTtEHd07mJ0YMijdGvItrZaodUV0rscdCFd4lUe4uctirjVMIU +OKALZ7HsobWvKWnob2GRQJ/vTB7plUeclFhX1FskiG7kh50cMeeL2Oy7Oy4csf7e +2ab5q1dYri1Yk7HSi/XXGwomvWz8jGqUS9UGJrQQENrogg5Ue315u32lbR+N7gTB +7w3KirvpP+wzJgiTqMJ9BuGo8vSoXA3qrmBaYS/FQ7x4gQ86Jb0oLRuTiyniWC/v +A4exY19iM/j6/IQWM4IY7iuNAU3DMGdXOHkuxryizA== +-----END CERTIFICATE----- diff --git a/deps/openssl/openssl/test/certs/server-pss-key.pem b/deps/openssl/openssl/test/certs/server-pss-key.pem new file mode 100644 index 00000000000000..6b2d8cc7a28707 --- /dev/null +++ b/deps/openssl/openssl/test/certs/server-pss-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADALBgkqhkiG9w0BAQoEggSoMIIEpAIBAAKCAQEAnMiTfoG6tEu5Faww +dTNyag0NgRnDhUw3Rk1UZRiPtEm0I/rAoFxASQe7rrsndcbFSbdEdPwQG/ZH5cpx +Vf5U5zxJJvn6TX9AIdcXWpqY0VqfvC1iOBsBeIDT9aD3J2WF/CPmCnifnXrwtz8O +eQUF3IxLKU04RJS+0rK7zXWX55xqR6J1RtScsYXZdurIrVYqnXy3WfWsliL/6gyb +zGgk8y1aOgLbOK3fBPWTz72UKXFZkWEuYMXLSWZPwUBW8w6Thj8T7Z5DSxGtX5ES +x/IUSjK2agYqXA73PaArmfdZonH5jXkTKQwboKyMGnziIKIWR3os40OddAEEsC+a +DUKLxQIDAQABAoIBAAGf1l9eKrgJfM5rrUjZkprkrbojsTHlW0FANdqiSYLdrJ8e +zvYaXpQjH1+tEriWqZ6c5nmrzuLrR01rLodsjiajKkLcHirFYb24A8btiR3KKZOC +iNz58qbz9r45v7XJyHyXRp/fJhA0oN/VKGo6khf54CF6alXTkLKQJX/4cu10XkJd +lknXMiQsGBzt7WezRzqzbJsMSjhSPBowmapDRYqALIlINY96f3QUALiKh0WwkbEB +MU71Hharv9+jwpu58NcGXHvNfqQYUU6QTXiOKTxt71VChO6lefazaTrCYan9Zpx/ +6rofVqkpZUebNI1gVa/FbzGaMhQYlMWEhvk+sZUCgYEAzftGwnoHbMoyXbw30bAJ +MMEvc892o2qJPPnHJMwKIHDVEnY026c/TO5FSGhKcv9CPKe6bcdA6CtPjSGA484z +ErLo9GfWigN4jVkn3eYKUKFn0+tQ4HKYoPZrBApQ9pm25/KpPSIsVJ6iuEN72CZU +MM1y8NgCF2IlAvi04org8e8CgYEAwtrufdryJHQ+o69fhCMfYe1mCCuGeaueIEfa +ccZUSfe1A7p5mqSjYTw4GW6E64uELUkVGkZpuVj3Qwr2BmCY7u4Hgp5Lg+WWVZt7 +qvHhDnb19ITL1nrXAKBr2XPlkUSnPJ+Dl20F8ErIb4zsnq7xH+AoDIZldh/wCflY +mW7mwYsCgYEAxKs8vocg+8B7IoCJk05PGBv8IMlfb1xTOMMMX5fpu1vANWZjxa4E +hIGj6SSaoP4T0jIbkKGE2agwxoHMvLWukhX80w8qCpCR0/PiWr4/7wiNSAwQJp2E +GXvuZecrsqjFuOU6rcIpLYphtynH33OJQyeGrWqxZH4y9IlevEb5zEUCgYEAudis +PVeVOdWxZNdAp7wEE5ekiEhTMzrPT4SYwYljHUVn3Y1+rFM5DOWtr/vsROhFghfB +S9U6wzAqbURIER8S3lgiy58E8WEJeM8aLZoTiINH5Ra/f+qbpBpdowJaQ6qSQ0z0 +6nluf5gkAdkMWfELQ9a8++03WmntvOWYbocLCi8CgYASTpxnjl62YY201mIkVAKC +b6XK+RQS2ZohTintLqzePwKR3XJrlwAz9smyMqUTFklkmrc6XQABVfnpZOnOZEdV +kzsvLmQin9a9Mr6n1WYz9YQDuS2wY0NAbCzy61YYXO9IdNyQTWolWLmyzwpUXP/D +T28vNzPfGv4WW1OjDtFmQg== +-----END PRIVATE KEY----- diff --git a/deps/openssl/openssl/test/certs/setup.sh b/deps/openssl/openssl/test/certs/setup.sh index 018e5fc69095d2..53d4a807a7fb79 100755 --- a/deps/openssl/openssl/test/certs/setup.sh +++ b/deps/openssl/openssl/test/certs/setup.sh @@ -357,3 +357,15 @@ REQMASK=MASK:0x800 ./mkcert.sh req badalt7-key "O = Bad NC Test Certificate 7" \ "DNS.1 = www.ok.good.com" "DNS.2 = bad.ok.good.com" \ "email.1 = good@good.org" "email.2 = any@good.com" \ "IP = 127.0.0.1" "IP = 192.168.0.1" + +# RSA-PSS signatures +# SHA1 +./mkcert.sh genee PSS-SHA1 ee-key ee-pss-sha1-cert ca-key ca-cert \ + -sha1 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:digest +# SHA256 +./mkcert.sh genee PSS-SHA256 ee-key ee-pss-sha256-cert ca-key ca-cert \ + -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:digest + +OPENSSL_KEYALG=ec OPENSSL_KEYBITS=brainpoolP256r1 ./mkcert.sh genee \ + "Server ECDSA brainpoolP256r1 cert" server-ecdsa-brainpoolP256r1-key \ + server-ecdsa-brainpoolP256r1-cert rootkey rootcert diff --git a/deps/openssl/openssl/test/certs/x509-check-key.pem b/deps/openssl/openssl/test/certs/x509-check-key.pem new file mode 100644 index 00000000000000..20888d0437dd89 --- /dev/null +++ b/deps/openssl/openssl/test/certs/x509-check-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCd6jpgFiM/ZW6d +CJlEIxmKk7rH7MRL93wW32o5duTwtT1cs/y+ylfey0l5tYBzGMxjUPNeYGTBqiuz +6ueVyMvbe3wymXPp+zzoaq3if3Jycb+1gurSyiQpF6T1PLmfJDgQQT0XnI7qRwHI +5FJTvKM9mpv3iKohBseT/a8yfdk27zFYrSMZjfaqZc+0a18bHi/SgNN36Lj+vnPc +s2DzS8ymBJ10Zq6icy6xL30sHDKPOKKrD8+EJ6suUm5CpLL4N6jPOmk9Dj7XQv2Y +woX2S0Ys6dFpHuGBJ1NngBW/0Zm9oseDOxxqplPGIYa8nN7BIrTwAJEhkmKTEi9P +8APIi6DVAgMBAAECggEAMWkKnuoOWVXJiIUaP8GjykJzHP8uZH6paxa4zAYxmEd9 +TbZbjO8PE30UHmr2KA1IVoMLwynyHM68Ie2MTMepUaGPuN1e8YVVB3vpsIckLj79 +NzQheZcaPWlSihFYGz1f9WYUUYEBDrjtDAi04dKSWUI5LviqEu9mHx4vZWMPRiqP +mrtp3CH34ViJL4v4TtvEeuOvLf4mYpfWe1Il7U2eYSqcxO0lCwk7nd/JCzpPWA7C +TQZSTtp5AQ4OT7LPFZIgs/87Qi8fuEEvN+6rt07r0j6/gPOVa2xoj4a7MJYsxi9O +s1xA8Q+xjUEnjHth1MLCrmHYbJuWptIqgPTkVvB2OQKBgQDSAywBvs7PDdt+BLTc +6J4g/gOL/17ATysmhUGJ6VxrNulViLtiFeyf3p4vj/fSa2y4ZnP/hHovzfces1Bd +6YXtPGIuRNOnVdlYx2Y/OGrw0baxRAIW8D6Z4ms1n8hesGssteKZeaT4ojIPpJS1 +c1UtextX5OBLYaiFxwTb1Q6bAwKBgQDAfpbrlBN4936glc5uFmKNvFfNB8P30+Bk +DFtth5TMsCL406aUlIl4lkBrXAgUTndRai2cWYD9ffsXQmm+yx1q5kO6akeAaueq +WMo3ViZnxK8Fe4oF4M9OoaEQRcVmV5jFMKH9S268B8/x96lNh/i7M58nB5AeNDlV +AMyHW2vhRwKBgAxduXKk3KKei0UhW9ECNYV1z5mnwNmMD9tlz1Uik5mQky7BLV96 +MQO85Q2h6ZLPVoiJJ91s3JECDMIXBu1wub0daB6XWOsqh/DNVPz2An4JqztG6OSW +4ujGx09SCEdjFfx8/UnSOt+VFWOMamFA2EwkSpjjVj26E2VFMckMA58nAoGADabs +vTh7SREEgg8d3ODpjHPXJktuspzsRSw7L8F15C55zHv2TINcXJkLaJHWYNpPzA5j +vbr7Uv8kV7n2FfoB1BsQop/3AjySwZoafWI2xxVD9HeWimQvT7xW1/iaz29W/mU8 +l+JJsDw9m0OdVkpWcbBvkS0QI5RAnK650r/BHvECgYB6s9Qp5osOCdtPli7MYyD6 +mw+61DSgThUgKa7j96NG2ToYeNWTdf2Fd4Xa7s6MWryaGY+IMSRga24CM+WvaaAL +iGZLY8dfpM/yDr0pva4WF66ARajDhNx1wvOBQJpHnldX0G4gYczIsIWgUhzo4eH8 +37OzKradFq+avGmtCBeV8A== +-----END PRIVATE KEY----- diff --git a/deps/openssl/openssl/test/certs/x509-check.csr b/deps/openssl/openssl/test/certs/x509-check.csr new file mode 100644 index 00000000000000..179d05a0adb53d --- /dev/null +++ b/deps/openssl/openssl/test/certs/x509-check.csr @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICXzCCAUcCAQAwGjEYMBYGA1UEAwwPeDUwOS1jaGVjay10ZXN0MIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAneo6YBYjP2VunQiZRCMZipO6x+zES/d8 +Ft9qOXbk8LU9XLP8vspX3stJebWAcxjMY1DzXmBkwaors+rnlcjL23t8Mplz6fs8 +6Gqt4n9ycnG/tYLq0sokKRek9Ty5nyQ4EEE9F5yO6kcByORSU7yjPZqb94iqIQbH +k/2vMn3ZNu8xWK0jGY32qmXPtGtfGx4v0oDTd+i4/r5z3LNg80vMpgSddGauonMu +sS99LBwyjziiqw/PhCerLlJuQqSy+DeozzppPQ4+10L9mMKF9ktGLOnRaR7hgSdT +Z4AVv9GZvaLHgzscaqZTxiGGvJzewSK08ACRIZJikxIvT/ADyIug1QIDAQABoAAw +DQYJKoZIhvcNAQELBQADggEBABN+XkwFoyyN1+b5SYhUzdQFj0ZfhzNxiMXOFR/n +ww0gW7KCAhZd90aPBtQjEORzsCUX2xhllglXaojw+wOaEMaJDMDzojJelan1TEWJ +Vyvklj8OBoH25ur5Y8iWrnMivkb4hU1Mrd4QxF697FVVTniwVyUy8Xfn6D44vEII +gyCUk/jCD6MAD6/hBaexetqrbUQyVrtPewYgXrJokRDGDzFlG3jcXvl3CV2iib2X +hAbiaAJmlgZwIMeu/60YgJoIWwilG7dYq9hvcpyfQhYXa9BbOz62WRsLvT0Ewue9 +81kzAkwhfvGauPh/yjP+6K5HY09KdOtg30xtwUtT4IU5yHQ= +-----END CERTIFICATE REQUEST----- diff --git a/deps/openssl/openssl/test/cipherlist_test.c b/deps/openssl/openssl/test/cipherlist_test.c index d6556e05375900..5023c1c4875fa4 100644 --- a/deps/openssl/openssl/test/cipherlist_test.c +++ b/deps/openssl/openssl/test/cipherlist_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL licenses, (the "License"); * you may not use this file except in compliance with the License. @@ -9,6 +9,7 @@ */ #include +#include #include #include @@ -17,7 +18,7 @@ #include #include -#include "e_os.h" +#include "internal/nelem.h" #include "testutil.h" typedef struct cipherlist_test_fixture { @@ -27,13 +28,28 @@ typedef struct cipherlist_test_fixture { } CIPHERLIST_TEST_FIXTURE; -static CIPHERLIST_TEST_FIXTURE set_up(const char *const test_case_name) +static void tear_down(CIPHERLIST_TEST_FIXTURE *fixture) { - CIPHERLIST_TEST_FIXTURE fixture; - fixture.test_case_name = test_case_name; - fixture.server = SSL_CTX_new(TLS_server_method()); - fixture.client = SSL_CTX_new(TLS_client_method()); - OPENSSL_assert(fixture.client != NULL && fixture.server != NULL); + if (fixture != NULL) { + SSL_CTX_free(fixture->server); + SSL_CTX_free(fixture->client); + fixture->server = fixture->client = NULL; + OPENSSL_free(fixture); + } +} + +static CIPHERLIST_TEST_FIXTURE *set_up(const char *const test_case_name) +{ + CIPHERLIST_TEST_FIXTURE *fixture; + + if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture)))) + return NULL; + fixture->test_case_name = test_case_name; + if (!TEST_ptr(fixture->server = SSL_CTX_new(TLS_server_method())) + || !TEST_ptr(fixture->client = SSL_CTX_new(TLS_client_method()))) { + tear_down(fixture); + return NULL; + } return fixture; } @@ -47,6 +63,13 @@ static CIPHERLIST_TEST_FIXTURE set_up(const char *const test_case_name) * are currently broken and should be considered mission impossible in libssl. */ static const uint32_t default_ciphers_in_order[] = { +#ifndef OPENSSL_NO_TLS1_3 + TLS1_3_CK_AES_256_GCM_SHA384, +# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) + TLS1_3_CK_CHACHA20_POLY1305_SHA256, +# endif + TLS1_3_CK_AES_128_GCM_SHA256, +#endif #ifndef OPENSSL_NO_TLS1_2 # ifndef OPENSSL_NO_EC TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, @@ -56,7 +79,7 @@ static const uint32_t default_ciphers_in_order[] = { TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, # endif -# if !defined OPENSSL_NO_CHACHA && !defined OPENSSL_NO_POLY1305 +# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) # ifndef OPENSSL_NO_EC TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305, @@ -89,58 +112,63 @@ static const uint32_t default_ciphers_in_order[] = { # endif #endif /* !OPENSSL_NO_TLS1_2 */ -#ifndef OPENSSL_NO_EC +#if !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3) + /* These won't be usable if TLSv1.3 is available but TLSv1.2 isn't */ +# ifndef OPENSSL_NO_EC TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, -#endif -#ifndef OPENSSL_NO_DH +# endif + #ifndef OPENSSL_NO_DH TLS1_CK_DHE_RSA_WITH_AES_256_SHA, -#endif -#ifndef OPENSSL_NO_EC +# endif +# ifndef OPENSSL_NO_EC TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, -#endif -#ifndef OPENSSL_NO_DH +# endif +# ifndef OPENSSL_NO_DH TLS1_CK_DHE_RSA_WITH_AES_128_SHA, -#endif +# endif +#endif /* !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3) */ #ifndef OPENSSL_NO_TLS1_2 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, +#endif +#ifndef OPENSSL_NO_TLS1_2 TLS1_CK_RSA_WITH_AES_256_SHA256, TLS1_CK_RSA_WITH_AES_128_SHA256, #endif - +#if !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3) + /* These won't be usable if TLSv1.3 is available but TLSv1.2 isn't */ TLS1_CK_RSA_WITH_AES_256_SHA, TLS1_CK_RSA_WITH_AES_128_SHA, +#endif }; static int test_default_cipherlist(SSL_CTX *ctx) { - STACK_OF(SSL_CIPHER) *ciphers; - SSL *ssl; + STACK_OF(SSL_CIPHER) *ciphers = NULL; + SSL *ssl = NULL; int i, ret = 0, num_expected_ciphers, num_ciphers; uint32_t expected_cipher_id, cipher_id; - ssl = SSL_new(ctx); - OPENSSL_assert(ssl != NULL); + if (ctx == NULL) + return 0; + + if (!TEST_ptr(ssl = SSL_new(ctx)) + || !TEST_ptr(ciphers = SSL_get1_supported_ciphers(ssl))) + goto err; - ciphers = SSL_get1_supported_ciphers(ssl); - OPENSSL_assert(ciphers != NULL); num_expected_ciphers = OSSL_NELEM(default_ciphers_in_order); num_ciphers = sk_SSL_CIPHER_num(ciphers); - if (num_ciphers != num_expected_ciphers) { - fprintf(stderr, "Expected %d supported ciphers, got %d.\n", - num_expected_ciphers, num_ciphers); + if (!TEST_int_eq(num_ciphers, num_expected_ciphers)) goto err; - } for (i = 0; i < num_ciphers; i++) { expected_cipher_id = default_ciphers_in_order[i]; cipher_id = SSL_CIPHER_get_id(sk_SSL_CIPHER_value(ciphers, i)); - if (cipher_id != expected_cipher_id) { - fprintf(stderr, "Wrong cipher at position %d: expected %x, " - "got %x\n", i, expected_cipher_id, cipher_id); + if (!TEST_int_eq(cipher_id, expected_cipher_id)) { + TEST_info("Wrong cipher at position %d", i); goto err; } } @@ -153,17 +181,11 @@ static int test_default_cipherlist(SSL_CTX *ctx) return ret; } -static int execute_test(CIPHERLIST_TEST_FIXTURE fixture) +static int execute_test(CIPHERLIST_TEST_FIXTURE *fixture) { - return test_default_cipherlist(fixture.server) - && test_default_cipherlist(fixture.client); -} - -static void tear_down(CIPHERLIST_TEST_FIXTURE fixture) -{ - SSL_CTX_free(fixture.server); - SSL_CTX_free(fixture.client); - ERR_print_errors_fp(stderr); + return fixture != NULL + && test_default_cipherlist(fixture->server) + && test_default_cipherlist(fixture->client); } #define SETUP_CIPHERLIST_TEST_FIXTURE() \ @@ -172,28 +194,30 @@ static void tear_down(CIPHERLIST_TEST_FIXTURE fixture) #define EXECUTE_CIPHERLIST_TEST() \ EXECUTE_TEST(execute_test, tear_down) -static int test_default_cipherlist_implicit() +static int test_default_cipherlist_implicit(void) { SETUP_CIPHERLIST_TEST_FIXTURE(); + if (fixture == NULL) + return 0; EXECUTE_CIPHERLIST_TEST(); + return result; } -static int test_default_cipherlist_explicit() +static int test_default_cipherlist_explicit(void) { SETUP_CIPHERLIST_TEST_FIXTURE(); - OPENSSL_assert(SSL_CTX_set_cipher_list(fixture.server, "DEFAULT")); - OPENSSL_assert(SSL_CTX_set_cipher_list(fixture.client, "DEFAULT")); + if (fixture == NULL) + return 0; + if (!TEST_true(SSL_CTX_set_cipher_list(fixture->server, "DEFAULT")) + || !TEST_true(SSL_CTX_set_cipher_list(fixture->client, "DEFAULT"))) + tear_down(fixture); EXECUTE_CIPHERLIST_TEST(); + return result; } -int main(int argc, char **argv) +int setup_tests(void) { - int result = 0; - ADD_TEST(test_default_cipherlist_implicit); ADD_TEST(test_default_cipherlist_explicit); - - result = run_tests(argv[0]); - - return result; + return 1; } diff --git a/deps/openssl/openssl/test/clienthellotest.c b/deps/openssl/openssl/test/clienthellotest.c index 38a7637586a2e8..10e3b1b1b17240 100644 --- a/deps/openssl/openssl/test/clienthellotest.c +++ b/deps/openssl/openssl/test/clienthellotest.c @@ -15,133 +15,236 @@ #include #include #include +#include #include "../ssl/packet_locl.h" -#define CLIENT_VERSION_LEN 2 +#include "testutil.h" +#define CLIENT_VERSION_LEN 2 -#define TOTAL_NUM_TESTS 1 +#define TOTAL_NUM_TESTS 4 /* * Test that explicitly setting ticket data results in it appearing in the * ClientHello for a negotiated SSL/TLS version */ #define TEST_SET_SESSION_TICK_DATA_VER_NEG 0 +/* Enable padding and make sure ClientHello is long enough to require it */ +#define TEST_ADD_PADDING 1 +/* Enable padding and make sure ClientHello is short enough to not need it */ +#define TEST_PADDING_NOT_NEEDED 2 +/* + * Enable padding and add a PSK to the ClientHello (this will also ensure the + * ClientHello is long enough to need padding) + */ +#define TEST_ADD_PADDING_AND_PSK 3 + +#define F5_WORKAROUND_MIN_MSG_LEN 0x7f +#define F5_WORKAROUND_MAX_MSG_LEN 0x200 -int main(int argc, char *argv[]) +static const char *sessionfile = NULL; +/* Dummy ALPN protocols used to pad out the size of the ClientHello */ +static const char alpn_prots[] = + "0123456789012345678901234567890123456789012345678901234567890123456789" + "0123456789012345678901234567890123456789012345678901234567890123456789" + "01234567890123456789"; + +static int test_client_hello(int currtest) { - SSL_CTX *ctx = NULL; + SSL_CTX *ctx; SSL *con = NULL; BIO *rbio; BIO *wbio; - BIO *err; long len; unsigned char *data; - PACKET pkt, pkt2, pkt3; + PACKET pkt = {0}, pkt2 = {0}, pkt3 = {0}; char *dummytick = "Hello World!"; - unsigned int type; + unsigned int type = 0; int testresult = 0; - int currtest = 0; - - err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); + size_t msglen; + BIO *sessbio = NULL; + SSL_SESSION *sess = NULL; - CRYPTO_set_mem_debug(1); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); +#ifdef OPENSSL_NO_TLS1_3 + if (currtest == TEST_ADD_PADDING_AND_PSK) + return 1; +#endif /* * For each test set up an SSL_CTX and SSL and see what ClientHello gets * produced when we try to connect */ - for (; currtest < TOTAL_NUM_TESTS; currtest++) { - testresult = 0; - ctx = SSL_CTX_new(TLS_method()); - if (!SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION)) + ctx = SSL_CTX_new(TLS_method()); + if (!TEST_ptr(ctx)) + goto end; + if (!TEST_true(SSL_CTX_set_max_proto_version(ctx, TLS_MAX_VERSION))) + goto end; + + switch(currtest) { + case TEST_SET_SESSION_TICK_DATA_VER_NEG: +#if !defined(OPENSSL_NO_TLS1_3) && defined(OPENSSL_NO_TLS1_2) + /* TLSv1.3 is enabled and TLSv1.2 is disabled so can't do this test */ + return 1; +#else + /* Testing for session tickets <= TLS1.2; not relevant for 1.3 */ + if (!TEST_true(SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION))) goto end; - con = SSL_new(ctx); - - rbio = BIO_new(BIO_s_mem()); - wbio = BIO_new(BIO_s_mem()); - SSL_set_bio(con, rbio, wbio); - SSL_set_connect_state(con); - - if (currtest == TEST_SET_SESSION_TICK_DATA_VER_NEG) { - if (!SSL_set_session_ticket_ext(con, dummytick, strlen(dummytick))) +#endif + break; + + case TEST_ADD_PADDING_AND_PSK: + /* + * In this case we're doing TLSv1.3 and we're sending a PSK so the + * ClientHello is already going to be quite long. To avoid getting one + * that is too long for this test we use a restricted ciphersuite list + */ + if (!TEST_true(SSL_CTX_set_cipher_list(ctx, ""))) + goto end; + /* Fall through */ + case TEST_ADD_PADDING: + case TEST_PADDING_NOT_NEEDED: + SSL_CTX_set_options(ctx, SSL_OP_TLSEXT_PADDING); + /* Make sure we get a consistent size across TLS versions */ + SSL_CTX_clear_options(ctx, SSL_OP_ENABLE_MIDDLEBOX_COMPAT); + /* + * Add some dummy ALPN protocols so that the ClientHello is at least + * F5_WORKAROUND_MIN_MSG_LEN bytes long - meaning padding will be + * needed. + */ + if (currtest == TEST_ADD_PADDING) { + if (!TEST_false(SSL_CTX_set_alpn_protos(ctx, + (unsigned char *)alpn_prots, + sizeof(alpn_prots) - 1))) goto end; - } - - if (SSL_connect(con) > 0) { - /* This shouldn't succeed because we don't have a server! */ + /* + * Otherwise we need to make sure we have a small enough message to + * not need padding. + */ + } else if (!TEST_true(SSL_CTX_set_cipher_list(ctx, + "AES128-SHA")) + || !TEST_true(SSL_CTX_set_ciphersuites(ctx, + "TLS_AES_128_GCM_SHA256"))) { goto end; } + break; - len = BIO_get_mem_data(wbio, (char **)&data); - if (!PACKET_buf_init(&pkt, data, len)) - goto end; + default: + goto end; + } - /* Skip the record header */ - if (!PACKET_forward(&pkt, SSL3_RT_HEADER_LENGTH)) - goto end; + con = SSL_new(ctx); + if (!TEST_ptr(con)) + goto end; - /* Skip the handshake message header */ - if (!PACKET_forward(&pkt, SSL3_HM_HEADER_LENGTH)) + if (currtest == TEST_ADD_PADDING_AND_PSK) { + sessbio = BIO_new_file(sessionfile, "r"); + if (!TEST_ptr(sessbio)) { + TEST_info("Unable to open session.pem"); goto end; - - /* Skip client version and random */ - if (!PACKET_forward(&pkt, CLIENT_VERSION_LEN + SSL3_RANDOM_SIZE)) + } + sess = PEM_read_bio_SSL_SESSION(sessbio, NULL, NULL, NULL); + if (!TEST_ptr(sess)) { + TEST_info("Unable to load SSL_SESSION"); goto end; - - /* Skip session id */ - if (!PACKET_get_length_prefixed_1(&pkt, &pkt2)) + } + /* + * We reset the creation time so that we don't discard the session as + * too old. + */ + if (!TEST_true(SSL_SESSION_set_time(sess, (long)time(NULL))) + || !TEST_true(SSL_set_session(con, sess))) goto end; + } - /* Skip ciphers */ - if (!PACKET_get_length_prefixed_2(&pkt, &pkt2)) - goto end; + rbio = BIO_new(BIO_s_mem()); + wbio = BIO_new(BIO_s_mem()); + if (!TEST_ptr(rbio)|| !TEST_ptr(wbio)) { + BIO_free(rbio); + BIO_free(wbio); + goto end; + } - /* Skip compression */ - if (!PACKET_get_length_prefixed_1(&pkt, &pkt2)) - goto end; + SSL_set_bio(con, rbio, wbio); + SSL_set_connect_state(con); - /* Extensions len */ - if (!PACKET_as_length_prefixed_2(&pkt, &pkt2)) + if (currtest == TEST_SET_SESSION_TICK_DATA_VER_NEG) { + if (!TEST_true(SSL_set_session_ticket_ext(con, dummytick, + strlen(dummytick)))) goto end; + } - /* Loop through all extensions */ - while (PACKET_remaining(&pkt2)) { + if (!TEST_int_le(SSL_connect(con), 0)) { + /* This shouldn't succeed because we don't have a server! */ + goto end; + } - if (!PACKET_get_net_2(&pkt2, &type) || - !PACKET_get_length_prefixed_2(&pkt2, &pkt3)) - goto end; + len = BIO_get_mem_data(wbio, (char **)&data); + if (!TEST_true(PACKET_buf_init(&pkt, data, len)) + /* Skip the record header */ + || !PACKET_forward(&pkt, SSL3_RT_HEADER_LENGTH)) + goto end; + + msglen = PACKET_remaining(&pkt); + + /* Skip the handshake message header */ + if (!TEST_true(PACKET_forward(&pkt, SSL3_HM_HEADER_LENGTH)) + /* Skip client version and random */ + || !TEST_true(PACKET_forward(&pkt, CLIENT_VERSION_LEN + + SSL3_RANDOM_SIZE)) + /* Skip session id */ + || !TEST_true(PACKET_get_length_prefixed_1(&pkt, &pkt2)) + /* Skip ciphers */ + || !TEST_true(PACKET_get_length_prefixed_2(&pkt, &pkt2)) + /* Skip compression */ + || !TEST_true(PACKET_get_length_prefixed_1(&pkt, &pkt2)) + /* Extensions len */ + || !TEST_true(PACKET_as_length_prefixed_2(&pkt, &pkt2))) + goto end; + + /* Loop through all extensions */ + while (PACKET_remaining(&pkt2)) { + + if (!TEST_true(PACKET_get_net_2(&pkt2, &type)) + || !TEST_true(PACKET_get_length_prefixed_2(&pkt2, &pkt3))) + goto end; - if (type == TLSEXT_TYPE_session_ticket) { - if (currtest == TEST_SET_SESSION_TICK_DATA_VER_NEG) { - if (PACKET_equal(&pkt3, dummytick, strlen(dummytick))) { - /* Ticket data is as we expected */ - testresult = 1; - } else { - printf("Received session ticket is not as expected\n"); - } - break; + if (type == TLSEXT_TYPE_session_ticket) { + if (currtest == TEST_SET_SESSION_TICK_DATA_VER_NEG) { + if (TEST_true(PACKET_equal(&pkt3, dummytick, + strlen(dummytick)))) { + /* Ticket data is as we expected */ + testresult = 1; } + goto end; } - } - - end: - SSL_free(con); - SSL_CTX_free(ctx); - if (!testresult) { - printf("ClientHello test: FAILED (Test %d)\n", currtest); - break; + if (type == TLSEXT_TYPE_padding) { + if (!TEST_false(currtest == TEST_PADDING_NOT_NEEDED)) + goto end; + else if (TEST_true(currtest == TEST_ADD_PADDING + || currtest == TEST_ADD_PADDING_AND_PSK)) + testresult = TEST_true(msglen == F5_WORKAROUND_MAX_MSG_LEN); } } -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - if (CRYPTO_mem_leaks(err) <= 0) - testresult = 0; -#endif - BIO_free(err); + if (currtest == TEST_PADDING_NOT_NEEDED) + testresult = 1; + +end: + SSL_free(con); + SSL_CTX_free(ctx); + SSL_SESSION_free(sess); + BIO_free(sessbio); + + return testresult; +} + +int setup_tests(void) +{ + if (!TEST_ptr(sessionfile = test_get_argument(0))) + return 0; - return testresult?0:1; + ADD_ALL_TESTS(test_client_hello, TOTAL_NUM_TESTS); + return 1; } diff --git a/deps/openssl/openssl/test/constant_time_test.c b/deps/openssl/openssl/test/constant_time_test.c index 3ee6a81d463a91..e5e3e497c09945 100644 --- a/deps/openssl/openssl/test/constant_time_test.c +++ b/deps/openssl/openssl/test/constant_time_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,33 +7,66 @@ * https://www.openssl.org/source/license.html */ -#include "internal/constant_time_locl.h" -#include "e_os.h" - -#include #include #include +#include "internal/nelem.h" +#include "internal/constant_time_locl.h" +#include "testutil.h" +#include "internal/numbers.h" + static const unsigned int CONSTTIME_TRUE = (unsigned)(~0); static const unsigned int CONSTTIME_FALSE = 0; static const unsigned char CONSTTIME_TRUE_8 = 0xff; static const unsigned char CONSTTIME_FALSE_8 = 0; +static const size_t CONSTTIME_TRUE_S = ~((size_t)0); +static const size_t CONSTTIME_FALSE_S = 0; +static uint32_t CONSTTIME_TRUE_32 = (uint32_t)(~(uint32_t)0); +static uint32_t CONSTTIME_FALSE_32 = 0; +static uint64_t CONSTTIME_TRUE_64 = (uint64_t)(~(uint64_t)0); +static uint64_t CONSTTIME_FALSE_64 = 0; + +static unsigned int test_values[] = { + 0, 1, 1024, 12345, 32000, UINT_MAX / 2 - 1, + UINT_MAX / 2, UINT_MAX / 2 + 1, UINT_MAX - 1, + UINT_MAX +}; + +static unsigned char test_values_8[] = { + 0, 1, 2, 20, 32, 127, 128, 129, 255 +}; + +static int signed_test_values[] = { + 0, 1, -1, 1024, -1024, 12345, -12345, + 32000, -32000, INT_MAX, INT_MIN, INT_MAX - 1, + INT_MIN + 1 +}; + +static size_t test_values_s[] = { + 0, 1, 1024, 12345, 32000, SIZE_MAX / 2 - 1, + SIZE_MAX / 2, SIZE_MAX / 2 + 1, SIZE_MAX - 1, + SIZE_MAX +}; + +static uint32_t test_values_32[] = { + 0, 1, 1024, 12345, 32000, UINT32_MAX / 2, UINT32_MAX / 2 + 1, + UINT32_MAX - 1, UINT32_MAX +}; + +static uint64_t test_values_64[] = { + 0, 1, 1024, 12345, 32000, 32000000, 32000000001, UINT64_MAX / 2, + UINT64_MAX / 2 + 1, UINT64_MAX - 1, UINT64_MAX +}; static int test_binary_op(unsigned int (*op) (unsigned int a, unsigned int b), const char *op_name, unsigned int a, unsigned int b, int is_true) { - unsigned c = op(a, b); - if (is_true && c != CONSTTIME_TRUE) { - fprintf(stderr, "Test failed for %s(%du, %du): expected %du " - "(TRUE), got %du\n", op_name, a, b, CONSTTIME_TRUE, c); - return 1; - } else if (!is_true && c != CONSTTIME_FALSE) { - fprintf(stderr, "Test failed for %s(%du, %du): expected %du " - "(FALSE), got %du\n", op_name, a, b, CONSTTIME_FALSE, c); - return 1; - } - return 0; + if (is_true && !TEST_uint_eq(op(a, b), CONSTTIME_TRUE)) + return 0; + if (!is_true && !TEST_uint_eq(op(a, b), CONSTTIME_FALSE)) + return 0; + return 1; } static int test_binary_op_8(unsigned @@ -41,228 +74,341 @@ static int test_binary_op_8(unsigned const char *op_name, unsigned int a, unsigned int b, int is_true) { - unsigned char c = op(a, b); - if (is_true && c != CONSTTIME_TRUE_8) { - fprintf(stderr, "Test failed for %s(%du, %du): expected %u " - "(TRUE), got %u\n", op_name, a, b, CONSTTIME_TRUE_8, c); - return 1; - } else if (!is_true && c != CONSTTIME_FALSE_8) { - fprintf(stderr, "Test failed for %s(%du, %du): expected %u " - "(FALSE), got %u\n", op_name, a, b, CONSTTIME_FALSE_8, c); - return 1; - } - return 0; + if (is_true && !TEST_uint_eq(op(a, b), CONSTTIME_TRUE_8)) + return 0; + if (!is_true && !TEST_uint_eq(op(a, b), CONSTTIME_FALSE_8)) + return 0; + return 1; } -static int test_is_zero(unsigned int a) +static int test_binary_op_s(size_t (*op) (size_t a, size_t b), + const char *op_name, size_t a, size_t b, + int is_true) { - unsigned int c = constant_time_is_zero(a); - if (a == 0 && c != CONSTTIME_TRUE) { - fprintf(stderr, "Test failed for constant_time_is_zero(%du): " - "expected %du (TRUE), got %du\n", a, CONSTTIME_TRUE, c); - return 1; - } else if (a != 0 && c != CONSTTIME_FALSE) { - fprintf(stderr, "Test failed for constant_time_is_zero(%du): " - "expected %du (FALSE), got %du\n", a, CONSTTIME_FALSE, c); - return 1; - } - return 0; + if (is_true && !TEST_size_t_eq(op(a,b), CONSTTIME_TRUE_S)) + return 0; + if (!is_true && !TEST_uint_eq(op(a,b), CONSTTIME_FALSE_S)) + return 0; + return 1; } -static int test_is_zero_8(unsigned int a) +static int test_binary_op_64(uint64_t (*op)(uint64_t a, uint64_t b), + const char *op_name, uint64_t a, uint64_t b, + int is_true) { - unsigned char c = constant_time_is_zero_8(a); - if (a == 0 && c != CONSTTIME_TRUE_8) { - fprintf(stderr, "Test failed for constant_time_is_zero(%du): " - "expected %u (TRUE), got %u\n", a, CONSTTIME_TRUE_8, c); - return 1; - } else if (a != 0 && c != CONSTTIME_FALSE) { - fprintf(stderr, "Test failed for constant_time_is_zero(%du): " - "expected %u (FALSE), got %u\n", a, CONSTTIME_FALSE_8, c); - return 1; + uint64_t c = op(a, b); + + if (is_true && c != CONSTTIME_TRUE_64) { + TEST_error("TRUE %s op failed", op_name); + BIO_printf(bio_err, "a=%jx b=%jx\n", a, b); + return 0; + } else if (!is_true && c != CONSTTIME_FALSE_64) { + TEST_error("FALSE %s op failed", op_name); + BIO_printf(bio_err, "a=%jx b=%jx\n", a, b); + return 0; } - return 0; + return 1; +} + +static int test_is_zero(int i) +{ + unsigned int a = test_values[i]; + + if (a == 0 && !TEST_uint_eq(constant_time_is_zero(a), CONSTTIME_TRUE)) + return 0; + if (a != 0 && !TEST_uint_eq(constant_time_is_zero(a), CONSTTIME_FALSE)) + return 0; + return 1; +} + +static int test_is_zero_8(int i) +{ + unsigned int a = test_values_8[i]; + + if (a == 0 && !TEST_uint_eq(constant_time_is_zero_8(a), CONSTTIME_TRUE_8)) + return 0; + if (a != 0 && !TEST_uint_eq(constant_time_is_zero_8(a), CONSTTIME_FALSE_8)) + return 0; + return 1; +} + +static int test_is_zero_32(int i) +{ + uint32_t a = test_values_32[i]; + + if (a == 0 && !TEST_true(constant_time_is_zero_32(a) == CONSTTIME_TRUE_32)) + return 0; + if (a != 0 && !TEST_true(constant_time_is_zero_32(a) == CONSTTIME_FALSE_32)) + return 0; + return 1; +} + +static int test_is_zero_s(int i) +{ + size_t a = test_values_s[i]; + + if (a == 0 && !TEST_size_t_eq(constant_time_is_zero_s(a), CONSTTIME_TRUE_S)) + return 0; + if (a != 0 && !TEST_uint_eq(constant_time_is_zero_s(a), CONSTTIME_FALSE_S)) + return 0; + return 1; } static int test_select(unsigned int a, unsigned int b) { - unsigned int selected = constant_time_select(CONSTTIME_TRUE, a, b); - if (selected != a) { - fprintf(stderr, "Test failed for constant_time_select(%du, %du," - "%du): expected %du(first value), got %du\n", - CONSTTIME_TRUE, a, b, a, selected); - return 1; - } - selected = constant_time_select(CONSTTIME_FALSE, a, b); - if (selected != b) { - fprintf(stderr, "Test failed for constant_time_select(%du, %du," - "%du): expected %du(second value), got %du\n", - CONSTTIME_FALSE, a, b, b, selected); - return 1; - } - return 0; + if (!TEST_uint_eq(constant_time_select(CONSTTIME_TRUE, a, b), a)) + return 0; + if (!TEST_uint_eq(constant_time_select(CONSTTIME_FALSE, a, b), b)) + return 0; + return 1; } static int test_select_8(unsigned char a, unsigned char b) { - unsigned char selected = constant_time_select_8(CONSTTIME_TRUE_8, a, b); + if (!TEST_uint_eq(constant_time_select_8(CONSTTIME_TRUE_8, a, b), a)) + return 0; + if (!TEST_uint_eq(constant_time_select_8(CONSTTIME_FALSE_8, a, b), b)) + return 0; + return 1; +} + +static int test_select_32(uint32_t a, uint32_t b) +{ + if (!TEST_true(constant_time_select_32(CONSTTIME_TRUE_32, a, b) == a)) + return 0; + if (!TEST_true(constant_time_select_32(CONSTTIME_FALSE_32, a, b) == b)) + return 0; + return 1; +} + +static int test_select_s(size_t a, size_t b) +{ + if (!TEST_uint_eq(constant_time_select_s(CONSTTIME_TRUE_S, a, b), a)) + return 0; + if (!TEST_uint_eq(constant_time_select_s(CONSTTIME_FALSE_S, a, b), b)) + return 0; + return 1; +} + +static int test_select_64(uint64_t a, uint64_t b) +{ + uint64_t selected = constant_time_select_64(CONSTTIME_TRUE_64, a, b); + if (selected != a) { - fprintf(stderr, "Test failed for constant_time_select(%u, %u," - "%u): expected %u(first value), got %u\n", - CONSTTIME_TRUE, a, b, a, selected); - return 1; + TEST_error("test_select_64 TRUE failed"); + BIO_printf(bio_err, "a=%jx b=%jx got %jx wanted a\n", a, b, selected); + return 0; } - selected = constant_time_select_8(CONSTTIME_FALSE_8, a, b); + selected = constant_time_select_64(CONSTTIME_FALSE_64, a, b); if (selected != b) { - fprintf(stderr, "Test failed for constant_time_select(%u, %u," - "%u): expected %u(second value), got %u\n", - CONSTTIME_FALSE, a, b, b, selected); - return 1; + BIO_printf(bio_err, "a=%jx b=%jx got %jx wanted b\n", a, b, selected); + return 0; } - return 0; + return 1; } static int test_select_int(int a, int b) { - int selected = constant_time_select_int(CONSTTIME_TRUE, a, b); - if (selected != a) { - fprintf(stderr, "Test failed for constant_time_select(%du, %d," - "%d): expected %d(first value), got %d\n", - CONSTTIME_TRUE, a, b, a, selected); - return 1; - } - selected = constant_time_select_int(CONSTTIME_FALSE, a, b); - if (selected != b) { - fprintf(stderr, "Test failed for constant_time_select(%du, %d," - "%d): expected %d(second value), got %d\n", - CONSTTIME_FALSE, a, b, b, selected); - return 1; - } - return 0; + if (!TEST_int_eq(constant_time_select_int(CONSTTIME_TRUE, a, b), a)) + return 0; + if (!TEST_int_eq(constant_time_select_int(CONSTTIME_FALSE, a, b), b)) + return 0; + return 1; +} + +static int test_eq_int_8(int a, int b) +{ + if (a == b && !TEST_int_eq(constant_time_eq_int_8(a, b), CONSTTIME_TRUE_8)) + return 0; + if (a != b && !TEST_int_eq(constant_time_eq_int_8(a, b), CONSTTIME_FALSE_8)) + return 0; + return 1; +} + +static int test_eq_s(size_t a, size_t b) +{ + if (a == b && !TEST_size_t_eq(constant_time_eq_s(a, b), CONSTTIME_TRUE_S)) + return 0; + if (a != b && !TEST_int_eq(constant_time_eq_s(a, b), CONSTTIME_FALSE_S)) + return 0; + return 1; } static int test_eq_int(int a, int b) { - unsigned int equal = constant_time_eq_int(a, b); - if (a == b && equal != CONSTTIME_TRUE) { - fprintf(stderr, "Test failed for constant_time_eq_int(%d, %d): " - "expected %du(TRUE), got %du\n", a, b, CONSTTIME_TRUE, equal); - return 1; - } else if (a != b && equal != CONSTTIME_FALSE) { - fprintf(stderr, "Test failed for constant_time_eq_int(%d, %d): " - "expected %du(FALSE), got %du\n", - a, b, CONSTTIME_FALSE, equal); - return 1; + if (a == b && !TEST_uint_eq(constant_time_eq_int(a, b), CONSTTIME_TRUE)) + return 0; + if (a != b && !TEST_uint_eq(constant_time_eq_int(a, b), CONSTTIME_FALSE)) + return 0; + return 1; +} + +static int test_sizeofs(void) +{ + if (!TEST_uint_eq(OSSL_NELEM(test_values), OSSL_NELEM(test_values_s))) + return 0; + return 1; +} + +static int test_binops(int i) +{ + unsigned int a = test_values[i]; + int j; + int ret = 1; + + for (j = 0; j < (int)OSSL_NELEM(test_values); ++j) { + unsigned int b = test_values[j]; + + if (!test_select(a, b) + || !test_binary_op(&constant_time_lt, "ct_lt", + a, b, a < b) + || !test_binary_op(&constant_time_lt, "constant_time_lt", + b, a, b < a) + || !test_binary_op(&constant_time_ge, "constant_time_ge", + a, b, a >= b) + || !test_binary_op(&constant_time_ge, "constant_time_ge", + b, a, b >= a) + || !test_binary_op(&constant_time_eq, "constant_time_eq", + a, b, a == b) + || !test_binary_op(&constant_time_eq, "constant_time_eq", + b, a, b == a)) + ret = 0; } - return 0; + return ret; } -static int test_eq_int_8(int a, int b) +static int test_binops_8(int i) { - unsigned char equal = constant_time_eq_int_8(a, b); - if (a == b && equal != CONSTTIME_TRUE_8) { - fprintf(stderr, "Test failed for constant_time_eq_int_8(%d, %d): " - "expected %u(TRUE), got %u\n", a, b, CONSTTIME_TRUE_8, equal); - return 1; - } else if (a != b && equal != CONSTTIME_FALSE_8) { - fprintf(stderr, "Test failed for constant_time_eq_int_8(%d, %d): " - "expected %u(FALSE), got %u\n", - a, b, CONSTTIME_FALSE_8, equal); - return 1; + unsigned int a = test_values_8[i]; + int j; + int ret = 1; + + for (j = 0; j < (int)OSSL_NELEM(test_values_8); ++j) { + unsigned int b = test_values_8[j]; + + if (!test_binary_op_8(&constant_time_lt_8, "constant_time_lt_8", + a, b, a < b) + || !test_binary_op_8(&constant_time_lt_8, "constant_time_lt_8", + b, a, b < a) + || !test_binary_op_8(&constant_time_ge_8, "constant_time_ge_8", + a, b, a >= b) + || !test_binary_op_8(&constant_time_ge_8, "constant_time_ge_8", + b, a, b >= a) + || !test_binary_op_8(&constant_time_eq_8, "constant_time_eq_8", + a, b, a == b) + || !test_binary_op_8(&constant_time_eq_8, "constant_time_eq_8", + b, a, b == a)) + ret = 0; } - return 0; + return ret; } -static unsigned int test_values[] = - { 0, 1, 1024, 12345, 32000, UINT_MAX / 2 - 1, - UINT_MAX / 2, UINT_MAX / 2 + 1, UINT_MAX - 1, - UINT_MAX -}; +static int test_binops_s(int i) +{ + size_t a = test_values_s[i]; + int j; + int ret = 1; -static unsigned char test_values_8[] = - { 0, 1, 2, 20, 32, 127, 128, 129, 255 }; + for (j = 0; j < (int)OSSL_NELEM(test_values_s); ++j) { + size_t b = test_values_s[j]; -static int signed_test_values[] = { 0, 1, -1, 1024, -1024, 12345, -12345, - 32000, -32000, INT_MAX, INT_MIN, INT_MAX - 1, - INT_MIN + 1 -}; + if (!test_select_s(a, b) + || !test_eq_s(a, b) + || !test_binary_op_s(&constant_time_lt_s, "constant_time_lt_s", + a, b, a < b) + || !test_binary_op_s(&constant_time_lt_s, "constant_time_lt_s", + b, a, b < a) + || !test_binary_op_s(&constant_time_ge_s, "constant_time_ge_s", + a, b, a >= b) + || !test_binary_op_s(&constant_time_ge_s, "constant_time_ge_s", + b, a, b >= a) + || !test_binary_op_s(&constant_time_eq_s, "constant_time_eq_s", + a, b, a == b) + || !test_binary_op_s(&constant_time_eq_s, "constant_time_eq_s", + b, a, b == a)) + ret = 0; + } + return ret; +} -int main(int argc, char *argv[]) +static int test_signed(int i) { - unsigned int a, b, i, j; - int c, d; - unsigned char e, f; - int num_failed = 0, num_all = 0; - fprintf(stdout, "Testing constant time operations...\n"); - - for (i = 0; i < OSSL_NELEM(test_values); ++i) { - a = test_values[i]; - num_failed += test_is_zero(a); - num_failed += test_is_zero_8(a); - num_all += 2; - for (j = 0; j < OSSL_NELEM(test_values); ++j) { - b = test_values[j]; - num_failed += test_binary_op(&constant_time_lt, - "constant_time_lt", a, b, a < b); - num_failed += test_binary_op_8(&constant_time_lt_8, - "constant_time_lt_8", a, b, a < b); - num_failed += test_binary_op(&constant_time_lt, - "constant_time_lt_8", b, a, b < a); - num_failed += test_binary_op_8(&constant_time_lt_8, - "constant_time_lt_8", b, a, b < a); - num_failed += test_binary_op(&constant_time_ge, - "constant_time_ge", a, b, a >= b); - num_failed += test_binary_op_8(&constant_time_ge_8, - "constant_time_ge_8", a, b, - a >= b); - num_failed += - test_binary_op(&constant_time_ge, "constant_time_ge", b, a, - b >= a); - num_failed += - test_binary_op_8(&constant_time_ge_8, "constant_time_ge_8", b, - a, b >= a); - num_failed += - test_binary_op(&constant_time_eq, "constant_time_eq", a, b, - a == b); - num_failed += - test_binary_op_8(&constant_time_eq_8, "constant_time_eq_8", a, - b, a == b); - num_failed += - test_binary_op(&constant_time_eq, "constant_time_eq", b, a, - b == a); - num_failed += - test_binary_op_8(&constant_time_eq_8, "constant_time_eq_8", b, - a, b == a); - num_failed += test_select(a, b); - num_all += 13; - } + int c = signed_test_values[i]; + unsigned int j; + int ret = 1; + + for (j = 0; j < OSSL_NELEM(signed_test_values); ++j) { + int d = signed_test_values[j]; + + if (!test_select_int(c, d) + || !test_eq_int(c, d) + || !test_eq_int_8(c, d)) + ret = 0; } + return ret; +} - for (i = 0; i < OSSL_NELEM(signed_test_values); ++i) { - c = signed_test_values[i]; - for (j = 0; j < OSSL_NELEM(signed_test_values); ++j) { - d = signed_test_values[j]; - num_failed += test_select_int(c, d); - num_failed += test_eq_int(c, d); - num_failed += test_eq_int_8(c, d); - num_all += 3; - } +static int test_8values(int i) +{ + unsigned char e = test_values_8[i]; + unsigned int j; + int ret = 1; + + for (j = 0; j < sizeof(test_values_8); ++j) { + unsigned char f = test_values_8[j]; + + if (!test_select_8(e, f)) + ret = 0; } + return ret; +} - for (i = 0; i < sizeof(test_values_8); ++i) { - e = test_values_8[i]; - for (j = 0; j < sizeof(test_values_8); ++j) { - f = test_values_8[j]; - num_failed += test_select_8(e, f); - num_all += 1; - } +static int test_32values(int i) +{ + uint32_t e = test_values_32[i]; + size_t j; + int ret = 1; + + for (j = 0; j < OSSL_NELEM(test_values_32); j++) { + uint32_t f = test_values_32[j]; + + if (!test_select_32(e, f)) + ret = 0; } + return ret; +} - if (!num_failed) { - fprintf(stdout, "success (ran %d tests)\n", num_all); - return EXIT_SUCCESS; - } else { - fprintf(stdout, "%d of %d tests failed!\n", num_failed, num_all); - return EXIT_FAILURE; +static int test_64values(int i) +{ + uint64_t g = test_values_64[i]; + int j, ret = 1; + + for (j = i + 1; j < (int)OSSL_NELEM(test_values_64); j++) { + uint64_t h = test_values_64[j]; + + if (!test_binary_op_64(&constant_time_lt_64, "constant_time_lt_64", + g, h, g < h) + || !test_select_64(g, h)) { + TEST_info("test_64values failed i=%d j=%d", i, j); + ret = 0; + } } + return ret; +} + +int setup_tests(void) +{ + ADD_TEST(test_sizeofs); + ADD_ALL_TESTS(test_is_zero, OSSL_NELEM(test_values)); + ADD_ALL_TESTS(test_is_zero_8, OSSL_NELEM(test_values_8)); + ADD_ALL_TESTS(test_is_zero_32, OSSL_NELEM(test_values_32)); + ADD_ALL_TESTS(test_is_zero_s, OSSL_NELEM(test_values_s)); + ADD_ALL_TESTS(test_binops, OSSL_NELEM(test_values)); + ADD_ALL_TESTS(test_binops_8, OSSL_NELEM(test_values_8)); + ADD_ALL_TESTS(test_binops_s, OSSL_NELEM(test_values_s)); + ADD_ALL_TESTS(test_signed, OSSL_NELEM(signed_test_values)); + ADD_ALL_TESTS(test_8values, OSSL_NELEM(test_values_8)); + ADD_ALL_TESTS(test_32values, OSSL_NELEM(test_values_32)); + ADD_ALL_TESTS(test_64values, OSSL_NELEM(test_values_64)); + return 1; } diff --git a/deps/openssl/openssl/test/crltest.c b/deps/openssl/openssl/test/crltest.c index 74db9444cdcc1b..4d35fd4081c5c3 100644 --- a/deps/openssl/openssl/test/crltest.c +++ b/deps/openssl/openssl/test/crltest.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,8 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include -#include "../e_os.h" +#include "internal/nelem.h" #include #include #include @@ -177,25 +176,22 @@ static const char *kUnknownCriticalCRL2[] = { NULL }; +static const char **unknown_critical_crls[] = { + kUnknownCriticalCRL, kUnknownCriticalCRL2 +}; + +static X509 *test_root = NULL; +static X509 *test_leaf = NULL; /* * Glue an array of strings together. Return a BIO and put the string * into |*out| so we can free it. */ -static BIO *glue(const char **pem, char **out) +static BIO *glue2bio(const char **pem, char **out) { - char *dest; - int i; size_t s = 0; - /* Glue the strings together. */ - for (i = 0; pem[i] != NULL; ++i) - s += strlen(pem[i]); - dest = *out = OPENSSL_malloc(s + 1); - if (dest == NULL) - return NULL; - for (i = 0; pem[i] != NULL; ++i) - dest += strlen(strcpy(dest, pem[i])); + *out = glue_strings(pem, &s); return BIO_new_mem_buf(*out, s); } @@ -205,7 +201,7 @@ static BIO *glue(const char **pem, char **out) static X509_CRL *CRL_from_strings(const char **pem) { char *p; - BIO *b = glue(pem, &p); + BIO *b = glue2bio(pem, &p); X509_CRL *crl = PEM_read_bio_X509_CRL(b, NULL, NULL, NULL); OPENSSL_free(p); @@ -219,7 +215,7 @@ static X509_CRL *CRL_from_strings(const char **pem) static X509 *X509_from_strings(const char **pem) { char *p; - BIO *b = glue(pem, &p); + BIO *b = glue2bio(pem, &p); X509 *x = PEM_read_bio_X509(b, NULL, NULL, NULL); OPENSSL_free(p); @@ -242,27 +238,27 @@ static int verify(X509 *leaf, X509 *root, STACK_OF(X509_CRL) *crls, STACK_OF(X509) *roots = sk_X509_new_null(); int status = X509_V_ERR_UNSPECIFIED; - if (ctx == NULL || store == NULL || param == NULL || roots == NULL) + if (!TEST_ptr(ctx) + || !TEST_ptr(store) + || !TEST_ptr(param) + || !TEST_ptr(roots)) goto err; /* Create a stack; upref the cert because we free it below. */ X509_up_ref(root); - if (!sk_X509_push(roots, root)) - goto err; - - if (!X509_STORE_CTX_init(ctx, store, leaf, NULL)) + if (!TEST_true(sk_X509_push(roots, root)) + || !TEST_true(X509_STORE_CTX_init(ctx, store, leaf, NULL))) goto err; X509_STORE_CTX_set0_trusted_stack(ctx, roots); X509_STORE_CTX_set0_crls(ctx, crls); X509_VERIFY_PARAM_set_time(param, PARAM_TIME); - if (X509_VERIFY_PARAM_get_time(param) != PARAM_TIME) { - fprintf(stderr, "set_time/get_time mismatch.\n"); + if (!TEST_long_eq((long)X509_VERIFY_PARAM_get_time(param), PARAM_TIME)) goto err; - } X509_VERIFY_PARAM_set_depth(param, 16); if (flags) X509_VERIFY_PARAM_set_flags(param, flags); X509_STORE_CTX_set0_param(ctx, param); + param = NULL; ERR_clear_error(); status = X509_verify_cert(ctx) == 1 ? X509_V_OK @@ -270,6 +266,7 @@ static int verify(X509 *leaf, X509 *root, STACK_OF(X509_CRL) *crls, err: sk_X509_pop_free(roots, X509_free); sk_X509_CRL_pop_free(crls, X509_CRL_free); + X509_VERIFY_PARAM_free(param); X509_STORE_CTX_free(ctx); X509_STORE_free(store); return status; @@ -293,86 +290,89 @@ static STACK_OF(X509_CRL) *make_CRL_stack(X509_CRL *x1, X509_CRL *x2) return sk; } -static int test_crl() +static int test_basic_crl(void) { - X509 *root = X509_from_strings(kCRLTestRoot); - X509 *leaf = X509_from_strings(kCRLTestLeaf); X509_CRL *basic_crl = CRL_from_strings(kBasicCRL); X509_CRL *revoked_crl = CRL_from_strings(kRevokedCRL); - X509_CRL *bad_issuer_crl = CRL_from_strings(kBadIssuerCRL); - X509_CRL *known_critical_crl = CRL_from_strings(kKnownCriticalCRL); - X509_CRL *unknown_critical_crl = CRL_from_strings(kUnknownCriticalCRL); - X509_CRL *unknown_critical_crl2 = CRL_from_strings(kUnknownCriticalCRL2); - int status = 0; - - if (root == NULL || leaf == NULL || basic_crl == NULL - || revoked_crl == NULL || bad_issuer_crl == NULL - || known_critical_crl == NULL || unknown_critical_crl == NULL - || unknown_critical_crl2 == NULL) { - fprintf(stderr, "Failed to parse certificates and CRLs.\n"); - goto err; - } - - if (verify(leaf, root, make_CRL_stack(basic_crl, NULL), - X509_V_FLAG_CRL_CHECK) != X509_V_OK) { - fprintf(stderr, "Cert with CRL didn't verify.\n"); - goto err; - } - - if (verify(leaf, root, make_CRL_stack(basic_crl, revoked_crl), - X509_V_FLAG_CRL_CHECK) != X509_V_ERR_CERT_REVOKED) { - fprintf(stderr, "Revoked CRL wasn't checked.\n"); - goto err; - } - - if (verify(leaf, root, NULL, - X509_V_FLAG_CRL_CHECK) != X509_V_ERR_UNABLE_TO_GET_CRL) { - fprintf(stderr, "CRLs were not required.\n"); - goto err; - } - - if (verify(leaf, root, make_CRL_stack(bad_issuer_crl, NULL), - X509_V_FLAG_CRL_CHECK) != X509_V_ERR_UNABLE_TO_GET_CRL) { - fprintf(stderr, "Bad CRL issuer was unnoticed.\n"); - goto err; - } + int r; + + r = TEST_ptr(basic_crl) + && TEST_ptr(revoked_crl) + && TEST_int_eq(verify(test_leaf, test_root, + make_CRL_stack(basic_crl, NULL), + X509_V_FLAG_CRL_CHECK), X509_V_OK) + && TEST_int_eq(verify(test_leaf, test_root, + make_CRL_stack(basic_crl, revoked_crl), + X509_V_FLAG_CRL_CHECK), X509_V_ERR_CERT_REVOKED); + X509_CRL_free(basic_crl); + X509_CRL_free(revoked_crl); + return r; +} - if (verify(leaf, root, make_CRL_stack(known_critical_crl, NULL), - X509_V_FLAG_CRL_CHECK) != X509_V_OK) { - fprintf(stderr, "CRL with known critical extension was rejected.\n"); - goto err; - } +static int test_no_crl(void) +{ + return TEST_int_eq(verify(test_leaf, test_root, NULL, + X509_V_FLAG_CRL_CHECK), + X509_V_ERR_UNABLE_TO_GET_CRL); +} - if (verify(leaf, root, make_CRL_stack(unknown_critical_crl, NULL), - X509_V_FLAG_CRL_CHECK) != - X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION) { - fprintf(stderr, "CRL with unknown critical extension was accepted.\n"); - goto err; - } +static int test_bad_issuer_crl(void) +{ + X509_CRL *bad_issuer_crl = CRL_from_strings(kBadIssuerCRL); + int r; - if (verify(leaf, root, make_CRL_stack(unknown_critical_crl2, NULL), - X509_V_FLAG_CRL_CHECK) != - X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION) { - fprintf(stderr, "CRL with unknown critical extension (2) was accepted.\n"); - goto err; - } + r = TEST_ptr(bad_issuer_crl) + && TEST_int_eq(verify(test_leaf, test_root, + make_CRL_stack(bad_issuer_crl, NULL), + X509_V_FLAG_CRL_CHECK), + X509_V_ERR_UNABLE_TO_GET_CRL); + X509_CRL_free(bad_issuer_crl); + return r; +} - status = 1; +static int test_known_critical_crl(void) +{ + X509_CRL *known_critical_crl = CRL_from_strings(kKnownCriticalCRL); + int r; -err: - X509_free(root); - X509_free(leaf); - X509_CRL_free(basic_crl); - X509_CRL_free(revoked_crl); - X509_CRL_free(bad_issuer_crl); + r = TEST_ptr(known_critical_crl) + && TEST_int_eq(verify(test_leaf, test_root, + make_CRL_stack(known_critical_crl, NULL), + X509_V_FLAG_CRL_CHECK), X509_V_OK); X509_CRL_free(known_critical_crl); + return r; +} + +static int test_unknown_critical_crl(int n) +{ + X509_CRL *unknown_critical_crl = CRL_from_strings(unknown_critical_crls[n]); + int r; + + r = TEST_ptr(unknown_critical_crl) + && TEST_int_eq(verify(test_leaf, test_root, + make_CRL_stack(unknown_critical_crl, NULL), + X509_V_FLAG_CRL_CHECK), + X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION); X509_CRL_free(unknown_critical_crl); - X509_CRL_free(unknown_critical_crl2); - return status; + return r; +} + +int setup_tests(void) +{ + if (!TEST_ptr(test_root = X509_from_strings(kCRLTestRoot)) + || !TEST_ptr(test_leaf = X509_from_strings(kCRLTestLeaf))) + return 0; + + ADD_TEST(test_no_crl); + ADD_TEST(test_basic_crl); + ADD_TEST(test_bad_issuer_crl); + ADD_TEST(test_known_critical_crl); + ADD_ALL_TESTS(test_unknown_critical_crl, OSSL_NELEM(unknown_critical_crls)); + return 1; } -int main() +void cleanup_tests(void) { - ADD_TEST(test_crl); - return run_tests("crltest"); + X509_free(test_root); + X509_free(test_leaf); } diff --git a/deps/openssl/openssl/test/ct_test.c b/deps/openssl/openssl/test/ct_test.c index 49c46958ee15a3..de374764ef191a 100644 --- a/deps/openssl/openssl/test/ct_test.c +++ b/deps/openssl/openssl/test/ct_test.c @@ -8,7 +8,6 @@ */ #include -#include #include #include #include @@ -19,11 +18,11 @@ #include #include #include "testutil.h" +#include #ifndef OPENSSL_NO_CT - /* Used when declaring buffers to read text files into */ -#define CT_TEST_MAX_FILE_SIZE 8096 +# define CT_TEST_MAX_FILE_SIZE 8096 static char *certs_dir = NULL; static char *ct_dir = NULL; @@ -57,59 +56,51 @@ typedef struct ct_test_fixture { int test_validity; } CT_TEST_FIXTURE; -static CT_TEST_FIXTURE set_up(const char *const test_case_name) +static CT_TEST_FIXTURE *set_up(const char *const test_case_name) { - CT_TEST_FIXTURE fixture; - int setup_ok = 1; - - memset(&fixture, 0, sizeof(fixture)); - - fixture.test_case_name = test_case_name; - fixture.epoch_time_in_ms = 1473269626000; /* Sep 7 17:33:46 2016 GMT */ - fixture.ctlog_store = CTLOG_STORE_new(); + CT_TEST_FIXTURE *fixture = NULL; - if (fixture.ctlog_store == NULL) { - setup_ok = 0; - fprintf(stderr, "Failed to create a new CT log store\n"); + if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture)))) goto end; - } - - if (CTLOG_STORE_load_default_file(fixture.ctlog_store) != 1) { - setup_ok = 0; - fprintf(stderr, "Failed to load CT log list\n"); + fixture->test_case_name = test_case_name; + fixture->epoch_time_in_ms = 1473269626000; /* Sep 7 17:33:46 2016 GMT */ + if (!TEST_ptr(fixture->ctlog_store = CTLOG_STORE_new()) + || !TEST_int_eq( + CTLOG_STORE_load_default_file(fixture->ctlog_store), 1)) goto end; - } + return fixture; end: - if (!setup_ok) { - CTLOG_STORE_free(fixture.ctlog_store); - exit(EXIT_FAILURE); - } - return fixture; + if (fixture != NULL) + CTLOG_STORE_free(fixture->ctlog_store); + OPENSSL_free(fixture); + TEST_error("Failed to setup"); + return NULL; } -static void tear_down(CT_TEST_FIXTURE fixture) +static void tear_down(CT_TEST_FIXTURE *fixture) { - CTLOG_STORE_free(fixture.ctlog_store); - SCT_LIST_free(fixture.sct_list); - ERR_print_errors_fp(stderr); + if (fixture != NULL) { + CTLOG_STORE_free(fixture->ctlog_store); + SCT_LIST_free(fixture->sct_list); + } + OPENSSL_free(fixture); } static char *mk_file_path(const char *dir, const char *file) { - char *full_file = NULL; - size_t full_file_l = 0; +# ifndef OPENSSL_SYS_VMS + const char *sep = "/"; +# else const char *sep = ""; -#ifndef OPENSSL_SYS_VMS - sep = "/"; -#endif +# endif + size_t len = strlen(dir) + strlen(sep) + strlen(file) + 1; + char *full_file = OPENSSL_zalloc(len); - full_file_l = strlen(dir) + strlen(sep) + strlen(file) + 1; - full_file = OPENSSL_zalloc(full_file_l); if (full_file != NULL) { - OPENSSL_strlcpy(full_file, dir, full_file_l); - OPENSSL_strlcat(full_file, sep, full_file_l); - OPENSSL_strlcat(full_file, file, full_file_l); + OPENSSL_strlcpy(full_file, dir, len); + OPENSSL_strlcat(full_file, sep, len); + OPENSSL_strlcat(full_file, file, len); } return full_file; @@ -122,65 +113,54 @@ static X509 *load_pem_cert(const char *dir, const char *file) if (file_path != NULL) { BIO *cert_io = BIO_new_file(file_path, "r"); - OPENSSL_free(file_path); if (cert_io != NULL) cert = PEM_read_bio_X509(cert_io, NULL, NULL, NULL); - BIO_free(cert_io); } + + OPENSSL_free(file_path); return cert; } static int read_text_file(const char *dir, const char *file, char *buffer, int buffer_length) { - int result = -1; + int len = -1; char *file_path = mk_file_path(dir, file); if (file_path != NULL) { BIO *file_io = BIO_new_file(file_path, "r"); - OPENSSL_free(file_path); - if (file_io != NULL) { - result = BIO_read(file_io, buffer, buffer_length); - BIO_free(file_io); - } + if (file_io != NULL) + len = BIO_read(file_io, buffer, buffer_length); + BIO_free(file_io); } - return result; + OPENSSL_free(file_path); + return len; } static int compare_sct_list_printout(STACK_OF(SCT) *sct, - const char *expected_output) + const char *expected_output) { BIO *text_buffer = NULL; char *actual_output = NULL; - int result = 1; + int result = 0; - text_buffer = BIO_new(BIO_s_mem()); - if (text_buffer == NULL) { - fprintf(stderr, "Unable to allocate buffer\n"); + if (!TEST_ptr(text_buffer = BIO_new(BIO_s_mem()))) goto end; - } SCT_LIST_print(sct, text_buffer, 0, "\n", NULL); - /* Append null terminator because we're about to use the buffer contents - * as a string. */ - if (BIO_write(text_buffer, "\0", 1) != 1) { - fprintf(stderr, "Failed to append null terminator to SCT text\n"); + /* Append \0 because we're about to use the buffer contents as a string. */ + if (!TEST_true(BIO_write(text_buffer, "\0", 1))) goto end; - } BIO_get_mem_data(text_buffer, &actual_output); - result = strcmp(actual_output, expected_output); - - if (result != 0) { - fprintf(stderr, - "Expected SCT printout:\n%s\nActual SCT printout:\n%s\n", - expected_output, actual_output); - } + if (!TEST_str_eq(actual_output, expected_output)) + goto end; + result = 1; end: BIO_free(text_buffer); @@ -192,55 +172,41 @@ static int compare_extension_printout(X509_EXTENSION *extension, { BIO *text_buffer = NULL; char *actual_output = NULL; - int result = 1; - - text_buffer = BIO_new(BIO_s_mem()); - if (text_buffer == NULL) { - fprintf(stderr, "Unable to allocate buffer\n"); - goto end; - } + int result = 0; - if (!X509V3_EXT_print(text_buffer, extension, X509V3_EXT_DEFAULT, 0)) { - fprintf(stderr, "Failed to print extension\n"); + if (!TEST_ptr(text_buffer = BIO_new(BIO_s_mem())) + || !TEST_true(X509V3_EXT_print(text_buffer, extension, + X509V3_EXT_DEFAULT, 0))) goto end; - } - /* Append null terminator because we're about to use the buffer contents - * as a string. */ - if (BIO_write(text_buffer, "\0", 1) != 1) { - fprintf(stderr, - "Failed to append null terminator to extension text\n"); + /* Append \0 because we're about to use the buffer contents as a string. */ + if (!TEST_true(BIO_write(text_buffer, "\0", 1))) goto end; - } BIO_get_mem_data(text_buffer, &actual_output); - result = strcmp(actual_output, expected_output); + if (!TEST_str_eq(actual_output, expected_output)) + goto end; - if (result != 0) { - fprintf(stderr, - "Expected SCT printout:\n%s\nActual SCT printout:\n%s\n", - expected_output, actual_output); - } + result = 1; end: BIO_free(text_buffer); return result; } -static int assert_validity(CT_TEST_FIXTURE fixture, - STACK_OF(SCT) *scts, - CT_POLICY_EVAL_CTX *policy_ctx) { +static int assert_validity(CT_TEST_FIXTURE *fixture, STACK_OF(SCT) *scts, + CT_POLICY_EVAL_CTX *policy_ctx) +{ int invalid_sct_count = 0; int valid_sct_count = 0; int i; - if (SCT_LIST_validate(scts, policy_ctx) < 0) { - fprintf(stderr, "Error verifying SCTs\n"); + if (!TEST_int_ge(SCT_LIST_validate(scts, policy_ctx), 0)) return 0; - } for (i = 0; i < sk_SCT_num(scts); ++i) { SCT *sct_i = sk_SCT_value(scts, i); + switch (SCT_get_validation_status(sct_i)) { case SCT_VALIDATION_STATUS_VALID: ++valid_sct_count; @@ -248,31 +214,28 @@ static int assert_validity(CT_TEST_FIXTURE fixture, case SCT_VALIDATION_STATUS_INVALID: ++invalid_sct_count; break; - default: + case SCT_VALIDATION_STATUS_NOT_SET: + case SCT_VALIDATION_STATUS_UNKNOWN_LOG: + case SCT_VALIDATION_STATUS_UNVERIFIED: + case SCT_VALIDATION_STATUS_UNKNOWN_VERSION: /* Ignore other validation statuses. */ break; } } - if (valid_sct_count != fixture.expected_valid_sct_count) { + if (!TEST_int_eq(valid_sct_count, fixture->expected_valid_sct_count)) { int unverified_sct_count = sk_SCT_num(scts) - - invalid_sct_count - valid_sct_count; - - fprintf(stderr, - "%d SCTs failed verification\n" - "%d SCTs passed verification (%d expected)\n" - "%d SCTs were unverified\n", - invalid_sct_count, - valid_sct_count, - fixture.expected_valid_sct_count, - unverified_sct_count); + invalid_sct_count - valid_sct_count; + + TEST_info("%d SCTs failed, %d SCTs unverified", + invalid_sct_count, unverified_sct_count); return 0; } return 1; } -static int execute_cert_test(CT_TEST_FIXTURE fixture) +static int execute_cert_test(CT_TEST_FIXTURE *fixture) { int success = 0; X509 *cert = NULL, *issuer = NULL; @@ -284,115 +247,90 @@ static int execute_cert_test(CT_TEST_FIXTURE fixture) size_t tls_sct_list_len = 0; CT_POLICY_EVAL_CTX *ct_policy_ctx = CT_POLICY_EVAL_CTX_new(); - if (fixture.sct_text_file != NULL) { - sct_text_len = read_text_file(fixture.sct_dir, fixture.sct_text_file, + if (fixture->sct_text_file != NULL) { + sct_text_len = read_text_file(fixture->sct_dir, fixture->sct_text_file, expected_sct_text, CT_TEST_MAX_FILE_SIZE - 1); - if (sct_text_len < 0) { - fprintf(stderr, "Test data file not found: %s\n", - fixture.sct_text_file); + if (!TEST_int_ge(sct_text_len, 0)) goto end; - } - expected_sct_text[sct_text_len] = '\0'; } CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE( - ct_policy_ctx, fixture.ctlog_store); + ct_policy_ctx, fixture->ctlog_store); - CT_POLICY_EVAL_CTX_set_time(ct_policy_ctx, fixture.epoch_time_in_ms); + CT_POLICY_EVAL_CTX_set_time(ct_policy_ctx, fixture->epoch_time_in_ms); - if (fixture.certificate_file != NULL) { + if (fixture->certificate_file != NULL) { int sct_extension_index; + int i; X509_EXTENSION *sct_extension = NULL; - cert = load_pem_cert(fixture.certs_dir, fixture.certificate_file); - if (cert == NULL) { - fprintf(stderr, "Unable to load certificate: %s\n", - fixture.certificate_file); + if (!TEST_ptr(cert = load_pem_cert(fixture->certs_dir, + fixture->certificate_file))) goto end; - } CT_POLICY_EVAL_CTX_set1_cert(ct_policy_ctx, cert); - if (fixture.issuer_file != NULL) { - issuer = load_pem_cert(fixture.certs_dir, fixture.issuer_file); - - if (issuer == NULL) { - fprintf(stderr, "Unable to load issuer certificate: %s\n", - fixture.issuer_file); + if (fixture->issuer_file != NULL) { + if (!TEST_ptr(issuer = load_pem_cert(fixture->certs_dir, + fixture->issuer_file))) goto end; - } - CT_POLICY_EVAL_CTX_set1_issuer(ct_policy_ctx, issuer); } sct_extension_index = X509_get_ext_by_NID(cert, NID_ct_precert_scts, -1); sct_extension = X509_get_ext(cert, sct_extension_index); - if (fixture.expected_sct_count > 0) { - if (sct_extension == NULL) { - fprintf(stderr, "SCT extension not found in: %s\n", - fixture.certificate_file); + if (fixture->expected_sct_count > 0) { + if (!TEST_ptr(sct_extension)) goto end; - } - if (fixture.sct_text_file - && compare_extension_printout(sct_extension, - expected_sct_text)) { + if (fixture->sct_text_file + && !compare_extension_printout(sct_extension, + expected_sct_text)) goto end; - } - - if (fixture.test_validity) { - int i; - scts = X509V3_EXT_d2i(sct_extension); - for (i = 0; i < sk_SCT_num(scts); ++i) { - SCT *sct_i = sk_SCT_value(scts, i); + scts = X509V3_EXT_d2i(sct_extension); + for (i = 0; i < sk_SCT_num(scts); ++i) { + SCT *sct_i = sk_SCT_value(scts, i); - if (!SCT_set_source(sct_i, SCT_SOURCE_X509V3_EXTENSION)) { - fprintf(stderr, - "Error setting SCT source to X509v3 extension\n"); - goto end; - } + if (!TEST_int_eq(SCT_get_source(sct_i), + SCT_SOURCE_X509V3_EXTENSION)) { + goto end; } + } + if (fixture->test_validity) { if (!assert_validity(fixture, scts, ct_policy_ctx)) goto end; } - } else if (sct_extension != NULL) { - fprintf(stderr, - "Expected no SCTs, but found SCT extension in: %s\n", - fixture.certificate_file); + } else if (!TEST_ptr_null(sct_extension)) { goto end; } } - if (fixture.tls_sct_list != NULL) { - const unsigned char *p = fixture.tls_sct_list; - if (o2i_SCT_LIST(&scts, &p, fixture.tls_sct_list_len) == NULL) { - fprintf(stderr, "Failed to decode SCTs from TLS format\n"); + if (fixture->tls_sct_list != NULL) { + const unsigned char *p = fixture->tls_sct_list; + + if (!TEST_ptr(o2i_SCT_LIST(&scts, &p, fixture->tls_sct_list_len))) goto end; - } - if (fixture.test_validity && cert != NULL) { + if (fixture->test_validity && cert != NULL) { if (!assert_validity(fixture, scts, ct_policy_ctx)) goto end; } - if (fixture.sct_text_file - && compare_sct_list_printout(scts, expected_sct_text)) { + if (fixture->sct_text_file + && !compare_sct_list_printout(scts, expected_sct_text)) { goto end; } tls_sct_list_len = i2o_SCT_LIST(scts, &tls_sct_list); - if (tls_sct_list_len != fixture.tls_sct_list_len || - memcmp(fixture.tls_sct_list, tls_sct_list, tls_sct_list_len) != 0) { - fprintf(stderr, - "Failed to encode SCTs into TLS format correctly\n"); + if (!TEST_mem_eq(fixture->tls_sct_list, fixture->tls_sct_list_len, + tls_sct_list, tls_sct_list_len)) goto end; - } } success = 1; @@ -406,79 +344,97 @@ static int execute_cert_test(CT_TEST_FIXTURE fixture) return success; } -#define SETUP_CT_TEST_FIXTURE() SETUP_TEST_FIXTURE(CT_TEST_FIXTURE, set_up) -#define EXECUTE_CT_TEST() EXECUTE_TEST(execute_cert_test, tear_down) +# define SETUP_CT_TEST_FIXTURE() SETUP_TEST_FIXTURE(CT_TEST_FIXTURE, set_up) +# define EXECUTE_CT_TEST() EXECUTE_TEST(execute_cert_test, tear_down) -static int test_no_scts_in_certificate() +static int test_no_scts_in_certificate(void) { SETUP_CT_TEST_FIXTURE(); - fixture.certs_dir = certs_dir; - fixture.certificate_file = "leaf.pem"; - fixture.issuer_file = "subinterCA.pem"; - fixture.expected_sct_count = 0; + if (fixture == NULL) + return 0; + fixture->certs_dir = certs_dir; + fixture->certificate_file = "leaf.pem"; + fixture->issuer_file = "subinterCA.pem"; + fixture->expected_sct_count = 0; EXECUTE_CT_TEST(); + return result; } -static int test_one_sct_in_certificate() +static int test_one_sct_in_certificate(void) { SETUP_CT_TEST_FIXTURE(); - fixture.certs_dir = certs_dir; - fixture.certificate_file = "embeddedSCTs1.pem"; - fixture.issuer_file = "embeddedSCTs1_issuer.pem"; - fixture.expected_sct_count = 1; - fixture.sct_dir = certs_dir; - fixture.sct_text_file = "embeddedSCTs1.sct"; + if (fixture == NULL) + return 0; + fixture->certs_dir = certs_dir; + fixture->certificate_file = "embeddedSCTs1.pem"; + fixture->issuer_file = "embeddedSCTs1_issuer.pem"; + fixture->expected_sct_count = 1; + fixture->sct_dir = certs_dir; + fixture->sct_text_file = "embeddedSCTs1.sct"; EXECUTE_CT_TEST(); + return result; } -static int test_multiple_scts_in_certificate() +static int test_multiple_scts_in_certificate(void) { SETUP_CT_TEST_FIXTURE(); - fixture.certs_dir = certs_dir; - fixture.certificate_file = "embeddedSCTs3.pem"; - fixture.issuer_file = "embeddedSCTs3_issuer.pem"; - fixture.expected_sct_count = 3; - fixture.sct_dir = certs_dir; - fixture.sct_text_file = "embeddedSCTs3.sct"; + if (fixture == NULL) + return 0; + fixture->certs_dir = certs_dir; + fixture->certificate_file = "embeddedSCTs3.pem"; + fixture->issuer_file = "embeddedSCTs3_issuer.pem"; + fixture->expected_sct_count = 3; + fixture->sct_dir = certs_dir; + fixture->sct_text_file = "embeddedSCTs3.sct"; EXECUTE_CT_TEST(); + return result; } -static int test_verify_one_sct() +static int test_verify_one_sct(void) { SETUP_CT_TEST_FIXTURE(); - fixture.certs_dir = certs_dir; - fixture.certificate_file = "embeddedSCTs1.pem"; - fixture.issuer_file = "embeddedSCTs1_issuer.pem"; - fixture.expected_sct_count = fixture.expected_valid_sct_count = 1; - fixture.test_validity = 1; + if (fixture == NULL) + return 0; + fixture->certs_dir = certs_dir; + fixture->certificate_file = "embeddedSCTs1.pem"; + fixture->issuer_file = "embeddedSCTs1_issuer.pem"; + fixture->expected_sct_count = fixture->expected_valid_sct_count = 1; + fixture->test_validity = 1; EXECUTE_CT_TEST(); + return result; } -static int test_verify_multiple_scts() +static int test_verify_multiple_scts(void) { SETUP_CT_TEST_FIXTURE(); - fixture.certs_dir = certs_dir; - fixture.certificate_file = "embeddedSCTs3.pem"; - fixture.issuer_file = "embeddedSCTs3_issuer.pem"; - fixture.expected_sct_count = fixture.expected_valid_sct_count = 3; - fixture.test_validity = 1; + if (fixture == NULL) + return 0; + fixture->certs_dir = certs_dir; + fixture->certificate_file = "embeddedSCTs3.pem"; + fixture->issuer_file = "embeddedSCTs3_issuer.pem"; + fixture->expected_sct_count = fixture->expected_valid_sct_count = 3; + fixture->test_validity = 1; EXECUTE_CT_TEST(); + return result; } -static int test_verify_fails_for_future_sct() +static int test_verify_fails_for_future_sct(void) { SETUP_CT_TEST_FIXTURE(); - fixture.epoch_time_in_ms = 1365094800000; /* Apr 4 17:00:00 2013 GMT */ - fixture.certs_dir = certs_dir; - fixture.certificate_file = "embeddedSCTs1.pem"; - fixture.issuer_file = "embeddedSCTs1_issuer.pem"; - fixture.expected_sct_count = 1; - fixture.expected_valid_sct_count = 0; - fixture.test_validity = 1; + if (fixture == NULL) + return 0; + fixture->epoch_time_in_ms = 1365094800000; /* Apr 4 17:00:00 2013 GMT */ + fixture->certs_dir = certs_dir; + fixture->certificate_file = "embeddedSCTs1.pem"; + fixture->issuer_file = "embeddedSCTs1_issuer.pem"; + fixture->expected_sct_count = 1; + fixture->expected_valid_sct_count = 0; + fixture->test_validity = 1; EXECUTE_CT_TEST(); + return result; } -static int test_decode_tls_sct() +static int test_decode_tls_sct(void) { const unsigned char tls_sct_list[] = "\x00\x78" /* length of list */ "\x00\x76" @@ -499,14 +455,17 @@ static int test_decode_tls_sct() "\xED\xBF\x08"; SETUP_CT_TEST_FIXTURE(); - fixture.tls_sct_list = tls_sct_list; - fixture.tls_sct_list_len = 0x7a; - fixture.sct_dir = ct_dir; - fixture.sct_text_file = "tls1.sct"; + if (fixture == NULL) + return 0; + fixture->tls_sct_list = tls_sct_list; + fixture->tls_sct_list_len = 0x7a; + fixture->sct_dir = ct_dir; + fixture->sct_text_file = "tls1.sct"; EXECUTE_CT_TEST(); + return result; } -static int test_encode_tls_sct() +static int test_encode_tls_sct(void) { const char log_id[] = "3xwuwRUAlFJHqWFoMl3cXHlZ6PfG04j8AC4LvT9012Q="; const uint64_t timestamp = 1; @@ -516,29 +475,28 @@ static int test_encode_tls_sct() SCT *sct = NULL; SETUP_CT_TEST_FIXTURE(); + if (fixture == NULL) + return 0; - fixture.sct_list = sk_SCT_new_null(); - sct = SCT_new_from_base64(SCT_VERSION_V1, log_id, - CT_LOG_ENTRY_TYPE_X509, timestamp, - extensions, signature); + fixture->sct_list = sk_SCT_new_null(); + if (!TEST_ptr(sct = SCT_new_from_base64(SCT_VERSION_V1, log_id, + CT_LOG_ENTRY_TYPE_X509, timestamp, + extensions, signature))) - if (sct == NULL) { - tear_down(fixture); - fprintf(stderr, "Failed to create SCT from base64-encoded test data\n"); return 0; - } - sk_SCT_push(fixture.sct_list, sct); - fixture.sct_dir = ct_dir; - fixture.sct_text_file = "tls1.sct"; + sk_SCT_push(fixture->sct_list, sct); + fixture->sct_dir = ct_dir; + fixture->sct_text_file = "tls1.sct"; EXECUTE_CT_TEST(); + return result; } /* * Tests that the CT_POLICY_EVAL_CTX default time is approximately now. * Allow +-10 minutes, as it may compensate for clock skew. */ -static int test_default_ct_policy_eval_ctx_time_is_now() +static int test_default_ct_policy_eval_ctx_time_is_now(void) { int success = 0; CT_POLICY_EVAL_CTX *ct_policy_ctx = CT_POLICY_EVAL_CTX_new(); @@ -546,11 +504,9 @@ static int test_default_ct_policy_eval_ctx_time_is_now() (time_t)(CT_POLICY_EVAL_CTX_get_time(ct_policy_ctx) / 1000); const time_t time_tolerance = 600; /* 10 minutes */ - if (fabs(difftime(time(NULL), default_time)) > time_tolerance) { - fprintf(stderr, - "Default CT_POLICY_EVAL_CTX time is not approximately now.\n"); + if (!TEST_time_t_le(abs((int)difftime(time(NULL), default_time)), + time_tolerance)) goto end; - } success = 1; end: @@ -558,20 +514,28 @@ static int test_default_ct_policy_eval_ctx_time_is_now() return success; } -int main(int argc, char *argv[]) +static int test_ctlog_from_base64(void) { - int result = 0; - char *tmp_env = NULL; - - tmp_env = getenv("OPENSSL_DEBUG_MEMORY"); - if (tmp_env != NULL && strcmp(tmp_env, "on") == 0) - CRYPTO_set_mem_debug(1); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + CTLOG *ctlogp = NULL; + const char notb64[] = "\01\02\03\04"; + const char pad[] = "===="; + const char name[] = "name"; + + /* We expect these to both fail! */ + if (!TEST_true(!CTLOG_new_from_base64(&ctlogp, notb64, name)) + || !TEST_true(!CTLOG_new_from_base64(&ctlogp, pad, name))) + return 0; + return 1; +} +#endif - tmp_env = getenv("CT_DIR"); - ct_dir = OPENSSL_strdup(tmp_env != NULL ? tmp_env : "ct"); - tmp_env = getenv("CERTS_DIR"); - certs_dir = OPENSSL_strdup(tmp_env != NULL ? tmp_env : "certs"); +int setup_tests(void) +{ +#ifndef OPENSSL_NO_CT + if ((ct_dir = getenv("CT_DIR")) == NULL) + ct_dir = "ct"; + if ((certs_dir = getenv("CERTS_DIR")) == NULL) + certs_dir = "certs"; ADD_TEST(test_no_scts_in_certificate); ADD_TEST(test_one_sct_in_certificate); @@ -582,26 +546,9 @@ int main(int argc, char *argv[]) ADD_TEST(test_decode_tls_sct); ADD_TEST(test_encode_tls_sct); ADD_TEST(test_default_ct_policy_eval_ctx_time_is_now); - - result = run_tests(argv[0]); - ERR_print_errors_fp(stderr); - - OPENSSL_free(ct_dir); - OPENSSL_free(certs_dir); - -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - if (CRYPTO_mem_leaks_fp(stderr) <= 0) - result = 1; + ADD_TEST(test_ctlog_from_base64); +#else + printf("No CT support\n"); #endif - - return result; -} - -#else /* OPENSSL_NO_CT */ - -int main(int argc, char* argv[]) -{ - return EXIT_SUCCESS; + return 1; } - -#endif /* OPENSSL_NO_CT */ diff --git a/deps/openssl/openssl/test/d2i_test.c b/deps/openssl/openssl/test/d2i_test.c index 527427009702b1..afea2dcb9f3dde 100644 --- a/deps/openssl/openssl/test/d2i_test.c +++ b/deps/openssl/openssl/test/d2i_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -20,10 +20,7 @@ #include #include #include -#ifndef OPENSSL_NO_CMS -# include -#endif -#include "e_os.h" +#include "internal/nelem.h" static const ASN1_ITEM *item_type; static const char *test_file; @@ -44,18 +41,7 @@ typedef struct { static expected_error_t expected_error = ASN1_UNKNOWN; -typedef struct d2i_test_fixture { - const char *test_case_name; -} D2I_TEST_FIXTURE; - -static D2I_TEST_FIXTURE set_up(const char *const test_case_name) -{ - D2I_TEST_FIXTURE fixture; - fixture.test_case_name = test_case_name; - return fixture; -} - -static int execute_test(D2I_TEST_FIXTURE fixture) +static int test_bad_asn1(void) { BIO *bio = NULL; ASN1_VALUE *value = NULL; @@ -66,12 +52,12 @@ static int execute_test(D2I_TEST_FIXTURE fixture) int derlen; int len; - if ((bio = BIO_new_file(test_file, "r")) == NULL) + bio = BIO_new_file(test_file, "r"); + if (!TEST_ptr(bio)) return 0; if (expected_error == ASN1_BIO) { - value = ASN1_item_d2i_bio(item_type, bio, NULL); - if (value == NULL) + if (TEST_ptr_null(ASN1_item_d2i_bio(item_type, bio, NULL))) ret = 1; goto err; } @@ -82,12 +68,12 @@ static int execute_test(D2I_TEST_FIXTURE fixture) * decoder is called. */ len = BIO_read(bio, buf, sizeof(buf)); - if (len < 0) + if (!TEST_int_ge(len, 0)) goto err; value = ASN1_item_d2i(NULL, &buf_ptr, len, item_type); if (value == NULL) { - if (expected_error == ASN1_DECODE) + if (TEST_int_eq(expected_error, ASN1_DECODE)) ret = 1; goto err; } @@ -95,23 +81,24 @@ static int execute_test(D2I_TEST_FIXTURE fixture) derlen = ASN1_item_i2d(value, &der, item_type); if (der == NULL || derlen < 0) { - if (expected_error == ASN1_ENCODE) + if (TEST_int_eq(expected_error, ASN1_ENCODE)) ret = 1; goto err; } if (derlen != len || memcmp(der, buf, derlen) != 0) { - if (expected_error == ASN1_COMPARE) + if (TEST_int_eq(expected_error, ASN1_COMPARE)) ret = 1; goto err; } - if (expected_error == ASN1_OK) + if (TEST_int_eq(expected_error, ASN1_OK)) ret = 1; err: /* Don't indicate success for memory allocation errors */ - if (ret == 1 && ERR_GET_REASON(ERR_peek_error()) == ERR_R_MALLOC_FAILURE) + if (ret == 1 + && !TEST_false(ERR_GET_REASON(ERR_peek_error()) == ERR_R_MALLOC_FAILURE)) ret = 0; BIO_free(bio); OPENSSL_free(der); @@ -119,44 +106,16 @@ static int execute_test(D2I_TEST_FIXTURE fixture) return ret; } -static void tear_down(D2I_TEST_FIXTURE fixture) -{ - ERR_print_errors_fp(stderr); -} - -#define SETUP_D2I_TEST_FIXTURE() \ - SETUP_TEST_FIXTURE(D2I_TEST_FIXTURE, set_up) - -#define EXECUTE_D2I_TEST() \ - EXECUTE_TEST(execute_test, tear_down) - -static int test_bad_asn1() -{ - SETUP_D2I_TEST_FIXTURE(); - EXECUTE_D2I_TEST(); -} - /* - * Usage: d2i_test , e.g. + * Usage: d2i_test , e.g. * d2i_test generalname bad_generalname.der */ -int main(int argc, char **argv) +int setup_tests(void) { - int result = 0; const char *test_type_name; const char *expected_error_string; - const char *p = getenv("OPENSSL_DEBUG_MEMORY"); size_t i; - static ASN1_ITEM_EXP *items[] = { - ASN1_ITEM_ref(ASN1_ANY), - ASN1_ITEM_ref(X509), - ASN1_ITEM_ref(GENERAL_NAME), - ASN1_ITEM_ref(ASN1_INTEGER), -#ifndef OPENSSL_NO_CMS - ASN1_ITEM_ref(CMS_ContentInfo) -#endif - }; static error_enum expected_errors[] = { {"OK", ASN1_OK}, @@ -166,35 +125,26 @@ int main(int argc, char **argv) {"compare", ASN1_COMPARE} }; - if (p != NULL && strcmp(p, "on") == 0) - CRYPTO_set_mem_debug(1); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - - if (argc != 4) { - fprintf(stderr, - "Usage: d2i_test item_name expected_error file.der\n"); - return 1; + if (!TEST_ptr(test_type_name = test_get_argument(0)) + || !TEST_ptr(expected_error_string = test_get_argument(1)) + || !TEST_ptr(test_file = test_get_argument(2))) { + TEST_note("Usage: d2i_test item_name expected_error file.der"); + return 0; } - test_type_name = argv[1]; - expected_error_string = argv[2]; - test_file = argv[3]; + item_type = ASN1_ITEM_lookup(test_type_name); - for (i = 0; i < OSSL_NELEM(items); i++) { - const ASN1_ITEM *it = ASN1_ITEM_ptr(items[i]); - if (strcmp(test_type_name, it->sname) == 0) { - item_type = it; - break; - } - } if (item_type == NULL) { - fprintf(stderr, "Unknown type %s\n", test_type_name); - fprintf(stderr, "Supported types:\n"); - for (i = 0; i < OSSL_NELEM(items); i++) { - const ASN1_ITEM *it = ASN1_ITEM_ptr(items[i]); - fprintf(stderr, "\t%s\n", it->sname); + TEST_error("Unknown type %s", test_type_name); + TEST_note("Supported types:"); + for (i = 0;; i++) { + const ASN1_ITEM *it = ASN1_ITEM_get(i); + + if (it == NULL) + break; + TEST_note("\t%s", it->sname); } - return 1; + return 0; } for (i = 0; i < OSSL_NELEM(expected_errors); i++) { @@ -205,18 +155,10 @@ int main(int argc, char **argv) } if (expected_error == ASN1_UNKNOWN) { - fprintf(stderr, "Unknown expected error %s\n", expected_error_string); - return 1; + TEST_error("Unknown expected error %s\n", expected_error_string); + return 0; } ADD_TEST(test_bad_asn1); - - result = run_tests(argv[0]); - -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - if (CRYPTO_mem_leaks_fp(stderr) <= 0) - result = 1; -#endif - - return result; + return 1; } diff --git a/deps/openssl/openssl/test/danetest.c b/deps/openssl/openssl/test/danetest.c index 7fa6a2f44f1138..54a79ab51fefce 100644 --- a/deps/openssl/openssl/test/danetest.c +++ b/deps/openssl/openssl/test/danetest.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -22,12 +22,15 @@ #ifndef OPENSSL_NO_ENGINE #include #endif +#include "testutil.h" -#include "../e_os.h" +#include "internal/nelem.h" #define _UC(c) ((unsigned char)(c)) -static const char *progname; +static const char *basedomain; +static const char *CAfile; +static const char *tlsafile; /* * Forward declaration, of function that uses internal interfaces, from headers @@ -49,44 +52,22 @@ static int restore_errno(void) return ret; } -static void test_usage(void) -{ - fprintf(stderr, "usage: %s: danetest basedomain CAfile tlsafile\n", progname); -} - -static void print_errors(void) -{ - unsigned long err; - char buffer[1024]; - const char *file; - const char *data; - int line; - int flags; - - while ((err = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0) { - ERR_error_string_n(err, buffer, sizeof(buffer)); - if (flags & ERR_TXT_STRING) - fprintf(stderr, "Error: %s:%s:%d:%s\n", buffer, file, line, data); - else - fprintf(stderr, "Error: %s:%s:%d\n", buffer, file, line); - } -} - static int verify_chain(SSL *ssl, STACK_OF(X509) *chain) { - int ret = -1; - X509_STORE_CTX *store_ctx; - SSL_CTX *ssl_ctx = SSL_get_SSL_CTX(ssl); - X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx); + X509_STORE_CTX *store_ctx = NULL; + SSL_CTX *ssl_ctx = NULL; + X509_STORE *store = NULL; + X509 *cert = NULL; + int ret = 0; int store_ctx_idx = SSL_get_ex_data_X509_STORE_CTX_idx(); - X509 *cert = sk_X509_value(chain, 0); - if ((store_ctx = X509_STORE_CTX_new()) == NULL) - return -1; - - if (!X509_STORE_CTX_init(store_ctx, store, cert, chain)) - goto end; - if (!X509_STORE_CTX_set_ex_data(store_ctx, store_ctx_idx, ssl)) + if (!TEST_ptr(store_ctx = X509_STORE_CTX_new()) + || !TEST_ptr(ssl_ctx = SSL_get_SSL_CTX(ssl)) + || !TEST_ptr(store = SSL_CTX_get_cert_store(ssl_ctx)) + || !TEST_ptr(cert = sk_X509_value(chain, 0)) + || !TEST_true(X509_STORE_CTX_init(store_ctx, store, cert, chain)) + || !TEST_true(X509_STORE_CTX_set_ex_data(store_ctx, store_ctx_idx, + ssl))) goto end; X509_STORE_CTX_set_default(store_ctx, @@ -95,17 +76,19 @@ static int verify_chain(SSL *ssl, STACK_OF(X509) *chain) SSL_get0_param(ssl)); store_ctx_dane_init(store_ctx, ssl); - if (SSL_get_verify_callback(ssl)) + if (SSL_get_verify_callback(ssl) != NULL) X509_STORE_CTX_set_verify_cb(store_ctx, SSL_get_verify_callback(ssl)); - ret = X509_verify_cert(store_ctx); + /* Mask "internal failures" (-1) from our return value. */ + if (!TEST_int_ge(ret = X509_verify_cert(store_ctx), 0)) + ret = 0; SSL_set_verify_result(ssl, X509_STORE_CTX_get_error(store_ctx)); X509_STORE_CTX_cleanup(store_ctx); + end: X509_STORE_CTX_free(store_ctx); - - return (ret); + return ret; } static STACK_OF(X509) *load_chain(BIO *fp, int nelem) @@ -119,46 +102,39 @@ static STACK_OF(X509) *load_chain(BIO *fp, int nelem) STACK_OF(X509) *chain; typedef X509 *(*d2i_X509_t)(X509 **, const unsigned char **, long); - if ((chain = sk_X509_new_null()) == 0) { - perror("malloc"); - exit(1); - } + if (!TEST_ptr(chain = sk_X509_new_null())) + goto err; for (count = 0; count < nelem && errtype == 0 - && PEM_read_bio(fp, &name, &header, &data, &len); + && PEM_read_bio(fp, &name, &header, &data, &len) == 1; ++count) { - const unsigned char *p = data; - if (strcmp(name, PEM_STRING_X509) == 0 - || strcmp(name, PEM_STRING_X509_TRUSTED) == 0 - || strcmp(name, PEM_STRING_X509_OLD) == 0) { - d2i_X509_t d = strcmp(name, PEM_STRING_X509_TRUSTED) ? - d2i_X509_AUX : d2i_X509; - X509 *cert = d(0, &p, len); - - if (cert == 0 || (p - data) != len) - errtype = "certificate"; - else if (sk_X509_push(chain, cert) == 0) { - perror("malloc"); + || strcmp(name, PEM_STRING_X509_TRUSTED) == 0 + || strcmp(name, PEM_STRING_X509_OLD) == 0) { + d2i_X509_t d = strcmp(name, PEM_STRING_X509_TRUSTED) != 0 + ? d2i_X509_AUX : d2i_X509; + X509 *cert; + const unsigned char *p = data; + + if (!TEST_ptr(cert = d(0, &p, len)) + || !TEST_long_eq(p - data, len)) { + TEST_info("Certificate parsing error"); goto err; } + + if (!TEST_true(sk_X509_push(chain, cert))) + goto err; } else { - fprintf(stderr, "unexpected chain file object: %s\n", name); + TEST_info("Unknown chain file object %s", name); goto err; } - /* - * If any of these were null, PEM_read() would have failed. - */ OPENSSL_free(name); OPENSSL_free(header); OPENSSL_free(data); - } - - if (errtype) { - fprintf(stderr, "error reading: malformed %s\n", errtype); - goto err; + name = header = NULL; + data = NULL; } if (count == nelem) { @@ -167,9 +143,10 @@ static STACK_OF(X509) *load_chain(BIO *fp, int nelem) } err: - /* Some other PEM read error */ + OPENSSL_free(name); + OPENSSL_free(header); + OPENSSL_free(data); sk_X509_pop_free(chain, X509_free); - print_errors(); return NULL; } @@ -182,18 +159,16 @@ static char *read_to_eol(BIO *f) return NULL; n = strlen(buf); - - if (buf[n-1] != '\n') { - if (n+1 == sizeof(buf)) { - fprintf(stderr, "%s: warning: input too long\n", progname); - } else { - fprintf(stderr, "%s: warning: EOF before newline\n", progname); - } + if (buf[n - 1] != '\n') { + if (n + 1 == sizeof(buf)) + TEST_error("input too long"); + else + TEST_error("EOF before newline"); return NULL; } /* Trim trailing whitespace */ - while (n > 0 && isspace(_UC(buf[n-1]))) + while (n > 0 && isspace(_UC(buf[n - 1]))) buf[--n] = '\0'; return buf; @@ -205,13 +180,14 @@ static char *read_to_eol(BIO *f) static ossl_ssize_t hexdecode(const char *in, void *result) { unsigned char **out = (unsigned char **)result; - unsigned char *ret = OPENSSL_malloc(strlen(in)/2); - unsigned char *cp = ret; + unsigned char *ret; + unsigned char *cp; uint8_t byte; int nibble = 0; - if (ret == NULL) + if (!TEST_ptr(ret = OPENSSL_malloc(strlen(in) / 2))) return -1; + cp = ret; for (byte = 0; *in; ++in) { int x; @@ -287,25 +263,22 @@ static int tlsa_import_rr(SSL *ssl, const char *rrdata) for (f = tlsa_fields; f->var; ++f) { if ((len = f->parser(cp += len, f->var)) <= 0) { - fprintf(stderr, "%s: warning: bad TLSA %s field in: %s\n", - progname, f->name, rrdata); + TEST_info("bad TLSA %s field in: %s", f->name, rrdata); return 0; } } + ret = SSL_dane_tlsa_add(ssl, usage, selector, mtype, data, len); OPENSSL_free(data); - if (ret == 0) { - print_errors(); - fprintf(stderr, "%s: warning: unusable TLSA rrdata: %s\n", - progname, rrdata); + TEST_info("unusable TLSA rrdata: %s", rrdata); return 0; } if (ret < 0) { - fprintf(stderr, "%s: warning: error loading TLSA rrdata: %s\n", - progname, rrdata); + TEST_info("error loading TLSA rrdata: %s", rrdata); return 0; } + return ret; } @@ -345,17 +318,16 @@ static int test_tlsafile(SSL_CTX *ctx, const char *base_name, if (sscanf(line, "%d %d %d %d %d%n", &ntlsa, &ncert, &noncheck, &want, &want_depth, &off) != 5 || !allws(line + off)) { - fprintf(stderr, "Expected tlsa count, cert count and result" - " at test %d of %s\n", testno, path); + TEST_error("Malformed line for test %d", testno); return 0; } - if ((ssl = SSL_new(ctx)) == NULL) - return -1; + if (!TEST_ptr(ssl = SSL_new(ctx))) + return 0; SSL_set_connect_state(ssl); if (SSL_dane_enable(ssl, base_name) <= 0) { SSL_free(ssl); - return -1; + return 0; } if (noncheck) SSL_dane_set_flags(ssl, DANE_FLAG_NO_DANE_EE_NAMECHECKS); @@ -369,10 +341,9 @@ static int test_tlsafile(SSL_CTX *ctx, const char *base_name, /* Don't report old news */ ERR_clear_error(); - chain = load_chain(f, ncert); - if (chain == NULL) { + if (!TEST_ptr(chain = load_chain(f, ncert))) { SSL_free(ssl); - return -1; + return 0; } ok = verify_chain(ssl, chain); @@ -389,114 +360,69 @@ static int test_tlsafile(SSL_CTX *ctx, const char *base_name, SSL_set_verify_result(ssl, err); SSL_free(ssl); - if (ok < 0) { + if (!TEST_int_eq(err, want)) { + if (want == X509_V_OK) + TEST_info("Verification failure in test %d: %d=%s", + testno, err, X509_verify_cert_error_string(err)); + else + TEST_info("Unexpected error in test %d", testno); ret = 0; - fprintf(stderr, "verify_chain internal error in %s test %d\n", - path, testno); - print_errors(); continue; } - if (err != want || (want == 0 && !ok)) { + if (!TEST_false(want == 0 && ok == 0)) { + TEST_info("Verification failure in test %d: ok=0", testno); ret = 0; - if (err != want) { - if (want == X509_V_OK) - fprintf(stderr, "Verification failure in %s test %d: %d: %s\n", - path, testno, err, X509_verify_cert_error_string(err)); - else - fprintf(stderr, "Unexpected error in %s test %d: %d: wanted %d\n", - path, testno, err, want); - } else { - fprintf(stderr, "Verification failure in %s test %d: ok=0\n", - path, testno); - } - print_errors(); continue; } - if (mdpth != want_depth) { + if (!TEST_int_eq(mdpth, want_depth)) { + TEST_info("In test test %d", testno); ret = 0; - fprintf(stderr, "Wrong match depth, in %s test %d: wanted %d, got: %d\n", - path, testno, want_depth, mdpth); } - fprintf(stderr, "%s: test %d successful\n", path, testno); } ERR_clear_error(); return ret; } -int main(int argc, char *argv[]) +static int run_tlsatest(void) { - BIO *f; - BIO *bio_err; SSL_CTX *ctx = NULL; - const char *basedomain; - const char *CAfile; - const char *tlsafile; - const char *p; - int ret = 1; - - progname = argv[0]; - if (argc != 4) { - test_usage(); - EXIT(ret); - } - basedomain = argv[1]; - CAfile = argv[2]; - tlsafile = argv[3]; - - bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); - - p = getenv("OPENSSL_DEBUG_MEMORY"); - if (p != NULL && strcmp(p, "on") == 0) - CRYPTO_set_mem_debug(1); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - - f = BIO_new_file(tlsafile, "r"); - if (f == NULL) { - fprintf(stderr, "%s: Error opening tlsa record file: '%s': %s\n", - progname, tlsafile, strerror(errno)); - EXIT(ret); - } - - ctx = SSL_CTX_new(TLS_client_method()); - if (SSL_CTX_dane_enable(ctx) <= 0) { - print_errors(); - goto end; - } - if (!SSL_CTX_load_verify_locations(ctx, CAfile, NULL)) { - print_errors(); - goto end; - } - if ((SSL_CTX_dane_mtype_set(ctx, EVP_sha512(), 2, 1)) <= 0) { - print_errors(); - goto end; - } - if ((SSL_CTX_dane_mtype_set(ctx, EVP_sha256(), 1, 2)) <= 0) { - print_errors(); + BIO *f = NULL; + int ret = 0; + + if (!TEST_ptr(f = BIO_new_file(tlsafile, "r")) + || !TEST_ptr(ctx = SSL_CTX_new(TLS_client_method())) + || !TEST_int_gt(SSL_CTX_dane_enable(ctx), 0) + || !TEST_true(SSL_CTX_load_verify_locations(ctx, CAfile, NULL)) + || !TEST_int_gt(SSL_CTX_dane_mtype_set(ctx, EVP_sha512(), 2, 1), + 0) + || !TEST_int_gt(SSL_CTX_dane_mtype_set(ctx, EVP_sha256(), 1, 2), + 0) + || !TEST_int_gt(test_tlsafile(ctx, basedomain, f, tlsafile), 0)) goto end; - } - - if (test_tlsafile(ctx, basedomain, f, tlsafile) <= 0) { - print_errors(); - goto end; - } - - ret = 0; + ret = 1; end: - BIO_free(f); SSL_CTX_free(ctx); -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - if (CRYPTO_mem_leaks(bio_err) <= 0) - ret = 1; -#endif - BIO_free(bio_err); - EXIT(ret); + return ret; +} + +int setup_tests(void) +{ + if (!TEST_ptr(basedomain = test_get_argument(0)) + || !TEST_ptr(CAfile = test_get_argument(1)) + || !TEST_ptr(tlsafile = test_get_argument(2))) { + TEST_error("Usage error: danetest basedomain CAfile tlsafile"); + return 0; + } + + ADD_TEST(run_tlsatest); + return 1; } -#include +#include "internal/dane.h" static void store_ctx_dane_init(X509_STORE_CTX *store_ctx, SSL *ssl) { diff --git a/deps/openssl/openssl/test/destest.c b/deps/openssl/openssl/test/destest.c index 84d753dde9b225..26c5f83e2ada3e 100644 --- a/deps/openssl/openssl/test/destest.c +++ b/deps/openssl/openssl/test/destest.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,34 +7,19 @@ * https://www.openssl.org/source/license.html */ -#include -#include - #include -#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINDOWS) -# ifndef OPENSSL_SYS_MSDOS -# define OPENSSL_SYS_MSDOS -# endif -#endif - -#ifndef OPENSSL_SYS_MSDOS -# if !defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_VMS_DECC) -# include OPENSSL_UNISTD -# endif -#else -# include -#endif #include -#ifdef OPENSSL_NO_DES -int main(int argc, char *argv[]) -{ - printf("No DES support\n"); - return (0); -} -#else +#include "testutil.h" + +#ifndef OPENSSL_NO_DES # include +/* In case any platform doesn't use unsigned int for its checksums */ +# define TEST_cs_eq TEST_uint_eq + +# define DATA_BUF_SIZE 20 + /* tisk tisk - the test keys don't all have odd parity :-( */ /* test data */ # define NUM_TESTS 34 @@ -298,507 +283,439 @@ static DES_LONG cbc_cksum_ret = 0xF7FE62B4L; static unsigned char cbc_cksum_data[8] = { 0x1D, 0x26, 0x93, 0x97, 0xf7, 0xfe, 0x62, 0xb4 }; -static char *pt(unsigned char *p); -static int cfb_test(int bits, unsigned char *cfb_cipher); -static int cfb64_test(unsigned char *cfb_cipher); -static int ede_cfb64_test(unsigned char *cfb_cipher); -int main(int argc, char *argv[]) +static char *pt(const unsigned char *p, char buf[DATA_BUF_SIZE]) { - int j, err = 0; - unsigned int i; - DES_cblock in, out, outin, iv3; + char *ret; + int i; + static char *f = "0123456789ABCDEF"; + + ret = &(buf[0]); + for (i = 0; i < 8; i++) { + ret[i * 2] = f[(p[i] >> 4) & 0xf]; + ret[i * 2 + 1] = f[p[i] & 0xf]; + } + ret[16] = '\0'; + return ret; +} + +static int test_des_ecb(int i) +{ + DES_key_schedule ks; + DES_cblock in, out, outin; + char b1[DATA_BUF_SIZE], b2[DATA_BUF_SIZE]; + + DES_set_key_unchecked(&key_data[i], &ks); + memcpy(in, plain_data[i], 8); + memset(out, 0, 8); + memset(outin, 0, 8); + DES_ecb_encrypt(&in, &out, &ks, DES_ENCRYPT); + DES_ecb_encrypt(&out, &outin, &ks, DES_DECRYPT); + + if (!TEST_mem_eq(out, 8, cipher_data[i], 8)) { + TEST_info("Encryption error %2d k=%s p=%s", i + 1, + pt(key_data[i], b1), pt(in, b2)); + return 0; + } + if (!TEST_mem_eq(in, 8, outin, 8)) { + TEST_info("Decryption error %2d k=%s p=%s", i + 1, + pt(key_data[i], b1), pt(out, b2)); + return 0; + } + return 1; +} + +static int test_des_ede_ecb(int i) +{ + DES_cblock in, out, outin; DES_key_schedule ks, ks2, ks3; + char b1[DATA_BUF_SIZE], b2[DATA_BUF_SIZE]; + + DES_set_key_unchecked(&key_data[i], &ks); + DES_set_key_unchecked(&key_data[i + 1], &ks2); + DES_set_key_unchecked(&key_data[i + 2], &ks3); + memcpy(in, plain_data[i], 8); + memset(out, 0, 8); + memset(outin, 0, 8); + DES_ecb3_encrypt(&in, &out, &ks, &ks2, &ks, DES_ENCRYPT); + DES_ecb3_encrypt(&out, &outin, &ks, &ks2, &ks, DES_DECRYPT); + + if (!TEST_mem_eq(out, 8, cipher_ecb2[i], 8)) { + TEST_info("Encryption error %2d k=%s p=%s", i + 1, + pt(key_data[i], b1), pt(in, b2)); + return 0; + } + if (!TEST_mem_eq(in, 8, outin, 8)) { + TEST_info("Decryption error %2d k=%s p=%s ", i + 1, + pt(key_data[i], b1), pt(out, b2)); + return 0; + } + return 1; +} + +static int test_des_cbc(void) +{ unsigned char cbc_in[40]; unsigned char cbc_out[40]; - DES_LONG cs; - unsigned char cret[8]; - DES_LONG lqret[4]; - int num; - char *str; - - printf("Doing ecb\n"); - for (i = 0; i < NUM_TESTS; i++) { - DES_set_key_unchecked(&key_data[i], &ks); - memcpy(in, plain_data[i], 8); - memset(out, 0, 8); - memset(outin, 0, 8); - DES_ecb_encrypt(&in, &out, &ks, DES_ENCRYPT); - DES_ecb_encrypt(&out, &outin, &ks, DES_DECRYPT); - - if (memcmp(out, cipher_data[i], 8) != 0) { - printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n", - i + 1, pt(key_data[i]), pt(in), pt(cipher_data[i]), - pt(out)); - err = 1; - } - if (memcmp(in, outin, 8) != 0) { - printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n", - i + 1, pt(key_data[i]), pt(out), pt(in), pt(outin)); - err = 1; - } - } - -# ifndef LIBDES_LIT - printf("Doing ede ecb\n"); - for (i = 0; i < (NUM_TESTS - 2); i++) { - DES_set_key_unchecked(&key_data[i], &ks); - DES_set_key_unchecked(&key_data[i + 1], &ks2); - DES_set_key_unchecked(&key_data[i + 2], &ks3); - memcpy(in, plain_data[i], 8); - memset(out, 0, 8); - memset(outin, 0, 8); - DES_ecb3_encrypt(&in,&out,&ks,&ks2,&ks,DES_ENCRYPT); - DES_ecb3_encrypt(&out,&outin,&ks,&ks2,&ks,DES_DECRYPT); - - if (memcmp(out, cipher_ecb2[i], 8) != 0) { - printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n", - i + 1, pt(key_data[i]), pt(in), pt(cipher_ecb2[i]), - pt(out)); - err = 1; - } - if (memcmp(in, outin, 8) != 0) { - printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n", - i + 1, pt(key_data[i]), pt(out), pt(in), pt(outin)); - err = 1; - } - } -# endif + DES_cblock iv3; + DES_key_schedule ks; + const size_t cbc_data_len = strlen((char *)cbc_data); - printf("Doing cbc\n"); - if ((j = DES_set_key_checked(&cbc_key, &ks)) != 0) { - printf("Key error %d\n", j); - err = 1; - } - memset(cbc_out, 0, 40); - memset(cbc_in, 0, 40); + if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0)) + return 0; + memset(cbc_out, 0, sizeof(cbc_out)); + memset(cbc_in, 0, sizeof(cbc_in)); memcpy(iv3, cbc_iv, sizeof(cbc_iv)); - DES_ncbc_encrypt(cbc_data, cbc_out, strlen((char *)cbc_data) + 1, &ks, + DES_ncbc_encrypt(cbc_data, cbc_out, cbc_data_len + 1, &ks, &iv3, DES_ENCRYPT); - if (memcmp(cbc_out, cbc_ok, 32) != 0) { - printf("cbc_encrypt encrypt error\n"); - err = 1; - } + if (!TEST_mem_eq(cbc_out, 32, cbc_ok, 32)) + return 0; memcpy(iv3, cbc_iv, sizeof(cbc_iv)); - DES_ncbc_encrypt(cbc_out, cbc_in, strlen((char *)cbc_data) + 1, &ks, + DES_ncbc_encrypt(cbc_out, cbc_in, cbc_data_len + 1, &ks, &iv3, DES_DECRYPT); - if (memcmp(cbc_in, cbc_data, strlen((char *)cbc_data)) != 0) { - printf("cbc_encrypt decrypt error\n"); - err = 1; - } -# ifndef LIBDES_LIT - printf("Doing desx cbc\n"); - if ((j = DES_set_key_checked(&cbc_key, &ks)) != 0) { - printf("Key error %d\n", j); - err = 1; - } - memset(cbc_out, 0, 40); - memset(cbc_in, 0, 40); + return TEST_mem_eq(cbc_in, cbc_data_len, cbc_data, cbc_data_len); +} + +static int test_des_ede_cbc(void) +{ + DES_cblock iv3; + DES_key_schedule ks; + unsigned char cbc_in[40]; + unsigned char cbc_out[40]; + const size_t n = strlen((char *)cbc_data) + 1; + + if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0)) + return 0; + memset(cbc_out, 0, sizeof(cbc_out)); + memset(cbc_in, 0, sizeof(cbc_in)); memcpy(iv3, cbc_iv, sizeof(cbc_iv)); - DES_xcbc_encrypt(cbc_data, cbc_out, strlen((char *)cbc_data) + 1, &ks, - &iv3, &cbc2_key, &cbc3_key, DES_ENCRYPT); - if (memcmp(cbc_out, xcbc_ok, 32) != 0) { - printf("des_xcbc_encrypt encrypt error\n"); - err = 1; - } + DES_xcbc_encrypt(cbc_data, cbc_out, n, &ks, &iv3, &cbc2_key, &cbc3_key, + DES_ENCRYPT); + if (!TEST_mem_eq(cbc_out, sizeof(xcbc_ok), xcbc_ok, sizeof(xcbc_ok))) + return 0; memcpy(iv3, cbc_iv, sizeof(cbc_iv)); - DES_xcbc_encrypt(cbc_out, cbc_in, strlen((char *)cbc_data) + 1, &ks, - &iv3, &cbc2_key, &cbc3_key, DES_DECRYPT); - if (memcmp(cbc_in, cbc_data, strlen((char *)cbc_data) + 1) != 0) { - printf("des_xcbc_encrypt decrypt error\n"); - err = 1; - } -# endif + DES_xcbc_encrypt(cbc_out, cbc_in, n, &ks, &iv3, &cbc2_key, &cbc3_key, + DES_DECRYPT); + return TEST_mem_eq(cbc_data, n, cbc_data, n); +} - printf("Doing ede cbc\n"); - if ((j = DES_set_key_checked(&cbc_key, &ks)) != 0) { - printf("Key error %d\n", j); - err = 1; - } - if ((j = DES_set_key_checked(&cbc2_key, &ks2)) != 0) { - printf("Key error %d\n", j); - err = 1; - } - if ((j = DES_set_key_checked(&cbc3_key, &ks3)) != 0) { - printf("Key error %d\n", j); - err = 1; - } - memset(cbc_out, 0, 40); - memset(cbc_in, 0, 40); - i = strlen((char *)cbc_data) + 1; - /* i=((i+7)/8)*8; */ +static int test_ede_cbc(void) +{ + DES_cblock iv3; + DES_key_schedule ks, ks2, ks3; + unsigned char cbc_in[40]; + unsigned char cbc_out[40]; + const size_t i = strlen((char *)cbc_data) + 1; + const size_t n = (i + 7) / 8 * 8; + + if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0)) + return 0; + if (!TEST_int_eq(DES_set_key_checked(&cbc2_key, &ks2), 0)) + return 0; + if (!TEST_int_eq(DES_set_key_checked(&cbc3_key, &ks3), 0)) + return 0; + memset(cbc_out, 0, sizeof(cbc_out)); + memset(cbc_in, 0, sizeof(cbc_in)); memcpy(iv3, cbc_iv, sizeof(cbc_iv)); DES_ede3_cbc_encrypt(cbc_data, cbc_out, 16L, &ks, &ks2, &ks3, &iv3, DES_ENCRYPT); - DES_ede3_cbc_encrypt(&(cbc_data[16]), &(cbc_out[16]), i - 16, &ks, &ks2, + DES_ede3_cbc_encrypt(&cbc_data[16], &cbc_out[16], i - 16, &ks, &ks2, &ks3, &iv3, DES_ENCRYPT); - if (memcmp - (cbc_out, cbc3_ok, - (unsigned int)(strlen((char *)cbc_data) + 1 + 7) / 8 * 8) != 0) { - unsigned int n; - - printf("des_ede3_cbc_encrypt encrypt error\n"); - for (n = 0; n < i; ++n) - printf(" %02x", cbc_out[n]); - printf("\n"); - for (n = 0; n < i; ++n) - printf(" %02x", cbc3_ok[n]); - printf("\n"); - err = 1; - } + if (!TEST_mem_eq(cbc_out, n, cbc3_ok, n)) + return 0; memcpy(iv3, cbc_iv, sizeof(cbc_iv)); - DES_ede3_cbc_encrypt(cbc_out, cbc_in, i, &ks, &ks2, &ks3, &iv3, DES_DECRYPT); - if (memcmp(cbc_in, cbc_data, strlen((char *)cbc_data) + 1) != 0) { - unsigned int n; - - printf("DES_ede3_cbc_encrypt decrypt error\n"); - for (n = 0; n < i; ++n) - printf(" %02x", cbc_data[n]); - printf("\n"); - for (n = 0; n < i; ++n) - printf(" %02x", cbc_in[n]); - printf("\n"); - err = 1; - } -# ifndef LIBDES_LIT - printf("Doing pcbc\n"); - if ((j = DES_set_key_checked(&cbc_key, &ks)) != 0) { - printf("Key error %d\n", j); - err = 1; - } - memset(cbc_out, 0, 40); - memset(cbc_in, 0, 40); - DES_pcbc_encrypt(cbc_data, cbc_out, strlen((char *)cbc_data) + 1, &ks, + DES_ede3_cbc_encrypt(cbc_out, cbc_in, i, &ks, &ks2, &ks3, &iv3, + DES_DECRYPT); + return TEST_mem_eq(cbc_in, i, cbc_data, i); +} + +static int test_input_align(int i) +{ + unsigned char cbc_out[40]; + DES_cblock iv; + DES_key_schedule ks; + const size_t n = strlen(i + (char *)cbc_data) + 1; + + memset(cbc_out, 0, sizeof(cbc_out)); + memcpy(iv, cbc_iv, sizeof(cbc_iv)); + if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0)) + return 0; + DES_ncbc_encrypt(&cbc_data[i], cbc_out, n, &ks, &iv, DES_ENCRYPT); + return 1; +} + +static int test_output_align(int i) +{ + unsigned char cbc_out[40]; + DES_cblock iv; + DES_key_schedule ks; + const size_t n = strlen((char *)cbc_data) + 1; + + memset(cbc_out, 0, sizeof(cbc_out)); + memcpy(iv, cbc_iv, sizeof(cbc_iv)); + if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0)) + return 0; + DES_ncbc_encrypt(cbc_data, &cbc_out[i], n, &ks, &iv, DES_ENCRYPT); + return 1; +} + +static int test_des_crypt(void) +{ + if (!TEST_str_eq("efGnQx2725bI2", DES_crypt("testing", "ef"))) + return 0; + if (!TEST_str_eq("yA1Rp/1hZXIJk", DES_crypt("bca76;23", "yA"))) + return 0; + + if (!TEST_ptr_null(DES_crypt("testing", "y\202"))) + return 0; + if (!TEST_ptr_null(DES_crypt("testing", "\0A"))) + return 0; + if (!TEST_ptr_null(DES_crypt("testing", "A"))) + return 0; + return 1; +} + +static int test_des_pcbc(void) +{ + unsigned char cbc_in[40]; + unsigned char cbc_out[40]; + DES_key_schedule ks; + const int n = strlen((char *)cbc_data) + 1; + + if (!TEST_int_eq(DES_set_key_checked(&cbc_key, &ks), 0)) + return 0; + memset(cbc_out, 0, sizeof(cbc_out)); + memset(cbc_in, 0, sizeof(cbc_in)); + DES_pcbc_encrypt(cbc_data, cbc_out, n, &ks, &cbc_iv, DES_ENCRYPT); - if (memcmp(cbc_out, pcbc_ok, 32) != 0) { - printf("pcbc_encrypt encrypt error\n"); - err = 1; - } - DES_pcbc_encrypt(cbc_out, cbc_in, strlen((char *)cbc_data) + 1, &ks, + if (!TEST_mem_eq(cbc_out, sizeof(pcbc_ok), pcbc_ok, sizeof(pcbc_ok))) + return 0; + DES_pcbc_encrypt(cbc_out, cbc_in, n, &ks, &cbc_iv, DES_DECRYPT); - if (memcmp(cbc_in, cbc_data, strlen((char *)cbc_data) + 1) != 0) { - printf("pcbc_encrypt decrypt error\n"); - err = 1; - } + return TEST_mem_eq(cbc_in, n, cbc_data, n); +} - printf("Doing "); - printf("cfb8 "); - err += cfb_test(8, cfb_cipher8); - printf("cfb16 "); - err += cfb_test(16, cfb_cipher16); - printf("cfb32 "); - err += cfb_test(32, cfb_cipher32); - printf("cfb48 "); - err += cfb_test(48, cfb_cipher48); - printf("cfb64 "); - err += cfb_test(64, cfb_cipher64); - - printf("cfb64() "); - err += cfb64_test(cfb_cipher64); +static int cfb_test(int bits, unsigned char *cfb_cipher) +{ + DES_key_schedule ks; + + DES_set_key_checked(&cfb_key, &ks); + memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); + DES_cfb_encrypt(plain, cfb_buf1, bits, sizeof(plain), &ks, &cfb_tmp, + DES_ENCRYPT); + if (!TEST_mem_eq(cfb_cipher, sizeof(plain), cfb_buf1, sizeof(plain))) + return 0; + memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); + DES_cfb_encrypt(cfb_buf1, cfb_buf2, bits, sizeof(plain), &ks, &cfb_tmp, + DES_DECRYPT); + return TEST_mem_eq(plain, sizeof(plain), cfb_buf2, sizeof(plain)); +} + +static int test_des_cfb8(void) +{ + return cfb_test(8, cfb_cipher8); +} + +static int test_des_cfb16(void) +{ + return cfb_test(16, cfb_cipher16); +} + +static int test_des_cfb32(void) +{ + return cfb_test(32, cfb_cipher32); +} + +static int test_des_cfb48(void) +{ + return cfb_test(48, cfb_cipher48); +} + +static int test_des_cfb64(void) +{ + DES_key_schedule ks; + int n; + size_t i; + + if (!cfb_test(64, cfb_cipher64)) + return 0; + + DES_set_key_checked(&cfb_key, &ks); + memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); + n = 0; + DES_cfb64_encrypt(plain, cfb_buf1, 12, &ks, &cfb_tmp, &n, DES_ENCRYPT); + DES_cfb64_encrypt(&plain[12], &cfb_buf1[12], sizeof(plain) - 12, &ks, + &cfb_tmp, &n, DES_ENCRYPT); + if (!TEST_mem_eq(cfb_cipher64, sizeof(plain), cfb_buf1, sizeof(plain))) + return 0; + memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); + n = 0; + DES_cfb64_encrypt(cfb_buf1, cfb_buf2, 17, &ks, &cfb_tmp, &n, DES_DECRYPT); + DES_cfb64_encrypt(&cfb_buf1[17], &cfb_buf2[17], + sizeof(plain) - 17, &ks, &cfb_tmp, &n, DES_DECRYPT); + if (!TEST_mem_eq(plain, sizeof(plain), cfb_buf2, sizeof(plain))) + return 0; memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); for (i = 0; i < sizeof(plain); i++) - DES_cfb_encrypt(&(plain[i]), &(cfb_buf1[i]), - 8, 1, &ks, &cfb_tmp, DES_ENCRYPT); - if (memcmp(cfb_cipher8, cfb_buf1, sizeof(plain)) != 0) { - printf("cfb_encrypt small encrypt error\n"); - err = 1; - } + DES_cfb_encrypt(&plain[i], &cfb_buf1[i], 8, 1, &ks, &cfb_tmp, + DES_ENCRYPT); + if (!TEST_mem_eq(cfb_cipher8, sizeof(plain), cfb_buf1, sizeof(plain))) + return 0; memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); for (i = 0; i < sizeof(plain); i++) - DES_cfb_encrypt(&(cfb_buf1[i]), &(cfb_buf2[i]), - 8, 1, &ks, &cfb_tmp, DES_DECRYPT); - if (memcmp(plain, cfb_buf2, sizeof(plain)) != 0) { - printf("cfb_encrypt small decrypt error\n"); - err = 1; - } + DES_cfb_encrypt(&cfb_buf1[i], &cfb_buf2[i], 8, 1, &ks, &cfb_tmp, + DES_DECRYPT); + return TEST_mem_eq(plain, sizeof(plain), cfb_buf2, sizeof(plain)); +} - printf("ede_cfb64() "); - err += ede_cfb64_test(cfb_cipher64); +static int test_des_ede_cfb64(void) +{ + DES_key_schedule ks; + int n; - printf("done\n"); + DES_set_key_checked(&cfb_key, &ks); + memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); + n = 0; + DES_ede3_cfb64_encrypt(plain, cfb_buf1, 12, &ks, &ks, &ks, &cfb_tmp, &n, + DES_ENCRYPT); + DES_ede3_cfb64_encrypt(&plain[12], &cfb_buf1[12], sizeof(plain) - 12, &ks, + &ks, &ks, &cfb_tmp, &n, DES_ENCRYPT); + if (!TEST_mem_eq(cfb_cipher64, sizeof(plain), cfb_buf1, sizeof(plain))) + return 0; + memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); + n = 0; + DES_ede3_cfb64_encrypt(cfb_buf1, cfb_buf2, (long)17, &ks, &ks, &ks, + &cfb_tmp, &n, DES_DECRYPT); + DES_ede3_cfb64_encrypt(&cfb_buf1[17], &cfb_buf2[17], sizeof(plain) - 17, + &ks, &ks, &ks, &cfb_tmp, &n, DES_DECRYPT); + return TEST_mem_eq(plain, sizeof(plain), cfb_buf2, sizeof(plain)); +} + +static int test_des_ofb(void) +{ + DES_key_schedule ks; - printf("Doing ofb\n"); DES_set_key_checked(&ofb_key, &ks); memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv)); DES_ofb_encrypt(plain, ofb_buf1, 64, sizeof(plain) / 8, &ks, &ofb_tmp); - if (memcmp(ofb_cipher, ofb_buf1, sizeof(ofb_buf1)) != 0) { - printf("ofb_encrypt encrypt error\n"); - printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", - ofb_buf1[8 + 0], ofb_buf1[8 + 1], ofb_buf1[8 + 2], - ofb_buf1[8 + 3], ofb_buf1[8 + 4], ofb_buf1[8 + 5], - ofb_buf1[8 + 6], ofb_buf1[8 + 7]); - printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", ofb_buf1[8 + 0], - ofb_cipher[8 + 1], ofb_cipher[8 + 2], ofb_cipher[8 + 3], - ofb_buf1[8 + 4], ofb_cipher[8 + 5], ofb_cipher[8 + 6], - ofb_cipher[8 + 7]); - err = 1; - } + if (!TEST_mem_eq(ofb_cipher, sizeof(ofb_buf1), ofb_buf1, sizeof(ofb_buf1))) + return 0; + memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv)); DES_ofb_encrypt(ofb_buf1, ofb_buf2, 64, sizeof(ofb_buf1) / 8, &ks, &ofb_tmp); - if (memcmp(plain, ofb_buf2, sizeof(ofb_buf2)) != 0) { - printf("ofb_encrypt decrypt error\n"); - printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", - ofb_buf2[8 + 0], ofb_buf2[8 + 1], ofb_buf2[8 + 2], - ofb_buf2[8 + 3], ofb_buf2[8 + 4], ofb_buf2[8 + 5], - ofb_buf2[8 + 6], ofb_buf2[8 + 7]); - printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", plain[8 + 0], - plain[8 + 1], plain[8 + 2], plain[8 + 3], plain[8 + 4], - plain[8 + 5], plain[8 + 6], plain[8 + 7]); - err = 1; - } + return TEST_mem_eq(plain, sizeof(ofb_buf2), ofb_buf2, sizeof(ofb_buf2)); +} + +static int test_des_ofb64(void) +{ + DES_key_schedule ks; + int num; + size_t i; - printf("Doing ofb64\n"); DES_set_key_checked(&ofb_key, &ks); memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv)); memset(ofb_buf1, 0, sizeof(ofb_buf1)); memset(ofb_buf2, 0, sizeof(ofb_buf1)); num = 0; for (i = 0; i < sizeof(plain); i++) { - DES_ofb64_encrypt(&(plain[i]), &(ofb_buf1[i]), 1, &ks, &ofb_tmp, &num); - } - if (memcmp(ofb_cipher, ofb_buf1, sizeof(ofb_buf1)) != 0) { - printf("ofb64_encrypt encrypt error\n"); - err = 1; + DES_ofb64_encrypt(&plain[i], &ofb_buf1[i], 1, &ks, &ofb_tmp, &num); } + if (!TEST_mem_eq(ofb_cipher, sizeof(ofb_buf1), ofb_buf1, sizeof(ofb_buf1))) + return 0; memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv)); num = 0; DES_ofb64_encrypt(ofb_buf1, ofb_buf2, sizeof(ofb_buf1), &ks, &ofb_tmp, &num); - if (memcmp(plain, ofb_buf2, sizeof(ofb_buf2)) != 0) { - printf("ofb64_encrypt decrypt error\n"); - err = 1; - } + return TEST_mem_eq(plain, sizeof(ofb_buf2), ofb_buf2, sizeof(ofb_buf2)); +} + +static int test_des_ede_ofb64(void) +{ + DES_key_schedule ks; + int num; + size_t i; - printf("Doing ede_ofb64\n"); DES_set_key_checked(&ofb_key, &ks); memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv)); memset(ofb_buf1, 0, sizeof(ofb_buf1)); memset(ofb_buf2, 0, sizeof(ofb_buf1)); num = 0; for (i = 0; i < sizeof(plain); i++) { - DES_ede3_ofb64_encrypt(&(plain[i]), &(ofb_buf1[i]), 1, &ks, &ks, + DES_ede3_ofb64_encrypt(&plain[i], &ofb_buf1[i], 1, &ks, &ks, &ks, &ofb_tmp, &num); } - if (memcmp(ofb_cipher, ofb_buf1, sizeof(ofb_buf1)) != 0) { - printf("ede_ofb64_encrypt encrypt error\n"); - err = 1; - } + if (!TEST_mem_eq(ofb_cipher, sizeof(ofb_buf1), ofb_buf1, sizeof(ofb_buf1))) + return 0; memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv)); num = 0; DES_ede3_ofb64_encrypt(ofb_buf1, ofb_buf2, sizeof(ofb_buf1), &ks, &ks, &ks, &ofb_tmp, &num); - if (memcmp(plain, ofb_buf2, sizeof(ofb_buf2)) != 0) { - printf("ede_ofb64_encrypt decrypt error\n"); - err = 1; - } - - printf("Doing cbc_cksum\n"); - DES_set_key_checked(&cbc_key, &ks); - cs = DES_cbc_cksum(cbc_data, &cret, strlen((char *)cbc_data), &ks, - &cbc_iv); - if (cs != cbc_cksum_ret) { - printf("bad return value (%08lX), should be %08lX\n", - (unsigned long)cs, (unsigned long)cbc_cksum_ret); - err = 1; - } - if (memcmp(cret, cbc_cksum_data, 8) != 0) { - printf("bad cbc_cksum block returned\n"); - err = 1; - } - - printf("Doing quad_cksum\n"); - cs = DES_quad_cksum(cbc_data, (DES_cblock *)lqret, - (long)strlen((char *)cbc_data), 2, - (DES_cblock *)cbc_iv); - if (cs != 0x70d7a63aL) { - printf("quad_cksum error, ret %08lx should be 70d7a63a\n", - (unsigned long)cs); - err = 1; - } - if (lqret[0] != 0x327eba8dL) { - printf("quad_cksum error, out[0] %08lx is not %08lx\n", - (unsigned long)lqret[0], 0x327eba8dUL); - err = 1; - } - if (lqret[1] != 0x201a49ccL) { - printf("quad_cksum error, out[1] %08lx is not %08lx\n", - (unsigned long)lqret[1], 0x201a49ccUL); - err = 1; - } - if (lqret[2] != 0x70d7a63aL) { - printf("quad_cksum error, out[2] %08lx is not %08lx\n", - (unsigned long)lqret[2], 0x70d7a63aUL); - err = 1; - } - if (lqret[3] != 0x501c2c26L) { - printf("quad_cksum error, out[3] %08lx is not %08lx\n", - (unsigned long)lqret[3], 0x501c2c26UL); - err = 1; - } -# endif - - printf("input word alignment test"); - for (i = 0; i < 4; i++) { - printf(" %d", i); - DES_ncbc_encrypt(&(cbc_out[i]), cbc_in, - strlen((char *)cbc_data) + 1, &ks, - &cbc_iv, DES_ENCRYPT); - } - printf("\noutput word alignment test"); - for (i = 0; i < 4; i++) { - printf(" %d", i); - DES_ncbc_encrypt(cbc_out, &(cbc_in[i]), - strlen((char *)cbc_data) + 1, &ks, - &cbc_iv, DES_ENCRYPT); - } - printf("\n"); - printf("fast crypt test "); - str = DES_crypt("testing", "ef"); - if (strcmp("efGnQx2725bI2", str) != 0) { - printf("fast crypt error, %s should be efGnQx2725bI2\n", str); - err = 1; - } - str = DES_crypt("bca76;23", "yA"); - if (strcmp("yA1Rp/1hZXIJk", str) != 0) { - printf("fast crypt error, %s should be yA1Rp/1hZXIJk\n", str); - err = 1; - } - str = DES_crypt("testing", "y\202"); - if (str != NULL) { - printf("salt error only usascii are accepted\n"); - err = 1; - } - str = DES_crypt("testing", "\0A"); - if (str != NULL) { - printf("salt error cannot contain null terminator\n"); - err = 1; - } - str = DES_crypt("testing", "A"); - if (str != NULL) { - printf("salt error must be at least 2\n"); - err = 1; - } - printf("\n"); - return (err); -} - -static char *pt(unsigned char *p) -{ - static char bufs[10][20]; - static int bnum = 0; - char *ret; - int i; - static char *f = "0123456789ABCDEF"; - - ret = &(bufs[bnum++][0]); - bnum %= 10; - for (i = 0; i < 8; i++) { - ret[i * 2] = f[(p[i] >> 4) & 0xf]; - ret[i * 2 + 1] = f[p[i] & 0xf]; - } - ret[16] = '\0'; - return (ret); + return TEST_mem_eq(plain, sizeof(ofb_buf2), ofb_buf2, sizeof(ofb_buf2)); } -# ifndef LIBDES_LIT - -static int cfb_test(int bits, unsigned char *cfb_cipher) +static int test_des_cbc_cksum(void) { + DES_LONG cs; DES_key_schedule ks; - int i, err = 0; + unsigned char cret[8]; - DES_set_key_checked(&cfb_key, &ks); - memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); - DES_cfb_encrypt(plain, cfb_buf1, bits, sizeof(plain), &ks, &cfb_tmp, - DES_ENCRYPT); - if (memcmp(cfb_cipher, cfb_buf1, sizeof(plain)) != 0) { - err = 1; - printf("cfb_encrypt encrypt error\n"); - for (i = 0; i < 24; i += 8) - printf("%s\n", pt(&(cfb_buf1[i]))); - } - memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); - DES_cfb_encrypt(cfb_buf1, cfb_buf2, bits, sizeof(plain), &ks, &cfb_tmp, - DES_DECRYPT); - if (memcmp(plain, cfb_buf2, sizeof(plain)) != 0) { - err = 1; - printf("cfb_encrypt decrypt error\n"); - for (i = 0; i < 24; i += 8) - printf("%s\n", pt(&(cfb_buf1[i]))); - } - return (err); + DES_set_key_checked(&cbc_key, &ks); + cs = DES_cbc_cksum(cbc_data, &cret, strlen((char *)cbc_data), &ks, + &cbc_iv); + if (!TEST_cs_eq(cs, cbc_cksum_ret)) + return 0; + return TEST_mem_eq(cret, 8, cbc_cksum_data, 8); } -static int cfb64_test(unsigned char *cfb_cipher) +static int test_des_quad_cksum(void) { - DES_key_schedule ks; - int err = 0, i, n; + DES_LONG cs, lqret[4]; - DES_set_key_checked(&cfb_key, &ks); - memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); - n = 0; - DES_cfb64_encrypt(plain, cfb_buf1, 12, &ks, &cfb_tmp, &n, DES_ENCRYPT); - DES_cfb64_encrypt(&(plain[12]), &(cfb_buf1[12]), sizeof(plain) - 12, &ks, - &cfb_tmp, &n, DES_ENCRYPT); - if (memcmp(cfb_cipher, cfb_buf1, sizeof(plain)) != 0) { - err = 1; - printf("cfb_encrypt encrypt error\n"); - for (i = 0; i < 24; i += 8) - printf("%s\n", pt(&(cfb_buf1[i]))); - } - memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); - n = 0; - DES_cfb64_encrypt(cfb_buf1, cfb_buf2, 17, &ks, &cfb_tmp, &n, DES_DECRYPT); - DES_cfb64_encrypt(&(cfb_buf1[17]), &(cfb_buf2[17]), - sizeof(plain) - 17, &ks, &cfb_tmp, &n, DES_DECRYPT); - if (memcmp(plain, cfb_buf2, sizeof(plain)) != 0) { - err = 1; - printf("cfb_encrypt decrypt error\n"); - for (i = 0; i < 24; i += 8) - printf("%s\n", pt(&(cfb_buf2[i]))); - } - return (err); + cs = DES_quad_cksum(cbc_data, (DES_cblock *)lqret, + (long)strlen((char *)cbc_data), 2, + (DES_cblock *)cbc_iv); + if (!TEST_cs_eq(cs, 0x70d7a63aL)) + return 0; + if (!TEST_cs_eq(lqret[0], 0x327eba8dL)) + return 0; + if (!TEST_cs_eq(lqret[1], 0x201a49ccL)) + return 0; + if (!TEST_cs_eq(lqret[2], 0x70d7a63aL)) + return 0; + if (!TEST_cs_eq(lqret[3], 0x501c2c26L)) + return 0; + return 1; } +#endif -static int ede_cfb64_test(unsigned char *cfb_cipher) +int setup_tests(void) { - DES_key_schedule ks; - int err = 0, i, n; - - DES_set_key_checked(&cfb_key, &ks); - memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); - n = 0; - DES_ede3_cfb64_encrypt(plain, cfb_buf1, 12, &ks, &ks, &ks, &cfb_tmp, &n, - DES_ENCRYPT); - DES_ede3_cfb64_encrypt(&(plain[12]), &(cfb_buf1[12]), - sizeof(plain) - 12, &ks, &ks, &ks, - &cfb_tmp, &n, DES_ENCRYPT); - if (memcmp(cfb_cipher, cfb_buf1, sizeof(plain)) != 0) { - err = 1; - printf("ede_cfb_encrypt encrypt error\n"); - for (i = 0; i < 24; i += 8) - printf("%s\n", pt(&(cfb_buf1[i]))); - } - memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); - n = 0; - DES_ede3_cfb64_encrypt(cfb_buf1, cfb_buf2, (long)17, &ks, &ks, &ks, - &cfb_tmp, &n, DES_DECRYPT); - DES_ede3_cfb64_encrypt(&(cfb_buf1[17]), &(cfb_buf2[17]), - sizeof(plain) - 17, &ks, &ks, &ks, - &cfb_tmp, &n, DES_DECRYPT); - if (memcmp(plain, cfb_buf2, sizeof(plain)) != 0) { - err = 1; - printf("ede_cfb_encrypt decrypt error\n"); - for (i = 0; i < 24; i += 8) - printf("%s\n", pt(&(cfb_buf2[i]))); - } - return (err); -} - -# endif +#ifndef OPENSSL_NO_DES + ADD_ALL_TESTS(test_des_ecb, NUM_TESTS); + ADD_TEST(test_des_cbc); + ADD_TEST(test_ede_cbc); + ADD_ALL_TESTS(test_des_ede_ecb, NUM_TESTS - 2); + ADD_TEST(test_des_ede_cbc); + ADD_TEST(test_des_pcbc); + ADD_TEST(test_des_cfb8); + ADD_TEST(test_des_cfb16); + ADD_TEST(test_des_cfb32); + ADD_TEST(test_des_cfb48); + ADD_TEST(test_des_cfb64); + ADD_TEST(test_des_ede_cfb64); + ADD_TEST(test_des_ofb); + ADD_TEST(test_des_ofb64); + ADD_TEST(test_des_ede_ofb64); + ADD_TEST(test_des_cbc_cksum); + ADD_TEST(test_des_quad_cksum); + ADD_TEST(test_des_crypt); + ADD_ALL_TESTS(test_input_align, 4); + ADD_ALL_TESTS(test_output_align, 4); #endif + return 1; +} diff --git a/deps/openssl/openssl/test/dhtest.c b/deps/openssl/openssl/test/dhtest.c index ecf2d9dc703286..5b2fd6795f6d9b 100644 --- a/deps/openssl/openssl/test/dhtest.c +++ b/deps/openssl/openssl/test/dhtest.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,172 +11,192 @@ #include #include -#include "../e_os.h" - +#include "internal/nelem.h" #include #include #include #include #include +#include "testutil.h" -#ifdef OPENSSL_NO_DH -int main(int argc, char *argv[]) -{ - printf("No DH support\n"); - return (0); -} -#else +#ifndef OPENSSL_NO_DH # include static int cb(int p, int n, BN_GENCB *arg); -static const char rnd_seed[] = - "string to make the random number generator think it has entropy"; - -static int run_rfc5114_tests(void); - -int main(int argc, char *argv[]) +static int dh_test(void) { + DH *dh = NULL; + BIGNUM *p = NULL, *q = NULL, *g = NULL; + const BIGNUM *p2, *q2, *g2; + BIGNUM *priv_key = NULL; + const BIGNUM *pub_key2, *priv_key2; BN_GENCB *_cb = NULL; DH *a = NULL; DH *b = NULL; DH *c = NULL; - const BIGNUM *ap = NULL, *ag = NULL, *apub_key = NULL, *priv_key = NULL; - const BIGNUM *bpub_key = NULL; + const BIGNUM *ap = NULL, *ag = NULL, *apub_key = NULL; + const BIGNUM *bpub_key = NULL, *bpriv_key = NULL; BIGNUM *bp = NULL, *bg = NULL, *cpriv_key = NULL; - char buf[12] = {0}; unsigned char *abuf = NULL; unsigned char *bbuf = NULL; unsigned char *cbuf = NULL; int i, alen, blen, clen, aout, bout, cout; - int ret = 1; - BIO *out = NULL; - - CRYPTO_set_mem_debug(1); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - - RAND_seed(rnd_seed, sizeof(rnd_seed)); - - out = BIO_new(BIO_s_file()); - if (out == NULL) - EXIT(1); - BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); - - _cb = BN_GENCB_new(); - if (_cb == NULL) - goto err; - BN_GENCB_set(_cb, &cb, out); - if (((a = DH_new()) == NULL) - || (!DH_generate_parameters_ex(a, 64, DH_GENERATOR_5, _cb))) - goto err; - + int ret = 0; + + if (!TEST_ptr(dh = DH_new()) + || !TEST_ptr(p = BN_new()) + || !TEST_ptr(q = BN_new()) + || !TEST_ptr(g = BN_new()) + || !TEST_ptr(priv_key = BN_new())) + goto err1; + + /* + * I) basic tests + */ + + /* using a small predefined Sophie Germain DH group with generator 3 */ + if (!TEST_true(BN_set_word(p, 4079L)) + || !TEST_true(BN_set_word(q, 2039L)) + || !TEST_true(BN_set_word(g, 3L)) + || !TEST_true(DH_set0_pqg(dh, p, q, g))) + goto err1; + + /* test the combined getter for p, q, and g */ + DH_get0_pqg(dh, &p2, &q2, &g2); + if (!TEST_ptr_eq(p2, p) + || !TEST_ptr_eq(q2, q) + || !TEST_ptr_eq(g2, g)) + goto err2; + + /* test the simple getters for p, q, and g */ + if (!TEST_ptr_eq(DH_get0_p(dh), p2) + || !TEST_ptr_eq(DH_get0_q(dh), q2) + || !TEST_ptr_eq(DH_get0_g(dh), g2)) + goto err2; + + /* set the private key only*/ + if (!TEST_true(BN_set_word(priv_key, 1234L)) + || !TEST_true(DH_set0_key(dh, NULL, priv_key))) + goto err2; + + /* test the combined getter for pub_key and priv_key */ + DH_get0_key(dh, &pub_key2, &priv_key2); + if (!TEST_ptr_eq(pub_key2, NULL) + || !TEST_ptr_eq(priv_key2, priv_key)) + goto err3; + + /* test the simple getters for pub_key and priv_key */ + if (!TEST_ptr_eq(DH_get0_pub_key(dh), pub_key2) + || !TEST_ptr_eq(DH_get0_priv_key(dh), priv_key2)) + goto err3; + + /* now generate a key pair ... */ + if (!DH_generate_key(dh)) + goto err3; + + /* ... and check whether the private key was reused: */ + + /* test it with the combined getter for pub_key and priv_key */ + DH_get0_key(dh, &pub_key2, &priv_key2); + if (!TEST_ptr(pub_key2) + || !TEST_ptr_eq(priv_key2, priv_key)) + goto err3; + + /* test it the simple getters for pub_key and priv_key */ + if (!TEST_ptr_eq(DH_get0_pub_key(dh), pub_key2) + || !TEST_ptr_eq(DH_get0_priv_key(dh), priv_key2)) + goto err3; + + /* check whether the public key was calculated correctly */ + TEST_uint_eq(BN_get_word(pub_key2), 3331L); + + /* + * II) key generation + */ + + /* generate a DH group ... */ + if (!TEST_ptr(_cb = BN_GENCB_new())) + goto err3; + BN_GENCB_set(_cb, &cb, NULL); + if (!TEST_ptr(a = DH_new()) + || !TEST_true(DH_generate_parameters_ex(a, 64, + DH_GENERATOR_5, _cb))) + goto err3; + + /* ... and check whether it is valid */ if (!DH_check(a, &i)) - goto err; - if (i & DH_CHECK_P_NOT_PRIME) - BIO_puts(out, "p value is not prime\n"); - if (i & DH_CHECK_P_NOT_SAFE_PRIME) - BIO_puts(out, "p value is not a safe prime\n"); - if (i & DH_UNABLE_TO_CHECK_GENERATOR) - BIO_puts(out, "unable to check the generator value\n"); - if (i & DH_NOT_SUITABLE_GENERATOR) - BIO_puts(out, "the g value is not a generator\n"); + goto err3; + if (!TEST_false(i & DH_CHECK_P_NOT_PRIME) + || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME) + || !TEST_false(i & DH_UNABLE_TO_CHECK_GENERATOR) + || !TEST_false(i & DH_NOT_SUITABLE_GENERATOR)) + goto err3; DH_get0_pqg(a, &ap, NULL, &ag); - BIO_puts(out, "\np ="); - BN_print(out, ap); - BIO_puts(out, "\ng ="); - BN_print(out, ag); - BIO_puts(out, "\n"); - - b = DH_new(); - if (b == NULL) - goto err; - bp = BN_dup(ap); - bg = BN_dup(ag); - if ((bp == NULL) || (bg == NULL) || !DH_set0_pqg(b, bp, NULL, bg)) - goto err; + /* now create another copy of the DH group for the peer */ + if (!TEST_ptr(b = DH_new())) + goto err3; + + if (!TEST_ptr(bp = BN_dup(ap)) + || !TEST_ptr(bg = BN_dup(ag)) + || !TEST_true(DH_set0_pqg(b, bp, NULL, bg))) + goto err3; bp = bg = NULL; + /* + * III) simulate a key exchange + */ + if (!DH_generate_key(a)) - goto err; - DH_get0_key(a, &apub_key, &priv_key); - BIO_puts(out, "pri 1="); - BN_print(out, priv_key); - BIO_puts(out, "\npub 1="); - BN_print(out, apub_key); - BIO_puts(out, "\n"); + goto err3; + DH_get0_key(a, &apub_key, NULL); if (!DH_generate_key(b)) - goto err; - DH_get0_key(b, &bpub_key, &priv_key); - BIO_puts(out, "pri 2="); - BN_print(out, priv_key); - BIO_puts(out, "\npub 2="); - BN_print(out, bpub_key); - BIO_puts(out, "\n"); + goto err3; + DH_get0_key(b, &bpub_key, &bpriv_key); /* Also test with a private-key-only copy of |b|. */ - if ((c = DHparams_dup(b)) == NULL - || (cpriv_key = BN_dup(priv_key)) == NULL - || !DH_set0_key(c, NULL, cpriv_key)) - goto err; + if (!TEST_ptr(c = DHparams_dup(b)) + || !TEST_ptr(cpriv_key = BN_dup(bpriv_key)) + || !TEST_true(DH_set0_key(c, NULL, cpriv_key))) + goto err3; cpriv_key = NULL; alen = DH_size(a); - abuf = OPENSSL_malloc(alen); - if (abuf == NULL) - goto err; - - aout = DH_compute_key(abuf, bpub_key, a); - - BIO_puts(out, "key1 ="); - for (i = 0; i < aout; i++) { - sprintf(buf, "%02X", abuf[i]); - BIO_puts(out, buf); - } - BIO_puts(out, "\n"); + if (!TEST_ptr(abuf = OPENSSL_malloc(alen)) + || !TEST_true((aout = DH_compute_key(abuf, bpub_key, a)) != -1)) + goto err3; blen = DH_size(b); - bbuf = OPENSSL_malloc(blen); - if (bbuf == NULL) - goto err; - - bout = DH_compute_key(bbuf, apub_key, b); - - BIO_puts(out, "key2 ="); - for (i = 0; i < bout; i++) { - sprintf(buf, "%02X", bbuf[i]); - BIO_puts(out, buf); - } - BIO_puts(out, "\n"); + if (!TEST_ptr(bbuf = OPENSSL_malloc(blen)) + || !TEST_true((bout = DH_compute_key(bbuf, apub_key, b)) != -1)) + goto err3; clen = DH_size(c); - cbuf = OPENSSL_malloc(clen); - if (cbuf == NULL) - goto err; - - cout = DH_compute_key(cbuf, apub_key, c); - - BIO_puts(out, "key3 ="); - for (i = 0; i < cout; i++) { - sprintf(buf, "%02X", cbuf[i]); - BIO_puts(out, buf); - } - BIO_puts(out, "\n"); - - if ((aout < 4) || (bout != aout) || (memcmp(abuf, bbuf, aout) != 0) - || (cout != aout) || (memcmp(abuf, cbuf, aout) != 0)) { - fprintf(stderr, "Error in DH routines\n"); - ret = 1; - } else - ret = 0; - if (!run_rfc5114_tests()) - ret = 1; - err: - (void)BIO_flush(out); - ERR_print_errors_fp(stderr); - + if (!TEST_ptr(cbuf = OPENSSL_malloc(clen)) + || !TEST_true((cout = DH_compute_key(cbuf, apub_key, c)) != -1)) + goto err3; + + if (!TEST_true(aout >= 4) + || !TEST_mem_eq(abuf, aout, bbuf, bout) + || !TEST_mem_eq(abuf, aout, cbuf, cout)) + goto err3; + + ret = 1; + goto success; + + err1: + /* an error occurred before p,q,g were assigned to dh */ + BN_free(p); + BN_free(q); + BN_free(g); + err2: + /* an error occured before priv_key was assigned to dh */ + BN_free(priv_key); + err3: + success: OPENSSL_free(abuf); OPENSSL_free(bbuf); OPENSSL_free(cbuf); @@ -187,30 +207,13 @@ int main(int argc, char *argv[]) BN_free(bg); BN_free(cpriv_key); BN_GENCB_free(_cb); - BIO_free(out); - -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - if (CRYPTO_mem_leaks_fp(stderr) <= 0) - ret = 1; -#endif + DH_free(dh); - EXIT(ret); + return ret; } static int cb(int p, int n, BN_GENCB *arg) { - char c = '*'; - - if (p == 0) - c = '.'; - if (p == 1) - c = '+'; - if (p == 2) - c = '*'; - if (p == 3) - c = '\n'; - BIO_write(BN_GENCB_get_arg(arg), &c, 1); - (void)BIO_flush(BN_GENCB_get_arg(arg)); return 1; } @@ -496,7 +499,7 @@ static const rfc5114_td rfctd[] = { make_rfc5114_td(2048_256) }; -static int run_rfc5114_tests(void) +static int rfc5114_test(void) { int i; DH *dhA = NULL; @@ -510,74 +513,63 @@ static int run_rfc5114_tests(void) for (i = 0; i < (int)OSSL_NELEM(rfctd); i++) { td = rfctd + i; /* Set up DH structures setting key components */ - dhA = td->get_param(); - dhB = td->get_param(); - if ((dhA == NULL) || (dhB == NULL)) + if (!TEST_ptr(dhA = td->get_param()) + || !TEST_ptr(dhB = td->get_param())) goto bad_err; - priv_key = BN_bin2bn(td->xA, td->xA_len, NULL); - pub_key = BN_bin2bn(td->yA, td->yA_len, NULL); - if (priv_key == NULL || pub_key == NULL - || !DH_set0_key(dhA, pub_key, priv_key)) + if (!TEST_ptr(priv_key = BN_bin2bn(td->xA, td->xA_len, NULL)) + || !TEST_ptr(pub_key = BN_bin2bn(td->yA, td->yA_len, NULL)) + || !TEST_true(DH_set0_key(dhA, pub_key, priv_key))) goto bad_err; - priv_key = BN_bin2bn(td->xB, td->xB_len, NULL); - pub_key = BN_bin2bn(td->yB, td->yB_len, NULL); - - if (priv_key == NULL || pub_key == NULL - || !DH_set0_key(dhB, pub_key, priv_key)) + if (!TEST_ptr(priv_key = BN_bin2bn(td->xB, td->xB_len, NULL)) + || !TEST_ptr(pub_key = BN_bin2bn(td->yB, td->yB_len, NULL)) + || !TEST_true( DH_set0_key(dhB, pub_key, priv_key))) goto bad_err; priv_key = pub_key = NULL; - if ((td->Z_len != (size_t)DH_size(dhA)) - || (td->Z_len != (size_t)DH_size(dhB))) + if (!TEST_uint_eq(td->Z_len, (size_t)DH_size(dhA)) + || !TEST_uint_eq(td->Z_len, (size_t)DH_size(dhB))) goto err; - Z1 = OPENSSL_malloc(DH_size(dhA)); - Z2 = OPENSSL_malloc(DH_size(dhB)); - if ((Z1 == NULL) || (Z2 == NULL)) + if (!TEST_ptr(Z1 = OPENSSL_malloc(DH_size(dhA))) + || !TEST_ptr(Z2 = OPENSSL_malloc(DH_size(dhB)))) goto bad_err; /* * Work out shared secrets using both sides and compare with expected * values. */ DH_get0_key(dhB, &pub_key_tmp, NULL); - if (DH_compute_key(Z1, pub_key_tmp, dhA) == -1) + if (!TEST_int_ne(DH_compute_key(Z1, pub_key_tmp, dhA), -1)) goto bad_err; DH_get0_key(dhA, &pub_key_tmp, NULL); - if (DH_compute_key(Z2, pub_key_tmp, dhB) == -1) + if (!TEST_int_ne(DH_compute_key(Z2, pub_key_tmp, dhB), -1)) goto bad_err; - if (memcmp(Z1, td->Z, td->Z_len)) + if (!TEST_mem_eq(Z1, td->Z_len, td->Z, td->Z_len) + || !TEST_mem_eq(Z2, td->Z_len, td->Z, td->Z_len)) goto err; - if (memcmp(Z2, td->Z, td->Z_len)) - goto err; - - printf("RFC5114 parameter test %d OK\n", i + 1); DH_free(dhA); - DH_free(dhB); - OPENSSL_free(Z1); - OPENSSL_free(Z2); dhA = NULL; + DH_free(dhB); dhB = NULL; + OPENSSL_free(Z1); Z1 = NULL; + OPENSSL_free(Z2); Z2 = NULL; } /* Now i == OSSL_NELEM(rfctd) */ /* RFC5114 uses unsafe primes, so now test an invalid y value */ - dhA = DH_get_2048_224(); - if (dhA == NULL) - goto bad_err; - Z1 = OPENSSL_malloc(DH_size(dhA)); - if (Z1 == NULL) + if (!TEST_ptr(dhA = DH_get_2048_224()) + || !TEST_ptr(Z1 = OPENSSL_malloc(DH_size(dhA)))) goto bad_err; - bady = BN_bin2bn(dhtest_rfc5114_2048_224_bad_y, - sizeof(dhtest_rfc5114_2048_224_bad_y), NULL); - if (bady == NULL) + if (!TEST_ptr(bady = BN_bin2bn(dhtest_rfc5114_2048_224_bad_y, + sizeof(dhtest_rfc5114_2048_224_bad_y), + NULL))) goto bad_err; if (!DH_generate_key(dhA)) @@ -592,14 +584,11 @@ static int run_rfc5114_tests(void) } /* We'll have a stale error on the queue from the above test so clear it */ ERR_clear_error(); - - printf("RFC5114 parameter test %d OK\n", i + 1); - BN_free(bady); DH_free(dhA); OPENSSL_free(Z1); - return 1; + bad_err: BN_free(bady); DH_free(dhA); @@ -608,19 +597,28 @@ static int run_rfc5114_tests(void) BN_free(priv_key); OPENSSL_free(Z1); OPENSSL_free(Z2); - - fprintf(stderr, "Initialisation error RFC5114 set %d\n", i + 1); - ERR_print_errors_fp(stderr); + TEST_error("Initialisation error RFC5114 set %d\n", i + 1); return 0; + err: BN_free(bady); DH_free(dhA); DH_free(dhB); OPENSSL_free(Z1); OPENSSL_free(Z2); - - fprintf(stderr, "Test failed RFC5114 set %d\n", i + 1); + TEST_error("Test failed RFC5114 set %d\n", i + 1); return 0; } +#endif + +int setup_tests(void) +{ +#ifdef OPENSSL_NO_DH + TEST_note("No DH support"); +#else + ADD_TEST(dh_test); + ADD_TEST(rfc5114_test); #endif + return 1; +} diff --git a/deps/openssl/openssl/test/drbg_cavs_data.h b/deps/openssl/openssl/test/drbg_cavs_data.h new file mode 100644 index 00000000000000..d673375619d3d5 --- /dev/null +++ b/deps/openssl/openssl/test/drbg_cavs_data.h @@ -0,0 +1,82 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Known answer tests (KAT) for NIST SP800-90A DRBGs. + */ + +#include + +#ifndef DRBG_CAVS_DATA_H +# define DRBG_CAVS_DATA_H + +enum drbg_kat_type { + NO_RESEED, + PR_FALSE, + PR_TRUE +}; + +enum drbg_df { + USE_DF, + NO_DF, + NA +}; + +struct drbg_kat_no_reseed { + size_t count; + const unsigned char *entropyin; + const unsigned char *nonce; + const unsigned char *persstr; + const unsigned char *addin1; + const unsigned char *addin2; + const unsigned char *retbytes; +}; + +struct drbg_kat_pr_false { + size_t count; + const unsigned char *entropyin; + const unsigned char *nonce; + const unsigned char *persstr; + const unsigned char *entropyinreseed; + const unsigned char *addinreseed; + const unsigned char *addin1; + const unsigned char *addin2; + const unsigned char *retbytes; +}; + +struct drbg_kat_pr_true { + size_t count; + const unsigned char *entropyin; + const unsigned char *nonce; + const unsigned char *persstr; + const unsigned char *entropyinpr1; + const unsigned char *addin1; + const unsigned char *entropyinpr2; + const unsigned char *addin2; + const unsigned char *retbytes; +}; + +struct drbg_kat { + enum drbg_kat_type type; + enum drbg_df df; + int nid; + + size_t entropyinlen; + size_t noncelen; + size_t persstrlen; + size_t addinlen; + size_t retbyteslen; + + const void *t; +}; + +extern const struct drbg_kat *drbg_test[]; +extern const size_t drbg_test_nelem; + +#endif diff --git a/deps/openssl/openssl/test/drbgtest.h b/deps/openssl/openssl/test/drbgtest.h new file mode 100644 index 00000000000000..c11b8a2b4c2e35 --- /dev/null +++ b/deps/openssl/openssl/test/drbgtest.h @@ -0,0 +1,579 @@ +/* + * Copyright 2011-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Known answer tests for SP800-90 DRBG CTR mode. + */ + + +/* + * AES-128 use df PR + */ +static const unsigned char aes_128_use_df_pr_entropyinput[] = { + 0x61, 0x52, 0x7c, 0xe3, 0x23, 0x7d, 0x0a, 0x07, 0x10, 0x0c, 0x50, 0x33, + 0xc8, 0xdb, 0xff, 0x12 +}; +static const unsigned char aes_128_use_df_pr_nonce[] = { + 0x51, 0x0d, 0x85, 0x77, 0xed, 0x22, 0x97, 0x28 +}; +static const unsigned char aes_128_use_df_pr_personalizationstring[] = { + 0x59, 0x9f, 0xbb, 0xcd, 0xd5, 0x25, 0x69, 0xb5, 0xcb, 0xb5, 0x03, 0xfe, + 0xd7, 0xd7, 0x01, 0x67 +}; +static const unsigned char aes_128_use_df_pr_additionalinput[] = { + 0xef, 0x88, 0x76, 0x01, 0xaf, 0x3c, 0xfe, 0x8b, 0xaf, 0x26, 0x06, 0x9e, + 0x9a, 0x47, 0x08, 0x76 +}; +static const unsigned char aes_128_use_df_pr_entropyinputpr[] = { + 0xe2, 0x76, 0xf9, 0xf6, 0x3a, 0xba, 0x10, 0x9f, 0xbf, 0x47, 0x0e, 0x51, + 0x09, 0xfb, 0xa3, 0xb6 +}; +static const unsigned char aes_128_use_df_pr_int_returnedbits[] = { + 0xd4, 0x98, 0x8a, 0x46, 0x80, 0x4c, 0xdb, 0xa3, 0x59, 0x02, 0x57, 0x52, + 0x66, 0x1c, 0xea, 0x5b +}; +static const unsigned char aes_128_use_df_pr_additionalinput2[] = { + 0x88, 0x8c, 0x91, 0xd6, 0xbe, 0x56, 0x6e, 0x08, 0x9a, 0x62, 0x2b, 0x11, + 0x3f, 0x5e, 0x31, 0x06 +}; +static const unsigned char aes_128_use_df_pr_entropyinputpr2[] = { + 0xc0, 0x5c, 0x6b, 0x98, 0x01, 0x0d, 0x58, 0x18, 0x51, 0x18, 0x96, 0xae, + 0xa7, 0xe3, 0xa8, 0x67 +}; +static const unsigned char aes_128_use_df_pr_returnedbits[] = { + 0xcf, 0x01, 0xac, 0x22, 0x31, 0x06, 0x8e, 0xfc, 0xce, 0x56, 0xea, 0x24, + 0x0f, 0x38, 0x43, 0xc6 +}; + + +/* + * AES-128 use df no PR + */ +static const unsigned char aes_128_use_df_entropyinput[] = { + 0x1f, 0x8e, 0x34, 0x82, 0x0c, 0xb7, 0xbe, 0xc5, 0x01, 0x3e, 0xd0, 0xa3, + 0x9d, 0x7d, 0x1c, 0x9b +}; +static const unsigned char aes_128_use_df_nonce[] = { + 0xd5, 0x4d, 0xbd, 0x4a, 0x93, 0x7f, 0xb8, 0x96, +}; +static const unsigned char aes_128_use_df_personalizationstring[] = { + 0xab, 0xd6, 0x3f, 0x04, 0xfe, 0x27, 0x6b, 0x2d, 0xd7, 0xc3, 0x1c, 0xf3, + 0x38, 0x66, 0xba, 0x1b +}; +static const unsigned char aes_128_use_df_additionalinput[] = { + 0xfe, 0xf4, 0x09, 0xa8, 0xb7, 0x73, 0x27, 0x9c, 0x5f, 0xa7, 0xea, 0x46, + 0xb5, 0xe2, 0xb2, 0x41 +}; +static const unsigned char aes_128_use_df_int_returnedbits[] = { + 0x42, 0xe4, 0x4e, 0x7b, 0x27, 0xdd, 0xcb, 0xbc, 0x0a, 0xcf, 0xa6, 0x67, + 0xe7, 0x57, 0x11, 0xb4 +}; +static const unsigned char aes_128_use_df_entropyinputreseed[] = { + 0x14, 0x26, 0x69, 0xd9, 0xf3, 0x65, 0x03, 0xd6, 0x6b, 0xb9, 0x44, 0x0b, + 0xc7, 0xc4, 0x9e, 0x39 +}; +static const unsigned char aes_128_use_df_additionalinputreseed[] = { + 0x55, 0x2e, 0x60, 0x9a, 0x05, 0x72, 0x8a, 0xa8, 0xef, 0x22, 0x81, 0x5a, + 0xc8, 0x93, 0xfa, 0x84 +}; +static const unsigned char aes_128_use_df_additionalinput2[] = { + 0x3c, 0x40, 0xc8, 0xc4, 0x16, 0x0c, 0x21, 0xa4, 0x37, 0x2c, 0x8f, 0xa5, + 0x06, 0x0c, 0x15, 0x2c +}; +static const unsigned char aes_128_use_df_returnedbits[] = { + 0xe1, 0x3e, 0x99, 0x98, 0x86, 0x67, 0x0b, 0x63, 0x7b, 0xbe, 0x3f, 0x88, + 0x46, 0x81, 0xc7, 0x19 +}; + + +/* + * AES-192 use df PR + */ +static const unsigned char aes_192_use_df_pr_entropyinput[] = { + 0x2b, 0x4e, 0x8b, 0xe1, 0xf1, 0x34, 0x80, 0x56, 0x81, 0xf9, 0x74, 0xec, + 0x17, 0x44, 0x2a, 0xf1, 0x14, 0xb0, 0xbf, 0x97, 0x39, 0xb7, 0x04, 0x7d +}; +static const unsigned char aes_192_use_df_pr_nonce[] = { + 0xd6, 0x9d, 0xeb, 0x14, 0x4e, 0x6c, 0x30, 0x1e, 0x39, 0x55, 0x73, 0xd0, + 0xd1, 0x80, 0x78, 0xfa +}; +static const unsigned char aes_192_use_df_pr_personalizationstring[] = { + 0xfc, 0x43, 0x4a, 0xf8, 0x9a, 0x55, 0xb3, 0x53, 0x83, 0xe2, 0x18, 0x16, + 0x0c, 0xdc, 0xcd, 0x5e, 0x4f, 0xa0, 0x03, 0x01, 0x2b, 0x9f, 0xe4, 0xd5, + 0x7d, 0x49, 0xf0, 0x41, 0x9e, 0x3d, 0x99, 0x04 +}; +static const unsigned char aes_192_use_df_pr_additionalinput[] = { + 0x5e, 0x9f, 0x49, 0x6f, 0x21, 0x8b, 0x1d, 0x32, 0xd5, 0x84, 0x5c, 0xac, + 0xaf, 0xdf, 0xe4, 0x79, 0x9e, 0xaf, 0xa9, 0x82, 0xd0, 0xf8, 0x4f, 0xcb, + 0x69, 0x10, 0x0a, 0x7e, 0x81, 0x57, 0xb5, 0x36 +}; +static const unsigned char aes_192_use_df_pr_entropyinputpr[] = { + 0xd4, 0x81, 0x0c, 0xd7, 0x66, 0x39, 0xec, 0x42, 0x53, 0x87, 0x41, 0xa5, + 0x1e, 0x7d, 0x80, 0x91, 0x8e, 0xbb, 0xed, 0xac, 0x14, 0x02, 0x1a, 0xd5, +}; +static const unsigned char aes_192_use_df_pr_int_returnedbits[] = { + 0xdf, 0x1d, 0x39, 0x45, 0x7c, 0x9b, 0xc6, 0x2b, 0x7d, 0x8c, 0x93, 0xe9, + 0x19, 0x30, 0x6b, 0x67 +}; +static const unsigned char aes_192_use_df_pr_additionalinput2[] = { + 0x00, 0x71, 0x27, 0x4e, 0xd3, 0x14, 0xf1, 0x20, 0x7f, 0x4a, 0x41, 0x32, + 0x2a, 0x97, 0x11, 0x43, 0x8f, 0x4a, 0x15, 0x7b, 0x9b, 0x51, 0x79, 0xda, + 0x49, 0x3d, 0xde, 0xe8, 0xbc, 0x93, 0x91, 0x99 +}; +static const unsigned char aes_192_use_df_pr_entropyinputpr2[] = { + 0x90, 0xee, 0x76, 0xa1, 0x45, 0x8d, 0xb7, 0x40, 0xb0, 0x11, 0xbf, 0xd0, + 0x65, 0xd7, 0x3c, 0x7c, 0x4f, 0x20, 0x3f, 0x4e, 0x11, 0x9d, 0xb3, 0x5e, +}; +static const unsigned char aes_192_use_df_pr_returnedbits[] = { + 0x24, 0x3b, 0x20, 0xa4, 0x37, 0x66, 0xba, 0x72, 0x39, 0x3f, 0xcf, 0x3c, + 0x7e, 0x1a, 0x2b, 0x83 +}; + + +/* + * AES-192 use df no PR + */ +static const unsigned char aes_192_use_df_entropyinput[] = { + 0x8d, 0x74, 0xa4, 0x50, 0x1a, 0x02, 0x68, 0x0c, 0x2a, 0x69, 0xc4, 0x82, + 0x3b, 0xbb, 0xda, 0x0e, 0x7f, 0x77, 0xa3, 0x17, 0x78, 0x57, 0xb2, 0x7b, +}; +static const unsigned char aes_192_use_df_nonce[] = { + 0x75, 0xd5, 0x1f, 0xac, 0xa4, 0x8d, 0x42, 0x78, 0xd7, 0x69, 0x86, 0x9d, + 0x77, 0xd7, 0x41, 0x0e +}; +static const unsigned char aes_192_use_df_personalizationstring[] = { + 0x4e, 0x33, 0x41, 0x3c, 0x9c, 0xc2, 0xd2, 0x53, 0xaf, 0x90, 0xea, 0xcf, + 0x19, 0x50, 0x1e, 0xe6, 0x6f, 0x63, 0xc8, 0x32, 0x22, 0xdc, 0x07, 0x65, + 0x9c, 0xd3, 0xf8, 0x30, 0x9e, 0xed, 0x35, 0x70 +}; +static const unsigned char aes_192_use_df_additionalinput[] = { + 0x5d, 0x8b, 0x8c, 0xc1, 0xdf, 0x0e, 0x02, 0x78, 0xfb, 0x19, 0xb8, 0x69, + 0x78, 0x4e, 0x9c, 0x52, 0xbc, 0xc7, 0x20, 0xc9, 0xe6, 0x5e, 0x77, 0x22, + 0x28, 0x3d, 0x0c, 0x9e, 0x68, 0xa8, 0x45, 0xd7 +}; +static const unsigned char aes_192_use_df_int_returnedbits[] = { + 0xd5, 0xe7, 0x08, 0xc5, 0x19, 0x99, 0xd5, 0x31, 0x03, 0x0a, 0x74, 0xb6, + 0xb7, 0xed, 0xe9, 0xea +}; +static const unsigned char aes_192_use_df_entropyinputreseed[] = { + 0x9c, 0x26, 0xda, 0xf1, 0xac, 0xd9, 0x5a, 0xd6, 0xa8, 0x65, 0xf5, 0x02, + 0x8f, 0xdc, 0xa2, 0x09, 0x54, 0xa6, 0xe2, 0xa4, 0xde, 0x32, 0xe0, 0x01, +}; +static const unsigned char aes_192_use_df_additionalinputreseed[] = { + 0x9b, 0x90, 0xb0, 0x3a, 0x0e, 0x3a, 0x80, 0x07, 0x4a, 0xf4, 0xda, 0x76, + 0x28, 0x30, 0x3c, 0xee, 0x54, 0x1b, 0x94, 0x59, 0x51, 0x43, 0x56, 0x77, + 0xaf, 0x88, 0xdd, 0x63, 0x89, 0x47, 0x06, 0x65 +}; +static const unsigned char aes_192_use_df_additionalinput2[] = { + 0x3c, 0x11, 0x64, 0x7a, 0x96, 0xf5, 0xd8, 0xb8, 0xae, 0xd6, 0x70, 0x4e, + 0x16, 0x96, 0xde, 0xe9, 0x62, 0xbc, 0xee, 0x28, 0x2f, 0x26, 0xa6, 0xf0, + 0x56, 0xef, 0xa3, 0xf1, 0x6b, 0xa1, 0xb1, 0x77 +}; +static const unsigned char aes_192_use_df_returnedbits[] = { + 0x0b, 0xe2, 0x56, 0x03, 0x1e, 0xdb, 0x2c, 0x6d, 0x7f, 0x1b, 0x15, 0x58, + 0x1a, 0xf9, 0x13, 0x28 +}; + + +/* + * AES-256 use df PR + */ +static const unsigned char aes_256_use_df_pr_entropyinput[] = { + 0x61, 0x68, 0xfc, 0x1a, 0xf0, 0xb5, 0x95, 0x6b, 0x85, 0x09, 0x9b, 0x74, + 0x3f, 0x13, 0x78, 0x49, 0x3b, 0x85, 0xec, 0x93, 0x13, 0x3b, 0xa9, 0x4f, + 0x96, 0xab, 0x2c, 0xe4, 0xc8, 0x8f, 0xdd, 0x6a +}; +static const unsigned char aes_256_use_df_pr_nonce[] = { + 0xad, 0xd2, 0xbb, 0xba, 0xb7, 0x65, 0x89, 0xc3, 0x21, 0x6c, 0x55, 0x33, + 0x2b, 0x36, 0xff, 0xa4 +}; +static const unsigned char aes_256_use_df_pr_personalizationstring[] = { + 0x6e, 0xca, 0xe7, 0x20, 0x72, 0xd3, 0x84, 0x5a, 0x32, 0xd3, 0x4b, 0x24, + 0x72, 0xc4, 0x63, 0x2b, 0x9d, 0x12, 0x24, 0x0c, 0x23, 0x26, 0x8e, 0x83, + 0x16, 0x37, 0x0b, 0xd1, 0x06, 0x4f, 0x68, 0x6d +}; +static const unsigned char aes_256_use_df_pr_additionalinput[] = { + 0x7e, 0x08, 0x4a, 0xbb, 0xe3, 0x21, 0x7c, 0xc9, 0x23, 0xd2, 0xf8, 0xb0, + 0x73, 0x98, 0xba, 0x84, 0x74, 0x23, 0xab, 0x06, 0x8a, 0xe2, 0x22, 0xd3, + 0x7b, 0xce, 0x9b, 0xd2, 0x4a, 0x76, 0xb8, 0xde +}; +static const unsigned char aes_256_use_df_pr_entropyinputpr[] = { + 0x0b, 0x23, 0xaf, 0xdf, 0xf1, 0x62, 0xd7, 0xd3, 0x43, 0x97, 0xf8, 0x77, + 0x04, 0xa8, 0x42, 0x20, 0xbd, 0xf6, 0x0f, 0xc1, 0x17, 0x2f, 0x9f, 0x54, + 0xbb, 0x56, 0x17, 0x86, 0x68, 0x0e, 0xba, 0xa9 +}; +static const unsigned char aes_256_use_df_pr_int_returnedbits[] = { + 0x31, 0x8e, 0xad, 0xaf, 0x40, 0xeb, 0x6b, 0x74, 0x31, 0x46, 0x80, 0xc7, + 0x17, 0xab, 0x3c, 0x7a +}; +static const unsigned char aes_256_use_df_pr_additionalinput2[] = { + 0x94, 0x6b, 0xc9, 0x9f, 0xab, 0x8d, 0xc5, 0xec, 0x71, 0x88, 0x1d, 0x00, + 0x8c, 0x89, 0x68, 0xe4, 0xc8, 0x07, 0x77, 0x36, 0x17, 0x6d, 0x79, 0x78, + 0xc7, 0x06, 0x4e, 0x99, 0x04, 0x28, 0x29, 0xc3 +}; +static const unsigned char aes_256_use_df_pr_entropyinputpr2[] = { + 0xbf, 0x6c, 0x59, 0x2a, 0x0d, 0x44, 0x0f, 0xae, 0x9a, 0x5e, 0x03, 0x73, + 0xd8, 0xa6, 0xe1, 0xcf, 0x25, 0x61, 0x38, 0x24, 0x86, 0x9e, 0x53, 0xe8, + 0xa4, 0xdf, 0x56, 0xf4, 0x06, 0x07, 0x9c, 0x0f +}; +static const unsigned char aes_256_use_df_pr_returnedbits[] = { + 0x22, 0x4a, 0xb4, 0xb8, 0xb6, 0xee, 0x7d, 0xb1, 0x9e, 0xc9, 0xf9, 0xa0, + 0xd9, 0xe2, 0x97, 0x00 +}; + + +/* + * AES-256 use df no PR + */ +static const unsigned char aes_256_use_df_entropyinput[] = { + 0xa5, 0x3e, 0x37, 0x10, 0x17, 0x43, 0x91, 0x93, 0x59, 0x1e, 0x47, 0x50, + 0x87, 0xaa, 0xdd, 0xd5, 0xc1, 0xc3, 0x86, 0xcd, 0xca, 0x0d, 0xdb, 0x68, + 0xe0, 0x02, 0xd8, 0x0f, 0xdc, 0x40, 0x1a, 0x47 +}; +static const unsigned char aes_256_use_df_nonce[] = { + 0xa9, 0x4d, 0xa5, 0x5a, 0xfd, 0xc5, 0x0c, 0xe5, 0x1c, 0x9a, 0x3b, 0x8a, + 0x4c, 0x44, 0x84, 0x40 +}; +static const unsigned char aes_256_use_df_personalizationstring[] = { + 0x8b, 0x52, 0xa2, 0x4a, 0x93, 0xc3, 0x4e, 0xa7, 0x1e, 0x1c, 0xa7, 0x05, + 0xeb, 0x82, 0x9b, 0xa6, 0x5d, 0xe4, 0xd4, 0xe0, 0x7f, 0xa3, 0xd8, 0x6b, + 0x37, 0x84, 0x5f, 0xf1, 0xc7, 0xd5, 0xf6, 0xd2 +}; +static const unsigned char aes_256_use_df_additionalinput[] = { + 0x20, 0xf4, 0x22, 0xed, 0xf8, 0x5c, 0xa1, 0x6a, 0x01, 0xcf, 0xbe, 0x5f, + 0x8d, 0x6c, 0x94, 0x7f, 0xae, 0x12, 0xa8, 0x57, 0xdb, 0x2a, 0xa9, 0xbf, + 0xc7, 0xb3, 0x65, 0x81, 0x80, 0x8d, 0x0d, 0x46 +}; +static const unsigned char aes_256_use_df_int_returnedbits[] = { + 0x4e, 0x44, 0xfd, 0xf3, 0x9e, 0x29, 0xa2, 0xb8, 0x0f, 0x5d, 0x6c, 0xe1, + 0x28, 0x0c, 0x3b, 0xc1 +}; +static const unsigned char aes_256_use_df_entropyinputreseed[] = { + 0xdd, 0x40, 0xe5, 0x98, 0x7b, 0x27, 0x16, 0x73, 0x15, 0x68, 0xd2, 0x76, + 0xbf, 0x0c, 0x67, 0x15, 0x75, 0x79, 0x03, 0xd3, 0xde, 0xde, 0x91, 0x46, + 0x42, 0xdd, 0xd4, 0x67, 0xc8, 0x79, 0xc8, 0x1e +}; +static const unsigned char aes_256_use_df_additionalinputreseed[] = { + 0x7f, 0xd8, 0x1f, 0xbd, 0x2a, 0xb5, 0x1c, 0x11, 0x5d, 0x83, 0x4e, 0x99, + 0xf6, 0x5c, 0xa5, 0x40, 0x20, 0xed, 0x38, 0x8e, 0xd5, 0x9e, 0xe0, 0x75, + 0x93, 0xfe, 0x12, 0x5e, 0x5d, 0x73, 0xfb, 0x75 +}; +static const unsigned char aes_256_use_df_additionalinput2[] = { + 0xcd, 0x2c, 0xff, 0x14, 0x69, 0x3e, 0x4c, 0x9e, 0xfd, 0xfe, 0x26, 0x0d, + 0xe9, 0x86, 0x00, 0x49, 0x30, 0xba, 0xb1, 0xc6, 0x50, 0x57, 0x77, 0x2a, + 0x62, 0x39, 0x2c, 0x3b, 0x74, 0xeb, 0xc9, 0x0d +}; +static const unsigned char aes_256_use_df_returnedbits[] = { + 0x4f, 0x78, 0xbe, 0xb9, 0x4d, 0x97, 0x8c, 0xe9, 0xd0, 0x97, 0xfe, 0xad, + 0xfa, 0xfd, 0x35, 0x5e +}; + + +/* + * AES-128 no df PR + */ +static const unsigned char aes_128_no_df_pr_entropyinput[] = { + 0x9a, 0x25, 0x65, 0x10, 0x67, 0xd5, 0xb6, 0x6b, 0x70, 0xa1, 0xb3, 0xa4, + 0x43, 0x95, 0x80, 0xc0, 0x84, 0x0a, 0x79, 0xb0, 0x88, 0x74, 0xf2, 0xbf, + 0x31, 0x6c, 0x33, 0x38, 0x0b, 0x00, 0xb2, 0x5a +}; +static const unsigned char aes_128_no_df_pr_nonce[] = { + 0x78, 0x47, 0x6b, 0xf7, 0x90, 0x8e, 0x87, 0xf1, +}; +static const unsigned char aes_128_no_df_pr_personalizationstring[] = { + 0xf7, 0x22, 0x1d, 0x3a, 0xbe, 0x1d, 0xca, 0x32, 0x1b, 0xbd, 0x87, 0x0c, + 0x51, 0x24, 0x19, 0xee, 0xa3, 0x23, 0x09, 0x63, 0x33, 0x3d, 0xa8, 0x0c, + 0x1c, 0xfa, 0x42, 0x89, 0xcc, 0x6f, 0xa0, 0xa8 +}; +static const unsigned char aes_128_no_df_pr_additionalinput[] = { + 0xc9, 0xe0, 0x80, 0xbf, 0x8c, 0x45, 0x58, 0x39, 0xff, 0x00, 0xab, 0x02, + 0x4c, 0x3e, 0x3a, 0x95, 0x9b, 0x80, 0xa8, 0x21, 0x2a, 0xee, 0xba, 0x73, + 0xb1, 0xd9, 0xcf, 0x28, 0xf6, 0x8f, 0x9b, 0x12 +}; +static const unsigned char aes_128_no_df_pr_entropyinputpr[] = { + 0x4c, 0xa8, 0xc5, 0xf0, 0x59, 0x9e, 0xa6, 0x8d, 0x26, 0x53, 0xd7, 0x8a, + 0xa9, 0xd8, 0xf7, 0xed, 0xb2, 0xf9, 0x12, 0x42, 0xe1, 0xe5, 0xbd, 0xe7, + 0xe7, 0x1d, 0x74, 0x99, 0x00, 0x9d, 0x31, 0x3e +}; +static const unsigned char aes_128_no_df_pr_int_returnedbits[] = { + 0xe2, 0xac, 0x20, 0xf0, 0x80, 0xe7, 0xbc, 0x7e, 0x9c, 0x7b, 0x65, 0x71, + 0xaf, 0x19, 0x32, 0x16 +}; +static const unsigned char aes_128_no_df_pr_additionalinput2[] = { + 0x32, 0x7f, 0x38, 0x8b, 0x73, 0x0a, 0x78, 0x83, 0xdc, 0x30, 0xbe, 0x9f, + 0x10, 0x1f, 0xf5, 0x1f, 0xca, 0x00, 0xb5, 0x0d, 0xd6, 0x9d, 0x60, 0x83, + 0x51, 0x54, 0x7d, 0x38, 0x23, 0x3a, 0x52, 0x50 +}; +static const unsigned char aes_128_no_df_pr_entropyinputpr2[] = { + 0x18, 0x61, 0x53, 0x56, 0xed, 0xed, 0xd7, 0x20, 0xfb, 0x71, 0x04, 0x7a, + 0xb2, 0xac, 0xc1, 0x28, 0xcd, 0xf2, 0xc2, 0xfc, 0xaa, 0xb1, 0x06, 0x07, + 0xe9, 0x46, 0x95, 0x02, 0x48, 0x01, 0x78, 0xf9 +}; +static const unsigned char aes_128_no_df_pr_returnedbits[] = { + 0x29, 0xc8, 0x1b, 0x15, 0xb1, 0xd1, 0xc2, 0xf6, 0x71, 0x86, 0x68, 0x33, + 0x57, 0x82, 0x33, 0xaf +}; + + +/* + * AES-128 no df no PR + */ +static const unsigned char aes_128_no_df_entropyinput[] = { + 0xc9, 0xc5, 0x79, 0xbc, 0xe8, 0xc5, 0x19, 0xd8, 0xbc, 0x66, 0x73, 0x67, + 0xf6, 0xd3, 0x72, 0xaa, 0xa6, 0x16, 0xb8, 0x50, 0xb7, 0x47, 0x3a, 0x42, + 0xab, 0xf4, 0x16, 0xb2, 0x96, 0xd2, 0xb6, 0x60 +}; +static const unsigned char aes_128_no_df_nonce[] = { + 0x5f, 0xbf, 0x97, 0x0c, 0x4b, 0xa4, 0x87, 0x13, +}; +static const unsigned char aes_128_no_df_personalizationstring[] = { + 0xce, 0xfb, 0x7b, 0x3f, 0xd4, 0x6b, 0x29, 0x0d, 0x69, 0x06, 0xff, 0xbb, + 0xf2, 0xe5, 0xc6, 0x6c, 0x0a, 0x10, 0xa0, 0xcf, 0x1a, 0x48, 0xc7, 0x8b, + 0x3c, 0x16, 0x88, 0xed, 0x50, 0x13, 0x81, 0xce +}; +static const unsigned char aes_128_no_df_additionalinput[] = { + 0x4b, 0x22, 0x46, 0x18, 0x02, 0x7b, 0xd2, 0x1b, 0x22, 0x42, 0x7c, 0x37, + 0xd9, 0xf6, 0xe8, 0x9b, 0x12, 0x30, 0x5f, 0xe9, 0x90, 0xe8, 0x08, 0x24, + 0x4f, 0x06, 0x66, 0xdb, 0x19, 0x2b, 0x13, 0x95 +}; +static const unsigned char aes_128_no_df_int_returnedbits[] = { + 0x2e, 0x96, 0x70, 0x64, 0xfa, 0xdf, 0xdf, 0x57, 0xb5, 0x82, 0xee, 0xd6, + 0xed, 0x3e, 0x65, 0xc2 +}; +static const unsigned char aes_128_no_df_entropyinputreseed[] = { + 0x26, 0xc0, 0x72, 0x16, 0x3a, 0x4b, 0xb7, 0x99, 0xd4, 0x07, 0xaf, 0x66, + 0x62, 0x36, 0x96, 0xa4, 0x51, 0x17, 0xfa, 0x07, 0x8b, 0x17, 0x5e, 0xa1, + 0x2f, 0x3c, 0x10, 0xe7, 0x90, 0xd0, 0x46, 0x00 +}; +static const unsigned char aes_128_no_df_additionalinputreseed[] = { + 0x83, 0x39, 0x37, 0x7b, 0x02, 0x06, 0xd2, 0x12, 0x13, 0x8d, 0x8b, 0xf2, + 0xf0, 0xf6, 0x26, 0xeb, 0xa4, 0x22, 0x7b, 0xc2, 0xe7, 0xba, 0x79, 0xe4, + 0x3b, 0x77, 0x5d, 0x4d, 0x47, 0xb2, 0x2d, 0xb4 +}; +static const unsigned char aes_128_no_df_additionalinput2[] = { + 0x0b, 0xb9, 0x67, 0x37, 0xdb, 0x83, 0xdf, 0xca, 0x81, 0x8b, 0xf9, 0x3f, + 0xf1, 0x11, 0x1b, 0x2f, 0xf0, 0x61, 0xa6, 0xdf, 0xba, 0xa3, 0xb1, 0xac, + 0xd3, 0xe6, 0x09, 0xb8, 0x2c, 0x6a, 0x67, 0xd6 +}; +static const unsigned char aes_128_no_df_returnedbits[] = { + 0x1e, 0xa7, 0xa4, 0xe4, 0xe1, 0xa6, 0x7c, 0x69, 0x9a, 0x44, 0x6c, 0x36, + 0x81, 0x37, 0x19, 0xd4 +}; + + +/* + * AES-192 no df PR + */ +static const unsigned char aes_192_no_df_pr_entropyinput[] = { + 0x9d, 0x2c, 0xd2, 0x55, 0x66, 0xea, 0xe0, 0xbe, 0x18, 0xb7, 0x76, 0xe7, + 0x73, 0x35, 0xd8, 0x1f, 0xad, 0x3a, 0xe3, 0x81, 0x0e, 0x92, 0xd0, 0x61, + 0xc9, 0x12, 0x26, 0xf6, 0x1c, 0xdf, 0xfe, 0x47, 0xaa, 0xfe, 0x7d, 0x5a, + 0x17, 0x1f, 0x8d, 0x9a +}; +static const unsigned char aes_192_no_df_pr_nonce[] = { + 0x44, 0x82, 0xed, 0xe8, 0x4c, 0x28, 0x5a, 0x14, 0xff, 0x88, 0x8d, 0x19, + 0x61, 0x5c, 0xee, 0x0f +}; +static const unsigned char aes_192_no_df_pr_personalizationstring[] = { + 0x47, 0xd7, 0x9b, 0x99, 0xaa, 0xcb, 0xe7, 0xd2, 0x57, 0x66, 0x2c, 0xe1, + 0x78, 0xd6, 0x2c, 0xea, 0xa3, 0x23, 0x5f, 0x2a, 0xc1, 0x3a, 0xf0, 0xa4, + 0x20, 0x3b, 0xfa, 0x07, 0xd5, 0x05, 0x02, 0xe4, 0x57, 0x01, 0xb6, 0x10, + 0x57, 0x2e, 0xe7, 0x55 +}; +static const unsigned char aes_192_no_df_pr_additionalinput[] = { + 0x4b, 0x74, 0x0b, 0x40, 0xce, 0x6b, 0xc2, 0x6a, 0x24, 0xb4, 0xf3, 0xad, + 0x7a, 0xa5, 0x7a, 0xa2, 0x15, 0xe2, 0xc8, 0x61, 0x15, 0xc6, 0xb7, 0x85, + 0x69, 0x11, 0xad, 0x7b, 0x14, 0xd2, 0xf6, 0x12, 0xa1, 0x95, 0x5d, 0x3f, + 0xe2, 0xd0, 0x0c, 0x2f +}; +static const unsigned char aes_192_no_df_pr_entropyinputpr[] = { + 0x0c, 0x9c, 0xad, 0x05, 0xee, 0xae, 0x48, 0x23, 0x89, 0x59, 0xa1, 0x94, + 0xd7, 0xd8, 0x75, 0xd5, 0x54, 0x93, 0xc7, 0x4a, 0xd9, 0x26, 0xde, 0xeb, + 0xba, 0xb0, 0x7e, 0x30, 0x1d, 0x5f, 0x69, 0x40, 0x9c, 0x3b, 0x17, 0x58, + 0x1d, 0x30, 0xb3, 0x78 +}; +static const unsigned char aes_192_no_df_pr_int_returnedbits[] = { + 0xf7, 0x93, 0xb0, 0x6d, 0x77, 0x83, 0xd5, 0x38, 0x01, 0xe1, 0x52, 0x40, + 0x7e, 0x3e, 0x0c, 0x26 +}; +static const unsigned char aes_192_no_df_pr_additionalinput2[] = { + 0xbc, 0x4b, 0x37, 0x44, 0x1c, 0xc5, 0x45, 0x5f, 0x8f, 0x51, 0x62, 0x8a, + 0x85, 0x30, 0x1d, 0x7c, 0xe4, 0xcf, 0xf7, 0x44, 0xce, 0x32, 0x3e, 0x57, + 0x95, 0xa4, 0x2a, 0xdf, 0xfd, 0x9e, 0x38, 0x41, 0xb3, 0xf6, 0xc5, 0xee, + 0x0c, 0x4b, 0xee, 0x6e +}; +static const unsigned char aes_192_no_df_pr_entropyinputpr2[] = { + 0xec, 0xaf, 0xf6, 0x4f, 0xb1, 0xa0, 0x54, 0xb5, 0x5b, 0xe3, 0x46, 0xb0, + 0x76, 0x5a, 0x7c, 0x3f, 0x7b, 0x94, 0x69, 0x21, 0x51, 0x02, 0xe5, 0x9f, + 0x04, 0x59, 0x02, 0x98, 0xc6, 0x43, 0x2c, 0xcc, 0x26, 0x4c, 0x87, 0x6b, + 0x8e, 0x0a, 0x83, 0xdf +}; +static const unsigned char aes_192_no_df_pr_returnedbits[] = { + 0x74, 0x45, 0xfb, 0x53, 0x84, 0x96, 0xbe, 0xff, 0x15, 0xcc, 0x41, 0x91, + 0xb9, 0xa1, 0x21, 0x68 +}; + + +/* + * AES-192 no df no PR + */ +static const unsigned char aes_192_no_df_entropyinput[] = { + 0x3c, 0x7d, 0xb5, 0xe0, 0x54, 0xd9, 0x6e, 0x8c, 0xa9, 0x86, 0xce, 0x4e, + 0x6b, 0xaf, 0xeb, 0x2f, 0xe7, 0x75, 0xe0, 0x8b, 0xa4, 0x3b, 0x07, 0xfe, + 0xbe, 0x33, 0x75, 0x93, 0x80, 0x27, 0xb5, 0x29, 0x47, 0x8b, 0xc7, 0x28, + 0x94, 0xc3, 0x59, 0x63 +}; +static const unsigned char aes_192_no_df_nonce[] = { + 0x43, 0xf1, 0x7d, 0xb8, 0xc3, 0xfe, 0xd0, 0x23, 0x6b, 0xb4, 0x92, 0xdb, + 0x29, 0xfd, 0x45, 0x71 +}; +static const unsigned char aes_192_no_df_personalizationstring[] = { + 0x9f, 0x24, 0x29, 0x99, 0x9e, 0x01, 0xab, 0xe9, 0x19, 0xd8, 0x23, 0x08, + 0xb7, 0xd6, 0x7e, 0x8c, 0xc0, 0x9e, 0x7f, 0x6e, 0x5b, 0x33, 0x20, 0x96, + 0x0b, 0x23, 0x2c, 0xa5, 0x6a, 0xf8, 0x1b, 0x04, 0x26, 0xdb, 0x2e, 0x2b, + 0x3b, 0x88, 0xce, 0x35 +}; +static const unsigned char aes_192_no_df_additionalinput[] = { + 0x94, 0xe9, 0x7c, 0x3d, 0xa7, 0xdb, 0x60, 0x83, 0x1f, 0x98, 0x3f, 0x0b, + 0x88, 0x59, 0x57, 0x51, 0x88, 0x9f, 0x76, 0x49, 0x9f, 0xa6, 0xda, 0x71, + 0x1d, 0x0d, 0x47, 0x16, 0x63, 0xc5, 0x68, 0xe4, 0x5d, 0x39, 0x69, 0xb3, + 0x3e, 0xbe, 0xd4, 0x8e +}; +static const unsigned char aes_192_no_df_int_returnedbits[] = { + 0xf9, 0xd7, 0xad, 0x69, 0xab, 0x8f, 0x23, 0x56, 0x70, 0x17, 0x4f, 0x2a, + 0x45, 0xe7, 0x4a, 0xc5 +}; +static const unsigned char aes_192_no_df_entropyinputreseed[] = { + 0xa6, 0x71, 0x6a, 0x3d, 0xba, 0xd1, 0xe8, 0x66, 0xa6, 0xef, 0xb2, 0x0e, + 0xa8, 0x9c, 0xaa, 0x4e, 0xaf, 0x17, 0x89, 0x50, 0x00, 0xda, 0xa1, 0xb1, + 0x0b, 0xa4, 0xd9, 0x35, 0x89, 0xc8, 0xe5, 0xb0, 0xd9, 0xb7, 0xc4, 0x33, + 0x9b, 0xcb, 0x7e, 0x75 +}; +static const unsigned char aes_192_no_df_additionalinputreseed[] = { + 0x27, 0x21, 0xfc, 0xc2, 0xbd, 0xf3, 0x3c, 0xce, 0xc3, 0xca, 0xc1, 0x01, + 0xe0, 0xff, 0x93, 0x12, 0x7d, 0x54, 0x42, 0xe3, 0x9f, 0x03, 0xdf, 0x27, + 0x04, 0x07, 0x3c, 0x53, 0x7f, 0xa8, 0x66, 0xc8, 0x97, 0x4b, 0x61, 0x40, + 0x5d, 0x7a, 0x25, 0x79 +}; +static const unsigned char aes_192_no_df_additionalinput2[] = { + 0x2d, 0x8e, 0x16, 0x5d, 0x0b, 0x9f, 0xeb, 0xaa, 0xd6, 0xec, 0x28, 0x71, + 0x7c, 0x0b, 0xc1, 0x1d, 0xd4, 0x44, 0x19, 0x47, 0xfd, 0x1d, 0x7c, 0xe5, + 0xf3, 0x27, 0xe1, 0xb6, 0x72, 0x0a, 0xe0, 0xec, 0x0e, 0xcd, 0xef, 0x1a, + 0x91, 0x6a, 0xe3, 0x5f +}; +static const unsigned char aes_192_no_df_returnedbits[] = { + 0xe5, 0xda, 0xb8, 0xe0, 0x63, 0x59, 0x5a, 0xcc, 0x3d, 0xdc, 0x9f, 0xe8, + 0x66, 0x67, 0x2c, 0x92 +}; + + +/* + * AES-256 no df PR + */ +static const unsigned char aes_256_no_df_pr_entropyinput[] = { + 0x15, 0xc7, 0x5d, 0xcb, 0x41, 0x4b, 0x16, 0x01, 0x3a, 0xd1, 0x44, 0xe8, + 0x22, 0x32, 0xc6, 0x9c, 0x3f, 0xe7, 0x43, 0xf5, 0x9a, 0xd3, 0xea, 0xf2, + 0xd7, 0x4e, 0x6e, 0x6a, 0x55, 0x73, 0x40, 0xef, 0x89, 0xad, 0x0d, 0x03, + 0x96, 0x7e, 0x78, 0x81, 0x2f, 0x91, 0x1b, 0x44, 0xb0, 0x02, 0xba, 0x1c, +}; +static const unsigned char aes_256_no_df_pr_nonce[] = { + 0xdc, 0xe4, 0xd4, 0x27, 0x7a, 0x90, 0xd7, 0x99, 0x43, 0xa1, 0x3c, 0x30, + 0xcc, 0x4b, 0xee, 0x2e +}; +static const unsigned char aes_256_no_df_pr_personalizationstring[] = { + 0xe3, 0xe6, 0xb9, 0x11, 0xe4, 0x7a, 0xa4, 0x40, 0x6b, 0xf8, 0x73, 0xf7, + 0x7e, 0xec, 0xc7, 0xb9, 0x97, 0xbf, 0xf8, 0x25, 0x7b, 0xbe, 0x11, 0x9b, + 0x5b, 0x6a, 0x0c, 0x2e, 0x2b, 0x01, 0x51, 0xcd, 0x41, 0x4b, 0x6b, 0xac, + 0x31, 0xa8, 0x0b, 0xf7, 0xe6, 0x59, 0x42, 0xb8, 0x03, 0x0c, 0xf8, 0x06, +}; +static const unsigned char aes_256_no_df_pr_additionalinput[] = { + 0x6a, 0x9f, 0x00, 0x91, 0xae, 0xfe, 0xcf, 0x84, 0x99, 0xce, 0xb1, 0x40, + 0x6d, 0x5d, 0x33, 0x28, 0x84, 0xf4, 0x8c, 0x63, 0x4c, 0x7e, 0xbd, 0x2c, + 0x80, 0x76, 0xee, 0x5a, 0xaa, 0x15, 0x07, 0x31, 0xd8, 0xbb, 0x8c, 0x69, + 0x9d, 0x9d, 0xbc, 0x7e, 0x49, 0xae, 0xec, 0x39, 0x6b, 0xd1, 0x1f, 0x7e, +}; +static const unsigned char aes_256_no_df_pr_entropyinputpr[] = { + 0xf3, 0xb9, 0x75, 0x9c, 0xbd, 0x88, 0xea, 0xa2, 0x50, 0xad, 0xd6, 0x16, + 0x1a, 0x12, 0x3c, 0x86, 0x68, 0xaf, 0x6f, 0xbe, 0x19, 0xf2, 0xee, 0xcc, + 0xa5, 0x70, 0x84, 0x53, 0x50, 0xcb, 0x9f, 0x14, 0xa9, 0xe5, 0xee, 0xb9, + 0x48, 0x45, 0x40, 0xe2, 0xc7, 0xc9, 0x9a, 0x74, 0xff, 0x8c, 0x99, 0x1f, +}; +static const unsigned char aes_256_no_df_pr_int_returnedbits[] = { + 0x2e, 0xf2, 0x45, 0x4c, 0x62, 0x2e, 0x0a, 0xb9, 0x6b, 0xa2, 0xfd, 0x56, + 0x79, 0x60, 0x93, 0xcf +}; +static const unsigned char aes_256_no_df_pr_additionalinput2[] = { + 0xaf, 0x69, 0x20, 0xe9, 0x3b, 0x37, 0x9d, 0x3f, 0xb4, 0x80, 0x02, 0x7a, + 0x25, 0x7d, 0xb8, 0xde, 0x71, 0xc5, 0x06, 0x0c, 0xb4, 0xe2, 0x8f, 0x35, + 0xd8, 0x14, 0x0d, 0x7f, 0x76, 0x63, 0x4e, 0xb5, 0xee, 0xe9, 0x6f, 0x34, + 0xc7, 0x5f, 0x56, 0x14, 0x4a, 0xe8, 0x73, 0x95, 0x5b, 0x1c, 0xb9, 0xcb, +}; +static const unsigned char aes_256_no_df_pr_entropyinputpr2[] = { + 0xe5, 0xb0, 0x2e, 0x7e, 0x52, 0x30, 0xe3, 0x63, 0x82, 0xb6, 0x44, 0xd3, + 0x25, 0x19, 0x05, 0x24, 0x9a, 0x9f, 0x5f, 0x27, 0x6a, 0x29, 0xab, 0xfa, + 0x07, 0xa2, 0x42, 0x0f, 0xc5, 0xa8, 0x94, 0x7c, 0x17, 0x7b, 0x85, 0x83, + 0x0c, 0x25, 0x0e, 0x63, 0x0b, 0xe9, 0x12, 0x60, 0xcd, 0xef, 0x80, 0x0f, +}; +static const unsigned char aes_256_no_df_pr_returnedbits[] = { + 0x5e, 0xf2, 0x26, 0xef, 0x9f, 0x58, 0x5d, 0xd5, 0x4a, 0x10, 0xfe, 0xa7, + 0x2d, 0x5f, 0x4a, 0x46 +}; + + +/* + * AES-256 no df no PR + */ +static const unsigned char aes_256_no_df_entropyinput[] = { + 0xfb, 0xcf, 0x1b, 0x61, 0x16, 0x89, 0x78, 0x23, 0xf5, 0xd8, 0x96, 0xe3, + 0x4e, 0x64, 0x0b, 0x29, 0x9a, 0x3f, 0xf8, 0xa5, 0xed, 0xf2, 0xfe, 0xdb, + 0x16, 0xca, 0x7f, 0x10, 0xfa, 0x5e, 0x18, 0x76, 0x2c, 0x63, 0x5e, 0x96, + 0xcf, 0xb3, 0xd6, 0xfc, 0xaf, 0x99, 0x39, 0x28, 0x9c, 0x61, 0xe8, 0xb3, +}; +static const unsigned char aes_256_no_df_nonce[] = { + 0x12, 0x96, 0xf0, 0x52, 0xf3, 0x8d, 0x81, 0xcf, 0xde, 0x86, 0xf2, 0x99, + 0x43, 0x96, 0xb9, 0xf0 +}; +static const unsigned char aes_256_no_df_personalizationstring[] = { + 0x63, 0x0d, 0x78, 0xf5, 0x90, 0x8e, 0x32, 0x47, 0xb0, 0x4d, 0x37, 0x60, + 0x09, 0x96, 0xbc, 0xbf, 0x97, 0x7a, 0x62, 0x14, 0x45, 0xbd, 0x8d, 0xcc, + 0x69, 0xfb, 0x03, 0xe1, 0x80, 0x1c, 0xc7, 0xe2, 0x2a, 0xf9, 0x37, 0x3f, + 0x66, 0x4d, 0x62, 0xd9, 0x10, 0xe0, 0xad, 0xc8, 0x9a, 0xf0, 0xa8, 0x6d, +}; +static const unsigned char aes_256_no_df_additionalinput[] = { + 0x36, 0xc6, 0x13, 0x60, 0xbb, 0x14, 0xad, 0x22, 0xb0, 0x38, 0xac, 0xa6, + 0x18, 0x16, 0x93, 0x25, 0x86, 0xb7, 0xdc, 0xdc, 0x36, 0x98, 0x2b, 0xf9, + 0x68, 0x33, 0xd3, 0xc6, 0xff, 0xce, 0x8d, 0x15, 0x59, 0x82, 0x76, 0xed, + 0x6f, 0x8d, 0x49, 0x74, 0x2f, 0xda, 0xdc, 0x1f, 0x17, 0xd0, 0xde, 0x17, +}; +static const unsigned char aes_256_no_df_int_returnedbits[] = { + 0x16, 0x2f, 0x8e, 0x3f, 0x21, 0x7a, 0x1c, 0x20, 0x56, 0xd1, 0x92, 0xf6, + 0xd2, 0x25, 0x75, 0x0e +}; +static const unsigned char aes_256_no_df_entropyinputreseed[] = { + 0x91, 0x79, 0x76, 0xee, 0xe0, 0xcf, 0x9e, 0xc2, 0xd5, 0xd4, 0x23, 0x9b, + 0x12, 0x8c, 0x7e, 0x0a, 0xb7, 0xd2, 0x8b, 0xd6, 0x7c, 0xa3, 0xc6, 0xe5, + 0x0e, 0xaa, 0xc7, 0x6b, 0xae, 0x0d, 0xfa, 0x53, 0x06, 0x79, 0xa1, 0xed, + 0x4d, 0x6a, 0x0e, 0xd8, 0x9d, 0xbe, 0x1b, 0x31, 0x93, 0x7b, 0xec, 0xfb, +}; +static const unsigned char aes_256_no_df_additionalinputreseed[] = { + 0xd2, 0x46, 0x50, 0x22, 0x10, 0x14, 0x63, 0xf7, 0xea, 0x0f, 0xb9, 0x7e, + 0x0d, 0xe1, 0x94, 0x07, 0xaf, 0x09, 0x44, 0x31, 0xea, 0x64, 0xa4, 0x18, + 0x5b, 0xf9, 0xd8, 0xc2, 0xfa, 0x03, 0x47, 0xc5, 0x39, 0x43, 0xd5, 0x3b, + 0x62, 0x86, 0x64, 0xea, 0x2c, 0x73, 0x8c, 0xae, 0x9d, 0x98, 0x98, 0x29, +}; +static const unsigned char aes_256_no_df_additionalinput2[] = { + 0x8c, 0xab, 0x18, 0xf8, 0xc3, 0xec, 0x18, 0x5c, 0xb3, 0x1e, 0x9d, 0xbe, + 0x3f, 0x03, 0xb4, 0x00, 0x98, 0x9d, 0xae, 0xeb, 0xf4, 0x94, 0xf8, 0x42, + 0x8f, 0xe3, 0x39, 0x07, 0xe1, 0xc9, 0xad, 0x0b, 0x1f, 0xed, 0xc0, 0xba, + 0xf6, 0xd1, 0xec, 0x27, 0x86, 0x7b, 0xd6, 0x55, 0x9b, 0x60, 0xa5, 0xc6, +}; +static const unsigned char aes_256_no_df_returnedbits[] = { + 0xef, 0xd2, 0xd8, 0x5c, 0xdc, 0x62, 0x25, 0x9f, 0xaa, 0x1e, 0x2c, 0x67, + 0xf6, 0x02, 0x32, 0xe2 +}; diff --git a/deps/openssl/openssl/test/dsatest.c b/deps/openssl/openssl/test/dsatest.c index 3a62eb69344b86..fa2ec4af12b40c 100644 --- a/deps/openssl/openssl/test/dsatest.c +++ b/deps/openssl/openssl/test/dsatest.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,23 +13,15 @@ #include #include -#include "../e_os.h" - #include #include -#include -#include #include +#include -#ifdef OPENSSL_NO_DSA -int main(int argc, char *argv[]) -{ - printf("No DSA support\n"); - return (0); -} -#else -# include +#include "testutil.h" +#include "internal/nelem.h" +#ifndef OPENSSL_NO_DSA static int dsa_cb(int p, int n, BN_GENCB *arg); /* @@ -71,12 +63,7 @@ static unsigned char out_g[] = { static const unsigned char str1[] = "12345678901234567890"; -static const char rnd_seed[] = - "string to make the random number generator think it has entropy"; - -static BIO *bio_err = NULL; - -int main(int argc, char **argv) +static int dsa_test(void) { BN_GENCB *cb; DSA *dsa = NULL; @@ -87,110 +74,68 @@ int main(int argc, char **argv) unsigned int siglen; const BIGNUM *p = NULL, *q = NULL, *g = NULL; - if (bio_err == NULL) - bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); - - CRYPTO_set_mem_debug(1); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - - RAND_seed(rnd_seed, sizeof(rnd_seed)); - - BIO_printf(bio_err, "test generation of DSA parameters\n"); - - cb = BN_GENCB_new(); - if (!cb) + if (!TEST_ptr(cb = BN_GENCB_new())) goto end; - BN_GENCB_set(cb, dsa_cb, bio_err); - if (((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 512, - seed, 20, - &counter, - &h, cb)) + BN_GENCB_set(cb, dsa_cb, NULL); + if (!TEST_ptr(dsa = DSA_new()) + || !TEST_true(DSA_generate_parameters_ex(dsa, 512, seed, 20, + &counter, &h, cb))) goto end; - BIO_printf(bio_err, "seed\n"); - for (i = 0; i < 20; i += 4) { - BIO_printf(bio_err, "%02X%02X%02X%02X ", - seed[i], seed[i + 1], seed[i + 2], seed[i + 3]); - } - BIO_printf(bio_err, "\ncounter=%d h=%ld\n", counter, h); - - DSA_print(bio_err, dsa, 0); - if (counter != 105) { - BIO_printf(bio_err, "counter should be 105\n"); + if (!TEST_int_eq(counter, 105)) goto end; - } - if (h != 2) { - BIO_printf(bio_err, "h should be 2\n"); + if (!TEST_int_eq(h, 2)) goto end; - } DSA_get0_pqg(dsa, &p, &q, &g); i = BN_bn2bin(q, buf); j = sizeof(out_q); - if ((i != j) || (memcmp(buf, out_q, i) != 0)) { - BIO_printf(bio_err, "q value is wrong\n"); + if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_q, i)) goto end; - } i = BN_bn2bin(p, buf); j = sizeof(out_p); - if ((i != j) || (memcmp(buf, out_p, i) != 0)) { - BIO_printf(bio_err, "p value is wrong\n"); + if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_p, i)) goto end; - } i = BN_bn2bin(g, buf); j = sizeof(out_g); - if ((i != j) || (memcmp(buf, out_g, i) != 0)) { - BIO_printf(bio_err, "g value is wrong\n"); + if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_g, i)) goto end; - } DSA_generate_key(dsa); DSA_sign(0, str1, 20, sig, &siglen, dsa); - if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1) + if (TEST_true(DSA_verify(0, str1, 20, sig, siglen, dsa))) ret = 1; end: - if (!ret) - ERR_print_errors(bio_err); DSA_free(dsa); BN_GENCB_free(cb); - -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - if (CRYPTO_mem_leaks(bio_err) <= 0) - ret = 0; -#endif - BIO_free(bio_err); - bio_err = NULL; - EXIT(!ret); + return ret; } static int dsa_cb(int p, int n, BN_GENCB *arg) { - char c = '*'; static int ok = 0, num = 0; - if (p == 0) { - c = '.'; + if (p == 0) num++; - }; - if (p == 1) - c = '+'; - if (p == 2) { - c = '*'; + if (p == 2) ok++; - } - if (p == 3) - c = '\n'; - BIO_write(BN_GENCB_get_arg(arg), &c, 1); - (void)BIO_flush(BN_GENCB_get_arg(arg)); if (!ok && (p == 0) && (num > 1)) { - BIO_printf(BN_GENCB_get_arg(arg), "error in dsatest\n"); + TEST_error("dsa_cb error"); return 0; } return 1; } +#endif /* OPENSSL_NO_DSA */ + +int setup_tests(void) +{ +#ifndef OPENSSL_NO_DSA + ADD_TEST(dsa_test); #endif + return 1; +} diff --git a/deps/openssl/openssl/test/dtlstest.c b/deps/openssl/openssl/test/dtlstest.c index 8200fac029aebd..772528febf9faf 100644 --- a/deps/openssl/openssl/test/dtlstest.c +++ b/deps/openssl/openssl/test/dtlstest.c @@ -7,6 +7,7 @@ * https://www.openssl.org/source/license.html */ +#include #include #include #include @@ -17,6 +18,7 @@ static char *cert = NULL; static char *privkey = NULL; +static unsigned int timer_cb_count; #define NUM_TESTS 2 @@ -40,6 +42,16 @@ static unsigned char certstatus[] = { #define RECORD_SEQUENCE 10 +static unsigned int timer_cb(SSL *s, unsigned int timer_us) +{ + ++timer_cb_count; + + if (timer_us == 0) + return 50000; + else + return 2 * timer_us; +} + static int test_dtls_unprocessed(int testidx) { SSL_CTX *sctx = NULL, *cctx = NULL; @@ -47,32 +59,27 @@ static int test_dtls_unprocessed(int testidx) BIO *c_to_s_fbio, *c_to_s_mempacket; int testresult = 0; - printf("Starting Test %d\n", testidx); + timer_cb_count = 0; - if (!create_ssl_ctx_pair(DTLS_server_method(), DTLS_client_method(), - DTLS1_VERSION, DTLS_MAX_VERSION, &sctx, &cctx, - cert, privkey)) { - printf("Unable to create SSL_CTX pair\n"); + if (!TEST_true(create_ssl_ctx_pair(DTLS_server_method(), + DTLS_client_method(), + DTLS1_VERSION, DTLS_MAX_VERSION, + &sctx, &cctx, cert, privkey))) return 0; - } - if (!SSL_CTX_set_cipher_list(cctx, "AES128-SHA")) { - printf("Failed setting cipher list\n"); - } + if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "AES128-SHA"))) + goto end; c_to_s_fbio = BIO_new(bio_f_tls_dump_filter()); - if (c_to_s_fbio == NULL) { - printf("Failed to create filter BIO\n"); + if (!TEST_ptr(c_to_s_fbio)) goto end; - } /* BIO is freed by create_ssl_connection on error */ - if (!create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1, NULL, - c_to_s_fbio)) { - printf("Unable to create SSL objects\n"); - ERR_print_errors_fp(stdout); + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1, + NULL, c_to_s_fbio))) goto end; - } + + DTLS_set_timer_cb(clientssl1, timer_cb); if (testidx == 1) certstatus[RECORD_SEQUENCE] = 0xff; @@ -89,9 +96,12 @@ static int test_dtls_unprocessed(int testidx) mempacket_test_inject(c_to_s_mempacket, (char *)certstatus, sizeof(certstatus), 1, INJECT_PACKET_IGNORE_REC_SEQ); - if (!create_ssl_connection(serverssl1, clientssl1)) { - printf("Unable to create SSL connection\n"); - ERR_print_errors_fp(stdout); + if (!TEST_true(create_ssl_connection(serverssl1, clientssl1, + SSL_ERROR_NONE))) + goto end; + + if (timer_cb_count == 0) { + printf("timer_callback was not called.\n"); goto end; } @@ -105,39 +115,231 @@ static int test_dtls_unprocessed(int testidx) return testresult; } -int main(int argc, char *argv[]) +#define CLI_TO_SRV_EPOCH_0_RECS 3 +#define CLI_TO_SRV_EPOCH_1_RECS 1 +#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) +# define SRV_TO_CLI_EPOCH_0_RECS 12 +#else +/* + * In this case we have no ServerKeyExchange message, because we don't have + * ECDHE or DHE. When it is present it gets fragmented into 3 records in this + * test. + */ +# define SRV_TO_CLI_EPOCH_0_RECS 9 +#endif +#define SRV_TO_CLI_EPOCH_1_RECS 1 +#define TOTAL_FULL_HAND_RECORDS \ + (CLI_TO_SRV_EPOCH_0_RECS + CLI_TO_SRV_EPOCH_1_RECS + \ + SRV_TO_CLI_EPOCH_0_RECS + SRV_TO_CLI_EPOCH_1_RECS) + +#define CLI_TO_SRV_RESUME_EPOCH_0_RECS 3 +#define CLI_TO_SRV_RESUME_EPOCH_1_RECS 1 +#define SRV_TO_CLI_RESUME_EPOCH_0_RECS 2 +#define SRV_TO_CLI_RESUME_EPOCH_1_RECS 1 +#define TOTAL_RESUME_HAND_RECORDS \ + (CLI_TO_SRV_RESUME_EPOCH_0_RECS + CLI_TO_SRV_RESUME_EPOCH_1_RECS + \ + SRV_TO_CLI_RESUME_EPOCH_0_RECS + SRV_TO_CLI_RESUME_EPOCH_1_RECS) + +#define TOTAL_RECORDS (TOTAL_FULL_HAND_RECORDS + TOTAL_RESUME_HAND_RECORDS) + +static int test_dtls_drop_records(int idx) { - BIO *err = NULL; - int testresult = 1; + SSL_CTX *sctx = NULL, *cctx = NULL; + SSL *serverssl = NULL, *clientssl = NULL; + BIO *c_to_s_fbio, *mempackbio; + int testresult = 0; + int epoch = 0; + SSL_SESSION *sess = NULL; + int cli_to_srv_epoch0, cli_to_srv_epoch1, srv_to_cli_epoch0; + + if (!TEST_true(create_ssl_ctx_pair(DTLS_server_method(), + DTLS_client_method(), + DTLS1_VERSION, DTLS_MAX_VERSION, + &sctx, &cctx, cert, privkey))) + return 0; - if (argc != 3) { - printf("Invalid argument count\n"); - return 1; + if (idx >= TOTAL_FULL_HAND_RECORDS) { + /* We're going to do a resumption handshake. Get a session first. */ + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + || !TEST_ptr(sess = SSL_get1_session(clientssl))) + goto end; + + SSL_shutdown(clientssl); + SSL_shutdown(serverssl); + SSL_free(serverssl); + SSL_free(clientssl); + serverssl = clientssl = NULL; + + cli_to_srv_epoch0 = CLI_TO_SRV_RESUME_EPOCH_0_RECS; + cli_to_srv_epoch1 = CLI_TO_SRV_RESUME_EPOCH_1_RECS; + srv_to_cli_epoch0 = SRV_TO_CLI_RESUME_EPOCH_0_RECS; + idx -= TOTAL_FULL_HAND_RECORDS; + } else { + cli_to_srv_epoch0 = CLI_TO_SRV_EPOCH_0_RECS; + cli_to_srv_epoch1 = CLI_TO_SRV_EPOCH_1_RECS; + srv_to_cli_epoch0 = SRV_TO_CLI_EPOCH_0_RECS; } - cert = argv[1]; - privkey = argv[2]; + c_to_s_fbio = BIO_new(bio_f_tls_dump_filter()); + if (!TEST_ptr(c_to_s_fbio)) + goto end; + + /* BIO is freed by create_ssl_connection on error */ + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, c_to_s_fbio))) + goto end; - err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); + if (sess != NULL) { + if (!TEST_true(SSL_set_session(clientssl, sess))) + goto end; + } - CRYPTO_set_mem_debug(1); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + DTLS_set_timer_cb(clientssl, timer_cb); + DTLS_set_timer_cb(serverssl, timer_cb); - ADD_ALL_TESTS(test_dtls_unprocessed, NUM_TESTS); + /* Work out which record to drop based on the test number */ + if (idx >= cli_to_srv_epoch0 + cli_to_srv_epoch1) { + mempackbio = SSL_get_wbio(serverssl); + idx -= cli_to_srv_epoch0 + cli_to_srv_epoch1; + if (idx >= srv_to_cli_epoch0) { + epoch = 1; + idx -= srv_to_cli_epoch0; + } + } else { + mempackbio = SSL_get_wbio(clientssl); + if (idx >= cli_to_srv_epoch0) { + epoch = 1; + idx -= cli_to_srv_epoch0; + } + mempackbio = BIO_next(mempackbio); + } + BIO_ctrl(mempackbio, MEMPACKET_CTRL_SET_DROP_EPOCH, epoch, NULL); + BIO_ctrl(mempackbio, MEMPACKET_CTRL_SET_DROP_REC, idx, NULL); - testresult = run_tests(argv[0]); + if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) + goto end; - bio_f_tls_dump_filter_free(); - bio_s_mempacket_test_free(); + if (sess != NULL && !TEST_true(SSL_session_reused(clientssl))) + goto end; -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - if (CRYPTO_mem_leaks(err) <= 0) - testresult = 1; -#endif - BIO_free(err); + /* If the test did what we planned then it should have dropped a record */ + if (!TEST_int_eq((int)BIO_ctrl(mempackbio, MEMPACKET_CTRL_GET_DROP_REC, 0, + NULL), -1)) + goto end; + + testresult = 1; + end: + SSL_SESSION_free(sess); + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} + +static const char dummy_cookie[] = "0123456"; + +static int generate_cookie_cb(SSL *ssl, unsigned char *cookie, + unsigned int *cookie_len) +{ + memcpy(cookie, dummy_cookie, sizeof(dummy_cookie)); + *cookie_len = sizeof(dummy_cookie); + return 1; +} + +static int verify_cookie_cb(SSL *ssl, const unsigned char *cookie, + unsigned int cookie_len) +{ + return TEST_mem_eq(cookie, cookie_len, dummy_cookie, sizeof(dummy_cookie)); +} - if (!testresult) - printf("PASS\n"); +static int test_cookie(void) +{ + SSL_CTX *sctx = NULL, *cctx = NULL; + SSL *serverssl = NULL, *clientssl = NULL; + int testresult = 0; + + if (!TEST_true(create_ssl_ctx_pair(DTLS_server_method(), + DTLS_client_method(), + DTLS1_VERSION, DTLS_MAX_VERSION, + &sctx, &cctx, cert, privkey))) + return 0; + + SSL_CTX_set_options(sctx, SSL_OP_COOKIE_EXCHANGE); + SSL_CTX_set_cookie_generate_cb(sctx, generate_cookie_cb); + SSL_CTX_set_cookie_verify_cb(sctx, verify_cookie_cb); + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + + testresult = 1; + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); return testresult; } + +static int test_dtls_duplicate_records(void) +{ + SSL_CTX *sctx = NULL, *cctx = NULL; + SSL *serverssl = NULL, *clientssl = NULL; + int testresult = 0; + + if (!TEST_true(create_ssl_ctx_pair(DTLS_server_method(), + DTLS_client_method(), + DTLS1_VERSION, DTLS_MAX_VERSION, + &sctx, &cctx, cert, privkey))) + return 0; + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL))) + goto end; + + DTLS_set_timer_cb(clientssl, timer_cb); + DTLS_set_timer_cb(serverssl, timer_cb); + + BIO_ctrl(SSL_get_wbio(clientssl), MEMPACKET_CTRL_SET_DUPLICATE_REC, 1, NULL); + BIO_ctrl(SSL_get_wbio(serverssl), MEMPACKET_CTRL_SET_DUPLICATE_REC, 1, NULL); + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) + goto end; + + testresult = 1; + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} + +int setup_tests(void) +{ + if (!TEST_ptr(cert = test_get_argument(0)) + || !TEST_ptr(privkey = test_get_argument(1))) + return 0; + + ADD_ALL_TESTS(test_dtls_unprocessed, NUM_TESTS); + ADD_ALL_TESTS(test_dtls_drop_records, TOTAL_RECORDS); + ADD_TEST(test_cookie); + ADD_TEST(test_dtls_duplicate_records); + + return 1; +} + +void cleanup_tests(void) +{ + bio_f_tls_dump_filter_free(); + bio_s_mempacket_test_free(); +} diff --git a/deps/openssl/openssl/test/dtlsv1listentest.c b/deps/openssl/openssl/test/dtlsv1listentest.c index 91d78e1301a778..4ce11aacb7b4a4 100644 --- a/deps/openssl/openssl/test/dtlsv1listentest.c +++ b/deps/openssl/openssl/test/dtlsv1listentest.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,10 +12,8 @@ #include #include #include -#ifndef OPENSSL_NO_ENGINE - #include -#endif -#include "e_os.h" +#include "internal/nelem.h" +#include "testutil.h" #ifndef OPENSSL_NO_SOCK @@ -236,7 +234,7 @@ static const unsigned char verify[] = { 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13 /* Cookie */ }; -static struct { +typedef struct { const unsigned char *in; unsigned int inlen; /* @@ -245,52 +243,18 @@ static struct { * DROP == 0 return value, no output */ enum {GOOD, VERIFY, DROP} outtype; -} testpackets[9] = { - { - clienthello_nocookie, - sizeof(clienthello_nocookie), - VERIFY - }, - { - clienthello_nocookie_frag, - sizeof(clienthello_nocookie_frag), - VERIFY - }, - { - clienthello_nocookie_short, - sizeof(clienthello_nocookie_short), - DROP - }, - { - clienthello_2ndfrag, - sizeof(clienthello_2ndfrag), - DROP - }, - { - clienthello_cookie, - sizeof(clienthello_cookie), - GOOD - }, - { - clienthello_cookie_frag, - sizeof(clienthello_cookie_frag), - GOOD - }, - { - clienthello_badcookie, - sizeof(clienthello_badcookie), - VERIFY - }, - { - clienthello_cookie_short, - sizeof(clienthello_cookie_short), - DROP - }, - { - record_short, - sizeof(record_short), - DROP - } +} tests; + +static tests testpackets[9] = { + { clienthello_nocookie, sizeof(clienthello_nocookie), VERIFY }, + { clienthello_nocookie_frag, sizeof(clienthello_nocookie_frag), VERIFY }, + { clienthello_nocookie_short, sizeof(clienthello_nocookie_short), DROP }, + { clienthello_2ndfrag, sizeof(clienthello_2ndfrag), DROP }, + { clienthello_cookie, sizeof(clienthello_cookie), GOOD }, + { clienthello_cookie_frag, sizeof(clienthello_cookie_frag), GOOD }, + { clienthello_badcookie, sizeof(clienthello_badcookie), VERIFY }, + { clienthello_cookie_short, sizeof(clienthello_cookie_short), DROP }, + { record_short, sizeof(record_short), DROP } }; # define COOKIE_LEN 20 @@ -299,9 +263,8 @@ static int cookie_gen(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len) { unsigned int i; - for (i = 0; i < COOKIE_LEN; i++, cookie++) { + for (i = 0; i < COOKIE_LEN; i++, cookie++) *cookie = i; - } *cookie_len = COOKIE_LEN; return 1; @@ -322,105 +285,73 @@ static int cookie_verify(SSL *ssl, const unsigned char *cookie, return 1; } -#endif -int main(void) +static int dtls_listen_test(int i) { -#ifndef OPENSSL_NO_SOCK SSL_CTX *ctx = NULL; SSL *ssl = NULL; BIO *outbio = NULL; BIO *inbio = NULL; - BIO_ADDR *peer = BIO_ADDR_new(); + BIO_ADDR *peer = NULL; + tests *tp = &testpackets[i]; char *data; long datalen; int ret, success = 0; - long i; - ctx = SSL_CTX_new(DTLS_server_method()); - if (ctx == NULL || peer == NULL) + if (!TEST_ptr(ctx = SSL_CTX_new(DTLS_server_method())) + || !TEST_ptr(peer = BIO_ADDR_new())) goto err; - SSL_CTX_set_cookie_generate_cb(ctx, cookie_gen); SSL_CTX_set_cookie_verify_cb(ctx, cookie_verify); - /* Create an SSL object for the connection */ - ssl = SSL_new(ctx); - if (ssl == NULL) - goto err; - - outbio = BIO_new(BIO_s_mem()); - if (outbio == NULL) + /* Create an SSL object and set the BIO */ + if (!TEST_ptr(ssl = SSL_new(ctx)) + || !TEST_ptr(outbio = BIO_new(BIO_s_mem()))) goto err; SSL_set0_wbio(ssl, outbio); - success = 1; - for (i = 0; i < (long)OSSL_NELEM(testpackets) && success; i++) { - inbio = BIO_new_mem_buf((char *)testpackets[i].in, - testpackets[i].inlen); - if (inbio == NULL) { - success = 0; - goto err; - } - /* Set Non-blocking IO behaviour */ - BIO_set_mem_eof_return(inbio, -1); + /* Set Non-blocking IO behaviour */ + if (!TEST_ptr(inbio = BIO_new_mem_buf((char *)tp->in, tp->inlen))) + goto err; + BIO_set_mem_eof_return(inbio, -1); + SSL_set0_rbio(ssl, inbio); - SSL_set0_rbio(ssl, inbio); + /* Process the incoming packet */ + if (!TEST_int_ge(ret = DTLSv1_listen(ssl, peer), 0)) + goto err; + datalen = BIO_get_mem_data(outbio, &data); - /* Process the incoming packet */ - ret = DTLSv1_listen(ssl, peer); - if (ret < 0) { - success = 0; + if (tp->outtype == VERIFY) { + if (!TEST_int_eq(ret, 0) + || !TEST_mem_eq(data, datalen, verify, sizeof(verify))) goto err; - } - - datalen = BIO_get_mem_data(outbio, &data); - - if (testpackets[i].outtype == VERIFY) { - if (ret == 0) { - if (datalen != sizeof(verify) - || (memcmp(data, verify, sizeof(verify)) != 0)) { - printf("Test %ld failure: incorrect HelloVerifyRequest\n", i); - success = 0; - } else { - printf("Test %ld success\n", i); - } - } else { - printf ("Test %ld failure: should not have succeeded\n", i); - success = 0; - } - } else if (datalen == 0) { - if ((ret == 0 && testpackets[i].outtype == DROP) - || (ret == 1 && testpackets[i].outtype == GOOD)) { - printf("Test %ld success\n", i); - } else { - printf("Test %ld failure: wrong return value\n", i); - success = 0; - } - } else { - printf("Test %ld failure: Unexpected data output\n", i); - success = 0; - } - (void)BIO_reset(outbio); - inbio = NULL; - /* Frees up inbio */ - SSL_set0_rbio(ssl, NULL); + } else if (datalen == 0) { + if (!TEST_true((ret == 0 && tp->outtype == DROP) + || (ret == 1 && tp->outtype == GOOD))) + goto err; + } else { + TEST_info("Test %d: unexpected data output", i); + goto err; } + (void)BIO_reset(outbio); + inbio = NULL; + SSL_set0_rbio(ssl, NULL); + success = 1; err: - if (!success) - ERR_print_errors_fp(stderr); /* Also frees up outbio */ SSL_free(ssl); SSL_CTX_free(ctx); BIO_free(inbio); OPENSSL_free(peer); -# ifndef OPENSSL_NO_CRYPTO_MDEBUG - CRYPTO_mem_leaks_fp(stderr); -# endif - return success ? 0 : 1; -#else - printf("DTLSv1_listen() is not supported by this build - skipping\n"); - return 0; + return success; +} +#endif + +int setup_tests(void) +{ +#ifndef OPENSSL_NO_SOCK + ADD_ALL_TESTS(dtls_listen_test, (int)OSSL_NELEM(testpackets)); #endif + return 1; } diff --git a/deps/openssl/openssl/test/ecdsatest.c b/deps/openssl/openssl/test/ecdsatest.c index ce73778791ffe9..96939a5b725959 100644 --- a/deps/openssl/openssl/test/ecdsatest.c +++ b/deps/openssl/openssl/test/ecdsatest.c @@ -1,5 +1,6 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,33 +8,14 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * - * Portions of the attached software ("Contribution") are developed by - * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. - * - * The Contribution is licensed pursuant to the OpenSSL open source - * license provided above. - * - * The elliptic curve binary polynomial software is originally written by - * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. - * - */ - #include #include #include #include /* To see if OPENSSL_NO_EC is defined */ +#include "testutil.h" -#ifdef OPENSSL_NO_EC -int main(int argc, char *argv[]) -{ - puts("Elliptic curves are disabled."); - return 0; -} -#else +#ifndef OPENSSL_NO_EC # include # include @@ -43,50 +25,36 @@ int main(int argc, char *argv[]) # ifndef OPENSSL_NO_ENGINE # include # endif +# include # include # include -static const char rnd_seed[] = "string to make the random number generator " - "think it has entropy"; - -/* declaration of the test functions */ -int x9_62_tests(BIO *); -int x9_62_test_internal(BIO *out, int nid, const char *r, const char *s); -int test_builtin(BIO *); - /* functions to change the RAND_METHOD */ -int change_rand(void); -int restore_rand(void); -int fbytes(unsigned char *buf, int num); +static int fbytes(unsigned char *buf, int num); static RAND_METHOD fake_rand; static const RAND_METHOD *old_rand; -int change_rand(void) +static int change_rand(void) { /* save old rand method */ - if ((old_rand = RAND_get_rand_method()) == NULL) + if (!TEST_ptr(old_rand = RAND_get_rand_method())) return 0; - fake_rand.seed = old_rand->seed; - fake_rand.cleanup = old_rand->cleanup; - fake_rand.add = old_rand->add; - fake_rand.status = old_rand->status; + fake_rand = *old_rand; /* use own random function */ fake_rand.bytes = fbytes; - fake_rand.pseudorand = old_rand->bytes; /* set new RAND_METHOD */ - if (!RAND_set_rand_method(&fake_rand)) + if (!TEST_true(RAND_set_rand_method(&fake_rand))) return 0; return 1; } -int restore_rand(void) +static int restore_rand(void) { - if (!RAND_set_rand_method(old_rand)) + if (!TEST_true(RAND_set_rand_method(old_rand))) return 0; - else - return 1; + return 1; } static int fbytes_counter = 0, use_fake = 0; @@ -105,9 +73,9 @@ static const char *numbers[8] = { "40041670216363" }; -int fbytes(unsigned char *buf, int num) +static int fbytes(unsigned char *buf, int num) { - int ret; + int ret = 0; BIGNUM *tmp = NULL; if (use_fake == 0) @@ -117,85 +85,79 @@ int fbytes(unsigned char *buf, int num) if (fbytes_counter >= 8) return 0; - tmp = BN_new(); - if (!tmp) + if (!TEST_ptr(tmp = BN_new())) return 0; - if (!BN_dec2bn(&tmp, numbers[fbytes_counter])) { + if (!TEST_true(BN_dec2bn(&tmp, numbers[fbytes_counter]))) { BN_free(tmp); return 0; } fbytes_counter++; - if (num != BN_num_bytes(tmp) || !BN_bn2bin(tmp, buf)) - ret = 0; - else + if (TEST_int_eq(BN_num_bytes(tmp), num) + && TEST_true(BN_bn2bin(tmp, buf))) ret = 1; BN_free(tmp); return ret; } /* some tests from the X9.62 draft */ -int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in) +static int x9_62_test_internal(int nid, const char *r_in, const char *s_in) { int ret = 0; const char message[] = "abc"; - unsigned char digest[20]; + unsigned char digest[SHA_DIGEST_LENGTH]; unsigned int dgst_len = 0; - EVP_MD_CTX *md_ctx = EVP_MD_CTX_new(); + EVP_MD_CTX *md_ctx; EC_KEY *key = NULL; ECDSA_SIG *signature = NULL; BIGNUM *r = NULL, *s = NULL; BIGNUM *kinv = NULL, *rp = NULL; const BIGNUM *sig_r, *sig_s; - if (md_ctx == NULL) + if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())) goto x962_int_err; /* get the message digest */ - if (!EVP_DigestInit(md_ctx, EVP_sha1()) - || !EVP_DigestUpdate(md_ctx, (const void *)message, 3) - || !EVP_DigestFinal(md_ctx, digest, &dgst_len)) + if (!TEST_true(EVP_DigestInit(md_ctx, EVP_sha1())) + || !TEST_true(EVP_DigestUpdate(md_ctx, (const void *)message, 3)) + || !TEST_true(EVP_DigestFinal(md_ctx, digest, &dgst_len))) goto x962_int_err; - BIO_printf(out, "testing %s: ", OBJ_nid2sn(nid)); + TEST_info("testing %s", OBJ_nid2sn(nid)); + /* create the key */ - if ((key = EC_KEY_new_by_curve_name(nid)) == NULL) + if (!TEST_ptr(key = EC_KEY_new_by_curve_name(nid))) goto x962_int_err; use_fake = 1; - if (!EC_KEY_generate_key(key)) + if (!TEST_true(EC_KEY_generate_key(key))) goto x962_int_err; - BIO_printf(out, "."); - (void)BIO_flush(out); + /* create the signature */ use_fake = 1; /* Use ECDSA_sign_setup to avoid use of ECDSA nonces */ - if (!ECDSA_sign_setup(key, NULL, &kinv, &rp)) + if (!TEST_true(ECDSA_sign_setup(key, NULL, &kinv, &rp))) goto x962_int_err; - signature = ECDSA_do_sign_ex(digest, 20, kinv, rp, key); - if (signature == NULL) + if (!TEST_ptr(signature = + ECDSA_do_sign_ex(digest, SHA_DIGEST_LENGTH, kinv, rp, key))) goto x962_int_err; - BIO_printf(out, "."); - (void)BIO_flush(out); + /* compare the created signature with the expected signature */ - if ((r = BN_new()) == NULL || (s = BN_new()) == NULL) + if (!TEST_ptr(r = BN_new()) || !TEST_ptr(s = BN_new())) goto x962_int_err; - if (!BN_dec2bn(&r, r_in) || !BN_dec2bn(&s, s_in)) + if (!TEST_true(BN_dec2bn(&r, r_in)) || !TEST_true(BN_dec2bn(&s, s_in))) goto x962_int_err; ECDSA_SIG_get0(signature, &sig_r, &sig_s); - if (BN_cmp(sig_r, r) || BN_cmp(sig_s, s)) + if (!TEST_BN_eq(sig_r, r) + || !TEST_BN_eq(sig_s, s)) goto x962_int_err; - BIO_printf(out, "."); - (void)BIO_flush(out); + /* verify the signature */ - if (ECDSA_do_verify(digest, 20, signature, key) != 1) + if (!TEST_int_eq(ECDSA_do_verify(digest, SHA_DIGEST_LENGTH, + signature, key), 1)) goto x962_int_err; - BIO_printf(out, "."); - (void)BIO_flush(out); - BIO_printf(out, " ok\n"); ret = 1; + x962_int_err: - if (!ret) - BIO_printf(out, " failed\n"); EC_KEY_free(key); ECDSA_SIG_free(signature); BN_free(r); @@ -206,53 +168,54 @@ int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in) return ret; } -int x9_62_tests(BIO *out) +static int x9_62_tests(void) { int ret = 0; - BIO_printf(out, "some tests from X9.62:\n"); - /* set own rand method */ if (!change_rand()) goto x962_err; - if (!x9_62_test_internal(out, NID_X9_62_prime192v1, - "3342403536405981729393488334694600415596881826869351677613", - "5735822328888155254683894997897571951568553642892029982342")) + if (!TEST_true(x9_62_test_internal(NID_X9_62_prime192v1, + "3342403536405981729393488334694600415596881826869351677613", + "5735822328888155254683894997897571951568553642892029982342"))) goto x962_err; - if (!x9_62_test_internal(out, NID_X9_62_prime239v1, - "3086361431751678114926225473006680188549593787585317781474" + if (!TEST_true(x9_62_test_internal(NID_X9_62_prime239v1, + "3086361431751678114926225473006680188549593787585317781474" "62058306432176", - "3238135532097973577080787768312505059318910517550078427819" - "78505179448783")) + "3238135532097973577080787768312505059318910517550078427819" + "78505179448783"))) goto x962_err; + # ifndef OPENSSL_NO_EC2M - if (!x9_62_test_internal(out, NID_X9_62_c2tnb191v1, - "87194383164871543355722284926904419997237591535066528048", - "308992691965804947361541664549085895292153777025772063598")) + if (!TEST_true(x9_62_test_internal(NID_X9_62_c2tnb191v1, + "87194383164871543355722284926904419997237591535066528048", + "308992691965804947361541664549085895292153777025772063598"))) goto x962_err; - if (!x9_62_test_internal(out, NID_X9_62_c2tnb239v1, - "2159633321041961198501834003903461262881815148684178964245" + if (!TEST_true(x9_62_test_internal(NID_X9_62_c2tnb239v1, + "2159633321041961198501834003903461262881815148684178964245" "5876922391552", - "1970303740007316867383349976549972270528498040721988191026" - "49413465737174")) + "1970303740007316867383349976549972270528498040721988191026" + "49413465737174"))) goto x962_err; # endif ret = 1; + x962_err: - if (!restore_rand()) + if (!TEST_true(restore_rand())) ret = 0; return ret; } -int test_builtin(BIO *out) +static int test_builtin(void) { EC_builtin_curve *curves = NULL; size_t crv_len = 0, n = 0; EC_KEY *eckey = NULL, *wrong_eckey = NULL; EC_GROUP *group; ECDSA_SIG *ecdsa_sig = NULL, *modified_sig = NULL; - unsigned char digest[20], wrong_digest[20]; + unsigned char digest[SHA512_DIGEST_LENGTH]; + unsigned char wrong_digest[SHA512_DIGEST_LENGTH]; unsigned char *signature = NULL; const unsigned char *sig_ptr; unsigned char *sig_ptr2; @@ -264,120 +227,80 @@ int test_builtin(BIO *out) int nid, ret = 0; /* fill digest values with some random data */ - if (RAND_bytes(digest, 20) <= 0 || RAND_bytes(wrong_digest, 20) <= 0) { - BIO_printf(out, "ERROR: unable to get random data\n"); + if (!TEST_true(RAND_bytes(digest, SHA512_DIGEST_LENGTH)) + || !TEST_true(RAND_bytes(wrong_digest, SHA512_DIGEST_LENGTH))) goto builtin_err; - } - - /* - * create and verify a ecdsa signature with every available curve (with ) - */ - BIO_printf(out, "\ntesting ECDSA_sign() and ECDSA_verify() " - "with some internal curves:\n"); + /* create and verify a ecdsa signature with every available curve */ /* get a list of all internal curves */ crv_len = EC_get_builtin_curves(NULL, 0); - curves = OPENSSL_malloc(sizeof(*curves) * crv_len); - if (curves == NULL) { - BIO_printf(out, "malloc error\n"); + if (!TEST_ptr(curves = OPENSSL_malloc(sizeof(*curves) * crv_len)) + || !TEST_true(EC_get_builtin_curves(curves, crv_len))) goto builtin_err; - } - - if (!EC_get_builtin_curves(curves, crv_len)) { - BIO_printf(out, "unable to get internal curves\n"); - goto builtin_err; - } /* now create and verify a signature for every curve */ for (n = 0; n < crv_len; n++) { unsigned char dirt, offset; nid = curves[n].nid; - if (nid == NID_ipsec4 || nid == NID_X25519) + if (nid == NID_ipsec4 || nid == NID_ipsec3) continue; /* create new ecdsa key (== EC_KEY) */ - if ((eckey = EC_KEY_new()) == NULL) - goto builtin_err; - group = EC_GROUP_new_by_curve_name(nid); - if (group == NULL) - goto builtin_err; - if (EC_KEY_set_group(eckey, group) == 0) + if (!TEST_ptr(eckey = EC_KEY_new()) + || !TEST_ptr(group = EC_GROUP_new_by_curve_name(nid)) + || !TEST_true(EC_KEY_set_group(eckey, group))) goto builtin_err; EC_GROUP_free(group); degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey)); - if (degree < 160) { - /* drop the curve */ - EC_KEY_free(eckey); - eckey = NULL; - continue; - } - BIO_printf(out, "%s: ", OBJ_nid2sn(nid)); + + TEST_info("testing %s", OBJ_nid2sn(nid)); + /* create key */ - if (!EC_KEY_generate_key(eckey)) { - BIO_printf(out, " failed\n"); + if (!TEST_true(EC_KEY_generate_key(eckey))) goto builtin_err; - } /* create second key */ - if ((wrong_eckey = EC_KEY_new()) == NULL) - goto builtin_err; - group = EC_GROUP_new_by_curve_name(nid); - if (group == NULL) - goto builtin_err; - if (EC_KEY_set_group(wrong_eckey, group) == 0) + if (!TEST_ptr(wrong_eckey = EC_KEY_new()) + || !TEST_ptr(group = EC_GROUP_new_by_curve_name(nid)) + || !TEST_true(EC_KEY_set_group(wrong_eckey, group))) goto builtin_err; EC_GROUP_free(group); - if (!EC_KEY_generate_key(wrong_eckey)) { - BIO_printf(out, " failed\n"); + if (!TEST_true(EC_KEY_generate_key(wrong_eckey))) goto builtin_err; - } - BIO_printf(out, "."); - (void)BIO_flush(out); /* check key */ - if (!EC_KEY_check_key(eckey)) { - BIO_printf(out, " failed\n"); + if (!TEST_true(EC_KEY_check_key(eckey))) goto builtin_err; - } - BIO_printf(out, "."); - (void)BIO_flush(out); + /* create signature */ sig_len = ECDSA_size(eckey); - if ((signature = OPENSSL_malloc(sig_len)) == NULL) - goto builtin_err; - if (!ECDSA_sign(0, digest, 20, signature, &sig_len, eckey)) { - BIO_printf(out, " failed\n"); + if (!TEST_ptr(signature = OPENSSL_malloc(sig_len)) + || !TEST_true(ECDSA_sign(0, digest, SHA512_DIGEST_LENGTH, + signature, &sig_len, eckey))) goto builtin_err; - } - BIO_printf(out, "."); - (void)BIO_flush(out); + /* verify signature */ - if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1) { - BIO_printf(out, " failed\n"); + if (!TEST_int_eq(ECDSA_verify(0, digest, SHA512_DIGEST_LENGTH, + signature, sig_len, eckey), + 1)) goto builtin_err; - } - BIO_printf(out, "."); - (void)BIO_flush(out); + /* verify signature with the wrong key */ - if (ECDSA_verify(0, digest, 20, signature, sig_len, wrong_eckey) == 1) { - BIO_printf(out, " failed\n"); + if (!TEST_int_ne(ECDSA_verify(0, digest, SHA512_DIGEST_LENGTH, + signature, sig_len, wrong_eckey), + 1)) goto builtin_err; - } - BIO_printf(out, "."); - (void)BIO_flush(out); + /* wrong digest */ - if (ECDSA_verify(0, wrong_digest, 20, signature, sig_len, eckey) == 1) { - BIO_printf(out, " failed\n"); + if (!TEST_int_ne(ECDSA_verify(0, wrong_digest, SHA512_DIGEST_LENGTH, + signature, sig_len, eckey), + 1)) goto builtin_err; - } - BIO_printf(out, "."); - (void)BIO_flush(out); + /* wrong length */ - if (ECDSA_verify(0, digest, 20, signature, sig_len - 1, eckey) == 1) { - BIO_printf(out, " failed\n"); + if (!TEST_int_ne(ECDSA_verify(0, digest, SHA512_DIGEST_LENGTH, + signature, sig_len - 1, eckey), + 1)) goto builtin_err; - } - BIO_printf(out, "."); - (void)BIO_flush(out); /* * Modify a single byte of the signature: to ensure we don't garble @@ -385,10 +308,8 @@ int test_builtin(BIO *out) * one of the bignums directly. */ sig_ptr = signature; - if ((ecdsa_sig = d2i_ECDSA_SIG(NULL, &sig_ptr, sig_len)) == NULL) { - BIO_printf(out, " failed\n"); + if (!TEST_ptr(ecdsa_sig = d2i_ECDSA_SIG(NULL, &sig_ptr, sig_len))) goto builtin_err; - } ECDSA_SIG_get0(ecdsa_sig, &sig_r, &sig_s); @@ -396,12 +317,11 @@ int test_builtin(BIO *out) r_len = BN_num_bytes(sig_r); s_len = BN_num_bytes(sig_s); bn_len = (degree + 7) / 8; - if ((r_len > bn_len) || (s_len > bn_len)) { - BIO_printf(out, " failed\n"); + if (!TEST_false(r_len > bn_len) + || !TEST_false(s_len > bn_len)) goto builtin_err; - } buf_len = 2 * bn_len; - if ((raw_buf = OPENSSL_zalloc(buf_len)) == NULL) + if (!TEST_ptr(raw_buf = OPENSSL_zalloc(buf_len))) goto builtin_err; BN_bn2bin(sig_r, raw_buf + bn_len - r_len); BN_bn2bin(sig_s, raw_buf + buf_len - s_len); @@ -410,30 +330,32 @@ int test_builtin(BIO *out) offset = raw_buf[10] % buf_len; dirt = raw_buf[11] ? raw_buf[11] : 1; raw_buf[offset] ^= dirt; + /* Now read the BIGNUMs back in from raw_buf. */ - modified_sig = ECDSA_SIG_new(); - if (modified_sig == NULL) + if (!TEST_ptr(modified_sig = ECDSA_SIG_new())) goto builtin_err; - if (((modified_r = BN_bin2bn(raw_buf, bn_len, NULL)) == NULL) - || ((modified_s = BN_bin2bn(raw_buf + bn_len, bn_len, NULL)) == NULL) - || !ECDSA_SIG_set0(modified_sig, modified_r, modified_s)) { + if (!TEST_ptr(modified_r = BN_bin2bn(raw_buf, bn_len, NULL)) + || !TEST_ptr(modified_s = BN_bin2bn(raw_buf + bn_len, + bn_len, NULL)) + || !TEST_true(ECDSA_SIG_set0(modified_sig, + modified_r, modified_s))) { BN_free(modified_r); BN_free(modified_s); goto builtin_err; } sig_ptr2 = signature; sig_len = i2d_ECDSA_SIG(modified_sig, &sig_ptr2); - if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1) { - BIO_printf(out, " failed\n"); + if (!TEST_false(ECDSA_verify(0, digest, SHA512_DIGEST_LENGTH, + signature, sig_len, eckey))) goto builtin_err; - } - /* - * Sanity check: undo the modification and verify signature. - */ + + /* Sanity check: undo the modification and verify signature. */ raw_buf[offset] ^= dirt; - if (((unmodified_r = BN_bin2bn(raw_buf, bn_len, NULL)) == NULL) - || ((unmodified_s = BN_bin2bn(raw_buf + bn_len, bn_len, NULL)) == NULL) - || !ECDSA_SIG_set0(modified_sig, unmodified_r, unmodified_s)) { + if (!TEST_ptr(unmodified_r = BN_bin2bn(raw_buf, bn_len, NULL)) + || !TEST_ptr(unmodified_s = BN_bin2bn(raw_buf + bn_len, + bn_len, NULL)) + || !TEST_true(ECDSA_SIG_set0(modified_sig, unmodified_r, + unmodified_s))) { BN_free(unmodified_r); BN_free(unmodified_s); goto builtin_err; @@ -441,16 +363,11 @@ int test_builtin(BIO *out) sig_ptr2 = signature; sig_len = i2d_ECDSA_SIG(modified_sig, &sig_ptr2); - if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1) { - BIO_printf(out, " failed\n"); + if (!TEST_true(ECDSA_verify(0, digest, SHA512_DIGEST_LENGTH, + signature, sig_len, eckey))) goto builtin_err; - } - BIO_printf(out, "."); - (void)BIO_flush(out); - BIO_printf(out, " ok\n"); /* cleanup */ - /* clean bogus errors */ ERR_clear_error(); OPENSSL_free(signature); signature = NULL; @@ -478,42 +395,15 @@ int test_builtin(BIO *out) return ret; } +#endif -int main(void) +int setup_tests(void) { - int ret = 1; - BIO *out; - char *p; - - out = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT); - - p = getenv("OPENSSL_DEBUG_MEMORY"); - if (p != NULL && strcmp(p, "on") == 0) - CRYPTO_set_mem_debug(1); - - /* initialize the prng */ - RAND_seed(rnd_seed, sizeof(rnd_seed)); - - /* the tests */ - if (!x9_62_tests(out)) - goto err; - if (!test_builtin(out)) - goto err; - - ret = 0; - err: - if (ret) - BIO_printf(out, "\nECDSA test failed\n"); - else - BIO_printf(out, "\nECDSA test passed\n"); - if (ret) - ERR_print_errors(out); - -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - if (CRYPTO_mem_leaks(out) <= 0) - ret = 1; +#ifdef OPENSSL_NO_EC + TEST_note("Elliptic curves are disabled."); +#else + ADD_TEST(x9_62_tests); + ADD_TEST(test_builtin); #endif - BIO_free(out); - return ret; + return 1; } -#endif diff --git a/deps/openssl/openssl/test/ectest.c b/deps/openssl/openssl/test/ectest.c index d7b143200d8c90..2703cb4a347885 100644 --- a/deps/openssl/openssl/test/ectest.c +++ b/deps/openssl/openssl/test/ectest.c @@ -1,5 +1,6 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,38 +8,10 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * - * Portions of the attached software ("Contribution") are developed by - * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. - * - * The Contribution is licensed pursuant to the OpenSSL open source - * license provided above. - * - * The elliptic curve binary polynomial software is originally written by - * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. - * - */ - -#include -#include -#ifdef FLAT_INC -# include "e_os.h" -#else -# include "../e_os.h" -#endif -#include -#include - -#ifdef OPENSSL_NO_EC -int main(int argc, char *argv[]) -{ - puts("Elliptic curves are disabled."); - return 0; -} -#else +#include "internal/nelem.h" +#include "testutil.h" +#ifndef OPENSSL_NO_EC # include # ifndef OPENSSL_NO_ENGINE # include @@ -50,119 +23,91 @@ int main(int argc, char *argv[]) # include # include -# if defined(_MSC_VER) && defined(_MIPS_) && (_MSC_VER/100==12) -/* suppress "too big too optimize" warning */ -# pragma warning(disable:4959) -# endif - -# define ABORT do { \ - fflush(stdout); \ - fprintf(stderr, "%s:%d: ABORT\n", __FILE__, __LINE__); \ - ERR_print_errors_fp(stderr); \ - EXIT(1); \ -} while (0) - -# define TIMING_BASE_PT 0 -# define TIMING_RAND_PT 1 -# define TIMING_SIMUL 2 +static size_t crv_len = 0; +static EC_builtin_curve *curves = NULL; /* test multiplication with group order, long and negative scalars */ -static void group_order_tests(EC_GROUP *group) +static int group_order_tests(EC_GROUP *group) { - BIGNUM *n1, *n2, *order; - EC_POINT *P = EC_POINT_new(group); - EC_POINT *Q = EC_POINT_new(group); - EC_POINT *R = EC_POINT_new(group); - EC_POINT *S = EC_POINT_new(group); - BN_CTX *ctx = BN_CTX_new(); - int i; - - n1 = BN_new(); - n2 = BN_new(); - order = BN_new(); - fprintf(stdout, "verify group order ..."); - fflush(stdout); - if (!EC_GROUP_get_order(group, order, ctx)) - ABORT; - if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx)) - ABORT; - if (!EC_POINT_is_at_infinity(group, Q)) - ABORT; - fprintf(stdout, "."); - fflush(stdout); - if (!EC_GROUP_precompute_mult(group, ctx)) - ABORT; - if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx)) - ABORT; - if (!EC_POINT_is_at_infinity(group, Q)) - ABORT; - fprintf(stdout, " ok\n"); - fprintf(stdout, "long/negative scalar tests "); + BIGNUM *n1 = NULL, *n2 = NULL, *order = NULL; + EC_POINT *P = NULL, *Q = NULL, *R = NULL, *S = NULL; + const EC_POINT *G = NULL; + BN_CTX *ctx = NULL; + int i = 0, r = 0; + + if (!TEST_ptr(n1 = BN_new()) + || !TEST_ptr(n2 = BN_new()) + || !TEST_ptr(order = BN_new()) + || !TEST_ptr(ctx = BN_CTX_new()) + || !TEST_ptr(G = EC_GROUP_get0_generator(group)) + || !TEST_ptr(P = EC_POINT_new(group)) + || !TEST_ptr(Q = EC_POINT_new(group)) + || !TEST_ptr(R = EC_POINT_new(group)) + || !TEST_ptr(S = EC_POINT_new(group))) + goto err; + + if (!TEST_true(EC_GROUP_get_order(group, order, ctx)) + || !TEST_true(EC_POINT_mul(group, Q, order, NULL, NULL, ctx)) + || !TEST_true(EC_POINT_is_at_infinity(group, Q)) + || !TEST_true(EC_GROUP_precompute_mult(group, ctx)) + || !TEST_true(EC_POINT_mul(group, Q, order, NULL, NULL, ctx)) + || !TEST_true(EC_POINT_is_at_infinity(group, Q)) + || !TEST_true(EC_POINT_copy(P, G)) + || !TEST_true(BN_one(n1)) + || !TEST_true(EC_POINT_mul(group, Q, n1, NULL, NULL, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx)) + || !TEST_true(BN_sub(n1, order, n1)) + || !TEST_true(EC_POINT_mul(group, Q, n1, NULL, NULL, ctx)) + || !TEST_true(EC_POINT_invert(group, Q, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx))) + goto err; + for (i = 1; i <= 2; i++) { const BIGNUM *scalars[6]; const EC_POINT *points[6]; - fprintf(stdout, i == 1 ? - "allowing precomputation ... " : - "without precomputation ... "); - if (!BN_set_word(n1, i)) - ABORT; - /* - * If i == 1, P will be the predefined generator for which - * EC_GROUP_precompute_mult has set up precomputation. - */ - if (!EC_POINT_mul(group, P, n1, NULL, NULL, ctx)) - ABORT; - - if (!BN_one(n1)) - ABORT; - /* n1 = 1 - order */ - if (!BN_sub(n1, n1, order)) - ABORT; - if (!EC_POINT_mul(group, Q, NULL, P, n1, ctx)) - ABORT; - if (0 != EC_POINT_cmp(group, Q, P, ctx)) - ABORT; - - /* n2 = 1 + order */ - if (!BN_add(n2, order, BN_value_one())) - ABORT; - if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx)) - ABORT; - if (0 != EC_POINT_cmp(group, Q, P, ctx)) - ABORT; - - /* n2 = (1 - order) * (1 + order) = 1 - order^2 */ - if (!BN_mul(n2, n1, n2, ctx)) - ABORT; - if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx)) - ABORT; - if (0 != EC_POINT_cmp(group, Q, P, ctx)) - ABORT; + if (!TEST_true(BN_set_word(n1, i)) + /* + * If i == 1, P will be the predefined generator for which + * EC_GROUP_precompute_mult has set up precomputation. + */ + || !TEST_true(EC_POINT_mul(group, P, n1, NULL, NULL, ctx)) + || (i == 1 && !TEST_int_eq(0, EC_POINT_cmp(group, P, G, ctx))) + || !TEST_true(BN_one(n1)) + /* n1 = 1 - order */ + || !TEST_true(BN_sub(n1, n1, order)) + || !TEST_true(EC_POINT_mul(group, Q, NULL, P, n1, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx)) + + /* n2 = 1 + order */ + || !TEST_true(BN_add(n2, order, BN_value_one())) + || !TEST_true(EC_POINT_mul(group, Q, NULL, P, n2, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx)) + + /* n2 = (1 - order) * (1 + order) = 1 - order^2 */ + || !TEST_true(BN_mul(n2, n1, n2, ctx)) + || !TEST_true(EC_POINT_mul(group, Q, NULL, P, n2, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx))) + goto err; /* n2 = order^2 - 1 */ BN_set_negative(n2, 0); - if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx)) - ABORT; - /* Add P to verify the result. */ - if (!EC_POINT_add(group, Q, Q, P, ctx)) - ABORT; - if (!EC_POINT_is_at_infinity(group, Q)) - ABORT; - - /* Exercise EC_POINTs_mul, including corner cases. */ - if (EC_POINT_is_at_infinity(group, P)) - ABORT; + if (!TEST_true(EC_POINT_mul(group, Q, NULL, P, n2, ctx)) + /* Add P to verify the result. */ + || !TEST_true(EC_POINT_add(group, Q, Q, P, ctx)) + || !TEST_true(EC_POINT_is_at_infinity(group, Q)) + + /* Exercise EC_POINTs_mul, including corner cases. */ + || !TEST_false(EC_POINT_is_at_infinity(group, P))) + goto err; scalars[0] = scalars[1] = BN_value_one(); points[0] = points[1] = P; - if (!EC_POINTs_mul(group, R, NULL, 2, points, scalars, ctx)) - ABORT; - if (!EC_POINT_dbl(group, S, points[0], ctx)) - ABORT; - if (0 != EC_POINT_cmp(group, R, S, ctx)) - ABORT; + if (!TEST_true(EC_POINTs_mul(group, R, NULL, 2, points, scalars, ctx)) + || !TEST_true(EC_POINT_dbl(group, S, points[0], ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, R, S, ctx))) + goto err; scalars[0] = n1; points[0] = Q; /* => infinity */ @@ -176,13 +121,16 @@ static void group_order_tests(EC_GROUP *group) points[4] = P; /* => P */ scalars[5] = n2; points[5] = Q; /* => infinity */ - if (!EC_POINTs_mul(group, P, NULL, 6, points, scalars, ctx)) - ABORT; - if (!EC_POINT_is_at_infinity(group, P)) - ABORT; + if (!TEST_true(EC_POINTs_mul(group, P, NULL, 6, points, scalars, ctx)) + || !TEST_true(EC_POINT_is_at_infinity(group, P))) + goto err; } - fprintf(stdout, "ok\n"); + r = 1; +err: + if (r == 0 && i != 0) + TEST_info(i == 1 ? "allowing precomputation" : + "without precomputation"); EC_POINT_free(P); EC_POINT_free(Q); EC_POINT_free(R); @@ -191,1185 +139,981 @@ static void group_order_tests(EC_GROUP *group) BN_free(n2); BN_free(order); BN_CTX_free(ctx); + return r; } -static void prime_field_tests(void) +static int prime_field_tests(void) { BN_CTX *ctx = NULL; - BIGNUM *p, *a, *b; - EC_GROUP *group; - EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL, *P_256 = - NULL, *P_384 = NULL, *P_521 = NULL; - EC_POINT *P, *Q, *R; - BIGNUM *x, *y, *z, *yplusone; + BIGNUM *p = NULL, *a = NULL, *b = NULL, *scalar3 = NULL; + EC_GROUP *group = NULL, *tmp = NULL; + EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL, + *P_256 = NULL, *P_384 = NULL, *P_521 = NULL; + EC_POINT *P = NULL, *Q = NULL, *R = NULL; + BIGNUM *x = NULL, *y = NULL, *z = NULL, *yplusone = NULL; + const EC_POINT *points[4]; + const BIGNUM *scalars[4]; unsigned char buf[100]; - size_t i, len; + size_t len, r = 0; int k; - ctx = BN_CTX_new(); - if (!ctx) - ABORT; - - p = BN_new(); - a = BN_new(); - b = BN_new(); - if (!p || !a || !b) - ABORT; - - if (!BN_hex2bn(&p, "17")) - ABORT; - if (!BN_hex2bn(&a, "1")) - ABORT; - if (!BN_hex2bn(&b, "1")) - ABORT; - - group = EC_GROUP_new(EC_GFp_mont_method()); /* applications should use - * EC_GROUP_new_curve_GFp so - * that the library gets to - * choose the EC_METHOD */ - if (!group) - ABORT; - - if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) - ABORT; + if (!TEST_ptr(ctx = BN_CTX_new()) + || !TEST_ptr(p = BN_new()) + || !TEST_ptr(a = BN_new()) + || !TEST_ptr(b = BN_new()) + || !TEST_true(BN_hex2bn(&p, "17")) + || !TEST_true(BN_hex2bn(&a, "1")) + || !TEST_true(BN_hex2bn(&b, "1")) + /* + * applications should use EC_GROUP_new_curve_GFp so + * that the library gets to choose the EC_METHOD + */ + || !TEST_ptr(group = EC_GROUP_new(EC_GFp_mont_method())) + || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) + || !TEST_ptr(tmp = EC_GROUP_new(EC_GROUP_method_of(group))) + || !TEST_true(EC_GROUP_copy(tmp, group))) + goto err; + EC_GROUP_free(group); + group = tmp; + tmp = NULL; - { - EC_GROUP *tmp; - tmp = EC_GROUP_new(EC_GROUP_method_of(group)); - if (!tmp) - ABORT; - if (!EC_GROUP_copy(tmp, group)) - ABORT; - EC_GROUP_free(group); - group = tmp; - } + if (!TEST_true(EC_GROUP_get_curve(group, p, a, b, ctx))) + goto err; - if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) - ABORT; - - fprintf(stdout, - "Curve defined by Weierstrass equation\n y^2 = x^3 + a*x + b (mod 0x"); - BN_print_fp(stdout, p); - fprintf(stdout, ")\n a = 0x"); - BN_print_fp(stdout, a); - fprintf(stdout, "\n b = 0x"); - BN_print_fp(stdout, b); - fprintf(stdout, "\n"); - - P = EC_POINT_new(group); - Q = EC_POINT_new(group); - R = EC_POINT_new(group); - if (!P || !Q || !R) - ABORT; - - if (!EC_POINT_set_to_infinity(group, P)) - ABORT; - if (!EC_POINT_is_at_infinity(group, P)) - ABORT; + TEST_info("Curve defined by Weierstrass equation"); + TEST_note(" y^2 = x^3 + a*x + b (mod p)"); + test_output_bignum("a", a); + test_output_bignum("b", b); + test_output_bignum("p", p); buf[0] = 0; - if (!EC_POINT_oct2point(group, Q, buf, 1, ctx)) - ABORT; - - if (!EC_POINT_add(group, P, P, Q, ctx)) - ABORT; - if (!EC_POINT_is_at_infinity(group, P)) - ABORT; - - x = BN_new(); - y = BN_new(); - z = BN_new(); - yplusone = BN_new(); - if (x == NULL || y == NULL || z == NULL || yplusone == NULL) - ABORT; - - if (!BN_hex2bn(&x, "D")) - ABORT; - if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx)) - ABORT; - if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) { - if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx)) - ABORT; - fprintf(stderr, "Point is not on curve: x = 0x"); - BN_print_fp(stderr, x); - fprintf(stderr, ", y = 0x"); - BN_print_fp(stderr, y); - fprintf(stderr, "\n"); - ABORT; + if (!TEST_ptr(P = EC_POINT_new(group)) + || !TEST_ptr(Q = EC_POINT_new(group)) + || !TEST_ptr(R = EC_POINT_new(group)) + || !TEST_true(EC_POINT_set_to_infinity(group, P)) + || !TEST_true(EC_POINT_is_at_infinity(group, P)) + || !TEST_true(EC_POINT_oct2point(group, Q, buf, 1, ctx)) + || !TEST_true(EC_POINT_add(group, P, P, Q, ctx)) + || !TEST_true(EC_POINT_is_at_infinity(group, P)) + || !TEST_ptr(x = BN_new()) + || !TEST_ptr(y = BN_new()) + || !TEST_ptr(z = BN_new()) + || !TEST_ptr(yplusone = BN_new()) + || !TEST_true(BN_hex2bn(&x, "D")) + || !TEST_true(EC_POINT_set_compressed_coordinates(group, Q, x, 1, ctx))) + goto err; + + if (!TEST_int_gt(EC_POINT_is_on_curve(group, Q, ctx), 0)) { + if (!TEST_true(EC_POINT_get_affine_coordinates(group, Q, x, y, ctx))) + goto err; + TEST_info("Point is not on curve"); + test_output_bignum("x", x); + test_output_bignum("y", y); + goto err; } - fprintf(stdout, "A cyclic subgroup:\n"); + TEST_note("A cyclic subgroup:"); k = 100; do { - if (k-- == 0) - ABORT; - - if (EC_POINT_is_at_infinity(group, P)) - fprintf(stdout, " point at infinity\n"); - else { - if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) - ABORT; - - fprintf(stdout, " x = 0x"); - BN_print_fp(stdout, x); - fprintf(stdout, ", y = 0x"); - BN_print_fp(stdout, y); - fprintf(stdout, "\n"); + if (!TEST_int_ne(k--, 0)) + goto err; + + if (EC_POINT_is_at_infinity(group, P)) { + TEST_note(" point at infinity"); + } else { + if (!TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, + ctx))) + goto err; + + test_output_bignum("x", x); + test_output_bignum("y", y); } - if (!EC_POINT_copy(R, P)) - ABORT; - if (!EC_POINT_add(group, P, P, Q, ctx)) - ABORT; + if (!TEST_true(EC_POINT_copy(R, P)) + || !TEST_true(EC_POINT_add(group, P, P, Q, ctx))) + goto err; - } - while (!EC_POINT_is_at_infinity(group, P)); + } while (!EC_POINT_is_at_infinity(group, P)); - if (!EC_POINT_add(group, P, Q, R, ctx)) - ABORT; - if (!EC_POINT_is_at_infinity(group, P)) - ABORT; + if (!TEST_true(EC_POINT_add(group, P, Q, R, ctx)) + || !TEST_true(EC_POINT_is_at_infinity(group, P))) + goto err; len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, sizeof(buf), ctx); - if (len == 0) - ABORT; - if (!EC_POINT_oct2point(group, P, buf, len, ctx)) - ABORT; - if (0 != EC_POINT_cmp(group, P, Q, ctx)) - ABORT; - fprintf(stdout, "Generator as octet string, compressed form:\n "); - for (i = 0; i < len; i++) - fprintf(stdout, "%02X", buf[i]); - - len = - EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, - sizeof(buf), ctx); - if (len == 0) - ABORT; - if (!EC_POINT_oct2point(group, P, buf, len, ctx)) - ABORT; - if (0 != EC_POINT_cmp(group, P, Q, ctx)) - ABORT; - fprintf(stdout, "\nGenerator as octet string, uncompressed form:\n "); - for (i = 0; i < len; i++) - fprintf(stdout, "%02X", buf[i]); - - len = - EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof(buf), - ctx); - if (len == 0) - ABORT; - if (!EC_POINT_oct2point(group, P, buf, len, ctx)) - ABORT; - if (0 != EC_POINT_cmp(group, P, Q, ctx)) - ABORT; - fprintf(stdout, "\nGenerator as octet string, hybrid form:\n "); - for (i = 0; i < len; i++) - fprintf(stdout, "%02X", buf[i]); - - if (!EC_POINT_get_Jprojective_coordinates_GFp(group, R, x, y, z, ctx)) - ABORT; - fprintf(stdout, - "\nA representation of the inverse of that generator in\nJacobian projective coordinates:\n X = 0x"); - BN_print_fp(stdout, x); - fprintf(stdout, ", Y = 0x"); - BN_print_fp(stdout, y); - fprintf(stdout, ", Z = 0x"); - BN_print_fp(stdout, z); - fprintf(stdout, "\n"); - - if (!EC_POINT_invert(group, P, ctx)) - ABORT; - if (0 != EC_POINT_cmp(group, P, R, ctx)) - ABORT; + if (!TEST_size_t_ne(len, 0) + || !TEST_true(EC_POINT_oct2point(group, P, buf, len, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, P, Q, ctx))) + goto err; + test_output_memory("Generator as octet string, compressed form:", + buf, len); + + len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, + buf, sizeof(buf), ctx); + if (!TEST_size_t_ne(len, 0) + || !TEST_true(EC_POINT_oct2point(group, P, buf, len, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, P, Q, ctx))) + goto err; + test_output_memory("Generator as octet string, uncompressed form:", + buf, len); + + len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, + buf, sizeof(buf), ctx); + if (!TEST_size_t_ne(len, 0) + || !TEST_true(EC_POINT_oct2point(group, P, buf, len, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, P, Q, ctx))) + goto err; + test_output_memory("Generator as octet string, hybrid form:", + buf, len); + + if (!TEST_true(EC_POINT_get_Jprojective_coordinates_GFp(group, R, x, y, z, + ctx))) + goto err; + TEST_info("A representation of the inverse of that generator in"); + TEST_note("Jacobian projective coordinates"); + test_output_bignum("x", x); + test_output_bignum("y", y); + test_output_bignum("z", z); + + if (!TEST_true(EC_POINT_invert(group, P, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, P, R, ctx)) /* * Curve secp160r1 (Certicom Research SEC 2 Version 1.0, section 2.4.2, * 2000) -- not a NIST curve, but commonly used */ - if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF")) - ABORT; - if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) - ABORT; - if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC")) - ABORT; - if (!BN_hex2bn(&b, "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45")) - ABORT; - if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) - ABORT; - - if (!BN_hex2bn(&x, "4A96B5688EF573284664698968C38BB913CBFC82")) - ABORT; - if (!BN_hex2bn(&y, "23a628553168947d59dcc912042351377ac5fb32")) - ABORT; - if (!BN_add(yplusone, y, BN_value_one())) - ABORT; + || !TEST_true(BN_hex2bn(&p, "FFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF")) + || !TEST_int_eq(1, BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) + || !TEST_true(BN_hex2bn(&a, "FFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC")) + || !TEST_true(BN_hex2bn(&b, "1C97BEFC" + "54BD7A8B65ACF89F81D4D4ADC565FA45")) + || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) + || !TEST_true(BN_hex2bn(&x, "4A96B568" + "8EF573284664698968C38BB913CBFC82")) + || !TEST_true(BN_hex2bn(&y, "23a62855" + "3168947d59dcc912042351377ac5fb32")) + || !TEST_true(BN_add(yplusone, y, BN_value_one())) /* * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, * and therefore setting the coordinates should fail. */ - if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx)) - ABORT; - if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) - ABORT; - if (EC_POINT_is_on_curve(group, P, ctx) <= 0) - ABORT; - if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257")) - ABORT; - if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) - ABORT; - - if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) - ABORT; - fprintf(stdout, "\nSEC2 curve secp160r1 -- Generator:\n x = 0x"); - BN_print_fp(stdout, x); - fprintf(stdout, "\n y = 0x"); - BN_print_fp(stdout, y); - fprintf(stdout, "\n"); + || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, + ctx)) + || !TEST_true(EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) + || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) + || !TEST_true(BN_hex2bn(&z, "0100000000" + "000000000001F4C8F927AED3CA752257")) + || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one())) + || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx))) + goto err; + TEST_info("SEC2 curve secp160r1 -- Generator"); + test_output_bignum("x", x); + test_output_bignum("y", y); /* G_y value taken from the standard: */ - if (!BN_hex2bn(&z, "23a628553168947d59dcc912042351377ac5fb32")) - ABORT; - if (0 != BN_cmp(y, z)) - ABORT; - - fprintf(stdout, "verify degree ..."); - if (EC_GROUP_get_degree(group) != 160) - ABORT; - fprintf(stdout, " ok\n"); - - group_order_tests(group); - - if ((P_160 = EC_GROUP_new(EC_GROUP_method_of(group))) == NULL) - ABORT; - if (!EC_GROUP_copy(P_160, group)) - ABORT; + if (!TEST_true(BN_hex2bn(&z, "23a62855" + "3168947d59dcc912042351377ac5fb32")) + || !TEST_BN_eq(y, z) + || !TEST_int_eq(EC_GROUP_get_degree(group), 160) + || !group_order_tests(group) + || !TEST_ptr(P_160 = EC_GROUP_new(EC_GROUP_method_of(group))) + || !TEST_true(EC_GROUP_copy(P_160, group)) /* Curve P-192 (FIPS PUB 186-2, App. 6) */ - if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF")) - ABORT; - if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) - ABORT; - if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC")) - ABORT; - if (!BN_hex2bn(&b, "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1")) - ABORT; - if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) - ABORT; - - if (!BN_hex2bn(&x, "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012")) - ABORT; - if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) - ABORT; - if (EC_POINT_is_on_curve(group, P, ctx) <= 0) - ABORT; - if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831")) - ABORT; - if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) - ABORT; - - if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) - ABORT; - fprintf(stdout, "\nNIST curve P-192 -- Generator:\n x = 0x"); - BN_print_fp(stdout, x); - fprintf(stdout, "\n y = 0x"); - BN_print_fp(stdout, y); - fprintf(stdout, "\n"); + || !TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF")) + || !TEST_int_eq(1, BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) + || !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC")) + || !TEST_true(BN_hex2bn(&b, "64210519E59C80E7" + "0FA7E9AB72243049FEB8DEECC146B9B1")) + || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) + || !TEST_true(BN_hex2bn(&x, "188DA80EB03090F6" + "7CBF20EB43A18800F4FF0AFD82FF1012")) + || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 1, ctx)) + || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) + || !TEST_true(BN_hex2bn(&z, "FFFFFFFFFFFFFFFF" + "FFFFFFFF99DEF836146BC9B1B4D22831")) + || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one())) + || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx))) + goto err; + + TEST_info("NIST curve P-192 -- Generator"); + test_output_bignum("x", x); + test_output_bignum("y", y); /* G_y value taken from the standard: */ - if (!BN_hex2bn(&z, "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811")) - ABORT; - if (0 != BN_cmp(y, z)) - ABORT; - - if (!BN_add(yplusone, y, BN_value_one())) - ABORT; + if (!TEST_true(BN_hex2bn(&z, "07192B95FFC8DA78" + "631011ED6B24CDD573F977A11E794811")) + || !TEST_BN_eq(y, z) + || !TEST_true(BN_add(yplusone, y, BN_value_one())) /* * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, * and therefore setting the coordinates should fail. */ - if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx)) - ABORT; - - fprintf(stdout, "verify degree ..."); - if (EC_GROUP_get_degree(group) != 192) - ABORT; - fprintf(stdout, " ok\n"); - - group_order_tests(group); - - if ((P_192 = EC_GROUP_new(EC_GROUP_method_of(group))) == NULL) - ABORT; - if (!EC_GROUP_copy(P_192, group)) - ABORT; + || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, + ctx)) + || !TEST_int_eq(EC_GROUP_get_degree(group), 192) + || !group_order_tests(group) + || !TEST_ptr(P_192 = EC_GROUP_new(EC_GROUP_method_of(group))) + || !TEST_true(EC_GROUP_copy(P_192, group)) /* Curve P-224 (FIPS PUB 186-2, App. 6) */ - if (!BN_hex2bn - (&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001")) - ABORT; - if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) - ABORT; - if (!BN_hex2bn - (&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE")) - ABORT; - if (!BN_hex2bn - (&b, "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4")) - ABORT; - if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) - ABORT; - - if (!BN_hex2bn - (&x, "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21")) - ABORT; - if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) - ABORT; - if (EC_POINT_is_on_curve(group, P, ctx) <= 0) - ABORT; - if (!BN_hex2bn - (&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D")) - ABORT; - if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) - ABORT; - - if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) - ABORT; - fprintf(stdout, "\nNIST curve P-224 -- Generator:\n x = 0x"); - BN_print_fp(stdout, x); - fprintf(stdout, "\n y = 0x"); - BN_print_fp(stdout, y); - fprintf(stdout, "\n"); + || !TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFF000000000000000000000001")) + || !TEST_int_eq(1, BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) + || !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE")) + || !TEST_true(BN_hex2bn(&b, "B4050A850C04B3ABF5413256" + "5044B0B7D7BFD8BA270B39432355FFB4")) + || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) + || !TEST_true(BN_hex2bn(&x, "B70E0CBD6BB4BF7F321390B9" + "4A03C1D356C21122343280D6115C1D21")) + || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 0, ctx)) + || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) + || !TEST_true(BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF" + "FFFF16A2E0B8F03E13DD29455C5C2A3D")) + || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one())) + || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx))) + goto err; + + TEST_info("NIST curve P-224 -- Generator"); + test_output_bignum("x", x); + test_output_bignum("y", y); /* G_y value taken from the standard: */ - if (!BN_hex2bn - (&z, "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34")) - ABORT; - if (0 != BN_cmp(y, z)) - ABORT; - - if (!BN_add(yplusone, y, BN_value_one())) - ABORT; + if (!TEST_true(BN_hex2bn(&z, "BD376388B5F723FB4C22DFE6" + "CD4375A05A07476444D5819985007E34")) + || !TEST_BN_eq(y, z) + || !TEST_true(BN_add(yplusone, y, BN_value_one())) /* * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, * and therefore setting the coordinates should fail. */ - if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx)) - ABORT; - - fprintf(stdout, "verify degree ..."); - if (EC_GROUP_get_degree(group) != 224) - ABORT; - fprintf(stdout, " ok\n"); - - group_order_tests(group); - - if ((P_224 = EC_GROUP_new(EC_GROUP_method_of(group))) == NULL) - ABORT; - if (!EC_GROUP_copy(P_224, group)) - ABORT; + || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, + ctx)) + || !TEST_int_eq(EC_GROUP_get_degree(group), 224) + || !group_order_tests(group) + || !TEST_ptr(P_224 = EC_GROUP_new(EC_GROUP_method_of(group))) + || !TEST_true(EC_GROUP_copy(P_224, group)) /* Curve P-256 (FIPS PUB 186-2, App. 6) */ - if (!BN_hex2bn - (&p, - "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF")) - ABORT; - if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) - ABORT; - if (!BN_hex2bn - (&a, - "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC")) - ABORT; - if (!BN_hex2bn - (&b, - "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B")) - ABORT; - if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) - ABORT; - - if (!BN_hex2bn - (&x, - "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296")) - ABORT; - if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) - ABORT; - if (EC_POINT_is_on_curve(group, P, ctx) <= 0) - ABORT; - if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E" - "84F3B9CAC2FC632551")) - ABORT; - if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) - ABORT; - - if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) - ABORT; - fprintf(stdout, "\nNIST curve P-256 -- Generator:\n x = 0x"); - BN_print_fp(stdout, x); - fprintf(stdout, "\n y = 0x"); - BN_print_fp(stdout, y); - fprintf(stdout, "\n"); + || !TEST_true(BN_hex2bn(&p, "FFFFFFFF000000010000000000000000" + "00000000FFFFFFFFFFFFFFFFFFFFFFFF")) + || !TEST_int_eq(1, BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) + || !TEST_true(BN_hex2bn(&a, "FFFFFFFF000000010000000000000000" + "00000000FFFFFFFFFFFFFFFFFFFFFFFC")) + || !TEST_true(BN_hex2bn(&b, "5AC635D8AA3A93E7B3EBBD55769886BC" + "651D06B0CC53B0F63BCE3C3E27D2604B")) + || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) + + || !TEST_true(BN_hex2bn(&x, "6B17D1F2E12C4247F8BCE6E563A440F2" + "77037D812DEB33A0F4A13945D898C296")) + || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 1, ctx)) + || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) + || !TEST_true(BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFF" + "BCE6FAADA7179E84F3B9CAC2FC632551")) + || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one())) + || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx))) + goto err; + + TEST_info("NIST curve P-256 -- Generator"); + test_output_bignum("x", x); + test_output_bignum("y", y); /* G_y value taken from the standard: */ - if (!BN_hex2bn - (&z, - "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5")) - ABORT; - if (0 != BN_cmp(y, z)) - ABORT; - - if (!BN_add(yplusone, y, BN_value_one())) - ABORT; + if (!TEST_true(BN_hex2bn(&z, "4FE342E2FE1A7F9B8EE7EB4A7C0F9E16" + "2BCE33576B315ECECBB6406837BF51F5")) + || !TEST_BN_eq(y, z) + || !TEST_true(BN_add(yplusone, y, BN_value_one())) /* * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, * and therefore setting the coordinates should fail. */ - if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx)) - ABORT; - - fprintf(stdout, "verify degree ..."); - if (EC_GROUP_get_degree(group) != 256) - ABORT; - fprintf(stdout, " ok\n"); - - group_order_tests(group); - - if ((P_256 = EC_GROUP_new(EC_GROUP_method_of(group))) == NULL) - ABORT; - if (!EC_GROUP_copy(P_256, group)) - ABORT; + || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, + ctx)) + || !TEST_int_eq(EC_GROUP_get_degree(group), 256) + || !group_order_tests(group) + || !TEST_ptr(P_256 = EC_GROUP_new(EC_GROUP_method_of(group))) + || !TEST_true(EC_GROUP_copy(P_256, group)) /* Curve P-384 (FIPS PUB 186-2, App. 6) */ - if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF")) - ABORT; - if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) - ABORT; - if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC")) - ABORT; - if (!BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141" - "120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF")) - ABORT; - if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) - ABORT; - - if (!BN_hex2bn(&x, "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B" - "9859F741E082542A385502F25DBF55296C3A545E3872760AB7")) - ABORT; - if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) - ABORT; - if (EC_POINT_is_on_curve(group, P, ctx) <= 0) - ABORT; - if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973")) - ABORT; - if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) - ABORT; - - if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) - ABORT; - fprintf(stdout, "\nNIST curve P-384 -- Generator:\n x = 0x"); - BN_print_fp(stdout, x); - fprintf(stdout, "\n y = 0x"); - BN_print_fp(stdout, y); - fprintf(stdout, "\n"); + || !TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE" + "FFFFFFFF0000000000000000FFFFFFFF")) + || !TEST_int_eq(1, BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) + || !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE" + "FFFFFFFF0000000000000000FFFFFFFC")) + || !TEST_true(BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19" + "181D9C6EFE8141120314088F5013875A" + "C656398D8A2ED19D2A85C8EDD3EC2AEF")) + || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) + + || !TEST_true(BN_hex2bn(&x, "AA87CA22BE8B05378EB1C71EF320AD74" + "6E1D3B628BA79B9859F741E082542A38" + "5502F25DBF55296C3A545E3872760AB7")) + || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 1, ctx)) + || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) + || !TEST_true(BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFC7634D81F4372DDF" + "581A0DB248B0A77AECEC196ACCC52973")) + || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one())) + || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx))) + goto err; + + TEST_info("NIST curve P-384 -- Generator"); + test_output_bignum("x", x); + test_output_bignum("y", y); /* G_y value taken from the standard: */ - if (!BN_hex2bn(&z, "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A14" - "7CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F")) - ABORT; - if (0 != BN_cmp(y, z)) - ABORT; - - if (!BN_add(yplusone, y, BN_value_one())) - ABORT; + if (!TEST_true(BN_hex2bn(&z, "3617DE4A96262C6F5D9E98BF9292DC29" + "F8F41DBD289A147CE9DA3113B5F0B8C0" + "0A60B1CE1D7E819D7A431D7C90EA0E5F")) + || !TEST_BN_eq(y, z) + || !TEST_true(BN_add(yplusone, y, BN_value_one())) /* * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, * and therefore setting the coordinates should fail. */ - if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx)) - ABORT; - - fprintf(stdout, "verify degree ..."); - if (EC_GROUP_get_degree(group) != 384) - ABORT; - fprintf(stdout, " ok\n"); - - group_order_tests(group); - - if ((P_384 = EC_GROUP_new(EC_GROUP_method_of(group))) == NULL) - ABORT; - if (!EC_GROUP_copy(P_384, group)) - ABORT; + || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, + ctx)) + || !TEST_int_eq(EC_GROUP_get_degree(group), 384) + || !group_order_tests(group) + || !TEST_ptr(P_384 = EC_GROUP_new(EC_GROUP_method_of(group))) + || !TEST_true(EC_GROUP_copy(P_384, group)) /* Curve P-521 (FIPS PUB 186-2, App. 6) */ - - if (!BN_hex2bn(&p, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFF")) - ABORT; - if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) - ABORT; - if (!BN_hex2bn(&a, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFC")) - ABORT; - if (!BN_hex2bn(&b, "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B" - "315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573" - "DF883D2C34F1EF451FD46B503F00")) - ABORT; - if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) - ABORT; - - if (!BN_hex2bn(&x, "C6858E06B70404E9CD9E3ECB662395B4429C648139053F" - "B521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B" - "3C1856A429BF97E7E31C2E5BD66")) - ABORT; - if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) - ABORT; - if (EC_POINT_is_on_curve(group, P, ctx) <= 0) - ABORT; - if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5" - "C9B8899C47AEBB6FB71E91386409")) - ABORT; - if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) - ABORT; - - if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) - ABORT; - fprintf(stdout, "\nNIST curve P-521 -- Generator:\n x = 0x"); - BN_print_fp(stdout, x); - fprintf(stdout, "\n y = 0x"); - BN_print_fp(stdout, y); - fprintf(stdout, "\n"); + || !TEST_true(BN_hex2bn(&p, "1FF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF")) + || !TEST_int_eq(1, BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) + || !TEST_true(BN_hex2bn(&a, "1FF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC")) + || !TEST_true(BN_hex2bn(&b, "051" + "953EB9618E1C9A1F929A21A0B68540EE" + "A2DA725B99B315F3B8B489918EF109E1" + "56193951EC7E937B1652C0BD3BB1BF07" + "3573DF883D2C34F1EF451FD46B503F00")) + || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) + || !TEST_true(BN_hex2bn(&x, "C6" + "858E06B70404E9CD9E3ECB662395B442" + "9C648139053FB521F828AF606B4D3DBA" + "A14B5E77EFE75928FE1DC127A2FFA8DE" + "3348B3C1856A429BF97E7E31C2E5BD66")) + || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 0, ctx)) + || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) + || !TEST_true(BN_hex2bn(&z, "1FF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA" + "51868783BF2F966B7FCC0148F709A5D0" + "3BB5C9B8899C47AEBB6FB71E91386409")) + || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one())) + || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx))) + goto err; + + TEST_info("NIST curve P-521 -- Generator"); + test_output_bignum("x", x); + test_output_bignum("y", y); /* G_y value taken from the standard: */ - if (!BN_hex2bn(&z, "11839296A789A3BC0045C8A5FB42C7D1BD998F54449579" - "B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C" - "7086A272C24088BE94769FD16650")) - ABORT; - if (0 != BN_cmp(y, z)) - ABORT; - - if (!BN_add(yplusone, y, BN_value_one())) - ABORT; + if (!TEST_true(BN_hex2bn(&z, "118" + "39296A789A3BC0045C8A5FB42C7D1BD9" + "98F54449579B446817AFBD17273E662C" + "97EE72995EF42640C550B9013FAD0761" + "353C7086A272C24088BE94769FD16650")) + || !TEST_BN_eq(y, z) + || !TEST_true(BN_add(yplusone, y, BN_value_one())) /* * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, * and therefore setting the coordinates should fail. */ - if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx)) - ABORT; - - fprintf(stdout, "verify degree ..."); - if (EC_GROUP_get_degree(group) != 521) - ABORT; - fprintf(stdout, " ok\n"); - - group_order_tests(group); - - if ((P_521 = EC_GROUP_new(EC_GROUP_method_of(group))) == NULL) - ABORT; - if (!EC_GROUP_copy(P_521, group)) - ABORT; + || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, + ctx)) + || !TEST_int_eq(EC_GROUP_get_degree(group), 521) + || !group_order_tests(group) + || !TEST_ptr(P_521 = EC_GROUP_new(EC_GROUP_method_of(group))) + || !TEST_true(EC_GROUP_copy(P_521, group)) /* more tests using the last curve */ /* Restore the point that got mangled in the (x, y + 1) test. */ - if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) - ABORT; - - if (!EC_POINT_copy(Q, P)) - ABORT; - if (EC_POINT_is_at_infinity(group, Q)) - ABORT; - if (!EC_POINT_dbl(group, P, P, ctx)) - ABORT; - if (EC_POINT_is_on_curve(group, P, ctx) <= 0) - ABORT; - if (!EC_POINT_invert(group, Q, ctx)) - ABORT; /* P = -2Q */ - - if (!EC_POINT_add(group, R, P, Q, ctx)) - ABORT; - if (!EC_POINT_add(group, R, R, Q, ctx)) - ABORT; - if (!EC_POINT_is_at_infinity(group, R)) - ABORT; /* R = P + 2Q */ + || !TEST_true(EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) + || !TEST_true(EC_POINT_copy(Q, P)) + || !TEST_false(EC_POINT_is_at_infinity(group, Q)) + || !TEST_true(EC_POINT_dbl(group, P, P, ctx)) + || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) + || !TEST_true(EC_POINT_invert(group, Q, ctx)) /* P = -2Q */ + || !TEST_true(EC_POINT_add(group, R, P, Q, ctx)) + || !TEST_true(EC_POINT_add(group, R, R, Q, ctx)) + || !TEST_true(EC_POINT_is_at_infinity(group, R)) /* R = P + 2Q */ + || !TEST_false(EC_POINT_is_at_infinity(group, Q))) + goto err; + points[0] = Q; + points[1] = Q; + points[2] = Q; + points[3] = Q; + + if (!TEST_true(EC_GROUP_get_order(group, z, ctx)) + || !TEST_true(BN_add(y, z, BN_value_one())) + || !TEST_BN_even(y) + || !TEST_true(BN_rshift1(y, y))) + goto err; + scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */ + scalars[1] = y; + + TEST_note("combined multiplication ..."); + + /* z is still the group order */ + if (!TEST_true(EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) + || !TEST_true(EC_POINTs_mul(group, R, z, 2, points, scalars, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, P, R, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, R, Q, ctx)) + || !TEST_true(BN_rand(y, BN_num_bits(y), 0, 0)) + || !TEST_true(BN_add(z, z, y))) + goto err; + BN_set_negative(z, 1); + scalars[0] = y; + scalars[1] = z; /* z = -(order + y) */ + + if (!TEST_true(EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) + || !TEST_true(EC_POINT_is_at_infinity(group, P)) + || !TEST_true(BN_rand(x, BN_num_bits(y) - 1, 0, 0)) + || !TEST_true(BN_add(z, x, y))) + goto err; + BN_set_negative(z, 1); + scalars[0] = x; + scalars[1] = y; + scalars[2] = z; /* z = -(x+y) */ + + if (!TEST_ptr(scalar3 = BN_new())) + goto err; + BN_zero(scalar3); + scalars[3] = scalar3; + + if (!TEST_true(EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx)) + || !TEST_true(EC_POINT_is_at_infinity(group, P))) + goto err; + + TEST_note(" ok\n"); + + + r = 1; +err: + BN_CTX_free(ctx); + BN_free(p); + BN_free(a); + BN_free(b); + EC_GROUP_free(group); + EC_GROUP_free(tmp); + EC_POINT_free(P); + EC_POINT_free(Q); + EC_POINT_free(R); + BN_free(x); + BN_free(y); + BN_free(z); + BN_free(yplusone); + BN_free(scalar3); + EC_GROUP_free(P_160); + EC_GROUP_free(P_192); + EC_GROUP_free(P_224); + EC_GROUP_free(P_256); + EC_GROUP_free(P_384); + EC_GROUP_free(P_521); + return r; +} + +# ifndef OPENSSL_NO_EC2M + +static struct c2_curve_test { + const char *name; + const char *p; + const char *a; + const char *b; + const char *x; + const char *y; + int ybit; + const char *order; + const char *cof; + int degree; +} char2_curve_tests[] = { + /* Curve K-163 (FIPS PUB 186-2, App. 6) */ { - const EC_POINT *points[4]; - const BIGNUM *scalars[4]; - BIGNUM *scalar3; + "NIST curve K-163", + "0800000000000000000000000000000000000000C9", + "1", + "1", + "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8", + "0289070FB05D38FF58321F2E800536D538CCDAA3D9", + 1, "04000000000000000000020108A2E0CC0D99F8A5EF", "2", 163 + }, + /* Curve B-163 (FIPS PUB 186-2, App. 6) */ + { + "NIST curve B-163", + "0800000000000000000000000000000000000000C9", + "1", + "020A601907B8C953CA1481EB10512F78744A3205FD", + "03F0EBA16286A2D57EA0991168D4994637E8343E36", + "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1", + 1, "040000000000000000000292FE77E70C12A4234C33", "2", 163 + }, + /* Curve K-233 (FIPS PUB 186-2, App. 6) */ + { + "NIST curve K-233", + "020000000000000000000000000000000000000004000000000000000001", + "0", + "1", + "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126", + "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3", + 0, + "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF", + "4", 233 + }, + /* Curve B-233 (FIPS PUB 186-2, App. 6) */ + { + "NIST curve B-233", + "020000000000000000000000000000000000000004000000000000000001", + "000000000000000000000000000000000000000000000000000000000001", + "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD", + "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B", + "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052", + 1, + "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7", + "2", 233 + }, + /* Curve K-283 (FIPS PUB 186-2, App. 6) */ + { + "NIST curve K-283", + "08000000" + "00000000000000000000000000000000000000000000000000000000000010A1", + "0", + "1", + "0503213F" + "78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836", + "01CCDA38" + "0F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259", + 0, + "01FFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61", + "4", 283 + }, + /* Curve B-283 (FIPS PUB 186-2, App. 6) */ + { + "NIST curve B-283", + "08000000" + "00000000000000000000000000000000000000000000000000000000000010A1", + "00000000" + "0000000000000000000000000000000000000000000000000000000000000001", + "027B680A" + "C8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5", + "05F93925" + "8DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053", + "03676854" + "FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4", + 1, + "03FFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307", + "2", 283 + }, + /* Curve K-409 (FIPS PUB 186-2, App. 6) */ + { + "NIST curve K-409", + "0200000000000000000000000000000000000000" + "0000000000000000000000000000000000000000008000000000000000000001", + "0", + "1", + "0060F05F658F49C1AD3AB1890F7184210EFD0987" + "E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746", + "01E369050B7C4E42ACBA1DACBF04299C3460782F" + "918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B", + 1, + "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF", + "4", 409 + }, + /* Curve B-409 (FIPS PUB 186-2, App. 6) */ + { + "NIST curve B-409", + "0200000000000000000000000000000000000000" + "0000000000000000000000000000000000000000008000000000000000000001", + "0000000000000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000001", + "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422E" + "F1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F", + "015D4860D088DDB3496B0C6064756260441CDE4A" + "F1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7", + "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5" + "A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706", + 1, + "0100000000000000000000000000000000000000" + "00000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173", + "2", 409 + }, + /* Curve K-571 (FIPS PUB 186-2, App. 6) */ + { + "NIST curve K-571", + "800000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000425", + "0", + "1", + "026EB7A859923FBC" + "82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E6" + "47DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972", + "0349DC807F4FBF37" + "4F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA7" + "4FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3", + 0, + "0200000000000000" + "00000000000000000000000000000000000000000000000000000000131850E1" + "F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001", + "4", 571 + }, + /* Curve B-571 (FIPS PUB 186-2, App. 6) */ + { + "NIST curve B-571", + "800000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000425", + "0000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000001", + "02F40E7E2221F295" + "DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA5933" + "2BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A", + "0303001D34B85629" + "6C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293" + "CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19", + "037BF27342DA639B" + "6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A57" + "6291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B", + 1, + "03FFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18" + "FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47", + "2", 571 + } +}; + +static int char2_curve_test(int n) +{ + int r = 0; + BN_CTX *ctx = NULL; + BIGNUM *p = NULL, *a = NULL, *b = NULL; + BIGNUM *x = NULL, *y = NULL, *z = NULL, *cof = NULL, *yplusone = NULL; + EC_GROUP *group = NULL, *variable = NULL; + EC_POINT *P = NULL, *Q = NULL, *R = NULL; + const EC_POINT *points[3]; + const BIGNUM *scalars[3]; + struct c2_curve_test *const test = char2_curve_tests + n; + + if (!TEST_ptr(ctx = BN_CTX_new()) + || !TEST_ptr(p = BN_new()) + || !TEST_ptr(a = BN_new()) + || !TEST_ptr(b = BN_new()) + || !TEST_ptr(x = BN_new()) + || !TEST_ptr(y = BN_new()) + || !TEST_ptr(z = BN_new()) + || !TEST_ptr(yplusone = BN_new()) + || !TEST_true(BN_hex2bn(&p, test->p)) + || !TEST_true(BN_hex2bn(&a, test->a)) + || !TEST_true(BN_hex2bn(&b, test->b)) + || !TEST_true(group = EC_GROUP_new(EC_GF2m_simple_method())) + || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) + || !TEST_ptr(P = EC_POINT_new(group)) + || !TEST_ptr(Q = EC_POINT_new(group)) + || !TEST_ptr(R = EC_POINT_new(group)) + || !TEST_true(BN_hex2bn(&x, test->x)) + || !TEST_true(BN_hex2bn(&y, test->y)) + || !TEST_true(BN_add(yplusone, y, BN_value_one()))) + goto err; + +/* Change test based on whether binary point compression is enabled or not. */ +# ifdef OPENSSL_EC_BIN_PT_COMP + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ + if (!TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, ctx)) + || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, + test->y_bit, + ctx)) + || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) + || !TEST_true(BN_hex2bn(&z, test->order)) + || !TEST_true(BN_hex2bn(&cof, test->cof)) + || !TEST_true(EC_GROUP_set_generator(group, P, z, cof)) + || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx))) + goto err; + TEST_info("%s -- Generator", test->name); + test_output_bignum("x", x); + test_output_bignum("y", y); + /* G_y value taken from the standard: */ + if (!TEST_true(BN_hex2bn(&z, test->y)) + || !TEST_BN_eq(y, z)) + goto err; +# else + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ + if (!TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, ctx)) + || !TEST_true(EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) + || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) + || !TEST_true(BN_hex2bn(&z, test->order)) + || !TEST_true(BN_hex2bn(&cof, test->cof)) + || !TEST_true(EC_GROUP_set_generator(group, P, z, cof))) + goto err; + TEST_info("%s -- Generator:", test->name); + test_output_bignum("x", x); + test_output_bignum("y", y); +# endif + + if (!TEST_int_eq(EC_GROUP_get_degree(group), test->degree) + || !group_order_tests(group) + || !TEST_ptr(variable = EC_GROUP_new(EC_GROUP_method_of(group))) + || !TEST_true(EC_GROUP_copy(variable, group))) + goto err; + + /* more tests using the last curve */ + if (n == OSSL_NELEM(char2_curve_tests) - 1) { + if (!TEST_true(EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) + || !TEST_true(EC_POINT_copy(Q, P)) + || !TEST_false(EC_POINT_is_at_infinity(group, Q)) + || !TEST_true(EC_POINT_dbl(group, P, P, ctx)) + || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) + || !TEST_true(EC_POINT_invert(group, Q, ctx)) /* P = -2Q */ + || !TEST_true(EC_POINT_add(group, R, P, Q, ctx)) + || !TEST_true(EC_POINT_add(group, R, R, Q, ctx)) + || !TEST_true(EC_POINT_is_at_infinity(group, R)) /* R = P + 2Q */ + || !TEST_false(EC_POINT_is_at_infinity(group, Q))) + goto err; - if (EC_POINT_is_at_infinity(group, Q)) - ABORT; points[0] = Q; points[1] = Q; points[2] = Q; - points[3] = Q; - - if (!EC_GROUP_get_order(group, z, ctx)) - ABORT; - if (!BN_add(y, z, BN_value_one())) - ABORT; - if (BN_is_odd(y)) - ABORT; - if (!BN_rshift1(y, y)) - ABORT; + + if (!TEST_true(BN_add(y, z, BN_value_one())) + || !TEST_BN_even(y) + || !TEST_true(BN_rshift1(y, y))) + goto err; scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */ scalars[1] = y; - fprintf(stdout, "combined multiplication ..."); - fflush(stdout); + TEST_note("combined multiplication ..."); /* z is still the group order */ - if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) - ABORT; - if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx)) - ABORT; - if (0 != EC_POINT_cmp(group, P, R, ctx)) - ABORT; - if (0 != EC_POINT_cmp(group, R, Q, ctx)) - ABORT; - - fprintf(stdout, "."); - fflush(stdout); - - if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) - ABORT; - if (!BN_add(z, z, y)) - ABORT; + if (!TEST_true(EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) + || !TEST_true(EC_POINTs_mul(group, R, z, 2, points, scalars, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, P, R, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, R, Q, ctx))) + goto err; + + if (!TEST_true(BN_rand(y, BN_num_bits(y), 0, 0)) + || !TEST_true(BN_add(z, z, y))) + goto err; BN_set_negative(z, 1); scalars[0] = y; scalars[1] = z; /* z = -(order + y) */ - if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) - ABORT; - if (!EC_POINT_is_at_infinity(group, P)) - ABORT; + if (!TEST_true(EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) + || !TEST_true(EC_POINT_is_at_infinity(group, P))) + goto err; - fprintf(stdout, "."); - fflush(stdout); - - if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0)) - ABORT; - if (!BN_add(z, x, y)) - ABORT; + if (!TEST_true(BN_rand(x, BN_num_bits(y) - 1, 0, 0)) + || !TEST_true(BN_add(z, x, y))) + goto err; BN_set_negative(z, 1); scalars[0] = x; scalars[1] = y; scalars[2] = z; /* z = -(x+y) */ - scalar3 = BN_new(); - if (!scalar3) - ABORT; - BN_zero(scalar3); - scalars[3] = scalar3; - - if (!EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx)) - ABORT; - if (!EC_POINT_is_at_infinity(group, P)) - ABORT; - - fprintf(stdout, " ok\n\n"); - - BN_free(scalar3); + if (!TEST_true(EC_POINTs_mul(group, P, NULL, 3, points, scalars, ctx)) + || !TEST_true(EC_POINT_is_at_infinity(group, P))) + goto err;; } + r = 1; +err: BN_CTX_free(ctx); BN_free(p); BN_free(a); BN_free(b); - EC_GROUP_free(group); - EC_POINT_free(P); - EC_POINT_free(Q); - EC_POINT_free(R); BN_free(x); BN_free(y); BN_free(z); BN_free(yplusone); - - EC_GROUP_free(P_160); - EC_GROUP_free(P_192); - EC_GROUP_free(P_224); - EC_GROUP_free(P_256); - EC_GROUP_free(P_384); - EC_GROUP_free(P_521); - + BN_free(cof); + EC_POINT_free(P); + EC_POINT_free(Q); + EC_POINT_free(R); + EC_GROUP_free(group); + EC_GROUP_free(variable); + return r; } -/* Change test based on whether binary point compression is enabled or not. */ -# ifdef OPENSSL_EC_BIN_PT_COMP -# define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \ - if (!BN_hex2bn(&x, _x)) ABORT; \ - if (!BN_hex2bn(&y, _y)) ABORT; \ - if (!BN_add(yplusone, y, BN_value_one())) ABORT; \ - /* \ - * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, \ - * and therefore setting the coordinates should fail. \ - */ \ - if (EC_POINT_set_affine_coordinates_GF2m(group, P, x, yplusone, ctx)) ABORT; \ - if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \ - if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \ - if (!BN_hex2bn(&z, _order)) ABORT; \ - if (!BN_hex2bn(&cof, _cof)) ABORT; \ - if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \ - if (!EC_POINT_get_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \ - fprintf(stdout, "\n%s -- Generator:\n x = 0x", _name); \ - BN_print_fp(stdout, x); \ - fprintf(stdout, "\n y = 0x"); \ - BN_print_fp(stdout, y); \ - fprintf(stdout, "\n"); \ - /* G_y value taken from the standard: */ \ - if (!BN_hex2bn(&z, _y)) ABORT; \ - if (0 != BN_cmp(y, z)) ABORT; -# else -# define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \ - if (!BN_hex2bn(&x, _x)) ABORT; \ - if (!BN_hex2bn(&y, _y)) ABORT; \ - if (!BN_add(yplusone, y, BN_value_one())) ABORT; \ - /* \ - * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, \ - * and therefore setting the coordinates should fail. \ - */ \ - if (EC_POINT_set_affine_coordinates_GF2m(group, P, x, yplusone, ctx)) ABORT; \ - if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \ - if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \ - if (!BN_hex2bn(&z, _order)) ABORT; \ - if (!BN_hex2bn(&cof, _cof)) ABORT; \ - if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \ - fprintf(stdout, "\n%s -- Generator:\n x = 0x", _name); \ - BN_print_fp(stdout, x); \ - fprintf(stdout, "\n y = 0x"); \ - BN_print_fp(stdout, y); \ - fprintf(stdout, "\n"); -# endif - -# define CHAR2_CURVE_TEST(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \ - if (!BN_hex2bn(&p, _p)) ABORT; \ - if (!BN_hex2bn(&a, _a)) ABORT; \ - if (!BN_hex2bn(&b, _b)) ABORT; \ - if (!EC_GROUP_set_curve_GF2m(group, p, a, b, ctx)) ABORT; \ - CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \ - fprintf(stdout, "verify degree ..."); \ - if (EC_GROUP_get_degree(group) != _degree) ABORT; \ - fprintf(stdout, " ok\n"); \ - group_order_tests(group); \ - if ((_variable = EC_GROUP_new(EC_GROUP_method_of(group))) == NULL) ABORT; \ - if (!EC_GROUP_copy(_variable, group)) ABORT; \ - -# ifndef OPENSSL_NO_EC2M - -static void char2_field_tests(void) +static int char2_field_tests(void) { BN_CTX *ctx = NULL; - BIGNUM *p, *a, *b; - EC_GROUP *group; - EC_GROUP *C2_K163 = NULL, *C2_K233 = NULL, *C2_K283 = NULL, *C2_K409 = - NULL, *C2_K571 = NULL; - EC_GROUP *C2_B163 = NULL, *C2_B233 = NULL, *C2_B283 = NULL, *C2_B409 = - NULL, *C2_B571 = NULL; - EC_POINT *P, *Q, *R; - BIGNUM *x, *y, *z, *cof, *yplusone; + BIGNUM *p = NULL, *a = NULL, *b = NULL; + EC_GROUP *group = NULL, *tmp = NULL; + EC_POINT *P = NULL, *Q = NULL, *R = NULL; + BIGNUM *x = NULL, *y = NULL, *z = NULL, *cof = NULL, *yplusone = NULL; unsigned char buf[100]; - size_t i, len; - int k; - - ctx = BN_CTX_new(); - if (!ctx) - ABORT; - - p = BN_new(); - a = BN_new(); - b = BN_new(); - if (p == NULL || a == NULL || b == NULL) - ABORT; - - if (!BN_hex2bn(&p, "13")) - ABORT; - if (!BN_hex2bn(&a, "3")) - ABORT; - if (!BN_hex2bn(&b, "1")) - ABORT; + size_t len; + int k, r = 0; + + if (!TEST_ptr(ctx = BN_CTX_new()) + || !TEST_ptr(p = BN_new()) + || !TEST_ptr(a = BN_new()) + || !TEST_ptr(b = BN_new()) + || !TEST_true(BN_hex2bn(&p, "13")) + || !TEST_true(BN_hex2bn(&a, "3")) + || !TEST_true(BN_hex2bn(&b, "1"))) + goto err; group = EC_GROUP_new(EC_GF2m_simple_method()); /* applications should use * EC_GROUP_new_curve_GF2m * so that the library gets * to choose the EC_METHOD */ - if (!group) - ABORT; - if (!EC_GROUP_set_curve_GF2m(group, p, a, b, ctx)) - ABORT; + if (!TEST_ptr(group) + || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) + || !TEST_ptr(tmp = EC_GROUP_new(EC_GROUP_method_of(group))) + || !TEST_true(EC_GROUP_copy(tmp, group))) + goto err; + EC_GROUP_free(group); + group = tmp; + tmp = NULL; - { - EC_GROUP *tmp; - tmp = EC_GROUP_new(EC_GROUP_method_of(group)); - if (!tmp) - ABORT; - if (!EC_GROUP_copy(tmp, group)) - ABORT; - EC_GROUP_free(group); - group = tmp; - } + if (!TEST_true(EC_GROUP_get_curve(group, p, a, b, ctx))) + goto err; + + TEST_info("Curve defined by Weierstrass equation"); + TEST_note(" y^2 + x*y = x^3 + a*x^2 + b (mod p)"); + test_output_bignum("a", a); + test_output_bignum("b", b); + test_output_bignum("p", p); - if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) - ABORT; - - fprintf(stdout, - "Curve defined by Weierstrass equation\n y^2 + x*y = x^3 + a*x^2 + b (mod 0x"); - BN_print_fp(stdout, p); - fprintf(stdout, ")\n a = 0x"); - BN_print_fp(stdout, a); - fprintf(stdout, "\n b = 0x"); - BN_print_fp(stdout, b); - fprintf(stdout, "\n(0x... means binary polynomial)\n"); - - P = EC_POINT_new(group); - Q = EC_POINT_new(group); - R = EC_POINT_new(group); - if (!P || !Q || !R) - ABORT; - - if (!EC_POINT_set_to_infinity(group, P)) - ABORT; - if (!EC_POINT_is_at_infinity(group, P)) - ABORT; + if (!TEST_ptr(P = EC_POINT_new(group)) + || !TEST_ptr(Q = EC_POINT_new(group)) + || !TEST_ptr(R = EC_POINT_new(group)) + || !TEST_true(EC_POINT_set_to_infinity(group, P)) + || !TEST_true(EC_POINT_is_at_infinity(group, P))) + goto err; buf[0] = 0; - if (!EC_POINT_oct2point(group, Q, buf, 1, ctx)) - ABORT; - - if (!EC_POINT_add(group, P, P, Q, ctx)) - ABORT; - if (!EC_POINT_is_at_infinity(group, P)) - ABORT; - - x = BN_new(); - y = BN_new(); - z = BN_new(); - cof = BN_new(); - yplusone = BN_new(); - if (x == NULL || y == NULL || z == NULL || cof == NULL || yplusone == NULL) - ABORT; - - if (!BN_hex2bn(&x, "6")) - ABORT; + if (!TEST_true(EC_POINT_oct2point(group, Q, buf, 1, ctx)) + || !TEST_true(EC_POINT_add(group, P, P, Q, ctx)) + || !TEST_true(EC_POINT_is_at_infinity(group, P)) + || !TEST_ptr(x = BN_new()) + || !TEST_ptr(y = BN_new()) + || !TEST_ptr(z = BN_new()) + || !TEST_ptr(cof = BN_new()) + || !TEST_ptr(yplusone = BN_new()) + || !TEST_true(BN_hex2bn(&x, "6")) /* Change test based on whether binary point compression is enabled or not. */ # ifdef OPENSSL_EC_BIN_PT_COMP - if (!EC_POINT_set_compressed_coordinates_GF2m(group, Q, x, 1, ctx)) - ABORT; + || !TEST_true(EC_POINT_set_compressed_coordinates(group, Q, x, 1, ctx)) # else - if (!BN_hex2bn(&y, "8")) - ABORT; - if (!EC_POINT_set_affine_coordinates_GF2m(group, Q, x, y, ctx)) - ABORT; + || !TEST_true(BN_hex2bn(&y, "8")) + || !TEST_true(EC_POINT_set_affine_coordinates(group, Q, x, y, ctx)) # endif - if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) { + ) + goto err; + if (!TEST_int_gt(EC_POINT_is_on_curve(group, Q, ctx), 0)) { /* Change test based on whether binary point compression is enabled or not. */ # ifdef OPENSSL_EC_BIN_PT_COMP - if (!EC_POINT_get_affine_coordinates_GF2m(group, Q, x, y, ctx)) - ABORT; + if (!TEST_true(EC_POINT_get_affine_coordinates(group, Q, x, y, ctx))) + goto err; # endif - fprintf(stderr, "Point is not on curve: x = 0x"); - BN_print_fp(stderr, x); - fprintf(stderr, ", y = 0x"); - BN_print_fp(stderr, y); - fprintf(stderr, "\n"); - ABORT; + TEST_info("Point is not on curve"); + test_output_bignum("x", x); + test_output_bignum("y", y); + goto err; } - fprintf(stdout, "A cyclic subgroup:\n"); + TEST_note("A cyclic subgroup:"); k = 100; do { - if (k-- == 0) - ABORT; + if (!TEST_int_ne(k--, 0)) + goto err; if (EC_POINT_is_at_infinity(group, P)) - fprintf(stdout, " point at infinity\n"); + TEST_note(" point at infinity"); else { - if (!EC_POINT_get_affine_coordinates_GF2m(group, P, x, y, ctx)) - ABORT; - - fprintf(stdout, " x = 0x"); - BN_print_fp(stdout, x); - fprintf(stdout, ", y = 0x"); - BN_print_fp(stdout, y); - fprintf(stdout, "\n"); + if (!TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, + ctx))) + goto err; + + test_output_bignum("x", x); + test_output_bignum("y", y); } - if (!EC_POINT_copy(R, P)) - ABORT; - if (!EC_POINT_add(group, P, P, Q, ctx)) - ABORT; + if (!TEST_true(EC_POINT_copy(R, P)) + || !TEST_true(EC_POINT_add(group, P, P, Q, ctx))) + goto err; } while (!EC_POINT_is_at_infinity(group, P)); - if (!EC_POINT_add(group, P, Q, R, ctx)) - ABORT; - if (!EC_POINT_is_at_infinity(group, P)) - ABORT; + if (!TEST_true(EC_POINT_add(group, P, Q, R, ctx)) + || !TEST_true(EC_POINT_is_at_infinity(group, P))) + goto err; /* Change test based on whether binary point compression is enabled or not. */ # ifdef OPENSSL_EC_BIN_PT_COMP - len = - EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, - sizeof(buf), ctx); - if (len == 0) - ABORT; - if (!EC_POINT_oct2point(group, P, buf, len, ctx)) - ABORT; - if (0 != EC_POINT_cmp(group, P, Q, ctx)) - ABORT; - fprintf(stdout, "Generator as octet string, compressed form:\n "); - for (i = 0; i < len; i++) - fprintf(stdout, "%02X", buf[i]); + len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, + buf, sizeof(buf), ctx); + if (!TEST_size_t_ne(len, 0) + || !TEST_true(EC_POINT_oct2point(group, P, buf, len, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, P, Q, ctx))) + goto err; + test_output_memory("Generator as octet string, compressed form:", + buf, len); # endif - len = - EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, - sizeof(buf), ctx); - if (len == 0) - ABORT; - if (!EC_POINT_oct2point(group, P, buf, len, ctx)) - ABORT; - if (0 != EC_POINT_cmp(group, P, Q, ctx)) - ABORT; - fprintf(stdout, "\nGenerator as octet string, uncompressed form:\n "); - for (i = 0; i < len; i++) - fprintf(stdout, "%02X", buf[i]); + len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, + buf, sizeof(buf), ctx); + if (!TEST_size_t_ne(len, 0) + || !TEST_true(EC_POINT_oct2point(group, P, buf, len, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, P, Q, ctx))) + goto err; + test_output_memory("Generator as octet string, uncompressed form:", + buf, len); /* Change test based on whether binary point compression is enabled or not. */ # ifdef OPENSSL_EC_BIN_PT_COMP len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof(buf), ctx); - if (len == 0) - ABORT; - if (!EC_POINT_oct2point(group, P, buf, len, ctx)) - ABORT; - if (0 != EC_POINT_cmp(group, P, Q, ctx)) - ABORT; - fprintf(stdout, "\nGenerator as octet string, hybrid form:\n "); - for (i = 0; i < len; i++) - fprintf(stdout, "%02X", buf[i]); + if (!TEST_size_t_ne(len, 0) + || !TEST_true(EC_POINT_oct2point(group, P, buf, len, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, P, Q, ctx))) + goto err; + test_output_memory("Generator as octet string, hybrid form:", + buf, len); # endif - fprintf(stdout, "\n"); - - if (!EC_POINT_invert(group, P, ctx)) - ABORT; - if (0 != EC_POINT_cmp(group, P, R, ctx)) - ABORT; - - /* Curve K-163 (FIPS PUB 186-2, App. 6) */ - CHAR2_CURVE_TEST - ("NIST curve K-163", - "0800000000000000000000000000000000000000C9", - "1", - "1", - "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8", - "0289070FB05D38FF58321F2E800536D538CCDAA3D9", - 1, "04000000000000000000020108A2E0CC0D99F8A5EF", "2", 163, C2_K163); - - /* Curve B-163 (FIPS PUB 186-2, App. 6) */ - CHAR2_CURVE_TEST - ("NIST curve B-163", - "0800000000000000000000000000000000000000C9", - "1", - "020A601907B8C953CA1481EB10512F78744A3205FD", - "03F0EBA16286A2D57EA0991168D4994637E8343E36", - "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1", - 1, "040000000000000000000292FE77E70C12A4234C33", "2", 163, C2_B163); - - /* Curve K-233 (FIPS PUB 186-2, App. 6) */ - CHAR2_CURVE_TEST - ("NIST curve K-233", - "020000000000000000000000000000000000000004000000000000000001", - "0", - "1", - "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126", - "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3", - 0, - "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF", - "4", 233, C2_K233); - - /* Curve B-233 (FIPS PUB 186-2, App. 6) */ - CHAR2_CURVE_TEST - ("NIST curve B-233", - "020000000000000000000000000000000000000004000000000000000001", - "000000000000000000000000000000000000000000000000000000000001", - "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD", - "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B", - "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052", - 1, - "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7", - "2", 233, C2_B233); - - /* Curve K-283 (FIPS PUB 186-2, App. 6) */ - CHAR2_CURVE_TEST - ("NIST curve K-283", - "0800000000000000000000000000000000000000000000000000000000000000000010A1", - "0", - "1", - "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836", - "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259", - 0, - "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61", - "4", 283, C2_K283); - - /* Curve B-283 (FIPS PUB 186-2, App. 6) */ - CHAR2_CURVE_TEST - ("NIST curve B-283", - "0800000000000000000000000000000000000000000000000000000000000000000010A1", - "000000000000000000000000000000000000000000000000000000000000000000000001", - "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5", - "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053", - "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4", - 1, - "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307", - "2", 283, C2_B283); + if (!TEST_true(EC_POINT_invert(group, P, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, P, R, ctx))) + goto err; - /* Curve K-409 (FIPS PUB 186-2, App. 6) */ - CHAR2_CURVE_TEST - ("NIST curve K-409", - "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001", - "0", - "1", - "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746", - "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B", - 1, - "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF", - "4", 409, C2_K409); - - /* Curve B-409 (FIPS PUB 186-2, App. 6) */ - CHAR2_CURVE_TEST - ("NIST curve B-409", - "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001", - "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", - "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F", - "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7", - "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706", - 1, - "010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173", - "2", 409, C2_B409); - - /* Curve K-571 (FIPS PUB 186-2, App. 6) */ - CHAR2_CURVE_TEST - ("NIST curve K-571", - "80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425", - "0", - "1", - "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972", - "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3", - 0, - "020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001", - "4", 571, C2_K571); - - /* Curve B-571 (FIPS PUB 186-2, App. 6) */ - CHAR2_CURVE_TEST - ("NIST curve B-571", - "80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425", - "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", - "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A", - "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19", - "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B", - 1, - "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47", - "2", 571, C2_B571); - - /* more tests using the last curve */ - - if (!EC_POINT_copy(Q, P)) - ABORT; - if (EC_POINT_is_at_infinity(group, Q)) - ABORT; - if (!EC_POINT_dbl(group, P, P, ctx)) - ABORT; - if (EC_POINT_is_on_curve(group, P, ctx) <= 0) - ABORT; - if (!EC_POINT_invert(group, Q, ctx)) - ABORT; /* P = -2Q */ - - if (!EC_POINT_add(group, R, P, Q, ctx)) - ABORT; - if (!EC_POINT_add(group, R, R, Q, ctx)) - ABORT; - if (!EC_POINT_is_at_infinity(group, R)) - ABORT; /* R = P + 2Q */ - - { - const EC_POINT *points[3]; - const BIGNUM *scalars[3]; - - if (EC_POINT_is_at_infinity(group, Q)) - ABORT; - points[0] = Q; - points[1] = Q; - points[2] = Q; - - if (!BN_add(y, z, BN_value_one())) - ABORT; - if (BN_is_odd(y)) - ABORT; - if (!BN_rshift1(y, y)) - ABORT; - scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */ - scalars[1] = y; - - fprintf(stdout, "combined multiplication ..."); - fflush(stdout); - - /* z is still the group order */ - if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) - ABORT; - if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx)) - ABORT; - if (0 != EC_POINT_cmp(group, P, R, ctx)) - ABORT; - if (0 != EC_POINT_cmp(group, R, Q, ctx)) - ABORT; - - fprintf(stdout, "."); - fflush(stdout); - - if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) - ABORT; - if (!BN_add(z, z, y)) - ABORT; - BN_set_negative(z, 1); - scalars[0] = y; - scalars[1] = z; /* z = -(order + y) */ - - if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) - ABORT; - if (!EC_POINT_is_at_infinity(group, P)) - ABORT; - - fprintf(stdout, "."); - fflush(stdout); - - if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0)) - ABORT; - if (!BN_add(z, x, y)) - ABORT; - BN_set_negative(z, 1); - scalars[0] = x; - scalars[1] = y; - scalars[2] = z; /* z = -(x+y) */ - - if (!EC_POINTs_mul(group, P, NULL, 3, points, scalars, ctx)) - ABORT; - if (!EC_POINT_is_at_infinity(group, P)) - ABORT; - - fprintf(stdout, " ok\n\n"); - } + TEST_note("\n"); + r = 1; +err: BN_CTX_free(ctx); BN_free(p); BN_free(a); BN_free(b); EC_GROUP_free(group); + EC_GROUP_free(tmp); EC_POINT_free(P); EC_POINT_free(Q); EC_POINT_free(R); @@ -1378,89 +1122,41 @@ static void char2_field_tests(void) BN_free(z); BN_free(cof); BN_free(yplusone); - - EC_GROUP_free(C2_K163); - EC_GROUP_free(C2_B163); - EC_GROUP_free(C2_K233); - EC_GROUP_free(C2_B233); - EC_GROUP_free(C2_K283); - EC_GROUP_free(C2_B283); - EC_GROUP_free(C2_K409); - EC_GROUP_free(C2_B409); - EC_GROUP_free(C2_K571); - EC_GROUP_free(C2_B571); - + return r; } # endif -static void internal_curve_test(void) +static int internal_curve_test(int n) { - EC_builtin_curve *curves = NULL; - size_t crv_len = 0, n = 0; - int ok = 1; + EC_GROUP *group = NULL; + int nid = curves[n].nid; - crv_len = EC_get_builtin_curves(NULL, 0); - curves = OPENSSL_malloc(sizeof(*curves) * crv_len); - if (curves == NULL) - return; - - if (!EC_get_builtin_curves(curves, crv_len)) { - OPENSSL_free(curves); - return; + if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))) { + TEST_info("EC_GROUP_new_curve_name() failed with curve %s\n", + OBJ_nid2sn(nid)); + return 0; } - - fprintf(stdout, "testing internal curves: "); - - for (n = 0; n < crv_len; n++) { - EC_GROUP *group = NULL; - int nid = curves[n].nid; - if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL) { - ok = 0; - fprintf(stdout, "\nEC_GROUP_new_curve_name() failed with" - " curve %s\n", OBJ_nid2sn(nid)); - /* try next curve */ - continue; - } - if (!EC_GROUP_check(group, NULL)) { - ok = 0; - fprintf(stdout, "\nEC_GROUP_check() failed with" - " curve %s\n", OBJ_nid2sn(nid)); - EC_GROUP_free(group); - /* try the next curve */ - continue; - } - fprintf(stdout, "."); - fflush(stdout); + if (!TEST_true(EC_GROUP_check(group, NULL))) { + TEST_info("EC_GROUP_check() failed with curve %s\n", OBJ_nid2sn(nid)); EC_GROUP_free(group); + return 0; } - if (ok) - fprintf(stdout, " ok\n\n"); - else { - fprintf(stdout, " failed\n\n"); - ABORT; - } + EC_GROUP_free(group); + return 1; +} - /* Test all built-in curves and let the library choose the EC_METHOD */ - for (n = 0; n < crv_len; n++) { - EC_GROUP *group = NULL; - int nid = curves[n].nid; - /* - * Skip for X25519 because low level operations such as EC_POINT_mul() - * are not supported for this curve - */ - if (nid == NID_X25519) - continue; - fprintf(stdout, "%s:\n", OBJ_nid2sn(nid)); - fflush(stdout); - if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL) { - ABORT; - } - group_order_tests(group); - EC_GROUP_free(group); - } +static int internal_curve_test_method(int n) +{ + int r, nid = curves[n].nid; + EC_GROUP *group; - OPENSSL_free(curves); - return; + if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))) { + TEST_info("Curve %s failed\n", OBJ_nid2sn(nid)); + return 0; + } + r = group_order_tests(group); + EC_GROUP_free(group); + return r; } # ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 @@ -1469,7 +1165,7 @@ static void internal_curve_test(void) * implementations of several NIST curves with characteristic > 3. */ struct nistp_test_params { - const EC_METHOD *(*meth) (); + const EC_METHOD *(*meth) (void); int degree; /* * Qx, Qy and D are taken from @@ -1531,160 +1227,165 @@ static const struct nistp_test_params nistp_tests_params[] = { EC_GFp_nistp521_method, 521, /* p */ - "1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "1ff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", /* a */ - "1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc", + "1ff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc", /* b */ - "051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00", + "051" + "953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e1" + "56193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00", /* Qx */ - "0098e91eef9a68452822309c52fab453f5f117c1da8ed796b255e9ab8f6410cca16e59df403a6bdc6ca467a37056b1e54b3005d8ac030decfeb68df18b171885d5c4", + "0098" + "e91eef9a68452822309c52fab453f5f117c1da8ed796b255e9ab8f6410cca16e" + "59df403a6bdc6ca467a37056b1e54b3005d8ac030decfeb68df18b171885d5c4", /* Qy */ - "0164350c321aecfc1cca1ba4364c9b15656150b4b78d6a48d7d28e7f31985ef17be8554376b72900712c4b83ad668327231526e313f5f092999a4632fd50d946bc2e", + "0164" + "350c321aecfc1cca1ba4364c9b15656150b4b78d6a48d7d28e7f31985ef17be8" + "554376b72900712c4b83ad668327231526e313f5f092999a4632fd50d946bc2e", /* Gx */ - "c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66", + "c6" + "858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dba" + "a14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66", /* Gy */ - "11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650", + "118" + "39296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c" + "97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650", /* order */ - "1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409", + "1ff" + "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa" + "51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409", /* d */ - "0100085f47b8e1b8b11b7eb33028c0b2888e304bfc98501955b45bba1478dc184eeedf09b86a5f7c21994406072787205e69a63709fe35aa93ba333514b24f961722", + "0100" + "085f47b8e1b8b11b7eb33028c0b2888e304bfc98501955b45bba1478dc184eee" + "df09b86a5f7c21994406072787205e69a63709fe35aa93ba333514b24f961722", }, }; -static void nistp_single_test(const struct nistp_test_params *test) +static int nistp_single_test(int idx) { - BN_CTX *ctx; - BIGNUM *p, *a, *b, *x, *y, *n, *m, *order, *yplusone; - EC_GROUP *NISTP; - EC_POINT *G, *P, *Q, *Q_CHECK; - - fprintf(stdout, "\nNIST curve P-%d (optimised implementation):\n", - test->degree); - ctx = BN_CTX_new(); - p = BN_new(); - a = BN_new(); - b = BN_new(); - x = BN_new(); - y = BN_new(); - m = BN_new(); - n = BN_new(); - order = BN_new(); - yplusone = BN_new(); - - NISTP = EC_GROUP_new(test->meth()); - if (!NISTP) - ABORT; - if (!BN_hex2bn(&p, test->p)) - ABORT; - if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) - ABORT; - if (!BN_hex2bn(&a, test->a)) - ABORT; - if (!BN_hex2bn(&b, test->b)) - ABORT; - if (!EC_GROUP_set_curve_GFp(NISTP, p, a, b, ctx)) - ABORT; - G = EC_POINT_new(NISTP); - P = EC_POINT_new(NISTP); - Q = EC_POINT_new(NISTP); - Q_CHECK = EC_POINT_new(NISTP); - if (!BN_hex2bn(&x, test->Qx)) - ABORT; - if (!BN_hex2bn(&y, test->Qy)) - ABORT; - if (!BN_add(yplusone, y, BN_value_one())) - ABORT; + const struct nistp_test_params *test = nistp_tests_params + idx; + BN_CTX *ctx = NULL; + BIGNUM *p = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL; + BIGNUM *n = NULL, *m = NULL, *order = NULL, *yplusone = NULL; + EC_GROUP *NISTP = NULL; + EC_POINT *G = NULL, *P = NULL, *Q = NULL, *Q_CHECK = NULL; + int r = 0; + + TEST_note("NIST curve P-%d (optimised implementation):", + test->degree); + if (!TEST_ptr(ctx = BN_CTX_new()) + || !TEST_ptr(p = BN_new()) + || !TEST_ptr(a = BN_new()) + || !TEST_ptr(b = BN_new()) + || !TEST_ptr(x = BN_new()) + || !TEST_ptr(y = BN_new()) + || !TEST_ptr(m = BN_new()) + || !TEST_ptr(n = BN_new()) + || !TEST_ptr(order = BN_new()) + || !TEST_ptr(yplusone = BN_new()) + + || !TEST_ptr(NISTP = EC_GROUP_new(test->meth())) + || !TEST_true(BN_hex2bn(&p, test->p)) + || !TEST_int_eq(1, BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) + || !TEST_true(BN_hex2bn(&a, test->a)) + || !TEST_true(BN_hex2bn(&b, test->b)) + || !TEST_true(EC_GROUP_set_curve(NISTP, p, a, b, ctx)) + || !TEST_ptr(G = EC_POINT_new(NISTP)) + || !TEST_ptr(P = EC_POINT_new(NISTP)) + || !TEST_ptr(Q = EC_POINT_new(NISTP)) + || !TEST_ptr(Q_CHECK = EC_POINT_new(NISTP)) + || !TEST_true(BN_hex2bn(&x, test->Qx)) + || !TEST_true(BN_hex2bn(&y, test->Qy)) + || !TEST_true(BN_add(yplusone, y, BN_value_one())) /* * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, * and therefore setting the coordinates should fail. */ - if (EC_POINT_set_affine_coordinates_GFp(NISTP, Q_CHECK, x, yplusone, ctx)) - ABORT; - if (!EC_POINT_set_affine_coordinates_GFp(NISTP, Q_CHECK, x, y, ctx)) - ABORT; - if (!BN_hex2bn(&x, test->Gx)) - ABORT; - if (!BN_hex2bn(&y, test->Gy)) - ABORT; - if (!EC_POINT_set_affine_coordinates_GFp(NISTP, G, x, y, ctx)) - ABORT; - if (!BN_hex2bn(&order, test->order)) - ABORT; - if (!EC_GROUP_set_generator(NISTP, G, order, BN_value_one())) - ABORT; - - fprintf(stdout, "verify degree ... "); - if (EC_GROUP_get_degree(NISTP) != test->degree) - ABORT; - fprintf(stdout, "ok\n"); - - fprintf(stdout, "NIST test vectors ... "); - if (!BN_hex2bn(&n, test->d)) - ABORT; + || !TEST_false(EC_POINT_set_affine_coordinates(NISTP, Q_CHECK, x, + yplusone, ctx)) + || !TEST_true(EC_POINT_set_affine_coordinates(NISTP, Q_CHECK, x, y, + ctx)) + || !TEST_true(BN_hex2bn(&x, test->Gx)) + || !TEST_true(BN_hex2bn(&y, test->Gy)) + || !TEST_true(EC_POINT_set_affine_coordinates(NISTP, G, x, y, ctx)) + || !TEST_true(BN_hex2bn(&order, test->order)) + || !TEST_true(EC_GROUP_set_generator(NISTP, G, order, BN_value_one())) + || !TEST_int_eq(EC_GROUP_get_degree(NISTP), test->degree)) + goto err; + + TEST_note("NIST test vectors ... "); + if (!TEST_true(BN_hex2bn(&n, test->d))) + goto err; /* fixed point multiplication */ EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx); - if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) - ABORT; + if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))) + goto err; /* random point multiplication */ EC_POINT_mul(NISTP, Q, NULL, G, n, ctx); - if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) - ABORT; - - /* set generator to P = 2*G, where G is the standard generator */ - if (!EC_POINT_dbl(NISTP, P, G, ctx)) - ABORT; - if (!EC_GROUP_set_generator(NISTP, P, order, BN_value_one())) - ABORT; - /* set the scalar to m=n/2, where n is the NIST test scalar */ - if (!BN_rshift(m, n, 1)) - ABORT; + if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) + + /* set generator to P = 2*G, where G is the standard generator */ + || !TEST_true(EC_POINT_dbl(NISTP, P, G, ctx)) + || !TEST_true(EC_GROUP_set_generator(NISTP, P, order, BN_value_one())) + /* set the scalar to m=n/2, where n is the NIST test scalar */ + || !TEST_true(BN_rshift(m, n, 1))) + goto err; /* test the non-standard generator */ /* fixed point multiplication */ EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx); - if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) - ABORT; + if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))) + goto err; /* random point multiplication */ EC_POINT_mul(NISTP, Q, NULL, P, m, ctx); - if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) - ABORT; + if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) /* * We have not performed precomputation so have_precompute mult should be * false */ - if (EC_GROUP_have_precompute_mult(NISTP)) - ABORT; + || !TEST_false(EC_GROUP_have_precompute_mult(NISTP)) /* now repeat all tests with precomputation */ - if (!EC_GROUP_precompute_mult(NISTP, ctx)) - ABORT; - if (!EC_GROUP_have_precompute_mult(NISTP)) - ABORT; + || !TEST_true(EC_GROUP_precompute_mult(NISTP, ctx)) + || !TEST_true(EC_GROUP_have_precompute_mult(NISTP))) + goto err; /* fixed point multiplication */ EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx); - if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) - ABORT; + if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))) + goto err; /* random point multiplication */ EC_POINT_mul(NISTP, Q, NULL, P, m, ctx); - if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) - ABORT; + if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) /* reset generator */ - if (!EC_GROUP_set_generator(NISTP, G, order, BN_value_one())) - ABORT; + || !TEST_true(EC_GROUP_set_generator(NISTP, G, order, BN_value_one()))) + goto err; /* fixed point multiplication */ EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx); - if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) - ABORT; + if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))) + goto err; /* random point multiplication */ EC_POINT_mul(NISTP, Q, NULL, G, n, ctx); - if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) - ABORT; - - fprintf(stdout, "ok\n"); - group_order_tests(NISTP); + if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))) + goto err; + + /* regression test for felem_neg bug */ + if (!TEST_true(BN_set_word(m, 32)) + || !TEST_true(BN_set_word(n, 31)) + || !TEST_true(EC_POINT_copy(P, G)) + || !TEST_true(EC_POINT_invert(NISTP, P, ctx)) + || !TEST_true(EC_POINT_mul(NISTP, Q, m, P, n, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, G, ctx))) + goto err; + + r = group_order_tests(NISTP); +err: EC_GROUP_free(NISTP); EC_POINT_free(G); EC_POINT_free(P); @@ -1700,77 +1401,125 @@ static void nistp_single_test(const struct nistp_test_params *test) BN_free(order); BN_free(yplusone); BN_CTX_free(ctx); + return r; } +# endif -static void nistp_tests() -{ - unsigned i; +static const unsigned char p521_named[] = { + 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23, +}; - for (i = 0; i < OSSL_NELEM(nistp_tests_params); i++) { - nistp_single_test(&nistp_tests_params[i]); - } -} -# endif +static const unsigned char p521_explicit[] = { + 0x30, 0x82, 0x01, 0xc3, 0x02, 0x01, 0x01, 0x30, 0x4d, 0x06, 0x07, 0x2a, + 0x86, 0x48, 0xce, 0x3d, 0x01, 0x01, 0x02, 0x42, 0x01, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0x30, 0x81, 0x9f, 0x04, 0x42, 0x01, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xfc, 0x04, 0x42, 0x00, 0x51, 0x95, 0x3e, 0xb9, 0x61, 0x8e, 0x1c, 0x9a, + 0x1f, 0x92, 0x9a, 0x21, 0xa0, 0xb6, 0x85, 0x40, 0xee, 0xa2, 0xda, 0x72, + 0x5b, 0x99, 0xb3, 0x15, 0xf3, 0xb8, 0xb4, 0x89, 0x91, 0x8e, 0xf1, 0x09, + 0xe1, 0x56, 0x19, 0x39, 0x51, 0xec, 0x7e, 0x93, 0x7b, 0x16, 0x52, 0xc0, + 0xbd, 0x3b, 0xb1, 0xbf, 0x07, 0x35, 0x73, 0xdf, 0x88, 0x3d, 0x2c, 0x34, + 0xf1, 0xef, 0x45, 0x1f, 0xd4, 0x6b, 0x50, 0x3f, 0x00, 0x03, 0x15, 0x00, + 0xd0, 0x9e, 0x88, 0x00, 0x29, 0x1c, 0xb8, 0x53, 0x96, 0xcc, 0x67, 0x17, + 0x39, 0x32, 0x84, 0xaa, 0xa0, 0xda, 0x64, 0xba, 0x04, 0x81, 0x85, 0x04, + 0x00, 0xc6, 0x85, 0x8e, 0x06, 0xb7, 0x04, 0x04, 0xe9, 0xcd, 0x9e, 0x3e, + 0xcb, 0x66, 0x23, 0x95, 0xb4, 0x42, 0x9c, 0x64, 0x81, 0x39, 0x05, 0x3f, + 0xb5, 0x21, 0xf8, 0x28, 0xaf, 0x60, 0x6b, 0x4d, 0x3d, 0xba, 0xa1, 0x4b, + 0x5e, 0x77, 0xef, 0xe7, 0x59, 0x28, 0xfe, 0x1d, 0xc1, 0x27, 0xa2, 0xff, + 0xa8, 0xde, 0x33, 0x48, 0xb3, 0xc1, 0x85, 0x6a, 0x42, 0x9b, 0xf9, 0x7e, + 0x7e, 0x31, 0xc2, 0xe5, 0xbd, 0x66, 0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, + 0x9a, 0x3b, 0xc0, 0x04, 0x5c, 0x8a, 0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9, + 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b, 0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, + 0x27, 0x3e, 0x66, 0x2c, 0x97, 0xee, 0x72, 0x99, 0x5e, 0xf4, 0x26, 0x40, + 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad, 0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, + 0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe, 0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50, + 0x02, 0x42, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfa, + 0x51, 0x86, 0x87, 0x83, 0xbf, 0x2f, 0x96, 0x6b, 0x7f, 0xcc, 0x01, 0x48, + 0xf7, 0x09, 0xa5, 0xd0, 0x3b, 0xb5, 0xc9, 0xb8, 0x89, 0x9c, 0x47, 0xae, + 0xbb, 0x6f, 0xb7, 0x1e, 0x91, 0x38, 0x64, 0x09, 0x02, 0x01, 0x01, +}; -static void parameter_test(void) +static int parameter_test(void) { - EC_GROUP *group, *group2; - ECPARAMETERS *ecparameters; + EC_GROUP *group = NULL, *group2 = NULL; + ECPARAMETERS *ecparameters = NULL; + unsigned char *buf = NULL; + int r = 0, len; - fprintf(stderr, "\ntesting ecparameters conversion ..."); + if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(NID_secp112r1)) + || !TEST_ptr(ecparameters = EC_GROUP_get_ecparameters(group, NULL)) + || !TEST_ptr(group2 = EC_GROUP_new_from_ecparameters(ecparameters)) + || !TEST_int_eq(EC_GROUP_cmp(group, group2, NULL), 0)) + goto err; - group = EC_GROUP_new_by_curve_name(NID_secp112r1); - if (!group) - ABORT; + EC_GROUP_free(group); + group = NULL; + + /* Test the named curve encoding, which should be default. */ + if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(NID_secp521r1)) + || !TEST_true((len = i2d_ECPKParameters(group, &buf)) >= 0) + || !TEST_mem_eq(buf, len, p521_named, sizeof(p521_named))) + goto err; - ecparameters = EC_GROUP_get_ecparameters(group, NULL); - if (!ecparameters) - ABORT; - group2 = EC_GROUP_new_from_ecparameters(ecparameters); - if (!group2) - ABORT; - if (EC_GROUP_cmp(group, group2, NULL)) - ABORT; + OPENSSL_free(buf); + buf = NULL; - fprintf(stderr, " ok\n"); + /* + * Test the explicit encoding. P-521 requires correctly zero-padding the + * curve coefficients. + */ + EC_GROUP_set_asn1_flag(group, OPENSSL_EC_EXPLICIT_CURVE); + if (!TEST_true((len = i2d_ECPKParameters(group, &buf)) >= 0) + || !TEST_mem_eq(buf, len, p521_explicit, sizeof(p521_explicit))) + goto err; + r = 1; +err: EC_GROUP_free(group); EC_GROUP_free(group2); ECPARAMETERS_free(ecparameters); + OPENSSL_free(buf); + return r; } +#endif -static const char rnd_seed[] = - "string to make the random number generator think it has entropy"; - -int main(int argc, char *argv[]) +int setup_tests(void) { - char *p; - - p = getenv("OPENSSL_DEBUG_MEMORY"); - if (p != NULL && strcmp(p, "on") == 0) - CRYPTO_set_mem_debug(1); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - - RAND_seed(rnd_seed, sizeof(rnd_seed)); /* or BN_generate_prime may fail */ +#ifndef OPENSSL_NO_EC + crv_len = EC_get_builtin_curves(NULL, 0); + if (!TEST_ptr(curves = OPENSSL_malloc(sizeof(*curves) * crv_len)) + || !TEST_true(EC_get_builtin_curves(curves, crv_len))) + return 0; - prime_field_tests(); - puts(""); + ADD_TEST(parameter_test); + ADD_TEST(prime_field_tests); # ifndef OPENSSL_NO_EC2M - char2_field_tests(); + ADD_TEST(char2_field_tests); + ADD_ALL_TESTS(char2_curve_test, OSSL_NELEM(char2_curve_tests)); # endif # ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 - nistp_tests(); + ADD_ALL_TESTS(nistp_single_test, OSSL_NELEM(nistp_tests_params)); # endif - /* test the internal curves */ - internal_curve_test(); - - parameter_test(); - -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - if (CRYPTO_mem_leaks_fp(stderr) <= 0) - return 1; + ADD_ALL_TESTS(internal_curve_test, crv_len); + ADD_ALL_TESTS(internal_curve_test_method, crv_len); #endif - - return 0; + return 1; } + +void cleanup_tests(void) +{ +#ifndef OPENSSL_NO_EC + OPENSSL_free(curves); #endif +} diff --git a/deps/openssl/openssl/test/enginetest.c b/deps/openssl/openssl/test/enginetest.c index 0a8c1855e2ecaf..be57f1618305c4 100644 --- a/deps/openssl/openssl/test/enginetest.c +++ b/deps/openssl/openssl/test/enginetest.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,36 +9,29 @@ #include #include +#include #include -#ifdef OPENSSL_NO_ENGINE -int main(int argc, char *argv[]) -{ - printf("No ENGINE support\n"); - return (0); -} -#else +# include "testutil.h" + +#ifndef OPENSSL_NO_ENGINE # include # include # include -# include # include -# include +# include static void display_engine_list(void) { ENGINE *h; int loop; - h = ENGINE_get_first(); loop = 0; - printf("listing available engine types\n"); - while (h) { - printf("engine %i, id = \"%s\", name = \"%s\"\n", + for (h = ENGINE_get_first(); h != NULL; h = ENGINE_get_next(h)) { + TEST_info("#%d: id = \"%s\", name = \"%s\"", loop++, ENGINE_get_id(h), ENGINE_get_name(h)); - h = ENGINE_get_next(h); } - printf("end of list\n"); + /* * ENGINE_get_first() increases the struct_ref counter, so we must call * ENGINE_free() to decrease it again @@ -46,6 +39,144 @@ static void display_engine_list(void) ENGINE_free(h); } +#define NUMTOADD 512 + +static int test_engines(void) +{ + ENGINE *block[NUMTOADD]; + char buf[256]; + const char *id, *name; + ENGINE *ptr; + int loop; + int to_return = 0; + ENGINE *new_h1 = NULL; + ENGINE *new_h2 = NULL; + ENGINE *new_h3 = NULL; + ENGINE *new_h4 = NULL; + + memset(block, 0, sizeof(block)); + if (!TEST_ptr(new_h1 = ENGINE_new()) + || !TEST_true(ENGINE_set_id(new_h1, "test_id0")) + || !TEST_true(ENGINE_set_name(new_h1, "First test item")) + || !TEST_ptr(new_h2 = ENGINE_new()) + || !TEST_true(ENGINE_set_id(new_h2, "test_id1")) + || !TEST_true(ENGINE_set_name(new_h2, "Second test item")) + || !TEST_ptr(new_h3 = ENGINE_new()) + || !TEST_true(ENGINE_set_id(new_h3, "test_id2")) + || !TEST_true(ENGINE_set_name(new_h3, "Third test item")) + || !TEST_ptr(new_h4 = ENGINE_new()) + || !TEST_true(ENGINE_set_id(new_h4, "test_id3")) + || !TEST_true(ENGINE_set_name(new_h4, "Fourth test item"))) + goto end; + TEST_info("Engines:"); + display_engine_list(); + + if (!TEST_true(ENGINE_add(new_h1))) + goto end; + TEST_info("Engines:"); + display_engine_list(); + + ptr = ENGINE_get_first(); + if (!TEST_true(ENGINE_remove(ptr))) + goto end; + ENGINE_free(ptr); + TEST_info("Engines:"); + display_engine_list(); + + if (!TEST_true(ENGINE_add(new_h3)) + || !TEST_true(ENGINE_add(new_h2))) + goto end; + TEST_info("Engines:"); + display_engine_list(); + + if (!TEST_true(ENGINE_remove(new_h2))) + goto end; + TEST_info("Engines:"); + display_engine_list(); + + if (!TEST_true(ENGINE_add(new_h4))) + goto end; + TEST_info("Engines:"); + display_engine_list(); + + /* Should fail. */ + if (!TEST_false(ENGINE_add(new_h3))) + goto end; + ERR_clear_error(); + + /* Should fail. */ + if (!TEST_false(ENGINE_remove(new_h2))) + goto end; + ERR_clear_error(); + + if (!TEST_true(ENGINE_remove(new_h3))) + goto end; + TEST_info("Engines:"); + display_engine_list(); + + if (!TEST_true(ENGINE_remove(new_h4))) + goto end; + TEST_info("Engines:"); + display_engine_list(); + + /* + * Depending on whether there's any hardware support compiled in, this + * remove may be destined to fail. + */ + if ((ptr = ENGINE_get_first()) != NULL) { + if (!ENGINE_remove(ptr)) + TEST_info("Remove failed - probably no hardware support present"); + } + ENGINE_free(ptr); + TEST_info("Engines:"); + display_engine_list(); + + if (!TEST_true(ENGINE_add(new_h1)) + || !TEST_true(ENGINE_remove(new_h1))) + goto end; + + TEST_info("About to beef up the engine-type list"); + for (loop = 0; loop < NUMTOADD; loop++) { + sprintf(buf, "id%d", loop); + id = OPENSSL_strdup(buf); + sprintf(buf, "Fake engine type %d", loop); + name = OPENSSL_strdup(buf); + if (!TEST_ptr(block[loop] = ENGINE_new()) + || !TEST_true(ENGINE_set_id(block[loop], id)) + || !TEST_true(ENGINE_set_name(block[loop], name))) + goto end; + } + for (loop = 0; loop < NUMTOADD; loop++) { + if (!TEST_true(ENGINE_add(block[loop]))) { + test_note("Adding stopped at %d, (%s,%s)", + loop, ENGINE_get_id(block[loop]), + ENGINE_get_name(block[loop])); + goto cleanup_loop; + } + } + cleanup_loop: + TEST_info("About to empty the engine-type list"); + while ((ptr = ENGINE_get_first()) != NULL) { + if (!TEST_true(ENGINE_remove(ptr))) + goto end; + ENGINE_free(ptr); + } + for (loop = 0; loop < NUMTOADD; loop++) { + OPENSSL_free((void *)ENGINE_get_id(block[loop])); + OPENSSL_free((void *)ENGINE_get_name(block[loop])); + } + to_return = 1; + + end: + ENGINE_free(new_h1); + ENGINE_free(new_h2); + ENGINE_free(new_h3); + ENGINE_free(new_h4); + for (loop = 0; loop < NUMTOADD; loop++) + ENGINE_free(block[loop]); + return to_return; +} + /* Test EVP_PKEY method */ static EVP_PKEY_METHOD *test_rsa = NULL; @@ -118,123 +249,91 @@ static int test_redirect(void) int to_return = 0; - printf("\nRedirection test\n"); - - if ((pkey = get_test_pkey()) == NULL) { - printf("Get test key failed\n"); + if (!TEST_ptr(pkey = get_test_pkey())) goto err; - } len = EVP_PKEY_size(pkey); - if ((tmp = OPENSSL_malloc(len)) == NULL) { - printf("Buffer alloc failed\n"); + if (!TEST_ptr(tmp = OPENSSL_malloc(len))) goto err; - } - if ((ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) { - printf("Key context allocation failure\n"); + if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL))) goto err; - } - printf("EVP_PKEY_encrypt test: no redirection\n"); + TEST_info("EVP_PKEY_encrypt test: no redirection"); /* Encrypt some data: should succeed but not be redirected */ - if (EVP_PKEY_encrypt_init(ctx) <= 0 - || EVP_PKEY_encrypt(ctx, tmp, &len, pt, sizeof(pt)) <= 0 - || called_encrypt) { - printf("Test encryption failure\n"); + if (!TEST_int_gt(EVP_PKEY_encrypt_init(ctx), 0) + || !TEST_int_gt(EVP_PKEY_encrypt(ctx, tmp, &len, pt, sizeof(pt)), 0) + || !TEST_false(called_encrypt)) goto err; - } EVP_PKEY_CTX_free(ctx); ctx = NULL; /* Create a test ENGINE */ - if ((e = ENGINE_new()) == NULL - || !ENGINE_set_id(e, "Test redirect engine") - || !ENGINE_set_name(e, "Test redirect engine")) { - printf("Redirection engine setup failure\n"); + if (!TEST_ptr(e = ENGINE_new()) + || !TEST_true(ENGINE_set_id(e, "Test redirect engine")) + || !TEST_true(ENGINE_set_name(e, "Test redirect engine"))) goto err; - } /* * Try to create a context for this engine and test key. * Try setting test key engine. Both should fail because the * engine has no public key methods. */ - if (EVP_PKEY_CTX_new(pkey, e) != NULL - || EVP_PKEY_set1_engine(pkey, e) > 0) { - printf("Unexpected redirection success\n"); + if (!TEST_ptr_null(EVP_PKEY_CTX_new(pkey, e)) + || !TEST_int_le(EVP_PKEY_set1_engine(pkey, e), 0)) goto err; - } /* Setup an empty test EVP_PKEY_METHOD and set callback to return it */ - if ((test_rsa = EVP_PKEY_meth_new(EVP_PKEY_RSA, 0)) == NULL) { - printf("Test RSA algorithm setup failure\n"); + if (!TEST_ptr(test_rsa = EVP_PKEY_meth_new(EVP_PKEY_RSA, 0))) goto err; - } ENGINE_set_pkey_meths(e, test_pkey_meths); /* Getting a context for test ENGINE should now succeed */ - if ((ctx = EVP_PKEY_CTX_new(pkey, e)) == NULL) { - printf("Redirected context allocation failed\n"); + if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, e))) goto err; - } /* Encrypt should fail because operation is not supported */ - if (EVP_PKEY_encrypt_init(ctx) > 0) { - printf("Encryption redirect unexpected success\n"); + if (!TEST_int_le(EVP_PKEY_encrypt_init(ctx), 0)) goto err; - } EVP_PKEY_CTX_free(ctx); ctx = NULL; /* Add test encrypt operation to method */ EVP_PKEY_meth_set_encrypt(test_rsa, 0, test_encrypt); - printf("EVP_PKEY_encrypt test: redirection via EVP_PKEY_CTX_new()\n"); - if ((ctx = EVP_PKEY_CTX_new(pkey, e)) == NULL) { - printf("Redirected context allocation failed\n"); + TEST_info("EVP_PKEY_encrypt test: redirection via EVP_PKEY_CTX_new()"); + if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, e))) goto err; - } /* Encrypt some data: should succeed and be redirected */ - if (EVP_PKEY_encrypt_init(ctx) <= 0 - || EVP_PKEY_encrypt(ctx, tmp, &len, pt, sizeof(pt)) <= 0 - || !called_encrypt) { - printf("Redirected key context encryption failed\n"); + if (!TEST_int_gt(EVP_PKEY_encrypt_init(ctx), 0) + || !TEST_int_gt(EVP_PKEY_encrypt(ctx, tmp, &len, pt, sizeof(pt)), 0) + || !TEST_true(called_encrypt)) goto err; - } EVP_PKEY_CTX_free(ctx); ctx = NULL; called_encrypt = 0; - printf("EVP_PKEY_encrypt test: check default operation not redirected\n"); - /* Create context with default engine: should not be redirected */ - if ((ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL - || EVP_PKEY_encrypt_init(ctx) <= 0 - || EVP_PKEY_encrypt(ctx, tmp, &len, pt, sizeof(pt)) <= 0 - || called_encrypt) { - printf("Unredirected key context encryption failed\n"); + if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)) + || !TEST_int_gt(EVP_PKEY_encrypt_init(ctx), 0) + || !TEST_int_gt(EVP_PKEY_encrypt(ctx, tmp, &len, pt, sizeof(pt)), 0) + || !TEST_false(called_encrypt)) goto err; - } EVP_PKEY_CTX_free(ctx); ctx = NULL; /* Set engine explicitly for test key */ - if (!EVP_PKEY_set1_engine(pkey, e)) { - printf("Key engine set failed\n"); + if (!TEST_true(EVP_PKEY_set1_engine(pkey, e))) goto err; - } - printf("EVP_PKEY_encrypt test: redirection via EVP_PKEY_set1_engine()\n"); + TEST_info("EVP_PKEY_encrypt test: redirection via EVP_PKEY_set1_engine()"); /* Create context with default engine: should be redirected now */ - if ((ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL - || EVP_PKEY_encrypt_init(ctx) <= 0 - || EVP_PKEY_encrypt(ctx, tmp, &len, pt, sizeof(pt)) <= 0 - || !called_encrypt) { - printf("Key redirection failure\n"); + if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)) + || !TEST_int_gt(EVP_PKEY_encrypt_init(ctx), 0) + || !TEST_int_gt(EVP_PKEY_encrypt(ctx, tmp, &len, pt, sizeof(pt)), 0) + || !TEST_true(called_encrypt)) goto err; - } to_return = 1; @@ -245,164 +344,15 @@ static int test_redirect(void) OPENSSL_free(tmp); return to_return; } +#endif -int main(int argc, char *argv[]) +int setup_tests(void) { - ENGINE *block[512]; - char buf[256]; - const char *id, *name, *p; - ENGINE *ptr; - int loop; - int to_return = 1; - ENGINE *new_h1 = NULL; - ENGINE *new_h2 = NULL; - ENGINE *new_h3 = NULL; - ENGINE *new_h4 = NULL; - - p = getenv("OPENSSL_DEBUG_MEMORY"); - if (p != NULL && strcmp(p, "on") == 0) - CRYPTO_set_mem_debug(1); - - memset(block, 0, sizeof(block)); - if (((new_h1 = ENGINE_new()) == NULL) || - !ENGINE_set_id(new_h1, "test_id0") || - !ENGINE_set_name(new_h1, "First test item") || - ((new_h2 = ENGINE_new()) == NULL) || - !ENGINE_set_id(new_h2, "test_id1") || - !ENGINE_set_name(new_h2, "Second test item") || - ((new_h3 = ENGINE_new()) == NULL) || - !ENGINE_set_id(new_h3, "test_id2") || - !ENGINE_set_name(new_h3, "Third test item") || - ((new_h4 = ENGINE_new()) == NULL) || - !ENGINE_set_id(new_h4, "test_id3") || - !ENGINE_set_name(new_h4, "Fourth test item")) { - printf("Couldn't set up test ENGINE structures\n"); - goto end; - } - printf("\nenginetest beginning\n\n"); - display_engine_list(); - if (!ENGINE_add(new_h1)) { - printf("Add failed!\n"); - goto end; - } - display_engine_list(); - ptr = ENGINE_get_first(); - if (!ENGINE_remove(ptr)) { - printf("Remove failed!\n"); - goto end; - } - ENGINE_free(ptr); - display_engine_list(); - if (!ENGINE_add(new_h3) || !ENGINE_add(new_h2)) { - printf("Add failed!\n"); - goto end; - } - display_engine_list(); - if (!ENGINE_remove(new_h2)) { - printf("Remove failed!\n"); - goto end; - } - display_engine_list(); - if (!ENGINE_add(new_h4)) { - printf("Add failed!\n"); - goto end; - } - display_engine_list(); - if (ENGINE_add(new_h3)) { - printf("Add *should* have failed but didn't!\n"); - goto end; - } else - printf("Add that should fail did.\n"); - ERR_clear_error(); - if (ENGINE_remove(new_h2)) { - printf("Remove *should* have failed but didn't!\n"); - goto end; - } else - printf("Remove that should fail did.\n"); - ERR_clear_error(); - if (!ENGINE_remove(new_h3)) { - printf("Remove failed!\n"); - goto end; - } - display_engine_list(); - if (!ENGINE_remove(new_h4)) { - printf("Remove failed!\n"); - goto end; - } - display_engine_list(); - /* - * Depending on whether there's any hardware support compiled in, this - * remove may be destined to fail. - */ - ptr = ENGINE_get_first(); - if (ptr) - if (!ENGINE_remove(ptr)) - printf("Remove failed!i - probably no hardware " - "support present.\n"); - ENGINE_free(ptr); - display_engine_list(); - if (!ENGINE_add(new_h1) || !ENGINE_remove(new_h1)) { - printf("Couldn't add and remove to an empty list!\n"); - goto end; - } else - printf("Successfully added and removed to an empty list!\n"); - printf("About to beef up the engine-type list\n"); - for (loop = 0; loop < 512; loop++) { - sprintf(buf, "id%i", loop); - id = OPENSSL_strdup(buf); - sprintf(buf, "Fake engine type %i", loop); - name = OPENSSL_strdup(buf); - if (((block[loop] = ENGINE_new()) == NULL) || - !ENGINE_set_id(block[loop], id) || - !ENGINE_set_name(block[loop], name)) { - printf("Couldn't create block of ENGINE structures.\n" - "I'll probably also core-dump now, damn.\n"); - goto end; - } - } - for (loop = 0; loop < 512; loop++) { - if (!ENGINE_add(block[loop])) { - printf("\nAdding stopped at %i, (%s,%s)\n", - loop, ENGINE_get_id(block[loop]), - ENGINE_get_name(block[loop])); - goto cleanup_loop; - } else - printf("."); - fflush(stdout); - } - cleanup_loop: - printf("\nAbout to empty the engine-type list\n"); - while ((ptr = ENGINE_get_first()) != NULL) { - if (!ENGINE_remove(ptr)) { - printf("\nRemove failed!\n"); - goto end; - } - ENGINE_free(ptr); - printf("."); - fflush(stdout); - } - for (loop = 0; loop < 512; loop++) { - OPENSSL_free((void *)ENGINE_get_id(block[loop])); - OPENSSL_free((void *)ENGINE_get_name(block[loop])); - } - if (!test_redirect()) - goto end; - printf("\nTests completed happily\n"); - to_return = 0; - end: - if (to_return) - ERR_print_errors_fp(stderr); - ENGINE_free(new_h1); - ENGINE_free(new_h2); - ENGINE_free(new_h3); - ENGINE_free(new_h4); - for (loop = 0; loop < 512; loop++) - ENGINE_free(block[loop]); - -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - if (CRYPTO_mem_leaks_fp(stderr) <= 0) - to_return = 1; +#ifdef OPENSSL_NO_ENGINE + TEST_note("No ENGINE support"); +#else + ADD_TEST(test_engines); + ADD_TEST(test_redirect); #endif - return to_return; + return 1; } -#endif diff --git a/deps/openssl/openssl/test/errtest.c b/deps/openssl/openssl/test/errtest.c index df4cddb096dd0c..e464d08bc0cb41 100644 --- a/deps/openssl/openssl/test/errtest.c +++ b/deps/openssl/openssl/test/errtest.c @@ -24,17 +24,16 @@ static int preserves_system_error(void) #if defined(OPENSSL_SYS_WINDOWS) SetLastError(ERROR_INVALID_FUNCTION); ERR_get_error(); - return GetLastError() == ERROR_INVALID_FUNCTION; + return TEST_int_eq(GetLastError(), ERROR_INVALID_FUNCTION); #else errno = EINVAL; ERR_get_error(); - return errno == EINVAL; + return TEST_int_eq(errno, EINVAL); #endif } -int main(int argc, char **argv) +int setup_tests(void) { ADD_TEST(preserves_system_error); - - return run_tests(argv[0]); + return 1; } diff --git a/deps/openssl/openssl/test/evp_extra_test.c b/deps/openssl/openssl/test/evp_extra_test.c index bc02fad4f2f36e..e396b07f5fab8e 100644 --- a/deps/openssl/openssl/test/evp_extra_test.c +++ b/deps/openssl/openssl/test/evp_extra_test.c @@ -16,6 +16,11 @@ #include #include #include +#include +#include +#include "testutil.h" +#include "internal/nelem.h" +#include "internal/evp_int.h" /* * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you @@ -75,6 +80,102 @@ static const unsigned char kExampleRSAKeyDER[] = { 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, }; +/* + * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private + * components are not correct. + */ +static const unsigned char kExampleBadRSAKeyDER[] = { + 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, + 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef, + 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9, + 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4, + 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3, + 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05, + 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26, + 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0, + 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33, + 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66, + 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde, + 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa, + 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53, + 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c, + 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75, + 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7, + 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c, + 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a, + 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87, + 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd, + 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0, + 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18, + 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, + 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5, + 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06, + 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0, + 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75, + 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1, + 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00, + 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd, + 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29, + 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5, + 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05, + 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e, + 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf, + 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d, + 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb, + 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5, + 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef, + 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9, + 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2, + 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7, + 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff, + 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99, + 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78, + 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb, + 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35, + 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46, + 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6, + 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f, + 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56, + 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d, + 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55, + 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20, + 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6, + 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81, + 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a, + 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e, + 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3, + 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1, + 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6, + 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77, + 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a, + 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d, + 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b, + 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a, + 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf, + 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28, + 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12, + 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd, + 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a, + 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5, + 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e, + 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b, + 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84, + 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e, + 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97, + 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81, + 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b, + 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6, + 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74, + 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e, + 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9, + 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98, + 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05, + 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef, + 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf, + 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69, + 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce, +}; + static const unsigned char kMsg[] = { 1, 2, 3, 4 }; static const unsigned char kSignature[] = { @@ -185,7 +286,53 @@ static const unsigned char kExampleBadECKeyDER[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51 }; + +/* prime256v1 */ +static const unsigned char kExampleECPubKeyDER[] = { + 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, + 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53, + 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8, + 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7, + 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b, + 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20, + 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5 +}; + +static const unsigned char pExampleECParamDER[] = { + 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 +}; +#endif + +typedef struct APK_DATA_st { + const unsigned char *kder; + size_t size; + int evptype; + int check; + int pub_check; + int param_check; + int type; /* 0 for private, 1 for public, 2 for params */ +} APK_DATA; + +static APK_DATA keydata[] = { + {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA}, + {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA}, +#ifndef OPENSSL_NO_EC + {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC} +#endif +}; + +static APK_DATA keycheckdata[] = { + {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, -2, -2, 0}, + {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), EVP_PKEY_RSA, + 0, -2, -2, 0}, +#ifndef OPENSSL_NO_EC + {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC, 1, 1, 1, 0}, + /* group is also associated in our pub key */ + {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), EVP_PKEY_EC, 0, 1, 1, 1}, + {pExampleECParamDER, sizeof(pExampleECParamDER), EVP_PKEY_EC, 0, 0, 1, 2} #endif +}; static EVP_PKEY *load_example_rsa_key(void) { @@ -194,73 +341,104 @@ static EVP_PKEY *load_example_rsa_key(void) EVP_PKEY *pkey = NULL; RSA *rsa = NULL; - if (!d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER))) { + if (!TEST_true(d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER)))) return NULL; - } - pkey = EVP_PKEY_new(); - if (pkey == NULL || !EVP_PKEY_set1_RSA(pkey, rsa)) { - goto out; - } + if (!TEST_ptr(pkey = EVP_PKEY_new()) + || !TEST_true(EVP_PKEY_set1_RSA(pkey, rsa))) + goto end; ret = pkey; pkey = NULL; - out: +end: EVP_PKEY_free(pkey); RSA_free(rsa); return ret; } +static int test_EVP_Enveloped(void) +{ + int ret = 0; + EVP_CIPHER_CTX *ctx = NULL; + EVP_PKEY *keypair = NULL; + unsigned char *kek = NULL; + unsigned char iv[EVP_MAX_IV_LENGTH]; + static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 }; + int len, kek_len, ciphertext_len, plaintext_len; + unsigned char ciphertext[32], plaintext[16]; + const EVP_CIPHER *type = EVP_aes_256_cbc(); + + if (!TEST_ptr(keypair = load_example_rsa_key()) + || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair))) + || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()) + || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv, + &keypair, 1)) + || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len, + msg, sizeof(msg))) + || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len, + &len))) + goto err; + + ciphertext_len += len; + + if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair)) + || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len, + ciphertext, ciphertext_len)) + || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len))) + goto err; + + plaintext_len += len; + if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len)) + goto err; + + ret = 1; +err: + OPENSSL_free(kek); + EVP_PKEY_free(keypair); + EVP_CIPHER_CTX_free(ctx); + return ret; +} + + static int test_EVP_DigestSignInit(void) { int ret = 0; EVP_PKEY *pkey = NULL; unsigned char *sig = NULL; size_t sig_len = 0; - EVP_MD_CTX *md_ctx, *md_ctx_verify; + EVP_MD_CTX *md_ctx, *md_ctx_verify = NULL; - md_ctx = EVP_MD_CTX_new(); - md_ctx_verify = EVP_MD_CTX_new(); - if (md_ctx == NULL || md_ctx_verify == NULL) + if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()) + || !TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()) + || !TEST_ptr(pkey = load_example_rsa_key())) goto out; - pkey = load_example_rsa_key(); - if (pkey == NULL || - !EVP_DigestSignInit(md_ctx, NULL, EVP_sha256(), NULL, pkey) || - !EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))) { + if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sha256(), NULL, pkey)) + || !TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg)))) goto out; - } + /* Determine the size of the signature. */ - if (!EVP_DigestSignFinal(md_ctx, NULL, &sig_len)) { + if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)) + || !TEST_size_t_eq(sig_len, (size_t)EVP_PKEY_size(pkey))) goto out; - } - /* Sanity check for testing. */ - if (sig_len != (size_t)EVP_PKEY_size(pkey)) { - fprintf(stderr, "sig_len mismatch\n"); - goto out; - } - sig = OPENSSL_malloc(sig_len); - if (sig == NULL || !EVP_DigestSignFinal(md_ctx, sig, &sig_len)) { + if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)) + || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len))) goto out; - } /* Ensure that the signature round-trips. */ - if (!EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sha256(), NULL, pkey) - || !EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg)) - || !EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)) { + if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sha256(), + NULL, pkey)) + || !TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, + kMsg, sizeof(kMsg))) + || !TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len))) goto out; - } ret = 1; out: - if (!ret) { - ERR_print_errors_fp(stderr); - } - EVP_MD_CTX_free(md_ctx); EVP_MD_CTX_free(md_ctx_verify); EVP_PKEY_free(pkey); @@ -273,100 +451,48 @@ static int test_EVP_DigestVerifyInit(void) { int ret = 0; EVP_PKEY *pkey = NULL; - EVP_MD_CTX *md_ctx; + EVP_MD_CTX *md_ctx = NULL; - md_ctx = EVP_MD_CTX_new(); + if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()) + || !TEST_ptr(pkey = load_example_rsa_key())) + goto out; - pkey = load_example_rsa_key(); - if (pkey == NULL || - !EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey) || - !EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)) || - !EVP_DigestVerifyFinal(md_ctx, kSignature, sizeof(kSignature))) { + if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey)) + || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg))) + || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature, + sizeof(kSignature)))) goto out; - } ret = 1; out: - if (!ret) { - ERR_print_errors_fp(stderr); - } - EVP_MD_CTX_free(md_ctx); EVP_PKEY_free(pkey); - return ret; } -static int test_d2i_AutoPrivateKey(const unsigned char *input, - size_t input_len, int expected_id) +static int test_d2i_AutoPrivateKey(int i) { int ret = 0; const unsigned char *p; EVP_PKEY *pkey = NULL; + const APK_DATA *ak = &keydata[i]; + const unsigned char *input = ak->kder; + size_t input_len = ak->size; + int expected_id = ak->evptype; p = input; - pkey = d2i_AutoPrivateKey(NULL, &p, input_len); - if (pkey == NULL || p != input + input_len) { - fprintf(stderr, "d2i_AutoPrivateKey failed\n"); + if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len)) + || !TEST_ptr_eq(p, input + input_len) + || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id)) goto done; - } - - if (EVP_PKEY_id(pkey) != expected_id) { - fprintf(stderr, "Did not decode expected type\n"); - goto done; - } ret = 1; done: - if (!ret) { - ERR_print_errors_fp(stderr); - } - EVP_PKEY_free(pkey); return ret; } -static int test_EVP_Enveloped(void) -{ - int ret = 0; - EVP_CIPHER_CTX *ctx = NULL; - EVP_PKEY *keypair = NULL; - unsigned char *kek = NULL; - int kek_len; - unsigned char iv[EVP_MAX_IV_LENGTH]; - static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 }; - int len, ciphertext_len, plaintext_len; - unsigned char ciphertext[32], plaintext[16]; - const EVP_CIPHER *type = EVP_aes_256_cbc(); - - if ((keypair = load_example_rsa_key()) == NULL - || (kek = OPENSSL_zalloc(EVP_PKEY_size(keypair))) == NULL - || (ctx = EVP_CIPHER_CTX_new()) == NULL - || !EVP_SealInit(ctx, type, &kek, &kek_len, iv, &keypair, 1) - || !EVP_SealUpdate(ctx, ciphertext, &ciphertext_len, - msg, sizeof(msg)) - || !EVP_SealFinal(ctx, ciphertext + ciphertext_len, &len)) - goto err; - - ciphertext_len += len; - if (!EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair) - || !EVP_OpenUpdate(ctx, plaintext, &plaintext_len, - ciphertext, ciphertext_len) - || !EVP_OpenFinal(ctx, plaintext + plaintext_len, &len) - || (plaintext_len += len) != sizeof(msg) - || memcmp(msg, plaintext, sizeof(msg)) != 0) - goto err; - - ret = 1; - -err: - OPENSSL_free(kek); - EVP_PKEY_free(keypair); - EVP_CIPHER_CTX_free(ctx); - return ret; -} - #ifndef OPENSSL_NO_EC /* Tests loading a bad key in PKCS8 format */ static int test_EVP_PKCS82PKEY(void) @@ -376,18 +502,16 @@ static int test_EVP_PKCS82PKEY(void) PKCS8_PRIV_KEY_INFO *p8inf = NULL; EVP_PKEY *pkey = NULL; - p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp, sizeof(kExampleBadECKeyDER)); + if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp, + sizeof(kExampleBadECKeyDER)))) + goto done; - if (!p8inf || derp != kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)) { - fprintf(stderr, "Failed to parse key\n"); + if (!TEST_ptr_eq(derp, + kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER))) goto done; - } - pkey = EVP_PKCS82PKEY(p8inf); - if (pkey) { - fprintf(stderr, "Imported invalid EC key\n"); + if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf))) goto done; - } ret = 1; @@ -399,57 +523,469 @@ static int test_EVP_PKCS82PKEY(void) } #endif -int main(void) +#ifndef OPENSSL_NO_SM2 + +static int test_EVP_SM2_verify(void) { - CRYPTO_set_mem_debug(1); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + /* From https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02#appendix-A */ + const char *pubkey = + "-----BEGIN PUBLIC KEY-----\n" + "MIIBMzCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEAhULWnkwETxjouSQ1\n" + "v2/33kVyg5FcRVF9ci7biwjx38MwRAQgeHlotPoyw/0kF4Quc7v+/y88hItoMdfg\n" + "7GUiizk35JgEIGPkxtOyOwyEnPhCQUhL/kj2HVmlsWugbm4S0donxSSaBEEEQh3r\n" + "1hti6rZ0ZDTrw8wxXjIiCzut1QvcTE5sFH/t1D0GgFEry7QsB9RzSdIVO3DE5df9\n" + "/L+jbqGoWEG55G4JogIhAIVC1p5MBE8Y6LkkNb9v990pdyBjBIVijVrnTufDLnm3\n" + "AgEBA0IABArkx3mKoPEZRxvuEYJb5GICu3nipYRElel8BP9N8lSKfAJA+I8c1OFj\n" + "Uqc8F7fxbwc1PlOhdtaEqf4Ma7eY6Fc=\n" + "-----END PUBLIC KEY-----\n"; + + const char *msg = "message digest"; + const char *id = "ALICE123@YAHOO.COM"; + + const uint8_t signature[] = { + 0x30, 0x44, 0x02, 0x20, + + 0x40, 0xF1, 0xEC, 0x59, 0xF7, 0x93, 0xD9, 0xF4, 0x9E, 0x09, 0xDC, + 0xEF, 0x49, 0x13, 0x0D, 0x41, 0x94, 0xF7, 0x9F, 0xB1, 0xEE, 0xD2, + 0xCA, 0xA5, 0x5B, 0xAC, 0xDB, 0x49, 0xC4, 0xE7, 0x55, 0xD1, + + 0x02, 0x20, + + 0x6F, 0xC6, 0xDA, 0xC3, 0x2C, 0x5D, 0x5C, 0xF1, 0x0C, 0x77, 0xDF, + 0xB2, 0x0F, 0x7C, 0x2E, 0xB6, 0x67, 0xA4, 0x57, 0x87, 0x2F, 0xB0, + 0x9E, 0xC5, 0x63, 0x27, 0xA6, 0x7E, 0xC7, 0xDE, 0xEB, 0xE7 + }; + + int rc = 0; + BIO *bio = NULL; + EVP_PKEY *pkey = NULL; + EVP_MD_CTX *mctx = NULL; + EVP_PKEY_CTX *pctx = NULL; + bio = BIO_new_mem_buf(pubkey, strlen(pubkey)); + if (!TEST_true(bio != NULL)) + goto done; - if (!test_EVP_DigestSignInit()) { - fprintf(stderr, "EVP_DigestSignInit failed\n"); - return 1; - } + pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL); + if (!TEST_true(pkey != NULL)) + goto done; - if (!test_EVP_DigestVerifyInit()) { - fprintf(stderr, "EVP_DigestVerifyInit failed\n"); - return 1; - } + if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2))) + goto done; - if (!test_d2i_AutoPrivateKey(kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), - EVP_PKEY_RSA)) { - fprintf(stderr, "d2i_AutoPrivateKey(kExampleRSAKeyDER) failed\n"); - return 1; - } + if (!TEST_ptr(mctx = EVP_MD_CTX_new())) + goto done; - if (!test_d2i_AutoPrivateKey - (kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA)) { - fprintf(stderr, "d2i_AutoPrivateKey(kExampleRSAKeyPKCS8) failed\n"); - return 1; - } + if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL))) + goto done; - if (!test_EVP_Enveloped()) { - fprintf(stderr, "test_EVP_Enveloped failed\n"); - return 1; - } + if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, (const uint8_t *)id, + strlen(id)), 0)) + goto done; + + EVP_MD_CTX_set_pkey_ctx(mctx, pctx); + + if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey))) + goto done; + + if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg)))) + goto done; + + if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)))) + goto done; + rc = 1; + + done: + BIO_free(bio); + EVP_PKEY_free(pkey); + EVP_PKEY_CTX_free(pctx); + EVP_MD_CTX_free(mctx); + return rc; +} + +static int test_EVP_SM2(void) +{ + int ret = 0; + EVP_PKEY *pkey = NULL; + EVP_PKEY *params = NULL; + EVP_PKEY_CTX *pctx = NULL; + EVP_PKEY_CTX *kctx = NULL; + EVP_PKEY_CTX *sctx = NULL; + size_t sig_len = 0; + unsigned char *sig = NULL; + EVP_MD_CTX *md_ctx = NULL; + EVP_MD_CTX *md_ctx_verify = NULL; + EVP_PKEY_CTX *cctx = NULL; + + uint8_t ciphertext[128]; + size_t ctext_len = sizeof(ciphertext); + + uint8_t plaintext[8]; + size_t ptext_len = sizeof(plaintext); + + uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'}; + + pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL); + if (!TEST_ptr(pctx)) + goto done; + + if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1)) + goto done; + + if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2))) + goto done; + + if (!TEST_true(EVP_PKEY_paramgen(pctx, ¶ms))) + goto done; + + kctx = EVP_PKEY_CTX_new(params, NULL); + if (!TEST_ptr(kctx)) + goto done; + + if (!TEST_true(EVP_PKEY_keygen_init(kctx))) + goto done; + + if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey))) + goto done; + + if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2))) + goto done; + + if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())) + goto done; + + if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new())) + goto done; + + if (!TEST_ptr(sctx = EVP_PKEY_CTX_new(pkey, NULL))) + goto done; + + EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx); + EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx); + + if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0)) + goto done; + if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sm3(), NULL, pkey))) + goto done; + + if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg)))) + goto done; + + /* Determine the size of the signature. */ + if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))) + goto done; + + if (!TEST_size_t_eq(sig_len, (size_t)EVP_PKEY_size(pkey))) + goto done; + + if (!TEST_ptr(sig = OPENSSL_malloc(sig_len))) + goto done; + + if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len))) + goto done; + + /* Ensure that the signature round-trips. */ + + if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sm3(), NULL, pkey))) + goto done; + + if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg)))) + goto done; + + if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len))) + goto done; + + /* now check encryption/decryption */ + + if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL))) + goto done; + + if (!TEST_true(EVP_PKEY_encrypt_init(cctx))) + goto done; + + if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg, sizeof(kMsg)))) + goto done; + + if (!TEST_true(EVP_PKEY_decrypt_init(cctx))) + goto done; + + if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext, ctext_len))) + goto done; + + if (!TEST_true(ptext_len == sizeof(kMsg))) + goto done; + + if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0)) + goto done; + + ret = 1; +done: + EVP_PKEY_CTX_free(pctx); + EVP_PKEY_CTX_free(kctx); + EVP_PKEY_CTX_free(sctx); + EVP_PKEY_CTX_free(cctx); + EVP_PKEY_free(pkey); + EVP_PKEY_free(params); + EVP_MD_CTX_free(md_ctx); + EVP_MD_CTX_free(md_ctx_verify); + OPENSSL_free(sig); + return ret; +} + +#endif + +static struct keys_st { + int type; + char *priv; + char *pub; +} keys[] = { + { + EVP_PKEY_HMAC, "0123456789", NULL + }, { + EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL + }, { + EVP_PKEY_SIPHASH, "0123456789012345", NULL + }, #ifndef OPENSSL_NO_EC - if (!test_d2i_AutoPrivateKey(kExampleECKeyDER, sizeof(kExampleECKeyDER), - EVP_PKEY_EC)) { - fprintf(stderr, "d2i_AutoPrivateKey(kExampleECKeyDER) failed\n"); - return 1; + { + EVP_PKEY_X25519, "01234567890123456789012345678901", + "abcdefghijklmnopqrstuvwxyzabcdef" + }, { + EVP_PKEY_ED25519, "01234567890123456789012345678901", + "abcdefghijklmnopqrstuvwxyzabcdef" + }, { + EVP_PKEY_X448, + "01234567890123456789012345678901234567890123456789012345", + "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd" + }, { + EVP_PKEY_ED448, + "012345678901234567890123456789012345678901234567890123456", + "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde" } +#endif +}; - if (!test_EVP_PKCS82PKEY()) { - fprintf(stderr, "test_EVP_PKCS82PKEY failed\n"); +static int test_set_get_raw_keys_int(int tst, int pub) +{ + int ret = 0; + unsigned char buf[80]; + unsigned char *in; + size_t inlen, len = 0; + EVP_PKEY *pkey; + + /* Check if this algorithm supports public keys */ + if (keys[tst].pub == NULL) return 1; + + memset(buf, 0, sizeof(buf)); + + if (pub) { + inlen = strlen(keys[tst].pub); + in = (unsigned char *)keys[tst].pub; + pkey = EVP_PKEY_new_raw_public_key(keys[tst].type, + NULL, + in, + inlen); + } else { + inlen = strlen(keys[tst].priv); + in = (unsigned char *)keys[tst].priv; + pkey = EVP_PKEY_new_raw_private_key(keys[tst].type, + NULL, + in, + inlen); } + + if (!TEST_ptr(pkey) + || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len))) + || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len))) + || !TEST_true(len == inlen) + || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len))) + || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len))) + || !TEST_mem_eq(in, inlen, buf, len)) + goto done; + + ret = 1; + done: + EVP_PKEY_free(pkey); + return ret; +} + +static int test_set_get_raw_keys(int tst) +{ + return test_set_get_raw_keys_int(tst, 0) + && test_set_get_raw_keys_int(tst, 1); +} + +static int pkey_custom_check(EVP_PKEY *pkey) +{ + return 0xbeef; +} + +static int pkey_custom_pub_check(EVP_PKEY *pkey) +{ + return 0xbeef; +} + +static int pkey_custom_param_check(EVP_PKEY *pkey) +{ + return 0xbeef; +} + +static EVP_PKEY_METHOD *custom_pmeth; + +static int test_EVP_PKEY_check(int i) +{ + int ret = 0; + const unsigned char *p; + EVP_PKEY *pkey = NULL; +#ifndef OPENSSL_NO_EC + EC_KEY *eckey = NULL; #endif + EVP_PKEY_CTX *ctx = NULL; + EVP_PKEY_CTX *ctx2 = NULL; + const APK_DATA *ak = &keycheckdata[i]; + const unsigned char *input = ak->kder; + size_t input_len = ak->size; + int expected_id = ak->evptype; + int expected_check = ak->check; + int expected_pub_check = ak->pub_check; + int expected_param_check = ak->param_check; + int type = ak->type; + BIO *pubkey = NULL; -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - if (CRYPTO_mem_leaks_fp(stderr) <= 0) - return 1; + p = input; + + switch (type) { + case 0: + if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len)) + || !TEST_ptr_eq(p, input + input_len) + || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id)) + goto done; + break; +#ifndef OPENSSL_NO_EC + case 1: + if (!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len)) + || !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL)) + || !TEST_ptr(pkey = EVP_PKEY_new()) + || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey))) + goto done; + break; + case 2: + if (!TEST_ptr(eckey = d2i_ECParameters(NULL, &p, input_len)) + || !TEST_ptr_eq(p, input + input_len) + || !TEST_ptr(pkey = EVP_PKEY_new()) + || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey))) + goto done; + break; #endif + default: + return 0; + } + + if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL))) + goto done; + + if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check)) + goto done; + + if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check)) + goto done; + + if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check)) + goto done; + + ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL); + /* assign the pkey directly, as an internal test */ + EVP_PKEY_up_ref(pkey); + ctx2->pkey = pkey; + + if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef)) + goto done; + + if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef)) + goto done; + + if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef)) + goto done; + + ret = 1; - printf("PASS\n"); - return 0; + done: + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_CTX_free(ctx2); + EVP_PKEY_free(pkey); + BIO_free(pubkey); + return ret; +} + +static int test_HKDF(void) +{ + EVP_PKEY_CTX *pctx; + unsigned char out[20]; + size_t outlen; + int i, ret = 0; + unsigned char salt[] = "0123456789"; + unsigned char key[] = "012345678901234567890123456789"; + unsigned char info[] = "infostring"; + const unsigned char expected[] = { + 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5, + 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca + }; + size_t expectedlen = sizeof(expected); + + if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL))) + goto done; + + /* We do this twice to test reuse of the EVP_PKEY_CTX */ + for (i = 0; i < 2; i++) { + outlen = sizeof(out); + memset(out, 0, outlen); + + if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0) + || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0) + || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, + sizeof(salt) - 1), 0) + || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key, + sizeof(key) - 1), 0) + || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info, + sizeof(info) - 1), 0) + || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0) + || !TEST_mem_eq(out, outlen, expected, expectedlen)) + goto done; + } + + ret = 1; + + done: + EVP_PKEY_CTX_free(pctx); + + return ret; +} + +int setup_tests(void) +{ + ADD_TEST(test_EVP_DigestSignInit); + ADD_TEST(test_EVP_DigestVerifyInit); + ADD_TEST(test_EVP_Enveloped); + ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata)); +#ifndef OPENSSL_NO_EC + ADD_TEST(test_EVP_PKCS82PKEY); +#endif +#ifndef OPENSSL_NO_SM2 + ADD_TEST(test_EVP_SM2); + ADD_TEST(test_EVP_SM2_verify); +#endif + ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys)); + custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0); + if (!TEST_ptr(custom_pmeth)) + return 0; + EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check); + EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check); + EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check); + if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1)) + return 0; + ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata)); + ADD_TEST(test_HKDF); + return 1; } diff --git a/deps/openssl/openssl/test/evp_test.c b/deps/openssl/openssl/test/evp_test.c index ea9455374f482f..e7e376e657a156 100644 --- a/deps/openssl/openssl/test/evp_test.c +++ b/deps/openssl/openssl/test/evp_test.c @@ -18,98 +18,238 @@ #include #include #include "internal/numbers.h" +#include "testutil.h" +#include "evp_test.h" -/* Remove spaces from beginning and end of a string */ -static void remove_space(char **pval) -{ - unsigned char *p = (unsigned char *)*pval; +typedef struct evp_test_method_st EVP_TEST_METHOD; - while (isspace(*p)) - p++; +/* + * Structure holding test information + */ +typedef struct evp_test_st { + STANZA s; /* Common test stanza */ + char *name; + int skip; /* Current test should be skipped */ + const EVP_TEST_METHOD *meth; /* method for this test */ + const char *err, *aux_err; /* Error string for test */ + char *expected_err; /* Expected error value of test */ + char *func; /* Expected error function string */ + char *reason; /* Expected error reason string */ + void *data; /* test specific data */ +} EVP_TEST; - *pval = (char *)p; +/* + * Test method structure + */ +struct evp_test_method_st { + /* Name of test as it appears in file */ + const char *name; + /* Initialise test for "alg" */ + int (*init) (EVP_TEST * t, const char *alg); + /* Clean up method */ + void (*cleanup) (EVP_TEST * t); + /* Test specific name value pair processing */ + int (*parse) (EVP_TEST * t, const char *name, const char *value); + /* Run the test itself */ + int (*run_test) (EVP_TEST * t); +}; - p = p + strlen(*pval) - 1; - /* Remove trailing space */ - while (isspace(*p)) - *p-- = 0; -} +/* + * Linked list of named keys. + */ +typedef struct key_list_st { + char *name; + EVP_PKEY *key; + struct key_list_st *next; +} KEY_LIST; /* - * Given a line of the form: - * name = value # comment - * extract name and value. NB: modifies passed buffer. + * List of public and private keys */ +static KEY_LIST *private_keys; +static KEY_LIST *public_keys; +static int find_key(EVP_PKEY **ppk, const char *name, KEY_LIST *lst); + +static int parse_bin(const char *value, unsigned char **buf, size_t *buflen); -static int parse_line(char **pkw, char **pval, char *linebuf) +/* + * Compare two memory regions for equality, returning zero if they differ. + * However, if there is expected to be an error and the actual error + * matches then the memory is expected to be different so handle this + * case without producing unnecessary test framework output. + */ +static int memory_err_compare(EVP_TEST *t, const char *err, + const void *expected, size_t expected_len, + const void *got, size_t got_len) { - char *p; + int r; + + if (t->expected_err != NULL && strcmp(t->expected_err, err) == 0) + r = !TEST_mem_ne(expected, expected_len, got, got_len); + else + r = TEST_mem_eq(expected, expected_len, got, got_len); + if (!r) + t->err = err; + return r; +} - p = linebuf + strlen(linebuf) - 1; +/* + * Structure used to hold a list of blocks of memory to test + * calls to "update" like functions. + */ +struct evp_test_buffer_st { + unsigned char *buf; + size_t buflen; + size_t count; + int count_set; +}; - if (*p != '\n') { - fprintf(stderr, "FATAL: missing EOL\n"); - exit(1); +static void evp_test_buffer_free(EVP_TEST_BUFFER *db) +{ + if (db != NULL) { + OPENSSL_free(db->buf); + OPENSSL_free(db); } +} + +/* + * append buffer to a list + */ +static int evp_test_buffer_append(const char *value, + STACK_OF(EVP_TEST_BUFFER) **sk) +{ + EVP_TEST_BUFFER *db = NULL; + + if (!TEST_ptr(db = OPENSSL_malloc(sizeof(*db)))) + goto err; + + if (!parse_bin(value, &db->buf, &db->buflen)) + goto err; + db->count = 1; + db->count_set = 0; + + if (*sk == NULL && !TEST_ptr(*sk = sk_EVP_TEST_BUFFER_new_null())) + goto err; + if (!sk_EVP_TEST_BUFFER_push(*sk, db)) + goto err; + + return 1; + +err: + evp_test_buffer_free(db); + return 0; +} + +/* + * replace last buffer in list with copies of itself + */ +static int evp_test_buffer_ncopy(const char *value, + STACK_OF(EVP_TEST_BUFFER) *sk) +{ + EVP_TEST_BUFFER *db; + unsigned char *tbuf, *p; + size_t tbuflen; + int ncopy = atoi(value); + int i; + + if (ncopy <= 0) + return 0; + if (sk == NULL || sk_EVP_TEST_BUFFER_num(sk) == 0) + return 0; + db = sk_EVP_TEST_BUFFER_value(sk, sk_EVP_TEST_BUFFER_num(sk) - 1); + + tbuflen = db->buflen * ncopy; + if (!TEST_ptr(tbuf = OPENSSL_malloc(tbuflen))) + return 0; + for (i = 0, p = tbuf; i < ncopy; i++, p += db->buflen) + memcpy(p, db->buf, db->buflen); - /* Look for # */ + OPENSSL_free(db->buf); + db->buf = tbuf; + db->buflen = tbuflen; + return 1; +} - p = strchr(linebuf, '#'); +/* + * set repeat count for last buffer in list + */ +static int evp_test_buffer_set_count(const char *value, + STACK_OF(EVP_TEST_BUFFER) *sk) +{ + EVP_TEST_BUFFER *db; + int count = atoi(value); - if (p) - *p = '\0'; + if (count <= 0) + return 0; - /* Look for = sign */ - p = strchr(linebuf, '='); + if (sk == NULL || sk_EVP_TEST_BUFFER_num(sk) == 0) + return 0; - /* If no '=' exit */ - if (!p) + db = sk_EVP_TEST_BUFFER_value(sk, sk_EVP_TEST_BUFFER_num(sk) - 1); + if (db->count_set != 0) return 0; - *p++ = '\0'; + db->count = (size_t)count; + db->count_set = 1; + return 1; +} - *pkw = linebuf; - *pval = p; +/* + * call "fn" with each element of the list in turn + */ +static int evp_test_buffer_do(STACK_OF(EVP_TEST_BUFFER) *sk, + int (*fn)(void *ctx, + const unsigned char *buf, + size_t buflen), + void *ctx) +{ + int i; - /* Remove spaces from keyword and value */ - remove_space(pkw); - remove_space(pval); + for (i = 0; i < sk_EVP_TEST_BUFFER_num(sk); i++) { + EVP_TEST_BUFFER *tb = sk_EVP_TEST_BUFFER_value(sk, i); + size_t j; + for (j = 0; j < tb->count; j++) { + if (fn(ctx, tb->buf, tb->buflen) <= 0) + return 0; + } + } return 1; } /* - * Unescape some escape sequences in string literals. - * Return the result in a newly allocated buffer. - * Currently only supports '\n'. - * If the input length is 0, returns a valid 1-byte buffer, but sets - * the length to 0. + * Unescape some sequences in string literals (only \n for now). + * Return an allocated buffer, set |out_len|. If |input_len| + * is zero, get an empty buffer but set length to zero. */ static unsigned char* unescape(const char *input, size_t input_len, size_t *out_len) { unsigned char *ret, *p; size_t i; + if (input_len == 0) { *out_len = 0; return OPENSSL_zalloc(1); } /* Escaping is non-expanding; over-allocate original size for simplicity. */ - ret = p = OPENSSL_malloc(input_len); - if (ret == NULL) + if (!TEST_ptr(ret = p = OPENSSL_malloc(input_len))) return NULL; for (i = 0; i < input_len; i++) { - if (input[i] == '\\') { - if (i == input_len - 1 || input[i+1] != 'n') + if (*input == '\\') { + if (i == input_len - 1 || *++input != 'n') { + TEST_error("Bad escape sequence in file"); goto err; + } *p++ = '\n'; i++; + input++; } else { - *p++ = input[i]; + *p++ = *input++; } } @@ -121,775 +261,270 @@ static unsigned char* unescape(const char *input, size_t input_len, return NULL; } -/* For a hex string "value" convert to a binary allocated buffer */ -static int test_bin(const char *value, unsigned char **buf, size_t *buflen) +/* + * For a hex string "value" convert to a binary allocated buffer. + * Return 1 on success or 0 on failure. + */ +static int parse_bin(const char *value, unsigned char **buf, size_t *buflen) { long len; - *buflen = 0; + /* Check for NULL literal */ + if (strcmp(value, "NULL") == 0) { + *buf = NULL; + *buflen = 0; + return 1; + } /* Check for empty value */ - if (!*value) { + if (*value == '\0') { /* - * Don't return NULL for zero length buffer. - * This is needed for some tests with empty keys: HMAC_Init_ex() expects - * a non-NULL key buffer even if the key length is 0, in order to detect - * key reset. + * Don't return NULL for zero length buffer. This is needed for + * some tests with empty keys: HMAC_Init_ex() expects a non-NULL key + * buffer even if the key length is 0, in order to detect key reset. */ *buf = OPENSSL_malloc(1); - if (!*buf) + if (*buf == NULL) return 0; **buf = 0; *buflen = 0; return 1; } - /* Check for NULL literal */ - if (strcmp(value, "NULL") == 0) { - *buf = NULL; - *buflen = 0; - return 1; - } - /* Check for string literal */ if (value[0] == '"') { - size_t vlen; - value++; - vlen = strlen(value); - if (value[vlen - 1] != '"') + size_t vlen = strlen(++value); + + if (vlen == 0 || value[vlen - 1] != '"') return 0; vlen--; *buf = unescape(value, vlen, buflen); - if (*buf == NULL) - return 0; - return 1; + return *buf == NULL ? 0 : 1; } /* Otherwise assume as hex literal and convert it to binary buffer */ - *buf = OPENSSL_hexstr2buf(value, &len); - if (!*buf) { - fprintf(stderr, "Value=%s\n", value); - ERR_print_errors_fp(stderr); + if (!TEST_ptr(*buf = OPENSSL_hexstr2buf(value, &len))) { + TEST_info("Can't convert %s", value); + TEST_openssl_errors(); return -1; } /* Size of input buffer means we'll never overflow */ *buflen = len; return 1; } -#ifndef OPENSSL_NO_SCRYPT -/* Currently only used by scrypt tests */ -/* Parse unsigned decimal 64 bit integer value */ -static int test_uint64(const char *value, uint64_t *pr) -{ - const char *p = value; - if (!*p) { - fprintf(stderr, "Invalid empty integer value\n"); - return -1; - } - *pr = 0; - while (*p) { - if (*pr > UINT64_MAX/10) { - fprintf(stderr, "Integer string overflow value=%s\n", value); - return -1; - } - *pr *= 10; - if (*p < '0' || *p > '9') { - fprintf(stderr, "Invalid integer string value=%s\n", value); - return -1; - } - *pr += *p - '0'; - p++; - } - return 1; -} -#endif -/* Structure holding test information */ -struct evp_test { - /* file being read */ - BIO *in; - /* temp memory BIO for reading in keys */ - BIO *key; - /* List of public and private keys */ - struct key_list *private; - struct key_list *public; - /* method for this test */ - const struct evp_test_method *meth; - /* current line being processed */ - unsigned int line; - /* start line of current test */ - unsigned int start_line; - /* Error string for test */ - const char *err, *aux_err; - /* Expected error value of test */ - char *expected_err; - /* Expected error function string */ - char *func; - /* Expected error reason string */ - char *reason; - /* Number of tests */ - int ntests; - /* Error count */ - int errors; - /* Number of tests skipped */ - int nskip; - /* If output mismatch expected and got value */ - unsigned char *out_received; - size_t out_received_len; - unsigned char *out_expected; - size_t out_expected_len; - /* test specific data */ - void *data; - /* Current test should be skipped */ - int skip; -}; - -struct key_list { - char *name; - EVP_PKEY *key; - struct key_list *next; -}; -/* Test method structure */ -struct evp_test_method { - /* Name of test as it appears in file */ - const char *name; - /* Initialise test for "alg" */ - int (*init) (struct evp_test * t, const char *alg); - /* Clean up method */ - void (*cleanup) (struct evp_test * t); - /* Test specific name value pair processing */ - int (*parse) (struct evp_test * t, const char *name, const char *value); - /* Run the test itself */ - int (*run_test) (struct evp_test * t); -}; +/** +*** MESSAGE DIGEST TESTS +**/ -static const struct evp_test_method digest_test_method, cipher_test_method; -static const struct evp_test_method mac_test_method; -static const struct evp_test_method psign_test_method, pverify_test_method; -static const struct evp_test_method pdecrypt_test_method; -static const struct evp_test_method pverify_recover_test_method; -static const struct evp_test_method pderive_test_method; -static const struct evp_test_method pbe_test_method; -static const struct evp_test_method encode_test_method; -static const struct evp_test_method kdf_test_method; -static const struct evp_test_method keypair_test_method; - -static const struct evp_test_method *evp_test_list[] = { - &digest_test_method, - &cipher_test_method, - &mac_test_method, - &psign_test_method, - &pverify_test_method, - &pdecrypt_test_method, - &pverify_recover_test_method, - &pderive_test_method, - &pbe_test_method, - &encode_test_method, - &kdf_test_method, - &keypair_test_method, - NULL -}; +typedef struct digest_data_st { + /* Digest this test is for */ + const EVP_MD *digest; + /* Input to digest */ + STACK_OF(EVP_TEST_BUFFER) *input; + /* Expected output */ + unsigned char *output; + size_t output_len; +} DIGEST_DATA; -static const struct evp_test_method *evp_find_test(const char *name) +static int digest_test_init(EVP_TEST *t, const char *alg) { - const struct evp_test_method **tt; + DIGEST_DATA *mdat; + const EVP_MD *digest; - for (tt = evp_test_list; *tt; tt++) { - if (strcmp(name, (*tt)->name) == 0) - return *tt; + if ((digest = EVP_get_digestbyname(alg)) == NULL) { + /* If alg has an OID assume disabled algorithm */ + if (OBJ_sn2nid(alg) != NID_undef || OBJ_ln2nid(alg) != NID_undef) { + t->skip = 1; + return 1; + } + return 0; } - return NULL; + if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat)))) + return 0; + t->data = mdat; + mdat->digest = digest; + return 1; } -static void hex_print(const char *name, const unsigned char *buf, size_t len) +static void digest_test_cleanup(EVP_TEST *t) { - size_t i; - fprintf(stderr, "%s ", name); - for (i = 0; i < len; i++) - fprintf(stderr, "%02X", buf[i]); - fputs("\n", stderr); + DIGEST_DATA *mdat = t->data; + + sk_EVP_TEST_BUFFER_pop_free(mdat->input, evp_test_buffer_free); + OPENSSL_free(mdat->output); } -static void free_expected(struct evp_test *t) +static int digest_test_parse(EVP_TEST *t, + const char *keyword, const char *value) { - OPENSSL_free(t->expected_err); - t->expected_err = NULL; - OPENSSL_free(t->func); - t->func = NULL; - OPENSSL_free(t->reason); - t->reason = NULL; - OPENSSL_free(t->out_expected); - OPENSSL_free(t->out_received); - t->out_expected = NULL; - t->out_received = NULL; - t->out_expected_len = 0; - t->out_received_len = 0; - /* Literals. */ - t->err = NULL; + DIGEST_DATA *mdata = t->data; + + if (strcmp(keyword, "Input") == 0) + return evp_test_buffer_append(value, &mdata->input); + if (strcmp(keyword, "Output") == 0) + return parse_bin(value, &mdata->output, &mdata->output_len); + if (strcmp(keyword, "Count") == 0) + return evp_test_buffer_set_count(value, mdata->input); + if (strcmp(keyword, "Ncopy") == 0) + return evp_test_buffer_ncopy(value, mdata->input); + return 0; } -static void print_expected(struct evp_test *t) +static int digest_update_fn(void *ctx, const unsigned char *buf, size_t buflen) { - if (t->out_expected == NULL && t->out_received == NULL) - return; - hex_print("Expected:", t->out_expected, t->out_expected_len); - hex_print("Got: ", t->out_received, t->out_received_len); - free_expected(t); + return EVP_DigestUpdate(ctx, buf, buflen); } -static int check_test_error(struct evp_test *t) +static int digest_test_run(EVP_TEST *t) { - unsigned long err; - const char *func; - const char *reason; - if (!t->err && !t->expected_err) - return 1; - if (t->err && !t->expected_err) { - if (t->aux_err != NULL) { - fprintf(stderr, "Test line %d(%s): unexpected error %s\n", - t->start_line, t->aux_err, t->err); - } else { - fprintf(stderr, "Test line %d: unexpected error %s\n", - t->start_line, t->err); - } - print_expected(t); - return 0; - } - if (!t->err && t->expected_err) { - fprintf(stderr, "Test line %d: succeeded expecting %s\n", - t->start_line, t->expected_err); - return 0; - } + DIGEST_DATA *expected = t->data; + EVP_MD_CTX *mctx; + unsigned char *got = NULL; + unsigned int got_len; - if (strcmp(t->err, t->expected_err) != 0) { - fprintf(stderr, "Test line %d: expecting %s got %s\n", - t->start_line, t->expected_err, t->err); - return 0; - } + t->err = "TEST_FAILURE"; + if (!TEST_ptr(mctx = EVP_MD_CTX_new())) + goto err; - if (t->func == NULL && t->reason == NULL) - return 1; + got = OPENSSL_malloc(expected->output_len > EVP_MAX_MD_SIZE ? + expected->output_len : EVP_MAX_MD_SIZE); + if (!TEST_ptr(got)) + goto err; - if (t->func == NULL || t->reason == NULL) { - fprintf(stderr, "Test line %d: missing function or reason code\n", - t->start_line); - return 0; + if (!EVP_DigestInit_ex(mctx, expected->digest, NULL)) { + t->err = "DIGESTINIT_ERROR"; + goto err; + } + if (!evp_test_buffer_do(expected->input, digest_update_fn, mctx)) { + t->err = "DIGESTUPDATE_ERROR"; + goto err; } - err = ERR_peek_error(); - if (err == 0) { - fprintf(stderr, "Test line %d, expected error \"%s:%s\" not set\n", - t->start_line, t->func, t->reason); - return 0; + if (EVP_MD_flags(expected->digest) & EVP_MD_FLAG_XOF) { + got_len = expected->output_len; + if (!EVP_DigestFinalXOF(mctx, got, got_len)) { + t->err = "DIGESTFINALXOF_ERROR"; + goto err; + } + } else { + if (!EVP_DigestFinal(mctx, got, &got_len)) { + t->err = "DIGESTFINAL_ERROR"; + goto err; + } + } + if (!TEST_int_eq(expected->output_len, got_len)) { + t->err = "DIGEST_LENGTH_MISMATCH"; + goto err; } + if (!memory_err_compare(t, "DIGEST_MISMATCH", + expected->output, expected->output_len, + got, got_len)) + goto err; - func = ERR_func_error_string(err); - reason = ERR_reason_error_string(err); + t->err = NULL; - if (func == NULL && reason == NULL) { - fprintf(stderr, "Test line %d: expected error \"%s:%s\", no strings available. Skipping...\n", - t->start_line, t->func, t->reason); - return 1; - } + err: + OPENSSL_free(got); + EVP_MD_CTX_free(mctx); + return 1; +} - if (strcmp(func, t->func) == 0 && strcmp(reason, t->reason) == 0) - return 1; +static const EVP_TEST_METHOD digest_test_method = { + "Digest", + digest_test_init, + digest_test_cleanup, + digest_test_parse, + digest_test_run +}; - fprintf(stderr, "Test line %d: expected error \"%s:%s\", got \"%s:%s\"\n", - t->start_line, t->func, t->reason, func, reason); - return 0; -} +/** +*** CIPHER TESTS +**/ -/* Setup a new test, run any existing test */ +typedef struct cipher_data_st { + const EVP_CIPHER *cipher; + int enc; + /* EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE or EVP_CIPH_OCB_MODE if AEAD */ + int aead; + unsigned char *key; + size_t key_len; + unsigned char *iv; + size_t iv_len; + unsigned char *plaintext; + size_t plaintext_len; + unsigned char *ciphertext; + size_t ciphertext_len; + /* GCM, CCM and OCB only */ + unsigned char *aad; + size_t aad_len; + unsigned char *tag; + size_t tag_len; +} CIPHER_DATA; -static int setup_test(struct evp_test *t, const struct evp_test_method *tmeth) +static int cipher_test_init(EVP_TEST *t, const char *alg) { - /* If we already have a test set up run it */ - if (t->meth) { - t->ntests++; - if (t->skip) { - t->nskip++; - } else { - /* run the test */ - if (t->err == NULL && t->meth->run_test(t) != 1) { - fprintf(stderr, "%s test error line %d\n", - t->meth->name, t->start_line); - return 0; - } - if (!check_test_error(t)) { - if (t->err) - ERR_print_errors_fp(stderr); - t->errors++; - } - } - /* clean it up */ - ERR_clear_error(); - if (t->data != NULL) { - t->meth->cleanup(t); - OPENSSL_free(t->data); - t->data = NULL; + const EVP_CIPHER *cipher; + CIPHER_DATA *cdat; + int m; + + if ((cipher = EVP_get_cipherbyname(alg)) == NULL) { + /* If alg has an OID assume disabled algorithm */ + if (OBJ_sn2nid(alg) != NID_undef || OBJ_ln2nid(alg) != NID_undef) { + t->skip = 1; + return 1; } - OPENSSL_free(t->expected_err); - t->expected_err = NULL; - free_expected(t); + return 0; } - t->meth = tmeth; - return 1; -} - -static int find_key(EVP_PKEY **ppk, const char *name, struct key_list *lst) -{ - for (; lst; lst = lst->next) { - if (strcmp(lst->name, name) == 0) { - if (ppk) - *ppk = lst->key; - return 1; - } - } - return 0; -} - -static void free_key_list(struct key_list *lst) -{ - while (lst != NULL) { - struct key_list *ltmp; - EVP_PKEY_free(lst->key); - OPENSSL_free(lst->name); - ltmp = lst->next; - OPENSSL_free(lst); - lst = ltmp; - } -} - -static int check_unsupported() -{ - long err = ERR_peek_error(); - if (ERR_GET_LIB(err) == ERR_LIB_EVP - && ERR_GET_REASON(err) == EVP_R_UNSUPPORTED_ALGORITHM) { - ERR_clear_error(); - return 1; - } -#ifndef OPENSSL_NO_EC - /* - * If EC support is enabled we should catch also EC_R_UNKNOWN_GROUP as an - * hint to an unsupported algorithm/curve (e.g. if binary EC support is - * disabled). - */ - if (ERR_GET_LIB(err) == ERR_LIB_EC - && ERR_GET_REASON(err) == EC_R_UNKNOWN_GROUP) { - ERR_clear_error(); - return 1; - } -#endif /* OPENSSL_NO_EC */ - return 0; -} - - -static int read_key(struct evp_test *t) -{ - char tmpbuf[80]; - if (t->key == NULL) - t->key = BIO_new(BIO_s_mem()); - else if (BIO_reset(t->key) <= 0) - return 0; - if (t->key == NULL) { - fprintf(stderr, "Error allocating key memory BIO\n"); - return 0; - } - /* Read to PEM end line and place content in memory BIO */ - while (BIO_gets(t->in, tmpbuf, sizeof(tmpbuf))) { - t->line++; - if (BIO_puts(t->key, tmpbuf) <= 0) { - fprintf(stderr, "Error writing to key memory BIO\n"); - return 0; - } - if (strncmp(tmpbuf, "-----END", 8) == 0) - return 1; - } - fprintf(stderr, "Can't find key end\n"); - return 0; -} - -static int process_test(struct evp_test *t, char *buf, int verbose) -{ - char *keyword = NULL, *value = NULL; - int rv = 0, add_key = 0; - struct key_list **lst = NULL, *key = NULL; - EVP_PKEY *pk = NULL; - const struct evp_test_method *tmeth = NULL; - if (verbose) - fputs(buf, stdout); - if (!parse_line(&keyword, &value, buf)) - return 1; - if (strcmp(keyword, "PrivateKey") == 0) { - if (!read_key(t)) - return 0; - pk = PEM_read_bio_PrivateKey(t->key, NULL, 0, NULL); - if (pk == NULL && !check_unsupported()) { - fprintf(stderr, "Error reading private key %s\n", value); - ERR_print_errors_fp(stderr); - return 0; - } - lst = &t->private; - add_key = 1; - } - if (strcmp(keyword, "PublicKey") == 0) { - if (!read_key(t)) - return 0; - pk = PEM_read_bio_PUBKEY(t->key, NULL, 0, NULL); - if (pk == NULL && !check_unsupported()) { - fprintf(stderr, "Error reading public key %s\n", value); - ERR_print_errors_fp(stderr); - return 0; - } - lst = &t->public; - add_key = 1; - } - /* If we have a key add to list */ - if (add_key) { - if (find_key(NULL, value, *lst)) { - fprintf(stderr, "Duplicate key %s\n", value); - return 0; - } - key = OPENSSL_malloc(sizeof(*key)); - if (!key) - return 0; - key->name = OPENSSL_strdup(value); - key->key = pk; - key->next = *lst; - *lst = key; - return 1; - } - - /* See if keyword corresponds to a test start */ - tmeth = evp_find_test(keyword); - if (tmeth) { - if (!setup_test(t, tmeth)) - return 0; - t->start_line = t->line; - t->skip = 0; - if (!tmeth->init(t, value)) { - fprintf(stderr, "Unknown %s: %s\n", keyword, value); - return 0; - } - return 1; - } else if (t->skip) { - return 1; - } else if (strcmp(keyword, "Result") == 0) { - if (t->expected_err) { - fprintf(stderr, "Line %d: multiple result lines\n", t->line); - return 0; - } - t->expected_err = OPENSSL_strdup(value); - if (t->expected_err == NULL) - return 0; - } else if (strcmp(keyword, "Function") == 0) { - if (t->func != NULL) { - fprintf(stderr, "Line %d: multiple function lines\n", t->line); - return 0; - } - t->func = OPENSSL_strdup(value); - if (t->func == NULL) - return 0; - } else if (strcmp(keyword, "Reason") == 0) { - if (t->reason != NULL) { - fprintf(stderr, "Line %d: multiple reason lines\n", t->line); - return 0; - } - t->reason = OPENSSL_strdup(value); - if (t->reason == NULL) - return 0; - } else { - /* Must be test specific line: try to parse it */ - if (t->meth) - rv = t->meth->parse(t, keyword, value); - - if (rv == 0) - fprintf(stderr, "line %d: unexpected keyword %s\n", - t->line, keyword); - - if (rv < 0) - fprintf(stderr, "line %d: error processing keyword %s\n", - t->line, keyword); - if (rv <= 0) - return 0; - } - return 1; -} - -static int check_var_length_output(struct evp_test *t, - const unsigned char *expected, - size_t expected_len, - const unsigned char *received, - size_t received_len) -{ - if (expected_len == received_len && - memcmp(expected, received, expected_len) == 0) { - return 0; - } - - /* The result printing code expects a non-NULL buffer. */ - t->out_expected = OPENSSL_memdup(expected, expected_len ? expected_len : 1); - t->out_expected_len = expected_len; - t->out_received = OPENSSL_memdup(received, received_len ? received_len : 1); - t->out_received_len = received_len; - if (t->out_expected == NULL || t->out_received == NULL) { - fprintf(stderr, "Memory allocation error!\n"); - exit(1); - } - return 1; -} - -static int check_output(struct evp_test *t, - const unsigned char *expected, - const unsigned char *received, - size_t len) -{ - return check_var_length_output(t, expected, len, received, len); -} - -int main(int argc, char **argv) -{ - BIO *in = NULL; - char buf[10240]; - struct evp_test t; - - if (argc != 2) { - fprintf(stderr, "usage: evp_test testfile.txt\n"); - return 1; - } - - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - - memset(&t, 0, sizeof(t)); - t.start_line = -1; - in = BIO_new_file(argv[1], "rb"); - if (in == NULL) { - fprintf(stderr, "Can't open %s for reading\n", argv[1]); - return 1; - } - t.in = in; - t.err = NULL; - while (BIO_gets(in, buf, sizeof(buf))) { - t.line++; - if (!process_test(&t, buf, 0)) - exit(1); - } - /* Run any final test we have */ - if (!setup_test(&t, NULL)) - exit(1); - fprintf(stderr, "%d tests completed with %d errors, %d skipped\n", - t.ntests, t.errors, t.nskip); - free_key_list(t.public); - free_key_list(t.private); - BIO_free(t.key); - BIO_free(in); - -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - if (CRYPTO_mem_leaks_fp(stderr) <= 0) - return 1; -#endif - if (t.errors) - return 1; - return 0; -} - -static void test_free(void *d) -{ - OPENSSL_free(d); -} - -/* Message digest tests */ - -struct digest_data { - /* Digest this test is for */ - const EVP_MD *digest; - /* Input to digest */ - unsigned char *input; - size_t input_len; - /* Repeat count for input */ - size_t nrpt; - /* Expected output */ - unsigned char *output; - size_t output_len; -}; - -static int digest_test_init(struct evp_test *t, const char *alg) -{ - const EVP_MD *digest; - struct digest_data *mdat; - digest = EVP_get_digestbyname(alg); - if (!digest) { - /* If alg has an OID assume disabled algorithm */ - if (OBJ_sn2nid(alg) != NID_undef || OBJ_ln2nid(alg) != NID_undef) { - t->skip = 1; - return 1; - } - return 0; - } - mdat = OPENSSL_malloc(sizeof(*mdat)); - mdat->digest = digest; - mdat->input = NULL; - mdat->output = NULL; - mdat->nrpt = 1; - t->data = mdat; - return 1; -} - -static void digest_test_cleanup(struct evp_test *t) -{ - struct digest_data *mdat = t->data; - test_free(mdat->input); - test_free(mdat->output); -} - -static int digest_test_parse(struct evp_test *t, - const char *keyword, const char *value) -{ - struct digest_data *mdata = t->data; - if (strcmp(keyword, "Input") == 0) - return test_bin(value, &mdata->input, &mdata->input_len); - if (strcmp(keyword, "Output") == 0) - return test_bin(value, &mdata->output, &mdata->output_len); - if (strcmp(keyword, "Count") == 0) { - long nrpt = atoi(value); - if (nrpt <= 0) - return 0; - mdata->nrpt = (size_t)nrpt; - return 1; - } - return 0; -} - -static int digest_test_run(struct evp_test *t) -{ - struct digest_data *mdata = t->data; - size_t i; - const char *err = "INTERNAL_ERROR"; - EVP_MD_CTX *mctx; - unsigned char md[EVP_MAX_MD_SIZE]; - unsigned int md_len; - mctx = EVP_MD_CTX_new(); - if (!mctx) - goto err; - err = "DIGESTINIT_ERROR"; - if (!EVP_DigestInit_ex(mctx, mdata->digest, NULL)) - goto err; - err = "DIGESTUPDATE_ERROR"; - for (i = 0; i < mdata->nrpt; i++) { - if (!EVP_DigestUpdate(mctx, mdata->input, mdata->input_len)) - goto err; - } - err = "DIGESTFINAL_ERROR"; - if (!EVP_DigestFinal(mctx, md, &md_len)) - goto err; - err = "DIGEST_LENGTH_MISMATCH"; - if (md_len != mdata->output_len) - goto err; - err = "DIGEST_MISMATCH"; - if (check_output(t, mdata->output, md, md_len)) - goto err; - err = NULL; - err: - EVP_MD_CTX_free(mctx); - t->err = err; - return 1; -} - -static const struct evp_test_method digest_test_method = { - "Digest", - digest_test_init, - digest_test_cleanup, - digest_test_parse, - digest_test_run -}; - -/* Cipher tests */ -struct cipher_data { - const EVP_CIPHER *cipher; - int enc; - /* EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE or EVP_CIPH_OCB_MODE if AEAD */ - int aead; - unsigned char *key; - size_t key_len; - unsigned char *iv; - size_t iv_len; - unsigned char *plaintext; - size_t plaintext_len; - unsigned char *ciphertext; - size_t ciphertext_len; - /* GCM, CCM only */ - unsigned char *aad; - size_t aad_len; - unsigned char *tag; - size_t tag_len; -}; - -static int cipher_test_init(struct evp_test *t, const char *alg) -{ - const EVP_CIPHER *cipher; - struct cipher_data *cdat = t->data; - cipher = EVP_get_cipherbyname(alg); - if (!cipher) { - /* If alg has an OID assume disabled algorithm */ - if (OBJ_sn2nid(alg) != NID_undef || OBJ_ln2nid(alg) != NID_undef) { - t->skip = 1; - return 1; - } - return 0; - } - cdat = OPENSSL_malloc(sizeof(*cdat)); + cdat = OPENSSL_zalloc(sizeof(*cdat)); cdat->cipher = cipher; cdat->enc = -1; - cdat->key = NULL; - cdat->iv = NULL; - cdat->ciphertext = NULL; - cdat->plaintext = NULL; - cdat->aad = NULL; - cdat->tag = NULL; - t->data = cdat; - if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE - || EVP_CIPHER_mode(cipher) == EVP_CIPH_OCB_MODE - || EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE) - cdat->aead = EVP_CIPHER_mode(cipher); + m = EVP_CIPHER_mode(cipher); + if (m == EVP_CIPH_GCM_MODE + || m == EVP_CIPH_OCB_MODE + || m == EVP_CIPH_CCM_MODE) + cdat->aead = m; else if (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) cdat->aead = -1; else cdat->aead = 0; + t->data = cdat; return 1; } -static void cipher_test_cleanup(struct evp_test *t) +static void cipher_test_cleanup(EVP_TEST *t) { - struct cipher_data *cdat = t->data; - test_free(cdat->key); - test_free(cdat->iv); - test_free(cdat->ciphertext); - test_free(cdat->plaintext); - test_free(cdat->aad); - test_free(cdat->tag); + CIPHER_DATA *cdat = t->data; + + OPENSSL_free(cdat->key); + OPENSSL_free(cdat->iv); + OPENSSL_free(cdat->ciphertext); + OPENSSL_free(cdat->plaintext); + OPENSSL_free(cdat->aad); + OPENSSL_free(cdat->tag); } -static int cipher_test_parse(struct evp_test *t, const char *keyword, +static int cipher_test_parse(EVP_TEST *t, const char *keyword, const char *value) { - struct cipher_data *cdat = t->data; + CIPHER_DATA *cdat = t->data; + if (strcmp(keyword, "Key") == 0) - return test_bin(value, &cdat->key, &cdat->key_len); + return parse_bin(value, &cdat->key, &cdat->key_len); if (strcmp(keyword, "IV") == 0) - return test_bin(value, &cdat->iv, &cdat->iv_len); + return parse_bin(value, &cdat->iv, &cdat->iv_len); if (strcmp(keyword, "Plaintext") == 0) - return test_bin(value, &cdat->plaintext, &cdat->plaintext_len); + return parse_bin(value, &cdat->plaintext, &cdat->plaintext_len); if (strcmp(keyword, "Ciphertext") == 0) - return test_bin(value, &cdat->ciphertext, &cdat->ciphertext_len); + return parse_bin(value, &cdat->ciphertext, &cdat->ciphertext_len); if (cdat->aead) { if (strcmp(keyword, "AAD") == 0) - return test_bin(value, &cdat->aad, &cdat->aad_len); + return parse_bin(value, &cdat->aad, &cdat->aad_len); if (strcmp(keyword, "Tag") == 0) - return test_bin(value, &cdat->tag, &cdat->tag_len); + return parse_bin(value, &cdat->tag, &cdat->tag_len); } if (strcmp(keyword, "Operation") == 0) { @@ -904,30 +539,29 @@ static int cipher_test_parse(struct evp_test *t, const char *keyword, return 0; } -static int cipher_test_enc(struct evp_test *t, int enc, +static int cipher_test_enc(EVP_TEST *t, int enc, size_t out_misalign, size_t inp_misalign, int frag) { - struct cipher_data *cdat = t->data; - unsigned char *in, *out, *tmp = NULL; + CIPHER_DATA *expected = t->data; + unsigned char *in, *expected_out, *tmp = NULL; size_t in_len, out_len, donelen = 0; - int tmplen, chunklen, tmpflen; + int ok = 0, tmplen, chunklen, tmpflen; EVP_CIPHER_CTX *ctx = NULL; - const char *err; - err = "INTERNAL_ERROR"; - ctx = EVP_CIPHER_CTX_new(); - if (!ctx) + + t->err = "TEST_FAILURE"; + if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) goto err; EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); if (enc) { - in = cdat->plaintext; - in_len = cdat->plaintext_len; - out = cdat->ciphertext; - out_len = cdat->ciphertext_len; + in = expected->plaintext; + in_len = expected->plaintext_len; + expected_out = expected->ciphertext; + out_len = expected->ciphertext_len; } else { - in = cdat->ciphertext; - in_len = cdat->ciphertext_len; - out = cdat->plaintext; - out_len = cdat->plaintext_len; + in = expected->ciphertext; + in_len = expected->ciphertext_len; + expected_out = expected->plaintext; + out_len = expected->plaintext_len; } if (inp_misalign == (size_t)-1) { /* @@ -954,88 +588,95 @@ static int cipher_test_enc(struct evp_test *t, int enc, in = memcpy(tmp + out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH + inp_misalign, in, in_len); } - err = "CIPHERINIT_ERROR"; - if (!EVP_CipherInit_ex(ctx, cdat->cipher, NULL, NULL, NULL, enc)) + if (!EVP_CipherInit_ex(ctx, expected->cipher, NULL, NULL, NULL, enc)) { + t->err = "CIPHERINIT_ERROR"; goto err; - err = "INVALID_IV_LENGTH"; - if (cdat->iv) { - if (cdat->aead) { + } + if (expected->iv) { + if (expected->aead) { if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, - cdat->iv_len, 0)) + expected->iv_len, 0)) { + t->err = "INVALID_IV_LENGTH"; goto err; - } else if (cdat->iv_len != (size_t)EVP_CIPHER_CTX_iv_length(ctx)) + } + } else if (expected->iv_len != (size_t)EVP_CIPHER_CTX_iv_length(ctx)) { + t->err = "INVALID_IV_LENGTH"; goto err; + } } - if (cdat->aead) { + if (expected->aead) { unsigned char *tag; /* * If encrypting or OCB just set tag length initially, otherwise * set tag length and value. */ - if (enc || cdat->aead == EVP_CIPH_OCB_MODE) { - err = "TAG_LENGTH_SET_ERROR"; + if (enc || expected->aead == EVP_CIPH_OCB_MODE) { + t->err = "TAG_LENGTH_SET_ERROR"; tag = NULL; } else { - err = "TAG_SET_ERROR"; - tag = cdat->tag; + t->err = "TAG_SET_ERROR"; + tag = expected->tag; } - if (tag || cdat->aead != EVP_CIPH_GCM_MODE) { + if (tag || expected->aead != EVP_CIPH_GCM_MODE) { if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, - cdat->tag_len, tag)) + expected->tag_len, tag)) goto err; } } - err = "INVALID_KEY_LENGTH"; - if (!EVP_CIPHER_CTX_set_key_length(ctx, cdat->key_len)) + if (!EVP_CIPHER_CTX_set_key_length(ctx, expected->key_len)) { + t->err = "INVALID_KEY_LENGTH"; goto err; - err = "KEY_SET_ERROR"; - if (!EVP_CipherInit_ex(ctx, NULL, NULL, cdat->key, cdat->iv, -1)) + } + if (!EVP_CipherInit_ex(ctx, NULL, NULL, expected->key, expected->iv, -1)) { + t->err = "KEY_SET_ERROR"; goto err; + } - if (!enc && cdat->aead == EVP_CIPH_OCB_MODE) { + if (!enc && expected->aead == EVP_CIPH_OCB_MODE) { if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, - cdat->tag_len, cdat->tag)) { - err = "TAG_SET_ERROR"; + expected->tag_len, expected->tag)) { + t->err = "TAG_SET_ERROR"; goto err; } } - if (cdat->aead == EVP_CIPH_CCM_MODE) { + if (expected->aead == EVP_CIPH_CCM_MODE) { if (!EVP_CipherUpdate(ctx, NULL, &tmplen, NULL, out_len)) { - err = "CCM_PLAINTEXT_LENGTH_SET_ERROR"; + t->err = "CCM_PLAINTEXT_LENGTH_SET_ERROR"; goto err; } } - if (cdat->aad) { - err = "AAD_SET_ERROR"; + if (expected->aad) { + t->err = "AAD_SET_ERROR"; if (!frag) { - if (!EVP_CipherUpdate(ctx, NULL, &chunklen, cdat->aad, - cdat->aad_len)) + if (!EVP_CipherUpdate(ctx, NULL, &chunklen, expected->aad, + expected->aad_len)) goto err; } else { /* * Supply the AAD in chunks less than the block size where possible */ - if (cdat->aad_len > 0) { - if (!EVP_CipherUpdate(ctx, NULL, &chunklen, cdat->aad, 1)) + if (expected->aad_len > 0) { + if (!EVP_CipherUpdate(ctx, NULL, &chunklen, expected->aad, 1)) goto err; donelen++; } - if (cdat->aad_len > 2) { - if (!EVP_CipherUpdate(ctx, NULL, &chunklen, cdat->aad + donelen, - cdat->aad_len - 2)) + if (expected->aad_len > 2) { + if (!EVP_CipherUpdate(ctx, NULL, &chunklen, + expected->aad + donelen, + expected->aad_len - 2)) goto err; - donelen += cdat->aad_len - 2; + donelen += expected->aad_len - 2; } - if (cdat->aad_len > 1 + if (expected->aad_len > 1 && !EVP_CipherUpdate(ctx, NULL, &chunklen, - cdat->aad + donelen, 1)) + expected->aad + donelen, 1)) goto err; } } EVP_CIPHER_CTX_set_padding(ctx, 0); - err = "CIPHERUPDATE_ERROR"; + t->err = "CIPHERUPDATE_ERROR"; tmplen = 0; if (!frag) { /* We supply the data all in one go */ @@ -1065,46 +706,41 @@ static int cipher_test_enc(struct evp_test *t, int enc, tmplen += chunklen; } } - if (cdat->aead == EVP_CIPH_CCM_MODE) - tmpflen = 0; - else { - err = "CIPHERFINAL_ERROR"; - if (!EVP_CipherFinal_ex(ctx, tmp + out_misalign + tmplen, &tmpflen)) - goto err; - } - err = "LENGTH_MISMATCH"; - if (out_len != (size_t)(tmplen + tmpflen)) + if (!EVP_CipherFinal_ex(ctx, tmp + out_misalign + tmplen, &tmpflen)) { + t->err = "CIPHERFINAL_ERROR"; goto err; - err = "VALUE_MISMATCH"; - if (check_output(t, out, tmp + out_misalign, out_len)) + } + if (!memory_err_compare(t, "VALUE_MISMATCH", expected_out, out_len, + tmp + out_misalign, tmplen + tmpflen)) goto err; - if (enc && cdat->aead) { + if (enc && expected->aead) { unsigned char rtag[16]; - if (cdat->tag_len > sizeof(rtag)) { - err = "TAG_LENGTH_INTERNAL_ERROR"; + + if (!TEST_size_t_le(expected->tag_len, sizeof(rtag))) { + t->err = "TAG_LENGTH_INTERNAL_ERROR"; goto err; } if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, - cdat->tag_len, rtag)) { - err = "TAG_RETRIEVE_ERROR"; + expected->tag_len, rtag)) { + t->err = "TAG_RETRIEVE_ERROR"; goto err; } - if (check_output(t, cdat->tag, rtag, cdat->tag_len)) { - err = "TAG_VALUE_MISMATCH"; + if (!memory_err_compare(t, "TAG_VALUE_MISMATCH", + expected->tag, expected->tag_len, + rtag, expected->tag_len)) goto err; - } } - err = NULL; + t->err = NULL; + ok = 1; err: OPENSSL_free(tmp); EVP_CIPHER_CTX_free(ctx); - t->err = err; - return err ? 0 : 1; + return ok; } -static int cipher_test_run(struct evp_test *t) +static int cipher_test_run(EVP_TEST *t) { - struct cipher_data *cdat = t->data; + CIPHER_DATA *cdat = t->data; int rv, frag = 0; size_t out_misalign, inp_misalign; @@ -1167,7 +803,7 @@ static int cipher_test_run(struct evp_test *t) */ if (cdat->aead == EVP_CIPH_CCM_MODE || EVP_CIPHER_mode(cdat->cipher) == EVP_CIPH_XTS_MODE - || EVP_CIPHER_mode(cdat->cipher) == EVP_CIPH_WRAP_MODE) + || EVP_CIPHER_mode(cdat->cipher) == EVP_CIPH_WRAP_MODE) break; out_misalign = 0; frag++; @@ -1180,7 +816,7 @@ static int cipher_test_run(struct evp_test *t) return 1; } -static const struct evp_test_method cipher_test_method = { +static const EVP_TEST_METHOD cipher_test_method = { "Cipher", cipher_test_init, cipher_test_cleanup, @@ -1188,7 +824,12 @@ static const struct evp_test_method cipher_test_method = { cipher_test_run }; -struct mac_data { + +/** +*** MAC TESTS +**/ + +typedef struct mac_data_st { /* MAC type */ int type; /* Algorithm string for this MAC */ @@ -1202,12 +843,15 @@ struct mac_data { /* Expected output */ unsigned char *output; size_t output_len; -}; + /* Collection of controls */ + STACK_OF(OPENSSL_STRING) *controls; +} MAC_DATA; -static int mac_test_init(struct evp_test *t, const char *alg) +static int mac_test_init(EVP_TEST *t, const char *alg) { int type; - struct mac_data *mdat; + MAC_DATA *mdat; + if (strcmp(alg, "HMAC") == 0) { type = EVP_PKEY_HMAC; } else if (strcmp(alg, "CMAC") == 0) { @@ -1216,35 +860,55 @@ static int mac_test_init(struct evp_test *t, const char *alg) #else t->skip = 1; return 1; +#endif + } else if (strcmp(alg, "Poly1305") == 0) { +#ifndef OPENSSL_NO_POLY1305 + type = EVP_PKEY_POLY1305; +#else + t->skip = 1; + return 1; +#endif + } else if (strcmp(alg, "SipHash") == 0) { +#ifndef OPENSSL_NO_SIPHASH + type = EVP_PKEY_SIPHASH; +#else + t->skip = 1; + return 1; #endif } else return 0; - mdat = OPENSSL_malloc(sizeof(*mdat)); + mdat = OPENSSL_zalloc(sizeof(*mdat)); mdat->type = type; - mdat->alg = NULL; - mdat->key = NULL; - mdat->input = NULL; - mdat->output = NULL; + mdat->controls = sk_OPENSSL_STRING_new_null(); t->data = mdat; return 1; } -static void mac_test_cleanup(struct evp_test *t) +/* Because OPENSSL_free is a macro, it can't be passed as a function pointer */ +static void openssl_free(char *m) +{ + OPENSSL_free(m); +} + +static void mac_test_cleanup(EVP_TEST *t) { - struct mac_data *mdat = t->data; - test_free(mdat->alg); - test_free(mdat->key); - test_free(mdat->input); - test_free(mdat->output); + MAC_DATA *mdat = t->data; + + sk_OPENSSL_STRING_pop_free(mdat->controls, openssl_free); + OPENSSL_free(mdat->alg); + OPENSSL_free(mdat->key); + OPENSSL_free(mdat->input); + OPENSSL_free(mdat->output); } -static int mac_test_parse(struct evp_test *t, +static int mac_test_parse(EVP_TEST *t, const char *keyword, const char *value) { - struct mac_data *mdata = t->data; + MAC_DATA *mdata = t->data; + if (strcmp(keyword, "Key") == 0) - return test_bin(value, &mdata->key, &mdata->key_len); + return parse_bin(value, &mdata->key, &mdata->key_len); if (strcmp(keyword, "Algorithm") == 0) { mdata->alg = OPENSSL_strdup(value); if (!mdata->alg) @@ -1252,95 +916,117 @@ static int mac_test_parse(struct evp_test *t, return 1; } if (strcmp(keyword, "Input") == 0) - return test_bin(value, &mdata->input, &mdata->input_len); + return parse_bin(value, &mdata->input, &mdata->input_len); if (strcmp(keyword, "Output") == 0) - return test_bin(value, &mdata->output, &mdata->output_len); + return parse_bin(value, &mdata->output, &mdata->output_len); + if (strcmp(keyword, "Ctrl") == 0) + return sk_OPENSSL_STRING_push(mdata->controls, + OPENSSL_strdup(value)) != 0; return 0; } -static int mac_test_run(struct evp_test *t) +static int mac_test_ctrl_pkey(EVP_TEST *t, EVP_PKEY_CTX *pctx, + const char *value) +{ + int rv; + char *p, *tmpval; + + if (!TEST_ptr(tmpval = OPENSSL_strdup(value))) + return 0; + p = strchr(tmpval, ':'); + if (p != NULL) + *p++ = '\0'; + rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p); + if (rv == -2) + t->err = "PKEY_CTRL_INVALID"; + else if (rv <= 0) + t->err = "PKEY_CTRL_ERROR"; + else + rv = 1; + OPENSSL_free(tmpval); + return rv > 0; +} + +static int mac_test_run(EVP_TEST *t) { - struct mac_data *mdata = t->data; - const char *err = "INTERNAL_ERROR"; + MAC_DATA *expected = t->data; EVP_MD_CTX *mctx = NULL; EVP_PKEY_CTX *pctx = NULL, *genctx = NULL; EVP_PKEY *key = NULL; const EVP_MD *md = NULL; - unsigned char *mac = NULL; - size_t mac_len; + unsigned char *got = NULL; + size_t got_len; + int i; #ifdef OPENSSL_NO_DES - if (mdata->alg != NULL && strstr(mdata->alg, "DES") != NULL) { + if (expected->alg != NULL && strstr(expected->alg, "DES") != NULL) { /* Skip DES */ - err = NULL; + t->err = NULL; goto err; } #endif - err = "MAC_PKEY_CTX_ERROR"; - genctx = EVP_PKEY_CTX_new_id(mdata->type, NULL); - if (!genctx) - goto err; - - err = "MAC_KEYGEN_INIT_ERROR"; - if (EVP_PKEY_keygen_init(genctx) <= 0) + if (expected->type == EVP_PKEY_CMAC) + key = EVP_PKEY_new_CMAC_key(NULL, expected->key, expected->key_len, + EVP_get_cipherbyname(expected->alg)); + else + key = EVP_PKEY_new_raw_private_key(expected->type, NULL, expected->key, + expected->key_len); + if (key == NULL) { + t->err = "MAC_KEY_CREATE_ERROR"; goto err; - if (mdata->type == EVP_PKEY_CMAC) { - err = "MAC_ALGORITHM_SET_ERROR"; - if (EVP_PKEY_CTX_ctrl_str(genctx, "cipher", mdata->alg) <= 0) - goto err; } - err = "MAC_KEY_SET_ERROR"; - if (EVP_PKEY_CTX_set_mac_key(genctx, mdata->key, mdata->key_len) <= 0) - goto err; - - err = "MAC_KEY_GENERATE_ERROR"; - if (EVP_PKEY_keygen(genctx, &key) <= 0) - goto err; - if (mdata->type == EVP_PKEY_HMAC) { - err = "MAC_ALGORITHM_SET_ERROR"; - md = EVP_get_digestbyname(mdata->alg); - if (!md) + if (expected->type == EVP_PKEY_HMAC) { + if (!TEST_ptr(md = EVP_get_digestbyname(expected->alg))) { + t->err = "MAC_ALGORITHM_SET_ERROR"; goto err; + } } - mctx = EVP_MD_CTX_new(); - if (!mctx) + if (!TEST_ptr(mctx = EVP_MD_CTX_new())) { + t->err = "INTERNAL_ERROR"; goto err; - err = "DIGESTSIGNINIT_ERROR"; - if (!EVP_DigestSignInit(mctx, &pctx, md, NULL, key)) - goto err; - - err = "DIGESTSIGNUPDATE_ERROR"; - if (!EVP_DigestSignUpdate(mctx, mdata->input, mdata->input_len)) + } + if (!EVP_DigestSignInit(mctx, &pctx, md, NULL, key)) { + t->err = "DIGESTSIGNINIT_ERROR"; goto err; - err = "DIGESTSIGNFINAL_LENGTH_ERROR"; - if (!EVP_DigestSignFinal(mctx, NULL, &mac_len)) + } + for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++) + if (!mac_test_ctrl_pkey(t, pctx, + sk_OPENSSL_STRING_value(expected->controls, + i))) { + t->err = "EVPPKEYCTXCTRL_ERROR"; + goto err; + } + if (!EVP_DigestSignUpdate(mctx, expected->input, expected->input_len)) { + t->err = "DIGESTSIGNUPDATE_ERROR"; goto err; - mac = OPENSSL_malloc(mac_len); - if (!mac) { - fprintf(stderr, "Error allocating mac buffer!\n"); - exit(1); } - if (!EVP_DigestSignFinal(mctx, mac, &mac_len)) + if (!EVP_DigestSignFinal(mctx, NULL, &got_len)) { + t->err = "DIGESTSIGNFINAL_LENGTH_ERROR"; goto err; - err = "MAC_LENGTH_MISMATCH"; - if (mac_len != mdata->output_len) + } + if (!TEST_ptr(got = OPENSSL_malloc(got_len))) { + t->err = "TEST_FAILURE"; goto err; - err = "MAC_MISMATCH"; - if (check_output(t, mdata->output, mac, mac_len)) + } + if (!EVP_DigestSignFinal(mctx, got, &got_len) + || !memory_err_compare(t, "TEST_MAC_ERR", + expected->output, expected->output_len, + got, got_len)) { + t->err = "TEST_MAC_ERR"; goto err; - err = NULL; + } + t->err = NULL; err: EVP_MD_CTX_free(mctx); - OPENSSL_free(mac); + OPENSSL_free(got); EVP_PKEY_CTX_free(genctx); EVP_PKEY_free(key); - t->err = err; return 1; } -static const struct evp_test_method mac_test_method = { +static const EVP_TEST_METHOD mac_test_method = { "MAC", mac_test_init, mac_test_cleanup, @@ -1348,12 +1034,13 @@ static const struct evp_test_method mac_test_method = { mac_test_run }; -/* - * Public key operations. These are all very similar and can share - * a lot of common code. - */ -struct pkey_data { +/** +*** PUBLIC KEY TESTS +*** These are all very similar and share much common code. +**/ + +typedef struct pkey_data_st { /* Context for this operation */ EVP_PKEY_CTX *ctx; /* Key operation to perform */ @@ -1366,72 +1053,69 @@ struct pkey_data { /* Expected output */ unsigned char *output; size_t output_len; -}; +} PKEY_DATA; /* * Perform public key operation setup: lookup key, allocated ctx and call * the appropriate initialisation function */ -static int pkey_test_init(struct evp_test *t, const char *name, +static int pkey_test_init(EVP_TEST *t, const char *name, int use_public, int (*keyopinit) (EVP_PKEY_CTX *ctx), - int (*keyop) (EVP_PKEY_CTX *ctx, - unsigned char *sig, size_t *siglen, - const unsigned char *tbs, - size_t tbslen) - ) + int (*keyop)(EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, + size_t tbslen)) { - struct pkey_data *kdata; + PKEY_DATA *kdata; EVP_PKEY *pkey = NULL; int rv = 0; + if (use_public) - rv = find_key(&pkey, name, t->public); - if (!rv) - rv = find_key(&pkey, name, t->private); - if (!rv || pkey == NULL) { + rv = find_key(&pkey, name, public_keys); + if (rv == 0) + rv = find_key(&pkey, name, private_keys); + if (rv == 0 || pkey == NULL) { t->skip = 1; return 1; } - kdata = OPENSSL_malloc(sizeof(*kdata)); - if (!kdata) { + if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata)))) { EVP_PKEY_free(pkey); return 0; } - kdata->ctx = NULL; - kdata->input = NULL; - kdata->output = NULL; kdata->keyop = keyop; - t->data = kdata; - kdata->ctx = EVP_PKEY_CTX_new(pkey, NULL); - if (!kdata->ctx) + if (!TEST_ptr(kdata->ctx = EVP_PKEY_CTX_new(pkey, NULL))) { + EVP_PKEY_free(pkey); + OPENSSL_free(kdata); return 0; + } if (keyopinit(kdata->ctx) <= 0) t->err = "KEYOP_INIT_ERROR"; + t->data = kdata; return 1; } -static void pkey_test_cleanup(struct evp_test *t) +static void pkey_test_cleanup(EVP_TEST *t) { - struct pkey_data *kdata = t->data; + PKEY_DATA *kdata = t->data; OPENSSL_free(kdata->input); OPENSSL_free(kdata->output); EVP_PKEY_CTX_free(kdata->ctx); } -static int pkey_test_ctrl(struct evp_test *t, EVP_PKEY_CTX *pctx, +static int pkey_test_ctrl(EVP_TEST *t, EVP_PKEY_CTX *pctx, const char *value) { int rv; char *p, *tmpval; - tmpval = OPENSSL_strdup(value); - if (tmpval == NULL) + if (!TEST_ptr(tmpval = OPENSSL_strdup(value))) return 0; p = strchr(tmpval, ':'); if (p != NULL) - *p++ = 0; + *p++ = '\0'; rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p); if (rv == -2) { t->err = "PKEY_CTRL_INVALID"; @@ -1439,10 +1123,12 @@ static int pkey_test_ctrl(struct evp_test *t, EVP_PKEY_CTX *pctx, } else if (p != NULL && rv <= 0) { /* If p has an OID and lookup fails assume disabled algorithm */ int nid = OBJ_sn2nid(p); + if (nid == NID_undef) nid = OBJ_ln2nid(p); - if ((nid != NID_undef) && EVP_get_digestbynid(nid) == NULL && - EVP_get_cipherbynid(nid) == NULL) { + if (nid != NID_undef + && EVP_get_digestbynid(nid) == NULL + && EVP_get_cipherbynid(nid) == NULL) { t->skip = 1; rv = 1; } else { @@ -1454,56 +1140,53 @@ static int pkey_test_ctrl(struct evp_test *t, EVP_PKEY_CTX *pctx, return rv > 0; } -static int pkey_test_parse(struct evp_test *t, +static int pkey_test_parse(EVP_TEST *t, const char *keyword, const char *value) { - struct pkey_data *kdata = t->data; + PKEY_DATA *kdata = t->data; if (strcmp(keyword, "Input") == 0) - return test_bin(value, &kdata->input, &kdata->input_len); + return parse_bin(value, &kdata->input, &kdata->input_len); if (strcmp(keyword, "Output") == 0) - return test_bin(value, &kdata->output, &kdata->output_len); + return parse_bin(value, &kdata->output, &kdata->output_len); if (strcmp(keyword, "Ctrl") == 0) return pkey_test_ctrl(t, kdata->ctx, value); return 0; } -static int pkey_test_run(struct evp_test *t) +static int pkey_test_run(EVP_TEST *t) { - struct pkey_data *kdata = t->data; - unsigned char *out = NULL; - size_t out_len; - const char *err = "KEYOP_LENGTH_ERROR"; - if (kdata->keyop(kdata->ctx, NULL, &out_len, kdata->input, - kdata->input_len) <= 0) - goto err; - out = OPENSSL_malloc(out_len); - if (!out) { - fprintf(stderr, "Error allocating output buffer!\n"); - exit(1); - } - err = "KEYOP_ERROR"; - if (kdata->keyop - (kdata->ctx, out, &out_len, kdata->input, kdata->input_len) <= 0) + PKEY_DATA *expected = t->data; + unsigned char *got = NULL; + size_t got_len; + + if (expected->keyop(expected->ctx, NULL, &got_len, + expected->input, expected->input_len) <= 0 + || !TEST_ptr(got = OPENSSL_malloc(got_len))) { + t->err = "KEYOP_LENGTH_ERROR"; goto err; - err = "KEYOP_LENGTH_MISMATCH"; - if (out_len != kdata->output_len) + } + if (expected->keyop(expected->ctx, got, &got_len, + expected->input, expected->input_len) <= 0) { + t->err = "KEYOP_ERROR"; goto err; - err = "KEYOP_MISMATCH"; - if (check_output(t, kdata->output, out, out_len)) + } + if (!memory_err_compare(t, "KEYOP_MISMATCH", + expected->output, expected->output_len, + got, got_len)) goto err; - err = NULL; + + t->err = NULL; err: - OPENSSL_free(out); - t->err = err; + OPENSSL_free(got); return 1; } -static int sign_test_init(struct evp_test *t, const char *name) +static int sign_test_init(EVP_TEST *t, const char *name) { return pkey_test_init(t, name, 0, EVP_PKEY_sign_init, EVP_PKEY_sign); } -static const struct evp_test_method psign_test_method = { +static const EVP_TEST_METHOD psign_test_method = { "Sign", sign_test_init, pkey_test_cleanup, @@ -1511,13 +1194,13 @@ static const struct evp_test_method psign_test_method = { pkey_test_run }; -static int verify_recover_test_init(struct evp_test *t, const char *name) +static int verify_recover_test_init(EVP_TEST *t, const char *name) { return pkey_test_init(t, name, 1, EVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover); } -static const struct evp_test_method pverify_recover_test_method = { +static const EVP_TEST_METHOD pverify_recover_test_method = { "VerifyRecover", verify_recover_test_init, pkey_test_cleanup, @@ -1525,13 +1208,13 @@ static const struct evp_test_method pverify_recover_test_method = { pkey_test_run }; -static int decrypt_test_init(struct evp_test *t, const char *name) +static int decrypt_test_init(EVP_TEST *t, const char *name) { return pkey_test_init(t, name, 0, EVP_PKEY_decrypt_init, EVP_PKEY_decrypt); } -static const struct evp_test_method pdecrypt_test_method = { +static const EVP_TEST_METHOD pdecrypt_test_method = { "Decrypt", decrypt_test_init, pkey_test_cleanup, @@ -1539,21 +1222,22 @@ static const struct evp_test_method pdecrypt_test_method = { pkey_test_run }; -static int verify_test_init(struct evp_test *t, const char *name) +static int verify_test_init(EVP_TEST *t, const char *name) { return pkey_test_init(t, name, 1, EVP_PKEY_verify_init, 0); } -static int verify_test_run(struct evp_test *t) +static int verify_test_run(EVP_TEST *t) { - struct pkey_data *kdata = t->data; + PKEY_DATA *kdata = t->data; + if (EVP_PKEY_verify(kdata->ctx, kdata->output, kdata->output_len, kdata->input, kdata->input_len) <= 0) t->err = "VERIFY_ERROR"; return 1; } -static const struct evp_test_method pverify_test_method = { +static const EVP_TEST_METHOD pverify_test_method = { "Verify", verify_test_init, pkey_test_cleanup, @@ -1562,61 +1246,61 @@ static const struct evp_test_method pverify_test_method = { }; -static int pderive_test_init(struct evp_test *t, const char *name) +static int pderive_test_init(EVP_TEST *t, const char *name) { return pkey_test_init(t, name, 0, EVP_PKEY_derive_init, 0); } -static int pderive_test_parse(struct evp_test *t, +static int pderive_test_parse(EVP_TEST *t, const char *keyword, const char *value) { - struct pkey_data *kdata = t->data; + PKEY_DATA *kdata = t->data; if (strcmp(keyword, "PeerKey") == 0) { EVP_PKEY *peer; - if (find_key(&peer, value, t->public) == 0) + if (find_key(&peer, value, public_keys) == 0) return 0; if (EVP_PKEY_derive_set_peer(kdata->ctx, peer) <= 0) return 0; return 1; } if (strcmp(keyword, "SharedSecret") == 0) - return test_bin(value, &kdata->output, &kdata->output_len); + return parse_bin(value, &kdata->output, &kdata->output_len); if (strcmp(keyword, "Ctrl") == 0) return pkey_test_ctrl(t, kdata->ctx, value); return 0; } -static int pderive_test_run(struct evp_test *t) +static int pderive_test_run(EVP_TEST *t) { - struct pkey_data *kdata = t->data; - unsigned char *out = NULL; - size_t out_len; - const char *err = "DERIVE_ERROR"; + PKEY_DATA *expected = t->data; + unsigned char *got = NULL; + size_t got_len; - if (EVP_PKEY_derive(kdata->ctx, NULL, &out_len) <= 0) + if (EVP_PKEY_derive(expected->ctx, NULL, &got_len) <= 0) { + t->err = "DERIVE_ERROR"; goto err; - out = OPENSSL_malloc(out_len); - if (!out) { - fprintf(stderr, "Error allocating output buffer!\n"); - exit(1); } - if (EVP_PKEY_derive(kdata->ctx, out, &out_len) <= 0) + if (!TEST_ptr(got = OPENSSL_malloc(got_len))) { + t->err = "DERIVE_ERROR"; goto err; - err = "SHARED_SECRET_LENGTH_MISMATCH"; - if (kdata->output == NULL || out_len != kdata->output_len) + } + if (EVP_PKEY_derive(expected->ctx, got, &got_len) <= 0) { + t->err = "DERIVE_ERROR"; goto err; - err = "SHARED_SECRET_MISMATCH"; - if (check_output(t, kdata->output, out, out_len)) + } + if (!memory_err_compare(t, "SHARED_SECRET_MISMATCH", + expected->output, expected->output_len, + got, got_len)) goto err; - err = NULL; + + t->err = NULL; err: - OPENSSL_free(out); - t->err = err; + OPENSSL_free(got); return 1; } -static const struct evp_test_method pderive_test_method = { +static const EVP_TEST_METHOD pderive_test_method = { "Derive", pderive_test_init, pkey_test_cleanup, @@ -1624,92 +1308,117 @@ static const struct evp_test_method pderive_test_method = { pderive_test_run }; -/* PBE tests */ - -#define PBE_TYPE_SCRYPT 1 -#define PBE_TYPE_PBKDF2 2 -#define PBE_TYPE_PKCS12 3 -struct pbe_data { +/** +*** PBE TESTS +**/ - int pbe_type; +typedef enum pbe_type_enum { + PBE_TYPE_INVALID = 0, + PBE_TYPE_SCRYPT, PBE_TYPE_PBKDF2, PBE_TYPE_PKCS12 +} PBE_TYPE; - /* scrypt parameters */ +typedef struct pbe_data_st { + PBE_TYPE pbe_type; + /* scrypt parameters */ uint64_t N, r, p, maxmem; - - /* PKCS#12 parameters */ + /* PKCS#12 parameters */ int id, iter; const EVP_MD *md; - - /* password */ + /* password */ unsigned char *pass; size_t pass_len; - - /* salt */ + /* salt */ unsigned char *salt; size_t salt_len; - - /* Expected output */ + /* Expected output */ unsigned char *key; size_t key_len; -}; +} PBE_DATA; #ifndef OPENSSL_NO_SCRYPT -static int scrypt_test_parse(struct evp_test *t, +/* + * Parse unsigned decimal 64 bit integer value + */ +static int parse_uint64(const char *value, uint64_t *pr) +{ + const char *p = value; + + if (!TEST_true(*p)) { + TEST_info("Invalid empty integer value"); + return -1; + } + for (*pr = 0; *p; ) { + if (*pr > UINT64_MAX / 10) { + TEST_error("Integer overflow in string %s", value); + return -1; + } + *pr *= 10; + if (!TEST_true(isdigit((unsigned char)*p))) { + TEST_error("Invalid character in string %s", value); + return -1; + } + *pr += *p - '0'; + p++; + } + return 1; +} + +static int scrypt_test_parse(EVP_TEST *t, const char *keyword, const char *value) { - struct pbe_data *pdata = t->data; + PBE_DATA *pdata = t->data; if (strcmp(keyword, "N") == 0) - return test_uint64(value, &pdata->N); + return parse_uint64(value, &pdata->N); if (strcmp(keyword, "p") == 0) - return test_uint64(value, &pdata->p); + return parse_uint64(value, &pdata->p); if (strcmp(keyword, "r") == 0) - return test_uint64(value, &pdata->r); + return parse_uint64(value, &pdata->r); if (strcmp(keyword, "maxmem") == 0) - return test_uint64(value, &pdata->maxmem); + return parse_uint64(value, &pdata->maxmem); return 0; } #endif -static int pbkdf2_test_parse(struct evp_test *t, +static int pbkdf2_test_parse(EVP_TEST *t, const char *keyword, const char *value) { - struct pbe_data *pdata = t->data; + PBE_DATA *pdata = t->data; if (strcmp(keyword, "iter") == 0) { pdata->iter = atoi(value); if (pdata->iter <= 0) - return 0; + return -1; return 1; } if (strcmp(keyword, "MD") == 0) { pdata->md = EVP_get_digestbyname(value); if (pdata->md == NULL) - return 0; + return -1; return 1; } return 0; } -static int pkcs12_test_parse(struct evp_test *t, +static int pkcs12_test_parse(EVP_TEST *t, const char *keyword, const char *value) { - struct pbe_data *pdata = t->data; + PBE_DATA *pdata = t->data; if (strcmp(keyword, "id") == 0) { pdata->id = atoi(value); if (pdata->id <= 0) - return 0; + return -1; return 1; } return pbkdf2_test_parse(t, keyword, value); } -static int pbe_test_init(struct evp_test *t, const char *alg) +static int pbe_test_init(EVP_TEST *t, const char *alg) { - struct pbe_data *pdat; - int pbe_type = 0; + PBE_DATA *pdat; + PBE_TYPE pbe_type = PBE_TYPE_INVALID; if (strcmp(alg, "scrypt") == 0) { #ifndef OPENSSL_NO_SCRYPT @@ -1723,42 +1432,34 @@ static int pbe_test_init(struct evp_test *t, const char *alg) } else if (strcmp(alg, "pkcs12") == 0) { pbe_type = PBE_TYPE_PKCS12; } else { - fprintf(stderr, "Unknown pbe algorithm %s\n", alg); + TEST_error("Unknown pbe algorithm %s", alg); } - pdat = OPENSSL_malloc(sizeof(*pdat)); + pdat = OPENSSL_zalloc(sizeof(*pdat)); pdat->pbe_type = pbe_type; - pdat->pass = NULL; - pdat->salt = NULL; - pdat->N = 0; - pdat->r = 0; - pdat->p = 0; - pdat->maxmem = 0; - pdat->id = 0; - pdat->iter = 0; - pdat->md = NULL; t->data = pdat; return 1; } -static void pbe_test_cleanup(struct evp_test *t) +static void pbe_test_cleanup(EVP_TEST *t) { - struct pbe_data *pdat = t->data; - test_free(pdat->pass); - test_free(pdat->salt); - test_free(pdat->key); + PBE_DATA *pdat = t->data; + + OPENSSL_free(pdat->pass); + OPENSSL_free(pdat->salt); + OPENSSL_free(pdat->key); } -static int pbe_test_parse(struct evp_test *t, - const char *keyword, const char *value) +static int pbe_test_parse(EVP_TEST *t, + const char *keyword, const char *value) { - struct pbe_data *pdata = t->data; + PBE_DATA *pdata = t->data; if (strcmp(keyword, "Password") == 0) - return test_bin(value, &pdata->pass, &pdata->pass_len); + return parse_bin(value, &pdata->pass, &pdata->pass_len); if (strcmp(keyword, "Salt") == 0) - return test_bin(value, &pdata->salt, &pdata->salt_len); + return parse_bin(value, &pdata->salt, &pdata->salt_len); if (strcmp(keyword, "Key") == 0) - return test_bin(value, &pdata->key, &pdata->key_len); + return parse_bin(value, &pdata->key, &pdata->key_len); if (pdata->pbe_type == PBE_TYPE_PBKDF2) return pbkdf2_test_parse(t, keyword, value); else if (pdata->pbe_type == PBE_TYPE_PKCS12) @@ -1770,50 +1471,53 @@ static int pbe_test_parse(struct evp_test *t, return 0; } -static int pbe_test_run(struct evp_test *t) +static int pbe_test_run(EVP_TEST *t) { - struct pbe_data *pdata = t->data; - const char *err = "INTERNAL_ERROR"; + PBE_DATA *expected = t->data; unsigned char *key; - key = OPENSSL_malloc(pdata->key_len); - if (!key) + if (!TEST_ptr(key = OPENSSL_malloc(expected->key_len))) { + t->err = "INTERNAL_ERROR"; goto err; - if (pdata->pbe_type == PBE_TYPE_PBKDF2) { - err = "PBKDF2_ERROR"; - if (PKCS5_PBKDF2_HMAC((char *)pdata->pass, pdata->pass_len, - pdata->salt, pdata->salt_len, - pdata->iter, pdata->md, - pdata->key_len, key) == 0) + } + if (expected->pbe_type == PBE_TYPE_PBKDF2) { + if (PKCS5_PBKDF2_HMAC((char *)expected->pass, expected->pass_len, + expected->salt, expected->salt_len, + expected->iter, expected->md, + expected->key_len, key) == 0) { + t->err = "PBKDF2_ERROR"; goto err; + } #ifndef OPENSSL_NO_SCRYPT - } else if (pdata->pbe_type == PBE_TYPE_SCRYPT) { - err = "SCRYPT_ERROR"; - if (EVP_PBE_scrypt((const char *)pdata->pass, pdata->pass_len, - pdata->salt, pdata->salt_len, - pdata->N, pdata->r, pdata->p, pdata->maxmem, - key, pdata->key_len) == 0) + } else if (expected->pbe_type == PBE_TYPE_SCRYPT) { + if (EVP_PBE_scrypt((const char *)expected->pass, expected->pass_len, + expected->salt, expected->salt_len, expected->N, + expected->r, expected->p, expected->maxmem, + key, expected->key_len) == 0) { + t->err = "SCRYPT_ERROR"; goto err; + } #endif - } else if (pdata->pbe_type == PBE_TYPE_PKCS12) { - err = "PKCS12_ERROR"; - if (PKCS12_key_gen_uni(pdata->pass, pdata->pass_len, - pdata->salt, pdata->salt_len, - pdata->id, pdata->iter, pdata->key_len, - key, pdata->md) == 0) + } else if (expected->pbe_type == PBE_TYPE_PKCS12) { + if (PKCS12_key_gen_uni(expected->pass, expected->pass_len, + expected->salt, expected->salt_len, + expected->id, expected->iter, expected->key_len, + key, expected->md) == 0) { + t->err = "PKCS12_ERROR"; goto err; + } } - err = "KEY_MISMATCH"; - if (check_output(t, pdata->key, key, pdata->key_len)) + if (!memory_err_compare(t, "KEY_MISMATCH", expected->key, expected->key_len, + key, expected->key_len)) goto err; - err = NULL; - err: + + t->err = NULL; +err: OPENSSL_free(key); - t->err = err; return 1; } -static const struct evp_test_method pbe_test_method = { +static const EVP_TEST_METHOD pbe_test_method = { "PBE", pbe_test_init, pbe_test_cleanup, @@ -1821,7 +1525,10 @@ static const struct evp_test_method pbe_test_method = { pbe_test_run }; -/* Base64 tests */ + +/** +*** BASE64 TESTS +**/ typedef enum { BASE64_CANONICAL_ENCODING = 0, @@ -1829,7 +1536,7 @@ typedef enum { BASE64_INVALID_ENCODING = 2 } base64_encoding_type; -struct encode_data { +typedef struct encode_data_st { /* Input to encoding */ unsigned char *input; size_t input_len; @@ -1837,71 +1544,76 @@ struct encode_data { unsigned char *output; size_t output_len; base64_encoding_type encoding; -}; +} ENCODE_DATA; -static int encode_test_init(struct evp_test *t, const char *encoding) +static int encode_test_init(EVP_TEST *t, const char *encoding) { - struct encode_data *edata = OPENSSL_zalloc(sizeof(*edata)); + ENCODE_DATA *edata; + if (!TEST_ptr(edata = OPENSSL_zalloc(sizeof(*edata)))) + return 0; if (strcmp(encoding, "canonical") == 0) { edata->encoding = BASE64_CANONICAL_ENCODING; } else if (strcmp(encoding, "valid") == 0) { edata->encoding = BASE64_VALID_ENCODING; } else if (strcmp(encoding, "invalid") == 0) { edata->encoding = BASE64_INVALID_ENCODING; - t->expected_err = OPENSSL_strdup("DECODE_ERROR"); - if (t->expected_err == NULL) + if (!TEST_ptr(t->expected_err = OPENSSL_strdup("DECODE_ERROR"))) return 0; } else { - fprintf(stderr, "Bad encoding: %s. Should be one of " - "{canonical, valid, invalid}\n", encoding); + TEST_error("Bad encoding: %s." + " Should be one of {canonical, valid, invalid}", + encoding); return 0; } t->data = edata; return 1; } -static void encode_test_cleanup(struct evp_test *t) +static void encode_test_cleanup(EVP_TEST *t) { - struct encode_data *edata = t->data; - test_free(edata->input); - test_free(edata->output); + ENCODE_DATA *edata = t->data; + + OPENSSL_free(edata->input); + OPENSSL_free(edata->output); memset(edata, 0, sizeof(*edata)); } -static int encode_test_parse(struct evp_test *t, +static int encode_test_parse(EVP_TEST *t, const char *keyword, const char *value) { - struct encode_data *edata = t->data; + ENCODE_DATA *edata = t->data; + if (strcmp(keyword, "Input") == 0) - return test_bin(value, &edata->input, &edata->input_len); + return parse_bin(value, &edata->input, &edata->input_len); if (strcmp(keyword, "Output") == 0) - return test_bin(value, &edata->output, &edata->output_len); + return parse_bin(value, &edata->output, &edata->output_len); return 0; } -static int encode_test_run(struct evp_test *t) +static int encode_test_run(EVP_TEST *t) { - struct encode_data *edata = t->data; + ENCODE_DATA *expected = t->data; unsigned char *encode_out = NULL, *decode_out = NULL; int output_len, chunk_len; - const char *err = "INTERNAL_ERROR"; - EVP_ENCODE_CTX *decode_ctx = EVP_ENCODE_CTX_new(); + EVP_ENCODE_CTX *decode_ctx; - if (decode_ctx == NULL) + if (!TEST_ptr(decode_ctx = EVP_ENCODE_CTX_new())) { + t->err = "INTERNAL_ERROR"; goto err; + } - if (edata->encoding == BASE64_CANONICAL_ENCODING) { - EVP_ENCODE_CTX *encode_ctx = EVP_ENCODE_CTX_new(); - if (encode_ctx == NULL) - goto err; - encode_out = OPENSSL_malloc(EVP_ENCODE_LENGTH(edata->input_len)); - if (encode_out == NULL) + if (expected->encoding == BASE64_CANONICAL_ENCODING) { + EVP_ENCODE_CTX *encode_ctx; + + if (!TEST_ptr(encode_ctx = EVP_ENCODE_CTX_new()) + || !TEST_ptr(encode_out = + OPENSSL_malloc(EVP_ENCODE_LENGTH(expected->input_len)))) goto err; EVP_EncodeInit(encode_ctx); EVP_EncodeUpdate(encode_ctx, encode_out, &chunk_len, - edata->input, edata->input_len); + expected->input, expected->input_len); output_len = chunk_len; EVP_EncodeFinal(encode_ctx, encode_out + chunk_len, &chunk_len); @@ -1909,48 +1621,47 @@ static int encode_test_run(struct evp_test *t) EVP_ENCODE_CTX_free(encode_ctx); - if (check_var_length_output(t, edata->output, edata->output_len, - encode_out, output_len)) { - err = "BAD_ENCODING"; + if (!memory_err_compare(t, "BAD_ENCODING", + expected->output, expected->output_len, + encode_out, output_len)) goto err; - } } - decode_out = OPENSSL_malloc(EVP_DECODE_LENGTH(edata->output_len)); - if (decode_out == NULL) + if (!TEST_ptr(decode_out = + OPENSSL_malloc(EVP_DECODE_LENGTH(expected->output_len)))) goto err; EVP_DecodeInit(decode_ctx); - if (EVP_DecodeUpdate(decode_ctx, decode_out, &chunk_len, edata->output, - edata->output_len) < 0) { - err = "DECODE_ERROR"; + if (EVP_DecodeUpdate(decode_ctx, decode_out, &chunk_len, expected->output, + expected->output_len) < 0) { + t->err = "DECODE_ERROR"; goto err; } output_len = chunk_len; if (EVP_DecodeFinal(decode_ctx, decode_out + chunk_len, &chunk_len) != 1) { - err = "DECODE_ERROR"; + t->err = "DECODE_ERROR"; goto err; } output_len += chunk_len; - if (edata->encoding != BASE64_INVALID_ENCODING && - check_var_length_output(t, edata->input, edata->input_len, - decode_out, output_len)) { - err = "BAD_DECODING"; + if (expected->encoding != BASE64_INVALID_ENCODING + && !memory_err_compare(t, "BAD_DECODING", + expected->input, expected->input_len, + decode_out, output_len)) { + t->err = "BAD_DECODING"; goto err; } - err = NULL; + t->err = NULL; err: - t->err = err; OPENSSL_free(encode_out); OPENSSL_free(decode_out); EVP_ENCODE_CTX_free(decode_ctx); return 1; } -static const struct evp_test_method encode_test_method = { +static const EVP_TEST_METHOD encode_test_method = { "Encoding", encode_test_init, encode_test_cleanup, @@ -1958,84 +1669,99 @@ static const struct evp_test_method encode_test_method = { encode_test_run, }; -/* KDF operations */ +/** +*** KDF TESTS +**/ -struct kdf_data { +typedef struct kdf_data_st { /* Context for this operation */ EVP_PKEY_CTX *ctx; /* Expected output */ unsigned char *output; size_t output_len; -}; +} KDF_DATA; /* * Perform public key operation setup: lookup key, allocated ctx and call * the appropriate initialisation function */ -static int kdf_test_init(struct evp_test *t, const char *name) +static int kdf_test_init(EVP_TEST *t, const char *name) { - struct kdf_data *kdata; + KDF_DATA *kdata; + int kdf_nid = OBJ_sn2nid(name); + +#ifdef OPENSSL_NO_SCRYPT + if (strcmp(name, "scrypt") == 0) { + t->skip = 1; + return 1; + } +#endif + + if (kdf_nid == NID_undef) + kdf_nid = OBJ_ln2nid(name); - kdata = OPENSSL_malloc(sizeof(*kdata)); - if (kdata == NULL) + if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata)))) return 0; - kdata->ctx = NULL; - kdata->output = NULL; - t->data = kdata; - kdata->ctx = EVP_PKEY_CTX_new_id(OBJ_sn2nid(name), NULL); - if (kdata->ctx == NULL) + kdata->ctx = EVP_PKEY_CTX_new_id(kdf_nid, NULL); + if (kdata->ctx == NULL) { + OPENSSL_free(kdata); return 0; - if (EVP_PKEY_derive_init(kdata->ctx) <= 0) + } + if (EVP_PKEY_derive_init(kdata->ctx) <= 0) { + EVP_PKEY_CTX_free(kdata->ctx); + OPENSSL_free(kdata); return 0; + } + t->data = kdata; return 1; } -static void kdf_test_cleanup(struct evp_test *t) +static void kdf_test_cleanup(EVP_TEST *t) { - struct kdf_data *kdata = t->data; + KDF_DATA *kdata = t->data; OPENSSL_free(kdata->output); EVP_PKEY_CTX_free(kdata->ctx); } -static int kdf_test_parse(struct evp_test *t, +static int kdf_test_parse(EVP_TEST *t, const char *keyword, const char *value) { - struct kdf_data *kdata = t->data; + KDF_DATA *kdata = t->data; + if (strcmp(keyword, "Output") == 0) - return test_bin(value, &kdata->output, &kdata->output_len); + return parse_bin(value, &kdata->output, &kdata->output_len); if (strncmp(keyword, "Ctrl", 4) == 0) return pkey_test_ctrl(t, kdata->ctx, value); return 0; } -static int kdf_test_run(struct evp_test *t) +static int kdf_test_run(EVP_TEST *t) { - struct kdf_data *kdata = t->data; - unsigned char *out = NULL; - size_t out_len = kdata->output_len; - const char *err = "INTERNAL_ERROR"; - out = OPENSSL_malloc(out_len); - if (!out) { - fprintf(stderr, "Error allocating output buffer!\n"); - exit(1); - } - err = "KDF_DERIVE_ERROR"; - if (EVP_PKEY_derive(kdata->ctx, out, &out_len) <= 0) + KDF_DATA *expected = t->data; + unsigned char *got = NULL; + size_t got_len = expected->output_len; + + if (!TEST_ptr(got = OPENSSL_malloc(got_len))) { + t->err = "INTERNAL_ERROR"; goto err; - err = "KDF_LENGTH_MISMATCH"; - if (out_len != kdata->output_len) + } + if (EVP_PKEY_derive(expected->ctx, got, &got_len) <= 0) { + t->err = "KDF_DERIVE_ERROR"; goto err; - err = "KDF_MISMATCH"; - if (check_output(t, kdata->output, out, out_len)) + } + if (!memory_err_compare(t, "KDF_MISMATCH", + expected->output, expected->output_len, + got, got_len)) goto err; - err = NULL; + + t->err = NULL; + err: - OPENSSL_free(out); - t->err = err; + OPENSSL_free(got); return 1; } -static const struct evp_test_method kdf_test_method = { +static const EVP_TEST_METHOD kdf_test_method = { "KDF", kdf_test_init, kdf_test_cleanup, @@ -2043,37 +1769,39 @@ static const struct evp_test_method kdf_test_method = { kdf_test_run }; -struct keypair_test_data { + +/** +*** KEYPAIR TESTS +**/ + +typedef struct keypair_test_data_st { EVP_PKEY *privk; EVP_PKEY *pubk; -}; +} KEYPAIR_TEST_DATA; -static int keypair_test_init(struct evp_test *t, const char *pair) +static int keypair_test_init(EVP_TEST *t, const char *pair) { + KEYPAIR_TEST_DATA *data; int rv = 0; EVP_PKEY *pk = NULL, *pubk = NULL; char *pub, *priv = NULL; - const char *err = "INTERNAL_ERROR"; - struct keypair_test_data *data; - priv = OPENSSL_strdup(pair); - if (priv == NULL) - return 0; - pub = strchr(priv, ':'); - if ( pub == NULL ) { - fprintf(stderr, "Wrong syntax \"%s\"\n", pair); + /* Split private and public names. */ + if (!TEST_ptr(priv = OPENSSL_strdup(pair)) + || !TEST_ptr(pub = strchr(priv, ':'))) { + t->err = "PARSING_ERROR"; goto end; } - *pub++ = 0; /* split priv and pub strings */ + *pub++ = '\0'; - if (find_key(&pk, priv, t->private) == 0) { - fprintf(stderr, "Cannot find private key: %s\n", priv); - err = "MISSING_PRIVATE_KEY"; + if (!TEST_true(find_key(&pk, priv, private_keys))) { + TEST_info("Can't find private key: %s", priv); + t->err = "MISSING_PRIVATE_KEY"; goto end; } - if (find_key(&pubk, pub, t->public) == 0) { - fprintf(stderr, "Cannot find public key: %s\n", pub); - err = "MISSING_PUBLIC_KEY"; + if (!TEST_true(find_key(&pubk, pub, public_keys))) { + TEST_info("Can't find public key: %s", pub); + t->err = "MISSING_PUBLIC_KEY"; goto end; } @@ -2084,69 +1812,58 @@ static int keypair_test_init(struct evp_test *t, const char *pair) goto end; } - data = OPENSSL_malloc(sizeof(*data)); - if (data == NULL ) + if (!TEST_ptr(data = OPENSSL_malloc(sizeof(*data)))) goto end; - data->privk = pk; data->pubk = pubk; t->data = data; - rv = 1; - err = NULL; + t->err = NULL; end: - if (priv) - OPENSSL_free(priv); - t->err = err; + OPENSSL_free(priv); return rv; } -static void keypair_test_cleanup(struct evp_test *t) +static void keypair_test_cleanup(EVP_TEST *t) { - struct keypair_test_data *data = t->data; + OPENSSL_free(t->data); t->data = NULL; - if (data) - test_free(data); - return; } -/* For test that do not accept any custom keyword: - * return 0 if called +/* + * For tests that do not accept any custom keywords. */ -static int void_test_parse(struct evp_test *t, const char *keyword, const char *value) +static int void_test_parse(EVP_TEST *t, const char *keyword, const char *value) { return 0; } -static int keypair_test_run(struct evp_test *t) +static int keypair_test_run(EVP_TEST *t) { int rv = 0; - const struct keypair_test_data *pair = t->data; - const char *err = "INTERNAL_ERROR"; - - if (pair == NULL) - goto end; + const KEYPAIR_TEST_DATA *pair = t->data; if (pair->privk == NULL || pair->pubk == NULL) { - /* this can only happen if only one of the keys is not set + /* + * this can only happen if only one of the keys is not set * which means that one of them was unsupported while the * other isn't: hence a key type mismatch. */ - err = "KEYPAIR_TYPE_MISMATCH"; + t->err = "KEYPAIR_TYPE_MISMATCH"; rv = 1; goto end; } if ((rv = EVP_PKEY_cmp(pair->privk, pair->pubk)) != 1 ) { if ( 0 == rv ) { - err = "KEYPAIR_MISMATCH"; + t->err = "KEYPAIR_MISMATCH"; } else if ( -1 == rv ) { - err = "KEYPAIR_TYPE_MISMATCH"; + t->err = "KEYPAIR_TYPE_MISMATCH"; } else if ( -2 == rv ) { - err = "UNSUPPORTED_KEY_COMPARISON"; + t->err = "UNSUPPORTED_KEY_COMPARISON"; } else { - fprintf(stderr, "Unexpected error in key comparison\n"); + TEST_error("Unexpected error in key comparison"); rv = 0; goto end; } @@ -2155,14 +1872,13 @@ static int keypair_test_run(struct evp_test *t) } rv = 1; - err = NULL; + t->err = NULL; end: - t->err = err; return rv; } -static const struct evp_test_method keypair_test_method = { +static const EVP_TEST_METHOD keypair_test_method = { "PrivPubKeyPair", keypair_test_init, keypair_test_cleanup, @@ -2170,3 +1886,807 @@ static const struct evp_test_method keypair_test_method = { keypair_test_run }; +/** +*** KEYGEN TEST +**/ + +typedef struct keygen_test_data_st { + EVP_PKEY_CTX *genctx; /* Keygen context to use */ + char *keyname; /* Key name to store key or NULL */ +} KEYGEN_TEST_DATA; + +static int keygen_test_init(EVP_TEST *t, const char *alg) +{ + KEYGEN_TEST_DATA *data; + EVP_PKEY_CTX *genctx; + int nid = OBJ_sn2nid(alg); + + if (nid == NID_undef) { + nid = OBJ_ln2nid(alg); + if (nid == NID_undef) + return 0; + } + + if (!TEST_ptr(genctx = EVP_PKEY_CTX_new_id(nid, NULL))) { + /* assume algorithm disabled */ + t->skip = 1; + return 1; + } + + if (EVP_PKEY_keygen_init(genctx) <= 0) { + t->err = "KEYGEN_INIT_ERROR"; + goto err; + } + + if (!TEST_ptr(data = OPENSSL_malloc(sizeof(*data)))) + goto err; + data->genctx = genctx; + data->keyname = NULL; + t->data = data; + t->err = NULL; + return 1; + +err: + EVP_PKEY_CTX_free(genctx); + return 0; +} + +static void keygen_test_cleanup(EVP_TEST *t) +{ + KEYGEN_TEST_DATA *keygen = t->data; + + EVP_PKEY_CTX_free(keygen->genctx); + OPENSSL_free(keygen->keyname); + OPENSSL_free(t->data); + t->data = NULL; +} + +static int keygen_test_parse(EVP_TEST *t, + const char *keyword, const char *value) +{ + KEYGEN_TEST_DATA *keygen = t->data; + + if (strcmp(keyword, "KeyName") == 0) + return TEST_ptr(keygen->keyname = OPENSSL_strdup(value)); + if (strcmp(keyword, "Ctrl") == 0) + return pkey_test_ctrl(t, keygen->genctx, value); + return 0; +} + +static int keygen_test_run(EVP_TEST *t) +{ + KEYGEN_TEST_DATA *keygen = t->data; + EVP_PKEY *pkey = NULL; + + t->err = NULL; + if (EVP_PKEY_keygen(keygen->genctx, &pkey) <= 0) { + t->err = "KEYGEN_GENERATE_ERROR"; + goto err; + } + + if (keygen->keyname != NULL) { + KEY_LIST *key; + + if (find_key(NULL, keygen->keyname, private_keys)) { + TEST_info("Duplicate key %s", keygen->keyname); + goto err; + } + + if (!TEST_ptr(key = OPENSSL_malloc(sizeof(*key)))) + goto err; + key->name = keygen->keyname; + keygen->keyname = NULL; + key->key = pkey; + key->next = private_keys; + private_keys = key; + } else { + EVP_PKEY_free(pkey); + } + + return 1; + +err: + EVP_PKEY_free(pkey); + return 0; +} + +static const EVP_TEST_METHOD keygen_test_method = { + "KeyGen", + keygen_test_init, + keygen_test_cleanup, + keygen_test_parse, + keygen_test_run, +}; + +/** +*** DIGEST SIGN+VERIFY TESTS +**/ + +typedef struct { + int is_verify; /* Set to 1 if verifying */ + int is_oneshot; /* Set to 1 for one shot operation */ + const EVP_MD *md; /* Digest to use */ + EVP_MD_CTX *ctx; /* Digest context */ + EVP_PKEY_CTX *pctx; + STACK_OF(EVP_TEST_BUFFER) *input; /* Input data: streaming */ + unsigned char *osin; /* Input data if one shot */ + size_t osin_len; /* Input length data if one shot */ + unsigned char *output; /* Expected output */ + size_t output_len; /* Expected output length */ +} DIGESTSIGN_DATA; + +static int digestsigver_test_init(EVP_TEST *t, const char *alg, int is_verify, + int is_oneshot) +{ + const EVP_MD *md = NULL; + DIGESTSIGN_DATA *mdat; + + if (strcmp(alg, "NULL") != 0) { + if ((md = EVP_get_digestbyname(alg)) == NULL) { + /* If alg has an OID assume disabled algorithm */ + if (OBJ_sn2nid(alg) != NID_undef || OBJ_ln2nid(alg) != NID_undef) { + t->skip = 1; + return 1; + } + return 0; + } + } + if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat)))) + return 0; + mdat->md = md; + if (!TEST_ptr(mdat->ctx = EVP_MD_CTX_new())) { + OPENSSL_free(mdat); + return 0; + } + mdat->is_verify = is_verify; + mdat->is_oneshot = is_oneshot; + t->data = mdat; + return 1; +} + +static int digestsign_test_init(EVP_TEST *t, const char *alg) +{ + return digestsigver_test_init(t, alg, 0, 0); +} + +static void digestsigver_test_cleanup(EVP_TEST *t) +{ + DIGESTSIGN_DATA *mdata = t->data; + + EVP_MD_CTX_free(mdata->ctx); + sk_EVP_TEST_BUFFER_pop_free(mdata->input, evp_test_buffer_free); + OPENSSL_free(mdata->osin); + OPENSSL_free(mdata->output); + OPENSSL_free(mdata); + t->data = NULL; +} + +static int digestsigver_test_parse(EVP_TEST *t, + const char *keyword, const char *value) +{ + DIGESTSIGN_DATA *mdata = t->data; + + if (strcmp(keyword, "Key") == 0) { + EVP_PKEY *pkey = NULL; + int rv = 0; + + if (mdata->is_verify) + rv = find_key(&pkey, value, public_keys); + if (rv == 0) + rv = find_key(&pkey, value, private_keys); + if (rv == 0 || pkey == NULL) { + t->skip = 1; + return 1; + } + if (mdata->is_verify) { + if (!EVP_DigestVerifyInit(mdata->ctx, &mdata->pctx, mdata->md, + NULL, pkey)) + t->err = "DIGESTVERIFYINIT_ERROR"; + return 1; + } + if (!EVP_DigestSignInit(mdata->ctx, &mdata->pctx, mdata->md, NULL, + pkey)) + t->err = "DIGESTSIGNINIT_ERROR"; + return 1; + } + + if (strcmp(keyword, "Input") == 0) { + if (mdata->is_oneshot) + return parse_bin(value, &mdata->osin, &mdata->osin_len); + return evp_test_buffer_append(value, &mdata->input); + } + if (strcmp(keyword, "Output") == 0) + return parse_bin(value, &mdata->output, &mdata->output_len); + + if (!mdata->is_oneshot) { + if (strcmp(keyword, "Count") == 0) + return evp_test_buffer_set_count(value, mdata->input); + if (strcmp(keyword, "Ncopy") == 0) + return evp_test_buffer_ncopy(value, mdata->input); + } + if (strcmp(keyword, "Ctrl") == 0) { + if (mdata->pctx == NULL) + return 0; + return pkey_test_ctrl(t, mdata->pctx, value); + } + return 0; +} + +static int digestsign_update_fn(void *ctx, const unsigned char *buf, + size_t buflen) +{ + return EVP_DigestSignUpdate(ctx, buf, buflen); +} + +static int digestsign_test_run(EVP_TEST *t) +{ + DIGESTSIGN_DATA *expected = t->data; + unsigned char *got = NULL; + size_t got_len; + + if (!evp_test_buffer_do(expected->input, digestsign_update_fn, + expected->ctx)) { + t->err = "DIGESTUPDATE_ERROR"; + goto err; + } + + if (!EVP_DigestSignFinal(expected->ctx, NULL, &got_len)) { + t->err = "DIGESTSIGNFINAL_LENGTH_ERROR"; + goto err; + } + if (!TEST_ptr(got = OPENSSL_malloc(got_len))) { + t->err = "MALLOC_FAILURE"; + goto err; + } + if (!EVP_DigestSignFinal(expected->ctx, got, &got_len)) { + t->err = "DIGESTSIGNFINAL_ERROR"; + goto err; + } + if (!memory_err_compare(t, "SIGNATURE_MISMATCH", + expected->output, expected->output_len, + got, got_len)) + goto err; + + t->err = NULL; + err: + OPENSSL_free(got); + return 1; +} + +static const EVP_TEST_METHOD digestsign_test_method = { + "DigestSign", + digestsign_test_init, + digestsigver_test_cleanup, + digestsigver_test_parse, + digestsign_test_run +}; + +static int digestverify_test_init(EVP_TEST *t, const char *alg) +{ + return digestsigver_test_init(t, alg, 1, 0); +} + +static int digestverify_update_fn(void *ctx, const unsigned char *buf, + size_t buflen) +{ + return EVP_DigestVerifyUpdate(ctx, buf, buflen); +} + +static int digestverify_test_run(EVP_TEST *t) +{ + DIGESTSIGN_DATA *mdata = t->data; + + if (!evp_test_buffer_do(mdata->input, digestverify_update_fn, mdata->ctx)) { + t->err = "DIGESTUPDATE_ERROR"; + return 1; + } + + if (EVP_DigestVerifyFinal(mdata->ctx, mdata->output, + mdata->output_len) <= 0) + t->err = "VERIFY_ERROR"; + return 1; +} + +static const EVP_TEST_METHOD digestverify_test_method = { + "DigestVerify", + digestverify_test_init, + digestsigver_test_cleanup, + digestsigver_test_parse, + digestverify_test_run +}; + +static int oneshot_digestsign_test_init(EVP_TEST *t, const char *alg) +{ + return digestsigver_test_init(t, alg, 0, 1); +} + +static int oneshot_digestsign_test_run(EVP_TEST *t) +{ + DIGESTSIGN_DATA *expected = t->data; + unsigned char *got = NULL; + size_t got_len; + + if (!EVP_DigestSign(expected->ctx, NULL, &got_len, + expected->osin, expected->osin_len)) { + t->err = "DIGESTSIGN_LENGTH_ERROR"; + goto err; + } + if (!TEST_ptr(got = OPENSSL_malloc(got_len))) { + t->err = "MALLOC_FAILURE"; + goto err; + } + if (!EVP_DigestSign(expected->ctx, got, &got_len, + expected->osin, expected->osin_len)) { + t->err = "DIGESTSIGN_ERROR"; + goto err; + } + if (!memory_err_compare(t, "SIGNATURE_MISMATCH", + expected->output, expected->output_len, + got, got_len)) + goto err; + + t->err = NULL; + err: + OPENSSL_free(got); + return 1; +} + +static const EVP_TEST_METHOD oneshot_digestsign_test_method = { + "OneShotDigestSign", + oneshot_digestsign_test_init, + digestsigver_test_cleanup, + digestsigver_test_parse, + oneshot_digestsign_test_run +}; + +static int oneshot_digestverify_test_init(EVP_TEST *t, const char *alg) +{ + return digestsigver_test_init(t, alg, 1, 1); +} + +static int oneshot_digestverify_test_run(EVP_TEST *t) +{ + DIGESTSIGN_DATA *mdata = t->data; + + if (EVP_DigestVerify(mdata->ctx, mdata->output, mdata->output_len, + mdata->osin, mdata->osin_len) <= 0) + t->err = "VERIFY_ERROR"; + return 1; +} + +static const EVP_TEST_METHOD oneshot_digestverify_test_method = { + "OneShotDigestVerify", + oneshot_digestverify_test_init, + digestsigver_test_cleanup, + digestsigver_test_parse, + oneshot_digestverify_test_run +}; + + +/** +*** PARSING AND DISPATCH +**/ + +static const EVP_TEST_METHOD *evp_test_list[] = { + &cipher_test_method, + &digest_test_method, + &digestsign_test_method, + &digestverify_test_method, + &encode_test_method, + &kdf_test_method, + &keypair_test_method, + &keygen_test_method, + &mac_test_method, + &oneshot_digestsign_test_method, + &oneshot_digestverify_test_method, + &pbe_test_method, + &pdecrypt_test_method, + &pderive_test_method, + &psign_test_method, + &pverify_recover_test_method, + &pverify_test_method, + NULL +}; + +static const EVP_TEST_METHOD *find_test(const char *name) +{ + const EVP_TEST_METHOD **tt; + + for (tt = evp_test_list; *tt; tt++) { + if (strcmp(name, (*tt)->name) == 0) + return *tt; + } + return NULL; +} + +static void clear_test(EVP_TEST *t) +{ + test_clearstanza(&t->s); + ERR_clear_error(); + if (t->data != NULL) { + if (t->meth != NULL) + t->meth->cleanup(t); + OPENSSL_free(t->data); + t->data = NULL; + } + OPENSSL_free(t->expected_err); + t->expected_err = NULL; + OPENSSL_free(t->func); + t->func = NULL; + OPENSSL_free(t->reason); + t->reason = NULL; + + /* Text literal. */ + t->err = NULL; + t->skip = 0; + t->meth = NULL; +} + +/* + * Check for errors in the test structure; return 1 if okay, else 0. + */ +static int check_test_error(EVP_TEST *t) +{ + unsigned long err; + const char *func; + const char *reason; + + if (t->err == NULL && t->expected_err == NULL) + return 1; + if (t->err != NULL && t->expected_err == NULL) { + if (t->aux_err != NULL) { + TEST_info("%s:%d: Source of above error (%s); unexpected error %s", + t->s.test_file, t->s.start, t->aux_err, t->err); + } else { + TEST_info("%s:%d: Source of above error; unexpected error %s", + t->s.test_file, t->s.start, t->err); + } + return 0; + } + if (t->err == NULL && t->expected_err != NULL) { + TEST_info("%s:%d: Succeeded but was expecting %s", + t->s.test_file, t->s.start, t->expected_err); + return 0; + } + + if (strcmp(t->err, t->expected_err) != 0) { + TEST_info("%s:%d: Expected %s got %s", + t->s.test_file, t->s.start, t->expected_err, t->err); + return 0; + } + + if (t->func == NULL && t->reason == NULL) + return 1; + + if (t->func == NULL || t->reason == NULL) { + TEST_info("%s:%d: Test is missing function or reason code", + t->s.test_file, t->s.start); + return 0; + } + + err = ERR_peek_error(); + if (err == 0) { + TEST_info("%s:%d: Expected error \"%s:%s\" not set", + t->s.test_file, t->s.start, t->func, t->reason); + return 0; + } + + func = ERR_func_error_string(err); + reason = ERR_reason_error_string(err); + if (func == NULL && reason == NULL) { + TEST_info("%s:%d: Expected error \"%s:%s\", no strings available." + " Assuming ok.", + t->s.test_file, t->s.start, t->func, t->reason); + return 1; + } + + if (strcmp(func, t->func) == 0 && strcmp(reason, t->reason) == 0) + return 1; + + TEST_info("%s:%d: Expected error \"%s:%s\", got \"%s:%s\"", + t->s.test_file, t->s.start, t->func, t->reason, func, reason); + + return 0; +} + +/* + * Run a parsed test. Log a message and return 0 on error. + */ +static int run_test(EVP_TEST *t) +{ + if (t->meth == NULL) + return 1; + t->s.numtests++; + if (t->skip) { + t->s.numskip++; + } else { + /* run the test */ + if (t->err == NULL && t->meth->run_test(t) != 1) { + TEST_info("%s:%d %s error", + t->s.test_file, t->s.start, t->meth->name); + return 0; + } + if (!check_test_error(t)) { + TEST_openssl_errors(); + t->s.errors++; + } + } + + /* clean it up */ + return 1; +} + +static int find_key(EVP_PKEY **ppk, const char *name, KEY_LIST *lst) +{ + for (; lst != NULL; lst = lst->next) { + if (strcmp(lst->name, name) == 0) { + if (ppk != NULL) + *ppk = lst->key; + return 1; + } + } + return 0; +} + +static void free_key_list(KEY_LIST *lst) +{ + while (lst != NULL) { + KEY_LIST *next = lst->next; + + EVP_PKEY_free(lst->key); + OPENSSL_free(lst->name); + OPENSSL_free(lst); + lst = next; + } +} + +/* + * Is the key type an unsupported algorithm? + */ +static int key_unsupported(void) +{ + long err = ERR_peek_error(); + + if (ERR_GET_LIB(err) == ERR_LIB_EVP + && ERR_GET_REASON(err) == EVP_R_UNSUPPORTED_ALGORITHM) { + ERR_clear_error(); + return 1; + } +#ifndef OPENSSL_NO_EC + /* + * If EC support is enabled we should catch also EC_R_UNKNOWN_GROUP as an + * hint to an unsupported algorithm/curve (e.g. if binary EC support is + * disabled). + */ + if (ERR_GET_LIB(err) == ERR_LIB_EC + && ERR_GET_REASON(err) == EC_R_UNKNOWN_GROUP) { + ERR_clear_error(); + return 1; + } +#endif /* OPENSSL_NO_EC */ + return 0; +} + +/* + * NULL out the value from |pp| but return it. This "steals" a pointer. + */ +static char *take_value(PAIR *pp) +{ + char *p = pp->value; + + pp->value = NULL; + return p; +} + +/* + * Read and parse one test. Return 0 if failure, 1 if okay. + */ +static int parse(EVP_TEST *t) +{ + KEY_LIST *key, **klist; + EVP_PKEY *pkey; + PAIR *pp; + int i; + +top: + do { + if (BIO_eof(t->s.fp)) + return EOF; + clear_test(t); + if (!test_readstanza(&t->s)) + return 0; + } while (t->s.numpairs == 0); + pp = &t->s.pairs[0]; + + /* Are we adding a key? */ + klist = NULL; + pkey = NULL; + if (strcmp(pp->key, "PrivateKey") == 0) { + pkey = PEM_read_bio_PrivateKey(t->s.key, NULL, 0, NULL); + if (pkey == NULL && !key_unsupported()) { + EVP_PKEY_free(pkey); + TEST_info("Can't read private key %s", pp->value); + TEST_openssl_errors(); + return 0; + } + klist = &private_keys; + } else if (strcmp(pp->key, "PublicKey") == 0) { + pkey = PEM_read_bio_PUBKEY(t->s.key, NULL, 0, NULL); + if (pkey == NULL && !key_unsupported()) { + EVP_PKEY_free(pkey); + TEST_info("Can't read public key %s", pp->value); + TEST_openssl_errors(); + return 0; + } + klist = &public_keys; + } else if (strcmp(pp->key, "PrivateKeyRaw") == 0 + || strcmp(pp->key, "PublicKeyRaw") == 0 ) { + char *strnid = NULL, *keydata = NULL; + unsigned char *keybin; + size_t keylen; + int nid; + + if (strcmp(pp->key, "PrivateKeyRaw") == 0) + klist = &private_keys; + else + klist = &public_keys; + + strnid = strchr(pp->value, ':'); + if (strnid != NULL) { + *strnid++ = '\0'; + keydata = strchr(strnid, ':'); + if (keydata != NULL) + *keydata++ = '\0'; + } + if (keydata == NULL) { + TEST_info("Failed to parse %s value", pp->key); + return 0; + } + + nid = OBJ_txt2nid(strnid); + if (nid == NID_undef) { + TEST_info("Uncrecognised algorithm NID"); + return 0; + } + if (!parse_bin(keydata, &keybin, &keylen)) { + TEST_info("Failed to create binary key"); + return 0; + } + if (klist == &private_keys) + pkey = EVP_PKEY_new_raw_private_key(nid, NULL, keybin, keylen); + else + pkey = EVP_PKEY_new_raw_public_key(nid, NULL, keybin, keylen); + if (pkey == NULL && !key_unsupported()) { + TEST_info("Can't read %s data", pp->key); + OPENSSL_free(keybin); + TEST_openssl_errors(); + return 0; + } + OPENSSL_free(keybin); + } + + /* If we have a key add to list */ + if (klist != NULL) { + if (find_key(NULL, pp->value, *klist)) { + TEST_info("Duplicate key %s", pp->value); + return 0; + } + if (!TEST_ptr(key = OPENSSL_malloc(sizeof(*key)))) + return 0; + key->name = take_value(pp); + + /* Hack to detect SM2 keys */ + if(pkey != NULL && strstr(key->name, "SM2") != NULL) { +#ifdef OPENSSL_NO_SM2 + EVP_PKEY_free(pkey); + pkey = NULL; +#else + EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2); +#endif + } + + key->key = pkey; + key->next = *klist; + *klist = key; + + /* Go back and start a new stanza. */ + if (t->s.numpairs != 1) + TEST_info("Line %d: missing blank line\n", t->s.curr); + goto top; + } + + /* Find the test, based on first keyword. */ + if (!TEST_ptr(t->meth = find_test(pp->key))) + return 0; + if (!t->meth->init(t, pp->value)) { + TEST_error("unknown %s: %s\n", pp->key, pp->value); + return 0; + } + if (t->skip == 1) { + /* TEST_info("skipping %s %s", pp->key, pp->value); */ + return 0; + } + + for (pp++, i = 1; i < t->s.numpairs; pp++, i++) { + if (strcmp(pp->key, "Result") == 0) { + if (t->expected_err != NULL) { + TEST_info("Line %d: multiple result lines", t->s.curr); + return 0; + } + t->expected_err = take_value(pp); + } else if (strcmp(pp->key, "Function") == 0) { + if (t->func != NULL) { + TEST_info("Line %d: multiple function lines\n", t->s.curr); + return 0; + } + t->func = take_value(pp); + } else if (strcmp(pp->key, "Reason") == 0) { + if (t->reason != NULL) { + TEST_info("Line %d: multiple reason lines", t->s.curr); + return 0; + } + t->reason = take_value(pp); + } else { + /* Must be test specific line: try to parse it */ + int rv = t->meth->parse(t, pp->key, pp->value); + + if (rv == 0) { + TEST_info("Line %d: unknown keyword %s", t->s.curr, pp->key); + return 0; + } + if (rv < 0) { + TEST_info("Line %d: error processing keyword %s = %s\n", + t->s.curr, pp->key, pp->value); + return 0; + } + } + } + + return 1; +} + +static int run_file_tests(int i) +{ + EVP_TEST *t; + const char *testfile = test_get_argument(i); + int c; + + if (!TEST_ptr(t = OPENSSL_zalloc(sizeof(*t)))) + return 0; + if (!test_start_file(&t->s, testfile)) { + OPENSSL_free(t); + return 0; + } + + while (!BIO_eof(t->s.fp)) { + c = parse(t); + if (t->skip) + continue; + if (c == 0 || !run_test(t)) { + t->s.errors++; + break; + } + } + test_end_file(&t->s); + clear_test(t); + + free_key_list(public_keys); + free_key_list(private_keys); + BIO_free(t->s.key); + c = t->s.errors; + OPENSSL_free(t); + return c == 0; +} + +int setup_tests(void) +{ + size_t n = test_get_argument_count(); + + if (n == 0) { + TEST_error("Usage: %s file...", test_get_program_name()); + return 0; + } + + ADD_ALL_TESTS(run_file_tests, n); + return 1; +} diff --git a/deps/openssl/openssl/crypto/pkcs7/pk7_dgst.c b/deps/openssl/openssl/test/evp_test.h similarity index 53% rename from deps/openssl/openssl/crypto/pkcs7/pk7_dgst.c rename to deps/openssl/openssl/test/evp_test.h index 965fb37eab54ac..5402e1e8065a48 100644 --- a/deps/openssl/openssl/crypto/pkcs7/pk7_dgst.c +++ b/deps/openssl/openssl/test/evp_test.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,9 +7,5 @@ * https://www.openssl.org/source/license.html */ -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include +typedef struct evp_test_buffer_st EVP_TEST_BUFFER; +DEFINE_STACK_OF(EVP_TEST_BUFFER) diff --git a/deps/openssl/openssl/test/exdatatest.c b/deps/openssl/openssl/test/exdatatest.c index 7998622de819c9..bc39a145e60cbe 100644 --- a/deps/openssl/openssl/test/exdatatest.c +++ b/deps/openssl/openssl/test/exdatatest.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,10 +12,13 @@ #include #include +#include "testutil.h" + static long saved_argl; static void *saved_argp; static int saved_idx; static int saved_idx2; +static int gbl_result; /* * SIMPLE EX_DATA IMPLEMENTATION @@ -25,28 +28,31 @@ static int saved_idx2; static void exnew(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp) { - OPENSSL_assert(idx == saved_idx); - OPENSSL_assert(argl == saved_argl); - OPENSSL_assert(argp == saved_argp); - OPENSSL_assert(ptr == NULL); + if (!TEST_int_eq(idx, saved_idx) + || !TEST_long_eq(argl, saved_argl) + || !TEST_ptr_eq(argp, saved_argp) + || !TEST_ptr_null(ptr)) + gbl_result = 0; } static int exdup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, void *from_d, int idx, long argl, void *argp) { - OPENSSL_assert(idx == saved_idx); - OPENSSL_assert(argl == saved_argl); - OPENSSL_assert(argp == saved_argp); - OPENSSL_assert(from_d != NULL); + if (!TEST_int_eq(idx, saved_idx) + || !TEST_long_eq(argl, saved_argl) + || !TEST_ptr_eq(argp, saved_argp) + || !TEST_ptr(from_d)) + gbl_result = 0; return 1; } static void exfree(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp) { - OPENSSL_assert(idx == saved_idx); - OPENSSL_assert(argl == saved_argl); - OPENSSL_assert(argp == saved_argp); + if (!TEST_int_eq(idx, saved_idx) + || !TEST_long_eq(argl, saved_argl) + || !TEST_ptr_eq(argp, saved_argp)) + gbl_result = 0; } /* @@ -64,20 +70,18 @@ typedef struct myobj_ex_data_st { static void exnew2(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp) { - int ret; - MYOBJ_EX_DATA *ex_data; - - OPENSSL_assert(idx == saved_idx2); - OPENSSL_assert(argl == saved_argl); - OPENSSL_assert(argp == saved_argp); - OPENSSL_assert(ptr == NULL); - - ex_data = OPENSSL_zalloc(sizeof(*ex_data)); - OPENSSL_assert(ex_data != NULL); - ret = CRYPTO_set_ex_data(ad, saved_idx2, ex_data); - OPENSSL_assert(ret); - - ex_data->new = 1; + MYOBJ_EX_DATA *ex_data = OPENSSL_zalloc(sizeof(*ex_data)); + if (!TEST_int_eq(idx, saved_idx2) + || !TEST_long_eq(argl, saved_argl) + || !TEST_ptr_eq(argp, saved_argp) + || !TEST_ptr_null(ptr) + || !TEST_ptr(ex_data) + || !TEST_true(CRYPTO_set_ex_data(ad, saved_idx2, ex_data))) { + gbl_result = 0; + OPENSSL_free(ex_data); + } else { + ex_data->new = 1; + } } static int exdup2(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, @@ -85,21 +89,22 @@ static int exdup2(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, { MYOBJ_EX_DATA **update_ex_data = (MYOBJ_EX_DATA**)from_d; MYOBJ_EX_DATA *ex_data = CRYPTO_get_ex_data(to, saved_idx2); - - OPENSSL_assert(idx == saved_idx2); - OPENSSL_assert(argl == saved_argl); - OPENSSL_assert(argp == saved_argp); - OPENSSL_assert(from_d != NULL); - OPENSSL_assert(*update_ex_data != NULL); - OPENSSL_assert(ex_data != NULL); - OPENSSL_assert(ex_data->new); - - /* Copy hello over */ - ex_data->hello = (*update_ex_data)->hello; - /* indicate this is a dup */ - ex_data->dup = 1; - /* Keep my original ex_data */ - *update_ex_data = ex_data; + if (!TEST_int_eq(idx, saved_idx2) + || !TEST_long_eq(argl, saved_argl) + || !TEST_ptr_eq(argp, saved_argp) + || !TEST_ptr(from_d) + || !TEST_ptr(*update_ex_data) + || !TEST_ptr(ex_data) + || !TEST_true(ex_data->new)) { + gbl_result = 0; + } else { + /* Copy hello over */ + ex_data->hello = (*update_ex_data)->hello; + /* indicate this is a dup */ + ex_data->dup = 1; + /* Keep my original ex_data */ + *update_ex_data = ex_data; + } return 1; } @@ -107,15 +112,13 @@ static void exfree2(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp) { MYOBJ_EX_DATA *ex_data = CRYPTO_get_ex_data(ad, saved_idx2); - int ret; - - OPENSSL_assert(ex_data != NULL); OPENSSL_free(ex_data); - OPENSSL_assert(idx == saved_idx2); - OPENSSL_assert(argl == saved_argl); - OPENSSL_assert(argp == saved_argp); - ret = CRYPTO_set_ex_data(ad, saved_idx2, NULL); - OPENSSL_assert(ret); + if (!TEST_int_eq(idx, saved_idx2) + || !TEST_long_eq(argl, saved_argl) + || !TEST_ptr_eq(argp, saved_argp) + || !TEST_ptr(ex_data) + || !TEST_true(CRYPTO_set_ex_data(ad, saved_idx2, NULL))) + gbl_result = 0; } typedef struct myobj_st { @@ -124,21 +127,21 @@ typedef struct myobj_st { int st; } MYOBJ; -static MYOBJ *MYOBJ_new() +static MYOBJ *MYOBJ_new(void) { static int count = 0; MYOBJ *obj = OPENSSL_malloc(sizeof(*obj)); obj->id = ++count; obj->st = CRYPTO_new_ex_data(CRYPTO_EX_INDEX_APP, obj, &obj->ex_data); - OPENSSL_assert(obj->st != 0); return obj; } static void MYOBJ_sethello(MYOBJ *obj, char *cp) { obj->st = CRYPTO_set_ex_data(&obj->ex_data, saved_idx, cp); - OPENSSL_assert(obj->st != 0); + if (!TEST_int_eq(obj->st, 1)) + gbl_result = 0; } static char *MYOBJ_gethello(MYOBJ *obj) @@ -149,19 +152,19 @@ static char *MYOBJ_gethello(MYOBJ *obj) static void MYOBJ_sethello2(MYOBJ *obj, char *cp) { MYOBJ_EX_DATA* ex_data = CRYPTO_get_ex_data(&obj->ex_data, saved_idx2); - if (ex_data != NULL) + if (TEST_ptr(ex_data)) ex_data->hello = cp; else - obj->st = 0; + obj->st = gbl_result = 0; } static char *MYOBJ_gethello2(MYOBJ *obj) { MYOBJ_EX_DATA* ex_data = CRYPTO_get_ex_data(&obj->ex_data, saved_idx2); - if (ex_data != NULL) + if (TEST_ptr(ex_data)) return ex_data->hello; - obj->st = 0; + obj->st = gbl_result = 0; return NULL; } @@ -175,19 +178,20 @@ static MYOBJ *MYOBJ_dup(MYOBJ *in) { MYOBJ *obj = MYOBJ_new(); - obj->st = CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_APP, &obj->ex_data, + obj->st |= CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_APP, &obj->ex_data, &in->ex_data); - OPENSSL_assert(obj->st != 0); return obj; } -int main() +static int test_exdata(void) { MYOBJ *t1, *t2, *t3; MYOBJ_EX_DATA *ex_data; const char *cp; char *p; + gbl_result = 1; + p = OPENSSL_strdup("hello world"); saved_argl = 21; saved_argp = OPENSSL_malloc(1); @@ -199,36 +203,63 @@ int main() exnew2, exdup2, exfree2); t1 = MYOBJ_new(); t2 = MYOBJ_new(); - OPENSSL_assert(t1->st && t2->st); - ex_data = CRYPTO_get_ex_data(&t1->ex_data, saved_idx2); - OPENSSL_assert(ex_data != NULL); - ex_data = CRYPTO_get_ex_data(&t2->ex_data, saved_idx2); - OPENSSL_assert(ex_data != NULL); + if (!TEST_int_eq(t1->st, 1) || !TEST_int_eq(t2->st, 1)) + return 0; + if (!TEST_ptr(CRYPTO_get_ex_data(&t1->ex_data, saved_idx2))) + return 0; + if (!TEST_ptr(CRYPTO_get_ex_data(&t2->ex_data, saved_idx2))) + return 0; + MYOBJ_sethello(t1, p); cp = MYOBJ_gethello(t1); - OPENSSL_assert(cp == p); - cp = MYOBJ_gethello(t2); - OPENSSL_assert(cp == NULL); + if (!TEST_ptr_eq(cp, p)) + return 0; + MYOBJ_sethello2(t1, p); cp = MYOBJ_gethello2(t1); - OPENSSL_assert(cp == p); - OPENSSL_assert(t1->st); + if (!TEST_ptr_eq(cp, p)) + return 0; + + cp = MYOBJ_gethello(t2); + if (!TEST_ptr_null(cp)) + return 0; + cp = MYOBJ_gethello2(t2); - OPENSSL_assert(cp == NULL); - OPENSSL_assert(t2->st); + if (!TEST_ptr_null(cp)) + return 0; + t3 = MYOBJ_dup(t1); + if (!TEST_int_eq(t3->st, 1)) + return 0; + ex_data = CRYPTO_get_ex_data(&t3->ex_data, saved_idx2); - OPENSSL_assert(ex_data != NULL); - OPENSSL_assert(ex_data->dup); + if (!TEST_ptr(ex_data)) + return 0; + if (!TEST_int_eq(ex_data->dup, 1)) + return 0; + cp = MYOBJ_gethello(t3); - OPENSSL_assert(cp == p); + if (!TEST_ptr_eq(cp, p)) + return 0; + cp = MYOBJ_gethello2(t3); - OPENSSL_assert(cp == p); - OPENSSL_assert(t3->st); + if (!TEST_ptr_eq(cp, p)) + return 0; + MYOBJ_free(t1); MYOBJ_free(t2); MYOBJ_free(t3); OPENSSL_free(saved_argp); OPENSSL_free(p); - return 0; + + if (gbl_result) + return 1; + else + return 0; +} + +int setup_tests(void) +{ + ADD_TEST(test_exdata); + return 1; } diff --git a/deps/openssl/openssl/test/exptest.c b/deps/openssl/openssl/test/exptest.c index 9bc6e753a74f37..cde4d6bc4548d9 100644 --- a/deps/openssl/openssl/test/exptest.c +++ b/deps/openssl/openssl/test/exptest.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,41 +11,39 @@ #include #include -#include "../e_os.h" +#include "internal/nelem.h" #include #include #include #include +#include "testutil.h" + #define NUM_BITS (BN_BITS2 * 4) -static const char rnd_seed[] = - "string to make the random number generator think it has entropy"; +#define BN_print_var(v) test_output_bignum(#v, v) /* * Test that r == 0 in test_exp_mod_zero(). Returns one on success, * returns zero and prints debug output otherwise. */ static int a_is_zero_mod_one(const char *method, const BIGNUM *r, - const BIGNUM *a) { + const BIGNUM *a) +{ if (!BN_is_zero(r)) { - fprintf(stderr, "%s failed:\n", method); - fprintf(stderr, "a ** 0 mod 1 = r (should be 0)\n"); - fprintf(stderr, "a = "); - BN_print_fp(stderr, a); - fprintf(stderr, "\nr = "); - BN_print_fp(stderr, r); - fprintf(stderr, "\n"); + TEST_error("%s failed: a ** 0 mod 1 = r (should be 0)", method); + BN_print_var(a); + BN_print_var(r); return 0; } return 1; } /* - * test_exp_mod_zero tests that x**0 mod 1 == 0. It returns zero on success. + * test_mod_exp_zero tests that x**0 mod 1 == 0. It returns zero on success. */ -static int test_exp_mod_zero() +static int test_mod_exp_zero(void) { BIGNUM *a = NULL, *p = NULL, *m = NULL; BIGNUM *r = NULL; @@ -53,77 +51,64 @@ static int test_exp_mod_zero() BN_CTX *ctx = BN_CTX_new(); int ret = 1, failed = 0; - m = BN_new(); - if (!m) + if (!TEST_ptr(m = BN_new()) + || !TEST_ptr(a = BN_new()) + || !TEST_ptr(p = BN_new()) + || !TEST_ptr(r = BN_new())) goto err; - BN_one(m); - a = BN_new(); - if (!a) - goto err; + BN_one(m); BN_one(a); - - p = BN_new(); - if (!p) - goto err; BN_zero(p); - r = BN_new(); - if (!r) - goto err; - - if (!BN_rand(a, 1024, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) + if (!TEST_true(BN_rand(a, 1024, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))) goto err; - if (!BN_mod_exp(r, a, p, m, ctx)) + if (!TEST_true(BN_mod_exp(r, a, p, m, ctx))) goto err; - if (!a_is_zero_mod_one("BN_mod_exp", r, a)) + if (!TEST_true(a_is_zero_mod_one("BN_mod_exp", r, a))) failed = 1; - if (!BN_mod_exp_recp(r, a, p, m, ctx)) + if (!TEST_true(BN_mod_exp_recp(r, a, p, m, ctx))) goto err; - if (!a_is_zero_mod_one("BN_mod_exp_recp", r, a)) + if (!TEST_true(a_is_zero_mod_one("BN_mod_exp_recp", r, a))) failed = 1; - if (!BN_mod_exp_simple(r, a, p, m, ctx)) + if (!TEST_true(BN_mod_exp_simple(r, a, p, m, ctx))) goto err; - if (!a_is_zero_mod_one("BN_mod_exp_simple", r, a)) + if (!TEST_true(a_is_zero_mod_one("BN_mod_exp_simple", r, a))) failed = 1; - if (!BN_mod_exp_mont(r, a, p, m, ctx, NULL)) + if (!TEST_true(BN_mod_exp_mont(r, a, p, m, ctx, NULL))) goto err; - if (!a_is_zero_mod_one("BN_mod_exp_mont", r, a)) + if (!TEST_true(a_is_zero_mod_one("BN_mod_exp_mont", r, a))) failed = 1; - if (!BN_mod_exp_mont_consttime(r, a, p, m, ctx, NULL)) { + if (!TEST_true(BN_mod_exp_mont_consttime(r, a, p, m, ctx, NULL))) goto err; - } - if (!a_is_zero_mod_one("BN_mod_exp_mont_consttime", r, a)) + if (!TEST_true(a_is_zero_mod_one("BN_mod_exp_mont_consttime", r, a))) failed = 1; /* * A different codepath exists for single word multiplication * in non-constant-time only. */ - if (!BN_mod_exp_mont_word(r, one_word, p, m, ctx, NULL)) + if (!TEST_true(BN_mod_exp_mont_word(r, one_word, p, m, ctx, NULL))) goto err; - if (!BN_is_zero(r)) { - fprintf(stderr, "BN_mod_exp_mont_word failed:\n"); - fprintf(stderr, "1 ** 0 mod 1 = r (should be 0)\n"); - fprintf(stderr, "r = "); - BN_print_fp(stderr, r); - fprintf(stderr, "\n"); - return 0; + if (!TEST_BN_eq_zero(r)) { + TEST_error("BN_mod_exp_mont_word failed: " + "1 ** 0 mod 1 = r (should be 0)"); + BN_print_var(r); + goto err; } - ret = failed; - + ret = !failed; err: BN_free(r); BN_free(a); @@ -134,114 +119,73 @@ static int test_exp_mod_zero() return ret; } -int main(int argc, char *argv[]) +static int test_mod_exp(int round) { BN_CTX *ctx; - BIO *out = NULL; - int i, ret; unsigned char c; - BIGNUM *r_mont, *r_mont_const, *r_recp, *r_simple, *a, *b, *m; + int ret = 0; + BIGNUM *r_mont = NULL; + BIGNUM *r_mont_const = NULL; + BIGNUM *r_recp = NULL; + BIGNUM *r_simple = NULL; + BIGNUM *a = NULL; + BIGNUM *b = NULL; + BIGNUM *m = NULL; + + if (!TEST_ptr(ctx = BN_CTX_new())) + goto err; - /* - * Seed or BN_rand may fail, and we don't even check its return - * value (which we should) - */ - RAND_seed(rnd_seed, sizeof(rnd_seed)); - - ctx = BN_CTX_new(); - if (ctx == NULL) - EXIT(1); - r_mont = BN_new(); - r_mont_const = BN_new(); - r_recp = BN_new(); - r_simple = BN_new(); - a = BN_new(); - b = BN_new(); - m = BN_new(); - if ((r_mont == NULL) || (r_recp == NULL) || (a == NULL) || (b == NULL)) + if (!TEST_ptr(r_mont = BN_new()) + || !TEST_ptr(r_mont_const = BN_new()) + || !TEST_ptr(r_recp = BN_new()) + || !TEST_ptr(r_simple = BN_new()) + || !TEST_ptr(a = BN_new()) + || !TEST_ptr(b = BN_new()) + || !TEST_ptr(m = BN_new())) goto err; - out = BIO_new(BIO_s_file()); - - if (out == NULL) - EXIT(1); - BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); - - for (i = 0; i < 200; i++) { - RAND_bytes(&c, 1); - c = (c % BN_BITS) - BN_BITS2; - BN_rand(a, NUM_BITS + c, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY); - - RAND_bytes(&c, 1); - c = (c % BN_BITS) - BN_BITS2; - BN_rand(b, NUM_BITS + c, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY); - - RAND_bytes(&c, 1); - c = (c % BN_BITS) - BN_BITS2; - BN_rand(m, NUM_BITS + c, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD); - - BN_mod(a, a, m, ctx); - BN_mod(b, b, m, ctx); - - ret = BN_mod_exp_mont(r_mont, a, b, m, ctx, NULL); - if (ret <= 0) { - printf("BN_mod_exp_mont() problems\n"); - ERR_print_errors(out); - EXIT(1); - } - - ret = BN_mod_exp_recp(r_recp, a, b, m, ctx); - if (ret <= 0) { - printf("BN_mod_exp_recp() problems\n"); - ERR_print_errors(out); - EXIT(1); - } - - ret = BN_mod_exp_simple(r_simple, a, b, m, ctx); - if (ret <= 0) { - printf("BN_mod_exp_simple() problems\n"); - ERR_print_errors(out); - EXIT(1); - } - - ret = BN_mod_exp_mont_consttime(r_mont_const, a, b, m, ctx, NULL); - if (ret <= 0) { - printf("BN_mod_exp_mont_consttime() problems\n"); - ERR_print_errors(out); - EXIT(1); - } - - if (BN_cmp(r_simple, r_mont) == 0 - && BN_cmp(r_simple, r_recp) == 0 - && BN_cmp(r_simple, r_mont_const) == 0) { - printf("."); - fflush(stdout); - } else { - if (BN_cmp(r_simple, r_mont) != 0) - printf("\nsimple and mont results differ\n"); - if (BN_cmp(r_simple, r_mont_const) != 0) - printf("\nsimple and mont const time results differ\n"); - if (BN_cmp(r_simple, r_recp) != 0) - printf("\nsimple and recp results differ\n"); - - printf("a (%3d) = ", BN_num_bits(a)); - BN_print(out, a); - printf("\nb (%3d) = ", BN_num_bits(b)); - BN_print(out, b); - printf("\nm (%3d) = ", BN_num_bits(m)); - BN_print(out, m); - printf("\nsimple ="); - BN_print(out, r_simple); - printf("\nrecp ="); - BN_print(out, r_recp); - printf("\nmont ="); - BN_print(out, r_mont); - printf("\nmont_ct ="); - BN_print(out, r_mont_const); - printf("\n"); - EXIT(1); - } + RAND_bytes(&c, 1); + c = (c % BN_BITS) - BN_BITS2; + BN_rand(a, NUM_BITS + c, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY); + + RAND_bytes(&c, 1); + c = (c % BN_BITS) - BN_BITS2; + BN_rand(b, NUM_BITS + c, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY); + + RAND_bytes(&c, 1); + c = (c % BN_BITS) - BN_BITS2; + BN_rand(m, NUM_BITS + c, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD); + + if (!TEST_true(BN_mod(a, a, m, ctx)) + || !TEST_true(BN_mod(b, b, m, ctx)) + || !TEST_true(BN_mod_exp_mont(r_mont, a, b, m, ctx, NULL)) + || !TEST_true(BN_mod_exp_recp(r_recp, a, b, m, ctx)) + || !TEST_true(BN_mod_exp_simple(r_simple, a, b, m, ctx)) + || !TEST_true(BN_mod_exp_mont_consttime(r_mont_const, a, b, m, ctx, NULL))) + goto err; + + if (!TEST_BN_eq(r_simple, r_mont) + || !TEST_BN_eq(r_simple, r_recp) + || !TEST_BN_eq(r_simple, r_mont_const)) { + if (BN_cmp(r_simple, r_mont) != 0) + TEST_info("simple and mont results differ"); + if (BN_cmp(r_simple, r_mont_const) != 0) + TEST_info("simple and mont const time results differ"); + if (BN_cmp(r_simple, r_recp) != 0) + TEST_info("simple and recp results differ"); + + BN_print_var(a); + BN_print_var(b); + BN_print_var(m); + BN_print_var(r_simple); + BN_print_var(r_recp); + BN_print_var(r_mont); + BN_print_var(r_mont_const); + goto err; } + + ret = 1; + err: BN_free(r_mont); BN_free(r_mont_const); BN_free(r_recp); @@ -251,20 +195,12 @@ int main(int argc, char *argv[]) BN_free(m); BN_CTX_free(ctx); - if (test_exp_mod_zero() != 0) - goto err; - -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - if (CRYPTO_mem_leaks(out) <= 0) - goto err; -#endif - BIO_free(out); - printf("\n"); - - printf("done\n"); + return ret; +} - EXIT(0); - err: - ERR_print_errors(out); - EXIT(1); +int setup_tests(void) +{ + ADD_TEST(test_mod_exp_zero); + ADD_ALL_TESTS(test_mod_exp, 200); + return 1; } diff --git a/deps/openssl/openssl/test/fatalerrtest.c b/deps/openssl/openssl/test/fatalerrtest.c index d52daa2de9aa18..66731e64025777 100644 --- a/deps/openssl/openssl/test/fatalerrtest.c +++ b/deps/openssl/openssl/test/fatalerrtest.c @@ -28,57 +28,49 @@ static int test_fatalerr(void) 0x17, 0x03, 0x03, 0x00, 0x05, 'D', 'u', 'm', 'm', 'y' }; - if (!create_ssl_ctx_pair(SSLv23_method(), SSLv23_method(), - SSL3_VERSION, TLS_MAX_VERSION, &sctx, &cctx, - cert, privkey)) { - printf("Failed to create SSL_CTX pair\n"); + if (!TEST_true(create_ssl_ctx_pair(TLS_method(), TLS_method(), + TLS1_VERSION, TLS_MAX_VERSION, + &sctx, &cctx, cert, privkey))) goto err; - } /* * Deliberately set the cipher lists for client and server to be different * to force a handshake failure. */ - if (!SSL_CTX_set_cipher_list(sctx, "AES128-SHA") - || !SSL_CTX_set_cipher_list(cctx, "AES256-SHA")) { - printf("Failed to set cipher lists\n"); - goto err; - } - - if (!create_ssl_objects(sctx, cctx, &sssl, &cssl, NULL, NULL)) { - printf("Failed to create SSL objectx\n"); + if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "AES128-SHA")) + || !TEST_true(SSL_CTX_set_cipher_list(cctx, "AES256-SHA")) + || !TEST_true(SSL_CTX_set_ciphersuites(sctx, + "TLS_AES_128_GCM_SHA256")) + || !TEST_true(SSL_CTX_set_ciphersuites(cctx, + "TLS_AES_256_GCM_SHA384")) + || !TEST_true(create_ssl_objects(sctx, cctx, &sssl, &cssl, NULL, + NULL))) goto err; - } wbio = SSL_get_wbio(cssl); - if (wbio == NULL) { + if (!TEST_ptr(wbio)) { printf("Unexpected NULL bio received\n"); goto err; } - if (create_ssl_connection(sssl, cssl)) { - printf("Unexpected success creating a connection\n"); + /* Connection should fail */ + if (!TEST_false(create_ssl_connection(sssl, cssl, SSL_ERROR_NONE))) goto err; - } ERR_clear_error(); /* Inject a plaintext record from client to server */ - if (BIO_write(wbio, dummyrec, sizeof(dummyrec)) <= 0) { - printf("Unexpected failure injecting dummy record\n"); + if (!TEST_int_gt(BIO_write(wbio, dummyrec, sizeof(dummyrec)), 0)) goto err; - } /* SSL_read()/SSL_write should fail because of a previous fatal error */ - if ((len = SSL_read(sssl, buf, sizeof(buf) - 1)) > 0) { + if (!TEST_int_le(len = SSL_read(sssl, buf, sizeof(buf) - 1), 0)) { buf[len] = '\0'; - printf("Unexpected success reading data: %s\n", buf); + TEST_error("Unexpected success reading data: %s\n", buf); goto err; } - if (SSL_write(sssl, msg, strlen(msg)) > 0) { - printf("Unexpected success writing data\n"); + if (!TEST_int_le(SSL_write(sssl, msg, strlen(msg)), 0)) goto err; - } ret = 1; err: @@ -90,36 +82,13 @@ static int test_fatalerr(void) return ret; } -int main(int argc, char *argv[]) +int setup_tests(void) { - BIO *err = NULL; - int testresult = 1; - - if (argc != 3) { - printf("Invalid argument count\n"); - return 1; - } - - cert = argv[1]; - privkey = argv[2]; - - err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); - - CRYPTO_set_mem_debug(1); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + if (!TEST_ptr(cert = test_get_argument(0)) + || !TEST_ptr(privkey = test_get_argument(1))) + return 0; ADD_TEST(test_fatalerr); - testresult = run_tests(argv[0]); - -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - if (CRYPTO_mem_leaks(err) <= 0) - testresult = 1; -#endif - BIO_free(err); - - if (!testresult) - printf("PASS\n"); - - return testresult; + return 1; } diff --git a/deps/openssl/openssl/test/generate_buildtest.pl b/deps/openssl/openssl/test/generate_buildtest.pl index 0a9d879eb12a9d..f9a663bea65c11 100644 --- a/deps/openssl/openssl/test/generate_buildtest.pl +++ b/deps/openssl/openssl/test/generate_buildtest.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -27,7 +27,7 @@ # include #endif -int main() +int main(void) { return 0; } diff --git a/deps/openssl/openssl/test/gmdifftest.c b/deps/openssl/openssl/test/gmdifftest.c index 73c910dd2fbefa..f7aa1a3808fa93 100644 --- a/deps/openssl/openssl/test/gmdifftest.c +++ b/deps/openssl/openssl/test/gmdifftest.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,7 +8,8 @@ */ #include -#include + +#include "testutil.h" #define SECS_PER_DAY (24 * 60 * 60) @@ -24,6 +25,7 @@ static int check_time(long offset) int off_day, off_sec; long toffset; time_t t1, t2; + time(&t1); t2 = t1 + offset; @@ -31,51 +33,33 @@ static int check_time(long offset) OPENSSL_gmtime(&t1, &tm1); o1 = tm1; OPENSSL_gmtime_adj(&tm1, 0, offset); - if ((tm1.tm_year != tm2.tm_year) || - (tm1.tm_mon != tm2.tm_mon) || - (tm1.tm_mday != tm2.tm_mday) || - (tm1.tm_hour != tm2.tm_hour) || - (tm1.tm_min != tm2.tm_min) || (tm1.tm_sec != tm2.tm_sec)) { - fprintf(stderr, "TIME ERROR!!\n"); - fprintf(stderr, "Time1: %d/%d/%d, %d:%02d:%02d\n", - tm2.tm_mday, tm2.tm_mon + 1, tm2.tm_year + 1900, - tm2.tm_hour, tm2.tm_min, tm2.tm_sec); - fprintf(stderr, "Time2: %d/%d/%d, %d:%02d:%02d\n", - tm1.tm_mday, tm1.tm_mon + 1, tm1.tm_year + 1900, - tm1.tm_hour, tm1.tm_min, tm1.tm_sec); + if (!TEST_int_eq(tm1.tm_year, tm2.tm_year) + || !TEST_int_eq(tm1.tm_mon, tm2.tm_mon) + || !TEST_int_eq(tm1.tm_mday, tm2.tm_mday) + || !TEST_int_eq(tm1.tm_hour, tm2.tm_hour) + || !TEST_int_eq(tm1.tm_min, tm2.tm_min) + || !TEST_int_eq(tm1.tm_sec, tm2.tm_sec) + || !TEST_true(OPENSSL_gmtime_diff(&off_day, &off_sec, &o1, &tm1))) return 0; - } - if (!OPENSSL_gmtime_diff(&off_day, &off_sec, &o1, &tm1)) + toffset = (long)off_day * SECS_PER_DAY + off_sec; + if (!TEST_long_eq(offset, toffset)) return 0; - toffset = (long)off_day *SECS_PER_DAY + off_sec; - if (offset != toffset) { - fprintf(stderr, "TIME OFFSET ERROR!!\n"); - fprintf(stderr, "Expected %ld, Got %ld (%d:%d)\n", - offset, toffset, off_day, off_sec); - return 0; - } return 1; } -int main(int argc, char **argv) +static int test_gmtime(int offset) { - long offset; - int fails; - - if (sizeof(time_t) < 8) { - fprintf(stderr, "Skipping; time_t is less than 64-bits\n"); - return 0; - } - for (fails = 0, offset = 0; offset < 1000000; offset++) { - if (!check_time(offset)) - fails++; - if (!check_time(-offset)) - fails++; - if (!check_time(offset * 1000)) - fails++; - if (!check_time(-offset * 1000)) - fails++; - } + return check_time(offset) && + check_time(-offset) && + check_time(offset * 1000L) && + check_time(-offset * 1000L); +} - return fails ? 1 : 0; +int setup_tests(void) +{ + if (sizeof(time_t) < 8) + TEST_info("Skipping; time_t is less than 64-bits"); + else + ADD_ALL_TESTS_NOSUBTEST(test_gmtime, 1000000); + return 1; } diff --git a/deps/openssl/openssl/test/handshake_helper.c b/deps/openssl/openssl/test/handshake_helper.c index 41a2c002297269..40bfd3ec26a4f1 100644 --- a/deps/openssl/openssl/test/handshake_helper.c +++ b/deps/openssl/openssl/test/handshake_helper.c @@ -12,14 +12,21 @@ #include #include #include +#ifndef OPENSSL_NO_SRP +#include +#endif +#include "../ssl/ssl_locl.h" +#include "internal/sockets.h" +#include "internal/nelem.h" #include "handshake_helper.h" #include "testutil.h" -HANDSHAKE_RESULT *HANDSHAKE_RESULT_new() +HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void) { - HANDSHAKE_RESULT *ret = OPENSSL_zalloc(sizeof(*ret)); - TEST_check(ret != NULL); + HANDSHAKE_RESULT *ret; + + TEST_ptr(ret = OPENSSL_zalloc(sizeof(*ret))); return ret; } @@ -31,6 +38,10 @@ void HANDSHAKE_RESULT_free(HANDSHAKE_RESULT *result) OPENSSL_free(result->server_npn_negotiated); OPENSSL_free(result->client_alpn_negotiated); OPENSSL_free(result->server_alpn_negotiated); + OPENSSL_free(result->result_session_ticket_app_data); + sk_X509_NAME_pop_free(result->server_ca_names, X509_NAME_free); + sk_X509_NAME_pop_free(result->client_ca_names, X509_NAME_free); + OPENSSL_free(result->cipher); OPENSSL_free(result); } @@ -52,6 +63,9 @@ typedef struct ctx_data_st { size_t npn_protocols_len; unsigned char *alpn_protocols; size_t alpn_protocols_len; + char *srp_user; + char *srp_password; + char *session_ticket_app_data; } CTX_DATA; /* |ctx_data| itself is stack-allocated. */ @@ -61,6 +75,12 @@ static void ctx_data_free_data(CTX_DATA *ctx_data) ctx_data->npn_protocols = NULL; OPENSSL_free(ctx_data->alpn_protocols); ctx_data->alpn_protocols = NULL; + OPENSSL_free(ctx_data->srp_user); + ctx_data->srp_user = NULL; + OPENSSL_free(ctx_data->srp_password); + ctx_data->srp_password = NULL; + OPENSSL_free(ctx_data->session_ticket_app_data); + ctx_data->session_ticket_app_data = NULL; } static int ex_data_idx; @@ -123,6 +143,68 @@ static int select_server_ctx(SSL *s, void *arg, int ignore) } } +static int client_hello_select_server_ctx(SSL *s, void *arg, int ignore) +{ + const char *servername; + const unsigned char *p; + size_t len, remaining; + HANDSHAKE_EX_DATA *ex_data = + (HANDSHAKE_EX_DATA*)(SSL_get_ex_data(s, ex_data_idx)); + + /* + * The server_name extension was given too much extensibility when it + * was written, so parsing the normal case is a bit complex. + */ + if (!SSL_client_hello_get0_ext(s, TLSEXT_TYPE_server_name, &p, + &remaining) || + remaining <= 2) + return 0; + /* Extract the length of the supplied list of names. */ + len = (*(p++) << 8); + len += *(p++); + if (len + 2 != remaining) + return 0; + remaining = len; + /* + * The list in practice only has a single element, so we only consider + * the first one. + */ + if (remaining == 0 || *p++ != TLSEXT_NAMETYPE_host_name) + return 0; + remaining--; + /* Now we can finally pull out the byte array with the actual hostname. */ + if (remaining <= 2) + return 0; + len = (*(p++) << 8); + len += *(p++); + if (len + 2 > remaining) + return 0; + remaining = len; + servername = (const char *)p; + + if (len == strlen("server2") && strncmp(servername, "server2", len) == 0) { + SSL_CTX *new_ctx = arg; + SSL_set_SSL_CTX(s, new_ctx); + /* + * Copy over all the SSL_CTX options - reasonable behavior + * allows testing of cases where the options between two + * contexts differ/conflict + */ + SSL_clear_options(s, 0xFFFFFFFFL); + SSL_set_options(s, SSL_CTX_get_options(new_ctx)); + + ex_data->servername = SSL_TEST_SERVERNAME_SERVER2; + return 1; + } else if (len == strlen("server1") && + strncmp(servername, "server1", len) == 0) { + ex_data->servername = SSL_TEST_SERVERNAME_SERVER1; + return 1; + } else if (ignore) { + ex_data->servername = SSL_TEST_SERVERNAME_SERVER1; + return 1; + } + return 0; +} /* * (RFC 6066): * If the server understood the ClientHello extension but @@ -144,6 +226,52 @@ static int servername_reject_cb(SSL *s, int *ad, void *arg) return select_server_ctx(s, arg, 0); } +static int client_hello_ignore_cb(SSL *s, int *al, void *arg) +{ + if (!client_hello_select_server_ctx(s, arg, 1)) { + *al = SSL_AD_UNRECOGNIZED_NAME; + return SSL_CLIENT_HELLO_ERROR; + } + return SSL_CLIENT_HELLO_SUCCESS; +} + +static int client_hello_reject_cb(SSL *s, int *al, void *arg) +{ + if (!client_hello_select_server_ctx(s, arg, 0)) { + *al = SSL_AD_UNRECOGNIZED_NAME; + return SSL_CLIENT_HELLO_ERROR; + } + return SSL_CLIENT_HELLO_SUCCESS; +} + +static int client_hello_nov12_cb(SSL *s, int *al, void *arg) +{ + int ret; + unsigned int v; + const unsigned char *p; + + v = SSL_client_hello_get0_legacy_version(s); + if (v > TLS1_2_VERSION || v < SSL3_VERSION) { + *al = SSL_AD_PROTOCOL_VERSION; + return SSL_CLIENT_HELLO_ERROR; + } + (void)SSL_client_hello_get0_session_id(s, &p); + if (p == NULL || + SSL_client_hello_get0_random(s, &p) == 0 || + SSL_client_hello_get0_ciphers(s, &p) == 0 || + SSL_client_hello_get0_compression_methods(s, &p) == 0) { + *al = SSL_AD_INTERNAL_ERROR; + return SSL_CLIENT_HELLO_ERROR; + } + ret = client_hello_select_server_ctx(s, arg, 0); + SSL_set_max_proto_version(s, TLS1_1_VERSION); + if (!ret) { + *al = SSL_AD_UNRECOGNIZED_NAME; + return SSL_CLIENT_HELLO_ERROR; + } + return SSL_CLIENT_HELLO_SUCCESS; +} + static unsigned char dummy_ocsp_resp_good_val = 0xff; static unsigned char dummy_ocsp_resp_bad_val = 0xfe; @@ -203,18 +331,17 @@ static int do_not_call_session_ticket_cb(SSL *s, unsigned char *key_name, } /* Parse the comma-separated list into TLS format. */ -static void parse_protos(const char *protos, unsigned char **out, size_t *outlen) +static int parse_protos(const char *protos, unsigned char **out, size_t *outlen) { size_t len, i, prefix; len = strlen(protos); /* Should never have reuse. */ - TEST_check(*out == NULL); - - /* Test values are small, so we omit length limit checks. */ - *out = OPENSSL_malloc(len + 1); - TEST_check(*out != NULL); + if (!TEST_ptr_null(*out) + /* Test values are small, so we omit length limit checks. */ + || !TEST_ptr(*out = OPENSSL_malloc(len + 1))) + return 0; *outlen = len + 1; /* @@ -227,14 +354,22 @@ static void parse_protos(const char *protos, unsigned char **out, size_t *outlen i = prefix + 1; while (i <= len) { if ((*out)[i] == ',') { - TEST_check(i - 1 - prefix > 0); - (*out)[prefix] = i - 1 - prefix; + if (!TEST_int_gt(i - 1, prefix)) + goto err; + (*out)[prefix] = (unsigned char)(i - 1 - prefix); prefix = i; } i++; } - TEST_check(len - prefix > 0); - (*out)[prefix] = len - prefix; + if (!TEST_int_gt(len, prefix)) + goto err; + (*out)[prefix] = (unsigned char)(len - prefix); + return 1; + +err: + OPENSSL_free(*out); + *out = NULL; + return 0; } #ifndef OPENSSL_NO_NEXTPROTONEG @@ -255,8 +390,8 @@ static int client_npn_cb(SSL *s, unsigned char **out, unsigned char *outlen, ctx_data->npn_protocols, ctx_data->npn_protocols_len); /* Accept both OPENSSL_NPN_NEGOTIATED and OPENSSL_NPN_NO_OVERLAP. */ - TEST_check(ret == OPENSSL_NPN_NEGOTIATED || ret == OPENSSL_NPN_NO_OVERLAP); - return SSL_TLSEXT_ERR_OK; + return TEST_true(ret == OPENSSL_NPN_NEGOTIATED || ret == OPENSSL_NPN_NO_OVERLAP) + ? SSL_TLSEXT_ERR_OK : SSL_TLSEXT_ERR_ALERT_FATAL; } static int server_npn_cb(SSL *s, const unsigned char **data, @@ -300,44 +435,115 @@ static int server_alpn_cb(SSL *s, const unsigned char **out, : SSL_TLSEXT_ERR_ALERT_FATAL; } +#ifndef OPENSSL_NO_SRP +static char *client_srp_cb(SSL *s, void *arg) +{ + CTX_DATA *ctx_data = (CTX_DATA*)(arg); + return OPENSSL_strdup(ctx_data->srp_password); +} + +static int server_srp_cb(SSL *s, int *ad, void *arg) +{ + CTX_DATA *ctx_data = (CTX_DATA*)(arg); + if (strcmp(ctx_data->srp_user, SSL_get_srp_username(s)) != 0) + return SSL3_AL_FATAL; + if (SSL_set_srp_server_param_pw(s, ctx_data->srp_user, + ctx_data->srp_password, + "2048" /* known group */) < 0) { + *ad = SSL_AD_INTERNAL_ERROR; + return SSL3_AL_FATAL; + } + return SSL_ERROR_NONE; +} +#endif /* !OPENSSL_NO_SRP */ + +static int generate_session_ticket_cb(SSL *s, void *arg) +{ + CTX_DATA *server_ctx_data = arg; + SSL_SESSION *ss = SSL_get_session(s); + char *app_data = server_ctx_data->session_ticket_app_data; + + if (ss == NULL || app_data == NULL) + return 0; + + return SSL_SESSION_set1_ticket_appdata(ss, app_data, strlen(app_data)); +} + +static int decrypt_session_ticket_cb(SSL *s, SSL_SESSION *ss, + const unsigned char *keyname, + size_t keyname_len, + SSL_TICKET_STATUS status, + void *arg) +{ + switch (status) { + case SSL_TICKET_EMPTY: + case SSL_TICKET_NO_DECRYPT: + return SSL_TICKET_RETURN_IGNORE_RENEW; + case SSL_TICKET_SUCCESS: + return SSL_TICKET_RETURN_USE; + case SSL_TICKET_SUCCESS_RENEW: + return SSL_TICKET_RETURN_USE_RENEW; + default: + break; + } + return SSL_TICKET_RETURN_ABORT; +} + /* * Configure callbacks and other properties that can't be set directly * in the server/client CONF. */ -static void configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, - SSL_CTX *client_ctx, - const SSL_TEST_CTX *test, - const SSL_TEST_EXTRA_CONF *extra, - CTX_DATA *server_ctx_data, - CTX_DATA *server2_ctx_data, - CTX_DATA *client_ctx_data) +static int configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, + SSL_CTX *client_ctx, + const SSL_TEST_CTX *test, + const SSL_TEST_EXTRA_CONF *extra, + CTX_DATA *server_ctx_data, + CTX_DATA *server2_ctx_data, + CTX_DATA *client_ctx_data) { unsigned char *ticket_keys; size_t ticket_key_len; - TEST_check(SSL_CTX_set_max_send_fragment(server_ctx, - test->max_fragment_size) == 1); + if (!TEST_int_eq(SSL_CTX_set_max_send_fragment(server_ctx, + test->max_fragment_size), 1)) + goto err; if (server2_ctx != NULL) { - TEST_check(SSL_CTX_set_max_send_fragment(server2_ctx, - test->max_fragment_size) == 1); + if (!TEST_int_eq(SSL_CTX_set_max_send_fragment(server2_ctx, + test->max_fragment_size), + 1)) + goto err; } - TEST_check(SSL_CTX_set_max_send_fragment(client_ctx, - test->max_fragment_size) == 1); + if (!TEST_int_eq(SSL_CTX_set_max_send_fragment(client_ctx, + test->max_fragment_size), 1)) + goto err; switch (extra->client.verify_callback) { case SSL_TEST_VERIFY_ACCEPT_ALL: - SSL_CTX_set_cert_verify_callback(client_ctx, &verify_accept_cb, - NULL); + SSL_CTX_set_cert_verify_callback(client_ctx, &verify_accept_cb, NULL); break; case SSL_TEST_VERIFY_REJECT_ALL: - SSL_CTX_set_cert_verify_callback(client_ctx, &verify_reject_cb, - NULL); + SSL_CTX_set_cert_verify_callback(client_ctx, &verify_reject_cb, NULL); break; - default: + case SSL_TEST_VERIFY_NONE: break; } - /* link the two contexts for SNI purposes */ + switch (extra->client.max_fragment_len_mode) { + case TLSEXT_max_fragment_length_512: + case TLSEXT_max_fragment_length_1024: + case TLSEXT_max_fragment_length_2048: + case TLSEXT_max_fragment_length_4096: + case TLSEXT_max_fragment_length_DISABLED: + SSL_CTX_set_tlsext_max_fragment_length( + client_ctx, extra->client.max_fragment_len_mode); + break; + } + + /* + * Link the two contexts for SNI purposes. + * Also do ClientHello callbacks here, as setting both ClientHello and SNI + * is bad. + */ switch (extra->server.servername_callback) { case SSL_TEST_SERVERNAME_IGNORE_MISMATCH: SSL_CTX_set_tlsext_servername_callback(server_ctx, servername_ignore_cb); @@ -347,8 +553,16 @@ static void configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, SSL_CTX_set_tlsext_servername_callback(server_ctx, servername_reject_cb); SSL_CTX_set_tlsext_servername_arg(server_ctx, server2_ctx); break; - default: + case SSL_TEST_SERVERNAME_CB_NONE: + break; + case SSL_TEST_SERVERNAME_CLIENT_HELLO_IGNORE_MISMATCH: + SSL_CTX_set_client_hello_cb(server_ctx, client_hello_ignore_cb, server2_ctx); break; + case SSL_TEST_SERVERNAME_CLIENT_HELLO_REJECT_MISMATCH: + SSL_CTX_set_client_hello_cb(server_ctx, client_hello_reject_cb, server2_ctx); + break; + case SSL_TEST_SERVERNAME_CLIENT_HELLO_NO_V12: + SSL_CTX_set_client_hello_cb(server_ctx, client_hello_nov12_cb, server2_ctx); } if (extra->server.cert_status != SSL_TEST_CERT_STATUS_NONE) { @@ -375,77 +589,134 @@ static void configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, } #ifndef OPENSSL_NO_NEXTPROTONEG if (extra->server.npn_protocols != NULL) { - parse_protos(extra->server.npn_protocols, - &server_ctx_data->npn_protocols, - &server_ctx_data->npn_protocols_len); - SSL_CTX_set_next_protos_advertised_cb(server_ctx, server_npn_cb, - server_ctx_data); + if (!TEST_true(parse_protos(extra->server.npn_protocols, + &server_ctx_data->npn_protocols, + &server_ctx_data->npn_protocols_len))) + goto err; + SSL_CTX_set_npn_advertised_cb(server_ctx, server_npn_cb, + server_ctx_data); } if (extra->server2.npn_protocols != NULL) { - parse_protos(extra->server2.npn_protocols, - &server2_ctx_data->npn_protocols, - &server2_ctx_data->npn_protocols_len); - TEST_check(server2_ctx != NULL); - SSL_CTX_set_next_protos_advertised_cb(server2_ctx, server_npn_cb, - server2_ctx_data); + if (!TEST_true(parse_protos(extra->server2.npn_protocols, + &server2_ctx_data->npn_protocols, + &server2_ctx_data->npn_protocols_len)) + || !TEST_ptr(server2_ctx)) + goto err; + SSL_CTX_set_npn_advertised_cb(server2_ctx, server_npn_cb, + server2_ctx_data); } if (extra->client.npn_protocols != NULL) { - parse_protos(extra->client.npn_protocols, - &client_ctx_data->npn_protocols, - &client_ctx_data->npn_protocols_len); + if (!TEST_true(parse_protos(extra->client.npn_protocols, + &client_ctx_data->npn_protocols, + &client_ctx_data->npn_protocols_len))) + goto err; SSL_CTX_set_next_proto_select_cb(client_ctx, client_npn_cb, client_ctx_data); } #endif if (extra->server.alpn_protocols != NULL) { - parse_protos(extra->server.alpn_protocols, - &server_ctx_data->alpn_protocols, - &server_ctx_data->alpn_protocols_len); + if (!TEST_true(parse_protos(extra->server.alpn_protocols, + &server_ctx_data->alpn_protocols, + &server_ctx_data->alpn_protocols_len))) + goto err; SSL_CTX_set_alpn_select_cb(server_ctx, server_alpn_cb, server_ctx_data); } if (extra->server2.alpn_protocols != NULL) { - TEST_check(server2_ctx != NULL); - parse_protos(extra->server2.alpn_protocols, - &server2_ctx_data->alpn_protocols, - &server2_ctx_data->alpn_protocols_len); - SSL_CTX_set_alpn_select_cb(server2_ctx, server_alpn_cb, server2_ctx_data); + if (!TEST_ptr(server2_ctx) + || !TEST_true(parse_protos(extra->server2.alpn_protocols, + &server2_ctx_data->alpn_protocols, + &server2_ctx_data->alpn_protocols_len + ))) + goto err; + SSL_CTX_set_alpn_select_cb(server2_ctx, server_alpn_cb, + server2_ctx_data); } if (extra->client.alpn_protocols != NULL) { unsigned char *alpn_protos = NULL; size_t alpn_protos_len; - parse_protos(extra->client.alpn_protocols, - &alpn_protos, &alpn_protos_len); - /* Reversed return value convention... */ - TEST_check(SSL_CTX_set_alpn_protos(client_ctx, alpn_protos, - alpn_protos_len) == 0); + if (!TEST_true(parse_protos(extra->client.alpn_protocols, + &alpn_protos, &alpn_protos_len)) + /* Reversed return value convention... */ + || !TEST_int_eq(SSL_CTX_set_alpn_protos(client_ctx, alpn_protos, + alpn_protos_len), 0)) + goto err; OPENSSL_free(alpn_protos); } + if (extra->server.session_ticket_app_data != NULL) { + server_ctx_data->session_ticket_app_data = + OPENSSL_strdup(extra->server.session_ticket_app_data); + SSL_CTX_set_session_ticket_cb(server_ctx, generate_session_ticket_cb, + decrypt_session_ticket_cb, server_ctx_data); + } + if (extra->server2.session_ticket_app_data != NULL) { + if (!TEST_ptr(server2_ctx)) + goto err; + server2_ctx_data->session_ticket_app_data = + OPENSSL_strdup(extra->server2.session_ticket_app_data); + SSL_CTX_set_session_ticket_cb(server2_ctx, NULL, + decrypt_session_ticket_cb, server2_ctx_data); + } + /* * Use fixed session ticket keys so that we can decrypt a ticket created with * one CTX in another CTX. Don't address server2 for the moment. */ ticket_key_len = SSL_CTX_set_tlsext_ticket_keys(server_ctx, NULL, 0); - ticket_keys = OPENSSL_zalloc(ticket_key_len); - TEST_check(ticket_keys != NULL); - TEST_check(SSL_CTX_set_tlsext_ticket_keys(server_ctx, ticket_keys, - ticket_key_len) == 1); + if (!TEST_ptr(ticket_keys = OPENSSL_zalloc(ticket_key_len)) + || !TEST_int_eq(SSL_CTX_set_tlsext_ticket_keys(server_ctx, + ticket_keys, + ticket_key_len), 1)) { + OPENSSL_free(ticket_keys); + goto err; + } OPENSSL_free(ticket_keys); /* The default log list includes EC keys, so CT can't work without EC. */ #if !defined(OPENSSL_NO_CT) && !defined(OPENSSL_NO_EC) - TEST_check(SSL_CTX_set_default_ctlog_list_file(client_ctx)); + if (!TEST_true(SSL_CTX_set_default_ctlog_list_file(client_ctx))) + goto err; switch (extra->client.ct_validation) { case SSL_TEST_CT_VALIDATION_PERMISSIVE: - TEST_check(SSL_CTX_enable_ct(client_ctx, SSL_CT_VALIDATION_PERMISSIVE)); + if (!TEST_true(SSL_CTX_enable_ct(client_ctx, + SSL_CT_VALIDATION_PERMISSIVE))) + goto err; break; case SSL_TEST_CT_VALIDATION_STRICT: - TEST_check(SSL_CTX_enable_ct(client_ctx, SSL_CT_VALIDATION_STRICT)); + if (!TEST_true(SSL_CTX_enable_ct(client_ctx, SSL_CT_VALIDATION_STRICT))) + goto err; break; case SSL_TEST_CT_VALIDATION_NONE: break; } #endif +#ifndef OPENSSL_NO_SRP + if (extra->server.srp_user != NULL) { + SSL_CTX_set_srp_username_callback(server_ctx, server_srp_cb); + server_ctx_data->srp_user = OPENSSL_strdup(extra->server.srp_user); + server_ctx_data->srp_password = OPENSSL_strdup(extra->server.srp_password); + SSL_CTX_set_srp_cb_arg(server_ctx, server_ctx_data); + } + if (extra->server2.srp_user != NULL) { + if (!TEST_ptr(server2_ctx)) + goto err; + SSL_CTX_set_srp_username_callback(server2_ctx, server_srp_cb); + server2_ctx_data->srp_user = OPENSSL_strdup(extra->server2.srp_user); + server2_ctx_data->srp_password = OPENSSL_strdup(extra->server2.srp_password); + SSL_CTX_set_srp_cb_arg(server2_ctx, server2_ctx_data); + } + if (extra->client.srp_user != NULL) { + if (!TEST_true(SSL_CTX_set_srp_username(client_ctx, + extra->client.srp_user))) + goto err; + SSL_CTX_set_srp_client_pwd_callback(client_ctx, client_srp_cb); + client_ctx_data->srp_password = OPENSSL_strdup(extra->client.srp_password); + SSL_CTX_set_srp_cb_arg(client_ctx, client_ctx_data); + } +#endif /* !OPENSSL_NO_SRP */ + return 1; +err: + return 0; } /* Configure per-SSL callbacks and other properties. */ @@ -455,13 +726,17 @@ static void configure_handshake_ssl(SSL *server, SSL *client, if (extra->client.servername != SSL_TEST_SERVERNAME_NONE) SSL_set_tlsext_host_name(client, ssl_servername_name(extra->client.servername)); + if (extra->client.enable_pha) + SSL_set_post_handshake_auth(client, 1); } /* The status for each connection phase. */ typedef enum { PEER_SUCCESS, PEER_RETRY, - PEER_ERROR + PEER_ERROR, + PEER_WAITING, + PEER_TEST_FAILURE } peer_status_t; /* An SSL object and associated read-write buffers. */ @@ -477,17 +752,27 @@ typedef struct peer_st { peer_status_t status; } PEER; -static void create_peer(PEER *peer, SSL_CTX *ctx) +static int create_peer(PEER *peer, SSL_CTX *ctx) { static const int peer_buffer_size = 64 * 1024; + SSL *ssl = NULL; + unsigned char *read_buf = NULL, *write_buf = NULL; + + if (!TEST_ptr(ssl = SSL_new(ctx)) + || !TEST_ptr(write_buf = OPENSSL_zalloc(peer_buffer_size)) + || !TEST_ptr(read_buf = OPENSSL_zalloc(peer_buffer_size))) + goto err; - peer->ssl = SSL_new(ctx); - TEST_check(peer->ssl != NULL); - peer->write_buf = OPENSSL_zalloc(peer_buffer_size); - TEST_check(peer->write_buf != NULL); - peer->read_buf = OPENSSL_zalloc(peer_buffer_size); - TEST_check(peer->read_buf != NULL); + peer->ssl = ssl; + peer->write_buf = write_buf; + peer->read_buf = read_buf; peer->write_buf_len = peer->read_buf_len = peer_buffer_size; + return 1; +err: + SSL_free(ssl); + OPENSSL_free(write_buf); + OPENSSL_free(read_buf); + return 0; } static void peer_free_data(PEER *peer) @@ -503,24 +788,21 @@ static void peer_free_data(PEER *peer) */ static void do_handshake_step(PEER *peer) { - int ret; - - if (peer->status != PEER_RETRY) { - peer->status = PEER_ERROR; - return; - } - - ret = SSL_do_handshake(peer->ssl); - - if (ret == 1) { - peer->status = PEER_SUCCESS; - } else if (ret == 0) { - peer->status = PEER_ERROR; + if (!TEST_int_eq(peer->status, PEER_RETRY)) { + peer->status = PEER_TEST_FAILURE; } else { - int error = SSL_get_error(peer->ssl, ret); - /* Memory bios should never block with SSL_ERROR_WANT_WRITE. */ - if (error != SSL_ERROR_WANT_READ) + int ret = SSL_do_handshake(peer->ssl); + + if (ret == 1) { + peer->status = PEER_SUCCESS; + } else if (ret == 0) { peer->status = PEER_ERROR; + } else { + int error = SSL_get_error(peer->ssl, ret); + /* Memory bios should never block with SSL_ERROR_WANT_WRITE. */ + if (error != SSL_ERROR_WANT_READ) + peer->status = PEER_ERROR; + } } } @@ -537,13 +819,19 @@ static void do_app_data_step(PEER *peer) { int ret = 1, write_bytes; - TEST_check(peer->status == PEER_RETRY); + if (!TEST_int_eq(peer->status, PEER_RETRY)) { + peer->status = PEER_TEST_FAILURE; + return; + } /* We read everything available... */ while (ret > 0 && peer->bytes_to_read) { ret = SSL_read(peer->ssl, peer->read_buf, peer->read_buf_len); if (ret > 0) { - TEST_check(ret <= peer->bytes_to_read); + if (!TEST_int_le(ret, peer->bytes_to_read)) { + peer->status = PEER_TEST_FAILURE; + return; + } peer->bytes_to_read -= ret; } else if (ret == 0) { peer->status = PEER_ERROR; @@ -564,7 +852,10 @@ static void do_app_data_step(PEER *peer) ret = SSL_write(peer->ssl, peer->write_buf, write_bytes); if (ret > 0) { /* SSL_write will only succeed with a complete write. */ - TEST_check(ret == write_bytes); + if (!TEST_int_eq(ret, write_bytes)) { + peer->status = PEER_TEST_FAILURE; + return; + } peer->bytes_to_write -= ret; } else { /* @@ -603,9 +894,23 @@ static void do_reneg_setup_step(const SSL_TEST_CTX *test_ctx, PEER *peer) return; } - TEST_check(peer->status == PEER_RETRY); - TEST_check(test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_SERVER - || test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_CLIENT); + if (!TEST_int_eq(peer->status, PEER_RETRY) + || !TEST_true(test_ctx->handshake_mode + == SSL_TEST_HANDSHAKE_RENEG_SERVER + || test_ctx->handshake_mode + == SSL_TEST_HANDSHAKE_RENEG_CLIENT + || test_ctx->handshake_mode + == SSL_TEST_HANDSHAKE_KEY_UPDATE_SERVER + || test_ctx->handshake_mode + == SSL_TEST_HANDSHAKE_KEY_UPDATE_CLIENT + || test_ctx->handshake_mode + == SSL_TEST_HANDSHAKE_POST_HANDSHAKE_AUTH)) { + peer->status = PEER_TEST_FAILURE; + return; + } + + /* Reset the count of the amount of app data we need to read/write */ + peer->bytes_to_write = peer->bytes_to_read = test_ctx->app_data_size; /* Check if we are the peer that is going to initiate */ if ((test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_SERVER @@ -619,7 +924,7 @@ static void do_reneg_setup_step(const SSL_TEST_CTX *test_ctx, PEER *peer) if (!SSL_renegotiate_pending(peer->ssl)) { /* * If we are the client we will always attempt to resume the - * session. The server may or may not resume dependant on the + * session. The server may or may not resume dependent on the * setting of SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION */ if (SSL_is_server(peer->ssl)) { @@ -657,6 +962,48 @@ static void do_reneg_setup_step(const SSL_TEST_CTX *test_ctx, PEER *peer) peer->status = PEER_RETRY; return; } + } else if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_KEY_UPDATE_SERVER + || test_ctx->handshake_mode + == SSL_TEST_HANDSHAKE_KEY_UPDATE_CLIENT) { + if (SSL_is_server(peer->ssl) + != (test_ctx->handshake_mode + == SSL_TEST_HANDSHAKE_KEY_UPDATE_SERVER)) { + peer->status = PEER_SUCCESS; + return; + } + + ret = SSL_key_update(peer->ssl, test_ctx->key_update_type); + if (!ret) { + peer->status = PEER_ERROR; + return; + } + do_handshake_step(peer); + /* + * This is a one step handshake. We shouldn't get anything other than + * PEER_SUCCESS + */ + if (peer->status != PEER_SUCCESS) + peer->status = PEER_ERROR; + return; + } else if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_POST_HANDSHAKE_AUTH) { + if (SSL_is_server(peer->ssl)) { + /* Make the server believe it's received the extension */ + if (test_ctx->extra.server.force_pha) + peer->ssl->post_handshake_auth = SSL_PHA_EXT_RECEIVED; + ret = SSL_verify_client_post_handshake(peer->ssl); + if (!ret) { + peer->status = PEER_ERROR; + return; + } + } + do_handshake_step(peer); + /* + * This is a one step handshake. We shouldn't get anything other than + * PEER_SUCCESS + */ + if (peer->status != PEER_SUCCESS) + peer->status = PEER_ERROR; + return; } /* @@ -678,7 +1025,7 @@ static void do_reneg_setup_step(const SSL_TEST_CTX *test_ctx, PEER *peer) peer->status = PEER_ERROR; return; } - /* If we're no in init yet then we're not done with setup yet */ + /* If we're not in init yet then we're not done with setup yet */ if (!SSL_in_init(peer->ssl)) return; } @@ -706,15 +1053,18 @@ static void do_shutdown_step(PEER *peer) { int ret; - TEST_check(peer->status == PEER_RETRY); + if (!TEST_int_eq(peer->status, PEER_RETRY)) { + peer->status = PEER_TEST_FAILURE; + return; + } ret = SSL_shutdown(peer->ssl); if (ret == 1) { peer->status = PEER_SUCCESS; } else if (ret < 0) { /* On 0, we retry. */ int error = SSL_get_error(peer->ssl, ret); - /* Memory bios should never block with SSL_ERROR_WANT_WRITE. */ - if (error != SSL_ERROR_WANT_READ) + + if (error != SSL_ERROR_WANT_READ && error != SSL_ERROR_WANT_WRITE) peer->status = PEER_ERROR; } } @@ -729,18 +1079,42 @@ typedef enum { CONNECTION_DONE } connect_phase_t; + +static int renegotiate_op(const SSL_TEST_CTX *test_ctx) +{ + switch (test_ctx->handshake_mode) { + case SSL_TEST_HANDSHAKE_RENEG_SERVER: + case SSL_TEST_HANDSHAKE_RENEG_CLIENT: + return 1; + default: + return 0; + } +} +static int post_handshake_op(const SSL_TEST_CTX *test_ctx) +{ + switch (test_ctx->handshake_mode) { + case SSL_TEST_HANDSHAKE_KEY_UPDATE_CLIENT: + case SSL_TEST_HANDSHAKE_KEY_UPDATE_SERVER: + case SSL_TEST_HANDSHAKE_POST_HANDSHAKE_AUTH: + return 1; + default: + return 0; + } +} + static connect_phase_t next_phase(const SSL_TEST_CTX *test_ctx, connect_phase_t phase) { switch (phase) { case HANDSHAKE: - if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_SERVER - || test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_CLIENT) + if (renegotiate_op(test_ctx) || post_handshake_op(test_ctx)) return RENEG_APPLICATION_DATA; return APPLICATION_DATA; case RENEG_APPLICATION_DATA: return RENEG_SETUP; case RENEG_SETUP: + if (post_handshake_op(test_ctx)) + return APPLICATION_DATA; return RENEG_HANDSHAKE; case RENEG_HANDSHAKE: return APPLICATION_DATA; @@ -748,9 +1122,11 @@ static connect_phase_t next_phase(const SSL_TEST_CTX *test_ctx, return SHUTDOWN; case SHUTDOWN: return CONNECTION_DONE; - default: - TEST_check(0); /* Should never call next_phase when done. */ + case CONNECTION_DONE: + TEST_error("Trying to progress after connection done"); + break; } + return -1; } static void do_connect_step(const SSL_TEST_CTX *test_ctx, PEER *peer, @@ -775,8 +1151,9 @@ static void do_connect_step(const SSL_TEST_CTX *test_ctx, PEER *peer, case SHUTDOWN: do_shutdown_step(peer); break; - default: - TEST_check(0); + case CONNECTION_DONE: + TEST_error("Action after connection done"); + break; } } @@ -804,11 +1181,21 @@ static handshake_status_t handshake_status(peer_status_t last_status, int client_spoke_last) { switch (last_status) { + case PEER_TEST_FAILURE: + return INTERNAL_ERROR; + + case PEER_WAITING: + /* Shouldn't ever happen */ + return INTERNAL_ERROR; + case PEER_SUCCESS: switch (previous_status) { + case PEER_TEST_FAILURE: + return INTERNAL_ERROR; case PEER_SUCCESS: /* Both succeeded. */ return HANDSHAKE_SUCCESS; + case PEER_WAITING: case PEER_RETRY: /* Let the first peer finish. */ return HANDSHAKE_RETRY; @@ -826,6 +1213,11 @@ static handshake_status_t handshake_status(peer_status_t last_status, case PEER_ERROR: switch (previous_status) { + case PEER_TEST_FAILURE: + return INTERNAL_ERROR; + case PEER_WAITING: + /* The client failed immediately before sending the ClientHello */ + return client_spoke_last ? CLIENT_ERROR : INTERNAL_ERROR; case PEER_SUCCESS: /* * First peer succeeded but second peer errored. @@ -850,17 +1242,143 @@ static handshake_status_t handshake_status(peer_status_t last_status, /* Convert unsigned char buf's that shouldn't contain any NUL-bytes to char. */ static char *dup_str(const unsigned char *in, size_t len) { - char *ret; + char *ret = NULL; - if(len == 0) + if (len == 0) return NULL; /* Assert that the string does not contain NUL-bytes. */ - TEST_check(OPENSSL_strnlen((const char*)(in), len) == len); - ret = OPENSSL_strndup((const char*)(in), len); - TEST_check(ret != NULL); + if (TEST_size_t_eq(OPENSSL_strnlen((const char*)(in), len), len)) + TEST_ptr(ret = OPENSSL_strndup((const char*)(in), len)); + return ret; +} + +static int pkey_type(EVP_PKEY *pkey) +{ + int nid = EVP_PKEY_id(pkey); + +#ifndef OPENSSL_NO_EC + if (nid == EVP_PKEY_EC) { + const EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); + return EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); + } +#endif + return nid; +} + +static int peer_pkey_type(SSL *s) +{ + X509 *x = SSL_get_peer_certificate(s); + + if (x != NULL) { + int nid = pkey_type(X509_get0_pubkey(x)); + + X509_free(x); + return nid; + } + return NID_undef; +} + +#if !defined(OPENSSL_NO_SCTP) && !defined(OPENSSL_NO_SOCK) +static int set_sock_as_sctp(int sock) +{ + /* + * For SCTP we have to set various options on the socket prior to + * connecting. This is done automatically by BIO_new_dgram_sctp(). + * We don't actually need the created BIO though so we free it again + * immediately. + */ + BIO *tmpbio = BIO_new_dgram_sctp(sock, BIO_NOCLOSE); + + if (tmpbio == NULL) + return 0; + BIO_free(tmpbio); + + return 1; +} + +static int create_sctp_socks(int *ssock, int *csock) +{ + BIO_ADDRINFO *res = NULL; + const BIO_ADDRINFO *ai = NULL; + int lsock = INVALID_SOCKET, asock = INVALID_SOCKET; + int consock = INVALID_SOCKET; + int ret = 0; + int family = 0; + + if (BIO_sock_init() != 1) + return 0; + + /* + * Port is 4463. It could be anything. It will fail if it's already being + * used for some other SCTP service. It seems unlikely though so we don't + * worry about it here. + */ + if (!BIO_lookup_ex(NULL, "4463", BIO_LOOKUP_SERVER, family, SOCK_STREAM, + IPPROTO_SCTP, &res)) + return 0; + + for (ai = res; ai != NULL; ai = BIO_ADDRINFO_next(ai)) { + family = BIO_ADDRINFO_family(ai); + lsock = BIO_socket(family, SOCK_STREAM, IPPROTO_SCTP, 0); + if (lsock == INVALID_SOCKET) { + /* Maybe the kernel doesn't support the socket family, even if + * BIO_lookup() added it in the returned result... + */ + continue; + } + + if (!set_sock_as_sctp(lsock) + || !BIO_listen(lsock, BIO_ADDRINFO_address(ai), + BIO_SOCK_REUSEADDR)) { + BIO_closesocket(lsock); + lsock = INVALID_SOCKET; + continue; + } + + /* Success, don't try any more addresses */ + break; + } + + if (lsock == INVALID_SOCKET) + goto err; + + BIO_ADDRINFO_free(res); + res = NULL; + + if (!BIO_lookup_ex(NULL, "4463", BIO_LOOKUP_CLIENT, family, SOCK_STREAM, + IPPROTO_SCTP, &res)) + goto err; + + consock = BIO_socket(family, SOCK_STREAM, IPPROTO_SCTP, 0); + if (consock == INVALID_SOCKET) + goto err; + + if (!set_sock_as_sctp(consock) + || !BIO_connect(consock, BIO_ADDRINFO_address(res), 0) + || !BIO_socket_nbio(consock, 1)) + goto err; + + asock = BIO_accept_ex(lsock, NULL, BIO_SOCK_NONBLOCK); + if (asock == INVALID_SOCKET) + goto err; + + *csock = consock; + *ssock = asock; + consock = asock = INVALID_SOCKET; + ret = 1; + + err: + BIO_ADDRINFO_free(res); + if (consock != INVALID_SOCKET) + BIO_closesocket(consock); + if (lsock != INVALID_SOCKET) + BIO_closesocket(lsock); + if (asock != INVALID_SOCKET) + BIO_closesocket(asock); return ret; } +#endif /* * Note that |extra| points to the correct client/server configuration @@ -878,57 +1396,92 @@ static char *dup_str(const unsigned char *in, size_t len) static HANDSHAKE_RESULT *do_handshake_internal( SSL_CTX *server_ctx, SSL_CTX *server2_ctx, SSL_CTX *client_ctx, const SSL_TEST_CTX *test_ctx, const SSL_TEST_EXTRA_CONF *extra, - SSL_SESSION *session_in, SSL_SESSION **session_out) + SSL_SESSION *session_in, SSL_SESSION *serv_sess_in, + SSL_SESSION **session_out, SSL_SESSION **serv_sess_out) { PEER server, client; - BIO *client_to_server, *server_to_client; + BIO *client_to_server = NULL, *server_to_client = NULL; HANDSHAKE_EX_DATA server_ex_data, client_ex_data; CTX_DATA client_ctx_data, server_ctx_data, server2_ctx_data; HANDSHAKE_RESULT *ret = HANDSHAKE_RESULT_new(); - int client_turn = 1, client_turn_count = 0; + int client_turn = 1, client_turn_count = 0, client_wait_count = 0; connect_phase_t phase = HANDSHAKE; handshake_status_t status = HANDSHAKE_RETRY; const unsigned char* tick = NULL; size_t tick_len = 0; + const unsigned char* sess_id = NULL; + unsigned int sess_id_len = 0; SSL_SESSION* sess = NULL; const unsigned char *proto = NULL; /* API dictates unsigned int rather than size_t. */ unsigned int proto_len = 0; EVP_PKEY *tmp_key; + const STACK_OF(X509_NAME) *names; + time_t start; + const char* cipher; + + if (ret == NULL) + return NULL; memset(&server_ctx_data, 0, sizeof(server_ctx_data)); memset(&server2_ctx_data, 0, sizeof(server2_ctx_data)); memset(&client_ctx_data, 0, sizeof(client_ctx_data)); memset(&server, 0, sizeof(server)); memset(&client, 0, sizeof(client)); + memset(&server_ex_data, 0, sizeof(server_ex_data)); + memset(&client_ex_data, 0, sizeof(client_ex_data)); - configure_handshake_ctx(server_ctx, server2_ctx, client_ctx, test_ctx, extra, - &server_ctx_data, &server2_ctx_data, &client_ctx_data); + if (!configure_handshake_ctx(server_ctx, server2_ctx, client_ctx, + test_ctx, extra, &server_ctx_data, + &server2_ctx_data, &client_ctx_data)) { + TEST_note("configure_handshake_ctx"); + return NULL; + } /* Setup SSL and buffers; additional configuration happens below. */ - create_peer(&server, server_ctx); - create_peer(&client, client_ctx); + if (!create_peer(&server, server_ctx)) { + TEST_note("creating server context"); + goto err; + } + if (!create_peer(&client, client_ctx)) { + TEST_note("creating client context"); + goto err; + } server.bytes_to_write = client.bytes_to_read = test_ctx->app_data_size; client.bytes_to_write = server.bytes_to_read = test_ctx->app_data_size; configure_handshake_ssl(server.ssl, client.ssl, extra); if (session_in != NULL) { + SSL_SESSION_get_id(serv_sess_in, &sess_id_len); /* In case we're testing resumption without tickets. */ - TEST_check(SSL_CTX_add_session(server_ctx, session_in)); - TEST_check(SSL_set_session(client.ssl, session_in)); + if ((sess_id_len > 0 + && !TEST_true(SSL_CTX_add_session(server_ctx, + serv_sess_in))) + || !TEST_true(SSL_set_session(client.ssl, session_in))) + goto err; + sess_id_len = 0; } - memset(&server_ex_data, 0, sizeof(server_ex_data)); - memset(&client_ex_data, 0, sizeof(client_ex_data)); - ret->result = SSL_TEST_INTERNAL_ERROR; - client_to_server = BIO_new(BIO_s_mem()); - server_to_client = BIO_new(BIO_s_mem()); + if (test_ctx->use_sctp) { +#if !defined(OPENSSL_NO_SCTP) && !defined(OPENSSL_NO_SOCK) + int csock, ssock; - TEST_check(client_to_server != NULL); - TEST_check(server_to_client != NULL); + if (create_sctp_socks(&ssock, &csock)) { + client_to_server = BIO_new_dgram_sctp(csock, BIO_CLOSE); + server_to_client = BIO_new_dgram_sctp(ssock, BIO_CLOSE); + } +#endif + } else { + client_to_server = BIO_new(BIO_s_mem()); + server_to_client = BIO_new(BIO_s_mem()); + } + + if (!TEST_ptr(client_to_server) + || !TEST_ptr(server_to_client)) + goto err; /* Non-blocking bio. */ BIO_set_nbio(client_to_server, 1); @@ -938,21 +1491,30 @@ static HANDSHAKE_RESULT *do_handshake_internal( SSL_set_accept_state(server.ssl); /* The bios are now owned by the SSL object. */ - SSL_set_bio(client.ssl, server_to_client, client_to_server); - TEST_check(BIO_up_ref(server_to_client) > 0); - TEST_check(BIO_up_ref(client_to_server) > 0); - SSL_set_bio(server.ssl, client_to_server, server_to_client); + if (test_ctx->use_sctp) { + SSL_set_bio(client.ssl, client_to_server, client_to_server); + SSL_set_bio(server.ssl, server_to_client, server_to_client); + } else { + SSL_set_bio(client.ssl, server_to_client, client_to_server); + if (!TEST_int_gt(BIO_up_ref(server_to_client), 0) + || !TEST_int_gt(BIO_up_ref(client_to_server), 0)) + goto err; + SSL_set_bio(server.ssl, client_to_server, server_to_client); + } ex_data_idx = SSL_get_ex_new_index(0, "ex data", NULL, NULL, NULL); - TEST_check(ex_data_idx >= 0); - - TEST_check(SSL_set_ex_data(server.ssl, ex_data_idx, &server_ex_data) == 1); - TEST_check(SSL_set_ex_data(client.ssl, ex_data_idx, &client_ex_data) == 1); + if (!TEST_int_ge(ex_data_idx, 0) + || !TEST_int_eq(SSL_set_ex_data(server.ssl, ex_data_idx, &server_ex_data), 1) + || !TEST_int_eq(SSL_set_ex_data(client.ssl, ex_data_idx, &client_ex_data), 1)) + goto err; SSL_set_info_callback(server.ssl, &info_cb); SSL_set_info_callback(client.ssl, &info_cb); - client.status = server.status = PEER_RETRY; + client.status = PEER_RETRY; + server.status = PEER_WAITING; + + start = time(NULL); /* * Half-duplex handshake loop. @@ -967,6 +1529,8 @@ static HANDSHAKE_RESULT *do_handshake_internal( do_connect_step(test_ctx, &client, phase); status = handshake_status(client.status, server.status, 1 /* client went last */); + if (server.status == PEER_WAITING) + server.status = PEER_RETRY; } else { do_connect_step(test_ctx, &server, phase); status = handshake_status(server.status, client.status, @@ -1001,18 +1565,46 @@ static HANDSHAKE_RESULT *do_handshake_internal( ret->result = SSL_TEST_INTERNAL_ERROR; goto err; case HANDSHAKE_RETRY: - if (client_turn_count++ >= 2000) { + if (test_ctx->use_sctp) { + if (time(NULL) - start > 3) { + /* + * We've waited for too long. Give up. + */ + ret->result = SSL_TEST_INTERNAL_ERROR; + goto err; + } /* - * At this point, there's been so many PEER_RETRY in a row - * that it's likely both sides are stuck waiting for a read. - * It's time to give up. + * With "real" sockets we only swap to processing the peer + * if they are expecting to retry. Otherwise we just retry the + * same endpoint again. */ - ret->result = SSL_TEST_INTERNAL_ERROR; - goto err; + if ((client_turn && server.status == PEER_RETRY) + || (!client_turn && client.status == PEER_RETRY)) + client_turn ^= 1; + } else { + if (client_turn_count++ >= 2000) { + /* + * At this point, there's been so many PEER_RETRY in a row + * that it's likely both sides are stuck waiting for a read. + * It's time to give up. + */ + ret->result = SSL_TEST_INTERNAL_ERROR; + goto err; + } + if (client_turn && server.status == PEER_SUCCESS) { + /* + * The server may finish before the client because the + * client spends some turns processing NewSessionTickets. + */ + if (client_wait_count++ >= 2) { + ret->result = SSL_TEST_INTERNAL_ERROR; + goto err; + } + } else { + /* Continue. */ + client_turn ^= 1; + } } - - /* Continue. */ - client_turn ^= 1; break; } } @@ -1026,12 +1618,21 @@ static HANDSHAKE_RESULT *do_handshake_internal( ret->server_protocol = SSL_version(server.ssl); ret->client_protocol = SSL_version(client.ssl); ret->servername = server_ex_data.servername; - if ((sess = SSL_get0_session(client.ssl)) != NULL) + if ((sess = SSL_get0_session(client.ssl)) != NULL) { SSL_SESSION_get0_ticket(sess, &tick, &tick_len); + sess_id = SSL_SESSION_get_id(sess, &sess_id_len); + } if (tick == NULL || tick_len == 0) ret->session_ticket = SSL_TEST_SESSION_TICKET_NO; else ret->session_ticket = SSL_TEST_SESSION_TICKET_YES; + ret->compression = (SSL_get_current_compression(client.ssl) == NULL) + ? SSL_TEST_COMPRESSION_NO + : SSL_TEST_COMPRESSION_YES; + if (sess_id == NULL || sess_id_len == 0) + ret->session_id = SSL_TEST_SESSION_ID_NO; + else + ret->session_id = SSL_TEST_SESSION_ID_YES; ret->session_ticket_do_not_call = server_ex_data.session_ticket_do_not_call; #ifndef OPENSSL_NO_NEXTPROTONEG @@ -1048,25 +1649,56 @@ static HANDSHAKE_RESULT *do_handshake_internal( SSL_get0_alpn_selected(server.ssl, &proto, &proto_len); ret->server_alpn_negotiated = dup_str(proto, proto_len); + if ((sess = SSL_get0_session(server.ssl)) != NULL) { + SSL_SESSION_get0_ticket_appdata(sess, (void**)&tick, &tick_len); + ret->result_session_ticket_app_data = OPENSSL_strndup((const char*)tick, tick_len); + } + ret->client_resumed = SSL_session_reused(client.ssl); ret->server_resumed = SSL_session_reused(server.ssl); + cipher = SSL_CIPHER_get_name(SSL_get_current_cipher(client.ssl)); + ret->cipher = dup_str((const unsigned char*)cipher, strlen(cipher)); + if (session_out != NULL) *session_out = SSL_get1_session(client.ssl); + if (serv_sess_out != NULL) { + SSL_SESSION *tmp = SSL_get_session(server.ssl); - if (SSL_get_server_tmp_key(client.ssl, &tmp_key)) { - int nid = EVP_PKEY_id(tmp_key); + /* + * We create a fresh copy that is not in the server session ctx linked + * list. + */ + if (tmp != NULL) + *serv_sess_out = SSL_SESSION_dup(tmp); + } -#ifndef OPENSSL_NO_EC - if (nid == EVP_PKEY_EC) { - EC_KEY *ec = EVP_PKEY_get0_EC_KEY(tmp_key); - nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); - } -#endif + if (SSL_get_peer_tmp_key(client.ssl, &tmp_key)) { + ret->tmp_key_type = pkey_type(tmp_key); EVP_PKEY_free(tmp_key); - ret->tmp_key_type = nid; } + SSL_get_peer_signature_nid(client.ssl, &ret->server_sign_hash); + SSL_get_peer_signature_nid(server.ssl, &ret->client_sign_hash); + + SSL_get_peer_signature_type_nid(client.ssl, &ret->server_sign_type); + SSL_get_peer_signature_type_nid(server.ssl, &ret->client_sign_type); + + names = SSL_get0_peer_CA_list(client.ssl); + if (names == NULL) + ret->client_ca_names = NULL; + else + ret->client_ca_names = SSL_dup_CA_list(names); + + names = SSL_get0_peer_CA_list(server.ssl); + if (names == NULL) + ret->server_ca_names = NULL; + else + ret->server_ca_names = SSL_dup_CA_list(names); + + ret->server_cert_type = peer_pkey_type(client.ssl); + ret->client_cert_type = peer_pkey_type(server.ssl); + ctx_data_free_data(&server_ctx_data); ctx_data_free_data(&server2_ctx_data); ctx_data_free_data(&client_ctx_data); @@ -1082,12 +1714,14 @@ HANDSHAKE_RESULT *do_handshake(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, const SSL_TEST_CTX *test_ctx) { HANDSHAKE_RESULT *result; - SSL_SESSION *session = NULL; + SSL_SESSION *session = NULL, *serv_sess = NULL; result = do_handshake_internal(server_ctx, server2_ctx, client_ctx, test_ctx, &test_ctx->extra, - NULL, &session); - if (test_ctx->handshake_mode != SSL_TEST_HANDSHAKE_RESUME) + NULL, NULL, &session, &serv_sess); + if (result == NULL + || test_ctx->handshake_mode != SSL_TEST_HANDSHAKE_RESUME + || result->result == SSL_TEST_INTERNAL_ERROR) goto end; if (result->result != SSL_TEST_SUCCESS) { @@ -1099,8 +1733,9 @@ HANDSHAKE_RESULT *do_handshake(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, /* We don't support SNI on second handshake yet, so server2_ctx is NULL. */ result = do_handshake_internal(resume_server_ctx, NULL, resume_client_ctx, test_ctx, &test_ctx->resume_extra, - session, NULL); + session, serv_sess, NULL, NULL); end: SSL_SESSION_free(session); + SSL_SESSION_free(serv_sess); return result; } diff --git a/deps/openssl/openssl/test/handshake_helper.h b/deps/openssl/openssl/test/handshake_helper.h index 4f70592a1867be..ab6446a490bbc6 100644 --- a/deps/openssl/openssl/test/handshake_helper.h +++ b/deps/openssl/openssl/test/handshake_helper.h @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -34,6 +34,7 @@ typedef struct handshake_result { ssl_servername_t servername; /* Session ticket status */ ssl_session_ticket_t session_ticket; + int compression; /* Was this called on the second context? */ int session_ticket_do_not_call; char *client_npn_negotiated; @@ -45,6 +46,27 @@ typedef struct handshake_result { int server_resumed; /* Temporary key type */ int tmp_key_type; + /* server certificate key type */ + int server_cert_type; + /* server signing hash */ + int server_sign_hash; + /* server signature type */ + int server_sign_type; + /* server CA names */ + STACK_OF(X509_NAME) *server_ca_names; + /* client certificate key type */ + int client_cert_type; + /* client signing hash */ + int client_sign_hash; + /* client signature type */ + int client_sign_type; + /* Client CA names */ + STACK_OF(X509_NAME) *client_ca_names; + /* Session id status */ + ssl_session_id_t session_id; + char *cipher; + /* session ticket application data */ + char *result_session_ticket_app_data; } HANDSHAKE_RESULT; HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void); diff --git a/deps/openssl/openssl/test/heartbeat_test.c b/deps/openssl/openssl/test/heartbeat_test.c deleted file mode 100644 index 906736c37e560a..00000000000000 --- a/deps/openssl/openssl/test/heartbeat_test.c +++ /dev/null @@ -1,378 +0,0 @@ -/* - * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/*- - * Unit test for TLS heartbeats. - * - * Acts as a regression test against the Heartbleed bug (CVE-2014-0160). - * - * Author: Mike Bland (mbland@acm.org, http://mike-bland.com/) - * Date: 2014-04-12 - * License: Creative Commons Attribution 4.0 International (CC By 4.0) - * http://creativecommons.org/licenses/by/4.0/deed.en_US - * - * OUTPUT - * ------ - * The program returns zero on success. It will print a message with a count - * of the number of failed tests and return nonzero if any tests fail. - * - * It will print the contents of the request and response buffers for each - * failing test. In a "fixed" version, all the tests should pass and there - * should be no output. - * - * In a "bleeding" version, you'll see: - * - * test_dtls1_heartbleed failed: - * expected payload len: 0 - * received: 1024 - * sent 26 characters - * "HEARTBLEED " - * received 1024 characters - * "HEARTBLEED \xde\xad\xbe\xef..." - * ** test_dtls1_heartbleed failed ** - * - * The contents of the returned buffer in the failing test will depend on the - * contents of memory on your machine. - * - * MORE INFORMATION - * ---------------- - * http://mike-bland.com/2014/04/12/heartbleed.html - * http://mike-bland.com/tags/heartbleed.html - */ - -#define OPENSSL_UNIT_TEST - -#include "../ssl/ssl_locl.h" - -#include "testutil.h" -#include -#include -#include -#include - -#if !defined(OPENSSL_NO_HEARTBEATS) && !defined(OPENSSL_NO_UNIT_TEST) - -/* As per https://tools.ietf.org/html/rfc6520#section-4 */ -# define MIN_PADDING_SIZE 16 - -/* Maximum number of payload characters to print as test output */ -# define MAX_PRINTABLE_CHARACTERS 1024 - -typedef struct heartbeat_test_fixture { - SSL_CTX *ctx; - SSL *s; - const char *test_case_name; - int (*process_heartbeat) (SSL *s, unsigned char *p, unsigned int length); - unsigned char *payload; - int sent_payload_len; - int expected_return_value; - int return_payload_offset; - int expected_payload_len; - const char *expected_return_payload; -} HEARTBEAT_TEST_FIXTURE; - -static HEARTBEAT_TEST_FIXTURE set_up(const char *const test_case_name, - const SSL_METHOD *meth) -{ - HEARTBEAT_TEST_FIXTURE fixture; - int setup_ok = 1; - memset(&fixture, 0, sizeof(fixture)); - fixture.test_case_name = test_case_name; - - fixture.ctx = SSL_CTX_new(meth); - if (!fixture.ctx) { - fprintf(stderr, "Failed to allocate SSL_CTX for test: %s\n", - test_case_name); - setup_ok = 0; - goto fail; - } - - fixture.s = SSL_new(fixture.ctx); - if (!fixture.s) { - fprintf(stderr, "Failed to allocate SSL for test: %s\n", - test_case_name); - setup_ok = 0; - goto fail; - } - - if (!ssl_init_wbio_buffer(fixture.s)) { - fprintf(stderr, "Failed to set up wbio buffer for test: %s\n", - test_case_name); - setup_ok = 0; - goto fail; - } - - if (!ssl3_setup_buffers(fixture.s)) { - fprintf(stderr, "Failed to setup buffers for test: %s\n", - test_case_name); - setup_ok = 0; - goto fail; - } - - /* - * Clear the memory for the return buffer, since this isn't automatically - * zeroed in opt mode and will cause spurious test failures that will - * change with each execution. - */ - memset(fixture.s->rlayer.wbuf.buf, 0, fixture.s->rlayer.wbuf.len); - - fail: - if (!setup_ok) { - ERR_print_errors_fp(stderr); - exit(EXIT_FAILURE); - } - return fixture; -} - -static HEARTBEAT_TEST_FIXTURE set_up_dtls(const char *const test_case_name) -{ - HEARTBEAT_TEST_FIXTURE fixture = set_up(test_case_name, - DTLS_server_method()); - fixture.process_heartbeat = dtls1_process_heartbeat; - - /* - * As per dtls1_get_record(), skipping the following from the beginning - * of the returned heartbeat message: type-1 byte; version-2 bytes; - * sequence number-8 bytes; length-2 bytes And then skipping the 1-byte - * type encoded by process_heartbeat for a total of 14 bytes, at which - * point we can grab the length and the payload we seek. - */ - fixture.return_payload_offset = 14; - return fixture; -} - -/* Needed by ssl3_write_bytes() */ -static int dummy_handshake(SSL *s) -{ - return 1; -} - -static void tear_down(HEARTBEAT_TEST_FIXTURE fixture) -{ - ERR_print_errors_fp(stderr); - SSL_free(fixture.s); - SSL_CTX_free(fixture.ctx); -} - -static void print_payload(const char *const prefix, - const unsigned char *payload, const int n) -{ - const int end = n < MAX_PRINTABLE_CHARACTERS ? n - : MAX_PRINTABLE_CHARACTERS; - int i = 0; - - printf("%s %d character%s", prefix, n, n == 1 ? "" : "s"); - if (end != n) - printf(" (first %d shown)", end); - printf("\n \""); - - for (; i != end; ++i) { - const unsigned char c = payload[i]; - if (isprint(c)) - fputc(c, stdout); - else - printf("\\x%02x", c); - } - printf("\"\n"); -} - -static int execute_heartbeat(HEARTBEAT_TEST_FIXTURE fixture) -{ - int result = 0; - SSL *s = fixture.s; - unsigned char *payload = fixture.payload; - unsigned char sent_buf[MAX_PRINTABLE_CHARACTERS + 1]; - int return_value; - unsigned const char *p; - int actual_payload_len; - - s->rlayer.rrec.data = payload; - s->rlayer.rrec.length = strlen((const char *)payload); - *payload++ = TLS1_HB_REQUEST; - s2n(fixture.sent_payload_len, payload); - - /* - * Make a local copy of the request, since it gets overwritten at some - * point - */ - memcpy(sent_buf, payload, sizeof(sent_buf)); - - return_value = fixture.process_heartbeat(s, s->rlayer.rrec.data, - s->rlayer.rrec.length); - - if (return_value != fixture.expected_return_value) { - printf("%s failed: expected return value %d, received %d\n", - fixture.test_case_name, fixture.expected_return_value, - return_value); - result = 1; - } - - /* - * If there is any byte alignment, it will be stored in wbuf.offset. - */ - p = &(s->rlayer. - wbuf.buf[fixture.return_payload_offset + s->rlayer.wbuf.offset]); - actual_payload_len = 0; - n2s(p, actual_payload_len); - - if (actual_payload_len != fixture.expected_payload_len) { - printf("%s failed:\n expected payload len: %d\n received: %d\n", - fixture.test_case_name, fixture.expected_payload_len, - actual_payload_len); - print_payload("sent", sent_buf, strlen((const char *)sent_buf)); - print_payload("received", p, actual_payload_len); - result = 1; - } else { - char *actual_payload = - OPENSSL_strndup((const char *)p, actual_payload_len); - if (strcmp(actual_payload, fixture.expected_return_payload) != 0) { - printf - ("%s failed:\n expected payload: \"%s\"\n received: \"%s\"\n", - fixture.test_case_name, fixture.expected_return_payload, - actual_payload); - result = 1; - } - OPENSSL_free(actual_payload); - } - - if (result != 0) { - printf("** %s failed **\n--------\n", fixture.test_case_name); - } - return result; -} - -static int honest_payload_size(unsigned char payload_buf[]) -{ - /* Omit three-byte pad at the beginning for type and payload length */ - return strlen((const char *)&payload_buf[3]) - MIN_PADDING_SIZE; -} - -# define SETUP_HEARTBEAT_TEST_FIXTURE(type)\ - SETUP_TEST_FIXTURE(HEARTBEAT_TEST_FIXTURE, set_up_##type) - -# define EXECUTE_HEARTBEAT_TEST()\ - EXECUTE_TEST(execute_heartbeat, tear_down) - -static int test_dtls1_not_bleeding() -{ - SETUP_HEARTBEAT_TEST_FIXTURE(dtls); - /* Three-byte pad at the beginning for type and payload length */ - unsigned char payload_buf[MAX_PRINTABLE_CHARACTERS + 4] = - " Not bleeding, sixteen spaces of padding" " "; - const int payload_buf_len = honest_payload_size(payload_buf); - - fixture.payload = &payload_buf[0]; - fixture.sent_payload_len = payload_buf_len; - fixture.expected_return_value = 0; - fixture.expected_payload_len = payload_buf_len; - fixture.expected_return_payload = - "Not bleeding, sixteen spaces of padding"; - EXECUTE_HEARTBEAT_TEST(); -} - -static int test_dtls1_not_bleeding_empty_payload() -{ - int payload_buf_len; - - SETUP_HEARTBEAT_TEST_FIXTURE(dtls); - /* - * Three-byte pad at the beginning for type and payload length, plus a - * NUL at the end - */ - unsigned char payload_buf[4 + MAX_PRINTABLE_CHARACTERS]; - memset(payload_buf, ' ', MIN_PADDING_SIZE + 3); - payload_buf[MIN_PADDING_SIZE + 3] = '\0'; - payload_buf_len = honest_payload_size(payload_buf); - - fixture.payload = &payload_buf[0]; - fixture.sent_payload_len = payload_buf_len; - fixture.expected_return_value = 0; - fixture.expected_payload_len = payload_buf_len; - fixture.expected_return_payload = ""; - EXECUTE_HEARTBEAT_TEST(); -} - -static int test_dtls1_heartbleed() -{ - SETUP_HEARTBEAT_TEST_FIXTURE(dtls); - /* Three-byte pad at the beginning for type and payload length */ - unsigned char payload_buf[4 + MAX_PRINTABLE_CHARACTERS] = - " HEARTBLEED "; - - fixture.payload = &payload_buf[0]; - fixture.sent_payload_len = MAX_PRINTABLE_CHARACTERS; - fixture.expected_return_value = 0; - fixture.expected_payload_len = 0; - fixture.expected_return_payload = ""; - EXECUTE_HEARTBEAT_TEST(); -} - -static int test_dtls1_heartbleed_empty_payload() -{ - SETUP_HEARTBEAT_TEST_FIXTURE(dtls); - /* - * Excluding the NUL at the end, one byte short of type + payload length - * + minimum padding - */ - unsigned char payload_buf[MAX_PRINTABLE_CHARACTERS + 4]; - memset(payload_buf, ' ', MIN_PADDING_SIZE + 2); - payload_buf[MIN_PADDING_SIZE + 2] = '\0'; - - fixture.payload = &payload_buf[0]; - fixture.sent_payload_len = MAX_PRINTABLE_CHARACTERS; - fixture.expected_return_value = 0; - fixture.expected_payload_len = 0; - fixture.expected_return_payload = ""; - EXECUTE_HEARTBEAT_TEST(); -} - -static int test_dtls1_heartbleed_excessive_plaintext_length() -{ - SETUP_HEARTBEAT_TEST_FIXTURE(dtls); - /* - * Excluding the NUL at the end, one byte in excess of maximum allowed - * heartbeat message length - */ - unsigned char payload_buf[SSL3_RT_MAX_PLAIN_LENGTH + 2]; - memset(payload_buf, ' ', sizeof(payload_buf)); - payload_buf[sizeof(payload_buf) - 1] = '\0'; - - fixture.payload = &payload_buf[0]; - fixture.sent_payload_len = honest_payload_size(payload_buf); - fixture.expected_return_value = 0; - fixture.expected_payload_len = 0; - fixture.expected_return_payload = ""; - EXECUTE_HEARTBEAT_TEST(); -} - -# undef EXECUTE_HEARTBEAT_TEST -# undef SETUP_HEARTBEAT_TEST_FIXTURE - -int main(int argc, char *argv[]) -{ - int result = 0; - - ADD_TEST(test_dtls1_not_bleeding); - ADD_TEST(test_dtls1_not_bleeding_empty_payload); - ADD_TEST(test_dtls1_heartbleed); - ADD_TEST(test_dtls1_heartbleed_empty_payload); - ADD_TEST(test_dtls1_heartbleed_excessive_plaintext_length); - - result = run_tests(argv[0]); - ERR_print_errors_fp(stderr); - return result; -} - -#else /* OPENSSL_NO_HEARTBEATS */ - -int main(int argc, char *argv[]) -{ - return EXIT_SUCCESS; -} -#endif /* OPENSSL_NO_HEARTBEATS */ diff --git a/deps/openssl/openssl/test/hmactest.c b/deps/openssl/openssl/test/hmactest.c index a5c6e74e003d02..eeb0669ee8dfdf 100644 --- a/deps/openssl/openssl/test/hmactest.c +++ b/deps/openssl/openssl/test/hmactest.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,7 +11,7 @@ #include #include -#include "../e_os.h" +#include "internal/nelem.h" # include # include @@ -23,6 +23,8 @@ # include # endif +#include "testutil.h" + # ifndef OPENSSL_NO_MD5 static struct test_st { unsigned char key[16]; @@ -79,21 +81,11 @@ static struct test_st { static char *pt(unsigned char *md, unsigned int len); -int main(int argc, char *argv[]) -{ + # ifndef OPENSSL_NO_MD5 - int i; +static int test_hmac_md5(int idx) +{ char *p; -# endif - int err = 0; - HMAC_CTX *ctx = NULL, *ctx2 = NULL; - unsigned char buf[EVP_MAX_MD_SIZE]; - unsigned int len; - -# ifdef OPENSSL_NO_MD5 - printf("test skipped: MD5 disabled\n"); -# else - # ifdef CHARSET_EBCDIC ebcdic2ascii(test[0].data, test[0].data, test[0].data_len); ebcdic2ascii(test[1].data, test[1].data, test[1].data_len); @@ -101,202 +93,135 @@ int main(int argc, char *argv[]) ebcdic2ascii(test[2].data, test[2].data, test[2].data_len); # endif - for (i = 0; i < 4; i++) { - p = pt(HMAC(EVP_md5(), - test[i].key, test[i].key_len, - test[i].data, test[i].data_len, NULL, NULL), - MD5_DIGEST_LENGTH); - - if (strcmp(p, (char *)test[i].digest) != 0) { - printf("Error calculating HMAC on %d entry'\n", i); - printf("got %s instead of %s\n", p, test[i].digest); - err++; - } else - printf("test %d ok\n", i); - } -# endif /* OPENSSL_NO_MD5 */ + p = pt(HMAC(EVP_md5(), + test[idx].key, test[idx].key_len, + test[idx].data, test[idx].data_len, NULL, NULL), + MD5_DIGEST_LENGTH); + + if (!TEST_str_eq(p, (char *)test[idx].digest)) + return 0; + + return 1; +} +# endif + +static int test_hmac_bad(void) +{ + HMAC_CTX *ctx = NULL; + int ret = 0; -/* test4 */ ctx = HMAC_CTX_new(); - if (ctx == NULL) { - printf("HMAC malloc failure (test 4)\n"); - err++; - goto end; - } - if (HMAC_CTX_get_md(ctx) != NULL) { - printf("Message digest not NULL for HMAC (test 4)\n"); - err++; - goto test5; - } - if (HMAC_Init_ex(ctx, NULL, 0, NULL, NULL)) { - printf("Should fail to initialise HMAC with empty MD and key (test 4)\n"); - err++; - goto test5; - } - if (HMAC_Update(ctx, test[4].data, test[4].data_len)) { - printf("Should fail HMAC_Update with ctx not set up (test 4)\n"); - err++; - goto test5; - } - if (HMAC_Init_ex(ctx, NULL, 0, EVP_sha1(), NULL)) { - printf("Should fail to initialise HMAC with empty key (test 4)\n"); - err++; - goto test5; - } - if (HMAC_Update(ctx, test[4].data, test[4].data_len)) { - printf("Should fail HMAC_Update with ctx not set up (test 4)\n"); - err++; - goto test5; - } - printf("test 4 ok\n"); -test5: - /* Test 5 has empty key; test that single-shot accepts a NULL key. */ - p = pt(HMAC(EVP_sha1(), NULL, 0, test[4].data, test[4].data_len, - NULL, NULL), SHA_DIGEST_LENGTH); - if (strcmp(p, (char *)test[4].digest) != 0) { - printf("Error calculating HMAC on %d entry'\n", i); - printf("got %s instead of %s\n", p, test[4].digest); - err++; - } + if (!TEST_ptr(ctx) + || !TEST_ptr_null(HMAC_CTX_get_md(ctx)) + || !TEST_false(HMAC_Init_ex(ctx, NULL, 0, NULL, NULL)) + || !TEST_false(HMAC_Update(ctx, test[4].data, test[4].data_len)) + || !TEST_false(HMAC_Init_ex(ctx, NULL, 0, EVP_sha1(), NULL)) + || !TEST_false(HMAC_Update(ctx, test[4].data, test[4].data_len))) + goto err; + + ret = 1; +err: + HMAC_CTX_free(ctx); + return ret; +} + +static int test_hmac_run(void) +{ + char *p; + HMAC_CTX *ctx = NULL; + unsigned char buf[EVP_MAX_MD_SIZE]; + unsigned int len; + int ret = 0; + ctx = HMAC_CTX_new(); HMAC_CTX_reset(ctx); - if (HMAC_CTX_get_md(ctx) != NULL) { - printf("Message digest not NULL for HMAC (test 5)\n"); - err++; - goto test6; - } - if (HMAC_Init_ex(ctx, test[4].key, test[4].key_len, NULL, NULL)) { - printf("Should fail to initialise HMAC with empty MD (test 5)\n"); - err++; - goto test6; - } - if (HMAC_Update(ctx, test[4].data, test[4].data_len)) { - printf("Should fail HMAC_Update with ctx not set up (test 5)\n"); - err++; - goto test6; - } - if (HMAC_Init_ex(ctx, test[4].key, -1, EVP_sha1(), NULL)) { - printf("Should fail to initialise HMAC with invalid key len(test 5)\n"); - err++; - goto test6; - } - if (!HMAC_Init_ex(ctx, test[4].key, test[4].key_len, EVP_sha1(), NULL)) { - printf("Failed to initialise HMAC (test 5)\n"); - err++; - goto test6; - } - if (!HMAC_Update(ctx, test[4].data, test[4].data_len)) { - printf("Error updating HMAC with data (test 5)\n"); - err++; - goto test6; - } - if (!HMAC_Final(ctx, buf, &len)) { - printf("Error finalising data (test 5)\n"); - err++; - goto test6; - } + + if (!TEST_ptr(ctx) + || !TEST_ptr_null(HMAC_CTX_get_md(ctx)) + || !TEST_false(HMAC_Init_ex(ctx, NULL, 0, NULL, NULL)) + || !TEST_false(HMAC_Update(ctx, test[4].data, test[4].data_len)) + || !TEST_false(HMAC_Init_ex(ctx, test[4].key, -1, EVP_sha1(), NULL))) + goto err; + + if (!TEST_true(HMAC_Init_ex(ctx, test[4].key, test[4].key_len, EVP_sha1(), NULL)) + || !TEST_true(HMAC_Update(ctx, test[4].data, test[4].data_len)) + || !TEST_true(HMAC_Final(ctx, buf, &len))) + goto err; + p = pt(buf, len); - if (strcmp(p, (char *)test[4].digest) != 0) { - printf("Error calculating interim HMAC on test 5\n"); - printf("got %s instead of %s\n", p, test[4].digest); - err++; - goto test6; - } - if (HMAC_Init_ex(ctx, NULL, 0, EVP_sha256(), NULL)) { - printf("Should disallow changing MD without a new key (test 5)\n"); - err++; - goto test6; - } - if (!HMAC_Init_ex(ctx, test[5].key, test[5].key_len, EVP_sha256(), NULL)) { - printf("Failed to reinitialise HMAC (test 5)\n"); - err++; - goto test6; - } - if (HMAC_CTX_get_md(ctx) != EVP_sha256()) { - printf("Unexpected message digest for HMAC (test 5)\n"); - err++; - goto test6; - } - if (!HMAC_Update(ctx, test[5].data, test[5].data_len)) { - printf("Error updating HMAC with data (sha256) (test 5)\n"); - err++; - goto test6; - } - if (!HMAC_Final(ctx, buf, &len)) { - printf("Error finalising data (sha256) (test 5)\n"); - err++; - goto test6; - } + if (!TEST_str_eq(p, (char *)test[4].digest)) + goto err; + + if (!TEST_false(HMAC_Init_ex(ctx, NULL, 0, EVP_sha256(), NULL))) + goto err; + + if (!TEST_true(HMAC_Init_ex(ctx, test[5].key, test[5].key_len, EVP_sha256(), NULL)) + || !TEST_ptr_eq(HMAC_CTX_get_md(ctx), EVP_sha256()) + || !TEST_true(HMAC_Update(ctx, test[5].data, test[5].data_len)) + || !TEST_true(HMAC_Final(ctx, buf, &len))) + goto err; + p = pt(buf, len); - if (strcmp(p, (char *)test[5].digest) != 0) { - printf("Error calculating 2nd interim HMAC on test 5\n"); - printf("got %s instead of %s\n", p, test[5].digest); - err++; - goto test6; - } - if (!HMAC_Init_ex(ctx, test[6].key, test[6].key_len, NULL, NULL)) { - printf("Failed to reinitialise HMAC with key (test 5)\n"); - err++; - goto test6; - } - if (!HMAC_Update(ctx, test[6].data, test[6].data_len)) { - printf("Error updating HMAC with data (new key) (test 5)\n"); - err++; - goto test6; - } - if (!HMAC_Final(ctx, buf, &len)) { - printf("Error finalising data (new key) (test 5)\n"); - err++; - goto test6; - } + if (!TEST_str_eq(p, (char *)test[5].digest)) + goto err; + + if (!TEST_true(HMAC_Init_ex(ctx, test[6].key, test[6].key_len, NULL, NULL)) + || !TEST_true(HMAC_Update(ctx, test[6].data, test[6].data_len)) + || !TEST_true(HMAC_Final(ctx, buf, &len))) + goto err; p = pt(buf, len); - if (strcmp(p, (char *)test[6].digest) != 0) { - printf("error calculating HMAC on test 5\n"); - printf("got %s instead of %s\n", p, test[6].digest); - err++; - } else { - printf("test 5 ok\n"); - } -test6: - HMAC_CTX_reset(ctx); + if (!TEST_str_eq(p, (char *)test[6].digest)) + goto err; + + ret = 1; +err: + HMAC_CTX_free(ctx); + return ret; +} + + +static int test_hmac_single_shot(void) +{ + char *p; + + /* Test single-shot with an empty key. */ + p = pt(HMAC(EVP_sha1(), NULL, 0, test[4].data, test[4].data_len, + NULL, NULL), SHA_DIGEST_LENGTH); + if (!TEST_str_eq(p, (char *)test[4].digest)) + return 0; + + return 1; +} + + +static int test_hmac_copy(void) +{ + char *p; + HMAC_CTX *ctx = NULL, *ctx2 = NULL; + unsigned char buf[EVP_MAX_MD_SIZE]; + unsigned int len; + int ret = 0; + + ctx = HMAC_CTX_new(); ctx2 = HMAC_CTX_new(); - if (ctx2 == NULL) { - printf("HMAC malloc failure (test 6)\n"); - err++; - goto end; - } - if (!HMAC_Init_ex(ctx, test[7].key, test[7].key_len, EVP_sha1(), NULL)) { - printf("Failed to initialise HMAC (test 6)\n"); - err++; - goto end; - } - if (!HMAC_Update(ctx, test[7].data, test[7].data_len)) { - printf("Error updating HMAC with data (test 6)\n"); - err++; - goto end; - } - if (!HMAC_CTX_copy(ctx2, ctx)) { - printf("Failed to copy HMAC_CTX (test 6)\n"); - err++; - goto end; - } - if (!HMAC_Final(ctx2, buf, &len)) { - printf("Error finalising data (test 6)\n"); - err++; - goto end; - } + if (!TEST_ptr(ctx) || !TEST_ptr(ctx2)) + goto err; + + if (!TEST_true(HMAC_Init_ex(ctx, test[7].key, test[7].key_len, EVP_sha1(), NULL)) + || !TEST_true(HMAC_Update(ctx, test[7].data, test[7].data_len)) + || !TEST_true(HMAC_CTX_copy(ctx2, ctx)) + || !TEST_true(HMAC_Final(ctx2, buf, &len))) + goto err; + p = pt(buf, len); - if (strcmp(p, (char *)test[7].digest) != 0) { - printf("Error calculating HMAC on test 6\n"); - printf("got %s instead of %s\n", p, test[7].digest); - err++; - } else { - printf("test 6 ok\n"); - } -end: + if (!TEST_str_eq(p, (char *)test[7].digest)) + goto err; + + ret = 1; +err: HMAC_CTX_free(ctx2); HMAC_CTX_free(ctx); - EXIT(err); + return ret; } # ifndef OPENSSL_NO_MD5 @@ -307,6 +232,16 @@ static char *pt(unsigned char *md, unsigned int len) for (i = 0; i < len; i++) sprintf(&(buf[i * 2]), "%02x", md[i]); - return (buf); + return buf; } # endif + +int setup_tests(void) +{ + ADD_ALL_TESTS(test_hmac_md5, 4); + ADD_TEST(test_hmac_single_shot); + ADD_TEST(test_hmac_bad); + ADD_TEST(test_hmac_run); + ADD_TEST(test_hmac_copy); + return 1; +} diff --git a/deps/openssl/openssl/test/ideatest.c b/deps/openssl/openssl/test/ideatest.c index 38496700938f1c..c80e18f80ab77f 100644 --- a/deps/openssl/openssl/test/ideatest.c +++ b/deps/openssl/openssl/test/ideatest.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,19 +7,12 @@ * https://www.openssl.org/source/license.html */ -#include #include -#include -#include "../e_os.h" +#include "internal/nelem.h" +#include "testutil.h" -#ifdef OPENSSL_NO_IDEA -int main(int argc, char *argv[]) -{ - printf("No IDEA support\n"); - return (0); -} -#else +#ifndef OPENSSL_NO_IDEA # include static const unsigned char k[16] = { @@ -58,121 +51,69 @@ static const unsigned char cfb_cipher64[CFB_TEST_SIZE] = { 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/ }; -static int cfb64_test(const unsigned char *cfb_cipher); -static char *pt(unsigned char *p); -int main(int argc, char *argv[]) +static int test_idea_ecb(void) { - int i, err = 0; IDEA_KEY_SCHEDULE key, dkey; - unsigned char iv[8]; IDEA_set_encrypt_key(k, &key); IDEA_ecb_encrypt(in, out, &key); - if (memcmp(out, c, 8) != 0) { - printf("ecb idea error encrypting\n"); - printf("got :"); - for (i = 0; i < 8; i++) - printf("%02X ", out[i]); - printf("\n"); - printf("expected:"); - for (i = 0; i < 8; i++) - printf("%02X ", c[i]); - err = 20; - printf("\n"); - } + if (!TEST_mem_eq(out, IDEA_BLOCK, c, sizeof(c))) + return 0; IDEA_set_decrypt_key(&key, &dkey); IDEA_ecb_encrypt(c, out, &dkey); - if (memcmp(out, in, 8) != 0) { - printf("ecb idea error decrypting\n"); - printf("got :"); - for (i = 0; i < 8; i++) - printf("%02X ", out[i]); - printf("\n"); - printf("expected:"); - for (i = 0; i < 8; i++) - printf("%02X ", in[i]); - printf("\n"); - err = 3; - } - - if (err == 0) - printf("ecb idea ok\n"); - - memcpy(iv, k, 8); - IDEA_cbc_encrypt((unsigned char *)text, out, strlen(text) + 1, &key, iv, - 1); - memcpy(iv, k, 8); - IDEA_cbc_encrypt(out, out, 8, &dkey, iv, 0); - IDEA_cbc_encrypt(&(out[8]), &(out[8]), strlen(text) + 1 - 8, &dkey, iv, - 0); - if (memcmp(text, out, strlen(text) + 1) != 0) { - printf("cbc idea bad\n"); - err = 4; - } else - printf("cbc idea ok\n"); - - printf("cfb64 idea "); - if (cfb64_test(cfb_cipher64)) { - printf("bad\n"); - err = 5; - } else - printf("ok\n"); - - EXIT(err); + return TEST_mem_eq(out, IDEA_BLOCK, in, sizeof(in)); +} + +static int test_idea_cbc(void) +{ + IDEA_KEY_SCHEDULE key, dkey; + unsigned char iv[IDEA_BLOCK]; + const size_t text_len = sizeof(text); + + IDEA_set_encrypt_key(k, &key); + IDEA_set_decrypt_key(&key, &dkey); + memcpy(iv, k, sizeof(iv)); + IDEA_cbc_encrypt((unsigned char *)text, out, text_len, &key, iv, 1); + memcpy(iv, k, sizeof(iv)); + IDEA_cbc_encrypt(out, out, IDEA_BLOCK, &dkey, iv, 0); + IDEA_cbc_encrypt(&out[8], &out[8], text_len - 8, &dkey, iv, 0); + return TEST_mem_eq(text, text_len, out, text_len); } -static int cfb64_test(const unsigned char *cfb_cipher) +static int test_idea_cfb64(void) { IDEA_KEY_SCHEDULE eks, dks; - int err = 0, i, n; + int n; IDEA_set_encrypt_key(cfb_key, &eks); IDEA_set_decrypt_key(&eks, &dks); - memcpy(cfb_tmp, cfb_iv, 8); + memcpy(cfb_tmp, cfb_iv, sizeof(cfb_tmp)); n = 0; IDEA_cfb64_encrypt(plain, cfb_buf1, (long)12, &eks, cfb_tmp, &n, IDEA_ENCRYPT); - IDEA_cfb64_encrypt(&(plain[12]), &(cfb_buf1[12]), + IDEA_cfb64_encrypt(&plain[12], &cfb_buf1[12], (long)CFB_TEST_SIZE - 12, &eks, cfb_tmp, &n, IDEA_ENCRYPT); - if (memcmp(cfb_cipher, cfb_buf1, CFB_TEST_SIZE) != 0) { - err = 1; - printf("IDEA_cfb64_encrypt encrypt error\n"); - for (i = 0; i < CFB_TEST_SIZE; i += 8) - printf("%s\n", pt(&(cfb_buf1[i]))); - } - memcpy(cfb_tmp, cfb_iv, 8); + if (!TEST_mem_eq(cfb_cipher64, CFB_TEST_SIZE, cfb_buf1, CFB_TEST_SIZE)) + return 0; + memcpy(cfb_tmp, cfb_iv, sizeof(cfb_tmp)); n = 0; IDEA_cfb64_encrypt(cfb_buf1, cfb_buf2, (long)13, &eks, cfb_tmp, &n, IDEA_DECRYPT); - IDEA_cfb64_encrypt(&(cfb_buf1[13]), &(cfb_buf2[13]), + IDEA_cfb64_encrypt(&cfb_buf1[13], &cfb_buf2[13], (long)CFB_TEST_SIZE - 13, &eks, cfb_tmp, &n, IDEA_DECRYPT); - if (memcmp(plain, cfb_buf2, CFB_TEST_SIZE) != 0) { - err = 1; - printf("IDEA_cfb_encrypt decrypt error\n"); - for (i = 0; i < 24; i += 8) - printf("%s\n", pt(&(cfb_buf2[i]))); - } - return (err); + return TEST_mem_eq(plain, CFB_TEST_SIZE, cfb_buf2, CFB_TEST_SIZE); } +#endif -static char *pt(unsigned char *p) +int setup_tests(void) { - static char bufs[10][20]; - static int bnum = 0; - char *ret; - int i; - static char *f = "0123456789ABCDEF"; - - ret = &(bufs[bnum++][0]); - bnum %= 10; - for (i = 0; i < 8; i++) { - ret[i * 2] = f[(p[i] >> 4) & 0xf]; - ret[i * 2 + 1] = f[p[i] & 0xf]; - } - ret[16] = '\0'; - return (ret); -} +#ifndef OPENSSL_NO_IDEA + ADD_TEST(test_idea_ecb); + ADD_TEST(test_idea_cbc); + ADD_TEST(test_idea_cfb64); #endif + return 1; +} diff --git a/deps/openssl/openssl/test/igetest.c b/deps/openssl/openssl/test/igetest.c index fe5bbf16e25c54..fd1089d273d8e3 100644 --- a/deps/openssl/openssl/test/igetest.c +++ b/deps/openssl/openssl/test/igetest.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,24 +12,20 @@ #include #include #include -#include -#include "e_os.h" +#include "internal/nelem.h" +#include "testutil.h" #define TEST_SIZE 128 #define BIG_TEST_SIZE 10240 -static void hexdump(FILE *f, const char *title, const unsigned char *s, int l) -{ - int n = 0; +#if BIG_TEST_SIZE < TEST_SIZE +#error BIG_TEST_SIZE is smaller than TEST_SIZE +#endif - fprintf(f, "%s", title); - for (; n < l; ++n) { - if ((n % 16) == 0) - fprintf(f, "\n%04x", n); - fprintf(f, " %02x", s[n]); - } - fprintf(f, "\n"); -} +static unsigned char rkey[16]; +static unsigned char rkey2[16]; +static unsigned char plaintext[BIG_TEST_SIZE]; +static unsigned char saved_iv[AES_BLOCK_SIZE * 4]; #define MAX_VECTOR_SIZE 64 @@ -145,114 +141,88 @@ static struct bi_ige_test const bi_ige_test_vectors[] = { }; -static int run_test_vectors(void) +static int test_ige_vectors(int n) { - unsigned int n; - int errs = 0; - - for (n = 0; n < OSSL_NELEM(ige_test_vectors); ++n) { - const struct ige_test *const v = &ige_test_vectors[n]; - AES_KEY key; - unsigned char buf[MAX_VECTOR_SIZE]; - unsigned char iv[AES_BLOCK_SIZE * 2]; - - assert(v->length <= MAX_VECTOR_SIZE); - - if (v->encrypt == AES_ENCRYPT) - AES_set_encrypt_key(v->key, 8 * sizeof(v->key), &key); - else - AES_set_decrypt_key(v->key, 8 * sizeof(v->key), &key); - memcpy(iv, v->iv, sizeof(iv)); - AES_ige_encrypt(v->in, buf, v->length, &key, iv, v->encrypt); - - if (memcmp(v->out, buf, v->length)) { - printf("IGE test vector %d failed\n", n); - hexdump(stdout, "key", v->key, sizeof(v->key)); - hexdump(stdout, "iv", v->iv, sizeof(v->iv)); - hexdump(stdout, "in", v->in, v->length); - hexdump(stdout, "expected", v->out, v->length); - hexdump(stdout, "got", buf, v->length); - - ++errs; - } - - /* try with in == out */ - memcpy(iv, v->iv, sizeof(iv)); - memcpy(buf, v->in, v->length); - AES_ige_encrypt(buf, buf, v->length, &key, iv, v->encrypt); - - if (memcmp(v->out, buf, v->length)) { - printf("IGE test vector %d failed (with in == out)\n", n); - hexdump(stdout, "key", v->key, sizeof(v->key)); - hexdump(stdout, "iv", v->iv, sizeof(v->iv)); - hexdump(stdout, "in", v->in, v->length); - hexdump(stdout, "expected", v->out, v->length); - hexdump(stdout, "got", buf, v->length); - - ++errs; - } + const struct ige_test *const v = &ige_test_vectors[n]; + AES_KEY key; + unsigned char buf[MAX_VECTOR_SIZE]; + unsigned char iv[AES_BLOCK_SIZE * 2]; + int testresult = 1; + + if (!TEST_int_le(v->length, MAX_VECTOR_SIZE)) + return 0; + + if (v->encrypt == AES_ENCRYPT) + AES_set_encrypt_key(v->key, 8 * sizeof(v->key), &key); + else + AES_set_decrypt_key(v->key, 8 * sizeof(v->key), &key); + memcpy(iv, v->iv, sizeof(iv)); + AES_ige_encrypt(v->in, buf, v->length, &key, iv, v->encrypt); + + if (!TEST_mem_eq(v->out, v->length, buf, v->length)) { + TEST_info("IGE test vector %d failed", n); + test_output_memory("key", v->key, sizeof(v->key)); + test_output_memory("iv", v->iv, sizeof(v->iv)); + test_output_memory("in", v->in, v->length); + testresult = 0; } - for (n = 0; n < OSSL_NELEM(bi_ige_test_vectors); ++n) { - const struct bi_ige_test *const v = &bi_ige_test_vectors[n]; - AES_KEY key1; - AES_KEY key2; - unsigned char buf[MAX_VECTOR_SIZE]; - - assert(v->length <= MAX_VECTOR_SIZE); - - if (v->encrypt == AES_ENCRYPT) { - AES_set_encrypt_key(v->key1, 8 * v->keysize, &key1); - AES_set_encrypt_key(v->key2, 8 * v->keysize, &key2); - } else { - AES_set_decrypt_key(v->key1, 8 * v->keysize, &key1); - AES_set_decrypt_key(v->key2, 8 * v->keysize, &key2); - } - - AES_bi_ige_encrypt(v->in, buf, v->length, &key1, &key2, v->iv, - v->encrypt); - - if (memcmp(v->out, buf, v->length)) { - printf("Bidirectional IGE test vector %d failed\n", n); - hexdump(stdout, "key 1", v->key1, sizeof(v->key1)); - hexdump(stdout, "key 2", v->key2, sizeof(v->key2)); - hexdump(stdout, "iv", v->iv, sizeof(v->iv)); - hexdump(stdout, "in", v->in, v->length); - hexdump(stdout, "expected", v->out, v->length); - hexdump(stdout, "got", buf, v->length); - - ++errs; - } + /* try with in == out */ + memcpy(iv, v->iv, sizeof(iv)); + memcpy(buf, v->in, v->length); + AES_ige_encrypt(buf, buf, v->length, &key, iv, v->encrypt); + + if (!TEST_mem_eq(v->out, v->length, buf, v->length)) { + TEST_info("IGE test vector %d failed (with in == out)", n); + test_output_memory("key", v->key, sizeof(v->key)); + test_output_memory("iv", v->iv, sizeof(v->iv)); + test_output_memory("in", v->in, v->length); + testresult = 0; } - return errs; + return testresult; } -int main(int argc, char **argv) +static int test_bi_ige_vectors(int n) { - unsigned char rkey[16]; - unsigned char rkey2[16]; - AES_KEY key; + const struct bi_ige_test *const v = &bi_ige_test_vectors[n]; + AES_KEY key1; AES_KEY key2; - unsigned char plaintext[BIG_TEST_SIZE]; - unsigned char ciphertext[BIG_TEST_SIZE]; - unsigned char checktext[BIG_TEST_SIZE]; - unsigned char iv[AES_BLOCK_SIZE * 4]; - unsigned char saved_iv[AES_BLOCK_SIZE * 4]; - int err = 0; - unsigned int n; - unsigned matches; + unsigned char buf[MAX_VECTOR_SIZE]; - assert(BIG_TEST_SIZE >= TEST_SIZE); + if (!TEST_int_le(v->length, MAX_VECTOR_SIZE)) + return 0; - RAND_bytes(rkey, sizeof(rkey)); - RAND_bytes(plaintext, sizeof(plaintext)); - RAND_bytes(iv, sizeof(iv)); - memcpy(saved_iv, iv, sizeof(saved_iv)); + if (v->encrypt == AES_ENCRYPT) { + AES_set_encrypt_key(v->key1, 8 * v->keysize, &key1); + AES_set_encrypt_key(v->key2, 8 * v->keysize, &key2); + } else { + AES_set_decrypt_key(v->key1, 8 * v->keysize, &key1); + AES_set_decrypt_key(v->key2, 8 * v->keysize, &key2); + } + + AES_bi_ige_encrypt(v->in, buf, v->length, &key1, &key2, v->iv, + v->encrypt); + + if (!TEST_mem_eq(v->out, v->length, buf, v->length)) { + test_output_memory("key 1", v->key1, sizeof(v->key1)); + test_output_memory("key 2", v->key2, sizeof(v->key2)); + test_output_memory("iv", v->iv, sizeof(v->iv)); + test_output_memory("in", v->in, v->length); + return 0; + } + + return 1; +} - /* Forward IGE only... */ +static int test_ige_enc_dec(void) +{ + AES_KEY key; + unsigned char iv[AES_BLOCK_SIZE * 4]; + unsigned char ciphertext[BIG_TEST_SIZE]; + unsigned char checktext[BIG_TEST_SIZE]; - /* Straight encrypt/decrypt */ + memcpy(iv, saved_iv, sizeof(iv)); AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key); AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, iv, AES_ENCRYPT); @@ -260,14 +230,16 @@ int main(int argc, char **argv) memcpy(iv, saved_iv, sizeof(iv)); AES_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, iv, AES_DECRYPT); - if (memcmp(checktext, plaintext, TEST_SIZE)) { - printf("Encrypt+decrypt doesn't match\n"); - hexdump(stdout, "Plaintext", plaintext, TEST_SIZE); - hexdump(stdout, "Checktext", checktext, TEST_SIZE); - ++err; - } + return TEST_mem_eq(checktext, TEST_SIZE, plaintext, TEST_SIZE); +} + +static int test_ige_enc_chaining(void) +{ + AES_KEY key; + unsigned char iv[AES_BLOCK_SIZE * 4]; + unsigned char ciphertext[BIG_TEST_SIZE]; + unsigned char checktext[BIG_TEST_SIZE]; - /* Now check encrypt chaining works */ AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key); memcpy(iv, saved_iv, sizeof(iv)); AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE / 2, &key, iv, @@ -280,14 +252,16 @@ int main(int argc, char **argv) memcpy(iv, saved_iv, sizeof(iv)); AES_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, iv, AES_DECRYPT); - if (memcmp(checktext, plaintext, TEST_SIZE)) { - printf("Chained encrypt+decrypt doesn't match\n"); - hexdump(stdout, "Plaintext", plaintext, TEST_SIZE); - hexdump(stdout, "Checktext", checktext, TEST_SIZE); - ++err; - } + return TEST_mem_eq(checktext, TEST_SIZE, plaintext, TEST_SIZE); +} + +static int test_ige_dec_chaining(void) +{ + AES_KEY key; + unsigned char iv[AES_BLOCK_SIZE * 4]; + unsigned char ciphertext[BIG_TEST_SIZE]; + unsigned char checktext[BIG_TEST_SIZE]; - /* And check decrypt chaining */ AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key); memcpy(iv, saved_iv, sizeof(iv)); AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE / 2, &key, iv, @@ -304,15 +278,21 @@ int main(int argc, char **argv) checktext + TEST_SIZE / 2, TEST_SIZE / 2, &key, iv, AES_DECRYPT); - if (memcmp(checktext, plaintext, TEST_SIZE)) { - printf("Chained encrypt+chained decrypt doesn't match\n"); - hexdump(stdout, "Plaintext", plaintext, TEST_SIZE); - hexdump(stdout, "Checktext", checktext, TEST_SIZE); - ++err; - } + return TEST_mem_eq(checktext, TEST_SIZE, plaintext, TEST_SIZE); +} - /* make sure garble extends forwards only */ - AES_set_encrypt_key(rkey, 8 * sizeof(rkey),&key); +static int test_ige_garble_forwards(void) +{ + AES_KEY key; + unsigned char iv[AES_BLOCK_SIZE * 4]; + unsigned char ciphertext[BIG_TEST_SIZE]; + unsigned char checktext[BIG_TEST_SIZE]; + unsigned int n; + int testresult = 1; + const size_t ctsize = sizeof(checktext); + size_t matches; + + AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key); memcpy(iv, saved_iv, sizeof(iv)); AES_ige_encrypt(plaintext, ciphertext, sizeof(plaintext), &key, iv, AES_ENCRYPT); @@ -329,26 +309,24 @@ int main(int argc, char **argv) if (checktext[n] == plaintext[n]) ++matches; - if (matches > sizeof(checktext) / 2 + sizeof(checktext) / 100) { - printf("More than 51%% matches after garbling\n"); - ++err; - } - - if (matches < sizeof(checktext) / 2) { - printf("Garble extends backwards!\n"); - ++err; - } - - /* Bi-directional IGE */ + /* Fail if there is more than 51% matching bytes */ + if (!TEST_size_t_le(matches, ctsize / 2 + ctsize / 100)) + testresult = 0; - /* - * Note that we don't have to recover the IV, because chaining isn't - */ - /* possible with biIGE, so the IV is not updated. */ + /* Fail if the garble goes backwards */ + if (!TEST_size_t_gt(matches, ctsize / 2)) + testresult = 0; + return testresult; +} - RAND_bytes(rkey2, sizeof(rkey2)); +static int test_bi_ige_enc_dec(void) +{ + AES_KEY key, key2; + unsigned char iv[AES_BLOCK_SIZE * 4]; + unsigned char ciphertext[BIG_TEST_SIZE]; + unsigned char checktext[BIG_TEST_SIZE]; - /* Straight encrypt/decrypt */ + memcpy(iv, saved_iv, sizeof(iv)); AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key); AES_set_encrypt_key(rkey2, 8 * sizeof(rkey2), &key2); AES_bi_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, &key2, iv, @@ -359,14 +337,19 @@ int main(int argc, char **argv) AES_bi_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, &key2, iv, AES_DECRYPT); - if (memcmp(checktext, plaintext, TEST_SIZE)) { - printf("Encrypt+decrypt doesn't match\n"); - hexdump(stdout, "Plaintext", plaintext, TEST_SIZE); - hexdump(stdout, "Checktext", checktext, TEST_SIZE); - ++err; - } + return TEST_mem_eq(checktext, TEST_SIZE, plaintext, TEST_SIZE); +} + +static int test_bi_ige_garble1(void) +{ + AES_KEY key, key2; + unsigned char iv[AES_BLOCK_SIZE * 4]; + unsigned char ciphertext[BIG_TEST_SIZE]; + unsigned char checktext[BIG_TEST_SIZE]; + unsigned int n; + size_t matches; - /* make sure garble extends both ways */ + memcpy(iv, saved_iv, sizeof(iv)); AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key); AES_set_encrypt_key(rkey2, 8 * sizeof(rkey2), &key2); AES_ige_encrypt(plaintext, ciphertext, sizeof(plaintext), &key, iv, @@ -384,12 +367,20 @@ int main(int argc, char **argv) if (checktext[n] == plaintext[n]) ++matches; - if (matches > sizeof(checktext) / 100) { - printf("More than 1%% matches after bidirectional garbling\n"); - ++err; - } + /* Fail if there is more than 1% matching bytes */ + return TEST_size_t_le(matches, sizeof(checktext) / 100); +} - /* make sure garble extends both ways (2) */ +static int test_bi_ige_garble2(void) +{ + AES_KEY key, key2; + unsigned char iv[AES_BLOCK_SIZE * 4]; + unsigned char ciphertext[BIG_TEST_SIZE]; + unsigned char checktext[BIG_TEST_SIZE]; + unsigned int n; + size_t matches; + + memcpy(iv, saved_iv, sizeof(iv)); AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key); AES_set_encrypt_key(rkey2, 8 * sizeof(rkey2), &key2); AES_ige_encrypt(plaintext, ciphertext, sizeof(plaintext), &key, iv, @@ -407,12 +398,20 @@ int main(int argc, char **argv) if (checktext[n] == plaintext[n]) ++matches; - if (matches > sizeof(checktext) / 100) { - printf("More than 1%% matches after bidirectional garbling (2)\n"); - ++err; - } + /* Fail if there is more than 1% matching bytes */ + return TEST_size_t_le(matches, sizeof(checktext) / 100); +} - /* make sure garble extends both ways (3) */ +static int test_bi_ige_garble3(void) +{ + AES_KEY key, key2; + unsigned char iv[AES_BLOCK_SIZE * 4]; + unsigned char ciphertext[BIG_TEST_SIZE]; + unsigned char checktext[BIG_TEST_SIZE]; + unsigned int n; + size_t matches; + + memcpy(iv, saved_iv, sizeof(iv)); AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key); AES_set_encrypt_key(rkey2, 8 * sizeof(rkey2), &key2); AES_ige_encrypt(plaintext, ciphertext, sizeof(plaintext), &key, iv, @@ -430,12 +429,26 @@ int main(int argc, char **argv) if (checktext[n] == plaintext[n]) ++matches; - if (matches > sizeof(checktext) / 100) { - printf("More than 1%% matches after bidirectional garbling (3)\n"); - ++err; - } - - err += run_test_vectors(); + /* Fail if there is more than 1% matching bytes */ + return TEST_size_t_le(matches, sizeof(checktext) / 100); +} - return err; +int setup_tests(void) +{ + RAND_bytes(rkey, sizeof(rkey)); + RAND_bytes(rkey2, sizeof(rkey2)); + RAND_bytes(plaintext, sizeof(plaintext)); + RAND_bytes(saved_iv, sizeof(saved_iv)); + + ADD_TEST(test_ige_enc_dec); + ADD_TEST(test_ige_enc_chaining); + ADD_TEST(test_ige_dec_chaining); + ADD_TEST(test_ige_garble_forwards); + ADD_TEST(test_bi_ige_enc_dec); + ADD_TEST(test_bi_ige_garble1); + ADD_TEST(test_bi_ige_garble2); + ADD_TEST(test_bi_ige_garble3); + ADD_ALL_TESTS(test_ige_vectors, OSSL_NELEM(ige_test_vectors)); + ADD_ALL_TESTS(test_bi_ige_vectors, OSSL_NELEM(bi_ige_test_vectors)); + return 1; } diff --git a/deps/openssl/openssl/test/md2test.c b/deps/openssl/openssl/test/md2test.c index cb667cbc6bc71c..c5360d68a7848b 100644 --- a/deps/openssl/openssl/test/md2test.c +++ b/deps/openssl/openssl/test/md2test.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,19 +7,12 @@ * https://www.openssl.org/source/license.html */ -#include -#include #include -#include "../e_os.h" +#include "internal/nelem.h" +#include "testutil.h" -#ifdef OPENSSL_NO_MD2 -int main(int argc, char *argv[]) -{ - printf("No MD2 support\n"); - return (0); -} -#else +#ifndef OPENSSL_NO_MD2 # include # include @@ -35,7 +28,6 @@ static char *test[] = { "abcdefghijklmnopqrstuvwxyz", "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", "12345678901234567890123456789012345678901234567890123456789012345678901234567890", - NULL, }; static char *ret[] = { @@ -48,45 +40,28 @@ static char *ret[] = { "d5976f79d83d3a0dc9806c3c66f3efd8", }; -static char *pt(unsigned char *md); -int main(int argc, char *argv[]) +static int test_md2(int n) { - int i, err = 0; - char **P, **R; - char *p; + char buf[80]; unsigned char md[MD2_DIGEST_LENGTH]; - - P = test; - R = ret; - i = 1; - while (*P != NULL) { - if (!EVP_Digest((unsigned char *)*P, strlen(*P), md, NULL, EVP_md2(), - NULL)) { - printf("EVP Digest error.\n"); - EXIT(1); - } - p = pt(md); - if (strcmp(p, *R) != 0) { - printf("error calculating MD2 on '%s'\n", *P); - printf("got %s instead of %s\n", p, *R); - err++; - } else - printf("test %d ok\n", i); - i++; - R++; - P++; - } - EXIT(err); - return err; -} - -static char *pt(unsigned char *md) -{ int i; - static char buf[80]; + + if (!TEST_true(EVP_Digest((unsigned char *)test[n], strlen(test[n]), + md, NULL, EVP_md2(), NULL))) + return 0; for (i = 0; i < MD2_DIGEST_LENGTH; i++) sprintf(&(buf[i * 2]), "%02x", md[i]); - return (buf); + if (!TEST_str_eq(buf, ret[n])) + return 0; + return 1; } #endif + +int setup_tests(void) +{ +#ifndef OPENSSL_NO_MD2 + ADD_ALL_TESTS(test_md2, OSSL_NELEM(test)); +#endif + return 1; +} diff --git a/deps/openssl/openssl/test/md4test.c b/deps/openssl/openssl/test/md4test.c deleted file mode 100644 index 448f9b76ef6c8a..00000000000000 --- a/deps/openssl/openssl/test/md4test.c +++ /dev/null @@ -1,87 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include - -#include "../e_os.h" - -#ifdef OPENSSL_NO_MD4 -int main(int argc, char *argv[]) -{ - printf("No MD4 support\n"); - return (0); -} -#else -# include -# include - -static char *test[] = { - "", - "a", - "abc", - "message digest", - "abcdefghijklmnopqrstuvwxyz", - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", - "12345678901234567890123456789012345678901234567890123456789012345678901234567890", - NULL, -}; - -static char *ret[] = { - "31d6cfe0d16ae931b73c59d7e0c089c0", - "bde52cb31de33e46245e05fbdbd6fb24", - "a448017aaf21d8525fc10ae87aa6729d", - "d9130a8164549fe818874806e1c7014b", - "d79e1c308aa5bbcdeea8ed63df412da9", - "043f8582f241db351ce627e153e7f0e4", - "e33b4ddc9c38f2199c3e7b164fcc0536", -}; - -static char *pt(unsigned char *md); -int main(int argc, char *argv[]) -{ - int i, err = 0; - char **P, **R; - char *p; - unsigned char md[MD4_DIGEST_LENGTH]; - - P = test; - R = ret; - i = 1; - while (*P != NULL) { - if (!EVP_Digest(&(P[0][0]), strlen((char *)*P), md, NULL, EVP_md4(), - NULL)) { - printf("EVP Digest error.\n"); - EXIT(1); - } - p = pt(md); - if (strcmp(p, (char *)*R) != 0) { - printf("error calculating MD4 on '%s'\n", *P); - printf("got %s instead of %s\n", p, *R); - err++; - } else - printf("test %d ok\n", i); - i++; - R++; - P++; - } - EXIT(err); -} - -static char *pt(unsigned char *md) -{ - int i; - static char buf[80]; - - for (i = 0; i < MD4_DIGEST_LENGTH; i++) - sprintf(&(buf[i * 2]), "%02x", md[i]); - return (buf); -} -#endif diff --git a/deps/openssl/openssl/test/md5test.c b/deps/openssl/openssl/test/md5test.c deleted file mode 100644 index ec6c692407128a..00000000000000 --- a/deps/openssl/openssl/test/md5test.c +++ /dev/null @@ -1,88 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include - -#include "../e_os.h" - -#ifdef OPENSSL_NO_MD5 -int main(int argc, char *argv[]) -{ - printf("No MD5 support\n"); - return (0); -} -#else -# include -# include - -static char *test[] = { - "", - "a", - "abc", - "message digest", - "abcdefghijklmnopqrstuvwxyz", - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", - "12345678901234567890123456789012345678901234567890123456789012345678901234567890", - NULL, -}; - -static char *ret[] = { - "d41d8cd98f00b204e9800998ecf8427e", - "0cc175b9c0f1b6a831c399e269772661", - "900150983cd24fb0d6963f7d28e17f72", - "f96b697d7cb7938d525a2f31aaf161d0", - "c3fcd3d76192e4007dfb496cca67e13b", - "d174ab98d277d9f5a5611c2c9f419d9f", - "57edf4a22be3c955ac49da2e2107b67a", -}; - -static char *pt(unsigned char *md); -int main(int argc, char *argv[]) -{ - int i, err = 0; - char **P, **R; - char *p; - unsigned char md[MD5_DIGEST_LENGTH]; - - P = test; - R = ret; - i = 1; - while (*P != NULL) { - if (!EVP_Digest(&(P[0][0]), strlen((char *)*P), md, NULL, EVP_md5(), - NULL)) { - printf("EVP Digest error.\n"); - EXIT(1); - } - p = pt(md); - if (strcmp(p, (char *)*R) != 0) { - printf("error calculating MD5 on '%s'\n", *P); - printf("got %s instead of %s\n", p, *R); - err++; - } else - printf("test %d ok\n", i); - i++; - R++; - P++; - } - - EXIT(err); -} - -static char *pt(unsigned char *md) -{ - int i; - static char buf[80]; - - for (i = 0; i < MD5_DIGEST_LENGTH; i++) - sprintf(&(buf[i * 2]), "%02x", md[i]); - return (buf); -} -#endif diff --git a/deps/openssl/openssl/test/mdc2test.c b/deps/openssl/openssl/test/mdc2test.c index d56bdcd878fa46..0658843ce5e204 100644 --- a/deps/openssl/openssl/test/mdc2test.c +++ b/deps/openssl/openssl/test/mdc2test.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,23 +7,16 @@ * https://www.openssl.org/source/license.html */ -#include -#include #include -#include "../e_os.h" +#include "internal/nelem.h" +#include "testutil.h" #if defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_MDC2) # define OPENSSL_NO_MDC2 #endif -#ifdef OPENSSL_NO_MDC2 -int main(int argc, char *argv[]) -{ - printf("No MDC2 support\n"); - return (0); -} -#else +#ifndef OPENSSL_NO_MDC2 # include # include @@ -41,59 +34,45 @@ static unsigned char pad2[16] = { 0x35, 0xD8, 0x7A, 0xFE, 0xAB, 0x33, 0xBE, 0xE2 }; -int main(int argc, char *argv[]) +static int test_mdc2(void) { - int ret = 1; + int testresult = 0; unsigned char md[MDC2_DIGEST_LENGTH]; - int i; EVP_MD_CTX *c; static char text[] = "Now is the time for all "; + size_t tlen = strlen(text); # ifdef CHARSET_EBCDIC - ebcdic2ascii(text, text, strlen(text)); + ebcdic2ascii(text, text, tlen); # endif c = EVP_MD_CTX_new(); - if (c == NULL - || !EVP_DigestInit_ex(c, EVP_mdc2(), NULL) - || !EVP_DigestUpdate(c, (unsigned char *)text, strlen(text)) - || !EVP_DigestFinal_ex(c, &(md[0]), NULL)) - goto err; + if (!TEST_ptr(c) + || !TEST_true(EVP_DigestInit_ex(c, EVP_mdc2(), NULL)) + || !TEST_true(EVP_DigestUpdate(c, (unsigned char *)text, tlen)) + || !TEST_true(EVP_DigestFinal_ex(c, &(md[0]), NULL)) + || !TEST_mem_eq(md, MDC2_DIGEST_LENGTH, pad1, MDC2_DIGEST_LENGTH) + || !TEST_true(EVP_DigestInit_ex(c, EVP_mdc2(), NULL))) + goto end; - if (memcmp(md, pad1, MDC2_DIGEST_LENGTH) != 0) { - for (i = 0; i < MDC2_DIGEST_LENGTH; i++) - printf("%02X", md[i]); - printf(" <- generated\n"); - for (i = 0; i < MDC2_DIGEST_LENGTH; i++) - printf("%02X", pad1[i]); - printf(" <- correct\n"); - goto err; - } else { - printf("pad1 - ok\n"); - } - - if (!EVP_DigestInit_ex(c, EVP_mdc2(), NULL)) - goto err; /* FIXME: use a ctl function? */ ((MDC2_CTX *)EVP_MD_CTX_md_data(c))->pad_type = 2; - if (!EVP_DigestUpdate(c, (unsigned char *)text, strlen(text)) - || !EVP_DigestFinal_ex(c, &(md[0]), NULL)) - goto err; - - if (memcmp(md, pad2, MDC2_DIGEST_LENGTH) != 0) { - for (i = 0; i < MDC2_DIGEST_LENGTH; i++) - printf("%02X", md[i]); - printf(" <- generated\n"); - for (i = 0; i < MDC2_DIGEST_LENGTH; i++) - printf("%02X", pad2[i]); - printf(" <- correct\n"); - } else { - printf("pad2 - ok\n"); - ret = 0; - } + if (!TEST_true(EVP_DigestUpdate(c, (unsigned char *)text, tlen)) + || !TEST_true(EVP_DigestFinal_ex(c, &(md[0]), NULL)) + || !TEST_mem_eq(md, MDC2_DIGEST_LENGTH, pad2, MDC2_DIGEST_LENGTH)) + goto end; - err: + testresult = 1; + end: EVP_MD_CTX_free(c); - EXIT(ret); + return testresult; } #endif + +int setup_tests(void) +{ +#ifndef OPENSSL_NO_MDC2 + ADD_TEST(test_mdc2); +#endif + return 1; +} diff --git a/deps/openssl/openssl/test/memleaktest.c b/deps/openssl/openssl/test/memleaktest.c index 2b23df788b9357..d239bd23b80298 100644 --- a/deps/openssl/openssl/test/memleaktest.c +++ b/deps/openssl/openssl/test/memleaktest.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,12 +7,23 @@ * https://www.openssl.org/source/license.html */ -#include #include #include #include -int main(int argc, char **argv) +#include "testutil.h" + +/* + * We use a proper main function here instead of the custom main from the + * test framework because the CRYPTO_mem_leaks_fp function cannot be called + * a second time without trying to use a null pointer. The test framework + * calls this function as part of its close down. + * + * A work around is to call putenv("OPENSSL_DEBUG_MEMORY=0"); before exiting + * but that is worse than avoiding the test framework's main. + */ + +int main(int argc, char *argv[]) { #ifndef OPENSSL_NO_CRYPTO_MDEBUG char *p; @@ -25,10 +36,8 @@ int main(int argc, char **argv) CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); lost = OPENSSL_malloc(3); - if (lost == NULL) { - fprintf(stderr, "OPENSSL_malloc failed\n"); - return 1; - } + if (!TEST_ptr(lost)) + return EXIT_FAILURE; if (argv[1] && strcmp(argv[1], "freeit") == 0) { OPENSSL_free(lost); @@ -37,10 +46,11 @@ int main(int argc, char **argv) noleak = CRYPTO_mem_leaks_fp(stderr); /* If -1 return value something bad happened */ - if (noleak == -1) - return 1; - return ((lost != NULL) ^ (noleak == 0)); + if (!TEST_int_ne(noleak, -1)) + return EXIT_FAILURE; + + return TEST_int_eq(lost != NULL, noleak == 0) ? EXIT_SUCCESS : EXIT_FAILURE; #else - return 0; + return EXIT_SUCCESS; #endif } diff --git a/deps/openssl/openssl/test/methtest.c b/deps/openssl/openssl/test/methtest.c deleted file mode 100644 index 11aa2335b77611..00000000000000 --- a/deps/openssl/openssl/test/methtest.c +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include "meth.h" -#include - -int main(argc, argv) -int argc; -char *argv[]; -{ - METHOD_CTX *top, *tmp1, *tmp2; - - top = METH_new(x509_lookup()); /* get a top level context */ - if (top == NULL) - goto err; - - tmp1 = METH_new(x509_by_file()); - if (top == NULL) - goto err; - METH_arg(tmp1, METH_TYPE_FILE, "cafile1"); - METH_arg(tmp1, METH_TYPE_FILE, "cafile2"); - METH_push(top, METH_X509_CA_BY_SUBJECT, tmp1); - - tmp2 = METH_new(x509_by_dir()); - METH_arg(tmp2, METH_TYPE_DIR, "/home/eay/.CAcerts"); - METH_arg(tmp2, METH_TYPE_DIR, "/home/eay/SSLeay/certs"); - METH_arg(tmp2, METH_TYPE_DIR, "/usr/local/ssl/certs"); - METH_push(top, METH_X509_CA_BY_SUBJECT, tmp2); - -/*- tmp=METH_new(x509_by_issuer_dir); - METH_arg(tmp,METH_TYPE_DIR,"/home/eay/.mycerts"); - METH_push(top,METH_X509_BY_ISSUER,tmp); - - tmp=METH_new(x509_by_issuer_primary); - METH_arg(tmp,METH_TYPE_FILE,"/home/eay/.mycerts/primary.pem"); - METH_push(top,METH_X509_BY_ISSUER,tmp); -*/ - - METH_init(top); - METH_control(tmp1, METH_CONTROL_DUMP, stdout); - METH_control(tmp2, METH_CONTROL_DUMP, stdout); - EXIT(0); - err: - ERR_print_errors_fp(stderr); - EXIT(1); - return (0); -} diff --git a/deps/openssl/openssl/test/ocspapitest.c b/deps/openssl/openssl/test/ocspapitest.c index 42befe71b90df8..43b03e3f51e54e 100644 --- a/deps/openssl/openssl/test/ocspapitest.c +++ b/deps/openssl/openssl/test/ocspapitest.c @@ -28,15 +28,15 @@ static int get_cert_and_key(X509 **cert_out, EVP_PKEY **key_out) X509 *cert = NULL; EVP_PKEY *key = NULL; - if ((certbio = BIO_new_file(certstr, "r")) == NULL) + if (!TEST_ptr(certbio = BIO_new_file(certstr, "r"))) return 0; cert = PEM_read_bio_X509(certbio, NULL, NULL, NULL); BIO_free(certbio); - if ((keybio = BIO_new_file(privkeystr, "r")) == NULL) + if (!TEST_ptr(keybio = BIO_new_file(privkeystr, "r"))) goto end; key = PEM_read_bio_PrivateKey(keybio, NULL, NULL, NULL); BIO_free(keybio); - if (cert == NULL || key == NULL) + if (!TEST_ptr(cert) || !TEST_ptr(key)) goto end; *cert_out = cert; *key_out = key; @@ -66,13 +66,13 @@ static OCSP_BASICRESP *make_dummy_resp(void) || !ASN1_INTEGER_set_uint64(serial, (uint64_t)1)) goto err; cid = OCSP_cert_id_new(EVP_sha256(), name, key, serial); - if (bs == NULL - || thisupd == NULL - || nextupd == NULL - || cid == NULL - || !OCSP_basic_add1_status(bs, cid, - V_OCSP_CERTSTATUS_UNKNOWN, - 0, NULL, thisupd, nextupd)) + if (!TEST_ptr(bs) + || !TEST_ptr(thisupd) + || !TEST_ptr(nextupd) + || !TEST_ptr(cid) + || !TEST_true(OCSP_basic_add1_status(bs, cid, + V_OCSP_CERTSTATUS_UNKNOWN, + 0, NULL, thisupd, nextupd))) goto err; bs_out = bs; bs = NULL; @@ -101,27 +101,27 @@ static int test_resp_signer(void) */ bs = make_dummy_resp(); extra_certs = sk_X509_new_null(); - if (bs == NULL - || extra_certs == NULL - || !get_cert_and_key(&signer, &key) - || !sk_X509_push(extra_certs, signer) - || !OCSP_basic_sign(bs, signer, key, EVP_sha1(), - NULL, OCSP_NOCERTS)) + if (!TEST_ptr(bs) + || !TEST_ptr(extra_certs) + || !TEST_true(get_cert_and_key(&signer, &key)) + || !TEST_true(sk_X509_push(extra_certs, signer)) + || !TEST_true(OCSP_basic_sign(bs, signer, key, EVP_sha1(), + NULL, OCSP_NOCERTS))) goto err; - if (!OCSP_resp_get0_signer(bs, &tmp, extra_certs) - || X509_cmp(tmp, signer) != 0) + if (!TEST_true(OCSP_resp_get0_signer(bs, &tmp, extra_certs)) + || !TEST_int_eq(X509_cmp(tmp, signer), 0)) goto err; OCSP_BASICRESP_free(bs); /* Do it again but include the signer cert */ bs = make_dummy_resp(); tmp = NULL; - if (bs == NULL - || !OCSP_basic_sign(bs, signer, key, EVP_sha1(), - NULL, 0)) + if (!TEST_ptr(bs) + || !TEST_true(OCSP_basic_sign(bs, signer, key, EVP_sha1(), + NULL, 0))) goto err; - if (!OCSP_resp_get0_signer(bs, &tmp, NULL) - || X509_cmp(tmp, signer) != 0) + if (!TEST_true(OCSP_resp_get0_signer(bs, &tmp, NULL)) + || !TEST_int_eq(X509_cmp(tmp, signer), 0)) goto err; ret = 1; err: @@ -133,36 +133,13 @@ static int test_resp_signer(void) } #endif -int main(int argc, char *argv[]) +int setup_tests(void) { - int testresult = 1; - BIO *err = NULL; - - if (argc != 3) { - printf("Invalid argument count\n"); - return 1; - } - if ((certstr = argv[1]) == NULL - || (privkeystr = argv[2]) == NULL) - return 1; - err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); - - CRYPTO_set_mem_debug(1); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - + if (!TEST_ptr(certstr = test_get_argument(0)) + || !TEST_ptr(privkeystr = test_get_argument(1))) + return 0; #ifndef OPENSSL_NO_OCSP ADD_TEST(test_resp_signer); #endif - testresult = run_tests(argv[0]); - -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - if (CRYPTO_mem_leaks(err) <= 0) - testresult = 1; -#endif - BIO_free(err); - - if (!testresult) - printf("PASS\n"); - - return testresult; + return 1; } diff --git a/deps/openssl/openssl/test/ossl_shim/async_bio.cc b/deps/openssl/openssl/test/ossl_shim/async_bio.cc new file mode 100644 index 00000000000000..cbbabe01eab055 --- /dev/null +++ b/deps/openssl/openssl/test/ossl_shim/async_bio.cc @@ -0,0 +1,183 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "async_bio.h" + +#include +#include + +#include +#include + + +namespace { + +struct AsyncBio { + bool datagram; + bool enforce_write_quota; + size_t read_quota; + size_t write_quota; +}; + +AsyncBio *GetData(BIO *bio) { + return (AsyncBio *)BIO_get_data(bio); +} + +static int AsyncWrite(BIO *bio, const char *in, int inl) { + AsyncBio *a = GetData(bio); + if (a == NULL || BIO_next(bio) == NULL) { + return 0; + } + + if (!a->enforce_write_quota) { + return BIO_write(BIO_next(bio), in, inl); + } + + BIO_clear_retry_flags(bio); + + if (a->write_quota == 0) { + BIO_set_retry_write(bio); + errno = EAGAIN; + return -1; + } + + if (!a->datagram && (size_t)inl > a->write_quota) { + inl = a->write_quota; + } + int ret = BIO_write(BIO_next(bio), in, inl); + if (ret <= 0) { + BIO_copy_next_retry(bio); + } else { + a->write_quota -= (a->datagram ? 1 : ret); + } + return ret; +} + +static int AsyncRead(BIO *bio, char *out, int outl) { + AsyncBio *a = GetData(bio); + if (a == NULL || BIO_next(bio) == NULL) { + return 0; + } + + BIO_clear_retry_flags(bio); + + if (a->read_quota == 0) { + BIO_set_retry_read(bio); + errno = EAGAIN; + return -1; + } + + if (!a->datagram && (size_t)outl > a->read_quota) { + outl = a->read_quota; + } + int ret = BIO_read(BIO_next(bio), out, outl); + if (ret <= 0) { + BIO_copy_next_retry(bio); + } else { + a->read_quota -= (a->datagram ? 1 : ret); + } + return ret; +} + +static long AsyncCtrl(BIO *bio, int cmd, long num, void *ptr) { + if (BIO_next(bio) == NULL) { + return 0; + } + BIO_clear_retry_flags(bio); + int ret = BIO_ctrl(BIO_next(bio), cmd, num, ptr); + BIO_copy_next_retry(bio); + return ret; +} + +static int AsyncNew(BIO *bio) { + AsyncBio *a = (AsyncBio *)OPENSSL_malloc(sizeof(*a)); + if (a == NULL) { + return 0; + } + memset(a, 0, sizeof(*a)); + a->enforce_write_quota = true; + BIO_set_init(bio, 1); + BIO_set_data(bio, a); + return 1; +} + +static int AsyncFree(BIO *bio) { + if (bio == NULL) { + return 0; + } + + OPENSSL_free(BIO_get_data(bio)); + BIO_set_data(bio, NULL); + BIO_set_init(bio, 0); + return 1; +} + +static long AsyncCallbackCtrl(BIO *bio, int cmd, BIO_info_cb fp) +{ + if (BIO_next(bio) == NULL) + return 0; + return BIO_callback_ctrl(BIO_next(bio), cmd, fp); +} + +static BIO_METHOD *g_async_bio_method = NULL; + +static const BIO_METHOD *AsyncMethod(void) +{ + if (g_async_bio_method == NULL) { + g_async_bio_method = BIO_meth_new(BIO_TYPE_FILTER, "async bio"); + if ( g_async_bio_method == NULL + || !BIO_meth_set_write(g_async_bio_method, AsyncWrite) + || !BIO_meth_set_read(g_async_bio_method, AsyncRead) + || !BIO_meth_set_ctrl(g_async_bio_method, AsyncCtrl) + || !BIO_meth_set_create(g_async_bio_method, AsyncNew) + || !BIO_meth_set_destroy(g_async_bio_method, AsyncFree) + || !BIO_meth_set_callback_ctrl(g_async_bio_method, AsyncCallbackCtrl)) + return NULL; + } + return g_async_bio_method; +} + +} // namespace + +bssl::UniquePtr AsyncBioCreate() { + return bssl::UniquePtr(BIO_new(AsyncMethod())); +} + +bssl::UniquePtr AsyncBioCreateDatagram() { + bssl::UniquePtr ret(BIO_new(AsyncMethod())); + if (!ret) { + return nullptr; + } + GetData(ret.get())->datagram = true; + return ret; +} + +void AsyncBioAllowRead(BIO *bio, size_t count) { + AsyncBio *a = GetData(bio); + if (a == NULL) { + return; + } + a->read_quota += count; +} + +void AsyncBioAllowWrite(BIO *bio, size_t count) { + AsyncBio *a = GetData(bio); + if (a == NULL) { + return; + } + a->write_quota += count; +} + +void AsyncBioEnforceWriteQuota(BIO *bio, bool enforce) { + AsyncBio *a = GetData(bio); + if (a == NULL) { + return; + } + a->enforce_write_quota = enforce; +} diff --git a/deps/openssl/openssl/test/ossl_shim/async_bio.h b/deps/openssl/openssl/test/ossl_shim/async_bio.h new file mode 100644 index 00000000000000..bb24eadbbf249c --- /dev/null +++ b/deps/openssl/openssl/test/ossl_shim/async_bio.h @@ -0,0 +1,39 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ASYNC_BIO +#define HEADER_ASYNC_BIO + +#include +#include + + +// AsyncBioCreate creates a filter BIO for testing asynchronous state +// machines which consume a stream socket. Reads and writes will fail +// and return EAGAIN unless explicitly allowed. Each async BIO has a +// read quota and a write quota. Initially both are zero. As each is +// incremented, bytes are allowed to flow through the BIO. +bssl::UniquePtr AsyncBioCreate(); + +// AsyncBioCreateDatagram creates a filter BIO for testing for +// asynchronous state machines which consume datagram sockets. The read +// and write quota count in packets rather than bytes. +bssl::UniquePtr AsyncBioCreateDatagram(); + +// AsyncBioAllowRead increments |bio|'s read quota by |count|. +void AsyncBioAllowRead(BIO *bio, size_t count); + +// AsyncBioAllowWrite increments |bio|'s write quota by |count|. +void AsyncBioAllowWrite(BIO *bio, size_t count); + +// AsyncBioEnforceWriteQuota configures where |bio| enforces its write quota. +void AsyncBioEnforceWriteQuota(BIO *bio, bool enforce); + + +#endif // HEADER_ASYNC_BIO diff --git a/deps/openssl/openssl/test/ossl_shim/build.info b/deps/openssl/openssl/test/ossl_shim/build.info new file mode 100644 index 00000000000000..12250600b93c4d --- /dev/null +++ b/deps/openssl/openssl/test/ossl_shim/build.info @@ -0,0 +1,6 @@ +IF[{- defined $target{CXX} && !$disabled{"external-tests"} -}] + PROGRAMS_NO_INST=ossl_shim + SOURCE[ossl_shim]=ossl_shim.cc async_bio.cc packeted_bio.cc test_config.cc + INCLUDE[ossl_shim]=. include ../../include + DEPEND[ossl_shim]=../../libssl ../../libcrypto +ENDIF diff --git a/deps/openssl/openssl/test/ossl_shim/include/openssl/base.h b/deps/openssl/openssl/test/ossl_shim/include/openssl/base.h new file mode 100644 index 00000000000000..f725cd9d45c7f3 --- /dev/null +++ b/deps/openssl/openssl/test/ossl_shim/include/openssl/base.h @@ -0,0 +1,111 @@ +/* + * Copyright 1998-2001 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_HEADER_BASE_H +#define OPENSSL_HEADER_BASE_H + +/* Needed for BORINGSSL_MAKE_DELETER */ +# include +# include +# include +# include +# include + +# define OPENSSL_ARRAY_SIZE(array) (sizeof(array) / sizeof((array)[0])) + +extern "C++" { + +#include + +namespace bssl { + +namespace internal { + +template +struct DeleterImpl {}; + +template +struct Deleter { + void operator()(T *ptr) { + // Rather than specialize Deleter for each type, we specialize + // DeleterImpl. This allows bssl::UniquePtr to be used while only + // including base.h as long as the destructor is not emitted. This matches + // std::unique_ptr's behavior on forward-declared types. + // + // DeleterImpl itself is specialized in the corresponding module's header + // and must be included to release an object. If not included, the compiler + // will error that DeleterImpl does not have a method Free. + DeleterImpl::Free(ptr); + } +}; + +template +class StackAllocated { + public: + StackAllocated() { init(&ctx_); } + ~StackAllocated() { cleanup(&ctx_); } + + StackAllocated(const StackAllocated &) = delete; + T& operator=(const StackAllocated &) = delete; + + T *get() { return &ctx_; } + const T *get() const { return &ctx_; } + + void Reset() { + cleanup(&ctx_); + init(&ctx_); + } + + private: + T ctx_; +}; + +} // namespace internal + +#define BORINGSSL_MAKE_DELETER(type, deleter) \ + namespace internal { \ + template <> \ + struct DeleterImpl { \ + static void Free(type *ptr) { deleter(ptr); } \ + }; \ + } + +// This makes a unique_ptr to STACK_OF(type) that owns all elements on the +// stack, i.e. it uses sk_pop_free() to clean up. +#define BORINGSSL_MAKE_STACK_DELETER(type, deleter) \ + namespace internal { \ + template <> \ + struct DeleterImpl { \ + static void Free(STACK_OF(type) *ptr) { \ + sk_##type##_pop_free(ptr, deleter); \ + } \ + }; \ + } + +// Holds ownership of heap-allocated BoringSSL structures. Sample usage: +// bssl::UniquePtr rsa(RSA_new()); +// bssl::UniquePtr bio(BIO_new(BIO_s_mem())); +template +using UniquePtr = std::unique_ptr>; + +BORINGSSL_MAKE_DELETER(BIO, BIO_free) +BORINGSSL_MAKE_DELETER(EVP_PKEY, EVP_PKEY_free) +BORINGSSL_MAKE_DELETER(DH, DH_free) +BORINGSSL_MAKE_DELETER(X509, X509_free) +BORINGSSL_MAKE_DELETER(SSL, SSL_free) +BORINGSSL_MAKE_DELETER(SSL_CTX, SSL_CTX_free) +BORINGSSL_MAKE_DELETER(SSL_SESSION, SSL_SESSION_free) + +} // namespace bssl + +} /* extern C++ */ + + +#endif /* OPENSSL_HEADER_BASE_H */ diff --git a/deps/openssl/openssl/test/ossl_shim/ossl_config.json b/deps/openssl/openssl/test/ossl_shim/ossl_config.json new file mode 100644 index 00000000000000..1e57499065176f --- /dev/null +++ b/deps/openssl/openssl/test/ossl_shim/ossl_config.json @@ -0,0 +1,301 @@ + +{ + "DisabledTests" : { + "*TLS13*":"No TLS1.3 support yet", + "FragmentAlert-DTLS":"Test failure - reason unknown", + "FragmentedClientVersion":"Test failure - reason unknown", + "MTU":"Test failure - reason unknown", + "EmptyCertificateList":"Test failure - reason unknown", + "AppDataBeforeHandshake-DTLS":"Test failure - reason unknown", + "AlertAfterChangeCipherSpec":"Test failure - reason unknown", + "AppDataAfterChangeCipherSpec":"Test failure - reason unknown", + "AppDataAfterChangeCipherSpec-Empty":"Test failure - reason unknown", + "AppDataAfterChangeCipherSpec-DTLS":"Test failure - reason unknown", + "AppDataBeforeHandshake-DTLS-Empty":"Test failure - reason unknown", + "AlertAfterChangeCipherSpec-DTLS":"Test failure - reason unknown", + "FragmentMessageLengthMismatch-DTLS":"Test failure - reason unknown", + "SplitFragments-Header-DTLS":"Test failure - reason unknown", + "SplitFragments-Boundary-DTLS":"Test failure - reason unknown", + "SplitFragments-Body-DTLS":"Test failure - reason unknown", + "SendEmptyFragments-DTLS":"Test failure - reason unknown", + "SendInvalidRecordType-DTLS":"Test failure - reason unknown", + "SendInvalidRecordType":"Test failure - reason unknown", + "FragmentMessageTypeMismatch-DTLS":"Test failure - reason unknown", + "SendWarningAlerts-Pass":"Test failure - reason unknown", + "SendWarningAlerts-DTLS-Pass":"Test failure - reason unknown", + "TooManyKeyUpdates":"Test failure - reason unknown", + "Unclean-Shutdown-Alert":"Test failure - reason unknown", + "V2ClientHello-WarningAlertPrefix":"Test failure - reason unknown", + "BadHelloRequest-2":"Test failure - reason unknown", + "DTLS-SendExtraFinished":"Test failure - reason unknown", + "NoNullCompression-TLS12":"Test failure - reason unknown", + "KeyUpdate-Client":"Test failure - reason unknown", + "KeyUpdate-InvalidRequestMode":"Test failure - reason unknown", + "DTLS-SendExtraFinished-Reordered":"Test failure - reason unknown", + "LargeMessage-Reject-DTLS":"Test failure - reason unknown", + "KeyUpdate-Server":"Test failure - reason unknown", + "SSL3-ECDHE-PSK-AES128-CBC-SHA-server":"Test failure - reason unknown", + "SSL3-ECDHE-PSK-AES256-CBC-SHA-server":"Test failure - reason unknown", + "DTLS1-NULL-SHA-server":"Test failure - reason unknown", + "DTLS1-NULL-SHA-client":"Test failure - reason unknown", + "DTLS12-NULL-SHA-client":"Test failure - reason unknown", + "DTLS12-NULL-SHA-server":"Test failure - reason unknown", + "BadECDSA-1-4":"Test failure - reason unknown", + "BadECDSA-3-4":"Test failure - reason unknown", + "BadECDSA-4-1":"Test failure - reason unknown", + "BadECDSA-4-4":"Test failure - reason unknown", + "BadECDSA-4-3":"Test failure - reason unknown", + "SillyDH":"Test failure - reason unknown", + "VersionNegotiationExtension-TLS1-DTLS":"Test failure - reason unknown", + "NoSupportedVersions-DTLS":"Test failure - reason unknown", + "VersionTooLow-DTLS":"Test failure - reason unknown", + "IgnoreClientVersionOrder":"Test failure - reason unknown", + "VersionTooLow":"Test failure - reason unknown", + "MinimumVersion-Server-TLS1-SSL3":"Test failure - reason unknown", + "MinimumVersion-Server2-TLS1-SSL3":"Test failure - reason unknown", + "MinimumVersion-Client2-TLS1-SSL3":"Test failure - reason unknown", + "MinimumVersion-Server2-TLS11-SSL3":"Test failure - reason unknown", + "MinimumVersion-Server-TLS11-SSL3":"Test failure - reason unknown", + "MinimumVersion-Client2-TLS11-SSL3":"Test failure - reason unknown", + "MinimumVersion-Client2-TLS11-TLS1":"Test failure - reason unknown", + "MinimumVersion-Server2-TLS12-SSL3":"Test failure - reason unknown", + "MinimumVersion-Server-TLS12-SSL3":"Test failure - reason unknown", + "MinimumVersion-Client2-TLS12-TLS1":"Test failure - reason unknown", + "MinimumVersion-Client2-TLS12-SSL3":"Test failure - reason unknown", + "MinimumVersion-Client2-TLS12-TLS1-DTLS":"Test failure - reason unknown", + "MinimumVersion-Client2-TLS12-TLS11":"Test failure - reason unknown", + "DuplicateExtensionClient-TLS1":"Test failure - reason unknown", + "DuplicateExtensionServer-TLS1":"Test failure - reason unknown", + "ALPNClient-Mismatch-TLS1":"Test failure - reason unknown", + "UnsolicitedServerNameAck-TLS1":"Test failure - reason unknown", + "ALPNServer-Decline-TLS1":"Test failure - reason unknown", + "ALPNClient-EmptyProtocolName-TLS1":"Test failure - reason unknown", + "NegotiateALPNAndNPN-Swapped-TLS1":"Test failure - reason unknown", + "NegotiateALPNAndNPN-TLS1":"Test failure - reason unknown", + "TicketSessionIDLength-33-TLS1":"Test failure - reason unknown", + "DuplicateExtensionClient-TLS11":"Test failure - reason unknown", + "DuplicateExtensionServer-TLS11":"Test failure - reason unknown", + "UnsolicitedServerNameAck-TLS11":"Test failure - reason unknown", + "ALPNServer-Decline-TLS11":"Test failure - reason unknown", + "ALPNClient-Mismatch-TLS11":"Test failure - reason unknown", + "ALPNClient-EmptyProtocolName-TLS11":"Test failure - reason unknown", + "NegotiateALPNAndNPN-TLS11":"Test failure - reason unknown", + "NegotiateALPNAndNPN-Swapped-TLS11":"Test failure - reason unknown", + "TicketSessionIDLength-33-TLS11":"Test failure - reason unknown", + "DuplicateExtensionServer-TLS12":"Test failure - reason unknown", + "DuplicateExtensionClient-TLS12":"Test failure - reason unknown", + "UnsolicitedServerNameAck-TLS12":"Test failure - reason unknown", + "ALPNServer-Decline-TLS12":"Test failure - reason unknown", + "ALPNClient-Mismatch-TLS12":"Test failure - reason unknown", + "ALPNClient-EmptyProtocolName-TLS12":"Test failure - reason unknown", + "NegotiateALPNAndNPN-TLS12":"Test failure - reason unknown", + "NegotiateALPNAndNPN-Swapped-TLS12":"Test failure - reason unknown", + "TicketSessionIDLength-33-TLS12":"Test failure - reason unknown", + "ClientHelloPadding":"Test failure - reason unknown", + "Resume-Server-UnofferedCipher":"Test failure - reason unknown", + "Resume-Client-CipherMismatch":"Test failure - reason unknown", + "Resume-Server-ExtraIdentityNoBinder":"Test failure - reason unknown", + "Resume-Server-BinderWrongLength":"Test failure - reason unknown", + "Resume-Server-ExtraPSKBinder":"Test failure - reason unknown", + "Resume-Server-NoPSKBinder":"Test failure - reason unknown", + "Resume-Server-PSKBinderFirstExtension":"Test failure - reason unknown", + "Resume-Server-InvalidPSKBinder":"Test failure - reason unknown", + "ExtendedMasterSecret-NoToYes-Client":"Test failure - reason unknown", + "Renegotiate-Server-Forbidden":"Test failure - reason unknown", + "ExtendedMasterSecret-Renego-NoEMS":"Test failure - reason unknown", + "Renegotiate-Client-SwitchVersion":"Test failure - reason unknown", + "Renegotiate-Client-Upgrade":"Test failure - reason unknown", + "Renegotiate-SameClientVersion":"Test failure - reason unknown", + "Renegotiate-Client-Downgrade":"Test failure - reason unknown", + "Renegotiate-Client-SwitchCiphers2":"Test failure - reason unknown", + "Renegotiate-Client-SwitchCiphers":"Test failure - reason unknown", + "Renegotiate-Client-Forbidden-1":"Test failure - reason unknown", + "StrayHelloRequest":"Test failure - reason unknown", + "Renegotiate-Client-Freely-2":"Test failure - reason unknown", + "Renegotiate-Client-NoIgnore":"Test failure - reason unknown", + "StrayHelloRequest-Packed":"Test failure - reason unknown", + "Renegotiate-Client-Freely-1":"Test failure - reason unknown", + "Renegotiation-CertificateChange":"Test failure - reason unknown", + "Renegotiation-CertificateChange-2":"Test failure - reason unknown", + "Renegotiate-Client-SSL3":"Test failure - reason unknown", + "ClientAuth-SHA1-Fallback-ECDSA":"Test failure - reason unknown", + "ClientAuth-SHA1-Fallback-RSA":"Test failure - reason unknown", + "P224-Server":"Test failure - reason unknown", + "RSA-PSS-Large":"Test failure - reason unknown", + "DTLS-Retransmit-Client-1":"Test failure - reason unknown", + "DTLS-Retransmit-Client-2":"Test failure - reason unknown", + "DTLS-Retransmit-Server-1":"Test failure - reason unknown", + "DTLS-Retransmit-Server-2":"Test failure - reason unknown", + "DTLS-Retransmit-Client-3":"Test failure - reason unknown", + "DTLS-Retransmit-Server-3":"Test failure - reason unknown", + "DTLS-Retransmit-Client-4":"Test failure - reason unknown", + "Renegotiate-Client-Packed":"Test failure - reason unknown", + "DTLS-Retransmit-Server-4":"Test failure - reason unknown", + "DTLS-Retransmit-Client-5":"Test failure - reason unknown", + "DTLS-Retransmit-Server-6":"Test failure - reason unknown", + "DTLS-Retransmit-Client-6":"Test failure - reason unknown", + "DTLS-Retransmit-Server-5":"Test failure - reason unknown", + "DTLS-Retransmit-Client-7":"Test failure - reason unknown", + "DTLS-Retransmit-Server-7":"Test failure - reason unknown", + "DTLS-Retransmit-Client-8":"Test failure - reason unknown", + "DTLS-Retransmit-Client-9":"Test failure - reason unknown", + "DTLS-Retransmit-Server-8":"Test failure - reason unknown", + "DTLS-Retransmit-Server-9":"Test failure - reason unknown", + "DTLS-Retransmit-Client-10":"Test failure - reason unknown", + "DTLS-Retransmit-Client-11":"Test failure - reason unknown", + "DTLS-Retransmit-Server-10":"Test failure - reason unknown", + "DTLS-Retransmit-Server-11":"Test failure - reason unknown", + "CustomExtensions-ParseError-Server":"Test failure - reason unknown", + "CustomExtensions-FailAdd-Server":"Test failure - reason unknown", + "CustomExtensions-FailAdd-Client":"Test failure - reason unknown", + "CustomExtensions-ParseError-Client":"Test failure - reason unknown", + "UnknownExtension-Client":"Test failure - reason unknown", + "UnofferedExtension-Client":"Test failure - reason unknown", + "PointFormat-Client-MissingUncompressed":"Test failure - reason unknown", + "PointFormat-Server-MissingUncompressed":"Test failure - reason unknown", + "Basic-Client-RenewTicket-Sync":"Test failure - reason unknown", + "Renegotiate-Client-Sync":"Test failure - reason unknown", + "Shutdown-Shim-Sync":"Test failure - reason unknown", + "Basic-Client-RenewTicket-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "Renegotiate-Client-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "Shutdown-Shim-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "Basic-Client-RenewTicket-Sync-PackHandshakeFlight":"Test failure - reason unknown", + "Renegotiate-Client-Sync-PackHandshakeFlight":"Test failure - reason unknown", + "Shutdown-Shim-Sync-PackHandshakeFlight":"Test failure - reason unknown", + "Basic-Client-RenewTicket-DTLS-Sync":"Test failure - reason unknown", + "Basic-Client-RenewTicket-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "Basic-Server-Implicit-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "ClientAuth-NoCertificate-Server-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "ClientAuth-ECDSA-Client-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "Basic-Server-RSA-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "Basic-Server-ECDHE-RSA-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "Basic-Server-ECDHE-ECDSA-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown", + "Basic-Client-RenewTicket-Async":"Test failure - reason unknown", + "Shutdown-Shim-Async":"Test failure - reason unknown", + "Basic-Client-RenewTicket-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "Shutdown-Shim-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "Basic-Client-RenewTicket-Async-PackHandshakeFlight":"Test failure - reason unknown", + "Shutdown-Shim-Async-PackHandshakeFlight":"Test failure - reason unknown", + "Basic-Client-RenewTicket-DTLS-Async":"Test failure - reason unknown", + "Basic-Client-RenewTicket-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "Basic-Server-Implicit-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "ClientAuth-NoCertificate-Server-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "ClientAuth-ECDSA-Client-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "Basic-Server-RSA-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "Basic-Server-ECDHE-RSA-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "Basic-Server-ECDHE-ECDSA-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown", + "SendUnencryptedFinished-DTLS":"Test failure - reason unknown", + "PartialEncryptedExtensionsWithServerHello":"Test failure - reason unknown", + "StrayChangeCipherSpec":"Test failure - reason unknown", + "PartialClientFinishedWithClientHello":"Test failure - reason unknown", + "TrailingMessageData-ClientHello":"Test failure - reason unknown", + "TrailingMessageData-ServerHello":"Test failure - reason unknown", + "TrailingMessageData-ServerCertificate":"Test failure - reason unknown", + "TrailingMessageData-ServerKeyExchange":"Test failure - reason unknown", + "TrailingMessageData-CertificateRequest":"Test failure - reason unknown", + "TrailingMessageData-ServerHelloDone":"Test failure - reason unknown", + "TrailingMessageData-ClientKeyExchange":"Test failure - reason unknown", + "TrailingMessageData-ClientCertificate":"Test failure - reason unknown", + "TrailingMessageData-CertificateVerify":"Test failure - reason unknown", + "TrailingMessageData-NextProtocol":"Test failure - reason unknown", + "TrailingMessageData-NewSessionTicket":"Test failure - reason unknown", + "TrailingMessageData-ClientFinished":"Test failure - reason unknown", + "TrailingMessageData-ServerFinished":"Test failure - reason unknown", + "TrailingMessageData-HelloVerifyRequest-DTLS":"Test failure - reason unknown", + "TrailingMessageData-ServerHello-DTLS":"Test failure - reason unknown", + "TrailingMessageData-ServerCertificate-DTLS":"Test failure - reason unknown", + "TrailingMessageData-ServerKeyExchange-DTLS":"Test failure - reason unknown", + "TrailingMessageData-CertificateRequest-DTLS":"Test failure - reason unknown", + "TrailingMessageData-ServerHelloDone-DTLS":"Test failure - reason unknown", + "TrailingMessageData-ClientCertificate-DTLS":"Test failure - reason unknown", + "TrailingMessageData-CertificateVerify-DTLS":"Test failure - reason unknown", + "TrailingMessageData-ClientKeyExchange-DTLS":"Test failure - reason unknown", + "TrailingMessageData-ClientFinished-DTLS":"Test failure - reason unknown", + "TrailingMessageData-NewSessionTicket-DTLS":"Test failure - reason unknown", + "TrailingMessageData-ServerFinished-DTLS":"Test failure - reason unknown", + "MissingKeyShare-Client":"Test failure - reason unknown", + "MissingKeyShare-Server":"Test failure - reason unknown", + "DuplicateKeyShares":"Test failure - reason unknown", + "SkipEarlyData":"Test failure - reason unknown", + "SkipEarlyData-OmitEarlyDataExtension":"Test failure - reason unknown", + "SkipEarlyData-TooMuchData":"Test failure - reason unknown", + "SkipEarlyData-Interleaved":"Test failure - reason unknown", + "SkipEarlyData-HRR":"Test failure - reason unknown", + "SkipEarlyData-HRR-Interleaved":"Test failure - reason unknown", + "SkipEarlyData-HRR-TooMuchData":"Test failure - reason unknown", + "SkipEarlyData-HRR-FatalAlert":"Test failure - reason unknown", + "SkipEarlyData-EarlyDataInTLS12":"Test failure - reason unknown", + "SkipEarlyData-SecondClientHelloEarlyData":"Test failure - reason unknown", + "EmptyEncryptedExtensions":"Test failure - reason unknown", + "EncryptedExtensionsWithKeyShare":"Test failure - reason unknown", + "UnknownCurve-HelloRetryRequest":"Test failure - reason unknown", + "UnnecessaryHelloRetryRequest":"Test failure - reason unknown", + "HelloRetryRequest-Empty":"Test failure - reason unknown", + "SecondHelloRetryRequest":"Test failure - reason unknown", + "HelloRetryRequest-DuplicateCurve":"Test failure - reason unknown", + "HelloRetryRequest-DuplicateCookie":"Test failure - reason unknown", + "HelloRetryRequest-EmptyCookie":"Test failure - reason unknown", + "HelloRetryRequest-Unknown":"Test failure - reason unknown", + "SecondClientHelloMissingKeyShare":"Test failure - reason unknown", + "SecondClientHelloWrongCurve":"Test failure - reason unknown", + "HelloRetryRequestVersionMismatch":"Test failure - reason unknown", + "HelloRetryRequestCurveMismatch":"Test failure - reason unknown", + "SkipHelloRetryRequest":"Test failure - reason unknown", + "Peek-Renegotiate":"Test failure - reason unknown", + "Peek-KeyUpdate":"Test failure - reason unknown", + "DTLS-Retransmit-Client-12":"Test failure - reason unknown", + "DTLS-Retransmit-Timeout":"Test failure - reason unknown", + "DTLS-Retransmit-Server-12":"Test failure - reason unknown", + "DTLS-Retransmit-Fudge":"Test failure - reason unknown", + "DTLS-Retransmit-Fragmented":"Test failure - reason unknown", + "TrailingMessageData-ClientHello-DTLS":"Test failure - reason unknown", + "SendFallbackSCSV":"Current runner version uses old draft TLSv1.3", + "VersionNegotiationExtension-TLS11":"Current runner version uses old draft TLSv1.3", + "VersionNegotiationExtension-TLS1":"Current runner version uses old draft TLSv1.3", + "VersionNegotiationExtension-SSL3":"Current runner version uses old draft TLSv1.3", + "ConflictingVersionNegotiation":"Current runner version uses old draft TLSv1.3" + }, + "ErrorMap" : { + ":UNEXPECTED_MESSAGE:":"unexpected message", + ":INAPPROPRIATE_FALLBACK:":"inappropriate fallback", + ":UNEXPECTED_RECORD:":"unexpected message", + ":TLSV1_ALERT_RECORD_OVERFLOW:":"tlsv1 alert record overflow", + ":WRONG_SSL_VERSION:":"no protocols available", + ":BAD_ALERT:":"invalid alert", + ":HTTP_REQUEST:":"http request", + ":HTTPS_PROXY_REQUEST:":"https proxy request", + ":WRONG_CERTIFICATE_TYPE:":"wrong certificate type", + ":WRONG_VERSION_NUMBER:":"wrong version number", + ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:":"decryption failed or bad record mac", + ":DIGEST_CHECK_FAILED:":"digest check failed", + ":TOO_MANY_EMPTY_FRAGMENTS:":"record too small", + ":TOO_MANY_WARNING_ALERTS:":"too many warn alerts", + ":DATA_LENGTH_TOO_LONG:":"data length too long", + ":EXCESSIVE_MESSAGE_SIZE:":"excessive message size", + ":ENCRYPTED_LENGTH_TOO_LONG:":"packet length too long", + ":INVALID_COMPRESSION_LIST:":"no compression specified", + ":NO_SHARED_CIPHER:":"no shared cipher", + ":WRONG_CIPHER_RETURNED:":"wrong cipher returned", + ":HANDSHAKE_FAILURE_ON_CLIENT_HELLO:":"sslv3 alert handshake failure", + ":UNKNOWN_CIPHER_RETURNED:":"unknown cipher returned", + ":BAD_SIGNATURE:":"bad signature", + ":BAD_DH_P_LENGTH:":"dh key too small", + ":PEER_DID_NOT_RETURN_A_CERTIFICATE:":"peer did not return a certificate", + ":UNSUPPORTED_PROTOCOL:":"unsupported protocol", + ":PARSE_TLSEXT:":"bad extension", + ":BAD_SRTP_PROTECTION_PROFILE_LIST:":"bad srtp protection profile list", + ":OLD_SESSION_VERSION_NOT_RETURNED:":"ssl session version mismatch", + ":RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION:":"inconsistent extms", + ":RENEGOTIATION_EMS_MISMATCH:":"inconsistent extms", + ":RENEGOTIATION_MISMATCH:":"renegotiation mismatch", + ":WRONG_SIGNATURE_TYPE:":"wrong signature type", + ":BAD_ECC_CERT:":"wrong curve", + ":WRONG_CURVE:":"wrong curve", + ":INVALID_ENCODING:":"invalid encoding", + ":CERTIFICATE_VERIFY_FAILED:":"certificate verify failed", + ":BAD_CHANGE_CIPHER_SPEC:":"bad change cipher spec", + ":ECC_CERT_NOT_FOR_SIGNING:":"ecc cert not for signing", + ":OLD_SESSION_CIPHER_NOT_RETURNED:":"old session cipher not returned", + ":RESUMED_NON_EMS_SESSION_WITH_EMS_EXTENSION:":"inconsistent extms" + } +} diff --git a/deps/openssl/openssl/test/ossl_shim/ossl_shim.cc b/deps/openssl/openssl/test/ossl_shim/ossl_shim.cc new file mode 100644 index 00000000000000..90d1f1ef402706 --- /dev/null +++ b/deps/openssl/openssl/test/ossl_shim/ossl_shim.cc @@ -0,0 +1,1300 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#if !defined(__STDC_FORMAT_MACROS) +#define __STDC_FORMAT_MACROS +#endif + +#include "packeted_bio.h" +#include + +#if !defined(OPENSSL_SYS_WINDOWS) +#include +#include +#include +#include +#include +#include +#include +#else +#include +OPENSSL_MSVC_PRAGMA(warning(push, 3)) +#include +#include +OPENSSL_MSVC_PRAGMA(warning(pop)) + +OPENSSL_MSVC_PRAGMA(comment(lib, "Ws2_32.lib")) +#endif + +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include + +#include "async_bio.h" +#include "test_config.h" + +namespace bssl { + +#if !defined(OPENSSL_SYS_WINDOWS) +static int closesocket(int sock) { + return close(sock); +} + +static void PrintSocketError(const char *func) { + perror(func); +} +#else +static void PrintSocketError(const char *func) { + fprintf(stderr, "%s: %d\n", func, WSAGetLastError()); +} +#endif + +static int Usage(const char *program) { + fprintf(stderr, "Usage: %s [flags...]\n", program); + return 1; +} + +struct TestState { + // async_bio is async BIO which pauses reads and writes. + BIO *async_bio = nullptr; + // packeted_bio is the packeted BIO which simulates read timeouts. + BIO *packeted_bio = nullptr; + bool cert_ready = false; + bool handshake_done = false; + // private_key is the underlying private key used when testing custom keys. + bssl::UniquePtr private_key; + bool got_new_session = false; + bssl::UniquePtr new_session; + bool ticket_decrypt_done = false; + bool alpn_select_done = false; +}; + +static void TestStateExFree(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int index, long argl, void *argp) { + delete ((TestState *)ptr); +} + +static int g_config_index = 0; +static int g_state_index = 0; + +static bool SetTestConfig(SSL *ssl, const TestConfig *config) { + return SSL_set_ex_data(ssl, g_config_index, (void *)config) == 1; +} + +static const TestConfig *GetTestConfig(const SSL *ssl) { + return (const TestConfig *)SSL_get_ex_data(ssl, g_config_index); +} + +static bool SetTestState(SSL *ssl, std::unique_ptr state) { + // |SSL_set_ex_data| takes ownership of |state| only on success. + if (SSL_set_ex_data(ssl, g_state_index, state.get()) == 1) { + state.release(); + return true; + } + return false; +} + +static TestState *GetTestState(const SSL *ssl) { + return (TestState *)SSL_get_ex_data(ssl, g_state_index); +} + +static bssl::UniquePtr LoadCertificate(const std::string &file) { + bssl::UniquePtr bio(BIO_new(BIO_s_file())); + if (!bio || !BIO_read_filename(bio.get(), file.c_str())) { + return nullptr; + } + return bssl::UniquePtr(PEM_read_bio_X509(bio.get(), NULL, NULL, NULL)); +} + +static bssl::UniquePtr LoadPrivateKey(const std::string &file) { + bssl::UniquePtr bio(BIO_new(BIO_s_file())); + if (!bio || !BIO_read_filename(bio.get(), file.c_str())) { + return nullptr; + } + return bssl::UniquePtr( + PEM_read_bio_PrivateKey(bio.get(), NULL, NULL, NULL)); +} + +template +struct Free { + void operator()(T *buf) { + free(buf); + } +}; + +static bool GetCertificate(SSL *ssl, bssl::UniquePtr *out_x509, + bssl::UniquePtr *out_pkey) { + const TestConfig *config = GetTestConfig(ssl); + + if (!config->key_file.empty()) { + *out_pkey = LoadPrivateKey(config->key_file.c_str()); + if (!*out_pkey) { + return false; + } + } + if (!config->cert_file.empty()) { + *out_x509 = LoadCertificate(config->cert_file.c_str()); + if (!*out_x509) { + return false; + } + } + return true; +} + +static bool InstallCertificate(SSL *ssl) { + bssl::UniquePtr x509; + bssl::UniquePtr pkey; + if (!GetCertificate(ssl, &x509, &pkey)) { + return false; + } + + if (pkey && !SSL_use_PrivateKey(ssl, pkey.get())) { + return false; + } + + if (x509 && !SSL_use_certificate(ssl, x509.get())) { + return false; + } + + return true; +} + +static int ClientCertCallback(SSL *ssl, X509 **out_x509, EVP_PKEY **out_pkey) { + if (GetTestConfig(ssl)->async && !GetTestState(ssl)->cert_ready) { + return -1; + } + + bssl::UniquePtr x509; + bssl::UniquePtr pkey; + if (!GetCertificate(ssl, &x509, &pkey)) { + return -1; + } + + // Return zero for no certificate. + if (!x509) { + return 0; + } + + // Asynchronous private keys are not supported with client_cert_cb. + *out_x509 = x509.release(); + *out_pkey = pkey.release(); + return 1; +} + +static int VerifySucceed(X509_STORE_CTX *store_ctx, void *arg) { + return 1; +} + +static int VerifyFail(X509_STORE_CTX *store_ctx, void *arg) { + X509_STORE_CTX_set_error(store_ctx, X509_V_ERR_APPLICATION_VERIFICATION); + return 0; +} + +static int NextProtosAdvertisedCallback(SSL *ssl, const uint8_t **out, + unsigned int *out_len, void *arg) { + const TestConfig *config = GetTestConfig(ssl); + if (config->advertise_npn.empty()) { + return SSL_TLSEXT_ERR_NOACK; + } + + *out = (const uint8_t*)config->advertise_npn.data(); + *out_len = config->advertise_npn.size(); + return SSL_TLSEXT_ERR_OK; +} + +static int NextProtoSelectCallback(SSL* ssl, uint8_t** out, uint8_t* outlen, + const uint8_t* in, unsigned inlen, void* arg) { + const TestConfig *config = GetTestConfig(ssl); + if (config->select_next_proto.empty()) { + return SSL_TLSEXT_ERR_NOACK; + } + + *out = (uint8_t*)config->select_next_proto.data(); + *outlen = config->select_next_proto.size(); + return SSL_TLSEXT_ERR_OK; +} + +static int AlpnSelectCallback(SSL* ssl, const uint8_t** out, uint8_t* outlen, + const uint8_t* in, unsigned inlen, void* arg) { + if (GetTestState(ssl)->alpn_select_done) { + fprintf(stderr, "AlpnSelectCallback called after completion.\n"); + exit(1); + } + + GetTestState(ssl)->alpn_select_done = true; + + const TestConfig *config = GetTestConfig(ssl); + if (config->decline_alpn) { + return SSL_TLSEXT_ERR_NOACK; + } + + if (!config->expected_advertised_alpn.empty() && + (config->expected_advertised_alpn.size() != inlen || + memcmp(config->expected_advertised_alpn.data(), + in, inlen) != 0)) { + fprintf(stderr, "bad ALPN select callback inputs\n"); + exit(1); + } + + *out = (const uint8_t*)config->select_alpn.data(); + *outlen = config->select_alpn.size(); + return SSL_TLSEXT_ERR_OK; +} + +static unsigned PskClientCallback(SSL *ssl, const char *hint, + char *out_identity, + unsigned max_identity_len, + uint8_t *out_psk, unsigned max_psk_len) { + const TestConfig *config = GetTestConfig(ssl); + + if (config->psk_identity.empty()) { + if (hint != nullptr) { + fprintf(stderr, "Server PSK hint was non-null.\n"); + return 0; + } + } else if (hint == nullptr || + strcmp(hint, config->psk_identity.c_str()) != 0) { + fprintf(stderr, "Server PSK hint did not match.\n"); + return 0; + } + + // Account for the trailing '\0' for the identity. + if (config->psk_identity.size() >= max_identity_len || + config->psk.size() > max_psk_len) { + fprintf(stderr, "PSK buffers too small\n"); + return 0; + } + + BUF_strlcpy(out_identity, config->psk_identity.c_str(), + max_identity_len); + memcpy(out_psk, config->psk.data(), config->psk.size()); + return config->psk.size(); +} + +static unsigned PskServerCallback(SSL *ssl, const char *identity, + uint8_t *out_psk, unsigned max_psk_len) { + const TestConfig *config = GetTestConfig(ssl); + + if (strcmp(identity, config->psk_identity.c_str()) != 0) { + fprintf(stderr, "Client PSK identity did not match.\n"); + return 0; + } + + if (config->psk.size() > max_psk_len) { + fprintf(stderr, "PSK buffers too small\n"); + return 0; + } + + memcpy(out_psk, config->psk.data(), config->psk.size()); + return config->psk.size(); +} + +static int CertCallback(SSL *ssl, void *arg) { + const TestConfig *config = GetTestConfig(ssl); + + // Check the CertificateRequest metadata is as expected. + // + // TODO(davidben): Test |SSL_get_client_CA_list|. + if (!SSL_is_server(ssl) && + !config->expected_certificate_types.empty()) { + const uint8_t *certificate_types; + size_t certificate_types_len = + SSL_get0_certificate_types(ssl, &certificate_types); + if (certificate_types_len != config->expected_certificate_types.size() || + memcmp(certificate_types, + config->expected_certificate_types.data(), + certificate_types_len) != 0) { + fprintf(stderr, "certificate types mismatch\n"); + return 0; + } + } + + // The certificate will be installed via other means. + if (!config->async || + config->use_old_client_cert_callback) { + return 1; + } + + if (!GetTestState(ssl)->cert_ready) { + return -1; + } + if (!InstallCertificate(ssl)) { + return 0; + } + return 1; +} + +static void InfoCallback(const SSL *ssl, int type, int val) { + if (type == SSL_CB_HANDSHAKE_DONE) { + if (GetTestConfig(ssl)->handshake_never_done) { + fprintf(stderr, "Handshake unexpectedly completed.\n"); + // Abort before any expected error code is printed, to ensure the overall + // test fails. + abort(); + } + GetTestState(ssl)->handshake_done = true; + + // Callbacks may be called again on a new handshake. + GetTestState(ssl)->ticket_decrypt_done = false; + GetTestState(ssl)->alpn_select_done = false; + } +} + +static int NewSessionCallback(SSL *ssl, SSL_SESSION *session) { + GetTestState(ssl)->got_new_session = true; + GetTestState(ssl)->new_session.reset(session); + return 1; +} + +static int TicketKeyCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv, + EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx, + int encrypt) { + if (!encrypt) { + if (GetTestState(ssl)->ticket_decrypt_done) { + fprintf(stderr, "TicketKeyCallback called after completion.\n"); + return -1; + } + + GetTestState(ssl)->ticket_decrypt_done = true; + } + + // This is just test code, so use the all-zeros key. + static const uint8_t kZeros[16] = {0}; + + if (encrypt) { + memcpy(key_name, kZeros, sizeof(kZeros)); + RAND_bytes(iv, 16); + } else if (memcmp(key_name, kZeros, 16) != 0) { + return 0; + } + + if (!HMAC_Init_ex(hmac_ctx, kZeros, sizeof(kZeros), EVP_sha256(), NULL) || + !EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, kZeros, iv, encrypt)) { + return -1; + } + + if (!encrypt) { + return GetTestConfig(ssl)->renew_ticket ? 2 : 1; + } + return 1; +} + +// kCustomExtensionValue is the extension value that the custom extension +// callbacks will add. +static const uint16_t kCustomExtensionValue = 1234; +static void *const kCustomExtensionAddArg = + reinterpret_cast(kCustomExtensionValue); +static void *const kCustomExtensionParseArg = + reinterpret_cast(kCustomExtensionValue + 1); +static const char kCustomExtensionContents[] = "custom extension"; + +static int CustomExtensionAddCallback(SSL *ssl, unsigned extension_value, + const uint8_t **out, size_t *out_len, + int *out_alert_value, void *add_arg) { + if (extension_value != kCustomExtensionValue || + add_arg != kCustomExtensionAddArg) { + abort(); + } + + if (GetTestConfig(ssl)->custom_extension_skip) { + return 0; + } + if (GetTestConfig(ssl)->custom_extension_fail_add) { + return -1; + } + + *out = reinterpret_cast(kCustomExtensionContents); + *out_len = sizeof(kCustomExtensionContents) - 1; + + return 1; +} + +static void CustomExtensionFreeCallback(SSL *ssl, unsigned extension_value, + const uint8_t *out, void *add_arg) { + if (extension_value != kCustomExtensionValue || + add_arg != kCustomExtensionAddArg || + out != reinterpret_cast(kCustomExtensionContents)) { + abort(); + } +} + +static int CustomExtensionParseCallback(SSL *ssl, unsigned extension_value, + const uint8_t *contents, + size_t contents_len, + int *out_alert_value, void *parse_arg) { + if (extension_value != kCustomExtensionValue || + parse_arg != kCustomExtensionParseArg) { + abort(); + } + + if (contents_len != sizeof(kCustomExtensionContents) - 1 || + memcmp(contents, kCustomExtensionContents, contents_len) != 0) { + *out_alert_value = SSL_AD_DECODE_ERROR; + return 0; + } + + return 1; +} + +static int ServerNameCallback(SSL *ssl, int *out_alert, void *arg) { + // SNI must be accessible from the SNI callback. + const TestConfig *config = GetTestConfig(ssl); + const char *server_name = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name); + if (server_name == nullptr || + std::string(server_name) != config->expected_server_name) { + fprintf(stderr, "servername mismatch (got %s; want %s)\n", server_name, + config->expected_server_name.c_str()); + return SSL_TLSEXT_ERR_ALERT_FATAL; + } + + return SSL_TLSEXT_ERR_OK; +} + +// Connect returns a new socket connected to localhost on |port| or -1 on +// error. +static int Connect(uint16_t port) { + int sock = socket(AF_INET, SOCK_STREAM, 0); + if (sock == -1) { + PrintSocketError("socket"); + return -1; + } + int nodelay = 1; + if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, + reinterpret_cast(&nodelay), sizeof(nodelay)) != 0) { + PrintSocketError("setsockopt"); + closesocket(sock); + return -1; + } + sockaddr_in sin; + memset(&sin, 0, sizeof(sin)); + sin.sin_family = AF_INET; + sin.sin_port = htons(port); + if (!inet_pton(AF_INET, "127.0.0.1", &sin.sin_addr)) { + PrintSocketError("inet_pton"); + closesocket(sock); + return -1; + } + if (connect(sock, reinterpret_cast(&sin), + sizeof(sin)) != 0) { + PrintSocketError("connect"); + closesocket(sock); + return -1; + } + return sock; +} + +class SocketCloser { + public: + explicit SocketCloser(int sock) : sock_(sock) {} + ~SocketCloser() { + // Half-close and drain the socket before releasing it. This seems to be + // necessary for graceful shutdown on Windows. It will also avoid write + // failures in the test runner. +#if defined(OPENSSL_SYS_WINDOWS) + shutdown(sock_, SD_SEND); +#else + shutdown(sock_, SHUT_WR); +#endif + while (true) { + char buf[1024]; + if (recv(sock_, buf, sizeof(buf), 0) <= 0) { + break; + } + } + closesocket(sock_); + } + + private: + const int sock_; +}; + +static bssl::UniquePtr SetupCtx(const TestConfig *config) { + const char sess_id_ctx[] = "ossl_shim"; + bssl::UniquePtr ssl_ctx(SSL_CTX_new( + config->is_dtls ? DTLS_method() : TLS_method())); + if (!ssl_ctx) { + return nullptr; + } + + SSL_CTX_set_security_level(ssl_ctx.get(), 0); +#if 0 + /* Disabled for now until we have some TLS1.3 support */ + // Enable TLS 1.3 for tests. + if (!config->is_dtls && + !SSL_CTX_set_max_proto_version(ssl_ctx.get(), TLS1_3_VERSION)) { + return nullptr; + } +#else + /* Ensure we don't negotiate TLSv1.3 until we can handle it */ + if (!config->is_dtls && + !SSL_CTX_set_max_proto_version(ssl_ctx.get(), TLS1_2_VERSION)) { + return nullptr; + } +#endif + + std::string cipher_list = "ALL"; + if (!config->cipher.empty()) { + cipher_list = config->cipher; + SSL_CTX_set_options(ssl_ctx.get(), SSL_OP_CIPHER_SERVER_PREFERENCE); + } + if (!SSL_CTX_set_cipher_list(ssl_ctx.get(), cipher_list.c_str())) { + return nullptr; + } + + DH *tmpdh; + + if (config->use_sparse_dh_prime) { + BIGNUM *p, *g; + p = BN_new(); + g = BN_new(); + tmpdh = DH_new(); + if (p == NULL || g == NULL || tmpdh == NULL) { + BN_free(p); + BN_free(g); + DH_free(tmpdh); + return nullptr; + } + // This prime number is 2^1024 + 643 – a value just above a power of two. + // Because of its form, values modulo it are essentially certain to be one + // byte shorter. This is used to test padding of these values. + if (BN_hex2bn( + &p, + "1000000000000000000000000000000000000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000028" + "3") == 0 || + !BN_set_word(g, 2)) { + BN_free(p); + BN_free(g); + DH_free(tmpdh); + return nullptr; + } + DH_set0_pqg(tmpdh, p, NULL, g); + } else { + tmpdh = DH_get_2048_256(); + } + + bssl::UniquePtr dh(tmpdh); + + if (!dh || !SSL_CTX_set_tmp_dh(ssl_ctx.get(), dh.get())) { + return nullptr; + } + + SSL_CTX_set_session_cache_mode(ssl_ctx.get(), SSL_SESS_CACHE_BOTH); + + if (config->use_old_client_cert_callback) { + SSL_CTX_set_client_cert_cb(ssl_ctx.get(), ClientCertCallback); + } + + SSL_CTX_set_npn_advertised_cb( + ssl_ctx.get(), NextProtosAdvertisedCallback, NULL); + if (!config->select_next_proto.empty()) { + SSL_CTX_set_next_proto_select_cb(ssl_ctx.get(), NextProtoSelectCallback, + NULL); + } + + if (!config->select_alpn.empty() || config->decline_alpn) { + SSL_CTX_set_alpn_select_cb(ssl_ctx.get(), AlpnSelectCallback, NULL); + } + + SSL_CTX_set_info_callback(ssl_ctx.get(), InfoCallback); + SSL_CTX_sess_set_new_cb(ssl_ctx.get(), NewSessionCallback); + + if (config->use_ticket_callback) { + SSL_CTX_set_tlsext_ticket_key_cb(ssl_ctx.get(), TicketKeyCallback); + } + + if (config->enable_client_custom_extension && + !SSL_CTX_add_client_custom_ext( + ssl_ctx.get(), kCustomExtensionValue, CustomExtensionAddCallback, + CustomExtensionFreeCallback, kCustomExtensionAddArg, + CustomExtensionParseCallback, kCustomExtensionParseArg)) { + return nullptr; + } + + if (config->enable_server_custom_extension && + !SSL_CTX_add_server_custom_ext( + ssl_ctx.get(), kCustomExtensionValue, CustomExtensionAddCallback, + CustomExtensionFreeCallback, kCustomExtensionAddArg, + CustomExtensionParseCallback, kCustomExtensionParseArg)) { + return nullptr; + } + + if (config->verify_fail) { + SSL_CTX_set_cert_verify_callback(ssl_ctx.get(), VerifyFail, NULL); + } else { + SSL_CTX_set_cert_verify_callback(ssl_ctx.get(), VerifySucceed, NULL); + } + + if (config->use_null_client_ca_list) { + SSL_CTX_set_client_CA_list(ssl_ctx.get(), nullptr); + } + + if (!SSL_CTX_set_session_id_context(ssl_ctx.get(), + (const unsigned char *)sess_id_ctx, + sizeof(sess_id_ctx) - 1)) + return nullptr; + + if (!config->expected_server_name.empty()) { + SSL_CTX_set_tlsext_servername_callback(ssl_ctx.get(), ServerNameCallback); + } + + return ssl_ctx; +} + +// RetryAsync is called after a failed operation on |ssl| with return code +// |ret|. If the operation should be retried, it simulates one asynchronous +// event and returns true. Otherwise it returns false. +static bool RetryAsync(SSL *ssl, int ret) { + // No error; don't retry. + if (ret >= 0) { + return false; + } + + TestState *test_state = GetTestState(ssl); + assert(GetTestConfig(ssl)->async); + + if (test_state->packeted_bio != nullptr && + PacketedBioAdvanceClock(test_state->packeted_bio)) { + // The DTLS retransmit logic silently ignores write failures. So the test + // may progress, allow writes through synchronously. + AsyncBioEnforceWriteQuota(test_state->async_bio, false); + int timeout_ret = DTLSv1_handle_timeout(ssl); + AsyncBioEnforceWriteQuota(test_state->async_bio, true); + + if (timeout_ret < 0) { + fprintf(stderr, "Error retransmitting.\n"); + return false; + } + return true; + } + + // See if we needed to read or write more. If so, allow one byte through on + // the appropriate end to maximally stress the state machine. + switch (SSL_get_error(ssl, ret)) { + case SSL_ERROR_WANT_READ: + AsyncBioAllowRead(test_state->async_bio, 1); + return true; + case SSL_ERROR_WANT_WRITE: + AsyncBioAllowWrite(test_state->async_bio, 1); + return true; + case SSL_ERROR_WANT_X509_LOOKUP: + test_state->cert_ready = true; + return true; + default: + return false; + } +} + +// DoRead reads from |ssl|, resolving any asynchronous operations. It returns +// the result value of the final |SSL_read| call. +static int DoRead(SSL *ssl, uint8_t *out, size_t max_out) { + const TestConfig *config = GetTestConfig(ssl); + TestState *test_state = GetTestState(ssl); + int ret; + do { + if (config->async) { + // The DTLS retransmit logic silently ignores write failures. So the test + // may progress, allow writes through synchronously. |SSL_read| may + // trigger a retransmit, so disconnect the write quota. + AsyncBioEnforceWriteQuota(test_state->async_bio, false); + } + ret = config->peek_then_read ? SSL_peek(ssl, out, max_out) + : SSL_read(ssl, out, max_out); + if (config->async) { + AsyncBioEnforceWriteQuota(test_state->async_bio, true); + } + } while (config->async && RetryAsync(ssl, ret)); + + if (config->peek_then_read && ret > 0) { + std::unique_ptr buf(new uint8_t[static_cast(ret)]); + + // SSL_peek should synchronously return the same data. + int ret2 = SSL_peek(ssl, buf.get(), ret); + if (ret2 != ret || + memcmp(buf.get(), out, ret) != 0) { + fprintf(stderr, "First and second SSL_peek did not match.\n"); + return -1; + } + + // SSL_read should synchronously return the same data and consume it. + ret2 = SSL_read(ssl, buf.get(), ret); + if (ret2 != ret || + memcmp(buf.get(), out, ret) != 0) { + fprintf(stderr, "SSL_peek and SSL_read did not match.\n"); + return -1; + } + } + + return ret; +} + +// WriteAll writes |in_len| bytes from |in| to |ssl|, resolving any asynchronous +// operations. It returns the result of the final |SSL_write| call. +static int WriteAll(SSL *ssl, const uint8_t *in, size_t in_len) { + const TestConfig *config = GetTestConfig(ssl); + int ret; + do { + ret = SSL_write(ssl, in, in_len); + if (ret > 0) { + in += ret; + in_len -= ret; + } + } while ((config->async && RetryAsync(ssl, ret)) || (ret > 0 && in_len > 0)); + return ret; +} + +// DoShutdown calls |SSL_shutdown|, resolving any asynchronous operations. It +// returns the result of the final |SSL_shutdown| call. +static int DoShutdown(SSL *ssl) { + const TestConfig *config = GetTestConfig(ssl); + int ret; + do { + ret = SSL_shutdown(ssl); + } while (config->async && RetryAsync(ssl, ret)); + return ret; +} + +static uint16_t GetProtocolVersion(const SSL *ssl) { + uint16_t version = SSL_version(ssl); + if (!SSL_is_dtls(ssl)) { + return version; + } + return 0x0201 + ~version; +} + +// CheckHandshakeProperties checks, immediately after |ssl| completes its +// initial handshake (or False Starts), whether all the properties are +// consistent with the test configuration and invariants. +static bool CheckHandshakeProperties(SSL *ssl, bool is_resume) { + const TestConfig *config = GetTestConfig(ssl); + + if (SSL_get_current_cipher(ssl) == nullptr) { + fprintf(stderr, "null cipher after handshake\n"); + return false; + } + + if (is_resume && + (!!SSL_session_reused(ssl) == config->expect_session_miss)) { + fprintf(stderr, "session was%s reused\n", + SSL_session_reused(ssl) ? "" : " not"); + return false; + } + + if (!GetTestState(ssl)->handshake_done) { + fprintf(stderr, "handshake was not completed\n"); + return false; + } + + if (!config->is_server) { + bool expect_new_session = + !config->expect_no_session && + (!SSL_session_reused(ssl) || config->expect_ticket_renewal) && + // Session tickets are sent post-handshake in TLS 1.3. + GetProtocolVersion(ssl) < TLS1_3_VERSION; + if (expect_new_session != GetTestState(ssl)->got_new_session) { + fprintf(stderr, + "new session was%s cached, but we expected the opposite\n", + GetTestState(ssl)->got_new_session ? "" : " not"); + return false; + } + } + + if (!config->expected_server_name.empty()) { + const char *server_name = + SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name); + if (server_name == nullptr || + std::string(server_name) != config->expected_server_name) { + fprintf(stderr, "servername mismatch (got %s; want %s)\n", + server_name, config->expected_server_name.c_str()); + return false; + } + } + + if (!config->expected_next_proto.empty()) { + const uint8_t *next_proto; + unsigned next_proto_len; + SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len); + if (next_proto_len != config->expected_next_proto.size() || + memcmp(next_proto, config->expected_next_proto.data(), + next_proto_len) != 0) { + fprintf(stderr, "negotiated next proto mismatch\n"); + return false; + } + } + + if (!config->expected_alpn.empty()) { + const uint8_t *alpn_proto; + unsigned alpn_proto_len; + SSL_get0_alpn_selected(ssl, &alpn_proto, &alpn_proto_len); + if (alpn_proto_len != config->expected_alpn.size() || + memcmp(alpn_proto, config->expected_alpn.data(), + alpn_proto_len) != 0) { + fprintf(stderr, "negotiated alpn proto mismatch\n"); + return false; + } + } + + if (config->expect_extended_master_secret) { + if (!SSL_get_extms_support(ssl)) { + fprintf(stderr, "No EMS for connection when expected"); + return false; + } + } + + if (config->expect_verify_result) { + int expected_verify_result = config->verify_fail ? + X509_V_ERR_APPLICATION_VERIFICATION : + X509_V_OK; + + if (SSL_get_verify_result(ssl) != expected_verify_result) { + fprintf(stderr, "Wrong certificate verification result\n"); + return false; + } + } + + if (!config->psk.empty()) { + if (SSL_get_peer_cert_chain(ssl) != nullptr) { + fprintf(stderr, "Received peer certificate on a PSK cipher.\n"); + return false; + } + } else if (!config->is_server || config->require_any_client_certificate) { + if (SSL_get_peer_certificate(ssl) == nullptr) { + fprintf(stderr, "Received no peer certificate but expected one.\n"); + return false; + } + } + + return true; +} + +// DoExchange runs a test SSL exchange against the peer. On success, it returns +// true and sets |*out_session| to the negotiated SSL session. If the test is a +// resumption attempt, |is_resume| is true and |session| is the session from the +// previous exchange. +static bool DoExchange(bssl::UniquePtr *out_session, + SSL_CTX *ssl_ctx, const TestConfig *config, + bool is_resume, SSL_SESSION *session) { + bssl::UniquePtr ssl(SSL_new(ssl_ctx)); + if (!ssl) { + return false; + } + + if (!SetTestConfig(ssl.get(), config) || + !SetTestState(ssl.get(), std::unique_ptr(new TestState))) { + return false; + } + + if (config->fallback_scsv && + !SSL_set_mode(ssl.get(), SSL_MODE_SEND_FALLBACK_SCSV)) { + return false; + } + // Install the certificate synchronously if nothing else will handle it. + if (!config->use_old_client_cert_callback && + !config->async && + !InstallCertificate(ssl.get())) { + return false; + } + SSL_set_cert_cb(ssl.get(), CertCallback, nullptr); + if (config->require_any_client_certificate) { + SSL_set_verify(ssl.get(), SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, + NULL); + } + if (config->verify_peer) { + SSL_set_verify(ssl.get(), SSL_VERIFY_PEER, NULL); + } + if (config->partial_write) { + SSL_set_mode(ssl.get(), SSL_MODE_ENABLE_PARTIAL_WRITE); + } + if (config->no_tls13) { + SSL_set_options(ssl.get(), SSL_OP_NO_TLSv1_3); + } + if (config->no_tls12) { + SSL_set_options(ssl.get(), SSL_OP_NO_TLSv1_2); + } + if (config->no_tls11) { + SSL_set_options(ssl.get(), SSL_OP_NO_TLSv1_1); + } + if (config->no_tls1) { + SSL_set_options(ssl.get(), SSL_OP_NO_TLSv1); + } + if (config->no_ssl3) { + SSL_set_options(ssl.get(), SSL_OP_NO_SSLv3); + } + if (!config->host_name.empty() && + !SSL_set_tlsext_host_name(ssl.get(), config->host_name.c_str())) { + return false; + } + if (!config->advertise_alpn.empty() && + SSL_set_alpn_protos(ssl.get(), + (const uint8_t *)config->advertise_alpn.data(), + config->advertise_alpn.size()) != 0) { + return false; + } + if (!config->psk.empty()) { + SSL_set_psk_client_callback(ssl.get(), PskClientCallback); + SSL_set_psk_server_callback(ssl.get(), PskServerCallback); + } + if (!config->psk_identity.empty() && + !SSL_use_psk_identity_hint(ssl.get(), config->psk_identity.c_str())) { + return false; + } + if (!config->srtp_profiles.empty() && + SSL_set_tlsext_use_srtp(ssl.get(), config->srtp_profiles.c_str())) { + return false; + } + if (config->min_version != 0 && + !SSL_set_min_proto_version(ssl.get(), (uint16_t)config->min_version)) { + return false; + } + if (config->max_version != 0 && + !SSL_set_max_proto_version(ssl.get(), (uint16_t)config->max_version)) { + return false; + } + if (config->mtu != 0) { + SSL_set_options(ssl.get(), SSL_OP_NO_QUERY_MTU); + SSL_set_mtu(ssl.get(), config->mtu); + } + if (config->renegotiate_freely) { + // This is always on for OpenSSL. + } + if (!config->check_close_notify) { + SSL_set_quiet_shutdown(ssl.get(), 1); + } + if (config->p384_only) { + int nid = NID_secp384r1; + if (!SSL_set1_curves(ssl.get(), &nid, 1)) { + return false; + } + } + if (config->enable_all_curves) { + static const int kAllCurves[] = { + NID_X25519, NID_X9_62_prime256v1, NID_X448, NID_secp521r1, NID_secp384r1 + }; + if (!SSL_set1_curves(ssl.get(), kAllCurves, + OPENSSL_ARRAY_SIZE(kAllCurves))) { + return false; + } + } + if (config->max_cert_list > 0) { + SSL_set_max_cert_list(ssl.get(), config->max_cert_list); + } + + if (!config->async) { + SSL_set_mode(ssl.get(), SSL_MODE_AUTO_RETRY); + } + + int sock = Connect(config->port); + if (sock == -1) { + return false; + } + SocketCloser closer(sock); + + bssl::UniquePtr bio(BIO_new_socket(sock, BIO_NOCLOSE)); + if (!bio) { + return false; + } + if (config->is_dtls) { + bssl::UniquePtr packeted = PacketedBioCreate(!config->async); + if (!packeted) { + return false; + } + GetTestState(ssl.get())->packeted_bio = packeted.get(); + BIO_push(packeted.get(), bio.release()); + bio = std::move(packeted); + } + if (config->async) { + bssl::UniquePtr async_scoped = + config->is_dtls ? AsyncBioCreateDatagram() : AsyncBioCreate(); + if (!async_scoped) { + return false; + } + BIO_push(async_scoped.get(), bio.release()); + GetTestState(ssl.get())->async_bio = async_scoped.get(); + bio = std::move(async_scoped); + } + SSL_set_bio(ssl.get(), bio.get(), bio.get()); + bio.release(); // SSL_set_bio takes ownership. + + if (session != NULL) { + if (!config->is_server) { + if (SSL_set_session(ssl.get(), session) != 1) { + return false; + } + } + } + +#if 0 + // KNOWN BUG: OpenSSL's SSL_get_current_cipher behaves incorrectly when + // offering resumption. + if (SSL_get_current_cipher(ssl.get()) != nullptr) { + fprintf(stderr, "non-null cipher before handshake\n"); + return false; + } +#endif + + int ret; + if (config->implicit_handshake) { + if (config->is_server) { + SSL_set_accept_state(ssl.get()); + } else { + SSL_set_connect_state(ssl.get()); + } + } else { + do { + if (config->is_server) { + ret = SSL_accept(ssl.get()); + } else { + ret = SSL_connect(ssl.get()); + } + } while (config->async && RetryAsync(ssl.get(), ret)); + if (ret != 1 || + !CheckHandshakeProperties(ssl.get(), is_resume)) { + return false; + } + + // Reset the state to assert later that the callback isn't called in + // renegotiations. + GetTestState(ssl.get())->got_new_session = false; + } + + if (config->export_keying_material > 0) { + std::vector result( + static_cast(config->export_keying_material)); + if (SSL_export_keying_material( + ssl.get(), result.data(), result.size(), + config->export_label.data(), config->export_label.size(), + reinterpret_cast(config->export_context.data()), + config->export_context.size(), config->use_export_context) != 1) { + fprintf(stderr, "failed to export keying material\n"); + return false; + } + if (WriteAll(ssl.get(), result.data(), result.size()) < 0) { + return false; + } + } + + if (config->write_different_record_sizes) { + if (config->is_dtls) { + fprintf(stderr, "write_different_record_sizes not supported for DTLS\n"); + return false; + } + // This mode writes a number of different record sizes in an attempt to + // trip up the CBC record splitting code. + static const size_t kBufLen = 32769; + std::unique_ptr buf(new uint8_t[kBufLen]); + memset(buf.get(), 0x42, kBufLen); + static const size_t kRecordSizes[] = { + 0, 1, 255, 256, 257, 16383, 16384, 16385, 32767, 32768, 32769}; + for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kRecordSizes); i++) { + const size_t len = kRecordSizes[i]; + if (len > kBufLen) { + fprintf(stderr, "Bad kRecordSizes value.\n"); + return false; + } + if (WriteAll(ssl.get(), buf.get(), len) < 0) { + return false; + } + } + } else { + if (config->shim_writes_first) { + if (WriteAll(ssl.get(), reinterpret_cast("hello"), + 5) < 0) { + return false; + } + } + if (!config->shim_shuts_down) { + for (;;) { + static const size_t kBufLen = 16384; + std::unique_ptr buf(new uint8_t[kBufLen]); + + // Read only 512 bytes at a time in TLS to ensure records may be + // returned in multiple reads. + int n = DoRead(ssl.get(), buf.get(), config->is_dtls ? kBufLen : 512); + int err = SSL_get_error(ssl.get(), n); + if (err == SSL_ERROR_ZERO_RETURN || + (n == 0 && err == SSL_ERROR_SYSCALL)) { + if (n != 0) { + fprintf(stderr, "Invalid SSL_get_error output\n"); + return false; + } + // Stop on either clean or unclean shutdown. + break; + } else if (err != SSL_ERROR_NONE) { + if (n > 0) { + fprintf(stderr, "Invalid SSL_get_error output\n"); + return false; + } + return false; + } + // Successfully read data. + if (n <= 0) { + fprintf(stderr, "Invalid SSL_get_error output\n"); + return false; + } + + // After a successful read, with or without False Start, the handshake + // must be complete. + if (!GetTestState(ssl.get())->handshake_done) { + fprintf(stderr, "handshake was not completed after SSL_read\n"); + return false; + } + + for (int i = 0; i < n; i++) { + buf[i] ^= 0xff; + } + if (WriteAll(ssl.get(), buf.get(), n) < 0) { + return false; + } + } + } + } + + if (!config->is_server && + !config->implicit_handshake && + // Session tickets are sent post-handshake in TLS 1.3. + GetProtocolVersion(ssl.get()) < TLS1_3_VERSION && + GetTestState(ssl.get())->got_new_session) { + fprintf(stderr, "new session was established after the handshake\n"); + return false; + } + + if (GetProtocolVersion(ssl.get()) >= TLS1_3_VERSION && !config->is_server) { + bool expect_new_session = + !config->expect_no_session && !config->shim_shuts_down; + if (expect_new_session != GetTestState(ssl.get())->got_new_session) { + fprintf(stderr, + "new session was%s cached, but we expected the opposite\n", + GetTestState(ssl.get())->got_new_session ? "" : " not"); + return false; + } + } + + if (out_session) { + *out_session = std::move(GetTestState(ssl.get())->new_session); + } + + ret = DoShutdown(ssl.get()); + + if (config->shim_shuts_down && config->check_close_notify) { + // We initiate shutdown, so |SSL_shutdown| will return in two stages. First + // it returns zero when our close_notify is sent, then one when the peer's + // is received. + if (ret != 0) { + fprintf(stderr, "Unexpected SSL_shutdown result: %d != 0\n", ret); + return false; + } + ret = DoShutdown(ssl.get()); + } + + if (ret != 1) { + fprintf(stderr, "Unexpected SSL_shutdown result: %d != 1\n", ret); + return false; + } + + if (SSL_total_renegotiations(ssl.get()) != + config->expect_total_renegotiations) { + fprintf(stderr, "Expected %d renegotiations, got %ld\n", + config->expect_total_renegotiations, + SSL_total_renegotiations(ssl.get())); + return false; + } + + return true; +} + +class StderrDelimiter { + public: + ~StderrDelimiter() { fprintf(stderr, "--- DONE ---\n"); } +}; + +static int Main(int argc, char **argv) { + // To distinguish ASan's output from ours, add a trailing message to stderr. + // Anything following this line will be considered an error. + StderrDelimiter delimiter; + +#if defined(OPENSSL_SYS_WINDOWS) + /* Initialize Winsock. */ + WORD wsa_version = MAKEWORD(2, 2); + WSADATA wsa_data; + int wsa_err = WSAStartup(wsa_version, &wsa_data); + if (wsa_err != 0) { + fprintf(stderr, "WSAStartup failed: %d\n", wsa_err); + return 1; + } + if (wsa_data.wVersion != wsa_version) { + fprintf(stderr, "Didn't get expected version: %x\n", wsa_data.wVersion); + return 1; + } +#else + signal(SIGPIPE, SIG_IGN); +#endif + + OPENSSL_init_crypto(0, NULL); + OPENSSL_init_ssl(0, NULL); + g_config_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL); + g_state_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, TestStateExFree); + if (g_config_index < 0 || g_state_index < 0) { + return 1; + } + + TestConfig config; + if (!ParseConfig(argc - 1, argv + 1, &config)) { + return Usage(argv[0]); + } + + bssl::UniquePtr ssl_ctx = SetupCtx(&config); + if (!ssl_ctx) { + ERR_print_errors_fp(stderr); + return 1; + } + + bssl::UniquePtr session; + for (int i = 0; i < config.resume_count + 1; i++) { + bool is_resume = i > 0; + if (is_resume && !config.is_server && !session) { + fprintf(stderr, "No session to offer.\n"); + return 1; + } + + bssl::UniquePtr offer_session = std::move(session); + if (!DoExchange(&session, ssl_ctx.get(), &config, is_resume, + offer_session.get())) { + fprintf(stderr, "Connection %d failed.\n", i + 1); + ERR_print_errors_fp(stderr); + return 1; + } + } + + return 0; +} + +} // namespace bssl + +int main(int argc, char **argv) { + return bssl::Main(argc, argv); +} diff --git a/deps/openssl/openssl/test/ossl_shim/packeted_bio.cc b/deps/openssl/openssl/test/ossl_shim/packeted_bio.cc new file mode 100644 index 00000000000000..450baeccdf22a9 --- /dev/null +++ b/deps/openssl/openssl/test/ossl_shim/packeted_bio.cc @@ -0,0 +1,299 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "packeted_bio.h" + +#include +#include +#include +#include + +#include + + +namespace { + +const uint8_t kOpcodePacket = 'P'; +const uint8_t kOpcodeTimeout = 'T'; +const uint8_t kOpcodeTimeoutAck = 't'; + +struct PacketedBio { + explicit PacketedBio(bool advance_clock_arg) + : advance_clock(advance_clock_arg) { + memset(&timeout, 0, sizeof(timeout)); + memset(&clock, 0, sizeof(clock)); + memset(&read_deadline, 0, sizeof(read_deadline)); + } + + bool HasTimeout() const { + return timeout.tv_sec != 0 || timeout.tv_usec != 0; + } + + bool CanRead() const { + if (read_deadline.tv_sec == 0 && read_deadline.tv_usec == 0) { + return true; + } + + if (clock.tv_sec == read_deadline.tv_sec) { + return clock.tv_usec < read_deadline.tv_usec; + } + return clock.tv_sec < read_deadline.tv_sec; + } + + timeval timeout; + timeval clock; + timeval read_deadline; + bool advance_clock; +}; + +PacketedBio *GetData(BIO *bio) { + return (PacketedBio *)BIO_get_data(bio); +} + +const PacketedBio *GetData(const BIO *bio) { + return GetData(const_cast(bio)); +} + +// ReadAll reads |len| bytes from |bio| into |out|. It returns 1 on success and +// 0 or -1 on error. +static int ReadAll(BIO *bio, uint8_t *out, size_t len) { + while (len > 0) { + int chunk_len = INT_MAX; + if (len <= INT_MAX) { + chunk_len = (int)len; + } + int ret = BIO_read(bio, out, chunk_len); + if (ret <= 0) { + return ret; + } + out += ret; + len -= ret; + } + return 1; +} + +static int PacketedWrite(BIO *bio, const char *in, int inl) { + if (BIO_next(bio) == NULL) { + return 0; + } + + BIO_clear_retry_flags(bio); + + // Write the header. + uint8_t header[5]; + header[0] = kOpcodePacket; + header[1] = (inl >> 24) & 0xff; + header[2] = (inl >> 16) & 0xff; + header[3] = (inl >> 8) & 0xff; + header[4] = inl & 0xff; + int ret = BIO_write(BIO_next(bio), header, sizeof(header)); + if (ret <= 0) { + BIO_copy_next_retry(bio); + return ret; + } + + // Write the buffer. + ret = BIO_write(BIO_next(bio), in, inl); + if (ret < 0 || (inl > 0 && ret == 0)) { + BIO_copy_next_retry(bio); + return ret; + } + assert(ret == inl); + return ret; +} + +static int PacketedRead(BIO *bio, char *out, int outl) { + PacketedBio *data = GetData(bio); + if (BIO_next(bio) == NULL) { + return 0; + } + + BIO_clear_retry_flags(bio); + + for (;;) { + // Check if the read deadline has passed. + if (!data->CanRead()) { + BIO_set_retry_read(bio); + return -1; + } + + // Read the opcode. + uint8_t opcode; + int ret = ReadAll(BIO_next(bio), &opcode, sizeof(opcode)); + if (ret <= 0) { + BIO_copy_next_retry(bio); + return ret; + } + + if (opcode == kOpcodeTimeout) { + // The caller is required to advance any pending timeouts before + // continuing. + if (data->HasTimeout()) { + fprintf(stderr, "Unprocessed timeout!\n"); + return -1; + } + + // Process the timeout. + uint8_t buf[8]; + ret = ReadAll(BIO_next(bio), buf, sizeof(buf)); + if (ret <= 0) { + BIO_copy_next_retry(bio); + return ret; + } + uint64_t timeout = (static_cast(buf[0]) << 56) | + (static_cast(buf[1]) << 48) | + (static_cast(buf[2]) << 40) | + (static_cast(buf[3]) << 32) | + (static_cast(buf[4]) << 24) | + (static_cast(buf[5]) << 16) | + (static_cast(buf[6]) << 8) | + static_cast(buf[7]); + timeout /= 1000; // Convert nanoseconds to microseconds. + + data->timeout.tv_usec = timeout % 1000000; + data->timeout.tv_sec = timeout / 1000000; + + // Send an ACK to the peer. + ret = BIO_write(BIO_next(bio), &kOpcodeTimeoutAck, 1); + if (ret <= 0) { + return ret; + } + assert(ret == 1); + + if (!data->advance_clock) { + // Signal to the caller to retry the read, after advancing the clock. + BIO_set_retry_read(bio); + return -1; + } + + PacketedBioAdvanceClock(bio); + continue; + } + + if (opcode != kOpcodePacket) { + fprintf(stderr, "Unknown opcode, %u\n", opcode); + return -1; + } + + // Read the length prefix. + uint8_t len_bytes[4]; + ret = ReadAll(BIO_next(bio), len_bytes, sizeof(len_bytes)); + if (ret <= 0) { + BIO_copy_next_retry(bio); + return ret; + } + + uint32_t len = (len_bytes[0] << 24) | (len_bytes[1] << 16) | + (len_bytes[2] << 8) | len_bytes[3]; + uint8_t *buf = (uint8_t *)OPENSSL_malloc(len); + if (buf == NULL) { + return -1; + } + ret = ReadAll(BIO_next(bio), buf, len); + if (ret <= 0) { + fprintf(stderr, "Packeted BIO was truncated\n"); + return -1; + } + + if (outl > (int)len) { + outl = len; + } + memcpy(out, buf, outl); + OPENSSL_free(buf); + return outl; + } +} + +static long PacketedCtrl(BIO *bio, int cmd, long num, void *ptr) { + if (cmd == BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT) { + memcpy(&GetData(bio)->read_deadline, ptr, sizeof(timeval)); + return 1; + } + + if (BIO_next(bio) == NULL) { + return 0; + } + BIO_clear_retry_flags(bio); + int ret = BIO_ctrl(BIO_next(bio), cmd, num, ptr); + BIO_copy_next_retry(bio); + return ret; +} + +static int PacketedNew(BIO *bio) { + BIO_set_init(bio, 1); + return 1; +} + +static int PacketedFree(BIO *bio) { + if (bio == NULL) { + return 0; + } + + delete GetData(bio); + BIO_set_init(bio, 0); + return 1; +} + +static long PacketedCallbackCtrl(BIO *bio, int cmd, BIO_info_cb fp) +{ + if (BIO_next(bio) == NULL) + return 0; + return BIO_callback_ctrl(BIO_next(bio), cmd, fp); +} + +static BIO_METHOD *g_packeted_bio_method = NULL; + +static const BIO_METHOD *PacketedMethod(void) +{ + if (g_packeted_bio_method == NULL) { + g_packeted_bio_method = BIO_meth_new(BIO_TYPE_FILTER, "packeted bio"); + if ( g_packeted_bio_method == NULL + || !BIO_meth_set_write(g_packeted_bio_method, PacketedWrite) + || !BIO_meth_set_read(g_packeted_bio_method, PacketedRead) + || !BIO_meth_set_ctrl(g_packeted_bio_method, PacketedCtrl) + || !BIO_meth_set_create(g_packeted_bio_method, PacketedNew) + || !BIO_meth_set_destroy(g_packeted_bio_method, PacketedFree) + || !BIO_meth_set_callback_ctrl(g_packeted_bio_method, + PacketedCallbackCtrl)) + return NULL; + } + return g_packeted_bio_method; +} +} // namespace + +bssl::UniquePtr PacketedBioCreate(bool advance_clock) { + bssl::UniquePtr bio(BIO_new(PacketedMethod())); + if (!bio) { + return nullptr; + } + BIO_set_data(bio.get(), new PacketedBio(advance_clock)); + return bio; +} + +timeval PacketedBioGetClock(const BIO *bio) { + return GetData(bio)->clock; +} + +bool PacketedBioAdvanceClock(BIO *bio) { + PacketedBio *data = GetData(bio); + if (data == nullptr) { + return false; + } + + if (!data->HasTimeout()) { + return false; + } + + data->clock.tv_usec += data->timeout.tv_usec; + data->clock.tv_sec += data->clock.tv_usec / 1000000; + data->clock.tv_usec %= 1000000; + data->clock.tv_sec += data->timeout.tv_sec; + memset(&data->timeout, 0, sizeof(data->timeout)); + return true; +} diff --git a/deps/openssl/openssl/test/ossl_shim/packeted_bio.h b/deps/openssl/openssl/test/ossl_shim/packeted_bio.h new file mode 100644 index 00000000000000..436cf9082f349e --- /dev/null +++ b/deps/openssl/openssl/test/ossl_shim/packeted_bio.h @@ -0,0 +1,35 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_PACKETED_BIO +#define HEADER_PACKETED_BIO + +#include +#include + +// PacketedBioCreate creates a filter BIO which implements a reliable in-order +// blocking datagram socket. It internally maintains a clock and honors +// |BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT| based on it. +// +// During a |BIO_read|, the peer may signal the filter BIO to simulate a +// timeout. If |advance_clock| is true, it automatically advances the clock and +// continues reading, subject to the read deadline. Otherwise, it fails +// immediately. The caller must then call |PacketedBioAdvanceClock| before +// retrying |BIO_read|. +bssl::UniquePtr PacketedBioCreate(bool advance_clock); + +// PacketedBioGetClock returns the current time for |bio|. +timeval PacketedBioGetClock(const BIO *bio); + +// PacketedBioAdvanceClock advances |bio|'s internal clock and returns true if +// there is a pending timeout. Otherwise, it returns false. +bool PacketedBioAdvanceClock(BIO *bio); + + +#endif // HEADER_PACKETED_BIO diff --git a/deps/openssl/openssl/test/ossl_shim/test_config.cc b/deps/openssl/openssl/test/ossl_shim/test_config.cc new file mode 100644 index 00000000000000..6e43c8da771fcb --- /dev/null +++ b/deps/openssl/openssl/test/ossl_shim/test_config.cc @@ -0,0 +1,195 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "test_config.h" + +#include +#include +#include + +#include + +#include + +namespace { + +template +struct Flag { + const char *flag; + T TestConfig::*member; +}; + +// FindField looks for the flag in |flags| that matches |flag|. If one is found, +// it returns a pointer to the corresponding field in |config|. Otherwise, it +// returns NULL. +template +T *FindField(TestConfig *config, const Flag (&flags)[N], const char *flag) { + for (size_t i = 0; i < N; i++) { + if (strcmp(flag, flags[i].flag) == 0) { + return &(config->*(flags[i].member)); + } + } + return NULL; +} + +const Flag kBoolFlags[] = { + { "-server", &TestConfig::is_server }, + { "-dtls", &TestConfig::is_dtls }, + { "-fallback-scsv", &TestConfig::fallback_scsv }, + { "-require-any-client-certificate", + &TestConfig::require_any_client_certificate }, + { "-async", &TestConfig::async }, + { "-write-different-record-sizes", + &TestConfig::write_different_record_sizes }, + { "-partial-write", &TestConfig::partial_write }, + { "-no-tls13", &TestConfig::no_tls13 }, + { "-no-tls12", &TestConfig::no_tls12 }, + { "-no-tls11", &TestConfig::no_tls11 }, + { "-no-tls1", &TestConfig::no_tls1 }, + { "-no-ssl3", &TestConfig::no_ssl3 }, + { "-shim-writes-first", &TestConfig::shim_writes_first }, + { "-expect-session-miss", &TestConfig::expect_session_miss }, + { "-decline-alpn", &TestConfig::decline_alpn }, + { "-expect-extended-master-secret", + &TestConfig::expect_extended_master_secret }, + { "-implicit-handshake", &TestConfig::implicit_handshake }, + { "-handshake-never-done", &TestConfig::handshake_never_done }, + { "-use-export-context", &TestConfig::use_export_context }, + { "-expect-ticket-renewal", &TestConfig::expect_ticket_renewal }, + { "-expect-no-session", &TestConfig::expect_no_session }, + { "-use-ticket-callback", &TestConfig::use_ticket_callback }, + { "-renew-ticket", &TestConfig::renew_ticket }, + { "-enable-client-custom-extension", + &TestConfig::enable_client_custom_extension }, + { "-enable-server-custom-extension", + &TestConfig::enable_server_custom_extension }, + { "-custom-extension-skip", &TestConfig::custom_extension_skip }, + { "-custom-extension-fail-add", &TestConfig::custom_extension_fail_add }, + { "-check-close-notify", &TestConfig::check_close_notify }, + { "-shim-shuts-down", &TestConfig::shim_shuts_down }, + { "-verify-fail", &TestConfig::verify_fail }, + { "-verify-peer", &TestConfig::verify_peer }, + { "-expect-verify-result", &TestConfig::expect_verify_result }, + { "-renegotiate-freely", &TestConfig::renegotiate_freely }, + { "-p384-only", &TestConfig::p384_only }, + { "-enable-all-curves", &TestConfig::enable_all_curves }, + { "-use-sparse-dh-prime", &TestConfig::use_sparse_dh_prime }, + { "-use-old-client-cert-callback", + &TestConfig::use_old_client_cert_callback }, + { "-use-null-client-ca-list", &TestConfig::use_null_client_ca_list }, + { "-peek-then-read", &TestConfig::peek_then_read }, +}; + +const Flag kStringFlags[] = { + { "-key-file", &TestConfig::key_file }, + { "-cert-file", &TestConfig::cert_file }, + { "-expect-server-name", &TestConfig::expected_server_name }, + { "-advertise-npn", &TestConfig::advertise_npn }, + { "-expect-next-proto", &TestConfig::expected_next_proto }, + { "-select-next-proto", &TestConfig::select_next_proto }, + { "-host-name", &TestConfig::host_name }, + { "-advertise-alpn", &TestConfig::advertise_alpn }, + { "-expect-alpn", &TestConfig::expected_alpn }, + { "-expect-advertised-alpn", &TestConfig::expected_advertised_alpn }, + { "-select-alpn", &TestConfig::select_alpn }, + { "-psk", &TestConfig::psk }, + { "-psk-identity", &TestConfig::psk_identity }, + { "-srtp-profiles", &TestConfig::srtp_profiles }, + { "-cipher", &TestConfig::cipher }, + { "-export-label", &TestConfig::export_label }, + { "-export-context", &TestConfig::export_context }, +}; + +const Flag kBase64Flags[] = { + { "-expect-certificate-types", &TestConfig::expected_certificate_types }, +}; + +const Flag kIntFlags[] = { + { "-port", &TestConfig::port }, + { "-resume-count", &TestConfig::resume_count }, + { "-min-version", &TestConfig::min_version }, + { "-max-version", &TestConfig::max_version }, + { "-mtu", &TestConfig::mtu }, + { "-export-keying-material", &TestConfig::export_keying_material }, + { "-expect-total-renegotiations", &TestConfig::expect_total_renegotiations }, + { "-max-cert-list", &TestConfig::max_cert_list }, +}; + +} // namespace + +bool ParseConfig(int argc, char **argv, TestConfig *out_config) { + for (int i = 0; i < argc; i++) { + bool *bool_field = FindField(out_config, kBoolFlags, argv[i]); + if (bool_field != NULL) { + *bool_field = true; + continue; + } + + std::string *string_field = FindField(out_config, kStringFlags, argv[i]); + if (string_field != NULL) { + const char *val; + + i++; + if (i >= argc) { + fprintf(stderr, "Missing parameter\n"); + return false; + } + + /* + * Fix up the -cipher argument. runner uses "DEFAULT:NULL-SHA" to enable + * the NULL-SHA cipher. However in OpenSSL "DEFAULT" permanently switches + * off NULL ciphers, so we use "ALL:NULL-SHA" instead. + */ + if (strcmp(argv[i - 1], "-cipher") == 0 + && strcmp(argv[i], "DEFAULT:NULL-SHA") == 0) + val = "ALL:NULL-SHA"; + else + val = argv[i]; + + string_field->assign(val); + continue; + } + + std::string *base64_field = FindField(out_config, kBase64Flags, argv[i]); + if (base64_field != NULL) { + i++; + if (i >= argc) { + fprintf(stderr, "Missing parameter\n"); + return false; + } + std::unique_ptr decoded(new uint8_t[strlen(argv[i])]); + int len = EVP_DecodeBlock(decoded.get(), + reinterpret_cast(argv[i]), + strlen(argv[i])); + if (len < 0) { + fprintf(stderr, "Invalid base64: %s\n", argv[i]); + return false; + } + base64_field->assign(reinterpret_cast(decoded.get()), len); + continue; + } + + int *int_field = FindField(out_config, kIntFlags, argv[i]); + if (int_field) { + i++; + if (i >= argc) { + fprintf(stderr, "Missing parameter\n"); + return false; + } + *int_field = atoi(argv[i]); + continue; + } + + fprintf(stderr, "Unknown argument: %s\n", argv[i]); + exit(89); + return false; + } + + return true; +} diff --git a/deps/openssl/openssl/test/ossl_shim/test_config.h b/deps/openssl/openssl/test/ossl_shim/test_config.h new file mode 100644 index 00000000000000..b4efa455aebcfa --- /dev/null +++ b/deps/openssl/openssl/test/ossl_shim/test_config.h @@ -0,0 +1,88 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_TEST_CONFIG +#define HEADER_TEST_CONFIG + +#include +#include + + +struct TestConfig { + int port = 0; + bool is_server = false; + bool is_dtls = false; + int resume_count = 0; + bool fallback_scsv = false; + std::string key_file; + std::string cert_file; + std::string expected_server_name; + std::string expected_certificate_types; + bool require_any_client_certificate = false; + std::string advertise_npn; + std::string expected_next_proto; + std::string select_next_proto; + bool async = false; + bool write_different_record_sizes = false; + bool partial_write = false; + bool no_tls13 = false; + bool no_tls12 = false; + bool no_tls11 = false; + bool no_tls1 = false; + bool no_ssl3 = false; + bool shim_writes_first = false; + std::string host_name; + std::string advertise_alpn; + std::string expected_alpn; + std::string expected_advertised_alpn; + std::string select_alpn; + bool decline_alpn = false; + bool expect_session_miss = false; + bool expect_extended_master_secret = false; + std::string psk; + std::string psk_identity; + std::string srtp_profiles; + int min_version = 0; + int max_version = 0; + int mtu = 0; + bool implicit_handshake = false; + std::string cipher; + bool handshake_never_done = false; + int export_keying_material = 0; + std::string export_label; + std::string export_context; + bool use_export_context = false; + bool expect_ticket_renewal = false; + bool expect_no_session = false; + bool use_ticket_callback = false; + bool renew_ticket = false; + bool enable_client_custom_extension = false; + bool enable_server_custom_extension = false; + bool custom_extension_skip = false; + bool custom_extension_fail_add = false; + bool check_close_notify = false; + bool shim_shuts_down = false; + bool verify_fail = false; + bool verify_peer = false; + bool expect_verify_result = false; + int expect_total_renegotiations = 0; + bool renegotiate_freely = false; + bool p384_only = false; + bool enable_all_curves = false; + bool use_sparse_dh_prime = false; + bool use_old_client_cert_callback = false; + bool use_null_client_ca_list = false; + bool peek_then_read = false; + int max_cert_list = 0; +}; + +bool ParseConfig(int argc, char **argv, TestConfig *out_config); + + +#endif // HEADER_TEST_CONFIG diff --git a/deps/openssl/openssl/test/p5_crpt2_test.c b/deps/openssl/openssl/test/p5_crpt2_test.c deleted file mode 100644 index 4a40c26c9833c9..00000000000000 --- a/deps/openssl/openssl/test/p5_crpt2_test.c +++ /dev/null @@ -1,159 +0,0 @@ -/* - * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include - -#include "../e_os.h" - -#include -#include -#include -#include - -typedef struct { - const char *pass; - int passlen; - const char *salt; - int saltlen; - int iter; -} testdata; - -static testdata test_cases[] = { - {"password", 8, "salt", 4, 1}, - {"password", 8, "salt", 4, 2}, - {"password", 8, "salt", 4, 4096}, - {"passwordPASSWORDpassword", 24, - "saltSALTsaltSALTsaltSALTsaltSALTsalt", 36, 4096}, - {"pass\0word", 9, "sa\0lt", 5, 4096}, - {NULL}, -}; - -static const char *sha1_results[] = { - "0c60c80f961f0e71f3a9b524af6012062fe037a6", - "ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957", - "4b007901b765489abead49d926f721d065a429c1", - "3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038", - "56fa6aa75548099dcc37d7f03425e0c3", -}; - -static const char *sha256_results[] = { - "120fb6cffcf8b32c43e7225256c4f837a86548c92ccc35480805987cb70be17b", - "ae4d0c95af6b46d32d0adff928f06dd02a303f8ef3c251dfd6e2d85a95474c43", - "c5e478d59288c841aa530db6845c4c8d962893a001ce4e11a4963873aa98134a", - "348c89dbcbd32b2f32d814b8116e84cf2b17347ebc1800181c4e2a1fb8dd53e1c63551" - "8c7dac47e9", - "89b69d0516f829893c696226650a8687", -}; - -static const char *sha512_results[] = { - "867f70cf1ade02cff3752599a3a53dc4af34c7a669815ae5d513554e1c8cf252c02d47" - "0a285a0501bad999bfe943c08f050235d7d68b1da55e63f73b60a57fce", - "e1d9c16aa681708a45f5c7c4e215ceb66e011a2e9f0040713f18aefdb866d53cf76cab" - "2868a39b9f7840edce4fef5a82be67335c77a6068e04112754f27ccf4e", - "d197b1b33db0143e018b12f3d1d1479e6cdebdcc97c5c0f87f6902e072f457b5143f30" - "602641b3d55cd335988cb36b84376060ecd532e039b742a239434af2d5", - "8c0511f4c6e597c6ac6315d8f0362e225f3c501495ba23b868c005174dc4ee71115b59" - "f9e60cd9532fa33e0f75aefe30225c583a186cd82bd4daea9724a3d3b8", - "9d9e9c4cd21fe4be24d5b8244c759665", -}; - -static void hexdump(FILE *f, const char *title, const unsigned char *s, int l) -{ - int i; - fprintf(f, "%s", title); - for (i = 0; i < l; i++) { - fprintf(f, "%02x", s[i]); - } - fprintf(f, "\n"); -} - -static void convert(unsigned char *dst, const unsigned char *src, int len) -{ - int i; - for (i = 0; i < len; i++, dst++, src += 2) { - unsigned int n; - sscanf((char *)src, "%2x", &n); - *dst = (unsigned char)n; - } - *dst = 0; -} - -static void -test_p5_pbkdf2(int i, char *digestname, testdata *test, const char *hex) -{ - const EVP_MD *digest; - unsigned char *out; - unsigned char *expected; - int keylen, r; - - digest = EVP_get_digestbyname(digestname); - if (digest == NULL) { - fprintf(stderr, "unknown digest %s\n", digestname); - EXIT(5); - } - - if ((strlen(hex) % 2) != 0) { - fprintf(stderr, "odd hex digest %s %i\n", digestname, i); - EXIT(5); - } - keylen = strlen(hex) / 2; - expected = OPENSSL_malloc(keylen + 1); - out = OPENSSL_malloc(keylen + 1); - if ((expected == NULL) || (out == NULL)) { - fprintf(stderr, "malloc() failed\n"); - EXIT(5); - } - convert(expected, (const unsigned char *)hex, keylen); - - r = PKCS5_PBKDF2_HMAC(test->pass, test->passlen, - (const unsigned char *)test->salt, test->saltlen, - test->iter, digest, keylen, out); - - if (r == 0) { - fprintf(stderr, "PKCS5_PBKDF2_HMAC(%s) failure test %i\n", - digestname, i); - EXIT(3); - } - if (memcmp(expected, out, keylen) != 0) { - fprintf(stderr, "Wrong result for PKCS5_PBKDF2_HMAC(%s) test %i\n", - digestname, i); - hexdump(stderr, "expected: ", expected, keylen); - hexdump(stderr, "result: ", out, keylen); - EXIT(2); - } - OPENSSL_free(expected); - OPENSSL_free(out); -} - -int main(int argc, char **argv) -{ - int i; - testdata *test = test_cases; - - CRYPTO_set_mem_debug(1); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - - OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL); - - printf("PKCS5_PBKDF2_HMAC() tests "); - for (i = 0; test->pass != NULL; i++, test++) { - test_p5_pbkdf2(i, "sha1", test, sha1_results[i]); - test_p5_pbkdf2(i, "sha256", test, sha256_results[i]); - test_p5_pbkdf2(i, "sha512", test, sha512_results[i]); - printf("."); - } - printf(" done\n"); - -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - if (CRYPTO_mem_leaks_fp(stderr) <= 0) - return 1; -# endif - return 0; -} diff --git a/deps/openssl/openssl/test/packettest.c b/deps/openssl/openssl/test/packettest.c index 58fc7525fb4ba4..e58d8d8bcfaa47 100644 --- a/deps/openssl/openssl/test/packettest.c +++ b/deps/openssl/openssl/test/packettest.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,530 +8,487 @@ */ #include "../ssl/packet_locl.h" +#include "testutil.h" #define BUF_LEN 255 -static int test_PACKET_remaining(unsigned char buf[BUF_LEN]) +static unsigned char smbuf[BUF_LEN]; + +static int test_PACKET_remaining(void) { PACKET pkt; - if ( !PACKET_buf_init(&pkt, buf, BUF_LEN) - || PACKET_remaining(&pkt) != BUF_LEN - || !PACKET_forward(&pkt, BUF_LEN - 1) - || PACKET_remaining(&pkt) != 1 - || !PACKET_forward(&pkt, 1) - || PACKET_remaining(&pkt) != 0) { - fprintf(stderr, "test_PACKET_remaining() failed\n"); + if (!TEST_true(PACKET_buf_init(&pkt, smbuf, sizeof(smbuf))) + || !TEST_size_t_eq(PACKET_remaining(&pkt), BUF_LEN) + || !TEST_true(PACKET_forward(&pkt, BUF_LEN - 1)) + || !TEST_size_t_eq(PACKET_remaining(&pkt), 1) + || !TEST_true(PACKET_forward(&pkt, 1)) + || !TEST_size_t_eq(PACKET_remaining(&pkt), 0)) return 0; - } return 1; } -static int test_PACKET_end(unsigned char buf[BUF_LEN]) +static int test_PACKET_end(void) { PACKET pkt; - if ( !PACKET_buf_init(&pkt, buf, BUF_LEN) - || PACKET_remaining(&pkt) != BUF_LEN - || PACKET_end(&pkt) != buf + BUF_LEN - || !PACKET_forward(&pkt, BUF_LEN - 1) - || PACKET_end(&pkt) != buf + BUF_LEN - || !PACKET_forward(&pkt, 1) - || PACKET_end(&pkt) != buf + BUF_LEN) { - fprintf(stderr, "test_PACKET_end() failed\n"); + if (!TEST_true(PACKET_buf_init(&pkt, smbuf, sizeof(smbuf))) + || !TEST_size_t_eq(PACKET_remaining(&pkt), BUF_LEN) + || !TEST_ptr_eq(PACKET_end(&pkt), smbuf + BUF_LEN) + || !TEST_true(PACKET_forward(&pkt, BUF_LEN - 1)) + || !TEST_ptr_eq(PACKET_end(&pkt), smbuf + BUF_LEN) + || !TEST_true(PACKET_forward(&pkt, 1)) + || !TEST_ptr_eq(PACKET_end(&pkt), smbuf + BUF_LEN)) return 0; - } return 1; } -static int test_PACKET_get_1(unsigned char buf[BUF_LEN]) +static int test_PACKET_get_1(void) { - unsigned int i; + unsigned int i = 0; PACKET pkt; - if ( !PACKET_buf_init(&pkt, buf, BUF_LEN) - || !PACKET_get_1(&pkt, &i) - || i != 0x02 - || !PACKET_forward(&pkt, BUF_LEN - 2) - || !PACKET_get_1(&pkt, &i) - || i != 0xfe - || PACKET_get_1(&pkt, &i)) { - fprintf(stderr, "test_PACKET_get_1() failed\n"); + if (!TEST_true(PACKET_buf_init(&pkt, smbuf, BUF_LEN)) + || !TEST_true(PACKET_get_1(&pkt, &i)) + || !TEST_uint_eq(i, 0x02) + || !TEST_true(PACKET_forward(&pkt, BUF_LEN - 2)) + || !TEST_true(PACKET_get_1(&pkt, &i)) + || !TEST_uint_eq(i, 0xfe) + || !TEST_false(PACKET_get_1(&pkt, &i))) return 0; - } return 1; } -static int test_PACKET_get_4(unsigned char buf[BUF_LEN]) +static int test_PACKET_get_4(void) { - unsigned long i; + unsigned long i = 0; PACKET pkt; - if ( !PACKET_buf_init(&pkt, buf, BUF_LEN) - || !PACKET_get_4(&pkt, &i) - || i != 0x08060402UL - || !PACKET_forward(&pkt, BUF_LEN - 8) - || !PACKET_get_4(&pkt, &i) - || i != 0xfefcfaf8UL - || PACKET_get_4(&pkt, &i)) { - fprintf(stderr, "test_PACKET_get_4() failed\n"); + if (!TEST_true(PACKET_buf_init(&pkt, smbuf, BUF_LEN)) + || !TEST_true(PACKET_get_4(&pkt, &i)) + || !TEST_ulong_eq(i, 0x08060402UL) + || !TEST_true(PACKET_forward(&pkt, BUF_LEN - 8)) + || !TEST_true(PACKET_get_4(&pkt, &i)) + || !TEST_ulong_eq(i, 0xfefcfaf8UL) + || !TEST_false(PACKET_get_4(&pkt, &i))) return 0; - } return 1; } -static int test_PACKET_get_net_2(unsigned char buf[BUF_LEN]) +static int test_PACKET_get_net_2(void) { - unsigned int i; + unsigned int i = 0; PACKET pkt; - if ( !PACKET_buf_init(&pkt, buf, BUF_LEN) - || !PACKET_get_net_2(&pkt, &i) - || i != 0x0204 - || !PACKET_forward(&pkt, BUF_LEN - 4) - || !PACKET_get_net_2(&pkt, &i) - || i != 0xfcfe - || PACKET_get_net_2(&pkt, &i)) { - fprintf(stderr, "test_PACKET_get_net_2() failed\n"); + if (!TEST_true(PACKET_buf_init(&pkt, smbuf, BUF_LEN)) + || !TEST_true(PACKET_get_net_2(&pkt, &i)) + || !TEST_uint_eq(i, 0x0204) + || !TEST_true(PACKET_forward(&pkt, BUF_LEN - 4)) + || !TEST_true(PACKET_get_net_2(&pkt, &i)) + || !TEST_uint_eq(i, 0xfcfe) + || !TEST_false(PACKET_get_net_2(&pkt, &i))) return 0; - } return 1; } -static int test_PACKET_get_net_3(unsigned char buf[BUF_LEN]) +static int test_PACKET_get_net_3(void) { - unsigned long i; + unsigned long i = 0; PACKET pkt; - if ( !PACKET_buf_init(&pkt, buf, BUF_LEN) - || !PACKET_get_net_3(&pkt, &i) - || i != 0x020406UL - || !PACKET_forward(&pkt, BUF_LEN - 6) - || !PACKET_get_net_3(&pkt, &i) - || i != 0xfafcfeUL - || PACKET_get_net_3(&pkt, &i)) { - fprintf(stderr, "test_PACKET_get_net_3() failed\n"); + if (!TEST_true(PACKET_buf_init(&pkt, smbuf, BUF_LEN)) + || !TEST_true(PACKET_get_net_3(&pkt, &i)) + || !TEST_ulong_eq(i, 0x020406UL) + || !TEST_true(PACKET_forward(&pkt, BUF_LEN - 6)) + || !TEST_true(PACKET_get_net_3(&pkt, &i)) + || !TEST_ulong_eq(i, 0xfafcfeUL) + || !TEST_false(PACKET_get_net_3(&pkt, &i))) return 0; - } return 1; } -static int test_PACKET_get_net_4(unsigned char buf[BUF_LEN]) +static int test_PACKET_get_net_4(void) { - unsigned long i; + unsigned long i = 0; PACKET pkt; - if ( !PACKET_buf_init(&pkt, buf, BUF_LEN) - || !PACKET_get_net_4(&pkt, &i) - || i != 0x02040608UL - || !PACKET_forward(&pkt, BUF_LEN - 8) - || !PACKET_get_net_4(&pkt, &i) - || i != 0xf8fafcfeUL - || PACKET_get_net_4(&pkt, &i)) { - fprintf(stderr, "test_PACKET_get_net_4() failed\n"); + if (!TEST_true(PACKET_buf_init(&pkt, smbuf, BUF_LEN)) + || !TEST_true(PACKET_get_net_4(&pkt, &i)) + || !TEST_ulong_eq(i, 0x02040608UL) + || !TEST_true(PACKET_forward(&pkt, BUF_LEN - 8)) + || !TEST_true(PACKET_get_net_4(&pkt, &i)) + || !TEST_ulong_eq(i, 0xf8fafcfeUL) + || !TEST_false(PACKET_get_net_4(&pkt, &i))) return 0; - } return 1; } -static int test_PACKET_get_sub_packet(unsigned char buf[BUF_LEN]) +static int test_PACKET_get_sub_packet(void) { PACKET pkt, subpkt; - unsigned long i; - - if ( !PACKET_buf_init(&pkt, buf, BUF_LEN) - || !PACKET_get_sub_packet(&pkt, &subpkt, 4) - || !PACKET_get_net_4(&subpkt, &i) - || i != 0x02040608UL - || PACKET_remaining(&subpkt) - || !PACKET_forward(&pkt, BUF_LEN - 8) - || !PACKET_get_sub_packet(&pkt, &subpkt, 4) - || !PACKET_get_net_4(&subpkt, &i) - || i != 0xf8fafcfeUL - || PACKET_remaining(&subpkt) - || PACKET_get_sub_packet(&pkt, &subpkt, 4)) { - fprintf(stderr, "test_PACKET_get_sub_packet() failed\n"); + unsigned long i = 0; + + if (!TEST_true(PACKET_buf_init(&pkt, smbuf, BUF_LEN)) + || !TEST_true(PACKET_get_sub_packet(&pkt, &subpkt, 4)) + || !TEST_true(PACKET_get_net_4(&subpkt, &i)) + || !TEST_ulong_eq(i, 0x02040608UL) + || !TEST_size_t_eq(PACKET_remaining(&subpkt), 0) + || !TEST_true(PACKET_forward(&pkt, BUF_LEN - 8)) + || !TEST_true(PACKET_get_sub_packet(&pkt, &subpkt, 4)) + || !TEST_true(PACKET_get_net_4(&subpkt, &i)) + || !TEST_ulong_eq(i, 0xf8fafcfeUL) + || !TEST_size_t_eq(PACKET_remaining(&subpkt), 0) + || !TEST_false(PACKET_get_sub_packet(&pkt, &subpkt, 4))) return 0; - } return 1; } -static int test_PACKET_get_bytes(unsigned char buf[BUF_LEN]) +static int test_PACKET_get_bytes(void) { - const unsigned char *bytes; + const unsigned char *bytes = NULL; PACKET pkt; - if ( !PACKET_buf_init(&pkt, buf, BUF_LEN) - || !PACKET_get_bytes(&pkt, &bytes, 4) - || bytes[0] != 2 || bytes[1] != 4 - || bytes[2] != 6 || bytes[3] != 8 - || PACKET_remaining(&pkt) != BUF_LEN -4 - || !PACKET_forward(&pkt, BUF_LEN - 8) - || !PACKET_get_bytes(&pkt, &bytes, 4) - || bytes[0] != 0xf8 || bytes[1] != 0xfa - || bytes[2] != 0xfc || bytes[3] != 0xfe - || PACKET_remaining(&pkt)) { - fprintf(stderr, "test_PACKET_get_bytes() failed\n"); + if (!TEST_true(PACKET_buf_init(&pkt, smbuf, BUF_LEN)) + || !TEST_true(PACKET_get_bytes(&pkt, &bytes, 4)) + || !TEST_uchar_eq(bytes[0], 2) + || !TEST_uchar_eq(bytes[1], 4) + || !TEST_uchar_eq(bytes[2], 6) + || !TEST_uchar_eq(bytes[3], 8) + || !TEST_size_t_eq(PACKET_remaining(&pkt), BUF_LEN -4) + || !TEST_true(PACKET_forward(&pkt, BUF_LEN - 8)) + || !TEST_true(PACKET_get_bytes(&pkt, &bytes, 4)) + || !TEST_uchar_eq(bytes[0], 0xf8) + || !TEST_uchar_eq(bytes[1], 0xfa) + || !TEST_uchar_eq(bytes[2], 0xfc) + || !TEST_uchar_eq(bytes[3], 0xfe) + || !TEST_false(PACKET_remaining(&pkt))) return 0; - } return 1; } -static int test_PACKET_copy_bytes(unsigned char buf[BUF_LEN]) +static int test_PACKET_copy_bytes(void) { unsigned char bytes[4]; PACKET pkt; - if ( !PACKET_buf_init(&pkt, buf, BUF_LEN) - || !PACKET_copy_bytes(&pkt, bytes, 4) - || bytes[0] != 2 || bytes[1] != 4 - || bytes[2] != 6 || bytes[3] != 8 - || PACKET_remaining(&pkt) != BUF_LEN - 4 - || !PACKET_forward(&pkt, BUF_LEN - 8) - || !PACKET_copy_bytes(&pkt, bytes, 4) - || bytes[0] != 0xf8 || bytes[1] != 0xfa - || bytes[2] != 0xfc || bytes[3] != 0xfe - || PACKET_remaining(&pkt)) { - fprintf(stderr, "test_PACKET_copy_bytes() failed\n"); + if (!TEST_true(PACKET_buf_init(&pkt, smbuf, BUF_LEN)) + || !TEST_true(PACKET_copy_bytes(&pkt, bytes, 4)) + || !TEST_char_eq(bytes[0], 2) + || !TEST_char_eq(bytes[1], 4) + || !TEST_char_eq(bytes[2], 6) + || !TEST_char_eq(bytes[3], 8) + || !TEST_size_t_eq(PACKET_remaining(&pkt), BUF_LEN - 4) + || !TEST_true(PACKET_forward(&pkt, BUF_LEN - 8)) + || !TEST_true(PACKET_copy_bytes(&pkt, bytes, 4)) + || !TEST_uchar_eq(bytes[0], 0xf8) + || !TEST_uchar_eq(bytes[1], 0xfa) + || !TEST_uchar_eq(bytes[2], 0xfc) + || !TEST_uchar_eq(bytes[3], 0xfe) + || !TEST_false(PACKET_remaining(&pkt))) return 0; - } return 1; } -static int test_PACKET_copy_all(unsigned char buf[BUF_LEN]) +static int test_PACKET_copy_all(void) { unsigned char tmp[BUF_LEN]; PACKET pkt; size_t len; - if ( !PACKET_buf_init(&pkt, buf, BUF_LEN) - || !PACKET_copy_all(&pkt, tmp, BUF_LEN, &len) - || len != BUF_LEN - || memcmp(buf, tmp, BUF_LEN) != 0 - || PACKET_remaining(&pkt) != BUF_LEN - || PACKET_copy_all(&pkt, tmp, BUF_LEN - 1, &len)) { - fprintf(stderr, "test_PACKET_copy_bytes() failed\n"); + if (!TEST_true(PACKET_buf_init(&pkt, smbuf, BUF_LEN)) + || !TEST_true(PACKET_copy_all(&pkt, tmp, BUF_LEN, &len)) + || !TEST_size_t_eq(len, BUF_LEN) + || !TEST_mem_eq(smbuf, BUF_LEN, tmp, BUF_LEN) + || !TEST_size_t_eq(PACKET_remaining(&pkt), BUF_LEN) + || !TEST_false(PACKET_copy_all(&pkt, tmp, BUF_LEN - 1, &len))) return 0; - } return 1; } -static int test_PACKET_memdup(unsigned char buf[BUF_LEN]) +static int test_PACKET_memdup(void) { unsigned char *data = NULL; size_t len; PACKET pkt; - - if ( !PACKET_buf_init(&pkt, buf, BUF_LEN) - || !PACKET_memdup(&pkt, &data, &len) - || len != BUF_LEN - || memcmp(data, PACKET_data(&pkt), len) - || !PACKET_forward(&pkt, 10) - || !PACKET_memdup(&pkt, &data, &len) - || len != BUF_LEN - 10 - || memcmp(data, PACKET_data(&pkt), len)) { - fprintf(stderr, "test_PACKET_memdup() failed\n"); - OPENSSL_free(data); - return 0; - } - + int result = 0; + + if (!TEST_true(PACKET_buf_init(&pkt, smbuf, BUF_LEN)) + || !TEST_true(PACKET_memdup(&pkt, &data, &len)) + || !TEST_size_t_eq(len, BUF_LEN) + || !TEST_mem_eq(data, len, PACKET_data(&pkt), len) + || !TEST_true(PACKET_forward(&pkt, 10)) + || !TEST_true(PACKET_memdup(&pkt, &data, &len)) + || !TEST_size_t_eq(len, BUF_LEN - 10) + || !TEST_mem_eq(data, len, PACKET_data(&pkt), len)) + goto end; + result = 1; +end: OPENSSL_free(data); - return 1; + return result; } -static int test_PACKET_strndup() +static int test_PACKET_strndup(void) { - char buf[10], buf2[10]; + char buf1[10], buf2[10]; char *data = NULL; PACKET pkt; + int result = 0; - memset(buf, 'x', 10); + memset(buf1, 'x', 10); memset(buf2, 'y', 10); buf2[5] = '\0'; - if ( !PACKET_buf_init(&pkt, (unsigned char*)buf, 10) - || !PACKET_strndup(&pkt, &data) - || strlen(data) != 10 - || strncmp(data, buf, 10) - || !PACKET_buf_init(&pkt, (unsigned char*)buf2, 10) - || !PACKET_strndup(&pkt, &data) - || strlen(data) != 5 - || strcmp(data, buf2)) { - fprintf(stderr, "test_PACKET_strndup failed\n"); - OPENSSL_free(data); - return 0; - } - + if (!TEST_true(PACKET_buf_init(&pkt, (unsigned char*)buf1, 10)) + || !TEST_true(PACKET_strndup(&pkt, &data)) + || !TEST_size_t_eq(strlen(data), 10) + || !TEST_strn_eq(data, buf1, 10) + || !TEST_true(PACKET_buf_init(&pkt, (unsigned char*)buf2, 10)) + || !TEST_true(PACKET_strndup(&pkt, &data)) + || !TEST_size_t_eq(strlen(data), 5) + || !TEST_str_eq(data, buf2)) + goto end; + + result = 1; +end: OPENSSL_free(data); - return 1; + return result; } -static int test_PACKET_contains_zero_byte() +static int test_PACKET_contains_zero_byte(void) { - char buf[10], buf2[10]; + char buf1[10], buf2[10]; PACKET pkt; - memset(buf, 'x', 10); + memset(buf1, 'x', 10); memset(buf2, 'y', 10); buf2[5] = '\0'; - if ( !PACKET_buf_init(&pkt, (unsigned char*)buf, 10) - || PACKET_contains_zero_byte(&pkt) - || !PACKET_buf_init(&pkt, (unsigned char*)buf2, 10) - || !PACKET_contains_zero_byte(&pkt)) { - fprintf(stderr, "test_PACKET_contains_zero_byte failed\n"); + if (!TEST_true(PACKET_buf_init(&pkt, (unsigned char*)buf1, 10)) + || !TEST_false(PACKET_contains_zero_byte(&pkt)) + || !TEST_true(PACKET_buf_init(&pkt, (unsigned char*)buf2, 10)) + || !TEST_true(PACKET_contains_zero_byte(&pkt))) return 0; - } return 1; } -static int test_PACKET_forward(unsigned char buf[BUF_LEN]) +static int test_PACKET_forward(void) { - const unsigned char *byte; + const unsigned char *byte = NULL; PACKET pkt; - if ( !PACKET_buf_init(&pkt, buf, BUF_LEN) - || !PACKET_forward(&pkt, 1) - || !PACKET_get_bytes(&pkt, &byte, 1) - || byte[0] != 4 - || !PACKET_forward(&pkt, BUF_LEN - 3) - || !PACKET_get_bytes(&pkt, &byte, 1) - || byte[0] != 0xfe) { - fprintf(stderr, "test_PACKET_forward() failed\n"); + if (!TEST_true(PACKET_buf_init(&pkt, smbuf, BUF_LEN)) + || !TEST_true(PACKET_forward(&pkt, 1)) + || !TEST_true(PACKET_get_bytes(&pkt, &byte, 1)) + || !TEST_uchar_eq(byte[0], 4) + || !TEST_true(PACKET_forward(&pkt, BUF_LEN - 3)) + || !TEST_true(PACKET_get_bytes(&pkt, &byte, 1)) + || !TEST_uchar_eq(byte[0], 0xfe)) return 0; - } return 1; } -static int test_PACKET_buf_init() +static int test_PACKET_buf_init(void) { - unsigned char buf[BUF_LEN]; + unsigned char buf1[BUF_LEN]; PACKET pkt; /* Also tests PACKET_remaining() */ - if ( !PACKET_buf_init(&pkt, buf, 4) - || PACKET_remaining(&pkt) != 4 - || !PACKET_buf_init(&pkt, buf, BUF_LEN) - || PACKET_remaining(&pkt) != BUF_LEN - || PACKET_buf_init(&pkt, buf, -1)) { - fprintf(stderr, "test_PACKET_buf_init() failed\n"); + if (!TEST_true(PACKET_buf_init(&pkt, buf1, 4)) + || !TEST_size_t_eq(PACKET_remaining(&pkt), 4) + || !TEST_true(PACKET_buf_init(&pkt, buf1, BUF_LEN)) + || !TEST_size_t_eq(PACKET_remaining(&pkt), BUF_LEN) + || !TEST_false(PACKET_buf_init(&pkt, buf1, -1))) return 0; - } return 1; } -static int test_PACKET_null_init() +static int test_PACKET_null_init(void) { PACKET pkt; PACKET_null_init(&pkt); - if ( PACKET_remaining(&pkt) != 0 - || PACKET_forward(&pkt, 1)) { - fprintf(stderr, "test_PACKET_null_init() failed\n"); + if (!TEST_size_t_eq(PACKET_remaining(&pkt), 0) + || !TEST_false(PACKET_forward(&pkt, 1))) return 0; - } return 1; } -static int test_PACKET_equal(unsigned char buf[BUF_LEN]) +static int test_PACKET_equal(void) { PACKET pkt; - if ( !PACKET_buf_init(&pkt, buf, 4) - || !PACKET_equal(&pkt, buf, 4) - || PACKET_equal(&pkt, buf + 1, 4) - || !PACKET_buf_init(&pkt, buf, BUF_LEN) - || !PACKET_equal(&pkt, buf, BUF_LEN) - || PACKET_equal(&pkt, buf, BUF_LEN - 1) - || PACKET_equal(&pkt, buf, BUF_LEN + 1) - || PACKET_equal(&pkt, buf, 0)) { - fprintf(stderr, "test_PACKET_equal() failed\n"); + if (!TEST_true(PACKET_buf_init(&pkt, smbuf, 4)) + || !TEST_true(PACKET_equal(&pkt, smbuf, 4)) + || !TEST_false(PACKET_equal(&pkt, smbuf + 1, 4)) + || !TEST_true(PACKET_buf_init(&pkt, smbuf, BUF_LEN)) + || !TEST_true(PACKET_equal(&pkt, smbuf, BUF_LEN)) + || !TEST_false(PACKET_equal(&pkt, smbuf, BUF_LEN - 1)) + || !TEST_false(PACKET_equal(&pkt, smbuf, BUF_LEN + 1)) + || !TEST_false(PACKET_equal(&pkt, smbuf, 0))) return 0; - } return 1; } -static int test_PACKET_get_length_prefixed_1() +static int test_PACKET_get_length_prefixed_1(void) { - unsigned char buf[BUF_LEN]; + unsigned char buf1[BUF_LEN]; const size_t len = 16; unsigned int i; - PACKET pkt, short_pkt, subpkt; - - buf[0] = len; - for (i = 1; i < BUF_LEN; i++) { - buf[i] = (i * 2) & 0xff; - } - - if ( !PACKET_buf_init(&pkt, buf, BUF_LEN) - || !PACKET_buf_init(&short_pkt, buf, len) - || !PACKET_get_length_prefixed_1(&pkt, &subpkt) - || PACKET_remaining(&subpkt) != len - || !PACKET_get_net_2(&subpkt, &i) - || i != 0x0204 - || PACKET_get_length_prefixed_1(&short_pkt, &subpkt) - || PACKET_remaining(&short_pkt) != len) { - fprintf(stderr, "test_PACKET_get_length_prefixed_1() failed\n"); + PACKET pkt, short_pkt, subpkt = {0}; + + buf1[0] = (unsigned char)len; + for (i = 1; i < BUF_LEN; i++) + buf1[i] = (i * 2) & 0xff; + + if (!TEST_true(PACKET_buf_init(&pkt, buf1, BUF_LEN)) + || !TEST_true(PACKET_buf_init(&short_pkt, buf1, len)) + || !TEST_true(PACKET_get_length_prefixed_1(&pkt, &subpkt)) + || !TEST_size_t_eq(PACKET_remaining(&subpkt), len) + || !TEST_true(PACKET_get_net_2(&subpkt, &i)) + || !TEST_uint_eq(i, 0x0204) + || !TEST_false(PACKET_get_length_prefixed_1(&short_pkt, &subpkt)) + || !TEST_size_t_eq(PACKET_remaining(&short_pkt), len)) return 0; - } return 1; } -static int test_PACKET_get_length_prefixed_2() +static int test_PACKET_get_length_prefixed_2(void) { - unsigned char buf[1024]; + unsigned char buf1[1024]; const size_t len = 516; /* 0x0204 */ unsigned int i; - PACKET pkt, short_pkt, subpkt; - - for (i = 1; i <= 1024; i++) { - buf[i-1] = (i * 2) & 0xff; - } - - if ( !PACKET_buf_init(&pkt, buf, 1024) - || !PACKET_buf_init(&short_pkt, buf, len) - || !PACKET_get_length_prefixed_2(&pkt, &subpkt) - || PACKET_remaining(&subpkt) != len - || !PACKET_get_net_2(&subpkt, &i) - || i != 0x0608 - || PACKET_get_length_prefixed_2(&short_pkt, &subpkt) - || PACKET_remaining(&short_pkt) != len) { - fprintf(stderr, "test_PACKET_get_length_prefixed_2() failed\n"); + PACKET pkt, short_pkt, subpkt = {0}; + + for (i = 1; i <= 1024; i++) + buf1[i - 1] = (i * 2) & 0xff; + + if (!TEST_true(PACKET_buf_init(&pkt, buf1, 1024)) + || !TEST_true(PACKET_buf_init(&short_pkt, buf1, len)) + || !TEST_true(PACKET_get_length_prefixed_2(&pkt, &subpkt)) + || !TEST_size_t_eq(PACKET_remaining(&subpkt), len) + || !TEST_true(PACKET_get_net_2(&subpkt, &i)) + || !TEST_uint_eq(i, 0x0608) + || !TEST_false(PACKET_get_length_prefixed_2(&short_pkt, &subpkt)) + || !TEST_size_t_eq(PACKET_remaining(&short_pkt), len)) return 0; - } return 1; } -static int test_PACKET_get_length_prefixed_3() +static int test_PACKET_get_length_prefixed_3(void) { - unsigned char buf[1024]; + unsigned char buf1[1024]; const size_t len = 516; /* 0x000204 */ unsigned int i; - PACKET pkt, short_pkt, subpkt; - - for (i = 0; i < 1024; i++) { - buf[i] = (i * 2) & 0xff; - } - - if ( !PACKET_buf_init(&pkt, buf, 1024) - || !PACKET_buf_init(&short_pkt, buf, len) - || !PACKET_get_length_prefixed_3(&pkt, &subpkt) - || PACKET_remaining(&subpkt) != len - || !PACKET_get_net_2(&subpkt, &i) - || i != 0x0608 - || PACKET_get_length_prefixed_3(&short_pkt, &subpkt) - || PACKET_remaining(&short_pkt) != len) { - fprintf(stderr, "test_PACKET_get_length_prefixed_3() failed\n"); + PACKET pkt, short_pkt, subpkt = {0}; + + for (i = 0; i < 1024; i++) + buf1[i] = (i * 2) & 0xff; + + if (!TEST_true(PACKET_buf_init(&pkt, buf1, 1024)) + || !TEST_true(PACKET_buf_init(&short_pkt, buf1, len)) + || !TEST_true(PACKET_get_length_prefixed_3(&pkt, &subpkt)) + || !TEST_size_t_eq(PACKET_remaining(&subpkt), len) + || !TEST_true(PACKET_get_net_2(&subpkt, &i)) + || !TEST_uint_eq(i, 0x0608) + || !TEST_false(PACKET_get_length_prefixed_3(&short_pkt, &subpkt)) + || !TEST_size_t_eq(PACKET_remaining(&short_pkt), len)) return 0; - } return 1; } -static int test_PACKET_as_length_prefixed_1() +static int test_PACKET_as_length_prefixed_1(void) { - unsigned char buf[BUF_LEN]; + unsigned char buf1[BUF_LEN]; const size_t len = 16; unsigned int i; - PACKET pkt, exact_pkt, subpkt; - - buf[0] = len; - for (i = 1; i < BUF_LEN; i++) { - buf[i] = (i * 2) & 0xff; - } - - if ( !PACKET_buf_init(&pkt, buf, BUF_LEN) - || !PACKET_buf_init(&exact_pkt, buf, len + 1) - || PACKET_as_length_prefixed_1(&pkt, &subpkt) - || PACKET_remaining(&pkt) != BUF_LEN - || !PACKET_as_length_prefixed_1(&exact_pkt, &subpkt) - || PACKET_remaining(&exact_pkt) != 0 - || PACKET_remaining(&subpkt) != len) { - fprintf(stderr, "test_PACKET_as_length_prefixed_1() failed\n"); + PACKET pkt, exact_pkt, subpkt = {0}; + + buf1[0] = (unsigned char)len; + for (i = 1; i < BUF_LEN; i++) + buf1[i] = (i * 2) & 0xff; + + if (!TEST_true(PACKET_buf_init(&pkt, buf1, BUF_LEN)) + || !TEST_true(PACKET_buf_init(&exact_pkt, buf1, len + 1)) + || !TEST_false(PACKET_as_length_prefixed_1(&pkt, &subpkt)) + || !TEST_size_t_eq(PACKET_remaining(&pkt), BUF_LEN) + || !TEST_true(PACKET_as_length_prefixed_1(&exact_pkt, &subpkt)) + || !TEST_size_t_eq(PACKET_remaining(&exact_pkt), 0) + || !TEST_size_t_eq(PACKET_remaining(&subpkt), len)) return 0; - } return 1; } -static int test_PACKET_as_length_prefixed_2() +static int test_PACKET_as_length_prefixed_2(void) { unsigned char buf[1024]; const size_t len = 516; /* 0x0204 */ unsigned int i; - PACKET pkt, exact_pkt, subpkt; + PACKET pkt, exact_pkt, subpkt = {0}; - for (i = 1; i <= 1024; i++) { + for (i = 1; i <= 1024; i++) buf[i-1] = (i * 2) & 0xff; - } - - if ( !PACKET_buf_init(&pkt, buf, 1024) - || !PACKET_buf_init(&exact_pkt, buf, len + 2) - || PACKET_as_length_prefixed_2(&pkt, &subpkt) - || PACKET_remaining(&pkt) != 1024 - || !PACKET_as_length_prefixed_2(&exact_pkt, &subpkt) - || PACKET_remaining(&exact_pkt) != 0 - || PACKET_remaining(&subpkt) != len) { - fprintf(stderr, "test_PACKET_as_length_prefixed_2() failed\n"); + + if (!TEST_true(PACKET_buf_init(&pkt, buf, 1024)) + || !TEST_true(PACKET_buf_init(&exact_pkt, buf, len + 2)) + || !TEST_false(PACKET_as_length_prefixed_2(&pkt, &subpkt)) + || !TEST_size_t_eq(PACKET_remaining(&pkt), 1024) + || !TEST_true(PACKET_as_length_prefixed_2(&exact_pkt, &subpkt)) + || !TEST_size_t_eq(PACKET_remaining(&exact_pkt), 0) + || !TEST_size_t_eq(PACKET_remaining(&subpkt), len)) return 0; - } return 1; } -int main(int argc, char **argv) +int setup_tests(void) { - unsigned char buf[BUF_LEN]; unsigned int i; - for (i=1; i<=BUF_LEN; i++) { - buf[i-1] = (i * 2) & 0xff; - } - i = 0; - - if ( !test_PACKET_buf_init() - || !test_PACKET_null_init() - || !test_PACKET_remaining(buf) - || !test_PACKET_end(buf) - || !test_PACKET_equal(buf) - || !test_PACKET_get_1(buf) - || !test_PACKET_get_4(buf) - || !test_PACKET_get_net_2(buf) - || !test_PACKET_get_net_3(buf) - || !test_PACKET_get_net_4(buf) - || !test_PACKET_get_sub_packet(buf) - || !test_PACKET_get_bytes(buf) - || !test_PACKET_copy_bytes(buf) - || !test_PACKET_copy_all(buf) - || !test_PACKET_memdup(buf) - || !test_PACKET_strndup() - || !test_PACKET_contains_zero_byte() - || !test_PACKET_forward(buf) - || !test_PACKET_get_length_prefixed_1() - || !test_PACKET_get_length_prefixed_2() - || !test_PACKET_get_length_prefixed_3() - || !test_PACKET_as_length_prefixed_1() - || !test_PACKET_as_length_prefixed_2()) { - return 1; - } - printf("PASS\n"); - return 0; + for (i = 1; i <= BUF_LEN; i++) + smbuf[i - 1] = (i * 2) & 0xff; + + ADD_TEST(test_PACKET_buf_init); + ADD_TEST(test_PACKET_null_init); + ADD_TEST(test_PACKET_remaining); + ADD_TEST(test_PACKET_end); + ADD_TEST(test_PACKET_equal); + ADD_TEST(test_PACKET_get_1); + ADD_TEST(test_PACKET_get_4); + ADD_TEST(test_PACKET_get_net_2); + ADD_TEST(test_PACKET_get_net_3); + ADD_TEST(test_PACKET_get_net_4); + ADD_TEST(test_PACKET_get_sub_packet); + ADD_TEST(test_PACKET_get_bytes); + ADD_TEST(test_PACKET_copy_bytes); + ADD_TEST(test_PACKET_copy_all); + ADD_TEST(test_PACKET_memdup); + ADD_TEST(test_PACKET_strndup); + ADD_TEST(test_PACKET_contains_zero_byte); + ADD_TEST(test_PACKET_forward); + ADD_TEST(test_PACKET_get_length_prefixed_1); + ADD_TEST(test_PACKET_get_length_prefixed_2); + ADD_TEST(test_PACKET_get_length_prefixed_3); + ADD_TEST(test_PACKET_as_length_prefixed_1); + ADD_TEST(test_PACKET_as_length_prefixed_2); + return 1; } diff --git a/deps/openssl/openssl/test/pbelutest.c b/deps/openssl/openssl/test/pbelutest.c index e226d43f2629dd..3ed5e96726ab52 100644 --- a/deps/openssl/openssl/test/pbelutest.c +++ b/deps/openssl/openssl/test/pbelutest.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,40 +8,43 @@ */ #include -#include -#include +#include "testutil.h" /* * Password based encryption (PBE) table ordering test. * Attempt to look up all supported algorithms. */ -int main(int argc, char **argv) +static int test_pbelu(void) { - size_t i; - int rv = 0; - int pbe_type, pbe_nid; - int last_type = -1, last_nid = -1; + int i, failed = 0; + int pbe_type, pbe_nid, last_type = -1, last_nid = -1; + for (i = 0; EVP_PBE_get(&pbe_type, &pbe_nid, i) != 0; i++) { - if (EVP_PBE_find(pbe_type, pbe_nid, NULL, NULL, 0) == 0) { - rv = 1; + if (!TEST_true(EVP_PBE_find(pbe_type, pbe_nid, NULL, NULL, 0))) { + TEST_note("i=%d, pbe_type=%d, pbe_nid=%d", i, pbe_type, pbe_nid); + failed = 1; break; } } - if (rv == 0) - return 0; + + if (!failed) + return 1; + /* Error: print out whole table */ for (i = 0; EVP_PBE_get(&pbe_type, &pbe_nid, i) != 0; i++) { - if (pbe_type > last_type) - rv = 0; - else if (pbe_type < last_type || pbe_nid < last_nid) - rv = 1; - else - rv = 0; - fprintf(stderr, "PBE type=%d %d (%s): %s\n", pbe_type, pbe_nid, - OBJ_nid2sn(pbe_nid), rv ? "ERROR" : "OK"); + failed = pbe_type < last_type + || (pbe_type == last_type && pbe_nid < last_nid); + TEST_note("PBE type=%d %d (%s): %s\n", pbe_type, pbe_nid, + OBJ_nid2sn(pbe_nid), failed ? "ERROR" : "OK"); last_type = pbe_type; last_nid = pbe_nid; } + return 0; +} + +int setup_tests(void) +{ + ADD_TEST(test_pbelu); return 1; } diff --git a/deps/openssl/openssl/test/pkits-test.pl b/deps/openssl/openssl/test/pkits-test.pl index ae7279cf2ea26a..2b859b2ae09afa 100644 --- a/deps/openssl/openssl/test/pkits-test.pl +++ b/deps/openssl/openssl/test/pkits-test.pl @@ -6,7 +6,7 @@ # in the file LICENSE in the source distribution or at # https://www.openssl.org/source/license.html -# Perl utility to run PKITS tests for RFC3280 compliance. +# Perl utility to run PKITS tests for RFC3280 compliance. my $ossl_path; @@ -80,7 +80,7 @@ [ "4.4.7", "Valid Two CRLs Test7", 0 ], # The test document suggests these should return certificate revoked... - # Subsquent discussion has concluded they should not due to unhandle + # Subsequent discussion has concluded they should not due to unhandle # critical CRL extensions. [ "4.4.8", "Invalid Unknown CRL Entry Extension Test8", 36 ], [ "4.4.9", "Invalid Unknown CRL Extension Test9", 36 ], @@ -705,7 +705,7 @@ [ "4.14.29", "Valid cRLIssuer Test29", 0 ], # Although this test is valid it has a circular dependency. As a result - # an attempt is made to reursively checks a CRL path and rejected due to + # an attempt is made to recursively checks a CRL path and rejected due to # a CRL path validation error. PKITS notes suggest this test does not # need to be run due to this issue. [ "4.14.30", "Valid cRLIssuer Test30", 54 ], diff --git a/deps/openssl/openssl/test/randtest.c b/deps/openssl/openssl/test/randtest.c deleted file mode 100644 index 9f7a0371a67d52..00000000000000 --- a/deps/openssl/openssl/test/randtest.c +++ /dev/null @@ -1,145 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include - -#include "../e_os.h" - -/* some FIPS 140-1 random number test */ -/* some simple tests */ - -int main(int argc, char **argv) -{ - unsigned char buf[2500]; - int i, j, k, s, sign, nsign, err = 0; - unsigned long n1; - unsigned long n2[16]; - unsigned long runs[2][34]; - /* - * double d; - */ - long d; - - i = RAND_bytes(buf, 2500); - if (i <= 0) { - printf("init failed, the rand method is not properly installed\n"); - err++; - goto err; - } - - n1 = 0; - for (i = 0; i < 16; i++) - n2[i] = 0; - for (i = 0; i < 34; i++) - runs[0][i] = runs[1][i] = 0; - - /* test 1 and 2 */ - sign = 0; - nsign = 0; - for (i = 0; i < 2500; i++) { - j = buf[i]; - - n2[j & 0x0f]++; - n2[(j >> 4) & 0x0f]++; - - for (k = 0; k < 8; k++) { - s = (j & 0x01); - if (s == sign) - nsign++; - else { - if (nsign > 34) - nsign = 34; - if (nsign != 0) { - runs[sign][nsign - 1]++; - if (nsign > 6) - runs[sign][5]++; - } - sign = s; - nsign = 1; - } - - if (s) - n1++; - j >>= 1; - } - } - if (nsign > 34) - nsign = 34; - if (nsign != 0) - runs[sign][nsign - 1]++; - - /* test 1 */ - if (!((9654 < n1) && (n1 < 10346))) { - printf("test 1 failed, X=%lu\n", n1); - err++; - } - printf("test 1 done\n"); - - /* test 2 */ - d = 0; - for (i = 0; i < 16; i++) - d += n2[i] * n2[i]; - d = (d * 8) / 25 - 500000; - if (!((103 < d) && (d < 5740))) { - printf("test 2 failed, X=%ld.%02ld\n", d / 100L, d % 100L); - err++; - } - printf("test 2 done\n"); - - /* test 3 */ - for (i = 0; i < 2; i++) { - if (!((2267 < runs[i][0]) && (runs[i][0] < 2733))) { - printf("test 3 failed, bit=%d run=%d num=%lu\n", - i, 1, runs[i][0]); - err++; - } - if (!((1079 < runs[i][1]) && (runs[i][1] < 1421))) { - printf("test 3 failed, bit=%d run=%d num=%lu\n", - i, 2, runs[i][1]); - err++; - } - if (!((502 < runs[i][2]) && (runs[i][2] < 748))) { - printf("test 3 failed, bit=%d run=%d num=%lu\n", - i, 3, runs[i][2]); - err++; - } - if (!((223 < runs[i][3]) && (runs[i][3] < 402))) { - printf("test 3 failed, bit=%d run=%d num=%lu\n", - i, 4, runs[i][3]); - err++; - } - if (!((90 < runs[i][4]) && (runs[i][4] < 223))) { - printf("test 3 failed, bit=%d run=%d num=%lu\n", - i, 5, runs[i][4]); - err++; - } - if (!((90 < runs[i][5]) && (runs[i][5] < 223))) { - printf("test 3 failed, bit=%d run=%d num=%lu\n", - i, 6, runs[i][5]); - err++; - } - } - printf("test 3 done\n"); - - /* test 4 */ - if (runs[0][33] != 0) { - printf("test 4 failed, bit=%d run=%d num=%lu\n", 0, 34, runs[0][33]); - err++; - } - if (runs[1][33] != 0) { - printf("test 4 failed, bit=%d run=%d num=%lu\n", 1, 34, runs[1][33]); - err++; - } - printf("test 4 done\n"); - err: - err = ((err) ? 1 : 0); - EXIT(err); -} diff --git a/deps/openssl/openssl/test/rc2test.c b/deps/openssl/openssl/test/rc2test.c index 2d0a01d596147f..e64d1a72850393 100644 --- a/deps/openssl/openssl/test/rc2test.c +++ b/deps/openssl/openssl/test/rc2test.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,24 +7,10 @@ * https://www.openssl.org/source/license.html */ -/* - * This has been a quickly hacked 'ideatest.c'. When I add tests for other - * RC2 modes, more of the code will be uncommented. - */ - -#include -#include -#include +#include "internal/nelem.h" +#include "testutil.h" -#include "../e_os.h" - -#ifdef OPENSSL_NO_RC2 -int main(int argc, char *argv[]) -{ - printf("No RC2 support\n"); - return (0); -} -#else +#ifndef OPENSSL_NO_RC2 # include static unsigned char RC2key[4][16] = { @@ -52,48 +38,31 @@ static unsigned char RC2cipher[4][8] = { {0x50, 0xDC, 0x01, 0x62, 0xBD, 0x75, 0x7F, 0x31}, }; -int main(int argc, char *argv[]) +static int test_rc2(const int n) { - int i, n, err = 0; + int testresult = 1; RC2_KEY key; unsigned char buf[8], buf2[8]; - for (n = 0; n < 4; n++) { - RC2_set_key(&key, 16, &(RC2key[n][0]), 0 /* or 1024 */ ); + RC2_set_key(&key, 16, &(RC2key[n][0]), 0 /* or 1024 */ ); - RC2_ecb_encrypt(&(RC2plain[n][0]), buf, &key, RC2_ENCRYPT); - if (memcmp(&(RC2cipher[n][0]), buf, 8) != 0) { - printf("ecb rc2 error encrypting\n"); - printf("got :"); - for (i = 0; i < 8; i++) - printf("%02X ", buf[i]); - printf("\n"); - printf("expected:"); - for (i = 0; i < 8; i++) - printf("%02X ", RC2cipher[n][i]); - err = 20; - printf("\n"); - } + RC2_ecb_encrypt(&RC2plain[n][0], buf, &key, RC2_ENCRYPT); + if (!TEST_mem_eq(&RC2cipher[n][0], 8, buf, 8)) + testresult = 0; - RC2_ecb_encrypt(buf, buf2, &key, RC2_DECRYPT); - if (memcmp(&(RC2plain[n][0]), buf2, 8) != 0) { - printf("ecb RC2 error decrypting\n"); - printf("got :"); - for (i = 0; i < 8; i++) - printf("%02X ", buf[i]); - printf("\n"); - printf("expected:"); - for (i = 0; i < 8; i++) - printf("%02X ", RC2plain[n][i]); - printf("\n"); - err = 3; - } - } + RC2_ecb_encrypt(buf, buf2, &key, RC2_DECRYPT); + if (!TEST_mem_eq(&RC2plain[n][0], 8, buf2, 8)) + testresult = 0; - if (err == 0) - printf("ecb RC2 ok\n"); - - EXIT(err); + return testresult; } #endif + +int setup_tests(void) +{ +#ifndef OPENSSL_NO_RC2 + ADD_ALL_TESTS(test_rc2, OSSL_NELEM(RC2key)); +#endif + return 1; +} diff --git a/deps/openssl/openssl/test/rc4test.c b/deps/openssl/openssl/test/rc4test.c index 7a77b821927e98..15706ea3f05b19 100644 --- a/deps/openssl/openssl/test/rc4test.c +++ b/deps/openssl/openssl/test/rc4test.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,23 +7,16 @@ * https://www.openssl.org/source/license.html */ -#include -#include #include -#include "../e_os.h" +#include "internal/nelem.h" +#include "testutil.h" -#ifdef OPENSSL_NO_RC4 -int main(int argc, char *argv[]) -{ - printf("No RC4 support\n"); - return (0); -} -#else +#ifndef OPENSSL_NO_RC4 # include # include -static unsigned char keys[7][30] = { +static unsigned char keys[6][30] = { {8, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef}, {8, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef}, {8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, @@ -32,9 +25,9 @@ static unsigned char keys[7][30] = { {4, 0xef, 0x01, 0x23, 0x45}, }; -static unsigned char data_len[7] = { 8, 8, 8, 20, 28, 10 }; +static unsigned char data_len[6] = { 8, 8, 8, 20, 28, 10 }; -static unsigned char data[7][30] = { +static unsigned char data[6][30] = { {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xff}, {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff}, {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff}, @@ -46,10 +39,9 @@ static unsigned char data[7][30] = { 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0, 0x12, 0x34, 0x56, 0x78, 0xff}, {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff}, - {0}, }; -static unsigned char output[7][30] = { +static unsigned char output[6][30] = { {0x75, 0xb7, 0x87, 0x80, 0x99, 0xe0, 0xc5, 0x96, 0x00}, {0x74, 0x94, 0xc2, 0xe7, 0x10, 0x4b, 0x08, 0x79, 0x00}, {0xde, 0x18, 0x89, 0x41, 0xa3, 0x37, 0x5d, 0x3a, 0x00}, @@ -61,115 +53,76 @@ static unsigned char output[7][30] = { 0x89, 0x2e, 0xbe, 0x30, 0x14, 0x3c, 0xe2, 0x87, 0x40, 0x01, 0x1e, 0xcf, 0x00}, {0xd6, 0xa1, 0x41, 0xa7, 0xec, 0x3c, 0x38, 0xdf, 0xbd, 0x61, 0x00}, - {0}, }; -int main(int argc, char *argv[]) +static int test_rc4_encrypt(const int i) { - int i, err = 0; - int j; - unsigned char *p; + unsigned char obuf[512]; RC4_KEY key; + + RC4_set_key(&key, keys[i][0], &(keys[i][1])); + memset(obuf, 0, sizeof(obuf)); + RC4(&key, data_len[i], &(data[i][0]), obuf); + return TEST_mem_eq(obuf, data_len[i] + 1, output[i], data_len[i] + 1); +} + +static int test_rc4_end_processing(const int i) +{ unsigned char obuf[512]; + RC4_KEY key; - for (i = 0; i < 6; i++) { - RC4_set_key(&key, keys[i][0], &(keys[i][1])); - memset(obuf, 0, sizeof(obuf)); - RC4(&key, data_len[i], &(data[i][0]), obuf); - if (memcmp(obuf, output[i], data_len[i] + 1) != 0) { - printf("error calculating RC4\n"); - printf("output:"); - for (j = 0; j < data_len[i] + 1; j++) - printf(" %02x", obuf[j]); - printf("\n"); - printf("expect:"); - p = &(output[i][0]); - for (j = 0; j < data_len[i] + 1; j++) - printf(" %02x", *(p++)); - printf("\n"); - err++; - } else - printf("test %d ok\n", i); - } - printf("test end processing "); - for (i = 0; i < data_len[3]; i++) { - RC4_set_key(&key, keys[3][0], &(keys[3][1])); - memset(obuf, 0, sizeof(obuf)); - RC4(&key, i, &(data[3][0]), obuf); - if ((memcmp(obuf, output[3], i) != 0) || (obuf[i] != 0)) { - printf("error in RC4 length processing\n"); - printf("output:"); - for (j = 0; j < i + 1; j++) - printf(" %02x", obuf[j]); - printf("\n"); - printf("expect:"); - p = &(output[3][0]); - for (j = 0; j < i; j++) - printf(" %02x", *(p++)); - printf(" 00\n"); - err++; - } else { - printf("."); - fflush(stdout); - } - } - printf("done\n"); - printf("test multi-call "); - for (i = 0; i < data_len[3]; i++) { - RC4_set_key(&key, keys[3][0], &(keys[3][1])); - memset(obuf, 0, sizeof(obuf)); - RC4(&key, i, &(data[3][0]), obuf); - RC4(&key, data_len[3] - i, &(data[3][i]), &(obuf[i])); - if (memcmp(obuf, output[3], data_len[3] + 1) != 0) { - printf("error in RC4 multi-call processing\n"); - printf("output:"); - for (j = 0; j < data_len[3] + 1; j++) - printf(" %02x", obuf[j]); - printf("\n"); - printf("expect:"); - p = &(output[3][0]); - for (j = 0; j < data_len[3] + 1; j++) - printf(" %02x", *(p++)); - err++; - } else { - printf("."); - fflush(stdout); - } - } - printf("done\n"); - printf("bulk test "); - { - unsigned char buf[513]; - SHA_CTX c; - unsigned char md[SHA_DIGEST_LENGTH]; - static unsigned char expected[] = { - 0xa4, 0x7b, 0xcc, 0x00, 0x3d, 0xd0, 0xbd, 0xe1, 0xac, 0x5f, - 0x12, 0x1e, 0x45, 0xbc, 0xfb, 0x1a, 0xa1, 0xf2, 0x7f, 0xc5 - }; - - RC4_set_key(&key, keys[0][0], &(keys[3][1])); - memset(buf, 0, sizeof(buf)); - SHA1_Init(&c); - for (i = 0; i < 2571; i++) { - RC4(&key, sizeof(buf), buf, buf); - SHA1_Update(&c, buf, sizeof(buf)); - } - SHA1_Final(md, &c); - - if (memcmp(md, expected, sizeof(md))) { - printf("error in RC4 bulk test\n"); - printf("output:"); - for (j = 0; j < (int)sizeof(md); j++) - printf(" %02x", md[j]); - printf("\n"); - printf("expect:"); - for (j = 0; j < (int)sizeof(md); j++) - printf(" %02x", expected[j]); - printf("\n"); - err++; - } else - printf("ok\n"); + RC4_set_key(&key, keys[3][0], &(keys[3][1])); + memset(obuf, 0, sizeof(obuf)); + RC4(&key, i, &(data[3][0]), obuf); + if (!TEST_mem_eq(obuf, i, output[3], i)) + return 0; + return TEST_uchar_eq(obuf[i], 0); +} + +static int test_rc4_multi_call(const int i) +{ + unsigned char obuf[512]; + RC4_KEY key; + + RC4_set_key(&key, keys[3][0], &(keys[3][1])); + memset(obuf, 0, sizeof(obuf)); + RC4(&key, i, &(data[3][0]), obuf); + RC4(&key, data_len[3] - i, &(data[3][i]), &(obuf[i])); + return TEST_mem_eq(obuf, data_len[3] + 1, output[3], data_len[3] + 1); +} + +static int test_rc_bulk(void) +{ + RC4_KEY key; + unsigned char buf[513]; + SHA_CTX c; + unsigned char md[SHA_DIGEST_LENGTH]; + int i; + static unsigned char expected[] = { + 0xa4, 0x7b, 0xcc, 0x00, 0x3d, 0xd0, 0xbd, 0xe1, 0xac, 0x5f, + 0x12, 0x1e, 0x45, 0xbc, 0xfb, 0x1a, 0xa1, 0xf2, 0x7f, 0xc5 + }; + + RC4_set_key(&key, keys[0][0], &(keys[3][1])); + memset(buf, 0, sizeof(buf)); + SHA1_Init(&c); + for (i = 0; i < 2571; i++) { + RC4(&key, sizeof(buf), buf, buf); + SHA1_Update(&c, buf, sizeof(buf)); } - EXIT(err); + SHA1_Final(md, &c); + + return TEST_mem_eq(md, sizeof(md), expected, sizeof(expected)); } #endif + +int setup_tests(void) +{ +#ifndef OPENSSL_NO_RC4 + ADD_ALL_TESTS(test_rc4_encrypt, OSSL_NELEM(data_len)); + ADD_ALL_TESTS(test_rc4_end_processing, data_len[3]); + ADD_ALL_TESTS(test_rc4_multi_call, data_len[3]); + ADD_TEST(test_rc_bulk); +#endif + return 1; +} diff --git a/deps/openssl/openssl/test/rc5test.c b/deps/openssl/openssl/test/rc5test.c index 6567bcb4354a3c..d49366d9938ab5 100644 --- a/deps/openssl/openssl/test/rc5test.c +++ b/deps/openssl/openssl/test/rc5test.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,24 +7,12 @@ * https://www.openssl.org/source/license.html */ -/* - * This has been a quickly hacked 'ideatest.c'. When I add tests for other - * RC5 modes, more of the code will be uncommented. - */ - -#include #include -#include -#include "../e_os.h" +#include "internal/nelem.h" +#include "testutil.h" -#ifdef OPENSSL_NO_RC5 -int main(int argc, char *argv[]) -{ - printf("No RC5 support\n"); - return (0); -} -#else +#ifndef OPENSSL_NO_RC5 # include static unsigned char RC5key[5][16] = { @@ -187,90 +175,60 @@ static unsigned char rc5_cbc_iv[RC5_CBC_NUM][8] = { {0x7c, 0xb3, 0xf1, 0xdf, 0x34, 0xf9, 0x48, 0x11}, }; -int main(int argc, char *argv[]) +static int test_rc5_ecb(int n) { - int i, n, err = 0; + int testresult = 1; RC5_32_KEY key; - unsigned char buf[8], buf2[8], ivb[8]; + unsigned char buf[8], buf2[8]; - for (n = 0; n < 5; n++) { - RC5_32_set_key(&key, 16, &(RC5key[n][0]), 12); + RC5_32_set_key(&key, 16, &RC5key[n][0], 12); - RC5_32_ecb_encrypt(&(RC5plain[n][0]), buf, &key, RC5_ENCRYPT); - if (memcmp(&(RC5cipher[n][0]), buf, 8) != 0) { - printf("ecb RC5 error encrypting (%d)\n", n + 1); - printf("got :"); - for (i = 0; i < 8; i++) - printf("%02X ", buf[i]); - printf("\n"); - printf("expected:"); - for (i = 0; i < 8; i++) - printf("%02X ", RC5cipher[n][i]); - err = 20; - printf("\n"); - } + RC5_32_ecb_encrypt(&RC5plain[n][0], buf, &key, RC5_ENCRYPT); + if (!TEST_mem_eq(&RC5cipher[n][0], sizeof(RC5cipher[0]), buf, sizeof(buf))) + testresult = 0; - RC5_32_ecb_encrypt(buf, buf2, &key, RC5_DECRYPT); - if (memcmp(&(RC5plain[n][0]), buf2, 8) != 0) { - printf("ecb RC5 error decrypting (%d)\n", n + 1); - printf("got :"); - for (i = 0; i < 8; i++) - printf("%02X ", buf2[i]); - printf("\n"); - printf("expected:"); - for (i = 0; i < 8; i++) - printf("%02X ", RC5plain[n][i]); - printf("\n"); - err = 3; - } - } - if (err == 0) - printf("ecb RC5 ok\n"); + RC5_32_ecb_encrypt(buf, buf2, &key, RC5_DECRYPT); + if (!TEST_mem_eq(&RC5plain[n][0], sizeof(RC5cipher[0]), buf2, sizeof(buf2))) + testresult = 0; - for (n = 0; n < RC5_CBC_NUM; n++) { - i = rc5_cbc_rounds[n]; - if (i < 8) - continue; + return testresult; +} - RC5_32_set_key(&key, rc5_cbc_key[n][0], &(rc5_cbc_key[n][1]), i); +static int test_rc5_cbc(int n) +{ + int testresult = 1; + int i; + RC5_32_KEY key; + unsigned char buf[8], buf2[8], ivb[8]; + + i = rc5_cbc_rounds[n]; + if (i >= 8) { + RC5_32_set_key(&key, rc5_cbc_key[n][0], &rc5_cbc_key[n][1], i); - memcpy(ivb, &(rc5_cbc_iv[n][0]), 8); - RC5_32_cbc_encrypt(&(rc5_cbc_plain[n][0]), buf, 8, - &key, &(ivb[0]), RC5_ENCRYPT); + memcpy(ivb, &rc5_cbc_iv[n][0], 8); + RC5_32_cbc_encrypt(&rc5_cbc_plain[n][0], buf, 8, + &key, &ivb[0], RC5_ENCRYPT); - if (memcmp(&(rc5_cbc_cipher[n][0]), buf, 8) != 0) { - printf("cbc RC5 error encrypting (%d)\n", n + 1); - printf("got :"); - for (i = 0; i < 8; i++) - printf("%02X ", buf[i]); - printf("\n"); - printf("expected:"); - for (i = 0; i < 8; i++) - printf("%02X ", rc5_cbc_cipher[n][i]); - err = 30; - printf("\n"); - } + if (!TEST_mem_eq(&rc5_cbc_cipher[n][0], sizeof(rc5_cbc_cipher[0]), + buf, sizeof(buf))) + testresult = 0; - memcpy(ivb, &(rc5_cbc_iv[n][0]), 8); - RC5_32_cbc_encrypt(buf, buf2, 8, &key, &(ivb[0]), RC5_DECRYPT); - if (memcmp(&(rc5_cbc_plain[n][0]), buf2, 8) != 0) { - printf("cbc RC5 error decrypting (%d)\n", n + 1); - printf("got :"); - for (i = 0; i < 8; i++) - printf("%02X ", buf2[i]); - printf("\n"); - printf("expected:"); - for (i = 0; i < 8; i++) - printf("%02X ", rc5_cbc_plain[n][i]); - printf("\n"); - err = 3; - } + memcpy(ivb, &rc5_cbc_iv[n][0], 8); + RC5_32_cbc_encrypt(buf, buf2, 8, &key, &ivb[0], RC5_DECRYPT); + if (!TEST_mem_eq(&rc5_cbc_plain[n][0], sizeof(rc5_cbc_plain[0]), + buf2, sizeof(buf2))) + testresult = 0; } - if (err == 0) - printf("cbc RC5 ok\n"); - EXIT(err); - return (err); + return testresult; } +#endif +int setup_tests(void) +{ +#ifndef OPENSSL_NO_RC5 + ADD_ALL_TESTS(test_rc5_ecb, OSSL_NELEM(RC5key)); + ADD_ALL_TESTS(test_rc5_cbc, RC5_CBC_NUM); #endif + return 1; +} diff --git a/deps/openssl/openssl/test/recipes/01-test_test.t b/deps/openssl/openssl/test/recipes/01-test_test.t new file mode 100644 index 00000000000000..efc970e7b33a7d --- /dev/null +++ b/deps/openssl/openssl/test/recipes/01-test_test.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use OpenSSL::Test::Simple; + +simple_test("test_test", "test_test"); diff --git a/deps/openssl/openssl/test/recipes/02-test_internal_ctype.t b/deps/openssl/openssl/test/recipes/02-test_internal_ctype.t new file mode 100644 index 00000000000000..daacfe0feb7809 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/02-test_internal_ctype.t @@ -0,0 +1,17 @@ +#! /usr/bin/env perl +# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test; # get 'plan' +use OpenSSL::Test::Simple; +use OpenSSL::Test::Utils; + +setup("test_internal_ctype"); + +simple_test("test_internal_ctype", "ctype_internal_test"); diff --git a/deps/openssl/openssl/test/recipes/02-test_lhash.t b/deps/openssl/openssl/test/recipes/02-test_lhash.t new file mode 100644 index 00000000000000..613a10d0f63658 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/02-test_lhash.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use OpenSSL::Test::Simple; + +simple_test("test_lhash", "lhash_test"); diff --git a/deps/openssl/openssl/test/recipes/02-test_stack.t b/deps/openssl/openssl/test/recipes/02-test_stack.t new file mode 100644 index 00000000000000..6f906dbd99eabd --- /dev/null +++ b/deps/openssl/openssl/test/recipes/02-test_stack.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use OpenSSL::Test::Simple; + +simple_test("test_stack", "stack_test"); diff --git a/deps/openssl/openssl/test/recipes/03-test_internal_asn1.t b/deps/openssl/openssl/test/recipes/03-test_internal_asn1.t new file mode 100644 index 00000000000000..5f27214e96c8cb --- /dev/null +++ b/deps/openssl/openssl/test/recipes/03-test_internal_asn1.t @@ -0,0 +1,16 @@ +#! /usr/bin/env perl +# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test; # get 'plan' +use OpenSSL::Test::Simple; +use OpenSSL::Test::Utils; + +setup("test_internal_asn1"); + +simple_test("test_internal_asn1", "asn1_internal_test"); diff --git a/deps/openssl/openssl/test/recipes/03-test_internal_chacha.t b/deps/openssl/openssl/test/recipes/03-test_internal_chacha.t new file mode 100644 index 00000000000000..b115392c202223 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/03-test_internal_chacha.t @@ -0,0 +1,16 @@ +#! /usr/bin/env perl +# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test; # get 'plan' +use OpenSSL::Test::Simple; +use OpenSSL::Test::Utils; + +setup("test_internal_chacha"); + +simple_test("test_internal_chacha", "chacha_internal_test", "chacha"); diff --git a/deps/openssl/openssl/test/recipes/03-test_internal_curve448.t b/deps/openssl/openssl/test/recipes/03-test_internal_curve448.t new file mode 100644 index 00000000000000..4decc9858454cc --- /dev/null +++ b/deps/openssl/openssl/test/recipes/03-test_internal_curve448.t @@ -0,0 +1,19 @@ +#! /usr/bin/env perl +# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test; # get 'plan' +use OpenSSL::Test::Simple; +use OpenSSL::Test::Utils; + +setup("test_internal_curve448"); + +plan skip_all => "This test is unsupported in a no-ec build" + if disabled("ec"); + +simple_test("test_internal_curve448", "curve448_internal_test"); diff --git a/deps/openssl/openssl/test/recipes/05-test_sha1.t b/deps/openssl/openssl/test/recipes/03-test_internal_mdc2.t similarity index 82% rename from deps/openssl/openssl/test/recipes/05-test_sha1.t rename to deps/openssl/openssl/test/recipes/03-test_internal_mdc2.t index 21bb74edcc2ce6..dfc06780de7c69 100644 --- a/deps/openssl/openssl/test/recipes/05-test_sha1.t +++ b/deps/openssl/openssl/test/recipes/03-test_internal_mdc2.t @@ -6,7 +6,7 @@ # in the file LICENSE in the source distribution or at # https://www.openssl.org/source/license.html - +use strict; use OpenSSL::Test::Simple; -simple_test("test_sha1", "sha1test", "sha"); +simple_test("test_internal_mdc2", "mdc2_internal_test", "mdc2"); diff --git a/deps/openssl/openssl/test/recipes/03-test_internal_modes.t b/deps/openssl/openssl/test/recipes/03-test_internal_modes.t new file mode 100644 index 00000000000000..1f75bd8b6f6c57 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/03-test_internal_modes.t @@ -0,0 +1,16 @@ +#! /usr/bin/env perl +# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test; # get 'plan' +use OpenSSL::Test::Simple; +use OpenSSL::Test::Utils; + +setup("test_internal_modes"); + +simple_test("test_internal_modes", "modes_internal_test"); diff --git a/deps/openssl/openssl/test/recipes/03-test_internal_poly1305.t b/deps/openssl/openssl/test/recipes/03-test_internal_poly1305.t new file mode 100644 index 00000000000000..42f26c124fbc2b --- /dev/null +++ b/deps/openssl/openssl/test/recipes/03-test_internal_poly1305.t @@ -0,0 +1,16 @@ +#! /usr/bin/env perl +# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test; # get 'plan' +use OpenSSL::Test::Simple; +use OpenSSL::Test::Utils; + +setup("test_internal_poly1305"); + +simple_test("test_internal_poly1305", "poly1305_internal_test", "poly1305"); diff --git a/deps/openssl/openssl/test/recipes/03-test_internal_siphash.t b/deps/openssl/openssl/test/recipes/03-test_internal_siphash.t new file mode 100644 index 00000000000000..408a674fc68653 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/03-test_internal_siphash.t @@ -0,0 +1,16 @@ +#! /usr/bin/env perl +# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test; # get 'plan' +use OpenSSL::Test::Simple; +use OpenSSL::Test::Utils; + +setup("test_internal_siphash"); + +simple_test("test_internal_siphash", "siphash_internal_test", "siphash"); diff --git a/deps/openssl/openssl/test/recipes/03-test_internal_sm2.t b/deps/openssl/openssl/test/recipes/03-test_internal_sm2.t new file mode 100644 index 00000000000000..7a3fc41105d81f --- /dev/null +++ b/deps/openssl/openssl/test/recipes/03-test_internal_sm2.t @@ -0,0 +1,16 @@ +#! /usr/bin/env perl +# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test; # get 'plan' +use OpenSSL::Test::Simple; +use OpenSSL::Test::Utils; + +setup("test_internal_sm2"); + +simple_test("test_internal_sm2", "sm2_internal_test", "sm2"); diff --git a/deps/openssl/openssl/test/recipes/03-test_internal_sm4.t b/deps/openssl/openssl/test/recipes/03-test_internal_sm4.t new file mode 100644 index 00000000000000..34de203ace73f2 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/03-test_internal_sm4.t @@ -0,0 +1,17 @@ +#! /usr/bin/env perl +# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017 [Ribose Inc.](https://www.ribose.com). All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test; # get 'plan' +use OpenSSL::Test::Simple; +use OpenSSL::Test::Utils; + +setup("test_internal_sm4"); + +simple_test("test_internal_sm4", "sm4_internal_test", "sm4"); diff --git a/deps/openssl/openssl/test/recipes/03-test_internal_ssl_cert_table.t b/deps/openssl/openssl/test/recipes/03-test_internal_ssl_cert_table.t new file mode 100644 index 00000000000000..334e47e7b5c5ac --- /dev/null +++ b/deps/openssl/openssl/test/recipes/03-test_internal_ssl_cert_table.t @@ -0,0 +1,16 @@ +#! /usr/bin/env perl +# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test; # get 'plan' +use OpenSSL::Test::Simple; +use OpenSSL::Test::Utils; + +setup("test_internal_ssl_cert_table"); + +simple_test("test_internal_ssl_cert_table", "ssl_cert_table_internal_test"); diff --git a/deps/openssl/openssl/test/recipes/03-test_internal_x509.t b/deps/openssl/openssl/test/recipes/03-test_internal_x509.t new file mode 100644 index 00000000000000..972ff65fc4b5b5 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/03-test_internal_x509.t @@ -0,0 +1,16 @@ +#! /usr/bin/env perl +# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test; # get 'plan' +use OpenSSL::Test::Simple; +use OpenSSL::Test::Utils; + +setup("test_internal_x509"); + +simple_test("test_internal_x509", "x509_internal_test"); diff --git a/deps/openssl/openssl/test/recipes/03-test_ui.t b/deps/openssl/openssl/test/recipes/03-test_ui.t index b1065d1bdbbc47..cf2f5acdd41a3b 100644 --- a/deps/openssl/openssl/test/recipes/03-test_ui.t +++ b/deps/openssl/openssl/test/recipes/03-test_ui.t @@ -8,23 +8,6 @@ use strict; use warnings; -use OpenSSL::Test; +use OpenSSL::Test::Simple; -setup("test_ui"); - -plan tests => 1; - -note <<"EOF"; -The best way to test the UI interface is currently by using an openssl -command that uses password_callback. The only one that does this is -'genrsa'. -Since password_callback uses a UI method derived from UI_OpenSSL(), it -ensures that one gets tested well enough as well. -EOF - -my $outfile = "rsa_$$.pem"; -ok(run(app(["openssl", "genrsa", "-passout", "pass:password", "-aes128", - "-out", $outfile])), - "Checking that genrsa with a password works properly"); - -unlink $outfile; +simple_test("test_ui", "uitest", "ui"); diff --git a/deps/openssl/openssl/test/recipes/05-test_md4.t b/deps/openssl/openssl/test/recipes/04-test_asn1_decode.t similarity index 72% rename from deps/openssl/openssl/test/recipes/05-test_md4.t rename to deps/openssl/openssl/test/recipes/04-test_asn1_decode.t index 59a815bdd4216d..4a12b765eadea1 100644 --- a/deps/openssl/openssl/test/recipes/05-test_md4.t +++ b/deps/openssl/openssl/test/recipes/04-test_asn1_decode.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -9,4 +9,4 @@ use OpenSSL::Test::Simple; -simple_test("test_md4", "md4test", "md4"); +simple_test("test_asn1_decode", "asn1_decode_test"); diff --git a/deps/openssl/openssl/test/recipes/04-test_asn1_encode.t b/deps/openssl/openssl/test/recipes/04-test_asn1_encode.t new file mode 100644 index 00000000000000..dd8121d555b03d --- /dev/null +++ b/deps/openssl/openssl/test/recipes/04-test_asn1_encode.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_asn1_encode", "asn1_encode_test"); diff --git a/deps/openssl/openssl/test/recipes/04-test_asn1_string_table.t b/deps/openssl/openssl/test/recipes/04-test_asn1_string_table.t new file mode 100644 index 00000000000000..041f372157f047 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/04-test_asn1_string_table.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_asn1_string_table", "asn1_string_table_test"); diff --git a/deps/openssl/openssl/test/recipes/04-test_bio_callback.t b/deps/openssl/openssl/test/recipes/04-test_bio_callback.t new file mode 100644 index 00000000000000..1422cb6e21d0fc --- /dev/null +++ b/deps/openssl/openssl/test/recipes/04-test_bio_callback.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_bio_callback", "bio_callback_test"); diff --git a/deps/openssl/openssl/test/recipes/90-test_bioprint.t b/deps/openssl/openssl/test/recipes/04-test_bioprint.t similarity index 100% rename from deps/openssl/openssl/test/recipes/90-test_bioprint.t rename to deps/openssl/openssl/test/recipes/04-test_bioprint.t diff --git a/deps/openssl/openssl/test/recipes/04-test_pem.t b/deps/openssl/openssl/test/recipes/04-test_pem.t index 48f62ff8975662..c32161111981cf 100644 --- a/deps/openssl/openssl/test/recipes/04-test_pem.t +++ b/deps/openssl/openssl/test/recipes/04-test_pem.t @@ -76,7 +76,7 @@ my %dsa_expected = ( "dsa.pem" => 1 ); -plan tests => scalar keys(%cert_expected) + scalar keys(%dsa_expected) + 1; +plan tests => scalar keys(%cert_expected) + scalar keys(%dsa_expected) + 2; foreach my $input (keys %cert_expected) { my @common = ($cmd, "x509", "-text", "-noout", "-inform", "PEM", "-in"); @@ -104,3 +104,5 @@ SKIP: { my @match = grep /00:a0:3a:21:14:5d:cd:b6:d5:a0:3e:49:23:c1:3a:/, @data; ok(scalar @match > 0 ? 1 : 0); } + +ok(run(test(["pemtest"])), "running pemtest"); diff --git a/deps/openssl/openssl/test/recipes/05-test_rand.t b/deps/openssl/openssl/test/recipes/05-test_rand.t index 3b175fac24a1f3..3ae254031cf734 100644 --- a/deps/openssl/openssl/test/recipes/05-test_rand.t +++ b/deps/openssl/openssl/test/recipes/05-test_rand.t @@ -1,12 +1,17 @@ #! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy # in the file LICENSE in the source distribution or at # https://www.openssl.org/source/license.html +use strict; +use warnings; +use OpenSSL::Test; -use OpenSSL::Test::Simple; +plan tests => 2; +setup("test_rand"); -simple_test("test_rand", "randtest", "rand"); +ok(run(test(["drbgtest"]))); +ok(run(test(["drbg_cavs_test"]))); diff --git a/deps/openssl/openssl/test/recipes/05-test_sha256.t b/deps/openssl/openssl/test/recipes/05-test_sha256.t deleted file mode 100644 index 071a45c68c13ad..00000000000000 --- a/deps/openssl/openssl/test/recipes/05-test_sha256.t +++ /dev/null @@ -1,12 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the OpenSSL license (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -use OpenSSL::Test::Simple; - -simple_test("test_sha256", "sha256t", "sha"); diff --git a/deps/openssl/openssl/test/recipes/05-test_sha512.t b/deps/openssl/openssl/test/recipes/05-test_sha512.t deleted file mode 100644 index 4ce585ce9b5c6f..00000000000000 --- a/deps/openssl/openssl/test/recipes/05-test_sha512.t +++ /dev/null @@ -1,12 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the OpenSSL license (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -use OpenSSL::Test::Simple; - -simple_test("test_sha512", "sha512t", "sha"); diff --git a/deps/openssl/openssl/test/recipes/05-test_wp.t b/deps/openssl/openssl/test/recipes/05-test_wp.t deleted file mode 100644 index a042898f38cd79..00000000000000 --- a/deps/openssl/openssl/test/recipes/05-test_wp.t +++ /dev/null @@ -1,12 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the OpenSSL license (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -use OpenSSL::Test::Simple; - -simple_test("test_wp", "wp_test", "whirlpool"); diff --git a/deps/openssl/openssl/test/recipes/06-test-rdrand.t b/deps/openssl/openssl/test/recipes/06-test-rdrand.t new file mode 100644 index 00000000000000..0411b57e31794e --- /dev/null +++ b/deps/openssl/openssl/test/recipes/06-test-rdrand.t @@ -0,0 +1,22 @@ +#! /usr/bin/perl + +# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; + +use OpenSSL::Test; # get 'plan' +use OpenSSL::Test::Simple; +use OpenSSL::Test::Utils; + +setup("test_rdrand_sanity"); + +# We also need static builds to be enabled even on linux +plan skip_all => "This test is unsupported if static builds are not enabled" + if disabled("static"); + +simple_test("test_rdrand_sanity", "rdrand_sanitytest"); diff --git a/deps/openssl/openssl/test/recipes/10-test_bn.t b/deps/openssl/openssl/test/recipes/10-test_bn.t index 13f278e703a3bd..a663009ce93769 100644 --- a/deps/openssl/openssl/test/recipes/10-test_bn.t +++ b/deps/openssl/openssl/test/recipes/10-test_bn.t @@ -12,73 +12,17 @@ use warnings; use Math::BigInt; -use OpenSSL::Test qw/:DEFAULT srctop_file/; +use OpenSSL::Test qw/:DEFAULT data_file/; setup("test_bn"); -plan tests => 3; +my @files = ( + "bnexp.txt", "bnmod.txt", "bnmul.txt", "bnshift.txt", "bnsum.txt" + ); +plan tests => 1 + scalar(@files); -require_ok(srctop_file("test","recipes","bc.pl")); - -my $testresults = "tmp.bntest"; -my $init = ok(run(test(["bntest"], stdout => $testresults)), 'initialize'); - - SKIP: { - skip "Initializing failed, skipping", 1 if !$init; - - subtest 'Checking the bn results' => sub { - my @lines = (); - if (open DATA, $testresults) { - @lines = ; - close DATA; - } - map { s/\R//; } @lines; # chomp(@lines); - - plan tests => scalar grep(/^print /, @lines); - - my $l = ""; - - while (scalar @lines) { - $l = shift @lines; - - last if $l =~ /^print /; - } - - while (1) { - $l =~ s/^print "//; - $l =~ s/\\n"//; - my $t = $l; - my @operations = (); - - $l = undef; - while (scalar @lines) { - $l = shift @lines; - - last if $l =~ /^print /; - push @operations, $l; - $l = undef; - } - - ok(check_operations(@operations), "verify $t"); - - last unless $l; - } - }; - } - -unlink $testresults; - -sub check_operations { - my $failcount = 0; - - foreach my $line (@_) { - my $result = calc(split /\s+/, $line); - - if ($result ne "0" && $result ne "0x0") { - $failcount++; - print STDERR "Failed! $line => $result\n"; - } - } - - return $failcount == 0; +foreach my $f ( @files ) { + ok(run(test(["bntest", data_file($f)])), + "running bntest $f"); } +ok(run(test(["bntest"])), "running bntest"); diff --git a/deps/openssl/openssl/test/recipes/10-test_bn_data/bnexp.txt b/deps/openssl/openssl/test/recipes/10-test_bn_data/bnexp.txt new file mode 100644 index 00000000000000..664f1a9af0d21c --- /dev/null +++ b/deps/openssl/openssl/test/recipes/10-test_bn_data/bnexp.txt @@ -0,0 +1,30 @@ +# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# Exp tests. +# +# These test vectors satisfy A ^ E = Exp. + +Exp = aa6d7ac431 +A = d0e07 +E = 2 + +Exp = 12d416b110dbb4e467ff0c89a22122f4da8240 +A = 1a18cf6 +E = 6 + +Exp = 49a3b33e23d84f1ce0d5d83f5dcb651d50cf3920f0143da2310d0512a90a06cd8f38977df8a756c30883de38df092000 +A = 2a3acbd2 +E = d + +Exp = 5b4a0d5a956f885f275712b194459980f24708bfb6393d71bd37dce852ce455724f5ee5030775fb86b4295edc98afaafc097e4d82a97c0078ec0eac763db16549c5145c4cf2d3124f88cf9a5c71da0625afb99b26801786fe49a778415dc025954021753d08691947a208b613f0be5c1 +A = 54b3ae461 +E = 1a + +Exp = a0ea5f6a4de49beb8fb7f0dab280d6a32c5a3814c9a5153a7944cec0a9028497846a8a89044348721a0bb5f0c3ded3e980574ea321b0cdb0ead4f4e93841ea7478a7f15d9729b646a8165813a0750e8124f5465dda9b105e1bbeff18fd09c09a2e26610d9176d253b877c3a8908a6be521cbe1e472a7a1b7820e4e890f8f28aacd34609c686e76e15b01bd9324a71290812724ea564d11c874a6765b262c3e57d479da0287a76026a1e8fe53da0b02405da1d379eaa30fc65f +A = fccec0f6df +E = 25 diff --git a/deps/openssl/openssl/test/recipes/10-test_bn_data/bnmod.txt b/deps/openssl/openssl/test/recipes/10-test_bn_data/bnmod.txt new file mode 100644 index 00000000000000..5ea4d031f27143 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/10-test_bn_data/bnmod.txt @@ -0,0 +1,2801 @@ +# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# These test vectors satisfy A * B = ModMul (mod M) and 0 <= ModMul < M. + +Title = ModMul tests + + +ModMul = ae2ca2ce7addaee2e2b7752e286b2bb6a58b51cfbed5c924f00398e59ec36fe6341cd83da43a33a12410f45f6228079c4aeb3912be87e2e81fa1799151bfa0fea29873097475b2c3efa312145d0bf7e51b2a7c9bc961a4f4dcf0c883ff90b919b87c21099fba40257645be31f95a3a277 +A = 6b18497fed9befdf22a01d988d34213f6687d8a96e86c188dea4172e7c6095a0d18d3c86c0f5a1af9c6e3aaeb6baac2a510930b3ed06ec78ec2e12b +B = 1a058d99397db0d209f01212dd4023ae01b15da04fe62d1f76f21622b2695558c67d706c535ca7f19b36f8ef2d508ffd6cf6fcf25e5 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = c462c7cdd79b7604246a0cd97b40ea5a9a77408f13cbb548b56ee713c690dac0507fd988bf28e77462832f4307b08564a51510d4a951c1ad7564316dbead2b53540090827a8ade8092a6133af0e5fac7310f787dc1472836178ed6992b9f71224da3e884bef8e8379a58e6d4be0fbaf59bc520f786631857213305e23fd5ca65 +A = 16c92f77c139706430f396f72ec7adb045745cd9f5899b0074d9955bd32de66f57c05c7929b575312a7f1c04f19e724d64744bff7b31ad0e6171437763 +B = -8734c4a2361fc530f60b28a5f1c7e93136c5ff6bfc7553965eaca54c61e6befb3c0f8cef4280e780cc5940d21a740debba31f863ded75 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = c462c7cdd79b76042469eb41a7a83115eb84103da4ba438c3e33227631dc185054ba4e607141d1e60990d8aad4e0bb0ceb645ce9ccdfe72d4738cbe1f6a73ed3e070194fa4feca6001c4a853940a227d15c1f1cc153d8c96e90e24805929fb11e0665e0c41c77d5a97fc5903a8b215360e26f6a19922d650f460f7056274ee92 +A = -6715098ab2ba3ea1e6341e89936e3ae913cdd450dc831c8534071f3c362841e47d88f2cd29c0d1239aa0949f3685f12f8519625bbf10b2c7a515e6d00942 +B = 536d4b3e4815ae5ed55bae6950f5a8a61d52439d2800ef1b5ba2285b85ed0f6ec4af9fa0e364a6b14f6f6b8bebce9200467804e787f9f3e9 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 309b3e30f74c58beca8b2c23f64fe1203830db8a7e306e1fa2e2022f0d6d422851da509d1b2936f088f0e35effe12a7463f47ca369bee2f2980bc48dd8e696b2d8c6f35cf55fb8baafc2e613b4c684de26129cf196741aab873f81e498b1e03018a539b5eadffeb5953029f31f8579df7ec0ff3f752491910 +A = -11fec955948e007b59fc50e729941ee9d43d552b9411510b73f6b4faafc0465f261f8381d96f647267f72175883172918b5c866cf1f1ffc43c55f3c96a60c01 +B = -2b3792f39499767e0a8b7a6a406e470a78f97ebb36765beab5fe52e95abf7582736db72a2ebfdb2405e3954c968b350a459ff84ef815dbc5910 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 9143ec3e9f74a8eec476cab17ad8636eaa7c60e108e89ae0702dbdb2b255a217ba2530c6fd52658cd931b962054a9c20c8713976ef3b7989c40611cd25b0a9ad0635d61f6dc95dba6e0c4a7d53ff539b623b97ba3d66344fa324f905abb861c6b1e830c4b0fd5f6a4b01f09c8e1408941291b2285c4625267a108c +A = 7713413d87f1e50840255927ff27bad79e5de5898725a876e4647913158cda9f5fa031dd7fc11d2e8130a0ba99e8706341c1a98d5fee3218763ceb1d131e9cdcc +B = 1384e60753dd4bc20cdabf398525e7c4aa40065255c5058cae0b2ec90a3821bea8de672a712431aef5864eab719ba621cbbd8b46fe86fb31286091 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = c462b3b4a0432890d141c0f46a28190a2e30ebb2e4ba90ed132169cd72316b290dbf5c261984d98e63eea6525fa890bf52185ad7f164cf49f67ca91c2f35511f3bef6eb7f3da31a602a78e4752e326d79dea729f4ca6438f2aa65eff44bc60979b42e44f6a301cb5de8fb42abb47bce5633c6ae9479d39c9e8b507d96161e0fc +A = 17d806d7c76aa8acb051fd9c0c782443f1b1b6387455f7cfb737c41658d0459bda5d13587055eafb87ad8d209bccac1fdc392aeca0774ea48799511c1fb9141cad2f +B = -d7c9b6574354e131de4b8643d766641e98554a03238ebfce1112c3da5f049d6c410a7f05758571aa2625f7190b936a214797570539317b32fb94cfd8 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 16c84ed15ec6352a8ce6d5c2bdc0d9f13b333072fc7041146e944a29391f83e346b8ac0bee6dde98a420ba4f8852801d7c5bea6f1177a6cbf799edf2146f8297013e0e796917cc967786788ff12d9c1d07d9ce4b897bd22a1b8a391d3b4ecaa5b5c85d0a03aea5145db6350c42a964a41ee5f83e7d35e14cf442e5d99ccd0ac8 +A = -6d84cdf18a2f53fe496248fafef183914d55c42267af3dd42a39515e80cf29211fd58454986f5fb6afb56170dd9865d3158249090270bb9af341c830522a4dcabfd494 +B = 6f6f3f74187b7d74dee92f79be864d0a2c56d4bca3283742e9cdf15112c8f4208e3ac8ecc98b44b4ad74b0671afa4aa9e48dc31d34224a1f66bb2b4658a +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 8fb782e4883ccf3aaa2d3e020b08993d580c69ec8fe66ecac152c5babc8aeffafe406736cea492450fe6adc25dfa2e12723a3f9baeb02fc0f785b3db760ed28048e1710a78a2ae0c96b67c109c5034375a512b6fc7906847253f66316baa0ef90facc9ab992235153684d49d6939ab9e91086529494d7386f604ed69aca2f53 +A = -1f745c8f0c8fe6ce3f893d77fb274c61b72b2d9f9c5a2eb2467bc00d1f496d0ad469d76bce318bd64ff1107ee5fcad4469f84d658586a5789c068b0cb9b866d8fdcbcac5f +B = -3a2347b491813252e8ebef1bd181534b074a368d076b8c80bde2e54ec3b4ec99001f43080c7857427e069d99b1b65cff998a141ca6963aa5fad1ee632986ad +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 7c0c1c05ae1d6420bd93596a01aa0153000ecce660a8a14d6fde7d4740719cc495fe6681a9a08163b2dfd51659b3ae7db0fbe09504370bfc695457d7b32665a4df53e879ac817bf715d5bd6ca0e242b1ebacb1ffd6698ec90c442910a92b35ec103b345f9a9e5c7b005f8028da4dde80f36f6f6e5675040d19e46aef06040eb3 +A = 4c09264420a9452c6f0b55baee42c076aae5a73697cc6bbb88b7c922f236ee4c18e477f88e2c40cee03f0bbe87d3ac8dffd75f635315f856a3881c6373e8b9a286c813325d3 +B = 10474ece7ddae5c53c4df5b594439124370932dd94aa5d5b4ddaa233b1a55634fb7d72e33bf1b02965fa9d1538f97e1cdb5ec0477cec8ebaf202aff8533211169 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 481543f1556df756ae2e422ffe35aae020c9bde9e9b1f760b43043a4654de363dc67f381c0df1c3c1b90edb4343c47ffb8345a1aaf5dae56f446fee08a0b9ee8c42fff57143e10846610a9925be96418c4c957b4e92af734b96fd6f21974877dba52a0db1fec4aa97640e357434f95ba74b6b8323cbe17118dc489552844602c +A = 11bccd165d9fa2d8b01a48c0ec549a6e600396cd2023f0240056193ad27e971c604eda8aaed6ff6be8be1001f3dbdc8655f1ae84eceb963938ae7bf428eb5c968f584798c1bd8b +B = -cfb6629ddfc98a242e3290959f4d0726c0b1770b52393bc7488a471a90f7f0951362c03e67f443c9ecf4987f5303a789bf65e0fd59cc5eeb9f5d4f40d3e4a14080c +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 2a770ccfbcb2bad207d0e2dfaeed04b6e7509daef00a1df88e57509451739a8a0f15106ce8b53d280a4b4e09900420714cb6961ebb0e00e88567c5df50d2f2908b4bf8e0a9a5a8b3c6120503c14f16a99297459543c467dcb67915e0a10e19f72ed5b6891a6121b66abaa602818801d3306630bb04ea57e6b31b2c05e368d398 +A = -442c80289bfbf00db06eafbf06109b55f99786a323fc2c6db5686f99094cc24aef50475841243ec3ade2a1e0ff28b4032fd8afb8bb5e28f3b2863bdb9fc8f033adbaeb5f2ab16fe9 +B = 6d43e3c46f4a55d49e78f40d34033a7f5fcbe50873930e7c5452b6b3b176534e6e70033868c85b4d63052964093214dfd0bda6a84e893b1aae3cc72aa83d039e51c014 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = ba0e8c91a86af1001b13deb115c77609a1e7a3736a6b807255aee898e3100f469ef6222be532dedb1b8d3db4b3b55aa4b5da5629c83e9b2bde76bf2f2a4119a5378b5cde000980b3e58595d988ff776f0388fe025625ccf368e20914fa90dc771c826e4a836b2890e82ac2274471d586b4de5dab3278f0e70207562ac6e6493b +A = -14be403d28c8451cac4dc83fbf895a9d2b74f730c39b0fcb33d7258f99211dde31a78f182ad1d27a559031d67d6f2f94a741f141bab80fc692afb452ee2d502099ebd5760ccec7f7ebf +B = -2742dfd02134594edc6d3025aba5ca4a34dfeb43821ad84164510b43be4fb95748f8d0eed7bbcbeca14efe843fb676882784bb36c889be29bdad9270e0956286552119561 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 20c691d6544912fadfd9894cbfd42745991f39a29cbe3a1cdd302bd0487bf70c0179b9579b77f8481bee13ddbe42f32d734b6118af92884c946ea8576f6dec867c1c251c73777cad7c7c76e90da00ae07f96c8d6a751e5b18157dac4468c05d32eb86e74e0e8312bef85905af8193a3f5c799c5875badbc9eb7ead1258e56d7c +A = 7ae9b4d5151b11bb7bd4d1569a6f4804f3b4d77948e0c6300e4f28d51c9a0afed2ae7503e53489edca5359e2b3d0c82a9cef316cd7e1c1275c31fc9c51a8c1e5fdf23935484e467d6460d +B = 1f46f88d39fbedffa8501fa1268bdf3460aa98e12b629da59676e61852a4d3f8c59f72a2fd717fe2faa09639bc651ba516cd39297e0cac67444ec57c0db47c2a4e250033d02c +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = bf21b3cd55c0df8d4d568d00f757b10ef3de782ae71b289cb2b59d36df1341382bdc1825ba13199f2cf279a72968b3bbf5f7e3d13ea9adeb96d81132788231fd988eef04828119dcca21ec1fe844998909cc95a8d01720e883df27f07ef4dc3f09081015dbbdf019b96707c18b0b1db6e689e8f86466a2afea4a9cafc576e10c +A = 1243b14aa3d16a55935f6f8ca49295e35e7f75b03de7192e1e8a479abc0a430e0d340acc05eb9a61a5dcbfe3ce3a4c5c940699f5043e924f282bd21e341edf8b7a6741c6ac72d7587a9e7a60 +B = -bcf08b2153e8ca911096189e35dbdb21b77ce89685484f574c89f1747612f39340bf1b204a23530abb36b2c5e195940b86ef1252d6729393c25d4c73dd434b6dbc3057b05d3f15 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 460539d96c07e72acba5b59c88fe904bf7f1e1648612908444b0b08172d05968b31b43456918b4287dbe01afc3cb4860d9c2fe549a580c989b6507094f6c241eadff910d2603f747f8e289e7a8176ca4a978bba89288a4cf875bf3e03939af966c54e77c28119a39d34a2b7055465f58ef2efe7c82ac547fb675653198e4b504 +A = -5a44cb669c055ba7c28d49f84bf8d12179aa30bbb9db2a48d7a6b09e44dc0e0f7471e3629cd2fb51e5a53346ae025fb49f9591ed1d71bc79daeb3f1254342d8a2b091ae07a758c1555efe59e78 +B = 646cc0f766346aaecbc5147a4488ce157a6d844045b80884eaee9d419087285fa71108b5ab4a05689aacc8d2e3dd0e6714c55eb8f77487a3fc5e56c3c2df0c4acf28a457051118560 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 79b536f4f30f9f7483f90e65e6456ef8072d9a7430405cf8c9377ceea2c676afc338837643436d55ac6af2326ebb362684bccc5092367209822581700d641cb8d331432b761e4c6e22639a27335f45a25ec019d180fc53dfb53d69216d7cfaeaa07db8288adc35b7bbccf2829631c1eebb821e4d3299015c3d462dc17aee5024 +A = -167529b1e8668938ec02a68bf4d76c22dd018c41e19be25e2f821f63c2046085d0af30d8b4212ea0f3f9943be1c14fb2d2a944551107cd2bbf8dda5bf258957325f06277036282977db4575b0deaa +B = -378e1be10a57e03b197bc2b1287d643ba6d89da4bf6a6170816691fb6529c602eced237863ee39659be3729825f032a57eb5de0a87b0894d1a1244523e85b6f50a3d9976dbb038490e46 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 658169197ddd0bfae101c10c3e6a2b10dbb456048e81160b47b197fef439b1e0ed710399cfc80ead8e436f1c0399064f92da50afc335847515686e055fc7bcc0ca721184435955b896b0af4f4d96672ebed2f154538d49fa507b945c0a6ae926793751231980274213c80046666c28ada213a2f87509d1466b8d1b2122e93f8 +A = 49136d37ae8f3da71a6114327833e8aaf3dc8b5a9a27e9d04c953988456e525263f86ba94397321c2093803b789f8db3ed7cdba19c4b796500b979e02952e1625246f8e977e01fccc133f94cb22832c +B = 1dca005663385fc00b4fd58c73adc7589d15ddbcb8cb2fba03a737a320c447a2b21e576ceda73811a31d8277883fd31e22f776bff3261a098ecf8f40f2855b0c723d1265eeafb43f85323e3 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = a49fc8084f3e780537b4038bb769b8db3653a3315298a99c2ede6739a1732a636e9787f2e8b09d0b9bea08fac43cccca71a315e6f4a7d6417d171b4693dbdbee8cd9f95be0847ffd40ff027267125d67b89737e1d0365bef6c4429504d13cd8ddc7810f456d6293c0c57c14a307b94010d79d5c13b92a907f923966fd3c5c8ea +A = 1e7d8de2061cca59d1cc19b356a8fcdf2ccf917e0d81598f014167c5a8de027ccfc8f2cb8c37c396ebaac83ba862c146bb2d551d10ce03de9528f97725804e8a6de57b9d9da811200604c2a032462b6ac1 +B = -e38592f3acd75b575f64ced439d5ef2377d21c61bc70625639b01bf755fa2c6de803ce155744993493debcd4de40860bbfcee86d0b117d7f8c3f8ace68b67cb6fe7a81a145535553896424f7a +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 5a99c8a6afaa97d8e7d84f4899803c7786b1bfd2ecabdbfbb3bbb92247ff91ac213a72f6d23c24699d60babe91a7d9cea751e686c027fa1c954474fa5680f0059118426c71299462b11de5f2817d190599cc4b352df4d2e80605f9ad1e32eb13712d3027a2b6a19d52151e37e7fa057d8fe59dfc8a943a42a1756a38f103a75c +A = -7df29221e6a102e32757c18f87927cdc90ecb012ab0557e0ab855daba832d76ddf595b9c5a62988ca968b64fd5bba2a147a5991810c17cae7edfde38bdbb7e13a1fe5206724c05a9fc9276c8d4e503a860c7 +B = 5c586d1aff7dafea3b8ee42e0e8854712c95385374b5bd1fc8ec41a72b296e070940c4160509a4a1699a678533ff3d12299338fc441b0f01e29a48677bfc5aebc644555285756e97c74e1af6aaa8 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 21fd2d881b6a52332dceea42664aeae1ca110512c13bb33e25ba4ec0f39f80eb73b1fa0834c998c23a2453dbff971eadb183c51a30ba78d593f23be9cb6b2b33a554ef31e4a36e0314fc2ec889f18debb956b89d1bf8172553271bd56d89ed0b30abb70e68abaa2c76f73cd5a3de93433747d09c845b5f8843f9fdf9f6c975c8 +A = -19fe3bdddcf08190a037768b77666de803ca4f7f0d7dbe6aaaf334a486dd0da7ca024d1b3df11e0406b0326595a171be30b04574c1a7d04f4d2ccd334663690fd20e4fd168386280510a00a70c1a11e99483048 +B = -33b2400173c057980b0e0cfabbda1a5cb5b83b7ae80708c199f28142237f04b071c6eeb63d42e80eec04b76152250c9e4d4c4f19a048cb9815dce6e66710fad1d27494db5c31d9af37d2aa779d12d7f +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 1c45cfacf30682a876cfe253f05b393a2cd4dc065ce73126508ce897a99a723cf5145187643ee62d746f6edf70269ddce3c348a1432316286a648ee9ac31ef87feb14f25c42f2dfc2e84bb5bdb4ec0124e249c526c55ff2cd0ae938555c5f86d856eb181572ed01dc045f1ababa52d249e56aba0ecccda905d7d1e64bf89bfe8 +A = 6a40d948eac2fe5bf6db15d7f6b89fdc0712e32d39a881c21859e8f7722391ce05973efc7c40e2c0d7f56c217d8a986bfdb08bf87bc0435873cfe4d01967c46f7d39464bec411d0369f6f5d1d83f42596fa47451d +B = 12529775e8253ba220d890d4912fb95f91e4edb59610e889431208b6bb42b089cf2aaa12ff9ff98c2482e7f4cbf35b22d15fa28aa288217bf766e937a706fe1e600143087b0a67f668cb7b762c9b9f38c0 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 3b3b08e8eda8be3918bf648227eb0d569dd898729d9cd54deb32b1a1dc69cf7b2c4184c8ae9641f0f75950df263a5e236f428ca86244e617b14a04edd0f31c02bd4d84f25bacfcd4a2786825f0361251475eb6c7e99020dfee4298a1f1bc260d4e364a332bc6f651dde7ce5026dbeb0e5aa75ee98874da54c7930108ad28e3a0 +A = 149d36918fffa682cf90c4d3f3d48e6408e7ddcbeb44e78b9cc7fbb08108f65215761a61d79f37ec8f67cc51e0a9b4bcb3834b0ebcf6734985153f29a2778473b80147eddc813b4fbeb98843f5c1ae6cea68f88dbb4c +B = -ca87f66182e271a69c0964eda92a009d438078b584c3eede28ce1a501838c5f497186d305c09922f32ba858fb55f2a0dbfc9cd0f93b789c1f800cf092726d6d33db19e4f26c7dfca69b83925db14544ebfe2 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = b199655160d88b6b4157ada0e5675f82b33b5592408bb57c46e2f7d8791bfccaa51436dc3b772b83e907c20ce7edc2835ce96595b78c0647d244e9bad6f4184e0003eb0899e7a47ba0be888b9bf795eba95e5073a85c4d20416fcd4a8d4e1e16b403deb38845fb8bf9e9264d68807acf02d579e8cd104cf2bd555e6cf73d0450 +A = -70ccbb73e33a7cec30ef2071f3b1f2e008e70fd6d00fe8b7aa4b9146fc6d0549c57d984cd014c7e0a4ed6d33376998b7c2c9778fb9580d8ca4ba795c88612721c153c186740c58df3fa63b6cf7a4de76e049217218c05c +B = 6cf4168d44a8da8e8446b4420466fefbdeeaf9623a40e10b77547687b25f36916f2c18cf6060c03b3b40e0959479f6aad5e44dcff0ba799262ef53e280f4a7f667d262d472b2e573265774deb5ff8f25dc1822b +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 6ff91af444c61d2e2fe8ad73bdc5377d5becd55074eb60f0f98eca3d8f4be8c02f196b3afea12c36f78b78ae6a5ab677ffb7d9c0bd58987cca816affe468c7fb4b56055f5d2326532d6ed1c00ca2d052ecd103994e8929bce04e067082b4ded7e1973566f99c514b4e0d95b9a8a931ef4f6355066940990fead70208a63841f8 +A = -1c924bea12ad6f8b65abd1796e381fee2cfbec15138191bc22d57165928794bb080c83878fa5fd19a5d657b2fa91165459966f50aabf19440f7d75f027b32e999ff4d3f7a7ce878fe0f33a847d644d86ca19713ca9968d97c +B = -3abd4b281b8f25f5957d1f2fde904457d49a3a7eeceada26b454ceb4ae0e879135d376571f08b5038b7b3d73a9a9fecbe265b72375756a715a523ba66737085e5ef7a4ad988155adc93eadd5d95a0faea56914983b +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = b9076229b1a1241e8b4da3fe143ac31d060785be6ac1e841c2fa9683d2bacff2e2b5dbac33f58b0b1718ad2053c37ee55ea54a9d258ddd8930d2784852844d85db24e4721762839a5c73cfe588efedc8932ccfa585e1b5975083919be9e32a86dbdf5cef84d3d4b2ccaf7a006c0cadca1e35fff2da9da7d7e779494d8f85bf4c +A = 75eb0fe6c07559c2b0c7b2acd7d29b5798f6c4cda64a504ebabdf54bdc773ab28b218f0defc040016178958d5561796230b71edf49bbdcbd3f14494859843c8ca7a0f777cb05827f2839f3982832f4f3e3c5e50af17ecebbbc3 +B = 1b8aa718d61447003fdbaa748a9d86befdd2675a677cf34a1be7c81e4577f665d71135a8a243976a4f6ffa1636695567bde522f8fb1948033a7e0941f833d827e957781cb4349a08c6be418befc8959960fd5fc1b288c +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 9df82b7c34ca97a3a5d4efa28d5ed4f35484914dd73af9090c4bb31ea3496ece8ec650f4e7b07dc779c97e597e76e43cdadbfc6e72b61ea718c073be1cd204f8ad2bad0df1e530e75705f3d3dc285e9d793c8d42f04dc20773d3fcda8ef3ac1cb10d33d20a91add0358ab8658f49d2fe51d0d2d72684e31c0eef85e5695bb4b4 +A = 1fc2a171445ee6add5c2e4d29e50b91d83338f8d63c111e4d3e95f16d2a33be02bef24dcc3d6ce6bb8f1ef980dbf8fed409a0232c0566153014eef840aff58ed8c33e8d463d408f93e2f5381a26fdea63676c4e5397eba1d39f928 +B = -bdac7a177c77451104852bb99004ce8e617036906667258d85adcbe8cda21ab7d03aa7dcf62cb210a9db8fc750c7e1ad290b35473be0fd607fcdc686de0b78fd9f258f5b25e2ed43c2ad1a38859f882b9f6b293dc258659 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = bd9f3d2e8a1086b177698f87a9860e3a5f030e04a0bf4ee9436ac55e005bda01ff4ac662cb85d39e98a41c723ae542a83a936c3bd0280c6801ffda080ec0aa4230b45dcd0bc5eb41cfcf272028bce3572847637a92d1543bb2b8408e880f5b776e1cf14fa28d15cfb584f025596ff10c9f091c837a3aa622d9e5c856db8ac207 +A = -7fd5357cbee7c5e31fb62ad03bd47b705b574d915200fc7f1013d836b9cb683db020b152ae9464de6aeb8baf14999ac7025dde6173fae6ade325c60ec310eff6dc4130a8efffb15ddae90d760cb7f76a27d0368175d4a44a22f7f223 +B = 5894a0223e4aafe4efd4572752fbde4952c8b09cdfc35137e7e6ed650f8fdcfce9de673853dbf73730b159b2656047e69377d7c5025a6b346fb08831e64bc8bc34b75765012460d8135a4f7a0f41d768fb85abf17f5e2f5c3f +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 2c61867bca70e8662c7e5435a5aec020faae86fb079b992bf49d8497fc5f96abbd38a6f04f6ca8510e0160e546b3f68b7baef4ef0f404e881771cc12ec5ed3e3787c2d2ad6bb957cc59f8d56f0afb4bea49cb671cb42f4e8a0ee1dfadb6fa14f84a5b3269dd33e20d658ea4cc39499c7a39a4b5650ad7018d32f97954610f676 +A = -1bf5ae15f24c7c14eb59605136a3f679f303cd5b81e4a27465281d17715afdc2c231d7ccbc59f80ad176f4e0326eb757b52e3695e27c6776d7936da47e3a8a904f735b151422029535045ef489e61ec93f02e6d588491c8dad1cc311f52 +B = -3238dcafb85ce557036d19e42e7e7e473de9f9da6f920e18845dd010546868d2652decc94596cd2c36bd16b02c02559892b9f573bf21ab18c3c75591413d046b385d08aa66d849ab8adc9fbf788e837b047a7ce2b9c63f7fbd263 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = c1d04b831b712d0619db462c3f3fb5973f5984e9a48493ff273a5abe17a548e185d751628899e2851e425a7d4b2c72d4d908dc813cd122b8f497e08e299dca9166f19752ff8cd9840a70155ed9e8c063a3840838b3679f96f1cd5f1cbf0e037d222029e02769dce7fdaea0bbb5417f85497d77c76a387c6b970eac15dcd128ba +A = 7aeb60c134e84f289e419b74f99a5ce5b4aed5fc630d5d591ac7643251ad32d6ca7f052fdf8857f67138262d221de644140e9018f7b84879d74883f8f251303f65e06bb52246ec6a912772cb698b47de41c1826ddd065359f6b9f1ccb0cdf +B = 17f81e53d9fa6201e4d3eeebb32267929cd5258d10f053e7c021c4afd17094f8ecf433b1ca752f8740f6d6bd84f801b1b9fd64bc4787b9ae5e5aba0b4318a63dfe27e92d5a3ade192af7563c74c9d6006ae7701240efdd6021a83cf6 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = aef89874854ed34deae1b77286f9cb0e3017e3ae77fe050bb244acf4f30dc03504c73c1a4d44b769709bdb53811a5d0f8a76a08e6a66fc2cc4e98537ad6a8049f02494305b89a49a55e71fcc3f5fc42d6b478456ada9b19ec0a03f5ccfac5538c0040092771660312be5e51996073ff1a506d7460c57d54e10dc2991c028606a +A = 18d3af14bbffbfcabdaabe44074b407d69abdd80a6eaa5954f0e45fac85af7ced1715c78da872f7a8fabaad3207e31f12b7195cdb25abef0a1e54d3b13349d997f207fe130d7985e2033cfec899a0af310c9827749cd22bd062eb0b1faa254de +B = -85a7d9f08a60031e689b0e611d7f7f46e1178eaa2e6459602e738990c77f4d3783ac43fc04d53504cf67fccbeb02f9846756f8e32fa4a9316b6d3b45f644254077bef096a72bcff17ffa17070a4355121cc5daa2f782fc0d0bb48101db +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 14a85edc6297763547702c212b1a8274b8f85d53ef35cd1b01ed51039bbe030d0a1b9626ae2f571a43f1224d723847a1c6708f2238f6f6fd75db6656e6c703a5acb57f69717efe8ed58a3713ba2720d8c001d026d83de0ce5e24b67c41daacedaadfe404aaa9b672f00562e6901fbd0710c4303fec41ee3338100beb36c9b1ed +A = -44414ec207060d105f599b9a66aafecc5b232b55214c1a5e1922f6b59439b3ff77cd3a327bce4f7406871196b90350e6dca9aae147ce03027dc4de7563c734f111d95171f489105de5ca80047cfa43f7e932917b816ba7d41fb95b4106745d700f +B = 45f2cea1b9b75880ac3ec206740cfe0ecceb488c9155cfacf5885a8cb49be78af8cf221ff8de2328f4880479c031f830a3c9eaebfd83f7de501b7c5cde03c4720c56a676d331b2a13c4689a2e34a43fc11f62825b8776e75d31225ca7ff65 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 7670c1e2e141d8f8f5466de8ae2e0ba2eb3eb7634699eab8415d3a37f8df291d00def88361e9fb64a2f116433dac3ac2764fd62f3201dce4e48a3b7019e5465f82241ffda29d5eb0462fde74dea3168f8993ccd4d090b9c31a5a6cd7e05f725bbc89479836b89379b422250ab049f31c860110df5ed69089716877fb0ad7b0dc +A = -15b4a2f808a85a5bd466a342c4853c04ac0ab73f8e53a4a0477f73dfeb8d7a911ab2eb5d3d192b9b084d0e38db491148947c66f838aa5f460c37341b129137614259efa531c0e6ffdf163ec6851737037a5299060418d96da035e6f583e6ba79d0414 +B = -3e94fdf22004384f7881875b1d8f58019ed8afb1b6a31f5d591e77b0998f3100b34174d6f3466da44b4c7fc8b92ccc5679c26c146b704198a65a88554d24291adcf897bd758a035361f671a82972b5962002c6a828792980f86a64547165327f +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 35b49beccd8d2010a8d777c1ff69e28e01a1bb78c6466e717f0a934bb62f9bbcec5ed29f9cd2c14d240a6c33b28c986eb9c8912a4927605532483dcfd31a50876e1819f3d7a0f49bd276ced5c4110470244fca52d2611ed7e31cd8b73e749aa70743b39e92810b3b52320342a65cad3180f6e2966059d15f79e5574348f5f66c +A = 6fd078e3cbcda6a71a710e99204da640edc71a65974fc765999a74ab50a0e4b090d57ed0ee869c8da2cf694b6fab56e87c4af62fbe73eb8890bc066ec3460beba04dac3b8fae7e4f316e8f954c6e8d934e946dfdc9f4cde0f26bb3d40d5c444b03bfc65 +B = 14d8041a3b83468d2f44f150ad8d8d0a1a22035d630f2a17b70d5c3d557d3abc7e4d753e1ebfb3a3ba465520b84746073d211a67e079ec7f47c2cff9c06da69bb5cbafcb6cabe7e0018867c42e07931d6797d4499463e3cf786c6d5d6c8cbd600d8 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 2f6e0fed8a9720fbd83ce950d7545d2c6d5b271582194570424f90309227a51777cac974bca0ad3c1289ceb91cf75af73b0645cc20d71e7789144876b8c1bdd550328d9907accc316189e8ad81310848cddd2dbe362c9398d814a048f93f9368fdbec0f19ab87ad2a59d4066d738c3da3cb71d4716f2cd2336ad35ea1438276c +A = 14bda9e4aac85b0ab7abece728f61450b7779d3b5fb83be813758e742d2ad76597f132aed91e20a75c554f0d61ec4dd118eb733d04942b2548b1efdb4dd22fdb543d9bc1e4bf0574ae2cb2c46fb98cc4835b6a074d6df1a3bc5443beabdc784d542e3349ad +B = -efd765f8ffd72d041ac3244078b8dc4482233e9411b289cbc2cfc26fed2cf28e286835010438ddc9e7021ceb098b10c68bcc4732608ec1f4052df9362176ee14812bbf09ccf7c2882714ecbbf92bbff61c06e9dc35a368208a05dde949fa2cd091ce0 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 1f0c436379f6dff55a59093ff2a0626a9b959e3e3e59365afc33c7a7893f04bca863ec910c446957baa8de4e35a1f4e9c4a776ef41b053f03b775f327eb7e5fbe68bbb478aa4339ae703ee4b573d6931e47e09271d40239d527fe77098a7fbe519f5eda1f26dd6a7d0ee6833efe37187d8a85844690fecf9fdc3a4d80b921130 +A = -51eb34de29ba24d2b1fbeb0a1c324f4ebc69cda2dff971a315c0c2775d988b03ca29891ed0790f3dd507a1d26ead461dade9284613e45df338dd83aebfb66050465d8aee554970b43f7d4e0428e1512289fa1f9b23867b67095c455b66d536b91207b749189c +B = 55259a1122eb7eb611a69118d3d42c2f05dd228d71c0e1e42ae3a8d3d180a95b74150d844e916ac85105805126e4b995f2ed1cd3fcdf28e1fd241dbe3125dfb3e4d90556256eb513a2f7c9b596719c83b26931d92bfd3573560e8bf054138f5d6b9cde72 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = ac321a272d2206df4dcd6ed8ca194a1049c1e3a20bf325fa44809d302170f850721c077bb5d792f86f7ab03ca259567397cc2fa1429771190bb632ac2c92d3fccf6e05e13cd33149994cda5f9c57da155439663f6a13c66f9da553f5038fb92fdba186ed9ca04b8ec87cba4c5a68c8edeedb94e38a6dbe293340dee1a4ecc768 +A = -19ac99d7d51456b00a193b3b04693c7e5436e05763f0154768db078ea5111cfe9eda3451091af213b9c8cc649d341de66c12ab2803ea39655d3d7de182a77355ca444c5d2778f791d39952a7a11839e497f5dfd8a703df49ec4d7628bfc25a992e94a6477e6be39 +B = -286d1d436f113308be594f0f43d7a05120639152b7e2f93058cf602cbdbc016512bfd23f7aa937fb358b7b602d15998ecc150f2b9224c58527c0c1267739e065e24236771e2c683957871637468181e6e896b513569bd004b9845f0f0e4c26a5ca123365e1c +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 3466804a1b7d1af8b6060aa93a4c325d9cadb33ebcc8bd991f9e44cc2cca8918411efeed0f005790d649382ec40278c8cff903cf3db177d24466c58cf6a56ffc14e595c36bfefaa2327d37f616b1466eb702f5c49170598bc361d892e18051b8233dbc5b3fd6832befd9a995bcef3b0f3beda6efaf09f7306ec203172e78264f +A = 6710c19330d3f974fc377e28039e0c0ee0a558621fd67fe724c326537c18c66dc5eec60980e07d401ad5556a05688d2dbe7b271f9d5eda3032bf7cb7c420e7b5d65a195bc037090b6fe83064ac3731624ce2baaaa62a6eb07156ca12ee51d4321988026cff573ede9 +B = 137ca18f47a151363a3e8c52dcf024262ba525ec8852e8e406f460fffc2cf88f1999b17a5821849317fcd84d09c88ebb6eb0340120f113d7ca5fbd91c6a40cd790bce7b422552cc0cfd2a6417add2501db1667f2802e5d0f4df824adbd033a90a155cebfbe0b53 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 6f248a70b2cddd9627b32fbd130f05a604866799365f94d97f1eb582b28192959692a870be7c2614536a8de84cd8c1364a75a3927ef9dddbb8c6c87dbf526f2d3a7916384f2daed96002831173fa4a51863c28b4378f99b1b201010581d5eabd66ad1e328cc4e647bf5e0588bb775e130b4a4d029eeeeb5852c5742862ddbc3e +A = 1f014cdd87cb33ffee623cf454edf2c476e91df279b4f0879637eb6e8e5ccab305186de67585595d34ebc195fb150408c4620cf6c7a0b0d9695ba0e0e1d7552ca7d0be3dd678b1cce2beedd11939891a6804770f1c843e16dc2ea6aa8e4043940c37fd3d950caa122845 +B = -8d8d9dedc80994fc5db04d8c935301e47054250fea9020bde8d5fef01f2307cbf458d5afef5210a369c396287c5eb453637a2d721085af3de0d75a5dfb5dfd22fde3b229d438439af7b296b9e68ffc982efc6c825556c52a735f8be12a214a06c4270824d5268fb6 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = a35ff7e232f047e575b200b9fc4c9253de6ac04c612b8a82c275a951075eace5e7d6664fe8f78301d554cebe7b996c1f4ec3ca59d8d12d7196eb3909223de94c220f0445d24233534af1c93433b05c5924799d2c781fdb88c4537bb8d442e6bf76b2d966827bfb4f40378a3f135103513da056bc0d375b1339561700d15a0227 +A = -58346cc8a9a1e5b8babaed8e7f59415388e0db654ea7cd465d96781c57faae7a8af8e7578e46f3a8de7bd1027188e1cc32fd1c0d60be24fa3289a12cd822a6c9a77dcf8799624856c27ba88fbdb047473274e651760581b44457ed048cf76c166d38bb9b2afd3416ac7e45 +B = 61951a16dc6466a9fabae99df29b7229f1ab96b476092dca1e4f8fc8e7404e2fba56ee66486d1f27f89bb3f86f271307228d7d6cbcff943961e177300b6acec1eeb46af1c5725f745a2d2af0fd9642f57a09c9ce6742114be0aa6e939e638bd5c7a92a7c206b2d36e35 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 90b441d8277eb1ed454964acf567067925881b5db0b446a7d554dc61ae87ff979bfb0e58ca1706123453e62ce31284a5a2db1228d259e27abc7fb5cc5848dbeb9a6808fa1b4afa844ab39b652abc41423c2833e1209a1674db518b6df7ebae315dd7f416df54e73088762ef64cc2cd0a08b1cb01c49d9299d149cbe84145a55c +A = -1ebb693ea7d18e0ff4a9a51124ebb78bfa3a4635b75a6387e9fc745a2325409f927324d1289be8a4f5cf2d5c04adc7ead20564f97e453287f03e5ab59a6133584f970446652d05a131d7d382c47b7cb97580ef6710a532dd4f5a0369dd3db500ae5a3c5efb587cf0cd2638382 +B = -3916ebc4653e7d6e0a4f1e234d765d41e9e948b5acd7ebc73cb595559c1b20b037a3c8da0a7aebfa5fd327bdcc922551cdb8db3fb0a581fa0620ca2d2559ccde3ebc44542b4d80926d061e2a35c08c09547e0cd587c396ff2959ee93ea64b1e6b7e2b624cdf445988e1f42 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 3ac61c3a028f4a2df6645acbd36818a2f76a3229d229ce22471760807585a909727411e8b68bfa4e76adc459409a101a1ce83900d46918e8d0903a163de87c07bbafbd60c7f536a62c59370ea53b6cea4384345343146bbf529334b4201ebdc7585b6e5eee42696400c9be9f496406a4eb51d2fd1b40466224f1752b181774ad +A = 5a16d5fb9047949684b80805e5d962bdb939d0d0368b48517a2a826679c37ee0ded4fa83e657192d9ae84294e450f7e2f2773d1f13395169582cbf95860891b9fdf8f3240a16aadd1198e884f22b2718219d478e2410fd4bb98ea534a3626201959af099fa55488f5390791bcc7 +B = 1f67066dd06ed4a49cb556dc2fce22814754885a7cf6c13915d974b46b0e6269c0fafd688f45ed2deeb026a7cbb772c080dfd577d21ed2c81e50e7537a70dd550eb94fcdf626500040da88c43dabce13c82a93769a9e0ef66a471661292dfd3b3af07169e2dc909e43678400b +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 7087dd62eed6ccffc7e1370cca9444dccc4ff160458941aa9f49dec1a2e9ecce4cf50ac2daf06994c5010cf225cc92238cd60e1aed9edb2befb0fb354ffdde94ef5e8ad0415bc95851d59095a5c4850ec52a74c78eab58309f395d3078dc481feb9d30bcd9f113af7a01611b94d085e32193dec738a64c5fe9bdfbf5dbc98cda +A = 13596eeefbf06e9ead8d883113d8ae6cc3da8b6fa13ab66681db5a9c083ef9e49d905ec19c39b149cc09452eea0446b29cc92d4e865e6f681827336945282fa6b276ef552363229a976c503b822e6e4a9862d3fb30dd0c3627ccb97a7046a6a679050a39166388a9daad5ec5555dbf +B = -a4e574363f2e5982cc087b38110d257019962fc166c2d6e6d396220bb308a8a0dc7d90c5cb2ab85faa19b07ed7dc11eae9bf2abde0a5fed279e77a717b43d35e70fec4e18445e37741262d0b0c20dc4375371d87d839d39934f1dc41122e815f3f37352d04d0cf514738b351f02 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 8495eeee238164082240ae1db1e3c1e36fb6621e6b714c9de914f9de8a587d7106b8dc5214f7c60c0ee231d7441e03cc26462e71adf8e29772ac95d0395722d2756f9f64daa8ed41d7ce824a572d7f9fd419112ae823b5b48b8aaae09fe093e9ed05918c4ec88ab159890910837ad0691849b44be95993682b2da2b124de39ec +A = -403f21e1a7911806747bb78a4f20c4e6572d49c6c4ce071db0c8c91ee985e68a16e60093e4628414b2673d25c9f13c4c43600633af95017e3846512197c9515aaf9953570ce5861620716b3d80eae7de0f033772fba82652484cb3ce7cc189d1fafb14e044e07a88da302547f2e623d8 +B = 689d1b4a968b7c00082ae3a29c8571f826c4630c947a7767fe4a71af43a5de84db9b5baec0980eafd0019e09de1b5c56173ede68c9a6acf260bef3d9a03f4c83a33106c94ca7e1a8615b3553088d1d05a62ddab0f1e5a126df5d960f67e3b92981022e1f0358c7970bb2fd5dce7a7c +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 397df584bcd3b2e1ec7ed89de624e9d104bd6812901e38c5740755ce91bd54155c0b624c590ded199590be5d98bd1ad4acee56a62d05d6b5fdd1ade12f7db8e3eb08c4a5996450cc1204be7ba61b768af0efd563ea478033324731e24fedada1ad6e564238c891494e85ded4feb2165fda22f75bf120856034a9206511885fd5 +A = -19cc480d1e07523bac502872a971d78bb26955c5453386f5d51767150e229daad3ab2dc85e0fa0cf6e72389391fe627fd2d9f263f105508642eae5a095ec4d88545dc9d0a2c436907460e1ea7db174673000eb2e0b60d57163ced261bd0f6cd8ce54133cfa10591f1fd27996353110060cf +B = -39c45512fc7c9620194fb7ad22abea8f6dbff4a137dc4523115ad7e262934143cf1f320892f8c097a400d4099e787ea7041d0d69b6269d191fcdc8ea28340ecacab71058cb39a9c7362c848826b35ab560c27113fe53c497ca452397891c81365b6e7f07f916d47961e50b8c7c5cab38f +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 263ab04c98efac12210beb66b13fec7c260c5b1cbc20cd732a511fb3786b917a617d6622847f4eed70f25982ef5d0b0d13848c62dcf447e3a1d491f4c80e69cec03cd318f6f93134d582210bfa81c1790562053a71091333348c6624d4d793fd6ef971d284a4ebf0be0771efad302015abfaf3edba017907f10ea14a46d9fdc4 +A = 7a354753e39b9ad1c0ad6b65575fc7247487f3ea320fa82d1d333ba8dd5d0ff925331994a6961c9c603be5775ef1842159551f0bfb34920b93d90ca60e6abd514650f77ee8ffff2bac0eecd0fe8ea0fffc6ed0285c9f3c3cfaacf338043975457d62f9c8dda8cce1e99f34529435016fe2ed4 +B = 1a4384f9620567c698ced05870b4dae983d8f0df6aec888353f9dd6ac8ad54340c3ba8346bfa47bac38897f3963fce972f6d55f3407ae03f5c7637be1a34e483e50dcc27148b76ef079f117104162beb191d146ec828ad5c5bde5ee1683a031d554c276d837bf1f2f622cd11baabce10212e +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 91cf4d1899e170bf75dda0d51a6481f79eb94c333b876382c9d04681073e949191223926523f6531f0a45765d7f382221eaa080d7bd05a3c19220ebe18802b15d8009714e8e4e9872223049622ca02040eb041707c7e525f698cc361847c66fe3673a72e4d701466bc374f55fa5437216eb59375c0e2c4f7020149d0118ea72a +A = 12f35c48024e8271e8f9a60a48b5a214bfb6595a837c041b230e6ac87a4c1d4b3f93a2d3a193c750c9857c8627d0f7c454d6c4f224dbf14a865eb83e990b1d9b8bfb729b8d3dedbbe9c95032e4d60676c2baa2aabafa698392590add3b83b521a7a5e7d6f8af207e44ebecd735374acd01ef5822 +B = -8fc18f92c0613d085cf3ee6f586b39b99ecca864bcbe60fffc63c585e5613df68f3534ad46e244916b1f9188507a3692526c9e403b8e93480b0a5a6297f65215f1a5d8e20631a9d559fa1acc15a98c9397761ce18903f393b10444ba51bc92ac44df90d4cf0852da9d75902230c6de6f26dfdb +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 9af562a7b61c6c84c91bf979f32ba5d246d2ee2050f07ec2dd5cb3f9496bd37c3922ecb2b5b17085a13e93ab2dac6022077cc18c621cce3a2d2247e5e89de8692a36f596e5dc7a6969a4f3ff0d1580eed380e6550c6218c1938caa2b7ab401ae6f520063c811088504d60a19da3b5018d640ab8d340f35d1337a2ede8bc64bf0 +A = -63bc10b8fbcb391dea305fe61b404d3bebd035514a812d0e1d38daa3d67f9f1bb8f02d2979270cb9147aa51d66ca73d4b5787e472456a13fbe0d568e92b622439d33ad3c357a56dd26806ebda7b3bb592385ca5dba7e5eb5d85eed0a1746441e8d56e22decdbf8f4296e30d222da5af17c427e832b +B = 57a602bbdefcdd00f42ed1e2cbde2ba858d171804da56b0ac87081424ad1569df1308fee7c9ed349eb496d5409c4c46921f09ff0830bc9f57e920e17df16523598fd90314141955ddb84a1522ff3ebfa812cfeb6670525123476a739f64ebe6a5f1fc805a880f8e5a71b908c483a121b38d05cc2c +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = b395c9f264172a3653af6637e72c4c8e564d1ce68032a5d761bf546e0c4b51b33cb026bb4256fa639ae98e54e5ff7d8921ae411497272b53d97c2c44b5b9ecc5aba43dde201f64f1d033056f19ceb0cbd04decb486a1d07ab1c64fd213d7eb6db9cd11efd743462e137f368acc4ca0b49a7f85587bbb5ede4be1616889e2699d +A = -1e71df5f04001f6468c3a192086bda948aedd19c5da9a5286856f30524238d95b0ae71940f2af123315ab5d2fc61964d3e970d5858b7c1a78d0f2cfd10cba7ba4830a8c19a09b59794ca5d7da32cd8376b5ab06079b51cd9819c0021ea41a9e43aee147befdbb17a92cac7c7767705fdd908bcd291fbb +B = -394c187308320ba1b14d91d75b8ff993dfd57f9c84e8185f12bf9924e046629ffcd7174879f9925bb643988259cbe9dc9277fa83a25012f91159b012f1964aefddd5a94ac6c2a55a22bbae93085dee079f84cea1d53dc4771901db9a3db5a14eb17c25aaf5377e2beaff6276cbce7cee97a9b8f32737 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 6602ce0fb5002eca37e85b60cc871b7b2eed13d38c20a37a6e0886ee4814f3ce2515f8714c67ad81e8c3abf6a00464e6a51b15e55b6c11296ada43cf459e15915026d3260cce8fb796241fc2b0bdd2b65ec04bee3b7ab6626e10597f3b13b43d16c34afd5b43a219917626c88b24c6f8392bde1b2e65a50b7f1a8dc5eb096702 +A = 4855ce75a3d7dbb72a257f6291e9f6ccc158647aeb2f8beb3e8fb32f6f59af1a46617b77440798562d6f58bfe826d3ea7dd28daee8f5162d7d24ae6c24c2deb2669b15898689ca789e2005903f3a94e991e7d3c8f3ae6181029d959bb15e71d7ba94d2dfd3ddd10f6fc49a65798b5f6ffd64682c78b5d91 +B = 15b3e9992aa3f042fd58ff97a8c04aaebf46b75fdc38caa9224394a1805cc26e4311bfb498d5a04d19396e98d11c8810620979362df82b23a115fc1711b57c7a56b8408e2682a2edca36cf9311addfedd2d0889a78cc1ab170d1379245de6f1f6f4db815fea9130463dfe5283f195e6e81486a1d39634aa +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 6a81ccd82f00d829bac186fb38b85097d52afa3ca83a026856bb83f94d6af6f6c6f3141d433f8fc159d11397df8d2f44c769f255cf8148249d8e9fc4f59ec3bc8e804d7d5189e71e20b8d0e540b59a2854ddd7feeebda5a95f17605e8bd5f311a63cc2e4ce23a51229d0a49ca04982c1bff79c201de6cc6150b690c98106a39c +A = 1f1589c9b5ad9d878631cb03c23ea7e94680220856285668838452a63b726e01709588b38e578da8a4845aa5cc2e4723beafa4f81a1a2e463f67d9a3e432de7064ba8bfcb943cd9efb0e5a136649cdcf5e85a667917075804991b997f318752304f4946d69abf161625ed0c03bf9abeb4ef28034f818e2a643 +B = -909dc7fcbd27d0bf7d6a3d0e2937ce725b5cca0acf78c103d633206cb431e2e2c785aea4bfe2042df32417143de76b71d21587112f36d067f878e556b94ef63d59a07d19647593efdba7f3f5324d64c55f93a283a0dafe080167f6576053f9beb326994f4a1d53e18e3f3e770e69450bb70f276d128e48ecc +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 69139f2e10726f83300505d15dcbad5b5f284d1c06789181683b7b8caf35dff063dfa4968c35facf32a3628dcfc19b3fa4c30ba0e030b06773832a2631529fe0c0c402e05a0c4e9446a8b6c22754c70ef540f90d903d83a2e3592169ce6b5edf939ac5ff25b8bd48aa2425321602a9571661a1109e275a3b3039ff0c2f430b18 +A = -5d02cf3969bff8789850ac898c00fcb3ff1fc49a22cb243ad18703bb8fae25f83502bcdd885417fe46e8237fd0b444712c4fdb8f4972dbf9278a83eb305efc7a8210ce55167c069d1c4136a9b66d0c4dfadbf036c079d12aa082fbb42bfb0098006136a61f3da43aba3d3bcf2f5ac2d7884caddd0cfc28681d33 +B = 50b369234d993721288662d83298d99b9052a0a66336a5a31b76dfb20ec2b5be3aa76f78b2c17c63d78402a15aacb585be5c8d2e7083145e316e71e111fd34f5c79363c4591c247b1a94b20ee042d840c42a3001d6c8dc7cc1e1348e0e3ea8c6551f9d24af2dc2d0c38a54ef065ff048b148ce4f11ed2b549c50 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 87de406a6c957e85c759f8ff684023a0f98e93ad4ffcbc6fb0038c7a7ceed2486f15f36555d286338aab3283aef677118f7cc3f88a7ff0ac9fed31da6786ce895c3c08d3edb652bbc9ac2b44c4cd24ad281ca3a8e8e6e4d730f4f0c25487cfc1b2afe222934eca8b1e1572780dcc149422a88eeb1bf31065c929685a0a97ac3a +A = -1878e0497aa1c2942a2e6956957c876dac73c4bdbf42bc92498f29a006bc92f788c24a4624b87324a7c8aedc6b2c0c8a1a442aa91557aed9bf2c02b6664979e8a9a21330dd839f4ba8f84515fa6f7db9287f7c20f31732b98fc09ee7796dc524870dc35851814bc57e1a8ac49d8935fea04bb08b8760df33a98149b +B = -32f4e94bd073cf3f70810d9af7a873996a0510109bc6fdebb855f27dcd012c59507491152d30849d75f95dd868992c6fbbf29b1d899cfd401e9e7f4e0436732cb4cc9e6a6d6b0cb63fb0bee21e422b7f7b7b14dc5d2b6d10447fc4add390fd3c8e7b06f1d9b181adfa8d04459ed051bbdc9666623b00e3871e597be +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = b456ccf9d066dcf4247a21c7f3820e324ac9cf004cecf8dd1f6c3aa40c2a33e24c423e97190fc71bb9fec21d36c5a687065a7877237a2a05e64cabfb3b20bfff0b1f5ef2e9adb7edcd7140d1047b0919a2c770579ab44a08e5ad9f63a06f90ec7d5885b91de5e524b2e187937609b4b81d40a0b33e31a48d7b9868add75286a6 +A = 6c484e3c6b530dcd3644b19fee66c41c7c2c1dbcde574d87ee13cabef9dccbe5b41e25c32c6a56df23f2e87176afd28249e5fcb918723707fca94d7e2c9623a3493d395db802a1b49d550f52c29666f785652fe81afcab00a60a5b50cbf523cd13dfa06d5a5b0809c68ff7264a2cb35b8d52284172c62ee658e8417e6 +B = 1b4fc753d0530bd07094bae09a02b1ea684fb4e8519086b1e2ed9d59af011f61d1b94ffca6f354a5b428417b328bb1e8af3f6c7ac9121dae58de9f1dcbaa9c73a357f408b870e62b0c7db1a72c4c440f2e6fe90b199b9dab29fc23927190d3f2bf8a7ee926a152e64474283695614ad696c85ea547f5f51d02d1b823e3 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 5e7c63276f350f04816a6ed9f98507a78314f1d99081fcd906affa3b8395fb58d029ec657af82e77ef45611bc988095bba9c26f25f8fd404432fecd02398e69635f3315a824d6a98b33eaf6a91f12957a5e80cb48d5b086c795eb3b1e04da5432a7e8be3d683addc586a44b6243ffbb7a979bf9664cc7ec41e75f267d58a7127 +A = 18efe267d4c62576294f4ba44c67a058cdc0bb44c48f4035682b2d6b8a63106081af43d99098ce133f8d7f9cd04d4dd7414f704e32871d43d6e5d73fa9f447873168b43b32d6ad19378d74a967f92ec7629a690d29a62a5a6e734e9ccf5b84857a00d97b9db846b057004b03d88b827dde717fc30e6a5246c752d65dd625 +B = -ebaa580d3eef5361547c692e107439c8391ac0a2d1cec0cd275d0be69133eba8a94bd186ff9a129af3f5a015d5ebd30215643554d7064635dc11ec7a8ed2200fd637b099e534237f0495d2b629abd4c8f84aa1d925d53e98490d02f9fe51bdda08b043f67f0903c0195fcb886c04397d3612e4501ab8c7b7db69f781e169 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 76fcb39f94dd2756e8266c025cebe8e801524a757b976e35ed45e3da3db720061cee9037fdb34776c704ad2059ad8920e400bfbf10eca9bb157eca7750cc31fda06473bd22d4def80189c47ba32e2824c721425f225563df2a2ea1edd090e01c0bf980677db5a5dcad37d21a68e2832d1012586f506480e929b2fd9bb4aaddf0 +A = -75f903ed9bb0b6db8e3be16e797258f6c18f6cb7b16f835f04e3045f7e4974d7a86a63f2ec351c88fadc0635b6dc83a797cdcb5cce1a1674f89e44190991e0930575b19e2aa1512bbbf2ef6f8c3e707b17516756fadb635d8c6bf9caddeba14834b5950a4d1e98bca79a4d15e5fa5fa3c1727d7a49b33d481d32fb14ae4164 +B = 4ccc582c8460f7def2d26167b68788a681c41bdf6dc805dca83127a18bff6f5ebea6db75cd959beb859637b200ccb5c7644d571f436e46a357d027edc9769da226278f7ab947963f7caed1e7e70e572980e960e9764a40c6db67bb526694b084976142471270b2331da563a10427cbbb38e76203d7da5d67487eff701d75188 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 5adef30c67aefea4da3884b8a1d0ce6724492bc76b477f1053621e7d19f3cac15448e9401d34e05ac4b508b9d1db9a8d323cf43722e0af6e3c3b6d463c6007449c3bc3236d156cdf988dfc308a1b4911554ecace52938a7b10f463d14f917ec3d9fddcf6d33081745009c59b58aa22bcd7dd8c3bbd489997d4e0bff5473ab9d5 +A = -174e8e057a1d66e22eff88de26f43fde1c8efe5611f6ba4f318f027f5a5818df02ec3f014dfedcdfc8c143c5005c3c5098d409710967c93474f5854c1113fe4030e6682bd56d389ca8b9a4587b8b9262d146bc92fcd81d75c3bfa4281898f394f45d5dd11cd4c7344ee7a933ee346bdaeb6f5188967c388b919a0ce6730c0bbdb +B = -22702bcc4f9d5bc6f803af6af8072780ff7de7a346d6b9293ca751d6ee3a81493fa86738c44cf2b7be4bf14a55a4f8179c35c09dcb1485f4c08ec5e9f9b1efa91f4b5f15a31a46e1ed71cd934ba6bd271bb22bb5703aa468d297f360ecbb48f9fd6c572683e83ebc3d432203347dc62e19fa06f93e087283347950829d4256bf5f +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 5c2f67b1607776c10fe2c30b112e541c4d8229f5f99f615fa02cf715d3f20556a28eff5c233c58994e9c6c1fcc37b3416b0875b9a62fa5a09a4b8f9e216487203b387ff97fad1f39f674ab19c5e34cb2f162e6b0b0b0084f0618e64928423b73b189c744e3de9fa50d66f45975f68b14866cc16c8c6c722a54420adf027880aa +A = 67056e93b69e8a7b789f1f8b835d9c6ecb7762f844d656b26df9844a60bfbe0d55684f61debeed31a24ef4246485e8a1d43d49eaf97ed9e7b9f2d2916a8d85b8c9e8ad5575cf5a3fea42392e5d1dfb23f7ad41a7b56a4f21e2828aab38a602d560c99783a4f807120292ceae366b1fbfb4be8e5d4561bc8944e7f17ebbcb0fb6296 +B = 1f874f244ed6cff9f910ba9a58db0dc0a7435e8d99ba6412e976b8f64d4106d3c5c57ba079384fced1c261aaa538e131734451fe84fd3cc5cc8b3ab46b2031f888d95084cd3a35a61092672a9118eee4ed1a0df0409e3613b3ef45a8b16b71ec892755dc3f83c5492b67fb9a143ee6102d053078f4875636b20b536d5cf851768cf73 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 7850019c6712f18eab877faa8489daba23cf34b512a3193852508185b13cd5a2e9f503fe8d61b74b5d3930021a5b8c38322aae9b9b1b4814fa4c2c5bc409b58f11fc8fd7854b17baa94a6bff5f234832f9468d90d148fa2bfed774ac03f2dab6a506a70db4ce363f932adcae202f04fdcae968f632dd674416c23d4e21345ef2 +A = 1e378a0f27e6259763890d29e112e3d8d2bdeb9994c49fb67ab680b6e71a52fa0a7db886d3baf52f36d943b5430ae8bcd82e229f4197239c35678eed254c5816722b995e9c311be942f8124e2f80c1e59658433a57f346adfcdb83202e55457308161d2f928b60efc39538a6469f90f1a868cf6077568c8241623896ddc2705cf04e4f +B = -f4ee37e39d4cadb692bab5483ceaf0258b068f2c0354c540438803780c983469ea28324ce7e209c3bf55b91f0a2f4544bf318585e4514333eafb9b8c2f02170c620e9b5280a828ce1d8dfc64ae9c28577e15071825a85a59656c5b47d9a382af6b78a5b3dab1078dd647e0b473174b8415d401543d30a4018cc3eddbfa546d0fad9cbb2 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 4c8f8b671443a3af5ef5749885ce5de8e2afeadef9051bc49c0d7e72922d049b1accdb79d82288e472b07578e8b6d2176d6cbdd7f0caab593dc0fd9224a94920235410501fddd6001b62a7f7d8eceaa7a8e4c0de52029fae68656e8120972b5cc1c2e909c2742e836f2fecfa51e12e4f8a2ec7e69eab061c81785374ac607fbe +A = -5769eae759dd6bf94468eae94189d3396886d4569b0ce264c22d39b623be3abb01bd5008b9fc86701a3373f7764118becadcc69481cbb134c20f669cefeb376dfc489dd4ee91cb333d06afa391dd322abe2b3b715d11ee372666473a473e29dd90fcc97e939049b455be52b3f288db306999019c1177ab5820d94859a9d2f050b7ee1d4a +B = 44adcaf1e2afbfddae19b23cfc0f0ba1f940d32945d0b541db23f3a0a9d06fb1f67ade9a8e620bd96f4005ced99430c7a55eb7e93a701c829fd5b9e55dbb4d3833afbcaa0d9c946916b1a86af4a6393b1155c6439b8b82260e09ccf0ce5d1c4856f4d524983e4b0fa123267694a1c6118beb8be26113a02721a02d7b0ccb01ec6e9c0f9e19 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 51e25767b8d4d7b2b0c2652d9ca6bfdbfea06acba543b1bc8d3d25b2fe5f2998febe1a6e742abc3f482b4267854c2223a5918a9b5c84e0864278283bcb5bace0c046db1d0240443404fb62d70ebff3ccc655e5f5977958df4c878d9859a69731744f3d33978ac31551487270bb4fb56ccbf59402ef9fee42cbc329420180de08 +A = -1966812979042198f70b3f1238c93ac5c6e5749f1108c2bba869b1dac7680f910e56318c9b59be9212e713a348767ba6e75917fb599e929ea2144880d18d4fbda4f4663c7abb49b02245169f385e09098a4e01b56dadfca8c803acb7cc244f3c98bc17440ab2afce318476b80e1d0b4ed9a8d6f2a0be64633f8faad5eb48de2681a38a633ec +B = -2e4f5eb92fc34c753c61dcc826abab6fc4f427c6ac7e73ffdf65b1037464b2a9a0b0290e713d81ab57c0e1dc30e76fdf96046fe10a34cc4511398319ee34bcaf73763a9042fcacf59a100c43d3333ffb3743048e8df0dc61fd0da3f935fadf882ffdfa9f0f42980c1af6edfdf161c4b16087e2b14277f655abe54582de79c51193e13169b55e6 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 33539b5f38a9943b15801d449adabe02da6e21651d96acd9aa40e866bf65015fa40178399254e8af6bb082d021e2a05da0f45b699d193b70112e114f0d25287476dc0c733c5cf9df57667ad0d3ffc4ea2f85b43cd10459cdca9465b0974e578c00a6e275e0b97ef2a4c9886aab7b5947b78a88f84a3f1d8c5f26bd07bcc59886 +A = 531b891fe9e8db322cec59a2115574c7a304c423e6b11516906b840542b2c608785e2c18033262ab9cf68f63edb40ad4f073ce8841db602cf8fae0a6771d741c6392976c9b333ecfcd0c8e9997da40616ae2a9e0c6be93fdc7af0dc0668ded1e42a9f729c70f74500ee76a91d3d993c075c2f645b35792a20edf17c157459e35c0a48da6c4c6f +B = 1a6fdbfed1054a0c5758f92f72db7e5737b0740c4d8c3ae4713366ef6709b21eaecb6b74c92541a9a0c99ae18ac6ef7de79d4c84ce39ad59cea9c203734a99bbb895916275e8778cfcf7fbb7b7d081a677769e4ab96bc7bcf23303100e629fa8e07f5b8fc2e39c7b5724c72907eaad09d3088783b3118e57c9c8ad1799b43a13f73864c5602c478a +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 2eab6018361f557ab06725ad90f6886d4b468ab1a193f8fdcfb4ad15fff781c8681329a27aeb5f03a81d7c404b8017b12fe23165e941ea767c733513a07e921aedf20596763f6f977316e37bed70f6a617e5c2757c229c59b3d7b1fe8755b5f65f7f407f13634aca7c8a267e661ae2f77fc5a95f56cd6c8458119df587478b1b +A = 1cc779145b2b7bf9ef4c9692845e162329940f96eb43e04db8728bfe736698082aae6b6a1b3c32867c293b08547a0941cf4059d2d567840ab6ea526e3724ad59e715a3782ca656cbb739dfdf0c113a18f0dd62423d4edb60057fcaedbb852178d38f1b5a232842b4fc645cbfd97a8cac0b094b870064302dcdf23df2c9e9f736d93409cbb8ce9ab3 +B = -cbba16086b51bd83d3460e51cf193ebc79b826e4f30978274eac3b2dcb04e9d7b56a1449b7cb128bbfeff5c4720bae45271fcc64085d3ee501f0f21fe73cb7db5f275d88be55c339f9180ea21a8cf3755a875331931b75d23f57c2030c89c6f9c1ead431cb4dbd4480564c83f8470610e5673c7eb6c0fe7351ffd7ee460df5db7872c67041aff0227f +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 96fd93535728b961b4167be8b304e570cc34e787c12a9a5d76e099b336ed6b837cfc246c5bceb04b0f4744c5da7071fc01d70e342509473e5bd7c60d6046c9b4f21c5ee71c4e678447f837db3a7694fc3936ca733efdb7d387f0f6e263b3ac0b89054a826da9716691c9d580ad38d701d08ca090b6c59be466e1b9833e75d820 +A = -6791fd686f46c3773fc8d7f4753d178a93f6fa4941f4305d9689c2a305bc67840bbef80ff05c7bc6de3a595f73846609327d28540cd705f5aa94a3ae5915ef55304c37c4c43a4b46906889331ee16585629bb303673d439de9c0236f708fd19a977e6e1032e0576a921853f7dd328979ad1f1aa945905dae93a82b3af9451a541f544c18ed2546b66e +B = 6ae062b39c77bebc2fef05743e6d35e14a31c6fe1fdc42d8de2db94ce70a6d60d66263c7414b1081ef2fa6ab511b361b8baa9c71ec628dba5bfd772c440baefc2fbed68d40897878232d9715c4b7e7c9bdd41cfe7b6986d825f68be8cc16d04afb0cf593f3028f3dcd91bc94923f3d7211aa5f0f12d3270e8df8bc191808f0e266c4fce2af97ac7ce06b0 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 949ea5f645ffe5d0d03359d51a663c7dd6e6013812a47be309575e036503126f48677c68c4ef6e7b3f72d76657fa282ad5881263e649b5297da82e24298300d032af3f5e8309ac7eb597b16e257a6f7af3476a264415aa7783433e83be57ffb3fdb404a9ddc3527d6a9c297f8cb7b6674961b3af837ebb65f218147a46c39cba +A = -10f59ba073126d92a201529a5374500612bc59a9e66322c6706b422d35a4f82d97e668b268f5527b4641c6099c80bcea504234f3c1e3fd29eba0f161da97c50aea542becba499f29d4ba5571873d4dd9eb3f48cb26fa6c929a704fe8e49791b2ca3293c2428d9cb453263935c9c90a4a2b39d23a0baa12535845f907d42b729033a0a1e74d18da30a88ed +B = -34fdf9ae6760d4f434d09ce2a7760ca2dda14bc256015809745524dc49d841b07102aefe5a1d0182e3e09d4d45b415e46f653185742b9b8ea6960160752080e5c9577a12182ccf1a293407b534ea8ddd33ad16cd19ba537d8db5b542f86a2a292423d452bf18d82361240a7efa831518184572c5a8b73b108a81d5036b3b530d98bd47c7fb2123418f12e05e +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 9ab739ddae55a0d71b39974628d4601122ba6c5035c3ad0439691317f23dc33c0014f3e870a105e4dc1432ec79693bac658433b21cfc218ed411e003990b94ebfa87767f3614ec19f5bc30704adcaf85a9d3d15ea764c8f0bbd52ff388659637746d39859398c79016ace8c6f97d3a5616711a235b85f334fb889b9280ccbea1 +A = 76b15a0aa0f59ec804a5e9a627e1fed524320b29120b6789f8e71b1ac4e00a9a8c826919035b84f87d291e2f35460bee181342136dd9eaeb99ed00c6328b8e44c49ede3921d6275f6e7f03de179fb2374ae2fa6c58852fbb2649e214691daef945ead6c8bd5a53ad2b130e9eab6ad046ddd6b80874ca6515322bc171ee32749333669de0d9c883058423579 +B = 1fe2171056ed4585a143b6b2bb5f44047664f64d710dfc05c18be5840ef9426ef05b6e92e4ecb5544ee4622e9030153dd9827f2f01ef38e62b88ecd6c46b4457d16644ef6d863c226acfd6928a40de614a5853137124fe69127a7f05463eaa49bc742d8f7be300d06b302dfb0ba86801119bcdc01b516afa360aa8b22b7c6c1839cff859ca1bf26e3f7e030512d +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 5631048ffdb2767aa04d59d8a5750016b38b983a2d53743ba4de5d93bcfc8ec30183a84bb1e290ef9c72c7ad357728acecfc613a6f9b3d712456d545ed54a337930937f4589fe41e66ee930db3dc10a4fe41481008c69eced65b9d1c46b8574c5ac8f7d94025d8fff00ced17a5e17508527681bf94c2dedd51502a2c4652538c +A = 1aca12b1933f25ea081e12ff4a4f6f9ce379f96d976da2ff7b8eb8ad791fabe31c1148fdec22dfd67828e540c955a1e13f40c5b125e1c7e6bd839bfa84e5bfb58bfed76058c6db77af7a34ffd25fabd60e19f65e1faeeea6371d7785f2e5bddc8650a7492e06691d61f997483661eeff54a30656f1daacf31182486bc40647975151fc05d2f64b50e632f5d5c4 +B = -88ed894287043e7e5cd2eda3c1e5c97f85809f7a246b0c20891fa9a024f3aba4ec1f3d112580fe6ba6b0bdcaa1325ac7ec9508aa88c187af08e4f37631eb6cc97e4481b18f747ce6d35ff355e425a4833834ffb8d34a818bdb015fb818ac9f58feb87020234243aff912da5590ea3f6cba74f1a9fc3ffa2b4aeea25479c55a3b572621e75d86d8c8f6ee4f587e0f5 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 6ce341aa4a571cd5bc110dd436acaa09f409661967de0bd096c77c60db58b2b0ec95cda50acd7fa20ea4266b2c579eeb6ac214a75d40abbb70845db74c4d6c93f8c545add269d45fb15d985e7e630d0425565d06dad4a3ff9835411e51fdd9780c24f466dbf29244cd1b8c3445af181d0928db399bbc8632f7ebcb9d48c0b754 +A = -52c53999b02a92d6254557203cb31a21dcb896495d1f29f3277d19129ee43e521ab9d5a297204a844a9537d63b74686eceba72ea2e7b98ee8895513395cf7c44c99348f5c4eb657874a8115f0027d6a416b8a04a1ec0e6809b7701ee7d41e99996e307bee9c295ab3df1faf674e0067d0ab3bec4da998580203e33760870ae472a3045bbd66e352b8f4d284efc00 +B = 4329d110504caeb71ce0453b0706ff675f646e70a6bd9575791a38f672eff226f4958f8b1fe4123c0001d8f8595d8030d0e9798232942725a9b9d654ecf50546adfba7103fed796b455ffbb4c153e70f941bef7953c8a210d6f2f4ddf5d9a79d9938503ae8f24d69d5d7df1c988630ed960e12dd877bb80a1ab0bcf6db67e0c0578fc0c40408f72b19052534da8d31ed +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 4b9fc1e0eb4be199427c48bbe1b53948d0135bc1965b8aa5421a4ec704b13cf934c650405ba02ad611b0f29d46d82d4a1fc5a84651a29364524e37be2fc7001cbd3c792aa477802999841ff19620cf66dd2453c9b05aac349b9094d43b40e358f32805d87cea3cfa98e05240ff95ec57d88e0a12917628ebd34946eb1ad6799a +A = -15a223b691d8b3696306b0ccdb52c1d62c7c2d1ac71e5f07cd8fba960417b42fb5ebed5eb9469be67f231b5254bb0fcfadf5ac5d2906769e8bf8292f0442986cabd88805a162c0c1f60f9ff0bcc2029ce33452d05f754375c0bd147fba745bf8a0008792d4f90d0e0f2cf391f2d7865705544f4a220ded44732321473c0ae7870394d4e625df11bd0923340cb70b995 +B = -340e5ccd644849d982bdd455ddb3b9a23ca14e168bb87256bcc370ffb6b7fe78fd062b3bcc1ad3c8c3b8cb549f2baaf1b7f0f6522aba02fd35b651f7de52b3aa2e0e40352bfd6ed0f84a2bbc3b3a396dc8512ca1db01cc69611925f1037794c82a418f10e0d994f458d1f19051e8bea32b90ce744d46718f42e711c094ad0a1ee96c88920188078f1b044ccf307e4cad7de +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 31c090e5160faff9a136a7a482b42a43ae3c7d00c215cbdad28804be0e7b12b0b3af820c1350b1622a22c8875f24d48ff16231c826d1a946c66f70aef92d4e6582e3ce9213d907267251ac74fa3cca9f1c8fd53fe9898aec19936a2b797fc345d68f0791cc740199be39c05053d5591d874b415e62653b04a3f41e263d00f230 +A = 5419e87e50b28b6d24927934b541d8de548a8f4ec7e9b00aadb6d23f2d33406177d3fc72d29ad2c2e141ab2916adfd30ec4791c626af61d8d192276d632aaf3b54e2ffe83b44f6f1ac441e6823b6b58cc08fd7a0af945a02eabb5aebb2c7ff0622a17b38077cd0cba906ce23e71ac7f4da40ef6066565b4cb3a62ebda28f3629eaa251dbd9979b123a5447ea20331723e +B = 184782ba4daf429cbd13ac13fe93fe5833f09915cbbc707feca3293e505ce9cf0b4b12ffc8b178e0a4617f809be53d4895a4182e7a8a65043361e654befe8b01429ba4b7420193d1d7d90930ee19cee0316f33a5795335f5fa517e1ffbc99b95101b0f936353afd3bcfec34851ebff1ef02fea991a01b587d28640c935ec91496d1aa3ab8d38a6ac75b3a4198ed27b9019bb3e +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 5eb9f3ca660de481968a3c7321281f22fb9273b16fc10d8eff1fe34842364dabcfaee4993c1c8ddb7c8d6e509a8d2afc005075d5fd3c4471f0622753c7797aea900e785ceef905e2606f64f34e47239c40b74f07e2ca70bd5a18cb0a88780489f3e98232221f65ac9c5ce703a256b7b75eb1dd38778d8bc05a37ac9ad8d36b35 +A = 1c73d8e3d5db127a81477a5c4c6d61ac62af446981773ca15a9a01fd5175a2826a8763f91d68df28ee606e8ffc203305875a238d2095345556f12f3b5e10c5bb6ce3f90342ac74b9ac057195c863c4b9d28ca1d958a98649c7f8897bc6abbc39becae963f61b33bab4fd20d9d0e5464f21c2cdf06d00f597dfde45dc5919f5124f26888b12d72cbd2f57de3f2de7c014f891 +B = -e406fb60e35f0abdd313b8431f4cc89fbb034daf71fae0cc727e9a93cdfde53566fc74e48f4cc2111fad158c63293bca0b21b98416381b81d2443d0e91647679481cd6b6869b37112d3b6e575eea7fbb5bdea422558d817b49ac36a829926553202cf9dcef09423c085d26176a89be741ae20a434ea461def090dbffaf2e2ef97bbd4ec779041ed69ec07d125c7b85a2d215bb0f +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = acf9d363fc9b76ecf7e61c33270031340e66595e559dd1c9dd4d2243819b660183521a4124558fd4b216dcf5c52c4127fe517c48cef428b9ee0f1bebabab487c968a80b9815e82c12e807c096974ea3893a8d5597f745365c352a6bc6ce92479176092f02907538c5e784bf26dcde7672338f402753b08de8aa21b9480df6955 +A = -7c03ba6e3939ebbeabd35cca277eecaec31f326ab75f1a29e05af50c4e62e0175d4d6a57acab87cf1fa3a51791e9a2b2d4d5db570ec3941263902b0c74544c323c106557cd5139d2a25f3c3ef81ca009d4e3c16f1abf6e2b5196df1b30def46d61eccdcb3741a6dfc8e8c5e6db68ec29c82b0adf6e35ce7aacef8da806b3b58bfa489d319869b20768f8eebb604a9624d048f9 +B = 4e021959da96ebeaad17f9896ed53010d80ed3fd4c3a826a266e82b80ad81b3032303e7c0e58034a652b8aac00c08d42a530039de60d74ad349438f5ecca1256342ded6f30e3bd2aad5bf2b49124cb27f45f697e157550dbbb37f5aef0f04839aaf1ba43bf1e77a1529818d0fa91d940904eda6b748e5c86cd1b37592542c43b7b4afe2b8926fef6dc01784fa431d43900edef27f8b +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 24124c69aaabec7a7b4e7a82245f6cb14b199852a8b314a7b8d9049cb66096d5ac93ac75eb58a2004de8b0fc8375638c0878fb6a45be8bfbcc292e3571df1bb8d6e346d5595fa395fef983a365e4e868154fb3e337d47771419e7f1dd5e4220900c564d7cbe8e7792ab288f99d265aeb296c5ebfdaf08b88d9b30ac660cc3ff8 +A = -167c959417e9566c93e7e05d2a410f4850e3a313e516ec958c3d2fbdecbf58072d05691c68981e176a867d7467091dfeca11f695f750c8c44ebc4d08e39e679d96c4791ceb1ea3b89fa3ce26f7ef214c5368c03ba694f7ae592bcd8ae53a66cb3eb1e0cd3c105faae6eb7e7a8fbc88248be722406f2d35e46c751b5ceabd992091eeba15191ccf6dd61a7ee0c624d43b188c42b6a +B = -343940f3b2a5f73a51d6f609e8af306f44ce7b5c2e79edf6f4dfc07866dc5c4b2e0ba48099b5503af87762a44ae451d166f8914ba25b3cc41a766583bf73d27e40784064582fd9fe952fc00e9aa2d4e4f1ef35818978e725e69c1bcf267fda4d635d1d292d54d3ad10bae9763dc5d7f7226f371184465695f2d384d749fe07967a1bb64df22f294ed88b13600c7068d881f713cb8e3ce6 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 50cac148215963e58cf6d2ebc36fa518c63a0ab8fb136ab84c9657fee459043ee9f42aafec89e8ba5fd1cc5c4495a41e80590ce197e12c087ff7e6ea88ed798735f55a1634562b82f8514488ada526e5dc10700058980885000e266cad55948d1e080f6343f84b12a3698d9ad5427fad4017d931df77ed2e45e2fb8380b7fa39 +A = 6a9833d768a22ea46aab1a1619f30283a1ec254a2de5652981d73146aabe31041ed04d271c6f2e5e2d090cd615518a06563a94ee2b12cf9f142de3f15599998a712974d0ce9b122a2aa65bf8750f54c6324f12e321a888154330f0f9e1e5b7999acd70d4e6da95c2df1da2d19544b7abd2bd3041e3228c7cdba44f7d1cbfbcf968f8fe87fab523eede0485efaf5cc9e56095cec8983 +B = 11e782e2b3f469b1e3d14ccd1b8301ffcde7e371f6e9afc99af5809110c6d70e1cca5c0bbfeb95fc3ef8352581c11ba75c0f8c445ce2aea903769a24289581c95ae5ebd9553fee61a30d155bf6011278807833eb2ce7ee2a98fececa23fabaaa259409e88e3c4f4eb1e04176d44878ad3f6961e0615ade2fe86b6eb02adeaa7c9019d63231a28f84b7dcc8bb0e71e2a717db09301e1dca20f +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 7cd49d72bcf5ff4fa2c686f21e1f0146c4f24b9ad2e900dca1c0a5d2fac5047509064e65ac582946b251a3f04850c9abd8b80c92af0fb11ac13debdae8b94927f1de0e4bb217e78f5d04897c6a0762667d3d883cb754dc610442c9dbd44228a7ae4f14fca145550d813655befe3bfeb52f1c76f989ea8a1dd9c10fbc7e9d6574 +A = 109fe33568598972063279b71ba0efdc2e03f770cdec331428fb8ca084c9b20d0fdb5cf9ad7ce90c8cb8f0fef10d219d7dfcc6b4599440db8cff9971da7852880bf004266886eced8763b3569720df3a1fb0dde2717ce0183f2250034871146628430f206c12f5fd87574c206b203d90c0f2c705cad3484c73da8bf4e9f7e1bd433a6f7fd27df63079d30c490aed7161bc594eefad4bc0 +B = -b95da952cabdebe0194b7fba519768e1b56149353cd12023b97397b59e0d7f4dd1d27b65b833948f58e66d3f6928cc3140cced835dbd612cc82a7e9fae1621986f71ddb6707ad57926b03e87e165d30fb145795a70627975bbf9d9ac9bce07492de5227c666663cc28b3e70b19dbaba7f16849535ce5fd61e91cd2875e0a534a10c60d21f919d566a3469d108a35ec3f023210efd5d318c7210 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 98a89cb3c9602fe503c32c44609bd4487b6c8323737b3376dafacc3eff96efcce7a31f1b61ee6799dc9561e77ac058fe5195cc013e72a2864f7e492d9f35244b321d46270a582f6f14f15fa8203d392e81b183a1d64d48b51d70e38d49c93869ffb9d7509f15ccde547d2d9c4dccd50eba49190b6e831a9f4f9000a95dc83f3c +A = -67d7fc8f1766c40bd476cdb65d4dd161c3d4c2c5860a0c559f0e87ada213c9ed33308c36bb1c7d615fa69ec53656bbae6b57181a0134af23ea2a75f8fed3290a2f483392a3745fb57adf2121738c84f6d34325121a702c8ccac0090ea27fe9a5ebb6ba9d4f397e4a7e3151850b3d7d25643398bd3e4c1da081471389799245d986cab825a2e6ca72b38ff978a2753c835299ab4597bc65fc +B = 676ddc4d18960817ff8fd2adffaa68c87d234d62d445d6ba3847ded849356d929d9e4ff01f517d7b1c0778bf90f475923517d855956f17ece1e032e2fd474d2133d6b8a591995454d8b587cb4f6fdd0fa29305f146d340cbe6b6efd28a926c73735621be0c5decb792083b3f063a43dd9f635e03f78c1bb56389a5cc993c8f36134d755a324d4fccc2ac3bafa270df67db0a4ee6ea4497aa33b5a8 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 76c31404854006a7d55554762094df6e11e0393f5b0451d85de2e5b104432df72023a35f44da10dbde01cebf77b8f9d3ad582373c5d32232564729af0d03c5450e439045d96a2f0a38871c922af2bd38c545d219adce0ec80fccd121d6a733bac09253604a8a0b1ecf0f24e44b818ab9e9974181cef10e9eb17684c57d72257c +A = -134e8784878a8f3cf49ccb952075f9f9bcd24a20f8883955f262867045c11a9c566abee00638927e5de924872fb98f6376e321ebf3f567db6cfeede62e04f839617d78b7c9d3487b60a0d3897b3fa49b14c12511d04854bde4a9dbe5f31424a3d05cb75d23b46f6c0819536020880afa5a2c173f6881754b56f82a2864c99c820156f96b5cc4665d603597331d98d90a52f4a30c6215ee5eaa2 +B = -3c5c0d35de5fb21c84d2db228829f43b31132b582556b92b495f59df502a6d00584bb5bacd9b8c1a8c7eab91db0ea24b40f07e62a712842d5c2e1d208a6412a068cd5c6394d715260b67fbc03e3ae7eb4862f74f4d7484f747774fff03830c65fe022d579adb6737f6dfe297db750e6a58d1004e7e2716838befc2ea97179ecd53b7f36e3540e1c3a0f3e044bfe2d0efa9b89d2d308cbd0bd88ab3706 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 5b704b3181e5d0494937b4d6aa8172eea82919fd1d884493197a6a85ff047a7bcd5dcf072bdcef0287be20d4ac49918d1df550d184f86d7220f0a84fc4da3ad05e131c443fb529df01fec9fe4fa6fa2f36e791f9e16b4092759016d2f9b1ae7c3d071c57edf26386aaead767a3109c12a5004c7b9fa595e6d592daaa2dd1df04 +A = 48a0ccd2d14e14e2aa862d306501efe5de239e8ef36ff6251c861a0aee9f739411f402491bd99aebacdc26c4f30306f9137ffe4579c2f13efa81b979ddfffcd23675ac6307c0aa3ba8ee77a2e3a3c8e241bd2ade6484e6ead32ce8d752fb3584d14688f223758c5cb8705cea9c56136b219d87f9904bb56be2ea1c9a035df33455206e6b7972cba32ca4c3db41991117d88da3521780fe65c4023 +B = 160120a35ae3edac3edbede9ff1c6f317d95481227d87785b7ee46cfb80fac9973e418244884caca3211a3f6cd3bb419cf70fbc22d82ba5ab98ad80e1f6c2cda753aaf7be78613ef25577107a47ad1ee3c3645db85c4d29bd77900e99e1f439cb23c6c68662c05322f94feffcd9e37d8665cde984387093a043447de590e7874e6acfa37ed302040df4d5c3dcdf9fed91b3d17ab5c141d4494d0f301b508 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 448c3a64958b82ccaaed3c74706ce0a48c5e059c3610cc03a6b5a03a7de5d4f1d1e4b08a31478fa8edd58401f0171697f0662146ce2b371e335d695f9e4a671255f29fc0b9b7d1b2eca4cc7f8357aa0920b5942e31bcfae84e909828fbe5d02251ddf10dbe4c15351f675e96e2eae6d044da1f0858ce8ba9b7aa146850b85d93 +A = 1b2a52aefe44170376df29d17ae2dc1501c9c296f72f271c21f53db71247e72c3eb2b780190c45343bcc8f548507559ced3bd4a6fb13f9174dbddf965b9c4a56c3d88727736d78be9db2268cd02382e50c6fa28ddaf8eab9f44ad45d5882a5100b3027c150a7f3bb36f29d24a76e40f3820ba116d645800459f06c20679321cf5be72450879462f0eac99ab6ff8d26b464cd0e6d78621c9263394c15 +B = -b7d9bd08d7d8e0e9596851b7e03c78973a502afcc7b5fe5b0db6034ebb8a11df1ef7ed0ae1371eb4111cefd61c61935d768be3e3755e481daced219874cdf0d07a76e7144be626cf1fc21c8a0e9db4389ee213193775e95d4d86741d8d8fc820c239b7a90937000dc3e89b2fcd61b44e1c38c655bb3d31aa7e422b4406c9e4a88e6a2c18ec7c048f4a6b5b270c90d9fb378f64be3b5b351621db48a6c18625 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 2192157490ae044a26c23eea6da51d3a3dd08c7fb67a9beb76d37ee24ac0089863aa7f00849b81bab8259f3a0e1bc744d841e07aa413c286e4bef2ff3356bdbecee756026915894584b4fcef7e49da4012cd9fcb5dbe3f3b867cb6a7ee959a328b0fd56a9eac1f4e40a22bf0a30073cd2d48f99245ac03c373810c54eaf3306c +A = -598eef47b40d1fa1ce260edc561bd1c1ab286a7e068af412ec2baaecd07c5b9cd596505ea1bf0370ea961c4ceeb9be76baec74e6952cb846f20e5da406bd01368b85d59569b403b7a305cd7448f331f10a34def43c738fd633df9a3eb194c32d53aeb567889927271d71d3929d43fb9338248b64f7d23cd1b053239e09cc2ccf5fe9c9ce240f1a10fb151a8583e4b4cbc70ec3082dd20a9962d564544e +B = 559fc917de34bd7dd7a23a432142ed79e3ac4a6caa357eea21e423eb9af7fd94f1eca735d2588ec4c2ff013520c3a0e209627217cc69bd5a07ca46a43ec1f1bdbee5f09ceb1b2c18bd388d3852e51070943f16152a73da624be680c671057677356c6f281a4ba1f7c60609125d7fd9086c907ca5c191820d80e483886b70c1074e2963c49996ee92577334881edafd88270bb967da795aa4fefb739e4367390ae +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 3488bf00f67b852592922fbae64fa56d2e4e7081678e789bbb3b4f48df62576d537da2e99c9bdd721c725b9a828194662bbd51ee20ba73d4ed5562482540880686d9fb1e8ae62d08e39fdbbab1d18e399ebf07b3a6559dda8b043fc25a8152858d39b10ff64776e00a839950e7a9ed5ea95b594b6e9e9d4348ceae08071ec5d9 +A = -1b135d8cec9969561be396323e2f8be0c60903ca59b6c418cb19876e9e3cdcb9ce4f5251eadea11fd6e785476c70822aebdc94617063d161ebe55584a8a774ab230b8228a2b65bd5a6c873bb6b261429eefdc7d0c64c7e78133e739efe57f835ad03ef8f84601e1a2310659db5e0ee706f23e3c5c38c9f8c36e5b15b654d1cc528f1dd392f1b08921af8be6fe4e4e6db774392441883ef867bc729338943b +B = -34fb63435c90018e5843098e379c76ef3ba0615b6b500854b3dda3e77fc5646228fcf3a6e1cd87a506e4959ab05e24474990ad98ad0865942737734c03dc289307f1b1f424b9a8c2264350943449b3d2b0f71f989039131e23095d122ae98c0089a184dc530669e804140134e5b602861a5e61c030fc3d3b3eef0a59f8c0579fc9b0afceaf16698de3fa07c43231312254c04ab11ad7a29efc4597780c2cd1b64b43 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 8ea5fcf7fd41803606c95729d2d910941e43b222f9b0c93a1a803b197fababbd653a92ee34e805906fde29b307a962a294aa4dabebf0d181c046653ad0fe6da1295eef817f3289dcc6579cee8869198c39a9f79992cf6894162d35d812df327a64470c935994aca4985d0e6a783b853ad762338dabd575ca71034e29d768d014 +A = 6858d029a62b0f75e4c59f3ec067e3990b2304c90a097daccaf554abec49a9d297ca14648471dba08f22ebbf8e238c89ea06f188203599aba56611eb3d4df09ea795a7e28f91f4a9a582c6b949c6ffc584a076de653446aff9b24e87202037974aede37aa9a121b5b70a3e9b5ca376c9056c2c91f5d5484baebb64cccb6a09b4f40529afad1ed64b4cc4aca586892693fb5f92edb6b4d5f678f7a2441e51410 +B = 197d6deff7adc30b025e7e418cca0a641e1a1b35f78fb56b9d8847f0690313475e6fbc6f73c3a718b10bf37434dd9fb1eca33a99bbba674195b20d35e3b34ba9d7c8438eede24ebb48e6d39eecd93fcd7dac44235ad32f208919f57b261da70ca378f9b03ae5e5a733f97f0b3f4102d971272015bf50b6f3e50c7b36cdaa14a8a580366c9cb0118ceec6e627827b0b8f614656292675ddb66e1c55355d5a1d78e69ed31 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = a25db977e7a8fa4578fc530995335411432ced67e131fee2cd7ff56970df64a6f0f4a7d225d2f4ccec8e98273ec9a0f1aef01dc0b866e425d64e09cafb9ebe3f80bc0ad71c769f1ecd5efdb4a990ebd3a94303f52f4a97e3a1d615918f8b2df5321c4aa9339b4453d7a710a803106dd0ab49c6cd9aea431f97fea9fcae0bbd90 +A = 13f97ba15ce46ae32147a0aa4c1639b6b555f4d8a1af15ede4f1103f7a0b06b4625bf456d667720adca0c4e26e858f008b012fae63cd89322b33fe51e87714519e7dc3cceea27d968b46ebc04024d063b17901a7ae978591ca6ca41afffd81769f04b714134cfaa6700cf23bfda6ce67313988bba5fd3782bc62f76cf551d140c978dc002a779ae37400d34cbea013a5d1338b203ff267861edd88ab8ee1e4c4d8 +B = -88d8a4c8c680fb01f493f73753c70ee753951d4734627da14962e36449db5490b8c575729fafbd203a125b500b96364e6799d9cfcf0efb4ec877e86865eea5e99e2fe5e7655c1ee0eac641e73b71c66d7a72c2934d1ccfefcf59781035b2c7b89e5de3f7d1e9128cac57947d22e7577832ba374492a2f53be37e17733d8bc625fa77fa5cf093975049a5c477f792fe75e85da26cceec820c8b255df0292824b4c3a8ed455 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = c1f2165a402fe9becea284dae60453965ce327f540bb8969562485fd1bb60372b8689d9c9c97c91bcfd699dc370117ea8b704f06cae3d972dc6e5eaac971597c69d4dc24a68b256f97229e643706aa6d2d844078a5fee2d08270820055ea58155d7bc754f09d0c6f804e55ebe53e3ec418747d4130cec68533f6f0c2f8fd2409 +A = -626a1580e52ba52a877cdcd62b34cbc7f949148671d4a61201e03e98985d704b2975b9a2d9c4557deae065becd662ce8448171ac582894bfa2c59d4ed20c6d0471fcad1d0fed1291df5e4556aba72f3645486580c8bfd0e3c8f6cb34fe17ccdd75fad4d4a2db4e00bb8c2a23ed17a31e95631320590f40416c153efdaf897e3b278a1faf1917554d9292f90c4edd5992748b58492289eecde1af34976ea8ff507fb9 +B = 44c336d7739118340048939d6c198f73f90e13030b69be286ef920902391d87a58df3632091d0ef25340eab395203e8dcf3389e95debb7432165147e145735d2e3226637b4b8cb7d85d68308be07f217f57fe439b31fddf3fd469869a20f1f852e1645b0d4903432ecd1fb6397db4c11f6b6b9c0fd25778b0ff00bab9ff576b16538a6b7da40f01fa7b987af8ead41ecb66b8940c0e8a1208d0026773e711153d99348e92303 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 98eaf476f11168bb63fddf7dbf3347e619f9b580ea6804ab893214e94ebc089cb652e307f1f37ea7ab9052a352e260ff7d1e8c17461bae68c52a8a8f1a57a84c79b2c8fcc2d504ac4f553d2534f2a776ca129ec1942d83c8ae24c772f6a8429bd61949ca1aa714cc3881ed731497b84415c88ad4b9be34197a549737edcfeac8 +A = -15897a5a986641fc2cda42d185d72aa1552eb92f788bb71cc74c0e424bd038e02c620d0686ff88ebdf0bc1632093c0d89e724e7d5b526b0ddc4c7e145aa90b36be0d8574901fdf286df84a6b52674a78cf21ae4865618b4347bd905461d878537b33cc41710ddb290964c48e44d4d2ce2ed82847de75938d23ed418bb9ff1caa03b5c1ac5d65692dd1defbc6013b3270c4314a45dc67883762fda5509b915e8277c1924 +B = -3a7141f54a0bcef68cbc3006166f7e15a5c2394892a428fa417a485981316a537cb3ec757d4a2473fdec2cd61010a9ff865852af8f43afc79a97d394bb6c58643858e2b4dc5cb958c33781b5c35aced7882e8b8d7b4e4249c2b82150adfb0c8f2bbb1cff3d2ea27ed24eae030ef468ae4d6b7462f0b072cd2a2f02426b3290b87b14d14b34e91a94c5bd69e9eda53335cdfa7df90a57f97f3d023ff85537fe0a8bc5d8fd7901722 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 34464b7a50713d17b01b5940b5acfaa7006aa6b9b083bc17e0535b08783761391eaca8703af2edbe13dd0fe9036d38aecfd9faae08c0861042ea1a25b41fa8a15b7721909783de3aca127e955e177987518dd010306a795bb66466fccd55bd9e2bde17470cbd36b1e8f8b63805229754387a5fb40f3ee9a8afb2e51e25c8bea +A = 701ae8c5bafab7f41c999e492f04a7626b2b1054e6dce1b83002b2d3de46717225b018733b0fa8fe3f973202da8a090ae3fd14f48b27097513ecd4ceb1b9729e7783c17fee9be5221fce4ed3860275b3b36b7416594d2b65e198ff564e82301cae23756c878494e57b5ea8fd22ad800a582cae32fbc985d122cbc6e0eac77c1000d3ede45ae7aa087534adfdea8e9f924efa1b19c43dfd3b7bc83d7c40df7c6578a320a19 +B = 18e0256543619a750384d30b6a7afbbcbdcd9a2ce644dbfc97a8ff699e118032558f706502c9b956695cb25a46d7526596b3d0b67b69611009265838bec533a9488d24583e7d7f2284e23c3cc4ccc5920fc57e24f60da0d479d41f5b9c6ad9152903a4f37842176c6257fb1e3e0681d6d583e704c1d1b24cf616fe638106638fe9d79a0c74f0df67cb2df9d99185324ebb037d01ba0066ba947d5345cd3201b19769d438c43292f572 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = bc57cbb3e1051d3a3035f77c2e375c7e3221dd472edb1a5ccaa7521849fc0ccc7568238aea9335a733d839e89ace6f2b66ef238267e0050c065c3d9553cf50cc5cd93d34fb43c3ea1c31b8ebf0b751f595a7e5e3e860b366229de4286b9d3f0267f78c6888ab3f208c55d9292079116ea0eb9f4ec2934c97149aa132c03336ea +A = 1ffb0aac11f6d1d257ef7aa997a030e2a12b0615fb11ff04f344f6ecd550e8e77e9883c246e009af33a51204e4066ed4249950e022a61337848dae17c88317e15ade5b5499c0d7597a69a02b6c18db0f975c19c16d2167c583571e947676ae9c15be60e69d76e78329aed5fa57dc5e616795b5487f3d52bfe74b54bbf93ceda093c2e14104a6d2f017f0d200a9fc89deaa283e04b0bd9015ec67598425312868eeefeae9c996 +B = -9de2d82e25b449b8ca4b02b2d2fc0a023fc5804ea553aa84674a815bd74193a2e549070e2cfa0b90a53070646875282fdf855940905f834f5a07f073093c658cd1813fc5cd7092af592092d789ab5481bfb14b6683139646cff8eb1c5dcdb6a33113d1c97d4b587f15f972c06046730b7e712a8e3dd5f4bfd07cfae289047de31776f222d11510ab6b70a200ceeb6802d6c33f913c509b31b96e2b8dba9e25b0d2250c3b102d814683f1 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 9f7f4e010370ec1d76fa83f73c80825c3b71521855fca5db06d7ed830c910d0430375bf319671f6a83bf6b57d9d53cfaaed5bc5d615c5690df0067b18791c33cb9f0ac9fa5f0473e4f4eb7840b0b660962097606b3de5744089ffb37d9c0df1123a91a5896d4deeab8aebec469b099a3a9a4f6d822030ec2fc4d11636706fd0d +A = -7f56093243ec2399548ed95df79363e6ff09de211dfffc314b7cee526535def0f9a8eb9aa6f1736528ee7aae8be55c06645708d576111766ea33e0564c12103edd61ede3128a7a642f968eefd0d7f3768b1325c2dd910d459b15e54145a234225fd29932234e59d3ff5099ec4d5b5c6075f56382ade1101115c7b94e1e2a7bf075dec210fdaf2357c735416dd5d616335002d1cde6056bf7c478f810b78c661a3dbe6e54084bc9 +B = 4df1a6296428d06f51f31a1b0f66d0b77a04db3bb8e1b80d64da649899a1a55d4041bf0bb47d3e3936ee0f3740e1e8c2b235e1b8944d28c7d617d1f968abcde9dce10d6e3c27b2e3607d8df815f5a39da9b5569e95eee1fe5532c0a80011e7415800d8a9ec175fb1d13dad959becf04964b70dabde6d37072dc9f6d914309b850cda33a565515dd6c0181fc48bc7033b314ae0bd5872480e02ffc08dac4e3030d83b33488cf149e19b0021b +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 6da5fcea305cc6eb47fb17190889e6a39c339da1bea2d7c95e997fc538b4aeec8b0edf7c109faad7fb6c656420f4afa104ada7a0d3d14d3ef0fc6774b59aa2687c0b4efe7c3fc83194a89c832f7168346cadc2b1fa6fa9a23a67c91ad731b4cfb9943738c7f9951945b2eabb3743473d9c0444ade756291f53fc7641501597a2 +A = -19dfb98f9f7d20fd331ea749d2019d8367935fb75ecde45d6dabc815ab9e593e51178a72816f85aa678304e6ff3a2c24079a59aca253d76c4ac633fea1070753ce770765bce47428f8f5ae40c26a3ac91ddb551b3d575bad9a3b6fc7954acc93aad2131b78fd212fb0db7cca4195b41651a5311bbd4d8c64f1c93e6520eef8e6308e98caa1cd0d3c9b4041182cbfa131c4948257f1200b1c5351bee77ac8bc8e44680ce64ed0648f3 +B = -2736d5038c60553927f389c0650bb1355b0ce745a7dc5f52c9909039465344af910a5f6a9cc4ec130b9877c1cbb52fc08b20d672e42b853d26a02bc07eabb9e3f91399db8465b6a8b1c9f4a4b9eeeec6e9b6180f1a770c139c8f29ceced61cc7ba182884ae01d14dd85bc924391333e8ef039b586b6a0ae18db3570aa560c2b0226d5e23e7e753873637c25aeb19e74997da4f5d0755571785bebbc7dade57446e0df4cdb8df23c1003533f60a +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = c0265805aa8ab52da5aec06ef7cad2026fa0b18edb27b4903e3c068ca6464465e34d3f3bdb4bcc10a19441040deaf5569645f7e09b36c56631b3a6144d6206d39c9bcac53b54210db6d484cd6a2780bc68c07272de03a9bba7e51c9d86cc8883cd2e1864a2ed711d505930143c883c57545e9c40851c6df8b3314a8c9a0d201c +A = 5622f906b077d243521325be82a43fce321412bdab1f15e4ff0c11a7066a288b7939afc01d30243c8a4150e74286611ac1ca4daf457aa23508a7af869d2d55f54f2746afaec477cd7df0d5711dd636802ae7f673b3f730236ac3899330f89cb71d48c2838322fe856d9d8b4053d9c1e66acdb5e43614ecff954dbe37c5269d7ffe00b34e682c0be3d7cf653ef212daa3d55dff92b329126636e440b0bab55f4810a2849f77c39ebb93e +B = 1ebe0d1800b1fcfb67d7d54568e45dc604450c1dbe103ee21d48dda300c1d9b9415dcd9f5a56cf12c2ede3c862e895efb83621435377387b29b882b2acac78386895c7daa90810092bd3062a3a4867f92d54622d7f0b89b40fabc4709fd507d4002ca80de231596630c234fa418611ede0ae4a9616d570232c1b03329bad02220ef64e455c164aadc16190ce35b78060a6b117b4b0641fa64dd8e8cddb5914e7657573804e63dc7b216b1a9aa175c +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 606d2b6f756548568013bdaba6e811dbae88fb01f5f36d30d15dc1e099d86bdca9fc1eb3a785034ea14cb7f4776586327d57ca5a52ea1b30f26e2a76140bbb0e930c7780673770fe22c5ed443c349510e1494ebe402f2621b1e6bde39b8691edbe5c7242efaa6634553e6af146dd40666edf4a3db5d1e7f9347fa1189c1e5168 +A = 14ea5e6fd612945c71fdb17ec44d95015773edc908a85a6645a8eb823d11226545d05b81791401cefc81ce9765eacea7a619cb482f29d38988d355ce731bc9009969b7487a3acca2d2065c1faadc5d6dd8ca1dcd3f3d4ff61d0a75ef75272e62193618f6b802f70795041de26d6ce367ba996dfb91167cb1fa16c8977f982e1718de7d60275a7f66e4ad72ee55ea06267cc4e8b08f488579825cc674b0bdfd34a01bed08b62004fda15b7c +B = -8a542280f6c8bf4d9fbc96d5bfa6ee0d16a09dffdcbfeaa2dfa1097a760dec7bc540a0b5b2020bab1eaa594117a40a9bb99c3f16fc340c262b29909608740b8e77fe4706a88dc0fc3bcd47998e88fa02f617062393978ac1bfe14235d43f3d5edbdfb9f140412f4fc2dfc05a700f47b1f0f90da7ae07ae781d9ccdbb951f19a8b8a9a7dd8a65942842cf207f3baed3a0b2f08a06ad0d9ab7ad0110346293d51ec53ff8165b925c0e7906be8b7303252 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 512220042f151479a6a8b7c743ba83366cb7733caf37164e9c823422ccbf78b0b83f426a7230f559d50bb0ed3d9486c6a6e25f4cf96c4fdcb2c861566c6a73215b6d08995a14569710cf9e54abded1d77fc7722d06fda4557a3a99862e5ce963e1be25336fb42a4629391cde3aacd47ea5f5426e7185c5df27d9136a6df26f54 +A = -4d108217b778694931088bc255d1f69cf8f5a14252156163f948ae58d58f2ed54f518177d668e795474952c930052c1bcfcae11bcd15af168ec2e881e6ddc8de257d0cff90ff3ad409bb3a080d30fdfda99078cc3ad8302a4bdd77de66ac082b40fddb3cb36c75a86bacaf60984a74a0fd575d751ed2830650d85844aba9e3f781b2dc6b515bdb8d9459b083e1aa653ef177de76282e86c99e97dae9c0b050c9e6456a051e7d99adad7be4e4 +B = 7b9079504c635655a588ac360955fceb10cdea5f3de548ca2db681da38c17a70df5798f72cf18691d14a5f400ac69fbb47e64115cf071466c54bc7077a228249209542683ba57791352ef3409f6a947865d8f234ea9d39491b5c001685487b32130bce9aeade97d9537afe3f2f87e8f3315619ef7f215a73cb724f1adca99b90912aeecdc81485c0d00a74387ea99c965118fc6a9af1163e60d1ee6a1eeb12d7c2bb9a54f747a415beb5873d616fa0eafa +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = e36899d83a143c82e19e11494ba18478c0a9497fc89fd83df38adcb6b33918645a416626409a156899c6583ab9a4426438d9c32cac54b78df579cb7b6b1feb3f39ca4a6183743a4b823082896a89f9f1722be842cb2d2ceb605f84a9f9b61cdc7e184593fc2f9ff2994fe6cc4860d255809d04ab47e154eaec9ecc807ceb298 +A = -1422272d9e91a14b38b3e81cbd9411a0cafca23addf4f33c94a1bca70603db879dd8a9c0b95f5986bcb447731219c4f9b32a1e3253b027b7963ce40279dbf4008e526adc0bd7bcb2b533392a105c6e8e1bddfdd2bde7dfa0d2e3b1c6ffa07fea07ecdb9fc828283e93b0ce4861945562478b1a56de32251b7d31f9a2309488f7cbdcc38cd6b1c951570675ef0d61e1df69fed78979dc755f160d93ab5a3e65dc2944d3333cb85aaf87a153a90fa +B = -2424fc1e71286ce3be684a10dd885e4891b52e9009c3021d90ebcaf68b6db81130bdbb74869cbf142e0f44ae72684fc12c85abb5157987428c7812889beecfd7bb43fcac2eb6298ebf1dbcd2e70e4274841c2703b8685df18f6e5bbaa1422004797defc6ba843e77f891bbb46699a863bc1d77c5e3cab809c247e2975e8170da00fd9c8b232abc3fc6b16951ac4e6c96f9503c1ff2d6832ff9c35b2c8aa408645849c577d2b8599ef520da57fe2a9eccfcba6 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 4e8a59476d47ee2cd0217bae2981cf25a2c38e5f5d5c30c2d8bf95856a6e8f42429e565f1836365e550d85207246514624e7ed932d6f5802a50ff9f15d500dd84b27729c1717a3df0f2d6dfd40f0094208445193ba6500ba03fa3f4bdeaf9251aace8729b32ec3215bcfa170575e26265fe523cf44a071470e3b1547901e9227 +A = 452cfc78cb9597e67aacd4ec83e5b473ab8b7a1dcb6097fab37e25d5a6e25c69c73a6c20de0e2a744375bbfe7f612036e69c7a503255d9e17c6ec1dc6cc6f634d4c79bed4764496e5c7c026fdf9408242d3b234195e67a5681e7d7b861f58eb631ddb9aeeb0e5b3ff7a7657a7fde5975b8a9e1f643893bac47debf7918c7ef8f6d7439320dccaf63b80ec9761559078baa8e35d98fb9dc242ba83536eef7ba9901395ef02b19990d8312203df7dc1 +B = 1dc222e7a737e6d97a703fa232defc6c0a4fb2bafd247c8e547b9c474421cacb7692ec98f94be19a5e40269e1f5713d06a6d081a943dbc667bc867e481b99c55e437061cd44c4482649faf870d9347e0252ba9dbe116fb4992dc2c2a0583c1351e9e01e71e9324f5fa942322485bca93c2d95cf304028e68224fed446966073ec7326c93ae326a7a533a36e053437910418bf1761abd9c4c5ab7e6f538e9bf963903e6c80f21a0a38a683e8166e4626a8d8b743f +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = a4d5e9fb7f0d75ce41ffecacd2ee1e4d15f82dfd4decf5ab1bee75fb97792d0d574fee60a30b15af80bd38e6a25b1821e61628dbe456e39fea3f8a9ee6ef3d2332412be1500fada0c1728a1457656eb3e9d94c64fb2d0ac89f10f2b9ff57d73207274ae7e8c7538936cb7241615b830cc9011d4363ef88f51c7b3ed503c25179 +A = 13eeef030b3110451fcb1a258434aeb51d3dc805b38c72ef7c79d4b0e18d600e5dd28b552b59f3dda1898367ec7da5dc6d9089a585cf52002eaf8f9ec64b8d3ec50d0bef7dc3faf203c48583ec89757cfeaf888ec4a91470a6b8ec9f26a6b07f3311b4fe972cac2f2ffe47f5c11d2dca87c62680e2229120cba4de9cfce9f7f5c33af8398c07ffabac1675de1845e05a32536329647214e54e5d9216fc0cbf2730898eae19e425688bf184d16bd1d655 +B = -ea324da99252edb03f40100e528d9a5080c43be97fe4b7e03d9563ba48040d328e57d0defd4b7ffa9bef3ca0d2682aefd2a0ffca8566e755b11f2e3c6c1b707f1b9465592aba6181e583babd5c70588e7123361a8ae77d8c398e33f894ee288babea1d7eb63e2f3de469e502b5048417043c5a9a9a3eb921cea1533162e3ce9c79e6caf62bbe7e17b180b72c59b9ef5fe1a001b733d909a8278029fb4a63077ef9b3545f1159ad73dd75030aad599ea4884677e01f +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 2f096fb8fe2156c41ab695956f13f0fd9a084f87ea5f5b1acb6b60c62617b8d7079f4b072223ba18cde474af3942599fe070ddb0ac1a99f42b9506a2648e1b8f6106015aba0bf7a824842403bd3f4ac8b6fc4a9861bf0e8ac59be0322f0495e4b515fd579dfef273160ddf96e453f4ab663e703609c709fb1f016ca919fb26c +A = -4212bf679cc00adb2ca502604b71dd5dab99cdfaf55ae92aee6bcf8b3b6354a384656c09eec6175a95c8cb4591ce118e783d6344525c25e5b356e45802ea3ce1fe764833132e6b7bec434e4481c9cc2986904988bd8da7dc2e31cdc481fd0e359674bbff524124bab1ba4379885a6cfc1b73d953e6d1aa1b938129d74fac9dc597c31383f2f7e02fd995f7065290a9812ba8e205316ad5bac6fc65c6c7310f1a6b033503ebfe85bf6d3851bea1b65b9c15 +B = 7ad83f97f40d5be508cb394c128764532f0aee9a108eb02840ca1c635860b6d751d5f676e8670e2f61466397e1bc68f97ea52d64b335d07aed22f20bb1ed19e3e42e4205d650e6d37714c2f80d39b111577725e3bc7ce75bd7ed5e44f8377d5fc2b97f05c3c1ed5ca1ec90ba3ff7935a25a8acbcb15fe1fc7aeaa1e444cc2f06c1e6711721d24b8969d465e4958cb87924b3e0fe99ccb371009b5b15747bf6dd5d0fb73b8fdf58d955c8773a55424a34c741406f6f904 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 909626a69c803e9acdca97c56781eb672d6fb31430a53b853f467ca26d4ae96c182d71c0212894b776c88e773acbe9602e3ca56584c39b5947724290def7dbf04c6853a108c1282def95dbd5bdc015b68daeea0ee959b35bc5af98a4ae4cc7486e627bc9432bd009b21ee9af3085f074a3ae1bca879e321018e991e7898f2897 +A = -14eb8e28dd04a159c576eb10578c24fad9eedd3d8b7560b681002a54a4bce2167de05cd061338f63c50b86327a79595a2dbfc1d3f4e76aabaf88cfedb69faf5148c61f8cfb2130511a3bf4a17d846ededd4c08f3b635182dff1854e8c4c48007af028e06f01235fc2becdb32adcb9e2058dcf8f8655624bed9915faa06be972282cfbf8530bc0cf2de5b2057df32e4a6cbc3c772feea0a511cfe3408a6dab0e2714fc4cf15602ba0da03bf0016f1f3f5ddfe1 +B = -388da160568aef9f82fc16f48a22e8d7aeac99121cfac9b748c815e5d3a823b673ddcd20c1168f98ba204df5e52535f61b224fc0374092f8c834321949fa0a812b5e65c492fd9fe8246b74143a943bcdbeba16024e311d673357a3dd3eaef9ae3a72bb06e03e34e091cbe5b6a9eb9fa3d7f36c03baa5c3e242f2c186b58db5dddbd73f6aa54aae027529b8f8f0a536b9b283ab08247b9977a2ac2d0d9f162ad03a2fe247d2c589b1a2d14b5f90d5b9c0a95918ea956e261b +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 128e8844a2f04704a4a60cd33e85cb7ad373ff683abd167894a35a1daf947f504c0abd7a614e293ce10797a5330147c88c4d5e1dad1bdbeaf74095e3f5a515f2af68b7bc11ee1f53b493133905b654318dcfe73118ef1931eac47deb6c4958406b704ce027d9b027803eb8e639b52d5983094b8ff4b54e86a7dc6ea169ff1af4 +A = 75e6b045aa44dd9b8f4b434dd4bb1346fcf558a5e96b00fef9b6cfaca72fe8b1672edc2a64beee8b959683b1861138b297629b44a0caec6bad2ac05665728379cffaf66a129f0ba40aab7c6b1c3fbdabaabc87ed3dd580ba80ec7ee765e9a8fbe845c0d207eee7a1a3a0c39650c75ccb6bcdae2e0d5149991dc3bf899ae9b7626a2baa17b168b260d82fba84a12f10e09234035e08b730cfc230f0d2651c03e34d4952fca6409b5c6ea5d8791c90466bdc4adf2 +B = 102fc193633b0e60a48dcc17aa76f3e52cbbd1012f179736a0ba7a102f8dfadaf434063b0ed1b1528a018b349eaf192fe62f868b538cddd7e8e6fd98b93147727d58561517b2836e4a373bb31fc8d5e42d16126ed80b880c1a37940c138fc1f7255ee0b7fd39b1b799c34e5178580cdc076ef3fbff65fdff7497398fb1cac75e5c09cc7df1168a20f88a16e7b3ac78091a90f1169bccd48c0d06b4707ab79b741a168deae5ced5d48bb5f5dd3f465e43c82b9db7edab24569b2 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 9aa9699d1e5d2c6acb21e31890c1899f30a925b834adb5b8bc8cce83a1718944a2c90faa71b34379a21340457478c0c43121dbd65d62e290eda2ba6230bce4e6f18555a1380c7c95c1700793157f7c1cbabeb09460ca28dc596bb17851ab2ba6dc6bf311ea69bdb7fa8eb78df74adf171d4677a154b8536f8104d919bdd58648 +A = 157fb9e1b38f288db78a1a0e22fdd9f48a59779487a9ada2774a094d34536b85993e7b9ab6e24f081c4cdfb64a82271100a054169e4f1c24e3957ae9aa8300e85eb2a45a6d5987eed4f0fba6fe8557cbf6128e018c5f9df028131bbba6c544b2c6312aeddc71405f0e4ce648fbab9e5d51685949408e4ccbe06fe501a36fc13ee65c31f062313135054b7679eef45964c77f5a1556ac09b11c496d0ba8c6057e283bdaebb4e6d9e5c557d975745f9f98a288d5bbe4 +B = -82cb6334479bd997c771e894cac1ead87dcbaf8f5006be5c70ad48ef94303137bdc45f261af91a201b276a17d884a56ff27af7dc06cc5b7b9c94f7c4d4a36f68f8d309c477b4969a6e7cd1b2afab9deec06555cb753d8a0eb00965359ef865a84bfa87b815a42b2050e1635d5ae5e3743c007bd79e820aa37a968702a960fafbddecebe63f022553cadd7a4d4fb27b4dcb981e8b490e80bbbf13af8c4412d158775db71f5fbc9986e7b8a8f9299574abf7bdf9ce7544e8c4e85bc +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 46e401989fbcde9d830dc6e3c42768999f153d44d270d4805c5beefb470bc1e82706aa7173b359763c5e15d146eca91a32a36f0a80802871933cc7f2ed15a5472988849a2d2f57543345b531538db57ab9bcbfbe787efb0a82e61baa505aad628df5f9e881dababb35bc2decff267eaed3d3671757ae1764ec5163b792b4db3a +A = -590c16ea2cf7fa7f63b5cf74804333f22fd2d0e1da7d226da8425abad2b39a4672fcebcf5cc15d220b0ecfeec09665e682fff0140f16889f7a6ade9ec11aae3fa3a369b3fc133babe52e42b7a8bb9a24777521f4d9e0efe7d7977dced9e40784c24d2c6056b3b668ada7856da71af73d2dd33d2e481ddf40999d86a6e236d0d73f31a67c52cc8b38203bb2840c0b92c2612ffe5fdb6be87f9a787d70b3dd506f9a63d144db3417495f0a48523c812d14a89710d95bc6 +B = 5a2865cf2254710a1a51ee3056b0c1f6c5f77d22d7aa8f939e6f48ecec529a169e630c554bbe682a8c4de9ce4daca77a278d7e752cb678141ddefa75ba42e661885a82ab55d699414ffeb75802cb8f4e7583bec8a7ab58803b378bb60fd46f476ea490c9aaba568ec17f3a6afdd6f20ec54a512f7aaf62d2f941e35b4b72dea77095e863dcb38bcaf8777707c1dd437ef2ac6b6a8b2b832f80ad2a6d6f279c053d02058b1a657a1cf5b6b269e15d29087b0cfc0c2d4c3fbf32a167a3 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 1c9649f4540556ae82ffd71b2c71ea8588aeb845c50dab595db9f8faa01a26c809d30d8433b6c0add465e164cda2b6723c942ee87241eb7baf9944cae08babd8e22a0eaf35c09e9efdfb9f8bfa65d53ee6eb23fcbe1d12a66ae05e7592ed788b231b000f895d098a24febcfa4372d249575926a5faf966072f29a62a401ec51c +A = -1bc9ae5fc2f6a3f1274584bac1e145f02c5e8c4779f4df15e98dd34344c988c1437ee4428485a09090d81b18606a6ea5c1b9136872ab5b37373fbffbb5b3fa8fbeca1e112b9f1643658c2f38b9548cd8f0f271779ce0acad403177057ea0a2af2e7435109879941fbf463488a2522b831b95c1cff21d2d816d70c25156369dbcf04a0e28e1d746afb8a77713703fefa512816fe73e203bb4c3428efe09b946b750199bd7a03d30feb90230c219a103ad4528cbe0de1e5f6 +B = -39cae179d955049f830867d4115d3bae25127c945b1fa0c16fa850e8fd77c1b3b9b7916b9983c1659b7cee77b7dc72abfff1c56681b7931c5e58cfe4f1bf0168ae32df0df8f652223885717a98f858a497b1a4be62a2215c39316c34451b0d957791f49139921d9ac8041899b8fdd5d3d443547a26ddf5748147e4c3e93f5043ede42f38a9baa628df65d3d6148ac2ce182056700f0f94029be05d3ea3a218b40f65a87b4baf097fce107c080de24880259f1046175db1297016af76d94 +M = c462c7cdd79b7604246a0cd97c017700feb25908656b4733353af8119ecfa0212e4bd24304edd566adb5c1e9daa40894290a9e2e20d523bfdb5a2603409b312cba43d567a27118c15d4bb2f3867a7ba7594e02859850b77b929823049d43573a881948d674e95c7427e2d04d4ed81b5f4de21e0d5904c8e0359c99d4bdc901a4 + +ModMul = 9fcf6a47addfa336557749821a88ccd2573a5ce2c3094a17d9a29b33e043bea165499e89fd2c939f17a670694aff05e9af46836b62c96e597c83681092d63ab9d6e22751aa8fd4b9ea94a90a373876ef0f6514304a495edb5ca1795c9ade7965c70f9aa92f8ea460ccb670e9a62c81e9c +A = 71b93fbad39b1c2755f2051ff7d532d59c985756410d58aed3947d6ae737ace5aadc35e7e0d29c684b9d4bec9c0fa277996bb30230f70431cb7b905 +B = 167be8381a3392dd4df62e150025e13b388bf366922ba8632614928922cc290772135857d1b5234d51c27862cb1a055c1b86260b6ec +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 8e2ba940fc5165c6c5f7f4cb55cd89d1d5f59e90e78730bd66fb120a814514784879dc43ad4f355030ddb3486a59bc34b601474978a94ddbceafdc0ee23cb18708bdbd824d37cc32577802ac6057fef29a71f168e816309fc80cc46f251e7289c6a57fd222d5868263360af63dd73e7c8b1dd6b3f3b6939849580b9231940a4d +A = 1220ac4bde4feca135268550ddc79d8b05ff72f483b39f77436f348c4f5360c22c598f7dfb76697bf6d2ae86c68e90748b8b729b25f932b2e5fd33f3b5 +B = -bfee56cd412318cd62e7b6cc49217345d3a94e7fbf6fa19053fa685efbc0f8b320b7e43883189396781c49371dffe7d126c032d1ae4b6 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 8e2ba940fc5165c6c5f7bcac0e449b64801e75134a390f120acc58cbee43888f50d07f7aa6dc2b33643c025cf745434d20eb1aeda8fcee5fa3fa5baf10d67c21390297857aa50bbcc4a29a6b10885f97fea60f1b88fc72512c111b938142ee8d67545efe386622162e8fd50418b09769b8c22efe54fdacd652580d609f0528bf +A = -7bc53f6f2e78628678ebc8e35ae4905caeec61acca5c64fdf595689cf005bde2265cd43172802fc133dafd933d7b48def44256868d202727a4aa6c0cde66 +B = 74147c93e729707111d0d531b1c135453f3e59f63a7e082b43dceb8b16cc5debdb6d7c0ce0c00ec9b5ca51e7673e411c3cab34938124db6a +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 43c47d7e319c32a758360dd726a1d91e2cf5c57f73cdf9ad2040e61a9c282a2962d96d300e04288461eb1ed37df19e6b88f104a250f9885898740f6487b081515314e0a217df2d4345d3cf81eabb2bfb346b634b9c251624748f6e9407cb677aff4c53fcf42cc027de267e6ec011e14bc7f3bc6666f693d21 +A = -1e6ce0b44105047d0da0eca7b936980267db41d41319dd5315889fe8fa2329023d7cf54f71ee179b5bfedf442cdad1920d311966f7175cbb953bb42ee105393 +B = -23a330c7e06cdef4b6b121d15a9c0bc774eb5e432e72d04c5f03a0c588e55e010b61f57c03c51edb1211685d8dfd2a35393091fd0e3ad2304fb +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 768293c84c431b9c8dc6e538ca3f856c60ae5e1aaf42325865418b7bed16c7fc2589968319cf41cb370657c8edc7b969de10e0566b64ec796470b630e22477e7aafb38e99b6012f100c9d23d5517d486e3cab1fc60c1568c0228c9b55d2d77d23b1351fe37ad4fbf9c07f29330a539de4a32709d043dfc9e21aa1a +A = 6bbaeec78b6a41818b7eec42fa3be7d639dfd86fbace2bc14e0369dba6dd3f04ede8b808743d809f43f70f1146dfdb1d649546441919e27f1f7a9760da4a3b152 +B = 1199dc2f52868a0cf440f6666b576541c7aec1e9cee14c1d22010ab0f53fe8bbf3029c639ff78d89dce82de85fd8eda4e67395d435df60158623c5 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 8e2b90afbdafa02ce68d537ae807b4e7f3e05a66b20b84cff309941fc3150f99d083841ddaf6f19f5a76886ad5d853c73051a0457e95eeb0fe3776a084a027ee77d14f3825713a59622ea163a679cff904db33bf6ab23b06eb4b31f4e34fb122c8c170321164439db783e7bec1c265eed33f33bd9cb6d1611c00aa18a9b4b90d +A = 1c4821515167f7073d4b7cfa318ead1da1131499c12497447846caa84176a9d4af576fe549fd8b0f77bf8dbebf6c395f84dffd40400101bf28b1dda0bbdcc5da255e +B = -de60cd639044e863c6a49c73213dbc2ca84e4225aefa5f880e829f2d9cb48ae92e3f2680c462ac697dc34da38f65fcdc1b4d8c3c99e8cbe29660b539 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 33e8e8e193b4b99d8bb382c29c1fc5403190d7654f43cd77e28d1bf77bc3a728dde9de9a89c6522ebc7222d25f46833fd1753a44275b04485c77b675d816090280b3541ca61bfa33921a79f7286830131d6eba13acc46cc2c449b3a359f1cb49d67a4d0cc1245f3f8b59b1684aa0c3ff1c928b8e880a3375ed811dffc991fd1d +A = -50ff3e00feeb2efc6df6387d6409a622b7a8297a717b8d94d0dc41c6ec6f29a8455c3580019349660b31dea1e4f66b74147de93535e671c853b604ba06a9b62d34646c +B = 49ff858c7081392defc3ba12ea8869fd61188ff15d9339be72657b00530b851de53b1fcbe16034816e73251fe1ec97bcecd8bccc470373974287ca328af +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 2c88dc40414969e8b614bf8db05fbc38fb2b7ce144d7e707f9f8eca40ae2309c1fc67e713a8da5fbb20e808ad20aeb369cb72a77fd285e38a7895ec0fc795ade4ef1f1680f3a3b3cee4569cc9d5e699984daab3385815d2e515ba5d67d21dd1defc12ca81bc8ea645f8f8d103b4a0a9cdc92eb50690c07a037df274bbd5217e4 +A = -167ee0fa8e5d8b569d7848b068df06f6baed80f6fa6a442f9d11d9712622b512249b92c7ccb821ac751fe4ec0a7a47e04ea5571c7cb45a7985749ecdd87f0c0faea01d232 +B = -2207fd8dbf2b8e9a5e3cc515479cde241dd3671803f9fbf7859459ac66705be055fa759c85631ed2a61139657eee7eb08fd963b49e33666e60b7e75dd26b5d +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 674885ca3ef617a53eaedb9564cf96bcde131760ac541a81f4b25c174a6fe1444c2c206f7171e343e1bb43f81610162994c497419e75aaa25b664c122ed2b27640b45bf646fc5da1703fbf1cc66e10a3c306eb69ae5f937081a1a18dfc8db376ea18f4c1c499109b0cf8806eb32cb1f28985da790047bd7b32c1f67bffb9761 +A = 413cbcbbb5851a4ae12555801f7f80ccd888bb82ef1b5c31b99e1901d7e0ab91ee489c84044bc21fa2010f11aac21d0531fac09feb482fda579cb9f224c3149dd6249b0225a +B = 1b6bfea70f1d80350eeb45f9a5cebda954d72cf5cd27a299ef5a42e1ed0b50a541d1657b70e50b0cab69b22e31d0944fd735957b1ff764865d9385af302bb802b +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 8d74ba5fdc67733ced4d468f6eb6ec4c1ebd79c97682c1d4daa06105788ed9c5144992e555d903804d7ed0dd9b29ef2648568ab7ff462a03e0bceb5482485afc3b91448fcfeba435dc587db6f3a022428d37fa0e85392d0e48e7d4ed6b21253084e653da8175587b3b709e28426cddfec8d9dc582d4ac2f3d540305c0fe17327 +A = 17c0b7f0e2cdf316e4d32f040e26d41dbde1e6689d98f0652da1c380daf5dfeb6a511b72d82f1b32d3852e9aa2f594be10776a8fc89a8a35c160e8e41b42a06a342fa1c309fd82 +B = -d7b7701340c5a358455ca5fa314ad83860d9f765978ff652d7f542de2e123bb976930b8fe84b9608648324450d8ed2bac4e44f2fc71711ae813cd8793af8d3796e8 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 57e60f79b4e156ccec4c253e70df8d86e4aef326150d612a5ac4dc285761e88ede412d28d9dfa5a6f5c073d3c91a65ba9c86067d81f296935f0d0ebd2af82e7f6b5b336422429cc3b8427fd8d3f5a6fe936f4208362632093bdd3cec1aa8f4b176d260f605caf4a12cc011f3d1b76135ac2507346674e41673eb16c0f55d8010 +A = -4f1568c207a9ec970b5c26f068f3cc8019e8cb483525d251cd2919b368d072ac8f40017a19fc7437cf88e927c9e7d6f539ee84865f0af24be0d6d98fb33d74e3e0d28020c00bcd61 +B = 723db98a78f42aa45496f31cf78695583526d25e167da48ec310e447ad3540be2636813a2c2f7b8c622795ac451992e91bb8e43e5737f0dd95623282e729d815b08ed8 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 237eb5726e2c628a515104bafd44348dbf099569815784eca5d6a415d3c12421c8c70fee23d6d82f7b5b136b70ffed3b6d9e98cb47854e79239d96c26f2ec955e4ea8dabc29a1b0765c9b7af6ef09ca673d1ee21c680e4b8cfebf47bbc74c993d017ead6cb6f3319ce4de9e9765cdb3ed8fcc57a1b153327e1a6a965e5dfa89 +A = -1fd1f634685eb1470dd9080529a891253a28a0b31e15c662733e20d43fc4cd71f4cfe83c3774adf8293a0fc3bd806d0b31b61c6ed0b4414ccdb91e2994e22797e5771c63defcc0887f1 +B = -3ec0478afdf54c949a097ca411be41f931acb750ef4f0ce97d0f0fc77cf15970cfbe24b170aa332de04836b7a0e6c5d456814182d27c8310d5fb662a818bc421587d95fc5 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 2f1d500443fc4f4b86e7ec93e4d0dfd3faabda35a6dd31445021928373be14c37fec369ce80ebcb77aff2151b7ea94d21592da1823ebfa0af196f286d7a69ea54799573bdcd4d09ca4f33b8a3a93b35de5ff7f65099d59367914f1c79440b471ced6773b0802bd8ca99cf531b62892eb1e78d67f8210592208859b0aa1754b14 +A = 572de2984fe2ed0d5ebb5bc3f62b197fd592795d91cb16b48a0c898991ee3e884e5870b92405f248036ef9b3898c5ee6100a09ede5a48bf7edf3a067e4fc77e7e6bf6a6e3d4f538e3d66f +B = 12c379402b18a34dc8b80c0dcd25be16c99d6f76d5d64b6050b90910cce594bc022794640735710c7ded857ebd44fe5b2e51574a2296f7d7a61b59c0123051bf2ba4a168cf8f +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 4001c734e1391a88640007893f167eb79ef61e4717d5eb14b8d80c25ed59c753be63fc8e54bdaded22c9c7d3e49753eb49efa010439807dba0d90ec4f9b498aa97f109af542bb41922936223213ddedac4d0fad8f1446498f4228b758aafdf1d9692f59029c76ca2832125ba50e811cb95f2b982a7a4d87b4726e6dd8b1963fe +A = 16792909716b581a936287d0a8550a1f3e840935f0f3ddca75aa32e3489269b078fd19a16f8d6b2326eebaf46da76e90890c0ead3b35689bfda8c1ead17a4f672588f982cfd3da2c2b9bdad9 +B = -95ab2c47f85001aa852d6999f29644a6a55f9e4e12bf905f911f90d29cd1e4fa4fc9d1a2aa6c215bcb5c5643561499aab8f2678fdc5fa9c6ec138aeb2d62f635c45f239e46b0fa +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 1bfad44b58d3f8bc987116d4cc7ac98f89f838a8712d81d726189e9e1469cf46fe04675dc0b82e6e556b02c350ef4e30ec6203c7f1df937ea80f435af7c10f48538fe7755ba78993f304e64ca0d783b0f46f61bd14fd3fd30768f233c59018ce911a94b495f58eb96438e416ca3c7eba5b1bca9dea5a770c1d2d9f2f62f821e5 +A = -78a6a6ef40e443c52036e75f0b35938d632bd45aebf45a1fff5c2e1b6f601a57382b9a82c3e8b2984e643eb1570cd83f3a6be6daac567ddf9f37bd96785662bc3cfee6f47503d239c77781a8df +B = 4920f870cf9f371050e64a419ebe07ac92dd3525b41e8ecf6939a267e1ba853d54862dfc95dd21b3526eb0a0a7a7f8fb67df2e9472dbec81e15cb13266257177c5f2b92fced4cea5d +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 6b0b84505907a5ca37abeff9a5ba169975792c69b5751d9845c0f09dea833fb679c8dfbf3895bc470529e0cc736c9b4a0d08b75d709a1d04525ae583c5ba082d3bca1355055c7bb674aa1b92689cfdec4dbac84a96e81c855280e417f60e7e4931ef4f428420c0b85d2cd11c1030a47788d6ee6af0a76b5364fcf23b270e9d4f +A = -143d843e3b12431fa0d873815a757a214cf731c298db61ab13cb87fe78b0a6184bd1fdcfec0c7661b10775b4ee2c815dede0ed497977c9ec5154f7b24a8a786501ddb8dd257bea51b9fd9401ff760 +B = -25d4da7b64f439987eacbde66abadf0da7c1653c1c1c6d9b2092351fbc714a20d2d7ad8093209da371150b69b3602480595533ecc1f3c5005a8ead10732272246d8cdfbab87c49e65223 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 6bce40524278ce242b0b5292d27751a3dc414f962d9c1cacb45fa3ee693ac6890d2ff1647abe578c40ea8d4b326a2e0e2fa7cdec28fe2da089338b5fed91c4277cc5be37537eec2f17edbf48a45fbe38f15c58c3e733d408d001262dbd40c9d246c323e7978df4fb7207aa9270a12921743cee2a483e7e71b221b09a6b2c667a +A = 402671b0cfe14655bc650bd35dd0c36ce7f65de274a0cc4b708c6f6c3e84c2125ab2430e702421904950b29aa8a03b049910305127890457cd0cc97a3e05df67f29d28b0452969986959df02f59d207 +B = 1648c29205f19fe4c646eb62e8ae9b65260c2cb8424a526423c6bc04ed55870cefef9b8ba808f8ed2e1ab170e2e411f68b934abb1a22776969f79f9420f8bcbef28417582942e26646af60a +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 40db38dcdc201648da555f1062bbbb92c632c29b66902eabf90d98dec69ab3f3b28e60cad1571e7246f4c9e6aa62ad26a6d0bc08598c7a8571fa830cae4c2875c5c95a59f3295f998681edba7749b7e38cbece8887a7823b4752165e1a897e638836d408f439f009d0fb6c196e83e83ca3289d2bd0f0eb36b721331e4f9f80fd +A = 14361ace8ec5223bf0165b78913b77ef921b7089bb5e28891d120bd3db6513ddc90404a4e6cd027f9b51fbc02e80d376d59e1f2b043954199ef8218bf26cacdc5e749f668ad3b4ab35cd796f94c06307e6 +B = -851a39d8b0101fdb22ea9e367286e572dd132b8a77a6a14dd0e995131467aee898230f37dc6224e35bed2eaf459aae579181a161450bd7ebe6b62ea7154a8a0ab590ca4a6c2f05531c4e24650 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 4b085796665458b798f824d1c1a88c23ecca456fb88713b433228ca8735141a616633ccec4bc53ea4f6e0c74e4aab6fece2e4cc4c4efb479638cf54caf55d4addf75908076f5fb487ed00d540e5b984acb8f81cae3ef51db926a06382a288092b352793de721c23c371fd0ce7a789486b2e8b867d35f47b5daac2d339d22dbde +A = -511565611538828ff7dbc45c273fe46f4f5105d41ccf5dd343b41e9dc579429e56a9cefc54657ef0422960d1375b72411a5cc93ffa323455e006e242580358d6cfb641f46b9c36fa777a613b17dd4a187454 +B = 4f22597947638b9a9e9b9b7c2a8d37f77259f1bb1c7db65003b6e1a1c807469c84c89a75b80bbe0324fc3aeefaedc6ad9c0d9e470dac9c30bc48f6abbbdce9547ad7624f0ce9ff3cb6be23e47bc7 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 2b90a57349ea94ea818207fe15c164f9d3530c7cdffcae178557274552f79c4ab56acd78033a570bd6c3e45789704ef0b0ef586594fe4cae3ccfbf9ceef46e769589b084adcee3ef8345375b7103232465b991273df724964248737d5eccbac558e35e4190112571d3e7c291baa7aa8b1800121bd573b8419f627c0091e1bba8 +A = -170cc62ad57094d307ce1b317ae5e825c2f2e317ad6060437afa105501caea00dc9a86af8729e2f3c3a854387dc3ba368c0a84aab1a527ab34fe27b0a69bc71c728cca87be728457c65eea7d7538ef3aa282615 +B = -3d9da1377a88f647de57ade46dc7caf71b4f42bbfaa5e77f16cfcc90f00b5d3e9e9d82355104c7cd0db4c1dac0496be3aa35706cfc0a30a1329755faa439694e8e9b41fba8f1ebb46140818c7008e27 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 4cd4da762c7576d582572d3427abc4b4297f740705fc14a32b46347541b152d0d1e3a11f27213badcea1e2009e34a63350c7a59e4d43654b28298d2757d6b54c4d82f580e98de4230cd119ba350416452cd4b8adff29b9f35ae0c533f666cfed716838e2b91941dfbea8d6a978a369d5f27554ef411f15e5a89850655d7f3f5a +A = 4f4a28af27b926d8ac347503d6ac0bfec388a6c0b38a577501c3ca4aa709c69601824ddeb5eba4d9e437a97f3e4477e1487d5ce7b4a35b90fb863657a5b2d901bb8c3c838db40b89b495ee9875e8eee607d7b8013 +B = 13ca192603bc8b2da29dae67159e4f8d32f351a503434ed9e4e24f74abb5908ef7da80781c71b1a5ce64fefd13a16cc1eab05a370bfba2a97e6cf90cfe98d3a487ba72dde0762c36c10e1da175f1c1b5fc +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 3812e9e835ae355fdf328b29ed8b86dc3f6895e379b8b5d65a5de41eab5fb20ad3e2290c8ca69f9500248ff883d9715f59d0db6257d13c5cd612211bb1fb99867161daffc77968bdffc1fe48bcde0fcce02ca93975b3cd9e93b56974ab4beb59582c3d0ef2a65957f701549f8bf858de0c5bc98af3e5722f1450de391876a2d9 +A = 14ca6101af00d67139b985ac9f149accc260336237dd2dee802b5cc6e506e217b74c1a007ec10c20012f071ddad34e7407012669109ec1f385566ff04cf1a1ab7562353c0af1ba1be0baaef920a188c60db27970f64d +B = -94b683326e9de19e414f653aeb2cb4bd7b17e76a23de6a4d91c43d717a35e08f2155b444a9549dfd01a8aec4dc901ea9f629f16bafd2c84828b12d2f63dc154323eb2d54938895ec4c9efbcaaede274fd4ab +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 5ad7411cef0581b2e675d03b0ecb9969102a283eba5e779bdcbb7646d94e843083a07269c932d18b973b57abe54eaaad0aa76cf7b61f30505a263bc95aa063efb264ae829eb1d1d5f7d380a0b4db59839de9ae6230ba51901e71b3e3d59e8c34a79678e751c8b7ab139123bdb2f04d90a18ed81d2046ae86da1a73c8dae4fc4f +A = -469f61cbff01f0e4124ba69a860ec6dbc75cd758dd8ac7cbfed97645b16488a329adee62d1a66e90ee4212569d56d58b61676262f49dcb68296bbe5d8e23853e3fefe8a304710cea568ca65c183531a992ec5b4d82e226 +B = 4a0d48e31cb8c24a3b2c9c95fd19edbe46823032ef4c97fe65d0a30d5c2cad7a4fbbe89e0ebc9940ed9f9ccb8ab18bac269759a9740a7985809d0f38259e680f0703febe7fa012d1ded47f0cace4a133f59a721 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 2b2953981db406ebc544c39dfeb08a8b089064533221536c7fa2bf2a7a0d3a1192859b7dc0ea5036eeab5aa371e3e0070c3980433adb3e3a5202ff257bb546bcb9550423201a35501fd717ed4c0016eb3a675ed399340bac7f058a04e69c1774590fe747ffb9c27e78ba50fcee30ce533a1659fc49dc080a60f21357a6265d24 +A = -122621d97f42b65b060c84df3f0c0da097b5e240731b77a37bb9471e7e398b242db6f1b5e25062a9bed702860ccf6aaf386c1d6fcf60fc31b8c190d3486949c5772b9e621b863a7cbf29449ddd68b7e0c21e669492e58e94a +B = -33978406dd30ec2b192c416e422428683deac210017cac9e4355e8446d6969295b0fbaa8cabc92c1fc0068da70efa047f938a419bac160ed6f794a9f69f53a88648c9725610d5f309b652f5462bd3011cf68ea859b +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 2104dfef151526e072c09a4a277eb981a035379de3b1a55a88cb060681706f26131c388f5572c5646826b119c85ed450207f32733487e3c4e1e9d701a65058c4b4ef0cd1db090495643038229ed177b54695ac32110619038f1c1cece14faa693d88476e3d70329b0084d0ba5d547bbaa5b59ba1ce1fad5aa2f1c11a75bc7c0 +A = 7b79e6f1330fefffaf8521089c3348593e40ab7e8d4da3d4346571b43b12740958336580afd13619be3dc2d42eefd9e30599405da3e32e7f3a5655ece8b77a367059668021aa092460de75e627526da08e6206b0f8f539ef40e +B = 156e234931907c0c0970c1fe6bd4b24225ed94d5f5b1be4693c8e141e9a6032425b4a47b6eac6265afbeb9d796eb230efa707d5ac4a73808225181cf814b319142e9d175ac461c75e6d479bb6bea53954bb981062eb16 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 2a392c5fc96c29df2f5ae9eaf76e7d981dc1e2f3b47b43a98eaf556a9465ae8727c622188123c64658053ec50c25e54ac5c6c8bc279b134d326e911f14c873357647866eccb4f9038ed0cef5082c2058ebd71e1619f7c8f8f2fb80871ebbca3fbfb7845bd855d307d2efd853f1bfd467fbe030862f165e53a9cfa633d0d3fa23 +A = 1e0430e7cf15173d00592037e83e717c90d7dab4f54a5b2f0f5772762fb5f56bc0b2a53ec1bc3b960afc35e7b043f9d85d0af6c29288486af3e186e52bae6300b58917647231b40a12648cc8c020a797683a9bd7ff34eb6d41b928 +B = -e08372fc766eba6e0ef55a9149d700b503e2e3f978c8a397912e2735d5bcff69c461561ac0822c44160c7c1bbf722df421b74beada57462ac54a9bdcdb42d6a27b86413036ed2282abf62800fb2518a32a4a135bc948053 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 2608f68632ef14dc3979725c8cf1a0db10a1651f17d91247edfae9935b53f6364d233b030eb99871a87b7bd876ab2cfd5a643387a7af9d337e81770db04a14f4f8dbda2cff604838c9af9a31e8dccf9277d453176589ba33abf77855b9501e63370b2e6cd22831e1e70ff1815302c0a026c70042957d08e74dfaff940a91a7b9 +A = -5d3568858c05a15bc9777af949eb01d33dfdba58439fb3f7af2ba792efe8e78b16d7fbc2a303a4c4c4be7c9d43f57405e88be54d6ab55268a4739945ef582921d2877019659dadbc76e0939f4b2cfbc91e5356ba2ed531526ed5b9b3 +B = 47f81f65ea1af04f702757c02a175a299b23cd8ad551fdb67020c50cbb4110b5371dc5790b12484e9ce647eeb24c0220a5e62aaec3461a9dcdaf1a22814b6f22d66372cc5ee31944bef33469f905458c172ec7871d9dc9c301 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 5735109bd21d31b5f54e9221bbed78c54cf387e39c13d31557e8173e173f786b2d2f1acf3966c3bf4552fe9bc802d0868a5a7632404cb91609a7a45fe0fb83fea8d83b0319666c1b0ac520169c15be708343359447f2fd37960c1e96d32799ac9394e839b391f59dd347acfb79bcc4e34e76490880d163ac97ee69e3a0a6e68f +A = -175011349a0a1ceba11756bd528f2bd631c106e709aab223032d08d52d7d6724e8c5b055b6f97b48261f4860eae297badc1214cdae9b2500a7a47b4b777dd7b8f1006757754ff1143b637d2a3adc555f38eafbd5478cde0b04e5f46d3f0 +B = -2aa7f75d6801b04ea9f690aa0c5448906595fd28b53775059c01efe54b463f1d87c9fb4b39cb038e770f99bb995a2118b86ff8d004bd964e958c2af82becf362fb0b927c671cc3bd7185990419d26a827a2d81bbc0126e1029556 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 3b4ad19b75e1301d19b57ba9b68e0666c28c7c5c99df1d5fbbe0685dc1d3489ff39c919222719c5d8b7ce2d7ff967730d776a02b36a86064ed66a02011bab82eb575390f85f0104715f6e4954a1bb28518450182a8ef58af35d00e2fe417f07ba25dd9c85e00c3451082becd22e3aa0c9bcedaa96e6423c7df6c375b4c799c65 +A = 58e1ce4a9b512eb0632b02cf1207936d6707b802140540fbcbbdd712e5ac1426b4f36e74a9a9ddc812e572855d4fe4fca8a0de6644226f5698fb46a5f2a479dfc8b588aa8e02ddb15acdc79ed3d17143e290f1317274f425b869df54a4807 +B = 14e341cbb5f5a7f3b4dd864172b82ceed2887fcf20aae7d0598b3d8afafd2f10c27bc7456c1488abb570be3df04f43d892dc6a8dbe7621f55bccb0ee3acb1ade989a510b4e0cbe29b6b93968f323f0016d87944c908824d249769f8b +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 7fe0bbbccad6032069b1a335b3f2dac16089051cd9321f903181fad23be6853e2d209958e8c48e008be94a62c6206b34b4e994ca08b8f24a2df0e6394ea65b3b7aadb3bc43d04dc9d35a77e673c4476dedefd4568b4ade5d16f9d89486f3d5ed0566b1eb428cb0b688f10fe3901037744f278385754fca481f937cb630f60308 +A = 1cc0e3ed58090db55063c9ba11401636f89262d6ec096d361f448496e05181c5f7f2604333f26d511c13534618e90637adc807d622097f7eabfc03266135cb626e1bad20997e72da71bf2b3f65a4973dc27d2a594b1fd96b7bf7ec14b9e4b983 +B = -87871b2058d33cb67d83b6a56ab27839c6a6c771bd94e55f200a1257f2c737e39c4a0403fa410ea64e8f442d300df1c19c2f03d07fb74d94f86d26814fca23d4cd2cd3718252cf0cd8a0e36726f6e68827a1dab6bbb1d23b884381c702 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 35d7ac5cbc7e6c262ffa41be168b02a3bde9e112c512d1f68421d705ea34461ce3e0dafde67f44d44cf31d91b38d4d5f2fbf8c6c6a44ec3ed0298dd58f3d45c04346c11e57229dc3d2cdfea02c802732d9a811d7be5e81094d72172cd04caaa3c9d55a951c09f454f42add6e89e2d8a98e124aac86379df377606e7af9bc6baa +A = -4ee01518f6581c560a186fa05c6f4bc26809c4822cc74a0bb74d5a6b0a368aa9bd0108f26113443422b8c589084ad49f919a9e7821d99127bb210670e732b7cdf610e464e300a39d3dfa7c82f90cf00ce329bc6763d7b1d4224a020095112fefa7 +B = 72dc8973f7af7122a05c90df190bbf1e39abca908c197590dc7ac41fd0712f48f838ca62a72a177a293ee6b2afa7a10c21e7993347c3df4f161a5641ff62ba123999bf1eabef29ec0d33ed0919818f4b7c35b5f41e654759fc9abdc0f80e7 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 5d83a9b34631dd6c63c05a0c012adf97b4d0f20f61907e1c2145330211e9a7e38128517b058e0a85e993c385068d1cec768deb814bea1323dbd333de091ad2cad72431f20c1e70ff7e1b119768ba44e14292c38b88dae7e55ac9e10ff98e9bcd5f0ac05af499196b4be0c6222d1a63227ee895fa6a8221a4a182a1323183cd7f +A = -17b3e0c9288be15fda58c8fd228216bc466731d631218a7ddf1d2c9cc858c0219cb0757d3b680bca1b1964eb15031b5b9d761a8bcbd160db89be339067a2ea35e1ac3cfed701912a17ef9ea03999d92e3592e893183ddc05cbb98a656983b54590c72 +B = -269f96a4634eb37cf8a6608408128587ba45958405a29827d0d03d34816fcb1a2297f1319485439d3e8594532545086efbe4d21d31d30e2daf09b74fa8cb27df54e8f9f993630cd9a292c977eee70887158bd3fa3cfef321ef900a0598ac8cea +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 7fc1c65eade94d9de7440eb8dfaecf1004905135efd4f98257c3295b1e76ccf1e2ab6808d158d360b7419c6210c50efe960610973d9ae855c72ec0e81d423e5863c80b542ad455700d2d0dee5fc403dc01eab460c24687401cf6a3179642e59f2a30268df95fa80dcdac230702352bbf6b60acb9ff5d45c5b09a3403b954d173 +A = 7906bd8d3bebb1303c1df1fea0b2503b0abe9c69b4f4f5bd01eec9e314788cb7d44b93428adbcef570477e8ecac2a64822e481bdf520fc381e1bb0b2cdae2fe94e484cef5236dd524e4dc364b72f4c06d57f29dd3c5079e532b1ab1e71dd6a65b3362df +B = 1479ef2807b9c23c094d0416f513894cc92e023b134f44a5333360dbbe98b8161ab899302f4fa11b470b97dca0c4e8ab7ae47e5fd0962834e6cc1763618193f4ee027f667368da580c623080de137b5869c3081128e6081b9d5e2dbafd791773242 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 730c04094b1ce944588e8291f7e6cf763c70b79cf362dc8a1bc63bb8790cd4cfe4eb51cf15a45a8464d69ddc3e1b9383cfbfd643f317108cd9ca6a6eaaea177c5c8b6747bbf40108cbc0437eb8f11bd2a0939da59b70c0c6129e2c249823897f2ee536b0427bc45035f121d2cbe7441c175899b97c490e6c3ca01539bcd05848 +A = 102cf23cc3b81785c73ac3613c816de47fd585c7d5f175185818dbb4bf0bd47d0dda9702bce97b29d66e48bfaae0fd07b47b40be2b48ed702ef21c54b10bb927f9d6b43604bec4f4b2796b44aa6b4e83f8bcd00f2fa3871dd901570e1a32888d8691454c40 +B = -cc5349a9c5280a933e87ca38ce458a711c71ffebb40bb1f7612b42b4684afc495e99c4a5f32eef1c9564c2b7612ea4cda7a0f5df6b3ec9026447dc565ca08563d46aec7ced9fc4cc5645960210d44cdc3944149051d569c9295dc50862f8f6d1f6cd1 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 1cfe1842a53d00e4619265e2fce7cb566ffbd912c9213925d01408a956af304eacb85e29fb6edb812a95e90769bf1c3d62b0cf6cd5bb8f8992391d2ad70f38a14fb9d1d1eb522aa7b7fd9f1b52790beebfc887193882377b7ce567d317d8432e1d9a908d6ccfe8d2de7de497d77b023b3959cc042ae30aefcc0229617fd2a146 +A = -5c3d24fdb193ed83f5f6a825c1716f98e3cde6b32e09659f253ca3fd2a39402b5bc3a6497ed7bc908838e93422559a13cf59156254bd3fe1e3b8600b2a777943cdb39b9d42c58043f1d587424425d3ef5f5538ea157112970ce3e09a87fbb5f7c96f1b5e65fa +B = 675d9d2a05288b438ddcb330acbd59e4639375f3f14ac2d0e9e8b72de6ffc1d217ce62f997577f7eaddbe4603541b132cd41f2f2740363d9c331ef22df92029d143fc8495ed0152b918aed7ff22f564c7cd94fd3fe4178c90365ace43def8fe30ab05c0e +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 83ed1948276d689bb7fde814e67fcea72c4e3509c48873c3e7349a8fa1c08ae11ea4d814d8deb1021eb8b8ceec342cba5002a2ca45d5f340ae1aa500af4c7db120d0402c6cc8a840404be7221bbc46ffa10236043e5ce4415d3ef1355bde26d2d26eb7127326d4b8d671bb96a08e38a2c1dcc281830ac77202903a5e4777ff02 +A = -1be86e7c87827922d2e8a06e3cd6b64ac9a280c525749bcdbfac4856916321a964c9346d17465378251e6eada42dadf38bc9d7d87367bec94ebdc21af6b1302e520db08a64ba6b39920683725ef02b011a3e4ba46ef0eefadb98582cb911d0cbeae9c231b5e432c +B = -352059faf97b433089a688c702b97adefd0c91d51a0395647f822c6762fee3287693e302fc5a5584a12c048dea1a320cb96fa70b5daff7c2ea21d249467d14c6bbee15a1e94c030e908342a939fbe8ae0de58cb6d6eae7758485e392ff6d5d64465b701692c +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 402525e19b6b68942253d1a51fd9b2ca36fc84cf938d80b3d52fd4302de142b9d93d1663e89340fff10c2b5efc8cd47fc3b5cc5ccd49a6ea3038ead6454bf190b7f88f52c56bcf00c6ad5b0f5dfb7615915ee8af137dd99cd3d21172ab772f36d291a6856a8e7912750139c09aa024b930a0a6b9eccc83c2c5c0ee2473ea32c +A = 65e5db532ecae639bd56dd63045bca39b33b4d70b2db82ca3d0ee8ca436e671828cde80217b48eae7487fe110830589ab1be889f1e1463f3b0757d529b2f0cdd2ac92c35e8ec141885bbefb6040a3b5e00e64a541913a38fe05824a929f8c5a2c46568c61989c3ca7 +B = 1d9c73eef8373cbb1e8393feb26d55c33a245c33d7031c234abffb2f06a1601f7f3a79ef1e8664c51ce5dba5f5aaf3b9a9e42470d381219b4616ae93c7f6e64792d23bae523b6a224c1f714ebc82a11f9be42618922b8d2eb7b55e4d45572e68a19fb0ba72228b +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 7a9cdb5dcdfb6e04351057d731fddb9e85f41eb432f01c0d980673d294d05ba9b0180133a89930e74cfce78ed54991b494a19e7f80f310b85904784cebc5639bbc631e80751807868e7fe16719e8ffcd1f2cbd1b9f303c3ed488b647670be3080668b5fa0e53b6342c33c87f0ca1efe1ddb1c877bfe2556aeb61805b06f41343 +A = 1e412c3d66aea2c503f3aa5dbad368a61d969a2951c0094f9da32d2794e47f3bf4c481ae23636baabdebdcf0753d431426b1865e62de8eae7238a9245d62820ad7f17b5380d701f5db776cd4e1ddbdfd542901731ffcea5bcdc247fa9c83f7e08a9389e5a76d38be21bd +B = -afd61df72361260484fade8b432713eb740df83a401d73492883a5139c918d5c911ff5dc00140637da1c6acfbab4b0bc8fc1f337243d90beeb1c2a083ad8069494c73a99372bd38712a5b5393c779ec1915e878600e0b48157bea44ca8e97c6099c4ab07fbda57d1 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 712580a1ffde78c8cf98ba71843c8130e835fee3afbb45e372d04c04cc388e403c9efac742611d7974bbae982c3aadfd1893f5da280afe0c1db1d81a9ed73b6ed9b7f05a20ce828316103259112d7754560d66733041e9470ae0d4dc95fd0484bfd56d66739f38ead7efa4051187ea41f7bea8fe5d958a29af41328246e2bc35 +A = -47c5755ca61ca8b7ea927f6fbe347f1362915548ab38c40f0418f4c9ba4ad520c3b2469d9ba3976669dec0b278461bae80eda53e9d11447512963e797f45460f74678acdd69fb9efe3897913b6568f8e03a6d90b4cb5bfb06af132bf118574b70e6bd2f6d6cb4d0089379d +B = 5bda68c0a64218d3609d75eb4832d5468298f19498507d7d515f4c410f04dee535947571a5e75f1af7f94a5b3b05fb742fde23e7cf3f8b3dbee0a569e5a36d7a3d31a26c4a48a299044fd72339d2cee1a68966c851e76b93ae34130b75f4abe4f2260207d2254d23f56 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 4a1a514aa4d1ada84fa841d0b668930c904783fac521377a7d622201867d773ad23dbb667e0d4181616358f3cb088cd157c8e72bcd03db64647b37aa1813f870cbb0318ae0a3667f8e6c19f6e0706217646ce633f0cc8bf4e8f0f4d7329a8647252ca6d376416d545e73cb9a3cba40f8f9465d85d57c2481b84b6d95dd42d50a +A = -1d68bddd8c3e6b78daa0acfc63a6f39e97f19527a43f6cdec47568d57b47f4e4b7ee88e4a28d683b569e406ecd2510351dba25f10b9f7c82d6da16d848bb970cedf7675e67937921bd334eec4bc8fde83d67aca57eec804ce22bb342167602fbff452d5f0f2a7f38b576e1e50 +B = -34d219765916a4c8ec843ebee9a7aa1162974d41cb4d6b60532513608452da9993749455d9701af6b7b6c7454d7f2fd5c344cc938baa5259301d4b56ae8d25b6f6510ae6bca114cae6791fa5a9551e8a405f5b1c0bbfc27138563b2d64f9a4d7a8f42a23bfacc3f1ec9393 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 3fe24e66e381eca525b24cf767215837019f44ed4fac6ab118d02cdbd658066505ee5b0feb7af51859992ecb97d727121e38873f748a61d70201cc43228a7732156a80dbe399e05764be19e37dc1b93222bcdcbc45b1a4817460f7021dcf1d70e632bc6a306628790201222bb522f4cc80adcc907463a539b02f74004d42adff +A = 773454a43f495959dd55b8a064d70b1b1ffe45c084f5f9553582e24fb402b564de68e5379a8d9d02af101594e717a6c6db2e7173e557a64d2f28fd45c4e06041deda040705d99acacf8086830af19c7ab5e27f91738ffbd937dc27e5b7869bb6caa12c2d7930366ff75eadc570a +B = 13d884a2396268f1a8186748a15722156a172a56dd3d8c77b9cb7001b6ee06720653507eba9bb9918f2f699cb37f3b5ae514f5180108a704647f19b0fc075826153edda66dc1105c1008ea8ec6f8c10057f8e8e479e1a1274edfed9ef719b30827a30f26da78820c3696d01aa +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 715bab8708e53f76d2ef2afbb845bdaaf978b54ce25f84dbbf9074f16d30a18733a02a4ba5d7b092fa6c25d3b9b0d8243c743910f1b7b785d9cb02343fc6d59eb0817bcff05646030ce4fbb2b9ff76781cb1af66b46553d365d02c61e677ae97defe92d057d4378dadf8cba9824b0022c086e0d78b5442bf3d3263ba22c643f7 +A = 168186208c734383d472374fbedc2d5d430e85690a4881b740008623120a4f7f83b2cdf85dc28bfaae5870abcd7ff1bc782ef11c78a75c99d41f8aacb52fceeb5f10266dc65eb00b0868937340146d8850887686d54218badb97647a6d82c0c6650ca1f9078d73fc6222aab95c2967 +B = -9711e5b3965654bd9427f79c89a0b3f3cdec1c857f4451eec236c1f221bb6773e5dcc30e7381a18a813ac2b03ff4a4ba679aad41e0e5d7181d4627f682ca2dc8af9a8b4f878771446fb225a979ef9c7e641cac819c307c8dc50d9c1ebadf912ec7c844e416f95b546cf09391f9f +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 2714b99dcde70d6c3be8b671d78abc155793f13105fd4b7c5d760a4c68ae89987311dabf2a9238d18299f983b8aca69a9ce398fdf2c9775d90b11b3dba17bcd8edf661efb6e9c50b4e37553cbecb54eb214fed1d0847287732810e550a4c86b51d4e5da1cb7722ce4317e69644620ad806d6d1c94e1e3fb4d87de6178a997453 +A = -75231ed37f1dfa4487c9fc79a6f7b36929fdca086e42ed41f79430b2dff521919236fe415ccce590e1d3b986e16dda866f3f0d29ac1adcf55d87fa5cb67dbf4693293188516e360bac513303769c42181483fbef7abcbc4fea1310c916396d29f37d9058a62aead94511aded7c4b8de8 +B = 5aadfe65df0e5b877fe45d42d7ca02882cb6c686d486374da5ece6f87771675153c84d74b6f40df1db567b7e1e3c60c41d21816f958f5576fd2ce2f84a8c3be4749dfc7e5561266b7c9698c7581292d0d813cb77955458d63bf94ce87472924c4ca79504d1ae9d5f025c7a2504156f +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 6613b1c8ccac0cb8fe2f59e76fef4dd05acf1f1b2bfc20aa3f193622ce3e9d4c7824ad544477553bc68f05f0b546e7c1ee87301e111af7929d1f40525291b88e211db7175f4e5c0953141914fcb4fb951dbf77442e7cb28fde495704f1b5141de1e50fbd0e359d0d86ad709c8f564c84dac81c7602717c269219ab1cf12e809c +A = -1bc03897b02d1edb633e2c019e40c20c1d89a210b0733412aab675563fae8bd75dd7e65988cd8df4d9b343586e27f548becdde274f62dd421679554ed9eb127e527a69d69fa8b17aac0424dfa2a7692d1e63617ea45564b55f01a70325bca050862d583cdad96c4a2e123d0ed827348a745 +B = -3d5239dbe7bb3dcfd8027204eccf5e9444e68d322a0b0c535a203a1d0c054e7dc1e588bacb891388241462a5d2b43e6cce34ce46a23e6ef29670603d31001374dfa347dfcc794988e58945d0d2d17da6565cfea559203dec119fc357d396f65b296deb07686b0ad2d25a13fd4fad88d2c +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 3a7fc5680aae875b9241200b9f4112a82cd624ffd9044138ae3cd65200631ee9d7b918fbffadcad7e598791a9f0bef3e23005d6bc0048ba92461283492df3bce74c66e417b082ee052fd8f808d71f3ab18f9ffc40f8fb51ebbb936d09c26a3514bf868141f7cf238c1abb3d88e5d50dfc188902254f07d63fb8cb611ef8e4149 +A = 4a30f32d467b29dc83b40bca2fc4ccee5f08a64069cb87f20e63387b2219b12aa312400c4ca59608f50a71d2535cde40a6d248290793fe01693ca40b93a5cded2dcfbc9aeb36e187c9d650782d12bea917daadbc6525f266e074037803e4b2f300778ca8dcb304658cdb502c93c94a16c6261 +B = 1ca5e5218dade077fecb81d579e1c9290431b34df5ec84aefaaf233d68f17dcf60ee010db26320685af13a821b6daa9d73d8f3a30826c3ae7b2bc5e219cadcff826283cd7dddd04cea7a5e0585d6e7c9f23b27f14ff815fe53bcd75fe700b1b91671bddaba737fb43bfecd2a77e5b752a206 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 768d312175ce7d2601f30bb38339f046e4c2ba5c19ae5f7ca5a562cc2462c579fce9985e9e8afe2578db542c8d9e7693e0c74ba161334b249ce720d568e9c18f09c87cd701e6f2080b752362f2fe6252a1d0caaaf1fa18199776e4c6078d89d520b9c63db159d5fba7e0838811e68794b1413c248f3f7173ef29eff28f15b656 +A = 149353e91bdb70cdca8f06648388508511a64d05221305cad7187ea40d9ccef91fe17ceb1e79667bf66e8e6b7a57faa90a83bad119c02984a8f860bc1f23ffd33d4ad84896610301cd2e8e80a5ca7e8d3ee63e7dfa459793c9dbaef3569eb4f8a021c6a3d032a9c94d3f6b8278274d0088a98228 +B = -a7cbbb6a434e4b022d312ecd4a45fc7fc4d3aaca038cca0fc56e529fe7119ccdddc8e76d51a2fb862ad3d27a16ec8a51e5f66b9c7fdfbddcd05a0ddea14172339cee340c8c651eb653c6aab6551c99ae94f26116e15dc62f2c2e63305bbf84590fba1327ee721150d46464d7e22d45d53ffd44 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 763912f4b16549e6ccd60eaf7a0a1f64d9c3bc83e4a9b87e209a3959ba3cf609cf47183bc543f08e346b6e12b8bdd5d1c07c603f74b286ad432d58d7001299ec7a4dcdb56ca875dfc7ee5c75bcfe2aaba14959bf3facaebf8df92bc12937cfd4a4865b3dd74b243ff62ba256d110b01b4089730cf48efdc66fe272f9241014e +A = -4df3899b40d51c83dacb442fb143835bcdb550136921df78800f0515a6cee77fe3236dadd2a0800b79ebdaaf8cf4aba5ebb60cdff3e4b4531ecd0903c1674a4559339123e9f09158080fc53c4c6ae72c961c8da2f357b7c05368157b4956e592c41b25642457651abfecb4fed5d9fc1fc3825b772d +B = 450eff382e73f2f38bc3a4abecd5f8de478f80a6b99fb6252173c90d7099629afe859442bb1f796855ee9a2940f21d1f9dc44f462edd74b479e1f2926ff6faefeb55adbc6152b5c97967b1dc8c44dfb85b5e02e870d2920b75422c8a427e99e35e2a4be92cb0ddc04cb7f4044f716be97b36f045a +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 56ef57d56c6d1b94cf0fcdedd3611a8ee444c2e25522b9ad175587619598da341916b183be03b1e73be300f9969120d8f3a23750cd8c4ffdb87124a2139e8ff2c15d8dc944bc3c3a066aa16dbe6dba4a74925e16acdb2b2e83cd7fd5cedade6a7f7409a509c00dadc182b2860609cc9a375cb8bbdcc350bcb2c0df9b3bff882e +A = -143caf995b7783b1316b5551978727f06512fe114b419c735b3381ec351275fb7fbd6ca88b848c3e8c9faedebd6d084cb8a231636f68f6803d14bafd90534609d4a4ac0fb953417be7fee4e4cfefa452c5ee5d1e1b97ee75f83cca8691a0efeaa8bcc1f1e0f18c0c5d6c7684c9da6c9495d31a32f40a5 +B = -3025fa05c55826c40089b12741b7d406f748cabf692bb0227519a124653160142633700e3c0676000943556f97551171d231c1a35f7b7d8f96b0366eb74942466ceb4660f09aecb2fb2ac050ef699eb05bd8834a2ba959ac71550b5c026b9093c8cbbb7c5fb9390a7818db682b7c11e58996c9d0add5 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 42f363c34c20c443c1ea7a1c54f98c6977b6671164a80308000533b2404a7f280adb1f3b98101cba25249131288f7ac68b0ae2572c7777e7381c1f4d05fd82188c4b1ed5636652e0bfca4d096bbf4189a9358b79f6b6333b99e5c4b7a940c2f7d1413bf9f47a2ef66b620b5e220b2c3dd7267452eb1b9d8d9cfb17bbfcdb6abb +A = 499d05de867bda3118a8cb82b80ac91fc505e0fbc6c7dac5fb61713cb6e715f56a31ae8af4b400461d7ad1687a2631faecd90d7829f67d1b9e36ed7d55704b3f2aea65eac061172d698384daea710ed92cf1140cd4da427174bebd173c2ff1675b2407a84649b0a318602f33105006fe4d5ed8d0e015b99 +B = 17a426a12a0175bb46bf7a7e727eb5238af383cee6f4d5e2bd82b0d29b9fed35f3d8ec95cfdfcac49bee47b25d3b5f375a3340fa83f8dd9330a593a974d208debb7e567e59dbb7251b54e42dab2cd50fc63aab050a41bd88282373f8195c94c35f61bb48aa921f574cb4ff0984ccedc070efea8c46e5cf8 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 2f03374e9596cb56cbbd89794090ca7a4b437f4c05fa38a09db60e5ca900b208fb85b52f71c29fd35e62c9f9529d7ffe46fcc54607ccb07f6f8e13fdd4ff1185033ba4fcefb1ed4bfc42c3ea9f05276767d8dc9b7b4aea4c8bc0ce84951d1f590cec0751f73667db19060e2bff64da30fc048a1f5700fe3f489920675cc3540a +A = 1073531f678877ba854fd1e7f857659614c526847ffbe8ed131dc9f2ccf69e1f1e917bb44a7b905f7ff758f61c06dd59ee09567d9f0df2550fcb98b776ed1381ce052988aa08fc5153e31c621c6a51ca61b386e3a9163a5cd69608b3e200476a8ada35d906c41d044bafe71ef5c6f732935f15b53bf36f7ef8 +B = -de3563925474e5408e245184b57f328e265b6cb62eedcaba809d8f257eccc0a457eeb82c451f93af93ce9f36dd1aab386e7c02b356f31c2d170169dbe15e70cf5bb9073b35fe0e7c7fd7faa91c5b2b0740734f12eb741a9d9ac6dcf7cff59f6e16324ea39e1e07dc5b9daea27ac674dfe5d0a5790abaebde9 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 1aa22f9013bc1cdebbdfecedf710c1bcaa41c696a3d7dfc1c8c601fcfcc1c85c8cc24be7df2cf3c7311b3b17a4ef2dbce545dc467d2a92d371e02a196a9977cb9042b236acf99d8c0d34a1c4dd8792d3497cffbc87c397ccee5d01fc2c89ef051324a7061e423720d0a3821a36739797393bdf7a45b5fc600824a17043312bc +A = -4fb2e3fde2a0c653104c077cc6459c9234f86cc2d7b317329b68289826d3e2b975f1a69bed1a53418a0dd86e1b2723f4c4c5a29d003161e667c2315ec24a36f8bb5f2eb0a94f261e791bb829db685cd0ec9e1e301dc140ea57cac1da228124ae029e2b8ab1fa3ab99c55a9ca94dc7b767162c0a24af851fbb984 +B = 63702537a07971e399aa9a1a0795db052d6c8185c79107216babe11d6d8d472b61e604cecf9eaa6d44a2fcdd1ef0b6b52226ea0c6902d929b09e16576e6d1a6921765b2134c5d23c69ed61f36ea9a5552e5819350366240693558fac7a9d09ecd3702076c8c758a4bf6843fa843dfd688bef3f73515db31bfc26 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 6acb23ea695d4b60cce53079390da3cb3a4bc3a6486c238c421f3bf6c93c027a0475f656c3e5435f0211e90458ae81772aa956ef284093020f7b58ccd9373f3fdd39fdf4adb8dd64590f4a7fc05238ba20017bdad07f5f9a6f076b71554a7741bdd8c98ec68f8fee88396cb1f47c64d6da4c228caa3dfc7a9a1c032a9ba4fedc +A = -1b2496ef929bc673042996ae80f27c6bbd33fa7c20580240ef8fba985d1a6117d6e746989924e34f281e7d2509175d0773dd999bde16662e88fcef52978d19cc45fbae3997fa580a66171d398f4f0e7605d9f4aa4f728902cb886e6b6dc9f0161e7cf1ebac05a09c5a1bd69a92273280758173fd2c14550ec221275 +B = -28399206ae2820d26a5aa0bddc4903776611d08fc4cb34a22a8bdc2a19e9f8cdab94217f346a8070a4145f989e1dfb49cfd100267635af0e062872cc879c534ff138fca603b5d45a6860ea85b6de37cfca000c81fcda3d14ffe81da919b2a25214209b085bab9cb511889665fc845acbcd038711533da171d8308aa +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = c012c4d17ea4c95a360218adfc3363f6d89f5aa524aec70049ef94c2c05e59a66ce01e25588e164bf2412f9517b7740de53d037e71ec3a1d426f05b18b128c41a878da75421e8c8ef3ebd5effd40735c00818eeb1ec63182b44e817403c9f1f6c1a0155334be63a3a15109be6d45ac0d1b1ef5cc99e9b284b00c487d91e5472 +A = 796fba6276fb7129eef2d1572b305f63d7b8c49371cfb3b2c67b141071e66ccdb5e321fa2c1bcf624c77317e2aa135e1137dfa46a34c3ffefa2fa3e316be81f45614d422bf86fe4518c2fdb7e416bec199de033cb5fef7f193a80c0f0e6ee924a12c8f705f5ed3793ab770914924b45cf2578bdd09c701169f0a881e6 +B = 12cf934763127284e642ddc232b1c889cd86617307b6ad72a9fe0d48befd7c5c5370a0062dfbde2add256dc0af850813b22320ceeaeed347eb9319bf22320b2fcadeb51c4bb26a160f7459fc172c27a91d367d5a232d00cf7bb778fba83afb744177bf1ddf45446baa035fcd0065f9b493d92eda37e9138f4fecf3ec55 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 3de123bbd50c35805b943e76e97b7e664eb9feb99860750bf97e275029e836217375cc1910c13269ffbd0bd72bb82ca445ccc4b693742a96d19d3dc23f78e5ccbba46d9ff5975f239551c36403ad5fe86997536456c4a5ce54807c24e3b5317b1c7b2a1661aad85b63859d427f0703b460cf72b9acd3f87e2e69d7f8f15e972d +A = 1d0433d84f1de082d2058475e0168ceb369013a67aa9417f066c29c28272a0b3f8be5ac7190ab78591ae72a1dc8ce628c683281a9ad563e134387b9258b9c96d2df288fc118a8cff068ee49d635343772c2fcc252facdfc93112358414e1734d6948b909b53e46263e9a0cbffa141ef77bc98e7fae8ae2bd85bd875aa7c1 +B = -a31a574d105305e47f4fc00ccea0cdf854556886b524901c22e6f3b59a42915932ab209a8d5da29ab70d1472dd5378d9c79a7447d17665f9d1f1edc1e545e417cb65415cb8a368075c16264f42555d26e83adc704b5c126c6129318a8f394af8bdbb32c8114470d11b2acfe806acdc7b96e1e348a32ff96a988de76d4623 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 770f0c3104c0f3395fabeb75ddfa2c21a111d23438463941239f7c63e4b6e6832b84508ebf3cde1d90cff0a2801beee05cd5118f9a726a987eb58def6780be899b473ea71c697557ff63a4c6db894e9438595acdd98abfb529d75bdf3c1d619d6165a9edb6aaab8ada50b61a3a84de654706a9aedb7321b0523558e8f18116fd +A = -5fafbd498d610e9f29c38a5c6c262b71672fe9e9c84f0f071b549390353e4fd0101a059b7c547007e27df97761767302458f1936395142ce5776b0959fc5ea039429d64ac5d50c2ae0ee45d60c0c50b7ceb4ff9853d57c6e883f588017ffcaddf5a1aa3e23ab068877a114d9a2cf742f01f5f5d611424c8ec0d082f5c165b1 +B = 552155ef110c126afcb87dd20251220c7a43bd0215ecd22249a21c93583e120ba6f046c6fe03086ef3c97311c4d520110a450470a473d8633e3560d2cb44c25559af07516aff50d6d176e8782c06cd9aadd3354cc695c4ea8dbf85e01dad479c8e8438154351fd5fcc6fc7e9d2162ce2f0179247f756f0b9b34b54be74821c5 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 2e9ed66317734668c4c354d720a011fc65bb67439b2ac9203dca65a8f567682be40cbad4f55a83e836f1fc135596b624e4327acb085a61b6398237fef5a6e6560b488d4a673b5ae7d734b896d9647d71087621cc81e94d58e01fc2cc2dc775f9ab1b6031840a672fb715b77bd636e3d87b4949ec7bd60721bec8f9907b7c072f +A = -1a6b046d691830d33eecf2c53953676ed3f6fdd20c2252f6e915052ec28ad1fbf7a5f264acf87ef8ecd515ed921ce6b85017f3d8a8f1d14f269f31e3307c6f935ad468cf012a912b0650a15106fb949cbae7b36c9cd496538bb0646a7a28989dfadc719424519bfa43cd8833d3a748c758f813881d83c98f7cb2a63c2a4d06b8e +B = -34f87db0f839af6e4c4bf146789db36b3d0bcebb9bad81db690ccc3a35070d8830c9745b2fe730a1f3a252612e7026bf9889169b57b8984a5479cc4cdd6844ee3e150a2e7bf7680eebbef30e0591c895cc8b2ca488d489554f2339e2f55598717ddd8ce444a060cc95cad9eb478491ee8d3b8358c3762a970224abdc1068af0bde +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 6455ff7c12bf3bc37120fe3f1302a9916a6ffdae6ee6a37fc23ca2f3a7ad910dc0e1027d4dc304a8eb4eccbcf3c87cf52a13dde472c07e2df2420c1d36bdd5e88c3d76e774ccd2ecaf6a0ef55b8c60231b1348a738f812a4fd9d0c158fd5a9fb19cc7cf9f000860d4cb6509271c8e43ae4193843324db02a029beb58ec2955ad +A = 54ec203e2ababdb0348135c0679eca2a8e778ed46e53f195331a48d3828e5e40da804ecf95eed819ecefaeb9c5377cc1afb1fb220175990d347981353e7d90637adf8cbb16812af8a3783dd312d967a490f8efe3f23746929cf2a5a8df58e0b878367f6c5e4d3c086f947fc2bf70bfc3a0008a8bb1d7d83f002930640b6ed94c334 +B = 1311b88a05224e15f1465c8da26784dbaeae84f818e029301ea39a982f714c64312f9f02d094c401abb6a89e8537d64c178637364bd261f4a27beeaaa901cc7b3d4e36ebcd9453cda33d47a53c6dd1d121dfb83a222cfd16158eac23482c8abbfaca59e765f6c1fe871d884d281793eb19f6409dd6bbe4083bf762ef24c24f0127613 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 64104f6c06e563ec66de4442d35d88117f2535edf9e012897f44daab5a1b8a8696f84db7a68d64ae24a394debb993bf6734c9df542c7e473b2e497396ce39a064789d5d7b339b65766b002a18096e7fb9f312ea5997c2a85463fbd6fc18f25769ac2a2123ccb0e72f14b0608c4c22add72bda138b83f986e78d5c9da31b15b9d +A = 145f580c2ebc6c0354ebdfdbb1d3d7fa17f0b55493b0b9a11b71001c840a967dc77f0206c3dde161b5a773a6b5fd9471fa08b205cb6f728e3afba440b55268d6a9542e234ec313d53583c580a391d8da5943f4a900b279ec9d8933f2cfbb260b74ab714a8b9a1af3190d914b6e42212df84f933a237728a5fd5473ce2e272eb82bc83e +B = -c67f9b9295dd5844307b8fe3cb9c1875257258e4be6229ab097e148c0175ecd0de4d84fe03c8da6e27153c709c2526092b1abc73b5fb40f1d4da9e0f3d8d2fd5f8a4e6f3c30befd80e189b73fbd77e8547b34010d2aa57072db0f00537cf3ced95eb517b23e0c854b4becce128a575a31037c3a9e106a476d8b0277d26dcee435cebedc +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 11913c40d577f70a5346ff1cfdca492ff52b640eaf257510d311872c8df7ba9756973da5b9206c6e5254bcbbb4bcfdad5fc4594e41ee44e77f168e2d20a4b228480a9908b102dafddd039ba7f7619eed7057e8af3a72ee491a61dd049bd947e5b09a94ef94d5f336945f47104fddb8493ef22fb648ff5376b68e96c0555d74ca +A = -5537630b7cfb8daf76d14e617f7b69f7b75b472801a9a818179d83ef2984d0abc8ea4214ed3d3d2bd785060e9c2819e861d0df760fc1daca8340e8a2c997c9ad201d6d2f12a82ae3883cf9f5c51ff1c25277c28175859a7b8e5b6cdec7cb3875071cbe415bb698b85cb19f617162587516f93c728ba8b2cfc19f238e2cfda115b8ec0431 +B = 597296cb27080f33a24241c1e98fdec32f7a4013a7340d367e4cf2a521cd462a2803109c27fcec353a30dd20053a1f744394fed75829e8396f8de434399bafd6cdb6e0ee81343f0cb99ef3087a7c69bd43bd722745a46cdff0c2c837fd87543c3c63df3896ac101a145b478dc224644996fc72460a89beb5741b91a42f2fbaf0d62c099b32 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 42f420adf5c6b32ce53fe23af4e392517e37013b8c3a7d035a93f6ff45142b0b0bd5525cde85f9b7bd9ce219bd3514617e89ef4d9279cb9a3e89e44f1994d72febd23ffbdb0a4f19cb76448199b31c5cc6d7ec1e46fdb67be1211c0ccd93c123d56ac0d9cd2ad11f0c58c713165003495b75b60665047ef80f6a393474cb727f +A = -1c6ac9565d1950ae6c55025f76e0a040eed0462218e97aea87208ba879acedf413ffd5e63a92dd8658cf5f49d633ce7b126091a55701168ee4932db004dfe8c35c939887fae3a892b0b04d8eb74191bf8fdcf5566b4d3796a5d2596b1e750f64201057ae60aa705edd58aba4b48f6a2e511bf5007a6c44a27e3efd5bf2708f7046c1fff7864 +B = -244f2a90a57e5d066fe22f4d52f91b44882b8ef76d1dafc3387abcb224eda4a2100239e729bbc745237f8129d457e98eafb2ede2f3afb81e63520493da2a5730f1170b31fcac21259e90c894f8bc488c5e5dab2c2635bc7b1ff56c3685607f6fead73a09f83a7a168c4245729ce5b06e482d7d3d72eff33d14cfe2f32f72175484ffa292a9af6 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 2239459025b257fd0b6659f54b8874f93f07f4d6240f8ad761c9da288cf1537d8bd001eced284bddf78edd611c7f28f1393c6fb879aab6e7df8eefd347d63628b1ae086148f488b01272f67ca19db71a2b284eb17e17aaf1e3e8f23ea253595de474d5cf47c16aecfae360eab7855868b8af361491f6ad96f893f9d3eb66d07d +A = 558613de283911aea1ee21d6b926f531f778c5226e978ce329860682b5375fe5e5328ae27b00f504f2a2d24470d16c1edcb8e76b4d1a740e55538e79ac7da4b45c5299993513ec3bba7e7395dc829a00d4e228618dd348fbf838eaf0bd50f6c70253fb1c1c734a07d0813915be25d3163df13511f3675022cb85af7646c14ba5d13f615ded8e5 +B = 1f3c3c468146c29408d9207e15b25186d3b06b3fbf9556eff7ed7ef7788032d87ae1a4d2a0983902d4c70936c615d8c9ee26c89af8b58d60231ede54e859763237d5ac59af686300a3e92f456484ce77700557ddc0f93bb40e5d2e5117f2356ac7ffca26dcafb3ce7a5573e07ee97515b6b082fe75fcc9dccd76b4fd416e69a247fab2b30965d9be +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 7650985e7c6e5461268867dfa9782cd8154bd6a4bb5857d6555e9d9746ee79b37e44638940bf8d5e974911327f0e53bbcfda0739056bae2248015c35839f35e7e359e93d3a339e7af38c0cb43eac5b41e1406e34cdd4afd458a5d126f70b5d683415b490e0ad61269ffe7ea8972eda6addd447d97e60891e5099ee920e18f233 +A = 184845d3762ad1a9c925c51fabc7b9e15570a84a06ecef994910845d56869264273d75fbb84a31c97c27eb9779e8b39f6829638a78b266326b60546507f65128caaaf36d4e7f85939b75cfb3145e2b1bd8372531cda579f59efa0da9c95a8efc72faf326d35c660b4444627d328bedf50a919029dd164de051a4c0c924103e365cd640b9637d8244 +B = -977390f52af784b52c1d54e82131b072a1c308406e9b82587102e67c6f7145f0020952231a5f0ce9d130677bb5a7a37d5a06dc570a13a29673c8a9068f06242ac438806c37ec46136e7c1c1487ca2d330fc1f3c1f42ea51ba2805b74c44a61fb2fac109710dc3dae78a07057a753898d4e849b910f035bfd807178f0108812778345b256c7b59f8883 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 35d48c3e43070a10dac0e256afb83b219aacc0036f554bd998b9092ce3bf87bb5d3b00947f2c86fd4e7ab830502d15fb2d4e47ead087f5c779a9ba56e272ea86116e2c81345d379dda6b581e9c8f4df8ea56c78f04d4f7412d245e00ac645847af6ae97d5d2ab27e48cc878d8b510c2dc753f6ceb1b9e7bdd923e0e065a6c11e +A = -76e575cc79d7f0c313a489b255e85d114f3933383cdfe75cfef649f639921eefb9b3b3184351fd0ad252c6e477e153ee586a0ff6da1e1b2bfd7e953e6dd778c849843fa5cc355b31f5529ca45aec81ba67a1e364d5a74a4656d266f7decdd47b2fc2d81d6c298afa2d1c39b5e8eed519a9997a14513537cdcddde0b5b41314476264d59b7d3f0e9a65 +B = 6b7faa437b4e8db8fba56c62eddb8a81e9090d1b6655a2185d656b2db0e85225992297381d653e707aa15f3017880b0f07abf3dc455cb09c4e551b3df3516c6db4ead79b88339fc33dda96bba76ff7c388363c36b67fd5dd0ee63f92f67549dd77e37e9902ae51cb58057579f03286fc48e3b7fba763fc5844c222e6a1eed9e1634d0bd034cff222bf147 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 445039f359b55eec647296fbff4f22beac09cad32cae79c13d591e314fafc2b77839816aa4f641250938865b0a2c30a10e23da71a6dff5985ebf3df4429fe64c327557b12d987ad9e9971f7c7b1e4ad01c94e1e5322dbcbc4707a959a401624619029558fd6f5b14564469b13146f9a2555916491e4d77caa70f51716b299135 +A = -18ddf976fec2090f7d1f4d41b8f875e56c813c04338f595d6e591b3eabf9e105be792f45354ee9beff997e6c0e8ec3fdc714c07b3466ad1a949b9d30da0115f5484c3b9e00c7cf0c117db57c3c6cd7434371c6d9ac7a5da1a0e2d705bacfc22f62785222d59bb5bcd3e3bf2df8e845953c6ddf1b546cb75b1698dc8e20bc611294ff288056723f1e46ec9 +B = -2cbaff39103570df7d85a5673b50fb8818434bbc19ab4e33bcc8289a4047d85de1b7029a5cda3976ab12e1d891b7efe3d5576bcb3713c597771f93532853290068761bea04200fcaf9b05d8553b960ef5e28064de89d9e5097d12b26af0b64beb40b33ff82a55af7c5838b44282917fd4342e2065942c724f3cca515d9142fb8e46652242e8f0ee5ae07b6cb +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 6727c0d0ecb4a375d0fd1bc52146da1242099d445ed9e87b1fad4daf8369fbeeec49027d88bd98efb425c1e3f73e412fb327680068ae57d4a53992f3759af0ac1b96a92f56c2cf552e6682d1fa90c3910bbc5c0b1754862ee13c5ebd62d5b98bfe8dbbf9bf53bf9ed0b967f3c9da24d4334b9f3f75314b429b05b8e27142623c +A = 5cb6c49efc6767cf956885690ef740337aa71b90c1d4b9b0a9e4734de0c0c50f2358fd45aeedaca6e1dd0fb510bf097bf46513ee09f3343bbd1c11f507eb61d51ada40c5d6b730561756480063f60caf05141bec9a769c241d367cb92fa8e229ba2e471fc73f48812a25bfc7553c395ca77b80443ccaa82fbb7198f8c35c3b5a2fff977d8b2a29cf9358ee1 +B = 16ff229a0e67a410555dbd4b687f1470ec854ef67db73a902f2d19953c55071c4a26dc320baa8571586f1fd54fa490b0d87dc83e5bf20b78956084275518b307ce69aa4ca1079e3aa753d97fa1cff62e0b5f3b99d96a24e411fc3a3e375ea21b7b35a578a72df68d28286fd9a324c06930905f696424780083715f77961532bad061f3901ed276a9eb6e81ad4b4 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 6e9947beae4d934253e481d27e854a59c4047eeee4fdc7df7e174a8f045776109c148ba3721685195b8fb59263def88891c5953b5a0ae85fcdbf02abc76f4d3c0f5d9496327d063ce8b3ba875b4f119dcd8beefb3ac884c25955af61c35a69d0670c3c349564e5b84f7df4252d6d3b29d9a75f09e9ef79f0fa9f797bf75b8ccb +A = 188785951a3befcab56128cb6fb9576bee2412e6cdd7dd1bf5643babae83c8011af99aada405e119c3be33653862440005be994bf37d3802cb6c73cc312824c56841004c8e871ffb560e93a1d222c93d63684e90a91394b9c8ba8cac27b414bf818ee0de7217bc2faf099783800485ce2e93612ce39fc7e2f1db708bf9bb032d92b66159073fecdb2e0257058f +B = -8dddf094f30284c213577ceb7f1b2efb1e4213a548e6aa840f801cd6382fb6d4995908b7827078dc3f46fccdb9e071bb8531ea8971de0ddbb714d678bb71ba9d961e58cdd5f41b8472146ff9b814a5d1d6368bd94812f8d38f235f39aeb2421a57499fe7102c1ab167df7d33b32a6dc7c8eb8f4babdd6b6c929d1ebd9bf4774aa40cefbf136feda7b6e10ba4dbef1 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 3f4a8d90017dbe8e77205e65fa7a0875a1ace6f3f215c2974e47dbac779804143da3dbce92db391c2614c078997c7d1a15439ffb51a5787f5bbaf98a4dcef576a6317b9b92dd8141a8fadc05d3be7c150630668e620a4e07b4b00519f34e422610a160de112f1ab8adf09a9169ba95b60242c89196ac6e155021dd84b3054511 +A = -65ff4322f8e46e03aa6c1fd10a207a5e51db6991bdca232c0dbc9d73ba77fc485d881868be7b14c25b05bb59b7f5bb6c4b2a7d53f35d2d7af282a0423285c5de656429ab7d3af7d92837e41ca701f527845e98c2bfcb51647512e6abc6675cec2a7d34ce55ea4dcfe9e7a8397d45a7a3e73bdff06e303a8f04ab6285eeb1bb78b1455931cae203078eaae826a6e5 +B = 4d936b603eba3aeec3d3f1f9acff02a0ecc28a8ec64b6bfd9b153b1bbacf4f1e186d3deda8c1c81e759237921cec53251250e3e838f5063c4a1eb6cc93637f35aca10b965533d18b713617a312e74c446d63eccee93cc97e3723ab27357ae9b3cbfcb3e2bfc589a1bd582480e776198df047c3ad85f611ca6fa480c70aeb98af02f57d56dc9659b2a6bee222dc3e0566 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 8a7f3cde3230af1f1fc25e0c0e9ebeb69161d3864fa5a03e5d7f8c82d9940ded285df35c008f61cc151b4578e2677b2f2cff3236935de5bb1d113597eee448496fe29bb18343687f6e9f1c783863e949a0954de2993d47a03607423b458bfd18c844ab57e9e2a43930df159ce8564edb5a2a37a06425626502e3ff9363b73c79 +A = -100f2984dc1451fd7b71e5d290e4b7de2d26175a47b9bed524fae02bd5abf96faba06e955107329559bff3805689633a4a57275732bc42183acdc792cbf7b6b24dbdc8921b73c0308d0c0ce5d8aad75f7eb16352e67116e859b323deccfe5d9ffdd1f0265297bc9eede073146a06acc3c330458b07b8fd0bb652c7325cafdcfa165f69cd0de8b145d49ddd576fdde15 +B = -21ac4953e54347a56800d75f6feb6ad660b0442174cf3c5dcbcf6528e2b5da95a614d3a8399da14507df4b8eacaddcddd627b10ec2dc5fb8c43d96a38e6dff37189ba275afb9484df800587f4953e327af71dbd58780bd5885b4cdab15ea0f2864f961bbfa9bba6b2d9448443af87c0cf178990254c1ae6e19003b1621f3240a6e5d0a3be2deb5dd253f5e1f88dbb60b522 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 76f8b44df8d8547f8b3d8537393d2805c699eb37d19bd115bd5539adb6b6a00d004def3b7793d5c71e0ccd2b7e9fb87103c1a5f56a8f18ede1bfe1607a346297166596aa78dc584c7c32832e11b72fb4f2d40ae1591f341919bc0157080ee8febb7fee5461a918d2178fa407c37a8243e24206ce2c19c3addcc2b7c3c1912b6e +A = 56f4d397530f5c90203df1ec799f82a0096888fd370d543e33b5a2c8042108bb75a86265204c40fa5a9a44965ad2fb41896b134ea56c79699a230f38c0e3fa4e5d346cda70e0253b9993c9da5642f4e645a0d96cb732f8f04c99a83d1f1360a385c6e1a972b89915489245ce58830788ce23b9e62d6b48a7ff9a486614d6979033f7914a0735d201c6f29e512374088db +B = 10fe818f6af7a95cfefb0ea0726f9a3e0e7c30dc9785b1fdf6e2b810515448386c7efc656479794d389e109ef3efe37fa6124c5a7db3164268da0d98538606c57bd2f7df9482860e81f272a27c727d7d81a66fc1a9bc8c385cf02b7ca6bc7ec2d8d6ba1dc992caa216d02c9bf0fba8ee754af77567c6e275ac1b6b1b36b065760761300d156e40da8445712b8fb206c0df346a +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = f580f9d2438b22700c3ebb23d1dc296f3d33deae2d32dea51c7ed3a0ce7b06af11046bc1cc279bb744bc31e7f822c17ffcc5dcbbdabe213bf97bb85c7e19ee71a513bf59b25b3b5787e42e9f3ef6aa1acb8705d69924a107b4f88e0cf9276c2c7c47fa4bf56c4900b557aa5587418f0ddd899630ad3ff678b5b907c07247b2b +A = 1017a4fdce8bf41ce804b7c9c836d85ff6ee899807e1736bf0357b015b701b9675297e5ebf588ac6c295feed3c6a367987e192be0d89523ac7d64b0b9576f311b5b2705c5398276a52f06085027480c2ca72884ad7be34967bcc6c8cb4ec4fb761e88c16866a2e284b40180eb14536810eeeb180ab701ec47ece62af65a0753f95ca657e7d04ebf3c3a7db02993da9089840 +B = -aeb03379fcd4e87cfd18957a72fce42e016951a72b673a9e81f666b3cb20d2bba81400ecc2b38601bc3270eac46a633a1a6b55c50f00e9d7fc8a20176b93e971cfaa4f41573b17b8ccc498f8a3230825afd0d7f102daee347a9d59cc0914ac8689c1d8b39ccef1f3def44054307a7cb7706535f0cf4007231ba21696424c3d5b42c8e85c278f7c2e8b7d1787effa601ad357eeff +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = be05efeee19cc91e30a9277a6551aaea63aa3861b63f6061efbb0b92296e09f4709529eb849d9f40406fc59c526a4697144cef9661b556040458940ffd6a87ed56cb073d2ee0e6d1f05936fddd1b9a8974a3088577847ddde6bbdfb3d69158d5b3899c13ec78fb5cb6aa7204efe308bbe0b52f18381fe838536707a8a27ba0d +A = -669660e75eae9930dcbdb99c477c980869417ec9c0e8c4053f0bd8ae62d496daf7539f37af96fd1cfcf3149bc02b8182a46b413e3397b49d4b4d204491440eea65505cf5d33a8e797af08f3da41f5a0804214846bd95d730260c6545d51126278181719ddd396c55f119e84da71f0683eb6db8393b098b3a0c5999862644e073b4918b5c8aff17efe860744d85bc94b582d45c +B = 6045f903a750b69b709cfd6a1c8ec9fc0d7da9c53a9d26fdb0ce9a17c6a0ed5ba633d6fc01f004f4a48cf247d61f7df609008ca5bdc8eafe06dcfa06bb67efa6a584b5a2f02768718a908978edd475a2d2926af2a6e523549a5cbecedc78323c5c295bc0b8d3e14053078492e82e339ea2c6301412a5dd7efc20da0aad0577a37d853eed820776e672bc6d23dc821b5855eabcceb18 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 705bf20b7d92e68a69019cfd721b27373c7ff22f911066907f556321371fba70dbcb9774d3a26ca43e44ab20c586a3c1546fc3152ce011be66e04a59c6631bc8bde18efb7bf1743b9ed75a7a6c5bf5a4117368b81b112a3cd4e1c44a621f534a11c426451ea5fde880939ee5bb28d9843730e284520a976cd9f60c94751050ec +A = -17c1dbc1ad1d2d33dfe1af7b4cdc7b69fefec5a92656957e111aac292e44719c7c752ace33dc74a6568be38b576a5ba174bcba77a034af5fe101699c99ca39f8a3b0a20679e6d0180868a232fd8fc775089e185e5eb81585403f32619a2f4d857bb091a824a89de2e84529e5b0702b45771a5816c5a823d81ddc89f8a70cc3d3a0c6bd6d85e9d72b69d2713b61c46161f7f4700bf +B = -2252b54c602456c5deb86a0f249f3982c3836b70a946f636b22fe00c6e3b91b94e19200a33087fe734ce9a3f92a6099ad03a95ca523b7edb9e1ed3464d38fb96c470464e1c54790cd48769677efc5e1d22f5be4c15288bc5ea1dc184a05fddd5e576b3b4962f37437b4f9709dcec374377db44c8ba1d8611c0c3ec35f9bba213eac59a047e78195ebbbeff941c7f862e8c80eafb72b1e8 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 7306e3172929c00c29ca1db360eb4ce82066f237e9cf6aae368d1f531620e9b61eb64f5b3e2b735a3b565587d7e955d052df94a20e4aaabe493dba2c18e85fcfb65df166cc48733632d165129b112598bf5e4c58dff662e558e5f71b25f36708d3ab6536b1cbdb5aa2ee56d9e019a9c3629185b188af909831629ffceab634fc +A = 6b31ef80767a7693e7d0a9ecce54beaf5848120f036923d80b7a0245aa6a46135e32314f3b227268e0bfa1f45b4dce83bea890526c7ac3efdc8e485189ce2c51597c2864c2d3664584be23559c03670622a53edc2c17b3f1a92640078ec35189dd7953e55e4da0290ff1e2996d164d69f1bbe6f5285ae89209d611a7d760e413e23285066eab8e126c320bb6130a91d67ef26d4dabd +B = 183f06828033287497322b05ac08f62dcc5fa67b7a10c6c5a319c9a1e642754230c6d9809dcfd2de4bb9e360d6e6e1180f6ec6e0d4c6185e34ed299b6171e653521d0f7b8975ed5e7d2c51d27f9784a4b6f9b5e97379fcdb42e4df981462cd5bb9d0501f93f217d954f6baf70343ec710065eacbd2b778430ddc36a7ef0515f29d5fe78d8708d8ffb6c3391c6f632cb1bacb4ec52972ce0a5 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 361ce44d153f4d251952c0b90681a19b7d2d8df7a6c5d459691a80c06107b2e818f93f30f8dad352d2dd87b01530d51fd1c67cede9b1a6167697098e41bdc5dc5e7a3c310116aed0c7b5fd99dfcdb3517c13daaba6ad10879f600eab846cdc110d392d9bdc0e8ab34b317840a725a7a12ceb48c75e8dfeffe2947aa85b2a5158 +A = 1e1f2e44bc7c79a00afc3b2570d5cd27ad5ec9f45aa94f63f2ec3fa6b69077480212a1cbde25ded7ab1c6cb1ec26d5905948e5c1d6d109bd5047b1e038666054606b42e880b609f6f00a219dcfb504d481d6fe709f4362940f6c4b6f2e05d243722cb32bee5508ec94eeebb53b5befa551d3ab5dff9cba3daebdbc97179e56cb778aefdda6a0c24265728ff9e59ca3c2d615398d97e66d +B = -e018708df037aa2918850fabcad82731487fb812213b1c067d0688462a4d518e5ec7c4c84f2cb2017aa6bc960e2faabbe361ad8f66355366cae869d366f06d7cc32ea08dc51631e7f36a4c775611095d8aed06a0086d0a471749246d7157947a1eb5d5503f207723a7062382b3e45bb84c6f555e48f6d63aaa1c04fe13c0108507c0ced669a5296bcc16debf18e03c32eefd177bbc1dd2f19cd +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 3aeb3ff6e797d271fd2271499a740a91569f300d7392a7b5898084012a3c5ad379a57d5169e43089cd58fc7210314758d5368dabca2f0ec5cf6786801bc99b45cd60403c732d9f98936aed76da724bd3e7d4b622dc690778f11fb0310fd4cd980b220627f7a864e107f93a6259081c6581e5dddba4890508af8057c1af29a745 +A = -75e06b47f60edd23148c3736c9c125a617beea7c8fd47e662c9d9be883ae925b7801a0030df3f4bdd3c9fc386f18c4e002e5daf4a6f7fa27b2f71252c83d5f1695e50d62a10b99e1900987b342290decf681a064f789e11bc3fd75d64e2e78ace56e7491fbe0eddd6f9958a5f95775c920ad6c051ebe7750fa76891ab00f42c910550a42bbc1c1e5aea0ae13b7e6f916a5d228bd57e854f7 +B = 434c8e4767d0d7df2125def75a978bb1509a26bf8305cd03df748c6c12b6dc580a2c1ca9a4526eaf3936fbc4ec797d0733217a54ffc9e1d7c6ca04fb39679859d5bd3fa64cd0a09cf1a056094b9c20ddf1f00e134533ba9892c2ca7346ac8d0655250eb45df9f0b7983bbf71102c6f1a2d9497e7a45eea7b3095cac037b7aa755beeea8a6191da268780179a652d94a732a2a5c7b626c0de3145f4 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 734a429c91f5b0f06fd47725ded06222c0193dd407e9daf136696f203e153c9bf6df59016849284cef93fbd35edef2cd31c9b956fbe562d2a22100f177254144718ac7d22c99783fd523b642984794bd7beb0d0b363e28d3f3469ee332ee364faaafef25c1d4a11b5e517e44a412ba717a113ea9e1e8f2d6db8fad6f10d06950 +A = -18dcd213e9938fe4b6a64abee3b9867f65e47e5b0365d45a8dee14ddf787f34072ce32f38d4d48ccad236005a23c5fcdc02b72cf27001495663fc56f428072d3f1bf5e33ab2c5f9dd9facf122f7225ea03c2f67321530a642803f65a2e9428f32d0d974e68a25f705e4f8140568f7e4b132942b49f9ff53f04f241feaa29aa353925fcade33a0cc192fee2628c2111da1e652cace9d304d0f1d +B = -2e5397658a5e6db9d30f09e93e67a30dc84b1e17c25786e041fca48ab710e1d0497ce615264f1abcb23d5aae8412b58430bd801775acdce06cd362438898697940712062b611c92ae6ad10da31784207c5e7b9362b20d7254da0df8caafe0736002dd466d76b1a03e91a8dbe8a71107abd5f07b00fcdca2017391c7c3263881a3d02a89b0e16a2a765a32d24ae6584cf44a88975c539402db9a301dca +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 427609751f28edb62c717bd98ddf999cfcf65128b652be1b5aac0dfe1bc0f7687c580ec70c8290455a9448c69dcb550c0cfdd109af561ece2ec8707c1d02e8097e780f32ddd932e706f81f68711acda0e7610f4dd0fd55f6ac7ca3a3184f655b0b29d2d62974739b43ded96b413b9e3f0033ca1edace24b6bb610bf06b5d940a +A = 6576c31d48daaf7d6bc3658952c4ba18095f1a0d73726f6fe59381af45a2a6b592adc79fbc3b597e1eea711ab295cd991441fb5fc4ce5f047e571a7d949c709e0d31156184be4b8a6a49691ef93d7d3b120193f6ee82246aeb896b8b7b4c74c27c02cb39fe0335883a3f088a71ab42b947a0cd59dd2155c65a0274ec0836bb8c2fe394500724ef84d869bee40291363389e7012d672b1eab6696b +B = 1ba2888f30be283b588cddf00eb3ae3c641e35fc0bb3a9fc85d7fac1e81052129f499afd3e8458d4cf893d51fe4a2bcddf70f28c8edef16c7bbfb791daedf1a8248faebe36953560498af652d1f1c7aa0e9a5a667d9c94f7d9525cbd5a82147d58b738dfbba5aa162858c2c66d0dd7d8db38d41a2261e6efc7d0c8b2dd2d6962be0fc796705cec8e87a13092e4a3febdda3d4dbed9d11a1d5f92d7dafcd6 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 533d6d8d7384e6e65569ba0daae0a8cffbec1d20e417a6edb42d401a59de0a91a7e6854db081ce33b76faa63f6d866993c245e69ddbe6c86d339f7107a4807856cbca23cee2bf5496388ae8fd8d7c78767d0775acd7bd6202dd75451b424034e2766185969b5663b638d539f718e50a9f752f406c224c000bf1ae1fdd60a2a82 +A = 111940235b144a42a13201a41a3f9e4ff02948f8e9127d9a3007906988a50b36d7622d1221155f2516812074a7888b1d8334a01c02ee33b3164d761d02b36729c299ce2455a462bf18471fca42e5b01615d53723c3fefa5aaf4a039a6caad35c348a0a4dd3f0204f084f35c0b93ab233c4066dc50c5fd3897a769a7c5bf309f7a9c30e905466c8394d509b79d62a69b58c73d8d3f1665ecd9a8a4dd5 +B = -e2633e43c38c0b4b8713c20bf4e2b8ccba680ecfc1139954fc42724277beadea438596942fea1094091671c2060dfccd0351b2fba8cbed35dc963cc18f8e8835052da884799d88ec1887712000a0726b17cbc4302421011d5be8d234440eecc363f09e2c04bc9cded3cbbac9a5bdf0b6d418822fdd90dead20e5bbbb3566ca94ab85f3a00d32842eee6521edd18b9aa6872340b2f47deb961f58bf231e01f9 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 33960d7ceac73f342d46275e04fed56563decf2fa4c0e9307c90288e911ac8782f8e1354fb051a9da8e2db83d7c710b5d2b611495e72ed42259ce783a7e7a8f601c07061ec749481d39a082f29dda1f9c7f444a33ae1c1055d37a677b848af371cd3bd41c851d31a07e144d7add66df39576b8200a8b918201630b3da8e664c3 +A = -402034484e499a8efd610200790d443c5d3be35d19d8808da85954d42dca3f24177de48f55fa2efd7e4f7f624d806a8d461c3bbe0b626fa1f3cad2145746464108b367b13f3537ff395262256bfccce5f0414e1f98b59ed29940171d46ebc4bfa1a27802cc30d9221cfbceeb92abdfa6e84ab4a54965568aa10ea631e82067ae358a1a93a3a3fe3a5ed5636a0c4cb373b4d49f46f8fbbaa665a19200b7 +B = 78ec7dbfa2b28e268619ba6db34a23adab25e7f8690aa9464a7d8fb7c6b87d5dd9d33d4c023bb665f2d96febf2638fc087ed30796fe7517fd58e4120c0d319688e67a32bbeaf62a987a9764be75384bd499b0e00a850f27e303f615031299c631844d10abc571f9f2a0f742cc0e8df2fe3c244bd825bf1d9134b2f1059e2a1b61985ae8daf9bfbd9eb24ba268ca58553891945ff1a314a78fdebb5444677ac081 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 3a1ea3fccd6f336e6d444d68af1753b83145131954c20f1e3c433a89eeb7e267425a34d91f67fd65191dce85769ece2fc7ab12d032f3e30f8509095ecc05148e47a85391b21a18257c338a6a3ca9816987abc8143fe443342b34afd8a52fff00dda2e42b1b39322bd38c6a1f711051f791d6cad2a47ebd423a9b933485fd5861 +A = -1869c53f86755aa350115a9f49d6248cedd42a339506b8ff59cb878b7745956f142fc4387322c41f369773ed375b72665026771d4ed1b9ece08f84e4782d4c3b0177853cf9ac3a55f7e52f39c1b82aa42b30628a4fa6a838754ec6ff9809308f675e455bca6f44e298394888d85fee29d8a0c8e9cdb9aa08d68cd70e13a243b5804a3ec199f52ccd462ba6594d856602cf1d5efa509047633923d31f78da3 +B = -2023c544b6cdd8d971bbb345300f7a101f6dd44dede6bfb5f4e6b4eafb7a40728a3063f6d4bdd0f606ddecf062828cf889b2f632d0c9254c28f36dd974aef116b73cabeb2bba98635841c2b4d2aea833e35eb1db9fa9a9d33bf7b51c49a14907dbc6036b027a039192b47406bcc56bccf375fbdf40b82ac4b3c660a43d5a6eb656868d383cebd099d2a73506f675cf29649617fe06097a46de93c13d1e590ef2cc71 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 4331f18a94c169cf0253136bc4eb7480c9fa4401c18db1194371dd53e5f7b75f07ec2e1e1c4116a5d2a8b2cded4b22925b67a88af9b8479c6e821d58cec7ed9f780a4c41e729982cb33f69b87d01c11cb9a8f7952db1920b6eb2124fd5d820555a99327117d7e8e26d18e748fea3ebc17e1d07161fda57a21a70c7f4e251612c +A = 5e7d4ef7d6ace6cb106e38d96085d3f3505983fd952498af3c1d9b2af61e4ba10e14961b339c6e64e11ac758d5fa18c3222138290866970d67d0a4f4e19f453503eb8dfb85b44d1050c86943e7c5d6faf7851bedf7d0cb6b13d2acee25372243591d37dd230907457fb440f83b62395f80f59a2d02b87134887406a78efd77614f3193e517f234434ab3be084f1484d3f2c1f68c67c0d6e863585a8a5ddd0be +B = 114b6e6726433ea88a2ba965f0881beb3ff4d377526e4e099741f069abfaf29e129a1f5fd243c6599f725a389728f755f9cad767ca1d6ae5c8b3a32102e47af211e86d67574bddfa42b2cb466d968f38b47333b1b55211fd9a315acd5ef62cfd3e83c13ee9d3fa20a06b2292177961dddc7dc39abad9ea31ead1fedd3d699f651b656edceebb0bace11bebd0cfa581dad577b8b42f0a844bcd8c8227880876dd7b0aad1 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 2468cdb1a26eaee34db3d2724e37f023c8a1788526b3dca99321b574685cc8303c609c85401a58fe6da181daf4111fe8c6d4b7428b1cd301cdb9bf8cb6f33140756c8b490d3b2e538ff294fd6471c4d17b9d9e4adeae0df088cb9daee18e825a368be57af4a096056b9e76b94c8d3b911b6a074ed41082926773a585007752ce +A = 1e6a59efe0b14fa017c32ffd0962700fa9752242b06ffd0b604b9bfd125114d4e0909534ede704cdf1c9e88a6567f4a2989df752510d087d7b7afb515ad594627ece54b8a8e539074386121c9a3e1c12eb2641ded8719e56d42ef50e2f3b5d7d59f8a6f897174cc00a7449d2b91f33e9df07902a95479731a44fc4ebe8048c449bd515ef6cffed70ae78c832cd43491203a247fcfe0a403862266777947fc2542a +B = -8a9d3646831dcc852fecc8e2335549e8baa2e2d82fcb90846ee82bcc715c716d4a9f62be29d5e1531db73c2186a4d2f118266de33d966b78f989600d772ffc55b1364117d6750cef67f4bae851e7e3f8fbdae7b79de7eab54cc1fee56e25d0632b2929e352c882ce78fd64dd0a1473e80b6572f0d4eb67f6bd6e45c7617314219d6f7de5e505a9b395096cd36650d23e8d57d6abfa9faaf0ddbff90d32865bf5ddddcaf28 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 2909d3aef7a21244efc9b5b16626e260907ac11f3d00647f2170ba37197e47b9767030195c2f6d5eda717a83a152141bffed2e26777417ecd8e27aed8666698c2e85a414dddd52b07b52b0da7e08b3217fa6a331f84820d21086a4424974e1e8cfed3501eb054242a9f8bf0803a94981b7b81776eca6d07cd50c050dddf81d68 +A = -73ecc8a6a1507fb5dad40677dc6ec75f0d130ea704d1e87b00d2bd56a6be21714bb30202739170b8dd3605f0553ff57439051efea2a97def70a6d2cc3fa2b9ec27a00c1338bbd588513f0f320272b8933fdf6635e585d1e79203efb5c95a454fcd7f33aa2aeac08902107e9bfb29587ce8610d50cdb7f2033c5b726742fa9f7f20b4780cf9244e6abf6b812171a64b870c3ca4c9e898d4c15e9f5b0194ae736c3783 +B = 4049ae926bb52e862606842bbcb4a5148bd1063b6a56f331cf10000c524b4aaa80b3bd914cd697ebc98d68bd3c2bd5c87fac4ec68606c264c56e25b19d118dc9f2eca19bebca07269714f2955e107b3fbf85530b1fe99c42d33031958280b8e8abea5a918a41cc7e6980149ad68fbf1c0041798d2046d7f88a395348b295858c61c2f33d8512b6fe75aa8fbad62e2f9b0b7876ef95af8a7b7338a2d6b25ec6355c276fc6ce23 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 22407e4fe280ff5a10eaf46d8e1f5a1e77a07410cba4106466d703b11764c60124fa355733b47327e952a12869476306926cabbd797fc80b4a6dedfbec0b7718ee754d447825cc405a98b85f1e09ebb9294c4a4636aebfc61af4545b921cbe759d3f389beece3f29c2c7c07691a4c46a1a72ce418a239fdec80df48732627866 +A = -1e165ca7e1eabd2ad1264d5ed9c3d2b687f2db5b507a0e4d21d9e042cd46e93c2444c6aea8491b5caba2d8146bac656b7754b7b1ae0f6216029c7167fd3b1c3ba2e20469d386d8566ebbc05cb51bf1f1eb2cad9dc4fa454b07cc1bcdb9b8f5a43e354c4e0f4e62d52798f667080a0e0a15414391269fe8c92f06da74f6209a3b215adafa1eb6866f8b3e419468e2e5b4db0d0ada80514249320cecf034477977bcceb91 +B = -3f314681eaa4cb41a3feae8467f7d76b8b05939731fdfc943235aa4d67bdca30e64de541d17a8971e829bc0159384643672bdffbc93b3eaded7844d824604f46aa58b1f1b9d788106aff53438954af015a0387268266a6ba262e2fe7a4c51b5af6ff7f918674b7407ce8282f66e84fd2582edd809b465e4401c67e5faaa9e5748c06e3bb8ddb23fa649ccaf9657dbf79b937eb8959aae8d5bd9513c1e601c0e536cf60c4fc3802d +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 385ba217033463cd9cb882fe30373c2d8e8475dee54aba1ca9713a709f40844905c2544ad792784cc8eafbb412dd68de6f98522dfca1c3de8e3bf4cbd09bee4656c4341153b17c98f9ac09411d16ec9880835cae772bdd8eee51eaba7c02ca6a1034c2c5d2d48e7ae3eb0e22f59bf69537ab6f1e49e58a71c64b8934113eb069 +A = 5137226623f4ce4dc9b80a783777ef4e53ad3c2ec648264db472c517a96383ba1173e52c2659a97ce36341a11e832f4ad293b89696f91a051c35bb1db6182260d4a276d1a9b4be848c206899f87a361d318d38b4073a7470c5743b816cbbc3bc1b20dfd7971b11ad4e20d947e352d42760104a5a3cc590b985ee3b5e98c779e38d2581413a2208d31873f9644ec979602671c9da72fa6f66c603c1bb6d8e690dba8bf4933 +B = 13b45d4105e3f5e8e0ba36c812faeafccea2f1a30e2ce8ffad57ffe0dadeae3a23e813758f270423ecda3da083b42432eead7f04842db8865f9f1e2226a3d298ec1895ae69adc55d1d338c3fb787f0676664564eefe46ca95206e81678cf1a2f173c52d809b1e06641a9b467f191ea09fcdc597271eb43da1a9a856784972ce0eeedd49ad363dee882438f09863ba5af063925871c525c6c0ffdca428054e039e149a424c6d1b5b2b4 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 7865f718cb30026837ca006f5cd997c5b917726ac6d9bd8c3fb9eabda0854d528d6cfc10e4cd3f93f6848582690c6a83955072daefc6959d33192fcf42a111650e50776ba9ae43d3d26e0ef2c6b60c3871aec33eda8c56353903e7ae96592fbf350b88d2f56e03f7f327022a2aa9b7c484a000135b85bbaba6f8836cbfc81901 +A = 16978c06a03276fa2e0bea45740a98d55fccc9d27321fd0a5b8522298a2a90d391c06c5c59e7eca85efeb9b4c91d4a1e9178adf816d597311f004ef98d209b59a2d4b901fa14c57b7297861ee58b89c9b2e931e4ce5818dd4006f3c40168bb4d3dbbd059c1f1cc24ecdc64d37df16b8e8d0529247c06f905ca88a5d283ca1b9e6856fbe8115a326061905b369791772a47900974339722d19b3aac16a0bedd93e1e4e4289bb8 +B = -de6dad276dcc0a9e271ad523620ec570fe6e3b350b934932ebbe36dd571edcde968b6590be14326e0f6394c0a2172052ff8dbc3ff15d94fb6e36a098286333768a84fd0404dfa354173d01f98484fb20897c439c48952b7f1791209fed94e9e72bfb3df5f368d420d587ae8bf036db6700f77b130459e9de2a541ed885c69c5641defa9436a4f7a69d2848d0e5d1074f77fa688b6dcc4d4c7de25a3b1b040546ef7f418112127cff173b +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 2d3dfd14e7ec60f842d1db83e29a0f6b052990fe8900887dc44476ed3948870c57e72e91e1941c476baa6aa86f76dd8ab6e6ea41707242c46d39b54215bebdb1f28e59d719fde18bea9994610214ea68ad9f2da24e1ad8a06f8bc698f8e76379ff332a2745af472d52a4b8e57d60280e19f93d5be669e0832824321e9ad8e76b +A = -5144d5ca834f7bbb35d3fb95818c1f89ebe08efdffd35993a7691c05aa1b67f6a28e219b27fdcb66e516097c9ef5f00e4257c561b1f94c52c577471cfcd7a55314d3b0fa308b59449a36adc884c48ef5f34753bea746bd6fab2f20b86814c9fe50e8abaab742916313a50e3c390c67fda8e3729ee3329dc5e4b7d3107083aa3a07daf7952ebbcfea15fae7338cd0b114e9ab2f81dc2e80f90abff7a7ac59e3aecf76fab87633ec +B = 48b927a46dbc4e23d714b256084fdc7cb9d4c96a988a71c956e0bf98785ebc9bf22b9d5c6ba0c419e60afbef7b96cc0c4a13e397aa2d2dd7995875d2ccb127169423455d138131199a263151f28d232ff4ae24e316907ace1fedd02a02cb5ff9c831de33e6702010fee2232bbe3c1c193ce792eadcad0c81e7d7c17e49168377b68690bc61f22dfddb17d82a3b993804726037cfac8aabe8548befc52a3c6c6baaec89a392133cd9c45b1b5 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 3f66970f600a9d09d73fd1ff813e977f539d69fe1784b8a2f99506d868418e4b47338ee0cbceed555f88824f98ffed39befb69e8907a5822ef7cd2a9950a070aec8fe4db9d68e1c0620f9eab4ab529c7e69466e325fe1c6c011bf7ab62bfd1a136597d7d5c47e8eb161ea048477bedc88fa30e4f7ddab2cfeec3fd0bb3fb61a3 +A = -1343c391be3f2b72c4b79d8d6091389c9602e97774b18eabeaae81fc0539336cd8c899341cf75fa758421c7f32eba9df474c934642003408b32db66cfa92e6e414b42b1d49c7e655ffb4c80f5bbff8d2774ee4f7198839680175e1ffec0428939653c6697eb3681d0f92634cab1cabc63f423d5a71d65fc7150aaeea74f9e0153923a1c65dee4a165e6a01a88655fbecd2db7697f4d2b49fca2508e2b8f84129785d36d88bcf59f4e +B = -225a0a4afdde6f6450f28736c3ef6e67d67ec6206a63b11763bc6e69b03f1494b275ac504868caa6d56d684a12dc1098ab0d030583e73a2f45a42b8607c0f19031b9c5f07fb71919868911806d210d43aaaced5894e844881e89bab85a203af9ec3adb105e50b4250343ca50c26df14c46d73a22c2e4804d26d44ff0bbcc13d0dc7e326c9e4eb441f493c9743ae0eea0de045e05d19ac32d2379196a165e63ba640ca42e4861caa24c29cbfabc +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 54e95e86e87bc220c8f53f8485402327885be34e34063a1b81e52a23fc3056758cea1c039ac4e513f70ed9d394f5806fb771dca8e342368184e674e6296b9a705c6380bdaf11550cffc73f9f55b9385c85fb648f105f11138a3e1f9dc0a39a0f9755f8328701484d45784e3e4b2ebddb32c9d9132867c6513201116428b791cf +A = 5f1239e0b5dbfefaba906bfd9003336489ffdf634333cec2484c582dbc19b66782ba40942d047c3749597ec4d89ef61b7803d33a9842f0c903461be37c679ca213aea894d36c1e12bbcaa1c679599d2adda9bd23e712dd0d0bd3f91d146e7a04f3e7ddec8b0db7e12377ab32ba241ed1e01da070c1f3ec85efd8387a7b9421453969ecba8cbdeeeaae6ddb098084bcd250601af780960c32f0a1ad7d7e61fb19f40dff1060c5f332830 +B = 1113f145de014bb6dd6ca05de159b97e9736c45bd3bbd8477f739daf79615fe329ce948cab9787838d7daf797218af5ba7925685ea341b802690bc9588ba3e916145cd3ae9d0c4a149637b890cf50fdfa8f89a62e508eec68f9332787733aacdd57ec1f359ff7fde76138d5b33d32e64cf7d252f2bcff14be3adb1afd8da9dc930f5261e6d715ac75752b29f083bb1de7b0b89ddba633b8137f3fd299a7f77abf79781a10d897e7bf2c958a097227 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 6e0160eaac8e1c31cd3cb6c5fb91ba086d033b4b69e41dfffce7569e61770f6629f23e12f0074c47c46653bbba94701ca798e1a242f7c4e25708d3acb5af6ea307b95cfa220f8879cb4cfff96b843d6eeed2b15c8f1bb21bb2b511cefbad0618d49d9ba33cade6da6ab3b846a6a24e35fb36d41201d3b85be831522b9bf509e0 +A = 14f4e24627c773527ed2243c0d1947395aba5c9cf95ae62a48827ffc1477614ad9c7aaea4b4fdd97e3272d3e220601565aebf87928c301656e9edb08d6e680de845615bb3a81c61ed043adb9d708ec1447f057087211673fa6ad8977166a2b4a8079a4f29d48e7fdd6875ccad05d2c219922b814589996cd9642ea2b798197407acd274da30d3ca008fefb40a25b38cb6042a581393283d6448cc69df9a5dc2b0777052566a8608a1010d7 +B = -b4188ebc5bf3ba31cf7c5e100e79806e92ff6f863c3d68a66aeb3ae8385f596dabe6f627f3812d0f2baea319d93ae00de41ab65e42eae7d396cc8fd0a2dfd35f303117fde4db5e8438df0c2b3b680dca538b42a7c844a9bf0d3697fc89ad0a73594627578dabdc214e0f4aa06b40987aed473e7f42d318bebf7392d9c898b4b8d73a94726aef65807b2ff746d4a9aa76303ed7b4fefbab34f5c87c2df82d20457f68289f7b96dbeab581294974e322c +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 8dd91f390c1f85f153f332de17e5de82979755d835398cdf3dbda1ee73c68f8e7565a964ae33fd5b1f1060572bb3af67eec79c4c3e2eb4de118d471f74351b80a5dcafc682bc3cfde642e611ac1d5bc2c49b308c30985b1161c4d78cf7621b503e2dfaceed886befc004f3a729b4a9bcbb8f13791d973bf38fb8101d6b7a4d4d +A = -70e99398673324ee83495aa0aadfffd7bb9c94ee5251fff365124fabc50175d794fa84509f034c2b86d83607789338b0eebdbbf709a129a0ed0afd21c130d94b279c56f1c7c1eacfc6cd13f724a9352b2b37412242a47b23ec61ef0040a8855371aaf238003c45ab9d18a66cc7dab9653b93c323815e5404762d3f964d4654a6995af507bb2db2149eea59acd72af4d034217eaec0be5ba1d23890081a6a234e125572e3bcf68a6ea52d9437 +B = 661d8832671a4974b493e5d71e547cd46b36730f4017e50c5d1a7520fbb75f0314cbc2ac948744dd494d566ba580a2108106b120a797cfeb1fbfdefdab6bd6b2e073f90c77e814cafd0b7f79afeecd59778b1dfee3446fb32139b2311011576674f96f151f896b477c631237995e11e61e715dd8dd38e802af93124c66eee735c472972000cb4788b26752a630ba63b45e8ebbd979f0a4da5b359abd2905f0b7f3a21b1d381cd02ac08e284218ce41c907 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 2b591d2c57f6a5484b43cd7ca247c48a1b38319e843257331c8807d499c7763de4eefed529e70d4c144e5e843ac00ee8d106d0d82163cfb7afe528a7daad8e7ed105942d1128a67e38d59325cffc0c3dab9185247e0082e3ccca82a900d917c9bd0f892d4b518a752f8e9d38eab2acaf3b3b59f15b0fe4cb9a3dabe6e0191493 +A = -1896f67485a740720e23e1642ef02742ce5f10a92e51af19e112cc99c0fbddb60d7190086c942d293d076b474d056e74ec9f0c42055d745a57ba370c51ab2b761d889b766cec909811e2b2fd11d6916b753ae00622f038a4bc55b813a5d06e6ac136e81689407de721ee852cd21ea989ea7c8cbd00b64614caf0974a62097b2eb865f46fdb0c1a2e4f2d839066b797e51392e5ebd14dd92630c070acb546dc7438631fef01594878643a4cf77f6 +B = -3a8e2f3b8378a2605f5affa21c4fadcc655f2f8357a3427d2cec0118e55fc2bbc25931259e294d91bde8dcbacd39e6cbc125683da7d0dcbbc67d7c5866f08e7c4732cd4384d9366868370ea40a75beb23b81306303da4a3e26ad357c5c743d0a4ae775a472afddf8f21cb4a1a3350bb6aa71037607c334a0c79468668d3e727cf1d0610e49f27780901c68aecf1d145953e45f5b090855be714cb39aba2efb0f7db2786b331dd9bb8843de8c73c95ab13b6b1 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 2f53bdd643b5b22445e2af3667a93de52f8bc7bc151e196c0ab0bf3b4e4dc0e5dae9e507508711a9e3de52e2aeece6aff7fc8a1db65588de3272839390a35a847e29204d3b9b70e10352c88a10c86cd33e067fb530d20a3a5ffe67938c5a7a9218f1164f36a73324adef64da64d5fa5540d29a76a87ce010fb7d73a59b109280 +A = 75e31ab221c08b3bd73bed03f878bf7742f9b36a89bbfa7e90f9b05ec11edeb0140dcff6e9ad1d62cd7af34bb4284b3a52bf1b48a40f744b561d9ece056a9405ab15f508700b14914e4f427ea1df3093497410a0108066e9b259c1a26ea72082b3cf0e3a99ad054804da7bfa0200d93d65354b75e605b47a4e1e17ef851a37c59a95e1b5172801e6ecabf70f1e6e382740998fcfd8a297aaaba7d04b668e3d6eed40358247767323a8393ec359628 +B = 107aca18938a9cb244ad646a37a212859b3dda7518a5827aa2146b47bfb3bd08d772eb7a866e1f674aab7a1c74cfdc2bc6e9ad1a365686213655b2c7b1977855bcd42ccecb804bc01d92bd7d2667069d853f18a0f0661f028955e39f71ee82b9ce6a81dfb2951b33b123e71264e819bba4d0a8c53a1d99964ad9ffb58b7cb5cfcd3e30b1baf5aa5b3cbd20a0df7ec37563e2b32b4cba91bbf3bb6fd1cbfb2fe0f84d720efdf36e9645c7e9ec70442ea5174528bb +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 32d16f7ae2632b5cec2e90c34d191599acd9a1b5f97845595988c1d0d4ceb9acfafbc4aeee9924ce55e109ec88c57610fddc664316e0f9a5e3ed56ea447111c0383ecdf117ab42351b80e72720a4b1d98d4c73f5235507c5b4f7849d5e9b527d054858c0436ac3d2de2704c4bc25de4cc702f5880d5ae34094766938bee555c8 +A = 133a439cf006c753c132a8559ea13c64f598c5f8bd5043b89d04d7ecbf0ec58b225551c8df8dcb341198fb0b487774867e5b68f9058f58b3cc98168fbed0d0ffa86bf74b4fb0d4235976fa86d52b8dc7e82df176d70892954223cc484ae58b6a60459a9a0803ab856ff9699789172b163615e322e193bd758016f634c83cf50403e416ae241d9b1e44add17c2a663771ac88cf8b9dd94622d80d879ae41f0f4e7a1a32a1ab164f981900fc159aa85d82 +B = -fef33e21c07dc26a47d692c3094205bf4efae6af32f1c0f46ee579c1a22746a3663d66f2919f46f973fe558c61264157d531e66bb9ea10b4b49d9f6ad3ad8762a6ea8169a9cfe01d3dd65518c2e6e58e8c88d1b2f42d207399d7326752560cd45d0ff571309301683770793fe3765c1337d14021d39ea6980934c5fefadb93047ef07c807d0ea5625ae0cefd098988d6eb7af993c062ba313e23176e7abdebcc6e566304a5f9e03da05bc1cc58dfbbc898a67a5941 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 20877c7f53fca97f8e484ba31f23dcf51ac0f4fe4c5121eec576e043c6ec5492725f1b9f9ecfa64195f71909500a69fab2e591377cc2120bd5f60d3fb3812f9e80b2f6c787e0081c1439dbea76b819ab44bf6bffe87dffd771a870e4f5502609249c5260f91175fb217a9eece4166540be877d564049389306e0d6b313706297 +A = -534042b0811c9afca04d20d83898e7653f91a73de1e4b516f3228c6d6d9b963c7f8f4c36e05383da90f4edd072a7eda382c47b84b46b4dfa16f269c2d9ad0fc53ed2ce51cd31e4e32d0c1ee21604d3c7eed2deb35cf8df6fe1c0740a1515e4c702a2074ad6c0fcd403603b4a4e2195d19b265958ae854ccb0b41cf22480389a053f71544cf594f6833f3e4d91fd3d9091df0978d04d3922ed72a4fa3579c5fff50eee812dfb2a334148227a0f5739f8ac6 +B = 6935a3444434b0b03d27545721e253e4281884da027246e46ddefb01fa7cf7a9a030581dfe618431a68ef6d79b03b34f3ed598e7c8ac030e2b4cc887dd31664604fb8afe4e71fbc3135d6d3b4e596044d6b615de7184ebf8dae8fd58506286ae4d3b797aea911eb59ada39dac756d0e9eb6a6c767ab77b9348929a00f8e311f639d19ed88c86eb91f0d4cfddd34e98130eb520fcd2b77507c24b6804d3d65d1b21e6f6d55d1f6e92bba0544829687a096be79eaad7d88 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 24823628d4fe9540103ce5f611f8a6ccf18788120280179a40c2636f30a13e5076503e8a4b6b6ffca21da5b0f9f0d85feb2ce10b51292ed069f35289ebf5130972d720d20dfb8e6ee80c3ac598570d38e57ba33dbd75f1b03eab7847d865c3e8e471ccaf302461a6136dd13b8d31c9f163799a3c24c7284b8826608a9543816d +A = -1d476cc98529efe5b926aba3160b261723b009e9b880bdea04e9b5b03f173040ffafd1627b38be8e00840e85d7acd3abbae2f7a60b305256b920c2b25a8a4373ebbf1a0c69f6e74792cb0d849872500519b6d1c190da30c572e26b44590b7ffdb464a900fc38db013feecf909b43bea549e05f1b7e70d6ad879c613293cf61f0cecdba1a6565eff1bfcdf740bf553ffd5bb7d74f7e9537897184c527b990dea20387bab0dec3e32727786bb14975b23ff09f8 +B = -2b6e12c87ad91a2fa878b9245875209cbfef400e637b557c868ccbd6e94dae65f1ef8caab61f292d739b139e384137a747210c09ee6f3b2ceb6dd212e14525852b8c54215191e116b7097f6729f6426a8bebdff86cdc16effa08d932ab512d7265cc0f57303aa5e6fd2afe0a45180557935c230558d02c3030b38ca88de5fc75c1240d25a22fe32c4e5096aad0078d50989812d7dd0cbb02c736fa563efd32d14109c44297cdb3d4fa3b93a2e15bbb6eb678e93e943979c2 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 2c4bc23d0b4b1f79141be9149ee20cc9f1b58ee0a76d5f4205e0862492c18daa20171285d6ff0b600c358be487e78cb5450d151efcff8d53004eece94c5a37f49a15fb2b5f62a79568382cf0a4232407b139e1ec5a9595bee8435b4f138dd72fdc2946b03817e49864812b7b61f179bdd8389791178a95bb6311df0a5c60db2 +A = 5b0a181f07068af6e1e4b715d92c1b8391949a1e3cf0fe0aa49f3333c826f5582615d39ec28b1367804c1ef54f15fb83b3c578ef3ae957fc89ef22a343175df3ef2fd425f724ec1c3363aa000ef624d64c6d678a4cbd90b41cf7d69a7e03dd60c5d3470dbb75228b34d35469847772ff3d74b1a89a2c492c082d3ddb45ba4df6e3f228de6c64913b79679cbbbc36a2924e722c2c640d0c5a0e90ae86b5364dfbfae80df3d75823aa58ac6c1da78e988a11831bf +B = 19567bbcf615b777b35fa7030db7da18126cd695ca7dda67f5146c97beeb20df24ba0fda4a4f03523a0d9b9f85d9acbdb5793ecf9c1f4ceac81299a1aa34417779175a4bddc0e95ac68309da51e4f115dad6fec33a75d0c5520692a38df64e8d684c9304f9e2e6ac6a66d2e16a03c19a30efcac712aed2b9ee774ea28af4f37c45609464289de3f9be379c733d711875216bc223f2f468a0c9b4a8277bfe49c590ebce2e027102537bddbf2856c3b6e9389c4d1f5390cb0f346 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 36e1e0b44e5afc35d1e19e88e75f030569eb99d326721ced9bd7416ea7367a98305354eeafd204f1f8a652a8442eb0823d2e6644e6320933ac481a3709777381dce8a7c165b23aebf31b2ea2745ce5b352acdf0707234c824da9e1af98bbedf80e940fba00c229539f310838bd625f1fc103f267265ac1243855622c5df72c17 +A = 1dba8bd9d1e6cdc117a5a01b5046353084946fdddf2696f831a942d9db4637a5ee76b84d4ba63156b8cbc72e40559a2fe9b8e2682d8ba1db0cea042bb86f8ed71f6609df52526c42e7494f6114bb62263d36784dd55d396018b8fa47fa49ca6e5c76ebb0b00e6c764e36cb3ec75e3af6a2c14dee01fab78070239638521743d04f184dae79d49a2bf209ddeb4cc72e0c94a93a47c107f5369070ad95ffce034c554fe2a8391e67f817c6cab5b88ae9748072da5c9c +B = -849602ea3b79b33af2bd3ef9d1250c507d332e759d428902dbee054fdbcdcdc0a357a51d00aaafdacd696a15a64cbbdb7e1fdb347be5ddb1f609a4390a6f29f79ccdb51bd1f0547d0d9a2780517f8753a906428fd236f8ee1b433e57f2810d0ad51846304a5729f53a871d8b0e14355d24d3f092e50de4f044e2b8aa14cd8a51fbb2ff36b0b37defa7be768c56fbd4f5169d9d4698fb9072cbb0a037c219552728587d7c35f27456c02020f5f9374b6c53bcf8eeaa14be51899d3 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 77eb3cb5277ced02b72368e41f04a35796c2c6cc1273f109336fdfa745aba7c755b6ff3833e9b124d9c78584f6bfda1c94273522f020371107870c288592b7c23964320729d2308bac8813586e72078119852e1d7706d8e15c195486b8d94358736869b15d59c037ba4dc8032ceaa31eac3a9e3dc51ee17706a6956cff8537b8 +A = -6a0753edddef8b74f762bf802d7fe9b38638923ee2d81bfdda354d40df4422e6ac43724de1715c4088da2e68b63c10c90b236d7dcab39b9a0ecbce57628f4c2950c79cc88a89daa20d7a8679232c8ce5fa30525c56011570107697222e0eaee6871adced52ba01a3aea0ccc9901cb3a09eb4db2f93aba0083180bb41f3f9eaae00fb458381213dad01997e9b88f21b0a79ada1ec3837ac2b63611455fab6839363b796b105c3be6106ff284544bda2a32352bbce6ef8 +B = 542c5fde65111ec8a38d76d8c5735cee17329dc41cfd0f13bf47e6d0e0093a129f3449db380ee9a70ec1e44640839ff18b950c8fd89346cb4701ef753e6ef49dfd9bd27d9987e572bf8e68df399cf945813582fa1d33e07be938a7729efd9a5e7d730bf61c537770a0727f6bb9ea6add5aac9267bf910eac1b7d92ab4184734ef8b1d184c292b2b4295ec1bfd17b8a2a2e4d315a8b37b8ff9bf6a1e94a4772267195c5a7ea6f0a0c267337fb97a023f1b50ad697ea31451192cebcbb +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = 660a1f378a23fc3b47f693a347d90640fef43add9729d74546933f4b78a26968cc9a70ad6fe8d85bf28164881bf7a99e8b96683c6f4fb54162c144f99a27e3feb736f0d382d7e5b934cfa835c723191e5692b7672cf6918c4a7a93b24af00b1beaf1b80320b14cf2d1539e3376779872542406a5df961f765e59f3480e1cd40b +A = -1cd74c052e62ee8156ba5d97f28aada75211979b1c5925ed015ea75f693a04c4dd0a705f6a723ae7b79958884c96fc07f81fca064ce2affc70768923bfbca6049952eea3ae048425b7c6ad1611ed4b8b77f7605629b9d198a77a27f25eff2f82867845cc868edee4ae31afc5d022b2ffbf43c14fa01bef8d7cd9d0e58362a0ff9abbf250e43ea5065512cd707791ea4868e95d8fd2357b3b3aec1a06888ae940751ceab01cf9e49015d42371fac30d48ef5853b6894ca83 +B = -2ac904d3632e25a4d536097d80a157791a6aca6eb10246ea21f4cae07aafe907c6e4c726694e14ce12e376c02d326f4bfc02ed539a5b4615a3cf5c838ffa52124f9b843598a3821cf9f1fe94e7206d6a525fad1ef77e7e77162e8c6d3d860d4f568e8f81153dc47f167860cd52c1ca59b15f1eaac6b9023c8b375bb63b6adf6972af8ca62b39f044378b11c4a969f3939d9fed5cbe18c06749956c7acbf963f640a1e1ceab73fc4c77463ee8d1575d018f49bf0f08161ce4f88aaab5a70 +M = 8e2ba940fc5165c6c5f7f4cb56a6fde2fab687651099c880d38f6eff2889f6a3b2a3a186d1fee05ed452d11ac712cfd30340d22da763af7b2ff65a3f6e202e8b4f42cf5652c625fd9913b4a032ea9448591b9a839b8c25d2323cc2d0d3bf7a6d15896aa85237b6ac4c9c9a854a23449e30e6a2b7c4a2aee199bc20d30af280fb + +ModMul = cbbeda9c467ca801ec66fce801c6765a20148787dc6becb199a15c58fae8d20c1d391a1d9d57e1c74bb412e1b8f271dc2cc53c3355c83f3e2f00f15eaf0df735160a48e2273fd1bd75533cf94c5175ce67e79fa6c1422996fae36ba288a658a7a5422a59d39dd81ddea50979e933efc02 +A = 7ea551efeccda23622a1a5029e5525f46d5ccb83c28ec9adb7a3e97c2b7d936238c483a4a9bc92fe0e21208d5703611e2795b91fd5019272d255eeb +B = 19bd92c534f56dc4235dfb7efff6d941112d66acf81b079382c86fb10dc5473bb8adebfa53ea3fe6e4df8412e7807aed029694ca786 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = b18a9cd6a0a89578ea773fbfbf642e05935a995a38bbd54480ea3ecea1751370ef95ff5ad0e3203613f0ef6833237d549676a95b720848c5e9897cda82642a2f373951d5746b559bae2d98ac00fae26e5957c61ac1de95318b1b1aa6d5c64a6ceb6575f1b807060f9e2a241e378e6ebd72ade7d2df18d5353db7737caf52f888 +A = 13c68e450e9e091ae45863f6c1faed25906dcd90a43620b1a40e7a506e7a954256bab0225f3678e7ce6c4ba6e3a83c8f04a3491d9bf097adbd98fa6e78 +B = -ddef76382342178fa6636e62887fce6e19590065c766b047073329ea15fbba96f2cf088fa5a989f6ee3f6a513fbf66f621c6ea6ef2fe8 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = b18a9cd6a0a89578ea772021f58ce74cbdd8c44a09b3937b198adbd8e95e8e35541eca26438351bfdcd8600b4f9b71616e1f16cee707c712d40da9a440681f8c8647bc90ba4c68b08ce4cbca458bebd5110222f06b2ca980a2e9419e71064324e8c36289eff9c67f6d5d011e6db8538a54aeff8c20800b0949fa42c38fbabfa1 +A = -6d7e88715e9854b435876fc9bb2d25218a1451efb73ad9cc5f52b2bee929530e6618a858000b3f24fa5f47b5f461c84eca971e38cda6e1f475f6612ec32f +B = 49eb76e4614ac7b0ed3f534811a4ea6da5ea24be925ffeaa38bb228fa117ed56ae976b590d6c9d9a7a8546d8a6ebe4bba771d6587ac44f09 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 44f8596fc06afdb72a6e4f876b70b8d5d734589f41089c510b0da60ade642fd79cf8e705f09910912624fa1f646da596c137f124ec1a327beccba62a44f228f3c0977fda2af631e249b2a4de17d170df07bd812c233a96d17e1e93910267682d24c5c485f99aeeddceb658a7db258a2fdf73eb0266d26b92e +A = -122231b14c249820f0dae625342415f0c6e7f93787b4206b79e9ecaeb09623636730810c7936e17a1eece68edc7c97218efb17c069bc59bdb9681a79c910c4a +B = -3cdaed858523fd55553ef85d018c1097d7b88f6c30060d1e77b84821ca20b5625723c7d4331ccad1a70371eacc7f7aa11220f83f1bf3595650b +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 6de7efcfbc1e8d2cb14cbe4465c4ef71f0d1d7e80a1d80d9ac2d0b161d45fc9d915c54e33131591e8daeaa11ce02404c9b8494added1bd83e344ad4de7c04f626315caa56fcc5ca2ddd4e1ff064a2957afeb5d280477bf1f1195c7294d89049024fe821dceb53c7d270a8b4653e2fc0a4d8a3863a854bc3794753a +A = 47423c4fec1eb6779fd23e3d4070d0a7bf9a946f5610eb469876797a39c58577242daef8c34926f6974089fc595508d9c573d0a275cbeaf37172f10b8c849a493 +B = 18ad789cf09e9ea182eaf43b28b4f2540e533f0fccad325430b73101c00e440bb64b70ce0f2680184aa8caea2f6f6517e9b80285fea8b61887a41e +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = b18a906994d3247bf8a00f20e4b349a500159d086aa863772e71a68f91af9d19e4c021843f8bb6eeed1df708d55047dc8faf219e00d559517632dbd1cbf4bda61651b9644481d052903be1970f04bb4ee8faab9adbbf858324e6cf5aa9384ceba655a1a107210a9497552ba8a56d5e0e70b0c757baa71d1613683707357827f0 +A = 122773509ee608cd9ab3ff6763629a18eae41be64bcfb05122e0b3e112db48c64d2a5a515d96a042850c1c848ae5fd5f0ccc57b273d25bd8d68568cb00bb17b1589c +B = -af398208c01ec9700e332f3e694894c7cc412a73bde8a79e08764ded92f0d58db8056883972c79a0c9e0ce810786cdaa3629baeb9e5c370a5a59d3ba +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 64ef5e7063a1d95226569a27218e35e93d870a19a43fba9889a2ca98ca5c573fa56ebd77f1403b3bcad17c1351803a809c245a97bbe32b45e21768f28c5b11ad542f5e687a17f7811df6c8735e1778e94d9313c19fa32a6703af7ccbd88b489c96632d10eebb580cde3b905f6345a2a2b86a871b4fab36fa4b0dab9a6c1c5096 +A = -7dbdc37a51b601417efdda2516aba15827a40ffc304c523a47c544d5c0bba6c1367a20d8a6268a5c3f723b1b68de57eceabbb00d44185ec4ba7ecdce5d80456f8cfe7e +B = 641cf85fcb5fbacd6214be4b7b06fda1b80f4683c21c1d08311f6e23a15434b42d30a51912898a1c46b46c00aef7ab7663ecba683897825a4b07d2b7dd7 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 370f20360ac844bf4275f78b7fe71ba5db6f0bbabfbac3384c04b256eddaf04725d2d57b31afa48f047aade156c34441b4a41c0b2146790a2e15d13b584021ad55965588c6e55ed3b5cf5c36b780a27c5dfb72678d57528ab17ca2ac696aed3d9abb0ca448d9d5789fe37e632fa9709f3bb924c4ce34244d239a940dcddd9c77 +A = -1a0cc5b07271098a23f01b3c0d47cab8b294794b74a8b162ff3b313fcf85ea81fc99433cdf4450970311e1d5ff81e9ba27eb867073ed250aaa7795e44ba8d4000e879bf31 +B = -308f93984acb78c5dac2426d9bccc2e3ac361143807c7d34c24ef8f8db5e68a904ac8bfed1edf3cc90d21c87ae4d224b8c46fa42eea77797f94aa848160fef +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 4c8f466d1d9829aaca1a22fb6ca5bdba885606b9264933ac2b4c18e3afc0c406aa71ee7ff490fcaa804f457096e44576ff8096fb1d2b3c68450a8bc36d1a2797ab8b621ddc91d75e7d6ba01d86e959171fa428a5bb1f26766f94a553c94f6dcc2e0af90d7776ed3d9fb67e842e88f7d7342afd86e2f5d159db7304ae4d204a3f +A = 57e894e37159cf3c161be9c97a946454e43bf09a7ae8e1437570a86c6b06f84005c1463d27d726afd2e25aebb1657eb78957a9a12c8749049d12007a81d766dbe008aad6d83 +B = 16dba5cf077403ff4af47438f5840f65fa4e058c5cab3cb730154ae0fcc982ea097c6d0e75bbd635e97314f33ec7e31f0e41cf285ecfafaf36382b33d5e83cd55 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 29d13ec304f26247a45ab6869720720fe019d6cf370b9e2df9a65828214aeb4f8b17969b8dd54339d08eb99bbc66720ed78ef79033fdce6da33501fa8588af86ec18be4c4ecfe01781f9d1379865100dbbc020b892e77027d1f04f8171ca51fb73129dd9a96568904eb44e19f56f842b223724a9ffe28826803185e4208f0ff0 +A = 135ebb133a0beb909101da896e3aad7e26ea72b23e60802e54cc6c58a07b1205e2ba1fef6eb86c420f011b70e3f725aaf9fd1873b6e1c1cc7005c7c09e55550414875cfe846357 +B = -e8cbf3feb7be7fd12b01d5bd024e47538f434b496613320ad71f48a8972f687992f97e4b69b5842d2d6a4176a5701327c40325e98b27e4c0f8fee5a457d92181e40 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 4309b728306535bafa6787dd79e58324b3f86eb5409d772018cce2159f75832b87909a672b8b4b14342b352e76ec5a6dd66737cb0a20b81c5ce222133bfddfea878b132b6f9fd557133973a0b44aa41a01d54ab565d6b9c62da67378a4058255047a95923daf5f0f7adff2a3f06074ab1facd986d7d26cb475ee818199a390b6 +A = -7a63e108bc9790ab687e0fb8a1cbe1e9ff876e7b5eccfbc136ba05fed93412dbc2ffb1ec49518e9fb867429cea1d7f82e2b159b75bd40eb8370e8a54bf0e0ac0ff24aa3662774bae +B = 51ee025b2ee8abf9dc5ebf1a4600131c00ae4b6bff966dae5c49ab5b9017e6b1abd6434736df6daabb2bde254022783764c94e66743dc752c9040563df7016a1581fe7 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = b9ddcb9ab858d2229cbfab87d87236e8206cf5e1a042eb5ddde201d56e2695a3d0b2a42bda6a284fbd2a5b2c2b80446ce88c024137780c277ec80bfa6e9d15397cc5bac98e58c9130756ed0fde58d475a033fd94b1fe0ecc6fd91a8b42177abf3f77e87c0847a4244b9fd4980f3b42c7c955836bc994f2babfdf9c5b43315ca +A = -1f971ee9a7c966d1e82166503681afc280fab255665b850645321f67da8934baba1226e9efb59e0ac4483c8724f63556a213f2224b993e4e082eefff0056f7aa8a3cf5b655e0f72ddd6 +B = -39309313b04bda1103ca6f56514026538b4a29ae258a2a66424abe2c652b959f5c1dc4755ea37ebbfe404839505c2807ebe069c9abb9150205fe35bc286ca12b64ac46133 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 47555924c31f040619681d4a12064790e981db2c7853efa17e4d20f741f33c56d80862caf86bfe0730870b6c0afa9caf66e15047e60256fec29469d1760d5e9b77d79a84fcf7a1dcd0168a59f870f1635eb033e0ae0ac17bdb73da803206d48cfc1da48507cb812bea540daa2393321ccb0d88b57abdbf3a3bb765692a2c2ebe +A = 754d78d5608fe8c7ed8e26a174fa27833a24c48d23f0e702454b7eb578cb107da537dda11027dd6b41daad329e036794de562d7623bed8d9b0e909cb3fa38d4d21a95c5f4246e0b030a32 +B = 1839baa8b8fb6575832136f1d4632f72f36cdbbdcbd00f197fff3cdb88b851cbd74910ef6d43cfae9d3248e9c85662d7fb596ae45a460feaf308823f06345bc5fae8823230af +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 9b2f026b11d0674e9ec060fdb24b45fceade3070db4405b363d53df1219a02a664882819fe602f430636fc0bda935b14c55c8a0bbcc9b6683417e3ffe7f5d58fae229122ac6e42e76899254295dc5a08ed43c79120a5e5e4124b8fa6048ee90836bd2de51bbd2c6b9b53212e913cde871f11bf32f91b3a78575a006da36627f0 +A = 11402b3b1a45d67cde9730062e38aafe1d04fb1f8bb1975f25cd9098813efa2727cb229adf9490267bd437220d9ffa05bb993e45d2f889f140faed3ac3c7b53216455a830d6edceb02e8db92 +B = -d8e011f18bde068badedce8106f6602429fbcac4766334a0101b57fe94603203a4a8975fa499d8a68198aefd9e68f28e68914f920eea1083e37c67d59476bca9819a8bd628b89c +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 3a74066e7eebd9b63a1dd28548be60573c95f29816f3b3ceef68a5f6bb797d7eb0b0f4ee612dca794ff82f5d7461d995b9dcc09649e2587639ea017865328bb5deef17b5283691724e8aa331d75c635d5e19ebfd268fe5471714aaca8b48aeb846f241c1675e18d35f029b132f81128f19028b0a471b3f75a530321135e35fbc +A = -6c5dca3fb7b85573d1c8899868940794e428171e207b5f9f89fce4b7159236c0755e2959d870754e902e9c40dc1fddeeff6364f898ec0dd669283e6d26a612d9af3c3ab04468707bb8a7827756 +B = 5446269bbeb613e69286f1012ff62ea767965533624542f3b5c866cfb569d6193aa603061701992cb4873ea8b766606da1b57d7b37cf52f52bf85b58309387200b0ed36164f30d52e +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 2a4e727ac67451ca9dcba648050a085196460e4aa4836c5652de863c3e2a76213e0f590de3aee8639304c54a9dcd5f7d5d3592f647e3d07d322708e1e26329f4a31d66c7f2e9d482f22cd9823074dd57d14040a4f00ac2af9677a2c98d58ee1e094b1a8c40092e77eae454638bc3655e77441d4f218c637f95c147776f5bdac1 +A = -19fa688008a12cae228c6ac4982ecbc88da248d7ec785bf2289dc9103bfa3a91eb1e5fd6afe9e0cc035d3312e9ba64028fa6a229db6d0eaf8af43d8c410be7c689c3e557137ebd60d3fa04edb60cf +B = -3e8c87fba4a41c3a84874c987acee9f560b9f027338b584a775c1fcabb766700f758c4d451077a9427257334a569037b0bd006375f71223add62eca19b1e26b86dde0cc251e48d3b60ef +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 52e4a3f6892b425b935c6f9d1396d2034eb0331cbc5241e1d745a9619fa0cf0fc521585cb9d6b1034c5fbbbbecdc81c757f768c7a82f6ca291cf5afc98500c579f82ccf0be233066730f738c205c3c188f94b878c11268871ba42a5d950dc8a399887997cef2b6b68badec1ca641b88d1455e6d97a2841da49df7eeb766b7be6 +A = 67df01e34a26e8239c8edc7ddfccc3850f39864ed237d4dd67588efbeaaed1f884105508f69e20ff6a5cfae1516f6179ae6fb515a66ef0a7d633ba4218c30875287ecd0cfeb5bafafc492619942f97a +B = 19f5076405b3c81519c0863d0c963d545b2834343e42bb3c779788cbb46d89be3f775b62f4114268a0ca0e6af6c0dd659607d40071dfe7f1ad0df9a5c53b741c04612158de396e9c96f7523 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 8ac1d96abd2cbcaa8f7e3267b716f675aebd23694d24c112d202653979636d4d47e27cc36f850355cfc5ca16b78cd1848944f8759fbf6b03fbb7eb347536a9328a5cbb778a6bcd983081374a3f543b1380add14a9468358009ec2baa7ecdf13e7260968eea74083459406e8889936b2fb98c8b9a3597e5f9ca10b76e1dd0337f +A = 1c9ab23ea37f324544280d176cc02762db7a39935f1ede9695b53a3ee2db49d0485c6a3742a3b5cfb51f3c21711bf89ed05afd0886bbf61cbd57b23439a8a165484ee8e4c0e1c0ca2b6478776aa2897d87 +B = -e30d28dd01655b7a419d939e3e7530258a667420fc759bad585802c63fe5efbb309cb502babdad0afb208aff5ce5830071c5a974604c69ee47f76fd87e2460a5b03a57ef0185881502625886f +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 5df0700adbd880a5730d8c0637a362a9d42c64503c3b9784046b946c2459a619b5bf804a41c92ed6370bba730c7d39fb2e01558f7ec38511b0449d6e9db8df2cece4ed348782ff1582396ca8b3196474e7e5817f8c197c44d771923b6e286e41e7e23c33fcd8765e06793169999544a310f2e080ffe13640b85f21a18fa11928 +A = -5c01fc52e86f3a344180bac284d2376d1bd693f20a46479c77fa57077df62f83b1e81c94e577d1d6733d276f9cf70555b20e3afcb97534e4e0108a6cce87e9292d78b2d7367ff15fb33d2c3289d2a2913b58 +B = 6bbc39283be06382ea91ad6b1630b38f32385ec90019d2ded7ca6fdaa39defbe22585be0df9c0cf613f6f146c71f901adf525336f6573f7f43e661c44b7097f110d4551e8c75449da8fd39201ca0 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 2a01005f1f387c4d8d24a365708e2506b044f86dfc011262d3577f7313a8f51ab943037361bed1858e021f8a46491a5c73284c666eb65cea1392a780219f13d7188721d7d4b975272293a5eef63480f30cc9618aa74bc51f4175246301a46fdbd34a6ec72d5974aa920be5f321a97b8f19c0ec56ba10eaf2e61f2b45f134b304 +A = -108bbd8824e8c16b81dfdd4dfee691e012e578cb9cc80cf050c0ec4cebf71a968732da36552979ffaccce6667e46c29144dab75132cb087681d5549dc5508f3719e129553fdc97f545d7ddb7d3a4fc575ea67c5 +B = -2ad4d4078c47a3c8f5f9b48e10d52d72349ecf0f54abc60bad63bbbf4d8efb185de90e5e1a686859e1c429e30977fca492aedbf084019e9ceb4490aa471776ed2e8a09151b37c5caed9ede66922b7ec +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = a1b1b2d33cb610f1b398e03f274ef39a583d13af14b79e6766859b9ca748237b481a3cfd5d490a073e82e3c53d3ff5cb6219b2b2f71927f27ab6f567547a22dd35fb5919e1ed2b6dfae4d536d6d44fa6216d94d26b33f52db06c4ecb29702588b73ebce87569639f786df4fcf569bb07d5379bf8b83743327248c2d71b5dec6a +A = 5bc53b3895cff2bf7bf10e24fbdc43d17d277a982d5d92f17b9b5a2b9ed8b6104229292ef3997591e2e6a116fca21ad5d061ce438f33b7f7110293770f8313077152c7546cd522ef4054147edbe1878072b1043e6 +B = 1599b541c9809779df3ef40971e7a83f21564bd5d6596d51a3d96defa4dff41e83ca6247969a3dd9a746ab72ce21137f2d7ea015ac6b2ffa8a32997e8b821064d35afde3435b23e47cccafa74d5192535b +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 4fe8897417446c493725521c0ea5b2110f91a1b5ba236cbb6ff3f52b0036a49fc82274ca949ac2b592fa4bcc792114bf2f2a78a2cb44cb22c6fe7e4bee7981604de47f6da2ed1fc6a8eb32cd9b8aaca0f2feec76a2438126ae6f409645d897769a6d340308f82dbc6a98ac059fca6f903c5aecd668fa838b67300c654d4013e3 +A = 1717c6503d069103f10bb4b36427fbdd2371b30793e492e4161fe185b2e27469fef6a25566d6b46f6a7f97446315a22d1f1f662f912b17e71feb2c82411ed7eebb84d4f594deffee14934b75a845d83761f36141ecb7 +B = -8808f540521c20eefaa037fc5da782c891fdfc668b955eaa2e4edb592e027a964b4cfbc94c548d785d92992abe282d90dd137c4d76419926740ce138d567da7350d89f2e56772d8f5bcc9ca8d7076540fab3 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 8b9311808bef497d8a5d14f7d851567a196a051610246964917a1f9d4f4449357d2411ba9fd93983f6edd76b8a8e1501146b08b6e1fcdd97b6a41cf637b6ff0cff7a2d6351aa1ded93f8fc1cedc81879eef751bebfbd1559d5d0320595c79e3eb1db0951d7c67c663bc57a672faed9e14c7da6be6b0c6bcab3d4d515e51a0b5d +A = -511312fce1849c3d177d42088e55d534f9f7096282916e16b041f66ea90e2cccddab5cec0ba8ebf0b047ccce72da349f420cc28ab19bc156c1cccdcf5216f19ea922698127f090e97444751dd58fe7a2c90197a9ab3d35 +B = 6a5cab5e322d5f651f798aebf43a62af772fa2cc379905e72d253c49be8193a07ae6164f21cf08baff906ef800e361e1cdf1604f454483e10c8b2bfdcce77c12b0320dea63f9ac0afbb86115b656d0198aa883f +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 665e16ba6cba87c646637a233ae04805a302ef4a10d79c5b65b146cbab8c9ccd491faa32937d0ee955dff7dd0ea3f79fa43c133021c8680490b91d9c1d8a8102ab709ada7508bd59042940b2bd3a4f8c195f781313e45fa8d3abda1f8e13b35811b638b2ab101d1caaa92188d2b75b2b10d596ab159583135b0d4d15fcd3d882 +A = -1375af024e9974cf8170801f4a709b4e5862ab7d18464077727bfc2581e557cada991e9484a1acf80182458158c44871e67e783f7573f214ee4ea1f1821a65068f2bbbed7575f03a4bba36b0fa8cb6dc58c73b100a6c4a6ce +B = -2d64b6bd987d496a3c121e89f4b0c88b6ebc6e30fa9d47981b52862551f3b7251a3fc376db0f2d6daab6e6fc5ea8fa10b040d0dce334ee91d8cfa6db9648df907b199bb11b2b5c41c67d72b760c404b0451f70fccf +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 49e9709810d9f3fef159e5cb45211453e7a94878dfdece19af839b89c0e43b226d7cfd46859963c7ccc753350e74c2501131474e3b8e0edcda18583b0392ee15f1dedcb7144000fc7fa7eabcbc83d12983d2ade477b4687d75b723c1a98a951d21b2e8ed95735aaec77e00de288d16422fd259c665a08a34331cb99299ac11e2 +A = 4e550ba2fc2a44452f068860ce2a59230738a7a15f5de0aeb4d15bda8c61ee3003568dc5971e48343d402112d7a86860a7f08f5cdc0de21fb1aa064ee5df26fa23839b5ff6adaf64a4a18c07efb3582c2fc9612d2208fe99f8a +B = 16f31365545772f276d8ac952506bf4033a884edf1ce583a63d8d9f6809e29d9cce3b3d227f839e6c09b459951465ab4570d2d36127c0f677fc0a63975801896f2fd17887ca16ff7f265e2e7adab1516ce56ee1ee9de1 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 89ca20a3fa109a65b9449edcc729fe97ed45a9bd69eeb31d4a566ec1787b24cb7a2c25b3f89b36fef1cb3645b17c69ac8ae243cdba35e17f5738b35278478bcc391add0b5ec42db9ec1eeffa63a3ecd2ac0338db57cde9d2eb9ca4bb1df84f1a62245c4e585c4f20f26c98fa1957df34409a99a18bb442ac14f0bd309266a35a +A = 1fd8a096be30e4435ce8cc604ded337a3d9d2fbc9666d1893c38546c4e155315b536d1bc323c1e7be162bb0fcd58440915b053ca0d0896e99265241f2afd46605a2a7486e1394a07b23f3382cd190e943e596c747b6529b04bdb13 +B = -a3960a51af5ecaaa70146ce55d639005e9b6b9b58592441d5876fa71470ade6d1e2cdde17bb80532551bee0dbbb71a0cb24dc8a129c1f6e28920055d87e9c66be27fc4b425737f36add7d72e39bc83aabee5534637e2e22 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 654d9c55d4a62976670a5ecac3a6165734a65f1edcc1ca81a8c444dbc98c3409ac8c4f6fbb92f122045fef8b7971a276c7dc4eaba21f7be7495394053d4f9bb14b63fc02c8a55ad8fa9bb9aa26aca5c47968ea1b7646ec606f53606d5529ded83639984683b8a020e8ded4b2d9f668ceadeaa8160245b36a819db14e58cf2bf1 +A = -67abdbc70db183b8c25b0664805ada269922556bf15aa80a47d31f215e216673b8d59edfa10a74f3f09d066055c3b9abd5434ce95eba91dd51576adcfbc7e2556df95fd6642a3b7e0486a635ed5699eb7fb285589c887c8659a2b7db +B = 6ad3e854ea57aafb8980f1e99ab9cda24f183dbbc513e1fc92d4e239077816843f47927bac28e41d3f31c9ef134b72c09dcf14e2e9677a430d43002ae70c577d9958341243030fe58a800a068d6b01fd377e61844f0d434dfd +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 74bb23f7b0cde7924ee52e58bc0680f151e6898cc1bd4a2eaaa05faf218b419a19ebf85b0219f924a26002f9251b83506684af659e5b680e05138432ba227977f38a479ad9d1f3cf68a86ea214645fc4bd1a032f995307e9c9ee432e816fd852655ef20214e24522c17799ef41d1eebc6e097b9792757f7fc43124c609ef9696 +A = -19d3e6fd6de9092cbea55d65154208a0c93ae409c3ee35569cf774b8c8b7b1c9dfdd52e9f408e14ea3153073ed8d92746474e524a903a45a882fe46af92b033f2c41eacdd7e3c1ff661dcc5349ed6bd1aa845eb1762f27593708aa185c7 +B = -3d466d29e8c0008ee6f402551e3d62fe044787bc9f243db9252ea97da9bb75f5be416def97f13cbb008fee77f2eeda672bccce1f36fbcd26e1f1299619535da0a3fa3ffa0c6fee82a494efd7407cc770cf46ed1b8b143f42790a2 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 197eaeb8221b431d5fed3d701a175abc146a9fedf8060e8e611a54f8da2fb27d2fee4539ddce1f3481e6a64435f09a2d5012540d6069900a332461471b22192fb87b63221c7822d3f2fcc35cc38feb6b3e49b5b0fceb52b0ccbdb4e1fd7b0f3eef3d582a6ae194c249ebc52f215b568712b3e50bb8e01c64b114955ebac2da48 +A = 7bd216d0acd4ee392258a7341cd56bfb0968492fe75da0c9d935713a6ac883525a4a520b5b7940b05e3f5e0c40372cb11b7ca193e93f0d3883fe5840e66346aff0f38829322bbc1f0a0e63ce5e528ba5b13596ad7ca19d20b2a7c9bea4214 +B = 1ed4805e53630b886cd733e5281f6d2699b3c79da615f4056120165cc63858ed2ddfcfd0af0c5fc54662aad90f26c55dcf70a30d04ce05bdf61028730b900587716e690dc0c6e02419622ab8c115078b92315e7c7a5ffe38c4a404a2 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 40f69f2d1660eeb6e1840164817621dc95eb930875333bc3f62a644ca5910c1080505de0d54fc9fb6404a61bb2c03b3981e558abf9e86f2047c3928599b529ef3d91c7ccd13c1d69431fb9ea3f02b001427cf519d9fd8182219ad904f47b3785fa05ed24cb0ceafd537311633a2e26c27e61be92eefb28a49d7f583cb6e072c2 +A = 155fb75044fc54a6ba6c46972e2f97531861b8d6afbc358db456bac33a44bb0545deea2fc83023c08b7be473eb68accf5b65b3c5d6af88bc6d8ce722c80d5d1527e475905226b01ab9d7b5a6557250cf8be935339db330df2dff92f2e88e80da +B = -8c6016966a2cdea4b2d8625aa367e1d079638870f1b61e6b3c3a1e6281ece41018d2ce93684d1f0088d021107fb595390664c11435c6c0a7b93c2c6895217a89c469a37d3250dfa457b928ba6119b5c9ca5f2d47b36e60e4325bcb4383 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 9b9e6e1727326fea099eeb008a36539f3d47e3882b77d6089032b99c6cd36ad79fa75b7c19d1509b3ff022ef781b6a8c16fa6881f9ee2c4e00a4dbc93a49829622f4ce6ba9c55639656102d81167ab8a5e1fcf14d71caa60be732f1fbc71250256520c7c5a4579c3fdafc39356a2bbf2c7ecc526dacc0293c7578424c939ab6e +A = -54cc11ea9806ef27911ba721f19e2ccb111045711d301863792f0cfac798758f0a29111e3a0f84d294a79721067f50858767abf507cc10ec9ea3eb27a91f06e7f6b7b4be7001b548cb7fb734166bad6739935081bdf6d35d58ef56180d377e5fda +B = 7263e8b9a6f5387f44c55af64b64160efe97ec8a8159e723ca8977bc17c861e22041ea227c9c9bb467faaacfe352b03cc620eceecabb6db2db108b49c69752bd0cc61a5e998ac2f404ad052a51286ccbcfaa214ea8ec14cd9a2a6db56c3d9 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = a18a7498ac9194f600cea3d66615595c27a3efa7ea196ba12a80b5f608f85fa72afc366d23f5ca98452dd190b8f86031a9dc097f94a217b29fa676a6042a3aed2355cc8e767d464a8adb888491c8cb82dbec8f117f57c4a07b41e7e6f6cbd7dc25418603b1d1d865dd2140a649c9d52019ef39dbb6809d1b28b3c1ae64fc6813 +A = -1b663403c73e4a9003467ed12766f16354f79073ce89b66066857d19f3b42791eb360004d23e02874254bc6db54662717739eced153944c4776f334576746c5c4145b21a23caa2b2a137498554c7b749efcaf3393c5457b2bb87ee2ca3bef5f191107 +B = -21d12aad97a5c6e639a2ea0a82b1292aebd418567718014465a22b9ac5c8c927963a2a4530c41d5a7a6c14805e56a7092c8716e4767b54a393d8552c5d3c366b39fb3b8667c60e6075e9293bc938e407c53afdd1174843b76aed187f56bb4be5 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 1983576ed73d4d87d8b94cd3f70c149c0273e966176b85fbbbb7b3202e2c843bf1f8f4546ad7a4916ea4c731a22bd337b6177fcd2da8bd301f3af9bdcad800449b57986e7cbcbc7eb313d6512b2894c0cbb6cd753a870860a49d6a682c20b5e883b8c4839b3321aede51bfc42bca163a924191feaf05e196d8dcb7fdd9941a60 +A = 576759af0f02406e8dafa330babe9473d9d970bf371ceab30d2f98f4470f669e042e1708e2677d52cb9f99deb9b53f30727d16c389bb63e71e923475314b615762c7612269b5ad7bcb5108068bb5159cb8dbb8d08de2bd4fa4d9db6cf6e3f5997b9b416 +B = 1a4e34794747cf4aa626e964b839ac497b1357090ff63088f9fd4399312df894e41b395d17b8ca1806baec6115b1476912ca9c4309f00a46d5f7a52c8f640075422af06d6d6d796359132f4955072ce90e61b40c992a155b2bc31c262e753aa7d00 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 3448648ff9f7425937b6faa54551ce14dd15566e5d41b2bdb1a8db62037459235a5b9546d289cc2295b0ed584fab2e1a798bc25a0c114238f61ad3381a5b441cb67f92cbf66007c980db3351adb9cfd2cfc769b5b9b0bd1701425ce1ee8d4b9f438ce1207fa850aaa1d3d1f970aef874c2b2499a150d29c2ceb7bac375009b77 +A = 1fb54cec882c274b98913e76342a9b8e631bf1d381fd8a4f7e0eaef475642ab3f5da70ca2e38741bd0182a959e5e985f1e0e7d737beb8c725c9b5ea22f7ec25b6e564809601e8405a5b1362e7792791f55ab64a57c03a99a8518d7f65feb0e21be619a6a95 +B = -8180d172d3afe00e0423245f47591d5f750f20d2cedd8ba6ab6f9aa24f74498a96c9001a0124c4f98dbd402b63e71eaa3a7af8b0d2fa417fb1d45f64e10030232b9155169153496aa202745a432e547002954eedda7cc9c1ca76811bd902b192f1a1d +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = ae0fd585408a99643271eef575285a6261a4c4a92c1956b1ab436d3cacc8d4cffc07044e57b357ffa43bfa9aaea57824319579c5c3e2fe4dd48bc818178beb5fc1ed60afa08828657d00bb88894c975378b1dfb452a5b88fc3c1d81099644a998a47a497c8a2b12c444fd2a088f47576b7f4fa40f34a208fbc3348ce33e59150 +A = -7dc7dfb753c0bc3ab4d07d5aa78664a7f57d64be4d4780ea81e3efc967fbf1bd1390248bbe259da32108ad96bd8b39f2c9f118bfdc96bd06147f812af831288bb687e4e1742dcd1dbf2b7adc41afa28d07dfb8df8bb2da5359e66330f5c65964096a96b31dd8 +B = 756f3e407a3ae698f103fa37759e90554f38378a9b8eb38581e0970ec8f9c00f8392612c61aca5fd37d1063b78c19e3109f35c0684ce523c634190b3164ef06959cc42e2b77e1bb2fd50eb59c3dccdb6090beb809ecb0ca30457a5c5948328eb218e219d +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = a2aa4550e855623a8ed488bb63db8fa4ac374c1ae953781aac590f78a364fc33380ca2806445fca5bb9ca2fc7ec4db5819dcd5769e3b746286c49a7c80149e7fe276d095929e2cac6ae57e8102f7d4c96261ca44cb6f1601f429528495b6c3169e15f9babc5be696074d45559d5abdac42393094c450d6a4a45bbf60ed7847da +A = -16d0aea9c752b2e6e4e13f7ab1f0a2c1776874967b0dfeeef7e00f8d9edd1e11d2aa702be45fffc284c47811c51dcee184a134b8f6d1874026eb51e2ec80c94837af4602cac3efde556ebfff578fcc56c00de99a43638ab68387ec087ee269ca64233eb5b1762ae +B = -3c6b60b0ce4b13a5d6d9ccd67c76ec6b71b94ea7205e408eea099c7ced2f3a462954741d353d0af850b10ffede8ce0bf80b6893288413674504829793d7ae0cba53b163e3f26cd99beb0a9ad540f6d2cd5097beac604b1694a9a2f4c48b28338f9d6a63e75b +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 8a1a8fcb68c53846b3edae33ec070ef5cdcc1346ab3a98a116344e6d2810e2e3f60f0fe435fe7ff257c7ef4c122b3c34c776f4912a9621b6949308e2cfe2e0827536c7464371ce804bd7cac1d76c5bf8b4a6fd4ed56b65434c3fcf0ac7be543fe2d09ac01c564d7b9b463740dcdfa9068d4d8e33f29297ab452e6ec55c263de +A = 7c4878334ccd9e20cb11a643b206626ea5d0b20973f18535cd8f0fc2f0325a67d3558e4cc9cceed0d88c6d2215c220b8d0ce230fd701502b02081e3f6548e58e02bc2e79e4991f8ef188a84b0a367758b4e534b72cd87de7f82a26de14fafd162a50b359574812cda +B = 117d8b1d2a3e2049e6edbb9494c68a97145ac3e658aeaa05e8ecec4b090d5f467cde34e05fa7f5fbfa32f1d9dad70955f22130c358468eb371555fdf57a40e1df398c166a22a9df2e1f4e18590b00856b4f880f6629f1a4296056dc66a29b6f0f25490c6a8209b +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 2cd3de06953acb87b773b8bb28172b24adb283d6adada676f5f4548990827635c51506c85670767828dc5b4b91b45a7ab89a700d70bdba4e0355da32b52c173305767721d18dd2cb6c55f890611e7abc854277a453c7500efc4cd4fb8e6c9bb7a73fe5c77045e715fd35d415b3496f7463ec902cbdc18f9f6f67c33fd78c3210 +A = 1a20ad042f46330df937b879c72ef00dcf39fb85b59186b8e7a9d40723288677ff6ab2b9bce95f34f2de37887c8a9cdcaf231254bd00c7e25b6042695d7dfc05a11765120d1dbce29dc74f35aa1492ba0c5ee65114d9a246b57dcc2eb2ea4a310be98383fb934121db20 +B = -f8ec67323cff9d53499ceb3afd44b28f0538c39dae8c965ea27d645b430c2f8a4965eadc8ed864f2549eb636ec558419be71f986f4c5783d0dd5253738b876d9034735bd13b18fc670438387f84848308d9357ec2aa4f6a453bdd36ff08d54a6800bb41df416b17d +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 1aebe2bc35eb2e449bda63513b1bfb55988cc8e6ec8b3c8fed5ce4dcf53b95f1b438c41e3b2348412b35e1f734edba30273935b03d16efaede429960442a01849c352349e23b4af88de4d01e9ddb53ae900418d49a84b7fadd2669261a574557c4fbd782f8e8f400895f6a6c9679b72983ce01bcfdb641f5067c94694e9eb80 +A = -5f97994c39265b5389526e3847876a10aa3699e3c3762a127d1a9f892180cce68ca6139a6f71b235da26c287bd3e1aaa1436746d983c23c3105c33ed2e06baa1e880f1744d81a80b98ee1f16220940d721a92118a9b949d4da7d1477db8f5b357b3ceb7df34eb5f62078cf +B = 4bb4f8f4f4c8e63238e8774ed61a7eeafb3fe9a6e19cffa648defe82f4846e3378c892d223957564fcce79596151658a726031a6921cdca0adf0f5325d858c048a6b94312ebfd19b803eefcb93bbfaaddef120ec3b8c366b6d978524d5c74218da77e4c3b5ebbc66cf8 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 5d64678a32c163874d1c81824d628a1051bce3b55c37055acc47a8630d3fee648df5d319e50b4c56f465bbf696433409b89c07e442425d3018a059ec757d77b3a40d516ca3148010036b003721ec9c999665915a3c442d95ec3c01c232feb201be08c88fa3c6b0769e3da30f1d73b66f98e31f4306bf4e23de78e74743b224ab +A = -178d81e419f0473c426e24428caf25d61b648bbf963f7fb753ae15e5ea3706b53b00bfc8fe917ac9fd6c7096518584566ff71e6d35197f9aa25107a235678cf9ff8ae1501c1d5a15d2a27d39d066e169745e1e8c808209bcede0d732423d0c9cfbea322ba3201ebefc5315c0d +B = -27ed464895b65d9518923fde5caaac0c72aad0d1b38fcb7827d6ad4e0c8dc09e119b8b98183f0ef8d5d1133f3f108e951caee035bed0d48bbeee6d1ddbff5864bc192b84eb8a500cefd223972ed51c7f720d1736646825f95f2f10ce6ad47a267bdd8c80f65d644df158d7 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 52dfb6bcbbc5cff46942d76ba45301cbff76e9b894703a6a7fd1af29d615336372d147c3932589affe5c6533f28d3e6a57ce2d3cd7448bbd81e09a13266ea31630cf044f654b87ec3fa3294eb65873964110fd42d86e78d128bead5f117cac98145051552cc3a86c193d738b973f866d068a8994a49df3fc7c7314fbd9805e80 +A = 797c67ebdc083f3c8b3ddf9847b7f3c2a39e35ce2119f746ec87fd5d86671d8fcf2b4f6d440c43e93f45019032e629879799eb58adea729d43d2e40ede6485143bd35979609a12faae7e4393879c40c0511c886c66a24454e4f9912bea944eaa417c9942f09ddfb227feb14e4b4 +B = 1a599d1cd0ab3614f50b71b93c999942bd3d4cbfe7900122d5083151c71d9e0c299bd927095c5c3291418424a7c12947389bd4e0a3c2fdf67b3f512094ec0ce5b52695e527de2b3804dca2edaeb1ea4b487911053272ea926cf2fb3386dc4b1dc268b808bbcf4eaedd21168ca +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 99bb9082e4537426c61f3b813f8c97675c44ba9ca418960ca6e2464cf61ad4eabb01ba00798463567ed3d829d3f14201c740f19fca623b1e9b57b534a65df0f070a2130489afae89b91003cee432fab11426c4d13b7721e6f9db1bbaf0adc0064b33e4b9f4b795511a0744b52f93e3db7bc9c0a991e4e122c463ff344fe14cba +A = 187a8144a0045a92dcad94f0bae7285309ec8fac7dc864b08914e5a4dc3b1a6bb9212161a18c22682ace16a4bf3c03dbaef088b09844902a3255fd6adc0b7c6397dda86d6ab67204d8061c36ca20fd4bb348202037b249f6c110c31580148db46dc5b1bfffa38a683a27054c35326b +B = -e93ff16817b725016279a32dac247961ae9bb00af890fb49c4fd8cf5e815cf98b58cfa1e3735095e6034c9a2f2b5d8030ab30e2271abb45b347d755cd9ab5ab5ce37950380cb306bbec42b6b8056793a0955bcaeb23e2d6a9548684030566eca2d34c458f224c8e337cb8e3c252 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 631f53d02c031f592b3dfaeed106160488c08e0672083ff195b22a2c0b006f11165a245acad6f35dfb15a871a9a2b45c544111f71f86c920b42fdb6551e56c55199e6173c00e27c9f47256349a80236bcfd3acd1730f823031ff9ef594725cb9429ea183a7fb2e03124ebdd98d435313e43819d995c4fe81fdd4ba718aeade94 +A = -72e20f1aa2b5f2c4218fb9e11ced3f45a218f4c83a2017d97d0cfbbf227c9082cd43f939c8909e52c8795cfaa75d80392d3649dd85ddc35bf1cc54ba389bed9e9dcf867da1c05eda080274beb6b868b54fc85e12ae127dcbfffeb043f9d59333d0ab3374c24971e1bc7269450b418c8b +B = 61cb021a3a957703d14061c21d3b0fc19598e19a17df9d6f2418c76d4d37b3f62bd4037aeeb1eda37f83df44c440f5e49924cc72ec5b153856c6b621350ec89d98859d9d1ec7ac4f0c418c6599674322e7d618c5ca588d5a873d5af356d4771c6cd375f5dbbbc69f50b982b8c4d1ec +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 4654a62d9491f28599a976288cd2068d8e3228da12f645413a92f482efc66d1737495cd4a4c733f147eb5414a2ef6266a116ce264491a3463c9df1b030d83b315f76f3bef8cbccb5c538478a65092547b91e991e6be91ce4549c3a6e34aa7b466e63eb3b88054f6714083695c616a078ed54e1ae46e00f3593af845fcd0ff51a +A = -1a342c154aad619e567fd32e7053aef8d98335a4fa0e35bf06acd7998c43d821de1076dc1fb67dfa1156d7ff30203ec736384a9aa7f5f08cfb302eb3a2a7179b2664094c2cc0df73fa05bf2af24a62b8e394fc76014dd83b434df26f8a67a624884a0b9b4f08f33e9828ae64f5d0c8cdc2b +B = -2c57e15889c3dc9c94361c17585d506933a72fa954ce44dda9f5e33408552ebf49cae87bd0be35197f887fc6c7deca1452a4345eb67d19bd2e7d3dcf651667a8900388e4d5ec71e9433e3b01d2b3d91bb94d0fc3c51c70793f978e4b5ef93a9c6356c0b2f7accb9e4eb457a2174b50dc6 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 6124d9ce4de2880ae3811836235d6d89a1a4b710f1d5a517153ed7729dfb5b56b0ac10a4bbc811db9b26465f03cda355701f9f28c5257fe288743cc0789cc54a8661f46e36eec357580b00a84f1d4c8e3d689bbc18242f1cac30a87cb7a47ea06f80d7c5633cde4c8cd8a1a7e27acdc3a2aacd608cce9e2efe7864d41a56ceb8 +A = 7b48a9663d914e0225d7275e965d866ee6649d7267474d5336d28d54027ffe8572f4aa26230dc7abe9957d211e6c2c8f3185cae962b878cfdfaaf6cfe32058c299247f372ae170a1f7cf71380787f6e90995da9ca5a4be8ab1ddfa8e6e5dc65b6f168b9b8e29e0257e0eec853a6e1911b1afa +B = 1fc4dc77f4a18d4406a4ba536e500aff68d133c6e7725717ae6537b527c6f40f93202a2292522fe7d04e0ef804d1a7013b04cd3d88462fba31534770b56d2e5672e8a6ec7a723186024c40b4717defd1433b9967bd692ef81d5d4e39ba10a3223d250ab6e71d5d253dd0a732ed386ad57e54 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 6443de73e1c826c90aa36fd7ec5d0c3324c42058b1c35d3adeda1685470d363732d23cceb08c3f973034c24fe65506bd33dc45d7d617a53048dcc103d3d1b4fd0534586c2fb7489ff5ffb98303bb068fc14b1bb6bb43f763dca2c891095e613bb7b6920163aa6cbce8cd93d9d39f4512b6e0b28d361ae11cf76037eab4cbc819 +A = 13f739846ed2c3aa0a1923168cbb46f4f0a2f3942ba57bfa5c426cb4d4b3d80d9530405a31bda329a1814c560d54defa3e03fc4f808606a598607783d539dbb1338d5bc0c2e272a7ff6ee6f93e1665d6f5a0ade30308fa047db086646c763106cb875e014e2c18ff8837e4d4d86861b85a5b7197 +B = -ba019333046f76325fa9f258006a7c10d27e89f6d482b95c79296c07a65b8e3bff4a9c9fa7e5d0038da129390ac851f8c0651dcf655a3d4164a731cd20a701895c12a906c732906038a8e459aaeb293fda21346964a6d53fa3e370ebf43c7ec8f66229405095c6a509d0fa15dcf45de8d0e901 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = d3a6fdf4a26993edd175de9a0f012e1eb15a5a1c4dd2741dfc6d0f9177cd5645508b8ab09c7fb34066ba893c38144c7f2ecadfc2b0d15728b407e5db4fcbbaf1871580426400433f14dceac43d28f03376e791b7ad01a112981f29ff4b66102305f0ecc4fd134c2cdc79a5e9d9f085bfcb7e6c187980e68b6c7639c12e8d200 +A = -464cb16fdd395e32fdc613c63ab4768f8cf72a5b74a0a5b0cc581ee4aad1972cd97db7966d3124e30c9a1c80d85c46da2d36eecd7c3bba5866f9eab4d0fa55b2d440a311654466432c681372a80a7896c9163c12314ac51f652aad68fd9012dc63fae6c7673c5da8faafcfa1b4ed5550f2baede5cc +B = 40389ba4d2f5fc152308c9e8a8c36258c770fb2d03e6189b96c4f8dee97ccbe426cc14595c8482e9e22486b61fc570f0e7aeddad2f4e3a480d4b75d14294a3b912928da5692043bd98ab88ece87a9bbd973ec82f990c0ae6091245318c2810187d69c38fa80e835300ed06c0723fe475f3fb22de6 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 8a0f9eff3a210912828fd7b5f2d72479cc9ccdcfd3e8d21739e301de02dd5c257c7ce4bee2def06c9d0c90d5a86bc45fa9f31e456d353775916b3d5684759e4500f99ca1f91f6767a5e2f4b735ae4b756d56c358a06447fa2c2ccf0ce667be4ed143e9e1dc627a561d92ae53a62477270a7944482cbf671138bd2a85fce92b08 +A = -1da555639228fc6ead68049d836d60a4927ee77472fa0ffd3c787d55b6067012560f5b1c2ef8bbf6119345dc6419444c675c1c9cd50602a93ba3718a5b3e1a30bc108d796998b24474cdad19bc2960b295fee97e03f2ca7589a3daf35bd28eb37a67b5d2cb35a30998d5f8622bd7e6b7d3fddd1ae9670 +B = -291fea1ae6dd1c66c62ae3a3d22904f4b4adb2a48cb795d50074095345d661a033f67b20c5d7231236dab871892deaa9458c235c342bc81457cca3f014a75f5124ff4da005dcc1108e75527528e5cc9c051a97fc6cd202bb9166f9e72e366bdd77c965a70592e5684fcaaf2e03421a2025ca190fe158 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 50f4d25875150bab63e4162265a632109d6b4743f9d6b55306858034732a4895ffb3720286acceff287c38320ee9945dcd0a1bbe5ae1456b7f36337cb7d22b679a6821a450765471257d52b6ab7d59a763e75e9e64581a93aa54761f6a760866d6baf186cdf4ad2b1a6af26a3e76cdc261d1f07b0a7122c8ffdef595812e7208 +A = 78a1609a7f08c93c9bf9090ca7c93459aef815719b5dde5f217567a9f68ceca05594f6ab17a4666ce1c0c4434e0f4f38ca1f33e501d6958a10da47211cc011da219d4373d2bec4b7c6477b1ab3b00b6c45279212db39bcc11d1e7ba49916c4271adca7eea531adad509ae119348f374ef1203c5af8bc019 +B = 152b46095d3f8db5e6e1a9e3f35c085da00e52764b261c3aa775ecfcd38572d2e86bab2f4bf29c2de4fd2fb6f35f66e8685714634e1be980773526bdbf9c43b1335c5d59f4dffe1a1fe2495ff9b7a3fae3e53e7c3208968e1ad1dd1dc8cf2e2415cc76dfe5df9e2e1eb63f7c7687d539706502d56247728 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 5a3ad8d6f1b0763b77f5d40169ff0013de638b459e401f50f4cfb505565c8a4465e28ca1bf988071701dbf52ac456e01e170788ebd2b7cccb50dbfe1a65a89a8aee18b3c11986c9d6e6571f964f376f322e10a1ddd9310bbb40f14b0680385c40975aba43153970237c535c6b0e2cbf6bec918a8fa26cb2f69e98d77215c23a6 +A = 1d5c14b0b51cf31e9d97b7c49cd26097d40454978663f8a74095fcbf9c63e533708befb1a467f94cf599a41220ce13493a273fc30c49275412c5205db712d5e1832b39e65c150c3a4b251e2aab853e4ecb4f00ee5ce6982ef9215775a33565bde3ddbd932665aae506941d3ee31b3f9e4ffc0651f1fb4a5c6d +B = -93cae5dd84584a2a3d88028d6d4cec4146cc5e350b4d92c52ba2393ab69fc1dba96e244f98e2f93f31230904169641aff30dfbdd3dc5fb1f3489d63aae1efd29335345a79ded546e42f2ee4a70ed932699fad17a771ba65fe6e689664bdd1135219aaa905c962d39531eba3e82c3425c24041e17858cbbcf2 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 61211c706730a1b98c628b3c8cb070a42e2ccf9fc6302bb1c2960fb165087f210e9d93416ad9fa21634a05dd0723cc23b8d2a846ab7c3bc402999138433725e737102094db5792249b4b5b1514a416b80c804ecfb04653c5ab18b0a34d8777f6c2955ac66fef62c9ec2819f0e3c075920f951f86b32e02bc43239d9218580067 +A = -46c8c68f492d8f7ac7834f89bc76098146432c59b3301d4eb70d9861a6e24c7c9073f910108c7b35538a79de10640291b54e5755359baf47482b97af56475211573576e9412ee017dcf961a090a6ffb5cd995992ab68e3fe60b6186f7595bd9b8acf8695c4f7359cb2ac709f032fb993d16a74822b4935536453 +B = 46953f424d988fd20700ea08880e7e09ac22d60cfc294bd4aefe637408a3cacfcd0ea6822a679b68b665d6bebed3506d25edc83cc7154b83e22953f9d91157cebd219cd5177fede28c63a15710d0f92bd9e542a7586855bbe57a94c520408fc920b3f8d65b194af2b2a580c90db1cdb27ec26ba929de4573c6eb +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 50a063fff02f2cdc68edccc23976f4b3db99641073c85709626292b9475b9a988fb8509a6223f0a517dbae0cf7cd39dcf1e8ae75196d9f5008c661d8b5153cbdb9520c71068e4719820bffda4c393032edabacf99339e0cbafddb6042ef887b8c498e87e16b62417934015172e63e7457242b864a47aa10e203f47320f03c0e5 +A = -1740e8be7b4775725516d37ba643fc64203f3a61e6b0164d112af56666ad97afb0059c2c4981fa81d72264f8669db4e50e11865907655b1f669c88f5935cacf1b12c1db63cc84507af12cf0210f990994055d04d93f148f213e3d4fdcfe9dc42117c059897697914e3e3fa8fdbf0eebbbb9c3b9fdaa7efa0c9d5c93 +B = -226308f8fbb35b5f9d129c0f6a2bd3e5c272a408bf32020905acc6d02d7e506191e76a3a2ac47cf7a63e6306b256f489ca5cdf76c7c3eede175ee4a7acedf922955e92599647b69d463cc14f2b178b88cd471b8a1c1512caa66b6d5fd8840b98b8d070e6593136e98cce9643e006b714388768920a79944be36624f +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 747cba0d1cde75dfcc0b2af9072c5027986b3e3917845870c73c452858ba21d6d1615eb71ae1b5a03ca44e22845d5432b368541b52a4bb02498668e8b99dfa2eb90ec1948d90564e6ebc388ee9816e329e1d8da0d3e2b12d901d47e22e8a1fabc37408be0f89e7a4ab0f30a03f7e2ed817006809e69c21104d0efe548165f64c +A = 5fa76e37aaf0eb3d34d4f4c590e02b6c63fc62b1d4c9e172cb0dd82409df87ecb43a1680a2764f62d13a5e919db2db08feaf98d5cb92a859dd42bca1047ff57b8fe5974fb3ac11ba2c0d8e2203750f30650db4b2cbd31d07fe18c4df84a0dfdb30f9e528932c097e89d8f8be6ff029dd970a7d2c2551529455b9131e7 +B = 111199f91b3749f8cecfe90e9b9b6951472cb701beb39d63068c064cbb2a1e1d30736026f781836a52ad0d828be6c20303c6c0bd03ad664dbf6044a5bfb67fc20a049fd37c62ab0795d836487b883768ef7c8f427eb98e5ab6621fece77b4955822f8efd190c417ced398c221215b50e9532a869eceeb605fa1c936554 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 646cdb3ed472a7b4599f02329054846a8da173000eee7533240ade4dba82ee3d7a6a92baa3783c19dbd3f76fce6b5bdd83f1f229b1c71a6faa18602e368f1b0b9f8c62bd8c854844af85c2081924c9a153e27853b2a48147950fb614028e090e2198e613631c95e565c2b9b64a43237fd4052089f9d1dd2c00525dd35fa946ca +A = 1c8438247c0ca376f508ccef7933724df512f9e0877596f7f4ea73dcd824809bbc472749833b537eec01ab23656e9758da22ab8a4aaca1aab3fe8d2cffa6672ca0c44ac029c2ca6c3e71780c28c31b5f154c8dee782f6ba009a69d83b1a3a03a2d6275bb8bc3932a1170470fb7e405ae081f4770b535edf49f73a12ba589 +B = -e365c8edbca8dcc4cc11986a5a901e4ed0adbe89b0ab70a53aaf5821862432a1320cf1850b515177b630e12692cb025e3aa43e9acee0d8ad5e48bb15e9a3f34cbfd39d285127b52dde58751f572ae68ad98692899ab12d35e33652c4426ec60c5029e51f7e32ec3d2031032aa7b6b2b63f84fb0023c81d031773f3652cd6 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 7a3e22f4a3f7ae7512ed73a07abb5ce291bc90bad507a5ccc0c17185804b9d231b0ae2e72bf270dbd60170f34b240f716529a449abea0b3d98ea2890a4ce3d9e2214819aefd070e00201e9f271de925c4ba59651e55174c97a13a30197e46997c6c2b152548111aa98df120a617c54b71f8eb8b0c8b4dbd5251f5509fdb8a1a8 +A = -78a99d206b4f095847e9a21de273aa6c47034c9afd4c081a8e93c2d75f4ae5b090921ff5108c863785c413e2f7b4a361506fb66b7561b8b1c5cd537e90274bddaa4e91ce74ad81c6dfbfe1a34a631dbe455d74ed9d041a9183da3bc469bdb214d2ffe893f89c3ae30f8ab99c3aac4d2fe864b891fbf4f537745fddcc60504e +B = 5c41274e9590c1ea44c113ce505931758f2cef80ba3b10440941ec9aa2ac984b29868bece2922eaa225555dde84a8334f1caede99091165151a39538e5b7390e81df757f521236314239c213e9b874e396a022f04629c09bfaf929a0e9fe0b0c7386b0541446f6a2570491067f64e662d8611c4fd6d1c78a9f3ae69f34d14fc +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 7fd27b6549494c9bc860146a3e8ceee785ca03faa94b0ce0a964844e7871e813414cf3f111da49fed1ede5e71e5539f34173d41f9a17ed129016bb9b04c86487f5def9fe350fd4dffc67b6e181e3cb26378ea15ff9b9ebdf1fc86c072c82ecd8bcdc241301daf1b774af5f90f37e45e6126c5da7dd3753a1e5b366038af6ae31 +A = -1930548d105661dc25a5ee303b61b559c4bc1f2e28b2c40cf3e25f98dfe01a7dcca0f3dead6463b55a5b2e0440a651cc9e08e125535e081c742bb3b2f8955ae897909cfca683a4822896d8a4a7073c29a80571445c6a0d53d2efe4a30a79d2fb5d08c0f95b735a1cab17ba40d71b054c9270ba6bc870e58591fb1bf9dc9b7ee8f +B = -3e2a4c1509494f94406e3843c9446edaf0a6060144637234c6d9ce84d70fac54ed163d77d210bf557bbea0404922c8aebec67a0475a3c7b74bfa2f226403ce987c705c712bb8eb0934c2b390a173c3836378fe71a6939e48d187b27cc7236ac115309fbeabd9ffd0396fb7fcd6d46a1dc683606c757ddc3212f5d2ff3f2e450fc7 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 2078bb5c82a394c30a287aedcfdc5271eb3246be05954181ae4f86ad2880ce674640ecd55c2ee3f4e89e2762139586516a28558481303e3071cc9ccb9a538f887553bf5726f3849fc41ab027fb1c680ce7dee3982587ec71b3760e5da6956d6894ad8c4526d8de953c0e681ecd44883a21f0abef1544fe601743efd3e5eadb8e +A = 40b4ba1e977825b7accb941fe0c0a49936a8a47429dfff53502fc0680d705b9fa0efe003eea3ff0b649998fdbae8d0831bea7f34159aa4c7add6bc7cd56fea97d25fb9a6a10f4572c26d792b76c18ada19b0ba06b6142c420dbb40d66be669b7c51d8cd2a5022fe1a8aef7b60965c0176eee69c32ca5023782c5410adc1b15dbdc7 +B = 1bb2f18d7c8d306bf80ae1901115c8dc3d286baf537b812ce06d6872b61e5bd44f3c53d7f31ca8461b3628b255f85338cc325856fda5a6248b7c476532c1bcdf9713dff9932a50e52a9441aff96092d3fb0fd76046a8d88288d0cd55741083a1bdb20fc6e9c20e82490273354bd826bfe001322dde9a15763f2c0e6ffd2cf60019aea +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = ef21dcee9eadceaeab13287d6e3c9741811f6ea9d5bd111799ae05260b1de2ffbc192818fa45dd7befc3baf6840e3b9d24cecbcb2cb1c3d653c4aec6531b941d926fb6692f548cf81526acd0b6b0289d70dd11ba50ca8de6e174f502eddf47e57440142c7f74f594a9abcb48ce1873df057b132ccce8b364de3edf411089d28 +A = 19d0109e0c47ad45f57b8bb8519265a4390534d2ea07f969d84ad33556518b6234d40d1631be3c3cce6d59b7be14750aed114008458f50a6a84ff75b4ee7e4b826ddcb2d2293842ed29e4e484260a92199c5c66367c402bdff0f1a8057127c6ffe452498bb352802e0005e6cb084663bcfa82783a3d72f3a2a341b8075983892e86756 +B = -81fce71491eda139ed996f6a289dde8635a3a257ad6756e844c768e66746011fd797658184fb44b0e3f3c5600c56238ac7687b5be42529d5c9b97c3ce10f3219e1e451bb2dfbbb44cae0828ef894eff3b52b8dba4c115c3b471984441045f2c2db426cf5f86949d5bb7662cd40bb3b3172a19ca3fb6858315d688f13c17550e700cd5dc +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 8a5f90344071790373044193cc4fd92116248aacf05ce639b6aac4461ec3ccb0805ff9876ef44fa71088c295db14fc820f7ae2c0aeeffca055f8f7238c6c90db706d02f2cc43b4960abe3ca4b6dec8bba55327b958e75c60c5d1f43fcf9136f12481c267481a725eecc403a16aa6221346df680560ff316a63ec8b51dc37aad6 +A = -7a54e7ca04b9a22e2b986e72e634317ffa20f6f4ee90353d559db3f3c1bc6b3b92ac6b364f6c5929090373962b49b59cb5d87554387761164982955470cb45dd00c4a8982dbaae3a1ffe700e8903a4a8e4a21eff9d00fa496d475e0e1a205be267499dacecd31551f8a9d437f37dacfdf5a2754f0876a3e02509b78674e7ea2169c43f29 +B = 652001f073d63ddd526abc957bbb48ca74154c8f9698b988178b3313dcde9acbb19ea11a935184fcbcc31e0117d8d2ec695ac56b5a71614a12cf90f21c8882187428755b6a5f11c314ac8b952ced0f65db0987f0f87e20b82a811599f4160e65c7418af7f33604e7b8952b70581e3e02dafa025cecda970d04383ee552abc620dfb9c5df9a +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 67f903e0e5623258826b681506f3e94cc0b086e262bafaa1395294aefc9f6b6323410a44427010d5e8d8288993973ad9939199b85cf02ae0a09dfb69801536a3fa6af5ac373add7efd25ba5fee6d8f040e97056f9f6fbb45795c0bac94c51ffeaf496710b00bc9ddd8e445261d976168771060c9bd9d83838a84ee9428f59d6f +A = -19c695ee3a4ada840a7e3626e61047c5081867b15843ee9a6506ce45540d23ad25ff23b72f988bf26ab8b98363d9a2997773604f43fa732f59a4b16ddf3a45acdbc7976a1fce01b3dd55559c20acfbb7501730f794bc45fc09b1f035d60413bbcf32a83fd3c41599049a674f165ac5283c42aef213d777ae47eea960f7727f5758146efe5bf +B = -210697d47beb73f45207340a183a729a1e78d84bdde1c7d8f80bc84559c4aa4572ab0e6927ea175acc7a268d05616201cb235e610d1012500c8ba9351a37bd68b4ec42227bea55cef5ba7d12ffb180873ab9d33d09e6e969df99fca728dc12dda6903169acbad38388fa9b001edb09056a2ee2aecfab0468822bca14a4bcdd3a4122290ec5ce1 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 5fbaff0ffcfb2330283fe59611ef51cf045bc2690e31f2ad3265046fedaa990b5d5060b3c38f17bbe8b2696e527fd77ead8650d329c2e0c1f3b2f5bec4dd85641022f3e0ae6f66ce98cde1a785bb52eca796ae45c33142e8264621ab447cafe988de926544e1a7036710128c42fe8b574f7ad69d830894237d95a55d1bc7f5ec +A = 482db04e35f9fc1d87b42bc5efe25a049ed924f816e1b0f9c8ebe34bc771e67e26d6057563fd5d5320681e1207c0b0f4b7df547cd6d5be6a2e0f2bfb088f990b0303d0ef263cf45681e0e9a1147c29f2ca5251faa633ca53f6e0b109ba69bbe20c58a76a22789243d1acf128dcc936602e832a20a2bfbfedf963bc1027650f483814d7f5e6905 +B = 105aaf563d4c1d436c6a4552770a527776f40bbb844b7701313c5ada95180160e7cd4b7175ddb943e5a22c910585dfc184b52935f06b12c84b6431395f28af2eb9ccfa66b2ee8f40fd44d753c6a83d67a6f3fe3658fecc7fb2f4a8f357c5d244422e48a33d0e2971059695a59d0d39b235d5194e919facbae7623ffc92d771532b6b0cf771912c24 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = a9d204c1a497f350fa1300cbaf682c947eaeba8b3aa0450c1db9120852a2edd2a0249dedef3b3746298ee42834d869e9f765ce987a2aa4712a1f35ed10d0f7ba9cdef938b073c3a526e5bf45f3510c94ff1fb84bc77b08e2aa50f5cc75e2f4da37a8a711f8aed5e92f7e486877229cb4ff2a4d0755029972323c0b51a14fd1e5 +A = 13fd3d7cc9d6d6821d2f2b1c40c8e070bfa85b994ee8f3e0baab544dc71328a1a57b7ee57392ab6d24bd85f9ea0f2a312148fc4f4b22c589e9a265d97e73c7a5b420bee180409ec179c438a67abf37eba61ac76197f3c9ea5edf2d4b8aab91e9bb1a432ef1f214c043664a51ceed1f2854880dd458ca253f09d6f6acafafec310774a672d07147b1 +B = -8c90ecd56d6c7cb129d1c9c26e94cf919c5747450542cab52281d11d8fbfcf9ea797b29588340d146cc40e77dce007b68c0c24356d4b75513b75eccbef6e22a5b88417cb6c516578d17d871e7d0957c09795f9a0f19b811db75d61c27e1827fa2773846857fec020f98444e307d3e52af501114b962ea705cb0cdf815109054abd00810dcc270d7bd3 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 57aef35a3f5388c810f576dbc30d4e4e5a39248b319b7766311157179d8bc1d7ef019cdd8c2c0175a8424abe7b33565afc0128724fa38f0900140b6f96bda2e78d7c803124cec8c2f2d6649afde4030c76cd33394fb386342d1ce97a4ecd180872134fd4e22667a687915bb4fda21f7e0bc9100ed8cd3a6668ed3a235d7b15a8 +A = -673bb11795d9d20a1e4ce8ae71d041705990463964505befce5949f895fa31c92d53f91fbc110df4e789b3f3f01f184c55df92927b8b680cc92864466ce5590ed2e98901cfb78b32ea79bf68b57a14cddb53209e08a7f430fee23f4a1475fd2640a515f8b609e98c760b4301747ecb61f1e6209b07455f1c8a7bb4e20c269e17937f39c6a2fb7b2990 +B = 46beea6005cf96a2acb16f37e357bc8975f4dad502fc3aefb4666344dde456c0ee7ea43ec493b6aecbc7aecc7d4cd107aa09e874ff564f5d59d7e12047b048c1da1faea36a7e2d02d0567bc4db41b54a75110626d13597db698fffd577a5810286ea8bf50625296ee8070419345fa269a354ca2eb47fa3108387f6a4b2c0ea3e779908a14469106eefc14 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 5cdb7c451b2950c9d87638857407276959142958b06241b2010a9f93625f9106f065798f79ce5c534b9e5a31fbcbfc63cd200fc1cf10217096aa0194acb9043ccf7ced30d9f0bf66e0dfe27ee2ecc40bcd8de66fe2ed6f8cb0d874ff7b5fe71951412731fe4e19c34bee64c9312577b9e7b2ac08ed15aea753a6cd3e286192ec +A = -1eee9d5d3854db52f9b43698e05d6a0f1d1f8df5f32884a775b25110309c46ec5c7e112eb64b2d7f948868bb9670068779b0a78bfc7e17860ee02692ec6790222b4384b9bd7db5abf29c46261c10d95f503b821a4694c45553e0dbaaa977892b916cb8990ac9ec29ab5c3d63ed77138fa1e95f395b3b233d039ab5daecb0296203166e9386d1071c61cb1 +B = -34587c2bf3473a2c5d7f3399d5ba2bb09be8105a0b9f3d8737d67b03d8b91b1c869f4e223d6246abd36d99d84052ae5894e58288a614a0da8d69f1aa57428632c2b059ba99315ea2f68ee210e65a741e94125ee4a723a7828bcc410aa2dae06ea8ed6cd23f66ccca7e85d2e071055787f230ee405e50d1519377cfe0cab4e5f97b6cb893b01134813a7c2c6c +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 95d0b209654de56bd7d6f74afaabed2cbb3247f449d80511d2d3c689f84c9b79587d78abdf0eb37f1b89f1f8dc8a83f7f9fac2c8cda1fd3fd64e16f5597b7f0a1df6da6db9e828ce7be0e876012bd52f5a74ca73ff8ca4611dd9f342bf77b485305ac28a1f8ac7538169f2bf3e4ff4dc5fdb9dedb97fa743fd8ac8791b8e288a +A = 7821d4b65d529c30b8747e184e450cefb11b5ac5dc77905e6fcd3df64336661c82ea68d588ba616d23df485ff0658fb3376d5276027a40b392f47219edc5ecbf510cf0c5b431b02c65e5f432092f941d32ac5f71ce3496e403c7637f63a23b91e3326d01d2d32e99e0ab265108dc5e7919d3983839b3c7541848dbcd420a594e850e587f1846951852ed76d +B = 1adf5c428f2a95c27a943637758d5dcd7ca36592fcb9d52ac0b7d27adddad5804e3edef257aa51c716801ad0c731e13c5dd000f11b5ff1b69c198f236695c1b2f99c0afffb5d084f80fdc534de3b0df4597404b50c7e784c3c55dfc9753c414d145eb0ca4d07e2f65b63f3eef8d391250a5500ef64d9bf963d7250d6906694e7670f92e3d5a7930f0f85964a21a +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 46914b197b84fa99addeaf55dd803182083a7ae34d6d4d3a55d6272af40a600563cc8d9f6b48110d0521b8b99751235bd5a340b1743497ef1cc459dccf5d6da970c4c3103c978ad2d513298f1fb3e68b24a9c7b0795f47d8f7f6ca9caaab9a9d80f15982599d764f8738217f9158517806fded5f3552fef8b7dcd2e725ee04d5 +A = 1c9f5f2a0d72806dcca92dac1450a50cba05b5dd571c2b3b988d33528d90ecc83444e3ea8df80802c30fbd5a6ec2ad9969be73aba6dd27e0dd2c842b95371d7547768916c0cb036964d041284cd323c8073095b2a8cb8797add5cd80f03595de9d18af8df7dee0d250ea7048faa47ae0131ba3f350d82864dc95e5829b88eeaf2681433dd4d58b2c6f70426af3 +B = -aa1e1b3cfd5ca0facc75e46d872584d55144620f849ab05931210b4e1526f12679bbd9cf00efdbd8863970e2abe8fc9fa7bbd21afa9e364e3c9e32f51fe66844fea4bab7f3b1bd278fd803f6bdbd0d296321e67751a0b894da338ab431871adf1514269ba05e0cea5558cd5691920fbc18237914f3dbe4b253f774e5dc1dc57023c080a3b90a004b809d237658ca1 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = ada55d93c533716ebd8c16e23603071950aa714deb942ebbf77206753d2676a7aaf61673c03a4db69d67faf6273828594d85e3c8cbf38460fa2af603fe9c1b6ce104854e7281757b26589f079da80685aec153fc5fd1a223004cdf30247f8398b8e92899857dd199d5d5c32412bedbf9d55f20e52895fc1dbd04c84cabfe1264 +A = -7d22392a8da1966e6cc5ef50d7409c614f8c8f8e5791778f68a00b4a056d0002707933043d05e48347bbd4d0dc1b6ca32a1aa4bab9992e7e620263283eb68d97af13b90a29c1b7dce39ec0b8a63878e8d65aebfb3bff4e67129e3b3725f999f1ec9ae92007911f2cdf738499661c5b6c9bf27712d0f29e871b17318e95c3d14b2e472cf9e466bea91fb71a493b2d +B = 40279eefe59f954aa8c51c9c214fa07707b1d095f697ca40edb820401a45c472d1d7bb413eeddb64c14ce6144b4863fe9337ae4ae8698db92facacd6a56f3b33129c5b608eafa29e9d92dea620113051b926b80b75f320d7ca3d2ab597168c68774e68c47670458f5ef2ffd4604f20bffcc7817eb09c9057fd9989a6786a7e067ebe6724a89e7d1580f94ee4ed502cd4 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 4dcae9def5467526b0ff071003e56f5537852cc0bde9d86eaed2c15e36e6429c68c061e12d321bad12e29626b5013c28f118ee59624ae2f35d2c53bfd89e6afdb6db79f0321ad5c55cab03e6a1a97ff7bd58c760d0e9fd7507de987ed2f94f9c79569fe7f03652cd53c67ebc6bd3c9e6c5672891a9d2ee11b300ed3b19753c0f +A = -127f5ca6924851faa2340c4c8f425b1dcf41b313c5c2910e5eff8ef2faaeaa43305de2b3a65a75fe54c00fb30c0ce3e8007db1ea222521190ff1de6d0cf2e777ed61ce8211dc167bf115a77890d0bd1ca786e967a04f077c89939ce484bbb1c560f669aacf7756a4338d97cbd7f09a376d2dfd4d632bb451f52c03c05762f050ebbf112f8dc5acdd9b631292fd7073b +B = -3bc5e9c352c46449a9155b7ce5478c771293599cd2dda58a962010f1f21d094aa6bee03f9311545e8dc6213f6aa73c08b55bcdf4d1d84fecb9eda35c83eae5fedee75b2d15a003f8a82b2b788ea19f7460fdd8f447d973c950b3b250a3022c19ff312ccdc86b6ab50c4ba627b15968c8a66d306bbdae8e88fe28c1853fdfb3fde92353f46b5bc448ae42306a4c91202f03d +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 62a812e35f46e04b3afa7d26c8fd4eb168b6b64cdc839ebd0a46bf2a3a712af8e97380cdf0bfa8a274f7b73e887bb4cc73c6104a176d425aaf5352f14ee51ba549a6926bd8d059b8e3826b174385d4635b0c36df75a4e7da44c34e51eb82322b34ae00e8c712eb75b3882822bce5a2f2f5fd74355319ebe1973284c690bed2af +A = 71c57b08127a956f0c17fd3c639bd1923ba19bfdb83c0cb9dd78e62b8fe4b7e0019cd0a6b73a334c622118f96fd6d91c1e06d4dcef8a3d0d6bf8f5beb6389226c50d14d3947ce9f24f7e0e6a7befad2e4e92dc9ed8fbb9811d908c03ac074b2a5c67b67831a350c4d548ac70810bb5617d261a045e53cdc48117b9fe86d35950d0a181b73c8cfd35edd31af031178523b +B = 1cda2a51a707f8c4d2cbff6337c3f63519705614c26a489b545b1faf366b705af1d953701b568a684856fd3186c035f878788f7e5dbea16b5e7b6e767cf611452a4272abf2a9c5e72b7251a1ebea5098c60cc5bf649cb70980b97d48580967ffe2913309b6b78cc12d91025ae403928851902dcdaaa60f5b323a1302a5ce114cbe174e3eb3c2fb5eafc44076396c23d53b028d +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = a9213cd809d41b6bbfc2123bb84860788ce22d5b91f8e24fb616efc286a218ae9652b42912a58bf8ce596a1b48e4c72f27e52c36be1940f7d2138eb895ee36bbb917a59f73e0b6c3266bf4759ffe2ffaee3f6179492658e0778bb43c4df4bfa1a46300c9da496033142ae2c1e33333fd7e82c5a14686b255e224c51aecc2a590 +A = 1cf4e2d5924510a5fd06ff4eeb94a740e430613277149993004b8de1a2b96ada54b05365f305e896df5fdffd3d7bcb54f9a9dba9689e5ad498012f7a684d083c31d7017aaaee720bbd42382e526a35d2add21d9369f7faa41dbcfe3dae426948a402635771a977e19d5c353ec7c1abd279975f2effc0b7bc19990154b723f2f8c29e606581ab9d3966702f68d8bb8065e9d8 +B = -cdab60f9b8e1add4c54427b638ec5f76b30654d3649b500f833b2943bf6cd5d8647549657a8ff999eaffe413ed87e06267b97bfc1b77637b57f29039235548a7569fe6d4bb16ae9c6cfd38c0b8c73aa60797d0d69b03d5a98314f7f7ee25df8b896ecdfc782cf8057f038b6c3e79c99df52f839fd4eff302ddd1256e51eb31cee24585782a0439da3db2eee79a58f889d8847fe2 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 4dde3d63aeeee47441a7e733bcccbd4f2e495ca3c746468e9855177f7672d5d82e51da8e268ac24e8971d802e25d842a16a6b8d76b8e46a7724108c02d38a4830453408ca5ced7093676a1db4bf4c94b9b7a9531ab7c26f8de520bafe4431a55a5f5d8c7576427a0f5bf2081b998b82da2e8e959f2ec4d5141b55e40bf6ddeef +A = -5770ea0a75ff451fc2c86d428f2569884b2c88cb6d9d407cc22b191849d389f57a5765b83adcea21c350b37bc6d750d4859f547da22ea8a3698a5cb6154b946331ae2ca18e7eaace951dcd49405bf8d8a716f7762eb242b8bf5e4c53a662c906c3be89e53ddf7a706ee2406c7d0ac17b54ff259c1bd5a092325938832763ac4caf0232e80a016cd1994441808d8db7e546de3f +B = 7e4246ad4af268695a51912053ab6628969af4fcaf7f1e97dd977984a1604e8c9fe6b920f39a764c27d89f75986a4bbc122f92ccd1860f24677cf346474fd9441f572f769daf834e6a00cbc027e15d6aa7ec2030becad41e1068740cde82abed768de7e2cfd325848f6063e2186faa76982b9ca73ef22434a28bd2e3a5ac477af50f258140bff938d3fa02fb904a8ee0ef3c1f6fed7 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 3d8bde8d0625fc46dec46fc657c49c8ab12a988cec4ec1c24e6f4d8ff94514c8d8fee4a08399c6bd23fb6464a38bb5f249591456c283325e343cc289c85df0ff2c1707a6e407ff7a24383b66ab603b75e2dc3835ffe9274eafea148f20764b8ca30cbe483c1cefd51f82dfb93d7793b3ec19a57f2ba03d884f345bcc3188fe28 +A = -1680dd51d8be6069c86ae157922d55df3b58ee6f53738677bcf7332d6e7ef304ecc7ff7c5a5e1f525459d77202f3e815c68f17f9a6bf358654a92f9f9acb252ed8e9e6a849da7491f26d0e33900541ab67ce966d042607258b4382b8108729a703b429babc34496528f198a7e0f814db80fad4900fbccdfb64908febf5e09805d3a3049c0f164f0bcdaaa9bbb06df8f05309be83c +B = -2c6c6b3c89f6e1d1cdd9abd1a9706e4f642a25738aebbc97cbd60e1f4ad79b419dd54bd14f2bd147b1d8e9bfcf92faccee61a43dbd1a2c084bf06a2ca476b3d169fa2c99794fc827b7f4dd010c0534e7cdd03d00456033ae0203b78a7ed229afcec2d1cb96892eb18898bf53584dde56b4316b3bc5186d97e3a9edcd059d7fe14561eefe4881beb8519c1cb7c3ba22cd2e13d874aab77e +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 5b4fbf0445807c8feec7efa3c2bf8dd86b1070638f3c87f1e173ee980412a28847b263a266506e70381aae919ae05d306d3a67a6c1e72c8ccf1c27d6296526e87f0f436c98fd1391f83440b58fadd4fb1905a484bfe8f516661e7176a268660387fe6a7266ef02e5fad91ffa69247bb11cfc1b5c3a88c76b7923a26f8a31ece4 +A = 65fe4d55bfcbba2bbfbdae831aef3dc8c8746e1d04cea174c1d336974d81d026f562225b4a297b1c3b044ccc5dc9c830a805a399bf26c0369b52ab0dd2c0ad19e723fcf9f5de2990ebe5a1266653195a2aefd9a392fd3da8c22c523a362f195babbbf5329018e3b454221b3e77cd0dee79f612f86332b1d104aeae7d8d84ad06b107715bb76bce20220d1340ecfc666b2bfce812814 +B = 12f775dbabf1c112523feab443f6e95d773e8220d66fd87bb7fc702588136a048e17ab6845a9c784dca275cfa445d007e8d8383740b156df7048650f89c5ef1a84148488fc405898f9e326cb8052f626c8881abeb70f3a0f52dd83e3ae0cb82d178cbfe8c393449caa2a87e7c8e2901a87e276b49b6d012f3cbb65641add3694fed3e3177777e78fe375f3a3b378091bb8d2998286562faef +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 4f0af7cb0c4e82d0e6589b24b55528818bf2164d41f58505a2b302a8f677df146f8077945dad3790c323e19b37e3379eb95de8abdadfbe4417f8bf8da643768a622ad4898513fdbc72d3b1d2791ec9ff40634678faf0e17d6e0851f08c39405907db85b74937ac403a9a3a1004013c7bd95a585728010689fcaf63b2031bc8c0 +A = 156dcadeca94985ea8bc0d1378daf1e85ecc4c7f8b6d6c7a5cb9f9ac368a97c07e381004023bc575691c082b5e9e13a02fe813a55e76196e4ad4b0f9b1e089bb71a0d5c94254b66e3e645fea25d69bbc5af266e730482a60105306d664f0ddecbd76d54e7235979aa2d806b809b3468078b5d90aa22cbd2c441198d4a52f6259972cf3d02003dc39dafdf3581638e56d08c5181d36e9e4 +B = -9a54586072d093939ad86df11fcd3337ad7e9e478dcbefb2b89d7555883fe8565abcd5b0a9c88ab135ce5327b2a326db645bc7c0e3ce24f902544675ff9d946abf30302f123aeed0f4e28edc72758ffa760277caaf4817a3ae8615784c81896d2404e2cf47c06b09085cd0ad1ec46cfc1f04d0272eac29e774b30f19939d08c036b185983c93ba15d1d27aebe4a357b9f6a298acca3940d2730 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 7c3ac09486a6fb518b98a9bc8a8b382bf2293e2c1154470ff7961212430fe2dd28697e49256b1ad8add082ee27b6ecc016b120e971665be801b720069d30c0a8c6ea4795613017e8883e5c0d0e68f982c328379d7a0afb7825c553e087b33e9d78f90e0b95a6597076b8ec2c1d375e2143bb778c318ca0680a64072cf9a4fc08 +A = -71d8e7ef13d63b4f417c01ec1241020a8ff4c9b2db531500984fd3e45d22b2bd581894c8a248ed7cc345e70a5698407df8f0e4ac71ed2c0d42122a4f92279346f463aed899253206786928a0eb7c37f2e51e1cde7f97cf9288d85c3ed7f49e62af0bf9abf062d2c6544d83b9d3438b3881e0d07b1fa0f2a4446fd43ab3b4f81fa2cdaff199c87965e298943c68cc15f2f3f3225efad68b73 +B = 64d52de221f102af62ab1e9526935b005c81658f8fefa019bc58e641023fa785798ed0dff8f7f999dbcc2ecfa47d5314ac6676c82170d6f2b18122c17c1e1ec1b9b54e333a184a46ad35b2150c8165f0de19a24b98327715e5a641c1b6d3ff9d247c89c8749e775e6fcf5f967c6eb5e73523d4f1ec12db7321b14398f26201a364e1371f0ac922781ee252c6d2b3c657ef259ab73cb7992a370598 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = cd08b388ffd41d0aa29a3dbde74106c57b18d325be8f446a2d9ae95fa4144037dbd41eccd50fa34096984cb11bce555c117c5568d76a8f79d308ce11043fe2413d37d6aa60c366af6c1da93d525e4b2d79fc82c0a53ed62fbf72c919db8a3ae11f5ff8057d7501f5f6dfc9ae461c308d21919d0de9e31b759d1d8e3526fee58 +A = -12e58708c30c93383cfe6e99ee3c5caf1900a7e610605706e77d8f428fd59db2884f5021d7a382cb18b75ed22528961cf43be1c700c581ceac3877e83eabd860583e6e94f3f2989c179ee5047c82b53d37054c9cb7ae08be60a91b10d49510e9f0b90ddf89f93790c3e18cccad5a9d223c605a6c567550e2b4950e184fd97dd68bf30681d3f9c585365de2cadf36a43f5a5305dae555396dd50 +B = -26ea5079ba7ed137a14d00d413d6f818e911cc183c88764de4d91d7a9b4cc7af3fad703142dc7905992eb8bf489f6d8231bdb25603ddf3c31fda8bd9bc4d78835f9ddc1e6445037f05125cb1ccd92eea2e927297e5eb915d5d965a25e5d58feb8d79a890e6036c80ee91e7469d9eb672d7a8db68905d06f5981fc40bf486575a067d35cf14ceee3ccb79b72871bf8f52b92e4910ab17e5e59ab3ae6f9 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 34714506322dccb91308c403c267f1ec75f80faf3cc4272dff4a84c13eb1e6133af6681387006c61e7e087046b64e7ae74eea8a3c0564a7c1f381e1c940d92b2c766fffdaa7318d07dbeb877943a73b50517b49e5117778b8a60212284fb92f29a9f5304f8f537e88acf8afaf01fdf64773f988cfa9551d6884baa70587ab76a +A = 638b7c549ed14256956bad532945ef9e11a50313172965386635a2fc7db79deb0cb5c157e9854117c17f1509d505d01a0e138d2e510dfcca45b4f7ec968b5214a6699b61b8ac68adf64d5394f50d577a154c013612090e2045462160d1f552592197d7da78e03491ae284dc9faf643805f2674af8652bae93ff230fc3eaa833dc62781e5f74d0f0b90290d51d481b0a94ae6e972197c6e84ad7ae +B = 141f62297ee88ad527fd1e0e09d9ab5dd80e17b32f34a674a27b00d719839701664ccca1b00da2613396cf633b0bdc4482ad3a0c3e209eaea7c22f33706ae44155f527c9ca4e341e651760d1c39f65d5e99e649d013730d2502b6b65adb8a73e6bc734b7d879b430798dcd53fa6c0badd57896cb566d9f1e0a7b3a9161e9808e762ca819330ce9319dbe7f49bd663a9f57ac53d65c6851dc7bc4ee66e08f +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 7adf54c77eaea2a1743bc5011ace45b7651846e77f90402297f117d8b1c0377f93f49e92a2457f3d3debec3022a96c74c166d01b2279553ef518ec0e612bd7b382529184640c55b89255b2679da9cf370913351592de39f804f1724de36db90c045fa644e8ff20627f67d6afd4546f00d7af093f668629f9a06c07fab5654ac8 +A = 19c491d5b55aa25f2e18cfb7fda18ed4b020e3f63244eb9f6c4dfa86eb8a70875cc898e305a7acdd3eee081300edb3e4c837940bbc1927f5ed9f651e46581639e133515457464e9c451390828e5e7e00a688daaea74620363706cb69e02717489ba9ad05774c424c18e295278caf4df4ced80b4cbd20cd631df43f2e16ec0334564d9dc03dfbc7111e4252504fb449d5a25cb13630b7c0c565a82ea9 +B = -c3f765349639beb80f888d9c8b7b335ab46b55064ce2a88180c80ad280c6b7314df52b7e73095dfd82896e24604854a48121353aa1de663eff07882771803010005905896357cd5a56a59f0db0045f1aa2c0b5626e132c169abc64b9893f95932f54c1d8cc25f215a9ef6e4cfdd6dba85f6faefeca81793b2258ae1d1427e81e458482aab87f6563abf435be69a05b195d1eda90146a8cc92748ca6f798b10 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 32ba5fc81a7747c3d812cf036bc0edc49f08824d53b91a65a6d41edfb1651d99c11ccb4c074d7f04e652276ae3fdc8d6eedb72c6e46cbb1f7f4070dc9d179ce3e21a3826f7dd2c27943a8d26b192d7f5c4aee9ba0647e406133e3e89c262d37cf468aa3ab8c5dd1b8900dd06cd600abc6d372d9408497d9e20c86a9a6a4ad9d1 +A = -73958019a5a52357b9c1d954c9b14f51ddaced32a4d7b7c95730697cf90029564118ea168d23a54381f7bbd6718a6b662e4c87410e48ac53b7767148582b0bd6a3d35f488e7fcf2b128e0a58b5d468dedabde4d624f4a82e808dd7b175af0d3658c6df1ac0da6495bc9a8dc012f8de55c2003da9b2d478e1a089fab776d99026684026968fc309dae46a6ef2412039a8207c3084f96b4e38e4fa01d131 +B = 4330fdf00bc6d13ffc267073b68aea7419ebef257d63f8f244accb9ee46edd04fe5481292de69d377ba6b6304804ba7ec0a063b42339e6e37867261b9945ec705d3a0029c6f499420e02a773476546993b3c5e1efc2417f51afcec7145a9c2625496865c11636e285d4c8b053ffe66887333c51a712fe9c8ea57606103fd689dc88f1fe37dbc33ae4e92067c5bf51b53e2f8205164c800e5abd677c73949b00ef +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 69b850a99b471003a56931f7856da357a2254ac50ed81dfae019c9b722b95af16047a0d5422cf7ab66ccd898e85caf0e03e74cc8a5a413661e5da483b3f0363e63a7031bb30626c8f73d6e99e290071094b7fe5bbaf4d303192e59acb5e53fc7cdee78576b51595d9f7a25ccf3c7f8889de68b9deec167778ca27ac9d4c71c3e +A = -1976b3bbbf92acbfddbc05b5d9e7b62a7666b239c1e6270db7ec6dc2929bad1024e745b897840853d14cd815aabb01aed580e1cc66ce37f9d1cc4c9bef8ddd35d28285faa29f2003d2a4623ead7d73302ea9f380f16b3fc06b7c2b8bb4ce4c8b03bfb6056a61c620e4decc6048cdda5e2d3ed8a13b779b8829e2bbab91e9f6b0304b1c08bf8fd85e0f3cd7ee72255e5342e077ababdbb545d7f809bdf8145 +B = -2cab554f7a5d21c499a1025f61e6c81ab0fc68a874bf60470cfac57425a451365be62c380ddd31f6e202f29769e2b6106868da7c81522e03fa6f0704522a5f8bfadbd007bac65595e149f6c585d7fc022db016bab32819049e7547bf85d4232a7fe19084907c528e7eb0434f2e5a375ad9b7d463821bef2f6a721a635252576c176ba42519bfa5d97d0e47facb4426aea0d755507dac81ccf1537b1003ddbb0727f6 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 2ce33adf34f2249f8a2d2e073976cb4c78b71414e027657fcefd56fceb022a06c1969dfafd519eb9e2542662c7647102f5c528734dd005fca666be57b46234123bc3db286cfce07bcbb399eb6764daf2b9aafbc2898a5ff43ddfae849c7549289640edc4ab7c4b9fcf5e159623e5497f509ad6f0270a41fd864c9437302ce380 +A = 509f5d5b160e923b4fdd72f4d522a713d780daa4bfd10ddbd62b26497a2e7925c495afc2abf0ecfcb7980e588f96c4078bde51c7b2c19d86d15bbdad5de72fec2e0a284dd693ce0902b40e54af87ac5a5df38ae6d1d882ea6299fbe6910121ebfebd06b454ec5f855bf3e7cd544a4b0d9a764428662e824e2a6185723534f5e6ad829734347d240c48c2c0f8bd6be6ae8a495a9e383fbc7402a4096b8c2c214 +B = 1a3b7f55307031609afc974857a6cc75821e73a1a9535bd6b8e141437c3fd4a6871c904e22c5d9289df7525ac69a0341d3620bcfc5f04b38ae540e26beadbce0002a8a8bfd0f6a270007e4c52aec2fab11fb2a831b9886997256e4b7e7ad3b0ec64c0f31fb0d637869143712291f5073a5756466d7c82c31e08e09683478229bccdedc2cabb7e426af9025185d8dd5124e08afa4e981236180e0a390004adb7918de6ba +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = a81fcf9a18ce476a839c896cc5d9b639fb1d74610e2f618c25310147b57cd77806c2aab90be7be4ed10f0122baf9b862b141ee8e4be5e0c23ea776267f14c31e50b119bdd33f2b41f6a4c43d35bf6f095864593e0d8c0f1fd4656d8371af844d197308bbff14e5a28b7181eb6e6a2b31ead7361e287f3b4550ab0484bf7baaac +A = 19f1ce60ca50bfdf8e02313f1c9a45496720a2ce467f1e8bdedbb32525d762878b61476989c7f6ae8dd29c983ea596e521bd4cbf74dba4d505dd9ea5df423474fa9725d5b65f1575d26ead95725e2a59a6c8a5397ebd6b54123e42bca44781b84c014b8e5d2c1a86cf34d764b242baaad5be285cec72ba8ace808058a0226c04f95eb2b53a828d0ac41e6b40e5a4c4092788d9f7e988752f175f075d545f421205 +B = -b115a1101d97664759538d22154de4b000c008e551e2ab10ad05f12274b10a4cbfee762d232df5188fa1161f37ba61d146e8b95fa715d98e016da8beb0600de65216cecf8b8816f6e7e73e2a2bfa7d0bac74b517b906bbc43357fca69de9cb5507bd95205515b97b3a4d6842f3d7b09606cce1c7436c462f49dd05e915d04ab6fe2748ccaf025bd5d19749cc468d228ba43452ccc479c146ac6d781717bb9966bf3835dec +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 1473f092540ae30de595666beb33e430cbec42d7a28d4f7982e62f58025cdb617cfc33f1e5ab93d2ebefd7345561b81271bdc50bfbb0db6381dc0ea023ff7c72605da26dc7da2b5664d2ad7967426ca97b3745f82528964bb68e70087e14dcf2d71d30fa0d1f7b3f10b19b357e7053fdf22bccc5188c6919eff1e5c402b750a4 +A = -68f280cecc512d51ae534f30aa198cf7b170c346c1159fa9cf158d0127d43e50a8d4704ec54b8b4295dd7f51c6771cb5767fe0c975414cbe6d2bb58ae66a095e8832d5f443498b1ade1f5bf249da58595ebd878677b34e3b4c99ba6124e2b71d86a8d99727a16746469de51b0a61d9d981459a6cebe206cd36a09f00ffce7f532e2c31999847ba000b9e01a4b84f454544b6362a5c093b9abe9d583716f4534f2de4 +B = 5b79684387f18d7de6eec3a63d737490dc2a46c0616ec16388dca2be60adcda11ae13063ede3fec177171a51dbef430f8c4b3f6d297b9d6c020fc44e3ffab891d0d751d033fda813861bc067c181118dc613335ce89c5960f952e5fd28bc72c41b7b6e374ec29b837f1e00271cab646c794579d315260921dbc3b984b86d98b8f8816aca4f16de50657e4102f34d9e29ec3a03e0da06e70f69952339bf2ec4a7e74daca82239 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 5e4b3f4aea7115d592bde9bf7c6594fee77372ffb19f7745b4de878a4024f81e8290c77d2915424df20004a7abb64c214104a3123e7c8f230c159ccb99bd937521b433dcfb065b186a685fc40f9166bad9380a02e297ffd6a307ce8d2c8f2f1330447a9c06c327b74f3cfc2e98f3351a8b385bae855941228969d1c29e9da3e4 +A = -11c1d396693139df5bd91825c119d1241c3f57b7ce95b46472dd82081738cdeb0868d18eb7c8ee7808016b3311f982adebd5a2e5f4e201ec4a34f3037d260fe580e771222de5a1a67947a4552cc03c5c59f9e60e25063a702ad3c3aa43f061a22567f938a91f1dd697c3e3978fa11ab1d65030bf327f8049bda745658bdd4ba8f3e34b060c6a2c6c5a8be54c7cb5f6b106f54a37d2be9f674f7747744d4350b3acdf373 +B = -25a65b6acda692ba3330d70dbc3ea4dfe208c0df358c50b7872245a909c5ac19ec568b1a1340e1a094f5b8e7d1e3b7e04bb4df002558aefd4540135d62d75bd5ce959128c1300b9d98429d7369610866d98b22c345e531f2beb80b042b6ad48da077043401a82e223e9e529e7407bfa466dd2680973006d047d837c26a60cabc36a7ef538f603ba19f8e923f168ebfc3834df8f77a559c9e0342e33df245f551bb242e5a66e5904 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 47872b544fa0425981ae17bb450ea346135e6ed7a9de0572ae14a6e85e8319f27cfab778cdd8cb5f93b417d9c66ae0fb7bcc6652620f7f3f74acc2bc9f2c090129fa8315aeec9ca7adc5356484474ee803883ba4695d7bc47c87eec508d16a15150cf3f757c4713de71366e958d6af045b2d282b6ce96976692c80b1e0b6f846 +A = 7e8f55c040862f12d8cc6e506608eeca65ce38e9e8ab18ef7007e3cf0f1c9a0696795bd10f8e1e1f55bb4f4f3a35c2e0ad18289e250571ccc26a961f730346efb1e29fb143ed97cf72deaab19834fa2e98e9c12ae4cd23b9c5ecef4a04c439f7d42e110b30caedc4334372ca24cfe4171ef1430528f7b57bbc823fd606fbd30915c5817e6c57c967c4c404a0847b1455da17effeebbec3f9357358e00001239aae209228f +B = 1cc00b95f6bd3abfa697400c98110725a7e109aa9b8cbbe9ae16327c4fc8e5bc93afc7a94da32e98e85e4fd5eb545192c73007d97a4e84ba64fe187ef61d17f0941e165c9fe64c7b8054e24dad30f92b50d1f526b4bb031e6b1b9058be24884b170a145212273c51692b71bc57ee53176d8702b975bb6ba96284b462da2ce38e12d86b342c7f4d3cd489fbce88a309c7df1121d7bbbaab6814cd1e54953e5cc46813ead98f02360372 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 5d193b085e57c3f1e825cf3b36c8bdc936c603136bb782a244b04a79fa713dc7b08436b85ca3b483d2e100a012d6430679b30c8e4101c8f08ca0f9010dc0f27fb37be842054dfdd99362e03a7f55ae58db7b47f694bd35d91a58975ae1f255c41617e773f91c2640f768bc702a213f073682dc761e056b34c57edd85585fe04 +A = 1bb1c759ea94b61a1721ef5680f42af30fa31444b27591a03b7c9bf5b90845ab965339f463a78bddedcd62fa21197c32d6850c61bae195f86e1c7a23e7a20dc618c59ce3a1c6ea6306c0b01b11a36d0fadf8214c36a133d689438021ce7c78b20c85256ec607360cce14f139513d9f3ea6eab067b1ffd0935d7c43419b93ecfadf2c5a902b7c39a69bdc023173bdad574adc77706c1a666d66f69578a5bffdc7cd6eee28ad8a +B = -e8072c49cea603d48f20276df188fd2fb28f8721d578220cef7db1e56379c04a6b372e56a047cbe59ea84ad026adc5d0aa930011db63bf4959f15781e060e0240dfac0e2a2c26be12a21e5650d12140bb49a2a8e0f6a86e4b1eb79d9b8aab3202bfd339096529170cfe3e0c18263128686bd9305e92a3c43e1523f97d8a6a2707773e3d441da162a79089c9ea1e094cd5a23474121188013c8c287965a5e77599f6a7d64174b06cc165e +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = aa79c899c2b9518857c9e4f96523a44607c3f6a97d1f40d6474ec79deb2feadd955fe92d789df4d362c828084559fab56b5e33a971abc5449208d31671c7e220c5945886e33ed1d804c059a8e439a92524a785076f9730732bc5a152aeffb5b9ecf3a7e4b55983016355c4c29827496fd4d7e6532c270cb9ef263573e4c63074 +A = -41b326c2b86e7ac14a2050bff67bb5bf9697f02594789c4a2b3e8455df4522546278d0620f28a680f6a88ab545de5829305485422f4e70a5ebf0ad15508dfe3f16ac556436d8fe8a8cde83ead549d88e0bb24dee52ebbb49159ae71589d918d3fac8011cfc3afad613ea09173856b7b79b55a2e43e0f7cd21eb9122d5f6a1fc5408414f5aafcff863b870c67b740256d317a0c58af9a81d8025a086a1f3d79f7408d4bfa06b9dc +B = 4730f03c389f9bdd92fd864177e06140c9dcc02d01fe7d37b51d44de140696f116d11bb67adf7db797edeb7c304386a7f5e37bfac46a5462a6d4c49b1bc034c2e0dfa56f14bbd2a4bfaf86bbad4f6d0dfa13c782fe680847d4b43373d7137f5c2ebe4ad58c695a7d4c407bfd888ce04abaaec60a3fd33db10eaba6b6acf0e16cb61d1beb9212c2b07921bfb5595ef1eb389200b356eafe8b5288d8f0e2cf252b38301de65190d56bfadf57f +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 23f9850dccd2af799f18268c3a2918a69019513c55268faf2477c50677fce277d8ce58a0cc06dfe389170faf5f0ae13ffc4954c746eebae66efc14eaef2c2ac9001f3c7ef7e32fdc31dd725b6a8093e33daa6d19808908e0c2d3e7c1c58e0fe9ed92f4d7cf3cc222393ca4f95feab5d34fe29116410a1882dff7cd92acb87590 +A = -10a75953e5fb9903411869a2949f8f04144d6e2d61f95704ff55a02f40c4f283add405353a68bf7d6acc1b8cce738f0c6f9271a538b4c688dbeface58eef0a0a1d491a9e66958750db97bd01466edfd245cef03bb6a3acb81acc63c38538e7f15deefd15afc422a8641c357c31a069258dc0ebb63f06094ed8fe7d4d420246b40302361967c81f0a9ca542fd1de01967514ff2565de7ae3b4a200d63feaa22fb99a251cad66624df4 +B = -351242b6e6d0122f7120deb8357c3bcf25d221a15f83579883bfb4dc2e6099e6b7b95fd08f6e573d93354b0676f7bc9fad563d6eb0f3567ef43efe3d874b9c7733e4fe1ef491043e1f80aab6094cc9b9c236570972233ea74e8779a6eecda23a65d08d878850cab6005159265893dc0f66920a12c26dfb421ec326a1ac09e9ab8085825c31aba488af02cd51f96b205c50e692dbf2d844ff0a989c3ba9f1c2bc7f2e7dd9458a72d310eb28d490 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 69c7fa326630d7de69249807cd8bc55c9315acac26fed3caa3c8a9c6b51ee96a7dd0b3bacd5cc13c15f199e268c5eb91d1ec36c085f83b437b9906caa6e39ed7bf09778610b621426cc8d36d96f541d0bfcc7693525d33e0c2ecd77ccfe80289a11155b37c7ea7791b5c2be3f9b954e230c19d746575afe9a1a3a9677d23c5bb +A = 7cb78ca8e5d903096630744c85975719c16333e2e44931956d8c45b001d35ed4e184dec88c9e2167d2f338fe6f25540a144cc419590a4ac7caedea3bbbc565365d3357baa62fdccef2c5ea616614e0bff60e81916eb4abde0c9725b1bf6869e8b1e11f6d0d08fd712bc68003e55ed462ad4946f7f982e663f65d45c07c659d9620d5139d2b3332a68d33aec36e21716a3b75f44272a19f860e6ab3864f06def9a5ddeed340ac0733353 +B = 16d5b074e008fdd30e73ea95cb5fb87de806319388b3a44f33c94d38be0e6f1a92103dbdfb3d23b6e1d19bdb29ac14833003e9482cb7524d0d7b4c377f4911e3372f2cea6f84c938d84e3994e80f0d68e7e385ca29e02f70294c921dce7cd3829c5854ce51d1f4fcf7dba910b51b48a3f53cb1f187182435f21f6981cf8440f9c8287a9749c92c0304cc2bc91eef32d8e6526be802de8aa16684e8854cb0b67d9f7ea00f6f0145d14e3c251f70881 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 72192604b2f3f68b9ed3e261120ea52b06a05869f6abd21828ce8abadb3a71c360a14947bc738e5d1d530b9636d796f785bb44508477eefa80c4b77d4e8e35463e15ea2a48c682d3288c5abeb66181e4bed7d5b4e0db20fdf5ed68513aa5ae7e0978ec1c4646368f206636ec90e808817bd1d03acf9adb9ba57dc153873fec11 +A = 1112d291463b28ef45e879412e6607a3e20d50dba5044e71883bb3cdfe9bc694a577fd7d896dfb836a171f3a4d8fd025d3a979b43e41baafaf7b535d9050e47f4880828640e952435648960bbb74a3c25dd90bccb3fedd254dfc0f031d0e8a468e93bb69f771ed35f1653cffea1a763491fdf6efa21aefc287cb611f5ea0085f64cc3705c784f87ce00846901833d01a3c45ce047d822ba390b538f0a24720155409f60ca0d90e13991aa1 +B = -d553fa2dff0265cd9d083ad097af87a99af3d8d93a9f4c07440a28a427082004ae5c81d22bda1dd2429f540de8df175c1b4d0d50f0227489ba570b28baa35055df951d05b584ae6b051a135d7eb2a501b2441f82c135a8ec0eb81d379b96ef8f2fd526ee62293bcb934c76ef8083727a4b28bbfc9f515ebcc2bb7ed9594a106e137ce94e9105b2e2f4776aa9c6abdf426a181181fece3251c3ef4f8eecb634e6bd47c5878663fd51c74a66b92713fb7 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 459e19faf105ab17ff794927aff86196b3cc3461e69cada53ab8c8c81e2b1820408421ea1af6ae10257e8cd9dc16386906410761fed62cf9ddcf0da2a92800d99563fbb9cb1ab0ba46a17cb9dee3f2b68992c2b832a5932e4533fbd5c4487d870f3fb5d7a1c358f4aef02993360915a9e9cfde234df5f51c761d84568400b618 +A = -7a964c62e38e4124cd2bad727138dd12a086a2bf01c095b078ce2f81288d3c8435ccce0c8e00229184091130989434bcd107a3a0787a2f5f4b0e8c23b1cee9a8f39ea279fb6081efb6c3df1704fae9e87d63ac6eac4c6687b3551ab7ddac5ca0541e12047d04c2fc760fda0916cd2b585a90d25880fcc1bde8f0a1a413969938d42e8b3b5f73118798e85b901c2e15860e29e2ee8b1c95336b97dc10a21f5300e0352adb60b40a8a99333380 +B = 743ff4d91ea3e0f9c4f72e5daecb4fb00b15b86e30bacebbe4384324523d14e22abe29b00573733f594d652a88d98c987f8db08b27b4dc68577784fde02dd410ebdbfaad9e9afc6a22a8cbb13a780222bd212fc61e38faf409e940fba35ed909e6938e83b0fdf5b5e3ce138604823e788efc3aa0df924554fb70fd2faf8249e17a827c5d85942005b328bed97e5ea1f1810219d77f2fe121ce66518e37c84d64aebda3c397684212384deebd520a776b95 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 183950095d9424b0ed09985aafbbd2e5d64bf541a56b68b42ea8cf9b2c051615ee7bb6c0687ca6fb0036888fbc927cb7aeb303750871442ff2c0087a95f4efad568f48b03bd2b9a9ac26af8c259a3fa97cd2af7e3d8f36148c26785489cda6c00a21e7eca219d1f41b2e82ba8e2c1cd752eb08a2fd50c6f9077f3096e2eba05e +A = -1d2fc778cf44c6992d1f3a056860eeb12f969358cadb087dcaebf5f96bec42bc0aa98672260adf1732da057e9e0d22081e33f5fa71f248cf89dd361036ad58692637cdfff584a191279f178242ec0ad397efc52e99462f496caa0f3133c4238aaa877fa7094662f080eb284c4cbeb992a368c2d157ac5c8c9160c167716406190fa39ce0abcdac52c8020969b87a4f84bc09a51f7b2ca288c93b1aac64e19623a7d9e69976a31074f637e4c82aa +B = -2f188f1245b75cd21d052ec76edeb5881944a143fee31c67370fab0420a748f3f1957bb8332ffefdeabd0ca806169629f130c86c99bab490a9668fd8200f4a9b1704c589e75b5c8c855f133d50b2ce06191875e2872b36c78438d6032d53004c047f49e4cb81e19fa84da16d053e6cbc7c8eec0b9129a8831eba690e0542ca3fefd204258624e92844c8b7bcdccab986475a47c8b22e89079ea6580ef8f496099cc24dc2911dcb1921d1451e2163b55bbb7db +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = a02c38d5df9ff7055ff84122342ccdf6ed7f7d54fe8227af091371f5ae62844645586adaae99c11f4ccd828103a81471bac72dc20625962e41d603e760591bb3569a21f45bf062b86b5fd1c617a4769a4d767a0ee14d104084c12ae875316a8f2be7adec0104381dc02c20b5851efdf7d4bef0d68076975e0ada3e58e101e8b4 +A = 5daf37d616da184acb278a75fda4e4fa49e544eadcf373c054b203a309ba198233f2285a1b55dc92e05d0213b26c82e261d8383a845813077b2e1b5f4553400f09410987c8dd21d4383e0f05747d0482d1a89f160a5220b22c78393873564fc5b1e4d5627ef3d4a05612709f301381df35606e99560fba07a917d7ea7413110fb5a8290e114d5200cfecb00b6c53b2ee29911bcb2fb2930eadba0ab9dfaf46443370307d9c3b61a329f0b8b8cbe7d +B = 1d9539fdb1afabeb9be6e774dc7c7cc4bb4fd63af7abb557a5fc80a3fd23a4600de3c7fae89b91f3d441b61d3e24b2fd3d7803cd71620e7313917b4afb89ef5171a3d8a68c3c74aa3dfc8058d555eac429dfb6db40a9e0c25aacd2050418d6f32bf21cbb76981269dcd5883178d4b69a931a0338b93022a2ed0f78f3d8877989cc406f19d6d082ea344309318c56be7946412ea0867c78418ec32b9fa3a61017c10939c9345021133116933a3d1eb86a3ef16424 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 5fca287abf1f487e0ec18c230860eed4a2e550228b1500b1e33bcd6675646b5afe505b55073129f22352dc2b113c584ea1b98808214b6916933e90e036b129b61657cdea9026e1fa087ee300e055ae8f94ffca933a2d70453ed220468a5a3cf1a65d81eca11cf570d7d038722397f487af60531f24a5f069671354882c8bd2c1 +A = 1d9fe15171dce97475f4ad329fc8fb5469fb2b8086e4b01eddb6ceffe5324cfbd28d791705848569739b6758ca7e7d7d49adf0c11d891b0a5879ca870d1ca5ff475513322ff218cd26024f97623bb8a53084594e1fd64154e1db702522883fcf4c0d677a7fe90096fc76dc3800816996308d8f0be2dbf3b879f8a000c0ac534511437e2ce2d7ebcf42fd1698a829eb846b3afa581c24d5bf97abc6e247f110f4e872a2474e3acca6c8c0d518104c3375 +B = -dc0da8f7adb8e9f7b0e3f293cf623528dc8e9668317910417e52301c50c62e7d30e77ec7e38d6817d1f5a93e851f8560f642f23a0b9f836812d27b1b41c0867088a3108332b8711047560052ea30c8840f03a25c65b227a175d8f340095823788adb5bdf2b7ebb801e20f6b6435e154f78d17b8fc4373aecee56ec7b8f5686a7d22c8571797fde85cec884d45ddc4b1f2cc47ebf56a879bf286f349a0edfb531168b733d43de3b86b49eacb10b06a432c96c63440b +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 6222c1a14c6390d73944cead58eae5e7a6c19d19e4563c36cf624f5b61d99991bed7dbf6a0723abc56469eedfb1f7982987c2c7af6191178cf0933ed5f191b8117c9d726cdfa8b82a2fb25ca5436023f5860aff5fd482c611f134569ae87395dd99e5e9d400b5ab1e3064210ded096411654518110ea45899f4be2516e35a229 +A = -7f6766be6c6ca9bd1fd7ea1f80bfe68693f7ee4b5ba2946846839060d6028eabbb9079a165c1a07eb6a01239f3f14095225b8617753a1cc3d9c1e69b516d8705cfda396f4f0d05b0944a0f08b478d261e968c06918914ba87c8e7b7adef5cc2a875917d00585571542af219bd726e502b7f3f0bdf0cb1dfc6796be2e22e8ffb5b8bfac7e15e991022974e75d3a5eba214ab8a1aab2fcfcdbc6ded2abf834d1899d2e3ff94bad9c696aece045212531773f +B = 49c6f869745983cae44d33cb7ba141234905441ca53172abd1a2dd8bfeeac4b236605cd2dc5b04ff9aa13de84872145b935b85479136065d2d57fd15fbd97480c25c6354636c17ffbca33c9319d65e82523e39fab49321380a130fc160857a451a69b1d0509d5718a9cff8b49c2d677c1f66bf77333d2511f58d3eb2fb47b3c162cc9be8b012d8df70278f0e21123a69724a1f126369a236d54da026ebe222c513f24b577707b5ab4b90ab0e22b4e38ceb4181d4ca101 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 9e9cc8c5342dc6d6daf55fc9aa9f79ec18592e8b9724a66881c379245c91f06a7df50a6ba0964603a6dac97e77a55d06efff17c93d5faf107fe65788d0f56483915f6ea0f1ccbda7656eb58fc032b5771600beafdc12c2076110a9b9670bd0754ff6a72c5d6e1a9e4e42c688e1cc96d7aecd815bdf5dcb16fcd1be1275ce7282 +A = -11635fe16dafce21efb1c599305e9a16eb5651187cbf054cd9d911c13e8eafbb738013e212f9c2b3662ea15ac9bd82b5751d43a38e4475d2310945a812262309094ae9cf59e0e9f3d02c92d8ab01f5733a20f051054a240bcbe3a7b6bb3f7c434229f631c4af239d33bd3ce30a372a480fdb49b2716091d26071aef372b8bd8ee8eb7f2965a372a836000b3737d2a833a39230e721e4844e16031ad69cd45ced60a64510c1248fd776611934d8d2a913d965e +B = -3bb2cde9d3fda96fd7e6b24645f8e00b43affb223f2b5c3f4b7cfee905ddd6703a9d6c01f1f099ad1174da215a645ca4707d8156e762e2a253d7cfddd05ca19823ada9d33924013f677cfe4d86bde025391e0aaf91c6b776a9cf8a09dcad7cea59ee7aea1cf5f5bfe67c9d4456332d1f98e5310db9a0230381e1867a8f75b8757283f911f1a5e0d4afe5d544afa8d86637f9c9d87428fdcf8b4eb8f477e617960948253b24565b2f23081c47e211cd3c788a92732a49077f +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 30dc89bad4b449d1df9ea9b8f9d40b323c71d7e1133bc44d33bdb87c38cddedf83bb849e83436e4c92a06546fcf3e24ce6cc89d2e97a48aff2c7e3703da1b167a112f662a89742355e11e131e41052f1b379753cfa32cb0efa3a07465a258c585cd68c86bc9a473f5262c86c50992aeccbb9725b69ea8b3a7ebd2b6a24db52dc +A = 60463fae1e9354559160d55a453c12d75775a53d1606d1fd16bef7e4ad1c78f9568954112f9280c46781180951534c5372dd5aaff3f33ac9c2e0ce4934d7009aad2ab5d6a5e5a141a36846e8925c7a28d116c68fb78aa9a687ec9bef173c1b69e0d7261f96eacacf237e1fe5874e5d553985b0fe7692ce8f2a5feab9ad9a2ad9c4bbf050b73b8030ebc36b94af8c6ecb67f8c94607d80cf600efd4ce4aa006f9b1832da8a1fdf8a564be0b4369149e8639e1714 +B = 15bfc50290b771ad147695a4c6701c47f2e8aec0657a4ef999eb45685200981b0ab5f8abc143d64878b85e9548651a1afd0913e3b14d11d3a26ab9793596801662a67b0062fdc8888feb029266f71d170518b6a4a040f59996bd4f257f221e830d0faaa9688aaa6afbc1f9b40d25097eab9d71d80aabc085f3a07e48bcfb37119aa00de60be55fd07d5b1281adf7b98bb589cdf2026252edf2f075ee176e23afa6b1f924c9fcf3c34c76752e833278a2e6b62017b88b77eece5 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 8b506c9bfb75ab7ab420ae6c9b371ef035fab512188d9df76f0b31831573b44cb08266186a04d20cc761d61b6df3e33ecb86c269205c2c79ae6aa4d3ebacac8ec71d9bce1d7ab146530b131c9038041c6ce8152a6f1c09b9bec8eea4462dda0f08d75edf296eacbcefd62a0c197ed30f799343268bf6edfee4995958db7e0420 +A = 11c16713fbf8bc9696782cb5a88174cddbe68a04e8fe93dd074aab33dcd85f92baa178b2f3b8817be0cecb802cfd3ebb06734c9d399a1f090e3a8a2110aebbba0e920427bcda74bf11700b945985bd532286d44a1a615cf7c501412e454edd647f8371cb8149474557a0d47cbb782f460de7a3cc28991491ea0fc510286711b882987b09341c079565414f2c930e7c3c3a3e3e0f1d786260a7f45c70e0fa20dfc63849906af61707cfdf5a9b7a4291a1c1586d16b8 +B = -cf5638af39c6da3757a09a92e0bd54f852742682dc91c71dcdc6e72f7825a0979a1ead2e158479ce5565d22472dc3853e6bf7ba43296a5e0e0a355f0703cecc02ec79da83e3e9de10a6eccb858dedf7d4c400c27486a5b8cb34d787cde6a5fd271e83a6cf66057838fe30db1f30663cdfc22ef5d002b0b5a05831228ea200f95382a58d0d8aba36523d9b5cb7506f193131916f3ab66ac9552c26cd0c2ab1c449eaeb8fde752f4f3c3f9b060cc1f8a1e37c4fe5ec306674b66158 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 347706abeb168205cef9b0b8c6b9d6449ac501af7dfbdfbd41a20a6a47872cbd7d4cd32f7b0805ecf1573d534418b7cce98181e079d5061b02639fdf0161cea5314dbbb2ef39ec841f695281f3c7de45f33664e0dd1658f645adc1dd225f781a3fb1634517c556403587b2aecd56dceca9ec19b930cead2b1d303aa056d28bc7 +A = -5e1c869e5dbcc684c245d5c69093bfeaadf388cbf928d33a8ae2148a2b5145937e4f654c5f6a36de1124bad1de8bcc9067fe1f9a44fc6ffe55ce7ed5cd0dbb6337b0e1e96bac1eb2a3606dd97b0bdb975ea59448be50191cc7ea36481ca9fc85c1c3e1c97378dbcd6b355622046888df2ab3d18d805f4d31d464f62a8e630e955beeeb5e00c70242b8f8df708705abbeb95dea3561756298b5f3f7fe16e965294eeeea4546f5e8bacf9d6b4f2136d2e206a87dad1f47 +B = 70225f0cadd328be36ece2172c836405db3fe80ef99ec74fca25406b73a537adf5073f2b550abfc4c0fcc2c2850dace0da9a266768cb4d5ff7fc6c1c248ad74f47592101b61ef96c1302924381abbd96cf49f50c44bf7e0551721a8ae85abdf9925548d13b8c5d1a27be8a40d0f43eec3136bc3035057b75aea779b4262cc66e6bc68da93c218f1920979291105d4b02117d66deb92c3e511aa588b27130202acc9f69521957f79c7e731bbd5461552b9b6b24240dd71ac449be9777 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = a2cb238f326d47f95869e2dcb295eba819a443dcc7c2785461389b58327742702f4c86e47af129f1fd4611cda93631f9333c358a29121d58286333083d13e66f30a9533b77ba3e26089e7eff7baf19bef8054af4e24735525908864ea9c4756b42a69c897003cab7b63cfd9a5927ed562e29845308eb2a55e7f8f03c87a5b7ce +A = -1aa7ae6f56c38b654b281525b9da953ef366c2b9cffd3042105ed428dc7e5f2f2d53ef90b468bb471753606cc7a3775d86bcd2f4d5119cdde3c487cd39bf31752c5ba297e529c1b8121487e0e1de702156d0166ccaf51888a24fe7b48624eefaec855e2200929c21858676ec9bf4ceed0a832b69efd5065af544e49a3d209b85a77b0953652cbf0aa897527c52c9a98de9ae4c827f762e251478c88d410123625ea52b3478b52f6b9987d42009ae427763357ab53195772 +B = -226630b6fcdb5e274a25066ae2ca2c803549dbb935a97c0d7f6ab2c971d74cf6acd265c9d6815a6b2dd23dcb3c23b390fe8b1bed92b8c64c76c0ce62d5e7ddd7ce445bab0ca905dcfd0f128e5f4ffe966f3903d7ff1c61fe174e373cfe35a6d83249ec40b4a354d46fa1c90682efe468e895ea3da710838c262e8a47752dc6e7a79fe20051f51180173b58e0aa37b22eb8efee5b6dc264459ce4d135f430cb15afbf8c53f0de894bd2aca1f7ea32b4209a22a075f7b3b18e86f778a9e47 +M = b18a9cd6a0a89578ea773fbfc0767c8ab817cdd585c16afad3600540d056c323d83e7756b1b74e4c2a84df7edd562e011412a0e2eb6b64178a9e04f67550f3081797873f444dbd03d776835d696e464443a0a6f48d509228fe976c54cb82925e8a80ee65c01ad9a5f56784c54192112fbca30a76ce579d3eb6e783643e971d48 + +ModMul = 9ea62ef634 +A = 55cc58c9d8 +B = 6b49179821 +M = f753311ac9 + +ModMul = e9ab3a2aa60edd30108 +A = 5134a36c2bad180dd5bf +B = 2ba6485656d041690666 +M = 9b9cc4409e86c8b0fbbf + +ModMul = 621f9b797e866028b7bd1ff828bf29 +A = a202338dffe171c99434d84f3 +B = fb71eee7045b3e3ab5dd809dd +M = b3e6e8d53b7249df670e3c59c55d33 + +ModMul = 808d463d06b7b7f98e3cb2783e2196c349d62672 +A = c669426a92d3cb5b316e2b5b9 +B = ccaea3874008dcc92450d8b2f +M = b04dd2bb325baed1940cd000e8cb2d786009ccd5 + +ModMul = 872164b92b9426b237858c4cdafe1694f96b0e0e4c19e894a0 +A = c3255cb24a813e27c3dc410f0 +B = b144f39e7c2d33605ba7bee16 +M = f3639f4dfb782f3107eb402fabb5fc878903acb5e02e129077 + +ModMul = 6124d7d171 +A = 235b938139 +B = 3a56a22a28 +M = 83eb4af4e5 + +ModMul = 9c006f56095d442ba98c +A = 207e14237c42e3764e5e +B = 8a495a26872432fa8e33 +M = d0cf2b8ae5c67d6736b9 + +ModMul = 97387cfaef652932a230c82de59cac +A = 82ae0fc5e943af5bb8c4adebb +B = db1279be12d59ba3a9c036a61 +M = aa36dc1d13390169cd54d711eb511b + +ModMul = 32ee73c98da657464c6fed4274df20b099689e00 +A = 9baf08248ee24bcb17714e420 +B = a7f0428147bfe098666180749 +M = ce0bc198331c9ed1d21f0d498326e8185d3d602d + +ModMul = a8b3fc0b53df3b92753edecd6fbcc5f4840dad3a44da704e34 +A = b36249e259b303e453757721c +B = f0c1db50670d92abd93bdc84b +M = b05cf978bf2dc7e093d7d164e46d547219c480382df32b33d9 + +ModMul = 2663b741ff +A = 58c8e7f7f6 +B = c84681fc87 +M = e0a50dcb45 + +ModMul = 21af3c0b42328f41b81e +A = 1f79f5b5bf78c9700d +B = 5bd1734ba0f0e59c2a25 +M = 9ff3fdfb5c089244f327 + +ModMul = cbc280b5106c2c36cb31ad7e7c986c +A = cadf6482b769e83ce7f7277dd +B = f9862a06da1a9c89547b76c61 +M = cc36144c88139ce921d2fd1740bc4b + +ModMul = 3813f2fabe016e19fd8e70687ff473651a5fbb4b +A = 9c51a5bacb5d9f055a9ac2962 +B = bfed5625b21b4e82d1f105a0b +M = a47977acad7c5deeb683ccd265cb30cb193f22a9 + +ModMul = 76ff291a02715fc87ebfb3e99153c04e53358dbd7beae43478 +A = 997c4a7b537d9500d73a205a4 +B = c679ce666af284a459ae5a26e +M = d0d0fd4922953941acad8beb65c00603b19eb44fb8ca51e3c9 + +ModMul = 1a90c92fdb +A = 94fa7bb475 +B = 564b0a3339 +M = a1501bdc75 + +ModMul = 5e7ae5470686bad7996a +A = c725797912c6c5f30d94 +B = 3a7f4c99ee3f5fa9582c +M = cc50c8b7408f09a74973 + +ModMul = 72a15b13bcd1b63747342a6be8f0f2 +A = c33357af48a2df569e3c11ce6 +B = a4b4c5c14d7796adab54b6cae +M = e22a0fdca62a37f4c8a61c96a429b9 + +ModMul = 31e179bfbf65b0695dde36a4fb72d131830dcdd6 +A = ce8d3adab8cbf15c332c0b289 +B = 9333f94eeb7d7a86b82becc51 +M = a532a76bd5cff409b580d54d12ef75ad8179b381 + +ModMul = 8f4b8a585415adff3a7bc35fa88891ba31e4a82672c664fb14 +A = 9a2b56a54bd0727ab4be57ff2 +B = edf1781b4296567990773005a +M = c5a7c3b97ba00d6f174a019c6d37eda52036c528f351bef0f1 + +ModMul = 917bcdb402 +A = 55c7dbd314 +B = 997b29ef79 +M = af5b4cbd0f + +ModMul = 660c4bb2b771f523a4fd +A = 43fe52461d5139620a11 +B = 1f8ec4b67de1db54ddda +M = d0458e215b7e6903d96f + +ModMul = 7aeff02c143e4426fcbcf32bd1277b +A = a2671586369a990dde7829f36 +B = c7ff67937c900daccc0ab1d8c +M = 8ad9c1d4d3cce681d1ae27c27982df + +ModMul = 4b153d57433f0f7276674d3484e9bd0d25227d07 +A = aea36cf51dd2ce06c66b7a407 +B = 80c9fe5bb0afd2bf8b3644f96 +M = 8cc22a67ed7e5a7a2322aaa09ec2be94998494f9 + +ModMul = 7f8447dd983b113f04c6288f9539e53a2e9cddbca8b2fefcc0 +A = f67636b03821c8f13f21217a5 +B = 8473a29f4ae33f36a0d2c6dc0 +M = b829af37b557c3ddbb5257c8b19144b90708a45a274d6655f5 + +ModMul = 17fe4644a2 +A = 912611576f +B = 7a10d36b80 +M = c5fa605133 + +ModMul = 8159b23d4fd697b4fd35 +A = be2d646e76494439e60 +B = 60fa770d05ebc69772b2 +M = a6e7c940cd749925a85b + +ModMul = 7c412dad5c9fff91357bf181caf2bf +A = 80f476ed5acae75b34ed54c52 +B = fb818e2bdab3b5f4bd84db3d0 +M = d0339f7ee41337d8462d1a9c207d1d + +ModMul = 70432c749da4ade2c38237545ebfe6c4c6a92f6b +A = ee9c92de52210e61adaa6eb4a +B = 8ab55a85b1abab62d33e75fe3 +M = cd3faa6de4cb62fece4c3f94492d457834a6a041 + +ModMul = 9fef1c18778a8691c5e71c0b5208e82778e9bfb632da0b7e28 +A = bd162c90bed25e84dd5b6b77c +B = d887ee03020c5df356f091db6 +M = a2c2d45fe9decd93a0ca3edab8fee46d27ba23fad9b5294d5f + +ModMul = 958951bd0f +A = 12bd0d3375 +B = 668bb65b4e +M = 9c617dfaad + +ModMul = 8a109ebc9cbf86613e43 +A = a3e7019f1bbc35689a77 +B = 3189ecd3fd4ffd0229ef +M = ddadc50600dff2abc1af + +ModMul = 2b4d9f85a398c852b3a0cc82524619 +A = c244fd157267f707319ba6c6d +B = 8a07018a748992429bbdbf326 +M = bf3813fb54f749ea5627f59ce30e07 + +ModMul = 28cab7d574e6dc56a6a622f8a7523cbb8dcc5e0f +A = c9909dcfd3a59a3cfa538b267 +B = 8bbf89cd5a4e24adc2d8c646b +M = c8f02682b9d480ea98faaca53b747ced33ed0419 + +ModMul = 69b2dfb3f1d8dbb13e9e479f38edcc427d5968acb7751a226a +A = 8019266c548982a520ab48eff +B = d33c3e3b13576dcdb3ffaa796 +M = e6255103732475604df7c6f7ef7e6b49a8ef9e2b0c717925a1 + +ModMul = 3eaa4c99fd +A = 6fc42faa85 +B = dd0b4e318e +M = fd7f22301b + +ModMul = 56b6b811ced3433755cb +A = 145573d17cb0c996c69 +B = 9d3297d5ccc184896822 +M = dcfb3b383506239e83e1 + +ModMul = 34315b6bc6d3690c28060485ae331f +A = b963a26973894cfb42fcb2d22 +B = e8523304bbcdff1a0ed4141bb +M = d7a379aeac7d8cf94f19e7924d35d1 + +ModMul = 2ec9466e8b3357496f07e37ba24d36a237883846 +A = a75f3904e564997695b6707eb +B = f9f47bd779834dc1f5fba0654 +M = b3ae5abed45d09c4dc5abcadc3ac9abebe1949ed + +ModMul = 88b4d86b2c1e1bd780e8d2499c2221e05fab4f9b7047c2a044 +A = a38eceb9c551f0e69a544072c +B = d5f8e7c2d534b2b8985bfd213 +M = ff81809b84fb8eed3508ad891d3d8208249d8a902a12d6acf7 + +ModMul = 172f2e2e22 +A = 1584ff1055 +B = 2e0aee014d +M = b904cb0bc9 + +ModMul = 122c10d3200270b9eaa1 +A = 86fd189e62a6dc1e4ba0 +B = 5235635f7b0336f5f235 +M = c93da97d0e95fb63dc4d + +ModMul = 3e461e10ac4eb749512097fbf76616 +A = cf4ce10cbca07164f3812f89c +B = b7e4639c233fbb0f923fb5104 +M = 949647857e1406871593fad5c30101 + +ModMul = 88117b59d9fed79dd6aaf083ee938215a995a221 +A = 94c888795567d434123d441a7 +B = c60ca79e61a352e34e0f78bee +M = d2553a7c5dccd639a3927697a2e1af03845f2f25 + +ModMul = bc5f0076a8c2f6cc8f4e61540d2d6f6d6b13b775b363dcd71c +A = c170eaddca5295d6ec6272dc2 +B = f94a5685ced7661df2efbd34e +M = fa6bc46aa05033af72aa42793e9174af2e3ba38992f33572fd + +ModMul = 1110cdbe5b +A = 5db02b38f3 +B = 3369537903 +M = a8863f7979 + +ModMul = 90fcc5f3a346d3d4ea4c +A = b93373680ea0feeb31d8 +B = 37f9dfaf0e180be64bd5 +M = d595cc29237d1c19e2db + +ModMul = 8623a9997e514cf3c1d06c33c14053 +A = b396f5ede6212f1fdfc7e7b77 +B = 81a1ddc18306f2d2e84030148 +M = a6be32a91b34857842255ef8b1aafd + +ModMul = 63f8f0254df06356f5cab8941b77619ad58025ed +A = 806b2627b08d987438f920bae +B = 83297039f4aa8efc1a185fea3 +M = bb8a7e7c19be02c25cf5682a0eee655fcd5b69a5 + +ModMul = 697238dbe3d395e81f20c9fcc8db30c234a1f75f3b2bc27438 +A = 930b04224bc097ac1d8bae8be +B = b79496a80e45212c4663e5b64 +M = 8ff7e19d967d317c255380411898d73e3786269f09079f19f1 + +ModMul = cd93b5b8b1 +A = 47a51b2d5a +B = 86d6ba5155 +M = efb0ad3643 + +ModMul = 2037821ea789118bde0a +A = a92215dcae19be637ff +B = 93b9a3664a406737958f +M = 9df360b69ed26f610253 + +ModMul = 3bf11785d28ceb668dc55b870faf7b +A = bc8758854dc48e057cb6210de +B = f03ca689620a77ecd8a6f0de3 +M = f3ff0747d6e5f34a0ba4200f579259 + +ModMul = 7b30b44f75ed12f54136858ce4fe77d00e0952cf +A = 993cd09f3e46423a8ba2053df +B = feabee384158032dd013dc08d +M = cd0b21388cb2033b1e792ec4078334df70b6c8f9 + +ModMul = 8ce1e17972f1a9d2e9437d0c5219354728a5f31337808d7650 +A = 90e5d18b017118177ffb080da +B = f8e7e09032574f6c66e623ec8 +M = da795e6ef63ff7dc4baef5c327022ccf65d44e3c4e24823f11 + +ModMul = 8fcd412054 +A = 2e7f9b1a +B = 6283de2c9a +M = 9bff560ae7 + +ModMul = 57d0d3b79f1e2f3632fc +A = 2f8cc403de5af54cfa39 +B = 3b798c3ead52878dfb2f +M = 805e6cbde400d4b4bc9b + +ModMul = 23331614e88633af879201f568c359 +A = f21f19da4b20980979a645dac +B = ea752050b79883dcd69222536 +M = aed3faf4c88f7c4afe257c5ed90599 + +ModMul = 56dcf9ae1c787e773774df3c8762babb4675a212 +A = 9accf901fa599da05fa6ab5ff +B = f7f6b9b1d7bae06237532e39f +M = b5bcd776bb2eb0805ade3c8b47e883962d3cbdf5 + +ModMul = 61d0ee0786963906a028a1df01f836841ab6d39d88ca2717c0 +A = 8e57680f213d088ff1a1e7db3 +B = afebecc9943b0093f87022940 +M = b6201f68a45265d7e9183c3255feb4c110c05dadbcb13881bb + +ModMul = 143ae78a29 +A = 334abb952a +B = 74203e7a50 +M = c9535a9505 + +ModMul = 897a2b57e69f5a1469ea +A = 1ec8ca0ea4fed52bdbbf +B = 3a6273cab05e478a57b8 +M = dcb33163a8ea42c1ae6d + +ModMul = 4a2c10e90e2d37111db79a44d3e31b +A = a90e7bbd63fc4af6de83029ee +B = cf09c3dd50b41afc7045e057b +M = 8ab85d47e4270116a64f97dc4f0f15 + +ModMul = 70f94276c9d85fd3f71edfaad6051456f754da85 +A = fa3e9ff6e1aa1fb78e51711cb +B = b115ed197c50b7ec4040ca255 +M = ad63f69ef1346e7549ba71c13b24b279f53bc9bd + +ModMul = 861e7ef401866f815b983ba18a612913ecc20a67016d79cfac +A = fc41a9ce06e882942f751be7a +B = 881c05a51d1ba8134d126a48e +M = b12200b39526c33b70e8aa23ebc400dea0d4d8fe42be103d5f + +ModMul = 4e0051898a +A = 2a06523f70 +B = 651b5044f0 +M = 9da4eb09b5 + +ModMul = cc8274c88d6affc3742f +A = 9ccf0133f9628532f4f6 +B = c1d80907057be7a67b01 +M = d6e76e362da831f32685 + +ModMul = 568f15bed5c4405be9dd04673a9c46 +A = dd6029c3196feb6da7f0f4a48 +B = a5f6745f2cb64913d1d3236d8 +M = f62f02c9b9ca8993e3be9a02b444bf + +ModMul = a629452d5ed19df040eca26eaca37d82c0fb1d8f +A = 963c51a9415b03e85ccb09f25 +B = b1cffe333afe44311cb968ffe +M = ab2128698d498e8d75455033cfbbf4487535773f + +ModMul = 814030123025d287aaa8b826792999d72f2d589e0c7f7f3dbf +A = c3b33f391e78bee97ceddf313 +B = a9136f3af450fdeb245eff425 +M = b6aa9c517eaecb70781e597b907583bbb569e970d229235a35 + +ModMul = 8735bd486d +A = 563e15c52a +B = 31293264e1 +M = 92f4b193df + +ModMul = a541f69ca163b288dd0e +A = a608b48c1dcaa18424b2 +B = 891b0b296e911068b00c +M = d4140921f4b2c84f1eb1 + +ModMul = adc1b7cf65967b013d046866b4ed9d +A = e97941448f65060cf63ecd486 +B = ca68936f76cb87a8fbdd37311 +M = ebbca2482fb82eeca2866057cf1179 + +ModMul = 44aa9f0dd58d4510a7364e130698b34eda23a632 +A = c11f83f01bb964ffac93a2e30 +B = e05ee40eea39f4538d735193d +M = b5e8b511738979dc740a6a1f7291cf4561787be7 + +ModMul = 8b16b82f064f471983c7154abc9f9ba355111bacb90400372a +A = acff8da571e1c96810bf95707 +B = cdd23e5504cc26d0c34a62b06 +M = f38902a99190ae0b5ef26849a6e943d651925666fea271fee7 + +ModMul = 193f453197 +A = 8cb3078675 +B = a8fb003a87 +M = b60ff22f4b + +ModMul = 849c26c8cf5cae426a80 +A = 5d1e3d2b4d038a0a34be +B = 34f70325565bf0523314 +M = cbc189f9a732cad8f425 + +ModMul = 9a4e64ff530c53a4c6c5b6b5021920 +A = f53b81723cf74f520a61e614e +B = 9d8ac2e6b839143fdd079a2ff +M = a115375435151798f3644bede9d863 + +ModMul = aac303a4623e80158af1cb3331965cc8e3184edd +A = cce0a88606ff962fdc37e72c9 +B = 9840a500a2051625c517104db +M = b99dafdbd91ec3c05791031df5e193c03d6a441d + +ModMul = a31401dfa761bbe82b66b5f094151865b18a4ba75bb9b3dedf +A = e6f48c027284856aaf3b96425 +B = b4c326f72a6a22fd4b93ba5b3 +M = e57d9608ac6e5b129b2c014958bfc59137f63838b1ba88a4ab + +ModMul = 8b0929adbf +A = 61fdf77ac0 +B = 8892f05400 +M = f12b3766eb + +ModMul = 91b57f353307b173679d +A = 33f8e73752072b4b5cfa +B = b4c730f79f4f2c07945d +M = d41be1d8d2e5753e3ae9 + +ModMul = af04c564adfeb120bc4770bc8c650c +A = af151333b3d4cd1d29fd801db +B = 9ccaac44ff91be11b30bdcdd0 +M = e0bd6e70d5f5ce08fbbfd48d43101f + +ModMul = 1b8d623796a5065d9e993a53a9587a0fdbea1bbd +A = a2fd08df2d4eab0cd6d29e213 +B = 92c9d26ae7c215b52199ee28b +M = cd529f4cfa46f3bd3e7fadf167fdc02f6f881da3 + +ModMul = 4a8573dd8dc50a4fa39f3579d3869745eb8c1153ca508deefd +A = 855f941d085305725da617f5d +B = 8f09b7d2c36e0340523da5421 +M = fd8caa05edeaa81beefa01957eed97a981ab34bdeb6d8c704b + +ModMul = 2d278e089 +A = 59d20a1716 +B = 8e2a58bc75 +M = b3d61ef699 + +ModMul = 2f937ce359d0f6cedd1 +A = 1019d11d26040ffd5b1d +B = 7cdb6252087423d43e08 +M = e8f537323004447e669f + +ModMul = 6567332e25af83089f7458786ab0ca +A = bf9565e9f8a098894447b58fb +B = fc867626f268c24cc0ab7bf8b +M = 930f39183353363dcd822933a438ef + +ModMul = 3692e73ad1d91ddc19cad3808eba2c5fc88e2bf9 +A = d0a42ce512629f0ffd233a9aa +B = 97f6d3c4c655c7353a62d6ac4 +M = eac2ea84851f880214b8f40f881a2e56a6ba6f2d + +ModMul = 81df390c9e51b30bd639db15adb464c7cb1d011cb5e260be58 +A = c237eb242c40960861c938c08 +B = ab2f481f0d768eebd90d2574b +M = 8697d7a28a5f42c9a7b31949b8b568f861142f44fe66c6cd3f + +ModMul = c952f9aef +A = 81973bbcb3 +B = 28ddee3bf7 +M = c4a40993c9 + +ModMul = 241dd53d93f7bdbbb2ee +A = 2136eda4495c45c9f96c +B = e74c4baa8ca3f6b7cd5b +M = fff4594e7a5f0a1d3e15 + +ModMul = 5f861ed8b0aa835761613e6c869cfd +A = bfc5c1572086079f5f5d18d1b +B = 95902e14923c8010b7e905178 +M = a819c6c109d623f9b845aa23712c9b + +ModMul = 5b8ab089c4e4c6804e48a2bc1d218718b3a32598 +A = fbe65d3852224a812c432672a +B = d57a3f38da966d2471d70a048 +M = b9e6a626d3ad026d14248fc90c882bedd64a1f13 + +ModMul = 761438baf5b02dc095b7040e082da7b167c2b9ace956284ed +A = fd91701ed2151f8e994bf4ee1 +B = 88b66e735b76972bccd9db182 +M = 8008b2d1274456aa68dc627b1ec3e1762c6ed2d660c64a1a55 + +ModMul = cb743c97a1 +A = 9c69ca9b60 +B = 7488f48f5 +M = d67040ed0d + +ModMul = 931b2bee1bc30725a31 +A = 650f567b544ce02303d4 +B = 5858da30dd1fae88a675 +M = 91ce30234bb29fb9e833 + +ModMul = 5b4f262cec958a20390b5e568ccdaf +A = f7e240e8a077e8e87506db2f1 +B = f8653fe64e3bd414782f51634 +M = fdb8225eefc1620648737d31dfe1f7 + +ModMul = 4c011d1ddfa30c901793cc6ce74db47584cebbd1 +A = eda8e9a9ea3cdae17bd50b1b4 +B = 992e8ef4a45593e4ceff67876 +M = 95e2f120cfcefbada1058af6c8853cbebedd5763 + +ModMul = 6e99aa5b8107399848cf24fbd88ed6350efb68d737e505b466 +A = ca6c51ba2f410d09bf71d60fe +B = 8bdfa8fe5ef3b2ad02bc63c4d +M = 84daecf412b8c50ad6dfdb546c3eb783dcc6f32003eda914bb + + +# These test vectors satisfy A ^ E = ModExp (mod M) and 0 <= ModExp < M. + +Title = ModExp tests + +# Regression test for carry propagation bug in sqr8x_reduction. +ModExp = 19324b647d967d644b3219 +A = 050505050505 +E = 02 +M = 414141414141414141414127414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001 + +ModExp = 208f8aa0 +A = 86b49 +E = 2 +M = 30d26ecb + +ModExp = 27308229 +A = 17591bb +E = 6 +M = 30d26ecb + +ModExp = 2bdf498f +A = 21292626 +E = d +M = 30d26ecb + +ModExp = 11317167 +A = 4a655df24 +E = 10 +M = 30d26ecb + +ModExp = 2e1b88e +A = da6b761a86 +E = 35 +M = 30d26ecb + +ModExp = 20a12ec3 +A = ea811 +E = 2 +M = 23bc042f + +ModExp = c42ced +A = 1011a6a +E = 4 +M = 23bc042f + +ModExp = 4637d79 +A = 28d9a601 +E = 8 +M = 23bc042f + +ModExp = 20e5669b +A = 72fe6bc20 +E = 11 +M = 23bc042f + +ModExp = 142ab9e3 +A = 9a07b9363c +E = 29 +M = 23bc042f + +ModExp = 14c64646 +A = 822df +E = 3 +M = 30915765 + +ModExp = 160e35a2 +A = 15ea542 +E = 5 +M = 30915765 + +ModExp = 2f23a488 +A = 34d2e02e +E = e +M = 30915765 + +ModExp = 28e67f93 +A = 636a32703 +E = 14 +M = 30915765 + +ModExp = 29bfeaa5 +A = c8646998e6 +E = 2c +M = 30915765 + +ModExp = 30959e22 +A = 81dad +E = 3 +M = 326dd68d + +ModExp = 1a1da4fa +A = 116adb9 +E = 5 +M = 326dd68d + +ModExp = 272bf0d8 +A = 2d21ef08 +E = 8 +M = 326dd68d + +ModExp = 29f5054b +A = 76989850a +E = 16 +M = 326dd68d + +ModExp = e6c7b77 +A = b88ee70d2a +E = 3e +M = 326dd68d + +ModExp = 369605e1 +A = cf26f +E = 2 +M = 3ce082eb + +ModExp = 168a3c5d +A = 1f82caf +E = 5 +M = 3ce082eb + +ModExp = 125c4bb8 +A = 2e9c4c07 +E = 9 +M = 3ce082eb + +ModExp = 1c5fe761 +A = 523ab37f1 +E = 14 +M = 3ce082eb + +ModExp = 21703009 +A = dc832165e8 +E = 20 +M = 3ce082eb + +ModExp = 1228d1e +A = a5555 +E = 3 +M = 24665b27 + +ModExp = 5226af4 +A = 1077bd6 +E = 4 +M = 24665b27 + +ModExp = 1b14eac1 +A = 2db3a834 +E = f +M = 24665b27 + +ModExp = 161727bc +A = 6bd962cb6 +E = 19 +M = 24665b27 + +ModExp = 10d61d0d +A = c10caed407 +E = 28 +M = 24665b27 + +ModExp = 233da406 +A = b125f +E = 3 +M = 33509981 + +ModExp = 24032799 +A = 1656b7c +E = 6 +M = 33509981 + +ModExp = 129ecebe +A = 2e671504 +E = a +M = 33509981 + +ModExp = 20c20bac +A = 4d7a2de44 +E = 1f +M = 33509981 + +ModExp = 2e3ce9d3 +A = c53b3def4d +E = 31 +M = 33509981 + +ModExp = 12fadfd6 +A = b4cf8 +E = 2 +M = 36e9d4ae + +ModExp = 457ac85 +A = 1b1c7e9 +E = 7 +M = 36e9d4ae + +ModExp = 31debef4 +A = 3a973028 +E = d +M = 36e9d4ae + +ModExp = 2333ad93 +A = 552b97c45 +E = 11 +M = 36e9d4ae + +ModExp = 99ba1fb +A = 8bfb949cbb +E = 28 +M = 36e9d4ae + +ModExp = 27b691de +A = 93492 +E = 3 +M = 298fdb16 + +ModExp = 3c2b70f +A = 14e7b0d +E = 4 +M = 298fdb16 + +ModExp = 1486cda7 +A = 29acff81 +E = c +M = 298fdb16 + +ModExp = 11725275 +A = 507489205 +E = 13 +M = 298fdb16 + +ModExp = 24d14627 +A = e71c55606d +E = 35 +M = 298fdb16 + +ModExp = 222b8d14 +A = 9b1a0 +E = 3 +M = 3db59d12 + +ModExp = 3b8bd47d +A = 13f4e8d +E = 7 +M = 3db59d12 + +ModExp = 17e72356 +A = 334774ce +E = a +M = 3db59d12 + +ModExp = 306447ca +A = 47079ddd2 +E = 12 +M = 3db59d12 + +ModExp = 90bef3b +A = a75d62616d +E = 37 +M = 3db59d12 + +ModExp = 1 +A = cddd44f47e84b3276cc36a5c0d742cc703e61c4756168601fbb1b6eb598c161019562344dd56ab6f603d920a12c360b285e6496a3605a2f8d691c3598233ee9366b5f2692554893bdeb67b7bdaf35ab7273ac593145e26bed82c70ba5793bf4bc5cac4c80b01785d1496beede493806e4f4aa89fd8d41de80dd6d0a3e2742678 +E = 0 +M = c95943186c7567fe8cd1bb4f07e7c659475fd9f38217571af20dfe7e4666d86286bc5b2bb013197f9b1c452c69a95bb7e450cf6e45d46e452282d5d2826978e06c52c7ca204869e8d1b1fac4911e3aef92c7b2d7551ebd8c6fe0365fad49e275cc2949a124385cadc4ace24671c4fe86a849de07c6fafacb312f55e9f3c79dcb + +ModExp = 0 +A = 0 +E = 8de689aef79eba6b20d7debb8d146541348df2f259dff6c3bfabf5517c8caf0473866a03ddbd03fc354bb00beda35e67f342d684896bf8dbb79238a6929692b1a87f58a2dcba596fe1a0514e3019baffe1b580fc810bd9774c00ab0f37af78619b30f273e3bfb95daac34e74566f84bb8809be7650dec75a20be61b4f904ed4e +M = c95943186c7567fe8cd1bb4f07e7c659475fd9f38217571af20dfe7e4666d86286bc5b2bb013197f9b1c452c69a95bb7e450cf6e45d46e452282d5d2826978e06c52c7ca204869e8d1b1fac4911e3aef92c7b2d7551ebd8c6fe0365fad49e275cc2949a124385cadc4ace24671c4fe86a849de07c6fafacb312f55e9f3c79dcb + +ModExp = 5150fb769d5c5d341aaf56639a7bcc77c415fe46439938a2190283409692f29cd080bfe3433005d98d24718a03a3553c8560c5e9c8ed0f53b8945eb18290e1c1a83d919302510f66dd89b58acc2de79ad54b8a30d3e1019d4d222556beefca0821b094ecf104b5e4cfce69d2d520d2abf54f3e393d25ed3d27e8c2e3ca2e5ff9 +A = ead8c5a451541c50cab74de530c89376d9a55c723e0cac3c84b25f0093c08a2961e49ab48966361c42c9f99111587252d98395b76788400d75c66ef208ea2767a28d6f8dc3a859f39c95765d57f139e7fc14f47c908c62df051e7216d379f52028843b4d82ef49133cce8fe671ae179423ac8da5be43b01caaf425cd969300cd +E = 8de689aef79eba6b20d7debb8d146541348df2f259dff6c3bfabf5517c8caf0473866a03ddbd03fc354bb00beda35e67f342d684896bf8dbb79238a6929692b1a87f58a2dcba596fe1a0514e3019baffe1b580fc810bd9774c00ab0f37af78619b30f273e3bfb95daac34e74566f84bb8809be7650dec75a20be61b4f904ed4e +M = c95943186c7567fe8cd1bb4f07e7c659475fd9f38217571af20dfe7e4666d86286bc5b2bb013197f9b1c452c69a95bb7e450cf6e45d46e452282d5d2826978e06c52c7ca204869e8d1b1fac4911e3aef92c7b2d7551ebd8c6fe0365fad49e275cc2949a124385cadc4ace24671c4fe86a849de07c6fafacb312f55e9f3c79dcb + +ModExp = 1 +A = 935561297d1d90255aef891e2e30aa09935409de3d4a5abc340ac9a9b7dce33e9f5ce407f3a67ec30e0dc30481070823f8542463e46828d9cafb672a506d6753688cbad3d2761079f770c726c0b957071a30876c4d448e884b647833befbcd6b582787bf769d63cf55e68c7b869a0b86374f8920516cf5d528f348b6057450a1 +E = 0 +M = dcc24236a1bb94c71d9ec162a6aa4697b932717e82b667cad08b6bd1bbcbddf7cd167b7458de2b0b780486b39574e749d6405f9ede774a021d6b547271523e9e84a6fdd3a98315607ccf93356f54daa9c75e1e311e1672d0dc163be13f9ed6762f7dd301f5b0a1bb2398b608f40ac357ae34fc8a87d4fef3b961cbdb806d9061 + +ModExp = 0 +A = 0 +E = bb552be12c02ae8b9e90c8beb5689ffefe3378d2c30f12a6d14496250ecce30317c642857535a741642c3df689a8d71a276d247ed482b07b50135357da6143ac2f5c74f6c739c5ff6ada21e1ab35439f6445a1019d6b607950bffb0357c6009a2bfc88cd7f4f883dc591d4eb45b1d787e85aba5c10ee4fe05ea47bf556aec94d +M = dcc24236a1bb94c71d9ec162a6aa4697b932717e82b667cad08b6bd1bbcbddf7cd167b7458de2b0b780486b39574e749d6405f9ede774a021d6b547271523e9e84a6fdd3a98315607ccf93356f54daa9c75e1e311e1672d0dc163be13f9ed6762f7dd301f5b0a1bb2398b608f40ac357ae34fc8a87d4fef3b961cbdb806d9061 + +ModExp = bbad67352704a6321809f742826bf3d1c31c0ad057bf81432abeb30dc9913c896c03e69eb1cde6b78ffcb320c4625bd38ef23a08d6c64dc86aec951b72d74b097e209ce63092959894614e3865a6153ec0ff6fda639e44071a33763f6b18edc1c22094c3f844f04a86d414c4cb618e9812991c61289360c7ba60f190f75038d0 +A = 855144760f2be2f2038d8ff628f03a902ae2e07736f2695ec980f84a1781665ab65e2b4e53d31856f431a32fd58d8a7727acee54cc54a62161b035c0293714ca294e2161ea4a48660bf084b885f504ad23ea338030460310bd19186be9030ab5136f09fe6a9223962bce385aaaf9c39fe6ed6d005fa96163fe15cdfa08fc914d +E = bb552be12c02ae8b9e90c8beb5689ffefe3378d2c30f12a6d14496250ecce30317c642857535a741642c3df689a8d71a276d247ed482b07b50135357da6143ac2f5c74f6c739c5ff6ada21e1ab35439f6445a1019d6b607950bffb0357c6009a2bfc88cd7f4f883dc591d4eb45b1d787e85aba5c10ee4fe05ea47bf556aec94d +M = dcc24236a1bb94c71d9ec162a6aa4697b932717e82b667cad08b6bd1bbcbddf7cd167b7458de2b0b780486b39574e749d6405f9ede774a021d6b547271523e9e84a6fdd3a98315607ccf93356f54daa9c75e1e311e1672d0dc163be13f9ed6762f7dd301f5b0a1bb2398b608f40ac357ae34fc8a87d4fef3b961cbdb806d9061 + +ModExp = 1 +A = 9d92629c1ab181c50c31619e8acd0d235a1f5fc7a0bef4d4fd54b4f1968d45921f8522efe88e69c6c14c576c564592b9feb00d1554b88b038934eaf4a8ce81a2582732387490181ef158360c8b2d9ccb326ffe043f776a50cb8202837f08ca743b562eefa007150ab7012c341b16248478d4775c02ad71ea13d5e82b71e2d600 +E = 0 +M = cd607549668469b792f495c141e500871880b0611c8004293a561ec7f9ab6561f8a9b90872742386adafb5cd1890e8204ae12aec529cca0a9e382c96439137f09de9973b12c8492c62847e107deabb7dd946ffbb9d0ac73b462c481092bd65326a17f21d8d6527c47a5dba50aaa20c7048b8788a49eb3ea5f29bd5cfce24eb3b + +ModExp = 0 +A = 0 +E = 9f43dcb641f3ecf4dbc97450f2bdf3b7ec6a2f3e8e96bb1df2bf34b8d2d78e1a9018d04d960ffd0e932cfc60d3b9b923e3f9f29b3f3d61cae3a9f7245078143475c7fcb896ff200f7d94c4f2708bb42750e37c185a31c876814e4f06a00771707654e1da2fb69c16b6500b16385e3b933e2276ad3569977473f699b1c7926c3b +M = cd607549668469b792f495c141e500871880b0611c8004293a561ec7f9ab6561f8a9b90872742386adafb5cd1890e8204ae12aec529cca0a9e382c96439137f09de9973b12c8492c62847e107deabb7dd946ffbb9d0ac73b462c481092bd65326a17f21d8d6527c47a5dba50aaa20c7048b8788a49eb3ea5f29bd5cfce24eb3b + +ModExp = 24eaead5b57883c2f454928f8edd470a344bfe07a953194f7d635d705ef13ddfc64140c8ad6f363d4c828e7c7891a6b6d4df37335de4552c319dafd1c06d1f743240082a3535df4da1475d3eea3fead20e40815fd5a0876c881c162ab65a1eda494280c258901ca953d1d039a998bf0e9aa09273bbef4865f3054663b72d75ff +A = a31618b4532f53729ba22efb2221432fab1dbb70853d6a1159b42fd19fc949965c709b209de106a652aa422d88922ce51dae47f7f6deaf0055202e13db79ee84fc3d3c6f4c003ef96597c49d6895fa53c22ac9e4819f7048146b5272f6279424fdb389819a0b251c823c76f4bebf4f1246de455aafe82a0d34454f5039e90839 +E = 9f43dcb641f3ecf4dbc97450f2bdf3b7ec6a2f3e8e96bb1df2bf34b8d2d78e1a9018d04d960ffd0e932cfc60d3b9b923e3f9f29b3f3d61cae3a9f7245078143475c7fcb896ff200f7d94c4f2708bb42750e37c185a31c876814e4f06a00771707654e1da2fb69c16b6500b16385e3b933e2276ad3569977473f699b1c7926c3b +M = cd607549668469b792f495c141e500871880b0611c8004293a561ec7f9ab6561f8a9b90872742386adafb5cd1890e8204ae12aec529cca0a9e382c96439137f09de9973b12c8492c62847e107deabb7dd946ffbb9d0ac73b462c481092bd65326a17f21d8d6527c47a5dba50aaa20c7048b8788a49eb3ea5f29bd5cfce24eb3b + +ModExp = 1 +A = a8558e7f455b27c0c46d7d0862eb409cdefbeca945e0284b5bf425b7ac0f3d316bc365594cc1639decffc621214d61479bc75135120d4ac09ea8b742ad7ec1822091b62b1c6f564fe5e2f4f5b7def92cbaaa9a898549207ab01b91c2324fbd306a87f7d6379b6fb6493c5fca76729767f136120da9c90bdc7d364f7d242d5acc +E = 0 +M = 88f3c87ac5e3272a21b8a858da640d6939fb8113a95412c38663a0f352686d69a5d7927e60b484b9fcb8ef12978fe25ff2ebc9b61c5450e04222ef20ba3cbbdc5ec45581ce0f58e10be7bb9de7fa08752303a7a1db23b2ac9c6692ec63bf09ecd6639e06c5491ba568ea886620d71da32d329615f0e1443a75d09ae35b8a2d7f + +ModExp = 0 +A = 0 +E = a5524b41dfc6b570df1d8f6633ac7777c1131abe3a99c6166b0d29d3b8883c41b00a0c53cdd6f42820bf05c810b6ec53e77a8c1b9344ea0c91d4f410a2f204c369f3db33bf8c88217fc2cf802a9d9bce8119242d8e781875b85431be170076498c0963574ee423551aec9557e2fc672ab1ab5d0cbb1c400535df9481e7934d8f +M = 88f3c87ac5e3272a21b8a858da640d6939fb8113a95412c38663a0f352686d69a5d7927e60b484b9fcb8ef12978fe25ff2ebc9b61c5450e04222ef20ba3cbbdc5ec45581ce0f58e10be7bb9de7fa08752303a7a1db23b2ac9c6692ec63bf09ecd6639e06c5491ba568ea886620d71da32d329615f0e1443a75d09ae35b8a2d7f + +ModExp = 292f0b39ca0f1c850b1a00cffd2d54924fcd5fc7e7504c9d593e6c0ff74760b1f4bdd81679fe06c50248336f3108c593fa111072ee87d0fcc89a63243a1dc89044503663eee9bc18f51c3e0193d9108303e12ac90ff78f6ec752a4386af09c42db524a7cbe9a3d4fcccd56c34d283bcc9debc17158b5fe8df0c1888a9841bf8f +A = b4fde2908745ff92cc5826a27dcfdda09e8fffee681844fa4c7f1354d946d5d84e0e0c7a4a4cb20943d9c73dd707ca47d796945d6f6b55933b615e2c522f5dfc33e0652917b4809bab86f4fa56b32b746c177764895492d0a6a699812b2827fe701d40ef7effd78ea8efe1cac15ff74a295a09614bf04cae1a5017872ba22efe +E = a5524b41dfc6b570df1d8f6633ac7777c1131abe3a99c6166b0d29d3b8883c41b00a0c53cdd6f42820bf05c810b6ec53e77a8c1b9344ea0c91d4f410a2f204c369f3db33bf8c88217fc2cf802a9d9bce8119242d8e781875b85431be170076498c0963574ee423551aec9557e2fc672ab1ab5d0cbb1c400535df9481e7934d8f +M = 88f3c87ac5e3272a21b8a858da640d6939fb8113a95412c38663a0f352686d69a5d7927e60b484b9fcb8ef12978fe25ff2ebc9b61c5450e04222ef20ba3cbbdc5ec45581ce0f58e10be7bb9de7fa08752303a7a1db23b2ac9c6692ec63bf09ecd6639e06c5491ba568ea886620d71da32d329615f0e1443a75d09ae35b8a2d7f + +ModExp = 1 +A = e2845c572b46496ac158a731f612fd40ef626fa7134755c25b1b7614f4d7b29164e6142ddb7985e4c7ebc575855ff901e95927fe98a5aea2ad3a4720c75782323bea1518b2c57790f44efd9411be4e95b3896bad1e73c59658290b309e5a7eb5ef8be08125063e57336b80f17eacee88966d12bbaaa15a25929c82e027cf696f +E = 0 +M = cf0dee80177869a532f0c6c3a0bda3aad79bdb6b70b6c227b32d75c26e394a90c1f2a6c2bb841ba9f6556b15654a79d8b1dd0c90709a093497bf40be0807cdbb378a74de5893c25067224d3ea8d37387ed6c4a981138853cb89caa9ce6cd0f6a1e95de24d558e90960f93844db4d01e372650350d45a9d34a36042b4d4b9e78d + +ModExp = 0 +A = 0 +E = a55703a72ca3f6074b939ed3d748196a684a3c8e411c2b39a9beb98993b6eb7ea3fa16f41bc5b5c3710b91c0fc74a8072793052f872f61695db3a2df872eaa427a110f1a8d568c85d58bd350d0df8eced7a10be80f7567360c1a8047b9c44aa2967cd0d9dd2caea2c1492358c2db4f0214da343fdf2e34272865dc5c63be2ae4 +M = cf0dee80177869a532f0c6c3a0bda3aad79bdb6b70b6c227b32d75c26e394a90c1f2a6c2bb841ba9f6556b15654a79d8b1dd0c90709a093497bf40be0807cdbb378a74de5893c25067224d3ea8d37387ed6c4a981138853cb89caa9ce6cd0f6a1e95de24d558e90960f93844db4d01e372650350d45a9d34a36042b4d4b9e78d + +ModExp = c90e4c69df92e26549b016950b59080947f5403430698e128477782480dd70be96bed2b9042dd8c708eb432e02710555b97af11ce6fa9b53395022851c32d1f53f04237fb0763563b440ca6e81a50d909d907d9c26b7d3c420dbf88f7dadd488666848135f8cdc608dcfb0691989289fb54379c2e84c262f9765f68c012ca1b9 +A = 882ea1b9b6c79a3b1bdfd284658cb6227ad825e0178cab713c7413c2ec34f03cfaec470c4f5c521f5e9899a2123878ff0f5b36a4196c08ad1b04d03746c4bfb5d126f5eefbfe172627d6732710a8ac8890cedbd4fdef69a19f2b3253a5aa0e5dd5484f72d59b17bdd1dad3db209a3ab839368ed3975069685911d7b35e41a9e6 +E = a55703a72ca3f6074b939ed3d748196a684a3c8e411c2b39a9beb98993b6eb7ea3fa16f41bc5b5c3710b91c0fc74a8072793052f872f61695db3a2df872eaa427a110f1a8d568c85d58bd350d0df8eced7a10be80f7567360c1a8047b9c44aa2967cd0d9dd2caea2c1492358c2db4f0214da343fdf2e34272865dc5c63be2ae4 +M = cf0dee80177869a532f0c6c3a0bda3aad79bdb6b70b6c227b32d75c26e394a90c1f2a6c2bb841ba9f6556b15654a79d8b1dd0c90709a093497bf40be0807cdbb378a74de5893c25067224d3ea8d37387ed6c4a981138853cb89caa9ce6cd0f6a1e95de24d558e90960f93844db4d01e372650350d45a9d34a36042b4d4b9e78d + +ModExp = 1 +A = d7a99e65b8af86b1c51d851f0447e43cd4f343cb0ada7236283e69aa7ebd383826acc9809e5dbc4002d0f2430022cb026458189db3805ce2de1142a31ba71a6c064ab51f0059eb4b931b8bcbaef023c38d57aa5f3e14f5df77e547fc028702071b58bd57338be1e1e4f98d3553484e4de359cefa29c5f58d3fa5d823f389dbef +E = 0 +M = 8315dacf124bd473c578946347e83d1b20c750a7d9533d6215591be40bc78bcca77821f8c8f95375bbd6372515ada63d22bed2fa49bd6fabb0040c538d08db25b09d2fda02a93ab086cd1c27df93c37ee9c6a0527d089179b8f92b5dc3acf5ef1c75906fb80b03f5c2442a7a4088640f66376575ecfa4c697c1a571397ee5a0d + +ModExp = 0 +A = 0 +E = 95793fe33696f53e37498b2b65aaf27079e27acf1da97dda2c3e0803e8a02139f574e04ee03f7d1ddd029f528e3f3644515ad6f10f0beac2767f23d9cd8a8b9b6c6e376e36b64a0ae2711d7d31a5a75011641935b503110edbefe9f0ff2da27b5c5f6bb8cc151fdc86f67191bb99160c6cacc86ca368d5bdfafd3f3ff5161b1e +M = 8315dacf124bd473c578946347e83d1b20c750a7d9533d6215591be40bc78bcca77821f8c8f95375bbd6372515ada63d22bed2fa49bd6fabb0040c538d08db25b09d2fda02a93ab086cd1c27df93c37ee9c6a0527d089179b8f92b5dc3acf5ef1c75906fb80b03f5c2442a7a4088640f66376575ecfa4c697c1a571397ee5a0d + +ModExp = 186c50ae259aa0fd31859cbcfea534e626a254de33956d5d719334bb32e7cf37cf199a21f079a5b90497228994d05efe19ccd8c769cd81f896286e8ae557cacd1630a928c629ecdfece29ab3697794aa707734e007318fa7029b050bb09ebbe6986187c6ca843f55266d275620b3f0fec0ad5f847ce8b314d929d128b33a249e +A = 9d5e345793faddca9867f23eeddf6816c1e837f7a2cf96fa077212514acb6be87ac01a237d8f2f1d07d27a8ddd1b0ae0d97e1bda4f205a89435017284cdedea3e407b1b940d6f52112b6359b3e86e4c83074b17c210ae2c8856b42b169b4a7a6dfa65b368a7959496cf9bb1ee93d019dbd79101830e3f5ed08604ab90890b914 +E = 95793fe33696f53e37498b2b65aaf27079e27acf1da97dda2c3e0803e8a02139f574e04ee03f7d1ddd029f528e3f3644515ad6f10f0beac2767f23d9cd8a8b9b6c6e376e36b64a0ae2711d7d31a5a75011641935b503110edbefe9f0ff2da27b5c5f6bb8cc151fdc86f67191bb99160c6cacc86ca368d5bdfafd3f3ff5161b1e +M = 8315dacf124bd473c578946347e83d1b20c750a7d9533d6215591be40bc78bcca77821f8c8f95375bbd6372515ada63d22bed2fa49bd6fabb0040c538d08db25b09d2fda02a93ab086cd1c27df93c37ee9c6a0527d089179b8f92b5dc3acf5ef1c75906fb80b03f5c2442a7a4088640f66376575ecfa4c697c1a571397ee5a0d + +ModExp = 1 +A = e6a079bdf7b0638d50b183475e9ddfd5cbdebfb29f5fae8e9be402a0bd36085737b556492ea7fb4b1000ae9ce59db66098129b757cfb29224275fdaa46b8b7eb18a93ca7d3e446dc38c734b683d7ba7927b008d993aab01f44239d3c76be76d1503908e9b5e73b36c43ae0771368b01f39c042693bd92c4fc50810f059e1b332 +E = 0 +M = 81dd561d5d5327fc5ed7c9236b5fb21ef713c6d5e36264ba65ccc801b8eb107b714aad65bb503bb1f4721c0a6f97e5ab89300f049f42a4616ae43d29c089c286687484d18629c1be1b5befbdd0b3cfc86b1d28add89df4cc5e68dac3f56f2490a9068ca9c634ec258c030ec5023baa9133fd2af32fd1112895f9da549d410247 + +ModExp = 0 +A = 0 +E = f0460c5ca9b3a5c2d1b93c201d020dc43e1c81d1daba432e2cd310902da23eb81a5172b0b357484eb8fa2c04c270893b8198c8ad35453405dadaf05195b3aeb5ec0ccacecb4b6227ca43b27b97e240a4148a472670ed60f304302f757495fd4a91af0fe09800db0c3043a6ae213bee6703ad80523ca433d99ca0eab1e0b7c929 +M = 81dd561d5d5327fc5ed7c9236b5fb21ef713c6d5e36264ba65ccc801b8eb107b714aad65bb503bb1f4721c0a6f97e5ab89300f049f42a4616ae43d29c089c286687484d18629c1be1b5befbdd0b3cfc86b1d28add89df4cc5e68dac3f56f2490a9068ca9c634ec258c030ec5023baa9133fd2af32fd1112895f9da549d410247 + +ModExp = 60719701a2dc0bcde281a93ce0b8421d1a718adee43c1b5d9fe9e697a48ab3db4f9f33c73cff305ab6b6c300c149b05c6b289dce4580860dc56bc59de81ac074ecebdc65aa3ca040b44e5b3c80ddba1658d78b9abbc4c77e5f171f5582e70ab4438a8e1e2f062d618c4ad09c70c73b5b5fbc9f8f0bbdf1d530a933b705f85af8 +A = e1b400cd3b1f2f1c6b437adfdb970d2c8108f1b39bdbb13582179552011c6c97cba6bff2c463212b7f62776aa3e3aff9f175990e79395e819c144350b0a23d61638d500ecc97726b098e1af334aece23a851c718612442c04eb7b3805a24cc8f5b90042145eb5e5d6a408092832b6bbeb8a621419a9282fb5c075f41c7f1fdc1 +E = f0460c5ca9b3a5c2d1b93c201d020dc43e1c81d1daba432e2cd310902da23eb81a5172b0b357484eb8fa2c04c270893b8198c8ad35453405dadaf05195b3aeb5ec0ccacecb4b6227ca43b27b97e240a4148a472670ed60f304302f757495fd4a91af0fe09800db0c3043a6ae213bee6703ad80523ca433d99ca0eab1e0b7c929 +M = 81dd561d5d5327fc5ed7c9236b5fb21ef713c6d5e36264ba65ccc801b8eb107b714aad65bb503bb1f4721c0a6f97e5ab89300f049f42a4616ae43d29c089c286687484d18629c1be1b5befbdd0b3cfc86b1d28add89df4cc5e68dac3f56f2490a9068ca9c634ec258c030ec5023baa9133fd2af32fd1112895f9da549d410247 + +ModExp = 1 +A = 9dd1e6f2d3ff24096b54e0ebf0f10e283e484a1cbafc0431adda1296ed97692f3ba99440fd4f67c96dd8bab850e1123361c99362df9ea205ff8e90d1b329459f54730992d5a360e46fcc5f5a909e691abb9a06613d6991bd7c2aa609f0d7b441d7ded0c07b8c394327672d38a905efb2d76aa3be5bb14d0c002aa37e287aee79 +E = 0 +M = fda6f9d8588e3614f5a68ce867a5619f6ddbb8d64450ff402e1c4f1a08b518f79dca21e5983c207c5b7324c16895a1e9f1282fc6cf60b0645f6b02b652ed5b129e67c939e854ab492dec30ea878c3edde10a4b7d1d14c57100c6cbcc5fc085a0d7308715ed132fb917251919c727487fedb66500d5610b0014a43419acfbb92f + +ModExp = 0 +A = 0 +E = 8622c37631e428402343dccf8ed09d47b3f4201e95058910289a62707c3ce0b7113c390056cc4796cc9893e471b12cb3f63f900f3356ffd25c8b2fed6f6a7fba2c684eb241ca706c76cecbf72473d8a58c02338e40714b5610465cc319f0a529a7aa3898d9e638b247abd1380c6e8f7fa210c9f1a1a2164db6db83a6bba79436 +M = fda6f9d8588e3614f5a68ce867a5619f6ddbb8d64450ff402e1c4f1a08b518f79dca21e5983c207c5b7324c16895a1e9f1282fc6cf60b0645f6b02b652ed5b129e67c939e854ab492dec30ea878c3edde10a4b7d1d14c57100c6cbcc5fc085a0d7308715ed132fb917251919c727487fedb66500d5610b0014a43419acfbb92f + +ModExp = 86fb0b8dc161c41de2adb0f3ddcc8ad49c1efd729a52793a3ac987d4011c9c1dadb18657dca718df75c8ddcc49d60f152c46ab85ae9076ee7bfd405679a7da3a5195a1bbfd7d2b998c7b135ea91f8c445cbafe1276fa502c2a85477716829a2e0d24ba02623405a3654bed8f355bc7ccdb67c3f9a01e249e358b60d7699498a9 +A = 816610e6018ca47074d55750dd16a281019dbf95dc752605794cbb8ea8d75775317ce685737859728320b529fb3b4414b40bf3a93d08d8994a21ae54682cc1c357eb529837a7b0129a0843eebd9341c9bee3a8ae30475bdbff517e885a0c9f2b6a680643bd981efb53bf9dd49f3dc3cb757e117895fb34b1b4336d9bf8384558 +E = 8622c37631e428402343dccf8ed09d47b3f4201e95058910289a62707c3ce0b7113c390056cc4796cc9893e471b12cb3f63f900f3356ffd25c8b2fed6f6a7fba2c684eb241ca706c76cecbf72473d8a58c02338e40714b5610465cc319f0a529a7aa3898d9e638b247abd1380c6e8f7fa210c9f1a1a2164db6db83a6bba79436 +M = fda6f9d8588e3614f5a68ce867a5619f6ddbb8d64450ff402e1c4f1a08b518f79dca21e5983c207c5b7324c16895a1e9f1282fc6cf60b0645f6b02b652ed5b129e67c939e854ab492dec30ea878c3edde10a4b7d1d14c57100c6cbcc5fc085a0d7308715ed132fb917251919c727487fedb66500d5610b0014a43419acfbb92f + +ModExp = 1 +A = 9edfce4691f46eadaa2043c7b1092b831ed50f3429f0bca02f985c0b77c686d951be84d772ae4b55f08935bed6e3206c8441574f215736b5c1c1b7595b3b789b55cf56db83741b10144d6767ba2b97b23a5e83504c60e06ab22834b0145655aa0463108317a379cbfc8a93de8a66925a999b8b02bf88dd85fb9898cefe9c95c8 +E = 0 +M = dcb68f6aa530ae9b31d078e2e82670adcc98228e7cf1aa59f81e66426ef14b1591b833d889463564c75b5fd5551ea295a0da581dd80f62c7008ff0f26a1c9f4f756431d48198af157149be8698336b306b0a8b8635d3fc2c4c2194ecc4d2af31ca1892917cc2e621d702eaaeed0d9a0c3dca575451eb8bc5487e313988cae745 + +ModExp = 0 +A = 0 +E = a3be10ef04535fca6784e5dbf3733d677dedd50fabbc3a860496628950b4747a328c2ce0d903cbe1e700f0af30f59fb917202257815097a2b516df5d0a82642faeffdfc3b7883766c78fc4be5901ebef891a9ca27f3bcf00960729e659bb3fddd54a19ce628e95ab86e4c7a168588bc9f67b05dd21a583acd8dc36e615945648 +M = dcb68f6aa530ae9b31d078e2e82670adcc98228e7cf1aa59f81e66426ef14b1591b833d889463564c75b5fd5551ea295a0da581dd80f62c7008ff0f26a1c9f4f756431d48198af157149be8698336b306b0a8b8635d3fc2c4c2194ecc4d2af31ca1892917cc2e621d702eaaeed0d9a0c3dca575451eb8bc5487e313988cae745 + +ModExp = 442866609915aa6f1bae9dfb59e721e1b63f42c0f75fbf0a88344120fbbd7aacf15208fb7c9d8bb8477d553cbd826d7e685ad764a8423e81c2131c040ee83a03cab8d5ce50866a941b48c78e9f1330794d908562d4141cfbf26e8c80c69551339eec41e37e2b37b54330f7bd75748f8d26d56ab9eb3b0c127540484c6445a7fa +A = 8ff65e2cbcbcd8697cc3ce9a26855d6422ac7eb4e66500648c08be697e005cc3c854a54cfab91d43489cd60be8b516a9b3c9688e5e009a1689c6b164a133859a5464ef422c86344fef42cc477c9df27768377c126a066d1b62f593b7f6d6e906feaee16addb7cfbfc043d741b7dc81a87c17f167b7b8ef1b1fb3dfd1eb14102d +E = a3be10ef04535fca6784e5dbf3733d677dedd50fabbc3a860496628950b4747a328c2ce0d903cbe1e700f0af30f59fb917202257815097a2b516df5d0a82642faeffdfc3b7883766c78fc4be5901ebef891a9ca27f3bcf00960729e659bb3fddd54a19ce628e95ab86e4c7a168588bc9f67b05dd21a583acd8dc36e615945648 +M = dcb68f6aa530ae9b31d078e2e82670adcc98228e7cf1aa59f81e66426ef14b1591b833d889463564c75b5fd5551ea295a0da581dd80f62c7008ff0f26a1c9f4f756431d48198af157149be8698336b306b0a8b8635d3fc2c4c2194ecc4d2af31ca1892917cc2e621d702eaaeed0d9a0c3dca575451eb8bc5487e313988cae745 + +ModExp = 1 +A = fe9f77f7d0475e00ec964c0effb9b8e079c32e376ce77a9c40ce4018c3df44a77b4f294d9565502b2b79accb30cb58dda6d15e1543b6d4a53296543ed11c7f51baab60283ef03fae37dfeacb431392487ec2839551a933895c4dbf18844f7b375d3e6f558d3c39993cea1bbf7fb743a6a07bd3753c03eb7298811476d7f3ff1d +E = 0 +M = e7a96cf6fa930f73c8bdc2726bbba246001a9d27f39cc2b978c99dc6f15af0e8aaf26b565302f1112e607e2df4066948baba931b89cd9bbdea2072e05b9a4968fdf282c43d997987c3a3a0434e925a679ac81f316b7a7b724b79be3d6888b66f4512759bf66cfaaa88b9513dd27a44aaea75437268a014c4eb50ba2e50093511 + +ModExp = 0 +A = 0 +E = a0bc148ed50a9b54036bb8fa1f214979052ebd47db8b347af3bb03b806bb457b468ba34781f8a25f289a7a90af4903dc14809a166df2f4c3527de2ea6911cb1afb9071a4afbb522a7d50634d66fd584c73f32d05217dc9f7f16394c68a692a953492ca85f89cc11da95fd8cac6231647923ced48a1b3b0ee68c010286d452836 +M = e7a96cf6fa930f73c8bdc2726bbba246001a9d27f39cc2b978c99dc6f15af0e8aaf26b565302f1112e607e2df4066948baba931b89cd9bbdea2072e05b9a4968fdf282c43d997987c3a3a0434e925a679ac81f316b7a7b724b79be3d6888b66f4512759bf66cfaaa88b9513dd27a44aaea75437268a014c4eb50ba2e50093511 + +ModExp = 91fd879d02f95a9f40fcd1037726f73892caf84e9b43b4aa4126d9062a0d22c464e7af2fbd91aa849612d99d9519b724a7fb1cb018fffdcff321d883ab2519953c9f174f09dd8f13ac87339887385966eb4a94842276637b2c36c0a5036b1d3bbea438bc6efd4b4851c7ec06879d60694df894717569bcd31c4b13d80df6cbca +A = cdec5edc1cb3ea974342b85aabc0f9385cf877ca328747d40dd4d297623ad69ab6582653faeed5aef225208305135cfbee32e066cb43e18afacea3a32acc8aabbc49617ac33e741651924ae56dd6aa044a12a1ea50fef573b5befb2f4b21b9cf83ab2aaa6fd153580a0761666ade8fb94f202a3c3dc4f33297eabb4564374168 +E = a0bc148ed50a9b54036bb8fa1f214979052ebd47db8b347af3bb03b806bb457b468ba34781f8a25f289a7a90af4903dc14809a166df2f4c3527de2ea6911cb1afb9071a4afbb522a7d50634d66fd584c73f32d05217dc9f7f16394c68a692a953492ca85f89cc11da95fd8cac6231647923ced48a1b3b0ee68c010286d452836 +M = e7a96cf6fa930f73c8bdc2726bbba246001a9d27f39cc2b978c99dc6f15af0e8aaf26b565302f1112e607e2df4066948baba931b89cd9bbdea2072e05b9a4968fdf282c43d997987c3a3a0434e925a679ac81f316b7a7b724b79be3d6888b66f4512759bf66cfaaa88b9513dd27a44aaea75437268a014c4eb50ba2e50093511 + +# Craft inputs whose Montgomery representation is 1, i.e., shorter than M, in +# order to test the const time precomputation scattering/gathering. + +ModExp = 9442d2eca2905ad796383947b14ddfcc341f5be8fec079135c36f6f0d9b8b2212f43e08bf29c46167ff0fe16b247cd365df4417d96cc31c94db1cf44b73b0ee3ebcc4920d9b0d003b68e49c1df91e61bc7758a8a1d2d6192ff4e1590b1a792f8be3a1b83db3ad9667d14398d873faf5d885ec3a2bef955026fae6dbf64daea2b +A = 3a4b4c57e62c5e9d1a9065191f8268fed9d5f6f424d071acef66f0662b8210f4c029ed991512e40c9c912043c816d2c4c5b53fa0e5c253e16808aad4225130dafbbb89fd4f30cdfc1c2f2179b636a7ddc4be579795820b4b9377637bd8a21a0ef5a90d0e0f865321eee23d9be2a3b7320b4012d02941b892df2c40bdc85c1898 +E = a2c56ea1362511cac0301918e15a9afe7d37edd438a5c3538d258ea01f0a6df758de07111e868b3ad8fc89b629b4955d78a1b3af902be1806410ddde25ccc6a196ba5949395c1ad5d8725b18815dc1cd5ac1c7dd17773f571e3f2e628255af14476e0494be23a4a4dfd18e23142f33d7a59c236fec61660e360d9676a747c69f +M = ede35a3a7afac817d413373a2032abbc067b1493f709ae6e1282ee5469743391d891b904938857168802b7872d3cd7ac18ab249a9e540a86f970b1d0f310a4cc29df1cc9d4063d98c554f1a32f4ca5eba3523cdfb142e0fc609907c7a92bb0187009d97ec471db3545f42dd5fd29c07b7816085d09477ba31fcf90084660116d + +ModExp = a7f5844fa9e7202d4b70ee252c9846e63d3d091b0387768ded872cec53458e19df0d9b4960226e269b8ca5dd4c4eda423a67b6dbb48235c08c12c6c7c78db47287756d3ed9cecb9232f7d18d5d80b9676cb68ba4a290c97e220beb1a069976b5e6022a4c1e5ddbeec86b62dda24ffea1deda37695c9f61a8817218e6370c0679 +A = 7d6d0cc947ceb949cdc4e9e1044f5deca5bb05a491041e0d85bc4b92a0944a57c72845fad91e59010c61ad1712bd2f612d53a846a044632262a9f2e3373b062fde2484e0c165ff947f2469f743ab6e2e5e13c640fc4029b1c9213eb8473c674e7f9e95a4a5c5636d4656c1e696962340d77b322daba47d6fc894f2a2cd9e0afc +E = b78012afe806e2344d004c739c97324256850980ac97d88c4ed9a838517639ca112e235978d21a176c33f5a68703aba0f2a05501bbe3fc8d49a000fbf530cdb431581dfaf8683cb15a2aee5e239cbc542827100da3b47babf4a16ca7c588aff9912e674abb449e0b767a15e415f4e7f2bbd6380d7131da3df8d49b13bfd35ce3 +M = b72d5c55bd2998472f1965e75a51be6155c1ba04656da8f66bcb34db36a7b1db66a89d1d05b1bde10206acf85be7b474ab689220faf1bb52ab39d8dc00512dd4e26df1179c11b973e1274db85a88c7cc2a17113abdffe58cb930ddc5f3ccc4d68b4e65c913730509f7ce5656e8bbaba9b1be177ab9f766678f018fea05da9cdf + +ModExp = 465ff295786a88496828fdc763e9292d557957544e9322b7996807b87fdbfa7a11614bffeec557ca831c4824c8e4ca3b1a1c7f3f4f95ec3fd6a86b73bb13d78b73af2b3c7e76954d0cc03bcb0cd606867ebb3765a8b3d0108cbe4f343a14016be9c33f6d200f0dc547e7d6b02bfab1e79dcdf9c9835a814cc6c855a12ebeb66d +A = 89ad02bea3e9ab839a6e23f20122409daba52c68e1e893034b30d321c0305434a6af940015e3fa5ca9c35230da34beeb1ed4fbce6c1da3a8bfe3f3ae172276c1d1723b47ee61e6f8fcfdafad102d6f7ee2a79f510c7edb93096205a40a6c9e665b88b18f39a979e2e61286d939952a6f02fe8148b7515bb25f4252337cb6e60d +E = cbd6ac628cc7afa3c61bee9c22a06a395087ec1811fe9681b55216700c435996c815e7cec8aaa90016dd2382d0306a5414630124e14f3d396a4ba02ee17851bf720f1607ff813e4bbddf01338983db12f59bd6371a738eee3eeb716f21051d6174d2d6c77602942b9edaac18d4b3a723096c0d00dd23a8a605c585022f311560 +M = fa7a3e40364c8a8d0f14f0213a3f3e035222ca0ea19d46d10ba41580e5dd2805c8a133f3856d7d5d97f922ea540e5eb0d10ad04dfdbb74f518f58da0099a6fc2b3f3def92985176e07fc78aff2faebccca10a429794e5f15ff92f75fe90f527c60ddea8093a9078c703c372ca09f7aeb27ade02f3595308c61dd9c44e62fd101 + +ModExp = cf08bf00261402102e9fe03f3074471dcf0e9b3c96d4d1503f099f24ec85e1901b023e9e048c1ad042244f5f70b38b25a99f4c0a7b57d5844bb0d0137367f45f4ce2cc7746105b77414768cb97648dc5721149aed2d4c682408cc0d50d26dd0bd77e848911f8625c727cac5f32e63bcb548f41a57d718d772f23983a42f603bd +A = a419646a6631c2c69b18f7aa65011825eb31692eecaee9d74f92d92203811b68e9764bda31a1585bdf69b6273fc6f9f508c395ac081336506525dad88473512f08a205621ac8b16e9864c7a7c5a4f17435de00d0b32badec6ce4897e3e1076c562b6d9523f63d0b2079eaa416cb090471657763f24931d955d1fa2720c80a9c9 +E = d5a6f4a1842aaee39805356dc8d0d678ee03b2c81277345beccb2742f899132feb43271f95968a01ae68aa8277201851992dc0aa7a71c90aae71b124d873ee264ea400fb131be0fc6c4ce8c04c45f6bdaca89ac743635caf6158983d257e21cef6800d7f990e912ba21bbfb8fb779afa4abd19e07e7e07eee9908493d1ca502c +M = e739689b6cc6def1d45fb1a2ab551643beeb303f4aaa4da47ee5e4948510f8445b4c40e99ae8354dede60b2ba6694e93bc4d573b7e8adf871b7a9a9636eb7d70f2e49328e2d7978143b177cee8374ef01bd1ee2d95862765883f5e7971668b53ef0ff41b6539faf63c397522b0bdce916388e72e26c8d3d2e58dadeb9eb5d479 + +ModExp = 827e6312ec3b14600203bb83f5b277ded197b2967363630ef673240df05edd3ba8ab2b11c86251a612206569c6c33952b31e264f129909bfe723bd0ee1624b36cfcfaa893a6ec8b5a1f7de79f83e79b459a3350f89f412ad1cfd6bc4c2a7a29272c783d6ecceeb1398fa17041835643f4debef9b5e87b098d104bb8912dddf7c +A = b8e49c637829021d32db3a39a0c1e58cdd4c6e4eda7e8e9293be379e9c2e2d184f929d278598a81ae231cfedcf69cce4a6e31cda3c8ac14d753a7311f2436e29795f0dfb60259a0f61a997918ff984aa2284b43a9d64c974059e9682adfffd018305835f74eda8c75fe4877d811c1620f654ec9f7f32d1af5ce59115e2f41785 +E = 80e0febf369d234bf1aaad4f82df2e2ff02882c3184781f6ccdf4f7cd93b6887af86830077c84dfb02109ada05b40970b1c65228b0c19030bd6361c3537fee22a8155c03b4e7007ca006c6daa3659518d05bb81ea0079456d0ef6116df248dffdb0c935f321f5a1034deefd5a9414a0652aa6548de33325b474b9e5a8507a082 +M = d5eb1d14af842a9973274f7463d90cf0ccff19c47d710edbae184478d4f29b02693ed7958bd487054327b9e6d8879e24c9af7730b92f323eeac05558da6c1b952e5dbf13de236050a77628bb5325fe0d14cc5773bf73338759d5ab43c212b414581280f1cee250007e53791b800b61c90de0328acd7bc43fbdda48158939392d + +ModExp = 4a1efd29c7e78549f5cd4deed1454b37462c7810ee6a8a2493b764dfa479be13b314cf9ff98259517d61865567ef499a511630c0038c97914625df181c6fe07892f329f98b344a78d751e9471483eebaa7977371bf97bb25187ae7e93a9227d6c124ccb4644423c961a11ae59c4354f89d5a95164c23d9aa256e289e9cc0858e +A = bd86c9211fa6a47a06e5016c46cb8a99e34a043a29e22f8c3196fa7197c26b38927b8d9bc0ddc11a5fa4bcc44deb69dbf37cbe7ebc9a2fad6c74e09ab5a9dd929fa04ab4319b6caad1035739be78ba631fb0748d9e53944836d37ccda6e6a62823c696d8f31139ccd7f2f86b22fa026ecf433cfb1271a3539ac4f1c83aaac059 +E = c40b9972006d28a84c2769a86e526a2b274f73afc7c5c6a2742166757f61b5f5fdbb228afa157af62af989ffe966f232bba9e6beef5403d1690ade31a6410f7f349a35bc4267a129afd647993df7d45cc0e1a1ba4678d7f1b6e8a344d8ff7037679e1f4db25a454e4246f6b55c416567fcfa188e8a3865115851d9edf0aa8902 +M = cf424d7af75ce7eef90cad75ae55ca8810cc7b4703fdb5bce701e7bac07e0c371cae06df2aa8facb55a0faa6793e4d2bd9d7969703743b9be170be82792aeea55e2bc0f7ab7617b276486bf474dee2f4556aab595ff3ef115139cfe5e21ccd4ee05c0e1cf901bd85df86cc17195a783b0be836d00bee82ce064077f9191188f9 + +ModExp = 3137a3049fd4ad2e26d870f5c998cf11bfe82101884a82e85e43facd0928cd7434a2e346ca124619769fa141bbe92ad6f36b99231032ddaec3b349a410f82b5ca36f45e56e5fb85dc63d32053dc90805d3f1854ab385281a71a57726bf97158494e7476057214ca7379ab8b70f5bdc15f70bdad3adf33c3a1f9cd1b6bbbad556 +A = 39a1dc6a4c3f14d9c350ee968d5ce139ef725952c967a2d1bedf48ace22091283525be03807e2e263d2640be77f0525247bcd07149bba50568cec5a082c87d72962cf9e43bcb5cdb1e7e9a650fb53e0ec2fad37f09a9f036c0d7dfa528fef846769f80a9a60854910ca1b4ee05dba82ed2ee018348d6b3e52a764b8ffae61e0 +E = deaee3a3f80c9f684ed7110c0653847ccc7be5ff6d982fd4b49f59b5dd35f7210b1077babbcedbc127df35cd469dc6e569a0f84e58149b5605c94b09fd7f0b098d02b4a04631328b3fae39e6c2fce25334225cab71829abdb9507cb903701559660f2c08c3b743336119d1260a0db27054cad3f28bc1b04b2289baa58fb33965 +M = 938388927d06ed3bb1286c0f06d3054cb0ee16dc7a0bbbf13a45293c09a5f40f1d611b2e1a1b0ec2ef109b508e27af4274954905cae52034f8740a744153b4d22059f0dd262ea51785522098ecacced6da07709ee6b5acc8c4e99331379a7c3de7f4e2d1431e43b19570140955b7bcba118dfbaa552cbfa2be531e8f781166ed + +ModExp = c15ae334455d9f4d1030cd33e734726a27c63624c2afc576238cce5e0498298a4a0c93090a0d19568b41290303c4b558f3d9dd74f9cde8798710f68569ea0d6fd971ce67ec5b54495031de3d8842b8b49288725bee5c9f72b99054d64986ccd4e18d70d5f33943f08cd694eff538f84438ea993ebaba0910c95b3a694f213510 +A = def633b955a917569df3ba8517455eef0655e7a35985edda27097a063e0d82c7c3a76dc36c5d8a71ba9d540790ddd0ea514aaed98925f9a1808eb288d387aaf9605a9ef8a333ebee7ad7057bca012efd619d5867f02266f65976ef4b16da17468426ac4f99b3e8921707e01b4de20f6f9a068e6a19d872079a27f3a44449db83 +E = a465c47b0d15d48e01bb8b1d8e3b3253e11515f6874dbed6c25818adf1a8fd927124d5593beb367f685c11e46f18415be73ccdf16fa2e93a600b728163d21d232849e5278c3749d903edad3f1c4535a2f55a2ab65e7ebc64888bd2a0527e876ecf38cec3ab1980d08138709fad8eb88ae65d960adc3f0f8e92f784fe96fcb693 +M = e43cb9ac1446154356cdc31ec771c79b0e461e22d95185bbe1a279c0945e3af07903a0cb54d553380716fcdcafb4b7cf5dc6da481dc74a8c583d75ff6c1f8e429182d200246ebc473bb56e173787987c1b7fb2dd23f5b2e438a97bc4a1df628bc044fdd1e80c0cf37030adb7b04784dab827d0dcd64f0dbf37c980612570ce11 + +ModExp = 75c3f79ab7c991b98e65505342a8a563cfb08b5d3ccf8664c7db1de50256b1d17ebf7096dc98c7bb5d7f027a894ae5cbb14dee04d5d445e775ad7e239acc82673b0ac2d819a69c83864f34e73d9a636f05de8279619a067b4c90ad038db5910447e03841d2034635018f08cbcd21efa00994247763a249082594128112f95232 +A = 34def7d76f6f158a359fd12759fb889cdf6af0a24830dc3e84283a1ab4e9b2647a6a36b86482f829b2cdf3e3d6028f9a884b1f64f7262315446bea8b0231828e2f3d990fb103c17f820b39e4b8427c85643ceeca8f5dc8f191d1255768300e859bd7d88c770319ef38269660d221cb3bc061389b6fc0783485ef042b1c7d6fef +E = c6c46453dd5aac6b37277a446b1d0c69cbe476eeff55b3ac35edb89ba97116b0e7783660f2c7b31b2a2d6c4709d0ab45d01a838100694b0777c9c9c14c959b07c437c73a5eabb7402f1001e802d797a2e7707285834fb6440a1c2f727f7bb84ddb2a49312d32fa0ce620c43872655cb5c394749c9e75d7fa25be00efe50d47d6 +M = fbbab6698a9142095c46b38a732592e4366c1838b84bf40f8c8fc7b630f73380a0d09765562365798f8c8030ed1b6728329d8bb06e882c35a1d59bfe84146a9db2afe42a414014e247390281c782fce806d62adb54778d2bcb49555459429d6ed446af5359657667f6aa19e8e3e0e24ab2bc312b2d90b5cb1ce6f2f15af15d9d + +ModExp = ba16d7f3f6e162ce248490d164a13c00e7720d8a667e2d3ebeb13f1663e15ef5408d5b56cbc7bc793a8ca787cc50f8e15e0e9d4ee764531d04a9114eea556bb3e206ed7d85267151a056b6e68fbf35e03f2cf829708ffe1de13e95ecfe365aff1eea36340ffcd3892dee659fb1ecbe50f5080e54737c10f9c1ba638b14ef537e +A = 9025e6183706105e948b1b0edf922f9011b9e11887d70adb00b26f272b9e76a38f3099084d9cccf12d04b1a99c0f654f8b9ed90c6dff9478c60bf05d58d734ab60eaefa14a22230ec60c90dc1f0704b61eef0bef345785ae0e6a9af7db069cf6bd2b4e0fe58a0ade83c7e46a04b9fe1d24cb9b65c6f80de713e61d70eae5b286 +E = d7e6df5d755284929b986cd9b61c9c2c8843f24c711fbdbae1a468edcae159400943725570726cdc92b3ea94f9f206729516fdda83e31d815b0c7720e7598a91d992273e3bd8ac413b441d8f1dfe5aa7c3bf3ef573adc38292676217467731e6cf440a59611b8110af88d3e62f60209b513b01fbb69a097458ad02096b5e38f0 +M = e4e784aa1fa88625a43ba0185a153a929663920be7fe674a4d33c943d3b898cff051482e7050a070cede53be5e89f31515772c7aea637576f99f82708f89d9e244f6ad3a24a02cbe5c0ff7bcf2dad5491f53db7c3f2698a7c41b44f086652f17bb05fe4c5c0a92433c34086b49d7e1825b28bab6c5a9bd0bc95b53d659afa0d7 + + +# These test vectors satisfy (ModSqrt * ModSqrt) mod P = A mod P with P a prime. +# ModSqrt is in [0, (P-1)/2]. + +Title = ModSqrt + +ModSqrt = 1 +A = 1 +P = 2 + +ModSqrt = 1 +A = 1 +P = 2 + +ModSqrt = 1 +A = 1 +P = 2 + +ModSqrt = 1 +A = -1 +P = 2 + +ModSqrt = 1 +A = -1 +P = 2 + +ModSqrt = 0 +A = 0 +P = 3 + +ModSqrt = 0 +A = -3 +P = 3 + +ModSqrt = 0 +A = -3 +P = 3 + +ModSqrt = 0 +A = 0 +P = 3 + +ModSqrt = 0 +A = 0 +P = 3 + +ModSqrt = 0 +A = 0 +P = 5 + +ModSqrt = 1 +A = -4 +P = 5 + +ModSqrt = 0 +A = -5 +P = 5 + +ModSqrt = 2 +A = 4 +P = 5 + +ModSqrt = 0 +A = -5 +P = 5 + +ModSqrt = 3 +A = -5 +P = 7 + +ModSqrt = 0 +A = 0 +P = 7 + +ModSqrt = 0 +A = 0 +P = 7 + +ModSqrt = 2 +A = 4 +P = 7 + +ModSqrt = 3 +A = -5 +P = 7 + +ModSqrt = 4 +A = 10 +P = b + +ModSqrt = 0 +A = 0 +P = b + +ModSqrt = 3 +A = -2 +P = b + +ModSqrt = 3 +A = -2 +P = b + +ModSqrt = 2 +A = 4 +P = b + +ModSqrt = 2 +A = 1e +P = d + +ModSqrt = 2 +A = 1e +P = d + +ModSqrt = 0 +A = -d +P = d + +ModSqrt = 0 +A = -d +P = d + +ModSqrt = 3 +A = 9 +P = d + +ModSqrt = 8 +A = d +P = 11 + +ModSqrt = 6 +A = df +P = 11 + +ModSqrt = 4 +A = 10 +P = 11 + +ModSqrt = 5 +A = 90 +P = 11 + +ModSqrt = 3 +A = 80 +P = 11 + +ModSqrt = 9 +A = -e +P = 13 + +ModSqrt = 7 +A = 7d +P = 13 + +ModSqrt = 6 +A = 37 +P = 13 + +ModSqrt = 1 +A = 1 +P = 13 + +ModSqrt = 8 +A = 1a +P = 13 + +ModSqrt = 54d4cf0fafe265056a29016778cea6b712bc66a132fb5e6b6865e9b49e4c97ec +A = 599c10484b22d0b5a115268c7538ca99b3253a311a4ab1ca11c3665b0bec393a1167d1ad94fb84cb2c7ad7e2c933e8f613bdd08fe1f1aa4a9b0b9de0c8a7c9d4 +P = cfc4ccae35458ab5be1a1bc0664188253301f8702af4f8fb19fed12de0c653b1 + +ModSqrt = 38a7365a15365e911286c1be2a7afe76ef390234d76269e04dee17313f6ea54d +A = 1c4aabb4d8369710131c664ecf2849e963c1bc31d66e0b939bacf99a870c71f24ed71bdddcf566f3908271fee43fc1ebb51eac7e3153efae641b49d2e796a12a +P = cfc4ccae35458ab5be1a1bc0664188253301f8702af4f8fb19fed12de0c653b1 + +ModSqrt = 35ab18a560dece04725667f640ca61d1d59f14d191f94c79f58531acd097d444 +A = 685168ae855d60eba220d803f5296459b30a289580668db9ed51bca51cc2d453a937e13819ae34f7a9a143ac96d17420c53919167e46279b562b550be1cd9abc +P = cfc4ccae35458ab5be1a1bc0664188253301f8702af4f8fb19fed12de0c653b1 + +ModSqrt = 288370029e87024175e5bec0eab0929179f42e16995e7f6194eefc61061e54f4 +A = 2a14ab77c045bdc48220ba9c463e1a4b4049cb01edb53be0937767eb2ec19b7d719855052281250a36a0b76d9a5d967d0756e1ded7a052f7056191ad66bcfc9 +P = cfc4ccae35458ab5be1a1bc0664188253301f8702af4f8fb19fed12de0c653b1 + +ModSqrt = 32255cf01dc943577ec2bcb221b98491d7a1130d046d6c68e95fedff643ce3a4 +A = e26f6dd46a513a1dd3fb14b71be1d4c9e9d79eda1cde10ea4d1eb8abfd4d5857572205e247184dd0cbefa37b5c0bf680ba2bd28c5741f725cfe2aae37419baf +P = cfc4ccae35458ab5be1a1bc0664188253301f8702af4f8fb19fed12de0c653b1 + +ModSqrt = 5172345e801ada63fbc4782e32583cc3b4fea88b9e6dfd542f3542f8538ade66 +A = 40dafa8342b302bb04b1f3ddb3b9015a8fc1b597857c115b40631c7be9e22de89358fca23b331596ee5ff304dad7811e6d8e8822f7aa533c9e7c882634ea550 +P = a6813d316f9aca30f98b4f864b8b4b8f51493af930bd4d3a1b205a710e99add3 + +ModSqrt = 4dcf63c423bf0e39aca2293d57f6792d023db649d6719fe936446904b9f7e60d +A = 5bcdb514bbe84261e169203e8017909b60c9bb330400c766ee01b0189378e70e61867a164a12643ddc9e94b61e09e5b158cbe85be228a3cc48f95a552958b8f2 +P = a6813d316f9aca30f98b4f864b8b4b8f51493af930bd4d3a1b205a710e99add3 + +ModSqrt = cf77c5c2d12a500b75cbfb1f3e66ee75d886b9365cf4f8b4d1bd18a6be0f387 +A = 4652ddc2ea7b460d8ec3c9059b8f9b5dae6cac55b51f2ad86fcb336b25235737965cc515e2ff0b54835015b7ebeeda6fadd986471d8cb424d309fc353d1e269 +P = a6813d316f9aca30f98b4f864b8b4b8f51493af930bd4d3a1b205a710e99add3 + +ModSqrt = 1e0549e4c5a26023e9d24fd8c67419960746f82b1ecd113bdac66f570a475d87 +A = 5f4a6d450ab1390d96ab1deaa0ba18f897cb63daf0c9e1ef6c08e804c26b5e842f6c08f13db5d4a6e88f07af2a3cb04fa06fc3e59c410b9356f025ed81acc74 +P = a6813d316f9aca30f98b4f864b8b4b8f51493af930bd4d3a1b205a710e99add3 + +ModSqrt = 144481a781d831c1ca046ca9e322d79ad4d2c6dd9f780bea9d1ced9cd20b7b23 +A = 4c254fabca441017132b9eacd4ca40a336db3e5c09715773fa07af095989a91cc968ff07a9ff56ed06b0ce0c5269f7b2ab68564ecab9f4467a7e96b6cc6b21b7 +P = a6813d316f9aca30f98b4f864b8b4b8f51493af930bd4d3a1b205a710e99add3 + +ModSqrt = 216fecc7667f488a3d2d102a38b46b4860ab858300b8638af4f34e1103fd73ba +A = 17878f8048227573a9d70f53c0e76ff13fe9f56e9c984c92514d3d13dec23c816661f0618d21371b80dfd885cb59551bdf80046f65f22ea9b89c78645a6e455a +P = bd37c850cf7d702bac879f3c21a51a5a4df2b8eb0935861e0753a6eb62261a95 + +ModSqrt = 458e5e789ccd2417174f7e30bb31914b9656bd8cf2b9f5a9752a8737a67707bc +A = 5c7d39a4bb04e69201aa519f80ee7e62ea14ca55e13656d1da3f45367e2fb2d061aa2940708d02ac67d35cd2ccf54a1bf95bcbc759779e692cfdcbb3aa1a05b +P = bd37c850cf7d702bac879f3c21a51a5a4df2b8eb0935861e0753a6eb62261a95 + +ModSqrt = 543125a16c2bb8b8f8a2c39c497e5224ec77533602d7dbe24002e32dcbd2ef1a +A = 3413afae333b2ad9ff45c7f3c7e5934b3127e8b1a55225958ee6ccf42423e81559bf070ad3f3353b78c0ffd41475af49f59d268ef78bdae879f5155e8d1cc07 +P = bd37c850cf7d702bac879f3c21a51a5a4df2b8eb0935861e0753a6eb62261a95 + +ModSqrt = 10e16859c67bdb2eaab52a7c847dbf37162eda258a9f6262ebacfe4cbbbc1080 +A = 21ce7905894faf220bdf4a82a2d855994ca2dc9feaecaa53c7f146e1f49934215695e9bb46ba370b7005a90c399674caa8969eb442e7914d90f749774d7fd194 +P = bd37c850cf7d702bac879f3c21a51a5a4df2b8eb0935861e0753a6eb62261a95 + +ModSqrt = 32a00586adc6f6cc2b1a04e1be0ab569fde235e1436c38b6af92bc5ebd60bc1c +A = 350da4fd8cf03c12f7dd6ac6d3ab801a3413964083e374662aaf878d6838b97d4feb9e52cd307a25b113e101661a865463ee2480c626aa4e2ec437d72e7bae4c +P = bd37c850cf7d702bac879f3c21a51a5a4df2b8eb0935861e0753a6eb62261a95 + +ModSqrt = 971f75bc7afa8b4b50f1d4b05e52deac7d4836a08d30546f29649bf1ca6a247 +A = 655ed4c5d8d0afb4f9360372ee1ef1303898d2423e585108a3303faedb55064d2ef25666ed4c4d71fe6063fea1f3142b435714b0e30b339dd791d347c884654 +P = 9810151ad4bc9c5d68fc326395b509f2625bfebca1c3801ad4da7539fdbaa6f7 + +ModSqrt = 48fa882b7cb6a29de9e3769f72eb67f1efd4d2af56f0c7e410c610efcbce2065 +A = 14f3503f33b243800eac1defaab33e04c01e80163fb3efd03860970cc016832431ca4fc6d1b760f4f40166b0b8b3c40dbebc81460cc10890172243770338f090 +P = 9810151ad4bc9c5d68fc326395b509f2625bfebca1c3801ad4da7539fdbaa6f7 + +ModSqrt = 236fd7e397ea7f8bc2a288eb7236ca41936fa702b7dccca56c8852e147511f7d +A = 1bbd0980feac854782813bcde4da85e8a054549a1b515e065da4236528035e756882e29e762cf60453e375cca9dc6ff637f9558bf86646e3b928f68f82af7efe +P = 9810151ad4bc9c5d68fc326395b509f2625bfebca1c3801ad4da7539fdbaa6f7 + +ModSqrt = 693f0cbe8c81b0afde0cd2f83e53795dcae6b0cc4ba930ab5c752400d787f14 +A = 7b20f9664b23907e152ab8c9a907f72e8670c1c38ab4cd1411ea7c2159c09aa131afe068929b8e6ad1409b74c04975180d1cd0a9fa74e923c3fd451e8da2c34 +P = 9810151ad4bc9c5d68fc326395b509f2625bfebca1c3801ad4da7539fdbaa6f7 + +ModSqrt = 4a086c50b0bad576501ddb6280743b2c9d247841eb7f14d90561432ff7dca6f0 +A = 4367431ec0cd0d7626538b93a090c30fe0c97c18ca03b97ddae304b619112b5b4d02bf0f041fa3fd673f9ef2ceb07eb2079d11c56dd903b1a87e8252a97b8079 +P = 9810151ad4bc9c5d68fc326395b509f2625bfebca1c3801ad4da7539fdbaa6f7 + +ModSqrt = 18f8433fa468d8065157708f1f1e53b8e31d39c6011fbc2bad93de1b5548e19c +A = 739c032bb4139c199c40f548d37234298772e4ccb9d3ba28412b60ad23b4c465b0787e2382f1c5a4a87af2d20eb978b7dcbe73f2112249477d15c8a85e54a79 +P = adcd56924f73836ebe4dccfe006ad3b1e5076562cd11b161642cab7af2284659 + +ModSqrt = 49e3c8eef5e067cabd51a7c01384ce05ab8f4342f655559d8a689eb7b20e0106 +A = 18400c2cc3e06b99b4e39c77b9af5ff0e9c683f1708321afa4cd5b6988d13b36b1d9eb4379b7902d9ceb40c03f814b2b6a01b90509bbb4532f13ab1571c4d04a +P = adcd56924f73836ebe4dccfe006ad3b1e5076562cd11b161642cab7af2284659 + +ModSqrt = 35548c530745f440329325cc8a5fbd90c16a7f0788879a4869bc4d4f73acda0e +A = 181a3c5ab02566e7166c4d6d2f2bd4a8ecc25991a98d270bde80cf4332766a7068b14240bf5f5dcd45e90ef252596da3eb05b11d68b2063f7b3a825742593ca9 +P = adcd56924f73836ebe4dccfe006ad3b1e5076562cd11b161642cab7af2284659 + +ModSqrt = 1ab7046e6af061ade5f9719008fa4d989007e2a579a134a5b9f19ec410984096 +A = 1008a03e211fab0d45856377079bc96b0776c2d4c0175661f3493246cea2ab0a02a706c85314fb707ad9906bedb2cfd577d62092ae08ff21d7b949373ea954c7 +P = adcd56924f73836ebe4dccfe006ad3b1e5076562cd11b161642cab7af2284659 + +ModSqrt = 2be9e3e7515960d90f115b89f60dedc173a73ce163b4036e85b7b6a76fd90852 +A = 392053a9f0100540a8e1a0c353e922068a84dad3a4a8e8962fbc0bee2b6a06e20d08ade16eb1409a16acfcac3db5c43c421505e07035ca308b15c4a6db0864c0 +P = adcd56924f73836ebe4dccfe006ad3b1e5076562cd11b161642cab7af2284659 + +ModSqrt = 5b301bb93bdcf050183107e36258b53b4805918114ea1c2227b0911d5b4dc077 +A = 55e55e5f94dc3d7aabc921f6469d85fa2e1e92a87347c57afad5872306ae69f9fb99297d1e3e793dd9e8632244208154de5da7114fd876383bf1422f7ece024 +P = d43280ac150f725f4a2a1dceb1c79bcac57855a4eba72ae93762d09bcb2444fb + +ModSqrt = 2df9609e2f5a5156c3260461b2ee52eacdef00bd8b091479813143a6c5283f71 +A = 2099325b7f12fe77353ddf3f2b2c5ef77b49671b150af954cf84e9675e3ecde3e057084641a633d19533b4712ab49924c8b5c31d591abcc88291f51253fa2a7 +P = d43280ac150f725f4a2a1dceb1c79bcac57855a4eba72ae93762d09bcb2444fb + +ModSqrt = dfab751710e9008e25e422d1199d6fbec4dc7fba35b4da9d225a746eb4126a0 +A = c006af53d4737fb293584df6ffe2e4cb3fd8dc77fb7c1f13b97bb9c249e3ee5fb9feff7488265b3093906c08a4946f142ac7b491937d24bfba6413366ce371d +P = d43280ac150f725f4a2a1dceb1c79bcac57855a4eba72ae93762d09bcb2444fb + +ModSqrt = 26bc030008d6c60a09fb0e16093a649fcb40c6c21a8e2da2353ba4b07c4f85d5 +A = 1eaabcfad2ed349ac9356e6f4da0b301266ddde811cb0f817aba8f5c10fb8b8ba9d0ef2dd386b668f16eac296118fdb8cb7afe1b865648c81c2fa3cf21f2711b +P = d43280ac150f725f4a2a1dceb1c79bcac57855a4eba72ae93762d09bcb2444fb + +ModSqrt = 35051b1482ec2578f3dc0000a422cb5111e43c37f1ac20b1844d3de2128c4556 +A = 315ff9de178681116f2a5fa78eebf4818e1d680435eacdfaf9d0e5c4fc01fc034b352c82fd52c81ca30d68864952dacc99d08269c9dd7ca99ccf22da98c3840 +P = d43280ac150f725f4a2a1dceb1c79bcac57855a4eba72ae93762d09bcb2444fb + +ModSqrt = a5474252885cacf004c460a7793ff0b0a2187bb1a9ed700ae3470199faef71f +A = 19856fc1351c4b02abf573bb2fc6ff92355fa369d62bb8f2260fa772fb1693f509a56cad661930abcac049dd70f4b16bed4a4c172e73e772504c9990ce7f92f +P = dc315fd52684fba79e577a204de9053b11a5d7a414263fec9eff6ff62188829d + +ModSqrt = 12daf4722387ecf47de1b0b6b110a062dc5ea2685bc9dbde66b8d15622985029 +A = fb8479787069116abc42abfd7dc0c24d2ad04fe0c04b42a6dff714af715d17e0fd77855f950f264542b06d48e8818de813ddb7975798b7debefcdaa5ff86beb +P = dc315fd52684fba79e577a204de9053b11a5d7a414263fec9eff6ff62188829d + +ModSqrt = 397996ed5c0ac6ad32e43c337e9de421b87774cc162bf7ac7bbedf4a9029255e +A = 5aa04353321bd2de92481be740357f979da464b53aa39111fdbb734cf7af6b3857d1baa08d3a126a3dd34a2fbae2bf2b84e900686c1d31505b390185acef5fe5 +P = dc315fd52684fba79e577a204de9053b11a5d7a414263fec9eff6ff62188829d + +ModSqrt = 2cf4b844a54ba359dc592ef1b49f43fcfeae84d1087edfefdd0b9174b43c0a3c +A = 365a8650510bcfd8fa87432f167cf487234c215857403b9270b5eebeafa48cd6da47fd60dc311b94d1d72baad0447c31f0b212d755f46c256e16e5e015e6546e +P = dc315fd52684fba79e577a204de9053b11a5d7a414263fec9eff6ff62188829d + +ModSqrt = 9277c73043ff767c3fa606f0cd66b9d854a600c8c18287f191ce277758c3f31 +A = 62cec3901626d03e8df66299a87c54b1f7a55cafc99f0b6bba1b5d51a3d2b7d2171c9135a9d8a5346d436e0136b12e515e703e3cd84ecfe154eb94c6772a6d72 +P = dc315fd52684fba79e577a204de9053b11a5d7a414263fec9eff6ff62188829d + +ModSqrt = 4189e5a90c1b1abdc1c7c05b3587e6f362e06f927b6cf5f0d271aab3d6f90765 +A = 336b8d0f9dac842c696bc020f49c6aa023842c16f2052eb02f17959006554ca0012042c80c72590f21c6bf5a3714c9cb552aa69730e33db93a56a909b273f39 +P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f + +ModSqrt = 36ccd38cb5a6bd8a73bca55936a2227c503664422c2296faf7e2b1c6a375a43a +A = fecfd60a376befbe48d2c4f6d070d716d2f403cd5daefbce62b720df44deb605162c8f20f49fd7ec30d4f8e70d803d45b3a44b5d912baa3410d991165d7c507 +P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f + +ModSqrt = 198fc8569be172dc9b71023ed3d42d2ba94bae4099643f6517ab03f540527fdb +A = 65bebdb00a96fc814ec44b81f98b59fba3c30203928fa5214c51e0a97091645280c947b005847f239758482b9bfc45b066fde340d1fe32fc9c1bf02e1b2d0ec +P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f + +ModSqrt = 21b7f74c30ded681d6138cf8e6fd798f32a049e94138e982f1845df3dc9e686f +A = 9a30b791c1ba4f394b4e3dcd5837e474237f4fe8987b255c098a47b2c14c598ec69d2beae444dd4fe9c4ede8173d2b187677cc706a3c28f3b81627d8a5fb6fd +P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f + +ModSqrt = a1d52989f12f204d3d2167d9b1e6c8a6174c0c786a979a5952383b7b8bd186 +A = 2eee37cf06228a387788188e650bc6d8a2ff402931443f69156a29155eca07dcb45f3aac238d92943c0c25c896098716baa433f25bd696a142f5a69d5d937e81 +P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f diff --git a/deps/openssl/openssl/test/recipes/10-test_bn_data/bnmul.txt b/deps/openssl/openssl/test/recipes/10-test_bn_data/bnmul.txt new file mode 100644 index 00000000000000..dc13a9229e129c --- /dev/null +++ b/deps/openssl/openssl/test/recipes/10-test_bn_data/bnmul.txt @@ -0,0 +1,2678 @@ +# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# These test vectors satisfy A^2 = Square. + +Title = Square tests. + +# Regression test for a BN_sqr overflow bug. +Square = 4000000000000000800000000000000240000000000000000000000000000001fffffffffffffff8000000000000000400000000000000000000000000000000 +A = 80000000000000008000000000000001fffffffffffffffe0000000000000000 + +# Regression test for a BN_sqr overflow bug. +Square = 40000000000000000000000080000001fffffffe000000004000000200000001fffffff800000004000000000000000000000000000000000000000000000000 +A = 80000000000000000000000080000001fffffffe000000000000000000000000 + +Square = c2fa18e1d110a4639781 +A = -df6a253c3f + +Square = 4805f01d379f4ce8dc86ed269 +A = 21f253ddb5a6d + +Square = 57def107babc1c2bffeff858947e69 +A = -95fbaee5a09c86d + +Square = f3b01f7941961b3f5cc3361e3ac82423690 +A = -3e71292dd4ad3ed3b4 + +Square = 5e2d9c36d498ad1e8b6113f442ac513eaca74601 +A = 9b45cf6c7a43d910dcff + +Square = 7b7c2eb3fe55615e422b41c6f725341527626398cdee4 +A = 2c7314e72a2ffeef170de2a + +Square = af57c0ed328886642ed5d631b375fc89c03a99f1b427c6bbd1 +A = d3de077f8286a04daa9c497c9 + +Square = 4d9eac3058e6cbc0d12e639ced961c02ec1870afed62fdd44c67ce4 +A = -233da7e87ea4421ee8fe7e00c856 + +Square = 83c292d277fae28cfede74e8e80eba11dc132e16f78cdf64595c12c7dee4 +A = -b7a8aa7452678abd45d2ae6c349e2a + +Square = c80e07dd01f9d19a5cf7f3c328ccf4de70fdd113de69382701294dd29674b9a90 +A = 389387eead58fef2c76b5cf920f35c5cc + +Square = b9f69ca47ac855830fd7ed39c81822c520880c51c3ea60d3ccc106db37fc2b04c47831 +A = -da307c28ea67ca8d3117364ba93f0731bf9 + +Square = 81bbe3a13a22a73778233294ba0c132d9dddec111f768300f177468c204f8eab69b98e62d99 +A = -2d8f715bb32d410b4f475c4d000d56fec7cfc5 + +Square = f815ce34e9bc2e31e36e75cf49b2d15306d438a2a713b2a85b3ea156ba60c867c28cc65aa58fdf11 +A = fc02f2e1a26cd69f6a0e54cca4bbced739b43597 + +Square = 5f968707f58ea15c492ec9677be09c309d91164aafa754ab16ca47a411b5b2249858fb6f96135992e8a04 +A = 271b8eae3e96cc4900d4413d6c00b73736a5d89ed7e + +Square = 4aa616aabcdc7ad48dcfd40d71e00a3789bbf549ff39b3e2ebb52017cb56014941961a5a6d52d7a9980fc99b49 +A = 8a3d3f15e6d7d2130aebd8cb99767defbe4c7704e3c1d + +Square = 845e46db8c40f3f6f6f4928b5748618f021f9064c6522bcf2df004f8d2105e90cd354785c15a6cc32fcc77da2ea3001 +A = -2e0543ac8b8255ce30253cf2047a0ff353dea55a58551801 + +Square = 5dc5706dde9b326feb79941f08bd296ec3b6fb67270516b70fad9921438b9175f395310fb756b60d72d8e73e84ee8673cc40 +A = -9aefd7dfa709dec9e721f5c22867229435b2d6366462d0e438 + +Square = 63dc6565adba27974a66bdcc626596e16cf399541d679f754d9063ceeb320649bec09a940309dd1eae5fbba0b558939afae9689c9 +A = 27f8e071f70b0053d70eca9c6d1e28303b8da2d3c58083c2cc45d + +Square = cf2176449bb8b215fc37288b904ca27d5d410780fd054d2a190a94b405f6aa41970b41ba3cc43eaabb97c2248e1e21457949070ec0f6a4 +A = -e645c7edc27512d4b3170d3c5430d0712a25c13afcc09c9b30bb11a + +Square = 43194e5f12e828db6735824c194985108269ddec12c49a14658be3c2b7d298c2846da1aa3ecb7064e73c317af595601de59035faab6dc0fd911 +A = -20c3fb73a03217893fd4a9db6e53a3d83a8414d900213d0460dc91bf69 + +Square = fcee79e598f061157ca9416491f2eb069bb95a4d78a1d0538dab5c8008653db71b90ce3139e693ba284846be7b75d6b7aa80228420fe75599c12f090 +A = fe760dd61798c8f78e52b328fa27cfbe41b898de6e6bb4f4a684f038b5f4 + +Square = 4f0db9f9e6eff9fe7fc938f6d6f5e4fb017ffea0cea0f7c57f4fc1e5b2bdc00a1cb9c1e6c865e53309b6b73c4339b0bd485860ca9edde3019804902da6b61 +A = 23909968dd5d139994fe9baa0a7bbfa009b013df3859ff294c5872366eb7ecf + +Square = 4441ff36d785d18208481470a5b8ba8cd65a45436c39190dde0b8a2b7d00bf67b185d98ab5c4a7853423778d6333abf6b115dc9567a9f9c71916d3f9db3af82c41 +A = 84307277f79cfdf33d83d7093f1fd8aeb94499a7075ca32733b68fcf88e819421 + +Square = 50ee0dba369b0fb61d75706652487ca08043eee712ebb51399122353f77f13745ce2ef0d8f0ea7b3fd94e928b0b2b42c2c9141b5697b13b6d1f3d66c6a9186625b87e40 +A = -23fc02d45c820c3a4250124cc457fa3886beabb41d3c1e26f711309604eb253c6da8 + +Square = da11876b316d4891a2d650692ca776f77afd32a1db08f591c9579fd1053a4a46cf78b4e4cf417eb99eb067ff701dbe3483dff22e7878d2ef2b234244cf7a29d93f62d6d6b611 +A = -ec463653389de3689fe1881679b83ca65134a1498a3543168dd4833a51b23edd3fb617 + +Square = b342b4aff7e5bad38f7f532f0f32a3672f7ea6521d23652fa09ef7aeffcffe52f056ab1b54a0f3a2147f43330fd199d1f290988c866f61360dc4928c84b3dcde8f395120008472100 +A = 358e27805e2a56195fab2ccbe3f931a4bd14023ee56c8a191697926f387c40decc578cef0 + +Square = bf4045fd680caa514e9c410fb4404e5e3a381abee023d5b509d6dc0b97386421f55090af8bab5ac08e9b2eb8a36a64c55960be9179d564c5429f4ec595d03d12111defafb7359b418902b1 +A = -dd450a0fa0914f0d65a1b555baaaf9380eaf8d58b272bf9d95435bad53b01337ac8de562cc7 + +Square = 86abcdf183ca059257c2f6bb91efc9853f4ab42801d3cde88df72d4c904be184e93d6bd1af6fc21a6836c93c4e0a1f728b3722d568572f7ade418274ef2e6ac3463c5cc50990f1017e01cfb91a9 +A = -2e6b4d9eeede7a72b8d0fcf6429c7e30cf291352e1bb43e92c14236716aadc02c02f75c7e6aa8d + +Square = d5f37112733b097cab2bb11daa3d9481255060abd7bce42b752a7641a98e140922c375fcb68bf13d4326b374eabe3b01de0f8f6324b7b3e4142051c02d2f18ae2e748cf3c4bcc3fe157bc94227631d21 +A = ea087236372fbb01b80e57b1ae4edeeaa776355457e18165a5dc60ef4b6ddc0b127ef494dc44ae11 + +Square = 9e4db7885fa5f928ef236f99df3e7c8d17a5a21983ff882032817edd5658575f443eb9c5c97d95ee798a3809cda76d7a0ab9fde757a310e2f5cbb299ab88e92a5771027ab9f26816c02d0c97894da5976ec90 +A = 3253d712d4ada4c12dab41036fcf79b02e80d1a632ff6ccc44d3c1d08467a019cd6221507459b231c8c + +Square = cf9c50ee8773ba94c9e943989a35513fc370adc3622beb125252bb92ff9b258b81a497700e3bb15bcb23a5b3082c095f7a5d6eef20433d689c20a5427b661d43fb0f9b7d1b16d1b73b8fd59ed319a26c5eb92fce90 +A = e68a0812d2de2a922f24c4e63b4c33e62f93943b7673e900d12405dedd0bc2a906daf8b4bc336bdeb52b4 + +Square = f3aa49c906844692d3bc0cf101adcba80351c2e744be01762a8c24804a9d8d5a4cc3c113ccf529eb79cb3304aefa74178afa53f235c5211192d4cd8610c3b42e246621acb3e5d1f9d86ff39a20a7fa9c568356de5b86919 +A = -3e7069ce11472563b0dbeb9a936884df66db83273a690c40e5d3b5f8926fb502d3988591abfaea7b7bd76a85 + +Square = 7c9a5057ca8095cdfa289b2d60eec80548f9ab2f3a996137ff9be403b529c4672e003d1eb074c76c0086e3d875cfbc90a40ccb61b799cc0401ba160d8d6b6ee46b2f14ed31c83de54cdf83458dcfc01e3234d9717b5f2c7e5079 +A = -b299da84ef84095d8191fd1cfe847b960729a3d1857082f05b2fa30ac45e90d2fdc778013b023f38db2c8e780b + +Square = 488294b528e2c2da0145217ec69de2d021ca27f145f7321f06c03316fcc14bd4a9a900bd6a144086acad6d5ad32a6245f5a655e007742aa336430c6bfbe174278884d19fd93916ef57215069268ade899cb92dfed29628327b84d8240 +A = 220fa6eaae0238e78a91e43fd8c2fbd5db0c8501cb96d66265c8edcbd376814c39e4a6f21ec9a6472c6abe8c04818 + +Square = ebd685edd991dd5180706b72ce20ec4f6c5d9ce038cc8768f2ae2d0e676bd549d6d3f97f6c26f6e36bb664e8a7e6102192bccb354c024670085711db30159c6b7badab7c7c0b91925675ece3e23126ea6feaa28e977598a890e4e476ead100 +A = -f5b657cc38fd11ad2f1b188c61721b5ec6c9762c09dcbfac3edc1f07e675bc058e77eacd01a2b4139b1b00c40a6cb70 + +Square = d1b3ac1d7042c0200f80a989e053dee31cdddc835889a57482a0988afd82b0fe8d3667270a72967401c3e8d80dae349ccd4063f11cb24dd7f9a5aeaaa7c0bd7bf7991367b0d7b4d374dc9c5017da81ba39fadfc3b760f68da95ae1eaa2eea3fb040 +A = -39eca1bf5e4807fd6a9ccc9e3138a6fb390b10a330f0027f0ba9868beb77c93160b623de58054a4522183fb3e4e2d86b08 + +Square = 41c5e4bc851d48673e0a16336f0decbcb59dad36959b310cd1a042d24de00c587db47058c2d91d7f9982bdbf470c73f86e591a122b3fda71796e465513e10e3cdbd5e6bf035595644d588c091e23a57cc47b5173743b0dca965902918d61875f88735a59 +A = 81c2caee75e98f1822c854448302243feec55a5247bba948647f12d7e0bcde4b1dd6af63eb1ef948eec22a87d2f3213de75b + +Square = e712c3705ef2779ec997c430f1f8b7689d7edbf2daa733dca89612bcb298180b882cdfe8e5cc1104b9f5d6d8f0978b46eef4f297dcc83fce4c39821ed3205e399328d69ad484d8b3189e207193203ef79b763f5e11778dc24839b4feaab291a0464cc66edbe10 +A = 3ccdebe5106ff5642b4ac0751bb799c27454f904fb72863d1055d1412b2359120ad196b768f6137dce4cb85cd29a990838a95c4 + +Square = b5063c05ac122d0d4b1e0d15c913f70f1309933ba737fccbc02d13a6c712e7b75fa757ac0e4fbe65977f17bbefde31c8fcf51f867a698233bf25bbdb1f03c104dcdbf1173886a48eb5a8b4d27cd841196de0b53466a3f1d28500fb4dbcee8d3458662443eb2aaa5de9 +A = d745c04ed95d4090ed66784339202f9d0e57bdc1a6f6b6ca09337153f0236cdf99b61db85604791b3a373885210f6aade8530c8d3 + +Square = 974463573c968f1734741dde2a800761fa749b553dd6499b920d3af9bab73a87f40c9cad39c51cfabcfa0895f1970281af063d80f89f4103624a75bcb0d23f5ef6c1cd9a10930118e1459ee8732728ceb7961f7d83cd2344a51e6229fe708bda46382e142706137facf7161 +A = -31323f98f0f73fb66e541471774ce0e0fff53d69b2b726480b9ec7b0775b345ec4ec57c4334ab8ff4b388f4c7fbdfa3beeba0f3e0bcf + +Square = 673a62011d769ff0333f69f10f00b28781fece47ddeed25fb0bf4f8d95dde4efff60690076aa520ebaa3ba63e6d445541b9586241141ecc37cd75b178389265224533055ec82a393e5dd61640d3f442adaab917c8fee1f8fc0ff8ca8d577e1d2d976c2a8b873f699aa92c272c164 +A = -a28fdafefdd393f993a8fc1ae321e420451dd0c5071410367d5a911b2a3a668bcae4452e134159e0b1974505f99865cd97cdb020bab0b6 + +Square = c4f34585a29667b582a3ee69b1a5f6c04746d105a57bc92763958c5add45c64b5c1cfeb1a321fc5194aab818c92ede5408afae0a2a74ed4c7757dae0bcc602169a805d525c5a63ca97391a9a7987a3eaf04bc44c89547c5d312f7193fc571851b1a8f8f091849f649ae91e15a050f5799 +A = 3822b607fccfbf0c5be97d4358bc682784e6453c71781fd3eef9d247485211c55d742279a35bf35e64ba8ec8cfe20dc0889688e2bc81fe0c5 + +Square = cfdf0eb68dc27d60840b8afa8daf96bf831002dadb2801c5d6f7ca558256bf3c7c5372fa00f2b3e300287745f8664dcf8e679fa35adfcac93839cec53b349553f31058a4db05af40b047bb367234dd78717aaeb80334f0deabb09d2d4d90394ec28cc3589b0aa78cf227ce8678b8bb5cd775e9 +A = -e6af13779d5a5eedfecb7c4d34009affee1f0bb65934ea9656ed6eae02271ac8a29104439000650a3a8cd7fecb171a7154c0e2bb2b1cb908cd3 + +Square = 6ec1b1333481c37be059ed7e088c862f869bb559b34360781f7263eeb206a210b90321aca198aa41c2a79e3a8d7df4336c75c87ba2ed4b02052a07b234afd9d2cb55413d4296645cd0dc8f987120acbc82fbfb089190f50e55eb1f509c86734dc14b2e8ae42ce880023dc7a014b02727b53d0e5f779 +A = -2a18acca3306bf06fd90da4ec2cbce995fb08beaec6d1cf4b30694d682c83e04b39f9a569eec52782b9eda7db0680165c77a1b0f54a1b995f8bd75 + +Square = 5382be4ee86b9d80dc2d4ec58606ac538ba7074d57e2011346f0dfb9a9d6677fe015e4015ed607906e9068a3c5601f0bb77186a9d147416ac68e344318cbae5c70c437c5e1dfc2d6c3c8725198937ac2d8e796f749bfe95c7fe6d0e460a633be2d86462d48290a2f8b344ebcda2f6ad353d6fd5f3355d819 +A = 9236f7ad22da9cdd8c187082c630098bf3a558b04856e876433c570a63d39863416c9890dd089f7665d6ba073b2ce90f88e7d04af96f1c82287903fb + +Square = d68e15e8a46e001e47022daf63d2b33fee0f9d3dfefe9d204b0de6daea31dca4b287a60827bda9de2860c433b77186aca10bf3ac1d02a204ddf8bf070c3c20ea69d9638a865c8843e8e63211951e10a844f8527345c5bb5417e3301a19c929e6fc48902f0e0be8e393ecb3fe0e9de6188a72d102fbae846d05dc1 +A = 3a973dd50d4239f05d86ba25ee6ca8f8ef46424951a8bb89e7d1d6e066d6fcbabb3758ad9e1647a440e51976c0ce628d78b59a4d9e42fab0c723182b31f + +Square = f03a448bc7405d2d54c0ea1a9016d8757d4af893024e542df80fcce448491d07a4b451d67c9e7d9a6c7c5a6155bf156d3cdf8103162d8e0265111655fc0ae46f4be944fdf275221b217274357977abf64316615dafb6ec84c5466f617c4e8d9ad4739f3e5050e583892db75366a4a7d2c4558436ed036a79084c7f9100 +A = f7fd0a9634d14d540daea21c7b804d37de49b7c13bde85c045859ddae1dd3142994e385f455becb7ee30576d55d4dc2f3d9d82e86032e170da1730b2c8a90 + +Square = af945dc2241029744548517dfd7858d42097076b06427419e74ab08071a23aaaa1f5daa6290287ce8e832a0524ba5581d64abf054408ecf6ed21a4f8289c1e4c7a8087384d268a1ccf7ed40e74922a619b5c1f2c08d810065710046190b7cfff33d4f67e58927477500eec54ba4f63a57532ed10c6b861fca9d46bfc3d32640 +A = -3500a8b6d244f1a21e10de7cfbeeb75d57ffa62e9dfbbdba8fe93d17488c56dc89787f13e660d0d7c7755242f8412d00988bfc7d3f6704782324c48691e7ca28 + +Square = a466e34dc7875aaf945c088bac23f3347a41f7cd039b0c9120c2517ada94b96bdd72d7c9bb55539af12931a3a39f6e09a4cd4311fba57dbfcc51bd17b03905e2560275c8bb3d786defeb131a634e86ecb793867355b048dbaf2db8b654a4d50aace6bc9d60de6934ce25ab58381f6ddbd1c063652e283c30a2dcd61d9d776d60e209 +A = -cd26a0c3d84e83d9f14dbe95cc39e3ed2e8861b76f4bf55ab120ea636d8f9efb0b6198986eb52075108d0a5c6ae0ee762f834f3db802c3f20bedf938f47b8bfb03 + +Square = 9f3f4d5110ea1bad21fae923825ba869a9982b753284f1946edea19f22cf0a49485b9336a2af7df8bf2641cb2083f4dce82202162d85a5779a4394213bf3bb3e47356bfc1150e66ddb6cd945092c9af14eeefd2d08b76c5e4a585ed8ef39202c42dbbceb25697f22f9508e7d954d3c1da103818aa6f63121f895e2c26d3d7463aea7ca749 +A = 327a2f6607c41ce920c14e9c9e8a059a931d71aeebc3e05e93107265a2810ec286819a4b2af9d2b70b754bdab6022b10ee6b81b32a7382cee99fb2bbcf6fe85af05e3 + +Square = 50ac4c46f2014a7a382b0d5ec9db4a67f34ffe9fd5410995810d3ea8d7d87d47442d0253c7eceb1799272bb5f5e7bd63174959f9844e5b4b65b6a4920166d83d01a5c2638b4d3b6db7fed99e28b9128dcb7c10be539114c5887842f8e5a7fb743298ec9642e50bd0979156cc6aea9ce802a0c1b14a2a1b7afe28dba534c9933209f14474b6e484 +A = -8fb585e01a0c62367dfa8a1953e553476b1564e843bdc2c5d964864ab2da56e0bfa7f5ce5b7850398451619a061de02ffbe0c336ecbeae818d32dcd40355fd11a7a3822 + +Square = 9214e31bb62f62a7f92d6c7f1453bc4430595a1765b7223a1e50ec30f934908c19fe82d7bb8ef1174bb6787aba9df1a38a84203630ae9f62e08fb4ac55ed329282315937d193992e9e12adec9727ef91df5a065cc5858062c765f34bd2630fd3f654a8f8421b75dc384477744efef3d6f0d15820c9328bf43a43409f6527dce48a92c3e1ef145b5e284 +A = -30587ef092cb9456caa844be9629d77ef1bfe21d2ffd5625ea353beb1f294e38a7fdddd5bf77cffe5caffaf609b8976756c9eb4908ca77b1630ac0d706503c46177c5d905e + +Square = 54bf52644a244276ad3dac90661a1e21468f23a117a1fcc904c66119d86ce98a0b90fd4096708bcefa7a9df87c6bb85149305f193cf5505802172ef9ec343f662a4c895a9d19edeeed5d91e20abc894948fe59c1869928616392f3694d82aabee325b651e1170006ca1fc355212308442a5ec8a8fda4f5f90b7fef2aa731f3fe0f028143ead04490d78b2151 +A = 934b16f56700b455d5791ee8c119b5921976a829bb5d1fedb201e63c9ebb82afe4e29aaf0ae27148e4d34269c48dfa42131cc8b3b78e23ac3e7292eb0d715247a345c800f377 + +Square = 63b7884fbb6d5521c38f7deea5cc131ec6bea15a362322a8e27c762880836cffb69a069a168663908707bee9d83aad41c045bc84dadc6cd927ad62140f8c2fd001d34f0a7462bc939cc8996e17ebabafda95a73483c70191311a6fb7c670c76c9e2ed7e589e464617888d30cb7793e91672d7de9b3b4b1811b2c009dd1c690d44710bbab832d91f16f9b3564a0c49 +A = 27f17f0865513350381ea1aa1545439fde427ccc64385979bc787cfc4c7e6b624b2c77140da2c4176c55dbe43c506fac14b4cd7815e87f3120330dd3003bee087a371f85d6f4e9d + +Square = 9d1c4239accb286c3c7868ad3b4dd97b93774fd0c65e04ca8dd405c0298ec6d1f52d60be6ddb5f8f0389cde756b49b23dd2f0de568a432fb99dbbd40db798261d1dd39bf5017e6dc74cb9ca91f8b2f892c7eaa28485c04a96add206c7c38943912de065be17b65292db5a144f82427016b5e0eb4ded2e4d0b7d12b01cb0b2b61e5e1bf22dcf1567a8b149cc0ef5299a8b1 +A = c88cc5a46bc1cffedad4f45e66fb55dc4347eb2a24a09878358d40fbdb03e738ca1d54a1d26a777915248fd730daffb0d3b5305684709db0f258f581fde06b11a33a3f76b3fa53e39 + +Square = 789545f15fded8fbf0b4275cec30c3ac65eb42ab8cc75670fbb2ab0b4cd90ed41a1290383b5f14bf87a88c67ff1e04d0f478fb11fefa64e86eae5777855ddeae451e166e23ec30227fb4021d51ec7cfe4ce531c78ba1bf6c797dc73f093b0a5a5aa59ad8de3234808e776d690007c8c332b3f03331dbdbb8645b91552091afc36c28c3229220b1a7966c7cf13db6bdbd4673440 +A = -2bec94112014c1a506417e659157192dca1df58f933510d7a8d6f6feda5031d799a66d2746c09f827199ad9fcbf11f323a636feff5806c9fecb2ac684c2870d60c8a72358562c4eaddb8 + +Square = caa64c9f6bd66f76c99604d1f2b8a29a9a10c0d6a41cf32b5bc40edd7a1d97b295c63aa62c30498f15d70e427d5612ec3f6a2c1f2997fa9283f48018435fa6092269dc2e4ad524cc6da9689302f5c398d79e2b2d19470ea8240db9df0bc0bdc911c4d53f4f24a7ce44ec76378794d16d367434b4f8b6184c7651db77fcbebb8fcc5d3a51ee9739922cf20d4a8888139fe4669a164400 +A = -e3c4a10a64b7e67d786aeb81bb7ea14655637ce963f46cce59bc0cb6b5a9cb9c92afec3d527119db97bd2605d315cf28198992b4b2206e5616d3c560bc8163f56cb1f5626a7ac6d8427520 + +Square = 429e4283af7f895fe732ee88e4904348ed01bf579a93cffb7aa8e135d41cb9be218f8b9a9cb4f556124105cf042de51f34c8162fdc7a981de88e005a014149c955068e87214c174daa40fbc618c536a6e507ebd313763fba197059d68c69bd39933d614b2c32f235cc955e335c4a37b9e98cd7f98c7f26ea2da932c7f82ffd95be22a7741da423123f8908cb188abc26afaf4ba6d47b56e11 +A = 20a5e2a911627544219a1639c3321bbcd6192a32129b248cf62351f85b7a719cb275a4e44368a74f4d1a307ffd27ea2cae4d8584a57070609a30fb4e365564908f3d501b53c1a54f0e37745e9 + +Square = 9bcc8d423c3fdfaaaabe24a910e6ac3619eaa15e23b9f317c844d39d164c952fdf5c4bd270a83f3902e54d3817fd78c96018a706c1f652025dde0b98afe35597e0d8782deaeed23337ef6b3edc9317d54e3c8a57e4e7e2695f9d2681bf82927bab193ca1f135bd0e542696772f08520faab61fb4ea6ff0d15bb91f21e68bd7f084a6b8f24a47ecc30a779ee86610387b29a1de94de517f81318001 +A = -c7b60f4c355f2ca3937ba3c124eea2cd8d3536226a44afcaa3d17abe931c09ccaabf25a1986b172fcf46fb02a0fc36f2c163b6e42cee047c54ab05e9d30f03f6943b9fbab83aa6da12d7898c001 + +Square = 45df25540de94883dbc182009c29fec43627d3e5758e6a07cf40064e0befa0df184528a84757b445dd079c2b0feded48b651ab18b4bede2a81796be45caad0125c3692560d19cd9a6c8c0de8383fea0bc1ab46f6aca4e9c36b26575cff88fdf1eb1e13182308295457374968fe3a9ca34c6acd24c753fb84d41246614789dfe154faf34fc684cd15035dc9c1c6b0ea171e089e0f3236840e355bd123ac4 +A = -216f8a9a3e54d4afadf368c2693743efd3eaa4cbda7a87cd07f5b1a713eefd2548343e7f091ee4d9d6ed1d4343c06a0597db0eb5194b91bf2c858210557a8288c1aa7b0e0607a24dcff9de04146d8e + +Square = 5cc707d97eb107c5c40c0f19fd432cbac9855f280082802dbe4deb45bfd193ac7a9149fd12c4ae6e9282411e2f1f2ca92135424f215b800634092ed4ff2859d16ab9fb8619ece41b50f8888d3e13773d38789e19158e18396096dd57fa5470f50b391c22378d980e59b4585f013e6db52c1e24c14ad83262fd37d42f52323896f7d4cb3e38868abea8a07e7ad3f90512eea001c5147645bf00396cb0e7a553f1 +A = 9a1d1b0beea76e7f32bde9f4f2c8bcff9094db2d32c04fb7ff43624b61033646e482aa0fadb9f8b4225b47121070b4ee5d6818d3606ed775aa631e0ed42da68c2a09dab26b6a4d09ac226cc09321fed9 + +Square = a32fd053eb90c365e77ff47573a24add3b25b4c301f4c662dfc1fa635af8e18e7947381989b37a9c9de2713ca438b9f85890b7b160fe251933aa7dad1c3839d502debb42ddc927fa0e9b40c80dc3d408889be567699a856b1c9cf3a393b3b818432e95feea825c17d0981b942236b3779f2acaaccaf9a5817ca47bd03045fc4de454d8f1d4377e218c5f7ece369aacc35369ab57a71652dd42621491834119afbe729 +A = 33190b787a2c3327b122d1f5823bdee5c93b19b586ce1bf79d801a19b2558aafc8f6274d0908bb7a8362f7f71d3fb52b8ffc87d458249caba7af3a516ce868e8a620e3126ad43d6aeffee11866fe77677b3 + +Square = 74215d33fa398e21c34034af6f9c7af6a3e01982320ec8cf23074a938f1a31543f80e6aece01de247668fe67f276cb4411db27666e1dc8fb2bfa4eb68cfd3563167d1ac4efa3361f920d8dd0fbb7f06362167f5ab5ecfb72956c20db934f67ff1c75aabb594c853fa61f43d219a3f5d0d45274005e3b167cfff5493b0f26d15f85d8e906a0a6e7645eac1f40c6dc637e6d1e061e5b9071a1227469cfb2c0f17ff983684100 +A = ac6c0b9c69785f35dbe244dc85a54313ef836ac67c853531ef5db45b28835ffe61dd258c5528b0acea50f5aa5c0f5d08dcb8d82ee19bc432fa8a45badadb50693fedc1cc79a17d63aa73fe9597f1d4ce8ddf0 + +Square = dce5cac967c47b8a58ed6f1bb1d1e6185e849400228afa2bfa05b9c2dd327b04a86f2a4da2d02ea102868ea0c4da0f3e5a40bd02c87a08aaa5cd8d9358b3a5ebd8c9fc2dbb1268c261f46d6717b0307b993deff0adc8190d32b4f2bf695eb2cc74a6a9a712c5a621c673219ff8a24ded0997508f8f9eb1ea872008c46e71fa97f55b839950e63130c38b49c0ce3ce724a0e8faa9738d2e28ce6e7fc7eab62b3561d2981f314f751 +A = -3b735400064b15fad81b08362b8557f8318c20656839ffb4d2513512015036ab0039442032f1cf515f8c10c9933afe4206a2f309e933d1561b06bc665af2f04f4d064e073eed2280053f56cbeb137a9482c0a077 + +Square = 6b619bcaf632f0d8b1d715e8850c0cbbd29ac6373a9a5e93dd1bbd2b82744a8a50a7446b48c6e215911ffafcda9ed7becaf5d26b7d6df7dc8798d53239f62a482f974bdb654750def1c941c49a24fcdfcfe73881b556a7b528d88daeeaea8d62b357211a1946c81cbf0819ad8d0188f60aaaab4ea2dfef7e9012ade7abeaaa4a23d7403c1248c36aa26b43b8e7de8a5aea639a0449f50359e9b4c1b125a548383af33703f8dfbc2528e4 +A = -a5ccc69663a8712c15f96e6fc746252af89a8c2a6317caef905dd2d8a6d4fe878ac7aa66cdb3c3721ba7dd36da310753dde9801b31d759339ac919a464ab52541bb2e0dc938752bf0f1ff7a9524eb98340d62576aa + +Square = 77ea5b715823045afe13d10416dfd46a511141a7d1279ebd624f1de428cc04a4f246246e65c3f84344cebfa32864de9264b2e54d4b3010c4de9d3e6a27aae8f5f9e9d8e49fe26b73ac7e65bb216aa6a42db36ac03d749b5dc04192df819631593202a58264714628686507fc5655f169483b0ffecf45995cbc12faa105895564d287a9f4b220947d6c93786c85b2ee84a0a29183483f7c241d6a67fd0b1c38c7f74421355a14c6d9ed5720e24 +A = 2bcd67e6bde3f54c4ce0ea428418fc5c97272217c6c7de90549238ee322810dcc1bb9385967673aa3f9f5a5c05d987c6445135cf1efc26b3c17e55b93cc052761a77c9dcb5c22927b09e90a92e053ec1bc799bbe7597a + +Square = 40d113460ca3e70545bf3613c2ba5de5d8485641ebf531a43b6b8bb76884ff4f348727ac6606e026981d2116ef1e60d4b37b44ed7e2003410d7d636b58aed2f92e962003f28342aa5f059d23b3d58a1ddfb47833ffe1d1deee0a7e78b8f7d9d6487f22376664f1ed9ddb5ee3d17f43afda296bead11680fd17576a122c2599fa9802ddd84a2115f9fda03aba898f66e303895f452077c920a322b6aaa0965f51fbb36f01b1d412c6ccf390da050d24 +A = -80d0699a46619db033461aa6060983def7deeb976d1a71f5c6ddb85e8b46dc70b7ddb1d254971d38ca87c7ee3905e63506c6db105dd683375f4239523cbf1874069266c2c0f4b37edcdd261c51088081d25813758bdbfc6 + +Square = ace99f98cba0d1dc1c758dc7211aa4078a2aeb6d3fff19bdfa6981ded0982b15bac792e6b542ae48a86f9b40c6de937e402e230fcfc390b10c3e60202dee1337ab39da7a342999487b8d8b0e494f2809cd1bfdb39209da5daa590f78ded211b6bbd3fca9013300b951d8906c9ce8d1c0dd9554d5d1d352f9784f822c928dd9700ef8a5fecf3771966abb1dc6a70b301461eb6b6087d6ab80a4b624205489584224cf6578f75acd8091fd621d02306504389 +A = -349936d60c9d77a0974dc8985930d8674976db6b3cbaa067554ca6b30b1de33f2d4e1c9564ce102ac6387755aabf42916f63632a375d995913f9d45ebda54bee3fdb7cedee46ebb5c8ae7764e4de323c17c797d3b529230cbd + +Square = db6c73be2a59bdd35dd312240aef18dde4231c72aa28551bb370a87dded587accec2279bea24c930236f06f24d537fcf242497aafcbf72f085fd3ecf030cd750fb382efea0f82ad9d3195680324d73fa99d48802d085c150164aec0d29fdcc3262264bbe72311f89989cc71a4afdac6ab103ab4fbb6e973a42a1f8711bee463d198f727dc7bad848ff8fa77cd3b2f612d142ba46e95bd79a86a1fe4c2b8f9181be84825d05989695842113828a83b826e7d2c8c1 +A = ed01dd49d2e5d51fd30e9c578259cf107771b4ded6bf21f8b9b632fd360e34da740e0b1af6b5a67789fda5a44025af0f1547271ca8accc7a975d98ea7ec3d41c9697018d84ffb5d49b88d884ccdb011f715a199ddc44a4109261 + +Square = d6e38250ab89ffe11abaf8c5d07ba11e9053f1924ee1228f834111af16ed282389d04330cb0f47dbb186dee577aed82878ecb065b759312eaf167c4698eab5ed03a8657341bf5fb14a8e28e3b443a6b657c1f4379ff2549498a33922ea84f1fb19d10866fb0ad07ce1cc44c93cd4d9ec6bbb0e61c797750c6b5d7e8d55499655dde112f4747798f0e985fc2b937a44da9b04c2dc4b0816cfc57da1f80179db653c1ce287e786ed7eff7ad6d1383fc6de8c941d4af7bd1 +A = 3aa2e696ee570160b2a869c3f21c3f223959a185cda2274feea1c829af2234c70a504c959bcc49fe0313f4f5ffd27448e28aa0fc6ce24f36943d334c626459d7e6017339e787ab074879ebf697a93ad93835d69ab09294d007a0837 + +Square = fc39360cc0fe040b6f8340e0728c650e5e74cf1664f7b301e79986fe066f36e8df34d38d1a06b74a1bdc76867baeb3f39a9161acd200bc7532fa4aa0ea829377659646f073db82ee044279ae5fd797edd37d3261970819589853cb320887a085c4011c23d0da9b6d6f1b5911bb3399146c2912a967ab3b3f611f0bd52e00f418e6a6f0297fcf5c4a1f71c6bb8cc8e1c76694bb7301502d1d00c8b6c05bfabbf5d350590561abf3e2b1a82e98b56583e2e4e25cf707320a0e40 +A = fe1acf3d7b54e718c901c53f365894c22c8bb4182fee8a4c2558731e01e1519bfd1bf6e353483b8c4219453fa66f06063c6c99050068c15cd13cd1648ffc42b5badfc70f6fd4a0a5552fe637e54c4f92ca45c60cf9a0163978ac08d58 + +Square = 9abf1324ef65c726330f64643a024c466fad37604f4dd3dfc404d31c2a430fcfaa0c78283666c15a094d494b96d3c12de6e29a34d2c99f4f8cae8217bcd2a989d59807ac68c46d60600238a86155de499eeb35642d0f581045481b40e4f0a76905f9b6bc5b9585f77f8410b99333f7ea983c3f29f3fe66ca7b793b784a5a6a4f74512aa4385dd1e996832b1f41bb3af965be58c4ac5e867cdf8dc6a4f9d20a6f1e16e153fcbb45ae5fe8a798cb06a4ffe467d6b6aca2b31f335a344 +A = -31c243593ea611dffecc65d1439db345b2e89941113f9792c91a76b4890db6e4dbaf1482ee812e295d27956e48d07a14de38357f15b5931c5cc08d1d248df7bfee1cae5b5ce98984c5043a3e1a2b449ba1671bf1cfef91011e12bab94b6e + +Square = 66aee3e4f43c672e0478c76e2092bef33e7c60afee5d4c7defbcc5c0c86d8fe956c90a740cebe604224cc3f518463b1208699b8ea2316315474991d0f120ae905a67028492cf46fff2ae244869db2a02d06aac6ac6eb054fb3c14c756d8a3e7ca64f06586e3e86e4477f185ed527a8aea6a3c741f3fd4b64a2ee77ff140190260c431cc53f411fb227377c02f85d0258a75bf6d44dccbb8bd04ebdafa115dd55b176b6eff5567e5b1bedcae15110826574053681fe25a695ac4540186e90 +A = -a221dfee30286adc076673cbcebd24a41a438a0a7a6a547c75d33149cb1a094a8425feaa5a23cc234a722db4cca8d5912fe1dfb6db4e92bd87c12f0d06b6d954fdb9b172955412b2eb5c9fa3b4df2933390384fd1f929a2b1a8dac479ec94c + +Square = e880f8655b51739e34393c3e6d69d63e0256b1a887f7e69f40c78d21133b17e92277a136f5e37da2533ed599efad189975d22ad0340005ef58db0b471651d749dfbd48b3f7b3b8a42d4677048a855e99dae6c729d8bd7eef86911feca9f5490dd216b06d9e8d1ab695c1081e72449baad28dfe113744853382901e6bdab5413c67c52d6cbbb2e0bea711edbb3a219a4046e8739c04729cf8c8210028dbc4087737bc6c1d7e0c15ecf16774690168342b1372d3646d4d8696384bc932144c98529 +A = 3cfe075d4525a3c780d6d05f7bb708b2fdf7277a0f9967e0a209fee9d42136a0bbf98660d8ee8cb4720a8042da09f6271c45ad13db24eaac465f8207f78629e9085c1c890675f441c78efa38e5022b1b80afde5e3fd08e55648f2817631eb6cb3 + +Square = 8d6cf4eaf58099b1323fc598b7554b371f4afef5ab501dd162ab8429333d46916fe15dfc4ed6a99ca7fa7fc1aaa0cec3533b41e291fb7f69b560259507226eca87aabd07b1ae2eb93bb53f98fec508f051cc04db4a172901e06b74229c4fa3f550a81626c7a63fa99d41e46c2cf792287a5cf7bb68946971bd43c7c0356312cdc25e524665dd39a24b6464bbbe64fe8e87ee313b860639728a9143c3a6118bc8b150dde6c10a13bea637fa8873c393e6338319c506aec6ee973b4b52a272a74bb62084 +A = -be46a8072aa44b3bff0f90c81474dd576756fca624c15f55a17e1d0bd2842467ae000b04f79f561690c93ca7118ce17ecf830a8da3678c15436876d2a74324d9714dc8ad8181904be657d7f1da3313b78448cc06e32299a09ed59bfc1961e8bd722 + +Square = fbaa4fcf9800673fbd3a132305ed3e14f4889518fb56ab82aa5e9b3529b74d7f9a467626d68f4709a2030264aaebcf05c0a0edb511e81f357d85b79d925a24605f1bcd4645915bb75d363654b676266329df532cdb39152fb360df1b9500e0c296014289650ff77faa78a604397a82b34d16484e94a8de123fe720e514c88f11ec276725111563db91477480c3245542ec6bd0bb2f4aaec02c6c4eb1769030a31b05da3798c224c9117f7c38d3e98a343fca03ab584ec2d7e6db60fdc4273c3d8e23cc1ce09 +A = -3f74b25f2a9c4d8d977e69a4e067f9fcec281136a508e365b282e5fc3b1d097bc6a0f59f7827fb90d4890b08840a0a1919032c67448f8f1a771f785a0f125a4aa4137c154fdb489dc1099d57bfcfc75f4ca5e69f93f2bb87ed09cc0dc620d3e76ecd03 + +Square = 5135becca97d93dd4b16a5a1105ba3a3e3fe02bd6a7c3cd182186fc63ed4351641182a2727ab6715e9672458dfbc31aded4781fa345054eb4c317872e2af6d4ed64b2ca7e8c25e1e664b5349df937118632a64e4ce439ffc625a5ad3358270dc83fdfa73c7afba03406094fa36d87517e5e2e1fee5526fd2dc00d9210a0f6c3745b3d4bceee5f8b03d976d696c57a09d1e08e4ce780972eca4f2ed6500c23bf5782c31f13059e48246180fd09db693d2fb5d48d51846ece8beee45cef7efc87c003b44d7b137a900 +A = 902fbe2127354a7df5cb7fd057f3d080a7bebbdb83c86a50560b8c287a37a841bb9c8421c63d359078d2948b6b57559f98fad8f8014f93c912cb70a6701c4dc4fc5e88aa413fcfb685c32975a8b72424742eeff8262d28cebad00c5fcf88baeafe8f6730 + +Square = b5976cf6a6560412aefa6704b126e0d987dfcedbb4da436c08ce17b1bf1b6e0bab9f934abb5c4186a5415fa38724fb8fa341d381319e7d768209ab108c8debd99075d31deb3e03ff7d23957d4f3204d543b7d9079cf337be3037b1cb4908fd8c104d92e52f041b4cb27c045a741f4d64009980e8d27af75d9493920ed98c7234777592d6577f2d1b3a0eec645ab4cee2f28d9e4efd3e4514db6796487ba68a462fa0e316e1420d6604db2b901de46553546cab42976fd0d459afd81196275cd88ec4dd448ff331bb35499 +A = 35e700e034950bdd7318d5b3c17e90a4772ecdacdb055b9391b31538eb823fc8a4599f029e78e4fe5299ba1a423a449dc257a431d189dd5dca275c02cc1f12417e111c73b731631d8a1741b907dd8f24de226ddf9e3044cf4064e8e51ebd55be774be7ad2bb + +Square = b7de0f73397893a97928e266bc56299cc8d43b16a251992662646072b58fa578ca80f7be1e12619012b130e9514be803dc166b12ddfd26f558d36c2053ee6209b01458379e49469753300ef20f6b3dcd5383b121861c76ab25debb28c448ec33a81250d05f7eff80a5a4133d522d270fab29f739b607395a77278609aa5e1a55ef58d1d48492b71ee30a24a6505aab1a3ac22b9d143c9d6781fae14bbb980fe3a99dfa9a1a406611d7d0304493342f53faf5fd79f9c96b9583a219a1b22aad02dd58f32ee98146b3a8cf054bf9 +A = d8f4d3bcfc7eebd7068b851858c3668ce062a834927e165679b49132d4f780ca682876c65c7cf2e7ce34ed10e43696477da6301d13f92abb8c76e2424c4bc28a6565f15e59563d607b852dc946652b68fbfda1c3200ecc2976400ce7296b96e75fb059a4c8eb5 + +Square = 5ec02661f49fb9807bb73debc3c6eccdac1df1735e0d61fa7e0eee07471068a5809796a2af490c46a77d61f618b44a3168dde67aae1cf9e530382411056958d55bd18f0e76fe2c31c98b00f87fcb7f5691ed5b65424f82204156dc361ef6dec5d44cf690582599b3994ee47ef42850d5d2370a4169c5f73942657f85422ca24f66943877f73af493c865fbeb29574cc1cc730e9bbb097b598574f6b90257748e950bff867bcc01bf62f8df67d7aee1b6dc1d5db88826e86a3f9fcd8663e09cf8393ee71a09c43d0d38ba6ef643f4ab1 +A = -26ef9b6708a80d00f4d01e0f0a5546ed217085ff23519819ee89af430580ea1f086beb0eb51982682c6d3b922a2c92752dce63657836223a9d94964bd584bc8e37c6e30fdcaffbdb128344d51a92705e1c9f94205ca36452c15a08f7e62e0e02479ecd48085de8c7 + +Square = f6364409467a829abc2b13c93979dec84984caa12154b7cda2f4c8d91bf24ad7c45a968ffaac8d6722cc26e6aaf52dd29ea2f09370ba46d79684b7a06faedcd17136f35a58e5b550f3a2caef7b195d8409914fedd3c3154101bd735155098e8b10fbbb1b2e13555d2ab5d5b52b203d4efb27e498b240f37178f2e89b413f94859b0e8b2ec10b926c8c0b6f2937ee2d0355445364841c7e0539f7073b88c7d568edf1b253f3c10627e22c2ed731b7d4d199449cb0b5e7a66109932fe2c9cd741d75170deb9f98469049549c10a7a622bf6e91 +A = -fb0eec3246e99212879e51b17ea6615275818ecc5ea3058b13dbaba2576ef90e1519e3629b09fdaeb02661091c395c862b848f6326b9f536f7af45718c4412f09f19261b537bca36742d3ec66f964343516aae2ac27e249a15beb545b447e37b4062180f6c82809429 + +Square = bc4193ecb5dac900191e02be06297106155c6840c4908fbf6e41e9aae137d53c3d4ffb87f334f49837dc4ab7a66299994e4f5c9bf6ea03e7db663bdef066e94c610580a8896a9ae9c8f6587eb83d789683f5d6391bbac3a1dc1de60b4108428e6f5fdeaed6cd3e74fa01f85c6368023b61a413b69b14276b66f22653491e4f25790985053d075387cb13c79dcf963b6d880d01174314921afe1cc700c02efd2979dcbc59c417a6316db9ac45a2d60d2a036571bfbd75f9f5e42048ca086cfb4b818a9beca4a6e0ed51afa320ef3549151fb39e100 +A = 36e1f16043b4c9b4a304496c39dd63459d6521d2ac92916d348daca3f972835973fc8d21b07b09d8f5e3197b39a8f3fd0011168b815d67c48143c413e169ffe0f56ff2cf8b6596bd0a3b5b7a6b9a14ffb797f350b7e6aa7020d84d1d1b8006850139795abe2c74f03b8f0 + +Square = 4cbb5bc1dd7112326e2c94581f19efc8fb25339a299fa9c007114c3a22b395e9d39a8ffe21134e97ad1b87b97e667ba48b2a40af61afc81fb1e20e8e38c7ba666b146016af4dff3faf5de306591e5ce6eddc1173fdda6fe241a9f2fc6e054c41e56d296f8954377df0d140096b9e9d6a5a23a231db4dfab0cabfb11190c7a0d1c55ae35203836d433da96ca7339682bac0a7edb8b5b4dc267c6e83ac9b67a0d0d564717ee3c20aaf52c0a750f3aad94a12537c6971ee009d0f82ff576e984b06c7f7b357f5c049454e31326b952af17aa62104780e9ca1 +A = -8c279ebe466de3115b8740f3ff9c1f605b4eaa75512d82fdc8ca5ce84e11a68688154fd603ae1d607807dbfcbb822a8dc259098842c6a7b7ec350be29a3daa20fd5b093a56692e9d42e7a389c4ad2122a74205f835e268c9742d09ad36238c34e143f6e2ec69c0f490d29d1 + +Square = 4f771ade09cbd1a033d2bfc6036fe46ae6c12acc6f2b9bd52e7781693fa6358cf93089f23d1f0ee6fca476a43093b9b52446f3a7abd72ed0ce9b562dc438822ffd84bcd898ef9d092f1b0b7ff89c4fdb33d8715dd4a0d68ec49ad41338fbb62ca87867d847a4d99310641a37ea78b04c85606069d0c0950484ddbeedac8ec6f95124e7fd83da4e942d40103bc14474f5cb125fa0b06cf167f076979948003dd8dc3711923f5af5beb5f56c0a48ac0c5240b62738c1cdb06b87ac3dfa17befbe938ddc7281f6c248c41a1c7b99b93f69fac83a46eb298a9fd8b9 +A = -23a845bf2007ba8480e3ece0a1bbaf8bfccba6bf061e3fe1d8bcbcd6c761e650891c0958bac68618a1f55b27d2bc6e1e1b50afc29f58e2e034bdda8405e5378cb5bff0d84efcb458c5428fc607597d89d589d85d90f3da4b89a64c9d1623b98b10518a6f2e7d2295c37527026b + +Square = ab45d12a4e15a294830741f4b9d4a14cc7dbed1c3454612047f890211c749d92ae0418f11cd44acbf1585b1f7323b33ac9a4b13c44e1a7e31b0dcc1c6dd4eaa12a655b5de08f3b948270a152db7d9e04dc54677075797bfad6a9a0e3958458d40e3df5e15028954bae99518de4dd3adfb2ec4b38897a8a4e4807849e1416aa4040c95a0e49a8d2889f6fb0537875f87516c3723e8d3b46da8da855929c67c0eb83daad62ceced52b4f52d2bf1c4e34f26bf16aa7da3afe0f5df76c0858ed98f21e1fc3d01e1572715b774bd5c2faabec5fa3fa59a7a1f32565a4f1f9 +A = d164d875e1f766b4567e9228241213e69d6b6c58620600166fac56938c5d9643932d01f1f4a2263dca4b9ad26dca1548e4b5b7e27581a63375d0e624f4e4c99b7fb9aeb25307c61142760bc4771e48c7ce38f5eb2408def632096fe40b80d488fe17a455d80edfc1c23c429775b5 + +Square = 5ae4e7dc5727543af39ed3d5e9ac086d1a2220421231b82f6f41caee7b9815b4049aea0d43ff499c6c9e1f226f8641351d03f37731c64686d9a9ce68e9234d6a762efcffdecd42f81044111599963d9b6873cc20bf4c8284fae03d2e4f238a14a74df4388fdc80fad0375a5d0d974da7854ede5896ed2ab25d2b49a3c39093600f73120e4fd2faf75381854f6ae80f81b977f62fc72f1fd01c278d183544052b77bd753dd88ffdf5c01745521fb8474b5c23b0b7dc709bafeb91cee0863a0c23ad7192c43cf15fc181d629853cb9b8334082c915dd3d04e3a0a81511d2e84 +A = 2622a7bf45ccd3cd567c757f4c5796b5a0fbca555bd0ac2759c24083172d82d6a887dcf93d9788fde052cb20a8963cb6db22bf5eee6151600f9d1896a7606b11a1b100cbc0925bce037bcea57e361efcc560a9abc495d7f7f45831c6429ac8f979dedc08c304f4da9c0d4d687376d5e + +Square = 473cc933f5a650a4ae358c7f486d325c0e20c83b54838fc08b6ac3ff010f7c4b6a609bdf472974dfc5abda0c6b33c5ec7dc4628d85cb4276108e2b0bc4e19cba135533b3d7bb6a94332aea3165dccb230860d2353166b9905635e606185b014730e9dcf2c433e18cba83859fb2eac4aabef68c8314ef86dec2d534a184ebc4cb193643add0897341690cbe18bc2e775327fd7d71ffc7ebc49bad83cd68394eb276b2e615ec430180303010a454ef73b6a8f02bc48a1fc8a32f8150ef1b733f07da752b8e808000329f4924976bc8b8573927f18ca7c88c210845de6dcd0dee2904 +A = 870b2c4b054076d0d02877b19fe1210a8fad3422b00905a6db748239b8e807716ed9fee0d8c25496593717917edceb5db57f9960bddc1956b6652868d6ace82827bbbada5ae8c15efa26fda22657126c6300906f90e8fabfd58ddf312ce0eee760e0090fac44f00378c676115cd0639be + +Square = b151124402d2f04b0e6599222d380dcf67b9716ef50d2d9ded0b21521b34a7294171f71b41762511b7cca93d9f50e9e30083ef19144882928011dbb143807d1b88c55eea6b19f0c4180023be6da63a59b6bc027aff3f5abe2f65c73b2de1e71c5f4b248bc4547040764e83a860cb3f882bb8b5f7821f92802808fa37c50f2f94d8f56daca841f42d3362762ba843aedbd03d3cdda887f75ba92423965ab4256eb842ad755aa7a2af331b488186f891065b07f5a299c807dc24fc176e085a8024bbbf12f386ef49ccc91bd4ada0936b6de78088cf5952ae6c04f6916799378bc0ede0da4 +A = -35439da9e361700152a35ebdea253378a1febec5f288e5b2bb0bdf25b84751b47e4da5aad7453b70cfd6640d5832237d2115575c738482ac6036c5fc21a981c0a7f979c8d621a92c02166b777475618aa6362a0e225dd6138ead3b2766ed9785ee01e4950a863d2fa0b7f5cb4c9a108bb626 + +Square = 4ed7263ae5beb0069f24318b38afe951a5a058a2e960e67f086c9680d0cc6d713f943812070bf94152f7926bdab9e5908941261244542b832f458f05ed5dc048c8b9eb84c2a85efe717e257796b4ca816948a6c8ea209c0675efb2fb5af4622b44e36066593db01b17f4dee21d7c1337ff41436cd0e5a8d01e4030dcd3d49839e59996fbbf1d39bd205343a424f2395b4d3eacdeb9ed3235d8df0dd00a2573260af63db3116a7c65d1dc69684a05caebff34e3d2cba9d4869a953a7b1fce10ebd008cba021008ac3187bba846abd7b39a1b97c9c07d8080549e313dd58b716022de3c1920329 +A = -8e1141dcebae61d5c4d81697f001d792ee2e847c589816f923f0ed42bb4de0d8f911b8ca47ffe77f80b9da6896a9b42f0030a3276218868bbe1a3fa64fb0a577704339af5dd82e66780da6f58900da3f1d75ebfcc302f78ed66ea3c7a737898a29b1f2500686b43bae1e6571addd2842cdce4d + +Square = b09f5e9472cbb75070a67d025957fd5ac3be89c41e4acbcd5f75780ca459562461082c3f19c5a4a416a668b0a55f31f74cf2ec44555ddc43fde64da0ba781adfac4520dd0f78d04d9d2fd33d8b49c72663a6bc845015523e2e4e7ccc69e5b748b8b891e4089420bf0a3f6032602824c7230b5ff95f85a688dcdcfc890af3384710a9fe32ecf9ad7c6cc5761f13079b19d7b2906c7e63c14b64fc88c6f4bd7c41c0356c777d35c3626d49db8cb2d1e89ce682c7fccc3a459b08c20c4e5fc3a8eced9b37d01bed5af6ce9baff0d2b435e6e62871fcb20cf9ec10d1897a5c76e73a441e07fbcc2d9f4e4 +A = 3528e6581de547de385c93ccf1086a17614f23356a918b25bc6d73656a2302b318963bb679c9a93357f4a4f614e74f2e5e88e9c8aed8a6fdd8434630f664ed15ebb6095cbff1593f188a12f4dd6087a85b202f6c24df68ac3b137406c88c5098faf47d1eeec0743b35baaec7dae29b5a44eb09daa + +Square = 5d5dc40783411475a4aac7c1a1eb760f76fcc6ec68dfebb754251cf499870654cd309422935ec841e6be4f5a15078356235c2b8cbe1ae755cd6d814e811072bdb76156b83c7d2064a202ff90af1e0f88f5889e5729a3cffa9faf33c463b74d0ad21fbb4473d4d3ebfa8a52e9c209ded5ce5131b12b69747c365146fa17ee5810e0dbab992f9da28b6c323062484d62472232721d608cdb9b5a341a677e2d7a6e5a983247d9a4001e16687b489b10b18bbf205f982b7ceee27cc3e9c6641827ab7952373f15d36e5f177b82d7eebb3f5054e12cec82c5f520a2675afdec6cbf6235d358c2fe73344002e400 +A = -9a9a19fcdf11bba84b0395088c5d187d84d69b68b77bc6418f63c88bbd8dbbccfe02917d814f9e2241fa0709817a0c85bd554fe887babae7439d96248514c12d71587c906247b3e965e954cdd57f1e51f1979f73c3237509863169efdf281c1359488daad3d9eb990a50ecf4d3fd25d4820077832a0 + +Square = a4d69ed4c4c9c08116ec5cc49ad458f0fb2ca00f356aeb148f18037bc49621e14820f325af39f3954bddc9cf01de7ba1e443088545883a94c04ff41a7ed5f65676109c5b711b4115775489667e00aa1b77f6dee5ac5c1789bc71c9fc797abf41c7c5ae3e2c1cf82d5b49b6c0da25190dfa9360b99b2f63444d21ec6114038b8284bf598eed24a2ab2b9802d6edd5b0fdb52f60621a87a14612844ffc71ca98180ff0915cf75f47432f73d28dfd7a932a125095655f07f50722b1673df2cc4f7566a1c6035792ff3f02356b9b9d25e905121df768dc6a1884cf5483eeb813c1c009fe4ed043febd61800ba978a40 +A = -335b12e40bfe0b847ed6ec143490df33d2e64ef4363869cb78dec008cb5cd66ea671dba964a53e48267da288ef4040e06371e1209691b81df02f2c86a79cac85fdcbb6732a1e5309fbbdbcd899fdfed18518d47258c9e63ff7f116ef4a8f5c4867aedd907ccc7d222cf8087afebc108f2a0f197c717198 + +Square = 74dcdacc1a4f02a99e3642f54f9d917b117d2ae8d9c392f8b6dee53fac66ebe1680c8e8cc29f5330e0eed3f63d10980060799bc37b34c93dd7b384d4ba30a5b5d42a145acc412ae838d7b9b7137637546d1118f7cf3eadf88b785f0aa01da8638f027c56faa16aba8591b64b45dae6138c9a40309b2ad29c5029a867465f9c6de8fbc5fc4b0442c8a8946272667c7622454ed6f2a236103bed7697dba20db84b5154ff3fbc6b4b9eb67ee43bcaae741d87ee2093ee67defb8eebc4a4a22d97a4e2aa7d4c31a1c88abf4a440ba4e2a5e40c4d903ba5ee4d80b4e8dffb8864bcb9806e015c1ce16490068df87282393111 +A = acf70350e554732c1972903cce269b215e985ecb8d6eeaa67fd5398d0a1b57c0db63368c0f8c2288c3a0466e2b3db081106b90920c46462faf00b5bd654f7140a689b78ef656a26b82af8dd1988f166ea04e9aa777a094d892bc7da4bc7bcf0618526f496cddea6d67df7bb0de9e99a35a0b1b210ff07497 + +Square = 9668b9e40a8bdde3c93943a918ca71fa0009cb05a1f592b2bb2c6c6172b2950719bfd80cddaf45d044cbb6aa99715046088f40ec6812945885679231c07f4200023548ead086b834abd8c8f8294db28b203329553242fd2f778ef5cc5ed0b48c7356d8c2d782a01809ccdb6b012896617f11d963300e7bd38ff512829514d94343476818ddf9d712bc70cffe7f767a9fc75a5630e6250ed45e6831b4660eb49d47dd1b8b6a0dddf3fb3ff0e12834337f145f741f70a2aa43769af50f099e004269ac47fab79e060800dc74da88141adbc46c15c7330931e3a2bed9b958f78b30214f81a64d121f96fbcebf7569fec0cdc6b11 +A = 310e7a40667d9d5dc29744b123cdf6a663a1b995f62fa9d4d853cbae0dd23669f4778bb2040317ebf6a06ac6299b21067aece5c5c1afbe6e789d656745ad66464991cada0eb237c6ffe991cac4670bfc90eed5f8c75073f4f846ea244bca0e9502ff56f8e9bc9b6caf275aaef38e26566fef35329ca45392069 + +Square = 49e677c8b052b7db97542948542449af47e14248021f8d3d3f92b9af41c803072f71050f16dd848aebb270affc47e85427a7c73f227f0d63f140d0d293157af0d972eb5b38de494fbc78ad3a4c3d1ab40197bc4427752b6102d1ced6d6cbc9d7caa0d1bcc57e708535822180055ecc9d9667e0590274b778480a3720823e931ff6daef358b1a1a9092f1f05fbb5b10ad5707a124e8be63bc696f083eb74e5b4f0e3110de8f297ecd30dfd2bcb010dcad4e387520d3d00365fc51c2a3dfe064b1ac77a9295f66beffbe5dd4333e5cd823b0f36b0b94d66507b1d9381060980f62f38a62e38e5a75203233bb8d64089bfd100f3205f1 +A = 898b5f3655de74cec3b0fde2ab03fd18cdbcfc3eeea48ba39317d26917130c2b78e05237cb0454ece268f091cab699fbcd51ce341b53d6ec0cda5d0d5388bac25c6517214a39d03450ef8502e1675bfe8e57bb6086f10ce4cf8ce65eadc865b5bd8a00dc26394f3adb2ace609149e3582cf44246184b2adc0ffd9 + +Square = ad00f10fed55175159b2409dc80899f9113ba7c8099d0402ec0f520ab4aeeb46d36369494a4e6fa23675adb38148fd2efa082df5094c0acfb77a9ab6ba7a299298d69b04b58011c35325f46b765e580b5c05eca721904f1fcc355dbe39faa92af5c9a6dbc4ab80e62b815b45983d9506ebd52b9efa7a6b9da352d1e4fd6ffa81d3b4596a0c14fb825297da361461ff2240e4378340d2ae529932d78f3d9f6b3c6d65d717e66122e5f590c50ce0a5d81ad8e0f24e104c0913cd8d0eb2de4c8cf62a7535bab5502df3fba08bb4dfe73d89c8b00edaa7d5f3274be9959e7ab6b6dde54f2491728a1dc11fa8e1c6a95e67eb7617e9b7471ee40 +A = -349cc2a5658fdbe9ba5c350d3b25baa38b1ede01926694bd550d36883e53d8758e8f1ebe83e2f4560605510413a7d880929e2d9cbc2730b1736dc2689cf7bbcdc68a342b6398e547a9bd67cabe298796d76b98ed4c1dd9c22e36145892e8fcf2258529aed24252a70b6ca8fd2aad8a84becf7e1bf98b1e9bb024b8a8 + +Square = daa3835d3189ec9ade592e6076e76d441838077a9431273bdec02379b3a6ac38aecbbd57c3755ea58ddef8105ac28f2ecc8598ec0c4bfc9c1c80222fffc776722eb0621cdd8a0d55f08767fc2922282a76e529d81e4d6e21a2542b8c9a403709ed1132e3b52786b81e684591438fdddb5df2f0b72e6b39cd2db6c0cc55c759c2dc1b6ccc20a5cfd10c6fd345fc766035c7478570d4ac534db3fdb718e2bdad3d096b137bfc09a562043800957e2afe4fdcfe292881f6189edfce52370c0438c2822ce3b14d73b3eff32f7e5ca97e989326b4e3a8fa35544193f8590bbb0ddb1f914894ab87998090771a0be1fd23917cd792be86ea0b98e6eb24 +A = -ec953f1b7ba7d561edaaa23076987daf86f50e9a66c36f0993290549a9006dd9d424885c0fa77295cfe34fc81c5edce9e2371b3039ea18d8f998d1956196284e6d81eb1c62ecaa8cf3fcaca28ca7e64342803c8dc3c139080bdd4a1ff30d7288b085a579d9e90903bd363b48f2072bb6fbfbd9ba2cab30a8a63784d246 + +Square = b33f4f3ae453058f4e865ec78f0844bab7af66a97dc2f265ca73ae2232777474bfdda39e10652d7386c16f145272192af728893c3d8a8e92c60d77722b924c30269ff5a399a2449ce15e50320c528c22655ad06227ac4efe5a993179ec61c2fc9115f89d75b53961fd16f7797657f6fbf55662b019608a1d30f64a2c0838e0018b7526921fdd34fd462bfcb2462b7065e2bc7abd57d71371e45dfd8fcfcc00a71f7e45430820747c9a060b72e4f6d2919cbffd00beb0c31a2bdc32afe2cc540b38dd04a2b73ae5ba481a6e535f37a757bbd6aaa972986213afadfa47cb7a15a6f1d443f93cb0ed824a10b4b7d82cae524a096b65ccb39be3c37c07f59 +A = 358da59ef65f62f633675764e292e5a68879df24a4727eca1fc4d232b3a6d936976c92eeb11456b5e8c11319838c145c6529d2f3acc828e55b8274bfe9afb5db241b102715f8e8164e454ef39f13ff1b37cf367a5a66c4f743c750896b7c3c29026e448bb36c6c06b0d9a3d048086ef0c3cd922a02e794223f388b5d646db + +Square = cd4246489f6f221f920acbd8bdcdd17f47d2b77268f72254de4190685c123e8c5eab8517fded1852e8316c9e549d3fa355142d91b2921a3c94aafd8862cd2235429340da38a2af131b8d002f17662354f5805f6a7af7afb6dbd2f641036600614cea42bd8b24d86a5109eed29c0865a5f30c5291b1d1ef3223f9b9826dee773d98ce972da92daa19e843f84ca5f1cd77925a3c1117242ab0fb509b94a83f8de4fc8d21f856f37a4d025b3024bd0dbb6d8acfda4ab2993fd6eb7a7448d4f66ec725d37f0eb14eb242c0ff3f0c4572ba6b98a4ce905fe1b7ca3daca56c225171428c56af938fb66b37e99e54139157bbf41f536989ef813af738837afcd62290 +A = -e53ad05c88568f09f616797f0b7f2756fb543d691ec2a5b645c1e5892a247302826419a35b1348cfd2c1c569c23c31b4c46d6c57d4a488c29ab5beb77904d4adfcd0a01ea0a26bb0cc8790441cc2c8c900f030d7315b4319f1a3cf5685a140e03abe6b94730ad79e8de1f4a0cded86a3d6cfe2db267fa7dc9b2bb32872a90cc + +Square = eea8028b26e0df090504d54da714a6f5f2695202e53cff479c78aedd47a8dc676243ec586740fde53b3eca9ca02b91031ce766242184109503fbe25b1b6d318e3cd5970fabd16dfa22984dd2e9f1e0f14c189170fc69c031d66663703e6235a942d51a4545bd7b0769d01d302ce2b00b83f01568a1e378f61fd0ca6201b0490330580cd9de85719e174a71915d7efbf65cd73d8f4e66f27e0dd3144d58ec09ed0f7ed7d1238ee596922807100fb7a11127944ddcdec6a9ca3bbf6df7301e354f3f049bfb7c275b43c3d8cda5907a932fba507c9145ea3166081c1b48fcc710ee32cd931f936c796b14f8a78a592e67753a7c9e428a01719c8ba82652f3a89fae110 +A = -3dcb44be1e54c5a5d7db48055ca9afa1ebe2ae648aa6e16ac497502a7deee09ffa124720fad0ab163ce8b3ea6a90f110ea52b67dbc424d0cf1e8c9726dfd9e45bebcefaa5cd5706edeed27896525f31c6bbea3d67ee97badefabf3e2532470b66e3ae3100f66ddf50cf02fc3a8e3f44c304251d3b6a7ca3a6e4bd5d16a41bd97a4 + + +# These test vectors satisfy A * B = Product. + +Title = Product tests + +Product = 5befab3320f8f90542f3120235abd926aac3805a19e343f690 +A = b057af553afb120db6b7764f8 +B = 857734c4c27a1d17f7cf59dee + +Product = -ab1ce167f4b2945c55ae3f87df50ad07d4be87cf9f8aa07b0c +A = ae7a6a87ea8981a567d0b3ecc +B = -fb0fed5f8c737bcacef4d6cb1 + +Product = -c2606cd48e6b075c8da79eb4668e7157f1f175c2860fd4c475 +A = -c28dc31984d4583e9d45424c3 +B = ffc4581a5c3f885cf42767e67 + +Product = aa6805b5408aff7f914472756da07830dcad902834dbdd6944 +A = -ffa07ff9f503511954e5dd3f9 +B = -aaa7af472ad8957763f5a7c64 + +Product = 58ca2569173389df29b5ce4b784086055dee821a7243db7210 +A = af417d936f4690008811a1ae8 +B = 81b26b80b43aa65aa55ded52a + +Product = -a043d31dfce8bd01724d31c863d0a64f1bf013509d77737c42 +A = fb5fae5edefb6997d44a1ecd6 +B = -a336e50c6f7845a1686cc88a3 + +Product = -b5d6a45ffce851b201239d938ba551bab7dcb59fc11fc35fce +A = -f918faa58bb57a2ffb8b01f05 +B = bae08c3006fade695029a1df6 + +Product = 6f2fde7d1a18625d727c6345ed85e597d546d9228bf7f0564a +A = -8d108d7a16f0696d4ceb24445 +B = -c9c764cae465207097ef8d2c2 + +Product = 93808b1140841dc9735cd61c6f855ddbbb83066689b0d7e1a0 +A = b386d08daf3fa2154e9c768d6 +B = d2557dceb2d02d04d9c578670 + +Product = -ad04212ca8cadb1f7861c5130ba3a747046a2a7e4a0c72b69a +A = e4e5f7d1311e0c5f2e404d55b +B = -c18057a328d8c7375afdfd4ee + +Product = -685e75c232f2b4a0e455fe5ee8aea52f292ad8b8178320e692 +A = -a683312f132b2320632e74ef6 +B = a0758f12791453b4af354730b + +Product = 6f588c53185c503dc5b0dc3002d3817ca2e7eb2370b3e9a647 +A = -d70c9b93170261091f0c53f27 +B = -848c86c51a186ac4c9080d3e1 + +Product = 5e3bc5a04e054a9a244bf7c86cae215072fdb70e9199989427 +A = 898b64ef09d7cf63966e1a3b5 +B = af638b12f26aa5d12e97439eb + +Product = -8d8372b235b16108285203c03a8aef6fdd3c0e1a9fd31d4f68 +A = f6003dc83818c14fbe36c9998 +B = -9343f6cbcc81fa4c9399dce5f + +Product = -5ee6509abeeb7af7fc5caef40d1822ad3150c8d74f522dc7c8 +A = -875ff6f56ca72cbdf614bb9ca +B = b375a68a21dfb1f159c22fa14 + +Product = ada25be404a17385af5a330da799e5909da81bfa0715baa6f4 +A = -c9b8df392e76abc3eb7d5ce04 +B = -dc5ab818c70594dd917b4243d + +Product = bb24422ee4656ddfcd50ec38201b15baf679d3b75e5cb878ca +A = f8e12cf4defe388b78510f687 +B = c07ee817b4ae95c2915b88966 + +Product = -93da296ba164c7220a17330647aef0980c94eddd2cfa2a3b2d +A = bc5dc74ddf7a1363d1c2b1f25 +B = -c8f069bad7f93cbfe6df51169 + +Product = -6b2e1d132c4e0b0dc9b7e7de7d424fda5180480cb5ff47c755 +A = -a8048acb66a8bb88df39266e7 +B = a34e0b265d71435ae8c92a463 + +Product = 6ccb2cd93783576a8602ae43f41c786008b6623a4cca0a010a +A = -b071f1f54790c951c1dd2a1cf +B = -9dd89bb4d9b546207e282e2d6 + +Product = 5c742ba47d0d64bd97509927ce957deedb855766cc24c60016 +A = b44f3f252c368096fa62747f2 +B = 83439b97dbac579fa4f7b7d23 + +Product = -7347ba65691c913286c2fb55e45b177f031c1d86ae0e9f654f +A = 937cf0643ffa53cdea24d642f +B = -c81881f78243dd5737a7d28e1 + +Product = -9bc0649a703674e59f83ff9b8a560e5cbf51f65ca310f80f95 +A = -b536f8d9769be6f62da941ae5 +B = dc0746fb101881ae0cacde6f1 + +Product = bf4992fc3a124de350f9fb90ea825cf663b1fa051282ef22e2 +A = -ff7eacc7de1bb01d668c693aa +B = -bfaa6627f9fc7ba68ae41bb2d + +Product = 7c8992d34cc0b63f1c953f68d4e12a99d3f3a34d16bd76caa9 +A = 9e0d5a850d078890a983c0ec9 +B = c9b72c118b3e1f1023a696ce1 + +Product = -a75840c95082b9a0ae0d6e0a4eb5e09288e4e2a66e9697d9cd +A = b2b042a21045a74ef1a5091d9 +B = -efbf8b120b384e869692a1b15 + +Product = -a510b333bdb4ed7479c142e8fbe2b12f7671a42acbe16c0998 +A = -e7fd5e0bb5496b9d876c27f65 +B = b6262653b2be44501af1d85b8 + +Product = a1c1e90afc4684754155526e307fc6ed798746f347bae2c880 +A = -b84674832b26ded0a690a8ff0 +B = -e0b7bdf2fd05a038ed3640b78 + +Product = 5588e0c33bffbefcc5695ca0615abd383343f21a8a0d22b222 +A = 80cad81ad9a66ab6a1c2e5669 +B = aa0453a77c8af1584f54750d2 + +Product = -6460c2fcd6cf3304ab163ea883ac48e2031cd10f2e9014c0ab +A = c49ad3d7c8848d4fbf913b10b +B = -82b3dedbe3cc7cd532ad632e1 + +Product = -a18717330b711669e85abde8c4dce426529aa621ba3da2a477 +A = -cab4a9c0a331a5a5e826dda1f +B = cbfee5041c13075dfe3399aa9 + +Product = 8ab6282ee892b53c083d319a9dcab48af97a1ac8493c0bfcad +A = -f7d13e47f9aaac8c25f9bf75b +B = -8f4aa95231c1e2336aa092297 + +Product = 8f2d1c23c78777ed371f13155445ca3c88cbc0a9b299bdf9d3 +A = 9d8248d00defce1ad081337c3 +B = e8b479295ecd9cef7301f24b1 + +Product = -86d5e0c5b581fe59819730b4b71e33d1f85f9ab504c7dbe2d6 +A = b21b45e88acff48562a19729a +B = -c1cdfebccc763beeac394b997 + +Product = -484ca05aefa113bdfcb1bc623f730c9f9555b462a8ab4c9606 +A = -8c12b406c02c4417163c0956b +B = 8422b15c80c1c087b17eedd92 + +Product = 614c3c91f60050c785fd229a3ad74674577a90cacb654e0a5c +A = -93d45bce155a23a397506d96a +B = -a87e339c3fd5aebede5fb1b36 + +Product = 9683285f194a7e4feeab196a36bdfc4f828035fd184b9cc692 +A = f196d8fe760fdcae7eb60e2f7 +B = 9f7d88a2163ad818bf3a6377e + +Product = -988a64599c19cc64f3cadc1a83fea6550185f6cc3ab82af822 +A = d0584b2a306671e4d2c9d0c7b +B = -bb6e7559df199c68d6df3a3c6 + +Product = -68456814cb0edd951196d04c853172afdd5787a5bd69a57876 +A = -cefce1b0a1fb22862418bb597 +B = 80f614139947aea5e76cd55fa + +Product = b4b1cbf5d6566e7a57aee0cc5c9c8ec4ad885e8766aa7662a4 +A = -d68ed1bea046c6cad057e21db +B = -d7988b9be54f6e332d019032c + +Product = 6b09212675ff5257a1384371e17b37dcc268bbb141577902e4 +A = a8208053adc20a609d5d01404 +B = a2fa927c5458c4fe662d7a3b9 + +Product = -8361bc26f9bcf55f677e047d822d3004027da0d0455b244d10 +A = e82b6410b29020c2d6810a977 +B = -90ddfe0e7f0d6b9cdc0815f70 + +Product = -f1b6da00923fd513a83e32040a515649fbd362f69ebc016d9f +A = -f9b697d9ec774a8d1ee5ea905 +B = f7ccb46a8869cb028492bed53 + +Product = d06206963f2e150bacdb32c823c3a47f013d5a267c3c0d0c88 +A = -ea8e63afa99c719897ad7f2ab +B = -e36f11f55b6148d1b4f46e598 + +Product = af774a5eae6084df5ca499ef005642730adabf6a4f9533e2fd +A = e4c7af7eea3ec9cc2443b7319 +B = c457bc264c8461789931baf85 + +Product = -76350f428bfbb95e6c253ec0f457aa84cebe8c7cb1af2a2120 +A = 8fd1ff97465775d44dee58ae0 +B = -d268a7d328f44baf80e35119f + +Product = -787ae3f114f9a8dd4d249d5d3f3b0897b02564b9469416cefe +A = -bc0b398bd0ec045b0cf147b7e +B = a4050955c234e473257d0c641 + +Product = 9d6320b3d4aabac097a079b9bd2aca7f1898bcab0f23409fd0 +A = -9d7a4ebac630cc0662b816fb5 +B = -ffda517d3eb3214986b04e290 + +Product = 80bab8bd800ac8c9dc3bb57dca306f10af6fd88c5d8314833c +A = 834bc50140d6c6ab938dc58b6 +B = fafee47793cbc533b3c66af3a + +Product = -b08920f5922226b1dec87151ae087d8a7e5c1aea8c9be148b6 +A = bfd5b1ad323c79428cb2db36a +B = -eb956a10edebdd658e6810fcf + +Product = -6d428e08e8350bb4b0fae3b662c82df2aef7beadaa17430dbb +A = -a57da276998c548101f514e9f +B = a9040c1909712e1149d295765 + +Product = a57da276998c548101f514e9f +A = -a57da276998c548101f514e9f +B = -1 + +Product = 14afb44ed3318a90203ea29d3e +A = a57da276998c548101f514e9f +B = 2 + +Product = -295f689da6631520407d453a7c +A = a57da276998c548101f514e9f +B = -4 + +Product = -867614005cc204a8d19720fe13 +A = -a57da276998c548101f514e9f +B = d + +Product = 12bf3b676f64e5929d38c35e803 +A = -a57da276998c548101f514e9f +B = -1d + +Product = 24d8f92c68303ed0b96f91a8167 +A = a57da276998c548101f514e9f +B = 39 + +Product = -49b1f258d0607da172df23502ce +A = a57da276998c548101f514e9f +B = -72 + +Product = -6fd5e6ca25c3d51b2e529f22173 +A = -a57da276998c548101f514e9f +B = ad + +Product = 1276d4705b81b82da4c7e82559d7 +A = -a57da276998c548101f514e9f +B = -1c9 + +Product = 1ddb9abfc5d4017f068a67b5f4fd +A = a57da276998c548101f514e9f +B = 2e3 + +Product = -3a8b41c914b1b4a4e341433601f7 +A = a57da276998c548101f514e9f +B = -5a9 + +Product = -97c0f4ba414d6e7d4c8b7ced84d4 +A = -a57da276998c548101f514e9f +B = eac + +Product = 1198739e0c23639c176d46d13f7c8 +A = -a57da276998c548101f514e9f +B = -1b38 + +Product = 159150954ee0dedf541e4dbac0ec3 +A = a57da276998c548101f514e9f +B = 215d + +Product = -441d4bc44c86f02ff12c3d91a1562 +A = a57da276998c548101f514e9f +B = -695e + +Product = -64726b76005ebee27592237ba5dde +A = -a57da276998c548101f514e9f +B = 9b62 + +Product = bbe4ec7cf7c5bbd198e0ea86bb658 +A = -a57da276998c548101f514e9f +B = -122a8 + +Product = 21f717d05681fd2eb1796776a69ef7 +A = a57da276998c548101f514e9f +B = 348a9 + +Product = -396ac788a1748bc6955f99be4d2c64 +A = a57da276998c548101f514e9f +B = -58d1c + +Product = -54a213eb083aed1a04f3d1b2da62e7 +A = -a57da276998c548101f514e9f +B = 82eb9 + +Product = 1366fb9c20fb14b8b9a9be4b3e3dde1 +A = -a57da276998c548101f514e9f +B = -1e037f + +Product = 238d65fd26da4733e5d93ab2485d40b +A = a57da276998c548101f514e9f +B = 36ff15 + +Product = -38272a99be154d531e922be405aee9a +A = a57da276998c548101f514e9f +B = -56dd26 + +Product = -64651b62b6a454c08951632c7f2c398 +A = -a57da276998c548101f514e9f +B = 9b4d68 + +Product = fb272e3597b816144f8b945ae6130e0 +A = -a57da276998c548101f514e9f +B = -1848320 + +Product = 280d9f5ed7243712ecb9a7c6358bcb8b +A = a57da276998c548101f514e9f +B = 3df5795 + +Product = -2fbb6bb8e1ba78cefc47fbbc20e188ee +A = a57da276998c548101f514e9f +B = -49d6652 + +Product = -57f29c13691ffa1642d2860dab9d288e +A = -a57da276998c548101f514e9f +B = 880c2b2 + +Product = 139c19d7668e6aabf2d7206cb0723ed34 +A = -a57da276998c548101f514e9f +B = -1e55aa4c + +Product = 2950ce04bf0cf836d4fe94b88fb757d0a +A = a57da276998c548101f514e9f +B = 3fe968b6 + +Product = -5175239488dad05a58414251496d2a06c +A = a57da276998c548101f514e9f +B = -7e020414 + +Product = -945ff0ed38bc6020cf679cbd3e0758c6d +A = -a57da276998c548101f514e9f +B = e585e573 + +Product = 11c69ae98f6b27e95477986f796bc67c8c +A = -a57da276998c548101f514e9f +B = -1b7f653f4 + +Product = 209afe75e8fb5ac76d13c06b545f5d4d73 +A = a57da276998c548101f514e9f +B = 3270154ad + +Product = -386d64b215e41506514f4988ed237e4da2 +A = a57da276998c548101f514e9f +B = -5749c891e + +Product = -6c13cccdb1d140d0babd52707ea72fa278 +A = -a57da276998c548101f514e9f +B = a72fb6288 + +Product = 136228a8a45540372b9b3cd7f82021f6546 +A = -a57da276998c548101f514e9f +B = -1dfc08a2fa + +Product = 1f0ad3babf9d132eaa08cf5cdb8f19dbf01 +A = a57da276998c548101f514e9f +B = 30050f2e5f + +Product = -50d615ce183258e95af77319b766fac81e2 +A = a57da276998c548101f514e9f +B = -7d0bf92cde + +Product = -817d358293b86a56a4e881e50257c549471 +A = -a57da276998c548101f514e9f +B = c84efb12ef + +Product = f09b9e80be251de474d726b16e25a6865fc +A = -a57da276998c548101f514e9f +B = -1743322a484 + +Product = 22996cb0f9c60e35dce49f3825f8a479db26 +A = a57da276998c548101f514e9f +B = 3585acec11a + +Product = -2b307a37c91791a61c0691858f5f783e4678 +A = a57da276998c548101f514e9f +B = -42cf6be3e88 + +Product = -8826698fcba6c30d755fc523de1cc25301ae +A = -a57da276998c548101f514e9f +B = d29cc8af592 + +Product = ae37fc99fd419809310782714530d7428d77 +A = -a57da276998c548101f514e9f +B = -10d8059d4a29 + +Product = 1d544a20f9bc7d95ab67d1f65743979f23bba +A = a57da276998c548101f514e9f +B = 2d5eadef1c06 + +Product = -367897184e9929a0294d320f10278889fbeb7 +A = a57da276998c548101f514e9f +B = -54431582d0e9 + +Product = -943a509076a00060a2e7fa1cddb7468d734a1 +A = -a57da276998c548101f514e9f +B = e54bb102f4bf + +Product = fcce6e42879af5ad13545c0bcaab85b690cea +A = -a57da276998c548101f514e9f +B = -18711db522cd6 + +Product = 258c49f86d0cbb14ae9edbd3456be8cede2022 +A = a57da276998c548101f514e9f +B = 3a1562c7c269e + +Product = -4a8bbce59ad7daa51136d557f7fa16e9a2faad +A = a57da276998c548101f514e9f +B = -7350e780b0f33 + +Product = -82f53ec9333275d5cc271876a7db936db49280 +A = -a57da276998c548101f514e9f +B = ca94ad312dd80 + +Product = 11daee4fcc713db5b2806e47fa5dff3b5b770eb +A = -a57da276998c548101f514e9f +B = -1b9ed6758f9635 + +Product = 17038cac4f0c94dc24985ea108ae6682e175752 +A = a57da276998c548101f514e9f +B = 2399b8a9b1116e + +Product = -37e5f14394bf347a3ed061769fe8e6424af4348 +A = a57da276998c548101f514e9f +B = -567840a7569fb8 + +Product = -9253d4a32a88d8f725984514d969012ead7cc9a +A = -a57da276998c548101f514e9f +B = e25b246f733f26 + +Product = ace3648371c16a931d29004e79f5b9678391da5 +A = -a57da276998c548101f514e9f +B = -10b717b27b6a13b + +Product = 1faa5b45d04c143c339b09d3aad94d39b94ef960 +A = a57da276998c548101f514e9f +B = 30fbd672e106aa0 + +Product = -3fdfe246d27aae0d08d63b2bc501461d2bff3b8d +A = a57da276998c548101f514e9f +B = -62cef5f078a8253 + +Product = -5b792bfaeff04ee3d948cb343a249d49eb344f57 +A = -a57da276998c548101f514e9f +B = 8d805ac65649c49 + +Product = c5f824406161eec321da5a58e3e00d393b55abe9 +A = -a57da276998c548101f514e9f +B = -1323dd41d2e1e077 + +Product = 2226dec8a57be8e84e42559007e2d101ccbe67f8d +A = a57da276998c548101f514e9f +B = 34d47842b5d0be53 + +Product = -340f50f812c7420b502000940788a700f6769788a +A = a57da276998c548101f514e9f +B = -508836d8e1193d36 + +Product = -a00f1d96e19c590479625c5329a87774b5964cc78 +A = -a57da276998c548101f514e9f +B = f798fc858657f888 + +Product = cb94f830cba8997331912a6a31c34f1bef826d121 +A = -a57da276998c548101f514e9f +B = -13aec7a5c52a0883f + +Product = 16b45140b048d6dc0b9fc811df7ce7dd88357fff04 +A = a57da276998c548101f514e9f +B = 231f27f3e347bd67c + +Product = -2aa94179351b4e87de5849ab619d94f47450640199 +A = a57da276998c548101f514e9f +B = -41fe3ec2189599cc7 + +Product = -5489401d3da93158d4284e557d74016c0a7cfd935a +A = -a57da276998c548101f514e9f +B = 82c5281df41bfc066 + +Product = ae04d5b212ecfc9a6d7df07794d565df52991fb70e +A = -a57da276998c548101f514e9f +B = -10d3139229f5d02432 + +Product = 27821bc811f45d63089790b41d307be978d4b19564c +A = a57da276998c548101f514e9f +B = 3d1da85cc012b3e234 + +Product = -3de3c9e9d7fa3020a578706339314890dccf63096c2 +A = a57da276998c548101f514e9f +B = -5fbcfb28bfc9044bfe + +Product = -627dcb299a6720044abcf11469bdfd3f951edbb5bf7 +A = -a57da276998c548101f514e9f +B = 985b930517b78e6ba9 + +Product = cc0622441497a37fddf1856d5e2c99df52b99ea4573 +A = -a57da276998c548101f514e9f +B = -13b9b88948fb7e95cad + +Product = 1a5168e1a492210591ad1ed660adde9110390e4caf32 +A = a57da276998c548101f514e9f +B = 28b631c6e04b6ab0d8e + +Product = -4d8ec27b7460ce616421b9f5cae708c2ac241daa59b4 +A = a57da276998c548101f514e9f +B = -77f99bdf1eb09da6dcc + +Product = -55afd796db7bce822a00073fc8926d3bd0c79772f036 +A = -a57da276998c548101f514e9f +B = 848cdd6212b9bb3620a + +Product = dc494b0d73e8ec07cd2bb6dd8191d2b4d48e7700cc34 +A = -a57da276998c548101f514e9f +B = -154c39567bd8be5f6b4c + +Product = 240e9301b4345b914ecd91a49a0e651524dcecb6fdc6c +A = a57da276998c548101f514e9f +B = 37c6e7ee89cf87674814 + +Product = -39002ecfd6d96661b336157ccef6536756ad2e9219be3 +A = a57da276998c548101f514e9f +B = -582cdab09915a652203d + +Product = -695f49fc891d53f396f0593efae3973082b76d4f9e944 +A = -a57da276998c548101f514e9f +B = a30074dbce2246af043c + +Product = bba2b7b45b97cb0d7fb30fed95089870742ad69e7aed7 +A = -a57da276998c548101f514e9f +B = -1224195afc7b394ae8cc9 + +Product = 1910edc278515ab7d4cc09b496dc3c06c32c75bc7368af +A = a57da276998c548101f514e9f +B = 26c6701c39334169e7bf1 + +Product = -3670b7f9b661aba35ce50984d83173c84c8fa60e04d100 +A = a57da276998c548101f514e9f +B = -5436e84b4a29858a68f00 + +Product = -7fa0d3e0082b37475342b7e22e5dbad7b8d4cb5d64f871 +A = -a57da276998c548101f514e9f +B = c56e0f44fc63bca242eef + +Product = da7fe3367ce640fa5941c033ac1874312f10ba5950da75 +A = -a57da276998c548101f514e9f +B = -15200043166ff309f0426b + +Product = 1871d72481f66b1d413100edd6b339cbbaa67b3b2b3cd57 +A = a57da276998c548101f514e9f +B = 25d057879db26fa29a5e49 + +Product = -3cf1dd1e2df3456757d72f35353c3c7a659b2ef844ad857 +A = a57da276998c548101f514e9f +B = -5e46be70de21949df67349 + +Product = -5e861cbe47aefab2a7ea59292aab1258932b9a322f66e63 +A = -a57da276998c548101f514e9f +B = 9238670897685a6c9cbdbd + +Product = f623344788efb857db55c924e95a437effa4dc8bb2bcd24 +A = -a57da276998c548101f514e9f +B = -17cc0ec84c228225a7cf45c + +Product = 15514c916b0ae7cde6add16c629d3e19ba52a101d75dff72 +A = a57da276998c548101f514e9f +B = 20f9f925b3ed307edbb154e + +Product = -460cf5b14f9d0b547c3084bf44207bf881745c409b08d07f +A = a57da276998c548101f514e9f +B = -6c5cbfd29f3dae1dce99221 + +Product = -5ddf7fb91d765af97dfda5333d8779e80837c2b51cfb4f43 +A = -a57da276998c548101f514e9f +B = 9136aa79080defd1bcf90dd + +Product = 12c1a0edfb6ab6a0caae2553fb3743827e1470a8954e0a3fd +A = -a57da276998c548101f514e9f +B = -1d03b512470dc3052779f3e3 + +Product = 28388a244214abf046488a8d95308d95f021eae4b994a5a52 +A = a57da276998c548101f514e9f +B = 3e37dce784274962ff862e6e + +Product = -4da476e76119deef291c0f56934a912a0877278a19a561ee0 +A = a57da276998c548101f514e9f +B = -781b2f2dc40094a7f8fed520 + +Product = -5792496d33dd45e225f9dfca17419a04e075ffc0c90b37b82 +A = -a57da276998c548101f514e9f +B = 87772a4fb582acafd3e4ef3e + +Product = dd3a3506a7d748de16fb43d666928a87de0354d8e8a1bcaaa +A = -a57da276998c548101f514e9f +B = -1563841bf7851ff158a395716 + +Product = 24e8fb09a9ab0808ff643122479dea5ed41060c6c5b74e8752 +A = a57da276998c548101f514e9f +B = 3918c30b5568318a58e9be16e + +Product = -366c125f96b38b58d01c939c27c4100af3377eabb792b5491a +A = a57da276998c548101f514e9f +B = -542fb814f45924aa09a16f2a6 + +Quotient = 0 +Remainder = -1 +A = -1 +B = 2 + +Quotient = 1 +Remainder = 0 +A = 8cdaaa7c422f3c2bb0ace2da7d7ff151e5bdefb23e6426cf3e6b21491e6e80e977bfa6c65931a8dee31fc7992c0c801d5d7c +B = 8cdaaa7c422f3c2bb0ace2da7d7ff151e5bdefb23e6426cf3e6b21491e6e80e977bfa6c65931a8dee31fc7992c0c801d5d7c + +Quotient = -2 +Remainder = 1 +A = 107f0e6cebfe22ac11294a06fed2b994d01c9b3610d50bdd254adafd08c93be8ebdd1e85e1286fe9c9e682a90cbbd6351681b +B = -83f873675ff11560894a5037f695cca680e4d9b086a85ee92a56d7e84649df475ee8f42f09437f4e4f34154865deb1a8b40d + +Quotient = -4 +Remainder = -2 +A = -3d8746ae2123c2d3f1d35910b42af1f86f5e81f8e98986cea20b2a1bdb8af6cf111f1258f112c837accdf4868463fe9eba536 +B = f61d1ab8848f0b4fc74d6442d0abc7e1bd7a07e3a6261b3a882ca86f6e2bdb3c447c4963c44b20deb337d21a118ffa7ae94d + +Quotient = 8 +Remainder = -3 +A = -5645d65662eaac73050de06f8f982a9b2ae680467712284be3e2b0e58ef4bf4d72b5be5e12ee1fd803b47f161759662ff5c4b +B = -ac8bacacc5d558e60a1bc0df1f30553655cd008cee245097c7c561cb1de97e9ae56b7cbc25dc3fb00768fe2c2eb2cc5feb89 + +Quotient = 10 +Remainder = 4 +A = 813bc46ee19ffeab364073a89f96913f340d43ee72129ea9edac1beb4ebe1336450d2eabc7b26e51c400cec60d6ee459033b4 +B = 813bc46ee19ffeab364073a89f96913f340d43ee72129ea9edac1beb4ebe1336450d2eabc7b26e51c400cec60d6ee459033b + +Quotient = -20 +Remainder = 5 +A = 12805392c55ffa0e27e85e15f2b339872793664e9ed3074cd2600aa52459a57197130d1ea46775ef43115c9413248cc7b34805 +B = -94029c962affd0713f42f0af9599cc393c9b3274f6983a669300552922cd2b8cb89868f5233baf7a188ae4a09924663d9a40 + +Quotient = -40 +Remainder = -6 +A = -3579fc4d6083394c691b060cf9e20318fe17da0487337f76710bd11512578830ba94ac7b587a2d5ab7cb4afe611e349cdcfb86 +B = d5e7f135820ce531a46c1833e7880c63f85f68121ccdfdd9c42f4454495e20c2ea52b1ed61e8b56adf2d2bf98478d27373ee + +Quotient = 80 +Remainder = -7 +A = -74ebad4b39ebaaff82cd91082408c979527907c363d8f0f75db410523f8477c074c45ff85851b6275b1ebc5279029818e78d87 +B = -e9d75a9673d755ff059b2210481192f2a4f20f86c7b1e1eebb6820a47f08ef80e988bff0b0a36c4eb63d78a4f2053031cf1b + +Quotient = 100 +Remainder = 8 +A = d2d8a4419fb3b1c22bfca04ca08c2ee066ccbc9fce2f41861b5eef91efd3c13eeb7eae5abea0ef1849662cfdfef7bbff892c08 +B = d2d8a4419fb3b1c22bfca04ca08c2ee066ccbc9fce2f41861b5eef91efd3c13eeb7eae5abea0ef1849662cfdfef7bbff892c + +Quotient = -200 +Remainder = 9 +A = 1bf534da2f4365c96fc5dd4928e73ac24b157b5136ead90cf6596033ec387a2c14bca828000ae1725f3a5ace8ad67a8c07a0a09 +B = -dfa9a6d17a1b2e4b7e2eea494739d61258abda89b756c867b2cb019f61c3d160a5e5414000570b92f9d2d67456b3d4603d05 + +Quotient = -400 +Remainder = -a +A = -3a172cc9483774544311a1366659d9e61cc9fac7dc11c68e36aa991ef4d5e96becf5bac3e0967c904d926617ea11bb9551b980a +B = e85cb32520ddd1510c4684d9996767987327eb1f70471a38daaa647bd357a5afb3d6eb0f8259f2413649985fa846ee5546e6 + +Quotient = 800 +Remainder = -b +A = -5ecff3a3e47fa615b6e3ce2dedfdeefbfe1d437c394631820968a9650b59dc3a2dd1c9a0b06537e4e5c408a59e580921503580b +B = -bd9fe747c8ff4c2b6dc79c5bdbfbddf7fc3a86f8728c630412d152ca16b3b8745ba3934160ca6fc9cb88114b3cb01242a06b + +Quotient = 1000 +Remainder = c +A = d3ef80fca0ab3ac3432b22e2b485131d816810c39d02a9c82dcc05ec5e6406bc216026de3abe53ab103ea3b2ddbc2ea377ae00c +B = d3ef80fca0ab3ac3432b22e2b485131d816810c39d02a9c82dcc05ec5e6406bc216026de3abe53ab103ea3b2ddbc2ea377ae + +Quotient = -2000 +Remainder = d +A = 163956bc32325f28f48d41d32bb08d2a9c4ccbb0d818368fb13941e82b27da21d04094f7e897ce79c2d0ff8470505f1ef63fc00d +B = -b1cab5e19192f947a46a0e995d846954e2665d86c0c1b47d89ca0f41593ed10e8204a7bf44be73ce1687fc238282f8f7b1fe + +Quotient = -4000 +Remainder = -e +A = -3763f8e43bd05e6ffeec6d509bbe6ff9a9022ced8cb191c9abaf5fd0e0b75a53e2ad581455e3af09e702a77b164ed3fb54ae000e +B = dd8fe390ef4179bffbb1b5426ef9bfe6a408b3b632c64726aebd7f4382dd694f8ab56051578ebc279c0a9dec593b4fed52b8 + +Quotient = 8000 +Remainder = -f +A = -531dd44dfa9e79a5aec8fa7c84bd3b753c146770d22d2c14a6d2125f7ab95e9b320e84c31cf3e0d883e1295a220f2a546550800f +B = -a63ba89bf53cf34b5d91f4f9097a76ea7828cee1a45a58294da424bef572bd36641d098639e7c1b107c252b4441e54a8caa1 + +Quotient = 10000 +Remainder = 10 +A = 900996b61f58713f0755e68bbdfa4e0bb47f034bb0304f77829847923d14715def1771f43b526c41b9667438b434d2b966c20010 +B = 900996b61f58713f0755e68bbdfa4e0bb47f034bb0304f77829847923d14715def1771f43b526c41b9667438b434d2b966c2 + +Quotient = -20000 +Remainder = 11 +A = 179d7ede3db0c105525286551331d5b9e1f97a7883f0c13cf250afe9765bb5aaa527af7945c19cdd4596565cbc8532a3cfa5c0011 +B = -bcebf6f1ed86082a929432a8998eadcf0fcbd3c41f8609e792857f4bb2ddad55293d7bca2e0ce6ea2cb2b2e5e429951e7d2e + +Quotient = -40000 +Remainder = -12 +A = -293dc443c294c6a6c53dd49e84f58305d59a432afb6c7ea2039cd02a513231239571ae07f29b5427e869b9faa485511ca45980012 +B = a4f7110f0a531a9b14f7527a13d60c1756690cabedb1fa880e7340a944c8c48e55c6b81fca6d509fa1a6e7ea921544729166 + +Quotient = 80000 +Remainder = -13 +A = -5b637eb8aa51ef15a18d9b144031c9756527fc0fb96c84b6df03700e5079ae1b3e96940a2c1e07f3b47ad8a9b2b8ca99171a00013 +B = -b6c6fd7154a3de2b431b3628806392eaca4ff81f72d9096dbe06e01ca0f35c367d2d2814583c0fe768f5b153657195322e34 + +Quotient = 100000 +Remainder = 14 +A = 87c846f5469d4c5819aed0c7e77797209b2c1b83a7a0e2be70280b9f30946b5db9bd0f25a06cf4bdba1c7183a1b9eb75c19400014 +B = 87c846f5469d4c5819aed0c7e77797209b2c1b83a7a0e2be70280b9f30946b5db9bd0f25a06cf4bdba1c7183a1b9eb75c194 + +Quotient = -200000 +Remainder = 15 +A = 11c2a4509f419aa977c3d37fa446fcf21b4b3b9f983fbaddeba4f51c285ac4032200711a54cc6edf24297b1f3d46ad020131a00015 +B = -8e152284fa0cd54bbe1e9bfd2237e790da59dcfcc1fdd6ef5d27a8e142d62019100388d2a66376f9214bd8f9ea356810098d + +Quotient = -400000 +Remainder = -16 +A = -39e37ae0edd92b957e84682358039f5e432c42492a44f3de01cdf74d643760260f2837946608663e12291e9b0695449c1153800016 +B = e78deb83b764ae55fa11a08d600e7d790cb10924a913cf780737dd3590dd80983ca0de51982198f848a47a6c1a551270454e + +Quotient = 800000 +Remainder = -17 +A = -72f725edd5a3dd6f20b5e9ca7da08a99f8ec9214c80588182c0d42e03bcff34b488b28c03cdf41813a6193c10672a8ee68f6000017 +B = -e5ee4bdbab47bade416bd394fb411533f1d92429900b1030581a85c0779fe6969116518079be830274c327820ce551dcd1ec + +Quotient = 1000000 +Remainder = 18 +A = 966df62c26acab2d3d1dbe729e48d0181c68e9f5eba45f6caefa38d60e34057d09fe620abb8640cec8cac755957aaad7c6fd000018 +B = 966df62c26acab2d3d1dbe729e48d0181c68e9f5eba45f6caefa38d60e34057d09fe620abb8640cec8cac755957aaad7c6fd + +Quotient = -2000000 +Remainder = 19 +A = 190790727c1514b4ef83a1c6aa07493c0af7087fbc8a675bfd9a1e97b8ef80ef684219d6c6f1a5fb5b919f105fd7717cdd5aa000019 +B = -c83c8393e0a8a5a77c1d0e35503a49e057b843fde4533adfecd0f4bdc77c077b4210ceb6378d2fdadc8cf882febb8be6ead5 + +Quotient = -4000000 +Remainder = -1a +A = -22d115ab02f8663d8c009960086a0275d301d358cd3b250bb9e7c16cc6ebed4a8fbe43bbced856d93be64a17377d95f5f9c8800001a +B = 8b4456ac0be198f63002658021a809d74c074d6334ec942ee79f05b31bafb52a3ef90eef3b615b64ef99285cddf657d7e722 + +Quotient = 8000000 +Remainder = -1b +A = -41f2e708ba47494a13607223b08e6d99c0b4247436632961d873804e83446dc97139ffaef3e25969950bd4b5bb4ff73b1a25000001b +B = -83e5ce11748e929426c0e447611cdb33816848e86cc652c3b0e7009d0688db92e273ff5de7c4b2d32a17a96b769fee76344a + +Quotient = 10000000 +Remainder = 1c +A = e4b52f78179039499c2f6b500840f41103fbd60eac0d7082297236f25189c18a8301a92f533945047fbb83427dcade334336000001c +B = e4b52f78179039499c2f6b500840f41103fbd60eac0d7082297236f25189c18a8301a92f533945047fbb83427dcade334336 + +Quotient = -20000000 +Remainder = 1d +A = 10888959278661bc36089519a215bda60f9ce24ff7c0ac1f543b6e652f94dbff1f32aa40cad2b4b4d676f16948551501c29f2000001d +B = -84444ac93c330de1b044a8cd10aded307ce7127fbe0560faa1db73297ca6dff8f99552065695a5a6b3b78b4a42a8a80e14f9 + +Quotient = -40000000 +Remainder = -1e +A = -3ada453530a180fda58533ab8c62beb4f693a134f512e4d23e487dac3b575e5390c0a90992400e402bb47aac93d46ded55f54000001e +B = eb6914d4c28603f69614ceae318afad3da4e84d3d44b9348f921f6b0ed5d794e4302a42649003900aed1eab24f51b7b557d5 + +Quotient = 80000000 +Remainder = -1f +A = -57879eb5d92d565daac3ac5173639bfe44b6ecc69ff770af57bd79c9b93841c5677042cb362b794f3d8b24b0d3b73ed1cba58000001f +B = -af0f3d6bb25aacbb558758a2e6c737fc896dd98d3feee15eaf7af3937270838acee085966c56f29e7b164961a76e7da3974b + +Quotient = 100000000 +Remainder = 20 +A = 89a2f1792afc54467955839eddc9ef2e37d391ce7a1a4a205291220c1f49f59ee31fc7a7a7f7706c199bf5c8c951a0d0743d00000020 +B = 89a2f1792afc54467955839eddc9ef2e37d391ce7a1a4a205291220c1f49f59ee31fc7a7a7f7706c199bf5c8c951a0d0743d + +Quotient = -200000000 +Remainder = 21 +A = 1c267719338a4562e934bc57fabe6da86ca534a34244bd38c15032f01f47c2fd498c83f644b345c5c661ada0e586a096bb63000000021 +B = -e133b8c99c522b1749a5e2bfd5f36d436529a51a1225e9c60a819780fa3e17ea4c641fb2259a2e2e330d6d072c3504b5db18 + +Quotient = -400000000 +Remainder = -22 +A = -250249f2185d4b428fa9534f03ef3cbed535bd31c56c0b273e6c3d35e0266f7777a6e59a99da5738b8e3af8ac60061d6716ac00000022 +B = 940927c861752d0a3ea54d3c0fbcf2fb54d6f4c715b02c9cf9b0f4d78099bdddde9b966a67695ce2e38ebe2b18018759c5ab + +Quotient = 800000000 +Remainder = -23 +A = -710b30c23c3c4e646ba90da33d2ce35af2ff181c40b02e3ffa607966730c6b6e274dd4c3c78e578e0b10f431f2d832274bf6800000023 +B = -e216618478789cc8d7521b467a59c6b5e5fe303881605c7ff4c0f2cce618d6dc4e9ba9878f1caf1c1621e863e5b0644e97ed + +Quotient = 1000000000 +Remainder = 24 +A = 877f1caf75e7166ef18484d0718947893fd1ec016984387debc55c19e378a487a5ddbb03a80a88316f6fca16ae148933e719000000024 +B = 877f1caf75e7166ef18484d0718947893fd1ec016984387debc55c19e378a487a5ddbb03a80a88316f6fca16ae148933e719 + +Quotient = -2000000000 +Remainder = 25 +A = 1ed1b7d9e4cf3d44ee98ef69850e61a39f54cc407c6795c07c887374441fd9ec258c21193f8a8c55802fb8f8c579cf94cb0ce000000025 +B = -f68dbecf2679ea2774c77b4c28730d1cfaa66203e33cae03e4439ba220fecf612c6108c9fc5462ac017dc7c62bce7ca65867 + +Quotient = -4000000000 +Remainder = -26 +A = -35d324ba37d2000f960ca1c9e1ab96e341a2ae6a5ea5cef014c73a39dde000d8ad9606b817ad67e4e4593cc5894d354854898000000026 +B = d74c92e8df48003e5832872786ae5b8d068ab9a97a973bc0531ce8e777800362b6581ae05eb59f939164f3162534d5215226 + +Quotient = 8000000000 +Remainder = -27 +A = -7039477c3e0a6f415e25e9f9b1dab1edcd8a23f984e7e3bc149c206a3b756b1be001450af4049cd4535e4243d7032afcf6790000000027 +B = -e0728ef87c14de82bc4bd3f363b563db9b1447f309cfc778293840d476ead637c0028a15e80939a8a6bc8487ae0655f9ecf2 + +Quotient = 10000000000 +Remainder = 28 +A = d6c59dd07409da98f7bbc7ee471b6e06c4d9e832e9f4d04ed9da63564d37d3072a950564cf549bb5d6e7dc85565d3cc8ba340000000028 +B = d6c59dd07409da98f7bbc7ee471b6e06c4d9e832e9f4d04ed9da63564d37d3072a950564cf549bb5d6e7dc85565d3cc8ba34 + +Quotient = -20000000000 +Remainder = 29 +A = 14d27a16a9cf2fdbc85b88a604dd8f0e57b5b34a27089d75d805e05fbb367dfa61c085aa98b896e3e53b85ef774a3fa52417a0000000029 +B = -a693d0b54e797ede42dc453026ec7872bdad9a513844ebaec02f02fdd9b3efd30e042d54c5c4b71f29dc2f7bba51fd2920bd + +Quotient = -40000000000 +Remainder = -2a +A = -3bd0119619fbb5b260c44050d61e6b1925a49713d754ceb06bafb1d730a93f199df654b153c40e75096ebbaf5a6ce3c801820000000002a +B = ef40465867eed6c9831101435879ac6496925c4f5d533ac1aebec75cc2a4fc6677d952c54f1039d425baeebd69b38f200608 + +Quotient = 80000000000 +Remainder = -2b +A = -61a283fe41d965ee770704bb453f689cb82a81089422d6d904a91776a06d32857220286e6ef6327807b724062dda143b46890000000002b +B = -c34507fc83b2cbdcee0e09768a7ed139705502112845adb209522eed40da650ae44050dcddec64f00f6e480c5bb428768d12 + +Quotient = 100000000000 +Remainder = 2c +A = 87bd03a64d9c56fe340137065ba36bd07b556119546dd1fc3ae087ead32bc79ca7efb5c7230ea7bfb00ad419096d9279fbe10000000002c +B = 87bd03a64d9c56fe340137065ba36bd07b556119546dd1fc3ae087ead32bc79ca7efb5c7230ea7bfb00ad419096d9279fbe1 + +Quotient = -200000000000 +Remainder = 2d +A = 1eb7cfb197d19f56ad994eca52d1af6466fd09da07d68d63067602046b2d42d3063ef5eda6b58afd69fd92b0b727a0ecde1420000000002d +B = -f5be7d8cbe8cfab56cca7652968d7b2337e84ed03eb46b1833b01023596a169831f7af6d35ac57eb4fec9585b93d0766f0a1 + +Quotient = -400000000000 +Remainder = -2e +A = -3ab858b3329e5bd0469118be52a867b2febbe2894d962cedeb3a5be1738db1cea106cd0710c9f6937348c2c63b109ae623d500000000002e +B = eae162ccca796f411a4462f94aa19ecbfaef8a253658b3b7ace96f85ce36c73a841b341c4327da4dcd230b18ec426b988f54 + +Quotient = 800000000000 +Remainder = -2f +A = -6137bae6cf7573afcbb6fd5c066ba37648cba8db0ecafe9dbc66959b19deabf42f3083719a2268b7602bafa2140a1ee8ce7d80000000002f +B = -c26f75cd9eeae75f976dfab80cd746ec919751b61d95fd3b78cd2b3633bd57e85e6106e33444d16ec0575f4428143dd19cfb + +Quotient = 1000000000000 +Remainder = 30 +A = d00fec043edadc093673e5f5abef0c6bacdf1f3faa49a831a645bf80db7539d657f69403b122a5c6f879eb8e63be54d35ed7000000000030 +B = d00fec043edadc093673e5f5abef0c6bacdf1f3faa49a831a645bf80db7539d657f69403b122a5c6f879eb8e63be54d35ed7 + +Quotient = -2000000000000 +Remainder = 31 +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -940693131e2ba7b2af531803794983337dd526f0d84d08d58723edf002a388d55c8502d88c2a2a6e78233a2a1b1c8d339a13 + +Quotient = -611b743a0e2acb1043bb33de50a59eaa0405b37bf6b622075dd69291fe5b53305dbfcc377d1f3082319c153d0c1ffb3b3346 +Remainder = -16e346b6a4297 +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = 30c77f3380ccf + +Quotient = b9e34073d5e6e5b9e5d2d7250150f8ad86870faeb88d5aed5029fb25c176de216e2388e0f5d33f7c3b56102873eb40b06f2 +Remainder = -16ebc86eb88339 +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -197b6f6ad5b75c + +Quotient = 141bc8752e846cd63743e6fce4a22efc3eb5f0ce46ba81b8f578c94c516288ec3610fc9923f45d4af2b94c0b0a20b48ed0a +Remainder = 9bab19f12d81c3 +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = eb90162ecae18b + +Quotient = -381bd85c951e1dd775b0d7fab344aadf06b1b592c643b5852fa44aa55159eedf3b3e47fe0d9f399ad92da85ab2bfd18240 +Remainder = 1e4f817a2f52b71 +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -546c109fa8a9d7b + +Quotient = -5e385a83b56830626cf8306acc232f955178080e86384bbcf92eec3a8961360223c4cfc1d8d118022972e61866cbfc46b +Remainder = -292e149300fdd1ad +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = 3246242094394c8c + +Quotient = 9af0246f4b49316df43f61ae3795a764fe9b1d071ce227982ebda7988a7a7a98129c94a76635c6913cb15e4f75ea1608 +Remainder = -dd3b3e32ddc79cb9 +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -1e928618913898b2f + +Quotient = 1fe40099811c648aa4e84e4fbb8cbc19706774a11391fc03a9667d8dc72dd0b26c4a46d0bae56ba90fe4bfac1517d241 +Remainder = 16e021603d30dde2 +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = 948887c1634f4b08f + +Quotient = -3f4fa4c179dab02ad461bbea8f890292c934496db560f72878323a4463d77ae261363f4dc8f53eab145fcc3815d3253 +Remainder = 407ccb4f0b814dc5c5 +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -4ad17434071e1ce664 + +Quotient = -4d17d19f7f6861189a520776339a1e425876808111c303e391118714370111151ef4ad2e6e84250f59b0fe09ab3293 +Remainder = -36f745b0f421d16db7 +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = 3d71635bcc25183cdde + +Quotient = b976d544af44e711351c6618106d3a002c42ebbe22fe939a2457d24e8dcc35c95dde5c7c77af6b4545344a198be82 +Remainder = -107334ab98e5099fec5f +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -198a54e35fa0cfa328a9 + +Quotient = 1307bb8e89aaff7466bc238d32672fbbde7be19d15423bcfa14f9a23fe85af9739b72807fd4bc420ad0b0fac37a42 +Remainder = 170ebe9b83d4c43b79ab +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = f8e923a8bbc0242eafe3 + +Quotient = -3925a167c1c4d2fae265f277302b989466e309a7211e0b7173031cbbb91ab7fac8dfe43c9d832764e222e9d8581d +Remainder = 4d404e93edb435dbd60af +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -52e36cee22274556059ea + +Quotient = -4d5a6ef346a872142b999ff9a5429198b3c2a97e968f55aa2c01583efe30e9687c57e2bca2372db4d3d443052b6 +Remainder = -3a2ea5f9d204dc31f21833 +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = 3d3c79a115d9071b573d2d + +Quotient = a49dee54430f1737a04543d5f549efafab25f0f28f5e304f1bbca191f99521c2c4be1b9927bde19e1ec2060bb2 +Remainder = -17d02758f8fcadca911a95f +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -1cc65a75211f2826c9d0811 + +Quotient = 1808ab7c0ccac2ff8f7cb61248bf4624fb60352a356fdd1408904f8c6fb0cc52b7642ec59183bcaf5dd89ca0ac +Remainder = 5c95323f3b8861261dc31ed +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = c516e6e3fa6e3dc52cf5933 + +Quotient = -437e04d7076794850aada0cb4ca7a1055df103e74e00766be6a2fdb2631bf294cdbf2695d0a2f8f9eb5587aa5 +Remainder = 1fc63797594c56160536faa9 +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -462ee529b488d1db2b6c60e8 + +Quotient = -5dde5497accc4575a412e7232ce75bdf7905936e09e382d5c9f133faf82a05ad9dcc94ad858aed34cc14c714 +Remainder = -15e79293d5e055f906381a899 +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = 32765b0a34c88864d39bedaae + +Quotient = 11ac52a9287472e1d3b8577b3d50c95076e190714796761322b3ce869d96b44387e190e824849ee345d0a22b +Remainder = -a158ccc7c055d64e7df3fbcf0 +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -10c061a37f6cbd11bf0c327643 + +Quotient = 1ff5cda1551867577c5ca72c86516a82fb8fc5f59ce967b73c6bcc1b85168389872c9a747ddf044d6dba174 +Remainder = 21e766a0020ba429b330a325d5 +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = 9435cd2dc2a92c950bb9e69b83 + +Quotient = -2719c892fa3f4dbc9951b2095056a16159adaf32dff902e20a800a0cc2e858ccae408f2161aae25d3e1f6d +Remainder = cafbe9caa1f83fd0dd3d5a6881 +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -7924e4dcf8f96da61f54bf83870 + +Quotient = -5080dc99dba295f4a2d9a474c2ddfa3b232a82fe629fe62177514988983eff8195b37d3fee3afa343b497 +Remainder = -94ae72f78982ac1ff83f300cfe8 +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = 3ad70d4b6b9b5f5b2eb65da67e1f + +Quotient = e475eebcfc53d49ffad2e0c2a4ba48fe7ce02c42ff107e01ab3fe5b26eee45c83c4f58c181d77c259155 +Remainder = -c83ac7582a02b47ee734e0f24dc5 +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -14bbcff5423a260b21895327b18bc + +Quotient = 201308a421b85291d23465d648ad2a8d6f3393efc16fb675a42ea7bbca635ddd8c2449b1b34e5db30a03 +Remainder = 8e07efb8ae4c9df39533042362081 +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = 93aebb72a81ba68e8881fd1a56a90 + +Quotient = -2584cc534f88f091fe471c652ac66a695906a7cde1fc1cde9be3ee09026b690c1a899378ff31f6acb90 +Remainder = 794801d9d5770a60e312b99d6b9f91 +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -7e408caf387a0ce9bbf4309c80755a + +Quotient = -63f7bfc0fe5a5421bc0a19fa6c87713a72eeb2a33e5eadee8c2f32c20d14f403ab8bdc424b9e8e0c68 +Remainder = -24227c242afedee2473c1a66a5cc29 +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = 2f622c665af7f8126eabfd90df8e9c5 + +Quotient = e557e6d2180aeeee5d2cef453fbdf38e84cc148f4608ade8836045498be2d318520ffadcea6319432 +Remainder = -dd290149e0e159f9ba6bb9f5a4b003d +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -14a7623d1d9dfc177e913d3119d0d30a + +Quotient = 1651d852316d472b41ba0460566e43fabb9257861859ad0fb6ea5a6433a4164299e078f4d50c58afb +Remainder = fb60aff5fdd2a2b794b0d973ac4d92a +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = d439da27b5e70342aa5cb365ece15665 + +Quotient = -3ae357761a8ff43d3b1bc53eb336260342a39d22f8fac44eeeac96c2f6de32580dd6a688faa9c515 +Remainder = 4fa6f7ee4faf2f6be99c5ce4b65cd642f +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -50700f9c0da59482165a47a3eda2bf07a + +Quotient = -543b4390e4e254226683aa0b83b2ca176ec27a373969fb88f766ac72adc9125ff83b2652e46afd3 +Remainder = -12ff398d9a7d9e97a7f63a0bb293c8fb0 +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = 383c5a4f1767e83fc382ad4f1c7c2b7ddb + +Quotient = ecb72c14c59d49287fb6b2cacdf04619ee617d5f3f0f1b2890fd4e79746a4fbd848613cf5eb437 +Remainder = -1035512a2717a89062d48f1bfd213333ed0 +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -1402b751a1e5f3fc46e22b43240d6ce9b27 + +Quotient = 1e800ddc5d5126f322298383f32fd593623eb88a91b2d68c5d9f56e20c16ffe2cefabe873570ab +Remainder = 72935d534bed5ba557b91ea023601f50b1d +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = 9b4df766c608ff3efe5ea1f65cc850fa73c + +Quotient = -2c2dc2378abceb983904cdf6728f361d279b4c821710ae785724a7251c43fe4f705f023afa7e2 +Remainder = 249f6433af4e8e224eb570fd438197af62f3 +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -6b382f812816c77d65c94c0c660b31a69b8f + +Quotient = -5f3ced1e42fbd3c6b2c6f1e16953e0c1bb6efb4e49566f974a968f69a1a66a3d7558f5a802a8 +Remainder = -317a7fb1af65982fe4641fbb1e5837e6ea3e1 +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = 31bc97372d17038fd842b72eaba2abb26df62 + +Quotient = af3fef8111c449b9e0858e7e53e1d00b764232f7a077d75043249c387ece30af351c8a40335 +Remainder = -a1493bcbf57a8480461d62796aa8f8541ece4 +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -1b076b2f7b78b4a0f0e24ba3a05d6c697efab9 + +Quotient = 196734cefb08f09cb32ffefc07da8d9545d3451d5a08736757184bad94c73be71311cf1e01c +Remainder = 273e33521f4d74840a96b3fffe169f79d32855 +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = ba7746f4400f812919a3dc86b00642e1487691 + +Quotient = -3c5989cf33145057a9c8e904435d12939db519cc6b9ca1c0a11934399cb139a73613950f2f +Remainder = 456ebf56c636d54e37709b9e799e83b7a08cb93 +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -4e7d4f389423f42e980eda55b4a6a45f6f4bdc2 + +Quotient = -8432cf3338bce1d12586f83025aea50cff3864af3eb2103a36bbb0aba10b0ba4831641633 +Remainder = -4f62c678137df301c4bef216e6aa910104e76ff +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = 23d4c57b5a8162aae8d937be12efbcfd7b96ec06 + +Quotient = 9f94c4399eef16dfc65a1e015e0786c86470299865932c4d564b71c9b1551a9c0308af38 +Remainder = -168b74a6073b4a5b54fa14aacb5c3bb7897ed0fe1 +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -1daecf01ec633610373b79e04c22cd7499012bc66 + +Quotient = 1d5b838dce6c0324f157ad125adefde6e1045dce9ff97cf8d1d39b79bce02128e3433ffe +Remainder = 3aa816216d55fc3c910a030fd10fbda1e12f2ac2d +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = a1598a12a84e9cba42ea0e200e88d4599c9f615fe + +Quotient = -3edb182b53890ca8762f3039d2d71a8a27c36cc884d0879e0635e6326af0182bc47cad7 +Remainder = 4610b2b1305220bc0de584dd3f87d90109012a8077 +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -4b5c2f1ba3a82047c9de61d47cbf1bec86b6ef90d6 + +Quotient = -7571ed4c509630886483f6ca0923859e644063acb38cfb338bf3a681fe449501262516 +Remainder = -21c579846594fc3e5efc53ab01576a7b32d69faf41f +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = 28550e1f7c6492f4cb682c37b105f92b049c13fc03b + +Quotient = 9ed8fb31327a110ef4377258681c5287de8ef9dbe62aa4fe84a7f2a94bb69607cbdb2 +Remainder = -1b7bb759dd0ebc346cbe216e56be8063f063490c17c5 +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -1dd1e61caed1efc07d21ce05d889de1ad65808cae026 + +Quotient = 1aa716227d1ca6af68286062b2d6dafd7ade16abbd5d6fa4ada0365832fe18f73bf35 +Remainder = 32e714b0c4ecefb38735cb88cd5e07c21c81be858cae +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = b1b959a7b3262d7f4dff488315903aeaffd982b726d7 + +Quotient = -2a9979a530046939e0b43a25edfbea6775784eb5cf346a9fc3a2d22e1aad473cdada +Remainder = 4edeb91a2472e80068b1883cf2cc45d68ff9bbed1756b +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -6f31bbe097587a68fdf01d0bf93830bd03a23920ccc0f + +Quotient = -566ff76814e1c7d31ad53bfb9f3c0607ef1f7d1cf9bdee6e1cfb78b3ad7018f8bbd +Remainder = -1eac095d6d84021c33aa9b219d191bd0637f20b5920eed +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = 36ccf5bdece624b4f54c729a8cde13325d8dd764f44894 + +Quotient = aee4f377611179d8b6315811dd94639aaaee63e99bddcfa8eee297ce1dc04daf8e +Remainder = -59cb3ba7efa1637c46b21795872e8deaff90f13402cfaf +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -1b157ad838684b45065aa77ca3238a4d8c5427f719cdfb7 + +Quotient = 1c72d32cb83cf4a9043d3bb5002f61b03e29c34e44a9fc5cc4d613726f5e618546 +Remainder = 7312d11fb5828c7f1a0060a5152a7644fc1e6a59de28d03 +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = a681444c4d47d829f7b629b561ffaa0c3be1232346c907d + +Quotient = -2702afc4095a0396215e3ca36e2a59725f743b30de0dd8d4ec4d943fef6c37162 +Remainder = 223dd3080ede3a64744b14df8742cedd71388b0df99073bd +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -796c9ea38ccf516a2054a1e584c18b64b996c9679960585a + +Quotient = -805585c6a7badc933bced6f8373ffdfe9796e963d3fc90e85b1a22c38f842062 +Remainder = -a6ebff3f651644915d5c466cc2915d104f0f85a44e08fd6f +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = 24e8fb7a6a3057ddcafff92916c46f7e4038b98c3104ae831 + +Quotient = 10383ff8feeb180d4fde925b534be97ec3d5f1f1dab5d8cd9ab5d8ea646cfcdf +Remainder = -a7efdd0401c74a69cf74442fe3da907acf92e8edc51668828 +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -1240a71ed8d81e86fd9b16e1d64f438b35d6f8eff672494017 + +Quotient = 195d95a520fd22317492117dc756ff97806c48c1aac67a41ae56fe503a60cec +Remainder = 8b8692bee56f8a1ada9ffd8b3583eae33a0df9b73a7d8585f1 +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = babe02063b61cb90634ac0493174073d2419e00728d46ad2b0 + +Quotient = -37791adae674b866e4791c107a697363847dee4a58a37806391426ea48b8c9 +Remainder = 33986fc6a5f5c4f4e31458fc7de55e08a4e9320509d90299b93 +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -5563bb852e7338c65aa21c516eecf47f498e5788c608ed46cae + +Quotient = -68a30494eceff55e4f54a556dd9b30025ccfa22c0952fd746adfd13d31d00 +Remainder = -1b511d0ab81d528d00a1058850bef48df2e9ae9357e779bb9231 +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = 2d44e919fd27bb3fd2093062d11830c30fa77febafe0a2082cc6 + +Quotient = bd30999592dbeabb8871b76aa04cc1c6c3794a83f0178c2ad505d8189485 +Remainder = -b0dbce286df5faccf0bdb40ca60f508d436f9410c5e49c3f1360 +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -1909930e2d16fc877c15895a3ec8b2125858bfa1c5a1b8776bedd + +Quotient = 2171694ef4a9d57b83b09357a511d4e11cecbab5e9387928b480d686a0e9 +Remainder = 29abc8898d5ef85f87323c2a6fa36ab6e1bdbcc0ca742b1a2347e +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = 8da37bc9c7c9bdc62f49cadcd40e156e776b7f4c8f7ad543f463b + +Quotient = -267d470f32911150d9944e684c14e1834734b15475bee968748dd5f6502 +Remainder = 53a2ffef61709bd7143c4c876e021f20a99ba481f2b11abcd45da3 +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -7b117ddccee97816c2ca2f1a612cc0d94ac67f5a79ed41744c8fc7 + +Quotient = -5a21a3bdd3a3d4f1361a978706ba1cec409c296a5b3c369e91fc8317bb +Remainder = -2cdc818f1e445fb3772d2a56833aefb2f5565a5fca80662e6fc1845 +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = 348dfba3c793f0018d7d3a70c4060c3148b4a3163ba60af9d6f8b04 + +Quotient = b301b4050fdf4ede8f9c746b26d968110e1eb119ca42cd9c9bd8d4fab +Remainder = -17993daf81711fe59204ec82e363d2b91971129af9206ff9506d3cb1 +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -1a76328184b9bea8770c91cfccf8ab98e75b2224d666af58022aca80 + +Quotient = 19c401336dd43c221a61264f8b91791d250e6c99c61850efe6d1e3532 +Remainder = 6c9e547a77c98eaba1b021777dbd98ea88f7fd37c95a2b182f2b9067 +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = b7d7b1f95f4fe2f267af88b81af88fbdf603e54ab6de73ccd000c32d + +Quotient = -38a77853de88a8db14612884b515e3cd7c673175779d4ab71ba58f83 +Remainder = 51851549cfa00dbfae388cc3b46fd4824268e00e12fba288acceab339 +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -539c0171f48e4160e5c308ee9e74f35d8b6d032e946dbcf748b1335a8 + +Quotient = -79a7eab82e5b65f4f6734e8803fa7c30852ea3ae56e801c5dd11778 +Remainder = -f89592eedcbcc68d5df80663b3cdc638d9d779707d4ae5a552d97d009 +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = 26efac15401a945ffd37066bc5af23191292765164a0f1e4fd537fd64b + +Quotient = d33afb58753a21581c5b2351a74f3d220599ed56ebeacf1d43eeb2 +Remainder = -f699437f44af44b3ddc080f5b74f753d35f70baf3866040ba3c64b30f +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -166cc6a3c60facfa0d8d318f26c6514c7eb9113f6b625c1de804ad379f9 + +Quotient = 19e55bdaaa5a375c36e6869700f8677db563e5cf985be2a8d1b012 +Remainder = 7bccc3a653f29f3f45b52b8de2449c868c64d976666c01bff2dca03a8d +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = b6eae7a82b5dd1554795573cbf558d7cfed813eec270c326bf290adccc2 + +Quotient = -297530094c3e4270ab5cf67e60fa5af6a32eb41b18b050fa6d46d +Remainder = 62d8b502e172da7bce53fbb7c1ae376b6c21b3a3a47523aa0023406e353d +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -7241ae5f1aaee9340d437ad2dab94b70dd29fc6fff7fe31b100aa5001644 + +Quotient = -640f3c38230962c6d6fca459afe0e46137525e8d62dd9b84da73 +Remainder = -16fcadd5155910764ecf0b4bd0afc3707e2ce49cedcbd5414f1c7d860e95c +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = 2f570d2da7a4e62097eb494ca43f7bde33e36525308dc864ffbaeb5d48f97 + +Quotient = b3895ebba13c8f383ac0482be02e1f5518511420cb4513426bb +Remainder = -21bc847fdfd48c7a4c36c778681ea20481081cbb7af6b281c8b8ebf2b2c3b +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -1a6233954b3480af5f911a6bb8ad33967d5e0446c3e56f521e892c986b6b82 + +Quotient = 243f3fbefbf842c79c5e96162fc42fe4f177a59d27681c54b3a +Remainder = bbfaf15a90e744dc4a1caceda3cb339e5491e4507a1118613c5e9739f976b +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = 82ae783b8a13e2e65d52dd3a6d6b057163347872f4d72245ff364dbf2421ff + +Quotient = -30f7cef2948c9ebed8fa3c5ea9a9bfa96ee4e9729c9b18e9d3 +Remainder = 1feb3fd887629cca60c664e385dddf538d9bf7fff2d34ca9e0e7614946d807f +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -60bba60d69093c0134fcb90aefdb9c190e7bf037ecc13dab3cc7915d7893046 + +Quotient = -6b6f0183c1f598a68683ba7435c05d700d74681fe472669a1 +Remainder = -1f4d58f81a8c18523918d31791a00ea9aafbbb87792d90a5392273ec4e405da2 +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = 2c17372a5128d7c403a3b94838072ecf9aff88d164764b12bfbf6261df957e2f + +Quotient = c4347fe42b2a7d9d5a650b72724369c5c1f59262a7be3fc2 +Remainder = -1103ec9c4a15373949cae4e34b7b42e242da41edbf5ad8362ce5e5426d3154a1b +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -1824671758069b7660bad819f06c86fc76a9344ea38412058380363e5c5b4086b + +Quotient = 15e8c8d6847dfe974cefeef5fee93da9e58b74d640c6c413 +Remainder = 61dac240f2b39832903d5ecad9cfda5162bf8ebb0610545f259b75c3dc6ab8771 +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = d83386fb9682576cc70cf84520c53169e391b414f5421cddca6e257bd77753c40 + +Quotient = -3572711bf994e6ad48535cc4d65ac323ef1ccff530b4337 +Remainder = b5899d4cb879e37022c539962959339d055900cca16153da09b54c658753cf50e +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -58a05faf5c61f85ac5a090b6bb045c851ea17332d9bfad4309ce2b7a79ad3cc575 + +Quotient = -6931ebfc6e34305e5d7cba5284829d088d1ec0abdde508 +Remainder = -1b09eafde481064bab3a5c7fd895edceca40b1e62a9cf953eae1061dfbe00936391 +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = 2d0769f392ca9ec629ef1bfbdf08cd8cc9219330ffe3c05343df792dd94b1147714 + +Quotient = 9a4800f0cb2bfbe8d234410deb510103b7da30cbac7d9 +Remainder = -971e4a529e439a1b96b942001631027ff2fbe40b8939e224adb7f2ed30faff64d1c +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -1eb3d7971125a036c3a67d9f5ce580a4ef4c469a492be53a55bafd2eafd4032b5b9d + +Quotient = 23116704b7a1a86cfa2ee5707ee46268634db5d50dc0f +Remainder = 467c6b64c8121e4f250492191ea36a27119a0a6d19af519bf7ccdc2436c885c99d85 +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = 87134e98f73470e23a96c6a9139af3d4d21574de8aa9ea1d720df8940bcbda343694 + +Quotient = -3b7f72ecf4f55c02366c52f38a827f5773b7cdebb9ba +Remainder = 194b334b2046a66be3ddd7c6df01c88967fcb11e97b8206d000bcf6043c6e9ccb13f5 +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -4f9d0341cadfb1f0bc38184d93503faa196fb8170f8ba2b5d3b512c09d39b7f79a5b6 + +Quotient = -6db1d69019dd4cb26fd65d5b88a31bb6413b30278a1 +Remainder = -2042a060391e181882dc0c8d91c3b03c1ea35e2eff01babb3ae876ba1e57a505d44856 +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = 2b2e8f445c0c3aaef0285945e4ca37a700310e003086f34d02c891b94b117f3d3032fb + +Quotient = c0e5b9a5853bb21b5e2e37f469764579d5cb2bf984 +Remainder = -154669d4bce7914cdc8d79f2b8d1faa43e8cc3b20fb0767e1c9a47c9e1daed4b665cfdd +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -188e619dbb719381e701363de874fe168529c10f30d3ff184e4356991fdec1649f72235 + +Quotient = 180054f8c36833d44cab9dd61e6d89d28605c564af +Remainder = 59192ec5c6fbd9773b8b7dd7d8ab1800dfecc8eb01c29997d15ad75b79575d9e26e1fc9 +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = c55b5eb165c63ac2794bfac21980ebacadb93f1e059309fd2b855621572e8d9b3f29018 + +Quotient = -31412e97045c19ec38951b0e3884c66d1d7479437 +Remainder = 56f1425227bfc6eb1ecda7bfae0e5cb59e92a2cc5306b28465c8739e40893dc5c1e94cbc +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -602b8c25ded1ab3877f58cb048c733649c7dcadf87b2652e35c4e5544d2306107ebff7b3 + +Quotient = -8da1489ccf7203ecead94c67a5750884122b6e75 +Remainder = -15162026586a1e55dda72785f31c9e6140d166a1fd34c87a7d8c78f8d8f87bbdcf8f75b1e +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = 2171ee4a6f7f67d5a33d0a08c367184d70ffe39da28562655e75f6b66c866b1c2ac93e467 + +Quotient = e635f8bdbf80e99723aa5718d3fade4e573be2c +Remainder = -ffbd73bfe05f95bc2b135f12682288c620215eac3d6d56503d93a90e06f236e597d1df975 +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -149375d478a096e724b84faf795c589ef0d772c4623f5be38da99006cd833dc5b28363faed + +Quotient = 20f76f5c6d0c8284764a10f6936c22bfba5f851 +Remainder = 82e3fb3f7252dd87b5370d26d9e8b9e98c7d333701f0ce8a05c337054c7aeb343d04d7e342 +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = 8faf8c0a3ef94ab1069394998e5412a7d84f44aff97edf63abc46d96f897172c38faa0b13f + +Quotient = -382586dfe93872abbe3a504fc62a8973913f96 +Remainder = 4d407323ef56093eea2f3993334215950f4e1a85ba18cdcd77d819d92b8b292c3ec8edea425 +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -545d81ed25602b158bc79aadf98a8f655fc399fb8652ae94333bf54c8c9ffaf8c6b3f2a9d52 + +Quotient = -7d179efc493eaceaf46572a1f3a62bdfc4a38 +Remainder = -3de3d817a9cf7d529b5229a503e8ebbbd2c53215ac3c584c010947f780198dee16ffbf47791 +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = 25dddb00f65d6a1ba8caf7815a8063c5da656d775eae9e0108c68ce11dc925183810888dd04c + +Quotient = a9f7e5f235bae0e3e29393ac5c99d510b009 +Remainder = -150478b4a0df3eb20dcd1be8da283a00636c021c5c6337e7732aae9c4b49853b95f6d2475ea7 +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -1bde6cae7f5ced9006c0b1a61fb50982a433e4e2050aa486298f456556d8e909e96933e2ba3ba + +Quotient = 16de125df5936181981b4c2d0051a8b4d211 +Remainder = 29ac7c8a11f9beb9ad649257994216146b663bf4f237c561bf315d95778fcdb1010283475ebf1 +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = cf24735a60ff5906410be5c4d98e3c9247919b57e404aeabc7eaefbf07bd64762bc61b96c9040 + +Quotient = -268a52cd10ab4814268f66d9f44f71a98eb +Remainder = 20293699f12fbfef2e391963866fc082a7884cd13b1c9bd8d5d203558feed2b889720be936451a +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -7ae7d548212830013b7d653072c33f0dd54a6ebd8792bf75809d29a8c798dbc67c3edd99a69b85 + +Quotient = -8f051067ccb82b6a3dffedd0ff2ee97c46 +Remainder = -100dac0d3bf5aacc5fade281c071eb2399560a65349566567ce1c0c34e43f175a575ed1eeeb3b07 +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = 211ebb5dc59a051fdfa3b18ac491971e863f2086cdc099672c1215af4ec877e29950efa4f487be7 + +Quotient = 9b7ee4c499386f922432fcb1a453ee2ec +Remainder = -f410122a74386d724cdd45b2e548645ac5ee4a44cbfecb82aad34ae470526674da44ebbf557bb75 +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -1e76750814dec1ecbb1af0fa2281ab3185e94e47fc16a77fed312f23f261ad7709ad7c9f85862c1d + +Quotient = 23efb26228d7bcf281cd45f54572e2b3a +Remainder = 65bf2ef1c2f8e94d98060aa305f85e6cb869c74eabad99877010d30654aa2e578ef6aa3c5f1122e3 +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = 83cfc25e90a61cf8686e3d5857b2f958674d478622c54cf8427275ca5e9312ed24e44ed4a1b5e413 + +Quotient = -2cfcae0e922f2d884bfa0a3346dc9812 +Remainder = 14de2725b11a9c6784d9608c52770d29b9fbf824ecd4890bf28f3ec0dc6c52e4df9be540332b8882d +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -694b057ff381badb37c7c15c81e74cbd6774e8d61c9e7d450811c36262ea834fc1287fa59708ee072 + +Quotient = -4c0238ff3c18d4d58e543f020002802 +Remainder = -2ddef796c50817e82ea6f64a02a8c6b30ab40070ff5401c2d39ca14b9c4d99de33834bfe566a0c2efb +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = 3e51c9ab14f522b55e8f9d3ba995c0846a864dfa2d568ea211b0cac1463ce6a1da72d0a15746fdcc9b + +Quotient = d41f9102a7785ce64f76b7d7b870b0 +Remainder = -106eaafdd518c658bd371164ee43ccd915a01b513fc7d220900039ff840ba36450e16ce9987e08e7141 +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -16549c5d57b531528dd4d781f03cf275b66cb94eba038b782b739c3ab30b8631c8706abac06004a942d + +Quotient = 1616b432b3277e774aad92b0cf544c +Remainder = 2c89373720b834d718ff3df985ae47c3a7cde0e0309f682f5fd48dc97a1ff3d69fa0dcaa1245e956445 +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = d6721300e877a8145d05f4f3d8085697c2ca5f34a5357fed0bdb7169f83b6f8d855232eeea594846b79 + +Quotient = -320fd6a7375a42a3961362ae196d1 +Remainder = 5336711bf81237ea3449f4e9f4e6358dc250f8ebd86082cab92a8079f2c8f835bc783082efb0ed7e3f66 +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -5e9e8e1d446fdd314d487cac1226088696e33161d923acb67d3c75e87e428bdbc193e02f53200610fcdb + +Quotient = -4bd06daed3f30345d269f51e4381 +Remainder = -1f3513bdefa40662f0f50a04b418a833aa2f85522dc6c399298b1b147662ef2164ddbfb7247ba9511b8ec +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = 3e7ab7ffe5f63a6c1e109b95b83af470ff820cdedbb3c90c398ec42e44a45e1ca894870a7fa51f17ad5c5 + +Quotient = d6fd01a0c5b55fbe36e58bbe77b +Remainder = -c51af3e8b430870388357cb366ea888bd7b4ccde09ad3a1d2ee1426af060245c6d6b5980ae87fb66c4642 +A = -1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -16086df3dd5e665f2631a294563c68931faa19ee67d6a2153d262940a648ae71bb3c1745daca5ea977331d + +Quotient = 18bd9a8f5678d28cefd955cf99d +Remainder = e193f2fece67b7abe16373c3f84f18dfedcf654d951bf47585fccfaf67ee04f5037354d057c9f5eaa8eef +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = bf758acacd11f3f3e6665cd740517c9ab2384266f3c7ff9afd0888cdad2f6c9401c24d6c11fc3949aabbaa + +Quotient = -371239db55c79521206c9e60c0 +Remainder = 93773085af7582dd298b09d7098835787978d820289ea6850f27d0d77eecce8614785e32b228f46ca4b371 +A = 1280d26263c574f655ea63006f2930666fbaa4de1b09a11ab0e47dbe0054711aab90a05b1185454dcf046745436391a673426000000000031 +B = -56033fd85be464301f10177b58d895fbb6df6154da5c2a2a7cfc3a24d83a96f5295fb17a08148a4e51dde91 + +Quotient = 696d8e378d12221e2d970c53bf63a20ef381db8566701972c22fe067cdba99c57b68706a5c6e52f21bb3de861e49ed2141b3036f07d1fd0ee +Remainder = 9f0e50ca76031b +A = b2668f5fbcf4170820ed3fc9b12a61862acf8e3cb17175482efe23c5cfd3556e77634d407b6d1f98a73437a8d6066319a7a860afcab2338a1b1313037e30f4d9 +B = 1b1313037e30f4d9 + +Quotient = babe271ea266bc7bc16d193097903037819f82366c7e9ff8f2cb14157b40433c6ee327038d5dcc44140b070d823befaefbee5e13419f6f17 +Remainder = 93d7c547a9ba0a4a +A = 74b1a591f449377836f378e05d2902b29964df59c6926e5a9182cc09ce3111783cb7021a185340b4880d56635de268d6f3855c4d9997373b9ff8df899ee3b3f1 +B = 9ff8df899ee3b3f1 + +Quotient = 890139fef28aa3b77814e1122b9c7f26e746ee3c507e6082b508fcbe380de83b06a01f735239c6847c30eae44749fc8c5e3bd97eb40ba297 +Remainder = 6c97aace900389d0 +A = 7e89adea82b4cb6feb41297b6dc8d948e72c3d5554a987900e7fae48cfb38fb5282b13d9a1f5793cf7cbf1ef551865041c3ffe0e287714a6ec7123556af55a48 +B = ec7123556af55a48 + +Quotient = 1fdeead441e2d7a6ce3cce2389b2a22248ddca7970ae3f7e7d8453052fd08534ff7c46f6a4537fb6f28df6c5fc8a7d384336e679b74205315 +Remainder = 2903c7cc2651bfa8 +A = 9ca66de3d83f0a747fe986464522bde5e42aeac20e8ace1ea13fa6bc9514c58517479a4281d4128c6d775489b85dfd114ad184613f308f6c4ea484a22ab0ad1e +B = 4ea484a22ab0ad1e + +Quotient = 12f16c8f9f898a08853982e2ac5a906d784c5ab8d74007ba3ab311e861d7c1ac115efe694cab7583f75a4a59ceff2887dab53b2f1022aa452 +Remainder = 4bdaf1f352e87aa5 +A = 6e6a97b358b591b78db43772378dc084a11836ddc9dd4607f263ce620714e8fdf6bf67387c163b6f2999f84270802b4bd5c0f0377e949fbd5d42fe145e66ffeb +B = 5d42fe145e66ffeb + +Quotient = 14e0c06c8cff1f9f5dd8afb6fa6c340f0953a18ba7d2b26b22d8e7f946ef20fd5ac277ceb59cbd4ce3e8213803c3b5b0452ed449e22bf2c29 +Remainder = 55422f1caf4a9a00 +A = bc9c054ff568af73e301e0751bc1ee055e82826cdc53449f2d9f45feda2ba227bedd6df9b74fb58a85917d60b087bef04a156a571716e9bc908ae83784ee35c0 +B = 908ae83784ee35c0 + +Quotient = a457ea94da3237c0dd15ee30e9c13e7b4ca1dc90fcd67951b873787206babaed837a3eb17e298d74cae92d1059636f9aefe11aef9ffa31053 +Remainder = 124768541b600598 +A = ea6dc82b1906c277526ed867fe8b0fbe32feecfb935dbab860aef59a7d72799fd4e952e70b4c9304c7b2a06af8badcd6cfa12d0b6c9db38d16d2c4a24099ca14 +B = 16d2c4a24099ca14 + +Quotient = da0a37eece8972a0e2e8817c54e67c4d9f92373340488539d5051984bce0ae3300ef6ca9d0902daa4d485dec3b4db6c8b1ffd2c5d08b18ae +Remainder = 1ba15c46023500b9 +A = 36ca8763e20e6ebf07a55cdfdd83892bef0bab68ac092093bfdac1a49c1da015541196a24249bb2262e70f7ed53e0fbae61f02ebac4b61f740548136ce50f243 +B = 40548136ce50f243 + +Quotient = 3d8c433daedfbf681b528f88d610204d33bbe74d0b13978c34a617ae94177e07a757519b5a8f1a93a73d0751c7b5b72b4bdf475a9708fecac +Remainder = 4cdfd72349c6110 +A = e0dd7e73b2a64dc017da65992176e2535c43b6fc14f2f7b0a7d894d768bbc77507eac0112b2dc3ca83d70989a1b949ccf374be6a012d80a23a74bba39671fcd0 +B = 3a74bba39671fcd0 + +Quotient = 39d084b444e39c32f2883e9968301151802da15141f65893f37b8b834eb01c074aa1e1a978c5c99732c87ae106bf8db09e1728c8bf2aae88 +Remainder = 2950443357cd7477 +A = 16df31dc290559c3b6a3d192cf15d825cfe79f8dbd5c9848eac7fa90eea5d87f8b430cccf9baab3e8e4dc33467a4234d8551ff25e33af175654686ff1368e96f +B = 654686ff1368e96f + +Quotient = bbead8f70c8e61114f22d36e97861f16037efabe1347613e78c51d7f539065421a66c907faddaed13ad2a0f0b00f8fd594e917799cd937e5 +Remainder = 3013136f5f728b68 +A = ba5e688ab4f8ab5c25592bc4334b6dc2b7a06d491d0f919b716bf1cf109b62a30d9dd59dd4bdf870dd2687894edab303277a5f3e3a537cc8fde3ee3bb61767d6 +B = fde3ee3bb61767d6 + +Quotient = 42aefe467ff2a5614efef1edce25a1acba9c476b3abbcd680140a3aecf8f51c1ebaab8912de217451bfaca2842c0bae717b8a030b6318c0 +Remainder = 1f130dd2ead0d35e +A = 17bd50b5322c51ac883852ad2a4446c039dbc210ca3aa0313065fc88cce6819b324e93b036bd0c71be58586cd2b243d01a4a918c10ea0cc5b22f9d795df09de +B = 5b22f9d795df09de + +Quotient = 13de73dcd72a3638fe2a907fd7f6574bbb228698fa60e4ecffb082911c5f09c74bb4f50564d3d4035d07eedea38b634a3e3acc26c8e9aeff8 +Remainder = acb8702f0113e0c4 +A = e0327b2e59236a3f91ccf960490cc69b2afc854de9299ad2edff9618f9fe24251886afc65f5c581a9bc86013f356d599e98b8b10f5236a51b48a6b29025983a4 +B = b48a6b29025983a4 + +Quotient = 27d11481f00519b786eaee96220afd45bc51700f7366fb5e7da35bbc84891aac3d9d2b709dddae371a6b78439fef810c68eef586e1d68350d +Remainder = 3d1890c5e1555d74 +A = f3504d5d96c9e27a1527725ced337f1cd0a183531642051e166507432c01e8d44c4e8918701c2a05eb8a9d7e26bf04993f9adeef2826ae4e61c602477f849121 +B = 61c602477f849121 + +Quotient = 10bdeac209c67b023044186704735c7291423054bcddc24b731ad601b49372f4d5ce6e9d85002f8dddf0411efce943f81a5e42cee2d0c9fe5 +Remainder = a93a0c5bd51004e4 +A = fa29e37b0d0410d19fd180149b14f94ec2edccd347da65f6832850aa06a61b7b78c96faf64dcb347893c93c560b8043466419864a382c6f2ef1412873b2d8cbf +B = ef1412873b2d8cbf + +Quotient = 1c9b6cffe44241292320c0660b89f2f77aaadc8d36e33f5ac3da0f12b3c114a156870a92079f7192d237f8bf49aeee6282531c929cc56d75 +Remainder = 1ce3e5eb13ac7958 +A = 144325a641463ed6bddfcbd73e50620a44c606d71fac38efb1c9d2747b4903f7b51fdedacfb66db022aea09b43c7c2ad7b851035165ebe59b552d4f7eee617b2 +B = b552d4f7eee617b2 + +Quotient = 1b4ad18dc0e634053beb3cf840b53e35117ea06309ea8ca22e37123fd7e1d391c96c792e5125e322c27daa73301024080d73ba3491484b659 +Remainder = 3286bdce6dc3a828 +A = e3a2b90d3ef446f6bde30d3e726cf3e78212324054b40deb0b18fe00645568fb0a6234b6bded6240977373731bb30d1349e25cefd54b7a9985735e9b78002691 +B = 85735e9b78002691 + +Quotient = 28f5e8da6733240cc2f18e3cf4d42a50d92816062af33a9e1871fa89bdb39a0d905c49faf51cc1c1378741bea34d25ac2c8e522881a6f6087 +Remainder = 135784870eb40c68 +A = 593206f9367b72f9cc59b3e37d2eb23b2061422859162ee53656899c2471017474f500c6e23efe1f6b1e57852cd4229329dc182ba01a257122d76a26aaf9b844 +B = 22d76a26aaf9b844 + +Quotient = 1ab276448d16c533b6e90b5b5ca266e13ec27b5a58c80b7657df963ec2d1fe4eb1c1d24873eff6408bcb3d0cf97c31e85240eedf0efcc1e5a +Remainder = 27b105741264f875 +A = d84fde3d851b52ed3b2a1268e9b765ec6c09c5768bba709b3b799802fadac30a6c3184185e6d57249b1c34619f3c9d2b90bc0c348b22537281a39fcadf738083 +B = 81a39fcadf738083 + +Quotient = 84a87678485b3e60ee1cae3701ebdf0a29ee44115a492c34a0c8e84090e14070eb2ad0abfe2c339f26b5099327515104fe3d1c5546feea98ed +Remainder = 95f7434941f9d8 +A = f79a0643bcd9c28cc22cc7b4178b3340e4685dd2672792516d6fc08567d2de2d3e25d43f100a58826edb146ac94acac4213bb09bdf8a258001ddd0ab110b89fe +B = 1ddd0ab110b89fe + +Quotient = 516a2ac26e5b3afa502c7f3c6f15376f7a380e5842c229443343b5b74dc3de84db3ae99a0c57043e32a504ded19943c0310cababb3e92cf8 +Remainder = 327cf78eed336523 +A = 17c0d5814e1020d5d69674bdf6b9df193a16c0c8567a589d014e8eb7f6c9c36560791f7acbbbacee7c456eb51a4cdd7ca88011e9d8d9f2d64ab08ad74f7be5cb +B = 4ab08ad74f7be5cb + +Quotient = f0da0beebcfaa716f494cf3fc81fe65117c90adde3b3942e8e66986fe8050fd5c9ebe1c88c5db04cea4c4c14779555d70cafb53870671f95 +Remainder = 3b2f844440d7be00 +A = ebba8c393c2a22b094d824ed95b4acf6875719fc165f73ee6d359e1134949169fdacbb42d5deb8cea96e11e3aac985635b5bcc6c02a6778cfa8e03d9ce6fc680 +B = fa8e03d9ce6fc680 + +Quotient = 56527f07593774f0fa642241400985d0bb9b41d3dc9e025ca069130d93afc972d75e3fe0f798e127c3e1b4e925000459a3a5a83b15186e516 +Remainder = b620b7a3b752b78 +A = 5d6cad9e26267abb480b2b9ac5ea323bc4c3c53e0de8ce40c89c85accf0499aea5b11703a04296519047585ff12f8795f98da0546c20016a115100eddabfb468 +B = 115100eddabfb468 + +Quotient = 294dca3b56ce9529aed2c132a9bd6c0c61de7a58ac50582f396b4fadcf7873b502bb869f801a9ab1f12384631cefee72b3e6050a7f69eba4 +Remainder = 53a0fcf5486c7a6f +A = 24aa73803f270185d23310df2cf3ef67b18d7800bc41aad2ca13f372a27ef0a9217194f3f512e79f545a903895def195a5eb9a1a1b6b3f4de340e9da9b305d3b +B = e340e9da9b305d3b + +Quotient = 16bf4dab1c29bd284c9b6649de65a4ee58f21d6a8b51627ca133fa817872b1a4a9956662db0aead5898ed0eda08511be7c47449638f2fab95d +Remainder = e7751deb047d98 +A = 77b04d93272491322ed2fe651044e28cadb2ae7825f02b55aeb0f73b8b8a8b336802416fe08c718ab681581ac04d87116323f61f50bfd2180542fcd4a46dcff6 +B = 542fcd4a46dcff6 + +Quotient = 388ae1c243bc9111e663c0c80495c36e8767bafe188b532b7ac84b5160d902af1b638aec6e4c66955d16bd8ce94ce6027a7bf95910f705ad0 +Remainder = 7c667ea307017c2 +A = 52f357e9a57722a867d8199242e100f06e8df810ee913d6992bfd9dc03ed78bcf44d692aaa7be806df0c9e0802851d7ae8405f76114e6322177907198f85cb62 +B = 177907198f85cb62 + +Quotient = 33dc2fcceef7dce92e3a9df58566c6e28d03b58ff6ecbbb31e43936cda6380a56788285d37b5e8f11487afd78c39cb2150cc98d9d78a0c6cb +Remainder = 429a380c9f8eeeba +A = d99cf9a0bfc347c9631ae8c69defe1f1509c3ecaeeee5dbc61317bb73fa5cc6e704f64c865cf4d898f8a2f63214dbd511f61aa6e09856222432376698f8d2f67 +B = 432376698f8d2f67 + +Quotient = 18ecac9e5539a014cffd8310ceb1170577cb23aa9cb3c523d57ad83069d1609ff743cd3c275b67097a038b85afcd7105ad21672f9ecbbc7df +Remainder = 37924fea665f5c92 +A = f87aa8b6e62b09291e0e9b832ad71d8f85d60501a8d89d2638dccd4022e89bc4932c186a198557282527dfa86dfacc2f90fe0656695b61429f8220509f5106b9 +B = 9f8220509f5106b9 + +Quotient = 37c0649a53c8cab91a7458702870bf64cb1de9fc1c6b9a3b92444119d368501b62d3a5138af72bdb7752eab8af6bf4e3bdb9e3beb1805b88 +Remainder = de179463e3e91ad +A = 995c04c1f24c4efe88393bab7a7545e39193662d5db7c8e557d6c554ed4367f5af82c463d0ba6bc3148620481140add5677937989e03fb52c0323980d8841d5 +B = 2c0323980d8841d5 + +Quotient = a6d193cfe7d8983768ff29908ee6e07fee99927a4bc4ef41d01f63f3b4a2e7029630b7d925d0979458cdaa903771286af672253cd99593b3 +Remainder = 6bf69921db298b3e +A = 55c856daa8110599cc4fde0a44acbd69a68eb177e0438f7d843ba0fb74caab2a7e0c8a6f176f5555779e65c555e9157a16a1497edf36ccb583a458f0372a57c9 +B = 83a458f0372a57c9 + +Quotient = 63f379bef9866b59f8bfd6bb0120a75dc03506b0034e7440764afc8ec14d8d735aa6f03a568ea98d0a74ab9bbe9c6e11b288467e5f79a2539 +Remainder = 11c077beb8667d88 +A = ff1fc3ea60fb37ff23e2f2f4e207a86e055cca41eebcc5bd6376904b51fb3d233cb04666fdc92be33239b5ee552870e45717890e35fdbe3728d6ff55d5662419 +B = 28d6ff55d5662419 + +Quotient = 285ba8cdfbf00b112e496ce65cdba2271c82a273b3d30bed82ef2d360790c5deb97f3311bd5eb9876a61e33b3a37782d00c2d5ffbeec752ca +Remainder = 1672a8aa119c3a1d +A = d614352268930d301aa4046cd38e2eda4dcfcc52eac984943f2c863de5c4f8a44473a8ecebf12cb8f4da4722d305e5c9c3eddc0109d416e854df334dbfcfdd4b +B = 54df334dbfcfdd4b + +Quotient = 358178128648fa9ea28dcfe68b4cecc7071e129e3ce4d113f5d1e387f7e5a412e9d2dfe5ff16d9987a544004d213ade9c134cc240eeb6871 +Remainder = 44c3fdb374bc0c30 +A = 18b973dd011969e29a1f4a5b8f118313f715c2e31dfebd9fe0957cf23cf36eded89c38637a8d3512bb23324ff2a3627d5b942300200c823d764b7a6c12d1c91b +B = 764b7a6c12d1c91b + +Quotient = 19ea7212f6604d423b308fe3f2f4986f31aea9d6a117a3e207e38ce5bbd8d7a866285ac60433630de547fc84e364c451457fbf864a82c6613 +Remainder = 2718de2dd0796f08 +A = 83577f755a448d5586e19486b04de7836818223ea920465c4eee979a9ce5696ad8e2fd5253b5d5dcfdf355465e8c0819658ccc5580fd29b351169b54c62b779c +B = 51169b54c62b779c + +Quotient = 13e0c5b9905770b60a6f978d1c983cbc84dccfaed0f4222f534df80c7d3d129f5e8f74f19581332a7f6d383915424c71db4ca19bde2591fcd +Remainder = abf5f6c8ab6ed4f4 +A = e2bf43c91cdbb244790eb165cc13feafea36f5187cc9bf8aa8cf202042efd5441e3822a1164992da5be750aaac0bb11f09375bdfbd4a39e3b682c7ee6ab5f5f1 +B = b682c7ee6ab5f5f1 + +Quotient = 3919f31521e87f90df3a4463d0c83fa31e3f569449009d307962d26f07d854e8d3f0badbf55311c206bf34e6227949327a93b1a5ada7a930 +Remainder = 6c3802d44dd4668f +A = 2546880cc6f97fb379afbc4a2664115ba7909414f35a5bf88be2ed5187bd1a24afaf82eeceb0b438d4999ebf9b7ec752236669425bd3cce6a71d9ad67ff2ff5f +B = a71d9ad67ff2ff5f + +Quotient = 121d5ad4115c2768b962e51d09f426d61624e0f203ac6c923289b4e7964e165b34f3dc1ff938a7cf37478d407de251c64db71d3ee629c1035 +Remainder = 660a35e1c1245910 +A = a36d3250c123697adbbbdf489e6cb40be57febaff654ca951c9fa0b396b1714c55ed6e05e468153ac443dabca29de9b43cc0cc4e62cdf24690593662c86fb5ac +B = 90593662c86fb5ac + +Quotient = ad81debaa02f6e60da58b46e76ce041fc4da64138634ea7b3c165b8fbda027eb64b6b5339e70babbb83430d60383c2cfe22029e617fd03a7 +Remainder = 2e4aeafa2ad76832 +A = 8992cd131757ba5cbe54aa58be115723ea3438ddc782a4d1996980b7b312fa76e4483584df744b10340e5fc9e468690cef538920a732a8f0cafb4e30846cad1d +B = cafb4e30846cad1d + +Quotient = 67a71b9ebaec91121a8cf6bc2932b6be01af7954eca69c5202d771c2c2d13683cdf90ec942a3445771ccfe484f947f078de825ea88b3c05a +Remainder = 8395953f744cfb31 +A = 4f8ada84096198175174896167405b85cbc03fe0642f6b263a70f9a22f19ad6c9aef38da8ac036d409e6fd925023c95312cebe04eb653e0ec473dc8dfed98967 +B = c473dc8dfed98967 + +Quotient = 9416326e2347a541b777a0fa1b0c35d8fe76c940d24c6f6806d6ae8ac1e280c16e480786478bda3f780ee92f3f3c361574efc2ed5ca98e26 +Remainder = b8ff45f31bdb58d8 +A = 902f5e48b96b9b1fd16c3b21292ed495987ddac4e1d92b2ab10378f2966c4399d6a41eef622a4991ccd1f647531dcd145de4ac99b3036779f9414ed2f4ba7e08 +B = f9414ed2f4ba7e08 + +Quotient = 403c651b4e571e8301c4158fc185396554bf61d900708d2af5c2bdf495b3cb539b0b9b5acd0d71654b3aa68024961d5a7bc9e2788e6c822b6 +Remainder = 7856ec047cec8dc +A = bdd6d846983fbf140173a26d2b709b9f31b4fee1eac9d25fdf0ef3523be0e6afb372acab470cfe1806b36d84017ec99302eb9eb5eb2862222f4916d8b6201d14 +B = 2f4916d8b6201d14 + +Quotient = 1b6d967173f9777cb6194c8f69289b91da731456fe5a1515a49e4463cd906c84f97381cabdf9f358d97fad5d3cb140e3a3de397e7f9f683157 +Remainder = 83649246ade8bb4 +A = e3da80658acd53ada7c2dc57178e697f2907c5b0c64f4a87a794ca7521105a0568a32874207646df3768ee60964b7d1d2e29ea6bf7fbaa7e084eabd4ea553a72 +B = 84eabd4ea553a72 + +Quotient = 27b8f1e49e404455cc68217a20766590e749507976a3a6de25a7cf2c32593aaabb04d84deba1ec6bbe048a2959ffd747243c396dc53c9c811 +Remainder = 3daa032278ce53d0 +A = ff3ead7c7b27f607d16f1ef4ffa91b6cc28301b9256cfcb0c22b6818371ce648ae8812dc50a86e4bdc0d0b1e5b0d55c6ba07b240886a6d5766cfb3ed0937a543 +B = 66cfb3ed0937a543 + +Quotient = bf987f58700508356fb6274f64a9f78d455e4c436fc6fcc980ec0800287ab3789b91c29a8a72b16645ecfeec926b6f8242f3c7dc3adb40cd +Remainder = c007da44faa80584 +A = 971aa67c9af10f70977f600e10f9278b8e66d2471956da38e5f4b3fedce9a5fc7ff42b800bb4a78314c70bb59394d0880383f5182b6c1960c9e5b47ef8e63be5 +B = c9e5b47ef8e63be5 + +Quotient = 7332104442474715d7c4cdac15fc1731240f8b4dd0e6ff3284a15a62a8f9a071dedb87f2220efcc5839cb7e6933a8f65d767819db26e134dd +Remainder = ef65a7789f54174 +A = bcea2ae4b1edfebf905a5820f0481b6c58d76a69df9dbe84764add3f49496a5d7005d645eaee3754e0ed105c13a114e6a0eae5cc4efab6aa1a3d3a0050fa86f5 +B = 1a3d3a0050fa86f5 + +Quotient = 3f6182804a7ff12fe7ed3c8521b55564559b1a47a78e1fd56597b9470e7e0f6e7e48c58bc8841c9d118718ccd5e0c0bf9a08d8e244ae60da5 +Remainder = 398e30aff5bd284 +A = 2b877181a960c5e29ab1b2672ee22539256a82369e8f6cb5bcfb69e5e4a41f782e89b58fc0ef6ca336469ff929729f8492b44f12199f0e1c0afd12b2c999e787 +B = afd12b2c999e787 + +Quotient = 1a80a681d2c42edbcbde552323dac3a1c03b43251a99b5549da6cb39ec6947daa0d574f0df68512984fa8e269b0b27a5576b3aaccb76ebc23 +Remainder = 378e44fdc7a5ec4c +A = d37e62f44de27a1418f348139eac5ab9fcc1ada21ea6d7695273daf638b4d7eee6745f54b99a9678cf742d304736ee356f66d16d874f8cc67fae9be5dfd41a3a +B = 7fae9be5dfd41a3a + +Quotient = ee982a63816d56758c29d284c19b9b984908cf0a9ae3f1f926e162a2cae4f88703aa477c5c14042247635c103494d11593c2c3839baf4d93 +Remainder = 39afe3275c01aae6 +A = 9a0b0476cd33861d2fc3137df292728e1f636f6fcba5105f384533723231a3104e7c77df46f7f34a4bdc63d5c67b418cafcf106b26ad020ea547d34edac1d3a5 +B = a547d34edac1d3a5 + +Quotient = fb3f4a39a661e5c31228a6b7b4c27e6e52d1954e8ce262b98b61650efffd762cf2a1aec228bec5d5787683cad6b2e6e49a0de91c15c81874 +Remainder = 63e5ed36ff73a42 +A = 4453712f56467328401a69d4d749a0771732734a760a74094e50a62a030cb604e735bfe0bf0641754edff94ac0e0549e8c10941255f0f21f459e52a6cfe4d9ca +B = 459e52a6cfe4d9ca + +Quotient = 7af60a7c0f995178be76c070cf49eee311e6d1e3afaf50c8c93ff200c1b3fe742b23259b4fc0b9ed0947be4fc9a6c212d86de9a0f7dbb5279 +Remainder = 19657d8ce516a138 +A = c9c92a31ad0f3cfb56a294c42a26eaecb77edf33ed40a7e6797927a0c996a7c0a701b484741163df388bb082e3daebf4e1b7a99002632d6f1a41c1d517238557 +B = 1a41c1d517238557 + +Quotient = c890c55a8e2a3105b9bf9344a57a9b9fab5fa1fd57083d52431b695553bfbe7a44a9b6cd1f83958224f351f8511b14215d1648e88e938573 +Remainder = 1bab5b03c372daee +A = 88341550e470016c7ab600b9f6cb410071a77f907a58cb6da4ce3e955d1e859534c2c1098fcfd91b9fa66926e51896733c36a824c3a20844add94e27f30ca651 +B = add94e27f30ca651 + +Quotient = 34c240c42da400317f66f5151630493a2f200ee418d5ca3300cab10dfb429c2acd7280bf066fe19115f86db83d8f5b93cda714533b16abfdc +Remainder = 18cd326996ccebc1 +A = 7e96d7b90ff09b114dd4393e9bdfb13d8ff517681126c566e18dd6369d87d248734d94bd02a1f19cca90be7642822b636369c51dee441a9d2663ec896e1d6c6d +B = 2663ec896e1d6c6d + +Quotient = 10d18159e75efa8204e325e6be830b4ee8d2c07419e8276edeac6cc286488fc0c888300db3ebb5f935aa82654d3b932540f0093d1880e1d6d +Remainder = fe9b6b8ba7c30f8 +A = 731aa6e2fb2ad1e1f80d7668c7b0642203af24af382abd207a5ffb588209e8b5caf953e9a96b478f39ec03a397d1433998e3c95e382d93376d80cf0c957788e6 +B = 6d80cf0c957788e6 + +Quotient = 450d1f4a105ff8d1a3efbb12165ca98c67ae70404472e4862db479e03313b08783ecc42104780c9d57df0ddf19c5b4547ee9ba52ea82dd0c7 +Remainder = 169e15b4d5aa180a +A = 902bcb1904b80183656dcbd51879e2982e2b46a547c9ae3119ffc12c6a003e4321b519289b7f22fad19d16480182d1d797c3045b2d29dcc12167f9ce5e233d89 +B = 2167f9ce5e233d89 + +Quotient = a426f71cb3d75365cd076a6c35c10765bbc3f4bd317fb83a70083b0f7dc43a4e0b95508e60dc1dedb780e9b485f4f7a8870960de669b73af2 +Remainder = da381ae5c97a506 +A = bd59dcdefcbaecd9292c4c3685fb87d3a94c0f0ed01e43e63e1f36fb65d6c5eab3b584f3d1f76d31458c9f6b4c69869d96e943c61df102771274c5b4d821469a +B = 1274c5b4d821469a + +Quotient = 26ccd4b7be090af22221729b0ca51a5e66435c2d33f8d88f94405f6c0123ccbbbbc8080cd8448a977946019ccbf5d267ac3f151ebe686720 +Remainder = c41f9e7bf20b376c +A = 212dbeff03f14b5825f0d7cf8a7501db21b60581a01a26d522ee44e7fe69545cfcaaac64dbc76c7e3027ac39ddc2d80af6f3fca1824c6ff6dae90967d9ab48ec +B = dae90967d9ab48ec + +Quotient = 801df28f4fd987b4e980760f4f2625276a2a7191d453095c82aa98a2253324ad2873abae70cd98c28ef3ce102fdd53469b9f01889f3ba8b0 +Remainder = 8e435da582e59809 +A = 48341b28138dd04807e522e341f74ac46b0449fa45f96d7fc586997c056a21eb3c399752a6a6c023509f042cf9e879f397a34af9aa2ec2e8904674f2ea3ff739 +B = 904674f2ea3ff739 + +Quotient = d3857b72b70adff9b5dec3cbc63de7c90ccd7aab6595339b2de39bd6b9789045141d224aa4e6bf9a06e017aa3edd00e716a771b3f5b97771 +Remainder = 14135c686d2e9f70 +A = c1cea45dd46409d5e24fb7ed7d849dbb079247af2d312e01083754ed07f65f090e4dd50d23a973488702ef00936c5d78af603ec0fdf03dceea8f939c922b1e7f +B = ea8f939c922b1e7f + +Quotient = abe20c90896e261e7d31bf40e7f3136d36b0b78006d12225a4dbef6aaf2062b609379eefe7e5af5bcec17126286f196f1330da8477096763 +Remainder = 230307c44cd55896 +A = 19a637e4f3051be0f7c4d35513bca4a91ca9b8082fe3c73899b70b6805a7aa0458512495cb6ee1ade55ecd5851be1dba96d65202f06bc7122633a0d905017545 +B = 2633a0d905017545 + +Quotient = 5ed3765c4a777a903e182f7c9ce39d19c01460f389b904c3ce1d3525edf25ffe7dc0f4d9e24f0bc8b7e01bef19c83e74f17884bd7bfabb2c +Remainder = 40f5346f8775e20 +A = 546578393e914be30581e24508a33f6560a5805dfb1c675d1ff1d6f5eaa7ee638b9e0265f543413e04e3f1f3b0895dec271c9897a48d9ce9e3d7df32c15b75a0 +B = e3d7df32c15b75a0 + +Quotient = ed73a67932746985465fb0606fb0e81595514f1647c911c303d4d31eb0306e3b2aece07320f6fea57a7071d73150591ab2a82a7d53968a81 +Remainder = 2e495a881876da00 +A = 8976445bc318921f7e12c8d4e8e50596849a1503b5efb65e939c291de136597c05a1fd16137f0bbbd7197df943cd612118d1e55a50ee097c94331c1cfb1e941c +B = 94331c1cfb1e941c + +Quotient = 5dce24b7a16d847b0c43cf365ea20bee9679fa0e8732813e827cf6ef3c9bdb7fd8846b5689ce8b80a7dc0dd05721cb06d2700aeeb7ff04d6 +Remainder = d8ead1ae3126aded +A = 59b99e5d028e6771d27004bc19830a5fcb347f7ae04c0ba7c49130bfb198c5b16821e425c979e6d2dddc14889ae58475bb52c6cdefecf2a8f4dd6e462bbc8f47 +B = f4dd6e462bbc8f47 + +Quotient = 170e10b399a4c5fe354b536fe59d53602102f215d5107493680ab6e181f67d75ffd45bf49ffb23cf9269b856156b5ac6b1c5def4ab1abb18a +Remainder = 57131776937c5df9 +A = aeb35966e2a616762768b7f63ce3aee5e81561080617bbabd7846b3ca03fafaaef83dd05b8d16cef40db0a56f3b0ef6eca5e236681cb57c8793dc0907d9aa30f +B = 793dc0907d9aa30f + +Quotient = 1acdb88f047f9bf679c50ed67ba01dd24dca92103f8ea2677215b6142083b64f9fd2a365499dc8f2bc61e29fa176f7d76b55557fa58e34f9 +Remainder = 5065b726dc6b3758 +A = 15a6292c9fb66c6770a8dbc6fd431d2a4b57338581f78d0860fda90182cca563eb2272a79fb4f5a6fc72c90dc23e8a95713b65988b5b3f9bcec4f0466c1c47cb +B = cec4f0466c1c47cb + +Quotient = add8127c0a27c961203ea0351aed5b3c75aa816e9c2684574e55f55c7140adcbf69d2cff843e5f53c157bd60b43c45c8b6658de72062fbba +Remainder = 67f48d3584cf4fe5 +A = 4e8938c8cc46d34e3369c5d8536b18c963dbde56020678f77cebac5f8777e0afc62ca2ba4f533cf6cf7561bdce77b6f495bc1b05f1416d1173a6a288012c7c73 +B = 73a6a288012c7c73 + +Quotient = 688ddf883a0bcc1ff9bd582119c2fea7c059e19aded8c048390a1d8fd7d769666987418bbe0d4cf4b67009a342958928769375c1c0d558acf +Remainder = a5356d04b64ee12 +A = e0c9e32056977aeca72e229d83f0d320fbaf5cd8bf3e033289f46101c75ef59a854982f33bcbcfd200034e8ff439d669a03fa404e7dbfea822664967d67dd5f1 +B = 22664967d67dd5f1 + +Quotient = 39d4d94587fd1445f31457c275fd6294fcb69ba155e7da3e6cfef38ed1272d6c95755bca49007ca62cc101b038d264876f18594b8fd4c329 +Remainder = a34980d5046e2ed0 +A = 2efcb12fb55c923f5c6ca7ae076765059e15d9e75240a6e5fc3db92de184143fab1934c7450c3a380a9851846c9f43d67bc199a314e82e72cffee795d695f82e +B = cffee795d695f82e + +Quotient = 145ea82eff186b7db4b11fa1514674fb9d41c698efb33227eb1abbc4eb78bdb2a280c0c4c47adaf4e010a4336cbb5650becd1ef544e223e53 +Remainder = 36052bba2867f5f4 +A = f6a6c7e33fd4c664652d696c495df387b85b132cfdfe34bbd35759477b4a3c052f610df57e49e85720489e4bb8dc923696400a4a28dd000cc1bd491446a50b96 +B = c1bd491446a50b96 + +Quotient = 35d0c9d870348b113868282aaba22b21ec87cf421519a23b288b150604729356f924090ba038d7400c0ccd4932836c65902b4d3c46a202a0 +Remainder = dc8c7d087bf24b0 +A = 22228c8a5966ebdec64007704a373b0596ae702d62e29e468653b21a890ace2f02c27f26b043f48495687ce8c2ca8092ead21aa250ce0f6ca26129615a2432b0 +B = a26129615a2432b0 + +Quotient = 52fc995a486c4bfd17ed9722948e9ede1c4ac2fe80e6bd7482fc47944c4337a185a506a9ca473d49073e1b813ad742f19b13d57914888d5f +Remainder = 75c703f654ad630a +A = 3473041ae301dd2806da30dcf06b9c09600086d6873cf3ee9d5a0be638849afb56bce2664f797de4123f6f8fe3e12acd32e33a285bb7f493a1cc13a7108327f5 +B = a1cc13a7108327f5 + +Quotient = 1744946730b2789977620f2e7439641125dd338d1b31fc50813b34dea70b83d209330bd17fd527db9a402ad9752c26b8823082ec9971f4ae65 +Remainder = 453a3d59303ec3c +A = c0f592d83649bcafb7e2de1a8a71fa863c1f51b595bfa638c8fe30731c6fca36da975b6f19c657e3ca29efff6febfb311c003ec68189998c084afe4979b5bb19 +B = 84afe4979b5bb19 + +Quotient = 468f3eece20aa9d6473f3c559760793e702758a3d9cc19d7817216392c7cc7c3968778cf2fe0c3f0c1424d7512cee19ac0717952f18aa287 +Remainder = 5904e71034e3a02 +A = 1f0c99a128c757d76ae6dfcd01012f0453c8f89b00476ec46321ecb872f99a48b4da29a4abffd0bbff2b727dfa182652ca85350b4ce100fb70a6a40ab6c41d95 +B = 70a6a40ab6c41d95 + +Quotient = 12198913ef16c1cfc7c1be13f1cc5991a61ff74935e09f0c46d26456b7cf2825403b9851d07d27e0197c1fa2ac5e32e836979a184f14cd94a +Remainder = 33431c3df719f946 +A = fbfbf5494a9c5384c7ae3df6c02a5e1f9f32dc31cd7f437832696bba164bae1a9d95daefb8bc08e0e8e637436fb747084460697b5ef5ac9ddec06757dbe61aea +B = dec06757dbe61aea + +Quotient = 376c2f902566d83c21eb7c3aa3a6fa0482ed52c253f67f00d5b915d0183c2d9a2891c2ff837fcb426a4c990c48bda4f90e0bf69d13558696 +Remainder = 31540f5e05e8b4df +A = 2527f8cafaf7e8319ca53104229199188ab1ca5fe592bde8ecf605e17ca6446414e06898a85e177d6985b5cc6d4eeabd6b222b5f44b4fc1baba050665c090b5d +B = aba050665c090b5d + +Quotient = b8fdd5cd7b2d9295258bd99e2780921cb2ea70627a79088039fc3ab1c62bcfc6307e86db4a7803f18e5339f152063f9e41d370e97b1ba2f5 +Remainder = 4ed4f2d12e4f4ba0 +A = a25bd113c5a8c67ef65aa80f1512de43c9441fec0c41250048d29c406fbdae80912eb3970457d621c552e3af7ef2d6bc1b5448e7df5be724e0adf6f71df7eef8 +B = e0adf6f71df7eef8 + +Quotient = 5421daac8cdeb6acc2b8b0dd85b592f255ee4fedb3a9e90f2a5bedfb0f9f033d7c562c96958346bcdda4664c67848b9d9fa7d3892bc4e9af +Remainder = 7e5661558c345eea +A = 490aef65c81b32f5df76dd58decdec3e3f73bc1fcbdb6aee0c93cd98725056153b572509e75d2cc4b042bbeb0a77d27fbca1e39efbc765adde41a7dfc5c3576d +B = de41a7dfc5c3576d + +Quotient = 156a8a24e7804c5f576cd1757dba44cb4185bc13cb56603b54ee3b70fa35cd98db1992904d4f7d99a63b3a486e6fb31141a9d39cc0301f897 +Remainder = 29e9c1627537e5a4 +A = 5e4a10e772de8dd2c96acd714f7d3880ae8ab460095a01038f3aa9b8ac8165889403b42019a1e70e0e7f32e77fb388eae3579dbcb690729c4671868b0526aeca +B = 4671868b0526aeca + +Quotient = 1b0eff2ff0aeb2c02ee3cc9e0bff808f4d616eb290293b13a6b58a84127972bb417d55e1d001a9720ec72562ef3ea688e64c4f32c7e26cc87 +Remainder = 664d57c57d4952e +A = 806b8504abfbeec4d5923f83ddc071be88e11c4394168854448df96160b95adb1fd9c288852e2f3df3e36916ba5118815ca2e83a6a7d9e074bef9c961e2958e3 +B = 4bef9c961e2958e3 + +Quotient = 2e363b13b0457a0e9effc2d7e297df78f35e5d24d0f8ad4525b573fb2f66f374871291ee8a8ee3d15a823b560156d474c678f79ee480bbe4 +Remainder = 5ba8f49e0ca36ab4 +A = 2e1bb261d98ec405dbb068daac5efeb0a51f08149181864e9dd6bf6cfcb617b76d8facaee2ef468807e0403bc550d58e8ad9e5cc0f094b02ff6d0277fe642f44 +B = ff6d0277fe642f44 + +Quotient = 149a5b1a81b9e47ed36be76252055bb202dc25f8fe7beaa1ce59c279b32941cfbaf8fe4555867850b2fba43b10b74534db82398320f9786d25 +Remainder = 1ef621737e81780 +A = 63de892cf5df40c98de78c755c99e94e0e76cd5dc0b49b8856fe69dd0abcdc535bb1416f0d02b4eeb54e8a939cf7ad4edfb7de4dac87523e04d8ea8637e50920 +B = 4d8ea8637e50920 + +Quotient = dea8a9211974758752d89965eeeb93cc616f88ce757ec2809f829cbb8d99b4ffdc3f0f643779fc5e0bb53b5273a5b15965f4a364863592f +Remainder = 9ae7de3edb6c7edc +A = acd5cebd069f7febc38c318867ba3a562bbf8ea9b19a6b33538ba107e49439f8ac6e880c6267c29b39141dbe2273d93062464de307efdb7c6b738c0bb282c3e +B = c6b738c0bb282c3e + +Quotient = e9149b347cdea84d740be70060b239af000c4336ddf36fd5159083b795c4763588c87a959df0104212a04cc928baf60b0ea72e8cccc6d477 +Remainder = 3ef5c6ee67e6f5da +A = 6ccf1b8b406e6a106160e73ac4122a04c0814ef5a47708a6776eb52002d52772d3fce3fc05398172bba191390aba925bb23aa1eee626410877822f27d1e3cb09 +B = 77822f27d1e3cb09 + +Quotient = 1606c2fe44cd0b780ee474a9c7daf0b2bebf62db0ba8ef5a99fe22036019890a4c7dff73e678965bb0e2a6e61d00a74a1d33dc1106842115a +Remainder = 7cf920ba2897f714 +A = ef9a3983f26237576311a871e4a3df0538593dd0cfda58ab90b889fdb35c700f7d158abafad127605057ca0532e846992c41ec06902ce58cae0c1fe238c726cc +B = ae0c1fe238c726cc + +Quotient = 8ccf17de5068451fef1c2808c62e19997c7f920d5cc0fde1f5a247cc57c6d730df553cf33094b786597a343a0ce9e4bffef568247e904343 +Remainder = 2689c40a54df34bc +A = 8435babd279b7a3833d01988c58005d4557f7689ea9b7168ef42ce2b31a1a3c32a982aff654f271a651085335496dd826ee4b3bc27f58920f05dc6676e51c662 +B = f05dc6676e51c662 + +Quotient = a9e78c48c779140b1d15843089765ce9ece3855537ce88cad3eb7aa7bd6ec72df65adacba2bdf6c491066406bdc3dd3dd734a70e93eed958 +Remainder = 53da0b15ac079ccd +A = 78550cb7b58b58d6878b615dfa25a5b90a1ff631740e631c7f8829962446903c686c810c46a1551b6c1f7a89ae898435bb8e36d1bae24a80b54edbf4bbc9af85 +B = b54edbf4bbc9af85 + +Quotient = 1e3b41304ee07f6baf1ca061e0e28a3740991c6ca2749eba70d3ea1f9cba8adec45cb69a31cbff22784a9e056e884713c0812e8c7981e49328 +Remainder = 3d051148ec43a72 +A = 76b9453d315e7a9c592e1f2640f5b6b90a65e7f2ff8ac24b9b47e35abb76fa5d303be6d501b341a882bdd9d2a1c81a9280724673f87fbe9803ed5a2e7edaeec2 +B = 3ed5a2e7edaeec2 + +Quotient = 1921410e1a538a71d33d9c5de95593fada116200c399fa7590ebc374282570477f5f4abdd5166784ccee9671a1a23b96378df62168049f6b8 +Remainder = 1a1f4aeb882d7546 +A = e4aa84f782a65d376b10e7789a7d56695885aae274db6cb37e0a34414397a57b4a5f76dced11376af5fd11d31828203e685861a6dea239789196fe73d0e46116 +B = 9196fe73d0e46116 + +Quotient = ed2afbd2e63617a651911017d9d02224d521e99275ab642ad1a941827983b17ef0f2067b5405b20e8e97f2ae6099150a1989df94276aadee +Remainder = 4578107045b9cb81 +A = b547cd987638ff7e3c30fec9b728bc10c3b8cf16e7040bfe0fe9a26e44d2898c4c4d28ef525cde2b4007b2ffb3aa80fc4514a99b9aa2e112c3acc56b72ddbe9b +B = c3acc56b72ddbe9b + +Quotient = 56181509251931afca3bb9dca21eedd6ed4226be67497d8d1bd0ec052af146993e7358f132e842f9b6c4934cf1b4501f5d6c5912e65c8d3ce +Remainder = 1b9861df51429a6 +A = 32988a4e0769a5aca200f6f6f1498512e13b4904a9a311cd8a962fdd688de0c6e50b04f42cdd2cf8bf9b0a6922657f9ad195773e1250f85509672452618da9c2 +B = 9672452618da9c2 + +Quotient = 1fa45bb973dd1d2df0002772afba55284a1e41f6aa4b0d1a6c6a4beb8ae00b52e88a9889037b8bfa9b7ee38036c57b713b48af156c3f9e8d8 +Remainder = 2525d52ecdec8814 +A = bda657ddeabe24c82c883e85822941bf64448b7cbb368468078101289b6fca36680b3884e35edc1fce5a5cdbdfc11359a1ba8ac0785c09ba5fe5cdbd30726df4 +B = 5fe5cdbd30726df4 + +Quotient = 63e21f5568d07976aa81a2690b9e81b76fc3291cdeb010d1693d0e80191186815c7b2f83551a5f1b172640425d4733f06f4df1b2c8a7e6ed7 +Remainder = 14781a368471ecae +A = 9f3dad0b3b56de15ac46cde1d79aba6a2f3b34d685cc810e9fa3f2d865bea4afb480d58653630319a258e9e8ded9be93cda3bc52b80a9359198221221724cc3b +B = 198221221724cc3b + +Quotient = aae37878db016dd758003b85ef52acc7288b7b74c4723e3876a710baed4751d3be2ae49123b248f2b2c55a5be702c4428b1dba9b8a6ae8a9 +Remainder = 6c754d5c167e1228 +A = 4b93a98eb7b92cea0a4f5c2223e77abdfbd332b39f295b4ac40f71625d88e4add7e482adf3010082d8dd8854cf714a54fba0887de87946e97137cf7eabda038f +B = 7137cf7eabda038f + +Quotient = 9881f551c4b7e67611f37df29e77cbe4e2d9fd5e17b7da3d013d6f3d4312e53dd26dfe3a2a12525cfef1ef81e6ebeeb7ef8fb4f918bf15ee +Remainder = b14595005716bfe3 +A = 7737f8e7337160c14cfa8411236ca0354d8aeabf389b9fc4b14bb2ec3bb68286f3d82eb394dbd8062862b955e9fc8e86eb646317d1315d09c81ef51b30288cf1 +B = c81ef51b30288cf1 + +Quotient = 4c8519d4d85ccf845fc5b8f31c27c60f0893ffda29ba86e8a3fd5fe67de5d29cb29362679abde996039b8febda2ecf71f6b9e1c1874361464 +Remainder = 10fae644af084f8a +A = 900f7846e927760d9986894de6489e53cbbcdd59f7707917e7581422508f2ce79b77bd2c56d964a41e60baa927ca679faedcd9cd8102dde91e1f583ae834b092 +B = 1e1f583ae834b092 + +Quotient = 16ef17b40bb73063f3cd0929cfe2405ca0ff2d3d426ac05f8a8dfadc85659105f7f728e113baab59247c4c7936ab975c08d6f1c72c12c532 +Remainder = baff11e6961c72e3 +A = 130b212cb6f3d854e4f17524953fd8592f5e59dfe92fc7d955e2899d1dde1ae4aa20d749caa349ca8d1bda7eeec2310532a7af54660e2a1fd4929335a1623bad +B = d4929335a1623bad + +Quotient = 1cdd7ee2eff733b83beda5b862673177e2f2151ee0fd9ac0bf0ec5b7e05516f1d1b59ea754b0483d0e4bfb7668bb99117907a58a8ceb78028 +Remainder = 29e33e0c2a515780 +A = b0131ec2c1ffe9a523591a9453d2fc740bf885e7efc1a0158905da1e646745ef1bbf39b406564cb3da2f842bee307b36219bdee5991c969d6199279c25d4e380 +B = 6199279c25d4e380 + +Quotient = 20bfcd06f9c54c537ae563e33dab31047aa30a6bc4e7eb0902bfbab3bbb7e65df442c46625c39e08c88310116348e9ebca2450ab463727f90 +Remainder = 11d8f2f6d4c1f55c +A = cefafbaa2990eaa88184162ecb118d20e5999e5a8fdd25ae7f6248650ea74a8cfb92c58efecdd5d31eceb618f1596d7a6bfd31d092cf86da651f629975faf91c +B = 651f629975faf91c + +Quotient = 37204c5735e4ba5e47e845d8b652cfc2b1dc715abf21ea0ecf5b1c6c8b9e596591fd7a7f41787be1a028c147a721ebb891b0abe3bd079b589 +Remainder = 1ee700ffb0ea02d8 +A = ce22d36b3cb913b32bd0e25cc14c7270d3f7b8e600a9b6732377f846adafd7fbd8a09d12fb7011f2283d988fc29aa25948dd4a0f24512b4a3bd460ee19887d35 +B = 3bd460ee19887d35 + +Quotient = 191051194e4362bb201f5471d4bfaf92f79b6fbd119ca3dc1afffba334869ed9f8acd14fc42a2d8f616d652610a483ad90f5140e9a5ca4172 +Remainder = 74785b6874d8fa37 +A = f3c79f9a6af1c5bec72218d969620149afe8bf068cf7a7aceda977076665bb5a2c30729ac3aa976c9be379c6a5458f1501db8802652ef69d9b9f4f097027ddd9 +B = 9b9f4f097027ddd9 + +Quotient = 6c46c17fdb03d192f75d636e1e2ab4e858d55f0f205cffd75550c4347726b5cfe036c6c901782cbe5a04f1985d9fd1dd39d747d25a6a7a88 +Remainder = 9a836be71a24e72e +A = 4f6cf6e357b4985442a25b5c84e2cc0a5e685e2f5ff71ceba439b81f4123e16db2296dd4333fff23eea92bdbb812daf1d27c721412fa9847bbc9a0bf08879b1e +B = bbc9a0bf08879b1e + +Quotient = -4984390f93e11c9a77880cfbe157dc41d43fe901c8895ac5091c5367a77370b16d42e8cc260058adf4d3fc8ee8cc6c0099804f4c319f15561b0a2b1caa7d703db82a726c9eab569c +Remainder = -19374dcf21822188d720d6ec892bda2c084e8af84f38012da7029a3c3660c7e813fd4f7644ca80373575ff98ab6d743e939269c51bf62e04f +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 330af318ce0ffdaa92448777ed117de9c104e0f975651322c8e01b1c470f3cfb7a78b11f7daeea57614cec37d18b89155f19babeda0016171 + +Quotient = 1a56f7d6c06a316a9a466319cbd558a99f06843782673a54775d859768a61933de3fc410068d00d5f6ab13fafc9228fd40ad41434501f8827bd7461441140eb6977f18d102d446 +Remainder = -3c3d566cd48a909292be2ce30f88ebb68e9122a3359f52d1d7b0189c467b829a9f226c0b64845715020dee12d179913ddb7f17da2db86d854bd +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -8e770450768d07ce20ff8f5f6af464b1ee5f1d0e8faaf927a19d3ff801f6089378133e822b8e63cf29c4c9ed721adfc91d3355a3c7bbde77bdd + +Quotient = 42131cf8f52a6a3f189697ce402a8c9439bf05cb3dc1cf8bc49dc2f07cef15b3bf0102c941b5b3bde6440abc6eacfbf77ea8da06ce932fffb226b33dedf001e9657464b0f06 +Remainder = 4cd483574fce075404dd22072abe61200fc455c15b382c7f2962ffd82c38ec1e2c60f71267cbc35fcf77fe1f9301d6b5f884f1c416304aa9f4d4b +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 38caa64e74b29a7e9bbf341edbab112a730b17103831a9ecb70ef077e9660b2dd1fbf71d7f6bb4cdae2ed7cdbe9070ec9fde996c91b9bca5b83450 + +Quotient = -11d6883fcd705ac97cae5bb7f8a2929d6f636f4f232ae9a4af9769183dfce9a9296fa0714c3f4fa1eea467a5c96a484a59d0cdd87496b9398e7a818daf89a58add3a39e80 +Remainder = a6b7984fd80d719ffe2e6eb756e4e3bd7ab51f6088e04ac8fecdc744b0385294dd23b5007910109abf40cfca814c10addcb5330e422b6f5eab6efa2b +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -d25d50f53c694cddd56aadda2654ae5888603b39cdbace93d19c117af5505750aa24e615f95446862bd693f5b444e2a876eb2cf49f6c7acd007eae02 + +Quotient = -3fa898b02c621915f44b213ba4e80b8e85c7a2f4c78df2bda7d99494bbca3eb2d9354965d83e1c9001f10aad9b3f3ed837a630b329f5a4b28935158fbd9d291a120b08 +Remainder = -320d41a3875da2e83ea9a83947f5abb1a7026c84020e983381722bf7aa87d5987ab088cb2c37fc3781c82c81bef3263fec560023e236a747030618e9d2b +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 3af2721aad4b18db27842b5e539d8cada9dcd7ac4c5b885065dd2496a6f76fa73c8a51b239b5c068ea6feffda22d8ea806fb488ad5a94210264597edb40 + +Quotient = 179307c3e14de14a744d082825ed723b996a4e15f156ac473960583138c43f4275b4436c50ef8f21a7b450a969819b81c15bc355fbc5fb55cdd8e124d931d142851a +Remainder = -9c8eabd36a25e995c1811b79a2a0357f6aeef4477cac0ffdd130046cb2a647f928a34d91d9b489d394965719cd58604b957c693a93145328e5568d33d88a9 +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -9f2d3da1da77914df66bc889a40847a0d705d4648a11f282e09173d170e96d84b5a45092d995318fe7a954b54b88b784423402519a38bb521e84a4f6c5485 + +Quotient = 6c0f316406afb4cc2aebe34f7948422de0b612a02dc47f4ae59419c579fc465ceae1980a3e524fdfdbdfad4862f168a9851664688c9ba01a8bc1ac156a6276643 +Remainder = bf52a2fb6493eac22fc8b334ccd8e8fa347620539d9189d535373f94503310a027c5423197c7279bb51ab8c459e27f548d57b55740320e80b753290d077aa7f +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 22b9e55639ad3ff4f071a49c8bba6bd9047e162fb31882421db8ec5ce46f28fbc35040bbc74ead5a948c47c43e9c7adc32fa52046b53f12b07b5224e0d8e93e4 + +Quotient = -1008fcb6894d8c411905136fb3e05b38ec5d8df35db06379fc2d6d3e3579bcb34fa6e021b98b899d9d082c111b1a6ac8e50418fcd5968ade6aff8828d8e4777 +Remainder = 3d7dca387b00c677d855fc4af4d86d86331fe4309929039e828765f0937990bffa964d3ffc5d4f2f4b8bea978329e7cedb847c7cc341ee52217f903ddcf9446ce4 +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -ea045323f406bd7ce25b3ab4993b5f6dd92ca80e3a02607a862deb13470ccef229fad67ae958cd87fecf4f08d9609595077d0d1360d9fe48c4566e237aa877e7b1 + +Quotient = -42a50301031962754ebf9c4b1e125e6df3dd40ffbe09c044b1cf4b62ffb4f92d298b05933a450bcef65e86398da80740a610ba45928000a5c12d26e9f6a4 +Remainder = -c5485b82cfefb3f980e0fc7c6cd89b1345a8fb942299bdc36ed4ff8916016315a0da84ca0ee2824dce3c7e5ed49d517c45173c9c8e30b224940af6cf828c73db8db7 +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 384e523d5a687bd1a90101e43334894b6a27e8c6809a8bf5bffabc34d558a8309997dd6f2a3b7c1a63100dcc0b6647b444ef7e5aa4a9c52c7caba1ebd096c3fae6f95 + +Quotient = 1054439945ccb5bc5461fed04e364c7a36d5dd2c0428872676debe07654b2ce31e435a90c81f2bac1032143acb0c49ad101398feee8426bf270bdc0229 +Remainder = -7bf919e14b2559ab82b3c1bf428d083a4c851a7a1fea44718377e9e945caa5cf48e0b1ad727e251bbb330292402a75ecd96a56db4ad07146533a3ab5a717d0a25a3a7c9 +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -e5cd83a644ec86b94f5e33d4dc307a2f14ee8653288145dabb2b5f894560c164470197fb9e37749656f47df343c245258627aeea17965fea10a57336bdc6b4a47443492 + +Quotient = 62675274798218da426a54ed7158f8f737b7b3c328a9c351371f0cf61f41712f9b28741f187eb635ce45866762fb5fc5051776151d202e2556c5845 +Remainder = 1aeb5d1fde3c259917e430e6790b00484d0d9508391ba6ebab0f6299190d4b34f5f7d8ea2174974471a1e28ee2c15e05da645db971f699d5d0e80569b7eba7908ae579f5ed +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 2622350611b486e6be7a7c1c073c230d604d782c2696038a3233ebcc3f01c6a711969094e47f49e294f2c5bcd04fb1b7c0934f19bf6e7aa519a8d4ec2c172ac59cc1a57b26 + +Quotient = -12970cdd96b92c37787971cd8dd166999ff241be881eb9543ff29165a9c1a3beeb38b1910a5724ffe2b73ab95ac1ca88d3989aa531374d4ec6122 +Remainder = 627455cb555398150e5b4c1c53ee16dac8d80d9616ed1ef40031424287f8028a9cad1a10bdd8430f6f65368cfd00390c8d4355aa5ecdbd1ff0266a1ade235f33cb5309446961 +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -c9dac93cfb7abaa3fcde359e09a92ab0b5c06359bc09ae9bade3c6783064dba90b233b4c8d5c6236a13ef96c7a223e37bbdd931eae61e845e5a10088f75b3ff5f1158e833b15 + +Quotient = -6742b3871dece5986d4e219bf5f43c101da8896f247521fa286fde696e0b71ffeb3b6a3e4f33710c9ab150b7a1f747cee76839c5e7f2509f62 +Remainder = -203b2d6eec9d485f7b439fe9d4c640bb31170af38418faf4daad577c30e44ca06efda55ceea4fbd959b3809fa2002b6e2cb891decb09334ed89ac66ff05502036b2155ff62f8aeb +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 2457088096865cd052e9cd9349c6e5e34e46c89d6e860a36f8e2a0bb1e5d983e07d05e6f6b31edc67e4793cb4d40979c029c80a13e654b66c8acf6b894f615a3ac800bbd09ce020 + +Quotient = 15eafc416460d757d0abbda8d094eb535262a71dd033c25e704a6df54265b6123247e5625da476e0c220ba88582a1ed94265135bf8bf1fb1 +Remainder = -64ccd9a0ae0b0abcb5507d51b2e6c8e52e67907474605c439796febda06eabd8a3185fdfc0bd088cc49fdf564b5b45890b07269c15b1aa2f993cd9872b97aa6cc37dea2f03444b3ed +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -ab34d3906d8a2b806b22c73d44948d703c1e05a9337f75cb0b5df5205c5e2d23f8a92d8381372f9398c9ac2f7b9302b83e48b26512ccd0b06e6b8ef1b930ec2678d71e2eddbf7349e + +Quotient = 3b22916d9fe3145fcc3b8872bebf5aee4e14235f618e0aed09199852c6bed80df39256d8407d334c06f4479f230913370b7d451fad99d +Remainder = 1b02a7b97f9ac1f6306aa00fff0e59f55fce463ffdc640364a950df29474e08b67cdfcec0628e973d42fa1e4f98e988ec4c47e4915651a1731b71d5e36a10a0d1b3420427dbb79ba7d52 +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 3f74cafe9ab0c1b307cd7571fd442665fa3205fb2f45b3811b92d1d38b096a2025b8170663a29c52ca84da102e62048e583fba96a594c0b23952fec587814857c25221ff2cd0533cba6d + +Quotient = -12ffa4b6fc369404968911c17358012b993c18c2ff34122e06f450d3d441926b5f5638b40efb012d76d8bcd3c0012d0a0ce5d55c596 +Remainder = 64548684fd5f6c816bd296234740a4eed772570bd4a48852462f9cddf14f1350ce7c7c6a58aee8f66ad7df87927458db09e3af08eb5376de08444f35e5171cfa0992fb27f70b81574f6e8f +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -c58383afca9e1c480ee75d3cb6b0b99ea42e827d39fc96bab6b0dddc97e3eaaaec02a74847f9f7d49937f5ade3580bfcd491990737d172d4079437067251ab403c36a9826e974b113e2d2a + +Quotient = -4964410c2b038573107b0151b36177cdd62495e0dbef536b59c8aacb8836bb45e7bb014e5022360621e8e82a273d0d462b8eb6fc +Remainder = -1250c42f8c9b129a5c477be446b86356edd1b19409d362c3a5fb5d59c30f1c3fdc1424a88a0d6ce20bae885905d98c8a5a6495931f73edf4c60112ed78834e3bff6de3ed54c867fbf16a1cd53 +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 33212ef4a8e80daf1049ac6f639f8e1990142ac32f7ebc97675ec90f8eb1a2814dfdd295ae67317253d0187ad33f3932a3a7efb056d0a3c87d28e64e23e9f1de751ee6f0f61c6f39d08d72f0a + +Quotient = 17f77efddeed52ef2e423bc2c10d2ae15c97384b766f4108474964c2a44789e61249103d9f5fe00b4d612772dc6ea12a42e395 +Remainder = -1ec95323b7b95169d5ec0667f3cbf683e98c15dd0fe44df4ed9de9586e43f1f69337e41a6d11d889452665dc0b03cf8d9ef2effe0b350eeb9f6468751b8a2c42608ba2a33192b770cb62381a966 +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -9c91fdf2dd1827ed103a102db254630c278bf8b47bb12a342a92f081acbdd8ae5f5476ae194e24b187011ac25b19fd09e6e690777f9d3efb6b3a32c8f5905e1478a27fe4b1adf17a70abb4e7571 + +Quotient = 4f5dec525ffc737094f40d27446ca0be5b7a2aff02d51d99609165c4cea0dbbc1d92bc0a8680782b616c149bbef7f5ca912 +Remainder = 1bc84ce56a9a0c74962681c02ac927051c81f3824d9f3f0f91465df333ecdb449473d9c26ae3abb9509add5795e89ba5eba6ec7c89b114c86e6991ca0c185b34d6e66925a14fd82809dbc4936d273 +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 2f47be01e6dc6a86097676fbd472c2af0c83a2f743fcaa885e44fda7e9f350e9fb7a8cd07fda59ccb7963f1e95e6a1236f5f94939decdc85afc0e523c711b24641c844cd3113c17fe35ca988ba407c + +Quotient = -163cafed5bcfdeda88555f30bd4cc2da2cefe2bcec9a7c19c36ccd04a45121a5a0dc28d0bf6ab7fa4b78933c47a5d5286 +Remainder = 93f856077f5b2907cefcddc4d767ffeb0acb7af64bb9dd8a15dcfdda6c244c24fb8404ff9ea2fe1dc337faa05930d33cac4f61e171d0236e222374cb3da76396ae1329a407fb4ac652fcbdc568d0fafb +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -a8bfcac452a5e48fee9132b73bc2fef771450143ab80aabd8690ce54c9b52c2b5a669076a7a35fa6d926268077bec6d90b722b5d074f28ce3843fb0147e567c45f4e91a11416c082762e71b5c6129c08 + +Quotient = -617dbaeb8c6f9d584e8eae923c872048f9f9bf039ec6b50cf8f09c061bf79acc3311b37c2502e560848c05ab316fe8 +Remainder = -1ab4613767c4f1f7d127e848f2bb7c72a3a9e1dd6173b63198b80d3bbebce6a31494f19b53ad9e3a77248e6f9b26fc59060e2759a20dcdbe785297bbd912da9a1819527fac550d64bfd20ed1f96450c30f3 +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 267d9397138fd0374a7a58593d41627ba1203a646ec2c04997acf607e9d217b8f40183d2f9304447d6f7e727a476e636ded4697a5ff30a9ae3d249baf97969658209c1b32ddc0edf920b0b278e9b5464313 + +Quotient = 10ad85703fd51870306c5e36b51512341d6d39e0bac47a03732787b2f62e49c76666f7f49b2596de6cb5c5b2f31b +Remainder = -846b4479713bb19ebb8c1f1b75d2be0f39fc1095a3d2ca149b5565146bc19382b86e5ab0d098ab1fca1ce701d582400190fee34b602845c3c0c498925710f0b9e3af2412ed5ead1fe03d77e9b2b407ac83823 +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -e0ffa4e120f2f46fd1430b6022fd03f71a22f9b120f8d40e901279be235b32d94760fb8c2403d23cdeb728ae73e2b16af7322d6ebd5f5673187668c99805e700f1e997423886bbcb851448dc1ed4cd66d6598 + +Quotient = 41567bbf616ab41da51108d7edcb5a8a4877c5a8663b3aed7559421b1fcf4b535a54989efedfcc935b3917fcd +Remainder = fc026e554a0821e0d36b796fe6a676fcd7383a55fd6158d78ace4edfc3d8aa87c65f0eb41baa2aafadc51218b0562ff4b5c9b17bbe84afc491d9e309217a5138ad48dd51e1b1a9aa51d69963b608ec47d63fcd3 +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 396e9b45ce43d3f89386cfad8ddef4b483ecb5173234530c67447ab74629d246c18b9da09522c77f598957e3fd2a1c0c9417399912fd547fb1023ba6b90d63d223bcbf3e7ba155e51bba7e8635aa5c39d2b9dbb8 + +Quotient = -18f1f395347ce8df530d9330c61c0e30ac9531b50a0af2ae7809db1258285c15ba7a436121287990fcdbda2 +Remainder = 51417b9e9995de34316a66a2f70c146df8e36952fe64124819607bd8691a465f4fde98e590dcd56f0faeb95d1b67751081c2393626713c27ec2a2123aec2a4ec3761e5ace4aaeb612d46e52e16d72a186d2ec8a7ff +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -966dfc779cbf9c388a84e947d1128e2392399ff45d9491259c7cb19589154f82f41e852e0c6bb5a728f6e87ff4ff95abcb9b2b57af1b6b7fc125497775ecc1338e4bbcb5315f7afde4e283347184b908545211afb6 + +Quotient = -3fd962e88dc1d501fe9335fff8b6b2d50eea967c3035a3dcbcdc9599b81f9a445ed5a6ae7413b8865fd4 +Remainder = -97f06f6155f8d0ee6850728192e0b4fcf55fbd9ba982c5f1d598ddcbc4e1c4be0e209fefa6ab3b7eb2b4c645e4dc40217202285ab0a7270d085dd9d4fd24e5293faf6797b4c3c79bbf3ec63fd82942549f9e8f862297 +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 3ac566d6b2d18572360fbdc626ec488aa316a74f33d71a17a2d0e1d2bf26395623eb91dc4abebf2f944e9bc3d669fae2e4332088e9ff9d9f43927a7888b1390ef60f05efd6e63ec606ecb3e164ed6dbdc9d088586aa71 + +Quotient = fb5ce21bcf28490afb64e6746a1a81792c90eae17407c0b4c5ebf2464eeea43e516be2c615f84901d +Remainder = -3d255bf94c3d610c32266fd472d070c0f5e7dddb88d32723b2e1a20709aed2faf28701e0d0227c2b33ecfa9e708e5ac354a97be732b786210d86f1f05d191513386c580b1ad1f4ac6890f87fd0d4270f23cc5c2064502c6 +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -eedb64a6e204ee3d6df508830704f1d5b2d2e627698d38a114c07458ea0befd593a80dfd2e08fcb1893adf57061ec4fbcd3130692de7c46f5ca51361e9b79bb7a91963618b8e5b7591392a5f0e3be954e8b9978c97f12e9 + +Quotient = 6933a3123d0b32693351a834751345300c49324b861a663e8700bdb3b70ad996747b284a8ea5c02 +Remainder = 13849ef93cbc77460c3c496e8f31f7e01a98c21cdfcd6877547161f9601680665b394933d3a0824f0d32854508c89f0e4a0873280c779c7ca636cd89cf6ee5d42a917b4f382be3b9654039f623c11b43164827f870fa0f0781 +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 23ab6042240a7709d43de7ee17332a9710bd0d913c42b3591341527bf48d5bc30abb962482292d45a15cb03c9457cc8d78d1e00aaa63358427b000e59e4260bfe1e2cc603e175d7fcf02bd9f61fae3740cb8e10a510ea3d1d5 + +Quotient = -10e67cbb33dc6e24765893a047252766c2bfad8385150689dd4fec9ef495dff63ede1fdf78bb6 +Remainder = 9dabe2cbc734b910fa1bd25616daee5657d25b6e4dbc2cd93cf8549715c87974a8336fc5070d86c11f6b670d4b3bd5ee8ae3af2bb321fbb4f8fade3f5c6c2d6c366b4d800dd13ce897f13b0d3fb79f1d9ca525b4e7286c56ff29 +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -de093dba98747499f2876c8b6b7a6b9587284835ae35f0716dd594c826cdf5b9179f2c6b08d800a77a6936602ff2b64ee0b7c94493bd5009633f5bbe423454b7f018ae96c21230510ab4bf5db394ff153b0e9eda3ef90eb4c253 + +Quotient = -521f5e35300b9ec2742ff472cf61235dfe2e449772afa638b1adb812cccf269afd164b7602 +Remainder = -2ad10e8758e1d358d4744ad344ce319617027107c0b8db195d1b58c6e6035450c9b377f026fdf9e5737750af5615cff2ac3ccee623c060d779373136d48a735b353d64bcc5f2e6ea1e46083fd799b5f57dd5ad0ff3e6df9764af977 +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 2db1990ba1e353a1a62de1b914ccb691380b6ea937c13621a29f0a40ecef460cea52cfbc77d98706fb3c9939ceaaf962fb8003b0cfb40535e0dee22e8e7d04b5648fce2e58803242c199421cc4b26cae776d3603f2ce410ddd1e0da + +Quotient = 1d45aa6fe6837a1b7ac95efd55d1690b66487202949a286fc85da7ac0b50b860215e44fb +Remainder = -7984639b596f1d4e6efea9d8b4719215588620ac959034b303584679a44fa84a4be0c89fd2e29f54e62959f9b7a858c06b0cc051176af82d4b85e7334555ba11c39e6cfa1829995c383ba81dbc220e527e90a1d440c1d069703cc1370 +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -80316fdc405bb002990d3ef7d0e98defcd1f0e370d1e51db2d21ecbd96230baf69d00b168afcb7b8da9edc3ef7f6621ae5c5a0d7797e5c92283342e42468dba1036fcb2ffef1f493ff97826477364f6b5a41dc56d6389a01b83eee041 + +Quotient = 3c0c3f7a777e611d1bd0d17d669a1ef7920b72ea8de06d4b415a73b836e37d6cf0780 +Remainder = d8c77134a75584ecd5ab29e97a909ec139464901f9cfcb1d3d9e29a63d204615b6845d466c8710873980f107c40ab54eca9f8933ef6d726f9bd0f3e9e97eade5eb1a9bcaa7b01b6ad51ff3ecf67d6e4d345f128e990494a2db434fcd3ab +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 3e7dd961be36c0c286eb9e78bf3b33e6f9bdf2c2137a0c660f1d21dea31ac9a044e526bf47ec8190e137a60f1f55e947046b9cd04a2485679e48cac80a1bb064a915208889289d63a6e338cf7069ad799861c31ec6eafe02a4ef2c2641c9 + +Quotient = -178d749de2dae3a2ea4898c59aaba98ad9f340762040f5aea13cad45a793f1256ef +Remainder = 6c5d9b19aed9f099255b6e3d251aa50d1e534e6c86d82eebe097dc8dd0748201e48ac62eec070a999c21f5c7684e5a700212e9079b5fb731321dd1e16ca82ce80c1f5c17fd1720f1353bb90997f47f5fce335a43a6f59facff0b3724423393 +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -9f52ead13916f9807d0cf0c6699578af52c54816828f22de62328fbd7b4fd6c3740ffc82af4e24892092c7ecac44b5e775944445e6615fce25610984030a345731f944128f5734e6e315a0ea97aafd7563105695d026880d065761687b75e8 + +Quotient = -4fe43bfa9417839ee408b254603c3dd176653b6915a89de5b781b400162fbed6 +Remainder = -1c15816e03751a203ae23c48965c8541849b09996bc81d28e28d7871fa87d1c3b2d383c056d3084d7d01d853bebe270fe2c0839e71851e169d417c47caacab2aff8a8e05f65dfb20eb17ed8f67475702fa83087bd868246cbb885d52639797b85 +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 2ef8419306ebfd215d9079c7a2b959a53ca2f4553845e3cd32caab2635c0e77fee8c5c016c121e3cbedfac57f810c132486ba78df9e719a976e0112516893f14cf9b89f95a89aaabf31cce509ac8e7e62ec3833f0be4336afe6d7d73518141d39 + +Quotient = 127e8c06e12943017f9dd57ca24dca0ead230092811d307386c81b6efe009c +Remainder = -24f3431858d5aee412443feab243b465b849f5dc97e4de4db88c7adf774d9bdda65fa0a28cf6b18eac6078b00cbeed2ac406f8426aef868d4b59ab045825d4b0a18af6c9105e32abc72fadef55b221278d329ff6fb9019630411bec143c4156df7f +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -cae6399216401dec0f8ff5eaca884ab061469082ee3a18e49e0b4d5f9cfc98a598c373249a8ad2374e0b3de71370e93a98650684fbb931aa5d8b4482cb0be142492bb71743c251346df66896806f926a4a5dd4c16ca3294f01bb998835e6583d29d + +Quotient = 3f180694e59df85f48ac02b6d4faa26278af9641db18d79f198da5d802f +Remainder = 36cf82dcf8c7ec783b4de68e0627a4a4b2a508637c176de09feef62dcf382bfa5d8b88539b5ca2cab6cbbdbbd0e54c092f00ee13f4a352cb570034cb0a012cc0fbdb6ed32967f3b81d146f352139bd3d9a5c27789468b7d79b84d6a8f6085f859532f7 +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 3b7983bfaf565c5ca444367654a07b8bc2bf7fdc04ef12128c392bef2f6b67d9475b4d2f0ce1c380913aa98616fbe1d74dc5c9d64df15f5c9b87a8bfbcadf335a6e8f863c7a01ac175a7d79645ababa5f961fad7d1b9926f7284e254fed33765339e0c + +Quotient = -11f635baf7b7d613e84dc38978a21ade2f4cd741d0c4f6ae592d93af9 +Remainder = 4317c686dfd56216bc4865f8dcb6a3446e13d8b33861e74d6c4a3223c387ffb8caeea0141049898609ed1abfc2adbd21756cf64a72272aab6c0b8f2177419abcbf9086635dfbea80a7b884181f2f2ec9a402cb0505e8208909fe062d5e6dc7094d66af62 +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -d0ea50558197566f22704e66a70328cacd6f4b7ca9b00c16b7c4b4e7dcbd47c9b2526b3858ebb4de7a571ac570872f3b44ba1fec655c0778a8a87ca24851f6072c5c0b7591b5e67a8cdaca78fa46f201e02379fcb9a8470e4a4971acde36cf501d369751 + +Quotient = -64a078497f85588d3402355bf3e83d25ca1f0ed2c24a395ef6de6b +Remainder = -87fc31ac66a24ebd629a26209ccac1b2c85e52dc83c5240269ae5a27333f33d31152c9470efd41472af034e8536bbe94b0a49e892b1d23db3c13fd84b7395d7e3f19d7d4cb4a4c07dd1860826696cf7202483446452aed2b4980388e7eda0ccac792d77a33 +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 254a85bf512d9159b00a70678239902ee7e15ac2790ce5747c4a4743c6a0851e6a179b64c75acf312dd37a7b82a729246f79196b8a399ff476c48a05f89c29fb106bb06ef0300c4b330a7b2bcd4ea1e82584c7a96b99ec2131c885c5851343cfa6ae4d384e8 + +Quotient = 116a06b1d38067cef9f55875fee1254c8ce39b42c19fb232a287 +Remainder = -c15a797fed3810e4f536e9509564b2142ffbfc0c961ee5aa923d43a824765c05d2a99fef79bfcb6310c77a91d9bc6d0762bd687493865de270c99989e891fbf6da7ea5c7c7a1032449457eb73222a011bb755ff44e4bdce8e86f8aa9f687840c0832f7fd8ce48 +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -d77c14100d19fbaff6334ca6aa504001a1d56f274632dc89d48e1d517935503c26b60c047cab9e186a55b72439761c884f63fdd2a38ca1acc653f6ccbb4b7262e6215e6d00c8829b448b7ac8716fe0bfdbf8088c8c61eee8f8db43b7b5551f6278081ac2eb1c5 + +Quotient = 6fc9533f6d0e6c55494cb1b319ec47bde8e621aa92d91155e +Remainder = a1a70f674cb141a896c4adace0dc58cdcbe2503fd0ad36ce348dc5b8afc96d0f2f8c65bbbadabf2920012798b7ccaedbe8d896dd2674082ad3cc75b54c5c190ad56ff34e8cb5dd29c031656497d48571295d6da396d5f4cdb652732d874a79a674d06a1d7b979f5 +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 21917f48bb8e65646c618068fd9069c06e22ce8c679a845f9c4ec843849010abeee12e2d3c61fb963297abca30813c446f2ae82e909ca6ac7839fb58974fa65f3b5d91fb8b3f99d948519ed56653d50026d694060208cf48e3c757f64885b4ed4328c6f071e9f5d5 + +Quotient = -1abc689fd19523d2e295f260d248041bd00ad3009cc7581 +Remainder = 1ab5af1478fe7373d012befb319b53ff9e36899c1749ea763fb74f7d24624e70ee78faf3115c2a423629528f45295e4adec7b122b993b5c29260558be4831df06468bb1c63e8afcfb1b9b533ec6acf754563d2ae25e2adb4cfe5ee3024611e03a156484a130ee01f3c +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -8c5a7b6bc8ed6ac015ec24efff607b0446c1b736dc8b409e2f433e69d0ca015d70c64b4c924175d0e0102ebc3e1dd96dd4d5bb01cccad229e699f9d8f9ad0e04339d70cd113e93d50c10c03083a81264396f5db2d979d272798ed30efa15d52289d0c72f42582ea56f + +Quotient = -4aa210fbc0457fa7366a8aa9a3acb3f9fce812303ec9 +Remainder = -737bc4fdd3d5496fc7f936ccf14bfc3d93f5b7caf4718c444db7a3228b41015c67aed304fec7704ea8238ba6cccb1e94cac3bcf4764a44bafb49e5fcb0339ae44c0114cc304b9c4370363657cd2bec09bf962ccb21f6091b081e71d2bff8556600576e18d4f78fc68b12 +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 324774e49bb429553c10156e8db122670d6dcaf6ef5291f515c517d7ffaee36ec5ec5ccb4d12dff71ae7a05bdfbb03ebaf4dc6c4e8bfdc165b77cae20153c27d53bf27d92ff25643b4888cb586e773955a1c02ecbf0fa6958a8ec0b832332eab2e449be6e72c48d2f1ad1 + +Quotient = 1c8631a18d189f1fb689f896005f2dd2098e0dae9e +Remainder = -1a1ac9612fc3354056a5378de5b315f12591ee71f0fa9d8a6b2ea2b1c4eca9947e5c4f5ed3d4b78e69ef7a1f5a9894b9c7d85f6e2244ae76881eb06584eaa98c78b60b46084b517f4882758691f91d9e2acfd580d5e901dae14ff4a4fd6b0d7c73450e4928fc6f02fb5463 +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -838df2a27bbb033fa0e581073b879d6e8747fff38539801a1870f2e52d91bc84cf10f2560e93784650fba080304244dbfe9da679f207b6920be46b0214a1e490537e56d99beef3f58b30f311a12283501ad79a5407ff209d19a6efd0421aa144e0cd427380d89bfae5d1f5c + +Quotient = 4213d04b9f0b30026bd355404bee887b22b2cf9 +Remainder = c2bc097d1c20f050e88912f066b658446cacc7a4d510343a8d88ed007a8c0cfd5d44fe5f067a0e81536d121b39f2d0feb8dd053bb5632e3f9c04be5f6bf4091d646860cd38c96271cdba466ef8b7e2377a51d5669117e664269fe3c08a51b10e1e019ac063d670a3c7db12563 +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 38ca0c2f03a5c56676a2f95cd7a69d4aa2085343af6b1d2a71e0d1c54157ec0e8f9125df2a499cdd484c04feb23b1e0042ca908db74744584036c79f21c25c40401d551a65afed0ef35f1ea000fa1a99cb29e6307f6ca0304145f7e483d008cf9efb028ebb654115a8c6b87a08 + +Quotient = -134e043b3b88b31f89ff4bc709cfa1bd2c1a8 +Remainder = 99c1c846cbce5e9a26c5afcc0186bb1e43b2501ab3205d13fdf01dccb9b1a935bc1cf8adf74d58f1c316381577366b6d126da49991a0d5e02acaa678085f335ff8b8e975e5bf2e52a05488ebfc21a3e0d0bc5bbe67442f77bfc3c1f0c03b7f7ce42bd0fedd8a498f018d8cbea47b +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -c261a6c562fcdd56e67fbd2b91027f17c95da43175eaca6e4069c16d240ebbd240582dcde953eea739a4668fbfcdc6af8ff3ab58674c95de90fdb43f64a61108b030d644a44b0319b912bb563f61e520dca9c88f411b32e99c872cf00a01f5badad584636352913b7429b99ecfbe + +Quotient = -448c4922b7a7d5e1efec2c3f41d0264b76 +Remainder = -2599e928027d10d3a11056eb719768e5edb1a625fc0b8a1dd4439ebd30a82bfdf89e617ac7c71622058cc64ba32dc242d96fe3ecb856f1b146f831334af562cf88139a99410dcb869b9ad6ac4826563b400b59f55d8fff262dc920fe525b12b2fa167ec237028a098c9117cb77bc3f3 +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 36be11eb72832f8ae7b6bdf689f794f62cc1c885e64706d14a77a11df9761c2e9cd81d8f6a0ad0cb1696c69afd80c8bb992cda5100cf1162d600515568b9dc9c81a518da9d240888d4984df65c129ac0b4c557b4e63ee5be79a27473ff5bca58e559cb04c4ac93b61545e7351bb6514 + +Quotient = 152474a1a76700598c18d9301866ec00 +Remainder = -274a2f9e2bc5f9d75f9897b28f840b71bb10a3e4e7a35ee1dc1150be61130b4e0e987e8742c5edb75a1ce3158eb8bdb7d657b8ba39436d7c88fbff160c7488ddff2f13b3b95ffe149a3d0d2d406b1737a7671f69c0e5d7074a151cb2776b2d13ca24bec261662f2967fd22339ed6c3f2b +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -b17c79a31d5085b49793b6a6d628109a6047e3b1afc947e5212d0a9ae32b1955cfd6fed07fc60634ad15f32a9e402d7d5f750fb6d1ad958211f9e8ecda8990689e5212cf72b24e9b51bd07a6e0477dd4c02381d0ab6c0ad3cac1f620f723ab004880800736804751349f6bb19d3db48da + +Quotient = 5665f53d5a7405c83a5ff382ec376 +Remainder = 252d055186ec896cb3142c9e4e49c441e2ddad365b86ad21ae4ef1c522d3306c2834d6993a5e1f8c64a1ed582bad8ab746f7e773fc004b1c47814f73560db72f7237ef6e2f671d3b19a8777be2e4c662a76db87ea64f32c48ea371b1ffb15df26726854a417e18afcf49054c6d2e0e337e71 +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 2b6eb2caa3ca650be02fa199e9ea6c48646a76434e268713753a547e49571f9817ad396f2cb7b16d307801fc8892f0af3e7f93ce08f7955a8acfbc0b56add4b4c7ef7351f60e402b9a8ef7fe02ccdcb4b00b7ffe78c7009268dbcf1d606c3a1b5307d9a8ee6121c6a635a742b8bf36b56cc7 + +Quotient = -eeda035247bb13860f228d8f2c +Remainder = 3976edf710ab42bf069e5829de7e16962d1b765f6ae6ad0ffabe723e21ab01cb9f3f5f4edb1d8c13cafc0556c0aa93d72dbcff754ae9260abd294647b71785bb049bbb865a26bba22defc458a14af019a796e942e77d03484028aac2b3798fa730ae0193d89728bf80a8728715a0807b3c497b +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -fb5e55f261aa96f54983869d58b3e9f0757d363b9c43aca5580b7c0380096f396ec79d1b30037702c19be5889fc6376793cad51975100f33ebf43e0897dfabcb9adf3adf8d845aa7589ba1f6d155b25f73dae3b2f835595ad6050401fd4e6392012d06194af415b810b0c10a53bc56350bfcc4 + +Quotient = -5b37eb0c3e3f8f8d9ac6f4e4 +Remainder = -28fde388257b9a11441c592580cd38caf2d69e2ba57d43151c77d26535226e05e08a9e6d8ed470d4354e9f46b7626e5f2b22b652a2d78f817bb51598c727a765941fba63510b58fb3dd5f30717f237da43b42d20bc260b06d488c9c912bfcea1e7808544c58960a3e1355c50c889cefe75d4d9937 +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 29232a3fb059242cae6e0b419ff13c479048cfe46a9063188706c6a3842674b16a1aeaf771c5b0ef401d2dc8a57f6fb4fe1b3c7bb545c18ae763e39421e6a07c4469d234f9fc737ac21ca67a5553c7ed693eede4325dbd132dbd9889d815c02f426801eff1f46e7a52f72845234acc6c153f34065 + +Quotient = 1c7ac058af2e7bfbda9484 +Remainder = -54d7aa6dace87e61e24d87053b9d094bd160916b720d7cf4f740a4fc5a7f03909773d0456c530ea0204427146fd44d3ecec51d8627b5768de1494bf42081a8a4fa97163b0b93b59e70e533f3257723e441cafa4aab471ec4086601021c4462e1f74bebf298ef45fec98fa8e6ea97415f84c93c12633 +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -83c2cdca7577b32c20e9e20fb498a2bceb7174ea9aca09d4dd2fc7a1d3b922797b4e9640c7eb9dbdb4d93c7fb9daadd680c1c7645d8102d77e9c877a9f65b13239f9a650dceefc1fd41ea9bd2b38a622bbec99cfddbc6e88f377cd51cc29fd17a27f3d0d970403a2aeeac6ff9fd69c3bbc5c2b0fe7e + +Quotient = 472df5f4393f33cc382 +Remainder = 16579a289cc776a47611353e158c43dadf0a78833396f8419fcbbe47d90c7e840e2c90e73e563e6c505bfcf691120ab0f1e9ef9c31db608cade70eb8e487b1113a46e2b5c7f4a172ad99b502eacdc0f91c295fe608389e61d030607a94d09d349fe1a0cc46d1e07c8db533cedebcb4a3b89afd8b924993 +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 34b7f6780620246f5a0a92a768072185f02e57a52db1d865c21c952f4386ddb7e2dc1df076316cb4f2f394397cbcde1af0197fcf33e6428e6f5d42a9ccf623f75fae5940873097d4591d9b1a4cbd00074d134272700ab06d901742da695c3ca9d4f917a808113336f883e769fa8051cdcb0cad7cabd1cc + +Quotient = -12b4e74d76bd306d9 +Remainder = 8768fbe8ddbf60b548938d8b4a74c4a326ef335257e5f513e65a7d2cfbe9d456425ceb719407bde3cbc74c9c978970597b5663a0ec61962e77eb351adaee2d2d37f1fb55b5d2ceccf282ea3a0d398be1dd1b166d55dce04a39ef434fa392893618003adcfa61401276ce4e599051ad93152e3477ff524f0c +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -c898a753745f0fc178227a7004d917557cf3dcae2e85e95aee51e137b29c895755853ce2d61f214b80070174cad8ebc2795a7d070790acd335b383f9dc88c01227eeab85f1f29d76c1136ffcc7b9fdc073a3a03d8812c7c561b32d8e69754fff64acfd64994b7e9574d2a7cae6bfd5a6fd61dee7ee993bb7 + +Quotient = -548c97fd02eca7 +Remainder = -939e90e281f97a433eb1c6510668d0fc448f03d737d92693b6362c692167add7e4442105d60ff3db29c03ed06c3121aa4a53c4625906519a4092e4821c918d2264ed0cf088b7da43a222877f3ad9a9fe8ec06fc66b9cfbb44e0fdca1dbe4e461dda9b85231b5b9733e0c78852da83bae557755de3680ab61d4 +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 2c61dce04200e725ab0ecc5016f66044218391bdf650bc0bd31f3749ac06c24707e79526ee459ccfd4bc22834f8d23f391f2e99135f92b5abd0b04079ab75a263c0e98e46edfb440cd865269ed7872e8c1ada312df1bfd6a5fcd2ebf548d7b7d1d75bc36f62e5e9d15262bb8652a8041e5c8f4d673eecb777d1 + +Quotient = 14622572f311 +Remainder = -6d197a84d2ed486327790059adb5c073218c56345f48c15caf6892734fff0aa7af4782738bebf24d984bc8adb3056f67e57f9960001a67fa462afd8c57ac9d60ae6517d58ffb4773b637ebe6bf2473a5490511fcdc576a4c40ed03b3afcb2fd27c57b66a26f6d3f9b2bb101502b1117ba3ce7214c9db6302fe20b +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -b818674faf69bc92085b7230d9335d7bead0413f2905539a54e8d1233843ef13f07cb5538e0787097cb24f152cf54a92e62ef143e31cfbbaf3c09650b14229a4f61a783eead26430949c88a87f1618788abab9728aa52dd8419f5d568e6a109f278b2afdea91cdedca43e562d4bb8fb7f1b7aef13992fa7edc320 + +Quotient = 5cdbb03ee +Remainder = 1cfa68d5da7a600a7ac598b9ca1a0759f972fd9a46ba62e5e96d8f6f00fbccd0ab26ca03d14470b43793411ea9803c9409908625fd74ef8f9b2d7c2064b2e3439adcb684e6f01432a1feb0f492fcdd2b8b5a6cdbd0bf460272218bcf763974be8784e5306c219ee535baf5541b8580952e3690b585fd99f77c46d69f +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 2869338cd16322409d3efbd328b27e2ba53cbf71816ff5c093849b1d866b8cdecbd6bd8ffea0b7787251acb760f85c277ded21e56acef05d29bc728cf44f55be87cb4c8913408a01a1ad53461058a1cf94538f05ec14a6d3eba804264df957de7eb1a61b794a1141218966463dd42402c260c229241ec46afdb5a06a + +Quotient = -f16da1 +Remainder = d8b66b622b5a54963c2c84aa186bfde5b67a3562e07a23a5f6843bdb615a3c5d4f007ad8b275ad7e4c5b1436252efe35699cff2e0546e6dd8c7230d6ad560c51cd54db6d312be32ae4c708e9047c3a25c211e2566c58d6b9291de31612006d4e847c6916702be99b3f7ce40e1ac842908acb7f03dc120aa8998c60737 +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -f8af8fb7002a9d2218dcd0f0c139b8e3dbbd48e25a5c910f6d0b6684bca224f62768b64955580306bac6bfd45b99ad77483563fc7dbe015edc06bee3ff93b0afa8f5866c23c7a7570b366550490c97ad84062c2495cff30717aaa965a8e15e270b504dbd4fa943be4f97a7fd1f3b589bc9fcf4f907a7690d99c978a374 + +Quotient = -71bc +Remainder = -13316e9b053a06520526f579718c326402d2a9686d51a340375cb53d7cebba99c8d1ae93388db0a41cf55d5753dd1174014ff3305fcdbd5b02de9e90c45ec0d2900ebf6ef847c2a045eab7f80f07f01c81b9fff093a779a280ae42239df79de8d2ec4bff6723788c86786fe276ae6a4dc1472442b552258e1e5b597305187 +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 20fe256859a2e4c4f77db6adef78b2aa4758b29ad0787ce7e277bc68391d5949bb4dd07a9b1a79fe890c8a760871d81adfd3858e27d1bd6de33fd31b8aa6131fef9130a50f995c3be1d615d1bfb9878804b7f6494237d8ad78ac219488f17335ae54b494532f03a3fc8e9576cab6facd90c662658878fec86db66bacda3a7 + +Quotient = 10 +Remainder = -23e09736f469c83f280052ff01071b1bdb52b7e2b061e8a1a8c6a4e091fcd7ca0b33ade885d928a11a3375599aedfe554d1c2289795daba08f07327a19a8adfc219592bcdf9fc5aee5961a48b3b1b5fc380eff5ed2ba7d7e564462397fb6c6187254ee41c74602b141d7adba99205d2e0b35da57efa96397b3a5d112751cf7b +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -e849bc0bfd9560cb90e42c8e4e88df175133c14466e530716d89ad0326b660b0e617b4efe8df6b000f517d3cc24d9dd4cafa2773dafd4c6bace0aba54e43c17e8e3ff9497a97ed83e6408aa0aee0e6485dd1d89d52520d1acf4d587422b0c5cd2d5e7e81fdcf842d6331779e800f96628206e8be020ad4021789008a641f67b + +Quotient = 0 +Remainder = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 22004040a65f9b6f120bb7243c638cf3a4cf6fc58c230da932c79568f68e31af7a7b8569aae77af671f8335ae68d6dc1698baa9d6ba9cd633a662101b45bde51d55098b50fabde8546f317ecc2ae7a39521bc075942e3751a349f51ca3c371f3b8a6cbbea3e11a334d677c07612bcdca767194c07fca78ea8a06cc3b0dc6dcb8ba + +Quotient = 0 +Remainder = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -cad46f410062dc33ad4d712c3b743ae2b7613576b2bd7c346a8479ed679a08e3644c7ee4f23b95f1cc9111905714b170abc37ee1003956f64f0a7e876b38d524fbb2436ed56069479d8d2e4029770f7801a7278fff99b3dc76280f35c7d43ee594073f725554a92eaf4f785c18a7cf6669dce5adb0995233241f3294cfb5bd8f4741 + +Quotient = 0 +Remainder = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 2fef69f9745646aa13e0c38d77951161a1f881a7ceef032698da3fce00764959f11140bec7d7f53d6777c3622453d4525fb068da48047609d18d463a8fbacde1d21035963b668ca11d5b9ae66db13de7a7a5b66a40608dfb56d9f9f0c8880426641083a05b5ff9e6ba0d6da3a04af1af01dc218e9b4f6ad7b1d3a4d1d26a5c906093b2c + +Quotient = 0 +Remainder = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -c50a24e5ddafb768f64677233c5cf09da1b4f06894bd68e194b23feb5c5d6844320a12a02d13ad012f13b1438eedd6313bac9c1f9bb4548fcd314988d8fe0ce6458306735307afe08a96a0c2bcd9cf126f529e48b7ff4b8266caa28c40b5c3d2a473ab8805c860d27d7ee9c032423148d96fad019490ea019d40679de7a2a3323e80979f9 + +Quotient = 0 +Remainder = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 3a8682d0e5a4efa985dfa8bbddc2c0d72a4400b8b070a8cf7450aa8f831d8a91c9ae3542641b7a4ad793e232a0d301b82664fe2c7f20bd9bf8275828a2a20027d6056b211638b9b0220fa4252d058bb485dd3c4622b1eac97d54b9634b558ff1bd5bd11085d4f3d288f7965af52beaa922b23ac0207d5763c24c085076128e0ef7370eeaa19d + +Quotient = 0 +Remainder = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -f00fb238bc9383079c7ecad9b9f6efc622d58a76f2d5d40ec7cd7c3c083c459fbcf3d128df4d20ead5f585505515aab11c36584ca622d28e0cf037419a649d598346063a07e29c61b7a8e76d1949dbce3720d45576763aa0d391b39dd6b694c7cc60a1b4f4f107d87130402985695e1847e82cce39b8d0fb5c88bcf3b37d6dbb90baf5a8553c3a + +Quotient = 0 +Remainder = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 2b809f6baacecf61198856d9edbb768ca2df2abe9b7b8ce1669fd9259732c8569c0cafde2e32d253094480ed281a8db230f84e780c6e8bbf3657c0b0baaf19ea973fd8daa2870c9d79f3695d78e063f9130fe07ce806a088ca267fd2820f10dac34b5b32aebec20e4362dce26eee0c29d2fedc1e020d452bc2499234d07a2a6e54314e3fd6dd85fe5 + +Quotient = 0 +Remainder = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -90ed75629073df816ec1d6dfedd1cdbed9239661e362db706288dc4d774d806bfacfd4b32c3013ec67d8c2af133b46989f12f809fe202d33d5ba53659bd2a9a85d3fa542de4a5c656aacbbf8899aa66ba816b809f2629f37b0444cd3a6dfc99103bcf2a5ee87790b8401be806b5d7fb7064ff0a6fc8ec769d0ccbddbc3d35f7dc4d388d8d28021c95b6 + +Quotient = 0 +Remainder = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 3f60052c9dfe0bac797a674ca7f11377a24c28a1396ffa0f46acab7909543086aee1995cf51852ea4a21ff4bbf6e7309cba9848a7b2e3b33dbe660bdc58d513d16bc709f1f2253648b46daa7aa037332552db1da81b4ab9850ac4ec66621648fc856a71eee3cedc6617071600ecbc5ac8636233f288ec249b7ae0bac942a5fd539d03990c4fb28a46653aa + +Quotient = 0 +Remainder = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -c12fc156d9345cdfcff94bdd324429530ad8caf8afaaa1a82297eb3a8aecf2ac021384036749e489fae05e8776da0deca7e4325436bc8f383bed579c2d67a456c4e23871489780d760d63d0bc0d1d0ab41f06a091b44f602bcdc0bd4e817202e39ca6a934c0c9405adb5a14d24da895c58a81d1c7ce52734183e00d80a414ddd8869998822364e029b3f42cc + +Quotient = 0 +Remainder = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 205dc6227dbd3adf8ee49dffd43f835882822b1c94f92cf38f5efc62f943075d80b33588973a0e0a8ff5e800ede21d394736ba98d4eedc53a9122f8c262cd09fe9e91cedfd0237003b0124d757797ee13cd03e7a3a257bd8df756940a4d22face9287edca00ca23e7d5e629966ef710b07e54241dbace041aa6d9f82687c3ecba818203adb376ec0b201894a500 + +Quotient = 0 +Remainder = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -82c30a9ef6a83d81b77825c71ddc563939b8508f1b7e44c725ae0f61006646ba9b86507ec9a4dfd3755ecd8bfb451c2d43a61599732b8aaeedff7a304ce0a9327e2333f75e9a010556ecbc3abaed02214f25e1c8373bfafc2c288ea36b8d5f848b76295a141d8f633609a6656c07f3d98177f5fa83833476dcd111aad179001f81d6013ca3a54cddcd8dc0ce7eb24 + +Quotient = 0 +Remainder = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 33aeafda3cfc20710f0b4a3d9ace4817eed80ca57ce6c82dc2e7946058a40983c9204ac95a1399fa633bc96cb10af3ddeee3ad2337c64391a42dc7794fca629e3e1e4e03a2ae24a000e7113b91c1b6230cce9592e45b6ee7984680b45aa0aabd7f56cab1a64ec310cefe5211821a75deef2e0c8e43eb467dea79dc8c03d2d523734498d079d5493c904a2ebfd8a3a9bd + +Quotient = 0 +Remainder = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -b897bc87a40211ef8f93645b1f6c981fa00ab3b12e117a89375400ab5f4c64bfbba01d265c7bc6f5e3a8e26de5de9df3b8f70f4a39c0eba577db5e4b7a68f751b4a69ff4a38915983cbf70dd7e066779405d572f5bbe0719c978b6865ea1a72d90d3ec8a8c146f20d98595036b3de88a7500d7b476644913e4b63e85c4e2632048e9600d553e560759770a902cca680b17 + +Quotient = 0 +Remainder = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 20604e080549e1c503049ebf4a56cf9447d90fe699a9773915b0a65588890e15bd58f55ad7b52bd7b7992a8b24704f1dfd5fd07c70aae4ccba5646405ff8a9cbf542dc334cc0c27a790c05420b552539fbf0a155861bec0e4d9e3fbf045720ea3aed58307d5738b64252a963f3fd5ecd0587cb4d7e159b4980dcb112e26c9c34f10a192e090ade157eac1d7a6f970871eaa69 + +Quotient = 0 +Remainder = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -f11fc9682601cab97c25533b2599f50edb1ac65d46f1969bd9c3cb3717461627621c8cd401a0a0b91f3645b8804e095aecab31c1bab0c26df556adafdd7e7f4f0510e0bceefa3619e26b8c9a1bc613db03857f53e9eb5d4b8f75a8cd1429feb81edc705e5a779d5f95373d2243368ce17ef22da79a6a2672496bdf629171b7973fc4659c8eae9ae867cf38d6d7617029bf59d2e + +Quotient = 0 +Remainder = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 3cb0ffbd9ad21d0e86e4e4dab4d237e2a17d97356bdd305fda772fdd99acefcfb8309d813643c852f66e1c6c7fa41ffd44f8335ef7333b2b3e846139fa9be2c4ea762afba4e11263c0b5fab18c5efff2a18d83ee89844f5f4db2c1325f0f55e066a9e01030c07a85e2c9bbd37b5e767ebcc9b95f474ecff24df9ae52a19edeb66546a3a28980f616eb5a351cd399e5f8436f17faf6 + +Quotient = 0 +Remainder = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -b8aaffe779855c6ae51807f8cba780aa64bc22e8fa5e33f7f1dcb084fc476791565bc33eb37b4f791ef5cf46d64576f48b5fadc9f096f20c798355861ce5d24a7be1450bb871f9821099f98213d74a5e5cf83b895ae65e0e0fd096698463906a112e6e169a1cc0769df7a5ba6812300fdd33611761b6339385e1a70f8f8b2be7679ca216f5b183140e69586a27aaa9f2fac118118875 + +Quotient = 0 +Remainder = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 2b7ee3ee34347dd89ba4a81415aa1269d0390346597b07444f0febb71d490a01b6fee174634bd88e8aa180409549b2726d044b4690353de2fb2294c8f69c612485aa066f68fdb89466760a85901cbc7312bfe5a6f656e67dfd2d4ee099ff97694b01d6d5b8626ab1650eac5267be53f5f3ced5dda1aa86bf42ae132a28fddb94902a515da40e0fd0586dc8b17a34af8eb03d06f70ab89df + +Quotient = 0 +Remainder = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -bf8213944ba785e01b8d37a12de77b2ce1492f34bf6f67406cb51da89675b4f70f4d4f314f30ca8d65cbc48ee2fa1f0a3e4ac0de3a87d2c4c589b6812e850623d78ef2e46fbb555f6d3c69b211892c11a4a2dc3d8a9a19e96a07952602ed5ffc0232c140c3e828acf990e5425d8dd9ce0c1107ad1c6f96c8fbc90ffa457abab0d843094dca3c8a45ddad81b7850190625613a4851485f38fd + +Quotient = 0 +Remainder = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 3083421e375f0722b9397e156de47f77635d62ba1d51794469371b473b71c02e3722841bca2ca06b5d1cf1492bbacfa0abfe394dfdaa7bb8787550ddbd953540e9c97631d9a1efe0c8f8e14f395c82d20245cec6d8021f8564b4d66e7779c3245734c56fb74481172f4e349d9a113cd0ee5263c69ebf746c5285cd4c0fa91d9531f769fea3610c2972ccfe9a22c00aa62ebf52b3a4c6135f3069 + +Quotient = 0 +Remainder = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -d736bce537f47ae4797faad797af8cfeaf8a4fd42df1f7e61febf8ebf6e47dabc48252ff7948f3dbf8cc369b6952dc58f64cf09b4c53447d135c7a753c21b6052a9726a47a61e13628edf0f2bdb357f2e780ac1ae1f28f211296c8961c2955b773d7dc2904dfea96780b2877af133c9591a0dd54cb20884f014f363862478ee7ec45236bfdcf0321af0692e68f744af28fbcca827ebdc7b210da38 + +Quotient = 0 +Remainder = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 2cf1708f1e675ba688c0d19eb61a05d2c8642528ea6b1512375faa732acc59ec04ea0aa55e0049144be09eae1292b6cba6db7a9823f1e912df6a5032bb9674f4f26c0c8244ea0dde7acfda566574956cdc33e4a27bcdea25fe255c19f218cc4316ae8428ea61d1bf865197a066b959c5fcbd7c9596207997d05fc38e32322aa189ea06cf5139522571661745c0d72b740dc6d842f1dd8481e318b5792 + +Quotient = 0 +Remainder = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -a9180e44a284b5bbe72fff46e55869f749b626ac33c8cb17be1fc260d7c6f460f24a89e1367112e00d0da4d213a821d09f103f35bc4eade5605bef23c5d048b1cfb45dace8b9c637af626a85fc773cf51e6602a7a5999a030030cf114ed6a4ed7583465b9303a72e7f60824c12329517c6763b0f64abd8ba2b9b26cebe882a51f05ef8076e527d53a213db910a5f42be5fb78729a3dcd08d69a709920a2 + +Quotient = 0 +Remainder = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 2f26e156b3b1117f7cec542b20fcc06ca66cec03a19b6f5eeebf22b4c0fc265df5ff06fc9dcac569735135bdc142b526b295225711efb71577b10aacda2fa446f5208487c725407c2188b3185237740c813e4455a6f1dde4f62916237f23164a3471aac0fcfe24ad1ce1dd81a6144f5861ad0cf22dc337abe10fc4a88b36116dc4929602ab48eb971fdd7a5ff747d6b9e0b2bff75c59621550991966a0a19f + +Quotient = 0 +Remainder = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -9fe18ae697576dd36ebdb621d14cac1cfdfd1f5cbb7cfa8962c5a7dace96f9f54fb4f4cf2e650dbec5d1ba89ba53d251ecef7dcc1cab8c2ff3d77903f5fb5f29a4e8e3a2a3c05c105d5733b5132f2f8d88f99d17de86ca1191c32ad8ed469bb649ef188306f69f183bd0fcc32759e4f855170f88c0a3f6745aa98f6225536821bfa056a42b37535a622f42b009859c974cabf2e14f75c749d0fe5a01fb3ab0c0 + +Quotient = 0 +Remainder = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 33ab185854b20a8126884eed85181b14e75d4ee452958cc1043b099bc16c24b9c2f3e0b792744f230013907844496e600389800e45fd55133fff0cf19c9c152b9d031039eb90da568f9c5212a3ba283f4d1353ff8ff9dd04d292c265bdcb77c3e411716f471930bccbb8ddb819ebb0e0036dc1a18457cd97f4f5909a725baabbd15e8ce33875895aa8dce77a4dbedeb0271a2a4a17f77f5920c3776caa4a75ac650 + +Quotient = 0 +Remainder = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -e7ca0c037bf8bad5f8d9c5a2737e044d9f7284c616156d142612a53eb217f57f4aa00b6daa424e6c0d9163939e1ad0510a1cd64fbd576f3e54c59d7aa6228fb3caaba7cdcc951e00ed141ac3a68abb9780bf46bf544fe0e347f677288e962fb69782741df49b27cbbe8720c6f8f2e769147d89df6e17e3c592bede2e696d384b9f01b99b31c505d67eb6193a8844f8c4cdadc9fe45dd446a0dc572c9da6e58ed303f2 + +Quotient = 0 +Remainder = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 22b76d6973e37aff4a09216e57662f186c0a0748c4375d6bed370ea61d1f6fac2d9bbe04487a629118b6b0b0c8cc4179fff7bedcf048cc529498bbd9cc81ef3a103d6cac49d58bc41c83f961b6df7f00c7171fb7d9359e03c76e4364cffae5f67321ce646e9b05f9c04aa16ea65389e940022eda6dc740ddc070bfc7e589b86fd1559dc320701c39de20d54d0483fdeef6c4fd012850630b982c2e243ac1ff918377ceb4 + +Quotient = 0 +Remainder = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -e6e4d69a82b83e26ef8ac0f4c3a211153ea6655b7ca12840e7b866510d114693049c5b8b22c3a097eac832bbd1986e60564298e54dba3316807ad64bd6c18903a0f22660c9e8d5dac180f57cbb90b176b842d5b58d6dd9f47499a037833a92a18f397238a8bcdc4afd129382fd6d200d3d267ca1e6bcc2cc65950831cb8e30bcc01665c8149b874c9f11168153c187341afdc43e4d8652ce4fbed9f9eac75db40d64344ade + +Quotient = 0 +Remainder = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 319a81f052db21ee213c536db2cb8a71e0dcd0a9b2ce780a9588c38b717c5e487a337f82b5223f638fb552e92b826192e6a1c27771d1e86584bc6c7cbc5d9a6ce6edf2ea2ccf6939485959ccbf3183b40e410768c4665adf90a0ae2792fb4b5d8aaa06c6294e31893620decc3bc72fb4eb68f1e56b48e39c59abe869d07509b7564268d0b7f178ef09ef5dcde6e7dbd2a20fd1d4fcd707943dd63adf590a117ead1ad10ff85cb + +Quotient = 0 +Remainder = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -eced809145e696ceaa0ee8f831eca67049509b31a1b15e7fc86cdd97a73a2ca05bfea5f4b283d287e49906463ef36f2f8ea23c2aa12d5534c08e9769055e04822be0f8ac85f404f5c025a6833b4115f78da9470451c852ba0f24062397d20385f58c5aca10f3f09072b2592e5672ffb989a390abf86cbce74268aef1f4ffde730b3b962df1088bf8745105a7462379ce142f819c2538d9bba99e094ffbc4478625bc54df16c5e1a + +Quotient = 0 +Remainder = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 2c1ffbbb30e71d5fa77b5473392f95297b489c85f83013262abbe948842473154e00c86b2e354278844083f960fd746a3b7cb9baecb9c66932774b3a28f678d50dd8fe52fbeead43d8c8adad7c0fcdbe5e02664b0feb0ce214c5fa007c5fa2d08c5fe96787b95639311cc4b7eb2a7217c9c38c6d93444fa60c1f52ddae9bb2ec1a49a593e210e47377d3623cd2c4994ad9343863443911062e12233176f4a65ec715b3c9731c4a0cec + +Quotient = 0 +Remainder = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -c3bf056b905c0392a7b5fa57446ed350f325eb67d59f1784c744b04c7f4d8f5397db913407aa8a7f1dd0225c1a9673828db0d8bf3d4908ef53307131bf5b5c4c6068ad73b874aab98e8db33b0a758532172acd8b2c830d0679a8226537090166317b8eea91e8ee4a7282c0ab0ab6f2b7b63d728d22b534fdc88294c376a8d036ba9a644c2489bcc84f6aec83afbac08067a7b93f3897f8dadfb68c327b751841927a728faba47dc44ec4 + +Quotient = 0 +Remainder = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 23fcf9510caa531a304eee8d0b2d49050fca83abbf287b6b6dea06501c5afc6d87d2924df1d45b1bf6c4bf77b563a3013cfb4ad9094f8ee9892d33f6ee1c70131cd5721c5af804a9da7654510e8591aa185ee723f8caa78046d9e6fbb891e6024d2ec70110ae61c3969995e35941d2c7f3779d5bb71ce5b693bc9ce4b087068adbb554acc4ab23624e060f7cea169ab512a06ff3d2a36c2b6e3bd9a75f1a9ad30a6a16b0256c42eaff2c3f4 + +Quotient = 0 +Remainder = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -c32d5e643b12db6616554116299c1da672efff1eee394378c5e9e5f702ea4ad64f0dac8904bd2751d2cef91adcb283599f6c661967dbab27059e94dd50025489cf74c6897a22e95013669aa3063fcdd4b73aa6a9a1ba5cad3956bb26346e22df6741cd0ba1c0ab87fbe74035618a394383823216df47b910cae495b8fe7ac5feb3b2cf0d0ef6c75db477160b75324db8eeac48a0fce72b9abbd7079ce6f529a89025a03a3777cc7d1deaf3e4a + +Quotient = 0 +Remainder = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 2a8f2c530342bb6ce683a760540e956a1155c0fe065476e400caec59861ca97ca71e51a11b3213b2baea1a41a29449998778e0f533fcc181698d293f05e28bff2750ef4095170de98a19a36ddcf59a65f3789a3808ead51680245070262c9544e446f23652eba47065a2bc4701c55378bd49733619ed2c213f8ed12a4a317c465f37efe07ff2df8e88fc33d3eb42cde9408dda28215702bfa607030839285a8bbf89b5e8842fa7d7f50d83fd4ab5 + +Quotient = 0 +Remainder = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -bcd2b2362aa146cd120b729e81c98ae598804006d046a7ed0f9782baa10a85e37c7c22288dc61c24830a1b42b123d63779e88d7555028292fed5ada1793264b35e961b608bdd7398e421c5474c33a65059ef13787e0cedf4f8f032beac48c4b5e5a67417109142a43b198ab617d1de1a38d6fb4922c6ef70a5aad3faf6f8d5da3af9679c94cf61ee760ba792d2972376425e2ec9c4109e969e3d9c3dd90cdbaeaeb7382cb7bd024b75a1fd6d621c13 + +Quotient = 0 +Remainder = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 3940430ace4b5b87bf4baa2673582db3d27307ca4cd8e55e976ea3e10da72b6deb7de932253bc9228c85cd4ae7766cd0264004c658a66d81e60bb9bf4dd66e2afe11057b7f7b53a1ec222510748be53a93970fb056e8082631b2b77413fccb6e61cdc6f224b7903d75345afed8a4f194b4bcedfee1f16dc256c2bb9f4a129fab6a9fe752895a93937a3d087ab7ca212991ff34f1bf1c55987a574674af43986312bbc3bad3280bbddf4ab0217440f851b + +Quotient = 0 +Remainder = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +A = -ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -f0dc20b88450f45381791e85d080e4f2cf38837391e16e608b8cb5e0ac0ca75e9f72cc04bf2f56f130d46aff31efbabc0ab14f0c0ad680d6899797297152be85ac012644c8d0927b5b6c70dc3e5a8d79ef92a0873ec22af3d9683bb5db1ffd5ebfb698c5ea64cbe2b6a8b9f14d4c18624be1b78b19eca14942ae9542012692cd0d5289ebf75fcf5486596f92659143e9f952af3622137e633376fb95e628055e0fb1ba3a37ccdf0af69a4c0d6b0793078e0 + +Quotient = 0 +Remainder = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = 2f2135850715f623909e41a745eaf7b37593567fa8be2d1ccf76d10b93a096e244b91d8700cca37a2ec1bff7c3d21cc3211ea8b03a3594921dec32faa185e7f3d9d17e98cbf8d881fd2abb944181659242ede21df7e5e8784f541cad678df1ef6ca4a5fa91f7856c62fe593c4d24436810cf4fbd11125bcb571f6975d82afeb81bd0c7700e053fc175fb5fc7b329c438479a863b8d5fbe6b4436b67355c51d0306e8847a27a30c9e61f0e08232673cdf0ba4e0 + +Quotient = 0 +Remainder = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +A = ea87c57f6cdbfd4f836431be3e9950c90ee8ecc291eb4efb881617512fd62e2d86caefce713cfd8a20f4b4925bfc7dba1fcbe99c72932725b5d11eccefde4c5e505952754891e9ded499ec453a1c01a82152c8933f7db4f2b4b19e97baac322eb483cd661a43e458774ef27a29a19c3562ba466381056a3b92c35d9b8b71372b +B = -cf429f101a2e19a65af1e238f6745215cf476ff2609c846f10289f1ef21b89af2aec53def3f4ec07ea42041f8b5862dc37fd03b2df12adaa8c9f1933cc69b526d47797b40f49545fd093b8ceddee3c55721d1fa19b336218de0cac56d410cc6cff4e620578cf820f5cdaadc367dc4d6372aab1e0ae3831a6d153c14920b1dcf09e7629b7442a06385420d79742e409677e3b82ec58bcbfa668ca072e981e20728a983d84a432605389c855a6668e0ee0d2b67449 diff --git a/deps/openssl/openssl/test/recipes/10-test_bn_data/bnshift.txt b/deps/openssl/openssl/test/recipes/10-test_bn_data/bnshift.txt new file mode 100644 index 00000000000000..db30a2405cf232 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/10-test_bn_data/bnshift.txt @@ -0,0 +1,2427 @@ +# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# These test vectors satisfy A * 2 = LShift1 + +Title = Lshift1 tests + +LShift1 = 0 +A = 0 + +LShift1 = 13116120bca5df64e13f314254 +A = 988b0905e52efb2709f98a12a + +LShift1 = -13116120bca5df64e13f314254 +A = -988b0905e52efb2709f98a12a + +LShift1 = 2622c241794bbec9c27e6284a8 +A = 13116120bca5df64e13f314254 + +LShift1 = -2622c241794bbec9c27e6284a8 +A = -13116120bca5df64e13f314254 + +LShift1 = 4c458482f2977d9384fcc50950 +A = 2622c241794bbec9c27e6284a8 + +LShift1 = -4c458482f2977d9384fcc50950 +A = -2622c241794bbec9c27e6284a8 + +LShift1 = 988b0905e52efb2709f98a12a2 +A = 4c458482f2977d9384fcc50951 + +LShift1 = -988b0905e52efb2709f98a12a2 +A = -4c458482f2977d9384fcc50951 + +LShift1 = 13116120bca5df64e13f3142544 +A = 988b0905e52efb2709f98a12a2 + +LShift1 = -13116120bca5df64e13f3142544 +A = -988b0905e52efb2709f98a12a2 + +LShift1 = 2622c241794bbec9c27e6284a8a +A = 13116120bca5df64e13f3142545 + +LShift1 = -2622c241794bbec9c27e6284a8a +A = -13116120bca5df64e13f3142545 + +LShift1 = 4c458482f2977d9384fcc509514 +A = 2622c241794bbec9c27e6284a8a + +LShift1 = -4c458482f2977d9384fcc509514 +A = -2622c241794bbec9c27e6284a8a + +LShift1 = 988b0905e52efb2709f98a12a28 +A = 4c458482f2977d9384fcc509514 + +LShift1 = -988b0905e52efb2709f98a12a28 +A = -4c458482f2977d9384fcc509514 + +LShift1 = 13116120bca5df64e13f31425450 +A = 988b0905e52efb2709f98a12a28 + +LShift1 = -13116120bca5df64e13f31425450 +A = -988b0905e52efb2709f98a12a28 + +LShift1 = 2622c241794bbec9c27e6284a8a0 +A = 13116120bca5df64e13f31425450 + +LShift1 = -2622c241794bbec9c27e6284a8a0 +A = -13116120bca5df64e13f31425450 + +LShift1 = 4c458482f2977d9384fcc5095142 +A = 2622c241794bbec9c27e6284a8a1 + +LShift1 = -4c458482f2977d9384fcc5095142 +A = -2622c241794bbec9c27e6284a8a1 + +LShift1 = 988b0905e52efb2709f98a12a286 +A = 4c458482f2977d9384fcc5095143 + +LShift1 = -988b0905e52efb2709f98a12a286 +A = -4c458482f2977d9384fcc5095143 + +LShift1 = 13116120bca5df64e13f31425450c +A = 988b0905e52efb2709f98a12a286 + +LShift1 = -13116120bca5df64e13f31425450c +A = -988b0905e52efb2709f98a12a286 + +LShift1 = 2622c241794bbec9c27e6284a8a18 +A = 13116120bca5df64e13f31425450c + +LShift1 = -2622c241794bbec9c27e6284a8a18 +A = -13116120bca5df64e13f31425450c + +LShift1 = 4c458482f2977d9384fcc50951430 +A = 2622c241794bbec9c27e6284a8a18 + +LShift1 = -4c458482f2977d9384fcc50951430 +A = -2622c241794bbec9c27e6284a8a18 + +LShift1 = 988b0905e52efb2709f98a12a2862 +A = 4c458482f2977d9384fcc50951431 + +LShift1 = -988b0905e52efb2709f98a12a2862 +A = -4c458482f2977d9384fcc50951431 + +LShift1 = 13116120bca5df64e13f31425450c6 +A = 988b0905e52efb2709f98a12a2863 + +LShift1 = -13116120bca5df64e13f31425450c6 +A = -988b0905e52efb2709f98a12a2863 + +LShift1 = 2622c241794bbec9c27e6284a8a18e +A = 13116120bca5df64e13f31425450c7 + +LShift1 = -2622c241794bbec9c27e6284a8a18e +A = -13116120bca5df64e13f31425450c7 + +LShift1 = 4c458482f2977d9384fcc50951431e +A = 2622c241794bbec9c27e6284a8a18f + +LShift1 = -4c458482f2977d9384fcc50951431e +A = -2622c241794bbec9c27e6284a8a18f + +LShift1 = 988b0905e52efb2709f98a12a2863c +A = 4c458482f2977d9384fcc50951431e + +LShift1 = -988b0905e52efb2709f98a12a2863c +A = -4c458482f2977d9384fcc50951431e + +LShift1 = 13116120bca5df64e13f31425450c7a +A = 988b0905e52efb2709f98a12a2863d + +LShift1 = -13116120bca5df64e13f31425450c7a +A = -988b0905e52efb2709f98a12a2863d + +LShift1 = 2622c241794bbec9c27e6284a8a18f4 +A = 13116120bca5df64e13f31425450c7a + +LShift1 = -2622c241794bbec9c27e6284a8a18f4 +A = -13116120bca5df64e13f31425450c7a + +LShift1 = 4c458482f2977d9384fcc50951431e8 +A = 2622c241794bbec9c27e6284a8a18f4 + +LShift1 = -4c458482f2977d9384fcc50951431e8 +A = -2622c241794bbec9c27e6284a8a18f4 + +LShift1 = 988b0905e52efb2709f98a12a2863d2 +A = 4c458482f2977d9384fcc50951431e9 + +LShift1 = -988b0905e52efb2709f98a12a2863d2 +A = -4c458482f2977d9384fcc50951431e9 + +LShift1 = 13116120bca5df64e13f31425450c7a4 +A = 988b0905e52efb2709f98a12a2863d2 + +LShift1 = -13116120bca5df64e13f31425450c7a4 +A = -988b0905e52efb2709f98a12a2863d2 + +LShift1 = 2622c241794bbec9c27e6284a8a18f4a +A = 13116120bca5df64e13f31425450c7a5 + +LShift1 = -2622c241794bbec9c27e6284a8a18f4a +A = -13116120bca5df64e13f31425450c7a5 + +LShift1 = 4c458482f2977d9384fcc50951431e94 +A = 2622c241794bbec9c27e6284a8a18f4a + +LShift1 = -4c458482f2977d9384fcc50951431e94 +A = -2622c241794bbec9c27e6284a8a18f4a + +LShift1 = 988b0905e52efb2709f98a12a2863d2a +A = 4c458482f2977d9384fcc50951431e95 + +LShift1 = -988b0905e52efb2709f98a12a2863d2a +A = -4c458482f2977d9384fcc50951431e95 + +LShift1 = 13116120bca5df64e13f31425450c7a56 +A = 988b0905e52efb2709f98a12a2863d2b + +LShift1 = -13116120bca5df64e13f31425450c7a56 +A = -988b0905e52efb2709f98a12a2863d2b + +LShift1 = 2622c241794bbec9c27e6284a8a18f4ae +A = 13116120bca5df64e13f31425450c7a57 + +LShift1 = -2622c241794bbec9c27e6284a8a18f4ae +A = -13116120bca5df64e13f31425450c7a57 + +LShift1 = 4c458482f2977d9384fcc50951431e95c +A = 2622c241794bbec9c27e6284a8a18f4ae + +LShift1 = -4c458482f2977d9384fcc50951431e95c +A = -2622c241794bbec9c27e6284a8a18f4ae + +LShift1 = 988b0905e52efb2709f98a12a2863d2ba +A = 4c458482f2977d9384fcc50951431e95d + +LShift1 = -988b0905e52efb2709f98a12a2863d2ba +A = -4c458482f2977d9384fcc50951431e95d + +LShift1 = 13116120bca5df64e13f31425450c7a576 +A = 988b0905e52efb2709f98a12a2863d2bb + +LShift1 = -13116120bca5df64e13f31425450c7a576 +A = -988b0905e52efb2709f98a12a2863d2bb + +LShift1 = 2622c241794bbec9c27e6284a8a18f4aee +A = 13116120bca5df64e13f31425450c7a577 + +LShift1 = -2622c241794bbec9c27e6284a8a18f4aee +A = -13116120bca5df64e13f31425450c7a577 + +LShift1 = 4c458482f2977d9384fcc50951431e95de +A = 2622c241794bbec9c27e6284a8a18f4aef + +LShift1 = -4c458482f2977d9384fcc50951431e95de +A = -2622c241794bbec9c27e6284a8a18f4aef + +LShift1 = 988b0905e52efb2709f98a12a2863d2bbc +A = 4c458482f2977d9384fcc50951431e95de + +LShift1 = -988b0905e52efb2709f98a12a2863d2bbc +A = -4c458482f2977d9384fcc50951431e95de + +LShift1 = 13116120bca5df64e13f31425450c7a577a +A = 988b0905e52efb2709f98a12a2863d2bbd + +LShift1 = -13116120bca5df64e13f31425450c7a577a +A = -988b0905e52efb2709f98a12a2863d2bbd + +LShift1 = 2622c241794bbec9c27e6284a8a18f4aef4 +A = 13116120bca5df64e13f31425450c7a577a + +LShift1 = -2622c241794bbec9c27e6284a8a18f4aef4 +A = -13116120bca5df64e13f31425450c7a577a + +LShift1 = 4c458482f2977d9384fcc50951431e95dea +A = 2622c241794bbec9c27e6284a8a18f4aef5 + +LShift1 = -4c458482f2977d9384fcc50951431e95dea +A = -2622c241794bbec9c27e6284a8a18f4aef5 + +LShift1 = 988b0905e52efb2709f98a12a2863d2bbd6 +A = 4c458482f2977d9384fcc50951431e95deb + +LShift1 = -988b0905e52efb2709f98a12a2863d2bbd6 +A = -4c458482f2977d9384fcc50951431e95deb + +LShift1 = 13116120bca5df64e13f31425450c7a577ac +A = 988b0905e52efb2709f98a12a2863d2bbd6 + +LShift1 = -13116120bca5df64e13f31425450c7a577ac +A = -988b0905e52efb2709f98a12a2863d2bbd6 + +LShift1 = 2622c241794bbec9c27e6284a8a18f4aef5a +A = 13116120bca5df64e13f31425450c7a577ad + +LShift1 = -2622c241794bbec9c27e6284a8a18f4aef5a +A = -13116120bca5df64e13f31425450c7a577ad + +LShift1 = 4c458482f2977d9384fcc50951431e95deb4 +A = 2622c241794bbec9c27e6284a8a18f4aef5a + +LShift1 = -4c458482f2977d9384fcc50951431e95deb4 +A = -2622c241794bbec9c27e6284a8a18f4aef5a + +LShift1 = 988b0905e52efb2709f98a12a2863d2bbd6a +A = 4c458482f2977d9384fcc50951431e95deb5 + +LShift1 = -988b0905e52efb2709f98a12a2863d2bbd6a +A = -4c458482f2977d9384fcc50951431e95deb5 + +LShift1 = 13116120bca5df64e13f31425450c7a577ad6 +A = 988b0905e52efb2709f98a12a2863d2bbd6b + +LShift1 = -13116120bca5df64e13f31425450c7a577ad6 +A = -988b0905e52efb2709f98a12a2863d2bbd6b + +LShift1 = 2622c241794bbec9c27e6284a8a18f4aef5ae +A = 13116120bca5df64e13f31425450c7a577ad7 + +LShift1 = -2622c241794bbec9c27e6284a8a18f4aef5ae +A = -13116120bca5df64e13f31425450c7a577ad7 + +LShift1 = 4c458482f2977d9384fcc50951431e95deb5e +A = 2622c241794bbec9c27e6284a8a18f4aef5af + +LShift1 = -4c458482f2977d9384fcc50951431e95deb5e +A = -2622c241794bbec9c27e6284a8a18f4aef5af + +LShift1 = 988b0905e52efb2709f98a12a2863d2bbd6be +A = 4c458482f2977d9384fcc50951431e95deb5f + +LShift1 = -988b0905e52efb2709f98a12a2863d2bbd6be +A = -4c458482f2977d9384fcc50951431e95deb5f + +LShift1 = 13116120bca5df64e13f31425450c7a577ad7e +A = 988b0905e52efb2709f98a12a2863d2bbd6bf + +LShift1 = -13116120bca5df64e13f31425450c7a577ad7e +A = -988b0905e52efb2709f98a12a2863d2bbd6bf + +LShift1 = 2622c241794bbec9c27e6284a8a18f4aef5afe +A = 13116120bca5df64e13f31425450c7a577ad7f + +LShift1 = -2622c241794bbec9c27e6284a8a18f4aef5afe +A = -13116120bca5df64e13f31425450c7a577ad7f + +LShift1 = 4c458482f2977d9384fcc50951431e95deb5fe +A = 2622c241794bbec9c27e6284a8a18f4aef5aff + +LShift1 = -4c458482f2977d9384fcc50951431e95deb5fe +A = -2622c241794bbec9c27e6284a8a18f4aef5aff + +LShift1 = 988b0905e52efb2709f98a12a2863d2bbd6bfe +A = 4c458482f2977d9384fcc50951431e95deb5ff + +LShift1 = -988b0905e52efb2709f98a12a2863d2bbd6bfe +A = -4c458482f2977d9384fcc50951431e95deb5ff + +LShift1 = 13116120bca5df64e13f31425450c7a577ad7fe +A = 988b0905e52efb2709f98a12a2863d2bbd6bff + +LShift1 = -13116120bca5df64e13f31425450c7a577ad7fe +A = -988b0905e52efb2709f98a12a2863d2bbd6bff + +LShift1 = 2622c241794bbec9c27e6284a8a18f4aef5affc +A = 13116120bca5df64e13f31425450c7a577ad7fe + +LShift1 = -2622c241794bbec9c27e6284a8a18f4aef5affc +A = -13116120bca5df64e13f31425450c7a577ad7fe + +LShift1 = 4c458482f2977d9384fcc50951431e95deb5ff8 +A = 2622c241794bbec9c27e6284a8a18f4aef5affc + +LShift1 = -4c458482f2977d9384fcc50951431e95deb5ff8 +A = -2622c241794bbec9c27e6284a8a18f4aef5affc + +LShift1 = 988b0905e52efb2709f98a12a2863d2bbd6bff0 +A = 4c458482f2977d9384fcc50951431e95deb5ff8 + +LShift1 = -988b0905e52efb2709f98a12a2863d2bbd6bff0 +A = -4c458482f2977d9384fcc50951431e95deb5ff8 + +LShift1 = 13116120bca5df64e13f31425450c7a577ad7fe0 +A = 988b0905e52efb2709f98a12a2863d2bbd6bff0 + +LShift1 = -13116120bca5df64e13f31425450c7a577ad7fe0 +A = -988b0905e52efb2709f98a12a2863d2bbd6bff0 + +LShift1 = 2622c241794bbec9c27e6284a8a18f4aef5affc0 +A = 13116120bca5df64e13f31425450c7a577ad7fe0 + +LShift1 = -2622c241794bbec9c27e6284a8a18f4aef5affc0 +A = -13116120bca5df64e13f31425450c7a577ad7fe0 + +LShift1 = 4c458482f2977d9384fcc50951431e95deb5ff82 +A = 2622c241794bbec9c27e6284a8a18f4aef5affc1 + +LShift1 = -4c458482f2977d9384fcc50951431e95deb5ff82 +A = -2622c241794bbec9c27e6284a8a18f4aef5affc1 + +LShift1 = 988b0905e52efb2709f98a12a2863d2bbd6bff06 +A = 4c458482f2977d9384fcc50951431e95deb5ff83 + +LShift1 = -988b0905e52efb2709f98a12a2863d2bbd6bff06 +A = -4c458482f2977d9384fcc50951431e95deb5ff83 + +LShift1 = 13116120bca5df64e13f31425450c7a577ad7fe0c +A = 988b0905e52efb2709f98a12a2863d2bbd6bff06 + +LShift1 = -13116120bca5df64e13f31425450c7a577ad7fe0c +A = -988b0905e52efb2709f98a12a2863d2bbd6bff06 + +LShift1 = 2622c241794bbec9c27e6284a8a18f4aef5affc1a +A = 13116120bca5df64e13f31425450c7a577ad7fe0d + +LShift1 = -2622c241794bbec9c27e6284a8a18f4aef5affc1a +A = -13116120bca5df64e13f31425450c7a577ad7fe0d + +LShift1 = 4c458482f2977d9384fcc50951431e95deb5ff836 +A = 2622c241794bbec9c27e6284a8a18f4aef5affc1b + +LShift1 = -4c458482f2977d9384fcc50951431e95deb5ff836 +A = -2622c241794bbec9c27e6284a8a18f4aef5affc1b + +LShift1 = 988b0905e52efb2709f98a12a2863d2bbd6bff06c +A = 4c458482f2977d9384fcc50951431e95deb5ff836 + +LShift1 = -988b0905e52efb2709f98a12a2863d2bbd6bff06c +A = -4c458482f2977d9384fcc50951431e95deb5ff836 + +LShift1 = 13116120bca5df64e13f31425450c7a577ad7fe0da +A = 988b0905e52efb2709f98a12a2863d2bbd6bff06d + +LShift1 = -13116120bca5df64e13f31425450c7a577ad7fe0da +A = -988b0905e52efb2709f98a12a2863d2bbd6bff06d + +LShift1 = 2622c241794bbec9c27e6284a8a18f4aef5affc1b6 +A = 13116120bca5df64e13f31425450c7a577ad7fe0db + +LShift1 = -2622c241794bbec9c27e6284a8a18f4aef5affc1b6 +A = -13116120bca5df64e13f31425450c7a577ad7fe0db + +LShift1 = 4c458482f2977d9384fcc50951431e95deb5ff836e +A = 2622c241794bbec9c27e6284a8a18f4aef5affc1b7 + +LShift1 = -4c458482f2977d9384fcc50951431e95deb5ff836e +A = -2622c241794bbec9c27e6284a8a18f4aef5affc1b7 + +LShift1 = 988b0905e52efb2709f98a12a2863d2bbd6bff06de +A = 4c458482f2977d9384fcc50951431e95deb5ff836f + +LShift1 = -988b0905e52efb2709f98a12a2863d2bbd6bff06de +A = -4c458482f2977d9384fcc50951431e95deb5ff836f + +LShift1 = 13116120bca5df64e13f31425450c7a577ad7fe0dbe +A = 988b0905e52efb2709f98a12a2863d2bbd6bff06df + +LShift1 = -13116120bca5df64e13f31425450c7a577ad7fe0dbe +A = -988b0905e52efb2709f98a12a2863d2bbd6bff06df + +LShift1 = 2622c241794bbec9c27e6284a8a18f4aef5affc1b7c +A = 13116120bca5df64e13f31425450c7a577ad7fe0dbe + +LShift1 = -2622c241794bbec9c27e6284a8a18f4aef5affc1b7c +A = -13116120bca5df64e13f31425450c7a577ad7fe0dbe + +LShift1 = 4c458482f2977d9384fcc50951431e95deb5ff836fa +A = 2622c241794bbec9c27e6284a8a18f4aef5affc1b7d + +LShift1 = -4c458482f2977d9384fcc50951431e95deb5ff836fa +A = -2622c241794bbec9c27e6284a8a18f4aef5affc1b7d + +LShift1 = 988b0905e52efb2709f98a12a2863d2bbd6bff06df6 +A = 4c458482f2977d9384fcc50951431e95deb5ff836fb + +LShift1 = -988b0905e52efb2709f98a12a2863d2bbd6bff06df6 +A = -4c458482f2977d9384fcc50951431e95deb5ff836fb + +LShift1 = 13116120bca5df64e13f31425450c7a577ad7fe0dbec +A = 988b0905e52efb2709f98a12a2863d2bbd6bff06df6 + +LShift1 = -13116120bca5df64e13f31425450c7a577ad7fe0dbec +A = -988b0905e52efb2709f98a12a2863d2bbd6bff06df6 + +LShift1 = 2622c241794bbec9c27e6284a8a18f4aef5affc1b7da +A = 13116120bca5df64e13f31425450c7a577ad7fe0dbed + +LShift1 = -2622c241794bbec9c27e6284a8a18f4aef5affc1b7da +A = -13116120bca5df64e13f31425450c7a577ad7fe0dbed + +LShift1 = 4c458482f2977d9384fcc50951431e95deb5ff836fb6 +A = 2622c241794bbec9c27e6284a8a18f4aef5affc1b7db + +LShift1 = -4c458482f2977d9384fcc50951431e95deb5ff836fb6 +A = -2622c241794bbec9c27e6284a8a18f4aef5affc1b7db + +LShift1 = 988b0905e52efb2709f98a12a2863d2bbd6bff06df6c +A = 4c458482f2977d9384fcc50951431e95deb5ff836fb6 + +LShift1 = -988b0905e52efb2709f98a12a2863d2bbd6bff06df6c +A = -4c458482f2977d9384fcc50951431e95deb5ff836fb6 + +LShift1 = 13116120bca5df64e13f31425450c7a577ad7fe0dbed8 +A = 988b0905e52efb2709f98a12a2863d2bbd6bff06df6c + +LShift1 = -13116120bca5df64e13f31425450c7a577ad7fe0dbed8 +A = -988b0905e52efb2709f98a12a2863d2bbd6bff06df6c + +LShift1 = 2622c241794bbec9c27e6284a8a18f4aef5affc1b7db0 +A = 13116120bca5df64e13f31425450c7a577ad7fe0dbed8 + +LShift1 = -2622c241794bbec9c27e6284a8a18f4aef5affc1b7db0 +A = -13116120bca5df64e13f31425450c7a577ad7fe0dbed8 + +LShift1 = 4c458482f2977d9384fcc50951431e95deb5ff836fb60 +A = 2622c241794bbec9c27e6284a8a18f4aef5affc1b7db0 + +LShift1 = -4c458482f2977d9384fcc50951431e95deb5ff836fb60 +A = -2622c241794bbec9c27e6284a8a18f4aef5affc1b7db0 + +LShift1 = 988b0905e52efb2709f98a12a2863d2bbd6bff06df6c0 +A = 4c458482f2977d9384fcc50951431e95deb5ff836fb60 + +LShift1 = -988b0905e52efb2709f98a12a2863d2bbd6bff06df6c0 +A = -4c458482f2977d9384fcc50951431e95deb5ff836fb60 + +LShift1 = 13116120bca5df64e13f31425450c7a577ad7fe0dbed82 +A = 988b0905e52efb2709f98a12a2863d2bbd6bff06df6c1 + +LShift1 = -13116120bca5df64e13f31425450c7a577ad7fe0dbed82 +A = -988b0905e52efb2709f98a12a2863d2bbd6bff06df6c1 + +LShift1 = 2622c241794bbec9c27e6284a8a18f4aef5affc1b7db06 +A = 13116120bca5df64e13f31425450c7a577ad7fe0dbed83 + +LShift1 = -2622c241794bbec9c27e6284a8a18f4aef5affc1b7db06 +A = -13116120bca5df64e13f31425450c7a577ad7fe0dbed83 + +LShift1 = 4c458482f2977d9384fcc50951431e95deb5ff836fb60c +A = 2622c241794bbec9c27e6284a8a18f4aef5affc1b7db06 + +LShift1 = -4c458482f2977d9384fcc50951431e95deb5ff836fb60c +A = -2622c241794bbec9c27e6284a8a18f4aef5affc1b7db06 + +LShift1 = 988b0905e52efb2709f98a12a2863d2bbd6bff06df6c18 +A = 4c458482f2977d9384fcc50951431e95deb5ff836fb60c + +LShift1 = -988b0905e52efb2709f98a12a2863d2bbd6bff06df6c18 +A = -4c458482f2977d9384fcc50951431e95deb5ff836fb60c + +LShift1 = 13116120bca5df64e13f31425450c7a577ad7fe0dbed832 +A = 988b0905e52efb2709f98a12a2863d2bbd6bff06df6c19 + +LShift1 = -13116120bca5df64e13f31425450c7a577ad7fe0dbed832 +A = -988b0905e52efb2709f98a12a2863d2bbd6bff06df6c19 + +LShift1 = 2622c241794bbec9c27e6284a8a18f4aef5affc1b7db066 +A = 13116120bca5df64e13f31425450c7a577ad7fe0dbed833 + +LShift1 = -2622c241794bbec9c27e6284a8a18f4aef5affc1b7db066 +A = -13116120bca5df64e13f31425450c7a577ad7fe0dbed833 + +LShift1 = 4c458482f2977d9384fcc50951431e95deb5ff836fb60ce +A = 2622c241794bbec9c27e6284a8a18f4aef5affc1b7db067 + +LShift1 = -4c458482f2977d9384fcc50951431e95deb5ff836fb60ce +A = -2622c241794bbec9c27e6284a8a18f4aef5affc1b7db067 + +LShift1 = 988b0905e52efb2709f98a12a2863d2bbd6bff06df6c19e +A = 4c458482f2977d9384fcc50951431e95deb5ff836fb60cf + +LShift1 = -988b0905e52efb2709f98a12a2863d2bbd6bff06df6c19e +A = -4c458482f2977d9384fcc50951431e95deb5ff836fb60cf + +LShift1 = 13116120bca5df64e13f31425450c7a577ad7fe0dbed833e +A = 988b0905e52efb2709f98a12a2863d2bbd6bff06df6c19f + +LShift1 = -13116120bca5df64e13f31425450c7a577ad7fe0dbed833e +A = -988b0905e52efb2709f98a12a2863d2bbd6bff06df6c19f + +LShift1 = 2622c241794bbec9c27e6284a8a18f4aef5affc1b7db067c +A = 13116120bca5df64e13f31425450c7a577ad7fe0dbed833e + +LShift1 = -2622c241794bbec9c27e6284a8a18f4aef5affc1b7db067c +A = -13116120bca5df64e13f31425450c7a577ad7fe0dbed833e + +LShift1 = 4c458482f2977d9384fcc50951431e95deb5ff836fb60cfa +A = 2622c241794bbec9c27e6284a8a18f4aef5affc1b7db067d + +LShift1 = -4c458482f2977d9384fcc50951431e95deb5ff836fb60cfa +A = -2622c241794bbec9c27e6284a8a18f4aef5affc1b7db067d + +LShift1 = 988b0905e52efb2709f98a12a2863d2bbd6bff06df6c19f6 +A = 4c458482f2977d9384fcc50951431e95deb5ff836fb60cfb + +LShift1 = -988b0905e52efb2709f98a12a2863d2bbd6bff06df6c19f6 +A = -4c458482f2977d9384fcc50951431e95deb5ff836fb60cfb + +LShift1 = 13116120bca5df64e13f31425450c7a577ad7fe0dbed833ee +A = 988b0905e52efb2709f98a12a2863d2bbd6bff06df6c19f7 + +LShift1 = -13116120bca5df64e13f31425450c7a577ad7fe0dbed833ee +A = -988b0905e52efb2709f98a12a2863d2bbd6bff06df6c19f7 + +LShift1 = 2622c241794bbec9c27e6284a8a18f4aef5affc1b7db067de +A = 13116120bca5df64e13f31425450c7a577ad7fe0dbed833ef + +LShift1 = -2622c241794bbec9c27e6284a8a18f4aef5affc1b7db067de +A = -13116120bca5df64e13f31425450c7a577ad7fe0dbed833ef + +LShift1 = 4c458482f2977d9384fcc50951431e95deb5ff836fb60cfbe +A = 2622c241794bbec9c27e6284a8a18f4aef5affc1b7db067df + +LShift1 = -4c458482f2977d9384fcc50951431e95deb5ff836fb60cfbe +A = -2622c241794bbec9c27e6284a8a18f4aef5affc1b7db067df + +LShift1 = 988b0905e52efb2709f98a12a2863d2bbd6bff06df6c19f7e +A = 4c458482f2977d9384fcc50951431e95deb5ff836fb60cfbf + +LShift1 = -988b0905e52efb2709f98a12a2863d2bbd6bff06df6c19f7e +A = -4c458482f2977d9384fcc50951431e95deb5ff836fb60cfbf + +LShift1 = 13116120bca5df64e13f31425450c7a577ad7fe0dbed833efe +A = 988b0905e52efb2709f98a12a2863d2bbd6bff06df6c19f7f + +LShift1 = -13116120bca5df64e13f31425450c7a577ad7fe0dbed833efe +A = -988b0905e52efb2709f98a12a2863d2bbd6bff06df6c19f7f + +LShift1 = 2622c241794bbec9c27e6284a8a18f4aef5affc1b7db067dfc +A = 13116120bca5df64e13f31425450c7a577ad7fe0dbed833efe + +LShift1 = -2622c241794bbec9c27e6284a8a18f4aef5affc1b7db067dfc +A = -13116120bca5df64e13f31425450c7a577ad7fe0dbed833efe + +LShift1 = 4c458482f2977d9384fcc50951431e95deb5ff836fb60cfbf8 +A = 2622c241794bbec9c27e6284a8a18f4aef5affc1b7db067dfc + +LShift1 = -4c458482f2977d9384fcc50951431e95deb5ff836fb60cfbf8 +A = -2622c241794bbec9c27e6284a8a18f4aef5affc1b7db067dfc + +LShift1 = 988b0905e52efb2709f98a12a2863d2bbd6bff06df6c19f7f0 +A = 4c458482f2977d9384fcc50951431e95deb5ff836fb60cfbf8 + +LShift1 = -988b0905e52efb2709f98a12a2863d2bbd6bff06df6c19f7f0 +A = -4c458482f2977d9384fcc50951431e95deb5ff836fb60cfbf8 + +LShift1 = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e +A = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b413861907 + +LShift1 = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e +A = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b413861907 + +LShift1 = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c +A = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e + +LShift1 = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c +A = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e + +LShift1 = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c838 +A = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c + +LShift1 = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c838 +A = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c + +LShift1 = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b4138619070 +A = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c838 + +LShift1 = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b4138619070 +A = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c838 + +LShift1 = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e0 +A = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b4138619070 + +LShift1 = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e0 +A = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b4138619070 + +LShift1 = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c0 +A = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e0 + +LShift1 = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c0 +A = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e0 + +LShift1 = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c8380 +A = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c0 + +LShift1 = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c8380 +A = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c0 + +LShift1 = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b41386190700 +A = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c8380 + +LShift1 = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b41386190700 +A = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c8380 + +LShift1 = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e00 +A = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b41386190700 + +LShift1 = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e00 +A = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b41386190700 + +LShift1 = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c00 +A = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e00 + +LShift1 = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c00 +A = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e00 + +LShift1 = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c83800 +A = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c00 + +LShift1 = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c83800 +A = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c00 + +LShift1 = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b413861907000 +A = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c83800 + +LShift1 = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b413861907000 +A = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c83800 + +LShift1 = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e000 +A = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b413861907000 + +LShift1 = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e000 +A = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b413861907000 + +LShift1 = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c000 +A = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e000 + +LShift1 = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c000 +A = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e000 + +LShift1 = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c838000 +A = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c000 + +LShift1 = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c838000 +A = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c000 + +LShift1 = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b4138619070000 +A = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c838000 + +LShift1 = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b4138619070000 +A = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c838000 + +LShift1 = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e0000 +A = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b4138619070000 + +LShift1 = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e0000 +A = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b4138619070000 + +LShift1 = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c0000 +A = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e0000 + +LShift1 = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c0000 +A = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e0000 + +LShift1 = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c8380000 +A = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c0000 + +LShift1 = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c8380000 +A = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c0000 + +LShift1 = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b41386190700000 +A = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c8380000 + +LShift1 = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b41386190700000 +A = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c8380000 + +LShift1 = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e00000 +A = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b41386190700000 + +LShift1 = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e00000 +A = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b41386190700000 + +LShift1 = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c00000 +A = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e00000 + +LShift1 = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c00000 +A = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e00000 + +LShift1 = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c83800000 +A = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c00000 + +LShift1 = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c83800000 +A = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c00000 + +LShift1 = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b413861907000000 +A = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c83800000 + +LShift1 = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b413861907000000 +A = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c83800000 + +LShift1 = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e000000 +A = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b413861907000000 + +LShift1 = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e000000 +A = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b413861907000000 + +LShift1 = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c000000 +A = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e000000 + +LShift1 = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c000000 +A = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e000000 + +LShift1 = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c838000000 +A = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c000000 + +LShift1 = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c838000000 +A = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c000000 + +LShift1 = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b4138619070000000 +A = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c838000000 + +LShift1 = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b4138619070000000 +A = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c838000000 + +LShift1 = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e0000000 +A = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b4138619070000000 + +LShift1 = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e0000000 +A = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b4138619070000000 + +LShift1 = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c0000000 +A = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e0000000 + +LShift1 = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c0000000 +A = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e0000000 + +LShift1 = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c8380000000 +A = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c0000000 + +LShift1 = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c8380000000 +A = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c0000000 + +LShift1 = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b41386190700000000 +A = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c8380000000 + +LShift1 = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b41386190700000000 +A = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c8380000000 + +LShift1 = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e00000000 +A = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b41386190700000000 + +LShift1 = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e00000000 +A = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b41386190700000000 + +LShift1 = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c00000000 +A = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e00000000 + +LShift1 = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c00000000 +A = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e00000000 + +LShift1 = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c83800000000 +A = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c00000000 + +LShift1 = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c83800000000 +A = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c00000000 + +LShift1 = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b413861907000000000 +A = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c83800000000 + +LShift1 = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b413861907000000000 +A = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c83800000000 + +LShift1 = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e000000000 +A = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b413861907000000000 + +LShift1 = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e000000000 +A = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b413861907000000000 + +LShift1 = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c000000000 +A = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e000000000 + +LShift1 = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c000000000 +A = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e000000000 + +LShift1 = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c838000000000 +A = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c000000000 + +LShift1 = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c838000000000 +A = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c000000000 + +LShift1 = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b4138619070000000000 +A = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c838000000000 + +LShift1 = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b4138619070000000000 +A = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c838000000000 + +LShift1 = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e0000000000 +A = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b4138619070000000000 + +LShift1 = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e0000000000 +A = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b4138619070000000000 + +LShift1 = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c0000000000 +A = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e0000000000 + +LShift1 = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c0000000000 +A = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e0000000000 + +LShift1 = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c8380000000000 +A = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c0000000000 + +LShift1 = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c8380000000000 +A = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c0000000000 + +LShift1 = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b41386190700000000000 +A = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c8380000000000 + +LShift1 = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b41386190700000000000 +A = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c8380000000000 + +LShift1 = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e00000000000 +A = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b41386190700000000000 + +LShift1 = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e00000000000 +A = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b41386190700000000000 + +LShift1 = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c00000000000 +A = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e00000000000 + +LShift1 = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c00000000000 +A = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e00000000000 + +LShift1 = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c83800000000000 +A = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c00000000000 + +LShift1 = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c83800000000000 +A = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c00000000000 + +LShift1 = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b413861907000000000000 +A = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c83800000000000 + +LShift1 = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b413861907000000000000 +A = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c83800000000000 + +LShift1 = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e000000000000 +A = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b413861907000000000000 + +LShift1 = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e000000000000 +A = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b413861907000000000000 + +LShift1 = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c000000000000 +A = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e000000000000 + +LShift1 = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c000000000000 +A = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e000000000000 + +LShift1 = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c838000000000000 +A = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c000000000000 + +LShift1 = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c838000000000000 +A = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c000000000000 + +LShift1 = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b4138619070000000000000 +A = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c838000000000000 + +LShift1 = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b4138619070000000000000 +A = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c838000000000000 + +LShift1 = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e0000000000000 +A = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b4138619070000000000000 + +LShift1 = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e0000000000000 +A = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b4138619070000000000000 + +LShift1 = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c0000000000000 +A = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e0000000000000 + +LShift1 = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c0000000000000 +A = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e0000000000000 + +LShift1 = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c8380000000000000 +A = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c0000000000000 + +LShift1 = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c8380000000000000 +A = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c0000000000000 + +LShift1 = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b41386190700000000000000 +A = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c8380000000000000 + +LShift1 = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b41386190700000000000000 +A = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c8380000000000000 + +LShift1 = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e00000000000000 +A = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b41386190700000000000000 + +LShift1 = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e00000000000000 +A = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b41386190700000000000000 + +LShift1 = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c00000000000000 +A = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e00000000000000 + +LShift1 = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c00000000000000 +A = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e00000000000000 + +LShift1 = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c83800000000000000 +A = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c00000000000000 + +LShift1 = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c83800000000000000 +A = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c00000000000000 + +LShift1 = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b413861907000000000000000 +A = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c83800000000000000 + +LShift1 = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b413861907000000000000000 +A = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c83800000000000000 + +LShift1 = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e000000000000000 +A = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b413861907000000000000000 + +LShift1 = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e000000000000000 +A = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b413861907000000000000000 + +LShift1 = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c000000000000000 +A = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e000000000000000 + +LShift1 = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c000000000000000 +A = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e000000000000000 + +LShift1 = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c838000000000000000 +A = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c000000000000000 + +LShift1 = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c838000000000000000 +A = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c000000000000000 + +LShift1 = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b4138619070000000000000000 +A = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c838000000000000000 + +LShift1 = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b4138619070000000000000000 +A = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c838000000000000000 + +LShift1 = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e0000000000000000 +A = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b4138619070000000000000000 + +LShift1 = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e0000000000000000 +A = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b4138619070000000000000000 + +LShift1 = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c0000000000000000 +A = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e0000000000000000 + +LShift1 = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c0000000000000000 +A = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e0000000000000000 + +LShift1 = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c8380000000000000000 +A = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c0000000000000000 + +LShift1 = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c8380000000000000000 +A = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c0000000000000000 + +LShift1 = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b41386190700000000000000000 +A = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c8380000000000000000 + +LShift1 = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b41386190700000000000000000 +A = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c8380000000000000000 + +LShift1 = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e00000000000000000 +A = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b41386190700000000000000000 + +LShift1 = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e00000000000000000 +A = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b41386190700000000000000000 + +LShift1 = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c00000000000000000 +A = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e00000000000000000 + +LShift1 = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c00000000000000000 +A = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e00000000000000000 + +LShift1 = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c83800000000000000000 +A = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c00000000000000000 + +LShift1 = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c83800000000000000000 +A = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c00000000000000000 + +LShift1 = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b413861907000000000000000000 +A = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c83800000000000000000 + +LShift1 = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b413861907000000000000000000 +A = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c83800000000000000000 + +LShift1 = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e000000000000000000 +A = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b413861907000000000000000000 + +LShift1 = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e000000000000000000 +A = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b413861907000000000000000000 + +LShift1 = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c000000000000000000 +A = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e000000000000000000 + +LShift1 = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c000000000000000000 +A = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e000000000000000000 + +LShift1 = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c838000000000000000000 +A = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c000000000000000000 + +LShift1 = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c838000000000000000000 +A = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c000000000000000000 + +LShift1 = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b4138619070000000000000000000 +A = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c838000000000000000000 + +LShift1 = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b4138619070000000000000000000 +A = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c838000000000000000000 + +LShift1 = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e0000000000000000000 +A = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b4138619070000000000000000000 + +LShift1 = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e0000000000000000000 +A = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b4138619070000000000000000000 + +LShift1 = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c0000000000000000000 +A = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e0000000000000000000 + +LShift1 = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c0000000000000000000 +A = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e0000000000000000000 + +LShift1 = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c8380000000000000000000 +A = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c0000000000000000000 + +LShift1 = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c8380000000000000000000 +A = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c0000000000000000000 + +LShift1 = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b41386190700000000000000000000 +A = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c8380000000000000000000 + +LShift1 = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b41386190700000000000000000000 +A = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c8380000000000000000000 + +LShift1 = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e00000000000000000000 +A = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b41386190700000000000000000000 + +LShift1 = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e00000000000000000000 +A = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b41386190700000000000000000000 + +LShift1 = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c00000000000000000000 +A = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e00000000000000000000 + +LShift1 = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c00000000000000000000 +A = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e00000000000000000000 + +LShift1 = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c83800000000000000000000 +A = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c00000000000000000000 + +LShift1 = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c83800000000000000000000 +A = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c00000000000000000000 + +LShift1 = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b413861907000000000000000000000 +A = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c83800000000000000000000 + +LShift1 = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b413861907000000000000000000000 +A = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c83800000000000000000000 + +LShift1 = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e000000000000000000000 +A = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b413861907000000000000000000000 + +LShift1 = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e000000000000000000000 +A = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b413861907000000000000000000000 + +LShift1 = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c000000000000000000000 +A = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e000000000000000000000 + +LShift1 = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c000000000000000000000 +A = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e000000000000000000000 + +LShift1 = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c838000000000000000000000 +A = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c000000000000000000000 + +LShift1 = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c838000000000000000000000 +A = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c000000000000000000000 + +LShift1 = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b4138619070000000000000000000000 +A = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c838000000000000000000000 + +LShift1 = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b4138619070000000000000000000000 +A = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c838000000000000000000000 + +LShift1 = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e0000000000000000000000 +A = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b4138619070000000000000000000000 + +LShift1 = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e0000000000000000000000 +A = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b4138619070000000000000000000000 + +LShift1 = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c0000000000000000000000 +A = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e0000000000000000000000 + +LShift1 = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c0000000000000000000000 +A = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e0000000000000000000000 + +LShift1 = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c8380000000000000000000000 +A = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c0000000000000000000000 + +LShift1 = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c8380000000000000000000000 +A = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c0000000000000000000000 + +LShift1 = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b41386190700000000000000000000000 +A = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c8380000000000000000000000 + +LShift1 = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b41386190700000000000000000000000 +A = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c8380000000000000000000000 + +LShift1 = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e00000000000000000000000 +A = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b41386190700000000000000000000000 + +LShift1 = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e00000000000000000000000 +A = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b41386190700000000000000000000000 + +LShift1 = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c00000000000000000000000 +A = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e00000000000000000000000 + +LShift1 = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c00000000000000000000000 +A = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e00000000000000000000000 + +LShift1 = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c83800000000000000000000000 +A = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c00000000000000000000000 + +LShift1 = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c83800000000000000000000000 +A = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c00000000000000000000000 + +LShift1 = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b413861907000000000000000000000000 +A = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c83800000000000000000000000 + +LShift1 = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b413861907000000000000000000000000 +A = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c83800000000000000000000000 + +LShift1 = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e000000000000000000000000 +A = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b413861907000000000000000000000000 + +LShift1 = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e000000000000000000000000 +A = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b413861907000000000000000000000000 + +LShift1 = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c000000000000000000000000 +A = 1569d01c96acaadb32211d67966be2fa35d07b46768270c320e000000000000000000000000 + +LShift1 = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c000000000000000000000000 +A = -1569d01c96acaadb32211d67966be2fa35d07b46768270c320e000000000000000000000000 + +LShift1 = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c838000000000000000000000000 +A = 2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c000000000000000000000000 + +LShift1 = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c838000000000000000000000000 +A = -2ad3a0392d5955b664423acf2cd7c5f46ba0f68ced04e18641c000000000000000000000000 + +LShift1 = ab4e80e4b56556d99108eb3cb35f17d1ae83da33b4138619070000000000000000000000000 +A = 55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c838000000000000000000000000 + +LShift1 = -ab4e80e4b56556d99108eb3cb35f17d1ae83da33b4138619070000000000000000000000000 +A = -55a740725ab2ab6cc884759e59af8be8d741ed19da09c30c838000000000000000000000000 + + +# These test vectors satisfy A * 2^N = LShift. + +Title = LShift tests + +LShift = 18c9e860855d594dcb06d00b7d1933608ba906d85fa2d92c9e0 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 1 + +LShift = 3193d0c10abab29b960da016fa3266c117520db0bf45b2593c0 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 2 + +LShift = 6327a182157565372c1b402df464cd822ea41b617e8b64b2780 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 3 + +LShift = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f00 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 4 + +LShift = 18c9e860855d594dcb06d00b7d1933608ba906d85fa2d92c9e00 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 5 + +LShift = 3193d0c10abab29b960da016fa3266c117520db0bf45b2593c00 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 6 + +LShift = 6327a182157565372c1b402df464cd822ea41b617e8b64b27800 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 7 + +LShift = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 8 + +LShift = 18c9e860855d594dcb06d00b7d1933608ba906d85fa2d92c9e000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 9 + +LShift = 3193d0c10abab29b960da016fa3266c117520db0bf45b2593c000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = a + +LShift = 6327a182157565372c1b402df464cd822ea41b617e8b64b278000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = b + +LShift = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = c + +LShift = 18c9e860855d594dcb06d00b7d1933608ba906d85fa2d92c9e0000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = d + +LShift = 3193d0c10abab29b960da016fa3266c117520db0bf45b2593c0000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = e + +LShift = 6327a182157565372c1b402df464cd822ea41b617e8b64b2780000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = f + +LShift = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f00000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 10 + +LShift = 18c9e860855d594dcb06d00b7d1933608ba906d85fa2d92c9e00000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 11 + +LShift = 3193d0c10abab29b960da016fa3266c117520db0bf45b2593c00000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 12 + +LShift = 6327a182157565372c1b402df464cd822ea41b617e8b64b27800000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 13 + +LShift = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 14 + +LShift = 18c9e860855d594dcb06d00b7d1933608ba906d85fa2d92c9e000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 15 + +LShift = 3193d0c10abab29b960da016fa3266c117520db0bf45b2593c000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 16 + +LShift = 6327a182157565372c1b402df464cd822ea41b617e8b64b278000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 17 + +LShift = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 18 + +LShift = 18c9e860855d594dcb06d00b7d1933608ba906d85fa2d92c9e0000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 19 + +LShift = 3193d0c10abab29b960da016fa3266c117520db0bf45b2593c0000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 1a + +LShift = 6327a182157565372c1b402df464cd822ea41b617e8b64b2780000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 1b + +LShift = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f00000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 1c + +LShift = 18c9e860855d594dcb06d00b7d1933608ba906d85fa2d92c9e00000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 1d + +LShift = 3193d0c10abab29b960da016fa3266c117520db0bf45b2593c00000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 1e + +LShift = 6327a182157565372c1b402df464cd822ea41b617e8b64b27800000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 1f + +LShift = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 20 + +LShift = 18c9e860855d594dcb06d00b7d1933608ba906d85fa2d92c9e000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 21 + +LShift = 3193d0c10abab29b960da016fa3266c117520db0bf45b2593c000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 22 + +LShift = 6327a182157565372c1b402df464cd822ea41b617e8b64b278000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 23 + +LShift = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 24 + +LShift = 18c9e860855d594dcb06d00b7d1933608ba906d85fa2d92c9e0000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 25 + +LShift = 3193d0c10abab29b960da016fa3266c117520db0bf45b2593c0000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 26 + +LShift = 6327a182157565372c1b402df464cd822ea41b617e8b64b2780000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 27 + +LShift = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f00000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 28 + +LShift = 18c9e860855d594dcb06d00b7d1933608ba906d85fa2d92c9e00000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 29 + +LShift = 3193d0c10abab29b960da016fa3266c117520db0bf45b2593c00000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 2a + +LShift = 6327a182157565372c1b402df464cd822ea41b617e8b64b27800000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 2b + +LShift = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 2c + +LShift = 18c9e860855d594dcb06d00b7d1933608ba906d85fa2d92c9e000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 2d + +LShift = 3193d0c10abab29b960da016fa3266c117520db0bf45b2593c000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 2e + +LShift = 6327a182157565372c1b402df464cd822ea41b617e8b64b278000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 2f + +LShift = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 30 + +LShift = 18c9e860855d594dcb06d00b7d1933608ba906d85fa2d92c9e0000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 31 + +LShift = 3193d0c10abab29b960da016fa3266c117520db0bf45b2593c0000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 32 + +LShift = 6327a182157565372c1b402df464cd822ea41b617e8b64b2780000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 33 + +LShift = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f00000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 34 + +LShift = 18c9e860855d594dcb06d00b7d1933608ba906d85fa2d92c9e00000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 35 + +LShift = 3193d0c10abab29b960da016fa3266c117520db0bf45b2593c00000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 36 + +LShift = 6327a182157565372c1b402df464cd822ea41b617e8b64b27800000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 37 + +LShift = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 38 + +LShift = 18c9e860855d594dcb06d00b7d1933608ba906d85fa2d92c9e000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 39 + +LShift = 3193d0c10abab29b960da016fa3266c117520db0bf45b2593c000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 3a + +LShift = 6327a182157565372c1b402df464cd822ea41b617e8b64b278000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 3b + +LShift = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 3c + +LShift = 18c9e860855d594dcb06d00b7d1933608ba906d85fa2d92c9e0000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 3d + +LShift = 3193d0c10abab29b960da016fa3266c117520db0bf45b2593c0000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 3e + +LShift = 6327a182157565372c1b402df464cd822ea41b617e8b64b2780000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 3f + +LShift = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f00000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 40 + +LShift = 18c9e860855d594dcb06d00b7d1933608ba906d85fa2d92c9e00000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 41 + +LShift = 3193d0c10abab29b960da016fa3266c117520db0bf45b2593c00000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 42 + +LShift = 6327a182157565372c1b402df464cd822ea41b617e8b64b27800000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 43 + +LShift = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f000000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 44 + +LShift = 18c9e860855d594dcb06d00b7d1933608ba906d85fa2d92c9e000000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 45 + +LShift = 3193d0c10abab29b960da016fa3266c117520db0bf45b2593c000000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 46 + +LShift = 6327a182157565372c1b402df464cd822ea41b617e8b64b278000000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 47 + +LShift = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0000000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 48 + +LShift = 18c9e860855d594dcb06d00b7d1933608ba906d85fa2d92c9e0000000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 49 + +LShift = 3193d0c10abab29b960da016fa3266c117520db0bf45b2593c0000000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 4a + +LShift = 6327a182157565372c1b402df464cd822ea41b617e8b64b2780000000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 4b + +LShift = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f00000000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 4c + +LShift = 18c9e860855d594dcb06d00b7d1933608ba906d85fa2d92c9e00000000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 4d + +LShift = 3193d0c10abab29b960da016fa3266c117520db0bf45b2593c00000000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 4e + +LShift = 6327a182157565372c1b402df464cd822ea41b617e8b64b27800000000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 4f + +LShift = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f000000000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 50 + +LShift = 18c9e860855d594dcb06d00b7d1933608ba906d85fa2d92c9e000000000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 51 + +LShift = 3193d0c10abab29b960da016fa3266c117520db0bf45b2593c000000000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 52 + +LShift = 6327a182157565372c1b402df464cd822ea41b617e8b64b278000000000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 53 + +LShift = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0000000000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 54 + +LShift = 18c9e860855d594dcb06d00b7d1933608ba906d85fa2d92c9e0000000000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 55 + +LShift = 3193d0c10abab29b960da016fa3266c117520db0bf45b2593c0000000000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 56 + +LShift = 6327a182157565372c1b402df464cd822ea41b617e8b64b2780000000000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 57 + +LShift = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f00000000000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 58 + +LShift = 18c9e860855d594dcb06d00b7d1933608ba906d85fa2d92c9e00000000000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 59 + +LShift = 3193d0c10abab29b960da016fa3266c117520db0bf45b2593c00000000000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 5a + +LShift = 6327a182157565372c1b402df464cd822ea41b617e8b64b27800000000000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 5b + +LShift = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f000000000000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 5c + +LShift = 18c9e860855d594dcb06d00b7d1933608ba906d85fa2d92c9e000000000000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 5d + +LShift = 3193d0c10abab29b960da016fa3266c117520db0bf45b2593c000000000000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 5e + +LShift = 6327a182157565372c1b402df464cd822ea41b617e8b64b278000000000000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 5f + +LShift = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0000000000000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 60 + +LShift = 18c9e860855d594dcb06d00b7d1933608ba906d85fa2d92c9e0000000000000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 61 + +LShift = 3193d0c10abab29b960da016fa3266c117520db0bf45b2593c0000000000000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 62 + +LShift = 6327a182157565372c1b402df464cd822ea41b617e8b64b2780000000000000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 63 + +LShift = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f00000000000000000000000000 +A = c64f43042aeaca6e5836805be8c99b045d4836c2fd16c964f0 +N = 64 + +LShift = 1d1cf8b5ccbae667bd05797fbaf9d4c1ff623cc01546111d91c +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 1 + +LShift = 3a39f16b9975cccf7a0af2ff75f3a983fec479802a8c223b238 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 2 + +LShift = 7473e2d732eb999ef415e5feebe75307fd88f30055184476470 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 3 + +LShift = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e0 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 4 + +LShift = 1d1cf8b5ccbae667bd05797fbaf9d4c1ff623cc01546111d91c0 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 5 + +LShift = 3a39f16b9975cccf7a0af2ff75f3a983fec479802a8c223b2380 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 6 + +LShift = 7473e2d732eb999ef415e5feebe75307fd88f300551844764700 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 7 + +LShift = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e00 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 8 + +LShift = 1d1cf8b5ccbae667bd05797fbaf9d4c1ff623cc01546111d91c00 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 9 + +LShift = 3a39f16b9975cccf7a0af2ff75f3a983fec479802a8c223b23800 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = a + +LShift = 7473e2d732eb999ef415e5feebe75307fd88f3005518447647000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = b + +LShift = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = c + +LShift = 1d1cf8b5ccbae667bd05797fbaf9d4c1ff623cc01546111d91c000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = d + +LShift = 3a39f16b9975cccf7a0af2ff75f3a983fec479802a8c223b238000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = e + +LShift = 7473e2d732eb999ef415e5feebe75307fd88f30055184476470000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = f + +LShift = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e0000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 10 + +LShift = 1d1cf8b5ccbae667bd05797fbaf9d4c1ff623cc01546111d91c0000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 11 + +LShift = 3a39f16b9975cccf7a0af2ff75f3a983fec479802a8c223b2380000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 12 + +LShift = 7473e2d732eb999ef415e5feebe75307fd88f300551844764700000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 13 + +LShift = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e00000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 14 + +LShift = 1d1cf8b5ccbae667bd05797fbaf9d4c1ff623cc01546111d91c00000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 15 + +LShift = 3a39f16b9975cccf7a0af2ff75f3a983fec479802a8c223b23800000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 16 + +LShift = 7473e2d732eb999ef415e5feebe75307fd88f3005518447647000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 17 + +LShift = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 18 + +LShift = 1d1cf8b5ccbae667bd05797fbaf9d4c1ff623cc01546111d91c000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 19 + +LShift = 3a39f16b9975cccf7a0af2ff75f3a983fec479802a8c223b238000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 1a + +LShift = 7473e2d732eb999ef415e5feebe75307fd88f30055184476470000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 1b + +LShift = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e0000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 1c + +LShift = 1d1cf8b5ccbae667bd05797fbaf9d4c1ff623cc01546111d91c0000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 1d + +LShift = 3a39f16b9975cccf7a0af2ff75f3a983fec479802a8c223b2380000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 1e + +LShift = 7473e2d732eb999ef415e5feebe75307fd88f300551844764700000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 1f + +LShift = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e00000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 20 + +LShift = 1d1cf8b5ccbae667bd05797fbaf9d4c1ff623cc01546111d91c00000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 21 + +LShift = 3a39f16b9975cccf7a0af2ff75f3a983fec479802a8c223b23800000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 22 + +LShift = 7473e2d732eb999ef415e5feebe75307fd88f3005518447647000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 23 + +LShift = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 24 + +LShift = 1d1cf8b5ccbae667bd05797fbaf9d4c1ff623cc01546111d91c000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 25 + +LShift = 3a39f16b9975cccf7a0af2ff75f3a983fec479802a8c223b238000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 26 + +LShift = 7473e2d732eb999ef415e5feebe75307fd88f30055184476470000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 27 + +LShift = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e0000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 28 + +LShift = 1d1cf8b5ccbae667bd05797fbaf9d4c1ff623cc01546111d91c0000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 29 + +LShift = 3a39f16b9975cccf7a0af2ff75f3a983fec479802a8c223b2380000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 2a + +LShift = 7473e2d732eb999ef415e5feebe75307fd88f300551844764700000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 2b + +LShift = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e00000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 2c + +LShift = 1d1cf8b5ccbae667bd05797fbaf9d4c1ff623cc01546111d91c00000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 2d + +LShift = 3a39f16b9975cccf7a0af2ff75f3a983fec479802a8c223b23800000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 2e + +LShift = 7473e2d732eb999ef415e5feebe75307fd88f3005518447647000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 2f + +LShift = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 30 + +LShift = 1d1cf8b5ccbae667bd05797fbaf9d4c1ff623cc01546111d91c000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 31 + +LShift = 3a39f16b9975cccf7a0af2ff75f3a983fec479802a8c223b238000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 32 + +LShift = 7473e2d732eb999ef415e5feebe75307fd88f30055184476470000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 33 + +LShift = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e0000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 34 + +LShift = 1d1cf8b5ccbae667bd05797fbaf9d4c1ff623cc01546111d91c0000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 35 + +LShift = 3a39f16b9975cccf7a0af2ff75f3a983fec479802a8c223b2380000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 36 + +LShift = 7473e2d732eb999ef415e5feebe75307fd88f300551844764700000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 37 + +LShift = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e00000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 38 + +LShift = 1d1cf8b5ccbae667bd05797fbaf9d4c1ff623cc01546111d91c00000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 39 + +LShift = 3a39f16b9975cccf7a0af2ff75f3a983fec479802a8c223b23800000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 3a + +LShift = 7473e2d732eb999ef415e5feebe75307fd88f3005518447647000000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 3b + +LShift = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e000000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 3c + +LShift = 1d1cf8b5ccbae667bd05797fbaf9d4c1ff623cc01546111d91c000000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 3d + +LShift = 3a39f16b9975cccf7a0af2ff75f3a983fec479802a8c223b238000000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 3e + +LShift = 7473e2d732eb999ef415e5feebe75307fd88f30055184476470000000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 3f + +LShift = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e0000000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 40 + +LShift = 1d1cf8b5ccbae667bd05797fbaf9d4c1ff623cc01546111d91c0000000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 41 + +LShift = 3a39f16b9975cccf7a0af2ff75f3a983fec479802a8c223b2380000000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 42 + +LShift = 7473e2d732eb999ef415e5feebe75307fd88f300551844764700000000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 43 + +LShift = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e00000000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 44 + +LShift = 1d1cf8b5ccbae667bd05797fbaf9d4c1ff623cc01546111d91c00000000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 45 + +LShift = 3a39f16b9975cccf7a0af2ff75f3a983fec479802a8c223b23800000000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 46 + +LShift = 7473e2d732eb999ef415e5feebe75307fd88f3005518447647000000000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 47 + +LShift = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e000000000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 48 + +LShift = 1d1cf8b5ccbae667bd05797fbaf9d4c1ff623cc01546111d91c000000000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 49 + +LShift = 3a39f16b9975cccf7a0af2ff75f3a983fec479802a8c223b238000000000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 4a + +LShift = 7473e2d732eb999ef415e5feebe75307fd88f30055184476470000000000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 4b + +LShift = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e0000000000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 4c + +LShift = 1d1cf8b5ccbae667bd05797fbaf9d4c1ff623cc01546111d91c0000000000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 4d + +LShift = 3a39f16b9975cccf7a0af2ff75f3a983fec479802a8c223b2380000000000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 4e + +LShift = 7473e2d732eb999ef415e5feebe75307fd88f300551844764700000000000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 4f + +LShift = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e00000000000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 50 + +LShift = 1d1cf8b5ccbae667bd05797fbaf9d4c1ff623cc01546111d91c00000000000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 51 + +LShift = 3a39f16b9975cccf7a0af2ff75f3a983fec479802a8c223b23800000000000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 52 + +LShift = 7473e2d732eb999ef415e5feebe75307fd88f3005518447647000000000000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 53 + +LShift = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e000000000000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 54 + +LShift = 1d1cf8b5ccbae667bd05797fbaf9d4c1ff623cc01546111d91c000000000000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 55 + +LShift = 3a39f16b9975cccf7a0af2ff75f3a983fec479802a8c223b238000000000000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 56 + +LShift = 7473e2d732eb999ef415e5feebe75307fd88f30055184476470000000000000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 57 + +LShift = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e0000000000000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 58 + +LShift = 1d1cf8b5ccbae667bd05797fbaf9d4c1ff623cc01546111d91c0000000000000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 59 + +LShift = 3a39f16b9975cccf7a0af2ff75f3a983fec479802a8c223b2380000000000000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 5a + +LShift = 7473e2d732eb999ef415e5feebe75307fd88f300551844764700000000000000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 5b + +LShift = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e00000000000000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 5c + +LShift = 1d1cf8b5ccbae667bd05797fbaf9d4c1ff623cc01546111d91c00000000000000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 5d + +LShift = 3a39f16b9975cccf7a0af2ff75f3a983fec479802a8c223b23800000000000000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 5e + +LShift = 7473e2d732eb999ef415e5feebe75307fd88f3005518447647000000000000000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 5f + +LShift = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e000000000000000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 60 + +LShift = 1d1cf8b5ccbae667bd05797fbaf9d4c1ff623cc01546111d91c000000000000000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 61 + +LShift = 3a39f16b9975cccf7a0af2ff75f3a983fec479802a8c223b238000000000000000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 62 + +LShift = 7473e2d732eb999ef415e5feebe75307fd88f30055184476470000000000000000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 63 + +LShift = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e0000000000000000000000000 +A = e8e7c5ae65d7333de82bcbfdd7cea60ffb11e600aa3088ec8e +N = 64 + + +# These test vectors satisfy A / 2^N = RShift, rounding towards zero. + +Title = RShift tests + +Rshift = 0 +A = -1 +N = 1 + +RShift = 6ce746ffa7979ce10b751cd2308402a95d00d596cd97b36380 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 1 + +RShift = 3673a37fd3cbce7085ba8e6918420154ae806acb66cbd9b1c0 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 2 + +RShift = 1b39d1bfe9e5e73842dd47348c2100aa57403565b365ecd8e0 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 3 + +RShift = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c70 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 4 + +RShift = 6ce746ffa7979ce10b751cd2308402a95d00d596cd97b3638 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 5 + +RShift = 3673a37fd3cbce7085ba8e6918420154ae806acb66cbd9b1c +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 6 + +RShift = 1b39d1bfe9e5e73842dd47348c2100aa57403565b365ecd8e +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 7 + +RShift = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c7 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 8 + +RShift = 6ce746ffa7979ce10b751cd2308402a95d00d596cd97b363 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 9 + +RShift = 3673a37fd3cbce7085ba8e6918420154ae806acb66cbd9b1 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = a + +RShift = 1b39d1bfe9e5e73842dd47348c2100aa57403565b365ecd8 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = b + +RShift = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = c + +RShift = 6ce746ffa7979ce10b751cd2308402a95d00d596cd97b36 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = d + +RShift = 3673a37fd3cbce7085ba8e6918420154ae806acb66cbd9b +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = e + +RShift = 1b39d1bfe9e5e73842dd47348c2100aa57403565b365ecd +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = f + +RShift = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 10 + +RShift = 6ce746ffa7979ce10b751cd2308402a95d00d596cd97b3 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 11 + +RShift = 3673a37fd3cbce7085ba8e6918420154ae806acb66cbd9 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 12 + +RShift = 1b39d1bfe9e5e73842dd47348c2100aa57403565b365ec +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 13 + +RShift = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f6 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 14 + +RShift = 6ce746ffa7979ce10b751cd2308402a95d00d596cd97b +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 15 + +RShift = 3673a37fd3cbce7085ba8e6918420154ae806acb66cbd +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 16 + +RShift = 1b39d1bfe9e5e73842dd47348c2100aa57403565b365e +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 17 + +RShift = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 18 + +RShift = 6ce746ffa7979ce10b751cd2308402a95d00d596cd97 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 19 + +RShift = 3673a37fd3cbce7085ba8e6918420154ae806acb66cb +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 1a + +RShift = 1b39d1bfe9e5e73842dd47348c2100aa57403565b365 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 1b + +RShift = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 1c + +RShift = 6ce746ffa7979ce10b751cd2308402a95d00d596cd9 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 1d + +RShift = 3673a37fd3cbce7085ba8e6918420154ae806acb66c +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 1e + +RShift = 1b39d1bfe9e5e73842dd47348c2100aa57403565b36 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 1f + +RShift = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 20 + +RShift = 6ce746ffa7979ce10b751cd2308402a95d00d596cd +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 21 + +RShift = 3673a37fd3cbce7085ba8e6918420154ae806acb66 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 22 + +RShift = 1b39d1bfe9e5e73842dd47348c2100aa57403565b3 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 23 + +RShift = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 24 + +RShift = 6ce746ffa7979ce10b751cd2308402a95d00d596c +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 25 + +RShift = 3673a37fd3cbce7085ba8e6918420154ae806acb6 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 26 + +RShift = 1b39d1bfe9e5e73842dd47348c2100aa57403565b +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 27 + +RShift = d9ce8dff4f2f39c216ea39a461080552ba01ab2d +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 28 + +RShift = 6ce746ffa7979ce10b751cd2308402a95d00d596 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 29 + +RShift = 3673a37fd3cbce7085ba8e6918420154ae806acb +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 2a + +RShift = 1b39d1bfe9e5e73842dd47348c2100aa57403565 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 2b + +RShift = d9ce8dff4f2f39c216ea39a461080552ba01ab2 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 2c + +RShift = 6ce746ffa7979ce10b751cd2308402a95d00d59 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 2d + +RShift = 3673a37fd3cbce7085ba8e6918420154ae806ac +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 2e + +RShift = 1b39d1bfe9e5e73842dd47348c2100aa5740356 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 2f + +RShift = d9ce8dff4f2f39c216ea39a461080552ba01ab +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 30 + +RShift = 6ce746ffa7979ce10b751cd2308402a95d00d5 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 31 + +RShift = 3673a37fd3cbce7085ba8e6918420154ae806a +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 32 + +RShift = 1b39d1bfe9e5e73842dd47348c2100aa574035 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 33 + +RShift = d9ce8dff4f2f39c216ea39a461080552ba01a +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 34 + +RShift = 6ce746ffa7979ce10b751cd2308402a95d00d +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 35 + +RShift = 3673a37fd3cbce7085ba8e6918420154ae806 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 36 + +RShift = 1b39d1bfe9e5e73842dd47348c2100aa57403 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 37 + +RShift = d9ce8dff4f2f39c216ea39a461080552ba01 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 38 + +RShift = 6ce746ffa7979ce10b751cd2308402a95d00 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 39 + +RShift = 3673a37fd3cbce7085ba8e6918420154ae80 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 3a + +RShift = 1b39d1bfe9e5e73842dd47348c2100aa5740 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 3b + +RShift = d9ce8dff4f2f39c216ea39a461080552ba0 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 3c + +RShift = 6ce746ffa7979ce10b751cd2308402a95d0 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 3d + +RShift = 3673a37fd3cbce7085ba8e6918420154ae8 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 3e + +RShift = 1b39d1bfe9e5e73842dd47348c2100aa574 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 3f + +RShift = d9ce8dff4f2f39c216ea39a461080552ba +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 40 + +RShift = 6ce746ffa7979ce10b751cd2308402a95d +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 41 + +RShift = 3673a37fd3cbce7085ba8e6918420154ae +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 42 + +RShift = 1b39d1bfe9e5e73842dd47348c2100aa57 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 43 + +RShift = d9ce8dff4f2f39c216ea39a461080552b +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 44 + +RShift = 6ce746ffa7979ce10b751cd2308402a95 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 45 + +RShift = 3673a37fd3cbce7085ba8e6918420154a +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 46 + +RShift = 1b39d1bfe9e5e73842dd47348c2100aa5 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 47 + +RShift = d9ce8dff4f2f39c216ea39a461080552 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 48 + +RShift = 6ce746ffa7979ce10b751cd2308402a9 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 49 + +RShift = 3673a37fd3cbce7085ba8e6918420154 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 4a + +RShift = 1b39d1bfe9e5e73842dd47348c2100aa +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 4b + +RShift = d9ce8dff4f2f39c216ea39a46108055 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 4c + +RShift = 6ce746ffa7979ce10b751cd2308402a +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 4d + +RShift = 3673a37fd3cbce7085ba8e691842015 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 4e + +RShift = 1b39d1bfe9e5e73842dd47348c2100a +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 4f + +RShift = d9ce8dff4f2f39c216ea39a4610805 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 50 + +RShift = 6ce746ffa7979ce10b751cd2308402 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 51 + +RShift = 3673a37fd3cbce7085ba8e69184201 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 52 + +RShift = 1b39d1bfe9e5e73842dd47348c2100 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 53 + +RShift = d9ce8dff4f2f39c216ea39a461080 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 54 + +RShift = 6ce746ffa7979ce10b751cd230840 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 55 + +RShift = 3673a37fd3cbce7085ba8e6918420 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 56 + +RShift = 1b39d1bfe9e5e73842dd47348c210 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 57 + +RShift = d9ce8dff4f2f39c216ea39a46108 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 58 + +RShift = 6ce746ffa7979ce10b751cd23084 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 59 + +RShift = 3673a37fd3cbce7085ba8e691842 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 5a + +RShift = 1b39d1bfe9e5e73842dd47348c21 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 5b + +RShift = d9ce8dff4f2f39c216ea39a4610 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 5c + +RShift = 6ce746ffa7979ce10b751cd2308 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 5d + +RShift = 3673a37fd3cbce7085ba8e69184 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 5e + +RShift = 1b39d1bfe9e5e73842dd47348c2 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 5f + +RShift = d9ce8dff4f2f39c216ea39a461 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 60 + +RShift = 6ce746ffa7979ce10b751cd230 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 61 + +RShift = 3673a37fd3cbce7085ba8e6918 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 62 + +RShift = 1b39d1bfe9e5e73842dd47348c +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 63 + +RShift = d9ce8dff4f2f39c216ea39a46 +A = d9ce8dff4f2f39c216ea39a461080552ba01ab2d9b2f66c701 +N = 64 diff --git a/deps/openssl/openssl/test/recipes/10-test_bn_data/bnsum.txt b/deps/openssl/openssl/test/recipes/10-test_bn_data/bnsum.txt new file mode 100644 index 00000000000000..2d90067de8a008 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/10-test_bn_data/bnsum.txt @@ -0,0 +1,2626 @@ +# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# Sum tests. +# +# These test vectors satisfy A + B = Sum. + +Sum = 0 +A = 0 +B = 0 + +Sum = c590e57ee64fced3ca84d4bb013bba7d633e68b2ff4e27bf1db43f386dbfcce501f112b7fff6fb9436a576ccfccce12867becf02b91961453ea41f414764407d +A = c590e57ee64fced3ca84d4bb013bba7d633e68b2ff4e27bf1db43f386dbfcce501f112b7fff6fb9436a576ccfccce12867becf02b91961453ea41f414764407d +B = 0 + +Sum = -c590e57ee64fced3ca84d4bb013bba7d633e68b2ff4e27bf1db43f386dbfcce501f112b7fff6fb9436a576ccfccce12867becf02b91961453ea41f414764407d +A = -c590e57ee64fced3ca84d4bb013bba7d633e68b2ff4e27bf1db43f386dbfcce501f112b7fff6fb9436a576ccfccce12867becf02b91961453ea41f414764407d +B = 0 + +Sum = 0 +A = c590e57ee64fced3ca84d4bb013bba7d633e68b2ff4e27bf1db43f386dbfcce501f112b7fff6fb9436a576ccfccce12867becf02b91961453ea41f414764407d +B = -c590e57ee64fced3ca84d4bb013bba7d633e68b2ff4e27bf1db43f386dbfcce501f112b7fff6fb9436a576ccfccce12867becf02b91961453ea41f414764407d + +Sum = c590e57ee64fced3ca84d4bb013bba7d633e68b2ff4e27bf1db43f386dbfcce501f112b7fff6fb9436a576ccfccce12867becf02b91961453ea41f414764407d +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = 23f85668bf4d0fa273d8c7f63c5fee57811062a674111e295a73a58e08dd0fd58eda1f473960559d5b96d1862164e96efded31f756df3f57c + +Sum = c590e57ee64fceccd54e0bdc52476a756d32e794922dca0acc780d2c6af8852351102b40dfb97009f95e019a5bf38e5d127aa78bc34425edf96f763084a8b09f +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -4b5b16252ba2355e0b87f01baa721783c403607a4c1b5652c09a68e96926c8e314fa580bf0ad3f8f59bd70f14df86a4676661899b54c79a62 + +Sum = -c590e57ee64fcec882fef3ffd015a3fd9024d8f5f6d53eb537d6abdb0ff5e76a8fb08d5feed113fc9e74745d957adf32704a08339ba42efd5746c5d478e3f57b +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = 908007a2f3c551c58958d1059427a0391d4d768f61cb802e4cb062c778354ea3eaa8f0dfbd14ca8203e07ae6d07269b58088a39f7608c5586 + +Sum = -c590e57ee64fceeb242f8a0893eaa0d2ccc3dc57ec40fe917cfde66618fba678ce0c8fffc566d4e8c7944d6443def8014fe8ee410a1b8dfd06cb0b436619e0dd +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -1999301bd9877fe07ca711f308b2f1bc4a704fd194ec4dbc297355d6285340d6ad7e90cb0add1770aea19737a06750c3a7a6fa0b778ca995dc + +Sum = c590e57ee64fcef321395bba088ca0a867e1e85a1ea77478f8783e6a6cf8f3e582bff83cb2d7d9fd549fcbb40dea22ac140351007030059500bdca81413600e9 +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = 219639ed8afc21e052422fff0ae5583231ebca2999404b099628093e6540b1dbc20b9c495aa7229b5965b19a5fcd653b3fa0eccab567c5b5e8 + +Sum = c590e57ee64fce834a00cc6282cb0eef49eac7a8d5b51988cb49253ed85ae261c76f2327a691fc63eceab02614807048b2816cdb9b89ca66a17b6ed1abdab580 +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -4e40fea1cc899fb166dbc721a6639a28be4164ef92545307ed934796afcb9401d75c18d23352471709fbd049c50740ffeebe5590fa2d959581 + +Sum = -c590e57ee64fce1a17609c61ce02f1020c6eb6e241e3fdd01546ce7247725589de32db95f36718d410f9ce9a94fecc8fb205e876fde75ce83f4d01e1bd5d818d +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = b7739ed1cd3e67cf541943326cf76b4476f767465ee53b94c57c83de417ebee5673809b3bed1c8bac2fc4bce29a4e36d6d2083fdea1c12c974 + +Sum = -c590e57ee64fd03e2d08c3d8e5110d08e3d36557d82e0e49b408337a8c9d4298802ae5f0145a9587531a70d2f8af932b8262245428b5c549817d333f2dfaeeec +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -16ca20955a9d8a64cb2be217c089edecc02a75a1ea95fef584925742c18a234974c0a16ee7991e80bd8d4106db385eafaf421ac3373548aa3eb + +Sum = c590e57ee64fd1bcac71b5b055e5934ba15dd7f56370063369c36e57a6b753269e085d0f4d38bfb711d5579dd1d89d07f266e727b232a497d5b0d9bfbc02d8a5 +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = 2eb21724781497ad2f57babeea62a20c3ec5d1559867a0968d74351a337db12c17bc8d1d5446b1115b5441530870f67da4275dfd9f3e2928da4 + +Sum = c590e57ee64fc7860b0be6ce861bc2f099db7fb623912b7b0729c019a8183c669c73efe02b195483a4cd2c78244cd59678ac4d62f6887fe686a3eed37ed460ff +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -74b7ff38760864efd658bd6699915be16cc058454b78495ade8be42c9f7470ca9b7a43655e1427ab1bc35a5693dac424a6ed92d10f85a9bea02 + +Sum = -c590e57ee64fc3126776e79d9fca06233bd2ef5570a65e4521183627bdbdbc555e9118508cf63f519bc0caedbffd5b1a913ee8c3603804820a9ce54b1207bdef +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = bbf238886916ca0ba32e9def9f9c8a8e401eb95dea96ef02df9fc25a186e52fbee9ad42b76ba6ca2c381d12cddd4292c5d355341a80c7688d12 + +Sum = -c590e57ee64fe6dfd728dfbe45aee52380b5a00cf1e05e9f09ac582e2714bb589caf2ad038111c5b1b5573a45706ab1f6fd5d5a1ee7ef4a9bf186dca8a9ede12 +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -180e4c29718f394424cd5b03b6bdb8911c57fcfe435cfa66d10941f870f8c5eb1e1fd251f14af03f23ccc1841f014bb42a545f476dfeb12e9311 + +Sum = c590e57ee65004b3e18a5820de4a6d25e7c3d310003e0b8716bbfd51d5f0f3e87fdf8e00599d713397255281e66ef419a9d9bb228e8f052764f5f861ccca656f +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = 35e2568ae9f1d1dfaccfc211e9c0c6eec9400a0de880a94309992528d428e77772f84e21d0287fa76cc6fb880481ebc43ad20524f895f35a1a6e + +Sum = c590e57ee64f84896a5f11f575d34b6001f27d4b4d6e7cd9485260629f8f7f1c6ca6f6115b98d776774295dde4d59cdbbceccad097a0a054b501bfb47d81e85c +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -4a4820a05c39969774f623bf6c03ebe0c56dc45bb46e8d1e6b32ee0fc3c6168d26c4d1c0ec7b81f1ea76f164ebd00b2a2a00aacf40175bee62a5 + +Sum = -c590e57ee64edf1b2b57b4cbb92d778ea6b9d9878a0374d4ea81691b09811b105bb6dbf23a57d89264f0e6c83f8d00fe00681644feed56e15fc81103ab9b7dd6 +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = efb65fa7b963533d48c77ef80fc7af4bcd72222cabb6232ccf3efeffdde537ce25a8e4129b91273a8654ade9a05ba3dd73740008eec82dd4cd2b + +Sum = -c590e57ee650e25da7b60146e014f472bfff9809aa8f519db7943f69d9ad09ee75a3427c6127cce7bd27f224b9dec03111fb066956b4903f9f9740cce1aa4ba7 +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -1138c1cb69317d3aa341c9a4daeba71400f56aae62a98acff1f9f1aec88a4ef01ceac74246fcb531738de63a94fc8b3e9c5ea3fc64101083a00a6 + +Sum = c590e57ee653af8752322840ed720f628f9674c81073b58372e49ef26d4a2a9d46a0391bc170336614b27849de98709a4b321da4ddfb978e9f10df29154edb9f +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = 3e0b5c732ba11e1074f0c69e48b78d724733c66368a21409c404debe97f444f4a352acbaef5f077d0e9479ce067043b30cd393f3fdf5d3bde909e + +Sum = c590e57ee64bc13634cbd149aae35ee47bde6ea3663f74ff300cfdb2d845f902f017586c6d4f83f08c3b4f0c035055d13fc9d340b7b9ed164432aed44e8f4d7c +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -40d9b56339ce561876171a9d37aabd30fcd47dca1171e5467f14c6a9f616b04d67a4abcc8334d637731816e87e35feb10dd3f1b9e50f78ae0fd85 + +Sum = -c590e57ee6477eb692705f8da1357e71591336907a5e0a6e39715088d53b2610882765357563fd101bcf05ca545a0c718f52879fdf4f80cb9a12cf108eca60ed +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = 8501af88f0ea16b3541e4cc9eb2bebef137d8d33cc4485772c43ed28f54a1fcc2012b2d347c8f126d7ae11eff2f00c37b4989c5be30bb4aa5ea14 + +Sum = -c590e57ee669b662e37f5abf13d00d2f0c1c9a8b99ec546361aad255f375bc2742a3487c351c5ba00efef09c77331577460a47c57125c620b643e9eaf36a146b +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -19e791587fec9007654cd8e66ab13c609d121c54fcbd84c6c7d1d7e7ec8ea4c2f65d64c5fb6e43106b8e2497b89124ce5afbcb5672ea1f19f9c96a + +Sum = c590e57ee681dcbf1554f22c0b1ffead917dd414299cb37ce6967ffec9c333931e70358729843c8130ac95aba47fa1fa5da74000eff25eecae176f093a4effca +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = 320ded8a5583fcfeb53e576bcbeac4f04d7135d9e86b2d9d154943c3b97bafb75e3e45e7a913523db81aa7af5589604d2794974e466f3d60deb4c9 + +Sum = c590e57ee5e505ae4a2e1f25a1ae9b7b4d17dd2cccc09f2416d964e55af6d0d31fe259c160f87646a72e6732d5110256b3b35425225d622b81418435c9dd8cc4 +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -6ac92340d14f096abc24dad89a0c226c8ea322f5d4afebd1b7197c3ad46016112d87f4a1d51b2691b684fbfa9e627b806d6829de8f7b960f92be3d + +Sum = -c590e57ee58c3ef1582bf7a516e36f92b60f5a587e2c8cb071d1d52ff215854e52de1519fd5204fa52292dfdc397d8d76b78005941358b63a3e6ca41b0eb09b7 +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = c38fe032d37689f58750c36fa28ef6bb22b5969adc3fa13a98650107d8a4bd74d3f940f6da545ba32fae7b42d9b64761953ef1bbea358a2885414a + +Sum = -c590e57ee80262967da4038a143f8ff2e78646108f25ff7183444ba507d76f9b05a34c8310e682c05495d0863ceff264964dbfa7c064adf6d26d2dca6e22ab13 +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -1b293c4f2a4955b07d4cf9cc1d45cc155d6bd2a769636d3db29854baaec92ab9ec084850b924e2cd6286b11e7fc09071d99e3a1729c2dfe94b26012 + +Sum = c590e57ee85427f08e8c89ffebfcc05c73370ad4cb77696c2b2f3878e6f6df341d4d931b5097aba49f14ac0312e7da1c843d6fd08119822e75e6e7a8c7bcb7b0 +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = 204591f038d1bd0df9200064d852185922827251e8123a7ba48f4e4c296d943de71ad69561129a9ac2052c9d5ebb92fde4eb7d91615e7dcee4c6caf + +Sum = c590e57ee051ca1a363c47a4cc016c3de7f7e17985009b545528289e9fbc9086f4b42a73826eca0c278b0d1b4ef6d74b9a0bfcb7855d40fdb201fbad1074b927 +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -5fe04b754c3268a406954183dba07d5b44ea6f2b785ec328cf159c866028f63efb7342f2178753e17d0b0071445b9e91d6d8957adcf041ec8fb91da + +Sum = -c590e57edcd6e9ef06fe33f3817ba3d0c50c8122b77615c4b8fa50c5514f113d7ba53ce057d487bcbc373c4384d07b29a527b7ef785ca609474879b42a9a4c3a +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = 978e4e284013a3b8aef1c8560a5682c81d92c8253b3c40bdb5ed911df117cf71a51767e8ccc4615e1f70c290929feb12a6e244c18888617aed5fec7 + +Sum = -c590e57f0436bdceb586a093522eb1630e0fc08f8790957aba1875a42b7676f9ca936e8f6f3478d6ef5cd590bf6ded0700440dcd769496822af8015f0a6ba2b6 +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -1de6eefd2a87326445c3f10ce85dd7404e415333ad6a60d2fec88caa6fdcb4b7fd0e7a9ba659533758a665b451f2572cd3c9cc2ccb27019330fb57b5 + +Sum = c590e57f1df3f004d5e49f49fa28603b26659f1fd35e0d8d7a2753591dbc12c51e6b588427dbe3faba2f0c1f2f0a2aea9ba1fcb2fe71c6ff40555058d23c8661 +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = 37a421334ae5311aedbd9fe500b3b5d09a0ecb466d793e87f10e2875c3b49eacb5b5e5bf712b89c5c842a397ed5046125ba6fca9e084508cf8cc3b60 + +Sum = c590e57e9a4abf4572fa7c4c9f73e9d3fd1227646fd6d15b51924bd7a5d417b01fe6b4273eaa6ece387422b81c8116f29702d7d66d2f6e8c3454807b3b7d413c +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -4c050f8c1804f1e26cf6d682289fc1eac97870ebbb1bc8f986d9d29f3ad005b0337b8f6d108f5fa14a467060174edeca359b5bc92b7c7f509df309c5 + +Sum = -c590e57e64216c306f17017ac9dd7085113e16c83168664dbb77c7ad3ddfc79b09f9ea0c474a0b497ca15e7fb258eed9666fd009f691a3b2d691c2c6b22ba3b3 +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = 822e62a11be86cb4428d4fd11473d28707e6dbf951364d23eece22b450bccfcb2adbf2f1cc6223d9b46e987947e1e696ac3926a2893f3d052744a74e + +Sum = -c590e5806ab4d09773c4f94a4aac09f6ed7609eec1d0bafecb09e30f032f706e9adadc191ff9e6d7dccc821f7a8666a590e521749d24912c5a5ffeff246f7c85 +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -1846501c5e8c58b1b3e4149a0c7c4209f888178b7be5bce3dd681861f40242241add3e89c93c8ffc613bedf52e2936ad3fa59c6d6fa8eff334aff3184 + +Sum = c590e58248cbf5dd61ec57994fc862ab479dc6cda51cc17356c45cef66bbfdd12f5cc421940a561581c123fb17483beb7a1cce2596fa9ca76e722a6f4621eae9 +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = 3627c270bd6ece96a435da25521ebdd7e6bcd7f2c4a16481e3a0e1381d4a60a4a21e457da38bda1a1b080b498cbcb1784f42fd2520ea12aa36cb19fe8 + +Sum = c590e5771a85bdb1f26c0386ce837bec4b0af5656496efdf4f134d875f066dd6d477ca8f87ffb275da07da4dd1bed4232849a526836b47f2d69f2d53b6b3e2f1 +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -7cbca111f98936aa83de74469daa6f3e9d4b85267bd9ac749cda77c78863eef47ea264bc56efba80b9508b32f8608117a1f5f82628931d27822bc6810 + +Sum = -c590e571c76afad23439f904e8a80fc28dcabb6cb732e361ed3eef471be6fa755e3fe746edbfe448c1f289ffed7dfc01fe9066d780564f57f93abbca9b9a995a +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = d1ee4d3ff56c5752a23c2b09397e72de2821c5ee51f6f258a10c6efd9fc76d290846619f28710f85979498b50afc14fc922747afd669644013dd5b1a7 + +Sum = -c590e598cd5d4a59ff5d6c97c6370fb517f1d492a7776f90063b0ddd6702e37c60fc78bb12857911cea37b7263584d7dc815676de6b8880200acea154b59b08b +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -19e70d7b88745dfe68b9cc4f5ef23feb436e282d48f98cf90c3a54f92d0645bee3a05f7ad6859ff918fc90c62b19c3b0cd43edbdaca0dbea4971e9658a + +Sum = c590e5b5829e6fceb77830fbe999a98127b50302fd0f6a86ea4aea27b846747a07e6fcf5457676e6446137d6bdd8ff4fb7ca747b650b066d65d7dc1e172488e7 +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = 369c4ea0fd2c78c2ccdd2ee92b020319b3c3c0283fdd9cd5568b988a2aad30431dd35078aafb5db57d571177fd0978bddac2403c180606dc523db43de6 + +Sum = c590e52a3ab5d5c458634254e2f672a322000750741e969d2f6cd12d172480ad1455300e3a0575b068b85d50b58f9737be13073188d0f03b71494bd0fd2fea16 +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -54ab99f90d329c2bda29744db303b1e1fec530aba9dd4143a4158969a2466189c93820888ae04b2508b137f01af03eaf6f19f9da19ee87b3fadc4060eb + +Sum = -c590e4880579ef7241bde94e8c7847badc705f53828751f9975f0e66371d2ddff8740b143f32e88be8e686e2bf5a3ce03d864d7699a813b1777b9239af242c7d +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = f6e0d5df5f494184e07ff2789b494189fbb6c7f04d754f066af590bc6f6242aec332f315af601cfb76a76d4a7270cb692a0922b6a3e8556d922a4c1e84 + +Sum = -c590e6dbe54098694155509e38c61d503ab7e5237d2cdfc2b87fb57e3a8420fe37fe50a0dad4f0eae3d38fad6198e4ecaeae183a12078f53d09ac8099c715242 +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -15cfef0c997b655e26f2c5b5cfa1505fbd443dd9d7babd1a0ad0dd636aedd4796c968aef2af9ad00d53fad15d9a005c61996f3cc4fe70c9c83dc3010741 + +Sum = c590e906254d013be2021ad591e76e26706a6815b8c484b6528fec65416e1066957002713e1183f1005f565983aad7aa031e549e6fc57094ca3e4383e7fdbc15 +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = 3873efd326a5702aca6857cadd04ab87ec67f75426f45e1d79414c026173ab94899cbeb85b5b75bd4001ce3505754cc9dfdccfaa63f6a6d43b80e8d7114 + +Sum = c590e0e0079190d7afd80acd6326fe93cc00903318608df31ee4493d11271dac7291bd142cca0e5dd7dda59dabd460a69b7855d9c2acb5f062de76665e07cbd7 +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -49edebe3df9db276361a943c1c259b1591c20eeb453edc9cb941b86cca2e824fcc3455befdd7125dcbbbaf326ac12d960c6e01e1464fcf289657b687f2a + +Sum = -c590d9ae456d66c1b132d844eb223867ba4560b36f53c42a616cf8cc657e6d252f813847fb9fc50127227684e5c0f5cd890eceb341d21e788e42f843e9b64080 +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = bd0a0e2680fd9cc95ea214887ee6b6c889bc9fb7e1cab411c04c72f7d2a2b35818f7686393a21e10bd4810691852542e7ed60f8abdcd18e0787efba0a81 + +Sum = -c5910498291472fe1d0047d5bdd9e46deb3f26000e943fce8d83d700d9ae233ab3a28849bbb346803da142db6a471e9f79cd49571f40dbc46f7b727a4bb3016a +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -1f1942c4a42c9200d9a6b16f2417c58d3cb0d544fd8780d5c22fad0038eb58ebce72498d4844f49dc082037f974ccb7b92b67c76116f0faa72ae7242b669 + +Sum = c59112d841ea109440e78563d9eefef201c81e86ae967083f8b7db80d1eaf58551d30519ca6dd79164fe69a29cf1ba22446cb2999f73292241005bf17b37528e +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = 2d595b9a41c2b5e81734cd843e9bdc16353775472e3cec09c6afa53d0b35f71c4b425847d9561bfae749362a32cf961afbf8fca85ecce12f5c25a1c7078d + +Sum = c590671f890ca06c74ac6d2c4d75aabeaaa55312e85a5e1ea9cef0e08e154e2b090eaba869e9f6e4a47ae10b9c1eb0f6ae4fb3ef12b3121d96066c6c8e592b6e +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -7e5f5d432e6516530102bef515977b0c963c50f4e42862df23f09e989c2451a80e2f083c0756a488a14dcaa8d65c000202b19017b837c9ca935f4b171f93 + +Sum = -c58ff0ae92ab03072154949a7143d45278ef77a0ba71a785d5a370e0d30a9b4b4f7e96a395d13e6afeebbd717365d471ee56ba11c472a63c0532558104bedfc5 +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = f4d053a4cbca69aad9949b26ec03acc271ae7edd9ac1370aa3f059a34f040b382333dc54bfd04a17c4e7f361b2e0bffafc8ede5824195a9eaa4ad4b16b3c + +Sum = -c5927a5fcc3b31abeca3998ad99c07626112288a6ad95b24929fed581040757fdce73881c48b02daf09986ea436a3f5ceb6833c31fa2e1691567601a26c7a6c9 +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -194e0e5eb62da61a42b5bcd31470c3b603f3b318a18dd85f1d886e3928b3082307eaa5265049fa7960490dca2b80a3d167d227cd81713b596604e4d575bc8 + +Sum = c59395e94d495451e3fea153f3e4361a088004a7d5426c1b94aec44108ad6f5cecc3a80dda0cea9f51b882747258137e171bf021b4fc59f4dcf0106d4ba952fa +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = 2b06a66f9858058ff3324e77975c3e2ce1b589bf329d48800af6fdbff850d920cee3667e6ec6408b5001b0b908c2b68ca398112318f9f7d1f10a1723907f9 + +Sum = c58bdb26c0fd6766f3affea389cbe7db25c06d5d56356d3d945347775bddf479ffc9e279e7d1ee88eddb239906749815ae4502fbbc6fe978a001ccdafd89cb10 +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -50a582552676a974f6f8b829ed87afff17bf1e319d509785acd59d0cff5d55aecd75d8a540fb25b285ec06052ef3d000cb3a4e65ae0dcbfcf32f0dbe67ff1 + +Sum = -c581afe9b7ae86d4b7053f19649beea6cb935799a553f035f9b9a7fba6d5559e4ecdcd1637c73c8052c6cc52ee1c28d1e5aed9db7261b7356afd6e3dbc213684 +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = f35952ea147fcd3fa2f15a7ced1af5a1e91b593fb521112f46cd585d894b10be8ecc13a5ec1baf63cb60678ab5e80c8a2dcc53069131ff4d3918e1d4f147d + +Sum = -c5a19f36a65a6a8d52a53a63f99a1b957d6e376b7010ad14695d78d67b0d7c86881006188bd27bbf205c8c9c200dc8f5c08ab6b97dcd512f6cb93ed9a361ff9f +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -10b9b7c00a9bbbc7a5cc34ed2f5b3f57bc4e1c36c16acd5caf64054e5f92372d594c4119ac7d83d7590a42b94641a312390018db0286da0ce83f0dc9f1b49e + +Sum = c5cd0e5da24b67a894402b0eee5dd586ab70e5beb0693e263a54995193663a9b770141379c1f097a49d1a889bbf0c348c6f40ed50bd7bdc11a7869c6106c6d80 +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = 3c28debbfb98d70940bcdfe1f3153085befc6f7719fbdf2da6848066b8504c1c4a876029f90b3f00ce263055293bf618a25834690cf36bbaa769fa36fc227f + +Sum = c54e2c560a00226701b76cf03d5de27a8c69b38a6b85dad9f7c903d2e87f9a7d247522e72491460f6a529e5ca2aaaf690cb238b873ffb49d9fb0ecacfedd4e90 +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -42b928dc4fac6a8948013ecf0cdddb994835c4cdc9676d14e510fe442e4fd2364196f04d94b82bdeb0e3fcc41cd7e9a19f7de82ecb15b7c020131eda92fc71 + +Sum = -c4bfb037f6e6e861efb090ee610c33e7568790259f747dc6e55d442aadd68c0cc93c7617f83980e8813c0fb7dd28c8aaca6ad8fdde5d2bfec9ae096faa9ef54e +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = d13546ef68e66f9b4edd40ab5e8c6ecf2a592999dac4802750d0a67ed75e42917a43bf79ec7d52c7c772a1899ebea7e3e6dda2c46d9e569622f65c2ed155b3 + +Sum = -c6aa2af8c9ae8be4aada83f66b7f31a8bce5e92c67d8938424a1405903e5502bffc4ee1e333da4bcfd0cb383b19a566372f877a8344b66dbceabc9786dd0e4f2 +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -1194579e35ebd131fdb15c75f1471529733ffdd2e89513d17f32b87d73765dca50e3446c117a681b409312a4ad2cf10c4a6c10791809c866edac9ac946099f1 + +Sum = c8aff66c9bdaa49eafac0f65d3ddff223b7a5471f7400431ca3a54615d600fc4a163f8fb648bddb5fd6915db1991611805040e0f86f152c8fd3333ef70d632e4 +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = 31f10edb58ad5cd24aca136c7733ecc15c86b22bdf0c1eabd8c3f9030b2257546ad3f23f265df7ab4659381b2c9d9c556b2576ee42688739d6234239765e7e3 + +Sum = be1b6eb768e2cef388eebe31f9b21e51b38b351cc8175eba06d49eef04c2936f32167174dcb82297fd4180d0afb5da2c455d158c7a5bf01bdef8c295a4f20390 +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -77576c77d6cffde0210affd12b8a2047226b4327137e38d05d975e227eb56e028a04862956ddba34bc20188b711ad2668f4a114286eda3980d83d36347e4771 + +Sum = -ba32fca1d5cc5f31ecaf5407f376d3aef9f4abc04fd4c6893721d3e50e9141abf356eb2ff6f7a4f9b42983148670d2918e1dff7aa7ae33a6e9dadcb708b4f9dc +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = b5de8dd10836f9f9e501a2718f3eca72bbd3d8ee97a7bbdd58c40ec1e1ca8a3675fcea77b2e594194d9ff44e056b4c12033b725fb1c96ae75f62314d0bb5125 + +Sum = -e388afbf17c495f86aa7298a45f848eb57e5baaee42b1f7de8c2311bfbb8f74549712c05fd3bd11ab8874fb55abb22a37ba3512e733ecd5c472842e8e6f7b179 +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -1df7ca403174c726dfa7bb5b398d88953233d15faadbdd36dc141c4acf0b0cf5eeba722e8b15d2df6f83cd5bf3f39b50cd519a8dd0740306e757431d0d876678 + +Sum = e891babe65ee02c02e7e876c0df3dc3bb37491008f3642ca7affe2d623fa82a6d5a9e5400944a374ab70fbb8f952dad0c8b27c77475b0dfec7b0694051dcd1f4 +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = 2300d53f7f9e33eea37f193d01891be58dc2a7b155e700836e51ce04f74c98577af32b68971ea539626d795f928b537e1a60c5d6a49043a967df6974786c86f3 + +Sum = 4dfc2f63d60f83fb1d397d2406b02a3b25c1a57c09c2fe02c76696b7c956e44facdef11470074d8fd8220c7bf8e647ba873fe9c3f9e77d6aae7b5fb64f1cf566 +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -7794b61b10404ad66dc5f10b05ba961afff043d32f8c444445477e19635705ffadd7c8c3021eb0ab70e175dd6de13f982711ccdca8e34ceab155a0158a53559b + +Sum = -3c19bedc60e7d7dc3daaa36795e453d810c952dd5185fcdc857e2be806e520068dbedb91c4a1131b9eb6dcdfd500045209514e3e9f6e6df41d2ec67fba20e10a +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = 897726a28567f6f54d54cac776866c7e14e89671e7c9456a872fe8e925c8ca48ccf7de45ad84eb1faa4ca57991c78300a5006862035c5c6142a2394c1f4f69f7 + +Sum = -28c2bddfeffbdbdb1ec6f06aa310d1bb6f0c4b88d0106a1b381ae6fe8f65c18bd9895fcba6931ecf06d9dab6c7a3ac9e00361bf165f16bd16af25230d040cd842 +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -1c69af880196deee0616f987b24a25b60cb12cf3dc7b75f6c75005b17c9ae2e6e3ddf42e2f70beeb5249a29131373428d55100875bc4bf2c14f5423412a9c8d41 + +Sum = 372ea360832e30b16a3c30a2157c8bddc4408ce0428169deb09bf68113e4b8482d887de1a7cfc80272e597c3f3f104e6825a1fd2a68b41cbc307caaae17d453e6 +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = 2ad5950894c933c4518c39bf24b5dfd861e56e4b4eec75ba3fd115340119d9a337dd124430ad681ebe555f9e5d848c71577504689c5e95266d0abaae23e6408e5 + +Sum = -5b29f4991cad86845a50949f25ad6cd7c883d71ceec9795cc528f58a4a4aef9dc139e8e87cb82071e112b2d256181eaad0a98fa36b25b67dc673608939b48e08a +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -678302f10b12837173008b82167418dd2adef5b1e25e6d8135f3d6d75d15ce42b6e55485f3da805595a2eaf7ec84971ffb8eab0d755263231c707085f74b92b8b + +Sum = 98b37ecc0b42a15f52c8fc8bc2aba294031bc2dfa37dcba0fdf1f5f5da00b8b3daece033b47bf254e8b5e201bae24995034673800d53213f6ee0796be1ca93845 +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = a50c8d23f9a79e4c6b78f36eb3724e996576e1749712bfc56ebcd742eccb9758d0984bd12b9e52389d461a27514ec20a2e2b8eea177fcde4c4dd89689f6198346 + +Sum = -1c15985f3ee941d7ab6bedad88143cf497681424e7456fe30eafbdedfcdf1e927db124c775b87f36cefff17a35972ac40d498c4be818883bfc206f44c5e5eec23b +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -1b500779c002f208d9e0ee3f5907d2344142623b980c20a0c7a30fd92bb270a82e566e0d9e46593893b6edf7dc30633cba9b3a954775bd71a6c09e44fa0c7e773a + +Sum = 34ab71257e63b234258027e26bd35dfa5e07f67385b6772c5ed445438478bef5a835e87c9de413e23839849a71f5af99a67427098b682bfb6becb66d20eaecb2e7 +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = 33e5e03fff7d626553f528743cc6f33a07e2448a367d27ea17c7972eb34c110b58db31c2c671ede3fcf08118188ee81253c5d552eac56131168ce56d55117c67e6 + +Sum = -44f9508e3430f93d4e2c8be1b856f46c01d6940e1bfda8515c747a1a95239547322999e500e718ec98ed211ae04ffc76b0e6f2364ce9d913ffb80397f24ee8d64e +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -45bee173b317490c1fb78b4fe7635f2c57fc45f76b36f793a381282f665043318184509ed8593eead436249d39b6c3fe039543eced8ca3de5517d497be2859214f + +Sum = bea59d2cb0bf556876d4f8a248339af69644a12d3dc1d9a3d83929929b8db5aa26289bd06e2488a96820ea8f59168cc82f19b5dfaab20d245495d6e24bfb260a3a +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = bf6b2e122fa5a537485ff810774005b6ec6a53168cfb28e61f45d7a76cba63947583528a4596aea7a369ee11b27d544f81c807964b54d7eea9f5a7e217d496553b + +Sum = -166abef6a1682bef78d4c5905a833b81a03c0bf0f3735973bf7f02181a8ce5c7f125f41fcbb10c7f5905e492fc3f6b172f23d041620f8a7ac6f76e0c8a53d3cb5e8 +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -165e65e84979c6f28bbc1599779274d59ad9b0d25e7fc47f9b0e3736cd7a1ae94c3048b42e39ea1f7551545ad6a8fe9eb9f8eb25f8055dce21a170fc8d963cc6ae7 + +Sum = 3245e002843eb7116b987b5cf9160e6891a74a6843039f8517fbda68b0e6ad87fd0aa836a2b6aacabcd67d45d327e6cab43ef569f488354e22f4553eed09e83d601 +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = 323986f42c5052147e7fcb66162547bc8c44ef49ae100a90f38b0f8763d3e2a95814fccb053f886ad921ed0dad917a523f14104e8a7e08a17d9e582ef04c5138b00 + +Sum = -464684d68716498baaa3744d20c112a854e148e6d004e4142c79f4e25a36c0acbff72c047925377f377ad690c63fd21a3f05911d11fb8bb79bec4ea68fef9f1d575 +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -4652dde4df04ae8897bc244403b1d9545a43a40564f8790850eabfc3a7498b8b64ecd770169c59df1b2f66c8ebd63e92b43076387c05b86441424bb68cad3622076 + +Sum = bb90e9e393538df233d499955020b8f3c9789b1f18fd5ba31cdcca6afe24842166e6cbf1985f7f9e002335be46de06ce11ffbf6dbfe743642cdeefca1a856219fe4 +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = bb9d42f1eb41f2ef20ed498c33117f9fcedaf63dadf0f097414d954c4b374f000bdc775d35d6a1fde3d7c5f66c747346872aa48929f17010d234ecda1742f91eae5 + +Sum = -1804d154182f4b71cab3529447ced41ac310a1d14121847816c74171759998b707db0f1f3a9d6f6e01a2de48ec83a45e5dc7d0ac9133c8e00ec41814e3d2818834f4 +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -18040bc332b06521fbe1c794d99fc7b002ba7c1f57d24b28d48034c360c86c091d8bb46880c5fd48036795456a2a3d96d675225ada932615446eb843e406a817e9f3 + +Sum = 3b75f0b892eb00075eb21961cc018a2d297764bf560cede3290cab6682a56931b831380b72a9afc3dff88f042ed5bd5d8468d8a1e267b36e508c09ccac2a565936e0 +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = 3b752b27ad6c19b78fe08e625dd27dc269213f0d6cbdb493e6c59eb86dd43c83cde1dd54b8d23d9de1bd4600ac7c5695fd162a502bc710a38636a9fbac5e7ce8ebdf + +Sum = -4b4bf674436c9b1079c2b24cdda19247d0db44061c562ab6f5300eac53556fbe758151824b6bc6bb63a958895fd7c4205cde5484a9fcbbe787fe38c3d36f4549dc23 +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -4b4cbc0528eb816048943d4c4bd09eb2913169b805a5640637771b5a68269c6c5fd0ac39054338e161e4a18ce2312ae7e43102d6609d5eb252539894d33b1eba2724 + +Sum = dd8af6a278a84889cab2d444efb282a7259a608117db26583287f051bca1b70c21f8c3d95b2f4e0b7d25b6966771a5c41414c386bf4491ef7b055b07455c12b5d8d5 +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = dd8bbc335e272ed999845f445de18f11e5f08633012a5fa774cefcffd172e3ba0c481e901506c0317b60ff99e9cb0c8b9b6771d875e534ba455abad84527ec2623d6 + +Sum = -16cac44109b24fd5d47dfb5994caecbbd534ee11178aaea4a100d9e63bb2c5ecdcafce1e2080eafdda00d26c29e01980166d8db67800e33027f5260d154efe1a98973 +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -16cab7e7fb5a6170d790e2a99de7fbf5292f8bb5f8f5bb0facdc691b5a65b321fe0ad872b4e373db7a1d1ddbf1ba83139df862d15c96d9037b4fd0100552408393e72 + +Sum = 22db04aa783edd3e1a55d263262805f2892c013f78ebb86239f2e5981090158f57bdf3bb171c2e0c1c7bf9bc88ab62683581f8b02c5bec8f631bb24ade9be235108bb +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = 22daf85169e6eed91d68b9b32f45152bdd269ee45a56c4cd45ce74cd2f4302c47918fe0fab7eb6e9bc98452c5085cbfbbd0ccdcb10f1e262b6765c4dce9f249e0bdba + +Sum = -4c8c0b74eb7a79a12ecaecf885b9672ac717b1c8db5ad251f1551ce80af89acf3a495066c85a96e6430be8e5888ab1ef3edd5e76645b5914ab55d221c34d07f8d5ce0 +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -4c8c17cdf9d268062bb805a87c9c57f1731d1423f9efc5e6e5798db2ec45ad9a18ee461233f80e08a2ef9d75c0b0485bb752895b7fc5634157fb281ed349c58fda7e1 + +Sum = e3718adf0c2546c8cceb0e8c7d909deaa50b50f51d7b80f8040763eafbf581c017e7e12325b258503fe651ffa4c3d3ff9200515d816dfa3ba372dc937480d121ef056 +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = e37197381a7d352dc9d8273c74738eb15110b3503c10748cf82bd4b5dd42948af68cd6ce914fcf729fca068fdce96a6c0a757c429cd8046850183290847d8eb8f3b57 + +Sum = -18dd84a4e54a29c1b3106ef2f2d92be21ba64d2e26b3f4c2ea68685557d01a07f9229365c6d109205fa116fee59cf385cdd61b7fa5de8de751f02f1dc0eeb304babb4e +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -18dd83df5464aadb63419d67f36afcd5b0e5f70874caa5899b262148a9bb48db4b38440b101731ae39a2dbb5e21a9a1f064ec8d15427ed448725d9bdefeee72b4a704d + +Sum = 3ce64e7953aff0e057cdd6c17499461666f5bf8dc3a929ba7ba919486c1631c25c0e142584470d3f759157c045f9f488502a76024b6b7b2bf84c0adcce8dd7c6d6898f +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = 3ce64db3c2ca71fa07ff0536752b1709fc35696811bfda812c66d23bbe016095ae23c4cacd8d35cd4f931c7742779b2188a32353f9b4da892d81b57cfd8e0bed663e8e + +Sum = -6a392e555c2ae89dd73f86e11fd98d1d59ed03072a0dd61add633b317d5638d67984a55e51f01a2db94ad6eb6488fa80cf4f25a32d436886599c33b5287a9525f41a4a +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -6a392f1aed106784270e586c1f47bc29c4ad592cdbf725542ca5823e2b6b0a03276ef4b908a9f19fdf491234680b53e796d678517efa092924668914f97a60ff64654b + +Sum = 8202089b883a5e77457036254c2a73aaf32f03eb1e61fae428926028b499b7d0a4f4e5256094f34bc2478f0595aa01aa79b5d36d7f30136d3af2be93b70552fc6e988e +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = 82020961191fdd5d953f07b04b98a2b75def5a10d04b4a1d77d4a73562ae88fd52df3480174ecabde845ca4e992c5b11413d261bd0e6b41005bd13f388051ed5dee38f + +Sum = -13a2e13d675e3fa89489c870cda617ae92ccb7d2f6b6405eafcad9c89a682b63364c333476adf0322febffad973f3dbddb7cbaa41a64b1ea24dcb2bc2196a0af42eac3f +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -13a2e1310e4fe7ba2f8cdb581daf34bdcc20b2709b97ab6b1ad6b557cf86de506b6d8e3ecb4252bb0d8c1bf9070718276f044579354947dff8300d662486a3f1abe613e + +Sum = 2bf9f45c817a8f5c589a208c57c30b52866e75a9b6ee0fb7c3f0c7ec3761f2c114858241a189e331aa9ab440132dc8f5ab7dac0891a69d5573dbe42fda019d30610f07b +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = 2bf9f450286c376df39d3373a7cc2861bfc270475bcf7ac42efca37b6c80a5ae49a6dd4bf61e45ba883ad08b82f5a35f3f0536ddac8b334b472f3ed9dcf1a072ca0a57a + +Sum = -40557025ab86f90705fc86e3ab3d8494255bee490822e27c5551037f36f9ca834fd33c11a1a162357cb21eb83254c4da56b9f8f54aca29b95283ac03732a849258e7c41 +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -40557032049550f56af973fc5b346784ec07f3ab6341776fea4527f001db17961ab1e1074d0cffac9f12026cc28cea70c3326e202fe593c37f305159703a814fefec742 + +Sum = d2985750cb9579d3f5dc3db7d2229f06e2a0d57d195819b3646f84c08eafc093def93748aaedf1f430eedb90c1694d894339caa4141ef5f07708e1a3607c5793df599b5 +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = d298575d24a3d1c25ad92ad0821981f7a94cdadf7476aea6f963a93159910da6a9d7dc3e56598f6b534ebf4551a1731fafb23fcef93a5ffaa3b586f95d8c5451765e4b6 + +Sum = -13a024fb88eba47aea55fb69680479058efda97b81fb1e6e7cfe520e8dd8ad12deffb69662852f9a94f3b029a37befc620d792a8589660e2ebc7d6e1bc8c0c8f35ac1216 +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -13a024fac35abefc04062c97dd050ad68292e9255c49351f43af0fc7812a9841b251cc4707ce75c322cdb1ee5a786d6cba100b55aa44aa4248fd0c8c5cbb0cc35c3bc715 + +Sum = 22701a8dfb82a2ddc8a5485b05362205a549bcdd24bbd660f2041a6672732824bbcac4ff58605ccf1d8ee066204a4a639828c41b722fb4a1e6c9bc3f82a89d85fd042f85 +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = 22701a8d35f1bd5ee25579897a36b3d698defc86ff09ed11b8b4d81f65c513538f1cdaaffda9a2f7ab68e22ad746c80a31613cc8c3ddfe0143fef1ea22d79dba2393e484 + +Sum = -4f73fdc6540686b350c859bdbe8f22340786ddb04b7ddb8858d33ce8931bcf660269129607f77dbc1db38d8186d8bae7ebb4ec8716c6eb26342ec8290d8d8988b1f5fb0d +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -4f73fdc719976c323718288f498e906313f19e06712fc4d792227f2f9fc9e4372f16fce562ae37938fd98bbccfdc3d41527c73d9c518a1c6d6f9927e6d5e89548b66460e + +Sum = dcbcb3df6508052fd0d1cfb0a6088fe978227066c58317cc359f508bce9f45987ce3152022e19ef068b0381ce7d781ae3e7c04243541744c9f374a3f28dbd746acd3b9fa +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = dcbcb3e02a98eaaeb7219e823107fe18848d30bceb35011b6eee92d2db4d5a69a990ff6f7d9858c7dad6365830db0407a5438b76e3932aed4202149488acd712864404fb + +Sum = -163f4ba6595207387ef0956796ac29e3c6862b5344abdce3db4ff7e960b7727fa0a2870dbbe17bd8c446000b3074c1145368d4b84b39029110f915b61916fc29555d7d800 +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -163f4ba64cf8f8e0908b987a7dfc3300d5bf7f4de250be4ee7bb03c4efec91328dd7a868c636103b4d23a0277be488eebcfc5c432053e72706cc6910c319ec2c97c678cff + +Sum = 3588d982604f471ff0ff784942bd43d85cad820864e0b9ee80cc9a9e3807d2739eb58d447830f73fc8cadc88d864f98577e43adf5150b2eb104e75939caa7de02419b6575 +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = 3588d98253f638c8029a7b5c2a0d4cf56be6d60302859b598d37a679c73cf1268beaae9f82858ba251a87ca523d4c15fe177c26a266b97810621c8ee46ad6de36682b1a74 + +Sum = -4d51ba5f184e5d20b30f8e41d663d14dbe4f692f1a0749789c02290af4c889268c319fad8b9b7c9cc71e8d9878039931447fd6ede967c5c82c1915631f3237aaacf4a1763 +A = c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -4d51ba5f24a76b78a1748b2eef13c830af1615347c62680d8f971d2f65936a739efc7e528146e83a3e40ed7c2c93d156daec4f63144ce1323645c208752f47a76a8ba6264 + +Sum = 9d7a5610dcfc50699e6bc065584fed73fddbd58dfbefe377eaacc024e33e6b4fd361fac0844489fdf13efd8dca7fae0747603f4b26bb2a9bab9de5241a3af4a935ac940aa +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = 9d7a5610e9555ec18cd0bd5270ffe456eea281935e4b020cde41b44954094c9ce62cd96579eff59b68615d717f0fe62cddccb7c051a04605b5ca91c9703804a5f34398bab + +Sum = -1258b397182002c966f064c2cdadb06910e2042d0f51b4af494338c12b6efff052fe564a00e581c5aac0ea79fd8a1ff68ed92b7f74baabb03a51337d4b9b01a2f64ac803cd +A = -c590e57ee64fced18aff6e2f0c6ac05625b1e94f394f42470cae14d12cadea4f5ab6b9d77225fe3b4903825966c78752ae51b6a0a2caca555fd0ffcbd9704b01 +B = -1258b397175a71e3e80a14f3fc22b0fae1d5996cb92c02c5fa09e97ee46251db81d1a85fb18acb0bd34ec47bc2411c74357263f8220c59f999ae68b2f63b30a32a7157b8cc + +Sum = a1eea50170df6807aef40929a52c097081e1755b575a49548ee5868281973a141920234cd0176d64f84a5874dc417cdc8a5c338cb54bca390538e1014d638b51 +A = a1eea50170df6807aef40929a52c097081e1755b575a49548ee5868281973a141920234cd0176d64f84a5874dc417cdc8a5c338cb54bca390538e1014d638b50 +B = 1 + +Sum = c7c26d68246f16d9d9996fe67616d2fd48809916e8121a5ef95b17bb9b8333d84e2416bf2a5eb3b686c936b9722e0a92a376f357aea7719610e864d9e2a5a677 +A = c7c26d68246f16d9d9996fe67616d2fd48809916e8121a5ef95b17bb9b8333d84e2416bf2a5eb3b686c936b9722e0a92a376f357aea7719610e864d9e2a5a676 +B = 1 + +Sum = 80d5de21acc1eb10fff4e534d23b5cd39e1eebc3d7f03aea438bb6e5237ced9955bf86898e93c74565c9a197e3ed2ff8edd3acc41ecef97c4fcfd52e1cdbb07e +A = 80d5de21acc1eb10fff4e534d23b5cd39e1eebc3d7f03aea438bb6e5237ced9955bf86898e93c74565c9a197e3ed2ff8edd3acc41ecef97c4fcfd52e1cdbb07c +B = 2 + +Sum = e020b9bd8d194468f8b563c8f586f6959533be8507bd4d3d7e494ef3733007c062caaa65da5c51b52f18cec4894966352f948517ee92d5f9b5ed00f020b1d1dd +A = e020b9bd8d194468f8b563c8f586f6959533be8507bd4d3d7e494ef3733007c062caaa65da5c51b52f18cec4894966352f948517ee92d5f9b5ed00f020b1d1d8 +B = 5 + +Sum = dad6af803cf2f40e75cbb564e8229c0d25465930d2ceea73715682c26d582148a943c1c767ac5167c0425975ff75a66eec5ad418ded078569dea2f77359c1cf8 +A = dad6af803cf2f40e75cbb564e8229c0d25465930d2ceea73715682c26d582148a943c1c767ac5167c0425975ff75a66eec5ad418ded078569dea2f77359c1cfc +B = -4 + +Sum = de90e3172430754f80e116cc8c848bee88c8e31810c6ef0ded5b05bbef6d5b81f9bf6593622ebfcb2b41be2e87d62ab7fd566763b74428275a16d1da482e5f76 +A = de90e3172430754f80e116cc8c848bee88c8e31810c6ef0ded5b05bbef6d5b81f9bf6593622ebfcb2b41be2e87d62ab7fd566763b74428275a16d1da482e5f7b +B = -5 + +Sum = c153ce69e35411c7f1e52809773ce03ce8d2af10b5c7aa3f4c9354de5ca044b7ef25089f1e96bd14d6c62c88b3c39951df19c73751ba25dc758534adba7faddc +A = c153ce69e35411c7f1e52809773ce03ce8d2af10b5c7aa3f4c9354de5ca044b7ef25089f1e96bd14d6c62c88b3c39951df19c73751ba25dc758534adba7fade2 +B = -6 + +Sum = f0c843f86e227571d67cfc34ac00d0e6f87f4cbd3273af68562657ae5ca82ddf5fd63476d56d5cccf62dd93f8320c0ba88658493dde282abc22bd09a01f6f2be +A = f0c843f86e227571d67cfc34ac00d0e6f87f4cbd3273af68562657ae5ca82ddf5fd63476d56d5cccf62dd93f8320c0ba88658493dde282abc22bd09a01f6f2c5 +B = -7 + +Sum = c5ba28844b8947aa0c2933f06aa88f0b34e0e10ca9baf1cc3bd5ff2dc0590e3ac5a2f2d3a1408009e1b35e08426bdda001adf93e872b03f4f6df28d34a3355e5 +A = c5ba28844b8947aa0c2933f06aa88f0b34e0e10ca9baf1cc3bd5ff2dc0590e3ac5a2f2d3a1408009e1b35e08426bdda001adf93e872b03f4f6df28d34a3355ed +B = -8 + +Sum = 84da246c2485e335d1f3b7e31c2408365f2afe7bff7b596440281c1618bbc8bf7a3896ece480fac4a29070539a95f1d718c151ffbfafbb82629bef9d2afbaaf7 +A = 84da246c2485e335d1f3b7e31c2408365f2afe7bff7b596440281c1618bbc8bf7a3896ece480fac4a29070539a95f1d718c151ffbfafbb82629bef9d2afba900 +B = 1f7 + +Sum = 9673d93165b5be256689ba4e750243537f85bc28daac7f65338074081f114b3a83871683c89fae3c87d44da053557aa16dd074b1bdc16c02a74c5b495f875449 +A = 9673d93165b5be256689ba4e750243537f85bc28daac7f65338074081f114b3a83871683c89fae3c87d44da053557aa16dd074b1bdc16c02a74c5b495f875453 +B = -a + +Sum = fce022b2dd492a96f8b095712803f318a45a9a8f00a48dec06accaf793e54e59daa14c56c2fce011e30e6394937f7bd6fa6afa1b6dc3b5359ec7bb4f757c5d89 +A = fce022b2dd492a96f8b095712803f318a45a9a8f00a48dec06accaf793e54e59daa14c56c2fce011e30e6394937f7bd6fa6afa1b6dc3b5359ec7bb4f757c5594 +B = 7f5 + +Sum = f04028fafffb1aee499812d12f9fcbb23e6a872b3f69fe7a7a246d8f98ba2aa954f78506b39c023397855ead87854412c881fdd16267c07ee12f085b055c7c71 +A = f04028fafffb1aee499812d12f9fcbb23e6a872b3f69fe7a7a246d8f98ba2aa954f78506b39c023397855ead87854412c881fdd16267c07ee12f085b055c6c7d +B = ff4 + +Sum = 9c008016815a6580728b3f690eddc7695fed44171557df8a4a6e8c0d5e7c3296832b4ba9ee4a4cd7e6a8ef23cf8c64fcd0518664289c4e72105b404cd6c0ab6d +A = 9c008016815a6580728b3f690eddc7695fed44171557df8a4a6e8c0d5e7c3296832b4ba9ee4a4cd7e6a8ef23cf8c64fcd0518664289c4e72105b404cd6c0ab7a +B = -d + +Sum = c12bf7e503d2c5845c60886ad5ef87d24e002498003b44922e462f36592a52c878123a6d1037896ce9fb7d2c680d008e80009da72c8e1415e957b2fefb52c34b +A = c12bf7e503d2c5845c60886ad5ef87d24e002498003b44922e462f36592a52c878123a6d1037896ce9fb7d2c680d008e80009da72c8e1415e957b2fefb52c359 +B = -e + +Sum = febba964e2548ed1474dac7c1eb9b1cd169ac913530b7fb358d67197517266707e5a176a814ec82cf8945214b30c36ca7ac0b1ade1848573e72d408dbede8f53 +A = febba964e2548ed1474dac7c1eb9b1cd169ac913530b7fb358d67197517266707e5a176a814ec82cf8945214b30c36ca7ac0b1ade1848573e72d408dbede8f62 +B = -f + +Sum = 8a3f9eeb76e96f13446c593fe2cabd4215e0debc54025df7791d924d8afc08dc8f607b82a3d07d75897bfeee0c42b9a32e0e77a098c1cce9c001aabe0481996d +A = 8a3f9eeb76e96f13446c593fe2cabd4215e0debc54025df7791d924d8afc08dc8f607b82a3d07d75897bfeee0c42b9a32e0e77a098c1cce9c001aabe0481997d +B = -10 + +Sum = be825a00c3c6b192d04863b0719ee1e687dbbf2cfc0c331c00b8b947c17fecb7700c9e534bbc49bd61978754ffae1e57d80aab34f5fd23a267e10a4b5a13a9d8 +A = be825a00c3c6b192d04863b0719ee1e687dbbf2cfc0c331c00b8b947c17fecb7700c9e534bbc49bd61978754ffae1e57d80aab34f5fd23a267e10a4b5a11a9e9 +B = 1ffef + +Sum = d1c861822ba0e93be81fc78a2628756480146225c79b4a389588a9c3bff9a7500660e99c28807d9ae7bf8c1e89e81d4f9ff2f72d35ea6b34d09df053d46dd294 +A = d1c861822ba0e93be81fc78a2628756480146225c79b4a389588a9c3bff9a7500660e99c28807d9ae7bf8c1e89e81d4f9ff2f72d35ea6b34d09df053d469d2a6 +B = 3ffee + +Sum = 98ac65b4c06400baeb40ed137ecdd930a3607423caecbe1f1a936a8210c28fd84b53324e5bb73b7e4b71209b1a4d106796d57a4a23fad2c23abc0c039539080d +A = 98ac65b4c06400baeb40ed137ecdd930a3607423caecbe1f1a936a8210c28fd84b53324e5bb73b7e4b71209b1a4d106796d57a4a23fad2c23abc0c0395390820 +B = -13 + +Sum = da02949862a4b26a4fb4bff43b21c2cdd048189199612616303d3ab34dc6f201be256f5889e368867a0da200a0b03e904048d6ba5caee1dafa16f4fdb1f00029 +A = da02949862a4b26a4fb4bff43b21c2cdd048189199612616303d3ab34dc6f201be256f5889e368867a0da200a0b03e904048d6ba5caee1dafa16f4fdb1e0003d +B = fffec + +Sum = ea9523fdde49d481c9f449969fd8e191e118058e0593f2a27ef0ade666ff478c50acb274a6c77d9ec4ca628ab0d7f3dc18708327423de28616235187acb197f8 +A = ea9523fdde49d481c9f449969fd8e191e118058e0593f2a27ef0ade666ff478c50acb274a6c77d9ec4ca628ab0d7f3dc18708327423de28616235187acb1980d +B = -15 + +Sum = dab5613ae3756d29f22bc30213363900e3fdced153a3c20852d51c71cbb9af41aba6a16d0b72926192ef48f25e8975881ca7973a69590dc6f0224395e6f3684d +A = dab5613ae3756d29f22bc30213363900e3fdced153a3c20852d51c71cbb9af41aba6a16d0b72926192ef48f25e8975881ca7973a69590dc6f0224395e6f36863 +B = -16 + +Sum = c442f3e574310f78e0ac187af96550d4999b79da9c9d6ffa9eb9437a2ac01479003d8e795ce68dfc0f87a4fd9b00b6c172c72c7f580a32af015a3a3375b85285 +A = c442f3e574310f78e0ac187af96550d4999b79da9c9d6ffa9eb9437a2ac01479003d8e795ce68dfc0f87a4fd9b00b6c172c72c7f580a32af015a3a3375b8529c +B = -17 + +Sum = b9ac1e23fbfe179d9d3ff99b2ad8399754ea5531e6fce5dad997e2c961110d49d0e3d9c2ec03289edeb39e5a6b4744dd4b3cdd6c43f4e8f4c8e91617772e7fd0 +A = b9ac1e23fbfe179d9d3ff99b2ad8399754ea5531e6fce5dad997e2c961110d49d0e3d9c2ec03289edeb39e5a6b4744dd4b3cdd6c43f4e8f4c8e91617762e7fe8 +B = ffffe8 + +Sum = e087174c20cba6c4e1e8ffc2ecfeeee770898916454724c24b56d8619c27db123078d406d6b7b836b0dd3092b34b736c472f1afd983971230f1e2b729b00acd4 +A = e087174c20cba6c4e1e8ffc2ecfeeee770898916454724c24b56d8619c27db123078d406d6b7b836b0dd3092b34b736c472f1afd983971230f1e2b729900aced +B = 1ffffe7 + +Sum = ba66837e8e8bdefa4c3df73ba5ee65d1ab45a68f51072bf2997446b13b6c73b29c26d15ddff186c9621e156bd3b650caa267dffa54abb782734c443bf502b276 +A = ba66837e8e8bdefa4c3df73ba5ee65d1ab45a68f51072bf2997446b13b6c73b29c26d15ddff186c9621e156bd3b650caa267dffa54abb782734c443bf102b290 +B = 3ffffe6 + +Sum = fc461dea452aaf0e2c1df10b7cb4293fbc498d40caa7a917a741c6d3534914fc039bb7a62d14cc3e9ea6cc8d2b41228628ad56687d18858c3867c75ae83a3216 +A = fc461dea452aaf0e2c1df10b7cb4293fbc498d40caa7a917a741c6d3534914fc039bb7a62d14cc3e9ea6cc8d2b41228628ad56687d18858c3867c75ae03a3231 +B = 7ffffe5 + +Sum = d109e7982ffd500ed77702054ccbfa49bb47b5cdb2220988ef58af3cbe0ac90bb3b2ac8a2c558fe744231bf227bf35343e12ecb312242ce50a85fe461e73b601 +A = d109e7982ffd500ed77702054ccbfa49bb47b5cdb2220988ef58af3cbe0ac90bb3b2ac8a2c558fe744231bf227bf35343e12ecb312242ce50a85fe461e73b61d +B = -1c + +Sum = babcba83c01843f6448fc3f91c006a673e514c9626c6399d43c016c31a8fd1a9fc58d1c63ba5b9565dd7320c4a04fe4331fbb79de1e03d68db331bbe2b4b9036 +A = babcba83c01843f6448fc3f91c006a673e514c9626c6399d43c016c31a8fd1a9fc58d1c63ba5b9565dd7320c4a04fe4331fbb79de1e03d68db331bbe0b4b9053 +B = 1fffffe3 + +Sum = c52e7fb27c4f670109b32cb6d3f705e1685e2cb7474a90d3815e486de77dd2584a0b65d22040059ae5279450682a189eb1b0f847e0d3fe022628a73eeb99c54c +A = c52e7fb27c4f670109b32cb6d3f705e1685e2cb7474a90d3815e486de77dd2584a0b65d22040059ae5279450682a189eb1b0f847e0d3fe022628a73eab99c56a +B = 3fffffe2 + +Sum = b5f074f655dbe68df022b0093534b609b23c17eefcfdc9b1b150c8cfdafe1d320fff7452c147c7d9f9cbe16be25970a23e6499bc90e689497c8bf2d38219e4f4 +A = b5f074f655dbe68df022b0093534b609b23c17eefcfdc9b1b150c8cfdafe1d320fff7452c147c7d9f9cbe16be25970a23e6499bc90e689497c8bf2d38219e513 +B = -1f + +Sum = a1a41b6638409305ab9ffa22bb3cb9434f587d4ce6f6da47c0ad6f8f720f397c37cd61254f35fc9f0cda36476ca6d95f233604b9ae5ea2f1a1207caf15682e81 +A = a1a41b6638409305ab9ffa22bb3cb9434f587d4ce6f6da47c0ad6f8f720f397c37cd61254f35fc9f0cda36476ca6d95f233604b9ae5ea2f1a1207cae15682ea1 +B = ffffffe0 + +Sum = f187feee94925d57f65f9b1200193d8e9359340d670bab27c022d6d63a54635e4573593790e6c6b779becb9e5ea81c9b075baa2d3bc95493b0c5a2da1fccebbd +A = f187feee94925d57f65f9b1200193d8e9359340d670bab27c022d6d63a54635e4573593790e6c6b779becb9e5ea81c9b075baa2d3bc95493b0c5a2d81fccebde +B = 1ffffffdf + +Sum = dc9c51e1313cb655969b4a069f2e8edd850d4fbc5bbc36f05df42a526f4e5b3ed18886263d86231193442b3ac3e7a71e5a6377021e71ad07dd9411953dbeedc5 +A = dc9c51e1313cb655969b4a069f2e8edd850d4fbc5bbc36f05df42a526f4e5b3ed18886263d86231193442b3ac3e7a71e5a6377021e71ad07dd9411913dbeede7 +B = 3ffffffde + +Sum = f2b5e665a6a2e7009bff8b2750b5fb11576bfd49dee5dd7f32b02c46430923b0ec95c3fcee0006b0c2591cbf1fb18dde331d8fb119d92f3196a7dfd8178be33e +A = f2b5e665a6a2e7009bff8b2750b5fb11576bfd49dee5dd7f32b02c46430923b0ec95c3fcee0006b0c2591cbf1fb18dde331d8fb119d92f3196a7dfd0178be361 +B = 7ffffffdd + +Sum = fb0f545b752979151bc6004b3db33bad63230c26d060ba00f5b82e7bee7e2c854b09b2a7c6b4186776c6b3cc45afbc50ef35df7abad11fec62523a12be1cb7a1 +A = fb0f545b752979151bc6004b3db33bad63230c26d060ba00f5b82e7bee7e2c854b09b2a7c6b4186776c6b3cc45afbc50ef35df7abad11fec62523a02be1cb7c5 +B = fffffffdc + +Sum = fc197e83249b069fb34552188cd6d06a7e0b42c6a6a9869ede485328a0fabd0c0ec2f79b81747129ccd70ee5c0f9efea62c36d1a4e1fb2b80393fe636469c25a +A = fc197e83249b069fb34552188cd6d06a7e0b42c6a6a9869ede485328a0fabd0c0ec2f79b81747129ccd70ee5c0f9efea62c36d1a4e1fb2b80393fe636469c27f +B = -25 + +Sum = aaf9a8ecbbfee9c3092d9887ec35118a9614a9fa84fc50b79b11d03a4967066c361f67cbf7a8e5beb620c7da55f4bc7dc50ad44b22c9128994781c7816a439af +A = aaf9a8ecbbfee9c3092d9887ec35118a9614a9fa84fc50b79b11d03a4967066c361f67cbf7a8e5beb620c7da55f4bc7dc50ad44b22c9128994781c7816a439d5 +B = -26 + +Sum = e74e32fc45d099ed147bcf7d798bd3aef9b046291038d98431698e90d22cf944a92bdcd8a5cf378e9a3aa0001150cf6e4dc37fa4e54a25e13c75099c64b9350f +A = e74e32fc45d099ed147bcf7d798bd3aef9b046291038d98431698e90d22cf944a92bdcd8a5cf378e9a3aa0001150cf6e4dc37fa4e54a25e13c75099c64b93536 +B = -27 + +Sum = a3486d022ef4d0a0c72170f05300cee78df844db19c63754c2d631d3d9ae20a0205cfe0fe947f8f4d2f9fa34e2081f448a938a446e8764ac2141157cab01dfa0 +A = a3486d022ef4d0a0c72170f05300cee78df844db19c63754c2d631d3d9ae20a0205cfe0fe947f8f4d2f9fa34e2081f448a938a446e8764ac2141147cab01dfc8 +B = ffffffffd8 + +Sum = 8952cb3f70b1344facdd7fe79747773f9c101bc2a083fa8fdef0679c24ba93218d14d4d7e848d293ce431119d1542833e9a0624b812f0b31b2b9f7ed9455e8b9 +A = 8952cb3f70b1344facdd7fe79747773f9c101bc2a083fa8fdef0679c24ba93218d14d4d7e848d293ce431119d1542833e9a0624b812f0b31b2b9f5ed9455e8e2 +B = 1ffffffffd7 + +Sum = de9cb4d4cdd1d58572fa1052edf72bb9241555bdb967bd8cefb26cb12c6622d6147385dc3f72e110b17afbdebc5feb959cb6c320a2ba01f36585b53fb1c5f07f +A = de9cb4d4cdd1d58572fa1052edf72bb9241555bdb967bd8cefb26cb12c6622d6147385dc3f72e110b17afbdebc5feb959cb6c320a2ba01f36585b13fb1c5f0a9 +B = 3ffffffffd6 + +Sum = d37f2e1638c0b3bd624104d244d9770ae05bf37f7a6ec32db552af413c0006fdcfc312cf281190eb6738370f3a8c4655beddb6b39b342f0a67cc9af92a2c7fdc +A = d37f2e1638c0b3bd624104d244d9770ae05bf37f7a6ec32db552af413c0006fdcfc312cf281190eb6738370f3a8c4655beddb6b39b342f0a67cc92f92a2c8007 +B = 7ffffffffd5 + +Sum = 831aca9ef43bea89f048250aab79b06207458647ce347c68f91013695299c80d610c6e49e2dcd46eb02dd56573d31720efc277469e573f6ecfb71b12886653ac +A = 831aca9ef43bea89f048250aab79b06207458647ce347c68f91013695299c80d610c6e49e2dcd46eb02dd56573d31720efc277469e573f6ecfb70b12886653d8 +B = fffffffffd4 + +Sum = da95fd2d2438a79843bdf92c1cadd0e9165d002d22dcacbe4118cc3cf7d5de2fd2106aaefc790aa1559b28b641f83e4e5aa0f8446b57fde5c3663c13efbc04fb +A = da95fd2d2438a79843bdf92c1cadd0e9165d002d22dcacbe4118cc3cf7d5de2fd2106aaefc790aa1559b28b641f83e4e5aa0f8446b57fde5c3661c13efbc0528 +B = 1fffffffffd3 + +Sum = bf9e3169dd4b6d336848e744231d1ca85678aa3d1d62d42eac0b16500ef527e028757da54a456b3d684199f3bb3c866a002ee3885c86d2a79180487f4e8a45f1 +A = bf9e3169dd4b6d336848e744231d1ca85678aa3d1d62d42eac0b16500ef527e028757da54a456b3d684199f3bb3c866a002ee3885c86d2a79180087f4e8a461f +B = 3fffffffffd2 + +Sum = b5880868d947554eeb536246c312c9765ca8c96888817f3ffdc16cdbafb41fe8f7c151cb316da27562d3b82b2d45abf7c9304f488538386e84c6a23e3dc375fa +A = b5880868d947554eeb536246c312c9765ca8c96888817f3ffdc16cdbafb41fe8f7c151cb316da27562d3b82b2d45abf7c9304f488538386e84c6223e3dc37629 +B = 7fffffffffd1 + +Sum = 84b1e4079d09df569a1623b990d917871b1197723b30b19fcf3c063b0e84c9cef1c3ffed16f33aa9bede08b4831bb3ecdadae1622c93e1f86b474a4989496fa4 +A = 84b1e4079d09df569a1623b990d917871b1197723b30b19fcf3c063b0e84c9cef1c3ffed16f33aa9bede08b4831bb3ecdadae1622c93e1f86b464a4989496fd4 +B = ffffffffffd0 + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30c6365e1eeb044 +B = 1ffffffffffcf + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = 80695b879bb74400c107619981f3bcb3c9987c76d545f6485ed128082377799534508a83112fbde2ee5558c246332c656455 +B = f6446ca2883d7e27209eeaa01fdec632d4027113b81bb47dacc8f10eadc3b3ffc26d84135d91e70deb8aec84c7820332e8cf786e2af9b4217a4c1d32b5894bbe + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -1b510bc480138145e2a142fce8330ee5f4030dccaf6017a1dd85bc5bbe9b2fee4f9d8fb484661a839dc9613652bcca11a00eb +B = f6446ca2883d7e27209eeaa01fe0fbacebd20e03107a9f993e30f63358d6bdc91baf4f5acdf81e3ad94ef9af3ffc315c6e9acfff91167f0ce6738f328308b0fe + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = 219f59352ebda4cfb785a18834ec1c99145a6647265baf5d8f3b405f29a746785a5e70777d528ff1526688c01b9eee288e6cd +B = -f6446ca2883d7e27209eeaa01fe16091c2dcf8a54917eddf26e5c1c43408c33ea356bf1449b339931985aa70a89cdd6a7aca5ec6e7f1c8df5f101d54c47796e0 + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -7e5a2ec59519143f7bda2829cfee4ae75cc8038f31303ff9bbb1e2cbfe93c46a1367c9d6a2a3d9cb40f1a6930c18c78f85724 +B = -f6446ca2883d7e27209eeaa01fd760f94330bb39b824b7e28bc5741dbc01b11805f14655543e8ac0e6d326bffa760106d5e85f604c28935c69dda1d968f658ef + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = 9f580ff614b449cf9c46c91256c20983f5c70200739de72b917344db81c1aa1bf3927c38c22d026d6ce38ac746ada2948e538 +B = f6446ca2883d7e27209eeaa01fd5511b3028c1865f22b1187d3d06e1d23821281edd1f7ae1212eaac5daf3e19f57fe5bafc666cdc205d43e2699f88bb8a5cadb + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -15773d29ba363a15a0cb31ac4a60c0c228967e857d7d11c1ebb0a8db855c0d0797c0e409899a50e1b1c989a7dcea6f26238d27 +B = f6446ca2883d7e27209eeaa01ff4bdd95944430511bd40b6baacd3c32ca01416c461d66b15c5f687ef186c0948aef8677cdc23eeca8e6c007aeb4dd508123d3a + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = 2f90f72f59dd7738f5572e31d41b91599ed500d59537bf5c21a1bedad709303cba0d5bf1b5e4eaac1a85c261ce94c45b64646e +B = -f6446ca2883d7e27209eeaa0200ed7935ee3ea423511ccb340368e93c416529914799118affbe79dee6a192c7dd144df65086e8894f7283934dcf82a3d531481 + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -73978eee2b2a4ac8ef12b3042dd5e1ae8724a0a676d0a52035e801d741a61b92c638a3b0cece6a81bfd2703e3c502ad1fa784c +B = -f6446ca2883d7e27209eeaa01f6baf0d415ee280332d62d20a349d20bbf058f7986d88b433a45ddd3c5169e0ae50fedfc283bb33671cd00694d2133b0ff437c7 + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = a462699ec5214f0d7860974a669d1728b4983a1c3c440213d12b2da58bba9dd1caf1d5ed391a3ebd80aa6e9ef0396e62260a1f +B = f6446ca2883d7e27209eeaa01f3ae43290c4eb7beea414edc3fbd5eb41c2e55e22a8155740091ab16e07555e6f4c45ad86196f5f2b5bf808341e29f77fc8a5f4 + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -130f7a12825a6c5b6b109b91e2506505a261c9f7c1a62fdfbe252275d3f6844dda2aca2d0ff6d8406ac5c679c80ab6d29817b4d +B = f6446ca2883d7e27209eeaa021103e3d57afb390b2cd7f3e2c877952c49d9a37bafebc574fbc980670d278411eb9e4264451f721ef88fede6f8f0ed30b702b60 + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = 2863fa82289aff06fb16bd1b866da9ac0ae0f411a8d8c2c084cf78b81d6713a9a4700248ef61d5e52ca7470f1f251380368df10 +B = -f6446ca2883d7e27209eeaa0226586445213bcbb6bcde156c6c94d9d2b258cd95971e5855c273d6a95698136db5e37a80248a6fc3ba716e7c500b49de5578f23 + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -6176f648b54dc4e2d11ba7e32d2d9d3f400fbafa489fbe7f126daf1f929ef8f219c78ff1063dd27650d4751c63b6e7ad7d9a588 +B = -f6446ca2883d7e27209eeaa019c7d737a435307ccf0abb06db8f992e767681e89a5a5d7162b36aed1a69206d1f7abe8462eeac7683cf5b250cd2f4eb0a150a8b + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = ccff1ed8726e309c4e0f2e166c497cd718a8eac347674ca57b6f317ea491b743a89d25f87c37f379f6239b13d848eee1ffa9328 +B = f6446ca2883d7e27209eeaa0130f54aea86329c1373b82a3a79ddb34f8eceeec0a6de48efc2352c72949f488068d6523eb8f0a66497a68c59589d477c1f41ceb + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -13d1c041415fbc18179c970fe989ad9e1f10e4ff658c1bc550e93f6ab9f9cc9832fd49cf6f2e75af72a71dbd7b121111ee0d4098 +B = f6446ca2883d7e27209eeaa033b106dd70e9c8e313b90c94f7ec20a089886297a470751ea4c38549cd8cdc9474148152e280ff4d5b83c0344e207477cffbf0ab + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = 27ede3a23479dcc5447bc3b64df32c121761de88086204484cea0782b8d63d72b57192f2b20dd3dff395e937c91e21cdbd13b68b +B = -f6446ca2883d7e27209eeaa047cd2a3e6403e9904098393b5c559f1481d95c2047465da1a0c44d61cc694d6ef688ca7625605d7ddc728bae9c2c85339f02669e + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -4ad10e7f5637cc48b04d4b250e4ca00a0d102c91caaaf6291f1248b7a1cec979f87b7251c50db8e5e49206bebb30b7f3f25c8577 +B = -f6446ca2883d7e27209eea9fd50e381cd95240824bcf2a600015d2f85d6751067439633034c7fd2771c44682489bc531ae44d0b8044a9bb817ddab71ef922a9c + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = c6b77c2c932d9d5ec6175def706d6e9c411216fe12ac52043c617761d3a37804487f158de60a9c18e7a19646c455804a65bd80f2 +B = f6446ca2883d7e27209eea9f5927ca6f9c5c6f6c360517959df504662965669a2c3807551778ce7d3fef97f7f89821f58d47ed85013b0c300eb8e31b7c312f21 + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -187976849837d4ad4cfc9764fd0e3f865fa9d1d9f20d98ccd52a6b3652277100bcfff85fb8414c2967dacd26f269502d3c2caff12 +B = f6446ca2883d7e27209eeaa1a776aee5b307579fcbe5ebd4df466b6865149b375fbde626a680f944360a20081116bd7ef7674c34668974e5f9a36639a4b9af25 + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = 33913efb99088ab80c706ee229e7a6ea6b274097f6ed3734452dabe0865eb86fcf20c9c6ae0e613b72dbfb8b126383e7d10e8bbb4 +B = -f6446ca2883d7e27209eeaa358f33655c012b84bc32363a7acdce1a91ceb8717adb7cc9da6b503e7797e96f93323d3ee54389d55169c5b27f946a1e2f2d76bc7 + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -5d84033a924ff84666d3ee1a1342ac118224264c439bc658213b9762586e8dbdef141024d757175f30bec23a960ab145832dee9af +B = -f6446ca2883d7e27209eea9a479f12f30a8a88648edd93e3da37b1ea483518d40527f3d74020cfb98caa341d4fd63535fde113aadcf07ecd72634f0daf0fc664 + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = a2aeba6a0d6142f527358ffd4c9139c390c9dfab07947c902085d1f3c367035db0f22f249295b974b1d9ebe7add3dfac7ec237f72 +B = f6446ca2883d7e27209eea95f4f39ffb5975dd7888c375b0454ed6c95dd982e7c59c90574b7d26a2dd22da2131f4453a49f6f252cb3de3fbf5d0689df5cb30a1 + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -1e545f433c1bda45a7900793d2cd18ba630fcb11d4a2c88bc7a0fb392d270088a1ad126743b80342bcfcfa9e939c9ccdccb7f4f198 +B = f6446ca2883d7e27209eeabe743e89d84b6452728c240957db7b2d657a428f6ce1ace520f4d57f0c3a93989dee299ec72b55cc5ae5d7410a6fab313299e3a1ab + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = 244bf1eb701c53bc7847a644269277f53b58dc23b55a2f996faaceff22666eece40fe14644aaa2ab0197a5a915fefa394a5c357db4 +B = -f6446ca2883d7e27209eeac46bd1320c4bddc94343c2b9aba0da683dc353a14d9913f2c8fea945017a01fce050f87dc81df5349f80824b8cd2089cb03e242dc7 + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -7e3419b44f3596c6486e095c3fc9a84b5599868abd292354278a2520f54929d5bc325dc3d095e84431960265dcae84f0815ef5beb9 +B = -f6446ca2883d7e27209eea21ebc5924cf9f346828e13194544ba27acd0f0f2db15c10531c9b524e9ca693a400eb973b2dd6a456c52da3c9a248972e482f8f15a + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = 81fae0f8555d46ede9e74a93b8a7c6273c9bee0eef0f51b4575aad5cbdc0e10a3d03d53cf2a42e6a3625074c812cd0ae41d94d34ee +B = f6446ca2883d7e27209eea1e24fe4e46d2431ee114d1e1cc669c4bc5ce896ea92f92a501f92ce92152b205bf3d41fa90cf241f67c3d555f5a63db52408a17b25 + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -1558c919b3dcd4cc2eacfee2ae98a3b4286bdb6aa67db97ce35df3ac72f6c6418df10444ce791109a9a71250896f20d4dbf19d559f0 +B = f6446ca2883d7e27209eebf5ac70e1d9fcd6cfb5cc0aa06e989db589282e28001a7c278f33150d0e7ff728db515b846b046324385a01ab0dc51bb124fbc40a03 + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = 3a9c8b150408b2449466b8328ccb0a5334f2340479203cb790780e71b6609f7999c691ba19f947d8cac4329a4e45377fd6bf226fed2 +B = -f6446ca2883d7e27209eee49e89096dcbaae5611679f9e51bf07a6518db7c52a42afd260d4c161451d8aa998aa32d92307d0164a2c06475b268660d1d415aee5 + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -450c41a9cca23287b6448a0b248d24075ed20bec41c600279fd86869b1a51e1842cb7f4d59144436edc1c052f44428965b3b2d98757 +B = -f6446ca2883d7e27209ee64f5bc4a9d20c619166b37bc33c3c21fd1549b8b97bdee1df5bcd53aac4c1b18bcf892261f22f0f1ac1ccd773329084fdb22f1528bc + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = 9d48745690ee5aa8fc448371f9236153c584466583aa30d999461a3defac314356230a763c204c2595794db93fcd3917f25b83d1b85 +B = f6446ca2883d7e27209ee0cb9899dd8d49df7d06b3e555f2d84d36aa2611255d9bd6bfc4f23666e4507eda9a106fd3c16e90304654010e79ff7ce44029b1948e + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -1a3f8af71d423da8c007022421f09a53034c6e9d7d23572b8b4b273b091a6f024ea4216ebbca25daa4e9e83fb46a1d9e65fea344bcd4 +B = f6446ca2883d7e27209f04dfaad663de6d32ccd1fe409775a8b5764ed914fabb960fe4a47b154ef982955ea06285f34d992d2e87d11c56e0f0acc96485336ce7 + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = 3cd13ae384718065169d7e6b600ea1d1a514832649029f92f1d2b5bebbf83454fcde0133f3bb4716cf452a3f930d28f30e7f22f21982 +B = -f6446ca2883d7e27209f27715ac2cb0dafef23687a87d593b0341816ed9dc69ade774b2c099901d747e80cda424b2b3eba6958e3131c3583fc0171e504e0c995 + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -5849ade77039ed0b15524c08929a4553a6c0825178f6522915592ffa9638a8143fe8426df9757e8c06aabc97a2ef87b4a58869d1df4d +B = -f6446ca2883d7e27209e925671f7d662427ef778b013e2eac90ecc41e82604a1ecbb440023dfafa66b7ed013fea93e0df4c682f32c44ff874b59bddd781cd0c6 + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = 9c4b4b4800fe2f11e1897ee8c8e147b143a252847548145e77d9a9d3e4e3a79283f833e760bdc69d5f75fc1d0356615b0c10b1e34f9f +B = f6446ca2883d7e27209e4e54d497459e00782b417d33aca3c6b12f6017f308502a85e17faa0660fb6c008c040d2fd6c5acb52a27ecbf9f2071b35755300b6074 + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -1bbe5a805b857ccd9dae7cba6f3dab95d22f7d2e1621a2ab382898bfb2b4efccb263929f752397da4ad030e6d5c8773dde8fe04c42f97 +B = f6446ca2883d7e2720a0a685c7e4fef3fc63e7b2c7c3695fc7bf95fa3d58dfb26997dbe2dfd5712e105e36356b0e89bcf0f736a0f749fefe46ec4c63e6b2dfaa + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = 255c9a10ee08acfe197fecdc7b6cbae27f8dd38887f135cc5adb1b9276c94ccce420887a7476b2d17c2708c84b7e9a8b4160f676f8d1e +B = -f6446ca2883d7e2720a14069c0ee2726ff6ba4c9c9e42c50bc8a6bdfa2fffcab9baa070b0d01b273e0615204c8be7eeea06a4c0e75615a607bc27975495e3d31 + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -4bb5296b4ce3e960ecadc3f15de0a3a0dacf12d34f690cafaa8f2e31b0e9e69d42a3b16bce84361c81b7584be32210daaddefd7184659 +B = -f6446ca2883d7e27209a2f4d892a785d997b41eebd06977ad454c6113d42870773e9b06670bf3740a9bee5c12a5a4f40118a6e28641e7055c56385760ad669ba + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = efb45966d1f6d79c9b4c72c3a584e26e7b7136295fb79a911433a10ef649b47b14b8d76cc42e54852176ef7da7d08b86186cbe6e98b23 +B = f6446ca2883d7e27208fef5a8972272eb5c05803cfe21d36e77abbef07e1821e95d3161f42eae143cbe1c46eca4af49e2b00722ef102256e1aacdc99fb0524f0 + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -1e30bf701cd589fa3d2adff0217e8f748d1a254b771d77d342fffe3e3138aa3d4a75ca8c1e6636919636d4d96d8b04d583af4dc208b51b +B = f6446ca2883d7e2720bd1b5f8ffc1c2629c737aaec3df41482ef8d27b5ee9b1012275957920b7e8950dd85c6cd359dba04e8c072c24a2d7ba89212b3a3f7652e + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = 320eee30dae44f272fc9606477927bac85b677c3333fa55f4c5b5c7e71bc02266a906d8838a096551a8b5b94980cd819ac721a6ca70a71 +B = -f6446ca2883d7e2720d0f98e50ba2aeb56b9d62b60940800bae8297a2daabd3d9e30b4b5d24c01e139fda069c94fd819c86d14f97d74af4eecbad5804e95ba84 + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -5819f4921a515433459006c62df3be1c4e642a52340381b5954df3f9dd0ed5f73f8dc9a17e536b88090ae8d5fbc411f16eeca2449ffb96 +B = -f6446ca2883d7e272046d0ab8dc4f547fc447cc435ee81c6f2140ed818437a16894f0b6559fd37091c5382329f98e417eb497eb512e0de64e19f76c39d4eb47d + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = f238bbcd9701966bc4482fb8df8ca395ad15e2b83c014e59898e33a36623580e9c91faa3873eb26a0e97c4d29ff209e22c4faa0a1295a0 +B = f6446ca2883d7e271facb1e452484505c3c5c49b433ce8e178b55d1fb23b7c49e55acb25b074228704f67e019d8ff8d10943f1d9163cb06cf0e213bbd7dc1a73 + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -1e00b3b3bab1081231e0f1a2029b146f8391869dad416f6c8443c124ea7c908ee402f6b6fe06d883c2d232713512ed5d8636a07898523f3 +B = f6446ca2883d7e27227ef5db5b8a571d52a81be51c4626cc069b8b6c454b948f0728956ba2820ee801d33f67b0f7a50baf7facc4fc2dd14cab71cd6d6b73d406 + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = 2030dfab0a9e0af1764f416171c8eee2d0b87bd5b80e6cddee4ee2a7509a301956050b6e3bb067f827d13c33abf31693d4101951d4a0b96 +B = -f6446ca2883d7e2722a1f89ad089274b46ef00e1133904733b6dfabfc5f864661dc94783c8e3e8e0a8f360b324d23e02f5cf9d61239bd3e0104f64faff38bba9 + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -7427bfdba61a57b644fdd11b2a3ea1d3507cdf4ea1389436bade3fbaf751724000774127923658c7b090f182d1d7e320aeaeb1e3dc0b30a +B = -f6446ca2883d7e27195c6ea2657da120cb3a2fb949788b67d95aa50d8063f454d336755da4652ebb138b9be9c7f3d1f6f8497a85bbbf2444c8237847a42dfd09 + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = d23891ab621e6ee43b3b250d66ab139cc97db21429da33e01910635969af402b6792f6d741292a0e1bb6bc30b2a7b32fcce9f5e8c2e48bd +B = f6446ca2883d7e27137b618569bd5fadebd65a7a25b1c44b41ca97e127d9da5a3d535323bd3f51dc5d19e08ecd04a4e291971ddaddb22743d63fc40755c06756 + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -1d6d78b7e83cedb64f0afa17c56360a58eb5ccc4e647bd3c594feb6695531f9434adb169ce314d4c93b4efc260fc92b268ca22143fb7e994 +B = f6446ca2883d7e273e0c6358081c34527e9506e2c17fd62a9d183fc750bf3ad4983444bfe92d65734840c1660f4884d00707796049d935293bd8857a21a699a7 + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = 255261901144afcf37c28015f4ec493bfc06cbabf851997d06cdc2fa742a97e234085ce67dcd867451a19d3427acc5ac2fb5b919f1514e06 +B = -f6446ca2883d7e2745f14c303123f66b674c8ce0f108bec10a693eae62c9171545b21c53c804ddc1479b6ce2bee4bdf7c4f426d21089682302c41c7fd33ffe19 + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -4c222346b39b4b87631fb26dd9b3a8942374f10ec577d0aced5cada7bb0fb34d9c85bd06b6d52a4229ec662ca5605aff7896f7d74483fe99 +B = -f6446ca2883d7e26d47cc7596c43fb14cc6a5a5d2268ccf0eaed81f3a4ffaceb5187abb198ca9291770d52f58a420d4149662371437c47775a776b8e9d6ab17a + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = b832106ab8bf5c27886927f67c5bb95d81280a5b4a3a044c39c816dfa5c5a4c6e8058d34c3e44bab649194932e42c197b40d16213f6565e4 +B = f6446ca2883d7e26686cda35671fea74a720e4d47fc0bc278d3a68a7203d794c051c4279ae14a1182b8d82c77d32ebd80ec0f50aba99e0df1f014d44a2894a2f + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -1e4bd432a98b6d68d35627f4a46b56f04b378a535b50c7287ec949008e8ace3ed04a128043cbac7a49c6c1cb98dc27b684c4f971d69b51268 +B = f6446ca2883d7e29055c2dcab8961d2964ec8c1542d1e489c1db18381f83f0202b78e9623c8729cc183438007dd1ff280fbea657769f1ddf1f5dfa834ba3c27b + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = 2af2a9aa0364d970115f35b6ab676f4baf1f4ed52d07cd808dcc7fc7bcdf2268f917a7e4476e429200a37b246e786e85a2b62d6b52de13135 +B = -f6446ca2883d7e29cfc98540562cdd9d457d6835b2936a40005760553af455a11bac55d521cc6c6ea50d8e40b7fb60a37d8a3be4d0638ad0fe713a1b0fcfe148 + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -5dcc7b06c24160a67934f3adf5f5a468f10b0bfe1b82e133c797674c941c9480bb1e71ceddd1151f88244bebc63c2da41557670132848e482 +B = -f6446ca2883d7e2143d73a33fbc93c349c3ad1eb9cc22ef5fdb1b320b2496a5bc56de4901210fdd361abf30e6405e58af10dcae18519c8357d97f352b9a5cb91 + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = fe6a6b7e6ee19b5e4e2a4cef85f637a5b0a76007bf1080fcdc86c952a49adce824573dbb3c0d3f94d519698968594e0b840b6c91ec9153aa8 +B = f6446ca2883d7e1739f832b931c590b74ce53dd29cb8fb2a03ec7286796f6dca7677c42f0a2c775cce1f344880433e3621bbf1076347c1be92579a4718d9756b + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -1f219dbf1e789d4d74f10ff27fb947bf6cc94bf1e742ba203caf33810589005f8326704b8414819d90698fe08d9b3c16bd261beb922a9af9a5 +B = f6446ca2883d7e46423ca9be987c94112099ff4ab56434f1d7ae64e9ad319dd4ee17da5edcdaa5623a035b805598d513dce26a2b8418b933f92a4ef80c89a9b8 + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = 25bbd6ed7646662f6dd8481ac4c4a531174bcd05123889d4cf904d12d8d2bcad5425074d9c7fa1ba70ac5c8a3723fe6b20e064fb4a9999e716 +B = -f6446ca2883d7e4cdc75d8166645760a07d2278fc0c1a69c5a2f7814a3015267cf316c322696f333389a5d98c0b8f1f41faf13d50cdb0d97b3735eb07b889729 + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -74af822547dd8aa99da2b3b60b1aa5d45c33cbbdca0d2876531b31a25cec244482832671c861b749effc1cf5e150aeb9d8e88583953aacd577 +B = -f6446ca2883d7db2711cc55842549cfe8cd656bfe176a128da96b5385d4f074523b2b6fc67b6015c906c9e33df5fed93773593bc982de89dea88dfd0a741da9c + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = d35d55e21fdf90fb0abaea71ae6d7f44401f615e7dc6761713ec45650b94c02f85e7bca8c2f43ada8975617eb7ae6fa41f4eadedaeb544654f +B = f6446ca2883d7d53c3490880404e4b91749f9b1c8e9d3144ef011484a4016684529ef44dbf1a16592bd667394cdc5cf9fdf10ae63a6cfe57846075b72caa4ac4 + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -14872666f07cb43b47b4b82ef6df5b7696c2ff49a88ec9308e27d27736df05f79d452957297271756ca1afbc47ad011f1b77f32bbff831bb941 +B = f6446ca2883d7f6f930559a7eb22fb177b0cfc38f1d3def13e570d8b570a867abc0bccc74439bfb366288293682e8e4d8e4e4e18b8ee942e52411f65650a6954 + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = 2d2316a87167a23eff9da00b857c9423e44feb69620852e9e8d87ac70d96367a8947729b57804ab1d54022442f5504d23ea42a6cb0eddad04c3 +B = -f6446ca2883d80f9520971b69a033696098ac522c55eb3ca0d190922efa61c25c690ca32b741ee738abcc57445c254d77576cc933929c66115b52e74bf9bb4d6 + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -4a296521345e531b059bd7bedbdee650280008947bb0de4012c11281d92be141b2d29b92812a4843eafc296fa69c55a697b4e9620a79fa8fd6d +B = -f6446ca2883d79848a4cd75a3aad9642720e1f0d0db773050dd92b475c937c6c2dbc3bc695c62ab1e9d9e7e99c92f8d3b0bb8f34238238fb847842be4245b2a6 + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = a29d4661e53bde02d72f6e0e3d19ccbd85d8c0a0392d7153ed330ff11e6f75c9880dd1f77a89be8c4e48b10bc7b43b46fbffb592a9a2f23b932 +B = f6446ca2883d73fd4c38cc4c61ff192938a928f95f509d2782586f6f93623ec50de547725c7dad5e36739853a52e729ee841cd22a52832b6d7b538cbb2caf6e1 + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -1c7a1c6185b0a2d7c02f3a7884e5a11513785520f1a27e8c29cc30707300edbaaef99509e9c4f578d086b2a8c593d0a04d32682c7c71f6a3d025 +B = f6446ca2883d9aa13d007050c2b706cb6a0291b09d3188fd638364a4e903a7646f54cc5a4194f4d8a89cf9c13690080a25fb4f31b97cefa93b3adfd7d8928038 + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = 21eaee9881dff114d10dad6acbb6e712c6d1acc6b878ec60253c44ad7e9272bb5ab0e2ceb2023fa9f427a23ebb464b2c8c411bd86032c6873ef9 +B = -f6446ca2883da0120f376c8010f417a9dcf4d881e32f3c56bb292b7b56d7a2d48391d7ebc695a08ff661c1fe80c12bab159144e434092eb7eee6c398a875ef0c + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -46f16fa8b7a3b6ecf476f8cdf5f77ea3a7c9be958ced5db6c6a9e11e6bcf3a156b3fb60bd5ff862c80d7c3e3f23c15df57a8fd7822d4c7d9738a +B = -f6446ca2883d3735b0f632fc68f2522536bc16d37d78cdbb4fcce6150cc0b6ee5dc5ed8a19c4da9f5d8739fcbaeab6abaf6e9761d2fd4acdd59640911a153c89 + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = bdd97dea2fd68c602862b0fdcbbe47d5e2e23ec1a10925cf34e9773d09d90caf70b5beed3ae1509392289be0ee66b649d45b3dc880ce4f48bb4c +B = f6446ca2883cc04da2b4bac9937f1e397e8c410cb44692a2cfa0d1f944a848aec7a74f80472ad52954a5d51af083a55ad7719b373292ce1b9545e29792a5f4c7 + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -145dd43715b37e7df4b56e5afa79caff8668de6fe4c2f725866d0f84522682f38694a26bea588a576900862dee9c9498df909fe788d72db324f6f +B = f6446ca2883ec404641045d807be91f31539b467ac14dc12f560bf31dccfe46937297bc18312af293a51b584e68dc78bd6317367326a9b80d186f0d8bd20ff82 + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = 35094bde0256df169828d23a250e3a10f35f1fe30f168d463ccd8389197b8aaeb326ca86fd09b3d8a29769ac3c6ed856c34f10cb0d993e38252d5 +B = -f6446ca28840cebbde7f100e1148c929532c5dae9d2bab770c93646b3edb4a707775f111fec5784bbc02e0977ea160fa0e16508b6e48d767dfbf3cf9c57102e8 + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -578294d2b3d43ffd19b79a65778710da245eb96fda50d50a3aa6ae3295dc50d8f7da1f5c8b98f4a9905ee840dcd139a62697eb45678259d7639ff +B = -f6446ca2883805fdd373ad5c200dab2289329459ee7a2f997764cdf519d3d32d5bbafb94464ac83d1dca566cf67e3194ef44bc8a4e7a38f81eb7eb4044787614 + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = ab192cde88b1cb3e6b094409c1e81ff84715d64ddb7413f6fc5dc1182abfcaca481c8035d16e0d698476d7094f2bf7cb3de1b1210ba68701168a3 +B = f6446ca28832cc9452b65f836bf89607eeedee48fc980427a984bbc12b07b7bc2d61ad5ca735c4171035f91b6a7ef01602bd96de6c28c45bc0fda8fd71dd4770 + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -19a7abdefad11d1c9b6c4e0c4c1ff1194c490f63086ede1e4c43d964555a2f5e561a9bf5dc3a670b7ddfe8894271197747860c78949e6c9e357460 +B = f6446ca2885725d2ff99bbbd3c7ab2ea3bd62cbc1568be94716ae1e088c3c171a339b388b230607b096f4a634c95176bfc94fab7602428834ba301d280242473 + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = 275ce169251250a596ac64ac6e23ae05f8785db63b9cb83a9dec067472d059ea3aef07cf9fc20b846b3292899a8d3fe1aed5b92f21a89c1d924bbd +B = -f6446ca28864db0889c3fcf0c575f300dbf830790214ede2c49e0fbaa515699eb35729b33e1534e6e332d207c5826a15fced16ddca8b783002300c01ff80fbd0 + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -61039a571c78308b819da54c1849d8d6169a82e25f61f26e30ab16b545080417f2008ef89116e002660f95863c47ac02bc161bbb7aa8817457eade +B = -f6446ca287dc7a8cc982726f945da8f6e371c2f22605db022c03110ffc46d281899f51553be845501b01f91c3eb127eded1641f1e6208c5b1793bae46d96c535 + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = fca0b32bf9e248320b8c10128ff4368a766dd34fbfbf77e66cb2298fa3833bbf24451f508a50afd0131ad49c9ac8e851d4fb53f2fe33675f5e6b34 +B = f6446ca28740dd73f4a50857edd3ba8c1cfa189471a607b1bea2b38a840acb6eaf40d61d94b600bfc308bf4c71041caed6b7c0b59707a722e0102ffe829044df + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -1c6f81990e54d6894188d5b872009c3eb5b2f10137bf7a27999d918790b587594afab3950330296979c354851164f95938d1df77995f6c0a9a3edef +B = f6446ca28a047640b1843808b3f7d3f7b6aa168ee777a49521de6aa4e41156b0b7efb1cee889f11863c61292d8b36ccbc468d9337c69c06e4ca45a268b929e02 + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = 310b6086b85bf12c7e391184e070f623c9cfe07a8e495010fc13d584d748098f070ac4b7c31cbd28acd32ab6270e2a98f48d8d31525ada808858785 +B = -f6446ca28b4e342f8c24a9b2e7c2d7b47d911c2d38b9738cb74708037a38baf08c58d9f2444af22a8fc4dbcecbe46a2ed5c36c4778257b49e834110dea743798 + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -4a51109cf8c033e683b1bff229f081d71cd5cafde15dc2d5f8ad0457e79b9b2e015659ee564de59f27204c685ef58977e13e19fe36a2d017fe6860b +B = -f6446ca283986d1d5112e761b7a42a9d0ceb04ad8a4f18d5304c96d50aecad52c06a9fa673c4e0402e2e31a24ea532bced6331066ac8c0d6efa4366462082a08 + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = f3e425af6aa16899624f20b49c4e9115034aa4d06ce9db9aa742a6e60d59d6ce0a067f5645b8e7f896c8561315ef1f7151e073d115f8e38df274438 +B = f6446ca278ff3bcc29f4d41689ba5490e5c523b9abe7cb380793d548c0035329de0ebbec7339dde9af37817cb7aab22241f397a6d3be9b39c1aed52d02c76bdb + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -18b2de417fc4bef91b5dd82b0e93315b306bf3a7f7bf0a486a567e9cd1370587b7e47adcb9accba03a8dfda5871b0bb1bdb569a90c079f7a9a4e87d2 +B = f6446ca2a0f05c68a063a9993b3d1ec73e1d3e262c88692d06217d4ad4cdfc35101b5ee10bbec0bbcd3fdb9c7ba53528fa6d954fa6920c1fdf1602e07c3d37e5 + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = 26b556807e84a9bf7cdf2697050cbd7145a42b8ef6fe10666da7a2e69827ad04880bb97ab3108a27da5fcc29a041bd6aebbaf00ab25a841674ff9f1e +B = -f6446ca2aef2d4a79f23945f9cbe6d333496ca3c41c0a11405608368d81f207ed70c065ddbe5ff59c6a39a241b7703ad13944708d49792818568e77c56ee4f31 + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -40b258c2211cc2cb9e2614ab4b23cb9eadb1ddcae903c93646e9f5e5afcaf912a2fdef26c864d83dcdd6f434ca2b0aa7f8ea7a21e790a9e4601de110 +B = -f6446ca2478b2564ff8227d481b931f0e466412c4e6a97ba255ea9cc238d87b28f196046b0dc56b84b2e37be7340434ea9277ef5eff22854eb7db98181d0cf03 + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = 97631efbd149bb0fdecce09d14aedf2efe30407c01c68e000be9c7be954999375e1f7720e8e5f1edfc48b92f9a063f6b2b378996459bffeae3d362e3 +B = f6446ca1f0da5f2b4f552f90411265ff1adb2d9bfdec35090c9be5025e8db5d9a99ac021f5bacebe2aad1e0e44ce7e53d94c4a32bda518e08d72637afe1b4d30 + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -15f4c3634bbbd1ce04fdf96a69b2b8263290e188ca83956b74c6d190e7b877dbd176657a19ea125dfe9c95d2764002ca5d98e28315cb391779d56fcb2 +B = f6446ca3e789b45bdc5c07806fbedd42cab58f2e252a8e11b69bc9b9b6e496a6ba6bd7166b409d80b23435dc2ae094aad752b643c26acaa82fc1f4dd7f45acc5 + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = 39ecc3b285eb99a2ac91329da615e581f791eaebd477d87c7739dd961a2c5c6cf86a34c73856efcf3b812909d830186c910f8f053192cac9fca8ab7a3 +B = -f6446ca62709b94f7f5884cae8f2707690e864ea753b244255dffac9de1556f9e1aa2028da7d925299020ceff929c820f6541066f9d592c9ec3b1005ac7967b6 + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -707e64f8bee7a679d9b72bd04b231cda716f5dc1b7a404f8c0679770c46fc944470ee2a221d1e3d166619ba6a430d0349e7e75c0ee021ed027dab5d74 +B = -f6446c9b80572e9b32248302846c89977d583f23e52699699422237663fe068bf7e7c514e2ec1bbcf674d2e5dafd7d193045865400f54667f2ec76636443529f + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = 9ca2c37f4b1a392c34551f570ff06a74c5f027170815454c5ed3535d5232df54fb1f65f2304e32b4995bb77ccd4ece69db98452f182dbeda98d525a19 +B = f6446c98be1146326efb57dcda8d512b3083657e9d1a04148d0e1e3c7d4247c31bb66409a1e3e6bc0eafe4b2ab5bbfb69e65a3002f584f85503275bc549c55fa + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -1190fea35b9a1ba1c280d57888664aa7db5f9d6d4325b35a6276bf61291d67e6e14e3001f5af1753faff61fa53861ab8ed15d15965e0dcb05718bdecc6 +B = f6446cb4193c2182baba8c62a0b4bf2495d4b4a65bb9e2c83415cd64e136dec15c4c403aa20a47d4c2aa63f7407931d6f96d428afeadfbdcb3eb13bcfaac9cd9 + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = 209797b717f068e5f808dd2b4e12576fa056879da881bfcc1819228e4f9dc6f84347edbdbe273657d533d7c928e51b68a82c59d93dfb038514c104c1bc +B = -f6446cc31fd5353f1107d09828bc71ea41e17c6b52a4132d90223f1a839a0be7dcab519c9bc8039d3ac967d174ef00ac586df24615367bb4ce11e87aa2f371cf + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -7198b6aa26be42e97cad682aaa63d68d51952dae52d4cfe5f9a6acef93f35b6d7b7be87a1f2a944cf7fa9483cd6c3df7599d44c5b56e5ff38cd43d23c0 +B = -f6446c30ef86d400625c012372771bf1cbb37f7966eec73239928d08c3ca8e044b88ebddd7f1cbbfe8fec3044682b3b6071492444b97dcc164ae6fd90db18c53 + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = cb788549eee4fa559118f0bd66b68d94845bdb7d07b2042d53a64921f3e3df76a2b143e9e9ad39dacaf405cec5fed9fd59050c5d27322142e4e11d4ede +B = f6446bd70fb834383ba4950f06ee893578fc7846a040f87d5c5e45aec42e5ba45b04e2b6a2965bf5665935314d1168bd74788c44e3d0454fa0ed208100d16135 + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -1122c39c2c252ec96e9274bdf713bfa8200e35ed9f18dd087fedd2005e5898b6f8ed37e1cd7e1f7b0c5be137a71a27b7e4e4669b1f412e154e6ad2ad567 +B = f6446db4b47740e9738b8189472b260d6b848ecbdf7b4f769c32fb014797837dc86fc8e8275862b6f58ac0c1ff2ab1f515ce07ec2f46546ae5efb84c8f19857a + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = 2d57e15c8039f8367d2e0198d9fc27616e53efdc9cb0adc0b0199362d08f5698af1f07499cd2b72005f1c09900c71b677e57cd62094743a9b3ae541e74d +B = -f6446f780653462ac0225272fff8d43bf20023b03b1a3f50193e7e0403adaaa1344de44b444edfac3f05105b5d20c78fe509018365b2c30b4748fea0c7309760 + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -539b4413477ef77c15fd53e202d8e5d183eb1c91fecf5b89959bb8d60d3f7907e95c5dd045d698a6a17f0150861b43bfeb2e5d40bdc970839b0712ee17f +B = -f6446768d3fc49af312729404aa1266ea12cf48c4a53559818a9d9a8aeea1cc44753dac38dfd4181aa08a5e451022f21bf168aeb0308969a3c0629b570bfce94 + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = fe46dc4f55346ee27d6ced0256b0ec64f82d5150c3b49d4cc7d56a60ae5d10bb649a57f4c97acc146388a6a9d25d3c3c7e42372e46bb4f8a72171ea5979 +B = f6445cbe1a7888d3d9b0c2c9510f213120c3bd4827076949c48da68513d172b26dd8a30fae5af94766d1c9c3b6ac9a5d9f8ec1b9c569be0b1e15bc447004569a + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -1fbd702bd26d37bb1fa554ad261f1e7161ea438f49b41aab950884c5c87eb1e0b9a3a69807b759a1440ef9e5683c1a13b9d610fd87fb131619cb63997891 +B = f6448c5ff8695094585a0a45748c6cbb4dfb6eb53fabbf39290e080aef3d4616f0c512fcfa724d966d34540b3afc9fbf8d664373f9da2a71e6247d31458828a4 + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = 260abc8cb124b3c17698ee342bdbe4b1513a085effb4f79aca252c98c8799ad203dccc9c305cdccd2edc16159d0e2c7a125c50f8abff9e12dbe8d93c655d +B = -f64492ad44ca2f4bd46061390e137278143b5e05047b753a05fd3d2797104611d9b65d362076763bf0603ed8572cd4919fcc9bfa39d54e7671213f4ebb2b1570 + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -6f961198d2039a92d24c53bfcafd73251b575d5e06565db36666545d5994e511c4c3905cc0b93586f05916c08b8f51a0e0fe1b6253fcfa41bfec25196482 +B = -f643fd0c76a4ac23860c1853cc1f7b9ebc64f1739ebe6f2eb0af0c9c161a240359d29495c37d8525de0c1fa32a56abf421b1a89fcd7a4e79d8cca379bcd54b91 + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = ed86313f32aabf2f7487dd9f587431e17b9a46e1a78fe89b0ebe81c737a73c2a8fef92c0963fc36e9808309d00c3bd14612fdf4fb236e06add8fe9329252 +B = f6437f1c56fe4b7c616f7618423fee27fda89130b53acdf525c76443e8b045f102b9c969c119af9f502477f4107a36bfb63e286e098cf03ff2a385d5f8bc1dc1 + +Sum = f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -1741bce7ae27a7b3effa5b08b39f9d03d69efe7b0716cc57dc106aac17925a2d77c18386f7398db17f813c9c6f2dfcc9347e9f55de76b11475fcf77bbedb1 +B = f645e0be56b860a19bddea45d06a8095ffc776bae3cce6f1d3e034091538f6bde1bbd5718c49b977eeab08100ade2a633fe5d187de3a89e1e455c33559aa9dc4 + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = 20bd41a0d6d691e8554ee8b90a775e04f086f318b7afdc7b5d6d7c3b7ab6b955aa286809856e1bd195dace84b18b2d0365edc8e066d2e8db9ae8325d00843 +B = -f6467876a24aeb903f243f8eab6fee120fd9153a2da7f082d61849da2e2f2903d43efbdfd4729cc0d0ac6da9296250364388e87a76e30fa560c811e907beb856 + +Sum = -f6446ca2883d7e27209eeaa01fdf469c2f8a0ccafc1c75850e6273026a777d983ee4595953da45df13930ffc411737837352899de8dca276d30e6365e1eeb013 +A = -685147a1e74dab824bc6cb7fb30a773fbe5e380f46189574038d2d2f3983ced8777a080af6b06e9bb3c2d134a3302fa099b4bc78a4f01a4c157424ee3c773 +B = -f63de78e0e1f094c687a2e3367e415f4bb8e26e77b2813fbb7223a2f9783e55b515ce1b8d32adad829d7d3cf2dcd04807948ee52215253752e4d0c23930ae8a0 + +Sum = 1 +A = 0 +B = 1 + +Sum = 2 +A = 1 +B = 1 + +Sum = 4 +A = 3 +B = 1 + +Sum = 8 +A = 7 +B = 1 + +Sum = 10 +A = f +B = 1 + +Sum = 20 +A = 1f +B = 1 + +Sum = 40 +A = 3f +B = 1 + +Sum = 80 +A = 7f +B = 1 + +Sum = 100 +A = ff +B = 1 + +Sum = 200 +A = 1ff +B = 1 + +Sum = 400 +A = 3ff +B = 1 + +Sum = 800 +A = 7ff +B = 1 + +Sum = 1000 +A = fff +B = 1 + +Sum = 2000 +A = 1fff +B = 1 + +Sum = 4000 +A = 3fff +B = 1 + +Sum = 8000 +A = 7fff +B = 1 + +Sum = 10000 +A = ffff +B = 1 + +Sum = 20000 +A = 1ffff +B = 1 + +Sum = 40000 +A = 3ffff +B = 1 + +Sum = 80000 +A = 7ffff +B = 1 + +Sum = 100000 +A = fffff +B = 1 + +Sum = 200000 +A = 1fffff +B = 1 + +Sum = 400000 +A = 3fffff +B = 1 + +Sum = 800000 +A = 7fffff +B = 1 + +Sum = 1000000 +A = ffffff +B = 1 + +Sum = 2000000 +A = 1ffffff +B = 1 + +Sum = 4000000 +A = 3ffffff +B = 1 + +Sum = 8000000 +A = 7ffffff +B = 1 + +Sum = 10000000 +A = fffffff +B = 1 + +Sum = 20000000 +A = 1fffffff +B = 1 + +Sum = 40000000 +A = 3fffffff +B = 1 + +Sum = 80000000 +A = 7fffffff +B = 1 + +Sum = 100000000 +A = ffffffff +B = 1 + +Sum = 200000000 +A = 1ffffffff +B = 1 + +Sum = 400000000 +A = 3ffffffff +B = 1 + +Sum = 800000000 +A = 7ffffffff +B = 1 + +Sum = 1000000000 +A = fffffffff +B = 1 + +Sum = 2000000000 +A = 1fffffffff +B = 1 + +Sum = 4000000000 +A = 3fffffffff +B = 1 + +Sum = 8000000000 +A = 7fffffffff +B = 1 + +Sum = 10000000000 +A = ffffffffff +B = 1 + +Sum = 20000000000 +A = 1ffffffffff +B = 1 + +Sum = 40000000000 +A = 3ffffffffff +B = 1 + +Sum = 80000000000 +A = 7ffffffffff +B = 1 + +Sum = 100000000000 +A = fffffffffff +B = 1 + +Sum = 200000000000 +A = 1fffffffffff +B = 1 + +Sum = 400000000000 +A = 3fffffffffff +B = 1 + +Sum = 800000000000 +A = 7fffffffffff +B = 1 + +Sum = 1000000000000 +A = ffffffffffff +B = 1 + +Sum = 2000000000000 +A = 1ffffffffffff +B = 1 + +Sum = 4000000000000 +A = 3ffffffffffff +B = 1 + +Sum = 8000000000000 +A = 7ffffffffffff +B = 1 + +Sum = 10000000000000 +A = fffffffffffff +B = 1 + +Sum = 20000000000000 +A = 1fffffffffffff +B = 1 + +Sum = 40000000000000 +A = 3fffffffffffff +B = 1 + +Sum = 80000000000000 +A = 7fffffffffffff +B = 1 + +Sum = 100000000000000 +A = ffffffffffffff +B = 1 + +Sum = 200000000000000 +A = 1ffffffffffffff +B = 1 + +Sum = 400000000000000 +A = 3ffffffffffffff +B = 1 + +Sum = 800000000000000 +A = 7ffffffffffffff +B = 1 + +Sum = 1000000000000000 +A = fffffffffffffff +B = 1 + +Sum = 2000000000000000 +A = 1fffffffffffffff +B = 1 + +Sum = 4000000000000000 +A = 3fffffffffffffff +B = 1 + +Sum = 8000000000000000 +A = 7fffffffffffffff +B = 1 + +Sum = 10000000000000000 +A = ffffffffffffffff +B = 1 + +Sum = 20000000000000000 +A = 1ffffffffffffffff +B = 1 + +Sum = 40000000000000000 +A = 3ffffffffffffffff +B = 1 + +Sum = 80000000000000000 +A = 7ffffffffffffffff +B = 1 + +Sum = 100000000000000000 +A = fffffffffffffffff +B = 1 + +Sum = 200000000000000000 +A = 1fffffffffffffffff +B = 1 + +Sum = 400000000000000000 +A = 3fffffffffffffffff +B = 1 + +Sum = 800000000000000000 +A = 7fffffffffffffffff +B = 1 + +Sum = 1000000000000000000 +A = ffffffffffffffffff +B = 1 + +Sum = 2000000000000000000 +A = 1ffffffffffffffffff +B = 1 + +Sum = 4000000000000000000 +A = 3ffffffffffffffffff +B = 1 + +Sum = 8000000000000000000 +A = 7ffffffffffffffffff +B = 1 + +Sum = 10000000000000000000 +A = fffffffffffffffffff +B = 1 + +Sum = 20000000000000000000 +A = 1fffffffffffffffffff +B = 1 + +Sum = 40000000000000000000 +A = 3fffffffffffffffffff +B = 1 + +Sum = 80000000000000000000 +A = 7fffffffffffffffffff +B = 1 + +Sum = 100000000000000000000 +A = ffffffffffffffffffff +B = 1 + +Sum = 200000000000000000000 +A = 1ffffffffffffffffffff +B = 1 + +Sum = 400000000000000000000 +A = 3ffffffffffffffffffff +B = 1 + +Sum = 800000000000000000000 +A = 7ffffffffffffffffffff +B = 1 + +Sum = 1000000000000000000000 +A = fffffffffffffffffffff +B = 1 + +Sum = 2000000000000000000000 +A = 1fffffffffffffffffffff +B = 1 + +Sum = 4000000000000000000000 +A = 3fffffffffffffffffffff +B = 1 + +Sum = 8000000000000000000000 +A = 7fffffffffffffffffffff +B = 1 + +Sum = 10000000000000000000000 +A = ffffffffffffffffffffff +B = 1 + +Sum = 20000000000000000000000 +A = 1ffffffffffffffffffffff +B = 1 + +Sum = 40000000000000000000000 +A = 3ffffffffffffffffffffff +B = 1 + +Sum = 80000000000000000000000 +A = 7ffffffffffffffffffffff +B = 1 + +Sum = 100000000000000000000000 +A = fffffffffffffffffffffff +B = 1 + +Sum = 200000000000000000000000 +A = 1fffffffffffffffffffffff +B = 1 + +Sum = 400000000000000000000000 +A = 3fffffffffffffffffffffff +B = 1 + +Sum = 800000000000000000000000 +A = 7fffffffffffffffffffffff +B = 1 + +Sum = 1000000000000000000000000 +A = ffffffffffffffffffffffff +B = 1 + +Sum = 2000000000000000000000000 +A = 1ffffffffffffffffffffffff +B = 1 + +Sum = 4000000000000000000000000 +A = 3ffffffffffffffffffffffff +B = 1 + +Sum = 8000000000000000000000000 +A = 7ffffffffffffffffffffffff +B = 1 + +Sum = 10000000000000000000000000 +A = fffffffffffffffffffffffff +B = 1 + +Sum = 20000000000000000000000000 +A = 1fffffffffffffffffffffffff +B = 1 + +Sum = 40000000000000000000000000 +A = 3fffffffffffffffffffffffff +B = 1 + +Sum = 80000000000000000000000000 +A = 7fffffffffffffffffffffffff +B = 1 + +Sum = 100000000000000000000000000 +A = ffffffffffffffffffffffffff +B = 1 + +Sum = 200000000000000000000000000 +A = 1ffffffffffffffffffffffffff +B = 1 + +Sum = 400000000000000000000000000 +A = 3ffffffffffffffffffffffffff +B = 1 + +Sum = 800000000000000000000000000 +A = 7ffffffffffffffffffffffffff +B = 1 + +Sum = 1000000000000000000000000000 +A = fffffffffffffffffffffffffff +B = 1 + +Sum = 2000000000000000000000000000 +A = 1fffffffffffffffffffffffffff +B = 1 + +Sum = 4000000000000000000000000000 +A = 3fffffffffffffffffffffffffff +B = 1 + +Sum = 8000000000000000000000000000 +A = 7fffffffffffffffffffffffffff +B = 1 + +Sum = 10000000000000000000000000000 +A = ffffffffffffffffffffffffffff +B = 1 + +Sum = 20000000000000000000000000000 +A = 1ffffffffffffffffffffffffffff +B = 1 + +Sum = 40000000000000000000000000000 +A = 3ffffffffffffffffffffffffffff +B = 1 + +Sum = 80000000000000000000000000000 +A = 7ffffffffffffffffffffffffffff +B = 1 + +Sum = 100000000000000000000000000000 +A = fffffffffffffffffffffffffffff +B = 1 + +Sum = 200000000000000000000000000000 +A = 1fffffffffffffffffffffffffffff +B = 1 + +Sum = 400000000000000000000000000000 +A = 3fffffffffffffffffffffffffffff +B = 1 + +Sum = 800000000000000000000000000000 +A = 7fffffffffffffffffffffffffffff +B = 1 + +Sum = 1000000000000000000000000000000 +A = ffffffffffffffffffffffffffffff +B = 1 + +Sum = 2000000000000000000000000000000 +A = 1ffffffffffffffffffffffffffffff +B = 1 + +Sum = 4000000000000000000000000000000 +A = 3ffffffffffffffffffffffffffffff +B = 1 + +Sum = 8000000000000000000000000000000 +A = 7ffffffffffffffffffffffffffffff +B = 1 + +Sum = 10000000000000000000000000000000 +A = fffffffffffffffffffffffffffffff +B = 1 + +Sum = 20000000000000000000000000000000 +A = 1fffffffffffffffffffffffffffffff +B = 1 + +Sum = 40000000000000000000000000000000 +A = 3fffffffffffffffffffffffffffffff +B = 1 + +Sum = 80000000000000000000000000000000 +A = 7fffffffffffffffffffffffffffffff +B = 1 + +Sum = 100000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffff +B = 1 + +Sum = 200000000000000000000000000000000 +A = 1ffffffffffffffffffffffffffffffff +B = 1 + +Sum = 400000000000000000000000000000000 +A = 3ffffffffffffffffffffffffffffffff +B = 1 + +Sum = 800000000000000000000000000000000 +A = 7ffffffffffffffffffffffffffffffff +B = 1 + +Sum = 1000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffff +B = 1 + +Sum = 2000000000000000000000000000000000 +A = 1fffffffffffffffffffffffffffffffff +B = 1 + +Sum = 4000000000000000000000000000000000 +A = 3fffffffffffffffffffffffffffffffff +B = 1 + +Sum = 8000000000000000000000000000000000 +A = 7fffffffffffffffffffffffffffffffff +B = 1 + +Sum = 10000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 20000000000000000000000000000000000 +A = 1ffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 40000000000000000000000000000000000 +A = 3ffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 80000000000000000000000000000000000 +A = 7ffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 100000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 200000000000000000000000000000000000 +A = 1fffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 400000000000000000000000000000000000 +A = 3fffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 800000000000000000000000000000000000 +A = 7fffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 1000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 2000000000000000000000000000000000000 +A = 1ffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 4000000000000000000000000000000000000 +A = 3ffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 8000000000000000000000000000000000000 +A = 7ffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 10000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 20000000000000000000000000000000000000 +A = 1fffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 40000000000000000000000000000000000000 +A = 3fffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 80000000000000000000000000000000000000 +A = 7fffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 100000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 200000000000000000000000000000000000000 +A = 1ffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 400000000000000000000000000000000000000 +A = 3ffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 800000000000000000000000000000000000000 +A = 7ffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 1000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 2000000000000000000000000000000000000000 +A = 1fffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 4000000000000000000000000000000000000000 +A = 3fffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 8000000000000000000000000000000000000000 +A = 7fffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 10000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 20000000000000000000000000000000000000000 +A = 1ffffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 40000000000000000000000000000000000000000 +A = 3ffffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 80000000000000000000000000000000000000000 +A = 7ffffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 100000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 200000000000000000000000000000000000000000 +A = 1fffffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 400000000000000000000000000000000000000000 +A = 3fffffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 800000000000000000000000000000000000000000 +A = 7fffffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 1000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 2000000000000000000000000000000000000000000 +A = 1ffffffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 4000000000000000000000000000000000000000000 +A = 3ffffffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 8000000000000000000000000000000000000000000 +A = 7ffffffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 10000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 20000000000000000000000000000000000000000000 +A = 1fffffffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 40000000000000000000000000000000000000000000 +A = 3fffffffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 80000000000000000000000000000000000000000000 +A = 7fffffffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 100000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 200000000000000000000000000000000000000000000 +A = 1ffffffffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 400000000000000000000000000000000000000000000 +A = 3ffffffffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 800000000000000000000000000000000000000000000 +A = 7ffffffffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 1000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 2000000000000000000000000000000000000000000000 +A = 1fffffffffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 4000000000000000000000000000000000000000000000 +A = 3fffffffffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 8000000000000000000000000000000000000000000000 +A = 7fffffffffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 10000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 20000000000000000000000000000000000000000000000 +A = 1ffffffffffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 40000000000000000000000000000000000000000000000 +A = 3ffffffffffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 80000000000000000000000000000000000000000000000 +A = 7ffffffffffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 100000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 200000000000000000000000000000000000000000000000 +A = 1fffffffffffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 400000000000000000000000000000000000000000000000 +A = 3fffffffffffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 800000000000000000000000000000000000000000000000 +A = 7fffffffffffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 1000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 2000000000000000000000000000000000000000000000000 +A = 1ffffffffffffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 4000000000000000000000000000000000000000000000000 +A = 3ffffffffffffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 8000000000000000000000000000000000000000000000000 +A = 7ffffffffffffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 10000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 20000000000000000000000000000000000000000000000000 +A = 1fffffffffffffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 40000000000000000000000000000000000000000000000000 +A = 3fffffffffffffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 80000000000000000000000000000000000000000000000000 +A = 7fffffffffffffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffffffffffffffffffffff +B = 1 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffffffffffffffffffffe +B = 2 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffffffffffffffffffffc +B = 4 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffffffffffffffffffff8 +B = 8 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffffffffffffffffffff0 +B = 10 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffffffffffffffffffffe0 +B = 20 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffffffffffffffffffffc0 +B = 40 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffffffffffffffffffff80 +B = 80 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffffffffffffffffffff00 +B = 100 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffffffffffffffffffe00 +B = 200 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffffffffffffffffffc00 +B = 400 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffffffffffffffffff800 +B = 800 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffffffffffffffffff000 +B = 1000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffffffffffffffffffe000 +B = 2000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffffffffffffffffffc000 +B = 4000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffffffffffffffffff8000 +B = 8000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffffffffffffffffff0000 +B = 10000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffffffffffffffffe0000 +B = 20000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffffffffffffffffc0000 +B = 40000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffffffffffffffff80000 +B = 80000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffffffffffffffff00000 +B = 100000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffffffffffffffffe00000 +B = 200000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffffffffffffffffc00000 +B = 400000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffffffffffffffff800000 +B = 800000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffffffffffffffff000000 +B = 1000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffffffffffffffe000000 +B = 2000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffffffffffffffc000000 +B = 4000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffffffffffffff8000000 +B = 8000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffffffffffffff0000000 +B = 10000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffffffffffffffe0000000 +B = 20000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffffffffffffffc0000000 +B = 40000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffffffffffffff80000000 +B = 80000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffffffffffffff00000000 +B = 100000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffffffffffffe00000000 +B = 200000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffffffffffffc00000000 +B = 400000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffffffffffff800000000 +B = 800000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffffffffffff000000000 +B = 1000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffffffffffffe000000000 +B = 2000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffffffffffffc000000000 +B = 4000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffffffffffff8000000000 +B = 8000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffffffffffff0000000000 +B = 10000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffffffffffe0000000000 +B = 20000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffffffffffc0000000000 +B = 40000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffffffffff80000000000 +B = 80000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffffffffff00000000000 +B = 100000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffffffffffe00000000000 +B = 200000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffffffffffc00000000000 +B = 400000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffffffffff800000000000 +B = 800000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffffffffff000000000000 +B = 1000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffffffffe000000000000 +B = 2000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffffffffc000000000000 +B = 4000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffffffff8000000000000 +B = 8000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffffffff0000000000000 +B = 10000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffffffffe0000000000000 +B = 20000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffffffffc0000000000000 +B = 40000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffffffff80000000000000 +B = 80000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffffffff00000000000000 +B = 100000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffffffe00000000000000 +B = 200000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffffffc00000000000000 +B = 400000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffffff800000000000000 +B = 800000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffffff000000000000000 +B = 1000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffffffe000000000000000 +B = 2000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffffffc000000000000000 +B = 4000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffffff8000000000000000 +B = 8000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffffff0000000000000000 +B = 10000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffffe0000000000000000 +B = 20000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffffc0000000000000000 +B = 40000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffff80000000000000000 +B = 80000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffff00000000000000000 +B = 100000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffffe00000000000000000 +B = 200000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffffc00000000000000000 +B = 400000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffff800000000000000000 +B = 800000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffff000000000000000000 +B = 1000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffe000000000000000000 +B = 2000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffffc000000000000000000 +B = 4000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffff8000000000000000000 +B = 8000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffff0000000000000000000 +B = 10000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffe0000000000000000000 +B = 20000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffffc0000000000000000000 +B = 40000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffff80000000000000000000 +B = 80000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffff00000000000000000000 +B = 100000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffe00000000000000000000 +B = 200000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffffc00000000000000000000 +B = 400000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffff800000000000000000000 +B = 800000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffff000000000000000000000 +B = 1000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffe000000000000000000000 +B = 2000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffffc000000000000000000000 +B = 4000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffff8000000000000000000000 +B = 8000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffff0000000000000000000000 +B = 10000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffe0000000000000000000000 +B = 20000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffffc0000000000000000000000 +B = 40000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffff80000000000000000000000 +B = 80000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffff00000000000000000000000 +B = 100000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffe00000000000000000000000 +B = 200000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffffc00000000000000000000000 +B = 400000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffff800000000000000000000000 +B = 800000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffff000000000000000000000000 +B = 1000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffe000000000000000000000000 +B = 2000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffffc000000000000000000000000 +B = 4000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffff8000000000000000000000000 +B = 8000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffff0000000000000000000000000 +B = 10000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffe0000000000000000000000000 +B = 20000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffffc0000000000000000000000000 +B = 40000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffff80000000000000000000000000 +B = 80000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffff00000000000000000000000000 +B = 100000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffe00000000000000000000000000 +B = 200000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffffc00000000000000000000000000 +B = 400000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffff800000000000000000000000000 +B = 800000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffff000000000000000000000000000 +B = 1000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffe000000000000000000000000000 +B = 2000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffffc000000000000000000000000000 +B = 4000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffff8000000000000000000000000000 +B = 8000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffff0000000000000000000000000000 +B = 10000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffe0000000000000000000000000000 +B = 20000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffffc0000000000000000000000000000 +B = 40000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffff80000000000000000000000000000 +B = 80000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffff00000000000000000000000000000 +B = 100000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffe00000000000000000000000000000 +B = 200000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffffc00000000000000000000000000000 +B = 400000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffff800000000000000000000000000000 +B = 800000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffff000000000000000000000000000000 +B = 1000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffe000000000000000000000000000000 +B = 2000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffffc000000000000000000000000000000 +B = 4000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffff8000000000000000000000000000000 +B = 8000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffff0000000000000000000000000000000 +B = 10000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffe0000000000000000000000000000000 +B = 20000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffffc0000000000000000000000000000000 +B = 40000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffff80000000000000000000000000000000 +B = 80000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffff00000000000000000000000000000000 +B = 100000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffe00000000000000000000000000000000 +B = 200000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffffc00000000000000000000000000000000 +B = 400000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffff800000000000000000000000000000000 +B = 800000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffff000000000000000000000000000000000 +B = 1000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffe000000000000000000000000000000000 +B = 2000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffffc000000000000000000000000000000000 +B = 4000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffff8000000000000000000000000000000000 +B = 8000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffff0000000000000000000000000000000000 +B = 10000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffe0000000000000000000000000000000000 +B = 20000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffffc0000000000000000000000000000000000 +B = 40000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffff80000000000000000000000000000000000 +B = 80000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffff00000000000000000000000000000000000 +B = 100000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffe00000000000000000000000000000000000 +B = 200000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffffc00000000000000000000000000000000000 +B = 400000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffff800000000000000000000000000000000000 +B = 800000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffff000000000000000000000000000000000000 +B = 1000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffe000000000000000000000000000000000000 +B = 2000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffffc000000000000000000000000000000000000 +B = 4000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffff8000000000000000000000000000000000000 +B = 8000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffff0000000000000000000000000000000000000 +B = 10000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffe0000000000000000000000000000000000000 +B = 20000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffffc0000000000000000000000000000000000000 +B = 40000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffff80000000000000000000000000000000000000 +B = 80000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffff00000000000000000000000000000000000000 +B = 100000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffe00000000000000000000000000000000000000 +B = 200000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffffc00000000000000000000000000000000000000 +B = 400000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffff800000000000000000000000000000000000000 +B = 800000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffff000000000000000000000000000000000000000 +B = 1000000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffe000000000000000000000000000000000000000 +B = 2000000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffffc000000000000000000000000000000000000000 +B = 4000000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffff8000000000000000000000000000000000000000 +B = 8000000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffff0000000000000000000000000000000000000000 +B = 10000000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffe0000000000000000000000000000000000000000 +B = 20000000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffffc0000000000000000000000000000000000000000 +B = 40000000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffff80000000000000000000000000000000000000000 +B = 80000000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffff00000000000000000000000000000000000000000 +B = 100000000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffe00000000000000000000000000000000000000000 +B = 200000000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffffc00000000000000000000000000000000000000000 +B = 400000000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffff800000000000000000000000000000000000000000 +B = 800000000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffff000000000000000000000000000000000000000000 +B = 1000000000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffe000000000000000000000000000000000000000000 +B = 2000000000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffffc000000000000000000000000000000000000000000 +B = 4000000000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffff8000000000000000000000000000000000000000000 +B = 8000000000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffff0000000000000000000000000000000000000000000 +B = 10000000000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffe0000000000000000000000000000000000000000000 +B = 20000000000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffffc0000000000000000000000000000000000000000000 +B = 40000000000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffff80000000000000000000000000000000000000000000 +B = 80000000000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffff00000000000000000000000000000000000000000000 +B = 100000000000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffe00000000000000000000000000000000000000000000 +B = 200000000000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffffc00000000000000000000000000000000000000000000 +B = 400000000000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffff800000000000000000000000000000000000000000000 +B = 800000000000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffff000000000000000000000000000000000000000000000 +B = 1000000000000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffe000000000000000000000000000000000000000000000 +B = 2000000000000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffffc000000000000000000000000000000000000000000000 +B = 4000000000000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffff8000000000000000000000000000000000000000000000 +B = 8000000000000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffff0000000000000000000000000000000000000000000000 +B = 10000000000000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffe0000000000000000000000000000000000000000000000 +B = 20000000000000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fffc0000000000000000000000000000000000000000000000 +B = 40000000000000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fff80000000000000000000000000000000000000000000000 +B = 80000000000000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fff00000000000000000000000000000000000000000000000 +B = 100000000000000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffe00000000000000000000000000000000000000000000000 +B = 200000000000000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ffc00000000000000000000000000000000000000000000000 +B = 400000000000000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ff800000000000000000000000000000000000000000000000 +B = 800000000000000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = ff000000000000000000000000000000000000000000000000 +B = 1000000000000000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fe000000000000000000000000000000000000000000000000 +B = 2000000000000000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = fc000000000000000000000000000000000000000000000000 +B = 4000000000000000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = f8000000000000000000000000000000000000000000000000 +B = 8000000000000000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = f0000000000000000000000000000000000000000000000000 +B = 10000000000000000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = e0000000000000000000000000000000000000000000000000 +B = 20000000000000000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = c0000000000000000000000000000000000000000000000000 +B = 40000000000000000000000000000000000000000000000000 + +Sum = 100000000000000000000000000000000000000000000000000 +A = 80000000000000000000000000000000000000000000000000 +B = 80000000000000000000000000000000000000000000000000 diff --git a/deps/openssl/openssl/test/recipes/15-test_dsa.t b/deps/openssl/openssl/test/recipes/15-test_dsa.t index 2fd236e875f4fb..6ef06af11b3f10 100644 --- a/deps/openssl/openssl/test/recipes/15-test_dsa.t +++ b/deps/openssl/openssl/test/recipes/15-test_dsa.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -21,7 +21,7 @@ plan tests => 6; require_ok(srctop_file('test','recipes','tconversion.pl')); ok(run(test(["dsatest"])), "running dsatest"); -ok(run(test(["dsatest", "-app2_1"])), "running dsatest -app2_1"); +ok(run(test(["dsa_no_digest_size_test"])), "running dsa_no_digest_size_test"); SKIP: { skip "Skipping dsa conversion test", 3 diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam.t b/deps/openssl/openssl/test/recipes/15-test_ecparam.t new file mode 100644 index 00000000000000..47a1a4f20c354f --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam.t @@ -0,0 +1,34 @@ +#! /usr/bin/env perl +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use File::Spec; +use OpenSSL::Glob; +use OpenSSL::Test qw/:DEFAULT data_file/; +use OpenSSL::Test::Utils; + +setup("test_ecparam"); + +plan skip_all => "EC isn't supported in this build" + if disabled("ec") || disabled("ec2m"); + +my @valid = glob(data_file("valid", "*.pem")); +my @invalid = glob(data_file("invalid", "*.pem")); + +plan tests => scalar @valid + scalar @invalid; + +foreach (@valid) { + ok(run(app([qw{openssl ecparam -noout -check -in}, $_]))); +} + +foreach (@invalid) { + ok(!run(app([qw{openssl ecparam -noout -check -in}, $_]))); +} diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/invalid/c2pnb208w1-reducible.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/invalid/c2pnb208w1-reducible.pem new file mode 100644 index 00000000000000..b229876c4a17f3 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/invalid/c2pnb208w1-reducible.pem @@ -0,0 +1,6 @@ +-----BEGIN EC PARAMETERS----- +MIGiAgEBMCUGByqGSM49AQIwGgICANAGCSqGSM49AQIDAzAJAgEBAgECAgE9MB8E +AQAEGshhntRaYuYhLhFgNJ4r+oREOfr8Kj/RY4+eBDUHSf375Kvhk9+VWezwesDO +eFVOJ4TrjB7RpXoPVbUaBueOmsOKA1/1INiwF4G+saa7CGF94wIZAQG6+VyXI8V7 +bCHaLv8tXtWIvdVxfiEvnQIDAP5I +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/invalid/nistp256-nonprime.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/invalid/nistp256-nonprime.pem new file mode 100644 index 00000000000000..a06cf7a0bb3803 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/invalid/nistp256-nonprime.pem @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +MIH3AgEBMCwGByqGSM49AQECIQD/////AAAAAQAAAAAAAAAAAAAAAP////////// +/////jBbBCD/////AAAAAQAAAAAAAAAAAAAAAP///////////////AQgWsY12Ko6 +k+ez671VdpiGvGUdBrDMU7D2O848PifSYEsDFQDEnTYIhucEk2pmeOETnSa3gZ9+ +kARBBGsX0fLhLEJH+Lzm5WOkQPJ3A32BLeszoPShOUXYmMKWT+NC4v4af5uO5+tK +fA+eFivOM1drMV7Oy7ZAaDe/UfUCIQD/////AAAAAP//////////vOb6racXnoTz +ucrC/GMlUQIBAQ== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/invalid/nistp256-offcurve.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/invalid/nistp256-offcurve.pem new file mode 100644 index 00000000000000..d4df6ae6bf09f3 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/invalid/nistp256-offcurve.pem @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +MIH3AgEBMCwGByqGSM49AQECIQD/////AAAAAQAAAAAAAAAAAAAAAP////////// +/////zBbBCD/////AAAAAQAAAAAAAAAAAAAAAP//////////////+AQgWsY12Ko6 +k+ez671VdpiGvGUdBrDMU7D2O848PifSYEsDFQDEnTYIhucEk2pmeOETnSa3gZ9+ +kARBBGsX0fLhLEJH+Lzm5WOkQPJ3A32BLeszoPShOUXYmMKWT+NC4v4af5uO5+tK +fA+eFivOM1drMV7Oy7ZAaDe/UfUCIQD/////AAAAAP//////////vOb6racXnoTz +ucrC/GMlUQIBAQ== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/invalid/nistp256-wrongorder.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/invalid/nistp256-wrongorder.pem new file mode 100644 index 00000000000000..315e68efd8f8c6 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/invalid/nistp256-wrongorder.pem @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +MIH3AgEBMCwGByqGSM49AQECIQD/////AAAAAQAAAAAAAAAAAAAAAP////////// +/////zBbBCD/////AAAAAQAAAAAAAAAAAAAAAP///////////////AQgWsY12Ko6 +k+ez671VdpiGvGUdBrDMU7D2O848PifSYEsDFQDEnTYIhucEk2pmeOETnSa3gZ9+ +kARBBGsX0fLhLEJH+Lzm5WOkQPJ3A32BLeszoPShOUXYmMKWT+NC4v4af5uO5+tK +fA+eFivOM1drMV7Oy7ZAaDe/UfUCIQD/////AAAAAP//////////vOb6racXnoTz +ucrC/SMlUQIBAQ== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb163v1-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb163v1-explicit.pem new file mode 100644 index 00000000000000..d7bc1c2cab275c --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb163v1-explicit.pem @@ -0,0 +1,6 @@ +-----BEGIN EC PARAMETERS----- +MIG3AgEBMCUGByqGSM49AQIwGgICAKMGCSqGSM49AQIDAzAJAgEBAgECAgEIMEQE +FQclRrVDUjSkIuB4lnX0MsiUNd5SQgQUyVF9BtUkDTz/OMdLILbNTW+d1NkDFQDS +wPsVdghg3vHu9NaW5naHVhUXVAQrBAevaZiVRhA9eTKfzD10iA8zu+gDywHsIyEb +WWat6h0/h/fqWEiu8LfKnwIVBAAAAAAAAAAAAAHmD8iCHMdNrq/BAgEC +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb163v1-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb163v1-named.pem new file mode 100644 index 00000000000000..b69cdb0624e2fa --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb163v1-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMAAQ== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb163v2-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb163v2-explicit.pem new file mode 100644 index 00000000000000..130621998be68f --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb163v2-explicit.pem @@ -0,0 +1,6 @@ +-----BEGIN EC PARAMETERS----- +MIG4AgEBMCUGByqGSM49AQIwGgICAKMGCSqGSM49AQIDAzAJAgEBAgECAgEIMEUE +FQEIs553xLEIvtmB7Q6JDhF8URzwcgQVBmes6zivTkiMQHQz/65PHIEWON8gAxUA +U4FMBQ1E1pbmdodWFRdYDKTin/0EKwQAJCZuTrUQbQqWTZLEhg4mcdubbMUHn2hN +32aExc0liziQAhsjht/Rn8UCFQP////////////99k3hFRrbt48QpwIBAg== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb163v2-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb163v2-named.pem new file mode 100644 index 00000000000000..371f08cacf93f4 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb163v2-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMAAg== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb163v3-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb163v3-explicit.pem new file mode 100644 index 00000000000000..fe6a07b09c78c6 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb163v3-explicit.pem @@ -0,0 +1,6 @@ +-----BEGIN EC PARAMETERS----- +MIG4AgEBMCUGByqGSM49AQIwGgICAKMGCSqGSM49AQIDAzAJAgEBAgECAgEIMEUE +FQelJsY9PiWiVqAHaZ9UR+Mq5Fa1DgQVA/cGF5jrmeI4/W8b+VtI/utIVCUrAxUA +UMvx2VypTWluZ2h1YVF18Wo2o7gEKwQC+fh7fFdNC97PiiLmUkd1+YzevcsFuTVZ +DBVeF+pI6z/zcYuJPfWaBdACFQP////////////+Gu4UDxEK/5YTCQIBAg== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb163v3-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb163v3-named.pem new file mode 100644 index 00000000000000..712f73c817d694 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb163v3-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMAAw== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb176v1-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb176v1-explicit.pem new file mode 100644 index 00000000000000..9c362b00201b19 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb176v1-explicit.pem @@ -0,0 +1,6 @@ +-----BEGIN EC PARAMETERS----- +MIGnAgEBMCUGByqGSM49AQIwGgICALAGCSqGSM49AQIDAzAJAgEBAgECAgErMDAE +FuTm2ymVBlxAfZ05uNCWe5ZwS6jpyQsEFl3aRwq+ZBTejsEzrijpu9f87Arg//IE +LQSNFsKGZ5i2APnwi7So6GDzKYzgSleYb6RTnC2t3da6tRZ9YbQ24dkrsWpWLAIV +AQCSU3OX7KT2FFeZ1isKGc4G/iatAgMA/24= +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb176v1-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb176v1-named.pem new file mode 100644 index 00000000000000..76091177ebd9d8 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb176v1-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMABA== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb208w1-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb208w1-explicit.pem new file mode 100644 index 00000000000000..88772e62097997 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb208w1-explicit.pem @@ -0,0 +1,6 @@ +-----BEGIN EC PARAMETERS----- +MIGiAgEBMCUGByqGSM49AQIwGgICANAGCSqGSM49AQIDAzAJAgEBAgECAgFTMB8E +AQAEGshhntRaYuYhLhFgNJ4r+oREOfr8Kj/RY4+eBDUEif375Kvhk9+VWezwesDO +eFVOJ4TrjB7RpXoPVbUaBueOmsOKA1/1INiwF4G+saa7CGF94wIZAQG6+VyXI8V7 +bCHaLv8tXtWIvdVxfiEvnQIDAP5I +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb208w1-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb208w1-named.pem new file mode 100644 index 00000000000000..1bb91a2be3f328 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb208w1-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMACg== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb272w1-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb272w1-explicit.pem new file mode 100644 index 00000000000000..02a433c074abab --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb272w1-explicit.pem @@ -0,0 +1,7 @@ +-----BEGIN EC PARAMETERS----- +MIHjAgEBMCUGByqGSM49AQIwGgICARAGCSqGSM49AQIDAzAJAgEBAgEDAgE4MEgE +IpGgkfA7X7pKssz0nE7dIg+wKHEtQr51KyxACU26zbWG+yAEInFn78krsuPOfIqq +/zThKpxVcAPXxzpvrwA/mfbMhILlQPcERQRhCLq7LO6894cFigVsvgz+Yi13I6KJ +4IoHrhPvDRDRcd2NEMdpVxaFHu9rp/aHLmFC+9JBuDD/Xvys7MqwXgIAXd6dIwIh +AQD69RNU4OOeSJLfbjGccsgWFgP6Rap7mYoWe48eYpUhAgMA/wY= +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb272w1-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb272w1-named.pem new file mode 100644 index 00000000000000..d1117958f394f6 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb272w1-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMAEA== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb304w1-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb304w1-explicit.pem new file mode 100644 index 00000000000000..f11db414b98afb --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb304w1-explicit.pem @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +MIH3AgEBMCUGByqGSM49AQIwGgICATAGCSqGSM49AQIDAzAJAgEBAgECAgELMFAE +Jv0NaTFJoRj2Uebc5oAghTd+X4gtG1ELRBYAdMEogHg2WgOWyOaBBCa925flVaUK +kI5DsBx5jqXapniPHqJ5Tvz1cWa4wUA5YB5VgnNAvgRNBBl7B4Rem+LZatsPXzx/ +LP+9ej64tv7DXH/Wfybd9ihaZE90CiYU4Z++t24NoXFRfs9AG1Aom/AUEDKIUnqb +QWoQXoAmC1Sf3BuSwDsCJQEB1VZXKqusgAEB1VZXKqusgAECLVyR3Rc/j7Vh2miZ +FkRDBR0CAwD+Lg== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb304w1-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb304w1-named.pem new file mode 100644 index 00000000000000..282364e500a198 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb304w1-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMAEQ== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb368w1-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb368w1-explicit.pem new file mode 100644 index 00000000000000..19828f80728694 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb368w1-explicit.pem @@ -0,0 +1,9 @@ +-----BEGIN EC PARAMETERS----- +MIIBHwIBATAlBgcqhkjOPQECMBoCAgFwBgkqhkjOPQECAwMwCQIBAQIBAgIBVTBg +BC7g0u4lCVIG9eKk+e0inx8lbnmg4rRVlw2NDYZb2Ud4xXbWLwq3UZzNKhqQauMN +BC78EhfUMgqQRSx2CljtzTDI3QabPDRFODejTtUMtUkX4cIRLYTRZPRE+PdHhgRq +BF0EEIXidVOB3MzjwVV6+hDC8MDCglZGxbNKOUy8+ovBayLn54npJ74hbwLh+xNq +X3s+sb3cumLV2LIFm1JXl/xzgixZBZxiOkX/OEPO6Ph80YVa2qgeKgdQuA/aIxAC +LQEAkFEtqa9ysINJ2Ypd1MewUy7KUc4D4tEPO3rFeb2H6QmuQKbxMenPzlvZZwID +AP9w +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb368w1-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb368w1-named.pem new file mode 100644 index 00000000000000..d9711209630784 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2pnb368w1-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMAEw== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb191v1-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb191v1-explicit.pem new file mode 100644 index 00000000000000..8b8c147e1a5b51 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb191v1-explicit.pem @@ -0,0 +1,7 @@ +-----BEGIN EC PARAMETERS----- +MIG/AgEBMB0GByqGSM49AQIwEgICAL8GCSqGSM49AQIDAgIBCTBLBBgoZlN7Z2dS +Y2po9WVU4SZAJ2tknvdSYmcEGC5F71cfAHhvZ7AIG5SVo9lUYvXeCqGF7AMVAE4T +ylQnRNaW5naHVhUXVS8nmoyEBDEENrPa+KIyBvnE8pnXshqcNpE38shK4aoNdlvn +NDOz+V4zKTLnDqJFyiQY6g75gBj7AhhAAAAAAAAAAAAAAAAEog6Qw5BnyJO7uaUC +AQI= +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb191v1-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb191v1-named.pem new file mode 100644 index 00000000000000..a8745e544bd018 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb191v1-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMABQ== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb191v2-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb191v2-explicit.pem new file mode 100644 index 00000000000000..68302469867b28 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb191v2-explicit.pem @@ -0,0 +1,7 @@ +-----BEGIN EC PARAMETERS----- +MIG/AgEBMB0GByqGSM49AQIwEgICAL8GCSqGSM49AQIDAgIBCTBLBBhAECh3TXd3 +x7dmbRNm6kMgcSdPif8B5xgEGAYgBI0ovL0DtiScmRgrfIzRlwDDYsRqAQMVAAhx +7y/vJNaW5naHVhUXWL7g2VwVBDEEOAmyt8wbKMxah5JqrYP9KHiegeLJ478QF0ND +hmJtFPPb8Bdg2SE6PhzzeuxDfWaKAhggAAAAAAAAAAAAAABQUIy4n2UoJOBrgXMC +AQQ= +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb191v2-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb191v2-named.pem new file mode 100644 index 00000000000000..85a7fe8aeb9e10 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb191v2-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMABg== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb191v3-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb191v3-explicit.pem new file mode 100644 index 00000000000000..62d43cb4fa9c0a --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb191v3-explicit.pem @@ -0,0 +1,7 @@ +-----BEGIN EC PARAMETERS----- +MIG/AgEBMB0GByqGSM49AQIwEgICAL8GCSqGSM49AQIDAgIBCTBLBBhsAQdHVgmR +IiIQVpEcd9d+d6d35+fnf8sEGHH+Gvkmz4R5ie/vjbRZ9mOU2Q8yrT8V6AMVAOBT +US3GhNaW5naHVhUXUGeueG0fBDEEN11M4k/eQ0SJ3odG5xeGAVAJ5m44qSbdVFo5 +F2GWV12YWZk2bmrTTOCnfNcSewa+AhgVVVVVVVVVVVVVVVVhDAsZaBK/tiiKPqMC +AQY= +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb191v3-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb191v3-named.pem new file mode 100644 index 00000000000000..5131440fc970de --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb191v3-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMABw== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb239v1-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb239v1-explicit.pem new file mode 100644 index 00000000000000..c66246bd2bf94f --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb239v1-explicit.pem @@ -0,0 +1,7 @@ +-----BEGIN EC PARAMETERS----- +MIHdAgEBMB0GByqGSM49AQIwEgICAO8GCSqGSM49AQIDAgIBJDBXBB4yAQhXB3xU +MRI6RrgIkGdW9UNCPo0nh3V4Eld4rHYEHnkECPLu2vOSsBLt77M5LzD0MnwMo/Mf +w4PEIqqMFgMVANNLmk1pbmdodWFRdcpxuSC/77BdBD0EV5JwmPqTLnwKltP9W3Bu +9+X1wVbha358hgOFUukdYdjuUHfDP+z28aFrJo3kacPHdE6pqXFkn8epYWMFAh4g +AAAAAAAAAAAAAAAAAAAPTUL/4UkqSZPxytZm5EcCAQQ= +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb239v1-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb239v1-named.pem new file mode 100644 index 00000000000000..68bfd3fed9159f --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb239v1-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMACw== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb239v2-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb239v2-explicit.pem new file mode 100644 index 00000000000000..862b027ce0515e --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb239v2-explicit.pem @@ -0,0 +1,7 @@ +-----BEGIN EC PARAMETERS----- +MIHdAgEBMB0GByqGSM49AQIwEgICAO8GCSqGSM49AQIDAgIBJDBXBB5CMAF3V6dn ++uQjmFabdGMl1FMTrwdmJmR5t1ZU5l8EHlA36mVBls/wzYKywUovzy4/+HdShbVF +ci8D6s23SwMVACqmmC/fpNaW5naHVhUXXSZnJyd9BD0EKPnQTpAAacjcR6CFNP52 +0rkAt9fvMfVwnyAMTKIFVmczTEWv87WgO62d114scamTYlZ9VFP3+m4ifsgzAh4V +VVVVVVVVVVVVVVVVVVU8byiFJZwx4/zfFUYkUi0CAQY= +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb239v2-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb239v2-named.pem new file mode 100644 index 00000000000000..15e84078b1d1a4 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb239v2-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMADA== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb239v3-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb239v3-explicit.pem new file mode 100644 index 00000000000000..2b0ca1e4ab2bfb --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb239v3-explicit.pem @@ -0,0 +1,7 @@ +-----BEGIN EC PARAMETERS----- +MIHdAgEBMB0GByqGSM49AQIwEgICAO8GCSqGSM49AQIDAgIBJDBXBB4BI4d0Zmpn +dm1mdvd45na2aZkXZmbmh2Zth2bGap8EHmqUGXe6n2pDUZms/FEGftWH9RnF7LVB +uORBEd4dQAMVAJ4Hb01pbmdodWFRdeEen913+SBBBD0EcPbp0E0onE6JkTzjUwv9 +6QOXfUKxRtU5vxveTpySLloOr25eEwW5AE3OXA7X/lmjVgjzODfIFtgLefRhAh4M +zMzMzMzMzMzMzMzMzMysSRLS2d+QPvmIi4oOTP8CAQo= +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb239v3-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb239v3-named.pem new file mode 100644 index 00000000000000..dd33a5ff4ed8d8 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb239v3-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMADQ== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb359v1-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb359v1-explicit.pem new file mode 100644 index 00000000000000..0b548ee4418ad7 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb359v1-explicit.pem @@ -0,0 +1,9 @@ +-----BEGIN EC PARAMETERS----- +MIIBKAIBATAdBgcqhkjOPQECMBICAgFnBgkqhkjOPQECAwICAUQwdQQtVmdnamVL +IHVPNW6pIBfZRlZ8RmdVVvGVVqBGFrVn0iOl4FZW+1SQFqlmVqVXBC0kcuLQGXxJ +Nj8f5/W22wddUraUfRNdjKRFgF05vDRWJgiWh3QrYynnBoAjGYgDFQArNUkgtyTW +luZ2h1YVF1hboTMtxgRbBDwljvMEd2fn7eDx/ap52u44QTZqEy4WOs7U7SQB35xr +3N6Y6OcHwHoiObGwl1PX4IUpVHBIEh6clfN5HdgEljlI80+ue/ROqCNl3Hho/lfk +ri3iETBaQHEEvQItAa8oa8oa8oa8oa8oa8oa8oa8oa8oa8n7j2uFxVaJLCCn65ZP +53GedPSQdY07AgFM +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb359v1-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb359v1-named.pem new file mode 100644 index 00000000000000..d8a6e5e2719b3d --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb359v1-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMAEg== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb431r1-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb431r1-explicit.pem new file mode 100644 index 00000000000000..1b139de32e31b2 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb431r1-explicit.pem @@ -0,0 +1,9 @@ +-----BEGIN EC PARAMETERS----- +MIIBPgIBATAdBgcqhkjOPQECMBICAgGvBgkqhkjOPQECAwICAXgwcAQ2GoJ+8A3W +/A4jTK8EbGpdioU5WyNsxK0s8yoMrb3J3fYgsOuZBtCVf2xv6s1hVGjfEE3ils2P +BDYQ2bSj2QR9ixVDWav7G39UhbBM64aCN93J3tqYKmeaWpGbYm1OUKjdcxsQepli +OB+12Ae/JhgEbQQSD8BdPGepneFh0vQJJiL+ynAb5PUPR1hxToqHu/KmWO+MIefF +7+llNh9sKZnAwkew29cM5rcg0K+JA6lvjV+iwlV0XTxFGzAsk0bZt+SF57zkH2tZ +Hz6Pat3LsLxML5R6feGom2JdalmLN2ACNQNANANANANANANANANANANANANANANA +NANANAMjwxP6tQWJcDtexo01h/7GDRYcwUnBrUqRAgInYA== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb431r1-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb431r1-named.pem new file mode 100644 index 00000000000000..078c73a90f2782 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/c2tnb431r1-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMAFA== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime192v1-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime192v1-explicit.pem new file mode 100644 index 00000000000000..6c6427da5bb107 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime192v1-explicit.pem @@ -0,0 +1,7 @@ +-----BEGIN EC PARAMETERS----- +MIHHAgEBMCQGByqGSM49AQECGQD////////////////////+//////////8wSwQY +/////////////////////v/////////8BBhkIQUZ5ZyA5w+n6atyJDBJ/rje7MFG +ubEDFQAwRa5vyEIvZO1XlSjTgSDq4SGW1QQxBBiNqA6wMJD2fL8g60OhiAD0/wr9 +gv8QEgcZK5X/yNp4YxAR7WskzdVz+XehHnlIEQIZAP///////////////5ne+DYU +a8mxtNIoMQIBAQ== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime192v1-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime192v1-named.pem new file mode 100644 index 00000000000000..0a9dd4ed62a6cb --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime192v1-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMBAQ== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime192v2-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime192v2-explicit.pem new file mode 100644 index 00000000000000..32a580d3b57331 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime192v2-explicit.pem @@ -0,0 +1,7 @@ +-----BEGIN EC PARAMETERS----- +MIHHAgEBMCQGByqGSM49AQECGQD////////////////////+//////////8wSwQY +/////////////////////v/////////8BBjMItbfuVxrJeScDWNkpOWYDDk6ohZo +2VMDFQAxqS7iAp/RDZAbET6ZBxDw0hrGtgQxBO6iuufhSXhC8t53ac/pyYnAcq1p +b0gDSmV00R1ptux6Zyu4Kgg98vKwhH3pcLLeFQIZAP///////////////l+xpyTc +gEGGSNjdMQIBAQ== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime192v2-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime192v2-named.pem new file mode 100644 index 00000000000000..6bd311f1ca95fd --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime192v2-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMBAg== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime192v3-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime192v3-explicit.pem new file mode 100644 index 00000000000000..f38e9d95a6c962 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime192v3-explicit.pem @@ -0,0 +1,7 @@ +-----BEGIN EC PARAMETERS----- +MIHHAgEBMCQGByqGSM49AQECGQD////////////////////+//////////8wSwQY +/////////////////////v/////////8BBgiEj3COVoFyqdCPa7MyUdgp9RiJWvV +aRYDFQDEaWhENd6zeMS2XKlZHipXYwWaLgQxBH0pd4EAxlodoXg3FliNziuLSu6O +Io8YljipDyJjczczS0nctmptyPmXisp2SKlDsAIZAP///////////////3pi0DHI +P0KU9kDsEwIBAQ== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime192v3-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime192v3-named.pem new file mode 100644 index 00000000000000..ebdea34f39e8b7 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime192v3-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMBAw== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime239v1-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime239v1-explicit.pem new file mode 100644 index 00000000000000..1795f2391b2e27 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime239v1-explicit.pem @@ -0,0 +1,7 @@ +-----BEGIN EC PARAMETERS----- +MIHpAgEBMCkGByqGSM49AQECHn///////////////3///////4AAAAAAAH////// +/zBXBB5///////////////9///////+AAAAAAAB///////wEHmsBbDvc8YlB0NZU +khR1ynGp2y+yfR03eWGFwpQsCgMVAOQ7tGDwuAzAwLB1eY6UgGD4Mht9BD0ED/qW +PNyogWzMM7hkK+35BcPTWFc9Pyf7vTs8uaqvfevo5OkKXa5uQFTKUwugRlSzaBjO +Ims5/Mt7AvGuAh5///////////////9///+eXpqfXZBx+9FSJoiQnQsCAQE= +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime239v1-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime239v1-named.pem new file mode 100644 index 00000000000000..32d2c92d681236 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime239v1-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMBBA== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime239v2-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime239v2-explicit.pem new file mode 100644 index 00000000000000..d7b7c2d390ebae --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime239v2-explicit.pem @@ -0,0 +1,7 @@ +-----BEGIN EC PARAMETERS----- +MIHpAgEBMCkGByqGSM49AQECHn///////////////3///////4AAAAAAAH////// +/zBXBB5///////////////9///////+AAAAAAAB///////wEHmF/q2gyV2y7/tUN +mfAknD/uWLlLoAOMeuhMjIMvLAMVAOi0ARYECVMDyjuAmZgr4J/LmuYWBD0EOK8J +2YcncFEgySG7Xp4mKWo83PLzV1eg6v2HuDDnWwEl5NvqDscgbaD8AdmwgTKftVXe +bvRgI33/i+S6Ah5///////////////+AAADPp+hZQ3fUFMA4IbxYIGMCAQE= +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime239v2-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime239v2-named.pem new file mode 100644 index 00000000000000..b673ca7d01aa04 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime239v2-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMBBQ== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime239v3-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime239v3-explicit.pem new file mode 100644 index 00000000000000..bf488d9cccc56f --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime239v3-explicit.pem @@ -0,0 +1,7 @@ +-----BEGIN EC PARAMETERS----- +MIHpAgEBMCkGByqGSM49AQECHn///////////////3///////4AAAAAAAH////// +/zBXBB5///////////////9///////+AAAAAAAB///////wEHiVXBfoqMGZUsfTL +A9anUKMMJQEC1JiHF9m6FattPgMVAH1zdBaP/jRxtgqFdoahlHXTv6L/BD0EZ2iu +jhi7ks/PAFyUmqLG2UhT0OZgu/hUsclQX+laFgfmiY85DAa8HVUrrSJvO2/P5Itu +gYSZrxjj7WzzAh5///////////////9///+XXetBs6YFfDxDIUZSZVECAQE= +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime239v3-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime239v3-named.pem new file mode 100644 index 00000000000000..082f731ea046bb --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime239v3-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMBBg== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime256v1-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime256v1-explicit.pem new file mode 100644 index 00000000000000..4419839f4877d5 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime256v1-explicit.pem @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +MIH3AgEBMCwGByqGSM49AQECIQD/////AAAAAQAAAAAAAAAAAAAAAP////////// +/////zBbBCD/////AAAAAQAAAAAAAAAAAAAAAP///////////////AQgWsY12Ko6 +k+ez671VdpiGvGUdBrDMU7D2O848PifSYEsDFQDEnTYIhucEk2pmeOETnSa3gZ9+ +kARBBGsX0fLhLEJH+Lzm5WOkQPJ3A32BLeszoPShOUXYmMKWT+NC4v4af5uO5+tK +fA+eFivOM1drMV7Oy7ZAaDe/UfUCIQD/////AAAAAP//////////vOb6racXnoTz +ucrC/GMlUQIBAQ== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime256v1-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime256v1-named.pem new file mode 100644 index 00000000000000..a76e47d9590ba8 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/prime256v1-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMBBw== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp112r1-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp112r1-explicit.pem new file mode 100644 index 00000000000000..2c97cb413cfa2f --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp112r1-explicit.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PARAMETERS----- +MIGLAgEBMBoGByqGSM49AQECDwDbfCq/YuNeZoB2vq0gizA3BA7bfCq/YuNeZoB2 +vq0giAQOZZ74ugQ5Fu7eiRFwKyIDFQAA9QsCjk1pbmdodWFRdSkEcng/sQQdBAlI +cjmZWl7na1X5wvCYqJzlr4ckwKI+Dg/3dQACDwDbfCq/YuNedijfrGVhxQIBAQ== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp112r1-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp112r1-named.pem new file mode 100644 index 00000000000000..5b7a770c15b422 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp112r1-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgUrgQQABg== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp112r2-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp112r2-explicit.pem new file mode 100644 index 00000000000000..927ac3a828286e --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp112r2-explicit.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PARAMETERS----- +MIGKAgEBMBoGByqGSM49AQECDwDbfCq/YuNeZoB2vq0gizA3BA5hJ8JMBfOKCqr2 +XA7wLAQOUd7xgV217XT8w0yF1wkDFQAAJ1ehEU1pbmdodWFRdVMWwF4L1AQdBEuj +CrXokrThZJ3QkoZDrc1G9YguN0fe826VbpcCDjbfCq/YuNdZfKEFINBLAgEE +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp112r2-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp112r2-named.pem new file mode 100644 index 00000000000000..dfaed7480b9e5c --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp112r2-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgUrgQQABw== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp128r1-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp128r1-explicit.pem new file mode 100644 index 00000000000000..93732d63bf8649 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp128r1-explicit.pem @@ -0,0 +1,6 @@ +-----BEGIN EC PARAMETERS----- +MIGXAgEBMBwGByqGSM49AQECEQD////9////////////////MDsEEP////3///// +//////////wEEOh1ecEQefQ92CSZPCzuXtMDFQAADg1NaW5naHVhUXUMwDpEc9A2 +eQQhBBYf91KLiZstDChgfKUsW4bPWsg5W6/rE8AtopLd7XqDAhEA/////gAAAAB1 +ow0bkDihFQIBAQ== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp128r1-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp128r1-named.pem new file mode 100644 index 00000000000000..bcf16a01a43a7e --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp128r1-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgUrgQQAHA== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp128r2-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp128r2-explicit.pem new file mode 100644 index 00000000000000..2bcbebcb9b4d4c --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp128r2-explicit.pem @@ -0,0 +1,6 @@ +-----BEGIN EC PARAMETERS----- +MIGWAgEBMBwGByqGSM49AQECEQD////9////////////////MDsEENYDGZjRs7v+ +v1nMm7/5ruEEEF7u/KOA0CkZ3CxlWLttil0DFQAATWluZ2h1YVF1EtjwNDH85juI +9AQhBHtqpdheVymD5vsyp83rwUAntpFqiU067nEG/oBfw0tEAhA/////f////74A +JHIGE7WjAgEE +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp128r2-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp128r2-named.pem new file mode 100644 index 00000000000000..3d1a30f57d3bc8 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp128r2-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgUrgQQAHQ== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp160k1-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp160k1-explicit.pem new file mode 100644 index 00000000000000..de0464ce183432 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp160k1-explicit.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PARAMETERS----- +MHICAQEwIAYHKoZIzj0BAQIVAP////////////////////7//6xzMAYEAQAEAQcE +KQQ7TDgs43qhkqQBnnYwNvT13U1+u5OM+TUxj9zta8KChlMXM8PwPE/uAhUBAAAA +AAAAAAAAAbj6Ft+rmsoWtrMCAQE= +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp160k1-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp160k1-named.pem new file mode 100644 index 00000000000000..2029fed02a00e8 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp160k1-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgUrgQQACQ== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp160r1-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp160r1-explicit.pem new file mode 100644 index 00000000000000..6ddb9c4e468322 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp160r1-explicit.pem @@ -0,0 +1,6 @@ +-----BEGIN EC PARAMETERS----- +MIGvAgEBMCAGByqGSM49AQECFQD/////////////////////f////zBDBBT///// +////////////////f////AQUHJe+/FS9eotlrPifgdTUrcVl+kUDFQAQU83kLBTW +luZ2h1YVF1M78/gzRQQpBEqWtWiO9XMoRmRpiWjDi7kTy/yCI6YoVTFolH1Z3MkS +BCNRN3rF+zICFQEAAAAAAAAAAAAB9Mj5J67TynUiVwIBAQ== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp160r1-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp160r1-named.pem new file mode 100644 index 00000000000000..3546d9957489c1 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp160r1-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgUrgQQACA== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp160r2-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp160r2-explicit.pem new file mode 100644 index 00000000000000..120728ae7e1c4a --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp160r2-explicit.pem @@ -0,0 +1,6 @@ +-----BEGIN EC PARAMETERS----- +MIGvAgEBMCAGByqGSM49AQECFQD////////////////////+//+sczBDBBT///// +///////////////+//+scAQUtOE00/tZ64urVydJBGZNWvUDiLoDFQC5m5mwmbMj +4CcJpNaW5naHVhUXUQQpBFLcsDQpOhF+H0/xGzD3GZ0xRM5t/q/+8uMx8pbgcfoN ++Zgs/qfUPy4CFQEAAAAAAAAAAAAANR7nhqgY86GhawIBAQ== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp160r2-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp160r2-named.pem new file mode 100644 index 00000000000000..fc9f9670b6543a --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp160r2-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgUrgQQAHg== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp192k1-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp192k1-explicit.pem new file mode 100644 index 00000000000000..0b58fcf3b09df0 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp192k1-explicit.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PARAMETERS----- +MIGCAgEBMCQGByqGSM49AQECGQD//////////////////////////v//7jcwBgQB +AAQBAwQxBNtP8Q7AV+muJrB9AoC39DQdpdGx6uBsfZsvL22cViinhEFj0BW+hjRA +gqqI2V4vnQIZAP///////////////iby/BcPaUZqdN79jQIBAQ== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp192k1-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp192k1-named.pem new file mode 100644 index 00000000000000..4f9fc32de2eb2d --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp192k1-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgUrgQQAHw== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp224k1-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp224k1-explicit.pem new file mode 100644 index 00000000000000..76ac8ed02f1589 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp224k1-explicit.pem @@ -0,0 +1,6 @@ +-----BEGIN EC PARAMETERS----- +MIGSAgEBMCgGByqGSM49AQECHQD///////////////////////////////7//+Vt +MAYEAQAEAQUEOQShRVszTfCZ3zD8KKFppGfp5HB1qQ9+ZQ62t6Rcfgif7X+6NEKC +yvvW9+MZ98CwvVniykvbVW1hpQIdAQAAAAAAAAAAAAAAAAAB3OjS7GGEyvCpcXaf +sfcCAQE= +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp224k1-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp224k1-named.pem new file mode 100644 index 00000000000000..aba6bf93f03bad --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp224k1-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgUrgQQAIA== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp224r1-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp224r1-explicit.pem new file mode 100644 index 00000000000000..17baec7a48ff7f --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp224r1-explicit.pem @@ -0,0 +1,7 @@ +-----BEGIN EC PARAMETERS----- +MIHfAgEBMCgGByqGSM49AQECHQD/////////////////////AAAAAAAAAAAAAAAB +MFMEHP////////////////////7///////////////4EHLQFCoUMBLOr9UEyVlBE +sLfXv9i6Jws5QyNV/7QDFQC9cTRHmdXH/NxFtZ+juauPapSLxQQ5BLcODL1rtL9/ +MhOQuUoDwdNWwhEiNDKA1hFcHSG9N2OItfcj+0wi3+bNQ3WgWgdHZETVgZmFAH40 +Ah0A//////////////////8WouC48D4T3SlFXFwqPQIBAQ== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp224r1-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp224r1-named.pem new file mode 100644 index 00000000000000..9728ddda997632 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp224r1-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgUrgQQAIQ== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp256k1-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp256k1-explicit.pem new file mode 100644 index 00000000000000..72f7f06ad3d2da --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp256k1-explicit.pem @@ -0,0 +1,6 @@ +-----BEGIN EC PARAMETERS----- +MIGiAgEBMCwGByqGSM49AQECIQD////////////////////////////////////+ +///8LzAGBAEABAEHBEEEeb5mfvncu6xVoGKVzocLBwKb/NstzijZWfKBWxb4F5hI +Otp3JqPEZV2k+/wOEQio/Re0SKaFVBmcR9CP+xDUuAIhAP////////////////// +//66rtzmr0igO7/SXozQNkFBAgEB +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp256k1-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp256k1-named.pem new file mode 100644 index 00000000000000..32d952ea91c6cd --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp256k1-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgUrgQQACg== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp384r1-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp384r1-explicit.pem new file mode 100644 index 00000000000000..8f5598ed05af51 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp384r1-explicit.pem @@ -0,0 +1,10 @@ +-----BEGIN EC PARAMETERS----- +MIIBVwIBATA8BgcqhkjOPQEBAjEA//////////////////////////////////// +//////7/////AAAAAAAAAAD/////MHsEMP////////////////////////////// +///////////+/////wAAAAAAAAAA/////AQwszEvp+I+5+SYjgVr4/gtGRgdnG7+ +gUESAxQIj1ATh1rGVjmNii7RnSqFyO3T7CrvAxUAozWSaqMZonodAIlqZ3OkgnrN +rHMEYQSqh8oivosFN46xxx7zIK10bh07Younm5hZ90HgglQqOFUC8l2/VSlsOlRe +OHJ2Crc2F95KliYsb12emL+Sktwp+PQdvSiaFHzp2jETtfC4wApgsc4dfoGdekMd +fJDqDl8CMQD////////////////////////////////HY02B9Dct31gaDbJIsKd6 +7OwZaszFKXMCAQE= +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp384r1-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp384r1-named.pem new file mode 100644 index 00000000000000..ceed209a52359a --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp384r1-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgUrgQQAIg== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp521r1-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp521r1-explicit.pem new file mode 100644 index 00000000000000..f92a1211b95170 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp521r1-explicit.pem @@ -0,0 +1,12 @@ +-----BEGIN EC PARAMETERS----- +MIIBwgIBATBNBgcqhkjOPQEBAkIB//////////////////////////////////// +//////////////////////////////////////////////////8wgZ4EQgH///// +//////////////////////////////////////////////////////////////// +/////////////////ARBUZU+uWGOHJofkpohoLaFQO6i2nJbmbMV87i0iZGO8Qnh +Vhk5Uex+k3sWUsC9O7G/BzVz34g9LDTx70Uf1GtQPwADFQDQnogAKRy4U5bMZxc5 +MoSqoNpkugSBhQQAxoWOBrcEBOnNnj7LZiOVtEKcZIE5BT+1Ifgor2BrTT26oUte +d+/nWSj+HcEnov+o3jNIs8GFakKb+X5+McLlvWYBGDkpaniaO8AEXIpftCx9G9mY +9URJV5tEaBevvRcnPmYsl+5ymV70JkDFULkBP60HYTU8cIaicsJAiL6Udp/RZlAC +QgH///////////////////////////////////////////pRhoeDvy+Wa3/MAUj3 +CaXQO7XJuImcR667b7cekThkCQIBAQ== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp521r1-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp521r1-named.pem new file mode 100644 index 00000000000000..cdca78c8e2eb15 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/secp521r1-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgUrgQQAIw== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect113r1-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect113r1-explicit.pem new file mode 100644 index 00000000000000..2cd45a8c4fddaa --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect113r1-explicit.pem @@ -0,0 +1,6 @@ +-----BEGIN EC PARAMETERS----- +MIGPAgEBMBwGByqGSM49AQIwEQIBcQYJKoZIzj0BAgMCAgEJMDcEDjCIJQym58f+ +ZJzoWCD3BA7ovuTT4iYHRBiL4OnHIwMVABDnI6sU1pbmdodWFRdW/r+Py0mpBB8E +AJ1zYW819KsUB9c1YsEPAKUoMCd5WO6E0TFe0xiGAg8BAAAAAAAAANnM7Io55W8C +AQI= +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect113r1-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect113r1-named.pem new file mode 100644 index 00000000000000..f39d6cad8fb67f --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect113r1-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgUrgQQABA== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect113r2-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect113r2-explicit.pem new file mode 100644 index 00000000000000..4fca872b4861b3 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect113r2-explicit.pem @@ -0,0 +1,6 @@ +-----BEGIN EC PARAMETERS----- +MIGPAgEBMBwGByqGSM49AQIwEQIBcQYJKoZIzj0BAgMCAgEJMDcEDmiZGNvsfloN +1t/AqlXHBA6V6ansmyl71L824FkYTwMVABDA+xV2CGDe8e701pbmdodWFRddBB8E +AaV6ansmyl71L824FkeXALOtyU7R/mdMBuaVurodAg8BAAAAAAAAAQh4mySWr5MC +AQI= +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect113r2-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect113r2-named.pem new file mode 100644 index 00000000000000..c27c9c58c75d08 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect113r2-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgUrgQQABQ== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect131r1-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect131r1-explicit.pem new file mode 100644 index 00000000000000..cc8264cbf30cc1 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect131r1-explicit.pem @@ -0,0 +1,6 @@ +-----BEGIN EC PARAMETERS----- +MIGkAgEBMCUGByqGSM49AQIwGgICAIMGCSqGSM49AQIDAzAJAgECAgEDAgEIMD0E +EQehGwmna1YhREGP8/+MJXC4BBECF8BWEIhLY7nGxykWePnTQQMVAE1pbmdodWFR +dZhb06262iG0OpfiBCMEAIG6+R/fmDPED5wYE0Njg5kHjG5+o4wAH3PIE0sbTvnh +UAIRBAAAAAAAAAACMSOVOpRktU0CAQI= +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect131r1-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect131r1-named.pem new file mode 100644 index 00000000000000..4aa4244ca81774 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect131r1-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgUrgQQAFg== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect131r2-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect131r2-explicit.pem new file mode 100644 index 00000000000000..2bfb918bb49d0c --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect131r2-explicit.pem @@ -0,0 +1,6 @@ +-----BEGIN EC PARAMETERS----- +MIGkAgEBMCUGByqGSM49AQIwGgICAIMGCSqGSM49AQIDAzAJAgECAgEDAgEIMD0E +EQPlqIkZ18r8v0FfB8IXZXOyBBEEuCZqRsVWV6xzTOOPAY8hkgMVAJhb06261NaW +5naHVhUXWiG0OpfjBCMEA1bc2PL5UDGtZS0jlRuzZqgGSPBthnlApTZtniZd6esk +DwIRBAAAAAAAAAABaVSiMwSbqY8CAQI= +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect131r2-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect131r2-named.pem new file mode 100644 index 00000000000000..c9c2a7c30d2aaa --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect131r2-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgUrgQQAFw== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect163k1-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect163k1-explicit.pem new file mode 100644 index 00000000000000..3438927e61fa64 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect163k1-explicit.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PARAMETERS----- +MHkCAQEwJQYHKoZIzj0BAjAaAgIAowYJKoZIzj0BAgMDMAkCAQMCAQYCAQcwBgQB +AQQBAQQrBAL+E8BTe7wRrKoH15PeTm1eXJTu6AKJBw+wXTj/WDIfLoAFNtU4zNqj +2QIVBAAAAAAAAAAAAAIBCKLgzA2Z+KXvAgEC +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect163k1-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect163k1-named.pem new file mode 100644 index 00000000000000..d9ae41c97b8b0d --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect163k1-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgUrgQQAAQ== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect163r1-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect163r1-explicit.pem new file mode 100644 index 00000000000000..78320dc9fc8a8c --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect163r1-explicit.pem @@ -0,0 +1,6 @@ +-----BEGIN EC PARAMETERS----- +MIGhAgEBMCUGByqGSM49AQIwGgICAKMGCSqGSM49AQIDAzAJAgEDAgEGAgEHMC4E +FQe2iCyq76hPlVT/hCi9iOJG0ngq4gQVBxNhLc3ctAqrlGvaKcqR9zr5WK/ZBCsE +A2mXlperQ4l3iVZniVZ/eHp4dqZUAENe20Lvr7KYnVH+/OPICYj0H/iDAhUD//// +/////////0iqtonCnKcQJ5sCAQI= +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect163r1-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect163r1-named.pem new file mode 100644 index 00000000000000..45dbad0ddd2ec4 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect163r1-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgUrgQQAAg== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect163r2-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect163r2-explicit.pem new file mode 100644 index 00000000000000..817155013b992b --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect163r2-explicit.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PARAMETERS----- +MIGNAgEBMCUGByqGSM49AQIwGgICAKMGCSqGSM49AQIDAzAJAgEDAgEGAgEHMBoE +AQEEFQIKYBkHuMlTyhSB6xBRL3h0SjIF/QQrBAPw66FihqLVfqCZEWjUmUY36DQ+ +NgDVH7xscaAJT6LN1UWxHFwMeXMk8QIVBAAAAAAAAAAAAAKS/nfnDBKkI0wzAgEC +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect163r2-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect163r2-named.pem new file mode 100644 index 00000000000000..ecf7a7124e9fd5 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect163r2-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgUrgQQADw== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect193r1-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect193r1-explicit.pem new file mode 100644 index 00000000000000..93d166dc34cfb8 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect193r1-explicit.pem @@ -0,0 +1,7 @@ +-----BEGIN EC PARAMETERS----- +MIHCAgEBMB0GByqGSM49AQIwEgICAMEGCSqGSM49AQIDAgIBDzBLBBgXhY/repiX +UWnhcfd7QIfeCYrIqRHfewEEGP37Sb/mw6ifrK2qeh5bvHzBwuXYMUeIFAMVABA/ +rsdNaW5naHVhUXV3f8Wxke8wBDMEAfSBvF8P+Ep0rWzfb970v2F5YlNy2MDF4QAl +45nykDcSzPPqnjoa0X+wsyAbavfOGwUCGQEAAAAAAAAAAAAAAADH80p3j0Q6zJIO +ukkCAQI= +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect193r1-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect193r1-named.pem new file mode 100644 index 00000000000000..4fe58aa0485efa --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect193r1-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgUrgQQAGA== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect193r2-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect193r2-explicit.pem new file mode 100644 index 00000000000000..3e96cc77bf8256 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect193r2-explicit.pem @@ -0,0 +1,7 @@ +-----BEGIN EC PARAMETERS----- +MIHDAgEBMB0GByqGSM49AQIwEgICAMEGCSqGSM49AQIDAgIBDzBMBBkBY/NaUTfC +zj6m7YZnGQsLxD7NaZd3AnCbBBjJu56JJ9TWTDd+KrKFalsW4++39h1DFq4DFQAQ +t7TWluZ2h1YVF1E3yKFv0NoiEQQzBADZtn0ZLgNnyAPznhp+gsoUplE1Cq5hfo8B +zpQzVgfDBKwp59772coB9Zb5JyJM3s9sAhkBAAAAAAAAAAAAAAABWqtWGwBUE8zU +7pnVAgEC +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect193r2-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect193r2-named.pem new file mode 100644 index 00000000000000..0c2956b22a7fe2 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect193r2-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgUrgQQAGQ== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect233k1-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect233k1-explicit.pem new file mode 100644 index 00000000000000..d318fcb8c08390 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect233k1-explicit.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PARAMETERS----- +MIGMAgEBMB0GByqGSM49AQIwEgICAOkGCSqGSM49AQIDAgIBSjAGBAEABAEBBD0E +AXIyuoU6fnMa8SnyL/QUlWOkGcJr9QpMnW7vrWEmAdtTfezoGbf3D1VaZ8QnqM2b +8Yrrm1bgwRBW+uajAh4AgAAAAAAAAAAAAAAAAAAGnVu5FbzUbvsa1fFzq98CAQQ= +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect233k1-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect233k1-named.pem new file mode 100644 index 00000000000000..97be94b254b3e7 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect233k1-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgUrgQQAGg== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect233r1-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect233r1-explicit.pem new file mode 100644 index 00000000000000..c6da5808660779 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect233r1-explicit.pem @@ -0,0 +1,7 @@ +-----BEGIN EC PARAMETERS----- +MIG/AgEBMB0GByqGSM49AQIwEgICAOkGCSqGSM49AQIDAgIBSjA5BAEBBB1mZH7e +bDMsf4wJI7tYITszOyDpzkKB/hFffY+QrQMVAHTVn/B/a0E9DqFLNEsgotsEm1DD +BD0EAPrJ38usgxO7ITnxu3Vf72W8OR+LNvj463Nx/VWLAQBqCKQZAzUGeOWFKL6/ +igvv+GenyjZxb34B+BBSAh4BAAAAAAAAAAAAAAAAAAAT6XTnL4ppIgMdJgPP4NcC +AQI= +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect233r1-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect233r1-named.pem new file mode 100644 index 00000000000000..ba065e7ed49b99 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect233r1-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgUrgQQAGw== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect239k1-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect239k1-explicit.pem new file mode 100644 index 00000000000000..8e23a4c87e71fa --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect239k1-explicit.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PARAMETERS----- +MIGNAgEBMB4GByqGSM49AQIwEwICAO8GCSqGSM49AQIDAgICAJ4wBgQBAAQBAQQ9 +BCmgtqiHqYPpcwmIpocnqLLRJsRMwsx7KmVVGTA13HYxCATxLlSb2wEcEDCJ5zUQ +rLJ1/DEqXca3ZVPwygIeIAAAAAAAAAAAAAAAAAAAWnn+xny26R8cHagA5HilAgEE +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect239k1-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect239k1-named.pem new file mode 100644 index 00000000000000..9f26dd8ab74c5a --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect239k1-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgUrgQQAAw== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect283k1-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect283k1-explicit.pem new file mode 100644 index 00000000000000..5ebcb8620db4a8 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect283k1-explicit.pem @@ -0,0 +1,6 @@ +-----BEGIN EC PARAMETERS----- +MIGmAgEBMCUGByqGSM49AQIwGgICARsGCSqGSM49AQIDAzAJAgEFAgEHAgEMMAYE +AQAEAQEESQQFAyE/eMpEiD8aO4Fi8YjlU80mXyPBVnoWh2kTsMKsJFhJKDYBzNo4 +DxyeMY2Q+V0H5UJv6H5FwOgYRpjkWWI2TjQRYXfdIlkCJAH///////////////// +/////+muLtB1dyZd/3+URR4GHhY8YQIBBA== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect283k1-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect283k1-named.pem new file mode 100644 index 00000000000000..8ab88df209e191 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect283k1-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgUrgQQAEA== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect283r1-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect283r1-explicit.pem new file mode 100644 index 00000000000000..f1fffd5c12a719 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect283r1-explicit.pem @@ -0,0 +1,7 @@ +-----BEGIN EC PARAMETERS----- +MIHgAgEBMCUGByqGSM49AQIwGgICARsGCSqGSM49AQIDAzAJAgEFAgEHAgEMMEAE +AQEEJAJ7aArIuFltpaSvihmgMD/Kl/12RTCfoqWBSFr2Jj4xO3mi9QMVAHfisHNw +6w+DKm3Vti38iM0Gu4S+BEkEBfk5JY233ZDhk0+McLDf7C7tJbhVfqycgOLhmPjN +vs2GsSBTA2doVP4kFBy5j+bUsg0CtFFv9wI1Dt2wgmd5yBPw30W+gRL0AiQD//// +///////////////////vkDmWYPyTipAWWwQqfO+tswcCAQI= +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect283r1-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect283r1-named.pem new file mode 100644 index 00000000000000..527459c3f5d7cd --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect283r1-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgUrgQQAEQ== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect409k1-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect409k1-explicit.pem new file mode 100644 index 00000000000000..e781a6e87e7485 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect409k1-explicit.pem @@ -0,0 +1,7 @@ +-----BEGIN EC PARAMETERS----- +MIHNAgEBMB0GByqGSM49AQIwEgICAZkGCSqGSM49AQIDAgIBVzAGBAEABAEBBGkE +AGDwX2WPScGtOrGJD3GEIQ79CYfjB8hMJ6zPuPn2fMLEYBietaqqYu4iLrGzVUDP +6QI3RgHjaQULfE5CrLodrL8EKZw0YHgvkY6kJ+YyUWXp6hDj2l9sQunFUhWqnKJ6 +WGPsSNjgKGsCM3/////////////////////////////////+X4Oy1OogQA7EVX1e +0+PnyltLXIO44B5fzwIBBA== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect409k1-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect409k1-named.pem new file mode 100644 index 00000000000000..ef4c82e0080645 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect409k1-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgUrgQQAJA== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect409r1-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect409r1-explicit.pem new file mode 100644 index 00000000000000..937ce1bd4c1965 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect409r1-explicit.pem @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +MIIBFwIBATAdBgcqhkjOPQECMBICAgGZBgkqhkjOPQECAwICAVcwTwQBAQQzIaXC +yO6f61xLmnU7e0drf9ZCLvHz3WdHYfqZ1qwnyKmhl7Jygi9s1XpVqk9QrjF7E1Rf +AxUAQJm1pFf51p95IT0JTEvNTUJiIQsEaQQBXUhg0Ijds0lrDGBkdWJgRBzeSvF3 +HU2wH/5bNOWXA9wlWoaKEYBRVgOuq2B5TlS7eZanAGGxz6tr5fMrv6eDJO0QanY2 +ucWnvRmNAViqT1SI0I84UU8f30tPQNIYGzaBw2S6AnPHBgI0AQAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAB4qrWphLzMwe+X6R8PJ4FL4OBZM032aIRcwIBAg== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect409r1-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect409r1-named.pem new file mode 100644 index 00000000000000..5ef828d71df118 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect409r1-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgUrgQQAJQ== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect571k1-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect571k1-explicit.pem new file mode 100644 index 00000000000000..32119057ad4578 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect571k1-explicit.pem @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +MIIBEwIBATAlBgcqhkjOPQECMBoCAgI7BgkqhkjOPQECAwMwCQIBAgIBBQIBCjAG +BAEABAEBBIGRBAJut6hZkj+8ghiWMfgQP+SsnKKXABLV1GAkgEgBhBykQ3CVhJOy +BeZH2jBNtM6wjLvRujlJR3b7mItHF03KiMfilFKDoByJcgNJ3IB/T783T0rq3jvK +lTFN1YzsnzB6VP/GHvwAbYosnUl5wKxErqdPvru593Ku3LYgsBp7p68bMgQwyFkZ +hPYBzUwUPvHHowJIAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +ExhQ4fGaY+SzkajbkX9BOLYw2Evl1jk4HpHetFz+d49jfBABAgEE +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect571k1-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect571k1-named.pem new file mode 100644 index 00000000000000..9804e9cfcf8d7a --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect571k1-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgUrgQQAJg== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect571r1-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect571r1-explicit.pem new file mode 100644 index 00000000000000..b81ab3c78e7b80 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect571r1-explicit.pem @@ -0,0 +1,10 @@ +-----BEGIN EC PARAMETERS----- +MIIBcQIBATAlBgcqhkjOPQECMBoCAgI7BgkqhkjOPQECAwMwCQIBAgIBBQIBCjBk +BAEBBEgC9A5+IiHyld4pcRe389YvXGqX/8uM7/HNa6jOSpoYrYT/q72O+lkzK+et +Z1ambilK/RhaeP8SqlIOTec5usoMf/7/fylVcnoDFQAqoFj3Og4zq0hrD2EEEMU6 +fxMjEASBkQQDAwAdNLhWKWwWwNQNPNd1CpPR0pVfqAql9A/I23sqvb3lOVD0wNKT +zdcRo1tn+xSZrmADhhTxOUq/o7TIUNkn4ed2nI7sLRkDe/JzQtpjm23M//63PWnX +jGwnpgCcu8oZgPhTOSHopoRCPkO6sIpXYpGvj0YbsqizUx0vBIXBmxbi8VFuI908 +GkgnrxuKwVsCSAP//////////////////////////////////////////////+Zh +zhj/VZhzCAWbGGgjhR7H3ZyhFh3pPVF01m6Dgum7L+hORwIBAg== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect571r1-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect571r1-named.pem new file mode 100644 index 00000000000000..20b18d6eba700e --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/sect571r1-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgUrgQQAJw== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls1-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls1-explicit.pem new file mode 100644 index 00000000000000..5da128a99cc786 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls1-explicit.pem @@ -0,0 +1,4 @@ +-----BEGIN EC PARAMETERS----- +MF4CAQEwHAYHKoZIzj0BAjARAgFxBgkqhkjOPQECAwICAQkwBgQBAQQBAQQfBAFm +eXmkC6SX5dXCcHgGFwD0S0rx7MJjDgh4XOvMFQIPAP/////////9v5GvbepzAgEC +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls1-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls1-named.pem new file mode 100644 index 00000000000000..c327f6f069bedf --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls1-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgVnKwEEAQ== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls10-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls10-explicit.pem new file mode 100644 index 00000000000000..d318fcb8c08390 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls10-explicit.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PARAMETERS----- +MIGMAgEBMB0GByqGSM49AQIwEgICAOkGCSqGSM49AQIDAgIBSjAGBAEABAEBBD0E +AXIyuoU6fnMa8SnyL/QUlWOkGcJr9QpMnW7vrWEmAdtTfezoGbf3D1VaZ8QnqM2b +8Yrrm1bgwRBW+uajAh4AgAAAAAAAAAAAAAAAAAAGnVu5FbzUbvsa1fFzq98CAQQ= +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls10-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls10-named.pem new file mode 100644 index 00000000000000..05ed4021019c8b --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls10-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgVnKwEECg== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls11-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls11-explicit.pem new file mode 100644 index 00000000000000..c6da5808660779 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls11-explicit.pem @@ -0,0 +1,7 @@ +-----BEGIN EC PARAMETERS----- +MIG/AgEBMB0GByqGSM49AQIwEgICAOkGCSqGSM49AQIDAgIBSjA5BAEBBB1mZH7e +bDMsf4wJI7tYITszOyDpzkKB/hFffY+QrQMVAHTVn/B/a0E9DqFLNEsgotsEm1DD +BD0EAPrJ38usgxO7ITnxu3Vf72W8OR+LNvj463Nx/VWLAQBqCKQZAzUGeOWFKL6/ +igvv+GenyjZxb34B+BBSAh4BAAAAAAAAAAAAAAAAAAAT6XTnL4ppIgMdJgPP4NcC +AQI= +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls11-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls11-named.pem new file mode 100644 index 00000000000000..247ba8216e139d --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls11-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgVnKwEECw== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls12-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls12-explicit.pem new file mode 100644 index 00000000000000..355fd5b09a1367 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls12-explicit.pem @@ -0,0 +1,7 @@ +-----BEGIN EC PARAMETERS----- +MIHIAgEBMCgGByqGSM49AQECHQD/////////////////////AAAAAAAAAAAAAAAB +MDwEHP////////////////////7///////////////4EHLQFCoUMBLOr9UEyVlBE +sLfXv9i6Jws5QyNV/7QEOQS3Dgy9a7S/fzITkLlKA8HTVsIRIjQygNYRXB0hvTdj +iLX3I/tMIt/mzUN1oFoHR2RE1YGZhQB+NAIdAP//////////////////FqLguPA+ +E90pRVxcKj0CAQE= +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls12-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls12-named.pem new file mode 100644 index 00000000000000..afc6bd7e17e43a --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls12-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgVnKwEEDA== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls3-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls3-explicit.pem new file mode 100644 index 00000000000000..3438927e61fa64 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls3-explicit.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PARAMETERS----- +MHkCAQEwJQYHKoZIzj0BAjAaAgIAowYJKoZIzj0BAgMDMAkCAQMCAQYCAQcwBgQB +AQQBAQQrBAL+E8BTe7wRrKoH15PeTm1eXJTu6AKJBw+wXTj/WDIfLoAFNtU4zNqj +2QIVBAAAAAAAAAAAAAIBCKLgzA2Z+KXvAgEC +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls3-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls3-named.pem new file mode 100644 index 00000000000000..859329078df04f --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls3-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgVnKwEEAw== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls4-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls4-explicit.pem new file mode 100644 index 00000000000000..2cd45a8c4fddaa --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls4-explicit.pem @@ -0,0 +1,6 @@ +-----BEGIN EC PARAMETERS----- +MIGPAgEBMBwGByqGSM49AQIwEQIBcQYJKoZIzj0BAgMCAgEJMDcEDjCIJQym58f+ +ZJzoWCD3BA7ovuTT4iYHRBiL4OnHIwMVABDnI6sU1pbmdodWFRdW/r+Py0mpBB8E +AJ1zYW819KsUB9c1YsEPAKUoMCd5WO6E0TFe0xiGAg8BAAAAAAAAANnM7Io55W8C +AQI= +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls4-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls4-named.pem new file mode 100644 index 00000000000000..9a7887b2f0f09d --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls4-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgVnKwEEBA== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls5-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls5-explicit.pem new file mode 100644 index 00000000000000..d7bc1c2cab275c --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls5-explicit.pem @@ -0,0 +1,6 @@ +-----BEGIN EC PARAMETERS----- +MIG3AgEBMCUGByqGSM49AQIwGgICAKMGCSqGSM49AQIDAzAJAgEBAgECAgEIMEQE +FQclRrVDUjSkIuB4lnX0MsiUNd5SQgQUyVF9BtUkDTz/OMdLILbNTW+d1NkDFQDS +wPsVdghg3vHu9NaW5naHVhUXVAQrBAevaZiVRhA9eTKfzD10iA8zu+gDywHsIyEb +WWat6h0/h/fqWEiu8LfKnwIVBAAAAAAAAAAAAAHmD8iCHMdNrq/BAgEC +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls5-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls5-named.pem new file mode 100644 index 00000000000000..9f834d0c2eb0aa --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls5-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgVnKwEEBQ== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls6-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls6-explicit.pem new file mode 100644 index 00000000000000..2c97cb413cfa2f --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls6-explicit.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PARAMETERS----- +MIGLAgEBMBoGByqGSM49AQECDwDbfCq/YuNeZoB2vq0gizA3BA7bfCq/YuNeZoB2 +vq0giAQOZZ74ugQ5Fu7eiRFwKyIDFQAA9QsCjk1pbmdodWFRdSkEcng/sQQdBAlI +cjmZWl7na1X5wvCYqJzlr4ckwKI+Dg/3dQACDwDbfCq/YuNedijfrGVhxQIBAQ== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls6-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls6-named.pem new file mode 100644 index 00000000000000..0678777d4de6ff --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls6-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgVnKwEEBg== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls7-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls7-explicit.pem new file mode 100644 index 00000000000000..120728ae7e1c4a --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls7-explicit.pem @@ -0,0 +1,6 @@ +-----BEGIN EC PARAMETERS----- +MIGvAgEBMCAGByqGSM49AQECFQD////////////////////+//+sczBDBBT///// +///////////////+//+scAQUtOE00/tZ64urVydJBGZNWvUDiLoDFQC5m5mwmbMj +4CcJpNaW5naHVhUXUQQpBFLcsDQpOhF+H0/xGzD3GZ0xRM5t/q/+8uMx8pbgcfoN ++Zgs/qfUPy4CFQEAAAAAAAAAAAAANR7nhqgY86GhawIBAQ== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls7-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls7-named.pem new file mode 100644 index 00000000000000..690b9375a4d479 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls7-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgVnKwEEBw== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls8-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls8-explicit.pem new file mode 100644 index 00000000000000..d8c3ef8bf42a1e --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls8-explicit.pem @@ -0,0 +1,4 @@ +-----BEGIN EC PARAMETERS----- +MFoCAQEwGgYHKoZIzj0BAQIPAP////////////////3nMAYEAQAEAQMEHQQAAAAA +AAAAAAAAAAAAAQAAAAAAAAAAAAAAAAACAg8BAAAAAAAAAezqVRrYN+kCAQE= +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls8-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls8-named.pem new file mode 100644 index 00000000000000..4737cbcc4abb6c --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls8-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgVnKwEECA== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls9-explicit.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls9-explicit.pem new file mode 100644 index 00000000000000..383c5dce8ffd0e --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls9-explicit.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PARAMETERS----- +MHICAQEwIAYHKoZIzj0BAQIVAP///////////////////////ICPMAYEAQAEAQME +KQQAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAACAhUBAAAA +AAAAAAAAAc3JiuDi3ldKvzMCAQE= +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls9-named.pem b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls9-named.pem new file mode 100644 index 00000000000000..0212b4a4d8906d --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls9-named.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgVnKwEECQ== +-----END EC PARAMETERS----- diff --git a/deps/openssl/openssl/test/recipes/15-test_genrsa.t b/deps/openssl/openssl/test/recipes/15-test_genrsa.t index 766ea4f0aa3f67..e16a9a4042c7a2 100644 --- a/deps/openssl/openssl/test/recipes/15-test_genrsa.t +++ b/deps/openssl/openssl/test/recipes/15-test_genrsa.t @@ -52,4 +52,3 @@ ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 'genrsatest.pem', $good ])), "genrsa -f4 $good"); ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])), "rsa -check"); -unlink 'genrsatest.pem'; diff --git a/deps/openssl/openssl/test/recipes/15-test_mp_rsa.t b/deps/openssl/openssl/test/recipes/15-test_mp_rsa.t new file mode 100644 index 00000000000000..9271dba042de9f --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_mp_rsa.t @@ -0,0 +1,111 @@ +#! /usr/bin/env perl +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017 BaishanCloud. All rights reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use File::Spec; +use OpenSSL::Test qw/:DEFAULT data_file/; +use OpenSSL::Test::Utils; + +setup("test_mp_rsa"); + +plan tests => 31; + +ok(run(test(["rsa_mp_test"])), "running rsa multi prime test"); + +my $cleartext = data_file("plain_text"); + +my @test_param = ( + # 3 primes, 2048-bit + { + primes => '3', + bits => '2048', + }, + # 4 primes, 4096-bit + { + primes => '4', + bits => '4096', + }, + # 5 primes, 8192-bit + { + primes => '5', + bits => '8192', + }, +); + +# genrsa +run_mp_tests(0); +# evp +run_mp_tests(1); + +sub run_mp_tests { + my $evp = shift; + + foreach my $param (@test_param) { + my $primes = $param->{primes}; + my $bits = $param->{bits}; + my $name = ($evp ? "evp" : "") . "${bits}p${primes}"; + + if ($evp) { + ok(run(app([ 'openssl', 'genpkey', '-out', 'rsamptest.pem', + '-algorithm', 'RSA', '-pkeyopt', "rsa_keygen_primes:$primes", + '-pkeyopt', "rsa_keygen_bits:$bits"])), "genrsa $name"); + } else { + ok(run(app([ 'openssl', 'genrsa', '-out', 'rsamptest.pem', + '-primes', $primes, $bits])), "genrsa $name"); + } + + ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'rsamptest.pem', + '-noout'])), "rsa -check $name"); + if ($evp) { + ok(run(app([ 'openssl', 'pkeyutl', '-inkey', 'rsamptest.pem', + '-encrypt', '-in', $cleartext, + '-out', 'rsamptest.enc' ])), "rsa $name encrypt"); + ok(run(app([ 'openssl', 'pkeyutl', '-inkey', 'rsamptest.pem', + '-decrypt', '-in', 'rsamptest.enc', + '-out', 'rsamptest.dec' ])), "rsa $name decrypt"); + } else { + ok(run(app([ 'openssl', 'rsautl', '-inkey', 'rsamptest.pem', + '-encrypt', '-in', $cleartext, + '-out', 'rsamptest.enc' ])), "rsa $name encrypt"); + ok(run(app([ 'openssl', 'rsautl', '-inkey', 'rsamptest.pem', + '-decrypt', '-in', 'rsamptest.enc', + '-out', 'rsamptest.dec' ])), "rsa $name decrypt"); + } + + ok(check_msg(), "rsa $name check result"); + + # clean up temp files + unlink 'rsamptest.pem'; + unlink 'rsamptest.enc'; + unlink 'rsamptest.dec'; + } +} + +sub check_msg { + my $msg; + my $dec; + + open(my $fh, "<", $cleartext) or return 0; + binmode $fh; + read($fh, $msg, 10240); + close $fh; + open($fh, "<", "rsamptest.dec") or return 0; + binmode $fh; + read($fh, $dec, 10240); + close $fh; + + if ($msg ne $dec) { + print STDERR "cleartext and decrypted are not the same"; + return 0; + } + return 1; +} diff --git a/deps/openssl/openssl/test/recipes/15-test_mp_rsa_data/plain_text b/deps/openssl/openssl/test/recipes/15-test_mp_rsa_data/plain_text new file mode 100644 index 00000000000000..60d11c0f691451 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_mp_rsa_data/plain_text @@ -0,0 +1,4 @@ +It was the best of times, it was the worst of times, +it was the age of wisdom, it was the age of foolishness, +it was the epoch of belief, it was the epoch of incredulity, +it was the season of Light, it was the season of Darkness. diff --git a/deps/openssl/openssl/test/recipes/15-test_out_option.t b/deps/openssl/openssl/test/recipes/15-test_out_option.t new file mode 100644 index 00000000000000..9c2a95482b4cc5 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/15-test_out_option.t @@ -0,0 +1,73 @@ +#! /usr/bin/env perl +# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use File::Spec; +use OpenSSL::Test qw/:DEFAULT srctop_file/; +use OpenSSL::Test::Utils; + +setup("test_out_option"); + +plan tests => 4; + +# Test 1 +SKIP: { + # Paths that should generate failure when trying to write to them. + # Directories are a safe bet for failure on most platforms. + # Notably, this isn't true on OpenVMS, as a default file name is + # appended under the hood when trying to "write" to a directory spec. + # From observation, that file is '.' (i.e. a file with no file name + # and no extension), so '[]' gets translated to '[].' + skip 'Directories become writable files on OpenVMS', 1 if $^O eq 'VMS'; + + # Note that directories must end with a slash here, because of how + # File::Spec massages them into directory specs on some platforms. + my $path = File::Spec->canonpath('./'); + ok(!run(app([ 'openssl', 'rand', '-out', $path, '1'])), + "invalid output path: $path"); +} + +# Test 2 +{ + my $path = File::Spec->canonpath('randomname.bin'); + ok(run(app([ 'openssl', 'rand', '-out', $path, '1'])), + "valid output path: $path"); +} + +# Test 3 +{ + # Test for trying to create a file in a non-exist directory + my $rand_path = ""; + do { + my @chars = ("A".."Z", "a".."z", "0".."9"); + $rand_path .= $chars[rand @chars] for 1..32; + } while (-d File::Spec->catdir('.', $rand_path)); + $rand_path .= "/randomname.bin"; + + my $path = File::Spec->canonpath($rand_path); + ok(!run(app([ 'openssl', 'rand', '-out', $path, '1'])), + "invalid output path: $path"); +} + +# Test 4 +SKIP: { + skip "It's not safe to use perl's idea of the NULL device in an explicitly cross compiled build", 1 + unless (config('CROSS_COMPILE') // '') eq ''; + + my $path = File::Spec->canonpath(File::Spec->devnull()); + ok(run(app([ 'openssl', 'rand', '-out', $path, '1'])), + "valid output path: $path"); +} + +# Cleanup +END { + unlink 'randomname.bin' if -f 'randomname.bin'; +} diff --git a/deps/openssl/openssl/test/recipes/15-test_rsapss.t b/deps/openssl/openssl/test/recipes/15-test_rsapss.t index 34accaa2865229..f10625d4cd301d 100644 --- a/deps/openssl/openssl/test/recipes/15-test_rsapss.t +++ b/deps/openssl/openssl/test/recipes/15-test_rsapss.t @@ -20,14 +20,14 @@ plan tests => 5; #using test/testrsa.pem which happens to be a 512 bit RSA ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1', - '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:-2', + '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:-3', '-sigopt', 'rsa_mgf1_md:sha512', '-out', 'testrsapss.sig', srctop_file('test', 'testrsa.pem')])), "openssl dgst -sign"); with({ exit_checker => sub { return shift == 1; } }, sub { ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha512', - '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:-2', + '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:-3', '-sigopt', 'rsa_mgf1_md:sha512', srctop_file('test', 'testrsa.pem')])), "openssl dgst -sign, expect to fail gracefully"); ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha512', @@ -35,14 +35,14 @@ with({ exit_checker => sub { return shift == 1; } }, '-sigopt', 'rsa_mgf1_md:sha1', srctop_file('test', 'testrsa.pem')])), "openssl dgst -sign, expect to fail gracefully"); ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), '-sha512', - '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:-2', + '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:-3', '-sigopt', 'rsa_mgf1_md:sha512', '-signature', 'testrsapss.sig', srctop_file('test', 'testrsa.pem')])), "openssl dgst -prverify, expect to fail gracefully"); }); ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), '-sha1', - '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:-2', + '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:-3', '-sigopt', 'rsa_mgf1_md:sha512', '-signature', 'testrsapss.sig', srctop_file('test', 'testrsa.pem')])), "openssl dgst -prverify"); diff --git a/deps/openssl/openssl/test/recipes/20-test_enc.t b/deps/openssl/openssl/test/recipes/20-test_enc.t index 88a589041a01c6..32a30165f11508 100644 --- a/deps/openssl/openssl/test/recipes/20-test_enc.t +++ b/deps/openssl/openssl/test/recipes/20-test_enc.t @@ -27,20 +27,21 @@ my $test = catfile(".", "p"); my $cmd = "openssl"; +my $ciphersstatus = undef; my @ciphers = map { s/^\s+//; s/\s+$//; split /\s+/ } - run(app([$cmd, "list", "-cipher-commands"]), capture => 1); + run(app([$cmd, "list", "-cipher-commands"]), + capture => 1, statusvar => \$ciphersstatus); -plan tests => 1 + (scalar @ciphers)*2; - -my $init = ok(copy($testsrc,$test)); - -if (!$init) { - diag("Trying to copy $testsrc to $test : $!"); -} +plan tests => 2 + (scalar @ciphers)*2; SKIP: { - skip "Not initialized, skipping...", 11 unless $init; + skip "Problems getting ciphers...", 1 + scalar(@ciphers) + unless ok($ciphersstatus, "Running 'openssl list -cipher-commands'"); + unless (ok(copy($testsrc, $test), "Copying $testsrc to $test")) { + diag($!); + skip "Not initialized, skipping...", scalar(@ciphers); + } foreach my $c (@ciphers) { my %variant = ("$c" => [], diff --git a/deps/openssl/openssl/test/recipes/20-test_enc_more.t b/deps/openssl/openssl/test/recipes/20-test_enc_more.t new file mode 100644 index 00000000000000..2691060c75c6e9 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/20-test_enc_more.t @@ -0,0 +1,61 @@ +#! /usr/bin/env perl +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use File::Spec::Functions qw/catfile/; +use File::Copy; +use File::Compare qw/compare_text/; +use File::Basename; +use OpenSSL::Test qw/:DEFAULT srctop_file/; + +setup("test_evp_more"); + +my $testsrc = srctop_file("test", "recipes", basename($0)); + +my $cipherlist = undef; +my $plaintext = catfile(".", "testdatafile"); +my $fail = ""; +my $cmd = "openssl"; + +my $ciphersstatus = undef; +my @ciphers = + grep(! /wrap|^$|^[^-]/, + (map { split /\s+/ } + run(app([$cmd, "enc", "-ciphers"]), + capture => 1, statusvar => \$ciphersstatus))); + +plan tests => 2 + scalar @ciphers; + +SKIP: { + skip "Problems getting ciphers...", 1 + scalar(@ciphers) + unless ok($ciphersstatus, "Running 'openssl enc -ciphers'"); + unless (ok(copy($testsrc, $plaintext), "Copying $testsrc to $plaintext")) { + diag($!); + skip "Not initialized, skipping...", scalar(@ciphers); + } + + foreach my $cipher (@ciphers) { + my $ciphername = substr $cipher, 1; + my $cipherfile = "$plaintext.$ciphername.cipher"; + my $clearfile = "$plaintext.$ciphername.clear"; + my @common = ( $cmd, "enc", "$cipher", "-k", "test" ); + + ok(run(app([@common, "-e", "-in", $plaintext, "-out", $cipherfile])) + && compare_text($plaintext, $cipherfile) != 0 + && run(app([@common, "-d", "-in", $cipherfile, "-out", $clearfile])) + && compare_text($plaintext, $clearfile) == 0 + , $ciphername); + unlink $cipherfile, $clearfile; + } +} + +unlink $plaintext; diff --git a/deps/openssl/openssl/test/recipes/20-test_passwd.t b/deps/openssl/openssl/test/recipes/20-test_passwd.t index cf9c2cc8eb1f6a..32aa7a3171b5eb 100644 --- a/deps/openssl/openssl/test/recipes/20-test_passwd.t +++ b/deps/openssl/openssl/test/recipes/20-test_passwd.t @@ -15,25 +15,111 @@ use OpenSSL::Test::Utils; setup("test_passwd"); -plan tests => disabled("des") ? 4 : 6; +# The following tests are an adaptation of those in +# https://www.akkadia.org/drepper/SHA-crypt.txt +my @sha_tests = + ({ type => '5', + salt => 'saltstring', + key => 'Hello world!', + expected => '$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5' }, + { type => '5', + salt => 'rounds=10000$saltstringsaltstring', + key => 'Hello world!', + expected => '$5$rounds=10000$saltstringsaltst$3xv.VbSHBb41AL9AvLeujZkZRBAwqFMz2.opqey6IcA' }, + { type => '5', + salt => 'rounds=5000$toolongsaltstring', + key => 'This is just a test', + expected => '$5$rounds=5000$toolongsaltstrin$Un/5jzAHMgOGZ5.mWJpuVolil07guHPvOW8mGRcvxa5' }, + { type => '5', + salt => 'rounds=1400$anotherlongsaltstring', + key => 'a very much longer text to encrypt. This one even stretches over morethan one line.', + expected => '$5$rounds=1400$anotherlongsalts$Rx.j8H.h8HjEDGomFU8bDkXm3XIUnzyxf12oP84Bnq1' }, + { type => '5', + salt => 'rounds=77777$short', + key => 'we have a short salt string but not a short password', + expected => '$5$rounds=77777$short$JiO1O3ZpDAxGJeaDIuqCoEFysAe1mZNJRs3pw0KQRd/' }, + { type => '5', + salt => 'rounds=123456$asaltof16chars..', + key => 'a short string', + expected => '$5$rounds=123456$asaltof16chars..$gP3VQ/6X7UUEW3HkBn2w1/Ptq2jxPyzV/cZKmF/wJvD' }, + { type => '5', + salt => 'rounds=10$roundstoolow', + key => 'the minimum number is still observed', + expected => '$5$rounds=1000$roundstoolow$yfvwcWrQ8l/K0DAWyuPMDNHpIVlTQebY9l/gL972bIC' }, + { type => '6', + salt => 'saltstring', + key => 'Hello world!', + expected => '$6$saltstring$svn8UoSVapNtMuq1ukKS4tPQd8iKwSMHWjl/O817G3uBnIFNjnQJuesI68u4OTLiBFdcbYEdFCoEOfaS35inz1' }, + { type => '6', + salt => 'rounds=10000$saltstringsaltstring', + key => 'Hello world!', + expected => '$6$rounds=10000$saltstringsaltst$OW1/O6BYHV6BcXZu8QVeXbDWra3Oeqh0sbHbbMCVNSnCM/UrjmM0Dp8vOuZeHBy/YTBmSK6H9qs/y3RnOaw5v.' }, + { type => '6', + salt => 'rounds=5000$toolongsaltstring', + key => 'This is just a test', + expected => '$6$rounds=5000$toolongsaltstrin$lQ8jolhgVRVhY4b5pZKaysCLi0QBxGoNeKQzQ3glMhwllF7oGDZxUhx1yxdYcz/e1JSbq3y6JMxxl8audkUEm0' }, + { type => '6', + salt => 'rounds=1400$anotherlongsaltstring', + key => 'a very much longer text to encrypt. This one even stretches over morethan one line.', + expected => '$6$rounds=1400$anotherlongsalts$POfYwTEok97VWcjxIiSOjiykti.o/pQs.wPvMxQ6Fm7I6IoYN3CmLs66x9t0oSwbtEW7o7UmJEiDwGqd8p4ur1' }, + { type => '6', + salt => 'rounds=77777$short', + key => 'we have a short salt string but not a short password', + expected => '$6$rounds=77777$short$WuQyW2YR.hBNpjjRhpYD/ifIw05xdfeEyQoMxIXbkvr0gge1a1x3yRULJ5CCaUeOxFmtlcGZelFl5CxtgfiAc0' }, + { type => '6', + salt => 'rounds=123456$asaltof16chars..', + key => 'a short string', + expected => '$6$rounds=123456$asaltof16chars..$BtCwjqMJGx5hrJhZywWvt0RLE8uZ4oPwcelCjmw2kSYu.Ec6ycULevoBK25fs2xXgMNrCzIMVcgEJAstJeonj1' }, + { type => '6', + salt => 'rounds=10$roundstoolow', + key => 'the minimum number is still observed', + expected => '$6$rounds=1000$roundstoolow$kUMsbe306n21p9R.FRkW3IGn.S9NPN0x50YhH1xhLsPuWGsUSklZt58jaTfF4ZEQpyUNGc0dqbpBYYBaHHrsX.' } + ); -ok(compare1stline([qw{openssl passwd password}], '^.{13}\R$'), +plan tests => (disabled("des") ? 9 : 11) + scalar @sha_tests; + + +ok(compare1stline_re([qw{openssl passwd password}], '^.{13}\R$'), 'crypt password with random salt') if !disabled("des"); -ok(compare1stline([qw{openssl passwd -1 password}], '^\$1\$.{8}\$.{22}\R$'), +ok(compare1stline_re([qw{openssl passwd -1 password}], '^\$1\$.{8}\$.{22}\R$'), 'BSD style MD5 password with random salt'); -ok(compare1stline([qw{openssl passwd -apr1 password}], '^\$apr1\$.{8}\$.{22}\R$'), +ok(compare1stline_re([qw{openssl passwd -apr1 password}], '^\$apr1\$.{8}\$.{22}\R$'), 'Apache style MD5 password with random salt'); -ok(compare1stline([qw{openssl passwd -salt xx password}], '^xxj31ZMTZzkVA\R$'), +ok(compare1stline_re([qw{openssl passwd -5 password}], '^\$5\$.{16}\$.{43}\R$'), + 'SHA256 password with random salt'); +ok(compare1stline_re([qw{openssl passwd -6 password}], '^\$6\$.{16}\$.{86}\R$'), + 'Apache SHA512 password with random salt'); + +ok(compare1stline([qw{openssl passwd -salt xx password}], 'xxj31ZMTZzkVA'), 'crypt password with salt xx') if !disabled("des"); -ok(compare1stline([qw{openssl passwd -salt xxxxxxxx -1 password}], '^\$1\$xxxxxxxx\$UYCIxa628\.9qXjpQCjM4a\.\R$'), +ok(compare1stline([qw{openssl passwd -salt xxxxxxxx -1 password}], '$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.'), 'BSD style MD5 password with salt xxxxxxxx'); -ok(compare1stline([qw{openssl passwd -salt xxxxxxxx -apr1 password}], '^\$apr1\$xxxxxxxx\$dxHfLAsjHkDRmG83UXe8K0\R$'), +ok(compare1stline([qw{openssl passwd -salt xxxxxxxx -apr1 password}], '$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0'), 'Apache style MD5 password with salt xxxxxxxx'); +ok(compare1stline([qw{openssl passwd -salt xxxxxxxx -aixmd5 password}], 'xxxxxxxx$8Oaipk/GPKhC64w/YVeFD/'), + 'AIX style MD5 password with salt xxxxxxxx'); +ok(compare1stline([qw{openssl passwd -salt xxxxxxxxxxxxxxxx -5 password}], '$5$xxxxxxxxxxxxxxxx$fHytsM.wVD..zPN/h3i40WJRggt/1f73XkAC/gkelkB'), + 'SHA256 password with salt xxxxxxxxxxxxxxxx'); +ok(compare1stline([qw{openssl passwd -salt xxxxxxxxxxxxxxxx -6 password}], '$6$xxxxxxxxxxxxxxxx$VjGUrXBG6/8yW0f6ikBJVOb/lK/Tm9LxHJmFfwMvT7cpk64N9BW7ZQhNeMXAYFbOJ6HDG7wb0QpxJyYQn0rh81'), + 'SHA512 password with salt xxxxxxxxxxxxxxxx'); +foreach (@sha_tests) { + ok(compare1stline([qw{openssl passwd}, '-'.$_->{type}, '-salt', $_->{salt}, + $_->{key}], $_->{expected}), + { 5 => 'SHA256', 6 => 'SHA512' }->{$_->{type}} . ' password with salt ' . $_->{salt}); +} -sub compare1stline { + +sub compare1stline_re { my ($cmdarray, $regexp) = @_; my @lines = run(app($cmdarray), capture => 1); return $lines[0] =~ m|$regexp|; } + +sub compare1stline { + my ($cmdarray, $str) = @_; + my @lines = run(app($cmdarray), capture => 1); + + return $lines[0] =~ m|^\Q${str}\E\R$|; +} diff --git a/deps/openssl/openssl/test/recipes/25-test_crl.t b/deps/openssl/openssl/test/recipes/25-test_crl.t index e8ce5f8552e7e6..456accbc2dc768 100644 --- a/deps/openssl/openssl/test/recipes/25-test_crl.t +++ b/deps/openssl/openssl/test/recipes/25-test_crl.t @@ -15,10 +15,14 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/; setup("test_crl"); -plan tests => 5; +plan tests => 7; require_ok(srctop_file('test','recipes','tconversion.pl')); +my $pem = srctop_file("test/certs", "cyrillic_crl.pem"); +my $out = "cyrillic_crl.out"; +my $utf = srctop_file("test/certs", "cyrillic_crl.utf8"); + subtest 'crl conversions' => sub { tconversion("crl", srctop_file("test","testcrl.pem")); }; @@ -32,6 +36,12 @@ ok(compare1stline([qw{openssl crl -noout -fingerprint -sha256 -in}, srctop_file('test', 'testcrl.pem')], 'SHA256 Fingerprint=B3:A9:FD:A7:2E:8C:3D:DF:D0:F1:C3:1A:96:60:B5:FD:B0:99:7C:7F:0E:E4:34:F5:DB:87:62:36:BC:F1:BC:1B')); +ok(run(app(["openssl", "crl", "-text", "-in", $pem, "-out", $out, + "-nameopt", "utf8"]))); +is(cmp_text($out, srctop_file("test/certs", "cyrillic_crl.utf8")), + 0, 'Comparing utf8 output'); +unlink $out; + sub compare1stline { my ($cmdarray, $str) = @_; my @lines = run(app($cmdarray), capture => 1); diff --git a/deps/openssl/openssl/test/recipes/25-test_req.t b/deps/openssl/openssl/test/recipes/25-test_req.t index bcc10257d46875..17a98dc9d15131 100644 --- a/deps/openssl/openssl/test/recipes/25-test_req.t +++ b/deps/openssl/openssl/test/recipes/25-test_req.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -15,23 +15,38 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/; setup("test_req"); -plan tests => 4; +plan tests => 9; require_ok(srctop_file('test','recipes','tconversion.pl')); open RND, ">>", ".rnd"; -print RND "string to make the random number generator think it has entropy"; +print RND "string to make the random number generator think it has randomness"; close RND; -subtest "generating certificate requests" => sub { - my @req_new; - if (disabled("rsa")) { - @req_new = ("-newkey", "dsa:".srctop_file("apps", "dsa512.pem")); - } else { - @req_new = ("-new"); - note("There should be a 2 sequences of .'s and some +'s."); - note("There should not be more that at most 80 per line"); - } +# What type of key to generate? +my @req_new; +if (disabled("rsa")) { + @req_new = ("-newkey", "dsa:".srctop_file("apps", "dsa512.pem")); +} else { + @req_new = ("-new"); + note("There should be a 2 sequences of .'s and some +'s."); + note("There should not be more that at most 80 per line"); +} + +# Check for duplicate -addext parameters, and one "working" case. +my @addext_args = ( "openssl", "req", "-new", "-out", "testreq.pem", + "-config", srctop_file("test", "test.cnf"), @req_new ); +my $val = "subjectAltName=DNS:example.com"; +my $val2 = " " . $val; +my $val3 = $val; +$val3 =~ s/=/ =/; +ok( run(app([@addext_args, "-addext", $val]))); +ok(!run(app([@addext_args, "-addext", $val, "-addext", $val]))); +ok(!run(app([@addext_args, "-addext", $val, "-addext", $val2]))); +ok(!run(app([@addext_args, "-addext", $val, "-addext", $val3]))); +ok(!run(app([@addext_args, "-addext", $val2, "-addext", $val3]))); + +subtest "generating certificate requests" => sub { plan tests => 2; ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"), diff --git a/deps/openssl/openssl/test/recipes/25-test_sid.t b/deps/openssl/openssl/test/recipes/25-test_sid.t index b13cb5c23a7c30..863024dbd718bd 100644 --- a/deps/openssl/openssl/test/recipes/25-test_sid.t +++ b/deps/openssl/openssl/test/recipes/25-test_sid.t @@ -12,9 +12,13 @@ use warnings; use File::Spec; use OpenSSL::Test qw/:DEFAULT srctop_file/; +use OpenSSL::Test::Utils; setup("test_sid"); +plan skip_all => 'test_sid needs EC to run' + if disabled('ec'); + plan tests => 2; require_ok(srctop_file('test','recipes','tconversion.pl')); diff --git a/deps/openssl/openssl/test/recipes/25-test_verify.t b/deps/openssl/openssl/test/recipes/25-test_verify.t index 11f54d0486f667..6c3deab7c67cf4 100644 --- a/deps/openssl/openssl/test/recipes/25-test_verify.t +++ b/deps/openssl/openssl/test/recipes/25-test_verify.t @@ -12,6 +12,7 @@ use warnings; use File::Spec::Functions qw/canonpath/; use OpenSSL::Test qw/:DEFAULT srctop_file/; +use OpenSSL::Test::Utils; setup("test_verify"); @@ -20,17 +21,13 @@ sub verify { my @args = qw(openssl verify -auth_level 1 -purpose); my @path = qw(test certs); push(@args, "$purpose", @opts); - for (@$trusted) { - push(@args, "-trusted", srctop_file(@path, "$_.pem")) - } - for (@$untrusted) { - push(@args, "-untrusted", srctop_file(@path, "$_.pem")) - } + for (@$trusted) { push(@args, "-trusted", srctop_file(@path, "$_.pem")) } + for (@$untrusted) { push(@args, "-untrusted", srctop_file(@path, "$_.pem")) } push(@args, srctop_file(@path, "$cert.pem")); run(app([@args])); } -plan tests => 129; +plan tests => 134; # Canonical success ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]), @@ -165,16 +162,13 @@ ok(verify("ee-cert", "sslserver", [qw(root-cert ca+anyEKU)], [qw(ca-cert)]), "accept wildcard trust"); ok(verify("ee-cert", "sslserver", [qw(root-cert sca-cert)], [qw(ca-cert)]), "accept server purpose"); -ok(verify("ee-cert", "sslserver", [qw(root-cert sca+serverAuth)], - [qw(ca-cert)]), +ok(verify("ee-cert", "sslserver", [qw(root-cert sca+serverAuth)], [qw(ca-cert)]), "accept server trust and purpose"); ok(verify("ee-cert", "sslserver", [qw(root-cert sca+anyEKU)], [qw(ca-cert)]), "accept wildcard trust and server purpose"); -ok(verify("ee-cert", "sslserver", [qw(root-cert sca-clientAuth)], - [qw(ca-cert)]), +ok(verify("ee-cert", "sslserver", [qw(root-cert sca-clientAuth)], [qw(ca-cert)]), "accept client mistrust and server purpose"); -ok(verify("ee-cert", "sslserver", [qw(root-cert cca+serverAuth)], - [qw(ca-cert)]), +ok(verify("ee-cert", "sslserver", [qw(root-cert cca+serverAuth)], [qw(ca-cert)]), "accept server trust and client purpose"); ok(verify("ee-cert", "sslserver", [qw(root-cert cca+anyEKU)], [qw(ca-cert)]), "accept wildcard trust and client purpose"); @@ -182,26 +176,19 @@ ok(!verify("ee-cert", "sslserver", [qw(root-cert cca-cert)], [qw(ca-cert)]), "fail client purpose"); ok(!verify("ee-cert", "sslserver", [qw(root-cert ca-anyEKU)], [qw(ca-cert)]), "fail wildcard mistrust"); -ok(!verify("ee-cert", "sslserver", [qw(root-cert ca-serverAuth)], - [qw(ca-cert)]), +ok(!verify("ee-cert", "sslserver", [qw(root-cert ca-serverAuth)], [qw(ca-cert)]), "fail server mistrust"); -ok(!verify("ee-cert", "sslserver", [qw(root-cert ca+clientAuth)], - [qw(ca-cert)]), +ok(!verify("ee-cert", "sslserver", [qw(root-cert ca+clientAuth)], [qw(ca-cert)]), "fail client trust"); -ok(!verify("ee-cert", "sslserver", [qw(root-cert sca+clientAuth)], - [qw(ca-cert)]), +ok(!verify("ee-cert", "sslserver", [qw(root-cert sca+clientAuth)], [qw(ca-cert)]), "fail client trust and server purpose"); -ok(!verify("ee-cert", "sslserver", [qw(root-cert cca+clientAuth)], - [qw(ca-cert)]), +ok(!verify("ee-cert", "sslserver", [qw(root-cert cca+clientAuth)], [qw(ca-cert)]), "fail client trust and client purpose"); -ok(!verify("ee-cert", "sslserver", [qw(root-cert cca-serverAuth)], - [qw(ca-cert)]), +ok(!verify("ee-cert", "sslserver", [qw(root-cert cca-serverAuth)], [qw(ca-cert)]), "fail server mistrust and client purpose"); -ok(!verify("ee-cert", "sslserver", [qw(root-cert cca-clientAuth)], - [qw(ca-cert)]), +ok(!verify("ee-cert", "sslserver", [qw(root-cert cca-clientAuth)], [qw(ca-cert)]), "fail client mistrust and client purpose"); -ok(!verify("ee-cert", "sslserver", [qw(root-cert sca-serverAuth)], - [qw(ca-cert)]), +ok(!verify("ee-cert", "sslserver", [qw(root-cert sca-serverAuth)], [qw(ca-cert)]), "fail server mistrust and server purpose"); ok(!verify("ee-cert", "sslserver", [qw(root-cert sca-anyEKU)], [qw(ca-cert)]), "fail wildcard mistrust and server purpose"); @@ -242,58 +229,49 @@ ok(!verify("pc1-cert", "sslclient", [qw(root-cert)], [qw(ee-client ca-cert)]), ok(verify("pc1-cert", "sslclient", [qw(root-cert)], [qw(ee-client ca-cert)], "-allow_proxy_certs"), "accept proxy cert 1"); -ok(verify("pc2-cert", "sslclient", [qw(root-cert)], - [qw(pc1-cert ee-client ca-cert)], "-allow_proxy_certs"), +ok(verify("pc2-cert", "sslclient", [qw(root-cert)], [qw(pc1-cert ee-client ca-cert)], + "-allow_proxy_certs"), "accept proxy cert 2"); -ok(!verify("bad-pc3-cert", "sslclient", [qw(root-cert)], - [qw(pc1-cert ee-client ca-cert)], "-allow_proxy_certs"), +ok(!verify("bad-pc3-cert", "sslclient", [qw(root-cert)], [qw(pc1-cert ee-client ca-cert)], + "-allow_proxy_certs"), "fail proxy cert with incorrect subject"); -ok(!verify("bad-pc4-cert", "sslclient", [qw(root-cert)], - [qw(pc1-cert ee-client ca-cert)], "-allow_proxy_certs"), +ok(!verify("bad-pc4-cert", "sslclient", [qw(root-cert)], [qw(pc1-cert ee-client ca-cert)], + "-allow_proxy_certs"), "fail proxy cert with incorrect pathlen"); -ok(verify("pc5-cert", "sslclient", [qw(root-cert)], - [qw(pc1-cert ee-client ca-cert)], "-allow_proxy_certs"), +ok(verify("pc5-cert", "sslclient", [qw(root-cert)], [qw(pc1-cert ee-client ca-cert)], + "-allow_proxy_certs"), "accept proxy cert missing proxy policy"); -ok(!verify("pc6-cert", "sslclient", [qw(root-cert)], - [qw(pc1-cert ee-client ca-cert)], "-allow_proxy_certs"), +ok(!verify("pc6-cert", "sslclient", [qw(root-cert)], [qw(pc1-cert ee-client ca-cert)], + "-allow_proxy_certs"), "failed proxy cert where last CN was added as a multivalue RDN component"); # Security level tests -ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"], - "-auth_level", "2"), +ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"), "accept RSA 2048 chain at auth level 2"); -ok(!verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"], - "-auth_level", "3"), +ok(!verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "3"), "reject RSA 2048 root at auth level 3"); -ok(verify("ee-cert", "sslserver", ["root-cert-768"], ["ca-cert-768i"], - "-auth_level", "0"), +ok(verify("ee-cert", "sslserver", ["root-cert-768"], ["ca-cert-768i"], "-auth_level", "0"), "accept RSA 768 root at auth level 0"); ok(!verify("ee-cert", "sslserver", ["root-cert-768"], ["ca-cert-768i"]), "reject RSA 768 root at auth level 1"); -ok(verify("ee-cert-768i", "sslserver", ["root-cert"], ["ca-cert-768"], - "-auth_level", "0"), +ok(verify("ee-cert-768i", "sslserver", ["root-cert"], ["ca-cert-768"], "-auth_level", "0"), "accept RSA 768 intermediate at auth level 0"); ok(!verify("ee-cert-768i", "sslserver", ["root-cert"], ["ca-cert-768"]), "reject RSA 768 intermediate at auth level 1"); -ok(verify("ee-cert-768", "sslserver", ["root-cert"], ["ca-cert"], - "-auth_level", "0"), +ok(verify("ee-cert-768", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "0"), "accept RSA 768 leaf at auth level 0"); ok(!verify("ee-cert-768", "sslserver", ["root-cert"], ["ca-cert"]), "reject RSA 768 leaf at auth level 1"); # -ok(verify("ee-cert", "sslserver", ["root-cert-md5"], ["ca-cert"], - "-auth_level", "2"), +ok(verify("ee-cert", "sslserver", ["root-cert-md5"], ["ca-cert"], "-auth_level", "2"), "accept md5 self-signed TA at auth level 2"); -ok(verify("ee-cert", "sslserver", ["ca-cert-md5-any"], [], - "-auth_level", "2"), +ok(verify("ee-cert", "sslserver", ["ca-cert-md5-any"], [], "-auth_level", "2"), "accept md5 intermediate TA at auth level 2"); -ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert-md5"], - "-auth_level", "0"), +ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert-md5"], "-auth_level", "0"), "accept md5 intermediate at auth level 0"); ok(!verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert-md5"]), "reject md5 intermediate at auth level 1"); -ok(verify("ee-cert-md5", "sslserver", ["root-cert"], ["ca-cert"], - "-auth_level", "0"), +ok(verify("ee-cert-md5", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "0"), "accept md5 leaf at auth level 0"); ok(!verify("ee-cert-md5", "sslserver", ["root-cert"], ["ca-cert"]), "reject md5 leaf at auth level 1"); @@ -302,17 +280,13 @@ ok(!verify("ee-cert-md5", "sslserver", ["root-cert"], ["ca-cert"]), # between the trust-anchor and the leaf, so, for example, with a root->ca->leaf # chain, depth = 1 is sufficient, but depth == 0 is not. # -ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"], - "-verify_depth", "2"), +ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"], "-verify_depth", "2"), "accept chain with verify_depth 2"); -ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"], - "-verify_depth", "1"), +ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"], "-verify_depth", "1"), "accept chain with verify_depth 1"); -ok(!verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"], - "-verify_depth", "0"), +ok(!verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"], "-verify_depth", "0"), "accept chain with verify_depth 0"); -ok(verify("ee-cert", "sslserver", ["ca-cert-md5-any"], [], - "-verify_depth", "0"), +ok(verify("ee-cert", "sslserver", ["ca-cert-md5-any"], [], "-verify_depth", "0"), "accept md5 intermediate TA with verify_depth 0"); # Name Constraints tests. @@ -353,34 +327,47 @@ ok(!verify("badalt6-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ), ok(!verify("badalt7-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ), "Name Constraints CN BMPSTRING hostname not permitted"); -ok(!verify("badalt8-cert", "sslserver", ["root-cert"], - ["ncca1-cert", "ncca3-cert"], ), - "Name constaints nested DNS name not permitted 1"); - -ok(!verify("badalt9-cert", "sslserver", ["root-cert"], - ["ncca1-cert", "ncca3-cert"], ), - "Name constaints nested DNS name not permitted 2"); - -ok(!verify("badalt10-cert", "sslserver", ["root-cert"], - ["ncca1-cert", "ncca3-cert"], ), - "Name constaints nested DNS name excluded"); - -ok(!verify("many-names1", "sslserver", ["many-constraints"], - ["many-constraints"], ), - "Too many names and constraints to check (1)"); -ok(!verify("many-names2", "sslserver", ["many-constraints"], - ["many-constraints"], ), - "Too many names and constraints to check (2)"); -ok(!verify("many-names3", "sslserver", ["many-constraints"], - ["many-constraints"], ), - "Too many names and constraints to check (3)"); - -ok(verify("some-names1", "sslserver", ["many-constraints"], - ["many-constraints"], ), - "Not too many names and constraints to check (1)"); -ok(verify("some-names2", "sslserver", ["many-constraints"], - ["many-constraints"], ), - "Not too many names and constraints to check (2)"); -ok(verify("some-names2", "sslserver", ["many-constraints"], - ["many-constraints"], ), - "Not too many names and constraints to check (3)"); +ok(!verify("badalt8-cert", "sslserver", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ), + "Name constraints nested DNS name not permitted 1"); + +ok(!verify("badalt9-cert", "sslserver", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ), + "Name constraints nested DNS name not permitted 2"); + +ok(!verify("badalt10-cert", "sslserver", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ), + "Name constraints nested DNS name excluded"); + +ok(verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], ), + "Certificate PSS signature using SHA1"); + +ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], ), + "CA with PSS signature using SHA256"); + +ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"), + "Reject PSS signature using SHA1 and auth level 2"); + +ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"), + "PSS signature using SHA256 and auth level 2"); + +ok(!verify("many-names1", "sslserver", ["many-constraints"], ["many-constraints"], ), + "Too many names and constraints to check (1)"); +ok(!verify("many-names2", "sslserver", ["many-constraints"], ["many-constraints"], ), + "Too many names and constraints to check (2)"); +ok(!verify("many-names3", "sslserver", ["many-constraints"], ["many-constraints"], ), + "Too many names and constraints to check (3)"); + +ok(verify("some-names1", "sslserver", ["many-constraints"], ["many-constraints"], ), + "Not too many names and constraints to check (1)"); +ok(verify("some-names2", "sslserver", ["many-constraints"], ["many-constraints"], ), + "Not too many names and constraints to check (2)"); +ok(verify("some-names2", "sslserver", ["many-constraints"], ["many-constraints"], ), + "Not too many names and constraints to check (3)"); + +SKIP: { + skip "Ed25519 is not supported by this OpenSSL build", 1 + if disabled("ec"); + + # ED25519 certificate from draft-ietf-curdle-pkix-04 + ok(verify("ee-ed25519", "sslserver", ["root-ed25519"], []), + "ED25519 signature"); + +} diff --git a/deps/openssl/openssl/test/recipes/25-test_x509.t b/deps/openssl/openssl/test/recipes/25-test_x509.t index 98a8d324e9cf72..f5ef0f996324db 100644 --- a/deps/openssl/openssl/test/recipes/25-test_x509.t +++ b/deps/openssl/openssl/test/recipes/25-test_x509.t @@ -15,10 +15,25 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/; setup("test_x509"); -plan tests => 5; +plan tests => 9; require_ok(srctop_file('test','recipes','tconversion.pl')); +my $pem = srctop_file("test/certs", "cyrillic.pem"); +my $out = "cyrillic.out"; +my $msb = srctop_file("test/certs", "cyrillic.msb"); +my $utf = srctop_file("test/certs", "cyrillic.utf8"); + +ok(run(app(["openssl", "x509", "-text", "-in", $pem, "-out", $out, + "-nameopt", "esc_msb"]))); +is(cmp_text($out, srctop_file("test/certs", "cyrillic.msb")), + 0, 'Comparing esc_msb output'); +ok(run(app(["openssl", "x509", "-text", "-in", $pem, "-out", $out, + "-nameopt", "utf8"]))); +is(cmp_text($out, srctop_file("test/certs", "cyrillic.utf8")), + 0, 'Comparing utf8 output'); +unlink $out; + subtest 'x509 -- x.509 v1 certificate' => sub { tconversion("x509", srctop_file("test","testx509.pem")); }; diff --git a/deps/openssl/openssl/test/recipes/30-test_afalg.t b/deps/openssl/openssl/test/recipes/30-test_afalg.t index c8cb67b758c4f1..7f60ca61d83ff5 100644 --- a/deps/openssl/openssl/test/recipes/30-test_afalg.t +++ b/deps/openssl/openssl/test/recipes/30-test_afalg.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -18,6 +18,6 @@ plan skip_all => "$test_name not supported for this build" plan tests => 1; -$ENV{OPENSSL_ENGINES} = bldtop_dir("engines/afalg"); +$ENV{OPENSSL_ENGINES} = bldtop_dir("engines"); ok(run(test(["afalgtest"])), "running afalgtest"); diff --git a/deps/openssl/openssl/test/recipes/30-test_evp_data/evpcase.txt b/deps/openssl/openssl/test/recipes/30-test_evp_data/evpcase.txt index 9f0955b97d4c34..69828eec51c785 100644 --- a/deps/openssl/openssl/test/recipes/30-test_evp_data/evpcase.txt +++ b/deps/openssl/openssl/test/recipes/30-test_evp_data/evpcase.txt @@ -15,7 +15,8 @@ # These tests exercise the case insensitive handling of object names. # They are contrived -# Some name is case insensitive tests +Title = Case insensitive AES tests + Cipher = Aes-128-eCb Key = 2B7E151628AED2A6ABF7158809CF4F3C Plaintext = 6BC1BEE22E409F96E93D7E117393172A @@ -42,6 +43,12 @@ Tag = ab6e47d42cec13bdf53a67b21257bddf Plaintext = 00000000000000000000000000000000 Ciphertext = 0388dace60b6a392f328c2b971b2fe78 +Title = Case insensitive digest tests + +Digest = Sha3-256 +Input = "" +Output = A7FFC6F8BF1ED76651C14756A061D662F580FF4DE43B49FA82D80A4B80F8434A + Digest = shA512 Input = "abc" Output = ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f diff --git a/deps/openssl/openssl/test/recipes/30-test_evp_data/evpciph.txt b/deps/openssl/openssl/test/recipes/30-test_evp_data/evpciph.txt index 7e78e08fc2234f..7833bb617ce9ce 100644 --- a/deps/openssl/openssl/test/recipes/30-test_evp_data/evpciph.txt +++ b/deps/openssl/openssl/test/recipes/30-test_evp_data/evpciph.txt @@ -19,6 +19,8 @@ # -K 000102030405060708090A0B0C0D0E0F1011121314151617 -iv 0001020304050607 | # xxd -ps -u +Title = DES Tests (various sources) + Cipher = DES-EDE3-CFB1 Key = 000102030405060708090A0B0C0D0E0F1011121314151617 IV = 0001020304050607 @@ -32,7 +34,57 @@ Operation = DECRYPT Plaintext = "Hello World" Ciphertext = 3CF55D656E9C0664513358 -# AES 128 ECB tests (from FIPS-197 test vectors, encrypt) +Cipher = DESX-CBC +Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210 +IV = fedcba9876543210 +Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000 +Ciphertext = 846B2914851E9A2954732F8AA0A611C115CDC2D7951B1053A63C5E03B21AA3C4 + +# DES EDE3 CBC tests (from destest) +Cipher = DES-EDE3-CBC +Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210 +IV = fedcba9876543210 +Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000 +Ciphertext = 3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675 + +# DES ECB tests (from destest) + +Cipher = DES-ECB +Key = 0000000000000000 +Plaintext = 0000000000000000 +Ciphertext = 8CA64DE9C1B123A7 + +Cipher = DES-ECB +Key = FFFFFFFFFFFFFFFF +Plaintext = FFFFFFFFFFFFFFFF +Ciphertext = 7359B2163E4EDC58 + +Cipher = DES-ECB +Key = 3000000000000000 +Plaintext = 1000000000000001 +Ciphertext = 958E6E627A05557B + +Cipher = DES-ECB +Key = 1111111111111111 +Plaintext = 1111111111111111 +Ciphertext = F40379AB9E0EC533 + +Cipher = DES-ECB +Key = 0123456789ABCDEF +Plaintext = 1111111111111111 +Ciphertext = 17668DFC7292532D + +Cipher = DES-ECB +Key = 1111111111111111 +Plaintext = 0123456789ABCDEF +Ciphertext = 8A5AE1F81AB8F2DD + +Cipher = DES-ECB +Key = FEDCBA9876543210 +Plaintext = 0123456789ABCDEF +Ciphertext = ED39D950FA74BCC4 + +Title = AES (from FIPS-197 test vectors) Cipher = AES-128-ECB Key = 000102030405060708090A0B0C0D0E0F @@ -94,6 +146,9 @@ Ciphertext = 8EA2B7CA516745BFEAFC49904B496089 # For all ECB encrypts and decrypts, the transformed sequence is # AES-bits-ECB:key::plaintext:ciphertext:encdec # ECB-AES128.Encrypt and ECB-AES128.Decrypt + +Title = AES tests from NIST document SP800-38A + Cipher = AES-128-ECB Key = 2B7E151628AED2A6ABF7158809CF4F3C Plaintext = 6BC1BEE22E409F96E93D7E117393172A @@ -586,8 +641,8 @@ Operation = DECRYPT Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 Ciphertext = 0126141D67F37BE8538F5A8BE740E484 +Title = AES Counter test vectors from RFC3686 -# AES Counter test vectors from RFC3686 Cipher = aes-128-ctr Key = AE6852F8121067CC4BF7A5765577F39E IV = 00000030000000000000000000000001 @@ -659,1466 +714,1650 @@ Operation = ENCRYPT Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F Ciphertext = A2D459477E6432BD74184B1B5370D2243CDC202BC43583B2A55D288CDBBD1E03 -# DES ECB tests (from destest) - -Cipher = DES-ECB -Key = 0000000000000000 -Plaintext = 0000000000000000 -Ciphertext = 8CA64DE9C1B123A7 +# AES CCM 256 bit key +Cipher = aes-256-ccm +Key = 1bde3251d41a8b5ea013c195ae128b218b3e0306376357077ef1c1c78548b92e +IV = 5b8e40746f6b98e00f1d13ff41 +AAD = c17a32514eb6103f3249e076d4c871dc97e04b286699e54491dc18f6d734d4c0 +Tag = 2024931d73bca480c24a24ece6b6c2bf +Plaintext = 53bd72a97089e312422bf72e242377b3c6ee3e2075389b999c4ef7f28bd2b80a +Ciphertext = 9a5fcccdb4cf04e7293d2775cc76a488f042382d949b43b7d6bb2b9864786726 -Cipher = DES-ECB -Key = FFFFFFFFFFFFFFFF -Plaintext = FFFFFFFFFFFFFFFF -Ciphertext = 7359B2163E4EDC58 +Cipher = aes-256-ccm +Key = 1bde3251d41a8b5ea013c195ae128b218b3e0306376357077ef1c1c78548b92e +IV = 5b8e40746f6b98e00f1d13ff41 +AAD = c17a32514eb6103f3249e076d4c871dc97e04b286699e54491dc18f6d734d4c0 +Tag = 2024931d73bca480c24a24ece6b6c2be +Plaintext = 53bd72a97089e312422bf72e242377b3c6ee3e2075389b999c4ef7f28bd2b80a +Ciphertext = 9a5fcccdb4cf04e7293d2775cc76a488f042382d949b43b7d6bb2b9864786726 +Operation = DECRYPT +Result = CIPHERUPDATE_ERROR -Cipher = DES-ECB -Key = 3000000000000000 -Plaintext = 1000000000000001 -Ciphertext = 958E6E627A05557B +# AES GCM test vectors from http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf +Cipher = aes-128-gcm +Key = 00000000000000000000000000000000 +IV = 000000000000000000000000 +AAD = +Tag = 58e2fccefa7e3061367f1d57a4e7455a +Plaintext = +Ciphertext = -Cipher = DES-ECB -Key = 1111111111111111 -Plaintext = 1111111111111111 -Ciphertext = F40379AB9E0EC533 +Cipher = aes-128-gcm +Key = 00000000000000000000000000000000 +IV = 000000000000000000000000 +AAD = +Tag = ab6e47d42cec13bdf53a67b21257bddf +Plaintext = 00000000000000000000000000000000 +Ciphertext = 0388dace60b6a392f328c2b971b2fe78 -Cipher = DES-ECB -Key = 0123456789ABCDEF -Plaintext = 1111111111111111 -Ciphertext = 17668DFC7292532D +Cipher = aes-128-gcm +Key = feffe9928665731c6d6a8f9467308308 +IV = cafebabefacedbaddecaf888 +AAD = +Tag = 4d5c2af327cd64a62cf35abd2ba6fab4 +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255 +Ciphertext = 42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985 -Cipher = DES-ECB -Key = 1111111111111111 -Plaintext = 0123456789ABCDEF -Ciphertext = 8A5AE1F81AB8F2DD +Cipher = aes-128-gcm +Key = feffe9928665731c6d6a8f9467308308 +IV = cafebabefacedbaddecaf888 +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = 5bc94fbc3221a5db94fae95ae7121a47 +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = 42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091 -Cipher = DES-ECB -Key = FEDCBA9876543210 -Plaintext = 0123456789ABCDEF -Ciphertext = ED39D950FA74BCC4 +Cipher = aes-128-gcm +Key = feffe9928665731c6d6a8f9467308308 +IV = cafebabefacedbad +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = 3612d2e79e3b0785561be14aaca2fccb +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = 61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598 -# DESX-CBC tests (from destest) -Cipher = DESX-CBC -Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210 -IV = fedcba9876543210 -Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000 -Ciphertext = 846B2914851E9A2954732F8AA0A611C115CDC2D7951B1053A63C5E03B21AA3C4 +Cipher = aes-128-gcm +Key = feffe9928665731c6d6a8f9467308308 +IV = 9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = 619cc5aefffe0bfa462af43c1699d050 +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = 8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5 -# DES EDE3 CBC tests (from destest) -Cipher = DES-EDE3-CBC -Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210 -IV = fedcba9876543210 -Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000 -Ciphertext = 3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675 +Cipher = aes-128-gcm +Key = feffe9928665731c6d6a8f9467308308 +IV = 9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = 619cc5aefffe0bfa462af43c1699d051 +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = 8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5 +Operation = DECRYPT +Result = CIPHERFINAL_ERROR -# RC4 tests (from rc4test) -Cipher = RC4 -Key = 0123456789abcdef0123456789abcdef -Plaintext = 0123456789abcdef -Ciphertext = 75b7878099e0c596 +Cipher = aes-192-gcm +Key = 000000000000000000000000000000000000000000000000 +IV = 000000000000000000000000 +AAD = +Tag = cd33b28ac773f74ba00ed1f312572435 +Plaintext = +Ciphertext = -Cipher = RC4 -Key = 0123456789abcdef0123456789abcdef -Plaintext = 0000000000000000 -Ciphertext = 7494c2e7104b0879 +Cipher = aes-192-gcm +Key = 000000000000000000000000000000000000000000000000 +IV = 000000000000000000000000 +AAD = +Tag = 2ff58d80033927ab8ef4d4587514f0fb +Plaintext = 00000000000000000000000000000000 +Ciphertext = 98e7247c07f0fe411c267e4384b0f600 -Cipher = RC4 -Key = 00000000000000000000000000000000 -Plaintext = 0000000000000000 -Ciphertext = de188941a3375d3a +Cipher = aes-192-gcm +Key = feffe9928665731c6d6a8f9467308308feffe9928665731c +IV = cafebabefacedbaddecaf888 +AAD = +Tag = 9924a7c8587336bfb118024db8674a14 +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255 +Ciphertext = 3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256 -Cipher = RC4 -Key = ef012345ef012345ef012345ef012345 -Plaintext = 0000000000000000000000000000000000000000 -Ciphertext = d6a141a7ec3c38dfbd615a1162e1c7ba36b67858 +Cipher = aes-192-gcm +Key = feffe9928665731c6d6a8f9467308308feffe9928665731c +IV = cafebabefacedbaddecaf888 +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = 2519498e80f1478f37ba55bd6d27618c +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = 3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710 -Cipher = RC4 -Key = 0123456789abcdef0123456789abcdef -Plaintext = 123456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345678 -Ciphertext = 66a0949f8af7d6891f7f832ba833c00c892ebe30143ce28740011ecf +Cipher = aes-192-gcm +Key = feffe9928665731c6d6a8f9467308308feffe9928665731c +IV = cafebabefacedbad +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = 65dcc57fcf623a24094fcca40d3533f8 +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = 0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7 -Cipher = RC4 -Key = ef012345ef012345ef012345ef012345 -Plaintext = 00000000000000000000 -Ciphertext = d6a141a7ec3c38dfbd61 +Cipher = aes-192-gcm +Key = feffe9928665731c6d6a8f9467308308feffe9928665731c +IV = 9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = dcf566ff291c25bbb8568fc3d376a6d9 +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b -# Camellia tests from RFC3713 -# For all ECB encrypts and decrypts, the transformed sequence is -# CAMELLIA-bits-ECB:key::plaintext:ciphertext:encdec -Cipher = CAMELLIA-128-ECB -Key = 0123456789abcdeffedcba9876543210 -Plaintext = 0123456789abcdeffedcba9876543210 -Ciphertext = 67673138549669730857065648eabe43 +Cipher = aes-192-gcm +Key = feffe9928665731c6d6a8f9467308308feffe9928665731c +IV = 9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = dcf566ff291c25bbb8568fc3d376a6d8 +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b +Operation = DECRYPT +Result = CIPHERFINAL_ERROR -Cipher = CAMELLIA-192-ECB -Key = 0123456789abcdeffedcba98765432100011223344556677 -Plaintext = 0123456789abcdeffedcba9876543210 -Ciphertext = b4993401b3e996f84ee5cee7d79b09b9 +Cipher = aes-256-gcm +Key = 0000000000000000000000000000000000000000000000000000000000000000 +IV = 000000000000000000000000 +AAD = +Tag = 530f8afbc74536b9a963b4f1c4cb738b +Plaintext = +Ciphertext = -Cipher = CAMELLIA-256-ECB -Key = 0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff -Plaintext = 0123456789abcdeffedcba9876543210 -Ciphertext = 9acc237dff16d76c20ef7c919e3a7509 - -# ECB-CAMELLIA128.Encrypt -Cipher = CAMELLIA-128-ECB -Key = 000102030405060708090A0B0C0D0E0F -Operation = ENCRYPT -Plaintext = 00112233445566778899AABBCCDDEEFF -Ciphertext = 77CF412067AF8270613529149919546F +Cipher = aes-256-gcm +Key = 0000000000000000000000000000000000000000000000000000000000000000 +IV = 000000000000000000000000 +AAD = +Tag = d0d1c8a799996bf0265b98b5d48ab919 +Plaintext = 00000000000000000000000000000000 +Ciphertext = cea7403d4d606b6e074ec5d3baf39d18 -Cipher = CAMELLIA-192-ECB -Key = 000102030405060708090A0B0C0D0E0F1011121314151617 -Operation = ENCRYPT -Plaintext = 00112233445566778899AABBCCDDEEFF -Ciphertext = B22F3C36B72D31329EEE8ADDC2906C68 +Cipher = aes-256-gcm +Key = feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308 +IV = cafebabefacedbaddecaf888 +AAD = +Tag = b094dac5d93471bdec1a502270e3cc6c +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255 +Ciphertext = 522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad -Cipher = CAMELLIA-256-ECB -Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F -Operation = ENCRYPT -Plaintext = 00112233445566778899AABBCCDDEEFF -Ciphertext = 2EDF1F3418D53B88841FC8985FB1ECF2 +Cipher = aes-256-gcm +Key = feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308 +IV = cafebabefacedbaddecaf888 +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = 76fc6ece0f4e1768cddf8853bb2d551b +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = 522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662 +Cipher = aes-256-gcm +Key = feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308 +IV = cafebabefacedbad +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = 3a337dbf46a792c45e454913fe2ea8f2 +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f -# ECB-CAMELLIA128.Encrypt and ECB-CAMELLIA128.Decrypt -Cipher = CAMELLIA-128-ECB -Key = 2B7E151628AED2A6ABF7158809CF4F3C -Plaintext = 6BC1BEE22E409F96E93D7E117393172A -Ciphertext = 432FC5DCD628115B7C388D770B270C96 +Cipher = aes-256-gcm +Key = feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308 +IV = 9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = a44a8266ee1c8eb0c8b5d4cf5ae9f19a +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = 5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f -Cipher = CAMELLIA-128-ECB -Key = 2B7E151628AED2A6ABF7158809CF4F3C -Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 -Ciphertext = 0BE1F14023782A22E8384C5ABB7FAB2B +Cipher = aes-256-gcm +Key = feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308 +IV = 9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = a44a8266ee1c8eb0c8b5d4cf5ae9f19b +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = 5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f +Operation = DECRYPT +Result = CIPHERFINAL_ERROR -Cipher = CAMELLIA-128-ECB -Key = 2B7E151628AED2A6ABF7158809CF4F3C -Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF -Ciphertext = A0A1ABCD1893AB6FE0FE5B65DF5F8636 +# local add-ons, primarily streaming ghash tests +# 128 bytes aad +Cipher = aes-128-gcm +Key = 00000000000000000000000000000000 +IV = 000000000000000000000000 +AAD = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad +Tag = 5fea793a2d6f974d37e68e0cb8ff9492 +Plaintext = +Ciphertext = -Cipher = CAMELLIA-128-ECB -Key = 2B7E151628AED2A6ABF7158809CF4F3C -Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 -Ciphertext = E61925E0D5DFAA9BB29F815B3076E51A +# 48 bytes plaintext +Cipher = aes-128-gcm +Key = 00000000000000000000000000000000 +IV = 000000000000000000000000 +AAD = +Tag = 9dd0a376b08e40eb00c35f29f9ea61a4 +Plaintext = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Ciphertext = 0388dace60b6a392f328c2b971b2fe78f795aaab494b5923f7fd89ff948bc1e0200211214e7394da2089b6acd093abe0 +# 80 bytes plaintext +Cipher = aes-128-gcm +Key = 00000000000000000000000000000000 +IV = 000000000000000000000000 +AAD = +Tag = 98885a3a22bd4742fe7b72172193b163 +Plaintext = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Ciphertext = 0388dace60b6a392f328c2b971b2fe78f795aaab494b5923f7fd89ff948bc1e0200211214e7394da2089b6acd093abe0c94da219118e297d7b7ebcbcc9c388f28ade7d85a8ee35616f7124a9d5270291 -# ECB-CAMELLIA192.Encrypt and ECB-CAMELLIA192.Decrypt -Cipher = CAMELLIA-192-ECB -Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B -Plaintext = 6BC1BEE22E409F96E93D7E117393172A -Ciphertext = CCCC6C4E138B45848514D48D0D3439D3 +# 128 bytes plaintext +Cipher = aes-128-gcm +Key = 00000000000000000000000000000000 +IV = 000000000000000000000000 +AAD = +Tag = cac45f60e31efd3b5a43b98a22ce1aa1 +Plaintext = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Ciphertext = 0388dace60b6a392f328c2b971b2fe78f795aaab494b5923f7fd89ff948bc1e0200211214e7394da2089b6acd093abe0c94da219118e297d7b7ebcbcc9c388f28ade7d85a8ee35616f7124a9d527029195b84d1b96c690ff2f2de30bf2ec89e00253786e126504f0dab90c48a30321de3345e6b0461e7c9e6c6b7afedde83f40 -Cipher = CAMELLIA-192-ECB -Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B -Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 -Ciphertext = 5713C62C14B2EC0F8393B6AFD6F5785A +# 192 bytes plaintext, iv is chosen so that initial counter LSB is 0xFF +Cipher = aes-128-gcm +Key = 00000000000000000000000000000000 +IV = ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +AAD = +Tag = 566f8ef683078bfdeeffa869d751a017 +Plaintext = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Ciphertext = 56b3373ca9ef6e4a2b64fe1e9a17b61425f10d47a75a5fce13efc6bc784af24f4141bdd48cf7c770887afd573cca5418a9aeffcd7c5ceddfc6a78397b9a85b499da558257267caab2ad0b23ca476a53cb17fb41c4b8b475cb4f3f7165094c229c9e8c4dc0a2a5ff1903e501511221376a1cdb8364c5061a20cae74bc4acd76ceb0abc9fd3217ef9f8c90be402ddf6d8697f4f880dff15bfb7a6b28241ec8fe183c2d59e3f9dfff653c7126f0acb9e64211f42bae12af462b1070bef1ab5e3606 -Cipher = CAMELLIA-192-ECB -Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B -Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF -Ciphertext = B40ED2B60EB54D09D030CF511FEEF366 +# 240 bytes plaintext, iv is chosen so that initial counter LSB is 0xFF +Cipher = aes-128-gcm +Key = 00000000000000000000000000000000 +IV = ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +AAD = +Tag = fd0c7011ff07f0071324bdfb2d0f3a29 +Plaintext = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Ciphertext = 56b3373ca9ef6e4a2b64fe1e9a17b61425f10d47a75a5fce13efc6bc784af24f4141bdd48cf7c770887afd573cca5418a9aeffcd7c5ceddfc6a78397b9a85b499da558257267caab2ad0b23ca476a53cb17fb41c4b8b475cb4f3f7165094c229c9e8c4dc0a2a5ff1903e501511221376a1cdb8364c5061a20cae74bc4acd76ceb0abc9fd3217ef9f8c90be402ddf6d8697f4f880dff15bfb7a6b28241ec8fe183c2d59e3f9dfff653c7126f0acb9e64211f42bae12af462b1070bef1ab5e3606872ca10dee15b3249b1a1b958f23134c4bccb7d03200bce420a2f8eb66dcf3644d1423c1b5699003c13ecef4bf38a3b6 -Cipher = CAMELLIA-192-ECB -Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B -Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 -Ciphertext = 909DBD95799096748CB27357E73E1D26 +# 288 bytes plaintext, iv is chosen so that initial counter LSB is 0xFF +Cipher = aes-128-gcm +Key = 00000000000000000000000000000000 +IV = ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +AAD = +Tag = 8b307f6b33286d0ab026a9ed3fe1e85f +Plaintext = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Ciphertext = 56b3373ca9ef6e4a2b64fe1e9a17b61425f10d47a75a5fce13efc6bc784af24f4141bdd48cf7c770887afd573cca5418a9aeffcd7c5ceddfc6a78397b9a85b499da558257267caab2ad0b23ca476a53cb17fb41c4b8b475cb4f3f7165094c229c9e8c4dc0a2a5ff1903e501511221376a1cdb8364c5061a20cae74bc4acd76ceb0abc9fd3217ef9f8c90be402ddf6d8697f4f880dff15bfb7a6b28241ec8fe183c2d59e3f9dfff653c7126f0acb9e64211f42bae12af462b1070bef1ab5e3606872ca10dee15b3249b1a1b958f23134c4bccb7d03200bce420a2f8eb66dcf3644d1423c1b5699003c13ecef4bf38a3b60eedc34033bac1902783dc6d89e2e774188a439c7ebcc0672dbda4ddcfb2794613b0be41315ef778708a70ee7d75165c +# 80 bytes plaintext, submitted by Intel +Cipher = aes-128-gcm +Key = 843ffcf5d2b72694d19ed01d01249412 +IV = dbcca32ebf9b804617c3aa9e +AAD = 00000000000000000000000000000000101112131415161718191a1b1c1d1e1f +Tag = 3b629ccfbc1119b7319e1dce2cd6fd6d +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f +Ciphertext = 6268c6fa2a80b2d137467f092f657ac04d89be2beaa623d61b5a868c8f03ff95d3dcee23ad2f1ab3a6c80eaf4b140eb05de3457f0fbc111a6b43d0763aa422a3013cf1dc37fe417d1fbfc449b75d4cc5 -# ECB-CAMELLIA256.Encrypt and ECB-CAMELLIA256.Decrypt -Cipher = CAMELLIA-256-ECB -Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 -Plaintext = 6BC1BEE22E409F96E93D7E117393172A -Ciphertext = BEFD219B112FA00098919CD101C9CCFA +#AES OCB Test vectors +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = +Tag = 197B9C3C441D3C83EAFB2BEF633B9182 +Plaintext = +Ciphertext = -Cipher = CAMELLIA-256-ECB -Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 -Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 -Ciphertext = C91D3A8F1AEA08A9386CF4B66C0169EA +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 0001020304050607 +Tag = 16DC76A46D47E1EAD537209E8A96D14E +Plaintext = 0001020304050607 +Ciphertext = 92B657130A74B85A -Cipher = CAMELLIA-256-ECB -Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 -Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF -Ciphertext = A623D711DC5F25A51BB8A80D56397D28 +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 0001020304050607 +Tag = 98B91552C8C009185044E30A6EB2FE21 +Plaintext = +Ciphertext = -Cipher = CAMELLIA-256-ECB -Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 -Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 -Ciphertext = 7960109FB6DC42947FCFE59EA3C5EB6B +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = +Tag = 971EFFCAE19AD4716F88E87B871FBEED +Plaintext = 0001020304050607 +Ciphertext = 92B657130A74B85A +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F +Tag = 776C9924D6723A1FC4524532AC3E5BEB +Plaintext = 000102030405060708090A0B0C0D0E0F +Ciphertext = BEA5E8798DBE7110031C144DA0B26122 -# For all CBC encrypts and decrypts, the transformed sequence is -# CAMELLIA-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec -# CBC-CAMELLIA128.Encrypt and CBC-CAMELLIA128.Decrypt -Cipher = CAMELLIA-128-CBC -Key = 2B7E151628AED2A6ABF7158809CF4F3C -IV = 000102030405060708090A0B0C0D0E0F -Plaintext = 6BC1BEE22E409F96E93D7E117393172A -Ciphertext = 1607CF494B36BBF00DAEB0B503C831AB +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F +Tag = 7DDB8E6CEA6814866212509619B19CC6 +Plaintext = +Ciphertext = -Cipher = CAMELLIA-128-CBC -Key = 2B7E151628AED2A6ABF7158809CF4F3C -IV = 1607CF494B36BBF00DAEB0B503C831AB -Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 -Ciphertext = A2F2CF671629EF7840C5A5DFB5074887 +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = +Tag = 13CC8B747807121A4CBB3E4BD6B456AF +Plaintext = 000102030405060708090A0B0C0D0E0F +Ciphertext = BEA5E8798DBE7110031C144DA0B26122 -Cipher = CAMELLIA-128-CBC -Key = 2B7E151628AED2A6ABF7158809CF4F3C -IV = A2F2CF671629EF7840C5A5DFB5074887 -Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF -Ciphertext = 0F06165008CF8B8B5A63586362543E54 +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F1011121314151617 +Tag = 5FA94FC3F38820F1DC3F3D1FD4E55E1C +Plaintext = 000102030405060708090A0B0C0D0E0F1011121314151617 +Ciphertext = BEA5E8798DBE7110031C144DA0B26122FCFCEE7A2A8D4D48 -Cipher = CAMELLIA-128-CBC -Key = 2B7E151628AED2A6ABF7158809CF4F3C -IV = 36A84CDAFD5F9A85ADA0F0A993D6D577 -Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 -Ciphertext = 74C64268CDB8B8FAF5B34E8AF3732980 - - -# CBC-CAMELLIA192.Encrypt and CBC-CAMELLIA192.Decrypt -Cipher = CAMELLIA-192-CBC -Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B -IV = 000102030405060708090A0B0C0D0E0F -Plaintext = 6BC1BEE22E409F96E93D7E117393172A -Ciphertext = 2A4830AB5AC4A1A2405955FD2195CF93 +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F1011121314151617 +Tag = 282026DA3068BC9FA118681D559F10F6 +Plaintext = +Ciphertext = -Cipher = CAMELLIA-192-CBC -Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B -IV = 2A4830AB5AC4A1A2405955FD2195CF93 -Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 -Ciphertext = 5D5A869BD14CE54264F892A6DD2EC3D5 +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = +Tag = 6EF2F52587FDA0ED97DC7EEDE241DF68 +Plaintext = 000102030405060708090A0B0C0D0E0F1011121314151617 +Ciphertext = BEA5E8798DBE7110031C144DA0B26122FCFCEE7A2A8D4D48 -Cipher = CAMELLIA-192-CBC -Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B -IV = 5D5A869BD14CE54264F892A6DD2EC3D5 -Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF -Ciphertext = 37D359C3349836D884E310ADDF68C449 +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Tag = B2A040DD3BD5164372D76D7BB6824240 +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Ciphertext = BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A657149D53773463CB -Cipher = CAMELLIA-192-CBC -Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B -IV = 37D359C3349836D884E310ADDF68C449 -Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 -Ciphertext = 01FAAA930B4AB9916E9668E1428C6B08 +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Tag = E1E072633BADE51A60E85951D9C42A1B +Plaintext = +Ciphertext = +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = +Tag = 4A3BAE824465CFDAF8C41FC50C7DF9D9 +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Ciphertext = BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A657149D53773463CB -# CBC-CAMELLIA256.Encrypt and CBC-CAMELLIA256.Decrypt -Cipher = CAMELLIA-256-CBC -Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 -IV = 000102030405060708090A0B0C0D0E0F -Plaintext = 6BC1BEE22E409F96E93D7E117393172A -Ciphertext = E6CFA35FC02B134A4D2C0B6737AC3EDA +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Tag = 659C623211DEEA0DE30D2C381879F4C8 +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Ciphertext = BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A657149D53773463CB68C65778B058A635 -Cipher = CAMELLIA-256-CBC -Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 -IV = E6CFA35FC02B134A4D2C0B6737AC3EDA -Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 -Ciphertext = 36CBEB73BD504B4070B1B7DE2B21EB50 +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Tag = 7AEB7A69A1687DD082CA27B0D9A37096 +Plaintext = +Ciphertext = -Cipher = CAMELLIA-256-CBC -Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 -IV = 36CBEB73BD504B4070B1B7DE2B21EB50 -Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF -Ciphertext = E31A6055297D96CA3330CDF1B1860A83 +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = +Tag = 060C8467F4ABAB5E8B3C2067A2E115DC +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Ciphertext = BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A657149D53773463CB68C65778B058A635 -Cipher = CAMELLIA-256-CBC -Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 -IV = E31A6055297D96CA3330CDF1B1860A83 -Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 -Ciphertext = 5D563F6D1CCCF236051C0C5C1C58F28F +#AES OCB Non standard test vectors - generated from reference implementation +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Tag = 1b6c44f34e3abb3cbf8976e7 +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Ciphertext = 09a4fd29de949d9a9aa9924248422097ad4883b4713e6c214ff6567ada08a96766fc4e2ee3e3a5a1 +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B0C0D0E +AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Tag = 1ad62009901f40cba7cd7156f94a7324 +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Ciphertext = 5e2fa7367ffbdb3938845cfd415fcc71ec79634eb31451609d27505f5e2978f43c44213d8fa441ee -# We don't support CFB{1,8}-CAMELLIAxxx.{En,De}crypt -# For all CFB128 encrypts and decrypts, the transformed sequence is -# CAMELLIA-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec -# CFB128-CAMELLIA128.Encrypt -Cipher = CAMELLIA-128-CFB -Key = 2B7E151628AED2A6ABF7158809CF4F3C -IV = 000102030405060708090A0B0C0D0E0F -Operation = ENCRYPT -Plaintext = 6BC1BEE22E409F96E93D7E117393172A -Ciphertext = 14F7646187817EB586599146B82BD719 +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Tag = C203F98CE28F7DAD3F31C021 +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F3031 +Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B2176C12F110DD441B7CAA3A509B13C822D6 -Cipher = CAMELLIA-128-CFB -Key = 2B7E151628AED2A6ABF7158809CF4F3C -IV = 14F7646187817EB586599146B82BD719 -Operation = ENCRYPT -Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 -Ciphertext = A53D28BB82DF741103EA4F921A44880B +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Tag = 8346D7D47C5D893ED472F5AB +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F4041 +Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B2176C12F110DD441B7CAA3A509B13C86A023AFCEE998BEE42028D44507B15F714FF -Cipher = CAMELLIA-128-CFB -Key = 2B7E151628AED2A6ABF7158809CF4F3C -IV = A53D28BB82DF741103EA4F921A44880B -Operation = ENCRYPT -Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF -Ciphertext = 9C2157A664626D1DEF9EA420FDE69B96 +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Tag = 5822A9A70FDF55D29D2984A6 +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F5051 +Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B2176C12F110DD441B7CAA3A509B13C86A023AFCEE998BEE42028D44507B15F77C528A1DE6406B519BCEE8FCB8294170634D -Cipher = CAMELLIA-128-CFB -Key = 2B7E151628AED2A6ABF7158809CF4F3C -IV = 9C2157A664626D1DEF9EA420FDE69B96 -Operation = ENCRYPT -Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 -Ciphertext = 742A25F0542340C7BAEF24CA8482BB09 +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Tag = 81772B6741ABB4ECA9D2DEB2 +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F6061 +Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B2176C12F110DD441B7CAA3A509B13C86A023AFCEE998BEE42028D44507B15F77C528A1DE6406B519BCEE8FCB829417001E54E15A7576C4DF32366E0F439C7050FAA +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Tag = 3E52A01D068DE85456DB03B7 +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071 +Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B2176C12F110DD441B7CAA3A509B13C86A023AFCEE998BEE42028D44507B15F77C528A1DE6406B519BCEE8FCB829417001E54E15A7576C4DF32366E0F439C7051CB4824B8114E9A720CBC1CE0185B156B486 -# CFB128-CAMELLIA128.Decrypt -Cipher = CAMELLIA-128-CFB -Key = 2B7E151628AED2A6ABF7158809CF4F3C -IV = 000102030405060708090A0B0C0D0E0F +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Tag = 3E52A01D068DE85456DB03B6 +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071 +Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B2176C12F110DD441B7CAA3A509B13C86A023AFCEE998BEE42028D44507B15F77C528A1DE6406B519BCEE8FCB829417001E54E15A7576C4DF32366E0F439C7051CB4824B8114E9A720CBC1CE0185B156B486 Operation = DECRYPT -Plaintext = 6BC1BEE22E409F96E93D7E117393172A -Ciphertext = 14F7646187817EB586599146B82BD719 +Result = CIPHERFINAL_ERROR -Cipher = CAMELLIA-128-CFB -Key = 2B7E151628AED2A6ABF7158809CF4F3C -IV = 14F7646187817EB586599146B82BD719 -Operation = DECRYPT -Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 -Ciphertext = A53D28BB82DF741103EA4F921A44880B +Title = AES XTS test vectors from IEEE Std 1619-2007 -Cipher = CAMELLIA-128-CFB -Key = 2B7E151628AED2A6ABF7158809CF4F3C -IV = A53D28BB82DF741103EA4F921A44880B -Operation = DECRYPT -Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF -Ciphertext = 9C2157A664626D1DEF9EA420FDE69B96 +Cipher = aes-128-xts +Key = 0000000000000000000000000000000000000000000000000000000000000000 +IV = 00000000000000000000000000000000 +Plaintext = 0000000000000000000000000000000000000000000000000000000000000000 +Ciphertext = 917cf69ebd68b2ec9b9fe9a3eadda692cd43d2f59598ed858c02c2652fbf922e -Cipher = CAMELLIA-128-CFB -Key = 2B7E151628AED2A6ABF7158809CF4F3C -IV = 9C2157A664626D1DEF9EA420FDE69B96 -Operation = DECRYPT -Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 -Ciphertext = 742A25F0542340C7BAEF24CA8482BB09 +Cipher = aes-128-xts +Key = 1111111111111111111111111111111122222222222222222222222222222222 +IV = 33333333330000000000000000000000 +Plaintext = 4444444444444444444444444444444444444444444444444444444444444444 +Ciphertext = c454185e6a16936e39334038acef838bfb186fff7480adc4289382ecd6d394f0 +Cipher = aes-128-xts +Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f022222222222222222222222222222222 +IV = 33333333330000000000000000000000 +Plaintext = 4444444444444444444444444444444444444444444444444444444444444444 +Ciphertext = af85336b597afc1a900b2eb21ec949d292df4c047e0b21532186a5971a227a89 -# CFB128-CAMELLIA192.Encrypt -Cipher = CAMELLIA-192-CFB -Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B -IV = 000102030405060708090A0B0C0D0E0F -Operation = ENCRYPT -Plaintext = 6BC1BEE22E409F96E93D7E117393172A -Ciphertext = C832BB9780677DAA82D9B6860DCD565E +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = 00000000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff +Ciphertext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad02655ea92dc4c4e41a8952c651d33174be51a10c421110e6d81588ede82103a252d8a750e8768defffed9122810aaeb99f9172af82b604dc4b8e51bcb08235a6f4341332e4ca60482a4ba1a03b3e65008fc5da76b70bf1690db4eae29c5f1badd03c5ccf2a55d705ddcd86d449511ceb7ec30bf12b1fa35b913f9f747a8afd1b130e94bff94effd01a91735ca1726acd0b197c4e5b03393697e126826fb6bbde8ecc1e08298516e2c9ed03ff3c1b7860f6de76d4cecd94c8119855ef5297ca67e9f3e7ff72b1e99785ca0a7e7720c5b36dc6d72cac9574c8cbbc2f801e23e56fd344b07f22154beba0f08ce8891e643ed995c94d9a69c9f1b5f499027a78572aeebd74d20cc39881c213ee770b1010e4bea718846977ae119f7a023ab58cca0ad752afe656bb3c17256a9f6e9bf19fdd5a38fc82bbe872c5539edb609ef4f79c203ebb140f2e583cb2ad15b4aa5b655016a8449277dbd477ef2c8d6c017db738b18deb4a427d1923ce3ff262735779a418f20a282df920147beabe421ee5319d0568 -Cipher = CAMELLIA-192-CFB -Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B -IV = C832BB9780677DAA82D9B6860DCD565E -Operation = ENCRYPT -Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 -Ciphertext = 86F8491627906D780C7A6D46EA331F98 +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = 01000000000000000000000000000000 +Plaintext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad02655ea92dc4c4e41a8952c651d33174be51a10c421110e6d81588ede82103a252d8a750e8768defffed9122810aaeb99f9172af82b604dc4b8e51bcb08235a6f4341332e4ca60482a4ba1a03b3e65008fc5da76b70bf1690db4eae29c5f1badd03c5ccf2a55d705ddcd86d449511ceb7ec30bf12b1fa35b913f9f747a8afd1b130e94bff94effd01a91735ca1726acd0b197c4e5b03393697e126826fb6bbde8ecc1e08298516e2c9ed03ff3c1b7860f6de76d4cecd94c8119855ef5297ca67e9f3e7ff72b1e99785ca0a7e7720c5b36dc6d72cac9574c8cbbc2f801e23e56fd344b07f22154beba0f08ce8891e643ed995c94d9a69c9f1b5f499027a78572aeebd74d20cc39881c213ee770b1010e4bea718846977ae119f7a023ab58cca0ad752afe656bb3c17256a9f6e9bf19fdd5a38fc82bbe872c5539edb609ef4f79c203ebb140f2e583cb2ad15b4aa5b655016a8449277dbd477ef2c8d6c017db738b18deb4a427d1923ce3ff262735779a418f20a282df920147beabe421ee5319d0568 +Ciphertext = 264d3ca8512194fec312c8c9891f279fefdd608d0c027b60483a3fa811d65ee59d52d9e40ec5672d81532b38b6b089ce951f0f9c35590b8b978d175213f329bb1c2fd30f2f7f30492a61a532a79f51d36f5e31a7c9a12c286082ff7d2394d18f783e1a8e72c722caaaa52d8f065657d2631fd25bfd8e5baad6e527d763517501c68c5edc3cdd55435c532d7125c8614deed9adaa3acade5888b87bef641c4c994c8091b5bcd387f3963fb5bc37aa922fbfe3df4e5b915e6eb514717bdd2a74079a5073f5c4bfd46adf7d282e7a393a52579d11a028da4d9cd9c77124f9648ee383b1ac763930e7162a8d37f350b2f74b8472cf09902063c6b32e8c2d9290cefbd7346d1c779a0df50edcde4531da07b099c638e83a755944df2aef1aa31752fd323dcb710fb4bfbb9d22b925bc3577e1b8949e729a90bbafeacf7f7879e7b1147e28ba0bae940db795a61b15ecf4df8db07b824bb062802cc98a9545bb2aaeed77cb3fc6db15dcd7d80d7d5bc406c4970a3478ada8899b329198eb61c193fb6275aa8ca340344a75a862aebe92eee1ce032fd950b47d7704a3876923b4ad62844bf4a09c4dbe8b4397184b7471360c9564880aedddb9baa4af2e75394b08cd32ff479c57a07d3eab5d54de5f9738b8d27f27a9f0ab11799d7b7ffefb2704c95c6ad12c39f1e867a4b7b1d7818a4b753dfd2a89ccb45e001a03a867b187f225dd -Cipher = CAMELLIA-192-CFB -Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B -IV = 86F8491627906D780C7A6D46EA331F98 -Operation = ENCRYPT -Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF -Ciphertext = 69511CCE594CF710CB98BB63D7221F01 +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = 02000000000000000000000000000000 +Plaintext = 264d3ca8512194fec312c8c9891f279fefdd608d0c027b60483a3fa811d65ee59d52d9e40ec5672d81532b38b6b089ce951f0f9c35590b8b978d175213f329bb1c2fd30f2f7f30492a61a532a79f51d36f5e31a7c9a12c286082ff7d2394d18f783e1a8e72c722caaaa52d8f065657d2631fd25bfd8e5baad6e527d763517501c68c5edc3cdd55435c532d7125c8614deed9adaa3acade5888b87bef641c4c994c8091b5bcd387f3963fb5bc37aa922fbfe3df4e5b915e6eb514717bdd2a74079a5073f5c4bfd46adf7d282e7a393a52579d11a028da4d9cd9c77124f9648ee383b1ac763930e7162a8d37f350b2f74b8472cf09902063c6b32e8c2d9290cefbd7346d1c779a0df50edcde4531da07b099c638e83a755944df2aef1aa31752fd323dcb710fb4bfbb9d22b925bc3577e1b8949e729a90bbafeacf7f7879e7b1147e28ba0bae940db795a61b15ecf4df8db07b824bb062802cc98a9545bb2aaeed77cb3fc6db15dcd7d80d7d5bc406c4970a3478ada8899b329198eb61c193fb6275aa8ca340344a75a862aebe92eee1ce032fd950b47d7704a3876923b4ad62844bf4a09c4dbe8b4397184b7471360c9564880aedddb9baa4af2e75394b08cd32ff479c57a07d3eab5d54de5f9738b8d27f27a9f0ab11799d7b7ffefb2704c95c6ad12c39f1e867a4b7b1d7818a4b753dfd2a89ccb45e001a03a867b187f225dd +Ciphertext = fa762a3680b76007928ed4a4f49a9456031b704782e65e16cecb54ed7d017b5e18abd67b338e81078f21edb7868d901ebe9c731a7c18b5e6dec1d6a72e078ac9a4262f860beefa14f4e821018272e411a951502b6e79066e84252c3346f3aa62344351a291d4bedc7a07618bdea2af63145cc7a4b8d4070691ae890cd65733e7946e9021a1dffc4c59f159425ee6d50ca9b135fa6162cea18a939838dc000fb386fad086acce5ac07cb2ece7fd580b00cfa5e98589631dc25e8e2a3daf2ffdec26531659912c9d8f7a15e5865ea8fb5816d6207052bd7128cd743c12c8118791a4736811935eb982a532349e31dd401e0b660a568cb1a4711f552f55ded59f1f15bf7196b3ca12a91e488ef59d64f3a02bf45239499ac6176ae321c4a211ec545365971c5d3f4f09d4eb139bfdf2073d33180b21002b65cc9865e76cb24cd92c874c24c18350399a936ab3637079295d76c417776b94efce3a0ef7206b15110519655c956cbd8b2489405ee2b09a6b6eebe0c53790a12a8998378b33a5b71159625f4ba49d2a2fdba59fbf0897bc7aabd8d707dc140a80f0f309f835d3da54ab584e501dfa0ee977fec543f74186a802b9a37adb3e8291eca04d66520d229e60401e7282bef486ae059aa70696e0e305d777140a7a883ecdcb69b9ff938e8a4231864c69ca2c2043bed007ff3e605e014bcf518138dc3a25c5e236171a2d01d6 -Cipher = CAMELLIA-192-CFB -Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B -IV = 69511CCE594CF710CB98BB63D7221F01 -Operation = ENCRYPT -Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 -Ciphertext = D5B5378A3ABED55803F25565D8907B84 +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = fd000000000000000000000000000000 +Plaintext = 8e41b78c390b5af9d758bb214a67e9f6bf7727b09ac6124084c37611398fa45daad94868600ed391fb1acd4857a95b466e62ef9f4b377244d1c152e7b30d731aad30c716d214b707aed99eb5b5e580b3e887cf7497465651d4b60e6042051da3693c3b78c14489543be8b6ad0ba629565bba202313ba7b0d0c94a3252b676f46cc02ce0f8a7d34c0ed229129673c1f61aed579d08a9203a25aac3a77e9db60267996db38df637356d9dcd1632e369939f2a29d89345c66e05066f1a3677aef18dea4113faeb629e46721a66d0a7e785d3e29af2594eb67dfa982affe0aac058f6e15864269b135418261fc3afb089472cf68c45dd7f231c6249ba0255e1e033833fc4d00a3fe02132d7bc3873614b8aee34273581ea0325c81f0270affa13641d052d36f0757d484014354d02d6883ca15c24d8c3956b1bd027bcf41f151fd8023c5340e5606f37e90fdb87c86fb4fa634b3718a30bace06a66eaf8f63c4aa3b637826a87fe8cfa44282e92cb1615af3a28e53bc74c7cba1a0977be9065d0c1a5dec6c54ae38d37f37aa35283e048e5530a85c4e7a29d7b92ec0c3169cdf2a805c7604bce60049b9fb7b8eaac10f51ae23794ceba68bb58112e293b9b692ca721b37c662f8574ed4dba6f88e170881c82cddc1034a0ca7e284bf0962b6b26292d836fa9f73c1ac770eef0f2d3a1eaf61d3e03555fd424eedd67e18a18094f888 +Ciphertext = d55f684f81f4426e9fde92a5ff02df2ac896af63962888a97910c1379e20b0a3b1db613fb7fe2e07004329ea5c22bfd33e3dbe4cf58cc608c2c26c19a2e2fe22f98732c2b5cb844cc6c0702d91e1d50fc4382a7eba5635cd602432a2306ac4ce82f8d70c8d9bc15f918fe71e74c622d5cf71178bf6e0b9cc9f2b41dd8dbe441c41cd0c73a6dc47a348f6702f9d0e9b1b1431e948e299b9ec2272ab2c5f0c7be86affa5dec87a0bee81d3d50007edaa2bcfccb35605155ff36ed8edd4a40dcd4b243acd11b2b987bdbfaf91a7cac27e9c5aea525ee53de7b2d3332c8644402b823e94a7db26276d2d23aa07180f76b4fd29b9c0823099c9d62c519880aee7e9697617c1497d47bf3e571950311421b6b734d38b0db91eb85331b91ea9f61530f54512a5a52a4bad589eb69781d537f23297bb459bdad2948a29e1550bf4787e0be95bb173cf5fab17dab7a13a052a63453d97ccec1a321954886b7a1299faaeecae35c6eaaca753b041b5e5f093bf83397fd21dd6b3012066fcc058cc32c3b09d7562dee29509b5839392c9ff05f51f3166aaac4ac5f238038a3045e6f72e48ef0fe8bc675e82c318a268e43970271bf119b81bf6a982746554f84e72b9f00280a320a08142923c23c883423ff949827f29bbacdc1ccdb04938ce6098c95ba6b32528f4ef78eed778b2e122ddfd1cbdd11d1c0a6783e011fc536d63d053260637 +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = fe000000000000000000000000000000 +Plaintext = d55f684f81f4426e9fde92a5ff02df2ac896af63962888a97910c1379e20b0a3b1db613fb7fe2e07004329ea5c22bfd33e3dbe4cf58cc608c2c26c19a2e2fe22f98732c2b5cb844cc6c0702d91e1d50fc4382a7eba5635cd602432a2306ac4ce82f8d70c8d9bc15f918fe71e74c622d5cf71178bf6e0b9cc9f2b41dd8dbe441c41cd0c73a6dc47a348f6702f9d0e9b1b1431e948e299b9ec2272ab2c5f0c7be86affa5dec87a0bee81d3d50007edaa2bcfccb35605155ff36ed8edd4a40dcd4b243acd11b2b987bdbfaf91a7cac27e9c5aea525ee53de7b2d3332c8644402b823e94a7db26276d2d23aa07180f76b4fd29b9c0823099c9d62c519880aee7e9697617c1497d47bf3e571950311421b6b734d38b0db91eb85331b91ea9f61530f54512a5a52a4bad589eb69781d537f23297bb459bdad2948a29e1550bf4787e0be95bb173cf5fab17dab7a13a052a63453d97ccec1a321954886b7a1299faaeecae35c6eaaca753b041b5e5f093bf83397fd21dd6b3012066fcc058cc32c3b09d7562dee29509b5839392c9ff05f51f3166aaac4ac5f238038a3045e6f72e48ef0fe8bc675e82c318a268e43970271bf119b81bf6a982746554f84e72b9f00280a320a08142923c23c883423ff949827f29bbacdc1ccdb04938ce6098c95ba6b32528f4ef78eed778b2e122ddfd1cbdd11d1c0a6783e011fc536d63d053260637 +Ciphertext = 72efc1ebfe1ee25975a6eb3aa8589dda2b261f1c85bdab442a9e5b2dd1d7c3957a16fc08e526d4b1223f1b1232a11af274c3d70dac57f83e0983c498f1a6f1aecb021c3e70085a1e527f1ce41ee5911a82020161529cd82773762daf5459de94a0a82adae7e1703c808543c29ed6fb32d9e004327c1355180c995a07741493a09c21ba01a387882da4f62534b87bb15d60d197201c0fd3bf30c1500a3ecfecdd66d8721f90bcc4c17ee925c61b0a03727a9c0d5f5ca462fbfa0af1c2513a9d9d4b5345bd27a5f6e653f751693e6b6a2b8ead57d511e00e58c45b7b8d005af79288f5c7c22fd4f1bf7a898b03a5634c6a1ae3f9fae5de4f296a2896b23e7ed43ed14fa5a2803f4d28f0d3ffcf24757677aebdb47bb388378708948a8d4126ed1839e0da29a537a8c198b3c66ab00712dd261674bf45a73d67f76914f830ca014b65596f27e4cf62de66125a5566df9975155628b400fbfb3a29040ed50faffdbb18aece7c5c44693260aab386c0a37b11b114f1c415aebb653be468179428d43a4d8bc3ec38813eca30a13cf1bb18d524f1992d44d8b1a42ea30b22e6c95b199d8d182f8840b09d059585c31ad691fa0619ff038aca2c39a943421157361717c49d322028a74648113bd8c9d7ec77cf3c89c1ec8718ceff8516d96b34c3c614f10699c9abc4ed0411506223bea16af35c883accdbe1104eef0cfdb54e12fb230a -# CFB128-CAMELLIA192.Decrypt -Cipher = CAMELLIA-192-CFB -Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B -IV = 000102030405060708090A0B0C0D0E0F -Operation = DECRYPT -Plaintext = 6BC1BEE22E409F96E93D7E117393172A -Ciphertext = C832BB9780677DAA82D9B6860DCD565E +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = ff000000000000000000000000000000 +Plaintext = 72efc1ebfe1ee25975a6eb3aa8589dda2b261f1c85bdab442a9e5b2dd1d7c3957a16fc08e526d4b1223f1b1232a11af274c3d70dac57f83e0983c498f1a6f1aecb021c3e70085a1e527f1ce41ee5911a82020161529cd82773762daf5459de94a0a82adae7e1703c808543c29ed6fb32d9e004327c1355180c995a07741493a09c21ba01a387882da4f62534b87bb15d60d197201c0fd3bf30c1500a3ecfecdd66d8721f90bcc4c17ee925c61b0a03727a9c0d5f5ca462fbfa0af1c2513a9d9d4b5345bd27a5f6e653f751693e6b6a2b8ead57d511e00e58c45b7b8d005af79288f5c7c22fd4f1bf7a898b03a5634c6a1ae3f9fae5de4f296a2896b23e7ed43ed14fa5a2803f4d28f0d3ffcf24757677aebdb47bb388378708948a8d4126ed1839e0da29a537a8c198b3c66ab00712dd261674bf45a73d67f76914f830ca014b65596f27e4cf62de66125a5566df9975155628b400fbfb3a29040ed50faffdbb18aece7c5c44693260aab386c0a37b11b114f1c415aebb653be468179428d43a4d8bc3ec38813eca30a13cf1bb18d524f1992d44d8b1a42ea30b22e6c95b199d8d182f8840b09d059585c31ad691fa0619ff038aca2c39a943421157361717c49d322028a74648113bd8c9d7ec77cf3c89c1ec8718ceff8516d96b34c3c614f10699c9abc4ed0411506223bea16af35c883accdbe1104eef0cfdb54e12fb230a +Ciphertext = 3260ae8dad1f4a32c5cafe3ab0eb95549d461a67ceb9e5aa2d3afb62dece0553193ba50c75be251e08d1d08f1088576c7efdfaaf3f459559571e12511753b07af073f35da06af0ce0bbf6b8f5ccc5cea500ec1b211bd51f63b606bf6528796ca12173ba39b8935ee44ccce646f90a45bf9ccc567f0ace13dc2d53ebeedc81f58b2e41179dddf0d5a5c42f5d8506c1a5d2f8f59f3ea873cbcd0eec19acbf325423bd3dcb8c2b1bf1d1eaed0eba7f0698e4314fbeb2f1566d1b9253008cbccf45a2b0d9c5c9c21474f4076e02be26050b99dee4fd68a4cf890e496e4fcae7b70f94ea5a9062da0daeba1993d2ccd1dd3c244b8428801495a58b216547e7e847c46d1d756377b6242d2e5fb83bf752b54e0df71e889f3a2bb0f4c10805bf3c590376e3c24e22ff57f7fa965577375325cea5d920db94b9c336b455f6e894c01866fe9fbb8c8d3f70a2957285f6dfb5dcd8cbf54782f8fe7766d4723819913ac773421e3a31095866bad22c86a6036b2518b2059b4229d18c8c2ccbdf906c6cc6e82464ee57bddb0bebcb1dc645325bfb3e665ef7251082c88ebb1cf203bd779fdd38675713c8daadd17e1cabee432b09787b6ddf3304e38b731b45df5df51b78fcfb3d32466028d0ba36555e7e11ab0ee0666061d1645d962444bc47a38188930a84b4d561395c73c087021927ca638b7afc8a8679ccb84c26555440ec7f10445cd -Cipher = CAMELLIA-192-CFB -Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B -IV = C832BB9780677DAA82D9B6860DCD565E -Operation = DECRYPT -Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 -Ciphertext = 86F8491627906D780C7A6D46EA331F98 -Cipher = CAMELLIA-192-CFB -Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B -IV = 86F8491627906D780C7A6D46EA331F98 -Operation = DECRYPT -Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF -Ciphertext = 69511CCE594CF710CB98BB63D7221F01 +Cipher = aes-256-xts +Key = 27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592 +IV = ff000000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff +Ciphertext = 1c3b3a102f770386e4836c99e370cf9bea00803f5e482357a4ae12d414a3e63b5d31e276f8fe4a8d66b317f9ac683f44680a86ac35adfc3345befecb4bb188fd5776926c49a3095eb108fd1098baec70aaa66999a72a82f27d848b21d4a741b0c5cd4d5fff9dac89aeba122961d03a757123e9870f8acf1000020887891429ca2a3e7a7d7df7b10355165c8b9a6d0a7de8b062c4500dc4cd120c0f7418dae3d0b5781c34803fa75421c790dfe1de1834f280d7667b327f6c8cd7557e12ac3a0f93ec05c52e0493ef31a12d3d9260f79a289d6a379bc70c50841473d1a8cc81ec583e9645e07b8d9670655ba5bbcfecc6dc3966380ad8fecb17b6ba02469a020a84e18e8f84252070c13e9f1f289be54fbc481457778f616015e1327a02b140f1505eb309326d68378f8374595c849d84f4c333ec4423885143cb47bd71c5edae9be69a2ffeceb1bec9de244fbe15992b11b77c040f12bd8f6a975a44a0f90c29a9abc3d4d893927284c58754cce294529f8614dcd2aba991925fedc4ae74ffac6e333b93eb4aff0479da9a410e4450e0dd7ae4c6e2910900575da401fc07059f645e8b7e9bfdef33943054ff84011493c27b3429eaedb4ed5376441a77ed43851ad77f16f541dfd269d50d6a5f14fb0aab1cbb4c1550be97f7ab4066193c4caa773dad38014bd2092fa755c824bb5e54c4f36ffda9fcea70b9c6e693e148c151 -Cipher = CAMELLIA-192-CFB -Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B -IV = 69511CCE594CF710CB98BB63D7221F01 -Operation = DECRYPT -Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 -Ciphertext = D5B5378A3ABED55803F25565D8907B84 +Cipher = aes-256-xts +Key = 27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592 +IV = ffff0000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff +Ciphertext = 77a31251618a15e6b92d1d66dffe7b50b50bad552305ba0217a610688eff7e11e1d0225438e093242d6db274fde801d4cae06f2092c728b2478559df58e837c2469ee4a4fa794e4bbc7f39bc026e3cb72c33b0888f25b4acf56a2a9804f1ce6d3d6e1dc6ca181d4b546179d55544aa7760c40d06741539c7e3cd9d2f6650b2013fd0eeb8c2b8e3d8d240ccae2d4c98320a7442e1c8d75a42d6e6cfa4c2eca1798d158c7aecdf82490f24bb9b38e108bcda12c3faf9a21141c3613b58367f922aaa26cd22f23d708dae699ad7cb40a8ad0b6e2784973dcb605684c08b8d6998c69aac049921871ebb65301a4619ca80ecb485a31d744223ce8ddc2394828d6a80470c092f5ba413c3378fa6054255c6f9df4495862bbb3287681f931b687c888abf844dfc8fc28331e579928cd12bd2390ae123cf03818d14dedde5c0c24c8ab018bfca75ca096f2d531f3d1619e785f1ada437cab92e980558b3dce1474afb75bfedbf8ff54cb2618e0244c9ac0d3c66fb51598cd2db11f9be39791abe447c63094f7c453b7ff87cb5bb36b7c79efb0872d17058b83b15ab0866ad8a58656c5a7e20dbdf308b2461d97c0ec0024a2715055249cf3b478ddd4740de654f75ca686e0d7345c69ed50cdc2a8b332b1f8824108ac937eb050585608ee734097fc09054fbff89eeaeea791f4a7ab1f9868294a4f9e27b42af8100cb9d59cef9645803 +Cipher = aes-256-xts +Key = 27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592 +IV = ffffff00000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff +Ciphertext = e387aaa58ba483afa7e8eb469778317ecf4cf573aa9d4eac23f2cdf914e4e200a8b490e42ee646802dc6ee2b471b278195d60918ececb44bf79966f83faba0499298ebc699c0c8634715a320bb4f075d622e74c8c932004f25b41e361025b5a87815391f6108fc4afa6a05d9303c6ba68a128a55705d415985832fdeaae6c8e19110e84d1b1f199a2692119edc96132658f09da7c623efcec712537a3d94c0bf5d7e352ec94ae5797fdb377dc1551150721adf15bd26a8efc2fcaad56881fa9e62462c28f30ae1ceaca93c345cf243b73f542e2074a705bd2643bb9f7cc79bb6e7091ea6e232df0f9ad0d6cf502327876d82207abf2115cdacf6d5a48f6c1879a65b115f0f8b3cb3c59d15dd8c769bc014795a1837f3901b5845eb491adfefe097b1fa30a12fc1f65ba22905031539971a10f2f36c321bb51331cdefb39e3964c7ef079994f5b69b2edd83a71ef549971ee93f44eac3938fcdd61d01fa71799da3a8091c4c48aa9ed263ff0749df95d44fef6a0bb578ec69456aa5408ae32c7af08ad7ba8921287e3bbee31b767be06a0e705c864a769137df28292283ea81a2480241b44d9921cdbec1bc28dc1fda114bd8e5217ac9d8ebafa720e9da4f9ace231cc949e5b96fe76ffc21063fddc83a6b8679c00d35e09576a875305bed5f36ed242c8900dd1fa965bc950dfce09b132263a1eef52dd6888c309f5a7d712826 -# CFB128-CAMELLIA256.Encrypt -Cipher = CAMELLIA-256-CFB -Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 -IV = 000102030405060708090A0B0C0D0E0F -Operation = ENCRYPT -Plaintext = 6BC1BEE22E409F96E93D7E117393172A -Ciphertext = CF6107BB0CEA7D7FB1BD31F5E7B06C93 +Cipher = aes-256-xts +Key = 27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592 +IV = ffffffff000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff +Ciphertext = bf53d2dade78e822a4d949a9bc6766b01b06a8ef70d26748c6a7fc36d80ae4c5520f7c4ab0ac8544424fa405162fef5a6b7f229498063618d39f0003cb5fb8d1c86b643497da1ff945c8d3bedeca4f479702a7a735f043ddb1d6aaade3c4a0ac7ca7f3fa5279bef56f82cd7a2f38672e824814e10700300a055e1630b8f1cb0e919f5e942010a416e2bf48cb46993d3cb6a51c19bacf864785a00bc2ecff15d350875b246ed53e68be6f55bd7e05cfc2b2ed6432198a6444b6d8c247fab941f569768b5c429366f1d3f00f0345b96123d56204c01c63b22ce78baf116e525ed90fdea39fa469494d3866c31e05f295ff21fea8d4e6e13d67e47ce722e9698a1c1048d68ebcde76b86fcf976eab8aa9790268b7068e017a8b9b749409514f1053027fd16c3786ea1bac5f15cb79711ee2abe82f5cf8b13ae73030ef5b9e4457e75d1304f988d62dd6fc4b94ed38ba831da4b7634971b6cd8ec325d9c61c00f1df73627ed3745a5e8489f3a95c69639c32cd6e1d537a85f75cc844726e8a72fc0077ad22000f1d5078f6b866318c668f1ad03d5a5fced5219f2eabbd0aa5c0f460d183f04404a0d6f469558e81fab24a167905ab4c7878502ad3e38fdbe62a41556cec37325759533ce8f25f367c87bb5578d667ae93f9e2fd99bcbc5f2fbba88cf6516139420fcff3b7361d86322c4bd84c82f335abb152c4a93411373aaa8220 -Cipher = CAMELLIA-256-CFB -Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 -IV = CF6107BB0CEA7D7FB1BD31F5E7B06C93 -Operation = ENCRYPT -Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 -Ciphertext = 89BEDB4CCDD864EA11BA4CBE849B5E2B +Cipher = aes-256-xts +Key = 27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592 +IV = ffffffffff0000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff +Ciphertext = 64497e5a831e4a932c09be3e5393376daa599548b816031d224bbf50a818ed2350eae7e96087c8a0db51ad290bd00c1ac1620857635bf246c176ab463be30b808da548081ac847b158e1264be25bb0910bbc92647108089415d45fab1b3d2604e8a8eff1ae4020cfa39936b66827b23f371b92200be90251e6d73c5f86de5fd4a950781933d79a28272b782a2ec313efdfcc0628f43d744c2dc2ff3dcb66999b50c7ca895b0c64791eeaa5f29499fb1c026f84ce5b5c72ba1083cddb5ce45434631665c333b60b11593fb253c5179a2c8db813782a004856a1653011e93fb6d876c18366dd8683f53412c0c180f9c848592d593f8609ca736317d356e13e2bff3a9f59cd9aeb19cd482593d8c46128bb32423b37a9adfb482b99453fbe25a41bf6feb4aa0bef5ed24bf73c762978025482c13115e4015aac992e5613a3b5c2f685b84795cb6e9b2656d8c88157e52c42f978d8634c43d06fea928f2822e465aa6576e9bf419384506cc3ce3c54ac1a6f67dc66f3b30191e698380bc999b05abce19dc0c6dcc2dd001ec535ba18deb2df1a101023108318c75dc98611a09dc48a0acdec676fabdf222f07e026f059b672b56e5cbc8e1d21bbd867dd927212054681d70ea737134cdfce93b6f82ae22423274e58a0821cc5502e2d0ab4585e94de6975be5e0b4efce51cd3e70c25a1fbbbd609d273ad5b0d59631c531f6a0a57b9 -Cipher = CAMELLIA-256-CFB -Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 -IV = 89BEDB4CCDD864EA11BA4CBE849B5E2B -Operation = ENCRYPT -Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF -Ciphertext = 555FC3F34BDD2D54C62D9E3BF338C1C4 -Cipher = CAMELLIA-256-CFB -Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 -IV = 555FC3F34BDD2D54C62D9E3BF338C1C4 -Operation = ENCRYPT -Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 -Ciphertext = 5953ADCE14DB8C7F39F1BD39F359BFFA +Cipher = aes-128-xts +Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0 +IV = 9a785634120000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f10 +Ciphertext = 6c1625db4671522d3d7599601de7ca09ed +Cipher = aes-128-xts +Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0 +IV = 9a785634120000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f1011 +Ciphertext = d069444b7a7e0cab09e24447d24deb1fedbf -# CFB128-CAMELLIA256.Decrypt -Cipher = CAMELLIA-256-CFB -Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 -IV = 000102030405060708090A0B0C0D0E0F -Operation = DECRYPT -Plaintext = 6BC1BEE22E409F96E93D7E117393172A -Ciphertext = CF6107BB0CEA7D7FB1BD31F5E7B06C93 +Cipher = aes-128-xts +Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0 +IV = 9a785634120000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112 +Ciphertext = e5df1351c0544ba1350b3363cd8ef4beedbf9d -Cipher = CAMELLIA-256-CFB -Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 -IV = CF6107BB0CEA7D7FB1BD31F5E7B06C93 -Operation = DECRYPT -Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 -Ciphertext = 89BEDB4CCDD864EA11BA4CBE849B5E2B +Cipher = aes-128-xts +Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0 +IV = 9a785634120000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f10111213 +Ciphertext = 9d84c813f719aa2c7be3f66171c7c5c2edbf9dac -Cipher = CAMELLIA-256-CFB -Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 -IV = 89BEDB4CCDD864EA11BA4CBE849B5E2B -Operation = DECRYPT -Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF -Ciphertext = 555FC3F34BDD2D54C62D9E3BF338C1C4 +Cipher = aes-128-xts +Key = e0e1e2e3e4e5e6e7e8e9eaebecedeeefc0c1c2c3c4c5c6c7c8c9cacbcccdcecf +IV = 21436587a90000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff +Ciphertext = 38b45812ef43a05bd957e545907e223b954ab4aaf088303ad910eadf14b42be68b2461149d8c8ba85f992be970bc621f1b06573f63e867bf5875acafa04e42ccbd7bd3c2a0fb1fff791ec5ec36c66ae4ac1e806d81fbf709dbe29e471fad38549c8e66f5345d7c1eb94f405d1ec785cc6f6a68f6254dd8339f9d84057e01a17741990482999516b5611a38f41bb6478e6f173f320805dd71b1932fc333cb9ee39936beea9ad96fa10fb4112b901734ddad40bc1878995f8e11aee7d141a2f5d48b7a4e1e7f0b2c04830e69a4fd1378411c2f287edf48c6c4e5c247a19680f7fe41cefbd49b582106e3616cbbe4dfb2344b2ae9519391f3e0fb4922254b1d6d2d19c6d4d537b3a26f3bcc51588b32f3eca0829b6a5ac72578fb814fb43cf80d64a233e3f997a3f02683342f2b33d25b492536b93becb2f5e1a8b82f5b883342729e8ae09d16938841a21a97fb543eea3bbff59f13c1a18449e398701c1ad51648346cbc04c27bb2da3b93a1372ccae548fb53bee476f9e9c91773b1bb19828394d55d3e1a20ed69113a860b6829ffa847224604435070221b257e8dff783615d2cae4803a93aa4334ab482a0afac9c0aeda70b45a481df5dec5df8cc0f423c77a5fd46cd312021d4b438862419a791be03bb4d97c0e59578542531ba466a83baf92cefc151b5cc1611a167893819b63fb8a6b18e86de60290fa72b797b0ce59f3 -Cipher = CAMELLIA-256-CFB -Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 -IV = 555FC3F34BDD2D54C62D9E3BF338C1C4 -Operation = DECRYPT -Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 -Ciphertext = 5953ADCE14DB8C7F39F1BD39F359BFFA +# Exercise different lengths covering even ciphertext stealing cases +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = 00000000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f +Ciphertext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = 00000000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f6061 +Ciphertext = 27A7479BEFA1D476489F308CD4CFA6E2A96E4BBE3208FF25287DD3819616E89CC78CF7F5E543445F8333D8FA7F56000005279FA5D8B5E4AD40E736DDB4D35412328063FD2AAB53E5EA1E0A9F332500A5B079C6307EA0914559C6D2FB6384F8AADF94 -# For all OFB encrypts and decrypts, the transformed sequence is -# CAMELLIA-bits-OFB:key:IV/output':plaintext:ciphertext:encdec -# OFB-CAMELLIA128.Encrypt -Cipher = CAMELLIA-128-OFB -Key = 2B7E151628AED2A6ABF7158809CF4F3C -IV = 000102030405060708090A0B0C0D0E0F -Operation = ENCRYPT -Plaintext = 6BC1BEE22E409F96E93D7E117393172A -Ciphertext = 14F7646187817EB586599146B82BD719 +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = 00000000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f +Ciphertext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce84 -Cipher = CAMELLIA-128-OFB -Key = 2B7E151628AED2A6ABF7158809CF4F3C -IV = 50FE67CC996D32B6DA0937E99BAFEC60 -Operation = ENCRYPT -Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 -Ciphertext = 25623DB569CA51E01482649977E28D84 +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = 00000000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f7071 +Ciphertext = 27A7479BEFA1D476489F308CD4CFA6E2A96E4BBE3208FF25287DD3819616E89CC78CF7F5E543445F8333D8FA7F56000005279FA5D8B5E4AD40E736DDB4D35412328063FD2AAB53E5EA1E0A9F332500A5DF9487D07A5C92CC512C8866C7E860CEF4F253466EF4953ADC8FE2F5BC1FF57593FD -Cipher = CAMELLIA-128-OFB -Key = 2B7E151628AED2A6ABF7158809CF4F3C -IV = D9A4DADA0892239F6B8B3D7680E15674 -Operation = ENCRYPT -Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF -Ciphertext = C776634A60729DC657D12B9FCA801E98 +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = 00000000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f +Ciphertext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad0265 -Cipher = CAMELLIA-128-OFB -Key = 2B7E151628AED2A6ABF7158809CF4F3C -IV = A78819583F0308E7A6BF36B1386ABF23 -Operation = ENCRYPT -Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 -Ciphertext = D776379BE0E50825E681DA1A4C980E8E +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = 00000000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f8081 +Ciphertext = 27A7479BEFA1D476489F308CD4CFA6E2A96E4BBE3208FF25287DD3819616E89CC78CF7F5E543445F8333D8FA7F56000005279FA5D8B5E4AD40E736DDB4D35412328063FD2AAB53E5EA1E0A9F332500A5DF9487D07A5C92CC512C8866C7E860CE93FDF166A24912B422976146AE20CE842973C68248EDDFE26FB9B096659C8A5D6BB7 +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = 00000000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f +Ciphertext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad02655ea92dc4c4e41a8952c651d33174be51 -# OFB-CAMELLIA128.Decrypt -Cipher = CAMELLIA-128-OFB -Key = 2B7E151628AED2A6ABF7158809CF4F3C -IV = 000102030405060708090A0B0C0D0E0F -Operation = DECRYPT -Plaintext = 6BC1BEE22E409F96E93D7E117393172A -Ciphertext = 14F7646187817EB586599146B82BD719 +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = 00000000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f9091 +Ciphertext = 27A7479BEFA1D476489F308CD4CFA6E2A96E4BBE3208FF25287DD3819616E89CC78CF7F5E543445F8333D8FA7F56000005279FA5D8B5E4AD40E736DDB4D35412328063FD2AAB53E5EA1E0A9F332500A5DF9487D07A5C92CC512C8866C7E860CE93FDF166A24912B422976146AE20CE846BB7DC9BA94A767AAEF20C0D61AD0265C4DD16E65A24575A709F174593F19FF85EA9 -Cipher = CAMELLIA-128-OFB -Key = 2B7E151628AED2A6ABF7158809CF4F3C -IV = 50FE67CC996D32B6DA0937E99BAFEC60 -Operation = DECRYPT -Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 -Ciphertext = 25623DB569CA51E01482649977E28D84 +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = 00000000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f +Ciphertext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad02655ea92dc4c4e41a8952c651d33174be51a10c421110e6d81588ede82103a252d8 -Cipher = CAMELLIA-128-OFB -Key = 2B7E151628AED2A6ABF7158809CF4F3C -IV = D9A4DADA0892239F6B8B3D7680E15674 -Operation = DECRYPT -Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF -Ciphertext = C776634A60729DC657D12B9FCA801E98 +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = 00000000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1 +Ciphertext = 27A7479BEFA1D476489F308CD4CFA6E2A96E4BBE3208FF25287DD3819616E89CC78CF7F5E543445F8333D8FA7F56000005279FA5D8B5E4AD40E736DDB4D35412328063FD2AAB53E5EA1E0A9F332500A5DF9487D07A5C92CC512C8866C7E860CE93FDF166A24912B422976146AE20CE846BB7DC9BA94A767AAEF20C0D61AD02655EA92DC4C4E41A8952C651D33174BE519215FA160C664D4B07D757A034AB3B35A10C -Cipher = CAMELLIA-128-OFB -Key = 2B7E151628AED2A6ABF7158809CF4F3C -IV = A78819583F0308E7A6BF36B1386ABF23 -Operation = DECRYPT -Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 -Ciphertext = D776379BE0E50825E681DA1A4C980E8E +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = 00000000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf +Ciphertext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad02655ea92dc4c4e41a8952c651d33174be51a10c421110e6d81588ede82103a252d8a750e8768defffed9122810aaeb99f91 +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = 00000000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1 +Ciphertext = 27A7479BEFA1D476489F308CD4CFA6E2A96E4BBE3208FF25287DD3819616E89CC78CF7F5E543445F8333D8FA7F56000005279FA5D8B5E4AD40E736DDB4D35412328063FD2AAB53E5EA1E0A9F332500A5DF9487D07A5C92CC512C8866C7E860CE93FDF166A24912B422976146AE20CE846BB7DC9BA94A767AAEF20C0D61AD02655EA92DC4C4E41A8952C651D33174BE51A10C421110E6D81588EDE82103A252D82C6CBC24F9357BD1FB882AA4B2CC2E7FA750 -# OFB-CAMELLIA192.Encrypt -Cipher = CAMELLIA-192-OFB -Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B -IV = 000102030405060708090A0B0C0D0E0F +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = 00000000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebf +Ciphertext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad02655ea92dc4c4e41a8952c651d33174be51a10c421110e6d81588ede82103a252d8a750e8768defffed9122810aaeb99f9172af82b604dc4b8e51bcb08235a6f434 + +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = 00000000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1 +Ciphertext = 27A7479BEFA1D476489F308CD4CFA6E2A96E4BBE3208FF25287DD3819616E89CC78CF7F5E543445F8333D8FA7F56000005279FA5D8B5E4AD40E736DDB4D35412328063FD2AAB53E5EA1E0A9F332500A5DF9487D07A5C92CC512C8866C7E860CE93FDF166A24912B422976146AE20CE846BB7DC9BA94A767AAEF20C0D61AD02655EA92DC4C4E41A8952C651D33174BE51A10C421110E6D81588EDE82103A252D8A750E8768DEFFFED9122810AAEB99F910409B03D164E727C31290FD4E039500872AF + +# AES wrap tests from RFC3394 +Cipher = id-aes128-wrap +Key = 000102030405060708090A0B0C0D0E0F +Plaintext = 00112233445566778899AABBCCDDEEFF +Ciphertext = 1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5 + +Cipher = id-aes192-wrap +Key = 000102030405060708090A0B0C0D0E0F1011121314151617 +Plaintext = 00112233445566778899AABBCCDDEEFF +Ciphertext = 96778B25AE6CA435F92B5B97C050AED2468AB8A17AD84E5D + +Cipher = id-aes256-wrap +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Plaintext = 00112233445566778899AABBCCDDEEFF +Ciphertext = 64E8C3F9CE0F5BA263E9777905818A2A93C8191E7D6E8AE7 + +Cipher = id-aes192-wrap +Key = 000102030405060708090A0B0C0D0E0F1011121314151617 +Plaintext = 00112233445566778899AABBCCDDEEFF0001020304050607 +Ciphertext = 031D33264E15D33268F24EC260743EDCE1C6C7DDEE725A936BA814915C6762D2 + +Cipher = id-aes256-wrap +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Plaintext = 00112233445566778899AABBCCDDEEFF0001020304050607 +Ciphertext = A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1 + +Cipher = id-aes256-wrap +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Plaintext = 00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F +Ciphertext = 28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B7A02DD21 + +# Same as previous example but with invalid unwrap key: should be rejected +# without returning any plaintext +Cipher = id-aes256-wrap +Operation = DECRYPT +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E00 +Plaintext = 00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F +Ciphertext = 28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B7A02DD21 +Result = CIPHERUPDATE_ERROR + + +# AES wrap tests from RFC5649 +Cipher = id-aes192-wrap-pad +Key = 5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8 +Plaintext = c37b7e6492584340bed12207808941155068f738 +Ciphertext = 138bdeaa9b8fa7fc61f97742e72248ee5ae6ae5360d1ae6a5f54f373fa543b6a + +Cipher = id-aes192-wrap-pad +Key = 5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8 +Plaintext = 466f7250617369 +Ciphertext = afbeb0f07dfbf5419200f2ccb50bb24f + +Title = RC4 tests + +Cipher = RC4 +Key = 0123456789abcdef0123456789abcdef +Plaintext = 0123456789abcdef +Ciphertext = 75b7878099e0c596 + +Cipher = RC4 +Key = 0123456789abcdef0123456789abcdef +Plaintext = 0000000000000000 +Ciphertext = 7494c2e7104b0879 + +Cipher = RC4 +Key = 00000000000000000000000000000000 +Plaintext = 0000000000000000 +Ciphertext = de188941a3375d3a + +Cipher = RC4 +Key = ef012345ef012345ef012345ef012345 +Plaintext = 0000000000000000000000000000000000000000 +Ciphertext = d6a141a7ec3c38dfbd615a1162e1c7ba36b67858 + +Cipher = RC4 +Key = 0123456789abcdef0123456789abcdef +Plaintext = 123456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345678 +Ciphertext = 66a0949f8af7d6891f7f832ba833c00c892ebe30143ce28740011ecf + +Cipher = RC4 +Key = ef012345ef012345ef012345ef012345 +Plaintext = 00000000000000000000 +Ciphertext = d6a141a7ec3c38dfbd61 + +Title = Camellia tests from RFC3713 + +# For all ECB encrypts and decrypts, the transformed sequence is +# CAMELLIA-bits-ECB:key::plaintext:ciphertext:encdec +Cipher = CAMELLIA-128-ECB +Key = 0123456789abcdeffedcba9876543210 +Plaintext = 0123456789abcdeffedcba9876543210 +Ciphertext = 67673138549669730857065648eabe43 + +Cipher = CAMELLIA-192-ECB +Key = 0123456789abcdeffedcba98765432100011223344556677 +Plaintext = 0123456789abcdeffedcba9876543210 +Ciphertext = b4993401b3e996f84ee5cee7d79b09b9 + +Cipher = CAMELLIA-256-ECB +Key = 0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff +Plaintext = 0123456789abcdeffedcba9876543210 +Ciphertext = 9acc237dff16d76c20ef7c919e3a7509 + +# ECB-CAMELLIA128.Encrypt +Cipher = CAMELLIA-128-ECB +Key = 000102030405060708090A0B0C0D0E0F Operation = ENCRYPT -Plaintext = 6BC1BEE22E409F96E93D7E117393172A -Ciphertext = C832BB9780677DAA82D9B6860DCD565E +Plaintext = 00112233445566778899AABBCCDDEEFF +Ciphertext = 77CF412067AF8270613529149919546F -Cipher = CAMELLIA-192-OFB -Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B -IV = A609B38DF3B1133DDDFF2718BA09565E +Cipher = CAMELLIA-192-ECB +Key = 000102030405060708090A0B0C0D0E0F1011121314151617 Operation = ENCRYPT -Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 -Ciphertext = 8ECEB7D0350D72C7F78562AEBDF99339 +Plaintext = 00112233445566778899AABBCCDDEEFF +Ciphertext = B22F3C36B72D31329EEE8ADDC2906C68 -Cipher = CAMELLIA-192-OFB -Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B -IV = 52EF01DA52602FE0975F78AC84BF8A50 +Cipher = CAMELLIA-256-ECB +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F Operation = ENCRYPT +Plaintext = 00112233445566778899AABBCCDDEEFF +Ciphertext = 2EDF1F3418D53B88841FC8985FB1ECF2 + + +# ECB-CAMELLIA128.Encrypt and ECB-CAMELLIA128.Decrypt +Cipher = CAMELLIA-128-ECB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 432FC5DCD628115B7C388D770B270C96 + +Cipher = CAMELLIA-128-ECB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 0BE1F14023782A22E8384C5ABB7FAB2B + +Cipher = CAMELLIA-128-ECB +Key = 2B7E151628AED2A6ABF7158809CF4F3C Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF -Ciphertext = BDD62DBBB9700846C53B507F544696F0 +Ciphertext = A0A1ABCD1893AB6FE0FE5B65DF5F8636 -Cipher = CAMELLIA-192-OFB -Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B -IV = BD5286AC63AABD7EB067AC54B553F71D -Operation = ENCRYPT +Cipher = CAMELLIA-128-ECB +Key = 2B7E151628AED2A6ABF7158809CF4F3C Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 -Ciphertext = E28014E046B802F385C4C2E13EAD4A72 +Ciphertext = E61925E0D5DFAA9BB29F815B3076E51A -# OFB-CAMELLIA192.Decrypt -Cipher = CAMELLIA-192-OFB +# ECB-CAMELLIA192.Encrypt and ECB-CAMELLIA192.Decrypt +Cipher = CAMELLIA-192-ECB Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B -IV = 000102030405060708090A0B0C0D0E0F -Operation = DECRYPT Plaintext = 6BC1BEE22E409F96E93D7E117393172A -Ciphertext = C832BB9780677DAA82D9B6860DCD565E +Ciphertext = CCCC6C4E138B45848514D48D0D3439D3 -Cipher = CAMELLIA-192-OFB +Cipher = CAMELLIA-192-ECB Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B -IV = A609B38DF3B1133DDDFF2718BA09565E -Operation = DECRYPT Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 -Ciphertext = 8ECEB7D0350D72C7F78562AEBDF99339 +Ciphertext = 5713C62C14B2EC0F8393B6AFD6F5785A -Cipher = CAMELLIA-192-OFB +Cipher = CAMELLIA-192-ECB Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B -IV = 52EF01DA52602FE0975F78AC84BF8A50 -Operation = DECRYPT Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF -Ciphertext = BDD62DBBB9700846C53B507F544696F0 +Ciphertext = B40ED2B60EB54D09D030CF511FEEF366 -Cipher = CAMELLIA-192-OFB +Cipher = CAMELLIA-192-ECB Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B -IV = BD5286AC63AABD7EB067AC54B553F71D -Operation = DECRYPT Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 -Ciphertext = E28014E046B802F385C4C2E13EAD4A72 +Ciphertext = 909DBD95799096748CB27357E73E1D26 -# OFB-CAMELLIA256.Encrypt -Cipher = CAMELLIA-256-OFB +# ECB-CAMELLIA256.Encrypt and ECB-CAMELLIA256.Decrypt +Cipher = CAMELLIA-256-ECB Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 -IV = 000102030405060708090A0B0C0D0E0F -Operation = ENCRYPT Plaintext = 6BC1BEE22E409F96E93D7E117393172A -Ciphertext = CF6107BB0CEA7D7FB1BD31F5E7B06C93 +Ciphertext = BEFD219B112FA00098919CD101C9CCFA -Cipher = CAMELLIA-256-OFB +Cipher = CAMELLIA-256-ECB Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 -IV = B7BF3A5DF43989DD97F0FA97EBCE2F4A -Operation = ENCRYPT Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 -Ciphertext = 127AD97E8E3994E4820027D7BA109368 +Ciphertext = C91D3A8F1AEA08A9386CF4B66C0169EA -Cipher = CAMELLIA-256-OFB +Cipher = CAMELLIA-256-ECB Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 -IV = E1C656305ED1A7A6563805746FE03EDC -Operation = ENCRYPT Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF -Ciphertext = 6BFF6265A6A6B7A535BC65A80B17214E +Ciphertext = A623D711DC5F25A51BB8A80D56397D28 -Cipher = CAMELLIA-256-OFB +Cipher = CAMELLIA-256-ECB Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 -IV = 41635BE625B48AFC1666DD42A09D96E7 -Operation = ENCRYPT Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 -Ciphertext = 0A4A0404E26AA78A27CB271E8BF3CF20 +Ciphertext = 7960109FB6DC42947FCFE59EA3C5EB6B -# OFB-CAMELLIA256.Decrypt -Cipher = CAMELLIA-256-OFB -Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +# For all CBC encrypts and decrypts, the transformed sequence is +# CAMELLIA-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec +# CBC-CAMELLIA128.Encrypt and CBC-CAMELLIA128.Decrypt +Cipher = CAMELLIA-128-CBC +Key = 2B7E151628AED2A6ABF7158809CF4F3C IV = 000102030405060708090A0B0C0D0E0F -Operation = DECRYPT Plaintext = 6BC1BEE22E409F96E93D7E117393172A -Ciphertext = CF6107BB0CEA7D7FB1BD31F5E7B06C93 +Ciphertext = 1607CF494B36BBF00DAEB0B503C831AB -Cipher = CAMELLIA-256-OFB -Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 -IV = B7BF3A5DF43989DD97F0FA97EBCE2F4A -Operation = DECRYPT +Cipher = CAMELLIA-128-CBC +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 1607CF494B36BBF00DAEB0B503C831AB Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 -Ciphertext = 127AD97E8E3994E4820027D7BA109368 +Ciphertext = A2F2CF671629EF7840C5A5DFB5074887 -Cipher = CAMELLIA-256-OFB -Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 -IV = E1C656305ED1A7A6563805746FE03EDC -Operation = DECRYPT +Cipher = CAMELLIA-128-CBC +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = A2F2CF671629EF7840C5A5DFB5074887 Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF -Ciphertext = 6BFF6265A6A6B7A535BC65A80B17214E +Ciphertext = 0F06165008CF8B8B5A63586362543E54 -Cipher = CAMELLIA-256-OFB -Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 -IV = 41635BE625B48AFC1666DD42A09D96E7 -Operation = DECRYPT +Cipher = CAMELLIA-128-CBC +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 36A84CDAFD5F9A85ADA0F0A993D6D577 Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 -Ciphertext = 0A4A0404E26AA78A27CB271E8BF3CF20 +Ciphertext = 74C64268CDB8B8FAF5B34E8AF3732980 -# Camellia test vectors from RFC5528 -Cipher = CAMELLIA-128-CTR -Key = AE6852F8121067CC4BF7A5765577F39E -IV = 00000030000000000000000000000001 -Operation = ENCRYPT -Plaintext = 53696E676C6520626C6F636B206D7367 -Ciphertext = D09DC29A8214619A20877C76DB1F0B3F +# CBC-CAMELLIA192.Encrypt and CBC-CAMELLIA192.Decrypt +Cipher = CAMELLIA-192-CBC +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 000102030405060708090A0B0C0D0E0F +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 2A4830AB5AC4A1A2405955FD2195CF93 -Cipher = CAMELLIA-128-CTR -Key = 7E24067817FAE0D743D6CE1F32539163 -IV = 006CB6DBC0543B59DA48D90B00000001 -Operation = ENCRYPT -Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F -Ciphertext = DBF3C78DC08396D4DA7C907765BBCB442B8E8E0F31F0DCA72C7417E35360E048 +Cipher = CAMELLIA-192-CBC +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 2A4830AB5AC4A1A2405955FD2195CF93 +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 5D5A869BD14CE54264F892A6DD2EC3D5 -Cipher = CAMELLIA-128-CTR -Key = 7691BE035E5020A8AC6E618529F9A0DC -IV = 00E0017B27777F3F4A1786F000000001 -Operation = ENCRYPT -Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223 -Ciphertext = B19D1FCDCB75EB882F849CE24D85CF739CE64B2B5C9D73F14F2D5D9DCE9889CDDF508696 +Cipher = CAMELLIA-192-CBC +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 5D5A869BD14CE54264F892A6DD2EC3D5 +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 37D359C3349836D884E310ADDF68C449 -Cipher = CAMELLIA-192-CTR -Key = 16AF5B145FC9F579C175F93E3BFB0EED863D06CCFDB78515 -IV = 0000004836733C147D6D93CB00000001 -Operation = ENCRYPT -Plaintext = 53696E676C6520626C6F636B206D7367 -Ciphertext = 2379399E8A8D2B2B16702FC78B9E9696 +Cipher = CAMELLIA-192-CBC +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 37D359C3349836D884E310ADDF68C449 +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 01FAAA930B4AB9916E9668E1428C6B08 -Cipher = CAMELLIA-192-CTR -Key = 7C5CB2401B3DC33C19E7340819E0F69C678C3DB8E6F6A91A -IV = 0096B03B020C6EADC2CB500D00000001 -Operation = ENCRYPT -Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F -Ciphertext = 7DEF34F7A5D0E415674B7FFCAE67C75DD018B86FF23051E056392A99F35A4CED -Cipher = CAMELLIA-192-CTR -Key = 02BF391EE8ECB159B959617B0965279BF59B60A786D3E0FE -IV = 0007BDFD5CBD60278DCC091200000001 +# CBC-CAMELLIA256.Encrypt and CBC-CAMELLIA256.Decrypt +Cipher = CAMELLIA-256-CBC +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 000102030405060708090A0B0C0D0E0F +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = E6CFA35FC02B134A4D2C0B6737AC3EDA + +Cipher = CAMELLIA-256-CBC +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = E6CFA35FC02B134A4D2C0B6737AC3EDA +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 36CBEB73BD504B4070B1B7DE2B21EB50 + +Cipher = CAMELLIA-256-CBC +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 36CBEB73BD504B4070B1B7DE2B21EB50 +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = E31A6055297D96CA3330CDF1B1860A83 + +Cipher = CAMELLIA-256-CBC +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = E31A6055297D96CA3330CDF1B1860A83 +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 5D563F6D1CCCF236051C0C5C1C58F28F + + +# We don't support CFB{1,8}-CAMELLIAxxx.{En,De}crypt +# For all CFB128 encrypts and decrypts, the transformed sequence is +# CAMELLIA-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec +# CFB128-CAMELLIA128.Encrypt +Cipher = CAMELLIA-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 000102030405060708090A0B0C0D0E0F Operation = ENCRYPT -Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223 -Ciphertext = 5710E556E1487A20B5AC0E73F19E4E7876F37FDC91B1EF4D4DADE8E666A64D0ED557AB57 +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 14F7646187817EB586599146B82BD719 -Cipher = CAMELLIA-256-CTR -Key = 776BEFF2851DB06F4C8A0542C8696F6C6A81AF1EEC96B4D37FC1D689E6C1C104 -IV = 00000060DB5672C97AA8F0B200000001 +Cipher = CAMELLIA-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 14F7646187817EB586599146B82BD719 Operation = ENCRYPT -Plaintext = 53696E676C6520626C6F636B206D7367 -Ciphertext = 3401F9C8247EFFCEBD6994714C1BBB11 +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = A53D28BB82DF741103EA4F921A44880B -Cipher = CAMELLIA-256-CTR -Key = F6D66D6BD52D59BB0796365879EFF886C66DD51A5B6A99744B50590C87A23884 -IV = 00FAAC24C1585EF15A43D87500000001 +Cipher = CAMELLIA-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = A53D28BB82DF741103EA4F921A44880B Operation = ENCRYPT -Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F -Ciphertext = D6C30392246F7808A83C2B22A8839E45E51CD48A1CDF406EBC9CC2D3AB834108 +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 9C2157A664626D1DEF9EA420FDE69B96 -Cipher = CAMELLIA-256-CTR -Key = FF7A617CE69148E4F1726E2F43581DE2AA62D9F805532EDFF1EED687FB54153D -IV = 001CC5B751A51D70A1C1114800000001 +Cipher = CAMELLIA-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 9C2157A664626D1DEF9EA420FDE69B96 Operation = ENCRYPT -Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223 -Ciphertext = A4DA23FCE6A5FFAA6D64AE9A0652A42CD161A34B65F9679F75C01F101F71276F15EF0D8D +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 742A25F0542340C7BAEF24CA8482BB09 -# SEED test vectors from RFC4269 -Cipher = SEED-ECB -Key = 00000000000000000000000000000000 + +# CFB128-CAMELLIA128.Decrypt +Cipher = CAMELLIA-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 000102030405060708090A0B0C0D0E0F Operation = DECRYPT -Plaintext = 000102030405060708090A0B0C0D0E0F -Ciphertext = 5EBAC6E0054E166819AFF1CC6D346CDB +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 14F7646187817EB586599146B82BD719 -Cipher = SEED-ECB -Key = 000102030405060708090A0B0C0D0E0F +Cipher = CAMELLIA-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 14F7646187817EB586599146B82BD719 Operation = DECRYPT -Plaintext = 00000000000000000000000000000000 -Ciphertext = C11F22F20140505084483597E4370F43 +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = A53D28BB82DF741103EA4F921A44880B -Cipher = SEED-ECB -Key = 4706480851E61BE85D74BFB3FD956185 +Cipher = CAMELLIA-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = A53D28BB82DF741103EA4F921A44880B Operation = DECRYPT -Plaintext = 83A2F8A288641FB9A4E9A5CC2F131C7D -Ciphertext = EE54D13EBCAE706D226BC3142CD40D4A +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 9C2157A664626D1DEF9EA420FDE69B96 -Cipher = SEED-ECB -Key = 28DBC3BC49FFD87DCFA509B11D422BE7 +Cipher = CAMELLIA-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 9C2157A664626D1DEF9EA420FDE69B96 Operation = DECRYPT -Plaintext = B41E6BE2EBA84A148E2EED84593C5EC7 -Ciphertext = 9B9B7BFCD1813CB95D0B3618F40F5122 +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 742A25F0542340C7BAEF24CA8482BB09 -Cipher = SEED-ECB -Key = 00000000000000000000000000000000 + +# CFB128-CAMELLIA192.Encrypt +Cipher = CAMELLIA-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 000102030405060708090A0B0C0D0E0F Operation = ENCRYPT -Plaintext = 000102030405060708090A0B0C0D0E0F -Ciphertext = 5EBAC6E0054E166819AFF1CC6D346CDB +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = C832BB9780677DAA82D9B6860DCD565E -Cipher = SEED-ECB -Key = 000102030405060708090A0B0C0D0E0F +Cipher = CAMELLIA-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = C832BB9780677DAA82D9B6860DCD565E Operation = ENCRYPT -Plaintext = 00000000000000000000000000000000 -Ciphertext = C11F22F20140505084483597E4370F43 +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 86F8491627906D780C7A6D46EA331F98 -Cipher = SEED-ECB -Key = 4706480851E61BE85D74BFB3FD956185 +Cipher = CAMELLIA-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 86F8491627906D780C7A6D46EA331F98 Operation = ENCRYPT -Plaintext = 83A2F8A288641FB9A4E9A5CC2F131C7D -Ciphertext = EE54D13EBCAE706D226BC3142CD40D4A +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 69511CCE594CF710CB98BB63D7221F01 -Cipher = SEED-ECB -Key = 28DBC3BC49FFD87DCFA509B11D422BE7 +Cipher = CAMELLIA-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 69511CCE594CF710CB98BB63D7221F01 Operation = ENCRYPT -Plaintext = B41E6BE2EBA84A148E2EED84593C5EC7 -Ciphertext = 9B9B7BFCD1813CB95D0B3618F40F5122 +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = D5B5378A3ABED55803F25565D8907B84 -# AES CCM 256 bit key -Cipher = aes-256-ccm -Key = 1bde3251d41a8b5ea013c195ae128b218b3e0306376357077ef1c1c78548b92e -IV = 5b8e40746f6b98e00f1d13ff41 -AAD = c17a32514eb6103f3249e076d4c871dc97e04b286699e54491dc18f6d734d4c0 -Tag = 2024931d73bca480c24a24ece6b6c2bf -Plaintext = 53bd72a97089e312422bf72e242377b3c6ee3e2075389b999c4ef7f28bd2b80a -Ciphertext = 9a5fcccdb4cf04e7293d2775cc76a488f042382d949b43b7d6bb2b9864786726 +# CFB128-CAMELLIA192.Decrypt +Cipher = CAMELLIA-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 000102030405060708090A0B0C0D0E0F +Operation = DECRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = C832BB9780677DAA82D9B6860DCD565E -Cipher = aes-256-ccm -Key = 1bde3251d41a8b5ea013c195ae128b218b3e0306376357077ef1c1c78548b92e -IV = 5b8e40746f6b98e00f1d13ff41 -AAD = c17a32514eb6103f3249e076d4c871dc97e04b286699e54491dc18f6d734d4c0 -Tag = 2024931d73bca480c24a24ece6b6c2be -Plaintext = 53bd72a97089e312422bf72e242377b3c6ee3e2075389b999c4ef7f28bd2b80a -Ciphertext = 9a5fcccdb4cf04e7293d2775cc76a488f042382d949b43b7d6bb2b9864786726 +Cipher = CAMELLIA-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = C832BB9780677DAA82D9B6860DCD565E Operation = DECRYPT -Result = CIPHERUPDATE_ERROR +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 86F8491627906D780C7A6D46EA331F98 -# AES GCM test vectors from http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf -Cipher = aes-128-gcm -Key = 00000000000000000000000000000000 -IV = 000000000000000000000000 -AAD = -Tag = 58e2fccefa7e3061367f1d57a4e7455a -Plaintext = -Ciphertext = +Cipher = CAMELLIA-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 86F8491627906D780C7A6D46EA331F98 +Operation = DECRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 69511CCE594CF710CB98BB63D7221F01 -Cipher = aes-128-gcm -Key = 00000000000000000000000000000000 -IV = 000000000000000000000000 -AAD = -Tag = ab6e47d42cec13bdf53a67b21257bddf -Plaintext = 00000000000000000000000000000000 -Ciphertext = 0388dace60b6a392f328c2b971b2fe78 - -Cipher = aes-128-gcm -Key = feffe9928665731c6d6a8f9467308308 -IV = cafebabefacedbaddecaf888 -AAD = -Tag = 4d5c2af327cd64a62cf35abd2ba6fab4 -Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255 -Ciphertext = 42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985 - -Cipher = aes-128-gcm -Key = feffe9928665731c6d6a8f9467308308 -IV = cafebabefacedbaddecaf888 -AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 -Tag = 5bc94fbc3221a5db94fae95ae7121a47 -Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 -Ciphertext = 42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091 - -Cipher = aes-128-gcm -Key = feffe9928665731c6d6a8f9467308308 -IV = cafebabefacedbad -AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 -Tag = 3612d2e79e3b0785561be14aaca2fccb -Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 -Ciphertext = 61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598 - -Cipher = aes-128-gcm -Key = feffe9928665731c6d6a8f9467308308 -IV = 9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b -AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 -Tag = 619cc5aefffe0bfa462af43c1699d050 -Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 -Ciphertext = 8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5 - -Cipher = aes-128-gcm -Key = feffe9928665731c6d6a8f9467308308 -IV = 9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b -AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 -Tag = 619cc5aefffe0bfa462af43c1699d051 -Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 -Ciphertext = 8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5 +Cipher = CAMELLIA-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 69511CCE594CF710CB98BB63D7221F01 Operation = DECRYPT -Result = CIPHERFINAL_ERROR +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = D5B5378A3ABED55803F25565D8907B84 -Cipher = aes-192-gcm -Key = 000000000000000000000000000000000000000000000000 -IV = 000000000000000000000000 -AAD = -Tag = cd33b28ac773f74ba00ed1f312572435 -Plaintext = -Ciphertext = -Cipher = aes-192-gcm -Key = 000000000000000000000000000000000000000000000000 -IV = 000000000000000000000000 -AAD = -Tag = 2ff58d80033927ab8ef4d4587514f0fb -Plaintext = 00000000000000000000000000000000 -Ciphertext = 98e7247c07f0fe411c267e4384b0f600 +# CFB128-CAMELLIA256.Encrypt +Cipher = CAMELLIA-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = CF6107BB0CEA7D7FB1BD31F5E7B06C93 -Cipher = aes-192-gcm -Key = feffe9928665731c6d6a8f9467308308feffe9928665731c -IV = cafebabefacedbaddecaf888 -AAD = -Tag = 9924a7c8587336bfb118024db8674a14 -Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255 -Ciphertext = 3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256 +Cipher = CAMELLIA-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = CF6107BB0CEA7D7FB1BD31F5E7B06C93 +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 89BEDB4CCDD864EA11BA4CBE849B5E2B -Cipher = aes-192-gcm -Key = feffe9928665731c6d6a8f9467308308feffe9928665731c -IV = cafebabefacedbaddecaf888 -AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 -Tag = 2519498e80f1478f37ba55bd6d27618c -Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 -Ciphertext = 3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710 +Cipher = CAMELLIA-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 89BEDB4CCDD864EA11BA4CBE849B5E2B +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 555FC3F34BDD2D54C62D9E3BF338C1C4 -Cipher = aes-192-gcm -Key = feffe9928665731c6d6a8f9467308308feffe9928665731c -IV = cafebabefacedbad -AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 -Tag = 65dcc57fcf623a24094fcca40d3533f8 -Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 -Ciphertext = 0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7 +Cipher = CAMELLIA-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 555FC3F34BDD2D54C62D9E3BF338C1C4 +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 5953ADCE14DB8C7F39F1BD39F359BFFA -Cipher = aes-192-gcm -Key = feffe9928665731c6d6a8f9467308308feffe9928665731c -IV = 9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b -AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 -Tag = dcf566ff291c25bbb8568fc3d376a6d9 -Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 -Ciphertext = d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b -Cipher = aes-192-gcm -Key = feffe9928665731c6d6a8f9467308308feffe9928665731c -IV = 9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b -AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 -Tag = dcf566ff291c25bbb8568fc3d376a6d8 -Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 -Ciphertext = d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b +# CFB128-CAMELLIA256.Decrypt +Cipher = CAMELLIA-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 000102030405060708090A0B0C0D0E0F Operation = DECRYPT -Result = CIPHERFINAL_ERROR - -Cipher = aes-256-gcm -Key = 0000000000000000000000000000000000000000000000000000000000000000 -IV = 000000000000000000000000 -AAD = -Tag = 530f8afbc74536b9a963b4f1c4cb738b -Plaintext = -Ciphertext = - -Cipher = aes-256-gcm -Key = 0000000000000000000000000000000000000000000000000000000000000000 -IV = 000000000000000000000000 -AAD = -Tag = d0d1c8a799996bf0265b98b5d48ab919 -Plaintext = 00000000000000000000000000000000 -Ciphertext = cea7403d4d606b6e074ec5d3baf39d18 - -Cipher = aes-256-gcm -Key = feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308 -IV = cafebabefacedbaddecaf888 -AAD = -Tag = b094dac5d93471bdec1a502270e3cc6c -Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255 -Ciphertext = 522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad - -Cipher = aes-256-gcm -Key = feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308 -IV = cafebabefacedbaddecaf888 -AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 -Tag = 76fc6ece0f4e1768cddf8853bb2d551b -Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 -Ciphertext = 522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662 - -Cipher = aes-256-gcm -Key = feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308 -IV = cafebabefacedbad -AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 -Tag = 3a337dbf46a792c45e454913fe2ea8f2 -Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 -Ciphertext = c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f - -Cipher = aes-256-gcm -Key = feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308 -IV = 9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b -AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 -Tag = a44a8266ee1c8eb0c8b5d4cf5ae9f19a -Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 -Ciphertext = 5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = CF6107BB0CEA7D7FB1BD31F5E7B06C93 -Cipher = aes-256-gcm -Key = feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308 -IV = 9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b -AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 -Tag = a44a8266ee1c8eb0c8b5d4cf5ae9f19b -Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 -Ciphertext = 5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f +Cipher = CAMELLIA-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = CF6107BB0CEA7D7FB1BD31F5E7B06C93 Operation = DECRYPT -Result = CIPHERFINAL_ERROR - -# local add-ons, primarily streaming ghash tests -# 128 bytes aad -Cipher = aes-128-gcm -Key = 00000000000000000000000000000000 -IV = 000000000000000000000000 -AAD = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad -Tag = 5fea793a2d6f974d37e68e0cb8ff9492 -Plaintext = -Ciphertext = - -# 48 bytes plaintext -Cipher = aes-128-gcm -Key = 00000000000000000000000000000000 -IV = 000000000000000000000000 -AAD = -Tag = 9dd0a376b08e40eb00c35f29f9ea61a4 -Plaintext = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 -Ciphertext = 0388dace60b6a392f328c2b971b2fe78f795aaab494b5923f7fd89ff948bc1e0200211214e7394da2089b6acd093abe0 - -# 80 bytes plaintext -Cipher = aes-128-gcm -Key = 00000000000000000000000000000000 -IV = 000000000000000000000000 -AAD = -Tag = 98885a3a22bd4742fe7b72172193b163 -Plaintext = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 -Ciphertext = 0388dace60b6a392f328c2b971b2fe78f795aaab494b5923f7fd89ff948bc1e0200211214e7394da2089b6acd093abe0c94da219118e297d7b7ebcbcc9c388f28ade7d85a8ee35616f7124a9d5270291 - -# 128 bytes plaintext -Cipher = aes-128-gcm -Key = 00000000000000000000000000000000 -IV = 000000000000000000000000 -AAD = -Tag = cac45f60e31efd3b5a43b98a22ce1aa1 -Plaintext = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 -Ciphertext = 0388dace60b6a392f328c2b971b2fe78f795aaab494b5923f7fd89ff948bc1e0200211214e7394da2089b6acd093abe0c94da219118e297d7b7ebcbcc9c388f28ade7d85a8ee35616f7124a9d527029195b84d1b96c690ff2f2de30bf2ec89e00253786e126504f0dab90c48a30321de3345e6b0461e7c9e6c6b7afedde83f40 - -# 192 bytes plaintext, iv is chosen so that initial counter LSB is 0xFF -Cipher = aes-128-gcm -Key = 00000000000000000000000000000000 -IV = ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 -AAD = -Tag = 566f8ef683078bfdeeffa869d751a017 -Plaintext = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 -Ciphertext = 56b3373ca9ef6e4a2b64fe1e9a17b61425f10d47a75a5fce13efc6bc784af24f4141bdd48cf7c770887afd573cca5418a9aeffcd7c5ceddfc6a78397b9a85b499da558257267caab2ad0b23ca476a53cb17fb41c4b8b475cb4f3f7165094c229c9e8c4dc0a2a5ff1903e501511221376a1cdb8364c5061a20cae74bc4acd76ceb0abc9fd3217ef9f8c90be402ddf6d8697f4f880dff15bfb7a6b28241ec8fe183c2d59e3f9dfff653c7126f0acb9e64211f42bae12af462b1070bef1ab5e3606 - -# 240 bytes plaintext, iv is chosen so that initial counter LSB is 0xFF -Cipher = aes-128-gcm -Key = 00000000000000000000000000000000 -IV = ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 -AAD = -Tag = fd0c7011ff07f0071324bdfb2d0f3a29 -Plaintext = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 -Ciphertext = 56b3373ca9ef6e4a2b64fe1e9a17b61425f10d47a75a5fce13efc6bc784af24f4141bdd48cf7c770887afd573cca5418a9aeffcd7c5ceddfc6a78397b9a85b499da558257267caab2ad0b23ca476a53cb17fb41c4b8b475cb4f3f7165094c229c9e8c4dc0a2a5ff1903e501511221376a1cdb8364c5061a20cae74bc4acd76ceb0abc9fd3217ef9f8c90be402ddf6d8697f4f880dff15bfb7a6b28241ec8fe183c2d59e3f9dfff653c7126f0acb9e64211f42bae12af462b1070bef1ab5e3606872ca10dee15b3249b1a1b958f23134c4bccb7d03200bce420a2f8eb66dcf3644d1423c1b5699003c13ecef4bf38a3b6 - -# 288 bytes plaintext, iv is chosen so that initial counter LSB is 0xFF -Cipher = aes-128-gcm -Key = 00000000000000000000000000000000 -IV = ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 -AAD = -Tag = 8b307f6b33286d0ab026a9ed3fe1e85f -Plaintext = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 -Ciphertext = 56b3373ca9ef6e4a2b64fe1e9a17b61425f10d47a75a5fce13efc6bc784af24f4141bdd48cf7c770887afd573cca5418a9aeffcd7c5ceddfc6a78397b9a85b499da558257267caab2ad0b23ca476a53cb17fb41c4b8b475cb4f3f7165094c229c9e8c4dc0a2a5ff1903e501511221376a1cdb8364c5061a20cae74bc4acd76ceb0abc9fd3217ef9f8c90be402ddf6d8697f4f880dff15bfb7a6b28241ec8fe183c2d59e3f9dfff653c7126f0acb9e64211f42bae12af462b1070bef1ab5e3606872ca10dee15b3249b1a1b958f23134c4bccb7d03200bce420a2f8eb66dcf3644d1423c1b5699003c13ecef4bf38a3b60eedc34033bac1902783dc6d89e2e774188a439c7ebcc0672dbda4ddcfb2794613b0be41315ef778708a70ee7d75165c - -# 80 bytes plaintext, submitted by Intel -Cipher = aes-128-gcm -Key = 843ffcf5d2b72694d19ed01d01249412 -IV = dbcca32ebf9b804617c3aa9e -AAD = 00000000000000000000000000000000101112131415161718191a1b1c1d1e1f -Tag = 3b629ccfbc1119b7319e1dce2cd6fd6d -Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f -Ciphertext = 6268c6fa2a80b2d137467f092f657ac04d89be2beaa623d61b5a868c8f03ff95d3dcee23ad2f1ab3a6c80eaf4b140eb05de3457f0fbc111a6b43d0763aa422a3013cf1dc37fe417d1fbfc449b75d4cc5 - -#AES OCB Test vectors -Cipher = aes-128-ocb -Key = 000102030405060708090A0B0C0D0E0F -IV = 000102030405060708090A0B -AAD = -Tag = 197B9C3C441D3C83EAFB2BEF633B9182 -Plaintext = -Ciphertext = - -Cipher = aes-128-ocb -Key = 000102030405060708090A0B0C0D0E0F -IV = 000102030405060708090A0B -AAD = 0001020304050607 -Tag = 16DC76A46D47E1EAD537209E8A96D14E -Plaintext = 0001020304050607 -Ciphertext = 92B657130A74B85A - -Cipher = aes-128-ocb -Key = 000102030405060708090A0B0C0D0E0F -IV = 000102030405060708090A0B -AAD = 0001020304050607 -Tag = 98B91552C8C009185044E30A6EB2FE21 -Plaintext = -Ciphertext = - -Cipher = aes-128-ocb -Key = 000102030405060708090A0B0C0D0E0F -IV = 000102030405060708090A0B -AAD = -Tag = 971EFFCAE19AD4716F88E87B871FBEED -Plaintext = 0001020304050607 -Ciphertext = 92B657130A74B85A - -Cipher = aes-128-ocb -Key = 000102030405060708090A0B0C0D0E0F -IV = 000102030405060708090A0B -AAD = 000102030405060708090A0B0C0D0E0F -Tag = 776C9924D6723A1FC4524532AC3E5BEB -Plaintext = 000102030405060708090A0B0C0D0E0F -Ciphertext = BEA5E8798DBE7110031C144DA0B26122 - -Cipher = aes-128-ocb -Key = 000102030405060708090A0B0C0D0E0F -IV = 000102030405060708090A0B -AAD = 000102030405060708090A0B0C0D0E0F -Tag = 7DDB8E6CEA6814866212509619B19CC6 -Plaintext = -Ciphertext = - -Cipher = aes-128-ocb -Key = 000102030405060708090A0B0C0D0E0F -IV = 000102030405060708090A0B -AAD = -Tag = 13CC8B747807121A4CBB3E4BD6B456AF -Plaintext = 000102030405060708090A0B0C0D0E0F -Ciphertext = BEA5E8798DBE7110031C144DA0B26122 - -Cipher = aes-128-ocb -Key = 000102030405060708090A0B0C0D0E0F -IV = 000102030405060708090A0B -AAD = 000102030405060708090A0B0C0D0E0F1011121314151617 -Tag = 5FA94FC3F38820F1DC3F3D1FD4E55E1C -Plaintext = 000102030405060708090A0B0C0D0E0F1011121314151617 -Ciphertext = BEA5E8798DBE7110031C144DA0B26122FCFCEE7A2A8D4D48 - -Cipher = aes-128-ocb -Key = 000102030405060708090A0B0C0D0E0F -IV = 000102030405060708090A0B -AAD = 000102030405060708090A0B0C0D0E0F1011121314151617 -Tag = 282026DA3068BC9FA118681D559F10F6 -Plaintext = -Ciphertext = - -Cipher = aes-128-ocb -Key = 000102030405060708090A0B0C0D0E0F -IV = 000102030405060708090A0B -AAD = -Tag = 6EF2F52587FDA0ED97DC7EEDE241DF68 -Plaintext = 000102030405060708090A0B0C0D0E0F1011121314151617 -Ciphertext = BEA5E8798DBE7110031C144DA0B26122FCFCEE7A2A8D4D48 - -Cipher = aes-128-ocb -Key = 000102030405060708090A0B0C0D0E0F -IV = 000102030405060708090A0B -AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F -Tag = B2A040DD3BD5164372D76D7BB6824240 -Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F -Ciphertext = BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A657149D53773463CB - -Cipher = aes-128-ocb -Key = 000102030405060708090A0B0C0D0E0F -IV = 000102030405060708090A0B -AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F -Tag = E1E072633BADE51A60E85951D9C42A1B -Plaintext = -Ciphertext = - -Cipher = aes-128-ocb -Key = 000102030405060708090A0B0C0D0E0F -IV = 000102030405060708090A0B -AAD = -Tag = 4A3BAE824465CFDAF8C41FC50C7DF9D9 -Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F -Ciphertext = BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A657149D53773463CB - -Cipher = aes-128-ocb -Key = 000102030405060708090A0B0C0D0E0F -IV = 000102030405060708090A0B -AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 -Tag = 659C623211DEEA0DE30D2C381879F4C8 -Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 -Ciphertext = BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A657149D53773463CB68C65778B058A635 - -Cipher = aes-128-ocb -Key = 000102030405060708090A0B0C0D0E0F -IV = 000102030405060708090A0B -AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 -Tag = 7AEB7A69A1687DD082CA27B0D9A37096 -Plaintext = -Ciphertext = +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 89BEDB4CCDD864EA11BA4CBE849B5E2B -Cipher = aes-128-ocb -Key = 000102030405060708090A0B0C0D0E0F -IV = 000102030405060708090A0B -AAD = -Tag = 060C8467F4ABAB5E8B3C2067A2E115DC -Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 -Ciphertext = BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A657149D53773463CB68C65778B058A635 +Cipher = CAMELLIA-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 89BEDB4CCDD864EA11BA4CBE849B5E2B +Operation = DECRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 555FC3F34BDD2D54C62D9E3BF338C1C4 -#AES OCB Non standard test vectors - generated from reference implementation -Cipher = aes-128-ocb -Key = 000102030405060708090A0B0C0D0E0F -IV = 000102030405060708090A0B -AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 -Tag = 1b6c44f34e3abb3cbf8976e7 -Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 -Ciphertext = 09a4fd29de949d9a9aa9924248422097ad4883b4713e6c214ff6567ada08a96766fc4e2ee3e3a5a1 +Cipher = CAMELLIA-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 555FC3F34BDD2D54C62D9E3BF338C1C4 +Operation = DECRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 5953ADCE14DB8C7F39F1BD39F359BFFA -Cipher = aes-128-ocb -Key = 000102030405060708090A0B0C0D0E0F -IV = 000102030405060708090A0B0C0D0E -AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 -Tag = 1ad62009901f40cba7cd7156f94a7324 -Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 -Ciphertext = 5e2fa7367ffbdb3938845cfd415fcc71ec79634eb31451609d27505f5e2978f43c44213d8fa441ee -Cipher = aes-128-ocb -Key = 000102030405060708090A0B0C0D0E0F -IV = 000102030405060708090A0B -AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 -Tag = C203F98CE28F7DAD3F31C021 -Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F3031 -Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B2176C12F110DD441B7CAA3A509B13C822D6 +# For all OFB encrypts and decrypts, the transformed sequence is +# CAMELLIA-bits-OFB:key:IV/output':plaintext:ciphertext:encdec +# OFB-CAMELLIA128.Encrypt +Cipher = CAMELLIA-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 14F7646187817EB586599146B82BD719 -Cipher = aes-128-ocb -Key = 000102030405060708090A0B0C0D0E0F -IV = 000102030405060708090A0B -AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 -Tag = 8346D7D47C5D893ED472F5AB -Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F4041 -Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B2176C12F110DD441B7CAA3A509B13C86A023AFCEE998BEE42028D44507B15F714FF +Cipher = CAMELLIA-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 50FE67CC996D32B6DA0937E99BAFEC60 +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 25623DB569CA51E01482649977E28D84 -Cipher = aes-128-ocb -Key = 000102030405060708090A0B0C0D0E0F -IV = 000102030405060708090A0B -AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 -Tag = 5822A9A70FDF55D29D2984A6 -Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F5051 -Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B2176C12F110DD441B7CAA3A509B13C86A023AFCEE998BEE42028D44507B15F77C528A1DE6406B519BCEE8FCB8294170634D +Cipher = CAMELLIA-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = D9A4DADA0892239F6B8B3D7680E15674 +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = C776634A60729DC657D12B9FCA801E98 -Cipher = aes-128-ocb -Key = 000102030405060708090A0B0C0D0E0F -IV = 000102030405060708090A0B -AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 -Tag = 81772B6741ABB4ECA9D2DEB2 -Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F6061 -Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B2176C12F110DD441B7CAA3A509B13C86A023AFCEE998BEE42028D44507B15F77C528A1DE6406B519BCEE8FCB829417001E54E15A7576C4DF32366E0F439C7050FAA +Cipher = CAMELLIA-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = A78819583F0308E7A6BF36B1386ABF23 +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = D776379BE0E50825E681DA1A4C980E8E -Cipher = aes-128-ocb -Key = 000102030405060708090A0B0C0D0E0F -IV = 000102030405060708090A0B -AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 -Tag = 3E52A01D068DE85456DB03B7 -Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071 -Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B2176C12F110DD441B7CAA3A509B13C86A023AFCEE998BEE42028D44507B15F77C528A1DE6406B519BCEE8FCB829417001E54E15A7576C4DF32366E0F439C7051CB4824B8114E9A720CBC1CE0185B156B486 -Cipher = aes-128-ocb -Key = 000102030405060708090A0B0C0D0E0F -IV = 000102030405060708090A0B -AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 -Tag = 3E52A01D068DE85456DB03B6 -Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071 -Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B2176C12F110DD441B7CAA3A509B13C86A023AFCEE998BEE42028D44507B15F77C528A1DE6406B519BCEE8FCB829417001E54E15A7576C4DF32366E0F439C7051CB4824B8114E9A720CBC1CE0185B156B486 +# OFB-CAMELLIA128.Decrypt +Cipher = CAMELLIA-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 000102030405060708090A0B0C0D0E0F Operation = DECRYPT -Result = CIPHERFINAL_ERROR +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 14F7646187817EB586599146B82BD719 -# AES XTS test vectors from IEEE Std 1619-2007 -Cipher = aes-128-xts -Key = 0000000000000000000000000000000000000000000000000000000000000000 -IV = 00000000000000000000000000000000 -Plaintext = 0000000000000000000000000000000000000000000000000000000000000000 -Ciphertext = 917cf69ebd68b2ec9b9fe9a3eadda692cd43d2f59598ed858c02c2652fbf922e +Cipher = CAMELLIA-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 50FE67CC996D32B6DA0937E99BAFEC60 +Operation = DECRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 25623DB569CA51E01482649977E28D84 -Cipher = aes-128-xts -Key = 1111111111111111111111111111111122222222222222222222222222222222 -IV = 33333333330000000000000000000000 -Plaintext = 4444444444444444444444444444444444444444444444444444444444444444 -Ciphertext = c454185e6a16936e39334038acef838bfb186fff7480adc4289382ecd6d394f0 +Cipher = CAMELLIA-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = D9A4DADA0892239F6B8B3D7680E15674 +Operation = DECRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = C776634A60729DC657D12B9FCA801E98 -Cipher = aes-128-xts -Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f022222222222222222222222222222222 -IV = 33333333330000000000000000000000 -Plaintext = 4444444444444444444444444444444444444444444444444444444444444444 -Ciphertext = af85336b597afc1a900b2eb21ec949d292df4c047e0b21532186a5971a227a89 +Cipher = CAMELLIA-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = A78819583F0308E7A6BF36B1386ABF23 +Operation = DECRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = D776379BE0E50825E681DA1A4C980E8E -Cipher = aes-128-xts -Key = 2718281828459045235360287471352631415926535897932384626433832795 -IV = 00000000000000000000000000000000 -Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff -Ciphertext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad02655ea92dc4c4e41a8952c651d33174be51a10c421110e6d81588ede82103a252d8a750e8768defffed9122810aaeb99f9172af82b604dc4b8e51bcb08235a6f4341332e4ca60482a4ba1a03b3e65008fc5da76b70bf1690db4eae29c5f1badd03c5ccf2a55d705ddcd86d449511ceb7ec30bf12b1fa35b913f9f747a8afd1b130e94bff94effd01a91735ca1726acd0b197c4e5b03393697e126826fb6bbde8ecc1e08298516e2c9ed03ff3c1b7860f6de76d4cecd94c8119855ef5297ca67e9f3e7ff72b1e99785ca0a7e7720c5b36dc6d72cac9574c8cbbc2f801e23e56fd344b07f22154beba0f08ce8891e643ed995c94d9a69c9f1b5f499027a78572aeebd74d20cc39881c213ee770b1010e4bea718846977ae119f7a023ab58cca0ad752afe656bb3c17256a9f6e9bf19fdd5a38fc82bbe872c5539edb609ef4f79c203ebb140f2e583cb2ad15b4aa5b655016a8449277dbd477ef2c8d6c017db738b18deb4a427d1923ce3ff262735779a418f20a282df920147beabe421ee5319d0568 -Cipher = aes-128-xts -Key = 2718281828459045235360287471352631415926535897932384626433832795 -IV = 01000000000000000000000000000000 -Plaintext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad02655ea92dc4c4e41a8952c651d33174be51a10c421110e6d81588ede82103a252d8a750e8768defffed9122810aaeb99f9172af82b604dc4b8e51bcb08235a6f4341332e4ca60482a4ba1a03b3e65008fc5da76b70bf1690db4eae29c5f1badd03c5ccf2a55d705ddcd86d449511ceb7ec30bf12b1fa35b913f9f747a8afd1b130e94bff94effd01a91735ca1726acd0b197c4e5b03393697e126826fb6bbde8ecc1e08298516e2c9ed03ff3c1b7860f6de76d4cecd94c8119855ef5297ca67e9f3e7ff72b1e99785ca0a7e7720c5b36dc6d72cac9574c8cbbc2f801e23e56fd344b07f22154beba0f08ce8891e643ed995c94d9a69c9f1b5f499027a78572aeebd74d20cc39881c213ee770b1010e4bea718846977ae119f7a023ab58cca0ad752afe656bb3c17256a9f6e9bf19fdd5a38fc82bbe872c5539edb609ef4f79c203ebb140f2e583cb2ad15b4aa5b655016a8449277dbd477ef2c8d6c017db738b18deb4a427d1923ce3ff262735779a418f20a282df920147beabe421ee5319d0568 -Ciphertext = 264d3ca8512194fec312c8c9891f279fefdd608d0c027b60483a3fa811d65ee59d52d9e40ec5672d81532b38b6b089ce951f0f9c35590b8b978d175213f329bb1c2fd30f2f7f30492a61a532a79f51d36f5e31a7c9a12c286082ff7d2394d18f783e1a8e72c722caaaa52d8f065657d2631fd25bfd8e5baad6e527d763517501c68c5edc3cdd55435c532d7125c8614deed9adaa3acade5888b87bef641c4c994c8091b5bcd387f3963fb5bc37aa922fbfe3df4e5b915e6eb514717bdd2a74079a5073f5c4bfd46adf7d282e7a393a52579d11a028da4d9cd9c77124f9648ee383b1ac763930e7162a8d37f350b2f74b8472cf09902063c6b32e8c2d9290cefbd7346d1c779a0df50edcde4531da07b099c638e83a755944df2aef1aa31752fd323dcb710fb4bfbb9d22b925bc3577e1b8949e729a90bbafeacf7f7879e7b1147e28ba0bae940db795a61b15ecf4df8db07b824bb062802cc98a9545bb2aaeed77cb3fc6db15dcd7d80d7d5bc406c4970a3478ada8899b329198eb61c193fb6275aa8ca340344a75a862aebe92eee1ce032fd950b47d7704a3876923b4ad62844bf4a09c4dbe8b4397184b7471360c9564880aedddb9baa4af2e75394b08cd32ff479c57a07d3eab5d54de5f9738b8d27f27a9f0ab11799d7b7ffefb2704c95c6ad12c39f1e867a4b7b1d7818a4b753dfd2a89ccb45e001a03a867b187f225dd +# OFB-CAMELLIA192.Encrypt +Cipher = CAMELLIA-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = C832BB9780677DAA82D9B6860DCD565E -Cipher = aes-128-xts -Key = 2718281828459045235360287471352631415926535897932384626433832795 -IV = 02000000000000000000000000000000 -Plaintext = 264d3ca8512194fec312c8c9891f279fefdd608d0c027b60483a3fa811d65ee59d52d9e40ec5672d81532b38b6b089ce951f0f9c35590b8b978d175213f329bb1c2fd30f2f7f30492a61a532a79f51d36f5e31a7c9a12c286082ff7d2394d18f783e1a8e72c722caaaa52d8f065657d2631fd25bfd8e5baad6e527d763517501c68c5edc3cdd55435c532d7125c8614deed9adaa3acade5888b87bef641c4c994c8091b5bcd387f3963fb5bc37aa922fbfe3df4e5b915e6eb514717bdd2a74079a5073f5c4bfd46adf7d282e7a393a52579d11a028da4d9cd9c77124f9648ee383b1ac763930e7162a8d37f350b2f74b8472cf09902063c6b32e8c2d9290cefbd7346d1c779a0df50edcde4531da07b099c638e83a755944df2aef1aa31752fd323dcb710fb4bfbb9d22b925bc3577e1b8949e729a90bbafeacf7f7879e7b1147e28ba0bae940db795a61b15ecf4df8db07b824bb062802cc98a9545bb2aaeed77cb3fc6db15dcd7d80d7d5bc406c4970a3478ada8899b329198eb61c193fb6275aa8ca340344a75a862aebe92eee1ce032fd950b47d7704a3876923b4ad62844bf4a09c4dbe8b4397184b7471360c9564880aedddb9baa4af2e75394b08cd32ff479c57a07d3eab5d54de5f9738b8d27f27a9f0ab11799d7b7ffefb2704c95c6ad12c39f1e867a4b7b1d7818a4b753dfd2a89ccb45e001a03a867b187f225dd -Ciphertext = fa762a3680b76007928ed4a4f49a9456031b704782e65e16cecb54ed7d017b5e18abd67b338e81078f21edb7868d901ebe9c731a7c18b5e6dec1d6a72e078ac9a4262f860beefa14f4e821018272e411a951502b6e79066e84252c3346f3aa62344351a291d4bedc7a07618bdea2af63145cc7a4b8d4070691ae890cd65733e7946e9021a1dffc4c59f159425ee6d50ca9b135fa6162cea18a939838dc000fb386fad086acce5ac07cb2ece7fd580b00cfa5e98589631dc25e8e2a3daf2ffdec26531659912c9d8f7a15e5865ea8fb5816d6207052bd7128cd743c12c8118791a4736811935eb982a532349e31dd401e0b660a568cb1a4711f552f55ded59f1f15bf7196b3ca12a91e488ef59d64f3a02bf45239499ac6176ae321c4a211ec545365971c5d3f4f09d4eb139bfdf2073d33180b21002b65cc9865e76cb24cd92c874c24c18350399a936ab3637079295d76c417776b94efce3a0ef7206b15110519655c956cbd8b2489405ee2b09a6b6eebe0c53790a12a8998378b33a5b71159625f4ba49d2a2fdba59fbf0897bc7aabd8d707dc140a80f0f309f835d3da54ab584e501dfa0ee977fec543f74186a802b9a37adb3e8291eca04d66520d229e60401e7282bef486ae059aa70696e0e305d777140a7a883ecdcb69b9ff938e8a4231864c69ca2c2043bed007ff3e605e014bcf518138dc3a25c5e236171a2d01d6 +Cipher = CAMELLIA-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = A609B38DF3B1133DDDFF2718BA09565E +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 8ECEB7D0350D72C7F78562AEBDF99339 -Cipher = aes-128-xts -Key = 2718281828459045235360287471352631415926535897932384626433832795 -IV = fd000000000000000000000000000000 -Plaintext = 8e41b78c390b5af9d758bb214a67e9f6bf7727b09ac6124084c37611398fa45daad94868600ed391fb1acd4857a95b466e62ef9f4b377244d1c152e7b30d731aad30c716d214b707aed99eb5b5e580b3e887cf7497465651d4b60e6042051da3693c3b78c14489543be8b6ad0ba629565bba202313ba7b0d0c94a3252b676f46cc02ce0f8a7d34c0ed229129673c1f61aed579d08a9203a25aac3a77e9db60267996db38df637356d9dcd1632e369939f2a29d89345c66e05066f1a3677aef18dea4113faeb629e46721a66d0a7e785d3e29af2594eb67dfa982affe0aac058f6e15864269b135418261fc3afb089472cf68c45dd7f231c6249ba0255e1e033833fc4d00a3fe02132d7bc3873614b8aee34273581ea0325c81f0270affa13641d052d36f0757d484014354d02d6883ca15c24d8c3956b1bd027bcf41f151fd8023c5340e5606f37e90fdb87c86fb4fa634b3718a30bace06a66eaf8f63c4aa3b637826a87fe8cfa44282e92cb1615af3a28e53bc74c7cba1a0977be9065d0c1a5dec6c54ae38d37f37aa35283e048e5530a85c4e7a29d7b92ec0c3169cdf2a805c7604bce60049b9fb7b8eaac10f51ae23794ceba68bb58112e293b9b692ca721b37c662f8574ed4dba6f88e170881c82cddc1034a0ca7e284bf0962b6b26292d836fa9f73c1ac770eef0f2d3a1eaf61d3e03555fd424eedd67e18a18094f888 -Ciphertext = d55f684f81f4426e9fde92a5ff02df2ac896af63962888a97910c1379e20b0a3b1db613fb7fe2e07004329ea5c22bfd33e3dbe4cf58cc608c2c26c19a2e2fe22f98732c2b5cb844cc6c0702d91e1d50fc4382a7eba5635cd602432a2306ac4ce82f8d70c8d9bc15f918fe71e74c622d5cf71178bf6e0b9cc9f2b41dd8dbe441c41cd0c73a6dc47a348f6702f9d0e9b1b1431e948e299b9ec2272ab2c5f0c7be86affa5dec87a0bee81d3d50007edaa2bcfccb35605155ff36ed8edd4a40dcd4b243acd11b2b987bdbfaf91a7cac27e9c5aea525ee53de7b2d3332c8644402b823e94a7db26276d2d23aa07180f76b4fd29b9c0823099c9d62c519880aee7e9697617c1497d47bf3e571950311421b6b734d38b0db91eb85331b91ea9f61530f54512a5a52a4bad589eb69781d537f23297bb459bdad2948a29e1550bf4787e0be95bb173cf5fab17dab7a13a052a63453d97ccec1a321954886b7a1299faaeecae35c6eaaca753b041b5e5f093bf83397fd21dd6b3012066fcc058cc32c3b09d7562dee29509b5839392c9ff05f51f3166aaac4ac5f238038a3045e6f72e48ef0fe8bc675e82c318a268e43970271bf119b81bf6a982746554f84e72b9f00280a320a08142923c23c883423ff949827f29bbacdc1ccdb04938ce6098c95ba6b32528f4ef78eed778b2e122ddfd1cbdd11d1c0a6783e011fc536d63d053260637 +Cipher = CAMELLIA-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 52EF01DA52602FE0975F78AC84BF8A50 +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = BDD62DBBB9700846C53B507F544696F0 -Cipher = aes-128-xts -Key = 2718281828459045235360287471352631415926535897932384626433832795 -IV = fe000000000000000000000000000000 -Plaintext = d55f684f81f4426e9fde92a5ff02df2ac896af63962888a97910c1379e20b0a3b1db613fb7fe2e07004329ea5c22bfd33e3dbe4cf58cc608c2c26c19a2e2fe22f98732c2b5cb844cc6c0702d91e1d50fc4382a7eba5635cd602432a2306ac4ce82f8d70c8d9bc15f918fe71e74c622d5cf71178bf6e0b9cc9f2b41dd8dbe441c41cd0c73a6dc47a348f6702f9d0e9b1b1431e948e299b9ec2272ab2c5f0c7be86affa5dec87a0bee81d3d50007edaa2bcfccb35605155ff36ed8edd4a40dcd4b243acd11b2b987bdbfaf91a7cac27e9c5aea525ee53de7b2d3332c8644402b823e94a7db26276d2d23aa07180f76b4fd29b9c0823099c9d62c519880aee7e9697617c1497d47bf3e571950311421b6b734d38b0db91eb85331b91ea9f61530f54512a5a52a4bad589eb69781d537f23297bb459bdad2948a29e1550bf4787e0be95bb173cf5fab17dab7a13a052a63453d97ccec1a321954886b7a1299faaeecae35c6eaaca753b041b5e5f093bf83397fd21dd6b3012066fcc058cc32c3b09d7562dee29509b5839392c9ff05f51f3166aaac4ac5f238038a3045e6f72e48ef0fe8bc675e82c318a268e43970271bf119b81bf6a982746554f84e72b9f00280a320a08142923c23c883423ff949827f29bbacdc1ccdb04938ce6098c95ba6b32528f4ef78eed778b2e122ddfd1cbdd11d1c0a6783e011fc536d63d053260637 -Ciphertext = 72efc1ebfe1ee25975a6eb3aa8589dda2b261f1c85bdab442a9e5b2dd1d7c3957a16fc08e526d4b1223f1b1232a11af274c3d70dac57f83e0983c498f1a6f1aecb021c3e70085a1e527f1ce41ee5911a82020161529cd82773762daf5459de94a0a82adae7e1703c808543c29ed6fb32d9e004327c1355180c995a07741493a09c21ba01a387882da4f62534b87bb15d60d197201c0fd3bf30c1500a3ecfecdd66d8721f90bcc4c17ee925c61b0a03727a9c0d5f5ca462fbfa0af1c2513a9d9d4b5345bd27a5f6e653f751693e6b6a2b8ead57d511e00e58c45b7b8d005af79288f5c7c22fd4f1bf7a898b03a5634c6a1ae3f9fae5de4f296a2896b23e7ed43ed14fa5a2803f4d28f0d3ffcf24757677aebdb47bb388378708948a8d4126ed1839e0da29a537a8c198b3c66ab00712dd261674bf45a73d67f76914f830ca014b65596f27e4cf62de66125a5566df9975155628b400fbfb3a29040ed50faffdbb18aece7c5c44693260aab386c0a37b11b114f1c415aebb653be468179428d43a4d8bc3ec38813eca30a13cf1bb18d524f1992d44d8b1a42ea30b22e6c95b199d8d182f8840b09d059585c31ad691fa0619ff038aca2c39a943421157361717c49d322028a74648113bd8c9d7ec77cf3c89c1ec8718ceff8516d96b34c3c614f10699c9abc4ed0411506223bea16af35c883accdbe1104eef0cfdb54e12fb230a +Cipher = CAMELLIA-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = BD5286AC63AABD7EB067AC54B553F71D +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = E28014E046B802F385C4C2E13EAD4A72 -Cipher = aes-128-xts -Key = 2718281828459045235360287471352631415926535897932384626433832795 -IV = ff000000000000000000000000000000 -Plaintext = 72efc1ebfe1ee25975a6eb3aa8589dda2b261f1c85bdab442a9e5b2dd1d7c3957a16fc08e526d4b1223f1b1232a11af274c3d70dac57f83e0983c498f1a6f1aecb021c3e70085a1e527f1ce41ee5911a82020161529cd82773762daf5459de94a0a82adae7e1703c808543c29ed6fb32d9e004327c1355180c995a07741493a09c21ba01a387882da4f62534b87bb15d60d197201c0fd3bf30c1500a3ecfecdd66d8721f90bcc4c17ee925c61b0a03727a9c0d5f5ca462fbfa0af1c2513a9d9d4b5345bd27a5f6e653f751693e6b6a2b8ead57d511e00e58c45b7b8d005af79288f5c7c22fd4f1bf7a898b03a5634c6a1ae3f9fae5de4f296a2896b23e7ed43ed14fa5a2803f4d28f0d3ffcf24757677aebdb47bb388378708948a8d4126ed1839e0da29a537a8c198b3c66ab00712dd261674bf45a73d67f76914f830ca014b65596f27e4cf62de66125a5566df9975155628b400fbfb3a29040ed50faffdbb18aece7c5c44693260aab386c0a37b11b114f1c415aebb653be468179428d43a4d8bc3ec38813eca30a13cf1bb18d524f1992d44d8b1a42ea30b22e6c95b199d8d182f8840b09d059585c31ad691fa0619ff038aca2c39a943421157361717c49d322028a74648113bd8c9d7ec77cf3c89c1ec8718ceff8516d96b34c3c614f10699c9abc4ed0411506223bea16af35c883accdbe1104eef0cfdb54e12fb230a -Ciphertext = 3260ae8dad1f4a32c5cafe3ab0eb95549d461a67ceb9e5aa2d3afb62dece0553193ba50c75be251e08d1d08f1088576c7efdfaaf3f459559571e12511753b07af073f35da06af0ce0bbf6b8f5ccc5cea500ec1b211bd51f63b606bf6528796ca12173ba39b8935ee44ccce646f90a45bf9ccc567f0ace13dc2d53ebeedc81f58b2e41179dddf0d5a5c42f5d8506c1a5d2f8f59f3ea873cbcd0eec19acbf325423bd3dcb8c2b1bf1d1eaed0eba7f0698e4314fbeb2f1566d1b9253008cbccf45a2b0d9c5c9c21474f4076e02be26050b99dee4fd68a4cf890e496e4fcae7b70f94ea5a9062da0daeba1993d2ccd1dd3c244b8428801495a58b216547e7e847c46d1d756377b6242d2e5fb83bf752b54e0df71e889f3a2bb0f4c10805bf3c590376e3c24e22ff57f7fa965577375325cea5d920db94b9c336b455f6e894c01866fe9fbb8c8d3f70a2957285f6dfb5dcd8cbf54782f8fe7766d4723819913ac773421e3a31095866bad22c86a6036b2518b2059b4229d18c8c2ccbdf906c6cc6e82464ee57bddb0bebcb1dc645325bfb3e665ef7251082c88ebb1cf203bd779fdd38675713c8daadd17e1cabee432b09787b6ddf3304e38b731b45df5df51b78fcfb3d32466028d0ba36555e7e11ab0ee0666061d1645d962444bc47a38188930a84b4d561395c73c087021927ca638b7afc8a8679ccb84c26555440ec7f10445cd +# OFB-CAMELLIA192.Decrypt +Cipher = CAMELLIA-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 000102030405060708090A0B0C0D0E0F +Operation = DECRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = C832BB9780677DAA82D9B6860DCD565E -Cipher = aes-256-xts -Key = 27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592 -IV = ff000000000000000000000000000000 -Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff -Ciphertext = 1c3b3a102f770386e4836c99e370cf9bea00803f5e482357a4ae12d414a3e63b5d31e276f8fe4a8d66b317f9ac683f44680a86ac35adfc3345befecb4bb188fd5776926c49a3095eb108fd1098baec70aaa66999a72a82f27d848b21d4a741b0c5cd4d5fff9dac89aeba122961d03a757123e9870f8acf1000020887891429ca2a3e7a7d7df7b10355165c8b9a6d0a7de8b062c4500dc4cd120c0f7418dae3d0b5781c34803fa75421c790dfe1de1834f280d7667b327f6c8cd7557e12ac3a0f93ec05c52e0493ef31a12d3d9260f79a289d6a379bc70c50841473d1a8cc81ec583e9645e07b8d9670655ba5bbcfecc6dc3966380ad8fecb17b6ba02469a020a84e18e8f84252070c13e9f1f289be54fbc481457778f616015e1327a02b140f1505eb309326d68378f8374595c849d84f4c333ec4423885143cb47bd71c5edae9be69a2ffeceb1bec9de244fbe15992b11b77c040f12bd8f6a975a44a0f90c29a9abc3d4d893927284c58754cce294529f8614dcd2aba991925fedc4ae74ffac6e333b93eb4aff0479da9a410e4450e0dd7ae4c6e2910900575da401fc07059f645e8b7e9bfdef33943054ff84011493c27b3429eaedb4ed5376441a77ed43851ad77f16f541dfd269d50d6a5f14fb0aab1cbb4c1550be97f7ab4066193c4caa773dad38014bd2092fa755c824bb5e54c4f36ffda9fcea70b9c6e693e148c151 +Cipher = CAMELLIA-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = A609B38DF3B1133DDDFF2718BA09565E +Operation = DECRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 8ECEB7D0350D72C7F78562AEBDF99339 -Cipher = aes-256-xts -Key = 27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592 -IV = ffff0000000000000000000000000000 -Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff -Ciphertext = 77a31251618a15e6b92d1d66dffe7b50b50bad552305ba0217a610688eff7e11e1d0225438e093242d6db274fde801d4cae06f2092c728b2478559df58e837c2469ee4a4fa794e4bbc7f39bc026e3cb72c33b0888f25b4acf56a2a9804f1ce6d3d6e1dc6ca181d4b546179d55544aa7760c40d06741539c7e3cd9d2f6650b2013fd0eeb8c2b8e3d8d240ccae2d4c98320a7442e1c8d75a42d6e6cfa4c2eca1798d158c7aecdf82490f24bb9b38e108bcda12c3faf9a21141c3613b58367f922aaa26cd22f23d708dae699ad7cb40a8ad0b6e2784973dcb605684c08b8d6998c69aac049921871ebb65301a4619ca80ecb485a31d744223ce8ddc2394828d6a80470c092f5ba413c3378fa6054255c6f9df4495862bbb3287681f931b687c888abf844dfc8fc28331e579928cd12bd2390ae123cf03818d14dedde5c0c24c8ab018bfca75ca096f2d531f3d1619e785f1ada437cab92e980558b3dce1474afb75bfedbf8ff54cb2618e0244c9ac0d3c66fb51598cd2db11f9be39791abe447c63094f7c453b7ff87cb5bb36b7c79efb0872d17058b83b15ab0866ad8a58656c5a7e20dbdf308b2461d97c0ec0024a2715055249cf3b478ddd4740de654f75ca686e0d7345c69ed50cdc2a8b332b1f8824108ac937eb050585608ee734097fc09054fbff89eeaeea791f4a7ab1f9868294a4f9e27b42af8100cb9d59cef9645803 +Cipher = CAMELLIA-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 52EF01DA52602FE0975F78AC84BF8A50 +Operation = DECRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = BDD62DBBB9700846C53B507F544696F0 -Cipher = aes-256-xts -Key = 27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592 -IV = ffffff00000000000000000000000000 -Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff -Ciphertext = e387aaa58ba483afa7e8eb469778317ecf4cf573aa9d4eac23f2cdf914e4e200a8b490e42ee646802dc6ee2b471b278195d60918ececb44bf79966f83faba0499298ebc699c0c8634715a320bb4f075d622e74c8c932004f25b41e361025b5a87815391f6108fc4afa6a05d9303c6ba68a128a55705d415985832fdeaae6c8e19110e84d1b1f199a2692119edc96132658f09da7c623efcec712537a3d94c0bf5d7e352ec94ae5797fdb377dc1551150721adf15bd26a8efc2fcaad56881fa9e62462c28f30ae1ceaca93c345cf243b73f542e2074a705bd2643bb9f7cc79bb6e7091ea6e232df0f9ad0d6cf502327876d82207abf2115cdacf6d5a48f6c1879a65b115f0f8b3cb3c59d15dd8c769bc014795a1837f3901b5845eb491adfefe097b1fa30a12fc1f65ba22905031539971a10f2f36c321bb51331cdefb39e3964c7ef079994f5b69b2edd83a71ef549971ee93f44eac3938fcdd61d01fa71799da3a8091c4c48aa9ed263ff0749df95d44fef6a0bb578ec69456aa5408ae32c7af08ad7ba8921287e3bbee31b767be06a0e705c864a769137df28292283ea81a2480241b44d9921cdbec1bc28dc1fda114bd8e5217ac9d8ebafa720e9da4f9ace231cc949e5b96fe76ffc21063fddc83a6b8679c00d35e09576a875305bed5f36ed242c8900dd1fa965bc950dfce09b132263a1eef52dd6888c309f5a7d712826 +Cipher = CAMELLIA-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = BD5286AC63AABD7EB067AC54B553F71D +Operation = DECRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = E28014E046B802F385C4C2E13EAD4A72 -Cipher = aes-256-xts -Key = 27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592 -IV = ffffffff000000000000000000000000 -Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff -Ciphertext = bf53d2dade78e822a4d949a9bc6766b01b06a8ef70d26748c6a7fc36d80ae4c5520f7c4ab0ac8544424fa405162fef5a6b7f229498063618d39f0003cb5fb8d1c86b643497da1ff945c8d3bedeca4f479702a7a735f043ddb1d6aaade3c4a0ac7ca7f3fa5279bef56f82cd7a2f38672e824814e10700300a055e1630b8f1cb0e919f5e942010a416e2bf48cb46993d3cb6a51c19bacf864785a00bc2ecff15d350875b246ed53e68be6f55bd7e05cfc2b2ed6432198a6444b6d8c247fab941f569768b5c429366f1d3f00f0345b96123d56204c01c63b22ce78baf116e525ed90fdea39fa469494d3866c31e05f295ff21fea8d4e6e13d67e47ce722e9698a1c1048d68ebcde76b86fcf976eab8aa9790268b7068e017a8b9b749409514f1053027fd16c3786ea1bac5f15cb79711ee2abe82f5cf8b13ae73030ef5b9e4457e75d1304f988d62dd6fc4b94ed38ba831da4b7634971b6cd8ec325d9c61c00f1df73627ed3745a5e8489f3a95c69639c32cd6e1d537a85f75cc844726e8a72fc0077ad22000f1d5078f6b866318c668f1ad03d5a5fced5219f2eabbd0aa5c0f460d183f04404a0d6f469558e81fab24a167905ab4c7878502ad3e38fdbe62a41556cec37325759533ce8f25f367c87bb5578d667ae93f9e2fd99bcbc5f2fbba88cf6516139420fcff3b7361d86322c4bd84c82f335abb152c4a93411373aaa8220 -Cipher = aes-256-xts -Key = 27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592 -IV = ffffffffff0000000000000000000000 -Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff -Ciphertext = 64497e5a831e4a932c09be3e5393376daa599548b816031d224bbf50a818ed2350eae7e96087c8a0db51ad290bd00c1ac1620857635bf246c176ab463be30b808da548081ac847b158e1264be25bb0910bbc92647108089415d45fab1b3d2604e8a8eff1ae4020cfa39936b66827b23f371b92200be90251e6d73c5f86de5fd4a950781933d79a28272b782a2ec313efdfcc0628f43d744c2dc2ff3dcb66999b50c7ca895b0c64791eeaa5f29499fb1c026f84ce5b5c72ba1083cddb5ce45434631665c333b60b11593fb253c5179a2c8db813782a004856a1653011e93fb6d876c18366dd8683f53412c0c180f9c848592d593f8609ca736317d356e13e2bff3a9f59cd9aeb19cd482593d8c46128bb32423b37a9adfb482b99453fbe25a41bf6feb4aa0bef5ed24bf73c762978025482c13115e4015aac992e5613a3b5c2f685b84795cb6e9b2656d8c88157e52c42f978d8634c43d06fea928f2822e465aa6576e9bf419384506cc3ce3c54ac1a6f67dc66f3b30191e698380bc999b05abce19dc0c6dcc2dd001ec535ba18deb2df1a101023108318c75dc98611a09dc48a0acdec676fabdf222f07e026f059b672b56e5cbc8e1d21bbd867dd927212054681d70ea737134cdfce93b6f82ae22423274e58a0821cc5502e2d0ab4585e94de6975be5e0b4efce51cd3e70c25a1fbbbd609d273ad5b0d59631c531f6a0a57b9 +# OFB-CAMELLIA256.Encrypt +Cipher = CAMELLIA-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = CF6107BB0CEA7D7FB1BD31F5E7B06C93 + +Cipher = CAMELLIA-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = B7BF3A5DF43989DD97F0FA97EBCE2F4A +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 127AD97E8E3994E4820027D7BA109368 +Cipher = CAMELLIA-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = E1C656305ED1A7A6563805746FE03EDC +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 6BFF6265A6A6B7A535BC65A80B17214E -Cipher = aes-128-xts -Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0 -IV = 9a785634120000000000000000000000 -Plaintext = 000102030405060708090a0b0c0d0e0f10 -Ciphertext = 6c1625db4671522d3d7599601de7ca09ed +Cipher = CAMELLIA-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 41635BE625B48AFC1666DD42A09D96E7 +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 0A4A0404E26AA78A27CB271E8BF3CF20 -Cipher = aes-128-xts -Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0 -IV = 9a785634120000000000000000000000 -Plaintext = 000102030405060708090a0b0c0d0e0f1011 -Ciphertext = d069444b7a7e0cab09e24447d24deb1fedbf -Cipher = aes-128-xts -Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0 -IV = 9a785634120000000000000000000000 -Plaintext = 000102030405060708090a0b0c0d0e0f101112 -Ciphertext = e5df1351c0544ba1350b3363cd8ef4beedbf9d +# OFB-CAMELLIA256.Decrypt +Cipher = CAMELLIA-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 000102030405060708090A0B0C0D0E0F +Operation = DECRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = CF6107BB0CEA7D7FB1BD31F5E7B06C93 -Cipher = aes-128-xts -Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0 -IV = 9a785634120000000000000000000000 -Plaintext = 000102030405060708090a0b0c0d0e0f10111213 -Ciphertext = 9d84c813f719aa2c7be3f66171c7c5c2edbf9dac +Cipher = CAMELLIA-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = B7BF3A5DF43989DD97F0FA97EBCE2F4A +Operation = DECRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 127AD97E8E3994E4820027D7BA109368 -Cipher = aes-128-xts -Key = e0e1e2e3e4e5e6e7e8e9eaebecedeeefc0c1c2c3c4c5c6c7c8c9cacbcccdcecf -IV = 21436587a90000000000000000000000 -Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff -Ciphertext = 38b45812ef43a05bd957e545907e223b954ab4aaf088303ad910eadf14b42be68b2461149d8c8ba85f992be970bc621f1b06573f63e867bf5875acafa04e42ccbd7bd3c2a0fb1fff791ec5ec36c66ae4ac1e806d81fbf709dbe29e471fad38549c8e66f5345d7c1eb94f405d1ec785cc6f6a68f6254dd8339f9d84057e01a17741990482999516b5611a38f41bb6478e6f173f320805dd71b1932fc333cb9ee39936beea9ad96fa10fb4112b901734ddad40bc1878995f8e11aee7d141a2f5d48b7a4e1e7f0b2c04830e69a4fd1378411c2f287edf48c6c4e5c247a19680f7fe41cefbd49b582106e3616cbbe4dfb2344b2ae9519391f3e0fb4922254b1d6d2d19c6d4d537b3a26f3bcc51588b32f3eca0829b6a5ac72578fb814fb43cf80d64a233e3f997a3f02683342f2b33d25b492536b93becb2f5e1a8b82f5b883342729e8ae09d16938841a21a97fb543eea3bbff59f13c1a18449e398701c1ad51648346cbc04c27bb2da3b93a1372ccae548fb53bee476f9e9c91773b1bb19828394d55d3e1a20ed69113a860b6829ffa847224604435070221b257e8dff783615d2cae4803a93aa4334ab482a0afac9c0aeda70b45a481df5dec5df8cc0f423c77a5fd46cd312021d4b438862419a791be03bb4d97c0e59578542531ba466a83baf92cefc151b5cc1611a167893819b63fb8a6b18e86de60290fa72b797b0ce59f3 +Cipher = CAMELLIA-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = E1C656305ED1A7A6563805746FE03EDC +Operation = DECRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 6BFF6265A6A6B7A535BC65A80B17214E -# Exercise different lengths covering even ciphertext stealing cases -Cipher = aes-128-xts -Key = 2718281828459045235360287471352631415926535897932384626433832795 -IV = 00000000000000000000000000000000 -Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f -Ciphertext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce +Cipher = CAMELLIA-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 41635BE625B48AFC1666DD42A09D96E7 +Operation = DECRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 0A4A0404E26AA78A27CB271E8BF3CF20 -Cipher = aes-128-xts -Key = 2718281828459045235360287471352631415926535897932384626433832795 -IV = 00000000000000000000000000000000 -Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f6061 -Ciphertext = 27A7479BEFA1D476489F308CD4CFA6E2A96E4BBE3208FF25287DD3819616E89CC78CF7F5E543445F8333D8FA7F56000005279FA5D8B5E4AD40E736DDB4D35412328063FD2AAB53E5EA1E0A9F332500A5B079C6307EA0914559C6D2FB6384F8AADF94 -Cipher = aes-128-xts -Key = 2718281828459045235360287471352631415926535897932384626433832795 -IV = 00000000000000000000000000000000 -Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f -Ciphertext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce84 +# Camellia test vectors from RFC5528 +Cipher = CAMELLIA-128-CTR +Key = AE6852F8121067CC4BF7A5765577F39E +IV = 00000030000000000000000000000001 +Operation = ENCRYPT +Plaintext = 53696E676C6520626C6F636B206D7367 +Ciphertext = D09DC29A8214619A20877C76DB1F0B3F -Cipher = aes-128-xts -Key = 2718281828459045235360287471352631415926535897932384626433832795 -IV = 00000000000000000000000000000000 -Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f7071 -Ciphertext = 27A7479BEFA1D476489F308CD4CFA6E2A96E4BBE3208FF25287DD3819616E89CC78CF7F5E543445F8333D8FA7F56000005279FA5D8B5E4AD40E736DDB4D35412328063FD2AAB53E5EA1E0A9F332500A5DF9487D07A5C92CC512C8866C7E860CEF4F253466EF4953ADC8FE2F5BC1FF57593FD +Cipher = CAMELLIA-128-CTR +Key = 7E24067817FAE0D743D6CE1F32539163 +IV = 006CB6DBC0543B59DA48D90B00000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Ciphertext = DBF3C78DC08396D4DA7C907765BBCB442B8E8E0F31F0DCA72C7417E35360E048 -Cipher = aes-128-xts -Key = 2718281828459045235360287471352631415926535897932384626433832795 -IV = 00000000000000000000000000000000 -Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f -Ciphertext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad0265 +Cipher = CAMELLIA-128-CTR +Key = 7691BE035E5020A8AC6E618529F9A0DC +IV = 00E0017B27777F3F4A1786F000000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223 +Ciphertext = B19D1FCDCB75EB882F849CE24D85CF739CE64B2B5C9D73F14F2D5D9DCE9889CDDF508696 -Cipher = aes-128-xts -Key = 2718281828459045235360287471352631415926535897932384626433832795 -IV = 00000000000000000000000000000000 -Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f8081 -Ciphertext = 27A7479BEFA1D476489F308CD4CFA6E2A96E4BBE3208FF25287DD3819616E89CC78CF7F5E543445F8333D8FA7F56000005279FA5D8B5E4AD40E736DDB4D35412328063FD2AAB53E5EA1E0A9F332500A5DF9487D07A5C92CC512C8866C7E860CE93FDF166A24912B422976146AE20CE842973C68248EDDFE26FB9B096659C8A5D6BB7 +Cipher = CAMELLIA-192-CTR +Key = 16AF5B145FC9F579C175F93E3BFB0EED863D06CCFDB78515 +IV = 0000004836733C147D6D93CB00000001 +Operation = ENCRYPT +Plaintext = 53696E676C6520626C6F636B206D7367 +Ciphertext = 2379399E8A8D2B2B16702FC78B9E9696 -Cipher = aes-128-xts -Key = 2718281828459045235360287471352631415926535897932384626433832795 -IV = 00000000000000000000000000000000 -Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f -Ciphertext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad02655ea92dc4c4e41a8952c651d33174be51 +Cipher = CAMELLIA-192-CTR +Key = 7C5CB2401B3DC33C19E7340819E0F69C678C3DB8E6F6A91A +IV = 0096B03B020C6EADC2CB500D00000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Ciphertext = 7DEF34F7A5D0E415674B7FFCAE67C75DD018B86FF23051E056392A99F35A4CED -Cipher = aes-128-xts -Key = 2718281828459045235360287471352631415926535897932384626433832795 -IV = 00000000000000000000000000000000 -Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f9091 -Ciphertext = 27A7479BEFA1D476489F308CD4CFA6E2A96E4BBE3208FF25287DD3819616E89CC78CF7F5E543445F8333D8FA7F56000005279FA5D8B5E4AD40E736DDB4D35412328063FD2AAB53E5EA1E0A9F332500A5DF9487D07A5C92CC512C8866C7E860CE93FDF166A24912B422976146AE20CE846BB7DC9BA94A767AAEF20C0D61AD0265C4DD16E65A24575A709F174593F19FF85EA9 +Cipher = CAMELLIA-192-CTR +Key = 02BF391EE8ECB159B959617B0965279BF59B60A786D3E0FE +IV = 0007BDFD5CBD60278DCC091200000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223 +Ciphertext = 5710E556E1487A20B5AC0E73F19E4E7876F37FDC91B1EF4D4DADE8E666A64D0ED557AB57 -Cipher = aes-128-xts -Key = 2718281828459045235360287471352631415926535897932384626433832795 -IV = 00000000000000000000000000000000 -Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f -Ciphertext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad02655ea92dc4c4e41a8952c651d33174be51a10c421110e6d81588ede82103a252d8 +Cipher = CAMELLIA-256-CTR +Key = 776BEFF2851DB06F4C8A0542C8696F6C6A81AF1EEC96B4D37FC1D689E6C1C104 +IV = 00000060DB5672C97AA8F0B200000001 +Operation = ENCRYPT +Plaintext = 53696E676C6520626C6F636B206D7367 +Ciphertext = 3401F9C8247EFFCEBD6994714C1BBB11 -Cipher = aes-128-xts -Key = 2718281828459045235360287471352631415926535897932384626433832795 -IV = 00000000000000000000000000000000 -Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1 -Ciphertext = 27A7479BEFA1D476489F308CD4CFA6E2A96E4BBE3208FF25287DD3819616E89CC78CF7F5E543445F8333D8FA7F56000005279FA5D8B5E4AD40E736DDB4D35412328063FD2AAB53E5EA1E0A9F332500A5DF9487D07A5C92CC512C8866C7E860CE93FDF166A24912B422976146AE20CE846BB7DC9BA94A767AAEF20C0D61AD02655EA92DC4C4E41A8952C651D33174BE519215FA160C664D4B07D757A034AB3B35A10C +Cipher = CAMELLIA-256-CTR +Key = F6D66D6BD52D59BB0796365879EFF886C66DD51A5B6A99744B50590C87A23884 +IV = 00FAAC24C1585EF15A43D87500000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Ciphertext = D6C30392246F7808A83C2B22A8839E45E51CD48A1CDF406EBC9CC2D3AB834108 -Cipher = aes-128-xts -Key = 2718281828459045235360287471352631415926535897932384626433832795 -IV = 00000000000000000000000000000000 -Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf -Ciphertext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad02655ea92dc4c4e41a8952c651d33174be51a10c421110e6d81588ede82103a252d8a750e8768defffed9122810aaeb99f91 +Cipher = CAMELLIA-256-CTR +Key = FF7A617CE69148E4F1726E2F43581DE2AA62D9F805532EDFF1EED687FB54153D +IV = 001CC5B751A51D70A1C1114800000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223 +Ciphertext = A4DA23FCE6A5FFAA6D64AE9A0652A42CD161A34B65F9679F75C01F101F71276F15EF0D8D -Cipher = aes-128-xts -Key = 2718281828459045235360287471352631415926535897932384626433832795 +Title = SM4 test vectors from IETF draft-ribose-cfrg-sm4 + +Cipher = SM4-ECB +Key = 0123456789ABCDEFFEDCBA9876543210 +Plaintext = 0123456789ABCDEFFEDCBA9876543210 +Ciphertext = 681EDF34D206965E86B3E94F536E4246 + +Cipher = SM4-CBC +Key = 0123456789ABCDEFFEDCBA9876543210 +IV = 0123456789ABCDEFFEDCBA9876543210 +Plaintext = 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210 +Ciphertext = 2677F46B09C122CC975533105BD4A22AF6125F7275CE552C3A2BBCF533DE8A3B + +Cipher = SM4-OFB +Key = 0123456789ABCDEFFEDCBA9876543210 +IV = 0123456789ABCDEFFEDCBA9876543210 +Plaintext = 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210 +Ciphertext = 693D9A535BAD5BB1786F53D7253A7056F2075D28B5235F58D50027E4177D2BCE + +Cipher = SM4-CFB +Key = 0123456789ABCDEFFEDCBA9876543210 +IV = 0123456789ABCDEFFEDCBA9876543210 +Plaintext = 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210 +Ciphertext = 693D9A535BAD5BB1786F53D7253A70569ED258A85A0467CC92AAB393DD978995 + +Cipher = SM4-CTR +Key = 0123456789ABCDEFFEDCBA9876543210 +IV = 0123456789ABCDEFFEDCBA9876543210 +Plaintext = AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBCCCCCCCCCCCCCCCCDDDDDDDDDDDDDDDDEEEEEEEEEEEEEEEEFFFFFFFFFFFFFFFFEEEEEEEEEEEEEEEEAAAAAAAAAAAAAAAA +Ciphertext = C2B4759E78AC3CF43D0852F4E8D5F9FD7256E8A5FCB65A350EE00630912E44492A0B17E1B85B060D0FBA612D8A95831638B361FD5FFACD942F081485A83CA35D + +Title = ARIA test vectors from RFC5794 (and others) + +Cipher = ARIA-128-ECB +Key = 000102030405060708090a0b0c0d0e0f +Plaintext = 00112233445566778899aabbccddeeff +Ciphertext = d718fbd6ab644c739da95f3be6451778 + +Cipher = ARIA-192-ECB +Key = 000102030405060708090a0b0c0d0e0f1011121314151617 +Plaintext = 00112233445566778899aabbccddeeff +Ciphertext = 26449c1805dbe7aa25a468ce263a9e79 + +Cipher = ARIA-256-ECB +Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f +Plaintext = 00112233445566778899aabbccddeeff +Ciphertext = f92bd7c79fb72e2f2b8f80c1972d24fc + +# Additional ARIA mode vectors from http://210.104.33.10/ARIA/doc/ARIA-testvector-e.pdf +Cipher = ARIA-128-ECB +Key = 00112233445566778899aabbccddeeff +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = c6ecd08e22c30abdb215cf74e2075e6e29ccaac63448708d331b2f816c51b17d9e133d1528dbf0af5787c7f3a3f5c2bf6b6f345907a3055612ce072ff54de7d788424da6e8ccfe8172b391be499354165665ba7864917000a6eeb2ecb4a698edfc7887e7f556377614ab0a282293e6d884dbb84206cdb16ed1754e77a1f243fd086953f752cc1e46c7c794ae85537dcaec8dd721f55c93b6edfe2adea43873e8 + +Cipher = ARIA-128-CBC +Key = 00112233445566778899aabbccddeeff +IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 49d61860b14909109cef0d22a9268134fadf9fb23151e9645fba75018bdb1538b53334634bbf7d4cd4b5377033060c155fe3948ca75de1031e1d85619e0ad61eb419a866b3c2dbfd10a4ed18b22149f75897f0b8668b0c1c542c687778835fb7cd46e45f85eaa7072437dd9fa6793d6f8d4ccefc4eb1ac641ac1bd30b18c6d64c49bca137eb21c2e04da62712ca2b4f540c57112c38791852cfac7a5d19ed83a + +Cipher = ARIA-128-CFB +Key = 00112233445566778899aabbccddeeff +IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 3720e53ba7d615383406b09f0a05a200c07c21e6370f413a5d132500a68285017c61b434c7b7ca9685a51071861e4d4bb873b599b479e2d573dddeafba89f812ac6a9e44d554078eb3be94839db4b33da3f59c063123a7ef6f20e10579fa4fd239100ca73b52d4fcafeadee73f139f78f9b7614c2b3b9dbe010f87db06a89a9435f79ce8121431371f4e87b984e0230c22a6dacb32fc42dcc6accef33285bf11 + +Cipher = ARIA-128-CFB8 +Key = 00112233445566778899aabbccddeeff +IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 373c8f6a965599ec785cc8f8149f6c81b632ccb8e0c6eb6a9707ae52c59257a41f94701c1096933127a90195ed0c8e98690547572423bb45c3d70e4a18ee56b967c10e000ba4df5fba7c404134a343d8375d04b151d161ef83417fe1748447d30a6723c406733df7d18aa39a20752d2381942e244811bb97f72eae446b1815aa690cd1b1adcbd007c0088ecdc91cb2e2caf0e11e72459878137eea64ac62a9a1 + +Cipher = ARIA-128-OFB +Key = 00112233445566778899aabbccddeeff +IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 3720e53ba7d615383406b09f0a05a2000063063f0560083483faeb041c8adecef30cf80cefb002a0d280759168ec01db3d49f61aced260bd43eec0a2731730eec6fa4f2304319cf8ccac2d7be7833e4f8ae6ce967012c1c6badc5d28e7e4144f6bf5cebe01253ee202afce4bc61f28dec069a6f16f6c8a7dd2afae44148f6ff4d0029d5c607b5fa6b8c8a6301cde5c7033565cd0b8f0974ab490b236197ba04a + +Cipher = ARIA-128-CTR +Key = 00112233445566778899aabbccddeeff IV = 00000000000000000000000000000000 -Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1 -Ciphertext = 27A7479BEFA1D476489F308CD4CFA6E2A96E4BBE3208FF25287DD3819616E89CC78CF7F5E543445F8333D8FA7F56000005279FA5D8B5E4AD40E736DDB4D35412328063FD2AAB53E5EA1E0A9F332500A5DF9487D07A5C92CC512C8866C7E860CE93FDF166A24912B422976146AE20CE846BB7DC9BA94A767AAEF20C0D61AD02655EA92DC4C4E41A8952C651D33174BE51A10C421110E6D81588EDE82103A252D82C6CBC24F9357BD1FB882AA4B2CC2E7FA750 - -Cipher = aes-128-xts -Key = 2718281828459045235360287471352631415926535897932384626433832795 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = ac5d7de805a0bf1c57c854501af60fa11497e2a34519dea1569e91e5b5ccae2ff3bfa1bf975f4571f48be191613546c3911163c085f871f0e7ae5f2a085b81851c2a3ddf20ecb8fa51901aec8ee4ba32a35dab67bb72cd9140ad188a967ac0fbbdfa94ea6cce47dcf8525ab5a814cfeb2bb60ee2b126e2d9d847c1a9e96f9019e3e6a7fe40d3829afb73db1cc245646addb62d9b907baaafbe46a73dbc131d3d + +Cipher = ARIA-192-ECB +Key = 00112233445566778899aabbccddeeff0011223344556677 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 8d1470625f59ebacb0e55b534b3e462b5f23d33bff78f46c3c15911f4a21809aaccad80b4bda915aa9dae6bcebe06a6c83f77fd5391acfe61de2f646b5d447edbfd5bb49b12fbb9145b227895a757b2af1f7188734863d7b8b6ede5a5b2f06a0a233c8523d2db778fb31b0e311f32700152f33861e9d040c83b5eb40cd88ea49975709dc629365a189f78a3ec40345fc6a5a307a8f9a4413091e007eca5645a0 + +Cipher = ARIA-192-CBC +Key = 00112233445566778899aabbccddeeff0011223344556677 +IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = afe6cf23974b533c672a826264ea785f4e4f7f780dc7f3f1e0962b80902386d514e9c3e77259de92dd1102ffab086c1ea52a71260db5920a83295c25320e421147ca45d532f327b856ea947cd2196ae2e040826548b4c891b0ed0ca6e714dbc4631998d548110d666b3d54c2a091955c6f05beb4f62309368696c9791fc4c551564a2637f194346ec45fbca6c72a5b4612e208d531d6c34cc5c64eac6bd0cf8c + +Cipher = ARIA-192-CFB +Key = 00112233445566778899aabbccddeeff0011223344556677 +IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 4171f7192bf4495494d2736129640f5c4d87a9a213664c9448477c6ecc2013598d9766952dd8c3868f17e36ef66fd84bfa45d1593d2d6ee3ea2115047d710d4fb66187caa3a315b3c8ea2d313962edcfe5a3e2028d5ba9a09fd5c65c19d3440e477f0cab0628ec6902c73ee02f1afee9f80115be7b9df82d1e28228e28581a20560e195cbb9e2b327bf56fd2d0ae5502e42c13e9b4015d4da42dc859252e7da4 + +Cipher = ARIA-192-CFB8 +Key = 00112233445566778899aabbccddeeff0011223344556677 +IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 411d3b4f57f705aa4d13c46e2cf426af7c8c916ed7923d889f0047bbf11471b6d54f8757ef519339105be3cb69babb976a57d5631fc23cc3051fe9d36e8b8e27a2b2c0c4d31928ccbf30ea8239b46ba1b77f6198e7ecd2ce27b35958148e826f06aaf385bd30362ff141583e7c1d8924d44d36a1133094074631e18adafa9d2e55de98f6895c89d4266ebd33f3d4be5153a96fa12132ece2e81e66e55baa7ade + +Cipher = ARIA-192-OFB +Key = 00112233445566778899aabbccddeeff0011223344556677 +IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 4171f7192bf4495494d2736129640f5cc224d26d364b5a06ddde13d0f1e74faa846de354c63cda77469d1a2d425c47ff41734c71b3fa1fcdc11e0b2de22bfeed54898e233df652c75ae136e61de6524e62b3f806fb2e8e616eb410a1b9500537e327ffb04f19f7f82fde2b122100261f81b82723bf936be7beaaf3067d1c036001f1ade71422268d274d7dc6c6ae1970b27a5f2c2f39c1d241fe8cac5ccd74e9 + +Cipher = ARIA-192-CTR +Key = 00112233445566778899aabbccddeeff0011223344556677 IV = 00000000000000000000000000000000 -Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebf -Ciphertext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad02655ea92dc4c4e41a8952c651d33174be51a10c421110e6d81588ede82103a252d8a750e8768defffed9122810aaeb99f9172af82b604dc4b8e51bcb08235a6f434 - -Cipher = aes-128-xts -Key = 2718281828459045235360287471352631415926535897932384626433832795 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 08625ca8fe569c19ba7af3760a6ed1cef4d199263e999dde14082dbba7560b79a4c6b456b8707dce751f9854f18893dfdb3f4e5afa539733e6f1e70b98ba37891f8f81e95df8efc26c7ce043504cb18958b865e4e316cd2aa1c97f31bf23dc046ef326b95a692a191ba0f2a41c5fe9ae070f236ff7078e703b42666caafbdd20bad74ac4c20c0f46c7ca24c151716575c947da16c90cfe1bf217a41cfebe7531 + +Cipher = ARIA-256-ECB +Key = 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 58a875e6044ad7fffa4f58420f7f442d8e191016f28e79aefc01e204773280d7018e5f7a938ec30711719953bae86542cd7ebc752474c1a5f6eaaace2a7e29462ee7dfa5afdb84177ead95ccd4b4bb6e1ed17b9534cff0a5fc2941429cfee2ee49c7adbeb7e9d1b0d2a8531d942079596a27ed79f5b1dd13ecd604b07a48885a3afa0627a0e4e60a3c703af292f1baa77b702f16c54aa74bc727ea95c7468b00 + +Cipher = ARIA-256-CBC +Key = 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff +IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 523a8a806ae621f155fdd28dbc34e1ab7b9b42432ad8b2efb96e23b13f0a6e52f36185d50ad002c5f601bee5493f118b243ee2e313642bffc3902e7b2efd9a12fa682edd2d23c8b9c5f043c18b17c1ec4b5867918270fbec1027c19ed6af833da5d620994668ca22f599791d292dd6273b2959082aafb7a996167cce1eec5f0cfd15f610d87e2dda9ba68ce1260ca54b222491418374294e7909b1e8551cd8de + +Cipher = ARIA-256-CFB +Key = 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff +IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 26834705b0f2c0e2588d4a7f09009635f28bb93d8c31f870ec1e0bdb082b66fa402dd9c202be300c4517d196b14d4ce11dce97f7aaba54341b0d872cc9b63753a3e8556a14be6f7b3e27e3cfc39caf80f2a355aa50dc83c09c7b11828694f8e4aa726c528976b53f2c877f4991a3a8d28adb63bd751846ffb2350265e179d4990753ae8485ff9b4133ddad5875b84a90cbcfa62a045d726df71b6bda0eeca0be + +Cipher = ARIA-256-CFB8 +Key = 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff +IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 26baa33651e1f66434fec88ef27fd2b9a79e246dd89a3ffa00e8bdb37155433e6c24bd0b87d9a85baa9f485ccb984f5ec24d6a3ef5e3c81396177f039cf580dfdb55d6e1c47a28921dfe369e12fd357b289ad3a5544e1c1bd616d454db9c5f91f603373f29d5b2ed1b4b51de80f28537bbd43d5e3b5dd071dc91153cbbe732dfc325821b06ed8acaae656dcf2da9f13e4f29db671476f1e644ff06d9b67d6bd4 + +Cipher = ARIA-256-OFB +Key = 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff +IV = 0f1e2d3c4b5a69788796a5b4c3d2e1f0 +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 26834705b0f2c0e2588d4a7f0900963584c256815c4292b59f8d3f966a75b52345b4f5f98c785d3f368a8d5ff89b7f950ceab3cd63773c2621d652b8ef98b4196afb2c2b30496bc5b7d9e7f9084f9d855f63a511751c8909e7a6deadbe0a67a4fb89383ca5d209c6f66f793fc471195c476fb9c1eab2ac91e680e454b4f3ed9a67fb52f09c29b965b23cfa6f3f6bbb2a86c6cdbaa2857bf2486f543231892a52 + +Cipher = ARIA-256-CTR +Key = 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff IV = 00000000000000000000000000000000 -Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1 -Ciphertext = 27A7479BEFA1D476489F308CD4CFA6E2A96E4BBE3208FF25287DD3819616E89CC78CF7F5E543445F8333D8FA7F56000005279FA5D8B5E4AD40E736DDB4D35412328063FD2AAB53E5EA1E0A9F332500A5DF9487D07A5C92CC512C8866C7E860CE93FDF166A24912B422976146AE20CE846BB7DC9BA94A767AAEF20C0D61AD02655EA92DC4C4E41A8952C651D33174BE51A10C421110E6D81588EDE82103A252D8A750E8768DEFFFED9122810AAEB99F910409B03D164E727C31290FD4E039500872AF +Plaintext = 11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd +Ciphertext = 30026c329666141721178b99c0a1f1b2f06940253f7b3089e2a30ea86aa3c88f5940f05ad7ee41d71347bb7261e348f18360473fdf7d4e7723bffb4411cc13f6cdd89f3bc7b9c768145022c7a74f14d7c305cd012a10f16050c23f1ae5c23f45998d13fbaa041e51619577e0772764896a5d4516d8ffceb3bf7e05f613edd9a60cdcedaff9cfcaf4e00d445a54334f73ab2cad944e51d266548e61c6eb0aa1cd + +Title = ARIA GCM test vectors from IETF draft-ietf-avtcore-aria-srtp-10 + +Cipher = ARIA-128-GCM +Key = e91e5e75da65554a48181f3846349562 +IV = 000020e8f5eb00000000315e +AAD = 8008315ebf2e6fe020e8f5eb +Tag = 5abace3f37f5a736f4be984bbffbedc1 +Plaintext = f57af5fd4ae19562976ec57a5a7ad55a5af5c5e5c5fdf5c55ad57a4a7272d57262e9729566ed66e97ac54a4a5a7ad5e15ae5fdd5fd5ac5d56ae56ad5c572d54ae54ac55a956afd6aed5a4ac562957a9516991691d572fd14e97ae962ed7a9f4a955af572e162f57a956666e17ae1f54a95f566d54a66e16e4afd6a9f7ae1c5c55ae5d56afde916c5e94a6ec56695e14afde1148416e94ad57ac5146ed59d1cc5 +Ciphertext = 4d8a9a0675550c704b17d8c9ddc81a5cd6f7da34f2fe1b3db7cb3dfb9697102ea0f3c1fc2dbc873d44bceeae8e4442974ba21ff6789d3272613fb9631a7cf3f14bacbeb421633a90ffbe58c2fa6bdca534f10d0de0502ce1d531b6336e58878278531e5c22bc6c85bbd784d78d9e680aa19031aaf89101d669d7a3965c1f7e16229d7463e0535f4e253f5d18187d40b8ae0f564bd970b5e7e2adfb211e89a953 + +Cipher = ARIA-256-GCM +Key = 0c5ffd37a11edc42c325287fc0604f2e3e8cd5671a00fe3216aa5eb105783b54 +IV = 000020e8f5eb00000000315e +AAD = 8008315ebf2e6fe020e8f5eb +Tag = e210d6ced2cf430ff841472915e7ef48 +Plaintext = f57af5fd4ae19562976ec57a5a7ad55a5af5c5e5c5fdf5c55ad57a4a7272d57262e9729566ed66e97ac54a4a5a7ad5e15ae5fdd5fd5ac5d56ae56ad5c572d54ae54ac55a956afd6aed5a4ac562957a9516991691d572fd14e97ae962ed7a9f4a955af572e162f57a956666e17ae1f54a95f566d54a66e16e4afd6a9f7ae1c5c55ae5d56afde916c5e94a6ec56695e14afde1148416e94ad57ac5146ed59d1cc5 +Ciphertext = 6f9e4bcbc8c85fc0128fb1e4a0a20cb9932ff74581f54fc013dd054b19f99371425b352d97d3f337b90b63d1b082adeeea9d2d7391897d591b985e55fb50cb5350cf7d38dc27dda127c078a149c8eb98083d66363a46e3726af217d3a00275ad5bf772c7610ea4c23006878f0ee69a8397703169a419303f40b72e4573714d19e2697df61e7c7252e5abc6bade876ac4961bfac4d5e867afca351a48aed52822 + +Title = ARIA CCM test vectors from IETF draft-ietf-avtcore-aria-srtp-02 + +# 16-byte Tag + +Cipher = ARIA-128-CCM +Key = 974bee725d44fc3992267b284c3c6750 +IV = 000020e8f5eb00000000315e +AAD = 8008315ebf2e6fe020e8f5eb +Tag = 40f04b6467e300f6b336aedf9df4185b +Plaintext = f57af5fd4ae19562976ec57a5a7ad55a5af5c5e5c5fdf5c55ad57a4a7272d57262e9729566ed66e97ac54a4a5a7ad5e15ae5fdd5fd5ac5d56ae56ad5c572d54ae54ac55a956afd6aed5a4ac562957a9516991691d572fd14e97ae962ed7a9f4a955af572e162f57a956666e17ae1f54a95f566d54a66e16e4afd6a9f7ae1c5c55ae5d56afde916c5e94a6ec56695e14afde1148416e94ad57ac5146ed59d1cc5 +Ciphertext = 621e408a2e455505b39f704dcbac4307daabbd6d670abc4e42f2fd2fca263f094f4683e6fb0b10c5093d42b69dce0ba546520e7c4400975713f3bde93ef131160b9cbcd6df78a1502be7c6ea8d395b9ed0078819c3105c0ab92cb67b16ba51bb1f53508738bf7a37c9a905439b88b7af9d51a407916fdfea8d43bf253721846dc1671391225fc58d9d0693c8ade6a4ffb034ee6543dd4e651b7a084eae60f855 + +Cipher = ARIA-256-CCM +Key = 0c5ffd37a11edc42c325287fc0604f2e3e8cd5671a00fe3216aa5eb105783b54 +IV = 000020e8f5eb00000000315e +AAD = 8008315ebf2e6fe020e8f5eb +Tag = 87b6bd222c55365a9c7d0b215b77ea41 +Plaintext = f57af5fd4ae19562976ec57a5a7ad55a5af5c5e5c5fdf5c55ad57a4a7272d57262e9729566ed66e97ac54a4a5a7ad5e15ae5fdd5fd5ac5d56ae56ad5c572d54ae54ac55a956afd6aed5a4ac562957a9516991691d572fd14e97ae962ed7a9f4a955af572e162f57a956666e17ae1f54a95f566d54a66e16e4afd6a9f7ae1c5c55ae5d56afde916c5e94a6ec56695e14afde1148416e94ad57ac5146ed59d1cc5 +Ciphertext = ff78128ee18ee3cb9fb0d20726a017ff67fbd09d3a4c38aa32f6d306d3fdda378e459b83ed005507449d6cd981a4c1e3ff4193870c276ef09b6317a01a2283206ae4b4be0d0b235422c8abb00122410656b75e1ffc7fb49c0d0c5d6169aa7623610579968037aee8e83fc26264ea866590fd620aa3c0a5f323d953aa7f8defb0d0d60ab5a9de44dbaf8eae74ea3ab5f30594154f405fd630aa4c4d5603efdfa1 + +# 8-byte Tag + +Cipher = ARIA-128-CCM +Key = 974bee725d44fc3992267b284c3c6750 +IV = 000020e8f5eb00000000315e +AAD = 8008315ebf2e6fe020e8f5eb +Tag = dd2282c93a67fe4b +Plaintext = f57af5fd4ae19562976ec57a5a7ad55a5af5c5e5c5fdf5c55ad57a4a7272d57262e9729566ed66e97ac54a4a5a7ad5e15ae5fdd5fd5ac5d56ae56ad5c572d54ae54ac55a956afd6aed5a4ac562957a9516991691d572fd14e97ae962ed7a9f4a955af572e162f57a956666e17ae1f54a95f566d54a66e16e4afd6a9f7ae1c5c55ae5d56afde916c5e94a6ec56695e14afde1148416e94ad57ac5146ed59d1cc5 +Ciphertext = 621e408a2e455505b39f704dcbac4307daabbd6d670abc4e42f2fd2fca263f094f4683e6fb0b10c5093d42b69dce0ba546520e7c4400975713f3bde93ef131160b9cbcd6df78a1502be7c6ea8d395b9ed0078819c3105c0ab92cb67b16ba51bb1f53508738bf7a37c9a905439b88b7af9d51a407916fdfea8d43bf253721846dc1671391225fc58d9d0693c8ade6a4ffb034ee6543dd4e651b7a084eae60f855 + +Cipher = ARIA-256-CCM +Key = 0c5ffd37a11edc42c325287fc0604f2e3e8cd5671a00fe3216aa5eb105783b54 +IV = 000020e8f5eb00000000315e +AAD = 8008315ebf2e6fe020e8f5eb +Tag = 828dc0088f99a7ef +Plaintext = f57af5fd4ae19562976ec57a5a7ad55a5af5c5e5c5fdf5c55ad57a4a7272d57262e9729566ed66e97ac54a4a5a7ad5e15ae5fdd5fd5ac5d56ae56ad5c572d54ae54ac55a956afd6aed5a4ac562957a9516991691d572fd14e97ae962ed7a9f4a955af572e162f57a956666e17ae1f54a95f566d54a66e16e4afd6a9f7ae1c5c55ae5d56afde916c5e94a6ec56695e14afde1148416e94ad57ac5146ed59d1cc5 +Ciphertext = ff78128ee18ee3cb9fb0d20726a017ff67fbd09d3a4c38aa32f6d306d3fdda378e459b83ed005507449d6cd981a4c1e3ff4193870c276ef09b6317a01a2283206ae4b4be0d0b235422c8abb00122410656b75e1ffc7fb49c0d0c5d6169aa7623610579968037aee8e83fc26264ea866590fd620aa3c0a5f323d953aa7f8defb0d0d60ab5a9de44dbaf8eae74ea3ab5f30594154f405fd630aa4c4d5603efdfa1 + +# 12-byte Tag + +Cipher = ARIA-128-CCM +Key = 974bee725d44fc3992267b284c3c6750 +IV = 000020e8f5eb00000000315e +AAD = 8008315ebf2e6fe020e8f5eb +Tag = 01f3dedd15238da5ebfb1590 +Plaintext = f57af5fd4ae19562976ec57a5a7ad55a5af5c5e5c5fdf5c55ad57a4a7272d57262e9729566ed66e97ac54a4a5a7ad5e15ae5fdd5fd5ac5d56ae56ad5c572d54ae54ac55a956afd6aed5a4ac562957a9516991691d572fd14e97ae962ed7a9f4a955af572e162f57a956666e17ae1f54a95f566d54a66e16e4afd6a9f7ae1c5c55ae5d56afde916c5e94a6ec56695e14afde1148416e94ad57ac5146ed59d1cc5 +Ciphertext = 621e408a2e455505b39f704dcbac4307daabbd6d670abc4e42f2fd2fca263f094f4683e6fb0b10c5093d42b69dce0ba546520e7c4400975713f3bde93ef131160b9cbcd6df78a1502be7c6ea8d395b9ed0078819c3105c0ab92cb67b16ba51bb1f53508738bf7a37c9a905439b88b7af9d51a407916fdfea8d43bf253721846dc1671391225fc58d9d0693c8ade6a4ffb034ee6543dd4e651b7a084eae60f855 + +Cipher = ARIA-256-CCM +Key = 0c5ffd37a11edc42c325287fc0604f2e3e8cd5671a00fe3216aa5eb105783b54 +IV = 000020e8f5eb00000000315e +AAD = 8008315ebf2e6fe020e8f5eb +Tag = 3615b7f90a651de15da20fb6 +Plaintext = f57af5fd4ae19562976ec57a5a7ad55a5af5c5e5c5fdf5c55ad57a4a7272d57262e9729566ed66e97ac54a4a5a7ad5e15ae5fdd5fd5ac5d56ae56ad5c572d54ae54ac55a956afd6aed5a4ac562957a9516991691d572fd14e97ae962ed7a9f4a955af572e162f57a956666e17ae1f54a95f566d54a66e16e4afd6a9f7ae1c5c55ae5d56afde916c5e94a6ec56695e14afde1148416e94ad57ac5146ed59d1cc5 +Ciphertext = ff78128ee18ee3cb9fb0d20726a017ff67fbd09d3a4c38aa32f6d306d3fdda378e459b83ed005507449d6cd981a4c1e3ff4193870c276ef09b6317a01a2283206ae4b4be0d0b235422c8abb00122410656b75e1ffc7fb49c0d0c5d6169aa7623610579968037aee8e83fc26264ea866590fd620aa3c0a5f323d953aa7f8defb0d0d60ab5a9de44dbaf8eae74ea3ab5f30594154f405fd630aa4c4d5603efdfa1 + + +Title = SEED test vectors from RFC4269 -# AES wrap tests from RFC3394 -Cipher = id-aes128-wrap -Key = 000102030405060708090A0B0C0D0E0F -Plaintext = 00112233445566778899AABBCCDDEEFF -Ciphertext = 1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5 +Cipher = SEED-ECB +Key = 00000000000000000000000000000000 +Operation = DECRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F +Ciphertext = 5EBAC6E0054E166819AFF1CC6D346CDB -Cipher = id-aes192-wrap -Key = 000102030405060708090A0B0C0D0E0F1011121314151617 -Plaintext = 00112233445566778899AABBCCDDEEFF -Ciphertext = 96778B25AE6CA435F92B5B97C050AED2468AB8A17AD84E5D +Cipher = SEED-ECB +Key = 000102030405060708090A0B0C0D0E0F +Operation = DECRYPT +Plaintext = 00000000000000000000000000000000 +Ciphertext = C11F22F20140505084483597E4370F43 -Cipher = id-aes256-wrap -Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F -Plaintext = 00112233445566778899AABBCCDDEEFF -Ciphertext = 64E8C3F9CE0F5BA263E9777905818A2A93C8191E7D6E8AE7 +Cipher = SEED-ECB +Key = 4706480851E61BE85D74BFB3FD956185 +Operation = DECRYPT +Plaintext = 83A2F8A288641FB9A4E9A5CC2F131C7D +Ciphertext = EE54D13EBCAE706D226BC3142CD40D4A -Cipher = id-aes192-wrap -Key = 000102030405060708090A0B0C0D0E0F1011121314151617 -Plaintext = 00112233445566778899AABBCCDDEEFF0001020304050607 -Ciphertext = 031D33264E15D33268F24EC260743EDCE1C6C7DDEE725A936BA814915C6762D2 +Cipher = SEED-ECB +Key = 28DBC3BC49FFD87DCFA509B11D422BE7 +Operation = DECRYPT +Plaintext = B41E6BE2EBA84A148E2EED84593C5EC7 +Ciphertext = 9B9B7BFCD1813CB95D0B3618F40F5122 -Cipher = id-aes256-wrap -Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F -Plaintext = 00112233445566778899AABBCCDDEEFF0001020304050607 -Ciphertext = A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1 +Cipher = SEED-ECB +Key = 00000000000000000000000000000000 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F +Ciphertext = 5EBAC6E0054E166819AFF1CC6D346CDB -Cipher = id-aes256-wrap -Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F -Plaintext = 00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F -Ciphertext = 28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B7A02DD21 +Cipher = SEED-ECB +Key = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 00000000000000000000000000000000 +Ciphertext = C11F22F20140505084483597E4370F43 -# Same as previous example but with invalid unwrap key: should be rejected -# without returning any plaintext -Cipher = id-aes256-wrap -Operation = DECRYPT -Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E00 -Plaintext = 00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F -Ciphertext = 28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B7A02DD21 -Result = CIPHERUPDATE_ERROR +Cipher = SEED-ECB +Key = 4706480851E61BE85D74BFB3FD956185 +Operation = ENCRYPT +Plaintext = 83A2F8A288641FB9A4E9A5CC2F131C7D +Ciphertext = EE54D13EBCAE706D226BC3142CD40D4A -# AES wrap tests from RFC5649 -Cipher = id-aes192-wrap-pad -Key = 5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8 -Plaintext = c37b7e6492584340bed12207808941155068f738 -Ciphertext = 138bdeaa9b8fa7fc61f97742e72248ee5ae6ae5360d1ae6a5f54f373fa543b6a +Cipher = SEED-ECB +Key = 28DBC3BC49FFD87DCFA509B11D422BE7 +Operation = ENCRYPT +Plaintext = B41E6BE2EBA84A148E2EED84593C5EC7 +Ciphertext = 9B9B7BFCD1813CB95D0B3618F40F5122 -Cipher = id-aes192-wrap-pad -Key = 5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8 -Plaintext = 466f7250617369 -Ciphertext = afbeb0f07dfbf5419200f2ccb50bb24f +Title = Chacha20 Cipher = chacha20 Key = 0000000000000000000000000000000000000000000000000000000000000000 @@ -2243,7 +2482,6 @@ Ciphertext = 64a0861575861af460f062c79be643bd5e805cfd345cf389f108670ac76c8cb24c6 Operation = DECRYPT Result = CIPHERFINAL_ERROR - # self-generated vectors Cipher = chacha20-poly1305 Key = 1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0 diff --git a/deps/openssl/openssl/test/recipes/30-test_evp_data/evpdigest.txt b/deps/openssl/openssl/test/recipes/30-test_evp_data/evpdigest.txt index 6579e6988388a6..c3f58255486a25 100644 --- a/deps/openssl/openssl/test/recipes/30-test_evp_data/evpdigest.txt +++ b/deps/openssl/openssl/test/recipes/30-test_evp_data/evpdigest.txt @@ -17,6 +17,8 @@ # Which is currently unsupported by OpenSSL. They were generated using the # reference implementation. RFC7693 also mentions the 616263 / "abc" values. +Title = BLAKE tests + Digest = BLAKE2s256 Input = Output = 69217a3079908094e11121d042354a7c1f55b6482ca1a51e1b250dfd1ed0eef9 @@ -89,12 +91,144 @@ Digest = BLAKE2b512 Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081 Output = DF0A9D0C212843A6A934E3902B2DD30D17FBA5F969D2030B12A546D8A6A45E80CF5635F071F0452E9C919275DA99BED51EB1173C1AF0518726B75B0EC3BAE2B5 -# SHA(1) tests (from shatest.c) +Title = SHA tests from (RFC6234 section 8.5 and others) + Digest = SHA1 -Input = 616263 +Input = "abc" Output = a9993e364706816aba3e25717850c26c9cd0d89d -# MD5 tests +Digest = SHA1 +Input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" +Output = 84983e441c3bd26ebaae4aa1f95129e5e54670f1 + +Digest = SHA1 +Input = "a" +Ncopy = 1000 +Count = 1000 +Output = 34aa973cd4c4daa4f61eeb2bdbad27316534016f + +Digest = SHA224 +Input = "abc" +Output = 23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7 + +Digest = SHA224 +Input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" +Output = 75388b16512776cc5dba5da1fd890150b0c6455cb4f58b1952522525 + +Digest = SHA224 +Input = "a" +Ncopy = 64 +Count = 15625 +Output = 20794655980c91d8bbb4c1ea97618a4bf03f42581948b2ee4ee7ad67 + +Digest = SHA256 +Input = "abc" +Output = ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad + +Digest = SHA256 +Input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" +Output = 248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1 + +Digest = SHA256 +Input = "a" +Ncopy = 288 +Count = 3472 +Input = "a" +Ncopy = 64 +Output = cdc76e5c9914fb9281a1c7e284d73e67f1809a48a497200e046d39ccc7112cd0 + +Digest = SHA384 +Input = "abc" +Output = cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7 + +Digest = SHA384 +Input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" +Output = 09330c33f71147e83d192fc782cd1b4753111b173b3b05d22fa08086e3b0f712fcc7c71a557e2db966c3e9fa91746039 + +Digest = SHA384 +Input = "a" +Ncopy = 64 +Count = 15625 +Output = 9d0e1809716474cb086e834e310a4a1ced149e9c00f248527972cec5704c2a5b07b8b3dc38ecc4ebae97ddd87f3d8985 + +Digest = SHA512 +Input = "abc" +Output = ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f + +Digest = SHA512 +Input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" +Output = 8e959b75dae313da8cf4f72814fc143f8f7779c6eb9f7fa17299aeadb6889018501d289e4900f7e4331b99dec4b5433ac7d329eeb6dd26545e96e55b874be909 + +Digest = SHA512 +Input = "a" +Ncopy = 288 +Count = 3472 +Input = "a" +Ncopy = 64 +Output = e718483d0ce769644e2e42c7bc15b4638e1f98b13b2044285632a803afa973ebde0ff244877ea60a4cb0432ce577c31beb009c5c2c49aa2e4eadb217ad8cc09b + +# Some of the test vectors from the SHS CAVP for FIPS 180-4 +Digest = SHA512-224 +Input = +Output = 6ed0dd02806fa89e25de060c19d3ac86cabb87d6a0ddd05c333b84f4 + +Digest = SHA512-224 +Input = cf +Output = 4199239e87d47b6feda016802bf367fb6e8b5655eff6225cb2668f4a + +Digest = SHA512-224 +Input = ca2d +Output = 392b99b593b85e147f031986c2a9edfdb4ffd9f24c77c452d339c9fc + +Digest = SHA512-224 +Input = 6963446913771410 +Output = 21f6c373637e6a5e89d6e88811110c5c3fa12e497144912914c546e1 + +Digest = SHA512-224 +Input = 44c6c75e377f21fc9cd7c164ca5c4cb82c5538a58dfb323992e6bcf588c61b246053706bf88725a09d0a8adfcdeec0db419cd7732b0e3386bc3f3407e9e016546f4d15c314bfd57e30c302926deb3342cbc315a1e706c5607c127de42a9a739b +Output = b9b62986eebdb35c88b12e0257537a05394ef5a16fad01c2fec57d6f + +# The two examples from: https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA512_224.pdf +Digest = SHA512-224 +Input = "abc" +Output = 4634270f707b6a54daae7530460842e20e37ed265ceee9a43e8924aa + +Digest = SHA512-224 +Input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" +Output = 23fec5bb94d60b23308192640b0c453335d664734fe40e7268674af9 + +# Some of the test vectors from the SHS CAVP for FIPS 180-4 +Digest = SHA512-256 +Input = +Output = c672b8d1ef56ed28ab87c3622c5114069bdd3ad7b8f9737498d0c01ecef0967a + +Digest = SHA512-256 +Input = fa +Output = c4ef36923c64e51e875720e550298a5ab8a3f2f875b1e1a4c9b95babf7344fef + +Digest = SHA512-256 +Input = 74e4 +Output = 0c994228b8d3bd5ea5b5259157a9bba7a193118ad22817e6fbed2df1a32a4148 + +Digest = SHA512-256 +Input = b4e2e8501f54be91 +Output = d25265bf9cbc0dd2f108a2f5e8f69db7d15e5b8fe9100fe887dae20b6e054fe8 + +Digest = SHA512-256 +Input = 63188781f4e9cbd1e89a54a65da053b93722e1106f00f024ad1582421ab919326f8a6e17536d6596e3cf413a9231141733e37aae540f8711cefafe489a87c4f2e6fd942f6809f3bef3076763487de48c2ee88733c5bc870617a668c6f01471ed +Output = 91a8e285029085e224987078066486b6c605cbac27e49e84f4639710ddd05d33 + +# The two examples from https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA512_256.pdf +Digest = SHA512-256 +Input = "abc" +Output = 53048e2681941ef99b2e29b76b4c7dabe4c2d0c634fc6d46e0e2f13107e7af23 + +Digest = SHA512-256 +Input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" +Output = 3928e184fb8690f840da3988121d31be65cb9d3ef83ee6146feac861e19b563a + +Title = MD5 tests + Digest = MD5 Input = Output = d41d8cd98f00b204e9800998ecf8427e @@ -123,7 +257,22 @@ Digest = MD5 Input = 3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930 Output = 57edf4a22be3c955ac49da2e2107b67a -# MD4 tests +Title = MD5-SHA1 + +Digest = MD5-SHA1 +Input = +Output = d41d8cd98f00b204e9800998ecf8427eda39a3ee5e6b4b0d3255bfef95601890afd80709 + +Digest = MD5-SHA1 +Input = "abc" +Output = 900150983cd24fb0d6963f7d28e17f72a9993e364706816aba3e25717850c26c9cd0d89d + +Digest = MD5-SHA1 +Input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" +Output = 8215ef0796a20bcaaae116d3876c664a84983e441c3bd26ebaae4aa1f95129e5e54670f1 + +Title = MD4 tests + Digest = MD4 Input = "" Output = 31d6cfe0d16ae931b73c59d7e0c089c0 @@ -152,7 +301,8 @@ Digest = MD4 Input = "12345678901234567890123456789012345678901234567890123456789012345678901234567890" Output = e33b4ddc9c38f2199c3e7b164fcc0536 -# RIPEMD160 tests +Title = RIPEMD160 tests + Digest = RIPEMD160 Input = "" Output = 9c1185a5c5e9fc54612808977ee8f548b2258d31 @@ -185,7 +335,8 @@ Digest = RIPEMD160 Input = "12345678901234567890123456789012345678901234567890123456789012345678901234567890" Output = 9b752e45573d4b39f4dbd3323cab82bf63326bfb -# ISO/IEC 10118-3 test vector set +Title = Whirlpool (from ISO/IEC 10118-3 test vector set) + Digest = whirlpool Input = "" Output = 19FA61D75522A4669B44E39C1D2E1726C530232130D407F89AFEE0964997F7A73E83BE698B288FEBCF88E3E03C4F0757EA8964E59B63D93708B138CC42A66EB3 @@ -222,3 +373,174 @@ Digest = whirlpool Input = "aaaaaaaaaa" Count = 100000 Output = 0C99005BEB57EFF50A7CF005560DDF5D29057FD86B20BFD62DECA0F1CCEA4AF51FC15490EDDC47AF32BB2B66C34FF9AD8C6008AD677F77126953B226E4ED8B01 + + +Title = SHA3 + +# Empty input and \xA3x200 vectors are taken from +# http://csrc.nist.gov/groups/ST/toolkit/examples.html#aHashing +# Others are pairs of "LongMsg" vectors available at +# http://csrc.nist.gov/groups/STM/cavp/secure-hashing.html#test-vectors + +Digest = SHA3-224 +Input = "" +Output = 6B4E03423667DBB73B6E15454F0EB1ABD4597F9A1B078E3F5B5A6BC7 + +Digest = SHA3-224 +Input = A3 +Count = 200 +Output = 9376816ABA503F72F96CE7EB65AC095DEEE3BE4BF9BBC2A1CB7E11E0 + +Digest = SHA3-224 +Input = 31c82d71785b7ca6b651cb6c8c9ad5e2aceb0b0633c088d33aa247ada7a594ff4936c023251319820a9b19fc6c48de8a6f7ada214176ccdaadaeef51ed43714ac0c8269bbd497e46e78bb5e58196494b2471b1680e2d4c6dbd249831bd83a4d3be06c8a2e903933974aa05ee748bfe6ef359f7a143edf0d4918da916bd6f15e26a790cff514b40a5da7f72e1ed2fe63a05b8149587bea05653718cc8980eadbfeca85b7c9c286dd040936585938be7f98219700c83a9443c2856a80ff46852b26d1b1edf72a30203cf6c44a10fa6eaf1920173cedfb5c4cf3ac665b37a86ed02155bbbf17dc2e786af9478fe0889d86c5bfa85a242eb0854b1482b7bd16f67f80bef9c7a628f05a107936a64273a97b0088b0e515451f916b5656230a12ba6dc78 +Output = aab23c9e7fb9d7dacefdfd0b1ae85ab1374abff7c4e3f7556ecae412 + +Digest = SHA3-224 +Input = ab4f9d765085ccb474be6e2369568292532f6fa4dd9c50d02a7d8fab0fabb56a7f9680a2462c3753fafd3a252f9dddf1eb4a76835acfb59fc2a83441b8674f2995573697245e40549d2883f1d781a153b903e470f2f28e53e9646a66f7a5a7f0d5d9e6dd50e392be44867010c7ca77c1a5a2e1f00dcb82f589f759a1332b65c62766b9fa3483d399d7602a0969400642976e948d13243a8b89aa287ad5c230b47344d7783606aced3dfed86424abf7de77b026ce6cc35d20d1c500794332b0c1a1bc67dfc033c4c360a8a3aa5fd2f19d2db1bf3b807094b949900827e6438ef5991692b539d3c42227a6b362847e9d88a1b6855db7f58760d953690b26bd7258439a7f8409ae53137a3f2f14fa77a2a6bc0aa3bb7a19dd1c69554aae6c6703f3879057d3978c1a9d41bd3f492985aa0064f43fde2fa33ff6e1dfd4961e0aeacd4e3f412b4d35c0c864660d8779705a9c82bb824c405c54f429392e4da66ecfee7ef066139270ee9ccc83be5952ff5c84ffa8938f130cc52129ab825b6a5b585f01ebed13ce074c225f5b7d441cfc58c0c1039a2f127b3982ca7df546d4993027bd78ffb36ac08161063870d23f2df556b214 +Output = d61f04985026eee29d0f9700f8c5aea32ec2c23b1a9357edeb2be20c + + +Digest = SHA3-256 +Input = "" +Output = A7FFC6F8BF1ED76651C14756A061D662F580FF4DE43B49FA82D80A4B80F8434A + +Digest = SHA3-256 +Input = A3 +Count = 200 +Output = 79F38ADEC5C20307A98EF76E8324AFBFD46CFD81B22E3973C65FA1BD9DE31787 + +Digest = SHA3-256 +Input = b1caa396771a09a1db9bc20543e988e359d47c2a616417bbca1b62cb02796a888fc6eeff5c0b5c3d5062fcb4256f6ae1782f492c1cf03610b4a1fb7b814c057878e1190b9835425c7a4a0e182ad1f91535ed2a35033a5d8c670e21c575ff43c194a58a82d4a1a44881dd61f9f8161fc6b998860cbe4975780be93b6f87980bad0a99aa2cb7556b478ca35d1f3746c33e2bb7c47af426641cc7bbb3425e2144820345e1d0ea5b7da2c3236a52906acdc3b4d34e474dd714c0c40bf006a3a1d889a632983814bbc4a14fe5f159aa89249e7c738b3b73666bac2a615a83fd21ae0a1ce7352ade7b278b587158fd2fabb217aa1fe31d0bda53272045598015a8ae4d8cec226fefa58daa05500906c4d85e7567 +Output = cb5648a1d61c6c5bdacd96f81c9591debc3950dcf658145b8d996570ba881a05 + +Digest = SHA3-256 +Input = 712b03d9ebe78d3a032a612939c518a6166ca9a161183a7596aa35b294d19d1f962da3ff64b57494cb5656e24adcf3b50e16f4e52135d2d9de76e94aa801cf49db10e384035329c54c9455bb3a9725fd9a44f44cb9078d18d3783d46ce372c31281aecef2f8b53d5702b863d71bc5786a33dd15d9256103b5ff7572f703d5cde6695e6c84f239acd1d6512ef581330590f4ab2a114ea064a693d5f8df5d908587bc7f998cde4a8b43d8821595566597dc8b3bf9ea78b154bd8907ee6c5d4d8a851f94be510962292b7ddda04d17b79fab4c022deb400e5489639dbc448f573d5cf72073a8001b36f73ac6677351b39d9bdb900e9a1121f488a7fa0aee60682e7dc7c531c85ec0154593ded3ae70e4121cae58445d8896b549cacf22d07cdace7625d57158721b44851d796d6511c38dac28dd37cbf2d7073b407fbc813149adc485e3dacee66755443c389d2d90dc70d8ff91816c0c5d7adbad7e30772a1f3ce76c72a6a2284ec7f174aefb6e9a895c118717999421b470a9665d2728c3c60c6d3e048d58b43c0d1b5b2f00be8b64bfe453d1e8fadf5699331f9 +Output = 095dcd0bc55206d2e1e715fb7173fc16a81979f278495dfc69a6d8f3174eba5a + + +Digest = SHA3-384 +Input = "" +Output = 0C63A75B845E4F7D01107D852E4C2485C51A50AAAA94FC61995E71BBEE983A2AC3713831264ADB47FB6BD1E058D5F004 + +Digest = SHA3-384 +Input = A3 +Count = 200 +Output = 1881DE2CA7E41EF95DC4732B8F5F002B189CC1E42B74168ED1732649CE1DBCDD76197A31FD55EE989F2D7050DD473E8F + +Digest = SHA3-384 +Input = 5fe35923b4e0af7dd24971812a58425519850a506dfa9b0d254795be785786c319a2567cbaa5e35bcf8fe83d943e23fa5169b73adc1fcf8b607084b15e6a013df147e46256e4e803ab75c110f77848136be7d806e8b2f868c16c3a90c14463407038cb7d9285079ef162c6a45cedf9c9f066375c969b5fcbcda37f02aacff4f31cded3767570885426bebd9eca877e44674e9ae2f0c24cdd0e7e1aaf1ff2fe7f80a1c4f5078eb34cd4f06fa94a2d1eab5806ca43fd0f06c60b63d5402b95c70c21ea65a151c5cfaf8262a46be3c722264b +Output = 3054d249f916a6039b2a9c3ebec1418791a0608a170e6d36486035e5f92635eaba98072a85373cb54e2ae3f982ce132b + +Digest = SHA3-384 +Input = 035adcb639e5f28bb5c88658f45c1ce0be16e7dafe083b98d0ab45e8dcdbfa38e3234dfd973ba555b0cf8eea3c82ae1a3633fc565b7f2cc839876d3989f35731be371f60de140e3c916231ec780e5165bf5f25d3f67dc73a1c33655dfdf439dfbf1cbba8b779158a810ad7244f06ec078120cd18760af436a238941ce1e687880b5c879dc971a285a74ee85c6a746749a30159ee842e9b03f31d613dddd22975cd7fed06bd049d772cb6cc5a705faa734e87321dc8f2a4ea366a368a98bf06ee2b0b54ac3a3aeea637caebe70ad09ccda93cc06de95df73394a87ac9bbb5083a4d8a2458e91c7d5bf113aecae0ce279fdda76ba690787d26345e94c3edbc16a35c83c4d071b132dd81187bcd9961323011509c8f644a1c0a3f14ee40d7dd186f807f9edc7c02f6761061bbb6dd91a6c96ec0b9f10edbbd29dc52 +Output = 02535d86cc7518484a2a238c921b739b1704a50370a2924abf39958c5976e658dc5e87440063112459bddb40308b1c70 + + +Digest = SHA3-512 +Input = "" +Output = A69F73CCA23A9AC5C8B567DC185A756E97C982164FE25859E0D1DCC1475C80A615B2123AF1F5F94C11E3E9402C3AC558F500199D95B6D3E301758586281DCD26 + +Digest = SHA3-512 +Input = A3 +Count = 200 +Output = E76DFAD22084A8B1467FCF2FFA58361BEC7628EDF5F3FDC0E4805DC48CAEECA81B7C13C30ADF52A3659584739A2DF46BE589C51CA1A4A8416DF6545A1CE8BA00 + +Digest = SHA3-512 +Input = 664ef2e3a7059daf1c58caf52008c5227e85cdcb83b4c59457f02c508d4f4f69f826bd82c0cffc5cb6a97af6e561c6f96970005285e58f21ef6511d26e709889a7e513c434c90a3cf7448f0caeec7114c747b2a0758a3b4503a7cf0c69873ed31d94dbef2b7b2f168830ef7da3322c3d3e10cafb7c2c33c83bbf4c46a31da90cff3bfd4ccc6ed4b310758491eeba603a76 +Output = e5825ff1a3c070d5a52fbbe711854a440554295ffb7a7969a17908d10163bfbe8f1d52a676e8a0137b56a11cdf0ffbb456bc899fc727d14bd8882232549d914e + +Digest = SHA3-512 +Input = 991c4e7402c7da689dd5525af76fcc58fe9cc1451308c0c4600363586ccc83c9ec10a8c9ddaec3d7cfbd206484d09634b9780108440bf27a5fa4a428446b3214fa17084b6eb197c5c59a4e8df1cfc521826c3b1cbf6f4212f6bfb9bc106dfb5568395643de58bffa2774c31e67f5c1e7017f57caadbb1a56cc5b8a5cf9584552e17e7af9542ba13e9c54695e0dc8f24eddb93d5a3678e10c8a80ff4f27b677d40bef5cb5f9b3a659cc4127970cd2c11ebf22d514812dfefdd73600dfc10efba38e93e5bff47736126043e50f8b9b941e4ec3083fb762dbf15c86 +Output = cd0f2a48e9aa8cc700d3f64efb013f3600ebdbb524930c682d21025eab990eb6d7c52e611f884031fafd9360e5225ab7e4ec24cbe97f3af6dbe4a86a4f068ba7 + +Digest = SHAKE128 +Input = "" +Output = 7F9C2BA4E88F827D616045507605853ED73B8093F6EFBC88EB1A6EACFA66EF263CB1EEA988004B93103CFB0AEEFD2A686E01FA4A58E8A3639CA8A1E3F9AE57E235B8CC873C23DC62B8D260169AFA2F75AB916A58D974918835D25E6A435085B2BADFD6DFAAC359A5EFBB7BCC4B59D538DF9A04302E10C8BC1CBF1A0B3A5120EA17CDA7CFAD765F5623474D368CCCA8AF0007CD9F5E4C849F167A580B14AABDEFAEE7EEF47CB0FCA9767BE1FDA69419DFB927E9DF07348B196691ABAEB580B32DEF58538B8D23F87732EA63B02B4FA0F4873360E2841928CD60DD4CEE8CC0D4C922A96188D032675C8AC850933C7AFF1533B94C834ADBB69C6115BAD4692D8619F90B0CDF8A7B9C264029AC185B70B83F2801F2F4B3F70C593EA3AEEB613A7F1B1DE33FD75081F592305F2E4526EDC09631B10958F464D889F31BA010250FDA7F1368EC2967FC84EF2AE9AFF268E0B1700AFFC6820B523A3D917135F2DFF2EE06BFE72B3124721D4A26C04E53A75E30E73A7A9C4A95D91C55D495E9F51DD0B5E9D83C6D5E8CE803AA62B8D654DB53D09B8DCFF273CDFEB573FAD8BCD45578BEC2E770D01EFDE86E721A3F7C6CCE275DABE6E2143F1AF18DA7EFDDC4C7B70B5E345DB93CC936BEA323491CCB38A388F546A9FF00DD4E1300B9B2153D2041D205B443E41B45A653F2A5C4492C1ADD544512DDA2529833462B71A41A45BE97290B6F + +Digest = SHAKE128 +Input = A3 +Count = 200 +Output = 131AB8D2B594946B9C81333F9BB6E0CE75C3B93104FA3469D3917457385DA037CF232EF7164A6D1EB448C8908186AD852D3F85A5CF28DA1AB6FE3438171978467F1C05D58C7EF38C284C41F6C2221A76F12AB1C04082660250802294FB87180213FDEF5B0ECB7DF50CA1F8555BE14D32E10F6EDCDE892C09424B29F597AFC270C904556BFCB47A7D40778D390923642B3CBD0579E60908D5A000C1D08B98EF933F806445BF87F8B009BA9E94F7266122ED7AC24E5E266C42A82FA1BBEFB7B8DB0066E16A85E0493F07DF4809AEC084A593748AC3DDE5A6D7AAE1E8B6E5352B2D71EFBB47D4CAEED5E6D633805D2D323E6FD81B4684B93A2677D45E7421C2C6AEA259B855A698FD7D13477A1FE53E5A4A6197DBEC5CE95F505B520BCD9570C4A8265A7E01F89C0C002C59BFEC6CD4A5C109258953EE5EE70CD577EE217AF21FA70178F0946C9BF6CA8751793479F6B537737E40B6ED28511D8A2D7E73EB75F8DAAC912FF906E0AB955B083BAC45A8E5E9B744C8506F37E9B4E749A184B30F43EB188D855F1B70D71FF3E50C537AC1B0F8974F0FE1A6AD295BA42F6AEC74D123A7ABEDDE6E2C0711CAB36BE5ACB1A5A11A4B1DB08BA6982EFCCD716929A7741CFC63AA4435E0B69A9063E880795C3DC5EF3272E11C497A91ACF699FEFEE206227A44C9FB359FD56AC0A9A75A743CFF6862F17D7259AB075216C0699511643B6439 + +Digest = SHAKE128 +Input = a6fe00064257aa318b621c5eb311d32bb8004c2fa1a969d205d71762cc5d2e633907992629d1b69d9557ff6d5e8deb454ab00f6e497c89a4fea09e257a6fa2074bd818ceb5981b3e3faefd6e720f2d1edd9c5e4a5c51e5009abf636ed5bca53fe159c8287014a1bd904f5c8a7501625f79ac81eb618f478ce21cae6664acffb30572f059e1ad0fc2912264e8f1ca52af26c8bf78e09d75f3dd9fc734afa8770abe0bd78c90cc2ff448105fb16dd2c5b7edd8611a62e537db9331f5023e16d6ec150cc6e706d7c7fcbfff930c7281831fd5c4aff86ece57ed0db882f59a5fe403105d0592ca38a081fed84922873f538ee774f13b8cc09bd0521db4374aec69f4bae6dcb66455822c0b84c91a3474ffac2ad06f0a4423cd2c6a49d4f0d6242d6a1890937b5d9835a5f0ea5b1d01884d22a6c1718e1f60b3ab5e232947c76ef70b344171083c688093b5f1475377e3069863 +Output = 3109d9472ca436e805c6b3db2251a9bc + +Digest = SHAKE128 +Input = 49d81708d86cd59dea0ac2c1017a9712d6dffb754dde0b57a9023a39fc5f5b6be276fc176f59f6826610428fac3a0e85fcf71011db061b8fcf2bf085ccd45670effb6dc46f4e3f2ed08e981c5935187fc95b86cf46da675096b1cf9591a67842d6301116be93d8288e4d6b70f1b1db8aa5d203b774a21825665b8170351ee86801da91154570eaf80a1564945af7822df8232fd04ea65593a7f2ab1e9e84cf6ad6c494c9ec2d9d27aaad2b8f7e4f33f12a17b422bc2d4724c13ff8a8b62054d1bfb5c33b9c11183cd8df67694300165ca37637b5a781155f1c070d156339a0242374c6723b6584bffb71c02b935455f8cb086392f5e8e8cc2015956d8f19daeb6aca4476b27108387a2ce0dc5591154d0b94ddc090abe8f4363036b821062baffb7fe550ea7dcd30bfd86c84710081e1c9e450475e123c5ec41f98ff0149bbf6405b5207cad1fb2f313d0f2bcee9be3f6ebe623049640d9234ab644a172ab14ba02633a339b5b9bb38226fda5694f7ec63ebbb8238eb8219ec9c429f4bf0353383a72f2d21702f5e3c513499f04852710f33044512edc47a56bad90885e5713851a7efac694b869fa590076e844ff757d95de581c1b3fa3dd8ccd28cad4f8ae173ee1b28f98ee606dca89063fbef0f262b33053f2c854debdc9cd433ab77abb64f445aa9b981761c4761767f3b71c2646c7b0d873baae50bc9f0 +Output = c609be05458f7ab33e7b6b54bc6e8999 + +Digest = SHAKE256 +Input = "" +Output = 46B9DD2B0BA88D13233B3FEB743EEB243FCD52EA62B81B82B50C27646ED5762FD75DC4DDD8C0F200CB05019D67B592F6FC821C49479AB48640292EACB3B7C4BE141E96616FB13957692CC7EDD0B45AE3DC07223C8E92937BEF84BC0EAB862853349EC75546F58FB7C2775C38462C5010D846C185C15111E595522A6BCD16CF86F3D122109E3B1FDD943B6AEC468A2D621A7C06C6A957C62B54DAFC3BE87567D677231395F6147293B68CEAB7A9E0C58D864E8EFDE4E1B9A46CBE854713672F5CAAAE314ED9083DAB4B099F8E300F01B8650F1F4B1D8FCF3F3CB53FB8E9EB2EA203BDC970F50AE55428A91F7F53AC266B28419C3778A15FD248D339EDE785FB7F5A1AAA96D313EACC890936C173CDCD0FAB882C45755FEB3AED96D477FF96390BF9A66D1368B208E21F7C10D04A3DBD4E360633E5DB4B602601C14CEA737DB3DCF722632CC77851CBDDE2AAF0A33A07B373445DF490CC8FC1E4160FF118378F11F0477DE055A81A9EDA57A4A2CFB0C83929D310912F729EC6CFA36C6AC6A75837143045D791CC85EFF5B21932F23861BCF23A52B5DA67EAF7BAAE0F5FB1369DB78F3AC45F8C4AC5671D85735CDDDB09D2B1E34A1FC066FF4A162CB263D6541274AE2FCC865F618ABE27C124CD8B074CCD516301B91875824D09958F341EF274BDAB0BAE316339894304E35877B0C28A9B1FD166C796B9CC258A064A8F57E27F2A + +Digest = SHAKE256 +Input = A3 +Count = 200 +Output = CD8A920ED141AA0407A22D59288652E9D9F1A7EE0C1E7C1CA699424DA84A904D2D700CAAE7396ECE96604440577DA4F3AA22AEB8857F961C4CD8E06F0AE6610B1048A7F64E1074CD629E85AD7566048EFC4FB500B486A3309A8F26724C0ED628001A1099422468DE726F1061D99EB9E93604D5AA7467D4B1BD6484582A384317D7F47D750B8F5499512BB85A226C4243556E696F6BD072C5AA2D9B69730244B56853D16970AD817E213E470618178001C9FB56C54FEFA5FEE67D2DA524BB3B0B61EF0E9114A92CDBB6CCCB98615CFE76E3510DD88D1CC28FF99287512F24BFAFA1A76877B6F37198E3A641C68A7C42D45FA7ACC10DAE5F3CEFB7B735F12D4E589F7A456E78C0F5E4C4471FFFA5E4FA0514AE974D8C2648513B5DB494CEA847156D277AD0E141C24C7839064CD08851BC2E7CA109FD4E251C35BB0A04FB05B364FF8C4D8B59BC303E25328C09A882E952518E1A8AE0FF265D61C465896973D7490499DC639FB8502B39456791B1B6EC5BCC5D9AC36A6DF622A070D43FED781F5F149F7B62675E7D1A4D6DEC48C1C7164586EAE06A51208C0B791244D307726505C3AD4B26B6822377257AA152037560A739714A3CA79BD605547C9B78DD1F596F2D4F1791BC689A0E9B799A37339C04275733740143EF5D2B58B96A363D4E08076A1A9D7846436E4DCA5728B6F760EEF0CA92BF0BE5615E96959D767197A0BEEB + +Digest = SHAKE256 +Input = dc5a100fa16df1583c79722a0d72833d3bf22c109b8889dbd35213c6bfce205813edae3242695cfd9f59b9a1c203c1b72ef1a5423147cb990b5316a85266675894e2644c3f9578cebe451a09e58c53788fe77a9e850943f8a275f830354b0593a762bac55e984db3e0661eca3cb83f67a6fb348e6177f7dee2df40c4322602f094953905681be3954fe44c4c902c8f6bba565a788b38f13411ba76ce0f9f6756a2a2687424c5435a51e62df7a8934b6e141f74c6ccf539e3782d22b5955d3baf1ab2cf7b5c3f74ec2f9447344e937957fd7f0bdfec56d5d25f61cde18c0986e244ecf780d6307e313117256948d4230ebb9ea62bb302cfe80d7dfebabc4a51d7687967ed5b416a139e974c005fff507a96 +Output = 2bac5716803a9cda8f9e84365ab0a681327b5ba34fdedfb1c12e6e807f45284b + +Digest = SHAKE256 +Input = 16caf60da14b4fa9174a6d40c23cff93ed8fc9279990f749718db1500036ef2222498ffab86fa568a0611299e54e58d83281ac558d3f4d2541ee158b1c7d4d76dbffc64ae39925e3329f7fd894fa26fc1acdc22bc858a3438e1c55707a3f75ad2b33c48789937a24b34ddd85390611088cba3231b2a3a0a93e5d9a8780470fcff92cb03811234a330db353283b3bc3036f9125efb3eaed613bfa0c59975cc2e52c33b3e6e5123e1626190a4a0261e1f5ad9bc2ee34f331736b3bd26d274536f5ae90f5186c27fdd7e8c72972f64016e72d1d32b59b8715e5b867154b99cb140a668b9d560e2c307e3904d9297f9f07dfd7629ccc526e41c109c8fc7c53b604293c6cd42933e77e11031a42f605485fe893b129bcbf705c0f45a4b087bfcead5c187ac1174322909a2d4f8b61f001c4074951000c4c550ed5564458f444dab8aae2fe8daaa6a30d209fecddf2a893df46e18b4b4460e4011d23f01d4c49a4cc1c82405f6ac5339eac41385f3295c657ac43a72fed62e6daee94ef271638f292b8e18860de0699eb45fb7d3aa81f61d44158edd68ebc244451918b +Output = 21a48efd949c3f785179a0e340756a23f77d29a7625229a71a05731c7fbd5aa9 + +# Following tests are pairs of *last* "VariableOut" vectors from +# http://csrc.nist.gov/groups/STM/cavp/secure-hashing.html#test-vectors + +Digest = SHAKE128 +Input = c60a221c975e14bf835827c1103a2906 +Output = 0db7f7196eee8dd6994a16ded19cb09f05f89ccd2464333df2c017c6ca041fa0d54a4832a74ce86ce9b41d8e523e66ce6ef9df7c20aa70e0ac00f54eb072a472ef46cf2a933df0d5f9fafab6388a206f6bd1df50b0836500c758c557c8ac965733fdaaa59f5ed661a1bda61e2952886a60f9568157e3d72e49b6e061fc08f3f1caf159e8eff77ea5221565d2 + +Digest = SHAKE128 +Input = 0a13ad2c7a239b4ba73ea6592ae84ea9 +Output = 5feaf99c15f48851943ff9baa6e5055d8377f0dd347aa4dbece51ad3a6d9ce0c01aee9fe2260b80a4673a909b532adcdd1e421c32d6460535b5fe392a58d2634979a5a104d6c470aa3306c400b061db91c463b2848297bca2bc26d1864ba49d7ff949ebca50fbf79a5e63716dc82b600bd52ca7437ed774d169f6bf02e46487956fba2230f34cd2a0485484d + +Digest = SHAKE256 +Input = 6ae23f058f0f2264a18cd609acc26dd4dbc00f5c3ee9e13ecaea2bb5a2f0bb6b +Output = b9b92544fb25cfe4ec6fe437d8da2bbe00f7bdaface3de97b8775a44d753c3adca3f7c6f183cc8647e229070439aa9539ae1f8f13470c9d3527fffdeef6c94f9f0520ff0c1ba8b16e16014e1af43ac6d94cb7929188cce9d7b02f81a2746f52ba16988e5f6d93298d778dfe05ea0ef256ae3728643ce3e29c794a0370e9ca6a8bf3e7a41e86770676ac106f7ae79e67027ce7b7b38efe27d253a52b5cb54d6eb4367a87736ed48cb45ef27f42683da140ed3295dfc575d3ea38cfc2a3697cc92864305407369b4abac054e497378dd9fd0c4b352ea3185ce1178b3dc1599df69db29259d4735320c8e7d33e8226620c9a1d22761f1d35bdff79a + +Digest = SHAKE256 +Input = 8d8001e2c096f1b88e7c9224a086efd4797fbf74a8033a2d422a2b6b8f6747e4 +Output = 2e975f6a8a14f0704d51b13667d8195c219f71e6345696c49fa4b9d08e9225d3d39393425152c97e71dd24601c11abcfa0f12f53c680bd3ae757b8134a9c10d429615869217fdd5885c4db174985703a6d6de94a667eac3023443a8337ae1bc601b76d7d38ec3c34463105f0d3949d78e562a039e4469548b609395de5a4fd43c46ca9fd6ee29ada5efc07d84d553249450dab4a49c483ded250c9338f85cd937ae66bb436f3b4026e859fda1ca571432f3bfc09e7c03ca4d183b741111ca0483d0edabc03feb23b17ee48e844ba2408d9dcfd0139d2e8c7310125aee801c61ab7900d1efc47c078281766f361c5e6111346235e1dc38325666c + +Title = SM3 Tests + +# From https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02 + +Digest = SM3 +Input = 0090414C494345313233405941484F4F2E434F4D787968B4FA32C3FD2417842E73BBFEFF2F3C848B6831D7E0EC65228B3937E49863E4C6D3B23B0C849CF84241484BFE48F61D59A5B16BA06E6E12D1DA27C5249A421DEBD61B62EAB6746434EBC3CC315E32220B3BADD50BDC4C4E6C147FEDD43D0680512BCBB42C07D47349D2153B70C4E5D7FDFCBFA36EA1A85841B9E46E09A20AE4C7798AA0F119471BEE11825BE46202BB79E2A5844495E97C04FF4DF2548A7C0240F88F1CD4E16352A73C17B7F16F07353E53A176D684A9FE0C6BB798E857 +Output = F4A38489E32B45B6F876E3AC2168CA392362DC8F23459C1D1146FC3DBFB7BC9A + +# From https://tools.ietf.org/html/draft-shen-sm3-hash-01 +Digest = SM3 +Input = 616263 +Output = 66C7F0F462EEEDD9D1F2D46BDC10E4E24167C4875CF2F7A2297DA02B8F4BA8E0 + +Digest = SM3 +Input = 61626364616263646162636461626364616263646162636461626364616263646162636461626364616263646162636461626364616263646162636461626364 +Output = DEBE9FF92275B8A138604889C18E5A4D6FDB70E5387E5765293dCbA39C0C5732 + +# From GmSSL test suite + +Digest = SM3 +Input = 0090414C494345313233405941484F4F2E434F4D787968B4FA32C3FD2417842E73BBFEFF2F3C848B6831D7E0EC65228B3937E49863E4C6D3B23B0C849CF84241484BFE48F61D59A5B16BA06E6E12D1DA27C5249A421DEBD61B62EAB6746434EBC3CC315E32220B3BADD50BDC4C4E6C147FEDD43D0680512BCBB42C07D47349D2153B70C4E5D7FDFCBFA36EA1A85841B9E46E09A20AE4C7798AA0F119471BEE11825BE46202BB79E2A5844495E97C04FF4DF2548A7C0240F88F1CD4E16352A73C17B7F16F07353E53A176D684A9FE0C6BB798E857 +Output = F4A38489E32B45B6F876E3AC2168CA392362DC8F23459C1D1146FC3DBFB7BC9A + +Digest = SM3 +Input = 0090414C494345313233405941484F4F2E434F4D00000000000000000000000000000000000000000000000000000000000000000000E78BCD09746C202378A7E72B12BCE00266B9627ECB0B5A25367AD1AD4CC6242B00CDB9CA7F1E6B0441F658343F4B10297C0EF9B6491082400A62E7A7485735FADD013DE74DA65951C4D76DC89220D5F7777A611B1C38BAE260B175951DC8060C2B3E0165961645281A8626607B917F657D7E9382F1EA5CD931F40F6627F357542653B201686522130D590FB8DE635D8FCA715CC6BF3D05BEF3F75DA5D543454448166612 +Output = 26352AF82EC19F207BBC6F9474E11E90CE0F7DDACE03B27F801817E897A81FD5 + +Digest = SM3 +Input = 0090414C494345313233405941484F4F2E434F4D787968B4FA32C3FD2417842E73BBFEFF2F3C848B6831D7E0EC65228B3937E49863E4C6D3B23B0C849CF84241484BFE48F61D59A5B16BA06E6E12D1DA27C5249A421DEBD61B62EAB6746434EBC3CC315E32220B3BADD50BDC4C4E6C147FEDD43D0680512BCBB42C07D47349D2153B70C4E5D7FDFCBFA36EA1A85841B9E46E09A23099093BF3C137D8FCBBCDF4A2AE50F3B0F216C3122D79425FE03A45DBFE16553DF79E8DAC1CF0ECBAA2F2B49D51A4B387F2EFAF482339086A27A8E05BAED98B +Output = E4D1D0C3CA4C7F11BC8FF8CB3F4C02A78F108FA098E51A668487240F75E20F31 + +Digest = SM3 +Input = 008842494C4C343536405941484F4F2E434F4D787968B4FA32C3FD2417842E73BBFEFF2F3C848B6831D7E0EC65228B3937E49863E4C6D3B23B0C849CF84241484BFE48F61D59A5B16BA06E6E12D1DA27C5249A421DEBD61B62EAB6746434EBC3CC315E32220B3BADD50BDC4C4E6C147FEDD43D0680512BCBB42C07D47349D2153B70C4E5D7FDFCBFA36EA1A85841B9E46E09A2245493D446C38D8CC0F118374690E7DF633A8A4BFB3329B5ECE604B2B4F37F4353C0869F4B9E17773DE68FEC45E14904E0DEA45BF6CECF9918C85EA047C60A4C +Output = 6B4B6D0E276691BD4A11BF72F4FB501AE309FDACB72FA6CC336E6656119ABD67 + +Digest = SM3 +Input = 4D38D2958CA7FD2CFAE3AF04486959CF92C8EF48E8B83A05C112E739D5F181D03082020CA003020102020900AF28725D98D33143300C06082A811CCF550183750500307D310B300906035504060C02636E310B300906035504080C02626A310B300906035504070C02626A310F300D060355040A0C06746F70736563310F300D060355040B0C06746F707365633111300F06035504030C08546F707365634341311F301D06092A864886F70D0109010C10626A40746F707365632E636F6D2E636E301E170D3132303632343037353433395A170D3332303632303037353433395A307D310B300906035504060C02636E310B300906035504080C02626A310B300906035504070C02626A310F300D060355040A0C06746F70736563310F300D060355040B0C06746F707365633111300F06035504030C08546F707365634341311F301D06092A864886F70D0109010C10626A40746F707365632E636F6D2E636E3059301306072A8648CE3D020106082A811CCF5501822D03420004D69C2F1EEC3BFB6B95B30C28085C77B125D77A9C39525D8190768F37D6B205B589DCD316BBE7D89A9DC21917F17799E698531F5E6E3E10BD31370B259C3F81C3A3733071300F0603551D130101FF040530030101FF301D0603551D0E041604148E5D90347858BAAAD870D8BDFBA6A85E7B563B64301F0603551D230418301680148E5D90347858BAAAD870D8BDFBA6A85E7B563B64300B0603551D0F040403020106301106096086480186F8420101040403020057 +Output = C3B02E500A8B60B77DEDCF6F4C11BEF8D56E5CDE708C72065654FD7B2167915A diff --git a/deps/openssl/openssl/test/recipes/30-test_evp_data/evpencod.txt b/deps/openssl/openssl/test/recipes/30-test_evp_data/evpencod.txt index 010a88f9353569..c896979fbd7ba0 100644 --- a/deps/openssl/openssl/test/recipes/30-test_evp_data/evpencod.txt +++ b/deps/openssl/openssl/test/recipes/30-test_evp_data/evpencod.txt @@ -1,5 +1,5 @@ # -# Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -12,7 +12,7 @@ # and continue until a blank line. Lines starting with a pound sign, # like this prolog, are ignored. -# Base64 tests +Title = Base64 tests Encoding = canonical Input = "" diff --git a/deps/openssl/openssl/test/recipes/30-test_evp_data/evpkdf.txt b/deps/openssl/openssl/test/recipes/30-test_evp_data/evpkdf.txt index da4a824bc62fda..8bcebdb2d8f583 100644 --- a/deps/openssl/openssl/test/recipes/30-test_evp_data/evpkdf.txt +++ b/deps/openssl/openssl/test/recipes/30-test_evp_data/evpkdf.txt @@ -1,5 +1,5 @@ # -# Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -12,7 +12,7 @@ # and continue until a blank line. Lines starting with a pound sign, # like this prolog, are ignored. -# TLS1 PRF tests, from NIST test vectors +Title = TLS1 PRF tests (from NIST test vectors) KDF=TLS1-PRF Ctrl.md = md:MD5-SHA1 @@ -46,6 +46,15 @@ Ctrl.server_random = hexseed:ae6c806f8ad4d80784549dff28a4b58fd837681a51d928c3e30 Ctrl.client_random = hexseed:62e1fd91f23f558a605f28478c58cf72637b89784d959df7e946d3f07bd1b616 Output = d06139889fffac1e3a71865f504aa5d0d2a2e89506c6f2279b670c3e1b74f531016a2530c51a3a0f7e1d6590d0f0566b2f387f8d11fd4f731cdd572d2eae927f6f2f81410b25e6960be68985add6c38445ad9f8c64bf8068bf9a6679485d966f1ad6f68b43495b10a683755ea2b858d70ccac7ec8b053c6bd41ca299d4e51928 +# As above but use long name for KDF +KDF=tls1-prf +Ctrl.md = md:SHA256 +Ctrl.Secret = hexsecret:202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf +Ctrl.label = seed:key expansion +Ctrl.server_random = hexseed:ae6c806f8ad4d80784549dff28a4b58fd837681a51d928c3e30ee5ff14f39868 +Ctrl.client_random = hexseed:62e1fd91f23f558a605f28478c58cf72637b89784d959df7e946d3f07bd1b616 +Output = d06139889fffac1e3a71865f504aa5d0d2a2e89506c6f2279b670c3e1b74f531016a2530c51a3a0f7e1d6590d0f0566b2f387f8d11fd4f731cdd572d2eae927f6f2f81410b25e6960be68985add6c38445ad9f8c64bf8068bf9a6679485d966f1ad6f68b43495b10a683755ea2b858d70ccac7ec8b053c6bd41ca299d4e51928 + # Missing digest. KDF=TLS1-PRF Ctrl.Secret = hexsecret:01 @@ -60,7 +69,7 @@ Ctrl.Seed = hexseed:02 Output = 03 Result = KDF_DERIVE_ERROR -# HKDF tests, from RFC5869 test vectors +Title = HKDF tests (from RFC5869 test vectors) KDF = HKDF Ctrl.md = md:SHA256 @@ -70,9 +79,37 @@ Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9 Output = 3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865 KDF = HKDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.md = md:SHA256 +Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b +Ctrl.salt = hexsalt:000102030405060708090a0b0c +Output = 077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5 + +KDF = HKDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.md = md:SHA256 +Ctrl.IKM = hexkey:077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5 +Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9 +Output = 3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865 + +KDF = HKDF +Ctrl.md = md:SHA256 +Ctrl.IKM = hexkey:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f +Ctrl.salt = hexsalt:606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf +Ctrl.info = hexinfo:b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff +Output = b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87 + +KDF = HKDF +Ctrl.mode = mode:EXTRACT_ONLY Ctrl.md = md:SHA256 Ctrl.IKM = hexkey:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f Ctrl.salt = hexsalt:606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf +Output = 06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244 + +KDF = HKDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.md = md:SHA256 +Ctrl.IKM = hexkey:06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244 Ctrl.info = hexinfo:b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff Output = b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87 @@ -83,6 +120,21 @@ Ctrl.salt = salt: Ctrl.info = info: Output = 8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8 +KDF = HKDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.md = md:SHA256 +Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b +Ctrl.salt = salt: +Ctrl.info = info: +Output = 19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04 + +KDF = HKDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.md = md:SHA256 +Ctrl.IKM = hexkey:19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04 +Ctrl.info = info: +Output = 8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8 + KDF = HKDF Ctrl.md = md:SHA1 Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b @@ -91,9 +143,37 @@ Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9 Output = 085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896 KDF = HKDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.md = md:SHA1 +Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b +Ctrl.salt = hexsalt:000102030405060708090a0b0c +Output = 9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243 + +KDF = HKDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.md = md:SHA1 +Ctrl.IKM = hexkey:9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243 +Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9 +Output = 085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896 + +KDF = HKDF +Ctrl.md = md:SHA1 +Ctrl.IKM = hexkey:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f +Ctrl.salt = hexsalt:606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf +Ctrl.info = hexinfo:b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff +Output = 0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4 + +KDF = HKDF +Ctrl.mode = mode:EXTRACT_ONLY Ctrl.md = md:SHA1 Ctrl.IKM = hexkey:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f Ctrl.salt = hexsalt:606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf +Output = 8adae09a2a307059478d309b26c4115a224cfaf6 + +KDF = HKDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.md = md:SHA1 +Ctrl.IKM = hexkey:8adae09a2a307059478d309b26c4115a224cfaf6 Ctrl.info = hexinfo:b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff Output = 0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4 @@ -105,9 +185,37 @@ Ctrl.info = info: Output = 0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918 KDF = HKDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.md = md:SHA1 +Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b +Ctrl.salt = salt: +Output = da8c8a73c7fa77288ec6f5e7c297786aa0d32d01 + +KDF = HKDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.md = md:SHA1 +Ctrl.IKM = hexkey:da8c8a73c7fa77288ec6f5e7c297786aa0d32d01 +Ctrl.info = info: +Output = 0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918 + +KDF = HKDF +Ctrl.md = md:SHA1 +Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c +Ctrl.salt = salt: +Ctrl.info = info: +Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48 + +KDF = HKDF +Ctrl.mode = mode:EXTRACT_ONLY Ctrl.md = md:SHA1 Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c Ctrl.salt = salt: +Output = 2adccada18779e7c2077ad2eb19d3f3e731385dd + +KDF = HKDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.md = md:SHA1 +Ctrl.IKM = hexkey:2adccada18779e7c2077ad2eb19d3f3e731385dd Ctrl.info = info: Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48 @@ -136,3 +244,61 @@ Ctrl.md = md:SHA1 Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c Ctrl.salt = salt: Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48 + +KDF = HKDF +Ctrl.mode = mode:EXTRACT_AND_EXPAND +Ctrl.md = md:SHA1 +Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c +Ctrl.salt = salt: +Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48 + +Title = id-scrypt tests (from draft-josefsson-id-scrypt-kdf-03 and others) + +KDF = scrypt +Ctrl.pass = pass: +Ctrl.salt = salt: +Ctrl.N = N:16 +Ctrl.r = r:1 +Ctrl.p = p:1 +Output = 77d6576238657b203b19ca42c18a0497f16b4844e3074ae8dfdffa3fede21442fcd0069ded0948f8326a753a0fc81f17e8d3e0fb2e0d3628cf35e20c38d18906 + +KDF = scrypt +Ctrl.pass = pass:password +Ctrl.salt = salt:NaCl +Ctrl.N = N:1024 +Ctrl.r = r:8 +Ctrl.p = p:16 +Output = fdbabe1c9d3472007856e7190d01e9fe7c6ad7cbc8237830e77376634b3731622eaf30d92e22a3886ff109279d9830dac727afb94a83ee6d8360cbdfa2cc0640 + +KDF = scrypt +Ctrl.hexpass = hexpass:70617373776f7264 +Ctrl.salt = salt:NaCl +Ctrl.N = N:1024 +Ctrl.r = r:8 +Ctrl.p = p:16 +Output = fdbabe1c9d3472007856e7190d01e9fe7c6ad7cbc8237830e77376634b3731622eaf30d92e22a3886ff109279d9830dac727afb94a83ee6d8360cbdfa2cc0640 + +KDF = scrypt +Ctrl.pass = pass:password +Ctrl.hexsalt = hexsalt:4e61436c +Ctrl.N = N:1024 +Ctrl.r = r:8 +Ctrl.p = p:16 +Output = fdbabe1c9d3472007856e7190d01e9fe7c6ad7cbc8237830e77376634b3731622eaf30d92e22a3886ff109279d9830dac727afb94a83ee6d8360cbdfa2cc0640 + +KDF = scrypt +Ctrl.pass = pass:pleaseletmein +Ctrl.salt = salt:SodiumChloride +Ctrl.N = N:16384 +Ctrl.r = r:8 +Ctrl.p = p:1 +Output = 7023bdcb3afd7348461c06cd81fd38ebfda8fbba904f8e3ea9b543f6545da1f2d5432955613f0fcf62d49705242a9af9e61e85dc0d651e40dfcf017b45575887 + +# Out of memory +KDF = scrypt +Ctrl.pass = pass:pleaseletmein +Ctrl.salt = salt:SodiumChloride +Ctrl.N = N:1048576 +Ctrl.r = r:8 +Ctrl.p = p:1 +Result = INTERNAL_ERROR diff --git a/deps/openssl/openssl/test/recipes/30-test_evp_data/evpmac.txt b/deps/openssl/openssl/test/recipes/30-test_evp_data/evpmac.txt index dff9a1ffa8d22a..ecc51799722a69 100644 --- a/deps/openssl/openssl/test/recipes/30-test_evp_data/evpmac.txt +++ b/deps/openssl/openssl/test/recipes/30-test_evp_data/evpmac.txt @@ -12,7 +12,155 @@ # and continue until a blank line. Lines starting with a pound sign, # like this prolog, are ignored. -# HMAC tests from RFC2104 +# SIPHASH tests - default values: 2,4 rounds, 16-byte mac +# There are no official test vectors, they are simple vectors 1, 2, 3, etc + +Title = SIPHASH tests + +MAC = SipHash +Key = 000102030405060708090A0B0C0D0E0F +Input = +Output = a3817f04ba25a8e66df67214c7550293 + +MAC = SipHash +Key = 000102030405060708090A0B0C0D0E0F +Input = 00 +Output = da87c1d86b99af44347659119b22fc45 + +MAC = SipHash +Key = 000102030405060708090A0B0C0D0E0F +Input = 0001 +Output = 8177228da4a45dc7fca38bdef60affe4 + +MAC = SipHash +Key = 000102030405060708090A0B0C0D0E0F +Input = 000102 +Output = 9c70b60c5267a94e5f33b6b02985ed51 + +MAC = SipHash +Key = 000102030405060708090A0B0C0D0E0F +Input = 00010203 +Output = f88164c12d9c8faf7d0f6e7c7bcd5579 + +MAC = SipHash +Key = 000102030405060708090A0B0C0D0E0F +Input = 0001020304 +Output = 1368875980776f8854527a07690e9627 + +MAC = SipHash +Key = 000102030405060708090A0B0C0D0E0F +Input = 000102030405 +Output = 14eeca338b208613485ea0308fd7a15e + +MAC = SipHash +Key = 000102030405060708090A0B0C0D0E0F +Input = 00010203040506 +Output = a1f1ebbed8dbc153c0b84aa61ff08239 + +MAC = SipHash +Key = 000102030405060708090A0B0C0D0E0F +Input = 0001020304050607 +Output = 3b62a9ba6258f5610f83e264f31497b4 + +MAC = SipHash +Key = 000102030405060708090A0B0C0D0E0F +Input = 000102030405060708 +Output = 264499060ad9baabc47f8b02bb6d71ed + +MAC = SipHash +Key = 000102030405060708090A0B0C0D0E0F +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E +Output = 5150d1772f50834a503e069a973fbd7c + + +MAC = SipHash +Key = 000102030405060708090A0B0C0D0E0F +Input = +Output = a3817f04ba25a8e66df67214c7550293 + +MAC = SipHash +Key = 000102030405060708090A0B0C0D0E0F +Input = 00 +Output = da87c1d86b99af44347659119b22fc45 + +MAC = SipHash +Key = 000102030405060708090A0B0C0D0E0F +Input = 0001 +Output = 8177228da4a45dc7fca38bdef60affe4 + +MAC = SipHash +Key = 000102030405060708090A0B0C0D0E0F +Input = 000102 +Output = 9c70b60c5267a94e5f33b6b02985ed51 + +MAC = SipHash +Key = 000102030405060708090A0B0C0D0E0F +Input = 00010203 +Output = f88164c12d9c8faf7d0f6e7c7bcd5579 + +MAC = SipHash +Key = 000102030405060708090A0B0C0D0E0F +Input = 0001020304 +Output = 1368875980776f8854527a07690e9627 + +MAC = SipHash +Key = 000102030405060708090A0B0C0D0E0F +Input = 000102030405 +Output = 14eeca338b208613485ea0308fd7a15e + +MAC = SipHash +Key = 000102030405060708090A0B0C0D0E0F +Input = 00010203040506 +Output = a1f1ebbed8dbc153c0b84aa61ff08239 + +MAC = SipHash +Key = 000102030405060708090A0B0C0D0E0F +Input = 0001020304050607 +Output = 3b62a9ba6258f5610f83e264f31497b4 + +MAC = SipHash +Key = 000102030405060708090A0B0C0D0E0F +Input = 000102030405060708 +Output = 264499060ad9baabc47f8b02bb6d71ed + +MAC = SipHash +Key = 000102030405060708090A0B0C0D0E0F +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E +Output = 5150d1772f50834a503e069a973fbd7c + +# SIPHASH - default values: 2,4 rounds, explicit 8-byte mac + +MAC = SipHash +Ctrl = digestsize:8 +Key = 000102030405060708090A0B0C0D0E0F +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E +Output = 724506EB4C328A95 + +# SIPHASH - default values: 2,4 rounds, explicit 16-byte mac + +MAC = SipHash +Ctrl = digestsize:16 +Key = 000102030405060708090A0B0C0D0E0F +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E +Output = 5150d1772f50834a503e069a973fbd7c + +# SIPHASH - default values: 2,4 rounds, explicit 16-byte mac (set as 0) + +MAC = SipHash +Ctrl = digestsize:0 +Key = 000102030405060708090A0B0C0D0E0F +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E +Output = 5150d1772f50834a503e069a973fbd7c + +# SIPHASH - default values: 2,4 rounds, explicit 13-byte mac (invalid size) + +MAC = SipHash +Ctrl = digestsize:13 +Key = 000102030405060708090A0B0C0D0E0F +Result = EVPPKEYCTXCTRL_ERROR + +Title = HMAC tests (from RFC2104 and others) + MAC = HMAC Algorithm = MD5 Key = 0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b @@ -31,6 +179,8 @@ Key = AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA Input = DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD Output = 56be34521d144c88dbb8c733f0e8b3f6 +Title = SHA1 + # HMAC tests from NIST test data MAC = HMAC @@ -51,6 +201,8 @@ Input = "Sample message for keylen=blocklen" Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F60616263 Output = 2D51B2F7750E410584662E38F133435F4C4FD42A +Title = SHA2 + MAC = HMAC Algorithm = SHA224 Input = "Sample message for keylen=blocklen" @@ -123,7 +275,84 @@ Input = "Sample message for keylen=blocklen" Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 Output = D93EC8D2DE1AD2A9957CB9B83F14E76AD6B5E0CCE285079A127D3B14BCCB7AA7286D4AC0D4CE64215F2BC9E6870B33D97438BE4AAA20CDA5C5A912B48B8E27F3 -# CMAC tests from FIPS module +Title = SHA3 + +# NIST's test vectors + +MAC = HMAC +Algorithm = SHA3-224 +Input = "Sample message for keylen 6; + +# rsa +ok(run(test(["x509_check_cert_pkey_test", + srctop_file("test", "certs", "servercert.pem"), + srctop_file("test", "certs", "serverkey.pem"), "cert", "ok"]))); +# mismatched rsa +ok(run(test(["x509_check_cert_pkey_test", + srctop_file("test", "certs", "servercert.pem"), + srctop_file("test", "certs", "wrongkey.pem"), "cert", "failed"]))); +SKIP: { + skip "DSA disabled", 1, if disabled("dsa"); + # dsa + ok(run(test(["x509_check_cert_pkey_test", + srctop_file("test", "certs", "server-dsa-cert.pem"), + srctop_file("test", "certs", "server-dsa-key.pem"), "cert", "ok"]))); +} +# ecc +SKIP: { + skip "EC disabled", 1 if disabled("ec"); + ok(run(test(["x509_check_cert_pkey_test", + srctop_file("test", "certs", "server-ecdsa-cert.pem"), + srctop_file("test", "certs", "server-ecdsa-key.pem"), "cert", "ok"]))); +} +# certificate request (rsa) +ok(run(test(["x509_check_cert_pkey_test", + srctop_file("test", "certs", "x509-check.csr"), + srctop_file("test", "certs", "x509-check-key.pem"), "req", "ok"]))); +# mismatched certificate request (rsa) +ok(run(test(["x509_check_cert_pkey_test", + srctop_file("test", "certs", "x509-check.csr"), + srctop_file("test", "certs", "wrongkey.pem"), "req", "failed"]))); diff --git a/deps/openssl/openssl/test/recipes/60-test_x509_dup_cert.t b/deps/openssl/openssl/test/recipes/60-test_x509_dup_cert.t index 8e1c31381470af..7cae05c6e3be7d 100644 --- a/deps/openssl/openssl/test/recipes/60-test_x509_dup_cert.t +++ b/deps/openssl/openssl/test/recipes/60-test_x509_dup_cert.t @@ -1,13 +1,11 @@ #! /usr/bin/env perl -# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy # in the file LICENSE in the source distribution or at # https://www.openssl.org/source/license.html -# -# ====================================================================== -# Copyright (c) 2017 Oracle and/or its affiliates. All rights reserved. use OpenSSL::Test qw/:DEFAULT srctop_file/; diff --git a/deps/openssl/openssl/test/recipes/60-test_x509_time.t b/deps/openssl/openssl/test/recipes/60-test_x509_time.t index e812cd0b26f3a0..8b311ad31405ad 100644 --- a/deps/openssl/openssl/test/recipes/60-test_x509_time.t +++ b/deps/openssl/openssl/test/recipes/60-test_x509_time.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/test/recipes/70-test_clienthello.t b/deps/openssl/openssl/test/recipes/70-test_clienthello.t index ef0868f05a7be2..ccb3a5a1e0185a 100644 --- a/deps/openssl/openssl/test/recipes/70-test_clienthello.t +++ b/deps/openssl/openssl/test/recipes/70-test_clienthello.t @@ -7,7 +7,7 @@ # https://www.openssl.org/source/license.html -use OpenSSL::Test; +use OpenSSL::Test qw/:DEFAULT srctop_file/; use OpenSSL::Test::Utils; setup("test_clienthello"); @@ -17,4 +17,5 @@ plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build" plan tests => 1; -ok(run(test(["clienthellotest"])), "running clienthellotest"); +ok(run(test(["clienthellotest", srctop_file("test", "session.pem")])), + "running clienthellotest"); diff --git a/deps/openssl/openssl/test/recipes/70-test_comp.t b/deps/openssl/openssl/test/recipes/70-test_comp.t new file mode 100644 index 00000000000000..d11ba39e0db32d --- /dev/null +++ b/deps/openssl/openssl/test/recipes/70-test_comp.t @@ -0,0 +1,110 @@ +#! /usr/bin/env perl +# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file srctop_dir bldtop_dir/; +use OpenSSL::Test::Utils; +use File::Temp qw(tempfile); +use TLSProxy::Proxy; + +my $test_name = "test_comp"; +setup($test_name); + +plan skip_all => "TLSProxy isn't usable on $^O" + if $^O =~ /^(VMS)$/; + +plan skip_all => "$test_name needs the dynamic engine feature enabled" + if disabled("engine") || disabled("dynamic-engine"); + +plan skip_all => "$test_name needs the sock feature enabled" + if disabled("sock"); + +plan skip_all => "$test_name needs TLSv1.3 or TLSv1.2 enabled" + if disabled("tls1_3") && disabled("tls1_2"); + +$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; +$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); + +use constant { + MULTIPLE_COMPRESSIONS => 0, + NON_NULL_COMPRESSION => 1 +}; +my $testtype; + +my $proxy = TLSProxy::Proxy->new( + undef, + cmdstr(app(["openssl"]), display => 1), + srctop_file("apps", "server.pem"), + (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) +); + +$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; +plan tests => 4; + +SKIP: { + skip "TLSv1.2 disabled", 2 if disabled("tls1_2"); + #Test 1: Check that sending multiple compression methods in a TLSv1.2 + # ClientHello succeeds + $proxy->clear(); + $proxy->filter(\&add_comp_filter); + $proxy->clientflags("-no_tls1_3"); + $testtype = MULTIPLE_COMPRESSIONS; + $proxy->start(); + ok(TLSProxy::Message->success(), "Non null compression"); + + #Test 2: NULL compression method must be present in TLSv1.2 + $proxy->clear(); + $proxy->clientflags("-no_tls1_3"); + $testtype = NON_NULL_COMPRESSION; + $proxy->start(); + ok(TLSProxy::Message->fail(), "NULL compression missing"); +} + +SKIP: { + skip "TLSv1.3 disabled", 2 if disabled("tls1_3"); + #Test 3: Check that sending multiple compression methods in a TLSv1.3 + # ClientHello fails + $proxy->clear(); + $proxy->filter(\&add_comp_filter); + $testtype = MULTIPLE_COMPRESSIONS; + $proxy->start(); + ok(TLSProxy::Message->fail(), "Non null compression (TLSv1.3)"); + + #Test 4: NULL compression method must be present in TLSv1.3 + $proxy->clear(); + $testtype = NON_NULL_COMPRESSION; + $proxy->start(); + ok(TLSProxy::Message->fail(), "NULL compression missing (TLSv1.3)"); +} + +sub add_comp_filter +{ + my $proxy = shift; + my $flight; + my $message; + my @comp; + + # Only look at the ClientHello + return if $proxy->flight != 0; + + $message = ${$proxy->message_list}[0]; + + return if (!defined $message + || $message->mt != TLSProxy::Message::MT_CLIENT_HELLO); + + if ($testtype == MULTIPLE_COMPRESSIONS) { + @comp = ( + 0x00, #Null compression method + 0xff); #Unknown compression + } elsif ($testtype == NON_NULL_COMPRESSION) { + @comp = (0xff); #Unknown compression + } + $message->comp_meths(\@comp); + $message->comp_meth_len(scalar @comp); + $message->repack(); +} diff --git a/deps/openssl/openssl/test/recipes/70-test_key_share.t b/deps/openssl/openssl/test/recipes/70-test_key_share.t new file mode 100644 index 00000000000000..9d2f8c18a34f7e --- /dev/null +++ b/deps/openssl/openssl/test/recipes/70-test_key_share.t @@ -0,0 +1,386 @@ +#! /usr/bin/env perl +# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/; +use OpenSSL::Test::Utils; +use TLSProxy::Proxy; +use File::Temp qw(tempfile); + +use constant { + LOOK_ONLY => 0, + EMPTY_EXTENSION => 1, + MISSING_EXTENSION => 2, + NO_ACCEPTABLE_KEY_SHARES => 3, + NON_PREFERRED_KEY_SHARE => 4, + ACCEPTABLE_AT_END => 5, + NOT_IN_SUPPORTED_GROUPS => 6, + GROUP_ID_TOO_SHORT => 7, + KEX_LEN_MISMATCH => 8, + ZERO_LEN_KEX_DATA => 9, + TRAILING_DATA => 10, + SELECT_X25519 => 11, + NO_KEY_SHARES_IN_HRR => 12 +}; + +use constant { + CLIENT_TO_SERVER => 1, + SERVER_TO_CLIENT => 2 +}; + + +use constant { + X25519 => 0x1d, + P_256 => 0x17 +}; + +my $testtype; +my $direction; +my $selectedgroupid; + +my $test_name = "test_key_share"; +setup($test_name); + +plan skip_all => "TLSProxy isn't usable on $^O" + if $^O =~ /^(VMS)$/; + +plan skip_all => "$test_name needs the dynamic engine feature enabled" + if disabled("engine") || disabled("dynamic-engine"); + +plan skip_all => "$test_name needs the sock feature enabled" + if disabled("sock"); + +plan skip_all => "$test_name needs TLS1.3 enabled" + if disabled("tls1_3"); + +$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; + +my $proxy = TLSProxy::Proxy->new( + undef, + cmdstr(app(["openssl"]), display => 1), + srctop_file("apps", "server.pem"), + (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) +); + +#We assume that test_ssl_new and friends will test the happy path for this, +#so we concentrate on the less common scenarios + +#Test 1: An empty key_shares extension should succeed after a HelloRetryRequest +$testtype = EMPTY_EXTENSION; +$direction = CLIENT_TO_SERVER; +$proxy->filter(\&modify_key_shares_filter); +$proxy->serverflags("-curves P-256"); +$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; +plan tests => 22; +ok(TLSProxy::Message->success(), "Success after HRR"); + +#Test 2: The server sending an HRR requesting a group the client already sent +# should fail +$proxy->clear(); +$proxy->start(); +ok(TLSProxy::Message->fail(), "Server asks for group already provided"); + +#Test 3: A missing key_shares extension should not succeed +$proxy->clear(); +$testtype = MISSING_EXTENSION; +$proxy->start(); +ok(TLSProxy::Message->fail(), "Missing key_shares extension"); + +#Test 4: No initial acceptable key_shares should succeed after a +# HelloRetryRequest +$proxy->clear(); +$proxy->filter(undef); +$proxy->serverflags("-curves P-256"); +$proxy->start(); +ok(TLSProxy::Message->success(), "No initial acceptable key_shares"); + +#Test 5: No acceptable key_shares and no shared groups should fail +$proxy->clear(); +$proxy->filter(undef); +$proxy->serverflags("-curves P-256"); +$proxy->clientflags("-curves P-384"); +$proxy->start(); +ok(TLSProxy::Message->fail(), "No acceptable key_shares"); + +#Test 6: A non preferred but acceptable key_share should succeed +$proxy->clear(); +$proxy->clientflags("-curves P-256"); +$proxy->start(); +ok(TLSProxy::Message->success(), "Non preferred key_share"); +$proxy->filter(\&modify_key_shares_filter); + +#Test 7: An acceptable key_share after a list of non-acceptable ones should +#succeed +$proxy->clear(); +$testtype = ACCEPTABLE_AT_END; +$proxy->start(); +ok(TLSProxy::Message->success(), "Acceptable key_share at end of list"); + +#Test 8: An acceptable key_share but for a group not in supported_groups should +#fail +$proxy->clear(); +$testtype = NOT_IN_SUPPORTED_GROUPS; +$proxy->start(); +ok(TLSProxy::Message->fail(), "Acceptable key_share not in supported_groups"); + +#Test 9: Too short group_id should fail +$proxy->clear(); +$testtype = GROUP_ID_TOO_SHORT; +$proxy->start(); +ok(TLSProxy::Message->fail(), "Group id too short"); + +#Test 10: key_exchange length mismatch should fail +$proxy->clear(); +$testtype = KEX_LEN_MISMATCH; +$proxy->start(); +ok(TLSProxy::Message->fail(), "key_exchange length mismatch"); + +#Test 11: Zero length key_exchange should fail +$proxy->clear(); +$testtype = ZERO_LEN_KEX_DATA; +$proxy->start(); +ok(TLSProxy::Message->fail(), "zero length key_exchange data"); + +#Test 12: Trailing data on key_share list should fail +$proxy->clear(); +$testtype = TRAILING_DATA; +$proxy->start(); +ok(TLSProxy::Message->fail(), "key_share list trailing data"); + +#Test 13: Multiple acceptable key_shares - we choose the first one +$proxy->clear(); +$direction = SERVER_TO_CLIENT; +$testtype = LOOK_ONLY; +$proxy->clientflags("-curves P-256:X25519"); +$proxy->start(); +ok(TLSProxy::Message->success() && ($selectedgroupid == P_256), + "Multiple acceptable key_shares"); + +#Test 14: Multiple acceptable key_shares - we choose the first one (part 2) +$proxy->clear(); +$proxy->clientflags("-curves X25519:P-256"); +$proxy->start(); +ok(TLSProxy::Message->success() && ($selectedgroupid == X25519), + "Multiple acceptable key_shares (part 2)"); + +#Test 15: Server sends key_share that wasn't offered should fail +$proxy->clear(); +$testtype = SELECT_X25519; +$proxy->clientflags("-curves P-256"); +$proxy->start(); +ok(TLSProxy::Message->fail(), "Non offered key_share"); + +#Test 16: Too short group_id in ServerHello should fail +$proxy->clear(); +$testtype = GROUP_ID_TOO_SHORT; +$proxy->start(); +ok(TLSProxy::Message->fail(), "Group id too short in ServerHello"); + +#Test 17: key_exchange length mismatch in ServerHello should fail +$proxy->clear(); +$testtype = KEX_LEN_MISMATCH; +$proxy->start(); +ok(TLSProxy::Message->fail(), "key_exchange length mismatch in ServerHello"); + +#Test 18: Zero length key_exchange in ServerHello should fail +$proxy->clear(); +$testtype = ZERO_LEN_KEX_DATA; +$proxy->start(); +ok(TLSProxy::Message->fail(), "zero length key_exchange data in ServerHello"); + +#Test 19: Trailing data on key_share in ServerHello should fail +$proxy->clear(); +$testtype = TRAILING_DATA; +$proxy->start(); +ok(TLSProxy::Message->fail(), "key_share trailing data in ServerHello"); + +SKIP: { + skip "No TLSv1.2 support in this OpenSSL build", 2 if disabled("tls1_2"); + + #Test 20: key_share should not be sent if the client is not capable of + # negotiating TLSv1.3 + $proxy->clear(); + $proxy->filter(undef); + $proxy->clientflags("-no_tls1_3"); + $proxy->start(); + my $clienthello = $proxy->message_list->[0]; + ok(TLSProxy::Message->success() + && !defined $clienthello->extension_data->{TLSProxy::Message::EXT_KEY_SHARE}, + "No key_share for TLS<=1.2 client"); + $proxy->filter(\&modify_key_shares_filter); + + #Test 21: A server not capable of negotiating TLSv1.3 should not attempt to + # process a key_share + $proxy->clear(); + $direction = CLIENT_TO_SERVER; + $testtype = NO_ACCEPTABLE_KEY_SHARES; + $proxy->serverflags("-no_tls1_3"); + $proxy->start(); + ok(TLSProxy::Message->success(), "Ignore key_share for TLS<=1.2 server"); +} + +#Test 22: The server sending an HRR but not requesting a new key_share should +# fail +$proxy->clear(); +$direction = SERVER_TO_CLIENT; +$testtype = NO_KEY_SHARES_IN_HRR; +$proxy->serverflags("-curves X25519"); +$proxy->start(); +ok(TLSProxy::Message->fail(), "Server sends HRR with no key_shares"); + +sub modify_key_shares_filter +{ + my $proxy = shift; + + # We're only interested in the initial ClientHello + if (($direction == CLIENT_TO_SERVER && $proxy->flight != 0 + && ($proxy->flight != 1 || $testtype != NO_KEY_SHARES_IN_HRR)) + || ($direction == SERVER_TO_CLIENT && $proxy->flight != 1)) { + return; + } + + foreach my $message (@{$proxy->message_list}) { + if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO + && $direction == CLIENT_TO_SERVER) { + my $ext; + my $suppgroups; + + #Setup supported groups to include some unrecognised groups + $suppgroups = pack "C8", + 0x00, 0x06, #List Length + 0xff, 0xfe, #Non existing group 1 + 0xff, 0xff, #Non existing group 2 + 0x00, 0x1d; #x25519 + + if ($testtype == EMPTY_EXTENSION) { + $ext = pack "C2", + 0x00, 0x00; + } elsif ($testtype == NO_ACCEPTABLE_KEY_SHARES) { + $ext = pack "C12", + 0x00, 0x0a, #List Length + 0xff, 0xfe, #Non existing group 1 + 0x00, 0x01, 0xff, #key_exchange data + 0xff, 0xff, #Non existing group 2 + 0x00, 0x01, 0xff; #key_exchange data + } elsif ($testtype == ACCEPTABLE_AT_END) { + $ext = pack "C11H64", + 0x00, 0x29, #List Length + 0xff, 0xfe, #Non existing group 1 + 0x00, 0x01, 0xff, #key_exchange data + 0x00, 0x1d, #x25519 + 0x00, 0x20, #key_exchange data length + "155155B95269ED5C87EAA99C2EF5A593". + "EDF83495E80380089F831B94D14B1421"; #key_exchange data + } elsif ($testtype == NOT_IN_SUPPORTED_GROUPS) { + $suppgroups = pack "C4", + 0x00, 0x02, #List Length + 0x00, 0xfe; #Non existing group 1 + } elsif ($testtype == GROUP_ID_TOO_SHORT) { + $ext = pack "C6H64C1", + 0x00, 0x25, #List Length + 0x00, 0x1d, #x25519 + 0x00, 0x20, #key_exchange data length + "155155B95269ED5C87EAA99C2EF5A593". + "EDF83495E80380089F831B94D14B1421"; #key_exchange data + 0x00; #Group id too short + } elsif ($testtype == KEX_LEN_MISMATCH) { + $ext = pack "C8", + 0x00, 0x06, #List Length + 0x00, 0x1d, #x25519 + 0x00, 0x20, #key_exchange data length + 0x15, 0x51; #Only two bytes of data, but length should be 32 + } elsif ($testtype == ZERO_LEN_KEX_DATA) { + $ext = pack "C10H64", + 0x00, 0x28, #List Length + 0xff, 0xfe, #Non existing group 1 + 0x00, 0x00, #zero length key_exchange data is invalid + 0x00, 0x1d, #x25519 + 0x00, 0x20, #key_exchange data length + "155155B95269ED5C87EAA99C2EF5A593". + "EDF83495E80380089F831B94D14B1421"; #key_exchange data + } elsif ($testtype == TRAILING_DATA) { + $ext = pack "C6H64C1", + 0x00, 0x24, #List Length + 0x00, 0x1d, #x25519 + 0x00, 0x20, #key_exchange data length + "155155B95269ED5C87EAA99C2EF5A593". + "EDF83495E80380089F831B94D14B1421", #key_exchange data + 0x00; #Trailing garbage + } elsif ($testtype == NO_KEY_SHARES_IN_HRR) { + #We trick the server into thinking we sent a P-256 key_share - + #but the client actually sent X25519 + $ext = pack "C7", + 0x00, 0x05, #List Length + 0x00, 0x17, #P-256 + 0x00, 0x01, #key_exchange data length + 0xff; #Dummy key_share data + } + + if ($testtype != EMPTY_EXTENSION + && $testtype != NO_KEY_SHARES_IN_HRR) { + $message->set_extension( + TLSProxy::Message::EXT_SUPPORTED_GROUPS, $suppgroups); + } + + if ($testtype == MISSING_EXTENSION) { + $message->delete_extension( + TLSProxy::Message::EXT_KEY_SHARE); + } elsif ($testtype != NOT_IN_SUPPORTED_GROUPS) { + $message->set_extension( + TLSProxy::Message::EXT_KEY_SHARE, $ext); + } + + $message->repack(); + } elsif ($message->mt == TLSProxy::Message::MT_SERVER_HELLO + && $direction == SERVER_TO_CLIENT) { + my $ext; + my $key_share = + $message->extension_data->{TLSProxy::Message::EXT_KEY_SHARE}; + $selectedgroupid = unpack("n", $key_share); + + if ($testtype == LOOK_ONLY) { + return; + } + if ($testtype == NO_KEY_SHARES_IN_HRR) { + $message->delete_extension(TLSProxy::Message::EXT_KEY_SHARE); + $message->set_extension(TLSProxy::Message::EXT_UNKNOWN, ""); + $message->repack(); + return; + } + if ($testtype == SELECT_X25519) { + $ext = pack "C4H64", + 0x00, 0x1d, #x25519 + 0x00, 0x20, #key_exchange data length + "155155B95269ED5C87EAA99C2EF5A593". + "EDF83495E80380089F831B94D14B1421"; #key_exchange data + } elsif ($testtype == GROUP_ID_TOO_SHORT) { + $ext = pack "C1", + 0x00; + } elsif ($testtype == KEX_LEN_MISMATCH) { + $ext = pack "C6", + 0x00, 0x1d, #x25519 + 0x00, 0x20, #key_exchange data length + 0x15, 0x51; #Only two bytes of data, but length should be 32 + } elsif ($testtype == ZERO_LEN_KEX_DATA) { + $ext = pack "C4", + 0x00, 0x1d, #x25519 + 0x00, 0x00, #zero length key_exchange data is invalid + } elsif ($testtype == TRAILING_DATA) { + $ext = pack "C4H64C1", + 0x00, 0x1d, #x25519 + 0x00, 0x20, #key_exchange data length + "155155B95269ED5C87EAA99C2EF5A593". + "EDF83495E80380089F831B94D14B1421", #key_exchange data + 0x00; #Trailing garbage + } + $message->set_extension(TLSProxy::Message::EXT_KEY_SHARE, $ext); + + $message->repack(); + } + } +} diff --git a/deps/openssl/openssl/test/recipes/70-test_recordlen.t b/deps/openssl/openssl/test/recipes/70-test_recordlen.t new file mode 100644 index 00000000000000..12647a212a70eb --- /dev/null +++ b/deps/openssl/openssl/test/recipes/70-test_recordlen.t @@ -0,0 +1,21 @@ +#! /usr/bin/env perl +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Utils; +use OpenSSL::Test qw/:DEFAULT srctop_file/; + +setup("test_recordlen"); + +plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build" + if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls")); + +plan tests => 1; + +ok(run(test(["recordlentest", srctop_file("apps", "server.pem"), + srctop_file("apps", "server.pem")])), "running recordlentest"); diff --git a/deps/openssl/openssl/test/recipes/70-test_renegotiation.t b/deps/openssl/openssl/test/recipes/70-test_renegotiation.t new file mode 100644 index 00000000000000..734f1cd21e6d05 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/70-test_renegotiation.t @@ -0,0 +1,98 @@ +#! /usr/bin/env perl +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/; +use OpenSSL::Test::Utils; +use TLSProxy::Proxy; + +my $test_name = "test_renegotiation"; +setup($test_name); + +plan skip_all => "TLSProxy isn't usable on $^O" + if $^O =~ /^(VMS)$/; + +plan skip_all => "$test_name needs the dynamic engine feature enabled" + if disabled("engine") || disabled("dynamic-engine"); + +plan skip_all => "$test_name needs the sock feature enabled" + if disabled("sock"); + +plan skip_all => "$test_name needs TLS <= 1.2 enabled" + if alldisabled(("ssl3", "tls1", "tls1_1", "tls1_2")); + +$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; +my $proxy = TLSProxy::Proxy->new( + undef, + cmdstr(app(["openssl"]), display => 1), + srctop_file("apps", "server.pem"), + (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) +); + +#Test 1: A basic renegotiation test +$proxy->clientflags("-no_tls1_3"); +$proxy->reneg(1); +$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; +plan tests => 3; +ok(TLSProxy::Message->success(), "Basic renegotiation"); + +#Test 2: Client does not send the Reneg SCSV. Reneg should fail +$proxy->clear(); +$proxy->filter(\&reneg_filter); +$proxy->clientflags("-no_tls1_3"); +$proxy->reneg(1); +$proxy->start(); +ok(TLSProxy::Message->fail(), "No client SCSV"); + +SKIP: { + skip "TLSv1.2 or TLSv1.1 disabled", 1 + if disabled("tls1_2") || disabled("tls1_1"); + #Test 3: Check that the ClientHello version remains the same in the reneg + # handshake + $proxy->clear(); + $proxy->filter(undef); + $proxy->clientflags("-no_tls1_3"); + $proxy->serverflags("-no_tls1_3 -no_tls1_2"); + $proxy->reneg(1); + $proxy->start(); + my $chversion; + my $chmatch = 0; + foreach my $message (@{$proxy->message_list}) { + if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { + if (!defined $chversion) { + $chversion = $message->client_version; + } else { + if ($chversion == $message->client_version) { + $chmatch = 1; + } + } + } + } + ok(TLSProxy::Message->success() && $chmatch, + "Check ClientHello version is the same"); +} + +sub reneg_filter +{ + my $proxy = shift; + + # We're only interested in the initial ClientHello message + if ($proxy->flight != 0) { + return; + } + + foreach my $message (@{$proxy->message_list}) { + if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { + #Remove any SCSV ciphersuites - just leave AES128-SHA (0x002f) + my @ciphersuite = (0x002f); + $message->ciphersuites(\@ciphersuite); + $message->ciphersuite_len(2); + $message->repack(); + } + } +} diff --git a/deps/openssl/openssl/test/recipes/70-test_servername.t b/deps/openssl/openssl/test/recipes/70-test_servername.t new file mode 100644 index 00000000000000..2eff92aa5f175e --- /dev/null +++ b/deps/openssl/openssl/test/recipes/70-test_servername.t @@ -0,0 +1,26 @@ +#! /usr/bin/env perl +# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017 BaishanCloud. All rights reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use warnings; + +use OpenSSL::Test::Simple; +use OpenSSL::Test qw/:DEFAULT srctop_file/; +use OpenSSL::Test::Utils qw(alldisabled available_protocols); + +setup("test_servername"); + +plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build" + if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls")); + +plan tests => 1; + +ok(run(test(["servername_test", srctop_file("apps", "server.pem"), + srctop_file("apps", "server.pem")])), + "running servername_test"); diff --git a/deps/openssl/openssl/test/recipes/70-test_sslcbcpadding.t b/deps/openssl/openssl/test/recipes/70-test_sslcbcpadding.t index 6d296db001ce08..55943764be4e48 100644 --- a/deps/openssl/openssl/test/recipes/70-test_sslcbcpadding.t +++ b/deps/openssl/openssl/test/recipes/70-test_sslcbcpadding.t @@ -7,6 +7,8 @@ # https://www.openssl.org/source/license.html use strict; +use feature 'state'; + use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/; use OpenSSL::Test::Utils; use TLSProxy::Proxy; @@ -40,25 +42,32 @@ my @test_offsets = (0, 128, 254, 255); # Test that maximally-padded records are accepted. my $bad_padding_offset = -1; +$proxy->serverflags("-tls1_2"); +$proxy->serverconnects(1 + scalar(@test_offsets)); $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; plan tests => 1 + scalar(@test_offsets); ok(TLSProxy::Message->success(), "Maximally-padded record test"); # Test that invalid padding is rejected. +my $fatal_alert; # set by add_maximal_padding_filter on client's fatal alert + foreach my $offset (@test_offsets) { - $proxy->clear(); $bad_padding_offset = $offset; - $proxy->start(); - ok(TLSProxy::Message->fail(), "Invalid padding byte $bad_padding_offset"); + $fatal_alert = 0; + $proxy->clearClient(); + $proxy->clientstart(); + ok($fatal_alert, "Invalid padding byte $bad_padding_offset"); } sub add_maximal_padding_filter { my $proxy = shift; + my $messages = $proxy->message_list; + state $sent_corrupted_payload; if ($proxy->flight == 0) { # Disable Encrypt-then-MAC. - foreach my $message (@{$proxy->message_list}) { + foreach my $message (@{$messages}) { if ($message->mt != TLSProxy::Message::MT_CLIENT_HELLO) { next; } @@ -67,9 +76,16 @@ sub add_maximal_padding_filter $message->process_extensions(); $message->repack(); } + $sent_corrupted_payload = 0; + return; } - if ($proxy->flight == 3) { + my $last_message = @{$messages}[-1]; + if (defined($last_message) + && $last_message->server + && $last_message->mt == TLSProxy::Message::MT_FINISHED + && !@{$last_message->records}[0]->{sent}) { + # Insert a maximally-padded record. Assume a block size of 16 (AES) and # a MAC length of 20 (SHA-1). my $block_size = 16; @@ -86,6 +102,7 @@ sub add_maximal_padding_filter # Add padding. for (my $i = 0; $i < 256; $i++) { if ($i == $bad_padding_offset) { + $sent_corrupted_payload = 1; $data .= "\xfe"; } else { $data .= "\xff"; @@ -106,5 +123,9 @@ sub add_maximal_padding_filter # Send the record immediately after the server Finished. push @{$proxy->record_list}, $record; + } elsif ($sent_corrupted_payload) { + # Check for bad_record_mac from client + my $last_record = @{$proxy->record_list}[-1]; + $fatal_alert = 1 if $last_record->is_fatal_alert(0) == 20; } } diff --git a/deps/openssl/openssl/test/recipes/70-test_sslcertstatus.t b/deps/openssl/openssl/test/recipes/70-test_sslcertstatus.t index 104ee9c31b512b..6fd89feaf75ea3 100644 --- a/deps/openssl/openssl/test/recipes/70-test_sslcertstatus.t +++ b/deps/openssl/openssl/test/recipes/70-test_sslcertstatus.t @@ -27,7 +27,8 @@ plan skip_all => "$test_name needs the ocsp feature enabled" if disabled("ocsp"); plan skip_all => "$test_name needs TLS enabled" - if alldisabled(available_protocols("tls")); + if alldisabled(available_protocols("tls")) + || (!disabled("tls1_3") && disabled("tls1_2")); $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; my $proxy = TLSProxy::Proxy->new( @@ -39,7 +40,7 @@ my $proxy = TLSProxy::Proxy->new( #Test 1: Sending a status_request extension in both ClientHello and #ServerHello but then omitting the CertificateStatus message is valid -$proxy->clientflags("-status"); +$proxy->clientflags("-status -no_tls1_3"); $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; plan tests => 1; ok(TLSProxy::Message->success, "Missing CertificateStatus message"); diff --git a/deps/openssl/openssl/test/recipes/70-test_sslextension.t b/deps/openssl/openssl/test/recipes/70-test_sslextension.t index 8d6ccc6ab368de..20e1933f005416 100644 --- a/deps/openssl/openssl/test/recipes/70-test_sslextension.t +++ b/deps/openssl/openssl/test/recipes/70-test_sslextension.t @@ -7,6 +7,8 @@ # https://www.openssl.org/source/license.html use strict; +use feature 'state'; + use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/; use OpenSSL::Test::Utils; use TLSProxy::Proxy; @@ -26,23 +28,41 @@ plan skip_all => "$test_name needs the sock feature enabled" plan skip_all => "$test_name needs TLS enabled" if alldisabled(available_protocols("tls")); +my $no_below_tls13 = alldisabled(("tls1", "tls1_1", "tls1_2")) + || (!disabled("tls1_3") && disabled("tls1_2")); + +use constant { + UNSOLICITED_SERVER_NAME => 0, + UNSOLICITED_SERVER_NAME_TLS13 => 1, + UNSOLICITED_SCT => 2, + NONCOMPLIANT_SUPPORTED_GROUPS => 3 +}; + +my $testtype; +my $fatal_alert = 0; # set by filter on fatal alert + $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; my $proxy = TLSProxy::Proxy->new( - \&extension_filter, + \&inject_duplicate_extension_clienthello, cmdstr(app(["openssl"]), display => 1), srctop_file("apps", "server.pem"), (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) ); -# Test 1: Sending a zero length extension block should pass -$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; -plan tests => 3; -ok(TLSProxy::Message->success, "Zero extension length test"); sub extension_filter { my $proxy = shift; + if ($proxy->flight == 1) { + # Change the ServerRandom so that the downgrade sentinel doesn't cause + # the connection to fail + my $message = ${$proxy->message_list}[1]; + $message->random("\0"x32); + $message->repack(); + return; + } + # We're only interested in the initial ClientHello if ($proxy->flight != 0) { return; @@ -61,7 +81,6 @@ sub extension_filter } } -# Test 2-3: Sending a duplicate extension should fail. sub inject_duplicate_extension { my ($proxy, $message_type) = @_; @@ -82,11 +101,13 @@ sub inject_duplicate_extension_clienthello my $proxy = shift; # We're only interested in the initial ClientHello - if ($proxy->flight != 0) { + if ($proxy->flight == 0) { + inject_duplicate_extension($proxy, TLSProxy::Message::MT_CLIENT_HELLO); return; } - inject_duplicate_extension($proxy, TLSProxy::Message::MT_CLIENT_HELLO); + my $last_record = @{$proxy->{record_list}}[-1]; + $fatal_alert = 1 if $last_record->is_fatal_alert(1); } sub inject_duplicate_extension_serverhello @@ -94,19 +115,122 @@ sub inject_duplicate_extension_serverhello my $proxy = shift; # We're only interested in the initial ServerHello + if ($proxy->flight == 0) { + return; + } elsif ($proxy->flight == 1) { + inject_duplicate_extension($proxy, TLSProxy::Message::MT_SERVER_HELLO); + return; + } + + my $last_record = @{$proxy->{record_list}}[-1]; + $fatal_alert = 1 if $last_record->is_fatal_alert(0); +} + +sub inject_unsolicited_extension +{ + my $proxy = shift; + my $message; + state $sent_unsolisited_extension; + + if ($proxy->flight == 0) { + $sent_unsolisited_extension = 0; + return; + } + + # We're only interested in the initial ServerHello/EncryptedExtensions if ($proxy->flight != 1) { + if ($sent_unsolisited_extension) { + my $last_record = @{$proxy->record_list}[-1]; + $fatal_alert = 1 if $last_record->is_fatal_alert(0); + } return; } - inject_duplicate_extension($proxy, TLSProxy::Message::MT_SERVER_HELLO); + if ($testtype == UNSOLICITED_SERVER_NAME_TLS13) { + return if (!defined($message = ${$proxy->message_list}[2])); + die "Expecting EE message ".($message->mt)."," + .${$proxy->message_list}[1]->mt.", " + .${$proxy->message_list}[3]->mt + if $message->mt != TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS; + } else { + $message = ${$proxy->message_list}[1]; + } + + my $ext = pack "C2", + 0x00, 0x00; #Extension length + + my $type; + if ($testtype == UNSOLICITED_SERVER_NAME + || $testtype == UNSOLICITED_SERVER_NAME_TLS13) { + $type = TLSProxy::Message::EXT_SERVER_NAME; + } elsif ($testtype == UNSOLICITED_SCT) { + $type = TLSProxy::Message::EXT_SCT; + } elsif ($testtype == NONCOMPLIANT_SUPPORTED_GROUPS) { + $type = TLSProxy::Message::EXT_SUPPORTED_GROUPS; + } + $message->set_extension($type, $ext); + $message->repack(); + $sent_unsolisited_extension = 1; } -$proxy->clear(); -$proxy->filter(\&inject_duplicate_extension_clienthello); -$proxy->start(); -ok(TLSProxy::Message->fail(), "Duplicate ClientHello extension"); +# Test 1-2: Sending a duplicate extension should fail. +$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; +plan tests => 7; +ok($fatal_alert, "Duplicate ClientHello extension"); +$fatal_alert = 0; $proxy->clear(); $proxy->filter(\&inject_duplicate_extension_serverhello); $proxy->start(); -ok(TLSProxy::Message->fail(), "Duplicate ServerHello extension"); +ok($fatal_alert, "Duplicate ServerHello extension"); + +SKIP: { + skip "TLS <= 1.2 disabled", 3 if $no_below_tls13; + + #Test 3: Sending a zero length extension block should pass + $proxy->clear(); + $proxy->filter(\&extension_filter); + $proxy->start(); + ok(TLSProxy::Message->success, "Zero extension length test"); + + #Test 4: Inject an unsolicited extension (<= TLSv1.2) + $fatal_alert = 0; + $proxy->clear(); + $proxy->filter(\&inject_unsolicited_extension); + $testtype = UNSOLICITED_SERVER_NAME; + $proxy->clientflags("-no_tls1_3 -noservername"); + $proxy->start(); + ok($fatal_alert, "Unsolicited server name extension"); + + #Test 5: Inject a noncompliant supported_groups extension (<= TLSv1.2) + $proxy->clear(); + $proxy->filter(\&inject_unsolicited_extension); + $testtype = NONCOMPLIANT_SUPPORTED_GROUPS; + $proxy->clientflags("-no_tls1_3"); + $proxy->start(); + ok(TLSProxy::Message->success(), "Noncompliant supported_groups extension"); +} + +SKIP: { + skip "TLS <= 1.2 or CT disabled", 1 + if $no_below_tls13 || disabled("ct"); + #Test 6: Same as above for the SCT extension which has special handling + $fatal_alert = 0; + $proxy->clear(); + $testtype = UNSOLICITED_SCT; + $proxy->clientflags("-no_tls1_3"); + $proxy->start(); + ok($fatal_alert, "Unsolicited sct extension"); +} + +SKIP: { + skip "TLS 1.3 disabled", 1 if disabled("tls1_3"); + #Test 7: Inject an unsolicited extension (TLSv1.3) + $fatal_alert = 0; + $proxy->clear(); + $proxy->filter(\&inject_unsolicited_extension); + $testtype = UNSOLICITED_SERVER_NAME_TLS13; + $proxy->clientflags("-noservername"); + $proxy->start(); + ok($fatal_alert, "Unsolicited server name extension (TLSv1.3)"); +} diff --git a/deps/openssl/openssl/test/recipes/70-test_sslmessages.t b/deps/openssl/openssl/test/recipes/70-test_sslmessages.t index b4631ea39cd291..1e4676973a94e9 100644 --- a/deps/openssl/openssl/test/recipes/70-test_sslmessages.t +++ b/deps/openssl/openssl/test/recipes/70-test_sslmessages.t @@ -7,11 +7,13 @@ # https://www.openssl.org/source/license.html use strict; -use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/; +use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file srctop_dir bldtop_dir/; use OpenSSL::Test::Utils; use File::Temp qw(tempfile); use TLSProxy::Proxy; -my $test_name = "test_tls13messages"; +use checkhandshake qw(checkhandshake @handmessages @extensions); + +my $test_name = "test_sslmessages"; setup($test_name); plan skip_all => "TLSProxy isn't usable on $^O" @@ -24,44 +26,11 @@ plan skip_all => "$test_name needs the sock feature enabled" if disabled("sock"); plan skip_all => "$test_name needs TLS enabled" - if alldisabled(available_protocols("tls")); + if alldisabled(available_protocols("tls")) + || (!disabled("tls1_3") && disabled("tls1_2")); $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; - -use constant { - DEFAULT_HANDSHAKE => 1, - OCSP_HANDSHAKE => 2, - RESUME_HANDSHAKE => 4, - CLIENT_AUTH_HANDSHAKE => 8, - RENEG_HANDSHAKE => 16, - - ALL_HANDSHAKES => 31 -}; - -my @handmessages = ( - [TLSProxy::Message::MT_CLIENT_HELLO, ALL_HANDSHAKES], - [TLSProxy::Message::MT_SERVER_HELLO, ALL_HANDSHAKES], - [TLSProxy::Message::MT_CERTIFICATE, ALL_HANDSHAKES & ~RESUME_HANDSHAKE], - [TLSProxy::Message::MT_CERTIFICATE_STATUS, OCSP_HANDSHAKE], - #ServerKeyExchange handshakes not currently supported by TLSProxy - [TLSProxy::Message::MT_CERTIFICATE_REQUEST, CLIENT_AUTH_HANDSHAKE], - [TLSProxy::Message::MT_SERVER_HELLO_DONE, ALL_HANDSHAKES & ~RESUME_HANDSHAKE], - [TLSProxy::Message::MT_CERTIFICATE, CLIENT_AUTH_HANDSHAKE], - [TLSProxy::Message::MT_CLIENT_KEY_EXCHANGE, ALL_HANDSHAKES & ~RESUME_HANDSHAKE], - [TLSProxy::Message::MT_CERTIFICATE_VERIFY, CLIENT_AUTH_HANDSHAKE], - [TLSProxy::Message::MT_FINISHED, ALL_HANDSHAKES], - [TLSProxy::Message::MT_NEW_SESSION_TICKET, ALL_HANDSHAKES & ~RESUME_HANDSHAKE], - [TLSProxy::Message::MT_FINISHED, ALL_HANDSHAKES], - [TLSProxy::Message::MT_CLIENT_HELLO, RENEG_HANDSHAKE], - [TLSProxy::Message::MT_SERVER_HELLO, RENEG_HANDSHAKE], - [TLSProxy::Message::MT_CERTIFICATE, RENEG_HANDSHAKE], - [TLSProxy::Message::MT_SERVER_HELLO_DONE, RENEG_HANDSHAKE], - [TLSProxy::Message::MT_CLIENT_KEY_EXCHANGE, RENEG_HANDSHAKE], - [TLSProxy::Message::MT_FINISHED, RENEG_HANDSHAKE], - [TLSProxy::Message::MT_NEW_SESSION_TICKET, RENEG_HANDSHAKE], - [TLSProxy::Message::MT_FINISHED, RENEG_HANDSHAKE], - [0, 0] -); +$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); my $proxy = TLSProxy::Proxy->new( undef, @@ -70,78 +39,369 @@ my $proxy = TLSProxy::Proxy->new( (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) ); -sub checkmessages($$); +@handmessages = ( + [TLSProxy::Message::MT_CLIENT_HELLO, + checkhandshake::ALL_HANDSHAKES], + [TLSProxy::Message::MT_SERVER_HELLO, + checkhandshake::ALL_HANDSHAKES], + [TLSProxy::Message::MT_CERTIFICATE, + checkhandshake::ALL_HANDSHAKES + & ~checkhandshake::RESUME_HANDSHAKE], + (disabled("ec") ? () : + [TLSProxy::Message::MT_SERVER_KEY_EXCHANGE, + checkhandshake::EC_HANDSHAKE]), + [TLSProxy::Message::MT_CERTIFICATE_STATUS, + checkhandshake::OCSP_HANDSHAKE], + #ServerKeyExchange handshakes not currently supported by TLSProxy + [TLSProxy::Message::MT_CERTIFICATE_REQUEST, + checkhandshake::CLIENT_AUTH_HANDSHAKE], + [TLSProxy::Message::MT_SERVER_HELLO_DONE, + checkhandshake::ALL_HANDSHAKES + & ~checkhandshake::RESUME_HANDSHAKE], + [TLSProxy::Message::MT_CERTIFICATE, + checkhandshake::CLIENT_AUTH_HANDSHAKE], + [TLSProxy::Message::MT_CLIENT_KEY_EXCHANGE, + checkhandshake::ALL_HANDSHAKES + & ~checkhandshake::RESUME_HANDSHAKE], + [TLSProxy::Message::MT_CERTIFICATE_VERIFY, + checkhandshake::CLIENT_AUTH_HANDSHAKE], + [TLSProxy::Message::MT_NEXT_PROTO, + checkhandshake::NPN_HANDSHAKE], + [TLSProxy::Message::MT_FINISHED, + checkhandshake::ALL_HANDSHAKES], + [TLSProxy::Message::MT_NEW_SESSION_TICKET, + checkhandshake::ALL_HANDSHAKES + & ~checkhandshake::RESUME_HANDSHAKE], + [TLSProxy::Message::MT_FINISHED, + checkhandshake::ALL_HANDSHAKES], + [TLSProxy::Message::MT_CLIENT_HELLO, + checkhandshake::RENEG_HANDSHAKE], + [TLSProxy::Message::MT_SERVER_HELLO, + checkhandshake::RENEG_HANDSHAKE], + [TLSProxy::Message::MT_CERTIFICATE, + checkhandshake::RENEG_HANDSHAKE], + [TLSProxy::Message::MT_SERVER_HELLO_DONE, + checkhandshake::RENEG_HANDSHAKE], + [TLSProxy::Message::MT_CLIENT_KEY_EXCHANGE, + checkhandshake::RENEG_HANDSHAKE], + [TLSProxy::Message::MT_FINISHED, + checkhandshake::RENEG_HANDSHAKE], + [TLSProxy::Message::MT_NEW_SESSION_TICKET, + checkhandshake::RENEG_HANDSHAKE], + [TLSProxy::Message::MT_FINISHED, + checkhandshake::RENEG_HANDSHAKE], + [0, 0] +); + +@extensions = ( + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME, + checkhandshake::SERVER_NAME_CLI_EXTENSION], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST, + checkhandshake::STATUS_REQUEST_CLI_EXTENSION], + (disabled("ec") ? () : + [TLSProxy::Message::MT_CLIENT_HELLO, + TLSProxy::Message::EXT_SUPPORTED_GROUPS, + checkhandshake::DEFAULT_EXTENSIONS]), + (disabled("ec") ? () : + [TLSProxy::Message::MT_CLIENT_HELLO, + TLSProxy::Message::EXT_EC_POINT_FORMATS, + checkhandshake::DEFAULT_EXTENSIONS]), + (disabled("tls1_2") ? () : + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS, + checkhandshake::DEFAULT_EXTENSIONS]), + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN, + checkhandshake::ALPN_CLI_EXTENSION], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT, + checkhandshake::SCT_CLI_EXTENSION], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_RENEGOTIATE, + checkhandshake::RENEGOTIATE_CLI_EXTENSION], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_NPN, + checkhandshake::NPN_CLI_EXTENSION], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SRP, + checkhandshake::SRP_CLI_EXTENSION], + + [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_RENEGOTIATE, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SESSION_TICKET, + checkhandshake::SESSION_TICKET_SRV_EXTENSION], + [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SERVER_NAME, + checkhandshake::SERVER_NAME_SRV_EXTENSION], + [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST, + checkhandshake::STATUS_REQUEST_SRV_EXTENSION], + [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_ALPN, + checkhandshake::ALPN_SRV_EXTENSION], + [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SCT, + checkhandshake::SCT_SRV_EXTENSION], + [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_NPN, + checkhandshake::NPN_SRV_EXTENSION], + [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS, + checkhandshake::EC_POINT_FORMAT_SRV_EXTENSION], + [0,0,0] +); #Test 1: Check we get all the right messages for a default handshake (undef, my $session) = tempfile(); $proxy->serverconnects(2); -$proxy->clientflags("-sess_out ".$session); +$proxy->clientflags("-no_tls1_3 -sess_out ".$session); $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; -plan tests => 5; -checkmessages(DEFAULT_HANDSHAKE, "Default handshake test"); +plan tests => 21; +checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS, + "Default handshake test"); #Test 2: Resumption handshake $proxy->clearClient(); -$proxy->clientflags("-sess_in ".$session); +$proxy->clientflags("-no_tls1_3 -sess_in ".$session); $proxy->clientstart(); -checkmessages(RESUME_HANDSHAKE, "Resumption handshake test"); +checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS + & ~checkhandshake::SESSION_TICKET_SRV_EXTENSION, + "Resumption handshake test"); unlink $session; -#Test 3: A client auth handshake +SKIP: { + skip "No OCSP support in this OpenSSL build", 3 + if disabled("ocsp"); + + #Test 3: A status_request handshake (client request only) + $proxy->clear(); + $proxy->clientflags("-no_tls1_3 -status"); + $proxy->start(); + checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS + | checkhandshake::STATUS_REQUEST_CLI_EXTENSION, + "status_request handshake test (client)"); + + #Test 4: A status_request handshake (server support only) + $proxy->clear(); + $proxy->clientflags("-no_tls1_3"); + $proxy->serverflags("-status_file " + .srctop_file("test", "recipes", "ocsp-response.der")); + $proxy->start(); + checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS, + "status_request handshake test (server)"); + + #Test 5: A status_request handshake (client and server) + $proxy->clear(); + $proxy->clientflags("-no_tls1_3 -status"); + $proxy->serverflags("-status_file " + .srctop_file("test", "recipes", "ocsp-response.der")); + $proxy->start(); + checkhandshake($proxy, checkhandshake::OCSP_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS + | checkhandshake::STATUS_REQUEST_CLI_EXTENSION + | checkhandshake::STATUS_REQUEST_SRV_EXTENSION, + "status_request handshake test"); +} + +#Test 6: A client auth handshake $proxy->clear(); -$proxy->clientflags("-cert ".srctop_file("apps", "server.pem")); +$proxy->clientflags("-no_tls1_3 -cert ".srctop_file("apps", "server.pem")); $proxy->serverflags("-Verify 5"); $proxy->start(); -checkmessages(CLIENT_AUTH_HANDSHAKE, "Client auth handshake test"); +checkhandshake($proxy, checkhandshake::CLIENT_AUTH_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS, + "Client auth handshake test"); -#Test 4: A handshake with a renegotiation +#Test 7: A handshake with a renegotiation $proxy->clear(); +$proxy->clientflags("-no_tls1_3"); $proxy->reneg(1); $proxy->start(); -checkmessages(RENEG_HANDSHAKE, "Renegotiation handshake test"); +checkhandshake($proxy, checkhandshake::RENEG_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS, + "Renegotiation handshake test"); -#Test 5: A handshake with a renegotiation and client auth +#Test 8: Server name handshake (no client request) $proxy->clear(); -$proxy->clientflags("-cert ".srctop_file("apps", "server.pem")); -$proxy->serverflags("-Verify 5"); -$proxy->reneg(1); +$proxy->clientflags("-no_tls1_3 -noservername"); +$proxy->start(); +checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS + & ~checkhandshake::SERVER_NAME_CLI_EXTENSION, + "Server name handshake test (client)"); + +#Test 9: Server name handshake (server support only) +$proxy->clear(); +$proxy->clientflags("-no_tls1_3 -noservername"); +$proxy->serverflags("-servername testhost"); +$proxy->start(); +checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS + & ~checkhandshake::SERVER_NAME_CLI_EXTENSION, + "Server name handshake test (server)"); + +#Test 10: Server name handshake (client and server) +$proxy->clear(); +$proxy->clientflags("-no_tls1_3 -servername testhost"); +$proxy->serverflags("-servername testhost"); +$proxy->start(); +checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS + | checkhandshake::SERVER_NAME_SRV_EXTENSION, + "Server name handshake test"); + +#Test 11: ALPN handshake (client request only) +$proxy->clear(); +$proxy->clientflags("-no_tls1_3 -alpn test"); +$proxy->start(); +checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS + | checkhandshake::ALPN_CLI_EXTENSION, + "ALPN handshake test (client)"); + +#Test 12: ALPN handshake (server support only) +$proxy->clear(); +$proxy->clientflags("-no_tls1_3"); +$proxy->serverflags("-alpn test"); +$proxy->start(); +checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS, + "ALPN handshake test (server)"); + +#Test 13: ALPN handshake (client and server) +$proxy->clear(); +$proxy->clientflags("-no_tls1_3 -alpn test"); +$proxy->serverflags("-alpn test"); $proxy->start(); -checkmessages(RENEG_HANDSHAKE | CLIENT_AUTH_HANDSHAKE, - "Renogitation and client auth handshake test"); - -sub checkmessages($$) -{ - my ($handtype, $testname) = @_; - - subtest $testname => sub { - my $loop = 0; - my $numtests; - - #First count the number of tests - for ($numtests = 0; $handmessages[$loop][1] != 0; $loop++) { - $numtests++ if (($handmessages[$loop][1] & $handtype) != 0); - } - - plan tests => $numtests; - - my $nextmess = 0; - my $message = undef; - for ($loop = 0; $handmessages[$loop][1] != 0; $loop++) { - next if (($handmessages[$loop][1] & $handtype) == 0); - if (scalar @{$proxy->message_list} > $nextmess) { - $message = ${$proxy->message_list}[$nextmess]; - $nextmess++; - } else { - $message = undef; - } - if (!defined $message) { - fail("Message type check. Got nothing, expected " - .$handmessages[$loop][0]); - } else { - ok($message->mt == $handmessages[$loop][0], - "Message type check. Got ".$message->mt - .", expected ".$handmessages[$loop][0]); - } - } - } +checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS + | checkhandshake::ALPN_CLI_EXTENSION + | checkhandshake::ALPN_SRV_EXTENSION, + "ALPN handshake test"); + +SKIP: { + skip "No CT, EC or OCSP support in this OpenSSL build", 1 + if disabled("ct") || disabled("ec") || disabled("ocsp"); + + #Test 14: SCT handshake (client request only) + $proxy->clear(); + #Note: -ct also sends status_request + $proxy->clientflags("-no_tls1_3 -ct"); + $proxy->serverflags("-status_file " + .srctop_file("test", "recipes", "ocsp-response.der")); + $proxy->start(); + checkhandshake($proxy, checkhandshake::OCSP_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS + | checkhandshake::SCT_CLI_EXTENSION + | checkhandshake::STATUS_REQUEST_CLI_EXTENSION + | checkhandshake::STATUS_REQUEST_SRV_EXTENSION, + "SCT handshake test (client)"); +} + +SKIP: { + skip "No OCSP support in this OpenSSL build", 1 + if disabled("ocsp"); + + #Test 15: SCT handshake (server support only) + $proxy->clear(); + #Note: -ct also sends status_request + $proxy->clientflags("-no_tls1_3"); + $proxy->serverflags("-status_file " + .srctop_file("test", "recipes", "ocsp-response.der")); + $proxy->start(); + checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS, + "SCT handshake test (server)"); +} + +SKIP: { + skip "No CT, EC or OCSP support in this OpenSSL build", 1 + if disabled("ct") || disabled("ec") || disabled("ocsp"); + + #Test 16: SCT handshake (client and server) + #There is no built-in server side support for this so we are actually also + #testing custom extensions here + $proxy->clear(); + #Note: -ct also sends status_request + $proxy->clientflags("-no_tls1_3 -ct"); + $proxy->serverflags("-status_file " + .srctop_file("test", "recipes", "ocsp-response.der") + ." -serverinfo ".srctop_file("test", "serverinfo.pem")); + $proxy->start(); + checkhandshake($proxy, checkhandshake::OCSP_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS + | checkhandshake::SCT_CLI_EXTENSION + | checkhandshake::SCT_SRV_EXTENSION + | checkhandshake::STATUS_REQUEST_CLI_EXTENSION + | checkhandshake::STATUS_REQUEST_SRV_EXTENSION, + "SCT handshake test"); +} + + +SKIP: { + skip "No NPN support in this OpenSSL build", 3 + if disabled("nextprotoneg"); + + #Test 17: NPN handshake (client request only) + $proxy->clear(); + $proxy->clientflags("-no_tls1_3 -nextprotoneg test"); + $proxy->start(); + checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS + | checkhandshake::NPN_CLI_EXTENSION, + "NPN handshake test (client)"); + + #Test 18: NPN handshake (server support only) + $proxy->clear(); + $proxy->clientflags("-no_tls1_3"); + $proxy->serverflags("-nextprotoneg test"); + $proxy->start(); + checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS, + "NPN handshake test (server)"); + + #Test 19: NPN handshake (client and server) + $proxy->clear(); + $proxy->clientflags("-no_tls1_3 -nextprotoneg test"); + $proxy->serverflags("-nextprotoneg test"); + $proxy->start(); + checkhandshake($proxy, checkhandshake::NPN_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS + | checkhandshake::NPN_CLI_EXTENSION + | checkhandshake::NPN_SRV_EXTENSION, + "NPN handshake test"); +} + +SKIP: { + skip "No SRP support in this OpenSSL build", 1 + if disabled("srp"); + + #Test 20: SRP extension + #Note: We are not actually going to perform an SRP handshake (TLSProxy + #does not support it). However it is sufficient for us to check that the + #SRP extension gets added on the client side. There is no SRP extension + #generated on the server side anyway. + $proxy->clear(); + $proxy->clientflags("-no_tls1_3 -srpuser user -srppass pass:pass"); + $proxy->start(); + checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS + | checkhandshake::SRP_CLI_EXTENSION, + "SRP extension test"); +} + +#Test 21: EC handshake +SKIP: { + skip "No EC support in this OpenSSL build", 1 if disabled("ec"); + $proxy->clear(); + $proxy->clientflags("-no_tls1_3"); + $proxy->serverflags("-no_tls1_3"); + $proxy->ciphers("ECDHE-RSA-AES128-SHA"); + $proxy->start(); + checkhandshake($proxy, checkhandshake::EC_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS + | checkhandshake::EC_POINT_FORMAT_SRV_EXTENSION, + "EC handshake test"); } diff --git a/deps/openssl/openssl/test/recipes/70-test_sslrecords.t b/deps/openssl/openssl/test/recipes/70-test_sslrecords.t index ef3f50984030b8..123302838683b6 100644 --- a/deps/openssl/openssl/test/recipes/70-test_sslrecords.t +++ b/deps/openssl/openssl/test/recipes/70-test_sslrecords.t @@ -7,6 +7,8 @@ # https://www.openssl.org/source/license.html use strict; +use feature 'state'; + use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/; use OpenSSL::Test::Utils; use TLSProxy::Proxy; @@ -34,37 +36,42 @@ my $proxy = TLSProxy::Proxy->new( (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) ); +my $boundary_test_type; +my $fatal_alert = 0; # set by filters at expected fatal alerts + #Test 1: Injecting out of context empty records should fail my $content_type = TLSProxy::Record::RT_APPLICATION_DATA; my $inject_recs_num = 1; +$proxy->serverflags("-tls1_2"); $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; -my $num_tests = 10; -if (!disabled("tls1_1")) { - $num_tests++; -} -plan tests => $num_tests; -ok(TLSProxy::Message->fail(), "Out of context empty records test"); +plan tests => 18; +ok($fatal_alert, "Out of context empty records test"); #Test 2: Injecting in context empty records should succeed $proxy->clear(); $content_type = TLSProxy::Record::RT_HANDSHAKE; +$proxy->serverflags("-tls1_2"); $proxy->start(); ok(TLSProxy::Message->success(), "In context empty records test"); #Test 3: Injecting too many in context empty records should fail +$fatal_alert = 0; $proxy->clear(); #We allow 32 consecutive in context empty records $inject_recs_num = 33; +$proxy->serverflags("-tls1_2"); $proxy->start(); -ok(TLSProxy::Message->fail(), "Too many in context empty records test"); +ok($fatal_alert, "Too many in context empty records test"); -#Test 4: Injecting a fragmented fatal alert should fail. We actually expect no -# alerts to be sent from either side because *we* injected the fatal -# alert, i.e. this will look like a disorderly close +#Test 4: Injecting a fragmented fatal alert should fail. We expect the server to +# send back an alert of its own because it cannot handle fragmented +# alerts +$fatal_alert = 0; $proxy->clear(); $proxy->filter(\&add_frag_alert_filter); +$proxy->serverflags("-tls1_2"); $proxy->start(); -ok(!TLSProxy::Message->end(), "Fragmented alert records test"); +ok($fatal_alert, "Fragmented alert records test"); #Run some SSLv2 ClientHello tests @@ -79,6 +86,7 @@ use constant { my $sslv2testtype = TLSV1_2_IN_SSLV2; $proxy->clear(); $proxy->filter(\&add_sslv2_filter); +$proxy->serverflags("-tls1_2"); $proxy->start(); ok(TLSProxy::Message->success(), "TLSv1.2 in SSLv2 ClientHello test"); @@ -87,14 +95,16 @@ ok(TLSProxy::Message->success(), "TLSv1.2 in SSLv2 ClientHello test"); # protocol so we don't even send an alert in this case. $sslv2testtype = SSLV2_IN_SSLV2; $proxy->clear(); +$proxy->serverflags("-tls1_2"); $proxy->start(); -ok(!TLSProxy::Message->end(), "SSLv2 in SSLv2 ClientHello test"); +ok(TLSProxy::Message->fail(), "SSLv2 in SSLv2 ClientHello test"); #Test 7: Sanity check ClientHello fragmentation. This isn't really an SSLv2 test # at all, but it gives us confidence that Test 8 fails for the right # reasons $sslv2testtype = FRAGMENTED_IN_TLSV1_2; $proxy->clear(); +$proxy->serverflags("-tls1_2"); $proxy->start(); ok(TLSProxy::Message->success(), "Fragmented ClientHello in TLSv1.2 test"); @@ -102,6 +112,7 @@ ok(TLSProxy::Message->success(), "Fragmented ClientHello in TLSv1.2 test"); # record; and another TLS1.2 record. This isn't allowed so should fail $sslv2testtype = FRAGMENTED_IN_SSLV2; $proxy->clear(); +$proxy->serverflags("-tls1_2"); $proxy->start(); ok(TLSProxy::Message->fail(), "Fragmented ClientHello in TLSv1.2/SSLv2 test"); @@ -109,31 +120,107 @@ ok(TLSProxy::Message->fail(), "Fragmented ClientHello in TLSv1.2/SSLv2 test"); # fail because an SSLv2 ClientHello must be the first record. $sslv2testtype = ALERT_BEFORE_SSLV2; $proxy->clear(); +$proxy->serverflags("-tls1_2"); $proxy->start(); ok(TLSProxy::Message->fail(), "Alert before SSLv2 ClientHello test"); #Unrecognised record type tests #Test 10: Sending an unrecognised record type in TLS1.2 should fail +$fatal_alert = 0; $proxy->clear(); +$proxy->serverflags("-tls1_2"); $proxy->filter(\&add_unknown_record_type); $proxy->start(); -ok(TLSProxy::Message->fail(), "Unrecognised record type in TLS1.2"); +ok($fatal_alert, "Unrecognised record type in TLS1.2"); -#Test 11: Sending an unrecognised record type in TLS1.1 should fail -if (!disabled("tls1_1")) { +SKIP: { + skip "TLSv1.1 disabled", 1 if disabled("tls1_1"); + + #Test 11: Sending an unrecognised record type in TLS1.1 should fail + $fatal_alert = 0; $proxy->clear(); $proxy->clientflags("-tls1_1"); $proxy->start(); - ok(TLSProxy::Message->fail(), "Unrecognised record type in TLS1.1"); + ok($fatal_alert, "Unrecognised record type in TLS1.1"); } +#Test 12: Sending a different record version in TLS1.2 should fail +$fatal_alert = 0; +$proxy->clear(); +$proxy->clientflags("-tls1_2"); +$proxy->filter(\&change_version); +$proxy->start(); +ok($fatal_alert, "Changed record version in TLS1.2"); + +#TLS1.3 specific tests +SKIP: { + skip "TLSv1.3 disabled", 6 if disabled("tls1_3"); + + #Test 13: Sending a different record version in TLS1.3 should fail + $proxy->clear(); + $proxy->filter(\&change_version); + $proxy->start(); + ok(TLSProxy::Message->fail(), "Changed record version in TLS1.3"); + + #Test 14: Sending an unrecognised record type in TLS1.3 should fail + $fatal_alert = 0; + $proxy->clear(); + $proxy->filter(\&add_unknown_record_type); + $proxy->start(); + ok($fatal_alert, "Unrecognised record type in TLS1.3"); + + #Test 15: Sending an outer record type other than app data once encrypted + #should fail + $fatal_alert = 0; + $proxy->clear(); + $proxy->filter(\&change_outer_record_type); + $proxy->start(); + ok($fatal_alert, "Wrong outer record type in TLS1.3"); + + use constant { + DATA_AFTER_SERVER_HELLO => 0, + DATA_AFTER_FINISHED => 1, + DATA_AFTER_KEY_UPDATE => 2 + }; + + #Test 16: Sending a ServerHello which doesn't end on a record boundary + # should fail + $fatal_alert = 0; + $proxy->clear(); + $boundary_test_type = DATA_AFTER_SERVER_HELLO; + $proxy->filter(\¬_on_record_boundary); + $proxy->start(); + ok($fatal_alert, "Record not on boundary in TLS1.3 (ServerHello)"); + + #Test 17: Sending a Finished which doesn't end on a record boundary + # should fail + $fatal_alert = 0; + $proxy->clear(); + $boundary_test_type = DATA_AFTER_FINISHED; + $proxy->filter(\¬_on_record_boundary); + $proxy->start(); + ok($fatal_alert, "Record not on boundary in TLS1.3 (Finished)"); + + #Test 18: Sending a KeyUpdate which doesn't end on a record boundary + # should fail + $fatal_alert = 0; + $proxy->clear(); + $boundary_test_type = DATA_AFTER_KEY_UPDATE; + $proxy->filter(\¬_on_record_boundary); + $proxy->start(); + ok($fatal_alert, "Record not on boundary in TLS1.3 (KeyUpdate)"); + } + + sub add_empty_recs_filter { my $proxy = shift; + my $records = $proxy->record_list; # We're only interested in the initial ClientHello if ($proxy->flight != 0) { + $fatal_alert = 1 if @{$records}[-1]->is_fatal_alert(1) == 10; return; } @@ -149,18 +236,19 @@ sub add_empty_recs_filter "", "" ); - - push @{$proxy->record_list}, $record; + push @{$records}, $record; } } sub add_frag_alert_filter { my $proxy = shift; + my $records = $proxy->record_list; my $byte; # We're only interested in the initial ClientHello if ($proxy->flight != 0) { + $fatal_alert = 1 if @{$records}[-1]->is_fatal_alert(1) == 10; return; } @@ -190,7 +278,7 @@ sub add_frag_alert_filter $byte, $byte ); - push @{$proxy->record_list}, $record; + push @{$records}, $record; # And finally the description (Unexpected message) in a third record $byte = pack('C', TLSProxy::Message::AL_DESC_UNEXPECTED_MESSAGE); @@ -205,7 +293,7 @@ sub add_frag_alert_filter $byte, $byte ); - push @{$proxy->record_list}, $record; + push @{$records}, $record; } sub add_sslv2_filter @@ -358,17 +446,22 @@ sub add_sslv2_filter sub add_unknown_record_type { my $proxy = shift; + my $records = $proxy->record_list; + state $added_record; # We'll change a record after the initial version neg has taken place - if ($proxy->flight != 2) { + if ($proxy->flight == 0) { + $added_record = 0; + return; + } elsif ($proxy->flight != 1 || $added_record) { + $fatal_alert = 1 if @{$records}[-1]->is_fatal_alert(0) == 10; return; } - my $lastrec = ${$proxy->record_list}[-1]; my $record = TLSProxy::Record->new( - 2, + 1, TLSProxy::Record::RT_UNKNOWN, - $lastrec->version(), + @{$records}[-1]->version(), 1, 0, 1, @@ -377,5 +470,140 @@ sub add_unknown_record_type "X" ); - unshift @{$proxy->record_list}, $record; + #Find ServerHello record and insert after that + my $i; + for ($i = 0; ${$proxy->record_list}[$i]->flight() < 1; $i++) { + next; + } + $i++; + + splice @{$proxy->record_list}, $i, 0, $record; + $added_record = 1; +} + +sub change_version +{ + my $proxy = shift; + my $records = $proxy->record_list; + + # We'll change a version after the initial version neg has taken place + if ($proxy->flight != 1) { + $fatal_alert = 1 if @{$records}[-1]->is_fatal_alert(0) == 70; + return; + } + + if ($#{$records} > 1) { + # ... typically in ServerHelloDone + @{$records}[-1]->version(TLSProxy::Record::VERS_TLS_1_1); + } +} + +sub change_outer_record_type +{ + my $proxy = shift; + my $records = $proxy->record_list; + + # We'll change a record after the initial version neg has taken place + if ($proxy->flight != 1) { + $fatal_alert = 1 if @{$records}[-1]->is_fatal_alert(0) == 10; + return; + } + + # Find CCS record and change record after that + my $i = 0; + foreach my $record (@{$records}) { + last if $record->content_type == TLSProxy::Record::RT_CCS; + $i++; + } + if (defined(${$records}[++$i])) { + ${$records}[$i]->outer_content_type(TLSProxy::Record::RT_HANDSHAKE); + } +} + +sub not_on_record_boundary +{ + my $proxy = shift; + my $records = $proxy->record_list; + my $data; + + #Find server's first flight + if ($proxy->flight != 1) { + $fatal_alert = 1 if @{$records}[-1]->is_fatal_alert(0) == 10; + return; + } + + if ($boundary_test_type == DATA_AFTER_SERVER_HELLO) { + #Merge the ServerHello and EncryptedExtensions records into one + my $i = 0; + foreach my $record (@{$records}) { + if ($record->content_type == TLSProxy::Record::RT_HANDSHAKE) { + $record->{sent} = 1; # pretend it's sent already + last; + } + $i++; + } + + if (defined(${$records}[$i+1])) { + $data = ${$records}[$i]->data(); + $data .= ${$records}[$i+1]->decrypt_data(); + ${$records}[$i+1]->data($data); + ${$records}[$i+1]->len(length $data); + + #Delete the old ServerHello record + splice @{$records}, $i, 1; + } + } elsif ($boundary_test_type == DATA_AFTER_FINISHED) { + return if @{$proxy->{message_list}}[-1]->{mt} + != TLSProxy::Message::MT_FINISHED; + + my $last_record = @{$records}[-1]; + $data = $last_record->decrypt_data; + + #Add a KeyUpdate message onto the end of the Finished record + my $keyupdate = pack "C5", + 0x18, # KeyUpdate + 0x00, 0x00, 0x01, # Message length + 0x00; # Update not requested + + $data .= $keyupdate; + + #Add content type and tag + $data .= pack("C", TLSProxy::Record::RT_HANDSHAKE).("\0"x16); + + #Update the record + $last_record->data($data); + $last_record->len(length $data); + } else { + return if @{$proxy->{message_list}}[-1]->{mt} + != TLSProxy::Message::MT_FINISHED; + + #KeyUpdates must end on a record boundary + + my $record = TLSProxy::Record->new( + 1, + TLSProxy::Record::RT_APPLICATION_DATA, + TLSProxy::Record::VERS_TLS_1_2, + 0, + 0, + 0, + 0, + "", + "" + ); + + #Add two KeyUpdate messages into a single record + my $keyupdate = pack "C5", + 0x18, # KeyUpdate + 0x00, 0x00, 0x01, # Message length + 0x00; # Update not requested + + $data = $keyupdate.$keyupdate; + + #Add content type and tag + $data .= pack("C", TLSProxy::Record::RT_HANDSHAKE).("\0"x16); + + $record->data($data); + $record->len(length $data); + push @{$records}, $record; + } } diff --git a/deps/openssl/openssl/test/recipes/70-test_sslsessiontick.t b/deps/openssl/openssl/test/recipes/70-test_sslsessiontick.t index 4a8636ecea318a..cbf197db21c394 100644 --- a/deps/openssl/openssl/test/recipes/70-test_sslsessiontick.t +++ b/deps/openssl/openssl/test/recipes/70-test_sslsessiontick.t @@ -24,8 +24,8 @@ plan skip_all => "$test_name needs the dynamic engine feature enabled" plan skip_all => "$test_name needs the sock feature enabled" if disabled("sock"); -plan skip_all => "$test_name needs TLS enabled" - if alldisabled(available_protocols("tls")); +plan skip_all => "$test_name needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled" + if alldisabled(("ssl3", "tls1", "tls1_1", "tls1_2")); $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; @@ -48,6 +48,7 @@ my $proxy = TLSProxy::Proxy->new( #Test 1: By default with no existing session we should get a session ticket #Expected result: ClientHello extension seen; ServerHello extension seen # NewSessionTicket message seen; Full handshake +$proxy->clientflags("-no_tls1_3"); $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; plan tests => 10; checkmessages(1, "Default session ticket test", 1, 1, 1, 1); @@ -57,6 +58,7 @@ checkmessages(1, "Default session ticket test", 1, 1, 1, 1); #Expected result: ClientHello extension seen; ServerHello extension not seen # NewSessionTicket message not seen; Full handshake clearall(); +$proxy->clientflags("-no_tls1_3"); $proxy->serverflags("-no_ticket"); $proxy->start(); checkmessages(2, "No server support session ticket test", 1, 0, 0, 1); @@ -66,7 +68,7 @@ checkmessages(2, "No server support session ticket test", 1, 0, 0, 1); #Expected result: ClientHello extension not seen; ServerHello extension not seen # NewSessionTicket message not seen; Full handshake clearall(); -$proxy->clientflags("-no_ticket"); +$proxy->clientflags("-no_tls1_3 -no_ticket"); $proxy->start(); checkmessages(3, "No client support session ticket test", 0, 0, 0, 1); @@ -76,10 +78,10 @@ checkmessages(3, "No client support session ticket test", 0, 0, 0, 1); clearall(); (undef, my $session) = tempfile(); $proxy->serverconnects(2); -$proxy->clientflags("-sess_out ".$session); +$proxy->clientflags("-no_tls1_3 -sess_out ".$session); $proxy->start(); $proxy->clearClient(); -$proxy->clientflags("-sess_in ".$session); +$proxy->clientflags("-no_tls1_3 -sess_in ".$session); $proxy->clientstart(); checkmessages(4, "Session resumption session ticket test", 1, 0, 0, 0); unlink $session; @@ -90,10 +92,10 @@ unlink $session; clearall(); (undef, $session) = tempfile(); $proxy->serverconnects(2); -$proxy->clientflags("-sess_out ".$session." -no_ticket"); +$proxy->clientflags("-no_tls1_3 -sess_out ".$session." -no_ticket"); $proxy->start(); $proxy->clearClient(); -$proxy->clientflags("-sess_in ".$session); +$proxy->clientflags("-no_tls1_3 -sess_in ".$session); $proxy->clientstart(); checkmessages(5, "Session resumption with ticket capable client without a " ."ticket", 1, 1, 1, 0); @@ -104,6 +106,7 @@ unlink $session; # NewSessionTicket message seen; Full handshake. clearall(); $proxy->filter(\&ticket_filter); +$proxy->clientflags("-no_tls1_3"); $proxy->start(); checkmessages(6, "Empty ticket test", 1, 1, 1, 1); @@ -112,17 +115,17 @@ clearall(); (undef, $session) = tempfile(); $proxy->serverconnects(3); $proxy->filter(undef); -$proxy->clientflags("-sess_out ".$session); +$proxy->clientflags("-no_tls1_3 -sess_out ".$session); $proxy->start(); $proxy->clearClient(); -$proxy->clientflags("-sess_in ".$session." -sess_out ".$session); +$proxy->clientflags("-no_tls1_3 -sess_in ".$session." -sess_out ".$session); $proxy->filter(\&inject_empty_ticket_filter); $proxy->clientstart(); #Expected result: ClientHello extension seen; ServerHello extension seen; # NewSessionTicket message seen; Abbreviated handshake. checkmessages(7, "Empty ticket resumption test", 1, 1, 1, 0); clearclient(); -$proxy->clientflags("-sess_in ".$session); +$proxy->clientflags("-no_tls1_3 -sess_in ".$session); $proxy->filter(undef); $proxy->clientstart(); #Expected result: ClientHello extension seen; ServerHello extension not seen; @@ -134,6 +137,7 @@ unlink $session; #NewSessionTicket #Expected result: Connection failure clearall(); +$proxy->clientflags("-no_tls1_3"); $proxy->serverflags("-no_ticket"); $proxy->filter(\&inject_ticket_extension_filter); $proxy->start(); @@ -143,6 +147,7 @@ ok(TLSProxy::Message->fail, "Server sends ticket extension but no ticket test"); #NewSessionTicket #Expected result: Connection failure clearall(); +$proxy->clientflags("-no_tls1_3"); $proxy->serverflags("-no_ticket"); $proxy->filter(\&inject_empty_ticket_filter); $proxy->start(); @@ -229,7 +234,7 @@ sub checkmessages($$$$$$) $shellotickext = 1; } } - } elsif ($message->mt == TLSProxy::Message::MT_CLIENT_KEY_EXCHANGE) { + } elsif ($message->mt == TLSProxy::Message::MT_CERTIFICATE) { #Must be doing a full handshake $fullhand = 1; } elsif ($message->mt == TLSProxy::Message::MT_NEW_SESSION_TICKET) { diff --git a/deps/openssl/openssl/test/recipes/70-test_sslsigalgs.t b/deps/openssl/openssl/test/recipes/70-test_sslsigalgs.t new file mode 100644 index 00000000000000..f805dcf221e82f --- /dev/null +++ b/deps/openssl/openssl/test/recipes/70-test_sslsigalgs.t @@ -0,0 +1,408 @@ +#! /usr/bin/env perl +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/; +use OpenSSL::Test::Utils; +use TLSProxy::Proxy; + +my $test_name = "test_sslsigalgs"; +setup($test_name); + +plan skip_all => "TLSProxy isn't usable on $^O" + if $^O =~ /^(VMS)$/; + +plan skip_all => "$test_name needs the dynamic engine feature enabled" + if disabled("engine") || disabled("dynamic-engine"); + +plan skip_all => "$test_name needs the sock feature enabled" + if disabled("sock"); + +plan skip_all => "$test_name needs TLS1.2 or TLS1.3 enabled" + if disabled("tls1_2") && disabled("tls1_3"); + +$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; +my $proxy = TLSProxy::Proxy->new( + undef, + cmdstr(app(["openssl"]), display => 1), + srctop_file("apps", "server.pem"), + (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) +); + +use constant { + NO_SIG_ALGS_EXT => 0, + EMPTY_SIG_ALGS_EXT => 1, + NO_KNOWN_SIG_ALGS => 2, + NO_PSS_SIG_ALGS => 3, + PSS_ONLY_SIG_ALGS => 4, + PURE_SIGALGS => 5, + COMPAT_SIGALGS => 6, + SIGALGS_CERT_ALL => 7, + SIGALGS_CERT_PKCS => 8, + SIGALGS_CERT_INVALID => 9 +}; + +#Note: Throughout this test we override the default ciphersuites where TLSv1.2 +# is expected to ensure that a ServerKeyExchange message is sent that uses +# the sigalgs + +#Test 1: Default sig algs should succeed +$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; +plan tests => 22; +ok(TLSProxy::Message->success, "Default sigalgs"); +my $testtype; + +SKIP: { + skip "TLSv1.3 disabled", 6 if disabled("tls1_3"); + + $proxy->filter(\&sigalgs_filter); + + #Test 2: Sending no sig algs extension in TLSv1.3 should fail + $proxy->clear(); + $testtype = NO_SIG_ALGS_EXT; + $proxy->start(); + ok(TLSProxy::Message->fail, "No TLSv1.3 sigalgs"); + + #Test 3: Sending an empty sig algs extension in TLSv1.3 should fail + $proxy->clear(); + $testtype = EMPTY_SIG_ALGS_EXT; + $proxy->start(); + ok(TLSProxy::Message->fail, "Empty TLSv1.3 sigalgs"); + + #Test 4: Sending a list with no recognised sig algs in TLSv1.3 should fail + $proxy->clear(); + $testtype = NO_KNOWN_SIG_ALGS; + $proxy->start(); + ok(TLSProxy::Message->fail, "No known TLSv1.3 sigalgs"); + + #Test 5: Sending a sig algs list without pss for an RSA cert in TLSv1.3 + # should fail + $proxy->clear(); + $testtype = NO_PSS_SIG_ALGS; + $proxy->start(); + ok(TLSProxy::Message->fail, "No PSS TLSv1.3 sigalgs"); + + #Test 6: Sending only TLSv1.3 PSS sig algs in TLSv1.3 should succeed + #TODO(TLS1.3): Do we need to verify the cert to make sure its a PSS only + #cert in this case? + $proxy->clear(); + $testtype = PSS_ONLY_SIG_ALGS; + $proxy->start(); + ok(TLSProxy::Message->success, "PSS only sigalgs in TLSv1.3"); + + #Test 7: Modify the CertificateVerify sigalg from rsa_pss_rsae_sha256 to + # rsa_pss_pss_sha256. This should fail because the public key OID + # in the certificate is rsaEncryption and not rsassaPss + $proxy->filter(\&modify_cert_verify_sigalg); + $proxy->clear(); + $proxy->start(); + ok(TLSProxy::Message->fail, + "Mismatch between CertVerify sigalg and public key OID"); +} + +SKIP: { + skip "EC or TLSv1.3 disabled", 1 + if disabled("tls1_3") || disabled("ec"); + #Test 8: Sending a valid sig algs list but not including a sig type that + # matches the certificate should fail in TLSv1.3. + $proxy->clear(); + $proxy->clientflags("-sigalgs ECDSA+SHA256"); + $proxy->filter(undef); + $proxy->start(); + ok(TLSProxy::Message->fail, "No matching TLSv1.3 sigalgs"); +} + +SKIP: { + skip "EC, TLSv1.3 or TLSv1.2 disabled", 1 + if disabled("tls1_2") || disabled("tls1_3") || disabled("ec"); + + #Test 9: Sending a full list of TLSv1.3 sig algs but negotiating TLSv1.2 + # should succeed + $proxy->clear(); + $proxy->serverflags("-no_tls1_3"); + $proxy->ciphers("ECDHE-RSA-AES128-SHA"); + $proxy->filter(undef); + $proxy->start(); + ok(TLSProxy::Message->success, "TLSv1.3 client TLSv1.2 server"); +} + +SKIP: { + skip "EC or TLSv1.2 disabled", 8 if disabled("tls1_2") || disabled("ec"); + + $proxy->filter(\&sigalgs_filter); + + #Test 10: Sending no sig algs extension in TLSv1.2 should succeed + $proxy->clear(); + $testtype = NO_SIG_ALGS_EXT; + $proxy->clientflags("-no_tls1_3"); + $proxy->ciphers("ECDHE-RSA-AES128-SHA"); + $proxy->start(); + ok(TLSProxy::Message->success, "No TLSv1.2 sigalgs"); + + #Test 11: Sending an empty sig algs extension in TLSv1.2 should fail + $proxy->clear(); + $testtype = EMPTY_SIG_ALGS_EXT; + $proxy->clientflags("-no_tls1_3"); + $proxy->ciphers("ECDHE-RSA-AES128-SHA"); + $proxy->start(); + ok(TLSProxy::Message->fail, "Empty TLSv1.2 sigalgs"); + + #Test 12: Sending a list with no recognised sig algs in TLSv1.2 should fail + $proxy->clear(); + $testtype = NO_KNOWN_SIG_ALGS; + $proxy->clientflags("-no_tls1_3"); + $proxy->ciphers("ECDHE-RSA-AES128-SHA"); + $proxy->start(); + ok(TLSProxy::Message->fail, "No known TLSv1.3 sigalgs"); + + #Test 13: Sending a sig algs list without pss for an RSA cert in TLSv1.2 + # should succeed + $proxy->clear(); + $testtype = NO_PSS_SIG_ALGS; + $proxy->clientflags("-no_tls1_3"); + $proxy->ciphers("ECDHE-RSA-AES128-SHA"); + $proxy->start(); + ok(TLSProxy::Message->success, "No PSS TLSv1.2 sigalgs"); + + #Test 14: Sending only TLSv1.3 PSS sig algs in TLSv1.2 should succeed + $proxy->clear(); + $testtype = PSS_ONLY_SIG_ALGS; + $proxy->serverflags("-no_tls1_3"); + $proxy->ciphers("ECDHE-RSA-AES128-SHA"); + $proxy->start(); + ok(TLSProxy::Message->success, "PSS only sigalgs in TLSv1.2"); + + #Test 15: Responding with a sig alg we did not send in TLSv1.2 should fail + # We send rsa_pkcs1_sha256 and respond with rsa_pss_rsae_sha256 + # TODO(TLS1.3): Add a similar test to the TLSv1.3 section above + # when we have an API capable of configuring the TLSv1.3 sig algs + $proxy->clear(); + $testtype = PSS_ONLY_SIG_ALGS; + $proxy->clientflags("-no_tls1_3 -sigalgs RSA+SHA256"); + $proxy->ciphers("ECDHE-RSA-AES128-SHA"); + $proxy->start(); + ok(TLSProxy::Message->fail, "Sigalg we did not send in TLSv1.2"); + + #Test 16: Sending a valid sig algs list but not including a sig type that + # matches the certificate should fail in TLSv1.2 + $proxy->clear(); + $proxy->clientflags("-no_tls1_3 -sigalgs ECDSA+SHA256"); + $proxy->ciphers("ECDHE-RSA-AES128-SHA"); + $proxy->filter(undef); + $proxy->start(); + ok(TLSProxy::Message->fail, "No matching TLSv1.2 sigalgs"); + $proxy->filter(\&sigalgs_filter); + + #Test 17: No sig algs extension, ECDSA cert, TLSv1.2 should succeed + $proxy->clear(); + $testtype = NO_SIG_ALGS_EXT; + $proxy->clientflags("-no_tls1_3"); + $proxy->serverflags("-cert " . srctop_file("test", "certs", + "server-ecdsa-cert.pem") . + " -key " . srctop_file("test", "certs", + "server-ecdsa-key.pem")), + $proxy->ciphers("ECDHE-ECDSA-AES128-SHA"); + $proxy->start(); + ok(TLSProxy::Message->success, "No TLSv1.2 sigalgs, ECDSA"); +} + +my ($dsa_status, $sha1_status, $sha224_status); +SKIP: { + skip "TLSv1.3 disabled", 2 if disabled("tls1_3") || disabled("dsa"); + #Test 18: signature_algorithms with 1.3-only ClientHello + $testtype = PURE_SIGALGS; + $dsa_status = $sha1_status = $sha224_status = 0; + $proxy->clear(); + $proxy->clientflags("-tls1_3"); + $proxy->filter(\&modify_sigalgs_filter); + $proxy->start(); + ok($dsa_status && $sha1_status && $sha224_status, + "DSA/SHA2 sigalg sent for 1.3-only ClientHello"); + + #Test 19: signature_algorithms with backwards compatible ClientHello + SKIP: { + skip "TLSv1.2 disabled", 1 if disabled("tls1_2"); + $testtype = COMPAT_SIGALGS; + $dsa_status = $sha1_status = $sha224_status = 0; + $proxy->clear(); + $proxy->filter(\&modify_sigalgs_filter); + $proxy->start(); + ok($dsa_status && $sha1_status && $sha224_status, + "DSA sigalg not sent for compat ClientHello"); + } +} + +SKIP: { + skip "TLSv1.3 disabled", 3 if disabled("tls1_3"); + #Test 20: Insert signature_algorithms_cert that match normal sigalgs + $testtype = SIGALGS_CERT_ALL; + $proxy->clear(); + $proxy->filter(\&modify_sigalgs_cert_filter); + $proxy->start(); + ok(TLSProxy::Message->success, "sigalgs_cert in TLSv1.3"); + + #Test 21: Insert signature_algorithms_cert that forces PKCS#1 cert + $testtype = SIGALGS_CERT_PKCS; + $proxy->clear(); + $proxy->filter(\&modify_sigalgs_cert_filter); + $proxy->start(); + ok(TLSProxy::Message->success, "sigalgs_cert in TLSv1.3 with PKCS#1 cert"); + + #Test 22: Insert signature_algorithms_cert that fails + $testtype = SIGALGS_CERT_INVALID; + $proxy->clear(); + $proxy->filter(\&modify_sigalgs_cert_filter); + $proxy->start(); + ok(TLSProxy::Message->fail, "No matching certificate for sigalgs_cert"); +} + + + +sub sigalgs_filter +{ + my $proxy = shift; + + # We're only interested in the initial ClientHello + if ($proxy->flight != 0) { + return; + } + + foreach my $message (@{$proxy->message_list}) { + if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { + if ($testtype == NO_SIG_ALGS_EXT) { + $message->delete_extension(TLSProxy::Message::EXT_SIG_ALGS); + } else { + my $sigalg; + if ($testtype == EMPTY_SIG_ALGS_EXT) { + $sigalg = pack "C2", 0x00, 0x00; + } elsif ($testtype == NO_KNOWN_SIG_ALGS) { + $sigalg = pack "C4", 0x00, 0x02, 0xff, 0xff; + } elsif ($testtype == NO_PSS_SIG_ALGS) { + #No PSS sig algs - just send rsa_pkcs1_sha256 + $sigalg = pack "C4", 0x00, 0x02, 0x04, 0x01; + } else { + #PSS sig algs only - just send rsa_pss_rsae_sha256 + $sigalg = pack "C4", 0x00, 0x02, 0x08, 0x04; + } + $message->set_extension(TLSProxy::Message::EXT_SIG_ALGS, $sigalg); + } + + $message->repack(); + } + } +} + +sub modify_sigalgs_filter +{ + my $proxy = shift; + + # We're only interested in the initial ClientHello + return if ($proxy->flight != 0); + + foreach my $message (@{$proxy->message_list}) { + my $ext; + my @algs; + + if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { + if ($testtype == PURE_SIGALGS) { + my $ok = 1; + $ext = $message->extension_data->{TLSProxy::Message::EXT_SIG_ALGS}; + @algs = unpack('S>*', $ext); + # unpack will unpack the length as well + shift @algs; + foreach (@algs) { + if ($_ == TLSProxy::Message::SIG_ALG_DSA_SHA256 + || $_ == TLSProxy::Message::SIG_ALG_DSA_SHA384 + || $_ == TLSProxy::Message::SIG_ALG_DSA_SHA512 + || $_ == TLSProxy::Message::OSSL_SIG_ALG_DSA_SHA224 + || $_ == TLSProxy::Message::SIG_ALG_RSA_PKCS1_SHA1 + || $_ == TLSProxy::Message::SIG_ALG_DSA_SHA1 + || $_ == TLSProxy::Message::SIG_ALG_ECDSA_SHA1) { + $ok = 0; + } + } + $sha1_status = $dsa_status = $sha224_status = 1 if ($ok); + } elsif ($testtype == COMPAT_SIGALGS) { + $ext = $message->extension_data->{TLSProxy::Message::EXT_SIG_ALGS}; + @algs = unpack('S>*', $ext); + # unpack will unpack the length as well + shift @algs; + foreach (@algs) { + if ($_ == TLSProxy::Message::SIG_ALG_DSA_SHA256 + || $_ == TLSProxy::Message::SIG_ALG_DSA_SHA384 + || $_ == TLSProxy::Message::SIG_ALG_DSA_SHA512) { + $dsa_status = 1; + } + if ($_ == TLSProxy::Message::SIG_ALG_RSA_PKCS1_SHA1 + || $_ == TLSProxy::Message::SIG_ALG_DSA_SHA1 + || $_ == TLSProxy::Message::SIG_ALG_ECDSA_SHA1) { + $sha1_status = 1; + } + if ($_ == TLSProxy::Message::OSSL_SIG_ALG_RSA_PKCS1_SHA224 + || $_ == TLSProxy::Message::OSSL_SIG_ALG_DSA_SHA224 + || $_ == TLSProxy::Message::OSSL_SIG_ALG_ECDSA_SHA224) { + $sha224_status = 1; + } + } + } + } + } +} + +sub modify_sigalgs_cert_filter +{ + my $proxy = shift; + + # We're only interested in the initial ClientHello + if ($proxy->flight != 0) { + return; + } + + foreach my $message (@{$proxy->message_list}) { + if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { + my $sigs; + # two byte length at front of sigs, then two-byte sigschemes + if ($testtype == SIGALGS_CERT_ALL) { + $sigs = pack "C26", 0x00, 0x18, + # rsa_pkcs_sha{256,512} rsa_pss_rsae_sha{256,512} + 0x04, 0x01, 0x06, 0x01, 0x08, 0x04, 0x08, 0x06, + # ed25518 ed448 rsa_pss_pss_sha{256,512} + 0x08, 0x07, 0x08, 0x08, 0x08, 0x09, 0x08, 0x0b, + # ecdsa_secp{256,512} rsa+sha1 ecdsa+sha1 + 0x04, 0x03, 0x06, 0x03, 0x02, 0x01, 0x02, 0x03; + } elsif ($testtype == SIGALGS_CERT_PKCS) { + $sigs = pack "C10", 0x00, 0x08, + # rsa_pkcs_sha{256,384,512,1} + 0x04, 0x01, 0x05, 0x01, 0x06, 0x01, 0x02, 0x01; + } elsif ($testtype == SIGALGS_CERT_INVALID) { + $sigs = pack "C4", 0x00, 0x02, + # unregistered codepoint + 0xb2, 0x6f; + } + $message->set_extension(TLSProxy::Message::EXT_SIG_ALGS_CERT, $sigs); + $message->repack(); + } + } +} + +sub modify_cert_verify_sigalg +{ + my $proxy = shift; + + # We're only interested in the CertificateVerify + if ($proxy->flight != 1) { + return; + } + + foreach my $message (@{$proxy->message_list}) { + if ($message->mt == TLSProxy::Message::MT_CERTIFICATE_VERIFY) { + $message->sigalg(TLSProxy::Message::SIG_ALG_RSA_PSS_PSS_SHA256); + $message->repack(); + } + } +} diff --git a/deps/openssl/openssl/test/recipes/70-test_sslsignature.t b/deps/openssl/openssl/test/recipes/70-test_sslsignature.t new file mode 100644 index 00000000000000..034950e26a8d95 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/70-test_sslsignature.t @@ -0,0 +1,144 @@ +#! /usr/bin/env perl +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/; +use OpenSSL::Test::Utils; +use TLSProxy::Proxy; + +my $test_name = "test_sslsignature"; +setup($test_name); + +plan skip_all => "TLSProxy isn't usable on $^O" + if $^O =~ /^(VMS)$/; + +plan skip_all => "$test_name needs the dynamic engine feature enabled" + if disabled("engine") || disabled("dynamic-engine"); + +plan skip_all => "$test_name needs the sock feature enabled" + if disabled("sock"); + +plan skip_all => "$test_name needs TLS enabled" + if alldisabled(available_protocols("tls")); + +$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; +my $proxy = TLSProxy::Proxy->new( + undef, + cmdstr(app(["openssl"]), display => 1), + srctop_file("apps", "server.pem"), + (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) +); + +use constant { + NO_CORRUPTION => 0, + CORRUPT_SERVER_CERT_VERIFY => 1, + CORRUPT_CLIENT_CERT_VERIFY => 2, + CORRUPT_TLS1_2_SERVER_KEY_EXCHANGE => 3, +}; + +$proxy->filter(\&signature_filter); + +#Test 1: No corruption should succeed +my $testtype = NO_CORRUPTION; +$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; +plan tests => 4; +ok(TLSProxy::Message->success, "No corruption"); + +SKIP: { + skip "TLSv1.3 disabled", 1 if disabled("tls1_3"); + + #Test 2: Corrupting a server CertVerify signature in TLSv1.3 should fail + $proxy->clear(); + $testtype = CORRUPT_SERVER_CERT_VERIFY; + $proxy->start(); + ok(TLSProxy::Message->fail, "Corrupt server TLSv1.3 CertVerify"); + + #Test x: Corrupting a client CertVerify signature in TLSv1.3 should fail + #$proxy->clear(); + #$testtype = CORRUPT_CLIENT_CERT_VERIFY; + #$proxy->serverflags("-Verify 5"); + #$proxy->clientflags("-cert ".srctop_file("apps", "server.pem")); + #$proxy->start(); + #ok(TLSProxy::Message->fail, "Corrupt client TLSv1.3 CertVerify"); + #TODO(TLS1.3): This test fails due to a problem in s_server/TLSProxy. + #Currently a connection is counted as "successful" if the client ends it + #with a close_notify. In TLSProxy the client initiates the closure of the + #connection so really we should not count it as successful until s_server + #has also responded with a close_notify. However s_server never sends a + #close_notify - it just closes the connection. Fixing this would be a + #significant change to the long established behaviour of s_server. + #Unfortunately in this test, it is the server that notices the incorrect + #signature and responds with an appropriate alert. However s_client never + #sees that because it occurs after the server Finished has been sent. + #Therefore s_client just continues to send its application data and sends + #its close_notify regardless. TLSProxy sees this and thinks that the + #connection was successful when in fact it was not. There isn't an easy fix + #for this, so leaving this test commented out for now. +} + +SKIP: { + skip "TLS <= 1.2 disabled", 2 + if alldisabled(("ssl3", "tls1", "tls1_1", "tls1_2")); + + #Test 3: Corrupting a CertVerify signature in <=TLSv1.2 should fail + $proxy->clear(); + $testtype = CORRUPT_CLIENT_CERT_VERIFY; + $proxy->serverflags("-Verify 5"); + $proxy->clientflags("-no_tls1_3 -cert ".srctop_file("apps", "server.pem")); + $proxy->start(); + ok(TLSProxy::Message->fail, "Corrupt <=TLSv1.2 CertVerify"); + + SKIP: { + skip "DH disabled", 1 if disabled("dh"); + + #Test 4: Corrupting a ServerKeyExchange signature in <=TLSv1.2 should + #fail + $proxy->clear(); + $testtype = CORRUPT_TLS1_2_SERVER_KEY_EXCHANGE; + $proxy->clientflags("-no_tls1_3"); + $proxy->cipherc('DHE-RSA-AES128-SHA'); + $proxy->ciphers('DHE-RSA-AES128-SHA'); + $proxy->start(); + ok(TLSProxy::Message->fail, "Corrupt <=TLSv1.2 ServerKeyExchange"); + } +} + +sub signature_filter +{ + my $proxy = shift; + my $flight; + my $mt = TLSProxy::Message::MT_CERTIFICATE_VERIFY; + + if ($testtype == CORRUPT_SERVER_CERT_VERIFY + || $testtype == CORRUPT_TLS1_2_SERVER_KEY_EXCHANGE + || (!disabled("tls1_3") && $testtype == NO_CORRUPTION)) { + $flight = 1; + } else { + $flight = 2; + } + + # We're only interested in the initial server flight + return if ($proxy->flight != $flight); + + $mt = TLSProxy::Message::MT_SERVER_KEY_EXCHANGE + if ($testtype == CORRUPT_TLS1_2_SERVER_KEY_EXCHANGE); + + foreach my $message (@{$proxy->message_list}) { + if ($message->mt == $mt) { + my $sig = $message->signature(); + my $sigbase = substr($sig, 0, -1); + my $sigend = unpack("C", substr($sig, -1)); + + #Flip bits in final byte of signature to corrupt the sig + $sigend ^= 0xff unless $testtype == NO_CORRUPTION; + + $message->signature($sigbase.pack("C", $sigend)); + $message->repack(); + } + } +} diff --git a/deps/openssl/openssl/test/recipes/70-test_sslskewith0p.t b/deps/openssl/openssl/test/recipes/70-test_sslskewith0p.t index af87739ae27c0a..53a8b5185fb56a 100644 --- a/deps/openssl/openssl/test/recipes/70-test_sslskewith0p.t +++ b/deps/openssl/openssl/test/recipes/70-test_sslskewith0p.t @@ -41,6 +41,7 @@ my $proxy = TLSProxy::Proxy->new( $proxy->cipherc('ADH-AES128-SHA:@SECLEVEL=0'); $proxy->ciphers('ADH-AES128-SHA:@SECLEVEL=0'); +$proxy->clientflags("-no_tls1_3"); $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; plan tests => 1; ok(TLSProxy::Message->fail, "ServerKeyExchange with 0 p"); diff --git a/deps/openssl/openssl/test/recipes/70-test_sslversions.t b/deps/openssl/openssl/test/recipes/70-test_sslversions.t new file mode 100644 index 00000000000000..c2d76239dda847 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/70-test_sslversions.t @@ -0,0 +1,185 @@ +#! /usr/bin/env perl +# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/; +use OpenSSL::Test::Utils; +use TLSProxy::Proxy; +use File::Temp qw(tempfile); + +use constant { + REVERSE_ORDER_VERSIONS => 1, + UNRECOGNISED_VERSIONS => 2, + NO_EXTENSION => 3, + EMPTY_EXTENSION => 4, + TLS1_1_AND_1_0_ONLY => 5, + WITH_TLS1_4 => 6, + BAD_LEGACY_VERSION => 7 +}; + +my $testtype; + +my $test_name = "test_sslversions"; +setup($test_name); + +plan skip_all => "TLSProxy isn't usable on $^O" + if $^O =~ /^(VMS)$/; + +plan skip_all => "$test_name needs the dynamic engine feature enabled" + if disabled("engine") || disabled("dynamic-engine"); + +plan skip_all => "$test_name needs the sock feature enabled" + if disabled("sock"); + +plan skip_all => "$test_name needs TLS1.3, TLS1.2 and TLS1.1 enabled" + if disabled("tls1_3") || disabled("tls1_2") || disabled("tls1_1"); + +$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; + +my $proxy = TLSProxy::Proxy->new( + undef, + cmdstr(app(["openssl"]), display => 1), + srctop_file("apps", "server.pem"), + (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) +); + +#We're just testing various negative and unusual scenarios here. ssltest with +#02-protocol-version.conf should check all the various combinations of normal +#version neg + +#Test 1: An empty supported_versions extension should not succeed +$testtype = EMPTY_EXTENSION; +$proxy->filter(\&modify_supported_versions_filter); +$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; +plan tests => 8; +ok(TLSProxy::Message->fail(), "Empty supported versions"); + +#Test 2: supported_versions extension with no recognised versions should not +#succeed +$proxy->clear(); +$testtype = UNRECOGNISED_VERSIONS; +$proxy->start(); +ok(TLSProxy::Message->fail(), "No recognised versions"); + +#Test 3: No supported versions extensions should succeed and select TLSv1.2 +$proxy->clear(); +$testtype = NO_EXTENSION; +$proxy->start(); +my $record = pop @{$proxy->record_list}; +ok(TLSProxy::Message->success() + && $record->version() == TLSProxy::Record::VERS_TLS_1_2, + "No supported versions extension"); + +#Test 4: No supported versions extensions should fail if only TLS1.3 available +$proxy->clear(); +$proxy->serverflags("-tls1_3"); +$proxy->start(); +ok(TLSProxy::Message->fail(), "No supported versions extension (only TLS1.3)"); + +#Test 5: supported versions extension with best version last should succeed +#and select TLSv1.3 +$proxy->clear(); +$testtype = REVERSE_ORDER_VERSIONS; +$proxy->start(); +$record = pop @{$proxy->record_list}; +ok(TLSProxy::Message->success() + && $record->version() == TLSProxy::Record::VERS_TLS_1_2 + && TLSProxy::Proxy->is_tls13(), + "Reverse order versions"); + +#Test 6: no TLSv1.3 or TLSv1.2 version in supported versions extension, but +#TLSv1.1 and TLSv1.0 are present. Should just use TLSv1.1 and succeed +$proxy->clear(); +$testtype = TLS1_1_AND_1_0_ONLY; +$proxy->start(); +$record = pop @{$proxy->record_list}; +ok(TLSProxy::Message->success() + && $record->version() == TLSProxy::Record::VERS_TLS_1_1, + "TLS1.1 and TLS1.0 in supported versions extension only"); + +#Test 7: TLS1.4 and TLS1.3 in supported versions. Should succeed and use TLS1.3 +$proxy->clear(); +$testtype = WITH_TLS1_4; +$proxy->start(); +$record = pop @{$proxy->record_list}; +ok(TLSProxy::Message->success() + && $record->version() == TLSProxy::Record::VERS_TLS_1_2 + && TLSProxy::Proxy->is_tls13(), + "TLS1.4 in supported versions extension"); + +#Test 8: Set the legacy version to SSLv3 with supported versions. Should fail +$proxy->clear(); +$testtype = BAD_LEGACY_VERSION; +$proxy->start(); +ok(TLSProxy::Message->fail(), "Legacy version is SSLv3 with supported versions"); + +sub modify_supported_versions_filter +{ + my $proxy = shift; + + if ($proxy->flight == 1) { + # Change the ServerRandom so that the downgrade sentinel doesn't cause + # the connection to fail + my $message = ${$proxy->message_list}[1]; + return if (!defined $message); + + $message->random("\0"x32); + $message->repack(); + return; + } + + # We're only interested in the initial ClientHello + if ($proxy->flight != 0) { + return; + } + + foreach my $message (@{$proxy->message_list}) { + if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { + my $ext; + if ($testtype == REVERSE_ORDER_VERSIONS) { + $ext = pack "C5", + 0x04, # Length + 0x03, 0x03, #TLSv1.2 + 0x03, 0x04; #TLSv1.3 + } elsif ($testtype == UNRECOGNISED_VERSIONS) { + $ext = pack "C5", + 0x04, # Length + 0x04, 0x04, #Some unrecognised version + 0x04, 0x03; #Another unrecognised version + } elsif ($testtype == TLS1_1_AND_1_0_ONLY) { + $ext = pack "C5", + 0x04, # Length + 0x03, 0x02, #TLSv1.1 + 0x03, 0x01; #TLSv1.0 + } elsif ($testtype == WITH_TLS1_4) { + $ext = pack "C5", + 0x04, # Length + 0x03, 0x05, #TLSv1.4 + 0x03, 0x04; #TLSv1.3 + } + if ($testtype == REVERSE_ORDER_VERSIONS + || $testtype == UNRECOGNISED_VERSIONS + || $testtype == TLS1_1_AND_1_0_ONLY + || $testtype == WITH_TLS1_4) { + $message->set_extension( + TLSProxy::Message::EXT_SUPPORTED_VERSIONS, $ext); + } elsif ($testtype == EMPTY_EXTENSION) { + $message->set_extension( + TLSProxy::Message::EXT_SUPPORTED_VERSIONS, ""); + } elsif ($testtype == NO_EXTENSION) { + $message->delete_extension( + TLSProxy::Message::EXT_SUPPORTED_VERSIONS); + } else { + # BAD_LEGACY_VERSION + $message->client_version(TLSProxy::Record::VERS_SSL_3_0); + } + + $message->repack(); + } + } +} diff --git a/deps/openssl/openssl/test/recipes/70-test_sslvertol.t b/deps/openssl/openssl/test/recipes/70-test_sslvertol.t index 59c2cddc31a1c5..02d845712eea34 100644 --- a/deps/openssl/openssl/test/recipes/70-test_sslvertol.t +++ b/deps/openssl/openssl/test/recipes/70-test_sslvertol.t @@ -34,17 +34,75 @@ my $proxy = TLSProxy::Proxy->new( (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) ); -#Test 1: Asking for TLS1.3 should pass -my $client_version = TLSProxy::Record::VERS_TLS_1_3; +my @available_tls_versions = (); +foreach (available_protocols("tls")) { + unless (disabled($_)) { + note("Checking enabled protocol $_"); + m|^([a-z]+)(\d)(_\d)?|; + my $versionname; + if (defined $3) { + $versionname = 'TLSProxy::Record::VERS_'.uc($1).'_'.$2.$3; + note("'$1', '$2', '$3' => $versionname"); + } else { + $versionname = 'TLSProxy::Record::VERS_'.uc($1).'_'.$2.'_0'; + note("'$1', '$2' => $versionname"); + } + push @available_tls_versions, eval $versionname; + } +} +note("TLS versions we can expect: ", join(", ", @available_tls_versions)); + +#This file does tests without the supported_versions extension. +#See 70-test_sslversions.t for tests with supported versions. + +#Test 1: Asking for TLS1.4 should pass and negotiate the maximum +#available TLS version according to configuration below TLS1.3 +my $client_version = TLSProxy::Record::VERS_TLS_1_4; +my $previous_version = tls_version_below(TLSProxy::Record::VERS_TLS_1_3); +$proxy->clientflags("-no_tls1_3"); $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; -plan tests => 2; -ok(TLSProxy::Message->success(), "Version tolerance test, TLS 1.3"); +plan tests => 3; +SKIP: { + skip "There are too few protocols enabled for test 1", 1 + unless defined $previous_version; + + my $record = pop @{$proxy->record_list}; + ok((note("Record version received: ".$record->version()), + TLSProxy::Message->success()) + && $record->version() == $previous_version, + "Version tolerance test, below TLS 1.4 and not TLS 1.3"); +} + +#Test 2: Asking for TLS1.3 with that disabled should succeed and negotiate +#the highest configured TLS version below that. +$client_version = TLSProxy::Record::VERS_TLS_1_3; +$previous_version = tls_version_below($client_version); +SKIP: { + skip "There are too few protocols enabled for test 2", 1 + unless defined $previous_version; -#Test 2: Testing something below SSLv3 should fail + $proxy->clear(); + $proxy->clientflags("-no_tls1_3"); + $proxy->start(); + my $record = pop @{$proxy->record_list}; + ok((note("Record version received: ".$record->version()), + TLSProxy::Message->success()) + && $record->version() == $previous_version, + "Version tolerance test, max version but not TLS 1.3"); +} + +#Test 3: Testing something below SSLv3 should fail. We must disable TLS 1.3 +#to avoid having the 'supported_versions' extension kick in and override our +#desires. $client_version = TLSProxy::Record::VERS_SSL_3_0 - 1; $proxy->clear(); +$proxy->clientflags("-no_tls1_3"); $proxy->start(); -ok(TLSProxy::Message->fail(), "Version tolerance test, SSL < 3.0"); +my $record = pop @{$proxy->record_list}; +ok((note("Record version received: ". + (defined $record ? $record->version() : "none")), + TLSProxy::Message->fail()), + "Version tolerance test, SSL < 3.0"); sub vers_tolerance_filter { @@ -58,10 +116,23 @@ sub vers_tolerance_filter foreach my $message (@{$proxy->message_list}) { if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { #Set the client version - #Anything above the max supported version (TLS1.2) should succeed + #Anything above the max supported version should succeed #Anything below SSLv3 should fail $message->client_version($client_version); $message->repack(); } } } + +sub tls_version_below { + if (@_) { + my $term = shift; + my $res = undef; + + foreach (@available_tls_versions) { + $res = $_ if $_ < $term; + } + return $res; + } + return $available_tls_versions[-1]; +} diff --git a/deps/openssl/openssl/test/recipes/70-test_tls13alerts.t b/deps/openssl/openssl/test/recipes/70-test_tls13alerts.t new file mode 100644 index 00000000000000..7111d404dd3e9d --- /dev/null +++ b/deps/openssl/openssl/test/recipes/70-test_tls13alerts.t @@ -0,0 +1,56 @@ +#! /usr/bin/env perl +# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/; +use OpenSSL::Test::Utils; +use TLSProxy::Proxy; + +my $test_name = "test_tls13alerts"; +setup($test_name); + +plan skip_all => "TLSProxy isn't usable on $^O" + if $^O =~ /^(VMS)$/; + +plan skip_all => "$test_name needs the dynamic engine feature enabled" + if disabled("engine") || disabled("dynamic-engine"); + +plan skip_all => "$test_name needs the sock feature enabled" + if disabled("sock"); + +plan skip_all => "$test_name needs TLS1.3 enabled" + if disabled("tls1_3"); + +$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; + +my $proxy = TLSProxy::Proxy->new( + undef, + cmdstr(app(["openssl"]), display => 1), + srctop_file("apps", "server.pem"), + (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) +); + +#Test 1: We test that a server can handle an unencrypted alert when normally the +# next message is encrypted +$proxy->filter(\&alert_filter); +$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; +plan tests => 1; +my $alert = TLSProxy::Message->alert(); +ok(TLSProxy::Message->fail() && !$alert->server() && !$alert->encrypted(), "Client sends an unecrypted alert"); + +sub alert_filter +{ + my $proxy = shift; + + if ($proxy->flight != 1) { + return; + } + + ${$proxy->message_list}[1]->session_id_len(1); + ${$proxy->message_list}[1]->repack(); +} diff --git a/deps/openssl/openssl/test/recipes/70-test_tls13cookie.t b/deps/openssl/openssl/test/recipes/70-test_tls13cookie.t new file mode 100644 index 00000000000000..c1afb864e1eda5 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/70-test_tls13cookie.t @@ -0,0 +1,111 @@ +#! /usr/bin/env perl +# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/; +use OpenSSL::Test::Utils; +use TLSProxy::Proxy; + +my $test_name = "test_tls13cookie"; +setup($test_name); + +plan skip_all => "TLSProxy isn't usable on $^O" + if $^O =~ /^(VMS)$/; + +plan skip_all => "$test_name needs the dynamic engine feature enabled" + if disabled("engine") || disabled("dynamic-engine"); + +plan skip_all => "$test_name needs the sock feature enabled" + if disabled("sock"); + +plan skip_all => "$test_name needs TLS1.3 enabled" + if disabled("tls1_3"); + +$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; + +use constant { + COOKIE_ONLY => 0, + COOKIE_AND_KEY_SHARE => 1 +}; + +my $proxy = TLSProxy::Proxy->new( + undef, + cmdstr(app(["openssl"]), display => 1), + srctop_file("apps", "server.pem"), + (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) +); + +my $cookieseen = 0; +my $testtype; + +#Test 1: Inserting a cookie into an HRR should see it echoed in the ClientHello +$testtype = COOKIE_ONLY; +$proxy->filter(\&cookie_filter); +$proxy->serverflags("-curves X25519"); +$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; +plan tests => 2; +ok(TLSProxy::Message->success() && $cookieseen == 1, "Cookie seen"); + +#Test 2: Same as test 1 but should also work where a new key_share is also +# required +$testtype = COOKIE_AND_KEY_SHARE; +$proxy->clear(); +$proxy->clientflags("-curves P-256:X25519"); +$proxy->serverflags("-curves X25519"); +$proxy->start(); +ok(TLSProxy::Message->success() && $cookieseen == 1, "Cookie seen"); + +sub cookie_filter +{ + my $proxy = shift; + + # We're only interested in the HRR and both ClientHellos + return if ($proxy->flight > 2); + + my $ext = pack "C8", + 0x00, 0x06, #Cookie Length + 0x00, 0x01, #Dummy cookie data (6 bytes) + 0x02, 0x03, + 0x04, 0x05; + + foreach my $message (@{$proxy->message_list}) { + if ($message->mt == TLSProxy::Message::MT_SERVER_HELLO + && ${$message->records}[0]->flight == 1) { + $message->delete_extension(TLSProxy::Message::EXT_KEY_SHARE) + if ($testtype == COOKIE_ONLY); + $message->set_extension(TLSProxy::Message::EXT_COOKIE, $ext); + $message->repack(); + } elsif ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { + if (${$message->records}[0]->flight == 0) { + if ($testtype == COOKIE_ONLY) { + my $ext = pack "C7", + 0x00, 0x05, #List Length + 0x00, 0x17, #P-256 + 0x00, 0x01, #key_exchange data length + 0xff; #Dummy key_share data + # Trick the server into thinking we got an unacceptable + # key_share + $message->set_extension( + TLSProxy::Message::EXT_KEY_SHARE, $ext); + $message->repack(); + } + } else { + #cmp can behave differently dependent on locale + no locale; + my $cookie = + $message->extension_data->{TLSProxy::Message::EXT_COOKIE}; + + return if !defined($cookie); + + return if ($cookie cmp $ext) != 0; + + $cookieseen = 1; + } + } + } +} diff --git a/deps/openssl/openssl/test/recipes/70-test_tls13downgrade.t b/deps/openssl/openssl/test/recipes/70-test_tls13downgrade.t new file mode 100644 index 00000000000000..9b55cb8d6d877b --- /dev/null +++ b/deps/openssl/openssl/test/recipes/70-test_tls13downgrade.t @@ -0,0 +1,125 @@ +#! /usr/bin/env perl +# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/; +use OpenSSL::Test::Utils; +use TLSProxy::Proxy; + +my $test_name = "test_tls13downgrade"; +setup($test_name); + +plan skip_all => "TLSProxy isn't usable on $^O" + if $^O =~ /^(VMS)$/; + +plan skip_all => "$test_name needs the dynamic engine feature enabled" + if disabled("engine") || disabled("dynamic-engine"); + +plan skip_all => "$test_name needs the sock feature enabled" + if disabled("sock"); + +plan skip_all => "$test_name needs TLS1.3 and TLS1.2 enabled" + if disabled("tls1_3") || disabled("tls1_2"); + +$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; + +my $proxy = TLSProxy::Proxy->new( + undef, + cmdstr(app(["openssl"]), display => 1), + srctop_file("apps", "server.pem"), + (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) +); + +use constant { + DOWNGRADE_TO_TLS_1_2 => 0, + DOWNGRADE_TO_TLS_1_1 => 1, + FALLBACK_FROM_TLS_1_3 => 2, +}; + +#Test 1: Downgrade from TLSv1.3 to TLSv1.2 +$proxy->filter(\&downgrade_filter); +my $testtype = DOWNGRADE_TO_TLS_1_2; +$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; +plan tests => 6; +ok(TLSProxy::Message->fail(), "Downgrade TLSv1.3 to TLSv1.2"); + +#Test 2: Downgrade from TLSv1.3 to TLSv1.1 +$proxy->clear(); +$testtype = DOWNGRADE_TO_TLS_1_1; +$proxy->start(); +ok(TLSProxy::Message->fail(), "Downgrade TLSv1.3 to TLSv1.1"); + +#Test 3: Downgrade from TLSv1.2 to TLSv1.1 +$proxy->clear(); +$proxy->clientflags("-no_tls1_3"); +$proxy->serverflags("-no_tls1_3"); +$proxy->start(); +ok(TLSProxy::Message->fail(), "Downgrade TLSv1.2 to TLSv1.1"); + +#Test 4: Client falls back from TLSv1.3 (server does not support the fallback +# SCSV) +$proxy->clear(); +$testtype = FALLBACK_FROM_TLS_1_3; +$proxy->clientflags("-fallback_scsv -no_tls1_3"); +$proxy->start(); +my $alert = TLSProxy::Message->alert(); +ok(TLSProxy::Message->fail() + && !$alert->server() + && $alert->description() == TLSProxy::Message::AL_DESC_ILLEGAL_PARAMETER, + "Fallback from TLSv1.3"); + +SKIP: { + skip "TLSv1.1 disabled", 2 if disabled("tls1_1"); + #Test 5: A client side protocol "hole" should not be detected as a downgrade + $proxy->clear(); + $proxy->filter(undef); + $proxy->clientflags("-no_tls1_2"); + $proxy->start(); + ok(TLSProxy::Message->success(), "TLSv1.2 client-side protocol hole"); + + #Test 6: A server side protocol "hole" should not be detected as a downgrade + $proxy->clear(); + $proxy->filter(undef); + $proxy->serverflags("-no_tls1_2"); + $proxy->start(); + ok(TLSProxy::Message->success(), "TLSv1.2 server-side protocol hole"); +} + +sub downgrade_filter +{ + my $proxy = shift; + + # We're only interested in the initial ClientHello + if ($proxy->flight != 0) { + return; + } + + my $message = ${$proxy->message_list}[0]; + + my $ext; + if ($testtype == FALLBACK_FROM_TLS_1_3) { + #The default ciphersuite we use for TLSv1.2 without any SCSV + my @ciphersuites = (TLSProxy::Message::CIPHER_RSA_WITH_AES_128_CBC_SHA); + $message->ciphersuite_len(2 * scalar @ciphersuites); + $message->ciphersuites(\@ciphersuites); + } else { + if ($testtype == DOWNGRADE_TO_TLS_1_2) { + $ext = pack "C3", + 0x02, # Length + 0x03, 0x03; #TLSv1.2 + } else { + $ext = pack "C3", + 0x02, # Length + 0x03, 0x02; #TLSv1.1 + } + + $message->set_extension(TLSProxy::Message::EXT_SUPPORTED_VERSIONS, $ext); + } + + $message->repack(); +} diff --git a/deps/openssl/openssl/test/recipes/70-test_tls13hrr.t b/deps/openssl/openssl/test/recipes/70-test_tls13hrr.t new file mode 100644 index 00000000000000..e0b47ed359d8fb --- /dev/null +++ b/deps/openssl/openssl/test/recipes/70-test_tls13hrr.t @@ -0,0 +1,93 @@ +#! /usr/bin/env perl +# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/; +use OpenSSL::Test::Utils; +use TLSProxy::Proxy; + +my $test_name = "test_tls13hrr"; +setup($test_name); + +plan skip_all => "TLSProxy isn't usable on $^O" + if $^O =~ /^(VMS)$/; + +plan skip_all => "$test_name needs the dynamic engine feature enabled" + if disabled("engine") || disabled("dynamic-engine"); + +plan skip_all => "$test_name needs the sock feature enabled" + if disabled("sock"); + +plan skip_all => "$test_name needs TLS1.3 enabled" + if disabled("tls1_3"); + +$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; + +my $proxy = TLSProxy::Proxy->new( + undef, + cmdstr(app(["openssl"]), display => 1), + srctop_file("apps", "server.pem"), + (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) +); + +use constant { + CHANGE_HRR_CIPHERSUITE => 0, + CHANGE_CH1_CIPHERSUITE => 1 +}; + +#Test 1: A client should fail if the server changes the ciphersuite between the +# HRR and the SH +$proxy->filter(\&hrr_filter); +$proxy->serverflags("-curves P-256"); +my $testtype = CHANGE_HRR_CIPHERSUITE; +$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; +plan tests => 2; +ok(TLSProxy::Message->fail(), "Server ciphersuite changes"); + +#Test 2: It is an error if the client changes the offered ciphersuites so that +# we end up selecting a different ciphersuite between HRR and the SH +$proxy->clear(); +$proxy->serverflags("-curves P-256"); +$proxy->ciphersuitess("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384"); +$testtype = CHANGE_CH1_CIPHERSUITE; +$proxy->start(); +ok(TLSProxy::Message->fail(), "Client ciphersuite changes"); + +sub hrr_filter +{ + my $proxy = shift; + + if ($testtype == CHANGE_HRR_CIPHERSUITE) { + # We're only interested in the HRR + if ($proxy->flight != 1) { + return; + } + + my $hrr = ${$proxy->message_list}[1]; + + # We will normally only ever select CIPHER_TLS13_AES_128_GCM_SHA256 + # because that's what Proxy tells s_server to do. Setting as below means + # the ciphersuite will change will we get the ServerHello + $hrr->ciphersuite(TLSProxy::Message::CIPHER_TLS13_AES_256_GCM_SHA384); + $hrr->repack(); + return; + } + + # CHANGE_CH1_CIPHERSUITE + if ($proxy->flight != 0) { + return; + } + + my $ch1 = ${$proxy->message_list}[0]; + + # The server will always pick TLS_AES_256_GCM_SHA384 + my @ciphersuites = (TLSProxy::Message::CIPHER_TLS13_AES_128_GCM_SHA256); + $ch1->ciphersuite_len(2 * scalar @ciphersuites); + $ch1->ciphersuites(\@ciphersuites); + $ch1->repack(); +} diff --git a/deps/openssl/openssl/test/recipes/70-test_tls13kexmodes.t b/deps/openssl/openssl/test/recipes/70-test_tls13kexmodes.t new file mode 100644 index 00000000000000..716e260e5fa64b --- /dev/null +++ b/deps/openssl/openssl/test/recipes/70-test_tls13kexmodes.t @@ -0,0 +1,341 @@ +#! /usr/bin/env perl +# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file srctop_dir bldtop_dir/; +use OpenSSL::Test::Utils; +use File::Temp qw(tempfile); +use TLSProxy::Proxy; +use checkhandshake qw(checkhandshake @handmessages @extensions); + +my $test_name = "test_tls13kexmodes"; +setup($test_name); + +plan skip_all => "TLSProxy isn't usable on $^O" + if $^O =~ /^(VMS)$/; + +plan skip_all => "$test_name needs the dynamic engine feature enabled" + if disabled("engine") || disabled("dynamic-engine"); + +plan skip_all => "$test_name needs the sock feature enabled" + if disabled("sock"); + +plan skip_all => "$test_name needs TLSv1.3 enabled" + if disabled("tls1_3"); + +$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; +$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); + + +@handmessages = ( + [TLSProxy::Message::MT_CLIENT_HELLO, + checkhandshake::ALL_HANDSHAKES], + [TLSProxy::Message::MT_SERVER_HELLO, + checkhandshake::HRR_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE], + [TLSProxy::Message::MT_CLIENT_HELLO, + checkhandshake::HRR_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE], + [TLSProxy::Message::MT_SERVER_HELLO, + checkhandshake::ALL_HANDSHAKES], + [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, + checkhandshake::ALL_HANDSHAKES], + [TLSProxy::Message::MT_CERTIFICATE_REQUEST, + checkhandshake::CLIENT_AUTH_HANDSHAKE], + [TLSProxy::Message::MT_CERTIFICATE, + checkhandshake::ALL_HANDSHAKES & ~(checkhandshake::RESUME_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE)], + [TLSProxy::Message::MT_CERTIFICATE_VERIFY, + checkhandshake::ALL_HANDSHAKES & ~(checkhandshake::RESUME_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE)], + [TLSProxy::Message::MT_FINISHED, + checkhandshake::ALL_HANDSHAKES], + [TLSProxy::Message::MT_CERTIFICATE, + checkhandshake::CLIENT_AUTH_HANDSHAKE], + [TLSProxy::Message::MT_CERTIFICATE_VERIFY, + checkhandshake::CLIENT_AUTH_HANDSHAKE], + [TLSProxy::Message::MT_FINISHED, + checkhandshake::ALL_HANDSHAKES], + [0, 0] +); + +@extensions = ( + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME, + checkhandshake::SERVER_NAME_CLI_EXTENSION], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST, + checkhandshake::STATUS_REQUEST_CLI_EXTENSION], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN, + checkhandshake::ALPN_CLI_EXTENSION], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT, + checkhandshake::SCT_CLI_EXTENSION], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES, + checkhandshake::PSK_KEX_MODES_EXTENSION], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK, + checkhandshake::PSK_CLI_EXTENSION], + + [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE, + checkhandshake::KEY_SHARE_HRR_EXTENSION], + + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME, + checkhandshake::SERVER_NAME_CLI_EXTENSION], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST, + checkhandshake::STATUS_REQUEST_CLI_EXTENSION], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN, + checkhandshake::ALPN_CLI_EXTENSION], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT, + checkhandshake::SCT_CLI_EXTENSION], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES, + checkhandshake::PSK_KEX_MODES_EXTENSION], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK, + checkhandshake::PSK_CLI_EXTENSION], + + [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE, + checkhandshake::KEY_SHARE_SRV_EXTENSION], + [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_PSK, + checkhandshake::PSK_SRV_EXTENSION], + + [TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_STATUS_REQUEST, + checkhandshake::STATUS_REQUEST_SRV_EXTENSION], + [0,0,0] +); + +use constant { + DELETE_EXTENSION => 0, + EMPTY_EXTENSION => 1, + NON_DHE_KEX_MODE_ONLY => 2, + DHE_KEX_MODE_ONLY => 3, + UNKNOWN_KEX_MODES => 4, + BOTH_KEX_MODES => 5 +}; + +my $proxy = TLSProxy::Proxy->new( + undef, + cmdstr(app(["openssl"]), display => 1), + srctop_file("apps", "server.pem"), + (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) +); + +#Test 1: First get a session +(undef, my $session) = tempfile(); +$proxy->clientflags("-sess_out ".$session); +$proxy->serverflags("-servername localhost"); +$proxy->sessionfile($session); +$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; +plan tests => 11; +ok(TLSProxy::Message->success(), "Initial connection"); + +#Test 2: Attempt a resume with no kex modes extension. Should not resume +$proxy->clear(); +$proxy->clientflags("-sess_in ".$session); +my $testtype = DELETE_EXTENSION; +$proxy->filter(\&modify_kex_modes_filter); +$proxy->start(); +checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS + | checkhandshake::KEY_SHARE_SRV_EXTENSION + | checkhandshake::PSK_CLI_EXTENSION, + "Resume with no kex modes"); + +#Test 3: Attempt a resume with empty kex modes extension. Should fail (empty +# extension is invalid) +$proxy->clear(); +$proxy->clientflags("-sess_in ".$session); +$testtype = EMPTY_EXTENSION; +$proxy->start(); +ok(TLSProxy::Message->fail(), "Resume with empty kex modes"); + +#Test 4: Attempt a resume with non-dhe kex mode only. Should resume without a +# key_share +$proxy->clear(); +$proxy->clientflags("-allow_no_dhe_kex -sess_in ".$session); +$proxy->serverflags("-allow_no_dhe_kex"); +$testtype = NON_DHE_KEX_MODE_ONLY; +$proxy->start(); +checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS + | checkhandshake::PSK_KEX_MODES_EXTENSION + | checkhandshake::PSK_CLI_EXTENSION + | checkhandshake::PSK_SRV_EXTENSION, + "Resume with non-dhe kex mode"); + +#Test 5: Attempt a resume with dhe kex mode only. Should resume with a key_share +$proxy->clear(); +$proxy->clientflags("-sess_in ".$session); +$testtype = DHE_KEX_MODE_ONLY; +$proxy->start(); +checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS + | checkhandshake::PSK_KEX_MODES_EXTENSION + | checkhandshake::KEY_SHARE_SRV_EXTENSION + | checkhandshake::PSK_CLI_EXTENSION + | checkhandshake::PSK_SRV_EXTENSION, + "Resume with non-dhe kex mode"); + +#Test 6: Attempt a resume with only unrecognised kex modes. Should not resume +$proxy->clear(); +$proxy->clientflags("-sess_in ".$session); +$testtype = UNKNOWN_KEX_MODES; +$proxy->start(); +checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS + | checkhandshake::PSK_KEX_MODES_EXTENSION + | checkhandshake::KEY_SHARE_SRV_EXTENSION + | checkhandshake::PSK_CLI_EXTENSION, + "Resume with empty kex modes"); + +#Test 7: Attempt a resume with both non-dhe and dhe kex mode. Should resume with +# a key_share +$proxy->clear(); +$proxy->clientflags("-sess_in ".$session); +$testtype = BOTH_KEX_MODES; +$proxy->start(); +checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS + | checkhandshake::PSK_KEX_MODES_EXTENSION + | checkhandshake::KEY_SHARE_SRV_EXTENSION + | checkhandshake::PSK_CLI_EXTENSION + | checkhandshake::PSK_SRV_EXTENSION, + "Resume with non-dhe kex mode"); + +#Test 8: Attempt a resume with both non-dhe and dhe kex mode, but unacceptable +# initial key_share. Should resume with a key_share following an HRR +$proxy->clear(); +$proxy->clientflags("-sess_in ".$session); +$proxy->serverflags("-curves P-256"); +$testtype = BOTH_KEX_MODES; +$proxy->start(); +checkhandshake($proxy, checkhandshake::HRR_RESUME_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS + | checkhandshake::PSK_KEX_MODES_EXTENSION + | checkhandshake::KEY_SHARE_SRV_EXTENSION + | checkhandshake::KEY_SHARE_HRR_EXTENSION + | checkhandshake::PSK_CLI_EXTENSION + | checkhandshake::PSK_SRV_EXTENSION, + "Resume with both kex modes and HRR"); + +#Test 9: Attempt a resume with dhe kex mode only and an unacceptable initial +# key_share. Should resume with a key_share following an HRR +$proxy->clear(); +$proxy->clientflags("-sess_in ".$session); +$proxy->serverflags("-curves P-256"); +$testtype = DHE_KEX_MODE_ONLY; +$proxy->start(); +checkhandshake($proxy, checkhandshake::HRR_RESUME_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS + | checkhandshake::PSK_KEX_MODES_EXTENSION + | checkhandshake::KEY_SHARE_SRV_EXTENSION + | checkhandshake::KEY_SHARE_HRR_EXTENSION + | checkhandshake::PSK_CLI_EXTENSION + | checkhandshake::PSK_SRV_EXTENSION, + "Resume with dhe kex mode and HRR"); + +#Test 10: Attempt a resume with both non-dhe and dhe kex mode, unacceptable +# initial key_share and no overlapping groups. Should resume without a +# key_share +$proxy->clear(); +$proxy->clientflags("-allow_no_dhe_kex -curves P-384 -sess_in ".$session); +$proxy->serverflags("-allow_no_dhe_kex -curves P-256"); +$testtype = BOTH_KEX_MODES; +$proxy->start(); +checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS + | checkhandshake::PSK_KEX_MODES_EXTENSION + | checkhandshake::PSK_CLI_EXTENSION + | checkhandshake::PSK_SRV_EXTENSION, + "Resume with both kex modes, no overlapping groups"); + +#Test 11: Attempt a resume with dhe kex mode only, unacceptable +# initial key_share and no overlapping groups. Should fail +$proxy->clear(); +$proxy->clientflags("-curves P-384 -sess_in ".$session); +$proxy->serverflags("-curves P-256"); +$testtype = DHE_KEX_MODE_ONLY; +$proxy->start(); +ok(TLSProxy::Message->fail(), "Resume with dhe kex mode, no overlapping groups"); + +unlink $session; + +sub modify_kex_modes_filter +{ + my $proxy = shift; + + # We're only interested in the initial ClientHello + return if ($proxy->flight != 0); + + foreach my $message (@{$proxy->message_list}) { + if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { + my $ext; + + if ($testtype == EMPTY_EXTENSION) { + $ext = pack "C", + 0x00; #List length + } elsif ($testtype == NON_DHE_KEX_MODE_ONLY) { + $ext = pack "C2", + 0x01, #List length + 0x00; #psk_ke + } elsif ($testtype == DHE_KEX_MODE_ONLY) { + $ext = pack "C2", + 0x01, #List length + 0x01; #psk_dhe_ke + } elsif ($testtype == UNKNOWN_KEX_MODES) { + $ext = pack "C3", + 0x02, #List length + 0xfe, #unknown + 0xff; #unknown + } elsif ($testtype == BOTH_KEX_MODES) { + #We deliberately list psk_ke first...should still use psk_dhe_ke + $ext = pack "C3", + 0x02, #List length + 0x00, #psk_ke + 0x01; #psk_dhe_ke + } + + if ($testtype == DELETE_EXTENSION) { + $message->delete_extension( + TLSProxy::Message::EXT_PSK_KEX_MODES); + } else { + $message->set_extension( + TLSProxy::Message::EXT_PSK_KEX_MODES, $ext); + } + + $message->repack(); + } + } +} diff --git a/deps/openssl/openssl/test/recipes/70-test_tls13messages.t b/deps/openssl/openssl/test/recipes/70-test_tls13messages.t new file mode 100644 index 00000000000000..be6a2db5d68b87 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/70-test_tls13messages.t @@ -0,0 +1,336 @@ +#! /usr/bin/env perl +# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file srctop_dir bldtop_dir/; +use OpenSSL::Test::Utils; +use File::Temp qw(tempfile); +use TLSProxy::Proxy; +use checkhandshake qw(checkhandshake @handmessages @extensions); + +my $test_name = "test_tls13messages"; +setup($test_name); + +plan skip_all => "TLSProxy isn't usable on $^O" + if $^O =~ /^(VMS)$/; + +plan skip_all => "$test_name needs the dynamic engine feature enabled" + if disabled("engine") || disabled("dynamic-engine"); + +plan skip_all => "$test_name needs the sock feature enabled" + if disabled("sock"); + +plan skip_all => "$test_name needs TLSv1.3 enabled" + if disabled("tls1_3"); + +$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; +$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); + + +@handmessages = ( + [TLSProxy::Message::MT_CLIENT_HELLO, + checkhandshake::ALL_HANDSHAKES], + [TLSProxy::Message::MT_SERVER_HELLO, + checkhandshake::HRR_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE], + [TLSProxy::Message::MT_CLIENT_HELLO, + checkhandshake::HRR_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE], + [TLSProxy::Message::MT_SERVER_HELLO, + checkhandshake::ALL_HANDSHAKES], + [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, + checkhandshake::ALL_HANDSHAKES], + [TLSProxy::Message::MT_CERTIFICATE_REQUEST, + checkhandshake::CLIENT_AUTH_HANDSHAKE], + [TLSProxy::Message::MT_CERTIFICATE, + checkhandshake::ALL_HANDSHAKES & ~(checkhandshake::RESUME_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE)], + [TLSProxy::Message::MT_CERTIFICATE_VERIFY, + checkhandshake::ALL_HANDSHAKES & ~(checkhandshake::RESUME_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE)], + [TLSProxy::Message::MT_FINISHED, + checkhandshake::ALL_HANDSHAKES], + [TLSProxy::Message::MT_CERTIFICATE, + checkhandshake::CLIENT_AUTH_HANDSHAKE], + [TLSProxy::Message::MT_CERTIFICATE_VERIFY, + checkhandshake::CLIENT_AUTH_HANDSHAKE], + [TLSProxy::Message::MT_FINISHED, + checkhandshake::ALL_HANDSHAKES], + [0, 0] +); + +@extensions = ( + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME, + checkhandshake::SERVER_NAME_CLI_EXTENSION], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST, + checkhandshake::STATUS_REQUEST_CLI_EXTENSION], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN, + checkhandshake::ALPN_CLI_EXTENSION], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT, + checkhandshake::SCT_CLI_EXTENSION], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK, + checkhandshake::PSK_CLI_EXTENSION], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_POST_HANDSHAKE_AUTH, + checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION], + + [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE, + checkhandshake::KEY_SHARE_HRR_EXTENSION], + + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME, + checkhandshake::SERVER_NAME_CLI_EXTENSION], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST, + checkhandshake::STATUS_REQUEST_CLI_EXTENSION], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN, + checkhandshake::ALPN_CLI_EXTENSION], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT, + checkhandshake::SCT_CLI_EXTENSION], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK, + checkhandshake::PSK_CLI_EXTENSION], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_POST_HANDSHAKE_AUTH, + checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION], + + [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_PSK, + checkhandshake::PSK_SRV_EXTENSION], + + [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_SERVER_NAME, + checkhandshake::SERVER_NAME_SRV_EXTENSION], + [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_ALPN, + checkhandshake::ALPN_SRV_EXTENSION], + [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_SUPPORTED_GROUPS, + checkhandshake::SUPPORTED_GROUPS_SRV_EXTENSION], + + [TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_STATUS_REQUEST, + checkhandshake::STATUS_REQUEST_SRV_EXTENSION], + [TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_SCT, + checkhandshake::SCT_SRV_EXTENSION], + + [0,0,0] +); + +my $proxy = TLSProxy::Proxy->new( + undef, + cmdstr(app(["openssl"]), display => 1), + srctop_file("apps", "server.pem"), + (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) +); + +#Test 1: Check we get all the right messages for a default handshake +(undef, my $session) = tempfile(); +$proxy->serverconnects(2); +$proxy->clientflags("-sess_out ".$session); +$proxy->sessionfile($session); +$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; +plan tests => 16; +checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS, + "Default handshake test"); + +#Test 2: Resumption handshake +$proxy->clearClient(); +$proxy->clientflags("-sess_in ".$session); +$proxy->clientstart(); +checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, + (checkhandshake::DEFAULT_EXTENSIONS + | checkhandshake::PSK_CLI_EXTENSION + | checkhandshake::PSK_SRV_EXTENSION), + "Resumption handshake test"); + +SKIP: { + skip "No OCSP support in this OpenSSL build", 3 + if disabled("ct") || disabled("ec") || disabled("ocsp"); + #Test 3: A status_request handshake (client request only) + $proxy->clear(); + $proxy->clientflags("-status"); + $proxy->start(); + checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS + | checkhandshake::STATUS_REQUEST_CLI_EXTENSION, + "status_request handshake test (client)"); + + #Test 4: A status_request handshake (server support only) + $proxy->clear(); + $proxy->serverflags("-status_file " + .srctop_file("test", "recipes", "ocsp-response.der")); + $proxy->start(); + checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS, + "status_request handshake test (server)"); + + #Test 5: A status_request handshake (client and server) + $proxy->clear(); + $proxy->clientflags("-status"); + $proxy->serverflags("-status_file " + .srctop_file("test", "recipes", "ocsp-response.der")); + $proxy->start(); + checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS + | checkhandshake::STATUS_REQUEST_CLI_EXTENSION + | checkhandshake::STATUS_REQUEST_SRV_EXTENSION, + "status_request handshake test"); +} + +#Test 6: A client auth handshake +$proxy->clear(); +$proxy->clientflags("-enable_pha -cert ".srctop_file("apps", "server.pem")); +$proxy->serverflags("-Verify 5"); +$proxy->start(); +checkhandshake($proxy, checkhandshake::CLIENT_AUTH_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS | + checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION, + "Client auth handshake test"); + +#Test 7: Server name handshake (no client request) +$proxy->clear(); +$proxy->clientflags("-noservername"); +$proxy->start(); +checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS + & ~checkhandshake::SERVER_NAME_CLI_EXTENSION, + "Server name handshake test (client)"); + +#Test 8: Server name handshake (server support only) +$proxy->clear(); +$proxy->clientflags("-noservername"); +$proxy->serverflags("-servername testhost"); +$proxy->start(); +checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS + & ~checkhandshake::SERVER_NAME_CLI_EXTENSION, + "Server name handshake test (server)"); + +#Test 9: Server name handshake (client and server) +$proxy->clear(); +$proxy->clientflags("-servername testhost"); +$proxy->serverflags("-servername testhost"); +$proxy->start(); +checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS + | checkhandshake::SERVER_NAME_SRV_EXTENSION, + "Server name handshake test"); + +#Test 10: ALPN handshake (client request only) +$proxy->clear(); +$proxy->clientflags("-alpn test"); +$proxy->start(); +checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS + | checkhandshake::ALPN_CLI_EXTENSION, + "ALPN handshake test (client)"); + +#Test 11: ALPN handshake (server support only) +$proxy->clear(); +$proxy->serverflags("-alpn test"); +$proxy->start(); +checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS, + "ALPN handshake test (server)"); + +#Test 12: ALPN handshake (client and server) +$proxy->clear(); +$proxy->clientflags("-alpn test"); +$proxy->serverflags("-alpn test"); +$proxy->start(); +checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS + | checkhandshake::ALPN_CLI_EXTENSION + | checkhandshake::ALPN_SRV_EXTENSION, + "ALPN handshake test"); + +SKIP: { + skip "No CT, EC or OCSP support in this OpenSSL build", 1 + if disabled("ct") || disabled("ec") || disabled("ocsp"); + + #Test 13: SCT handshake (client request only) + $proxy->clear(); + #Note: -ct also sends status_request + $proxy->clientflags("-ct"); + $proxy->serverflags("-status_file " + .srctop_file("test", "recipes", "ocsp-response.der") + ." -serverinfo ".srctop_file("test", "serverinfo2.pem")); + $proxy->start(); + checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS + | checkhandshake::SCT_CLI_EXTENSION + | checkhandshake::SCT_SRV_EXTENSION + | checkhandshake::STATUS_REQUEST_CLI_EXTENSION + | checkhandshake::STATUS_REQUEST_SRV_EXTENSION, + "SCT handshake test"); +} + + + + +#Test 14: HRR Handshake +$proxy->clear(); +$proxy->serverflags("-curves P-256"); +$proxy->start(); +checkhandshake($proxy, checkhandshake::HRR_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS + | checkhandshake::KEY_SHARE_HRR_EXTENSION, + "HRR handshake test"); + +#Test 15: Resumption handshake with HRR +$proxy->clear(); +$proxy->clientflags("-sess_in ".$session); +$proxy->serverflags("-curves P-256"); +$proxy->start(); +checkhandshake($proxy, checkhandshake::HRR_RESUME_HANDSHAKE, + (checkhandshake::DEFAULT_EXTENSIONS + | checkhandshake::KEY_SHARE_HRR_EXTENSION + | checkhandshake::PSK_CLI_EXTENSION + | checkhandshake::PSK_SRV_EXTENSION), + "Resumption handshake with HRR test"); + +#Test 16: Acceptable but non preferred key_share +$proxy->clear(); +$proxy->clientflags("-curves P-256"); +$proxy->start(); +checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS + | checkhandshake::SUPPORTED_GROUPS_SRV_EXTENSION, + "Acceptable but non preferred key_share"); + +unlink $session; diff --git a/deps/openssl/openssl/test/recipes/70-test_tls13psk.t b/deps/openssl/openssl/test/recipes/70-test_tls13psk.t new file mode 100644 index 00000000000000..fedc527892ee9d --- /dev/null +++ b/deps/openssl/openssl/test/recipes/70-test_tls13psk.t @@ -0,0 +1,152 @@ +#! /usr/bin/env perl +# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file srctop_dir bldtop_dir/; +use OpenSSL::Test::Utils; +use File::Temp qw(tempfile); +use TLSProxy::Proxy; + +my $test_name = "test_tls13psk"; +setup($test_name); + +plan skip_all => "TLSProxy isn't usable on $^O" + if $^O =~ /^(VMS)$/; + +plan skip_all => "$test_name needs the dynamic engine feature enabled" + if disabled("engine") || disabled("dynamic-engine"); + +plan skip_all => "$test_name needs the sock feature enabled" + if disabled("sock"); + +plan skip_all => "$test_name needs TLSv1.3 enabled" + if disabled("tls1_3"); + +$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; +$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); + +my $proxy = TLSProxy::Proxy->new( + undef, + cmdstr(app(["openssl"]), display => 1), + srctop_file("apps", "server.pem"), + (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) +); + +use constant { + PSK_LAST_FIRST_CH => 0, + ILLEGAL_EXT_SECOND_CH => 1 +}; + +#Most PSK tests are done in test_ssl_new. This tests various failure scenarios +#around PSK + +#Test 1: First get a session +(undef, my $session) = tempfile(); +$proxy->clientflags("-sess_out ".$session); +$proxy->serverflags("-servername localhost"); +$proxy->sessionfile($session); +$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; +plan tests => 5; +ok(TLSProxy::Message->success(), "Initial connection"); + +#Test 2: Attempt a resume with PSK not in last place. Should fail +$proxy->clear(); +$proxy->clientflags("-sess_in ".$session); +$proxy->filter(\&modify_psk_filter); +my $testtype = PSK_LAST_FIRST_CH; +$proxy->start(); +ok(TLSProxy::Message->fail(), "PSK not last"); + +#Test 3: Attempt a resume after an HRR where PSK hash matches selected +# ciphersuite. Should see PSK on second ClientHello +$proxy->clear(); +$proxy->clientflags("-sess_in ".$session); +$proxy->serverflags("-curves P-256"); +$proxy->filter(undef); +$proxy->start(); +#Check if the PSK is present in the second ClientHello +my $ch2 = ${$proxy->message_list}[2]; +my $ch2seen = defined $ch2 && $ch2->mt() == TLSProxy::Message::MT_CLIENT_HELLO; +my $pskseen = $ch2seen + && defined ${$ch2->{extension_data}}{TLSProxy::Message::EXT_PSK}; +ok($pskseen, "PSK hash matches"); + +#Test 4: Attempt a resume after an HRR where PSK hash does not match selected +# ciphersuite. Should not see PSK on second ClientHello +$proxy->clear(); +$proxy->clientflags("-sess_in ".$session); +$proxy->filter(\&modify_psk_filter); +$proxy->serverflags("-curves P-256"); +$proxy->ciphersuitesc("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384"); +$proxy->ciphersuitess("TLS_AES_256_GCM_SHA384"); +#We force an early failure because TLS Proxy doesn't actually support +#TLS_AES_256_GCM_SHA384. That doesn't matter for this test though. +$testtype = ILLEGAL_EXT_SECOND_CH; +$proxy->start(); +#Check if the PSK is present in the second ClientHello +$ch2 = ${$proxy->message_list}[2]; +$ch2seen = defined $ch2 && $ch2->mt() == TLSProxy::Message::MT_CLIENT_HELLO; +$pskseen = $ch2seen + && defined ${$ch2->extension_data}{TLSProxy::Message::EXT_PSK}; +ok($ch2seen && !$pskseen, "PSK hash does not match"); + +#Test 5: Attempt a resume without a sig agls extension. Should succeed because +# sig algs is not needed in a resumption. +$proxy->clear(); +$proxy->clientflags("-sess_in ".$session); +$proxy->filter(\&remove_sig_algs_filter); +$proxy->start(); +ok(TLSProxy::Message->success(), "Remove sig algs"); + +unlink $session; + +sub modify_psk_filter +{ + my $proxy = shift; + my $flight; + my $message; + + if ($testtype == PSK_LAST_FIRST_CH) { + $flight = 0; + } else { + $flight = 2; + } + + # Only look at the first or second ClientHello + return if $proxy->flight != $flight; + + if ($testtype == PSK_LAST_FIRST_CH) { + $message = ${$proxy->message_list}[0]; + } else { + $message = ${$proxy->message_list}[2]; + } + + return if (!defined $message + || $message->mt != TLSProxy::Message::MT_CLIENT_HELLO); + + if ($testtype == PSK_LAST_FIRST_CH) { + $message->set_extension(TLSProxy::Message::EXT_FORCE_LAST, ""); + } else { + #Deliberately break the connection + $message->set_extension(TLSProxy::Message::EXT_SUPPORTED_GROUPS, ""); + } + $message->repack(); +} + +sub remove_sig_algs_filter +{ + my $proxy = shift; + my $message; + + # Only look at the first ClientHello + return if $proxy->flight != 0; + + $message = ${$proxy->message_list}[0]; + $message->delete_extension(TLSProxy::Message::EXT_SIG_ALGS); + $message->repack(); +} diff --git a/deps/openssl/openssl/test/recipes/70-test_tlsextms.t b/deps/openssl/openssl/test/recipes/70-test_tlsextms.t index d39acf4242875c..547a2fca2e2a14 100644 --- a/deps/openssl/openssl/test/recipes/70-test_tlsextms.t +++ b/deps/openssl/openssl/test/recipes/70-test_tlsextms.t @@ -24,8 +24,8 @@ plan skip_all => "$test_name needs the dynamic engine feature enabled" plan skip_all => "$test_name needs the sock feature enabled" if disabled("sock"); -plan skip_all => "$test_name needs TLS enabled" - if alldisabled(available_protocols("tls")); +plan skip_all => "$test_name needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled" + if disabled("tls1") && disabled("tls1_1") && disabled("tls1_2"); $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; @@ -46,14 +46,19 @@ my $proxy = TLSProxy::Proxy->new( (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) ); +#Note that EXTMS is only relevant for clientflags("-no_tls1_3"); $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; -plan tests => 9; +my $numtests = 9; +$numtests++ if (!disabled("tls1_3")); +plan tests => $numtests; checkmessages(1, "Default extended master secret test", 1, 1, 1); #Test 2: If client omits extended master secret extension, server should too. @@ -62,6 +67,7 @@ checkmessages(1, "Default extended master secret test", 1, 1, 1); clearall(); setrmextms(1, 0); +$proxy->clientflags("-no_tls1_3"); $proxy->start(); checkmessages(2, "No client extension extended master secret test", 0, 0, 1); @@ -69,7 +75,7 @@ checkmessages(2, "No client extension extended master secret test", 0, 0, 1); # Expected result: same as test 1. clearall(); -$proxy->clientflags("-no_ticket"); +$proxy->clientflags("-no_ticket -no_tls1_3"); setrmextms(0, 0); $proxy->start(); checkmessages(3, "No ticket extended master secret test", 1, 1, 1); @@ -78,10 +84,10 @@ checkmessages(3, "No ticket extended master secret test", 1, 1, 1); # Expected result: same as test 2. clearall(); -$proxy->clientflags("-no_ticket"); +$proxy->clientflags("-no_ticket -no_tls1_3"); setrmextms(1, 0); $proxy->start(); -checkmessages(2, "No ticket, no client extension extended master secret test", 0, 0, 1); +checkmessages(4, "No ticket, no client extension extended master secret test", 0, 0, 1); #Test 5: Session resumption extended master secret test # @@ -92,10 +98,10 @@ clearall(); setrmextms(0, 0); (undef, my $session) = tempfile(); $proxy->serverconnects(2); -$proxy->clientflags("-sess_out ".$session); +$proxy->clientflags("-no_tls1_3 -sess_out ".$session); $proxy->start(); $proxy->clearClient(); -$proxy->clientflags("-sess_in ".$session); +$proxy->clientflags("-no_tls1_3 -sess_in ".$session); $proxy->clientstart(); checkmessages(5, "Session resumption extended master secret test", 1, 1, 0); unlink $session; @@ -109,10 +115,10 @@ clearall(); setrmextms(1, 0); (undef, $session) = tempfile(); $proxy->serverconnects(2); -$proxy->clientflags("-sess_out ".$session); +$proxy->clientflags("-no_tls1_3 -sess_out ".$session); $proxy->start(); $proxy->clearClient(); -$proxy->clientflags("-sess_in ".$session); +$proxy->clientflags("-no_tls1_3 -sess_in ".$session); setrmextms(0, 0); $proxy->clientstart(); checkmessages(6, "Session resumption extended master secret test", 1, 1, 1); @@ -126,10 +132,10 @@ clearall(); setrmextms(0, 0); (undef, $session) = tempfile(); $proxy->serverconnects(2); -$proxy->clientflags("-sess_out ".$session); +$proxy->clientflags("-no_tls1_3 -sess_out ".$session); $proxy->start(); $proxy->clearClient(); -$proxy->clientflags("-sess_in ".$session); +$proxy->clientflags("-no_tls1_3 -sess_in ".$session); setrmextms(1, 0); $proxy->clientstart(); ok(TLSProxy::Message->fail(), "Client inconsistent session resumption"); @@ -143,10 +149,10 @@ clearall(); setrmextms(0, 0); (undef, $session) = tempfile(); $proxy->serverconnects(2); -$proxy->clientflags("-sess_out ".$session); +$proxy->clientflags("-no_tls1_3 -sess_out ".$session); $proxy->start(); $proxy->clearClient(); -$proxy->clientflags("-sess_in ".$session); +$proxy->clientflags("-no_tls1_3 -sess_in ".$session); setrmextms(0, 1); $proxy->clientstart(); ok(TLSProxy::Message->fail(), "Server inconsistent session resumption 1"); @@ -160,15 +166,27 @@ clearall(); setrmextms(0, 1); (undef, $session) = tempfile(); $proxy->serverconnects(2); -$proxy->clientflags("-sess_out ".$session); +$proxy->clientflags("-no_tls1_3 -sess_out ".$session); $proxy->start(); $proxy->clearClient(); -$proxy->clientflags("-sess_in ".$session); +$proxy->clientflags("-no_tls1_3 -sess_in ".$session); setrmextms(0, 0); $proxy->clientstart(); ok(TLSProxy::Message->fail(), "Server inconsistent session resumption 2"); unlink $session; +#Test 10: In TLS1.3 we should not negotiate extended master secret +#Expected result: ClientHello extension seen; ServerHello extension not seen +# TLS1.3 handshake (will appear as abbreviated handshake +# because of no CKE message) +if (!disabled("tls1_3")) { + clearall(); + setrmextms(0, 0); + $proxy->start(); + checkmessages(10, "TLS1.3 extended master secret test", 1, 0, 0); +} + + sub extms_filter { my $proxy = shift; diff --git a/deps/openssl/openssl/test/recipes/70-test_wpacket.t b/deps/openssl/openssl/test/recipes/70-test_wpacket.t new file mode 100644 index 00000000000000..6d50b9f8096f62 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/70-test_wpacket.t @@ -0,0 +1,20 @@ +#! /usr/bin/env perl +# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test; +use OpenSSL::Test::Utils; + +setup("test_wpacket"); + +plan skip_all => "Test disabled in this configuration" + if $^O eq 'MSWin32' && !disabled("shared"); + +plan tests => 1; + +ok(run(test(["wpackettest"]))); diff --git a/deps/openssl/openssl/test/recipes/80-test_ca.t b/deps/openssl/openssl/test/recipes/80-test_ca.t index 28a090ea7dd9bd..557777e191aa2c 100644 --- a/deps/openssl/openssl/test/recipes/80-test_ca.t +++ b/deps/openssl/openssl/test/recipes/80-test_ca.t @@ -13,6 +13,7 @@ use warnings; use POSIX; use File::Path 2.00 qw/rmtree/; use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file/; +use OpenSSL::Test::Utils; setup("test_ca"); @@ -22,25 +23,32 @@ my $std_openssl_cnf = rmtree("demoCA", { safe => 0 }); -plan tests => 4; +plan tests => 5; SKIP: { $ENV{OPENSSL_CONFIG} = '-config "'.srctop_file("test", "CAss.cnf").'"'; - skip "failed creating CA structure", 3 + skip "failed creating CA structure", 4 if !ok(run(perlapp(["CA.pl","-newca"], stdin => undef)), 'creating CA structure'); $ENV{OPENSSL_CONFIG} = '-config "'.srctop_file("test", "Uss.cnf").'"'; - skip "failed creating new certificate request", 2 + skip "failed creating new certificate request", 3 if !ok(run(perlapp(["CA.pl","-newreq"])), 'creating certificate request'); - $ENV{OPENSSL_CONFIG} = '-config "'.$std_openssl_cnf.'"'; - skip "failed to sign certificate request", 1 + $ENV{OPENSSL_CONFIG} = '-rand_serial -config "'.$std_openssl_cnf.'"'; + skip "failed to sign certificate request", 2 if !is(yes(cmdstr(perlapp(["CA.pl", "-sign"]))), 0, 'signing certificate request'); ok(run(perlapp(["CA.pl", "-verify", "newcert.pem"])), 'verifying new certificate'); + + skip "CT not configured, can't use -precert", 1 + if disabled("ct"); + + $ENV{OPENSSL_CONFIG} = '-config "'.srctop_file("test", "Uss.cnf").'"'; + ok(run(perlapp(["CA.pl", "-precert"], stderr => undef)), + 'creating new pre-certificate'); } diff --git a/deps/openssl/openssl/test/recipes/80-test_cipherbytes.t b/deps/openssl/openssl/test/recipes/80-test_cipherbytes.t new file mode 100644 index 00000000000000..27d627ea8fada2 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/80-test_cipherbytes.t @@ -0,0 +1,26 @@ +#! /usr/bin/perl +# +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use OpenSSL::Test::Simple; +use OpenSSL::Test; +use OpenSSL::Test::Utils qw(alldisabled available_protocols); + +setup("test_cipherbytes"); + +my $no_anytls = alldisabled(available_protocols("tls")); + +# If we have no protocols, then we also have no supported ciphers. +plan skip_all => "No SSL/TLS protocol is supported by this OpenSSL build." + if $no_anytls; + +simple_test("test_cipherbytes", "cipherbytes_test", "bytes_to_cipherlist"); diff --git a/deps/openssl/openssl/test/recipes/80-test_ciphername.t b/deps/openssl/openssl/test/recipes/80-test_ciphername.t new file mode 100644 index 00000000000000..33c3d6ee7b7f65 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/80-test_ciphername.t @@ -0,0 +1,27 @@ +#! /usr/bin/perl +# +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017 BaishanCloud. All rights reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use OpenSSL::Test::Simple; +use OpenSSL::Test; +use OpenSSL::Test::Utils qw(alldisabled available_protocols); + +setup("test_ciphername"); + +my $no_anytls = alldisabled(available_protocols("tls")); + +# If we have no protocols, then we also have no supported ciphers. +plan skip_all => "No SSL/TLS protocol is supported by this OpenSSL build." + if $no_anytls; + +simple_test("test_ciphername", "ciphername_test"); diff --git a/deps/openssl/openssl/test/recipes/80-test_cmsapi.t b/deps/openssl/openssl/test/recipes/80-test_cmsapi.t new file mode 100644 index 00000000000000..990f8a72bbe2e0 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/80-test_cmsapi.t @@ -0,0 +1,21 @@ +#! /usr/bin/env perl +# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Utils; +use OpenSSL::Test qw/:DEFAULT srctop_file/; + +setup("test_cmsapi"); + +plan skip_all => "CMS is disabled in this build" if disabled("cms"); + +plan tests => 1; + +ok(run(test(["cmsapitest", srctop_file("test", "certs", "servercert.pem"), + srctop_file("test", "certs", "serverkey.pem")])), + "running cmsapitest"); diff --git a/deps/openssl/openssl/test/recipes/80-test_dtls_mtu.t b/deps/openssl/openssl/test/recipes/80-test_dtls_mtu.t new file mode 100644 index 00000000000000..86d7de07556dd4 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/80-test_dtls_mtu.t @@ -0,0 +1,21 @@ +#! /usr/bin/env perl +# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test; +use OpenSSL::Test::Utils; + +my $test_name = "test_dtls_mtu"; +setup($test_name); + +plan skip_all => "$test_name needs DTLS and PSK support enabled" + if disabled("dtls1_2") || disabled("psk"); + +plan tests => 1; + +ok(run(test(["dtls_mtu_test"])), "running dtls_mtu_test"); diff --git a/deps/openssl/openssl/test/recipes/80-test_ssl_new.t b/deps/openssl/openssl/test/recipes/80-test_ssl_new.t index 287defe5c78056..db2271c388dd84 100644 --- a/deps/openssl/openssl/test/recipes/80-test_ssl_new.t +++ b/deps/openssl/openssl/test/recipes/80-test_ssl_new.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -28,20 +28,26 @@ map { s/\^// } @conf_files if $^O eq "VMS"; # We hard-code the number of tests to double-check that the globbing above # finds all files as expected. -plan tests => 19; # = scalar @conf_srcs +plan tests => 28; # = scalar @conf_srcs # Some test results depend on the configuration of enabled protocols. We only # verify generated sources in the default configuration. my $is_default_tls = (disabled("ssl3") && !disabled("tls1") && - !disabled("tls1_1") && !disabled("tls1_2")); + !disabled("tls1_1") && !disabled("tls1_2") && + !disabled("tls1_3")); my $is_default_dtls = (!disabled("dtls1") && !disabled("dtls1_2")); +my @all_pre_tls1_3 = ("ssl3", "tls1", "tls1_1", "tls1_2"); my $no_tls = alldisabled(available_protocols("tls")); +my $no_tls_below1_3 = $no_tls || (disabled("tls1_2") && !disabled("tls1_3")); +my $no_pre_tls1_3 = alldisabled(@all_pre_tls1_3); my $no_dtls = alldisabled(available_protocols("dtls")); my $no_npn = disabled("nextprotoneg"); my $no_ct = disabled("ct"); my $no_ec = disabled("ec"); +my $no_dh = disabled("dh"); +my $no_dsa = disabled("dsa"); my $no_ec2m = disabled("ec2m"); my $no_ocsp = disabled("ocsp"); @@ -49,33 +55,53 @@ my $no_ocsp = disabled("ocsp"); # expectations dynamically based on the OpenSSL compile-time config. my %conf_dependent_tests = ( "02-protocol-version.conf" => !$is_default_tls, - "04-client_auth.conf" => !$is_default_tls, - "07-dtls-protocol-version.conf" => !$is_default_dtls, + "04-client_auth.conf" => !$is_default_tls || !$is_default_dtls + || !disabled("sctp"), + "05-sni.conf" => disabled("tls1_1"), + "07-dtls-protocol-version.conf" => !$is_default_dtls || !disabled("sctp"), "10-resumption.conf" => !$is_default_tls, - "11-dtls_resumption.conf" => !$is_default_dtls, + "11-dtls_resumption.conf" => !$is_default_dtls || !disabled("sctp"), + "16-dtls-certstatus.conf" => !$is_default_dtls || !disabled("sctp"), "17-renegotiate.conf" => disabled("tls1_2"), - "18-dtls-renegotiate.conf" => disabled("dtls1_2"), + "18-dtls-renegotiate.conf" => disabled("dtls1_2") || !disabled("sctp"), + "19-mac-then-encrypt.conf" => !$is_default_tls, + "20-cert-select.conf" => !$is_default_tls || $no_dh || $no_dsa, + "22-compression.conf" => !$is_default_tls, + "25-cipher.conf" => disabled("poly1305") || disabled("chacha"), + "27-ticket-appdata.conf" => !$is_default_tls, + "28-seclevel.conf" => disabled("tls1_2") || $no_ec, ); # Add your test here if it should be skipped for some compile-time # configurations. Default is $no_tls but some tests have different skip # conditions. my %skip = ( + "06-sni-ticket.conf" => $no_tls_below1_3, "07-dtls-protocol-version.conf" => $no_dtls, - "08-npn.conf" => $no_tls || $no_npn, + "08-npn.conf" => (disabled("tls1") && disabled("tls1_1") + && disabled("tls1_2")) || $no_npn, "10-resumption.conf" => disabled("tls1_1") || disabled("tls1_2"), "11-dtls_resumption.conf" => disabled("dtls1") || disabled("dtls1_2"), "12-ct.conf" => $no_tls || $no_ct || $no_ec, # We could run some of these tests without TLS 1.2 if we had a per-test # disable instruction but that's a bizarre configuration not worth # special-casing for. - # We should review this once we have TLS 1.3. + # TODO(TLS 1.3): We should review this once we have TLS 1.3. "13-fragmentation.conf" => disabled("tls1_2"), "14-curves.conf" => disabled("tls1_2") || $no_ec || $no_ec2m, "15-certstatus.conf" => $no_tls || $no_ocsp, "16-dtls-certstatus.conf" => $no_dtls || $no_ocsp, + "17-renegotiate.conf" => $no_tls_below1_3, "18-dtls-renegotiate.conf" => $no_dtls, - "19-mac-then-encrypt.conf" => disabled("tls1_2"), + "19-mac-then-encrypt.conf" => $no_pre_tls1_3, + "20-cert-select.conf" => disabled("tls1_2") || $no_ec, + "21-key-update.conf" => disabled("tls1_3"), + "22-compression.conf" => disabled("zlib") || $no_tls, + "23-srp.conf" => (disabled("tls1") && disabled ("tls1_1") + && disabled("tls1_2")) || disabled("srp"), + "24-padding.conf" => disabled("tls1_3"), + "25-cipher.conf" => disabled("ec") || disabled("tls1_2"), + "26-tls13_client_auth.conf" => disabled("tls1_3"), ); foreach my $conf (@conf_files) { diff --git a/deps/openssl/openssl/test/recipes/80-test_ssl_old.t b/deps/openssl/openssl/test/recipes/80-test_ssl_old.t index 6468bd65716637..377bf090baae6b 100644 --- a/deps/openssl/openssl/test/recipes/80-test_ssl_old.t +++ b/deps/openssl/openssl/test/recipes/80-test_ssl_old.t @@ -20,11 +20,11 @@ setup("test_ssl"); $ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); -my ($no_rsa, $no_dsa, $no_dh, $no_ec, $no_srp, $no_psk, - $no_ssl3, $no_tls1, $no_tls1_1, $no_tls1_2, +my ($no_rsa, $no_dsa, $no_dh, $no_ec, $no_psk, + $no_ssl3, $no_tls1, $no_tls1_1, $no_tls1_2, $no_tls1_3, $no_dtls, $no_dtls1, $no_dtls1_2, $no_ct) = - anydisabled qw/rsa dsa dh ec srp psk - ssl3 tls1 tls1_1 tls1_2 + anydisabled qw/rsa dsa dh ec psk + ssl3 tls1 tls1_1 tls1_2 tls1_3 dtls dtls1 dtls1_2 ct/; my $no_anytls = alldisabled(available_protocols("tls")); my $no_anydtls = alldisabled(available_protocols("dtls")); @@ -79,7 +79,7 @@ my $client_sess="client.ss"; # new format in ssl_test.c and add recipes to 80-test_ssl_new.t instead. plan tests => 1 # For testss - +6 # For the first testssl + +5 # For the first testssl ; subtest 'test_ss' => sub { @@ -101,7 +101,7 @@ testssl("keyU.ss", $Ucert, $CAcert); # subtest functions sub testss { open RND, ">>", ".rnd"; - print RND "string to make the random number generator think it has entropy"; + print RND "string to make the random number generator think it has randomness"; close RND; my @req_dsa = ("-newkey", @@ -331,7 +331,7 @@ sub testssl { subtest 'standard SSL tests' => sub { ###################################################################### - plan tests => 21; + plan tests => 13; SKIP: { skip "SSLv3 is not supported by this OpenSSL build", 4 @@ -355,34 +355,6 @@ sub testssl { 'test sslv2/sslv3 via BIO pair'); } - SKIP: { - skip "DTLSv1 is not supported by this OpenSSL build", 4 - if disabled("dtls1"); - - ok(run(test([@ssltest, "-dtls1"])), - 'test dtlsv1'); - ok(run(test([@ssltest, "-dtls1", "-server_auth", @CA])), - 'test dtlsv1 with server authentication'); - ok(run(test([@ssltest, "-dtls1", "-client_auth", @CA])), - 'test dtlsv1 with client authentication'); - ok(run(test([@ssltest, "-dtls1", "-server_auth", "-client_auth", @CA])), - 'test dtlsv1 with both server and client authentication'); - } - - SKIP: { - skip "DTLSv1.2 is not supported by this OpenSSL build", 4 - if disabled("dtls1_2"); - - ok(run(test([@ssltest, "-dtls12"])), - 'test dtlsv1.2'); - ok(run(test([@ssltest, "-dtls12", "-server_auth", @CA])), - 'test dtlsv1.2 with server authentication'); - ok(run(test([@ssltest, "-dtls12", "-client_auth", @CA])), - 'test dtlsv1.2 with client authentication'); - ok(run(test([@ssltest, "-dtls12", "-server_auth", "-client_auth", @CA])), - 'test dtlsv1.2 with both server and client authentication'); - } - SKIP: { skip "Neither SSLv3 nor any TLS version are supported by this OpenSSL build", 8 if $no_anytls; @@ -426,68 +398,79 @@ sub testssl { my @exkeys = (); my $ciphers = "-PSK:-SRP"; - if ($no_dh) { - note "skipping DHE tests\n"; - $ciphers .= ":-kDHE"; - } - if ($no_dsa) { - note "skipping DSA tests\n"; - $ciphers .= ":-aDSA"; - } else { + if (!$no_dsa) { push @exkeys, "-s_cert", "certD.ss", "-s_key", "keyD.ss"; } - if ($no_ec) { - note "skipping EC tests\n"; - $ciphers .= ":!aECDSA:!kECDH"; - } else { + if (!$no_ec) { push @exkeys, "-s_cert", "certE.ss", "-s_key", "keyE.ss"; } my @protocols = (); # We only use the flags that ssltest_old understands + push @protocols, "-tls1_3" unless $no_tls1_3; push @protocols, "-tls1_2" unless $no_tls1_2; push @protocols, "-tls1" unless $no_tls1; push @protocols, "-ssl3" unless $no_ssl3; my $protocolciphersuitecount = 0; my %ciphersuites = (); + my %ciphersstatus = (); foreach my $protocol (@protocols) { - $ciphersuites{$protocol} = - [ map { s|\R||; split(/:/, $_) } - run(app(["openssl", "ciphers", "-s", $protocol, - "ALL:$ciphers"]), capture => 1) ]; - $protocolciphersuitecount += scalar @{$ciphersuites{$protocol}}; + my $ciphersstatus = undef; + my @ciphers = run(app(["openssl", "ciphers", "-s", $protocol, + "ALL:$ciphers"]), + capture => 1, statusvar => \$ciphersstatus); + $ciphersstatus{$protocol} = $ciphersstatus; + if ($ciphersstatus) { + $ciphersuites{$protocol} = [ map { s|\R||; split(/:/, $_) } + @ciphers ]; + $protocolciphersuitecount += scalar @{$ciphersuites{$protocol}}; + } } plan skip_all => "None of the ciphersuites to test are available in this OpenSSL build" if $protocolciphersuitecount + scalar(keys %ciphersuites) == 0; - # The count of protocols is because in addition to the ciphersuits - # we got above, we're running a weak DH test for each protocol - plan tests => $protocolciphersuitecount + scalar(keys %ciphersuites); + # The count of protocols is because in addition to the ciphersuites + # we got above, we're running a weak DH test for each protocol (except + # TLSv1.3) + my $testcount = scalar(@protocols) + $protocolciphersuitecount + + scalar(keys %ciphersuites); + $testcount-- unless $no_tls1_3; + plan tests => $testcount; + + foreach my $protocol (@protocols) { + ok($ciphersstatus{$protocol}, "Getting ciphers for $protocol"); + } - foreach my $protocol (sort keys %ciphersuites) { - note "Testing ciphersuites for $protocol"; - # ssltest_old doesn't know -tls1_2, but that's fine, since that's - # the default choice if TLSv1.2 enabled - my $flag = $protocol eq "-tls1_2" ? "" : $protocol; - foreach my $cipher (@{$ciphersuites{$protocol}}) { + foreach my $protocol (sort keys %ciphersuites) { + note "Testing ciphersuites for $protocol"; + # ssltest_old doesn't know -tls1_3, but that's fine, since that's + # the default choice if TLSv1.3 enabled + my $flag = $protocol eq "-tls1_3" ? "" : $protocol; + my $ciphersuites = ""; + foreach my $cipher (@{$ciphersuites{$protocol}}) { if ($protocol eq "-ssl3" && $cipher =~ /ECDH/ ) { note "*****SKIPPING $protocol $cipher"; ok(1); } else { + if ($protocol eq "-tls1_3") { + $ciphersuites = $cipher; + $cipher = ""; + } ok(run(test([@ssltest, @exkeys, "-cipher", $cipher, - $flag || ()])), + "-ciphersuites", $ciphersuites, $flag || ()])), "Testing $cipher"); - } - } + } + } + next if $protocol eq "-tls1_3"; is(run(test([@ssltest, "-s_cipher", "EDH", "-c_cipher", 'EDH:@SECLEVEL=1', "-dhe512", - $protocol eq "SSLv3" ? ("-ssl3") : ()])), 0, + $protocol])), 0, "testing connection with weak DH, expecting failure"); - } + } }; subtest 'RSA/(EC)DHE/PSK tests' => sub { @@ -566,28 +549,6 @@ sub testssl { ok(run(test([@ssltest, "-bio_pair", "-tls1", "-custom_ext", "-serverinfo_file", $serverinfo, "-serverinfo_sct", "-serverinfo_tack"]))); } }; - - subtest 'SRP tests' => sub { - - plan tests => 4; - - SKIP: { - skip "skipping SRP tests", 4 - if $no_srp || alldisabled(grep !/^ssl3/, available_protocols("tls")); - - ok(run(test([@ssltest, "-tls1", "-cipher", "SRP", "-srpuser", "test", "-srppass", "abc123"])), - 'test tls1 with SRP'); - - ok(run(test([@ssltest, "-bio_pair", "-tls1", "-cipher", "SRP", "-srpuser", "test", "-srppass", "abc123"])), - 'test tls1 with SRP via BIO pair'); - - ok(run(test([@ssltest, "-tls1", "-cipher", "aSRP", "-srpuser", "test", "-srppass", "abc123"])), - 'test tls1 with SRP auth'); - - ok(run(test([@ssltest, "-bio_pair", "-tls1", "-cipher", "aSRP", "-srpuser", "test", "-srppass", "abc123"])), - 'test tls1 with SRP auth via BIO pair'); - } - }; } unlink $CAkey; diff --git a/deps/openssl/openssl/test/recipes/05-test_md5.t b/deps/openssl/openssl/test/recipes/90-test_asn1_time.t similarity index 73% rename from deps/openssl/openssl/test/recipes/05-test_md5.t rename to deps/openssl/openssl/test/recipes/90-test_asn1_time.t index 3af4d5504bfaf4..d685eea6258eb3 100644 --- a/deps/openssl/openssl/test/recipes/05-test_md5.t +++ b/deps/openssl/openssl/test/recipes/90-test_asn1_time.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -9,4 +9,4 @@ use OpenSSL::Test::Simple; -simple_test("test_md5", "md5test", "md5"); +simple_test("test_asn1_time", "asn1_time_test"); diff --git a/deps/openssl/openssl/test/recipes/90-test_gost.t b/deps/openssl/openssl/test/recipes/90-test_gost.t new file mode 100644 index 00000000000000..c7bbb4edd8d421 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/90-test_gost.t @@ -0,0 +1,41 @@ +#! /usr/bin/env perl +# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use OpenSSL::Test::Utils; +use OpenSSL::Test qw/:DEFAULT srctop_file/; + +setup("test_gost"); + +# The GOST ciphers are dynamically loaded via the GOST engine, so we must be +# able to support that. The engine also uses DSA and CMS symbols, so we skip +# this test on no-dsa or no-cms. +plan skip_all => "GOST support is disabled in this OpenSSL build" + if disabled("gost") || disabled("engine") || disabled("dynamic-engine") + || disabled("dsa") || disabled("cms"); + +plan skip_all => "TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build" + if disabled("tls1_3") || disabled("tls1_2"); + +plan skip_all => "No test GOST engine found" + if !$ENV{OPENSSL_GOST_ENGINE_SO}; + +plan tests => 1; + +$ENV{OPENSSL_CONF} = srctop_file("test", "recipes", "90-test_gost_data", + "gost.conf"); + +ok(run(test(["gosttest", + srctop_file("test", "recipes", "90-test_gost_data", + "server-cert2001.pem"), + srctop_file("test", "recipes", "90-test_gost_data", + "server-key2001.pem"), + srctop_file("test", "recipes", "90-test_gost_data", + "server-cert2012.pem"), + srctop_file("test", "recipes", "90-test_gost_data", + "server-key2012.pem")])), + "running gosttest"); diff --git a/deps/openssl/openssl/test/recipes/90-test_gost_data/gost.conf b/deps/openssl/openssl/test/recipes/90-test_gost_data/gost.conf new file mode 100644 index 00000000000000..0408f1df942c1d --- /dev/null +++ b/deps/openssl/openssl/test/recipes/90-test_gost_data/gost.conf @@ -0,0 +1,12 @@ +openssl_conf = openssl_def +[openssl_def] +engines = engine_section + +[engine_section] +gost = gost_section + +[gost_section] +engine_id = gost +dynamic_path = $ENV::OPENSSL_GOST_ENGINE_SO +default_algorithms = ALL +CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet diff --git a/deps/openssl/openssl/test/recipes/90-test_gost_data/server-cert2001.pem b/deps/openssl/openssl/test/recipes/90-test_gost_data/server-cert2001.pem new file mode 100644 index 00000000000000..e287821f8223bb --- /dev/null +++ b/deps/openssl/openssl/test/recipes/90-test_gost_data/server-cert2001.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB4jCCAY+gAwIBAgIUNKO10+LkPoYGkOqNJ2wv1YI8RpQwCgYGKoUDAgIDBQAw +RTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGElu +dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0xODA3MTMxNTAzMDFaFw0yODA3MTAx +NTAzMDFaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYD +VQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwYzAcBgYqhQMCAhMwEgYHKoUD +AgIjAQYHKoUDAgIeAQNDAARAyDUhXsZP1JSLkvZ3xaU4aHXxAGKDwpawJ89+3B+N +lD7FS48QUIeoQrv9hn1B/kVuVxJwU4CeZRQohLvc5IkzJ6NTMFEwHQYDVR0OBBYE +FEz6BbScOOWYqklNGMTbyikZG/cRMB8GA1UdIwQYMBaAFEz6BbScOOWYqklNGMTb +yikZG/cRMA8GA1UdEwEB/wQFMAMBAf8wCgYGKoUDAgIDBQADQQAbkdWo441FqSbB +13JTW498NOzHZn69wnjYsOmMHLCdEHBTHVCa/g1wHPc4CyYk4UfMRWz5awzb6zNB +TncjMl2a +-----END CERTIFICATE----- diff --git a/deps/openssl/openssl/test/recipes/90-test_gost_data/server-cert2012.pem b/deps/openssl/openssl/test/recipes/90-test_gost_data/server-cert2012.pem new file mode 100644 index 00000000000000..85d13c6388fad0 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/90-test_gost_data/server-cert2012.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB6TCCAZSgAwIBAgIUVF/ajykAyHqQm1n6K1JdMFX/O6owDAYIKoUDBwEBAwIF +ADBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwY +SW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMB4XDTE4MDcxMzE0MzcxNVoXDTI4MDcx +MDE0MzcxNVowRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAf +BgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDBmMB8GCCqFAwcBAQEBMBMG +ByqFAwICIwEGCCqFAwcBAQICA0MABEDIj2JgFybRexBIdkG7bI//Z8woXbpC/hpg +62qflBE/dHnWVnbzpJUVeSd5sAkP7Ta0qrrs5YdW4MBIM/VPbDVOo1MwUTAdBgNV +HQ4EFgQUFZtRh6plQ3nHf1A+7ayjYw9B1X0wHwYDVR0jBBgwFoAUFZtRh6plQ3nH +f1A+7ayjYw9B1X0wDwYDVR0TAQH/BAUwAwEB/zAMBggqhQMHAQEDAgUAA0EAMttA +fMPa3YFO9db/xIS9wMB7ntbtibeZEJlngaPu5gvfdNmCY0uzjY2c3yPr9dDq84j7 +gSqY1VwVBLuKrpLC+w== +-----END CERTIFICATE----- diff --git a/deps/openssl/openssl/test/recipes/90-test_gost_data/server-key2001.pem b/deps/openssl/openssl/test/recipes/90-test_gost_data/server-key2001.pem new file mode 100644 index 00000000000000..92a59d8e686dec --- /dev/null +++ b/deps/openssl/openssl/test/recipes/90-test_gost_data/server-key2001.pem @@ -0,0 +1,4 @@ +-----BEGIN PRIVATE KEY----- +MEMCAQAwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEEIJgoLqJR/05zND0f +8Wnma1MFMxE7ezisZhkS/DL4DXb6 +-----END PRIVATE KEY----- diff --git a/deps/openssl/openssl/test/recipes/90-test_gost_data/server-key2012.pem b/deps/openssl/openssl/test/recipes/90-test_gost_data/server-key2012.pem new file mode 100644 index 00000000000000..e932f0dd77acfe --- /dev/null +++ b/deps/openssl/openssl/test/recipes/90-test_gost_data/server-key2012.pem @@ -0,0 +1,4 @@ +-----BEGIN PRIVATE KEY----- +MEYCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIjAQYIKoUDBwEBAgIEILemtIak5CeX +Jd75HfVqAMi1MfhxW7kGvGDj8l1/nF45 +-----END PRIVATE KEY----- diff --git a/deps/openssl/openssl/test/recipes/90-test_heartbeat.t b/deps/openssl/openssl/test/recipes/90-test_heartbeat.t deleted file mode 100644 index 90d6a67b7dd56b..00000000000000 --- a/deps/openssl/openssl/test/recipes/90-test_heartbeat.t +++ /dev/null @@ -1,12 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the OpenSSL license (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -use OpenSSL::Test::Simple; - -simple_test("test_heartbeat", "heartbeat_test", "heartbeats"); diff --git a/deps/openssl/openssl/test/recipes/90-test_includes.t b/deps/openssl/openssl/test/recipes/90-test_includes.t new file mode 100644 index 00000000000000..5169700c4c839b --- /dev/null +++ b/deps/openssl/openssl/test/recipes/90-test_includes.t @@ -0,0 +1,25 @@ +#! /usr/bin/perl + +use strict; +use warnings; +use OpenSSL::Test qw/:DEFAULT data_file/; +use OpenSSL::Test::Utils; + +setup("test_includes"); + +plan skip_all => "test_includes doesn't work without posix-io" + if disabled("posix-io"); + +plan tests => # The number of tests being performed + 3 + + ($^O eq "VMS" ? 2 : 0); + +ok(run(test(["conf_include_test", data_file("includes.cnf")])), "test directory includes"); +ok(run(test(["conf_include_test", data_file("includes-file.cnf")])), "test file includes"); +if ($^O eq "VMS") { + ok(run(test(["conf_include_test", data_file("vms-includes.cnf")])), + "test directory includes, VMS syntax"); + ok(run(test(["conf_include_test", data_file("vms-includes-file.cnf")])), + "test file includes, VMS syntax"); +} +ok(run(test(["conf_include_test", data_file("includes-broken.cnf"), "f"])), "test broken includes"); diff --git a/deps/openssl/openssl/test/recipes/90-test_includes_data/conf-includes/includes1.cnf b/deps/openssl/openssl/test/recipes/90-test_includes_data/conf-includes/includes1.cnf new file mode 100644 index 00000000000000..4c5c48f99a76f6 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/90-test_includes_data/conf-includes/includes1.cnf @@ -0,0 +1,35 @@ +[ default ] +# +# SSLeay example configuration file. +# This is mostly being used for generation of certificate requests. +# + +RANDFILE = ./.rnd + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./demoCA # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +new_certs_dir = $dir/new_certs # default place for new certs. + +certificate = $dir/CAcert.pem # The CA certificate +serial = $dir/serial # The current serial number +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/CAkey.pem# The private key +RANDFILE = $dir/private/.rand # private random number file + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = md5 # which md to use. + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match diff --git a/deps/openssl/openssl/test/recipes/90-test_includes_data/conf-includes/includes2.cnf b/deps/openssl/openssl/test/recipes/90-test_includes_data/conf-includes/includes2.cnf new file mode 100644 index 00000000000000..b95ee183a2cd6a --- /dev/null +++ b/deps/openssl/openssl/test/recipes/90-test_includes_data/conf-includes/includes2.cnf @@ -0,0 +1,53 @@ +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 2048 +default_keyfile = testkey.pem +distinguished_name = req_distinguished_name +encrypt_rsa_key = no + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_value = AU + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Queensland +stateOrProvinceName_value = + +localityName = Locality Name (eg, city) +localityName_value = Brisbane + +organizationName = Organization Name (eg, company) +organizationName_default = +organizationName_value = CryptSoft Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +organizationalUnitName_default = +organizationalUnitName_value = . + +commonName = Common Name (eg, YOUR name) +commonName_value = Eric Young + +emailAddress = Email Address +emailAddress_value = eay@mincom.oz.au diff --git a/deps/openssl/openssl/test/recipes/90-test_includes_data/includes-broken.cnf b/deps/openssl/openssl/test/recipes/90-test_includes_data/includes-broken.cnf new file mode 100644 index 00000000000000..d38e18c5e5d177 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/90-test_includes_data/includes-broken.cnf @@ -0,0 +1,5 @@ +# +# Example configuration file using includes. +# + +.include includes-broken3.cnf diff --git a/deps/openssl/openssl/test/recipes/90-test_includes_data/includes-file.cnf b/deps/openssl/openssl/test/recipes/90-test_includes_data/includes-file.cnf new file mode 100644 index 00000000000000..1737b70d18090c --- /dev/null +++ b/deps/openssl/openssl/test/recipes/90-test_includes_data/includes-file.cnf @@ -0,0 +1,5 @@ +# +# Example configuration file using includes. +# + +.include includes.cnf diff --git a/deps/openssl/openssl/test/recipes/90-test_includes_data/includes.cnf b/deps/openssl/openssl/test/recipes/90-test_includes_data/includes.cnf new file mode 100644 index 00000000000000..345eeb9884a22b --- /dev/null +++ b/deps/openssl/openssl/test/recipes/90-test_includes_data/includes.cnf @@ -0,0 +1,5 @@ +# +# Example configuration file using includes. +# + +.include conf-includes diff --git a/deps/openssl/openssl/test/recipes/90-test_includes_data/vms-includes-file.cnf b/deps/openssl/openssl/test/recipes/90-test_includes_data/vms-includes-file.cnf new file mode 100644 index 00000000000000..f3b72e709a446a --- /dev/null +++ b/deps/openssl/openssl/test/recipes/90-test_includes_data/vms-includes-file.cnf @@ -0,0 +1,5 @@ +# +# Example configuration file using includes. +# + +.include vms-includes.cnf diff --git a/deps/openssl/openssl/test/recipes/90-test_includes_data/vms-includes.cnf b/deps/openssl/openssl/test/recipes/90-test_includes_data/vms-includes.cnf new file mode 100644 index 00000000000000..ed4367bcf00e09 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/90-test_includes_data/vms-includes.cnf @@ -0,0 +1,5 @@ +# +# Example configuration file using includes. +# + +.include [.conf-includes] diff --git a/deps/openssl/openssl/test/recipes/90-test_overhead.t b/deps/openssl/openssl/test/recipes/90-test_overhead.t new file mode 100644 index 00000000000000..a9311bf4987f22 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/90-test_overhead.t @@ -0,0 +1,20 @@ +#! /usr/bin/env perl +# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test; +use OpenSSL::Test::Utils; + +setup("test_overhead"); + +plan skip_all => "Only supported in no-shared builds" + if !disabled("shared"); + +plan tests => 1; + +ok(run(test(["cipher_overhead_test"])), "running cipher_overhead_test"); diff --git a/deps/openssl/openssl/test/recipes/90-test_p5_crpt2.t b/deps/openssl/openssl/test/recipes/90-test_p5_crpt2.t deleted file mode 100644 index 710dc8ba526641..00000000000000 --- a/deps/openssl/openssl/test/recipes/90-test_p5_crpt2.t +++ /dev/null @@ -1,12 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the OpenSSL license (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -use OpenSSL::Test::Simple; - -simple_test("test_p5_crpt2", "p5_crpt2_test"); diff --git a/deps/openssl/openssl/test/recipes/90-test_shlibload.t b/deps/openssl/openssl/test/recipes/90-test_shlibload.t index 78899f674ae0a3..2761d58502ba76 100644 --- a/deps/openssl/openssl/test/recipes/90-test_shlibload.t +++ b/deps/openssl/openssl/test/recipes/90-test_shlibload.t @@ -18,6 +18,7 @@ use lib bldtop_dir('.'); use configdata; plan skip_all => "Test only supported in a shared build" if disabled("shared"); +plan skip_all => "Test is disabled on AIX" if config('target') =~ m|^aix|; plan tests => 4; @@ -45,7 +46,7 @@ sub shlib { $lib = $unified_info{sharednames}->{$lib} . ($target{shlib_variant} || "") . ($target{shared_extension} || ".so"); - $lib =~ s|\.\$\(SHLIB_MAJOR\)\.\$\(SHLIB_MINOR\) + $lib =~ s|\.\$\(SHLIB_VERSION_NUMBER\) |.$config{shlib_version_number}|x; return $lib; } diff --git a/deps/openssl/openssl/test/recipes/90-test_sslapi.t b/deps/openssl/openssl/test/recipes/90-test_sslapi.t index efaae3b78b77ce..633df477364c90 100644 --- a/deps/openssl/openssl/test/recipes/90-test_sslapi.t +++ b/deps/openssl/openssl/test/recipes/90-test_sslapi.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -9,6 +9,7 @@ use OpenSSL::Test::Utils; use OpenSSL::Test qw/:DEFAULT srctop_file/; +use File::Temp qw(tempfile); setup("test_sslapi"); @@ -17,5 +18,12 @@ plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build" plan tests => 1; +(undef, my $tmpfilename) = tempfile(); + ok(run(test(["sslapitest", srctop_file("apps", "server.pem"), - srctop_file("apps", "server.pem")])), "running sslapitest"); + srctop_file("apps", "server.pem"), + srctop_file("test", "recipes", "90-test_sslapi_data", + "passwd.txt"), $tmpfilename])), + "running sslapitest"); + +unlink $tmpfilename; diff --git a/deps/openssl/openssl/test/recipes/90-test_sslapi_data/passwd.txt b/deps/openssl/openssl/test/recipes/90-test_sslapi_data/passwd.txt new file mode 100644 index 00000000000000..b611aed2ad9326 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/90-test_sslapi_data/passwd.txt @@ -0,0 +1 @@ +V 1auIY/NQXwKWVeWaYg.YV0AaU.mpHSsZw8PWfrYT0oMTPYekTqGXu6ElyTN64DmK03V3P2yVRdhN0UBxMBujLnTauROkuEep/vp7S5xhW1VK8zg1gtJslTqOp4l.GTJF9x0WYmS6VNRnj5AVi3mgfVJ3nmzlMJUMm7niQxm5awLZZ8xykox1j6MFRa80y02Ub87A88DwqA5wrIM/Uojx9VBxUhTHC.353aBA/rL4O/179rgIBbhID08RA6uLv7pIJQVl5OjYsRu/XzQsgFFW6Wog7PaB.AATqArzXZieZxs/teOiFKPSgKI.76vvVEMQIifSj3hRuVK/immK.9hBCTHYjAv96MUmitb0ErPYJRl2MeBC8M6aHJ8FaMmak.Qv.bwyiqpEjlX1a9KjdBAKIaAswECjeP6G0Gk5v1g5D7ZmP5JUK7Wp/X9sKuZZYOsDwEGfXNmmJG6Y3TETx105HT2QMJ5ti5QCbrd71VWABmVWpHJc03YLUExw6WtYdUW0YHTbRKVntgVe2hOQD.XPtFPn2SwxbGonq1bwEvdCp22uTb5HFSC3I7amCUTZteVmMgqJAcx.x.2yfliESVvpmG.dnDFkp6vsQxch6Q1dV5rDmR4GGSy8FoPSFXc7NS0kCSs.qsTqLSmHN1XMzwrwYuVbItXBwetwxcIcdi.sFG6OLuwRUGaNOXiMwhlDHyQtVfEm3L/KIjPpzLlYRAJWF9M40FIcNsI6xiMNhvUGNO7LaBHKSV3oHlwUWWUnL7Uo/ePH8lBpGadYPxObXZ1/wOcWdJ1Rb5dB9orSSTSvoNrZyALKO.swl7pP7beYq6bUx8qtBJLaqI2zQzr1tnmJi8azVicuFtsDs363ntCRtd1LLT3CX3EBVXMbEy6xgAKWI2GL3HO6v8k3Gv96UeGFN/w5yAz61mbajDrSeJekUaKgfucV8h9tgHNlTA1kGowd2Yn/EQdVc/qSETddySqNC0mXlPW1tgb2ixV6sWbYrb5TLBUdztdw5L2D62Aal.9IjpTEKc4F/gMjYsazIX6nzpXZtWnYP7dIOpSi4c.48B2RIeDrZVMzUF.9QOF9Dk1fy5Z2X91z8J2I0GuqIWKKfwnx4xA3RbGUds1Cv2XvUA1tP7eqtvs/mTsC8KWApNSpL6K.U.Pt0ee6F76CV.ZcBXTbXl9zJZ0H1peiehzZpbuIPLZPtzIHClRQovjqdrlEUzS5VdSgCfNhEUr3ZOpG3cCKO4Lk25jZuQtoFmyxUuRAIXejLizCd727hO7rHZoD.GGm4HiNaH2jgZaftoFhfSBXvPRGYfcj.ZkiLyurNlumMXTduHImB1ZMkZ1af5dggKaQG4bJe9WbF6KYxmeRwV 1oFJIzMwXA0RFKXCGcSV0nAToL5 test 8192 A test user diff --git a/deps/openssl/openssl/test/recipes/90-test_sslbuffers.t b/deps/openssl/openssl/test/recipes/90-test_sslbuffers.t new file mode 100644 index 00000000000000..934eef90b32465 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/90-test_sslbuffers.t @@ -0,0 +1,21 @@ +#! /usr/bin/env perl +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Utils; +use OpenSSL::Test qw/:DEFAULT srctop_file/; + +setup("test_sslbuffers"); + +plan skip_all => "No suitable TLS/SSL protocol is supported by this OpenSSL build" + if alldisabled(available_protocols("tls")); + +plan tests => 1; + +ok(run(test(["sslbuffertest", srctop_file("apps", "server.pem"), + srctop_file("apps", "server.pem")])), "running sslbuffertest"); diff --git a/deps/openssl/openssl/test/recipes/90-test_store.t b/deps/openssl/openssl/test/recipes/90-test_store.t new file mode 100644 index 00000000000000..888213e4a6828c --- /dev/null +++ b/deps/openssl/openssl/test/recipes/90-test_store.t @@ -0,0 +1,494 @@ +#! /usr/bin/env perl +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use File::Spec::Functions; +use File::Copy; +use MIME::Base64; +use OpenSSL::Test qw(:DEFAULT srctop_file srctop_dir bldtop_file data_file); +use OpenSSL::Test::Utils; + +my $test_name = "test_store"; +setup($test_name); + +my $mingw = config('target') =~ m|^mingw|; + +my @noexist_files = + ( "test/blahdiblah.pem", + "test/blahdibleh.der" ); +my @src_files = + ( "test/testx509.pem", + "test/testrsa.pem", + "test/testrsapub.pem", + "test/testcrl.pem", + "apps/server.pem" ); +my @generated_files = + ( + ### generated from the source files + + "testx509.der", + "testrsa.der", + "testrsapub.der", + "testcrl.der", + + ### generated locally + + "rsa-key-pkcs1.pem", "rsa-key-pkcs1.der", + "rsa-key-pkcs1-aes128.pem", + "rsa-key-pkcs8.pem", "rsa-key-pkcs8.der", + "rsa-key-pkcs8-pbes1-sha1-3des.pem", "rsa-key-pkcs8-pbes1-sha1-3des.der", + "rsa-key-pkcs8-pbes2-sha1.pem", "rsa-key-pkcs8-pbes2-sha1.der", + "rsa-key-sha1-3des-sha1.p12", "rsa-key-sha1-3des-sha256.p12", + "rsa-key-aes256-cbc-sha256.p12", + "rsa-key-md5-des-sha1.p12", + "rsa-key-aes256-cbc-md5-des-sha256.p12", + "rsa-key-pkcs8-pbes2-sha256.pem", "rsa-key-pkcs8-pbes2-sha256.der", + "rsa-key-pkcs8-pbes1-md5-des.pem", "rsa-key-pkcs8-pbes1-md5-des.der", + "dsa-key-pkcs1.pem", "dsa-key-pkcs1.der", + "dsa-key-pkcs1-aes128.pem", + "dsa-key-pkcs8.pem", "dsa-key-pkcs8.der", + "dsa-key-pkcs8-pbes2-sha1.pem", "dsa-key-pkcs8-pbes2-sha1.der", + "dsa-key-aes256-cbc-sha256.p12", + "ec-key-pkcs1.pem", "ec-key-pkcs1.der", + "ec-key-pkcs1-aes128.pem", + "ec-key-pkcs8.pem", "ec-key-pkcs8.der", + "ec-key-pkcs8-pbes2-sha1.pem", "ec-key-pkcs8-pbes2-sha1.der", + "ec-key-aes256-cbc-sha256.p12", + ); +my %generated_file_files = + $^O eq 'linux' + ? ( "test/testx509.pem" => "file:testx509.pem", + "test/testrsa.pem" => "file:testrsa.pem", + "test/testrsapub.pem" => "file:testrsapub.pem", + "test/testcrl.pem" => "file:testcrl.pem", + "apps/server.pem" => "file:server.pem" ) + : (); +my @noexist_file_files = + ( "file:blahdiblah.pem", + "file:test/blahdibleh.der" ); + +my $n = (3 * scalar @noexist_files) + + (6 * scalar @src_files) + + (4 * scalar @generated_files) + + (scalar keys %generated_file_files) + + (scalar @noexist_file_files) + + 3 + + 11; + +plan tests => $n; + +indir "store_$$" => sub { + SKIP: + { + skip "failed initialisation", $n unless init(); + + my $rehash = init_rehash(); + + foreach (@noexist_files) { + my $file = srctop_file($_); + + ok(!run(app(["openssl", "storeutl", "-noout", $file]))); + ok(!run(app(["openssl", "storeutl", "-noout", + to_abs_file($file)]))); + { + local $ENV{MSYS2_ARG_CONV_EXCL} = "file:"; + + ok(!run(app(["openssl", "storeutl", "-noout", + to_abs_file_uri($file)]))); + } + } + foreach (@src_files) { + my $file = srctop_file($_); + + ok(run(app(["openssl", "storeutl", "-noout", $file]))); + ok(run(app(["openssl", "storeutl", "-noout", to_abs_file($file)]))); + SKIP: + { + skip "file: tests disabled on MingW", 4 if $mingw; + + ok(run(app(["openssl", "storeutl", "-noout", + to_abs_file_uri($file)]))); + ok(run(app(["openssl", "storeutl", "-noout", + to_abs_file_uri($file, 0, "")]))); + ok(run(app(["openssl", "storeutl", "-noout", + to_abs_file_uri($file, 0, "localhost")]))); + ok(!run(app(["openssl", "storeutl", "-noout", + to_abs_file_uri($file, 0, "dummy")]))); + } + } + foreach (@generated_files) { + ok(run(app(["openssl", "storeutl", "-noout", "-passin", + "pass:password", $_]))); + ok(run(app(["openssl", "storeutl", "-noout", "-passin", + "pass:password", to_abs_file($_)]))); + + SKIP: + { + skip "file: tests disabled on MingW", 2 if $mingw; + + ok(run(app(["openssl", "storeutl", "-noout", "-passin", + "pass:password", to_abs_file_uri($_)]))); + ok(!run(app(["openssl", "storeutl", "-noout", "-passin", + "pass:password", to_file_uri($_)]))); + } + } + foreach (values %generated_file_files) { + SKIP: + { + skip "file: tests disabled on MingW", 1 if $mingw; + + ok(run(app(["openssl", "storeutl", "-noout", $_]))); + } + } + foreach (@noexist_file_files) { + SKIP: + { + skip "file: tests disabled on MingW", 1 if $mingw; + + ok(!run(app(["openssl", "storeutl", "-noout", $_]))); + } + } + { + my $dir = srctop_dir("test", "certs"); + + ok(run(app(["openssl", "storeutl", "-noout", $dir]))); + ok(run(app(["openssl", "storeutl", "-noout", + to_abs_file($dir, 1)]))); + SKIP: + { + skip "file: tests disabled on MingW", 1 if $mingw; + + ok(run(app(["openssl", "storeutl", "-noout", + to_abs_file_uri($dir, 1)]))); + } + } + + ok(!run(app(['openssl', 'storeutl', '-noout', + '-subject', '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert', + srctop_file('test', 'testx509.pem')])), + "Checking that -subject can't be used with a single file"); + + ok(run(app(['openssl', 'storeutl', '-certs', '-noout', + srctop_file('test', 'testx509.pem')])), + "Checking that -certs returns 1 object on a certificate file"); + ok(run(app(['openssl', 'storeutl', '-certs', '-noout', + srctop_file('test', 'testcrl.pem')])), + "Checking that -certs returns 0 objects on a CRL file"); + + ok(run(app(['openssl', 'storeutl', '-crls', '-noout', + srctop_file('test', 'testx509.pem')])), + "Checking that -crls returns 0 objects on a certificate file"); + ok(run(app(['openssl', 'storeutl', '-crls', '-noout', + srctop_file('test', 'testcrl.pem')])), + "Checking that -crls returns 1 object on a CRL file"); + + SKIP: { + skip "failed rehash initialisation", 6 unless $rehash; + + # subject from testx509.pem: + # '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert' + # issuer from testcrl.pem: + # '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority' + ok(run(app(['openssl', 'storeutl', '-noout', + '-subject', '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert', + catdir(curdir(), 'rehash')]))); + ok(run(app(['openssl', 'storeutl', '-noout', + '-subject', + '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority', + catdir(curdir(), 'rehash')]))); + ok(run(app(['openssl', 'storeutl', '-noout', '-certs', + '-subject', '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert', + catdir(curdir(), 'rehash')]))); + ok(run(app(['openssl', 'storeutl', '-noout', '-crls', + '-subject', '/C=AU/ST=QLD/CN=SSLeay\/rsa test cert', + catdir(curdir(), 'rehash')]))); + ok(run(app(['openssl', 'storeutl', '-noout', '-certs', + '-subject', + '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority', + catdir(curdir(), 'rehash')]))); + ok(run(app(['openssl', 'storeutl', '-noout', '-crls', + '-subject', + '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority', + catdir(curdir(), 'rehash')]))); + } + } +}, create => 1, cleanup => 1; + +sub init { + return ( + # rsa-key-pkcs1.pem + run(app(["openssl", "genrsa", + "-out", "rsa-key-pkcs1.pem", "2432"])) + # dsa-key-pkcs1.pem + && run(app(["openssl", "dsaparam", "-genkey", + "-out", "dsa-key-pkcs1.pem", "1024"])) + # ec-key-pkcs1.pem (one might think that 'genec' would be practical) + && run(app(["openssl", "ecparam", "-genkey", "-name", "prime256v1", + "-out", "ec-key-pkcs1.pem"])) + # rsa-key-pkcs1-aes128.pem + && run(app(["openssl", "rsa", "-passout", "pass:password", "-aes128", + "-in", "rsa-key-pkcs1.pem", + "-out", "rsa-key-pkcs1-aes128.pem"])) + # dsa-key-pkcs1-aes128.pem + && run(app(["openssl", "dsa", "-passout", "pass:password", "-aes128", + "-in", "dsa-key-pkcs1.pem", + "-out", "dsa-key-pkcs1-aes128.pem"])) + # ec-key-pkcs1-aes128.pem + && run(app(["openssl", "ec", "-passout", "pass:password", "-aes128", + "-in", "ec-key-pkcs1.pem", + "-out", "ec-key-pkcs1-aes128.pem"])) + # *-key-pkcs8.pem + && runall(sub { + my $dstfile = shift; + (my $srcfile = $dstfile) + =~ s/-key-pkcs8\.pem$/-key-pkcs1.pem/i; + run(app(["openssl", "pkcs8", "-topk8", "-nocrypt", + "-in", $srcfile, "-out", $dstfile])); + }, grep(/-key-pkcs8\.pem$/, @generated_files)) + # *-key-pkcs8-pbes1-sha1-3des.pem + && runall(sub { + my $dstfile = shift; + (my $srcfile = $dstfile) + =~ s/-key-pkcs8-pbes1-sha1-3des\.pem$ + /-key-pkcs8.pem/ix; + run(app(["openssl", "pkcs8", "-topk8", + "-passout", "pass:password", + "-v1", "pbeWithSHA1And3-KeyTripleDES-CBC", + "-in", $srcfile, "-out", $dstfile])); + }, grep(/-key-pkcs8-pbes1-sha1-3des\.pem$/, @generated_files)) + # *-key-pkcs8-pbes1-md5-des.pem + && runall(sub { + my $dstfile = shift; + (my $srcfile = $dstfile) + =~ s/-key-pkcs8-pbes1-md5-des\.pem$ + /-key-pkcs8.pem/ix; + run(app(["openssl", "pkcs8", "-topk8", + "-passout", "pass:password", + "-v1", "pbeWithSHA1And3-KeyTripleDES-CBC", + "-in", $srcfile, "-out", $dstfile])); + }, grep(/-key-pkcs8-pbes1-md5-des\.pem$/, @generated_files)) + # *-key-pkcs8-pbes2-sha1.pem + && runall(sub { + my $dstfile = shift; + (my $srcfile = $dstfile) + =~ s/-key-pkcs8-pbes2-sha1\.pem$ + /-key-pkcs8.pem/ix; + run(app(["openssl", "pkcs8", "-topk8", + "-passout", "pass:password", + "-v2", "aes256", "-v2prf", "hmacWithSHA1", + "-in", $srcfile, "-out", $dstfile])); + }, grep(/-key-pkcs8-pbes2-sha1\.pem$/, @generated_files)) + # *-key-pkcs8-pbes2-sha1.pem + && runall(sub { + my $dstfile = shift; + (my $srcfile = $dstfile) + =~ s/-key-pkcs8-pbes2-sha256\.pem$ + /-key-pkcs8.pem/ix; + run(app(["openssl", "pkcs8", "-topk8", + "-passout", "pass:password", + "-v2", "aes256", "-v2prf", "hmacWithSHA256", + "-in", $srcfile, "-out", $dstfile])); + }, grep(/-key-pkcs8-pbes2-sha256\.pem$/, @generated_files)) + # *-cert.pem (intermediary for the .p12 inits) + && run(app(["openssl", "req", "-x509", + "-config", data_file("ca.cnf"), "-nodes", + "-out", "cacert.pem", "-keyout", "cakey.pem"])) + && runall(sub { + my $srckey = shift; + (my $dstfile = $srckey) =~ s|-key-pkcs8\.|-cert.|; + (my $csr = $dstfile) =~ s|\.pem|.csr|; + + (run(app(["openssl", "req", "-new", + "-config", data_file("user.cnf"), + "-key", $srckey, "-out", $csr])) + && + run(app(["openssl", "x509", "-days", "3650", + "-CA", "cacert.pem", + "-CAkey", "cakey.pem", + "-set_serial", time(), "-req", + "-in", $csr, "-out", $dstfile]))); + }, grep(/-key-pkcs8\.pem$/, @generated_files)) + # *.p12 + && runall(sub { + my $dstfile = shift; + my ($type, $certpbe_index, $keypbe_index, + $macalg_index) = + $dstfile =~ m{^(.*)-key-(?| + # cert and key PBE are same + () # + ([^-]*-[^-]*)- # key & cert PBE + ([^-]*) # MACalg + | + # cert and key PBE are not same + ([^-]*-[^-]*)- # cert PBE + ([^-]*-[^-]*)- # key PBE + ([^-]*) # MACalg + )\.}x; + if (!$certpbe_index) { + $certpbe_index = $keypbe_index; + } + my $srckey = "$type-key-pkcs8.pem"; + my $srccert = "$type-cert.pem"; + my %pbes = + ( + "sha1-3des" => "pbeWithSHA1And3-KeyTripleDES-CBC", + "md5-des" => "pbeWithMD5AndDES-CBC", + "aes256-cbc" => "AES-256-CBC", + ); + my %macalgs = + ( + "sha1" => "SHA1", + "sha256" => "SHA256", + ); + my $certpbe = $pbes{$certpbe_index}; + my $keypbe = $pbes{$keypbe_index}; + my $macalg = $macalgs{$macalg_index}; + if (!defined($certpbe) || !defined($keypbe) + || !defined($macalg)) { + print STDERR "Cert PBE for $pbe_index not defined\n" + unless defined $certpbe; + print STDERR "Key PBE for $pbe_index not defined\n" + unless defined $keypbe; + print STDERR "MACALG for $macalg_index not defined\n" + unless defined $macalg; + print STDERR "(destination file was $dstfile)\n"; + return 0; + } + run(app(["openssl", "pkcs12", "-inkey", $srckey, + "-in", $srccert, "-passout", "pass:password", + "-export", "-macalg", $macalg, + "-certpbe", $certpbe, "-keypbe", $keypbe, + "-out", $dstfile])); + }, grep(/\.p12/, @generated_files)) + # *.der (the end all init) + && runall(sub { + my $dstfile = shift; + (my $srcfile = $dstfile) =~ s/\.der$/.pem/i; + if (! -f $srcfile) { + $srcfile = srctop_file("test", $srcfile); + } + my $infh; + unless (open $infh, $srcfile) { + return 0; + } + my $l; + while (($l = <$infh>) !~ /^-----BEGIN\s/ + || $l =~ /^-----BEGIN.*PARAMETERS-----/) { + } + my $b64 = ""; + while (($l = <$infh>) !~ /^-----END\s/) { + $l =~ s|\R$||; + $b64 .= $l unless $l =~ /:/; + } + close $infh; + my $der = decode_base64($b64); + unless (length($b64) / 4 * 3 - length($der) < 3) { + print STDERR "Length error, ",length($b64), + " bytes of base64 became ",length($der), + " bytes of der? ($srcfile => $dstfile)\n"; + return 0; + } + my $outfh; + unless (open $outfh, ">:raw", $dstfile) { + return 0; + } + print $outfh $der; + close $outfh; + return 1; + }, grep(/\.der$/, @generated_files)) + && runall(sub { + my $srcfile = shift; + my $dstfile = $generated_file_files{$srcfile}; + + unless (copy srctop_file($srcfile), $dstfile) { + warn "$!\n"; + return 0; + } + return 1; + }, keys %generated_file_files) + ); +} + +sub init_rehash { + return ( + mkdir(catdir(curdir(), 'rehash')) + && copy(srctop_file('test', 'testx509.pem'), + catdir(curdir(), 'rehash')) + && copy(srctop_file('test', 'testcrl.pem'), + catdir(curdir(), 'rehash')) + && run(app(['openssl', 'rehash', catdir(curdir(), 'rehash')])) + ); +} + +sub runall { + my ($function, @items) = @_; + + foreach (@items) { + return 0 unless $function->($_); + } + return 1; +} + +# According to RFC8089, a relative file: path is invalid. We still produce +# them for testing purposes. +sub to_file_uri { + my ($file, $isdir, $authority) = @_; + my $vol; + my $dir; + + die "to_file_uri: No file given\n" if !defined($file) || $file eq ''; + + ($vol, $dir, $file) = File::Spec->splitpath($file, $isdir // 0); + + # Make sure we have a Unix style directory. + $dir = join('/', File::Spec->splitdir($dir)); + # Canonicalise it (note: it seems to be only needed on Unix) + while (1) { + my $newdir = $dir; + $newdir =~ s|/[^/]*[^/\.]+[^/]*/\.\./|/|g; + last if $newdir eq $dir; + $dir = $newdir; + } + # Take care of the corner cases the loop can't handle, and that $dir + # ends with a / unless it's empty + $dir =~ s|/[^/]*[^/\.]+[^/]*/\.\.$|/|; + $dir =~ s|^[^/]*[^/\.]+[^/]*/\.\./|/|; + $dir =~ s|^[^/]*[^/\.]+[^/]*/\.\.$||; + if ($isdir // 0) { + $dir =~ s|/$|| if $dir ne '/'; + } else { + $dir .= '/' if $dir ne '' && $dir !~ m|/$|; + } + + # If the file system has separate volumes (at present, Windows and VMS) + # we need to handle them. In URIs, they are invariably the first + # component of the path, which is always absolute. + # On VMS, user:[foo.bar] translates to /user/foo/bar + # On Windows, c:\Users\Foo translates to /c:/Users/Foo + if ($vol ne '') { + $vol =~ s|:||g if ($^O eq "VMS"); + $dir = '/' . $dir if $dir ne '' && $dir !~ m|^/|; + $dir = '/' . $vol . $dir; + } + $file = $dir . $file; + + return "file://$authority$file" if defined $authority; + return "file:$file"; +} + +sub to_abs_file { + my ($file) = @_; + + return File::Spec->rel2abs($file); +} + +sub to_abs_file_uri { + my ($file, $isdir, $authority) = @_; + + die "to_abs_file_uri: No file given\n" if !defined($file) || $file eq ''; + return to_file_uri(to_abs_file($file), $isdir, $authority); +} diff --git a/deps/openssl/openssl/test/recipes/90-test_store_data/ca.cnf b/deps/openssl/openssl/test/recipes/90-test_store_data/ca.cnf new file mode 100644 index 00000000000000..99b85b0cda3b26 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/90-test_store_data/ca.cnf @@ -0,0 +1,55 @@ +#################################################################### +[ req ] +default_bits = 2432 +default_keyfile = cakey.pem +default_md = sha256 +distinguished_name = req_DN +string_mask = utf8only +x509_extensions = v3_selfsign + +[ req_DN ] +commonName = "Common Name" +commonName_value = "CA" + +[ v3_selfsign ] +basicConstraints = critical,CA:true +keyUsage = keyCertSign +subjectKeyIdentifier=hash + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./demoCA +certificate = ./demoCA/cacert.pem +serial = ./demoCA/serial +private_key = ./demoCA/private/cakey.pem +new_certs_dir = ./demoCA/newcerts + +certificate = cacert.pem +private_key = cakey.pem + +x509_extensions = v3_user + +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +policy = policy_anything + +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ v3_user ] +basicConstraints=critical,CA:FALSE +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer +issuerAltName=issuer:copy diff --git a/deps/openssl/openssl/test/recipes/90-test_store_data/user.cnf b/deps/openssl/openssl/test/recipes/90-test_store_data/user.cnf new file mode 100644 index 00000000000000..91f796947a4f56 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/90-test_store_data/user.cnf @@ -0,0 +1,19 @@ +#################################################################### +[ req ] +default_bits = 2432 +default_md = sha256 +distinguished_name = req_DN +string_mask = utf8only + +req_extensions = v3_req # The extensions to add to a certificate request + +[ req_DN ] +commonName = "Common Name" +commonName_value = "A user" +userId = "User ID" +userId_value = "test" + +[ v3_req ] +extendedKeyUsage = clientAuth +subjectKeyIdentifier = hash +basicConstraints = CA:false diff --git a/deps/openssl/openssl/test/recipes/90-test_sysdefault.t b/deps/openssl/openssl/test/recipes/90-test_sysdefault.t new file mode 100644 index 00000000000000..a34888c15e812a --- /dev/null +++ b/deps/openssl/openssl/test/recipes/90-test_sysdefault.t @@ -0,0 +1,23 @@ +#! /usr/bin/env perl +# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Utils; +use OpenSSL::Test qw/:DEFAULT srctop_file/; + +my $test_name = "test_sysdefault"; +setup($test_name); + +plan skip_all => "$test_name is not supported in this build" + if disabled("tls1_2") || disabled("rsa"); + +plan tests => 1; + +$ENV{OPENSSL_CONF} = srctop_file("test", "sysdefault.cnf"); + +ok(run(test(["sysdefaulttest"])), "sysdefaulttest"); diff --git a/deps/openssl/openssl/test/recipes/90-test_time_offset.t b/deps/openssl/openssl/test/recipes/90-test_time_offset.t new file mode 100644 index 00000000000000..a032d9b40a399a --- /dev/null +++ b/deps/openssl/openssl/test/recipes/90-test_time_offset.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_time_offset", "time_offset_test"); diff --git a/deps/openssl/openssl/test/recipes/90-test_tls13ccs.t b/deps/openssl/openssl/test/recipes/90-test_tls13ccs.t new file mode 100644 index 00000000000000..2ec28ce5ffb721 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/90-test_tls13ccs.t @@ -0,0 +1,22 @@ +#! /usr/bin/env perl +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Utils; +use OpenSSL::Test qw/:DEFAULT srctop_file/; + +my $test_name = "test_tls13ccs"; +setup($test_name); + +plan skip_all => "$test_name is not supported in this build" + if disabled("tls1_3"); + +plan tests => 1; + +ok(run(test(["tls13ccstest", srctop_file("apps", "server.pem"), + srctop_file("apps", "server.pem")])), "tls13ccstest"); diff --git a/deps/openssl/openssl/test/recipes/90-test_tls13encryption.t b/deps/openssl/openssl/test/recipes/90-test_tls13encryption.t new file mode 100644 index 00000000000000..e6ca97a137dadb --- /dev/null +++ b/deps/openssl/openssl/test/recipes/90-test_tls13encryption.t @@ -0,0 +1,20 @@ +#! /usr/bin/env perl +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use OpenSSL::Test; +use OpenSSL::Test::Utils; + +my $test_name = "tls13encryption"; +setup($test_name); + +plan skip_all => "$test_name is not supported in this build" + if disabled("tls1_3"); + +plan tests => 1; + +ok(run(test(["tls13encryptiontest"])), "running tls13encryptiontest"); diff --git a/deps/openssl/openssl/test/recipes/90-test_tls13secrets.t b/deps/openssl/openssl/test/recipes/90-test_tls13secrets.t new file mode 100644 index 00000000000000..5490885309d335 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/90-test_tls13secrets.t @@ -0,0 +1,20 @@ +#! /usr/bin/env perl +# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use OpenSSL::Test; +use OpenSSL::Test::Utils; + +my $test_name = "tls13secrets"; +setup($test_name); + +plan skip_all => "$test_name is not supported in this build" + if disabled("tls1_3") || disabled("shared"); + +plan tests => 1; + +ok(run(test(["tls13secretstest"])), "running tls13secretstest"); diff --git a/deps/openssl/openssl/test/recipes/95-test_external_boringssl.t b/deps/openssl/openssl/test/recipes/95-test_external_boringssl.t new file mode 100644 index 00000000000000..5e3f67edbe7490 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/95-test_external_boringssl.t @@ -0,0 +1,30 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test; +use OpenSSL::Test::Utils; +use OpenSSL::Test qw/:DEFAULT bldtop_file srctop_file cmdstr/; + +setup("test_external_boringssl"); + +plan skip_all => "No external tests in this configuration" + if disabled("external-tests"); +plan skip_all => "BoringSSL runner not detected" + if !$ENV{BORING_RUNNER_DIR}; + +plan tests => 1; + +indir $ENV{BORING_RUNNER_DIR} => sub { + ok(run(cmd(["go", "test", "-shim-path", + bldtop_file("test", "ossl_shim", "ossl_shim"), + "-shim-config", + srctop_file("test", "ossl_shim", "ossl_config.json"), + "-pipe", "-allow-unimplemented"]), prefix => "go test: "), + "running BoringSSL tests"); +}, create => 0, cleanup => 0; diff --git a/deps/openssl/openssl/test/recipes/95-test_external_krb5.t b/deps/openssl/openssl/test/recipes/95-test_external_krb5.t new file mode 100644 index 00000000000000..6cc4d268157ea6 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/95-test_external_krb5.t @@ -0,0 +1,23 @@ +#! /usr/bin/env perl +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test; +use OpenSSL::Test::Utils; +use OpenSSL::Test qw/:DEFAULT data_file srctop_file/; + +setup("test_external_krb5"); + +plan skip_all => "No external tests in this configuration" + if disabled("external-tests"); +plan skip_all => "krb5 not available" + if ! -f srctop_file("krb5", "README"); + +plan tests => 1; + +ok(run(cmd([data_file("krb5.sh")])), "running krb5 tests"); diff --git a/deps/openssl/openssl/test/recipes/95-test_external_krb5_data/krb5.sh b/deps/openssl/openssl/test/recipes/95-test_external_krb5_data/krb5.sh new file mode 100755 index 00000000000000..39c6592f97a8a6 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/95-test_external_krb5_data/krb5.sh @@ -0,0 +1,23 @@ +#!/bin/sh -ex +# +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# krb5's test suite clears LD_LIBRARY_PATH +LDFLAGS="-L`pwd`/$BLDTOP -Wl,-rpath,`pwd`/$BLDTOP" +CFLAGS="-I`pwd`/$BLDTOP/include -I`pwd`/$SRCTOP/include" + +cd $SRCTOP/krb5/src +autoreconf +./configure --with-ldap --with-prng-alg=os --enable-pkinit \ + --with-crypto-impl=openssl --with-tls-impl=openssl \ + CFLAGS="$CFLAGS" LDFLAGS="$LDFLAGS" + +# quiet make so that Travis doesn't overflow +make -s + +make check diff --git a/deps/openssl/openssl/test/recipes/95-test_external_pyca.t b/deps/openssl/openssl/test/recipes/95-test_external_pyca.t new file mode 100644 index 00000000000000..c1ada99416e234 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/95-test_external_pyca.t @@ -0,0 +1,28 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test; +use OpenSSL::Test::Utils; +use OpenSSL::Test qw/:DEFAULT bldtop_file data_file srctop_file cmdstr/; + +setup("test_external"); + +plan skip_all => "No external tests in this configuration" + if disabled("external-tests"); +plan skip_all => "PYCA tests not available on Windows or VMS" + if $^O =~ /^(VMS|MSWin32)$/; +plan skip_all => "PYCA Cryptography not available" + if ! -f srctop_file("pyca-cryptography", "setup.py"); +plan skip_all => "PYCA tests only available in a shared build" + if disabled("shared"); + +plan tests => 1; + +ok(run(cmd(["sh", data_file("cryptography.sh")])), + "running Python Cryptography tests"); diff --git a/deps/openssl/openssl/test/recipes/95-test_external_pyca_data/cryptography.sh b/deps/openssl/openssl/test/recipes/95-test_external_pyca_data/cryptography.sh new file mode 100755 index 00000000000000..c912e567512e83 --- /dev/null +++ b/deps/openssl/openssl/test/recipes/95-test_external_pyca_data/cryptography.sh @@ -0,0 +1,63 @@ +#!/bin/sh +# +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# +# OpenSSL external testing using the Python Cryptography module +# +set -e + +O_EXE=`pwd`/$BLDTOP/apps +O_BINC=`pwd`/$BLDTOP/include +O_SINC=`pwd`/$SRCTOP/include +O_LIB=`pwd`/$BLDTOP + +export PATH=$O_EXE:$PATH +export LD_LIBRARY_PATH=$O_LIB:$LD_LIBRARY_PATH + +# Check/Set openssl version +OPENSSL_VERSION=`openssl version | cut -f 2 -d ' '` + +echo "------------------------------------------------------------------" +echo "Testing OpenSSL using Python Cryptography:" +echo " CWD: $PWD" +echo " SRCTOP: $SRCTOP" +echo " BLDTOP: $BLDTOP" +echo " OpenSSL version: $OPENSSL_VERSION" +echo "------------------------------------------------------------------" + +cd $SRCTOP + +# Create a python virtual env and activate +rm -rf venv-pycrypto +virtualenv venv-pycrypto +. ./venv-pycrypto/bin/activate + +cd pyca-cryptography + +pip install .[test] + +echo "------------------------------------------------------------------" +echo "Building cryptography" +echo "------------------------------------------------------------------" +python ./setup.py clean + +CFLAGS="-I$O_BINC -I$O_SINC -L$O_LIB" python ./setup.py build + +echo "------------------------------------------------------------------" +echo "Running tests" +echo "------------------------------------------------------------------" + +CFLAGS="-I$O_BINC -I$O_SINC -L$O_LIB" python ./setup.py test + +cd ../ +deactivate +rm -rf venv-pycrypto + +exit 0 diff --git a/deps/openssl/openssl/test/recipes/99-test_ecstress.t b/deps/openssl/openssl/test/recipes/99-test_ecstress.t new file mode 100644 index 00000000000000..f95a5443a33fcf --- /dev/null +++ b/deps/openssl/openssl/test/recipes/99-test_ecstress.t @@ -0,0 +1,23 @@ +#! /usr/bin/env perl +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use warnings; + +use OpenSSL::Test; +use OpenSSL::Test::Utils; + +setup("test_ecstress"); + +plan tests => 1; + +SKIP: { + skip "Skipping EC stress test", 1 + if ! exists $ENV{'ECSTRESS'}; + ok(run(test(["ecstresstest"])), "running ecstresstest"); +} diff --git a/deps/openssl/openssl/test/recipes/90-test_fuzz.t b/deps/openssl/openssl/test/recipes/99-test_fuzz.t similarity index 87% rename from deps/openssl/openssl/test/recipes/90-test_fuzz.t rename to deps/openssl/openssl/test/recipes/99-test_fuzz.t index 8d3b3541fc4b74..99970e39286f93 100644 --- a/deps/openssl/openssl/test/recipes/90-test_fuzz.t +++ b/deps/openssl/openssl/test/recipes/99-test_fuzz.t @@ -9,13 +9,13 @@ use strict; use warnings; -use if $^O ne "VMS", 'File::Glob' => qw/glob/; +use OpenSSL::Glob; use OpenSSL::Test qw/:DEFAULT srctop_file/; use OpenSSL::Test::Utils; setup("test_fuzz"); -my @fuzzers = ('asn1', 'asn1parse', 'bignum', 'bndiv', 'conf', 'crl', 'server', 'x509'); +my @fuzzers = ('asn1', 'asn1parse', 'bignum', 'bndiv', 'client', 'conf', 'crl', 'server', 'x509'); if (!disabled("cms")) { push @fuzzers, 'cms'; } diff --git a/deps/openssl/openssl/test/recipes/bc.pl b/deps/openssl/openssl/test/recipes/bc.pl deleted file mode 100644 index dbb5842bda7e58..00000000000000 --- a/deps/openssl/openssl/test/recipes/bc.pl +++ /dev/null @@ -1,113 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the OpenSSL license (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -use strict; -use warnings; - -use Math::BigInt; - -sub calc { - @_ = __adder(@_); - if (scalar @_ != 1) { return "NaN"; } - return shift; -} - -sub __canonhex { - my ($sign, $hex) = (shift =~ /^([+\-]?)(.*)$/); - $hex = "0x".$hex if $hex !~ /^0x/; - return $sign.$hex; -} - -sub __adder { - @_ = __multiplier(@_); - while (scalar @_ > 1 && $_[1] =~ /^[\+\-]$/) { - my $operand1 = Math::BigInt->from_hex(__canonhex(shift)); - my $operator = shift; - @_ = __multiplier(@_); - my $operand2 = Math::BigInt->from_hex(__canonhex(shift)); - if ($operator eq "+") { - $operand1->badd($operand2); - } elsif ($operator eq "-") { - $operand1->bsub($operand2); - } else { - die "SOMETHING WENT AWFULLY WRONG"; - } - unshift @_, $operand1->as_hex(); - } - return @_; -} - -sub __multiplier { - @_ = __power(@_); - while (scalar @_ > 1 && $_[1] =~ /^[\*\/%]$/) { - my $operand1 = Math::BigInt->from_hex(__canonhex(shift)); - my $operator = shift; - @_ = __power(@_); - my $operand2 = Math::BigInt->from_hex(__canonhex(shift)); - if ($operator eq "*") { - $operand1->bmul($operand2); - } elsif ($operator eq "/") { - # Math::BigInt->bdiv() is documented to do floored division, - # i.e. 1 / -4 = -1, while bc and OpenSSL BN_div do truncated - # division, i.e. 1 / -4 = 0. We need to make the operation - # work like OpenSSL's BN_div to be able to verify. - my $neg = ($operand1->is_neg() - ? !$operand2->is_neg() : $operand2->is_neg()); - $operand1->babs(); - $operand2->babs(); - $operand1->bdiv($operand2); - if ($neg) { $operand1->bneg(); } - } elsif ($operator eq "%") { - # Here's a bit of a quirk... - # With OpenSSL's BN, as well as bc, the result of -10 % 3 is -1 - # while Math::BigInt, the result is 2. - # The latter is mathematically more correct, but... - my $o1isneg = $operand1->is_neg(); - $operand1->babs(); - # Math::BigInt does something different with a negative modulus, - # while OpenSSL's BN and bc treat it like a positive number... - $operand2->babs(); - $operand1->bmod($operand2); - if ($o1isneg) { $operand1->bneg(); } - } else { - die "SOMETHING WENT AWFULLY WRONG"; - } - unshift @_, $operand1->as_hex(); - } - return @_; -} - -sub __power { - @_ = __paren(@_); - while (scalar @_ > 1 && $_[1] eq "^") { - my $operand1 = Math::BigInt->from_hex(__canonhex(shift)); - shift; - @_ = __paren(@_); - my $operand2 = Math::BigInt->from_hex(__canonhex(shift)); - $operand1->bpow($operand2); - unshift @_, $operand1->as_hex(); - } - return @_; -} - -# returns array ( $result, @remaining ) -sub __paren { - if (scalar @_ > 0 && $_[0] eq "(") { - shift; - my @result = __adder(@_); - if (scalar @_ == 0 || $_[0] ne ")") { - return ("NaN"); - } - shift; - return @result; - } - return @_; -} - -1; diff --git a/deps/openssl/openssl/test/recipes/ocsp-response.der b/deps/openssl/openssl/test/recipes/ocsp-response.der new file mode 100644 index 0000000000000000000000000000000000000000..31351a0e3c89c0611fcf1b81a3c0e7ba4e58986f GIT binary patch literal 1517 zcmXqLVtvWQ$grS^^^rjn>peD3Z8k<$R(1nMMwTYl^FX1~22G4o3me-E8k-Hd4LI4D zLs{5_ncSTW{w! zC%WcMOW&9|fCz&`IzB6ntoL)Z3vw;D_=!MD#AZNlugo#CnML_s@ zMPs!7RD+mj8SC?u9z8bTW#iOp^Jx3d%gD&h%D~*j$jD&$*L=nGC7w$^>vu{$UufR- zs_sZ&Xg1rTGsh1sw_;a$t5x*1pm*~umh#Wq{~VS`eF#uczQ3pP;h!m+9p#>7U+A;m zye+-uxth1*(v1f+3Qm1fJGkxnnN*%NYZR|IIqWeL_mETEFwZSso)I$oCUfuqFB@mQ%%x0L8O9xYe+u{tJ~{T?GmO>U zptUTyCiQ1~iN}>?ZW}BZc=xG%ONx6qufg-0SKI5%S7vOjpRU{#d)BJ><=nAX#;GqC z`k1n~>6s;k2ww1WPWY9mIyWn;$aEW*s)6{s(^<2YWUg4eV?)D3mao>67Bn$WHE3d< z2*kYxO-!W=n3))v5Mk|(9A+%63t@$k03r z$Tb6UO`zPtk)(n7O9?qd7{RHCp8+V&#RN)DduJTD{lM`QUsH(9#2Z?LSL%K<2=9JA z(a3zpX_e{~t=DB&9+bUt_0FR%^VJEAz1Aztu9O{1oKVKlzOUVIyJi(z15@_1^QPg- z#cQJ;|Nbeaa&}ex+lx{Y*pl;38#MFXjwmwoP&oR1$FuU#{hFs9$tyg>5DZw=`zITlgu}(_PHd(?dx|xuZEFZS$->E6b)&IP4R2xx;HxX1x>lme-tj zcWT|4r>7GA=;_t9Keis&GwWaJ%^%^(Zl-b@j-6lem3dC(o4p@jh0JIAx6o)^`^mH| z`?ps{)$q*}53se`v~!k#lLiF0Fpn{Mf-oOEu;*F*7nSF4i~D1(!au z!YoV%3PUIj3CNglw4418%bLDb>{Qn2* z=L@dZ^Dp=-A+YGZDAT&SSFP_1V}+OATG^>(z-?K$ZAXl!p^#Cqxd_AjthH0)AJ3iZ zBC$m%$t&Yf>fQxWE`t5*{ia1cWh$RK?L~~>E$(xSLfW4exOX0ki$DJj7`!i z`>W $totaltests; diff --git a/deps/openssl/openssl/test/rmdtest.c b/deps/openssl/openssl/test/rmdtest.c deleted file mode 100644 index b6deaaa1f530a5..00000000000000 --- a/deps/openssl/openssl/test/rmdtest.c +++ /dev/null @@ -1,92 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include - -#include "../e_os.h" - -#ifdef OPENSSL_NO_RMD160 -int main(int argc, char *argv[]) -{ - printf("No ripemd support\n"); - return (0); -} -#else -# include -# include - -# ifdef CHARSET_EBCDIC -# include -# endif - -static char test[][100] = { - { "" }, - { "a" }, - { "abc" }, - { "message digest" }, - { "abcdefghijklmnopqrstuvwxyz" }, - { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" }, - { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" }, - { "12345678901234567890123456789012345678901234567890123456789012345678901234567890" } -}; - -static char *ret[] = { - "9c1185a5c5e9fc54612808977ee8f548b2258d31", - "0bdc9d2d256b3ee9daae347be6f4dc835a467ffe", - "8eb208f7e05d987a9b044a8e98c6b087f15a0bfc", - "5d0689ef49d2fae572b881b123a85ffa21595f36", - "f71c27109c692c1b56bbdceb5b9d2865b3708dbc", - "12a053384a9c0c88e405a06c27dcf49ada62eb2b", - "b0e20b6e3116640286ed3a87a5713079b21f5189", - "9b752e45573d4b39f4dbd3323cab82bf63326bfb", -}; - -static char *pt(unsigned char *md); -int main(int argc, char *argv[]) -{ - unsigned int i; - int err = 0; - char **R; - char *p; - unsigned char md[RIPEMD160_DIGEST_LENGTH]; - - R = ret; - for (i = 0; i < OSSL_NELEM(test); i++) { -# ifdef CHARSET_EBCDIC - ebcdic2ascii(test[i], test[i], strlen(test[i])); -# endif - if (!EVP_Digest(test[i], strlen(test[i]), md, NULL, EVP_ripemd160(), - NULL)) { - printf("EVP Digest error.\n"); - EXIT(1); - } - p = pt(md); - if (strcmp(p, (char *)*R) != 0) { - printf("error calculating RIPEMD160 on '%s'\n", test[i]); - printf("got %s instead of %s\n", p, *R); - err++; - } else - printf("test %d ok\n", i + 1); - R++; - } - EXIT(err); -} - -static char *pt(unsigned char *md) -{ - int i; - static char buf[80]; - - for (i = 0; i < RIPEMD160_DIGEST_LENGTH; i++) - sprintf(&(buf[i * 2]), "%02x", md[i]); - return (buf); -} -#endif diff --git a/deps/openssl/openssl/test/rsa_test.c b/deps/openssl/openssl/test/rsa_test.c index 01e8374a09fcad..2ad4de4734cd2c 100644 --- a/deps/openssl/openssl/test/rsa_test.c +++ b/deps/openssl/openssl/test/rsa_test.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,17 +12,20 @@ #include #include -#include "e_os.h" +#include "internal/nelem.h" #include #include #include #include + +#include "testutil.h" + #ifdef OPENSSL_NO_RSA -int main(int argc, char *argv[]) +int setup_tests(void) { - printf("No RSA support\n"); - return (0); + /* No tests */ + return 1; } #else # include @@ -40,7 +43,7 @@ int main(int argc, char *argv[]) BN_bin2bn(dmq1, sizeof(dmq1)-1, NULL), \ BN_bin2bn(iqmp, sizeof(iqmp)-1, NULL)); \ memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \ - return (sizeof(ctext_ex) - 1); + return sizeof(ctext_ex) - 1; static int key1(RSA *key, unsigned char *c) { @@ -213,17 +216,31 @@ static int pad_unknown(void) unsigned long l; while ((l = ERR_get_error()) != 0) if (ERR_GET_REASON(l) == RSA_R_UNKNOWN_PADDING_TYPE) - return (1); - return (0); + return 1; + return 0; } -static const char rnd_seed[] = - "string to make the random number generator think it has entropy"; +static int rsa_setkey(RSA** key, unsigned char* ctext, int idx) +{ + int clen = 0; + *key = RSA_new(); + switch (idx) { + case 0: + clen = key1(*key, ctext); + break; + case 1: + clen = key2(*key, ctext); + break; + case 2: + clen = key3(*key, ctext); + break; + } + return clen; +} -int main(int argc, char *argv[]) +static int test_rsa_pkcs1(int idx) { - int err = 0; - int v; + int ret = 0; RSA *key; unsigned char ptext[256]; unsigned char ctext[256]; @@ -232,113 +249,90 @@ int main(int argc, char *argv[]) int plen; int clen = 0; int num; - int n; - CRYPTO_set_mem_debug(1); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + plen = sizeof(ptext_ex) - 1; + clen = rsa_setkey(&key, ctext_ex, idx); - RAND_seed(rnd_seed, sizeof(rnd_seed)); /* or OAEP may fail */ + num = RSA_public_encrypt(plen, ptext_ex, ctext, key, + RSA_PKCS1_PADDING); + if (!TEST_int_eq(num, clen)) + goto err; - plen = sizeof(ptext_ex) - 1; + num = RSA_private_decrypt(num, ctext, ptext, key, RSA_PKCS1_PADDING); + if (!TEST_mem_eq(ptext, num, ptext_ex, plen)) + goto err; - for (v = 0; v < 3; v++) { - key = RSA_new(); - switch (v) { - case 0: - clen = key1(key, ctext_ex); - break; - case 1: - clen = key2(key, ctext_ex); - break; - case 2: - clen = key3(key, ctext_ex); - break; - } - - num = RSA_public_encrypt(plen, ptext_ex, ctext, key, - RSA_PKCS1_PADDING); - if (num != clen) { - printf("PKCS#1 v1.5 encryption failed!\n"); - err = 1; - goto oaep; - } - - num = RSA_private_decrypt(num, ctext, ptext, key, RSA_PKCS1_PADDING); - if (num != plen || memcmp(ptext, ptext_ex, num) != 0) { - printf("PKCS#1 v1.5 decryption failed!\n"); - err = 1; - } else - printf("PKCS #1 v1.5 encryption/decryption ok\n"); - - oaep: - ERR_clear_error(); - num = RSA_public_encrypt(plen, ptext_ex, ctext, key, - RSA_PKCS1_OAEP_PADDING); - if (num == -1 && pad_unknown()) { - printf("No OAEP support\n"); - goto next; - } - if (num != clen) { - printf("OAEP encryption failed!\n"); - err = 1; - goto next; - } - - num = RSA_private_decrypt(num, ctext, ptext, key, - RSA_PKCS1_OAEP_PADDING); - if (num != plen || memcmp(ptext, ptext_ex, num) != 0) { - printf("OAEP decryption (encrypted data) failed!\n"); - err = 1; - } else if (memcmp(ctext, ctext_ex, num) == 0) - printf("OAEP test vector %d passed!\n", v); - - /* - * Different ciphertexts (rsa_oaep.c without -DPKCS_TESTVECT). Try - * decrypting ctext_ex - */ - - num = RSA_private_decrypt(clen, ctext_ex, ptext, key, - RSA_PKCS1_OAEP_PADDING); + ret = 1; +err: + RSA_free(key); + return ret; +} - if (num != plen || memcmp(ptext, ptext_ex, num) != 0) { - printf("OAEP decryption (test vector data) failed!\n"); - err = 1; - } else - printf("OAEP encryption/decryption ok\n"); - - /* Try decrypting corrupted ciphertexts. */ - for (n = 0; n < clen; ++n) { - ctext[n] ^= 1; - num = RSA_private_decrypt(clen, ctext, ptext, key, - RSA_PKCS1_OAEP_PADDING); - if (num > 0) { - printf("Corrupt data decrypted!\n"); - err = 1; - break; - } - ctext[n] ^= 1; - } - - /* Test truncated ciphertexts, as well as negative length. */ - for (n = -1; n < clen; ++n) { - num = RSA_private_decrypt(n, ctext, ptext, key, +static int test_rsa_oaep(int idx) +{ + int ret = 0; + RSA *key; + unsigned char ptext[256]; + unsigned char ctext[256]; + static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a"; + unsigned char ctext_ex[256]; + int plen; + int clen = 0; + int num; + int n; + + plen = sizeof(ptext_ex) - 1; + clen = rsa_setkey(&key, ctext_ex, idx); + + num = RSA_public_encrypt(plen, ptext_ex, ctext, key, + RSA_PKCS1_OAEP_PADDING); + if (num == -1 && pad_unknown()) { + TEST_info("Skipping: No OAEP support"); + ret = 1; + goto err; + } + if (!TEST_int_eq(num, clen)) + goto err; + + num = RSA_private_decrypt(num, ctext, ptext, key, + RSA_PKCS1_OAEP_PADDING); + if (!TEST_mem_eq(ptext, num, ptext_ex, plen)) + goto err; + + /* Different ciphertexts. Try decrypting ctext_ex */ + num = RSA_private_decrypt(clen, ctext_ex, ptext, key, + RSA_PKCS1_OAEP_PADDING); + if (!TEST_mem_eq(ptext, num, ptext_ex, plen)) + goto err; + + /* Try decrypting corrupted ciphertexts. */ + for (n = 0; n < clen; ++n) { + ctext[n] ^= 1; + num = RSA_private_decrypt(clen, ctext, ptext, key, RSA_PKCS1_OAEP_PADDING); - if (num > 0) { - printf("Truncated data decrypted!\n"); - err = 1; - break; - } - } - - next: - RSA_free(key); + if (!TEST_int_le(num, 0)) + goto err; + ctext[n] ^= 1; } -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - if (CRYPTO_mem_leaks_fp(stderr) <= 0) - err = 1; -#endif + /* Test truncated ciphertexts, as well as negative length. */ + for (n = -1; n < clen; ++n) { + num = RSA_private_decrypt(n, ctext, ptext, key, + RSA_PKCS1_OAEP_PADDING); + if (!TEST_int_le(num, 0)) + goto err; + } - return err; + ret = 1; +err: + RSA_free(key); + return ret; +} + +int setup_tests(void) +{ + ADD_ALL_TESTS(test_rsa_pkcs1, 3); + ADD_ALL_TESTS(test_rsa_oaep, 3); + return 1; } #endif diff --git a/deps/openssl/openssl/test/run_tests.pl b/deps/openssl/openssl/test/run_tests.pl index 77dffb332b39c8..881feaec712d1d 100644 --- a/deps/openssl/openssl/test/run_tests.pl +++ b/deps/openssl/openssl/test/run_tests.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -19,16 +19,17 @@ BEGIN use FindBin; use lib "$FindBin::Bin/../util/perl"; use OpenSSL::Glob; -use Module::Load::Conditional qw(can_load); -my $TAP_Harness = can_load(modules => { 'TAP::Harness' => undef }) - ? 'TAP::Harness' : 'OpenSSL::TAP::Harness'; +my $TAP_Harness = eval { require TAP::Harness } ? "TAP::Harness" + : "OpenSSL::TAP::Harness"; my $srctop = $ENV{SRCTOP} || $ENV{TOP}; my $bldtop = $ENV{BLDTOP} || $ENV{TOP}; my $recipesdir = catdir($srctop, "test", "recipes"); my $libdir = rel2abs(catdir($srctop, "util", "perl")); +$ENV{OPENSSL_CONF} = catdir($srctop, "apps", "openssl.cnf"); + my %tapargs = ( verbosity => $ENV{VERBOSE} || $ENV{V} || $ENV{HARNESS_VERBOSE} ? 1 : 0, lib => [ $libdir ], @@ -36,45 +37,74 @@ BEGIN merge => 1 ); -my @tests = ( "alltests" ); -if (@ARGV) { - @tests = @ARGV; -} -my $list_mode = scalar(grep /^list$/, @tests) != 0; -if (grep /^(alltests|list)$/, @tests) { - @tests = grep { - basename($_) =~ /^[0-9][0-9]-[^\.]*\.t$/ - } glob(catfile($recipesdir,"*.t")); -} else { - my @t = (); - foreach (@tests) { - push @t, grep { - basename($_) =~ /^[0-9][0-9]-[^\.]*\.t$/ - } glob(catfile($recipesdir,"*-$_.t")); +my @alltests = find_matching_tests("*"); +my %tests = (); + +my $initial_arg = 1; +foreach my $arg (@ARGV ? @ARGV : ('alltests')) { + if ($arg eq 'list') { + foreach (@alltests) { + (my $x = basename($_)) =~ s|^[0-9][0-9]-(.*)\.t$|$1|; + print $x,"\n"; + } + exit 0; + } + if ($arg eq 'alltests') { + warn "'alltests' encountered, ignoring everything before that...\n" + unless $initial_arg; + %tests = map { $_ => 1 } @alltests; + } elsif ($arg =~ m/^(-?)(.*)/) { + my $sign = $1; + my $test = $2; + my @matches = find_matching_tests($test); + + # If '-foo' is the first arg, it's short for 'alltests -foo' + if ($sign eq '-' && $initial_arg) { + %tests = map { $_ => 1 } @alltests; + } + + if (scalar @matches == 0) { + warn "Test $test found no match, skipping ", + ($sign eq '-' ? "removal" : "addition"), + "...\n"; + } else { + foreach $test (@matches) { + if ($sign eq '-') { + delete $tests{$test}; + } else { + $tests{$test} = 1; + } + } + } + } else { + warn "I don't know what '$arg' is about, ignoring...\n"; } - @tests = @t; + + $initial_arg = 0; } -if ($list_mode) { - @tests = map { $_ = basename($_); $_ =~ s/^[0-9][0-9]-//; $_ =~ s/\.t$//; - $_ } @tests; - print join("\n", @tests), "\n"; -} else { - @tests = map { abs2rel($_, rel2abs(curdir())); } @tests; - - my $harness = $TAP_Harness->new(\%tapargs); - my $ret = $harness->runtests(sort @tests); - - # $ret->has_errors may be any number, not just 0 or 1. On VMS, numbers - # from 2 and on are used as is as VMS statuses, which has severity encoded - # in the lower 3 bits. 0 and 1, on the other hand, generate SUCCESS and - # FAILURE, so for currect reporting on all platforms, we make sure the only - # exit codes are 0 and 1. Double-bang is the trick to do so. - exit !!$ret->has_errors if (ref($ret) eq "TAP::Parser::Aggregator"); - - # If this isn't a TAP::Parser::Aggregator, it's the pre-TAP test harness, - # which simply dies at the end if any test failed, so we don't need to - # bother with any exit code in that case. +my $harness = $TAP_Harness->new(\%tapargs); +my $ret = $harness->runtests(map { abs2rel($_, rel2abs(curdir())); } + sort keys %tests); + +# $ret->has_errors may be any number, not just 0 or 1. On VMS, numbers +# from 2 and on are used as is as VMS statuses, which has severity encoded +# in the lower 3 bits. 0 and 1, on the other hand, generate SUCCESS and +# FAILURE, so for currect reporting on all platforms, we make sure the only +# exit codes are 0 and 1. Double-bang is the trick to do so. +exit !!$ret->has_errors if (ref($ret) eq "TAP::Parser::Aggregator"); + +# If this isn't a TAP::Parser::Aggregator, it's the pre-TAP test harness, +# which simply dies at the end if any test failed, so we don't need to bother +# with any exit code in that case. + +sub find_matching_tests { + my ($glob) = @_; + + if ($glob =~ m|^[\d\[\]\?\-]+$|) { + return glob(catfile($recipesdir,"$glob-*.t")); + } + return glob(catfile($recipesdir,"*-$glob.t")); } diff --git a/deps/openssl/openssl/test/sanitytest.c b/deps/openssl/openssl/test/sanitytest.c index f1228f1494dbb4..ba539d3945f5e3 100644 --- a/deps/openssl/openssl/test/sanitytest.c +++ b/deps/openssl/openssl/test/sanitytest.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,61 +7,96 @@ * https://www.openssl.org/source/license.html */ -#include #include -#include +#include "testutil.h" +#include "internal/numbers.h" - -#define TEST(e) \ - do { \ - if (!(e)) { \ - fprintf(stderr, "Failed " #e "\n"); \ - failures++; \ - } \ - } while (0) - - -enum smallchoices { sa, sb, sc }; -enum medchoices { ma, mb, mc, md, me, mf, mg, mh, mi, mj, mk, ml }; -enum largechoices { - a01, b01, c01, d01, e01, f01, g01, h01, i01, j01, - a02, b02, c02, d02, e02, f02, g02, h02, i02, j02, - a03, b03, c03, d03, e03, f03, g03, h03, i03, j03, - a04, b04, c04, d04, e04, f04, g04, h04, i04, j04, - a05, b05, c05, d05, e05, f05, g05, h05, i05, j05, - a06, b06, c06, d06, e06, f06, g06, h06, i06, j06, - a07, b07, c07, d07, e07, f07, g07, h07, i07, j07, - a08, b08, c08, d08, e08, f08, g08, h08, i08, j08, - a09, b09, c09, d09, e09, f09, g09, h09, i09, j09, - a10, b10, c10, d10, e10, f10, g10, h10, i10, j10, - xxx }; - -int main() +static int test_sanity_null_zero(void) { char *p; char bytes[sizeof(p)]; - int failures = 0; /* Is NULL equivalent to all-bytes-zero? */ p = NULL; memset(bytes, 0, sizeof(bytes)); - TEST(memcmp(&p, bytes, sizeof(bytes)) == 0); + return TEST_mem_eq(&p, sizeof(p), bytes, sizeof(bytes)); +} + +static int test_sanity_enum_size(void) +{ + enum smallchoices { sa, sb, sc }; + enum medchoices { ma, mb, mc, md, me, mf, mg, mh, mi, mj, mk, ml }; + enum largechoices { + a01, b01, c01, d01, e01, f01, g01, h01, i01, j01, + a02, b02, c02, d02, e02, f02, g02, h02, i02, j02, + a03, b03, c03, d03, e03, f03, g03, h03, i03, j03, + a04, b04, c04, d04, e04, f04, g04, h04, i04, j04, + a05, b05, c05, d05, e05, f05, g05, h05, i05, j05, + a06, b06, c06, d06, e06, f06, g06, h06, i06, j06, + a07, b07, c07, d07, e07, f07, g07, h07, i07, j07, + a08, b08, c08, d08, e08, f08, g08, h08, i08, j08, + a09, b09, c09, d09, e09, f09, g09, h09, i09, j09, + a10, b10, c10, d10, e10, f10, g10, h10, i10, j10, + xxx }; /* Enum size */ - TEST(sizeof(enum smallchoices) == sizeof(int)); - TEST(sizeof(enum medchoices) == sizeof(int)); - TEST(sizeof(enum largechoices) == sizeof(int)); + if (!TEST_size_t_eq(sizeof(enum smallchoices), sizeof(int)) + || !TEST_size_t_eq(sizeof(enum medchoices), sizeof(int)) + || !TEST_size_t_eq(sizeof(enum largechoices), sizeof(int))) + return 0; + return 1; +} + +static int test_sanity_twos_complement(void) +{ /* Basic two's complement checks. */ - TEST(~(-1) == 0); - TEST(~(-1L) == 0L); + if (!TEST_int_eq(~(-1), 0) + || !TEST_long_eq(~(-1L), 0L)) + return 0; + return 1; +} +static int test_sanity_sign(void) +{ /* Check that values with sign bit 1 and value bits 0 are valid */ - TEST(-(INT_MIN + 1) == INT_MAX); - TEST(-(LONG_MIN + 1) == LONG_MAX); + if (!TEST_int_eq(-(INT_MIN + 1), INT_MAX) + || !TEST_long_eq(-(LONG_MIN + 1), LONG_MAX)) + return 0; + return 1; +} +static int test_sanity_unsigned_conversion(void) +{ /* Check that unsigned-to-signed conversions preserve bit patterns */ - TEST((int)((unsigned int)INT_MAX + 1) == INT_MIN); - TEST((long)((unsigned long)LONG_MAX + 1) == LONG_MIN); + if (!TEST_int_eq((int)((unsigned int)INT_MAX + 1), INT_MIN) + || !TEST_long_eq((long)((unsigned long)LONG_MAX + 1), LONG_MIN)) + return 0; + return 1; +} - return failures; +static int test_sanity_range(void) +{ + /* This isn't possible to check using the framework functions */ + if (SIZE_MAX < INT_MAX) { + TEST_error("int must not be wider than size_t"); + return 0; + } + return 1; +} + +static int test_sanity_memcmp(void) +{ + return CRYPTO_memcmp("ab","cd",2); +} + +int setup_tests(void) +{ + ADD_TEST(test_sanity_null_zero); + ADD_TEST(test_sanity_enum_size); + ADD_TEST(test_sanity_twos_complement); + ADD_TEST(test_sanity_sign); + ADD_TEST(test_sanity_unsigned_conversion); + ADD_TEST(test_sanity_range); + ADD_TEST(test_sanity_memcmp); + return 1; } diff --git a/deps/openssl/openssl/test/secmemtest.c b/deps/openssl/openssl/test/secmemtest.c index 36906f7854a4f0..42aeb5d0cf76c1 100644 --- a/deps/openssl/openssl/test/secmemtest.c +++ b/deps/openssl/openssl/test/secmemtest.c @@ -7,169 +7,84 @@ * https://www.openssl.org/source/license.html */ -#include #include -#define perror_line() perror_line1(__LINE__) -#define perror_line1(l) perror_line2(l) -#define perror_line2(l) perror("failed " #l) +#include "testutil.h" +#include "../e_os.h" -int main(int argc, char **argv) +static int test_sec_mem(void) { -#if defined(OPENSSL_SYS_LINUX) || defined(OPENSSL_SYS_UNIX) +#ifdef OPENSSL_SECURE_MEMORY + int testresult = 0; char *p = NULL, *q = NULL, *r = NULL, *s = NULL; - int i; - const int size = 64; + + TEST_info("Secure memory is implemented."); s = OPENSSL_secure_malloc(20); /* s = non-secure 20 */ - if (s == NULL) { - perror_line(); - return 1; - } - if (CRYPTO_secure_allocated(s)) { - perror_line(); - return 1; - } + if (!TEST_ptr(s) + || !TEST_false(CRYPTO_secure_allocated(s))) + goto end; r = OPENSSL_secure_malloc(20); /* r = non-secure 20, s = non-secure 20 */ - if (r == NULL) { - perror_line(); - return 1; - } - if (!CRYPTO_secure_malloc_init(4096, 32)) { - perror_line(); - return 1; - } - if (CRYPTO_secure_allocated(r)) { - perror_line(); - return 1; - } + if (!TEST_ptr(r) + || !TEST_true(CRYPTO_secure_malloc_init(4096, 32)) + || !TEST_false(CRYPTO_secure_allocated(r))) + goto end; p = OPENSSL_secure_malloc(20); - /* r = non-secure 20, p = secure 20, s = non-secure 20 */ - if (!CRYPTO_secure_allocated(p)) { - perror_line(); - return 1; - } - /* 20 secure -> 32-byte minimum allocaton unit */ - if (CRYPTO_secure_used() != 32) { - perror_line(); - return 1; - } + if (!TEST_ptr(p) + /* r = non-secure 20, p = secure 20, s = non-secure 20 */ + || !TEST_true(CRYPTO_secure_allocated(p)) + /* 20 secure -> 32-byte minimum allocation unit */ + || !TEST_size_t_eq(CRYPTO_secure_used(), 32)) + goto end; q = OPENSSL_malloc(20); + if (!TEST_ptr(q)) + goto end; /* r = non-secure 20, p = secure 20, q = non-secure 20, s = non-secure 20 */ - if (CRYPTO_secure_allocated(q)) { - perror_line(); - return 1; - } + if (!TEST_false(CRYPTO_secure_allocated(q))) + goto end; OPENSSL_secure_clear_free(s, 20); s = OPENSSL_secure_malloc(20); - /* r = non-secure 20, p = secure 20, q = non-secure 20, s = secure 20 */ - if (!CRYPTO_secure_allocated(s)) { - perror_line(); - return 1; - } - /* 2 * 20 secure -> 64 bytes allocated */ - if (CRYPTO_secure_used() != 64) { - perror_line(); - return 1; - } + if (!TEST_ptr(s) + /* r = non-secure 20, p = secure 20, q = non-secure 20, s = secure 20 */ + || !TEST_true(CRYPTO_secure_allocated(s)) + /* 2 * 20 secure -> 64 bytes allocated */ + || !TEST_size_t_eq(CRYPTO_secure_used(), 64)) + goto end; OPENSSL_secure_clear_free(p, 20); + p = NULL; /* 20 secure -> 32 bytes allocated */ - if (CRYPTO_secure_used() != 32) { - perror_line(); - return 1; - } + if (!TEST_size_t_eq(CRYPTO_secure_used(), 32)) + goto end; OPENSSL_free(q); + q = NULL; /* should not complete, as secure memory is still allocated */ - if (CRYPTO_secure_malloc_done()) { - perror_line(); - return 1; - } - if (!CRYPTO_secure_malloc_initialized()) { - perror_line(); - return 1; - } + if (!TEST_false(CRYPTO_secure_malloc_done()) + || !TEST_true(CRYPTO_secure_malloc_initialized())) + goto end; OPENSSL_secure_free(s); + s = NULL; /* secure memory should now be 0, so done should complete */ - if (CRYPTO_secure_used() != 0) { - perror_line(); - return 1; - } - if (!CRYPTO_secure_malloc_done()) { - perror_line(); - return 1; - } - if (CRYPTO_secure_malloc_initialized()) { - perror_line(); - return 1; - } + if (!TEST_size_t_eq(CRYPTO_secure_used(), 0) + || !TEST_true(CRYPTO_secure_malloc_done()) + || !TEST_false(CRYPTO_secure_malloc_initialized())) + goto end; - fprintf(stderr, "Possible infinite loop: allocate more than available\n"); - if (!CRYPTO_secure_malloc_init(32768, 16)) { - perror_line(); - return 1; - } - if (OPENSSL_secure_malloc((size_t)-1) != NULL) { - perror_line(); - return 1; - } - if (!CRYPTO_secure_malloc_done()) { - perror_line(); - return 1; - } + TEST_info("Possible infinite loop: allocate more than available"); + if (!TEST_true(CRYPTO_secure_malloc_init(32768, 16))) + goto end; + TEST_ptr_null(OPENSSL_secure_malloc((size_t)-1)); + TEST_true(CRYPTO_secure_malloc_done()); /* * If init fails, then initialized should be false, if not, this * could cause an infinite loop secure_malloc, but we don't test it */ - if (!CRYPTO_secure_malloc_init(16, 16) && - CRYPTO_secure_malloc_initialized()) { - CRYPTO_secure_malloc_done(); - perror_line(); - return 1; - } - - if (!CRYPTO_secure_malloc_init(32768, 16)) { - perror_line(); - return 1; - } - - /* - * Verify that secure memory gets zeroed properly. - */ - if ((p = OPENSSL_secure_malloc(size)) == NULL) { - perror_line(); - return 1; - } - for (i = 0; i < size; i++) - if (p[i] != 0) { - perror_line(); - fprintf(stderr, "iteration %d\n", i); - return 1; - } - - for (i = 0; i < size; i++) - p[i] = (unsigned char)(i + ' ' + 1); - OPENSSL_secure_free(p); - - /* - * A deliberate use after free here to verify that the memory has been - * cleared properly. Since secure free doesn't return the memory to - * libc's memory pool, it technically isn't freed. However, the header - * bytes have to be skipped and these consist of two pointers in the - * current implementation. - */ - for (i = sizeof(void *) * 2; i < size; i++) - if (p[i] != 0) { - perror_line(); - fprintf(stderr, "iteration %d\n", i); - return 1; - } - - if (!CRYPTO_secure_malloc_done()) { - perror_line(); - return 1; + if (TEST_false(CRYPTO_secure_malloc_init(16, 16)) && + !TEST_false(CRYPTO_secure_malloc_initialized())) { + TEST_true(CRYPTO_secure_malloc_done()); + goto end; } /*- @@ -197,24 +112,72 @@ int main(int argc, char **argv) * limited by virtual space alone... */ if (sizeof(size_t) > 4) { - fprintf(stderr, "Possible infinite loop: 1<<31 limit\n"); - if (CRYPTO_secure_malloc_init((size_t)1<<34, (size_t)1<<4) == 0) { - perror_line(); - } else if (!CRYPTO_secure_malloc_done()) { - perror_line(); - return 1; - } + TEST_info("Possible infinite loop: 1<<31 limit"); + if (TEST_true(CRYPTO_secure_malloc_init((size_t)1<<34, (size_t)1<<4) != 0)) + TEST_true(CRYPTO_secure_malloc_done()); } # endif /* this can complete - it was not really secure */ + testresult = 1; + end: + OPENSSL_secure_free(p); + OPENSSL_free(q); OPENSSL_secure_free(r); + OPENSSL_secure_free(s); + return testresult; #else + TEST_info("Secure memory is *not* implemented."); /* Should fail. */ - if (CRYPTO_secure_malloc_init(4096, 32)) { - perror_line(); - return 1; - } + return TEST_false(CRYPTO_secure_malloc_init(4096, 32)); #endif - return 0; +} + +static int test_sec_mem_clear(void) +{ +#ifdef OPENSSL_SECURE_MEMORY + const int size = 64; + unsigned char *p = NULL; + int i, res = 0; + + if (!TEST_true(CRYPTO_secure_malloc_init(4096, 32)) + || !TEST_ptr(p = OPENSSL_secure_malloc(size))) + goto err; + + for (i = 0; i < size; i++) + if (!TEST_uchar_eq(p[i], 0)) + goto err; + + for (i = 0; i < size; i++) + p[i] = (unsigned char)(i + ' ' + 1); + + OPENSSL_secure_free(p); + + /* + * A deliberate use after free here to verify that the memory has been + * cleared properly. Since secure free doesn't return the memory to + * libc's memory pool, it technically isn't freed. However, the header + * bytes have to be skipped and these consist of two pointers in the + * current implementation. + */ + for (i = sizeof(void *) * 2; i < size; i++) + if (!TEST_uchar_eq(p[i], 0)) + return 0; + + res = 1; + p = NULL; +err: + OPENSSL_secure_free(p); + CRYPTO_secure_malloc_done(); + return res; +#else + return 1; +#endif +} + +int setup_tests(void) +{ + ADD_TEST(test_sec_mem); + ADD_TEST(test_sec_mem_clear); + return 1; } diff --git a/deps/openssl/openssl/test/serverinfo2.pem b/deps/openssl/openssl/test/serverinfo2.pem new file mode 100644 index 00000000000000..792d5c0313dd5b --- /dev/null +++ b/deps/openssl/openssl/test/serverinfo2.pem @@ -0,0 +1,8 @@ +-----BEGIN SERVERINFOV2 FOR CT----- +AAARgAASAPIA8AB2AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6qP3LAAAB +Wxp+yVkAAAQDAEcwRQIhAMhZ7Se2olZ35Mqze2NlDsW35ttyIrRuHyi6F0KlzsSp +AiBDT8YLjNCUByVrD9jhoRbUy+t38fx9WbOWgRVxZ5xk2wB2AN3rHSt6DU+mIIuB +rYFocH4ujp0B1VyIjT0RxM227L7MAAABWxp+x80AAAQDAEcwRQIgEz/5SC+JA5Ko +0ivxGYf5XBCqjfcIrp2BpCVxyYA2ys0CIQC1kcCeihwwbiVFTjR8UecLaCd1l1ix +nopZ9ljhG018+g== +-----END SERVERINFOV2 FOR CT----- diff --git a/deps/openssl/openssl/test/session.pem b/deps/openssl/openssl/test/session.pem new file mode 100644 index 00000000000000..ea0b0bcec2387e --- /dev/null +++ b/deps/openssl/openssl/test/session.pem @@ -0,0 +1,31 @@ +-----BEGIN SSL SESSION PARAMETERS----- +MIIFSgIBAQICAwQEAhMCBCAUv8MKab5ruWM6I8xtEH++u+bb2B1OznYnDrRcpLll +6AQwzwJoGXOQ3uCa7bCy07owBiH4Bf13MiDtwaHSnNTEyfLEZBy3SgCE06wa5TJk +Fx8aoQYCBFsWdRqiBAICHCCjggPrMIID5zCCAs+gAwIBAgIJALnu1NlVpZ6zMA0G +CSqGSIb3DQEBBQUAMHAxCzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdy +b3VwMSIwIAYDVQQLDBlGT1IgVEVTVElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQD +DBxPcGVuU1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoX +DTIxMTAxNjE0MDE0OFowZDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wg +R3JvdXAxIjAgBgNVBAsMGUZPUiBURVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNV +BAMMEFRlc3QgU2VydmVyIENlcnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDzhPOSNtyyRspmeuUpxfNJKCLTuf7g3uQ4zu4iHOmRO5TQci+HhVlLZrHF +9XqFXcIP0y4pWDbMSGuiorUmzmfiR7bfSdI/+qIQt8KXRH6HNG1t8ou0VSvWId5T +S5Dq/er5ODUr9OaaDva7EquHIcMvvPQGuI+OEAcnleVCy9HVEIySrO4P3CNIicnG +kwwiAud05yUAq/gPXBC1hTtmlPD7TVcGVSEiJdvzqqlgv02qedGrkki6GY4S7GjZ +xrrf7Foc2EP+51LJzwLQx3/JfrCU41NEWAsu/Sl0tQabXESN+zJ1pDqoZ3uHMgpQ +jeGiE0olr+YcsSW/tJmiU9OiAr8RAgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAO +BgNVHQ8BAf8EBAMCBeAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVk +IENlcnRpZmljYXRlMB0GA1UdDgQWBBSCvM8AABPR9zklmifnr9LvIBturDAfBgNV +HSMEGDAWgBQ2w2yI55X+sL3szj49hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEA +qb1NV0B0/pbpK9Z4/bNjzPQLTRLKWnSNm/Jh5v0GEUOE/Beg7GNjNrmeNmqxAlpq +Wz9qoeoFZax+QBpIZYjROU3TS3fpyLsrnlr0CDQ5R7kCCDGa8dkXxemmpZZLbUCp +W2Uoy8sAA4JjN9OtsZY7dvUXFgJ7vVNTRnI01ghknbtD+2SxSQd3CWF6QhcRMAzZ +J1z1cbbwGDDzfvGFPzJ+Sq+zEPdsxoVLLSetCiBc+40ZcDS5dV98h9XD7JMTQfxz +A7mNGv73JoZJA6nFgj+ADSlJsY/tJBv+z1iQRueoh9Qeee+ZbRifPouCB8FDx+Al +tvHTANdAq0t/K3o+pplMVKQCBAClAwIBFakEAgIcIKqB0wSB0EMQ5938LY/ASVsV +0kStjTVOps9p3VT071bTjD3RR211+gLzBwGCk8gWNH1glJXjLAenh9E2ivDK1tYQ +3ODRdB3V46t9E78r0uAmSG/WMJ9OvkFlXyIhseYwvWW0P1cAYPI/j3Evgcyu9GIs +HSDVEKbBy9CJYCkW/SrT+2A3ouqp+wSW0XgDLFFB+mBte2Hg7wv2uILrYZ4Y0fNe +CUcTq8B+0EFEiq7p0KRGXwpSKYxNw7qZgg/Us3W85BYMnzYjfDzN0KHf+BI28VRT +Rjxuud2uBwIFANHVD/k= +-----END SSL SESSION PARAMETERS----- diff --git a/deps/openssl/openssl/test/sha1test.c b/deps/openssl/openssl/test/sha1test.c deleted file mode 100644 index 80ab122784a323..00000000000000 --- a/deps/openssl/openssl/test/sha1test.c +++ /dev/null @@ -1,111 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include - -#include "../e_os.h" -#include -#include - -#ifdef CHARSET_EBCDIC -# include -#endif - -static char test[][80] = { - { "abc" }, - { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" } -}; - -static char *ret[] = { - "a9993e364706816aba3e25717850c26c9cd0d89d", - "84983e441c3bd26ebaae4aa1f95129e5e54670f1", -}; - -static char *bigret = "34aa973cd4c4daa4f61eeb2bdbad27316534016f"; - -static char *pt(unsigned char *md); -int main(int argc, char *argv[]) -{ - unsigned int i; - int err = 0; - char **R; - static unsigned char buf[1000]; - char *p, *r; - EVP_MD_CTX *c; - unsigned char md[SHA_DIGEST_LENGTH]; - - c = EVP_MD_CTX_new(); - R = ret; - for (i = 0; i < OSSL_NELEM(test); i++) { -# ifdef CHARSET_EBCDIC - ebcdic2ascii(test[i], test[i], strlen(test[i])); -# endif - if (!EVP_Digest(test[i], strlen(test[i]), md, NULL, EVP_sha1(), - NULL)) { - printf("EVP_Digest() error\n"); - err++; - goto err; - } - p = pt(md); - if (strcmp(p, (char *)*R) != 0) { - printf("error calculating SHA1 on '%s'\n", test[i]); - printf("got %s instead of %s\n", p, *R); - err++; - } else - printf("test %d ok\n", i + 1); - R++; - } - - memset(buf, 'a', 1000); -#ifdef CHARSET_EBCDIC - ebcdic2ascii(buf, buf, 1000); -#endif /* CHARSET_EBCDIC */ - if (!EVP_DigestInit_ex(c, EVP_sha1(), NULL)) { - printf("EVP_DigestInit_ex() error\n"); - err++; - goto err; - } - for (i = 0; i < 1000; i++) { - if (!EVP_DigestUpdate(c, buf, 1000)) { - printf("EVP_DigestUpdate() error\n"); - err++; - goto err; - } - } - if (!EVP_DigestFinal_ex(c, md, NULL)) { - printf("EVP_DigestFinal() error\n"); - err++; - goto err; - } - p = pt(md); - - r = bigret; - if (strcmp(p, r) != 0) { - printf("error calculating SHA1 on 'a' * 1000\n"); - printf("got %s instead of %s\n", p, r); - err++; - } else - printf("test 3 ok\n"); - err: - EVP_MD_CTX_free(c); - EXIT(err); - return (0); -} - -static char *pt(unsigned char *md) -{ - int i; - static char buf[80]; - - for (i = 0; i < SHA_DIGEST_LENGTH; i++) - sprintf(&(buf[i * 2]), "%02x", md[i]); - return (buf); -} diff --git a/deps/openssl/openssl/test/sha256t.c b/deps/openssl/openssl/test/sha256t.c deleted file mode 100644 index 90262d96242d24..00000000000000 --- a/deps/openssl/openssl/test/sha256t.c +++ /dev/null @@ -1,177 +0,0 @@ -/* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include - -#include -#include - -static const unsigned char app_b1[SHA256_DIGEST_LENGTH] = { - 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, - 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23, - 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, - 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad -}; - -static const unsigned char app_b2[SHA256_DIGEST_LENGTH] = { - 0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8, - 0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39, - 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67, - 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1 -}; - -static const unsigned char app_b3[SHA256_DIGEST_LENGTH] = { - 0xcd, 0xc7, 0x6e, 0x5c, 0x99, 0x14, 0xfb, 0x92, - 0x81, 0xa1, 0xc7, 0xe2, 0x84, 0xd7, 0x3e, 0x67, - 0xf1, 0x80, 0x9a, 0x48, 0xa4, 0x97, 0x20, 0x0e, - 0x04, 0x6d, 0x39, 0xcc, 0xc7, 0x11, 0x2c, 0xd0 -}; - -static const unsigned char addenum_1[SHA224_DIGEST_LENGTH] = { - 0x23, 0x09, 0x7d, 0x22, 0x34, 0x05, 0xd8, 0x22, - 0x86, 0x42, 0xa4, 0x77, 0xbd, 0xa2, 0x55, 0xb3, - 0x2a, 0xad, 0xbc, 0xe4, 0xbd, 0xa0, 0xb3, 0xf7, - 0xe3, 0x6c, 0x9d, 0xa7 -}; - -static const unsigned char addenum_2[SHA224_DIGEST_LENGTH] = { - 0x75, 0x38, 0x8b, 0x16, 0x51, 0x27, 0x76, 0xcc, - 0x5d, 0xba, 0x5d, 0xa1, 0xfd, 0x89, 0x01, 0x50, - 0xb0, 0xc6, 0x45, 0x5c, 0xb4, 0xf5, 0x8b, 0x19, - 0x52, 0x52, 0x25, 0x25 -}; - -static const unsigned char addenum_3[SHA224_DIGEST_LENGTH] = { - 0x20, 0x79, 0x46, 0x55, 0x98, 0x0c, 0x91, 0xd8, - 0xbb, 0xb4, 0xc1, 0xea, 0x97, 0x61, 0x8a, 0x4b, - 0xf0, 0x3f, 0x42, 0x58, 0x19, 0x48, 0xb2, 0xee, - 0x4e, 0xe7, 0xad, 0x67 -}; - -int main(int argc, char **argv) -{ - unsigned char md[SHA256_DIGEST_LENGTH]; - int i; - EVP_MD_CTX *evp; - - fprintf(stdout, "Testing SHA-256 "); - - if (!EVP_Digest("abc", 3, md, NULL, EVP_sha256(), NULL)) - goto err; - if (memcmp(md, app_b1, sizeof(app_b1))) { - fflush(stdout); - fprintf(stderr, "\nTEST 1 of 3 failed.\n"); - return 1; - } else - fprintf(stdout, "."); - fflush(stdout); - - if (!EVP_Digest("abcdbcde" "cdefdefg" "efghfghi" "ghijhijk" - "ijkljklm" "klmnlmno" "mnopnopq", 56, md, - NULL, EVP_sha256(), NULL)) - goto err; - if (memcmp(md, app_b2, sizeof(app_b2))) { - fflush(stdout); - fprintf(stderr, "\nTEST 2 of 3 failed.\n"); - return 1; - } else - fprintf(stdout, "."); - fflush(stdout); - - evp = EVP_MD_CTX_new(); - if (evp == NULL) { - fflush(stdout); - fprintf(stderr, "\nTEST 3 of 3 failed. (malloc failure)\n"); - return 1; - } - if (!EVP_DigestInit_ex(evp, EVP_sha256(), NULL)) - goto err; - for (i = 0; i < 1000000; i += 288) { - if (!EVP_DigestUpdate(evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" - "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" - "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" - "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" - "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" - "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" - "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" - "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" - "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa", - (1000000 - i) < 288 ? 1000000 - i : 288)) - goto err; - } - if (!EVP_DigestFinal_ex(evp, md, NULL)) - goto err; - - if (memcmp(md, app_b3, sizeof(app_b3))) { - fflush(stdout); - fprintf(stderr, "\nTEST 3 of 3 failed.\n"); - return 1; - } else - fprintf(stdout, "."); - fflush(stdout); - - fprintf(stdout, " passed.\n"); - fflush(stdout); - - fprintf(stdout, "Testing SHA-224 "); - - if (!EVP_Digest("abc", 3, md, NULL, EVP_sha224(), NULL)) - goto err; - if (memcmp(md, addenum_1, sizeof(addenum_1))) { - fflush(stdout); - fprintf(stderr, "\nTEST 1 of 3 failed.\n"); - return 1; - } else - fprintf(stdout, "."); - fflush(stdout); - - if (!EVP_Digest("abcdbcde" "cdefdefg" "efghfghi" "ghijhijk" - "ijkljklm" "klmnlmno" "mnopnopq", 56, md, - NULL, EVP_sha224(), NULL)) - goto err; - if (memcmp(md, addenum_2, sizeof(addenum_2))) { - fflush(stdout); - fprintf(stderr, "\nTEST 2 of 3 failed.\n"); - return 1; - } else - fprintf(stdout, "."); - fflush(stdout); - - EVP_MD_CTX_reset(evp); - if (!EVP_DigestInit_ex(evp, EVP_sha224(), NULL)) - goto err; - for (i = 0; i < 1000000; i += 64) { - if (!EVP_DigestUpdate(evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" - "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa", - (1000000 - i) < 64 ? 1000000 - i : 64)) - goto err; - } - if (!EVP_DigestFinal_ex(evp, md, NULL)) - goto err; - EVP_MD_CTX_free(evp); - - if (memcmp(md, addenum_3, sizeof(addenum_3))) { - fflush(stdout); - fprintf(stderr, "\nTEST 3 of 3 failed.\n"); - return 1; - } else - fprintf(stdout, "."); - fflush(stdout); - - fprintf(stdout, " passed.\n"); - fflush(stdout); - - return 0; - - err: - fprintf(stderr, "Fatal EVP error!\n"); - return 1; -} diff --git a/deps/openssl/openssl/test/sha512t.c b/deps/openssl/openssl/test/sha512t.c deleted file mode 100644 index 18cdf397361041..00000000000000 --- a/deps/openssl/openssl/test/sha512t.c +++ /dev/null @@ -1,199 +0,0 @@ -/* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include - -#include -#include -#include - -static const unsigned char app_c1[SHA512_DIGEST_LENGTH] = { - 0xdd, 0xaf, 0x35, 0xa1, 0x93, 0x61, 0x7a, 0xba, - 0xcc, 0x41, 0x73, 0x49, 0xae, 0x20, 0x41, 0x31, - 0x12, 0xe6, 0xfa, 0x4e, 0x89, 0xa9, 0x7e, 0xa2, - 0x0a, 0x9e, 0xee, 0xe6, 0x4b, 0x55, 0xd3, 0x9a, - 0x21, 0x92, 0x99, 0x2a, 0x27, 0x4f, 0xc1, 0xa8, - 0x36, 0xba, 0x3c, 0x23, 0xa3, 0xfe, 0xeb, 0xbd, - 0x45, 0x4d, 0x44, 0x23, 0x64, 0x3c, 0xe8, 0x0e, - 0x2a, 0x9a, 0xc9, 0x4f, 0xa5, 0x4c, 0xa4, 0x9f -}; - -static const unsigned char app_c2[SHA512_DIGEST_LENGTH] = { - 0x8e, 0x95, 0x9b, 0x75, 0xda, 0xe3, 0x13, 0xda, - 0x8c, 0xf4, 0xf7, 0x28, 0x14, 0xfc, 0x14, 0x3f, - 0x8f, 0x77, 0x79, 0xc6, 0xeb, 0x9f, 0x7f, 0xa1, - 0x72, 0x99, 0xae, 0xad, 0xb6, 0x88, 0x90, 0x18, - 0x50, 0x1d, 0x28, 0x9e, 0x49, 0x00, 0xf7, 0xe4, - 0x33, 0x1b, 0x99, 0xde, 0xc4, 0xb5, 0x43, 0x3a, - 0xc7, 0xd3, 0x29, 0xee, 0xb6, 0xdd, 0x26, 0x54, - 0x5e, 0x96, 0xe5, 0x5b, 0x87, 0x4b, 0xe9, 0x09 -}; - -static const unsigned char app_c3[SHA512_DIGEST_LENGTH] = { - 0xe7, 0x18, 0x48, 0x3d, 0x0c, 0xe7, 0x69, 0x64, - 0x4e, 0x2e, 0x42, 0xc7, 0xbc, 0x15, 0xb4, 0x63, - 0x8e, 0x1f, 0x98, 0xb1, 0x3b, 0x20, 0x44, 0x28, - 0x56, 0x32, 0xa8, 0x03, 0xaf, 0xa9, 0x73, 0xeb, - 0xde, 0x0f, 0xf2, 0x44, 0x87, 0x7e, 0xa6, 0x0a, - 0x4c, 0xb0, 0x43, 0x2c, 0xe5, 0x77, 0xc3, 0x1b, - 0xeb, 0x00, 0x9c, 0x5c, 0x2c, 0x49, 0xaa, 0x2e, - 0x4e, 0xad, 0xb2, 0x17, 0xad, 0x8c, 0xc0, 0x9b -}; - -static const unsigned char app_d1[SHA384_DIGEST_LENGTH] = { - 0xcb, 0x00, 0x75, 0x3f, 0x45, 0xa3, 0x5e, 0x8b, - 0xb5, 0xa0, 0x3d, 0x69, 0x9a, 0xc6, 0x50, 0x07, - 0x27, 0x2c, 0x32, 0xab, 0x0e, 0xde, 0xd1, 0x63, - 0x1a, 0x8b, 0x60, 0x5a, 0x43, 0xff, 0x5b, 0xed, - 0x80, 0x86, 0x07, 0x2b, 0xa1, 0xe7, 0xcc, 0x23, - 0x58, 0xba, 0xec, 0xa1, 0x34, 0xc8, 0x25, 0xa7 -}; - -static const unsigned char app_d2[SHA384_DIGEST_LENGTH] = { - 0x09, 0x33, 0x0c, 0x33, 0xf7, 0x11, 0x47, 0xe8, - 0x3d, 0x19, 0x2f, 0xc7, 0x82, 0xcd, 0x1b, 0x47, - 0x53, 0x11, 0x1b, 0x17, 0x3b, 0x3b, 0x05, 0xd2, - 0x2f, 0xa0, 0x80, 0x86, 0xe3, 0xb0, 0xf7, 0x12, - 0xfc, 0xc7, 0xc7, 0x1a, 0x55, 0x7e, 0x2d, 0xb9, - 0x66, 0xc3, 0xe9, 0xfa, 0x91, 0x74, 0x60, 0x39 -}; - -static const unsigned char app_d3[SHA384_DIGEST_LENGTH] = { - 0x9d, 0x0e, 0x18, 0x09, 0x71, 0x64, 0x74, 0xcb, - 0x08, 0x6e, 0x83, 0x4e, 0x31, 0x0a, 0x4a, 0x1c, - 0xed, 0x14, 0x9e, 0x9c, 0x00, 0xf2, 0x48, 0x52, - 0x79, 0x72, 0xce, 0xc5, 0x70, 0x4c, 0x2a, 0x5b, - 0x07, 0xb8, 0xb3, 0xdc, 0x38, 0xec, 0xc4, 0xeb, - 0xae, 0x97, 0xdd, 0xd8, 0x7f, 0x3d, 0x89, 0x85 -}; - -int main(int argc, char **argv) -{ - unsigned char md[SHA512_DIGEST_LENGTH]; - int i; - EVP_MD_CTX *evp; - - fprintf(stdout, "Testing SHA-512 "); - - if (!EVP_Digest("abc", 3, md, NULL, EVP_sha512(), NULL)) - goto err; - if (memcmp(md, app_c1, sizeof(app_c1))) { - fflush(stdout); - fprintf(stderr, "\nTEST 1 of 3 failed.\n"); - return 1; - } else - fprintf(stdout, "."); - fflush(stdout); - - if (!EVP_Digest("abcdefgh" "bcdefghi" "cdefghij" "defghijk" - "efghijkl" "fghijklm" "ghijklmn" "hijklmno" - "ijklmnop" "jklmnopq" "klmnopqr" "lmnopqrs" - "mnopqrst" "nopqrstu", 112, md, NULL, EVP_sha512(), NULL)) - goto err; - if (memcmp(md, app_c2, sizeof(app_c2))) { - fflush(stdout); - fprintf(stderr, "\nTEST 2 of 3 failed.\n"); - return 1; - } else - fprintf(stdout, "."); - fflush(stdout); - - evp = EVP_MD_CTX_new(); - if (evp == NULL) { - fflush(stdout); - fprintf(stderr, "\nTEST 3 of 3 failed. (malloc failure)\n"); - return 1; - } - if (!EVP_DigestInit_ex(evp, EVP_sha512(), NULL)) - goto err; - for (i = 0; i < 1000000; i += 288) { - if (!EVP_DigestUpdate(evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" - "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" - "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" - "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" - "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" - "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" - "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" - "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" - "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa", - (1000000 - i) < 288 ? 1000000 - i : 288)) - goto err; - } - if (!EVP_DigestFinal_ex(evp, md, NULL)) - goto err; - EVP_MD_CTX_reset(evp); - - if (memcmp(md, app_c3, sizeof(app_c3))) { - fflush(stdout); - fprintf(stderr, "\nTEST 3 of 3 failed.\n"); - return 1; - } else - fprintf(stdout, "."); - fflush(stdout); - - fprintf(stdout, " passed.\n"); - fflush(stdout); - - fprintf(stdout, "Testing SHA-384 "); - - if (!EVP_Digest("abc", 3, md, NULL, EVP_sha384(), NULL)) - goto err; - if (memcmp(md, app_d1, sizeof(app_d1))) { - fflush(stdout); - fprintf(stderr, "\nTEST 1 of 3 failed.\n"); - return 1; - } else - fprintf(stdout, "."); - fflush(stdout); - - if (!EVP_Digest("abcdefgh" "bcdefghi" "cdefghij" "defghijk" - "efghijkl" "fghijklm" "ghijklmn" "hijklmno" - "ijklmnop" "jklmnopq" "klmnopqr" "lmnopqrs" - "mnopqrst" "nopqrstu", 112, md, NULL, EVP_sha384(), NULL)) - goto err; - if (memcmp(md, app_d2, sizeof(app_d2))) { - fflush(stdout); - fprintf(stderr, "\nTEST 2 of 3 failed.\n"); - return 1; - } else - fprintf(stdout, "."); - fflush(stdout); - - if (!EVP_DigestInit_ex(evp, EVP_sha384(), NULL)) - goto err; - for (i = 0; i < 1000000; i += 64) { - if (!EVP_DigestUpdate(evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" - "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa", - (1000000 - i) < 64 ? 1000000 - i : 64)) - goto err; - } - if (!EVP_DigestFinal_ex(evp, md, NULL)) - goto err; - EVP_MD_CTX_free(evp); - - if (memcmp(md, app_d3, sizeof(app_d3))) { - fflush(stdout); - fprintf(stderr, "\nTEST 3 of 3 failed.\n"); - return 1; - } else - fprintf(stdout, "."); - fflush(stdout); - - fprintf(stdout, " passed.\n"); - fflush(stdout); - - return 0; - - err: - fflush(stdout); - fprintf(stderr, "\nFatal EVP error!\n"); - return 1; -} diff --git a/deps/openssl/openssl/test/shlibloadtest.c b/deps/openssl/openssl/test/shlibloadtest.c index d584413ac9be57..53714aa1259160 100644 --- a/deps/openssl/openssl/test/shlibloadtest.c +++ b/deps/openssl/openssl/test/shlibloadtest.c @@ -11,205 +11,151 @@ #include #include #include +#include +#include +#include "internal/dso_conf.h" +#include "testutil.h" -/* The test is only currently implemented for DSO_DLFCN and DSO_WIN32 */ -#if defined(DSO_DLFCN) || defined(DSO_WIN32) - -#define SSL_CTX_NEW "SSL_CTX_new" -#define SSL_CTX_FREE "SSL_CTX_free" -#define TLS_METHOD "TLS_method" - -#define ERR_GET_ERROR "ERR_get_error" -#define OPENSSL_VERSION_NUM_FUNC "OpenSSL_version_num" +typedef void DSO; -typedef struct ssl_ctx_st SSL_CTX; -typedef struct ssl_method_st SSL_METHOD; typedef const SSL_METHOD * (*TLS_method_t)(void); typedef SSL_CTX * (*SSL_CTX_new_t)(const SSL_METHOD *meth); typedef void (*SSL_CTX_free_t)(SSL_CTX *); - typedef unsigned long (*ERR_get_error_t)(void); typedef unsigned long (*OpenSSL_version_num_t)(void); +typedef DSO * (*DSO_dsobyaddr_t)(void (*addr)(void), int flags); +typedef int (*DSO_free_t)(DSO *dso); -static TLS_method_t TLS_method; -static SSL_CTX_new_t SSL_CTX_new; -static SSL_CTX_free_t SSL_CTX_free; +typedef enum test_types_en { + CRYPTO_FIRST, + SSL_FIRST, + JUST_CRYPTO, + DSO_REFTEST +} TEST_TYPE; -static ERR_get_error_t ERR_get_error; -static OpenSSL_version_num_t OpenSSL_version_num; +static TEST_TYPE test_type; +static const char *path_crypto; +static const char *path_ssl; #ifdef DSO_DLFCN -# define DSO_DSOBYADDR "DSO_dsobyaddr" -# define DSO_FREE "DSO_free" - -typedef void DSO; -typedef DSO * (*DSO_dsobyaddr_t)(void (*addr)(void), int flags); -typedef int (*DSO_free_t)(DSO *dso); - -static DSO_dsobyaddr_t DSO_dsobyaddr; -static DSO_free_t DSO_free; - # include -typedef void * SHLIB; -typedef void * SHLIB_SYM; # define SHLIB_INIT NULL +typedef void *SHLIB; +typedef void *SHLIB_SYM; + static int shlib_load(const char *filename, SHLIB *lib) { - *lib = dlopen(filename, RTLD_GLOBAL | RTLD_LAZY); - - if (*lib == NULL) - return 0; - - return 1; + int dl_flags = (RTLD_GLOBAL|RTLD_LAZY); +#ifdef _AIX + if (filename[strlen(filename) - 1] == ')') + dl_flags |= RTLD_MEMBER; +#endif + *lib = dlopen(filename, dl_flags); + return *lib == NULL ? 0 : 1; } static int shlib_sym(SHLIB lib, const char *symname, SHLIB_SYM *sym) { *sym = dlsym(lib, symname); - return *sym != NULL; } static int shlib_close(SHLIB lib) { - if (dlclose(lib) != 0) - return 0; - - return 1; + return dlclose(lib) != 0 ? 0 : 1; } +#endif -#elif defined(DSO_WIN32) +#ifdef DSO_WIN32 # include -typedef HINSTANCE SHLIB; -typedef void * SHLIB_SYM; # define SHLIB_INIT 0 +typedef HINSTANCE SHLIB; +typedef void *SHLIB_SYM; + static int shlib_load(const char *filename, SHLIB *lib) { *lib = LoadLibraryA(filename); - if (*lib == NULL) - return 0; - - return 1; + return *lib == NULL ? 0 : 1; } static int shlib_sym(SHLIB lib, const char *symname, SHLIB_SYM *sym) { *sym = (SHLIB_SYM)GetProcAddress(lib, symname); - return *sym != NULL; } static int shlib_close(SHLIB lib) { - if (FreeLibrary(lib) == 0) - return 0; - - return 1; + return FreeLibrary(lib) == 0 ? 0 : 1; } - #endif -# define CRYPTO_FIRST_OPT "-crypto_first" -# define SSL_FIRST_OPT "-ssl_first" -# define JUST_CRYPTO_OPT "-just_crypto" -# define DSO_REFTEST_OPT "-dso_ref" -enum test_types_en { - CRYPTO_FIRST, - SSL_FIRST, - JUST_CRYPTO, - DSO_REFTEST -}; +#if defined(DSO_DLFCN) || defined(DSO_WIN32) -int main(int argc, char **argv) +static int test_lib(void) { - SHLIB ssllib = SHLIB_INIT, cryptolib = SHLIB_INIT; + SHLIB ssllib = SHLIB_INIT; + SHLIB cryptolib = SHLIB_INIT; SSL_CTX *ctx; union { - void (*func) (void); + void (*func)(void); SHLIB_SYM sym; - } tls_method_sym, ssl_ctx_new_sym, ssl_ctx_free_sym, err_get_error_sym, - openssl_version_num_sym, dso_dsobyaddr_sym, dso_free_sym; - enum test_types_en test_type; - int i; - - if (argc != 4) { - printf("Unexpected number of arguments\n"); - return 1; - } - - if (strcmp(argv[1], CRYPTO_FIRST_OPT) == 0) { - test_type = CRYPTO_FIRST; - } else if (strcmp(argv[1], SSL_FIRST_OPT) == 0) { - test_type = SSL_FIRST; - } else if (strcmp(argv[1], JUST_CRYPTO_OPT) == 0) { - test_type = JUST_CRYPTO; - } else if (strcmp(argv[1], DSO_REFTEST_OPT) == 0) { - test_type = DSO_REFTEST; - } else { - printf("Unrecognised argument\n"); - return 1; - } - - for (i = 0; i < 2; i++) { - if ((i == 0 && (test_type == CRYPTO_FIRST - || test_type == JUST_CRYPTO - || test_type == DSO_REFTEST)) - || (i == 1 && test_type == SSL_FIRST)) { - if (!shlib_load(argv[2], &cryptolib)) { - printf("Unable to load libcrypto\n"); - return 1; - } - } - if ((i == 0 && test_type == SSL_FIRST) - || (i == 1 && test_type == CRYPTO_FIRST)) { - if (!shlib_load(argv[3], &ssllib)) { - printf("Unable to load libssl\n"); - return 1; - } - } + } symbols[3]; + TLS_method_t myTLS_method; + SSL_CTX_new_t mySSL_CTX_new; + SSL_CTX_free_t mySSL_CTX_free; + ERR_get_error_t myERR_get_error; + OpenSSL_version_num_t myOpenSSL_version_num; + int result = 0; + + switch (test_type) { + case JUST_CRYPTO: + if (!TEST_true(shlib_load(path_crypto, &cryptolib))) + goto end; + break; + case CRYPTO_FIRST: + if (!TEST_true(shlib_load(path_crypto, &cryptolib)) + || !TEST_true(shlib_load(path_ssl, &ssllib))) + goto end; + break; + case SSL_FIRST: + if (!TEST_true(shlib_load(path_ssl, &ssllib)) + || !TEST_true(shlib_load(path_crypto, &cryptolib))) + goto end; + break; + case DSO_REFTEST: + if (!TEST_true(shlib_load(path_crypto, &cryptolib))) + goto end; + break; } if (test_type != JUST_CRYPTO && test_type != DSO_REFTEST) { - if (!shlib_sym(ssllib, TLS_METHOD, &tls_method_sym.sym) - || !shlib_sym(ssllib, SSL_CTX_NEW, &ssl_ctx_new_sym.sym) - || !shlib_sym(ssllib, SSL_CTX_FREE, &ssl_ctx_free_sym.sym)) { - printf("Unable to load ssl symbols\n"); - return 1; - } - - TLS_method = (TLS_method_t)tls_method_sym.func; - SSL_CTX_new = (SSL_CTX_new_t)ssl_ctx_new_sym.func; - SSL_CTX_free = (SSL_CTX_free_t)ssl_ctx_free_sym.func; - - ctx = SSL_CTX_new(TLS_method()); - if (ctx == NULL) { - printf("Unable to create SSL_CTX\n"); - return 1; - } - SSL_CTX_free(ctx); + if (!TEST_true(shlib_sym(ssllib, "TLS_method", &symbols[0].sym)) + || !TEST_true(shlib_sym(ssllib, "SSL_CTX_new", &symbols[1].sym)) + || !TEST_true(shlib_sym(ssllib, "SSL_CTX_free", &symbols[2].sym))) + goto end; + myTLS_method = (TLS_method_t)symbols[0].func; + mySSL_CTX_new = (SSL_CTX_new_t)symbols[1].func; + mySSL_CTX_free = (SSL_CTX_free_t)symbols[2].func; + if (!TEST_ptr(ctx = mySSL_CTX_new(myTLS_method()))) + goto end; + mySSL_CTX_free(ctx); } - if (!shlib_sym(cryptolib, ERR_GET_ERROR, &err_get_error_sym.sym) - || !shlib_sym(cryptolib, OPENSSL_VERSION_NUM_FUNC, - &openssl_version_num_sym.sym)) { - printf("Unable to load crypto symbols\n"); - return 1; - } - - ERR_get_error = (ERR_get_error_t)err_get_error_sym.func; - OpenSSL_version_num = (OpenSSL_version_num_t)openssl_version_num_sym.func; - - if (ERR_get_error() != 0) { - printf("Unexpected error in error queue\n"); - return 1; - } + if (!TEST_true(shlib_sym(cryptolib, "ERR_get_error", &symbols[0].sym)) + || !TEST_true(shlib_sym(cryptolib, "OpenSSL_version_num", + &symbols[1].sym))) + goto end; + myERR_get_error = (ERR_get_error_t)symbols[0].func; + if (!TEST_int_eq(myERR_get_error(), 0)) + goto end; /* * The bits that COMPATIBILITY_MASK lets through MUST be the same in @@ -218,20 +164,19 @@ int main(int argc, char **argv) * the library compared to the application. */ # define COMPATIBILITY_MASK 0xfff00000L - if ((OpenSSL_version_num() & COMPATIBILITY_MASK) - != (OPENSSL_VERSION_NUMBER & COMPATIBILITY_MASK)) { - printf("Unexpected library version loaded\n"); - return 1; - } - - if ((OpenSSL_version_num() & ~COMPATIBILITY_MASK) - < (OPENSSL_VERSION_NUMBER & ~COMPATIBILITY_MASK)) { - printf("Unexpected library version loaded\n"); - return 1; - } + myOpenSSL_version_num = (OpenSSL_version_num_t)symbols[1].func; + if (!TEST_int_eq(myOpenSSL_version_num() & COMPATIBILITY_MASK, + OPENSSL_VERSION_NUMBER & COMPATIBILITY_MASK)) + goto end; + if (!TEST_int_ge(myOpenSSL_version_num() & ~COMPATIBILITY_MASK, + OPENSSL_VERSION_NUMBER & ~COMPATIBILITY_MASK)) + goto end; if (test_type == DSO_REFTEST) { # ifdef DSO_DLFCN + DSO_dsobyaddr_t myDSO_dsobyaddr; + DSO_free_t myDSO_free; + /* * This is resembling the code used in ossl_init_base() and * OPENSSL_atexit() to block unloading the library after dlclose(). @@ -240,54 +185,74 @@ int main(int argc, char **argv) * will always return an error, because DSO_pathbyaddr() is not * implemented there. */ - if (!shlib_sym(cryptolib, DSO_DSOBYADDR, &dso_dsobyaddr_sym.sym) - || !shlib_sym(cryptolib, DSO_FREE, &dso_free_sym.sym)) { - printf("Unable to load crypto dso symbols\n"); - return 1; - } + if (!TEST_true(shlib_sym(cryptolib, "DSO_dsobyaddr", &symbols[0].sym)) + || !TEST_true(shlib_sym(cryptolib, "DSO_free", + &symbols[1].sym))) + goto end; - DSO_dsobyaddr = (DSO_dsobyaddr_t)dso_dsobyaddr_sym.func; - DSO_free = (DSO_free_t)dso_free_sym.func; + myDSO_dsobyaddr = (DSO_dsobyaddr_t)symbols[0].func; + myDSO_free = (DSO_free_t)symbols[1].func; { DSO *hndl; /* use known symbol from crypto module */ - if ((hndl = DSO_dsobyaddr((void (*)(void))ERR_get_error, 0)) != NULL) { - DSO_free(hndl); - } else { - printf("Unable to obtain DSO reference from crypto symbol\n"); - return 1; - } + if (!TEST_ptr(hndl = myDSO_dsobyaddr((void (*)(void))ERR_get_error, 0))) + goto end; + myDSO_free(hndl); } # endif /* DSO_DLFCN */ } - for (i = 0; i < 2; i++) { - if ((i == 0 && test_type == CRYPTO_FIRST) - || (i == 1 && test_type == SSL_FIRST)) { - if (!shlib_close(ssllib)) { - printf("Unable to close libssl\n"); - return 1; - } - } - if ((i == 0 && (test_type == SSL_FIRST - || test_type == JUST_CRYPTO - || test_type == DSO_REFTEST)) - || (i == 1 && test_type == CRYPTO_FIRST)) { - if (!shlib_close(cryptolib)) { - printf("Unable to close libcrypto\n"); - return 1; - } - } + switch (test_type) { + case JUST_CRYPTO: + if (!TEST_true(shlib_close(cryptolib))) + goto end; + break; + case CRYPTO_FIRST: + if (!TEST_true(shlib_close(cryptolib)) + || !TEST_true(shlib_close(ssllib))) + goto end; + break; + case SSL_FIRST: + if (!TEST_true(shlib_close(ssllib)) + || !TEST_true(shlib_close(cryptolib))) + goto end; + break; + case DSO_REFTEST: + if (!TEST_true(shlib_close(cryptolib))) + goto end; + break; } - printf("Success\n"); - return 0; + result = 1; +end: + return result; } -#else -int main(void) +#endif + + +int setup_tests(void) { - printf("Test not implemented on this platform\n"); - return 0; -} + const char *p = test_get_argument(0); + + if (strcmp(p, "-crypto_first") == 0) { + test_type = CRYPTO_FIRST; + } else if (strcmp(p, "-ssl_first") == 0) { + test_type = SSL_FIRST; + } else if (strcmp(p, "-just_crypto") == 0) { + test_type = JUST_CRYPTO; + } else if (strcmp(p, "-dso_ref") == 0) { + test_type = JUST_CRYPTO; + } else { + TEST_error("Unrecognised argument"); + return 0; + } + if (!TEST_ptr(path_crypto = test_get_argument(1)) + || !TEST_ptr(path_ssl = test_get_argument(2))) + return 0; + +#if defined(DSO_DLFCN) || defined(DSO_WIN32) + ADD_TEST(test_lib); #endif + return 1; +} diff --git a/deps/openssl/openssl/test/srptest.c b/deps/openssl/openssl/test/srptest.c index 73b3881ec68bb5..bb1682e714c3c2 100644 --- a/deps/openssl/openssl/test/srptest.c +++ b/deps/openssl/openssl/test/srptest.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,36 +8,22 @@ */ #include -#ifdef OPENSSL_NO_SRP +# include "testutil.h" +#ifdef OPENSSL_NO_SRP # include - -int main(int argc, char *argv[]) -{ - printf("No SRP support\n"); - return (0); -} - #else # include # include # include -static void showbn(const char *name, const BIGNUM *bn) -{ - fputs(name, stdout); - fputs(" = ", stdout); - BN_print_fp(stdout, bn); - putc('\n', stdout); -} - # define RANDOM_SIZE 32 /* use 256 bits on each side */ static int run_srp(const char *username, const char *client_pass, const char *server_pass) { - int ret = -1; + int ret = 0; BIGNUM *s = NULL; BIGNUM *v = NULL; BIGNUM *a = NULL; @@ -50,52 +36,48 @@ static int run_srp(const char *username, const char *client_pass, BIGNUM *Kserver = NULL; unsigned char rand_tmp[RANDOM_SIZE]; /* use builtin 1024-bit params */ - const SRP_gN *GN = SRP_get_default_gN("1024"); + const SRP_gN *GN; + + if (!TEST_ptr(GN = SRP_get_default_gN("1024"))) + return 0; - if (GN == NULL) { - fprintf(stderr, "Failed to get SRP parameters\n"); - return -1; - } /* Set up server's password entry */ - if (!SRP_create_verifier_BN(username, server_pass, &s, &v, GN->N, GN->g)) { - fprintf(stderr, "Failed to create SRP verifier\n"); - return -1; - } + if (!TEST_true(SRP_create_verifier_BN(username, server_pass, + &s, &v, GN->N, GN->g))) + goto end; - showbn("N", GN->N); - showbn("g", GN->g); - showbn("Salt", s); - showbn("Verifier", v); + test_output_bignum("N", GN->N); + test_output_bignum("g", GN->g); + test_output_bignum("Salt", s); + test_output_bignum("Verifier", v); /* Server random */ RAND_bytes(rand_tmp, sizeof(rand_tmp)); b = BN_bin2bn(rand_tmp, sizeof(rand_tmp), NULL); - /* TODO - check b != 0 */ - showbn("b", b); + if (!TEST_BN_ne_zero(b)) + goto end; + test_output_bignum("b", b); /* Server's first message */ Bpub = SRP_Calc_B(b, GN->N, GN->g, v); - showbn("B", Bpub); + test_output_bignum("B", Bpub); - if (!SRP_Verify_B_mod_N(Bpub, GN->N)) { - fprintf(stderr, "Invalid B\n"); - return -1; - } + if (!TEST_true(SRP_Verify_B_mod_N(Bpub, GN->N))) + goto end; /* Client random */ RAND_bytes(rand_tmp, sizeof(rand_tmp)); a = BN_bin2bn(rand_tmp, sizeof(rand_tmp), NULL); - /* TODO - check a != 0 */ - showbn("a", a); + if (!TEST_BN_ne_zero(a)) + goto end; + test_output_bignum("a", a); /* Client's response */ Apub = SRP_Calc_A(a, GN->N, GN->g); - showbn("A", Apub); + test_output_bignum("A", Apub); - if (!SRP_Verify_A_mod_N(Apub, GN->N)) { - fprintf(stderr, "Invalid A\n"); - return -1; - } + if (!TEST_true(SRP_Verify_A_mod_N(Apub, GN->N))) + goto end; /* Both sides calculate u */ u = SRP_Calc_u(Apub, Bpub, GN->N); @@ -103,19 +85,18 @@ static int run_srp(const char *username, const char *client_pass, /* Client's key */ x = SRP_Calc_x(s, username, client_pass); Kclient = SRP_Calc_client_key(GN->N, Bpub, GN->g, x, a, u); - showbn("Client's key", Kclient); + test_output_bignum("Client's key", Kclient); /* Server's key */ Kserver = SRP_Calc_server_key(Apub, v, u, b, GN->N); - showbn("Server's key", Kserver); + test_output_bignum("Server's key", Kserver); - if (BN_cmp(Kclient, Kserver) == 0) { - ret = 0; - } else { - fprintf(stderr, "Keys mismatch\n"); - ret = 1; - } + if (!TEST_BN_eq(Kclient, Kserver)) + goto end; + ret = 1; + +end: BN_clear_free(Kclient); BN_clear_free(Kserver); BN_clear_free(x); @@ -133,25 +114,16 @@ static int run_srp(const char *username, const char *client_pass, static int check_bn(const char *name, const BIGNUM *bn, const char *hexbn) { BIGNUM *tmp = NULL; - int rv; - if (BN_hex2bn(&tmp, hexbn) == 0) + int r; + + if (!TEST_true(BN_hex2bn(&tmp, hexbn))) return 0; - rv = BN_cmp(bn, tmp); - if (rv == 0) { - printf("%s = ", name); - BN_print_fp(stdout, bn); - printf("\n"); - BN_free(tmp); - return 1; - } - printf("Unexpected %s value\n", name); - printf("Expecting: "); - BN_print_fp(stdout, tmp); - printf("\nReceived: "); - BN_print_fp(stdout, bn); - printf("\n"); + + if (BN_cmp(bn, tmp) != 0) + TEST_error("unexpected %s value", name); + r = TEST_BN_eq(bn, tmp); BN_free(tmp); - return 0; + return r; } /* SRP test vectors from RFC5054 */ @@ -169,27 +141,25 @@ static int run_srp_kat(void) BIGNUM *Kclient = NULL; BIGNUM *Kserver = NULL; /* use builtin 1024-bit params */ - const SRP_gN *GN = SRP_get_default_gN("1024"); + const SRP_gN *GN; - if (GN == NULL) { - fprintf(stderr, "Failed to get SRP parameters\n"); + if (!TEST_ptr(GN = SRP_get_default_gN("1024"))) goto err; - } BN_hex2bn(&s, "BEB25379D1A8581EB5A727673A2441EE"); /* Set up server's password entry */ - if (!SRP_create_verifier_BN("alice", "password123", &s, &v, GN->N, - GN->g)) { - fprintf(stderr, "Failed to create SRP verifier\n"); + if (!TEST_true(SRP_create_verifier_BN("alice", "password123", &s, &v, GN->N, + GN->g))) goto err; - } - if (!check_bn("v", v, + TEST_info("checking v"); + if (!TEST_true(check_bn("v", v, "7E273DE8696FFC4F4E337D05B4B375BEB0DDE1569E8FA00A9886D812" "9BADA1F1822223CA1A605B530E379BA4729FDC59F105B4787E5186F5" "C671085A1447B52A48CF1970B4FB6F8400BBF4CEBFBB168152E08AB5" "EA53D15C1AFF87B2B9DA6E04E058AD51CC72BFC9033B564E26480D78" - "E955A5E29E7AB245DB2BE315E2099AFB")) + "E955A5E29E7AB245DB2BE315E2099AFB"))) goto err; + TEST_note(" okay"); /* Server random */ BN_hex2bn(&b, "E487CB59D31AC550471E81F00F6928E01DDA08E974A004F49E61F5D1" @@ -197,19 +167,18 @@ static int run_srp_kat(void) /* Server's first message */ Bpub = SRP_Calc_B(b, GN->N, GN->g, v); - - if (!SRP_Verify_B_mod_N(Bpub, GN->N)) { - fprintf(stderr, "Invalid B\n"); + if (!TEST_true(SRP_Verify_B_mod_N(Bpub, GN->N))) goto err; - } - if (!check_bn("B", Bpub, + TEST_info("checking B"); + if (!TEST_true(check_bn("B", Bpub, "BD0C61512C692C0CB6D041FA01BB152D4916A1E77AF46AE105393011" "BAF38964DC46A0670DD125B95A981652236F99D9B681CBF87837EC99" "6C6DA04453728610D0C6DDB58B318885D7D82C7F8DEB75CE7BD4FBAA" "37089E6F9C6059F388838E7A00030B331EB76840910440B1B27AAEAE" - "EB4012B7D7665238A8E3FB004B117B58")) + "EB4012B7D7665238A8E3FB004B117B58"))) goto err; + TEST_note(" okay"); /* Client random */ BN_hex2bn(&a, "60975527035CF2AD1989806F0407210BC81EDC04E2762A56AFD529DD" @@ -217,49 +186,54 @@ static int run_srp_kat(void) /* Client's response */ Apub = SRP_Calc_A(a, GN->N, GN->g); + if (!TEST_true(SRP_Verify_A_mod_N(Apub, GN->N))) + goto err; - if (!SRP_Verify_A_mod_N(Apub, GN->N)) { - fprintf(stderr, "Invalid A\n"); - return -1; - } - - if (!check_bn("A", Apub, + TEST_info("checking A"); + if (!TEST_true(check_bn("A", Apub, "61D5E490F6F1B79547B0704C436F523DD0E560F0C64115BB72557EC4" "4352E8903211C04692272D8B2D1A5358A2CF1B6E0BFCF99F921530EC" "8E39356179EAE45E42BA92AEACED825171E1E8B9AF6D9C03E1327F44" "BE087EF06530E69F66615261EEF54073CA11CF5858F0EDFDFE15EFEA" - "B349EF5D76988A3672FAC47B0769447B")) + "B349EF5D76988A3672FAC47B0769447B"))) goto err; + TEST_note(" okay"); /* Both sides calculate u */ u = SRP_Calc_u(Apub, Bpub, GN->N); - if (!check_bn("u", u, "CE38B9593487DA98554ED47D70A7AE5F462EF019")) + if (!TEST_true(check_bn("u", u, + "CE38B9593487DA98554ED47D70A7AE5F462EF019"))) goto err; /* Client's key */ x = SRP_Calc_x(s, "alice", "password123"); Kclient = SRP_Calc_client_key(GN->N, Bpub, GN->g, x, a, u); - if (!check_bn("Client's key", Kclient, + TEST_info("checking client's key"); + if (!TEST_true(check_bn("Client's key", Kclient, "B0DC82BABCF30674AE450C0287745E7990A3381F63B387AAF271A10D" "233861E359B48220F7C4693C9AE12B0A6F67809F0876E2D013800D6C" "41BB59B6D5979B5C00A172B4A2A5903A0BDCAF8A709585EB2AFAFA8F" "3499B200210DCC1F10EB33943CD67FC88A2F39A4BE5BEC4EC0A3212D" - "C346D7E474B29EDE8A469FFECA686E5A")) + "C346D7E474B29EDE8A469FFECA686E5A"))) goto err; + TEST_note(" okay"); + /* Server's key */ Kserver = SRP_Calc_server_key(Apub, v, u, b, GN->N); - if (!check_bn("Server's key", Kserver, + TEST_info("checking server's key"); + if (!TEST_true(check_bn("Server's key", Kserver, "B0DC82BABCF30674AE450C0287745E7990A3381F63B387AAF271A10D" "233861E359B48220F7C4693C9AE12B0A6F67809F0876E2D013800D6C" "41BB59B6D5979B5C00A172B4A2A5903A0BDCAF8A709585EB2AFAFA8F" "3499B200210DCC1F10EB33943CD67FC88A2F39A4BE5BEC4EC0A3212D" - "C346D7E474B29EDE8A469FFECA686E5A")) + "C346D7E474B29EDE8A469FFECA686E5A"))) goto err; + TEST_note(" okay"); ret = 1; - err: +err: BN_clear_free(Kclient); BN_clear_free(Kserver); BN_clear_free(x); @@ -274,39 +248,29 @@ static int run_srp_kat(void) return ret; } -int main(int argc, char **argv) +static int run_srp_tests(void) { - BIO *bio_err; - bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); - - CRYPTO_set_mem_debug(1); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - - /* "Negative" test, expect a mismatch */ - if (run_srp("alice", "password1", "password2") == 0) { - fprintf(stderr, "Mismatched SRP run failed\n"); - return 1; - } + TEST_info("run_srp: expecting a mismatch"); + if (!TEST_false(run_srp("alice", "password1", "password2"))) + return 0; /* "Positive" test, should pass */ - if (run_srp("alice", "password", "password") != 0) { - fprintf(stderr, "Plain SRP run failed\n"); - return 1; - } - - /* KAT from RFC5054: should pass */ - if (run_srp_kat() != 1) { - fprintf(stderr, "SRP KAT failed\n"); - return 1; - } - -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - if (CRYPTO_mem_leaks(bio_err) <= 0) - return 1; -#endif - BIO_free(bio_err); + TEST_info("run_srp: expecting a match"); + if (!TEST_true(run_srp("alice", "password", "password"))) + return 0; - return 0; + return 1; } #endif + +int setup_tests(void) +{ +#ifdef OPENSSL_NO_SRP + printf("No SRP support\n"); +#else + ADD_TEST(run_srp_tests); + ADD_TEST(run_srp_kat); +#endif + return 1; +} diff --git a/deps/openssl/openssl/test/ssl-tests/01-simple.conf b/deps/openssl/openssl/test/ssl-tests/01-simple.conf index 5f4dd841b473a0..7fc23f0b69d493 100644 --- a/deps/openssl/openssl/test/ssl-tests/01-simple.conf +++ b/deps/openssl/openssl/test/ssl-tests/01-simple.conf @@ -40,12 +40,12 @@ client = 1-Server signature algorithms bug-client [1-Server signature algorithms bug-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -ClientSignatureAlgorithms = ECDSA+SHA256 +ClientSignatureAlgorithms = PSS+SHA512:RSA+SHA512 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [1-Server signature algorithms bug-client] CipherString = DEFAULT -SignatureAlgorithms = RSA+SHA256 +SignatureAlgorithms = PSS+SHA256:RSA+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer diff --git a/deps/openssl/openssl/test/ssl-tests/01-simple.conf.in b/deps/openssl/openssl/test/ssl-tests/01-simple.conf.in index 086d66d32f4ac2..54dc451f3b803d 100644 --- a/deps/openssl/openssl/test/ssl-tests/01-simple.conf.in +++ b/deps/openssl/openssl/test/ssl-tests/01-simple.conf.in @@ -22,8 +22,8 @@ our @tests = ( { name => "Server signature algorithms bug", # Should have no effect as we aren't doing client auth - server => { "ClientSignatureAlgorithms" => "ECDSA+SHA256" }, - client => { "SignatureAlgorithms" => "RSA+SHA256" }, + server => { "ClientSignatureAlgorithms" => "PSS+SHA512:RSA+SHA512" }, + client => { "SignatureAlgorithms" => "PSS+SHA256:RSA+SHA256" }, test => { "ExpectedResult" => "Success" }, }, diff --git a/deps/openssl/openssl/test/ssl-tests/02-protocol-version.conf b/deps/openssl/openssl/test/ssl-tests/02-protocol-version.conf index cb89dbc10aa696..045ad48000bf56 100644 --- a/deps/openssl/openssl/test/ssl-tests/02-protocol-version.conf +++ b/deps/openssl/openssl/test/ssl-tests/02-protocol-version.conf @@ -1,6 +1,6 @@ # Generated with generate_ssl_tests.pl -num_tests = 361 +num_tests = 678 test-0 = 0-version-negotiation test-1 = 1-version-negotiation @@ -363,6 +363,323 @@ test-357 = 357-version-negotiation test-358 = 358-version-negotiation test-359 = 359-version-negotiation test-360 = 360-version-negotiation +test-361 = 361-version-negotiation +test-362 = 362-version-negotiation +test-363 = 363-version-negotiation +test-364 = 364-version-negotiation +test-365 = 365-version-negotiation +test-366 = 366-version-negotiation +test-367 = 367-version-negotiation +test-368 = 368-version-negotiation +test-369 = 369-version-negotiation +test-370 = 370-version-negotiation +test-371 = 371-version-negotiation +test-372 = 372-version-negotiation +test-373 = 373-version-negotiation +test-374 = 374-version-negotiation +test-375 = 375-version-negotiation +test-376 = 376-version-negotiation +test-377 = 377-version-negotiation +test-378 = 378-version-negotiation +test-379 = 379-version-negotiation +test-380 = 380-version-negotiation +test-381 = 381-version-negotiation +test-382 = 382-version-negotiation +test-383 = 383-version-negotiation +test-384 = 384-version-negotiation +test-385 = 385-version-negotiation +test-386 = 386-version-negotiation +test-387 = 387-version-negotiation +test-388 = 388-version-negotiation +test-389 = 389-version-negotiation +test-390 = 390-version-negotiation +test-391 = 391-version-negotiation +test-392 = 392-version-negotiation +test-393 = 393-version-negotiation +test-394 = 394-version-negotiation +test-395 = 395-version-negotiation +test-396 = 396-version-negotiation +test-397 = 397-version-negotiation +test-398 = 398-version-negotiation +test-399 = 399-version-negotiation +test-400 = 400-version-negotiation +test-401 = 401-version-negotiation +test-402 = 402-version-negotiation +test-403 = 403-version-negotiation +test-404 = 404-version-negotiation +test-405 = 405-version-negotiation +test-406 = 406-version-negotiation +test-407 = 407-version-negotiation +test-408 = 408-version-negotiation +test-409 = 409-version-negotiation +test-410 = 410-version-negotiation +test-411 = 411-version-negotiation +test-412 = 412-version-negotiation +test-413 = 413-version-negotiation +test-414 = 414-version-negotiation +test-415 = 415-version-negotiation +test-416 = 416-version-negotiation +test-417 = 417-version-negotiation +test-418 = 418-version-negotiation +test-419 = 419-version-negotiation +test-420 = 420-version-negotiation +test-421 = 421-version-negotiation +test-422 = 422-version-negotiation +test-423 = 423-version-negotiation +test-424 = 424-version-negotiation +test-425 = 425-version-negotiation +test-426 = 426-version-negotiation +test-427 = 427-version-negotiation +test-428 = 428-version-negotiation +test-429 = 429-version-negotiation +test-430 = 430-version-negotiation +test-431 = 431-version-negotiation +test-432 = 432-version-negotiation +test-433 = 433-version-negotiation +test-434 = 434-version-negotiation +test-435 = 435-version-negotiation +test-436 = 436-version-negotiation +test-437 = 437-version-negotiation +test-438 = 438-version-negotiation +test-439 = 439-version-negotiation +test-440 = 440-version-negotiation +test-441 = 441-version-negotiation +test-442 = 442-version-negotiation +test-443 = 443-version-negotiation +test-444 = 444-version-negotiation +test-445 = 445-version-negotiation +test-446 = 446-version-negotiation +test-447 = 447-version-negotiation +test-448 = 448-version-negotiation +test-449 = 449-version-negotiation +test-450 = 450-version-negotiation +test-451 = 451-version-negotiation +test-452 = 452-version-negotiation +test-453 = 453-version-negotiation +test-454 = 454-version-negotiation +test-455 = 455-version-negotiation +test-456 = 456-version-negotiation +test-457 = 457-version-negotiation +test-458 = 458-version-negotiation +test-459 = 459-version-negotiation +test-460 = 460-version-negotiation +test-461 = 461-version-negotiation +test-462 = 462-version-negotiation +test-463 = 463-version-negotiation +test-464 = 464-version-negotiation +test-465 = 465-version-negotiation +test-466 = 466-version-negotiation +test-467 = 467-version-negotiation +test-468 = 468-version-negotiation +test-469 = 469-version-negotiation +test-470 = 470-version-negotiation +test-471 = 471-version-negotiation +test-472 = 472-version-negotiation +test-473 = 473-version-negotiation +test-474 = 474-version-negotiation +test-475 = 475-version-negotiation +test-476 = 476-version-negotiation +test-477 = 477-version-negotiation +test-478 = 478-version-negotiation +test-479 = 479-version-negotiation +test-480 = 480-version-negotiation +test-481 = 481-version-negotiation +test-482 = 482-version-negotiation +test-483 = 483-version-negotiation +test-484 = 484-version-negotiation +test-485 = 485-version-negotiation +test-486 = 486-version-negotiation +test-487 = 487-version-negotiation +test-488 = 488-version-negotiation +test-489 = 489-version-negotiation +test-490 = 490-version-negotiation +test-491 = 491-version-negotiation +test-492 = 492-version-negotiation +test-493 = 493-version-negotiation +test-494 = 494-version-negotiation +test-495 = 495-version-negotiation +test-496 = 496-version-negotiation +test-497 = 497-version-negotiation +test-498 = 498-version-negotiation +test-499 = 499-version-negotiation +test-500 = 500-version-negotiation +test-501 = 501-version-negotiation +test-502 = 502-version-negotiation +test-503 = 503-version-negotiation +test-504 = 504-version-negotiation +test-505 = 505-version-negotiation +test-506 = 506-version-negotiation +test-507 = 507-version-negotiation +test-508 = 508-version-negotiation +test-509 = 509-version-negotiation +test-510 = 510-version-negotiation +test-511 = 511-version-negotiation +test-512 = 512-version-negotiation +test-513 = 513-version-negotiation +test-514 = 514-version-negotiation +test-515 = 515-version-negotiation +test-516 = 516-version-negotiation +test-517 = 517-version-negotiation +test-518 = 518-version-negotiation +test-519 = 519-version-negotiation +test-520 = 520-version-negotiation +test-521 = 521-version-negotiation +test-522 = 522-version-negotiation +test-523 = 523-version-negotiation +test-524 = 524-version-negotiation +test-525 = 525-version-negotiation +test-526 = 526-version-negotiation +test-527 = 527-version-negotiation +test-528 = 528-version-negotiation +test-529 = 529-version-negotiation +test-530 = 530-version-negotiation +test-531 = 531-version-negotiation +test-532 = 532-version-negotiation +test-533 = 533-version-negotiation +test-534 = 534-version-negotiation +test-535 = 535-version-negotiation +test-536 = 536-version-negotiation +test-537 = 537-version-negotiation +test-538 = 538-version-negotiation +test-539 = 539-version-negotiation +test-540 = 540-version-negotiation +test-541 = 541-version-negotiation +test-542 = 542-version-negotiation +test-543 = 543-version-negotiation +test-544 = 544-version-negotiation +test-545 = 545-version-negotiation +test-546 = 546-version-negotiation +test-547 = 547-version-negotiation +test-548 = 548-version-negotiation +test-549 = 549-version-negotiation +test-550 = 550-version-negotiation +test-551 = 551-version-negotiation +test-552 = 552-version-negotiation +test-553 = 553-version-negotiation +test-554 = 554-version-negotiation +test-555 = 555-version-negotiation +test-556 = 556-version-negotiation +test-557 = 557-version-negotiation +test-558 = 558-version-negotiation +test-559 = 559-version-negotiation +test-560 = 560-version-negotiation +test-561 = 561-version-negotiation +test-562 = 562-version-negotiation +test-563 = 563-version-negotiation +test-564 = 564-version-negotiation +test-565 = 565-version-negotiation +test-566 = 566-version-negotiation +test-567 = 567-version-negotiation +test-568 = 568-version-negotiation +test-569 = 569-version-negotiation +test-570 = 570-version-negotiation +test-571 = 571-version-negotiation +test-572 = 572-version-negotiation +test-573 = 573-version-negotiation +test-574 = 574-version-negotiation +test-575 = 575-version-negotiation +test-576 = 576-version-negotiation +test-577 = 577-version-negotiation +test-578 = 578-version-negotiation +test-579 = 579-version-negotiation +test-580 = 580-version-negotiation +test-581 = 581-version-negotiation +test-582 = 582-version-negotiation +test-583 = 583-version-negotiation +test-584 = 584-version-negotiation +test-585 = 585-version-negotiation +test-586 = 586-version-negotiation +test-587 = 587-version-negotiation +test-588 = 588-version-negotiation +test-589 = 589-version-negotiation +test-590 = 590-version-negotiation +test-591 = 591-version-negotiation +test-592 = 592-version-negotiation +test-593 = 593-version-negotiation +test-594 = 594-version-negotiation +test-595 = 595-version-negotiation +test-596 = 596-version-negotiation +test-597 = 597-version-negotiation +test-598 = 598-version-negotiation +test-599 = 599-version-negotiation +test-600 = 600-version-negotiation +test-601 = 601-version-negotiation +test-602 = 602-version-negotiation +test-603 = 603-version-negotiation +test-604 = 604-version-negotiation +test-605 = 605-version-negotiation +test-606 = 606-version-negotiation +test-607 = 607-version-negotiation +test-608 = 608-version-negotiation +test-609 = 609-version-negotiation +test-610 = 610-version-negotiation +test-611 = 611-version-negotiation +test-612 = 612-version-negotiation +test-613 = 613-version-negotiation +test-614 = 614-version-negotiation +test-615 = 615-version-negotiation +test-616 = 616-version-negotiation +test-617 = 617-version-negotiation +test-618 = 618-version-negotiation +test-619 = 619-version-negotiation +test-620 = 620-version-negotiation +test-621 = 621-version-negotiation +test-622 = 622-version-negotiation +test-623 = 623-version-negotiation +test-624 = 624-version-negotiation +test-625 = 625-version-negotiation +test-626 = 626-version-negotiation +test-627 = 627-version-negotiation +test-628 = 628-version-negotiation +test-629 = 629-version-negotiation +test-630 = 630-version-negotiation +test-631 = 631-version-negotiation +test-632 = 632-version-negotiation +test-633 = 633-version-negotiation +test-634 = 634-version-negotiation +test-635 = 635-version-negotiation +test-636 = 636-version-negotiation +test-637 = 637-version-negotiation +test-638 = 638-version-negotiation +test-639 = 639-version-negotiation +test-640 = 640-version-negotiation +test-641 = 641-version-negotiation +test-642 = 642-version-negotiation +test-643 = 643-version-negotiation +test-644 = 644-version-negotiation +test-645 = 645-version-negotiation +test-646 = 646-version-negotiation +test-647 = 647-version-negotiation +test-648 = 648-version-negotiation +test-649 = 649-version-negotiation +test-650 = 650-version-negotiation +test-651 = 651-version-negotiation +test-652 = 652-version-negotiation +test-653 = 653-version-negotiation +test-654 = 654-version-negotiation +test-655 = 655-version-negotiation +test-656 = 656-version-negotiation +test-657 = 657-version-negotiation +test-658 = 658-version-negotiation +test-659 = 659-version-negotiation +test-660 = 660-version-negotiation +test-661 = 661-version-negotiation +test-662 = 662-version-negotiation +test-663 = 663-version-negotiation +test-664 = 664-version-negotiation +test-665 = 665-version-negotiation +test-666 = 666-version-negotiation +test-667 = 667-version-negotiation +test-668 = 668-version-negotiation +test-669 = 669-version-negotiation +test-670 = 670-version-negotiation +test-671 = 671-version-negotiation +test-672 = 672-version-negotiation +test-673 = 673-version-negotiation +test-674 = 674-version-negotiation +test-675 = 675-version-negotiation +test-676 = 676-ciphersuite-sanity-check-client +test-677 = 677-ciphersuite-sanity-check-server # =========================================================== [0-version-negotiation] @@ -385,7 +702,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-0] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -410,7 +727,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-1] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -435,7 +752,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-2] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -460,7 +777,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-3] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -475,6 +792,7 @@ client = 4-version-negotiation-client [4-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [4-version-negotiation-client] @@ -484,7 +802,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-4] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -499,8 +817,6 @@ client = 5-version-negotiation-client [5-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [5-version-negotiation-client] @@ -510,7 +826,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-5] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -525,7 +841,7 @@ client = 6-version-negotiation-client [6-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = SSLv3 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem @@ -536,7 +852,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-6] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -551,7 +867,7 @@ client = 7-version-negotiation-client [7-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem @@ -562,7 +878,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-7] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -577,7 +893,7 @@ client = 8-version-negotiation-client [8-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem @@ -588,7 +904,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-8] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -603,6 +919,7 @@ client = 9-version-negotiation-client [9-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem @@ -613,7 +930,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-9] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -628,8 +945,8 @@ client = 10-version-negotiation-client [10-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [10-version-negotiation-client] @@ -639,7 +956,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-10] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -654,8 +971,7 @@ client = 11-version-negotiation-client [11-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [11-version-negotiation-client] @@ -665,7 +981,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-11] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -680,7 +996,7 @@ client = 12-version-negotiation-client [12-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem @@ -691,7 +1007,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-12] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -706,6 +1022,7 @@ client = 13-version-negotiation-client [13-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.1 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem @@ -716,7 +1033,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-13] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -731,8 +1048,8 @@ client = 14-version-negotiation-client [14-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [14-version-negotiation-client] @@ -742,7 +1059,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-14] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -757,8 +1074,8 @@ client = 15-version-negotiation-client [15-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [15-version-negotiation-client] @@ -768,7 +1085,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-15] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -783,7 +1100,7 @@ client = 16-version-negotiation-client [16-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [16-version-negotiation-client] @@ -793,7 +1110,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-16] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -808,8 +1125,8 @@ client = 17-version-negotiation-client [17-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [17-version-negotiation-client] @@ -819,7 +1136,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-17] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -834,7 +1151,8 @@ client = 18-version-negotiation-client [18-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [18-version-negotiation-client] @@ -844,7 +1162,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-18] -ExpectedResult = InternalError +ExpectedResult = ClientFail # =========================================================== @@ -859,17 +1177,18 @@ client = 19-version-negotiation-client [19-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [19-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-19] -ExpectedResult = ServerFail +ExpectedResult = ClientFail # =========================================================== @@ -884,18 +1203,17 @@ client = 20-version-negotiation-client [20-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [20-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-20] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ClientFail # =========================================================== @@ -910,18 +1228,18 @@ client = 21-version-negotiation-client [21-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [21-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-21] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ClientFail # =========================================================== @@ -936,18 +1254,18 @@ client = 22-version-negotiation-client [22-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [22-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-22] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ClientFail # =========================================================== @@ -962,17 +1280,17 @@ client = 23-version-negotiation-client [23-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [23-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-23] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ClientFail # =========================================================== @@ -987,18 +1305,18 @@ client = 24-version-negotiation-client [24-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [24-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-24] -ExpectedResult = ServerFail +ExpectedResult = ClientFail # =========================================================== @@ -1013,19 +1331,17 @@ client = 25-version-negotiation-client [25-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [25-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-25] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ClientFail # =========================================================== @@ -1040,8 +1356,7 @@ client = 26-version-negotiation-client [26-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [26-version-negotiation-client] @@ -1051,8 +1366,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-26] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -1067,8 +1381,7 @@ client = 27-version-negotiation-client [27-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [27-version-negotiation-client] @@ -1094,7 +1407,7 @@ client = 28-version-negotiation-client [28-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [28-version-negotiation-client] @@ -1120,8 +1433,7 @@ client = 29-version-negotiation-client [29-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [29-version-negotiation-client] @@ -1147,8 +1459,7 @@ client = 30-version-negotiation-client [30-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [30-version-negotiation-client] @@ -1174,8 +1485,6 @@ client = 31-version-negotiation-client [31-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [31-version-negotiation-client] @@ -1201,7 +1510,8 @@ client = 32-version-negotiation-client [32-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = SSLv3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [32-version-negotiation-client] @@ -1211,8 +1521,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-32] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -1227,8 +1536,8 @@ client = 33-version-negotiation-client [33-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [33-version-negotiation-client] @@ -1238,7 +1547,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-33] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -1253,8 +1563,8 @@ client = 34-version-negotiation-client [34-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [34-version-negotiation-client] @@ -1264,7 +1574,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-34] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -1279,7 +1590,8 @@ client = 35-version-negotiation-client [35-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [35-version-negotiation-client] @@ -1289,7 +1601,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-35] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -1304,8 +1617,8 @@ client = 36-version-negotiation-client [36-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [36-version-negotiation-client] @@ -1315,7 +1628,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-36] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -1330,7 +1644,7 @@ client = 37-version-negotiation-client [37-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [37-version-negotiation-client] @@ -1340,7 +1654,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-37] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -1355,17 +1670,19 @@ client = 38-version-negotiation-client [38-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [38-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-38] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -1380,12 +1697,13 @@ client = 39-version-negotiation-client [39-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [39-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -1406,17 +1724,18 @@ client = 40-version-negotiation-client [40-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [40-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-40] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -1432,17 +1751,18 @@ client = 41-version-negotiation-client [41-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [41-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-41] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -1458,16 +1778,17 @@ client = 42-version-negotiation-client [42-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [42-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-42] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -1483,13 +1804,13 @@ client = 43-version-negotiation-client [43-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [43-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -1509,19 +1830,18 @@ client = 44-version-negotiation-client [44-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [44-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-44] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -1536,19 +1856,18 @@ client = 45-version-negotiation-client [45-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [45-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-45] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -1563,19 +1882,17 @@ client = 46-version-negotiation-client [46-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [46-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-46] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -1590,18 +1907,18 @@ client = 47-version-negotiation-client [47-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [47-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-47] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -1616,19 +1933,18 @@ client = 48-version-negotiation-client [48-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [48-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-48] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -1643,19 +1959,17 @@ client = 49-version-negotiation-client [49-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [49-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-49] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -1670,19 +1984,18 @@ client = 50-version-negotiation-client [50-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [50-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-50] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -1697,18 +2010,17 @@ client = 51-version-negotiation-client [51-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [51-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-51] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -1723,8 +2035,7 @@ client = 52-version-negotiation-client [52-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [52-version-negotiation-client] @@ -1734,8 +2045,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-52] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -1750,8 +2060,7 @@ client = 53-version-negotiation-client [53-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [53-version-negotiation-client] @@ -1761,7 +2070,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-53] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -1777,7 +2086,7 @@ client = 54-version-negotiation-client [54-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [54-version-negotiation-client] @@ -1804,7 +2113,6 @@ client = 55-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [55-version-negotiation-client] @@ -1814,7 +2122,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-55] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -1829,7 +2138,7 @@ client = 56-version-negotiation-client [56-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [56-version-negotiation-client] @@ -1839,7 +2148,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-56] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -1854,17 +2164,17 @@ client = 57-version-negotiation-client [57-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [57-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-57] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -1879,18 +2189,18 @@ client = 58-version-negotiation-client [58-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = SSLv3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [58-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-58] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -1905,17 +2215,18 @@ client = 59-version-negotiation-client [59-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [59-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-59] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -1931,17 +2242,18 @@ client = 60-version-negotiation-client [60-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [60-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-60] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -1957,16 +2269,18 @@ client = 61-version-negotiation-client [61-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [61-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-61] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -1982,18 +2296,19 @@ client = 62-version-negotiation-client [62-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.3 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [62-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-62] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -2008,18 +2323,17 @@ client = 63-version-negotiation-client [63-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [63-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-63] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -2035,18 +2349,18 @@ client = 64-version-negotiation-client [64-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [64-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-64] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -2062,18 +2376,18 @@ client = 65-version-negotiation-client [65-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [65-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-65] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -2089,17 +2403,18 @@ client = 66-version-negotiation-client [66-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [66-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-66] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -2115,18 +2430,18 @@ client = 67-version-negotiation-client [67-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.3 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [67-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-67] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -2142,13 +2457,12 @@ client = 68-version-negotiation-client [68-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [68-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -2169,18 +2483,18 @@ client = 69-version-negotiation-client [69-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [69-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-69] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -2196,17 +2510,18 @@ client = 70-version-negotiation-client [70-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [70-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-70] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -2222,13 +2537,13 @@ client = 71-version-negotiation-client [71-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [71-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -2249,18 +2564,17 @@ client = 72-version-negotiation-client [72-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [72-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-72] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -2276,18 +2590,18 @@ client = 73-version-negotiation-client [73-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [73-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-73] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -2302,19 +2616,18 @@ client = 74-version-negotiation-client [74-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [74-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-74] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -2334,13 +2647,12 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [75-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-75] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -2355,11 +2667,13 @@ client = 76-version-negotiation-client [76-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [76-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -2379,17 +2693,17 @@ client = 77-version-negotiation-client [77-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [77-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-77] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -2404,17 +2718,17 @@ client = 78-version-negotiation-client [78-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [78-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-78] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -2429,16 +2743,17 @@ client = 79-version-negotiation-client [79-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [79-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-79] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -2454,15 +2769,17 @@ client = 80-version-negotiation-client [80-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [80-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-80] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -2478,17 +2795,18 @@ client = 81-version-negotiation-client [81-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [81-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-81] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -2503,17 +2821,17 @@ client = 82-version-negotiation-client [82-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [82-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-82] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -2529,17 +2847,16 @@ client = 83-version-negotiation-client [83-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [83-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-83] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -2555,18 +2872,18 @@ client = 84-version-negotiation-client [84-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [84-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-84] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -2581,16 +2898,18 @@ client = 85-version-negotiation-client [85-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [85-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-85] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -2606,17 +2925,18 @@ client = 86-version-negotiation-client [86-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [86-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-86] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -2632,17 +2952,18 @@ client = 87-version-negotiation-client [87-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [87-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-87] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -2658,12 +2979,13 @@ client = 88-version-negotiation-client [88-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [88-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -2684,11 +3006,12 @@ client = 89-version-negotiation-client [89-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [89-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -2709,17 +3032,18 @@ client = 90-version-negotiation-client [90-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [90-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-90] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -2735,17 +3059,18 @@ client = 91-version-negotiation-client [91-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [91-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-91] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -2761,11 +3086,13 @@ client = 92-version-negotiation-client [92-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [92-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -2786,12 +3113,13 @@ client = 93-version-negotiation-client [93-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [93-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -2812,11 +3140,12 @@ client = 94-version-negotiation-client [94-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [94-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -2837,18 +3166,19 @@ client = 95-version-negotiation-client [95-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [95-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-95] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -2863,18 +3193,19 @@ client = 96-version-negotiation-client [96-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [96-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-96] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -2889,18 +3220,19 @@ client = 97-version-negotiation-client [97-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [97-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-97] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -2915,18 +3247,18 @@ client = 98-version-negotiation-client [98-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [98-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-98] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -2941,17 +3273,19 @@ client = 99-version-negotiation-client [99-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [99-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-99] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -2966,19 +3300,19 @@ client = 100-version-negotiation-client [100-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [100-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-100] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -2993,19 +3327,18 @@ client = 101-version-negotiation-client [101-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [101-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-101] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -3020,19 +3353,18 @@ client = 102-version-negotiation-client [102-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [102-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-102] -ExpectedResult = InternalError +ExpectedResult = ServerFail # =========================================================== @@ -3047,19 +3379,17 @@ client = 103-version-negotiation-client [103-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [103-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-103] -ExpectedResult = InternalError +ExpectedResult = ServerFail # =========================================================== @@ -3074,18 +3404,17 @@ client = 104-version-negotiation-client [104-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 +MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [104-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-104] -ExpectedResult = InternalError +ExpectedResult = ServerFail # =========================================================== @@ -3101,18 +3430,17 @@ client = 105-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [105-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-105] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -3128,18 +3456,17 @@ client = 106-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [106-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-106] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -3155,18 +3482,17 @@ client = 107-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [107-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-107] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -3181,18 +3507,18 @@ client = 108-version-negotiation-client [108-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [108-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-108] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -3207,19 +3533,17 @@ client = 109-version-negotiation-client [109-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [109-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-109] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -3234,19 +3558,18 @@ client = 110-version-negotiation-client [110-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MaxProtocol = SSLv3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [110-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-110] -ExpectedResult = InternalError +ExpectedResult = ServerFail # =========================================================== @@ -3261,18 +3584,19 @@ client = 111-version-negotiation-client [111-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [111-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-111] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -3287,19 +3611,19 @@ client = 112-version-negotiation-client [112-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [112-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-112] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -3314,18 +3638,19 @@ client = 113-version-negotiation-client [113-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [113-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-113] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -3340,18 +3665,19 @@ client = 114-version-negotiation-client [114-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [114-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-114] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -3366,18 +3692,17 @@ client = 115-version-negotiation-client [115-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [115-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-115] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -3393,13 +3718,13 @@ client = 116-version-negotiation-client [116-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [116-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -3420,18 +3745,18 @@ client = 117-version-negotiation-client [117-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [117-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-117] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -3447,17 +3772,18 @@ client = 118-version-negotiation-client [118-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [118-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-118] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -3473,19 +3799,19 @@ client = 119-version-negotiation-client [119-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [119-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-119] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -3500,19 +3826,17 @@ client = 120-version-negotiation-client [120-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [120-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-120] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -3529,18 +3853,17 @@ client = 121-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [121-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-121] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -3557,18 +3880,17 @@ client = 122-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [122-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-122] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -3584,18 +3906,18 @@ client = 123-version-negotiation-client [123-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [123-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-123] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -3611,19 +3933,17 @@ client = 124-version-negotiation-client [124-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [124-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-124] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -3639,19 +3959,18 @@ client = 125-version-negotiation-client [125-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [125-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-125] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -3667,19 +3986,18 @@ client = 126-version-negotiation-client [126-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [126-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-126] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -3695,18 +4013,17 @@ client = 127-version-negotiation-client [127-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [127-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-127] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -3722,19 +4039,19 @@ client = 128-version-negotiation-client [128-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [128-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-128] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -3749,19 +4066,18 @@ client = 129-version-negotiation-client [129-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [129-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-129] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -3776,13 +4092,11 @@ client = 130-version-negotiation-client [130-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [130-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -3802,19 +4116,17 @@ client = 131-version-negotiation-client [131-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [131-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-131] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -3829,18 +4141,17 @@ client = 132-version-negotiation-client [132-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [132-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-132] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -3855,18 +4166,17 @@ client = 133-version-negotiation-client [133-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [133-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-133] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -3881,18 +4191,16 @@ client = 134-version-negotiation-client [134-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [134-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-134] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -3908,18 +4216,15 @@ client = 135-version-negotiation-client [135-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [135-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-135] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -3935,19 +4240,17 @@ client = 136-version-negotiation-client [136-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [136-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-136] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -3962,17 +4265,17 @@ client = 137-version-negotiation-client [137-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [137-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-137] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -3988,19 +4291,18 @@ client = 138-version-negotiation-client [138-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.1 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [138-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-138] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -4015,19 +4317,17 @@ client = 139-version-negotiation-client [139-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.2 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [139-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-139] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -4043,19 +4343,17 @@ client = 140-version-negotiation-client [140-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [140-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-140] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -4071,19 +4369,16 @@ client = 141-version-negotiation-client [141-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [141-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-141] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -4099,18 +4394,17 @@ client = 142-version-negotiation-client [142-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [142-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-142] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -4126,19 +4420,17 @@ client = 143-version-negotiation-client [143-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.1 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [143-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-143] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -4154,19 +4446,17 @@ client = 144-version-negotiation-client [144-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [144-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-144] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -4182,19 +4472,17 @@ client = 145-version-negotiation-client [145-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [145-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-145] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -4215,13 +4503,11 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [146-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-146] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -4243,8 +4529,6 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [147-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -4271,13 +4555,11 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [148-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-148] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -4293,18 +4575,17 @@ client = 149-version-negotiation-client [149-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [149-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-149] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -4320,19 +4601,17 @@ client = 150-version-negotiation-client [150-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [150-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-150] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -4347,18 +4626,18 @@ client = 151-version-negotiation-client [151-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [151-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-151] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -4373,18 +4652,18 @@ client = 152-version-negotiation-client [152-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [152-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-152] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -4399,18 +4678,16 @@ client = 153-version-negotiation-client [153-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [153-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-153] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -4426,18 +4703,17 @@ client = 154-version-negotiation-client [154-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [154-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-154] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -4453,18 +4729,16 @@ client = 155-version-negotiation-client [155-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [155-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-155] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -4480,18 +4754,18 @@ client = 156-version-negotiation-client [156-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [156-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-156] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ClientFail # =========================================================== @@ -4506,19 +4780,18 @@ client = 157-version-negotiation-client [157-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [157-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-157] -ExpectedResult = ServerFail +ExpectedResult = ClientFail # =========================================================== @@ -4533,20 +4806,18 @@ client = 158-version-negotiation-client [158-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [158-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-158] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ClientFail # =========================================================== @@ -4561,20 +4832,18 @@ client = 159-version-negotiation-client [159-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [159-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-159] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ClientFail # =========================================================== @@ -4589,20 +4858,18 @@ client = 160-version-negotiation-client [160-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [160-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-160] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ClientFail # =========================================================== @@ -4617,19 +4884,17 @@ client = 161-version-negotiation-client [161-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [161-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-161] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ClientFail # =========================================================== @@ -4644,20 +4909,19 @@ client = 162-version-negotiation-client [162-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = SSLv3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [162-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-162] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ClientFail # =========================================================== @@ -4672,20 +4936,19 @@ client = 163-version-negotiation-client [163-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [163-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-163] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ClientFail # =========================================================== @@ -4700,20 +4963,19 @@ client = 164-version-negotiation-client [164-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [164-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-164] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ClientFail # =========================================================== @@ -4728,19 +4990,19 @@ client = 165-version-negotiation-client [165-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [165-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-165] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ClientFail # =========================================================== @@ -4755,20 +5017,19 @@ client = 166-version-negotiation-client [166-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [166-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-166] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ClientFail # =========================================================== @@ -4783,20 +5044,18 @@ client = 167-version-negotiation-client [167-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [167-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-167] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ClientFail # =========================================================== @@ -4811,19 +5070,19 @@ client = 168-version-negotiation-client [168-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [168-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-168] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ClientFail # =========================================================== @@ -4838,20 +5097,19 @@ client = 169-version-negotiation-client [169-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [169-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-169] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ClientFail # =========================================================== @@ -4866,19 +5124,19 @@ client = 170-version-negotiation-client [170-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [170-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-170] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ClientFail # =========================================================== @@ -4893,17 +5151,19 @@ client = 171-version-negotiation-client [171-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [171-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-171] -ExpectedResult = ServerFail +ExpectedResult = ClientFail # =========================================================== @@ -4918,18 +5178,18 @@ client = 172-version-negotiation-client [172-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [172-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-172] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ClientFail # =========================================================== @@ -4945,17 +5205,18 @@ client = 173-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [173-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-173] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ClientFail # =========================================================== @@ -4971,17 +5232,18 @@ client = 174-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [174-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-174] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ClientFail # =========================================================== @@ -4996,17 +5258,19 @@ client = 175-version-negotiation-client [175-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [175-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-175] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ClientFail # =========================================================== @@ -5021,18 +5285,18 @@ client = 176-version-negotiation-client [176-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [176-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-176] -ExpectedResult = ServerFail +ExpectedResult = ClientFail # =========================================================== @@ -5047,19 +5311,19 @@ client = 177-version-negotiation-client [177-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [177-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-177] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ClientFail # =========================================================== @@ -5074,19 +5338,19 @@ client = 178-version-negotiation-client [178-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [178-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-178] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ClientFail # =========================================================== @@ -5101,19 +5365,18 @@ client = 179-version-negotiation-client [179-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [179-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-179] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ClientFail # =========================================================== @@ -5128,18 +5391,19 @@ client = 180-version-negotiation-client [180-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [180-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-180] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ClientFail # =========================================================== @@ -5154,19 +5418,18 @@ client = 181-version-negotiation-client [181-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [181-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-181] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ClientFail # =========================================================== @@ -5181,19 +5444,18 @@ client = 182-version-negotiation-client [182-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [182-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-182] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -5208,18 +5470,18 @@ client = 183-version-negotiation-client [183-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [183-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-183] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -5235,17 +5497,18 @@ client = 184-version-negotiation-client [184-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [184-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-184] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -5261,18 +5524,18 @@ client = 185-version-negotiation-client [185-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [185-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-185] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -5288,18 +5551,18 @@ client = 186-version-negotiation-client [186-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [186-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-186] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -5315,17 +5578,17 @@ client = 187-version-negotiation-client [187-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [187-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-187] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -5341,19 +5604,19 @@ client = 188-version-negotiation-client [188-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = SSLv3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [188-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-188] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -5368,17 +5631,19 @@ client = 189-version-negotiation-client [189-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [189-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-189] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -5394,18 +5659,20 @@ client = 190-version-negotiation-client [190-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [190-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-190] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -5420,13 +5687,14 @@ client = 191-version-negotiation-client [191-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [191-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -5447,13 +5715,14 @@ client = 192-version-negotiation-client [192-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [192-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -5474,13 +5743,13 @@ client = 193-version-negotiation-client [193-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [193-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -5501,12 +5770,14 @@ client = 194-version-negotiation-client [194-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [194-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -5527,19 +5798,20 @@ client = 195-version-negotiation-client [195-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [195-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-195] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -5554,14 +5826,14 @@ client = 196-version-negotiation-client [196-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [196-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -5582,14 +5854,14 @@ client = 197-version-negotiation-client [197-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [197-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -5610,14 +5882,13 @@ client = 198-version-negotiation-client [198-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [198-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -5638,19 +5909,19 @@ client = 199-version-negotiation-client [199-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [199-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-199] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -5665,20 +5936,19 @@ client = 200-version-negotiation-client [200-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [200-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-200] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -5693,20 +5963,19 @@ client = 201-version-negotiation-client [201-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [201-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-201] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -5721,20 +5990,18 @@ client = 202-version-negotiation-client [202-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [202-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-202] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -5749,19 +6016,19 @@ client = 203-version-negotiation-client [203-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [203-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-203] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -5776,14 +6043,14 @@ client = 204-version-negotiation-client [204-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [204-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -5803,14 +6070,13 @@ client = 205-version-negotiation-client [205-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [205-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -5830,13 +6096,14 @@ client = 206-version-negotiation-client [206-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [206-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -5856,14 +6123,13 @@ client = 207-version-negotiation-client [207-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [207-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -5883,13 +6149,13 @@ client = 208-version-negotiation-client [208-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [208-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -5909,18 +6175,19 @@ client = 209-version-negotiation-client [209-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [209-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-209] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -5935,18 +6202,18 @@ client = 210-version-negotiation-client [210-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [210-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-210] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -5962,13 +6229,13 @@ client = 211-version-negotiation-client [211-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [211-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -5989,13 +6256,13 @@ client = 212-version-negotiation-client [212-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [212-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6021,7 +6288,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [213-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6049,7 +6316,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [214-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6076,7 +6343,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [215-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6104,7 +6371,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [216-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6132,7 +6399,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [217-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6153,13 +6420,14 @@ client = 218-version-negotiation-client [218-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [218-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6180,19 +6448,18 @@ client = 219-version-negotiation-client [219-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [219-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-219] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -6208,19 +6475,19 @@ client = 220-version-negotiation-client [220-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [220-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-220] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -6236,14 +6503,14 @@ client = 221-version-negotiation-client [221-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [221-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6264,13 +6531,14 @@ client = 222-version-negotiation-client [222-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [222-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6291,14 +6559,14 @@ client = 223-version-negotiation-client [223-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [223-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6319,14 +6587,13 @@ client = 224-version-negotiation-client [224-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [224-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6347,13 +6614,14 @@ client = 225-version-negotiation-client [225-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.1 MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [225-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6375,18 +6643,19 @@ client = 226-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [226-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-226] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -6401,18 +6670,20 @@ client = 227-version-negotiation-client [227-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [227-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-227] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -6427,18 +6698,19 @@ client = 228-version-negotiation-client [228-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [228-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-228] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -6453,19 +6725,19 @@ client = 229-version-negotiation-client [229-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [229-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-229] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -6480,19 +6752,19 @@ client = 230-version-negotiation-client [230-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [230-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-230] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -6507,19 +6779,18 @@ client = 231-version-negotiation-client [231-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [231-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-231] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -6534,18 +6805,19 @@ client = 232-version-negotiation-client [232-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [232-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-232] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -6560,14 +6832,13 @@ client = 233-version-negotiation-client [233-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [233-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6587,20 +6858,18 @@ client = 234-version-negotiation-client [234-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [234-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-234] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -6615,19 +6884,18 @@ client = 235-version-negotiation-client [235-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [235-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-235] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -6643,19 +6911,18 @@ client = 236-version-negotiation-client [236-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [236-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-236] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -6671,13 +6938,13 @@ client = 237-version-negotiation-client [237-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [237-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6698,19 +6965,18 @@ client = 238-version-negotiation-client [238-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [238-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-238] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -6726,19 +6992,17 @@ client = 239-version-negotiation-client [239-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [239-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-239] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -6754,20 +7018,19 @@ client = 240-version-negotiation-client [240-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = SSLv3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [240-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-240] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -6782,18 +7045,19 @@ client = 241-version-negotiation-client [241-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [241-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-241] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -6810,13 +7074,13 @@ client = 242-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [242-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6838,13 +7102,13 @@ client = 243-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [243-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6865,13 +7129,14 @@ client = 244-version-negotiation-client [244-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [244-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6892,14 +7157,13 @@ client = 245-version-negotiation-client [245-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [245-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6920,18 +7184,19 @@ client = 246-version-negotiation-client [246-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [246-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-246] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -6947,17 +7212,20 @@ client = 247-version-negotiation-client [247-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [247-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-247] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -6972,17 +7240,19 @@ client = 248-version-negotiation-client [248-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [248-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-248] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -6998,17 +7268,19 @@ client = 249-version-negotiation-client [249-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [249-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-249] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -7024,12 +7296,13 @@ client = 250-version-negotiation-client [250-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [250-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -7050,16 +7323,19 @@ client = 251-version-negotiation-client [251-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [251-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-251] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -7075,18 +7351,20 @@ client = 252-version-negotiation-client [252-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [252-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-252] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -7101,18 +7379,19 @@ client = 253-version-negotiation-client [253-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [253-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-253] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -7128,18 +7407,18 @@ client = 254-version-negotiation-client [254-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [254-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-254] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -7156,12 +7435,13 @@ client = 255-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [255-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -7182,12 +7462,14 @@ client = 256-version-negotiation-client [256-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [256-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -7208,18 +7490,18 @@ client = 257-version-negotiation-client [257-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [257-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-257] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -7235,19 +7517,19 @@ client = 258-version-negotiation-client [258-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [258-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-258] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -7262,19 +7544,18 @@ client = 259-version-negotiation-client [259-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [259-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-259] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -7289,18 +7570,18 @@ client = 260-version-negotiation-client [260-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [260-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-260] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -7315,18 +7596,18 @@ client = 261-version-negotiation-client [261-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [261-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-261] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -7342,18 +7623,18 @@ client = 262-version-negotiation-client [262-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [262-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-262] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -7369,12 +7650,13 @@ client = 263-version-negotiation-client [263-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [263-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -7395,18 +7677,18 @@ client = 264-version-negotiation-client [264-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [264-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-264] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -7422,17 +7704,17 @@ client = 265-version-negotiation-client [265-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [265-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-265] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -7449,12 +7731,13 @@ client = 266-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = SSLv3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [266-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -7475,17 +7758,19 @@ client = 267-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [267-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-267] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -7501,12 +7786,13 @@ client = 268-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [268-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -7528,17 +7814,18 @@ client = 269-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [269-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-269] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -7554,17 +7841,19 @@ client = 270-version-negotiation-client [270-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [270-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-270] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -7580,19 +7869,19 @@ client = 271-version-negotiation-client [271-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [271-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-271] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -7608,18 +7897,19 @@ client = 272-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [272-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-272] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -7635,13 +7925,13 @@ client = 273-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [273-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -7663,18 +7953,18 @@ client = 274-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [274-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-274] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -7690,18 +7980,19 @@ client = 275-version-negotiation-client [275-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [275-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-275] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -7717,19 +8008,19 @@ client = 276-version-negotiation-client [276-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [276-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-276] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -7745,13 +8036,13 @@ client = 277-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [277-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -7773,18 +8064,18 @@ client = 278-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [278-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-278] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -7800,18 +8091,19 @@ client = 279-version-negotiation-client [279-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [279-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-279] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -7827,19 +8119,18 @@ client = 280-version-negotiation-client [280-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [280-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-280] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -7856,18 +8147,18 @@ client = 281-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [281-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-281] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -7883,18 +8174,19 @@ client = 282-version-negotiation-client [282-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [282-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-282] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -7910,19 +8202,19 @@ client = 283-version-negotiation-client [283-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [283-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-283] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -7937,18 +8229,20 @@ client = 284-version-negotiation-client [284-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [284-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-284] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -7963,18 +8257,19 @@ client = 285-version-negotiation-client [285-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [285-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-285] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -7989,18 +8284,17 @@ client = 286-version-negotiation-client [286-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [286-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-286] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -8015,18 +8309,17 @@ client = 287-version-negotiation-client [287-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [287-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-287] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -8042,18 +8335,17 @@ client = 288-version-negotiation-client [288-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [288-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-288] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -8069,12 +8361,12 @@ client = 289-version-negotiation-client [289-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [289-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -8095,19 +8387,18 @@ client = 290-version-negotiation-client [290-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [290-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-290] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -8122,19 +8413,17 @@ client = 291-version-negotiation-client [291-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [291-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-291] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -8149,20 +8438,18 @@ client = 292-version-negotiation-client [292-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = SSLv3 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [292-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-292] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -8177,19 +8464,18 @@ client = 293-version-negotiation-client [293-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [293-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-293] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -8205,18 +8491,18 @@ client = 294-version-negotiation-client [294-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.1 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [294-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-294] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -8232,19 +8518,19 @@ client = 295-version-negotiation-client [295-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [295-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-295] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -8259,19 +8545,18 @@ client = 296-version-negotiation-client [296-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [296-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-296] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -8287,19 +8572,17 @@ client = 297-version-negotiation-client [297-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [297-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-297] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -8315,18 +8598,18 @@ client = 298-version-negotiation-client [298-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [298-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-298] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -8343,13 +8626,12 @@ client = 299-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [299-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -8371,13 +8653,12 @@ client = 300-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [300-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -8398,18 +8679,18 @@ client = 301-version-negotiation-client [301-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [301-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-301] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -8425,19 +8706,17 @@ client = 302-version-negotiation-client [302-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [302-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-302] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -8453,18 +8732,18 @@ client = 303-version-negotiation-client [303-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [303-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-303] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -8480,17 +8759,19 @@ client = 304-version-negotiation-client [304-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [304-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-304] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -8505,17 +8786,19 @@ client = 305-version-negotiation-client [305-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [305-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-305] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -8530,17 +8813,17 @@ client = 306-version-negotiation-client [306-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [306-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-306] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -8557,11 +8840,12 @@ client = 307-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [307-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -8582,16 +8866,18 @@ client = 308-version-negotiation-client [308-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [308-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-308] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -8607,18 +8893,18 @@ client = 309-version-negotiation-client [309-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [309-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-309] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -8633,18 +8919,19 @@ client = 310-version-negotiation-client [310-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [310-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-310] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -8659,18 +8946,17 @@ client = 311-version-negotiation-client [311-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [311-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-311] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -8686,19 +8972,18 @@ client = 312-version-negotiation-client [312-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [312-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-312] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -8713,17 +8998,18 @@ client = 313-version-negotiation-client [313-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [313-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-313] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -8739,18 +9025,19 @@ client = 314-version-negotiation-client [314-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [314-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-314] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -8765,18 +9052,18 @@ client = 315-version-negotiation-client [315-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [315-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-315] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -8792,18 +9079,18 @@ client = 316-version-negotiation-client [316-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [316-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-316] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -8819,17 +9106,17 @@ client = 317-version-negotiation-client [317-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [317-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-317] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -8845,19 +9132,19 @@ client = 318-version-negotiation-client [318-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = SSLv3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [318-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-318] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -8872,18 +9159,19 @@ client = 319-version-negotiation-client [319-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [319-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-319] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -8899,17 +9187,19 @@ client = 320-version-negotiation-client [320-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [320-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-320] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -8926,17 +9216,18 @@ client = 321-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [321-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-321] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -8952,17 +9243,19 @@ client = 322-version-negotiation-client [322-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [322-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-322] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -8978,18 +9271,19 @@ client = 323-version-negotiation-client [323-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [323-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-323] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -9005,17 +9299,19 @@ client = 324-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [324-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-324] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -9031,17 +9327,19 @@ client = 325-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [325-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-325] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -9057,17 +9355,18 @@ client = 326-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [326-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-326] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -9083,17 +9382,19 @@ client = 327-version-negotiation-client [327-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [327-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-327] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -9109,19 +9410,19 @@ client = 328-version-negotiation-client [328-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [328-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-328] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -9136,19 +9437,19 @@ client = 329-version-negotiation-client [329-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [329-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-329] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -9163,19 +9464,19 @@ client = 330-version-negotiation-client [330-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [330-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-330] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -9190,20 +9491,19 @@ client = 331-version-negotiation-client [331-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [331-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-331] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -9218,19 +9518,18 @@ client = 332-version-negotiation-client [332-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [332-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-332] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -9245,19 +9544,19 @@ client = 333-version-negotiation-client [333-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [333-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-333] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -9272,19 +9571,19 @@ client = 334-version-negotiation-client [334-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [334-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-334] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -9299,20 +9598,18 @@ client = 335-version-negotiation-client [335-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [335-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-335] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -9327,19 +9624,19 @@ client = 336-version-negotiation-client [336-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [336-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-336] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -9354,19 +9651,18 @@ client = 337-version-negotiation-client [337-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [337-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-337] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -9381,20 +9677,18 @@ client = 338-version-negotiation-client [338-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [338-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-338] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -9409,18 +9703,18 @@ client = 339-version-negotiation-client [339-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [339-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-339] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -9436,19 +9730,18 @@ client = 340-version-negotiation-client [340-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [340-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-340] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -9464,18 +9757,18 @@ client = 341-version-negotiation-client [341-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [341-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-341] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -9491,17 +9784,19 @@ client = 342-version-negotiation-client [342-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [342-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-342] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -9516,17 +9811,18 @@ client = 343-version-negotiation-client [343-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [343-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-343] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -9541,17 +9837,19 @@ client = 344-version-negotiation-client [344-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = SSLv3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [344-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-344] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -9566,17 +9864,19 @@ client = 345-version-negotiation-client [345-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [345-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-345] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -9592,16 +9892,19 @@ client = 346-version-negotiation-client [346-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [346-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-346] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -9617,18 +9920,20 @@ client = 347-version-negotiation-client [347-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.2 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [347-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-347] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -9643,18 +9948,20 @@ client = 348-version-negotiation-client [348-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.3 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [348-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-348] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -9669,18 +9976,19 @@ client = 349-version-negotiation-client [349-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [349-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-349] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -9695,18 +10003,19 @@ client = 350-version-negotiation-client [350-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [350-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-350] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -9722,17 +10031,19 @@ client = 351-version-negotiation-client [351-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [351-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-351] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -9748,18 +10059,20 @@ client = 352-version-negotiation-client [352-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.2 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [352-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-352] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -9774,18 +10087,20 @@ client = 353-version-negotiation-client [353-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [353-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-353] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -9800,18 +10115,18 @@ client = 354-version-negotiation-client [354-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [354-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-354] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -9827,17 +10142,19 @@ client = 355-version-negotiation-client [355-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [355-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-355] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -9853,18 +10170,20 @@ client = 356-version-negotiation-client [356-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [356-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-356] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -9879,18 +10198,19 @@ client = 357-version-negotiation-client [357-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [357-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-357] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -9911,12 +10231,13 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [358-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-358] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -9938,13 +10259,13 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [359-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-359] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -9959,17 +10280,8541 @@ client = 360-version-negotiation-client [360-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [360-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-360] -ExpectedProtocol = TLSv1.2 +ExpectedResult = ServerFail + + +# =========================================================== + +[361-version-negotiation] +ssl_conf = 361-version-negotiation-ssl + +[361-version-negotiation-ssl] +server = 361-version-negotiation-server +client = 361-version-negotiation-client + +[361-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[361-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-361] +ExpectedResult = ServerFail + + +# =========================================================== + +[362-version-negotiation] +ssl_conf = 362-version-negotiation-ssl + +[362-version-negotiation-ssl] +server = 362-version-negotiation-server +client = 362-version-negotiation-client + +[362-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[362-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-362] +ExpectedResult = ServerFail + + +# =========================================================== + +[363-version-negotiation] +ssl_conf = 363-version-negotiation-ssl + +[363-version-negotiation-ssl] +server = 363-version-negotiation-server +client = 363-version-negotiation-client + +[363-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[363-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-363] +ExpectedResult = ServerFail + + +# =========================================================== + +[364-version-negotiation] +ssl_conf = 364-version-negotiation-ssl + +[364-version-negotiation-ssl] +server = 364-version-negotiation-server +client = 364-version-negotiation-client + +[364-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[364-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-364] +ExpectedResult = ServerFail + + +# =========================================================== + +[365-version-negotiation] +ssl_conf = 365-version-negotiation-ssl + +[365-version-negotiation-ssl] +server = 365-version-negotiation-server +client = 365-version-negotiation-client + +[365-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[365-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-365] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[366-version-negotiation] +ssl_conf = 366-version-negotiation-ssl + +[366-version-negotiation-ssl] +server = 366-version-negotiation-server +client = 366-version-negotiation-client + +[366-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[366-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-366] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success +# =========================================================== + +[367-version-negotiation] +ssl_conf = 367-version-negotiation-ssl + +[367-version-negotiation-ssl] +server = 367-version-negotiation-server +client = 367-version-negotiation-client + +[367-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[367-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-367] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[368-version-negotiation] +ssl_conf = 368-version-negotiation-ssl + +[368-version-negotiation-ssl] +server = 368-version-negotiation-server +client = 368-version-negotiation-client + +[368-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[368-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-368] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[369-version-negotiation] +ssl_conf = 369-version-negotiation-ssl + +[369-version-negotiation-ssl] +server = 369-version-negotiation-server +client = 369-version-negotiation-client + +[369-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[369-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-369] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[370-version-negotiation] +ssl_conf = 370-version-negotiation-ssl + +[370-version-negotiation-ssl] +server = 370-version-negotiation-server +client = 370-version-negotiation-client + +[370-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[370-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-370] +ExpectedResult = ServerFail + + +# =========================================================== + +[371-version-negotiation] +ssl_conf = 371-version-negotiation-ssl + +[371-version-negotiation-ssl] +server = 371-version-negotiation-server +client = 371-version-negotiation-client + +[371-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[371-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-371] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[372-version-negotiation] +ssl_conf = 372-version-negotiation-ssl + +[372-version-negotiation-ssl] +server = 372-version-negotiation-server +client = 372-version-negotiation-client + +[372-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[372-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-372] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[373-version-negotiation] +ssl_conf = 373-version-negotiation-ssl + +[373-version-negotiation-ssl] +server = 373-version-negotiation-server +client = 373-version-negotiation-client + +[373-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[373-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-373] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[374-version-negotiation] +ssl_conf = 374-version-negotiation-ssl + +[374-version-negotiation-ssl] +server = 374-version-negotiation-server +client = 374-version-negotiation-client + +[374-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[374-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-374] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[375-version-negotiation] +ssl_conf = 375-version-negotiation-ssl + +[375-version-negotiation-ssl] +server = 375-version-negotiation-server +client = 375-version-negotiation-client + +[375-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[375-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-375] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[376-version-negotiation] +ssl_conf = 376-version-negotiation-ssl + +[376-version-negotiation-ssl] +server = 376-version-negotiation-server +client = 376-version-negotiation-client + +[376-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[376-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-376] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[377-version-negotiation] +ssl_conf = 377-version-negotiation-ssl + +[377-version-negotiation-ssl] +server = 377-version-negotiation-server +client = 377-version-negotiation-client + +[377-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[377-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-377] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[378-version-negotiation] +ssl_conf = 378-version-negotiation-ssl + +[378-version-negotiation-ssl] +server = 378-version-negotiation-server +client = 378-version-negotiation-client + +[378-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[378-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-378] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[379-version-negotiation] +ssl_conf = 379-version-negotiation-ssl + +[379-version-negotiation-ssl] +server = 379-version-negotiation-server +client = 379-version-negotiation-client + +[379-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[379-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-379] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[380-version-negotiation] +ssl_conf = 380-version-negotiation-ssl + +[380-version-negotiation-ssl] +server = 380-version-negotiation-server +client = 380-version-negotiation-client + +[380-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[380-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-380] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[381-version-negotiation] +ssl_conf = 381-version-negotiation-ssl + +[381-version-negotiation-ssl] +server = 381-version-negotiation-server +client = 381-version-negotiation-client + +[381-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[381-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-381] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[382-version-negotiation] +ssl_conf = 382-version-negotiation-ssl + +[382-version-negotiation-ssl] +server = 382-version-negotiation-server +client = 382-version-negotiation-client + +[382-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[382-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-382] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[383-version-negotiation] +ssl_conf = 383-version-negotiation-ssl + +[383-version-negotiation-ssl] +server = 383-version-negotiation-server +client = 383-version-negotiation-client + +[383-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[383-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-383] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[384-version-negotiation] +ssl_conf = 384-version-negotiation-ssl + +[384-version-negotiation-ssl] +server = 384-version-negotiation-server +client = 384-version-negotiation-client + +[384-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[384-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-384] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[385-version-negotiation] +ssl_conf = 385-version-negotiation-ssl + +[385-version-negotiation-ssl] +server = 385-version-negotiation-server +client = 385-version-negotiation-client + +[385-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[385-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-385] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[386-version-negotiation] +ssl_conf = 386-version-negotiation-ssl + +[386-version-negotiation-ssl] +server = 386-version-negotiation-server +client = 386-version-negotiation-client + +[386-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[386-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-386] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[387-version-negotiation] +ssl_conf = 387-version-negotiation-ssl + +[387-version-negotiation-ssl] +server = 387-version-negotiation-server +client = 387-version-negotiation-client + +[387-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[387-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-387] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[388-version-negotiation] +ssl_conf = 388-version-negotiation-ssl + +[388-version-negotiation-ssl] +server = 388-version-negotiation-server +client = 388-version-negotiation-client + +[388-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[388-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-388] +ExpectedResult = ServerFail + + +# =========================================================== + +[389-version-negotiation] +ssl_conf = 389-version-negotiation-ssl + +[389-version-negotiation-ssl] +server = 389-version-negotiation-server +client = 389-version-negotiation-client + +[389-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[389-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-389] +ExpectedResult = ServerFail + + +# =========================================================== + +[390-version-negotiation] +ssl_conf = 390-version-negotiation-ssl + +[390-version-negotiation-ssl] +server = 390-version-negotiation-server +client = 390-version-negotiation-client + +[390-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[390-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-390] +ExpectedResult = ServerFail + + +# =========================================================== + +[391-version-negotiation] +ssl_conf = 391-version-negotiation-ssl + +[391-version-negotiation-ssl] +server = 391-version-negotiation-server +client = 391-version-negotiation-client + +[391-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[391-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-391] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[392-version-negotiation] +ssl_conf = 392-version-negotiation-ssl + +[392-version-negotiation-ssl] +server = 392-version-negotiation-server +client = 392-version-negotiation-client + +[392-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[392-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-392] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[393-version-negotiation] +ssl_conf = 393-version-negotiation-ssl + +[393-version-negotiation-ssl] +server = 393-version-negotiation-server +client = 393-version-negotiation-client + +[393-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[393-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-393] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[394-version-negotiation] +ssl_conf = 394-version-negotiation-ssl + +[394-version-negotiation-ssl] +server = 394-version-negotiation-server +client = 394-version-negotiation-client + +[394-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[394-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-394] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[395-version-negotiation] +ssl_conf = 395-version-negotiation-ssl + +[395-version-negotiation-ssl] +server = 395-version-negotiation-server +client = 395-version-negotiation-client + +[395-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[395-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-395] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[396-version-negotiation] +ssl_conf = 396-version-negotiation-ssl + +[396-version-negotiation-ssl] +server = 396-version-negotiation-server +client = 396-version-negotiation-client + +[396-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[396-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-396] +ExpectedResult = ServerFail + + +# =========================================================== + +[397-version-negotiation] +ssl_conf = 397-version-negotiation-ssl + +[397-version-negotiation-ssl] +server = 397-version-negotiation-server +client = 397-version-negotiation-client + +[397-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[397-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-397] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[398-version-negotiation] +ssl_conf = 398-version-negotiation-ssl + +[398-version-negotiation-ssl] +server = 398-version-negotiation-server +client = 398-version-negotiation-client + +[398-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[398-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-398] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[399-version-negotiation] +ssl_conf = 399-version-negotiation-ssl + +[399-version-negotiation-ssl] +server = 399-version-negotiation-server +client = 399-version-negotiation-client + +[399-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[399-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-399] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[400-version-negotiation] +ssl_conf = 400-version-negotiation-ssl + +[400-version-negotiation-ssl] +server = 400-version-negotiation-server +client = 400-version-negotiation-client + +[400-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[400-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-400] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[401-version-negotiation] +ssl_conf = 401-version-negotiation-ssl + +[401-version-negotiation-ssl] +server = 401-version-negotiation-server +client = 401-version-negotiation-client + +[401-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[401-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-401] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[402-version-negotiation] +ssl_conf = 402-version-negotiation-ssl + +[402-version-negotiation-ssl] +server = 402-version-negotiation-server +client = 402-version-negotiation-client + +[402-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[402-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-402] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[403-version-negotiation] +ssl_conf = 403-version-negotiation-ssl + +[403-version-negotiation-ssl] +server = 403-version-negotiation-server +client = 403-version-negotiation-client + +[403-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[403-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-403] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[404-version-negotiation] +ssl_conf = 404-version-negotiation-ssl + +[404-version-negotiation-ssl] +server = 404-version-negotiation-server +client = 404-version-negotiation-client + +[404-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[404-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-404] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[405-version-negotiation] +ssl_conf = 405-version-negotiation-ssl + +[405-version-negotiation-ssl] +server = 405-version-negotiation-server +client = 405-version-negotiation-client + +[405-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[405-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-405] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[406-version-negotiation] +ssl_conf = 406-version-negotiation-ssl + +[406-version-negotiation-ssl] +server = 406-version-negotiation-server +client = 406-version-negotiation-client + +[406-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[406-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-406] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[407-version-negotiation] +ssl_conf = 407-version-negotiation-ssl + +[407-version-negotiation-ssl] +server = 407-version-negotiation-server +client = 407-version-negotiation-client + +[407-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[407-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-407] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[408-version-negotiation] +ssl_conf = 408-version-negotiation-ssl + +[408-version-negotiation-ssl] +server = 408-version-negotiation-server +client = 408-version-negotiation-client + +[408-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[408-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-408] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[409-version-negotiation] +ssl_conf = 409-version-negotiation-ssl + +[409-version-negotiation-ssl] +server = 409-version-negotiation-server +client = 409-version-negotiation-client + +[409-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[409-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-409] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[410-version-negotiation] +ssl_conf = 410-version-negotiation-ssl + +[410-version-negotiation-ssl] +server = 410-version-negotiation-server +client = 410-version-negotiation-client + +[410-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[410-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-410] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[411-version-negotiation] +ssl_conf = 411-version-negotiation-ssl + +[411-version-negotiation-ssl] +server = 411-version-negotiation-server +client = 411-version-negotiation-client + +[411-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[411-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-411] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[412-version-negotiation] +ssl_conf = 412-version-negotiation-ssl + +[412-version-negotiation-ssl] +server = 412-version-negotiation-server +client = 412-version-negotiation-client + +[412-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[412-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-412] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[413-version-negotiation] +ssl_conf = 413-version-negotiation-ssl + +[413-version-negotiation-ssl] +server = 413-version-negotiation-server +client = 413-version-negotiation-client + +[413-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[413-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-413] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[414-version-negotiation] +ssl_conf = 414-version-negotiation-ssl + +[414-version-negotiation-ssl] +server = 414-version-negotiation-server +client = 414-version-negotiation-client + +[414-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[414-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-414] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[415-version-negotiation] +ssl_conf = 415-version-negotiation-ssl + +[415-version-negotiation-ssl] +server = 415-version-negotiation-server +client = 415-version-negotiation-client + +[415-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[415-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-415] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[416-version-negotiation] +ssl_conf = 416-version-negotiation-ssl + +[416-version-negotiation-ssl] +server = 416-version-negotiation-server +client = 416-version-negotiation-client + +[416-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[416-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-416] +ExpectedResult = ServerFail + + +# =========================================================== + +[417-version-negotiation] +ssl_conf = 417-version-negotiation-ssl + +[417-version-negotiation-ssl] +server = 417-version-negotiation-server +client = 417-version-negotiation-client + +[417-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[417-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-417] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[418-version-negotiation] +ssl_conf = 418-version-negotiation-ssl + +[418-version-negotiation-ssl] +server = 418-version-negotiation-server +client = 418-version-negotiation-client + +[418-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[418-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-418] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[419-version-negotiation] +ssl_conf = 419-version-negotiation-ssl + +[419-version-negotiation-ssl] +server = 419-version-negotiation-server +client = 419-version-negotiation-client + +[419-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[419-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-419] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[420-version-negotiation] +ssl_conf = 420-version-negotiation-ssl + +[420-version-negotiation-ssl] +server = 420-version-negotiation-server +client = 420-version-negotiation-client + +[420-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[420-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-420] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[421-version-negotiation] +ssl_conf = 421-version-negotiation-ssl + +[421-version-negotiation-ssl] +server = 421-version-negotiation-server +client = 421-version-negotiation-client + +[421-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[421-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-421] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[422-version-negotiation] +ssl_conf = 422-version-negotiation-ssl + +[422-version-negotiation-ssl] +server = 422-version-negotiation-server +client = 422-version-negotiation-client + +[422-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[422-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-422] +ExpectedResult = ServerFail + + +# =========================================================== + +[423-version-negotiation] +ssl_conf = 423-version-negotiation-ssl + +[423-version-negotiation-ssl] +server = 423-version-negotiation-server +client = 423-version-negotiation-client + +[423-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[423-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-423] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[424-version-negotiation] +ssl_conf = 424-version-negotiation-ssl + +[424-version-negotiation-ssl] +server = 424-version-negotiation-server +client = 424-version-negotiation-client + +[424-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[424-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-424] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[425-version-negotiation] +ssl_conf = 425-version-negotiation-ssl + +[425-version-negotiation-ssl] +server = 425-version-negotiation-server +client = 425-version-negotiation-client + +[425-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[425-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-425] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[426-version-negotiation] +ssl_conf = 426-version-negotiation-ssl + +[426-version-negotiation-ssl] +server = 426-version-negotiation-server +client = 426-version-negotiation-client + +[426-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[426-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-426] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[427-version-negotiation] +ssl_conf = 427-version-negotiation-ssl + +[427-version-negotiation-ssl] +server = 427-version-negotiation-server +client = 427-version-negotiation-client + +[427-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[427-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-427] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[428-version-negotiation] +ssl_conf = 428-version-negotiation-ssl + +[428-version-negotiation-ssl] +server = 428-version-negotiation-server +client = 428-version-negotiation-client + +[428-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[428-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-428] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[429-version-negotiation] +ssl_conf = 429-version-negotiation-ssl + +[429-version-negotiation-ssl] +server = 429-version-negotiation-server +client = 429-version-negotiation-client + +[429-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[429-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-429] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[430-version-negotiation] +ssl_conf = 430-version-negotiation-ssl + +[430-version-negotiation-ssl] +server = 430-version-negotiation-server +client = 430-version-negotiation-client + +[430-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[430-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-430] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[431-version-negotiation] +ssl_conf = 431-version-negotiation-ssl + +[431-version-negotiation-ssl] +server = 431-version-negotiation-server +client = 431-version-negotiation-client + +[431-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[431-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-431] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[432-version-negotiation] +ssl_conf = 432-version-negotiation-ssl + +[432-version-negotiation-ssl] +server = 432-version-negotiation-server +client = 432-version-negotiation-client + +[432-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[432-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-432] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[433-version-negotiation] +ssl_conf = 433-version-negotiation-ssl + +[433-version-negotiation-ssl] +server = 433-version-negotiation-server +client = 433-version-negotiation-client + +[433-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[433-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-433] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[434-version-negotiation] +ssl_conf = 434-version-negotiation-ssl + +[434-version-negotiation-ssl] +server = 434-version-negotiation-server +client = 434-version-negotiation-client + +[434-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[434-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-434] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[435-version-negotiation] +ssl_conf = 435-version-negotiation-ssl + +[435-version-negotiation-ssl] +server = 435-version-negotiation-server +client = 435-version-negotiation-client + +[435-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[435-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-435] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[436-version-negotiation] +ssl_conf = 436-version-negotiation-ssl + +[436-version-negotiation-ssl] +server = 436-version-negotiation-server +client = 436-version-negotiation-client + +[436-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[436-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-436] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[437-version-negotiation] +ssl_conf = 437-version-negotiation-ssl + +[437-version-negotiation-ssl] +server = 437-version-negotiation-server +client = 437-version-negotiation-client + +[437-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[437-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-437] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[438-version-negotiation] +ssl_conf = 438-version-negotiation-ssl + +[438-version-negotiation-ssl] +server = 438-version-negotiation-server +client = 438-version-negotiation-client + +[438-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[438-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-438] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[439-version-negotiation] +ssl_conf = 439-version-negotiation-ssl + +[439-version-negotiation-ssl] +server = 439-version-negotiation-server +client = 439-version-negotiation-client + +[439-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[439-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-439] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[440-version-negotiation] +ssl_conf = 440-version-negotiation-ssl + +[440-version-negotiation-ssl] +server = 440-version-negotiation-server +client = 440-version-negotiation-client + +[440-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[440-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-440] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[441-version-negotiation] +ssl_conf = 441-version-negotiation-ssl + +[441-version-negotiation-ssl] +server = 441-version-negotiation-server +client = 441-version-negotiation-client + +[441-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[441-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-441] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[442-version-negotiation] +ssl_conf = 442-version-negotiation-ssl + +[442-version-negotiation-ssl] +server = 442-version-negotiation-server +client = 442-version-negotiation-client + +[442-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[442-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-442] +ExpectedResult = ServerFail + + +# =========================================================== + +[443-version-negotiation] +ssl_conf = 443-version-negotiation-ssl + +[443-version-negotiation-ssl] +server = 443-version-negotiation-server +client = 443-version-negotiation-client + +[443-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[443-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-443] +ExpectedResult = ClientFail + + +# =========================================================== + +[444-version-negotiation] +ssl_conf = 444-version-negotiation-ssl + +[444-version-negotiation-ssl] +server = 444-version-negotiation-server +client = 444-version-negotiation-client + +[444-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[444-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-444] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[445-version-negotiation] +ssl_conf = 445-version-negotiation-ssl + +[445-version-negotiation-ssl] +server = 445-version-negotiation-server +client = 445-version-negotiation-client + +[445-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[445-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-445] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[446-version-negotiation] +ssl_conf = 446-version-negotiation-ssl + +[446-version-negotiation-ssl] +server = 446-version-negotiation-server +client = 446-version-negotiation-client + +[446-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[446-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-446] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[447-version-negotiation] +ssl_conf = 447-version-negotiation-ssl + +[447-version-negotiation-ssl] +server = 447-version-negotiation-server +client = 447-version-negotiation-client + +[447-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[447-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-447] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[448-version-negotiation] +ssl_conf = 448-version-negotiation-ssl + +[448-version-negotiation-ssl] +server = 448-version-negotiation-server +client = 448-version-negotiation-client + +[448-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[448-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-448] +ExpectedResult = ServerFail + + +# =========================================================== + +[449-version-negotiation] +ssl_conf = 449-version-negotiation-ssl + +[449-version-negotiation-ssl] +server = 449-version-negotiation-server +client = 449-version-negotiation-client + +[449-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[449-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-449] +ExpectedResult = ClientFail + + +# =========================================================== + +[450-version-negotiation] +ssl_conf = 450-version-negotiation-ssl + +[450-version-negotiation-ssl] +server = 450-version-negotiation-server +client = 450-version-negotiation-client + +[450-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[450-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-450] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[451-version-negotiation] +ssl_conf = 451-version-negotiation-ssl + +[451-version-negotiation-ssl] +server = 451-version-negotiation-server +client = 451-version-negotiation-client + +[451-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[451-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-451] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[452-version-negotiation] +ssl_conf = 452-version-negotiation-ssl + +[452-version-negotiation-ssl] +server = 452-version-negotiation-server +client = 452-version-negotiation-client + +[452-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[452-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-452] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[453-version-negotiation] +ssl_conf = 453-version-negotiation-ssl + +[453-version-negotiation-ssl] +server = 453-version-negotiation-server +client = 453-version-negotiation-client + +[453-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[453-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-453] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[454-version-negotiation] +ssl_conf = 454-version-negotiation-ssl + +[454-version-negotiation-ssl] +server = 454-version-negotiation-server +client = 454-version-negotiation-client + +[454-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[454-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-454] +ExpectedResult = ClientFail + + +# =========================================================== + +[455-version-negotiation] +ssl_conf = 455-version-negotiation-ssl + +[455-version-negotiation-ssl] +server = 455-version-negotiation-server +client = 455-version-negotiation-client + +[455-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[455-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-455] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[456-version-negotiation] +ssl_conf = 456-version-negotiation-ssl + +[456-version-negotiation-ssl] +server = 456-version-negotiation-server +client = 456-version-negotiation-client + +[456-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[456-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-456] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[457-version-negotiation] +ssl_conf = 457-version-negotiation-ssl + +[457-version-negotiation-ssl] +server = 457-version-negotiation-server +client = 457-version-negotiation-client + +[457-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[457-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-457] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[458-version-negotiation] +ssl_conf = 458-version-negotiation-ssl + +[458-version-negotiation-ssl] +server = 458-version-negotiation-server +client = 458-version-negotiation-client + +[458-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[458-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-458] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[459-version-negotiation] +ssl_conf = 459-version-negotiation-ssl + +[459-version-negotiation-ssl] +server = 459-version-negotiation-server +client = 459-version-negotiation-client + +[459-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[459-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-459] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[460-version-negotiation] +ssl_conf = 460-version-negotiation-ssl + +[460-version-negotiation-ssl] +server = 460-version-negotiation-server +client = 460-version-negotiation-client + +[460-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[460-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-460] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[461-version-negotiation] +ssl_conf = 461-version-negotiation-ssl + +[461-version-negotiation-ssl] +server = 461-version-negotiation-server +client = 461-version-negotiation-client + +[461-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[461-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-461] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[462-version-negotiation] +ssl_conf = 462-version-negotiation-ssl + +[462-version-negotiation-ssl] +server = 462-version-negotiation-server +client = 462-version-negotiation-client + +[462-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[462-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-462] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[463-version-negotiation] +ssl_conf = 463-version-negotiation-ssl + +[463-version-negotiation-ssl] +server = 463-version-negotiation-server +client = 463-version-negotiation-client + +[463-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[463-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-463] +ExpectedResult = ServerFail + + +# =========================================================== + +[464-version-negotiation] +ssl_conf = 464-version-negotiation-ssl + +[464-version-negotiation-ssl] +server = 464-version-negotiation-server +client = 464-version-negotiation-client + +[464-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[464-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-464] +ExpectedResult = ServerFail + + +# =========================================================== + +[465-version-negotiation] +ssl_conf = 465-version-negotiation-ssl + +[465-version-negotiation-ssl] +server = 465-version-negotiation-server +client = 465-version-negotiation-client + +[465-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[465-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-465] +ExpectedResult = ServerFail + + +# =========================================================== + +[466-version-negotiation] +ssl_conf = 466-version-negotiation-ssl + +[466-version-negotiation-ssl] +server = 466-version-negotiation-server +client = 466-version-negotiation-client + +[466-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[466-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-466] +ExpectedResult = ServerFail + + +# =========================================================== + +[467-version-negotiation] +ssl_conf = 467-version-negotiation-ssl + +[467-version-negotiation-ssl] +server = 467-version-negotiation-server +client = 467-version-negotiation-client + +[467-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[467-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-467] +ExpectedResult = ServerFail + + +# =========================================================== + +[468-version-negotiation] +ssl_conf = 468-version-negotiation-ssl + +[468-version-negotiation-ssl] +server = 468-version-negotiation-server +client = 468-version-negotiation-client + +[468-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[468-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-468] +ExpectedResult = ServerFail + + +# =========================================================== + +[469-version-negotiation] +ssl_conf = 469-version-negotiation-ssl + +[469-version-negotiation-ssl] +server = 469-version-negotiation-server +client = 469-version-negotiation-client + +[469-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[469-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-469] +ExpectedResult = ClientFail + + +# =========================================================== + +[470-version-negotiation] +ssl_conf = 470-version-negotiation-ssl + +[470-version-negotiation-ssl] +server = 470-version-negotiation-server +client = 470-version-negotiation-client + +[470-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[470-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-470] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[471-version-negotiation] +ssl_conf = 471-version-negotiation-ssl + +[471-version-negotiation-ssl] +server = 471-version-negotiation-server +client = 471-version-negotiation-client + +[471-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[471-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-471] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[472-version-negotiation] +ssl_conf = 472-version-negotiation-ssl + +[472-version-negotiation-ssl] +server = 472-version-negotiation-server +client = 472-version-negotiation-client + +[472-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[472-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-472] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[473-version-negotiation] +ssl_conf = 473-version-negotiation-ssl + +[473-version-negotiation-ssl] +server = 473-version-negotiation-server +client = 473-version-negotiation-client + +[473-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[473-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-473] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[474-version-negotiation] +ssl_conf = 474-version-negotiation-ssl + +[474-version-negotiation-ssl] +server = 474-version-negotiation-server +client = 474-version-negotiation-client + +[474-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[474-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-474] +ExpectedResult = ServerFail + + +# =========================================================== + +[475-version-negotiation] +ssl_conf = 475-version-negotiation-ssl + +[475-version-negotiation-ssl] +server = 475-version-negotiation-server +client = 475-version-negotiation-client + +[475-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[475-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-475] +ExpectedResult = ClientFail + + +# =========================================================== + +[476-version-negotiation] +ssl_conf = 476-version-negotiation-ssl + +[476-version-negotiation-ssl] +server = 476-version-negotiation-server +client = 476-version-negotiation-client + +[476-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[476-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-476] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[477-version-negotiation] +ssl_conf = 477-version-negotiation-ssl + +[477-version-negotiation-ssl] +server = 477-version-negotiation-server +client = 477-version-negotiation-client + +[477-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[477-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-477] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[478-version-negotiation] +ssl_conf = 478-version-negotiation-ssl + +[478-version-negotiation-ssl] +server = 478-version-negotiation-server +client = 478-version-negotiation-client + +[478-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[478-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-478] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[479-version-negotiation] +ssl_conf = 479-version-negotiation-ssl + +[479-version-negotiation-ssl] +server = 479-version-negotiation-server +client = 479-version-negotiation-client + +[479-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[479-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-479] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[480-version-negotiation] +ssl_conf = 480-version-negotiation-ssl + +[480-version-negotiation-ssl] +server = 480-version-negotiation-server +client = 480-version-negotiation-client + +[480-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[480-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-480] +ExpectedResult = ClientFail + + +# =========================================================== + +[481-version-negotiation] +ssl_conf = 481-version-negotiation-ssl + +[481-version-negotiation-ssl] +server = 481-version-negotiation-server +client = 481-version-negotiation-client + +[481-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[481-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-481] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[482-version-negotiation] +ssl_conf = 482-version-negotiation-ssl + +[482-version-negotiation-ssl] +server = 482-version-negotiation-server +client = 482-version-negotiation-client + +[482-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[482-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-482] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[483-version-negotiation] +ssl_conf = 483-version-negotiation-ssl + +[483-version-negotiation-ssl] +server = 483-version-negotiation-server +client = 483-version-negotiation-client + +[483-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[483-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-483] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[484-version-negotiation] +ssl_conf = 484-version-negotiation-ssl + +[484-version-negotiation-ssl] +server = 484-version-negotiation-server +client = 484-version-negotiation-client + +[484-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[484-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-484] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[485-version-negotiation] +ssl_conf = 485-version-negotiation-ssl + +[485-version-negotiation-ssl] +server = 485-version-negotiation-server +client = 485-version-negotiation-client + +[485-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[485-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-485] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[486-version-negotiation] +ssl_conf = 486-version-negotiation-ssl + +[486-version-negotiation-ssl] +server = 486-version-negotiation-server +client = 486-version-negotiation-client + +[486-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[486-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-486] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[487-version-negotiation] +ssl_conf = 487-version-negotiation-ssl + +[487-version-negotiation-ssl] +server = 487-version-negotiation-server +client = 487-version-negotiation-client + +[487-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[487-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-487] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[488-version-negotiation] +ssl_conf = 488-version-negotiation-ssl + +[488-version-negotiation-ssl] +server = 488-version-negotiation-server +client = 488-version-negotiation-client + +[488-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[488-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-488] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[489-version-negotiation] +ssl_conf = 489-version-negotiation-ssl + +[489-version-negotiation-ssl] +server = 489-version-negotiation-server +client = 489-version-negotiation-client + +[489-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[489-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-489] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[490-version-negotiation] +ssl_conf = 490-version-negotiation-ssl + +[490-version-negotiation-ssl] +server = 490-version-negotiation-server +client = 490-version-negotiation-client + +[490-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[490-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-490] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[491-version-negotiation] +ssl_conf = 491-version-negotiation-ssl + +[491-version-negotiation-ssl] +server = 491-version-negotiation-server +client = 491-version-negotiation-client + +[491-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[491-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-491] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[492-version-negotiation] +ssl_conf = 492-version-negotiation-ssl + +[492-version-negotiation-ssl] +server = 492-version-negotiation-server +client = 492-version-negotiation-client + +[492-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[492-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-492] +ExpectedResult = ServerFail + + +# =========================================================== + +[493-version-negotiation] +ssl_conf = 493-version-negotiation-ssl + +[493-version-negotiation-ssl] +server = 493-version-negotiation-server +client = 493-version-negotiation-client + +[493-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[493-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-493] +ExpectedResult = ServerFail + + +# =========================================================== + +[494-version-negotiation] +ssl_conf = 494-version-negotiation-ssl + +[494-version-negotiation-ssl] +server = 494-version-negotiation-server +client = 494-version-negotiation-client + +[494-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[494-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-494] +ExpectedResult = ServerFail + + +# =========================================================== + +[495-version-negotiation] +ssl_conf = 495-version-negotiation-ssl + +[495-version-negotiation-ssl] +server = 495-version-negotiation-server +client = 495-version-negotiation-client + +[495-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[495-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-495] +ExpectedResult = ServerFail + + +# =========================================================== + +[496-version-negotiation] +ssl_conf = 496-version-negotiation-ssl + +[496-version-negotiation-ssl] +server = 496-version-negotiation-server +client = 496-version-negotiation-client + +[496-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[496-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-496] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[497-version-negotiation] +ssl_conf = 497-version-negotiation-ssl + +[497-version-negotiation-ssl] +server = 497-version-negotiation-server +client = 497-version-negotiation-client + +[497-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[497-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-497] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[498-version-negotiation] +ssl_conf = 498-version-negotiation-ssl + +[498-version-negotiation-ssl] +server = 498-version-negotiation-server +client = 498-version-negotiation-client + +[498-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[498-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-498] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[499-version-negotiation] +ssl_conf = 499-version-negotiation-ssl + +[499-version-negotiation-ssl] +server = 499-version-negotiation-server +client = 499-version-negotiation-client + +[499-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[499-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-499] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[500-version-negotiation] +ssl_conf = 500-version-negotiation-ssl + +[500-version-negotiation-ssl] +server = 500-version-negotiation-server +client = 500-version-negotiation-client + +[500-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[500-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-500] +ExpectedResult = ServerFail + + +# =========================================================== + +[501-version-negotiation] +ssl_conf = 501-version-negotiation-ssl + +[501-version-negotiation-ssl] +server = 501-version-negotiation-server +client = 501-version-negotiation-client + +[501-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[501-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-501] +ExpectedResult = ServerFail + + +# =========================================================== + +[502-version-negotiation] +ssl_conf = 502-version-negotiation-ssl + +[502-version-negotiation-ssl] +server = 502-version-negotiation-server +client = 502-version-negotiation-client + +[502-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[502-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-502] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[503-version-negotiation] +ssl_conf = 503-version-negotiation-ssl + +[503-version-negotiation-ssl] +server = 503-version-negotiation-server +client = 503-version-negotiation-client + +[503-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[503-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-503] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[504-version-negotiation] +ssl_conf = 504-version-negotiation-ssl + +[504-version-negotiation-ssl] +server = 504-version-negotiation-server +client = 504-version-negotiation-client + +[504-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[504-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-504] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[505-version-negotiation] +ssl_conf = 505-version-negotiation-ssl + +[505-version-negotiation-ssl] +server = 505-version-negotiation-server +client = 505-version-negotiation-client + +[505-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[505-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-505] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[506-version-negotiation] +ssl_conf = 506-version-negotiation-ssl + +[506-version-negotiation-ssl] +server = 506-version-negotiation-server +client = 506-version-negotiation-client + +[506-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[506-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-506] +ExpectedResult = ServerFail + + +# =========================================================== + +[507-version-negotiation] +ssl_conf = 507-version-negotiation-ssl + +[507-version-negotiation-ssl] +server = 507-version-negotiation-server +client = 507-version-negotiation-client + +[507-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[507-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-507] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[508-version-negotiation] +ssl_conf = 508-version-negotiation-ssl + +[508-version-negotiation-ssl] +server = 508-version-negotiation-server +client = 508-version-negotiation-client + +[508-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[508-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-508] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[509-version-negotiation] +ssl_conf = 509-version-negotiation-ssl + +[509-version-negotiation-ssl] +server = 509-version-negotiation-server +client = 509-version-negotiation-client + +[509-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[509-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-509] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[510-version-negotiation] +ssl_conf = 510-version-negotiation-ssl + +[510-version-negotiation-ssl] +server = 510-version-negotiation-server +client = 510-version-negotiation-client + +[510-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[510-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-510] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[511-version-negotiation] +ssl_conf = 511-version-negotiation-ssl + +[511-version-negotiation-ssl] +server = 511-version-negotiation-server +client = 511-version-negotiation-client + +[511-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[511-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-511] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[512-version-negotiation] +ssl_conf = 512-version-negotiation-ssl + +[512-version-negotiation-ssl] +server = 512-version-negotiation-server +client = 512-version-negotiation-client + +[512-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[512-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-512] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[513-version-negotiation] +ssl_conf = 513-version-negotiation-ssl + +[513-version-negotiation-ssl] +server = 513-version-negotiation-server +client = 513-version-negotiation-client + +[513-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[513-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-513] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[514-version-negotiation] +ssl_conf = 514-version-negotiation-ssl + +[514-version-negotiation-ssl] +server = 514-version-negotiation-server +client = 514-version-negotiation-client + +[514-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[514-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-514] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[515-version-negotiation] +ssl_conf = 515-version-negotiation-ssl + +[515-version-negotiation-ssl] +server = 515-version-negotiation-server +client = 515-version-negotiation-client + +[515-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[515-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-515] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[516-version-negotiation] +ssl_conf = 516-version-negotiation-ssl + +[516-version-negotiation-ssl] +server = 516-version-negotiation-server +client = 516-version-negotiation-client + +[516-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[516-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-516] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[517-version-negotiation] +ssl_conf = 517-version-negotiation-ssl + +[517-version-negotiation-ssl] +server = 517-version-negotiation-server +client = 517-version-negotiation-client + +[517-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[517-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-517] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[518-version-negotiation] +ssl_conf = 518-version-negotiation-ssl + +[518-version-negotiation-ssl] +server = 518-version-negotiation-server +client = 518-version-negotiation-client + +[518-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[518-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-518] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[519-version-negotiation] +ssl_conf = 519-version-negotiation-ssl + +[519-version-negotiation-ssl] +server = 519-version-negotiation-server +client = 519-version-negotiation-client + +[519-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[519-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-519] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[520-version-negotiation] +ssl_conf = 520-version-negotiation-ssl + +[520-version-negotiation-ssl] +server = 520-version-negotiation-server +client = 520-version-negotiation-client + +[520-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[520-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-520] +ExpectedResult = ServerFail + + +# =========================================================== + +[521-version-negotiation] +ssl_conf = 521-version-negotiation-ssl + +[521-version-negotiation-ssl] +server = 521-version-negotiation-server +client = 521-version-negotiation-client + +[521-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[521-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-521] +ExpectedResult = ServerFail + + +# =========================================================== + +[522-version-negotiation] +ssl_conf = 522-version-negotiation-ssl + +[522-version-negotiation-ssl] +server = 522-version-negotiation-server +client = 522-version-negotiation-client + +[522-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[522-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-522] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[523-version-negotiation] +ssl_conf = 523-version-negotiation-ssl + +[523-version-negotiation-ssl] +server = 523-version-negotiation-server +client = 523-version-negotiation-client + +[523-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[523-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-523] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[524-version-negotiation] +ssl_conf = 524-version-negotiation-ssl + +[524-version-negotiation-ssl] +server = 524-version-negotiation-server +client = 524-version-negotiation-client + +[524-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[524-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-524] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[525-version-negotiation] +ssl_conf = 525-version-negotiation-ssl + +[525-version-negotiation-ssl] +server = 525-version-negotiation-server +client = 525-version-negotiation-client + +[525-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[525-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-525] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[526-version-negotiation] +ssl_conf = 526-version-negotiation-ssl + +[526-version-negotiation-ssl] +server = 526-version-negotiation-server +client = 526-version-negotiation-client + +[526-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[526-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-526] +ExpectedResult = ServerFail + + +# =========================================================== + +[527-version-negotiation] +ssl_conf = 527-version-negotiation-ssl + +[527-version-negotiation-ssl] +server = 527-version-negotiation-server +client = 527-version-negotiation-client + +[527-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[527-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-527] +ExpectedResult = ServerFail + + +# =========================================================== + +[528-version-negotiation] +ssl_conf = 528-version-negotiation-ssl + +[528-version-negotiation-ssl] +server = 528-version-negotiation-server +client = 528-version-negotiation-client + +[528-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[528-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-528] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[529-version-negotiation] +ssl_conf = 529-version-negotiation-ssl + +[529-version-negotiation-ssl] +server = 529-version-negotiation-server +client = 529-version-negotiation-client + +[529-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[529-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-529] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[530-version-negotiation] +ssl_conf = 530-version-negotiation-ssl + +[530-version-negotiation-ssl] +server = 530-version-negotiation-server +client = 530-version-negotiation-client + +[530-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[530-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-530] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[531-version-negotiation] +ssl_conf = 531-version-negotiation-ssl + +[531-version-negotiation-ssl] +server = 531-version-negotiation-server +client = 531-version-negotiation-client + +[531-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[531-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-531] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[532-version-negotiation] +ssl_conf = 532-version-negotiation-ssl + +[532-version-negotiation-ssl] +server = 532-version-negotiation-server +client = 532-version-negotiation-client + +[532-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[532-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-532] +ExpectedResult = ServerFail + + +# =========================================================== + +[533-version-negotiation] +ssl_conf = 533-version-negotiation-ssl + +[533-version-negotiation-ssl] +server = 533-version-negotiation-server +client = 533-version-negotiation-client + +[533-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[533-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-533] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[534-version-negotiation] +ssl_conf = 534-version-negotiation-ssl + +[534-version-negotiation-ssl] +server = 534-version-negotiation-server +client = 534-version-negotiation-client + +[534-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[534-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-534] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[535-version-negotiation] +ssl_conf = 535-version-negotiation-ssl + +[535-version-negotiation-ssl] +server = 535-version-negotiation-server +client = 535-version-negotiation-client + +[535-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[535-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-535] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[536-version-negotiation] +ssl_conf = 536-version-negotiation-ssl + +[536-version-negotiation-ssl] +server = 536-version-negotiation-server +client = 536-version-negotiation-client + +[536-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[536-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-536] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[537-version-negotiation] +ssl_conf = 537-version-negotiation-ssl + +[537-version-negotiation-ssl] +server = 537-version-negotiation-server +client = 537-version-negotiation-client + +[537-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[537-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-537] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[538-version-negotiation] +ssl_conf = 538-version-negotiation-ssl + +[538-version-negotiation-ssl] +server = 538-version-negotiation-server +client = 538-version-negotiation-client + +[538-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[538-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-538] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[539-version-negotiation] +ssl_conf = 539-version-negotiation-ssl + +[539-version-negotiation-ssl] +server = 539-version-negotiation-server +client = 539-version-negotiation-client + +[539-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[539-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-539] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[540-version-negotiation] +ssl_conf = 540-version-negotiation-ssl + +[540-version-negotiation-ssl] +server = 540-version-negotiation-server +client = 540-version-negotiation-client + +[540-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[540-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-540] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[541-version-negotiation] +ssl_conf = 541-version-negotiation-ssl + +[541-version-negotiation-ssl] +server = 541-version-negotiation-server +client = 541-version-negotiation-client + +[541-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[541-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-541] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[542-version-negotiation] +ssl_conf = 542-version-negotiation-ssl + +[542-version-negotiation-ssl] +server = 542-version-negotiation-server +client = 542-version-negotiation-client + +[542-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[542-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-542] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[543-version-negotiation] +ssl_conf = 543-version-negotiation-ssl + +[543-version-negotiation-ssl] +server = 543-version-negotiation-server +client = 543-version-negotiation-client + +[543-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[543-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-543] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[544-version-negotiation] +ssl_conf = 544-version-negotiation-ssl + +[544-version-negotiation-ssl] +server = 544-version-negotiation-server +client = 544-version-negotiation-client + +[544-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[544-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-544] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[545-version-negotiation] +ssl_conf = 545-version-negotiation-ssl + +[545-version-negotiation-ssl] +server = 545-version-negotiation-server +client = 545-version-negotiation-client + +[545-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[545-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-545] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[546-version-negotiation] +ssl_conf = 546-version-negotiation-ssl + +[546-version-negotiation-ssl] +server = 546-version-negotiation-server +client = 546-version-negotiation-client + +[546-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[546-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-546] +ExpectedResult = ServerFail + + +# =========================================================== + +[547-version-negotiation] +ssl_conf = 547-version-negotiation-ssl + +[547-version-negotiation-ssl] +server = 547-version-negotiation-server +client = 547-version-negotiation-client + +[547-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[547-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-547] +ExpectedResult = ClientFail + + +# =========================================================== + +[548-version-negotiation] +ssl_conf = 548-version-negotiation-ssl + +[548-version-negotiation-ssl] +server = 548-version-negotiation-server +client = 548-version-negotiation-client + +[548-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[548-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-548] +ExpectedResult = ClientFail + + +# =========================================================== + +[549-version-negotiation] +ssl_conf = 549-version-negotiation-ssl + +[549-version-negotiation-ssl] +server = 549-version-negotiation-server +client = 549-version-negotiation-client + +[549-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[549-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-549] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[550-version-negotiation] +ssl_conf = 550-version-negotiation-ssl + +[550-version-negotiation-ssl] +server = 550-version-negotiation-server +client = 550-version-negotiation-client + +[550-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[550-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-550] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[551-version-negotiation] +ssl_conf = 551-version-negotiation-ssl + +[551-version-negotiation-ssl] +server = 551-version-negotiation-server +client = 551-version-negotiation-client + +[551-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[551-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-551] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[552-version-negotiation] +ssl_conf = 552-version-negotiation-ssl + +[552-version-negotiation-ssl] +server = 552-version-negotiation-server +client = 552-version-negotiation-client + +[552-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[552-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-552] +ExpectedResult = ServerFail + + +# =========================================================== + +[553-version-negotiation] +ssl_conf = 553-version-negotiation-ssl + +[553-version-negotiation-ssl] +server = 553-version-negotiation-server +client = 553-version-negotiation-client + +[553-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[553-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-553] +ExpectedResult = ClientFail + + +# =========================================================== + +[554-version-negotiation] +ssl_conf = 554-version-negotiation-ssl + +[554-version-negotiation-ssl] +server = 554-version-negotiation-server +client = 554-version-negotiation-client + +[554-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[554-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-554] +ExpectedResult = ClientFail + + +# =========================================================== + +[555-version-negotiation] +ssl_conf = 555-version-negotiation-ssl + +[555-version-negotiation-ssl] +server = 555-version-negotiation-server +client = 555-version-negotiation-client + +[555-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[555-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-555] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[556-version-negotiation] +ssl_conf = 556-version-negotiation-ssl + +[556-version-negotiation-ssl] +server = 556-version-negotiation-server +client = 556-version-negotiation-client + +[556-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[556-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-556] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[557-version-negotiation] +ssl_conf = 557-version-negotiation-ssl + +[557-version-negotiation-ssl] +server = 557-version-negotiation-server +client = 557-version-negotiation-client + +[557-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[557-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-557] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[558-version-negotiation] +ssl_conf = 558-version-negotiation-ssl + +[558-version-negotiation-ssl] +server = 558-version-negotiation-server +client = 558-version-negotiation-client + +[558-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[558-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-558] +ExpectedResult = ClientFail + + +# =========================================================== + +[559-version-negotiation] +ssl_conf = 559-version-negotiation-ssl + +[559-version-negotiation-ssl] +server = 559-version-negotiation-server +client = 559-version-negotiation-client + +[559-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[559-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-559] +ExpectedResult = ClientFail + + +# =========================================================== + +[560-version-negotiation] +ssl_conf = 560-version-negotiation-ssl + +[560-version-negotiation-ssl] +server = 560-version-negotiation-server +client = 560-version-negotiation-client + +[560-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[560-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-560] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[561-version-negotiation] +ssl_conf = 561-version-negotiation-ssl + +[561-version-negotiation-ssl] +server = 561-version-negotiation-server +client = 561-version-negotiation-client + +[561-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[561-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-561] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[562-version-negotiation] +ssl_conf = 562-version-negotiation-ssl + +[562-version-negotiation-ssl] +server = 562-version-negotiation-server +client = 562-version-negotiation-client + +[562-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[562-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-562] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[563-version-negotiation] +ssl_conf = 563-version-negotiation-ssl + +[563-version-negotiation-ssl] +server = 563-version-negotiation-server +client = 563-version-negotiation-client + +[563-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[563-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-563] +ExpectedResult = ClientFail + + +# =========================================================== + +[564-version-negotiation] +ssl_conf = 564-version-negotiation-ssl + +[564-version-negotiation-ssl] +server = 564-version-negotiation-server +client = 564-version-negotiation-client + +[564-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[564-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-564] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[565-version-negotiation] +ssl_conf = 565-version-negotiation-ssl + +[565-version-negotiation-ssl] +server = 565-version-negotiation-server +client = 565-version-negotiation-client + +[565-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[565-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-565] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[566-version-negotiation] +ssl_conf = 566-version-negotiation-ssl + +[566-version-negotiation-ssl] +server = 566-version-negotiation-server +client = 566-version-negotiation-client + +[566-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[566-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-566] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[567-version-negotiation] +ssl_conf = 567-version-negotiation-ssl + +[567-version-negotiation-ssl] +server = 567-version-negotiation-server +client = 567-version-negotiation-client + +[567-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[567-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-567] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[568-version-negotiation] +ssl_conf = 568-version-negotiation-ssl + +[568-version-negotiation-ssl] +server = 568-version-negotiation-server +client = 568-version-negotiation-client + +[568-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[568-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-568] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[569-version-negotiation] +ssl_conf = 569-version-negotiation-ssl + +[569-version-negotiation-ssl] +server = 569-version-negotiation-server +client = 569-version-negotiation-client + +[569-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[569-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-569] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[570-version-negotiation] +ssl_conf = 570-version-negotiation-ssl + +[570-version-negotiation-ssl] +server = 570-version-negotiation-server +client = 570-version-negotiation-client + +[570-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[570-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-570] +ExpectedResult = ServerFail + + +# =========================================================== + +[571-version-negotiation] +ssl_conf = 571-version-negotiation-ssl + +[571-version-negotiation-ssl] +server = 571-version-negotiation-server +client = 571-version-negotiation-client + +[571-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[571-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-571] +ExpectedResult = ServerFail + + +# =========================================================== + +[572-version-negotiation] +ssl_conf = 572-version-negotiation-ssl + +[572-version-negotiation-ssl] +server = 572-version-negotiation-server +client = 572-version-negotiation-client + +[572-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[572-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-572] +ExpectedResult = ServerFail + + +# =========================================================== + +[573-version-negotiation] +ssl_conf = 573-version-negotiation-ssl + +[573-version-negotiation-ssl] +server = 573-version-negotiation-server +client = 573-version-negotiation-client + +[573-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[573-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-573] +ExpectedResult = ServerFail + + +# =========================================================== + +[574-version-negotiation] +ssl_conf = 574-version-negotiation-ssl + +[574-version-negotiation-ssl] +server = 574-version-negotiation-server +client = 574-version-negotiation-client + +[574-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[574-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-574] +ExpectedResult = ServerFail + + +# =========================================================== + +[575-version-negotiation] +ssl_conf = 575-version-negotiation-ssl + +[575-version-negotiation-ssl] +server = 575-version-negotiation-server +client = 575-version-negotiation-client + +[575-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[575-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-575] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[576-version-negotiation] +ssl_conf = 576-version-negotiation-ssl + +[576-version-negotiation-ssl] +server = 576-version-negotiation-server +client = 576-version-negotiation-client + +[576-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[576-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-576] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[577-version-negotiation] +ssl_conf = 577-version-negotiation-ssl + +[577-version-negotiation-ssl] +server = 577-version-negotiation-server +client = 577-version-negotiation-client + +[577-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[577-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-577] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[578-version-negotiation] +ssl_conf = 578-version-negotiation-ssl + +[578-version-negotiation-ssl] +server = 578-version-negotiation-server +client = 578-version-negotiation-client + +[578-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[578-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-578] +ExpectedResult = ServerFail + + +# =========================================================== + +[579-version-negotiation] +ssl_conf = 579-version-negotiation-ssl + +[579-version-negotiation-ssl] +server = 579-version-negotiation-server +client = 579-version-negotiation-client + +[579-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[579-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-579] +ExpectedResult = ServerFail + + +# =========================================================== + +[580-version-negotiation] +ssl_conf = 580-version-negotiation-ssl + +[580-version-negotiation-ssl] +server = 580-version-negotiation-server +client = 580-version-negotiation-client + +[580-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[580-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-580] +ExpectedResult = ServerFail + + +# =========================================================== + +[581-version-negotiation] +ssl_conf = 581-version-negotiation-ssl + +[581-version-negotiation-ssl] +server = 581-version-negotiation-server +client = 581-version-negotiation-client + +[581-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[581-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-581] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[582-version-negotiation] +ssl_conf = 582-version-negotiation-ssl + +[582-version-negotiation-ssl] +server = 582-version-negotiation-server +client = 582-version-negotiation-client + +[582-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[582-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-582] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[583-version-negotiation] +ssl_conf = 583-version-negotiation-ssl + +[583-version-negotiation-ssl] +server = 583-version-negotiation-server +client = 583-version-negotiation-client + +[583-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[583-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-583] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[584-version-negotiation] +ssl_conf = 584-version-negotiation-ssl + +[584-version-negotiation-ssl] +server = 584-version-negotiation-server +client = 584-version-negotiation-client + +[584-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[584-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-584] +ExpectedResult = ServerFail + + +# =========================================================== + +[585-version-negotiation] +ssl_conf = 585-version-negotiation-ssl + +[585-version-negotiation-ssl] +server = 585-version-negotiation-server +client = 585-version-negotiation-client + +[585-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[585-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-585] +ExpectedResult = ServerFail + + +# =========================================================== + +[586-version-negotiation] +ssl_conf = 586-version-negotiation-ssl + +[586-version-negotiation-ssl] +server = 586-version-negotiation-server +client = 586-version-negotiation-client + +[586-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[586-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-586] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[587-version-negotiation] +ssl_conf = 587-version-negotiation-ssl + +[587-version-negotiation-ssl] +server = 587-version-negotiation-server +client = 587-version-negotiation-client + +[587-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[587-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-587] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[588-version-negotiation] +ssl_conf = 588-version-negotiation-ssl + +[588-version-negotiation-ssl] +server = 588-version-negotiation-server +client = 588-version-negotiation-client + +[588-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[588-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-588] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[589-version-negotiation] +ssl_conf = 589-version-negotiation-ssl + +[589-version-negotiation-ssl] +server = 589-version-negotiation-server +client = 589-version-negotiation-client + +[589-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[589-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-589] +ExpectedResult = ServerFail + + +# =========================================================== + +[590-version-negotiation] +ssl_conf = 590-version-negotiation-ssl + +[590-version-negotiation-ssl] +server = 590-version-negotiation-server +client = 590-version-negotiation-client + +[590-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[590-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-590] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[591-version-negotiation] +ssl_conf = 591-version-negotiation-ssl + +[591-version-negotiation-ssl] +server = 591-version-negotiation-server +client = 591-version-negotiation-client + +[591-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[591-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-591] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[592-version-negotiation] +ssl_conf = 592-version-negotiation-ssl + +[592-version-negotiation-ssl] +server = 592-version-negotiation-server +client = 592-version-negotiation-client + +[592-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[592-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-592] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[593-version-negotiation] +ssl_conf = 593-version-negotiation-ssl + +[593-version-negotiation-ssl] +server = 593-version-negotiation-server +client = 593-version-negotiation-client + +[593-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[593-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-593] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[594-version-negotiation] +ssl_conf = 594-version-negotiation-ssl + +[594-version-negotiation-ssl] +server = 594-version-negotiation-server +client = 594-version-negotiation-client + +[594-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[594-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-594] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[595-version-negotiation] +ssl_conf = 595-version-negotiation-ssl + +[595-version-negotiation-ssl] +server = 595-version-negotiation-server +client = 595-version-negotiation-client + +[595-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[595-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-595] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[596-version-negotiation] +ssl_conf = 596-version-negotiation-ssl + +[596-version-negotiation-ssl] +server = 596-version-negotiation-server +client = 596-version-negotiation-client + +[596-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[596-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-596] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[597-version-negotiation] +ssl_conf = 597-version-negotiation-ssl + +[597-version-negotiation-ssl] +server = 597-version-negotiation-server +client = 597-version-negotiation-client + +[597-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[597-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-597] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[598-version-negotiation] +ssl_conf = 598-version-negotiation-ssl + +[598-version-negotiation-ssl] +server = 598-version-negotiation-server +client = 598-version-negotiation-client + +[598-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[598-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-598] +ExpectedResult = ServerFail + + +# =========================================================== + +[599-version-negotiation] +ssl_conf = 599-version-negotiation-ssl + +[599-version-negotiation-ssl] +server = 599-version-negotiation-server +client = 599-version-negotiation-client + +[599-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[599-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-599] +ExpectedResult = ServerFail + + +# =========================================================== + +[600-version-negotiation] +ssl_conf = 600-version-negotiation-ssl + +[600-version-negotiation-ssl] +server = 600-version-negotiation-server +client = 600-version-negotiation-client + +[600-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[600-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-600] +ExpectedResult = ServerFail + + +# =========================================================== + +[601-version-negotiation] +ssl_conf = 601-version-negotiation-ssl + +[601-version-negotiation-ssl] +server = 601-version-negotiation-server +client = 601-version-negotiation-client + +[601-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[601-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-601] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[602-version-negotiation] +ssl_conf = 602-version-negotiation-ssl + +[602-version-negotiation-ssl] +server = 602-version-negotiation-server +client = 602-version-negotiation-client + +[602-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[602-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-602] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[603-version-negotiation] +ssl_conf = 603-version-negotiation-ssl + +[603-version-negotiation-ssl] +server = 603-version-negotiation-server +client = 603-version-negotiation-client + +[603-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[603-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-603] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[604-version-negotiation] +ssl_conf = 604-version-negotiation-ssl + +[604-version-negotiation-ssl] +server = 604-version-negotiation-server +client = 604-version-negotiation-client + +[604-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[604-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-604] +ExpectedResult = ServerFail + + +# =========================================================== + +[605-version-negotiation] +ssl_conf = 605-version-negotiation-ssl + +[605-version-negotiation-ssl] +server = 605-version-negotiation-server +client = 605-version-negotiation-client + +[605-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[605-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-605] +ExpectedResult = ServerFail + + +# =========================================================== + +[606-version-negotiation] +ssl_conf = 606-version-negotiation-ssl + +[606-version-negotiation-ssl] +server = 606-version-negotiation-server +client = 606-version-negotiation-client + +[606-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[606-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-606] +ExpectedResult = ServerFail + + +# =========================================================== + +[607-version-negotiation] +ssl_conf = 607-version-negotiation-ssl + +[607-version-negotiation-ssl] +server = 607-version-negotiation-server +client = 607-version-negotiation-client + +[607-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[607-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-607] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[608-version-negotiation] +ssl_conf = 608-version-negotiation-ssl + +[608-version-negotiation-ssl] +server = 608-version-negotiation-server +client = 608-version-negotiation-client + +[608-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[608-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-608] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[609-version-negotiation] +ssl_conf = 609-version-negotiation-ssl + +[609-version-negotiation-ssl] +server = 609-version-negotiation-server +client = 609-version-negotiation-client + +[609-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[609-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-609] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[610-version-negotiation] +ssl_conf = 610-version-negotiation-ssl + +[610-version-negotiation-ssl] +server = 610-version-negotiation-server +client = 610-version-negotiation-client + +[610-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[610-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-610] +ExpectedResult = ServerFail + + +# =========================================================== + +[611-version-negotiation] +ssl_conf = 611-version-negotiation-ssl + +[611-version-negotiation-ssl] +server = 611-version-negotiation-server +client = 611-version-negotiation-client + +[611-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[611-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-611] +ExpectedResult = ServerFail + + +# =========================================================== + +[612-version-negotiation] +ssl_conf = 612-version-negotiation-ssl + +[612-version-negotiation-ssl] +server = 612-version-negotiation-server +client = 612-version-negotiation-client + +[612-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[612-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-612] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[613-version-negotiation] +ssl_conf = 613-version-negotiation-ssl + +[613-version-negotiation-ssl] +server = 613-version-negotiation-server +client = 613-version-negotiation-client + +[613-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[613-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-613] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[614-version-negotiation] +ssl_conf = 614-version-negotiation-ssl + +[614-version-negotiation-ssl] +server = 614-version-negotiation-server +client = 614-version-negotiation-client + +[614-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[614-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-614] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[615-version-negotiation] +ssl_conf = 615-version-negotiation-ssl + +[615-version-negotiation-ssl] +server = 615-version-negotiation-server +client = 615-version-negotiation-client + +[615-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[615-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-615] +ExpectedResult = ServerFail + + +# =========================================================== + +[616-version-negotiation] +ssl_conf = 616-version-negotiation-ssl + +[616-version-negotiation-ssl] +server = 616-version-negotiation-server +client = 616-version-negotiation-client + +[616-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[616-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-616] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[617-version-negotiation] +ssl_conf = 617-version-negotiation-ssl + +[617-version-negotiation-ssl] +server = 617-version-negotiation-server +client = 617-version-negotiation-client + +[617-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[617-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-617] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[618-version-negotiation] +ssl_conf = 618-version-negotiation-ssl + +[618-version-negotiation-ssl] +server = 618-version-negotiation-server +client = 618-version-negotiation-client + +[618-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[618-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-618] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[619-version-negotiation] +ssl_conf = 619-version-negotiation-ssl + +[619-version-negotiation-ssl] +server = 619-version-negotiation-server +client = 619-version-negotiation-client + +[619-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[619-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-619] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[620-version-negotiation] +ssl_conf = 620-version-negotiation-ssl + +[620-version-negotiation-ssl] +server = 620-version-negotiation-server +client = 620-version-negotiation-client + +[620-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[620-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-620] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[621-version-negotiation] +ssl_conf = 621-version-negotiation-ssl + +[621-version-negotiation-ssl] +server = 621-version-negotiation-server +client = 621-version-negotiation-client + +[621-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[621-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-621] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[622-version-negotiation] +ssl_conf = 622-version-negotiation-ssl + +[622-version-negotiation-ssl] +server = 622-version-negotiation-server +client = 622-version-negotiation-client + +[622-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[622-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-622] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[623-version-negotiation] +ssl_conf = 623-version-negotiation-ssl + +[623-version-negotiation-ssl] +server = 623-version-negotiation-server +client = 623-version-negotiation-client + +[623-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[623-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-623] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[624-version-negotiation] +ssl_conf = 624-version-negotiation-ssl + +[624-version-negotiation-ssl] +server = 624-version-negotiation-server +client = 624-version-negotiation-client + +[624-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[624-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-624] +ExpectedResult = ServerFail + + +# =========================================================== + +[625-version-negotiation] +ssl_conf = 625-version-negotiation-ssl + +[625-version-negotiation-ssl] +server = 625-version-negotiation-server +client = 625-version-negotiation-client + +[625-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[625-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-625] +ExpectedResult = ServerFail + + +# =========================================================== + +[626-version-negotiation] +ssl_conf = 626-version-negotiation-ssl + +[626-version-negotiation-ssl] +server = 626-version-negotiation-server +client = 626-version-negotiation-client + +[626-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[626-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-626] +ExpectedResult = ServerFail + + +# =========================================================== + +[627-version-negotiation] +ssl_conf = 627-version-negotiation-ssl + +[627-version-negotiation-ssl] +server = 627-version-negotiation-server +client = 627-version-negotiation-client + +[627-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[627-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-627] +ExpectedResult = ServerFail + + +# =========================================================== + +[628-version-negotiation] +ssl_conf = 628-version-negotiation-ssl + +[628-version-negotiation-ssl] +server = 628-version-negotiation-server +client = 628-version-negotiation-client + +[628-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[628-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-628] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[629-version-negotiation] +ssl_conf = 629-version-negotiation-ssl + +[629-version-negotiation-ssl] +server = 629-version-negotiation-server +client = 629-version-negotiation-client + +[629-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[629-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-629] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[630-version-negotiation] +ssl_conf = 630-version-negotiation-ssl + +[630-version-negotiation-ssl] +server = 630-version-negotiation-server +client = 630-version-negotiation-client + +[630-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[630-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-630] +ExpectedResult = ServerFail + + +# =========================================================== + +[631-version-negotiation] +ssl_conf = 631-version-negotiation-ssl + +[631-version-negotiation-ssl] +server = 631-version-negotiation-server +client = 631-version-negotiation-client + +[631-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[631-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-631] +ExpectedResult = ServerFail + + +# =========================================================== + +[632-version-negotiation] +ssl_conf = 632-version-negotiation-ssl + +[632-version-negotiation-ssl] +server = 632-version-negotiation-server +client = 632-version-negotiation-client + +[632-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[632-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-632] +ExpectedResult = ServerFail + + +# =========================================================== + +[633-version-negotiation] +ssl_conf = 633-version-negotiation-ssl + +[633-version-negotiation-ssl] +server = 633-version-negotiation-server +client = 633-version-negotiation-client + +[633-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[633-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-633] +ExpectedResult = ServerFail + + +# =========================================================== + +[634-version-negotiation] +ssl_conf = 634-version-negotiation-ssl + +[634-version-negotiation-ssl] +server = 634-version-negotiation-server +client = 634-version-negotiation-client + +[634-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[634-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-634] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[635-version-negotiation] +ssl_conf = 635-version-negotiation-ssl + +[635-version-negotiation-ssl] +server = 635-version-negotiation-server +client = 635-version-negotiation-client + +[635-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[635-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-635] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[636-version-negotiation] +ssl_conf = 636-version-negotiation-ssl + +[636-version-negotiation-ssl] +server = 636-version-negotiation-server +client = 636-version-negotiation-client + +[636-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[636-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-636] +ExpectedResult = ServerFail + + +# =========================================================== + +[637-version-negotiation] +ssl_conf = 637-version-negotiation-ssl + +[637-version-negotiation-ssl] +server = 637-version-negotiation-server +client = 637-version-negotiation-client + +[637-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[637-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-637] +ExpectedResult = ServerFail + + +# =========================================================== + +[638-version-negotiation] +ssl_conf = 638-version-negotiation-ssl + +[638-version-negotiation-ssl] +server = 638-version-negotiation-server +client = 638-version-negotiation-client + +[638-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[638-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-638] +ExpectedResult = ServerFail + + +# =========================================================== + +[639-version-negotiation] +ssl_conf = 639-version-negotiation-ssl + +[639-version-negotiation-ssl] +server = 639-version-negotiation-server +client = 639-version-negotiation-client + +[639-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[639-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-639] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[640-version-negotiation] +ssl_conf = 640-version-negotiation-ssl + +[640-version-negotiation-ssl] +server = 640-version-negotiation-server +client = 640-version-negotiation-client + +[640-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[640-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-640] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[641-version-negotiation] +ssl_conf = 641-version-negotiation-ssl + +[641-version-negotiation-ssl] +server = 641-version-negotiation-server +client = 641-version-negotiation-client + +[641-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[641-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-641] +ExpectedResult = ServerFail + + +# =========================================================== + +[642-version-negotiation] +ssl_conf = 642-version-negotiation-ssl + +[642-version-negotiation-ssl] +server = 642-version-negotiation-server +client = 642-version-negotiation-client + +[642-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[642-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-642] +ExpectedResult = ServerFail + + +# =========================================================== + +[643-version-negotiation] +ssl_conf = 643-version-negotiation-ssl + +[643-version-negotiation-ssl] +server = 643-version-negotiation-server +client = 643-version-negotiation-client + +[643-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[643-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-643] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[644-version-negotiation] +ssl_conf = 644-version-negotiation-ssl + +[644-version-negotiation-ssl] +server = 644-version-negotiation-server +client = 644-version-negotiation-client + +[644-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[644-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-644] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[645-version-negotiation] +ssl_conf = 645-version-negotiation-ssl + +[645-version-negotiation-ssl] +server = 645-version-negotiation-server +client = 645-version-negotiation-client + +[645-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[645-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-645] +ExpectedResult = ServerFail + + +# =========================================================== + +[646-version-negotiation] +ssl_conf = 646-version-negotiation-ssl + +[646-version-negotiation-ssl] +server = 646-version-negotiation-server +client = 646-version-negotiation-client + +[646-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[646-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-646] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[647-version-negotiation] +ssl_conf = 647-version-negotiation-ssl + +[647-version-negotiation-ssl] +server = 647-version-negotiation-server +client = 647-version-negotiation-client + +[647-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[647-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-647] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[648-version-negotiation] +ssl_conf = 648-version-negotiation-ssl + +[648-version-negotiation-ssl] +server = 648-version-negotiation-server +client = 648-version-negotiation-client + +[648-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[648-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-648] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[649-version-negotiation] +ssl_conf = 649-version-negotiation-ssl + +[649-version-negotiation-ssl] +server = 649-version-negotiation-server +client = 649-version-negotiation-client + +[649-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[649-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-649] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[650-version-negotiation] +ssl_conf = 650-version-negotiation-ssl + +[650-version-negotiation-ssl] +server = 650-version-negotiation-server +client = 650-version-negotiation-client + +[650-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[650-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-650] +ExpectedResult = ServerFail + + +# =========================================================== + +[651-version-negotiation] +ssl_conf = 651-version-negotiation-ssl + +[651-version-negotiation-ssl] +server = 651-version-negotiation-server +client = 651-version-negotiation-client + +[651-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[651-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-651] +ExpectedResult = ServerFail + + +# =========================================================== + +[652-version-negotiation] +ssl_conf = 652-version-negotiation-ssl + +[652-version-negotiation-ssl] +server = 652-version-negotiation-server +client = 652-version-negotiation-client + +[652-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[652-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-652] +ExpectedResult = ServerFail + + +# =========================================================== + +[653-version-negotiation] +ssl_conf = 653-version-negotiation-ssl + +[653-version-negotiation-ssl] +server = 653-version-negotiation-server +client = 653-version-negotiation-client + +[653-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[653-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-653] +ExpectedResult = ServerFail + + +# =========================================================== + +[654-version-negotiation] +ssl_conf = 654-version-negotiation-ssl + +[654-version-negotiation-ssl] +server = 654-version-negotiation-server +client = 654-version-negotiation-client + +[654-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[654-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-654] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[655-version-negotiation] +ssl_conf = 655-version-negotiation-ssl + +[655-version-negotiation-ssl] +server = 655-version-negotiation-server +client = 655-version-negotiation-client + +[655-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[655-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-655] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[656-version-negotiation] +ssl_conf = 656-version-negotiation-ssl + +[656-version-negotiation-ssl] +server = 656-version-negotiation-server +client = 656-version-negotiation-client + +[656-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[656-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-656] +ExpectedResult = ServerFail + + +# =========================================================== + +[657-version-negotiation] +ssl_conf = 657-version-negotiation-ssl + +[657-version-negotiation-ssl] +server = 657-version-negotiation-server +client = 657-version-negotiation-client + +[657-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[657-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-657] +ExpectedResult = ServerFail + + +# =========================================================== + +[658-version-negotiation] +ssl_conf = 658-version-negotiation-ssl + +[658-version-negotiation-ssl] +server = 658-version-negotiation-server +client = 658-version-negotiation-client + +[658-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[658-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-658] +ExpectedResult = ServerFail + + +# =========================================================== + +[659-version-negotiation] +ssl_conf = 659-version-negotiation-ssl + +[659-version-negotiation-ssl] +server = 659-version-negotiation-server +client = 659-version-negotiation-client + +[659-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[659-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-659] +ExpectedResult = ServerFail + + +# =========================================================== + +[660-version-negotiation] +ssl_conf = 660-version-negotiation-ssl + +[660-version-negotiation-ssl] +server = 660-version-negotiation-server +client = 660-version-negotiation-client + +[660-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[660-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-660] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[661-version-negotiation] +ssl_conf = 661-version-negotiation-ssl + +[661-version-negotiation-ssl] +server = 661-version-negotiation-server +client = 661-version-negotiation-client + +[661-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[661-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-661] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[662-version-negotiation] +ssl_conf = 662-version-negotiation-ssl + +[662-version-negotiation-ssl] +server = 662-version-negotiation-server +client = 662-version-negotiation-client + +[662-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[662-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-662] +ExpectedResult = ServerFail + + +# =========================================================== + +[663-version-negotiation] +ssl_conf = 663-version-negotiation-ssl + +[663-version-negotiation-ssl] +server = 663-version-negotiation-server +client = 663-version-negotiation-client + +[663-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[663-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-663] +ExpectedResult = ServerFail + + +# =========================================================== + +[664-version-negotiation] +ssl_conf = 664-version-negotiation-ssl + +[664-version-negotiation-ssl] +server = 664-version-negotiation-server +client = 664-version-negotiation-client + +[664-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[664-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-664] +ExpectedResult = ServerFail + + +# =========================================================== + +[665-version-negotiation] +ssl_conf = 665-version-negotiation-ssl + +[665-version-negotiation-ssl] +server = 665-version-negotiation-server +client = 665-version-negotiation-client + +[665-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[665-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-665] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[666-version-negotiation] +ssl_conf = 666-version-negotiation-ssl + +[666-version-negotiation-ssl] +server = 666-version-negotiation-server +client = 666-version-negotiation-client + +[666-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[666-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-666] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[667-version-negotiation] +ssl_conf = 667-version-negotiation-ssl + +[667-version-negotiation-ssl] +server = 667-version-negotiation-server +client = 667-version-negotiation-client + +[667-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[667-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-667] +ExpectedResult = ServerFail + + +# =========================================================== + +[668-version-negotiation] +ssl_conf = 668-version-negotiation-ssl + +[668-version-negotiation-ssl] +server = 668-version-negotiation-server +client = 668-version-negotiation-client + +[668-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[668-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-668] +ExpectedResult = ServerFail + + +# =========================================================== + +[669-version-negotiation] +ssl_conf = 669-version-negotiation-ssl + +[669-version-negotiation-ssl] +server = 669-version-negotiation-server +client = 669-version-negotiation-client + +[669-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[669-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-669] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[670-version-negotiation] +ssl_conf = 670-version-negotiation-ssl + +[670-version-negotiation-ssl] +server = 670-version-negotiation-server +client = 670-version-negotiation-client + +[670-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[670-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-670] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[671-version-negotiation] +ssl_conf = 671-version-negotiation-ssl + +[671-version-negotiation-ssl] +server = 671-version-negotiation-server +client = 671-version-negotiation-client + +[671-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[671-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-671] +ExpectedResult = ServerFail + + +# =========================================================== + +[672-version-negotiation] +ssl_conf = 672-version-negotiation-ssl + +[672-version-negotiation-ssl] +server = 672-version-negotiation-server +client = 672-version-negotiation-client + +[672-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[672-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-672] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[673-version-negotiation] +ssl_conf = 673-version-negotiation-ssl + +[673-version-negotiation-ssl] +server = 673-version-negotiation-server +client = 673-version-negotiation-client + +[673-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[673-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-673] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[674-version-negotiation] +ssl_conf = 674-version-negotiation-ssl + +[674-version-negotiation-ssl] +server = 674-version-negotiation-server +client = 674-version-negotiation-client + +[674-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[674-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-674] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[675-version-negotiation] +ssl_conf = 675-version-negotiation-ssl + +[675-version-negotiation-ssl] +server = 675-version-negotiation-server +client = 675-version-negotiation-client + +[675-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[675-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-675] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[676-ciphersuite-sanity-check-client] +ssl_conf = 676-ciphersuite-sanity-check-client-ssl + +[676-ciphersuite-sanity-check-client-ssl] +server = 676-ciphersuite-sanity-check-client-server +client = 676-ciphersuite-sanity-check-client-client + +[676-ciphersuite-sanity-check-client-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[676-ciphersuite-sanity-check-client-client] +CipherString = AES128-SHA +Ciphersuites = +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-676] +ExpectedResult = ClientFail + + +# =========================================================== + +[677-ciphersuite-sanity-check-server] +ssl_conf = 677-ciphersuite-sanity-check-server-ssl + +[677-ciphersuite-sanity-check-server-ssl] +server = 677-ciphersuite-sanity-check-server-server +client = 677-ciphersuite-sanity-check-server-client + +[677-ciphersuite-sanity-check-server-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = AES128-SHA +Ciphersuites = +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[677-ciphersuite-sanity-check-server-client] +CipherString = AES128-SHA +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-677] +ExpectedResult = ServerFail diff --git a/deps/openssl/openssl/test/ssl-tests/04-client_auth.conf b/deps/openssl/openssl/test/ssl-tests/04-client_auth.conf index 0e91bed9f18ebb..8debb66fd08947 100644 --- a/deps/openssl/openssl/test/ssl-tests/04-client_auth.conf +++ b/deps/openssl/openssl/test/ssl-tests/04-client_auth.conf @@ -1,27 +1,43 @@ # Generated with generate_ssl_tests.pl -num_tests = 20 +num_tests = 36 test-0 = 0-server-auth-flex test-1 = 1-client-auth-flex-request test-2 = 2-client-auth-flex-require-fail test-3 = 3-client-auth-flex-require -test-4 = 4-client-auth-flex-noroot -test-5 = 5-server-auth-TLSv1 -test-6 = 6-client-auth-TLSv1-request -test-7 = 7-client-auth-TLSv1-require-fail -test-8 = 8-client-auth-TLSv1-require -test-9 = 9-client-auth-TLSv1-noroot -test-10 = 10-server-auth-TLSv1.1 -test-11 = 11-client-auth-TLSv1.1-request -test-12 = 12-client-auth-TLSv1.1-require-fail -test-13 = 13-client-auth-TLSv1.1-require -test-14 = 14-client-auth-TLSv1.1-noroot -test-15 = 15-server-auth-TLSv1.2 -test-16 = 16-client-auth-TLSv1.2-request -test-17 = 17-client-auth-TLSv1.2-require-fail -test-18 = 18-client-auth-TLSv1.2-require -test-19 = 19-client-auth-TLSv1.2-noroot +test-4 = 4-client-auth-flex-require-non-empty-names +test-5 = 5-client-auth-flex-noroot +test-6 = 6-server-auth-TLSv1 +test-7 = 7-client-auth-TLSv1-request +test-8 = 8-client-auth-TLSv1-require-fail +test-9 = 9-client-auth-TLSv1-require +test-10 = 10-client-auth-TLSv1-require-non-empty-names +test-11 = 11-client-auth-TLSv1-noroot +test-12 = 12-server-auth-TLSv1.1 +test-13 = 13-client-auth-TLSv1.1-request +test-14 = 14-client-auth-TLSv1.1-require-fail +test-15 = 15-client-auth-TLSv1.1-require +test-16 = 16-client-auth-TLSv1.1-require-non-empty-names +test-17 = 17-client-auth-TLSv1.1-noroot +test-18 = 18-server-auth-TLSv1.2 +test-19 = 19-client-auth-TLSv1.2-request +test-20 = 20-client-auth-TLSv1.2-require-fail +test-21 = 21-client-auth-TLSv1.2-require +test-22 = 22-client-auth-TLSv1.2-require-non-empty-names +test-23 = 23-client-auth-TLSv1.2-noroot +test-24 = 24-server-auth-DTLSv1 +test-25 = 25-client-auth-DTLSv1-request +test-26 = 26-client-auth-DTLSv1-require-fail +test-27 = 27-client-auth-DTLSv1-require +test-28 = 28-client-auth-DTLSv1-require-non-empty-names +test-29 = 29-client-auth-DTLSv1-noroot +test-30 = 30-server-auth-DTLSv1.2 +test-31 = 31-client-auth-DTLSv1.2-request +test-32 = 32-client-auth-DTLSv1.2-require-fail +test-33 = 33-client-auth-DTLSv1.2-require +test-34 = 34-client-auth-DTLSv1.2-require-non-empty-names +test-35 = 35-client-auth-DTLSv1.2-noroot # =========================================================== [0-server-auth-flex] @@ -92,7 +108,7 @@ VerifyMode = Peer [test-2] ExpectedResult = ServerFail -ExpectedServerAlert = HandshakeFailure +ExpectedServerAlert = CertificateRequired # =========================================================== @@ -119,25 +135,29 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-3] +ExpectedClientCANames = empty +ExpectedClientCertType = RSA ExpectedResult = Success # =========================================================== -[4-client-auth-flex-noroot] -ssl_conf = 4-client-auth-flex-noroot-ssl +[4-client-auth-flex-require-non-empty-names] +ssl_conf = 4-client-auth-flex-require-non-empty-names-ssl -[4-client-auth-flex-noroot-ssl] -server = 4-client-auth-flex-noroot-server -client = 4-client-auth-flex-noroot-client +[4-client-auth-flex-require-non-empty-names-ssl] +server = 4-client-auth-flex-require-non-empty-names-server +client = 4-client-auth-flex-require-non-empty-names-client -[4-client-auth-flex-noroot-server] +[4-client-auth-flex-require-non-empty-names-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -VerifyMode = Require +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request -[4-client-auth-flex-noroot-client] +[4-client-auth-flex-require-non-empty-names-client] Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem @@ -145,47 +165,75 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-4] +ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ExpectedClientCertType = RSA +ExpectedResult = Success + + +# =========================================================== + +[5-client-auth-flex-noroot] +ssl_conf = 5-client-auth-flex-noroot-ssl + +[5-client-auth-flex-noroot-ssl] +server = 5-client-auth-flex-noroot-server +client = 5-client-auth-flex-noroot-client + +[5-client-auth-flex-noroot-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Require + +[5-client-auth-flex-noroot-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] ExpectedResult = ServerFail ExpectedServerAlert = UnknownCA # =========================================================== -[5-server-auth-TLSv1] -ssl_conf = 5-server-auth-TLSv1-ssl +[6-server-auth-TLSv1] +ssl_conf = 6-server-auth-TLSv1-ssl -[5-server-auth-TLSv1-ssl] -server = 5-server-auth-TLSv1-server -client = 5-server-auth-TLSv1-client +[6-server-auth-TLSv1-ssl] +server = 6-server-auth-TLSv1-server +client = 6-server-auth-TLSv1-client -[5-server-auth-TLSv1-server] +[6-server-auth-TLSv1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[5-server-auth-TLSv1-client] +[6-server-auth-TLSv1-client] CipherString = DEFAULT MaxProtocol = TLSv1 MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-5] +[test-6] ExpectedResult = Success # =========================================================== -[6-client-auth-TLSv1-request] -ssl_conf = 6-client-auth-TLSv1-request-ssl +[7-client-auth-TLSv1-request] +ssl_conf = 7-client-auth-TLSv1-request-ssl -[6-client-auth-TLSv1-request-ssl] -server = 6-client-auth-TLSv1-request-server -client = 6-client-auth-TLSv1-request-client +[7-client-auth-TLSv1-request-ssl] +server = 7-client-auth-TLSv1-request-server +client = 7-client-auth-TLSv1-request-client -[6-client-auth-TLSv1-request-server] +[7-client-auth-TLSv1-request-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1 @@ -193,27 +241,27 @@ MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyMode = Request -[6-client-auth-TLSv1-request-client] +[7-client-auth-TLSv1-request-client] CipherString = DEFAULT MaxProtocol = TLSv1 MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-6] +[test-7] ExpectedResult = Success # =========================================================== -[7-client-auth-TLSv1-require-fail] -ssl_conf = 7-client-auth-TLSv1-require-fail-ssl +[8-client-auth-TLSv1-require-fail] +ssl_conf = 8-client-auth-TLSv1-require-fail-ssl -[7-client-auth-TLSv1-require-fail-ssl] -server = 7-client-auth-TLSv1-require-fail-server -client = 7-client-auth-TLSv1-require-fail-client +[8-client-auth-TLSv1-require-fail-ssl] +server = 8-client-auth-TLSv1-require-fail-server +client = 8-client-auth-TLSv1-require-fail-client -[7-client-auth-TLSv1-require-fail-server] +[8-client-auth-TLSv1-require-fail-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1 @@ -222,28 +270,28 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Require -[7-client-auth-TLSv1-require-fail-client] +[8-client-auth-TLSv1-require-fail-client] CipherString = DEFAULT MaxProtocol = TLSv1 MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-7] +[test-8] ExpectedResult = ServerFail ExpectedServerAlert = HandshakeFailure # =========================================================== -[8-client-auth-TLSv1-require] -ssl_conf = 8-client-auth-TLSv1-require-ssl +[9-client-auth-TLSv1-require] +ssl_conf = 9-client-auth-TLSv1-require-ssl -[8-client-auth-TLSv1-require-ssl] -server = 8-client-auth-TLSv1-require-server -client = 8-client-auth-TLSv1-require-client +[9-client-auth-TLSv1-require-ssl] +server = 9-client-auth-TLSv1-require-server +client = 9-client-auth-TLSv1-require-client -[8-client-auth-TLSv1-require-server] +[9-client-auth-TLSv1-require-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1 @@ -252,7 +300,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Request -[8-client-auth-TLSv1-require-client] +[9-client-auth-TLSv1-require-client] Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem CipherString = DEFAULT MaxProtocol = TLSv1 @@ -261,20 +309,56 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-8] +[test-9] +ExpectedClientCANames = empty +ExpectedClientCertType = RSA +ExpectedResult = Success + + +# =========================================================== + +[10-client-auth-TLSv1-require-non-empty-names] +ssl_conf = 10-client-auth-TLSv1-require-non-empty-names-ssl + +[10-client-auth-TLSv1-require-non-empty-names-ssl] +server = 10-client-auth-TLSv1-require-non-empty-names-server +client = 10-client-auth-TLSv1-require-non-empty-names-client + +[10-client-auth-TLSv1-require-non-empty-names-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[10-client-auth-TLSv1-require-non-empty-names-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ExpectedClientCertType = RSA ExpectedResult = Success # =========================================================== -[9-client-auth-TLSv1-noroot] -ssl_conf = 9-client-auth-TLSv1-noroot-ssl +[11-client-auth-TLSv1-noroot] +ssl_conf = 11-client-auth-TLSv1-noroot-ssl -[9-client-auth-TLSv1-noroot-ssl] -server = 9-client-auth-TLSv1-noroot-server -client = 9-client-auth-TLSv1-noroot-client +[11-client-auth-TLSv1-noroot-ssl] +server = 11-client-auth-TLSv1-noroot-server +client = 11-client-auth-TLSv1-noroot-client -[9-client-auth-TLSv1-noroot-server] +[11-client-auth-TLSv1-noroot-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1 @@ -282,7 +366,7 @@ MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyMode = Require -[9-client-auth-TLSv1-noroot-client] +[11-client-auth-TLSv1-noroot-client] Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem CipherString = DEFAULT MaxProtocol = TLSv1 @@ -291,48 +375,48 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-9] +[test-11] ExpectedResult = ServerFail ExpectedServerAlert = UnknownCA # =========================================================== -[10-server-auth-TLSv1.1] -ssl_conf = 10-server-auth-TLSv1.1-ssl +[12-server-auth-TLSv1.1] +ssl_conf = 12-server-auth-TLSv1.1-ssl -[10-server-auth-TLSv1.1-ssl] -server = 10-server-auth-TLSv1.1-server -client = 10-server-auth-TLSv1.1-client +[12-server-auth-TLSv1.1-ssl] +server = 12-server-auth-TLSv1.1-server +client = 12-server-auth-TLSv1.1-client -[10-server-auth-TLSv1.1-server] +[12-server-auth-TLSv1.1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[10-server-auth-TLSv1.1-client] +[12-server-auth-TLSv1.1-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-10] +[test-12] ExpectedResult = Success # =========================================================== -[11-client-auth-TLSv1.1-request] -ssl_conf = 11-client-auth-TLSv1.1-request-ssl +[13-client-auth-TLSv1.1-request] +ssl_conf = 13-client-auth-TLSv1.1-request-ssl -[11-client-auth-TLSv1.1-request-ssl] -server = 11-client-auth-TLSv1.1-request-server -client = 11-client-auth-TLSv1.1-request-client +[13-client-auth-TLSv1.1-request-ssl] +server = 13-client-auth-TLSv1.1-request-server +client = 13-client-auth-TLSv1.1-request-client -[11-client-auth-TLSv1.1-request-server] +[13-client-auth-TLSv1.1-request-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 @@ -340,27 +424,27 @@ MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyMode = Request -[11-client-auth-TLSv1.1-request-client] +[13-client-auth-TLSv1.1-request-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-11] +[test-13] ExpectedResult = Success # =========================================================== -[12-client-auth-TLSv1.1-require-fail] -ssl_conf = 12-client-auth-TLSv1.1-require-fail-ssl +[14-client-auth-TLSv1.1-require-fail] +ssl_conf = 14-client-auth-TLSv1.1-require-fail-ssl -[12-client-auth-TLSv1.1-require-fail-ssl] -server = 12-client-auth-TLSv1.1-require-fail-server -client = 12-client-auth-TLSv1.1-require-fail-client +[14-client-auth-TLSv1.1-require-fail-ssl] +server = 14-client-auth-TLSv1.1-require-fail-server +client = 14-client-auth-TLSv1.1-require-fail-client -[12-client-auth-TLSv1.1-require-fail-server] +[14-client-auth-TLSv1.1-require-fail-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 @@ -369,28 +453,28 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Require -[12-client-auth-TLSv1.1-require-fail-client] +[14-client-auth-TLSv1.1-require-fail-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-12] +[test-14] ExpectedResult = ServerFail ExpectedServerAlert = HandshakeFailure # =========================================================== -[13-client-auth-TLSv1.1-require] -ssl_conf = 13-client-auth-TLSv1.1-require-ssl +[15-client-auth-TLSv1.1-require] +ssl_conf = 15-client-auth-TLSv1.1-require-ssl -[13-client-auth-TLSv1.1-require-ssl] -server = 13-client-auth-TLSv1.1-require-server -client = 13-client-auth-TLSv1.1-require-client +[15-client-auth-TLSv1.1-require-ssl] +server = 15-client-auth-TLSv1.1-require-server +client = 15-client-auth-TLSv1.1-require-client -[13-client-auth-TLSv1.1-require-server] +[15-client-auth-TLSv1.1-require-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 @@ -399,7 +483,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Request -[13-client-auth-TLSv1.1-require-client] +[15-client-auth-TLSv1.1-require-client] Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 @@ -408,20 +492,56 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-13] +[test-15] +ExpectedClientCANames = empty +ExpectedClientCertType = RSA ExpectedResult = Success # =========================================================== -[14-client-auth-TLSv1.1-noroot] -ssl_conf = 14-client-auth-TLSv1.1-noroot-ssl +[16-client-auth-TLSv1.1-require-non-empty-names] +ssl_conf = 16-client-auth-TLSv1.1-require-non-empty-names-ssl -[14-client-auth-TLSv1.1-noroot-ssl] -server = 14-client-auth-TLSv1.1-noroot-server -client = 14-client-auth-TLSv1.1-noroot-client +[16-client-auth-TLSv1.1-require-non-empty-names-ssl] +server = 16-client-auth-TLSv1.1-require-non-empty-names-server +client = 16-client-auth-TLSv1.1-require-non-empty-names-client -[14-client-auth-TLSv1.1-noroot-server] +[16-client-auth-TLSv1.1-require-non-empty-names-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[16-client-auth-TLSv1.1-require-non-empty-names-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-16] +ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ExpectedClientCertType = RSA +ExpectedResult = Success + + +# =========================================================== + +[17-client-auth-TLSv1.1-noroot] +ssl_conf = 17-client-auth-TLSv1.1-noroot-ssl + +[17-client-auth-TLSv1.1-noroot-ssl] +server = 17-client-auth-TLSv1.1-noroot-server +client = 17-client-auth-TLSv1.1-noroot-client + +[17-client-auth-TLSv1.1-noroot-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 @@ -429,7 +549,7 @@ MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyMode = Require -[14-client-auth-TLSv1.1-noroot-client] +[17-client-auth-TLSv1.1-noroot-client] Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 @@ -438,48 +558,48 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-14] +[test-17] ExpectedResult = ServerFail ExpectedServerAlert = UnknownCA # =========================================================== -[15-server-auth-TLSv1.2] -ssl_conf = 15-server-auth-TLSv1.2-ssl +[18-server-auth-TLSv1.2] +ssl_conf = 18-server-auth-TLSv1.2-ssl -[15-server-auth-TLSv1.2-ssl] -server = 15-server-auth-TLSv1.2-server -client = 15-server-auth-TLSv1.2-client +[18-server-auth-TLSv1.2-ssl] +server = 18-server-auth-TLSv1.2-server +client = 18-server-auth-TLSv1.2-client -[15-server-auth-TLSv1.2-server] +[18-server-auth-TLSv1.2-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[15-server-auth-TLSv1.2-client] +[18-server-auth-TLSv1.2-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-15] +[test-18] ExpectedResult = Success # =========================================================== -[16-client-auth-TLSv1.2-request] -ssl_conf = 16-client-auth-TLSv1.2-request-ssl +[19-client-auth-TLSv1.2-request] +ssl_conf = 19-client-auth-TLSv1.2-request-ssl -[16-client-auth-TLSv1.2-request-ssl] -server = 16-client-auth-TLSv1.2-request-server -client = 16-client-auth-TLSv1.2-request-client +[19-client-auth-TLSv1.2-request-ssl] +server = 19-client-auth-TLSv1.2-request-server +client = 19-client-auth-TLSv1.2-request-client -[16-client-auth-TLSv1.2-request-server] +[19-client-auth-TLSv1.2-request-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 @@ -487,27 +607,27 @@ MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyMode = Request -[16-client-auth-TLSv1.2-request-client] +[19-client-auth-TLSv1.2-request-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-16] +[test-19] ExpectedResult = Success # =========================================================== -[17-client-auth-TLSv1.2-require-fail] -ssl_conf = 17-client-auth-TLSv1.2-require-fail-ssl +[20-client-auth-TLSv1.2-require-fail] +ssl_conf = 20-client-auth-TLSv1.2-require-fail-ssl -[17-client-auth-TLSv1.2-require-fail-ssl] -server = 17-client-auth-TLSv1.2-require-fail-server -client = 17-client-auth-TLSv1.2-require-fail-client +[20-client-auth-TLSv1.2-require-fail-ssl] +server = 20-client-auth-TLSv1.2-require-fail-server +client = 20-client-auth-TLSv1.2-require-fail-client -[17-client-auth-TLSv1.2-require-fail-server] +[20-client-auth-TLSv1.2-require-fail-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 @@ -516,37 +636,38 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Require -[17-client-auth-TLSv1.2-require-fail-client] +[20-client-auth-TLSv1.2-require-fail-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-17] +[test-20] ExpectedResult = ServerFail ExpectedServerAlert = HandshakeFailure # =========================================================== -[18-client-auth-TLSv1.2-require] -ssl_conf = 18-client-auth-TLSv1.2-require-ssl +[21-client-auth-TLSv1.2-require] +ssl_conf = 21-client-auth-TLSv1.2-require-ssl -[18-client-auth-TLSv1.2-require-ssl] -server = 18-client-auth-TLSv1.2-require-server -client = 18-client-auth-TLSv1.2-require-client +[21-client-auth-TLSv1.2-require-ssl] +server = 21-client-auth-TLSv1.2-require-server +client = 21-client-auth-TLSv1.2-require-client -[18-client-auth-TLSv1.2-require-server] +[21-client-auth-TLSv1.2-require-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +ClientSignatureAlgorithms = SHA256+RSA MaxProtocol = TLSv1.2 MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Request -[18-client-auth-TLSv1.2-require-client] +[21-client-auth-TLSv1.2-require-client] Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 @@ -555,20 +676,61 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-18] +[test-21] +ExpectedClientCANames = empty +ExpectedClientCertType = RSA +ExpectedClientSignHash = SHA256 +ExpectedClientSignType = RSA +ExpectedResult = Success + + +# =========================================================== + +[22-client-auth-TLSv1.2-require-non-empty-names] +ssl_conf = 22-client-auth-TLSv1.2-require-non-empty-names-ssl + +[22-client-auth-TLSv1.2-require-non-empty-names-ssl] +server = 22-client-auth-TLSv1.2-require-non-empty-names-server +client = 22-client-auth-TLSv1.2-require-non-empty-names-client + +[22-client-auth-TLSv1.2-require-non-empty-names-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ClientSignatureAlgorithms = SHA256+RSA +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[22-client-auth-TLSv1.2-require-non-empty-names-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-22] +ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ExpectedClientCertType = RSA +ExpectedClientSignHash = SHA256 +ExpectedClientSignType = RSA ExpectedResult = Success # =========================================================== -[19-client-auth-TLSv1.2-noroot] -ssl_conf = 19-client-auth-TLSv1.2-noroot-ssl +[23-client-auth-TLSv1.2-noroot] +ssl_conf = 23-client-auth-TLSv1.2-noroot-ssl -[19-client-auth-TLSv1.2-noroot-ssl] -server = 19-client-auth-TLSv1.2-noroot-server -client = 19-client-auth-TLSv1.2-noroot-client +[23-client-auth-TLSv1.2-noroot-ssl] +server = 23-client-auth-TLSv1.2-noroot-server +client = 23-client-auth-TLSv1.2-noroot-client -[19-client-auth-TLSv1.2-noroot-server] +[23-client-auth-TLSv1.2-noroot-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 @@ -576,7 +738,7 @@ MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyMode = Require -[19-client-auth-TLSv1.2-noroot-client] +[23-client-auth-TLSv1.2-noroot-client] Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 @@ -585,8 +747,386 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-19] +[test-23] +ExpectedResult = ServerFail +ExpectedServerAlert = UnknownCA + + +# =========================================================== + +[24-server-auth-DTLSv1] +ssl_conf = 24-server-auth-DTLSv1-ssl + +[24-server-auth-DTLSv1-ssl] +server = 24-server-auth-DTLSv1-server +client = 24-server-auth-DTLSv1-client + +[24-server-auth-DTLSv1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[24-server-auth-DTLSv1-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-24] +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[25-client-auth-DTLSv1-request] +ssl_conf = 25-client-auth-DTLSv1-request-ssl + +[25-client-auth-DTLSv1-request-ssl] +server = 25-client-auth-DTLSv1-request-server +client = 25-client-auth-DTLSv1-request-client + +[25-client-auth-DTLSv1-request-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Request + +[25-client-auth-DTLSv1-request-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-25] +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[26-client-auth-DTLSv1-require-fail] +ssl_conf = 26-client-auth-DTLSv1-require-fail-ssl + +[26-client-auth-DTLSv1-require-fail-ssl] +server = 26-client-auth-DTLSv1-require-fail-server +client = 26-client-auth-DTLSv1-require-fail-client + +[26-client-auth-DTLSv1-require-fail-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[26-client-auth-DTLSv1-require-fail-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-26] +ExpectedResult = ServerFail +ExpectedServerAlert = HandshakeFailure +Method = DTLS + + +# =========================================================== + +[27-client-auth-DTLSv1-require] +ssl_conf = 27-client-auth-DTLSv1-require-ssl + +[27-client-auth-DTLSv1-require-ssl] +server = 27-client-auth-DTLSv1-require-server +client = 27-client-auth-DTLSv1-require-client + +[27-client-auth-DTLSv1-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[27-client-auth-DTLSv1-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-27] +ExpectedClientCANames = empty +ExpectedClientCertType = RSA +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[28-client-auth-DTLSv1-require-non-empty-names] +ssl_conf = 28-client-auth-DTLSv1-require-non-empty-names-ssl + +[28-client-auth-DTLSv1-require-non-empty-names-ssl] +server = 28-client-auth-DTLSv1-require-non-empty-names-server +client = 28-client-auth-DTLSv1-require-non-empty-names-client + +[28-client-auth-DTLSv1-require-non-empty-names-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[28-client-auth-DTLSv1-require-non-empty-names-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-28] +ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ExpectedClientCertType = RSA +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[29-client-auth-DTLSv1-noroot] +ssl_conf = 29-client-auth-DTLSv1-noroot-ssl + +[29-client-auth-DTLSv1-noroot-ssl] +server = 29-client-auth-DTLSv1-noroot-server +client = 29-client-auth-DTLSv1-noroot-client + +[29-client-auth-DTLSv1-noroot-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Require + +[29-client-auth-DTLSv1-noroot-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-29] +ExpectedResult = ServerFail +ExpectedServerAlert = UnknownCA +Method = DTLS + + +# =========================================================== + +[30-server-auth-DTLSv1.2] +ssl_conf = 30-server-auth-DTLSv1.2-ssl + +[30-server-auth-DTLSv1.2-ssl] +server = 30-server-auth-DTLSv1.2-server +client = 30-server-auth-DTLSv1.2-client + +[30-server-auth-DTLSv1.2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[30-server-auth-DTLSv1.2-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-30] +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[31-client-auth-DTLSv1.2-request] +ssl_conf = 31-client-auth-DTLSv1.2-request-ssl + +[31-client-auth-DTLSv1.2-request-ssl] +server = 31-client-auth-DTLSv1.2-request-server +client = 31-client-auth-DTLSv1.2-request-client + +[31-client-auth-DTLSv1.2-request-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Request + +[31-client-auth-DTLSv1.2-request-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-31] +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[32-client-auth-DTLSv1.2-require-fail] +ssl_conf = 32-client-auth-DTLSv1.2-require-fail-ssl + +[32-client-auth-DTLSv1.2-require-fail-ssl] +server = 32-client-auth-DTLSv1.2-require-fail-server +client = 32-client-auth-DTLSv1.2-require-fail-client + +[32-client-auth-DTLSv1.2-require-fail-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[32-client-auth-DTLSv1.2-require-fail-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-32] +ExpectedResult = ServerFail +ExpectedServerAlert = HandshakeFailure +Method = DTLS + + +# =========================================================== + +[33-client-auth-DTLSv1.2-require] +ssl_conf = 33-client-auth-DTLSv1.2-require-ssl + +[33-client-auth-DTLSv1.2-require-ssl] +server = 33-client-auth-DTLSv1.2-require-server +client = 33-client-auth-DTLSv1.2-require-client + +[33-client-auth-DTLSv1.2-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[33-client-auth-DTLSv1.2-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-33] +ExpectedClientCANames = empty +ExpectedClientCertType = RSA +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[34-client-auth-DTLSv1.2-require-non-empty-names] +ssl_conf = 34-client-auth-DTLSv1.2-require-non-empty-names-ssl + +[34-client-auth-DTLSv1.2-require-non-empty-names-ssl] +server = 34-client-auth-DTLSv1.2-require-non-empty-names-server +client = 34-client-auth-DTLSv1.2-require-non-empty-names-client + +[34-client-auth-DTLSv1.2-require-non-empty-names-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[34-client-auth-DTLSv1.2-require-non-empty-names-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-34] +ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ExpectedClientCertType = RSA +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[35-client-auth-DTLSv1.2-noroot] +ssl_conf = 35-client-auth-DTLSv1.2-noroot-ssl + +[35-client-auth-DTLSv1.2-noroot-ssl] +server = 35-client-auth-DTLSv1.2-noroot-server +client = 35-client-auth-DTLSv1.2-noroot-client + +[35-client-auth-DTLSv1.2-noroot-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Require + +[35-client-auth-DTLSv1.2-noroot-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-35] ExpectedResult = ServerFail ExpectedServerAlert = UnknownCA +Method = DTLS diff --git a/deps/openssl/openssl/test/ssl-tests/04-client_auth.conf.in b/deps/openssl/openssl/test/ssl-tests/04-client_auth.conf.in index 8738aaa769662f..b9c014d2c0d9f2 100644 --- a/deps/openssl/openssl/test/ssl-tests/04-client_auth.conf.in +++ b/deps/openssl/openssl/test/ssl-tests/04-client_auth.conf.in @@ -8,116 +8,189 @@ use strict; use warnings; use OpenSSL::Test; -use OpenSSL::Test::Utils qw(anydisabled); +use OpenSSL::Test::Utils qw(anydisabled disabled); setup("no_test_here"); # We test version-flexible negotiation (undef) and each protocol version. -my @protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"); +my @protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "DTLSv1", "DTLSv1.2"); my @is_disabled = (0); -push @is_disabled, anydisabled("ssl3", "tls1", "tls1_1", "tls1_2"); +push @is_disabled, anydisabled("ssl3", "tls1", "tls1_1", "tls1_2", "dtls1", "dtls1_2"); our @tests = (); sub generate_tests() { - foreach (0..$#protocols) { my $protocol = $protocols[$_]; my $protocol_name = $protocol || "flex"; my $caalert; + my $method; + my $sctpenabled = 0; if (!$is_disabled[$_]) { if ($protocol_name eq "SSLv3") { $caalert = "BadCertificate"; } else { $caalert = "UnknownCA"; } - # Sanity-check simple handshake. - push @tests, { - name => "server-auth-${protocol_name}", - server => { - "MinProtocol" => $protocol, - "MaxProtocol" => $protocol - }, - client => { - "MinProtocol" => $protocol, - "MaxProtocol" => $protocol - }, - test => { "ExpectedResult" => "Success" }, - }; + if ($protocol_name =~ m/^DTLS/) { + $method = "DTLS"; + $sctpenabled = 1 if !disabled("sctp"); + } + my $clihash; + my $clisigtype; + my $clisigalgs; + # TODO(TLS1.3) add TLSv1.3 versions + if ($protocol_name eq "TLSv1.2") { + $clihash = "SHA256"; + $clisigtype = "RSA"; + $clisigalgs = "SHA256+RSA"; + } + for (my $sctp = 0; $sctp <= $sctpenabled; $sctp++) { + # Sanity-check simple handshake. + push @tests, { + name => "server-auth-${protocol_name}" + .($sctp ? "-sctp" : ""), + server => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol + }, + client => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol + }, + test => { + "ExpectedResult" => "Success", + "Method" => $method, + }, + }; + $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp; - # Handshake with client cert requested but not required or received. - push @tests, { - name => "client-auth-${protocol_name}-request", - server => { - "MinProtocol" => $protocol, - "MaxProtocol" => $protocol, - "VerifyMode" => "Request" - }, - client => { - "MinProtocol" => $protocol, - "MaxProtocol" => $protocol - }, - test => { "ExpectedResult" => "Success" }, - }; + # Handshake with client cert requested but not required or received. + push @tests, { + name => "client-auth-${protocol_name}-request" + .($sctp ? "-sctp" : ""), + server => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "VerifyMode" => "Request" + }, + client => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol + }, + test => { + "ExpectedResult" => "Success", + "Method" => $method, + }, + }; + $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp; - # Handshake with client cert required but not present. - push @tests, { - name => "client-auth-${protocol_name}-require-fail", - server => { - "MinProtocol" => $protocol, - "MaxProtocol" => $protocol, - "VerifyCAFile" => test_pem("root-cert.pem"), - "VerifyMode" => "Require", - }, - client => { - "MinProtocol" => $protocol, - "MaxProtocol" => $protocol - }, - test => { - "ExpectedResult" => "ServerFail", - "ExpectedServerAlert" => "HandshakeFailure", - }, - }; + # Handshake with client cert required but not present. + push @tests, { + name => "client-auth-${protocol_name}-require-fail" + .($sctp ? "-sctp" : ""), + server => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Require", + }, + client => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol + }, + test => { + "ExpectedResult" => "ServerFail", + "ExpectedServerAlert" => + ($protocol_name eq "flex" && !disabled("tls1_3")) + ? "CertificateRequired" : "HandshakeFailure", + "Method" => $method, + }, + }; + $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp; - # Successful handshake with client authentication. - push @tests, { - name => "client-auth-${protocol_name}-require", - server => { - "MinProtocol" => $protocol, - "MaxProtocol" => $protocol, - "VerifyCAFile" => test_pem("root-cert.pem"), - "VerifyMode" => "Request", - }, - client => { - "MinProtocol" => $protocol, - "MaxProtocol" => $protocol, - "Certificate" => test_pem("ee-client-chain.pem"), - "PrivateKey" => test_pem("ee-key.pem"), - }, - test => { "ExpectedResult" => "Success" }, - }; + # Successful handshake with client authentication. + push @tests, { + name => "client-auth-${protocol_name}-require" + .($sctp ? "-sctp" : ""), + server => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "ClientSignatureAlgorithms" => $clisigalgs, + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Request", + }, + client => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + }, + test => { + "ExpectedResult" => "Success", + "ExpectedClientCertType" => "RSA", + "ExpectedClientSignType" => $clisigtype, + "ExpectedClientSignHash" => $clihash, + "ExpectedClientCANames" => "empty", + "Method" => $method, + }, + }; + $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp; - # Handshake with client authentication but without the root certificate. - push @tests, { - name => "client-auth-${protocol_name}-noroot", - server => { - "MinProtocol" => $protocol, - "MaxProtocol" => $protocol, - "VerifyMode" => "Require", - }, - client => { - "MinProtocol" => $protocol, - "MaxProtocol" => $protocol, - "Certificate" => test_pem("ee-client-chain.pem"), - "PrivateKey" => test_pem("ee-key.pem"), - }, - test => { - "ExpectedResult" => "ServerFail", - "ExpectedServerAlert" => $caalert, - }, - }; + # Successful handshake with client authentication non-empty names + push @tests, { + name => "client-auth-${protocol_name}-require-non-empty-names" + .($sctp ? "-sctp" : ""), + server => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "ClientSignatureAlgorithms" => $clisigalgs, + "ClientCAFile" => test_pem("root-cert.pem"), + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Request", + }, + client => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + }, + test => { + "ExpectedResult" => "Success", + "ExpectedClientCertType" => "RSA", + "ExpectedClientSignType" => $clisigtype, + "ExpectedClientSignHash" => $clihash, + "ExpectedClientCANames" => test_pem("root-cert.pem"), + "Method" => $method, + }, + }; + $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp; + + # Handshake with client authentication but without the root certificate. + push @tests, { + name => "client-auth-${protocol_name}-noroot" + .($sctp ? "-sctp" : ""), + server => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "VerifyMode" => "Require", + }, + client => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + }, + test => { + "ExpectedResult" => "ServerFail", + "ExpectedServerAlert" => $caalert, + "Method" => $method, + }, + }; + $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp; + } } } } - + generate_tests(); diff --git a/deps/openssl/openssl/test/ssl-tests/05-sni.conf b/deps/openssl/openssl/test/ssl-tests/05-sni.conf index e1fb3d9d896714..a54aa83d8d5796 100644 --- a/deps/openssl/openssl/test/ssl-tests/05-sni.conf +++ b/deps/openssl/openssl/test/ssl-tests/05-sni.conf @@ -1,6 +1,6 @@ # Generated with generate_ssl_tests.pl -num_tests = 6 +num_tests = 9 test-0 = 0-SNI-switch-context test-1 = 1-SNI-keep-context @@ -8,6 +8,9 @@ test-2 = 2-SNI-no-server-support test-3 = 3-SNI-no-client-support test-4 = 4-SNI-bad-sni-ignore-mismatch test-5 = 5-SNI-bad-sni-reject-mismatch +test-6 = 6-SNI-bad-clienthello-sni-ignore-mismatch +test-7 = 7-SNI-bad-clienthello-sni-reject-mismatch +test-8 = 8-SNI-clienthello-disable-v12 # =========================================================== [0-SNI-switch-context] @@ -201,3 +204,103 @@ ServerNameCallback = RejectMismatch ServerName = invalid +# =========================================================== + +[6-SNI-bad-clienthello-sni-ignore-mismatch] +ssl_conf = 6-SNI-bad-clienthello-sni-ignore-mismatch-ssl + +[6-SNI-bad-clienthello-sni-ignore-mismatch-ssl] +server = 6-SNI-bad-clienthello-sni-ignore-mismatch-server +client = 6-SNI-bad-clienthello-sni-ignore-mismatch-client +server2 = 6-SNI-bad-clienthello-sni-ignore-mismatch-server + +[6-SNI-bad-clienthello-sni-ignore-mismatch-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-SNI-bad-clienthello-sni-ignore-mismatch-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedResult = Success +ExpectedServerName = server1 +server = 6-SNI-bad-clienthello-sni-ignore-mismatch-server-extra +server2 = 6-SNI-bad-clienthello-sni-ignore-mismatch-server-extra +client = 6-SNI-bad-clienthello-sni-ignore-mismatch-client-extra + +[6-SNI-bad-clienthello-sni-ignore-mismatch-server-extra] +ServerNameCallback = ClientHelloIgnoreMismatch + +[6-SNI-bad-clienthello-sni-ignore-mismatch-client-extra] +ServerName = invalid + + +# =========================================================== + +[7-SNI-bad-clienthello-sni-reject-mismatch] +ssl_conf = 7-SNI-bad-clienthello-sni-reject-mismatch-ssl + +[7-SNI-bad-clienthello-sni-reject-mismatch-ssl] +server = 7-SNI-bad-clienthello-sni-reject-mismatch-server +client = 7-SNI-bad-clienthello-sni-reject-mismatch-client +server2 = 7-SNI-bad-clienthello-sni-reject-mismatch-server + +[7-SNI-bad-clienthello-sni-reject-mismatch-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-SNI-bad-clienthello-sni-reject-mismatch-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedResult = ServerFail +ExpectedServerAlert = UnrecognizedName +server = 7-SNI-bad-clienthello-sni-reject-mismatch-server-extra +server2 = 7-SNI-bad-clienthello-sni-reject-mismatch-server-extra +client = 7-SNI-bad-clienthello-sni-reject-mismatch-client-extra + +[7-SNI-bad-clienthello-sni-reject-mismatch-server-extra] +ServerNameCallback = ClientHelloRejectMismatch + +[7-SNI-bad-clienthello-sni-reject-mismatch-client-extra] +ServerName = invalid + + +# =========================================================== + +[8-SNI-clienthello-disable-v12] +ssl_conf = 8-SNI-clienthello-disable-v12-ssl + +[8-SNI-clienthello-disable-v12-ssl] +server = 8-SNI-clienthello-disable-v12-server +client = 8-SNI-clienthello-disable-v12-client +server2 = 8-SNI-clienthello-disable-v12-server + +[8-SNI-clienthello-disable-v12-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-SNI-clienthello-disable-v12-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedProtocol = TLSv1.1 +ExpectedServerName = server2 +server = 8-SNI-clienthello-disable-v12-server-extra +server2 = 8-SNI-clienthello-disable-v12-server-extra +client = 8-SNI-clienthello-disable-v12-client-extra + +[8-SNI-clienthello-disable-v12-server-extra] +ServerNameCallback = ClientHelloNoV12 + +[8-SNI-clienthello-disable-v12-client-extra] +ServerName = server2 diff --git a/deps/openssl/openssl/test/ssl-tests/05-sni.conf.in b/deps/openssl/openssl/test/ssl-tests/05-sni.conf.in index 76003e7623c82c..a993a3421a241f 100644 --- a/deps/openssl/openssl/test/ssl-tests/05-sni.conf.in +++ b/deps/openssl/openssl/test/ssl-tests/05-sni.conf.in @@ -13,6 +13,7 @@ use strict; use warnings; package ssltests; +use OpenSSL::Test::Utils; our @tests = ( { @@ -109,4 +110,60 @@ our @tests = ( "ExpectedServerAlert" => "UnrecognizedName" }, }, + { + name => "SNI-bad-clienthello-sni-ignore-mismatch", + server => { + extra => { + "ServerNameCallback" => "ClientHelloIgnoreMismatch", + }, + }, + client => { + extra => { + "ServerName" => "invalid", + }, + }, + test => { + "ExpectedServerName" => "server1", + "ExpectedResult" => "Success" + }, + }, + { + name => "SNI-bad-clienthello-sni-reject-mismatch", + server => { + extra => { + "ServerNameCallback" => "ClientHelloRejectMismatch", + }, + }, + client => { + extra => { + "ServerName" => "invalid", + }, + }, + test => { + "ExpectedResult" => "ServerFail", + "ExpectedServerAlert" => "UnrecognizedName" + }, + }, ); + +our @tests_tls_1_1 = ( + { + name => "SNI-clienthello-disable-v12", + server => { + extra => { + "ServerNameCallback" => "ClientHelloNoV12", + }, + }, + client => { + extra => { + "ServerName" => "server2", + }, + }, + test => { + "ExpectedProtocol" => "TLSv1.1", + "ExpectedServerName" => "server2", + }, + }, +); + +push @tests, @tests_tls_1_1 unless disabled("tls1_1"); diff --git a/deps/openssl/openssl/test/ssl-tests/06-sni-ticket.conf b/deps/openssl/openssl/test/ssl-tests/06-sni-ticket.conf index 9620e015a1a9e3..a3a9c78f06a236 100644 --- a/deps/openssl/openssl/test/ssl-tests/06-sni-ticket.conf +++ b/deps/openssl/openssl/test/ssl-tests/06-sni-ticket.conf @@ -43,6 +43,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [0-sni-session-ticket-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 Options = SessionTicket VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -84,6 +85,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [1-sni-session-ticket-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 Options = SessionTicket VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -91,6 +93,7 @@ VerifyMode = Peer [test-1] ExpectedResult = Success ExpectedServerName = server1 +SessionIdExpected = Yes SessionTicketExpected = Yes server = 1-sni-session-ticket-server-extra client = 1-sni-session-ticket-client-extra @@ -126,6 +129,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [2-sni-session-ticket-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 Options = SessionTicket VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -133,6 +137,7 @@ VerifyMode = Peer [test-2] ExpectedResult = Success ExpectedServerName = server2 +SessionIdExpected = Yes SessionTicketExpected = Yes server = 2-sni-session-ticket-server-extra client = 2-sni-session-ticket-client-extra @@ -168,6 +173,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [3-sni-session-ticket-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 Options = SessionTicket VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -175,6 +181,7 @@ VerifyMode = Peer [test-3] ExpectedResult = Success ExpectedServerName = server1 +SessionIdExpected = Yes SessionTicketExpected = Yes server = 3-sni-session-ticket-server-extra client = 3-sni-session-ticket-client-extra @@ -210,6 +217,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [4-sni-session-ticket-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 Options = SessionTicket VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -217,6 +225,7 @@ VerifyMode = Peer [test-4] ExpectedResult = Success ExpectedServerName = server2 +SessionIdExpected = Yes SessionTicketExpected = No server = 4-sni-session-ticket-server-extra client = 4-sni-session-ticket-client-extra @@ -252,6 +261,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [5-sni-session-ticket-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 Options = SessionTicket VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -259,6 +269,7 @@ VerifyMode = Peer [test-5] ExpectedResult = Success ExpectedServerName = server1 +SessionIdExpected = Yes SessionTicketExpected = No server = 5-sni-session-ticket-server-extra client = 5-sni-session-ticket-client-extra @@ -294,6 +305,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [6-sni-session-ticket-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 Options = SessionTicket VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -301,6 +313,7 @@ VerifyMode = Peer [test-6] ExpectedResult = Success ExpectedServerName = server2 +SessionIdExpected = Yes SessionTicketExpected = No server = 6-sni-session-ticket-server-extra client = 6-sni-session-ticket-client-extra @@ -336,6 +349,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [7-sni-session-ticket-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 Options = SessionTicket VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -343,6 +357,7 @@ VerifyMode = Peer [test-7] ExpectedResult = Success ExpectedServerName = server1 +SessionIdExpected = Yes SessionTicketExpected = No server = 7-sni-session-ticket-server-extra client = 7-sni-session-ticket-client-extra @@ -378,6 +393,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [8-sni-session-ticket-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 Options = SessionTicket VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -385,6 +401,7 @@ VerifyMode = Peer [test-8] ExpectedResult = Success ExpectedServerName = server2 +SessionIdExpected = Yes SessionTicketExpected = No server = 8-sni-session-ticket-server-extra client = 8-sni-session-ticket-client-extra @@ -420,6 +437,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [9-sni-session-ticket-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 Options = -SessionTicket VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -427,6 +445,7 @@ VerifyMode = Peer [test-9] ExpectedResult = Success ExpectedServerName = server1 +SessionIdExpected = Yes SessionTicketExpected = No server = 9-sni-session-ticket-server-extra client = 9-sni-session-ticket-client-extra @@ -462,6 +481,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [10-sni-session-ticket-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 Options = -SessionTicket VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -469,6 +489,7 @@ VerifyMode = Peer [test-10] ExpectedResult = Success ExpectedServerName = server2 +SessionIdExpected = Yes SessionTicketExpected = No server = 10-sni-session-ticket-server-extra client = 10-sni-session-ticket-client-extra @@ -504,6 +525,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [11-sni-session-ticket-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 Options = -SessionTicket VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -511,6 +533,7 @@ VerifyMode = Peer [test-11] ExpectedResult = Success ExpectedServerName = server1 +SessionIdExpected = Yes SessionTicketExpected = No server = 11-sni-session-ticket-server-extra client = 11-sni-session-ticket-client-extra @@ -546,6 +569,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [12-sni-session-ticket-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 Options = -SessionTicket VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -553,6 +577,7 @@ VerifyMode = Peer [test-12] ExpectedResult = Success ExpectedServerName = server2 +SessionIdExpected = Yes SessionTicketExpected = No server = 12-sni-session-ticket-server-extra client = 12-sni-session-ticket-client-extra @@ -588,6 +613,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [13-sni-session-ticket-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 Options = -SessionTicket VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -595,6 +621,7 @@ VerifyMode = Peer [test-13] ExpectedResult = Success ExpectedServerName = server1 +SessionIdExpected = Yes SessionTicketExpected = No server = 13-sni-session-ticket-server-extra client = 13-sni-session-ticket-client-extra @@ -630,6 +657,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [14-sni-session-ticket-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 Options = -SessionTicket VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -637,6 +665,7 @@ VerifyMode = Peer [test-14] ExpectedResult = Success ExpectedServerName = server2 +SessionIdExpected = Yes SessionTicketExpected = No server = 14-sni-session-ticket-server-extra client = 14-sni-session-ticket-client-extra @@ -672,6 +701,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [15-sni-session-ticket-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 Options = -SessionTicket VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -679,6 +709,7 @@ VerifyMode = Peer [test-15] ExpectedResult = Success ExpectedServerName = server1 +SessionIdExpected = Yes SessionTicketExpected = No server = 15-sni-session-ticket-server-extra client = 15-sni-session-ticket-client-extra @@ -714,6 +745,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [16-sni-session-ticket-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 Options = -SessionTicket VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -721,6 +753,7 @@ VerifyMode = Peer [test-16] ExpectedResult = Success ExpectedServerName = server2 +SessionIdExpected = Yes SessionTicketExpected = No server = 16-sni-session-ticket-server-extra client = 16-sni-session-ticket-client-extra diff --git a/deps/openssl/openssl/test/ssl-tests/06-sni-ticket.conf.in b/deps/openssl/openssl/test/ssl-tests/06-sni-ticket.conf.in index ea92b627b4ff2d..b4f4ffc29d90b0 100644 --- a/deps/openssl/openssl/test/ssl-tests/06-sni-ticket.conf.in +++ b/deps/openssl/openssl/test/ssl-tests/06-sni-ticket.conf.in @@ -7,7 +7,7 @@ # https://www.openssl.org/source/license.html -## Test Session ticket +## Test SNI/Session tickets use strict; use warnings; @@ -17,12 +17,15 @@ package ssltests; our @tests = (); +#Note: MaxProtocol is set to TLSv1.2 as session tickets work differently in +#TLSv1.3. sub generate_tests() { foreach my $c ("SessionTicket", "-SessionTicket") { - foreach my $s1 ("SessionTicket", "-SessionTicket") { - foreach my $s2 ("SessionTicket", "-SessionTicket") { - foreach my $n ("server1", "server2") { - my $result = expected_result($c, $s1, $s2, $n); + foreach my $s1 ("SessionTicket", "-SessionTicket") { + foreach my $s2 ("SessionTicket", "-SessionTicket") { + foreach my $n ("server1", "server2") { + my $ticket_result = expected_result($c, $s1, $s2, $n); + my $session_id_result = "Yes"; # always, even with a ticket push @tests, { "name" => "sni-session-ticket", "client" => { @@ -30,6 +33,7 @@ sub generate_tests() { "extra" => { "ServerName" => $n, }, + "MaxProtocol" => "TLSv1.2" }, "server" => { "Options" => $s1, @@ -38,13 +42,14 @@ sub generate_tests() { "ServerNameCallback" => "IgnoreMismatch", }, }, - "server2" => { - "Options" => $s2, - }, + "server2" => { + "Options" => $s2, + }, "test" => { "ExpectedServerName" => $n, "ExpectedResult" => "Success", - "SessionTicketExpected" => $result, + "SessionIdExpected" => $session_id_result, + "SessionTicketExpected" => $ticket_result, } }; } @@ -72,23 +77,24 @@ sub expected_result { push @tests, { "name" => "sni-session-ticket", "client" => { - "Options" => "SessionTicket", + "MaxProtocol" => "TLSv1.2", + "Options" => "SessionTicket", "extra" => { "ServerName" => "server1", } }, "server" => { - "Options" => "SessionTicket", + "Options" => "SessionTicket", "extra" => { "BrokenSessionTicket" => "Yes", }, }, "server2" => { - "Options" => "SessionTicket", + "Options" => "SessionTicket", }, "test" => { - "ExpectedResult" => "Success", - "SessionTicketExpected" => "No", + "ExpectedResult" => "Success", + "SessionTicketExpected" => "No", } }; diff --git a/deps/openssl/openssl/test/ssl-tests/08-npn.conf b/deps/openssl/openssl/test/ssl-tests/08-npn.conf index 9115ef458b890c..f38b3f6975ce06 100644 --- a/deps/openssl/openssl/test/ssl-tests/08-npn.conf +++ b/deps/openssl/openssl/test/ssl-tests/08-npn.conf @@ -38,6 +38,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [0-npn-simple-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -69,6 +70,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [1-npn-client-finds-match-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -100,6 +102,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [2-npn-client-honours-server-pref-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -131,6 +134,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [3-npn-client-first-pref-on-mismatch-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -162,6 +166,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [4-npn-no-server-support-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -188,6 +193,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [5-npn-no-client-support-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -220,6 +226,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [6-npn-with-sni-no-context-switch-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -264,6 +271,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [7-npn-with-sni-context-switch-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -308,6 +316,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [8-npn-selected-sni-server-supports-npn-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -351,6 +360,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [9-npn-selected-sni-server-does-not-support-npn-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -384,6 +394,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [10-alpn-preferred-over-npn-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -423,6 +434,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [11-sni-npn-preferred-over-alpn-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -464,6 +476,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [12-npn-simple-resumption-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -506,6 +519,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [13-npn-server-switch-resumption-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -546,11 +560,13 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [14-npn-client-switch-resumption-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [14-npn-client-switch-resumption-resume-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -596,6 +612,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [15-npn-client-first-pref-on-mismatch-resumption-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -641,6 +658,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [16-npn-no-server-support-resumption-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -676,11 +694,13 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [17-npn-no-client-support-resumption-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [17-npn-no-client-support-resumption-resume-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -721,6 +741,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [18-alpn-preferred-over-npn-resumption-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -768,6 +789,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [19-npn-used-if-alpn-not-supported-resumption-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer diff --git a/deps/openssl/openssl/test/ssl-tests/08-npn.conf.in b/deps/openssl/openssl/test/ssl-tests/08-npn.conf.in index bcb632f051ddc6..b5df13d5a9ad57 100644 --- a/deps/openssl/openssl/test/ssl-tests/08-npn.conf.in +++ b/deps/openssl/openssl/test/ssl-tests/08-npn.conf.in @@ -7,14 +7,13 @@ # https://www.openssl.org/source/license.html -## Test NPN negotiation +## Test NPN. Note that NPN is only supported up to TLSv1.2 use strict; use warnings; package ssltests; - our @tests = ( { name => "npn-simple", @@ -27,6 +26,7 @@ our @tests = ( extra => { "NPNProtocols" => "foo", }, + "MaxProtocol" => "TLSv1.2" }, test => { "ExpectedNPNProtocol" => "foo", @@ -43,6 +43,7 @@ our @tests = ( extra => { "NPNProtocols" => "foo,bar", }, + "MaxProtocol" => "TLSv1.2" }, test => { "ExpectedNPNProtocol" => "bar", @@ -59,6 +60,7 @@ our @tests = ( extra => { "NPNProtocols" => "foo,bar", }, + "MaxProtocol" => "TLSv1.2" }, test => { "ExpectedNPNProtocol" => "bar", @@ -75,6 +77,7 @@ our @tests = ( extra => { "NPNProtocols" => "foo,bar", }, + "MaxProtocol" => "TLSv1.2" }, test => { "ExpectedNPNProtocol" => "foo", @@ -82,11 +85,12 @@ our @tests = ( }, { name => "npn-no-server-support", - server => { }, + server => {}, client => { extra => { "NPNProtocols" => "foo", }, + "MaxProtocol" => "TLSv1.2" }, test => { "ExpectedNPNProtocol" => undef, @@ -99,7 +103,9 @@ our @tests = ( "NPNProtocols" => "foo", }, }, - client => { }, + client => { + "MaxProtocol" => "TLSv1.2" + }, test => { "ExpectedNPNProtocol" => undef, }, @@ -122,6 +128,7 @@ our @tests = ( "NPNProtocols" => "foo,bar", "ServerName" => "server1", }, + "MaxProtocol" => "TLSv1.2" }, test => { "ExpectedServerName" => "server1", @@ -146,6 +153,7 @@ our @tests = ( "NPNProtocols" => "foo,bar", "ServerName" => "server2", }, + "MaxProtocol" => "TLSv1.2" }, test => { "ExpectedServerName" => "server2", @@ -169,6 +177,7 @@ our @tests = ( "NPNProtocols" => "foo,bar", "ServerName" => "server2", }, + "MaxProtocol" => "TLSv1.2" }, test => { "ExpectedServerName" => "server2", @@ -189,6 +198,7 @@ our @tests = ( "NPNProtocols" => "foo,bar", "ServerName" => "server2", }, + "MaxProtocol" => "TLSv1.2" }, test => { "ExpectedServerName" => "server2", @@ -208,6 +218,7 @@ our @tests = ( "ALPNProtocols" => "foo", "NPNProtocols" => "bar", }, + "MaxProtocol" => "TLSv1.2" }, test => { "ExpectedALPNProtocol" => "foo", @@ -233,6 +244,7 @@ our @tests = ( "ALPNProtocols" => "foo", "NPNProtocols" => "bar", }, + "MaxProtocol" => "TLSv1.2" }, test => { "ExpectedALPNProtocol" => undef, @@ -251,6 +263,7 @@ our @tests = ( extra => { "NPNProtocols" => "foo", }, + "MaxProtocol" => "TLSv1.2" }, test => { "HandshakeMode" => "Resume", @@ -274,6 +287,7 @@ our @tests = ( extra => { "NPNProtocols" => "foo,bar,baz", }, + "MaxProtocol" => "TLSv1.2" }, test => { "HandshakeMode" => "Resume", @@ -292,11 +306,13 @@ our @tests = ( extra => { "NPNProtocols" => "foo,baz", }, + "MaxProtocol" => "TLSv1.2" }, resume_client => { extra => { "NPNProtocols" => "bar,baz", }, + "MaxProtocol" => "TLSv1.2" }, test => { "HandshakeMode" => "Resume", @@ -320,6 +336,7 @@ our @tests = ( extra => { "NPNProtocols" => "foo,bar", }, + "MaxProtocol" => "TLSv1.2" }, test => { "HandshakeMode" => "Resume", @@ -339,6 +356,7 @@ our @tests = ( extra => { "NPNProtocols" => "foo", }, + "MaxProtocol" => "TLSv1.2" }, test => { "HandshakeMode" => "Resume", @@ -357,8 +375,11 @@ our @tests = ( extra => { "NPNProtocols" => "foo", }, + "MaxProtocol" => "TLSv1.2" + }, + resume_client => { + "MaxProtocol" => "TLSv1.2" }, - resume_client => { }, test => { "HandshakeMode" => "Resume", "ResumptionExpected" => "Yes", @@ -383,6 +404,7 @@ our @tests = ( "ALPNProtocols" => "foo", "NPNProtocols" => "bar,baz", }, + "MaxProtocol" => "TLSv1.2" }, test => { "HandshakeMode" => "Resume", @@ -409,6 +431,7 @@ our @tests = ( "ALPNProtocols" => "foo", "NPNProtocols" => "bar,baz", }, + "MaxProtocol" => "TLSv1.2" }, test => { "HandshakeMode" => "Resume", diff --git a/deps/openssl/openssl/test/ssl-tests/09-alpn.conf.in b/deps/openssl/openssl/test/ssl-tests/09-alpn.conf.in index 37035f1d84d4b7..6e86375af13589 100644 --- a/deps/openssl/openssl/test/ssl-tests/09-alpn.conf.in +++ b/deps/openssl/openssl/test/ssl-tests/09-alpn.conf.in @@ -7,7 +7,7 @@ # https://www.openssl.org/source/license.html -## Test ALPN negotiation +## Test version negotiation use strict; use warnings; @@ -314,7 +314,8 @@ our @tests = ( "ALPNProtocols" => "foo", }, }, - resume_client => { }, + resume_client => { + }, test => { "HandshakeMode" => "Resume", "ResumptionExpected" => "Yes", diff --git a/deps/openssl/openssl/test/ssl-tests/10-resumption.conf b/deps/openssl/openssl/test/ssl-tests/10-resumption.conf index b2deee4209fdba..73de974ab013ce 100644 --- a/deps/openssl/openssl/test/ssl-tests/10-resumption.conf +++ b/deps/openssl/openssl/test/ssl-tests/10-resumption.conf @@ -1,6 +1,6 @@ # Generated with generate_ssl_tests.pl -num_tests = 36 +num_tests = 65 test-0 = 0-resumption test-1 = 1-resumption @@ -38,6 +38,35 @@ test-32 = 32-resumption test-33 = 33-resumption test-34 = 34-resumption test-35 = 35-resumption +test-36 = 36-resumption +test-37 = 37-resumption +test-38 = 38-resumption +test-39 = 39-resumption +test-40 = 40-resumption +test-41 = 41-resumption +test-42 = 42-resumption +test-43 = 43-resumption +test-44 = 44-resumption +test-45 = 45-resumption +test-46 = 46-resumption +test-47 = 47-resumption +test-48 = 48-resumption +test-49 = 49-resumption +test-50 = 50-resumption +test-51 = 51-resumption +test-52 = 52-resumption +test-53 = 53-resumption +test-54 = 54-resumption +test-55 = 55-resumption +test-56 = 56-resumption +test-57 = 57-resumption +test-58 = 58-resumption +test-59 = 59-resumption +test-60 = 60-resumption +test-61 = 61-resumption +test-62 = 62-resumption +test-63 = 63-resumption +test-64 = 64-resumption-with-hrr # =========================================================== [0-resumption] @@ -61,6 +90,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1 +Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [0-resumption-client] @@ -97,6 +127,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1 +Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [1-resumption-client] @@ -133,6 +164,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 +Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [2-resumption-client] @@ -169,6 +201,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 +Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [3-resumption-client] @@ -205,6 +238,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 +Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [4-resumption-client] @@ -241,6 +275,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 +Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [5-resumption-client] @@ -268,15 +303,16 @@ resume-client = 6-resumption-client [6-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [6-resumption-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.3 +Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [6-resumption-client] @@ -285,7 +321,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-6] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 HandshakeMode = Resume ResumptionExpected = No @@ -304,15 +340,16 @@ resume-client = 7-resumption-client [7-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [7-resumption-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.3 +Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [7-resumption-client] @@ -321,7 +358,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-7] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 HandshakeMode = Resume ResumptionExpected = No @@ -348,7 +385,8 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [8-resumption-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 +Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [8-resumption-client] @@ -357,9 +395,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-8] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 HandshakeMode = Resume -ResumptionExpected = Yes +ResumptionExpected = No # =========================================================== @@ -384,7 +422,8 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [9-resumption-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 +Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [9-resumption-client] @@ -393,9 +432,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-9] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 HandshakeMode = Resume -ResumptionExpected = Yes +ResumptionExpected = No # =========================================================== @@ -420,7 +459,8 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [10-resumption-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [10-resumption-client] @@ -429,9 +469,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-10] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 HandshakeMode = Resume -ResumptionExpected = No +ResumptionExpected = Yes # =========================================================== @@ -456,7 +496,8 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [11-resumption-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [11-resumption-client] @@ -465,9 +506,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-11] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 HandshakeMode = Resume -ResumptionExpected = No +ResumptionExpected = Yes # =========================================================== @@ -484,15 +525,16 @@ resume-client = 12-resumption-client [12-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [12-resumption-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.2 +Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [12-resumption-client] @@ -501,7 +543,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-12] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 HandshakeMode = Resume ResumptionExpected = No @@ -520,15 +562,16 @@ resume-client = 13-resumption-client [13-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [13-resumption-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.2 +Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [13-resumption-client] @@ -537,7 +580,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-13] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 HandshakeMode = Resume ResumptionExpected = No @@ -556,15 +599,16 @@ resume-client = 14-resumption-client [14-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [14-resumption-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [14-resumption-client] @@ -573,7 +617,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-14] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 HandshakeMode = Resume ResumptionExpected = No @@ -592,15 +636,16 @@ resume-client = 15-resumption-client [15-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [15-resumption-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [15-resumption-client] @@ -609,7 +654,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-15] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 HandshakeMode = Resume ResumptionExpected = No @@ -636,7 +681,8 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [16-resumption-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1 +Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [16-resumption-client] @@ -645,9 +691,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-16] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 HandshakeMode = Resume -ResumptionExpected = Yes +ResumptionExpected = No # =========================================================== @@ -672,7 +718,8 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [17-resumption-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1 +Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [17-resumption-client] @@ -681,9 +728,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-17] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 HandshakeMode = Resume -ResumptionExpected = Yes +ResumptionExpected = No # =========================================================== @@ -694,32 +741,33 @@ ssl_conf = 18-resumption-ssl [18-resumption-ssl] server = 18-resumption-server client = 18-resumption-client -resume-server = 18-resumption-server -resume-client = 18-resumption-resume-client +resume-server = 18-resumption-resume-server +resume-client = 18-resumption-client [18-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[18-resumption-client] +[18-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer +MaxProtocol = TLSv1.1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[18-resumption-resume-client] +[18-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-18] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 HandshakeMode = Resume -ResumptionExpected = Yes +ResumptionExpected = No # =========================================================== @@ -730,32 +778,33 @@ ssl_conf = 19-resumption-ssl [19-resumption-ssl] server = 19-resumption-server client = 19-resumption-client -resume-server = 19-resumption-server -resume-client = 19-resumption-resume-client +resume-server = 19-resumption-resume-server +resume-client = 19-resumption-client [19-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[19-resumption-client] +[19-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer +MaxProtocol = TLSv1.1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[19-resumption-resume-client] +[19-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-19] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 HandshakeMode = Resume -ResumptionExpected = Yes +ResumptionExpected = No # =========================================================== @@ -766,32 +815,33 @@ ssl_conf = 20-resumption-ssl [20-resumption-ssl] server = 20-resumption-server client = 20-resumption-client -resume-server = 20-resumption-server -resume-client = 20-resumption-resume-client +resume-server = 20-resumption-resume-server +resume-client = 20-resumption-client [20-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[20-resumption-client] +[20-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer +MaxProtocol = TLSv1.2 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[20-resumption-resume-client] +[20-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-20] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 HandshakeMode = Resume -ResumptionExpected = No +ResumptionExpected = Yes # =========================================================== @@ -802,32 +852,33 @@ ssl_conf = 21-resumption-ssl [21-resumption-ssl] server = 21-resumption-server client = 21-resumption-client -resume-server = 21-resumption-server -resume-client = 21-resumption-resume-client +resume-server = 21-resumption-resume-server +resume-client = 21-resumption-client [21-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[21-resumption-client] +[21-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer +MaxProtocol = TLSv1.2 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[21-resumption-resume-client] +[21-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-21] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 HandshakeMode = Resume -ResumptionExpected = No +ResumptionExpected = Yes # =========================================================== @@ -838,30 +889,31 @@ ssl_conf = 22-resumption-ssl [22-resumption-ssl] server = 22-resumption-server client = 22-resumption-client -resume-server = 22-resumption-server -resume-client = 22-resumption-resume-client +resume-server = 22-resumption-resume-server +resume-client = 22-resumption-client [22-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[22-resumption-client] +[22-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer +MaxProtocol = TLSv1.3 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[22-resumption-resume-client] +[22-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-22] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 HandshakeMode = Resume ResumptionExpected = No @@ -874,30 +926,31 @@ ssl_conf = 23-resumption-ssl [23-resumption-ssl] server = 23-resumption-server client = 23-resumption-client -resume-server = 23-resumption-server -resume-client = 23-resumption-resume-client +resume-server = 23-resumption-resume-server +resume-client = 23-resumption-client [23-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[23-resumption-client] +[23-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer +MaxProtocol = TLSv1.3 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[23-resumption-resume-client] +[23-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-23] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 HandshakeMode = Resume ResumptionExpected = No @@ -910,25 +963,26 @@ ssl_conf = 24-resumption-ssl [24-resumption-ssl] server = 24-resumption-server client = 24-resumption-client -resume-server = 24-resumption-server -resume-client = 24-resumption-resume-client +resume-server = 24-resumption-resume-server +resume-client = 24-resumption-client [24-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[24-resumption-client] +[24-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer +MaxProtocol = TLSv1 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[24-resumption-resume-client] +[24-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -946,25 +1000,26 @@ ssl_conf = 25-resumption-ssl [25-resumption-ssl] server = 25-resumption-server client = 25-resumption-client -resume-server = 25-resumption-server -resume-client = 25-resumption-resume-client +resume-server = 25-resumption-resume-server +resume-client = 25-resumption-client [25-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[25-resumption-client] +[25-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer +MaxProtocol = TLSv1 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[25-resumption-resume-client] +[25-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -982,32 +1037,33 @@ ssl_conf = 26-resumption-ssl [26-resumption-ssl] server = 26-resumption-server client = 26-resumption-client -resume-server = 26-resumption-server -resume-client = 26-resumption-resume-client +resume-server = 26-resumption-resume-server +resume-client = 26-resumption-client [26-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[26-resumption-client] +[26-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[26-resumption-resume-client] +[26-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-26] ExpectedProtocol = TLSv1.1 HandshakeMode = Resume -ResumptionExpected = Yes +ResumptionExpected = No # =========================================================== @@ -1018,32 +1074,33 @@ ssl_conf = 27-resumption-ssl [27-resumption-ssl] server = 27-resumption-server client = 27-resumption-client -resume-server = 27-resumption-server -resume-client = 27-resumption-resume-client +resume-server = 27-resumption-resume-server +resume-client = 27-resumption-client [27-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[27-resumption-client] +[27-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[27-resumption-resume-client] +[27-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-27] ExpectedProtocol = TLSv1.1 HandshakeMode = Resume -ResumptionExpected = Yes +ResumptionExpected = No # =========================================================== @@ -1054,25 +1111,26 @@ ssl_conf = 28-resumption-ssl [28-resumption-ssl] server = 28-resumption-server client = 28-resumption-client -resume-server = 28-resumption-server -resume-client = 28-resumption-resume-client +resume-server = 28-resumption-resume-server +resume-client = 28-resumption-client [28-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[28-resumption-client] +[28-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer +MaxProtocol = TLSv1.2 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[28-resumption-resume-client] +[28-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -1090,25 +1148,26 @@ ssl_conf = 29-resumption-ssl [29-resumption-ssl] server = 29-resumption-server client = 29-resumption-client -resume-server = 29-resumption-server -resume-client = 29-resumption-resume-client +resume-server = 29-resumption-resume-server +resume-client = 29-resumption-client [29-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[29-resumption-client] +[29-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer +MaxProtocol = TLSv1.2 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[29-resumption-resume-client] +[29-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -1126,32 +1185,33 @@ ssl_conf = 30-resumption-ssl [30-resumption-ssl] server = 30-resumption-server client = 30-resumption-client -resume-server = 30-resumption-server -resume-client = 30-resumption-resume-client +resume-server = 30-resumption-resume-server +resume-client = 30-resumption-client [30-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[30-resumption-client] +[30-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer +MaxProtocol = TLSv1.3 +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[30-resumption-resume-client] +[30-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-30] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 HandshakeMode = Resume -ResumptionExpected = No +ResumptionExpected = Yes # =========================================================== @@ -1162,32 +1222,33 @@ ssl_conf = 31-resumption-ssl [31-resumption-ssl] server = 31-resumption-server client = 31-resumption-client -resume-server = 31-resumption-server -resume-client = 31-resumption-resume-client +resume-server = 31-resumption-resume-server +resume-client = 31-resumption-client [31-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[31-resumption-client] +[31-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer +MaxProtocol = TLSv1.3 +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[31-resumption-resume-client] +[31-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-31] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 HandshakeMode = Resume -ResumptionExpected = No +ResumptionExpected = Yes # =========================================================== @@ -1209,21 +1270,21 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [32-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [32-resumption-resume-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-32] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 HandshakeMode = Resume -ResumptionExpected = No +ResumptionExpected = Yes # =========================================================== @@ -1245,21 +1306,21 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [33-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [33-resumption-resume-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-33] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 HandshakeMode = Resume -ResumptionExpected = No +ResumptionExpected = Yes # =========================================================== @@ -1281,21 +1342,21 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [34-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [34-resumption-resume-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-34] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 HandshakeMode = Resume -ResumptionExpected = Yes +ResumptionExpected = No # =========================================================== @@ -1317,20 +1378,1062 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [35-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [35-resumption-resume-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-35] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[36-resumption] +ssl_conf = 36-resumption-ssl + +[36-resumption-ssl] +server = 36-resumption-server +client = 36-resumption-client +resume-server = 36-resumption-server +resume-client = 36-resumption-resume-client + +[36-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[36-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[36-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-36] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[37-resumption] +ssl_conf = 37-resumption-ssl + +[37-resumption-ssl] +server = 37-resumption-server +client = 37-resumption-client +resume-server = 37-resumption-server +resume-client = 37-resumption-resume-client + +[37-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[37-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[37-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-37] ExpectedProtocol = TLSv1.2 HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[38-resumption] +ssl_conf = 38-resumption-ssl + +[38-resumption-ssl] +server = 38-resumption-server +client = 38-resumption-client +resume-server = 38-resumption-server +resume-client = 38-resumption-resume-client + +[38-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[38-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[38-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-38] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[39-resumption] +ssl_conf = 39-resumption-ssl + +[39-resumption-ssl] +server = 39-resumption-server +client = 39-resumption-client +resume-server = 39-resumption-server +resume-client = 39-resumption-resume-client + +[39-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[39-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[39-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-39] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[40-resumption] +ssl_conf = 40-resumption-ssl + +[40-resumption-ssl] +server = 40-resumption-server +client = 40-resumption-client +resume-server = 40-resumption-server +resume-client = 40-resumption-resume-client + +[40-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[40-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[40-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-40] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[41-resumption] +ssl_conf = 41-resumption-ssl + +[41-resumption-ssl] +server = 41-resumption-server +client = 41-resumption-client +resume-server = 41-resumption-server +resume-client = 41-resumption-resume-client + +[41-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[41-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[41-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-41] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[42-resumption] +ssl_conf = 42-resumption-ssl + +[42-resumption-ssl] +server = 42-resumption-server +client = 42-resumption-client +resume-server = 42-resumption-server +resume-client = 42-resumption-resume-client + +[42-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[42-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[42-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-42] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[43-resumption] +ssl_conf = 43-resumption-ssl + +[43-resumption-ssl] +server = 43-resumption-server +client = 43-resumption-client +resume-server = 43-resumption-server +resume-client = 43-resumption-resume-client + +[43-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[43-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[43-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-43] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[44-resumption] +ssl_conf = 44-resumption-ssl + +[44-resumption-ssl] +server = 44-resumption-server +client = 44-resumption-client +resume-server = 44-resumption-server +resume-client = 44-resumption-resume-client + +[44-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[44-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[44-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-44] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[45-resumption] +ssl_conf = 45-resumption-ssl + +[45-resumption-ssl] +server = 45-resumption-server +client = 45-resumption-client +resume-server = 45-resumption-server +resume-client = 45-resumption-resume-client + +[45-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[45-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[45-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-45] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[46-resumption] +ssl_conf = 46-resumption-ssl + +[46-resumption-ssl] +server = 46-resumption-server +client = 46-resumption-client +resume-server = 46-resumption-server +resume-client = 46-resumption-resume-client + +[46-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[46-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[46-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-46] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[47-resumption] +ssl_conf = 47-resumption-ssl + +[47-resumption-ssl] +server = 47-resumption-server +client = 47-resumption-client +resume-server = 47-resumption-server +resume-client = 47-resumption-resume-client + +[47-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[47-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[47-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-47] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[48-resumption] +ssl_conf = 48-resumption-ssl + +[48-resumption-ssl] +server = 48-resumption-server +client = 48-resumption-client +resume-server = 48-resumption-server +resume-client = 48-resumption-resume-client + +[48-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[48-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[48-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-48] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[49-resumption] +ssl_conf = 49-resumption-ssl + +[49-resumption-ssl] +server = 49-resumption-server +client = 49-resumption-client +resume-server = 49-resumption-server +resume-client = 49-resumption-resume-client + +[49-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[49-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[49-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-49] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[50-resumption] +ssl_conf = 50-resumption-ssl + +[50-resumption-ssl] +server = 50-resumption-server +client = 50-resumption-client +resume-server = 50-resumption-server +resume-client = 50-resumption-resume-client + +[50-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[50-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[50-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-50] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[51-resumption] +ssl_conf = 51-resumption-ssl + +[51-resumption-ssl] +server = 51-resumption-server +client = 51-resumption-client +resume-server = 51-resumption-server +resume-client = 51-resumption-resume-client + +[51-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[51-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[51-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-51] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[52-resumption] +ssl_conf = 52-resumption-ssl + +[52-resumption-ssl] +server = 52-resumption-server +client = 52-resumption-client +resume-server = 52-resumption-server +resume-client = 52-resumption-resume-client + +[52-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[52-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[52-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-52] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[53-resumption] +ssl_conf = 53-resumption-ssl + +[53-resumption-ssl] +server = 53-resumption-server +client = 53-resumption-client +resume-server = 53-resumption-server +resume-client = 53-resumption-resume-client + +[53-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[53-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[53-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-53] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[54-resumption] +ssl_conf = 54-resumption-ssl + +[54-resumption-ssl] +server = 54-resumption-server +client = 54-resumption-client +resume-server = 54-resumption-server +resume-client = 54-resumption-resume-client + +[54-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[54-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[54-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-54] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[55-resumption] +ssl_conf = 55-resumption-ssl + +[55-resumption-ssl] +server = 55-resumption-server +client = 55-resumption-client +resume-server = 55-resumption-server +resume-client = 55-resumption-resume-client + +[55-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[55-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[55-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-55] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[56-resumption] +ssl_conf = 56-resumption-ssl + +[56-resumption-ssl] +server = 56-resumption-server +client = 56-resumption-client +resume-server = 56-resumption-server +resume-client = 56-resumption-resume-client + +[56-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[56-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[56-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-56] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[57-resumption] +ssl_conf = 57-resumption-ssl + +[57-resumption-ssl] +server = 57-resumption-server +client = 57-resumption-client +resume-server = 57-resumption-server +resume-client = 57-resumption-resume-client + +[57-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[57-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[57-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-57] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[58-resumption] +ssl_conf = 58-resumption-ssl + +[58-resumption-ssl] +server = 58-resumption-server +client = 58-resumption-client +resume-server = 58-resumption-server +resume-client = 58-resumption-resume-client + +[58-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[58-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[58-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-58] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[59-resumption] +ssl_conf = 59-resumption-ssl + +[59-resumption-ssl] +server = 59-resumption-server +client = 59-resumption-client +resume-server = 59-resumption-server +resume-client = 59-resumption-resume-client + +[59-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[59-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[59-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-59] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[60-resumption] +ssl_conf = 60-resumption-ssl + +[60-resumption-ssl] +server = 60-resumption-server +client = 60-resumption-client +resume-server = 60-resumption-server +resume-client = 60-resumption-resume-client + +[60-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[60-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[60-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-60] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[61-resumption] +ssl_conf = 61-resumption-ssl + +[61-resumption-ssl] +server = 61-resumption-server +client = 61-resumption-client +resume-server = 61-resumption-server +resume-client = 61-resumption-resume-client + +[61-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[61-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[61-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-61] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[62-resumption] +ssl_conf = 62-resumption-ssl + +[62-resumption-ssl] +server = 62-resumption-server +client = 62-resumption-client +resume-server = 62-resumption-server +resume-client = 62-resumption-resume-client + +[62-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[62-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[62-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-62] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[63-resumption] +ssl_conf = 63-resumption-ssl + +[63-resumption-ssl] +server = 63-resumption-server +client = 63-resumption-client +resume-server = 63-resumption-server +resume-client = 63-resumption-resume-client + +[63-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[63-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[63-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-63] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[64-resumption-with-hrr] +ssl_conf = 64-resumption-with-hrr-ssl + +[64-resumption-with-hrr-ssl] +server = 64-resumption-with-hrr-server +client = 64-resumption-with-hrr-client +resume-server = 64-resumption-with-hrr-server +resume-client = 64-resumption-with-hrr-resume-client + +[64-resumption-with-hrr-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = P-256 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[64-resumption-with-hrr-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[64-resumption-with-hrr-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-64] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +Method = TLS ResumptionExpected = Yes diff --git a/deps/openssl/openssl/test/ssl-tests/11-dtls_resumption.conf b/deps/openssl/openssl/test/ssl-tests/11-dtls_resumption.conf index ceed9597447255..a981fa51dfdf33 100644 --- a/deps/openssl/openssl/test/ssl-tests/11-dtls_resumption.conf +++ b/deps/openssl/openssl/test/ssl-tests/11-dtls_resumption.conf @@ -41,6 +41,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = DTLSv1 +Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [0-resumption-client] @@ -78,6 +79,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = DTLSv1 +Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [1-resumption-client] @@ -115,6 +117,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = DTLSv1.2 +Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [2-resumption-client] @@ -152,6 +155,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = DTLSv1.2 +Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [3-resumption-client] @@ -189,6 +193,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = DTLSv1 +Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [4-resumption-client] @@ -226,6 +231,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = DTLSv1 +Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [5-resumption-client] @@ -263,6 +269,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = DTLSv1.2 +Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [6-resumption-client] @@ -300,6 +307,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = DTLSv1.2 +Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [7-resumption-client] diff --git a/deps/openssl/openssl/test/ssl-tests/12-ct.conf.in b/deps/openssl/openssl/test/ssl-tests/12-ct.conf.in index d412dfd0580193..7c0304995ff9b5 100644 --- a/deps/openssl/openssl/test/ssl-tests/12-ct.conf.in +++ b/deps/openssl/openssl/test/ssl-tests/12-ct.conf.in @@ -7,7 +7,7 @@ # https://www.openssl.org/source/license.html -## Test CT support +## Test version negotiation use strict; use warnings; diff --git a/deps/openssl/openssl/test/ssl-tests/13-fragmentation.conf b/deps/openssl/openssl/test/ssl-tests/13-fragmentation.conf index 4c1e9e2b338943..96b5d048dafe6d 100644 --- a/deps/openssl/openssl/test/ssl-tests/13-fragmentation.conf +++ b/deps/openssl/openssl/test/ssl-tests/13-fragmentation.conf @@ -1,6 +1,6 @@ # Generated with generate_ssl_tests.pl -num_tests = 16 +num_tests = 22 test-0 = 0-one-fragment-minus-app-data test-1 = 1-one-fragment-app-data @@ -18,6 +18,12 @@ test-12 = 12-large-app-data-aes-sha1-multibuffer-odd-fragment test-13 = 13-large-app-data-aes-sha2-multibuffer-odd-fragment test-14 = 14-small-app-data-aes-sha1-multibuffer test-15 = 15-small-app-data-aes-sha2-multibuffer +test-16 = 16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled +test-17 = 17-Maximum Fragment Len extension equal FragmentSize to 2048 +test-18 = 18-Maximum Fragment Len extension 512 lower than FragmentSize 1024 +test-19 = 19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024 +test-20 = 20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048 +test-21 = 21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024 # =========================================================== [0-one-fragment-minus-app-data] @@ -267,6 +273,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [10-large-app-data-aes-sha1-multibuffer-client] CipherString = AES128-SHA +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -291,6 +298,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [11-large-app-data-aes-sha2-multibuffer-client] CipherString = AES128-SHA256 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -315,6 +323,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [12-large-app-data-aes-sha1-multibuffer-odd-fragment-client] CipherString = AES128-SHA +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -339,6 +348,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [13-large-app-data-aes-sha2-multibuffer-odd-fragment-client] CipherString = AES128-SHA256 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -363,6 +373,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [14-small-app-data-aes-sha1-multibuffer-client] CipherString = AES128-SHA +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -387,6 +398,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [15-small-app-data-aes-sha2-multibuffer-client] CipherString = AES128-SHA256 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -395,3 +407,169 @@ ApplicationData = 4096 MaxFragmentSize = 4096 +# =========================================================== + +[16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled] +ssl_conf = 16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-ssl + +[16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-ssl] +server = 16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-server +client = 16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-client + +[16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-16] +ApplicationData = 3072 +MaxFragmentSize = 16384 +client = 16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-client-extra + +[16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-client-extra] +MaxFragmentLenExt = 1024 + + +# =========================================================== + +[17-Maximum Fragment Len extension equal FragmentSize to 2048] +ssl_conf = 17-Maximum Fragment Len extension equal FragmentSize to 2048-ssl + +[17-Maximum Fragment Len extension equal FragmentSize to 2048-ssl] +server = 17-Maximum Fragment Len extension equal FragmentSize to 2048-server +client = 17-Maximum Fragment Len extension equal FragmentSize to 2048-client + +[17-Maximum Fragment Len extension equal FragmentSize to 2048-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[17-Maximum Fragment Len extension equal FragmentSize to 2048-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-17] +ApplicationData = 3072 +MaxFragmentSize = 2048 +client = 17-Maximum Fragment Len extension equal FragmentSize to 2048-client-extra + +[17-Maximum Fragment Len extension equal FragmentSize to 2048-client-extra] +MaxFragmentLenExt = 2048 + + +# =========================================================== + +[18-Maximum Fragment Len extension 512 lower than FragmentSize 1024] +ssl_conf = 18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-ssl + +[18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-ssl] +server = 18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-server +client = 18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-client + +[18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-18] +ApplicationData = 3072 +MaxFragmentSize = 1024 +client = 18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-client-extra + +[18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-client-extra] +MaxFragmentLenExt = 512 + + +# =========================================================== + +[19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024] +ssl_conf = 19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-ssl + +[19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-ssl] +server = 19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-server +client = 19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-client + +[19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-19] +ApplicationData = 3072 +MaxFragmentSize = 1024 +client = 19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-client-extra + +[19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-client-extra] +MaxFragmentLenExt = 2048 + + +# =========================================================== + +[20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048] +ssl_conf = 20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-ssl + +[20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-ssl] +server = 20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-server +client = 20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-client + +[20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-20] +ApplicationData = 8196 +MaxFragmentSize = 2048 +client = 20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-client-extra + +[20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-client-extra] +MaxFragmentLenExt = 4096 + + +# =========================================================== + +[21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024] +ssl_conf = 21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-ssl + +[21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-ssl] +server = 21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-server +client = 21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-client + +[21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-21] +ApplicationData = 3072 +MaxFragmentSize = 1024 +client = 21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-client-extra + +[21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-client-extra] +MaxFragmentLenExt = 2048 diff --git a/deps/openssl/openssl/test/ssl-tests/13-fragmentation.conf.in b/deps/openssl/openssl/test/ssl-tests/13-fragmentation.conf.in index 6c2501b8b0c285..7c80c431c33e1d 100644 --- a/deps/openssl/openssl/test/ssl-tests/13-fragmentation.conf.in +++ b/deps/openssl/openssl/test/ssl-tests/13-fragmentation.conf.in @@ -1,5 +1,5 @@ # -*- mode: perl; -*- -# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -104,7 +104,7 @@ our @tests = ( # When the buffer / fragment size ratio is sufficiently large, # multi-buffer code kicks in on some platforms for AES-SHA. The # exact minimum ratio depends on the platform, and is usually - # around 4. Since the the test buffer is 64kB, a 4kB fragment is + # around 4. Since the test buffer is 64kB, a 4kB fragment is # easily sufficient. # # (We run this test on all platforms though it's only true multibuffer @@ -114,6 +114,7 @@ our @tests = ( server => { }, client => { CipherString => "AES128-SHA", + MaxProtocol => "TLSv1.2" }, test => { ApplicationData => 1024 * 1024, @@ -125,6 +126,7 @@ our @tests = ( server => { }, client => { CipherString => "AES128-SHA256", + MaxProtocol => "TLSv1.2" }, test => { ApplicationData => 1024 * 1024, @@ -136,6 +138,7 @@ our @tests = ( server => { }, client => { CipherString => "AES128-SHA", + MaxProtocol => "TLSv1.2" }, test => { ApplicationData => 1024 * 1024 + 3, @@ -147,6 +150,7 @@ our @tests = ( server => { }, client => { CipherString => "AES128-SHA256", + MaxProtocol => "TLSv1.2" }, test => { ApplicationData => 1024 * 1024 - 3, @@ -161,6 +165,7 @@ our @tests = ( server => { }, client => { CipherString => "AES128-SHA", + MaxProtocol => "TLSv1.2" }, test => { ApplicationData => 4 * 1024, @@ -172,10 +177,92 @@ our @tests = ( server => { }, client => { CipherString => "AES128-SHA256", + MaxProtocol => "TLSv1.2" }, test => { ApplicationData => 4 * 1024, MaxFragmentSize => 4 * 1024, } }, + ############################################ + # Default (Max) Fragment Size is 512. + # Default Application data size is 256. + { + name => "Maximum Fragment Len extension set to 1024 w. FragmentSize disabled", + server => { }, + client => { + extra => { + MaxFragmentLenExt => 1024, + }, + }, + test => { + ApplicationData => 3072, + MaxFragmentSize => 16384, + } + }, + { + name => "Maximum Fragment Len extension equal FragmentSize to 2048", + server => { }, + client => { + extra => { + MaxFragmentLenExt => 2048, + }, + }, + test => { + ApplicationData => 3072, + MaxFragmentSize => 2048, + } + }, + { + name => "Maximum Fragment Len extension 512 lower than FragmentSize 1024", + server => { }, + client => { + extra => { + MaxFragmentLenExt => 512, + }, + }, + test => { + ApplicationData => 3072, + MaxFragmentSize => 1024, + } + }, + { + name => "Maximum Fragment Len extension 1024 lower than FragmentSize 1024", + server => { }, + client => { + extra => { + MaxFragmentLenExt => 2048, + }, + }, + test => { + ApplicationData => 3072, + MaxFragmentSize => 1024, + } + }, + { + name => "Maximum Fragment Len extension 4096 greater than FragmentSize 2048", + server => { }, + client => { + extra => { + MaxFragmentLenExt => 4096, + }, + }, + test => { + ApplicationData => 8196, + MaxFragmentSize => 2048, + } + }, + { + name => "Maximum Fragment Len extension 2048 greater than FragmentSize 1024", + server => { }, + client => { + extra => { + MaxFragmentLenExt => 2048, + }, + }, + test => { + ApplicationData => 3072, + MaxFragmentSize => 1024, + } + }, ); diff --git a/deps/openssl/openssl/test/ssl-tests/14-curves.conf b/deps/openssl/openssl/test/ssl-tests/14-curves.conf index 7f7ac4ba8dc0b1..8b61af7667598e 100644 --- a/deps/openssl/openssl/test/ssl-tests/14-curves.conf +++ b/deps/openssl/openssl/test/ssl-tests/14-curves.conf @@ -1,6 +1,6 @@ # Generated with generate_ssl_tests.pl -num_tests = 29 +num_tests = 30 test-0 = 0-curve-sect163k1 test-1 = 1-curve-sect163r1 @@ -31,6 +31,7 @@ test-25 = 25-curve-brainpoolP256r1 test-26 = 26-curve-brainpoolP384r1 test-27 = 27-curve-brainpoolP512r1 test-28 = 28-curve-X25519 +test-29 = 29-curve-X448 # =========================================================== [0-curve-sect163k1] @@ -44,11 +45,13 @@ client = 0-curve-sect163k1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect163k1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [0-curve-sect163k1-client] CipherString = ECDHE Curves = sect163k1 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -70,11 +73,13 @@ client = 1-curve-sect163r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect163r1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [1-curve-sect163r1-client] CipherString = ECDHE Curves = sect163r1 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -96,11 +101,13 @@ client = 2-curve-sect163r2-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect163r2 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [2-curve-sect163r2-client] CipherString = ECDHE Curves = sect163r2 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -122,11 +129,13 @@ client = 3-curve-sect193r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect193r1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [3-curve-sect193r1-client] CipherString = ECDHE Curves = sect193r1 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -148,11 +157,13 @@ client = 4-curve-sect193r2-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect193r2 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [4-curve-sect193r2-client] CipherString = ECDHE Curves = sect193r2 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -174,11 +185,13 @@ client = 5-curve-sect233k1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect233k1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [5-curve-sect233k1-client] CipherString = ECDHE Curves = sect233k1 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -200,11 +213,13 @@ client = 6-curve-sect233r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect233r1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [6-curve-sect233r1-client] CipherString = ECDHE Curves = sect233r1 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -226,11 +241,13 @@ client = 7-curve-sect239k1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect239k1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [7-curve-sect239k1-client] CipherString = ECDHE Curves = sect239k1 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -252,11 +269,13 @@ client = 8-curve-sect283k1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect283k1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [8-curve-sect283k1-client] CipherString = ECDHE Curves = sect283k1 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -278,11 +297,13 @@ client = 9-curve-sect283r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect283r1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [9-curve-sect283r1-client] CipherString = ECDHE Curves = sect283r1 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -304,11 +325,13 @@ client = 10-curve-sect409k1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect409k1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [10-curve-sect409k1-client] CipherString = ECDHE Curves = sect409k1 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -330,11 +353,13 @@ client = 11-curve-sect409r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect409r1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [11-curve-sect409r1-client] CipherString = ECDHE Curves = sect409r1 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -356,11 +381,13 @@ client = 12-curve-sect571k1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect571k1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [12-curve-sect571k1-client] CipherString = ECDHE Curves = sect571k1 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -382,11 +409,13 @@ client = 13-curve-sect571r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect571r1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [13-curve-sect571r1-client] CipherString = ECDHE Curves = sect571r1 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -408,11 +437,13 @@ client = 14-curve-secp160k1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp160k1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [14-curve-secp160k1-client] CipherString = ECDHE Curves = secp160k1 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -434,11 +465,13 @@ client = 15-curve-secp160r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp160r1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [15-curve-secp160r1-client] CipherString = ECDHE Curves = secp160r1 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -460,11 +493,13 @@ client = 16-curve-secp160r2-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp160r2 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [16-curve-secp160r2-client] CipherString = ECDHE Curves = secp160r2 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -486,11 +521,13 @@ client = 17-curve-secp192k1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp192k1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [17-curve-secp192k1-client] CipherString = ECDHE Curves = secp192k1 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -512,11 +549,13 @@ client = 18-curve-prime192v1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = prime192v1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [18-curve-prime192v1-client] CipherString = ECDHE Curves = prime192v1 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -538,11 +577,13 @@ client = 19-curve-secp224k1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp224k1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [19-curve-secp224k1-client] CipherString = ECDHE Curves = secp224k1 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -564,11 +605,13 @@ client = 20-curve-secp224r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp224r1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [20-curve-secp224r1-client] CipherString = ECDHE Curves = secp224r1 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -590,11 +633,13 @@ client = 21-curve-secp256k1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp256k1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [21-curve-secp256k1-client] CipherString = ECDHE Curves = secp256k1 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -616,11 +661,13 @@ client = 22-curve-prime256v1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = prime256v1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [22-curve-prime256v1-client] CipherString = ECDHE Curves = prime256v1 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -642,11 +689,13 @@ client = 23-curve-secp384r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp384r1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [23-curve-secp384r1-client] CipherString = ECDHE Curves = secp384r1 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -668,11 +717,13 @@ client = 24-curve-secp521r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp521r1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [24-curve-secp521r1-client] CipherString = ECDHE Curves = secp521r1 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -694,11 +745,13 @@ client = 25-curve-brainpoolP256r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = brainpoolP256r1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [25-curve-brainpoolP256r1-client] CipherString = ECDHE Curves = brainpoolP256r1 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -720,11 +773,13 @@ client = 26-curve-brainpoolP384r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = brainpoolP384r1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [26-curve-brainpoolP384r1-client] CipherString = ECDHE Curves = brainpoolP384r1 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -746,11 +801,13 @@ client = 27-curve-brainpoolP512r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = brainpoolP512r1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [27-curve-brainpoolP512r1-client] CipherString = ECDHE Curves = brainpoolP512r1 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -772,11 +829,13 @@ client = 28-curve-X25519-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = X25519 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [28-curve-X25519-client] CipherString = ECDHE Curves = X25519 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -785,3 +844,29 @@ ExpectedResult = Success ExpectedTmpKeyType = X25519 +# =========================================================== + +[29-curve-X448] +ssl_conf = 29-curve-X448-ssl + +[29-curve-X448-ssl] +server = 29-curve-X448-server +client = 29-curve-X448-client + +[29-curve-X448-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = X448 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[29-curve-X448-client] +CipherString = ECDHE +Curves = X448 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-29] +ExpectedResult = Success +ExpectedTmpKeyType = X448 diff --git a/deps/openssl/openssl/test/ssl-tests/14-curves.conf.in b/deps/openssl/openssl/test/ssl-tests/14-curves.conf.in index 0b7c09cc3f4ce4..2f8077c44a1735 100644 --- a/deps/openssl/openssl/test/ssl-tests/14-curves.conf.in +++ b/deps/openssl/openssl/test/ssl-tests/14-curves.conf.in @@ -17,7 +17,7 @@ my @curves = ("sect163k1", "sect163r1", "sect163r2", "sect193r1", "secp160r2", "secp192k1", "prime192v1", "secp224k1", "secp224r1", "secp256k1", "prime256v1", "secp384r1", "secp521r1", "brainpoolP256r1", "brainpoolP384r1", - "brainpoolP512r1", "X25519"); + "brainpoolP512r1", "X25519", "X448"); our @tests = (); @@ -25,12 +25,15 @@ sub generate_tests() { foreach (0..$#curves) { my $curve = $curves[$_]; push @tests, { - name => "curve-${curve}", + name => "curve-${curve}", server => { - "Curves" => $curve + "Curves" => $curve, + # TODO(TLS1.3): Can we get this to work for TLSv1.3? + "MaxProtocol" => "TLSv1.2" }, client => { - "CipherString" => "ECDHE", + "CipherString" => "ECDHE", + "MaxProtocol" => "TLSv1.2", "Curves" => $curve }, test => { diff --git a/deps/openssl/openssl/test/ssl-tests/16-dtls-certstatus.conf.in b/deps/openssl/openssl/test/ssl-tests/16-dtls-certstatus.conf.in index 7280029e65f004..2d1766d5e3ceb0 100644 --- a/deps/openssl/openssl/test/ssl-tests/16-dtls-certstatus.conf.in +++ b/deps/openssl/openssl/test/ssl-tests/16-dtls-certstatus.conf.in @@ -13,7 +13,7 @@ use strict; use warnings; package ssltests; - +use OpenSSL::Test::Utils; our @tests = ( { @@ -41,5 +41,38 @@ our @tests = ( "Method" => "DTLS", "ExpectedResult" => "ClientFail" } + } +); + +our @tests_sctp = ( + { + name => "certstatus-good", + server => { + extra => { + "CertStatus" => "GoodResponse", + }, + }, + client => {}, + test => { + "Method" => "DTLS", + "UseSCTP" => "Yes", + "ExpectedResult" => "Success" + } + }, + { + name => "certstatus-bad", + server => { + extra => { + "CertStatus" => "BadResponse", + }, + }, + client => {}, + test => { + "Method" => "DTLS", + "UseSCTP" => "Yes", + "ExpectedResult" => "ClientFail" + } }, ); + +push @tests, @tests_sctp unless disabled("sctp") || disabled("sock"); diff --git a/deps/openssl/openssl/test/ssl-tests/17-renegotiate.conf b/deps/openssl/openssl/test/ssl-tests/17-renegotiate.conf index 48f569fad6da8b..12cf791310fdda 100644 --- a/deps/openssl/openssl/test/ssl-tests/17-renegotiate.conf +++ b/deps/openssl/openssl/test/ssl-tests/17-renegotiate.conf @@ -28,6 +28,7 @@ client = 0-renegotiate-client-no-resume-client [0-renegotiate-client-no-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 Options = NoResumptionOnRenegotiation PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem @@ -55,6 +56,7 @@ client = 1-renegotiate-client-resume-client [1-renegotiate-client-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [1-renegotiate-client-resume-client] @@ -81,6 +83,7 @@ client = 2-renegotiate-server-no-resume-client [2-renegotiate-server-no-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 Options = NoResumptionOnRenegotiation PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem @@ -108,6 +111,7 @@ client = 3-renegotiate-server-resume-client [3-renegotiate-server-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [3-renegotiate-server-resume-client] @@ -198,12 +202,12 @@ client = 6-renegotiate-aead-to-non-aead-client [6-renegotiate-aead-to-non-aead-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 Options = NoResumptionOnRenegotiation PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [6-renegotiate-aead-to-non-aead-client] CipherString = AES128-GCM-SHA256 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -230,12 +234,12 @@ client = 7-renegotiate-non-aead-to-aead-client [7-renegotiate-non-aead-to-aead-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 Options = NoResumptionOnRenegotiation PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [7-renegotiate-non-aead-to-aead-client] CipherString = AES128-SHA +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -262,12 +266,12 @@ client = 8-renegotiate-non-aead-to-non-aead-client [8-renegotiate-non-aead-to-non-aead-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 Options = NoResumptionOnRenegotiation PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [8-renegotiate-non-aead-to-non-aead-client] CipherString = AES128-SHA +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -294,12 +298,12 @@ client = 9-renegotiate-aead-to-aead-client [9-renegotiate-aead-to-aead-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 Options = NoResumptionOnRenegotiation PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [9-renegotiate-aead-to-aead-client] CipherString = AES128-GCM-SHA256 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer diff --git a/deps/openssl/openssl/test/ssl-tests/17-renegotiate.conf.in b/deps/openssl/openssl/test/ssl-tests/17-renegotiate.conf.in index bd656d02fd570c..35175dce5153dd 100644 --- a/deps/openssl/openssl/test/ssl-tests/17-renegotiate.conf.in +++ b/deps/openssl/openssl/test/ssl-tests/17-renegotiate.conf.in @@ -1,5 +1,5 @@ # -*- mode: perl; -*- -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -19,7 +19,8 @@ our @tests = ( { name => "renegotiate-client-no-resume", server => { - "Options" => "NoResumptionOnRenegotiation" + "Options" => "NoResumptionOnRenegotiation", + "MaxProtocol" => "TLSv1.2" }, client => {}, test => { @@ -31,7 +32,9 @@ our @tests = ( }, { name => "renegotiate-client-resume", - server => {}, + server => { + "MaxProtocol" => "TLSv1.2" + }, client => {}, test => { "Method" => "TLS", @@ -43,7 +46,8 @@ our @tests = ( { name => "renegotiate-server-no-resume", server => { - "Options" => "NoResumptionOnRenegotiation" + "Options" => "NoResumptionOnRenegotiation", + "MaxProtocol" => "TLSv1.2" }, client => {}, test => { @@ -55,7 +59,9 @@ our @tests = ( }, { name => "renegotiate-server-resume", - server => {}, + server => { + "MaxProtocol" => "TLSv1.2" + }, client => {}, test => { "Method" => "TLS", @@ -108,10 +114,10 @@ our @tests_tls1_2 = ( name => "renegotiate-aead-to-non-aead", server => { "Options" => "NoResumptionOnRenegotiation", - "MaxProtocol" => "TLSv1.2" }, client => { "CipherString" => "AES128-GCM-SHA256", + "MaxProtocol" => "TLSv1.2", extra => { "RenegotiateCiphers" => "AES128-SHA" } @@ -127,10 +133,10 @@ our @tests_tls1_2 = ( name => "renegotiate-non-aead-to-aead", server => { "Options" => "NoResumptionOnRenegotiation", - "MaxProtocol" => "TLSv1.2" }, client => { "CipherString" => "AES128-SHA", + "MaxProtocol" => "TLSv1.2", extra => { "RenegotiateCiphers" => "AES128-GCM-SHA256" } @@ -146,10 +152,10 @@ our @tests_tls1_2 = ( name => "renegotiate-non-aead-to-non-aead", server => { "Options" => "NoResumptionOnRenegotiation", - "MaxProtocol" => "TLSv1.2" }, client => { "CipherString" => "AES128-SHA", + "MaxProtocol" => "TLSv1.2", extra => { "RenegotiateCiphers" => "AES256-SHA" } @@ -165,10 +171,10 @@ our @tests_tls1_2 = ( name => "renegotiate-aead-to-aead", server => { "Options" => "NoResumptionOnRenegotiation", - "MaxProtocol" => "TLSv1.2" }, client => { "CipherString" => "AES128-GCM-SHA256", + "MaxProtocol" => "TLSv1.2", extra => { "RenegotiateCiphers" => "AES256-GCM-SHA384" } diff --git a/deps/openssl/openssl/test/ssl-tests/18-dtls-renegotiate.conf b/deps/openssl/openssl/test/ssl-tests/18-dtls-renegotiate.conf index 3d8ebd74c45513..9204dd2c5d1568 100644 --- a/deps/openssl/openssl/test/ssl-tests/18-dtls-renegotiate.conf +++ b/deps/openssl/openssl/test/ssl-tests/18-dtls-renegotiate.conf @@ -36,6 +36,7 @@ ExpectedResult = Success HandshakeMode = RenegotiateClient Method = DTLS ResumptionExpected = No +UseSCTP = No # =========================================================== @@ -62,6 +63,7 @@ ExpectedResult = Success HandshakeMode = RenegotiateClient Method = DTLS ResumptionExpected = Yes +UseSCTP = No # =========================================================== @@ -88,6 +90,7 @@ ExpectedResult = Success HandshakeMode = RenegotiateServer Method = DTLS ResumptionExpected = No +UseSCTP = No # =========================================================== @@ -118,6 +121,7 @@ ExpectedResult = Success HandshakeMode = RenegotiateServer Method = DTLS ResumptionExpected = No +UseSCTP = No # =========================================================== @@ -148,6 +152,7 @@ ExpectedResult = Success HandshakeMode = RenegotiateServer Method = DTLS ResumptionExpected = No +UseSCTP = No # =========================================================== @@ -175,6 +180,7 @@ ExpectedResult = Success HandshakeMode = RenegotiateClient Method = DTLS ResumptionExpected = No +UseSCTP = No client = 5-renegotiate-aead-to-non-aead-client-extra [5-renegotiate-aead-to-non-aead-client-extra] @@ -206,6 +212,7 @@ ExpectedResult = Success HandshakeMode = RenegotiateClient Method = DTLS ResumptionExpected = No +UseSCTP = No client = 6-renegotiate-non-aead-to-aead-client-extra [6-renegotiate-non-aead-to-aead-client-extra] @@ -237,6 +244,7 @@ ExpectedResult = Success HandshakeMode = RenegotiateClient Method = DTLS ResumptionExpected = No +UseSCTP = No client = 7-renegotiate-non-aead-to-non-aead-client-extra [7-renegotiate-non-aead-to-non-aead-client-extra] @@ -268,6 +276,7 @@ ExpectedResult = Success HandshakeMode = RenegotiateClient Method = DTLS ResumptionExpected = No +UseSCTP = No client = 8-renegotiate-aead-to-aead-client-extra [8-renegotiate-aead-to-aead-client-extra] diff --git a/deps/openssl/openssl/test/ssl-tests/18-dtls-renegotiate.conf.in b/deps/openssl/openssl/test/ssl-tests/18-dtls-renegotiate.conf.in index 7a65a85618b5a3..467d6f26c90062 100644 --- a/deps/openssl/openssl/test/ssl-tests/18-dtls-renegotiate.conf.in +++ b/deps/openssl/openssl/test/ssl-tests/18-dtls-renegotiate.conf.in @@ -15,160 +15,178 @@ use warnings; package ssltests; use OpenSSL::Test::Utils; -our @tests = ( - { - name => "renegotiate-client-no-resume", - server => { - "Options" => "NoResumptionOnRenegotiation" - }, - client => {}, - test => { - "Method" => "DTLS", - "HandshakeMode" => "RenegotiateClient", - "ResumptionExpected" => "No", - "ExpectedResult" => "Success" - } - }, - { - name => "renegotiate-client-resume", - server => {}, - client => {}, - test => { - "Method" => "DTLS", - "HandshakeMode" => "RenegotiateClient", - "ResumptionExpected" => "Yes", - "ExpectedResult" => "Success" - } - }, -# Note: Unlike the TLS tests, we will never do resumption with server -# initiated reneg. This is because an OpenSSL DTLS client will always do a full -# handshake (i.e. it doesn't supply a session id) when it receives a -# HelloRequest. This is different to the OpenSSL TLS implementation where an -# OpenSSL client will always try an abbreviated handshake (i.e. it will supply -# the session id). This goes all the way to commit 48ae85b6f when abbreviated -# handshake support was first added. Neither behaviour is wrong, but the -# discrepancy is strange. TODO: Should we harmonise the TLS and DTLS behaviour, -# and if so, what to? - { - name => "renegotiate-server-resume", - server => {}, - client => {}, - test => { - "Method" => "DTLS", - "HandshakeMode" => "RenegotiateServer", - "ResumptionExpected" => "No", - "ExpectedResult" => "Success" - } - }, - { - name => "renegotiate-client-auth-require", - server => { - "VerifyCAFile" => test_pem("root-cert.pem"), - "VerifyMode" => "Require", - }, - client => { - "Certificate" => test_pem("ee-client-chain.pem"), - "PrivateKey" => test_pem("ee-key.pem"), - }, - test => { - "Method" => "DTLS", - "HandshakeMode" => "RenegotiateServer", - "ResumptionExpected" => "No", - "ExpectedResult" => "Success" - } - }, - { - name => "renegotiate-client-auth-once", - server => { - "VerifyCAFile" => test_pem("root-cert.pem"), - "VerifyMode" => "Once", - }, - client => { - "Certificate" => test_pem("ee-client-chain.pem"), - "PrivateKey" => test_pem("ee-key.pem"), - }, - test => { - "Method" => "DTLS", - "HandshakeMode" => "RenegotiateServer", - "ResumptionExpected" => "No", - "ExpectedResult" => "Success" - } - } -); -our @tests_dtls1_2 = ( - { - name => "renegotiate-aead-to-non-aead", - server => { - "Options" => "NoResumptionOnRenegotiation" +our @tests = (); + +foreach my $sctp ("No", "Yes") +{ + next if disabled("sctp") && $sctp eq "Yes"; + + my $suffix = ($sctp eq "No") ? "" : "-sctp"; + our @tests_basic = ( + { + name => "renegotiate-client-no-resume".$suffix, + server => { + "Options" => "NoResumptionOnRenegotiation" + }, + client => {}, + test => { + "Method" => "DTLS", + "UseSCTP" => $sctp, + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } }, - client => { - "CipherString" => "AES128-GCM-SHA256", - extra => { - "RenegotiateCiphers" => "AES128-SHA" + { + name => "renegotiate-client-resume".$suffix, + server => {}, + client => {}, + test => { + "Method" => "DTLS", + "UseSCTP" => $sctp, + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "Yes", + "ExpectedResult" => "Success" } }, - test => { - "Method" => "DTLS", - "HandshakeMode" => "RenegotiateClient", - "ResumptionExpected" => "No", - "ExpectedResult" => "Success" - } - }, - { - name => "renegotiate-non-aead-to-aead", - server => { - "Options" => "NoResumptionOnRenegotiation" + # Note: Unlike the TLS tests, we will never do resumption with server + # initiated reneg. This is because an OpenSSL DTLS client will always do a full + # handshake (i.e. it doesn't supply a session id) when it receives a + # HelloRequest. This is different to the OpenSSL TLS implementation where an + # OpenSSL client will always try an abbreviated handshake (i.e. it will supply + # the session id). This goes all the way to commit 48ae85b6f when abbreviated + # handshake support was first added. Neither behaviour is wrong, but the + # discrepancy is strange. TODO: Should we harmonise the TLS and DTLS behaviour, + # and if so, what to? + { + name => "renegotiate-server-resume".$suffix, + server => {}, + client => {}, + test => { + "Method" => "DTLS", + "UseSCTP" => $sctp, + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } }, - client => { - "CipherString" => "AES128-SHA", - extra => { - "RenegotiateCiphers" => "AES128-GCM-SHA256" + { + name => "renegotiate-client-auth-require".$suffix, + server => { + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Require", + }, + client => { + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + }, + test => { + "Method" => "DTLS", + "UseSCTP" => $sctp, + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" } }, - test => { - "Method" => "DTLS", - "HandshakeMode" => "RenegotiateClient", - "ResumptionExpected" => "No", - "ExpectedResult" => "Success" + { + name => "renegotiate-client-auth-once".$suffix, + server => { + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Once", + }, + client => { + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + }, + test => { + "Method" => "DTLS", + "UseSCTP" => $sctp, + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } } - }, - { - name => "renegotiate-non-aead-to-non-aead", - server => { - "Options" => "NoResumptionOnRenegotiation" + ); + push @tests, @tests_basic; + + next if disabled("dtls1_2"); + our @tests_dtls1_2 = ( + { + name => "renegotiate-aead-to-non-aead".$suffix, + server => { + "Options" => "NoResumptionOnRenegotiation" + }, + client => { + "CipherString" => "AES128-GCM-SHA256", + extra => { + "RenegotiateCiphers" => "AES128-SHA" + } + }, + test => { + "Method" => "DTLS", + "UseSCTP" => $sctp, + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } }, - client => { - "CipherString" => "AES128-SHA", - extra => { - "RenegotiateCiphers" => "AES256-SHA" + { + name => "renegotiate-non-aead-to-aead".$suffix, + server => { + "Options" => "NoResumptionOnRenegotiation" + }, + client => { + "CipherString" => "AES128-SHA", + extra => { + "RenegotiateCiphers" => "AES128-GCM-SHA256" + } + }, + test => { + "Method" => "DTLS", + "UseSCTP" => $sctp, + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" } }, - test => { - "Method" => "DTLS", - "HandshakeMode" => "RenegotiateClient", - "ResumptionExpected" => "No", - "ExpectedResult" => "Success" - } - }, - { - name => "renegotiate-aead-to-aead", - server => { - "Options" => "NoResumptionOnRenegotiation" + { + name => "renegotiate-non-aead-to-non-aead".$suffix, + server => { + "Options" => "NoResumptionOnRenegotiation" + }, + client => { + "CipherString" => "AES128-SHA", + extra => { + "RenegotiateCiphers" => "AES256-SHA" + } + }, + test => { + "Method" => "DTLS", + "UseSCTP" => $sctp, + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } }, - client => { - "CipherString" => "AES128-GCM-SHA256", - extra => { - "RenegotiateCiphers" => "AES256-GCM-SHA384" + { + name => "renegotiate-aead-to-aead".$suffix, + server => { + "Options" => "NoResumptionOnRenegotiation" + }, + client => { + "CipherString" => "AES128-GCM-SHA256", + extra => { + "RenegotiateCiphers" => "AES256-GCM-SHA384" + } + }, + test => { + "Method" => "DTLS", + "UseSCTP" => $sctp, + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" } }, - test => { - "Method" => "DTLS", - "HandshakeMode" => "RenegotiateClient", - "ResumptionExpected" => "No", - "ExpectedResult" => "Success" - } - }, -); - - -push @tests, @tests_dtls1_2 unless disabled("dtls1_2"); + ); + push @tests, @tests_dtls1_2; +} diff --git a/deps/openssl/openssl/test/ssl-tests/19-mac-then-encrypt.conf b/deps/openssl/openssl/test/ssl-tests/19-mac-then-encrypt.conf index 40480edbf89001..0dd384ea6c90da 100644 --- a/deps/openssl/openssl/test/ssl-tests/19-mac-then-encrypt.conf +++ b/deps/openssl/openssl/test/ssl-tests/19-mac-then-encrypt.conf @@ -25,6 +25,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [0-disable-encrypt-then-mac-server-sha-client] CipherString = AES128-SHA +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -48,6 +49,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [1-disable-encrypt-then-mac-client-sha-client] CipherString = AES128-SHA +MaxProtocol = TLSv1.2 Options = -EncryptThenMac VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -73,6 +75,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [2-disable-encrypt-then-mac-both-sha-client] CipherString = AES128-SHA +MaxProtocol = TLSv1.2 Options = -EncryptThenMac VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -98,6 +101,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [3-disable-encrypt-then-mac-server-sha2-client] CipherString = AES128-SHA256 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -121,6 +125,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [4-disable-encrypt-then-mac-client-sha2-client] CipherString = AES128-SHA256 +MaxProtocol = TLSv1.2 Options = -EncryptThenMac VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -146,6 +151,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [5-disable-encrypt-then-mac-both-sha2-client] CipherString = AES128-SHA256 +MaxProtocol = TLSv1.2 Options = -EncryptThenMac VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer diff --git a/deps/openssl/openssl/test/ssl-tests/19-mac-then-encrypt.conf.in b/deps/openssl/openssl/test/ssl-tests/19-mac-then-encrypt.conf.in index 01afe251a723ec..dfe529c9cd5308 100644 --- a/deps/openssl/openssl/test/ssl-tests/19-mac-then-encrypt.conf.in +++ b/deps/openssl/openssl/test/ssl-tests/19-mac-then-encrypt.conf.in @@ -11,6 +11,8 @@ package ssltests; +use OpenSSL::Test::Utils; + our @tests = ( { name => "disable-encrypt-then-mac-server-sha", @@ -19,6 +21,7 @@ our @tests = ( }, client => { "CipherString" => "AES128-SHA", + "MaxProtocol" => "TLSv1.2" }, test => { "ExpectedResult" => "Success", @@ -31,6 +34,7 @@ our @tests = ( client => { "CipherString" => "AES128-SHA", "Options" => "-EncryptThenMac", + "MaxProtocol" => "TLSv1.2" }, test => { "ExpectedResult" => "Success", @@ -44,11 +48,15 @@ our @tests = ( client => { "CipherString" => "AES128-SHA", "Options" => "-EncryptThenMac", + "MaxProtocol" => "TLSv1.2" }, test => { "ExpectedResult" => "Success", }, }, +); + +my @tests_tls1_2 = ( { name => "disable-encrypt-then-mac-server-sha2", server => { @@ -56,6 +64,7 @@ our @tests = ( }, client => { "CipherString" => "AES128-SHA256", + "MaxProtocol" => "TLSv1.2" }, test => { "ExpectedResult" => "Success", @@ -68,6 +77,7 @@ our @tests = ( client => { "CipherString" => "AES128-SHA256", "Options" => "-EncryptThenMac", + "MaxProtocol" => "TLSv1.2" }, test => { "ExpectedResult" => "Success", @@ -81,9 +91,12 @@ our @tests = ( client => { "CipherString" => "AES128-SHA256", "Options" => "-EncryptThenMac", + "MaxProtocol" => "TLSv1.2" }, test => { "ExpectedResult" => "Success", }, }, ); + +push @tests, @tests_tls1_2 unless disabled("tls1_2"); diff --git a/deps/openssl/openssl/test/ssl-tests/20-cert-select.conf b/deps/openssl/openssl/test/ssl-tests/20-cert-select.conf new file mode 100644 index 00000000000000..ed6ac7f09c72c3 --- /dev/null +++ b/deps/openssl/openssl/test/ssl-tests/20-cert-select.conf @@ -0,0 +1,1678 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 51 + +test-0 = 0-ECDSA CipherString Selection +test-1 = 1-ECDSA CipherString Selection +test-2 = 2-ECDSA CipherString Selection +test-3 = 3-Ed25519 CipherString and Signature Algorithm Selection +test-4 = 4-Ed448 CipherString and Signature Algorithm Selection +test-5 = 5-ECDSA with brainpool +test-6 = 6-RSA CipherString Selection +test-7 = 7-RSA-PSS Certificate CipherString Selection +test-8 = 8-P-256 CipherString and Signature Algorithm Selection +test-9 = 9-Ed25519 CipherString and Curves Selection +test-10 = 10-Ed448 CipherString and Curves Selection +test-11 = 11-ECDSA CipherString Selection, no ECDSA certificate +test-12 = 12-ECDSA Signature Algorithm Selection +test-13 = 13-ECDSA Signature Algorithm Selection SHA384 +test-14 = 14-ECDSA Signature Algorithm Selection SHA1 +test-15 = 15-ECDSA Signature Algorithm Selection compressed point +test-16 = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate +test-17 = 17-RSA Signature Algorithm Selection +test-18 = 18-RSA-PSS Signature Algorithm Selection +test-19 = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection +test-20 = 20-RSA-PSS Certificate Unified Signature Algorithm Selection +test-21 = 21-Only RSA-PSS Certificate +test-22 = 22-RSA-PSS Certificate, no PSS signature algorithms +test-23 = 23-RSA key exchange with all RSA certificate types +test-24 = 24-RSA key exchange with only RSA-PSS certificate +test-25 = 25-Suite B P-256 Hash Algorithm Selection +test-26 = 26-Suite B P-384 Hash Algorithm Selection +test-27 = 27-TLS 1.2 Ed25519 Client Auth +test-28 = 28-TLS 1.2 Ed448 Client Auth +test-29 = 29-Only RSA-PSS Certificate, TLS v1.1 +test-30 = 30-TLS 1.3 ECDSA Signature Algorithm Selection +test-31 = 31-TLS 1.3 ECDSA Signature Algorithm Selection compressed point +test-32 = 32-TLS 1.3 ECDSA Signature Algorithm Selection SHA1 +test-33 = 33-TLS 1.3 ECDSA Signature Algorithm Selection with PSS +test-34 = 34-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS +test-35 = 35-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate +test-36 = 36-TLS 1.3 RSA Signature Algorithm Selection, no PSS +test-37 = 37-TLS 1.3 RSA-PSS Signature Algorithm Selection +test-38 = 38-TLS 1.3 Ed25519 Signature Algorithm Selection +test-39 = 39-TLS 1.3 Ed448 Signature Algorithm Selection +test-40 = 40-TLS 1.3 Ed25519 CipherString and Groups Selection +test-41 = 41-TLS 1.3 Ed448 CipherString and Groups Selection +test-42 = 42-TLS 1.3 RSA Client Auth Signature Algorithm Selection +test-43 = 43-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names +test-44 = 44-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection +test-45 = 45-TLS 1.3 Ed25519 Client Auth +test-46 = 46-TLS 1.3 Ed448 Client Auth +test-47 = 47-TLS 1.3 ECDSA with brainpool +test-48 = 48-TLS 1.2 DSA Certificate Test +test-49 = 49-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms +test-50 = 50-TLS 1.3 DSA Certificate Test +# =========================================================== + +[0-ECDSA CipherString Selection] +ssl_conf = 0-ECDSA CipherString Selection-ssl + +[0-ECDSA CipherString Selection-ssl] +server = 0-ECDSA CipherString Selection-server +client = 0-ECDSA CipherString Selection-client + +[0-ECDSA CipherString Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-ECDSA CipherString Selection-client] +CipherString = aECDSA +MaxProtocol = TLSv1.2 +RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +ExpectedServerCANames = empty +ExpectedServerCertType = P-256 +ExpectedServerSignType = EC + + +# =========================================================== + +[1-ECDSA CipherString Selection] +ssl_conf = 1-ECDSA CipherString Selection-ssl + +[1-ECDSA CipherString Selection-ssl] +server = 1-ECDSA CipherString Selection-server +client = 1-ECDSA CipherString Selection-client + +[1-ECDSA CipherString Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Groups = P-384 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-ECDSA CipherString Selection-client] +CipherString = aECDSA +Groups = P-256:P-384 +MaxProtocol = TLSv1.2 +RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success +ExpectedServerCANames = empty +ExpectedServerCertType = P-256 +ExpectedServerSignType = EC + + +# =========================================================== + +[2-ECDSA CipherString Selection] +ssl_conf = 2-ECDSA CipherString Selection-ssl + +[2-ECDSA CipherString Selection-ssl] +server = 2-ECDSA CipherString Selection-server +client = 2-ECDSA CipherString Selection-client + +[2-ECDSA CipherString Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Groups = P-256:P-384 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-ECDSA CipherString Selection-client] +CipherString = aECDSA +Groups = P-384 +MaxProtocol = TLSv1.2 +RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = ServerFail + + +# =========================================================== + +[3-Ed25519 CipherString and Signature Algorithm Selection] +ssl_conf = 3-Ed25519 CipherString and Signature Algorithm Selection-ssl + +[3-Ed25519 CipherString and Signature Algorithm Selection-ssl] +server = 3-Ed25519 CipherString and Signature Algorithm Selection-server +client = 3-Ed25519 CipherString and Signature Algorithm Selection-client + +[3-Ed25519 CipherString and Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-Ed25519 CipherString and Signature Algorithm Selection-client] +CipherString = aECDSA +MaxProtocol = TLSv1.2 +RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +SignatureAlgorithms = ed25519:ECDSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success +ExpectedServerCANames = empty +ExpectedServerCertType = Ed25519 +ExpectedServerSignType = Ed25519 + + +# =========================================================== + +[4-Ed448 CipherString and Signature Algorithm Selection] +ssl_conf = 4-Ed448 CipherString and Signature Algorithm Selection-ssl + +[4-Ed448 CipherString and Signature Algorithm Selection-ssl] +server = 4-Ed448 CipherString and Signature Algorithm Selection-server +client = 4-Ed448 CipherString and Signature Algorithm Selection-client + +[4-Ed448 CipherString and Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-Ed448 CipherString and Signature Algorithm Selection-client] +CipherString = aECDSA +MaxProtocol = TLSv1.2 +RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +SignatureAlgorithms = ed448:ECDSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedResult = Success +ExpectedServerCANames = empty +ExpectedServerCertType = Ed448 +ExpectedServerSignType = Ed448 + + +# =========================================================== + +[5-ECDSA with brainpool] +ssl_conf = 5-ECDSA with brainpool-ssl + +[5-ECDSA with brainpool-ssl] +server = 5-ECDSA with brainpool-server +client = 5-ECDSA with brainpool-client + +[5-ECDSA with brainpool-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem +CipherString = DEFAULT +Groups = brainpoolP256r1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem + +[5-ECDSA with brainpool-client] +CipherString = aECDSA +Groups = brainpoolP256r1 +RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = Success +ExpectedServerCANames = empty +ExpectedServerCertType = brainpoolP256r1 +ExpectedServerSignType = EC + + +# =========================================================== + +[6-RSA CipherString Selection] +ssl_conf = 6-RSA CipherString Selection-ssl + +[6-RSA CipherString Selection-ssl] +server = 6-RSA CipherString Selection-server +client = 6-RSA CipherString Selection-client + +[6-RSA CipherString Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-RSA CipherString Selection-client] +CipherString = aRSA +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedResult = Success +ExpectedServerCertType = RSA +ExpectedServerSignType = RSA-PSS + + +# =========================================================== + +[7-RSA-PSS Certificate CipherString Selection] +ssl_conf = 7-RSA-PSS Certificate CipherString Selection-ssl + +[7-RSA-PSS Certificate CipherString Selection-ssl] +server = 7-RSA-PSS Certificate CipherString Selection-server +client = 7-RSA-PSS Certificate CipherString Selection-client + +[7-RSA-PSS Certificate CipherString Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem +PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-RSA-PSS Certificate CipherString Selection-client] +CipherString = aRSA +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedResult = Success +ExpectedServerCertType = RSA-PSS +ExpectedServerSignType = RSA-PSS + + +# =========================================================== + +[8-P-256 CipherString and Signature Algorithm Selection] +ssl_conf = 8-P-256 CipherString and Signature Algorithm Selection-ssl + +[8-P-256 CipherString and Signature Algorithm Selection-ssl] +server = 8-P-256 CipherString and Signature Algorithm Selection-server +client = 8-P-256 CipherString and Signature Algorithm Selection-client + +[8-P-256 CipherString and Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-P-256 CipherString and Signature Algorithm Selection-client] +CipherString = aECDSA +MaxProtocol = TLSv1.2 +SignatureAlgorithms = ECDSA+SHA256:ed25519 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedResult = Success +ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = EC + + +# =========================================================== + +[9-Ed25519 CipherString and Curves Selection] +ssl_conf = 9-Ed25519 CipherString and Curves Selection-ssl + +[9-Ed25519 CipherString and Curves Selection-ssl] +server = 9-Ed25519 CipherString and Curves Selection-server +client = 9-Ed25519 CipherString and Curves Selection-client + +[9-Ed25519 CipherString and Curves Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-Ed25519 CipherString and Curves Selection-client] +CipherString = aECDSA +Curves = X25519 +MaxProtocol = TLSv1.2 +SignatureAlgorithms = ECDSA+SHA256:ed25519 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedResult = Success +ExpectedServerCertType = Ed25519 +ExpectedServerSignType = Ed25519 + + +# =========================================================== + +[10-Ed448 CipherString and Curves Selection] +ssl_conf = 10-Ed448 CipherString and Curves Selection-ssl + +[10-Ed448 CipherString and Curves Selection-ssl] +server = 10-Ed448 CipherString and Curves Selection-server +client = 10-Ed448 CipherString and Curves Selection-client + +[10-Ed448 CipherString and Curves Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-Ed448 CipherString and Curves Selection-client] +CipherString = aECDSA +Curves = X448 +MaxProtocol = TLSv1.2 +SignatureAlgorithms = ECDSA+SHA256:ed448 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedResult = Success +ExpectedServerCertType = Ed448 +ExpectedServerSignType = Ed448 + + +# =========================================================== + +[11-ECDSA CipherString Selection, no ECDSA certificate] +ssl_conf = 11-ECDSA CipherString Selection, no ECDSA certificate-ssl + +[11-ECDSA CipherString Selection, no ECDSA certificate-ssl] +server = 11-ECDSA CipherString Selection, no ECDSA certificate-server +client = 11-ECDSA CipherString Selection, no ECDSA certificate-client + +[11-ECDSA CipherString Selection, no ECDSA certificate-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-ECDSA CipherString Selection, no ECDSA certificate-client] +CipherString = aECDSA +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedResult = ServerFail + + +# =========================================================== + +[12-ECDSA Signature Algorithm Selection] +ssl_conf = 12-ECDSA Signature Algorithm Selection-ssl + +[12-ECDSA Signature Algorithm Selection-ssl] +server = 12-ECDSA Signature Algorithm Selection-server +client = 12-ECDSA Signature Algorithm Selection-client + +[12-ECDSA Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-ECDSA Signature Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedResult = Success +ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = EC + + +# =========================================================== + +[13-ECDSA Signature Algorithm Selection SHA384] +ssl_conf = 13-ECDSA Signature Algorithm Selection SHA384-ssl + +[13-ECDSA Signature Algorithm Selection SHA384-ssl] +server = 13-ECDSA Signature Algorithm Selection SHA384-server +client = 13-ECDSA Signature Algorithm Selection SHA384-client + +[13-ECDSA Signature Algorithm Selection SHA384-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-ECDSA Signature Algorithm Selection SHA384-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA384 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedResult = Success +ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA384 +ExpectedServerSignType = EC + + +# =========================================================== + +[14-ECDSA Signature Algorithm Selection SHA1] +ssl_conf = 14-ECDSA Signature Algorithm Selection SHA1-ssl + +[14-ECDSA Signature Algorithm Selection SHA1-ssl] +server = 14-ECDSA Signature Algorithm Selection SHA1-server +client = 14-ECDSA Signature Algorithm Selection SHA1-client + +[14-ECDSA Signature Algorithm Selection SHA1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-ECDSA Signature Algorithm Selection SHA1-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +ExpectedResult = Success +ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA1 +ExpectedServerSignType = EC + + +# =========================================================== + +[15-ECDSA Signature Algorithm Selection compressed point] +ssl_conf = 15-ECDSA Signature Algorithm Selection compressed point-ssl + +[15-ECDSA Signature Algorithm Selection compressed point-ssl] +server = 15-ECDSA Signature Algorithm Selection compressed point-server +client = 15-ECDSA Signature Algorithm Selection compressed point-client + +[15-ECDSA Signature Algorithm Selection compressed point-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-ECDSA Signature Algorithm Selection compressed point-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +ExpectedResult = Success +ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = EC + + +# =========================================================== + +[16-ECDSA Signature Algorithm Selection, no ECDSA certificate] +ssl_conf = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl + +[16-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl] +server = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate-server +client = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate-client + +[16-ECDSA Signature Algorithm Selection, no ECDSA certificate-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-ECDSA Signature Algorithm Selection, no ECDSA certificate-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-16] +ExpectedResult = ServerFail + + +# =========================================================== + +[17-RSA Signature Algorithm Selection] +ssl_conf = 17-RSA Signature Algorithm Selection-ssl + +[17-RSA Signature Algorithm Selection-ssl] +server = 17-RSA Signature Algorithm Selection-server +client = 17-RSA Signature Algorithm Selection-client + +[17-RSA Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[17-RSA Signature Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = RSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-17] +ExpectedResult = Success +ExpectedServerCertType = RSA +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = RSA + + +# =========================================================== + +[18-RSA-PSS Signature Algorithm Selection] +ssl_conf = 18-RSA-PSS Signature Algorithm Selection-ssl + +[18-RSA-PSS Signature Algorithm Selection-ssl] +server = 18-RSA-PSS Signature Algorithm Selection-server +client = 18-RSA-PSS Signature Algorithm Selection-client + +[18-RSA-PSS Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[18-RSA-PSS Signature Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = RSA-PSS+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-18] +ExpectedResult = Success +ExpectedServerCertType = RSA +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = RSA-PSS + + +# =========================================================== + +[19-RSA-PSS Certificate Legacy Signature Algorithm Selection] +ssl_conf = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl + +[19-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl] +server = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection-server +client = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection-client + +[19-RSA-PSS Certificate Legacy Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem +PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[19-RSA-PSS Certificate Legacy Signature Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = RSA-PSS+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-19] +ExpectedResult = Success +ExpectedServerCertType = RSA +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = RSA-PSS + + +# =========================================================== + +[20-RSA-PSS Certificate Unified Signature Algorithm Selection] +ssl_conf = 20-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl + +[20-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl] +server = 20-RSA-PSS Certificate Unified Signature Algorithm Selection-server +client = 20-RSA-PSS Certificate Unified Signature Algorithm Selection-client + +[20-RSA-PSS Certificate Unified Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem +PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[20-RSA-PSS Certificate Unified Signature Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = rsa_pss_pss_sha256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-20] +ExpectedResult = Success +ExpectedServerCertType = RSA-PSS +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = RSA-PSS + + +# =========================================================== + +[21-Only RSA-PSS Certificate] +ssl_conf = 21-Only RSA-PSS Certificate-ssl + +[21-Only RSA-PSS Certificate-ssl] +server = 21-Only RSA-PSS Certificate-server +client = 21-Only RSA-PSS Certificate-client + +[21-Only RSA-PSS Certificate-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem + +[21-Only RSA-PSS Certificate-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-21] +ExpectedResult = Success +ExpectedServerCertType = RSA-PSS +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = RSA-PSS + + +# =========================================================== + +[22-RSA-PSS Certificate, no PSS signature algorithms] +ssl_conf = 22-RSA-PSS Certificate, no PSS signature algorithms-ssl + +[22-RSA-PSS Certificate, no PSS signature algorithms-ssl] +server = 22-RSA-PSS Certificate, no PSS signature algorithms-server +client = 22-RSA-PSS Certificate, no PSS signature algorithms-client + +[22-RSA-PSS Certificate, no PSS signature algorithms-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem + +[22-RSA-PSS Certificate, no PSS signature algorithms-client] +CipherString = DEFAULT +SignatureAlgorithms = RSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-22] +ExpectedResult = ServerFail + + +# =========================================================== + +[23-RSA key exchange with all RSA certificate types] +ssl_conf = 23-RSA key exchange with all RSA certificate types-ssl + +[23-RSA key exchange with all RSA certificate types-ssl] +server = 23-RSA key exchange with all RSA certificate types-server +client = 23-RSA key exchange with all RSA certificate types-client + +[23-RSA key exchange with all RSA certificate types-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem +PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[23-RSA key exchange with all RSA certificate types-client] +CipherString = kRSA +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-23] +ExpectedResult = Success +ExpectedServerCertType = RSA + + +# =========================================================== + +[24-RSA key exchange with only RSA-PSS certificate] +ssl_conf = 24-RSA key exchange with only RSA-PSS certificate-ssl + +[24-RSA key exchange with only RSA-PSS certificate-ssl] +server = 24-RSA key exchange with only RSA-PSS certificate-server +client = 24-RSA key exchange with only RSA-PSS certificate-client + +[24-RSA key exchange with only RSA-PSS certificate-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem + +[24-RSA key exchange with only RSA-PSS certificate-client] +CipherString = kRSA +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-24] +ExpectedResult = ServerFail + + +# =========================================================== + +[25-Suite B P-256 Hash Algorithm Selection] +ssl_conf = 25-Suite B P-256 Hash Algorithm Selection-ssl + +[25-Suite B P-256 Hash Algorithm Selection-ssl] +server = 25-Suite B P-256 Hash Algorithm Selection-server +client = 25-Suite B P-256 Hash Algorithm Selection-client + +[25-Suite B P-256 Hash Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = SUITEB128 +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p256-server-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p256-server-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[25-Suite B P-256 Hash Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA384:ECDSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem +VerifyMode = Peer + +[test-25] +ExpectedResult = Success +ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = EC + + +# =========================================================== + +[26-Suite B P-384 Hash Algorithm Selection] +ssl_conf = 26-Suite B P-384 Hash Algorithm Selection-ssl + +[26-Suite B P-384 Hash Algorithm Selection-ssl] +server = 26-Suite B P-384 Hash Algorithm Selection-server +client = 26-Suite B P-384 Hash Algorithm Selection-client + +[26-Suite B P-384 Hash Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = SUITEB128 +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p384-server-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[26-Suite B P-384 Hash Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem +VerifyMode = Peer + +[test-26] +ExpectedResult = Success +ExpectedServerCertType = P-384 +ExpectedServerSignHash = SHA384 +ExpectedServerSignType = EC + + +# =========================================================== + +[27-TLS 1.2 Ed25519 Client Auth] +ssl_conf = 27-TLS 1.2 Ed25519 Client Auth-ssl + +[27-TLS 1.2 Ed25519 Client Auth-ssl] +server = 27-TLS 1.2 Ed25519 Client Auth-server +client = 27-TLS 1.2 Ed25519 Client Auth-client + +[27-TLS 1.2 Ed25519 Client Auth-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[27-TLS 1.2 Ed25519 Client Auth-client] +CipherString = DEFAULT +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-27] +ExpectedClientCertType = Ed25519 +ExpectedClientSignType = Ed25519 +ExpectedResult = Success + + +# =========================================================== + +[28-TLS 1.2 Ed448 Client Auth] +ssl_conf = 28-TLS 1.2 Ed448 Client Auth-ssl + +[28-TLS 1.2 Ed448 Client Auth-ssl] +server = 28-TLS 1.2 Ed448 Client Auth-server +client = 28-TLS 1.2 Ed448 Client Auth-client + +[28-TLS 1.2 Ed448 Client Auth-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[28-TLS 1.2 Ed448 Client Auth-client] +CipherString = DEFAULT +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed448-key.pem +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-28] +ExpectedClientCertType = Ed448 +ExpectedClientSignType = Ed448 +ExpectedResult = Success + + +# =========================================================== + +[29-Only RSA-PSS Certificate, TLS v1.1] +ssl_conf = 29-Only RSA-PSS Certificate, TLS v1.1-ssl + +[29-Only RSA-PSS Certificate, TLS v1.1-ssl] +server = 29-Only RSA-PSS Certificate, TLS v1.1-server +client = 29-Only RSA-PSS Certificate, TLS v1.1-client + +[29-Only RSA-PSS Certificate, TLS v1.1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem + +[29-Only RSA-PSS Certificate, TLS v1.1-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-29] +ExpectedResult = ServerFail + + +# =========================================================== + +[30-TLS 1.3 ECDSA Signature Algorithm Selection] +ssl_conf = 30-TLS 1.3 ECDSA Signature Algorithm Selection-ssl + +[30-TLS 1.3 ECDSA Signature Algorithm Selection-ssl] +server = 30-TLS 1.3 ECDSA Signature Algorithm Selection-server +client = 30-TLS 1.3 ECDSA Signature Algorithm Selection-client + +[30-TLS 1.3 ECDSA Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[30-TLS 1.3 ECDSA Signature Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-30] +ExpectedResult = Success +ExpectedServerCANames = empty +ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = EC + + +# =========================================================== + +[31-TLS 1.3 ECDSA Signature Algorithm Selection compressed point] +ssl_conf = 31-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl + +[31-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl] +server = 31-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server +client = 31-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client + +[31-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[31-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-31] +ExpectedResult = Success +ExpectedServerCANames = empty +ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = EC + + +# =========================================================== + +[32-TLS 1.3 ECDSA Signature Algorithm Selection SHA1] +ssl_conf = 32-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl + +[32-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl] +server = 32-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server +client = 32-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client + +[32-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[32-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-32] +ExpectedResult = ServerFail + + +# =========================================================== + +[33-TLS 1.3 ECDSA Signature Algorithm Selection with PSS] +ssl_conf = 33-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl + +[33-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl] +server = 33-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server +client = 33-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client + +[33-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[33-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client] +CipherString = DEFAULT +RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +SignatureAlgorithms = ECDSA+SHA256:RSA-PSS+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-33] +ExpectedResult = Success +ExpectedServerCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = EC + + +# =========================================================== + +[34-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS] +ssl_conf = 34-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl + +[34-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl] +server = 34-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server +client = 34-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client + +[34-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[34-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA384:RSA-PSS+SHA384 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-34] +ExpectedResult = Success +ExpectedServerCertType = RSA +ExpectedServerSignHash = SHA384 +ExpectedServerSignType = RSA-PSS + + +# =========================================================== + +[35-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate] +ssl_conf = 35-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl + +[35-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl] +server = 35-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server +client = 35-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client + +[35-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[35-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-35] +ExpectedResult = ServerFail + + +# =========================================================== + +[36-TLS 1.3 RSA Signature Algorithm Selection, no PSS] +ssl_conf = 36-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl + +[36-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl] +server = 36-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server +client = 36-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client + +[36-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[36-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client] +CipherString = DEFAULT +SignatureAlgorithms = RSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-36] +ExpectedResult = ServerFail + + +# =========================================================== + +[37-TLS 1.3 RSA-PSS Signature Algorithm Selection] +ssl_conf = 37-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl + +[37-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl] +server = 37-TLS 1.3 RSA-PSS Signature Algorithm Selection-server +client = 37-TLS 1.3 RSA-PSS Signature Algorithm Selection-client + +[37-TLS 1.3 RSA-PSS Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[37-TLS 1.3 RSA-PSS Signature Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = RSA-PSS+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-37] +ExpectedResult = Success +ExpectedServerCertType = RSA +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = RSA-PSS + + +# =========================================================== + +[38-TLS 1.3 Ed25519 Signature Algorithm Selection] +ssl_conf = 38-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl + +[38-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl] +server = 38-TLS 1.3 Ed25519 Signature Algorithm Selection-server +client = 38-TLS 1.3 Ed25519 Signature Algorithm Selection-client + +[38-TLS 1.3 Ed25519 Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[38-TLS 1.3 Ed25519 Signature Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = ed25519 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-38] +ExpectedResult = Success +ExpectedServerCertType = Ed25519 +ExpectedServerSignType = Ed25519 + + +# =========================================================== + +[39-TLS 1.3 Ed448 Signature Algorithm Selection] +ssl_conf = 39-TLS 1.3 Ed448 Signature Algorithm Selection-ssl + +[39-TLS 1.3 Ed448 Signature Algorithm Selection-ssl] +server = 39-TLS 1.3 Ed448 Signature Algorithm Selection-server +client = 39-TLS 1.3 Ed448 Signature Algorithm Selection-client + +[39-TLS 1.3 Ed448 Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[39-TLS 1.3 Ed448 Signature Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = ed448 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-39] +ExpectedResult = Success +ExpectedServerCertType = Ed448 +ExpectedServerSignType = Ed448 + + +# =========================================================== + +[40-TLS 1.3 Ed25519 CipherString and Groups Selection] +ssl_conf = 40-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl + +[40-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl] +server = 40-TLS 1.3 Ed25519 CipherString and Groups Selection-server +client = 40-TLS 1.3 Ed25519 CipherString and Groups Selection-client + +[40-TLS 1.3 Ed25519 CipherString and Groups Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[40-TLS 1.3 Ed25519 CipherString and Groups Selection-client] +CipherString = DEFAULT +Groups = X25519 +SignatureAlgorithms = ECDSA+SHA256:ed25519 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-40] +ExpectedResult = Success +ExpectedServerCertType = P-256 +ExpectedServerSignType = EC + + +# =========================================================== + +[41-TLS 1.3 Ed448 CipherString and Groups Selection] +ssl_conf = 41-TLS 1.3 Ed448 CipherString and Groups Selection-ssl + +[41-TLS 1.3 Ed448 CipherString and Groups Selection-ssl] +server = 41-TLS 1.3 Ed448 CipherString and Groups Selection-server +client = 41-TLS 1.3 Ed448 CipherString and Groups Selection-client + +[41-TLS 1.3 Ed448 CipherString and Groups Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[41-TLS 1.3 Ed448 CipherString and Groups Selection-client] +CipherString = DEFAULT +Groups = X448 +SignatureAlgorithms = ECDSA+SHA256:ed448 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-41] +ExpectedResult = Success +ExpectedServerCertType = P-256 +ExpectedServerSignType = EC + + +# =========================================================== + +[42-TLS 1.3 RSA Client Auth Signature Algorithm Selection] +ssl_conf = 42-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl + +[42-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl] +server = 42-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server +client = 42-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client + +[42-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientSignatureAlgorithms = PSS+SHA256 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[42-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client] +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-42] +ExpectedClientCANames = empty +ExpectedClientCertType = RSA +ExpectedClientSignHash = SHA256 +ExpectedClientSignType = RSA-PSS +ExpectedResult = Success + + +# =========================================================== + +[43-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names] +ssl_conf = 43-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl + +[43-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl] +server = 43-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server +client = 43-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client + +[43-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientSignatureAlgorithms = PSS+SHA256 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[43-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client] +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-43] +ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ExpectedClientCertType = RSA +ExpectedClientSignHash = SHA256 +ExpectedClientSignType = RSA-PSS +ExpectedResult = Success + + +# =========================================================== + +[44-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection] +ssl_conf = 44-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl + +[44-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl] +server = 44-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server +client = 44-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client + +[44-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientSignatureAlgorithms = ECDSA+SHA256 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[44-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client] +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-44] +ExpectedClientCertType = P-256 +ExpectedClientSignHash = SHA256 +ExpectedClientSignType = EC +ExpectedResult = Success + + +# =========================================================== + +[45-TLS 1.3 Ed25519 Client Auth] +ssl_conf = 45-TLS 1.3 Ed25519 Client Auth-ssl + +[45-TLS 1.3 Ed25519 Client Auth-ssl] +server = 45-TLS 1.3 Ed25519 Client Auth-server +client = 45-TLS 1.3 Ed25519 Client Auth-client + +[45-TLS 1.3 Ed25519 Client Auth-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[45-TLS 1.3 Ed25519 Client Auth-client] +CipherString = DEFAULT +EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem +EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-45] +ExpectedClientCertType = Ed25519 +ExpectedClientSignType = Ed25519 +ExpectedResult = Success + + +# =========================================================== + +[46-TLS 1.3 Ed448 Client Auth] +ssl_conf = 46-TLS 1.3 Ed448 Client Auth-ssl + +[46-TLS 1.3 Ed448 Client Auth-ssl] +server = 46-TLS 1.3 Ed448 Client Auth-server +client = 46-TLS 1.3 Ed448 Client Auth-client + +[46-TLS 1.3 Ed448 Client Auth-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[46-TLS 1.3 Ed448 Client Auth-client] +CipherString = DEFAULT +EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed448-cert.pem +EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed448-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-46] +ExpectedClientCertType = Ed448 +ExpectedClientSignType = Ed448 +ExpectedResult = Success + + +# =========================================================== + +[47-TLS 1.3 ECDSA with brainpool] +ssl_conf = 47-TLS 1.3 ECDSA with brainpool-ssl + +[47-TLS 1.3 ECDSA with brainpool-ssl] +server = 47-TLS 1.3 ECDSA with brainpool-server +client = 47-TLS 1.3 ECDSA with brainpool-client + +[47-TLS 1.3 ECDSA with brainpool-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem +CipherString = DEFAULT +Groups = brainpoolP256r1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem + +[47-TLS 1.3 ECDSA with brainpool-client] +CipherString = DEFAULT +Groups = brainpoolP256r1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-47] +ExpectedResult = ServerFail + + +# =========================================================== + +[48-TLS 1.2 DSA Certificate Test] +ssl_conf = 48-TLS 1.2 DSA Certificate Test-ssl + +[48-TLS 1.2 DSA Certificate Test-ssl] +server = 48-TLS 1.2 DSA Certificate Test-server +client = 48-TLS 1.2 DSA Certificate Test-client + +[48-TLS 1.2 DSA Certificate Test-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = ALL +DHParameters = ${ENV::TEST_CERTS_DIR}/dhp2048.pem +DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem +DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[48-TLS 1.2 DSA Certificate Test-client] +CipherString = ALL +SignatureAlgorithms = DSA+SHA256:DSA+SHA1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-48] +ExpectedResult = Success + + +# =========================================================== + +[49-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms] +ssl_conf = 49-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl + +[49-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl] +server = 49-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server +client = 49-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client + +[49-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientSignatureAlgorithms = ECDSA+SHA1:DSA+SHA256:RSA+SHA256 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[49-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-49] +ExpectedResult = ServerFail + + +# =========================================================== + +[50-TLS 1.3 DSA Certificate Test] +ssl_conf = 50-TLS 1.3 DSA Certificate Test-ssl + +[50-TLS 1.3 DSA Certificate Test-ssl] +server = 50-TLS 1.3 DSA Certificate Test-server +client = 50-TLS 1.3 DSA Certificate Test-client + +[50-TLS 1.3 DSA Certificate Test-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = ALL +DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem +DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[50-TLS 1.3 DSA Certificate Test-client] +CipherString = ALL +SignatureAlgorithms = DSA+SHA1:DSA+SHA256:ECDSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-50] +ExpectedResult = ServerFail diff --git a/deps/openssl/openssl/test/ssl-tests/20-cert-select.conf.in b/deps/openssl/openssl/test/ssl-tests/20-cert-select.conf.in new file mode 100644 index 00000000000000..bdf53c6e1ebe88 --- /dev/null +++ b/deps/openssl/openssl/test/ssl-tests/20-cert-select.conf.in @@ -0,0 +1,864 @@ +# -*- mode: perl; -*- + +## SSL test configurations + + +use strict; +use warnings; + +package ssltests; +use OpenSSL::Test::Utils; + +my $server = { + "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"), + "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"), + "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"), + "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"), + "Ed448.Certificate" => test_pem("server-ed448-cert.pem"), + "Ed448.PrivateKey" => test_pem("server-ed448-key.pem"), + "MaxProtocol" => "TLSv1.2" +}; + +my $server_pss = { + "PSS.Certificate" => test_pem("server-pss-cert.pem"), + "PSS.PrivateKey" => test_pem("server-pss-key.pem"), + "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"), + "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"), + "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"), + "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"), + "Ed448.Certificate" => test_pem("server-ed448-cert.pem"), + "Ed448.PrivateKey" => test_pem("server-ed448-key.pem"), + "MaxProtocol" => "TLSv1.2" +}; + +my $server_pss_only = { + "Certificate" => test_pem("server-pss-cert.pem"), + "PrivateKey" => test_pem("server-pss-key.pem"), +}; + +my $server_rsa_all = { + "PSS.Certificate" => test_pem("server-pss-cert.pem"), + "PSS.PrivateKey" => test_pem("server-pss-key.pem"), + "Certificate" => test_pem("servercert.pem"), + "PrivateKey" => test_pem("serverkey.pem"), +}; + +our @tests = ( + { + name => "ECDSA CipherString Selection", + server => $server, + client => { + "CipherString" => "aECDSA", + "MaxProtocol" => "TLSv1.2", + "RequestCAFile" => test_pem("root-cert.pem"), + }, + test => { + "ExpectedServerCertType" =>, "P-256", + "ExpectedServerSignType" =>, "EC", + # Note: certificate_authorities not sent for TLS < 1.3 + "ExpectedServerCANames" =>, "empty", + "ExpectedResult" => "Success" + }, + }, + { + name => "ECDSA CipherString Selection", + server => { + "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"), + "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"), + "MaxProtocol" => "TLSv1.2", + #Deliberately set supported_groups to one not in the cert. This + #should be tolerated + "Groups" => "P-384" + }, + client => { + "CipherString" => "aECDSA", + "MaxProtocol" => "TLSv1.2", + "Groups" => "P-256:P-384", + "RequestCAFile" => test_pem("root-cert.pem"), + }, + test => { + "ExpectedServerCertType" =>, "P-256", + "ExpectedServerSignType" =>, "EC", + # Note: certificate_authorities not sent for TLS < 1.3 + "ExpectedServerCANames" =>, "empty", + "ExpectedResult" => "Success" + }, + }, + { + name => "ECDSA CipherString Selection", + server => { + "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"), + "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"), + "MaxProtocol" => "TLSv1.2", + "Groups" => "P-256:P-384" + }, + client => { + "CipherString" => "aECDSA", + "MaxProtocol" => "TLSv1.2", + #Deliberately set groups to not include the certificate group. This + #should fail + "Groups" => "P-384", + "RequestCAFile" => test_pem("root-cert.pem"), + }, + test => { + "ExpectedResult" => "ServerFail" + }, + }, + { + name => "Ed25519 CipherString and Signature Algorithm Selection", + server => $server, + client => { + "CipherString" => "aECDSA", + "MaxProtocol" => "TLSv1.2", + "SignatureAlgorithms" => "ed25519:ECDSA+SHA256", + "RequestCAFile" => test_pem("root-cert.pem"), + }, + test => { + "ExpectedServerCertType" =>, "Ed25519", + "ExpectedServerSignType" =>, "Ed25519", + # Note: certificate_authorities not sent for TLS < 1.3 + "ExpectedServerCANames" =>, "empty", + "ExpectedResult" => "Success" + }, + }, + { + name => "Ed448 CipherString and Signature Algorithm Selection", + server => $server, + client => { + "CipherString" => "aECDSA", + "MaxProtocol" => "TLSv1.2", + "SignatureAlgorithms" => "ed448:ECDSA+SHA256", + "RequestCAFile" => test_pem("root-cert.pem"), + }, + test => { + "ExpectedServerCertType" =>, "Ed448", + "ExpectedServerSignType" =>, "Ed448", + # Note: certificate_authorities not sent for TLS < 1.3 + "ExpectedServerCANames" =>, "empty", + "ExpectedResult" => "Success" + }, + }, + { + name => "ECDSA with brainpool", + server => { + "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), + "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), + "Groups" => "brainpoolP256r1", + }, + client => { + #We don't restrict this to TLSv1.2, although use of brainpool + #should force this anyway so that this should succeed + "CipherString" => "aECDSA", + "RequestCAFile" => test_pem("root-cert.pem"), + "Groups" => "brainpoolP256r1", + }, + test => { + "ExpectedServerCertType" =>, "brainpoolP256r1", + "ExpectedServerSignType" =>, "EC", + # Note: certificate_authorities not sent for TLS < 1.3 + "ExpectedServerCANames" =>, "empty", + "ExpectedResult" => "Success" + }, + }, + { + name => "RSA CipherString Selection", + server => $server, + client => { + "CipherString" => "aRSA", + "MaxProtocol" => "TLSv1.2", + }, + test => { + "ExpectedServerCertType" =>, "RSA", + "ExpectedServerSignType" =>, "RSA-PSS", + "ExpectedResult" => "Success" + }, + }, + { + name => "RSA-PSS Certificate CipherString Selection", + server => $server_pss, + client => { + "CipherString" => "aRSA", + "MaxProtocol" => "TLSv1.2", + }, + test => { + "ExpectedServerCertType" =>, "RSA-PSS", + "ExpectedServerSignType" =>, "RSA-PSS", + "ExpectedResult" => "Success" + }, + }, + { + name => "P-256 CipherString and Signature Algorithm Selection", + server => $server, + client => { + "CipherString" => "aECDSA", + "MaxProtocol" => "TLSv1.2", + "SignatureAlgorithms" => "ECDSA+SHA256:ed25519", + }, + test => { + "ExpectedServerCertType" => "P-256", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "EC", + "ExpectedResult" => "Success" + }, + }, + { + name => "Ed25519 CipherString and Curves Selection", + server => $server, + client => { + "CipherString" => "aECDSA", + "MaxProtocol" => "TLSv1.2", + "SignatureAlgorithms" => "ECDSA+SHA256:ed25519", + # Excluding P-256 from the supported curves list means server + # certificate should be Ed25519 and not P-256 + "Curves" => "X25519" + }, + test => { + "ExpectedServerCertType" =>, "Ed25519", + "ExpectedServerSignType" =>, "Ed25519", + "ExpectedResult" => "Success" + }, + }, + { + name => "Ed448 CipherString and Curves Selection", + server => $server, + client => { + "CipherString" => "aECDSA", + "MaxProtocol" => "TLSv1.2", + "SignatureAlgorithms" => "ECDSA+SHA256:ed448", + # Excluding P-256 from the supported curves list means server + # certificate should be Ed25519 and not P-256 + "Curves" => "X448" + }, + test => { + "ExpectedServerCertType" =>, "Ed448", + "ExpectedServerSignType" =>, "Ed448", + "ExpectedResult" => "Success" + }, + }, + { + name => "ECDSA CipherString Selection, no ECDSA certificate", + server => { + "MaxProtocol" => "TLSv1.2" + }, + client => { + "CipherString" => "aECDSA", + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedResult" => "ServerFail" + }, + }, + { + name => "ECDSA Signature Algorithm Selection", + server => $server, + client => { + "SignatureAlgorithms" => "ECDSA+SHA256", + }, + test => { + "ExpectedServerCertType" => "P-256", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "EC", + "ExpectedResult" => "Success" + }, + }, + { + name => "ECDSA Signature Algorithm Selection SHA384", + server => $server, + client => { + "SignatureAlgorithms" => "ECDSA+SHA384", + }, + test => { + "ExpectedServerCertType" => "P-256", + "ExpectedServerSignHash" => "SHA384", + "ExpectedServerSignType" => "EC", + "ExpectedResult" => "Success" + }, + }, + { + name => "ECDSA Signature Algorithm Selection SHA1", + server => $server, + client => { + "SignatureAlgorithms" => "ECDSA+SHA1", + }, + test => { + "ExpectedServerCertType" => "P-256", + "ExpectedServerSignHash" => "SHA1", + "ExpectedServerSignType" => "EC", + "ExpectedResult" => "Success" + }, + }, + { + name => "ECDSA Signature Algorithm Selection compressed point", + server => { + "ECDSA.Certificate" => test_pem("server-cecdsa-cert.pem"), + "ECDSA.PrivateKey" => test_pem("server-cecdsa-key.pem"), + "MaxProtocol" => "TLSv1.2" + }, + client => { + "SignatureAlgorithms" => "ECDSA+SHA256", + }, + test => { + "ExpectedServerCertType" => "P-256", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "EC", + "ExpectedResult" => "Success" + }, + }, + { + name => "ECDSA Signature Algorithm Selection, no ECDSA certificate", + server => { + "MaxProtocol" => "TLSv1.2" + }, + client => { + "SignatureAlgorithms" => "ECDSA+SHA256", + }, + test => { + "ExpectedResult" => "ServerFail" + }, + }, + { + name => "RSA Signature Algorithm Selection", + server => $server, + client => { + "SignatureAlgorithms" => "RSA+SHA256", + }, + test => { + "ExpectedServerCertType" => "RSA", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "RSA", + "ExpectedResult" => "Success" + }, + }, + { + name => "RSA-PSS Signature Algorithm Selection", + server => $server, + client => { + "SignatureAlgorithms" => "RSA-PSS+SHA256", + }, + test => { + "ExpectedServerCertType" => "RSA", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "RSA-PSS", + "ExpectedResult" => "Success" + }, + }, + { + name => "RSA-PSS Certificate Legacy Signature Algorithm Selection", + server => $server_pss, + client => { + "SignatureAlgorithms" => "RSA-PSS+SHA256", + }, + test => { + "ExpectedServerCertType" => "RSA", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "RSA-PSS", + "ExpectedResult" => "Success" + }, + }, + { + name => "RSA-PSS Certificate Unified Signature Algorithm Selection", + server => $server_pss, + client => { + "SignatureAlgorithms" => "rsa_pss_pss_sha256", + }, + test => { + "ExpectedServerCertType" => "RSA-PSS", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "RSA-PSS", + "ExpectedResult" => "Success" + }, + }, + { + name => "Only RSA-PSS Certificate", + server => $server_pss_only, + client => {}, + test => { + "ExpectedServerCertType" => "RSA-PSS", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "RSA-PSS", + "ExpectedResult" => "Success" + }, + }, + { + name => "RSA-PSS Certificate, no PSS signature algorithms", + server => $server_pss_only, + client => { + "SignatureAlgorithms" => "RSA+SHA256", + }, + test => { + "ExpectedResult" => "ServerFail" + }, + }, + { + name => "RSA key exchange with all RSA certificate types", + server => $server_rsa_all, + client => { + "CipherString" => "kRSA", + "MaxProtocol" => "TLSv1.2", + }, + test => { + "ExpectedServerCertType" =>, "RSA", + "ExpectedResult" => "Success" + }, + }, + { + name => "RSA key exchange with only RSA-PSS certificate", + server => $server_pss_only, + client => { + "CipherString" => "kRSA", + "MaxProtocol" => "TLSv1.2", + }, + test => { + "ExpectedResult" => "ServerFail" + }, + }, + { + name => "Suite B P-256 Hash Algorithm Selection", + server => { + "ECDSA.Certificate" => test_pem("p256-server-cert.pem"), + "ECDSA.PrivateKey" => test_pem("p256-server-key.pem"), + "MaxProtocol" => "TLSv1.2", + "CipherString" => "SUITEB128" + }, + client => { + "VerifyCAFile" => test_pem("p384-root.pem"), + "SignatureAlgorithms" => "ECDSA+SHA384:ECDSA+SHA256" + }, + test => { + "ExpectedServerCertType" => "P-256", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "EC", + "ExpectedResult" => "Success" + }, + }, + { + name => "Suite B P-384 Hash Algorithm Selection", + server => { + "ECDSA.Certificate" => test_pem("p384-server-cert.pem"), + "ECDSA.PrivateKey" => test_pem("p384-server-key.pem"), + "MaxProtocol" => "TLSv1.2", + "CipherString" => "SUITEB128" + }, + client => { + "VerifyCAFile" => test_pem("p384-root.pem"), + "SignatureAlgorithms" => "ECDSA+SHA256:ECDSA+SHA384" + }, + test => { + "ExpectedServerCertType" => "P-384", + "ExpectedServerSignHash" => "SHA384", + "ExpectedServerSignType" => "EC", + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.2 Ed25519 Client Auth", + server => { + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Require" + }, + client => { + "Ed25519.Certificate" => test_pem("client-ed25519-cert.pem"), + "Ed25519.PrivateKey" => test_pem("client-ed25519-key.pem"), + "MinProtocol" => "TLSv1.2", + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedClientCertType" => "Ed25519", + "ExpectedClientSignType" => "Ed25519", + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.2 Ed448 Client Auth", + server => { + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Require" + }, + client => { + "Ed448.Certificate" => test_pem("client-ed448-cert.pem"), + "Ed448.PrivateKey" => test_pem("client-ed448-key.pem"), + "MinProtocol" => "TLSv1.2", + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedClientCertType" => "Ed448", + "ExpectedClientSignType" => "Ed448", + "ExpectedResult" => "Success" + }, + }, +); + +my @tests_tls_1_1 = ( + { + name => "Only RSA-PSS Certificate, TLS v1.1", + server => $server_pss_only, + client => { + "MaxProtocol" => "TLSv1.1", + }, + test => { + "ExpectedResult" => "ServerFail" + }, + }, +); + +push @tests, @tests_tls_1_1 unless disabled("tls1_1"); + +my $server_tls_1_3 = { + "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"), + "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"), + "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"), + "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"), + "Ed448.Certificate" => test_pem("server-ed448-cert.pem"), + "Ed448.PrivateKey" => test_pem("server-ed448-key.pem"), + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3" +}; + +my $server_tls_1_3_pss = { + "PSS.Certificate" => test_pem("server-pss-cert.pem"), + "PSS.PrivateKey" => test_pem("server-pss-key.pem"), + "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"), + "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"), + "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"), + "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"), + "Ed448.Certificate" => test_pem("server-ed448-cert.pem"), + "Ed448.PrivateKey" => test_pem("server-ed449-key.pem"), + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3" +}; + +my $client_tls_1_3 = { + "RSA.Certificate" => test_pem("ee-client-chain.pem"), + "RSA.PrivateKey" => test_pem("ee-key.pem"), + "ECDSA.Certificate" => test_pem("ee-ecdsa-client-chain.pem"), + "ECDSA.PrivateKey" => test_pem("ee-ecdsa-key.pem"), + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3" +}; + +my @tests_tls_1_3 = ( + { + name => "TLS 1.3 ECDSA Signature Algorithm Selection", + server => $server_tls_1_3, + client => { + "SignatureAlgorithms" => "ECDSA+SHA256", + }, + test => { + "ExpectedServerCertType" => "P-256", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "EC", + "ExpectedServerCANames" => "empty", + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.3 ECDSA Signature Algorithm Selection compressed point", + server => { + "ECDSA.Certificate" => test_pem("server-cecdsa-cert.pem"), + "ECDSA.PrivateKey" => test_pem("server-cecdsa-key.pem"), + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3" + }, + client => { + "SignatureAlgorithms" => "ECDSA+SHA256", + }, + test => { + "ExpectedServerCertType" => "P-256", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "EC", + "ExpectedServerCANames" => "empty", + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.3 ECDSA Signature Algorithm Selection SHA1", + server => $server_tls_1_3, + client => { + "SignatureAlgorithms" => "ECDSA+SHA1", + }, + test => { + "ExpectedResult" => "ServerFail" + }, + }, + { + name => "TLS 1.3 ECDSA Signature Algorithm Selection with PSS", + server => $server_tls_1_3, + client => { + "SignatureAlgorithms" => "ECDSA+SHA256:RSA-PSS+SHA256", + "RequestCAFile" => test_pem("root-cert.pem"), + }, + test => { + "ExpectedServerCertType" => "P-256", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "EC", + "ExpectedServerCANames" => test_pem("root-cert.pem"), + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS", + server => $server_tls_1_3, + client => { + "SignatureAlgorithms" => "ECDSA+SHA384:RSA-PSS+SHA384", + }, + test => { + "ExpectedServerCertType" => "RSA", + "ExpectedServerSignHash" => "SHA384", + "ExpectedServerSignType" => "RSA-PSS", + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3" + }, + client => { + "SignatureAlgorithms" => "ECDSA+SHA256", + }, + test => { + "ExpectedResult" => "ServerFail" + }, + }, + { + name => "TLS 1.3 RSA Signature Algorithm Selection, no PSS", + server => $server_tls_1_3, + client => { + "SignatureAlgorithms" => "RSA+SHA256", + }, + test => { + "ExpectedResult" => "ServerFail" + }, + }, + { + name => "TLS 1.3 RSA-PSS Signature Algorithm Selection", + server => $server_tls_1_3, + client => { + "SignatureAlgorithms" => "RSA-PSS+SHA256", + }, + test => { + "ExpectedServerCertType" => "RSA", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "RSA-PSS", + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.3 Ed25519 Signature Algorithm Selection", + server => $server_tls_1_3, + client => { + "SignatureAlgorithms" => "ed25519", + }, + test => { + "ExpectedServerCertType" => "Ed25519", + "ExpectedServerSignType" => "Ed25519", + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.3 Ed448 Signature Algorithm Selection", + server => $server_tls_1_3, + client => { + "SignatureAlgorithms" => "ed448", + }, + test => { + "ExpectedServerCertType" => "Ed448", + "ExpectedServerSignType" => "Ed448", + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.3 Ed25519 CipherString and Groups Selection", + server => $server_tls_1_3, + client => { + "SignatureAlgorithms" => "ECDSA+SHA256:ed25519", + # Excluding P-256 from the supported groups list should + # mean server still uses a P-256 certificate because supported + # groups is not used in signature selection for TLS 1.3 + "Groups" => "X25519" + }, + test => { + "ExpectedServerCertType" =>, "P-256", + "ExpectedServerSignType" =>, "EC", + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.3 Ed448 CipherString and Groups Selection", + server => $server_tls_1_3, + client => { + "SignatureAlgorithms" => "ECDSA+SHA256:ed448", + # Excluding P-256 from the supported groups list should + # mean server still uses a P-256 certificate because supported + # groups is not used in signature selection for TLS 1.3 + "Groups" => "X448" + }, + test => { + "ExpectedServerCertType" =>, "P-256", + "ExpectedServerSignType" =>, "EC", + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection", + server => { + "ClientSignatureAlgorithms" => "PSS+SHA256", + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Require" + }, + client => $client_tls_1_3, + test => { + "ExpectedClientCertType" => "RSA", + "ExpectedClientSignHash" => "SHA256", + "ExpectedClientSignType" => "RSA-PSS", + "ExpectedClientCANames" => "empty", + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names", + server => { + "ClientSignatureAlgorithms" => "PSS+SHA256", + "VerifyCAFile" => test_pem("root-cert.pem"), + "RequestCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Require" + }, + client => $client_tls_1_3, + test => { + "ExpectedClientCertType" => "RSA", + "ExpectedClientSignHash" => "SHA256", + "ExpectedClientSignType" => "RSA-PSS", + "ExpectedClientCANames" => test_pem("root-cert.pem"), + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.3 ECDSA Client Auth Signature Algorithm Selection", + server => { + "ClientSignatureAlgorithms" => "ECDSA+SHA256", + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Require" + }, + client => $client_tls_1_3, + test => { + "ExpectedClientCertType" => "P-256", + "ExpectedClientSignHash" => "SHA256", + "ExpectedClientSignType" => "EC", + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.3 Ed25519 Client Auth", + server => { + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Require" + }, + client => { + "EdDSA.Certificate" => test_pem("client-ed25519-cert.pem"), + "EdDSA.PrivateKey" => test_pem("client-ed25519-key.pem"), + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3" + }, + test => { + "ExpectedClientCertType" => "Ed25519", + "ExpectedClientSignType" => "Ed25519", + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.3 Ed448 Client Auth", + server => { + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Require" + }, + client => { + "EdDSA.Certificate" => test_pem("client-ed448-cert.pem"), + "EdDSA.PrivateKey" => test_pem("client-ed448-key.pem"), + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3" + }, + test => { + "ExpectedClientCertType" => "Ed448", + "ExpectedClientSignType" => "Ed448", + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.3 ECDSA with brainpool", + server => { + "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), + "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), + "Groups" => "brainpoolP256r1", + }, + client => { + "RequestCAFile" => test_pem("root-cert.pem"), + "Groups" => "brainpoolP256r1", + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3" + }, + test => { + "ExpectedResult" => "ServerFail" + }, + }, +); + +push @tests, @tests_tls_1_3 unless disabled("tls1_3"); + +my @tests_dsa_tls_1_2 = ( + { + name => "TLS 1.2 DSA Certificate Test", + server => { + "DSA.Certificate" => test_pem("server-dsa-cert.pem"), + "DSA.PrivateKey" => test_pem("server-dsa-key.pem"), + "DHParameters" => test_pem("dhp2048.pem"), + "MinProtocol" => "TLSv1.2", + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ALL", + }, + client => { + "SignatureAlgorithms" => "DSA+SHA256:DSA+SHA1", + "CipherString" => "ALL", + }, + test => { + "ExpectedResult" => "Success" + }, + }, +); + +my @tests_dsa_tls_1_3 = ( + { + name => "TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms", + server => { + "ClientSignatureAlgorithms" => "ECDSA+SHA1:DSA+SHA256:RSA+SHA256", + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Request" + }, + client => {}, + test => { + "ExpectedResult" => "ServerFail" + }, + }, + { + name => "TLS 1.3 DSA Certificate Test", + server => { + "DSA.Certificate" => test_pem("server-dsa-cert.pem"), + "DSA.PrivateKey" => test_pem("server-dsa-key.pem"), + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "CipherString" => "ALL", + }, + client => { + "SignatureAlgorithms" => "DSA+SHA1:DSA+SHA256:ECDSA+SHA256", + "CipherString" => "ALL", + }, + test => { + "ExpectedResult" => "ServerFail" + }, + }, +); + +if (!disabled("dsa")) { + push @tests, @tests_dsa_tls_1_2 unless disabled("dh"); + push @tests, @tests_dsa_tls_1_3 unless disabled("tls1_3"); +} diff --git a/deps/openssl/openssl/test/ssl-tests/21-key-update.conf b/deps/openssl/openssl/test/ssl-tests/21-key-update.conf new file mode 100644 index 00000000000000..682347e34348c4 --- /dev/null +++ b/deps/openssl/openssl/test/ssl-tests/21-key-update.conf @@ -0,0 +1,110 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 4 + +test-0 = 0-update-key-client-update-not-requested +test-1 = 1-update-key-server-update-not-requested +test-2 = 2-update-key-client-update-requested +test-3 = 3-update-key-server-update-requested +# =========================================================== + +[0-update-key-client-update-not-requested] +ssl_conf = 0-update-key-client-update-not-requested-ssl + +[0-update-key-client-update-not-requested-ssl] +server = 0-update-key-client-update-not-requested-server +client = 0-update-key-client-update-not-requested-client + +[0-update-key-client-update-not-requested-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-update-key-client-update-not-requested-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +HandshakeMode = KeyUpdateClient +KeyUpdateType = KeyUpdateNotRequested +ResumptionExpected = No + + +# =========================================================== + +[1-update-key-server-update-not-requested] +ssl_conf = 1-update-key-server-update-not-requested-ssl + +[1-update-key-server-update-not-requested-ssl] +server = 1-update-key-server-update-not-requested-server +client = 1-update-key-server-update-not-requested-client + +[1-update-key-server-update-not-requested-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-update-key-server-update-not-requested-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success +HandshakeMode = KeyUpdateServer +KeyUpdateType = KeyUpdateNotRequested +ResumptionExpected = No + + +# =========================================================== + +[2-update-key-client-update-requested] +ssl_conf = 2-update-key-client-update-requested-ssl + +[2-update-key-client-update-requested-ssl] +server = 2-update-key-client-update-requested-server +client = 2-update-key-client-update-requested-client + +[2-update-key-client-update-requested-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-update-key-client-update-requested-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = Success +HandshakeMode = KeyUpdateClient +KeyUpdateType = KeyUpdateRequested +ResumptionExpected = No + + +# =========================================================== + +[3-update-key-server-update-requested] +ssl_conf = 3-update-key-server-update-requested-ssl + +[3-update-key-server-update-requested-ssl] +server = 3-update-key-server-update-requested-server +client = 3-update-key-server-update-requested-client + +[3-update-key-server-update-requested-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-update-key-server-update-requested-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success +HandshakeMode = KeyUpdateServer +KeyUpdateType = KeyUpdateRequested +ResumptionExpected = No diff --git a/deps/openssl/openssl/test/ssl-tests/21-key-update.conf.in b/deps/openssl/openssl/test/ssl-tests/21-key-update.conf.in new file mode 100644 index 00000000000000..4bebb487d6d093 --- /dev/null +++ b/deps/openssl/openssl/test/ssl-tests/21-key-update.conf.in @@ -0,0 +1,62 @@ +# -*- mode: perl; -*- +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test KeyUpdate + +use strict; +use warnings; + +package ssltests; + +our @tests = ( + { + name => "update-key-client-update-not-requested", + server => {}, + client => {}, + test => { + "HandshakeMode" => "KeyUpdateClient", + "KeyUpdateType" => "KeyUpdateNotRequested", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "update-key-server-update-not-requested", + server => {}, + client => {}, + test => { + "HandshakeMode" => "KeyUpdateServer", + "KeyUpdateType" => "KeyUpdateNotRequested", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "update-key-client-update-requested", + server => {}, + client => {}, + test => { + "HandshakeMode" => "KeyUpdateClient", + "KeyUpdateType" => "KeyUpdateRequested", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "update-key-server-update-requested", + server => {}, + client => {}, + test => { + "HandshakeMode" => "KeyUpdateServer", + "KeyUpdateType" => "KeyUpdateRequested", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + } +); diff --git a/deps/openssl/openssl/test/ssl-tests/22-compression.conf b/deps/openssl/openssl/test/ssl-tests/22-compression.conf new file mode 100644 index 00000000000000..7fd7eef131cdc3 --- /dev/null +++ b/deps/openssl/openssl/test/ssl-tests/22-compression.conf @@ -0,0 +1,214 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 8 + +test-0 = 0-tlsv1_3-both-compress +test-1 = 1-tlsv1_3-client-compress +test-2 = 2-tlsv1_3-server-compress +test-3 = 3-tlsv1_3-neither-compress +test-4 = 4-tlsv1_2-both-compress +test-5 = 5-tlsv1_2-client-compress +test-6 = 6-tlsv1_2-server-compress +test-7 = 7-tlsv1_2-neither-compress +# =========================================================== + +[0-tlsv1_3-both-compress] +ssl_conf = 0-tlsv1_3-both-compress-ssl + +[0-tlsv1_3-both-compress-ssl] +server = 0-tlsv1_3-both-compress-server +client = 0-tlsv1_3-both-compress-client + +[0-tlsv1_3-both-compress-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = Compression +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-tlsv1_3-both-compress-client] +CipherString = DEFAULT +Options = Compression +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +CompressionExpected = No +ExpectedResult = Success + + +# =========================================================== + +[1-tlsv1_3-client-compress] +ssl_conf = 1-tlsv1_3-client-compress-ssl + +[1-tlsv1_3-client-compress-ssl] +server = 1-tlsv1_3-client-compress-server +client = 1-tlsv1_3-client-compress-client + +[1-tlsv1_3-client-compress-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-tlsv1_3-client-compress-client] +CipherString = DEFAULT +Options = Compression +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +CompressionExpected = No +ExpectedResult = Success + + +# =========================================================== + +[2-tlsv1_3-server-compress] +ssl_conf = 2-tlsv1_3-server-compress-ssl + +[2-tlsv1_3-server-compress-ssl] +server = 2-tlsv1_3-server-compress-server +client = 2-tlsv1_3-server-compress-client + +[2-tlsv1_3-server-compress-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = Compression +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-tlsv1_3-server-compress-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +CompressionExpected = No +ExpectedResult = Success + + +# =========================================================== + +[3-tlsv1_3-neither-compress] +ssl_conf = 3-tlsv1_3-neither-compress-ssl + +[3-tlsv1_3-neither-compress-ssl] +server = 3-tlsv1_3-neither-compress-server +client = 3-tlsv1_3-neither-compress-client + +[3-tlsv1_3-neither-compress-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-tlsv1_3-neither-compress-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +CompressionExpected = No +ExpectedResult = Success + + +# =========================================================== + +[4-tlsv1_2-both-compress] +ssl_conf = 4-tlsv1_2-both-compress-ssl + +[4-tlsv1_2-both-compress-ssl] +server = 4-tlsv1_2-both-compress-server +client = 4-tlsv1_2-both-compress-client + +[4-tlsv1_2-both-compress-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = Compression +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-tlsv1_2-both-compress-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = Compression +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +CompressionExpected = Yes +ExpectedResult = Success + + +# =========================================================== + +[5-tlsv1_2-client-compress] +ssl_conf = 5-tlsv1_2-client-compress-ssl + +[5-tlsv1_2-client-compress-ssl] +server = 5-tlsv1_2-client-compress-server +client = 5-tlsv1_2-client-compress-client + +[5-tlsv1_2-client-compress-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-tlsv1_2-client-compress-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = Compression +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +CompressionExpected = No +ExpectedResult = Success + + +# =========================================================== + +[6-tlsv1_2-server-compress] +ssl_conf = 6-tlsv1_2-server-compress-ssl + +[6-tlsv1_2-server-compress-ssl] +server = 6-tlsv1_2-server-compress-server +client = 6-tlsv1_2-server-compress-client + +[6-tlsv1_2-server-compress-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = Compression +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-tlsv1_2-server-compress-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +CompressionExpected = No +ExpectedResult = Success + + +# =========================================================== + +[7-tlsv1_2-neither-compress] +ssl_conf = 7-tlsv1_2-neither-compress-ssl + +[7-tlsv1_2-neither-compress-ssl] +server = 7-tlsv1_2-neither-compress-server +client = 7-tlsv1_2-neither-compress-client + +[7-tlsv1_2-neither-compress-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-tlsv1_2-neither-compress-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +CompressionExpected = No +ExpectedResult = Success diff --git a/deps/openssl/openssl/test/ssl-tests/22-compression.conf.in b/deps/openssl/openssl/test/ssl-tests/22-compression.conf.in new file mode 100644 index 00000000000000..8d4d823345f47e --- /dev/null +++ b/deps/openssl/openssl/test/ssl-tests/22-compression.conf.in @@ -0,0 +1,127 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test Compression + +use strict; +use warnings; + +package ssltests; +use OpenSSL::Test::Utils; + +our @tests = (); + +our @tests_tls1_3 = ( + { + name => "tlsv1_3-both-compress", + server => { + "Options" => "Compression" + }, + client => { + "Options" => "Compression" + }, + test => { + "CompressionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "tlsv1_3-client-compress", + server => { + }, + client => { + "Options" => "Compression" + }, + test => { + "CompressionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "tlsv1_3-server-compress", + server => { + "Options" => "Compression" + }, + client => { + }, + test => { + "CompressionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "tlsv1_3-neither-compress", + server => { + }, + client => { + }, + test => { + "CompressionExpected" => "No", + "ExpectedResult" => "Success" + } + }, +); +our @tests_tls1_2 = ( + { + name => "tlsv1_2-both-compress", + server => { + "Options" => "Compression" + }, + client => { + "Options" => "Compression", + "MaxProtocol" => "TLSv1.2" + }, + test => { + "CompressionExpected" => "Yes", + "ExpectedResult" => "Success" + } + }, + { + name => "tlsv1_2-client-compress", + server => { + }, + client => { + "Options" => "Compression", + "MaxProtocol" => "TLSv1.2" + }, + test => { + "CompressionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "tlsv1_2-server-compress", + server => { + "Options" => "Compression" + }, + client => { + "MaxProtocol" => "TLSv1.2" + }, + test => { + "CompressionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "tlsv1_2-neither-compress", + server => { + }, + client => { + "MaxProtocol" => "TLSv1.2" + }, + test => { + "CompressionExpected" => "No", + "ExpectedResult" => "Success" + } + }, +); + +push @tests, @tests_tls1_3 unless disabled("tls1_3"); +push @tests, @tests_tls1_2 unless alldisabled(("tls1_2", "tls1_1", "tls1", + "ssl3")); diff --git a/deps/openssl/openssl/test/ssl-tests/23-srp.conf b/deps/openssl/openssl/test/ssl-tests/23-srp.conf new file mode 100644 index 00000000000000..4e58f8d237c29f --- /dev/null +++ b/deps/openssl/openssl/test/ssl-tests/23-srp.conf @@ -0,0 +1,146 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 4 + +test-0 = 0-srp +test-1 = 1-srp-bad-password +test-2 = 2-srp-auth +test-3 = 3-srp-auth-bad-password +# =========================================================== + +[0-srp] +ssl_conf = 0-srp-ssl + +[0-srp-ssl] +server = 0-srp-server +client = 0-srp-client + +[0-srp-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = SRP +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-srp-client] +CipherString = SRP +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +server = 0-srp-server-extra +client = 0-srp-client-extra + +[0-srp-server-extra] +SRPPassword = password +SRPUser = user + +[0-srp-client-extra] +SRPPassword = password +SRPUser = user + + +# =========================================================== + +[1-srp-bad-password] +ssl_conf = 1-srp-bad-password-ssl + +[1-srp-bad-password-ssl] +server = 1-srp-bad-password-server +client = 1-srp-bad-password-client + +[1-srp-bad-password-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = SRP +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-srp-bad-password-client] +CipherString = SRP +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = ServerFail +server = 1-srp-bad-password-server-extra +client = 1-srp-bad-password-client-extra + +[1-srp-bad-password-server-extra] +SRPPassword = password +SRPUser = user + +[1-srp-bad-password-client-extra] +SRPPassword = passw0rd +SRPUser = user + + +# =========================================================== + +[2-srp-auth] +ssl_conf = 2-srp-auth-ssl + +[2-srp-auth-ssl] +server = 2-srp-auth-server +client = 2-srp-auth-client + +[2-srp-auth-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = aSRP +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-srp-auth-client] +CipherString = aSRP +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = Success +server = 2-srp-auth-server-extra +client = 2-srp-auth-client-extra + +[2-srp-auth-server-extra] +SRPPassword = password +SRPUser = user + +[2-srp-auth-client-extra] +SRPPassword = password +SRPUser = user + + +# =========================================================== + +[3-srp-auth-bad-password] +ssl_conf = 3-srp-auth-bad-password-ssl + +[3-srp-auth-bad-password-ssl] +server = 3-srp-auth-bad-password-server +client = 3-srp-auth-bad-password-client + +[3-srp-auth-bad-password-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = aSRP +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-srp-auth-bad-password-client] +CipherString = aSRP +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = ServerFail +server = 3-srp-auth-bad-password-server-extra +client = 3-srp-auth-bad-password-client-extra + +[3-srp-auth-bad-password-server-extra] +SRPPassword = password +SRPUser = user + +[3-srp-auth-bad-password-client-extra] +SRPPassword = passw0rd +SRPUser = user diff --git a/deps/openssl/openssl/test/ssl-tests/23-srp.conf.in b/deps/openssl/openssl/test/ssl-tests/23-srp.conf.in new file mode 100644 index 00000000000000..dcbd9f4ff91ddd --- /dev/null +++ b/deps/openssl/openssl/test/ssl-tests/23-srp.conf.in @@ -0,0 +1,107 @@ +# -*- mode: perl; -*- +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use warnings; + +package ssltests; + +# SRP is only supported up to TLSv1.2 + +our @tests = ( + { + name => "srp", + server => { + "CipherString" => "SRP", + "MaxProtocol" => "TLSv1.2", + extra => { + "SRPUser" => "user", + "SRPPassword" => "password", + }, + }, + client => { + "CipherString" => "SRP", + "MaxProtocol" => "TLSv1.2", + extra => { + "SRPUser" => "user", + "SRPPassword" => "password", + }, + }, + test => { + "ExpectedResult" => "Success" + }, + }, + { + name => "srp-bad-password", + server => { + "CipherString" => "SRP", + "MaxProtocol" => "TLSv1.2", + extra => { + "SRPUser" => "user", + "SRPPassword" => "password", + }, + }, + client => { + "CipherString" => "SRP", + "MaxProtocol" => "TLSv1.2", + extra => { + "SRPUser" => "user", + "SRPPassword" => "passw0rd", + }, + }, + test => { + # Server fails first with bad client Finished. + "ExpectedResult" => "ServerFail" + }, + }, + { + name => "srp-auth", + server => { + "CipherString" => "aSRP", + "MaxProtocol" => "TLSv1.2", + extra => { + "SRPUser" => "user", + "SRPPassword" => "password", + }, + }, + client => { + "CipherString" => "aSRP", + "MaxProtocol" => "TLSv1.2", + extra => { + "SRPUser" => "user", + "SRPPassword" => "password", + }, + }, + test => { + "ExpectedResult" => "Success" + }, + }, + { + name => "srp-auth-bad-password", + server => { + "CipherString" => "aSRP", + "MaxProtocol" => "TLSv1.2", + extra => { + "SRPUser" => "user", + "SRPPassword" => "password", + }, + }, + client => { + "CipherString" => "aSRP", + "MaxProtocol" => "TLSv1.2", + extra => { + "SRPUser" => "user", + "SRPPassword" => "passw0rd", + }, + }, + test => { + # Server fails first with bad client Finished. + "ExpectedResult" => "ServerFail" + }, + }, +); diff --git a/deps/openssl/openssl/test/ssl-tests/24-padding.conf b/deps/openssl/openssl/test/ssl-tests/24-padding.conf new file mode 100644 index 00000000000000..8d251ab33d6375 --- /dev/null +++ b/deps/openssl/openssl/test/ssl-tests/24-padding.conf @@ -0,0 +1,32 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 1 + +test-0 = 0-default +# =========================================================== + +[0-default] +ssl_conf = 0-default-ssl + +[0-default-ssl] +server = 0-default-server +client = 0-default-client + +[0-default-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +RecordPadding = 64 + +[0-default-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +RecordPadding = 11 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success diff --git a/deps/openssl/openssl/test/ssl-tests/24-padding.conf.in b/deps/openssl/openssl/test/ssl-tests/24-padding.conf.in new file mode 100644 index 00000000000000..7bf256c8db7399 --- /dev/null +++ b/deps/openssl/openssl/test/ssl-tests/24-padding.conf.in @@ -0,0 +1,25 @@ +# -*- mode: perl; -*- +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## SSL test configurations + +package ssltests; + +our @tests = ( + { + name => "default", + server => { "RecordPadding" => 64, + "MaxProtocol" => "TLSv1.3", + "MinProtocol" => "TLSv1.3" }, + client => { "RecordPadding" => 11, + "MaxProtocol" => "TLSv1.3", + "MinProtocol" => "TLSv1.3" }, + test => { "ExpectedResult" => "Success" }, + }, +); diff --git a/deps/openssl/openssl/test/ssl-tests/25-cipher.conf b/deps/openssl/openssl/test/ssl-tests/25-cipher.conf new file mode 100644 index 00000000000000..61d3e7f8fab0d7 --- /dev/null +++ b/deps/openssl/openssl/test/ssl-tests/25-cipher.conf @@ -0,0 +1,242 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 9 + +test-0 = 0-cipher-server-1 +test-1 = 1-cipher-server-2 +test-2 = 2-cipher-server-client-list +test-3 = 3-cipher-server-pref-1 +test-4 = 4-cipher-server-pref-2 +test-5 = 5-cipher-server-pref-client-list +test-6 = 6-cipher-server-pref-not-mobile +test-7 = 7-cipher-server-pref-mobile +test-8 = 8-cipher-server-pref-mobile2 +# =========================================================== + +[0-cipher-server-1] +ssl_conf = 0-cipher-server-1-ssl + +[0-cipher-server-1-ssl] +server = 0-cipher-server-1-server +client = 0-cipher-server-1-client + +[0-cipher-server-1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-cipher-server-1-client] +CipherString = ECDHE-RSA-AES256-SHA384 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedCipher = ECDHE-RSA-AES256-SHA384 + + +# =========================================================== + +[1-cipher-server-2] +ssl_conf = 1-cipher-server-2-ssl + +[1-cipher-server-2-ssl] +server = 1-cipher-server-2-server +client = 1-cipher-server-2-client + +[1-cipher-server-2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-cipher-server-2-client] +CipherString = ECDHE-RSA-AES128-SHA256 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedCipher = ECDHE-RSA-AES128-SHA256 + + +# =========================================================== + +[2-cipher-server-client-list] +ssl_conf = 2-cipher-server-client-list-ssl + +[2-cipher-server-client-list-ssl] +server = 2-cipher-server-client-list-server +client = 2-cipher-server-client-list-client + +[2-cipher-server-client-list-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-cipher-server-client-list-client] +CipherString = ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedCipher = ECDHE-RSA-AES128-SHA256 + + +# =========================================================== + +[3-cipher-server-pref-1] +ssl_conf = 3-cipher-server-pref-1-ssl + +[3-cipher-server-pref-1-ssl] +server = 3-cipher-server-pref-1-server +client = 3-cipher-server-pref-1-client + +[3-cipher-server-pref-1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256 +MaxProtocol = TLSv1.2 +Options = ServerPreference +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-cipher-server-pref-1-client] +CipherString = ECDHE-RSA-AES256-SHA384 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedCipher = ECDHE-RSA-AES256-SHA384 + + +# =========================================================== + +[4-cipher-server-pref-2] +ssl_conf = 4-cipher-server-pref-2-ssl + +[4-cipher-server-pref-2-ssl] +server = 4-cipher-server-pref-2-server +client = 4-cipher-server-pref-2-client + +[4-cipher-server-pref-2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256 +MaxProtocol = TLSv1.2 +Options = ServerPreference +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-cipher-server-pref-2-client] +CipherString = ECDHE-RSA-AES128-SHA256 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedCipher = ECDHE-RSA-AES128-SHA256 + + +# =========================================================== + +[5-cipher-server-pref-client-list] +ssl_conf = 5-cipher-server-pref-client-list-ssl + +[5-cipher-server-pref-client-list-ssl] +server = 5-cipher-server-pref-client-list-server +client = 5-cipher-server-pref-client-list-client + +[5-cipher-server-pref-client-list-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256 +MaxProtocol = TLSv1.2 +Options = ServerPreference +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-cipher-server-pref-client-list-client] +CipherString = ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedCipher = ECDHE-RSA-AES256-SHA384 + + +# =========================================================== + +[6-cipher-server-pref-not-mobile] +ssl_conf = 6-cipher-server-pref-not-mobile-ssl + +[6-cipher-server-pref-not-mobile-ssl] +server = 6-cipher-server-pref-not-mobile-server +client = 6-cipher-server-pref-not-mobile-client + +[6-cipher-server-pref-not-mobile-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305 +MaxProtocol = TLSv1.2 +Options = ServerPreference +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-cipher-server-pref-not-mobile-client] +CipherString = ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedCipher = ECDHE-RSA-AES256-SHA384 + + +# =========================================================== + +[7-cipher-server-pref-mobile] +ssl_conf = 7-cipher-server-pref-mobile-ssl + +[7-cipher-server-pref-mobile-ssl] +server = 7-cipher-server-pref-mobile-server +client = 7-cipher-server-pref-mobile-client + +[7-cipher-server-pref-mobile-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305 +MaxProtocol = TLSv1.2 +Options = ServerPreference,PrioritizeChaCha +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-cipher-server-pref-mobile-client] +CipherString = ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-CHACHA20-POLY1305 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedCipher = ECDHE-RSA-AES256-SHA384 + + +# =========================================================== + +[8-cipher-server-pref-mobile2] +ssl_conf = 8-cipher-server-pref-mobile2-ssl + +[8-cipher-server-pref-mobile2-ssl] +server = 8-cipher-server-pref-mobile2-server +client = 8-cipher-server-pref-mobile2-client + +[8-cipher-server-pref-mobile2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305 +MaxProtocol = TLSv1.2 +Options = ServerPreference,PrioritizeChaCha +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-cipher-server-pref-mobile2-client] +CipherString = ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedCipher = ECDHE-RSA-CHACHA20-POLY1305 diff --git a/deps/openssl/openssl/test/ssl-tests/25-cipher.conf.in b/deps/openssl/openssl/test/ssl-tests/25-cipher.conf.in new file mode 100644 index 00000000000000..8d3917e12ec3e8 --- /dev/null +++ b/deps/openssl/openssl/test/ssl-tests/25-cipher.conf.in @@ -0,0 +1,156 @@ +# -*- mode: perl; -*- +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test version negotiation + +use strict; +use warnings; + +package ssltests; +use OpenSSL::Test::Utils; + +our @tests = ( + { + name => "cipher-server-1", + server => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256", + }, + client => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES256-SHA384" + }, + test => { + "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384", + }, + }, + { + name => "cipher-server-2", + server => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256", + }, + client => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES128-SHA256" + }, + test => { + "ExpectedCipher" => "ECDHE-RSA-AES128-SHA256", + }, + }, + { + name => "cipher-server-client-list", + server => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256", + }, + client => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384", + }, + test => { + "ExpectedCipher" => "ECDHE-RSA-AES128-SHA256", + }, + }, + { + name => "cipher-server-pref-1", + server => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256", + "Options" => "ServerPreference", + }, + client => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES256-SHA384" + }, + test => { + "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384", + }, + }, + { + name => "cipher-server-pref-2", + server => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256", + "Options" => "ServerPreference", + }, + client => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES128-SHA256" + }, + test => { + "ExpectedCipher" => "ECDHE-RSA-AES128-SHA256", + }, + }, + { + name => "cipher-server-pref-client-list", + server => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256", + "Options" => "ServerPreference", + }, + client => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384", + }, + test => { + "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384", + }, + }, + { + name => "cipher-server-pref-not-mobile", + server => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305", + "Options" => "ServerPreference", + }, + client => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384", + }, + test => { + "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384", + }, + }, + { + name => "cipher-server-pref-mobile", + server => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305", + "Options" => "ServerPreference,PrioritizeChaCha", + }, + client => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-CHACHA20-POLY1305", + }, + test => { + "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384", + }, + }, +); + +my @tests_poly1305 = ( + { + name => "cipher-server-pref-mobile2", + server => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305", + "Options" => "ServerPreference,PrioritizeChaCha", + }, + client => { + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384", + }, + test => { + "ExpectedCipher" => "ECDHE-RSA-CHACHA20-POLY1305", + }, + }, +); + +push @tests, @tests_poly1305 unless disabled("poly1305") || disabled("chacha"); diff --git a/deps/openssl/openssl/test/ssl-tests/26-tls13_client_auth.conf b/deps/openssl/openssl/test/ssl-tests/26-tls13_client_auth.conf new file mode 100644 index 00000000000000..97c0fa1e03e322 --- /dev/null +++ b/deps/openssl/openssl/test/ssl-tests/26-tls13_client_auth.conf @@ -0,0 +1,486 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 14 + +test-0 = 0-server-auth-TLSv1.3 +test-1 = 1-client-auth-TLSv1.3-request +test-2 = 2-client-auth-TLSv1.3-require-fail +test-3 = 3-client-auth-TLSv1.3-require +test-4 = 4-client-auth-TLSv1.3-require-non-empty-names +test-5 = 5-client-auth-TLSv1.3-noroot +test-6 = 6-client-auth-TLSv1.3-request-post-handshake +test-7 = 7-client-auth-TLSv1.3-require-fail-post-handshake +test-8 = 8-client-auth-TLSv1.3-require-post-handshake +test-9 = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake +test-10 = 10-client-auth-TLSv1.3-noroot-post-handshake +test-11 = 11-client-auth-TLSv1.3-request-force-client-post-handshake +test-12 = 12-client-auth-TLSv1.3-request-force-server-post-handshake +test-13 = 13-client-auth-TLSv1.3-request-force-both-post-handshake +# =========================================================== + +[0-server-auth-TLSv1.3] +ssl_conf = 0-server-auth-TLSv1.3-ssl + +[0-server-auth-TLSv1.3-ssl] +server = 0-server-auth-TLSv1.3-server +client = 0-server-auth-TLSv1.3-client + +[0-server-auth-TLSv1.3-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-server-auth-TLSv1.3-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success + + +# =========================================================== + +[1-client-auth-TLSv1.3-request] +ssl_conf = 1-client-auth-TLSv1.3-request-ssl + +[1-client-auth-TLSv1.3-request-ssl] +server = 1-client-auth-TLSv1.3-request-server +client = 1-client-auth-TLSv1.3-request-client + +[1-client-auth-TLSv1.3-request-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Request + +[1-client-auth-TLSv1.3-request-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success + + +# =========================================================== + +[2-client-auth-TLSv1.3-require-fail] +ssl_conf = 2-client-auth-TLSv1.3-require-fail-ssl + +[2-client-auth-TLSv1.3-require-fail-ssl] +server = 2-client-auth-TLSv1.3-require-fail-server +client = 2-client-auth-TLSv1.3-require-fail-client + +[2-client-auth-TLSv1.3-require-fail-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[2-client-auth-TLSv1.3-require-fail-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = ServerFail +ExpectedServerAlert = CertificateRequired + + +# =========================================================== + +[3-client-auth-TLSv1.3-require] +ssl_conf = 3-client-auth-TLSv1.3-require-ssl + +[3-client-auth-TLSv1.3-require-ssl] +server = 3-client-auth-TLSv1.3-require-server +client = 3-client-auth-TLSv1.3-require-client + +[3-client-auth-TLSv1.3-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientSignatureAlgorithms = PSS+SHA256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[3-client-auth-TLSv1.3-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedClientCANames = empty +ExpectedClientCertType = RSA +ExpectedClientSignHash = SHA256 +ExpectedClientSignType = RSA-PSS +ExpectedResult = Success + + +# =========================================================== + +[4-client-auth-TLSv1.3-require-non-empty-names] +ssl_conf = 4-client-auth-TLSv1.3-require-non-empty-names-ssl + +[4-client-auth-TLSv1.3-require-non-empty-names-ssl] +server = 4-client-auth-TLSv1.3-require-non-empty-names-server +client = 4-client-auth-TLSv1.3-require-non-empty-names-client + +[4-client-auth-TLSv1.3-require-non-empty-names-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ClientSignatureAlgorithms = PSS+SHA256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[4-client-auth-TLSv1.3-require-non-empty-names-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ExpectedClientCertType = RSA +ExpectedClientSignHash = SHA256 +ExpectedClientSignType = RSA-PSS +ExpectedResult = Success + + +# =========================================================== + +[5-client-auth-TLSv1.3-noroot] +ssl_conf = 5-client-auth-TLSv1.3-noroot-ssl + +[5-client-auth-TLSv1.3-noroot-ssl] +server = 5-client-auth-TLSv1.3-noroot-server +client = 5-client-auth-TLSv1.3-noroot-client + +[5-client-auth-TLSv1.3-noroot-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Require + +[5-client-auth-TLSv1.3-noroot-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = ServerFail +ExpectedServerAlert = UnknownCA + + +# =========================================================== + +[6-client-auth-TLSv1.3-request-post-handshake] +ssl_conf = 6-client-auth-TLSv1.3-request-post-handshake-ssl + +[6-client-auth-TLSv1.3-request-post-handshake-ssl] +server = 6-client-auth-TLSv1.3-request-post-handshake-server +client = 6-client-auth-TLSv1.3-request-post-handshake-client + +[6-client-auth-TLSv1.3-request-post-handshake-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = RequestPostHandshake + +[6-client-auth-TLSv1.3-request-post-handshake-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedResult = ServerFail +HandshakeMode = PostHandshakeAuth + + +# =========================================================== + +[7-client-auth-TLSv1.3-require-fail-post-handshake] +ssl_conf = 7-client-auth-TLSv1.3-require-fail-post-handshake-ssl + +[7-client-auth-TLSv1.3-require-fail-post-handshake-ssl] +server = 7-client-auth-TLSv1.3-require-fail-post-handshake-server +client = 7-client-auth-TLSv1.3-require-fail-post-handshake-client + +[7-client-auth-TLSv1.3-require-fail-post-handshake-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = RequirePostHandshake + +[7-client-auth-TLSv1.3-require-fail-post-handshake-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedResult = ServerFail +HandshakeMode = PostHandshakeAuth + + +# =========================================================== + +[8-client-auth-TLSv1.3-require-post-handshake] +ssl_conf = 8-client-auth-TLSv1.3-require-post-handshake-ssl + +[8-client-auth-TLSv1.3-require-post-handshake-ssl] +server = 8-client-auth-TLSv1.3-require-post-handshake-server +client = 8-client-auth-TLSv1.3-require-post-handshake-client + +[8-client-auth-TLSv1.3-require-post-handshake-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientSignatureAlgorithms = PSS+SHA256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = RequestPostHandshake + +[8-client-auth-TLSv1.3-require-post-handshake-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedClientCANames = empty +ExpectedClientCertType = RSA +ExpectedClientSignHash = SHA256 +ExpectedClientSignType = RSA-PSS +ExpectedResult = Success +HandshakeMode = PostHandshakeAuth +client = 8-client-auth-TLSv1.3-require-post-handshake-client-extra + +[8-client-auth-TLSv1.3-require-post-handshake-client-extra] +EnablePHA = Yes + + +# =========================================================== + +[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake] +ssl_conf = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-ssl + +[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-ssl] +server = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-server +client = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client + +[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ClientSignatureAlgorithms = PSS+SHA256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = RequestPostHandshake + +[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ExpectedClientCertType = RSA +ExpectedClientSignHash = SHA256 +ExpectedClientSignType = RSA-PSS +ExpectedResult = Success +HandshakeMode = PostHandshakeAuth +client = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client-extra + +[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client-extra] +EnablePHA = Yes + + +# =========================================================== + +[10-client-auth-TLSv1.3-noroot-post-handshake] +ssl_conf = 10-client-auth-TLSv1.3-noroot-post-handshake-ssl + +[10-client-auth-TLSv1.3-noroot-post-handshake-ssl] +server = 10-client-auth-TLSv1.3-noroot-post-handshake-server +client = 10-client-auth-TLSv1.3-noroot-post-handshake-client + +[10-client-auth-TLSv1.3-noroot-post-handshake-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = RequirePostHandshake + +[10-client-auth-TLSv1.3-noroot-post-handshake-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedResult = ServerFail +ExpectedServerAlert = UnknownCA +HandshakeMode = PostHandshakeAuth +client = 10-client-auth-TLSv1.3-noroot-post-handshake-client-extra + +[10-client-auth-TLSv1.3-noroot-post-handshake-client-extra] +EnablePHA = Yes + + +# =========================================================== + +[11-client-auth-TLSv1.3-request-force-client-post-handshake] +ssl_conf = 11-client-auth-TLSv1.3-request-force-client-post-handshake-ssl + +[11-client-auth-TLSv1.3-request-force-client-post-handshake-ssl] +server = 11-client-auth-TLSv1.3-request-force-client-post-handshake-server +client = 11-client-auth-TLSv1.3-request-force-client-post-handshake-client + +[11-client-auth-TLSv1.3-request-force-client-post-handshake-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = RequestPostHandshake + +[11-client-auth-TLSv1.3-request-force-client-post-handshake-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedResult = Success +HandshakeMode = PostHandshakeAuth +client = 11-client-auth-TLSv1.3-request-force-client-post-handshake-client-extra + +[11-client-auth-TLSv1.3-request-force-client-post-handshake-client-extra] +EnablePHA = Yes + + +# =========================================================== + +[12-client-auth-TLSv1.3-request-force-server-post-handshake] +ssl_conf = 12-client-auth-TLSv1.3-request-force-server-post-handshake-ssl + +[12-client-auth-TLSv1.3-request-force-server-post-handshake-ssl] +server = 12-client-auth-TLSv1.3-request-force-server-post-handshake-server +client = 12-client-auth-TLSv1.3-request-force-server-post-handshake-client + +[12-client-auth-TLSv1.3-request-force-server-post-handshake-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = RequestPostHandshake + +[12-client-auth-TLSv1.3-request-force-server-post-handshake-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedResult = ClientFail +HandshakeMode = PostHandshakeAuth +server = 12-client-auth-TLSv1.3-request-force-server-post-handshake-server-extra + +[12-client-auth-TLSv1.3-request-force-server-post-handshake-server-extra] +ForcePHA = Yes + + +# =========================================================== + +[13-client-auth-TLSv1.3-request-force-both-post-handshake] +ssl_conf = 13-client-auth-TLSv1.3-request-force-both-post-handshake-ssl + +[13-client-auth-TLSv1.3-request-force-both-post-handshake-ssl] +server = 13-client-auth-TLSv1.3-request-force-both-post-handshake-server +client = 13-client-auth-TLSv1.3-request-force-both-post-handshake-client + +[13-client-auth-TLSv1.3-request-force-both-post-handshake-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = RequestPostHandshake + +[13-client-auth-TLSv1.3-request-force-both-post-handshake-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedResult = Success +HandshakeMode = PostHandshakeAuth +server = 13-client-auth-TLSv1.3-request-force-both-post-handshake-server-extra +client = 13-client-auth-TLSv1.3-request-force-both-post-handshake-client-extra + +[13-client-auth-TLSv1.3-request-force-both-post-handshake-server-extra] +ForcePHA = Yes + +[13-client-auth-TLSv1.3-request-force-both-post-handshake-client-extra] +EnablePHA = Yes diff --git a/deps/openssl/openssl/test/ssl-tests/26-tls13_client_auth.conf.in b/deps/openssl/openssl/test/ssl-tests/26-tls13_client_auth.conf.in new file mode 100644 index 00000000000000..018dd825be0cc5 --- /dev/null +++ b/deps/openssl/openssl/test/ssl-tests/26-tls13_client_auth.conf.in @@ -0,0 +1,302 @@ +# -*- mode: perl; -*- +# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test TLSv1.3 certificate authentication +## Similar to 04-client_auth.conf.in output, but specific for +## TLSv1.3 and post-handshake authentication + +use strict; +use warnings; + +package ssltests; +use OpenSSL::Test::Utils; + +our @tests = ( + { + name => "server-auth-TLSv1.3", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + }, + test => { + "ExpectedResult" => "Success", + }, + }, + { + name => "client-auth-TLSv1.3-request", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "VerifyMode" => "Request", + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + }, + test => { + "ExpectedResult" => "Success", + }, + }, + { + name => "client-auth-TLSv1.3-require-fail", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Require", + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + }, + test => { + "ExpectedResult" => "ServerFail", + "ExpectedServerAlert" => "CertificateRequired", + }, + }, + { + name => "client-auth-TLSv1.3-require", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "ClientSignatureAlgorithms" => "PSS+SHA256", + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Request", + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + }, + test => { + "ExpectedResult" => "Success", + "ExpectedClientCertType" => "RSA", + "ExpectedClientSignType" => "RSA-PSS", + "ExpectedClientSignHash" => "SHA256", + "ExpectedClientCANames" => "empty" + }, + }, + { + name => "client-auth-TLSv1.3-require-non-empty-names", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "ClientSignatureAlgorithms" => "PSS+SHA256", + "ClientCAFile" => test_pem("root-cert.pem"), + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Request", + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + }, + test => { + "ExpectedResult" => "Success", + "ExpectedClientCertType" => "RSA", + "ExpectedClientSignType" => "RSA-PSS", + "ExpectedClientSignHash" => "SHA256", + "ExpectedClientCANames" => test_pem("root-cert.pem"), + }, + }, + { + name => "client-auth-TLSv1.3-noroot", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "VerifyMode" => "Require", + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + }, + test => { + "ExpectedResult" => "ServerFail", + "ExpectedServerAlert" => "UnknownCA", + }, + }, + { + name => "client-auth-TLSv1.3-request-post-handshake", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "VerifyMode" => "RequestPostHandshake", + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + }, + test => { + "ExpectedResult" => "ServerFail", + "HandshakeMode" => "PostHandshakeAuth", + }, + }, + { + name => "client-auth-TLSv1.3-require-fail-post-handshake", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "RequirePostHandshake", + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + }, + test => { + "ExpectedResult" => "ServerFail", + "HandshakeMode" => "PostHandshakeAuth", + }, + }, + { + name => "client-auth-TLSv1.3-require-post-handshake", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "ClientSignatureAlgorithms" => "PSS+SHA256", + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "RequestPostHandshake", + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + extra => { + "EnablePHA" => "Yes", + }, + }, + test => { + "ExpectedResult" => "Success", + "HandshakeMode" => "PostHandshakeAuth", + "ExpectedClientCertType" => "RSA", + "ExpectedClientSignType" => "RSA-PSS", + "ExpectedClientSignHash" => "SHA256", + "ExpectedClientCANames" => "empty" + }, + }, + { + name => "client-auth-TLSv1.3-require-non-empty-names-post-handshake", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "ClientSignatureAlgorithms" => "PSS+SHA256", + "ClientCAFile" => test_pem("root-cert.pem"), + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "RequestPostHandshake", + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + extra => { + "EnablePHA" => "Yes", + }, + }, + test => { + "ExpectedResult" => "Success", + "HandshakeMode" => "PostHandshakeAuth", + "ExpectedClientCertType" => "RSA", + "ExpectedClientSignType" => "RSA-PSS", + "ExpectedClientSignHash" => "SHA256", + "ExpectedClientCANames" => test_pem("root-cert.pem"), + }, + }, + { + name => "client-auth-TLSv1.3-noroot-post-handshake", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "VerifyMode" => "RequirePostHandshake", + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + extra => { + "EnablePHA" => "Yes", + }, + }, + test => { + "ExpectedResult" => "ServerFail", + "HandshakeMode" => "PostHandshakeAuth", + "ExpectedServerAlert" => "UnknownCA", + }, + }, + { + name => "client-auth-TLSv1.3-request-force-client-post-handshake", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "VerifyMode" => "RequestPostHandshake", + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + extra => { + "EnablePHA" => "Yes", + }, + }, + test => { + "ExpectedResult" => "Success", + "HandshakeMode" => "PostHandshakeAuth", + }, + }, + { + name => "client-auth-TLSv1.3-request-force-server-post-handshake", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "VerifyMode" => "RequestPostHandshake", + extra => { + "ForcePHA" => "Yes", + }, + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + }, + test => { + "ExpectedResult" => "ClientFail", + "HandshakeMode" => "PostHandshakeAuth", + }, + }, + { + name => "client-auth-TLSv1.3-request-force-both-post-handshake", + server => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "VerifyMode" => "RequestPostHandshake", + extra => { + "ForcePHA" => "Yes", + }, + }, + client => { + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + extra => { + "EnablePHA" => "Yes", + }, + }, + test => { + "ExpectedResult" => "Success", + "HandshakeMode" => "PostHandshakeAuth", + }, + }, +); diff --git a/deps/openssl/openssl/test/ssl-tests/27-ticket-appdata.conf b/deps/openssl/openssl/test/ssl-tests/27-ticket-appdata.conf new file mode 100644 index 00000000000000..f4b0c7cd33f3bf --- /dev/null +++ b/deps/openssl/openssl/test/ssl-tests/27-ticket-appdata.conf @@ -0,0 +1,144 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 4 + +test-0 = 0-session-ticket-app-data12 +test-1 = 1-session-ticket-app-data12 +test-2 = 2-session-ticket-app-data13 +test-3 = 3-session-ticket-app-data13 +# =========================================================== + +[0-session-ticket-app-data12] +ssl_conf = 0-session-ticket-app-data12-ssl + +[0-session-ticket-app-data12-ssl] +server = 0-session-ticket-app-data12-server +client = 0-session-ticket-app-data12-client +resume-server = 0-session-ticket-app-data12-server +resume-client = 0-session-ticket-app-data12-client + +[0-session-ticket-app-data12-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-session-ticket-app-data12-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success +ExpectedSessionTicketAppData = HelloWorld +HandshakeMode = Resume +ResumptionExpected = Yes +SessionTicketExpected = Yes +server = 0-session-ticket-app-data12-server-extra +resume-server = 0-session-ticket-app-data12-server-extra + +[0-session-ticket-app-data12-server-extra] +SessionTicketAppData = HelloWorld + + +# =========================================================== + +[1-session-ticket-app-data12] +ssl_conf = 1-session-ticket-app-data12-ssl + +[1-session-ticket-app-data12-ssl] +server = 1-session-ticket-app-data12-server +client = 1-session-ticket-app-data12-client +resume-server = 1-session-ticket-app-data12-server +resume-client = 1-session-ticket-app-data12-client + +[1-session-ticket-app-data12-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-session-ticket-app-data12-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success +ExpectedSessionTicketAppData = +HandshakeMode = Resume +ResumptionExpected = Yes +SessionTicketExpected = Yes + + +# =========================================================== + +[2-session-ticket-app-data13] +ssl_conf = 2-session-ticket-app-data13-ssl + +[2-session-ticket-app-data13-ssl] +server = 2-session-ticket-app-data13-server +client = 2-session-ticket-app-data13-client +resume-server = 2-session-ticket-app-data13-server +resume-client = 2-session-ticket-app-data13-client + +[2-session-ticket-app-data13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-session-ticket-app-data13-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = Success +ExpectedSessionTicketAppData = HelloWorld +HandshakeMode = Resume +ResumptionExpected = Yes +SessionTicketExpected = Yes +server = 2-session-ticket-app-data13-server-extra +resume-server = 2-session-ticket-app-data13-server-extra + +[2-session-ticket-app-data13-server-extra] +SessionTicketAppData = HelloWorld + + +# =========================================================== + +[3-session-ticket-app-data13] +ssl_conf = 3-session-ticket-app-data13-ssl + +[3-session-ticket-app-data13-ssl] +server = 3-session-ticket-app-data13-server +client = 3-session-ticket-app-data13-client +resume-server = 3-session-ticket-app-data13-server +resume-client = 3-session-ticket-app-data13-client + +[3-session-ticket-app-data13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-session-ticket-app-data13-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +Options = SessionTicket +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success +ExpectedSessionTicketAppData = +HandshakeMode = Resume +ResumptionExpected = Yes +SessionTicketExpected = Yes diff --git a/deps/openssl/openssl/test/ssl-tests/27-ticket-appdata.conf.in b/deps/openssl/openssl/test/ssl-tests/27-ticket-appdata.conf.in new file mode 100644 index 00000000000000..ed919d9bae478f --- /dev/null +++ b/deps/openssl/openssl/test/ssl-tests/27-ticket-appdata.conf.in @@ -0,0 +1,99 @@ +# -*- mode: perl; -*- +# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test session ticket app data + +use strict; +use warnings; + +package ssltests; +use OpenSSL::Test::Utils; + +our @tests12 = ( + { + "name" => "session-ticket-app-data12", + "client" => { + "MaxProtocol" => "TLSv1.2", + "Options" => "SessionTicket", + }, + "server" => { + "Options" => "SessionTicket", + "extra" => { + "SessionTicketAppData" => "HelloWorld", + }, + }, + "test" => { + "HandshakeMode" => "Resume", + "ExpectedResult" => "Success", + "SessionTicketExpected" => "Yes", + "ResumptionExpected" => "Yes", + "ExpectedSessionTicketAppData" => "HelloWorld", + } + }, + { + "name" => "session-ticket-app-data12", + "client" => { + "MaxProtocol" => "TLSv1.2", + "Options" => "SessionTicket", + }, + "server" => { + "Options" => "SessionTicket", + }, + "test" => { + "HandshakeMode" => "Resume", + "ExpectedResult" => "Success", + "SessionTicketExpected" => "Yes", + "ResumptionExpected" => "Yes", + "ExpectedSessionTicketAppData" => "", + } + } +); +our @tests13 = ( + { + "name" => "session-ticket-app-data13", + "client" => { + "MaxProtocol" => "TLSv1.3", + "Options" => "SessionTicket", + }, + "server" => { + "Options" => "SessionTicket", + "extra" => { + "SessionTicketAppData" => "HelloWorld", + }, + }, + "test" => { + "HandshakeMode" => "Resume", + "ExpectedResult" => "Success", + "SessionTicketExpected" => "Yes", + "ResumptionExpected" => "Yes", + "ExpectedSessionTicketAppData" => "HelloWorld", + } + }, + { + "name" => "session-ticket-app-data13", + "client" => { + "MaxProtocol" => "TLSv1.3", + "Options" => "SessionTicket", + }, + "server" => { + "Options" => "SessionTicket", + }, + "test" => { + "HandshakeMode" => "Resume", + "ExpectedResult" => "Success", + "SessionTicketExpected" => "Yes", + "ResumptionExpected" => "Yes", + "ExpectedSessionTicketAppData" => "", + } + } +); + +our @tests = (); +push @tests, @tests12 unless disabled("tls1_2"); +push @tests, @tests13 unless disabled("tls1_3"); diff --git a/deps/openssl/openssl/test/ssl-tests/28-seclevel.conf b/deps/openssl/openssl/test/ssl-tests/28-seclevel.conf new file mode 100644 index 00000000000000..0482ad57860be6 --- /dev/null +++ b/deps/openssl/openssl/test/ssl-tests/28-seclevel.conf @@ -0,0 +1,100 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 4 + +test-0 = 0-SECLEVEL 3 with default key +test-1 = 1-SECLEVEL 3 with ED448 key +test-2 = 2-SECLEVEL 3 with P-384 key, X25519 ECDHE +test-3 = 3-SECLEVEL 3 with ED448 key, TLSv1.2 +# =========================================================== + +[0-SECLEVEL 3 with default key] +ssl_conf = 0-SECLEVEL 3 with default key-ssl + +[0-SECLEVEL 3 with default key-ssl] +server = 0-SECLEVEL 3 with default key-server +client = 0-SECLEVEL 3 with default key-client + +[0-SECLEVEL 3 with default key-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT:@SECLEVEL=3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-SECLEVEL 3 with default key-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = ServerFail + + +# =========================================================== + +[1-SECLEVEL 3 with ED448 key] +ssl_conf = 1-SECLEVEL 3 with ED448 key-ssl + +[1-SECLEVEL 3 with ED448 key-ssl] +server = 1-SECLEVEL 3 with ED448 key-server +client = 1-SECLEVEL 3 with ED448 key-client + +[1-SECLEVEL 3 with ED448 key-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +CipherString = DEFAULT:@SECLEVEL=3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem + +[1-SECLEVEL 3 with ED448 key-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success + + +# =========================================================== + +[2-SECLEVEL 3 with P-384 key, X25519 ECDHE] +ssl_conf = 2-SECLEVEL 3 with P-384 key, X25519 ECDHE-ssl + +[2-SECLEVEL 3 with P-384 key, X25519 ECDHE-ssl] +server = 2-SECLEVEL 3 with P-384 key, X25519 ECDHE-server +client = 2-SECLEVEL 3 with P-384 key, X25519 ECDHE-client + +[2-SECLEVEL 3 with P-384 key, X25519 ECDHE-server] +Certificate = ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem +CipherString = DEFAULT:@SECLEVEL=3 +Groups = X25519 +PrivateKey = ${ENV::TEST_CERTS_DIR}/p384-server-key.pem + +[2-SECLEVEL 3 with P-384 key, X25519 ECDHE-client] +CipherString = ECDHE:@SECLEVEL=3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = Success + + +# =========================================================== + +[3-SECLEVEL 3 with ED448 key, TLSv1.2] +ssl_conf = 3-SECLEVEL 3 with ED448 key, TLSv1.2-ssl + +[3-SECLEVEL 3 with ED448 key, TLSv1.2-ssl] +server = 3-SECLEVEL 3 with ED448 key, TLSv1.2-server +client = 3-SECLEVEL 3 with ED448 key, TLSv1.2-client + +[3-SECLEVEL 3 with ED448 key, TLSv1.2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +CipherString = DEFAULT:@SECLEVEL=3 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem + +[3-SECLEVEL 3 with ED448 key, TLSv1.2-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success diff --git a/deps/openssl/openssl/test/ssl-tests/28-seclevel.conf.in b/deps/openssl/openssl/test/ssl-tests/28-seclevel.conf.in new file mode 100644 index 00000000000000..12b9021199c00f --- /dev/null +++ b/deps/openssl/openssl/test/ssl-tests/28-seclevel.conf.in @@ -0,0 +1,58 @@ +# -*- mode: perl; -*- +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## SSL test configurations + +package ssltests; +use OpenSSL::Test::Utils; + +our @tests = ( + { + name => "SECLEVEL 3 with default key", + server => { "CipherString" => "DEFAULT:\@SECLEVEL=3" }, + client => { }, + test => { "ExpectedResult" => "ServerFail" }, + }, +); + +our @tests_ec = ( + { + name => "SECLEVEL 3 with ED448 key", + server => { "CipherString" => "DEFAULT:\@SECLEVEL=3", + "Certificate" => test_pem("server-ed448-cert.pem"), + "PrivateKey" => test_pem("server-ed448-key.pem") }, + client => { }, + test => { "ExpectedResult" => "Success" }, + }, + { + name => "SECLEVEL 3 with P-384 key, X25519 ECDHE", + server => { "CipherString" => "DEFAULT:\@SECLEVEL=3", + "Certificate" => test_pem("p384-server-cert.pem"), + "PrivateKey" => test_pem("p384-server-key.pem"), + "Groups" => "X25519" }, + client => { "CipherString" => "ECDHE:\@SECLEVEL=3", + "VerifyCAFile" => test_pem("p384-root.pem") }, + test => { "ExpectedResult" => "Success" }, + }, +); + +our @tests_tls1_2 = ( + { + name => "SECLEVEL 3 with ED448 key, TLSv1.2", + server => { "CipherString" => "DEFAULT:\@SECLEVEL=3", + "Certificate" => test_pem("server-ed448-cert.pem"), + "PrivateKey" => test_pem("server-ed448-key.pem"), + "MaxProtocol" => "TLSv1.2" }, + client => { }, + test => { "ExpectedResult" => "Success" }, + }, +); + +push @tests, @tests_ec unless disabled("ec"); +push @tests, @tests_tls1_2 unless disabled("tls1_2") || disabled("ec"); diff --git a/deps/openssl/openssl/test/ssl-tests/protocol_version.pm b/deps/openssl/openssl/test/ssl-tests/protocol_version.pm index c7113629496fcf..943719e84add42 100644 --- a/deps/openssl/openssl/test/ssl-tests/protocol_version.pm +++ b/deps/openssl/openssl/test/ssl-tests/protocol_version.pm @@ -1,5 +1,5 @@ # -*- mode: perl; -*- -# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -17,15 +17,15 @@ use warnings; use List::Util qw/max min/; use OpenSSL::Test; -use OpenSSL::Test::Utils qw/anydisabled alldisabled/; +use OpenSSL::Test::Utils qw/anydisabled alldisabled disabled/; setup("no_test_here"); -my @tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"); +my @tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"); # undef stands for "no limit". -my @min_tls_protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"); -my @max_tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", undef); +my @min_tls_protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"); +my @max_tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3", undef); -my @is_tls_disabled = anydisabled("ssl3", "tls1", "tls1_1", "tls1_2"); +my @is_tls_disabled = anydisabled("ssl3", "tls1", "tls1_1", "tls1_2", "tls1_3"); my $min_tls_enabled; my $max_tls_enabled; @@ -74,7 +74,7 @@ foreach my $i (0..$#dtls_protocols) { sub no_tests { my ($dtls) = @_; return $dtls ? alldisabled("dtls1", "dtls1_2") : - alldisabled("ssl3", "tls1", "tls1_1", "tls1_2"); + alldisabled("ssl3", "tls1", "tls1_1", "tls1_2", "tls1_3"); } sub generate_version_tests { @@ -96,35 +96,72 @@ sub generate_version_tests { my @tests = (); - foreach my $c_min (0..$#min_protocols) { - my $c_max_min = $c_min == 0 ? 0 : $c_min - 1; - foreach my $c_max ($c_max_min..$#max_protocols) { - foreach my $s_min (0..$#min_protocols) { - my $s_max_min = $s_min == 0 ? 0 : $s_min - 1; - foreach my $s_max ($s_max_min..$#max_protocols) { - my ($result, $protocol) = - expected_result($c_min, $c_max, $s_min, $s_max, - $min_enabled, $max_enabled, \@protocols); - push @tests, { - "name" => "version-negotiation", - "client" => { - "MinProtocol" => $min_protocols[$c_min], - "MaxProtocol" => $max_protocols[$c_max], - }, - "server" => { - "MinProtocol" => $min_protocols[$s_min], - "MaxProtocol" => $max_protocols[$s_max], - }, - "test" => { - "ExpectedResult" => $result, - "ExpectedProtocol" => $protocol, - "Method" => $method, - } - }; + for (my $sctp = 0; $sctp < ($dtls && !disabled("sctp") ? 2 : 1); $sctp++) { + foreach my $c_min (0..$#min_protocols) { + my $c_max_min = $c_min == 0 ? 0 : $c_min - 1; + foreach my $c_max ($c_max_min..$#max_protocols) { + foreach my $s_min (0..$#min_protocols) { + my $s_max_min = $s_min == 0 ? 0 : $s_min - 1; + foreach my $s_max ($s_max_min..$#max_protocols) { + my ($result, $protocol) = + expected_result($c_min, $c_max, $s_min, $s_max, + $min_enabled, $max_enabled, + \@protocols); + push @tests, { + "name" => "version-negotiation", + "client" => { + "MinProtocol" => $min_protocols[$c_min], + "MaxProtocol" => $max_protocols[$c_max], + }, + "server" => { + "MinProtocol" => $min_protocols[$s_min], + "MaxProtocol" => $max_protocols[$s_max], + }, + "test" => { + "ExpectedResult" => $result, + "ExpectedProtocol" => $protocol, + "Method" => $method, + } + }; + $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp; + } } } } } + return @tests if disabled("tls1_3") || disabled("tls1_2") || $dtls; + + #Add some version/ciphersuite sanity check tests + push @tests, { + "name" => "ciphersuite-sanity-check-client", + "client" => { + #Offering only <=TLSv1.2 ciphersuites with TLSv1.3 should fail + "CipherString" => "AES128-SHA", + "Ciphersuites" => "", + }, + "server" => { + "MaxProtocol" => "TLSv1.2" + }, + "test" => { + "ExpectedResult" => "ClientFail", + } + }; + push @tests, { + "name" => "ciphersuite-sanity-check-server", + "client" => { + "CipherString" => "AES128-SHA", + "MaxProtocol" => "TLSv1.2" + }, + "server" => { + #Allowing only <=TLSv1.2 ciphersuites with TLSv1.3 should fail + "CipherString" => "AES128-SHA", + "Ciphersuites" => "", + }, + "test" => { + "ExpectedResult" => "ServerFail", + } + }; + return @tests; } @@ -137,6 +174,7 @@ sub generate_resumption_tests { my @protocols = $dtls ? @dtls_protocols : @tls_protocols; my $min_enabled = $dtls ? $min_dtls_enabled : $min_tls_enabled; + my $max_enabled = $dtls ? $max_dtls_enabled : $max_tls_enabled; if (no_tests($dtls)) { return; @@ -146,10 +184,10 @@ sub generate_resumption_tests { my @client_tests = (); # Obtain the first session against a fixed-version server/client. - foreach my $original_protocol($min_enabled..$#protocols) { + foreach my $original_protocol($min_enabled..$max_enabled) { # Upgrade or downgrade the server/client max version support and test # that it upgrades, downgrades or resumes the session as well. - foreach my $resume_protocol($min_enabled..$#protocols) { + foreach my $resume_protocol($min_enabled..$max_enabled) { my $resumption_expected; # We should only resume on exact version match. if ($original_protocol eq $resume_protocol) { @@ -158,50 +196,75 @@ sub generate_resumption_tests { $resumption_expected = "No"; } - foreach my $ticket ("SessionTicket", "-SessionTicket") { - # Client is flexible, server upgrades/downgrades. - push @server_tests, { - "name" => "resumption", - "client" => { }, - "server" => { - "MinProtocol" => $protocols[$original_protocol], - "MaxProtocol" => $protocols[$original_protocol], - "Options" => $ticket, - }, - "resume_server" => { - "MaxProtocol" => $protocols[$resume_protocol], - }, - "test" => { - "ExpectedProtocol" => $protocols[$resume_protocol], - "Method" => $method, - "HandshakeMode" => "Resume", - "ResumptionExpected" => $resumption_expected, - } - }; - # Server is flexible, client upgrades/downgrades. - push @client_tests, { - "name" => "resumption", - "client" => { - "MinProtocol" => $protocols[$original_protocol], - "MaxProtocol" => $protocols[$original_protocol], - }, - "server" => { - "Options" => $ticket, - }, - "resume_client" => { - "MaxProtocol" => $protocols[$resume_protocol], - }, - "test" => { - "ExpectedProtocol" => $protocols[$resume_protocol], - "Method" => $method, - "HandshakeMode" => "Resume", - "ResumptionExpected" => $resumption_expected, - } - }; + for (my $sctp = 0; $sctp < ($dtls && !disabled("sctp") ? 2 : 1); + $sctp++) { + foreach my $ticket ("SessionTicket", "-SessionTicket") { + # Client is flexible, server upgrades/downgrades. + push @server_tests, { + "name" => "resumption", + "client" => { }, + "server" => { + "MinProtocol" => $protocols[$original_protocol], + "MaxProtocol" => $protocols[$original_protocol], + "Options" => $ticket, + }, + "resume_server" => { + "MaxProtocol" => $protocols[$resume_protocol], + "Options" => $ticket, + }, + "test" => { + "ExpectedProtocol" => $protocols[$resume_protocol], + "Method" => $method, + "HandshakeMode" => "Resume", + "ResumptionExpected" => $resumption_expected, + } + }; + $server_tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp; + # Server is flexible, client upgrades/downgrades. + push @client_tests, { + "name" => "resumption", + "client" => { + "MinProtocol" => $protocols[$original_protocol], + "MaxProtocol" => $protocols[$original_protocol], + }, + "server" => { + "Options" => $ticket, + }, + "resume_client" => { + "MaxProtocol" => $protocols[$resume_protocol], + }, + "test" => { + "ExpectedProtocol" => $protocols[$resume_protocol], + "Method" => $method, + "HandshakeMode" => "Resume", + "ResumptionExpected" => $resumption_expected, + } + }; + $client_tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp; + } } } } + if (!disabled("tls1_3") && !$dtls) { + push @client_tests, { + "name" => "resumption-with-hrr", + "client" => { + }, + "server" => { + "Curves" => "P-256" + }, + "resume_client" => { + }, + "test" => { + "ExpectedProtocol" => "TLSv1.3", + "Method" => "TLS", + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + } + }; + } + return (@server_tests, @client_tests); } @@ -224,9 +287,7 @@ sub expected_result { if ($c_min > $c_max) { # Client should fail to even send a hello. - # This results in an internal error since the server will be - # waiting for input that never arrives. - return ("InternalError", undef); + return ("ClientFail", undef); } elsif ($s_min > $s_max) { # Server has no protocols, should always fail. return ("ServerFail", undef); @@ -234,9 +295,16 @@ sub expected_result { # Server doesn't support the client range. return ("ServerFail", undef); } elsif ($c_min > $s_max) { - # Server will try with a version that is lower than the lowest - # supported client version. - return ("ClientFail", undef); + my @prots = @$protocols; + if ($prots[$c_max] eq "TLSv1.3") { + # Client will have sent supported_versions, so server will know + # that there are no overlapping versions. + return ("ServerFail", undef); + } else { + # Server will try with a version that is lower than the lowest + # supported client version. + return ("ClientFail", undef); + } } else { # Server and client ranges overlap. my $max_common = $s_max < $c_max ? $s_max : $c_max; diff --git a/deps/openssl/openssl/test/ssl_test.c b/deps/openssl/openssl/test/ssl_test.c index 2cbbddd6a919ef..7453a9d10e1eca 100644 --- a/deps/openssl/openssl/test/ssl_test.c +++ b/deps/openssl/openssl/test/ssl_test.c @@ -23,18 +23,6 @@ static CONF *conf = NULL; /* Currently the section names are of the form test-, e.g. test-15. */ #define MAX_TESTCASE_NAME_LENGTH 100 -typedef struct ssl_test_ctx_test_fixture { - const char *test_case_name; - char test_app[MAX_TESTCASE_NAME_LENGTH]; -} SSL_TEST_FIXTURE; - -static SSL_TEST_FIXTURE set_up(const char *const test_case_name) -{ - SSL_TEST_FIXTURE fixture; - fixture.test_case_name = test_case_name; - return fixture; -} - static const char *print_alert(int alert) { return alert ? SSL_alert_desc_string_long(alert) : "no alert"; @@ -42,10 +30,10 @@ static const char *print_alert(int alert) static int check_result(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) { - if (result->result != test_ctx->expected_result) { - fprintf(stderr, "ExpectedResult mismatch: expected %s, got %s.\n", - ssl_test_result_name(test_ctx->expected_result), - ssl_test_result_name(result->result)); + if (!TEST_int_eq(result->result, test_ctx->expected_result)) { + TEST_info("ExpectedResult mismatch: expected %s, got %s.", + ssl_test_result_name(test_ctx->expected_result), + ssl_test_result_name(result->result)); return 0; } return 1; @@ -53,10 +41,11 @@ static int check_result(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) static int check_alerts(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) { - if (result->client_alert_sent != result->client_alert_received) { - fprintf(stderr, "Client sent alert %s but server received %s\n.", - print_alert(result->client_alert_sent), - print_alert(result->client_alert_received)); + if (!TEST_int_eq(result->client_alert_sent, + result->client_alert_received)) { + TEST_info("Client sent alert %s but server received %s.", + print_alert(result->client_alert_sent), + print_alert(result->client_alert_received)); /* * We can't bail here because the peer doesn't always get far enough * to process a received alert. Specifically, in protocol version @@ -71,10 +60,11 @@ static int check_alerts(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) /* return 0; */ } - if (result->server_alert_sent != result->server_alert_received) { - fprintf(stderr, "Server sent alert %s but client received %s\n.", - print_alert(result->server_alert_sent), - print_alert(result->server_alert_received)); + if (!TEST_int_eq(result->server_alert_sent, + result->server_alert_received)) { + TEST_info("Server sent alert %s but client received %s.", + print_alert(result->server_alert_sent), + print_alert(result->server_alert_received)); /* return 0; */ } @@ -86,47 +76,42 @@ static int check_alerts(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) * where the low byte is the alert code and the high byte is other stuff. */ && (result->client_alert_sent & 0xff) != test_ctx->expected_client_alert) { - fprintf(stderr, "ClientAlert mismatch: expected %s, got %s.\n", - print_alert(test_ctx->expected_client_alert), - print_alert(result->client_alert_sent)); + TEST_error("ClientAlert mismatch: expected %s, got %s.", + print_alert(test_ctx->expected_client_alert), + print_alert(result->client_alert_sent)); return 0; } if (test_ctx->expected_server_alert && (result->server_alert_sent & 0xff) != test_ctx->expected_server_alert) { - fprintf(stderr, "ServerAlert mismatch: expected %s, got %s.\n", - print_alert(test_ctx->expected_server_alert), - print_alert(result->server_alert_sent)); + TEST_error("ServerAlert mismatch: expected %s, got %s.", + print_alert(test_ctx->expected_server_alert), + print_alert(result->server_alert_sent)); return 0; } - if (result->client_num_fatal_alerts_sent > 1) { - fprintf(stderr, "Client sent %d fatal alerts.\n", - result->client_num_fatal_alerts_sent); + if (!TEST_int_le(result->client_num_fatal_alerts_sent, 1)) return 0; - } - if (result->server_num_fatal_alerts_sent > 1) { - fprintf(stderr, "Server sent %d alerts.\n", - result->server_num_fatal_alerts_sent); + if (!TEST_int_le(result->server_num_fatal_alerts_sent, 1)) return 0; - } return 1; } static int check_protocol(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) { - if (result->client_protocol != result->server_protocol) { - fprintf(stderr, "Client has protocol %s but server has %s\n.", - ssl_protocol_name(result->client_protocol), - ssl_protocol_name(result->server_protocol)); + if (!TEST_int_eq(result->client_protocol, result->server_protocol)) { + TEST_info("Client has protocol %s but server has %s.", + ssl_protocol_name(result->client_protocol), + ssl_protocol_name(result->server_protocol)); return 0; } if (test_ctx->expected_protocol) { - if (result->client_protocol != test_ctx->expected_protocol) { - fprintf(stderr, "Protocol mismatch: expected %s, got %s.\n", - ssl_protocol_name(test_ctx->expected_protocol), - ssl_protocol_name(result->client_protocol)); + if (!TEST_int_eq(result->client_protocol, + test_ctx->expected_protocol)) { + TEST_info("Protocol mismatch: expected %s, got %s.\n", + ssl_protocol_name(test_ctx->expected_protocol), + ssl_protocol_name(result->client_protocol)); return 0; } } @@ -135,10 +120,10 @@ static int check_protocol(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) static int check_servername(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) { - if (result->servername != test_ctx->expected_servername) { - fprintf(stderr, "Client ServerName mismatch, expected %s, got %s\n.", - ssl_servername_name(test_ctx->expected_servername), - ssl_servername_name(result->servername)); + if (!TEST_int_eq(result->servername, test_ctx->expected_servername)) { + TEST_info("Client ServerName mismatch, expected %s, got %s.", + ssl_servername_name(test_ctx->expected_servername), + ssl_servername_name(result->servername)); return 0; } return 1; @@ -148,25 +133,45 @@ static int check_session_ticket(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx { if (test_ctx->session_ticket_expected == SSL_TEST_SESSION_TICKET_IGNORE) return 1; - if (result->session_ticket != test_ctx->session_ticket_expected) { - fprintf(stderr, "Client SessionTicketExpected mismatch, expected %s, got %s\n.", - ssl_session_ticket_name(test_ctx->session_ticket_expected), - ssl_session_ticket_name(result->session_ticket)); + if (!TEST_int_eq(result->session_ticket, + test_ctx->session_ticket_expected)) { + TEST_info("Client SessionTicketExpected mismatch, expected %s, got %s.", + ssl_session_ticket_name(test_ctx->session_ticket_expected), + ssl_session_ticket_name(result->session_ticket)); + return 0; + } + return 1; +} + +static int check_session_id(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) +{ + if (test_ctx->session_id_expected == SSL_TEST_SESSION_ID_IGNORE) + return 1; + if (!TEST_int_eq(result->session_id, test_ctx->session_id_expected)) { + TEST_info("Client SessionIdExpected mismatch, expected %s, got %s\n.", + ssl_session_id_name(test_ctx->session_id_expected), + ssl_session_id_name(result->session_id)); return 0; } return 1; } +static int check_compression(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) +{ + if (!TEST_int_eq(result->compression, test_ctx->compression_expected)) + return 0; + return 1; +} #ifndef OPENSSL_NO_NEXTPROTONEG static int check_npn(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) { int ret = 1; - ret &= strings_equal("NPN Negotiated (client vs server)", - result->client_npn_negotiated, - result->server_npn_negotiated); - ret &= strings_equal("ExpectedNPNProtocol", - test_ctx->expected_npn_protocol, - result->client_npn_negotiated); + if (!TEST_str_eq(result->client_npn_negotiated, + result->server_npn_negotiated)) + ret = 0; + if (!TEST_str_eq(test_ctx->expected_npn_protocol, + result->client_npn_negotiated)) + ret = 0; return ret; } #endif @@ -174,39 +179,176 @@ static int check_npn(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) static int check_alpn(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) { int ret = 1; - ret &= strings_equal("ALPN Negotiated (client vs server)", - result->client_alpn_negotiated, - result->server_alpn_negotiated); - ret &= strings_equal("ExpectedALPNProtocol", - test_ctx->expected_alpn_protocol, - result->client_alpn_negotiated); + if (!TEST_str_eq(result->client_alpn_negotiated, + result->server_alpn_negotiated)) + ret = 0; + if (!TEST_str_eq(test_ctx->expected_alpn_protocol, + result->client_alpn_negotiated)) + ret = 0; return ret; } +static int check_session_ticket_app_data(HANDSHAKE_RESULT *result, + SSL_TEST_CTX *test_ctx) +{ + size_t result_len = 0; + size_t expected_len = 0; + + /* consider empty and NULL strings to be the same */ + if (result->result_session_ticket_app_data != NULL) + result_len = strlen(result->result_session_ticket_app_data); + if (test_ctx->expected_session_ticket_app_data != NULL) + expected_len = strlen(test_ctx->expected_session_ticket_app_data); + if (result_len == 0 && expected_len == 0) + return 1; + + if (!TEST_str_eq(result->result_session_ticket_app_data, + test_ctx->expected_session_ticket_app_data)) + return 0; + + return 1; +} + static int check_resumption(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) { - if (result->client_resumed != result->server_resumed) { - fprintf(stderr, "Resumption mismatch (client vs server): %d vs %d\n", - result->client_resumed, result->server_resumed); + if (!TEST_int_eq(result->client_resumed, result->server_resumed)) return 0; - } - if (result->client_resumed != test_ctx->resumption_expected) { - fprintf(stderr, "ResumptionExpected mismatch: %d vs %d\n", - test_ctx->resumption_expected, result->client_resumed); + if (!TEST_int_eq(result->client_resumed, test_ctx->resumption_expected)) return 0; + return 1; +} + +static int check_nid(const char *name, int expected_nid, int nid) +{ + if (expected_nid == 0 || expected_nid == nid) + return 1; + TEST_error("%s type mismatch, %s vs %s\n", + name, OBJ_nid2ln(expected_nid), + nid == NID_undef ? "absent" : OBJ_nid2ln(nid)); + return 0; +} + +static void print_ca_names(STACK_OF(X509_NAME) *names) +{ + int i; + + if (names == NULL || sk_X509_NAME_num(names) == 0) { + TEST_note(" "); + return; + } + for (i = 0; i < sk_X509_NAME_num(names); i++) { + X509_NAME_print_ex(bio_err, sk_X509_NAME_value(names, i), 4, + XN_FLAG_ONELINE); + BIO_puts(bio_err, "\n"); + } +} + +static int check_ca_names(const char *name, + STACK_OF(X509_NAME) *expected_names, + STACK_OF(X509_NAME) *names) +{ + int i; + + if (expected_names == NULL) + return 1; + if (names == NULL || sk_X509_NAME_num(names) == 0) { + if (TEST_int_eq(sk_X509_NAME_num(expected_names), 0)) + return 1; + goto err; + } + if (sk_X509_NAME_num(names) != sk_X509_NAME_num(expected_names)) + goto err; + for (i = 0; i < sk_X509_NAME_num(names); i++) { + if (!TEST_int_eq(X509_NAME_cmp(sk_X509_NAME_value(names, i), + sk_X509_NAME_value(expected_names, i)), + 0)) { + goto err; + } } return 1; +err: + TEST_info("%s: list mismatch", name); + TEST_note("Expected Names:"); + print_ca_names(expected_names); + TEST_note("Received Names:"); + print_ca_names(names); + return 0; } static int check_tmp_key(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) { - if (test_ctx->expected_tmp_key_type == 0 - || test_ctx->expected_tmp_key_type == result->tmp_key_type) + return check_nid("Tmp key", test_ctx->expected_tmp_key_type, + result->tmp_key_type); +} + +static int check_server_cert_type(HANDSHAKE_RESULT *result, + SSL_TEST_CTX *test_ctx) +{ + return check_nid("Server certificate", test_ctx->expected_server_cert_type, + result->server_cert_type); +} + +static int check_server_sign_hash(HANDSHAKE_RESULT *result, + SSL_TEST_CTX *test_ctx) +{ + return check_nid("Server signing hash", test_ctx->expected_server_sign_hash, + result->server_sign_hash); +} + +static int check_server_sign_type(HANDSHAKE_RESULT *result, + SSL_TEST_CTX *test_ctx) +{ + return check_nid("Server signing", test_ctx->expected_server_sign_type, + result->server_sign_type); +} + +static int check_server_ca_names(HANDSHAKE_RESULT *result, + SSL_TEST_CTX *test_ctx) +{ + return check_ca_names("Server CA names", + test_ctx->expected_server_ca_names, + result->server_ca_names); +} + +static int check_client_cert_type(HANDSHAKE_RESULT *result, + SSL_TEST_CTX *test_ctx) +{ + return check_nid("Client certificate", test_ctx->expected_client_cert_type, + result->client_cert_type); +} + +static int check_client_sign_hash(HANDSHAKE_RESULT *result, + SSL_TEST_CTX *test_ctx) +{ + return check_nid("Client signing hash", test_ctx->expected_client_sign_hash, + result->client_sign_hash); +} + +static int check_client_sign_type(HANDSHAKE_RESULT *result, + SSL_TEST_CTX *test_ctx) +{ + return check_nid("Client signing", test_ctx->expected_client_sign_type, + result->client_sign_type); +} + +static int check_client_ca_names(HANDSHAKE_RESULT *result, + SSL_TEST_CTX *test_ctx) +{ + return check_ca_names("Client CA names", + test_ctx->expected_client_ca_names, + result->client_ca_names); +} + +static int check_cipher(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) +{ + if (test_ctx->expected_cipher == NULL) return 1; - fprintf(stderr, "Tmp key type mismatch, %s vs %s\n", - OBJ_nid2ln(test_ctx->expected_tmp_key_type), - OBJ_nid2ln(result->tmp_key_type)); - return 0; + if (!TEST_ptr(result->cipher)) + return 0; + if (!TEST_str_eq(test_ctx->expected_cipher, + result->cipher)) + return 0; + return 1; } /* @@ -223,80 +365,117 @@ static int check_test(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) ret &= check_protocol(result, test_ctx); ret &= check_servername(result, test_ctx); ret &= check_session_ticket(result, test_ctx); + ret &= check_compression(result, test_ctx); + ret &= check_session_id(result, test_ctx); ret &= (result->session_ticket_do_not_call == 0); #ifndef OPENSSL_NO_NEXTPROTONEG ret &= check_npn(result, test_ctx); #endif + ret &= check_cipher(result, test_ctx); ret &= check_alpn(result, test_ctx); + ret &= check_session_ticket_app_data(result, test_ctx); ret &= check_resumption(result, test_ctx); ret &= check_tmp_key(result, test_ctx); + ret &= check_server_cert_type(result, test_ctx); + ret &= check_server_sign_hash(result, test_ctx); + ret &= check_server_sign_type(result, test_ctx); + ret &= check_server_ca_names(result, test_ctx); + ret &= check_client_cert_type(result, test_ctx); + ret &= check_client_sign_hash(result, test_ctx); + ret &= check_client_sign_type(result, test_ctx); + ret &= check_client_ca_names(result, test_ctx); } return ret; } -static int execute_test(SSL_TEST_FIXTURE fixture) +static int test_handshake(int idx) { int ret = 0; SSL_CTX *server_ctx = NULL, *server2_ctx = NULL, *client_ctx = NULL, *resume_server_ctx = NULL, *resume_client_ctx = NULL; SSL_TEST_CTX *test_ctx = NULL; HANDSHAKE_RESULT *result = NULL; + char test_app[MAX_TESTCASE_NAME_LENGTH]; - test_ctx = SSL_TEST_CTX_create(conf, fixture.test_app); - if (test_ctx == NULL) + BIO_snprintf(test_app, sizeof(test_app), "test-%d", idx); + + test_ctx = SSL_TEST_CTX_create(conf, test_app); + if (!TEST_ptr(test_ctx)) goto err; #ifndef OPENSSL_NO_DTLS if (test_ctx->method == SSL_TEST_METHOD_DTLS) { server_ctx = SSL_CTX_new(DTLS_server_method()); - TEST_check(SSL_CTX_set_max_proto_version(server_ctx, DTLS_MAX_VERSION)); + if (!TEST_true(SSL_CTX_set_max_proto_version(server_ctx, + DTLS_MAX_VERSION))) + goto err; if (test_ctx->extra.server.servername_callback != SSL_TEST_SERVERNAME_CB_NONE) { - server2_ctx = SSL_CTX_new(DTLS_server_method()); - TEST_check(server2_ctx != NULL); + if (!TEST_ptr(server2_ctx = SSL_CTX_new(DTLS_server_method()))) + goto err; } client_ctx = SSL_CTX_new(DTLS_client_method()); - TEST_check(SSL_CTX_set_max_proto_version(client_ctx, DTLS_MAX_VERSION)); + if (!TEST_true(SSL_CTX_set_max_proto_version(client_ctx, + DTLS_MAX_VERSION))) + goto err; if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) { resume_server_ctx = SSL_CTX_new(DTLS_server_method()); - TEST_check(SSL_CTX_set_max_proto_version(resume_server_ctx, - DTLS_MAX_VERSION)); + if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx, + DTLS_MAX_VERSION))) + goto err; resume_client_ctx = SSL_CTX_new(DTLS_client_method()); - TEST_check(SSL_CTX_set_max_proto_version(resume_client_ctx, - DTLS_MAX_VERSION)); - TEST_check(resume_server_ctx != NULL); - TEST_check(resume_client_ctx != NULL); + if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx, + DTLS_MAX_VERSION))) + goto err; + if (!TEST_ptr(resume_server_ctx) + || !TEST_ptr(resume_client_ctx)) + goto err; } } #endif if (test_ctx->method == SSL_TEST_METHOD_TLS) { server_ctx = SSL_CTX_new(TLS_server_method()); - TEST_check(SSL_CTX_set_max_proto_version(server_ctx, TLS_MAX_VERSION)); + if (!TEST_true(SSL_CTX_set_max_proto_version(server_ctx, + TLS_MAX_VERSION))) + goto err; /* SNI on resumption isn't supported/tested yet. */ if (test_ctx->extra.server.servername_callback != SSL_TEST_SERVERNAME_CB_NONE) { - server2_ctx = SSL_CTX_new(TLS_server_method()); - TEST_check(server2_ctx != NULL); + if (!TEST_ptr(server2_ctx = SSL_CTX_new(TLS_server_method()))) + goto err; + if (!TEST_true(SSL_CTX_set_max_proto_version(server2_ctx, + TLS_MAX_VERSION))) + goto err; } client_ctx = SSL_CTX_new(TLS_client_method()); - TEST_check(SSL_CTX_set_max_proto_version(client_ctx, TLS_MAX_VERSION)); + if (!TEST_true(SSL_CTX_set_max_proto_version(client_ctx, + TLS_MAX_VERSION))) + goto err; if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) { resume_server_ctx = SSL_CTX_new(TLS_server_method()); - TEST_check(SSL_CTX_set_max_proto_version(resume_server_ctx, - TLS_MAX_VERSION)); + if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx, + TLS_MAX_VERSION))) + goto err; resume_client_ctx = SSL_CTX_new(TLS_client_method()); - TEST_check(SSL_CTX_set_max_proto_version(resume_client_ctx, - TLS_MAX_VERSION)); - TEST_check(resume_server_ctx != NULL); - TEST_check(resume_client_ctx != NULL); + if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx, + TLS_MAX_VERSION))) + goto err; + if (!TEST_ptr(resume_server_ctx) + || !TEST_ptr(resume_client_ctx)) + goto err; } } - TEST_check(server_ctx != NULL); - TEST_check(client_ctx != NULL); +#ifdef OPENSSL_NO_AUTOLOAD_CONFIG + if (!TEST_true(OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL))) + goto err; +#endif - TEST_check(CONF_modules_load(conf, fixture.test_app, 0) > 0); + if (!TEST_ptr(server_ctx) + || !TEST_ptr(client_ctx) + || !TEST_int_gt(CONF_modules_load(conf, test_app, 0), 0)) + goto err; if (!SSL_CTX_config(server_ctx, "server") || !SSL_CTX_config(client_ctx, "client")) { @@ -315,7 +494,8 @@ static int execute_test(SSL_TEST_FIXTURE fixture) result = do_handshake(server_ctx, server2_ctx, client_ctx, resume_server_ctx, resume_client_ctx, test_ctx); - ret = check_test(result, test_ctx); + if (result != NULL) + ret = check_test(result, test_ctx); err: CONF_modules_unload(0); @@ -325,47 +505,26 @@ static int execute_test(SSL_TEST_FIXTURE fixture) SSL_CTX_free(resume_server_ctx); SSL_CTX_free(resume_client_ctx); SSL_TEST_CTX_free(test_ctx); - if (ret != 1) - ERR_print_errors_fp(stderr); HANDSHAKE_RESULT_free(result); return ret; } -static void tear_down(SSL_TEST_FIXTURE fixture) +int setup_tests(void) { -} + long num_tests; -#define SETUP_SSL_TEST_FIXTURE() \ - SETUP_TEST_FIXTURE(SSL_TEST_FIXTURE, set_up) -#define EXECUTE_SSL_TEST() \ - EXECUTE_TEST(execute_test, tear_down) + if (!TEST_ptr(conf = NCONF_new(NULL)) + /* argv[1] should point to the test conf file */ + || !TEST_int_gt(NCONF_load(conf, test_get_argument(0), NULL), 0) + || !TEST_int_ne(NCONF_get_number_e(conf, NULL, "num_tests", + &num_tests), 0)) + return 0; -static int test_handshake(int idx) -{ - SETUP_SSL_TEST_FIXTURE(); - BIO_snprintf(fixture.test_app, sizeof(fixture.test_app), - "test-%d", idx); - EXECUTE_SSL_TEST(); + ADD_ALL_TESTS(test_handshake, (int)num_tests); + return 1; } -int main(int argc, char **argv) +void cleanup_tests(void) { - int result = 0; - long num_tests; - - if (argc != 2) - return 1; - - conf = NCONF_new(NULL); - TEST_check(conf != NULL); - - /* argv[1] should point to the test conf file */ - TEST_check(NCONF_load(conf, argv[1], NULL) > 0); - - TEST_check(NCONF_get_number_e(conf, NULL, "num_tests", &num_tests)); - - ADD_ALL_TESTS(test_handshake, (int)(num_tests)); - result = run_tests(argv[0]); - - return result; + NCONF_free(conf); } diff --git a/deps/openssl/openssl/test/ssl_test_ctx.c b/deps/openssl/openssl/test/ssl_test_ctx.c index 28ee5c701b02fc..753338530daaa0 100644 --- a/deps/openssl/openssl/test/ssl_test_ctx.c +++ b/deps/openssl/openssl/test/ssl_test_ctx.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,10 +12,14 @@ #include #include -#include "e_os.h" +#include "internal/nelem.h" #include "ssl_test_ctx.h" #include "testutil.h" +#ifdef OPENSSL_SYS_WINDOWS +# define strcasecmp _stricmp +#endif + static const int default_app_data_size = 256; /* Default set to be as small as possible to exercise fragmentation. */ static const int default_max_fragment_size = 512; @@ -30,6 +34,7 @@ static int parse_boolean(const char *value, int *result) *result = 0; return 1; } + TEST_error("parse_boolean given: '%s'", value); return 0; } @@ -44,8 +49,7 @@ static int parse_boolean(const char *value, int *result) { \ OPENSSL_free(ctx->field); \ ctx->field = OPENSSL_strdup(value); \ - TEST_check(ctx->field != NULL); \ - return 1; \ + return TEST_ptr(ctx->field); \ } #define IMPLEMENT_SSL_TEST_INT_OPTION(struct_type, name, field) \ @@ -95,6 +99,7 @@ static const test_enum ssl_test_results[] = { {"ServerFail", SSL_TEST_SERVER_FAIL}, {"ClientFail", SSL_TEST_CLIENT_FAIL}, {"InternalError", SSL_TEST_INTERNAL_ERROR}, + {"FirstHandshakeFailed", SSL_TEST_FIRST_HANDSHAKE_FAILED}, }; __owur static int parse_expected_result(SSL_TEST_CTX *test_ctx, const char *value) @@ -121,6 +126,7 @@ static const test_enum ssl_alerts[] = { {"UnrecognizedName", SSL_AD_UNRECOGNIZED_NAME}, {"BadCertificate", SSL_AD_BAD_CERTIFICATE}, {"NoApplicationProtocol", SSL_AD_NO_APPLICATION_PROTOCOL}, + {"CertificateRequired", SSL_AD_CERTIFICATE_REQUIRED}, }; __owur static int parse_alert(int *alert, const char *value) @@ -146,6 +152,7 @@ const char *ssl_alert_name(int alert) /* ExpectedProtocol */ static const test_enum ssl_protocols[] = { + {"TLSv1.3", TLS1_3_VERSION}, {"TLSv1.2", TLS1_2_VERSION}, {"TLSv1.1", TLS1_1_VERSION}, {"TLSv1", TLS1_VERSION}, @@ -236,6 +243,11 @@ static const test_enum ssl_servername_callbacks[] = { {"None", SSL_TEST_SERVERNAME_CB_NONE}, {"IgnoreMismatch", SSL_TEST_SERVERNAME_IGNORE_MISMATCH}, {"RejectMismatch", SSL_TEST_SERVERNAME_REJECT_MISMATCH}, + {"ClientHelloIgnoreMismatch", + SSL_TEST_SERVERNAME_CLIENT_HELLO_IGNORE_MISMATCH}, + {"ClientHelloRejectMismatch", + SSL_TEST_SERVERNAME_CLIENT_HELLO_REJECT_MISMATCH}, + {"ClientHelloNoV12", SSL_TEST_SERVERNAME_CLIENT_HELLO_NO_V12}, }; __owur static int parse_servername_callback(SSL_TEST_SERVER_CONF *server_conf, @@ -282,6 +294,36 @@ const char *ssl_session_ticket_name(ssl_session_ticket_t server) server); } +/* CompressionExpected */ + +IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, compression_expected) + +/* SessionIdExpected */ + +static const test_enum ssl_session_id[] = { + {"Ignore", SSL_TEST_SESSION_ID_IGNORE}, + {"Yes", SSL_TEST_SESSION_ID_YES}, + {"No", SSL_TEST_SESSION_ID_NO}, +}; + +__owur static int parse_session_id(SSL_TEST_CTX *test_ctx, const char *value) +{ + int ret_value; + if (!parse_enum(ssl_session_id, OSSL_NELEM(ssl_session_id), + &ret_value, value)) { + return 0; + } + test_ctx->session_id_expected = ret_value; + return 1; +} + +const char *ssl_session_id_name(ssl_session_id_t server) +{ + return enum_name(ssl_session_id, + OSSL_NELEM(ssl_session_id), + server); +} + /* Method */ static const test_enum ssl_test_methods[] = { @@ -314,6 +356,16 @@ IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, alpn_protocols) IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, alpn_protocols) IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, expected_alpn_protocol) +/* SRP options */ +IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, srp_user) +IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, srp_user) +IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, srp_password) +IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, srp_password) + +/* Session Ticket App Data options */ +IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, expected_session_ticket_app_data) +IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, session_ticket_app_data) + /* Handshake mode */ static const test_enum ssl_handshake_modes[] = { @@ -321,6 +373,9 @@ static const test_enum ssl_handshake_modes[] = { {"Resume", SSL_TEST_HANDSHAKE_RESUME}, {"RenegotiateServer", SSL_TEST_HANDSHAKE_RENEG_SERVER}, {"RenegotiateClient", SSL_TEST_HANDSHAKE_RENEG_CLIENT}, + {"KeyUpdateServer", SSL_TEST_HANDSHAKE_KEY_UPDATE_SERVER}, + {"KeyUpdateClient", SSL_TEST_HANDSHAKE_KEY_UPDATE_CLIENT}, + {"PostHandshakeAuth", SSL_TEST_HANDSHAKE_POST_HANDSHAKE_AUTH}, }; __owur static int parse_handshake_mode(SSL_TEST_CTX *test_ctx, const char *value) @@ -344,6 +399,24 @@ const char *ssl_handshake_mode_name(ssl_handshake_mode_t mode) IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, reneg_ciphers) +/* KeyUpdateType */ + +static const test_enum ssl_key_update_types[] = { + {"KeyUpdateRequested", SSL_KEY_UPDATE_REQUESTED}, + {"KeyUpdateNotRequested", SSL_KEY_UPDATE_NOT_REQUESTED}, +}; + +__owur static int parse_key_update_type(SSL_TEST_CTX *test_ctx, const char *value) +{ + int ret_value; + if (!parse_enum(ssl_key_update_types, OSSL_NELEM(ssl_key_update_types), + &ret_value, value)) { + return 0; + } + test_ctx->key_update_type = ret_value; + return 1; +} + /* CT Validation */ static const test_enum ssl_ct_validation_modes[] = { @@ -372,6 +445,7 @@ const char *ssl_ct_validation_name(ssl_ct_validation_t mode) IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, resumption_expected) IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_SERVER_CONF, server, broken_session_ticket) +IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, use_sctp) /* CertStatus */ @@ -408,17 +482,49 @@ IMPLEMENT_SSL_TEST_INT_OPTION(SSL_TEST_CTX, test, app_data_size) IMPLEMENT_SSL_TEST_INT_OPTION(SSL_TEST_CTX, test, max_fragment_size) +/* Maximum-Fragment-Length TLS extension mode */ +static const test_enum ssl_max_fragment_len_mode[] = { + {"None", TLSEXT_max_fragment_length_DISABLED}, + { "512", TLSEXT_max_fragment_length_512}, + {"1024", TLSEXT_max_fragment_length_1024}, + {"2048", TLSEXT_max_fragment_length_2048}, + {"4096", TLSEXT_max_fragment_length_4096} +}; -/* ExpectedTmpKeyType */ - -__owur static int parse_expected_tmp_key_type(SSL_TEST_CTX *test_ctx, +__owur static int parse_max_fragment_len_mode(SSL_TEST_CLIENT_CONF *client_conf, const char *value) +{ + int ret_value; + + if (!parse_enum(ssl_max_fragment_len_mode, + OSSL_NELEM(ssl_max_fragment_len_mode), &ret_value, value)) { + return 0; + } + client_conf->max_fragment_len_mode = ret_value; + return 1; +} + +const char *ssl_max_fragment_len_name(int MFL_mode) +{ + return enum_name(ssl_max_fragment_len_mode, + OSSL_NELEM(ssl_max_fragment_len_mode), MFL_mode); +} + + +/* Expected key and signature types */ + +__owur static int parse_expected_key_type(int *ptype, const char *value) { int nid; + const EVP_PKEY_ASN1_METHOD *ameth; if (value == NULL) return 0; - nid = OBJ_sn2nid(value); + ameth = EVP_PKEY_asn1_find_str(NULL, value, -1); + if (ameth != NULL) + EVP_PKEY_asn1_get0_info(&nid, NULL, NULL, NULL, NULL, ameth); + else + nid = OBJ_sn2nid(value); if (nid == NID_undef) nid = OBJ_ln2nid(value); #ifndef OPENSSL_NO_EC @@ -427,10 +533,107 @@ __owur static int parse_expected_tmp_key_type(SSL_TEST_CTX *test_ctx, #endif if (nid == NID_undef) return 0; - test_ctx->expected_tmp_key_type = nid; + *ptype = nid; return 1; } +__owur static int parse_expected_tmp_key_type(SSL_TEST_CTX *test_ctx, + const char *value) +{ + return parse_expected_key_type(&test_ctx->expected_tmp_key_type, value); +} + +__owur static int parse_expected_server_cert_type(SSL_TEST_CTX *test_ctx, + const char *value) +{ + return parse_expected_key_type(&test_ctx->expected_server_cert_type, + value); +} + +__owur static int parse_expected_server_sign_type(SSL_TEST_CTX *test_ctx, + const char *value) +{ + return parse_expected_key_type(&test_ctx->expected_server_sign_type, + value); +} + +__owur static int parse_expected_client_cert_type(SSL_TEST_CTX *test_ctx, + const char *value) +{ + return parse_expected_key_type(&test_ctx->expected_client_cert_type, + value); +} + +__owur static int parse_expected_client_sign_type(SSL_TEST_CTX *test_ctx, + const char *value) +{ + return parse_expected_key_type(&test_ctx->expected_client_sign_type, + value); +} + + +/* Expected signing hash */ + +__owur static int parse_expected_sign_hash(int *ptype, const char *value) +{ + int nid; + + if (value == NULL) + return 0; + nid = OBJ_sn2nid(value); + if (nid == NID_undef) + nid = OBJ_ln2nid(value); + if (nid == NID_undef) + return 0; + *ptype = nid; + return 1; +} + +__owur static int parse_expected_server_sign_hash(SSL_TEST_CTX *test_ctx, + const char *value) +{ + return parse_expected_sign_hash(&test_ctx->expected_server_sign_hash, + value); +} + +__owur static int parse_expected_client_sign_hash(SSL_TEST_CTX *test_ctx, + const char *value) +{ + return parse_expected_sign_hash(&test_ctx->expected_client_sign_hash, + value); +} + +__owur static int parse_expected_ca_names(STACK_OF(X509_NAME) **pnames, + const char *value) +{ + if (value == NULL) + return 0; + if (!strcmp(value, "empty")) + *pnames = sk_X509_NAME_new_null(); + else + *pnames = SSL_load_client_CA_file(value); + return *pnames != NULL; +} +__owur static int parse_expected_server_ca_names(SSL_TEST_CTX *test_ctx, + const char *value) +{ + return parse_expected_ca_names(&test_ctx->expected_server_ca_names, value); +} +__owur static int parse_expected_client_ca_names(SSL_TEST_CTX *test_ctx, + const char *value) +{ + return parse_expected_ca_names(&test_ctx->expected_client_ca_names, value); +} + +/* ExpectedCipher */ + +IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, expected_cipher) + +/* Client and Server PHA */ + +IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CLIENT_CONF, client, enable_pha) +IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_SERVER_CONF, server, force_pha) + /* Known test options and their corresponding parse methods. */ /* Top-level options. */ @@ -446,14 +649,28 @@ static const ssl_test_ctx_option ssl_test_ctx_options[] = { { "ExpectedProtocol", &parse_protocol }, { "ExpectedServerName", &parse_expected_servername }, { "SessionTicketExpected", &parse_session_ticket }, + { "CompressionExpected", &parse_test_compression_expected }, + { "SessionIdExpected", &parse_session_id }, { "Method", &parse_test_method }, { "ExpectedNPNProtocol", &parse_test_expected_npn_protocol }, { "ExpectedALPNProtocol", &parse_test_expected_alpn_protocol }, { "HandshakeMode", &parse_handshake_mode }, + { "KeyUpdateType", &parse_key_update_type }, { "ResumptionExpected", &parse_test_resumption_expected }, { "ApplicationData", &parse_test_app_data_size }, { "MaxFragmentSize", &parse_test_max_fragment_size }, { "ExpectedTmpKeyType", &parse_expected_tmp_key_type }, + { "ExpectedServerCertType", &parse_expected_server_cert_type }, + { "ExpectedServerSignHash", &parse_expected_server_sign_hash }, + { "ExpectedServerSignType", &parse_expected_server_sign_type }, + { "ExpectedServerCANames", &parse_expected_server_ca_names }, + { "ExpectedClientCertType", &parse_expected_client_cert_type }, + { "ExpectedClientSignHash", &parse_expected_client_sign_hash }, + { "ExpectedClientSignType", &parse_expected_client_sign_type }, + { "ExpectedClientCANames", &parse_expected_client_ca_names }, + { "UseSCTP", &parse_test_use_sctp }, + { "ExpectedCipher", &parse_test_expected_cipher }, + { "ExpectedSessionTicketAppData", &parse_test_expected_session_ticket_app_data }, }; /* Nested client options. */ @@ -469,6 +686,10 @@ static const ssl_test_client_option ssl_test_client_options[] = { { "ALPNProtocols", &parse_client_alpn_protocols }, { "CTValidation", &parse_ct_validation }, { "RenegotiateCiphers", &parse_client_reneg_ciphers}, + { "SRPUser", &parse_client_srp_user }, + { "SRPPassword", &parse_client_srp_password }, + { "MaxFragmentLenExt", &parse_max_fragment_len_mode }, + { "EnablePHA", &parse_client_enable_pha }, }; /* Nested server options. */ @@ -483,19 +704,21 @@ static const ssl_test_server_option ssl_test_server_options[] = { { "ALPNProtocols", &parse_server_alpn_protocols }, { "BrokenSessionTicket", &parse_server_broken_session_ticket }, { "CertStatus", &parse_certstatus }, + { "SRPUser", &parse_server_srp_user }, + { "SRPPassword", &parse_server_srp_password }, + { "ForcePHA", &parse_server_force_pha }, + { "SessionTicketAppData", &parse_server_session_ticket_app_data }, }; -/* - * Since these methods are used to create tests, we use TEST_check liberally - * for malloc failures and other internal errors. - */ -SSL_TEST_CTX *SSL_TEST_CTX_new() +SSL_TEST_CTX *SSL_TEST_CTX_new(void) { SSL_TEST_CTX *ret; - ret = OPENSSL_zalloc(sizeof(*ret)); - TEST_check(ret != NULL); - ret->app_data_size = default_app_data_size; - ret->max_fragment_size = default_max_fragment_size; + + /* The return code is checked by caller */ + if ((ret = OPENSSL_zalloc(sizeof(*ret))) != NULL) { + ret->app_data_size = default_app_data_size; + ret->max_fragment_size = default_max_fragment_size; + } return ret; } @@ -508,6 +731,14 @@ static void ssl_test_extra_conf_free_data(SSL_TEST_EXTRA_CONF *conf) OPENSSL_free(conf->server.alpn_protocols); OPENSSL_free(conf->server2.alpn_protocols); OPENSSL_free(conf->client.reneg_ciphers); + OPENSSL_free(conf->server.srp_user); + OPENSSL_free(conf->server.srp_password); + OPENSSL_free(conf->server2.srp_user); + OPENSSL_free(conf->server2.srp_password); + OPENSSL_free(conf->client.srp_user); + OPENSSL_free(conf->client.srp_password); + OPENSSL_free(conf->server.session_ticket_app_data); + OPENSSL_free(conf->server2.session_ticket_app_data); } static void ssl_test_ctx_free_extra_data(SSL_TEST_CTX *ctx) @@ -521,6 +752,10 @@ void SSL_TEST_CTX_free(SSL_TEST_CTX *ctx) ssl_test_ctx_free_extra_data(ctx); OPENSSL_free(ctx->expected_npn_protocol); OPENSSL_free(ctx->expected_alpn_protocol); + OPENSSL_free(ctx->expected_session_ticket_app_data); + sk_X509_NAME_pop_free(ctx->expected_server_ca_names, X509_NAME_free); + sk_X509_NAME_pop_free(ctx->expected_client_ca_names, X509_NAME_free); + OPENSSL_free(ctx->expected_cipher); OPENSSL_free(ctx); } @@ -531,8 +766,8 @@ static int parse_client_options(SSL_TEST_CLIENT_CONF *client, const CONF *conf, int i; size_t j; - sk_conf = NCONF_get_section(conf, client_section); - TEST_check(sk_conf != NULL); + if (!TEST_ptr(sk_conf = NCONF_get_section(conf, client_section))) + return 0; for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) { int found = 0; @@ -540,8 +775,8 @@ static int parse_client_options(SSL_TEST_CLIENT_CONF *client, const CONF *conf, for (j = 0; j < OSSL_NELEM(ssl_test_client_options); j++) { if (strcmp(option->name, ssl_test_client_options[j].name) == 0) { if (!ssl_test_client_options[j].parse(client, option->value)) { - fprintf(stderr, "Bad value %s for option %s\n", - option->value, option->name); + TEST_info("Bad value %s for option %s", + option->value, option->name); return 0; } found = 1; @@ -549,7 +784,7 @@ static int parse_client_options(SSL_TEST_CLIENT_CONF *client, const CONF *conf, } } if (!found) { - fprintf(stderr, "Unknown test option: %s\n", option->name); + TEST_info("Unknown test option: %s", option->name); return 0; } } @@ -564,8 +799,8 @@ static int parse_server_options(SSL_TEST_SERVER_CONF *server, const CONF *conf, int i; size_t j; - sk_conf = NCONF_get_section(conf, server_section); - TEST_check(sk_conf != NULL); + if (!TEST_ptr(sk_conf = NCONF_get_section(conf, server_section))) + return 0; for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) { int found = 0; @@ -573,8 +808,8 @@ static int parse_server_options(SSL_TEST_SERVER_CONF *server, const CONF *conf, for (j = 0; j < OSSL_NELEM(ssl_test_server_options); j++) { if (strcmp(option->name, ssl_test_server_options[j].name) == 0) { if (!ssl_test_server_options[j].parse(server, option->value)) { - fprintf(stderr, "Bad value %s for option %s\n", - option->value, option->name); + TEST_info("Bad value %s for option %s", + option->value, option->name); return 0; } found = 1; @@ -582,7 +817,7 @@ static int parse_server_options(SSL_TEST_SERVER_CONF *server, const CONF *conf, } } if (!found) { - fprintf(stderr, "Unknown test option: %s\n", option->name); + TEST_info("Unknown test option: %s", option->name); return 0; } } @@ -592,16 +827,14 @@ static int parse_server_options(SSL_TEST_SERVER_CONF *server, const CONF *conf, SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section) { - STACK_OF(CONF_VALUE) *sk_conf; - SSL_TEST_CTX *ctx; + STACK_OF(CONF_VALUE) *sk_conf = NULL; + SSL_TEST_CTX *ctx = NULL; int i; size_t j; - sk_conf = NCONF_get_section(conf, test_section); - TEST_check(sk_conf != NULL); - - ctx = SSL_TEST_CTX_new(); - TEST_check(ctx != NULL); + if (!TEST_ptr(sk_conf = NCONF_get_section(conf, test_section)) + || !TEST_ptr(ctx = SSL_TEST_CTX_new())) + goto err; for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) { int found = 0; @@ -609,16 +842,13 @@ SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section) /* Subsections */ if (strcmp(option->name, "client") == 0) { - if (!parse_client_options(&ctx->extra.client, conf, - option->value)) + if (!parse_client_options(&ctx->extra.client, conf, option->value)) goto err; } else if (strcmp(option->name, "server") == 0) { - if (!parse_server_options(&ctx->extra.server, conf, - option->value)) + if (!parse_server_options(&ctx->extra.server, conf, option->value)) goto err; } else if (strcmp(option->name, "server2") == 0) { - if (!parse_server_options(&ctx->extra.server2, conf, - option->value)) + if (!parse_server_options(&ctx->extra.server2, conf, option->value)) goto err; } else if (strcmp(option->name, "resume-client") == 0) { if (!parse_client_options(&ctx->resume_extra.client, conf, @@ -632,13 +862,12 @@ SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section) if (!parse_server_options(&ctx->resume_extra.server2, conf, option->value)) goto err; - } else { for (j = 0; j < OSSL_NELEM(ssl_test_ctx_options); j++) { if (strcmp(option->name, ssl_test_ctx_options[j].name) == 0) { if (!ssl_test_ctx_options[j].parse(ctx, option->value)) { - fprintf(stderr, "Bad value %s for option %s\n", - option->value, option->name); + TEST_info("Bad value %s for option %s", + option->value, option->name); goto err; } found = 1; @@ -646,7 +875,7 @@ SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section) } } if (!found) { - fprintf(stderr, "Unknown test option: %s\n", option->name); + TEST_info("Unknown test option: %s", option->name); goto err; } } diff --git a/deps/openssl/openssl/test/ssl_test_ctx.h b/deps/openssl/openssl/test/ssl_test_ctx.h index 28a4566716c3eb..86d227d86550cf 100644 --- a/deps/openssl/openssl/test/ssl_test_ctx.h +++ b/deps/openssl/openssl/test/ssl_test_ctx.h @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -38,7 +38,10 @@ typedef enum { typedef enum { SSL_TEST_SERVERNAME_CB_NONE = 0, /* Default */ SSL_TEST_SERVERNAME_IGNORE_MISMATCH, - SSL_TEST_SERVERNAME_REJECT_MISMATCH + SSL_TEST_SERVERNAME_REJECT_MISMATCH, + SSL_TEST_SERVERNAME_CLIENT_HELLO_IGNORE_MISMATCH, + SSL_TEST_SERVERNAME_CLIENT_HELLO_REJECT_MISMATCH, + SSL_TEST_SERVERNAME_CLIENT_HELLO_NO_V12 } ssl_servername_callback_t; typedef enum { @@ -48,6 +51,17 @@ typedef enum { SSL_TEST_SESSION_TICKET_BROKEN /* Special test */ } ssl_session_ticket_t; +typedef enum { + SSL_TEST_COMPRESSION_NO = 0, /* Default */ + SSL_TEST_COMPRESSION_YES +} ssl_compression_t; + +typedef enum { + SSL_TEST_SESSION_ID_IGNORE = 0, /* Default */ + SSL_TEST_SESSION_ID_YES, + SSL_TEST_SESSION_ID_NO +} ssl_session_id_t; + typedef enum { SSL_TEST_METHOD_TLS = 0, /* Default */ SSL_TEST_METHOD_DTLS @@ -57,7 +71,10 @@ typedef enum { SSL_TEST_HANDSHAKE_SIMPLE = 0, /* Default */ SSL_TEST_HANDSHAKE_RESUME, SSL_TEST_HANDSHAKE_RENEG_SERVER, - SSL_TEST_HANDSHAKE_RENEG_CLIENT + SSL_TEST_HANDSHAKE_RENEG_CLIENT, + SSL_TEST_HANDSHAKE_KEY_UPDATE_SERVER, + SSL_TEST_HANDSHAKE_KEY_UPDATE_CLIENT, + SSL_TEST_HANDSHAKE_POST_HANDSHAKE_AUTH } ssl_handshake_mode_t; typedef enum { @@ -71,6 +88,7 @@ typedef enum { SSL_TEST_CERT_STATUS_GOOD_RESPONSE, SSL_TEST_CERT_STATUS_BAD_RESPONSE } ssl_cert_status_t; + /* * Server/client settings that aren't supported by the SSL CONF library, * such as callbacks. @@ -80,12 +98,18 @@ typedef struct { ssl_verify_callback_t verify_callback; /* One of a number of predefined server names use by the client */ ssl_servername_t servername; + /* Maximum Fragment Length extension mode */ + int max_fragment_len_mode; /* Supported NPN and ALPN protocols. A comma-separated list. */ char *npn_protocols; char *alpn_protocols; ssl_ct_validation_t ct_validation; /* Ciphersuites to set on a renegotiation */ char *reneg_ciphers; + char *srp_user; + char *srp_password; + /* PHA enabled */ + int enable_pha; } SSL_TEST_CLIENT_CONF; typedef struct { @@ -98,6 +122,12 @@ typedef struct { int broken_session_ticket; /* Should we send a CertStatus message? */ ssl_cert_status_t cert_status; + /* An SRP user known to the server. */ + char *srp_user; + char *srp_password; + /* Forced PHA */ + int force_pha; + char *session_ticket_app_data; } SSL_TEST_SERVER_CONF; typedef struct { @@ -121,6 +151,8 @@ typedef struct { int app_data_size; /* Maximum send fragment size. */ int max_fragment_size; + /* KeyUpdate type */ + int key_update_type; /* * Extra server/client configurations. Per-handshake. @@ -156,6 +188,7 @@ typedef struct { */ ssl_servername_t expected_servername; ssl_session_ticket_t session_ticket_expected; + int compression_expected; /* The expected NPN/ALPN protocol to negotiate. */ char *expected_npn_protocol; char *expected_alpn_protocol; @@ -163,6 +196,29 @@ typedef struct { int resumption_expected; /* Expected temporary key type */ int expected_tmp_key_type; + /* Expected server certificate key type */ + int expected_server_cert_type; + /* Expected server signing hash */ + int expected_server_sign_hash; + /* Expected server signature type */ + int expected_server_sign_type; + /* Expected server CA names */ + STACK_OF(X509_NAME) *expected_server_ca_names; + /* Expected client certificate key type */ + int expected_client_cert_type; + /* Expected client signing hash */ + int expected_client_sign_hash; + /* Expected client signature type */ + int expected_client_sign_type; + /* Expected CA names for client auth */ + STACK_OF(X509_NAME) *expected_client_ca_names; + /* Whether to use SCTP for the transport */ + int use_sctp; + /* Whether to expect a session id from the server */ + ssl_session_id_t session_id_expected; + char *expected_cipher; + /* Expected Session Ticket Application Data */ + char *expected_session_ticket_app_data; } SSL_TEST_CTX; const char *ssl_test_result_name(ssl_test_result_t result); @@ -173,10 +229,12 @@ const char *ssl_servername_name(ssl_servername_t server); const char *ssl_servername_callback_name(ssl_servername_callback_t servername_callback); const char *ssl_session_ticket_name(ssl_session_ticket_t server); +const char *ssl_session_id_name(ssl_session_id_t server); const char *ssl_test_method_name(ssl_test_method_t method); const char *ssl_handshake_mode_name(ssl_handshake_mode_t mode); const char *ssl_ct_validation_name(ssl_ct_validation_t mode); const char *ssl_certstatus_name(ssl_cert_status_t cert_status); +const char *ssl_max_fragment_len_name(int MFL_mode); /* * Load the test case context from |conf|. diff --git a/deps/openssl/openssl/test/ssl_test_ctx_test.c b/deps/openssl/openssl/test/ssl_test_ctx_test.c index 0f321c60f33329..ffbbfbc12b23f7 100644 --- a/deps/openssl/openssl/test/ssl_test_ctx_test.c +++ b/deps/openssl/openssl/test/ssl_test_ctx_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -15,7 +15,7 @@ #include #include -#include "e_os.h" +#include "internal/nelem.h" #include "ssl_test_ctx.h" #include "testutil.h" #include @@ -33,181 +33,101 @@ typedef struct ssl_test_ctx_test_fixture { } SSL_TEST_CTX_TEST_FIXTURE; -static int SSL_TEST_CLIENT_CONF_equal(SSL_TEST_CLIENT_CONF *client, - SSL_TEST_CLIENT_CONF *client2) +static int clientconf_eq(SSL_TEST_CLIENT_CONF *conf1, + SSL_TEST_CLIENT_CONF *conf2) { - if (client->verify_callback != client2->verify_callback) { - fprintf(stderr, "ClientVerifyCallback mismatch: %s vs %s.\n", - ssl_verify_callback_name(client->verify_callback), - ssl_verify_callback_name(client2->verify_callback)); + if (!TEST_int_eq(conf1->verify_callback, conf2->verify_callback) + || !TEST_int_eq(conf1->servername, conf2->servername) + || !TEST_str_eq(conf1->npn_protocols, conf2->npn_protocols) + || !TEST_str_eq(conf1->alpn_protocols, conf2->alpn_protocols) + || !TEST_int_eq(conf1->ct_validation, conf2->ct_validation) + || !TEST_int_eq(conf1->max_fragment_len_mode, + conf2->max_fragment_len_mode)) return 0; - } - if (client->servername != client2->servername) { - fprintf(stderr, "ServerName mismatch: %s vs %s.\n", - ssl_servername_name(client->servername), - ssl_servername_name(client2->servername)); - return 0; - } - if (!strings_equal("Client NPNProtocols", client->npn_protocols, - client2->npn_protocols)) - return 0; - if (!strings_equal("Client ALPNProtocols", client->alpn_protocols, - client2->alpn_protocols)) - return 0; - if (client->ct_validation != client2->ct_validation) { - fprintf(stderr, "CTValidation mismatch: %s vs %s.\n", - ssl_ct_validation_name(client->ct_validation), - ssl_ct_validation_name(client2->ct_validation)); - return 0; - } return 1; } -static int SSL_TEST_SERVER_CONF_equal(SSL_TEST_SERVER_CONF *server, - SSL_TEST_SERVER_CONF *server2) +static int serverconf_eq(SSL_TEST_SERVER_CONF *serv, + SSL_TEST_SERVER_CONF *serv2) { - if (server->servername_callback != server2->servername_callback) { - fprintf(stderr, "ServerNameCallback mismatch: %s vs %s.\n", - ssl_servername_callback_name(server->servername_callback), - ssl_servername_callback_name(server2->servername_callback)); - return 0; - } - if (!strings_equal("Server NPNProtocols", server->npn_protocols, - server2->npn_protocols)) - return 0; - if (!strings_equal("Server ALPNProtocols", server->alpn_protocols, - server2->alpn_protocols)) - return 0; - if (server->broken_session_ticket != server2->broken_session_ticket) { - fprintf(stderr, "Broken session ticket mismatch: %d vs %d.\n", - server->broken_session_ticket, server2->broken_session_ticket); + if (!TEST_int_eq(serv->servername_callback, serv2->servername_callback) + || !TEST_str_eq(serv->npn_protocols, serv2->npn_protocols) + || !TEST_str_eq(serv->alpn_protocols, serv2->alpn_protocols) + || !TEST_int_eq(serv->broken_session_ticket, + serv2->broken_session_ticket) + || !TEST_str_eq(serv->session_ticket_app_data, + serv2->session_ticket_app_data) + || !TEST_int_eq(serv->cert_status, serv2->cert_status)) return 0; - } - if (server->cert_status != server2->cert_status) { - fprintf(stderr, "CertStatus mismatch: %s vs %s.\n", - ssl_certstatus_name(server->cert_status), - ssl_certstatus_name(server2->cert_status)); - return 0; - } return 1; } -static int SSL_TEST_EXTRA_CONF_equal(SSL_TEST_EXTRA_CONF *extra, - SSL_TEST_EXTRA_CONF *extra2) +static int extraconf_eq(SSL_TEST_EXTRA_CONF *extra, + SSL_TEST_EXTRA_CONF *extra2) { - return SSL_TEST_CLIENT_CONF_equal(&extra->client, &extra2->client) - && SSL_TEST_SERVER_CONF_equal(&extra->server, &extra2->server) - && SSL_TEST_SERVER_CONF_equal(&extra->server2, &extra2->server2); + if (!TEST_true(clientconf_eq(&extra->client, &extra2->client)) + || !TEST_true(serverconf_eq(&extra->server, &extra2->server)) + || !TEST_true(serverconf_eq(&extra->server2, &extra2->server2))) + return 0; + return 1; } -/* Returns 1 if the contexts are equal, 0 otherwise. */ -static int SSL_TEST_CTX_equal(SSL_TEST_CTX *ctx, SSL_TEST_CTX *ctx2) +static int testctx_eq(SSL_TEST_CTX *ctx, SSL_TEST_CTX *ctx2) { - if (ctx->method != ctx2->method) { - fprintf(stderr, "Method mismatch: %s vs %s.\n", - ssl_test_method_name(ctx->method), - ssl_test_method_name(ctx2->method)); - return 0; - } - if (ctx->handshake_mode != ctx2->handshake_mode) { - fprintf(stderr, "HandshakeMode mismatch: %s vs %s.\n", - ssl_handshake_mode_name(ctx->handshake_mode), - ssl_handshake_mode_name(ctx2->handshake_mode)); - return 0; - } - if (ctx->app_data_size != ctx2->app_data_size) { - fprintf(stderr, "ApplicationData mismatch: %d vs %d.\n", - ctx->app_data_size, ctx2->app_data_size); - return 0; - } - - if (ctx->max_fragment_size != ctx2->max_fragment_size) { - fprintf(stderr, "MaxFragmentSize mismatch: %d vs %d.\n", - ctx->max_fragment_size, ctx2->max_fragment_size); - return 0; - } - - if (!SSL_TEST_EXTRA_CONF_equal(&ctx->extra, &ctx2->extra)) { - fprintf(stderr, "Extra conf mismatch.\n"); - return 0; - } - if (!SSL_TEST_EXTRA_CONF_equal(&ctx->resume_extra, &ctx2->resume_extra)) { - fprintf(stderr, "Resume extra conf mismatch.\n"); - return 0; - } - - if (ctx->expected_result != ctx2->expected_result) { - fprintf(stderr, "ExpectedResult mismatch: %s vs %s.\n", - ssl_test_result_name(ctx->expected_result), - ssl_test_result_name(ctx2->expected_result)); - return 0; - } - if (ctx->expected_client_alert != ctx2->expected_client_alert) { - fprintf(stderr, "ClientAlert mismatch: %s vs %s.\n", - ssl_alert_name(ctx->expected_client_alert), - ssl_alert_name(ctx2->expected_client_alert)); - return 0; - } - if (ctx->expected_server_alert != ctx2->expected_server_alert) { - fprintf(stderr, "ServerAlert mismatch: %s vs %s.\n", - ssl_alert_name(ctx->expected_server_alert), - ssl_alert_name(ctx2->expected_server_alert)); - return 0; - } - if (ctx->expected_protocol != ctx2->expected_protocol) { - fprintf(stderr, "ClientAlert mismatch: %s vs %s.\n", - ssl_protocol_name(ctx->expected_protocol), - ssl_protocol_name(ctx2->expected_protocol)); - return 0; - } - if (ctx->expected_servername != ctx2->expected_servername) { - fprintf(stderr, "ExpectedServerName mismatch: %s vs %s.\n", - ssl_servername_name(ctx->expected_servername), - ssl_servername_name(ctx2->expected_servername)); - return 0; - } - if (ctx->session_ticket_expected != ctx2->session_ticket_expected) { - fprintf(stderr, "SessionTicketExpected mismatch: %s vs %s.\n", - ssl_session_ticket_name(ctx->session_ticket_expected), - ssl_session_ticket_name(ctx2->session_ticket_expected)); - return 0; - } - if (!strings_equal("ExpectedNPNProtocol", ctx->expected_npn_protocol, - ctx2->expected_npn_protocol)) + if (!TEST_int_eq(ctx->method, ctx2->method) + || !TEST_int_eq(ctx->handshake_mode, ctx2->handshake_mode) + || !TEST_int_eq(ctx->app_data_size, ctx2->app_data_size) + || !TEST_int_eq(ctx->max_fragment_size, ctx2->max_fragment_size) + || !extraconf_eq(&ctx->extra, &ctx2->extra) + || !extraconf_eq(&ctx->resume_extra, &ctx2->resume_extra) + || !TEST_int_eq(ctx->expected_result, ctx2->expected_result) + || !TEST_int_eq(ctx->expected_client_alert, + ctx2->expected_client_alert) + || !TEST_int_eq(ctx->expected_server_alert, + ctx2->expected_server_alert) + || !TEST_int_eq(ctx->expected_protocol, ctx2->expected_protocol) + || !TEST_int_eq(ctx->expected_servername, ctx2->expected_servername) + || !TEST_int_eq(ctx->session_ticket_expected, + ctx2->session_ticket_expected) + || !TEST_int_eq(ctx->compression_expected, + ctx2->compression_expected) + || !TEST_str_eq(ctx->expected_npn_protocol, + ctx2->expected_npn_protocol) + || !TEST_str_eq(ctx->expected_alpn_protocol, + ctx2->expected_alpn_protocol) + || !TEST_str_eq(ctx->expected_cipher, + ctx2->expected_cipher) + || !TEST_str_eq(ctx->expected_session_ticket_app_data, + ctx2->expected_session_ticket_app_data) + || !TEST_int_eq(ctx->resumption_expected, + ctx2->resumption_expected) + || !TEST_int_eq(ctx->session_id_expected, + ctx2->session_id_expected)) return 0; - if (!strings_equal("ExpectedALPNProtocol", ctx->expected_alpn_protocol, - ctx2->expected_alpn_protocol)) - return 0; - if (ctx->resumption_expected != ctx2->resumption_expected) { - fprintf(stderr, "ResumptionExpected mismatch: %d vs %d.\n", - ctx->resumption_expected, ctx2->resumption_expected); - return 0; - } return 1; } -static SSL_TEST_CTX_TEST_FIXTURE set_up(const char *const test_case_name) +static SSL_TEST_CTX_TEST_FIXTURE *set_up(const char *const test_case_name) { - SSL_TEST_CTX_TEST_FIXTURE fixture; - fixture.test_case_name = test_case_name; - fixture.expected_ctx = SSL_TEST_CTX_new(); - TEST_check(fixture.expected_ctx != NULL); + SSL_TEST_CTX_TEST_FIXTURE *fixture; + + if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture)))) + return NULL; + fixture->test_case_name = test_case_name; + if (!TEST_ptr(fixture->expected_ctx = SSL_TEST_CTX_new())) { + OPENSSL_free(fixture); + return NULL; + } return fixture; } -static int execute_test(SSL_TEST_CTX_TEST_FIXTURE fixture) +static int execute_test(SSL_TEST_CTX_TEST_FIXTURE *fixture) { int success = 0; + SSL_TEST_CTX *ctx; - SSL_TEST_CTX *ctx = SSL_TEST_CTX_create(conf, fixture.test_section); - - if (ctx == NULL) { - fprintf(stderr, "Failed to parse good configuration %s.\n", - fixture.test_section); - goto err; - } - - if (!SSL_TEST_CTX_equal(ctx, fixture.expected_ctx)) + if (!TEST_ptr(ctx = SSL_TEST_CTX_create(conf, fixture->test_section)) + || !testctx_eq(ctx, fixture->expected_ctx)) goto err; success = 1; @@ -216,78 +136,76 @@ static int execute_test(SSL_TEST_CTX_TEST_FIXTURE fixture) return success; } -static int execute_failure_test(SSL_TEST_CTX_TEST_FIXTURE fixture) +static void tear_down(SSL_TEST_CTX_TEST_FIXTURE *fixture) { - SSL_TEST_CTX *ctx = SSL_TEST_CTX_create(conf, fixture.test_section); - - if (ctx != NULL) { - fprintf(stderr, "Parsing bad configuration %s succeeded.\n", - fixture.test_section); - SSL_TEST_CTX_free(ctx); - return 0; - } - - return 1; -} - -static void tear_down(SSL_TEST_CTX_TEST_FIXTURE fixture) -{ - SSL_TEST_CTX_free(fixture.expected_ctx); - ERR_print_errors_fp(stderr); + SSL_TEST_CTX_free(fixture->expected_ctx); + OPENSSL_free(fixture); } -#define SETUP_SSL_TEST_CTX_TEST_FIXTURE() \ - SETUP_TEST_FIXTURE(SSL_TEST_CTX_TEST_FIXTURE, set_up) -#define EXECUTE_SSL_TEST_CTX_TEST() \ +#define SETUP_SSL_TEST_CTX_TEST_FIXTURE() \ + SETUP_TEST_FIXTURE(SSL_TEST_CTX_TEST_FIXTURE, set_up); +#define EXECUTE_SSL_TEST_CTX_TEST() \ EXECUTE_TEST(execute_test, tear_down) -#define EXECUTE_SSL_TEST_CTX_FAILURE_TEST() \ - EXECUTE_TEST(execute_failure_test, tear_down) -static int test_empty_configuration() +static int test_empty_configuration(void) { SETUP_SSL_TEST_CTX_TEST_FIXTURE(); - fixture.test_section = "ssltest_default"; - fixture.expected_ctx->expected_result = SSL_TEST_SUCCESS; + if (fixture == NULL) + return 0; + fixture->test_section = "ssltest_default"; + fixture->expected_ctx->expected_result = SSL_TEST_SUCCESS; EXECUTE_SSL_TEST_CTX_TEST(); + return result; } -static int test_good_configuration() +static int test_good_configuration(void) { SETUP_SSL_TEST_CTX_TEST_FIXTURE(); - fixture.test_section = "ssltest_good"; - fixture.expected_ctx->method = SSL_TEST_METHOD_DTLS; - fixture.expected_ctx->handshake_mode = SSL_TEST_HANDSHAKE_RESUME; - fixture.expected_ctx->app_data_size = 1024; - fixture.expected_ctx->max_fragment_size = 2048; - - fixture.expected_ctx->expected_result = SSL_TEST_SERVER_FAIL; - fixture.expected_ctx->expected_client_alert = SSL_AD_UNKNOWN_CA; - fixture.expected_ctx->expected_server_alert = 0; /* No alert. */ - fixture.expected_ctx->expected_protocol = TLS1_1_VERSION; - fixture.expected_ctx->expected_servername = SSL_TEST_SERVERNAME_SERVER2; - fixture.expected_ctx->session_ticket_expected = SSL_TEST_SESSION_TICKET_YES; - fixture.expected_ctx->resumption_expected = 1; - - fixture.expected_ctx->extra.client.verify_callback = + if (fixture == NULL) + return 0; + fixture->test_section = "ssltest_good"; + fixture->expected_ctx->method = SSL_TEST_METHOD_DTLS; + fixture->expected_ctx->handshake_mode = SSL_TEST_HANDSHAKE_RESUME; + fixture->expected_ctx->app_data_size = 1024; + fixture->expected_ctx->max_fragment_size = 2048; + + fixture->expected_ctx->expected_result = SSL_TEST_SERVER_FAIL; + fixture->expected_ctx->expected_client_alert = SSL_AD_UNKNOWN_CA; + fixture->expected_ctx->expected_server_alert = 0; /* No alert. */ + fixture->expected_ctx->expected_protocol = TLS1_1_VERSION; + fixture->expected_ctx->expected_servername = SSL_TEST_SERVERNAME_SERVER2; + fixture->expected_ctx->session_ticket_expected = SSL_TEST_SESSION_TICKET_YES; + fixture->expected_ctx->compression_expected = SSL_TEST_COMPRESSION_NO; + fixture->expected_ctx->session_id_expected = SSL_TEST_SESSION_ID_IGNORE; + fixture->expected_ctx->resumption_expected = 1; + + fixture->expected_ctx->extra.client.verify_callback = SSL_TEST_VERIFY_REJECT_ALL; - fixture.expected_ctx->extra.client.servername = SSL_TEST_SERVERNAME_SERVER2; - fixture.expected_ctx->extra.client.npn_protocols = + fixture->expected_ctx->extra.client.servername = SSL_TEST_SERVERNAME_SERVER2; + fixture->expected_ctx->extra.client.npn_protocols = OPENSSL_strdup("foo,bar"); - TEST_check(fixture.expected_ctx->extra.client.npn_protocols != NULL); + if (!TEST_ptr(fixture->expected_ctx->extra.client.npn_protocols)) + goto err; + fixture->expected_ctx->extra.client.max_fragment_len_mode = 0; - fixture.expected_ctx->extra.server.servername_callback = + fixture->expected_ctx->extra.server.servername_callback = SSL_TEST_SERVERNAME_IGNORE_MISMATCH; - fixture.expected_ctx->extra.server.broken_session_ticket = 1; + fixture->expected_ctx->extra.server.broken_session_ticket = 1; - fixture.expected_ctx->resume_extra.server2.alpn_protocols = + fixture->expected_ctx->resume_extra.server2.alpn_protocols = OPENSSL_strdup("baz"); - TEST_check( - fixture.expected_ctx->resume_extra.server2.alpn_protocols != NULL); + if (!TEST_ptr(fixture->expected_ctx->resume_extra.server2.alpn_protocols)) + goto err; - fixture.expected_ctx->resume_extra.client.ct_validation = + fixture->expected_ctx->resume_extra.client.ct_validation = SSL_TEST_CT_VALIDATION_STRICT; EXECUTE_SSL_TEST_CTX_TEST(); + return result; + +err: + tear_down(fixture); + return 0; } static const char *bad_configurations[] = { @@ -300,39 +218,45 @@ static const char *bad_configurations[] = { "ssltest_unknown_servername", "ssltest_unknown_servername_callback", "ssltest_unknown_session_ticket_expected", + "ssltest_unknown_compression_expected", + "ssltest_unknown_session_id_expected", "ssltest_unknown_method", "ssltest_unknown_handshake_mode", "ssltest_unknown_resumption_expected", "ssltest_unknown_ct_validation", + "ssltest_invalid_max_fragment_len", }; static int test_bad_configuration(int idx) { - SETUP_SSL_TEST_CTX_TEST_FIXTURE(); - fixture.test_section = bad_configurations[idx]; - EXECUTE_SSL_TEST_CTX_FAILURE_TEST(); -} - -int main(int argc, char **argv) -{ - int result = 0; + SSL_TEST_CTX *ctx; - if (argc != 2) - return 1; + if (!TEST_ptr_null(ctx = SSL_TEST_CTX_create(conf, + bad_configurations[idx]))) { + SSL_TEST_CTX_free(ctx); + return 0; + } - conf = NCONF_new(NULL); - TEST_check(conf != NULL); + return 1; +} - /* argv[1] should point to test/ssl_test_ctx_test.conf */ - TEST_check(NCONF_load(conf, argv[1], NULL) > 0); +int setup_tests(void) +{ + if (!TEST_ptr(conf = NCONF_new(NULL))) + return 0; + /* argument should point to test/ssl_test_ctx_test.conf */ + if (!TEST_int_gt(NCONF_load(conf, test_get_argument(0), NULL), 0)) { + TEST_note("Missing file argument"); + return 0; + } ADD_TEST(test_empty_configuration); ADD_TEST(test_good_configuration); ADD_ALL_TESTS(test_bad_configuration, OSSL_NELEM(bad_configurations)); + return 1; +} - result = run_tests(argv[0]); - +void cleanup_tests(void) +{ NCONF_free(conf); - - return result; } diff --git a/deps/openssl/openssl/test/ssl_test_ctx_test.conf b/deps/openssl/openssl/test/ssl_test_ctx_test.conf index a062d75a102f03..91e1465ffe450d 100644 --- a/deps/openssl/openssl/test/ssl_test_ctx_test.conf +++ b/deps/openssl/openssl/test/ssl_test_ctx_test.conf @@ -72,6 +72,12 @@ ServerNameCallback = Foo [ssltest_unknown_session_ticket_expected] SessionTicketExpected = Foo +[ssltest_unknown_compression_expected] +CompressionExpected = Foo + +[ssltest_unknown_session_id_expected] +SessionIdExpected = Foo + [ssltest_unknown_method] Method = TLS2 @@ -86,3 +92,6 @@ client = ssltest_unknown_ct_validation_client [ssltest_unknown_ct_validation_client] CTCallback = Foo + +[ssltest_invalid_max_fragment_len] +MaxFragmentLenExt = 421 diff --git a/deps/openssl/openssl/test/sslapitest.c b/deps/openssl/openssl/test/sslapitest.c index 8badd284e3280c..108d57e4781cd9 100644 --- a/deps/openssl/openssl/test/sslapitest.c +++ b/deps/openssl/openssl/test/sslapitest.c @@ -14,13 +14,45 @@ #include #include #include +#include +#include +#include #include "ssltestlib.h" #include "testutil.h" -#include "e_os.h" +#include "testutil/output.h" +#include "internal/nelem.h" +#include "../ssl/ssl_locl.h" + +#ifndef OPENSSL_NO_TLS1_3 + +static SSL_SESSION *clientpsk = NULL; +static SSL_SESSION *serverpsk = NULL; +static const char *pskid = "Identity"; +static const char *srvid; + +static int use_session_cb(SSL *ssl, const EVP_MD *md, const unsigned char **id, + size_t *idlen, SSL_SESSION **sess); +static int find_session_cb(SSL *ssl, const unsigned char *identity, + size_t identity_len, SSL_SESSION **sess); + +static int use_session_cb_cnt = 0; +static int find_session_cb_cnt = 0; + +static SSL_SESSION *create_a_psk(SSL *ssl); +#endif static char *cert = NULL; static char *privkey = NULL; +static char *srpvfile = NULL; +static char *tmpfilename = NULL; + +#define LOG_BUFFER_SIZE 2048 +static char server_log_buffer[LOG_BUFFER_SIZE + 1] = {0}; +static size_t server_log_buffer_index = 0; +static char client_log_buffer[LOG_BUFFER_SIZE + 1] = {0}; +static size_t client_log_buffer_index = 0; +static int error_writing_log = 0; #ifndef OPENSSL_NO_OCSP static const unsigned char orespder[] = "Dummy OCSP Response"; @@ -32,6 +64,521 @@ static X509 *ocspcert = NULL; #endif #define NUM_EXTRA_CERTS 40 +#define CLIENT_VERSION_LEN 2 + +/* + * This structure is used to validate that the correct number of log messages + * of various types are emitted when emitting secret logs. + */ +struct sslapitest_log_counts { + unsigned int rsa_key_exchange_count; + unsigned int master_secret_count; + unsigned int client_early_secret_count; + unsigned int client_handshake_secret_count; + unsigned int server_handshake_secret_count; + unsigned int client_application_secret_count; + unsigned int server_application_secret_count; + unsigned int early_exporter_secret_count; + unsigned int exporter_secret_count; +}; + + +static unsigned char serverinfov1[] = { + 0xff, 0xff, /* Dummy extension type */ + 0x00, 0x01, /* Extension length is 1 byte */ + 0xff /* Dummy extension data */ +}; + +static unsigned char serverinfov2[] = { + 0x00, 0x00, 0x00, + (unsigned char)(SSL_EXT_CLIENT_HELLO & 0xff), /* Dummy context - 4 bytes */ + 0xff, 0xff, /* Dummy extension type */ + 0x00, 0x01, /* Extension length is 1 byte */ + 0xff /* Dummy extension data */ +}; + +static void client_keylog_callback(const SSL *ssl, const char *line) +{ + int line_length = strlen(line); + + /* If the log doesn't fit, error out. */ + if (client_log_buffer_index + line_length > sizeof(client_log_buffer) - 1) { + TEST_info("Client log too full"); + error_writing_log = 1; + return; + } + + strcat(client_log_buffer, line); + client_log_buffer_index += line_length; + client_log_buffer[client_log_buffer_index++] = '\n'; +} + +static void server_keylog_callback(const SSL *ssl, const char *line) +{ + int line_length = strlen(line); + + /* If the log doesn't fit, error out. */ + if (server_log_buffer_index + line_length > sizeof(server_log_buffer) - 1) { + TEST_info("Server log too full"); + error_writing_log = 1; + return; + } + + strcat(server_log_buffer, line); + server_log_buffer_index += line_length; + server_log_buffer[server_log_buffer_index++] = '\n'; +} + +static int compare_hex_encoded_buffer(const char *hex_encoded, + size_t hex_length, + const uint8_t *raw, + size_t raw_length) +{ + size_t i, j; + char hexed[3]; + + if (!TEST_size_t_eq(raw_length * 2, hex_length)) + return 1; + + for (i = j = 0; i < raw_length && j + 1 < hex_length; i++, j += 2) { + sprintf(hexed, "%02x", raw[i]); + if (!TEST_int_eq(hexed[0], hex_encoded[j]) + || !TEST_int_eq(hexed[1], hex_encoded[j + 1])) + return 1; + } + + return 0; +} + +static int test_keylog_output(char *buffer, const SSL *ssl, + const SSL_SESSION *session, + struct sslapitest_log_counts *expected) +{ + char *token = NULL; + unsigned char actual_client_random[SSL3_RANDOM_SIZE] = {0}; + size_t client_random_size = SSL3_RANDOM_SIZE; + unsigned char actual_master_key[SSL_MAX_MASTER_KEY_LENGTH] = {0}; + size_t master_key_size = SSL_MAX_MASTER_KEY_LENGTH; + unsigned int rsa_key_exchange_count = 0; + unsigned int master_secret_count = 0; + unsigned int client_early_secret_count = 0; + unsigned int client_handshake_secret_count = 0; + unsigned int server_handshake_secret_count = 0; + unsigned int client_application_secret_count = 0; + unsigned int server_application_secret_count = 0; + unsigned int early_exporter_secret_count = 0; + unsigned int exporter_secret_count = 0; + + for (token = strtok(buffer, " \n"); token != NULL; + token = strtok(NULL, " \n")) { + if (strcmp(token, "RSA") == 0) { + /* + * Premaster secret. Tokens should be: 16 ASCII bytes of + * hex-encoded encrypted secret, then the hex-encoded pre-master + * secret. + */ + if (!TEST_ptr(token = strtok(NULL, " \n"))) + return 0; + if (!TEST_size_t_eq(strlen(token), 16)) + return 0; + if (!TEST_ptr(token = strtok(NULL, " \n"))) + return 0; + /* + * We can't sensibly check the log because the premaster secret is + * transient, and OpenSSL doesn't keep hold of it once the master + * secret is generated. + */ + rsa_key_exchange_count++; + } else if (strcmp(token, "CLIENT_RANDOM") == 0) { + /* + * Master secret. Tokens should be: 64 ASCII bytes of hex-encoded + * client random, then the hex-encoded master secret. + */ + client_random_size = SSL_get_client_random(ssl, + actual_client_random, + SSL3_RANDOM_SIZE); + if (!TEST_size_t_eq(client_random_size, SSL3_RANDOM_SIZE)) + return 0; + + if (!TEST_ptr(token = strtok(NULL, " \n"))) + return 0; + if (!TEST_size_t_eq(strlen(token), 64)) + return 0; + if (!TEST_false(compare_hex_encoded_buffer(token, 64, + actual_client_random, + client_random_size))) + return 0; + + if (!TEST_ptr(token = strtok(NULL, " \n"))) + return 0; + master_key_size = SSL_SESSION_get_master_key(session, + actual_master_key, + master_key_size); + if (!TEST_size_t_ne(master_key_size, 0)) + return 0; + if (!TEST_false(compare_hex_encoded_buffer(token, strlen(token), + actual_master_key, + master_key_size))) + return 0; + master_secret_count++; + } else if (strcmp(token, "CLIENT_EARLY_TRAFFIC_SECRET") == 0 + || strcmp(token, "CLIENT_HANDSHAKE_TRAFFIC_SECRET") == 0 + || strcmp(token, "SERVER_HANDSHAKE_TRAFFIC_SECRET") == 0 + || strcmp(token, "CLIENT_TRAFFIC_SECRET_0") == 0 + || strcmp(token, "SERVER_TRAFFIC_SECRET_0") == 0 + || strcmp(token, "EARLY_EXPORTER_SECRET") == 0 + || strcmp(token, "EXPORTER_SECRET") == 0) { + /* + * TLSv1.3 secret. Tokens should be: 64 ASCII bytes of hex-encoded + * client random, and then the hex-encoded secret. In this case, + * we treat all of these secrets identically and then just + * distinguish between them when counting what we saw. + */ + if (strcmp(token, "CLIENT_EARLY_TRAFFIC_SECRET") == 0) + client_early_secret_count++; + else if (strcmp(token, "CLIENT_HANDSHAKE_TRAFFIC_SECRET") == 0) + client_handshake_secret_count++; + else if (strcmp(token, "SERVER_HANDSHAKE_TRAFFIC_SECRET") == 0) + server_handshake_secret_count++; + else if (strcmp(token, "CLIENT_TRAFFIC_SECRET_0") == 0) + client_application_secret_count++; + else if (strcmp(token, "SERVER_TRAFFIC_SECRET_0") == 0) + server_application_secret_count++; + else if (strcmp(token, "EARLY_EXPORTER_SECRET") == 0) + early_exporter_secret_count++; + else if (strcmp(token, "EXPORTER_SECRET") == 0) + exporter_secret_count++; + + client_random_size = SSL_get_client_random(ssl, + actual_client_random, + SSL3_RANDOM_SIZE); + if (!TEST_size_t_eq(client_random_size, SSL3_RANDOM_SIZE)) + return 0; + + if (!TEST_ptr(token = strtok(NULL, " \n"))) + return 0; + if (!TEST_size_t_eq(strlen(token), 64)) + return 0; + if (!TEST_false(compare_hex_encoded_buffer(token, 64, + actual_client_random, + client_random_size))) + return 0; + + if (!TEST_ptr(token = strtok(NULL, " \n"))) + return 0; + + /* + * TODO(TLS1.3): test that application traffic secrets are what + * we expect */ + } else { + TEST_info("Unexpected token %s\n", token); + return 0; + } + } + + /* Got what we expected? */ + if (!TEST_size_t_eq(rsa_key_exchange_count, + expected->rsa_key_exchange_count) + || !TEST_size_t_eq(master_secret_count, + expected->master_secret_count) + || !TEST_size_t_eq(client_early_secret_count, + expected->client_early_secret_count) + || !TEST_size_t_eq(client_handshake_secret_count, + expected->client_handshake_secret_count) + || !TEST_size_t_eq(server_handshake_secret_count, + expected->server_handshake_secret_count) + || !TEST_size_t_eq(client_application_secret_count, + expected->client_application_secret_count) + || !TEST_size_t_eq(server_application_secret_count, + expected->server_application_secret_count) + || !TEST_size_t_eq(early_exporter_secret_count, + expected->early_exporter_secret_count) + || !TEST_size_t_eq(exporter_secret_count, + expected->exporter_secret_count)) + return 0; + return 1; +} + +#if !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3) +static int test_keylog(void) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + struct sslapitest_log_counts expected = {0}; + + /* Clean up logging space */ + memset(client_log_buffer, 0, sizeof(client_log_buffer)); + memset(server_log_buffer, 0, sizeof(server_log_buffer)); + client_log_buffer_index = 0; + server_log_buffer_index = 0; + error_writing_log = 0; + + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), + TLS_client_method(), + TLS1_VERSION, TLS_MAX_VERSION, + &sctx, &cctx, cert, privkey))) + return 0; + + /* We cannot log the master secret for TLSv1.3, so we should forbid it. */ + SSL_CTX_set_options(cctx, SSL_OP_NO_TLSv1_3); + SSL_CTX_set_options(sctx, SSL_OP_NO_TLSv1_3); + + /* We also want to ensure that we use RSA-based key exchange. */ + if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "RSA"))) + goto end; + + if (!TEST_true(SSL_CTX_get_keylog_callback(cctx) == NULL) + || !TEST_true(SSL_CTX_get_keylog_callback(sctx) == NULL)) + goto end; + SSL_CTX_set_keylog_callback(cctx, client_keylog_callback); + if (!TEST_true(SSL_CTX_get_keylog_callback(cctx) + == client_keylog_callback)) + goto end; + SSL_CTX_set_keylog_callback(sctx, server_keylog_callback); + if (!TEST_true(SSL_CTX_get_keylog_callback(sctx) + == server_keylog_callback)) + goto end; + + /* Now do a handshake and check that the logs have been written to. */ + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + || !TEST_false(error_writing_log) + || !TEST_int_gt(client_log_buffer_index, 0) + || !TEST_int_gt(server_log_buffer_index, 0)) + goto end; + + /* + * Now we want to test that our output data was vaguely sensible. We + * do that by using strtok and confirming that we have more or less the + * data we expect. For both client and server, we expect to see one master + * secret. The client should also see a RSA key exchange. + */ + expected.rsa_key_exchange_count = 1; + expected.master_secret_count = 1; + if (!TEST_true(test_keylog_output(client_log_buffer, clientssl, + SSL_get_session(clientssl), &expected))) + goto end; + + expected.rsa_key_exchange_count = 0; + if (!TEST_true(test_keylog_output(server_log_buffer, serverssl, + SSL_get_session(serverssl), &expected))) + goto end; + + testresult = 1; + +end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} +#endif + +#ifndef OPENSSL_NO_TLS1_3 +static int test_keylog_no_master_key(void) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + SSL_SESSION *sess = NULL; + int testresult = 0; + struct sslapitest_log_counts expected = {0}; + unsigned char buf[1]; + size_t readbytes, written; + + /* Clean up logging space */ + memset(client_log_buffer, 0, sizeof(client_log_buffer)); + memset(server_log_buffer, 0, sizeof(server_log_buffer)); + client_log_buffer_index = 0; + server_log_buffer_index = 0; + error_writing_log = 0; + + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), + TLS1_VERSION, TLS_MAX_VERSION, + &sctx, &cctx, cert, privkey)) + || !TEST_true(SSL_CTX_set_max_early_data(sctx, + SSL3_RT_MAX_PLAIN_LENGTH))) + return 0; + + if (!TEST_true(SSL_CTX_get_keylog_callback(cctx) == NULL) + || !TEST_true(SSL_CTX_get_keylog_callback(sctx) == NULL)) + goto end; + + SSL_CTX_set_keylog_callback(cctx, client_keylog_callback); + if (!TEST_true(SSL_CTX_get_keylog_callback(cctx) + == client_keylog_callback)) + goto end; + + SSL_CTX_set_keylog_callback(sctx, server_keylog_callback); + if (!TEST_true(SSL_CTX_get_keylog_callback(sctx) + == server_keylog_callback)) + goto end; + + /* Now do a handshake and check that the logs have been written to. */ + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + || !TEST_false(error_writing_log)) + goto end; + + /* + * Now we want to test that our output data was vaguely sensible. For this + * test, we expect no CLIENT_RANDOM entry because it doesn't make sense for + * TLSv1.3, but we do expect both client and server to emit keys. + */ + expected.client_handshake_secret_count = 1; + expected.server_handshake_secret_count = 1; + expected.client_application_secret_count = 1; + expected.server_application_secret_count = 1; + expected.exporter_secret_count = 1; + if (!TEST_true(test_keylog_output(client_log_buffer, clientssl, + SSL_get_session(clientssl), &expected)) + || !TEST_true(test_keylog_output(server_log_buffer, serverssl, + SSL_get_session(serverssl), + &expected))) + goto end; + + /* Terminate old session and resume with early data. */ + sess = SSL_get1_session(clientssl); + SSL_shutdown(clientssl); + SSL_shutdown(serverssl); + SSL_free(serverssl); + SSL_free(clientssl); + serverssl = clientssl = NULL; + + /* Reset key log */ + memset(client_log_buffer, 0, sizeof(client_log_buffer)); + memset(server_log_buffer, 0, sizeof(server_log_buffer)); + client_log_buffer_index = 0; + server_log_buffer_index = 0; + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL)) + || !TEST_true(SSL_set_session(clientssl, sess)) + /* Here writing 0 length early data is enough. */ + || !TEST_true(SSL_write_early_data(clientssl, NULL, 0, &written)) + || !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), + &readbytes), + SSL_READ_EARLY_DATA_ERROR) + || !TEST_int_eq(SSL_get_early_data_status(serverssl), + SSL_EARLY_DATA_ACCEPTED) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + || !TEST_true(SSL_session_reused(clientssl))) + goto end; + + /* In addition to the previous entries, expect early secrets. */ + expected.client_early_secret_count = 1; + expected.early_exporter_secret_count = 1; + if (!TEST_true(test_keylog_output(client_log_buffer, clientssl, + SSL_get_session(clientssl), &expected)) + || !TEST_true(test_keylog_output(server_log_buffer, serverssl, + SSL_get_session(serverssl), + &expected))) + goto end; + + testresult = 1; + +end: + SSL_SESSION_free(sess); + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} +#endif + +#ifndef OPENSSL_NO_TLS1_2 +static int full_client_hello_callback(SSL *s, int *al, void *arg) +{ + int *ctr = arg; + const unsigned char *p; + int *exts; + /* We only configure two ciphers, but the SCSV is added automatically. */ +#ifdef OPENSSL_NO_EC + const unsigned char expected_ciphers[] = {0x00, 0x9d, 0x00, 0xff}; +#else + const unsigned char expected_ciphers[] = {0x00, 0x9d, 0xc0, + 0x2c, 0x00, 0xff}; +#endif + const int expected_extensions[] = { +#ifndef OPENSSL_NO_EC + 11, 10, +#endif + 35, 22, 23, 13}; + size_t len; + + /* Make sure we can defer processing and get called back. */ + if ((*ctr)++ == 0) + return SSL_CLIENT_HELLO_RETRY; + + len = SSL_client_hello_get0_ciphers(s, &p); + if (!TEST_mem_eq(p, len, expected_ciphers, sizeof(expected_ciphers)) + || !TEST_size_t_eq( + SSL_client_hello_get0_compression_methods(s, &p), 1) + || !TEST_int_eq(*p, 0)) + return SSL_CLIENT_HELLO_ERROR; + if (!SSL_client_hello_get1_extensions_present(s, &exts, &len)) + return SSL_CLIENT_HELLO_ERROR; + if (len != OSSL_NELEM(expected_extensions) || + memcmp(exts, expected_extensions, len * sizeof(*exts)) != 0) { + printf("ClientHello callback expected extensions mismatch\n"); + OPENSSL_free(exts); + return SSL_CLIENT_HELLO_ERROR; + } + OPENSSL_free(exts); + return SSL_CLIENT_HELLO_SUCCESS; +} + +static int test_client_hello_cb(void) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testctr = 0, testresult = 0; + + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), + TLS1_VERSION, TLS_MAX_VERSION, + &sctx, &cctx, cert, privkey))) + goto end; + SSL_CTX_set_client_hello_cb(sctx, full_client_hello_callback, &testctr); + + /* The gimpy cipher list we configure can't do TLS 1.3. */ + SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION); + + if (!TEST_true(SSL_CTX_set_cipher_list(cctx, + "AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384")) + || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL)) + || !TEST_false(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_WANT_CLIENT_HELLO_CB)) + /* + * Passing a -1 literal is a hack since + * the real value was lost. + * */ + || !TEST_int_eq(SSL_get_error(serverssl, -1), + SSL_ERROR_WANT_CLIENT_HELLO_CB) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + + testresult = 1; + +end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} +#endif static int execute_test_large_message(const SSL_METHOD *smeth, const SSL_METHOD *cmeth, @@ -42,29 +589,23 @@ static int execute_test_large_message(const SSL_METHOD *smeth, SSL *clientssl = NULL, *serverssl = NULL; int testresult = 0; int i; - BIO *certbio = BIO_new_file(cert, "r"); + BIO *certbio = NULL; X509 *chaincert = NULL; int certlen; - if (certbio == NULL) { - printf("Can't load the certificate file\n"); + if (!TEST_ptr(certbio = BIO_new_file(cert, "r"))) goto end; - } chaincert = PEM_read_bio_X509(certbio, NULL, NULL, NULL); BIO_free(certbio); certbio = NULL; - if (chaincert == NULL) { - printf("Unable to load certificate for chain\n"); + if (!TEST_ptr(chaincert)) goto end; - } - if (!create_ssl_ctx_pair(smeth, cmeth, min_version, max_version, &sctx, - &cctx, cert, privkey)) { - printf("Unable to create SSL_CTX pair\n"); + if (!TEST_true(create_ssl_ctx_pair(smeth, cmeth, min_version, max_version, + &sctx, &cctx, cert, privkey))) goto end; - } - if(read_ahead) { + if (read_ahead) { /* * Test that read_ahead works correctly when dealing with large * records @@ -76,42 +617,33 @@ static int execute_test_large_message(const SSL_METHOD *smeth, * We assume the supplied certificate is big enough so that if we add * NUM_EXTRA_CERTS it will make the overall message large enough. The * default buffer size is requested to be 16k, but due to the way BUF_MEM - * works, it ends up allocating a little over 21k (16 * 4/3). So, in this test - * we need to have a message larger than that. + * works, it ends up allocating a little over 21k (16 * 4/3). So, in this + * test we need to have a message larger than that. */ certlen = i2d_X509(chaincert, NULL); - OPENSSL_assert((certlen * NUM_EXTRA_CERTS) - > ((SSL3_RT_MAX_PLAIN_LENGTH * 4) / 3)); + OPENSSL_assert(certlen * NUM_EXTRA_CERTS > + (SSL3_RT_MAX_PLAIN_LENGTH * 4) / 3); for (i = 0; i < NUM_EXTRA_CERTS; i++) { - if (!X509_up_ref(chaincert)) { - printf("Unable to up ref cert\n"); + if (!X509_up_ref(chaincert)) goto end; - } if (!SSL_CTX_add_extra_chain_cert(sctx, chaincert)) { - printf("Unable to add extra chain cert %d\n", i); X509_free(chaincert); goto end; } } - if (!create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL)) { - printf("Unable to create SSL objects\n"); - goto end; - } - - if (!create_ssl_connection(serverssl, clientssl)) { - printf("Unable to create SSL connection\n"); + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) goto end; - } /* * Calling SSL_clear() first is not required but this tests that SSL_clear() * doesn't leak (when using enable-crypto-mdebug). */ - if (!SSL_clear(serverssl)) { - printf("Unexpected failure from SSL_clear()\n"); + if (!TEST_true(SSL_clear(serverssl))) goto end; - } testresult = 1; end: @@ -156,7 +688,7 @@ static int test_large_message_dtls(void) static int ocsp_server_cb(SSL *s, void *arg) { int *argi = (int *)arg; - unsigned char *orespdercopy = NULL; + unsigned char *copy = NULL; STACK_OF(OCSP_RESPID) *ids = NULL; OCSP_RESPID *id = NULL; @@ -173,15 +705,11 @@ static int ocsp_server_cb(SSL *s, void *arg) return SSL_TLSEXT_ERR_ALERT_FATAL; } - - orespdercopy = OPENSSL_memdup(orespder, sizeof(orespder)); - if (orespdercopy == NULL) + if (!TEST_ptr(copy = OPENSSL_memdup(orespder, sizeof(orespder)))) return SSL_TLSEXT_ERR_ALERT_FATAL; - SSL_set_tlsext_status_ocsp_resp(s, orespdercopy, sizeof(orespder)); - + SSL_set_tlsext_status_ocsp_resp(s, copy, sizeof(orespder)); ocsp_server_called = 1; - return SSL_TLSEXT_ERR_OK; } @@ -195,12 +723,10 @@ static int ocsp_client_cb(SSL *s, void *arg) return 0; len = SSL_get_tlsext_status_ocsp_resp(s, &respderin); - - if (memcmp(orespder, respderin, len) != 0) + if (!TEST_mem_eq(orespder, len, respderin, len)) return 0; ocsp_client_called = 1; - return 1; } @@ -214,56 +740,33 @@ static int test_tlsext_status_type(void) BIO *certbio = NULL; if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, &sctx, &cctx, - cert, privkey)) { - printf("Unable to create SSL_CTX pair\n"); + TLS1_VERSION, TLS_MAX_VERSION, + &sctx, &cctx, cert, privkey)) return 0; - } - if (SSL_CTX_get_tlsext_status_type(cctx) != -1) { - printf("Unexpected initial value for " - "SSL_CTX_get_tlsext_status_type()\n"); + if (SSL_CTX_get_tlsext_status_type(cctx) != -1) goto end; - } /* First just do various checks getting and setting tlsext_status_type */ clientssl = SSL_new(cctx); - if (SSL_get_tlsext_status_type(clientssl) != -1) { - printf("Unexpected initial value for SSL_get_tlsext_status_type()\n"); - goto end; - } - - if (!SSL_set_tlsext_status_type(clientssl, TLSEXT_STATUSTYPE_ocsp)) { - printf("Unexpected fail for SSL_set_tlsext_status_type()\n"); + if (!TEST_int_eq(SSL_get_tlsext_status_type(clientssl), -1) + || !TEST_true(SSL_set_tlsext_status_type(clientssl, + TLSEXT_STATUSTYPE_ocsp)) + || !TEST_int_eq(SSL_get_tlsext_status_type(clientssl), + TLSEXT_STATUSTYPE_ocsp)) goto end; - } - - if (SSL_get_tlsext_status_type(clientssl) != TLSEXT_STATUSTYPE_ocsp) { - printf("Unexpected result for SSL_get_tlsext_status_type()\n"); - goto end; - } SSL_free(clientssl); clientssl = NULL; - if (!SSL_CTX_set_tlsext_status_type(cctx, TLSEXT_STATUSTYPE_ocsp)) { - printf("Unexpected fail for SSL_CTX_set_tlsext_status_type()\n"); + if (!SSL_CTX_set_tlsext_status_type(cctx, TLSEXT_STATUSTYPE_ocsp) + || SSL_CTX_get_tlsext_status_type(cctx) != TLSEXT_STATUSTYPE_ocsp) goto end; - } - - if (SSL_CTX_get_tlsext_status_type(cctx) != TLSEXT_STATUSTYPE_ocsp) { - printf("Unexpected result for SSL_CTX_get_tlsext_status_type()\n"); - goto end; - } clientssl = SSL_new(cctx); - - if (SSL_get_tlsext_status_type(clientssl) != TLSEXT_STATUSTYPE_ocsp) { - printf("Unexpected result for SSL_get_tlsext_status_type() (test 2)\n"); + if (SSL_get_tlsext_status_type(clientssl) != TLSEXT_STATUSTYPE_ocsp) goto end; - } - SSL_free(clientssl); clientssl = NULL; @@ -271,27 +774,17 @@ static int test_tlsext_status_type(void) * Now actually do a handshake and check OCSP information is exchanged and * the callbacks get called */ - SSL_CTX_set_tlsext_status_cb(cctx, ocsp_client_cb); SSL_CTX_set_tlsext_status_arg(cctx, &cdummyarg); SSL_CTX_set_tlsext_status_cb(sctx, ocsp_server_cb); SSL_CTX_set_tlsext_status_arg(sctx, &cdummyarg); - - if (!create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL)) { - printf("Unable to create SSL objects\n"); - goto end; - } - - if (!create_ssl_connection(serverssl, clientssl)) { - printf("Unable to create SSL connection\n"); + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + || !TEST_true(ocsp_client_called) + || !TEST_true(ocsp_server_called)) goto end; - } - - if (!ocsp_client_called || !ocsp_server_called) { - printf("OCSP callbacks not called\n"); - goto end; - } - SSL_free(serverssl); SSL_free(clientssl); serverssl = NULL; @@ -301,23 +794,14 @@ static int test_tlsext_status_type(void) ocsp_client_called = 0; ocsp_server_called = 0; cdummyarg = 0; - - if (!create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL)) { - printf("Unable to create SSL objects\n"); - goto end; - } - - /* This should fail because the callback will fail */ - if (create_ssl_connection(serverssl, clientssl)) { - printf("Unexpected success creating the connection\n"); - goto end; - } - - if (ocsp_client_called || ocsp_server_called) { - printf("OCSP callbacks successfully called unexpectedly\n"); + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL)) + /* This should fail because the callback will fail */ + || !TEST_false(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + || !TEST_false(ocsp_client_called) + || !TEST_false(ocsp_server_called)) goto end; - } - SSL_free(serverssl); SSL_free(clientssl); serverssl = NULL; @@ -330,30 +814,22 @@ static int test_tlsext_status_type(void) ocsp_client_called = 0; ocsp_server_called = 0; cdummyarg = 2; - - if (!create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL)) { - printf("Unable to create SSL objects\n"); + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL))) goto end; - } /* * We'll just use any old cert for this test - it doesn't have to be an OCSP * specific one. We'll use the server cert. */ - certbio = BIO_new_file(cert, "r"); - if (certbio == NULL) { - printf("Can't load the certificate file\n"); + if (!TEST_ptr(certbio = BIO_new_file(cert, "r")) + || !TEST_ptr(id = OCSP_RESPID_new()) + || !TEST_ptr(ids = sk_OCSP_RESPID_new_null()) + || !TEST_ptr(ocspcert = PEM_read_bio_X509(certbio, + NULL, NULL, NULL)) + || !TEST_true(OCSP_RESPID_set_by_key(id, ocspcert)) + || !TEST_true(sk_OCSP_RESPID_push(ids, id))) goto end; - } - id = OCSP_RESPID_new(); - ids = sk_OCSP_RESPID_new_null(); - ocspcert = PEM_read_bio_X509(certbio, NULL, NULL, NULL); - if (id == NULL || ids == NULL || ocspcert == NULL - || !OCSP_RESPID_set_by_key(id, ocspcert) - || !sk_OCSP_RESPID_push(ids, id)) { - printf("Unable to set OCSP_RESPIDs\n"); - goto end; - } id = NULL; SSL_set_tlsext_status_ids(clientssl, ids); /* Control has been transferred */ @@ -362,15 +838,11 @@ static int test_tlsext_status_type(void) BIO_free(certbio); certbio = NULL; - if (!create_ssl_connection(serverssl, clientssl)) { - printf("Unable to create SSL connection\n"); - goto end; - } - - if (!ocsp_client_called || !ocsp_server_called) { - printf("OCSP callbacks not called\n"); + if (!TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + || !TEST_true(ocsp_client_called) + || !TEST_true(ocsp_server_called)) goto end; - } testresult = 1; @@ -387,38 +859,19 @@ static int test_tlsext_status_type(void) return testresult; } -#endif /* ndef OPENSSL_NO_OCSP */ - -typedef struct ssl_session_test_fixture { - const char *test_case_name; - int use_ext_cache; - int use_int_cache; -} SSL_SESSION_TEST_FIXTURE; - -static int new_called = 0, remove_called = 0; - -static SSL_SESSION_TEST_FIXTURE -ssl_session_set_up(const char *const test_case_name) -{ - SSL_SESSION_TEST_FIXTURE fixture; - - fixture.test_case_name = test_case_name; - fixture.use_ext_cache = 1; - fixture.use_int_cache = 1; - - new_called = remove_called = 0; - - return fixture; -} +#endif -static void ssl_session_tear_down(SSL_SESSION_TEST_FIXTURE fixture) -{ -} +#if !defined(OPENSSL_NO_TLS1_3) || !defined(OPENSSL_NO_TLS1_2) +static int new_called, remove_called, get_called; static int new_session_cb(SSL *ssl, SSL_SESSION *sess) { new_called++; - + /* + * sess has been up-refed for us, but we don't actually need it so free it + * immediately. + */ + SSL_SESSION_free(sess); return 1; } @@ -427,35 +880,52 @@ static void remove_session_cb(SSL_CTX *ctx, SSL_SESSION *sess) remove_called++; } -static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix) +static SSL_SESSION *get_sess_val = NULL; + +static SSL_SESSION *get_session_cb(SSL *ssl, const unsigned char *id, int len, + int *copy) +{ + get_called++; + *copy = 1; + return get_sess_val; +} + +static int execute_test_session(int maxprot, int use_int_cache, + int use_ext_cache) { SSL_CTX *sctx = NULL, *cctx = NULL; SSL *serverssl1 = NULL, *clientssl1 = NULL; SSL *serverssl2 = NULL, *clientssl2 = NULL; -#ifndef OPENSSL_NO_TLS1_1 +# ifndef OPENSSL_NO_TLS1_1 SSL *serverssl3 = NULL, *clientssl3 = NULL; -#endif +# endif SSL_SESSION *sess1 = NULL, *sess2 = NULL; - int testresult = 0; + int testresult = 0, numnewsesstick = 1; - if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, &sctx, &cctx, - cert, privkey)) { - printf("Unable to create SSL_CTX pair\n"); + new_called = remove_called = 0; + + /* TLSv1.3 sends 2 NewSessionTickets */ + if (maxprot == TLS1_3_VERSION) + numnewsesstick = 2; + + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), + TLS1_VERSION, TLS_MAX_VERSION, + &sctx, &cctx, cert, privkey))) return 0; - } -#ifndef OPENSSL_NO_TLS1_2 - /* Only allow TLS1.2 so we can force a connection failure later */ - SSL_CTX_set_min_proto_version(cctx, TLS1_2_VERSION); -#endif + /* + * Only allow the max protocol version so we can force a connection failure + * later + */ + SSL_CTX_set_min_proto_version(cctx, maxprot); + SSL_CTX_set_max_proto_version(cctx, maxprot); /* Set up session cache */ - if (fix.use_ext_cache) { + if (use_ext_cache) { SSL_CTX_sess_set_new_cb(cctx, new_session_cb); SSL_CTX_sess_set_remove_cb(cctx, remove_session_cb); } - if (fix.use_int_cache) { + if (use_int_cache) { /* Also covers instance where both are set */ SSL_CTX_set_session_cache_mode(cctx, SSL_SESS_CACHE_CLIENT); } else { @@ -464,141 +934,226 @@ static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix) | SSL_SESS_CACHE_NO_INTERNAL_STORE); } - if (!create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1, NULL, - NULL)) { - printf("Unable to create SSL objects\n"); + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1, + NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl1, clientssl1, + SSL_ERROR_NONE)) + || !TEST_ptr(sess1 = SSL_get1_session(clientssl1))) goto end; - } - if (!create_ssl_connection(serverssl1, clientssl1)) { - printf("Unable to create SSL connection\n"); - goto end; - } - sess1 = SSL_get1_session(clientssl1); - if (sess1 == NULL) { - printf("Unexpected NULL session\n"); + /* Should fail because it should already be in the cache */ + if (use_int_cache && !TEST_false(SSL_CTX_add_session(cctx, sess1))) goto end; - } + if (use_ext_cache + && (!TEST_int_eq(new_called, numnewsesstick) - if (fix.use_int_cache && SSL_CTX_add_session(cctx, sess1)) { - /* Should have failed because it should already be in the cache */ - printf("Unexpected success adding session to cache\n"); + || !TEST_int_eq(remove_called, 0))) goto end; - } - if (fix.use_ext_cache && (new_called != 1 || remove_called != 0)) { - printf("Session not added to cache\n"); + new_called = remove_called = 0; + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl2, + &clientssl2, NULL, NULL)) + || !TEST_true(SSL_set_session(clientssl2, sess1)) + || !TEST_true(create_ssl_connection(serverssl2, clientssl2, + SSL_ERROR_NONE)) + || !TEST_true(SSL_session_reused(clientssl2))) goto end; + + if (maxprot == TLS1_3_VERSION) { + /* + * In TLSv1.3 we should have created a new session even though we have + * resumed. Since we attempted a resume we should also have removed the + * old ticket from the cache so that we try to only use tickets once. + */ + if (use_ext_cache + && (!TEST_int_eq(new_called, 1) + || !TEST_int_eq(remove_called, 1))) + goto end; + } else { + /* + * In TLSv1.2 we expect to have resumed so no sessions added or + * removed. + */ + if (use_ext_cache + && (!TEST_int_eq(new_called, 0) + || !TEST_int_eq(remove_called, 0))) + goto end; } - if (!create_ssl_objects(sctx, cctx, &serverssl2, &clientssl2, NULL, NULL)) { - printf("Unable to create second SSL objects\n"); + SSL_SESSION_free(sess1); + if (!TEST_ptr(sess1 = SSL_get1_session(clientssl2))) goto end; - } + shutdown_ssl_connection(serverssl2, clientssl2); + serverssl2 = clientssl2 = NULL; - if (!create_ssl_connection(serverssl2, clientssl2)) { - printf("Unable to create second SSL connection\n"); + new_called = remove_called = 0; + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl2, + &clientssl2, NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl2, clientssl2, + SSL_ERROR_NONE))) goto end; - } - sess2 = SSL_get1_session(clientssl2); - if (sess2 == NULL) { - printf("Unexpected NULL session from clientssl2\n"); + if (!TEST_ptr(sess2 = SSL_get1_session(clientssl2))) goto end; - } - if (fix.use_ext_cache && (new_called != 2 || remove_called != 0)) { - printf("Remove session callback unexpectedly called\n"); + if (use_ext_cache + && (!TEST_int_eq(new_called, numnewsesstick) + || !TEST_int_eq(remove_called, 0))) goto end; - } + new_called = remove_called = 0; /* - * This should clear sess2 from the cache because it is a "bad" session. See - * SSL_set_session() documentation. + * This should clear sess2 from the cache because it is a "bad" session. + * See SSL_set_session() documentation. */ - if (!SSL_set_session(clientssl2, sess1)) { - printf("Unexpected failure setting session\n"); + if (!TEST_true(SSL_set_session(clientssl2, sess1))) goto end; - } - - if (fix.use_ext_cache && (new_called != 2 || remove_called != 1)) { - printf("Failed to call callback to remove session\n"); + if (use_ext_cache + && (!TEST_int_eq(new_called, 0) || !TEST_int_eq(remove_called, 1))) goto end; - } - - - if (SSL_get_session(clientssl2) != sess1) { - printf("Unexpected session found\n"); + if (!TEST_ptr_eq(SSL_get_session(clientssl2), sess1)) goto end; - } - - if (fix.use_int_cache) { - if (!SSL_CTX_add_session(cctx, sess2)) { - /* - * Should have succeeded because it should not already be in the cache - */ - printf("Unexpected failure adding session to cache\n"); - goto end; - } - if (!SSL_CTX_remove_session(cctx, sess2)) { - printf("Unexpected failure removing session from cache\n"); + if (use_int_cache) { + /* Should succeeded because it should not already be in the cache */ + if (!TEST_true(SSL_CTX_add_session(cctx, sess2)) + || !TEST_true(SSL_CTX_remove_session(cctx, sess2))) goto end; - } - - /* This is for the purposes of internal cache testing...ignore the - * counter for external cache - */ - if (fix.use_ext_cache) - remove_called--; } + new_called = remove_called = 0; /* This shouldn't be in the cache so should fail */ - if (SSL_CTX_remove_session(cctx, sess2)) { - printf("Unexpected success removing session from cache\n"); + if (!TEST_false(SSL_CTX_remove_session(cctx, sess2))) goto end; - } - if (fix.use_ext_cache && (new_called != 2 || remove_called != 2)) { - printf("Failed to call callback to remove session #2\n"); + if (use_ext_cache + && (!TEST_int_eq(new_called, 0) || !TEST_int_eq(remove_called, 1))) goto end; - } -#if !defined(OPENSSL_NO_TLS1_1) && !defined(OPENSSL_NO_TLS1_2) +# if !defined(OPENSSL_NO_TLS1_1) + new_called = remove_called = 0; /* Force a connection failure */ SSL_CTX_set_max_proto_version(sctx, TLS1_1_VERSION); - - if (!create_ssl_objects(sctx, cctx, &serverssl3, &clientssl3, NULL, NULL)) { - printf("Unable to create third SSL objects\n"); + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl3, + &clientssl3, NULL, NULL)) + || !TEST_true(SSL_set_session(clientssl3, sess1)) + /* This should fail because of the mismatched protocol versions */ + || !TEST_false(create_ssl_connection(serverssl3, clientssl3, + SSL_ERROR_NONE))) goto end; - } - if (!SSL_set_session(clientssl3, sess1)) { - printf("Unable to set session for third connection\n"); + /* We should have automatically removed the session from the cache */ + if (use_ext_cache + && (!TEST_int_eq(new_called, 0) || !TEST_int_eq(remove_called, 1))) goto end; - } - /* This should fail because of the mismatched protocol versions */ - if (create_ssl_connection(serverssl3, clientssl3)) { - printf("Unable to create third SSL connection\n"); + /* Should succeed because it should not already be in the cache */ + if (use_int_cache && !TEST_true(SSL_CTX_add_session(cctx, sess2))) goto end; +# endif + + /* Now do some tests for server side caching */ + if (use_ext_cache) { + SSL_CTX_sess_set_new_cb(cctx, NULL); + SSL_CTX_sess_set_remove_cb(cctx, NULL); + SSL_CTX_sess_set_new_cb(sctx, new_session_cb); + SSL_CTX_sess_set_remove_cb(sctx, remove_session_cb); + SSL_CTX_sess_set_get_cb(sctx, get_session_cb); + get_sess_val = NULL; } + SSL_CTX_set_session_cache_mode(cctx, 0); + /* Internal caching is the default on the server side */ + if (!use_int_cache) + SSL_CTX_set_session_cache_mode(sctx, + SSL_SESS_CACHE_SERVER + | SSL_SESS_CACHE_NO_INTERNAL_STORE); - /* We should have automatically removed the session from the cache */ - if (fix.use_ext_cache && (new_called != 2 || remove_called != 3)) { - printf("Failed to call callback to remove session #2\n"); + SSL_free(serverssl1); + SSL_free(clientssl1); + serverssl1 = clientssl1 = NULL; + SSL_free(serverssl2); + SSL_free(clientssl2); + serverssl2 = clientssl2 = NULL; + SSL_SESSION_free(sess1); + sess1 = NULL; + SSL_SESSION_free(sess2); + sess2 = NULL; + + SSL_CTX_set_max_proto_version(sctx, maxprot); + if (maxprot == TLS1_2_VERSION) + SSL_CTX_set_options(sctx, SSL_OP_NO_TICKET); + new_called = remove_called = get_called = 0; + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1, + NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl1, clientssl1, + SSL_ERROR_NONE)) + || !TEST_ptr(sess1 = SSL_get1_session(clientssl1)) + || !TEST_ptr(sess2 = SSL_get1_session(serverssl1))) goto end; + + if (use_int_cache) { + if (maxprot == TLS1_3_VERSION && !use_ext_cache) { + /* + * In TLSv1.3 it should not have been added to the internal cache, + * except in the case where we also have an external cache (in that + * case it gets added to the cache in order to generate remove + * events after timeout). + */ + if (!TEST_false(SSL_CTX_remove_session(sctx, sess2))) + goto end; + } else { + /* Should fail because it should already be in the cache */ + if (!TEST_false(SSL_CTX_add_session(sctx, sess2))) + goto end; + } } - if (fix.use_int_cache && !SSL_CTX_add_session(cctx, sess2)) { + if (use_ext_cache) { + SSL_SESSION *tmp = sess2; + + if (!TEST_int_eq(new_called, numnewsesstick) + || !TEST_int_eq(remove_called, 0) + || !TEST_int_eq(get_called, 0)) + goto end; /* - * Should have succeeded because it should not already be in the cache + * Delete the session from the internal cache to force a lookup from + * the external cache. We take a copy first because + * SSL_CTX_remove_session() also marks the session as non-resumable. */ - printf("Unexpected failure adding session to cache #2\n"); + if (use_int_cache && maxprot != TLS1_3_VERSION) { + if (!TEST_ptr(tmp = SSL_SESSION_dup(sess2)) + || !TEST_true(SSL_CTX_remove_session(sctx, sess2))) + goto end; + SSL_SESSION_free(sess2); + } + sess2 = tmp; + } + + new_called = remove_called = get_called = 0; + get_sess_val = sess2; + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl2, + &clientssl2, NULL, NULL)) + || !TEST_true(SSL_set_session(clientssl2, sess1)) + || !TEST_true(create_ssl_connection(serverssl2, clientssl2, + SSL_ERROR_NONE)) + || !TEST_true(SSL_session_reused(clientssl2))) goto end; + + if (use_ext_cache) { + if (!TEST_int_eq(remove_called, 0)) + goto end; + + if (maxprot == TLS1_3_VERSION) { + if (!TEST_int_eq(new_called, 1) + || !TEST_int_eq(get_called, 0)) + goto end; + } else { + if (!TEST_int_eq(new_called, 0) + || !TEST_int_eq(get_called, 1)) + goto end; + } } -#endif testresult = 1; @@ -607,55 +1162,369 @@ static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix) SSL_free(clientssl1); SSL_free(serverssl2); SSL_free(clientssl2); -#ifndef OPENSSL_NO_TLS1_1 +# ifndef OPENSSL_NO_TLS1_1 SSL_free(serverssl3); SSL_free(clientssl3); -#endif +# endif SSL_SESSION_free(sess1); SSL_SESSION_free(sess2); - /* - * Check if we need to remove any sessions up-refed for the external cache - */ - if (new_called >= 1) - SSL_SESSION_free(sess1); - if (new_called >= 2) - SSL_SESSION_free(sess2); SSL_CTX_free(sctx); SSL_CTX_free(cctx); return testresult; } +#endif /* !defined(OPENSSL_NO_TLS1_3) || !defined(OPENSSL_NO_TLS1_2) */ static int test_session_with_only_int_cache(void) { - SETUP_TEST_FIXTURE(SSL_SESSION_TEST_FIXTURE, ssl_session_set_up); - - fixture.use_ext_cache = 0; +#ifndef OPENSSL_NO_TLS1_3 + if (!execute_test_session(TLS1_3_VERSION, 1, 0)) + return 0; +#endif - EXECUTE_TEST(execute_test_session, ssl_session_tear_down); +#ifndef OPENSSL_NO_TLS1_2 + return execute_test_session(TLS1_2_VERSION, 1, 0); +#else + return 1; +#endif } static int test_session_with_only_ext_cache(void) { - SETUP_TEST_FIXTURE(SSL_SESSION_TEST_FIXTURE, ssl_session_set_up); - - fixture.use_int_cache = 0; +#ifndef OPENSSL_NO_TLS1_3 + if (!execute_test_session(TLS1_3_VERSION, 0, 1)) + return 0; +#endif - EXECUTE_TEST(execute_test_session, ssl_session_tear_down); +#ifndef OPENSSL_NO_TLS1_2 + return execute_test_session(TLS1_2_VERSION, 0, 1); +#else + return 1; +#endif } static int test_session_with_both_cache(void) { - SETUP_TEST_FIXTURE(SSL_SESSION_TEST_FIXTURE, ssl_session_set_up); +#ifndef OPENSSL_NO_TLS1_3 + if (!execute_test_session(TLS1_3_VERSION, 1, 1)) + return 0; +#endif + +#ifndef OPENSSL_NO_TLS1_2 + return execute_test_session(TLS1_2_VERSION, 1, 1); +#else + return 1; +#endif +} + +#ifndef OPENSSL_NO_TLS1_3 +static SSL_SESSION *sesscache[6]; +static int do_cache; + +static int new_cachesession_cb(SSL *ssl, SSL_SESSION *sess) +{ + if (do_cache) { + sesscache[new_called] = sess; + } else { + /* We don't need the reference to the session, so free it */ + SSL_SESSION_free(sess); + } + new_called++; + + return 1; +} + +static int post_handshake_verify(SSL *sssl, SSL *cssl) +{ + SSL_set_verify(sssl, SSL_VERIFY_PEER, NULL); + if (!TEST_true(SSL_verify_client_post_handshake(sssl))) + return 0; + + /* Start handshake on the server and client */ + if (!TEST_int_eq(SSL_do_handshake(sssl), 1) + || !TEST_int_le(SSL_read(cssl, NULL, 0), 0) + || !TEST_int_le(SSL_read(sssl, NULL, 0), 0) + || !TEST_true(create_ssl_connection(sssl, cssl, + SSL_ERROR_NONE))) + return 0; + + return 1; +} + +static int setup_ticket_test(int stateful, int idx, SSL_CTX **sctx, + SSL_CTX **cctx) +{ + int sess_id_ctx = 1; + + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), + TLS1_VERSION, TLS_MAX_VERSION, sctx, + cctx, cert, privkey)) + || !TEST_true(SSL_CTX_set_num_tickets(*sctx, idx)) + || !TEST_true(SSL_CTX_set_session_id_context(*sctx, + (void *)&sess_id_ctx, + sizeof(sess_id_ctx)))) + return 0; + + if (stateful) + SSL_CTX_set_options(*sctx, SSL_OP_NO_TICKET); + + SSL_CTX_set_session_cache_mode(*cctx, SSL_SESS_CACHE_CLIENT + | SSL_SESS_CACHE_NO_INTERNAL_STORE); + SSL_CTX_sess_set_new_cb(*cctx, new_cachesession_cb); + + return 1; +} + +static int check_resumption(int idx, SSL_CTX *sctx, SSL_CTX *cctx, int succ) +{ + SSL *serverssl = NULL, *clientssl = NULL; + int i; + + /* Test that we can resume with all the tickets we got given */ + for (i = 0; i < idx * 2; i++) { + new_called = 0; + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL)) + || !TEST_true(SSL_set_session(clientssl, sesscache[i]))) + goto end; + + SSL_set_post_handshake_auth(clientssl, 1); + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + + /* + * Following a successful resumption we only get 1 ticket. After a + * failed one we should get idx tickets. + */ + if (succ) { + if (!TEST_true(SSL_session_reused(clientssl)) + || !TEST_int_eq(new_called, 1)) + goto end; + } else { + if (!TEST_false(SSL_session_reused(clientssl)) + || !TEST_int_eq(new_called, idx)) + goto end; + } + + new_called = 0; + /* After a post-handshake authentication we should get 1 new ticket */ + if (succ + && (!post_handshake_verify(serverssl, clientssl) + || !TEST_int_eq(new_called, 1))) + goto end; + + SSL_shutdown(clientssl); + SSL_shutdown(serverssl); + SSL_free(serverssl); + SSL_free(clientssl); + serverssl = clientssl = NULL; + SSL_SESSION_free(sesscache[i]); + sesscache[i] = NULL; + } + + return 1; + + end: + SSL_free(clientssl); + SSL_free(serverssl); + return 0; +} + +static int test_tickets(int stateful, int idx) +{ + SSL_CTX *sctx = NULL, *cctx = NULL; + SSL *serverssl = NULL, *clientssl = NULL; + int testresult = 0; + size_t j; + + /* idx is the test number, but also the number of tickets we want */ + + new_called = 0; + do_cache = 1; + + if (!setup_ticket_test(stateful, idx, &sctx, &cctx)) + goto end; + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL))) + goto end; + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + /* Check we got the number of tickets we were expecting */ + || !TEST_int_eq(idx, new_called)) + goto end; + + SSL_shutdown(clientssl); + SSL_shutdown(serverssl); + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + clientssl = serverssl = NULL; + sctx = cctx = NULL; + + /* + * Now we try to resume with the tickets we previously created. The + * resumption attempt is expected to fail (because we're now using a new + * SSL_CTX). We should see idx number of tickets issued again. + */ + + /* Stop caching sessions - just count them */ + do_cache = 0; + + if (!setup_ticket_test(stateful, idx, &sctx, &cctx)) + goto end; + + if (!check_resumption(idx, sctx, cctx, 0)) + goto end; + + /* Start again with caching sessions */ + new_called = 0; + do_cache = 1; + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + sctx = cctx = NULL; + + if (!setup_ticket_test(stateful, idx, &sctx, &cctx)) + goto end; + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL))) + goto end; + + SSL_set_post_handshake_auth(clientssl, 1); + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + /* Check we got the number of tickets we were expecting */ + || !TEST_int_eq(idx, new_called)) + goto end; + + /* After a post-handshake authentication we should get new tickets issued */ + if (!post_handshake_verify(serverssl, clientssl) + || !TEST_int_eq(idx * 2, new_called)) + goto end; + + SSL_shutdown(clientssl); + SSL_shutdown(serverssl); + SSL_free(serverssl); + SSL_free(clientssl); + serverssl = clientssl = NULL; + + /* Stop caching sessions - just count them */ + do_cache = 0; + + /* + * Check we can resume with all the tickets we created. This time around the + * resumptions should all be successful. + */ + if (!check_resumption(idx, sctx, cctx, 1)) + goto end; + + testresult = 1; + + end: + SSL_free(serverssl); + SSL_free(clientssl); + for (j = 0; j < OSSL_NELEM(sesscache); j++) { + SSL_SESSION_free(sesscache[j]); + sesscache[j] = NULL; + } + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} + +static int test_stateless_tickets(int idx) +{ + return test_tickets(0, idx); +} + +static int test_stateful_tickets(int idx) +{ + return test_tickets(1, idx); +} + +static int test_psk_tickets(void) +{ + SSL_CTX *sctx = NULL, *cctx = NULL; + SSL *serverssl = NULL, *clientssl = NULL; + int testresult = 0; + int sess_id_ctx = 1; + + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), + TLS1_VERSION, TLS_MAX_VERSION, &sctx, + &cctx, NULL, NULL)) + || !TEST_true(SSL_CTX_set_session_id_context(sctx, + (void *)&sess_id_ctx, + sizeof(sess_id_ctx)))) + goto end; + + SSL_CTX_set_session_cache_mode(cctx, SSL_SESS_CACHE_CLIENT + | SSL_SESS_CACHE_NO_INTERNAL_STORE); + SSL_CTX_set_psk_use_session_callback(cctx, use_session_cb); + SSL_CTX_set_psk_find_session_callback(sctx, find_session_cb); + SSL_CTX_sess_set_new_cb(cctx, new_session_cb); + use_session_cb_cnt = 0; + find_session_cb_cnt = 0; + srvid = pskid; + new_called = 0; + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL))) + goto end; + clientpsk = serverpsk = create_a_psk(clientssl); + if (!TEST_ptr(clientpsk)) + goto end; + SSL_SESSION_up_ref(clientpsk); + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + || !TEST_int_eq(1, find_session_cb_cnt) + || !TEST_int_eq(1, use_session_cb_cnt) + /* We should always get 1 ticket when using external PSK */ + || !TEST_int_eq(1, new_called)) + goto end; + + testresult = 1; + + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + SSL_SESSION_free(clientpsk); + SSL_SESSION_free(serverpsk); + clientpsk = serverpsk = NULL; - EXECUTE_TEST(execute_test_session, ssl_session_tear_down); + return testresult; } +#endif + +#define USE_NULL 0 +#define USE_BIO_1 1 +#define USE_BIO_2 2 +#define USE_DEFAULT 3 -#define USE_NULL 0 -#define USE_BIO_1 1 -#define USE_BIO_2 2 +#define CONNTYPE_CONNECTION_SUCCESS 0 +#define CONNTYPE_CONNECTION_FAIL 1 +#define CONNTYPE_NO_CONNECTION 2 -#define TOTAL_SSL_SET_BIO_TESTS (3 * 3 * 3 * 3) +#define TOTAL_NO_CONN_SSL_SET_BIO_TESTS (3 * 3 * 3 * 3) +#define TOTAL_CONN_SUCCESS_SSL_SET_BIO_TESTS (2 * 2) +#if !defined(OPENSSL_NO_TLS1_3) && !defined(OPENSSL_NO_TLS1_2) +# define TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS (2 * 2) +#else +# define TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS 0 +#endif + +#define TOTAL_SSL_SET_BIO_TESTS TOTAL_NO_CONN_SSL_SET_BIO_TESTS \ + + TOTAL_CONN_SUCCESS_SSL_SET_BIO_TESTS \ + + TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS static void setupbio(BIO **res, BIO *bio1, BIO *bio2, int type) { @@ -672,67 +1541,104 @@ static void setupbio(BIO **res, BIO *bio1, BIO *bio2, int type) } } + +/* + * Tests calls to SSL_set_bio() under various conditions. + * + * For the first 3 * 3 * 3 * 3 = 81 tests we do 2 calls to SSL_set_bio() with + * various combinations of valid BIOs or NULL being set for the rbio/wbio. We + * then do more tests where we create a successful connection first using our + * standard connection setup functions, and then call SSL_set_bio() with + * various combinations of valid BIOs or NULL. We then repeat these tests + * following a failed connection. In this last case we are looking to check that + * SSL_set_bio() functions correctly in the case where s->bbio is not NULL. + */ static int test_ssl_set_bio(int idx) { - SSL_CTX *ctx = SSL_CTX_new(TLS_method()); + SSL_CTX *sctx = NULL, *cctx = NULL; BIO *bio1 = NULL; BIO *bio2 = NULL; BIO *irbio = NULL, *iwbio = NULL, *nrbio = NULL, *nwbio = NULL; - SSL *ssl = NULL; - int initrbio, initwbio, newrbio, newwbio; + SSL *serverssl = NULL, *clientssl = NULL; + int initrbio, initwbio, newrbio, newwbio, conntype; int testresult = 0; - if (ctx == NULL) { - printf("Failed to allocate SSL_CTX\n"); - goto end; + if (idx < TOTAL_NO_CONN_SSL_SET_BIO_TESTS) { + initrbio = idx % 3; + idx /= 3; + initwbio = idx % 3; + idx /= 3; + newrbio = idx % 3; + idx /= 3; + newwbio = idx % 3; + conntype = CONNTYPE_NO_CONNECTION; + } else { + idx -= TOTAL_NO_CONN_SSL_SET_BIO_TESTS; + initrbio = initwbio = USE_DEFAULT; + newrbio = idx % 2; + idx /= 2; + newwbio = idx % 2; + idx /= 2; + conntype = idx % 2; } - ssl = SSL_new(ctx); - if (ssl == NULL) { - printf("Failed to allocate SSL object\n"); + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), + TLS1_VERSION, TLS_MAX_VERSION, + &sctx, &cctx, cert, privkey))) goto end; + + if (conntype == CONNTYPE_CONNECTION_FAIL) { + /* + * We won't ever get here if either TLSv1.3 or TLSv1.2 is disabled + * because we reduced the number of tests in the definition of + * TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS to avoid this scenario. By setting + * mismatched protocol versions we will force a connection failure. + */ + SSL_CTX_set_min_proto_version(sctx, TLS1_3_VERSION); + SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION); } - initrbio = idx % 3; - idx /= 3; - initwbio = idx % 3; - idx /= 3; - newrbio = idx % 3; - idx /= 3; - newwbio = idx; - OPENSSL_assert(newwbio <= 2); + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL))) + goto end; - if (initrbio == USE_BIO_1 || initwbio == USE_BIO_1 || newrbio == USE_BIO_1 + if (initrbio == USE_BIO_1 + || initwbio == USE_BIO_1 + || newrbio == USE_BIO_1 || newwbio == USE_BIO_1) { - bio1 = BIO_new(BIO_s_mem()); - if (bio1 == NULL) { - printf("Failed to allocate bio1\n"); + if (!TEST_ptr(bio1 = BIO_new(BIO_s_mem()))) goto end; - } } - if (initrbio == USE_BIO_2 || initwbio == USE_BIO_2 || newrbio == USE_BIO_2 + if (initrbio == USE_BIO_2 + || initwbio == USE_BIO_2 + || newrbio == USE_BIO_2 || newwbio == USE_BIO_2) { - bio2 = BIO_new(BIO_s_mem()); - if (bio2 == NULL) { - printf("Failed to allocate bio2\n"); + if (!TEST_ptr(bio2 = BIO_new(BIO_s_mem()))) goto end; - } } - setupbio(&irbio, bio1, bio2, initrbio); - setupbio(&iwbio, bio1, bio2, initwbio); + if (initrbio != USE_DEFAULT) { + setupbio(&irbio, bio1, bio2, initrbio); + setupbio(&iwbio, bio1, bio2, initwbio); + SSL_set_bio(clientssl, irbio, iwbio); - /* - * We want to maintain our own refs to these BIO, so do an up ref for each - * BIO that will have ownership transferred in the SSL_set_bio() call - */ - if (irbio != NULL) - BIO_up_ref(irbio); - if (iwbio != NULL && iwbio != irbio) - BIO_up_ref(iwbio); + /* + * We want to maintain our own refs to these BIO, so do an up ref for + * each BIO that will have ownership transferred in the SSL_set_bio() + * call + */ + if (irbio != NULL) + BIO_up_ref(irbio); + if (iwbio != NULL && iwbio != irbio) + BIO_up_ref(iwbio); + } - SSL_set_bio(ssl, irbio, iwbio); + if (conntype != CONNTYPE_NO_CONNECTION + && !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE) + == (conntype == CONNTYPE_CONNECTION_SUCCESS))) + goto end; setupbio(&nrbio, bio1, bio2, newrbio); setupbio(&nwbio, bio1, bio2, newwbio); @@ -742,78 +1648,52 @@ static int test_ssl_set_bio(int idx) * SSL_set_bio() has some really complicated ownership rules where BIOs have * already been set! */ - if (nrbio != NULL && nrbio != irbio && (nwbio != iwbio || nrbio != nwbio)) + if (nrbio != NULL + && nrbio != irbio + && (nwbio != iwbio || nrbio != nwbio)) BIO_up_ref(nrbio); - if (nwbio != NULL && nwbio != nrbio && (nwbio != iwbio || (nwbio == iwbio && irbio == iwbio))) + if (nwbio != NULL + && nwbio != nrbio + && (nwbio != iwbio || (nwbio == iwbio && irbio == iwbio))) BIO_up_ref(nwbio); - SSL_set_bio(ssl, nrbio, nwbio); + SSL_set_bio(clientssl, nrbio, nwbio); testresult = 1; end: - SSL_free(ssl); BIO_free(bio1); BIO_free(bio2); + /* * This test is checking that the ref counting for SSL_set_bio is correct. * If we get here and we did too many frees then we will fail in the above * functions. If we haven't done enough then this will only be detected in * a crypto-mdebug build */ - SSL_CTX_free(ctx); - + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); return testresult; } -typedef struct ssl_bio_test_fixture { - const char *test_case_name; - int pop_ssl; - enum { NO_BIO_CHANGE, CHANGE_RBIO, CHANGE_WBIO } change_bio; -} SSL_BIO_TEST_FIXTURE; - -static SSL_BIO_TEST_FIXTURE ssl_bio_set_up(const char *const test_case_name) -{ - SSL_BIO_TEST_FIXTURE fixture; - - fixture.test_case_name = test_case_name; - fixture.pop_ssl = 0; - fixture.change_bio = NO_BIO_CHANGE; - - return fixture; -} - -static void ssl_bio_tear_down(SSL_BIO_TEST_FIXTURE fixture) -{ -} +typedef enum { NO_BIO_CHANGE, CHANGE_RBIO, CHANGE_WBIO } bio_change_t; -static int execute_test_ssl_bio(SSL_BIO_TEST_FIXTURE fix) +static int execute_test_ssl_bio(int pop_ssl, bio_change_t change_bio) { BIO *sslbio = NULL, *membio1 = NULL, *membio2 = NULL; - SSL_CTX *ctx = SSL_CTX_new(TLS_method()); + SSL_CTX *ctx; SSL *ssl = NULL; int testresult = 0; - if (ctx == NULL) { - printf("Failed to allocate SSL_CTX\n"); - return 0; - } - - ssl = SSL_new(ctx); - if (ssl == NULL) { - printf("Failed to allocate SSL object\n"); + if (!TEST_ptr(ctx = SSL_CTX_new(TLS_method())) + || !TEST_ptr(ssl = SSL_new(ctx)) + || !TEST_ptr(sslbio = BIO_new(BIO_f_ssl())) + || !TEST_ptr(membio1 = BIO_new(BIO_s_mem()))) goto end; - } - sslbio = BIO_new(BIO_f_ssl()); - membio1 = BIO_new(BIO_s_mem()); - - if (sslbio == NULL || membio1 == NULL) { - printf("Malloc failure creating BIOs\n"); - goto end; - } - - BIO_set_ssl(sslbio, ssl, BIO_CLOSE); + BIO_set_ssl(sslbio, ssl, BIO_CLOSE); /* * If anything goes wrong here then we could leak memory, so this will @@ -822,20 +1702,17 @@ static int execute_test_ssl_bio(SSL_BIO_TEST_FIXTURE fix) BIO_push(sslbio, membio1); /* Verify changing the rbio/wbio directly does not cause leaks */ - if (fix.change_bio != NO_BIO_CHANGE) { - membio2 = BIO_new(BIO_s_mem()); - if (membio2 == NULL) { - printf("Malloc failure creating membio2\n"); + if (change_bio != NO_BIO_CHANGE) { + if (!TEST_ptr(membio2 = BIO_new(BIO_s_mem()))) goto end; - } - if (fix.change_bio == CHANGE_RBIO) + if (change_bio == CHANGE_RBIO) SSL_set0_rbio(ssl, membio2); else SSL_set0_wbio(ssl, membio2); } ssl = NULL; - if (fix.pop_ssl) + if (pop_ssl) BIO_pop(sslbio); else BIO_pop(membio1); @@ -852,38 +1729,25 @@ static int execute_test_ssl_bio(SSL_BIO_TEST_FIXTURE fix) static int test_ssl_bio_pop_next_bio(void) { - SETUP_TEST_FIXTURE(SSL_BIO_TEST_FIXTURE, ssl_bio_set_up); - - EXECUTE_TEST(execute_test_ssl_bio, ssl_bio_tear_down); + return execute_test_ssl_bio(0, NO_BIO_CHANGE); } static int test_ssl_bio_pop_ssl_bio(void) { - SETUP_TEST_FIXTURE(SSL_BIO_TEST_FIXTURE, ssl_bio_set_up); - - fixture.pop_ssl = 1; - - EXECUTE_TEST(execute_test_ssl_bio, ssl_bio_tear_down); + return execute_test_ssl_bio(1, NO_BIO_CHANGE); } static int test_ssl_bio_change_rbio(void) { - SETUP_TEST_FIXTURE(SSL_BIO_TEST_FIXTURE, ssl_bio_set_up); - - fixture.change_bio = CHANGE_RBIO; - - EXECUTE_TEST(execute_test_ssl_bio, ssl_bio_tear_down); + return execute_test_ssl_bio(0, CHANGE_RBIO); } static int test_ssl_bio_change_wbio(void) { - SETUP_TEST_FIXTURE(SSL_BIO_TEST_FIXTURE, ssl_bio_set_up); - - fixture.change_bio = CHANGE_WBIO; - - EXECUTE_TEST(execute_test_ssl_bio, ssl_bio_tear_down); + return execute_test_ssl_bio(0, CHANGE_WBIO); } +#if !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3) typedef struct { /* The list of sig algs */ const int *list; @@ -898,19 +1762,25 @@ typedef struct { } sigalgs_list; static const int validlist1[] = {NID_sha256, EVP_PKEY_RSA}; +# ifndef OPENSSL_NO_EC static const int validlist2[] = {NID_sha256, EVP_PKEY_RSA, NID_sha512, EVP_PKEY_EC}; static const int validlist3[] = {NID_sha512, EVP_PKEY_EC}; +# endif static const int invalidlist1[] = {NID_undef, EVP_PKEY_RSA}; static const int invalidlist2[] = {NID_sha256, NID_undef}; static const int invalidlist3[] = {NID_sha256, EVP_PKEY_RSA, NID_sha256}; static const int invalidlist4[] = {NID_sha256}; static const sigalgs_list testsigalgs[] = { {validlist1, OSSL_NELEM(validlist1), NULL, 1, 1}, +# ifndef OPENSSL_NO_EC {validlist2, OSSL_NELEM(validlist2), NULL, 1, 1}, {validlist3, OSSL_NELEM(validlist3), NULL, 1, 0}, +# endif {NULL, 0, "RSA+SHA256", 1, 1}, +# ifndef OPENSSL_NO_EC {NULL, 0, "RSA+SHA256:ECDSA+SHA512", 1, 1}, {NULL, 0, "ECDSA+SHA512", 1, 0}, +# endif {invalidlist1, OSSL_NELEM(invalidlist1), NULL, 0, 0}, {invalidlist2, OSSL_NELEM(invalidlist2), NULL, 0, 0}, {invalidlist3, OSSL_NELEM(invalidlist3), NULL, 0, 0}, @@ -918,7 +1788,8 @@ static const sigalgs_list testsigalgs[] = { {NULL, 0, "RSA", 0, 0}, {NULL, 0, "SHA256", 0, 0}, {NULL, 0, "RSA+SHA256:SHA256", 0, 0}, - {NULL, 0, "Invalid", 0, 0}}; + {NULL, 0, "Invalid", 0, 0} +}; static int test_set_sigalgs(int idx) { @@ -929,22 +1800,27 @@ static int test_set_sigalgs(int idx) int testctx; /* Should never happen */ - if ((size_t)idx >= OSSL_NELEM(testsigalgs) * 2) + if (!TEST_size_t_le((size_t)idx, OSSL_NELEM(testsigalgs) * 2)) return 0; testctx = ((size_t)idx < OSSL_NELEM(testsigalgs)); curr = testctx ? &testsigalgs[idx] : &testsigalgs[idx - OSSL_NELEM(testsigalgs)]; - if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, &sctx, &cctx, - cert, privkey)) { - printf("Unable to create SSL_CTX pair\n"); + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), + TLS1_VERSION, TLS_MAX_VERSION, + &sctx, &cctx, cert, privkey))) return 0; - } + + /* + * TODO(TLS1.3): These APIs cannot set TLSv1.3 sig algs so we just test it + * for TLSv1.2 for now until we add a new API. + */ + SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION); if (testctx) { int ret; + if (curr->list != NULL) ret = SSL_CTX_set1_sigalgs(cctx, curr->list, curr->listlen); else @@ -952,22 +1828,20 @@ static int test_set_sigalgs(int idx) if (!ret) { if (curr->valid) - printf("Unexpected failure setting sigalgs in SSL_CTX (%d)\n", - idx); + TEST_info("Failure setting sigalgs in SSL_CTX (%d)\n", idx); else testresult = 1; goto end; } if (!curr->valid) { - printf("Unexpected success setting sigalgs in SSL_CTX (%d)\n", idx); + TEST_info("Not-failed setting sigalgs in SSL_CTX (%d)\n", idx); goto end; } } - if (!create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL)) { - printf("Unable to create SSL objects\n"); + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL))) goto end; - } if (!testctx) { int ret; @@ -978,21 +1852,19 @@ static int test_set_sigalgs(int idx) ret = SSL_set1_sigalgs_list(clientssl, curr->liststr); if (!ret) { if (curr->valid) - printf("Unexpected failure setting sigalgs in SSL (%d)\n", idx); + TEST_info("Failure setting sigalgs in SSL (%d)\n", idx); else testresult = 1; goto end; } - if (!curr->valid) { - printf("Unexpected success setting sigalgs in SSL (%d)\n", idx); + if (!curr->valid) goto end; - } } - if (curr->connsuccess != create_ssl_connection(serverssl, clientssl)) { - printf("Unexpected return value creating SSL connection (%d)\n", idx); + if (!TEST_int_eq(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE), + curr->connsuccess)) goto end; - } testresult = 1; @@ -1004,315 +1876,4060 @@ static int test_set_sigalgs(int idx) return testresult; } +#endif -static int clntaddcb = 0; -static int clntparsecb = 0; -static int srvaddcb = 0; -static int srvparsecb = 0; -static int snicb = 0; - -#define TEST_EXT_TYPE1 0xff00 +#ifndef OPENSSL_NO_TLS1_3 +static int psk_client_cb_cnt = 0; +static int psk_server_cb_cnt = 0; -static int add_cb(SSL *s, unsigned int ext_type, const unsigned char **out, - size_t *outlen, int *al, void *add_arg) +static int use_session_cb(SSL *ssl, const EVP_MD *md, const unsigned char **id, + size_t *idlen, SSL_SESSION **sess) { - int *server = (int *)add_arg; - unsigned char *data; + switch (++use_session_cb_cnt) { + case 1: + /* The first call should always have a NULL md */ + if (md != NULL) + return 0; + break; - if (SSL_is_server(s)) - srvaddcb++; - else - clntaddcb++; + case 2: + /* The second call should always have an md */ + if (md == NULL) + return 0; + break; - if (*server != SSL_is_server(s) - || (data = OPENSSL_malloc(sizeof(*data))) == NULL) - return -1; + default: + /* We should only be called a maximum of twice */ + return 0; + } + + if (clientpsk != NULL) + SSL_SESSION_up_ref(clientpsk); + + *sess = clientpsk; + *id = (const unsigned char *)pskid; + *idlen = strlen(pskid); - *data = 1; - *out = data; - *outlen = sizeof(char); return 1; } -static void free_cb(SSL *s, unsigned int ext_type, const unsigned char *out, - void *add_arg) +#ifndef OPENSSL_NO_PSK +static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *id, + unsigned int max_id_len, + unsigned char *psk, + unsigned int max_psk_len) { - OPENSSL_free((unsigned char *)out); + unsigned int psklen = 0; + + psk_client_cb_cnt++; + + if (strlen(pskid) + 1 > max_id_len) + return 0; + + /* We should only ever be called a maximum of twice per connection */ + if (psk_client_cb_cnt > 2) + return 0; + + if (clientpsk == NULL) + return 0; + + /* We'll reuse the PSK we set up for TLSv1.3 */ + if (SSL_SESSION_get_master_key(clientpsk, NULL, 0) > max_psk_len) + return 0; + psklen = SSL_SESSION_get_master_key(clientpsk, psk, max_psk_len); + strncpy(id, pskid, max_id_len); + + return psklen; } +#endif /* OPENSSL_NO_PSK */ -static int parse_cb(SSL *s, unsigned int ext_type, const unsigned char *in, - size_t inlen, int *al, void *parse_arg) +static int find_session_cb(SSL *ssl, const unsigned char *identity, + size_t identity_len, SSL_SESSION **sess) { - int *server = (int *)parse_arg; + find_session_cb_cnt++; - if (SSL_is_server(s)) - srvparsecb++; - else - clntparsecb++; + /* We should only ever be called a maximum of twice per connection */ + if (find_session_cb_cnt > 2) + return 0; - if (*server != SSL_is_server(s) - || inlen != sizeof(char) - || *in != 1) - return -1; + if (serverpsk == NULL) + return 0; + + /* Identity should match that set by the client */ + if (strlen(srvid) != identity_len + || strncmp(srvid, (const char *)identity, identity_len) != 0) { + /* No PSK found, continue but without a PSK */ + *sess = NULL; + return 1; + } + + SSL_SESSION_up_ref(serverpsk); + *sess = serverpsk; return 1; } -static int sni_cb(SSL *s, int *al, void *arg) +#ifndef OPENSSL_NO_PSK +static unsigned int psk_server_cb(SSL *ssl, const char *identity, + unsigned char *psk, unsigned int max_psk_len) { - SSL_CTX *ctx = (SSL_CTX *)arg; + unsigned int psklen = 0; - if (SSL_set_SSL_CTX(s, ctx) == NULL) { - *al = SSL_AD_INTERNAL_ERROR; - return SSL_TLSEXT_ERR_ALERT_FATAL; + psk_server_cb_cnt++; + + /* We should only ever be called a maximum of twice per connection */ + if (find_session_cb_cnt > 2) + return 0; + + if (serverpsk == NULL) + return 0; + + /* Identity should match that set by the client */ + if (strcmp(srvid, identity) != 0) { + return 0; } - snicb++; - return SSL_TLSEXT_ERR_OK; + + /* We'll reuse the PSK we set up for TLSv1.3 */ + if (SSL_SESSION_get_master_key(serverpsk, NULL, 0) > max_psk_len) + return 0; + psklen = SSL_SESSION_get_master_key(serverpsk, psk, max_psk_len); + + return psklen; +} +#endif /* OPENSSL_NO_PSK */ + +#define MSG1 "Hello" +#define MSG2 "World." +#define MSG3 "This" +#define MSG4 "is" +#define MSG5 "a" +#define MSG6 "test" +#define MSG7 "message." + +#define TLS13_AES_256_GCM_SHA384_BYTES ((const unsigned char *)"\x13\x02") +#define TLS13_AES_128_GCM_SHA256_BYTES ((const unsigned char *)"\x13\x01") + + +static SSL_SESSION *create_a_psk(SSL *ssl) +{ + const SSL_CIPHER *cipher = NULL; + const unsigned char key[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, + 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, + 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, + 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, + 0x2c, 0x2d, 0x2e, 0x2f + }; + SSL_SESSION *sess = NULL; + + cipher = SSL_CIPHER_find(ssl, TLS13_AES_256_GCM_SHA384_BYTES); + sess = SSL_SESSION_new(); + if (!TEST_ptr(sess) + || !TEST_ptr(cipher) + || !TEST_true(SSL_SESSION_set1_master_key(sess, key, + sizeof(key))) + || !TEST_true(SSL_SESSION_set_cipher(sess, cipher)) + || !TEST_true( + SSL_SESSION_set_protocol_version(sess, + TLS1_3_VERSION))) { + SSL_SESSION_free(sess); + return NULL; + } + return sess; } /* - * Custom call back tests. - * Test 0: callbacks in TLSv1.2 - * Test 1: callbacks in TLSv1.2 with SNI + * Helper method to setup objects for early data test. Caller frees objects on + * error. */ -static int test_custom_exts(int tst) +static int setupearly_data_test(SSL_CTX **cctx, SSL_CTX **sctx, SSL **clientssl, + SSL **serverssl, SSL_SESSION **sess, int idx) { - SSL_CTX *cctx = NULL, *sctx = NULL, *sctx2 = NULL; + if (*sctx == NULL + && !TEST_true(create_ssl_ctx_pair(TLS_server_method(), + TLS_client_method(), + TLS1_VERSION, TLS_MAX_VERSION, + sctx, cctx, cert, privkey))) + return 0; + + if (!TEST_true(SSL_CTX_set_max_early_data(*sctx, SSL3_RT_MAX_PLAIN_LENGTH))) + return 0; + + if (idx == 1) { + /* When idx == 1 we repeat the tests with read_ahead set */ + SSL_CTX_set_read_ahead(*cctx, 1); + SSL_CTX_set_read_ahead(*sctx, 1); + } else if (idx == 2) { + /* When idx == 2 we are doing early_data with a PSK. Set up callbacks */ + SSL_CTX_set_psk_use_session_callback(*cctx, use_session_cb); + SSL_CTX_set_psk_find_session_callback(*sctx, find_session_cb); + use_session_cb_cnt = 0; + find_session_cb_cnt = 0; + srvid = pskid; + } + + if (!TEST_true(create_ssl_objects(*sctx, *cctx, serverssl, clientssl, + NULL, NULL))) + return 0; + + /* + * For one of the run throughs (doesn't matter which one), we'll try sending + * some SNI data in the initial ClientHello. This will be ignored (because + * there is no SNI cb set up by the server), so it should not impact + * early_data. + */ + if (idx == 1 + && !TEST_true(SSL_set_tlsext_host_name(*clientssl, "localhost"))) + return 0; + + if (idx == 2) { + clientpsk = create_a_psk(*clientssl); + if (!TEST_ptr(clientpsk) + /* + * We just choose an arbitrary value for max_early_data which + * should be big enough for testing purposes. + */ + || !TEST_true(SSL_SESSION_set_max_early_data(clientpsk, + 0x100)) + || !TEST_true(SSL_SESSION_up_ref(clientpsk))) { + SSL_SESSION_free(clientpsk); + clientpsk = NULL; + return 0; + } + serverpsk = clientpsk; + + if (sess != NULL) { + if (!TEST_true(SSL_SESSION_up_ref(clientpsk))) { + SSL_SESSION_free(clientpsk); + SSL_SESSION_free(serverpsk); + clientpsk = serverpsk = NULL; + return 0; + } + *sess = clientpsk; + } + return 1; + } + + if (sess == NULL) + return 1; + + if (!TEST_true(create_ssl_connection(*serverssl, *clientssl, + SSL_ERROR_NONE))) + return 0; + + *sess = SSL_get1_session(*clientssl); + SSL_shutdown(*clientssl); + SSL_shutdown(*serverssl); + SSL_free(*serverssl); + SSL_free(*clientssl); + *serverssl = *clientssl = NULL; + + if (!TEST_true(create_ssl_objects(*sctx, *cctx, serverssl, + clientssl, NULL, NULL)) + || !TEST_true(SSL_set_session(*clientssl, *sess))) + return 0; + + return 1; +} + +static int test_early_data_read_write(int idx) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; SSL *clientssl = NULL, *serverssl = NULL; int testresult = 0; - static int server = 1; - static int client = 0; SSL_SESSION *sess = NULL; + unsigned char buf[20], data[1024]; + size_t readbytes, written, eoedlen, rawread, rawwritten; + BIO *rbio; - /* Reset callback counters */ - clntaddcb = clntparsecb = srvaddcb = srvparsecb = 0; - snicb = 0; + if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, + &serverssl, &sess, idx))) + goto end; - if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, &sctx, &cctx, - cert, privkey)) { - printf("Unable to create SSL_CTX pair\n"); + /* Write and read some early data */ + if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), + &written)) + || !TEST_size_t_eq(written, strlen(MSG1)) + || !TEST_int_eq(SSL_read_early_data(serverssl, buf, + sizeof(buf), &readbytes), + SSL_READ_EARLY_DATA_SUCCESS) + || !TEST_mem_eq(MSG1, readbytes, buf, strlen(MSG1)) + || !TEST_int_eq(SSL_get_early_data_status(serverssl), + SSL_EARLY_DATA_ACCEPTED)) goto end; - } - if (tst == 1 - && !create_ssl_ctx_pair(TLS_server_method(), NULL, - TLS1_VERSION, TLS_MAX_VERSION, &sctx2, NULL, - cert, privkey)) { - printf("Unable to create SSL_CTX pair (2)\n"); + /* + * Server should be able to write data, and client should be able to + * read it. + */ + if (!TEST_true(SSL_write_early_data(serverssl, MSG2, strlen(MSG2), + &written)) + || !TEST_size_t_eq(written, strlen(MSG2)) + || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)) + || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2))) goto end; - } - /* Create a client side custom extension */ - if (!SSL_CTX_add_client_custom_ext(cctx, TEST_EXT_TYPE1, add_cb, free_cb, - &client, parse_cb, &client)) { - printf("Unable to add client custom extension\n"); + /* Even after reading normal data, client should be able write early data */ + if (!TEST_true(SSL_write_early_data(clientssl, MSG3, strlen(MSG3), + &written)) + || !TEST_size_t_eq(written, strlen(MSG3))) goto end; - } - /* Should not be able to add duplicates */ - if (SSL_CTX_add_client_custom_ext(cctx, TEST_EXT_TYPE1, add_cb, free_cb, - &client, parse_cb, &client)) { - printf("Unexpected success adding duplicate extension\n"); + /* Server should still be able read early data after writing data */ + if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), + &readbytes), + SSL_READ_EARLY_DATA_SUCCESS) + || !TEST_mem_eq(buf, readbytes, MSG3, strlen(MSG3))) goto end; - } - /* Create a server side custom extension */ - if (!SSL_CTX_add_server_custom_ext(sctx, TEST_EXT_TYPE1, add_cb, free_cb, - &server, parse_cb, &server)) { - printf("Unable to add server custom extension\n"); + /* Write more data from server and read it from client */ + if (!TEST_true(SSL_write_early_data(serverssl, MSG4, strlen(MSG4), + &written)) + || !TEST_size_t_eq(written, strlen(MSG4)) + || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)) + || !TEST_mem_eq(buf, readbytes, MSG4, strlen(MSG4))) goto end; - } - if (sctx2 != NULL - && !SSL_CTX_add_server_custom_ext(sctx2, TEST_EXT_TYPE1, - add_cb, free_cb, - &server, parse_cb, - &server)) { - printf("Unable to add server custom extension for SNI\n"); + + /* + * If client writes normal data it should mean writing early data is no + * longer possible. + */ + if (!TEST_true(SSL_write_ex(clientssl, MSG5, strlen(MSG5), &written)) + || !TEST_size_t_eq(written, strlen(MSG5)) + || !TEST_int_eq(SSL_get_early_data_status(clientssl), + SSL_EARLY_DATA_ACCEPTED)) goto end; - } - /* Should not be able to add duplicates */ - if (SSL_CTX_add_server_custom_ext(sctx, TEST_EXT_TYPE1, add_cb, free_cb, - &server, parse_cb, &server)) { - printf("Unexpected success adding duplicate extension (2)\n"); + /* + * At this point the client has written EndOfEarlyData, ClientFinished and + * normal (fully protected) data. We are going to cause a delay between the + * arrival of EndOfEarlyData and ClientFinished. We read out all the data + * in the read BIO, and then just put back the EndOfEarlyData message. + */ + rbio = SSL_get_rbio(serverssl); + if (!TEST_true(BIO_read_ex(rbio, data, sizeof(data), &rawread)) + || !TEST_size_t_lt(rawread, sizeof(data)) + || !TEST_size_t_gt(rawread, SSL3_RT_HEADER_LENGTH)) goto end; - } - if (tst == 1) { - /* Set up SNI */ - if (!SSL_CTX_set_tlsext_servername_callback(sctx, sni_cb) - || !SSL_CTX_set_tlsext_servername_arg(sctx, sctx2)) { - printf("Cannot set SNI callbacks\n"); - goto end; - } - } + /* Record length is in the 4th and 5th bytes of the record header */ + eoedlen = SSL3_RT_HEADER_LENGTH + (data[3] << 8 | data[4]); + if (!TEST_true(BIO_write_ex(rbio, data, eoedlen, &rawwritten)) + || !TEST_size_t_eq(rawwritten, eoedlen)) + goto end; - if (!create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL) - || !create_ssl_connection(serverssl, clientssl)) { - printf("Cannot create SSL connection\n"); + /* Server should be told that there is no more early data */ + if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), + &readbytes), + SSL_READ_EARLY_DATA_FINISH) + || !TEST_size_t_eq(readbytes, 0)) goto end; - } - if (clntaddcb != 1 - || clntparsecb != 1 - || srvaddcb != 1 - || srvparsecb != 1 - || (tst != 1 && snicb != 0) - || (tst == 1 && snicb != 1)) { - printf("Incorrect callback counts\n"); + /* + * Server has not finished init yet, so should still be able to write early + * data. + */ + if (!TEST_true(SSL_write_early_data(serverssl, MSG6, strlen(MSG6), + &written)) + || !TEST_size_t_eq(written, strlen(MSG6))) + goto end; + + /* Push the ClientFinished and the normal data back into the server rbio */ + if (!TEST_true(BIO_write_ex(rbio, data + eoedlen, rawread - eoedlen, + &rawwritten)) + || !TEST_size_t_eq(rawwritten, rawread - eoedlen)) + goto end; + + /* Server should be able to read normal data */ + if (!TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes)) + || !TEST_size_t_eq(readbytes, strlen(MSG5))) goto end; - } + /* Client and server should not be able to write/read early data now */ + if (!TEST_false(SSL_write_early_data(clientssl, MSG6, strlen(MSG6), + &written))) + goto end; + ERR_clear_error(); + if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), + &readbytes), + SSL_READ_EARLY_DATA_ERROR)) + goto end; + ERR_clear_error(); + + /* Client should be able to read the data sent by the server */ + if (!TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)) + || !TEST_mem_eq(buf, readbytes, MSG6, strlen(MSG6))) + goto end; + + /* + * Make sure we process the two NewSessionTickets. These arrive + * post-handshake. We attempt reads which we do not expect to return any + * data. + */ + if (!TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)) + || !TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), + &readbytes))) + goto end; + + /* Server should be able to write normal data */ + if (!TEST_true(SSL_write_ex(serverssl, MSG7, strlen(MSG7), &written)) + || !TEST_size_t_eq(written, strlen(MSG7)) + || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)) + || !TEST_mem_eq(buf, readbytes, MSG7, strlen(MSG7))) + goto end; + + SSL_SESSION_free(sess); sess = SSL_get1_session(clientssl); + use_session_cb_cnt = 0; + find_session_cb_cnt = 0; + SSL_shutdown(clientssl); SSL_shutdown(serverssl); SSL_free(serverssl); SSL_free(clientssl); serverssl = clientssl = NULL; + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL)) + || !TEST_true(SSL_set_session(clientssl, sess))) + goto end; - if (tst == 1) { - /* We don't bother with the resumption aspects for this test */ - testresult = 1; + /* Write and read some early data */ + if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), + &written)) + || !TEST_size_t_eq(written, strlen(MSG1)) + || !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), + &readbytes), + SSL_READ_EARLY_DATA_SUCCESS) + || !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1))) goto end; - } - if (!create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL) - || !SSL_set_session(clientssl, sess) - || !create_ssl_connection(serverssl, clientssl)) { - printf("Cannot create resumption connection\n"); + if (!TEST_int_gt(SSL_connect(clientssl), 0) + || !TEST_int_gt(SSL_accept(serverssl), 0)) goto end; - } - /* - * For a resumed session we expect to add the ClientHello extension but we - * should ignore it on the server side. - */ - if (clntaddcb != 2 - || clntparsecb != 1 - || srvaddcb != 1 - || srvparsecb != 1) { - printf("Incorrect resumption callback counts\n"); + /* Client and server should not be able to write/read early data now */ + if (!TEST_false(SSL_write_early_data(clientssl, MSG6, strlen(MSG6), + &written))) + goto end; + ERR_clear_error(); + if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), + &readbytes), + SSL_READ_EARLY_DATA_ERROR)) + goto end; + ERR_clear_error(); + + /* Client and server should be able to write/read normal data */ + if (!TEST_true(SSL_write_ex(clientssl, MSG5, strlen(MSG5), &written)) + || !TEST_size_t_eq(written, strlen(MSG5)) + || !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes)) + || !TEST_size_t_eq(readbytes, strlen(MSG5))) goto end; - } testresult = 1; -end: + end: SSL_SESSION_free(sess); + SSL_SESSION_free(clientpsk); + SSL_SESSION_free(serverpsk); + clientpsk = serverpsk = NULL; SSL_free(serverssl); SSL_free(clientssl); - SSL_CTX_free(sctx2); SSL_CTX_free(sctx); SSL_CTX_free(cctx); return testresult; } -static int test_ssl_pending(int tst) +static int allow_ed_cb_called = 0; + +static int allow_early_data_cb(SSL *s, void *arg) +{ + int *usecb = (int *)arg; + + allow_ed_cb_called++; + + if (*usecb == 1) + return 0; + + return 1; +} + +/* + * idx == 0: Standard early_data setup + * idx == 1: early_data setup using read_ahead + * usecb == 0: Don't use a custom early data callback + * usecb == 1: Use a custom early data callback and reject the early data + * usecb == 2: Use a custom early data callback and accept the early data + * confopt == 0: Configure anti-replay directly + * confopt == 1: Configure anti-replay using SSL_CONF + */ +static int test_early_data_replay_int(int idx, int usecb, int confopt) { SSL_CTX *cctx = NULL, *sctx = NULL; SSL *clientssl = NULL, *serverssl = NULL; int testresult = 0; - char msg[] = "A test message"; - char buf[5]; - size_t written; + SSL_SESSION *sess = NULL; + size_t readbytes, written; + unsigned char buf[20]; - if (tst == 0) { - if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, - &sctx, &cctx, cert, privkey)) { - printf("Failed creating SSL_CTX pair\n"); - goto end; - } - } else { -#ifndef OPENSSL_NO_DTLS - if (!create_ssl_ctx_pair(DTLS_server_method(), DTLS_client_method(), - DTLS1_VERSION, DTLS_MAX_VERSION, - &sctx, &cctx, cert, privkey)) { - printf("Failed creating SSL_CTX pair\n"); - goto end; + allow_ed_cb_called = 0; + + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), + TLS1_VERSION, TLS_MAX_VERSION, &sctx, + &cctx, cert, privkey))) + return 0; + + if (usecb > 0) { + if (confopt == 0) { + SSL_CTX_set_options(sctx, SSL_OP_NO_ANTI_REPLAY); + } else { + SSL_CONF_CTX *confctx = SSL_CONF_CTX_new(); + + if (!TEST_ptr(confctx)) + goto end; + SSL_CONF_CTX_set_flags(confctx, SSL_CONF_FLAG_FILE + | SSL_CONF_FLAG_SERVER); + SSL_CONF_CTX_set_ssl_ctx(confctx, sctx); + if (!TEST_int_eq(SSL_CONF_cmd(confctx, "Options", "-AntiReplay"), + 2)) { + SSL_CONF_CTX_free(confctx); + goto end; + } + SSL_CONF_CTX_free(confctx); } -#else - return 1; -#endif + SSL_CTX_set_allow_early_data_cb(sctx, allow_early_data_cb, &usecb); } - if (!create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL) - || !create_ssl_connection(serverssl, clientssl)) { - printf("Failed creating connection\n"); + if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, + &serverssl, &sess, idx))) + goto end; + + /* + * The server is configured to accept early data. Create a connection to + * "use up" the ticket + */ + if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) + || !TEST_true(SSL_session_reused(clientssl))) + goto end; + + SSL_shutdown(clientssl); + SSL_shutdown(serverssl); + SSL_free(serverssl); + SSL_free(clientssl); + serverssl = clientssl = NULL; + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL)) + || !TEST_true(SSL_set_session(clientssl, sess))) goto end; - } - written = SSL_write(serverssl, msg, sizeof(msg)); - if (written != sizeof(msg) - || SSL_read(clientssl, buf, sizeof(buf)) != sizeof(buf) - || SSL_pending(clientssl) != (int)(written - sizeof(buf))) { - printf("Failed checking SSL_pending\n"); + /* Write and read some early data */ + if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), + &written)) + || !TEST_size_t_eq(written, strlen(MSG1))) goto end; + + if (usecb <= 1) { + if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), + &readbytes), + SSL_READ_EARLY_DATA_FINISH) + /* + * The ticket was reused, so the we should have rejected the + * early data + */ + || !TEST_int_eq(SSL_get_early_data_status(serverssl), + SSL_EARLY_DATA_REJECTED)) + goto end; + } else { + /* In this case the callback decides to accept the early data */ + if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), + &readbytes), + SSL_READ_EARLY_DATA_SUCCESS) + || !TEST_mem_eq(MSG1, strlen(MSG1), buf, readbytes) + /* + * Server will have sent its flight so client can now send + * end of early data and complete its half of the handshake + */ + || !TEST_int_gt(SSL_connect(clientssl), 0) + || !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), + &readbytes), + SSL_READ_EARLY_DATA_FINISH) + || !TEST_int_eq(SSL_get_early_data_status(serverssl), + SSL_EARLY_DATA_ACCEPTED)) + goto end; } + /* Complete the connection */ + if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) + || !TEST_int_eq(SSL_session_reused(clientssl), (usecb > 0) ? 1 : 0) + || !TEST_int_eq(allow_ed_cb_called, usecb > 0 ? 1 : 0)) + goto end; + testresult = 1; end: + SSL_SESSION_free(sess); + SSL_SESSION_free(clientpsk); + SSL_SESSION_free(serverpsk); + clientpsk = serverpsk = NULL; SSL_free(serverssl); SSL_free(clientssl); SSL_CTX_free(sctx); SSL_CTX_free(cctx); - return testresult; } - -int main(int argc, char *argv[]) +static int test_early_data_replay(int idx) { - BIO *err = NULL; - int testresult = 1; + int ret = 1, usecb, confopt; - if (argc != 3) { - printf("Invalid argument count\n"); - return 1; + for (usecb = 0; usecb < 3; usecb++) { + for (confopt = 0; confopt < 2; confopt++) + ret &= test_early_data_replay_int(idx, usecb, confopt); } - cert = argv[1]; - privkey = argv[2]; + return ret; +} - err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); +/* + * Helper function to test that a server attempting to read early data can + * handle a connection from a client where the early data should be skipped. + * testtype: 0 == No HRR + * testtype: 1 == HRR + * testtype: 2 == HRR, invalid early_data sent after HRR + * testtype: 3 == recv_max_early_data set to 0 + */ +static int early_data_skip_helper(int testtype, int idx) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + SSL_SESSION *sess = NULL; + unsigned char buf[20]; + size_t readbytes, written; - CRYPTO_set_mem_debug(1); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, + &serverssl, &sess, idx))) + goto end; - ADD_TEST(test_large_message_tls); - ADD_TEST(test_large_message_tls_read_ahead); -#ifndef OPENSSL_NO_DTLS - ADD_TEST(test_large_message_dtls); -#endif -#ifndef OPENSSL_NO_OCSP - ADD_TEST(test_tlsext_status_type); -#endif - ADD_TEST(test_session_with_only_int_cache); + if (testtype == 1 || testtype == 2) { + /* Force an HRR to occur */ + if (!TEST_true(SSL_set1_groups_list(serverssl, "P-256"))) + goto end; + } else if (idx == 2) { + /* + * We force early_data rejection by ensuring the PSK identity is + * unrecognised + */ + srvid = "Dummy Identity"; + } else { + /* + * Deliberately corrupt the creation time. We take 20 seconds off the + * time. It could be any value as long as it is not within tolerance. + * This should mean the ticket is rejected. + */ + if (!TEST_true(SSL_SESSION_set_time(sess, (long)(time(NULL) - 20)))) + goto end; + } + + if (testtype == 3 + && !TEST_true(SSL_set_recv_max_early_data(serverssl, 0))) + goto end; + + /* Write some early data */ + if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), + &written)) + || !TEST_size_t_eq(written, strlen(MSG1))) + goto end; + + /* Server should reject the early data */ + if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), + &readbytes), + SSL_READ_EARLY_DATA_FINISH) + || !TEST_size_t_eq(readbytes, 0) + || !TEST_int_eq(SSL_get_early_data_status(serverssl), + SSL_EARLY_DATA_REJECTED)) + goto end; + + switch (testtype) { + case 0: + /* Nothing to do */ + break; + + case 1: + /* + * Finish off the handshake. We perform the same writes and reads as + * further down but we expect them to fail due to the incomplete + * handshake. + */ + if (!TEST_false(SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written)) + || !TEST_false(SSL_read_ex(serverssl, buf, sizeof(buf), + &readbytes))) + goto end; + break; + + case 2: + { + BIO *wbio = SSL_get_wbio(clientssl); + /* A record that will appear as bad early_data */ + const unsigned char bad_early_data[] = { + 0x17, 0x03, 0x03, 0x00, 0x01, 0x00 + }; + + /* + * We force the client to attempt a write. This will fail because + * we're still in the handshake. It will cause the second + * ClientHello to be sent. + */ + if (!TEST_false(SSL_write_ex(clientssl, MSG2, strlen(MSG2), + &written))) + goto end; + + /* + * Inject some early_data after the second ClientHello. This should + * cause the server to fail + */ + if (!TEST_true(BIO_write_ex(wbio, bad_early_data, + sizeof(bad_early_data), &written))) + goto end; + } + /* fallthrough */ + + case 3: + /* + * This client has sent more early_data than we are willing to skip + * (case 3) or sent invalid early_data (case 2) so the connection should + * abort. + */ + if (!TEST_false(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes)) + || !TEST_int_eq(SSL_get_error(serverssl, 0), SSL_ERROR_SSL)) + goto end; + + /* Connection has failed - nothing more to do */ + testresult = 1; + goto end; + + default: + TEST_error("Invalid test type"); + goto end; + } + + /* + * Should be able to send normal data despite rejection of early data. The + * early_data should be skipped. + */ + if (!TEST_true(SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written)) + || !TEST_size_t_eq(written, strlen(MSG2)) + || !TEST_int_eq(SSL_get_early_data_status(clientssl), + SSL_EARLY_DATA_REJECTED) + || !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes)) + || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2))) + goto end; + + testresult = 1; + + end: + SSL_SESSION_free(clientpsk); + SSL_SESSION_free(serverpsk); + clientpsk = serverpsk = NULL; + SSL_SESSION_free(sess); + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + return testresult; +} + +/* + * Test that a server attempting to read early data can handle a connection + * from a client where the early data is not acceptable. + */ +static int test_early_data_skip(int idx) +{ + return early_data_skip_helper(0, idx); +} + +/* + * Test that a server attempting to read early data can handle a connection + * from a client where an HRR occurs. + */ +static int test_early_data_skip_hrr(int idx) +{ + return early_data_skip_helper(1, idx); +} + +/* + * Test that a server attempting to read early data can handle a connection + * from a client where an HRR occurs and correctly fails if early_data is sent + * after the HRR + */ +static int test_early_data_skip_hrr_fail(int idx) +{ + return early_data_skip_helper(2, idx); +} + +/* + * Test that a server attempting to read early data will abort if it tries to + * skip over too much. + */ +static int test_early_data_skip_abort(int idx) +{ + return early_data_skip_helper(3, idx); +} + +/* + * Test that a server attempting to read early data can handle a connection + * from a client that doesn't send any. + */ +static int test_early_data_not_sent(int idx) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + SSL_SESSION *sess = NULL; + unsigned char buf[20]; + size_t readbytes, written; + + if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, + &serverssl, &sess, idx))) + goto end; + + /* Write some data - should block due to handshake with server */ + SSL_set_connect_state(clientssl); + if (!TEST_false(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written))) + goto end; + + /* Server should detect that early data has not been sent */ + if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), + &readbytes), + SSL_READ_EARLY_DATA_FINISH) + || !TEST_size_t_eq(readbytes, 0) + || !TEST_int_eq(SSL_get_early_data_status(serverssl), + SSL_EARLY_DATA_NOT_SENT) + || !TEST_int_eq(SSL_get_early_data_status(clientssl), + SSL_EARLY_DATA_NOT_SENT)) + goto end; + + /* Continue writing the message we started earlier */ + if (!TEST_true(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written)) + || !TEST_size_t_eq(written, strlen(MSG1)) + || !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes)) + || !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1)) + || !SSL_write_ex(serverssl, MSG2, strlen(MSG2), &written) + || !TEST_size_t_eq(written, strlen(MSG2))) + goto end; + + if (!TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)) + || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2))) + goto end; + + testresult = 1; + + end: + SSL_SESSION_free(sess); + SSL_SESSION_free(clientpsk); + SSL_SESSION_free(serverpsk); + clientpsk = serverpsk = NULL; + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + return testresult; +} + +static int hostname_cb(SSL *s, int *al, void *arg) +{ + const char *hostname = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); + + if (hostname != NULL && strcmp(hostname, "goodhost") == 0) + return SSL_TLSEXT_ERR_OK; + + return SSL_TLSEXT_ERR_NOACK; +} + +static const char *servalpn; + +static int alpn_select_cb(SSL *ssl, const unsigned char **out, + unsigned char *outlen, const unsigned char *in, + unsigned int inlen, void *arg) +{ + unsigned int protlen = 0; + const unsigned char *prot; + + for (prot = in; prot < in + inlen; prot += protlen) { + protlen = *prot++; + if (in + inlen < prot + protlen) + return SSL_TLSEXT_ERR_NOACK; + + if (protlen == strlen(servalpn) + && memcmp(prot, servalpn, protlen) == 0) { + *out = prot; + *outlen = protlen; + return SSL_TLSEXT_ERR_OK; + } + } + + return SSL_TLSEXT_ERR_NOACK; +} + +/* Test that a PSK can be used to send early_data */ +static int test_early_data_psk(int idx) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + SSL_SESSION *sess = NULL; + unsigned char alpnlist[] = { + 0x08, 'g', 'o', 'o', 'd', 'a', 'l', 'p', 'n', 0x07, 'b', 'a', 'd', 'a', + 'l', 'p', 'n' + }; +#define GOODALPNLEN 9 +#define BADALPNLEN 8 +#define GOODALPN (alpnlist) +#define BADALPN (alpnlist + GOODALPNLEN) + int err = 0; + unsigned char buf[20]; + size_t readbytes, written; + int readearlyres = SSL_READ_EARLY_DATA_SUCCESS, connectres = 1; + int edstatus = SSL_EARLY_DATA_ACCEPTED; + + /* We always set this up with a final parameter of "2" for PSK */ + if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, + &serverssl, &sess, 2))) + goto end; + + servalpn = "goodalpn"; + + /* + * Note: There is no test for inconsistent SNI with late client detection. + * This is because servers do not acknowledge SNI even if they are using + * it in a resumption handshake - so it is not actually possible for a + * client to detect a problem. + */ + switch (idx) { + case 0: + /* Set inconsistent SNI (early client detection) */ + err = SSL_R_INCONSISTENT_EARLY_DATA_SNI; + if (!TEST_true(SSL_SESSION_set1_hostname(sess, "goodhost")) + || !TEST_true(SSL_set_tlsext_host_name(clientssl, "badhost"))) + goto end; + break; + + case 1: + /* Set inconsistent ALPN (early client detection) */ + err = SSL_R_INCONSISTENT_EARLY_DATA_ALPN; + /* SSL_set_alpn_protos returns 0 for success and 1 for failure */ + if (!TEST_true(SSL_SESSION_set1_alpn_selected(sess, GOODALPN, + GOODALPNLEN)) + || !TEST_false(SSL_set_alpn_protos(clientssl, BADALPN, + BADALPNLEN))) + goto end; + break; + + case 2: + /* + * Set invalid protocol version. Technically this affects PSKs without + * early_data too, but we test it here because it is similar to the + * SNI/ALPN consistency tests. + */ + err = SSL_R_BAD_PSK; + if (!TEST_true(SSL_SESSION_set_protocol_version(sess, TLS1_2_VERSION))) + goto end; + break; + + case 3: + /* + * Set inconsistent SNI (server detected). In this case the connection + * will succeed but reject early_data. + */ + SSL_SESSION_free(serverpsk); + serverpsk = SSL_SESSION_dup(clientpsk); + if (!TEST_ptr(serverpsk) + || !TEST_true(SSL_SESSION_set1_hostname(serverpsk, "badhost"))) + goto end; + edstatus = SSL_EARLY_DATA_REJECTED; + readearlyres = SSL_READ_EARLY_DATA_FINISH; + /* Fall through */ + case 4: + /* Set consistent SNI */ + if (!TEST_true(SSL_SESSION_set1_hostname(sess, "goodhost")) + || !TEST_true(SSL_set_tlsext_host_name(clientssl, "goodhost")) + || !TEST_true(SSL_CTX_set_tlsext_servername_callback(sctx, + hostname_cb))) + goto end; + break; + + case 5: + /* + * Set inconsistent ALPN (server detected). In this case the connection + * will succeed but reject early_data. + */ + servalpn = "badalpn"; + edstatus = SSL_EARLY_DATA_REJECTED; + readearlyres = SSL_READ_EARLY_DATA_FINISH; + /* Fall through */ + case 6: + /* + * Set consistent ALPN. + * SSL_set_alpn_protos returns 0 for success and 1 for failure. It + * accepts a list of protos (each one length prefixed). + * SSL_set1_alpn_selected accepts a single protocol (not length + * prefixed) + */ + if (!TEST_true(SSL_SESSION_set1_alpn_selected(sess, GOODALPN + 1, + GOODALPNLEN - 1)) + || !TEST_false(SSL_set_alpn_protos(clientssl, GOODALPN, + GOODALPNLEN))) + goto end; + + SSL_CTX_set_alpn_select_cb(sctx, alpn_select_cb, NULL); + break; + + case 7: + /* Set inconsistent ALPN (late client detection) */ + SSL_SESSION_free(serverpsk); + serverpsk = SSL_SESSION_dup(clientpsk); + if (!TEST_ptr(serverpsk) + || !TEST_true(SSL_SESSION_set1_alpn_selected(clientpsk, + BADALPN + 1, + BADALPNLEN - 1)) + || !TEST_true(SSL_SESSION_set1_alpn_selected(serverpsk, + GOODALPN + 1, + GOODALPNLEN - 1)) + || !TEST_false(SSL_set_alpn_protos(clientssl, alpnlist, + sizeof(alpnlist)))) + goto end; + SSL_CTX_set_alpn_select_cb(sctx, alpn_select_cb, NULL); + edstatus = SSL_EARLY_DATA_ACCEPTED; + readearlyres = SSL_READ_EARLY_DATA_SUCCESS; + /* SSL_connect() call should fail */ + connectres = -1; + break; + + default: + TEST_error("Bad test index"); + goto end; + } + + SSL_set_connect_state(clientssl); + if (err != 0) { + if (!TEST_false(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), + &written)) + || !TEST_int_eq(SSL_get_error(clientssl, 0), SSL_ERROR_SSL) + || !TEST_int_eq(ERR_GET_REASON(ERR_get_error()), err)) + goto end; + } else { + if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), + &written))) + goto end; + + if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), + &readbytes), readearlyres) + || (readearlyres == SSL_READ_EARLY_DATA_SUCCESS + && !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1))) + || !TEST_int_eq(SSL_get_early_data_status(serverssl), edstatus) + || !TEST_int_eq(SSL_connect(clientssl), connectres)) + goto end; + } + + testresult = 1; + + end: + SSL_SESSION_free(sess); + SSL_SESSION_free(clientpsk); + SSL_SESSION_free(serverpsk); + clientpsk = serverpsk = NULL; + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + return testresult; +} + +/* + * Test that a server that doesn't try to read early data can handle a + * client sending some. + */ +static int test_early_data_not_expected(int idx) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + SSL_SESSION *sess = NULL; + unsigned char buf[20]; + size_t readbytes, written; + + if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, + &serverssl, &sess, idx))) + goto end; + + /* Write some early data */ + if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), + &written))) + goto end; + + /* + * Server should skip over early data and then block waiting for client to + * continue handshake + */ + if (!TEST_int_le(SSL_accept(serverssl), 0) + || !TEST_int_gt(SSL_connect(clientssl), 0) + || !TEST_int_eq(SSL_get_early_data_status(serverssl), + SSL_EARLY_DATA_REJECTED) + || !TEST_int_gt(SSL_accept(serverssl), 0) + || !TEST_int_eq(SSL_get_early_data_status(clientssl), + SSL_EARLY_DATA_REJECTED)) + goto end; + + /* Send some normal data from client to server */ + if (!TEST_true(SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written)) + || !TEST_size_t_eq(written, strlen(MSG2))) + goto end; + + if (!TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes)) + || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2))) + goto end; + + testresult = 1; + + end: + SSL_SESSION_free(sess); + SSL_SESSION_free(clientpsk); + SSL_SESSION_free(serverpsk); + clientpsk = serverpsk = NULL; + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + return testresult; +} + + +# ifndef OPENSSL_NO_TLS1_2 +/* + * Test that a server attempting to read early data can handle a connection + * from a TLSv1.2 client. + */ +static int test_early_data_tls1_2(int idx) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + unsigned char buf[20]; + size_t readbytes, written; + + if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, + &serverssl, NULL, idx))) + goto end; + + /* Write some data - should block due to handshake with server */ + SSL_set_max_proto_version(clientssl, TLS1_2_VERSION); + SSL_set_connect_state(clientssl); + if (!TEST_false(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written))) + goto end; + + /* + * Server should do TLSv1.2 handshake. First it will block waiting for more + * messages from client after ServerDone. Then SSL_read_early_data should + * finish and detect that early data has not been sent + */ + if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), + &readbytes), + SSL_READ_EARLY_DATA_ERROR)) + goto end; + + /* + * Continue writing the message we started earlier. Will still block waiting + * for the CCS/Finished from server + */ + if (!TEST_false(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written)) + || !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), + &readbytes), + SSL_READ_EARLY_DATA_FINISH) + || !TEST_size_t_eq(readbytes, 0) + || !TEST_int_eq(SSL_get_early_data_status(serverssl), + SSL_EARLY_DATA_NOT_SENT)) + goto end; + + /* Continue writing the message we started earlier */ + if (!TEST_true(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written)) + || !TEST_size_t_eq(written, strlen(MSG1)) + || !TEST_int_eq(SSL_get_early_data_status(clientssl), + SSL_EARLY_DATA_NOT_SENT) + || !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes)) + || !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1)) + || !TEST_true(SSL_write_ex(serverssl, MSG2, strlen(MSG2), &written)) + || !TEST_size_t_eq(written, strlen(MSG2)) + || !SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes) + || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2))) + goto end; + + testresult = 1; + + end: + SSL_SESSION_free(clientpsk); + SSL_SESSION_free(serverpsk); + clientpsk = serverpsk = NULL; + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} +# endif /* OPENSSL_NO_TLS1_2 */ + +/* + * Test configuring the TLSv1.3 ciphersuites + * + * Test 0: Set a default ciphersuite in the SSL_CTX (no explicit cipher_list) + * Test 1: Set a non-default ciphersuite in the SSL_CTX (no explicit cipher_list) + * Test 2: Set a default ciphersuite in the SSL (no explicit cipher_list) + * Test 3: Set a non-default ciphersuite in the SSL (no explicit cipher_list) + * Test 4: Set a default ciphersuite in the SSL_CTX (SSL_CTX cipher_list) + * Test 5: Set a non-default ciphersuite in the SSL_CTX (SSL_CTX cipher_list) + * Test 6: Set a default ciphersuite in the SSL (SSL_CTX cipher_list) + * Test 7: Set a non-default ciphersuite in the SSL (SSL_CTX cipher_list) + * Test 8: Set a default ciphersuite in the SSL (SSL cipher_list) + * Test 9: Set a non-default ciphersuite in the SSL (SSL cipher_list) + */ +static int test_set_ciphersuite(int idx) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), + TLS1_VERSION, TLS_MAX_VERSION, + &sctx, &cctx, cert, privkey)) + || !TEST_true(SSL_CTX_set_ciphersuites(sctx, + "TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256"))) + goto end; + + if (idx >=4 && idx <= 7) { + /* SSL_CTX explicit cipher list */ + if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "AES256-GCM-SHA384"))) + goto end; + } + + if (idx == 0 || idx == 4) { + /* Default ciphersuite */ + if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, + "TLS_AES_128_GCM_SHA256"))) + goto end; + } else if (idx == 1 || idx == 5) { + /* Non default ciphersuite */ + if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, + "TLS_AES_128_CCM_SHA256"))) + goto end; + } + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL))) + goto end; + + if (idx == 8 || idx == 9) { + /* SSL explicit cipher list */ + if (!TEST_true(SSL_set_cipher_list(clientssl, "AES256-GCM-SHA384"))) + goto end; + } + + if (idx == 2 || idx == 6 || idx == 8) { + /* Default ciphersuite */ + if (!TEST_true(SSL_set_ciphersuites(clientssl, + "TLS_AES_128_GCM_SHA256"))) + goto end; + } else if (idx == 3 || idx == 7 || idx == 9) { + /* Non default ciphersuite */ + if (!TEST_true(SSL_set_ciphersuites(clientssl, + "TLS_AES_128_CCM_SHA256"))) + goto end; + } + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) + goto end; + + testresult = 1; + + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} + +static int test_ciphersuite_change(void) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + SSL_SESSION *clntsess = NULL; + int testresult = 0; + const SSL_CIPHER *aes_128_gcm_sha256 = NULL; + + /* Create a session based on SHA-256 */ + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), + TLS1_VERSION, TLS_MAX_VERSION, + &sctx, &cctx, cert, privkey)) + || !TEST_true(SSL_CTX_set_ciphersuites(cctx, + "TLS_AES_128_GCM_SHA256")) + || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + + clntsess = SSL_get1_session(clientssl); + /* Save for later */ + aes_128_gcm_sha256 = SSL_SESSION_get0_cipher(clntsess); + SSL_shutdown(clientssl); + SSL_shutdown(serverssl); + SSL_free(serverssl); + SSL_free(clientssl); + serverssl = clientssl = NULL; + +# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) + /* Check we can resume a session with a different SHA-256 ciphersuite */ + if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, + "TLS_CHACHA20_POLY1305_SHA256")) + || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL)) + || !TEST_true(SSL_set_session(clientssl, clntsess)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + || !TEST_true(SSL_session_reused(clientssl))) + goto end; + + SSL_SESSION_free(clntsess); + clntsess = SSL_get1_session(clientssl); + SSL_shutdown(clientssl); + SSL_shutdown(serverssl); + SSL_free(serverssl); + SSL_free(clientssl); + serverssl = clientssl = NULL; +# endif + + /* + * Check attempting to resume a SHA-256 session with no SHA-256 ciphersuites + * succeeds but does not resume. + */ + if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_256_GCM_SHA384")) + || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL)) + || !TEST_true(SSL_set_session(clientssl, clntsess)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_SSL)) + || !TEST_false(SSL_session_reused(clientssl))) + goto end; + + SSL_SESSION_free(clntsess); + clntsess = NULL; + SSL_shutdown(clientssl); + SSL_shutdown(serverssl); + SSL_free(serverssl); + SSL_free(clientssl); + serverssl = clientssl = NULL; + + /* Create a session based on SHA384 */ + if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_256_GCM_SHA384")) + || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + + clntsess = SSL_get1_session(clientssl); + SSL_shutdown(clientssl); + SSL_shutdown(serverssl); + SSL_free(serverssl); + SSL_free(clientssl); + serverssl = clientssl = NULL; + + if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, + "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384")) + || !TEST_true(SSL_CTX_set_ciphersuites(sctx, + "TLS_AES_256_GCM_SHA384")) + || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL)) + || !TEST_true(SSL_set_session(clientssl, clntsess)) + /* + * We use SSL_ERROR_WANT_READ below so that we can pause the + * connection after the initial ClientHello has been sent to + * enable us to make some session changes. + */ + || !TEST_false(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_WANT_READ))) + goto end; + + /* Trick the client into thinking this session is for a different digest */ + clntsess->cipher = aes_128_gcm_sha256; + clntsess->cipher_id = clntsess->cipher->id; + + /* + * Continue the previously started connection. Server has selected a SHA-384 + * ciphersuite, but client thinks the session is for SHA-256, so it should + * bail out. + */ + if (!TEST_false(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_SSL)) + || !TEST_int_eq(ERR_GET_REASON(ERR_get_error()), + SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED)) + goto end; + + testresult = 1; + + end: + SSL_SESSION_free(clntsess); + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} + +/* + * Test TLSv1.3 PSKs + * Test 0 = Test new style callbacks + * Test 1 = Test both new and old style callbacks + * Test 2 = Test old style callbacks + * Test 3 = Test old style callbacks with no certificate + */ +static int test_tls13_psk(int idx) +{ + SSL_CTX *sctx = NULL, *cctx = NULL; + SSL *serverssl = NULL, *clientssl = NULL; + const SSL_CIPHER *cipher = NULL; + const unsigned char key[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, + 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, + 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f + }; + int testresult = 0; + + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), + TLS1_VERSION, TLS_MAX_VERSION, + &sctx, &cctx, idx == 3 ? NULL : cert, + idx == 3 ? NULL : privkey))) + goto end; + + if (idx != 3) { + /* + * We use a ciphersuite with SHA256 to ease testing old style PSK + * callbacks which will always default to SHA256. This should not be + * necessary if we have no cert/priv key. In that case the server should + * prefer SHA256 automatically. + */ + if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, + "TLS_AES_128_GCM_SHA256"))) + goto end; + } + + /* + * Test 0: New style callbacks only + * Test 1: New and old style callbacks (only the new ones should be used) + * Test 2: Old style callbacks only + */ + if (idx == 0 || idx == 1) { + SSL_CTX_set_psk_use_session_callback(cctx, use_session_cb); + SSL_CTX_set_psk_find_session_callback(sctx, find_session_cb); + } +#ifndef OPENSSL_NO_PSK + if (idx >= 1) { + SSL_CTX_set_psk_client_callback(cctx, psk_client_cb); + SSL_CTX_set_psk_server_callback(sctx, psk_server_cb); + } +#endif + srvid = pskid; + use_session_cb_cnt = 0; + find_session_cb_cnt = 0; + psk_client_cb_cnt = 0; + psk_server_cb_cnt = 0; + + if (idx != 3) { + /* + * Check we can create a connection if callback decides not to send a + * PSK + */ + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + || !TEST_false(SSL_session_reused(clientssl)) + || !TEST_false(SSL_session_reused(serverssl))) + goto end; + + if (idx == 0 || idx == 1) { + if (!TEST_true(use_session_cb_cnt == 1) + || !TEST_true(find_session_cb_cnt == 0) + /* + * If no old style callback then below should be 0 + * otherwise 1 + */ + || !TEST_true(psk_client_cb_cnt == idx) + || !TEST_true(psk_server_cb_cnt == 0)) + goto end; + } else { + if (!TEST_true(use_session_cb_cnt == 0) + || !TEST_true(find_session_cb_cnt == 0) + || !TEST_true(psk_client_cb_cnt == 1) + || !TEST_true(psk_server_cb_cnt == 0)) + goto end; + } + + shutdown_ssl_connection(serverssl, clientssl); + serverssl = clientssl = NULL; + use_session_cb_cnt = psk_client_cb_cnt = 0; + } + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL))) + goto end; + + /* Create the PSK */ + cipher = SSL_CIPHER_find(clientssl, TLS13_AES_128_GCM_SHA256_BYTES); + clientpsk = SSL_SESSION_new(); + if (!TEST_ptr(clientpsk) + || !TEST_ptr(cipher) + || !TEST_true(SSL_SESSION_set1_master_key(clientpsk, key, + sizeof(key))) + || !TEST_true(SSL_SESSION_set_cipher(clientpsk, cipher)) + || !TEST_true(SSL_SESSION_set_protocol_version(clientpsk, + TLS1_3_VERSION)) + || !TEST_true(SSL_SESSION_up_ref(clientpsk))) + goto end; + serverpsk = clientpsk; + + /* Check we can create a connection and the PSK is used */ + if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) + || !TEST_true(SSL_session_reused(clientssl)) + || !TEST_true(SSL_session_reused(serverssl))) + goto end; + + if (idx == 0 || idx == 1) { + if (!TEST_true(use_session_cb_cnt == 1) + || !TEST_true(find_session_cb_cnt == 1) + || !TEST_true(psk_client_cb_cnt == 0) + || !TEST_true(psk_server_cb_cnt == 0)) + goto end; + } else { + if (!TEST_true(use_session_cb_cnt == 0) + || !TEST_true(find_session_cb_cnt == 0) + || !TEST_true(psk_client_cb_cnt == 1) + || !TEST_true(psk_server_cb_cnt == 1)) + goto end; + } + + shutdown_ssl_connection(serverssl, clientssl); + serverssl = clientssl = NULL; + use_session_cb_cnt = find_session_cb_cnt = 0; + psk_client_cb_cnt = psk_server_cb_cnt = 0; + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL))) + goto end; + + /* Force an HRR */ + if (!TEST_true(SSL_set1_groups_list(serverssl, "P-256"))) + goto end; + + /* + * Check we can create a connection, the PSK is used and the callbacks are + * called twice. + */ + if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) + || !TEST_true(SSL_session_reused(clientssl)) + || !TEST_true(SSL_session_reused(serverssl))) + goto end; + + if (idx == 0 || idx == 1) { + if (!TEST_true(use_session_cb_cnt == 2) + || !TEST_true(find_session_cb_cnt == 2) + || !TEST_true(psk_client_cb_cnt == 0) + || !TEST_true(psk_server_cb_cnt == 0)) + goto end; + } else { + if (!TEST_true(use_session_cb_cnt == 0) + || !TEST_true(find_session_cb_cnt == 0) + || !TEST_true(psk_client_cb_cnt == 2) + || !TEST_true(psk_server_cb_cnt == 2)) + goto end; + } + + shutdown_ssl_connection(serverssl, clientssl); + serverssl = clientssl = NULL; + use_session_cb_cnt = find_session_cb_cnt = 0; + psk_client_cb_cnt = psk_server_cb_cnt = 0; + + if (idx != 3) { + /* + * Check that if the server rejects the PSK we can still connect, but with + * a full handshake + */ + srvid = "Dummy Identity"; + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + || !TEST_false(SSL_session_reused(clientssl)) + || !TEST_false(SSL_session_reused(serverssl))) + goto end; + + if (idx == 0 || idx == 1) { + if (!TEST_true(use_session_cb_cnt == 1) + || !TEST_true(find_session_cb_cnt == 1) + || !TEST_true(psk_client_cb_cnt == 0) + /* + * If no old style callback then below should be 0 + * otherwise 1 + */ + || !TEST_true(psk_server_cb_cnt == idx)) + goto end; + } else { + if (!TEST_true(use_session_cb_cnt == 0) + || !TEST_true(find_session_cb_cnt == 0) + || !TEST_true(psk_client_cb_cnt == 1) + || !TEST_true(psk_server_cb_cnt == 1)) + goto end; + } + + shutdown_ssl_connection(serverssl, clientssl); + serverssl = clientssl = NULL; + } + testresult = 1; + + end: + SSL_SESSION_free(clientpsk); + SSL_SESSION_free(serverpsk); + clientpsk = serverpsk = NULL; + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + return testresult; +} + +static unsigned char cookie_magic_value[] = "cookie magic"; + +static int generate_cookie_callback(SSL *ssl, unsigned char *cookie, + unsigned int *cookie_len) +{ + /* + * Not suitable as a real cookie generation function but good enough for + * testing! + */ + memcpy(cookie, cookie_magic_value, sizeof(cookie_magic_value) - 1); + *cookie_len = sizeof(cookie_magic_value) - 1; + + return 1; +} + +static int verify_cookie_callback(SSL *ssl, const unsigned char *cookie, + unsigned int cookie_len) +{ + if (cookie_len == sizeof(cookie_magic_value) - 1 + && memcmp(cookie, cookie_magic_value, cookie_len) == 0) + return 1; + + return 0; +} + +static int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie, + size_t *cookie_len) +{ + unsigned int temp; + int res = generate_cookie_callback(ssl, cookie, &temp); + *cookie_len = temp; + return res; +} + +static int verify_stateless_cookie_callback(SSL *ssl, const unsigned char *cookie, + size_t cookie_len) +{ + return verify_cookie_callback(ssl, cookie, cookie_len); +} + +static int test_stateless(void) +{ + SSL_CTX *sctx = NULL, *cctx = NULL; + SSL *serverssl = NULL, *clientssl = NULL; + int testresult = 0; + + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), + TLS1_VERSION, TLS_MAX_VERSION, + &sctx, &cctx, cert, privkey))) + goto end; + + /* The arrival of CCS messages can confuse the test */ + SSL_CTX_clear_options(cctx, SSL_OP_ENABLE_MIDDLEBOX_COMPAT); + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL)) + /* Send the first ClientHello */ + || !TEST_false(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_WANT_READ)) + /* + * This should fail with a -1 return because we have no callbacks + * set up + */ + || !TEST_int_eq(SSL_stateless(serverssl), -1)) + goto end; + + /* Fatal error so abandon the connection from this client */ + SSL_free(clientssl); + clientssl = NULL; + + /* Set up the cookie generation and verification callbacks */ + SSL_CTX_set_stateless_cookie_generate_cb(sctx, generate_stateless_cookie_callback); + SSL_CTX_set_stateless_cookie_verify_cb(sctx, verify_stateless_cookie_callback); + + /* + * Create a new connection from the client (we can reuse the server SSL + * object). + */ + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL)) + /* Send the first ClientHello */ + || !TEST_false(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_WANT_READ)) + /* This should fail because there is no cookie */ + || !TEST_int_eq(SSL_stateless(serverssl), 0)) + goto end; + + /* Abandon the connection from this client */ + SSL_free(clientssl); + clientssl = NULL; + + /* + * Now create a connection from a new client but with the same server SSL + * object + */ + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL)) + /* Send the first ClientHello */ + || !TEST_false(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_WANT_READ)) + /* This should fail because there is no cookie */ + || !TEST_int_eq(SSL_stateless(serverssl), 0) + /* Send the second ClientHello */ + || !TEST_false(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_WANT_READ)) + /* This should succeed because a cookie is now present */ + || !TEST_int_eq(SSL_stateless(serverssl), 1) + /* Complete the connection */ + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + + shutdown_ssl_connection(serverssl, clientssl); + serverssl = clientssl = NULL; + testresult = 1; + + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + return testresult; + +} +#endif /* OPENSSL_NO_TLS1_3 */ + +static int clntaddoldcb = 0; +static int clntparseoldcb = 0; +static int srvaddoldcb = 0; +static int srvparseoldcb = 0; +static int clntaddnewcb = 0; +static int clntparsenewcb = 0; +static int srvaddnewcb = 0; +static int srvparsenewcb = 0; +static int snicb = 0; + +#define TEST_EXT_TYPE1 0xff00 + +static int old_add_cb(SSL *s, unsigned int ext_type, const unsigned char **out, + size_t *outlen, int *al, void *add_arg) +{ + int *server = (int *)add_arg; + unsigned char *data; + + if (SSL_is_server(s)) + srvaddoldcb++; + else + clntaddoldcb++; + + if (*server != SSL_is_server(s) + || (data = OPENSSL_malloc(sizeof(*data))) == NULL) + return -1; + + *data = 1; + *out = data; + *outlen = sizeof(char); + return 1; +} + +static void old_free_cb(SSL *s, unsigned int ext_type, const unsigned char *out, + void *add_arg) +{ + OPENSSL_free((unsigned char *)out); +} + +static int old_parse_cb(SSL *s, unsigned int ext_type, const unsigned char *in, + size_t inlen, int *al, void *parse_arg) +{ + int *server = (int *)parse_arg; + + if (SSL_is_server(s)) + srvparseoldcb++; + else + clntparseoldcb++; + + if (*server != SSL_is_server(s) + || inlen != sizeof(char) + || *in != 1) + return -1; + + return 1; +} + +static int new_add_cb(SSL *s, unsigned int ext_type, unsigned int context, + const unsigned char **out, size_t *outlen, X509 *x, + size_t chainidx, int *al, void *add_arg) +{ + int *server = (int *)add_arg; + unsigned char *data; + + if (SSL_is_server(s)) + srvaddnewcb++; + else + clntaddnewcb++; + + if (*server != SSL_is_server(s) + || (data = OPENSSL_malloc(sizeof(*data))) == NULL) + return -1; + + *data = 1; + *out = data; + *outlen = sizeof(*data); + return 1; +} + +static void new_free_cb(SSL *s, unsigned int ext_type, unsigned int context, + const unsigned char *out, void *add_arg) +{ + OPENSSL_free((unsigned char *)out); +} + +static int new_parse_cb(SSL *s, unsigned int ext_type, unsigned int context, + const unsigned char *in, size_t inlen, X509 *x, + size_t chainidx, int *al, void *parse_arg) +{ + int *server = (int *)parse_arg; + + if (SSL_is_server(s)) + srvparsenewcb++; + else + clntparsenewcb++; + + if (*server != SSL_is_server(s) + || inlen != sizeof(char) || *in != 1) + return -1; + + return 1; +} + +static int sni_cb(SSL *s, int *al, void *arg) +{ + SSL_CTX *ctx = (SSL_CTX *)arg; + + if (SSL_set_SSL_CTX(s, ctx) == NULL) { + *al = SSL_AD_INTERNAL_ERROR; + return SSL_TLSEXT_ERR_ALERT_FATAL; + } + snicb++; + return SSL_TLSEXT_ERR_OK; +} + +/* + * Custom call back tests. + * Test 0: Old style callbacks in TLSv1.2 + * Test 1: New style callbacks in TLSv1.2 + * Test 2: New style callbacks in TLSv1.2 with SNI + * Test 3: New style callbacks in TLSv1.3. Extensions in CH and EE + * Test 4: New style callbacks in TLSv1.3. Extensions in CH, SH, EE, Cert + NST + */ +static int test_custom_exts(int tst) +{ + SSL_CTX *cctx = NULL, *sctx = NULL, *sctx2 = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + static int server = 1; + static int client = 0; + SSL_SESSION *sess = NULL; + unsigned int context; + +#if defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_TLS1_3) + /* Skip tests for TLSv1.2 and below in this case */ + if (tst < 3) + return 1; +#endif + + /* Reset callback counters */ + clntaddoldcb = clntparseoldcb = srvaddoldcb = srvparseoldcb = 0; + clntaddnewcb = clntparsenewcb = srvaddnewcb = srvparsenewcb = 0; + snicb = 0; + + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), + TLS1_VERSION, TLS_MAX_VERSION, + &sctx, &cctx, cert, privkey))) + goto end; + + if (tst == 2 + && !TEST_true(create_ssl_ctx_pair(TLS_server_method(), NULL, + TLS1_VERSION, TLS_MAX_VERSION, + &sctx2, NULL, cert, privkey))) + goto end; + + + if (tst < 3) { + SSL_CTX_set_options(cctx, SSL_OP_NO_TLSv1_3); + SSL_CTX_set_options(sctx, SSL_OP_NO_TLSv1_3); + if (sctx2 != NULL) + SSL_CTX_set_options(sctx2, SSL_OP_NO_TLSv1_3); + } + + if (tst == 4) { + context = SSL_EXT_CLIENT_HELLO + | SSL_EXT_TLS1_2_SERVER_HELLO + | SSL_EXT_TLS1_3_SERVER_HELLO + | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS + | SSL_EXT_TLS1_3_CERTIFICATE + | SSL_EXT_TLS1_3_NEW_SESSION_TICKET; + } else { + context = SSL_EXT_CLIENT_HELLO + | SSL_EXT_TLS1_2_SERVER_HELLO + | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS; + } + + /* Create a client side custom extension */ + if (tst == 0) { + if (!TEST_true(SSL_CTX_add_client_custom_ext(cctx, TEST_EXT_TYPE1, + old_add_cb, old_free_cb, + &client, old_parse_cb, + &client))) + goto end; + } else { + if (!TEST_true(SSL_CTX_add_custom_ext(cctx, TEST_EXT_TYPE1, context, + new_add_cb, new_free_cb, + &client, new_parse_cb, &client))) + goto end; + } + + /* Should not be able to add duplicates */ + if (!TEST_false(SSL_CTX_add_client_custom_ext(cctx, TEST_EXT_TYPE1, + old_add_cb, old_free_cb, + &client, old_parse_cb, + &client)) + || !TEST_false(SSL_CTX_add_custom_ext(cctx, TEST_EXT_TYPE1, + context, new_add_cb, + new_free_cb, &client, + new_parse_cb, &client))) + goto end; + + /* Create a server side custom extension */ + if (tst == 0) { + if (!TEST_true(SSL_CTX_add_server_custom_ext(sctx, TEST_EXT_TYPE1, + old_add_cb, old_free_cb, + &server, old_parse_cb, + &server))) + goto end; + } else { + if (!TEST_true(SSL_CTX_add_custom_ext(sctx, TEST_EXT_TYPE1, context, + new_add_cb, new_free_cb, + &server, new_parse_cb, &server))) + goto end; + if (sctx2 != NULL + && !TEST_true(SSL_CTX_add_custom_ext(sctx2, TEST_EXT_TYPE1, + context, new_add_cb, + new_free_cb, &server, + new_parse_cb, &server))) + goto end; + } + + /* Should not be able to add duplicates */ + if (!TEST_false(SSL_CTX_add_server_custom_ext(sctx, TEST_EXT_TYPE1, + old_add_cb, old_free_cb, + &server, old_parse_cb, + &server)) + || !TEST_false(SSL_CTX_add_custom_ext(sctx, TEST_EXT_TYPE1, + context, new_add_cb, + new_free_cb, &server, + new_parse_cb, &server))) + goto end; + + if (tst == 2) { + /* Set up SNI */ + if (!TEST_true(SSL_CTX_set_tlsext_servername_callback(sctx, sni_cb)) + || !TEST_true(SSL_CTX_set_tlsext_servername_arg(sctx, sctx2))) + goto end; + } + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + + if (tst == 0) { + if (clntaddoldcb != 1 + || clntparseoldcb != 1 + || srvaddoldcb != 1 + || srvparseoldcb != 1) + goto end; + } else if (tst == 1 || tst == 2 || tst == 3) { + if (clntaddnewcb != 1 + || clntparsenewcb != 1 + || srvaddnewcb != 1 + || srvparsenewcb != 1 + || (tst != 2 && snicb != 0) + || (tst == 2 && snicb != 1)) + goto end; + } else { + /* In this case there 2 NewSessionTicket messages created */ + if (clntaddnewcb != 1 + || clntparsenewcb != 5 + || srvaddnewcb != 5 + || srvparsenewcb != 1) + goto end; + } + + sess = SSL_get1_session(clientssl); + SSL_shutdown(clientssl); + SSL_shutdown(serverssl); + SSL_free(serverssl); + SSL_free(clientssl); + serverssl = clientssl = NULL; + + if (tst == 3) { + /* We don't bother with the resumption aspects for this test */ + testresult = 1; + goto end; + } + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL)) + || !TEST_true(SSL_set_session(clientssl, sess)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + + /* + * For a resumed session we expect to add the ClientHello extension. For the + * old style callbacks we ignore it on the server side because they set + * SSL_EXT_IGNORE_ON_RESUMPTION. The new style callbacks do not ignore + * them. + */ + if (tst == 0) { + if (clntaddoldcb != 2 + || clntparseoldcb != 1 + || srvaddoldcb != 1 + || srvparseoldcb != 1) + goto end; + } else if (tst == 1 || tst == 2 || tst == 3) { + if (clntaddnewcb != 2 + || clntparsenewcb != 2 + || srvaddnewcb != 2 + || srvparsenewcb != 2) + goto end; + } else { + /* + * No Certificate message extensions in the resumption handshake, + * 2 NewSessionTickets in the initial handshake, 1 in the resumption + */ + if (clntaddnewcb != 2 + || clntparsenewcb != 8 + || srvaddnewcb != 8 + || srvparsenewcb != 2) + goto end; + } + + testresult = 1; + +end: + SSL_SESSION_free(sess); + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx2); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + return testresult; +} + +/* + * Test loading of serverinfo data in various formats. test_sslmessages actually + * tests to make sure the extensions appear in the handshake + */ +static int test_serverinfo(int tst) +{ + unsigned int version; + unsigned char *sibuf; + size_t sibuflen; + int ret, expected, testresult = 0; + SSL_CTX *ctx; + + ctx = SSL_CTX_new(TLS_method()); + if (!TEST_ptr(ctx)) + goto end; + + if ((tst & 0x01) == 0x01) + version = SSL_SERVERINFOV2; + else + version = SSL_SERVERINFOV1; + + if ((tst & 0x02) == 0x02) { + sibuf = serverinfov2; + sibuflen = sizeof(serverinfov2); + expected = (version == SSL_SERVERINFOV2); + } else { + sibuf = serverinfov1; + sibuflen = sizeof(serverinfov1); + expected = (version == SSL_SERVERINFOV1); + } + + if ((tst & 0x04) == 0x04) { + ret = SSL_CTX_use_serverinfo_ex(ctx, version, sibuf, sibuflen); + } else { + ret = SSL_CTX_use_serverinfo(ctx, sibuf, sibuflen); + + /* + * The version variable is irrelevant in this case - it's what is in the + * buffer that matters + */ + if ((tst & 0x02) == 0x02) + expected = 0; + else + expected = 1; + } + + if (!TEST_true(ret == expected)) + goto end; + + testresult = 1; + + end: + SSL_CTX_free(ctx); + + return testresult; +} + +/* + * Test that SSL_export_keying_material() produces expected results. There are + * no test vectors so all we do is test that both sides of the communication + * produce the same results for different protocol versions. + */ +static int test_export_key_mat(int tst) +{ + int testresult = 0; + SSL_CTX *cctx = NULL, *sctx = NULL, *sctx2 = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + const char label[] = "test label"; + const unsigned char context[] = "context"; + const unsigned char *emptycontext = NULL; + unsigned char ckeymat1[80], ckeymat2[80], ckeymat3[80]; + unsigned char skeymat1[80], skeymat2[80], skeymat3[80]; + const int protocols[] = { + TLS1_VERSION, + TLS1_1_VERSION, + TLS1_2_VERSION, + TLS1_3_VERSION + }; + +#ifdef OPENSSL_NO_TLS1 + if (tst == 0) + return 1; +#endif +#ifdef OPENSSL_NO_TLS1_1 + if (tst == 1) + return 1; +#endif +#ifdef OPENSSL_NO_TLS1_2 + if (tst == 2) + return 1; +#endif +#ifdef OPENSSL_NO_TLS1_3 + if (tst == 3) + return 1; +#endif + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), + TLS1_VERSION, TLS_MAX_VERSION, + &sctx, &cctx, cert, privkey))) + goto end; + + OPENSSL_assert(tst >= 0 && (size_t)tst < OSSL_NELEM(protocols)); + SSL_CTX_set_max_proto_version(cctx, protocols[tst]); + SSL_CTX_set_min_proto_version(cctx, protocols[tst]); + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, + NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + + if (!TEST_int_eq(SSL_export_keying_material(clientssl, ckeymat1, + sizeof(ckeymat1), label, + sizeof(label) - 1, context, + sizeof(context) - 1, 1), 1) + || !TEST_int_eq(SSL_export_keying_material(clientssl, ckeymat2, + sizeof(ckeymat2), label, + sizeof(label) - 1, + emptycontext, + 0, 1), 1) + || !TEST_int_eq(SSL_export_keying_material(clientssl, ckeymat3, + sizeof(ckeymat3), label, + sizeof(label) - 1, + NULL, 0, 0), 1) + || !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat1, + sizeof(skeymat1), label, + sizeof(label) - 1, + context, + sizeof(context) -1, 1), + 1) + || !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat2, + sizeof(skeymat2), label, + sizeof(label) - 1, + emptycontext, + 0, 1), 1) + || !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat3, + sizeof(skeymat3), label, + sizeof(label) - 1, + NULL, 0, 0), 1) + /* + * Check that both sides created the same key material with the + * same context. + */ + || !TEST_mem_eq(ckeymat1, sizeof(ckeymat1), skeymat1, + sizeof(skeymat1)) + /* + * Check that both sides created the same key material with an + * empty context. + */ + || !TEST_mem_eq(ckeymat2, sizeof(ckeymat2), skeymat2, + sizeof(skeymat2)) + /* + * Check that both sides created the same key material without a + * context. + */ + || !TEST_mem_eq(ckeymat3, sizeof(ckeymat3), skeymat3, + sizeof(skeymat3)) + /* Different contexts should produce different results */ + || !TEST_mem_ne(ckeymat1, sizeof(ckeymat1), ckeymat2, + sizeof(ckeymat2))) + goto end; + + /* + * Check that an empty context and no context produce different results in + * protocols less than TLSv1.3. In TLSv1.3 they should be the same. + */ + if ((tst != 3 && !TEST_mem_ne(ckeymat2, sizeof(ckeymat2), ckeymat3, + sizeof(ckeymat3))) + || (tst ==3 && !TEST_mem_eq(ckeymat2, sizeof(ckeymat2), ckeymat3, + sizeof(ckeymat3)))) + goto end; + + testresult = 1; + + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx2); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} + +#ifndef OPENSSL_NO_TLS1_3 +/* + * Test that SSL_export_keying_material_early() produces expected + * results. There are no test vectors so all we do is test that both + * sides of the communication produce the same results for different + * protocol versions. + */ +static int test_export_key_mat_early(int idx) +{ + static const char label[] = "test label"; + static const unsigned char context[] = "context"; + int testresult = 0; + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + SSL_SESSION *sess = NULL; + const unsigned char *emptycontext = NULL; + unsigned char ckeymat1[80], ckeymat2[80]; + unsigned char skeymat1[80], skeymat2[80]; + unsigned char buf[1]; + size_t readbytes, written; + + if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, &serverssl, + &sess, idx))) + goto end; + + /* Here writing 0 length early data is enough. */ + if (!TEST_true(SSL_write_early_data(clientssl, NULL, 0, &written)) + || !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), + &readbytes), + SSL_READ_EARLY_DATA_ERROR) + || !TEST_int_eq(SSL_get_early_data_status(serverssl), + SSL_EARLY_DATA_ACCEPTED)) + goto end; + + if (!TEST_int_eq(SSL_export_keying_material_early( + clientssl, ckeymat1, sizeof(ckeymat1), label, + sizeof(label) - 1, context, sizeof(context) - 1), 1) + || !TEST_int_eq(SSL_export_keying_material_early( + clientssl, ckeymat2, sizeof(ckeymat2), label, + sizeof(label) - 1, emptycontext, 0), 1) + || !TEST_int_eq(SSL_export_keying_material_early( + serverssl, skeymat1, sizeof(skeymat1), label, + sizeof(label) - 1, context, sizeof(context) - 1), 1) + || !TEST_int_eq(SSL_export_keying_material_early( + serverssl, skeymat2, sizeof(skeymat2), label, + sizeof(label) - 1, emptycontext, 0), 1) + /* + * Check that both sides created the same key material with the + * same context. + */ + || !TEST_mem_eq(ckeymat1, sizeof(ckeymat1), skeymat1, + sizeof(skeymat1)) + /* + * Check that both sides created the same key material with an + * empty context. + */ + || !TEST_mem_eq(ckeymat2, sizeof(ckeymat2), skeymat2, + sizeof(skeymat2)) + /* Different contexts should produce different results */ + || !TEST_mem_ne(ckeymat1, sizeof(ckeymat1), ckeymat2, + sizeof(ckeymat2))) + goto end; + + testresult = 1; + + end: + SSL_SESSION_free(sess); + SSL_SESSION_free(clientpsk); + SSL_SESSION_free(serverpsk); + clientpsk = serverpsk = NULL; + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} +#endif /* OPENSSL_NO_TLS1_3 */ + +static int test_ssl_clear(int idx) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + +#ifdef OPENSSL_NO_TLS1_2 + if (idx == 1) + return 1; +#endif + + /* Create an initial connection */ + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), + TLS1_VERSION, TLS_MAX_VERSION, + &sctx, &cctx, cert, privkey)) + || (idx == 1 + && !TEST_true(SSL_CTX_set_max_proto_version(cctx, + TLS1_2_VERSION))) + || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + + SSL_shutdown(clientssl); + SSL_shutdown(serverssl); + SSL_free(serverssl); + serverssl = NULL; + + /* Clear clientssl - we're going to reuse the object */ + if (!TEST_true(SSL_clear(clientssl))) + goto end; + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + || !TEST_true(SSL_session_reused(clientssl))) + goto end; + + SSL_shutdown(clientssl); + SSL_shutdown(serverssl); + + testresult = 1; + + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} + +/* Parse CH and retrieve any MFL extension value if present */ +static int get_MFL_from_client_hello(BIO *bio, int *mfl_codemfl_code) +{ + long len; + unsigned char *data; + PACKET pkt = {0}, pkt2 = {0}, pkt3 = {0}; + unsigned int MFL_code = 0, type = 0; + + if (!TEST_uint_gt( len = BIO_get_mem_data( bio, (char **) &data ), 0 ) ) + goto end; + + if (!TEST_true( PACKET_buf_init( &pkt, data, len ) ) + /* Skip the record header */ + || !PACKET_forward(&pkt, SSL3_RT_HEADER_LENGTH) + /* Skip the handshake message header */ + || !TEST_true(PACKET_forward(&pkt, SSL3_HM_HEADER_LENGTH)) + /* Skip client version and random */ + || !TEST_true(PACKET_forward(&pkt, CLIENT_VERSION_LEN + + SSL3_RANDOM_SIZE)) + /* Skip session id */ + || !TEST_true(PACKET_get_length_prefixed_1(&pkt, &pkt2)) + /* Skip ciphers */ + || !TEST_true(PACKET_get_length_prefixed_2(&pkt, &pkt2)) + /* Skip compression */ + || !TEST_true(PACKET_get_length_prefixed_1(&pkt, &pkt2)) + /* Extensions len */ + || !TEST_true(PACKET_as_length_prefixed_2(&pkt, &pkt2))) + goto end; + + /* Loop through all extensions */ + while (PACKET_remaining(&pkt2)) { + if (!TEST_true(PACKET_get_net_2(&pkt2, &type)) + || !TEST_true(PACKET_get_length_prefixed_2(&pkt2, &pkt3))) + goto end; + + if (type == TLSEXT_TYPE_max_fragment_length) { + if (!TEST_uint_ne(PACKET_remaining(&pkt3), 0) + || !TEST_true(PACKET_get_1(&pkt3, &MFL_code))) + goto end; + + *mfl_codemfl_code = MFL_code; + return 1; + } + } + + end: + return 0; +} + +/* Maximum-Fragment-Length TLS extension mode to test */ +static const unsigned char max_fragment_len_test[] = { + TLSEXT_max_fragment_length_512, + TLSEXT_max_fragment_length_1024, + TLSEXT_max_fragment_length_2048, + TLSEXT_max_fragment_length_4096 +}; + +static int test_max_fragment_len_ext(int idx_tst) +{ + SSL_CTX *ctx; + SSL *con = NULL; + int testresult = 0, MFL_mode = 0; + BIO *rbio, *wbio; + + ctx = SSL_CTX_new(TLS_method()); + if (!TEST_ptr(ctx)) + goto end; + + if (!TEST_true(SSL_CTX_set_tlsext_max_fragment_length( + ctx, max_fragment_len_test[idx_tst]))) + goto end; + + con = SSL_new(ctx); + if (!TEST_ptr(con)) + goto end; + + rbio = BIO_new(BIO_s_mem()); + wbio = BIO_new(BIO_s_mem()); + if (!TEST_ptr(rbio)|| !TEST_ptr(wbio)) { + BIO_free(rbio); + BIO_free(wbio); + goto end; + } + + SSL_set_bio(con, rbio, wbio); + SSL_set_connect_state(con); + + if (!TEST_int_le(SSL_connect(con), 0)) { + /* This shouldn't succeed because we don't have a server! */ + goto end; + } + + if (!TEST_true(get_MFL_from_client_hello(wbio, &MFL_mode))) + /* no MFL in client hello */ + goto end; + if (!TEST_true(max_fragment_len_test[idx_tst] == MFL_mode)) + goto end; + + testresult = 1; + +end: + SSL_free(con); + SSL_CTX_free(ctx); + + return testresult; +} + +#ifndef OPENSSL_NO_TLS1_3 +static int test_pha_key_update(void) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), + TLS1_VERSION, TLS_MAX_VERSION, + &sctx, &cctx, cert, privkey))) + return 0; + + if (!TEST_true(SSL_CTX_set_min_proto_version(sctx, TLS1_3_VERSION)) + || !TEST_true(SSL_CTX_set_max_proto_version(sctx, TLS1_3_VERSION)) + || !TEST_true(SSL_CTX_set_min_proto_version(cctx, TLS1_3_VERSION)) + || !TEST_true(SSL_CTX_set_max_proto_version(cctx, TLS1_3_VERSION))) + goto end; + + SSL_CTX_set_post_handshake_auth(cctx, 1); + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL))) + goto end; + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + + SSL_set_verify(serverssl, SSL_VERIFY_PEER, NULL); + if (!TEST_true(SSL_verify_client_post_handshake(serverssl))) + goto end; + + if (!TEST_true(SSL_key_update(clientssl, SSL_KEY_UPDATE_NOT_REQUESTED))) + goto end; + + /* Start handshake on the server */ + if (!TEST_int_eq(SSL_do_handshake(serverssl), 1)) + goto end; + + /* Starts with SSL_connect(), but it's really just SSL_do_handshake() */ + if (!TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + + SSL_shutdown(clientssl); + SSL_shutdown(serverssl); + + testresult = 1; + + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + return testresult; +} +#endif + +#if !defined(OPENSSL_NO_SRP) && !defined(OPENSSL_NO_TLS1_2) + +static SRP_VBASE *vbase = NULL; + +static int ssl_srp_cb(SSL *s, int *ad, void *arg) +{ + int ret = SSL3_AL_FATAL; + char *username; + SRP_user_pwd *user = NULL; + + username = SSL_get_srp_username(s); + if (username == NULL) { + *ad = SSL_AD_INTERNAL_ERROR; + goto err; + } + + user = SRP_VBASE_get1_by_user(vbase, username); + if (user == NULL) { + *ad = SSL_AD_INTERNAL_ERROR; + goto err; + } + + if (SSL_set_srp_server_param(s, user->N, user->g, user->s, user->v, + user->info) <= 0) { + *ad = SSL_AD_INTERNAL_ERROR; + goto err; + } + + ret = 0; + + err: + SRP_user_pwd_free(user); + return ret; +} + +static int create_new_vfile(char *userid, char *password, const char *filename) +{ + char *gNid = NULL; + OPENSSL_STRING *row = OPENSSL_zalloc(sizeof(row) * (DB_NUMBER + 1)); + TXT_DB *db = NULL; + int ret = 0; + BIO *out = NULL, *dummy = BIO_new_mem_buf("", 0); + size_t i; + + if (!TEST_ptr(dummy) || !TEST_ptr(row)) + goto end; + + gNid = SRP_create_verifier(userid, password, &row[DB_srpsalt], + &row[DB_srpverifier], NULL, NULL); + if (!TEST_ptr(gNid)) + goto end; + + /* + * The only way to create an empty TXT_DB is to provide a BIO with no data + * in it! + */ + db = TXT_DB_read(dummy, DB_NUMBER); + if (!TEST_ptr(db)) + goto end; + + out = BIO_new_file(filename, "w"); + if (!TEST_ptr(out)) + goto end; + + row[DB_srpid] = OPENSSL_strdup(userid); + row[DB_srptype] = OPENSSL_strdup("V"); + row[DB_srpgN] = OPENSSL_strdup(gNid); + + if (!TEST_ptr(row[DB_srpid]) + || !TEST_ptr(row[DB_srptype]) + || !TEST_ptr(row[DB_srpgN]) + || !TEST_true(TXT_DB_insert(db, row))) + goto end; + + row = NULL; + + if (!TXT_DB_write(out, db)) + goto end; + + ret = 1; + end: + if (row != NULL) { + for (i = 0; i < DB_NUMBER; i++) + OPENSSL_free(row[i]); + } + OPENSSL_free(row); + BIO_free(dummy); + BIO_free(out); + TXT_DB_free(db); + + return ret; +} + +static int create_new_vbase(char *userid, char *password) +{ + BIGNUM *verifier = NULL, *salt = NULL; + const SRP_gN *lgN = NULL; + SRP_user_pwd *user_pwd = NULL; + int ret = 0; + + lgN = SRP_get_default_gN(NULL); + if (!TEST_ptr(lgN)) + goto end; + + if (!TEST_true(SRP_create_verifier_BN(userid, password, &salt, &verifier, + lgN->N, lgN->g))) + goto end; + + user_pwd = OPENSSL_zalloc(sizeof(*user_pwd)); + if (!TEST_ptr(user_pwd)) + goto end; + + user_pwd->N = lgN->N; + user_pwd->g = lgN->g; + user_pwd->id = OPENSSL_strdup(userid); + if (!TEST_ptr(user_pwd->id)) + goto end; + + user_pwd->v = verifier; + user_pwd->s = salt; + verifier = salt = NULL; + + if (sk_SRP_user_pwd_insert(vbase->users_pwd, user_pwd, 0) == 0) + goto end; + user_pwd = NULL; + + ret = 1; +end: + SRP_user_pwd_free(user_pwd); + BN_free(salt); + BN_free(verifier); + + return ret; +} + +/* + * SRP tests + * + * Test 0: Simple successful SRP connection, new vbase + * Test 1: Connection failure due to bad password, new vbase + * Test 2: Simple successful SRP connection, vbase loaded from existing file + * Test 3: Connection failure due to bad password, vbase loaded from existing + * file + * Test 4: Simple successful SRP connection, vbase loaded from new file + * Test 5: Connection failure due to bad password, vbase loaded from new file + */ +static int test_srp(int tst) +{ + char *userid = "test", *password = "password", *tstsrpfile; + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int ret, testresult = 0; + + vbase = SRP_VBASE_new(NULL); + if (!TEST_ptr(vbase)) + goto end; + + if (tst == 0 || tst == 1) { + if (!TEST_true(create_new_vbase(userid, password))) + goto end; + } else { + if (tst == 4 || tst == 5) { + if (!TEST_true(create_new_vfile(userid, password, tmpfilename))) + goto end; + tstsrpfile = tmpfilename; + } else { + tstsrpfile = srpvfile; + } + if (!TEST_int_eq(SRP_VBASE_init(vbase, tstsrpfile), SRP_NO_ERROR)) + goto end; + } + + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), + TLS1_VERSION, TLS_MAX_VERSION, + &sctx, &cctx, cert, privkey))) + goto end; + + if (!TEST_int_gt(SSL_CTX_set_srp_username_callback(sctx, ssl_srp_cb), 0) + || !TEST_true(SSL_CTX_set_cipher_list(cctx, "SRP-AES-128-CBC-SHA")) + || !TEST_true(SSL_CTX_set_max_proto_version(sctx, TLS1_2_VERSION)) + || !TEST_true(SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION)) + || !TEST_int_gt(SSL_CTX_set_srp_username(cctx, userid), 0)) + goto end; + + if (tst % 2 == 1) { + if (!TEST_int_gt(SSL_CTX_set_srp_password(cctx, "badpass"), 0)) + goto end; + } else { + if (!TEST_int_gt(SSL_CTX_set_srp_password(cctx, password), 0)) + goto end; + } + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL))) + goto end; + + ret = create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE); + if (ret) { + if (!TEST_true(tst % 2 == 0)) + goto end; + } else { + if (!TEST_true(tst % 2 == 1)) + goto end; + } + + testresult = 1; + + end: + SRP_VBASE_free(vbase); + vbase = NULL; + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} +#endif + +static int info_cb_failed = 0; +static int info_cb_offset = 0; +static int info_cb_this_state = -1; + +static struct info_cb_states_st { + int where; + const char *statestr; +} info_cb_states[][60] = { + { + /* TLSv1.2 server followed by resumption */ + {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "}, + {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"}, + {SSL_CB_LOOP, "TWSC"}, {SSL_CB_LOOP, "TWSKE"}, {SSL_CB_LOOP, "TWSD"}, + {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWSD"}, {SSL_CB_LOOP, "TRCKE"}, + {SSL_CB_LOOP, "TRCCS"}, {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWST"}, + {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"}, + {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, + {SSL_CB_ALERT, NULL}, {SSL_CB_HANDSHAKE_START, NULL}, + {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, + {SSL_CB_LOOP, "TWSH"}, {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"}, + {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_LOOP, "TRCCS"}, + {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL}, + {SSL_CB_EXIT, NULL}, {0, NULL}, + }, { + /* TLSv1.2 client followed by resumption */ + {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "}, + {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWCH"}, + {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TRSC"}, {SSL_CB_LOOP, "TRSKE"}, + {SSL_CB_LOOP, "TRSD"}, {SSL_CB_LOOP, "TWCKE"}, {SSL_CB_LOOP, "TWCCS"}, + {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWFIN"}, + {SSL_CB_LOOP, "TRST"}, {SSL_CB_LOOP, "TRCCS"}, {SSL_CB_LOOP, "TRFIN"}, + {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {SSL_CB_ALERT, NULL}, + {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "}, + {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWCH"}, + {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TRCCS"}, {SSL_CB_LOOP, "TRFIN"}, + {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"}, + {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {0, NULL}, + }, { + /* TLSv1.3 server followed by resumption */ + {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "}, + {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"}, + {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWSC"}, + {SSL_CB_LOOP, "TRSCV"}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_LOOP, "TED"}, + {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TRFIN"}, + {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_HANDSHAKE_START, NULL}, + {SSL_CB_LOOP, "TWST"}, {SSL_CB_HANDSHAKE_DONE, NULL}, + {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "TWST"}, + {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, + {SSL_CB_ALERT, NULL}, {SSL_CB_HANDSHAKE_START, NULL}, + {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, + {SSL_CB_LOOP, "TWSH"}, {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, + {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_LOOP, "TED"}, {SSL_CB_EXIT, NULL}, + {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TRFIN"}, + {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_HANDSHAKE_START, NULL}, + {SSL_CB_LOOP, "TWST"}, {SSL_CB_HANDSHAKE_DONE, NULL}, + {SSL_CB_EXIT, NULL}, {0, NULL}, + }, { + /* TLSv1.3 client followed by resumption */ + {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "}, + {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWCH"}, + {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"}, {SSL_CB_LOOP, "TRSC"}, + {SSL_CB_LOOP, "TRSCV"}, {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWCCS"}, + {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL}, + {SSL_CB_EXIT, NULL}, {SSL_CB_HANDSHAKE_START, NULL}, + {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"}, + {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, + {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "SSLOK "}, + {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"}, + {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, + {SSL_CB_ALERT, NULL}, {SSL_CB_HANDSHAKE_START, NULL}, + {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, + {SSL_CB_LOOP, "TWCH"}, {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"}, + {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"}, + {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, + {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "SSLOK "}, + {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"}, + {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {0, NULL}, + }, { + /* TLSv1.3 server, early_data */ + {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "}, + {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"}, + {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWFIN"}, + {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, + {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "TED"}, + {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TWEOED"}, {SSL_CB_LOOP, "TRFIN"}, + {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_HANDSHAKE_START, NULL}, + {SSL_CB_LOOP, "TWST"}, {SSL_CB_HANDSHAKE_DONE, NULL}, + {SSL_CB_EXIT, NULL}, {0, NULL}, + }, { + /* TLSv1.3 client, early_data */ + {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "}, + {SSL_CB_LOOP, "TWCH"}, {SSL_CB_LOOP, "TWCCS"}, + {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, + {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "TED"}, + {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"}, + {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TPEDE"}, {SSL_CB_LOOP, "TWEOED"}, + {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL}, + {SSL_CB_EXIT, NULL}, {SSL_CB_HANDSHAKE_START, NULL}, + {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"}, + {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {0, NULL}, + }, { + {0, NULL}, + } +}; + +static void sslapi_info_callback(const SSL *s, int where, int ret) +{ + struct info_cb_states_st *state = info_cb_states[info_cb_offset]; + + /* We do not ever expect a connection to fail in this test */ + if (!TEST_false(ret == 0)) { + info_cb_failed = 1; + return; + } + + /* + * Do some sanity checks. We never expect these things to happen in this + * test + */ + if (!TEST_false((SSL_is_server(s) && (where & SSL_ST_CONNECT) != 0)) + || !TEST_false(!SSL_is_server(s) && (where & SSL_ST_ACCEPT) != 0) + || !TEST_int_ne(state[++info_cb_this_state].where, 0)) { + info_cb_failed = 1; + return; + } + + /* Now check we're in the right state */ + if (!TEST_true((where & state[info_cb_this_state].where) != 0)) { + info_cb_failed = 1; + return; + } + if ((where & SSL_CB_LOOP) != 0 + && !TEST_int_eq(strcmp(SSL_state_string(s), + state[info_cb_this_state].statestr), 0)) { + info_cb_failed = 1; + return; + } + + /* Check that, if we've got SSL_CB_HANDSHAKE_DONE we are not in init */ + if ((where & SSL_CB_HANDSHAKE_DONE) && SSL_in_init((SSL *)s) != 0) { + info_cb_failed = 1; + return; + } +} + +/* + * Test the info callback gets called when we expect it to. + * + * Test 0: TLSv1.2, server + * Test 1: TLSv1.2, client + * Test 2: TLSv1.3, server + * Test 3: TLSv1.3, client + * Test 4: TLSv1.3, server, early_data + * Test 5: TLSv1.3, client, early_data + */ +static int test_info_callback(int tst) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + SSL_SESSION *clntsess = NULL; + int testresult = 0; + int tlsvers; + + if (tst < 2) { +/* We need either ECDHE or DHE for the TLSv1.2 test to work */ +#if !defined(OPENSSL_NO_TLS1_2) && (!defined(OPENSSL_NO_EC) \ + || !defined(OPENSSL_NO_DH)) + tlsvers = TLS1_2_VERSION; +#else + return 1; +#endif + } else { +#ifndef OPENSSL_NO_TLS1_3 + tlsvers = TLS1_3_VERSION; +#else + return 1; +#endif + } + + /* Reset globals */ + info_cb_failed = 0; + info_cb_this_state = -1; + info_cb_offset = tst; + +#ifndef OPENSSL_NO_TLS1_3 + if (tst >= 4) { + SSL_SESSION *sess = NULL; + size_t written, readbytes; + unsigned char buf[80]; + + /* early_data tests */ + if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, + &serverssl, &sess, 0))) + goto end; + + /* We don't actually need this reference */ + SSL_SESSION_free(sess); + + SSL_set_info_callback((tst % 2) == 0 ? serverssl : clientssl, + sslapi_info_callback); + + /* Write and read some early data and then complete the connection */ + if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), + &written)) + || !TEST_size_t_eq(written, strlen(MSG1)) + || !TEST_int_eq(SSL_read_early_data(serverssl, buf, + sizeof(buf), &readbytes), + SSL_READ_EARLY_DATA_SUCCESS) + || !TEST_mem_eq(MSG1, readbytes, buf, strlen(MSG1)) + || !TEST_int_eq(SSL_get_early_data_status(serverssl), + SSL_EARLY_DATA_ACCEPTED) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + || !TEST_false(info_cb_failed)) + goto end; + + testresult = 1; + goto end; + } +#endif + + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), + TLS_client_method(), + tlsvers, tlsvers, &sctx, &cctx, cert, + privkey))) + goto end; + + /* + * For even numbered tests we check the server callbacks. For odd numbers we + * check the client. + */ + SSL_CTX_set_info_callback((tst % 2) == 0 ? sctx : cctx, + sslapi_info_callback); + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + || !TEST_false(info_cb_failed)) + goto end; + + + + clntsess = SSL_get1_session(clientssl); + SSL_shutdown(clientssl); + SSL_shutdown(serverssl); + SSL_free(serverssl); + SSL_free(clientssl); + serverssl = clientssl = NULL; + + /* Now do a resumption */ + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, + NULL)) + || !TEST_true(SSL_set_session(clientssl, clntsess)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + || !TEST_true(SSL_session_reused(clientssl)) + || !TEST_false(info_cb_failed)) + goto end; + + testresult = 1; + + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_SESSION_free(clntsess); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + return testresult; +} + +static int test_ssl_pending(int tst) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + char msg[] = "A test message"; + char buf[5]; + size_t written, readbytes; + + if (tst == 0) { + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), + TLS_client_method(), + TLS1_VERSION, TLS_MAX_VERSION, + &sctx, &cctx, cert, privkey))) + goto end; + } else { +#ifndef OPENSSL_NO_DTLS + if (!TEST_true(create_ssl_ctx_pair(DTLS_server_method(), + DTLS_client_method(), + DTLS1_VERSION, DTLS_MAX_VERSION, + &sctx, &cctx, cert, privkey))) + goto end; +#else + return 1; +#endif + } + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + + if (!TEST_int_eq(SSL_pending(clientssl), 0) + || !TEST_false(SSL_has_pending(clientssl)) + || !TEST_int_eq(SSL_pending(serverssl), 0) + || !TEST_false(SSL_has_pending(serverssl)) + || !TEST_true(SSL_write_ex(serverssl, msg, sizeof(msg), &written)) + || !TEST_size_t_eq(written, sizeof(msg)) + || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)) + || !TEST_size_t_eq(readbytes, sizeof(buf)) + || !TEST_int_eq(SSL_pending(clientssl), (int)(written - readbytes)) + || !TEST_true(SSL_has_pending(clientssl))) + goto end; + + testresult = 1; + + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} + +static struct { + unsigned int maxprot; + const char *clntciphers; + const char *clnttls13ciphers; + const char *srvrciphers; + const char *srvrtls13ciphers; + const char *shared; +} shared_ciphers_data[] = { +/* + * We can't establish a connection (even in TLSv1.1) with these ciphersuites if + * TLSv1.3 is enabled but TLSv1.2 is disabled. + */ +#if defined(OPENSSL_NO_TLS1_3) || !defined(OPENSSL_NO_TLS1_2) + { + TLS1_2_VERSION, + "AES128-SHA:AES256-SHA", + NULL, + "AES256-SHA:DHE-RSA-AES128-SHA", + NULL, + "AES256-SHA" + }, + { + TLS1_2_VERSION, + "AES128-SHA:DHE-RSA-AES128-SHA:AES256-SHA", + NULL, + "AES128-SHA:DHE-RSA-AES256-SHA:AES256-SHA", + NULL, + "AES128-SHA:AES256-SHA" + }, + { + TLS1_2_VERSION, + "AES128-SHA:AES256-SHA", + NULL, + "AES128-SHA:DHE-RSA-AES128-SHA", + NULL, + "AES128-SHA" + }, +#endif +/* + * This test combines TLSv1.3 and TLSv1.2 ciphersuites so they must both be + * enabled. + */ +#if !defined(OPENSSL_NO_TLS1_3) && !defined(OPENSSL_NO_TLS1_2) \ + && !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) + { + TLS1_3_VERSION, + "AES128-SHA:AES256-SHA", + NULL, + "AES256-SHA:AES128-SHA256", + NULL, + "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:" + "TLS_AES_128_GCM_SHA256:AES256-SHA" + }, +#endif +#ifndef OPENSSL_NO_TLS1_3 + { + TLS1_3_VERSION, + "AES128-SHA", + "TLS_AES_256_GCM_SHA384", + "AES256-SHA", + "TLS_AES_256_GCM_SHA384", + "TLS_AES_256_GCM_SHA384" + }, +#endif +}; + +static int test_ssl_get_shared_ciphers(int tst) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + char buf[1024]; + + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), + TLS_client_method(), + TLS1_VERSION, + shared_ciphers_data[tst].maxprot, + &sctx, &cctx, cert, privkey))) + goto end; + + if (!TEST_true(SSL_CTX_set_cipher_list(cctx, + shared_ciphers_data[tst].clntciphers)) + || (shared_ciphers_data[tst].clnttls13ciphers != NULL + && !TEST_true(SSL_CTX_set_ciphersuites(cctx, + shared_ciphers_data[tst].clnttls13ciphers))) + || !TEST_true(SSL_CTX_set_cipher_list(sctx, + shared_ciphers_data[tst].srvrciphers)) + || (shared_ciphers_data[tst].srvrtls13ciphers != NULL + && !TEST_true(SSL_CTX_set_ciphersuites(sctx, + shared_ciphers_data[tst].srvrtls13ciphers)))) + goto end; + + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + + if (!TEST_ptr(SSL_get_shared_ciphers(serverssl, buf, sizeof(buf))) + || !TEST_int_eq(strcmp(buf, shared_ciphers_data[tst].shared), 0)) { + TEST_info("Shared ciphers are: %s\n", buf); + goto end; + } + + testresult = 1; + + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} + +static const char *appdata = "Hello World"; +static int gen_tick_called, dec_tick_called, tick_key_cb_called; +static int tick_key_renew = 0; +static SSL_TICKET_RETURN tick_dec_ret = SSL_TICKET_RETURN_ABORT; + +static int gen_tick_cb(SSL *s, void *arg) +{ + gen_tick_called = 1; + + return SSL_SESSION_set1_ticket_appdata(SSL_get_session(s), appdata, + strlen(appdata)); +} + +static SSL_TICKET_RETURN dec_tick_cb(SSL *s, SSL_SESSION *ss, + const unsigned char *keyname, + size_t keyname_length, + SSL_TICKET_STATUS status, + void *arg) +{ + void *tickdata; + size_t tickdlen; + + dec_tick_called = 1; + + if (status == SSL_TICKET_EMPTY) + return SSL_TICKET_RETURN_IGNORE_RENEW; + + if (!TEST_true(status == SSL_TICKET_SUCCESS + || status == SSL_TICKET_SUCCESS_RENEW)) + return SSL_TICKET_RETURN_ABORT; + + if (!TEST_true(SSL_SESSION_get0_ticket_appdata(ss, &tickdata, + &tickdlen)) + || !TEST_size_t_eq(tickdlen, strlen(appdata)) + || !TEST_int_eq(memcmp(tickdata, appdata, tickdlen), 0)) + return SSL_TICKET_RETURN_ABORT; + + if (tick_key_cb_called) { + /* Don't change what the ticket key callback wanted to do */ + switch (status) { + case SSL_TICKET_NO_DECRYPT: + return SSL_TICKET_RETURN_IGNORE_RENEW; + + case SSL_TICKET_SUCCESS: + return SSL_TICKET_RETURN_USE; + + case SSL_TICKET_SUCCESS_RENEW: + return SSL_TICKET_RETURN_USE_RENEW; + + default: + return SSL_TICKET_RETURN_ABORT; + } + } + return tick_dec_ret; + +} + +static int tick_key_cb(SSL *s, unsigned char key_name[16], + unsigned char iv[EVP_MAX_IV_LENGTH], EVP_CIPHER_CTX *ctx, + HMAC_CTX *hctx, int enc) +{ + const unsigned char tick_aes_key[16] = "0123456789abcdef"; + const unsigned char tick_hmac_key[16] = "0123456789abcdef"; + + tick_key_cb_called = 1; + memset(iv, 0, AES_BLOCK_SIZE); + memset(key_name, 0, 16); + if (!EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, tick_aes_key, iv, enc) + || !HMAC_Init_ex(hctx, tick_hmac_key, sizeof(tick_hmac_key), + EVP_sha256(), NULL)) + return -1; + + return tick_key_renew ? 2 : 1; +} + +/* + * Test the various ticket callbacks + * Test 0: TLSv1.2, no ticket key callback, no ticket, no renewal + * Test 1: TLSv1.3, no ticket key callback, no ticket, no renewal + * Test 2: TLSv1.2, no ticket key callback, no ticket, renewal + * Test 3: TLSv1.3, no ticket key callback, no ticket, renewal + * Test 4: TLSv1.2, no ticket key callback, ticket, no renewal + * Test 5: TLSv1.3, no ticket key callback, ticket, no renewal + * Test 6: TLSv1.2, no ticket key callback, ticket, renewal + * Test 7: TLSv1.3, no ticket key callback, ticket, renewal + * Test 8: TLSv1.2, ticket key callback, ticket, no renewal + * Test 9: TLSv1.3, ticket key callback, ticket, no renewal + * Test 10: TLSv1.2, ticket key callback, ticket, renewal + * Test 11: TLSv1.3, ticket key callback, ticket, renewal + */ +static int test_ticket_callbacks(int tst) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + SSL_SESSION *clntsess = NULL; + int testresult = 0; + +#ifdef OPENSSL_NO_TLS1_2 + if (tst % 2 == 0) + return 1; +#endif +#ifdef OPENSSL_NO_TLS1_3 + if (tst % 2 == 1) + return 1; +#endif + + gen_tick_called = dec_tick_called = tick_key_cb_called = 0; + + /* Which tests the ticket key callback should request renewal for */ + if (tst == 10 || tst == 11) + tick_key_renew = 1; + else + tick_key_renew = 0; + + /* Which tests the decrypt ticket callback should request renewal for */ + switch (tst) { + case 0: + case 1: + tick_dec_ret = SSL_TICKET_RETURN_IGNORE; + break; + + case 2: + case 3: + tick_dec_ret = SSL_TICKET_RETURN_IGNORE_RENEW; + break; + + case 4: + case 5: + tick_dec_ret = SSL_TICKET_RETURN_USE; + break; + + case 6: + case 7: + tick_dec_ret = SSL_TICKET_RETURN_USE_RENEW; + break; + + default: + tick_dec_ret = SSL_TICKET_RETURN_ABORT; + } + + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), + TLS_client_method(), + TLS1_VERSION, + ((tst % 2) == 0) ? TLS1_2_VERSION + : TLS1_3_VERSION, + &sctx, &cctx, cert, privkey))) + goto end; + + /* + * We only want sessions to resume from tickets - not the session cache. So + * switch the cache off. + */ + if (!TEST_true(SSL_CTX_set_session_cache_mode(sctx, SSL_SESS_CACHE_OFF))) + goto end; + + if (!TEST_true(SSL_CTX_set_session_ticket_cb(sctx, gen_tick_cb, dec_tick_cb, + NULL))) + goto end; + + if (tst >= 8 + && !TEST_true(SSL_CTX_set_tlsext_ticket_key_cb(sctx, tick_key_cb))) + goto end; + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + + /* + * The decrypt ticket key callback in TLSv1.2 should be called even though + * we have no ticket yet, because it gets called with a status of + * SSL_TICKET_EMPTY (the client indicates support for tickets but does not + * actually send any ticket data). This does not happen in TLSv1.3 because + * it is not valid to send empty ticket data in TLSv1.3. + */ + if (!TEST_int_eq(gen_tick_called, 1) + || !TEST_int_eq(dec_tick_called, ((tst % 2) == 0) ? 1 : 0)) + goto end; + + gen_tick_called = dec_tick_called = 0; + + clntsess = SSL_get1_session(clientssl); + SSL_shutdown(clientssl); + SSL_shutdown(serverssl); + SSL_free(serverssl); + SSL_free(clientssl); + serverssl = clientssl = NULL; + + /* Now do a resumption */ + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, + NULL)) + || !TEST_true(SSL_set_session(clientssl, clntsess)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + + if (tick_dec_ret == SSL_TICKET_RETURN_IGNORE + || tick_dec_ret == SSL_TICKET_RETURN_IGNORE_RENEW) { + if (!TEST_false(SSL_session_reused(clientssl))) + goto end; + } else { + if (!TEST_true(SSL_session_reused(clientssl))) + goto end; + } + + if (!TEST_int_eq(gen_tick_called, + (tick_key_renew + || tick_dec_ret == SSL_TICKET_RETURN_IGNORE_RENEW + || tick_dec_ret == SSL_TICKET_RETURN_USE_RENEW) + ? 1 : 0) + || !TEST_int_eq(dec_tick_called, 1)) + goto end; + + testresult = 1; + + end: + SSL_SESSION_free(clntsess); + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} + +/* + * Test bi-directional shutdown. + * Test 0: TLSv1.2 + * Test 1: TLSv1.2, server continues to read/write after client shutdown + * Test 2: TLSv1.3, no pending NewSessionTicket messages + * Test 3: TLSv1.3, pending NewSessionTicket messages + * Test 4: TLSv1.3, server continues to read/write after client shutdown, server + * sends key update, client reads it + * Test 5: TLSv1.3, server continues to read/write after client shutdown, server + * sends CertificateRequest, client reads and ignores it + * Test 6: TLSv1.3, server continues to read/write after client shutdown, client + * doesn't read it + */ +static int test_shutdown(int tst) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + char msg[] = "A test message"; + char buf[80]; + size_t written, readbytes; + SSL_SESSION *sess; + +#ifdef OPENSSL_NO_TLS1_2 + if (tst <= 1) + return 1; +#endif +#ifdef OPENSSL_NO_TLS1_3 + if (tst >= 2) + return 1; +#endif + + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), + TLS_client_method(), + TLS1_VERSION, + (tst <= 1) ? TLS1_2_VERSION + : TLS1_3_VERSION, + &sctx, &cctx, cert, privkey))) + goto end; + + if (tst == 5) + SSL_CTX_set_post_handshake_auth(cctx, 1); + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL))) + goto end; + + if (tst == 3) { + if (!TEST_true(create_bare_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + || !TEST_ptr_ne(sess = SSL_get_session(clientssl), NULL) + || !TEST_false(SSL_SESSION_is_resumable(sess))) + goto end; + } else if (!TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + || !TEST_ptr_ne(sess = SSL_get_session(clientssl), NULL) + || !TEST_true(SSL_SESSION_is_resumable(sess))) { + goto end; + } + + if (!TEST_int_eq(SSL_shutdown(clientssl), 0)) + goto end; + + if (tst >= 4) { + /* + * Reading on the server after the client has sent close_notify should + * fail and provide SSL_ERROR_ZERO_RETURN + */ + if (!TEST_false(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes)) + || !TEST_int_eq(SSL_get_error(serverssl, 0), + SSL_ERROR_ZERO_RETURN) + || !TEST_int_eq(SSL_get_shutdown(serverssl), + SSL_RECEIVED_SHUTDOWN) + /* + * Even though we're shutdown on receive we should still be + * able to write. + */ + || !TEST_true(SSL_write(serverssl, msg, sizeof(msg)))) + goto end; + if (tst == 4 + && !TEST_true(SSL_key_update(serverssl, + SSL_KEY_UPDATE_REQUESTED))) + goto end; + if (tst == 5) { + SSL_set_verify(serverssl, SSL_VERIFY_PEER, NULL); + if (!TEST_true(SSL_verify_client_post_handshake(serverssl))) + goto end; + } + if ((tst == 4 || tst == 5) + && !TEST_true(SSL_write(serverssl, msg, sizeof(msg)))) + goto end; + if (!TEST_int_eq(SSL_shutdown(serverssl), 1)) + goto end; + if (tst == 4 || tst == 5) { + /* Should still be able to read data from server */ + if (!TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), + &readbytes)) + || !TEST_size_t_eq(readbytes, sizeof(msg)) + || !TEST_int_eq(memcmp(msg, buf, readbytes), 0) + || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), + &readbytes)) + || !TEST_size_t_eq(readbytes, sizeof(msg)) + || !TEST_int_eq(memcmp(msg, buf, readbytes), 0)) + goto end; + } + } + + /* Writing on the client after sending close_notify shouldn't be possible */ + if (!TEST_false(SSL_write_ex(clientssl, msg, sizeof(msg), &written))) + goto end; + + if (tst < 4) { + /* + * For these tests the client has sent close_notify but it has not yet + * been received by the server. The server has not sent close_notify + * yet. + */ + if (!TEST_int_eq(SSL_shutdown(serverssl), 0) + /* + * Writing on the server after sending close_notify shouldn't + * be possible. + */ + || !TEST_false(SSL_write_ex(serverssl, msg, sizeof(msg), &written)) + || !TEST_int_eq(SSL_shutdown(clientssl), 1) + || !TEST_ptr_ne(sess = SSL_get_session(clientssl), NULL) + || !TEST_true(SSL_SESSION_is_resumable(sess)) + || !TEST_int_eq(SSL_shutdown(serverssl), 1)) + goto end; + } else if (tst == 4 || tst == 5) { + /* + * In this test the client has sent close_notify and it has been + * received by the server which has responded with a close_notify. The + * client needs to read the close_notify sent by the server. + */ + if (!TEST_int_eq(SSL_shutdown(clientssl), 1) + || !TEST_ptr_ne(sess = SSL_get_session(clientssl), NULL) + || !TEST_true(SSL_SESSION_is_resumable(sess))) + goto end; + } else { + /* + * tst == 6 + * + * The client has sent close_notify and is expecting a close_notify + * back, but instead there is application data first. The shutdown + * should fail with a fatal error. + */ + if (!TEST_int_eq(SSL_shutdown(clientssl), -1) + || !TEST_int_eq(SSL_get_error(clientssl, -1), SSL_ERROR_SSL)) + goto end; + } + + testresult = 1; + + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} + +#if !defined(OPENSSL_NO_TLS1_2) || !defined(OPENSSL_NO_TLS1_3) +static int cert_cb_cnt; + +static int cert_cb(SSL *s, void *arg) +{ + SSL_CTX *ctx = (SSL_CTX *)arg; + + if (cert_cb_cnt == 0) { + /* Suspend the handshake */ + cert_cb_cnt++; + return -1; + } else if (cert_cb_cnt == 1) { + /* + * Update the SSL_CTX, set the certificate and private key and then + * continue the handshake normally. + */ + if (ctx != NULL && !TEST_ptr(SSL_set_SSL_CTX(s, ctx))) + return 0; + + if (!TEST_true(SSL_use_certificate_file(s, cert, SSL_FILETYPE_PEM)) + || !TEST_true(SSL_use_PrivateKey_file(s, privkey, + SSL_FILETYPE_PEM)) + || !TEST_true(SSL_check_private_key(s))) + return 0; + cert_cb_cnt++; + return 1; + } + + /* Abort the handshake */ + return 0; +} + +/* + * Test the certificate callback. + * Test 0: Callback fails + * Test 1: Success - no SSL_set_SSL_CTX() in the callback + * Test 2: Success - SSL_set_SSL_CTX() in the callback + */ +static int test_cert_cb_int(int prot, int tst) +{ + SSL_CTX *cctx = NULL, *sctx = NULL, *snictx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0, ret; + + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), + TLS_client_method(), + TLS1_VERSION, + prot, + &sctx, &cctx, NULL, NULL))) + goto end; + + if (tst == 0) + cert_cb_cnt = -1; + else + cert_cb_cnt = 0; + if (tst == 2) + snictx = SSL_CTX_new(TLS_server_method()); + SSL_CTX_set_cert_cb(sctx, cert_cb, snictx); + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL))) + goto end; + + ret = create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE); + if (!TEST_true(tst == 0 ? !ret : ret) + || (tst > 0 && !TEST_int_eq(cert_cb_cnt, 2))) { + goto end; + } + + testresult = 1; + + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + SSL_CTX_free(snictx); + + return testresult; +} +#endif + +static int test_cert_cb(int tst) +{ + int testresult = 1; + +#ifndef OPENSSL_NO_TLS1_2 + testresult &= test_cert_cb_int(TLS1_2_VERSION, tst); +#endif +#ifndef OPENSSL_NO_TLS1_3 + testresult &= test_cert_cb_int(TLS1_3_VERSION, tst); +#endif + + return testresult; +} + +static int client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey) +{ + X509 *xcert, *peer; + EVP_PKEY *privpkey; + BIO *in = NULL; + + /* Check that SSL_get_peer_certificate() returns something sensible */ + peer = SSL_get_peer_certificate(ssl); + if (!TEST_ptr(peer)) + return 0; + X509_free(peer); + + in = BIO_new_file(cert, "r"); + if (!TEST_ptr(in)) + return 0; + + xcert = PEM_read_bio_X509(in, NULL, NULL, NULL); + BIO_free(in); + if (!TEST_ptr(xcert)) + return 0; + + in = BIO_new_file(privkey, "r"); + if (!TEST_ptr(in)) { + X509_free(xcert); + return 0; + } + + privpkey = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL); + BIO_free(in); + if (!TEST_ptr(privpkey)) { + X509_free(xcert); + return 0; + } + + *x509 = xcert; + *pkey = privpkey; + + return 1; +} + +static int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx) +{ + return 1; +} + +static int test_client_cert_cb(int tst) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + +#ifdef OPENSSL_NO_TLS1_2 + if (tst == 0) + return 1; +#endif +#ifdef OPENSSL_NO_TLS1_3 + if (tst == 1) + return 1; +#endif + + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), + TLS_client_method(), + TLS1_VERSION, + tst == 0 ? TLS1_2_VERSION + : TLS1_3_VERSION, + &sctx, &cctx, cert, privkey))) + goto end; + + /* + * Test that setting a client_cert_cb results in a client certificate being + * sent. + */ + SSL_CTX_set_client_cert_cb(cctx, client_cert_cb); + SSL_CTX_set_verify(sctx, + SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, + verify_cb); + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + + testresult = 1; + + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} + +#if !defined(OPENSSL_NO_TLS1_2) || !defined(OPENSSL_NO_TLS1_3) +/* + * Test setting certificate authorities on both client and server. + * + * Test 0: SSL_CTX_set0_CA_list() only + * Test 1: Both SSL_CTX_set0_CA_list() and SSL_CTX_set_client_CA_list() + * Test 2: Only SSL_CTX_set_client_CA_list() + */ +static int test_ca_names_int(int prot, int tst) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + size_t i; + X509_NAME *name[] = { NULL, NULL, NULL, NULL }; + char *strnames[] = { "Jack", "Jill", "John", "Joanne" }; + STACK_OF(X509_NAME) *sk1 = NULL, *sk2 = NULL; + const STACK_OF(X509_NAME) *sktmp = NULL; + + for (i = 0; i < OSSL_NELEM(name); i++) { + name[i] = X509_NAME_new(); + if (!TEST_ptr(name[i]) + || !TEST_true(X509_NAME_add_entry_by_txt(name[i], "CN", + MBSTRING_ASC, + (unsigned char *) + strnames[i], + -1, -1, 0))) + goto end; + } + + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), + TLS_client_method(), + TLS1_VERSION, + prot, + &sctx, &cctx, cert, privkey))) + goto end; + + SSL_CTX_set_verify(sctx, SSL_VERIFY_PEER, NULL); + + if (tst == 0 || tst == 1) { + if (!TEST_ptr(sk1 = sk_X509_NAME_new_null()) + || !TEST_true(sk_X509_NAME_push(sk1, X509_NAME_dup(name[0]))) + || !TEST_true(sk_X509_NAME_push(sk1, X509_NAME_dup(name[1]))) + || !TEST_ptr(sk2 = sk_X509_NAME_new_null()) + || !TEST_true(sk_X509_NAME_push(sk2, X509_NAME_dup(name[0]))) + || !TEST_true(sk_X509_NAME_push(sk2, X509_NAME_dup(name[1])))) + goto end; + + SSL_CTX_set0_CA_list(sctx, sk1); + SSL_CTX_set0_CA_list(cctx, sk2); + sk1 = sk2 = NULL; + } + if (tst == 1 || tst == 2) { + if (!TEST_ptr(sk1 = sk_X509_NAME_new_null()) + || !TEST_true(sk_X509_NAME_push(sk1, X509_NAME_dup(name[2]))) + || !TEST_true(sk_X509_NAME_push(sk1, X509_NAME_dup(name[3]))) + || !TEST_ptr(sk2 = sk_X509_NAME_new_null()) + || !TEST_true(sk_X509_NAME_push(sk2, X509_NAME_dup(name[2]))) + || !TEST_true(sk_X509_NAME_push(sk2, X509_NAME_dup(name[3])))) + goto end; + + SSL_CTX_set_client_CA_list(sctx, sk1); + SSL_CTX_set_client_CA_list(cctx, sk2); + sk1 = sk2 = NULL; + } + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + + /* + * We only expect certificate authorities to have been sent to the server + * if we are using TLSv1.3 and SSL_set0_CA_list() was used + */ + sktmp = SSL_get0_peer_CA_list(serverssl); + if (prot == TLS1_3_VERSION + && (tst == 0 || tst == 1)) { + if (!TEST_ptr(sktmp) + || !TEST_int_eq(sk_X509_NAME_num(sktmp), 2) + || !TEST_int_eq(X509_NAME_cmp(sk_X509_NAME_value(sktmp, 0), + name[0]), 0) + || !TEST_int_eq(X509_NAME_cmp(sk_X509_NAME_value(sktmp, 1), + name[1]), 0)) + goto end; + } else if (!TEST_ptr_null(sktmp)) { + goto end; + } + + /* + * In all tests we expect certificate authorities to have been sent to the + * client. However, SSL_set_client_CA_list() should override + * SSL_set0_CA_list() + */ + sktmp = SSL_get0_peer_CA_list(clientssl); + if (!TEST_ptr(sktmp) + || !TEST_int_eq(sk_X509_NAME_num(sktmp), 2) + || !TEST_int_eq(X509_NAME_cmp(sk_X509_NAME_value(sktmp, 0), + name[tst == 0 ? 0 : 2]), 0) + || !TEST_int_eq(X509_NAME_cmp(sk_X509_NAME_value(sktmp, 1), + name[tst == 0 ? 1 : 3]), 0)) + goto end; + + testresult = 1; + + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + for (i = 0; i < OSSL_NELEM(name); i++) + X509_NAME_free(name[i]); + sk_X509_NAME_pop_free(sk1, X509_NAME_free); + sk_X509_NAME_pop_free(sk2, X509_NAME_free); + + return testresult; +} +#endif + +static int test_ca_names(int tst) +{ + int testresult = 1; + +#ifndef OPENSSL_NO_TLS1_2 + testresult &= test_ca_names_int(TLS1_2_VERSION, tst); +#endif +#ifndef OPENSSL_NO_TLS1_3 + testresult &= test_ca_names_int(TLS1_3_VERSION, tst); +#endif + + return testresult; +} + +int setup_tests(void) +{ + if (!TEST_ptr(cert = test_get_argument(0)) + || !TEST_ptr(privkey = test_get_argument(1)) + || !TEST_ptr(srpvfile = test_get_argument(2)) + || !TEST_ptr(tmpfilename = test_get_argument(3))) + return 0; + + if (getenv("OPENSSL_TEST_GETCOUNTS") != NULL) { +#ifdef OPENSSL_NO_CRYPTO_MDEBUG + TEST_error("not supported in this build"); + return 0; +#else + int i, mcount, rcount, fcount; + + for (i = 0; i < 4; i++) + test_export_key_mat(i); + CRYPTO_get_alloc_counts(&mcount, &rcount, &fcount); + test_printf_stdout("malloc %d realloc %d free %d\n", + mcount, rcount, fcount); + return 1; +#endif + } + + ADD_TEST(test_large_message_tls); + ADD_TEST(test_large_message_tls_read_ahead); +#ifndef OPENSSL_NO_DTLS + ADD_TEST(test_large_message_dtls); +#endif +#ifndef OPENSSL_NO_OCSP + ADD_TEST(test_tlsext_status_type); +#endif + ADD_TEST(test_session_with_only_int_cache); ADD_TEST(test_session_with_only_ext_cache); ADD_TEST(test_session_with_both_cache); +#ifndef OPENSSL_NO_TLS1_3 + ADD_ALL_TESTS(test_stateful_tickets, 3); + ADD_ALL_TESTS(test_stateless_tickets, 3); + ADD_TEST(test_psk_tickets); +#endif ADD_ALL_TESTS(test_ssl_set_bio, TOTAL_SSL_SET_BIO_TESTS); ADD_TEST(test_ssl_bio_pop_next_bio); ADD_TEST(test_ssl_bio_pop_ssl_bio); ADD_TEST(test_ssl_bio_change_rbio); ADD_TEST(test_ssl_bio_change_wbio); +#if !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3) ADD_ALL_TESTS(test_set_sigalgs, OSSL_NELEM(testsigalgs) * 2); - ADD_ALL_TESTS(test_custom_exts, 2); + ADD_TEST(test_keylog); +#endif +#ifndef OPENSSL_NO_TLS1_3 + ADD_TEST(test_keylog_no_master_key); +#endif +#ifndef OPENSSL_NO_TLS1_2 + ADD_TEST(test_client_hello_cb); +#endif +#ifndef OPENSSL_NO_TLS1_3 + ADD_ALL_TESTS(test_early_data_read_write, 3); + /* + * We don't do replay tests for external PSK. Replay protection isn't used + * in that scenario. + */ + ADD_ALL_TESTS(test_early_data_replay, 2); + ADD_ALL_TESTS(test_early_data_skip, 3); + ADD_ALL_TESTS(test_early_data_skip_hrr, 3); + ADD_ALL_TESTS(test_early_data_skip_hrr_fail, 3); + ADD_ALL_TESTS(test_early_data_skip_abort, 3); + ADD_ALL_TESTS(test_early_data_not_sent, 3); + ADD_ALL_TESTS(test_early_data_psk, 8); + ADD_ALL_TESTS(test_early_data_not_expected, 3); +# ifndef OPENSSL_NO_TLS1_2 + ADD_ALL_TESTS(test_early_data_tls1_2, 3); +# endif +#endif +#ifndef OPENSSL_NO_TLS1_3 + ADD_ALL_TESTS(test_set_ciphersuite, 10); + ADD_TEST(test_ciphersuite_change); +#ifdef OPENSSL_NO_PSK + ADD_ALL_TESTS(test_tls13_psk, 1); +#else + ADD_ALL_TESTS(test_tls13_psk, 4); +#endif /* OPENSSL_NO_PSK */ + ADD_ALL_TESTS(test_custom_exts, 5); + ADD_TEST(test_stateless); + ADD_TEST(test_pha_key_update); +#else + ADD_ALL_TESTS(test_custom_exts, 3); +#endif + ADD_ALL_TESTS(test_serverinfo, 8); + ADD_ALL_TESTS(test_export_key_mat, 4); +#ifndef OPENSSL_NO_TLS1_3 + ADD_ALL_TESTS(test_export_key_mat_early, 3); +#endif + ADD_ALL_TESTS(test_ssl_clear, 2); + ADD_ALL_TESTS(test_max_fragment_len_ext, OSSL_NELEM(max_fragment_len_test)); +#if !defined(OPENSSL_NO_SRP) && !defined(OPENSSL_NO_TLS1_2) + ADD_ALL_TESTS(test_srp, 6); +#endif + ADD_ALL_TESTS(test_info_callback, 6); ADD_ALL_TESTS(test_ssl_pending, 2); + ADD_ALL_TESTS(test_ssl_get_shared_ciphers, OSSL_NELEM(shared_ciphers_data)); + ADD_ALL_TESTS(test_ticket_callbacks, 12); + ADD_ALL_TESTS(test_shutdown, 7); + ADD_ALL_TESTS(test_cert_cb, 3); + ADD_ALL_TESTS(test_client_cert_cb, 2); + ADD_ALL_TESTS(test_ca_names, 3); + return 1; +} - testresult = run_tests(argv[0]); - +void cleanup_tests(void) +{ bio_s_mempacket_test_free(); - -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - if (CRYPTO_mem_leaks(err) <= 0) - testresult = 1; -#endif - BIO_free(err); - - if (!testresult) - printf("PASS\n"); - - return testresult; } diff --git a/deps/openssl/openssl/test/sslcorrupttest.c b/deps/openssl/openssl/test/sslcorrupttest.c index d584be3b5c661a..d06c8c729b1d83 100644 --- a/deps/openssl/openssl/test/sslcorrupttest.c +++ b/deps/openssl/openssl/test/sslcorrupttest.c @@ -7,9 +7,12 @@ * https://www.openssl.org/source/license.html */ +#include #include "ssltestlib.h" #include "testutil.h" +static int docorrupt = 0; + static void copy_flags(BIO *bio) { int flags; @@ -37,9 +40,9 @@ static int tls_corrupt_write(BIO *bio, const char *in, int inl) BIO *next = BIO_next(bio); char *copy; - if (in[0] == SSL3_RT_APPLICATION_DATA) { - copy = BUF_memdup(in, inl); - TEST_check(copy != NULL); + if (docorrupt) { + if (!TEST_ptr(copy = BUF_memdup(in, inl))) + return 0; /* corrupt last bit of application data */ copy[inl-1] ^= 1; ret = BIO_write(next, copy, inl); @@ -134,19 +137,17 @@ static void bio_f_tls_corrupt_filter_free(void) */ static const char **cipher_list = NULL; -static int setup_cipher_list() +static int setup_cipher_list(void) { SSL_CTX *ctx = NULL; SSL *ssl = NULL; - static STACK_OF(SSL_CIPHER) *sk_ciphers = NULL; - int i, numciphers; + STACK_OF(SSL_CIPHER) *sk_ciphers = NULL; + int i, j, numciphers = 0; - ctx = SSL_CTX_new(TLS_server_method()); - TEST_check(ctx != NULL); - ssl = SSL_new(ctx); - TEST_check(ssl != NULL); - sk_ciphers = SSL_get1_supported_ciphers(ssl); - TEST_check(sk_ciphers != NULL); + if (!TEST_ptr(ctx = SSL_CTX_new(TLS_server_method())) + || !TEST_ptr(ssl = SSL_new(ctx)) + || !TEST_ptr(sk_ciphers = SSL_get1_supported_ciphers(ssl))) + goto err; /* * The |cipher_list| will be filled only with names of RSA ciphers, @@ -155,16 +156,19 @@ static int setup_cipher_list() */ cipher_list = OPENSSL_malloc(sk_SSL_CIPHER_num(sk_ciphers) * sizeof(cipher_list[0])); - TEST_check(cipher_list != NULL); + if (!TEST_ptr(cipher_list)) + goto err; - for (numciphers = 0, i = 0; i < sk_SSL_CIPHER_num(sk_ciphers); i++) { + for (j = 0, i = 0; i < sk_SSL_CIPHER_num(sk_ciphers); i++) { const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(sk_ciphers, i); if (SSL_CIPHER_get_auth_nid(cipher) == NID_auth_rsa) - cipher_list[numciphers++] = SSL_CIPHER_get_name(cipher); + cipher_list[j++] = SSL_CIPHER_get_name(cipher); } - TEST_check(numciphers != 0); + if (TEST_int_ne(j, 0)) + numciphers = j; +err: sk_SSL_CIPHER_free(sk_ciphers); SSL_free(ssl); SSL_CTX_free(ctx); @@ -177,62 +181,59 @@ static char *privkey = NULL; static int test_ssl_corrupt(int testidx) { + static unsigned char junk[16000] = { 0 }; SSL_CTX *sctx = NULL, *cctx = NULL; SSL *server = NULL, *client = NULL; BIO *c_to_s_fbio; int testresult = 0; - static unsigned char junk[16000] = { 0 }; + STACK_OF(SSL_CIPHER) *ciphers; + const SSL_CIPHER *currcipher; + + docorrupt = 0; - printf("Starting Test %d, %s\n", testidx, cipher_list[testidx]); + TEST_info("Starting #%d, %s", testidx, cipher_list[testidx]); - if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, &sctx, &cctx, - cert, privkey)) { - printf("Unable to create SSL_CTX pair\n"); + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), + TLS1_VERSION, TLS_MAX_VERSION, + &sctx, &cctx, cert, privkey))) return 0; - } - if (!SSL_CTX_set_cipher_list(cctx, cipher_list[testidx])) { - printf("Failed setting cipher list\n"); + if (!TEST_true(SSL_CTX_set_cipher_list(cctx, cipher_list[testidx])) + || !TEST_true(SSL_CTX_set_ciphersuites(cctx, "")) + || !TEST_ptr(ciphers = SSL_CTX_get_ciphers(cctx)) + || !TEST_int_eq(sk_SSL_CIPHER_num(ciphers), 1) + || !TEST_ptr(currcipher = sk_SSL_CIPHER_value(ciphers, 0))) + goto end; + + /* + * No ciphers we are using are TLSv1.3 compatible so we should not attempt + * to negotiate TLSv1.3 + */ + if (!TEST_true(SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION))) goto end; - } - c_to_s_fbio = BIO_new(bio_f_tls_corrupt_filter()); - if (c_to_s_fbio == NULL) { - printf("Failed to create filter BIO\n"); + if (!TEST_ptr(c_to_s_fbio = BIO_new(bio_f_tls_corrupt_filter()))) goto end; - } /* BIO is freed by create_ssl_connection on error */ - if (!create_ssl_objects(sctx, cctx, &server, &client, NULL, - c_to_s_fbio)) { - printf("Unable to create SSL objects\n"); - ERR_print_errors_fp(stdout); + if (!TEST_true(create_ssl_objects(sctx, cctx, &server, &client, NULL, + c_to_s_fbio))) goto end; - } - if (!create_ssl_connection(server, client)) { - printf("Unable to create SSL connection\n"); - ERR_print_errors_fp(stdout); + if (!TEST_true(create_ssl_connection(server, client, SSL_ERROR_NONE))) goto end; - } - if (SSL_write(client, junk, sizeof(junk)) < 0) { - printf("Unable to SSL_write\n"); - ERR_print_errors_fp(stdout); + docorrupt = 1; + + if (!TEST_int_ge(SSL_write(client, junk, sizeof(junk)), 0)) goto end; - } - if (SSL_read(server, junk, sizeof(junk)) >= 0) { - printf("Read should have failed with \"bad record mac\"\n"); + if (!TEST_int_lt(SSL_read(server, junk, sizeof(junk)), 0)) goto end; - } - if (ERR_GET_REASON(ERR_peek_error()) != - SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC) { - ERR_print_errors_fp(stdout); + if (!TEST_int_eq(ERR_GET_REASON(ERR_peek_error()), + SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC)) goto end; - } testresult = 1; end: @@ -240,44 +241,27 @@ static int test_ssl_corrupt(int testidx) SSL_free(client); SSL_CTX_free(sctx); SSL_CTX_free(cctx); - return testresult; } -int main(int argc, char *argv[]) +int setup_tests(void) { - BIO *err = NULL; - int testresult = 1; + int n; - if (argc != 3) { - printf("Invalid argument count\n"); - return 1; + if (!TEST_ptr(cert = test_get_argument(0)) + || !TEST_ptr(privkey = test_get_argument(1))) { + TEST_note("Usage error: require cert and private key files"); + return 0; } - cert = argv[1]; - privkey = argv[2]; - - err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); - - CRYPTO_set_mem_debug(1); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - - ADD_ALL_TESTS(test_ssl_corrupt, setup_cipher_list()); - - testresult = run_tests(argv[0]); + n = setup_cipher_list(); + if (n > 0) + ADD_ALL_TESTS(test_ssl_corrupt, n); + return 1; +} +void cleanup_tests(void) +{ bio_f_tls_corrupt_filter_free(); - OPENSSL_free(cipher_list); - -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - if (CRYPTO_mem_leaks(err) <= 0) - testresult = 1; -#endif - BIO_free(err); - - if (!testresult) - printf("PASS\n"); - - return testresult; } diff --git a/deps/openssl/openssl/test/ssltest_old.c b/deps/openssl/openssl/test/ssltest_old.c index e77c69209d1f26..92970776fdda87 100644 --- a/deps/openssl/openssl/test/ssltest_old.c +++ b/deps/openssl/openssl/test/ssltest_old.c @@ -1,5 +1,7 @@ /* * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * Copyright 2005 Nokia. All rights reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,37 +9,7 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECC cipher suite support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ +#include "e_os.h" /* Or gethostname won't be declared properly on Linux and GNU platforms. */ #ifndef _BSD_SOURCE @@ -55,8 +27,7 @@ #include #include -#define USE_SOCKETS -#include "e_os.h" +#include "internal/nelem.h" #ifdef OPENSSL_SYS_VMS /* @@ -84,9 +55,6 @@ #ifndef OPENSSL_NO_DH # include #endif -#ifndef OPENSSL_NO_SRP -# include -#endif #include #ifndef OPENSSL_NO_CT # include @@ -141,45 +109,6 @@ static unsigned int psk_server_callback(SSL *ssl, const char *identity, unsigned int max_psk_len); #endif -#ifndef OPENSSL_NO_SRP -/* SRP client */ -/* This is a context that we pass to all callbacks */ -typedef struct srp_client_arg_st { - char *srppassin; - char *srplogin; -} SRP_CLIENT_ARG; - -# define PWD_STRLEN 1024 - -static char *ssl_give_srp_client_pwd_cb(SSL *s, void *arg) -{ - SRP_CLIENT_ARG *srp_client_arg = (SRP_CLIENT_ARG *)arg; - return OPENSSL_strdup((char *)srp_client_arg->srppassin); -} - -/* SRP server */ -/* This is a context that we pass to SRP server callbacks */ -typedef struct srp_server_arg_st { - char *expected_user; - char *pass; -} SRP_SERVER_ARG; - -static int ssl_srp_server_param_cb(SSL *s, int *ad, void *arg) -{ - SRP_SERVER_ARG *p = (SRP_SERVER_ARG *)arg; - - if (strcmp(p->expected_user, SSL_get_srp_username(s)) != 0) { - fprintf(stderr, "User %s doesn't exist\n", SSL_get_srp_username(s)); - return SSL3_AL_FATAL; - } - if (SSL_set_srp_server_param_pw(s, p->expected_user, p->pass, "1024") < 0) { - *ad = SSL_AD_INTERNAL_ERROR; - return SSL3_AL_FATAL; - } - return SSL_ERROR_NONE; -} -#endif - static BIO *bio_err = NULL; static BIO *bio_stdout = NULL; @@ -352,7 +281,7 @@ static unsigned char *next_protos_parse(size_t *outlen, OPENSSL_free(out); return NULL; } - out[start] = i - start; + out[start] = (unsigned char)(i - start); start = i + 1; } else out[i + 1] = in[i]; @@ -494,7 +423,7 @@ static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type, return 1; } -static int verify_serverinfo() +static int verify_serverinfo(void) { if (serverinfo_sct != serverinfo_sct_seen) return -1; @@ -683,10 +612,9 @@ static int custom_ext_3_srv_add_cb(SSL *s, unsigned int ext_type, } static char *cipher = NULL; +static char *ciphersuites = NULL; static int verbose = 0; static int debug = 0; -static const char rnd_seed[] = - "string to make the random number generator think it has entropy"; int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long bytes, clock_t *s_time, clock_t *c_time); @@ -698,9 +626,6 @@ static void sv_usage(void) { fprintf(stderr, "usage: ssltest [args ...]\n"); fprintf(stderr, "\n"); -#ifdef OPENSSL_FIPS - fprintf(stderr, "-F - run test in FIPS mode\n"); -#endif fprintf(stderr, " -server_auth - check server certificate\n"); fprintf(stderr, " -client_auth - do client authentication\n"); fprintf(stderr, " -v - more output\n"); @@ -724,10 +649,6 @@ static void sv_usage(void) #ifndef OPENSSL_NO_PSK fprintf(stderr, " -psk arg - PSK in hex (without 0x)\n"); #endif -#ifndef OPENSSL_NO_SRP - fprintf(stderr, " -srpuser user - SRP username to use\n"); - fprintf(stderr, " -srppass arg - password for 'user'\n"); -#endif #ifndef OPENSSL_NO_SSL3 fprintf(stderr, " -ssl3 - use SSLv3\n"); #endif @@ -751,7 +672,8 @@ static void sv_usage(void) fprintf(stderr, " -c_cert arg - Client certificate file\n"); fprintf(stderr, " -c_key arg - Client key file (default: same as -c_cert)\n"); - fprintf(stderr, " -cipher arg - The cipher list\n"); + fprintf(stderr, " -cipher arg - The TLSv1.2 and below cipher list\n"); + fprintf(stderr, " -ciphersuites arg - The TLSv1.3 ciphersuites\n"); fprintf(stderr, " -bio_pair - Use BIO pairs\n"); fprintf(stderr, " -ipv4 - Use IPv4 connection on localhost\n"); fprintf(stderr, " -ipv6 - Use IPv6 connection on localhost\n"); @@ -857,7 +779,7 @@ static void print_details(SSL *c_ssl, const char *prefix) } X509_free(cert); } - if (SSL_get_server_tmp_key(c_ssl, &pkey)) { + if (SSL_get_peer_tmp_key(c_ssl, &pkey)) { BIO_puts(bio_stdout, ", temp key: "); print_key_details(bio_stdout, pkey); EVP_PKEY_free(pkey); @@ -883,6 +805,7 @@ static int protocol_from_string(const char *value) {"tls1", TLS1_VERSION}, {"tls1.1", TLS1_1_VERSION}, {"tls1.2", TLS1_2_VERSION}, + {"tls1.3", TLS1_3_VERSION}, {"dtls1", DTLS1_VERSION}, {"dtls1.2", DTLS1_2_VERSION}}; size_t i; @@ -955,7 +878,8 @@ int main(int argc, char *argv[]) int badop = 0; enum { BIO_MEM, BIO_PAIR, BIO_IPV4, BIO_IPV6 } bio_type = BIO_MEM; int force = 0; - int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, ssl3 = 0, ret = 1; + int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, tls1_2 = 0, ssl3 = 0; + int ret = EXIT_FAILURE; int client_auth = 0; int server_auth = 0, i; struct app_verify_arg app_verify_arg = @@ -971,12 +895,6 @@ int main(int argc, char *argv[]) #ifndef OPENSSL_NO_DH DH *dh; int dhe512 = 0, dhe1024dsa = 0; -#endif -#ifndef OPENSSL_NO_SRP - /* client */ - SRP_CLIENT_ARG srp_client_arg = { NULL, NULL }; - /* server */ - SRP_SERVER_ARG srp_server_arg = { NULL, NULL }; #endif int no_dhe = 0; int no_psk = 0; @@ -986,9 +904,6 @@ int main(int argc, char *argv[]) int n, comp = 0; COMP_METHOD *cm = NULL; STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; -#endif -#ifdef OPENSSL_FIPS - int fips_mode = 0; #endif int no_protocol; int min_version = 0, max_version = 0; @@ -1005,7 +920,6 @@ int main(int argc, char *argv[]) verbose = 0; debug = 0; - cipher = 0; bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); @@ -1014,8 +928,6 @@ int main(int argc, char *argv[]) CRYPTO_set_mem_debug(1); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - RAND_seed(rnd_seed, sizeof(rnd_seed)); - bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT); s_cctx = SSL_CONF_CTX_new(); @@ -1058,13 +970,9 @@ int main(int argc, char *argv[]) while (argc >= 1) { if (strcmp(*argv, "-F") == 0) { -#ifdef OPENSSL_FIPS - fips_mode = 1; -#else fprintf(stderr, "not compiled with FIPS support, so exiting without running.\n"); EXIT(0); -#endif } else if (strcmp(*argv, "-server_auth") == 0) server_auth = 1; else if (strcmp(*argv, "-client_auth") == 0) @@ -1106,21 +1014,9 @@ int main(int argc, char *argv[]) no_psk = 1; #endif } -#ifndef OPENSSL_NO_SRP - else if (strcmp(*argv, "-srpuser") == 0) { - if (--argc < 1) - goto bad; - srp_server_arg.expected_user = srp_client_arg.srplogin = - *(++argv); - min_version = TLS1_VERSION; - } else if (strcmp(*argv, "-srppass") == 0) { - if (--argc < 1) - goto bad; - srp_server_arg.pass = srp_client_arg.srppassin = *(++argv); - min_version = TLS1_VERSION; - } -#endif - else if (strcmp(*argv, "-tls1") == 0) { + else if (strcmp(*argv, "-tls1_2") == 0) { + tls1_2 = 1; + } else if (strcmp(*argv, "-tls1") == 0) { tls1 = 1; } else if (strcmp(*argv, "-ssl3") == 0) { ssl3 = 1; @@ -1151,6 +1047,10 @@ int main(int argc, char *argv[]) if (--argc < 1) goto bad; cipher = *(++argv); + } else if (strcmp(*argv, "-ciphersuites") == 0) { + if (--argc < 1) + goto bad; + ciphersuites = *(++argv); } else if (strcmp(*argv, "-CApath") == 0) { if (--argc < 1) goto bad; @@ -1326,8 +1226,8 @@ int main(int argc, char *argv[]) goto end; } - if (ssl3 + tls1 + dtls + dtls1 + dtls12 > 1) { - fprintf(stderr, "At most one of -ssl3, -tls1, -dtls, -dtls1 or -dtls12 should " + if (ssl3 + tls1 + tls1_2 + dtls + dtls1 + dtls12 > 1) { + fprintf(stderr, "At most one of -ssl3, -tls1, -tls1_2, -dtls, -dtls1 or -dtls12 should " "be requested.\n"); EXIT(1); } @@ -1342,6 +1242,11 @@ int main(int argc, char *argv[]) no_protocol = 1; else #endif +#ifdef OPENSSL_NO_TLS1_2 + if (tls1_2) + no_protocol = 1; + else +#endif #if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1) if (dtls1) no_protocol = 1; @@ -1362,26 +1267,18 @@ int main(int argc, char *argv[]) if (no_protocol) { fprintf(stderr, "Testing was requested for a disabled protocol. " "Skipping tests.\n"); - ret = 0; + ret = EXIT_SUCCESS; goto end; } - if (!ssl3 && !tls1 && !dtls && !dtls1 && !dtls12 && number > 1 && !reuse && !force) { + if (!ssl3 && !tls1 && !tls1_2 && !dtls && !dtls1 && !dtls12 && number > 1 + && !reuse && !force) { fprintf(stderr, "This case cannot work. Use -f to perform " "the test anyway (and\n-d to see what happens), " - "or add one of -ssl3, -tls1, -dtls, -dtls1, -dtls12, -reuse\n" + "or add one of -ssl3, -tls1, -tls1_2, -dtls, -dtls1, -dtls12, -reuse\n" "to avoid protocol mismatch.\n"); EXIT(1); } -#ifdef OPENSSL_FIPS - if (fips_mode) { - if (!FIPS_mode_set(1)) { - ERR_print_errors(bio_err); - EXIT(1); - } else - fprintf(stderr, "*** IN FIPS MODE ***\n"); - } -#endif if (print_time) { if (bio_type != BIO_PAIR) { @@ -1393,8 +1290,6 @@ int main(int argc, char *argv[]) "Warning: For accurate timings, use more connections (e.g. -num 1000)\n"); } -/* if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */ - #ifndef OPENSSL_NO_COMP if (comp == COMP_ZLIB) cm = COMP_zlib(); @@ -1432,6 +1327,9 @@ int main(int argc, char *argv[]) } else if (tls1) { min_version = TLS1_VERSION; max_version = TLS1_VERSION; + } else if (tls1_2) { + min_version = TLS1_2_VERSION; + max_version = TLS1_2_VERSION; } else { min_version = SSL3_VERSION; max_version = TLS_MAX_VERSION; @@ -1474,26 +1372,14 @@ int main(int argc, char *argv[]) SSL_CTX_set_options(s_ctx, SSL_OP_NO_TICKET); } - if (SSL_CTX_set_min_proto_version(c_ctx, min_version) == 0) { - printf("Unable to set client min protocol version (0x%X)\n", - min_version); + if (SSL_CTX_set_min_proto_version(c_ctx, min_version) == 0) goto end; - } - if (SSL_CTX_set_max_proto_version(c_ctx, max_version) == 0) { - printf("Unable to set client max protocol version (0x%X)\n", - max_version); + if (SSL_CTX_set_max_proto_version(c_ctx, max_version) == 0) goto end; - } - if (SSL_CTX_set_min_proto_version(s_ctx, min_version) == 0) { - printf("Unable to set server min protocol version (0x%X)\n", - min_version); + if (SSL_CTX_set_min_proto_version(s_ctx, min_version) == 0) goto end; - } - if (SSL_CTX_set_max_proto_version(s_ctx, max_version) == 0) { - printf("Unable to set server max protocol version (0x%X)\n", - max_version); + if (SSL_CTX_set_max_proto_version(s_ctx, max_version) == 0) goto end; - } if (cipher != NULL) { if (!SSL_CTX_set_cipher_list(c_ctx, cipher) @@ -1503,6 +1389,14 @@ int main(int argc, char *argv[]) goto end; } } + if (ciphersuites != NULL) { + if (!SSL_CTX_set_ciphersuites(c_ctx, ciphersuites) + || !SSL_CTX_set_ciphersuites(s_ctx, ciphersuites) + || !SSL_CTX_set_ciphersuites(s_ctx2, ciphersuites)) { + ERR_print_errors(bio_err); + goto end; + } + } #ifndef OPENSSL_NO_CT if (ct_validation && @@ -1563,9 +1457,7 @@ int main(int argc, char *argv[]) (!SSL_CTX_set_default_verify_paths(s_ctx2)) || (!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) || (!SSL_CTX_set_default_verify_paths(c_ctx))) { - /* fprintf(stderr,"SSL_load_verify_locations\n"); */ ERR_print_errors(bio_err); - /* goto end; */ } #ifndef OPENSSL_NO_CT @@ -1617,7 +1509,7 @@ int main(int argc, char *argv[]) * if PSK is not compiled in and psk key is given, do nothing and * exit successfully */ - ret = 0; + ret = EXIT_SUCCESS; goto end; } #ifndef OPENSSL_NO_PSK @@ -1634,29 +1526,6 @@ int main(int argc, char *argv[]) } #endif } -#ifndef OPENSSL_NO_SRP - if (srp_client_arg.srplogin) { - if (!SSL_CTX_set_srp_username(c_ctx, srp_client_arg.srplogin)) { - BIO_printf(bio_err, "Unable to set SRP username\n"); - goto end; - } - SSL_CTX_set_srp_cb_arg(c_ctx, &srp_client_arg); - SSL_CTX_set_srp_client_pwd_callback(c_ctx, - ssl_give_srp_client_pwd_cb); - /* - * SSL_CTX_set_srp_strength(c_ctx, srp_client_arg.strength); - */ - } - - if (srp_server_arg.expected_user != NULL) { - SSL_CTX_set_verify(s_ctx, SSL_VERIFY_NONE, verify_callback); - SSL_CTX_set_verify(s_ctx2, SSL_VERIFY_NONE, verify_callback); - SSL_CTX_set_srp_cb_arg(s_ctx, &srp_server_arg); - SSL_CTX_set_srp_cb_arg(s_ctx2, &srp_server_arg); - SSL_CTX_set_srp_username_callback(s_ctx, ssl_srp_server_param_cb); - SSL_CTX_set_srp_username_callback(s_ctx2, ssl_srp_server_param_cb); - } -#endif #ifndef OPENSSL_NO_NEXTPROTONEG if (npn_client) { @@ -1668,14 +1537,12 @@ int main(int argc, char *argv[]) "Can't have both -npn_server and -npn_server_reject\n"); goto end; } - SSL_CTX_set_next_protos_advertised_cb(s_ctx, cb_server_npn, NULL); - SSL_CTX_set_next_protos_advertised_cb(s_ctx2, cb_server_npn, NULL); + SSL_CTX_set_npn_advertised_cb(s_ctx, cb_server_npn, NULL); + SSL_CTX_set_npn_advertised_cb(s_ctx2, cb_server_npn, NULL); } if (npn_server_reject) { - SSL_CTX_set_next_protos_advertised_cb(s_ctx, cb_server_rejects_npn, - NULL); - SSL_CTX_set_next_protos_advertised_cb(s_ctx2, cb_server_rejects_npn, - NULL); + SSL_CTX_set_npn_advertised_cb(s_ctx, cb_server_rejects_npn, NULL); + SSL_CTX_set_npn_advertised_cb(s_ctx2, cb_server_rejects_npn, NULL); } #endif @@ -1861,26 +1728,26 @@ int main(int argc, char *argv[]) #else case BIO_IPV4: case BIO_IPV6: - ret = 1; + ret = EXIT_FAILURE; goto err; #endif } - if (ret) break; + if (ret != EXIT_SUCCESS) break; } - if (should_negotiate && ret == 0 && + if (should_negotiate && ret == EXIT_SUCCESS && strcmp(should_negotiate, "fail-server") != 0 && strcmp(should_negotiate, "fail-client") != 0) { int version = protocol_from_string(should_negotiate); if (version < 0) { BIO_printf(bio_err, "Error parsing: %s\n", should_negotiate); - ret = 1; + ret = EXIT_FAILURE; goto err; } if (SSL_version(c_ssl) != version) { BIO_printf(bio_err, "Unexpected version negotiated. " "Expected: %s, got %s\n", should_negotiate, SSL_get_version(c_ssl)); - ret = 1; + ret = EXIT_FAILURE; goto err; } } @@ -1891,20 +1758,20 @@ int main(int argc, char *argv[]) BIO_printf(bio_err, "Unexpected session reuse state. " "Expected: %d, server: %d, client: %d\n", should_reuse, SSL_session_reused(s_ssl), SSL_session_reused(c_ssl)); - ret = 1; + ret = EXIT_FAILURE; goto err; } } if (server_sess_out != NULL) { if (write_session(server_sess_out, SSL_get_session(s_ssl)) == 0) { - ret = 1; + ret = EXIT_FAILURE; goto err; } } if (client_sess_out != NULL) { if (write_session(client_sess_out, SSL_get_session(c_ssl)) == 0) { - ret = 1; + ret = EXIT_FAILURE; goto err; } } @@ -1951,7 +1818,7 @@ int main(int argc, char *argv[]) #ifndef OPENSSL_NO_CRYPTO_MDEBUG if (CRYPTO_mem_leaks(bio_err) <= 0) - ret = 1; + ret = EXIT_FAILURE; #endif BIO_free(bio_err); EXIT(ret); @@ -1965,11 +1832,12 @@ int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count, BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL; BIO *acpt = NULL, *server = NULL, *client = NULL; char addr_str[40]; - int ret = 1; + int ret = EXIT_FAILURE; int err_in_client = 0; int err_in_server = 0; - acpt = BIO_new_accept("0"); + acpt = BIO_new_accept(family == BIO_FAMILY_IPV4 ? "127.0.0.1:0" + : "[::1]:0"); if (acpt == NULL) goto err; BIO_set_accept_ip_family(acpt, family); @@ -2198,35 +2066,26 @@ int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count, if (verbose) print_details(c_ssl, "DONE via TCP connect: "); # ifndef OPENSSL_NO_NEXTPROTONEG - if (verify_npn(c_ssl, s_ssl) < 0) { - ret = 1; + if (verify_npn(c_ssl, s_ssl) < 0) goto end; - } # endif if (verify_serverinfo() < 0) { fprintf(stderr, "Server info verify error\n"); - ret = 1; - goto err; - } - if (verify_alpn(c_ssl, s_ssl) < 0) { - ret = 1; goto err; } - if (verify_servername(c_ssl, s_ssl) < 0) { - ret = 1; + if (verify_alpn(c_ssl, s_ssl) < 0 + || verify_servername(c_ssl, s_ssl) < 0) goto err; - } if (custom_ext_error) { fprintf(stderr, "Custom extension error\n"); - ret = 1; goto err; } # ifndef OPENSSL_NO_NEXTPROTONEG end: # endif - ret = 0; + ret = EXIT_SUCCESS; err: ERR_print_errors(bio_err); @@ -2238,9 +2097,9 @@ int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count, BIO_free(c_ssl_bio); if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0) - ret = (err_in_client != 0) ? 0 : 1; + ret = (err_in_client != 0) ? EXIT_SUCCESS : EXIT_FAILURE; else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0) - ret = (err_in_server != 0) ? 0 : 1; + ret = (err_in_server != 0) ? EXIT_SUCCESS : EXIT_FAILURE; return ret; } @@ -2252,7 +2111,7 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, long cw_num = count, cr_num = count, sw_num = count, sr_num = count; BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL; BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL; - int ret = 1; + int ret = EXIT_FAILURE; int err_in_client = 0; int err_in_server = 0; @@ -2307,7 +2166,7 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, * Useful functions for querying the state of BIO pair endpoints: * * BIO_ctrl_pending(bio) number of bytes we can read now - * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil + * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfill * other side's read attempt * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now * @@ -2581,35 +2440,26 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, if (verbose) print_details(c_ssl, "DONE via BIO pair: "); #ifndef OPENSSL_NO_NEXTPROTONEG - if (verify_npn(c_ssl, s_ssl) < 0) { - ret = 1; + if (verify_npn(c_ssl, s_ssl) < 0) goto end; - } #endif if (verify_serverinfo() < 0) { fprintf(stderr, "Server info verify error\n"); - ret = 1; goto err; } - if (verify_alpn(c_ssl, s_ssl) < 0) { - ret = 1; + if (verify_alpn(c_ssl, s_ssl) < 0 + || verify_servername(c_ssl, s_ssl) < 0) goto err; - } - if (verify_servername(c_ssl, s_ssl) < 0) { - ret = 1; - goto err; - } if (custom_ext_error) { fprintf(stderr, "Custom extension error\n"); - ret = 1; goto err; } #ifndef OPENSSL_NO_NEXTPROTONEG end: #endif - ret = 0; + ret = EXIT_SUCCESS; err: ERR_print_errors(bio_err); @@ -2622,9 +2472,9 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, BIO_free(c_ssl_bio); if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0) - ret = (err_in_client != 0) ? 0 : 1; + ret = (err_in_client != 0) ? EXIT_SUCCESS : EXIT_FAILURE; else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0) - ret = (err_in_server != 0) ? 0 : 1; + ret = (err_in_server != 0) ? EXIT_SUCCESS : EXIT_FAILURE; return ret; } @@ -2640,7 +2490,7 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) long bufsiz; long cw_num = count, cr_num = count; long sw_num = count, sr_num = count; - int ret = 1; + int ret = EXIT_FAILURE; BIO *c_to_s = NULL; BIO *s_to_c = NULL; BIO *c_bio = NULL; @@ -2729,22 +2579,12 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) if (SSL_in_init(s_ssl)) printf("server waiting in SSL_accept - %s\n", SSL_state_string_long(s_ssl)); -/*- - else if (s_write) - printf("server:SSL_write()\n"); - else - printf("server:SSL_read()\n"); */ } if (do_client && debug) { if (SSL_in_init(c_ssl)) printf("client waiting in SSL_connect - %s\n", SSL_state_string_long(c_ssl)); -/*- - else if (c_write) - printf("client:SSL_write()\n"); - else - printf("client:SSL_read()\n"); */ } if (!do_client && !do_server) { @@ -2898,22 +2738,18 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) if (verbose) print_details(c_ssl, "DONE: "); #ifndef OPENSSL_NO_NEXTPROTONEG - if (verify_npn(c_ssl, s_ssl) < 0) { - ret = 1; + if (verify_npn(c_ssl, s_ssl) < 0) goto err; - } #endif if (verify_serverinfo() < 0) { fprintf(stderr, "Server info verify error\n"); - ret = 1; goto err; } if (custom_ext_error) { fprintf(stderr, "Custom extension error\n"); - ret = 1; goto err; } - ret = 0; + ret = EXIT_SUCCESS; err: BIO_free(c_to_s); BIO_free(s_to_c); @@ -2923,11 +2759,11 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) OPENSSL_free(sbuf); if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0) - ret = (err_in_client != 0) ? 0 : 1; + ret = (err_in_client != 0) ? EXIT_SUCCESS : EXIT_FAILURE; else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0) - ret = (err_in_server != 0) ? 0 : 1; + ret = (err_in_server != 0) ? EXIT_SUCCESS : EXIT_FAILURE; - return (ret); + return ret; } static int verify_callback(int ok, X509_STORE_CTX *ctx) @@ -2962,7 +2798,7 @@ static int verify_callback(int ok, X509_STORE_CTX *ctx) } } - return (ok); + return ok; } static int app_verify_callback(X509_STORE_CTX *ctx, void *arg) @@ -2984,12 +2820,12 @@ static int app_verify_callback(X509_STORE_CTX *ctx, void *arg) printf("cert depth=%d %s\n", X509_STORE_CTX_get_error_depth(ctx), buf); } - return (1); + return 1; } ok = X509_verify_cert(ctx); - return (ok); + return ok; } #ifndef OPENSSL_NO_DH @@ -3000,7 +2836,7 @@ static int app_verify_callback(X509_STORE_CTX *ctx, void *arg) * $ openssl dhparam -C -noout -dsaparam 1024 * (The third function has been renamed to avoid name conflicts.) */ -static DH *get_dh512() +static DH *get_dh512(void) { static unsigned char dh512_p[] = { 0xCB, 0xC8, 0xE1, 0x86, 0xD0, 0x1F, 0x94, 0x17, 0xA6, 0x99, 0xF0, @@ -3022,19 +2858,19 @@ static DH *get_dh512() BIGNUM *p, *g; if ((dh = DH_new()) == NULL) - return (NULL); + return NULL; p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) { DH_free(dh); BN_free(p); BN_free(g); - return (NULL); + return NULL; } - return (dh); + return dh; } -static DH *get_dh1024() +static DH *get_dh1024(void) { static unsigned char dh1024_p[] = { 0xF8, 0x81, 0x89, 0x7D, 0x14, 0x24, 0xC5, 0xD1, 0xE6, 0xF7, 0xBF, @@ -3066,19 +2902,19 @@ static DH *get_dh1024() BIGNUM *p, *g; if ((dh = DH_new()) == NULL) - return (NULL); + return NULL; p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL); g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL); if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) { DH_free(dh); BN_free(p); BN_free(g); - return (NULL); + return NULL; } - return (dh); + return dh; } -static DH *get_dh1024dsa() +static DH *get_dh1024dsa(void) { static unsigned char dh1024_p[] = { 0xC8, 0x00, 0xF7, 0x08, 0x07, 0x89, 0x4D, 0x90, 0x53, 0xF3, 0xD5, @@ -3130,17 +2966,17 @@ static DH *get_dh1024dsa() BIGNUM *p, *g; if ((dh = DH_new()) == NULL) - return (NULL); + return NULL; p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL); g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL); if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) { DH_free(dh); BN_free(p); BN_free(g); - return (NULL); + return NULL; } DH_set_length(dh, 160); - return (dh); + return dh; } #endif diff --git a/deps/openssl/openssl/test/ssltestlib.c b/deps/openssl/openssl/test/ssltestlib.c index b824f1524849f5..eafac3cc42f78a 100644 --- a/deps/openssl/openssl/test/ssltestlib.c +++ b/deps/openssl/openssl/test/ssltestlib.c @@ -9,8 +9,37 @@ #include -#include "e_os.h" +#include "internal/nelem.h" #include "ssltestlib.h" +#include "testutil.h" +#include "e_os.h" + +#ifdef OPENSSL_SYS_UNIX +# include + +static ossl_inline void ossl_sleep(unsigned int millis) { + usleep(millis * 1000); +} +#elif defined(_WIN32) +# include + +static ossl_inline void ossl_sleep(unsigned int millis) { + Sleep(millis); +} +#else +/* Fallback to a busy wait */ +static ossl_inline void ossl_sleep(unsigned int millis) { + struct timeval start, now; + unsigned int elapsedms; + + gettimeofday(&start, NULL); + do { + gettimeofday(&now, NULL); + elapsedms = (((now.tv_sec - start.tv_sec) * 1000000) + + now.tv_usec - start.tv_usec) / 1000; + } while (elapsedms < millis); +} +#endif static int tls_dump_new(BIO *bi); static int tls_dump_free(BIO *a); @@ -21,12 +50,11 @@ static int tls_dump_gets(BIO *bp, char *buf, int size); static int tls_dump_puts(BIO *bp, const char *str); /* Choose a sufficiently large type likely to be unused for this custom BIO */ -# define BIO_TYPE_TLS_DUMP_FILTER (0x80 | BIO_TYPE_FILTER) - -# define BIO_TYPE_MEMPACKET_TEST 0x81 +#define BIO_TYPE_TLS_DUMP_FILTER (0x80 | BIO_TYPE_FILTER) +#define BIO_TYPE_MEMPACKET_TEST 0x81 static BIO_METHOD *method_tls_dump = NULL; -static BIO_METHOD *method_mempacket_test = NULL; +static BIO_METHOD *meth_mem = NULL; /* Note: Not thread safe! */ const BIO_METHOD *bio_f_tls_dump_filter(void) @@ -156,7 +184,7 @@ static void dump_data(const char *data, int len) printf("*** Message Fragment len: %d\n", fraglen); if (fragoff + fraglen > msglen) printf("***---- HANDSHAKE MESSAGE FRAGMENT INVALID ----\n"); - else if(reclen < fraglen) + else if (reclen < fraglen) printf("**---- HANDSHAKE MESSAGE FRAGMENT TRUNCATED ----\n"); else printf("**---- END OF HANDSHAKE MESSAGE FRAGMENT ----\n"); @@ -252,7 +280,11 @@ typedef struct mempacket_test_ctx_st { unsigned int currrec; unsigned int currpkt; unsigned int lastpkt; + unsigned int injected; unsigned int noinject; + unsigned int dropepoch; + int droprec; + int duprec; } MEMPACKET_TEST_CTX; static int mempacket_test_new(BIO *bi); @@ -265,37 +297,38 @@ static int mempacket_test_puts(BIO *bp, const char *str); const BIO_METHOD *bio_s_mempacket_test(void) { - if (method_mempacket_test == NULL) { - method_mempacket_test = BIO_meth_new(BIO_TYPE_MEMPACKET_TEST, - "Mem Packet Test"); - if ( method_mempacket_test == NULL - || !BIO_meth_set_write(method_mempacket_test, mempacket_test_write) - || !BIO_meth_set_read(method_mempacket_test, mempacket_test_read) - || !BIO_meth_set_puts(method_mempacket_test, mempacket_test_puts) - || !BIO_meth_set_gets(method_mempacket_test, mempacket_test_gets) - || !BIO_meth_set_ctrl(method_mempacket_test, mempacket_test_ctrl) - || !BIO_meth_set_create(method_mempacket_test, mempacket_test_new) - || !BIO_meth_set_destroy(method_mempacket_test, mempacket_test_free)) + if (meth_mem == NULL) { + if (!TEST_ptr(meth_mem = BIO_meth_new(BIO_TYPE_MEMPACKET_TEST, + "Mem Packet Test")) + || !TEST_true(BIO_meth_set_write(meth_mem, mempacket_test_write)) + || !TEST_true(BIO_meth_set_read(meth_mem, mempacket_test_read)) + || !TEST_true(BIO_meth_set_puts(meth_mem, mempacket_test_puts)) + || !TEST_true(BIO_meth_set_gets(meth_mem, mempacket_test_gets)) + || !TEST_true(BIO_meth_set_ctrl(meth_mem, mempacket_test_ctrl)) + || !TEST_true(BIO_meth_set_create(meth_mem, mempacket_test_new)) + || !TEST_true(BIO_meth_set_destroy(meth_mem, mempacket_test_free))) return NULL; } - return method_mempacket_test; + return meth_mem; } void bio_s_mempacket_test_free(void) { - BIO_meth_free(method_mempacket_test); + BIO_meth_free(meth_mem); } static int mempacket_test_new(BIO *bio) { - MEMPACKET_TEST_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); - if (ctx == NULL) + MEMPACKET_TEST_CTX *ctx; + + if (!TEST_ptr(ctx = OPENSSL_zalloc(sizeof(*ctx)))) return 0; - ctx->pkts = sk_MEMPACKET_new_null(); - if (ctx->pkts == NULL) { + if (!TEST_ptr(ctx->pkts = sk_MEMPACKET_new_null())) { OPENSSL_free(ctx); return 0; } + ctx->dropepoch = 0; + ctx->droprec = -1; BIO_set_init(bio, 1); BIO_set_data(bio, ctx); return 1; @@ -309,13 +342,12 @@ static int mempacket_test_free(BIO *bio) OPENSSL_free(ctx); BIO_set_data(bio, NULL); BIO_set_init(bio, 0); - return 1; } /* Record Header values */ -#define EPOCH_HI 4 -#define EPOCH_LO 5 +#define EPOCH_HI 3 +#define EPOCH_LO 4 #define RECORD_SEQUENCE 10 #define RECORD_LEN_HI 11 #define RECORD_LEN_LO 12 @@ -331,7 +363,6 @@ static int mempacket_test_read(BIO *bio, char *out, int outl) unsigned int seq, offset, len, epoch; BIO_clear_retry_flags(bio); - thispkt = sk_MEMPACKET_value(ctx->pkts, 0); if (thispkt == NULL || thispkt->num != ctx->currpkt) { /* Probably run out of data */ @@ -344,19 +375,17 @@ static int mempacket_test_read(BIO *bio, char *out, int outl) if (outl > thispkt->len) outl = thispkt->len; - if (thispkt->type != INJECT_PACKET_IGNORE_REC_SEQ) { + if (thispkt->type != INJECT_PACKET_IGNORE_REC_SEQ + && (ctx->injected || ctx->droprec >= 0)) { /* * Overwrite the record sequence number. We strictly number them in * the order received. Since we are actually a reliable transport * we know that there won't be any re-ordering. We overwrite to deal * with any packets that have been injected */ - rem = thispkt->len; - rec = thispkt->data; - while (rem > 0) { - if (rem < DTLS1_RT_HEADER_LENGTH) { + for (rem = thispkt->len, rec = thispkt->data; rem > 0; rem -= len) { + if (rem < DTLS1_RT_HEADER_LENGTH) return -1; - } epoch = (rec[EPOCH_HI] << 8) | rec[EPOCH_LO]; if (epoch != ctx->epoch) { ctx->epoch = epoch; @@ -369,20 +398,28 @@ static int mempacket_test_read(BIO *bio, char *out, int outl) seq >>= 8; offset++; } while (seq > 0); - ctx->currrec++; len = ((rec[RECORD_LEN_HI] << 8) | rec[RECORD_LEN_LO]) + DTLS1_RT_HEADER_LENGTH; + if (rem < (int)len) + return -1; + if (ctx->droprec == (int)ctx->currrec && ctx->dropepoch == epoch) { + if (rem > (int)len) + memmove(rec, rec + len, rem - len); + outl -= len; + ctx->droprec = -1; + if (outl == 0) + BIO_set_retry_read(bio); + } else { + rec += len; + } - rec += len; - rem -= len; + ctx->currrec++; } } memcpy(out, thispkt->data, outl); - mempacket_free(thispkt); - return outl; } @@ -390,42 +427,64 @@ int mempacket_test_inject(BIO *bio, const char *in, int inl, int pktnum, int type) { MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio); - MEMPACKET *thispkt, *looppkt, *nextpkt; - int i; + MEMPACKET *thispkt = NULL, *looppkt, *nextpkt, *allpkts[3]; + int i, duprec = ctx->duprec > 0; + const unsigned char *inu = (const unsigned char *)in; + size_t len = ((inu[RECORD_LEN_HI] << 8) | inu[RECORD_LEN_LO]) + + DTLS1_RT_HEADER_LENGTH; if (ctx == NULL) return -1; + if ((size_t)inl < len) + return -1; + + if ((size_t)inl == len) + duprec = 0; + + /* We don't support arbitrary injection when duplicating records */ + if (duprec && pktnum != -1) + return -1; + /* We only allow injection before we've started writing any data */ if (pktnum >= 0) { if (ctx->noinject) return -1; + ctx->injected = 1; } else { ctx->noinject = 1; } - thispkt = OPENSSL_malloc(sizeof(MEMPACKET)); - if (thispkt == NULL) - return -1; + for (i = 0; i < (duprec ? 3 : 1); i++) { + if (!TEST_ptr(allpkts[i] = OPENSSL_malloc(sizeof(*thispkt)))) + goto err; + thispkt = allpkts[i]; - thispkt->data = OPENSSL_malloc(inl); - if (thispkt->data == NULL) { - mempacket_free(thispkt); - return -1; + if (!TEST_ptr(thispkt->data = OPENSSL_malloc(inl))) + goto err; + /* + * If we are duplicating the packet, we duplicate it three times. The + * first two times we drop the first record if there are more than one. + * In this way we know that libssl will not be able to make progress + * until it receives the last packet, and hence will be forced to + * buffer these records. + */ + if (duprec && i != 2) { + memcpy(thispkt->data, in + len, inl - len); + thispkt->len = inl - len; + } else { + memcpy(thispkt->data, in, inl); + thispkt->len = inl; + } + thispkt->num = (pktnum >= 0) ? (unsigned int)pktnum : ctx->lastpkt + i; + thispkt->type = type; } - memcpy(thispkt->data, in, inl); - thispkt->len = inl; - thispkt->num = (pktnum >= 0) ? (unsigned int)pktnum : ctx->lastpkt; - thispkt->type = type; - for(i = 0; (looppkt = sk_MEMPACKET_value(ctx->pkts, i)) != NULL; i++) { /* Check if we found the right place to insert this packet */ if (looppkt->num > thispkt->num) { - if (sk_MEMPACKET_insert(ctx->pkts, thispkt, i) == 0) { - mempacket_free(thispkt); - return -1; - } + if (sk_MEMPACKET_insert(ctx->pkts, thispkt, i) == 0) + goto err; /* If we're doing up front injection then we're done */ if (pktnum >= 0) return inl; @@ -443,10 +502,10 @@ int mempacket_test_inject(BIO *bio, const char *in, int inl, int pktnum, else return inl; } while(1); - } else if(looppkt->num == thispkt->num) { + } else if (looppkt->num == thispkt->num) { if (!ctx->noinject) { /* We injected two packets with the same packet number! */ - return -1; + goto err; } ctx->lastpkt++; thispkt->num++; @@ -456,15 +515,21 @@ int mempacket_test_inject(BIO *bio, const char *in, int inl, int pktnum, * We didn't find any packets with a packet number equal to or greater than * this one, so we just add it onto the end */ - if (!sk_MEMPACKET_push(ctx->pkts, thispkt)) { - mempacket_free(thispkt); - return -1; - } + for (i = 0; i < (duprec ? 3 : 1); i++) { + thispkt = allpkts[i]; + if (!sk_MEMPACKET_push(ctx->pkts, thispkt)) + goto err; - if (pktnum < 0) - ctx->lastpkt++; + if (pktnum < 0) + ctx->lastpkt++; + } return inl; + + err: + for (i = 0; i < (ctx->duprec > 0 ? 3 : 1); i++) + mempacket_free(allpkts[i]); + return -1; } static int mempacket_test_write(BIO *bio, const char *in, int inl) @@ -501,6 +566,18 @@ static long mempacket_test_ctrl(BIO *bio, int cmd, long num, void *ptr) case BIO_CTRL_FLUSH: ret = 1; break; + case MEMPACKET_CTRL_SET_DROP_EPOCH: + ctx->dropepoch = (unsigned int)num; + break; + case MEMPACKET_CTRL_SET_DROP_REC: + ctx->droprec = (int)num; + break; + case MEMPACKET_CTRL_GET_DROP_REC: + ret = ctx->droprec; + break; + case MEMPACKET_CTRL_SET_DUPLICATE_REC: + ctx->duprec = (int)num; + break; case BIO_CTRL_RESET: case BIO_CTRL_DUP: case BIO_CTRL_PUSH: @@ -531,50 +608,34 @@ int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm, SSL_CTX *serverctx = NULL; SSL_CTX *clientctx = NULL; - serverctx = SSL_CTX_new(sm); - if (cctx != NULL) - clientctx = SSL_CTX_new(cm); - if (serverctx == NULL || (cctx != NULL && clientctx == NULL)) { - printf("Failed to create SSL_CTX\n"); + if (!TEST_ptr(serverctx = SSL_CTX_new(sm)) + || (cctx != NULL && !TEST_ptr(clientctx = SSL_CTX_new(cm)))) goto err; - } - if (min_proto_version > 0 - && !SSL_CTX_set_min_proto_version(serverctx, min_proto_version)) { - printf("Unable to set server min protocol versions\n"); + if ((min_proto_version > 0 + && !TEST_true(SSL_CTX_set_min_proto_version(serverctx, + min_proto_version))) + || (max_proto_version > 0 + && !TEST_true(SSL_CTX_set_max_proto_version(serverctx, + max_proto_version)))) goto err; - } - if (max_proto_version > 0 - && !SSL_CTX_set_max_proto_version(serverctx, max_proto_version)) { - printf("Unable to set server max protocol versions\n"); + if (clientctx != NULL + && ((min_proto_version > 0 + && !TEST_true(SSL_CTX_set_min_proto_version(clientctx, + min_proto_version))) + || (max_proto_version > 0 + && !TEST_true(SSL_CTX_set_max_proto_version(clientctx, + max_proto_version))))) goto err; - } - if (clientctx != NULL) { - if (min_proto_version > 0 - && !SSL_CTX_set_max_proto_version(clientctx, max_proto_version)) { - printf("Unable to set client max protocol versions\n"); - goto err; - } - if (max_proto_version > 0 - && !SSL_CTX_set_min_proto_version(clientctx, min_proto_version)) { - printf("Unable to set client min protocol versions\n"); + if (certfile != NULL && privkeyfile != NULL) { + if (!TEST_int_eq(SSL_CTX_use_certificate_file(serverctx, certfile, + SSL_FILETYPE_PEM), 1) + || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(serverctx, + privkeyfile, + SSL_FILETYPE_PEM), 1) + || !TEST_int_eq(SSL_CTX_check_private_key(serverctx), 1)) goto err; - } - } - - if (SSL_CTX_use_certificate_file(serverctx, certfile, - SSL_FILETYPE_PEM) <= 0) { - printf("Failed to load server certificate\n"); - goto err; - } - if (SSL_CTX_use_PrivateKey_file(serverctx, privkeyfile, - SSL_FILETYPE_PEM) <= 0) { - printf("Failed to load server private key\n"); - } - if (SSL_CTX_check_private_key(serverctx) <= 0) { - printf("Failed to check private key\n"); - goto err; } #ifndef OPENSSL_NO_DH @@ -584,15 +645,15 @@ int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm, *sctx = serverctx; if (cctx != NULL) *cctx = clientctx; - return 1; + err: SSL_CTX_free(serverctx); SSL_CTX_free(clientctx); return 0; } -#define MAXLOOPS 100000 +#define MAXLOOPS 1000000 /* * NOTE: Transfers control of the BIOs - this function will free them on error @@ -600,62 +661,46 @@ int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm, int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl, SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio) { - SSL *serverssl, *clientssl; + SSL *serverssl = NULL, *clientssl = NULL; BIO *s_to_c_bio = NULL, *c_to_s_bio = NULL; - if (*sssl == NULL) - serverssl = SSL_new(serverctx); - else + if (*sssl != NULL) serverssl = *sssl; - if (*cssl == NULL) - clientssl = SSL_new(clientctx); - else + else if (!TEST_ptr(serverssl = SSL_new(serverctx))) + goto error; + if (*cssl != NULL) clientssl = *cssl; - - if (serverssl == NULL || clientssl == NULL) { - printf("Failed to create SSL object\n"); + else if (!TEST_ptr(clientssl = SSL_new(clientctx))) goto error; - } if (SSL_is_dtls(clientssl)) { - s_to_c_bio = BIO_new(bio_s_mempacket_test()); - c_to_s_bio = BIO_new(bio_s_mempacket_test()); + if (!TEST_ptr(s_to_c_bio = BIO_new(bio_s_mempacket_test())) + || !TEST_ptr(c_to_s_bio = BIO_new(bio_s_mempacket_test()))) + goto error; } else { - s_to_c_bio = BIO_new(BIO_s_mem()); - c_to_s_bio = BIO_new(BIO_s_mem()); - } - if (s_to_c_bio == NULL || c_to_s_bio == NULL) { - printf("Failed to create mem BIOs\n"); - goto error; + if (!TEST_ptr(s_to_c_bio = BIO_new(BIO_s_mem())) + || !TEST_ptr(c_to_s_bio = BIO_new(BIO_s_mem()))) + goto error; } - if (s_to_c_fbio != NULL) - s_to_c_bio = BIO_push(s_to_c_fbio, s_to_c_bio); - if (c_to_s_fbio != NULL) - c_to_s_bio = BIO_push(c_to_s_fbio, c_to_s_bio); - if (s_to_c_bio == NULL || c_to_s_bio == NULL) { - printf("Failed to create chained BIOs\n"); + if (s_to_c_fbio != NULL + && !TEST_ptr(s_to_c_bio = BIO_push(s_to_c_fbio, s_to_c_bio))) + goto error; + if (c_to_s_fbio != NULL + && !TEST_ptr(c_to_s_bio = BIO_push(c_to_s_fbio, c_to_s_bio))) goto error; - } /* Set Non-blocking IO behaviour */ BIO_set_mem_eof_return(s_to_c_bio, -1); BIO_set_mem_eof_return(c_to_s_bio, -1); /* Up ref these as we are passing them to two SSL objects */ + SSL_set_bio(serverssl, c_to_s_bio, s_to_c_bio); BIO_up_ref(s_to_c_bio); BIO_up_ref(c_to_s_bio); - - SSL_set_bio(serverssl, c_to_s_bio, s_to_c_bio); SSL_set_bio(clientssl, s_to_c_bio, c_to_s_bio); - - /* BIOs will now be freed when SSL objects are freed */ - s_to_c_bio = c_to_s_bio = NULL; - s_to_c_fbio = c_to_s_fbio = NULL; - *sssl = serverssl; *cssl = clientssl; - return 1; error: @@ -669,10 +714,15 @@ int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl, return 0; } -int create_ssl_connection(SSL *serverssl, SSL *clientssl) +/* + * Create an SSL connection, but does not ready any post-handshake + * NewSessionTicket messages. + */ +int create_bare_ssl_connection(SSL *serverssl, SSL *clientssl, int want) { int retc = -1, rets = -1, err, abortctr = 0; int clienterr = 0, servererr = 0; + int isdtls = SSL_is_dtls(serverssl); do { err = SSL_ERROR_WANT_WRITE; @@ -683,9 +733,11 @@ int create_ssl_connection(SSL *serverssl, SSL *clientssl) } if (!clienterr && retc <= 0 && err != SSL_ERROR_WANT_READ) { - printf("SSL_connect() failed %d, %d\n", retc, err); + TEST_info("SSL_connect() failed %d, %d", retc, err); clienterr = 1; } + if (want != SSL_ERROR_NONE && err == want) + return 0; err = SSL_ERROR_WANT_WRITE; while (!servererr && rets <= 0 && err == SSL_ERROR_WANT_WRITE) { @@ -694,17 +746,74 @@ int create_ssl_connection(SSL *serverssl, SSL *clientssl) err = SSL_get_error(serverssl, rets); } - if (!servererr && rets <= 0 && err != SSL_ERROR_WANT_READ) { - printf("SSL_accept() failed %d, %d\n", retc, err); + if (!servererr && rets <= 0 + && err != SSL_ERROR_WANT_READ + && err != SSL_ERROR_WANT_X509_LOOKUP) { + TEST_info("SSL_accept() failed %d, %d", rets, err); servererr = 1; } + if (want != SSL_ERROR_NONE && err == want) + return 0; if (clienterr && servererr) return 0; + if (isdtls) { + if (rets > 0 && retc <= 0) + DTLSv1_handle_timeout(serverssl); + if (retc > 0 && rets <= 0) + DTLSv1_handle_timeout(clientssl); + } if (++abortctr == MAXLOOPS) { - printf("No progress made\n"); + TEST_info("No progress made"); return 0; } + if (isdtls && abortctr <= 50 && (abortctr % 10) == 0) { + /* + * It looks like we're just spinning. Pause for a short period to + * give the DTLS timer a chance to do something. We only do this for + * the first few times to prevent hangs. + */ + ossl_sleep(50); + } } while (retc <=0 || rets <= 0); return 1; } + +/* + * Create an SSL connection including any post handshake NewSessionTicket + * messages. + */ +int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want) +{ + int i; + unsigned char buf; + size_t readbytes; + + if (!create_bare_ssl_connection(serverssl, clientssl, want)) + return 0; + + /* + * We attempt to read some data on the client side which we expect to fail. + * This will ensure we have received the NewSessionTicket in TLSv1.3 where + * appropriate. We do this twice because there are 2 NewSesionTickets. + */ + for (i = 0; i < 2; i++) { + if (SSL_read_ex(clientssl, &buf, sizeof(buf), &readbytes) > 0) { + if (!TEST_ulong_eq(readbytes, 0)) + return 0; + } else if (!TEST_int_eq(SSL_get_error(clientssl, 0), + SSL_ERROR_WANT_READ)) { + return 0; + } + } + + return 1; +} + +void shutdown_ssl_connection(SSL *serverssl, SSL *clientssl) +{ + SSL_shutdown(clientssl); + SSL_shutdown(serverssl); + SSL_free(serverssl); + SSL_free(clientssl); +} diff --git a/deps/openssl/openssl/test/ssltestlib.h b/deps/openssl/openssl/test/ssltestlib.h index 5e8ea6e00e7cd4..27b040c3cf9f2e 100644 --- a/deps/openssl/openssl/test/ssltestlib.h +++ b/deps/openssl/openssl/test/ssltestlib.h @@ -18,7 +18,9 @@ int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm, char *privkeyfile); int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl, SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio); -int create_ssl_connection(SSL *serverssl, SSL *clientssl); +int create_bare_ssl_connection(SSL *serverssl, SSL *clientssl, int want); +int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want); +void shutdown_ssl_connection(SSL *serverssl, SSL *clientssl); /* Note: Not thread safe! */ const BIO_METHOD *bio_f_tls_dump_filter(void); @@ -31,6 +33,15 @@ void bio_s_mempacket_test_free(void); #define INJECT_PACKET 1 #define INJECT_PACKET_IGNORE_REC_SEQ 2 +/* + * Mempacket BIO ctrls. We make them large enough to not clash with standard BIO + * ctrl codes. + */ +#define MEMPACKET_CTRL_SET_DROP_EPOCH (1 << 15) +#define MEMPACKET_CTRL_SET_DROP_REC (2 << 15) +#define MEMPACKET_CTRL_GET_DROP_REC (3 << 15) +#define MEMPACKET_CTRL_SET_DUPLICATE_REC (4 << 15) + int mempacket_test_inject(BIO *bio, const char *in, int inl, int pktnum, int type); diff --git a/deps/openssl/openssl/test/sysdefault.cnf b/deps/openssl/openssl/test/sysdefault.cnf new file mode 100644 index 00000000000000..5473d837c10f35 --- /dev/null +++ b/deps/openssl/openssl/test/sysdefault.cnf @@ -0,0 +1,15 @@ +# Configuration file to test system default SSL configuration + +openssl_conf = default_conf + +[ default_conf ] + +ssl_conf = ssl_sect + +[ssl_sect] + +system_default = ssl_default_sect + +[ssl_default_sect] +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 diff --git a/deps/openssl/openssl/test/testutil.c b/deps/openssl/openssl/test/testutil.c deleted file mode 100644 index a16ef0fa077992..00000000000000 --- a/deps/openssl/openssl/test/testutil.c +++ /dev/null @@ -1,109 +0,0 @@ -/* - * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "testutil.h" - -#include -#include -#include -#include -#include "e_os.h" - -/* - * Declares the structures needed to register each test case function. - */ -typedef struct test_info { - const char *test_case_name; - int (*test_fn) (); - int (*param_test_fn)(int idx); - int num; -} TEST_INFO; - -static TEST_INFO all_tests[1024]; -static int num_tests = 0; -/* - * A parameterised tests runs a loop of test cases. - * |num_test_cases| counts the total number of test cases - * across all tests. - */ -static int num_test_cases = 0; - -void add_test(const char *test_case_name, int (*test_fn) ()) -{ - assert(num_tests != OSSL_NELEM(all_tests)); - all_tests[num_tests].test_case_name = test_case_name; - all_tests[num_tests].test_fn = test_fn; - all_tests[num_tests].num = -1; - ++num_test_cases; - ++num_tests; -} - -void add_all_tests(const char *test_case_name, int(*test_fn)(int idx), - int num) -{ - assert(num_tests != OSSL_NELEM(all_tests)); - all_tests[num_tests].test_case_name = test_case_name; - all_tests[num_tests].param_test_fn = test_fn; - all_tests[num_tests].num = num; - ++num_tests; - num_test_cases += num; -} - -int run_tests(const char *test_prog_name) -{ - int num_failed = 0; - - int i, j; - - printf("%s: %d test case%s\n", test_prog_name, num_test_cases, - num_test_cases == 1 ? "" : "s"); - - for (i = 0; i != num_tests; ++i) { - if (all_tests[i].num == -1) { - if (!all_tests[i].test_fn()) { - printf("** %s failed **\n--------\n", - all_tests[i].test_case_name); - ++num_failed; - } - } else { - for (j = 0; j < all_tests[i].num; j++) { - if (!all_tests[i].param_test_fn(j)) { - printf("** %s failed test %d\n--------\n", - all_tests[i].test_case_name, j); - ++num_failed; - } - } - } - } - - if (num_failed != 0) { - printf("%s: %d test%s failed (out of %d)\n", test_prog_name, - num_failed, num_failed != 1 ? "s" : "", num_test_cases); - return EXIT_FAILURE; - } - printf(" All tests passed.\n"); - return EXIT_SUCCESS; -} - -static const char *print_string_maybe_null(const char *s) -{ - return s == NULL ? "(NULL)" : s; -} - -int strings_equal(const char *desc, const char *s1, const char *s2) -{ - if (s1 == NULL && s2 == NULL) - return 1; - if (s1 == NULL || s2 == NULL || strcmp(s1, s2) != 0) { - fprintf(stderr, "%s mismatch: %s vs %s\n", desc, print_string_maybe_null(s1), - print_string_maybe_null(s2)); - return 0; - } - return 1; -} diff --git a/deps/openssl/openssl/test/testutil.h b/deps/openssl/openssl/test/testutil.h index aaaee2780eaa85..639190564777f6 100644 --- a/deps/openssl/openssl/test/testutil.h +++ b/deps/openssl/openssl/test/testutil.h @@ -1,5 +1,5 @@ /* - * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,20 +10,68 @@ #ifndef HEADER_TESTUTIL_H # define HEADER_TESTUTIL_H +#include + #include +#include +#include /*- + * Simple unit tests should implement setup_tests(). + * This function should return zero if the registration process fails. + * To register tests, call ADD_TEST or ADD_ALL_TESTS: + * + * int setup_tests(void) + * { + * ADD_TEST(test_foo); + * ADD_ALL_TESTS(test_bar, num_test_bar); + * return 1; + * } + * + * Tests that require clean up after execution should implement: + * + * void cleanup_tests(void); + * + * The cleanup_tests function will be called even if setup_tests() + * returns failure. + * + * In some cases, early initialization before the framework is set up + * may be needed. In such a case, this should be implemented: + * + * int global_init(void); + * + * This function should return zero if there is an unrecoverable error and + * non-zero if the initialization was successful. + */ + +/* Adds a simple test case. */ +# define ADD_TEST(test_function) add_test(#test_function, test_function) + +/* + * Simple parameterized tests. Calls test_function(idx) for each 0 <= idx < num. + */ +# define ADD_ALL_TESTS(test_function, num) \ + add_all_tests(#test_function, test_function, num, 1) +/* + * A variant of the same without TAP output. + */ +# define ADD_ALL_TESTS_NOSUBTEST(test_function, num) \ + add_all_tests(#test_function, test_function, num, 0) + +/*- + * Test cases that share common setup should use the helper * SETUP_TEST_FIXTURE and EXECUTE_TEST macros for test case functions. * * SETUP_TEST_FIXTURE will call set_up() to create a new TEST_FIXTURE_TYPE * object called "fixture". It will also allocate the "result" variable used * by EXECUTE_TEST. set_up() should take a const char* specifying the test - * case name and return a TEST_FIXTURE_TYPE by value. + * case name and return a TEST_FIXTURE_TYPE by reference. * - * EXECUTE_TEST will pass fixture to execute_func() by value, call + * EXECUTE_TEST will pass fixture to execute_func() by reference, call * tear_down(), and return the result of execute_func(). execute_func() should - * take a TEST_FIXTURE_TYPE by value and return 1 on success and 0 on - * failure. + * take a TEST_FIXTURE_TYPE by reference and return 1 on success and 0 on + * failure. The tear_down function is responsible for deallocation of the + * result variable, if required. * * Unit tests can define their own SETUP_TEST_FIXTURE and EXECUTE_TEST * variations like so: @@ -44,13 +92,14 @@ * } */ # define SETUP_TEST_FIXTURE(TEST_FIXTURE_TYPE, set_up)\ - TEST_FIXTURE_TYPE fixture = set_up(TEST_CASE_NAME); \ + TEST_FIXTURE_TYPE *fixture = set_up(TEST_CASE_NAME); \ int result = 0 # define EXECUTE_TEST(execute_func, tear_down)\ + if (fixture != NULL) {\ result = execute_func(fixture);\ tear_down(fixture);\ - return result + } /* * TEST_CASE_NAME is defined as the name of the test case function where @@ -69,43 +118,340 @@ # endif /* __STDC_VERSION__ */ /* - * In main(), call ADD_TEST to register each test case function, then call - * run_tests() to execute all tests and report the results. The result - * returned from run_tests() should be used as the return value for main(). + * Tests that need access to command line arguments should use the functions: + * test_get_argument(int n) to get the nth argument, the first argument is + * argument 0. This function returns NULL on error. + * test_get_argument_count() to get the count of the arguments. + * test_has_option(const char *) to check if the specified option was passed. + * test_get_option_argument(const char *) to get an option which includes an + * argument. NULL is returns if the option is not found. + * const char *test_get_program_name(void) returns the name of the test program + * being executed. */ -# define ADD_TEST(test_function) add_test(#test_function, test_function) +const char *test_get_program_name(void); +char *test_get_argument(size_t n); +size_t test_get_argument_count(void); +int test_has_option(const char *option); +const char *test_get_option_argument(const char *option); /* - * Simple parameterized tests. Adds a test_function(idx) test for each - * 0 <= idx < num. + * Internal helpers. Test programs shouldn't use these directly, but should + * rather link to one of the helper main() methods. */ -# define ADD_ALL_TESTS(test_function, num) \ - add_all_tests(#test_function, test_function, num) -void add_test(const char *test_case_name, int (*test_fn) ()); -void add_all_tests(const char *test_case_name, int (*test_fn)(int idx), int num); -int run_tests(const char *test_prog_name); +void add_test(const char *test_case_name, int (*test_fn) (void)); +void add_all_tests(const char *test_case_name, int (*test_fn)(int idx), int num, + int subtest); + +/* + * Declarations for user defined functions. + * The first two return a boolean indicating that the test should not proceed. + */ +int global_init(void); +int setup_tests(void); +void cleanup_tests(void); /* * Test assumption verification helpers. */ +#define PRINTF_FORMAT(a, b) +#if defined(__GNUC__) && defined(__STDC_VERSION__) + /* + * Because we support the 'z' modifier, which made its appearance in C99, + * we can't use __attribute__ with pre C99 dialects. + */ +# if __STDC_VERSION__ >= 199901L +# undef PRINTF_FORMAT +# define PRINTF_FORMAT(a, b) __attribute__ ((format(printf, a, b))) +# endif +#endif + +# define DECLARE_COMPARISON(type, name, opname) \ + int test_ ## name ## _ ## opname(const char *, int, \ + const char *, const char *, \ + const type, const type); + +# define DECLARE_COMPARISONS(type, name) \ + DECLARE_COMPARISON(type, name, eq) \ + DECLARE_COMPARISON(type, name, ne) \ + DECLARE_COMPARISON(type, name, lt) \ + DECLARE_COMPARISON(type, name, le) \ + DECLARE_COMPARISON(type, name, gt) \ + DECLARE_COMPARISON(type, name, ge) + +DECLARE_COMPARISONS(int, int) +DECLARE_COMPARISONS(unsigned int, uint) +DECLARE_COMPARISONS(char, char) +DECLARE_COMPARISONS(unsigned char, uchar) +DECLARE_COMPARISONS(long, long) +DECLARE_COMPARISONS(unsigned long, ulong) +DECLARE_COMPARISONS(time_t, time_t) /* - * Returns 1 if |s1| and |s2| are both NULL or equal. - * Otherwise, returns 0 and pretty-prints diagnostics using |desc|. + * Because this comparison uses a printf format specifier that's not + * universally known (yet), we provide an option to not have it declared. */ -int strings_equal(const char *desc, const char *s1, const char *s2); -#endif /* HEADER_TESTUTIL_H */ +# ifndef TESTUTIL_NO_size_t_COMPARISON +DECLARE_COMPARISONS(size_t, size_t) +# endif + +/* + * Pointer comparisons against other pointers and null. + * These functions return 1 if the test is true. + * Otherwise, they return 0 and pretty-print diagnostics. + * These should not be called directly, use the TEST_xxx macros below instead. + */ +DECLARE_COMPARISON(void *, ptr, eq) +DECLARE_COMPARISON(void *, ptr, ne) +int test_ptr(const char *file, int line, const char *s, const void *p); +int test_ptr_null(const char *file, int line, const char *s, const void *p); + +/* + * Equality tests for strings where NULL is a legitimate value. + * These calls return 1 if the two passed strings compare true. + * Otherwise, they return 0 and pretty-print diagnostics. + * These should not be called directly, use the TEST_xxx macros below instead. + */ +DECLARE_COMPARISON(char *, str, eq) +DECLARE_COMPARISON(char *, str, ne) + +/* + * Same as above, but for strncmp. + */ +int test_strn_eq(const char *file, int line, const char *, const char *, + const char *a, const char *b, size_t s); +int test_strn_ne(const char *file, int line, const char *, const char *, + const char *a, const char *b, size_t s); + +/* + * Equality test for memory blocks where NULL is a legitimate value. + * These calls return 1 if the two memory blocks compare true. + * Otherwise, they return 0 and pretty-print diagnostics. + * These should not be called directly, use the TEST_xxx macros below instead. + */ +int test_mem_eq(const char *, int, const char *, const char *, + const void *, size_t, const void *, size_t); +int test_mem_ne(const char *, int, const char *, const char *, + const void *, size_t, const void *, size_t); + +/* + * Check a boolean result for being true or false. + * They return 1 if the condition is true (i.e. the value is non-zero). + * Otherwise, they return 0 and pretty-prints diagnostics using |s|. + * These should not be called directly, use the TEST_xxx macros below instead. + */ +int test_true(const char *file, int line, const char *s, int b); +int test_false(const char *file, int line, const char *s, int b); + +/* + * Comparisons between BIGNUMs. + * BIGNUMS can be compared against other BIGNUMs or zero. + * Some additional equality tests against 1 & specific values are provided. + * Tests for parity are included as well. + */ +DECLARE_COMPARISONS(BIGNUM *, BN) +int test_BN_eq_zero(const char *file, int line, const char *s, const BIGNUM *a); +int test_BN_ne_zero(const char *file, int line, const char *s, const BIGNUM *a); +int test_BN_lt_zero(const char *file, int line, const char *s, const BIGNUM *a); +int test_BN_le_zero(const char *file, int line, const char *s, const BIGNUM *a); +int test_BN_gt_zero(const char *file, int line, const char *s, const BIGNUM *a); +int test_BN_ge_zero(const char *file, int line, const char *s, const BIGNUM *a); +int test_BN_eq_one(const char *file, int line, const char *s, const BIGNUM *a); +int test_BN_odd(const char *file, int line, const char *s, const BIGNUM *a); +int test_BN_even(const char *file, int line, const char *s, const BIGNUM *a); +int test_BN_eq_word(const char *file, int line, const char *bns, const char *ws, + const BIGNUM *a, BN_ULONG w); +int test_BN_abs_eq_word(const char *file, int line, const char *bns, + const char *ws, const BIGNUM *a, BN_ULONG w); /* - * For "impossible" conditions such as malloc failures or bugs in test code, - * where continuing the test would be meaningless. Note that OPENSSL_assert - * is fatal, and is never compiled out. + * Pretty print a failure message. + * These should not be called directly, use the TEST_xxx macros below instead. */ -#define TEST_check(condition) \ - do { \ - if (!(condition)) { \ - ERR_print_errors_fp(stderr); \ - OPENSSL_assert(!#condition); \ - } \ - } while (0); +void test_error(const char *file, int line, const char *desc, ...) + PRINTF_FORMAT(3, 4); +void test_error_c90(const char *desc, ...) PRINTF_FORMAT(1, 2); +void test_info(const char *file, int line, const char *desc, ...) + PRINTF_FORMAT(3, 4); +void test_info_c90(const char *desc, ...) PRINTF_FORMAT(1, 2); +void test_note(const char *desc, ...) PRINTF_FORMAT(1, 2); +void test_openssl_errors(void); +void test_perror(const char *s); + +/* + * The following macros provide wrapper calls to the test functions with + * a default description that indicates the file and line number of the error. + * + * The following macros guarantee to evaluate each argument exactly once. + * This allows constructs such as: if (!TEST_ptr(ptr = OPENSSL_malloc(..))) + * to produce better contextual output than: + * ptr = OPENSSL_malloc(..); + * if (!TEST_ptr(ptr)) + */ +# define TEST_int_eq(a, b) test_int_eq(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_int_ne(a, b) test_int_ne(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_int_lt(a, b) test_int_lt(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_int_le(a, b) test_int_le(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_int_gt(a, b) test_int_gt(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_int_ge(a, b) test_int_ge(__FILE__, __LINE__, #a, #b, a, b) + +# define TEST_uint_eq(a, b) test_uint_eq(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_uint_ne(a, b) test_uint_ne(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_uint_lt(a, b) test_uint_lt(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_uint_le(a, b) test_uint_le(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_uint_gt(a, b) test_uint_gt(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_uint_ge(a, b) test_uint_ge(__FILE__, __LINE__, #a, #b, a, b) + +# define TEST_char_eq(a, b) test_char_eq(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_char_ne(a, b) test_char_ne(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_char_lt(a, b) test_char_lt(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_char_le(a, b) test_char_le(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_char_gt(a, b) test_char_gt(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_char_ge(a, b) test_char_ge(__FILE__, __LINE__, #a, #b, a, b) + +# define TEST_uchar_eq(a, b) test_uchar_eq(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_uchar_ne(a, b) test_uchar_ne(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_uchar_lt(a, b) test_uchar_lt(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_uchar_le(a, b) test_uchar_le(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_uchar_gt(a, b) test_uchar_gt(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_uchar_ge(a, b) test_uchar_ge(__FILE__, __LINE__, #a, #b, a, b) + +# define TEST_long_eq(a, b) test_long_eq(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_long_ne(a, b) test_long_ne(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_long_lt(a, b) test_long_lt(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_long_le(a, b) test_long_le(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_long_gt(a, b) test_long_gt(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_long_ge(a, b) test_long_ge(__FILE__, __LINE__, #a, #b, a, b) + +# define TEST_ulong_eq(a, b) test_ulong_eq(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_ulong_ne(a, b) test_ulong_ne(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_ulong_lt(a, b) test_ulong_lt(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_ulong_le(a, b) test_ulong_le(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_ulong_gt(a, b) test_ulong_gt(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_ulong_ge(a, b) test_ulong_ge(__FILE__, __LINE__, #a, #b, a, b) + +# define TEST_size_t_eq(a, b) test_size_t_eq(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_size_t_ne(a, b) test_size_t_ne(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_size_t_lt(a, b) test_size_t_lt(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_size_t_le(a, b) test_size_t_le(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_size_t_gt(a, b) test_size_t_gt(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_size_t_ge(a, b) test_size_t_ge(__FILE__, __LINE__, #a, #b, a, b) + +# define TEST_time_t_eq(a, b) test_time_t_eq(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_time_t_ne(a, b) test_time_t_ne(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_time_t_lt(a, b) test_time_t_lt(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_time_t_le(a, b) test_time_t_le(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_time_t_gt(a, b) test_time_t_gt(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_time_t_ge(a, b) test_time_t_ge(__FILE__, __LINE__, #a, #b, a, b) + +# define TEST_ptr_eq(a, b) test_ptr_eq(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_ptr_ne(a, b) test_ptr_ne(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_ptr(a) test_ptr(__FILE__, __LINE__, #a, a) +# define TEST_ptr_null(a) test_ptr_null(__FILE__, __LINE__, #a, a) + +# define TEST_str_eq(a, b) test_str_eq(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_str_ne(a, b) test_str_ne(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_strn_eq(a, b, n) test_strn_eq(__FILE__, __LINE__, #a, #b, a, b, n) +# define TEST_strn_ne(a, b, n) test_strn_ne(__FILE__, __LINE__, #a, #b, a, b, n) + +# define TEST_mem_eq(a, m, b, n) test_mem_eq(__FILE__, __LINE__, #a, #b, a, m, b, n) +# define TEST_mem_ne(a, m, b, n) test_mem_ne(__FILE__, __LINE__, #a, #b, a, m, b, n) + +# define TEST_true(a) test_true(__FILE__, __LINE__, #a, (a) != 0) +# define TEST_false(a) test_false(__FILE__, __LINE__, #a, (a) != 0) + +# define TEST_BN_eq(a, b) test_BN_eq(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_BN_ne(a, b) test_BN_ne(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_BN_lt(a, b) test_BN_lt(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_BN_gt(a, b) test_BN_gt(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_BN_le(a, b) test_BN_le(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_BN_ge(a, b) test_BN_ge(__FILE__, __LINE__, #a, #b, a, b) +# define TEST_BN_eq_zero(a) test_BN_eq_zero(__FILE__, __LINE__, #a, a) +# define TEST_BN_ne_zero(a) test_BN_ne_zero(__FILE__, __LINE__, #a, a) +# define TEST_BN_lt_zero(a) test_BN_lt_zero(__FILE__, __LINE__, #a, a) +# define TEST_BN_gt_zero(a) test_BN_gt_zero(__FILE__, __LINE__, #a, a) +# define TEST_BN_le_zero(a) test_BN_le_zero(__FILE__, __LINE__, #a, a) +# define TEST_BN_ge_zero(a) test_BN_ge_zero(__FILE__, __LINE__, #a, a) +# define TEST_BN_eq_one(a) test_BN_eq_one(__FILE__, __LINE__, #a, a) +# define TEST_BN_eq_word(a, w) test_BN_eq_word(__FILE__, __LINE__, #a, #w, a, w) +# define TEST_BN_abs_eq_word(a, w) test_BN_abs_eq_word(__FILE__, __LINE__, #a, #w, a, w) +# define TEST_BN_odd(a) test_BN_odd(__FILE__, __LINE__, #a, a) +# define TEST_BN_even(a) test_BN_even(__FILE__, __LINE__, #a, a) + +/* + * TEST_error(desc, ...) prints an informative error message in the standard + * format. |desc| is a printf format string. + */ +# if !defined(__STDC_VERSION__) || __STDC_VERSION__ < 199901L +# define TEST_error test_error_c90 +# define TEST_info test_info_c90 +# else +# define TEST_error(...) test_error(__FILE__, __LINE__, __VA_ARGS__) +# define TEST_info(...) test_info(__FILE__, __LINE__, __VA_ARGS__) +# endif +# define TEST_note test_note +# define TEST_openssl_errors test_openssl_errors +# define TEST_perror test_perror + +extern BIO *bio_out; +extern BIO *bio_err; + +/* + * Formatted output for strings, memory and bignums. + */ +void test_output_string(const char *name, const char *m, size_t l); +void test_output_bignum(const char *name, const BIGNUM *bn); +void test_output_memory(const char *name, const unsigned char *m, size_t l); + + +/* + * Utilities to parse a test file. + */ +#define TESTMAXPAIRS 20 + +typedef struct pair_st { + char *key; + char *value; +} PAIR; + +typedef struct stanza_st { + const char *test_file; /* Input file name */ + BIO *fp; /* Input file */ + int curr; /* Current line in file */ + int start; /* Line where test starts */ + int errors; /* Error count */ + int numtests; /* Number of tests */ + int numskip; /* Number of skipped tests */ + int numpairs; + PAIR pairs[TESTMAXPAIRS]; + BIO *key; /* temp memory BIO for reading in keys */ + char buff[4096]; /* Input buffer for a single key/value */ +} STANZA; + +/* + * Prepare to start reading the file |testfile| as input. + */ +int test_start_file(STANZA *s, const char *testfile); +int test_end_file(STANZA *s); + +/* + * Read a stanza from the test file. A stanza consists of a block + * of lines of the form + * key = value + * The block is terminated by EOF or a blank line. + * Return 1 if found, 0 on EOF or error. + */ +int test_readstanza(STANZA *s); + +/* + * Clear a stanza, release all allocated memory. + */ +void test_clearstanza(STANZA *s); + +/* + * Glue an array of strings together and return it as an allocated string. + * Optionally return the whole length of this string in |out_len| + */ +char *glue_strings(const char *list[], size_t *out_len); + +#endif /* HEADER_TESTUTIL_H */ diff --git a/deps/openssl/openssl/test/testutil/basic_output.c b/deps/openssl/openssl/test/testutil/basic_output.c new file mode 100644 index 00000000000000..e442da864ad5e9 --- /dev/null +++ b/deps/openssl/openssl/test/testutil/basic_output.c @@ -0,0 +1,58 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "../testutil.h" +#include "output.h" +#include "tu_local.h" + +#include +#include + +BIO *bio_out = NULL; +BIO *bio_err = NULL; + +void test_open_streams(void) +{ + bio_out = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT); + bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); +#ifdef __VMS + bio_out = BIO_push(BIO_new(BIO_f_linebuffer()), bio_out); + bio_err = BIO_push(BIO_new(BIO_f_linebuffer()), bio_err); +#endif + bio_err = BIO_push(BIO_new(BIO_f_tap()), bio_err); + + OPENSSL_assert(bio_out != NULL); + OPENSSL_assert(bio_err != NULL); +} + +void test_close_streams(void) +{ + BIO_free_all(bio_out); + BIO_free_all(bio_err); +} + +int test_vprintf_stdout(const char *fmt, va_list ap) +{ + return BIO_vprintf(bio_out, fmt, ap); +} + +int test_vprintf_stderr(const char *fmt, va_list ap) +{ + return BIO_vprintf(bio_err, fmt, ap); +} + +int test_flush_stdout(void) +{ + return BIO_flush(bio_out); +} + +int test_flush_stderr(void) +{ + return BIO_flush(bio_err); +} diff --git a/deps/openssl/openssl/test/testutil/cb.c b/deps/openssl/openssl/test/testutil/cb.c new file mode 100644 index 00000000000000..4f5ba080cc04f0 --- /dev/null +++ b/deps/openssl/openssl/test/testutil/cb.c @@ -0,0 +1,16 @@ +/* + * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "output.h" +#include "tu_local.h" + +int openssl_error_cb(const char *str, size_t len, void *u) +{ + return test_printf_stderr("%s", str); +} diff --git a/deps/openssl/openssl/test/testutil/driver.c b/deps/openssl/openssl/test/testutil/driver.c new file mode 100644 index 00000000000000..1b45baf3caefa9 --- /dev/null +++ b/deps/openssl/openssl/test/testutil/driver.c @@ -0,0 +1,298 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "../testutil.h" +#include "output.h" +#include "tu_local.h" + +#include +#include + +#include "internal/nelem.h" +#include + +#ifdef _WIN32 +# define strdup _strdup +#endif + +/* + * Declares the structures needed to register each test case function. + */ +typedef struct test_info { + const char *test_case_name; + int (*test_fn) (void); + int (*param_test_fn)(int idx); + int num; + + /* flags */ + int subtest:1; +} TEST_INFO; + +static TEST_INFO all_tests[1024]; +static int num_tests = 0; +static int seed = 0; +/* + * A parameterised tests runs a loop of test cases. + * |num_test_cases| counts the total number of test cases + * across all tests. + */ +static int num_test_cases = 0; + +void add_test(const char *test_case_name, int (*test_fn) (void)) +{ + assert(num_tests != OSSL_NELEM(all_tests)); + all_tests[num_tests].test_case_name = test_case_name; + all_tests[num_tests].test_fn = test_fn; + all_tests[num_tests].num = -1; + ++num_tests; + ++num_test_cases; +} + +void add_all_tests(const char *test_case_name, int(*test_fn)(int idx), + int num, int subtest) +{ + assert(num_tests != OSSL_NELEM(all_tests)); + all_tests[num_tests].test_case_name = test_case_name; + all_tests[num_tests].param_test_fn = test_fn; + all_tests[num_tests].num = num; + all_tests[num_tests].subtest = subtest; + ++num_tests; + num_test_cases += num; +} + +static int level = 0; + +int subtest_level(void) +{ + return level; +} + +#ifndef OPENSSL_NO_CRYPTO_MDEBUG +static int should_report_leaks(void) +{ + /* + * When compiled with enable-crypto-mdebug, OPENSSL_DEBUG_MEMORY=0 + * can be used to disable leak checking at runtime. + * Note this only works when running the test binary manually; + * the test harness always enables OPENSSL_DEBUG_MEMORY. + */ + char *mem_debug_env = getenv("OPENSSL_DEBUG_MEMORY"); + + return mem_debug_env == NULL + || (strcmp(mem_debug_env, "0") && strcmp(mem_debug_env, "")); +} +#endif + +static int gcd(int a, int b) +{ + while (b != 0) { + int t = b; + b = a % b; + a = t; + } + return a; +} + +void setup_test_framework() +{ + char *TAP_levels = getenv("HARNESS_OSSL_LEVEL"); + char *test_seed = getenv("OPENSSL_TEST_RAND_ORDER"); + + level = TAP_levels != NULL ? 4 * atoi(TAP_levels) : 0; + + if (test_seed != NULL) { + seed = atoi(test_seed); + if (seed <= 0) + seed = (int)time(NULL); + test_printf_stdout("%*s# RAND SEED %d\n", subtest_level(), "", seed); + test_flush_stdout(); + srand(seed); + } + +#ifndef OPENSSL_NO_CRYPTO_MDEBUG + if (should_report_leaks()) { + CRYPTO_set_mem_debug(1); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + } +#endif +} + +int pulldown_test_framework(int ret) +{ + set_test_title(NULL); +#ifndef OPENSSL_NO_CRYPTO_MDEBUG + if (should_report_leaks() + && CRYPTO_mem_leaks_cb(openssl_error_cb, NULL) <= 0) + return EXIT_FAILURE; +#endif + + return ret; +} + +static void finalize(int success) +{ + if (success) + ERR_clear_error(); + else + ERR_print_errors_cb(openssl_error_cb, NULL); +} + +static char *test_title = NULL; + +void set_test_title(const char *title) +{ + free(test_title); + test_title = title == NULL ? NULL : strdup(title); +} + +PRINTF_FORMAT(2, 3) static void test_verdict(int pass, const char *extra, ...) +{ + va_list ap; + + test_flush_stdout(); + test_flush_stderr(); + + test_printf_stdout("%*s%s", level, "", pass ? "ok" : "not ok"); + if (extra != NULL) { + test_printf_stdout(" "); + va_start(ap, extra); + test_vprintf_stdout(extra, ap); + va_end(ap); + } + test_printf_stdout("\n"); + test_flush_stdout(); +} + +int run_tests(const char *test_prog_name) +{ + int num_failed = 0; + int verdict = 1; + int ii, i, jj, j, jstep; + int permute[OSSL_NELEM(all_tests)]; + + if (num_tests < 1) { + test_printf_stdout("%*s1..0 # Skipped: %s\n", level, "", + test_prog_name); + } else { + if (level > 0) + test_printf_stdout("%*s# Subtest: %s\n", level, "", test_prog_name); + test_printf_stdout("%*s1..%d\n", level, "", num_tests); + } + test_flush_stdout(); + + for (i = 0; i < num_tests; i++) + permute[i] = i; + if (seed != 0) + for (i = num_tests - 1; i >= 1; i--) { + j = rand() % (1 + i); + ii = permute[j]; + permute[j] = permute[i]; + permute[i] = ii; + } + + for (ii = 0; ii != num_tests; ++ii) { + i = permute[ii]; + if (all_tests[i].num == -1) { + int ret = 0; + + set_test_title(all_tests[i].test_case_name); + ret = all_tests[i].test_fn(); + + verdict = 1; + if (!ret) { + verdict = 0; + ++num_failed; + } + test_verdict(verdict, "%d - %s", ii + 1, test_title); + finalize(ret); + } else { + int num_failed_inner = 0; + + level += 4; + if (all_tests[i].subtest) { + test_printf_stdout("%*s# Subtest: %s\n", level, "", + all_tests[i].test_case_name); + test_printf_stdout("%*s%d..%d\n", level, "", 1, + all_tests[i].num); + test_flush_stdout(); + } + + j = -1; + if (seed == 0 || all_tests[i].num < 3) + jstep = 1; + else + do + jstep = rand() % all_tests[i].num; + while (jstep == 0 || gcd(all_tests[i].num, jstep) != 1); + + for (jj = 0; jj < all_tests[i].num; jj++) { + int ret; + + j = (j + jstep) % all_tests[i].num; + set_test_title(NULL); + ret = all_tests[i].param_test_fn(j); + + if (!ret) + ++num_failed_inner; + + finalize(ret); + + if (all_tests[i].subtest) { + verdict = 1; + if (!ret) { + verdict = 0; + ++num_failed_inner; + } + if (test_title != NULL) + test_verdict(verdict, "%d - %s", jj + 1, test_title); + else + test_verdict(verdict, "%d - iteration %d", + jj + 1, j + 1); + } + } + + level -= 4; + verdict = 1; + if (num_failed_inner) { + verdict = 0; + ++num_failed; + } + test_verdict(verdict, "%d - %s", ii + 1, + all_tests[i].test_case_name); + } + } + if (num_failed != 0) + return EXIT_FAILURE; + return EXIT_SUCCESS; +} + +/* + * Glue an array of strings together and return it as an allocated string. + * Optionally return the whole length of this string in |out_len| + */ +char *glue_strings(const char *list[], size_t *out_len) +{ + size_t len = 0; + char *p, *ret; + int i; + + for (i = 0; list[i] != NULL; i++) + len += strlen(list[i]); + + if (out_len != NULL) + *out_len = len; + + if (!TEST_ptr(ret = p = OPENSSL_malloc(len + 1))) + return NULL; + + for (i = 0; list[i] != NULL; i++) + p += strlen(strcpy(p, list[i])); + + return ret; +} diff --git a/deps/openssl/openssl/test/testutil/format_output.c b/deps/openssl/openssl/test/testutil/format_output.c new file mode 100644 index 00000000000000..6ee2a1d266c3c2 --- /dev/null +++ b/deps/openssl/openssl/test/testutil/format_output.c @@ -0,0 +1,529 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "../testutil.h" +#include "output.h" +#include "tu_local.h" + +#include +#include +#include "internal/nelem.h" + +/* The size of memory buffers to display on failure */ +#define MEM_BUFFER_SIZE (2000) +#define MAX_STRING_WIDTH (80) +#define BN_OUTPUT_SIZE (8) + +/* Output a diff header */ +static void test_diff_header(const char *left, const char *right) +{ + test_printf_stderr("--- %s\n", left); + test_printf_stderr("+++ %s\n", right); +} + +/* Formatted string output routines */ +static void test_string_null_empty(const char *m, char c) +{ + if (m == NULL) + test_printf_stderr("% 4s %c NULL\n", "", c); + else + test_printf_stderr("% 4u:%c ''\n", 0u, c); +} + +static void test_fail_string_common(const char *prefix, const char *file, + int line, const char *type, + const char *left, const char *right, + const char *op, const char *m1, size_t l1, + const char *m2, size_t l2) +{ + const size_t width = (MAX_STRING_WIDTH - subtest_level() - 12) / 16 * 16; + char b1[MAX_STRING_WIDTH + 1], b2[MAX_STRING_WIDTH + 1]; + char bdiff[MAX_STRING_WIDTH + 1]; + size_t n1, n2, i; + unsigned int cnt = 0, diff; + + test_fail_message_prefix(prefix, file, line, type, left, right, op); + if (m1 == NULL) + l1 = 0; + if (m2 == NULL) + l2 = 0; + if (l1 == 0 && l2 == 0) { + if ((m1 == NULL) == (m2 == NULL)) { + test_string_null_empty(m1, ' '); + } else { + test_diff_header(left, right); + test_string_null_empty(m1, '-'); + test_string_null_empty(m2, '+'); + } + goto fin; + } + + if (l1 != l2 || strcmp(m1, m2) != 0) + test_diff_header(left, right); + + while (l1 > 0 || l2 > 0) { + n1 = n2 = 0; + if (l1 > 0) { + b1[n1 = l1 > width ? width : l1] = 0; + for (i = 0; i < n1; i++) + b1[i] = isprint((unsigned char)m1[i]) ? m1[i] : '.'; + } + if (l2 > 0) { + b2[n2 = l2 > width ? width : l2] = 0; + for (i = 0; i < n2; i++) + b2[i] = isprint((unsigned char)m2[i]) ? m2[i] : '.'; + } + diff = 0; + i = 0; + if (n1 > 0 && n2 > 0) { + const size_t j = n1 < n2 ? n1 : n2; + + for (; i < j; i++) + if (m1[i] == m2[i]) { + bdiff[i] = ' '; + } else { + bdiff[i] = '^'; + diff = 1; + } + bdiff[i] = '\0'; + } + if (n1 == n2 && !diff) { + test_printf_stderr("% 4u: '%s'\n", cnt, n2 > n1 ? b2 : b1); + } else { + if (cnt == 0 && (m1 == NULL || *m1 == '\0')) + test_string_null_empty(m1, '-'); + else if (n1 > 0) + test_printf_stderr("% 4u:- '%s'\n", cnt, b1); + if (cnt == 0 && (m2 == NULL || *m2 == '\0')) + test_string_null_empty(m2, '+'); + else if (n2 > 0) + test_printf_stderr("% 4u:+ '%s'\n", cnt, b2); + if (diff && i > 0) + test_printf_stderr("% 4s %s\n", "", bdiff); + } + m1 += n1; + m2 += n2; + l1 -= n1; + l2 -= n2; + cnt += width; + } +fin: + test_flush_stderr(); +} + +/* + * Wrapper routines so that the underlying code can be shared. + * The first is the call from inside the test utilities when a conditional + * fails. The second is the user's call to dump a string. + */ +void test_fail_string_message(const char *prefix, const char *file, + int line, const char *type, + const char *left, const char *right, + const char *op, const char *m1, size_t l1, + const char *m2, size_t l2) +{ + test_fail_string_common(prefix, file, line, type, left, right, op, + m1, l1, m2, l2); + test_printf_stderr("\n"); +} + +void test_output_string(const char *name, const char *m, size_t l) +{ + test_fail_string_common("string", NULL, 0, NULL, NULL, NULL, name, + m, l, m, l); +} + +/* BIGNUM formatted output routines */ + +/* + * A basic memory byte to hex digit converter with allowance for spacing + * every so often. + */ +static void hex_convert_memory(const unsigned char *m, size_t n, char *b, + size_t width) +{ + size_t i; + + for (i = 0; i < n; i++) { + const unsigned char c = *m++; + + *b++ = "0123456789abcdef"[c >> 4]; + *b++ = "0123456789abcdef"[c & 15]; + if (i % width == width - 1 && i != n - 1) + *b++ = ' '; + } + *b = '\0'; +} + +/* + * Constants to define the number of bytes to display per line and the number + * of characters these take. + */ +static const int bn_bytes = (MAX_STRING_WIDTH - 9) / (BN_OUTPUT_SIZE * 2 + 1) + * BN_OUTPUT_SIZE; +static const int bn_chars = (MAX_STRING_WIDTH - 9) / (BN_OUTPUT_SIZE * 2 + 1) + * (BN_OUTPUT_SIZE * 2 + 1) - 1; + +/* + * Output the header line for the bignum + */ +static void test_bignum_header_line(void) +{ + test_printf_stderr(" %*s\n", bn_chars + 6, "bit position"); +} + +static const char *test_bignum_zero_null(const BIGNUM *bn) +{ + if (bn != NULL) + return BN_is_negative(bn) ? "-0" : "0"; + return "NULL"; +} + +/* + * Print a bignum zero taking care to include the correct sign. + * This routine correctly deals with a NULL bignum pointer as input. + */ +static void test_bignum_zero_print(const BIGNUM *bn, char sep) +{ + const char *v = test_bignum_zero_null(bn); + const char *suf = bn != NULL ? ": 0" : ""; + + test_printf_stderr("%c%*s%s\n", sep, bn_chars, v, suf); +} + +/* + * Convert a section of memory from inside a bignum into a displayable + * string with appropriate visual aid spaces inserted. + */ +static int convert_bn_memory(const unsigned char *in, size_t bytes, + char *out, int *lz, const BIGNUM *bn) +{ + int n = bytes * 2, i; + char *p = out, *q = NULL; + + if (bn != NULL && !BN_is_zero(bn)) { + hex_convert_memory(in, bytes, out, BN_OUTPUT_SIZE); + if (*lz) { + for (; *p == '0' || *p == ' '; p++) + if (*p == '0') { + q = p; + *p = ' '; + n--; + } + if (*p == '\0') { + /* + * in[bytes] is defined because we're converting a non-zero + * number and we've not seen a non-zero yet. + */ + if ((in[bytes] & 0xf0) != 0 && BN_is_negative(bn)) { + *lz = 0; + *q = '-'; + n++; + } + } else { + *lz = 0; + if (BN_is_negative(bn)) { + /* + * This is valid because we always convert more digits than + * the number holds. + */ + *q = '-'; + n++; + } + } + } + return n; + } + + for (i = 0; i < n; i++) { + *p++ = ' '; + if (i % (2 * BN_OUTPUT_SIZE) == 2 * BN_OUTPUT_SIZE - 1 && i != n - 1) + *p++ = ' '; + } + *p = '\0'; + if (bn == NULL) + q = "NULL"; + else + q = BN_is_negative(bn) ? "-0" : "0"; + strcpy(p - strlen(q), q); + return 0; +} + +/* + * Common code to display either one or two bignums, including the diff + * pointers for changes (only when there are two). + */ +static void test_fail_bignum_common(const char *prefix, const char *file, + int line, const char *type, + const char *left, const char *right, + const char *op, + const BIGNUM *bn1, const BIGNUM *bn2) +{ + const size_t bytes = bn_bytes; + char b1[MAX_STRING_WIDTH + 1], b2[MAX_STRING_WIDTH + 1]; + char *p, bdiff[MAX_STRING_WIDTH + 1]; + size_t l1, l2, n1, n2, i, len; + unsigned int cnt, diff, real_diff; + unsigned char *m1 = NULL, *m2 = NULL; + int lz1 = 1, lz2 = 1; + unsigned char buffer[MEM_BUFFER_SIZE * 2], *bufp = buffer; + + test_fail_message_prefix(prefix, file, line, type, left, right, op); + l1 = bn1 == NULL ? 0 : (BN_num_bytes(bn1) + (BN_is_negative(bn1) ? 1 : 0)); + l2 = bn2 == NULL ? 0 : (BN_num_bytes(bn2) + (BN_is_negative(bn2) ? 1 : 0)); + if (l1 == 0 && l2 == 0) { + if ((bn1 == NULL) == (bn2 == NULL)) { + test_bignum_header_line(); + test_bignum_zero_print(bn1, ' '); + } else { + test_diff_header(left, right); + test_bignum_header_line(); + test_bignum_zero_print(bn1, '-'); + test_bignum_zero_print(bn2, '+'); + } + goto fin; + } + + if (l1 != l2 || bn1 == NULL || bn2 == NULL || BN_cmp(bn1, bn2) != 0) + test_diff_header(left, right); + test_bignum_header_line(); + + len = ((l1 > l2 ? l1 : l2) + bytes - 1) / bytes * bytes; + + if (len > MEM_BUFFER_SIZE && (bufp = OPENSSL_malloc(len * 2)) == NULL) { + bufp = buffer; + len = MEM_BUFFER_SIZE; + test_printf_stderr("WARNING: these BIGNUMs have been truncated\n"); + } + + if (bn1 != NULL) { + m1 = bufp; + BN_bn2binpad(bn1, m1, len); + } + if (bn2 != NULL) { + m2 = bufp + len; + BN_bn2binpad(bn2, m2, len); + } + + while (len > 0) { + cnt = 8 * (len - bytes); + n1 = convert_bn_memory(m1, bytes, b1, &lz1, bn1); + n2 = convert_bn_memory(m2, bytes, b2, &lz2, bn2); + + diff = real_diff = 0; + i = 0; + p = bdiff; + for (i=0; b1[i] != '\0'; i++) + if (b1[i] == b2[i] || b1[i] == ' ' || b2[i] == ' ') { + *p++ = ' '; + diff |= b1[i] != b2[i]; + } else { + *p++ = '^'; + real_diff = diff = 1; + } + *p++ = '\0'; + if (!diff) { + test_printf_stderr(" %s:% 5d\n", n2 > n1 ? b2 : b1, cnt); + } else { + if (cnt == 0 && bn1 == NULL) + test_printf_stderr("-%s\n", b1); + else if (cnt == 0 || n1 > 0) + test_printf_stderr("-%s:% 5d\n", b1, cnt); + if (cnt == 0 && bn2 == NULL) + test_printf_stderr("+%s\n", b2); + else if (cnt == 0 || n2 > 0) + test_printf_stderr("+%s:% 5d\n", b2, cnt); + if (real_diff && (cnt == 0 || (n1 > 0 && n2 > 0)) + && bn1 != NULL && bn2 != NULL) + test_printf_stderr(" %s\n", bdiff); + } + if (m1 != NULL) + m1 += bytes; + if (m2 != NULL) + m2 += bytes; + len -= bytes; + } +fin: + test_flush_stderr(); + if (bufp != buffer) + OPENSSL_free(bufp); +} + +/* + * Wrapper routines so that the underlying code can be shared. + * The first two are calls from inside the test utilities when a conditional + * fails. The third is the user's call to dump a bignum. + */ +void test_fail_bignum_message(const char *prefix, const char *file, + int line, const char *type, + const char *left, const char *right, + const char *op, + const BIGNUM *bn1, const BIGNUM *bn2) +{ + test_fail_bignum_common(prefix, file, line, type, left, right, op, bn1, bn2); + test_printf_stderr("\n"); +} + +void test_fail_bignum_mono_message(const char *prefix, const char *file, + int line, const char *type, + const char *left, const char *right, + const char *op, const BIGNUM *bn) +{ + test_fail_bignum_common(prefix, file, line, type, left, right, op, bn, bn); + test_printf_stderr("\n"); +} + +void test_output_bignum(const char *name, const BIGNUM *bn) +{ + if (bn == NULL || BN_is_zero(bn)) { + test_printf_stderr("bignum: '%s' = %s\n", name, + test_bignum_zero_null(bn)); + } else if (BN_num_bytes(bn) <= BN_OUTPUT_SIZE) { + unsigned char buf[BN_OUTPUT_SIZE]; + char out[2 * sizeof(buf) + 1]; + char *p = out; + int n = BN_bn2bin(bn, buf); + + hex_convert_memory(buf, n, p, BN_OUTPUT_SIZE); + while (*p == '0' && *++p != '\0') + ; + test_printf_stderr("bignum: '%s' = %s0x%s\n", name, + BN_is_negative(bn) ? "-" : "", p); + } else { + test_fail_bignum_common("bignum", NULL, 0, NULL, NULL, NULL, name, + bn, bn); + } +} + +/* Memory output routines */ + +/* + * Handle zero length blocks of memory or NULL pointers to memory + */ +static void test_memory_null_empty(const unsigned char *m, char c) +{ + if (m == NULL) + test_printf_stderr("% 4s %c%s\n", "", c, "NULL"); + else + test_printf_stderr("%04x %c%s\n", 0u, c, "empty"); +} + +/* + * Common code to display one or two blocks of memory. + */ +static void test_fail_memory_common(const char *prefix, const char *file, + int line, const char *type, + const char *left, const char *right, + const char *op, + const unsigned char *m1, size_t l1, + const unsigned char *m2, size_t l2) +{ + const size_t bytes = (MAX_STRING_WIDTH - 9) / 17 * 8; + char b1[MAX_STRING_WIDTH + 1], b2[MAX_STRING_WIDTH + 1]; + char *p, bdiff[MAX_STRING_WIDTH + 1]; + size_t n1, n2, i; + unsigned int cnt = 0, diff; + + test_fail_message_prefix(prefix, file, line, type, left, right, op); + if (m1 == NULL) + l1 = 0; + if (m2 == NULL) + l2 = 0; + if (l1 == 0 && l2 == 0) { + if ((m1 == NULL) == (m2 == NULL)) { + test_memory_null_empty(m1, ' '); + } else { + test_diff_header(left, right); + test_memory_null_empty(m1, '-'); + test_memory_null_empty(m2, '+'); + } + goto fin; + } + + if (l1 != l2 || (m1 != m2 && memcmp(m1, m2, l1) != 0)) + test_diff_header(left, right); + + while (l1 > 0 || l2 > 0) { + n1 = n2 = 0; + if (l1 > 0) { + n1 = l1 > bytes ? bytes : l1; + hex_convert_memory(m1, n1, b1, 8); + } + if (l2 > 0) { + n2 = l2 > bytes ? bytes : l2; + hex_convert_memory(m2, n2, b2, 8); + } + + diff = 0; + i = 0; + p = bdiff; + if (n1 > 0 && n2 > 0) { + const size_t j = n1 < n2 ? n1 : n2; + + for (; i < j; i++) { + if (m1[i] == m2[i]) { + *p++ = ' '; + *p++ = ' '; + } else { + *p++ = '^'; + *p++ = '^'; + diff = 1; + } + if (i % 8 == 7 && i != j - 1) + *p++ = ' '; + } + *p++ = '\0'; + } + + if (n1 == n2 && !diff) { + test_printf_stderr("%04x: %s\n", cnt, b1); + } else { + if (cnt == 0 && (m1 == NULL || l1 == 0)) + test_memory_null_empty(m1, '-'); + else if (n1 > 0) + test_printf_stderr("%04x:-%s\n", cnt, b1); + if (cnt == 0 && (m2 == NULL || l2 == 0)) + test_memory_null_empty(m2, '+'); + else if (n2 > 0) + test_printf_stderr("%04x:+%s\n", cnt, b2); + if (diff && i > 0) + test_printf_stderr("% 4s %s\n", "", bdiff); + } + m1 += n1; + m2 += n2; + l1 -= n1; + l2 -= n2; + cnt += bytes; + } +fin: + test_flush_stderr(); +} + +/* + * Wrapper routines so that the underlying code can be shared. + * The first is the call from inside the test utilities when a conditional + * fails. The second is the user's call to dump memory. + */ +void test_fail_memory_message(const char *prefix, const char *file, + int line, const char *type, + const char *left, const char *right, + const char *op, + const unsigned char *m1, size_t l1, + const unsigned char *m2, size_t l2) +{ + test_fail_memory_common(prefix, file, line, type, left, right, op, + m1, l1, m2, l2); + test_printf_stderr("\n"); +} + +void test_output_memory(const char *name, const unsigned char *m, size_t l) +{ + test_fail_memory_common("memory", NULL, 0, NULL, NULL, NULL, name, + m, l, m, l); +} diff --git a/deps/openssl/openssl/test/testutil/init.c b/deps/openssl/openssl/test/testutil/init.c new file mode 100644 index 00000000000000..5095c7f7e3b4cc --- /dev/null +++ b/deps/openssl/openssl/test/testutil/init.c @@ -0,0 +1,15 @@ +/* + * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "../testutil.h" + +int global_init(void) +{ + return 1; +} diff --git a/deps/openssl/openssl/test/testutil/main.c b/deps/openssl/openssl/test/testutil/main.c new file mode 100644 index 00000000000000..b9d3e263d21ecf --- /dev/null +++ b/deps/openssl/openssl/test/testutil/main.c @@ -0,0 +1,105 @@ +/* + * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "../testutil.h" +#include "internal/nelem.h" +#include "output.h" +#include "tu_local.h" + +#include + +static size_t arg_count; +static char **args; +static unsigned char arg_used[1000]; + +static void check_arg_usage(void) +{ + size_t i, n = arg_count < OSSL_NELEM(arg_used) ? arg_count + : OSSL_NELEM(arg_used); + + for (i = 0; i < n; i++) + if (!arg_used[i+1]) + test_printf_stderr("Warning ignored command-line argument %d: %s\n", + i, args[i+1]); + if (i < arg_count) + test_printf_stderr("Warning arguments %zu and later unchecked\n", i); +} + +int main(int argc, char *argv[]) +{ + int ret = EXIT_FAILURE; + + test_open_streams(); + + if (!global_init()) { + test_printf_stderr("Global init failed - aborting\n"); + return ret; + } + + arg_count = argc - 1; + args = argv; + + setup_test_framework(); + + if (setup_tests()) + ret = run_tests(argv[0]); + cleanup_tests(); + check_arg_usage(); + + ret = pulldown_test_framework(ret); + test_close_streams(); + return ret; +} + +const char *test_get_program_name(void) +{ + return args[0]; +} + +char *test_get_argument(size_t n) +{ + if (n > arg_count) + return NULL; + if (n + 1 < OSSL_NELEM(arg_used)) + arg_used[n + 1] = 1; + return args[n + 1]; +} + +size_t test_get_argument_count(void) +{ + return arg_count; +} + +int test_has_option(const char *option) +{ + size_t i; + + for (i = 1; i <= arg_count; i++) + if (strcmp(args[i], option) == 0) { + arg_used[i] = 1; + return 1; + } + return 0; +} + +const char *test_get_option_argument(const char *option) +{ + size_t i, n = strlen(option); + + for (i = 1; i <= arg_count; i++) + if (strncmp(args[i], option, n) == 0) { + arg_used[i] = 1; + if (args[i][n] == '\0' && i + 1 < arg_count) { + arg_used[++i] = 1; + return args[i]; + } + return args[i] + n; + } + return NULL; +} diff --git a/deps/openssl/openssl/test/testutil/output.h b/deps/openssl/openssl/test/testutil/output.h new file mode 100644 index 00000000000000..8e2b2a340ade66 --- /dev/null +++ b/deps/openssl/openssl/test/testutil/output.h @@ -0,0 +1,32 @@ +/* + * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_TU_OUTPUT_H +# define HEADER_TU_OUTPUT_H + +#include + +/* + * The basic I/O functions used internally by the test framework. These + * can be overridden when needed. Note that if one is, then all must be. + */ +void test_open_streams(void); +void test_close_streams(void); +/* The following ALL return the number of characters written */ +int test_vprintf_stdout(const char *fmt, va_list ap); +int test_vprintf_stderr(const char *fmt, va_list ap); +/* These return failure or success */ +int test_flush_stdout(void); +int test_flush_stderr(void); + +/* Commodity functions. There's no need to override these */ +int test_printf_stdout(const char *fmt, ...); +int test_printf_stderr(const char *fmt, ...); + +#endif /* HEADER_TU_OUTPUT_H */ diff --git a/deps/openssl/openssl/test/testutil/output_helpers.c b/deps/openssl/openssl/test/testutil/output_helpers.c new file mode 100644 index 00000000000000..93514743e2cf65 --- /dev/null +++ b/deps/openssl/openssl/test/testutil/output_helpers.c @@ -0,0 +1,34 @@ +/* + * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "output.h" + +int test_printf_stdout(const char *fmt, ...) +{ + va_list ap; + int ret; + + va_start(ap, fmt); + ret = test_vprintf_stdout(fmt, ap); + va_end(ap); + + return ret; +} + +int test_printf_stderr(const char *fmt, ...) +{ + va_list ap; + int ret; + + va_start(ap, fmt); + ret = test_vprintf_stderr(fmt, ap); + va_end(ap); + + return ret; +} diff --git a/deps/openssl/openssl/test/testutil/stanza.c b/deps/openssl/openssl/test/testutil/stanza.c new file mode 100644 index 00000000000000..09fc1810807919 --- /dev/null +++ b/deps/openssl/openssl/test/testutil/stanza.c @@ -0,0 +1,158 @@ +/* + * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ +#include +#include +#include +#include +#include + +#include "internal/nelem.h" +#include "../testutil.h" +#include "tu_local.h" + +int test_start_file(STANZA *s, const char *testfile) +{ + TEST_info("Reading %s", testfile); + set_test_title(testfile); + memset(s, 0, sizeof(*s)); + if (!TEST_ptr(s->fp = BIO_new_file(testfile, "r"))) + return 0; + s->test_file = testfile; + return 1; +} + +int test_end_file(STANZA *s) +{ + TEST_info("Completed %d tests with %d errors and %d skipped", + s->numtests, s->errors, s->numskip); + BIO_free(s->fp); + return 1; +} + +/* + * Read a PEM block. Return 1 if okay, 0 on error. + */ +static int read_key(STANZA *s) +{ + char tmpbuf[128]; + + if (s->key == NULL) { + if (!TEST_ptr(s->key = BIO_new(BIO_s_mem()))) + return 0; + } else if (!TEST_int_gt(BIO_reset(s->key), 0)) { + return 0; + } + + /* Read to PEM end line and place content in memory BIO */ + while (BIO_gets(s->fp, tmpbuf, sizeof(tmpbuf))) { + s->curr++; + if (!TEST_int_gt(BIO_puts(s->key, tmpbuf), 0)) + return 0; + if (strncmp(tmpbuf, "-----END", 8) == 0) + return 1; + } + TEST_error("Can't find key end"); + return 0; +} + + +/* + * Delete leading and trailing spaces from a string + */ +static char *strip_spaces(char *p) +{ + char *q; + + /* Skip over leading spaces */ + while (*p && isspace((unsigned char)*p)) + p++; + if (!*p) + return NULL; + + for (q = p + strlen(p) - 1; q != p && isspace((unsigned char)*q); ) + *q-- = '\0'; + return *p ? p : NULL; +} + +/* + * Read next test stanza; return 1 if found, 0 on EOF or error. + */ +int test_readstanza(STANZA *s) +{ + PAIR *pp = s->pairs; + char *p, *equals, *key, *value; + + for (s->numpairs = 0; BIO_gets(s->fp, s->buff, sizeof(s->buff)); ) { + s->curr++; + if (!TEST_ptr(p = strchr(s->buff, '\n'))) { + TEST_info("Line %d too long", s->curr); + return 0; + } + *p = '\0'; + + /* Blank line marks end of tests. */ + if (s->buff[0] == '\0') + break; + + /* Lines starting with a pound sign are ignored. */ + if (s->buff[0] == '#') + continue; + + /* Parse into key=value */ + if (!TEST_ptr(equals = strchr(s->buff, '='))) { + TEST_info("Missing = at line %d\n", s->curr); + return 0; + } + *equals++ = '\0'; + if (!TEST_ptr(key = strip_spaces(s->buff))) { + TEST_info("Empty field at line %d\n", s->curr); + return 0; + } + if ((value = strip_spaces(equals)) == NULL) + value = ""; + + if (strcmp(key, "Title") == 0) { + TEST_info("Starting \"%s\" tests at line %d", value, s->curr); + continue; + } + + if (s->numpairs == 0) + s->start = s->curr; + + if (strcmp(key, "PrivateKey") == 0) { + if (!read_key(s)) + return 0; + } + if (strcmp(key, "PublicKey") == 0) { + if (!read_key(s)) + return 0; + } + + if (!TEST_int_lt(s->numpairs++, TESTMAXPAIRS) + || !TEST_ptr(pp->key = OPENSSL_strdup(key)) + || !TEST_ptr(pp->value = OPENSSL_strdup(value))) + return 0; + pp++; + } + + /* If we read anything, return ok. */ + return 1; +} + +void test_clearstanza(STANZA *s) +{ + PAIR *pp = s->pairs; + int i = s->numpairs; + + for ( ; --i >= 0; pp++) { + OPENSSL_free(pp->key); + OPENSSL_free(pp->value); + } + s->numpairs = 0; +} diff --git a/deps/openssl/openssl/test/testutil/tap_bio.c b/deps/openssl/openssl/test/testutil/tap_bio.c new file mode 100644 index 00000000000000..a6c903b5ae9305 --- /dev/null +++ b/deps/openssl/openssl/test/testutil/tap_bio.c @@ -0,0 +1,154 @@ +/* + * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "tu_local.h" + +static int tap_write_ex(BIO *b, const char *buf, size_t size, size_t *in_size); +static int tap_read_ex(BIO *b, char *buf, size_t size, size_t *out_size); +static int tap_puts(BIO *b, const char *str); +static int tap_gets(BIO *b, char *str, int size); +static long tap_ctrl(BIO *b, int cmd, long arg1, void *arg2); +static int tap_new(BIO *b); +static int tap_free(BIO *b); +static long tap_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); + +const BIO_METHOD *BIO_f_tap(void) +{ + static BIO_METHOD *tap = NULL; + + if (tap == NULL) { + tap = BIO_meth_new(BIO_TYPE_START | BIO_TYPE_FILTER, "tap"); + if (tap != NULL) { + BIO_meth_set_write_ex(tap, tap_write_ex); + BIO_meth_set_read_ex(tap, tap_read_ex); + BIO_meth_set_puts(tap, tap_puts); + BIO_meth_set_gets(tap, tap_gets); + BIO_meth_set_ctrl(tap, tap_ctrl); + BIO_meth_set_create(tap, tap_new); + BIO_meth_set_destroy(tap, tap_free); + BIO_meth_set_callback_ctrl(tap, tap_callback_ctrl); + } + } + return tap; +} + +static int tap_new(BIO *b) +{ + BIO_set_data(b, NULL); + BIO_set_init(b, 1); + return 1; +} + +static int tap_free(BIO *b) +{ + if (b == NULL) + return 0; + BIO_set_data(b, NULL); + BIO_set_init(b, 0); + return 1; +} + +static int tap_read_ex(BIO *b, char *buf, size_t size, size_t *out_size) +{ + BIO *next = BIO_next(b); + int ret = 0; + + ret = BIO_read_ex(next, buf, size, out_size); + BIO_clear_retry_flags(b); + BIO_copy_next_retry(b); + return ret; +} + +/* + * Output a string to the specified bio and return 1 if successful. + */ +static int write_string(BIO *b, const char *buf, size_t n) +{ + size_t m; + + return BIO_write_ex(b, buf, n, &m) != 0 && m == n; +} + +/* + * Write some data. + * + * This function implements a simple state machine that detects new lines. + * It indents the output and prefixes it with a '#' character. + * + * It returns the number of input characters that were output in in_size. + * More characters than this will likely have been output however any calling + * code will be unable to correctly assess the actual number of characters + * emitted and would be prone to failure if the actual number were returned. + * + * The BIO_data field is used as our state. If it is NULL, we've just + * seen a new line. If it is not NULL, we're processing characters in a line. + */ +static int tap_write_ex(BIO *b, const char *buf, size_t size, size_t *in_size) +{ + BIO *next = BIO_next(b); + size_t i; + int j; + + for (i = 0; i < size; i++) { + if (BIO_get_data(b) == NULL) { + BIO_set_data(b, ""); + for (j = 0; j < subtest_level(); j++) + if (!write_string(next, " ", 1)) + goto err; + if (!write_string(next, "# ", 2)) + goto err; + } + if (!write_string(next, buf + i, 1)) + goto err; + if (buf[i] == '\n') + BIO_set_data(b, NULL); + } + *in_size = i; + return 1; + +err: + *in_size = i; + return 0; +} + +static long tap_ctrl(BIO *b, int cmd, long num, void *ptr) +{ + BIO *next = BIO_next(b); + + switch (cmd) { + case BIO_CTRL_RESET: + BIO_set_data(b, NULL); + break; + + default: + break; + } + return BIO_ctrl(next, cmd, num, ptr); +} + +static long tap_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) +{ + return BIO_callback_ctrl(BIO_next(b), cmd, fp); +} + +static int tap_gets(BIO *b, char *buf, int size) +{ + return BIO_gets(BIO_next(b), buf, size); +} + +static int tap_puts(BIO *b, const char *str) +{ + size_t m; + + if (!tap_write_ex(b, str, strlen(str), &m)) + return 0; + return m; +} diff --git a/deps/openssl/openssl/test/testutil/test_cleanup.c b/deps/openssl/openssl/test/testutil/test_cleanup.c new file mode 100644 index 00000000000000..0fdd2e959c9034 --- /dev/null +++ b/deps/openssl/openssl/test/testutil/test_cleanup.c @@ -0,0 +1,14 @@ +/* + * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "../testutil.h" + +void cleanup_tests(void) +{ +} diff --git a/deps/openssl/openssl/test/testutil/tests.c b/deps/openssl/openssl/test/testutil/tests.c new file mode 100644 index 00000000000000..a60af0764f62f1 --- /dev/null +++ b/deps/openssl/openssl/test/testutil/tests.c @@ -0,0 +1,448 @@ +/* + * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "../testutil.h" +#include "output.h" +#include "tu_local.h" + +#include +#include +#include +#include "internal/nelem.h" +#include + +/* + * Output a failed test first line. + * All items are optional are generally not preinted if passed as NULL. + * The special cases are for prefix where "ERROR" is assumed and for left + * and right where a non-failure message is produced if either is NULL. + */ +void test_fail_message_prefix(const char *prefix, const char *file, + int line, const char *type, + const char *left, const char *right, + const char *op) +{ + test_printf_stderr("%s: ", prefix != NULL ? prefix : "ERROR"); + if (type) + test_printf_stderr("(%s) ", type); + if (op != NULL) { + if (left != NULL && right != NULL) + test_printf_stderr("'%s %s %s' failed", left, op, right); + else + test_printf_stderr("'%s'", op); + } + if (file != NULL) { + test_printf_stderr(" @ %s:%d", file, line); + } + test_printf_stderr("\n"); +} + +/* + * A common routine to output test failure messages. Generally this should not + * be called directly, rather it should be called by the following functions. + * + * |desc| is a printf formatted description with arguments |args| that is + * supplied by the user and |desc| can be NULL. |type| is the data type + * that was tested (int, char, ptr, ...). |fmt| is a system provided + * printf format with following arguments that spell out the failure + * details i.e. the actual values compared and the operator used. + * + * The typical use for this is from an utility test function: + * + * int test6(const char *file, int line, int n) { + * if (n != 6) { + * test_fail_message(1, file, line, "int", "value %d is not %d", n, 6); + * return 0; + * } + * return 1; + * } + * + * calling test6(3, "oops") will return 0 and produce out along the lines of: + * FAIL oops: (int) value 3 is not 6\n + */ +static void test_fail_message(const char *prefix, const char *file, int line, + const char *type, const char *left, + const char *right, const char *op, + const char *fmt, ...) + PRINTF_FORMAT(8, 9); + +static void test_fail_message_va(const char *prefix, const char *file, + int line, const char *type, + const char *left, const char *right, + const char *op, const char *fmt, va_list ap) +{ + test_fail_message_prefix(prefix, file, line, type, left, right, op); + if (fmt != NULL) { + test_vprintf_stderr(fmt, ap); + test_printf_stderr("\n"); + } + test_flush_stderr(); +} + +static void test_fail_message(const char *prefix, const char *file, + int line, const char *type, + const char *left, const char *right, + const char *op, const char *fmt, ...) +{ + va_list ap; + + va_start(ap, fmt); + test_fail_message_va(prefix, file, line, type, left, right, op, fmt, ap); + va_end(ap); +} + +void test_info_c90(const char *desc, ...) +{ + va_list ap; + + va_start(ap, desc); + test_fail_message_va("INFO", NULL, -1, NULL, NULL, NULL, NULL, desc, ap); + va_end(ap); +} + +void test_info(const char *file, int line, const char *desc, ...) +{ + va_list ap; + + va_start(ap, desc); + test_fail_message_va("INFO", file, line, NULL, NULL, NULL, NULL, desc, ap); + va_end(ap); +} + +void test_error_c90(const char *desc, ...) +{ + va_list ap; + + va_start(ap, desc); + test_fail_message_va(NULL, NULL, -1, NULL, NULL, NULL, NULL, desc, ap); + va_end(ap); + test_printf_stderr("\n"); +} + +void test_error(const char *file, int line, const char *desc, ...) +{ + va_list ap; + + va_start(ap, desc); + test_fail_message_va(NULL, file, line, NULL, NULL, NULL, NULL, desc, ap); + va_end(ap); + test_printf_stderr("\n"); +} + +void test_perror(const char *s) +{ + /* + * Using openssl_strerror_r causes linking issues since it isn't + * exported from libcrypto.so + */ + TEST_error("%s: %s", s, strerror(errno)); +} + +void test_note(const char *fmt, ...) +{ + if (fmt != NULL) { + va_list ap; + + va_start(ap, fmt); + test_vprintf_stderr(fmt, ap); + va_end(ap); + test_printf_stderr("\n"); + } + test_flush_stderr(); +} + +void test_openssl_errors(void) +{ + ERR_print_errors_cb(openssl_error_cb, NULL); + ERR_clear_error(); +} + +/* + * Define some comparisons between pairs of various types. + * These functions return 1 if the test is true. + * Otherwise, they return 0 and pretty-print diagnostics. + * + * In each case the functions produced are: + * int test_name_eq(const type t1, const type t2, const char *desc, ...); + * int test_name_ne(const type t1, const type t2, const char *desc, ...); + * int test_name_lt(const type t1, const type t2, const char *desc, ...); + * int test_name_le(const type t1, const type t2, const char *desc, ...); + * int test_name_gt(const type t1, const type t2, const char *desc, ...); + * int test_name_ge(const type t1, const type t2, const char *desc, ...); + * + * The t1 and t2 arguments are to be compared for equality, inequality, + * less than, less than or equal to, greater than and greater than or + * equal to respectively. If the specified condition holds, the functions + * return 1. If the condition does not hold, the functions print a diagnostic + * message and return 0. + * + * The desc argument is a printf format string followed by its arguments and + * this is included in the output if the condition being tested for is false. + */ +#define DEFINE_COMPARISON(type, name, opname, op, fmt) \ + int test_ ## name ## _ ## opname(const char *file, int line, \ + const char *s1, const char *s2, \ + const type t1, const type t2) \ + { \ + if (t1 op t2) \ + return 1; \ + test_fail_message(NULL, file, line, #type, s1, s2, #op, \ + "[" fmt "] compared to [" fmt "]", \ + t1, t2); \ + return 0; \ + } + +#define DEFINE_COMPARISONS(type, name, fmt) \ + DEFINE_COMPARISON(type, name, eq, ==, fmt) \ + DEFINE_COMPARISON(type, name, ne, !=, fmt) \ + DEFINE_COMPARISON(type, name, lt, <, fmt) \ + DEFINE_COMPARISON(type, name, le, <=, fmt) \ + DEFINE_COMPARISON(type, name, gt, >, fmt) \ + DEFINE_COMPARISON(type, name, ge, >=, fmt) + +DEFINE_COMPARISONS(int, int, "%d") +DEFINE_COMPARISONS(unsigned int, uint, "%u") +DEFINE_COMPARISONS(char, char, "%c") +DEFINE_COMPARISONS(unsigned char, uchar, "%u") +DEFINE_COMPARISONS(long, long, "%ld") +DEFINE_COMPARISONS(unsigned long, ulong, "%lu") +DEFINE_COMPARISONS(size_t, size_t, "%zu") + +DEFINE_COMPARISON(void *, ptr, eq, ==, "%p") +DEFINE_COMPARISON(void *, ptr, ne, !=, "%p") + +int test_ptr_null(const char *file, int line, const char *s, const void *p) +{ + if (p == NULL) + return 1; + test_fail_message(NULL, file, line, "ptr", s, "NULL", "==", "%p", p); + return 0; +} + +int test_ptr(const char *file, int line, const char *s, const void *p) +{ + if (p != NULL) + return 1; + test_fail_message(NULL, file, line, "ptr", s, "NULL", "!=", "%p", p); + return 0; +} + +int test_true(const char *file, int line, const char *s, int b) +{ + if (b) + return 1; + test_fail_message(NULL, file, line, "bool", s, "true", "==", "false"); + return 0; +} + +int test_false(const char *file, int line, const char *s, int b) +{ + if (!b) + return 1; + test_fail_message(NULL, file, line, "bool", s, "false", "==", "true"); + return 0; +} + +int test_str_eq(const char *file, int line, const char *st1, const char *st2, + const char *s1, const char *s2) +{ + if (s1 == NULL && s2 == NULL) + return 1; + if (s1 == NULL || s2 == NULL || strcmp(s1, s2) != 0) { + test_fail_string_message(NULL, file, line, "string", st1, st2, "==", + s1, s1 == NULL ? 0 : strlen(s1), + s2, s2 == NULL ? 0 : strlen(s2)); + return 0; + } + return 1; +} + +int test_str_ne(const char *file, int line, const char *st1, const char *st2, + const char *s1, const char *s2) +{ + if ((s1 == NULL) ^ (s2 == NULL)) + return 1; + if (s1 == NULL || strcmp(s1, s2) == 0) { + test_fail_string_message(NULL, file, line, "string", st1, st2, "!=", + s1, s1 == NULL ? 0 : strlen(s1), + s2, s2 == NULL ? 0 : strlen(s2)); + return 0; + } + return 1; +} + +int test_strn_eq(const char *file, int line, const char *st1, const char *st2, + const char *s1, const char *s2, size_t len) +{ + if (s1 == NULL && s2 == NULL) + return 1; + if (s1 == NULL || s2 == NULL || strncmp(s1, s2, len) != 0) { + test_fail_string_message(NULL, file, line, "string", st1, st2, "==", + s1, s1 == NULL ? 0 : OPENSSL_strnlen(s1, len), + s2, s2 == NULL ? 0 : OPENSSL_strnlen(s2, len)); + return 0; + } + return 1; +} + +int test_strn_ne(const char *file, int line, const char *st1, const char *st2, + const char *s1, const char *s2, size_t len) +{ + if ((s1 == NULL) ^ (s2 == NULL)) + return 1; + if (s1 == NULL || strncmp(s1, s2, len) == 0) { + test_fail_string_message(NULL, file, line, "string", st1, st2, "!=", + s1, s1 == NULL ? 0 : OPENSSL_strnlen(s1, len), + s2, s2 == NULL ? 0 : OPENSSL_strnlen(s2, len)); + return 0; + } + return 1; +} + +int test_mem_eq(const char *file, int line, const char *st1, const char *st2, + const void *s1, size_t n1, const void *s2, size_t n2) +{ + if (s1 == NULL && s2 == NULL) + return 1; + if (n1 != n2 || s1 == NULL || s2 == NULL || memcmp(s1, s2, n1) != 0) { + test_fail_memory_message(NULL, file, line, "memory", st1, st2, "==", + s1, n1, s2, n2); + return 0; + } + return 1; +} + +int test_mem_ne(const char *file, int line, const char *st1, const char *st2, + const void *s1, size_t n1, const void *s2, size_t n2) +{ + if ((s1 == NULL) ^ (s2 == NULL)) + return 1; + if (n1 != n2) + return 1; + if (s1 == NULL || memcmp(s1, s2, n1) == 0) { + test_fail_memory_message(NULL, file, line, "memory", st1, st2, "!=", + s1, n1, s2, n2); + return 0; + } + return 1; +} + +#define DEFINE_BN_COMPARISONS(opname, op, zero_cond) \ + int test_BN_ ## opname(const char *file, int line, \ + const char *s1, const char *s2, \ + const BIGNUM *t1, const BIGNUM *t2) \ + { \ + if (BN_cmp(t1, t2) op 0) \ + return 1; \ + test_fail_bignum_message(NULL, file, line, "BIGNUM", s1, s2, \ + #op, t1, t2); \ + return 0; \ + } \ + int test_BN_ ## opname ## _zero(const char *file, int line, \ + const char *s, const BIGNUM *a) \ + { \ + if (a != NULL &&(zero_cond)) \ + return 1; \ + test_fail_bignum_mono_message(NULL, file, line, "BIGNUM", \ + s, "0", #op, a); \ + return 0; \ + } + +DEFINE_BN_COMPARISONS(eq, ==, BN_is_zero(a)) +DEFINE_BN_COMPARISONS(ne, !=, !BN_is_zero(a)) +DEFINE_BN_COMPARISONS(gt, >, !BN_is_negative(a) && !BN_is_zero(a)) +DEFINE_BN_COMPARISONS(ge, >=, !BN_is_negative(a) || BN_is_zero(a)) +DEFINE_BN_COMPARISONS(lt, <, BN_is_negative(a) && !BN_is_zero(a)) +DEFINE_BN_COMPARISONS(le, <=, BN_is_negative(a) || BN_is_zero(a)) + +int test_BN_eq_one(const char *file, int line, const char *s, const BIGNUM *a) +{ + if (a != NULL && BN_is_one(a)) + return 1; + test_fail_bignum_mono_message(NULL, file, line, "BIGNUM", s, "1", "==", a); + return 0; +} + +int test_BN_odd(const char *file, int line, const char *s, const BIGNUM *a) +{ + if (a != NULL && BN_is_odd(a)) + return 1; + test_fail_bignum_mono_message(NULL, file, line, "BIGNUM", "ODD(", ")", s, a); + return 0; +} + +int test_BN_even(const char *file, int line, const char *s, const BIGNUM *a) +{ + if (a != NULL && !BN_is_odd(a)) + return 1; + test_fail_bignum_mono_message(NULL, file, line, "BIGNUM", "EVEN(", ")", s, + a); + return 0; +} + +int test_BN_eq_word(const char *file, int line, const char *bns, const char *ws, + const BIGNUM *a, BN_ULONG w) +{ + BIGNUM *bw; + + if (a != NULL && BN_is_word(a, w)) + return 1; + bw = BN_new(); + BN_set_word(bw, w); + test_fail_bignum_message(NULL, file, line, "BIGNUM", bns, ws, "==", a, bw); + BN_free(bw); + return 0; +} + +int test_BN_abs_eq_word(const char *file, int line, const char *bns, + const char *ws, const BIGNUM *a, BN_ULONG w) +{ + BIGNUM *bw, *aa; + + if (a != NULL && BN_abs_is_word(a, w)) + return 1; + bw = BN_new(); + aa = BN_dup(a); + BN_set_negative(aa, 0); + BN_set_word(bw, w); + test_fail_bignum_message(NULL, file, line, "BIGNUM", bns, ws, "abs==", + aa, bw); + BN_free(bw); + BN_free(aa); + return 0; +} + +static const char *print_time(const ASN1_TIME *t) +{ + return t == NULL ? "" : (char *)ASN1_STRING_get0_data(t); +} + +#define DEFINE_TIME_T_COMPARISON(opname, op) \ + int test_time_t_ ## opname(const char *file, int line, \ + const char *s1, const char *s2, \ + const time_t t1, const time_t t2) \ + { \ + ASN1_TIME *at1 = ASN1_TIME_set(NULL, t1); \ + ASN1_TIME *at2 = ASN1_TIME_set(NULL, t2); \ + int r = at1 != NULL && at2 != NULL \ + && ASN1_TIME_compare(at1, at2) op 0; \ + if (!r) \ + test_fail_message(NULL, file, line, "time_t", s1, s2, #op, \ + "[%s] compared to [%s]", \ + print_time(at1), print_time(at2)); \ + ASN1_STRING_free(at1); \ + ASN1_STRING_free(at2); \ + return r; \ + } +DEFINE_TIME_T_COMPARISON(eq, ==) +DEFINE_TIME_T_COMPARISON(ne, !=) +DEFINE_TIME_T_COMPARISON(gt, >) +DEFINE_TIME_T_COMPARISON(ge, >=) +DEFINE_TIME_T_COMPARISON(lt, <) +DEFINE_TIME_T_COMPARISON(le, <=) diff --git a/deps/openssl/openssl/test/testutil/tu_local.h b/deps/openssl/openssl/test/testutil/tu_local.h new file mode 100644 index 00000000000000..d2e65b5963ae24 --- /dev/null +++ b/deps/openssl/openssl/test/testutil/tu_local.h @@ -0,0 +1,51 @@ +/* + * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include /* size_t */ +#include +#include +#include "../testutil.h" + +int subtest_level(void); +int openssl_error_cb(const char *str, size_t len, void *u); +const BIO_METHOD *BIO_f_tap(void); + +void test_fail_message_prefix(const char *prefix, const char *file, + int line, const char *type, + const char *left, const char *right, + const char *op); + +void test_fail_string_message(const char *prefix, const char *file, + int line, const char *type, + const char *left, const char *right, + const char *op, const char *m1, size_t l1, + const char *m2, size_t l2); + +void test_fail_bignum_message(const char *prefix, const char *file, + int line, const char *type, + const char *left, const char *right, + const char *op, + const BIGNUM *bn1, const BIGNUM *bn2); +void test_fail_bignum_mono_message(const char *prefix, const char *file, + int line, const char *type, + const char *left, const char *right, + const char *op, const BIGNUM *bn); + +void test_fail_memory_message(const char *prefix, const char *file, + int line, const char *type, + const char *left, const char *right, + const char *op, + const unsigned char *m1, size_t l1, + const unsigned char *m2, size_t l2); + +void setup_test_framework(void); +__owur int pulldown_test_framework(int ret); + +__owur int run_tests(const char *test_prog_name); +void set_test_title(const char *title); diff --git a/deps/openssl/openssl/test/threadstest.c b/deps/openssl/openssl/test/threadstest.c index b2e96fa3a130f3..ee09f86930d51d 100644 --- a/deps/openssl/openssl/test/threadstest.c +++ b/deps/openssl/openssl/test/threadstest.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,9 +11,8 @@ # include #endif -#include - #include +#include "testutil.h" #if !defined(OPENSSL_THREADS) || defined(CRYPTO_TDEBUG) @@ -85,15 +84,9 @@ static int test_lock(void) { CRYPTO_RWLOCK *lock = CRYPTO_THREAD_lock_new(); - if (!CRYPTO_THREAD_read_lock(lock)) { - fprintf(stderr, "CRYPTO_THREAD_read_lock() failed\n"); - return 0; - } - - if (!CRYPTO_THREAD_unlock(lock)) { - fprintf(stderr, "CRYPTO_THREAD_unlock() failed\n"); + if (!TEST_true(CRYPTO_THREAD_read_lock(lock)) + || !TEST_true(CRYPTO_THREAD_unlock(lock))) return 0; - } CRYPTO_THREAD_lock_free(lock); @@ -116,23 +109,12 @@ static void once_run_thread_cb(void) static int test_once(void) { thread_t thread; - if (!run_thread(&thread, once_run_thread_cb) || - !wait_for_thread(thread)) - { - fprintf(stderr, "run_thread() failed\n"); - return 0; - } - - if (!CRYPTO_THREAD_run_once(&once_run, once_do_run)) { - fprintf(stderr, "CRYPTO_THREAD_run_once() failed\n"); - return 0; - } - if (once_run_count != 1) { - fprintf(stderr, "once run %u times\n", once_run_count); + if (!TEST_true(run_thread(&thread, once_run_thread_cb)) + || !TEST_true(wait_for_thread(thread)) + || !CRYPTO_THREAD_run_once(&once_run, once_do_run) + || !TEST_int_eq(once_run_count, 1)) return 0; - } - return 1; } @@ -157,21 +139,14 @@ static void thread_local_thread_cb(void) void *ptr; ptr = CRYPTO_THREAD_get_local(&thread_local_key); - if (ptr != NULL) { - fprintf(stderr, "ptr not NULL\n"); + if (!TEST_ptr_null(ptr) + || !TEST_true(CRYPTO_THREAD_set_local(&thread_local_key, + &destructor_run_count))) return; - } - - if (!CRYPTO_THREAD_set_local(&thread_local_key, &destructor_run_count)) { - fprintf(stderr, "CRYPTO_THREAD_set_local() failed\n"); - return; - } ptr = CRYPTO_THREAD_get_local(&thread_local_key); - if (ptr != &destructor_run_count) { - fprintf(stderr, "invalid ptr\n"); + if (!TEST_ptr_eq(ptr, &destructor_run_count)) return; - } thread_local_thread_cb_ok = 1; } @@ -181,66 +156,38 @@ static int test_thread_local(void) thread_t thread; void *ptr = NULL; - if (!CRYPTO_THREAD_init_local(&thread_local_key, thread_local_destructor)) { - fprintf(stderr, "CRYPTO_THREAD_init_local() failed\n"); + if (!TEST_true(CRYPTO_THREAD_init_local(&thread_local_key, + thread_local_destructor))) return 0; - } ptr = CRYPTO_THREAD_get_local(&thread_local_key); - if (ptr != NULL) { - fprintf(stderr, "ptr not NULL\n"); - return 0; - } - - if (!run_thread(&thread, thread_local_thread_cb) || - !wait_for_thread(thread)) - { - fprintf(stderr, "run_thread() failed\n"); - return 0; - } - - if (thread_local_thread_cb_ok != 1) { - fprintf(stderr, "thread-local thread callback failed\n"); + if (!TEST_ptr_null(ptr) + || !TEST_true(run_thread(&thread, thread_local_thread_cb)) + || !TEST_true(wait_for_thread(thread)) + || !TEST_int_eq(thread_local_thread_cb_ok, 1)) return 0; - } #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) ptr = CRYPTO_THREAD_get_local(&thread_local_key); - if (ptr != NULL) { - fprintf(stderr, "ptr not NULL\n"); + if (!TEST_ptr_null(ptr)) return 0; - } # if !defined(OPENSSL_SYS_WINDOWS) - if (destructor_run_count != 1) { - fprintf(stderr, "thread-local destructor run %u times\n", - destructor_run_count); + if (!TEST_int_eq(destructor_run_count, 1)) return 0; - } # endif - #endif - if (!CRYPTO_THREAD_cleanup_local(&thread_local_key)) { - fprintf(stderr, "CRYPTO_THREAD_cleanup_local() failed\n"); + if (!TEST_true(CRYPTO_THREAD_cleanup_local(&thread_local_key))) return 0; - } - return 1; } -int main(int argc, char **argv) +int setup_tests(void) { - if (!test_lock()) - return 1; - - if (!test_once()) - return 1; - - if (!test_thread_local()) - return 1; - - printf("PASS\n"); - return 0; + ADD_TEST(test_lock); + ADD_TEST(test_once); + ADD_TEST(test_thread_local); + return 1; } diff --git a/deps/openssl/openssl/test/v3ext.c b/deps/openssl/openssl/test/v3ext.c index 1c1f788a7314f7..14ae49969d07bc 100644 --- a/deps/openssl/openssl/test/v3ext.c +++ b/deps/openssl/openssl/test/v3ext.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,30 +13,35 @@ #include #include -int main(int ac, char **av) +#include "testutil.h" + +static const char *infile; + +static int test_pathlen(void) { X509 *x = NULL; BIO *b = NULL; long pathlen; - int ret = 1; + int ret = 0; - if (ac != 2) { - fprintf(stderr, "Usage error\n"); - goto end; - } - b = BIO_new_file(av[1], "r"); - if (b == NULL) + if (!TEST_ptr(b = BIO_new_file(infile, "r")) + || !TEST_ptr(x = PEM_read_bio_X509(b, NULL, NULL, NULL)) + || !TEST_int_eq(pathlen = X509_get_pathlen(x), 6)) goto end; - x = PEM_read_bio_X509(b, NULL, NULL, NULL); - if (x == NULL) - goto end; - pathlen = X509_get_pathlen(x); - if (pathlen == 6) - ret = 0; + + ret = 1; end: - ERR_print_errors_fp(stderr); BIO_free(b); X509_free(x); return ret; } + +int setup_tests(void) +{ + if (!TEST_ptr(infile = test_get_argument(0))) + return 0; + + ADD_TEST(test_pathlen); + return 1; +} diff --git a/deps/openssl/openssl/test/v3nametest.c b/deps/openssl/openssl/test/v3nametest.c index 648c1df4dd684f..86f3829aedbd8f 100644 --- a/deps/openssl/openssl/test/v3nametest.c +++ b/deps/openssl/openssl/test/v3nametest.c @@ -1,5 +1,5 @@ /* - * Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,10 +7,17 @@ * https://www.openssl.org/source/license.html */ +#include + +#include #include #include -#include "../e_os.h" -#include +#include "internal/nelem.h" +#include "testutil.h" + +#ifdef OPENSSL_SYS_WINDOWS +# define strcasecmp _stricmp +#endif static const char *const names[] = { "a", "b", ".", "*", "@", @@ -72,6 +79,7 @@ static const char *const exceptions[] = { static int is_exception(const char *msg) { const char *const *p; + for (p = exceptions; *p; ++p) if (strcmp(msg, *p) == 0) return 1; @@ -83,13 +91,16 @@ static int set_cn(X509 *crt, ...) int ret = 0; X509_NAME *n = NULL; va_list ap; + va_start(ap, crt); n = X509_NAME_new(); if (n == NULL) goto out; + while (1) { int nid; const char *name; + nid = va_arg(ap, int); if (nid == 0) break; @@ -238,59 +249,55 @@ static const struct set_name_fn name_fns[] = { {set_email_and_cn, "set emailAddress", 0, 1}, {set_altname_dns, "set dnsName", 1, 0}, {set_altname_email, "set rfc822Name", 0, 1}, - {NULL, NULL, 0} }; -static X509 *make_cert() +static X509 *make_cert(void) { - X509 *ret = NULL; X509 *crt = NULL; - X509_NAME *issuer = NULL; - crt = X509_new(); - if (crt == NULL) - goto out; - if (!X509_set_version(crt, 3)) - goto out; - ret = crt; - crt = NULL; - out: - X509_NAME_free(issuer); - return ret; -} -static int errors; + if (!TEST_ptr(crt = X509_new())) + return NULL; + if (!TEST_true(X509_set_version(crt, 2))) { + X509_free(crt); + return NULL; + } + return crt; +} -static void check_message(const struct set_name_fn *fn, const char *op, - const char *nameincert, int match, const char *name) +static int check_message(const struct set_name_fn *fn, const char *op, + const char *nameincert, int match, const char *name) { char msg[1024]; + if (match < 0) - return; + return 1; BIO_snprintf(msg, sizeof(msg), "%s: %s: [%s] %s [%s]", fn->name, op, nameincert, match ? "matches" : "does not match", name); if (is_exception(msg)) - return; - puts(msg); - ++errors; + return 1; + TEST_error("%s", msg); + return 0; } -static void run_cert(X509 *crt, const char *nameincert, +static int run_cert(X509 *crt, const char *nameincert, const struct set_name_fn *fn) { const char *const *pname = names; - while (*pname) { + int failed = 0; + + for (; *pname != NULL; ++pname) { int samename = strcasecmp(nameincert, *pname) == 0; size_t namelen = strlen(*pname); - char *name = malloc(namelen); + char *name = OPENSSL_malloc(namelen); int match, ret; + memcpy(name, *pname, namelen); - ret = X509_check_host(crt, name, namelen, 0, NULL); match = -1; - if (ret < 0) { - fprintf(stderr, "internal error in X509_check_host"); - ++errors; + if (!TEST_int_ge(ret = X509_check_host(crt, name, namelen, 0, NULL), + 0)) { + failed = 1; } else if (fn->host) { if (ret == 1 && !samename) match = 1; @@ -298,14 +305,14 @@ static void run_cert(X509 *crt, const char *nameincert, match = 0; } else if (ret == 1) match = 1; - check_message(fn, "host", nameincert, match, *pname); + if (!TEST_true(check_message(fn, "host", nameincert, match, *pname))) + failed = 1; - ret = X509_check_host(crt, name, namelen, - X509_CHECK_FLAG_NO_WILDCARDS, NULL); match = -1; - if (ret < 0) { - fprintf(stderr, "internal error in X509_check_host"); - ++errors; + if (!TEST_int_ge(ret = X509_check_host(crt, name, namelen, + X509_CHECK_FLAG_NO_WILDCARDS, + NULL), 0)) { + failed = 1; } else if (fn->host) { if (ret == 1 && !samename) match = 1; @@ -313,10 +320,12 @@ static void run_cert(X509 *crt, const char *nameincert, match = 0; } else if (ret == 1) match = 1; - check_message(fn, "host-no-wildcards", nameincert, match, *pname); + if (!TEST_true(check_message(fn, "host-no-wildcards", + nameincert, match, *pname))) + failed = 1; - ret = X509_check_email(crt, name, namelen, 0); match = -1; + ret = X509_check_email(crt, name, namelen, 0); if (fn->email) { if (ret && !samename) match = 1; @@ -324,32 +333,34 @@ static void run_cert(X509 *crt, const char *nameincert, match = 0; } else if (ret) match = 1; - check_message(fn, "email", nameincert, match, *pname); - ++pname; - free(name); + if (!TEST_true(check_message(fn, "email", nameincert, match, *pname))) + failed = 1; + OPENSSL_free(name); } + + return failed == 0; } -int main(void) +static int call_run_cert(int i) { - const struct set_name_fn *pfn = name_fns; - while (pfn->name) { - const char *const *pname = names; - while (*pname) { - X509 *crt = make_cert(); - if (crt == NULL) { - fprintf(stderr, "make_cert failed\n"); - return 1; - } - if (!pfn->fn(crt, *pname)) { - fprintf(stderr, "X509 name setting failed\n"); - return 1; - } - run_cert(crt, *pname, pfn); - X509_free(crt); - ++pname; - } - ++pfn; + int failed = 0; + const struct set_name_fn *pfn = &name_fns[i]; + X509 *crt; + const char *const *pname; + + TEST_info("%s", pfn->name); + for (pname = names; *pname != NULL; pname++) { + if (!TEST_ptr(crt = make_cert()) + || !TEST_true(pfn->fn(crt, *pname)) + || !run_cert(crt, *pname, pfn)) + failed = 1; + X509_free(crt); } - return errors > 0 ? 1 : 0; + return failed == 0; +} + +int setup_tests(void) +{ + ADD_ALL_TESTS(call_run_cert, OSSL_NELEM(name_fns)); + return 1; } diff --git a/deps/openssl/openssl/test/verify_extra_test.c b/deps/openssl/openssl/test/verify_extra_test.c index fabc1dc59f6f14..d9d1498954b110 100644 --- a/deps/openssl/openssl/test/verify_extra_test.c +++ b/deps/openssl/openssl/test/verify_extra_test.c @@ -13,6 +13,11 @@ #include #include #include +#include "testutil.h" + +static const char *roots_f; +static const char *untrusted_f; +static const char *bad_f; static STACK_OF(X509) *load_certs_from_file(const char *filename) { @@ -82,9 +87,7 @@ static STACK_OF(X509) *load_certs_from_file(const char *filename) * CA=FALSE, and will therefore incorrectly verify bad * */ -static int test_alt_chains_cert_forgery(const char *roots_f, - const char *untrusted_f, - const char *bad_f) +static int test_alt_chains_cert_forgery(void) { int ret = 0; int i; @@ -102,7 +105,7 @@ static int test_alt_chains_cert_forgery(const char *roots_f, lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); if (lookup == NULL) goto err; - if(!X509_LOOKUP_load_file(lookup, roots_f, X509_FILETYPE_PEM)) + if (!X509_LOOKUP_load_file(lookup, roots_f, X509_FILETYPE_PEM)) goto err; untrusted = load_certs_from_file(untrusted_f); @@ -110,7 +113,7 @@ static int test_alt_chains_cert_forgery(const char *roots_f, if ((bio = BIO_new_file(bad_f, "r")) == NULL) goto err; - if((x = PEM_read_bio_X509(bio, NULL, 0, NULL)) == NULL) + if ((x = PEM_read_bio_X509(bio, NULL, 0, NULL)) == NULL) goto err; sctx = X509_STORE_CTX_new(); @@ -132,12 +135,10 @@ static int test_alt_chains_cert_forgery(const char *roots_f, BIO_free(bio); sk_X509_pop_free(untrusted, X509_free); X509_STORE_free(store); - if (ret != 1) - ERR_print_errors_fp(stderr); return ret; } -static int test_store_ctx(const char *bad_f) +static int test_store_ctx(void) { X509_STORE_CTX *sctx = NULL; X509 *x = NULL; @@ -174,31 +175,16 @@ static int test_store_ctx(const char *bad_f) return testresult; } -int main(int argc, char **argv) +int setup_tests(void) { - CRYPTO_set_mem_debug(1); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - - if (argc != 4) { - fprintf(stderr, "usage: verify_extra_test roots.pem untrusted.pem bad.pem\n"); - return 1; - } - - if (!test_alt_chains_cert_forgery(argv[1], argv[2], argv[3])) { - fprintf(stderr, "Test alt chains cert forgery failed\n"); - return 1; + if (!TEST_ptr(roots_f = test_get_argument(0)) + || !TEST_ptr(untrusted_f = test_get_argument(1)) + || !TEST_ptr(bad_f = test_get_argument(2))) { + TEST_error("usage: verify_extra_test roots.pem untrusted.pem bad.pem\n"); + return 0; } - if (!test_store_ctx(argv[3])) { - fprintf(stderr, "Test X509_STORE_CTX failed\n"); - return 1; - } - -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - if (CRYPTO_mem_leaks_fp(stderr) <= 0) - return 1; -#endif - - printf("PASS\n"); - return 0; + ADD_TEST(test_alt_chains_cert_forgery); + ADD_TEST(test_store_ctx); + return 1; } diff --git a/deps/openssl/openssl/test/wp_test.c b/deps/openssl/openssl/test/wp_test.c deleted file mode 100644 index 7b5cc04a164842..00000000000000 --- a/deps/openssl/openssl/test/wp_test.c +++ /dev/null @@ -1,233 +0,0 @@ -/* - * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include - -#include -#include - -#if defined(OPENSSL_NO_WHIRLPOOL) -int main(int argc, char *argv[]) -{ - printf("No Whirlpool support\n"); - return (0); -} -#else - -/* ISO/IEC 10118-3 test vector set */ -static const unsigned char iso_test_1[WHIRLPOOL_DIGEST_LENGTH] = { - 0x19, 0xFA, 0x61, 0xD7, 0x55, 0x22, 0xA4, 0x66, - 0x9B, 0x44, 0xE3, 0x9C, 0x1D, 0x2E, 0x17, 0x26, - 0xC5, 0x30, 0x23, 0x21, 0x30, 0xD4, 0x07, 0xF8, - 0x9A, 0xFE, 0xE0, 0x96, 0x49, 0x97, 0xF7, 0xA7, - 0x3E, 0x83, 0xBE, 0x69, 0x8B, 0x28, 0x8F, 0xEB, - 0xCF, 0x88, 0xE3, 0xE0, 0x3C, 0x4F, 0x07, 0x57, - 0xEA, 0x89, 0x64, 0xE5, 0x9B, 0x63, 0xD9, 0x37, - 0x08, 0xB1, 0x38, 0xCC, 0x42, 0xA6, 0x6E, 0xB3 -}; - -static const unsigned char iso_test_2[WHIRLPOOL_DIGEST_LENGTH] = { - 0x8A, 0xCA, 0x26, 0x02, 0x79, 0x2A, 0xEC, 0x6F, - 0x11, 0xA6, 0x72, 0x06, 0x53, 0x1F, 0xB7, 0xD7, - 0xF0, 0xDF, 0xF5, 0x94, 0x13, 0x14, 0x5E, 0x69, - 0x73, 0xC4, 0x50, 0x01, 0xD0, 0x08, 0x7B, 0x42, - 0xD1, 0x1B, 0xC6, 0x45, 0x41, 0x3A, 0xEF, 0xF6, - 0x3A, 0x42, 0x39, 0x1A, 0x39, 0x14, 0x5A, 0x59, - 0x1A, 0x92, 0x20, 0x0D, 0x56, 0x01, 0x95, 0xE5, - 0x3B, 0x47, 0x85, 0x84, 0xFD, 0xAE, 0x23, 0x1A -}; - -static const unsigned char iso_test_3[WHIRLPOOL_DIGEST_LENGTH] = { - 0x4E, 0x24, 0x48, 0xA4, 0xC6, 0xF4, 0x86, 0xBB, - 0x16, 0xB6, 0x56, 0x2C, 0x73, 0xB4, 0x02, 0x0B, - 0xF3, 0x04, 0x3E, 0x3A, 0x73, 0x1B, 0xCE, 0x72, - 0x1A, 0xE1, 0xB3, 0x03, 0xD9, 0x7E, 0x6D, 0x4C, - 0x71, 0x81, 0xEE, 0xBD, 0xB6, 0xC5, 0x7E, 0x27, - 0x7D, 0x0E, 0x34, 0x95, 0x71, 0x14, 0xCB, 0xD6, - 0xC7, 0x97, 0xFC, 0x9D, 0x95, 0xD8, 0xB5, 0x82, - 0xD2, 0x25, 0x29, 0x20, 0x76, 0xD4, 0xEE, 0xF5 -}; - -static const unsigned char iso_test_4[WHIRLPOOL_DIGEST_LENGTH] = { - 0x37, 0x8C, 0x84, 0xA4, 0x12, 0x6E, 0x2D, 0xC6, - 0xE5, 0x6D, 0xCC, 0x74, 0x58, 0x37, 0x7A, 0xAC, - 0x83, 0x8D, 0x00, 0x03, 0x22, 0x30, 0xF5, 0x3C, - 0xE1, 0xF5, 0x70, 0x0C, 0x0F, 0xFB, 0x4D, 0x3B, - 0x84, 0x21, 0x55, 0x76, 0x59, 0xEF, 0x55, 0xC1, - 0x06, 0xB4, 0xB5, 0x2A, 0xC5, 0xA4, 0xAA, 0xA6, - 0x92, 0xED, 0x92, 0x00, 0x52, 0x83, 0x8F, 0x33, - 0x62, 0xE8, 0x6D, 0xBD, 0x37, 0xA8, 0x90, 0x3E -}; - -static const unsigned char iso_test_5[WHIRLPOOL_DIGEST_LENGTH] = { - 0xF1, 0xD7, 0x54, 0x66, 0x26, 0x36, 0xFF, 0xE9, - 0x2C, 0x82, 0xEB, 0xB9, 0x21, 0x2A, 0x48, 0x4A, - 0x8D, 0x38, 0x63, 0x1E, 0xAD, 0x42, 0x38, 0xF5, - 0x44, 0x2E, 0xE1, 0x3B, 0x80, 0x54, 0xE4, 0x1B, - 0x08, 0xBF, 0x2A, 0x92, 0x51, 0xC3, 0x0B, 0x6A, - 0x0B, 0x8A, 0xAE, 0x86, 0x17, 0x7A, 0xB4, 0xA6, - 0xF6, 0x8F, 0x67, 0x3E, 0x72, 0x07, 0x86, 0x5D, - 0x5D, 0x98, 0x19, 0xA3, 0xDB, 0xA4, 0xEB, 0x3B -}; - -static const unsigned char iso_test_6[WHIRLPOOL_DIGEST_LENGTH] = { - 0xDC, 0x37, 0xE0, 0x08, 0xCF, 0x9E, 0xE6, 0x9B, - 0xF1, 0x1F, 0x00, 0xED, 0x9A, 0xBA, 0x26, 0x90, - 0x1D, 0xD7, 0xC2, 0x8C, 0xDE, 0xC0, 0x66, 0xCC, - 0x6A, 0xF4, 0x2E, 0x40, 0xF8, 0x2F, 0x3A, 0x1E, - 0x08, 0xEB, 0xA2, 0x66, 0x29, 0x12, 0x9D, 0x8F, - 0xB7, 0xCB, 0x57, 0x21, 0x1B, 0x92, 0x81, 0xA6, - 0x55, 0x17, 0xCC, 0x87, 0x9D, 0x7B, 0x96, 0x21, - 0x42, 0xC6, 0x5F, 0x5A, 0x7A, 0xF0, 0x14, 0x67 -}; - -static const unsigned char iso_test_7[WHIRLPOOL_DIGEST_LENGTH] = { - 0x46, 0x6E, 0xF1, 0x8B, 0xAB, 0xB0, 0x15, 0x4D, - 0x25, 0xB9, 0xD3, 0x8A, 0x64, 0x14, 0xF5, 0xC0, - 0x87, 0x84, 0x37, 0x2B, 0xCC, 0xB2, 0x04, 0xD6, - 0x54, 0x9C, 0x4A, 0xFA, 0xDB, 0x60, 0x14, 0x29, - 0x4D, 0x5B, 0xD8, 0xDF, 0x2A, 0x6C, 0x44, 0xE5, - 0x38, 0xCD, 0x04, 0x7B, 0x26, 0x81, 0xA5, 0x1A, - 0x2C, 0x60, 0x48, 0x1E, 0x88, 0xC5, 0xA2, 0x0B, - 0x2C, 0x2A, 0x80, 0xCF, 0x3A, 0x9A, 0x08, 0x3B -}; - -static const unsigned char iso_test_8[WHIRLPOOL_DIGEST_LENGTH] = { - 0x2A, 0x98, 0x7E, 0xA4, 0x0F, 0x91, 0x70, 0x61, - 0xF5, 0xD6, 0xF0, 0xA0, 0xE4, 0x64, 0x4F, 0x48, - 0x8A, 0x7A, 0x5A, 0x52, 0xDE, 0xEE, 0x65, 0x62, - 0x07, 0xC5, 0x62, 0xF9, 0x88, 0xE9, 0x5C, 0x69, - 0x16, 0xBD, 0xC8, 0x03, 0x1B, 0xC5, 0xBE, 0x1B, - 0x7B, 0x94, 0x76, 0x39, 0xFE, 0x05, 0x0B, 0x56, - 0x93, 0x9B, 0xAA, 0xA0, 0xAD, 0xFF, 0x9A, 0xE6, - 0x74, 0x5B, 0x7B, 0x18, 0x1C, 0x3B, 0xE3, 0xFD -}; - -static const unsigned char iso_test_9[WHIRLPOOL_DIGEST_LENGTH] = { - 0x0C, 0x99, 0x00, 0x5B, 0xEB, 0x57, 0xEF, 0xF5, - 0x0A, 0x7C, 0xF0, 0x05, 0x56, 0x0D, 0xDF, 0x5D, - 0x29, 0x05, 0x7F, 0xD8, 0x6B, 0x20, 0xBF, 0xD6, - 0x2D, 0xEC, 0xA0, 0xF1, 0xCC, 0xEA, 0x4A, 0xF5, - 0x1F, 0xC1, 0x54, 0x90, 0xED, 0xDC, 0x47, 0xAF, - 0x32, 0xBB, 0x2B, 0x66, 0xC3, 0x4F, 0xF9, 0xAD, - 0x8C, 0x60, 0x08, 0xAD, 0x67, 0x7F, 0x77, 0x12, - 0x69, 0x53, 0xB2, 0x26, 0xE4, 0xED, 0x8B, 0x01 -}; - -int main(int argc, char *argv[]) -{ - unsigned char md[WHIRLPOOL_DIGEST_LENGTH]; - int i; - WHIRLPOOL_CTX ctx; - - fprintf(stdout, "Testing Whirlpool "); - - WHIRLPOOL("", 0, md); - if (memcmp(md, iso_test_1, sizeof(iso_test_1))) { - fflush(stdout); - fprintf(stderr, "\nTEST 1 of 9 failed.\n"); - return 1; - } else - fprintf(stdout, "."); - fflush(stdout); - - WHIRLPOOL("a", 1, md); - if (memcmp(md, iso_test_2, sizeof(iso_test_2))) { - fflush(stdout); - fprintf(stderr, "\nTEST 2 of 9 failed.\n"); - return 1; - } else - fprintf(stdout, "."); - fflush(stdout); - - WHIRLPOOL("abc", 3, md); - if (memcmp(md, iso_test_3, sizeof(iso_test_3))) { - fflush(stdout); - fprintf(stderr, "\nTEST 3 of 9 failed.\n"); - return 1; - } else - fprintf(stdout, "."); - fflush(stdout); - - WHIRLPOOL("message digest", 14, md); - if (memcmp(md, iso_test_4, sizeof(iso_test_4))) { - fflush(stdout); - fprintf(stderr, "\nTEST 4 of 9 failed.\n"); - return 1; - } else - fprintf(stdout, "."); - fflush(stdout); - - WHIRLPOOL("abcdefghijklmnopqrstuvwxyz", 26, md); - if (memcmp(md, iso_test_5, sizeof(iso_test_5))) { - fflush(stdout); - fprintf(stderr, "\nTEST 5 of 9 failed.\n"); - return 1; - } else - fprintf(stdout, "."); - fflush(stdout); - - WHIRLPOOL("ABCDEFGHIJKLMNOPQRSTUVWXYZ" - "abcdefghijklmnopqrstuvwxyz" "0123456789", 62, md); - if (memcmp(md, iso_test_6, sizeof(iso_test_6))) { - fflush(stdout); - fprintf(stderr, "\nTEST 6 of 9 failed.\n"); - return 1; - } else - fprintf(stdout, "."); - fflush(stdout); - - WHIRLPOOL("1234567890" "1234567890" "1234567890" "1234567890" - "1234567890" "1234567890" "1234567890" "1234567890", 80, md); - if (memcmp(md, iso_test_7, sizeof(iso_test_7))) { - fflush(stdout); - fprintf(stderr, "\nTEST 7 of 9 failed.\n"); - return 1; - } else - fprintf(stdout, "."); - fflush(stdout); - - WHIRLPOOL("abcdbcdecdefdefgefghfghighijhijk", 32, md); - if (memcmp(md, iso_test_8, sizeof(iso_test_8))) { - fflush(stdout); - fprintf(stderr, "\nTEST 8 of 9 failed.\n"); - return 1; - } else - fprintf(stdout, "."); - fflush(stdout); - - WHIRLPOOL_Init(&ctx); - for (i = 0; i < 1000000; i += 288) - WHIRLPOOL_Update(&ctx, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" - "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" - "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" - "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" - "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" - "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" - "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" - "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" - "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa", - (1000000 - i) < 288 ? 1000000 - i : 288); - WHIRLPOOL_Final(md, &ctx); - if (memcmp(md, iso_test_9, sizeof(iso_test_9))) { - fflush(stdout); - fprintf(stderr, "\nTEST 9 of 9 failed.\n"); - return 1; - } else - fprintf(stdout, "."); - fflush(stdout); - - fprintf(stdout, " passed.\n"); - fflush(stdout); - - return 0; -} -#endif diff --git a/deps/openssl/openssl/test/x509_dup_cert_test.c b/deps/openssl/openssl/test/x509_dup_cert_test.c index 7f7adebbb0fbf4..e639c019451ed5 100644 --- a/deps/openssl/openssl/test/x509_dup_cert_test.c +++ b/deps/openssl/openssl/test/x509_dup_cert_test.c @@ -1,5 +1,6 @@ /* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,64 +8,40 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved. - */ - #include #include #include -static int test_509_dup_cert(const char *cert_f) +#include "testutil.h" + +static int test_509_dup_cert(int n) { int ret = 0; X509_STORE_CTX *sctx = NULL; X509_STORE *store = NULL; X509_LOOKUP *lookup = NULL; + const char *cert_f = test_get_argument(n); - store = X509_STORE_new(); - if (store == NULL) - goto err; - - lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); - if (lookup == NULL) - goto err; - - if (!X509_load_cert_file(lookup, cert_f, X509_FILETYPE_PEM)) - goto err; - if (!X509_load_cert_file(lookup, cert_f, X509_FILETYPE_PEM)) - goto err; + if (TEST_ptr(store = X509_STORE_new()) + && TEST_ptr(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())) + && TEST_true(X509_load_cert_file(lookup, cert_f, X509_FILETYPE_PEM)) + && TEST_true(X509_load_cert_file(lookup, cert_f, X509_FILETYPE_PEM))) + ret = 1; - ret = 1; - - err: X509_STORE_CTX_free(sctx); X509_STORE_free(store); - if (ret != 1) - ERR_print_errors_fp(stderr); return ret; } -int main(int argc, char **argv) +int setup_tests(void) { - CRYPTO_set_mem_debug(1); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - - if (argc != 2) { - fprintf(stderr, "usage: x509_dup_cert_test cert.pem\n"); - return 1; - } + size_t n = test_get_argument_count(); - if (!test_509_dup_cert(argv[1])) { - fprintf(stderr, "Test X509 duplicate cert failed\n"); - return 1; + if (!TEST_int_gt(n, 0)) { + TEST_note("usage: x509_dup_cert_test cert.pem..."); + return 0; } -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - if (CRYPTO_mem_leaks_fp(stderr) <= 0) - return 1; -#endif - - printf("PASS\n"); - return 0; + ADD_ALL_TESTS(test_509_dup_cert, n); + return 1; } diff --git a/deps/openssl/openssl/test/x509_time_test.c b/deps/openssl/openssl/test/x509_time_test.c index 32d65c87617bfa..b6fd38a5c587a4 100644 --- a/deps/openssl/openssl/test/x509_time_test.c +++ b/deps/openssl/openssl/test/x509_time_test.c @@ -15,7 +15,7 @@ #include #include #include "testutil.h" -#include "e_os.h" +#include "internal/nelem.h" typedef struct { const char *data; @@ -25,6 +25,115 @@ typedef struct { int expected; } TESTDATA; +typedef struct { + const char *data; + /* 0 for check-only mode, 1 for set-string mode */ + int set_string; + /* 0 for error, 1 if succeed */ + int expected; + /* + * The following 2 fields are ignored if set_string field is set to '0' + * (in check only mode). + * + * But they can still be ignored explicitly in set-string mode by: + * setting -1 to expected_type and setting NULL to expected_string. + * + * It's useful in a case of set-string mode but the expected result + * is a 'parsing error'. + */ + int expected_type; + const char *expected_string; +} TESTDATA_FORMAT; + +/* + * Actually, the "loose" mode has been tested in + * those time-compare-cases, so we may not test it again. + */ +static TESTDATA_FORMAT x509_format_tests[] = { + /* GeneralizedTime */ + { + /* good format, check only */ + "20170217180105Z", 0, 1, -1, NULL, + }, + { + /* not leap year, check only */ + "20170229180105Z", 0, 0, -1, NULL, + }, + { + /* leap year, check only */ + "20160229180105Z", 0, 1, -1, NULL, + }, + { + /* SS is missing, check only */ + "201702171801Z", 0, 0, -1, NULL, + }, + { + /* fractional seconds, check only */ + "20170217180105.001Z", 0, 0, -1, NULL, + }, + { + /* time zone, check only */ + "20170217180105+0800", 0, 0, -1, NULL, + }, + { + /* SS is missing, set string */ + "201702171801Z", 1, 0, -1, NULL, + }, + { + /* fractional seconds, set string */ + "20170217180105.001Z", 1, 0, -1, NULL, + }, + { + /* time zone, set string */ + "20170217180105+0800", 1, 0, -1, NULL, + }, + { + /* good format, check returned 'turned' string */ + "20170217180154Z", 1, 1, V_ASN1_UTCTIME, "170217180154Z", + }, + { + /* good format, check returned string */ + "20510217180154Z", 1, 1, V_ASN1_GENERALIZEDTIME, "20510217180154Z", + }, + { + /* good format but out of UTC range, check returned string */ + "19230419180154Z", 1, 1, V_ASN1_GENERALIZEDTIME, "19230419180154Z", + }, + /* UTC */ + { + /* SS is missing, check only */ + "1702171801Z", 0, 0, -1, NULL, + }, + { + /* not leap year, check only */ + "050229180101Z", 0, 0, -1, NULL, + }, + { + /* leap year, check only */ + "040229180101Z", 0, 1, -1, NULL, + }, + { + /* time zone, check only */ + "170217180154+0800", 0, 0, -1, NULL, + }, + { + /* SS is missing, set string */ + "1702171801Z", 1, 0, -1, NULL, + }, + { + /* time zone, set string */ + "170217180154+0800", 1, 0, -1, NULL, + }, + { + /* 2017, good format, check returned string */ + "170217180154Z", 1, 1, V_ASN1_UTCTIME, "170217180154Z", + }, + { + /* 1998, good format, check returned string */ + "981223180154Z", 1, 1, V_ASN1_UTCTIME, "981223180154Z", + }, +}; + static TESTDATA x509_cmp_tests[] = { { "20170217180154Z", V_ASN1_GENERALIZEDTIME, @@ -153,17 +262,18 @@ static int test_x509_cmp_time(int idx) t.type = x509_cmp_tests[idx].type; t.data = (unsigned char*)(x509_cmp_tests[idx].data); t.length = strlen(x509_cmp_tests[idx].data); + t.flags = 0; result = X509_cmp_time(&t, &x509_cmp_tests[idx].cmp_time); - if (result != x509_cmp_tests[idx].expected) { - fprintf(stderr, "test_x509_cmp_time(%d) failed: expected %d, got %d\n", + if (!TEST_int_eq(result, x509_cmp_tests[idx].expected)) { + TEST_info("test_x509_cmp_time(%d) failed: expected %d, got %d\n", idx, x509_cmp_tests[idx].expected, result); return 0; } return 1; } -static int test_x509_cmp_time_current() +static int test_x509_cmp_time_current(void) { time_t now = time(NULL); /* Pick a day earlier and later, relative to any system clock. */ @@ -174,18 +284,12 @@ static int test_x509_cmp_time_current() asn1_after = ASN1_TIME_adj(NULL, now, 1, 0); cmp_result = X509_cmp_time(asn1_before, NULL); - if (cmp_result != -1) { - fprintf(stderr, "test_x509_cmp_time_current failed: expected -1, got %d\n", - cmp_result); + if (!TEST_int_eq(cmp_result, -1)) failed = 1; - } cmp_result = X509_cmp_time(asn1_after, NULL); - if (cmp_result != 1) { - fprintf(stderr, "test_x509_cmp_time_current failed: expected 1, got %d\n", - cmp_result); + if (!TEST_int_eq(cmp_result, 1)) failed = 1; - } ASN1_TIME_free(asn1_before); ASN1_TIME_free(asn1_after); @@ -193,20 +297,197 @@ static int test_x509_cmp_time_current() return failed == 0; } -int main(int argc, char **argv) +static int test_x509_time(int idx) +{ + ASN1_TIME *t = NULL; + int result, rv = 0; + + if (x509_format_tests[idx].set_string) { + /* set-string mode */ + t = ASN1_TIME_new(); + if (t == NULL) { + TEST_info("test_x509_time(%d) failed: internal error\n", idx); + return 0; + } + } + + result = ASN1_TIME_set_string_X509(t, x509_format_tests[idx].data); + /* time string parsing result is always checked against what's expected */ + if (!TEST_int_eq(result, x509_format_tests[idx].expected)) { + TEST_info("test_x509_time(%d) failed: expected %d, got %d\n", + idx, x509_format_tests[idx].expected, result); + goto out; + } + + /* if t is not NULL but expected_type is ignored(-1), it is an 'OK' case */ + if (t != NULL && x509_format_tests[idx].expected_type != -1) { + if (!TEST_int_eq(t->type, x509_format_tests[idx].expected_type)) { + TEST_info("test_x509_time(%d) failed: expected_type %d, got %d\n", + idx, x509_format_tests[idx].expected_type, t->type); + goto out; + } + } + + /* if t is not NULL but expected_string is NULL, it is an 'OK' case too */ + if (t != NULL && x509_format_tests[idx].expected_string) { + if (!TEST_str_eq((const char *)t->data, + x509_format_tests[idx].expected_string)) { + TEST_info("test_x509_time(%d) failed: expected_string %s, got %s\n", + idx, x509_format_tests[idx].expected_string, t->data); + goto out; + } + } + + rv = 1; +out: + if (t != NULL) + ASN1_TIME_free(t); + return rv; +} + +static const struct { + int y, m, d; + int yd, wd; +} day_of_week_tests[] = { + /*YYYY MM DD DoY DoW */ + { 1900, 1, 1, 0, 1 }, + { 1900, 2, 28, 58, 3 }, + { 1900, 3, 1, 59, 4 }, + { 1900, 12, 31, 364, 1 }, + { 1901, 1, 1, 0, 2 }, + { 1970, 1, 1, 0, 4 }, + { 1999, 1, 10, 9, 0 }, + { 1999, 12, 31, 364, 5 }, + { 2000, 1, 1, 0, 6 }, + { 2000, 2, 28, 58, 1 }, + { 2000, 2, 29, 59, 2 }, + { 2000, 3, 1, 60, 3 }, + { 2000, 12, 31, 365, 0 }, + { 2001, 1, 1, 0, 1 }, + { 2008, 1, 1, 0, 2 }, + { 2008, 2, 28, 58, 4 }, + { 2008, 2, 29, 59, 5 }, + { 2008, 3, 1, 60, 6 }, + { 2008, 12, 31, 365, 3 }, + { 2009, 1, 1, 0, 4 }, + { 2011, 1, 1, 0, 6 }, + { 2011, 2, 28, 58, 1 }, + { 2011, 3, 1, 59, 2 }, + { 2011, 12, 31, 364, 6 }, + { 2012, 1, 1, 0, 0 }, + { 2019, 1, 2, 1, 3 }, + { 2019, 2, 2, 32, 6 }, + { 2019, 3, 2, 60, 6 }, + { 2019, 4, 2, 91, 2 }, + { 2019, 5, 2, 121, 4 }, + { 2019, 6, 2, 152, 0 }, + { 2019, 7, 2, 182, 2 }, + { 2019, 8, 2, 213, 5 }, + { 2019, 9, 2, 244, 1 }, + { 2019, 10, 2, 274, 3 }, + { 2019, 11, 2, 305, 6 }, + { 2019, 12, 2, 335, 1 }, + { 2020, 1, 2, 1, 4 }, + { 2020, 2, 2, 32, 0 }, + { 2020, 3, 2, 61, 1 }, + { 2020, 4, 2, 92, 4 }, + { 2020, 5, 2, 122, 6 }, + { 2020, 6, 2, 153, 2 }, + { 2020, 7, 2, 183, 4 }, + { 2020, 8, 2, 214, 0 }, + { 2020, 9, 2, 245, 3 }, + { 2020, 10, 2, 275, 5 }, + { 2020, 11, 2, 306, 1 }, + { 2020, 12, 2, 336, 3 } +}; + +static int test_days(int n) +{ + char d[16]; + ASN1_TIME *a = NULL; + struct tm t; + int r; + + BIO_snprintf(d, sizeof(d), "%04d%02d%02d050505Z", + day_of_week_tests[n].y, day_of_week_tests[n].m, + day_of_week_tests[n].d); + + if (!TEST_ptr(a = ASN1_TIME_new())) + return 0; + + r = TEST_true(ASN1_TIME_set_string(a, d)) + && TEST_true(ASN1_TIME_to_tm(a, &t)) + && TEST_int_eq(t.tm_yday, day_of_week_tests[n].yd) + && TEST_int_eq(t.tm_wday, day_of_week_tests[n].wd); + + ASN1_TIME_free(a); + return r; +} + +#define construct_asn1_time(s, t, e) \ + { { sizeof(s) - 1, t, (unsigned char*)s, 0 }, e } + +static const struct { + ASN1_TIME asn1; + const char *readable; +} x509_print_tests [] = { + /* Generalized Time */ + construct_asn1_time("20170731222050Z", V_ASN1_GENERALIZEDTIME, + "Jul 31 22:20:50 2017 GMT"), + /* Generalized Time, no seconds */ + construct_asn1_time("201707312220Z", V_ASN1_GENERALIZEDTIME, + "Jul 31 22:20:00 2017 GMT"), + /* Generalized Time, fractional seconds (3 digits) */ + construct_asn1_time("20170731222050.123Z", V_ASN1_GENERALIZEDTIME, + "Jul 31 22:20:50.123 2017 GMT"), + /* Generalized Time, fractional seconds (1 digit) */ + construct_asn1_time("20170731222050.1Z", V_ASN1_GENERALIZEDTIME, + "Jul 31 22:20:50.1 2017 GMT"), + /* Generalized Time, fractional seconds (0 digit) */ + construct_asn1_time("20170731222050.Z", V_ASN1_GENERALIZEDTIME, + "Bad time value"), + /* UTC Time */ + construct_asn1_time("170731222050Z", V_ASN1_UTCTIME, + "Jul 31 22:20:50 2017 GMT"), + /* UTC Time, no seconds */ + construct_asn1_time("1707312220Z", V_ASN1_UTCTIME, + "Jul 31 22:20:00 2017 GMT"), +}; + +static int test_x509_time_print(int idx) { - int ret = 0; - unsigned int idx; + BIO *m; + int ret = 0, rv; + char *pp; + const char *readable; - if (!test_x509_cmp_time_current()) - ret = 1; + if (!TEST_ptr(m = BIO_new(BIO_s_mem()))) + goto err; - for (idx=0 ; idx < OSSL_NELEM(x509_cmp_tests) ; ++idx) { - if (!test_x509_cmp_time(idx)) - ret = 1; + rv = ASN1_TIME_print(m, &x509_print_tests[idx].asn1); + readable = x509_print_tests[idx].readable; + + if (rv == 0 && !TEST_str_eq(readable, "Bad time value")) { + /* only if the test case intends to fail... */ + goto err; } + if (!TEST_int_ne(rv = BIO_get_mem_data(m, &pp), 0) + || !TEST_int_eq(rv, (int)strlen(readable)) + || !TEST_strn_eq(pp, readable, rv)) + goto err; - if (ret == 0) - printf("PASS\n"); + ret = 1; + err: + BIO_free(m); return ret; } + +int setup_tests(void) +{ + ADD_TEST(test_x509_cmp_time_current); + ADD_ALL_TESTS(test_x509_cmp_time, OSSL_NELEM(x509_cmp_tests)); + ADD_ALL_TESTS(test_x509_time, OSSL_NELEM(x509_format_tests)); + ADD_ALL_TESTS(test_days, OSSL_NELEM(day_of_week_tests)); + ADD_ALL_TESTS(test_x509_time_print, OSSL_NELEM(x509_print_tests)); + return 1; +} diff --git a/deps/openssl/openssl/test/x509aux.c b/deps/openssl/openssl/test/x509aux.c index 2c20d6d743355b..c8bef0094db641 100644 --- a/deps/openssl/openssl/test/x509aux.c +++ b/deps/openssl/openssl/test/x509aux.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL licenses, (the "License"); * you may not use this file except in compliance with the License. @@ -16,37 +16,12 @@ #include #include #include +#include "internal/nelem.h" +#include "testutil.h" -#include "../e_os.h" - -static const char *progname; - -static void test_usage(void) -{ - fprintf(stderr, "usage: %s certfile\n", progname); -} - -static void print_errors(void) +static int test_certs(int num) { - unsigned long err; - char buffer[1024]; - const char *file; - const char *data; - int line; - int flags; - - while ((err = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0) { - ERR_error_string_n(err, buffer, sizeof(buffer)); - if (flags & ERR_TXT_STRING) - fprintf(stderr, "Error: %s:%s:%d:%s\n", buffer, file, line, data); - else - fprintf(stderr, "Error: %s:%s:%d\n", buffer, file, line); - } -} - -static int test_certs(BIO *fp) -{ - int count; + int c; char *name = 0; char *header = 0; unsigned char *data = 0; @@ -54,30 +29,33 @@ static int test_certs(BIO *fp) typedef X509 *(*d2i_X509_t)(X509 **, const unsigned char **, long); typedef int (*i2d_X509_t)(X509 *, unsigned char **); int err = 0; + BIO *fp = BIO_new_file(test_get_argument(num), "r"); + + if (!TEST_ptr(fp)) + return 0; + + for (c = 0; !err && PEM_read_bio(fp, &name, &header, &data, &len); ++c) { + const int trusted = (strcmp(name, PEM_STRING_X509_TRUSTED) == 0); - for (count = 0; - !err && PEM_read_bio(fp, &name, &header, &data, &len); - ++count) { - int trusted = strcmp(name, PEM_STRING_X509_TRUSTED) == 0; d2i_X509_t d2i = trusted ? d2i_X509_AUX : d2i_X509; i2d_X509_t i2d = trusted ? i2d_X509_AUX : i2d_X509; X509 *cert = NULL; - const unsigned char *p = data; + const unsigned char *p = data; unsigned char *buf = NULL; unsigned char *bufp; long enclen; - if (!trusted + if (!trusted && strcmp(name, PEM_STRING_X509) != 0 - && strcmp(name, PEM_STRING_X509_OLD) != 0) { - fprintf(stderr, "unexpected PEM object: %s\n", name); + && strcmp(name, PEM_STRING_X509_OLD) != 0) { + TEST_error("unexpected PEM object: %s", name); err = 1; - goto next; + goto next; } cert = d2i(NULL, &p, len); if (cert == NULL || (p - data) != len) { - fprintf(stderr, "error parsing input %s\n", name); + TEST_error("error parsing input %s", name); err = 1; goto next; } @@ -85,33 +63,31 @@ static int test_certs(BIO *fp) /* Test traditional 2-pass encoding into caller allocated buffer */ enclen = i2d(cert, NULL); if (len != enclen) { - fprintf(stderr, "encoded length %ld of %s != input length %ld\n", - enclen, name, len); + TEST_error("encoded length %ld of %s != input length %ld", + enclen, name, len); err = 1; goto next; } if ((buf = bufp = OPENSSL_malloc(len)) == NULL) { - perror("malloc"); + TEST_perror("malloc"); err = 1; goto next; } enclen = i2d(cert, &bufp); if (len != enclen) { - fprintf(stderr, "encoded length %ld of %s != input length %ld\n", - enclen, name, len); + TEST_error("encoded length %ld of %s != input length %ld", + enclen, name, len); err = 1; goto next; } enclen = (long) (bufp - buf); if (enclen != len) { - fprintf(stderr, "unexpected buffer position after encoding %s\n", - name); + TEST_error("unexpected buffer position after encoding %s", name); err = 1; goto next; } if (memcmp(buf, data, len) != 0) { - fprintf(stderr, "encoded content of %s does not match input\n", - name); + TEST_error("encoded content of %s does not match input", name); err = 1; goto next; } @@ -121,14 +97,13 @@ static int test_certs(BIO *fp) /* Test 1-pass encoding into library allocated buffer */ enclen = i2d(cert, &buf); if (len != enclen) { - fprintf(stderr, "encoded length %ld of %s != input length %ld\n", - enclen, name, len); + TEST_error("encoded length %ld of %s != input length %ld", + enclen, name, len); err = 1; goto next; } if (memcmp(buf, data, len) != 0) { - fprintf(stderr, "encoded content of %s does not match input\n", - name); + TEST_error("encoded content of %s does not match input", name); err = 1; goto next; } @@ -141,91 +116,51 @@ static int test_certs(BIO *fp) /* Test 1-pass encoding into library allocated buffer */ enclen = i2d(cert, &buf); if (enclen > len) { - fprintf(stderr, "encoded length %ld of %s > input length %ld\n", - enclen, name, len); + TEST_error("encoded length %ld of %s > input length %ld", + enclen, name, len); err = 1; goto next; } if (memcmp(buf, data, enclen) != 0) { - fprintf(stderr, "encoded cert content does not match input\n"); + TEST_error("encoded cert content does not match input"); err = 1; goto next; } } - /* - * If any of these were null, PEM_read() would have failed. - */ + /* + * If any of these were null, PEM_read() would have failed. + */ next: X509_free(cert); OPENSSL_free(buf); - OPENSSL_free(name); - OPENSSL_free(header); - OPENSSL_free(data); + OPENSSL_free(name); + OPENSSL_free(header); + OPENSSL_free(data); } + BIO_free(fp); if (ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) { /* Reached end of PEM file */ - if (count > 0) { + if (c > 0) { ERR_clear_error(); return 1; } } /* Some other PEM read error */ - print_errors(); return 0; } -int main(int argc, char *argv[]) +int setup_tests(void) { - BIO *bio_err; - const char *p; - int ret = 1; - - progname = argv[0]; - if (argc < 2) { - test_usage(); - EXIT(ret); - } - - bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); - - p = getenv("OPENSSL_DEBUG_MEMORY"); - if (p != NULL && strcmp(p, "on") == 0) - CRYPTO_set_mem_debug(1); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - - argc--; - argv++; - - while (argc >= 1) { - BIO *f = BIO_new_file(*argv, "r"); - int ok; - - if (f == NULL) { - fprintf(stderr, "%s: Error opening cert file: '%s': %s\n", - progname, *argv, strerror(errno)); - EXIT(ret); - } - ret = !(ok = test_certs(f)); - BIO_free(f); - - if (!ok) { - printf("%s ERROR\n", *argv); - ret = 1; - break; - } - printf("%s OK\n", *argv); + size_t n = test_get_argument_count(); - argc--; - argv++; + if (n == 0) { + TEST_error("usage: %s certfile...", test_get_program_name()); + return 0; } -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - if (CRYPTO_mem_leaks(bio_err) <= 0) - ret = 1; -#endif - BIO_free(bio_err); - EXIT(ret); + ADD_ALL_TESTS(test_certs, (int)n); + return 1; } diff --git a/deps/openssl/openssl/tools/c_rehash.in b/deps/openssl/openssl/tools/c_rehash.in index e65822203dba36..421fd892086f93 100644 --- a/deps/openssl/openssl/tools/c_rehash.in +++ b/deps/openssl/openssl/tools/c_rehash.in @@ -1,7 +1,7 @@ -#!{- $config{hashbangperl} -} +#!{- $config{HASHBANGPERL} -} # {- join("\n# ", @autowarntext) -} -# Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/util/add-depends.pl b/deps/openssl/openssl/util/add-depends.pl new file mode 100644 index 00000000000000..55d56b7613d1a8 --- /dev/null +++ b/deps/openssl/openssl/util/add-depends.pl @@ -0,0 +1,288 @@ +#! /usr/bin/env perl +# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use warnings; + +use lib '.'; +use configdata; + +use File::Spec::Functions qw(:DEFAULT rel2abs); +use File::Compare qw(compare_text); +use feature 'state'; + +# When using stat() on Windows, we can get it to perform better by avoid some +# data. This doesn't affect the mtime field, so we're not losing anything... +${^WIN32_SLOPPY_STAT} = 1; + +my $debug = $ENV{ADD_DEPENDS_DEBUG}; +my $buildfile = $config{build_file}; +my $build_mtime = (stat($buildfile))[9]; +my $rebuild = 0; +my $depext = $target{dep_extension} || ".d"; +my @depfiles = + sort + grep { + # This grep has side effects. Not only does if check the existence + # of the dependency file given in $_, but it also checks if it's + # newer than the build file, and if it is, sets $rebuild. + my @st = stat($_); + $rebuild = 1 if @st && $st[9] > $build_mtime; + scalar @st > 0; # Determines the grep result + } + map { (my $x = $_) =~ s|\.o$|$depext|; $x; } + ( ( grep { $unified_info{sources}->{$_}->[0] =~ /\.cc?$/ } + keys %{$unified_info{sources}} ), + ( grep { $unified_info{shared_sources}->{$_}->[0] =~ /\.cc?$/ } + keys %{$unified_info{shared_sources}} ) ); + +exit 0 unless $rebuild; + +# Ok, primary checks are done, time to do some real work + +my $producer = shift @ARGV; +die "Producer not given\n" unless $producer; + +my $srcdir = $config{sourcedir}; +my $blddir = $config{builddir}; +my $abs_srcdir = rel2abs($srcdir); +my $abs_blddir = rel2abs($blddir); + +# Convenient cache of absolute to relative map. We start with filling it +# with mappings for the known generated header files. They are relative to +# the current working directory, so that's an easy task. +# NOTE: there's more than C header files that are generated. They will also +# generate entries in this map. We could of course deal with C header files +# only, but in case we decide to handle more than just C files in the future, +# we already have the mechanism in place here. +# NOTE2: we lower case the index to make it searchable without regard for +# character case. That could seem dangerous, but as long as we don't have +# files we depend on in the same directory that only differ by character case, +# we're fine. +my %depconv_cache = + map { catfile($abs_blddir, $_) => $_ } + keys %{$unified_info{generate}}; + +my %procedures = ( + 'gcc' => undef, # gcc style dependency files needs no mods + 'makedepend' => + sub { + # makedepend, in its infinite wisdom, wants to have the object file + # in the same directory as the source file. This doesn't work too + # well with out-of-source-tree builds, so we must resort to tricks + # to get things right. Fortunately, the .d files are always placed + # parallel with the object files, so all we need to do is construct + # the object file name from the dep file name. + (my $objfile = shift) =~ s|\.d$|.o|i; + my $line = shift; + + # Discard comments + return undef if $line =~ /^(#.*|\s*)$/; + + # Remove the original object file + $line =~ s|^.*\.o: | |; + # Also, remove any dependency that starts with a /, because those + # are typically system headers + $line =~ s/\s+\/(\\.|\S)*//g; + # Finally, discard all empty lines + return undef if $line =~ /^\s*$/; + + # All we got now is a dependency, just shave off surrounding spaces + $line =~ s/^\s+//; + $line =~ s/\s+$//; + return ($objfile, $line); + }, + 'VMS C' => + sub { + state $abs_srcdir_shaved = undef; + state $srcdir_shaved = undef; + + unless (defined $abs_srcdir_shaved) { + ($abs_srcdir_shaved = $abs_srcdir) =~ s|[>\]]$||; + ($srcdir_shaved = $srcdir) =~ s|[>\]]$||; + } + + # current versions of DEC / Compaq / HP / VSI C strips away all + # directory information from the object file, so we must insert it + # back. To make life simpler, we simply replace it with the + # corresponding .D file that's had its extension changed. Since + # .D files are always written parallel to the object files, we + # thereby get the directory information for free. + (my $objfile = shift) =~ s|\.D$|.OBJ|i; + my $line = shift; + + # Shave off the target. + # + # The pattern for target and dependencies will always take this + # form: + # + # target SPACE : SPACE deps + # + # This is so a volume delimiter (a : without any spaces around it) + # won't get mixed up with the target / deps delimiter. We use this + # to easily identify what needs to be removed. + m|\s:\s|; $line = $'; + + # We know that VMS has system header files in text libraries, + # extension .TLB. We also know that our header files aren't stored + # in text libraries. Finally, we know that VMS C produces exactly + # one dependency per line, so we simply discard any line ending with + # .TLB. + return undef if /\.TLB\s*$/; + + # All we got now is a dependency, just shave off surrounding spaces + $line =~ s/^\s+//; + $line =~ s/\s+$//; + + # VMS C gives us absolute paths, always. Let's see if we can + # make them relative instead. + $line = canonpath($line); + + unless (defined $depconv_cache{$line}) { + my $dep = $line; + # Since we have already pre-populated the cache with + # mappings for generated headers, we only need to deal + # with the source tree. + if ($dep =~ s|^\Q$abs_srcdir_shaved\E([\.>\]])?|$srcdir_shaved$1|i) { + $depconv_cache{$line} = $dep; + } + } + return ($objfile, $depconv_cache{$line}) + if defined $depconv_cache{$line}; + print STDERR "DEBUG[VMS C]: ignoring $objfile <- $line\n" + if $debug; + + return undef; + }, + 'VC' => + sub { + # For the moment, we only support Visual C on native Windows, or + # compatible compilers. With those, the flags /Zs /showIncludes + # give us the necessary output to be able to create dependencies + # that nmake (or any 'make' implementation) should be able to read, + # with a bit of help. The output we're interested in looks like + # this (it always starts the same) + # + # Note: including file: {whatever header file} + # + # Since there's no object file name at all in that information, + # we must construct it ourselves. + + (my $objfile = shift) =~ s|\.d$|.obj|i; + my $line = shift; + + # There are also other lines mixed in, for example compiler + # warnings, so we simply discard anything that doesn't start with + # the Note: + + if (/^Note: including file: */) { + (my $tail = $') =~ s/\s*\R$//; + + # VC gives us absolute paths for all include files, so to + # remove system header dependencies, we need to check that + # they don't match $abs_srcdir or $abs_blddir. + $tail = canonpath($tail); + + unless (defined $depconv_cache{$tail}) { + my $dep = $tail; + # Since we have already pre-populated the cache with + # mappings for generated headers, we only need to deal + # with the source tree. + if ($dep =~ s|^\Q$abs_srcdir\E\\|\$(SRCDIR)\\|i) { + $depconv_cache{$tail} = $dep; + } + } + return ($objfile, '"'.$depconv_cache{$tail}.'"') + if defined $depconv_cache{$tail}; + print STDERR "DEBUG[VC]: ignoring $objfile <- $tail\n" + if $debug; + } + + return undef; + }, +); +my %continuations = ( + 'gcc' => undef, + 'makedepend' => "\\", + 'VMS C' => "-", + 'VC' => "\\", +); + +die "Producer unrecognised: $producer\n" + unless exists $procedures{$producer} && exists $continuations{$producer}; + +my $procedure = $procedures{$producer}; +my $continuation = $continuations{$producer}; + +my $buildfile_new = "$buildfile-$$"; + +my %collect = (); +if (defined $procedure) { + foreach my $depfile (@depfiles) { + open IDEP,$depfile or die "Trying to read $depfile: $!\n"; + while () { + s|\R$||; # The better chomp + my ($target, $deps) = $procedure->($depfile, $_); + $collect{$target}->{$deps} = 1 if defined $target; + } + close IDEP; + } +} + +open IBF, $buildfile or die "Trying to read $buildfile: $!\n"; +open OBF, '>', $buildfile_new or die "Trying to write $buildfile_new: $!\n"; +while () { + last if /^# DO NOT DELETE THIS LINE/; + print OBF or die "$!\n"; +} +close IBF; + +print OBF "# DO NOT DELETE THIS LINE -- make depend depends on it.\n"; + +if (defined $procedure) { + foreach my $target (sort keys %collect) { + my $prefix = $target . ' :'; + my @deps = sort keys %{$collect{$target}}; + + while (@deps) { + my $buf = $prefix; + $prefix = ''; + + while (@deps && ($buf eq '' + || length($buf) + length($deps[0]) <= 77)) { + $buf .= ' ' . shift @deps; + } + $buf .= ' '.$continuation if @deps; + + print OBF $buf,"\n" or die "Trying to print: $!\n" + } + } +} else { + foreach my $depfile (@depfiles) { + open IDEP,$depfile or die "Trying to read $depfile: $!\n"; + while () { + print OBF or die "Trying to print: $!\n"; + } + close IDEP; + } +} + +close OBF; + +if (compare_text($buildfile_new, $buildfile) != 0) { + rename $buildfile_new, $buildfile + or die "Trying to rename $buildfile_new -> $buildfile: $!\n"; +} + +END { + # On VMS, we want to remove all generations of this file, in case there + # are more than one, so we loop. + if (defined $buildfile_new) { + while (unlink $buildfile_new) {} + } +} diff --git a/deps/openssl/openssl/util/check-malloc-errs b/deps/openssl/openssl/util/check-malloc-errs new file mode 100755 index 00000000000000..1e632407c63ee7 --- /dev/null +++ b/deps/openssl/openssl/util/check-malloc-errs @@ -0,0 +1,16 @@ +#! /bin/sh +# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +( + pcregrep -rnM 'OPENSSL_.?alloc.*\n.*if.*NULL.*\n.*return' crypto ssl + pcregrep -rnM 'if.*OPENSSL_.?alloc.*NULL.*\n.*.*return' crypto ssl +) | tee /tmp/out$$ +X=0 +test -s /tmp/out$$ && X=1 +rm /tmp/out$$ +exit $X diff --git a/deps/openssl/openssl/util/ck_errf.pl b/deps/openssl/openssl/util/ck_errf.pl index 7fc536786e6d18..539736db01e9cc 100755 --- a/deps/openssl/openssl/util/ck_errf.pl +++ b/deps/openssl/openssl/util/ck_errf.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -8,63 +8,145 @@ # This is just a quick script to scan for cases where the 'error' # function name in a XXXerr() macro is wrong. -# +# # Run in the top level by going # perl util/ck_errf.pl */*.c */*/*.c # +use strict; +use warnings; + +my $config; my $err_strict = 0; -my $bad = 0; +my $debug = 0; +my $internal = 0; + +sub help +{ + print STDERR <<"EOF"; +mkerr.pl [options] [files...] + +Options: + + -conf FILE Use the named config file FILE instead of the default. + + -debug Verbose output debugging on stderr. + + -internal Generate code that is to be built as part of OpenSSL itself. + Also scans internal list of files. + + -strict If any error was found, fail with exit code 1, otherwise 0. + + -help Show this help text. + + ... Additional arguments are added to the file list to scan, + if '-internal' was NOT specified on the command line. -foreach $file (@ARGV) - { - if ($file eq "-strict") - { - $err_strict = 1; - next; - } - open(IN,"<$file") || die "unable to open $file\n"; - $func=""; - while () - { - if (!/;$/ && /^\**([a-zA-Z_].*[\s*])?([A-Za-z_0-9]+)\(.*([),]|$)/) - { - /^([^()]*(\([^()]*\)[^()]*)*)\(/; - $1 =~ /([A-Za-z_0-9]*)$/; - $func = $1; - $func =~ tr/A-Z/a-z/; - } - if (/([A-Z0-9]+)err\(([^,]+)/ && ! /ckerr_ignore/) - { - $errlib=$1; - $n=$2; - - if ($func eq "") - { print "$file:$.:???:$n\n"; $bad = 1; next; } - - if ($n !~ /([^_]+)_F_(.+)$/) - { - # print "check -$file:$.:$func:$n\n"; - next; - } - $lib=$1; - $n=$2; - - if ($lib ne $errlib) - { print "$file:$.:$func:$n [${errlib}err]\n"; $bad = 1; next; } - - $n =~ tr/A-Z/a-z/; - if (($n ne $func) && ($errlib ne "SYS")) - { print "$file:$.:$func:$n\n"; $bad = 1; next; } - # print "$func:$1\n"; - } - } - close(IN); +EOF +} + +while ( @ARGV ) { + my $arg = $ARGV[0]; + last unless $arg =~ /-.*/; + $arg = $1 if $arg =~ /-(-.*)/; + if ( $arg eq "-conf" ) { + $config = $ARGV[1]; + shift @ARGV; + } elsif ( $arg eq "-debug" ) { + $debug = 1; + } elsif ( $arg eq "-internal" ) { + $internal = 1; + } elsif ( $arg eq "-strict" ) { + $err_strict = 1; + } elsif ( $arg =~ /-*h(elp)?/ ) { + &help(); + exit; + } elsif ( $arg =~ /-.*/ ) { + die "Unknown option $arg; use -h for help.\n"; + } + shift @ARGV; +} + +my @source; +if ( $internal ) { + die "Extra parameters given.\n" if @ARGV; + $config = "crypto/err/openssl.ec" unless defined $config; + @source = ( glob('crypto/*.c'), glob('crypto/*/*.c'), + glob('ssl/*.c'), glob('ssl/*/*.c') ); +} else { + die "Configuration file not given.\nSee '$0 -help' for information\n" + unless defined $config; + @source = @ARGV; +} + +# To detect if there is any error generation for a libcrypto/libssl libs +# we don't know, we need to find out what libs we do know. That list is +# readily available in crypto/err/openssl.ec, in form of lines starting +# with "L ". Note that we always rely on the modules SYS and ERR to be +# generally available. +my %libs = ( SYS => 1, ERR => 1 ); +open my $cfh, $config or die "Trying to read $config: $!\n"; +while (<$cfh>) { + s|\R$||; # Better chomp + next unless m|^L ([0-9A-Z_]+)\s|; + next if $1 eq "NONE"; + $libs{$1} = 1; +} + +my $bad = 0; +foreach my $file (@source) { + open( IN, "<$file" ) || die "Can't open $file, $!"; + my $func = ""; + while () { + if ( !/;$/ && /^\**([a-zA-Z_].*[\s*])?([A-Za-z_0-9]+)\(.*([),]|$)/ ) { + /^([^()]*(\([^()]*\)[^()]*)*)\(/; + $1 =~ /([A-Za-z_0-9]*)$/; + $func = $1; + $func =~ tr/A-Z/a-z/; } + if ( /([A-Z0-9_]+[A-Z0-9])err\(([^,]+)/ && !/ckerr_ignore/ ) { + my $errlib = $1; + my $n = $2; + + unless ( $libs{$errlib} ) { + print "$file:$.:$errlib not listed in $config\n"; + $libs{$errlib} = 1; # To not display it again + $bad = 1; + } -if ($bad && $err_strict) - { - print STDERR "FATAL: error discrepancy\n"; - exit 1; - } + if ( $func eq "" ) { + print "$file:$.:???:$n\n"; + $bad = 1; + next; + } + + if ( $n !~ /^(.+)_F_(.+)$/ ) { + #print "check -$file:$.:$func:$n\n"; + next; + } + my $lib = $1; + $n = $2; + + if ( $lib ne $errlib ) { + print "$file:$.:$func:$n [${errlib}err]\n"; + $bad = 1; + next; + } + + $n =~ tr/A-Z/a-z/; + if ( $n ne $func && $errlib ne "SYS" ) { + print "$file:$.:$func:$n\n"; + $bad = 1; + next; + } + + # print "$func:$1\n"; + } + } + close(IN); +} +if ( $bad && $err_strict ) { + print STDERR "FATAL: error discrepancy\n"; + exit 1; +} diff --git a/deps/openssl/openssl/util/copy.pl b/deps/openssl/openssl/util/copy.pl index fe1c908e681acc..f35050d652eeae 100644 --- a/deps/openssl/openssl/util/copy.pl +++ b/deps/openssl/openssl/util/copy.pl @@ -47,7 +47,7 @@ } $dest = pop @filelist; - + if ($fnum > 2 && ! -d $dest) { die "Destination must be a directory"; @@ -80,5 +80,4 @@ close(OUT); print "Copying: $_ to $dfile\n"; } - diff --git a/deps/openssl/openssl/util/dofile.pl b/deps/openssl/openssl/util/dofile.pl index 4533c135a30ef4..c3bc9ba9d6045f 100644 --- a/deps/openssl/openssl/util/dofile.pl +++ b/deps/openssl/openssl/util/dofile.pl @@ -92,7 +92,7 @@ package main; # Helper functions for the templates ################################# # It might be practical to quotify some strings and have them protected -# from possible harm. These functions primarly quote things that might +# from possible harm. These functions primarily quote things that might # be interpreted wrongly by a perl eval. # quotify1 STRING @@ -106,7 +106,7 @@ sub quotify1 { # quotify_l LIST # For each defined element in LIST (i.e. elements that aren't undef), have -# it quotified with 'quotofy1' +# it quotified with 'quotify1' sub quotify_l { map { if (!defined($_)) { diff --git a/deps/openssl/openssl/util/find-doc-nits b/deps/openssl/openssl/util/find-doc-nits index 598854c79eaf24..860bb9958bd2d8 100755 --- a/deps/openssl/openssl/util/find-doc-nits +++ b/deps/openssl/openssl/util/find-doc-nits @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -24,7 +24,6 @@ our($opt_h); our($opt_l); our($opt_n); our($opt_p); -our($opt_s); our($opt_u); our($opt_c); @@ -35,7 +34,6 @@ Find small errors (nits) in documentation. Options: -d Detailed list of undocumented (implies -u) -l Print bogus links -n Print nits in POD pages - -s Also print missing sections in POD pages (implies -n) -p Warn if non-public name documented (implies -n) -u List undocumented functions -h Print this help message @@ -154,14 +152,9 @@ sub check() my $id = "${filename}:1:"; - # Find what section this page is in; assume 3. - my $section = 3; - $section = 1 if $dirname eq 'apps'; - $section = $1 if ( $contents =~ /=for comment openssl_manual_section:(\d)/); - &name_synopsis($id, $filename, $contents) unless $contents =~ /=for comment generic/ - or $section != 3; + or $filename =~ m@man[157]/@; print "$id doesn't start with =pod\n" if $contents !~ /^=pod/; @@ -190,7 +183,7 @@ sub check() if ( $contents !~ /=for comment multiple includes/ ) { # Look for multiple consecutive openssl #include lines - # (non-consecutive lines are okay; see crypto/MD5.pod). + # (non-consecutive lines are okay; see man3/MD5.pod). if ( $contents =~ /=head1 SYNOPSIS(.*)=head1 DESCRIPTION/ms ) { my $count = 0; foreach my $line ( split /\n+/, $1 ) { @@ -216,9 +209,12 @@ sub check() close $OUT; unlink $temp || warn "Can't remove $temp, $!"; + # Find what section this page is in; assume 3. + my $section = 3; + $section = $1 if $dirname =~ /man([1-9])/; + foreach ((@{$mandatory_sections{'*'}}, @{$mandatory_sections{$section}})) { # Skip "return values" if not -s - next if $_ eq 'RETURN VALUES' and not $opt_s; print "$id: missing $_ head1 section\n" if $contents !~ /^=head1\s+${_}\s*$/m; } @@ -375,7 +371,7 @@ sub collectnames { # then remove 'something'. Note that 'something' # may contain POD codes as well... (?:(?:[^\|]|<[^>]*>)*\|)? - # we're only interested in referenses that have + # we're only interested in references that have # a one digit section number ([^\/>\(]+\(\d\)) /gx; @@ -437,7 +433,7 @@ sub checkflags() { close CFH; # Get the list of flags from the synopsis - open CFH, " ) { chop; @@ -455,7 +451,7 @@ sub checkflags() { if ( scalar @undocced > 0 ) { $ok = 0; foreach ( @undocced ) { - print "doc/apps/$cmd.pod: Missing -$_\n"; + print "doc/man1/$cmd.pod: Missing -$_\n"; } } @@ -468,20 +464,20 @@ sub checkflags() { $ok = 0; foreach ( @unimpl ) { next if defined $skips{$_}; - print "doc/apps/$cmd.pod: Not implemented -$_\n"; + print "doc/man1/$cmd.pod: Not implemented -$_\n"; } } return $ok; } -getopts('cdlnsphu'); +getopts('cdlnphu'); &help() if $opt_h; -$opt_n = 1 if $opt_s or $opt_p; +$opt_n = 1 if $opt_p; $opt_u = 1 if $opt_d; -die "Need one of -[cdlnspu] flags.\n" +die "Need one of -[cdlnpu] flags.\n" unless $opt_c or $opt_l or $opt_n or $opt_u; if ( $opt_c ) { @@ -500,8 +496,8 @@ if ( $opt_c ) { # See if each has a manpage. foreach ( @commands ) { next if $_ eq 'help' || $_ eq 'exit'; - if ( ! -f "doc/apps/$_.pod" ) { - print "doc/apps/$_.pod does not exist\n"; + if ( ! -f "doc/man1/$_.pod" ) { + print "doc/man1/$_.pod does not exist\n"; $ok = 0; } else { $ok = 0 if not &checkflags($_); @@ -537,7 +533,7 @@ if ( $opt_n ) { } if ( $opt_u ) { - my %temp = &getdocced('doc/crypto'); + my %temp = &getdocced('doc/man3'); foreach ( keys %temp ) { $docced{$_} = $temp{$_}; } diff --git a/deps/openssl/openssl/util/find-undoc-api.pl b/deps/openssl/openssl/util/find-undoc-api.pl deleted file mode 100755 index 7b2cb973b7a23b..00000000000000 --- a/deps/openssl/openssl/util/find-undoc-api.pl +++ /dev/null @@ -1,82 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the OpenSSL license (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -use strict; -use warnings; - -use File::Spec::Functions; -use File::Basename; -#use File::Copy; -#use File::Path; -use lib catdir(dirname($0), "perl"); -use OpenSSL::Util::Pod; - -my %dups; - -sub parsenum() -{ - my $file = shift; - my @apis; - - open my $IN, '<', $file - or die "Can't open $file, $!, stopped"; - - while ( <$IN> ) { - next if /\sNOEXIST/; - next if /EXPORT_VAR_AS_FUNC/; - push @apis, $1 if /([^\s]+).\s/; - } - - close $IN; - - print "# Found ", scalar(@apis), " in $file\n"; - return sort @apis; -} - -sub getdocced() -{ - my $dir = shift; - my %return; - - foreach my $pod ( glob("$dir/*.pod") ) { - next if $pod eq 'doc/crypto/crypto.pod'; - next if $pod eq 'doc/ssl/ssl.pod'; - my %podinfo = extract_pod_info($pod); - foreach my $n ( @{$podinfo{names}} ) { - $return{$n} = $pod; - print "# Duplicate $n in $pod and $dups{$n}\n" - if defined $dups{$n}; - $dups{$n} = $pod; - } - } - - return %return; -} - -sub printem() -{ - my $docdir = shift; - my $numfile = shift; - my %docced = &getdocced($docdir); - my $count = 0; - - foreach my $func ( &parsenum($numfile) ) { - next if $docced{$func}; - - # Skip ASN1 utilities - next if $func =~ /^ASN1_/; - - print $func, "\n"; - $count++; - } - print "# Found $count missing from $numfile\n\n"; -} - - -&printem('doc/crypto', 'util/libcrypto.num'); -&printem('doc/ssl', 'util/libssl.num'); diff --git a/deps/openssl/openssl/util/find-unused-errs b/deps/openssl/openssl/util/find-unused-errs index 68cf66b15f8848..cd1026d5947c6c 100755 --- a/deps/openssl/openssl/util/find-unused-errs +++ b/deps/openssl/openssl/util/find-unused-errs @@ -13,8 +13,27 @@ export X1=/tmp/f.1.$$ export X2=/tmp/f.2.$$ +case "$1" in + -f) + PAT='_F_' + echo Functions only + ;; + -[er]) + PAT='_R_' + echo Reason codes only + ;; + "") + PAT='_[FR]_' + echo Function and reasons + ;; + *) + echo "Usage error; one of -[efr] required." + exit 1; + ;; +esac + cd include/openssl || exit 1 -grep '_[RF]_' * | awk '{print $3;}' | sort -u >$X1 +grep "$PAT" * | grep -v ERR_FATAL_ERROR | awk '{print $3;}' | sort -u >$X1 cd ../.. for F in `cat $X1` ; do diff --git a/deps/openssl/openssl/util/fipslink.pl b/deps/openssl/openssl/util/fipslink.pl deleted file mode 100644 index 18a91532be535b..00000000000000 --- a/deps/openssl/openssl/util/fipslink.pl +++ /dev/null @@ -1,115 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the OpenSSL license (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -sub check_env - { - my @ret; - foreach (@_) - { - die "Environment variable $_ not defined!\n" unless exists $ENV{$_}; - push @ret, $ENV{$_}; - } - return @ret; - } - - -my ($fips_cc,$fips_cc_args, $fips_link,$fips_target, $fips_libdir, $sha1_exe) - = check_env("FIPS_CC", "FIPS_CC_ARGS", "FIPS_LINK", "FIPS_TARGET", - "FIPSLIB_D", "FIPS_SHA1_EXE"); - - - -if (exists $ENV{"PREMAIN_DSO_EXE"}) - { - $fips_premain_dso = $ENV{"PREMAIN_DSO_EXE"}; - } - else - { - $fips_premain_dso = ""; - } - -check_hash($sha1_exe, "fips_premain.c"); -check_hash($sha1_exe, "fipscanister.lib"); - - -print "Integrity check OK\n"; - -if (is_premain_linked(@ARGV)) { - print "$fips_cc $fips_cc_args $fips_libdir/fips_premain.c\n"; - system "$fips_cc $fips_cc_args $fips_libdir/fips_premain.c"; - die "First stage Compile failure" if $? != 0; -} elsif (!defined($ENV{FIPS_SIG})) { - die "no fips_premain.obj linked"; -} - -print "$fips_link @ARGV\n"; -system "$fips_link @ARGV"; -die "First stage Link failure" if $? != 0; - -if (defined($ENV{FIPS_SIG})) { - print "$ENV{FIPS_SIG} $fips_target\n"; - system "$ENV{FIPS_SIG} $fips_target"; - die "$ENV{FIPS_SIG} $fips_target failed" if $? != 0; - exit; -} - -print "$fips_premain_dso $fips_target\n"; -system("$fips_premain_dso $fips_target >$fips_target.sha1"); -die "Get hash failure" if $? != 0; -open my $sha1_res, '<', $fips_target.".sha1" or die "Get hash failure"; -$fips_hash=<$sha1_res>; -close $sha1_res; -unlink $fips_target.".sha1"; -$fips_hash =~ s|\R$||; # Better chomp -die "Get hash failure" if $? != 0; - - -print "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args $fips_libdir/fips_premain.c\n"; -system "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args $fips_libdir/fips_premain.c"; -die "Second stage Compile failure" if $? != 0; - - -print "$fips_link @ARGV\n"; -system "$fips_link @ARGV"; -die "Second stage Link failure" if $? != 0; - -sub is_premain_linked - { - return 1 if (grep /fips_premain\.obj/,@_); - foreach (@_) - { - if (/^@(.*)/ && -f $1) - { - open FD,$1 or die "can't open $1"; - my $ret = (grep /fips_premain\.obj/,)?1:0; - close FD; - return $ret; - } - } - return 0; - } - -sub check_hash - { - my ($sha1_exe, $filename) = @_; - my ($hashfile, $hashval); - - open(IN, "${fips_libdir}/${filename}.sha1") || die "Cannot open file hash file ${fips_libdir}/${filename}.sha1"; - $hashfile = ; - close IN; - $hashval = `$sha1_exe ${fips_libdir}/$filename`; - $hashfile =~ s|\R$||; # Better chomp - $hashval =~ s|\R$||; # Better chomp - $hashfile =~ s/^.*=\s+//; - $hashval =~ s/^.*=\s+//; - die "Invalid hash syntax in file" if (length($hashfile) != 40); - die "Invalid hash received for file" if (length($hashval) != 40); - die "***HASH VALUE MISMATCH FOR FILE $filename ***" if ($hashval ne $hashfile); - } - - diff --git a/deps/openssl/openssl/util/incore b/deps/openssl/openssl/util/incore deleted file mode 100755 index 26fcf95033fca7..00000000000000 --- a/deps/openssl/openssl/util/incore +++ /dev/null @@ -1,454 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the OpenSSL license (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# The script embeds fingerprint into ELF executable object, either -# application binary or shared library. - -###################################################################### -# -# ELF symbol table parser by . The table entries -# are extended with offset within executable file... -# -{ package ELF; - use FileHandle; - - sub dup { my %copy=map {$_} @_; return \%copy; } - - sub Load { - my $class = shift; - my $self = {}; - my $FD = FileHandle->new(); # autoclose - - bless $self,$class; - - sysopen($FD,shift,0) or die "$!"; - binmode($FD); - - ################################################# - # read and parse elf_ehdr.e_ident... - # - read($FD,my $elf,16) or die "$!"; - - my %e_ident; - @e_ident{magic,class,data,version,osabi,abiver,pad}= - unpack("a4C*",$elf); - - $!=42; # signal fipsld to revert to two-step link - die "not ELF file" if ($e_ident{magic} ne chr(0177)."ELF"); - - my $elf_bits = $e_ident{class}*32; # 32 or 64 - my $big_endian = $e_ident{data}-1; # 0 or 1 - - if ($elf_bits==64) { - if (!(((1<<31)<<1) && $big_endian==(unpack("L",pack("N",1))==1))) { - die "ELF64 is supported only natively"; - } - } - - ################################################# - # read and parse remainder of elf_ehdr... - # - read($FD,my $elfhdr,64) or die "$!"; - - my %elf_ehdr; - @elf_ehdr{e_type,e_machine,e_version, - e_entry,e_phoff,e_shoff,e_flags,e_ehsize, - e_phentsize,e_phnum,e_shentsize,e_shnum,e_shstrndx} = - $elf_bits==32 ? - unpack($big_endian?"nnN5n6":"vvV5v6",$elfhdr) - : unpack("SSLQ3LS6",$elfhdr); - - # put aside e_machine in case one has to treat specific - # platforms differently, see EM_ constants in elf.h for - # assortment... - $self->{e_machine} = $elf_ehdr{e_machine}; - - ################################################# - # read and parse elf_shdr table... - # - my ($i,$sz,$symtab_idx,$blob,$strings); - - seek($FD,$elf_ehdr{e_shoff},0) or die "$!"; - read($FD,$blob,$elf_ehdr{e_shentsize}*$elf_ehdr{e_shnum}) or die "$!"; - - my @sections; - my $elf_shdr_struct=($elf_bits==32?($big_endian?"N10":"V10"):"L2Q4L2Q2"); - for ($sz=$elf_ehdr{e_shentsize},$i=0;$i{sh_offset},0) or die "$!"; - read($FD,$strings,@sections[$elf_ehdr{e_shstrndx}]->{sh_size}) or die "$!"; - for (@sections) { - $_->{sh_name}=(split(chr(0),substr($strings,$_->{sh_name},64)))[0]; - } - - ################################################# - # read symbol strings table... - # - $i=@sections[$symtab_idx]->{sh_link}; - seek($FD,@sections[$i]->{sh_offset},0) or die "$!"; - read($FD,$strings,@sections[$i]->{sh_size}) or die "$!"; - - ################################################# - # read and parse elf_sym table... - # - seek($FD,@sections[$symtab_idx]->{sh_offset},0) or die "$!"; - read($FD,my $blob,@sections[$symtab_idx]->{sh_size}) or die "$!"; - - for ($sz=@sections[$symtab_idx]->{sh_entsize},$i=0;$i>4; - my $st_secn = $elf_sym{st_shndx}; - my $name; - # (STT_OBJECT || STT_FUNC) - if ($st_bind<3 && ($st_type==1 || $st_type==2) - && $st_secn <= $#sections # sane st_shndx - && @sections[$st_secn]->{sh_type} # not SHN_UNDEF - && ($name=(split(chr(0),substr($strings,$elf_sym{st_name},128)))[0]) - ) { - # synthesize st_offset, ... - $elf_sym{st_offset} = $elf_sym{st_value} - - @sections[$st_secn]->{sh_addr} - + @sections[$st_secn]->{sh_offset}; - $elf_sym{st_name} = $name; - $elf_sym{st_section} = @sections[$st_secn]->{sh_name}; - # ... and add to lookup table - $self->{symbols}{$name} = dup(%elf_sym); - } - } - - return $self; - } - - sub Lookup { - my $self = shift; - my $name = shift; - return $self->{symbols}{$name}; - } - - sub Traverse { - my $self = shift; - my $code = shift; - - if (ref($code) eq 'CODE') { - for (keys(%{$self->{symbols}})) { &$code($self->{symbols}{$_}); } - } - } -} - -###################################################################### -# -# SHA1 and HMAC in Perl by . -# -{ package SHA1; - use integer; - - { - ################################### SHA1 block code generator - my @V = ('$A','$B','$C','$D','$E'); - my $i; - - sub XUpdate { - my $ret; - $ret="(\$T=\$W[($i-16)%16]^\$W[($i-14)%16]^\$W[($i-8)%16]^\$W[($i-3)%16],\n\t"; - if ((1<<31)<<1) { - $ret.=" \$W[$i%16]=((\$T<<1)|(\$T>>31))&0xffffffff)\n\t "; - } else { - $ret.=" \$W[$i%16]=(\$T<<1)|((\$T>>31)&1))\n\t "; - } - } - sub tail { - my ($a,$b,$c,$d,$e)=@V; - my $ret; - if ((1<<31)<<1) { - $ret.="(($a<<5)|($a>>27));\n\t"; - $ret.="$b=($b<<30)|($b>>2); $e&=0xffffffff; #$b&=0xffffffff;\n\t"; - } else { - $ret.="(($a<<5)|($a>>27)&0x1f);\n\t"; - $ret.="$b=($b<<30)|($b>>2)&0x3fffffff;\n\t"; - } - $ret; - } - sub BODY_00_15 { - my ($a,$b,$c,$d,$e)=@V; - "$e+=\$W[$i]+0x5a827999+((($c^$d)&$b)^$d)+".tail(); - } - sub BODY_16_19 { - my ($a,$b,$c,$d,$e)=@V; - "$e+=".XUpdate()."+0x5a827999+((($c^$d)&$b)^$d)+".tail(); - } - sub BODY_20_39 { - my ($a,$b,$c,$d,$e)=@V; - "$e+=".XUpdate()."+0x6ed9eba1+($b^$c^$d)+".tail(); - } - sub BODY_40_59 { - my ($a,$b,$c,$d,$e)=@V; - "$e+=".XUpdate()."+0x8f1bbcdc+(($b&$c)|(($b|$c)&$d))+".tail(); - } - sub BODY_60_79 { - my ($a,$b,$c,$d,$e)=@V; - "$e+=".XUpdate()."+0xca62c1d6+($b^$c^$d)+".tail(); - } - - my $sha1_impl = - 'sub block { - my $self = @_[0]; - my @W = unpack("N16",@_[1]); - my ($A,$B,$C,$D,$E,$T) = @{$self->{H}}; - '; - - $sha1_impl.=' - $A &= 0xffffffff; - $B &= 0xffffffff; - ' if ((1<<31)<<1); - - for($i=0;$i<16;$i++){ $sha1_impl.=BODY_00_15(); unshift(@V,pop(@V)); } - for(;$i<20;$i++) { $sha1_impl.=BODY_16_19(); unshift(@V,pop(@V)); } - for(;$i<40;$i++) { $sha1_impl.=BODY_20_39(); unshift(@V,pop(@V)); } - for(;$i<60;$i++) { $sha1_impl.=BODY_40_59(); unshift(@V,pop(@V)); } - for(;$i<80;$i++) { $sha1_impl.=BODY_60_79(); unshift(@V,pop(@V)); } - - $sha1_impl.=' - $self->{H}[0]+=$A; $self->{H}[1]+=$B; $self->{H}[2]+=$C; - $self->{H}[3]+=$D; $self->{H}[4]+=$E; }'; - - #print $sha1_impl,"\n"; - eval($sha1_impl); # generate code - } - - sub Init { - my $class = shift; # multiple instances... - my $self = {}; - - bless $self,$class; - $self->{H} = [0x67452301,0xefcdab89,0x98badcfe,0x10325476,0xc3d2e1f0]; - $self->{N} = 0; - return $self; - } - - sub Update { - my $self = shift; - my $msg; - - foreach $msg (@_) { - my $len = length($msg); - my $num = length($self->{buf}); - my $off = 0; - - $self->{N} += $len; - - if (($num+$len)<64) - { $self->{buf} .= $msg; next; } - elsif ($num) - { $self->{buf} .= substr($msg,0,($off=64-$num)); - $self->block($self->{buf}); - } - - while(($off+64) <= $len) - { $self->block(substr($msg,$off,64)); - $off += 64; - } - - $self->{buf} = substr($msg,$off); - } - return $self; - } - - sub Final { - my $self = shift; - my $num = length($self->{buf}); - - $self->{buf} .= chr(0x80); $num++; - if ($num>56) - { $self->{buf} .= chr(0)x(64-$num); - $self->block($self->{buf}); - $self->{buf}=undef; - $num=0; - } - $self->{buf} .= chr(0)x(56-$num); - $self->{buf} .= pack("N2",($self->{N}>>29)&0x7,$self->{N}<<3); - $self->block($self->{buf}); - - return pack("N*",@{$self->{H}}); - } - - sub Selftest { - my $hash; - - $hash=SHA1->Init()->Update('abc')->Final(); - die "SHA1 test#1" if (unpack("H*",$hash) ne 'a9993e364706816aba3e25717850c26c9cd0d89d'); - - $hash=SHA1->Init()->Update('abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq')->Final(); - die "SHA1 test#2" if (unpack("H*",$hash) ne '84983e441c3bd26ebaae4aa1f95129e5e54670f1'); - - #$hash=SHA1->Init()->Update('a'x1000000)->Final(); - #die "SHA1 test#3" if (unpack("H*",$hash) ne '34aa973cd4c4daa4f61eeb2bdbad27316534016f'); - } -} - -{ package HMAC; - - sub Init { - my $class = shift; - my $key = shift; - my $self = {}; - - bless $self,$class; - - if (length($key)>64) { - $key = SHA1->Init()->Update($key)->Final(); - } - $key .= chr(0x00)x(64-length($key)); - - my @ikey = map($_^=0x36,unpack("C*",$key)); - ($self->{hash} = SHA1->Init())->Update(pack("C*",@ikey)); - $self->{okey} = pack("C*",map($_^=0x36^0x5c,@ikey)); - - return $self; - } - - sub Update { - my $self = shift; - $self->{hash}->Update(@_); - return $self; - } - - sub Final { - my $self = shift; - my $ihash = $self->{hash}->Final(); - return SHA1->Init()->Update($self->{okey},$ihash)->Final(); - } - - sub Selftest { - my $hmac; - - $hmac = HMAC->Init('0123456789:;<=>?@ABC')->Update('Sample #2')->Final(); - die "HMAC test" if (unpack("H*",$hmac) ne '0922d3405faa3d194f82a45830737d5cc6c75d24'); - } -} - -###################################################################### -# -# main() -# -my $legacy_mode; - -if ($ARGV<0 || ($#ARGV>0 && !($legacy_mode=(@ARGV[0] =~ /^\-(dso|exe)$/)))) { - print STDERR "usage: $0 [-dso|-exe] elfbinary\n"; - exit(1); -} - -$exe = ELF->Load(@ARGV[$#ARGV]); - -$FIPS_text_start = $exe->Lookup("FIPS_text_start") or die; -$FIPS_text_end = $exe->Lookup("FIPS_text_end") or die; -$FIPS_rodata_start = $exe->Lookup("FIPS_rodata_start") or die; -$FIPS_rodata_end = $exe->Lookup("FIPS_rodata_end") or die; -$FIPS_signature = $exe->Lookup("FIPS_signature") or die; - -# new cross-compile support -$FIPS_text_startX = $exe->Lookup("FIPS_text_startX"); -$FIPS_text_endX = $exe->Lookup("FIPS_text_endX"); - -if (!$legacy_mode) { - if (!$FIPS_text_startX || !$FIPS_text_endX) { - print STDERR "@ARGV[$#ARGV] is not cross-compiler aware.\n"; - exit(42); # signal fipsld to revert to two-step link - } - - $FINGERPRINT_ascii_value - = $exe->Lookup("FINGERPRINT_ascii_value"); - -} -if ($FIPS_text_startX && $FIPS_text_endX) { - $FIPS_text_start = $FIPS_text_startX; - $FIPS_text_end = $FIPS_text_endX; -} - -sysopen(FD,@ARGV[$#ARGV],$legacy_mode?0:2) or die "$!"; # 2 is read/write -binmode(FD); - -sub HMAC_Update { - my ($hmac,$off,$len) = @_; - my $blob; - - seek(FD,$off,0) or die "$!"; - read(FD,$blob,$len) or die "$!"; - $$hmac->Update($blob); -} - -# fips/fips.c:FIPS_incore_fingerprint's Perl twin -# -sub FIPS_incore_fingerprint { - my $p1 = $FIPS_text_start->{st_offset}; - my $p2 = $FIPS_text_end->{st_offset}; - my $p3 = $FIPS_rodata_start->{st_offset}; - my $p4 = $FIPS_rodata_end->{st_offset}; - my $sig = $FIPS_signature->{st_offset}; - my $ctx = HMAC->Init("etaonrishdlcupfm"); - - # detect overlapping regions - if ($p1<=$p3 && $p2>=$p3) { - $p3 = $p1; $p4 = $p2>$p4?$p2:$p4; $p1 = 0; $p2 = 0; - } elsif ($p3<=$p1 && $p4>=$p1) { - $p3 = $p3; $p4 = $p2>$p4?$p2:$p4; $p1 = 0; $p2 = 0; - } - - if ($p1) { - HMAC_Update (\$ctx,$p1,$p2-$p1); - } - - if ($sig>=$p3 && $sig<$p4) { - # "punch" hole - HMAC_Update(\$ctx,$p3,$sig-$p3); - $p3 = $sig+20; - HMAC_Update(\$ctx,$p3,$p4-$p3); - } else { - HMAC_Update(\$ctx,$p3,$p4-$p3); - } - - return $ctx->Final(); -} - -$fingerprint = FIPS_incore_fingerprint(); - -if ($legacy_mode) { - print unpack("H*",$fingerprint); -} elsif (defined($FINGERPRINT_ascii_value)) { - seek(FD,$FINGERPRINT_ascii_value->{st_offset},0) or die "$!"; - print FD unpack("H*",$fingerprint) or die "$!"; -} else { - seek(FD,$FIPS_signature->{st_offset},0) or die "$!"; - print FD $fingerprint or die "$!"; -} - -close (FD); diff --git a/deps/openssl/openssl/util/indent.pro b/deps/openssl/openssl/util/indent.pro index b5398ab74ad43c..443bddb1cc2ae4 100644 --- a/deps/openssl/openssl/util/indent.pro +++ b/deps/openssl/openssl/util/indent.pro @@ -48,8 +48,6 @@ -T ASN1_BIT_STRING -T ASN1_BMPSTRING -T ASN1_BOOLEAN --T ASN1_COMPAT_FUNCS --T ASN1_CTX -T ASN1_ENCODING -T ASN1_ENUMERATED -T ASN1_EXTERN_FUNCS @@ -80,7 +78,6 @@ -T ASN1_UTF8STRING -T ASN1_VALUE -T ASN1_VISIBLESTRING --T ASN1_const_CTX -T AUTHORITY_INFO_ACCESS -T AUTHORITY_KEYID -T BASIC_CONSTRAINTS @@ -167,14 +164,10 @@ -T CONF_MODULE -T CONF_VALUE -T CRYPTO_EX_DATA --T CRYPTO_EX_DATA_FUNCS --T CRYPTO_EX_DATA_IMPL -T CRYPTO_EX_dup -T CRYPTO_EX_free -T CRYPTO_EX_new --T CRYPTO_MEM_LEAK_CB -T CRYPTO_THREADID --T CRYPTO_dynlock_value -T DB_ATTR -T DES_LONG -T DES_cblock @@ -184,7 +177,6 @@ -T DH_PKEY_CTX -T DIST_POINT -T DIST_POINT_NAME --T DRBG_CTX -T DSA -T DSA_METHOD -T DSA_SIG @@ -198,14 +190,11 @@ -T DTLS1_RECORD_DATA -T DTLS1_STATE -T Dl_info --T ECDH_DATA -T ECDH_METHOD --T ECDSA_DATA -T ECDSA_METHOD -T ECDSA_SIG -T ECPARAMETERS -T ECPKPARAMETERS --T EC_EXTRA_DATA -T EC_GROUP -T EC_KEY -T EC_METHOD @@ -234,8 +223,10 @@ -T ERR_STATE -T ERR_STRING_DATA -T ESS_CERT_ID +-T ESS_CERT_ID_V2 -T ESS_ISSUER_SERIAL -T ESS_SIGNING_CERT +-T ESS_SIGNING_CERT_V2 -T EVP_AES_HMAC_SHA1 -T EVP_AES_HMAC_SHA256 -T EVP_CIPHER @@ -251,12 +242,7 @@ -T EVP_PKEY_CTX -T EVP_PKEY_METHOD -T EVP_PKEY_gen_cb --T EX_CLASS_ITEM --T E_GMP_RSA_CTX --T E_RSAX_MOD_CTX -T FILE --T F_DIGITALSIGNATUREVERIFY --T F_PUBLICKEYEXTRACT -T GCM128_CONTEXT -T GENERAL_NAME -T GENERAL_NAMES @@ -265,7 +251,6 @@ -T HASH_CTX -T HEAPENTRY32 -T HEAPLIST32 --T HEARTBEAT_TEST_FIXTURE -T HMAC_CTX -T IDEA_KEY_SCHEDULE -T IPAddrBlocks @@ -275,12 +260,8 @@ -T ISSUING_DIST_POINT -T KEY_TABLE_TYPE -T LHASH --T LHASH_COMP_FN_TYPE -T LHASH_DOALL_ARG_FN_TYPE --T LHASH_DOALL_FN_TYPE --T LHASH_HASH_FN_TYPE -T LHASH_NODE --T LPDIR_CTX -T LPHEAPENTRY32 -T LPHEAPLIST32 -T LPMODULEENTRY32 @@ -293,15 +274,12 @@ -T MD4_CTX -T MD5_CTX -T MDC2_CTX --T MD_DATA -T MEM -T MEM_LEAK --T MEM_OBJECT_DATA -T MIME_HEADER -T MIME_PARAM -T MODULEENTRY32 -T MODULEENTRY32W --T MS_FAR -T NAME_CONSTRAINTS -T NAME_FUNCS -T NBIO_TEST @@ -311,8 +289,6 @@ -T NETSCAPE_PKEY -T NETSCAPE_SPKAC -T NETSCAPE_SPKI --T NETSCAPE_X509 --T NET_API_FUNCTION -T NOTICEREF -T OBJ_NAME -T OCB128_CONTEXT @@ -337,7 +313,6 @@ -T OPENSSL_BLOCK -T OPENSSL_CSTRING -T OPENSSL_DIR_CTX --T OPENSSL_ITEM -T OPENSSL_PSTRING -T OPENSSL_STRING -T OSSL_ASYNC_FD @@ -347,10 +322,6 @@ -T PBE2PARAM -T PBEPARAM -T PBKDF2PARAM --T PCRYPTO_MEM_LEAK_CB --T PEM_CTX --T PEM_ENCODE_SEAL_CTX --T PEM_USER -T PHEAPENTRY32 -T PHEAPLIST32 -T PKCS12 @@ -396,7 +367,6 @@ -T RSA_PSS_PARAMS -T SCT -T SEED_KEY_SCHEDULE --T SESS_CERT -T SHA256_CTX -T SHA512_CTX -T SHA_CTX @@ -409,7 +379,6 @@ -T SRP_user_pwd -T SRTP_PROTECTION_PROFILE -T SSL --T SSL2_STATE -T SSL3_BUFFER -T SSL3_COMP -T SSL3_ENC_METHOD @@ -450,7 +419,6 @@ -T WCHAR -T WHIRLPOOL_CTX -T WINAPI --T WSAAPI -T X509 -T X509V3_CONF_METHOD -T X509V3_CTX @@ -467,8 +435,6 @@ -T X509_ALGOR -T X509_ATTRIBUTE -T X509_CERT_AUX --T X509_CERT_FILE_CTX --T X509_CERT_PAIR -T X509_CINF -T X509_CRL -T X509_CRL_INFO @@ -480,7 +446,6 @@ -T X509_NAME -T X509_NAME_ENTRY -T X509_OBJECT --T X509_OBJECTS -T X509_PKEY -T X509_POLICY_CACHE -T X509_POLICY_DATA @@ -498,17 +463,14 @@ -T X509_TRUST -T X509_VAL -T X509_VERIFY_PARAM --T X509_VERIFY_PARAM_ID -T X9_62_CHARACTERISTIC_TWO -T X9_62_CURVE -T X9_62_FIELDID -T X9_62_PENTANOMIAL -T XTS128_CONTEXT --T ZEN_MD_DATA -T _LHASH -T _STACK -T __int64 --T _ossl_old_des_cblock -T asn1_ps_func -T bio_dgram_data -T bio_info_cb @@ -561,12 +523,12 @@ -T STACK_OF_CONF_IMODULE_ -T STACK_OF_CONF_MODULE_ -T STACK_OF_CONF_VALUE_ --T STACK_OF_CRYPTO_EX_DATA_FUNCS_ -T STACK_OF_CRYPTO_dynlock_ -T STACK_OF_DIST_POINT_ -T STACK_OF_ENGINE_ -T STACK_OF_ENGINE_CLEANUP_ITEM_ -T STACK_OF_ESS_CERT_ID_ +-T STACK_OF_ESS_CERT_ID_V2_ -T STACK_OF_EVP_PBE_CTL_ -T STACK_OF_EVP_PKEY_ASN1_METHOD_ -T STACK_OF_EVP_PKEY_METHOD_ @@ -575,7 +537,6 @@ -T STACK_OF_GENERAL_SUBTREE_ -T STACK_OF_IPAddressFamily_ -T STACK_OF_IPAddressOrRange_ --T STACK_OF_MEM_OBJECT_DATA_ -T STACK_OF_MIME_HEADER_ -T STACK_OF_MIME_PARAM_ -T STACK_OF_NAME_FUNCS_ @@ -630,7 +591,6 @@ -T LHASH_OF_ENGINE_PILE_ -T LHASH_OF_ERR_STATE_ -T LHASH_OF_ERR_STRING_DATA_ --T LHASH_OF_EX_CLASS_ITEM_ -T LHASH_OF_FUNCTION_ -T LHASH_OF_MEM_ -T LHASH_OF_OBJ_NAME_ @@ -646,7 +606,6 @@ -T ssl_st -T ssl_trace_tbl -T _stdcall --T tls12_lookup -T OPTIONS -T OPT_PAIR -T uint64_t @@ -663,10 +622,22 @@ -T SH_LIST -T PACKET -T RECORD_LAYER --T ASYNC_FIBRE -T ASYNC_CTX -T ASYNC_JOB -T intmax_t -T uintmax_t -T pqueue -T danetls_record +-T CTLOG_STORE +-T OPENSSL_INIT_SETTINGS +-T OSSL_HANDSHAKE_STATE +-T OSSL_STATEM +-T ossl_intmax_t +-T ossl_intmax_t +-T ossl_uintmax_t +-T ossl_uintmax_t +-T CT_POLICY_EVAL_CTX +-T RAND_DRBG +-T RAND_DRBG_CTR +-T RAND_POOL +-T RAND_METHOD diff --git a/deps/openssl/openssl/util/libcrypto.num b/deps/openssl/openssl/util/libcrypto.num index 2390fa03627c2f..bad3a3814ecdc1 100644 --- a/deps/openssl/openssl/util/libcrypto.num +++ b/deps/openssl/openssl/util/libcrypto.num @@ -30,7 +30,7 @@ GENERAL_NAME_get0_otherName 29 1_1_0 EXIST::FUNCTION: ASN1_INTEGER_get_uint64 30 1_1_0 EXIST::FUNCTION: EVP_DigestInit_ex 31 1_1_0 EXIST::FUNCTION: CTLOG_new 32 1_1_0 EXIST::FUNCTION:CT -UI_get_result_minsize 33 1_1_0 EXIST::FUNCTION:UI +UI_get_result_minsize 33 1_1_0 EXIST::FUNCTION: EVP_PBE_alg_add_type 34 1_1_0 EXIST::FUNCTION: EVP_cast5_ofb 35 1_1_0 EXIST::FUNCTION:CAST d2i_PUBKEY_fp 36 1_1_0 EXIST::FUNCTION:STDIO @@ -39,7 +39,7 @@ BF_decrypt 38 1_1_0 EXIST::FUNCTION:BF PEM_read_bio_PUBKEY 39 1_1_0 EXIST::FUNCTION: X509_NAME_delete_entry 40 1_1_0 EXIST::FUNCTION: EVP_PKEY_meth_set_verify_recover 41 1_1_0 EXIST::FUNCTION: -UI_set_method 42 1_1_0 EXIST::FUNCTION:UI +UI_set_method 42 1_1_0 EXIST::FUNCTION: PKCS7_ISSUER_AND_SERIAL_it 43 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKCS7_ISSUER_AND_SERIAL_it 43 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: EC_GROUP_method_of 44 1_1_0 EXIST::FUNCTION:EC @@ -77,7 +77,7 @@ ASN1_item_print 76 1_1_0 EXIST::FUNCTION: CONF_set_nconf 77 1_1_0 EXIST::FUNCTION: RAND_set_rand_method 78 1_1_0 EXIST::FUNCTION: BN_GF2m_mod_mul 79 1_1_0 EXIST::FUNCTION:EC2M -UI_add_input_boolean 80 1_1_0 EXIST::FUNCTION:UI +UI_add_input_boolean 80 1_1_0 EXIST::FUNCTION: ASN1_TIME_adj 81 1_1_0 EXIST::FUNCTION: EVP_PKEY_asn1_get0_info 82 1_1_0 EXIST::FUNCTION: BN_add_word 83 1_1_0 EXIST::FUNCTION: @@ -85,7 +85,7 @@ EVP_des_ede 84 1_1_0 EXIST::FUNCTION:DES EVP_PKEY_add1_attr_by_OBJ 85 1_1_0 EXIST::FUNCTION: ASYNC_WAIT_CTX_get_all_fds 86 1_1_0 EXIST::FUNCTION: EVP_CIPHER_meth_set_do_cipher 87 1_1_0 EXIST::FUNCTION: -EVP_set_pw_prompt 88 1_1_0 EXIST::FUNCTION:UI +EVP_set_pw_prompt 88 1_1_0 EXIST::FUNCTION: d2i_OCSP_RESPBYTES 89 1_1_0 EXIST::FUNCTION:OCSP TS_REQ_get_ext_by_NID 90 1_1_0 EXIST::FUNCTION:TS ASN1_item_ndef_i2d 91 1_1_0 EXIST::FUNCTION: @@ -206,7 +206,7 @@ SCT_set_version 206 1_1_0 EXIST::FUNCTION:CT CMS_add1_ReceiptRequest 207 1_1_0 EXIST::FUNCTION:CMS d2i_CRL_DIST_POINTS 208 1_1_0 EXIST::FUNCTION: X509_CRL_INFO_free 209 1_1_0 EXIST::FUNCTION: -ERR_load_UI_strings 210 1_1_0 EXIST::FUNCTION:UI +ERR_load_UI_strings 210 1_1_0 EXIST::FUNCTION: ERR_load_strings 211 1_1_0 EXIST::FUNCTION: RSA_X931_hash_id 212 1_1_0 EXIST::FUNCTION:RSA EC_KEY_set_method 213 1_1_0 EXIST::FUNCTION:EC @@ -261,7 +261,7 @@ ASN1_NULL_free 262 1_1_0 EXIST::FUNCTION: EC_KEY_copy 263 1_1_0 EXIST::FUNCTION:EC EVP_des_ede3 264 1_1_0 EXIST::FUNCTION:DES PKCS7_add1_attrib_digest 265 1_1_0 EXIST::FUNCTION: -EC_POINT_get_affine_coordinates_GFp 266 1_1_0 EXIST::FUNCTION:EC +EC_POINT_get_affine_coordinates_GFp 266 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_2_0,EC EVP_seed_ecb 267 1_1_0 EXIST::FUNCTION:SEED BIO_dgram_sctp_wait_for_dry 268 1_1_0 EXIST::FUNCTION:DGRAM,SCTP ASN1_OCTET_STRING_NDEF_it 269 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -272,7 +272,7 @@ EVP_OpenInit 272 1_1_0 EXIST::FUNCTION:RSA OCSP_response_get1_basic 273 1_1_0 EXIST::FUNCTION:OCSP CRYPTO_gcm128_tag 274 1_1_0 EXIST::FUNCTION: OCSP_parse_url 275 1_1_0 EXIST::FUNCTION:OCSP -UI_get0_test_string 276 1_1_0 EXIST::FUNCTION:UI +UI_get0_test_string 276 1_1_0 EXIST::FUNCTION: CRYPTO_secure_free 277 1_1_0 EXIST::FUNCTION: DSA_print_fp 278 1_1_0 EXIST::FUNCTION:DSA,STDIO X509_get_ext_d2i 279 1_1_0 EXIST::FUNCTION: @@ -314,7 +314,7 @@ EVP_CIPHER_CTX_set_flags 314 1_1_0 EXIST::FUNCTION: err_free_strings_int 315 1_1_0 EXIST::FUNCTION: PEM_write_bio_PKCS7_stream 316 1_1_0 EXIST::FUNCTION: d2i_X509_CERT_AUX 317 1_1_0 EXIST::FUNCTION: -UI_process 318 1_1_0 EXIST::FUNCTION:UI +UI_process 318 1_1_0 EXIST::FUNCTION: X509_get_subject_name 319 1_1_0 EXIST::FUNCTION: DH_get_1024_160 320 1_1_0 EXIST::FUNCTION:DH i2d_ASN1_UNIVERSALSTRING 321 1_1_0 EXIST::FUNCTION: @@ -331,7 +331,7 @@ CRYPTO_ccm128_tag 331 1_1_0 EXIST::FUNCTION: BIO_new_dgram_sctp 332 1_1_0 EXIST::FUNCTION:DGRAM,SCTP d2i_RSAPrivateKey_fp 333 1_1_0 EXIST::FUNCTION:RSA,STDIO s2i_ASN1_IA5STRING 334 1_1_0 EXIST::FUNCTION: -UI_get_ex_data 335 1_1_0 EXIST::FUNCTION:UI +UI_get_ex_data 335 1_1_0 EXIST::FUNCTION: EVP_EncryptUpdate 336 1_1_0 EXIST::FUNCTION: SRP_create_verifier 337 1_1_0 EXIST::FUNCTION:SRP TS_TST_INFO_print_bio 338 1_1_0 EXIST::FUNCTION:TS @@ -372,7 +372,7 @@ SEED_ecb_encrypt 370 1_1_0 EXIST::FUNCTION:SEED X509_PUBKEY_get0_param 371 1_1_0 EXIST::FUNCTION: ASN1_i2d_fp 372 1_1_0 EXIST::FUNCTION:STDIO BIO_new_mem_buf 373 1_1_0 EXIST::FUNCTION: -UI_get_input_flags 374 1_1_0 EXIST::FUNCTION:UI +UI_get_input_flags 374 1_1_0 EXIST::FUNCTION: X509V3_EXT_REQ_add_nconf 375 1_1_0 EXIST::FUNCTION: X509v3_asid_subset 376 1_1_0 EXIST::FUNCTION:RFC3779 RSA_check_key_ex 377 1_1_0 EXIST::FUNCTION:RSA @@ -492,7 +492,7 @@ BN_GF2m_mod_sqr_arr 492 1_1_0 EXIST::FUNCTION:EC2M ASN1_PRINTABLESTRING_it 493 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ASN1_PRINTABLESTRING_it 493 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: BIO_f_cipher 494 1_1_0 EXIST::FUNCTION: -UI_destroy_method 495 1_1_0 EXIST::FUNCTION:UI +UI_destroy_method 495 1_1_0 EXIST::FUNCTION: BN_get_rfc3526_prime_3072 496 1_1_0 EXIST::FUNCTION: X509_INFO_new 497 1_1_0 EXIST::FUNCTION: OCSP_RESPDATA_it 498 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:OCSP @@ -544,7 +544,7 @@ CONF_get_number 544 1_1_0 EXIST::FUNCTION: X509_EXTENSION_get_object 545 1_1_0 EXIST::FUNCTION: X509_EXTENSIONS_it 546 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: X509_EXTENSIONS_it 546 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -EC_POINT_set_compressed_coordinates_GF2m 547 1_1_0 EXIST::FUNCTION:EC,EC2M +EC_POINT_set_compressed_coordinates_GF2m 547 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_2_0,EC,EC2M RSA_sign_ASN1_OCTET_STRING 548 1_1_0 EXIST::FUNCTION:RSA d2i_X509_CRL_fp 549 1_1_0 EXIST::FUNCTION:STDIO i2d_RSA_PUBKEY 550 1_1_0 EXIST::FUNCTION:RSA @@ -621,12 +621,12 @@ DES_ede3_ofb64_encrypt 620 1_1_0 EXIST::FUNCTION:DES EC_KEY_METHOD_get_compute_key 621 1_1_0 EXIST::FUNCTION:EC RC2_cfb64_encrypt 622 1_1_0 EXIST::FUNCTION:RC2 EVP_EncryptFinal_ex 623 1_1_0 EXIST::FUNCTION: -ERR_load_RSA_strings 624 1_1_0 EXIST::FUNCTION:RSA +ERR_load_RSA_strings 624 1_1_0 EXIST::FUNCTION: CRYPTO_secure_malloc_done 625 1_1_0 EXIST::FUNCTION: RSA_OAEP_PARAMS_new 626 1_1_0 EXIST::FUNCTION:RSA X509_NAME_free 627 1_1_0 EXIST::FUNCTION: PKCS12_set_mac 628 1_1_0 EXIST::FUNCTION: -UI_get0_result_string 629 1_1_0 EXIST::FUNCTION:UI +UI_get0_result_string 629 1_1_0 EXIST::FUNCTION: TS_RESP_CTX_add_policy 630 1_1_0 EXIST::FUNCTION:TS X509_REQ_dup 631 1_1_0 EXIST::FUNCTION: d2i_DSA_PUBKEY_fp 633 1_1_0 EXIST::FUNCTION:DSA,STDIO @@ -638,11 +638,11 @@ X509_REVOKED_it 638 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION: X509_REVOKED_it 638 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: CRYPTO_THREAD_write_lock 639 1_1_0 EXIST::FUNCTION: X509V3_NAME_from_section 640 1_1_0 EXIST::FUNCTION: -EC_POINT_set_compressed_coordinates_GFp 641 1_1_0 EXIST::FUNCTION:EC +EC_POINT_set_compressed_coordinates_GFp 641 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_2_0,EC OCSP_SINGLERESP_get0_id 642 1_1_0 EXIST::FUNCTION:OCSP -UI_add_info_string 643 1_1_0 EXIST::FUNCTION:UI +UI_add_info_string 643 1_1_0 EXIST::FUNCTION: OBJ_NAME_remove 644 1_1_0 EXIST::FUNCTION: -UI_get_method 645 1_1_0 EXIST::FUNCTION:UI +UI_get_method 645 1_1_0 EXIST::FUNCTION: CONF_modules_unload 646 1_1_0 EXIST::FUNCTION: CRYPTO_ccm128_encrypt_ccm64 647 1_1_0 EXIST::FUNCTION: CRYPTO_secure_malloc_init 648 1_1_0 EXIST::FUNCTION: @@ -717,7 +717,7 @@ PKCS7_add_signature 716 1_1_0 EXIST::FUNCTION: OBJ_ln2nid 717 1_1_0 EXIST::FUNCTION: CRYPTO_128_unwrap 718 1_1_0 EXIST::FUNCTION: BIO_new_PKCS7 719 1_1_0 EXIST::FUNCTION: -UI_get0_user_data 720 1_1_0 EXIST::FUNCTION:UI +UI_get0_user_data 720 1_1_0 EXIST::FUNCTION: TS_RESP_get_token 721 1_1_0 EXIST::FUNCTION:TS OCSP_RESPID_new 722 1_1_0 EXIST::FUNCTION:OCSP ASN1_SET_ANY_it 723 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -728,7 +728,7 @@ BIO_snprintf 726 1_1_0 EXIST::FUNCTION: EC_POINT_hex2point 727 1_1_0 EXIST::FUNCTION:EC X509v3_get_ext_by_critical 728 1_1_0 EXIST::FUNCTION: ENGINE_get_default_RSA 729 1_1_0 EXIST::FUNCTION:ENGINE -DSA_sign_setup 730 1_1_0 EXIST::FUNCTION:DSA +DSA_sign_setup 730 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_2_0,DSA OPENSSL_sk_new_null 731 1_1_0 EXIST::FUNCTION: PEM_read_PKCS8 732 1_1_0 EXIST::FUNCTION:STDIO BN_mod_sqr 733 1_1_0 EXIST::FUNCTION: @@ -760,7 +760,7 @@ X509_policy_node_get0_qualifiers 758 1_1_0 EXIST::FUNCTION: OCSP_cert_status_str 759 1_1_0 EXIST::FUNCTION:OCSP EVP_MD_meth_get_flags 760 1_1_0 EXIST::FUNCTION: ASN1_ENUMERATED_set 761 1_1_0 EXIST::FUNCTION: -UI_UTIL_read_pw 762 1_1_0 EXIST::FUNCTION:UI +UI_UTIL_read_pw 762 1_1_0 EXIST::FUNCTION: PKCS7_ENC_CONTENT_free 763 1_1_0 EXIST::FUNCTION: CMS_RecipientInfo_type 764 1_1_0 EXIST::FUNCTION:CMS OCSP_BASICRESP_get_ext 765 1_1_0 EXIST::FUNCTION:OCSP @@ -772,7 +772,7 @@ ENGINE_init 770 1_1_0 EXIST::FUNCTION:ENGINE TS_RESP_CTX_add_flags 771 1_1_0 EXIST::FUNCTION:TS BIO_gethostbyname 772 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SOCK X509V3_EXT_add 773 1_1_0 EXIST::FUNCTION: -UI_add_verify_string 774 1_1_0 EXIST::FUNCTION:UI +UI_add_verify_string 774 1_1_0 EXIST::FUNCTION: EVP_rc5_32_12_16_cfb64 775 1_1_0 EXIST::FUNCTION:RC5 PKCS7_dataVerify 776 1_1_0 EXIST::FUNCTION: PKCS7_SIGNER_INFO_free 777 1_1_0 EXIST::FUNCTION: @@ -909,13 +909,13 @@ PKCS5_pbe2_set_iv 905 1_1_0 EXIST::FUNCTION: ASN1_add_stable_module 906 1_1_0 EXIST::FUNCTION: EVP_camellia_128_cbc 907 1_1_0 EXIST::FUNCTION:CAMELLIA COMP_zlib 908 1_1_0 EXIST::FUNCTION:COMP -EVP_read_pw_string 909 1_1_0 EXIST::FUNCTION:UI +EVP_read_pw_string 909 1_1_0 EXIST::FUNCTION: i2d_ASN1_NULL 910 1_1_0 EXIST::FUNCTION: DES_encrypt1 911 1_1_0 EXIST::FUNCTION:DES BN_mod_lshift1_quick 912 1_1_0 EXIST::FUNCTION: BN_get_rfc3526_prime_6144 913 1_1_0 EXIST::FUNCTION: OBJ_obj2txt 914 1_1_0 EXIST::FUNCTION: -UI_set_result 915 1_1_0 EXIST::FUNCTION:UI +UI_set_result 915 1_1_0 EXIST::FUNCTION: EVP_EncodeUpdate 916 1_1_0 EXIST::FUNCTION: PEM_write_bio_X509_CRL 917 1_1_0 EXIST::FUNCTION: BN_cmp 918 1_1_0 EXIST::FUNCTION: @@ -1020,11 +1020,11 @@ ASN1_UTCTIME_it 1013 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION: i2d_DSA_PUBKEY_fp 1014 1_1_0 EXIST::FUNCTION:DSA,STDIO X509at_get_attr_by_OBJ 1015 1_1_0 EXIST::FUNCTION: EVP_MD_CTX_copy_ex 1016 1_1_0 EXIST::FUNCTION: -UI_dup_error_string 1017 1_1_0 EXIST::FUNCTION:UI +UI_dup_error_string 1017 1_1_0 EXIST::FUNCTION: OPENSSL_LH_num_items 1018 1_1_0 EXIST::FUNCTION: ASN1_INTEGER_cmp 1020 1_1_0 EXIST::FUNCTION: X509_NAME_entry_count 1021 1_1_0 EXIST::FUNCTION: -UI_method_set_closer 1022 1_1_0 EXIST::FUNCTION:UI +UI_method_set_closer 1022 1_1_0 EXIST::FUNCTION: OPENSSL_LH_get_down_load 1023 1_1_0 EXIST::FUNCTION: EVP_md4 1024 1_1_0 EXIST::FUNCTION:MD4 X509_set_subject_name 1025 1_1_0 EXIST::FUNCTION: @@ -1100,7 +1100,7 @@ X509_print_ex_fp 1093 1_1_0 EXIST::FUNCTION:STDIO ERR_load_PEM_strings 1094 1_1_0 EXIST::FUNCTION: ENGINE_unregister_pkey_asn1_meths 1095 1_1_0 EXIST::FUNCTION:ENGINE IPAddressFamily_free 1096 1_1_0 EXIST::FUNCTION:RFC3779 -UI_method_get_prompt_constructor 1097 1_1_0 EXIST::FUNCTION:UI +UI_method_get_prompt_constructor 1097 1_1_0 EXIST::FUNCTION: ASN1_NULL_it 1098 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ASN1_NULL_it 1098 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: X509_REQ_get_pubkey 1099 1_1_0 EXIST::FUNCTION: @@ -1262,7 +1262,7 @@ OPENSSL_DIR_read 1250 1_1_0 EXIST::FUNCTION: CMS_add_smimecap 1251 1_1_0 EXIST::FUNCTION:CMS X509_check_email 1252 1_1_0 EXIST::FUNCTION: CRYPTO_cts128_decrypt_block 1253 1_1_0 EXIST::FUNCTION: -UI_method_get_opener 1254 1_1_0 EXIST::FUNCTION:UI +UI_method_get_opener 1254 1_1_0 EXIST::FUNCTION: EVP_aes_192_gcm 1255 1_1_0 EXIST::FUNCTION: TS_CONF_set_tsa_name 1256 1_1_0 EXIST::FUNCTION:TS X509_email_free 1257 1_1_0 EXIST::FUNCTION: @@ -1292,7 +1292,7 @@ ASN1_TIME_free 1281 1_1_0 EXIST::FUNCTION: i2o_SCT_LIST 1282 1_1_0 EXIST::FUNCTION:CT AES_encrypt 1283 1_1_0 EXIST::FUNCTION: MD5_Init 1284 1_1_0 EXIST::FUNCTION:MD5 -UI_add_error_string 1285 1_1_0 EXIST::FUNCTION:UI +UI_add_error_string 1285 1_1_0 EXIST::FUNCTION: X509_TRUST_cleanup 1286 1_1_0 EXIST::FUNCTION: PEM_read_X509 1287 1_1_0 EXIST::FUNCTION:STDIO EC_KEY_new_method 1288 1_1_0 EXIST::FUNCTION:EC @@ -1315,11 +1315,11 @@ BN_rshift1 1303 1_1_0 EXIST::FUNCTION: i2d_PKCS7_ENVELOPE 1304 1_1_0 EXIST::FUNCTION: PBKDF2PARAM_it 1305 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PBKDF2PARAM_it 1305 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -UI_get_result_maxsize 1306 1_1_0 EXIST::FUNCTION:UI +UI_get_result_maxsize 1306 1_1_0 EXIST::FUNCTION: PBEPARAM_it 1307 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PBEPARAM_it 1307 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: TS_ACCURACY_set_seconds 1308 1_1_0 EXIST::FUNCTION:TS -UI_get0_action_string 1309 1_1_0 EXIST::FUNCTION:UI +UI_get0_action_string 1309 1_1_0 EXIST::FUNCTION: RC2_decrypt 1310 1_1_0 EXIST::FUNCTION:RC2 OPENSSL_atexit 1311 1_1_0 EXIST::FUNCTION: CMS_add_standard_smimecap 1312 1_1_0 EXIST::FUNCTION:CMS @@ -1391,7 +1391,7 @@ PROXY_CERT_INFO_EXTENSION_it 1377 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION: CT_POLICY_EVAL_CTX_set1_cert 1378 1_1_0 EXIST::FUNCTION:CT X509_NAME_hash 1379 1_1_0 EXIST::FUNCTION: SCT_set_timestamp 1380 1_1_0 EXIST::FUNCTION:CT -UI_new 1381 1_1_0 EXIST::FUNCTION:UI +UI_new 1381 1_1_0 EXIST::FUNCTION: TS_REQ_get_msg_imprint 1382 1_1_0 EXIST::FUNCTION:TS i2d_PKCS12_BAGS 1383 1_1_0 EXIST::FUNCTION: CERTIFICATEPOLICIES_free 1385 1_1_0 EXIST::FUNCTION: @@ -1410,7 +1410,7 @@ PEM_read_bio_PrivateKey 1398 1_1_0 EXIST::FUNCTION: d2i_PKCS7_ENCRYPT 1399 1_1_0 EXIST::FUNCTION: EVP_PKEY_CTX_ctrl 1400 1_1_0 EXIST::FUNCTION: X509_REQ_set_pubkey 1401 1_1_0 EXIST::FUNCTION: -UI_create_method 1402 1_1_0 EXIST::FUNCTION:UI +UI_create_method 1402 1_1_0 EXIST::FUNCTION: X509_REQ_add_extensions_nid 1403 1_1_0 EXIST::FUNCTION: PEM_X509_INFO_write_bio 1404 1_1_0 EXIST::FUNCTION: BIO_dump_cb 1405 1_1_0 EXIST::FUNCTION: @@ -1478,7 +1478,7 @@ BN_gcd 1465 1_1_0 EXIST::FUNCTION: CMS_dataInit 1466 1_1_0 EXIST::FUNCTION:CMS TS_CONF_get_tsa_section 1467 1_1_0 EXIST::FUNCTION:TS i2d_PKCS7_SIGNER_INFO 1468 1_1_0 EXIST::FUNCTION: -EVP_get_pw_prompt 1469 1_1_0 EXIST::FUNCTION:UI +EVP_get_pw_prompt 1469 1_1_0 EXIST::FUNCTION: BN_bn2bin 1470 1_1_0 EXIST::FUNCTION: d2i_ASN1_BIT_STRING 1471 1_1_0 EXIST::FUNCTION: OCSP_CERTSTATUS_new 1472 1_1_0 EXIST::FUNCTION:OCSP @@ -1491,7 +1491,7 @@ SHA384_Final 1478 1_1_0 EXIST::FUNCTION: TS_RESP_CTX_set_certs 1479 1_1_0 EXIST::FUNCTION:TS BN_MONT_CTX_free 1480 1_1_0 EXIST::FUNCTION: BN_GF2m_mod_solve_quad_arr 1481 1_1_0 EXIST::FUNCTION:EC2M -UI_add_input_string 1482 1_1_0 EXIST::FUNCTION:UI +UI_add_input_string 1482 1_1_0 EXIST::FUNCTION: TS_TST_INFO_get_version 1483 1_1_0 EXIST::FUNCTION:TS BIO_accept_ex 1484 1_1_0 EXIST::FUNCTION:SOCK CRYPTO_get_mem_functions 1485 1_1_0 EXIST::FUNCTION: @@ -1600,7 +1600,7 @@ SRP_Verify_A_mod_N 1587 1_1_0 EXIST::FUNCTION:SRP SRP_VBASE_free 1588 1_1_0 EXIST::FUNCTION:SRP PKCS7_add0_attrib_signing_time 1589 1_1_0 EXIST::FUNCTION: X509_STORE_set_flags 1590 1_1_0 EXIST::FUNCTION: -UI_get0_output_string 1591 1_1_0 EXIST::FUNCTION:UI +UI_get0_output_string 1591 1_1_0 EXIST::FUNCTION: ERR_get_error_line_data 1592 1_1_0 EXIST::FUNCTION: CTLOG_get0_name 1593 1_1_0 EXIST::FUNCTION:CT ASN1_TBOOLEAN_it 1594 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -1699,7 +1699,7 @@ CMS_EncryptedData_set1_key 1686 1_1_0 EXIST::FUNCTION:CMS OBJ_find_sigid_by_algs 1687 1_1_0 EXIST::FUNCTION: ASN1_generate_nconf 1688 1_1_0 EXIST::FUNCTION: CMS_add0_recipient_password 1689 1_1_0 EXIST::FUNCTION:CMS -UI_get_string_type 1690 1_1_0 EXIST::FUNCTION:UI +UI_get_string_type 1690 1_1_0 EXIST::FUNCTION: PEM_read_bio_ECPrivateKey 1691 1_1_0 EXIST::FUNCTION:EC EVP_PKEY_get_attr 1692 1_1_0 EXIST::FUNCTION: PEM_read_bio_ECPKParameters 1693 1_1_0 EXIST::FUNCTION:EC @@ -1720,7 +1720,7 @@ X509_policy_tree_get0_level 1706 1_1_0 EXIST::FUNCTION: ASN1_parse_dump 1708 1_1_0 EXIST::FUNCTION: BIO_vfree 1709 1_1_0 EXIST::FUNCTION: CRYPTO_cbc128_decrypt 1710 1_1_0 EXIST::FUNCTION: -UI_dup_verify_string 1711 1_1_0 EXIST::FUNCTION:UI +UI_dup_verify_string 1711 1_1_0 EXIST::FUNCTION: d2i_PKCS7_bio 1712 1_1_0 EXIST::FUNCTION: ENGINE_set_default_digests 1713 1_1_0 EXIST::FUNCTION:ENGINE i2d_PublicKey 1714 1_1_0 EXIST::FUNCTION: @@ -1738,7 +1738,7 @@ BIO_nwrite0 1725 1_1_0 EXIST::FUNCTION: CAST_encrypt 1726 1_1_0 EXIST::FUNCTION:CAST a2d_ASN1_OBJECT 1727 1_1_0 EXIST::FUNCTION: OCSP_ONEREQ_delete_ext 1728 1_1_0 EXIST::FUNCTION:OCSP -UI_method_get_reader 1729 1_1_0 EXIST::FUNCTION:UI +UI_method_get_reader 1729 1_1_0 EXIST::FUNCTION: CMS_unsigned_get_attr 1730 1_1_0 EXIST::FUNCTION:CMS EVP_aes_256_cbc 1731 1_1_0 EXIST::FUNCTION: X509_check_ip_asc 1732 1_1_0 EXIST::FUNCTION: @@ -1768,8 +1768,8 @@ ASYNC_init_thread 1755 1_1_0 EXIST::FUNCTION: OCSP_BASICRESP_get_ext_by_OBJ 1756 1_1_0 EXIST::FUNCTION:OCSP X509_reject_clear 1757 1_1_0 EXIST::FUNCTION: DH_security_bits 1758 1_1_0 EXIST::FUNCTION:DH -LONG_it 1759 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -LONG_it 1759 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +LONG_it 1759 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DEPRECATEDIN_1_2_0 +LONG_it 1759 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DEPRECATEDIN_1_2_0 ASN1_dup 1760 1_1_0 EXIST::FUNCTION: TS_RESP_new 1761 1_1_0 EXIST::FUNCTION:TS i2d_PKCS8PrivateKeyInfo_fp 1762 1_1_0 EXIST::FUNCTION:STDIO @@ -1834,8 +1834,8 @@ X509V3_EXT_add_list 1821 1_1_0 EXIST::FUNCTION: CMS_compress 1822 1_1_0 EXIST::FUNCTION:CMS X509_get_ext_by_critical 1823 1_1_0 EXIST::FUNCTION: ASYNC_WAIT_CTX_clear_fd 1824 1_1_0 EXIST::FUNCTION: -ZLONG_it 1825 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ZLONG_it 1825 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +ZLONG_it 1825 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DEPRECATEDIN_1_2_0 +ZLONG_it 1825 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DEPRECATEDIN_1_2_0 OPENSSL_sk_find_ex 1826 1_1_0 EXIST::FUNCTION: ASN1_ENUMERATED_to_BN 1827 1_1_0 EXIST::FUNCTION: X509_CRL_get_ext_d2i 1828 1_1_0 EXIST::FUNCTION: @@ -1866,7 +1866,7 @@ TS_RESP_CTX_set_serial_cb 1851 1_1_0 EXIST::FUNCTION:TS POLICY_MAPPING_it 1852 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: POLICY_MAPPING_it 1852 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: ERR_load_KDF_strings 1853 1_1_0 EXIST::FUNCTION: -UI_method_set_reader 1854 1_1_0 EXIST::FUNCTION:UI +UI_method_set_reader 1854 1_1_0 EXIST::FUNCTION: BIO_next 1855 1_1_0 EXIST::FUNCTION: ASN1_STRING_set_default_mask_asc 1856 1_1_0 EXIST::FUNCTION: X509_CRL_new 1857 1_1_0 EXIST::FUNCTION: @@ -1874,7 +1874,7 @@ i2b_PrivateKey_bio 1858 1_1_0 EXIST::FUNCTION:DSA ASN1_STRING_length_set 1859 1_1_0 EXIST::FUNCTION: PEM_write_PKCS8 1860 1_1_0 EXIST::FUNCTION:STDIO PKCS7_digest_from_attributes 1861 1_1_0 EXIST::FUNCTION: -EC_GROUP_set_curve_GFp 1862 1_1_0 EXIST::FUNCTION:EC +EC_GROUP_set_curve_GFp 1862 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_2_0,EC X509_PURPOSE_get0 1863 1_1_0 EXIST::FUNCTION: EVP_PKEY_set1_DSA 1864 1_1_0 EXIST::FUNCTION:DSA X509_NAME_it 1865 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -1913,7 +1913,7 @@ EVP_aes_192_cfb128 1896 1_1_0 EXIST::FUNCTION: OCSP_REQ_CTX_nbio 1897 1_1_0 EXIST::FUNCTION:OCSP EVP_CIPHER_CTX_copy 1898 1_1_0 EXIST::FUNCTION: CRYPTO_secure_allocated 1899 1_1_0 EXIST::FUNCTION: -UI_UTIL_read_pw_string 1900 1_1_0 EXIST::FUNCTION:UI +UI_UTIL_read_pw_string 1900 1_1_0 EXIST::FUNCTION: NOTICEREF_free 1901 1_1_0 EXIST::FUNCTION: AES_cfb1_encrypt 1902 1_1_0 EXIST::FUNCTION: X509v3_get_ext 1903 1_1_0 EXIST::FUNCTION: @@ -1966,7 +1966,7 @@ PKCS12_unpack_p7data 1951 1_1_0 EXIST::FUNCTION: ECDSA_sign 1952 1_1_0 EXIST::FUNCTION:EC d2i_PKCS12_fp 1953 1_1_0 EXIST::FUNCTION:STDIO CMS_unsigned_get_attr_by_NID 1954 1_1_0 EXIST::FUNCTION:CMS -UI_add_user_data 1955 1_1_0 EXIST::FUNCTION:UI +UI_add_user_data 1955 1_1_0 EXIST::FUNCTION: BN_bntest_rand 1956 1_1_0 EXIST::FUNCTION: X509_get_pubkey 1957 1_1_0 EXIST::FUNCTION: i2d_X509_NAME 1958 1_1_0 EXIST::FUNCTION: @@ -1982,7 +1982,7 @@ X509_CRL_it 1966 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION: d2i_X509_ALGOR 1967 1_1_0 EXIST::FUNCTION: PKCS12_PBE_keyivgen 1968 1_1_0 EXIST::FUNCTION: BIO_test_flags 1969 1_1_0 EXIST::FUNCTION: -EC_POINT_get_affine_coordinates_GF2m 1970 1_1_0 EXIST::FUNCTION:EC,EC2M +EC_POINT_get_affine_coordinates_GF2m 1970 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_2_0,EC,EC2M EVP_ENCODE_CTX_num 1971 1_1_0 EXIST::FUNCTION: Camellia_cfb1_encrypt 1972 1_1_0 EXIST::FUNCTION:CAMELLIA NCONF_load_fp 1973 1_1_0 EXIST::FUNCTION:STDIO @@ -2032,7 +2032,7 @@ EC_POINT_point2hex 2013 1_1_0 EXIST::FUNCTION:EC ENGINE_get_default_DSA 2014 1_1_0 EXIST::FUNCTION:ENGINE ENGINE_register_all_complete 2015 1_1_0 EXIST::FUNCTION:ENGINE SRP_get_default_gN 2016 1_1_0 EXIST::FUNCTION:SRP -UI_dup_input_boolean 2017 1_1_0 EXIST::FUNCTION:UI +UI_dup_input_boolean 2017 1_1_0 EXIST::FUNCTION: PKCS7_dup 2018 1_1_0 EXIST::FUNCTION: i2d_TS_REQ_fp 2019 1_1_0 EXIST::FUNCTION:STDIO,TS i2d_OTHERNAME 2020 1_1_0 EXIST::FUNCTION: @@ -2045,9 +2045,9 @@ ENGINE_get_pkey_asn1_meth_str 2026 1_1_0 EXIST::FUNCTION:ENGINE PKCS7_signatureVerify 2027 1_1_0 EXIST::FUNCTION: CRYPTO_ocb128_new 2028 1_1_0 EXIST::FUNCTION:OCB EC_curve_nist2nid 2029 1_1_0 EXIST::FUNCTION:EC -UI_get0_result 2030 1_1_0 EXIST::FUNCTION:UI +UI_get0_result 2030 1_1_0 EXIST::FUNCTION: OCSP_request_add1_nonce 2031 1_1_0 EXIST::FUNCTION:OCSP -UI_construct_prompt 2032 1_1_0 EXIST::FUNCTION:UI +UI_construct_prompt 2032 1_1_0 EXIST::FUNCTION: ENGINE_unregister_RSA 2033 1_1_0 EXIST::FUNCTION:ENGINE EC_GROUP_order_bits 2034 1_1_0 EXIST::FUNCTION:EC d2i_CMS_bio 2035 1_1_0 EXIST::FUNCTION:CMS @@ -2076,10 +2076,10 @@ EVP_CIPHER_CTX_original_iv 2054 1_1_0 EXIST::FUNCTION: PKCS7_SIGNED_free 2055 1_1_0 EXIST::FUNCTION: X509_TRUST_get0_name 2056 1_1_0 EXIST::FUNCTION: ENGINE_get_load_pubkey_function 2057 1_1_0 EXIST::FUNCTION:ENGINE -UI_get_default_method 2058 1_1_0 EXIST::FUNCTION:UI +UI_get_default_method 2058 1_1_0 EXIST::FUNCTION: PKCS12_add_CSPName_asc 2059 1_1_0 EXIST::FUNCTION: PEM_write_PUBKEY 2060 1_1_0 EXIST::FUNCTION:STDIO -UI_method_set_prompt_constructor 2061 1_1_0 EXIST::FUNCTION:UI +UI_method_set_prompt_constructor 2061 1_1_0 EXIST::FUNCTION: OBJ_length 2062 1_1_0 EXIST::FUNCTION: BN_GENCB_get_arg 2063 1_1_0 EXIST::FUNCTION: EVP_MD_CTX_clear_flags 2064 1_1_0 EXIST::FUNCTION: @@ -2107,7 +2107,7 @@ i2d_ASN1_GENERALSTRING 2085 1_1_0 EXIST::FUNCTION: POLICYQUALINFO_new 2086 1_1_0 EXIST::FUNCTION: PKCS7_RECIP_INFO_get0_alg 2087 1_1_0 EXIST::FUNCTION: EVP_PKEY_base_id 2088 1_1_0 EXIST::FUNCTION: -UI_method_set_opener 2089 1_1_0 EXIST::FUNCTION:UI +UI_method_set_opener 2089 1_1_0 EXIST::FUNCTION: X509v3_get_ext_by_NID 2090 1_1_0 EXIST::FUNCTION: TS_CONF_set_policies 2091 1_1_0 EXIST::FUNCTION:TS CMS_SignerInfo_cert_cmp 2092 1_1_0 EXIST::FUNCTION:CMS @@ -2183,7 +2183,7 @@ i2d_ASN1_T61STRING 2156 1_1_0 EXIST::FUNCTION: X509_add1_trust_object 2157 1_1_0 EXIST::FUNCTION: PEM_write_X509 2158 1_1_0 EXIST::FUNCTION:STDIO BN_CTX_free 2159 1_1_0 EXIST::FUNCTION: -EC_GROUP_get_curve_GF2m 2160 1_1_0 EXIST::FUNCTION:EC,EC2M +EC_GROUP_get_curve_GF2m 2160 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_2_0,EC,EC2M EVP_MD_flags 2161 1_1_0 EXIST::FUNCTION: OPENSSL_sk_set 2162 1_1_0 EXIST::FUNCTION: OCSP_request_sign 2163 1_1_0 EXIST::FUNCTION:OCSP @@ -2263,7 +2263,7 @@ ENGINE_set_name 2235 1_1_0 EXIST::FUNCTION:ENGINE TS_TST_INFO_get_policy_id 2236 1_1_0 EXIST::FUNCTION:TS PKCS7_SIGNER_INFO_set 2237 1_1_0 EXIST::FUNCTION: PEM_write_bio_PKCS8_PRIV_KEY_INFO 2238 1_1_0 EXIST::FUNCTION: -EC_GROUP_set_curve_GF2m 2239 1_1_0 EXIST::FUNCTION:EC,EC2M +EC_GROUP_set_curve_GF2m 2239 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_2_0,EC,EC2M ENGINE_load_builtin_engines 2240 1_1_0 EXIST::FUNCTION:ENGINE SRP_VBASE_init 2241 1_1_0 EXIST::FUNCTION:SRP SHA224_Final 2242 1_1_0 EXIST::FUNCTION: @@ -2368,7 +2368,7 @@ ASN1_PRINTABLE_type 2338 1_1_0 EXIST::FUNCTION: TS_CONF_set_ess_cert_id_chain 2339 1_1_0 EXIST::FUNCTION:TS PEM_read_DSAPrivateKey 2340 1_1_0 EXIST::FUNCTION:DSA,STDIO DH_generate_parameters_ex 2341 1_1_0 EXIST::FUNCTION:DH -UI_dup_input_string 2342 1_1_0 EXIST::FUNCTION:UI +UI_dup_input_string 2342 1_1_0 EXIST::FUNCTION: X509_keyid_set1 2343 1_1_0 EXIST::FUNCTION: X509_VERIFY_PARAM_set1 2344 1_1_0 EXIST::FUNCTION: EC_GROUP_get_asn1_flag 2345 1_1_0 EXIST::FUNCTION:EC @@ -2444,7 +2444,7 @@ ASN1_PCTX_set_nm_flags 2413 1_1_0 EXIST::FUNCTION: BIO_ctrl 2414 1_1_0 EXIST::FUNCTION: X509_CRL_set_default_method 2415 1_1_0 EXIST::FUNCTION: d2i_RSAPublicKey_fp 2417 1_1_0 EXIST::FUNCTION:RSA,STDIO -UI_method_get_flusher 2418 1_1_0 EXIST::FUNCTION:UI +UI_method_get_flusher 2418 1_1_0 EXIST::FUNCTION: EC_POINT_dbl 2419 1_1_0 EXIST::FUNCTION:EC i2d_X509_CRL_INFO 2420 1_1_0 EXIST::FUNCTION: i2d_OCSP_CERTSTATUS 2421 1_1_0 EXIST::FUNCTION:OCSP @@ -2570,7 +2570,7 @@ X509_PURPOSE_add 2537 1_1_0 EXIST::FUNCTION: PKCS7_ENVELOPE_free 2538 1_1_0 EXIST::FUNCTION: PKCS12_key_gen_uni 2539 1_1_0 EXIST::FUNCTION: WHIRLPOOL 2540 1_1_0 EXIST::FUNCTION:WHIRLPOOL -UI_set_default_method 2542 1_1_0 EXIST::FUNCTION:UI +UI_set_default_method 2542 1_1_0 EXIST::FUNCTION: EC_POINT_is_at_infinity 2543 1_1_0 EXIST::FUNCTION:EC i2d_NOTICEREF 2544 1_1_0 EXIST::FUNCTION: EC_KEY_new 2545 1_1_0 EXIST::FUNCTION:EC @@ -2795,8 +2795,8 @@ CT_POLICY_EVAL_CTX_new 2756 1_1_0 EXIST::FUNCTION:CT NETSCAPE_SPKI_it 2757 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: NETSCAPE_SPKI_it 2757 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: CRYPTO_THREAD_unlock 2758 1_1_0 EXIST::FUNCTION: -UI_method_set_writer 2759 1_1_0 EXIST::FUNCTION:UI -UI_dup_info_string 2760 1_1_0 EXIST::FUNCTION:UI +UI_method_set_writer 2759 1_1_0 EXIST::FUNCTION: +UI_dup_info_string 2760 1_1_0 EXIST::FUNCTION: OPENSSL_init 2761 1_1_0 EXIST::FUNCTION: TS_RESP_get_tst_info 2762 1_1_0 EXIST::FUNCTION:TS X509_VERIFY_PARAM_get_depth 2763 1_1_0 EXIST::FUNCTION: @@ -2983,7 +2983,7 @@ EVP_aes_192_cbc 2936 1_1_0 EXIST::FUNCTION: PKCS8_pkey_set0 2937 1_1_0 EXIST::FUNCTION: X509_get1_email 2938 1_1_0 EXIST::FUNCTION: EC_POINT_point2oct 2939 1_1_0 EXIST::FUNCTION:EC -EC_GROUP_get_curve_GFp 2940 1_1_0 EXIST::FUNCTION:EC +EC_GROUP_get_curve_GFp 2940 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_2_0,EC ASYNC_block_pause 2941 1_1_0 EXIST::FUNCTION: OCSP_SINGLERESP_get_ext 2942 1_1_0 EXIST::FUNCTION:OCSP CRYPTO_strdup 2943 1_1_0 EXIST::FUNCTION: @@ -3234,9 +3234,9 @@ X509_NAME_oneline 3186 1_1_0 EXIST::FUNCTION: X509V3_set_nconf 3187 1_1_0 EXIST::FUNCTION: RSAPrivateKey_dup 3188 1_1_0 EXIST::FUNCTION:RSA BN_mod_add 3189 1_1_0 EXIST::FUNCTION: -EC_POINT_set_affine_coordinates_GFp 3190 1_1_0 EXIST::FUNCTION:EC +EC_POINT_set_affine_coordinates_GFp 3190 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_2_0,EC X509_get_default_cert_file 3191 1_1_0 EXIST::FUNCTION: -UI_method_set_flusher 3192 1_1_0 EXIST::FUNCTION:UI +UI_method_set_flusher 3192 1_1_0 EXIST::FUNCTION: RSA_new_method 3193 1_1_0 EXIST::FUNCTION:RSA OCSP_request_verify 3194 1_1_0 EXIST::FUNCTION:OCSP CRYPTO_THREAD_run_once 3195 1_1_0 EXIST::FUNCTION: @@ -3299,7 +3299,7 @@ CMS_set1_eContentType 3251 1_1_0 EXIST::FUNCTION:CMS EVP_des_ede3_wrap 3252 1_1_0 EXIST::FUNCTION:DES GENERAL_SUBTREE_it 3253 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: GENERAL_SUBTREE_it 3253 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -EVP_read_pw_string_min 3254 1_1_0 EXIST::FUNCTION:UI +EVP_read_pw_string_min 3254 1_1_0 EXIST::FUNCTION: X509_set1_notBefore 3255 1_1_0 EXIST::FUNCTION: MD4 3256 1_1_0 EXIST::FUNCTION:MD4 EVP_PKEY_CTX_dup 3257 1_1_0 EXIST::FUNCTION: @@ -3466,7 +3466,7 @@ ASN1_mbstring_copy 3417 1_1_0 EXIST::FUNCTION: PKCS7_set_type 3418 1_1_0 EXIST::FUNCTION: BIO_gets 3419 1_1_0 EXIST::FUNCTION: RSA_padding_check_PKCS1_type_1 3420 1_1_0 EXIST::FUNCTION:RSA -UI_ctrl 3421 1_1_0 EXIST::FUNCTION:UI +UI_ctrl 3421 1_1_0 EXIST::FUNCTION: i2d_X509_REQ_fp 3422 1_1_0 EXIST::FUNCTION:STDIO BN_BLINDING_convert_ex 3423 1_1_0 EXIST::FUNCTION: ASN1_GENERALIZEDTIME_print 3424 1_1_0 EXIST::FUNCTION: @@ -3479,7 +3479,7 @@ OCSP_SINGLERESP_get_ext_count 3430 1_1_0 EXIST::FUNCTION:OCSP EC_POINT_free 3431 1_1_0 EXIST::FUNCTION:EC EVP_OpenFinal 3432 1_1_0 EXIST::FUNCTION:RSA RAND_egd_bytes 3433 1_1_0 EXIST::FUNCTION:EGD -UI_method_get_writer 3434 1_1_0 EXIST::FUNCTION:UI +UI_method_get_writer 3434 1_1_0 EXIST::FUNCTION: BN_secure_new 3435 1_1_0 EXIST::FUNCTION: SHA1_Update 3437 1_1_0 EXIST::FUNCTION: BIO_s_connect 3438 1_1_0 EXIST::FUNCTION:SOCK @@ -3572,7 +3572,7 @@ PROXY_CERT_INFO_EXTENSION_new 3523 1_1_0 EXIST::FUNCTION: EVP_bf_cbc 3524 1_1_0 EXIST::FUNCTION:BF DSA_do_verify 3525 1_1_0 EXIST::FUNCTION:DSA EC_GROUP_get_seed_len 3526 1_1_0 EXIST::FUNCTION:EC -EC_POINT_set_affine_coordinates_GF2m 3527 1_1_0 EXIST::FUNCTION:EC,EC2M +EC_POINT_set_affine_coordinates_GF2m 3527 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_2_0,EC,EC2M TS_REQ_set_policy_id 3528 1_1_0 EXIST::FUNCTION:TS BIO_callback_ctrl 3529 1_1_0 EXIST::FUNCTION: v2i_GENERAL_NAME 3530 1_1_0 EXIST::FUNCTION: @@ -3642,7 +3642,7 @@ RAND_bytes 3596 1_1_0 EXIST::FUNCTION: PKCS7_free 3597 1_1_0 EXIST::FUNCTION: X509_NAME_ENTRY_create_by_txt 3598 1_1_0 EXIST::FUNCTION: DES_cbc_cksum 3599 1_1_0 EXIST::FUNCTION:DES -UI_free 3600 1_1_0 EXIST::FUNCTION:UI +UI_free 3600 1_1_0 EXIST::FUNCTION: BN_is_prime 3601 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_0_9_8 CMS_get0_signers 3602 1_1_0 EXIST::FUNCTION:CMS i2d_PrivateKey_fp 3603 1_1_0 EXIST::FUNCTION:STDIO @@ -3665,7 +3665,7 @@ TS_CONF_set_signer_digest 3619 1_1_0 EXIST::FUNCTION:TS OBJ_new_nid 3620 1_1_0 EXIST::FUNCTION: CMS_ReceiptRequest_new 3621 1_1_0 EXIST::FUNCTION:CMS SRP_VBASE_get1_by_user 3622 1_1_0 EXIST::FUNCTION:SRP -UI_method_get_closer 3623 1_1_0 EXIST::FUNCTION:UI +UI_method_get_closer 3623 1_1_0 EXIST::FUNCTION: ENGINE_get_ex_data 3624 1_1_0 EXIST::FUNCTION:ENGINE BN_print_fp 3625 1_1_0 EXIST::FUNCTION:STDIO MD2_Update 3626 1_1_0 EXIST::FUNCTION:MD2 @@ -3759,7 +3759,7 @@ ENGINE_register_all_digests 3713 1_1_0 EXIST::FUNCTION:ENGINE X509_REQ_get_version 3714 1_1_0 EXIST::FUNCTION: i2d_ASN1_UTCTIME 3715 1_1_0 EXIST::FUNCTION: TS_STATUS_INFO_new 3716 1_1_0 EXIST::FUNCTION:TS -UI_set_ex_data 3717 1_1_0 EXIST::FUNCTION:UI +UI_set_ex_data 3717 1_1_0 EXIST::FUNCTION: ASN1_TIME_set 3718 1_1_0 EXIST::FUNCTION: TS_RESP_verify_response 3719 1_1_0 EXIST::FUNCTION:TS X509_REVOKED_get0_serialNumber 3720 1_1_0 EXIST::FUNCTION: @@ -3796,7 +3796,7 @@ EVP_PKEY_meth_get_sign 3750 1_1_0 EXIST::FUNCTION: TS_REQ_get_nonce 3751 1_1_0 EXIST::FUNCTION:TS ENGINE_unregister_EC 3752 1_1_0 EXIST::FUNCTION:ENGINE X509v3_get_ext_count 3753 1_1_0 EXIST::FUNCTION: -UI_OpenSSL 3754 1_1_0 EXIST::FUNCTION:UI +UI_OpenSSL 3754 1_1_0 EXIST::FUNCTION:UI_CONSOLE CRYPTO_ccm128_decrypt 3755 1_1_0 EXIST::FUNCTION: d2i_OCSP_RESPDATA 3756 1_1_0 EXIST::FUNCTION:OCSP BIO_set_callback 3757 1_1_0 EXIST::FUNCTION: @@ -3826,7 +3826,7 @@ RSA_PSS_PARAMS_it 3779 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION: X509_STORE_CTX_get_error_depth 3780 1_1_0 EXIST::FUNCTION: ASN1_GENERALIZEDTIME_set_string 3781 1_1_0 EXIST::FUNCTION: EC_GROUP_new_curve_GFp 3782 1_1_0 EXIST::FUNCTION:EC -UI_new_method 3783 1_1_0 EXIST::FUNCTION:UI +UI_new_method 3783 1_1_0 EXIST::FUNCTION: Camellia_ofb128_encrypt 3784 1_1_0 EXIST::FUNCTION:CAMELLIA X509_new 3785 1_1_0 EXIST::FUNCTION: EC_KEY_get_conv_form 3786 1_1_0 EXIST::FUNCTION:EC @@ -4206,14 +4206,54 @@ ECPARAMETERS_new 4156 1_1_0 EXIST::FUNCTION:EC OCSP_RESPID_set_by_name 4157 1_1_0a EXIST::FUNCTION:OCSP OCSP_RESPID_set_by_key 4158 1_1_0a EXIST::FUNCTION:OCSP OCSP_RESPID_match 4159 1_1_0a EXIST::FUNCTION:OCSP +ASN1_ITEM_lookup 4160 1_1_1 EXIST::FUNCTION: +ASN1_ITEM_get 4161 1_1_1 EXIST::FUNCTION: +BIO_read_ex 4162 1_1_1 EXIST::FUNCTION: +BIO_set_callback_ex 4163 1_1_1 EXIST::FUNCTION: +BIO_get_callback_ex 4164 1_1_1 EXIST::FUNCTION: +BIO_meth_set_read_ex 4165 1_1_1 EXIST::FUNCTION: +BIO_meth_get_read_ex 4166 1_1_1 EXIST::FUNCTION: +BIO_write_ex 4167 1_1_1 EXIST::FUNCTION: +BIO_meth_get_write_ex 4168 1_1_1 EXIST::FUNCTION: +BIO_meth_set_write_ex 4169 1_1_1 EXIST::FUNCTION: DSO_pathbyaddr 4170 1_1_0c EXIST::FUNCTION: DSO_dsobyaddr 4171 1_1_0c EXIST::FUNCTION: CT_POLICY_EVAL_CTX_get_time 4172 1_1_0d EXIST::FUNCTION:CT CT_POLICY_EVAL_CTX_set_time 4173 1_1_0d EXIST::FUNCTION:CT X509_VERIFY_PARAM_set_inh_flags 4174 1_1_0d EXIST::FUNCTION: X509_VERIFY_PARAM_get_inh_flags 4175 1_1_0d EXIST::FUNCTION: +EVP_PKEY_CTX_md 4176 1_1_1 EXIST::FUNCTION: +RSA_pkey_ctx_ctrl 4177 1_1_1 EXIST::FUNCTION:RSA +UI_method_set_ex_data 4178 1_1_1 EXIST::FUNCTION: +UI_method_get_ex_data 4179 1_1_1 EXIST::FUNCTION: +UI_UTIL_wrap_read_pem_callback 4180 1_1_1 EXIST::FUNCTION: X509_VERIFY_PARAM_get_time 4181 1_1_0d EXIST::FUNCTION: +EVP_PKEY_get0_poly1305 4182 1_1_1 EXIST::FUNCTION:POLY1305 DH_check_params 4183 1_1_0d EXIST::FUNCTION:DH +EVP_PKEY_get0_siphash 4184 1_1_1 EXIST::FUNCTION:SIPHASH +EVP_aria_256_ofb 4185 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_256_cfb128 4186 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_128_cfb1 4187 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_128_ecb 4188 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_128_cfb128 4189 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_192_ecb 4190 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_128_cbc 4191 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_192_ofb 4192 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_192_cbc 4193 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_192_cfb1 4194 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_128_cfb8 4195 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_256_cfb1 4196 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_192_cfb8 4197 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_256_cfb8 4198 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_256_cbc 4199 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_128_ofb 4200 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_192_cfb128 4201 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_256_ecb 4202 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_256_ctr 4203 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_128_ctr 4204 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_192_ctr 4205 1_1_1 EXIST::FUNCTION:ARIA +UI_null 4206 1_1_1 EXIST::FUNCTION: +EC_KEY_get0_engine 4207 1_1_1 EXIST::FUNCTION:EC INT32_it 4208 1_1_0f EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: INT32_it 4208 1_1_0f EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: UINT64_it 4209 1_1_0f EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -4230,14 +4270,272 @@ UINT32_it 4214 1_1_0f EXIST:!EXPORT_VAR_AS_FUNCTIO UINT32_it 4214 1_1_0f EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: ZINT64_it 4215 1_1_0f EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ZINT64_it 4215 1_1_0f EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +CRYPTO_mem_leaks_cb 4216 1_1_1 EXIST::FUNCTION:CRYPTO_MDEBUG +BIO_lookup_ex 4217 1_1_1 EXIST::FUNCTION:SOCK +X509_CRL_print_ex 4218 1_1_1 EXIST::FUNCTION: +X509_SIG_INFO_get 4219 1_1_1 EXIST::FUNCTION: +X509_get_signature_info 4220 1_1_1 EXIST::FUNCTION: +X509_SIG_INFO_set 4221 1_1_1 EXIST::FUNCTION: +ESS_CERT_ID_V2_free 4222 1_1_1 EXIST::FUNCTION:TS +ESS_SIGNING_CERT_V2_new 4223 1_1_1 EXIST::FUNCTION:TS +d2i_ESS_SIGNING_CERT_V2 4224 1_1_1 EXIST::FUNCTION:TS +i2d_ESS_CERT_ID_V2 4225 1_1_1 EXIST::FUNCTION:TS +ESS_CERT_ID_V2_dup 4226 1_1_1 EXIST::FUNCTION:TS +TS_RESP_CTX_set_ess_cert_id_digest 4227 1_1_1 EXIST::FUNCTION:TS +d2i_ESS_CERT_ID_V2 4228 1_1_1 EXIST::FUNCTION:TS +i2d_ESS_SIGNING_CERT_V2 4229 1_1_1 EXIST::FUNCTION:TS +TS_CONF_set_ess_cert_id_digest 4230 1_1_1 EXIST::FUNCTION:TS +ESS_SIGNING_CERT_V2_free 4231 1_1_1 EXIST::FUNCTION:TS +ESS_SIGNING_CERT_V2_dup 4232 1_1_1 EXIST::FUNCTION:TS +ESS_CERT_ID_V2_new 4233 1_1_1 EXIST::FUNCTION:TS +PEM_read_bio_ex 4234 1_1_1 EXIST::FUNCTION: +PEM_bytes_read_bio_secmem 4235 1_1_1 EXIST::FUNCTION: +EVP_DigestSign 4236 1_1_1 EXIST::FUNCTION: +EVP_DigestVerify 4237 1_1_1 EXIST::FUNCTION: +UI_method_get_data_duplicator 4238 1_1_1 EXIST::FUNCTION: +UI_method_set_data_duplicator 4239 1_1_1 EXIST::FUNCTION: +UI_dup_user_data 4240 1_1_1 EXIST::FUNCTION: +UI_method_get_data_destructor 4241 1_1_1 EXIST::FUNCTION: +ERR_load_strings_const 4242 1_1_1 EXIST::FUNCTION: +ASN1_TIME_to_tm 4243 1_1_1 EXIST::FUNCTION: +ASN1_TIME_set_string_X509 4244 1_1_1 EXIST::FUNCTION: +OCSP_resp_get1_id 4245 1_1_1 EXIST::FUNCTION:OCSP +OSSL_STORE_register_loader 4246 1_1_1 EXIST::FUNCTION: +OSSL_STORE_LOADER_set_error 4247 1_1_1 EXIST::FUNCTION: +OSSL_STORE_INFO_get0_PKEY 4248 1_1_1 EXIST::FUNCTION: +OSSL_STORE_INFO_get_type 4249 1_1_1 EXIST::FUNCTION: +ERR_load_OSSL_STORE_strings 4250 1_1_1 EXIST::FUNCTION: +OSSL_STORE_LOADER_free 4251 1_1_1 EXIST::FUNCTION: +OSSL_STORE_INFO_get1_PKEY 4252 1_1_1 EXIST::FUNCTION: +OSSL_STORE_INFO_free 4253 1_1_1 EXIST::FUNCTION: +OSSL_STORE_open_file 4254 1_1_1 NOEXIST::FUNCTION: +OSSL_STORE_LOADER_set_eof 4255 1_1_1 EXIST::FUNCTION: +OSSL_STORE_LOADER_new 4256 1_1_1 EXIST::FUNCTION: +OSSL_STORE_INFO_get0_CERT 4257 1_1_1 EXIST::FUNCTION: +OSSL_STORE_LOADER_set_close 4258 1_1_1 EXIST::FUNCTION: +OSSL_STORE_INFO_new_PARAMS 4259 1_1_1 EXIST::FUNCTION: +OSSL_STORE_INFO_new_PKEY 4260 1_1_1 EXIST::FUNCTION: +OSSL_STORE_INFO_get1_PARAMS 4261 1_1_1 EXIST::FUNCTION: +OSSL_STORE_INFO_get1_CRL 4262 1_1_1 EXIST::FUNCTION: +OSSL_STORE_error 4263 1_1_1 EXIST::FUNCTION: +OSSL_STORE_INFO_get1_CERT 4264 1_1_1 EXIST::FUNCTION: +OSSL_STORE_INFO_get0_PARAMS 4265 1_1_1 EXIST::FUNCTION: +OSSL_STORE_INFO_type_string 4266 1_1_1 EXIST::FUNCTION: +OSSL_STORE_INFO_get1_NAME 4267 1_1_1 EXIST::FUNCTION: +OSSL_STORE_LOADER_set_load 4268 1_1_1 EXIST::FUNCTION: +OSSL_STORE_LOADER_get0_scheme 4269 1_1_1 EXIST::FUNCTION: +OSSL_STORE_open 4270 1_1_1 EXIST::FUNCTION: +OSSL_STORE_close 4271 1_1_1 EXIST::FUNCTION: +OSSL_STORE_INFO_new_CERT 4272 1_1_1 EXIST::FUNCTION: +OSSL_STORE_INFO_get0_CRL 4273 1_1_1 EXIST::FUNCTION: +OSSL_STORE_load 4274 1_1_1 EXIST::FUNCTION: +OSSL_STORE_INFO_get0_NAME 4275 1_1_1 EXIST::FUNCTION: +OSSL_STORE_unregister_loader 4276 1_1_1 EXIST::FUNCTION: +OSSL_STORE_INFO_new_CRL 4277 1_1_1 EXIST::FUNCTION: +OSSL_STORE_INFO_new_NAME 4278 1_1_1 EXIST::FUNCTION: +OSSL_STORE_eof 4279 1_1_1 EXIST::FUNCTION: +OSSL_STORE_LOADER_set_open 4280 1_1_1 EXIST::FUNCTION: +OSSL_STORE_LOADER_set_ctrl 4281 1_1_1 EXIST::FUNCTION: +OSSL_STORE_ctrl 4282 1_1_1 EXIST::FUNCTION: +OSSL_STORE_INFO_get0_NAME_description 4283 1_1_1 EXIST::FUNCTION: +OSSL_STORE_INFO_set0_NAME_description 4284 1_1_1 EXIST::FUNCTION: +OSSL_STORE_INFO_get1_NAME_description 4285 1_1_1 EXIST::FUNCTION: +OSSL_STORE_do_all_loaders 4286 1_1_1 EXIST::FUNCTION: +OSSL_STORE_LOADER_get0_engine 4287 1_1_1 EXIST::FUNCTION: +OPENSSL_fork_prepare 4288 1_1_1 EXIST:UNIX:FUNCTION: +OPENSSL_fork_parent 4289 1_1_1 EXIST:UNIX:FUNCTION: +OPENSSL_fork_child 4290 1_1_1 EXIST:UNIX:FUNCTION: +RAND_DRBG_instantiate 4292 1_1_1 EXIST::FUNCTION: +RAND_DRBG_uninstantiate 4293 1_1_1 EXIST::FUNCTION: +RAND_DRBG_set 4295 1_1_1 EXIST::FUNCTION: +RAND_DRBG_set_callbacks 4296 1_1_1 EXIST::FUNCTION: +RAND_DRBG_new 4297 1_1_1 EXIST::FUNCTION: +RAND_DRBG_set_reseed_interval 4298 1_1_1 EXIST::FUNCTION: +RAND_DRBG_free 4299 1_1_1 EXIST::FUNCTION: +RAND_DRBG_generate 4300 1_1_1 EXIST::FUNCTION: +RAND_DRBG_reseed 4301 1_1_1 EXIST::FUNCTION: +RAND_DRBG_set_ex_data 4302 1_1_1 EXIST::FUNCTION: +RAND_DRBG_get_ex_data 4303 1_1_1 EXIST::FUNCTION: +EVP_sha3_224 4304 1_1_1 EXIST::FUNCTION: +EVP_sha3_256 4305 1_1_1 EXIST::FUNCTION: +EVP_sha3_384 4306 1_1_1 EXIST::FUNCTION: +EVP_sha3_512 4307 1_1_1 EXIST::FUNCTION: +EVP_shake128 4308 1_1_1 EXIST::FUNCTION: +EVP_shake256 4309 1_1_1 EXIST::FUNCTION: +SCRYPT_PARAMS_new 4310 1_1_1 EXIST::FUNCTION:SCRYPT +SCRYPT_PARAMS_free 4311 1_1_1 EXIST::FUNCTION:SCRYPT +i2d_SCRYPT_PARAMS 4312 1_1_1 EXIST::FUNCTION:SCRYPT +d2i_SCRYPT_PARAMS 4313 1_1_1 EXIST::FUNCTION:SCRYPT +SCRYPT_PARAMS_it 4314 1_1_1 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:SCRYPT +SCRYPT_PARAMS_it 4314 1_1_1 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:SCRYPT CRYPTO_secure_clear_free 4315 1_1_0g EXIST::FUNCTION: +EVP_PKEY_meth_get0 4316 1_1_1 EXIST::FUNCTION: +EVP_PKEY_meth_get_count 4317 1_1_1 EXIST::FUNCTION: +RAND_DRBG_get0_public 4319 1_1_1 EXIST::FUNCTION: +RAND_priv_bytes 4320 1_1_1 EXIST::FUNCTION: +BN_priv_rand 4321 1_1_1 EXIST::FUNCTION: +BN_priv_rand_range 4322 1_1_1 EXIST::FUNCTION: +ASN1_TIME_normalize 4323 1_1_1 EXIST::FUNCTION: +ASN1_TIME_cmp_time_t 4324 1_1_1 EXIST::FUNCTION: +ASN1_TIME_compare 4325 1_1_1 EXIST::FUNCTION: +EVP_PKEY_CTX_ctrl_uint64 4326 1_1_1 EXIST::FUNCTION: +EVP_DigestFinalXOF 4327 1_1_1 EXIST::FUNCTION: +ERR_clear_last_mark 4328 1_1_1 EXIST::FUNCTION: +RAND_DRBG_get0_private 4329 1_1_1 EXIST::FUNCTION: +EVP_aria_192_ccm 4330 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_256_gcm 4331 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_256_ccm 4332 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_128_gcm 4333 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_128_ccm 4334 1_1_1 EXIST::FUNCTION:ARIA +EVP_aria_192_gcm 4335 1_1_1 EXIST::FUNCTION:ARIA +UI_get_result_length 4337 1_1_1 EXIST::FUNCTION: +UI_set_result_ex 4338 1_1_1 EXIST::FUNCTION: +UI_get_result_string_length 4339 1_1_1 EXIST::FUNCTION: +EVP_PKEY_check 4340 1_1_1 EXIST::FUNCTION: +EVP_PKEY_meth_set_check 4341 1_1_1 EXIST::FUNCTION: +EVP_PKEY_meth_get_check 4342 1_1_1 EXIST::FUNCTION: +EVP_PKEY_meth_remove 4343 1_1_1 EXIST::FUNCTION: +OPENSSL_sk_reserve 4344 1_1_1 EXIST::FUNCTION: EVP_PKEY_set1_engine 4347 1_1_0g EXIST::FUNCTION:ENGINE +DH_new_by_nid 4348 1_1_1 EXIST::FUNCTION:DH +DH_get_nid 4349 1_1_1 EXIST::FUNCTION:DH +CRYPTO_get_alloc_counts 4350 1_1_1 EXIST::FUNCTION:CRYPTO_MDEBUG +OPENSSL_sk_new_reserve 4351 1_1_1 EXIST::FUNCTION: +EVP_PKEY_asn1_set_check 4352 1_1_1 EXIST::FUNCTION: +EVP_PKEY_asn1_set_siginf 4353 1_1_1 EXIST::FUNCTION: +EVP_sm4_ctr 4354 1_1_1 EXIST::FUNCTION:SM4 +EVP_sm4_cbc 4355 1_1_1 EXIST::FUNCTION:SM4 +EVP_sm4_ofb 4356 1_1_1 EXIST::FUNCTION:SM4 +EVP_sm4_ecb 4357 1_1_1 EXIST::FUNCTION:SM4 +EVP_sm4_cfb128 4358 1_1_1 EXIST::FUNCTION:SM4 +EVP_sm3 4359 1_1_1 EXIST::FUNCTION:SM3 +RSA_get0_multi_prime_factors 4360 1_1_1 EXIST::FUNCTION:RSA +EVP_PKEY_public_check 4361 1_1_1 EXIST::FUNCTION: +EVP_PKEY_param_check 4362 1_1_1 EXIST::FUNCTION: +EVP_PKEY_meth_set_public_check 4363 1_1_1 EXIST::FUNCTION: +EVP_PKEY_meth_set_param_check 4364 1_1_1 EXIST::FUNCTION: +EVP_PKEY_meth_get_public_check 4365 1_1_1 EXIST::FUNCTION: +EVP_PKEY_meth_get_param_check 4366 1_1_1 EXIST::FUNCTION: +EVP_PKEY_asn1_set_public_check 4367 1_1_1 EXIST::FUNCTION: +EVP_PKEY_asn1_set_param_check 4368 1_1_1 EXIST::FUNCTION: +DH_check_ex 4369 1_1_1 EXIST::FUNCTION:DH +DH_check_pub_key_ex 4370 1_1_1 EXIST::FUNCTION:DH +DH_check_params_ex 4371 1_1_1 EXIST::FUNCTION:DH +RSA_generate_multi_prime_key 4372 1_1_1 EXIST::FUNCTION:RSA +RSA_get_multi_prime_extra_count 4373 1_1_1 EXIST::FUNCTION:RSA OCSP_resp_get0_signer 4374 1_1_0h EXIST::FUNCTION:OCSP +RSA_get0_multi_prime_crt_params 4375 1_1_1 EXIST::FUNCTION:RSA +RSA_set0_multi_prime_params 4376 1_1_1 EXIST::FUNCTION:RSA +RSA_get_version 4377 1_1_1 EXIST::FUNCTION:RSA +RSA_meth_get_multi_prime_keygen 4378 1_1_1 EXIST::FUNCTION:RSA +RSA_meth_set_multi_prime_keygen 4379 1_1_1 EXIST::FUNCTION:RSA +RAND_DRBG_get0_master 4380 1_1_1 EXIST::FUNCTION: +RAND_DRBG_set_reseed_time_interval 4381 1_1_1 EXIST::FUNCTION: +PROFESSION_INFO_get0_addProfessionInfo 4382 1_1_1 EXIST::FUNCTION: +ADMISSION_SYNTAX_free 4383 1_1_1 EXIST::FUNCTION: +d2i_ADMISSION_SYNTAX 4384 1_1_1 EXIST::FUNCTION: +NAMING_AUTHORITY_set0_authorityId 4385 1_1_1 EXIST::FUNCTION: +NAMING_AUTHORITY_set0_authorityURL 4386 1_1_1 EXIST::FUNCTION: +d2i_PROFESSION_INFO 4387 1_1_1 EXIST::FUNCTION: +NAMING_AUTHORITY_it 4388 1_1_1 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +NAMING_AUTHORITY_it 4388 1_1_1 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +ADMISSION_SYNTAX_get0_contentsOfAdmissions 4389 1_1_1 EXIST::FUNCTION: +PROFESSION_INFO_set0_professionItems 4390 1_1_1 EXIST::FUNCTION: +NAMING_AUTHORITY_new 4391 1_1_1 EXIST::FUNCTION: +NAMING_AUTHORITY_get0_authorityURL 4392 1_1_1 EXIST::FUNCTION: +ADMISSION_SYNTAX_get0_admissionAuthority 4393 1_1_1 EXIST::FUNCTION: +PROFESSION_INFO_new 4394 1_1_1 EXIST::FUNCTION: +ADMISSIONS_new 4395 1_1_1 EXIST::FUNCTION: +ADMISSION_SYNTAX_set0_admissionAuthority 4396 1_1_1 EXIST::FUNCTION: +PROFESSION_INFO_get0_professionOIDs 4397 1_1_1 EXIST::FUNCTION: +PROFESSION_INFO_it 4398 1_1_1 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +PROFESSION_INFO_it 4398 1_1_1 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +i2d_PROFESSION_INFO 4399 1_1_1 EXIST::FUNCTION: +ADMISSIONS_set0_professionInfos 4400 1_1_1 EXIST::FUNCTION: +PROFESSION_INFO_get0_namingAuthority 4401 1_1_1 EXIST::FUNCTION: +PROFESSION_INFO_free 4402 1_1_1 EXIST::FUNCTION: +PROFESSION_INFO_set0_addProfessionInfo 4403 1_1_1 EXIST::FUNCTION: +PROFESSION_INFO_set0_registrationNumber 4404 1_1_1 EXIST::FUNCTION: +ADMISSION_SYNTAX_set0_contentsOfAdmissions 4405 1_1_1 EXIST::FUNCTION: +NAMING_AUTHORITY_get0_authorityId 4406 1_1_1 EXIST::FUNCTION: +ADMISSION_SYNTAX_it 4407 1_1_1 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +ADMISSION_SYNTAX_it 4407 1_1_1 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +i2d_ADMISSION_SYNTAX 4408 1_1_1 EXIST::FUNCTION: +NAMING_AUTHORITY_get0_authorityText 4409 1_1_1 EXIST::FUNCTION: +PROFESSION_INFO_set0_namingAuthority 4410 1_1_1 EXIST::FUNCTION: +i2d_NAMING_AUTHORITY 4411 1_1_1 EXIST::FUNCTION: +NAMING_AUTHORITY_free 4412 1_1_1 EXIST::FUNCTION: +ADMISSIONS_set0_admissionAuthority 4413 1_1_1 EXIST::FUNCTION: +ADMISSIONS_free 4414 1_1_1 EXIST::FUNCTION: +PROFESSION_INFO_get0_registrationNumber 4415 1_1_1 EXIST::FUNCTION: +d2i_ADMISSIONS 4416 1_1_1 EXIST::FUNCTION: +i2d_ADMISSIONS 4417 1_1_1 EXIST::FUNCTION: +PROFESSION_INFO_get0_professionItems 4418 1_1_1 EXIST::FUNCTION: +ADMISSIONS_get0_admissionAuthority 4419 1_1_1 EXIST::FUNCTION: +PROFESSION_INFO_set0_professionOIDs 4420 1_1_1 EXIST::FUNCTION: +d2i_NAMING_AUTHORITY 4421 1_1_1 EXIST::FUNCTION: +ADMISSIONS_it 4422 1_1_1 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +ADMISSIONS_it 4422 1_1_1 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +ADMISSIONS_get0_namingAuthority 4423 1_1_1 EXIST::FUNCTION: +NAMING_AUTHORITY_set0_authorityText 4424 1_1_1 EXIST::FUNCTION: +ADMISSIONS_set0_namingAuthority 4425 1_1_1 EXIST::FUNCTION: +ADMISSIONS_get0_professionInfos 4426 1_1_1 EXIST::FUNCTION: +ADMISSION_SYNTAX_new 4427 1_1_1 EXIST::FUNCTION: +EVP_sha512_256 4428 1_1_1 EXIST::FUNCTION: +EVP_sha512_224 4429 1_1_1 EXIST::FUNCTION: +OCSP_basic_sign_ctx 4430 1_1_1 EXIST::FUNCTION:OCSP +RAND_DRBG_bytes 4431 1_1_1 EXIST::FUNCTION: +RAND_DRBG_secure_new 4432 1_1_1 EXIST::FUNCTION: +OSSL_STORE_vctrl 4433 1_1_1 EXIST::FUNCTION: +OSSL_STORE_SEARCH_by_alias 4434 1_1_1 EXIST::FUNCTION: +BIO_bind 4435 1_1_1 EXIST::FUNCTION:SOCK +OSSL_STORE_LOADER_set_expect 4436 1_1_1 EXIST::FUNCTION: +OSSL_STORE_expect 4437 1_1_1 EXIST::FUNCTION: +OSSL_STORE_SEARCH_by_key_fingerprint 4438 1_1_1 EXIST::FUNCTION: +OSSL_STORE_SEARCH_get0_serial 4439 1_1_1 EXIST::FUNCTION: +OSSL_STORE_SEARCH_by_name 4440 1_1_1 EXIST::FUNCTION: +OSSL_STORE_supports_search 4441 1_1_1 EXIST::FUNCTION: +OSSL_STORE_find 4442 1_1_1 EXIST::FUNCTION: +OSSL_STORE_SEARCH_get_type 4443 1_1_1 EXIST::FUNCTION: +OSSL_STORE_SEARCH_get0_bytes 4444 1_1_1 EXIST::FUNCTION: +OSSL_STORE_SEARCH_get0_string 4445 1_1_1 EXIST::FUNCTION: +OSSL_STORE_SEARCH_by_issuer_serial 4446 1_1_1 EXIST::FUNCTION: +OSSL_STORE_SEARCH_get0_name 4447 1_1_1 EXIST::FUNCTION: X509_get0_authority_key_id 4448 1_1_0h EXIST::FUNCTION: +OSSL_STORE_LOADER_set_find 4449 1_1_1 EXIST::FUNCTION: +OSSL_STORE_SEARCH_free 4450 1_1_1 EXIST::FUNCTION: +OSSL_STORE_SEARCH_get0_digest 4451 1_1_1 EXIST::FUNCTION: +RAND_DRBG_set_reseed_defaults 4452 1_1_1 EXIST::FUNCTION: +EVP_PKEY_new_raw_private_key 4453 1_1_1 EXIST::FUNCTION: +EVP_PKEY_new_raw_public_key 4454 1_1_1 EXIST::FUNCTION: +EVP_PKEY_new_CMAC_key 4455 1_1_1 EXIST::FUNCTION: +EVP_PKEY_asn1_set_set_priv_key 4456 1_1_1 EXIST::FUNCTION: +EVP_PKEY_asn1_set_set_pub_key 4457 1_1_1 EXIST::FUNCTION: +RAND_DRBG_set_defaults 4458 1_1_1 EXIST::FUNCTION: conf_ssl_name_find 4469 1_1_0i EXIST::FUNCTION: conf_ssl_get_cmd 4470 1_1_0i EXIST::FUNCTION: conf_ssl_get 4471 1_1_0i EXIST::FUNCTION: X509_VERIFY_PARAM_get_hostflags 4472 1_1_0i EXIST::FUNCTION: +DH_get0_p 4473 1_1_1 EXIST::FUNCTION:DH +DH_get0_q 4474 1_1_1 EXIST::FUNCTION:DH +DH_get0_g 4475 1_1_1 EXIST::FUNCTION:DH +DH_get0_priv_key 4476 1_1_1 EXIST::FUNCTION:DH +DH_get0_pub_key 4477 1_1_1 EXIST::FUNCTION:DH +DSA_get0_priv_key 4478 1_1_1 EXIST::FUNCTION:DSA +DSA_get0_pub_key 4479 1_1_1 EXIST::FUNCTION:DSA +DSA_get0_q 4480 1_1_1 EXIST::FUNCTION:DSA +DSA_get0_p 4481 1_1_1 EXIST::FUNCTION:DSA +DSA_get0_g 4482 1_1_1 EXIST::FUNCTION:DSA +RSA_get0_dmp1 4483 1_1_1 EXIST::FUNCTION:RSA +RSA_get0_d 4484 1_1_1 EXIST::FUNCTION:RSA +RSA_get0_n 4485 1_1_1 EXIST::FUNCTION:RSA +RSA_get0_dmq1 4486 1_1_1 EXIST::FUNCTION:RSA +RSA_get0_e 4487 1_1_1 EXIST::FUNCTION:RSA +RSA_get0_q 4488 1_1_1 EXIST::FUNCTION:RSA +RSA_get0_p 4489 1_1_1 EXIST::FUNCTION:RSA +RSA_get0_iqmp 4490 1_1_1 EXIST::FUNCTION:RSA +ECDSA_SIG_get0_r 4491 1_1_1 EXIST::FUNCTION:EC +ECDSA_SIG_get0_s 4492 1_1_1 EXIST::FUNCTION:EC X509_LOOKUP_meth_get_get_by_fingerprint 4493 1_1_0i EXIST::FUNCTION: X509_LOOKUP_meth_new 4494 1_1_0i EXIST::FUNCTION: X509_LOOKUP_meth_get_init 4495 1_1_0i EXIST::FUNCTION: @@ -4263,5 +4561,19 @@ X509_OBJECT_set1_X509 4514 1_1_0i EXIST::FUNCTION: X509_LOOKUP_meth_get_get_by_issuer_serial 4515 1_1_0i EXIST::FUNCTION: X509_LOOKUP_meth_set_init 4516 1_1_0i EXIST::FUNCTION: X509_OBJECT_set1_X509_CRL 4517 1_1_0i EXIST::FUNCTION: +EVP_PKEY_get_raw_public_key 4518 1_1_1 EXIST::FUNCTION: +EVP_PKEY_get_raw_private_key 4519 1_1_1 EXIST::FUNCTION: +EVP_PKEY_asn1_set_get_priv_key 4520 1_1_1 EXIST::FUNCTION: +EVP_PKEY_asn1_set_get_pub_key 4521 1_1_1 EXIST::FUNCTION: +EVP_PKEY_set_alias_type 4522 1_1_1 EXIST::FUNCTION: +RAND_keep_random_devices_open 4523 1_1_1 EXIST::FUNCTION: +EC_POINT_set_compressed_coordinates 4524 1_1_1 EXIST::FUNCTION:EC +EC_POINT_set_affine_coordinates 4525 1_1_1 EXIST::FUNCTION:EC +EC_POINT_get_affine_coordinates 4526 1_1_1 EXIST::FUNCTION:EC +EC_GROUP_set_curve 4527 1_1_1 EXIST::FUNCTION:EC +EC_GROUP_get_curve 4528 1_1_1 EXIST::FUNCTION:EC OCSP_resp_get0_tbs_sigalg 4529 1_1_0j EXIST::FUNCTION:OCSP OCSP_resp_get0_respdata 4530 1_1_0j EXIST::FUNCTION:OCSP +EVP_MD_CTX_set_pkey_ctx 4531 1_1_1 EXIST::FUNCTION: +EVP_PKEY_meth_set_digest_custom 4532 1_1_1 EXIST::FUNCTION: +EVP_PKEY_meth_get_digest_custom 4533 1_1_1 EXIST::FUNCTION: diff --git a/deps/openssl/openssl/util/libssl.num b/deps/openssl/openssl/util/libssl.num index 7b9b3c251ced53..297522c36391f3 100644 --- a/deps/openssl/openssl/util/libssl.num +++ b/deps/openssl/openssl/util/libssl.num @@ -86,7 +86,7 @@ SSL_CTX_set_cookie_verify_cb 86 1_1_0 EXIST::FUNCTION: SSL_get_shared_sigalgs 87 1_1_0 EXIST::FUNCTION: SSL_config 88 1_1_0 EXIST::FUNCTION: TLSv1_1_client_method 89 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_1_METHOD -SSL_CIPHER_standard_name 90 1_1_0 EXIST::FUNCTION:SSL_TRACE +SSL_CIPHER_standard_name 90 1_1_0 EXIST::FUNCTION: SSL_CTX_get_verify_mode 91 1_1_0 EXIST::FUNCTION: SSL_get_all_async_fds 92 1_1_0 EXIST::FUNCTION: SSL_CTX_check_private_key 93 1_1_0 EXIST::FUNCTION: @@ -403,5 +403,98 @@ SSL_dane_clear_flags 403 1_1_0 EXIST::FUNCTION: SSL_SESSION_get0_cipher 404 1_1_0 EXIST::FUNCTION: SSL_SESSION_get0_id_context 405 1_1_0 EXIST::FUNCTION: SSL_SESSION_set1_id 406 1_1_0 EXIST::FUNCTION: +SSL_CTX_set1_cert_store 407 1_1_1 EXIST::FUNCTION: +DTLS_get_data_mtu 408 1_1_1 EXIST::FUNCTION: +SSL_read_ex 409 1_1_1 EXIST::FUNCTION: +SSL_peek_ex 410 1_1_1 EXIST::FUNCTION: +SSL_write_ex 411 1_1_1 EXIST::FUNCTION: SSL_COMP_get_id 412 1_1_0d EXIST::FUNCTION: SSL_COMP_get0_name 413 1_1_0d EXIST::FUNCTION: +SSL_CTX_set_keylog_callback 414 1_1_1 EXIST::FUNCTION: +SSL_CTX_get_keylog_callback 415 1_1_1 EXIST::FUNCTION: +SSL_get_peer_signature_type_nid 416 1_1_1 EXIST::FUNCTION: +SSL_key_update 417 1_1_1 EXIST::FUNCTION: +SSL_get_key_update_type 418 1_1_1 EXIST::FUNCTION: +SSL_bytes_to_cipher_list 419 1_1_1 EXIST::FUNCTION: +SSL_client_hello_get0_compression_methods 420 1_1_1 EXIST::FUNCTION: +SSL_client_hello_get0_ciphers 421 1_1_1 EXIST::FUNCTION: +SSL_client_hello_get0_ext 422 1_1_1 EXIST::FUNCTION: +SSL_client_hello_get0_session_id 423 1_1_1 EXIST::FUNCTION: +SSL_client_hello_get0_random 424 1_1_1 EXIST::FUNCTION: +SSL_CTX_set_client_hello_cb 425 1_1_1 EXIST::FUNCTION: +SSL_client_hello_get0_legacy_version 426 1_1_1 EXIST::FUNCTION: +SSL_client_hello_isv2 427 1_1_1 EXIST::FUNCTION: +SSL_set_max_early_data 428 1_1_1 EXIST::FUNCTION: +SSL_CTX_set_max_early_data 429 1_1_1 EXIST::FUNCTION: +SSL_get_max_early_data 430 1_1_1 EXIST::FUNCTION: +SSL_CTX_get_max_early_data 431 1_1_1 EXIST::FUNCTION: +SSL_write_early_data 432 1_1_1 EXIST::FUNCTION: +SSL_read_early_data 433 1_1_1 EXIST::FUNCTION: +SSL_get_early_data_status 434 1_1_1 EXIST::FUNCTION: +SSL_SESSION_get_max_early_data 435 1_1_1 EXIST::FUNCTION: +SSL_add1_to_CA_list 436 1_1_1 EXIST::FUNCTION: +SSL_set0_CA_list 437 1_1_1 EXIST::FUNCTION: +SSL_CTX_set0_CA_list 438 1_1_1 EXIST::FUNCTION: +SSL_get0_CA_list 439 1_1_1 EXIST::FUNCTION: +SSL_get0_peer_CA_list 440 1_1_1 EXIST::FUNCTION: +SSL_CTX_add1_to_CA_list 441 1_1_1 EXIST::FUNCTION: +SSL_CTX_get0_CA_list 442 1_1_1 EXIST::FUNCTION: +SSL_CTX_add_custom_ext 443 1_1_1 EXIST::FUNCTION: +SSL_SESSION_is_resumable 444 1_1_1 EXIST::FUNCTION: +SSL_CTX_set_record_padding_callback 445 1_1_1 EXIST::FUNCTION: +SSL_set_record_padding_callback 446 1_1_1 EXIST::FUNCTION: +SSL_CTX_set_block_padding 447 1_1_1 EXIST::FUNCTION: +SSL_CTX_get_record_padding_callback_arg 448 1_1_1 EXIST::FUNCTION: +SSL_get_record_padding_callback_arg 449 1_1_1 EXIST::FUNCTION: +SSL_set_block_padding 450 1_1_1 EXIST::FUNCTION: +SSL_set_record_padding_callback_arg 451 1_1_1 EXIST::FUNCTION: +SSL_CTX_set_record_padding_callback_arg 452 1_1_1 EXIST::FUNCTION: +SSL_CTX_use_serverinfo_ex 453 1_1_1 EXIST::FUNCTION: +SSL_client_hello_get1_extensions_present 454 1_1_1 EXIST::FUNCTION: +SSL_set_psk_find_session_callback 455 1_1_1 EXIST::FUNCTION: +SSL_set_psk_use_session_callback 456 1_1_1 EXIST::FUNCTION: +SSL_CTX_set_psk_use_session_callback 457 1_1_1 EXIST::FUNCTION: +SSL_CTX_set_psk_find_session_callback 458 1_1_1 EXIST::FUNCTION: +SSL_CIPHER_get_handshake_digest 459 1_1_1 EXIST::FUNCTION: +SSL_SESSION_set1_master_key 460 1_1_1 EXIST::FUNCTION: +SSL_SESSION_set_cipher 461 1_1_1 EXIST::FUNCTION: +SSL_SESSION_set_protocol_version 462 1_1_1 EXIST::FUNCTION: +OPENSSL_cipher_name 463 1_1_1 EXIST::FUNCTION: +SSL_alloc_buffers 464 1_1_1 EXIST::FUNCTION: +SSL_free_buffers 465 1_1_1 EXIST::FUNCTION: +SSL_SESSION_dup 466 1_1_1 EXIST::FUNCTION: +SSL_get_pending_cipher 467 1_1_1 EXIST::FUNCTION: +SSL_CIPHER_get_protocol_id 468 1_1_1 EXIST::FUNCTION: +SSL_SESSION_set_max_early_data 469 1_1_1 EXIST::FUNCTION: +SSL_SESSION_set1_alpn_selected 470 1_1_1 EXIST::FUNCTION: +SSL_SESSION_set1_hostname 471 1_1_1 EXIST::FUNCTION: +SSL_SESSION_get0_alpn_selected 472 1_1_1 EXIST::FUNCTION: +DTLS_set_timer_cb 473 1_1_1 EXIST::FUNCTION: +SSL_CTX_set_tlsext_max_fragment_length 474 1_1_1 EXIST::FUNCTION: +SSL_set_tlsext_max_fragment_length 475 1_1_1 EXIST::FUNCTION: +SSL_SESSION_get_max_fragment_length 476 1_1_1 EXIST::FUNCTION: +SSL_stateless 477 1_1_1 EXIST::FUNCTION: +SSL_verify_client_post_handshake 478 1_1_1 EXIST::FUNCTION: +SSL_set_post_handshake_auth 479 1_1_1 EXIST::FUNCTION: +SSL_export_keying_material_early 480 1_1_1 EXIST::FUNCTION: +SSL_CTX_use_cert_and_key 481 1_1_1 EXIST::FUNCTION: +SSL_use_cert_and_key 482 1_1_1 EXIST::FUNCTION: +SSL_SESSION_get0_ticket_appdata 483 1_1_1 EXIST::FUNCTION: +SSL_SESSION_set1_ticket_appdata 484 1_1_1 EXIST::FUNCTION: +SSL_CTX_set_session_ticket_cb 485 1_1_1 EXIST::FUNCTION: +SSL_CTX_set_stateless_cookie_generate_cb 486 1_1_1 EXIST::FUNCTION: +SSL_CTX_set_stateless_cookie_verify_cb 487 1_1_1 EXIST::FUNCTION: +SSL_CTX_set_ciphersuites 488 1_1_1 EXIST::FUNCTION: +SSL_set_ciphersuites 489 1_1_1 EXIST::FUNCTION: +SSL_set_num_tickets 490 1_1_1 EXIST::FUNCTION: +SSL_CTX_get_num_tickets 491 1_1_1 EXIST::FUNCTION: +SSL_get_num_tickets 492 1_1_1 EXIST::FUNCTION: +SSL_CTX_set_num_tickets 493 1_1_1 EXIST::FUNCTION: +SSL_CTX_set_allow_early_data_cb 494 1_1_1 EXIST::FUNCTION: +SSL_set_allow_early_data_cb 495 1_1_1 EXIST::FUNCTION: +SSL_set_recv_max_early_data 496 1_1_1 EXIST::FUNCTION: +SSL_get_recv_max_early_data 497 1_1_1 EXIST::FUNCTION: +SSL_CTX_get_recv_max_early_data 498 1_1_1 EXIST::FUNCTION: +SSL_CTX_set_recv_max_early_data 499 1_1_1 EXIST::FUNCTION: +SSL_CTX_set_post_handshake_auth 500 1_1_1 EXIST::FUNCTION: +SSL_get_signature_type_nid 501 1_1_1a EXIST::FUNCTION: diff --git a/deps/openssl/openssl/util/mkbuildinf.pl b/deps/openssl/openssl/util/mkbuildinf.pl index 5bf0168b6a7c88..c9324a9ded76a1 100755 --- a/deps/openssl/openssl/util/mkbuildinf.pl +++ b/deps/openssl/openssl/util/mkbuildinf.pl @@ -1,26 +1,43 @@ #! /usr/bin/env perl -# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy # in the file LICENSE in the source distribution or at # https://www.openssl.org/source/license.html +use strict; +use warnings; my ($cflags, $platform) = @ARGV; - $cflags = "compiler: $cflags"; -$date = localtime(); + +my $date = gmtime($ENV{'SOURCE_DATE_EPOCH'} || time()) . " UTC"; + print <<"END_OUTPUT"; -/* auto-generated by util/mkbuildinf.pl for crypto/cversion.c */ -#define CFLAGS cflags /* - * Generate CFLAGS as an array of individual characters. This is a + * WARNING: do not edit! + * Generated by util/mkbuildinf.pl + * + * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#define PLATFORM "platform: $platform" +#define DATE "built on: $date" + +/* + * Generate compiler_flags as an array of individual characters. This is a * workaround for the situation where CFLAGS gets too long for a C90 string * literal */ -static const char cflags[] = { +static const char compiler_flags[] = { END_OUTPUT + my $ctr = 0; foreach my $c (split //, $cflags) { $c =~ s|([\\'])|\\$1|; @@ -36,6 +53,4 @@ print <<"END_OUTPUT"; '\\0' }; -#define PLATFORM "platform: $platform" -#define DATE "built on: $date" END_OUTPUT diff --git a/deps/openssl/openssl/util/mkcerts.sh b/deps/openssl/openssl/util/mkcerts.sh deleted file mode 100755 index e4a9892467d0ac..00000000000000 --- a/deps/openssl/openssl/util/mkcerts.sh +++ /dev/null @@ -1,220 +0,0 @@ -#!/bin/sh - -# This script will re-make all the required certs. -# cd apps -# sh ../util/mkcerts.sh -# mv ca-cert.pem pca-cert.pem ../certs -# cd .. -# cat certs/*.pem >>apps/server.pem -# cat certs/*.pem >>apps/server2.pem -# SSLEAY=`pwd`/apps/ssleay; export SSLEAY -# sh tools/c_rehash certs -# - -CAbits=1024 -SSLEAY="../apps/openssl" -CONF="-config ../apps/openssl.cnf" - -# create pca request. -echo creating $CAbits bit PCA cert request -$SSLEAY req $CONF \ - -new -sha256 -newkey $CAbits \ - -keyout pca-key.pem \ - -out pca-req.pem -nodes >/dev/null </dev/null </dev/null </dev/null </dev/null <> pca-cert.pem -cat ca-key.pem >> ca-cert.pem -cat s512-key.pem >> server.pem -cat s1024key.pem >> server2.pem -cat c512-key.pem >> client.pem - -for i in pca-cert.pem ca-cert.pem server.pem server2.pem client.pem -do -$SSLEAY x509 -issuer -subject -in $i -noout >$$ -cat $$ -/bin/cat $i >>$$ -/bin/mv $$ $i -done - -#/bin/rm -f *key.pem *req.pem *.srl - -echo Finished - diff --git a/deps/openssl/openssl/util/mkdef.pl b/deps/openssl/openssl/util/mkdef.pl index 3626dcdcb1fdfb..bcbb475832d451 100755 --- a/deps/openssl/openssl/util/mkdef.pl +++ b/deps/openssl/openssl/util/mkdef.pl @@ -24,7 +24,7 @@ # existence:platform:kind:algorithms # # - "existence" can be "EXIST" or "NOEXIST" depending on if the symbol is -# found somewhere in the source, +# found somewhere in the source, # - "platforms" is empty if it exists on all platforms, otherwise it contains # comma-separated list of the platform, just as they are if the symbol exists # for those platforms, or prepended with a "!" if not. This helps resolve @@ -36,7 +36,7 @@ # The semantics for the platforms is that every item is checked against the # environment. For the negative items ("!FOO"), if any of them is false # (i.e. "FOO" is true) in the environment, the corresponding symbol can't be -# used. For the positive itms, if all of them are false in the environment, +# used. For the positive items, if all of them are false in the environment, # the corresponding symbol can't be used. Any combination of positive and # negative items are possible, and of course leave room for some redundancy. # - "kind" is "FUNCTION" or "VARIABLE". The meaning of that is obvious. @@ -126,6 +126,7 @@ my $NT=0; my $UNIX=0; my $linux=0; +my $aix=0; # Set this to make typesafe STACK definitions appear in DEF my $safe_stack_def = 0; @@ -144,12 +145,21 @@ "DEPRECATEDIN_0_9_8", "DEPRECATEDIN_1_0_0", "DEPRECATEDIN_1_1_0", + "DEPRECATEDIN_1_2_0", ); # %disabled comes from configdata.pm my %disabled_algorithms = map { (my $x = uc $_) =~ s|-|_|g; $x => 1; } keys %disabled; +my $apiv = sprintf "%x%02x%02x", split(/\./, $config{api}); +foreach (@known_algorithms) { + if (/^DEPRECATEDIN_(\d+)_(\d+)_(\d+)$/) { + my $depv = sprintf "%x%02x%02x", $1, $2, $3; + $disabled_algorithms{$_} = 1 if $apiv ge $depv; + } +} + my $zlib; foreach (@ARGV, split(/ /, $config{options})) @@ -162,59 +172,33 @@ if($_ eq "NT") { $W32 = 1; $NT = 1; - } - if ($_ eq "linux") { + } elsif ($_ eq "linux") { $linux=1; $UNIX=1; + } elsif ($_ eq "aix") { + $aix=1; + $UNIX=1; + } elsif ($_ eq "VMS") { + $VMS=1; } - $VMS=1 if $_ eq "VMS"; if ($_ eq "zlib" || $_ eq "enable-zlib" || $_ eq "zlib-dynamic" || $_ eq "enable-zlib-dynamic") { $zlib = 1; } - $do_ssl=1 if $_ eq "libssl"; - if ($_ eq "ssl") { - $do_ssl=1; - $libname=$_ - } - $do_crypto=1 if $_ eq "libcrypto"; - if ($_ eq "crypto") { - $do_crypto=1; - $libname=$_; - } + $do_crypto=1 if $_ eq "libcrypto" || $_ eq "crypto"; + $do_ssl=1 if $_ eq "libssl" || $_ eq "ssl"; + $do_update=1 if $_ eq "update"; $do_rewrite=1 if $_ eq "rewrite"; $do_ctest=1 if $_ eq "ctest"; $do_ctestall=1 if $_ eq "ctestall"; $do_checkexist=1 if $_ eq "exist"; - if (/^--api=(\d+)\.(\d+)\.(\d+)$/) { - my $apiv = sprintf "%x%02x%02x", $1, $2, $3; - foreach (@known_algorithms) { - if (/^DEPRECATEDIN_(\d+)_(\d+)_(\d+)$/) { - my $depv = sprintf "%x%02x%02x", $1, $2, $3; - $disabled_algorithms{$_} = 1 if $apiv ge $depv; - } - } - } - if (/^no-deprecated$/) { - foreach (@known_algorithms) { - if (/^DEPRECATEDIN_/) { - $disabled_algorithms{$_} = 1; - } - } - } - elsif (/^(enable|disable|no)-(.*)$/) { - my $alg = uc $2; - $alg =~ tr/-/_/; - if (exists $disabled_algorithms{$alg}) { - $disabled_algorithms{$alg} = $1 eq "enable" ? 0 : 1; - } } +$libname = $unified_info{sharednames}->{libcrypto} if $do_crypto; +$libname = $unified_info{sharednames}->{libssl} if $do_ssl; - } - -if (!$libname) { +if (!$libname) { if ($do_ssl) { $libname="LIBSSL"; } @@ -224,11 +208,11 @@ } # If no platform is given, assume WIN32 -if ($W32 + $VMS + $linux == 0) { +if ($W32 + $VMS + $linux + $aix == 0) { $W32 = 1; } die "Please, only one platform at a time" - if ($W32 + $VMS + $linux > 1); + if ($W32 + $VMS + $linux + $aix > 1); if (!$do_ssl && !$do_crypto) { @@ -242,76 +226,30 @@ $max_crypto = $max_num; my $ssl="include/openssl/ssl.h"; +$ssl.=" include/openssl/sslerr.h"; $ssl.=" include/openssl/tls1.h"; $ssl.=" include/openssl/srtp.h"; +# When scanning include/openssl, skip all SSL files and some internal ones. +my %skipthese; +foreach my $f ( split(/\s+/, $ssl) ) { + $skipthese{$f} = 1; +} +$skipthese{'include/openssl/conf_api.h'} = 1; +$skipthese{'include/openssl/ebcdic.h'} = 1; +$skipthese{'include/openssl/opensslconf.h'} = 1; + # We use headers found in include/openssl and include/internal only. # The latter is needed so libssl.so/.dll/.exe can link properly. -my $crypto ="include/openssl/crypto.h"; +my $crypto ="include/internal/dso.h"; $crypto.=" include/internal/o_dir.h"; $crypto.=" include/internal/o_str.h"; $crypto.=" include/internal/err.h"; -$crypto.=" include/internal/asn1t.h"; $crypto.=" include/internal/sslconf.h"; -$crypto.=" include/openssl/des.h" ; # unless $no_des; -$crypto.=" include/openssl/idea.h" ; # unless $no_idea; -$crypto.=" include/openssl/rc4.h" ; # unless $no_rc4; -$crypto.=" include/openssl/rc5.h" ; # unless $no_rc5; -$crypto.=" include/openssl/rc2.h" ; # unless $no_rc2; -$crypto.=" include/openssl/blowfish.h" ; # unless $no_bf; -$crypto.=" include/openssl/cast.h" ; # unless $no_cast; -$crypto.=" include/openssl/whrlpool.h" ; -$crypto.=" include/openssl/md2.h" ; # unless $no_md2; -$crypto.=" include/openssl/md4.h" ; # unless $no_md4; -$crypto.=" include/openssl/md5.h" ; # unless $no_md5; -$crypto.=" include/openssl/mdc2.h" ; # unless $no_mdc2; -$crypto.=" include/openssl/sha.h" ; # unless $no_sha; -$crypto.=" include/openssl/ripemd.h" ; # unless $no_ripemd; -$crypto.=" include/openssl/aes.h" ; # unless $no_aes; -$crypto.=" include/openssl/camellia.h" ; # unless $no_camellia; -$crypto.=" include/openssl/seed.h"; # unless $no_seed; - -$crypto.=" include/openssl/bn.h"; -$crypto.=" include/openssl/rsa.h" ; # unless $no_rsa; -$crypto.=" include/openssl/dsa.h" ; # unless $no_dsa; -$crypto.=" include/openssl/dh.h" ; # unless $no_dh; -$crypto.=" include/openssl/ec.h" ; # unless $no_ec; -$crypto.=" include/openssl/hmac.h" ; # unless $no_hmac; -$crypto.=" include/openssl/cmac.h" ; - -$crypto.=" include/openssl/engine.h"; # unless $no_engine; -$crypto.=" include/openssl/stack.h" ; # unless $no_stack; -$crypto.=" include/openssl/buffer.h" ; # unless $no_buffer; -$crypto.=" include/openssl/bio.h" ; # unless $no_bio; -$crypto.=" include/internal/dso.h" ; # unless $no_dso; -$crypto.=" include/openssl/lhash.h" ; # unless $no_lhash; -$crypto.=" include/openssl/conf.h"; -$crypto.=" include/openssl/txt_db.h"; - -$crypto.=" include/openssl/evp.h" ; # unless $no_evp; -$crypto.=" include/openssl/objects.h"; -$crypto.=" include/openssl/pem.h"; -#$crypto.=" include/openssl/meth.h"; -$crypto.=" include/openssl/asn1.h"; -$crypto.=" include/openssl/asn1t.h"; -$crypto.=" include/openssl/err.h" ; # unless $no_err; -$crypto.=" include/openssl/pkcs7.h"; -$crypto.=" include/openssl/pkcs12.h"; -$crypto.=" include/openssl/x509.h"; -$crypto.=" include/openssl/x509_vfy.h"; -$crypto.=" include/openssl/x509v3.h"; -$crypto.=" include/openssl/ts.h"; -$crypto.=" include/openssl/rand.h"; -$crypto.=" include/openssl/comp.h" ; # unless $no_comp; -$crypto.=" include/openssl/ocsp.h"; -$crypto.=" include/openssl/ui.h"; -#$crypto.=" include/openssl/store.h"; -$crypto.=" include/openssl/cms.h"; -$crypto.=" include/openssl/srp.h"; -$crypto.=" include/openssl/modes.h"; -$crypto.=" include/openssl/async.h"; -$crypto.=" include/openssl/ct.h"; -$crypto.=" include/openssl/kdf.h"; +foreach my $f ( glob(catfile($config{sourcedir},'include/openssl/*.h')) ) { + my $fn = "include/openssl/" . basename($f); + $crypto .= " $fn" if !defined $skipthese{$fn}; +} my $symhacks="include/openssl/symhacks.h"; @@ -344,7 +282,7 @@ } &update_numbers(*OUT,"LIBCRYPTO",*crypto_list,$max_crypto,@crypto_symbols); close OUT; -} +} } elsif ($do_checkexist) { &check_existing(*ssl_list, @ssl_symbols) @@ -400,14 +338,16 @@ sub do_defs foreach $file (split(/\s+/,$symhacksfile." ".$files)) { my $fn = catfile($config{sourcedir},$file); + print STDERR "DEBUG: starting on $fn:\n" if $debug; print STDERR "TRACE: start reading $fn\n" if $trace; - open(IN,"<$fn") || die "unable to open $fn:$!\n"; + open(IN,"<$fn") || die "Can't open $fn, $!,"; my $line = "", my $def= ""; my %tag = ( (map { $_ => 0 } @known_platforms), (map { "OPENSSL_SYS_".$_ => 0 } @known_ossl_platforms), (map { "OPENSSL_NO_".$_ => 0 } @known_algorithms), (map { "OPENSSL_USE_".$_ => 0 } @known_algorithms), + (grep /^DEPRECATED_/, @known_algorithms), NOPROTO => 0, PERL5 => 0, _WINDLL => 0, @@ -499,7 +439,7 @@ sub do_defs } if(/\/\*/) { - if (not /\*\//) { # multiline comment... + if (not /\*\//) { # multi-line comment... $line = $_; # ... just accumulate next; } else { @@ -520,7 +460,22 @@ sub do_defs s/{[^{}]*}//gs; # ignore {} blocks print STDERR "DEBUG: \$def=\"$def\"\n" if $debug && $def ne ""; print STDERR "DEBUG: \$_=\"$_\"\n" if $debug; - if (/^\#\s*ifndef\s+(.*)/) { + if (/^\#\s*if\s+OPENSSL_API_COMPAT\s*(\S)\s*(0x[0-9a-fA-F]{8})L\s*$/) { + my $op = $1; + my $v = hex($2); + if ($op ne '<' && $op ne '>=') { + die "$file unacceptable operator $op: $_\n"; + } + my ($one, $major, $minor) = + ( ($v >> 28) & 0xf, + ($v >> 20) & 0xff, + ($v >> 12) & 0xff ); + my $t = "DEPRECATEDIN_${one}_${major}_${minor}"; + push(@tag,"-"); + push(@tag,$t); + $tag{$t}=($op eq '<' ? 1 : -1); + print STDERR "DEBUG: $file: found tag $t = $tag{$t}\n" if $debug; + } elsif (/^\#\s*ifndef\s+(.*)/) { push(@tag,"-"); push(@tag,$1); $tag{$1}=-1; @@ -569,7 +524,7 @@ sub do_defs while($tag[$tag_i] ne "-") { if ($tag[$tag_i] eq "OPENSSL_NO_".$1) { $tag{$tag[$tag_i]}=2; - print STDERR "DEBUG: $file: chaged tag $1 = 2\n" if $debug; + print STDERR "DEBUG: $file: changed tag $1 = 2\n" if $debug; } $tag_i--; } @@ -652,6 +607,9 @@ sub do_defs , grep(!/^$/, map { $tag{"OPENSSL_USE_".$_} == 1 ? $_ : "" } @known_algorithms); + push @current_algorithms, + grep { /^DEPRECATEDIN_/ && $tag{$_} == 1 } + @known_algorithms; $def .= "#INFO:" .join(',',@current_platforms).":" @@ -666,7 +624,7 @@ sub do_defs $def .= "int d2i_$3(void);"; $def .= "int i2d_$3(void);"; # Variant for platforms that do not - # have to access globale variables + # have to access global variables # in shared libraries through functions $def .= "#INFO:" @@ -678,7 +636,7 @@ sub do_defs .join(',',@current_platforms).":" .join(',',@current_algorithms).";"; # Variant for platforms that have to - # access globale variables in shared + # access global variables in shared # libraries through functions &$make_variant("$2_it","$2_it", "EXPORT_VAR_AS_FUNCTION", @@ -690,7 +648,7 @@ sub do_defs $def .= "int $3_free(void);"; $def .= "int $3_new(void);"; # Variant for platforms that do not - # have to access globale variables + # have to access global variables # in shared libraries through functions $def .= "#INFO:" @@ -702,7 +660,7 @@ sub do_defs .join(',',@current_platforms).":" .join(',',@current_algorithms).";"; # Variant for platforms that have to - # access globale variables in shared + # access global variables in shared # libraries through functions &$make_variant("$2_it","$2_it", "EXPORT_VAR_AS_FUNCTION", @@ -715,7 +673,7 @@ sub do_defs $def .= "int $1_free(void);"; $def .= "int $1_new(void);"; # Variant for platforms that do not - # have to access globale variables + # have to access global variables # in shared libraries through functions $def .= "#INFO:" @@ -727,7 +685,7 @@ sub do_defs .join(',',@current_platforms).":" .join(',',@current_algorithms).";"; # Variant for platforms that have to - # access globale variables in shared + # access global variables in shared # libraries through functions &$make_variant("$1_it","$1_it", "EXPORT_VAR_AS_FUNCTION", @@ -737,7 +695,7 @@ sub do_defs $def .= "int d2i_$2(void);"; $def .= "int i2d_$2(void);"; # Variant for platforms that do not - # have to access globale variables + # have to access global variables # in shared libraries through functions $def .= "#INFO:" @@ -749,7 +707,7 @@ sub do_defs .join(',',@current_platforms).":" .join(',',@current_algorithms).";"; # Variant for platforms that have to - # access globale variables in shared + # access global variables in shared # libraries through functions &$make_variant("$2_it","$2_it", "EXPORT_VAR_AS_FUNCTION", @@ -765,7 +723,7 @@ sub do_defs $def .= "int $2_free(void);"; $def .= "int $2_new(void);"; # Variant for platforms that do not - # have to access globale variables + # have to access global variables # in shared libraries through functions $def .= "#INFO:" @@ -777,7 +735,7 @@ sub do_defs .join(',',@current_platforms).":" .join(',',@current_algorithms).";"; # Variant for platforms that have to - # access globale variables in shared + # access global variables in shared # libraries through functions &$make_variant("$2_it","$2_it", "EXPORT_VAR_AS_FUNCTION", @@ -785,7 +743,7 @@ sub do_defs next; } elsif (/^\s*DECLARE_ASN1_ITEM\s*\(\s*(\w*)\s*\)/) { # Variant for platforms that do not - # have to access globale variables + # have to access global variables # in shared libraries through functions $def .= "#INFO:" @@ -797,7 +755,7 @@ sub do_defs .join(',',@current_platforms).":" .join(',',@current_algorithms).";"; # Variant for platforms that have to - # access globale variables in shared + # access global variables in shared # libraries through functions &$make_variant("$1_it","$1_it", "EXPORT_VAR_AS_FUNCTION", @@ -863,7 +821,7 @@ sub do_defs next; } elsif (/^OPENSSL_DECLARE_GLOBAL\s*\(\s*(\w*)\s*,\s*(\w*)\s*\)/) { # Variant for platforms that do not - # have to access globale variables + # have to access global variables # in shared libraries through functions $def .= "#INFO:" @@ -875,7 +833,7 @@ sub do_defs .join(',',@current_platforms).":" .join(',',@current_algorithms).";"; # Variant for platforms that have to - # access globale variables in shared + # access global variables in shared # libraries through functions &$make_variant("_shadow_$2","_shadow_$2", "EXPORT_VAR_AS_FUNCTION", @@ -1116,7 +1074,7 @@ sub is_valid return 0; } else { # algorithms - if ($disabled_algorithms{$keyword} == 1) { return 0;} + if ($disabled_algorithms{$keyword}) { return 0;} # Nothing recognise as true return 1; @@ -1191,9 +1149,6 @@ sub print_def_file my $prevnum = 0; my $symvtextcount = 0; - if ($W32) - { $libname.="32"; } - if ($W32) { print OUT <<"EOF"; @@ -1210,6 +1165,7 @@ sub print_def_file elsif ($VMS) { print OUT <<"EOF"; +IDENTIFICATION=$version CASE_SENSITIVE=YES SYMBOL_VECTOR=(- EOF @@ -1275,6 +1231,8 @@ sub print_def_file $prevsymversion = $symversion; } print OUT " $s2;\n"; + } elsif ($aix) { + print OUT "$s2\n"; } elsif ($VMS) { while(++$prevnum < $n) { my $symline=" ,SPARE -\n ,SPARE -\n"; @@ -1612,8 +1570,7 @@ () if ($cvnums ne $tvnums) { die "Invalid version number: $testversion " ."for current version $currversion\n" - if (substr($cvnums, -1) < substr($tvnums, -1) - || substr($cvnums, 0, 4) ne substr($tvnums, 0, 4)); + if (substr($cvnums, 0, 4) ne substr($tvnums, 0, 4)); return; } #If we get here then the base version (i.e. the numbers) are the same - they @@ -1666,7 +1623,7 @@ () { my ($decl, $plats, $algs) = @_; $decl =~ /^\s*(DEPRECATEDIN_\d+_\d+_\d+)\s*\((.*)\)\s*$/ - or die "Bad DEPRECTEDIN: $decl\n"; + or die "Bad DEPRECATEDIN: $decl\n"; my $info1 .= "#INFO:"; $info1 .= join(',', @{$plats}) . ":"; my $info2 = $info1; diff --git a/deps/openssl/openssl/util/mkerr.pl b/deps/openssl/openssl/util/mkerr.pl old mode 100644 new mode 100755 index 79c8cfc31c4365..0ea02961a5fdea --- a/deps/openssl/openssl/util/mkerr.pl +++ b/deps/openssl/openssl/util/mkerr.pl @@ -1,590 +1,562 @@ #! /usr/bin/env perl -# Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy # in the file LICENSE in the source distribution or at # https://www.openssl.org/source/license.html -my $config = "crypto/err/openssl.ec"; -my $debug = 0; -my $unref = 0; -my $rebuild = 0; -my $static = 1; -my $recurse = 0; -my $reindex = 0; -my $dowrite = 0; -my $staticloader = ""; -my @t = localtime(); -my $YEAR = @t[5] + 1900; - -my $pack_errcode; -my $load_errcode; - -my $errcount; -my $year = (localtime)[5] + 1900; - -while (@ARGV) { - my $arg = $ARGV[0]; - if($arg eq "-conf") { - shift @ARGV; - $config = shift @ARGV; - } elsif($arg eq "-hprefix") { - shift @ARGV; - $hprefix = shift @ARGV; - } elsif($arg eq "-debug") { - $debug = 1; - $unref = 1; - shift @ARGV; - } elsif($arg eq "-rebuild") { - $rebuild = 1; - shift @ARGV; - } elsif($arg eq "-recurse") { - $recurse = 1; - shift @ARGV; - } elsif($arg eq "-reindex") { - $reindex = 1; - shift @ARGV; - } elsif($arg eq "-nostatic") { - $static = 0; - shift @ARGV; - } elsif($arg eq "-staticloader") { - $staticloader = "static "; - shift @ARGV; - } elsif($arg eq "-unref") { - $unref = 1; - shift @ARGV; - } elsif($arg eq "-write") { - $dowrite = 1; - shift @ARGV; - } elsif($arg eq "-help" || $arg eq "-h" || $arg eq "-?" || $arg eq "--help") { - print STDERR <<"EOF"; -mkerr.pl [options] ... +use strict; +use warnings; + +use lib "."; +use configdata; + +my $config = "crypto/err/openssl.ec"; +my $debug = 0; +my $internal = 0; +my $nowrite = 0; +my $rebuild = 0; +my $reindex = 0; +my $static = 0; +my $unref = 0; +my %modules = (); + +my $errors = 0; +my @t = localtime(); +my $YEAR = $t[5] + 1900; + +sub phase +{ + my $text = uc(shift); + print STDERR "\n---\n$text\n" if $debug; +} + +sub help +{ + print STDERR <<"EOF"; +mkerr.pl [options] [files...] Options: - -conf F Use the config file F instead of the default one: - crypto/err/openssl.ec - - -hprefix P Prepend the filenames in generated #include

- statements with prefix P. Default: 'openssl/' (without - the quotes, naturally) - NOTE: not used any more because our include directory - structure has changed. - - -debug Turn on debugging verbose output on stderr. - - -rebuild Rebuild all header and C source files, irrespective of the - fact if any error or function codes have been added/removed. - Default: only update files for libraries which saw change - (of course, this requires '-write' as well, or no - files will be touched!) - - -recurse scan a preconfigured set of directories / files for error and - function codes: - (, , , ) - When this option is NOT specified, the filelist is taken from - the commandline instead. Here, wildcards may be embedded. (Be - sure to escape those to prevent the shell from expanding them - for you when you wish mkerr.pl to do so instead.) - Default: take file list to scan from the command line. - - -reindex Discard the numeric values previously assigned to the error - and function codes as extracted from the scanned header files; - instead renumber all of them starting from 100. (Note that - the numbers assigned through 'R' records in the config file - remain intact.) - Default: keep previously assigned numbers. (You are warned - when collisions are detected.) - - -nostatic Generates a different source code, where these additional - functions are generated for each library specified in the - config file: - void ERR_load__strings(void); - void ERR_unload__strings(void); - void ERR__error(int f, int r, char *fn, int ln); - #define err(f,r) ERR__error(f,r,OPENSSL_FILE,OPENSSL_LINE) - while the code facilitates the use of these in an environment - where the error support routines are dynamically loaded at - runtime. - Default: 'static' code generation. - - -staticloader Prefix generated functions with the 'static' scope modifier. - Default: don't write any scope modifier prefix. - - -unref Print out unreferenced function and reason codes. - - -write Actually (over)write the generated code to the header and C - source files as assigned to each library through the config - file. - Default: don't write. - - -help / -h / -? / --help Show this help text. - - ... Additional arguments are added to the file list to scan, - assuming '-recurse' was NOT specified on the command line. + -conf FILE Use the named config file FILE instead of the default. + + -debug Verbose output debugging on stderr. + + -internal Generate code that is to be built as part of OpenSSL itself. + Also scans internal list of files. + + -module M Only useful with -internal! + Only write files for library module M. Whether files are + actually written or not depends on other options, such as + -rebuild. + Note: this option is cumulative. If not given at all, all + internal modules will be considered. + + -nowrite Do not write the header/source files, even if changed. + + -rebuild Rebuild all header and C source files, even if there + were no changes. + + -reindex Ignore previously assigned values (except for R records in + the config file) and renumber everything starting at 100. + + -static Make the load/unload functions static. + + -unref List all unreferenced function and reason codes on stderr; + implies -nowrite. + + -help Show this help text. + + ... Additional arguments are added to the file list to scan, + if '-internal' was NOT specified on the command line. EOF - exit 1; - } else { - last; - } } -if($recurse) { - @source = ( , , , ) -} else { - @source = @ARGV; +while ( @ARGV ) { + my $arg = $ARGV[0]; + last unless $arg =~ /-.*/; + $arg = $1 if $arg =~ /-(-.*)/; + if ( $arg eq "-conf" ) { + $config = $ARGV[1]; + shift @ARGV; + } elsif ( $arg eq "-debug" ) { + $debug = 1; + $unref = 1; + } elsif ( $arg eq "-internal" ) { + $internal = 1; + } elsif ( $arg eq "-nowrite" ) { + $nowrite = 1; + } elsif ( $arg eq "-rebuild" ) { + $rebuild = 1; + } elsif ( $arg eq "-reindex" ) { + $reindex = 1; + } elsif ( $arg eq "-static" ) { + $static = 1; + } elsif ( $arg eq "-unref" ) { + $unref = 1; + $nowrite = 1; + } elsif ( $arg eq "-module" ) { + shift @ARGV; + $modules{uc $ARGV[0]} = 1; + } elsif ( $arg =~ /-*h(elp)?/ ) { + &help(); + exit; + } elsif ( $arg =~ /-.*/ ) { + die "Unknown option $arg; use -h for help.\n"; + } + shift @ARGV; } -# Read in the config file - -open(IN, "<$config") || die "Can't open config file $config"; +my @source; +if ( $internal ) { + die "Cannot mix -internal and -static\n" if $static; + die "Extra parameters given.\n" if @ARGV; + @source = ( glob('crypto/*.c'), glob('crypto/*/*.c'), + glob('ssl/*.c'), glob('ssl/*/*.c') ); +} else { + die "-module isn't useful without -internal\n" if scalar keys %modules > 0; + @source = @ARGV; +} -# Parse config file +# Data parsed out of the config and state files. +my %hinc; # lib -> header +my %libinc; # header -> lib +my %cskip; # error_file -> lib +my %errorfile; # lib -> error file name +my %fmax; # lib -> max assigned function code +my %rmax; # lib -> max assigned reason code +my %fassigned; # lib -> colon-separated list of assigned function codes +my %rassigned; # lib -> colon-separated list of assigned reason codes +my %fnew; # lib -> count of new function codes +my %rnew; # lib -> count of new reason codes +my %rextra; # "extra" reason code -> lib +my %rcodes; # reason-name -> value +my %ftrans; # old name -> #define-friendly name (all caps) +my %fcodes; # function-name -> value +my $statefile; # state file with assigned reason and function codes +my %strings; # define -> text + +# Read and parse the config file +open(IN, "$config") || die "Can't open config file $config, $!,"; +while ( ) { + next if /^#/ || /^$/; + if ( /^L\s+(\S+)\s+(\S+)\s+(\S+)/ ) { + my $lib = $1; + my $hdr = $2; + my $err = $3; + $hinc{$lib} = $hdr; + $libinc{$hdr} = $lib; + $cskip{$err} = $lib; + next if $err eq 'NONE'; + $errorfile{$lib} = $err; + $fmax{$lib} = 100; + $rmax{$lib} = 100; + $fassigned{$lib} = ":"; + $rassigned{$lib} = ":"; + $fnew{$lib} = 0; + $rnew{$lib} = 0; + } elsif ( /^R\s+(\S+)\s+(\S+)/ ) { + $rextra{$1} = $2; + $rcodes{$1} = $2; + } elsif ( /^S\s+(\S+)/ ) { + $statefile = $1; + } else { + die "Illegal config line $_\n"; + } +} +close IN; -while() -{ - if(/^L\s+(\S+)\s+(\S+)\s+(\S+)/) { - $hinc{$1} = $2; - $libinc{$2} = $1; - $cskip{$3} = $1; - if($3 ne "NONE") { - $csrc{$1} = $3; - $fmax{$1} = 100; - $rmax{$1} = 100; - $fassigned{$1} = ":"; - $rassigned{$1} = ":"; - $fnew{$1} = 0; - $rnew{$1} = 0; - } - } elsif (/^F\s+(\S+)/) { - # Add extra function with $1 - } elsif (/^R\s+(\S+)\s+(\S+)/) { - $rextra{$1} = $2; - $rcodes{$1} = $2; - } +if ( ! $statefile ) { + $statefile = $config; + $statefile =~ s/.ec/.txt/; } -close IN; +# The statefile has all the previous assignments. +&phase("Reading state"); +my $skippedstate = 0; +if ( ! $reindex && $statefile ) { + open(STATE, "<$statefile") || die "Can't open $statefile, $!"; + + # Scan function and reason codes and store them: keep a note of the + # maximum code used. + while ( ) { + next if /^#/ || /^$/; + my $name; + my $code; + if ( /^(.+):(\d+):\\$/ ) { + $name = $1; + $code = $2; + my $next = ; + $next =~ s/^\s*(.*)\s*$/$1/; + die "Duplicate define $name" if exists $strings{$name}; + $strings{$name} = $next; + } elsif ( /^(\S+):(\d+):(.*)$/ ) { + $name = $1; + $code = $2; + die "Duplicate define $name" if exists $strings{$name}; + $strings{$name} = $3; + } else { + die "Bad line in $statefile:\n$_\n"; + } + my $lib = $name; + $lib =~ s/^((?:OSSL_|OPENSSL_)?[^_]{2,}).*$/$1/; + $lib = "SSL" if $lib =~ /TLS/; + if ( !defined $errorfile{$lib} ) { + print "Skipping $_"; + $skippedstate++; + next; + } + if ( $name =~ /^(?:OSSL_|OPENSSL_)?[A-Z0-9]{2,}_R_/ ) { + die "$lib reason code $code collision at $name\n" + if $rassigned{$lib} =~ /:$code:/; + $rassigned{$lib} .= "$code:"; + if ( !exists $rextra{$name} ) { + $rmax{$lib} = $code if $code > $rmax{$lib}; + } + $rcodes{$name} = $code; + } elsif ( $name =~ /^(?:OSSL_|OPENSSL_)?[A-Z0-9]{2,}_F_/ ) { + die "$lib function code $code collision at $name\n" + if $fassigned{$lib} =~ /:$code:/; + $fassigned{$lib} .= "$code:"; + $fmax{$lib} = $code if $code > $fmax{$lib}; + $fcodes{$name} = $code; + } else { + die "Bad line in $statefile:\n$_\n"; + } + } + close(STATE); + + if ( $debug ) { + foreach my $lib ( sort keys %rmax ) { + print STDERR "Reason codes for ${lib}:\n"; + if ( $rassigned{$lib} =~ m/^:(.*):$/ ) { + my @rassigned = sort { $a <=> $b } split( ":", $1 ); + print STDERR " ", join(' ', @rassigned), "\n"; + } else { + print STDERR " --none--\n"; + } + } + print STDERR "\n"; + foreach my $lib ( sort keys %fmax ) { + print STDERR "Function codes for ${lib}:\n"; + if ( $fassigned{$lib} =~ m/^:(.*):$/ ) { + my @fassigned = sort { $a <=> $b } split( ":", $1 ); + print STDERR " ", join(' ', @fassigned), "\n"; + } else { + print STDERR " --none--\n"; + } + } + } +} -# Scan each header file in turn and make a list of error codes +# Scan each header file and make a list of error codes # and function names +&phase("Scanning headers"); +while ( ( my $hdr, my $lib ) = each %libinc ) { + next if $hdr eq "NONE"; + print STDERR " ." if $debug; + my $line = ""; + my $def = ""; + my $linenr = 0; + my $cpp = 0; + + open(IN, "<$hdr") || die "Can't open $hdr, $!,"; + while ( ) { + $linenr++; + + if ( $line ne '' ) { + $_ = $line . $_; + $line = ''; + } + + if ( /\\$/ ) { + $line = $_; + next; + } + + if ( /\/\*/ ) { + if ( not /\*\// ) { # multiline comment... + $line = $_; # ... just accumulate + next; + } else { + s/\/\*.*?\*\///gs; # wipe it + } + } -while (($hdr, $lib) = each %libinc) -{ - next if($hdr eq "NONE"); - print STDERR "Scanning header file $hdr\n" if $debug; - my $line = "", $def= "", $linenr = 0, $gotfile = 0, $cpp = 0; - if (open(IN, "<$hdr")) { - $gotfile = 1; - while() { - $linenr++; - print STDERR "line: $linenr\r" if $debug; - - last if(/BEGIN\s+ERROR\s+CODES/); - if ($line ne '') { - $_ = $line . $_; - $line = ''; - } - - if (/\\$/) { - $line = $_; - next; - } - - if(/\/\*/) { - if (not /\*\//) { # multiline comment... - $line = $_; # ... just accumulate - next; - } else { - s/\/\*.*?\*\///gs; # wipe it - } - } - - if ($cpp) { - $cpp++ if /^#\s*if/; - $cpp-- if /^#\s*endif/; - next; - } - $cpp = 1 if /^#.*ifdef.*cplusplus/; # skip "C" declaration - - next if (/^\#/); # skip preprocessor directives - - s/{[^{}]*}//gs; # ignore {} blocks - - if (/\{|\/\*/) { # Add a } so editor works... - $line = $_; - } else { - $def .= $_; - } - } - } - - print STDERR " \r" if $debug; - $defnr = 0; - # Delete any DECLARE_ macros - $def =~ s/DECLARE_\w+\([\w,\s]+\)//gs; - foreach (split /;/, $def) { - $defnr++; - print STDERR "def: $defnr\r" if $debug; - - # The goal is to collect function names from function declarations. - - s/^[\n\s]*//g; - s/[\n\s]*$//g; - - # Skip over recognized non-function declarations - next if(/typedef\W/ or /DECLARE_STACK_OF/ or /TYPEDEF_.*_OF/); - - # Remove STACK_OF(foo) - s/STACK_OF\(\w+\)/void/; - - # Reduce argument lists to empty () - # fold round brackets recursively: (t(*v)(t),t) -> (t{}{},t) -> {} - while(/\(.*\)/s) { - s/\([^\(\)]+\)/\{\}/gs; - s/\(\s*\*\s*(\w+)\s*\{\}\s*\)/$1/gs; #(*f{}) -> f - } - # pretend as we didn't use curly braces: {} -> () - s/\{\}/\(\)/gs; - - if (/(\w+)\s*\(\).*/s) { # first token prior [first] () is - my $name = $1; # a function name! - $name =~ tr/[a-z]/[A-Z]/; - $ftrans{$name} = $1; - } elsif (/[\(\)]/ and not (/=/)) { - print STDERR "Header $hdr: cannot parse: $_;\n"; - } - } - - print STDERR " \r" if $debug; - - next if $reindex; - - # Scan function and reason codes and store them: keep a note of the - # maximum code used. - - if ($gotfile) { - while() { - if(/^\#\s*define\s+(\S+)\s+(\S+)/) { - $name = $1; - $code = $2; - next if $name =~ /^${lib}err/; - unless($name =~ /^${lib}_([RF])_(\w+)$/) { - print STDERR "Invalid error code $name\n"; - next; - } - if($1 eq "R") { - $rcodes{$name} = $code; - if ($rassigned{$lib} =~ /:$code:/) { - print STDERR "!! ERROR: $lib reason code $code assigned twice (collision at $name)\n"; - ++$errcount; - } - $rassigned{$lib} .= "$code:"; - if(!(exists $rextra{$name}) && - ($code > $rmax{$lib}) ) { - $rmax{$lib} = $code; - } - } else { - if ($fassigned{$lib} =~ /:$code:/) { - print STDERR "!! ERROR: $lib function code $code assigned twice (collision at $name)\n"; - ++$errcount; - } - $fassigned{$lib} .= "$code:"; - if($code > $fmax{$lib}) { - $fmax{$lib} = $code; - } - $fcodes{$name} = $code; - } - } - } - } - - if ($debug) { - if (defined($fmax{$lib})) { - print STDERR "Max function code fmax" . "{" . "$lib" . "} = $fmax{$lib}\n"; - $fassigned{$lib} =~ m/^:(.*):$/; - @fassigned = sort {$a <=> $b} split(":", $1); - print STDERR " @fassigned\n"; - } - if (defined($rmax{$lib})) { - print STDERR "Max reason code rmax" . "{" . "$lib" . "} = $rmax{$lib}\n"; - $rassigned{$lib} =~ m/^:(.*):$/; - @rassigned = sort {$a <=> $b} split(":", $1); - print STDERR " @rassigned\n"; - } - } - - if ($lib eq "SSL") { - if ($rmax{$lib} >= 1000) { - print STDERR "!! ERROR: SSL error codes 1000+ are reserved for alerts.\n"; - print STDERR "!! Any new alerts must be added to $config.\n"; - ++$errcount; - print STDERR "\n"; - } - } - close IN; + if ( $cpp ) { + $cpp++ if /^#\s*if/; + $cpp-- if /^#\s*endif/; + next; + } + $cpp = 1 if /^#.*ifdef.*cplusplus/; # skip "C" declaration + + next if /^\#/; # skip preprocessor directives + + s/{[^{}]*}//gs; # ignore {} blocks + + if ( /\{|\/\*/ ) { # Add a so editor works... + $line = $_; + } else { + $def .= $_; + } + } + + # Delete any DECLARE_ macros + my $defnr = 0; + $def =~ s/DECLARE_\w+\([\w,\s]+\)//gs; + foreach ( split /;/, $def ) { + $defnr++; + # The goal is to collect function names from function declarations. + + s/^[\n\s]*//g; + s/[\n\s]*$//g; + + # Skip over recognized non-function declarations + next if /typedef\W/ or /DECLARE_STACK_OF/ or /TYPEDEF_.*_OF/; + + # Remove STACK_OF(foo) + s/STACK_OF\(\w+\)/void/; + + # Reduce argument lists to empty () + # fold round brackets recursively: (t(*v)(t),t) -> (t{}{},t) -> {} + while ( /\(.*\)/s ) { + s/\([^\(\)]+\)/\{\}/gs; + s/\(\s*\*\s*(\w+)\s*\{\}\s*\)/$1/gs; #(*f{}) -> f + } + + # pretend as we didn't use curly braces: {} -> () + s/\{\}/\(\)/gs; + + # Last token just before the first () is a function name. + if ( /(\w+)\s*\(\).*/s ) { + my $name = $1; + $name =~ tr/[a-z]/[A-Z]/; + $ftrans{$name} = $1; + } elsif ( /[\(\)]/ and not(/=/) ) { + print STDERR "Header $hdr: cannot parse: $_;\n"; + } + } + + next if $reindex; + + if ( $lib eq "SSL" && $rmax{$lib} >= 1000 ) { + print STDERR "SSL error codes 1000+ are reserved for alerts.\n"; + print STDERR "Any new alerts must be added to $config.\n"; + $errors++; + } + close IN; } +print STDERR "\n" if $debug; # Scan each C source file and look for function and reason codes # This is done by looking for strings that "look like" function or # reason codes: basically anything consisting of all upper case and # numerics which has _F_ or _R_ in it and which has the name of an -# error library at the start. This seems to work fine except for the +# error library at the start. This seems to work fine except for the # oddly named structure BIO_F_CTX which needs to be ignored. # If a code doesn't exist in list compiled from headers then mark it # with the value "X" as a place holder to give it a value later. -# Store all function and reason codes found in %ufcodes and %urcodes +# Store all function and reason codes found in %usedfuncs and %usedreasons # so all those unreferenced can be printed out. - - -foreach $file (@source) { - # Don't parse the error source file. - next if exists $cskip{$file}; - print STDERR "File loaded: ".$file."\r" if $debug; - open(IN, "<$file") || die "Can't open source file $file\n"; - my $func; - my $linenr = 0; - while() { - # skip obsoleted source files entirely! - last if(/^#error\s+obsolete/); - $linenr++; - if (!/;$/ && /^\**([a-zA-Z_].*[\s*])?([A-Za-z_0-9]+)\(.*([),]|$)/) - { - /^([^()]*(\([^()]*\)[^()]*)*)\(/; - $1 =~ /([A-Za-z_0-9]*)$/; - $func = $1; - } - - if(/(([A-Z0-9]+)_F_([A-Z0-9_]+))/) { - next unless exists $csrc{$2}; - next if($1 eq "BIO_F_BUFFER_CTX"); - $ufcodes{$1} = 1; - if(!exists $fcodes{$1}) { - $fcodes{$1} = "X"; - $fnew{$2}++; - } - $ftrans{$3} = $func unless exists $ftrans{$3}; - if (uc $func ne $3) { +&phase("Scanning source"); +my %usedfuncs; +my %usedreasons; +foreach my $file ( @source ) { + # Don't parse the error source file. + next if exists $cskip{$file}; + open( IN, "<$file" ) || die "Can't open $file, $!,"; + my $func; + my $linenr = 0; + print STDERR "$file:\n" if $debug; + while ( ) { + + # skip obsoleted source files entirely! + last if /^#error\s+obsolete/; + $linenr++; + if ( !/;$/ && /^\**([a-zA-Z_].*[\s*])?([A-Za-z_0-9]+)\(.*([),]|$)/ ) { + /^([^()]*(\([^()]*\)[^()]*)*)\(/; + $1 =~ /([A-Za-z_0-9]*)$/; + $func = $1; + } + + if ( /(((?:OSSL_|OPENSSL_)?[A-Z0-9]{2,})_F_([A-Z0-9_]+))/ ) { + next unless exists $errorfile{$2}; + next if $1 eq "BIO_F_BUFFER_CTX"; + $usedfuncs{$1} = 1; + if ( !exists $fcodes{$1} ) { + print STDERR " New function $1\n" if $debug; + $fcodes{$1} = "X"; + $fnew{$2}++; + } + $ftrans{$3} = $func unless exists $ftrans{$3}; + if ( uc($func) ne $3 ) { print STDERR "ERROR: mismatch $file:$linenr $func:$3\n"; - $errcount++; + $errors++; + } + print STDERR " Function $1 = $fcodes{$1}\n" + if $debug; + } + if ( /(((?:OSSL_|OPENSSL_)?[A-Z0-9]{2,})_R_[A-Z0-9_]+)/ ) { + next unless exists $errorfile{$2}; + $usedreasons{$1} = 1; + if ( !exists $rcodes{$1} ) { + print STDERR " New reason $1\n" if $debug; + $rcodes{$1} = "X"; + $rnew{$2}++; } - print STDERR "Function: $1\t= $fcodes{$1} (lib: $2, name: $3)\n" if $debug; - } - if(/(([A-Z0-9]+)_R_[A-Z0-9_]+)/) { - next unless exists $csrc{$2}; - $urcodes{$1} = 1; - if(!exists $rcodes{$1}) { - $rcodes{$1} = "X"; - $rnew{$2}++; - } - print STDERR "Reason: $1\t= $rcodes{$1} (lib: $2)\n" if $debug; - } - } - close IN; + print STDERR " Reason $1 = $rcodes{$1}\n" if $debug; + } + } + close IN; } -print STDERR " \n" if $debug; +print STDERR "\n" if $debug; # Now process each library in turn. +&phase("Writing files"); +my $newstate = 0; +foreach my $lib ( keys %errorfile ) { + if ( ! $fnew{$lib} && ! $rnew{$lib} ) { + next unless $rebuild; + } + next if scalar keys %modules > 0 && !$modules{$lib}; + next if $nowrite; + print STDERR "$lib: $fnew{$lib} new functions\n" if $fnew{$lib}; + print STDERR "$lib: $rnew{$lib} new reasons\n" if $rnew{$lib}; + $newstate = 1; -foreach $lib (keys %csrc) -{ - my $hfile = $hinc{$lib}; - my $cfile = $csrc{$lib}; - if(!$fnew{$lib} && !$rnew{$lib}) { - next unless $rebuild; - } else { - print STDERR "$lib:\t\t$fnew{$lib} New Functions,"; - print STDERR " $rnew{$lib} New Reasons.\n"; - next unless $dowrite; - } - - # If we get here then we have some new error codes so we - # need to rebuild the header file and C file. - - # Make a sorted list of error and reason codes for later use. - - my @function = sort grep(/^${lib}_/,keys %fcodes); - my @reasons = sort grep(/^${lib}_/,keys %rcodes); - - # Rewrite the header file - - $cpp = 0; - $cplusplus = 0; - if (open(IN, "<$hfile")) { - # Copy across the old file - while() { - $cplusplus = $cpp if /^#.*ifdef.*cplusplus/; - $cpp++ if /^#\s*if/; - $cpp-- if /^#\s*endif/; - push @out, $_; - last if (/BEGIN ERROR CODES/); - } - close IN; - } else { - $cpp = 1; - $cplusplus = 1; - push @out, -"/*\n", -" * Copyright 1995-$YEAR The OpenSSL Project Authors. All Rights Reserved.\n", -" *\n", -" * Licensed under the OpenSSL license (the \"License\"). You may not use\n", -" * this file except in compliance with the License. You can obtain a copy\n", -" * in the file LICENSE in the source distribution or at\n", -" * https://www.openssl.org/source/license.html\n", -" */\n", -"\n", -"#ifndef HEADER_${lib}_ERR_H\n", -"# define HEADER_${lib}_ERR_H\n", -"\n", -"# ifdef __cplusplus\n", -"extern \"C\" {\n", -"# endif\n", -"\n", -"/* BEGIN ERROR CODES */\n"; - } - open (OUT, ">$hfile") || die "Can't Open File $hfile for writing\n"; - - print OUT @out; - undef @out; - print OUT <<"EOF"; + # If we get here then we have some new error codes so we + # need to rebuild the header file and C file. + + # Make a sorted list of error and reason codes for later use. + my @function = sort grep( /^${lib}_/, keys %fcodes ); + my @reasons = sort grep( /^${lib}_/, keys %rcodes ); + + # indent level for innermost preprocessor lines + my $indent = " "; + + # Rewrite the header file + + my $hfile = $hinc{$lib}; + $hfile =~ s/.h$/err.h/ if $internal; + open( OUT, ">$hfile" ) || die "Can't write to $hfile, $!,"; + print OUT <<"EOF"; /* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-$YEAR The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the \"License\"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ -EOF - if($static) { - print OUT <<"EOF"; -${staticloader}int ERR_load_${lib}_strings(void); +#ifndef HEADER_${lib}ERR_H +# define HEADER_${lib}ERR_H EOF - } else { - print OUT <<"EOF"; -${staticloader}int ERR_load_${lib}_strings(void); -${staticloader}void ERR_unload_${lib}_strings(void); -${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line); -# define ${lib}err(f,r) ERR_${lib}_error((f),(r),OPENSSL_FILE,OPENSSL_LINE) + if ( $internal ) { + # Declare the load function because the generate C file + # includes "fooerr.h" not "foo.h" + if ($lib ne "SSL" && $lib ne "ASYNC" + && grep { $lib eq uc $_ } @disablables) { + print OUT <<"EOF"; +# include + +# ifndef OPENSSL_NO_${lib} EOF - } - print OUT <<"EOF"; -/* Error codes for the $lib functions. */ + $indent = " "; + } + print OUT <<"EOF"; +#${indent}ifdef __cplusplus +extern \"C\" +#${indent}endif +int ERR_load_${lib}_strings(void); +EOF + } else { + print OUT <<"EOF"; +# define ${lib}err(f, r) ERR_${lib}_error((f), (r), OPENSSL_FILE, OPENSSL_LINE) -/* Function codes. */ EOF + if ( ! $static ) { + print OUT <<"EOF"; + +# ifdef __cplusplus +extern \"C\" { +# endif +int ERR_load_${lib}_strings(void); +void ERR_unload_${lib}_strings(void); +void ERR_${lib}_error(int function, int reason, char *file, int line); +# ifdef __cplusplus +} +# endif +EOF + } + } + + print OUT "\n/*\n * $lib function codes.\n */\n"; + foreach my $i ( @function ) { + my $z = 48 - length($i); + $z = 0 if $z < 0; + if ( $fcodes{$i} eq "X" ) { + $fassigned{$lib} =~ m/^:([^:]*):/; + my $findcode = $1; + $findcode = $fmax{$lib} if !defined $findcode; + while ( $fassigned{$lib} =~ m/:$findcode:/ ) { + $findcode++; + } + $fcodes{$i} = $findcode; + $fassigned{$lib} .= "$findcode:"; + print STDERR "New Function code $i\n" if $debug; + } + printf OUT "#${indent}define $i%s $fcodes{$i}\n", " " x $z; + } - foreach $i (@function) { - $z=48 - length($i); - if($fcodes{$i} eq "X") { - $fassigned{$lib} =~ m/^:([^:]*):/; - $findcode = $1; - if (!defined($findcode)) { - $findcode = $fmax{$lib}; - } - while ($fassigned{$lib} =~ m/:$findcode:/) { - $findcode++; - } - $fcodes{$i} = $findcode; - $fassigned{$lib} .= "$findcode:"; - print STDERR "New Function code $i\n" if $debug; - } - printf OUT "# define $i%s $fcodes{$i}\n"," " x $z; - } - - print OUT "\n/* Reason codes. */\n"; - - foreach $i (@reasons) { - $z=48 - length($i); - if($rcodes{$i} eq "X") { - $rassigned{$lib} =~ m/^:([^:]*):/; - $findcode = $1; - if (!defined($findcode)) { - $findcode = $rmax{$lib}; - } - while ($rassigned{$lib} =~ m/:$findcode:/) { - $findcode++; - } - $rcodes{$i} = $findcode; - $rassigned{$lib} .= "$findcode:"; - print STDERR "New Reason code $i\n" if $debug; - } - printf OUT "# define $i%s $rcodes{$i}\n"," " x $z; - } - print OUT <<"EOF"; + print OUT "\n/*\n * $lib reason codes.\n */\n"; + foreach my $i ( @reasons ) { + my $z = 48 - length($i); + $z = 0 if $z < 0; + if ( $rcodes{$i} eq "X" ) { + $rassigned{$lib} =~ m/^:([^:]*):/; + my $findcode = $1; + $findcode = $rmax{$lib} if !defined $findcode; + while ( $rassigned{$lib} =~ m/:$findcode:/ ) { + $findcode++; + } + $rcodes{$i} = $findcode; + $rassigned{$lib} .= "$findcode:"; + print STDERR "New Reason code $i\n" if $debug; + } + printf OUT "#${indent}define $i%s $rcodes{$i}\n", " " x $z; + } + print OUT "\n"; -EOF - do { - if ($cplusplus == $cpp) { - print OUT "#", " "x$cpp, "ifdef __cplusplus\n"; - print OUT "}\n"; - print OUT "#", " "x$cpp, "endif\n"; - } - if ($cpp-- > 0) { - print OUT "#", " "x$cpp, "endif\n"; - } - } while ($cpp); - close OUT; - - # Rewrite the C source file containing the error details. - - # First, read any existing reason string definitions: - my %err_reason_strings; - if (open(IN,"<$cfile")) { - my $line = ""; - while () { - s|\R$||; # Better chomp - $_ = $line . $_; - $line = ""; - if (/{ERR_(FUNC|REASON)\(/) { - if (/\b(${lib}_R_\w*)\b.*\"(.*)\"/) { - $err_reason_strings{$1} = $2; - } elsif (/\b${lib}_F_(\w*)\b.*\"(.*)\"/) { - if (!exists $ftrans{$1} && ($1 ne $2)) { - print STDERR "WARNING: Mismatched function string $2\n"; - $ftrans{$1} = $2; - } - } else { - $line = $_; - } - } - } - close(IN); - } - - - my $hincf; - if($static) { - $hincf = $hfile; - $hincf =~ s|.*include/||; - if ($hincf =~ m|^openssl/|) { - $hincf = "<${hincf}>"; - } else { - $hincf = "\"${hincf}\""; - } - } else { - $hincf = "\"$hfile\""; - } - - # If static we know the error code at compile time so use it - # in error definitions. - - if ($static) - { - $pack_errcode = "ERR_LIB_${lib}"; - $load_errcode = "0"; - } - else - { - $pack_errcode = "0"; - $load_errcode = "ERR_LIB_${lib}"; - } - - - open (OUT,">$cfile") || die "Can't open $cfile for writing"; - - print OUT <<"EOF"; + while (length($indent) > 0) { + $indent = substr $indent, 0, -1; + print OUT "#${indent}endif\n"; + } + + # Rewrite the C source file containing the error details. + + # First, read any existing reason string definitions: + my $cfile = $errorfile{$lib}; + my $pack_lib = $internal ? "ERR_LIB_${lib}" : "0"; + my $hincf = $hfile; + $hincf =~ s|.*include/||; + if ( $hincf =~ m|^openssl/| ) { + $hincf = "<${hincf}>"; + } else { + $hincf = "\"${hincf}\""; + } + + open( OUT, ">$cfile" ) + || die "Can't open $cfile for writing, $!, stopped"; + + my $const = $internal ? 'const ' : ''; + + print OUT <<"EOF"; /* * Generated by util/mkerr.pl DO NOT EDIT * Copyright 1995-$YEAR The OpenSSL Project Authors. All Rights Reserved. @@ -595,177 +567,187 @@ * https://www.openssl.org/source/license.html */ -#include #include #include $hincf -/* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -# define ERR_FUNC(func) ERR_PACK($pack_errcode,func,0) -# define ERR_REASON(reason) ERR_PACK($pack_errcode,0,reason) - -static ERR_STRING_DATA ${lib}_str_functs[] = { +static ${const}ERR_STRING_DATA ${lib}_str_functs[] = { EOF - # Add each function code: if a function name is found then use it. - foreach $i (@function) { - my $fn; - $i =~ /^${lib}_F_(\S+)$/; - $fn = $1; - if(exists $ftrans{$fn}) { - $fn = $ftrans{$fn}; - } -# print OUT "{ERR_PACK($pack_errcode,$i,0),\t\"$fn\"},\n"; - if(length($i) + length($fn) > 57) { - print OUT " {ERR_FUNC($i),\n \"$fn\"},\n"; - } else { - print OUT " {ERR_FUNC($i), \"$fn\"},\n"; - } - } - print OUT <<"EOF"; + + # Add each function code: if a function name is found then use it. + foreach my $i ( @function ) { + my $fn; + if ( exists $strings{$i} and $strings{$i} ne '' ) { + $fn = $strings{$i}; + $fn = "" if $fn eq '*'; + } else { + $i =~ /^${lib}_F_(\S+)$/; + $fn = $1; + $fn = $ftrans{$fn} if exists $ftrans{$fn}; + $strings{$i} = $fn; + } + my $short = " {ERR_PACK($pack_lib, $i, 0), \"$fn\"},"; + if ( length($short) <= 80 ) { + print OUT "$short\n"; + } else { + print OUT " {ERR_PACK($pack_lib, $i, 0),\n \"$fn\"},\n"; + } + } + print OUT <<"EOF"; {0, NULL} }; -static ERR_STRING_DATA ${lib}_str_reasons[] = { +static ${const}ERR_STRING_DATA ${lib}_str_reasons[] = { EOF - # Add each reason code. - foreach $i (@reasons) { - my $rn; - my $rstr = "ERR_REASON($i)"; - if (exists $err_reason_strings{$i}) { - $rn = $err_reason_strings{$i}; - } else { - $i =~ /^${lib}_R_(\S+)$/; - $rn = $1; - $rn =~ tr/_[A-Z]/ [a-z]/; - } - if(length($i) + length($rn) > 55) { - print OUT " {${rstr},\n \"$rn\"},\n"; - } else { - print OUT " {${rstr}, \"$rn\"},\n"; - } - } -if($static) { - print OUT <<"EOF"; + + # Add each reason code. + foreach my $i ( @reasons ) { + my $rn; + if ( exists $strings{$i} ) { + $rn = $strings{$i}; + $rn = "" if $rn eq '*'; + } else { + $i =~ /^${lib}_R_(\S+)$/; + $rn = $1; + $rn =~ tr/_[A-Z]/ [a-z]/; + $strings{$i} = $rn; + } + my $short = " {ERR_PACK($pack_lib, 0, $i), \"$rn\"},"; + if ( length($short) <= 80 ) { + print OUT "$short\n"; + } else { + print OUT " {ERR_PACK($pack_lib, 0, $i),\n \"$rn\"},\n"; + } + } + print OUT <<"EOF"; {0, NULL} }; #endif +EOF + if ( $internal ) { + print OUT <<"EOF"; -${staticloader}int ERR_load_${lib}_strings(void) +int ERR_load_${lib}_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(${lib}_str_functs[0].error) == NULL) { - ERR_load_strings($load_errcode, ${lib}_str_functs); - ERR_load_strings($load_errcode, ${lib}_str_reasons); + ERR_load_strings_const(${lib}_str_functs); + ERR_load_strings_const(${lib}_str_reasons); } #endif return 1; } EOF -} else { - print OUT <<"EOF"; - {0, NULL} -}; + } else { + my $st = $static ? "static " : ""; + print OUT <<"EOF"; -#endif +static int lib_code = 0; +static int error_loaded = 0; -#ifdef ${lib}_LIB_NAME -static ERR_STRING_DATA ${lib}_lib_name[] = { - {0, ${lib}_LIB_NAME}, - {0, NULL} -}; -#endif - -static int ${lib}_lib_error_code = 0; -static int ${lib}_error_init = 1; - -${staticloader}int ERR_load_${lib}_strings(void) +${st}int ERR_load_${lib}_strings(void) { - if (${lib}_lib_error_code == 0) - ${lib}_lib_error_code = ERR_get_next_error_library(); + if (lib_code == 0) + lib_code = ERR_get_next_error_library(); - if (${lib}_error_init) { - ${lib}_error_init = 0; + if (!error_loaded) { #ifndef OPENSSL_NO_ERR - ERR_load_strings(${lib}_lib_error_code, ${lib}_str_functs); - ERR_load_strings(${lib}_lib_error_code, ${lib}_str_reasons); -#endif - -#ifdef ${lib}_LIB_NAME - ${lib}_lib_name->error = ERR_PACK(${lib}_lib_error_code, 0, 0); - ERR_load_strings(0, ${lib}_lib_name); + ERR_load_strings(lib_code, ${lib}_str_functs); + ERR_load_strings(lib_code, ${lib}_str_reasons); #endif + error_loaded = 1; } return 1; } -${staticloader}void ERR_unload_${lib}_strings(void) +${st}void ERR_unload_${lib}_strings(void) { - if (${lib}_error_init == 0) { + if (error_loaded) { #ifndef OPENSSL_NO_ERR - ERR_unload_strings(${lib}_lib_error_code, ${lib}_str_functs); - ERR_unload_strings(${lib}_lib_error_code, ${lib}_str_reasons); -#endif - -#ifdef ${lib}_LIB_NAME - ERR_unload_strings(0, ${lib}_lib_name); + ERR_unload_strings(lib_code, ${lib}_str_functs); + ERR_unload_strings(lib_code, ${lib}_str_reasons); #endif - ${lib}_error_init = 1; + error_loaded = 0; } } -${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line) +${st}void ERR_${lib}_error(int function, int reason, char *file, int line) { - if (${lib}_lib_error_code == 0) - ${lib}_lib_error_code = ERR_get_next_error_library(); - ERR_PUT_error(${lib}_lib_error_code, function, reason, file, line); + if (lib_code == 0) + lib_code = ERR_get_next_error_library(); + ERR_PUT_error(lib_code, function, reason, file, line); } EOF -} - - close OUT; - undef %err_reason_strings; -} + } -if($debug && %notrans) { - print STDERR "The following function codes were not translated:\n"; - foreach(sort keys %notrans) - { - print STDERR "$_\n"; - } + close OUT; } +&phase("Ending"); # Make a list of unreferenced function and reason codes - -foreach (keys %fcodes) { - push (@funref, $_) unless exists $ufcodes{$_}; -} - -foreach (keys %rcodes) { - push (@runref, $_) unless exists $urcodes{$_}; -} - -if($unref && @funref) { - print STDERR "The following function codes were not referenced:\n"; - foreach(sort @funref) - { - print STDERR "$_\n"; - } +if ( $unref ) { + my @funref; + foreach ( keys %fcodes ) { + push( @funref, $_ ) unless exists $usedfuncs{$_}; + } + my @runref; + foreach ( keys %rcodes ) { + push( @runref, $_ ) unless exists $usedreasons{$_}; + } + if ( @funref ) { + print STDERR "The following function codes were not referenced:\n"; + foreach ( sort @funref ) { + print STDERR " $_\n"; + } + } + if ( @runref ) { + print STDERR "The following reason codes were not referenced:\n"; + foreach ( sort @runref ) { + print STDERR " $_\n"; + } + } } -if($unref && @runref) { - print STDERR "The following reason codes were not referenced:\n"; - foreach(sort @runref) - { - print STDERR "$_\n"; - } -} +die "Found $errors errors, quitting" if $errors; -if($errcount) { - print STDERR "There were errors, failing...\n\n"; - exit $errcount; +# Update the state file +if ( $newstate ) { + open(OUT, ">$statefile.new") + || die "Can't write $statefile.new, $!"; + print OUT <<"EOF"; +# Copyright 1999-$YEAR The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html +EOF + print OUT "\n# Function codes\n"; + foreach my $i ( sort keys %fcodes ) { + my $short = "$i:$fcodes{$i}:"; + my $t = exists $strings{$i} ? $strings{$i} : ""; + $t = "\\\n\t" . $t if length($short) + length($t) > 80; + print OUT "$short$t\n"; + } + print OUT "\n#Reason codes\n"; + foreach my $i ( sort keys %rcodes ) { + my $short = "$i:$rcodes{$i}:"; + my $t = exists $strings{$i} ? "$strings{$i}" : ""; + $t = "\\\n\t" . $t if length($short) + length($t) > 80; + print OUT "$short$t\n" if !exists $rextra{$i}; + } + close(OUT); + if ( $skippedstate ) { + print "Skipped state, leaving update in $statefile.new"; + } else { + rename "$statefile", "$statefile.old" + || die "Can't backup $statefile to $statefile.old, $!"; + rename "$statefile.new", "$statefile" + || die "Can't rename $statefile to $statefile.new, $!"; + } } +exit; diff --git a/deps/openssl/openssl/util/mkrc.pl b/deps/openssl/openssl/util/mkrc.pl index 99912eb8b545d6..6762bc4a5698e0 100755 --- a/deps/openssl/openssl/util/mkrc.pl +++ b/deps/openssl/openssl/util/mkrc.pl @@ -6,37 +6,47 @@ # in the file LICENSE in the source distribution or at # https://www.openssl.org/source/license.html +use strict; +use warnings; use lib "."; use configdata; use File::Spec::Functions; -my $versionfile = catfile($config{sourcedir},"include/openssl/opensslv.h"); +my $versionfile = catfile( $config{sourcedir}, "include/openssl/opensslv.h" ); + +my ( $ver, $v1, $v2, $v3, $v4, $beta, $version ); open FD, $versionfile or die "Couldn't open include/openssl/opensslv.h: $!\n"; -while() { +while () { if (/OPENSSL_VERSION_NUMBER\s+(0x[0-9a-f]+)/i) { - $ver = hex($1); - $v1 = ($ver>>28); - $v2 = ($ver>>20)&0xff; - $v3 = ($ver>>12)&0xff; - $v4 = ($ver>> 4)&0xff; - $beta = $ver&0xf; - $version = "$v1.$v2.$v3"; - if ($beta==0xf) { $version .= chr(ord('a')+$v4-1) if ($v4); } - elsif ($beta==0){ $version .= "-dev"; } - else { $version .= "-beta$beta"; } - last; + $ver = hex($1); + $v1 = ( $ver >> 28 ); + $v2 = ( $ver >> 20 ) & 0xff; + $v3 = ( $ver >> 12 ) & 0xff; + $v4 = ( $ver >> 4 ) & 0xff; + $beta = $ver & 0xf; + $version = "$v1.$v2.$v3"; + if ( $beta == 0xf ) { + $version .= chr( ord('a') + $v4 - 1 ) if ($v4); + } elsif ( $beta == 0 ) { + $version .= "-dev"; + } else { + $version .= "-beta$beta"; + } + last; } } close(FD); -$filename = $ARGV[0]; $filename =~ /(.*)\.([^.]+)$/; -$basename = $1; -$extname = $2; - -if ($extname =~ /dll/i) { $description = "OpenSSL shared library"; } -else { $description = "OpenSSL application"; } +my $filename = $ARGV[0]; +my $description = "OpenSSL library"; +my $vft = "VFT_DLL"; +if ( $filename =~ /openssl/i ) { + $description = "OpenSSL application"; + $vft = "VFT_APP"; +} +my $YEAR = [localtime()]->[5] + 1900; print <<___; #include @@ -52,7 +62,7 @@ FILEFLAGS 0x00L #endif FILEOS VOS__WINDOWS32 - FILETYPE VFT_DLL + FILETYPE $vft FILESUBTYPE 0x0L BEGIN BLOCK "StringFileInfo" @@ -63,13 +73,13 @@ BEGIN VALUE "CompanyName", "The OpenSSL Project, https://www.openssl.org/\\0" VALUE "FileDescription", "$description\\0" VALUE "FileVersion", "$version\\0" - VALUE "InternalName", "$basename\\0" + VALUE "InternalName", "$filename\\0" VALUE "OriginalFilename", "$filename\\0" VALUE "ProductName", "The OpenSSL Toolkit\\0" VALUE "ProductVersion", "$version\\0" // Optional: //VALUE "Comments", "\\0" - VALUE "LegalCopyright", "Copyright 1998-2016 The OpenSSL Authors. All rights reserved.\\0" + VALUE "LegalCopyright", "Copyright 1998-$YEAR The OpenSSL Authors. All rights reserved.\\0" //VALUE "LegalTrademarks", "\\0" //VALUE "PrivateBuild", "\\0" //VALUE "SpecialBuild", "\\0" diff --git a/deps/openssl/openssl/util/openssl-format-source b/deps/openssl/openssl/util/openssl-format-source index 3dcc128a9f1ec7..29e598b7878b83 100755 --- a/deps/openssl/openssl/util/openssl-format-source +++ b/deps/openssl/openssl/util/openssl-format-source @@ -111,7 +111,7 @@ do # the process-comments options and then undo that marking, and then # finally re-run indent without process-comments so the marked-to- # be-ignored comments we did automatically end up getting moved - # into the right possition within the code as indent leaves marked + # into the right position within the code as indent leaves marked # comments entirely untouched - we appear to have no way to avoid # the double processing and get the desired output cat "$j" | \ diff --git a/deps/openssl/openssl/util/openssl-update-copyright b/deps/openssl/openssl/util/openssl-update-copyright new file mode 100755 index 00000000000000..c432f84622c806 --- /dev/null +++ b/deps/openssl/openssl/util/openssl-update-copyright @@ -0,0 +1,63 @@ +#!/usr/bin/env bash +# +# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +myname="$(basename $0)" + +this_year="$(date '+%Y')" +some_year="[12][0-9][0-9][0-9]" +year_range="(${some_year})(-${some_year})?" + +copyright_owner="The OpenSSL Project" +copyright="Copyright .*${year_range} .*${copyright_owner}" + +# sed_script: +# for all lines that contain ${copyright} : { +# replace years yyyy-zzzz (or year yyyy) by yyyy-${this_year} +# replace repeated years yyyy-yyyy by yyyy +# } +sed_script="/${copyright}/{ s/${year_range}/\1-${this_year}/ ; s/(${some_year})-\1/\1/ }" + +function usage() { + cat >&2 <& 2 + usage + exit 1 + ;; + *) + if [ -f "$arg" ]; then + sed -E -i "${sed_script}" "$arg" + elif [ -d "$arg" ]; then + find "$arg" -name '.[a-z]*' -prune -o -type f -exec sed -E -i "${sed_script}" {} + + else + echo "$arg: no such file or directory" >&2 + fi + ;; + esac +done diff --git a/deps/openssl/openssl/util/perl/OpenSSL/Test.pm b/deps/openssl/openssl/util/perl/OpenSSL/Test.pm index a77909c6069dae..9564b26046b997 100644 --- a/deps/openssl/openssl/util/perl/OpenSSL/Test.pm +++ b/deps/openssl/openssl/util/perl/OpenSSL/Test.pm @@ -16,11 +16,11 @@ use Exporter; use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS); $VERSION = "0.8"; @ISA = qw(Exporter); -@EXPORT = (@Test::More::EXPORT, qw(setup indir app fuzz perlapp test perltest - run)); +@EXPORT = (@Test::More::EXPORT, qw(setup run indir cmd app fuzz test + perlapp perltest subtest)); @EXPORT_OK = (@Test::More::EXPORT_OK, qw(bldtop_dir bldtop_file srctop_dir srctop_file - data_file + data_file data_dir pipe with cmdstr quotify openssl_versions)); @@ -66,6 +66,7 @@ use File::Spec::Functions qw/file_name_is_absolute curdir canonpath splitdir use File::Path 2.00 qw/rmtree mkpath/; use File::Basename; +my $level = 0; # The name of the test. This is set by setup() and is used in the other # functions to verify that setup() has been used. @@ -92,9 +93,9 @@ my %hooks = ( # exit_checker is used by run() directly after completion of a command. # it receives the exit code from that command and is expected to return - # 1 (for success) or 0 (for failure). This is the value that will be - # returned by run(). - # NOTE: When run() gets the option 'capture => 1', this hook is ignored. + # 1 (for success) or 0 (for failure). This is the status value that run() + # will give back (through the |statusvar| reference and as returned value + # when capture => 1 doesn't apply). exit_checker => sub { return shift == 0 ? 1 : 0 }, ); @@ -102,21 +103,6 @@ my %hooks = ( # Debug flag, to be set manually when needed my $debug = 0; -# Declare some utility functions that are defined at the end -sub bldtop_file; -sub bldtop_dir; -sub srctop_file; -sub srctop_dir; -sub quotify; - -# Declare some private functions that are defined at the end -sub __env; -sub __cwd; -sub __apps_file; -sub __results_file; -sub __fixup_cmd; -sub __build_cmd; - =head2 Main functions The following functions are exported by default when using C. @@ -226,25 +212,18 @@ sub indir { =over 4 -=item B +=item B -=item B +This functions build up a platform dependent command based on the +input. It takes a reference to a list that is the executable or +script and its arguments, and some additional options (described +further on). Where necessary, the command will be wrapped in a +suitable environment to make sure the correct shared libraries are +used (currently only on Unix). -Both of these functions take a reference to a list that is a command and -its arguments, and some additional options (described further on). +It returns a CODEREF to be used by C, C or C. -C expects to find the given command (the first item in the given list -reference) as an executable in C<$BIN_D> (if defined, otherwise C<$TOP/apps> -or C<$BLDTOP/apps>). - -C expects to find the given command (the first item in the given list -reference) as an executable in C<$TEST_D> (if defined, otherwise C<$TOP/test> -or C<$BLDTOP/test>). - -Both return a CODEREF to be used by C, C or C. - -The options that both C and C can take are in the form of hash -values: +The options that C can take are in the form of hash values: =over 4 @@ -260,21 +239,42 @@ string PATH, I, if the value is C, C or similar. =back +=item B + +=item B + +Both of these are specific applications of C, with just a couple +of small difference: + +C expects to find the given command (the first item in the given list +reference) as an executable in C<$BIN_D> (if defined, otherwise C<$TOP/apps> +or C<$BLDTOP/apps>). + +C expects to find the given command (the first item in the given list +reference) as an executable in C<$TEST_D> (if defined, otherwise C<$TOP/test> +or C<$BLDTOP/test>). + +Also, for both C and C, the command may be prefixed with +the content of the environment variable C<$EXE_SHELL>, which is useful +in case OpenSSL has been cross compiled. + =item B =item B -Both these functions function the same way as B and B, except -that they expect the command to be a perl script. Also, they support one -more option: +These are also specific applications of C, where the interpreter +is predefined to be C, and they expect the script to be +interpreted to reside in the same location as C and C. + +C and C will also take the following option: =over 4 =item B ARRAYref> -The array reference is a set of arguments for perl rather than the script. -Take care so that none of them can be seen as a script! Flags and their -eventual arguments only! +The array reference is a set of arguments for the interpreter rather +than the script. Take care so that none of them can be seen as a +script! Flags and their eventual arguments only! =back @@ -285,54 +285,114 @@ An example: =back +=begin comment + +One might wonder over the complexity of C, C, C, ... +with all the lazy evaluations and all that. The reason for this is that +we want to make sure the directory in which those programs are found are +correct at the time these commands are used. Consider the following code +snippet: + + my $cmd = app(["openssl", ...]); + + indir "foo", sub { + ok(run($cmd), "Testing foo") + }; + +If there wasn't this lazy evaluation, the directory where C is +found would be incorrect at the time C is called, because it was +calculated before we moved into the directory "foo". + +=end comment + =cut +sub cmd { + my $cmd = shift; + my %opts = @_; + return sub { + my $num = shift; + # Make a copy to not destroy the caller's array + my @cmdargs = ( @$cmd ); + my @prog = __wrap_cmd(shift @cmdargs, $opts{exe_shell} // ()); + + return __decorate_cmd($num, [ @prog, quotify(@cmdargs) ], + %opts); + } +} + sub app { my $cmd = shift; my %opts = @_; - return sub { my $num = shift; - return __build_cmd($num, \&__apps_file, $cmd, %opts); } + return sub { + my @cmdargs = ( @{$cmd} ); + my @prog = __fixup_prg(__apps_file(shift @cmdargs, __exeext())); + return cmd([ @prog, @cmdargs ], + exe_shell => $ENV{EXE_SHELL}, %opts) -> (shift); + } } sub fuzz { my $cmd = shift; my %opts = @_; - return sub { my $num = shift; - return __build_cmd($num, \&__fuzz_file, $cmd, %opts); } + return sub { + my @cmdargs = ( @{$cmd} ); + my @prog = __fixup_prg(__fuzz_file(shift @cmdargs, __exeext())); + return cmd([ @prog, @cmdargs ], + exe_shell => $ENV{EXE_SHELL}, %opts) -> (shift); + } } sub test { my $cmd = shift; my %opts = @_; - return sub { my $num = shift; - return __build_cmd($num, \&__test_file, $cmd, %opts); } + return sub { + my @cmdargs = ( @{$cmd} ); + my @prog = __fixup_prg(__test_file(shift @cmdargs, __exeext())); + return cmd([ @prog, @cmdargs ], + exe_shell => $ENV{EXE_SHELL}, %opts) -> (shift); + } } sub perlapp { my $cmd = shift; my %opts = @_; - return sub { my $num = shift; - return __build_cmd($num, \&__perlapps_file, $cmd, %opts); } + return sub { + my @interpreter_args = defined $opts{interpreter_args} ? + @{$opts{interpreter_args}} : (); + my @interpreter = __fixup_prg($^X); + my @cmdargs = ( @{$cmd} ); + my @prog = __apps_file(shift @cmdargs, undef); + return cmd([ @interpreter, @interpreter_args, + @prog, @cmdargs ], %opts) -> (shift); + } } sub perltest { my $cmd = shift; my %opts = @_; - return sub { my $num = shift; - return __build_cmd($num, \&__perltest_file, $cmd, %opts); } + return sub { + my @interpreter_args = defined $opts{interpreter_args} ? + @{$opts{interpreter_args}} : (); + my @interpreter = __fixup_prg($^X); + my @cmdargs = ( @{$cmd} ); + my @prog = __test_file(shift @cmdargs, undef); + return cmd([ @interpreter, @interpreter_args, + @prog, @cmdargs ], %opts) -> (shift); + } } =over 4 =item B -This CODEREF is expected to be the value return by C or C, -anything else will most likely cause an error unless you know what you're -doing. +CODEREF is expected to be the value return by C or any of its +derivatives, anything else will most likely cause an error unless you +know what you're doing. C executes the command returned by CODEREF and return either the -resulting output (if the option C is set true) or a boolean indicating -if the command succeeded or not. +resulting output (if the option C is set true) or a boolean +indicating if the command succeeded or not. The options that C can take are in the form of hash values: @@ -345,6 +405,18 @@ return the resulting output as an array of lines. If false or not given, the command will be executed with C, and C will return 1 if the command was successful or 0 if it wasn't. +=item B EXPR> + +If specified, EXPR will be used as a string to prefix the output from the +command. This is useful if the output contains lines starting with C +or C that can disturb Test::Harness. + +=item B VARREF> + +If used, B must be a reference to a scalar variable. It will be +assigned a boolean indicating if the command succeeded or not. This is +particularly useful together with B. + =back For further discussion on what is considered a successful command or not, see @@ -369,6 +441,9 @@ sub run { my $r = 0; my $e = 0; + die "OpenSSL::Test::run(): statusvar value not a scalar reference" + if $opts{statusvar} && ref($opts{statusvar}) ne "SCALAR"; + # In non-verbose, we want to shut up the command interpreter, in case # it has something to complain about. On VMS, it might complain both # on stdout and stderr @@ -381,17 +456,35 @@ sub run { open STDERR, ">", devnull(); } + $ENV{HARNESS_OSSL_LEVEL} = $level + 1; + # The dance we do with $? is the same dance the Unix shells appear to # do. For example, a program that gets aborted (and therefore signals # SIGABRT = 6) will appear to exit with the code 134. We mimic this # to make it easier to compare with a manual run of the command. - if ($opts{capture}) { - @r = `$prefix$cmd`; - $e = ($? & 0x7f) ? ($? & 0x7f)|0x80 : ($? >> 8); + if ($opts{capture} || defined($opts{prefix})) { + my $pipe; + local $_; + + open($pipe, '-|', "$prefix$cmd") or die "Can't start command: $!"; + while(<$pipe>) { + my $l = ($opts{prefix} // "") . $_; + if ($opts{capture}) { + push @r, $l; + } else { + print STDOUT $l; + } + } + close $pipe; } else { + $ENV{HARNESS_OSSL_PREFIX} = "# "; system("$prefix$cmd"); - $e = ($? & 0x7f) ? ($? & 0x7f)|0x80 : ($? >> 8); - $r = $hooks{exit_checker}->($e); + delete $ENV{HARNESS_OSSL_PREFIX}; + } + $e = ($? & 0x7f) ? ($? & 0x7f)|0x80 : ($? >> 8); + $r = $hooks{exit_checker}->($e); + if ($opts{statusvar}) { + ${$opts{statusvar}} = $r; } if ($ENV{HARNESS_ACTIVE} && !$ENV{HARNESS_VERBOSE}) { @@ -514,6 +607,23 @@ sub srctop_file { =over 4 +=item B + +LIST is a list of directories that make up a path from the data directory +associated with the test (see L above). +C returns the resulting directory as a string, adapted to the local +operating system. + +=back + +=cut + +sub data_dir { + return __data_dir(@_); +} + +=over 4 + =item B LIST is a list of directories that make up a path from the data directory @@ -571,7 +681,7 @@ sub pipe { =item B -C will temporarly install hooks given by the HASHREF and then execute +C will temporarily install hooks given by the HASHREF and then execute the given CODEREF. Hooks are usually expected to have a coderef as value. The currently available hoosk are: @@ -617,7 +727,7 @@ sub with { C takes a CODEREF from C or C and simply returns the command as a string. -C takes some additiona options OPTS that affect the string returned: +C takes some additional options OPTS that affect the string returned: =over 4 @@ -781,6 +891,14 @@ sub __env { $end_with_bailout = $ENV{STOPTEST} ? 1 : 0; }; +# __srctop_file and __srctop_dir are helpers to build file and directory +# names on top of the source directory. They depend on $SRCTOP, and +# therefore on the proper use of setup() and when needed, indir(). +# __bldtop_file and __bldtop_dir do the same thing but relative to $BLDTOP. +# __srctop_file and __bldtop_file take the same kind of argument as +# File::Spec::Functions::catfile. +# Similarly, __srctop_dir and __bldtop_dir take the same kind of argument +# as File::Spec::Functions::catdir sub __srctop_file { BAIL_OUT("Must run setup() first") if (! $test_name); @@ -807,6 +925,9 @@ sub __bldtop_dir { return catdir($directories{BLDTOP},@_); } +# __exeext is a function that returns the platform dependent file extension +# for executable binaries, or the value of the environment variable $EXE_EXT +# if that one is defined. sub __exeext { my $ext = ""; if ($^O eq "VMS" ) { # VMS @@ -817,56 +938,56 @@ sub __exeext { return $ENV{"EXE_EXT"} || $ext; } +# __test_file, __apps_file and __fuzz_file return the full path to a file +# relative to the test/, apps/ or fuzz/ directory in the build tree or the +# source tree, depending on where the file is found. Note that when looking +# in the build tree, the file name with an added extension is looked for, if +# an extension is given. The intent is to look for executable binaries (in +# the build tree) or possibly scripts (in the source tree). +# These functions all take the same arguments as File::Spec::Functions::catfile, +# *plus* a mandatory extension argument. This extension argument can be undef, +# and is ignored in such a case. sub __test_file { BAIL_OUT("Must run setup() first") if (! $test_name); + my $e = pop || ""; my $f = pop; - my $out = catfile($directories{BLDTEST},@_,$f . __exeext()); - $out = catfile($directories{SRCTEST},@_,$f) unless -x $out; - return $out; -} - -sub __perltest_file { - BAIL_OUT("Must run setup() first") if (! $test_name); - - my $f = pop; - my $out = catfile($directories{BLDTEST},@_,$f); + my $out = catfile($directories{BLDTEST},@_,$f . $e); $out = catfile($directories{SRCTEST},@_,$f) unless -f $out; - return ($^X, $out); + return $out; } sub __apps_file { BAIL_OUT("Must run setup() first") if (! $test_name); + my $e = pop || ""; my $f = pop; - my $out = catfile($directories{BLDAPPS},@_,$f . __exeext()); - $out = catfile($directories{SRCAPPS},@_,$f) unless -x $out; + my $out = catfile($directories{BLDAPPS},@_,$f . $e); + $out = catfile($directories{SRCAPPS},@_,$f) unless -f $out; return $out; } sub __fuzz_file { BAIL_OUT("Must run setup() first") if (! $test_name); + my $e = pop || ""; my $f = pop; - my $out = catfile($directories{BLDFUZZ},@_,$f . __exeext()); - $out = catfile($directories{SRCFUZZ},@_,$f) unless -x $out; + my $out = catfile($directories{BLDFUZZ},@_,$f . $e); + $out = catfile($directories{SRCFUZZ},@_,$f) unless -f $out; return $out; } -sub __perlapps_file { +sub __data_file { BAIL_OUT("Must run setup() first") if (! $test_name); my $f = pop; - my $out = catfile($directories{BLDAPPS},@_,$f); - $out = catfile($directories{SRCAPPS},@_,$f) unless -f $out; - return ($^X, $out); + return catfile($directories{SRCDATA},@_,$f); } -sub __data_file { +sub __data_dir { BAIL_OUT("Must run setup() first") if (! $test_name); - my $f = pop; - return catfile($directories{SRCDATA},@_,$f); + return catdir($directories{SRCDATA},@_); } sub __results_file { @@ -876,6 +997,16 @@ sub __results_file { return catfile($directories{RESULTS},@_,$f); } +# __cwd DIR +# __cwd DIR, OPTS +# +# __cwd changes directory to DIR (string) and changes all the relative +# entries in %directories accordingly. OPTS is an optional series of +# hash style arguments to alter __cwd's behavior: +# +# create = 0|1 The directory we move to is created if 1, not if 0. +# cleanup = 0|1 The directory we move from is removed if 1, not if 0. + sub __cwd { my $dir = catdir(shift); my %opts = @_; @@ -937,7 +1068,7 @@ sub __cwd { } # We put back new values carefully. Doing the obvious - # %directories = ( %tmp_irectories ) + # %directories = ( %tmp_directories ) # will clear out any value that happens to be an absolute path foreach (keys %tmp_directories) { $directories{$_} = $tmp_directories{$_}; @@ -964,28 +1095,46 @@ sub __cwd { return $reverse; } -sub __fixup_cmd { - my $prog = shift; +# __wrap_cmd CMD +# __wrap_cmd CMD, EXE_SHELL +# +# __wrap_cmd "wraps" CMD (string) with a beginning command that makes sure +# the command gets executed with an appropriate environment. If EXE_SHELL +# is given, it is used as the beginning command. +# +# __wrap_cmd returns a list that should be used to build up a larger list +# of command tokens, or be joined together like this: +# +# join(" ", __wrap_cmd($cmd)) +sub __wrap_cmd { + my $cmd = shift; my $exe_shell = shift; - my $prefix = __bldtop_file("util", "shlib_wrap.sh")." "; + my @prefix = ( __bldtop_file("util", "shlib_wrap.sh") ); - if (defined($exe_shell)) { - $prefix = "$exe_shell "; - } elsif ($^O eq "VMS" ) { # VMS - $prefix = ($prog =~ /^(?:[\$a-z0-9_]+:)?[<\[]/i ? "mcr " : "mcr []"); - } elsif ($^O eq "MSWin32") { # Windows - $prefix = ""; + if(defined($exe_shell)) { + @prefix = ( $exe_shell ); + } elsif ($^O eq "VMS" || $^O eq "MSWin32") { + # VMS and Windows don't use any wrapper script for the moment + @prefix = (); } - # We test both with and without extension. The reason - # is that we might be passed a complete file spec, with - # extension. - if ( ! -x $prog ) { - my $prog = "$prog"; - if ( ! -x $prog ) { - $prog = undef; - } + return (@prefix, $cmd); +} + +# __fixup_prg PROG +# +# __fixup_prg does whatever fixup is needed to execute an executable binary +# given by PROG (string). +# +# __fixup_prg returns a string with the possibly prefixed program path spec. +sub __fixup_prg { + my $prog = shift; + + my $prefix = ""; + + if ($^O eq "VMS" ) { + $prefix = ($prog =~ /^(?:[\$a-z0-9_]+:)?[<\[]/i ? "mcr " : "mcr []"); } if (defined($prog)) { @@ -1001,45 +1150,25 @@ sub __fixup_cmd { return undef; } -sub __build_cmd { +# __decorate_cmd NUM, CMDARRAYREF +# +# __decorate_cmd takes a command number NUM and a command token array +# CMDARRAYREF, builds up a command string from them and decorates it +# with necessary redirections. +# __decorate_cmd returns a list of two strings, one with the command +# string to actually be used, the other to be displayed for the user. +# The reason these strings might differ is that we redirect stderr to +# the null device unless we're verbose and unless the user has +# explicitly specified a stderr redirection. +sub __decorate_cmd { BAIL_OUT("Must run setup() first") if (! $test_name); my $num = shift; - my $path_builder = shift; - # Make a copy to not destroy the caller's array - my @cmdarray = ( @{$_[0]} ); shift; + my $cmd = shift; my %opts = @_; - # We do a little dance, as $path_builder might return a list of - # more than one. If so, only the first is to be considered a - # program to fix up, the rest is part of the arguments. This - # happens for perl scripts, where $path_builder will return - # a list of two, $^X and the script name. - # Also, if $path_builder returned more than one, we don't apply - # the EXE_SHELL environment variable. - my @prog = ($path_builder->(shift @cmdarray)); - my $first = shift @prog; - my $exe_shell = @prog ? undef : $ENV{EXE_SHELL}; - my $cmd = __fixup_cmd($first, $exe_shell); - if (@prog) { - if ( ! -f $prog[0] ) { - print STDERR "$prog[0] not found\n"; - $cmd = undef; - } - } - my @args = (@prog, @cmdarray); - if (defined($opts{interpreter_args})) { - unshift @args, @{$opts{interpreter_args}}; - } - - return () if !$cmd; - - my $arg_str = ""; + my $cmdstr = join(" ", @$cmd); my $null = devnull(); - - - $arg_str = " ".join(" ", quotify @args) if @args; - my $fileornull = sub { $_[0] ? $_[0] : $null; }; my $stdin = ""; my $stdout = ""; @@ -1049,19 +1178,19 @@ sub __build_cmd { $stdout= " > ".$fileornull->($opts{stdout}) if exists($opts{stdout}); $stderr=" 2> ".$fileornull->($opts{stderr}) if exists($opts{stderr}); - my $display_cmd = "$cmd$arg_str$stdin$stdout$stderr"; + my $display_cmd = "$cmdstr$stdin$stdout$stderr"; $stderr=" 2> ".$null unless $stderr || !$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}; - $cmd .= "$arg_str$stdin$stdout$stderr"; + $cmdstr .= "$stdin$stdout$stderr"; if ($debug) { - print STDERR "DEBUG[__build_cmd]: \$cmd = \"$cmd\"\n"; - print STDERR "DEBUG[__build_cmd]: \$display_cmd = \"$display_cmd\"\n"; + print STDERR "DEBUG[__decorate_cmd]: \$cmdstr = \"$cmdstr\"\n"; + print STDERR "DEBUG[__decorate_cmd]: \$display_cmd = \"$display_cmd\"\n"; } - return ($cmd, $display_cmd); + return ($cmdstr, $display_cmd); } =head1 SEE ALSO @@ -1070,9 +1199,18 @@ L, L =head1 AUTHORS -Richard Levitte Elevitte@openssl.orgE with assitance and +Richard Levitte Elevitte@openssl.orgE with assistance and inspiration from Andy Polyakov Eappro@openssl.org. =cut +no warnings 'redefine'; +sub subtest { + $level++; + + Test::More::subtest @_; + + $level--; +}; + 1; diff --git a/deps/openssl/openssl/util/perl/OpenSSL/Util/Pod.pm b/deps/openssl/openssl/util/perl/OpenSSL/Util/Pod.pm index 5c0af95918ef0f..9f76fbf1a6c686 100644 --- a/deps/openssl/openssl/util/perl/OpenSSL/Util/Pod.pm +++ b/deps/openssl/openssl/util/perl/OpenSSL/Util/Pod.pm @@ -53,11 +53,8 @@ The additional hash is for extra parameters: =item B
N> -The value MUST be a number, and will be the default man section number -to be used with the given .pod file. This number can be altered if -the .pod file has a line like this: - - =for comment openssl_manual_section: 4 +The value MUST be a number, and will be the man section number +to be used with the given .pod file. =item B 0|1> @@ -109,12 +106,6 @@ sub extract_pod_info { my %podinfo = ( section => $defaults{section}); while(<$input>) { s|\R$||; - if (m|^=for\s+comment\s+openssl_manual_section:\s*([0-9])\s*$|) { - print STDERR "DEBUG: Found man section number $1\n" - if $defaults{debug}; - $podinfo{section} = $1; - } - # Stop reading when we have reached past the NAME section. last if (m|^=head1| && defined $podinfo{lastsect} diff --git a/deps/openssl/openssl/util/perl/TLSProxy/Alert.pm b/deps/openssl/openssl/util/perl/TLSProxy/Alert.pm new file mode 100644 index 00000000000000..1c8a7f8185ce8d --- /dev/null +++ b/deps/openssl/openssl/util/perl/TLSProxy/Alert.pm @@ -0,0 +1,51 @@ +# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; + +package TLSProxy::Alert; + +sub new +{ + my $class = shift; + my ($server, + $encrypted, + $level, + $description) = @_; + + my $self = { + server => $server, + encrypted => $encrypted, + level => $level, + description => $description + }; + + return bless $self, $class; +} + +#Read only accessors +sub server +{ + my $self = shift; + return $self->{server}; +} +sub encrypted +{ + my $self = shift; + return $self->{encrypted}; +} +sub level +{ + my $self = shift; + return $self->{level}; +} +sub description +{ + my $self = shift; + return $self->{description}; +} +1; diff --git a/deps/openssl/openssl/util/perl/TLSProxy/Certificate.pm b/deps/openssl/openssl/util/perl/TLSProxy/Certificate.pm new file mode 100644 index 00000000000000..d3bf7f21804471 --- /dev/null +++ b/deps/openssl/openssl/util/perl/TLSProxy/Certificate.pm @@ -0,0 +1,219 @@ +# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; + +package TLSProxy::Certificate; + +use vars '@ISA'; +push @ISA, 'TLSProxy::Message'; + +sub new +{ + my $class = shift; + my ($server, + $data, + $records, + $startoffset, + $message_frag_lens) = @_; + + my $self = $class->SUPER::new( + $server, + TLSProxy::Message::MT_CERTIFICATE, + $data, + $records, + $startoffset, + $message_frag_lens); + + $self->{first_certificate} = ""; + $self->{extension_data} = ""; + $self->{remaining_certdata} = ""; + + return $self; +} + +sub parse +{ + my $self = shift; + + if (TLSProxy::Proxy->is_tls13()) { + my $context_len = unpack('C', $self->data); + my $context = substr($self->data, 1, $context_len); + + my $remdata = substr($self->data, 1 + $context_len); + + my ($hicertlistlen, $certlistlen) = unpack('Cn', $remdata); + $certlistlen += ($hicertlistlen << 16); + + $remdata = substr($remdata, 3); + + die "Invalid Certificate List length" + if length($remdata) != $certlistlen; + + my ($hicertlen, $certlen) = unpack('Cn', $remdata); + $certlen += ($hicertlen << 16); + + die "Certificate too long" if ($certlen + 3) > $certlistlen; + + $remdata = substr($remdata, 3); + + my $certdata = substr($remdata, 0, $certlen); + + $remdata = substr($remdata, $certlen); + + my $extensions_len = unpack('n', $remdata); + $remdata = substr($remdata, 2); + + die "Extensions too long" + if ($certlen + 3 + $extensions_len + 2) > $certlistlen; + + my $extension_data = ""; + if ($extensions_len != 0) { + $extension_data = substr($remdata, 0, $extensions_len); + + if (length($extension_data) != $extensions_len) { + die "Invalid extension length\n"; + } + } + my %extensions = (); + while (length($extension_data) >= 4) { + my ($type, $size) = unpack("nn", $extension_data); + my $extdata = substr($extension_data, 4, $size); + $extension_data = substr($extension_data, 4 + $size); + $extensions{$type} = $extdata; + } + $remdata = substr($remdata, $extensions_len); + + $self->context($context); + $self->first_certificate($certdata); + $self->extension_data(\%extensions); + $self->remaining_certdata($remdata); + + print " Context:".$context."\n"; + print " Certificate List Len:".$certlistlen."\n"; + print " Certificate Len:".$certlen."\n"; + print " Extensions Len:".$extensions_len."\n"; + } else { + my ($hicertlistlen, $certlistlen) = unpack('Cn', $self->data); + $certlistlen += ($hicertlistlen << 16); + + my $remdata = substr($self->data, 3); + + die "Invalid Certificate List length" + if length($remdata) != $certlistlen; + + my ($hicertlen, $certlen) = unpack('Cn', $remdata); + $certlen += ($hicertlen << 16); + + die "Certificate too long" if ($certlen + 3) > $certlistlen; + + $remdata = substr($remdata, 3); + + my $certdata = substr($remdata, 0, $certlen); + + $remdata = substr($remdata, $certlen); + + $self->first_certificate($certdata); + $self->remaining_certdata($remdata); + + print " Certificate List Len:".$certlistlen."\n"; + print " Certificate Len:".$certlen."\n"; + } +} + +#Reconstruct the on-the-wire message data following changes +sub set_message_contents +{ + my $self = shift; + my $data; + my $extensions = ""; + + if (TLSProxy::Proxy->is_tls13()) { + foreach my $key (keys %{$self->extension_data}) { + my $extdata = ${$self->extension_data}{$key}; + $extensions .= pack("n", $key); + $extensions .= pack("n", length($extdata)); + $extensions .= $extdata; + if ($key == TLSProxy::Message::EXT_DUPLICATE_EXTENSION) { + $extensions .= pack("n", $key); + $extensions .= pack("n", length($extdata)); + $extensions .= $extdata; + } + } + $data = pack('C', length($self->context())); + $data .= $self->context; + my $certlen = length($self->first_certificate); + my $certlistlen = $certlen + length($extensions) + + length($self->remaining_certdata); + my $hi = $certlistlen >> 16; + $certlistlen = $certlistlen & 0xffff; + $data .= pack('Cn', $hi, $certlistlen); + $hi = $certlen >> 16; + $certlen = $certlen & 0xffff; + $data .= pack('Cn', $hi, $certlen); + $data .= pack('n', length($extensions)); + $data .= $extensions; + $data .= $self->remaining_certdata(); + $self->data($data); + } else { + my $certlen = length($self->first_certificate); + my $certlistlen = $certlen + length($self->remaining_certdata); + my $hi = $certlistlen >> 16; + $certlistlen = $certlistlen & 0xffff; + $data .= pack('Cn', $hi, $certlistlen); + $hi = $certlen >> 16; + $certlen = $certlen & 0xffff; + $data .= pack('Cn', $hi, $certlen); + $data .= $self->remaining_certdata(); + $self->data($data); + } +} + +#Read/write accessors +sub context +{ + my $self = shift; + if (@_) { + $self->{context} = shift; + } + return $self->{context}; +} +sub first_certificate +{ + my $self = shift; + if (@_) { + $self->{first_certificate} = shift; + } + return $self->{first_certificate}; +} +sub remaining_certdata +{ + my $self = shift; + if (@_) { + $self->{remaining_certdata} = shift; + } + return $self->{remaining_certdata}; +} +sub extension_data +{ + my $self = shift; + if (@_) { + $self->{extension_data} = shift; + } + return $self->{extension_data}; +} +sub set_extension +{ + my ($self, $ext_type, $ext_data) = @_; + $self->{extension_data}{$ext_type} = $ext_data; +} +sub delete_extension +{ + my ($self, $ext_type) = @_; + delete $self->{extension_data}{$ext_type}; +} +1; diff --git a/deps/openssl/openssl/util/perl/TLSProxy/CertificateVerify.pm b/deps/openssl/openssl/util/perl/TLSProxy/CertificateVerify.pm new file mode 100644 index 00000000000000..8bf969fba119d8 --- /dev/null +++ b/deps/openssl/openssl/util/perl/TLSProxy/CertificateVerify.pm @@ -0,0 +1,96 @@ +# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; + +package TLSProxy::CertificateVerify; + +use vars '@ISA'; +push @ISA, 'TLSProxy::Message'; + +sub new +{ + my $class = shift; + my ($server, + $data, + $records, + $startoffset, + $message_frag_lens) = @_; + + my $self = $class->SUPER::new( + $server, + TLSProxy::Message::MT_CERTIFICATE_VERIFY, + $data, + $records, + $startoffset, + $message_frag_lens); + + $self->{sigalg} = -1; + $self->{signature} = ""; + + return $self; +} + +sub parse +{ + my $self = shift; + + my $sigalg = -1; + my $remdata = $self->data; + my $record = ${$self->records}[0]; + + if (TLSProxy::Proxy->is_tls13() + || $record->version() == TLSProxy::Record::VERS_TLS_1_2) { + $sigalg = unpack('n', $remdata); + $remdata = substr($remdata, 2); + } + + my $siglen = unpack('n', substr($remdata, 0, 2)); + my $sig = substr($remdata, 2); + + die "Invalid CertificateVerify signature length" if length($sig) != $siglen; + + print " SigAlg:".$sigalg."\n"; + print " Signature Len:".$siglen."\n"; + + $self->sigalg($sigalg); + $self->signature($sig); +} + +#Reconstruct the on-the-wire message data following changes +sub set_message_contents +{ + my $self = shift; + my $data = ""; + my $sig = $self->signature(); + my $olddata = $self->data(); + + $data .= pack("n", $self->sigalg()) if ($self->sigalg() != -1); + $data .= pack("n", length($sig)); + $data .= $sig; + + $self->data($data); +} + +#Read/write accessors +sub sigalg +{ + my $self = shift; + if (@_) { + $self->{sigalg} = shift; + } + return $self->{sigalg}; +} +sub signature +{ + my $self = shift; + if (@_) { + $self->{signature} = shift; + } + return $self->{signature}; +} +1; diff --git a/deps/openssl/openssl/util/perl/TLSProxy/ClientHello.pm b/deps/openssl/openssl/util/perl/TLSProxy/ClientHello.pm index ec739d2970a107..2ae9d6f55d2b9a 100644 --- a/deps/openssl/openssl/util/perl/TLSProxy/ClientHello.pm +++ b/deps/openssl/openssl/util/perl/TLSProxy/ClientHello.pm @@ -114,6 +114,24 @@ sub process_extensions } } +sub extension_contents +{ + my $self = shift; + my $key = shift; + my $extension = ""; + + my $extdata = ${$self->extension_data}{$key}; + $extension .= pack("n", $key); + $extension .= pack("n", length($extdata)); + $extension .= $extdata; + if ($key == TLSProxy::Message::EXT_DUPLICATE_EXTENSION) { + $extension .= pack("n", $key); + $extension .= pack("n", length($extdata)); + $extension .= $extdata; + } + return $extension; +} + #Reconstruct the on-the-wire message data following changes sub set_message_contents { @@ -131,15 +149,16 @@ sub set_message_contents $data .= pack("C*", @{$self->comp_meths}); foreach my $key (keys %{$self->extension_data}) { - my $extdata = ${$self->extension_data}{$key}; - $extensions .= pack("n", $key); - $extensions .= pack("n", length($extdata)); - $extensions .= $extdata; - if ($key == TLSProxy::Message::EXT_DUPLICATE_EXTENSION) { - $extensions .= pack("n", $key); - $extensions .= pack("n", length($extdata)); - $extensions .= $extdata; - } + next if ($key == TLSProxy::Message::EXT_PSK); + $extensions .= $self->extension_contents($key); + } + #PSK extension always goes last... + if (defined ${$self->extension_data}{TLSProxy::Message::EXT_PSK}) { + $extensions .= $self->extension_contents(TLSProxy::Message::EXT_PSK); + } + #unless we have EXT_FORCE_LAST + if (defined ${$self->extension_data}{TLSProxy::Message::EXT_FORCE_LAST}) { + $extensions .= $self->extension_contents(TLSProxy::Message::EXT_FORCE_LAST); } $data .= pack('n', length($extensions)); diff --git a/deps/openssl/openssl/util/perl/TLSProxy/EncryptedExtensions.pm b/deps/openssl/openssl/util/perl/TLSProxy/EncryptedExtensions.pm new file mode 100644 index 00000000000000..81242e29ff9de8 --- /dev/null +++ b/deps/openssl/openssl/util/perl/TLSProxy/EncryptedExtensions.pm @@ -0,0 +1,115 @@ +# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; + +package TLSProxy::EncryptedExtensions; + +use vars '@ISA'; +push @ISA, 'TLSProxy::Message'; + +sub new +{ + my $class = shift; + my ($server, + $data, + $records, + $startoffset, + $message_frag_lens) = @_; + + my $self = $class->SUPER::new( + $server, + TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, + $data, + $records, + $startoffset, + $message_frag_lens); + + $self->{extension_data} = ""; + + return $self; +} + +sub parse +{ + my $self = shift; + + my $extensions_len = unpack('n', $self->data); + if (!defined $extensions_len) { + $extensions_len = 0; + } + + my $extension_data; + if ($extensions_len != 0) { + $extension_data = substr($self->data, 2); + + if (length($extension_data) != $extensions_len) { + die "Invalid extension length\n"; + } + } else { + if (length($self->data) != 2) { + die "Invalid extension length\n"; + } + $extension_data = ""; + } + my %extensions = (); + while (length($extension_data) >= 4) { + my ($type, $size) = unpack("nn", $extension_data); + my $extdata = substr($extension_data, 4, $size); + $extension_data = substr($extension_data, 4 + $size); + $extensions{$type} = $extdata; + } + + $self->extension_data(\%extensions); + + print " Extensions Len:".$extensions_len."\n"; +} + +#Reconstruct the on-the-wire message data following changes +sub set_message_contents +{ + my $self = shift; + my $data; + my $extensions = ""; + + foreach my $key (keys %{$self->extension_data}) { + my $extdata = ${$self->extension_data}{$key}; + $extensions .= pack("n", $key); + $extensions .= pack("n", length($extdata)); + $extensions .= $extdata; + if ($key == TLSProxy::Message::EXT_DUPLICATE_EXTENSION) { + $extensions .= pack("n", $key); + $extensions .= pack("n", length($extdata)); + $extensions .= $extdata; + } + } + + $data = pack('n', length($extensions)); + $data .= $extensions; + $self->data($data); +} + +#Read/write accessors +sub extension_data +{ + my $self = shift; + if (@_) { + $self->{extension_data} = shift; + } + return $self->{extension_data}; +} +sub set_extension +{ + my ($self, $ext_type, $ext_data) = @_; + $self->{extension_data}{$ext_type} = $ext_data; +} +sub delete_extension +{ + my ($self, $ext_type) = @_; + delete $self->{extension_data}{$ext_type}; +} +1; diff --git a/deps/openssl/openssl/util/perl/TLSProxy/Message.pm b/deps/openssl/openssl/util/perl/TLSProxy/Message.pm index 0821bdedd328ba..16ed0120669b88 100644 --- a/deps/openssl/openssl/util/perl/TLSProxy/Message.pm +++ b/deps/openssl/openssl/util/perl/TLSProxy/Message.pm @@ -1,4 +1,4 @@ -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -9,6 +9,8 @@ use strict; package TLSProxy::Message; +use TLSProxy::Alert; + use constant TLS_MESSAGE_HEADER_LENGTH => 4; #Message types @@ -17,6 +19,7 @@ use constant { MT_CLIENT_HELLO => 1, MT_SERVER_HELLO => 2, MT_NEW_SESSION_TICKET => 4, + MT_ENCRYPTED_EXTENSIONS => 8, MT_CERTIFICATE => 11, MT_SERVER_KEY_EXCHANGE => 12, MT_CERTIFICATE_REQUEST => 13, @@ -38,6 +41,7 @@ use constant { use constant { AL_DESC_CLOSE_NOTIFY => 0, AL_DESC_UNEXPECTED_MESSAGE => 10, + AL_DESC_ILLEGAL_PARAMETER => 47, AL_DESC_NO_RENEGOTIATION => 100 }; @@ -46,6 +50,7 @@ my %message_type = ( MT_CLIENT_HELLO, "ClientHello", MT_SERVER_HELLO, "ServerHello", MT_NEW_SESSION_TICKET, "NewSessionTicket", + MT_ENCRYPTED_EXTENSIONS, "EncryptedExtensions", MT_CERTIFICATE, "Certificate", MT_SERVER_KEY_EXCHANGE, "ServerKeyExchange", MT_CERTIFICATE_REQUEST, "CertificateRequest", @@ -58,13 +63,73 @@ my %message_type = ( ); use constant { + EXT_SERVER_NAME => 0, + EXT_MAX_FRAGMENT_LENGTH => 1, EXT_STATUS_REQUEST => 5, + EXT_SUPPORTED_GROUPS => 10, + EXT_EC_POINT_FORMATS => 11, + EXT_SRP => 12, + EXT_SIG_ALGS => 13, + EXT_USE_SRTP => 14, + EXT_ALPN => 16, + EXT_SCT => 18, + EXT_PADDING => 21, EXT_ENCRYPT_THEN_MAC => 22, EXT_EXTENDED_MASTER_SECRET => 23, EXT_SESSION_TICKET => 35, - # This extension does not exist and isn't recognised by OpenSSL. - # We use it to test handling of duplicate extensions. - EXT_DUPLICATE_EXTENSION => 1234 + EXT_KEY_SHARE => 51, + EXT_PSK => 41, + EXT_SUPPORTED_VERSIONS => 43, + EXT_COOKIE => 44, + EXT_PSK_KEX_MODES => 45, + EXT_POST_HANDSHAKE_AUTH => 49, + EXT_SIG_ALGS_CERT => 50, + EXT_RENEGOTIATE => 65281, + EXT_NPN => 13172, + # This extension is an unofficial extension only ever written by OpenSSL + # (i.e. not read), and even then only when enabled. We use it to test + # handling of duplicate extensions. + EXT_DUPLICATE_EXTENSION => 0xfde8, + EXT_UNKNOWN => 0xfffe, + #Unknown extension that should appear last + EXT_FORCE_LAST => 0xffff +}; + +# SignatureScheme of TLS 1.3 from: +# https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-signaturescheme +# We have to manually grab the SHA224 equivalents from the old registry +use constant { + SIG_ALG_RSA_PKCS1_SHA256 => 0x0401, + SIG_ALG_RSA_PKCS1_SHA384 => 0x0501, + SIG_ALG_RSA_PKCS1_SHA512 => 0x0601, + SIG_ALG_ECDSA_SECP256R1_SHA256 => 0x0403, + SIG_ALG_ECDSA_SECP384R1_SHA384 => 0x0503, + SIG_ALG_ECDSA_SECP521R1_SHA512 => 0x0603, + SIG_ALG_RSA_PSS_RSAE_SHA256 => 0x0804, + SIG_ALG_RSA_PSS_RSAE_SHA384 => 0x0805, + SIG_ALG_RSA_PSS_RSAE_SHA512 => 0x0806, + SIG_ALG_ED25519 => 0x0807, + SIG_ALG_ED448 => 0x0808, + SIG_ALG_RSA_PSS_PSS_SHA256 => 0x0809, + SIG_ALG_RSA_PSS_PSS_SHA384 => 0x080a, + SIG_ALG_RSA_PSS_PSS_SHA512 => 0x080b, + SIG_ALG_RSA_PKCS1_SHA1 => 0x0201, + SIG_ALG_ECDSA_SHA1 => 0x0203, + SIG_ALG_DSA_SHA1 => 0x0202, + SIG_ALG_DSA_SHA256 => 0x0402, + SIG_ALG_DSA_SHA384 => 0x0502, + SIG_ALG_DSA_SHA512 => 0x0602, + OSSL_SIG_ALG_RSA_PKCS1_SHA224 => 0x0301, + OSSL_SIG_ALG_DSA_SHA224 => 0x0302, + OSSL_SIG_ALG_ECDSA_SHA224 => 0x0303 +}; + +use constant { + CIPHER_RSA_WITH_AES_128_CBC_SHA => 0x002f, + CIPHER_DHE_RSA_AES_128_SHA => 0x0033, + CIPHER_ADH_AES_128_SHA => 0x0034, + CIPHER_TLS13_AES_128_GCM_SHA256 => 0x1301, + CIPHER_TLS13_AES_256_GCM_SHA384 => 0x1302 }; my $payload = ""; @@ -77,6 +142,8 @@ my $end = 0; my @message_rec_list = (); my @message_frag_lens = (); my $ciphersuite = 0; +my $successondata = 0; +my $alert; sub clear { @@ -86,8 +153,10 @@ sub clear $server = 0; $success = 0; $end = 0; + $successondata = 0; @message_rec_list = (); @message_frag_lens = (); + $alert = undef; } #Class method to extract messages from a record @@ -111,10 +180,12 @@ sub get_messages #We can't handle this yet die "CCS received before message data complete\n"; } - if ($server) { - TLSProxy::Record->server_ccs_seen(1); - } else { - TLSProxy::Record->client_ccs_seen(1); + if (!TLSProxy::Proxy->is_tls13()) { + if ($server) { + TLSProxy::Record->server_encrypting(1); + } else { + TLSProxy::Record->client_encrypting(1); + } } } elsif ($record->content_type == TLSProxy::Record::RT_HANDSHAKE) { if ($record->len == 0 || $record->len_real == 0) { @@ -197,16 +268,29 @@ sub get_messages } elsif ($record->content_type == TLSProxy::Record::RT_APPLICATION_DATA) { print " [ENCRYPTED APPLICATION DATA]\n"; print " [".$record->decrypt_data."]\n"; + + if ($successondata) { + $success = 1; + $end = 1; + } } elsif ($record->content_type == TLSProxy::Record::RT_ALERT) { my ($alertlev, $alertdesc) = unpack('CC', $record->decrypt_data); + print " [$alertlev, $alertdesc]\n"; #A CloseNotify from the client indicates we have finished successfully #(we assume) if (!$end && !$server && $alertlev == AL_LEVEL_WARN && $alertdesc == AL_DESC_CLOSE_NOTIFY) { $success = 1; } - #All alerts end the test - $end = 1; + #Fatal or close notify alerts end the test + if ($alertlev == AL_LEVEL_FATAL || $alertdesc == AL_DESC_CLOSE_NOTIFY) { + $end = 1; + } + $alert = TLSProxy::Alert->new( + $server, + $record->encrypted, + $alertlev, + $alertdesc); } return @messages; @@ -239,6 +323,33 @@ sub create_message [@message_frag_lens] ); $message->parse(); + } elsif ($mt == MT_ENCRYPTED_EXTENSIONS) { + $message = TLSProxy::EncryptedExtensions->new( + $server, + $data, + [@message_rec_list], + $startoffset, + [@message_frag_lens] + ); + $message->parse(); + } elsif ($mt == MT_CERTIFICATE) { + $message = TLSProxy::Certificate->new( + $server, + $data, + [@message_rec_list], + $startoffset, + [@message_frag_lens] + ); + $message->parse(); + } elsif ($mt == MT_CERTIFICATE_VERIFY) { + $message = TLSProxy::CertificateVerify->new( + $server, + $data, + [@message_rec_list], + $startoffset, + [@message_frag_lens] + ); + $message->parse(); } elsif ($mt == MT_SERVER_KEY_EXCHANGE) { $message = TLSProxy::ServerKeyExchange->new( $server, @@ -287,6 +398,12 @@ sub fail my $class = shift; return !$success && $end; } + +sub alert +{ + return $alert; +} + sub new { my $class = shift; @@ -319,7 +436,7 @@ sub ciphersuite } #Update all the underlying records with the modified data from this message -#Note: Does not currently support re-encrypting +#Note: Only supports re-encrypting for TLSv1.3 sub repack { my $self = shift; @@ -362,8 +479,14 @@ sub repack # use an explicit override field instead.) $rec->decrypt_len(length($rec->decrypt_data)); $rec->len($rec->len + length($msgdata) - $old_length); - # Don't support re-encryption. - $rec->data($rec->decrypt_data); + # Only support re-encryption for TLSv1.3. + if (TLSProxy::Proxy->is_tls13() && $rec->encrypted()) { + #Add content type (1 byte) and 16 tag bytes + $rec->data($rec->decrypt_data + .pack("C", TLSProxy::Record::RT_HANDSHAKE).("\0"x16)); + } else { + $rec->data($rec->decrypt_data); + } #Update the fragment len in case we changed it above ${$self->message_frag_lens}[0] = length($msgdata) @@ -452,5 +575,12 @@ sub encoded_length my $self = shift; return TLS_MESSAGE_HEADER_LENGTH + length($self->data); } - +sub successondata +{ + my $class = shift; + if (@_) { + $successondata = shift; + } + return $successondata; +} 1; diff --git a/deps/openssl/openssl/util/perl/TLSProxy/Proxy.pm b/deps/openssl/openssl/util/perl/TLSProxy/Proxy.pm index de143626d3a236..8c13520ec68dd7 100644 --- a/deps/openssl/openssl/util/perl/TLSProxy/Proxy.pm +++ b/deps/openssl/openssl/util/perl/TLSProxy/Proxy.pm @@ -17,52 +17,21 @@ use TLSProxy::Record; use TLSProxy::Message; use TLSProxy::ClientHello; use TLSProxy::ServerHello; +use TLSProxy::EncryptedExtensions; +use TLSProxy::Certificate; +use TLSProxy::CertificateVerify; use TLSProxy::ServerKeyExchange; use TLSProxy::NewSessionTicket; -use Time::HiRes qw/usleep/; -my $have_IPv6 = 0; +my $have_IPv6; my $IP_factory; -sub new +BEGIN { - my $class = shift; - my ($filter, - $execute, - $cert, - $debug) = @_; - - my $self = { - #Public read/write - proxy_addr => "localhost", - proxy_port => 4453, - server_addr => "localhost", - server_port => 4443, - filter => $filter, - serverflags => "", - clientflags => "", - serverconnects => 1, - serverpid => 0, - clientpid => 0, - reneg => 0, - - #Public read - execute => $execute, - cert => $cert, - debug => $debug, - cipherc => "", - ciphers => "AES128-SHA", - flight => -1, - direction => -1, - partial => ["", ""], - record_list => [], - message_list => [], - }; - # IO::Socket::IP is on the core module list, IO::Socket::INET6 isn't. # However, IO::Socket::INET6 is older and is said to be more widely # deployed for the moment, and may have less bugs, so we try the latter - # first, then fall back on the code modules. Worst case scenario, we + # first, then fall back on the core modules. Worst case scenario, we # fall back to IO::Socket::INET, only supports IPv4. eval { require IO::Socket::INET6; @@ -93,26 +62,72 @@ sub new $have_IPv6 = 1; } else { $IP_factory = sub { IO::Socket::INET->new(@_); }; + $have_IPv6 = 0; } } +} + +my $is_tls13 = 0; +my $ciphersuite = undef; + +sub new +{ + my $class = shift; + my ($filter, + $execute, + $cert, + $debug) = @_; + + my $self = { + #Public read/write + proxy_addr => $have_IPv6 ? "[::1]" : "127.0.0.1", + filter => $filter, + serverflags => "", + clientflags => "", + serverconnects => 1, + reneg => 0, + sessionfile => undef, + + #Public read + proxy_port => 0, + server_port => 0, + serverpid => 0, + clientpid => 0, + execute => $execute, + cert => $cert, + debug => $debug, + cipherc => "", + ciphersuitesc => "", + ciphers => "AES128-SHA", + ciphersuitess => "TLS_AES_128_GCM_SHA256", + flight => -1, + direction => -1, + partial => ["", ""], + record_list => [], + message_list => [], + }; # Create the Proxy socket my $proxaddr = $self->{proxy_addr}; $proxaddr =~ s/[\[\]]//g; # Remove [ and ] my @proxyargs = ( LocalHost => $proxaddr, - LocalPort => $self->{proxy_port}, + LocalPort => 0, Proto => "tcp", Listen => SOMAXCONN, ); - push @proxyargs, ReuseAddr => 1 - unless $^O eq "MSWin32"; - $self->{proxy_sock} = $IP_factory->(@proxyargs); - if ($self->{proxy_sock}) { - print "Proxy started on port ".$self->{proxy_port}."\n"; + if (my $sock = $IP_factory->(@proxyargs)) { + $self->{proxy_sock} = $sock; + $self->{proxy_port} = $sock->sockport(); + $self->{proxy_addr} = $sock->sockhost(); + $self->{proxy_addr} =~ s/(.*:.*)/[$1]/; + print "Proxy started on port ", + "$self->{proxy_addr}:$self->{proxy_port}\n"; + # use same address for s_server + $self->{server_addr} = $self->{proxy_addr}; } else { - warn "Failed creating proxy socket (".$proxaddr.",".$self->{proxy_port}."): $!\n"; + warn "Failed creating proxy socket (".$proxaddr.",0): $!\n"; } return bless $self, $class; @@ -130,13 +145,17 @@ sub clearClient my $self = shift; $self->{cipherc} = ""; + $self->{ciphersuitec} = ""; $self->{flight} = -1; $self->{direction} = -1; $self->{partial} = ["", ""]; $self->{record_list} = []; $self->{message_list} = []; $self->{clientflags} = ""; + $self->{sessionfile} = undef; $self->{clientpid} = 0; + $is_tls13 = 0; + $ciphersuite = undef; TLSProxy::Message->clear(); TLSProxy::Record->clear(); @@ -148,6 +167,7 @@ sub clear $self->clearClient; $self->{ciphers} = "AES128-SHA"; + $self->{ciphersuitess} = "TLS_AES_128_GCM_SHA256"; $self->{serverflags} = ""; $self->{serverconnects} = 1; $self->{serverpid} = 0; @@ -170,6 +190,25 @@ sub clientrestart $self->clientstart; } +sub connect_to_server +{ + my $self = shift; + my $servaddr = $self->{server_addr}; + + $servaddr =~ s/[\[\]]//g; # Remove [ and ] + + my $sock = $IP_factory->(PeerAddr => $servaddr, + PeerPort => $self->{server_port}, + Proto => 'tcp'); + if (!defined($sock)) { + my $err = $!; + kill(3, $self->{real_serverpid}); + die "unable to connect: $err\n"; + } + + $self->{server_sock} = $sock; +} + sub start { my ($self) = shift; @@ -179,27 +218,90 @@ sub start return 0; } - $pid = fork(); - if ($pid == 0) { - my $execcmd = $self->execute - ." s_server -max_protocol TLSv1.2 -no_comp -rev -engine ossltest -accept " - .($self->server_port) - ." -cert ".$self->cert." -naccept ".$self->serverconnects; - unless ($self->supports_IPv6) { - $execcmd .= " -4"; - } - if ($self->ciphers ne "") { - $execcmd .= " -cipher ".$self->ciphers; - } - if ($self->serverflags ne "") { - $execcmd .= " ".$self->serverflags; + my $execcmd = $self->execute + ." s_server -max_protocol TLSv1.3 -no_comp -rev -engine ossltest" + #In TLSv1.3 we issue two session tickets. The default session id + #callback gets confused because the ossltest engine causes the same + #session id to be created twice due to the changed random number + #generation. Using "-ext_cache" replaces the default callback with a + #different one that doesn't get confused. + ." -ext_cache" + ." -accept $self->{server_addr}:0" + ." -cert ".$self->cert." -cert2 ".$self->cert + ." -naccept ".$self->serverconnects; + if ($self->ciphers ne "") { + $execcmd .= " -cipher ".$self->ciphers; + } + if ($self->ciphersuitess ne "") { + $execcmd .= " -ciphersuites ".$self->ciphersuitess; + } + if ($self->serverflags ne "") { + $execcmd .= " ".$self->serverflags; + } + if ($self->debug) { + print STDERR "Server command: $execcmd\n"; + } + + open(my $savedin, "<&STDIN"); + + # Temporarily replace STDIN so that sink process can inherit it... + $pid = open(STDIN, "$execcmd 2>&1 |") or die "Failed to $execcmd: $!\n"; + $self->{real_serverpid} = $pid; + + # Process the output from s_server until we find the ACCEPT line, which + # tells us what the accepting address and port are. + while (<>) { + print; + s/\R$//; # Better chomp + next unless (/^ACCEPT\s.*:(\d+)$/); + $self->{server_port} = $1; + last; + } + + if ($self->{server_port} == 0) { + # This actually means that s_server exited, because otherwise + # we would still searching for ACCEPT... + waitpid($pid, 0); + die "no ACCEPT detected in '$execcmd' output: $?\n"; + } + + # Just make sure everything else is simply printed [as separate lines]. + # The sub process simply inherits our STD* and will keep consuming + # server's output and printing it as long as there is anything there, + # out of our way. + my $error; + $pid = undef; + if (eval { require Win32::Process; 1; }) { + if (Win32::Process::Create(my $h, $^X, "perl -ne print", 0, 0, ".")) { + $pid = $h->GetProcessID(); + $self->{proc_handle} = $h; # hold handle till next round [or exit] + } else { + $error = Win32::FormatMessage(Win32::GetLastError()); } - if ($self->debug) { - print STDERR "Server command: $execcmd\n"; + } else { + if (defined($pid = fork)) { + $pid or exec("$^X -ne print") or exit($!); + } else { + $error = $!; } - exec($execcmd); } - $self->serverpid($pid); + + # Change back to original stdin + open(STDIN, "<&", $savedin); + close($savedin); + + if (!defined($pid)) { + kill(3, $self->{real_serverpid}); + die "Failed to capture s_server's output: $error\n"; + } + + $self->{serverpid} = $pid; + + print STDERR "Server responds on ", + "$self->{server_addr}:$self->{server_port}\n"; + + # Connect right away... + $self->connect_to_server(); return $self->clientstart; } @@ -207,38 +309,57 @@ sub start sub clientstart { my ($self) = shift; - my $oldstdout; if ($self->execute) { - my $pid = fork(); - if ($pid == 0) { - my $echostr; - if ($self->reneg()) { - $echostr = "R"; - } else { - $echostr = "test"; - } - my $execcmd = "echo ".$echostr." | ".$self->execute - ." s_client -max_protocol TLSv1.2 -engine ossltest -connect " - .($self->proxy_addr).":".($self->proxy_port); - unless ($self->supports_IPv6) { - $execcmd .= " -4"; - } - if ($self->cipherc ne "") { - $execcmd .= " -cipher ".$self->cipherc; - } - if ($self->clientflags ne "") { - $execcmd .= " ".$self->clientflags; - } - if ($self->debug) { - print STDERR "Client command: $execcmd\n"; - } - exec($execcmd); + my $pid; + my $execcmd = $self->execute + ." s_client -max_protocol TLSv1.3 -engine ossltest" + ." -connect $self->{proxy_addr}:$self->{proxy_port}"; + if ($self->cipherc ne "") { + $execcmd .= " -cipher ".$self->cipherc; + } + if ($self->ciphersuitesc ne "") { + $execcmd .= " -ciphersuites ".$self->ciphersuitesc; + } + if ($self->clientflags ne "") { + $execcmd .= " ".$self->clientflags; + } + if ($self->clientflags !~ m/-(no)?servername/) { + $execcmd .= " -servername localhost"; + } + if (defined $self->sessionfile) { + $execcmd .= " -ign_eof"; + } + if ($self->debug) { + print STDERR "Client command: $execcmd\n"; + } + + open(my $savedout, ">&STDOUT"); + # If we open pipe with new descriptor, attempt to close it, + # explicitly or implicitly, would incur waitpid and effectively + # dead-lock... + if (!($pid = open(STDOUT, "| $execcmd"))) { + my $err = $!; + kill(3, $self->{real_serverpid}); + die "Failed to $execcmd: $err\n"; } - $self->clientpid($pid); + $self->{clientpid} = $pid; + + # queue [magic] input + print $self->reneg ? "R" : "test"; + + # this closes client's stdin without waiting for its pid + open(STDOUT, ">&", $savedout); + close($savedout); } # Wait for incoming connection from client + my $fdset = IO::Select->new($self->{proxy_sock}); + if (!$fdset->can_read(60)) { + kill(3, $self->{real_serverpid}); + die "s_client didn't try to connect\n"; + } + my $client_sock; if(!($client_sock = $self->{proxy_sock}->accept())) { warn "Failed accepting incoming connection: $!\n"; @@ -247,89 +368,96 @@ sub clientstart print "Connection opened\n"; - # Now connect to the server - my $retry = 50; - my $server_sock; - #We loop over this a few times because sometimes s_server can take a while - #to start up - do { - my $servaddr = $self->server_addr; - $servaddr =~ s/[\[\]]//g; # Remove [ and ] - eval { - $server_sock = $IP_factory->( - PeerAddr => $servaddr, - PeerPort => $self->server_port, - MultiHomed => 1, - Proto => 'tcp' - ); - }; - - $retry--; - #Some buggy IP factories can return a defined server_sock that hasn't - #actually connected, so we check peerport too - if ($@ || !defined($server_sock) || !defined($server_sock->peerport)) { - $server_sock->close() if defined($server_sock); - undef $server_sock; - if ($retry) { - #Sleep for a short while - select(undef, undef, undef, 0.1); - } else { - warn "Failed to start up server (".$servaddr.",".$self->server_port."): $!\n"; - return 0; - } - } - } while (!$server_sock); - - my $sel = IO::Select->new($server_sock, $client_sock); + my $server_sock = $self->{server_sock}; my $indata; - my @handles = ($server_sock, $client_sock); #Wait for either the server socket or the client socket to become readable + $fdset = IO::Select->new($server_sock, $client_sock); my @ready; + my $ctr = 0; local $SIG{PIPE} = "IGNORE"; - while(!(TLSProxy::Message->end) && (@ready = $sel->can_read)) { + $self->{saw_session_ticket} = undef; + while($fdset->count && $ctr < 10) { + if (defined($self->{sessionfile})) { + # s_client got -ign_eof and won't be exiting voluntarily, so we + # look for data *and* session ticket... + last if TLSProxy::Message->success() + && $self->{saw_session_ticket}; + } + if (!(@ready = $fdset->can_read(1))) { + $ctr++; + next; + } foreach my $hand (@ready) { if ($hand == $server_sock) { - $server_sock->sysread($indata, 16384) or goto END; - $indata = $self->process_packet(1, $indata); - $client_sock->syswrite($indata); + if ($server_sock->sysread($indata, 16384)) { + if ($indata = $self->process_packet(1, $indata)) { + $client_sock->syswrite($indata) or goto END; + } + $ctr = 0; + } else { + $fdset->remove($server_sock); + $client_sock->shutdown(SHUT_WR); + } } elsif ($hand == $client_sock) { - $client_sock->sysread($indata, 16384) or goto END; - $indata = $self->process_packet(0, $indata); - $server_sock->syswrite($indata); + if ($client_sock->sysread($indata, 16384)) { + if ($indata = $self->process_packet(0, $indata)) { + $server_sock->syswrite($indata) or goto END; + } + $ctr = 0; + } else { + $fdset->remove($client_sock); + $server_sock->shutdown(SHUT_WR); + } } else { - print "Err\n"; - goto END; + kill(3, $self->{real_serverpid}); + die "Unexpected handle"; } } } + if ($ctr >= 10) { + kill(3, $self->{real_serverpid}); + die "No progress made"; + } + END: print "Connection closed\n"; if($server_sock) { $server_sock->close(); + $self->{server_sock} = undef; } if($client_sock) { #Closing this also kills the child process $client_sock->close(); } - if(!$self->debug) { - select($oldstdout); - } - $self->serverconnects($self->serverconnects - 1); - if ($self->serverconnects == 0) { - die "serverpid is zero\n" if $self->serverpid == 0; - print "Waiting for server process to close: " - .$self->serverpid."\n"; - waitpid( $self->serverpid, 0); - die "exit code $? from server process\n" if $? != 0; + + my $pid; + if (--$self->{serverconnects} == 0) { + $pid = $self->{serverpid}; + print "Waiting for 'perl -ne print' process to close: $pid...\n"; + $pid = waitpid($pid, 0); + if ($pid > 0) { + die "exit code $? from 'perl -ne print' process\n" if $? != 0; + } elsif ($pid == 0) { + kill(3, $self->{real_serverpid}); + die "lost control over $self->{serverpid}?"; + } + $pid = $self->{real_serverpid}; + print "Waiting for s_server process to close: $pid...\n"; + # it's done already, just collect the exit code [and reap]... + waitpid($pid, 0); + die "exit code $? from s_server process\n" if $? != 0; } else { - # Give s_server sufficient time to finish what it was doing - usleep(250000); + # It's a bit counter-intuitive spot to make next connection to + # the s_server. Rationale is that established connection works + # as syncronization point, in sense that this way we know that + # s_server is actually done with current session... + $self->connect_to_server(); } - die "clientpid is zero\n" if $self->clientpid == 0; - print "Waiting for client process to close: ".$self->clientpid."\n"; - waitpid($self->clientpid, 0); + $pid = $self->{clientpid}; + print "Waiting for s_client process to close: $pid...\n"; + waitpid($pid, 0); return 1; } @@ -358,9 +486,10 @@ sub process_packet #Return contains the list of record found in the packet followed by the #list of messages in those records and any partial message - my @ret = TLSProxy::Record->get_records($server, $self->flight, $self->{partial}[$server].$packet); + my @ret = TLSProxy::Record->get_records($server, $self->flight, + $self->{partial}[$server].$packet); $self->{partial}[$server] = $ret[2]; - push @{$self->record_list}, @{$ret[0]}; + push @{$self->{record_list}}, @{$ret[0]}; push @{$self->{message_list}}, @{$ret[1]}; print "\n"; @@ -374,10 +503,18 @@ sub process_packet $self->filter->($self); } + #Take a note on NewSessionTicket + foreach my $message (reverse @{$self->{message_list}}) { + if ($message->{mt} == TLSProxy::Message::MT_NEW_SESSION_TICKET) { + $self->{saw_session_ticket} = 1; + last; + } + } + #Reconstruct the packet $packet = ""; foreach my $record (@{$self->record_list}) { - $packet .= $record->reconstruct_record(); + $packet .= $record->reconstruct_record($server); } print "Forwarded packet length = ".length($packet)."\n\n"; @@ -436,29 +573,33 @@ sub proxy_port my $self = shift; return $self->{proxy_port}; } - -#Read/write accessors sub server_addr { my $self = shift; - if (@_) { - $self->{server_addr} = shift; - } return $self->{server_addr}; } sub server_port { my $self = shift; - if (@_) { - $self->{server_port} = shift; - } return $self->{server_port}; } +sub serverpid +{ + my $self = shift; + return $self->{serverpid}; +} +sub clientpid +{ + my $self = shift; + return $self->{clientpid}; +} + +#Read/write accessors sub filter { my $self = shift; if (@_) { - $self->{filter} = shift; + $self->{filter} = shift; } return $self->{filter}; } @@ -466,23 +607,39 @@ sub cipherc { my $self = shift; if (@_) { - $self->{cipherc} = shift; + $self->{cipherc} = shift; } return $self->{cipherc}; } +sub ciphersuitesc +{ + my $self = shift; + if (@_) { + $self->{ciphersuitesc} = shift; + } + return $self->{ciphersuitesc}; +} sub ciphers { my $self = shift; if (@_) { - $self->{ciphers} = shift; + $self->{ciphers} = shift; } return $self->{ciphers}; } +sub ciphersuitess +{ + my $self = shift; + if (@_) { + $self->{ciphersuitess} = shift; + } + return $self->{ciphersuitess}; +} sub serverflags { my $self = shift; if (@_) { - $self->{serverflags} = shift; + $self->{serverflags} = shift; } return $self->{serverflags}; } @@ -490,7 +647,7 @@ sub clientflags { my $self = shift; if (@_) { - $self->{clientflags} = shift; + $self->{clientflags} = shift; } return $self->{clientflags}; } @@ -498,7 +655,7 @@ sub serverconnects { my $self = shift; if (@_) { - $self->{serverconnects} = shift; + $self->{serverconnects} = shift; } return $self->{serverconnects}; } @@ -514,22 +671,6 @@ sub message_list } return $self->{message_list}; } -sub serverpid -{ - my $self = shift; - if (@_) { - $self->{serverpid} = shift; - } - return $self->{serverpid}; -} -sub clientpid -{ - my $self = shift; - if (@_) { - $self->{clientpid} = shift; - } - return $self->{clientpid}; -} sub fill_known_data { @@ -541,13 +682,47 @@ sub fill_known_data return $ret; } +sub is_tls13 +{ + my $class = shift; + if (@_) { + $is_tls13 = shift; + } + return $is_tls13; +} + sub reneg { my $self = shift; if (@_) { - $self->{reneg} = shift; + $self->{reneg} = shift; } return $self->{reneg}; } +#Setting a sessionfile means that the client will not close until the given +#file exists. This is useful in TLSv1.3 where otherwise s_client will close +#immediately at the end of the handshake, but before the session has been +#received from the server. A side effect of this is that s_client never sends +#a close_notify, so instead we consider success to be when it sends application +#data over the connection. +sub sessionfile +{ + my $self = shift; + if (@_) { + $self->{sessionfile} = shift; + TLSProxy::Message->successondata(1); + } + return $self->{sessionfile}; +} + +sub ciphersuite +{ + my $class = shift; + if (@_) { + $ciphersuite = shift; + } + return $ciphersuite; +} + 1; diff --git a/deps/openssl/openssl/util/perl/TLSProxy/Record.pm b/deps/openssl/openssl/util/perl/TLSProxy/Record.pm index 786ba0c72b66c3..0a280cb269961b 100644 --- a/deps/openssl/openssl/util/perl/TLSProxy/Record.pm +++ b/deps/openssl/openssl/util/perl/TLSProxy/Record.pm @@ -11,8 +11,8 @@ use TLSProxy::Proxy; package TLSProxy::Record; -my $server_ccs_seen = 0; -my $client_ccs_seen = 0; +my $server_encrypting = 0; +my $client_encrypting = 0; my $etm = 0; use constant TLS_RECORD_HEADER_LENGTH => 5; @@ -35,12 +35,13 @@ my %record_type = ( ); use constant { - VERS_TLS_1_3 => 772, - VERS_TLS_1_2 => 771, - VERS_TLS_1_1 => 770, - VERS_TLS_1_0 => 769, - VERS_SSL_3_0 => 768, - VERS_SSL_LT_3_0 => 767 + VERS_TLS_1_4 => 0x0305, + VERS_TLS_1_3 => 0x0304, + VERS_TLS_1_2 => 0x0303, + VERS_TLS_1_1 => 0x0302, + VERS_TLS_1_0 => 0x0301, + VERS_SSL_3_0 => 0x0300, + VERS_SSL_LT_3_0 => 0x02ff }; my %tls_version = ( @@ -62,72 +63,66 @@ sub get_records my $partial = ""; my @record_list = (); my @message_list = (); - my $data; - my $content_type; - my $version; - my $len; - my $len_real; - my $decrypt_len; my $recnum = 1; while (length ($packet) > 0) { - print " Record $recnum"; - if ($server) { - print " (server -> client)\n"; - } else { - print " (client -> server)\n"; - } - #Get the record header - if (length($packet) < TLS_RECORD_HEADER_LENGTH - || length($packet) < 5 + unpack("n", substr($packet, 3, 2))) { + print " Record $recnum ", $server ? "(server -> client)\n" + : "(client -> server)\n"; + + #Get the record header (unpack can't fail if $packet is too short) + my ($content_type, $version, $len) = unpack('Cnn', $packet); + + if (length($packet) < TLS_RECORD_HEADER_LENGTH + ($len // 0)) { print "Partial data : ".length($packet)." bytes\n"; $partial = $packet; - $packet = ""; - } else { - ($content_type, $version, $len) = unpack('CnnC*', $packet); - $data = substr($packet, 5, $len); - - print " Content type: ".$record_type{$content_type}."\n"; - print " Version: $tls_version{$version}\n"; - print " Length: $len"; - if ($len == length($data)) { - print "\n"; - $decrypt_len = $len_real = $len; - } else { - print " (expected), ".length($data)." (actual)\n"; - $decrypt_len = $len_real = length($data); - } + last; + } - my $record = TLSProxy::Record->new( - $flight, - $content_type, - $version, - $len, - 0, - $len_real, - $decrypt_len, - substr($packet, TLS_RECORD_HEADER_LENGTH, $len_real), - substr($packet, TLS_RECORD_HEADER_LENGTH, $len_real) - ); - - if (($server && $server_ccs_seen) - || (!$server && $client_ccs_seen)) { - if ($etm) { + my $data = substr($packet, TLS_RECORD_HEADER_LENGTH, $len); + + print " Content type: ".$record_type{$content_type}."\n"; + print " Version: $tls_version{$version}\n"; + print " Length: $len\n"; + + my $record = TLSProxy::Record->new( + $flight, + $content_type, + $version, + $len, + 0, + $len, # len_real + $len, # decrypt_len + $data, # data + $data # decrypt_data + ); + + if ($content_type != RT_CCS + && (!TLSProxy::Proxy->is_tls13() + || $content_type != RT_ALERT)) { + if (($server && $server_encrypting) + || (!$server && $client_encrypting)) { + if (!TLSProxy::Proxy->is_tls13() && $etm) { $record->decryptETM(); } else { $record->decrypt(); } + $record->encrypted(1); + + if (TLSProxy::Proxy->is_tls13()) { + print " Inner content type: " + .$record_type{$record->content_type()}."\n"; + } } + } - push @record_list, $record; + push @record_list, $record; - #Now figure out what messages are contained within this record - my @messages = TLSProxy::Message->get_messages($server, $record); - push @message_list, @messages; + #Now figure out what messages are contained within this record + my @messages = TLSProxy::Message->get_messages($server, $record); + push @message_list, @messages; - $packet = substr($packet, TLS_RECORD_HEADER_LENGTH + $len_real); - $recnum++; - } + $packet = substr($packet, TLS_RECORD_HEADER_LENGTH + $len); + $recnum++; } return (\@record_list, \@message_list, $partial); @@ -135,26 +130,26 @@ sub get_records sub clear { - $server_ccs_seen = 0; - $client_ccs_seen = 0; + $server_encrypting = 0; + $client_encrypting = 0; } #Class level accessors -sub server_ccs_seen +sub server_encrypting { my $class = shift; if (@_) { - $server_ccs_seen = shift; + $server_encrypting = shift; } - return $server_ccs_seen; + return $server_encrypting; } -sub client_ccs_seen +sub client_encrypting { my $class = shift; if (@_) { - $client_ccs_seen = shift; + $client_encrypting= shift; } - return $client_ccs_seen; + return $client_encrypting; } #Enable/Disable Encrypt-then-MAC sub etm @@ -190,7 +185,9 @@ sub new data => $data, decrypt_data => $decrypt_data, orig_decrypt_data => $decrypt_data, - sent => 0 + sent => 0, + encrypted => 0, + outer_content_type => RT_APPLICATION_DATA }; return bless $self, $class; @@ -227,22 +224,44 @@ sub decryptETM sub decrypt() { my ($self) = shift; - + my $mactaglen = 20; my $data = $self->data; - if($self->version >= VERS_TLS_1_1()) { - #TLS1.1+ has an explicit IV. Throw it away + #Throw away any IVs + if (TLSProxy::Proxy->is_tls13()) { + #A TLS1.3 client, when processing the server's initial flight, could + #respond with either an encrypted or an unencrypted alert. + if ($self->content_type() == RT_ALERT) { + #TODO(TLS1.3): Eventually it is sufficient just to check the record + #content type. If an alert is encrypted it will have a record + #content type of application data. However we haven't done the + #record layer changes yet, so it's a bit more complicated. For now + #we will additionally check if the data length is 2 (1 byte for + #alert level, 1 byte for alert description). If it is, then this is + #an unencrypted alert, so don't try to decrypt + return $data if (length($data) == 2); + } + $mactaglen = 16; + } elsif ($self->version >= VERS_TLS_1_1()) { + #16 bytes for a standard IV $data = substr($data, 16); - } - #Find out what the padding byte is - my $padval = unpack("C", substr($data, length($data) - 1)); + #Find out what the padding byte is + my $padval = unpack("C", substr($data, length($data) - 1)); - #Throw away the padding - $data = substr($data, 0, length($data) - ($padval + 1)); + #Throw away the padding + $data = substr($data, 0, length($data) - ($padval + 1)); + } - #Throw away the MAC (assumes MAC is 20 bytes for now. FIXME) - $data = substr($data, 0, length($data) - 20); + #Throw away the MAC or TAG + $data = substr($data, 0, length($data) - $mactaglen); + + if (TLSProxy::Proxy->is_tls13()) { + #Get the content type + my $content_type = unpack("C", substr($data, length($data) - 1)); + $self->content_type($content_type); + $data = substr($data, 0, length($data) - 1); + } $self->decrypt_data($data); $self->decrypt_len(length($data)); @@ -254,9 +273,11 @@ sub decrypt() sub reconstruct_record { my $self = shift; + my $server = shift; my $data; - if ($self->{sent}) { + #We only replay the records in the same direction + if ($self->{sent} || ($self->flight & 1) != $server) { return ""; } $self->{sent} = 1; @@ -264,7 +285,14 @@ sub reconstruct_record if ($self->sslv2) { $data = pack('n', $self->len | 0x8000); } else { - $data = pack('Cnn', $self->content_type, $self->version, $self->len); + if (TLSProxy::Proxy->is_tls13() && $self->encrypted) { + $data = pack('Cnn', $self->outer_content_type, $self->version, + $self->len); + } else { + $data = pack('Cnn', $self->content_type, $self->version, + $self->len); + } + } $data .= $self->data; @@ -277,16 +305,6 @@ sub flight my $self = shift; return $self->{flight}; } -sub content_type -{ - my $self = shift; - return $self->{content_type}; -} -sub version -{ - my $self = shift; - return $self->{version}; -} sub sslv2 { my $self = shift; @@ -336,4 +354,48 @@ sub len } return $self->{len}; } +sub version +{ + my $self = shift; + if (@_) { + $self->{version} = shift; + } + return $self->{version}; +} +sub content_type +{ + my $self = shift; + if (@_) { + $self->{content_type} = shift; + } + return $self->{content_type}; +} +sub encrypted +{ + my $self = shift; + if (@_) { + $self->{encrypted} = shift; + } + return $self->{encrypted}; +} +sub outer_content_type +{ + my $self = shift; + if (@_) { + $self->{outer_content_type} = shift; + } + return $self->{outer_content_type}; +} +sub is_fatal_alert +{ + my $self = shift; + my $server = shift; + + if (($self->{flight} & 1) == $server + && $self->{content_type} == TLSProxy::Record::RT_ALERT) { + my ($level, $alert) = unpack('CC', $self->decrypt_data); + return $alert if ($level == 2); + } + return 0; +} 1; diff --git a/deps/openssl/openssl/util/perl/TLSProxy/ServerHello.pm b/deps/openssl/openssl/util/perl/TLSProxy/ServerHello.pm index 79a8be9a895e79..84f2faab058bd5 100644 --- a/deps/openssl/openssl/util/perl/TLSProxy/ServerHello.pm +++ b/deps/openssl/openssl/util/perl/TLSProxy/ServerHello.pm @@ -1,4 +1,4 @@ -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -12,6 +12,11 @@ package TLSProxy::ServerHello; use vars '@ISA'; push @ISA, 'TLSProxy::Message'; +my $hrrrandom = pack("C*", 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11, 0xBE, + 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91, 0xC2, 0xA2, + 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E, 0x07, 0x9E, 0x09, + 0xE2, 0xC8, 0xA8, 0x33, 0x9C); + sub new { my $class = shift; @@ -45,16 +50,23 @@ sub parse my $self = shift; my $ptr = 2; my ($server_version) = unpack('n', $self->data); + my $neg_version = $server_version; + my $random = substr($self->data, $ptr, 32); $ptr += 32; - my $session_id_len = unpack('C', substr($self->data, $ptr)); + my $session_id_len = 0; + my $session = ""; + $session_id_len = unpack('C', substr($self->data, $ptr)); $ptr++; - my $session = substr($self->data, $ptr, $session_id_len); + $session = substr($self->data, $ptr, $session_id_len); $ptr += $session_id_len; + my $ciphersuite = unpack('n', substr($self->data, $ptr)); $ptr += 2; - my $comp_meth = unpack('C', substr($self->data, $ptr)); + my $comp_meth = 0; + $comp_meth = unpack('C', substr($self->data, $ptr)); $ptr++; + my $extensions_len = unpack('n', substr($self->data, $ptr)); if (!defined $extensions_len) { $extensions_len = 0; @@ -82,6 +94,18 @@ sub parse my $extdata = substr($extension_data, 4, $size); $extension_data = substr($extension_data, 4 + $size); $extensions{$type} = $extdata; + if ($type == TLSProxy::Message::EXT_SUPPORTED_VERSIONS) { + $neg_version = unpack('n', $extdata); + } + } + + if ($random eq $hrrrandom) { + TLSProxy::Proxy->is_tls13(1); + } elsif ($neg_version == TLSProxy::Record::VERS_TLS_1_3) { + TLSProxy::Proxy->is_tls13(1); + + TLSProxy::Record->server_encrypting(1); + TLSProxy::Record->client_encrypting(1); } $self->server_version($server_version); @@ -89,11 +113,13 @@ sub parse $self->session_id_len($session_id_len); $self->session($session); $self->ciphersuite($ciphersuite); + TLSProxy::Proxy->ciphersuite($ciphersuite); $self->comp_meth($comp_meth); $self->extension_data(\%extensions); $self->process_data(); + print " Server Version:".$server_version."\n"; print " Session ID Len:".$session_id_len."\n"; print " Ciphersuite:".$ciphersuite."\n"; @@ -145,9 +171,9 @@ sub server_version { my $self = shift; if (@_) { - $self->{client_version} = shift; + $self->{server_version} = shift; } - return $self->{client_version}; + return $self->{server_version}; } sub random { diff --git a/deps/openssl/openssl/util/perl/TLSProxy/ServerKeyExchange.pm b/deps/openssl/openssl/util/perl/TLSProxy/ServerKeyExchange.pm index 6e5b4cdcb42fe5..cb4cc7c7625a58 100644 --- a/deps/openssl/openssl/util/perl/TLSProxy/ServerKeyExchange.pm +++ b/deps/openssl/openssl/util/perl/TLSProxy/ServerKeyExchange.pm @@ -33,6 +33,7 @@ sub new $self->{p} = ""; $self->{g} = ""; $self->{pub_key} = ""; + $self->{sigalg} = -1; $self->{sig} = ""; return $self; @@ -41,10 +42,13 @@ sub new sub parse { my $self = shift; + my $sigalg = -1; - #Minimal SKE parsing. Only supports DHE at the moment (if its not DHE - #the parsing data will be trash...which is ok as long as we don't try to - #use it) + #Minimal SKE parsing. Only supports one known DHE ciphersuite at the moment + return if TLSProxy::Proxy->ciphersuite() + != TLSProxy::Message::CIPHER_ADH_AES_128_SHA + && TLSProxy::Proxy->ciphersuite() + != TLSProxy::Message::CIPHER_DHE_RSA_AES_128_SHA; my $p_len = unpack('n', $self->data); my $ptr = 2; @@ -62,18 +66,28 @@ sub parse $ptr += $pub_key_len; #We assume its signed - my $sig_len = unpack('n', substr($self->data, $ptr)); + my $record = ${$self->records}[0]; + + if (TLSProxy::Proxy->is_tls13() + || $record->version() == TLSProxy::Record::VERS_TLS_1_2) { + $sigalg = unpack('n', substr($self->data, $ptr)); + $ptr += 2; + } my $sig = ""; - if (defined $sig_len) { - $ptr += 2; - $sig = substr($self->data, $ptr, $sig_len); - $ptr += $sig_len; + if (defined $sigalg) { + my $sig_len = unpack('n', substr($self->data, $ptr)); + if (defined $sig_len) { + $ptr += 2; + $sig = substr($self->data, $ptr, $sig_len); + $ptr += $sig_len; + } } $self->p($p); $self->g($g); $self->pub_key($pub_key); - $self->sig($sig); + $self->sigalg($sigalg) if defined $sigalg; + $self->signature($sig); } @@ -89,9 +103,10 @@ sub set_message_contents $data .= $self->g; $data .= pack('n', length($self->pub_key)); $data .= $self->pub_key; - if (length($self->sig) > 0) { - $data .= pack('n', length($self->sig)); - $data .= $self->sig; + $data .= pack('n', $self->sigalg) if ($self->sigalg != -1); + if (length($self->signature) > 0) { + $data .= pack('n', length($self->signature)); + $data .= $self->signature; } $self->data($data); @@ -123,7 +138,15 @@ sub pub_key } return $self->{pub_key}; } -sub sig +sub sigalg +{ + my $self = shift; + if (@_) { + $self->{sigalg} = shift; + } + return $self->{sigalg}; +} +sub signature { my $self = shift; if (@_) { diff --git a/deps/openssl/openssl/util/perl/checkhandshake.pm b/deps/openssl/openssl/util/perl/checkhandshake.pm new file mode 100644 index 00000000000000..c53b96d5ee2fb8 --- /dev/null +++ b/deps/openssl/openssl/util/perl/checkhandshake.pm @@ -0,0 +1,228 @@ +#! /usr/bin/env perl +# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +package checkhandshake; + +use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file srctop_dir bldtop_dir/; +use OpenSSL::Test::Utils; +use TLSProxy::Proxy; + +use Exporter; +our @ISA = 'Exporter'; +our @EXPORT = qw(@handmessages @extensions checkhandshake); + +use constant { + DEFAULT_HANDSHAKE => 1, + OCSP_HANDSHAKE => 2, + RESUME_HANDSHAKE => 4, + CLIENT_AUTH_HANDSHAKE => 8, + RENEG_HANDSHAKE => 16, + NPN_HANDSHAKE => 32, + EC_HANDSHAKE => 64, + HRR_HANDSHAKE => 128, + HRR_RESUME_HANDSHAKE => 256, + + ALL_HANDSHAKES => 511 +}; + +use constant { + #DEFAULT also includes SESSION_TICKET_SRV_EXTENSION and SERVER_NAME_CLI + DEFAULT_EXTENSIONS => 0x00000007, + SESSION_TICKET_SRV_EXTENSION => 0x00000002, + SERVER_NAME_CLI_EXTENSION => 0x00000004, + SERVER_NAME_SRV_EXTENSION => 0x00000008, + STATUS_REQUEST_CLI_EXTENSION => 0x00000010, + STATUS_REQUEST_SRV_EXTENSION => 0x00000020, + ALPN_CLI_EXTENSION => 0x00000040, + ALPN_SRV_EXTENSION => 0x00000080, + SCT_CLI_EXTENSION => 0x00000100, + SCT_SRV_EXTENSION => 0x00000200, + RENEGOTIATE_CLI_EXTENSION => 0x00000400, + NPN_CLI_EXTENSION => 0x00000800, + NPN_SRV_EXTENSION => 0x00001000, + SRP_CLI_EXTENSION => 0x00002000, + #Client side for ec point formats is a default extension + EC_POINT_FORMAT_SRV_EXTENSION => 0x00004000, + PSK_CLI_EXTENSION => 0x00008000, + PSK_SRV_EXTENSION => 0x00010000, + KEY_SHARE_SRV_EXTENSION => 0x00020000, + PSK_KEX_MODES_EXTENSION => 0x00040000, + KEY_SHARE_HRR_EXTENSION => 0x00080000, + SUPPORTED_GROUPS_SRV_EXTENSION => 0x00100000, + POST_HANDSHAKE_AUTH_CLI_EXTENSION => 0x00200000 +}; + +our @handmessages = (); +our @extensions = (); + +sub checkhandshake($$$$) +{ + my ($proxy, $handtype, $exttype, $testname) = @_; + + subtest $testname => sub { + my $loop = 0; + my $numtests; + my $extcount; + my $clienthelloseen = 0; + + my $lastmt = 0; + my $numsh = 0; + if (TLSProxy::Proxy::is_tls13()) { + #How many ServerHellos are we expecting? + for ($numtests = 0; $handmessages[$loop][1] != 0; $loop++) { + next if (($handmessages[$loop][1] & $handtype) == 0); + $numsh++ if ($lastmt != TLSProxy::Message::MT_SERVER_HELLO + && $handmessages[$loop][0] == TLSProxy::Message::MT_SERVER_HELLO); + $lastmt = $handmessages[$loop][0]; + } + } + + #First count the number of tests + my $nextmess = 0; + my $message = undef; + my $chnum = 0; + my $shnum = 0; + if (!TLSProxy::Proxy::is_tls13()) { + # In non-TLSv1.3 we always treat reneg CH and SH like the first CH + # and SH + $chnum = 1; + $shnum = 1; + } + #If we're only expecting one ServerHello out of two then we skip the + #first ServerHello in the list completely + $shnum++ if ($numsh == 1 && TLSProxy::Proxy::is_tls13()); + $loop = 0; + for ($numtests = 0; $handmessages[$loop][1] != 0; $loop++) { + next if (($handmessages[$loop][1] & $handtype) == 0); + if (scalar @{$proxy->message_list} > $nextmess) { + $message = ${$proxy->message_list}[$nextmess]; + $nextmess++; + } else { + $message = undef; + } + $numtests++; + + next if (!defined $message); + if (TLSProxy::Proxy::is_tls13()) { + $chnum++ if $message->mt() == TLSProxy::Message::MT_CLIENT_HELLO; + $shnum++ if $message->mt() == TLSProxy::Message::MT_SERVER_HELLO; + } + next if ($message->mt() != TLSProxy::Message::MT_CLIENT_HELLO + && $message->mt() != TLSProxy::Message::MT_SERVER_HELLO + && $message->mt() != + TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS + && $message->mt() != TLSProxy::Message::MT_CERTIFICATE); + + next if $message->mt() == TLSProxy::Message::MT_CERTIFICATE + && !TLSProxy::Proxy::is_tls13(); + + my $extchnum = 1; + my $extshnum = 1; + for (my $extloop = 0; + $extensions[$extloop][2] != 0; + $extloop++) { + $extchnum = 2 if $extensions[$extloop][0] != TLSProxy::Message::MT_CLIENT_HELLO + && TLSProxy::Proxy::is_tls13(); + $extshnum = 2 if $extensions[$extloop][0] != TLSProxy::Message::MT_SERVER_HELLO + && $extchnum == 2; + next if $extensions[$extloop][0] == TLSProxy::Message::MT_CLIENT_HELLO + && $extchnum != $chnum; + next if $extensions[$extloop][0] == TLSProxy::Message::MT_SERVER_HELLO + && $extshnum != $shnum; + next if ($message->mt() != $extensions[$extloop][0]); + $numtests++; + } + $numtests++; + } + + plan tests => $numtests; + + $nextmess = 0; + $message = undef; + if (TLSProxy::Proxy::is_tls13()) { + $chnum = 0; + $shnum = 0; + } else { + # In non-TLSv1.3 we always treat reneg CH and SH like the first CH + # and SH + $chnum = 1; + $shnum = 1; + } + #If we're only expecting one ServerHello out of two then we skip the + #first ServerHello in the list completely + $shnum++ if ($numsh == 1 && TLSProxy::Proxy::is_tls13()); + for ($loop = 0; $handmessages[$loop][1] != 0; $loop++) { + next if (($handmessages[$loop][1] & $handtype) == 0); + if (scalar @{$proxy->message_list} > $nextmess) { + $message = ${$proxy->message_list}[$nextmess]; + $nextmess++; + } else { + $message = undef; + } + if (!defined $message) { + fail("Message type check. Got nothing, expected " + .$handmessages[$loop][0]); + next; + } else { + ok($message->mt == $handmessages[$loop][0], + "Message type check. Got ".$message->mt + .", expected ".$handmessages[$loop][0]); + } + if (TLSProxy::Proxy::is_tls13()) { + $chnum++ if $message->mt() == TLSProxy::Message::MT_CLIENT_HELLO; + $shnum++ if $message->mt() == TLSProxy::Message::MT_SERVER_HELLO; + } + + next if ($message->mt() != TLSProxy::Message::MT_CLIENT_HELLO + && $message->mt() != TLSProxy::Message::MT_SERVER_HELLO + && $message->mt() != + TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS + && $message->mt() != TLSProxy::Message::MT_CERTIFICATE); + + next if $message->mt() == TLSProxy::Message::MT_CERTIFICATE + && !TLSProxy::Proxy::is_tls13(); + + if ($message->mt() == TLSProxy::Message::MT_CLIENT_HELLO) { + #Add renegotiate extension we will expect if renegotiating + $exttype |= RENEGOTIATE_CLI_EXTENSION + if ($clienthelloseen && !TLSProxy::Proxy::is_tls13()); + $clienthelloseen = 1; + } + #Now check that we saw the extensions we expected + my $msgexts = $message->extension_data(); + my $extchnum = 1; + my $extshnum = 1; + for (my $extloop = 0, $extcount = 0; $extensions[$extloop][2] != 0; + $extloop++) { + #In TLSv1.3 we can have two ClientHellos if there has been a + #HelloRetryRequest, and they may have different extensions. Skip + #if these are extensions for a different ClientHello + $extchnum = 2 if $extensions[$extloop][0] != TLSProxy::Message::MT_CLIENT_HELLO + && TLSProxy::Proxy::is_tls13(); + $extshnum = 2 if $extensions[$extloop][0] != TLSProxy::Message::MT_SERVER_HELLO + && $extchnum == 2; + next if $extensions[$extloop][0] == TLSProxy::Message::MT_CLIENT_HELLO + && $extchnum != $chnum; + next if $extensions[$extloop][0] == TLSProxy::Message::MT_SERVER_HELLO + && $extshnum != $shnum; + next if ($message->mt() != $extensions[$extloop][0]); + ok (($extensions[$extloop][2] & $exttype) == 0 + || defined ($msgexts->{$extensions[$extloop][1]}), + "Extension presence check (Message: ".$message->mt() + ." Extension: ".($extensions[$extloop][2] & $exttype).", " + .$extloop.")"); + $extcount++ if (($extensions[$extloop][2] & $exttype) != 0); + } + ok($extcount == keys %$msgexts, "Extensions count mismatch (" + .$extcount.", ".(keys %$msgexts) + .")"); + } + } +} + +1; diff --git a/deps/openssl/openssl/util/point.sh b/deps/openssl/openssl/util/point.sh deleted file mode 100755 index da39899cb19e9c..00000000000000 --- a/deps/openssl/openssl/util/point.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh - -rm -f "$2" -if test "$OSTYPE" = msdosdjgpp || test "x$PLATFORM" = xmingw ; then - cp "$1" "$2" -else - ln -s "$1" "$2" -fi -echo "$2 => $1" - diff --git a/deps/openssl/openssl/util/private.num b/deps/openssl/openssl/util/private.num new file mode 100644 index 00000000000000..a6ef44e4a6eb3d --- /dev/null +++ b/deps/openssl/openssl/util/private.num @@ -0,0 +1,457 @@ +# This isn't a library ".num" file but is a list of documented items +# that don't appear in lib*.num -- because they are define's, in +# assembly language, etc. +# +OPENSSL_ia32cap environment +OPENSSL_MALLOC_FD environment +OPENSSL_MALLOC_FAILURES environment +OPENSSL_instrument_bus assembler +OPENSSL_instrument_bus2 assembler +# +ADMISSION_SYNTAX datatype +ADMISSIONS datatype +ASN1_STRING_TABLE datatype +BIO_ADDR datatype +BIO_ADDRINFO datatype +BIO_callback_fn datatype +BIO_callback_fn_ex datatype +BIO_hostserv_priorities datatype +BIO_lookup_type datatype +CRYPTO_EX_dup datatype +CRYPTO_EX_free datatype +CRYPTO_EX_new datatype +DTLS_timer_cb datatype +EVP_PKEY_gen_cb datatype +EVP_PKEY_METHOD datatype +EVP_PKEY_ASN1_METHOD datatype +GEN_SESSION_CB datatype +OPENSSL_Applink external +NAMING_AUTHORITY datatype +OSSL_STORE_CTX datatype +OSSL_STORE_INFO datatype +OSSL_STORE_LOADER datatype +OSSL_STORE_LOADER_CTX datatype +OSSL_STORE_SEARCH datatype +OSSL_STORE_close_fn datatype +OSSL_STORE_ctrl_fn datatype +OSSL_STORE_expect_fn datatype +OSSL_STORE_find_fn datatype +OSSL_STORE_eof_fn datatype +OSSL_STORE_error_fn datatype +OSSL_STORE_load_fn datatype +OSSL_STORE_open_fn datatype +OSSL_STORE_post_process_info_fn datatype +PROFESSION_INFO datatype +PROFESSION_INFOS datatype +RAND_DRBG_cleanup_entropy_fn datatype +RAND_DRBG_cleanup_nonce_fn datatype +RAND_DRBG_get_entropy_fn datatype +RAND_DRBG_get_nonce_fn datatype +RAND_poll_cb datatype +SSL_CTX_allow_early_data_cb_fn datatype +SSL_CTX_keylog_cb_func datatype +SSL_allow_early_data_cb_fn datatype +SSL_client_hello_cb_fn datatype +SSL_psk_client_cb_func datatype +SSL_psk_find_session_cb_func datatype +SSL_psk_server_cb_func datatype +SSL_psk_use_session_cb_func datatype +SSL_verify_cb datatype +UI datatype +UI_METHOD datatype +UI_STRING datatype +UI_string_types datatype +UI_string_types datatype +X509_STORE_CTX_cert_crl_fn datatype +X509_STORE_CTX_check_crl_fn datatype +X509_STORE_CTX_check_issued_fn datatype +X509_STORE_CTX_check_policy_fn datatype +X509_STORE_CTX_check_revocation_fn datatype +X509_STORE_CTX_cleanup_fn datatype +X509_STORE_CTX_get_crl_fn datatype +X509_STORE_CTX_get_issuer_fn datatype +X509_STORE_CTX_lookup_certs_fn datatype +X509_STORE_CTX_lookup_crls_fn datatype +X509_STORE_CTX_verify_cb datatype +X509_STORE_CTX_verify_fn datatype +X509_STORE_set_verify_cb_func datatype +X509_LOOKUP_get_by_alias_fn datatype +X509_LOOKUP_get_by_subject_fn datatype +X509_LOOKUP_get_by_fingerprint_fn datatype +X509_LOOKUP_ctrl_fn datatype +X509_LOOKUP_get_by_issuer_serial_fn datatype +bio_info_cb datatype +BIO_info_cb datatype +custom_ext_add_cb datatype +custom_ext_free_cb datatype +custom_ext_parse_cb datatype +pem_password_cb datatype +ssl_ct_validation_cb datatype +# +BIO_append_filename define +BIO_destroy_bio_pair define +BIO_do_accept define +BIO_do_connect define +BIO_do_handshake define +BIO_eof define +BIO_flush define +BIO_get_accept_name define +BIO_get_accept_port define +BIO_get_accept_ip_family define +BIO_get_peer_name define +BIO_get_peer_port define +BIO_get_bind_mode define +BIO_get_buffer_num_lines define +BIO_get_cipher_ctx define +BIO_get_cipher_status define +BIO_get_close define +BIO_get_conn_address define +BIO_get_conn_hostname define +BIO_get_conn_port define +BIO_get_conn_ip_family define +BIO_get_fd define +BIO_get_fp define +BIO_get_info_callback define +BIO_get_md define +BIO_get_md_ctx define +BIO_get_mem_data define +BIO_get_mem_ptr define +BIO_get_num_renegotiates define +BIO_get_read_request define +BIO_get_ssl define +BIO_get_write_buf_size define +BIO_get_write_guarantee define +BIO_make_bio_pair define +BIO_pending define +BIO_read_filename define +BIO_reset define +BIO_retry_type define +BIO_rw_filename define +BIO_seek define +BIO_set_accept_bios define +BIO_set_accept_name define +BIO_set_accept_port define +BIO_set_accept_ip_family define +BIO_set_bind_mode define +BIO_set_buffer_read_data define +BIO_set_buffer_size define +BIO_set_close define +BIO_set_conn_address define +BIO_set_conn_hostname define +BIO_set_conn_port define +BIO_set_conn_ip_family define +BIO_set_fd define +BIO_set_fp define +BIO_set_info_callback define +BIO_set_md define +BIO_set_mem_buf define +BIO_set_mem_eof_return define +BIO_set_nbio define +BIO_set_nbio_accept define +BIO_set_read_buffer_size define +BIO_set_ssl define +BIO_set_ssl_mode define +BIO_set_ssl_renegotiate_bytes define +BIO_set_ssl_renegotiate_timeout define +BIO_set_write_buf_size define +BIO_set_write_buffer_size define +BIO_should_io_special define +BIO_should_read define +BIO_should_retry define +BIO_should_write define +BIO_shutdown_wr define +BIO_tell define +BIO_wpending define +BIO_write_filename define +BN_mod define +BN_num_bytes define +BN_one define +BN_zero define deprecated 0.9.8 +CONF_modules_free define deprecated 1.1.0 +DES_ecb2_encrypt define +DES_ede2_cbc_encrypt define +DES_ede2_cfb64_encrypt define +DES_ede2_ofb64_encrypt define +DTLS_get_link_min_mtu define +DTLS_set_link_mtu define +ENGINE_cleanup define deprecated 1.1.0 +ERR_FATAL_ERROR define +ERR_GET_FUNC define +ERR_GET_LIB define +ERR_GET_REASON define +ERR_PACK define +ERR_free_strings define deprecated 1.1.0 +ERR_load_crypto_strings define deprecated 1.1.0 +EVP_DigestSignUpdate define +EVP_DigestVerifyUpdate define +EVP_MD_CTX_block_size define +EVP_MD_CTX_size define +EVP_MD_CTX_type define +EVP_OpenUpdate define +EVP_PKEY_CTX_add1_hkdf_info define +EVP_PKEY_CTX_add1_tls1_prf_seed define +EVP_PKEY_CTX_get0_dh_kdf_oid define +EVP_PKEY_CTX_get0_dh_kdf_ukm define +EVP_PKEY_CTX_get0_ecdh_kdf_ukm define +EVP_PKEY_CTX_get0_rsa_oaep_label define +EVP_PKEY_CTX_get_dh_kdf_md define +EVP_PKEY_CTX_get_dh_kdf_outlen define +EVP_PKEY_CTX_get_dh_kdf_type define +EVP_PKEY_CTX_get_ecdh_cofactor_mode define +EVP_PKEY_CTX_get_ecdh_kdf_md define +EVP_PKEY_CTX_get_ecdh_kdf_outlen define +EVP_PKEY_CTX_get_ecdh_kdf_type define +EVP_PKEY_CTX_get_rsa_mgf1_md define +EVP_PKEY_CTX_get_rsa_oaep_md define +EVP_PKEY_CTX_get_rsa_padding define +EVP_PKEY_CTX_get_rsa_pss_saltlen define +EVP_PKEY_CTX_get_signature_md define +EVP_PKEY_CTX_hkdf_mode define +EVP_PKEY_CTX_set0_dh_kdf_oid define +EVP_PKEY_CTX_set0_dh_kdf_ukm define +EVP_PKEY_CTX_set0_ecdh_kdf_ukm define +EVP_PKEY_CTX_set0_rsa_oaep_label define +EVP_PKEY_CTX_set1_hkdf_key define +EVP_PKEY_CTX_set1_hkdf_salt define +EVP_PKEY_CTX_set1_pbe_pass define +EVP_PKEY_CTX_set1_scrypt_salt define +EVP_PKEY_CTX_set1_tls1_prf_secret define +EVP_PKEY_CTX_set_dh_paramgen_generator define +EVP_PKEY_CTX_set_dh_paramgen_prime_len define +EVP_PKEY_CTX_set_dh_paramgen_subprime_len define +EVP_PKEY_CTX_set_dh_paramgen_type define +EVP_PKEY_CTX_set_dh_kdf_md define +EVP_PKEY_CTX_set_dh_kdf_outlen define +EVP_PKEY_CTX_set_dh_kdf_type define +EVP_PKEY_CTX_set_dh_nid define +EVP_PKEY_CTX_set_dh_pad define +EVP_PKEY_CTX_set_dh_rfc5114 define +EVP_PKEY_CTX_set_dhx_rfc5114 define +EVP_PKEY_CTX_set_dsa_paramgen_bits define +EVP_PKEY_CTX_set_ec_param_enc define +EVP_PKEY_CTX_set_ec_paramgen_curve_nid define +EVP_PKEY_CTX_set_ecdh_cofactor_mode define +EVP_PKEY_CTX_set_ecdh_kdf_md define +EVP_PKEY_CTX_set_ecdh_kdf_outlen define +EVP_PKEY_CTX_set_ecdh_kdf_type define +EVP_PKEY_CTX_set_hkdf_md define +EVP_PKEY_CTX_set_mac_key define +EVP_PKEY_CTX_set_rsa_keygen_bits define +EVP_PKEY_CTX_set_rsa_keygen_pubexp define +EVP_PKEY_CTX_set_rsa_keygen_primes define +EVP_PKEY_CTX_set_rsa_mgf1_md define +EVP_PKEY_CTX_set_rsa_oaep_md define +EVP_PKEY_CTX_set_rsa_padding define +EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md define +EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen define +EVP_PKEY_CTX_set_rsa_pss_keygen_md define +EVP_PKEY_CTX_set_rsa_pss_saltlen define +EVP_PKEY_CTX_set_scrypt_N define +EVP_PKEY_CTX_set_scrypt_r define +EVP_PKEY_CTX_set_scrypt_maxmem_bytes define +EVP_PKEY_CTX_set_scrypt_p define +EVP_PKEY_CTX_set_signature_md define +EVP_PKEY_CTX_set_tls1_prf_md define +EVP_PKEY_assign_DH define +EVP_PKEY_assign_DSA define +EVP_PKEY_assign_EC_KEY define +EVP_PKEY_assign_POLY1305 define +EVP_PKEY_assign_RSA define +EVP_PKEY_assign_SIPHASH define +EVP_SealUpdate define +EVP_SignInit define +EVP_SignInit_ex define +EVP_SignUpdate define +EVP_VerifyInit define +EVP_VerifyInit_ex define +EVP_VerifyUpdate define +EVP_bf_cfb define +EVP_cast5_cfb define +EVP_cleanup define deprecated 1.1.0 +EVP_get_digestbynid define +EVP_get_digestbyobj define +EVP_idea_cfb define +EVP_rc2_cfb define +EVP_rc5_32_12_16_cfb define +EVP_seed_cfb define +EVP_sm4_cfb define +OBJ_cleanup define deprecated 1.1.0 +OPENSSL_VERSION_NUMBER define +OPENSSL_VERSION_TEXT define +OPENSSL_clear_free define +OPENSSL_clear_realloc define +OPENSSL_free define +OPENSSL_malloc define +OPENSSL_malloc_init define +OPENSSL_mem_debug_pop define +OPENSSL_mem_debug_push define +OPENSSL_memdup define +OPENSSL_no_config define deprecated 1.1.0 +OPENSSL_realloc define +OPENSSL_secure_actual_size define +OPENSSL_secure_clear_free define +OPENSSL_secure_free define +OPENSSL_secure_malloc define +OPENSSL_secure_zalloc define +OPENSSL_strdup define +OPENSSL_strndup define +OPENSSL_zalloc define +OpenSSL_add_all_algorithms define deprecated 1.1.0 +OpenSSL_add_all_ciphers define deprecated 1.1.0 +OpenSSL_add_all_digests define deprecated 1.1.0 +OpenSSL_add_ssl_algorithms define +PEM_FLAG_EAY_COMPATIBLE define +PEM_FLAG_ONLY_B64 define +PEM_FLAG_SECURE define +RAND_cleanup define deprecated 1.1.0 +RAND_DRBG_get_ex_new_index define +SSL_COMP_free_compression_methods define deprecated 1.1.0 +SSL_CTX_add0_chain_cert define +SSL_CTX_add1_chain_cert define +SSL_CTX_add_extra_chain_cert define +SSL_CTX_build_cert_chain define +SSL_CTX_clear_chain_certs define +SSL_CTX_clear_extra_chain_certs define +SSL_CTX_clear_mode define +SSL_CTX_decrypt_session_ticket_fn define +SSL_CTX_disable_ct define +SSL_CTX_generate_session_ticket_fn define +SSL_CTX_get0_chain_certs define +SSL_CTX_get_default_read_ahead define +SSL_CTX_get_max_cert_list define +SSL_CTX_get_max_proto_version define +SSL_CTX_get_min_proto_version define +SSL_CTX_get_mode define +SSL_CTX_get_read_ahead define +SSL_CTX_get_session_cache_mode define +SSL_CTX_get_tlsext_status_arg define +SSL_CTX_get_tlsext_status_cb define +SSL_CTX_get_tlsext_status_type define +SSL_CTX_select_current_cert define +SSL_CTX_sess_accept define +SSL_CTX_sess_accept_good define +SSL_CTX_sess_accept_renegotiate define +SSL_CTX_sess_cache_full define +SSL_CTX_sess_cb_hits define +SSL_CTX_sess_connect define +SSL_CTX_sess_connect_good define +SSL_CTX_sess_connect_renegotiate define +SSL_CTX_sess_get_cache_size define +SSL_CTX_sess_hits define +SSL_CTX_sess_misses define +SSL_CTX_sess_number define +SSL_CTX_sess_set_cache_size define +SSL_CTX_sess_timeouts define +SSL_CTX_set0_chain define +SSL_CTX_set0_chain_cert_store define +SSL_CTX_set0_verify_cert_store define +SSL_CTX_set1_chain define +SSL_CTX_set1_chain_cert_store define +SSL_CTX_set1_client_sigalgs define +SSL_CTX_set1_client_sigalgs_list define +SSL_CTX_set1_curves define +SSL_CTX_set1_curves_list define +SSL_CTX_set1_groups define +SSL_CTX_set1_groups_list define +SSL_CTX_set1_sigalgs define +SSL_CTX_set1_sigalgs_list define +SSL_CTX_set1_verify_cert_store define +SSL_CTX_set_current_cert define +SSL_CTX_set_max_cert_list define +SSL_CTX_set_max_pipelines define +SSL_CTX_set_max_proto_version define +SSL_CTX_set_max_send_fragment define +SSL_CTX_set_min_proto_version define +SSL_CTX_set_mode define +SSL_CTX_set_msg_callback_arg define +SSL_CTX_set_read_ahead define +SSL_CTX_set_session_cache_mode define +SSL_CTX_set_split_send_fragment define +SSL_CTX_set_tlsext_servername_arg define +SSL_CTX_set_tlsext_servername_callback define +SSL_CTX_set_tlsext_status_arg define +SSL_CTX_set_tlsext_status_cb define +SSL_CTX_set_tlsext_status_type define +SSL_CTX_set_tlsext_ticket_key_cb define +SSL_CTX_set_tmp_dh define +SSL_add0_chain_cert define +SSL_add1_chain_cert define +SSL_build_cert_chain define +SSL_clear_chain_certs define +SSL_clear_mode define +SSL_disable_ct define +SSL_get0_chain_certs define +SSL_get0_session define +SSL_get1_curves define +SSL_get1_groups define +SSL_get_cipher define +SSL_get_cipher_bits define +SSL_get_cipher_name define +SSL_get_cipher_version define +SSL_get_extms_support define +SSL_get_max_cert_list define +SSL_get_max_proto_version define +SSL_get_min_proto_version define +SSL_get_mode define +SSL_get_peer_signature_nid define +SSL_get_peer_tmp_key define +SSL_get_secure_renegotiation_support define +SSL_get_server_tmp_key define +SSL_get_shared_curve define +SSL_get_shared_group define +SSL_get_signature_nid define +SSL_get_time define +SSL_get_timeout define +SSL_get_tlsext_status_ocsp_resp define +SSL_get_tlsext_status_type define +SSL_get_tmp_key define +SSL_in_accept_init define +SSL_in_connect_init define +SSL_library_init define +SSL_load_error_strings define deprecated 1.1.0 +SSL_select_current_cert define +SSL_set0_chain define +SSL_set0_chain_cert_store define +SSL_set0_verify_cert_store define +SSL_set1_chain define +SSL_set1_chain_cert_store define +SSL_set1_client_sigalgs define +SSL_set1_client_sigalgs_list define +SSL_set1_curves define +SSL_set1_curves_list define +SSL_set1_groups define +SSL_set1_groups_list define +SSL_set1_sigalgs define +SSL_set1_sigalgs_list define +SSL_set1_verify_cert_store define +SSL_set_current_cert define +SSL_set_max_cert_list define +SSL_set_max_pipelines define +SSL_set_max_proto_version define +SSL_set_max_send_fragment define +SSL_set_min_proto_version define +SSL_set_mode define +SSL_set_msg_callback_arg define +SSL_set_mtu define +SSL_set_split_send_fragment define +SSL_set_time define +SSL_set_timeout define +SSL_set_tlsext_host_name define +SSL_set_tlsext_status_ocsp_resp define +SSL_set_tlsext_status_type define +SSL_set_tmp_dh define +SSL_want_async define +SSL_want_async_job define +SSL_want_client_hello_cb define +SSL_want_nothing define +SSL_want_read define +SSL_want_write define +SSL_want_x509_lookup define +SSLv23_client_method define +SSLv23_method define +SSLv23_server_method define +X509_STORE_set_lookup_crls_cb define +X509_STORE_set_verify_func define +EVP_PKEY_CTX_set1_id define +EVP_PKEY_CTX_get1_id define +EVP_PKEY_CTX_get1_id_len define diff --git a/deps/openssl/openssl/util/process_docs.pl b/deps/openssl/openssl/util/process_docs.pl index f7daef0dd89617..30b149eb8fcc82 100755 --- a/deps/openssl/openssl/util/process_docs.pl +++ b/deps/openssl/openssl/util/process_docs.pl @@ -30,11 +30,10 @@ my %options = (); GetOptions(\%options, 'sourcedir=s', # Source directory - 'subdir=s%', # Subdirectories to look through, + 'section=i@', # Subdirectories to look through, # with associated section numbers 'destdir=s', # Destination directory #'in=s@', # Explicit files to process (ignores sourcedir) - #'section=i', # Default section used for --in files 'type=s', # The result type, 'man' or 'html' 'suffix:s', # Suffix to add to the extension. # Only used with type=man @@ -43,15 +42,13 @@ 'debug|D+', ); -unless ($options{subdir}) { - $options{subdir} = { apps => '1', - crypto => '3', - ssl => '3' }; +unless ($options{section}) { + $options{section} = [ 1, 3, 5, 7 ]; } unless ($options{sourcedir}) { $options{sourcedir} = catdir($config{sourcedir}, "doc"); } -pod2usage(1) unless ( defined $options{subdir} +pod2usage(1) unless ( defined $options{section} && defined $options{sourcedir} && defined $options{destdir} && defined $options{type} @@ -70,8 +67,8 @@ if defined $options{type}; print STDERR "DEBUG: --suffix = $options{suffix}\n" if defined $options{suffix}; - foreach (keys %{$options{subdir}}) { - print STDERR "DEBUG: --subdir = $_=$options{subdir}->{$_}\n"; + foreach (sort @{$options{section}}) { + print STDERR "DEBUG: --section = $_\n"; } print STDERR "DEBUG: --remove = $options{remove}\n" if defined $options{remove}; @@ -83,8 +80,8 @@ my $symlink_exists = eval { symlink("",""); 1 }; -foreach my $subdir (keys %{$options{subdir}}) { - my $section = $options{subdir}->{$subdir}; +foreach my $section (sort @{$options{section}}) { + my $subdir = "man$section"; my $podsourcedir = catfile($options{sourcedir}, $subdir); my $podglob = catfile($podsourcedir, "*.pod"); @@ -101,7 +98,7 @@ my $suffix = { man => ".$podinfo{section}".($options{suffix} // ""), html => ".html" } -> {$options{type}}; my $generate = { man => "pod2man --name=$name --section=$podinfo{section} --center=OpenSSL --release=$config{version} \"$podpath\"", - html => "pod2html \"--podroot=$options{sourcedir}\" --htmldir=$updir --podpath=apps:crypto:ssl \"--infile=$podpath\" \"--title=$podname\" --quiet" + html => "pod2html \"--podroot=$options{sourcedir}\" --htmldir=$updir --podpath=man1:man3:man5:man7 \"--infile=$podpath\" \"--title=$podname\" --quiet" } -> {$options{type}}; my $output_dir = catdir($options{destdir}, "man$podinfo{section}"); my $output_file = $podname . $suffix; @@ -113,7 +110,7 @@ if $options{debug}; unless ($options{"dry-run"}) { @output = `$generate`; - map { s|href="http://man\.he\.net/(man\d/[^"]+)(?:\.html)?"|href="../$1.html|g; } @output + map { s|href="http://man\.he\.net/(man\d/[^"]+)(?:\.html)?"|href="../$1.html"|g; } @output if $options{type} eq "html"; if ($options{type} eq "man") { # Because some *roff parsers are more strict than others, diff --git a/deps/openssl/openssl/util/selftest.pl b/deps/openssl/openssl/util/selftest.pl deleted file mode 100644 index d1d11593fa27f0..00000000000000 --- a/deps/openssl/openssl/util/selftest.pl +++ /dev/null @@ -1,207 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the OpenSSL license (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# Run the test suite and generate a report - -if (! -f "Configure") { - print "Please run perl util/selftest.pl in the OpenSSL directory.\n"; - exit 1; -} - -my $report="testlog"; -my $os="??"; -my $version="??"; -my $platform0="??"; -my $platform="??"; -my $options="??"; -my $last="??"; -my $ok=0; -my $cc="cc"; -my $cversion="??"; -my $sep="-----------------------------------------------------------------------------\n"; -my $not_our_fault="\nPlease ask your system administrator/vendor for more information.\n[Problems with your operating system setup should not be reported\nto the OpenSSL project.]\n"; - -open(OUT,">$report") or die; - -print OUT "OpenSSL self-test report:\n\n"; - -$uname=`uname -a`; -$uname="??\n" if $uname eq ""; - -$c=`sh config -t`; -foreach $_ (split("\n",$c)) { - $os=$1 if (/Operating system: (.*)$/); - $platform0=$1 if (/Configuring for (.*)$/); -} - -system "sh config" if (! -f "Makefile"); - -if (open(IN,") { - $version=$1 if (/^VERSION=(.*)$/); - $platform=$1 if (/^PLATFORM=(.*)$/); - $options=$1 if (/^OPTIONS=(.*)$/); - $cc=$1 if (/^CC= *(.*)$/); - } - close(IN); -} else { - print OUT "Error running config!\n"; -} - -$cversion=`$cc -v 2>&1`; -$cversion=`$cc -V 2>&1` if $cversion =~ "[Uu]sage"; -$cversion=`$cc -V |head -1` if $cversion =~ "Error"; -$cversion=`$cc --version` if $cversion eq ""; -$cversion =~ s/Reading specs.*\n//; -$cversion =~ s/usage.*\n//; -$cversion =~ s|\R$||; - -if (open(IN,") { - if (/\*\) (.{0,55})/ && !/applies to/) { - $last=$1; - last; - } - } - close(IN); -} - -print OUT "OpenSSL version: $version\n"; -print OUT "Last change: $last...\n"; -print OUT "Options: $options\n" if $options ne ""; -print OUT "OS (uname): $uname"; -print OUT "OS (config): $os\n"; -print OUT "Target (default): $platform0\n"; -print OUT "Target: $platform\n"; -print OUT "Compiler: $cversion\n"; -print OUT "\n"; - -print "Checking compiler...\n"; -if (open(TEST,">cctest.c")) { - print TEST "#include \n#include \n#include \nmain(){printf(\"Hello world\\n\");}\n"; - close(TEST); - system("$cc -o cctest cctest.c"); - if (`./cctest` !~ /Hello world/) { - print OUT "Compiler doesn't work.\n"; - print OUT $not_our_fault; - goto err; - } - system("ar r cctest.a /dev/null"); - if (not -f "cctest.a") { - print OUT "Check your archive tool (ar).\n"; - print OUT $not_our_fault; - goto err; - } -} else { - print OUT "Can't create cctest.c\n"; -} -if (open(TEST,">cctest.c")) { - print TEST "#include \n#include \n#include \nmain(){printf(OPENSSL_VERSION_TEXT);}\n"; - close(TEST); - system("$cc -o cctest -Iinclude cctest.c"); - $cctest = `./cctest`; - if ($cctest !~ /OpenSSL $version/) { - if ($cctest =~ /OpenSSL/) { - print OUT "#include uses headers from different OpenSSL version!\n"; - } else { - print OUT "Can't compile test program!\n"; - } - print OUT $not_our_fault; - goto err; - } -} else { - print OUT "Can't create cctest.c\n"; -} - -print "Running make...\n"; -if (system("make 2>&1 | tee make.log") > 255) { - - print OUT "make failed!\n"; - if (open(IN,") { - print OUT; - } - close(IN); - print OUT $sep; - } else { - print OUT "make.log not found!\n"; - } - goto err; -} - -# Not sure why this is here. The tests themselves can detect if their -# particular feature isn't included, and should therefore skip themselves. -# To skip *all* tests just because one algorithm isn't included is like -# shooting mosquito with an elephant gun... -# -- Richard Levitte, inspired by problem report 1089 -# -#$_=$options; -#s/no-asm//; -#s/no-shared//; -#s/no-krb5//; -#if (/no-/) -#{ -# print OUT "Test skipped.\n"; -# goto err; -#} - -print "Running make test...\n"; -if (system("make test 2>&1 | tee maketest.log") > 255) - { - print OUT "make test failed!\n"; -} else { - $ok=1; -} - -if ($ok and open(IN,") { - $ok=2 if /^platform: $platform/; - } - close(IN); -} - -if ($ok != 2) { - print OUT "Failure!\n"; - if (open(IN,") { - print OUT; - } - close(IN); - print OUT $sep; - } else { - print OUT "make.log not found!\n"; - } - if (open(IN,") { - print OUT; - } - close(IN); - print OUT $sep; - } else { - print OUT "maketest.log not found!\n"; - } -} else { - print OUT "Test passed.\n"; -} -err: -close(OUT); - -print "\n"; -open(IN,"<$report") or die; -while () { - if (/$sep/) { - print "[...]\n"; - last; - } - print; -} -print "\nTest report in file $report\n"; - -die if $ok != 2; diff --git a/deps/openssl/openssl/util/shlib_wrap.sh.in b/deps/openssl/openssl/util/shlib_wrap.sh.in index d030d33ed6d863..eac70ed972de26 100755 --- a/deps/openssl/openssl/util/shlib_wrap.sh.in +++ b/deps/openssl/openssl/util/shlib_wrap.sh.in @@ -11,7 +11,7 @@ $lib = $unified_info{sharednames}->{$lib} . ($target{shlib_variant} || "") . ($target{shared_extension} || ".so"); - $lib =~ s|\.\$\(SHLIB_MAJOR\)\.\$\(SHLIB_MINOR\) + $lib =~ s|\.\$\(SHLIB_VERSION_NUMBER\) |.$config{shlib_version_number}|x; return $lib; } @@ -111,7 +111,7 @@ SunOS|IRIX*) ;; esac -{- output_off() if $config{ex_libs} !~ /,-rpath,/; ""; -} +{- output_off() unless grep (/-rpath\b/, @{$config{LDFLAGS}}); ""; -} if [ -f "$LIBCRYPTOSO" -a -z "$preload_var" ]; then # Following three lines are major excuse for isolating them into # this wrapper script. Original reason for setting LD_PRELOAD @@ -120,14 +120,14 @@ if [ -f "$LIBCRYPTOSO" -a -z "$preload_var" ]; then # it into a script makes it possible to do so on multi-ABI # platforms. case "$SYSNAME" in - *BSD|QNX) LD_PRELOAD="$LIBCRYPTOSO:$LIBSSLSO" ;; # *BSD, QNX + *BSD) LD_PRELOAD="$LIBCRYPTOSO:$LIBSSLSO" ;; # *BSD *) LD_PRELOAD="$LIBCRYPTOSO $LIBSSLSO" ;; # SunOS, Linux, ELF HP-UX esac _RLD_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT" # Tru64, o32 IRIX DYLD_INSERT_LIBRARIES="$LIBCRYPTOSO:$LIBSSLSO" # MacOS X export LD_PRELOAD _RLD_LIST DYLD_INSERT_LIBRARIES fi -{- output_on() if $config{ex_libs} !~ /,-rpath,/; ""; -} +{- output_on() unless grep (/-rpath\b/, @{$config{LDFLAGS}}); ""; -} cmd="$1"; [ -x "$cmd" ] || cmd="$cmd${EXE_EXT}" shift diff --git a/deps/openssl/openssl/util/su-filter.pl b/deps/openssl/openssl/util/su-filter.pl index 5996f58225dc14..389c7c35c5847a 100644 --- a/deps/openssl/openssl/util/su-filter.pl +++ b/deps/openssl/openssl/util/su-filter.pl @@ -108,7 +108,7 @@ sub structureData { if($inbrace) { if($item eq "}") { $inbrace --; - + if(!$inbrace) { $substruc = structureData($dataitem); $dataitem = $substruc;

- * The Whirlpool algorithm was developed by - * Paulo S. L. M. Barreto and - * Vincent Rijmen. - * * See * P.S.L.M. Barreto, V. Rijmen, * ``The Whirlpool hashing function,'' diff --git a/deps/openssl/openssl/crypto/whrlpool/wp_dgst.c b/deps/openssl/openssl/crypto/whrlpool/wp_dgst.c index 6d925517a26454..1ac29803a4d6aa 100644 --- a/deps/openssl/openssl/crypto/whrlpool/wp_dgst.c +++ b/deps/openssl/openssl/crypto/whrlpool/wp_dgst.c @@ -10,14 +10,6 @@ /** * The Whirlpool hashing function. * - *